Values for content-security-policy:
upgrade-insecure-requests 6,235
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; 5,694
frame-ancestors 'self' 3,361
upgrade-insecure-requests; 2,285
frame-ancestors 'self'; 1,346
block-all-mixed-content 750
block-all-mixed-content; 561
frame-ancestors 'none' 462
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; 325
frame-ancestors 'none'; 266
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 181
147
frame-ancestors 'self' https://*.granicus.com https://platform.civicplus.com https://account.civicplus.com https://analytics.civicplus.com; img-src * data: blob:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * about: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; font-src * data:; default-src * 137
report-uri /report-csp-violation 118
default-src https: data: 'unsafe-inline' 'unsafe-eval' 110
script-src 'self' 'unsafe-inline' 'unsafe-eval';object-src 'self';style-src 'self' 'unsafe-inline'; 104
object-src 'none' 100
default-src 'self' ws: wss: http: https: data: blob: 'unsafe-inline' 80
script-src 'self' blob: https://morris-server.de:8801 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self' data:; media-src 'self' data: blob: https://api.sparkassen-mediacenter.de https://sparkassen-mediacenter.de https://cdn.sparkassen-mediacenter.de 77
frame-ancestors * 74
frame-ancestors self 62
frame-ancestors 'self' https://*.ally.ac; 60
self 59
default-src * data: 'unsafe-eval' 'unsafe-inline' 59
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.33across.com *.abt.s3.yandex.net *.ad-generation.jp *.adform.com *.adform.net *.adhouse.pro *.admanmedia.com *.admatic.com.tr *.admixer.com *.admost.com *.adnsafe.org *.adnxs.com *.adocean.pl *.adpush.com.tr *.adtarget.com.tr *.adtech.com *.adtelligent.com *.adtopia.com *.advangelists.com *.advenuemedia.co.uk *.advertising.com *.adwmg.com *.air.tech *.aistekso.net *.alexametrics.com *.amazon-adsystem.com *.amazon.com *.ampproject.org *.appnexus.com *.aralego.com *.atombilisim.com.tr *.axonix.com *.baithoph.net *.beachfront.com *.bidtellect.com *.bik.gov.tr *.bildirt.com *.binance.com *.bizzclick.com *.cdn.proadscdn.com *.cimri.com *.clarity.ms *.cloudflare.com *.cloudflareinsights.com *.cmcm.com *.colossusssp.com *.connectad.io *.contextweb.com *.coxmt.com *.criteo.com *.criteo.net *.cubepile.com *.dailymotion.com *.devotrans.com *.districtm.io *.doubleclick.net *.dreamwater.com.tr *.dsp-media.eskimi.com *.e-planning.net *.emxdgt.com *.engagebdr.com *.exponential.com *.facebook.com *.facebook.net *.flashtalking.com *.freewheel.tv *.gamoshi.io *.gemius.pl *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.gumgum.com *.ibillboard.com *.idealmedia.io *.ijit.com *.improvedigital.com *.incehesap.com *.indexexchange.com *.inmobi.com *.instagram.com *.jquery.com *.jsdelivr.net *.jwpcdn.com *.lijit.com *.linkedin.com *.linkwi.se *.lkqd.com *.lkqd.net *.makroo.com *.maple-team.com *.mars.media *.mediabong.com *.meta.com *.mgid.com *.moatads.com *.newborntown.com *.omnijay.com *.onesignal.com *.onnetwork.tv *.openweathermap.com *.openx.com *.optad360.io *.outbrain.com *.peak226.com *.pinterest.com *.pixad.com.tr *.player.im *.preply.com *.programattik.com *.protagcdn.com *.publisher-network.com *.pubmatic.com *.radyotelekom.com.tr *.reklamstore.com *.resultsmedia.com *.rhythmone.com *.rubiconproject.com *.sabio.us *.say.ac *.schema.org *.serving-sys.com *.sharethis.com *.sharethrough.com *.smaato.com *.smartadserver.com *.smartyads.com *.smrtb.com *.sonobi.com *.sovrn.com *.spotx.tv *.spotxchange.com *.static.hotjar.com *.stroeer.com *.synacor.com *.taboola.com *.tagon.co *.tebilisim.com *.teimg.com *.tevideo.org *.thalespirlanta.com *.theadx.com *.thebrave.io *.themediagrid.com *.thubanoa.com *.tiktok.com *.tiviplayer.com *.tradingview.com *.tribalfusion.com *.ttwstatic.com *.twitter.com *.ucfunnel.com *.unrulymedia.com *.us.com *.videoomy.com *.vidoomy.com *.vidyome.com *.vimeo.com *.virgul.com *.weatherwidget.io *.webeyemob.com *.wordego.com *.x.com *.yahoo.com *.yandex.com *.yandex.ru *.yastatic.net *.yayin.com.tr *.yieldmo.com *.youtu.be *.youtube.com *.ytimg.com ads.vidoomy.com api-maps.yandex.ru api.adnsafe.org buttons-config.sharethis.com c1.imgiz.com cdn.ampproject.org cdn.doubleverify.com cdn.id5-sync.com cdn.jsdelivr.net cdn.proadscdn.com cdn.ravenjs.com cdn2.bildirt.com dsp-media.eskimi.com gdetr.hit.gemius.pl google.com googlesyndication.com instagram.com invstatic101.creativecdn.com js.globalsun.io jscdn.greeter.me jsdelivr.net lidertv.radyotelekom.com.tr myvalice.com.tr oa.openxcdn.net onesignal.com pagead2.googlesyndication.com pcode.yads.tech pghub.io platform-api.sharethis.com player.im pool-eu.creative-serving.com preply.com proadscdn.com protagcdn.com say.ac script.4dex.io static-maps.yandex.ru static.cdn.pixad.com.tr tags.crwdcntrl.net testerparfum.com trgde.adocean.pl yastatic.net; 58
frame-ancestors 'self' ; 56
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.baidu.com *.bing.com; 54
upgrade-insecure-requests; block-all-mixed-content 53
upgrade-insecure-requests;object-src 'none' 52
frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com 51
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sbo.top *.sbobet.com *.sbobetex.com *.youtube.com *.ytimg.com *.cloudfront.net optimize.google.com *.google-analytics.com *.hotjar.com *.googletagmanager.com *.googleapis.com *.cdnnetworks.net *.edgecasts.net *.fasttrackcdn.net *.cdnrocket.net  *.speedysurfcdn.net *.cloudswiftcdn.net *.globalwavecdn.net *.acceleracloud.net *.quickroutecdn.net *.lightningspeedcdn.net *.stormshieldcdn.net *.rapidflarecdn.net *.velocitystream.net *.nexusaccelerate.net *.pacificrouter.com *.cdnhealthcare.net *.traveladventurescdn.net *.purseno.com *.syndication.twimg.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.gstatic.com *.geetest.com avplayer-cdn.sportradar.com *.userleap.com *.akamaized.net http://*.sbobet.com; worker-src 'self' blob:; report-uri https://csp.trackittk.net/z/7046ef45-99d6-447d-9ac3-6d42ae2a70fa https://csp.trackittk.net/z/44e4f334-51c5-4cdb-b5e0-b33b1ec85c9d 49
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 47
default-src 'none' 46
upgrade-insecure-requests; frame-ancestors 'self' 46
frame-ancestors 'self' http://webvisor.com 45
report-uri /report-csp-violation; upgrade-insecure-requests 43
frame-ancestors 'self' https://app.grovecms.org/ 42
frame-ancestors 'self' godaddy.com *.godaddy.com 41
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.powerapps.com *.yammer.com *.officeapps.live.com *.office.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com; 40
frame-ancestors https://sinclairstoryline.com https://qa-sinclairstoryline.com https://int-sinclairstoryline.com https://storyline-qa.com https://storyline-int.com https://preview.int-sinclairstoryline.com https://preview.storyline-int.com https://preview.storyline-qa.com https://preview.qa-sinclairstoryline.com https://preview.sinclairstoryline.com; upgrade-insecure-requests 39
block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests 38
frame-ancestors 'self' https://*.cdn.ampproject.org/ https://bing-amp.com/ https://*.tm-aws.com/ https://*.tm-awx.com/; 36
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: data: blob: wss://realtimeeventfeeds.viafoura.co wss://sub.viafoura.co; media-src blob: data: https:; object-src https:; child-src https: data: blob:; upgrade-insecure-requests; block-all-mixed-content; 34
default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 33
frame-ancestors 'self' oricohxr.works ricoh.oricohxr.works; 33
* 30
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 28
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 28
default-src 'self' http: https: data: blob: 'unsafe-inline' 27
default-src * data: blob: 'unsafe-inline' 'unsafe-eval' 26
frame-ancestors 'self' https://*.akifast.com akifast.com 26
frame-ancestors 'self' *.tsoftpanel.com *.paneltsoft.com; 26
frame-ancestors 'self' https://my.oracle.com https://eeho.fa.us2.oraclecloud.com https://blogs.oracle.com *.khapps.com *.khapps.jp *.lsapps.oracle.com *.lsapps.oracle.jp 23
default-src 'self' 23
frame-ancestors 'self'; upgrade-insecure-requests 22
upgrade-insecure-requests; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a&sentry_environment=policy_reports 22
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 21
default-src https: data: 'unsafe-eval' 'unsafe-inline' blob: 21
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 21
frame-ancestors 'self' continuum.epublishing.com *.continuum.epublishing.com 21
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' 20
default-src 'self' 'unsafe-inline' https://park.101datacenter.net  https://*.deviceatlascloud.com/ https://cs.deviceatlas-cdn.com data: 20
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com; base-uri 'self'; object-src 'none' 20
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 19
upgrade-insecure-requests;connect-src * 19
frame-ancestors 'self' https://*.jumpseller.com https://app.jivosite.com 19
; 19
frame-ancestors 'self' *.lufthansa.com *.miles-and-more.com *.swiss.com *.amadeus.com *.amadeus.net *.brusselsairlines.com *.austrian.com; script-src *.exactag.com *.quantummetric.com *.monetate.net *.doubleclick.net *.googleadservices.com *.tiqcdn.com *.tealiumiq.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.usabilla.com *.artefact.com *.skyscanner.net *.skyscanner.net *.facebook.com *.facebook.net *.kayak.com *.amadeus.com *.lufthansa-group.com *.austrian.com *.lufthansa.com *.swiss.com *.brusselsairlines.com *.go-mpulse.net *.techlab-cdn.com *.instagram.com *.akamaihd.net *.akstat.io *.cloudfront.net *.cognigy.cloud *.googleapis.com *.gstatic.com *.sheerid.com *.meili.travel *.dwin1.com lhopa01.custhelp.com 'unsafe-inline' 'unsafe-eval'; object-src 'none' 18
frame-ancestors 'self' *.plentymarkets-cloud-de.com *.my.plentysystems.com 18
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; 17
default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 17
base-uri 'self' 17
frame-ancestors 'self' https://cms.scrippsdigital.com 16
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 16
default-src 'self'; 16
frame-ancestors 16
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ 16
base-uri 'self';default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';    script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';form-action * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';report-uri /post_report/;report-to default; 15
img-src https: data:; upgrade-insecure-requests 15
default-src 'self';     style-src 'unsafe-inline';     object-src 'none' 15
sandbox allow-scripts; default-src 'self'; img-src https:; style-src 'unsafe-inline'; script-src 'unsafe-inline'; report-uri http://csp.yahoo.com/beacon/csp?src=redirect 14
frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ 14
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'none'; 14
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 14
upgrade-insecure-requests; block-all-mixed-content; 14
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 14
default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src * data: blob: ; base-uri 'self'; upgrade-insecure-requests; font-src https: 'unsafe-inline' data: 'unsafe-inline'; worker-src * blob:; 14
default-src https: 'unsafe-inline' 'unsafe-eval' wss://umd.userlike.com wss://ws.botmaker.com; worker-src blob:; img-src 'self' blob: data: https:; font-src 'self' data: https: 14
default-src * 'unsafe-inline';script-src * 'unsafe-eval' 'unsafe-inline';img-src * 'self' data:;frame-ancestors none;frame-src 'self' mailto: tel: https: 14
default-src 'self' 'unsafe-inline' 14
frame-ancestors 'self' ;upgrade-insecure-requests; 13
frame-ancestors 'self'; upgrade-insecure-requests; 13
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 13
block-all-mixed-content; upgrade-insecure-requests; 13
default-src 'self'; script-src 'self' 'unsafe-inline' 13
default-src 'self' wss: http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https: http:; report-uri https://secure.booked.net/?page=stat&t=csp 13
frame-ancestors 'self' https://app.contentful.com 13
frame-ancestors 'self' https://testbaba.virtualcms.it 13
object-src 'none'; 13
frame-ancestors 'self' https://*.sitewrench.com https://*.speakcreative.com 13
default-src https: data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval' 13
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; worker-src data: 13
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news&region=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=; 12
form-action 'self' 12
frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests; 12
frame-ancestors 'self' *.vercel.app *.rivt.com rivt.com *.outsideapi.com outsideapi.com *.pocketoutdoormedia.com outsideinc.com pocketoutdoormedia.com *.outsideinc.com velopress.com *.velopress.com *.mycoloradoparks.com mycoloradoparks.com *.rockandice.com rockandice.com *.theboxmag.com theboxmag.com *.nationalparktrips.com nationalparktrips.com  *.nationalparktripsmedia.com nationalparktripsmedia.com *.betamtb.com betamtb.com *.mysmokymountainpark.com mysmokymountainpark.com *.myolympicpark.com myolympicpark.com *.climbing.com climbing.com *.backpacker.com backpacker.com *.podiumrunner.com podiumrunner.com *.skimag.com skimag.com myutahparks.com *.myutahparks.com *.mygrandcanyonpark.com mygrandcanyonpark.com *.oxygenmag.com oxygenmag.com *.triathlete.com triathlete.com velonews.com *.velonews.com muscleandperformance.com *.muscleandperformance.com *.outsidebusinessjournal.com outsidebusinessjournal.com snewsnet.com *.snewsnet.com gymclimber.com *.gymclimber.com livebeyoga.com *.yogajournal.com yogajournal.com *.livebeyoga.com womensrunning.com *.womensrunning.com trailrunnermag.com *.trailrunnermag.com outsideonline.com *.outsideonline.com *.betternutrition.com betternutrition.com vegetariantimes.com *.vegetariantimes.com cleaneating.com *.cleaneatingmag.com cleaneatingmag.com *.cleaneating.com *.thenaturx.com thenaturx.com *.yellowstonepark.com yellowstonepark.com *.myyellowstonepark.com myyellowstonepark.com myyosemitepark.com *.myyosemitepark.com *.rollmassif.com rollmassif.com *.getcairn.com getcairn.com *.athletereg.com athletereg.com *.finisherpix.com finisherpix.com *.pinkbike.com pinkbike.com *.pinkbike.org pinkbike.org *.bikereg.com bikereg.com *.runreg.com runreg.com *.trireg.com trireg.com *.skireg.com skireg.com *.pledgereg.com pledgereg.com *.gaiagps.com gaiagps.com *.trailforks.com trailforks.com 12
frame-ancestors 'self' devcue.diks.fi cue.media.fi http://jankko-importer.prod.media.fi http://jankko-importer.test.media.fi http://localhost:5000 http://cue.test:* http://cue.cue-web:* https://edit-nitrogen-cs-public-alb.diks.fi; 12
frame-ancestors 'self' www.bookends.info *.bookends.info 12
default-src data: 'unsafe-inline' 'unsafe-eval' https:;base-uri 'self';frame-ancestors 'self' ;img-src data: https: blob:;font-src data: https:;media-src https: blob:;connect-src https: wss: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:;style-src data: 'unsafe-inline' https:;child-src https: data: blob:;form-action https:;object-src https:; 12
child-src * blob: 12
script-src * 'unsafe-inline' 'unsafe-eval' 12
default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; connect-src *; font-src * data:; upgrade-insecure-requests; block-all-mixed-content 11
frame-ancestors 'self' *.betssongroupaffiliates.com *.ptstaging.eu *.onegameslink.com 11
frame-ancestors 'self' *.smartagent.app *.jdmesh.co *.choicestore.com http://localhost:* https://localhost:*; form-action https:; script-src https: 'unsafe-inline' 'unsafe-eval' 11
frame-ancestors none 11
frame-ancestors 'self' *.google.com *.googleusercontent.com 11
img-src * data:; default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'none'; 11
default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 11
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: * 11
default-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data:; font-src * 'self' data: 11
default-src 'self' https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://*; img-src 'self' blob: data: https://*; media-src 'self' blob: data: https://*; frame-ancestors 'self'; report-uri /cspreporting.php; report-to csp-endpoint; 11
default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline' 11
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; 11
default-src blob: * 'unsafe-inline' 'unsafe-eval'; script-src * blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';  font-src * data: 'unsafe-inline'; 11
default-src https: wss: blob: data: 'unsafe-eval' 'unsafe-inline'; object-src 'self' 11
default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: mailto: embed.music.apple.com embed.podcasts.apple.com https://recyclingprogram.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com 10
upgrade-insecure-requests; frame-ancestors 'self'; 10
upgrade-insecure-requests;  default-src https: data: 'unsafe-inline' 'unsafe-eval' https: https://accounts.google.com/gsi/;  script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://accounts.google.com/gsi/client;  style-src data: 'unsafe-inline' https: https://accounts.google.com/gsi/style;  img-src data: https: blob:;  font-src data: https:;  connect-src https: wss: blob: https://accounts.google.com/gsi/;  media-src data: https: blob:;  object-src https:;  child-src https: data: blob:;  form-action https:;  frame-ancestors 'self'; 10
frame-ancestors 'self' https://app.storyblok.com 10
frame-ancestors 'self' *.nvidia.com https://widget.stackla.com https://app-sj14.marketo.com https://www.youtube.com https://www.quadro-selector.com http://player.youku.com https://player.youku.com https://live.nvidia-china.com https://www.google.com *.nvidia.cn https://events.rainfocus.com https://www.twitch.tv https://store.nvidia.ru https://store.nvidia.in *.geforcenow.com https://salespro.hpe.com https://hpe.seismic.com; 10
default-src *;script-src 'self' resource://pdf.js 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' *.teamblue.services d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net d1di2lzuh97fh2.cloudfront.net duyn491kcolsw.cloudfront.net events.webnode.com js.stripe.com www.gstatic.com www.googleadservices.com www.googletagmanager.com bat.bing.com connect.facebook.net a.quora.com www.google-analytics.com googleads.g.doubleclick.net c.imedia.cz www.google.com www.google.de www.google.com.br cdn.inspectlet.com *.clarity.ms *.bing.com c.seznam.cz pagead2.googlesyndication.com s.yimg.jp cdn.euc-freshbots.ai blob: euc-widget.freshworks.com/widgets/101000002785.js euc-widget.freshworks.com/widgetBase/ b98.yahoo.co.jp https://s.pinimg.com https://track.adform.net https://s2.adform.net;style-src 'self' 'unsafe-inline' 'unsafe-eval' d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net www.gstatic.com js.stripe.com d11bh4d8fhuq47.cloudfront.net d1di2lzuh97fh2.cloudfront.net duyn491kcolsw.cloudfront.net use.typekit.net p.typekit.net cdn.euc-freshbots.ai euc-widget.freshworks.com/widgetBase/static/media/;img-src 'self' data: mediastream: blob: filesystem: *.teamblue.services d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net du5rkdszt1kq5.cloudfront.net d11bh4d8fhuq47.cloudfront.net d1bz77arbww182.cloudfront.net d1me9yvfki5736.cloudfront.net d6scj24zvfbbo.cloudfront.net *.pbhom-cdnwnd.com *.cbaul-cdnwnd.com *.clvaw-cdnwnd.com www.webnode.com www.gstatic.com q.stripe.com bat.bing.com q.quora.com www.google.com www.google.cz www.google.de www.google.com.br www.google-analytics.com googleads.g.doubleclick.net cx.atdmt.com c.seznam.cz www.facebook.com www.googletagmanager.com *.clarity.ms *.bing.com *.webnode.com *.webnode.cz *.webnode.sk *.webnode.at *.webnode.es *.webnode.cl *.webnode.com.ve *.webnode.com.uy *.webnode.mx *.webnode.com.co *.webnode.co *.webnode.com.ar *.webnode.com.py *.webnode.bo *.webnode.do *.webnode.ec *.webnode.pe *.webnode.cr *.webnode.com.br *.webnode.pt *.webnode.it *.webnode.fr *.webnode.us *.webnode.in *.webnode.gr *.webnode.com.tr *.webnode.cn *.webnode.tw *.webnode.nl *.webnode.be *.webnode.jp *.webnode.hu *.webnode.ru *.webnode.com.ua *.webnode.se *.webnode.dk *.webnode.lv *.webnode.hr *.webnode.no *.webnode.co.uk *.webnode.vn *.webnode.ro *.webnode.cat *.webnode.kr *.webnode.fi ct.capterra.com d1di2lzuh97fh2.cloudfront.net duyn491kcolsw.cloudfront.net cdn.euc-freshbots.ai cdn.freshbots.ai fc-euc1-00-pics-bkt-00.s3.eu-central-1.amazonaws.com https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ https://ct.pinterest.com https://track.adform.net https://server.seadform.net/serving/cookie/;frame-ancestors 'self'; 10
frame-ancestors *; 10
frame-ancestors 'self'; report-uri /report-csp-violation 10
default-src * data: blob: 'unsafe-eval' 'unsafe-inline' 10
frame-ancestors 'self' adultmobile.com *.adultmobile.com babes.com *.babes.com babesnetwork.com *.babesnetwork.com bblmate.com *.bblmate.com biempire.com *.biempire.com bigstr.com *.bigstr.com blackmaleme.com *.blackmaleme.com brazzers.com *.brazzers.com brazzersnetwork.com *.brazzersnetwork.com bromo.com *.bromo.com bromonetwork.com *.bromonetwork.com cambb.xxx *.cambb.xxx cambuilder.com *.cambuilder.com camdevils.com *.camdevils.com camjab.com *.camjab.com camutik.com *.camutik.com clipeek.com *.clipeek.com czechhunter.com *.czechhunter.com danejones.com *.danejones.com debtdandy.com *.debtdandy.com deviante.com *.deviante.com devianthardcore.com *.devianthardcore.com digitalplayground.com *.digitalplayground.com digitalplaygroundnetwork.com *.digitalplaygroundnetwork.com dilfed.com *.dilfed.com dirtyscout.com *.dirtyscout.com doghousedigital.com *.doghousedigital.com dpmate.com *.dpmate.com erito.com *.erito.com eroticspice.com *.eroticspice.com extremetubemate.com *.extremetubemate.com fakehostel.com *.fakehostel.com fakehub.com *.fakehub.com faketaxi.com *.faketaxi.com familyhookups.com *.familyhookups.com familysinners.com *.familysinners.com forgivemefather.com *.forgivemefather.com gilfed.com *.gilfed.com girlgrind.com *.girlgrind.com hentaipros.com *.hentaipros.com hentaiprosnetwork.com *.hentaiprosnetwork.com hotgirlsgame.com *.hotgirlsgame.com househumpers.com *.househumpers.com icfadmin.com *.icfadmin.com iconmale.com *.iconmale.com iknowthatgirl.com *.iknowthatgirl.com kinkyspa.com *.kinkyspa.com lesbea.com *.lesbea.com letspostit.com *.letspostit.com liveporncams.xxx *.liveporncams.xxx loveherass.com *.loveherass.com maleaccess.com *.maleaccess.com men.com *.men.com mennetwork.com *.mennetwork.com menxposed.com *.menxposed.com metrohd.com *.metrohd.com milehighmedia.com *.milehighmedia.com milfed.com *.milfed.com mofos.com *.mofos.com mofosnetwork.com *.mofosnetwork.com momslickteens.com *.momslickteens.com nastycast.com *.nastycast.com noirmale.com *.noirmale.com nudecams.xxx *.nudecams.xxx nudeporncams.xxx *.nudeporncams.xxx onbrazzers.com *.onbrazzers.com onmofos.com *.onmofos.com papi.com *.papi.com prettydirtyteens.com *.prettydirtyteens.com privatamateure.com *.privatamateure.com propertysex.com *.propertysex.com publicagent.com *.publicagent.com realitydudes.com *.realitydudes.com realitydudesnetwork.com *.realitydudesnetwork.com realityjunkies.com *.realityjunkies.com realitykings.com *.realitykings.com rk.com *.rk.com seancody.com *.seancody.com seancodynetwork.com *.seancodynetwork.com sexapemate.com *.sexapemate.com sexroulettelive.net *.sexroulettelive.net sextubemate.com *.sextubemate.com sexworking.com *.sexworking.com sexyhub.com *.sexyhub.com shewillcheat.com *.shewillcheat.com spicevids.com *.spicevids.com spicevidsgay.com *.spicevidsgay.com squirted.com *.squirted.com sweetheartvideo.com *.sweetheartvideo.com sweetsinner.com *.sweetsinner.com taboomale.com *.taboomale.com teenslovehugecocks.com *.teenslovehugecocks.com trannytubemate.com *.trannytubemate.com transangels.com *.transangels.com transangelsnetwork.com *.transangelsnetwork.com transharder.com *.transharder.com transsensual.com *.transsensual.com trueamateurs.com *.trueamateurs.com twinkpop.com *.twinkpop.com twistedfamilies.com *.twistedfamilies.com twistys.com *.twistys.com twistysnetwork.com *.twistysnetwork.com vidsmate.com *.vidsmate.com voyr.com *.voyr.com whynotbi.com *.whynotbi.com; report-uri /api/csp-report; 10
default-src * 'self' blob:; script-src * 'self' blob: 'unsafe-inline'; style-src * 'self' blob: 'unsafe-inline'; img-src * 'self' blob: data:; font-src * 'self' blob: data:; media-src * 'self' blob: 10
base-uri 'self'; 10
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 10
frame-ancestors 'self' https://aboutyou.content.aboutyou.cloud https://aboutyou.content.staging.aboutyou.cloud 10
default-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.adform.net *.adsrvr.org *.ads-twitter.com *.adyen.com zenloop-website-overlay-production.s3.amazonaws.com *.awin1.com *.b2x-env.cloud apps.bazaarvoice.com *.bing.com *.clarity.ms *.cloudflare.com app.contentsquare.com t.contentsquare.net *.cookielaw.org *.criteo.com *.criteo.net digitizer.app *.dwin1.com *.g.doubleclick.net *.en25.com *.excentos.com nonce-csp-test *.facebook.net *.foxbase.de *.google-analytics.com *.googleadservices.com www.googleanalytics.com maps.googleapis.com www.googleoptimize.com *.googlesyndication.com www.googletagmanager.com *.google.com *.google.de *.gstatic.com *.guuru.com s.kelkoogroup.net *.kk-resources.com *.kpcustomer.de *.kuponacdn.de snap.licdn.com *.media01.eu *.metricool.com *.newrelic.com bam.eu01.nr-data.net *.onetrust.com assets.oney.io *.openweathermap.org *.oracleinfinity.in *.outbrain.com *.pages02.net cdn.parcellab.com *.pinimg.com *.pinterest.com *.qualtrics.com lantern.roeyecdn.com *.sciencebehindecommerce.com *.seznam.cz *.solutenetwork.com *.soundcloud.com *.sovendus.com *.stihl.de *.stihl.fr *.stihl.be *.stihl.nl *.stihl.lu *.stihl.es *.stihl.pt *.stihl.at *.stihl.bg *.stihl.ca *.stihl.ch *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.dk *.stihl.fi *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.nc *.stihl.no *.stihl.pe *.stihl.pl *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-importer.ie *.stihl-timbersports.com userprotect.de.stihl-dns.net *.dam.stihl.cloud *.teads.tv *.tealiumiq.com analytics.tiktok.com *.tiqcdn.com *.trbo.com *.trkkn.com s.uicdn.com d.c.cdnsrv.de typekit.net *.typekit.net unpkg.com *.unpkg.com *.assistant.watson.appdomain.cloud sp.analytics.yahoo.com *.youtube.com *.youtube-nocookie.com *.ytimg.com s.yimg.com *.zemanta.com *.zenaps.com *.zenloop.com; connect-src 'self' adobeioruntime.net *.adobeioruntime.net *.adyen.com zenloop-website-overlay-production.s3.amazonaws.com *.bazaarvoice.com *.bing.com *.clarity.ms *.cloudflare.com *.contentsquare.net *.cookielaw.org *.criteo.com *.criteo.net *.demdex.net *.digitizer.app *.doubleclick.net d.c.cdnsrv.de *.excentos.com ext.nonstoppartner.net *.facebook.com *.foxbase.de *.google-analytics.com *.googleadservices.com *.googleapis.com pagead2.googlesyndication.com *.googletagmanager.com *.google.at *.google.be *.google.ch *.google.com *.google.de *.google.es *.google.fr *.google.gr *.google.hu *.google.it *.google.lu *.google.nl *.google.pl *.google.pt *.guuru.com s.kelkoogroup.net *.kk-resources.com *.linkedin.com *.media01.eu bam.eu01.nr-data.net *.omtrdc.net *.onetrust.com widget.oney.io *.oribi.io *.outbrain.com api.openweathermap.org *.parcellab.com *.pinterest.com *.qualtrics.com *.thesciencebehindecommerce.com *.sciencebehindecommerce.com *.seznam.cz *.solutenetwork.com *.sovendus.com *.sovendus-benefits.com *.sovendus-campaign.com *.sovendus-connect.com *.sovendus-network.com *.stihl.be *.stihl.de *.stihl.es *.stihl.fr *.stihl.lu *.stihl.nl *.stihl.pt *.stihl.at *.stihl.bg *.stihl.ca *.stihl.ch *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.dk *.stihl.fi *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.nc *.stihl.no *.stihl.pe *.stihl.pl *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-importer.ie *.stihl-timbersports.com stihl-sso.com stihl.tui-servicelayers.io *.teads.tv collect.tealiumiq.com analytics.tiktok.com *.trbo.com *.trkkn.com typekit.net *.typekit.net *.assistant.watson.appdomain.cloud stihlb2bdocuments.blob.core.windows.net s.yimg.com *.youtube-nocookie.com www.wepowerconnections.com *.zenloop.com login.microsoftonline.com graph.microsoft.com *.b2clogin.com; img-src 'self' *.ad-stir.com *.1rx.io *.360yield.com *.3lift.com *.addthis.com *.adingo.jp *.admixer.co.kr *.adscale.de *.adform.net *.adnxs.com *.adtdp.com *.advertising.com *.adyen.com zenloop-assets.s3.eu-west-1.amazonaws.com *.eu-central-1.amazonaws.com *.ants.vn *.aralego.com *.atdmt.com *.awin1.com *.azureedge.net *.b2x-env.cloud *.bazaarvoice.com segment.prod.bidr.io *.bidswitch.net *.billie.io *.bing.com *.bluekai.com *.casalemedia.com *.clarity.ms *.clmbtech.com *.contentsquare.net *.cookielaw.org *.criteo.com *.criteo.net *.dable.io data: *.demdex.net *.dmxleo.com *.doubleclick.net *.dwin1.com *.e-planning.net *.emxdgt.com *.everesttech.net *.excentos.com *.facebook.com *.facebook.net *.fwnm.net *.foxbase.de *.google-analytics.com *.googleadservices.com maps.googleapis.com *.googlesyndication.com www.googletagmanager.com *.googleusercontent.com *.google.ad *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.kz *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mi *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.guuru.com *.gstatic.com *.herrenseite.de *.id5-sync.com id5-sync.com event.tracker.inlabserving.com *.rediunid.imrworldwide.com *.ivitrack.com *.kargo.com s.kelkoogroup.net *.krxd.net *.liadm.com *.linkedin.com px.ads.linkedin.com *.mail.ru *.meba.kr *.media.net *.mediavine.com *.mediawallahscript.com *.metricool.com *.mgid.com *.microad.jp *.nate.com *.omnitagjs.com *.omtrdc.net assets.oney.io *.openx.net *.outbrain.com *.pages02.net *.parcellab.com *.pinterest.com *.pinterest.de *.postrelease.com *.pubmatic.com *.qualtrics.com *.rambler.ru *.revcontent.com *.rlcdn.com *.rockysandstudio.com lantern.roeye.com *.rubiconproject.com *.the.sciencebehindecommerce.com t.uimserv.de *.seadform.net *.seznam.cz *.sharethrough.com *.smaato.net *.smartadserver.com *.smartclip.net *.socdm.com *.sovendus.com *.stickyadstv.com *.stihl.de *.stihl.fr *.stihl.be *.stihl.nl *.stihl.lu *.stihl.es *.stihl.pt *.stihl.at *.stihl.bg *.stihl.ca *.stihl.ch *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.dk *.stihl.fi *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.nc *.stihl.no *.stihl.pe *.stihl.pl *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-importer.ie *.stihl-timbersports.com *.stihlusa.com dam.stihl.cloud t.co *.taboola.com *.tapad.com *.teads.tv *.tealiumiq.com *.thebrighttag.com *.toast.com *.tpmn.co.kr *.trbo.com *.tremorhub.com *.turn.com *.twiago.com analytics.twitter.com typekit.net *.typekit.net sync.targeting.unrulymedia.com *.wepowerconnections.com *.windows.net storagetimbersportsdata.blob.core.windows.net *.yahoo.com *.yahoo.net *.yandex.ru *.yieldlab.net *.yieldmo.com *.youtube-nocookie.com *.youtube.com *.ytimg.com *.zemanta.com *.zenaps.com *.zenloop.com; media-src 'self'; style-src 'self' 'unsafe-inline' *.cookielaw.org digitizer.app *.excentos.com *.foxbase.de fonts.googleapis.com *.googletagmanager.com *.google.com *.onetrust.com *.sovendus.com *.trbo.com cdn.parcellab.com; font-src 'self' zenloop-assets.s3.eu-west-1.amazonaws.com web-chat.global.assistant.watson.appdomain.cloud apps.bazaarvoice.com cdnjs.cloudflare.com data: *.excentos.com *.foxbase.de fonts.googleapis.com fonts.gstatic.com *.guuru.com assets.oney.io cdn.parcellab.com *.sovendus.com *.stihl.de *.trbo.com typekit.net *.typekit.net *.zenloop.com; frame-src 'self' *.ad-srv.net *.adform.net track.adform.net *.adsrvr.org *.adyen.com *.awin1.com segment.prod.bidr.io *.cookielaw.org *.criteo.com *.criteo.net *.demdex.net *.doubleclick.net *.dwin1.com d.c.cdnsrv.de *.excentos.com *.facebook.com *.google.com *.guuru.com *.jaggaer.com *.kuponacdn.de pixel.mathtag.com my.matterport.com secure.img-cdn.mediaplex.com *.pinterest.de *.pinterest.fr *.pinterest.at *.pinterest.it *.pinterest.com *.pinterest.co.uk *.pinterest.ru *.pinterest.ch *.pinterest.es *.pinterest.se *.pinterest.ca *.pinterest.dk *.pinterest.jp *.pinterest.ie *.pinterest.pt *.qualtrics.com *.redintelligence.net *.the.sciencebehindecommerce.com *.soundcloud.com *.sovendus.com *.sovendus-benefits.com *.sovendus-campaign.com *.sovendus-connect.com *.sovendus-network.com static.stihl.com *.dam.stihl.cloud *.stihl-dns.net *.teads.tv *.trbo.com e.video-cdn.net *.youtube.com *.youtube-nocookie.com *.zenaps.com; child-src 'self' blob: *.guuru.com 10
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tags.creativecdn.com https://cdn.cquotient.com https://www.googletagmanager.com https://services.postcodeanywhere.co.uk https://*.dynamicyield.com https://empme11111.pcapredict.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://*.google-analytics.com https://*.doubleclick.net https://*.dwin1.com https://*.facebook.net https://*.bing.com https://*.criteo.net https://*.stylight.net https://*.linkfire.com  https://*.pinimg.com https://*.adsrvr.org https://sc-static.net https://*.tiktok.com https://*.kuponacdn.de https://*.ad-srv.net https://ad4m.at https://*.ad4m.at https://*.bounce-commerce.de https://*.usemaxserver.de https://*.soreto.com https://*.gsitrix.com https://*.snapchat.com https://*.clarity.ms https://*.criteo.com https://*.paypal.com https://*.scarabresearch.com https://*.cloudfront.net https://*.fatmedia.io https://*.payments-amazon.com https://hal9000.redintelligence.net https://*.klarnacdn.net https://*.adyen.com https://live.adyen.com https://www.googleadservices.com https://api.sovendus.com https://www.awin1.com https://*.sciencebehindecommerce.com https://*.amazonaws.com https://*.b-cdn.net https://*.klarnaservices.com https://*.cquotient.com https://www.glami.sk https://www.glami.cz https://creativecdn.com https://dmdi.pl https://emp-merchandising-gmbh.jobbase.io https://emp-merchandising-gmbh.onlyfy.jobs https://cdn.studentbeans.com/third-party/all.js https://amplify.outbrain.com/cp/obtp.js https://ai.trk42.net/ https://pixel.dmdi.pl/s/tr.js https://c.imedia.cz/js/retargeting.js https://*.osp.live https://widget.sendwise.sevensenders.com https://*.seznam.cz https://*.twitch.tv https://*.getback.ch http://*.static.getback.ch https://www.mainadv.com https://*.thebrighttag.com https://*.rubiconproject.com https://*.klarna.com https://*.pinterest.com https://*.kpcustomer.de https://www.facebook.com https://r.clarity.ms https://p.gsitrix.com https://tr6.snapchat.com https://www.sandbox.paypal.com https://trck.linkster.co https://*.preciso.net blob:; 10
frame-ancestors 'self' https://*.studio.design https://studio.design https://studio.inc; 10
default-src https: wss: about: data: blob: 'unsafe-inline' 'unsafe-eval' 10
default-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;script-src *.teststagram.com *.instagram.com static.cdninstagram.com *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com https://translate.google.com https://apis.google.com https://accounts.google.com;style-src *.teststagram.com *.instagram.com static.cdninstagram.com data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com;connect-src *.teststagram.com *.instagram.com wss://edge-chat.instagram.com connect.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.cdninstagram.com wss://*.instagram.com:* 'self' https://meta.privacy-gateway.cloudflare.com/relay;font-src *.teststagram.com *.instagram.com static.cdninstagram.com data: *.fbcdn.net *.intern.facebook.com *.facebook.com https://fonts.gstatic.com;img-src *.teststagram.com *.instagram.com *.facebook.com *.fbcdn.net data: *.igsonar.com *.cdninstagram.com *.whatsapp.net blob: *.fbsbx.com android-webview-video-poster: *.oculuscdn.com *.giphy.com www.googleadservices.com *.doubleclick.net *.google.com *.google.co.uk https://www.gstatic.com https://*.google-analytics.com;media-src *.facebook.com *.fbcdn.net *.instagram.com *.cdninstagram.com cdn.fbsbx.com data: blob: https://*.giphy.com;frame-src *.instagram.com *.facebook.com *.fbsbx.com fbsbx.com data: www.googleadservices.com *.doubleclick.net *.google.com *.google.co.uk;block-all-mixed-content;upgrade-insecure-requests; 9
require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport 9
default-src * self blob: data: gap:; style-src * self 'unsafe-inline' blob: data: gap:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * self 'unsafe-inline' blob: data: gap:; connect-src self * 'unsafe-inline' blob: data: gap:; frame-src * self blob: data: gap:; 9
upgrade-insecure-requests; frame-ancestors *.stern.de *.brigitte.de *.gala.de *.guj.digital *.guj.rocks *.eltern.de *.vip.de *.essen-und-trinken.de *.schoener-wohnen.de *.livingathome.de *.capital.de *.geo.de; frame-src *; 9
upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ 9
frame-ancestors  'self' asia.espn.com:* asia.espnqa.com:* *.espn.com:* *.espnqa.com:* *.espnsb.com:* *.espnsb.com *.espn.co.uk *.espndeportes.espn.com *.espn.com.br *.espn.com.mx *.espn.com.ve *.espn.com.ar *.espn.com.co *.espnfc.com.au *.espn.com.au *.espn.in *.espn.com.sg *.espn.cl *.espn.ph *.espn.ph:* *.espn.com.pe *.espn.com.gt *.espn.com.do *.espn.com.ec *.espn.com.uy *.espn.com.pa *.espn.co.cr qa.abcnews.go.com preview.abcnews.go.com abc7ny.com abc7.com *.abcotvssb.com preview.goodmorningamerica.com http://*.espnqa.com:* http://*.espn.com:* *.abcotvssb.com *.abcnews.go.com *.abcnews.go.com:* http://*.abcnews.go.com:* abc30.com abc7news.com abc13.com abc7chicago.com 6abc.com abc11.com *.goodmorningamerica.com qa.abc7.com qa.abc30.com qa.abc7news.com qa.abc13.com qa.abc7chicago.com qa.6abc.com qa.abc7ny.com qa.abc11.com *.abcnews.go.com:* abcnews.go.com qa.secsports.com *.secsports.com https://*.espn.com:* *.espnqa.com:* 9
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 9
frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline' 9
block-all-mixed-content; upgrade-insecure-requests 9
sandbox allow-same-origin allow-scripts allow-orientation-lock allow-pointer-lock allow-forms allow-popups allow-top-navigation-by-user-activation; 9
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 9
frame-ancestors 'self' https://pge.segmanta.com https://www.babylist.com shop.pampers.com 9
upgrade-insecure-requests; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com pixel.byspotify.com unpkg.com img03.en25.com www.mczbf.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com tags.srv.stackadapt.com members.cj.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com d.la3-c2-ia7.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com pixel.byspotify.com unpkg.com img03.en25.com www.mczbf.com d.la3-core1.sfdc-lywfpd.salesforceliveagent.com d.la1-core1.sfdc-yzvdd4.salesforceliveagent.com map.brightcove.com assets.map.brightcove.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com tags.srv.stackadapt.com members.cj.com; 9
default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' http://* data:; 9
frame-ancestors zyro.com *.zyro.com *.builder-preview.com *.zyro.space *.hostinger.com *.hostinger.io *.hostinger.in *.hostinger.co.uk 9
default-src 'self' bngprm.com *.bngprm.com ymetrica1.com mc.yandex.ru cam.vg *.cam.vg cdn.fluidplayer.com movcpm.com *.movcpm.com greedseed.world xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com http://151.80.69.121 http://62.210.201.98 http://195.154.187.103 http://195.154.187.179 http://195.154.173.242 http://195.154.173.197 http://195.154.225.146 *.2k0.ru; style-src cdn.fluidplayer.com fonts.googleapis.com 'self' 'unsafe-inline'; script-src bngprm.com *.bngprm.com cdn.jsdelivr.net cdn.fluidplayer.com 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com data:; img-src 'self' bngprm.com *.bngprm.com counter.yadro.ru mc.yandex.ru ymetrica1.com mc.webvisor.org cdn.fluidplayer.com movcpm.com *.movcpm.com xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com data:; 9
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data:; 9
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src https://www.google.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com; frame-ancestors 'none' ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 9
child-src *.doubleclick.net *.dynad.net https://www.facebook.com *.hotjar.com *.pagseguro.uol.com.br *.pagbank.com.br *.rm.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.youtube.com https://www.google.com *.blip.ai data: 'self'; connect-src *.hotjar.com *.hotjar.io wss://*.hotjar.com *.pagseguro.com.br *.pagbank.com.br *.uol.com.br *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com.br wss://ws.0mn.io https: wss: 'self'; frame-ancestors 'self'; default-src *.uol.com.br *.pagseguro.com.br *.pagbank.com.br 'self'; media-src *.uol.com.br *.pagseguro.com.br *.pagbank.com.br data: 'self'; object-src *.uol.com.br *.pagseguro.com.br *.pagbank.com.br data: 'self'; font-src *.pagseguro.uol.com.br *.pagseguro.com.br *.pagbank.uol.com.br *.pagbank.com.br *.uol.com *.uol.com.br *.imguol.com.br *.gstatic.com *.hotjar.com https://imguol.com.br data: 'self'; img-src *.google.com *.google.com.br *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.googleadservices.com *.g.doubleclick.net https://www.facebook.com *.imguol.com *.uol.com *.uol.com.br *.pagseguro.com.br *.pagbank.com.br *.scorecardresearch.com *.ytimg.com *.doubleclick.net *.youtube.com *.hotjar.com *.tailtarget.com bat.bing.com https://imguol.com https://imguol.com.br trg.adilligo.com takenetomni.blob.core.windows.net data: 'self'; script-src bat.bing.com *.doubleclick.net *.dynad.net https://connect.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.hotjar.com *.jsdelivr.net *.jsuol.com.br *.pagseguro.com.br *.pagbank.com.br *.simg.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.ytimg.com https://pagseguro.info https://pag.ae https://imguol.com.br https://www.gstatic.com https://tracking.tunad.io https://js-agent.newrelic.com https://*.nr-data.net about: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.uol.com *.pagseguro.uol.com.br *.pagseguro.com.br *.pagbank.uol.com.br *.pagbank.com.br *.hotjar.com *.simg.uol.com.br *.ytimg.com https://imguol.com.br 'self' *.google.com *.googleapis.com 'unsafe-inline'; report-uri /csp-report 9
block-all-mixed-content;connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: wss:;default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: wss: 'report-sample';font-src 'self' data: https: blob: wss: assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;frame-ancestors 'self' int1.msn.com ntp.msn.cn ntp.msn.com windows-int1.msn.com windows.msn.cn windows.msn.com www.bing.com www.msn.com mathsolver.microsoft.com mathsolver-dev.microsoft.com chrome-extension://lklfbkdigihjaaeamncibechhgalldgl;media-src 'self' https: blob:;report-to csp-endpoint;worker-src 'self' https: blob: 'report-sample'; 8
frame-ancestors 'self' http://webvisor.com http://*.webvisor.com 8
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com www.tjk-njk.com *.exoclick.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com wss://*.1ka.com https://*.1ka.com https://media.1ka.com https://u.1ka.com https://n.1ka.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.1ka.com *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.xvideos.com/csp-reports; report-to csp-endpoint 8
frame-ancestors 'self' https://*.kayak.com https://www.kayak.com.ar https://www.kayak.com.au https://www.kayak.bo https://www.kayak.com.br https://www.kayak.cat https://www.kayak.cl https://www.cn.kayak.com https://www.kayak.com.co https://www.kayak.co.cr https://www.kayak.dk https://www.kayak.com.do https://www.kayak.com.ec https://www.kayak.com.sv https://www.kayak.fr https://www.kayak.de https://www.kayak.com.gt https://www.kayak.com.hn https://www.kayak.com.hk https://www.kayak.co.in https://www.kayak.co.id https://www.kayak.ie https://www.kayak.it https://www.kayak.co.jp https://www.kayak.com.my https://www.kayak.com.mx https://www.kayak.nl https://www.kayak.com.ni https://www.kayak.no https://www.kayak.com.pa https://www.kayak.com.py https://www.kayak.com.pe https://www.kayak.com.ph https://www.kayak.pl https://www.kayak.pt https://www.kayak.com.pr https://www.en.kayak.sa https://www.kayak.sg https://www.kayak.co.kr https://www.kayak.es https://www.kayak.se https://www.kayak.ch https://www.kayak.co.th https://www.kayak.com.tr https://www.kayak.ae https://www.kayak.co.uk https://www.kayak.com.uy https://www.kayak.co.ve 8
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 8
default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *; 8
default-src 'self' *.sberdisk.dev *.sberdisk.ru; script-src 'self' *.sberdisk.dev *.sberdisk.ru *.googletagmanager.com https://mc.yandex.ru https://cdn.amplitude.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' https: blob: data:; frame-src 'self' https: blob: atlassian-companion:; media-src 'self' https: blob: data:; font-src *; 8
object-src 'self' https://www.youtube.com/ https://www.3cx.com/;frame-src 'self' mailto: tel: https://3cx.com https://www.google.com https://cse.google.com https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://static.ads-twitter.com/ https://bid.g.doubleclick.net https://td.doubleclick.net/ https://www.youtube.com https://www.youtube-nocookie.com/ https://www.googletagmanager.com https://player.vimeo.com; frame-ancestors 'self' 8
default-src 'self'; style-src 'self' * 'unsafe-inline';style-src-attr 'self' 'unsafe-inline' *; style-src-elem 'self' 'unsafe-inline' *; font-src 'self' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; connect-src *; img-src 'self' 'unsafe-inline' data: blob: *; manifest-src *; frame-src *; media-src * blob: 8
frame-ancestors https://web.telegram.org 8
child-src *.doubleclick.net *.dynad.net https://www.facebook.com *.hotjar.com *.pagseguro.uol.com.br *.pagbank.com.br *.rm.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.youtube.com https://www.google.com *.blip.ai data: 'self'; connect-src *.hotjar.com *.hotjar.io wss://*.hotjar.com *.pagseguro.com.br *.uol.com.br *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com.br wss://ws.0mn.io https: wss: 'self'; frame-ancestors 'self'; default-src *.evergage.com *.uol.com.br *.pagseguro.com.br 'self'; media-src *.evergage.com *.uol.com.br *.pagseguro.com.br data: 'self'; object-src *.uol.com.br *.pagseguro.com.br data: 'self'; font-src *.pagseguro.uol.com.br *.pagseguro.com.br *.uol.com *.uol.com.br *.imguol.com.br *.gstatic.com *.hotjar.com https://imguol.com.br data: 'self'; img-src *.evergage.com *.google.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.google.com.br *.googleapis.com *.gstatic.com *.g.doubleclick.net https://www.facebook.com *.imguol.com *.uol.com *.uol.com.br *.pagseguro.com.br *.scorecardresearch.com *.ytimg.com *.doubleclick.net *.googleadservices.com *.youtube.com *.hotjar.com *.tailtarget.com bat.bing.com https://imguol.com https://imguol.com.br trg.adilligo.com takenetomni.blob.core.windows.net data: 'self'; script-src *.evgnet.com *.evergage.com bat.bing.com *.doubleclick.net *.dynad.net https://connect.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.hotjar.com *.jsdelivr.net *.jsuol.com.br *.pagseguro.com.br *.simg.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.ytimg.com https://pagseguro.info https://pag.ae https://imguol.com.br https://www.gstatic.com https://tracking.tunad.io https://js-agent.newrelic.com https://*.nr-data.net about: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.evergage.com *.uol.com *.pagseguro.uol.com.br *.pagseguro.com.br *.hotjar.com *.simg.uol.com.br *.ytimg.com https://imguol.com.br 'self' *.google.com *.googleapis.com 'unsafe-inline'; report-uri /csp-report 8
default-src * blob: data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src 'self' blob:; 8
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 8
frame-ancestors 'self' https://www.deco.cx 127.0.0.1:* localhost:* http://localhost:* http://127.0.0.1:* https://admin.deco.cx/ https://v0-admin.deco.cx/ https://play.deco.cx/ 8
default-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com https://*.hcaptcha.com https://js.stripe.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://js.stripe.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://*.fjordmail.no; 8
default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' 8
frame-ancestors 'self' https://staging-app.boxoffice.com https://app.boxoffice.com 8
default-src 'self'; object-src 'self' blob:; frame-ancestors 'self' flex.cybersource.com; worker-src blob: ; frame-src 'self' blob: *; media-src *; img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.brainsins.com mw.brainsins.com d2xkqxdy6ewr93.cloudfront.net *.cloudfront.net cdn.pushassist.com trc.taboola.com *.collect.igodigital.com resources.convious-app.com client.convious-app.com  cdn.taboola.com 510001631.collect.igodigital.com script.hotjar.com 510001630.collect.igodigital.com  static.hotjar.com launch-9151dc1e0eb6-development  mstat.acestream.net www.gstatic.com flex.cybersource.com pe-kw.store.kennywood.com pe-cp.store.castlepark.com www.google.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com  www.googletagmanager.com  www.google-analytics.com *.parquesreunidos.es assets.adobedtm.com amplify.review-alerts.com static-eu.payments-amazon.com maps.googleapis.com cdn.cookielaw.org geolocation.onetrust.com grpr.tt.omtrdc.net launch-9151dc1e0eb6-development cd.livechatin.com api-pre.adminos.parquesreunidos.com analytics.tiktok.com ts.tradetracker.net sleeknotecustomerscripts.sleeknote.com mstat.acestream.net pilaff-up.ru statusklic.info cdn.notifyon.com cdn.livechatinc.com eu5.bookingkit.de js.mollie.com www.paypal.com www.sandbox.paypal.com checkoutshopper-live.adyen.com sandbox.src.mastercard.com src.mastercard.com assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com twimg.com publish.twitter.com platform.linkedin.com track.adform.net static.criteo.net tagmanager.google.com ssl.google-analytics.com ajax.aspnetcdn.com d2cmqkwo8rxlr9.cloudfront.net ad.doubleclick.net apis.google.com www.youtube.com platform.twitter.com s.ytimg.com syndication.twitter.com api.livechatinc.com www.googleoptimize.com  optimize.google.com trck.spoteffects.net i.realytics.io cdn-eu.realytics.net  pe-kw.store.kennywood.com pe-cp.store.castlepark.com pe-rwsydney.store.ragingwaterssydney.com.au pe-sps.store.splishsplash.com pe-sl.store.storylandnh.com pe-na.store.noahsarkwaterpark.com pe-sc.store.sandcastlewaterpark.com pe-wc.store.watercountry.com pe-rwsd.store.ragingwaters.com static.zdassets.com *.optimonk.com sdks.shopifycdn.com ajax.googleapis.com webchat.masvoz.es static.b-ite.com cs-assets.b-ite.com pixel.mathtag.com bat.bing.com cdn.jsdelivr.net farm.plista.com j01l4h3n.com diffuser-cdn.app-us1.com www.rvty.net *.clarity.ms 5mcl.fr *.adnxs.com static.tacdn.com prism.app-us1.com trackcmp.net www.jscache.com cdn.scratcher.io s2.adform.net cdn.leadfamly.com www.tripadvisor.com www.tripadvisor.fr cpi.mirabilandia.it www.opinator.com pe-iw.store.idlewild.com js.adsrvr.org tracker.marinsm.com pe-dw.store.dutchwonderland.com static.zuora.com pe-waw.store.emeraldpointe.com pe-rwsc.store.rwsac.com pe-mn.store.malibunorcross.com *.quantummetric.com t.contentsquare.net pe-bps.store.boomerspalmsprings.com cdn.smooch.io adventurelandresort.secure-cdn.na.accessoticketing.com pe-bv.store.boomersvista.com pe-rwsj.store.rwsplash.com pe-lc.store.lakecompounce.com pe-mm.store.mountasiamarietta.com app.mews.com apps.mews.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com pay.google.com easyway-webchat.s3.eu-north-1.amazonaws.com *.smooch.io sc-static.net tr.snapchat.com *.sprinklr.com apps.mypurecloud.ie surveydynamix.com apps.mypurecloud.com osm.klarnaservices.com js.klarna.com pagead2.googlesyndication.com static.sojern.com *.outbrain.com tib2.tropical-islands.de sla3.slagharen.com mir8.mirabilandia.it mib9.mirabeach.mirabilandia.it war5.parquewarner.com wab6.parquewarnerbeach.parquewarner.com pam4.parquedeatracciones.es mpg3.movieparkgermany.de mar7.marineland.fr zoo2.zoomadrid.com fau4.faunia.es bjl1.bobbejaanland.be bld2.bonbonland.dk dwo7.dutchwonderland.com bnp8.bonoparques.es tus1.tusenfryd.no swa4.selwo.es swm9.selwomarina.es teb6.telefericobenalmadena.com mxa8.atlantisaquarium-madrid.es bel7.belantis.de blk3.blackpoolzoo.org.uk bos6.sommarland.no bor5.oceanarium.co.uk aqs1.aquasplash.fr car1.cartaya.aquopolis.es cda2.costa-dorada.aquopolis.es cul3.cullera.aquopolis.es tor4.torrevieja.aquopolis.es vil5.villanueva.aquopolis.es slp2.sealifeparkhawaii.com ctp3.castlepark.com knw4.kennywood.com adp5.adventurelandresort.com lkc8.lakecompounce.com cnh1.cartoonnetworkhotel.com sct1.sandcastlewaterpark.com stl6.storylandnh.com sny5.splishsplash.com lsa6.livingshores.com rla9.ragingwaters.com syd7.ragingwaterssydney.com.au wco2.watercountry.com wep3.emeraldpointe.com noa8.noahsarkwaterpark.com idw7.idlewild.com webchat.digitalcx.com *.aptrinsic.com *.datatrans.com *.recaptcha.net; style-src * 'unsafe-inline' blob:; font-src * data:; connect-src * 8
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline'; font-src * data: 8
upgrade-insecure-requests; media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; 7
upgrade-insecure-requests; frame-ancestors 'self' https://explore.bitdefender.com/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.emarsys.net *.ofgreencolumn.com *.usercentrics.eu *.amazon *.redditstatic.com *.roeyecdn.com *.unpkg.com *.googleadservices.com *.2checkout.com *.cookielaw.org *.criteo.com *.dwin1.com *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se *.bitdefender.co.jp bitdefender.co.jp bitdefender.applytojob.com *.adobe.com *.facebook.com *.facebook.net *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.ads-twitter.com  *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.hsforms.net *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de dpm.de *.mdex.net mdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net *.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net *.scarabresearch.com *.zenaps.com pixel.xonaz.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com *.outgrow.us *.alchemer.com *.adyen.com *.paypal.com paypal.com ad.ad-srv.net fullstory.com ad4m.at *.googletagmanager.com bat.bing.com *.impactradius-event.com *.outbrain.com *.gartner.com *.gstatic.com *.licdn.com *.bizible.com *.clarity.ms *.demandbase.com *.hs-scripts.com *.sf14g.com *.hsadspixel.net *.hs-analytics.net *.hsleadflows.net *.hs-banner.com *.usemessages.com *.company-target.com *.techtarget.com *.privacyportal-de.onetrust.com *.geolocation.onetrust.com *.avads.net cdn.jsdelivr.net *.hlx.live; 7
default-src https: blob:; connect-src https: wss: blob:; font-src https: data:; frame-src https:; frame-ancestors 'self'; img-src https: blob: data:; media-src https: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; 7
frame-ancestors 'self' *.intuit.com 7
default-src http:; img-src * data:; script-src https:* http: 'unsafe-inline' 'unsafe-eval'; style-src http: 'unsafe-inline'; 7
frame-ancestors 'self' *.aftership.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.am-static.com *.automizely.com *.aftership.com *.automizely-analytics.com static.cloudflareinsights.com www.googletagmanager.com ws.zoominfo.com accounts.google.com www.google.com www.google-analytics.com googleads.g.doubleclick.net www.googleadservices.com snap.licdn.com connect.facebook.net static.ads-twitter.com bat.bing.com www.clarity.ms tracking.g2crowd.com www.gstatic.com www.gstatic.cn widget.freshworks.com client.crisp.chat app.storyblok.com www.recaptcha.net code.jquery.com *.hotjar.com j.6sc.co js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsforms.net js.hsadspixel.net *.tiktok.com *.ttwstatic.com; object-src 'none' 7
upgrade-insecure-requests; frame-ancestors 'none' 7
frame-ancestors 'self' azeu.marketing.adobe.com 7
frame-ancestors 'none'; upgrade-insecure-requests 7
frame-ancestors 'self' https://premiersupport.intel.com https://c0.avaamo.com *.intel.com; object-src 'self'; 7
font-src 'none' 7
“upgrade-insecure-requests� 7
default-src https: 'unsafe-inline' 'unsafe-eval' 7
frame-ancestors http://*.interactcp.com https://*.interactcp.com 'self'; 7
img-src *; 7
none 7
script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.tiktok.com vimeo.com www.vimeo.com www.youtube.com *.treasuredata.com snap.licdn.com connect.facebook.net tagmanager.google.com maps.googleapis.com www.googleadservices.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.gstatic.com checkoutshopper-live.adyen.com *.cdn.adyen.com; object-src 'none'; child-src 'self' www.youtube.com youtube.com www.google.com google.com *.doubleclick.net player.vimeo.com www.googletagmanager.com checkoutshopper-live.adyen.com *.cdn.adyen.com maps.google.com.sg www.google.com maps.google.com goo.gl google.com www.facebook.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests 7
frame-src 'self'; frame-ancestors 'self'; object-src 'none'; 7
default-src * 'unsafe-inline' 'unsafe-eval' https: http: data: blob:; worker-src blob: 'self'; 7
report-uri /csp-report?p=; block-all-mixed-content; default-src 'none'; base-uri 'none'; img-src 'self' https://b.stripecdn.com https://q.stripe.com https://stripe-camo.global.ssl.fastly.net https://images.ctfassets.net https://assets.ctfassets.net data:; style-src 'unsafe-inline' 'self' https://b.stripecdn.com; connect-src 'self' https://stripe.com blob: https://stripe-images.s3.us-west-1.amazonaws.com https://errors.stripe.com https://b.stripecdn.com https://climate.stripe.com https://ext.stripe.com https://r.stripe.com https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners https://sales-live-chat.stripe.com https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query; font-src 'self' https://b.stripecdn.com; form-action 'self' https://stripe.com https://climate.stripe.com; frame-src 'self' https://js.stripe.com https://b.stripecdn.com https://crypto-js.stripe.com https://sales-live-chat.stripe.com https://checkout.stripe.com https://checkout.stripe.dev https://register.stripesessions.com; media-src 'self' https://b.stripecdn.com https://videos.ctfassets.net https://assets.ctfassets.net; script-src 'self' https://js.stripe.com 'sha256-vTifGUJH6hJYTvstw4xJ4xfr/vE0ELkOV4GpCumyqfg=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' https://b.stripecdn.com https://crypto-js.stripe.com 'report-sample'; frame-ancestors 'self' https://app.contentful.com 6
upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com 6
upgrade-insecure-requests;report-uri /csp-violation-report-endpoint/ 6
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content; 6
frame-ancestors 'self' https://localhost:* https://*.bustle.com https://*.bdg.com 6
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 6
default-src 'self'; connect-src 'self' *.authorize.net *.facebook.com stats.addtoany.com *.google-analytics.com cdn.cookielaw.org *.hotjar.com:* vc.hotjar.io:* wss://*.hotjar.com stats.g.doubleclick.net *.clarity.ms *.mktoresp.com *.ziftsolutions.com *.ziftone.com *.ziftmarcom.com *.onetrust.com *.cookielaw.org *.newrelic.com bam.nr-data.net *.googlesyndication.com *.gstatic.com scout.salesloft.com cdn.linkedin.oribi.io *.mktoutil.com *.bonterratech.com *.6sc.co *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.co.cr *.google.com.cu *.google.cz *.google.com.do *.google.com.ec *.google.es *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat go.bonterratech.com bat.bing.com *.convertexperiments.com *.linkedin.com aorta.clickagy.com hemsync.clickagy.com ws.zoominfo.com js.zi-scripts.com ws-assets.zoominfo.com ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com cdnjs.cloudflare.com ct.capterra.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.facebook.com; frame-src 'self' *.driftt.com *.doubleclick.net *.google.com players.brightcove.net *.youtube.com *.googletagmanager.com *.zensource.cloud vars.hotjar.com *.desire2learncapture.com *.everyaction.com *.mktoresp.com *.spotify.com *.googlesyndication.com tpc.googlesyndication.com *.googleads.com *.googleapis.com go.bonterratech.com hemsync.clickagy.com everyaction.widget.insent.ai ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.facebook.com; img-src 'self' data: *.bonterratech.com test-bonterra-corporate-v2.pantheonsite.io live-bonterra-corporate-v2.pantheonsite.io *.driftt.com maps.googleapis.com px.marchex.io *.facebook.com *.google.com *.gstatic.com cdn.rawgit.com raw.githubusercontent.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com zensource-salisbury.s3.amazonaws.com chat.mcsoftware.com *.timevaluecalculators.com *.ytimg.com *.ziftsolutions.com *.ziftone.com *.cookielaw.org *.googlesyndication.com www.google-analytics.com googleads.g.doubleclick.net www.google.com ad.doubleclick.net ade.googlesyndication.com *.bing.com px.ads.linkedin.com www.linkedin.com c.clarity.ms cdn.kimbia.com *.6sc.co *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.co.cr *.google.com.cu *.google.cz *.google.com.do *.google.com.ec *.google.es *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat go.bonterratech.com *.clarity.ms *.linkedin.com *.google.ca ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' *.vimeo.com *.youtube.com *.spotify.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.facebook.com; object-src 'self' *.oembed.com *.vimeo.com *.youtube.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.facebook.com; script-src 'self' 'unsafe-eval' *.driftt.com *.authorize.net *.google.com cdnjs.cloudflare.com cdn.rawgit.com maps.googleapis.com rw1.marchex.io connect.facebook.net googleads.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com cdn.jsdelivr.net *.youtube.com *.vimeo.com s.ytimg.com *.googlesyndication.com *.hotjar.com unpkg.com *.timevaluecalculators.com *.w55c.net *.chatbeacon.io *.marketo.net *.everyaction.com *.mktoresp.com *.ziftsolutions.com cdn.cookielaw.org go.bonterratech.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com ws-assets.zoominfo.com everyaction.widget.insent.ai ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.facebook.com cdn-4.convertexperiments.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d8ejoa1fys2rk.cloudfront.net https://storage.googleapis.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.google.com *.gstatic.com *.googleapis.com *.driftt.com munchkin.marketo.net *.ziftsolutions.com cdn.cookielaw.org widgets.kimbia.com cdn.kimbia.com *.newrelic.com go.everyaction.com *.googlesyndication.com snap.licdn.com bat.bing.com scout-cdn.salesloft.com www.clarity.ms connect.facebook.net googleads.g.doubleclick.net *.convertexperiments.com go.bonterratech.com www.googleadservices.com *.6sc.co ws.zoominfo.com js.zi-scripts.com ws-assets.zoominfo.com everyaction.widget.insent.ai ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.facebook.com cdn-4.convertexperiments.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d8ejoa1fys2rk.cloudfront.net https://storage.googleapis.com https://unpkg.com https://www.google.com; style-src 'self' fonts.googleapis.com tagmanager.google.com *.gstatic.com *.typekit.net maxcdn.bootstrapcdn.com *.timevaluecalculators.com *.marketo.net *.everyaction.com *.mktoresp.com *.ziftsolutions.com *.driftt.com go.everyaction.com cdn.cookielaw.org go.bonterratech.com ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.facebook.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' go.everyaction.com fonts.googleapis.com *.ziftsolutions.com cdn.kimbia.com go.bonterratech.com ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.facebook.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self'; report-uri https://www.bonterratech.com/report-uri/enforce 6
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 6
default-src * 'unsafe-inline' 'unsafe-eval' data:; 6
default-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com geoip-js.com *.geoip-js.com *.crazyegg.com *.zoominfo.com *.pingdom.net *.doubleclick.net *.maxmind.com *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.oribi.io *.cookielaw.org *.onetrust.com *.zscalertwo.net *.googlesyndication.com *.linkedin.com *.hubspot.com *.optimizely.com http://cscmarketing-cscdbs-prod-container.azurewebsites.net/blog/wp-json/; script-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.maxmind.com *.crazyegg.com *.gstatic.com *.zoominfo.com *.pingdom.net *.googleadservices.com *.licdn.com *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.zscalertwo.net 'sha256-uEVZG2aKtvTnCiyd6KE5c0iP+naoyXFMNU6NZqWfTzk=' 'sha256-FTZUkywTeCare2C/3qESeGwIijE/FJIJzHs4QajBqVU=' 'sha256-6EYFRGyxum0IwH2kLdixEkMnfVbkqBt14VQFi8BCJRA=' 'sha256-NEJOYgS3wIia+ss6EnB/d2Kk/XqlS6ES36GronXzmbs=' *.cookielaw.org *.onetrust.com *.googlesyndication.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hubspot.com *.optimizely.com 'sha256-FYVcJ8j+aeiBImnoPSLVrA8jc6b/AUdJP0H7kMX8XRg=' 'sha256-2pe8k26MWlcKficOeMWZ75CKsCYpC8O7SWL1c80IevA=' 'sha256-xA+Nf+aCToDDa/FWlmohq36+g4wJDUNr/5Z99KzXHAQ=' 'sha256-Ekr4lImICDOvgVtzrLML7wjf3IM4V5Q3+ohyZq4Fi5w='; style-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.googleapis.com 'unsafe-inline'; img-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com data: seal-delaware.bbb.org *.linkedin.com *.hsforms.com s.w.org i.ytimg.com *.doubleclick.net *.cookielaw.org *.hubspot.com; font-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.gstatic.com data:; frame-src 'self' *.google.com *.youtube.com *.swiftypecdn.com *.swiftype.com *.googlesyndication.com *.hsforms.com *.doubleclick.net; object-src 'none' 6
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * data:; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; object-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; prefetch-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; form-action 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; worker-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * blob:; report-uri https://hyperia.report-uri.com; block-all-mixed-content; upgrade-insecure-requests 6
block-all-mixed-content; frame-ancestors 'self' 6
base-uri 'self' https://amli.sekindo.com; connect-src 'self' https: data: www.google-analytics.com fundingchoicesmessages.google.com pagead2.googlesyndication.com; default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com; frame-src 'self' https: googleads.g.doubleclick.net; img-src 'self' data: https:; media-src 'self' blob: gcdn.2mdn.net video.primis.tech; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https: blob: www.google-analytics.com pagead2.googlesyndication.com; style-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdnjs.cloudflare.com content.quantcount.com live.primis.tech; worker-src blob:; block-all-mixed-content; report-to https://o881419.ingest.sentry.io/api/6108064/security/?sentry_key=53507701d302401b97c4a9ec903c141e 6
'self' ; 6
block-all-mixed-content; object-src 'none'; base-uri 'none'; frame-ancestors 'self'; 6
frame-ancestors 'self' https://medium.com 6
require-trusted-types-for 'script';report-uri /recaptcha/challengepage/_/RecaptchaChallengePageUi/cspreport 6
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 6
frame-ancestors 'self' https://epson.custhelp.com https://epson-es.custhelp.com https://epson-pt.custhelp.com 6
frame-ancestors 'none' ; 6
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com; 6
frame-ancestors https://*.myshopify.com https://admin.shopify.com 6
font-src *;img-src * data:; 6
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net https://*.stylelabs.io https://*.stylelabs.cloud https://*.stylelabsdemo.com https://*.stylelabsqa.com https://*.stylelabsdev.com https://*.dpxmedcity.net https://*.medcity.net https://youtube.com https://www.youtube.com https://*.googleapis.com https://*.google.com https://*.formstack.com *.doubleclick.net *.amazonaws.com *.cloudfront.net *.healthgrades.com *.undertone.com *.facebook.net *.facebook.com *.trkn.us *.jotform.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://translate.google.com https://fonts.gstatic.com https://www.gstatic.com https://*.securiti.ai *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://*.go-mpulse.net/ https://*.akstat.io/ https://*.akamaihd.net/ https://dc.hcafloridahealthcare.com https://dc.hcafloridaphysicians.com https://*.hcadam.com https://*.hcadam-stage.com https://*.hcadam-qa.com https://*.hcadam-dev.com https://*.sitecorecontenthub.cloud; img-src 'self' data: https://*.stylelabs.io https://*.stylelabs.cloud https://*.stylelabsdemo.com https://*.stylelabsqa.com https://*.stylelabsdev.com https://*.dpxmedcity.net https://*.ytimg.com https://*.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net https://carelinkhca.my.salesforce-sites.com *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://*.s3.amazonaws.com https://*.hcadam.com https://*.hcadam-stage.com https://*.hcadam-qa.com https://*.hcadam-dev.com https://*.sitecorecontenthub.cloud; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.dpxmedcity.net https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net https://*.securiti.ai *.ehc.com *.ehcstaging.com *.dpxmedcity.net; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com https://*.dpxmedcity.net https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net *.ehc.com *.ehcstaging.com *.dpxmedcity.net; frame-src 'self' 'unsafe-inline' https://*.clearstep.health *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://www.youtube.com https://youtube.com *.crazyegg.com https://*.medcity.net *.doubleclick.net https://mammogramscreenbotcontainer.azurewebsites.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; upgrade-insecure-requests; block-all-mixed-content ; 6
frame-ancestors 'none'; report-uri https://prod-bk-csp-service.rbictg.com/csp; report-to csp-endpoint 6
frame-ancestors 'self' *.hexia.io *.zigtools.nl 6
style-src 'self' blob: 'unsafe-inline' *.google.com *.abtasty.com *.crazyegg.com *.googleapis.com *.satisfait-ou-rembourse-braun.fr *.offre-promotionnelle.fr *.salesforce-sites.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.googleanalytics.com *.pg.com *.bazaarvoice.com *.force.com *.pricespider.com *.lytics.io *.mapbox.com *.akamaihd.net feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googleoptimize.com *.crazyegg.com *.googleanalytics.com *.crwdcntrl.net *.googleadservices.com *.pg.com *.offre-promotionnelle.fr *.satisfait-ou-rembourse-braun.fr *.salesforce-sites.com *.salesforce.com *.my.salesforce.com *.criteo.com *.adform.net *.outbrain.com *.pypestream.com *.serving-sys.com *.tiktok.com *.youtube.com *.braun.com *.googletagmanager.com *.dynatrace.com dynatrace.com *.ads-twitter.com *.salesforceliveagent.com google.com gstatic.com *.gstatic.com *.google.com *.abtasty.com *.pypestream.eu *.force.com *.salesfoce.com *.cookielaw.org *.google-analytics.com *.facebook.net *.pricespider.com *.segment.com *.lytics.io *.jebbit.com pghub.io *.doubleclick.net *.crazyegg.com *.googleapis.com *.zeotap.com *.adsrvr.org *.iesnare.com *.ipify.org *.bazaarvoice.com *.moatads.com *.mapbox.com *.akamaihd.net feed.pghub.io pandg.tapad.com ; font-src 'self' *.gstatic.com *.pg.com *.windows.net fonts.gstatic.com maxcdn.bootstrapcdn.com res.cloudinary.com data: feed.pghub.io pandg.tapad.com ; img-src * 'self' data: https: blob: *.google.com *.abtasty.com *.crazyegg.com *.pricespider.com *.ctfassets.net ; default-src 'self' data: wss: *.twitch.tv *.azureedge.net *.flashtalking.com www.cashback-silkepil-et-accessoires.fr *.sor-braun.fr *.lightyearapi.com *.crazyegg.com *.google.com *.abtasty.com *.crwdcntrl.net *.youtube-nocookie.com youtube-nocookie.com pg-lex--dev.sandbox.my.salesforce-sites.com *.satisfait-ou-rembourse-braun.fr *.offre-promotionnelle.fr *.salesforce-sites.com *.analytics.google.com *.braun-concours-jenifer.fr *.concours-braun.fr *.offre-promotionnelle.fr *.pg.com *.criteo.com *.serving-sys.com *.serving-sys.com *.tiktok.com *.cashback-braun.fr *.cashbackipls2.fr *.cashbackshaverss2.fr *.satisfaitourembourse-braun.fr *.digital-promo.de *.dynatrace.com *.azure-api.net *.braun-ics.com *.braun.com *.braun.de *.youtube.com *.force.com *.doubleclick.net *.cookielaw.org *.googletagmanager.com *.google-analytics.com *.adsrvr.org *.tapad.com *.segment.io *.segment.com *.lytics.io *.crazyegg.com *.googleapis.com *.zeotap.com *.facebook.com *.doubleclick.net *.jebbit.com *.windows.net geolocation-db.com *.onetrust.com *.iesnare.com *.bazaarvoice.com *.moatads.com *.mapbox.com *.pricespider.com *.akamaihd.net *.pg.com *.algolia.net *.contentful.com *.ctfassets.net feed.pghub.io ; 6
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src https:; frame-src http: https: data:; upgrade-insecure-requests 6
frame-ancestors 'self' xerox.com *.xerox.com carear.app 6
script-src 'self' 'strict-dynamic' 'nonce-LSY_r4nD0m' https://www.google-analytics.com:443 https://*.dynamics.com:443 https://mktdplp102cdn.azureedge.net:443 https://www.googletagmanager.com:443 https://connect.facebook.net:443 https://snap.licdn.com:443 https://*.ads.linkedin.com:443 https://www.youtube.com:443 ; style-src 'self' 'unsafe-inline' https://*.tagmanager.com:443 https://*.googleapis.com:443;font-src 'self'; connect-src 'self' https://*.lhsystems.com:443 https://*.stape.io:443 https://*.doubleclick.net:443 https://*.dynamics.com:443 https://*.linkedin.com:443 https://*.google-analytics.com:443 https://*.google.com:443 https://*.facebook.com:443; frame-src https://*.google.com:443 https://*.google.de:443 https://*.dynamics.com:443 https://www.youtube.com:443 https://www.youtube-nocookie.com:443 https://www.googletagmanager.com:443; frame-ancestors https://*.dynamics.com:443; form-action 'self';img-src 'self' data: https://www.google.com.*:443 https://*.lhsystems.com:443 https://*.doubleclick.net:443 https://*.google.de https://cdn.lhsystems.com:443 https://*.ads.linkedin.com:443 https://*.dynamics.com:443 https://*.facebook.com:443 https://www.google.hu:443 https://*.google.com:443 https://*.google-analytics.com:443 https://*.googletagmanager.com:443;object-src 'none';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests; 6
frame-ancestors 'self' *; upgrade-insecure-requests; 6
default-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: blob:; img-src * blob: data:; frame-ancestors 'self' https://michelin.clic2buy.com https://*.iadvize.com https://*.blueconic.net; worker-src blob: data: https:; font-src https: data:; script-src-elem 'unsafe-inline' 'unsafe-eval' * blob: 6
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; frame-ancestors 'none'; font-src * 'self' data: https://fonts.gstatic.com; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://plugins.flockler.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com; style-src * 'self' 'unsafe-inline' https://fonts.googleapis.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ 6
frame-src * 6
frame-ancestors "self" http://jack-wolfskin.com https://mywolfpack.jack-wolfskin.com http://staffbase.com capacitor://jack-wolfskin.com capacitor://staffbase.com; 6
default-src 'self' https://* data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* data: blob:; style-src 'self' 'unsafe-inline' https://*  data: blob:; frame-src 'self' https://*; frame-ancestors 'self';img-src 'self' https://* data: blob: ;media-src 'self' https://* data: blob: ;font-src 'self' https://* data: blob: 6
frame-ancestors 'self' https://*.etracker.com; frame-src https://wp-rocket.me/ https://youtube.com https://www.youtube.com https://player.vimeo.com; default-src 'none'; script-src 'self' *.time-matters.com https://*.etracker.com https://*.etracker.de data: 'unsafe-eval' 'unsafe-inline'; connect-src 'self' *.time-matters.com https://*.etracker.de; img-src 'self' data: https: *.gravatar.com; style-src 'self' 'unsafe-inline'; font-src 'self' data:; object-src 'none'; base-uri 'none'; form-action 'self'; media-src 'self'; 6
object-src 'self' 6
frame-ancestors 'self' cloudlogin.co *.cloudlogin.co; 6
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; 5
frame-src https://privacyassure.force.com https://sbx-privacyassure.cs219.force.com https://www.youtube-nocookie.com https://www.google.com https://www.facebook.com https://forms.hsforms.com https://www.youtube.com https://ustglobalinc.jifflenow.com https://js.hsforms.net https://view.ceros.com https://player.vimeo.com https://download-video.akamaized.net https://app.hubspot.com https://vars.hotjar.com https://ustglobal.demdex.net https://app.hubspot.com https://13505543.fls.doubleclick.net https://s.company-target.com https://td.doubleclick.net https://resources.digital-cloud-west.medallia.com; frame-ancestors 'self' 5
upgrade-insecure-requests; block-all-mixed-content; sandbox allow-modals allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-orientation-lock allow-pointer-lock; 5
script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://recaptcha-staging.corp.google.com/;report-uri /recaptcha/challengepage/_/RecaptchaChallengePageUi/cspreport/allowlist;base-uri www.google.com 5
frame-ancestors *.ivanti.com https://dash.cloudflare.com 5
frame-ancestors 'self' https://metrika.yandex.ru/ 5
frame-ancestors iinet.net.au:* *.iinet.net.au:* westnet.com.au:* *.westnet.com.au:* tpg.com.au:* *.tpg.com.au:* tpgtelecom.com.au:* tpgtelecom.com.au:* *.tpgtelecom.com.au:* internode.on.net:* *.internode.on.net:*; 5
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; 5
frame-src https://www.google.com https://app.hubspot.com https://forms.hsforms.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://img6.wsimg.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com; form-action 'self' https://forms.hsforms.com; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js.hs-scripts.com https://tags.tiqcdn.com https://snap.licdn.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.google-analytics.com https://js.hs-analytics.net https://js.hs-banner.com https://js-na1.hs-scripts.com https://js.usemessages.com/conversations-embed.js https://js.hsforms.net/forms/embed/v2.js https://ssl.google-analytics.com/ga.js https://www.pagespeed-mod.com/v1/taas; 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: *; 5
frame-ancestors 'self'; base-uri 'self'; 5
default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self'; style-src 'self'; frame-src 'none'; frame-ancestors 'none'; form-action 'none' 5
; frame-ancestors 'self' 5
frame-ancestors 'self' *.daysmartpayments.com http://localhost:4200/ 5
reflected-xss block 5
default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 5
frame-ancestors 'self' app.storyblok.com 5
default-src *; font-src * data:;img-src * data:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; media-src * blob:; 5
base-uri 'self'; frame-ancestors 'self' 5
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; 5
form-action 'self'; 5
frame-ancestors 'self' https://mycolorcoach-cpd.e-loreal.com 5
upgrade-insecure-requests; base-uri 'self' 5
frame-ancestors 'self' https://service.ariba.com https://service-2.ariba.com https://certservice.ariba.com https://certservice-2.ariba.com https://s1.ariba.com https://s2.ariba.com https://usertest.sciquest.com https://uitweb.sciquest.com https://neo.sciquest.com https://solutions.sciquest.com https://cloud.punchoutexpress.com https://dev.cloud.punchoutexpress.com https://cloud.pexlocal.com https://cloud.mpexlocal.com; 5
frame-ancestors 'self' https://*.sella.it https://*.axerve.com https://*.gestpay.it 5
default-src 'self' blob: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com;connect-src 'self' blob: wss: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.zdassets.com *.zendesk.com *.atlassian.com *.atl-paas.net *.metart.network *.google.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.mixpanel.com *.metartmoney.com cdn.cookielaw.org *.visualwebsiteoptimizer.com *.vwo.com *.adtng.com *.atsptp.com *.spartez-software.com api.ipify.org *.s3.eu-central-1.amazonaws.com *.hotjar.com *.hotjar.io;style-src 'self' blob: 'unsafe-inline' *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.googleapis.com fonts.gstatic.com platform.twitter.com *.twimg.com maxcdn.bootstrapcdn.com *.google.com cdn.cookielaw.org *.visualwebsiteoptimizer.com *.vwo.com *.hotjar.com;font-src 'self' data: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.zopim.com fonts.gstatic.com *.googleapis.com ssl.p.jwpcdn.com maxcdn.bootstrapcdn.com *.vwo.com *.hotjar.com;script-src 'self' 'unsafe-inline' *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.zdassets.com *.atlassian.com *.zopim.com *.twitter.com *.twimg.com ssl.p.jwpcdn.com *.googletagmanager.com *.google-analytics.com cdn.mouseflow.com *.google.com cdn.polyfill.io *.metart.network cdn.cookielaw.org code.jquery.com geolocation.onetrust.com *.mxpnl.com *.googleapis.com *.gstatic.com *.browser-update.org browser-update.org *.visualwebsiteoptimizer.com *.vwo.com *.adtng.com *.atsptp.com *.spartez-software.com *.hotjar.com;frame-src 'self' *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.twitter.com *.youtube.com *.vimeo.com *.atlassian.net *.metartmoney.com *.visualwebsiteoptimizer.com *.vwo.com;img-src 'self' data: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.nsimg.net *.twimg.com *.twitter.com *.zopim.com jwpltx.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.google.com *.browser-update.org browser-update.org *.visualwebsiteoptimizer.com *.vwo.com *.vscdns.com *.hotjar.com *.strpst.com;media-src 'self' data: blob: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.nsimg.net *.zdassets.com *.visualwebsiteoptimizer.com *.vwo.com;worker-src 'self' data: blob: wss:;object-src 'none' 5
default-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://mycliplister.com  https://*.mycliplister.com  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  data:  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com; img-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.mycliplister.com  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.googleadservices.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.creativecdn.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://c1.adform.net  https://ce.lijit.com  https://criteo-partners.tremorhub.com  https://*.teads.tv  https://dpm.demdex.net  https://e1.emxdgt.com  https://eb2.3lift.com  https://exchange.mediavine.com  https://hb.yahoo.net  https://id5-sync.com  https://jadserve.postrelease.com  https://matching.ivitrack.com  https://pixel.rubiconproject.com  https://*.casalemedia.com  https://sync-criteo.ads.yieldmo.com  https://sync.1rx.io  https://rt.udmserve.net  https://ssc-cms.33across.com  https://ads.yieldmo.com  https://s.seedtag.com  https://sync.go.sonobi.com  https://fast.nexx360.io  https://*.upe.schwarz  'unsafe-inline'  https://*.adyen.com  data:; object-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'; script-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' data:  24703.online-adventskalender.de *.arbeitsagentur.de *.assono.de *.b-ite.com *.betterplace.org *.bitkomplex.de *.bright-guide.de *.canto.global *.cdn.office.net *.cloudfront.net *.cookiebot.com *.cookiebot.eu *.dvinci-hr.com *.easy-feedback.com *.etracker.com *.etracker.de *.eu-west-1.playback.live-video.net *.exmap.de *.facebook.com *.flickr.com *.fontawesome.com *.google-analytics.com *.google.com *.google.de *.googleapis.com *.gstatic.com *.haffhus.de *.highcharts.com *.hk24.de *.ihk-baustellen-portal.de *.ihk.de *.ihk24.de *.jobcluster.de *.lineupr.com *.linkedin-ei.com *.linkedin.com *.mateforevents.com *.microsoft.com *.multipage.online *.newsletter2go.com *.office.com *.office365.com *.openstreetmap.org *.podigee-cdn.net *.podigee.io *.signalize.com *.spotify.com *.staticflickr.com *.stream24.net *.sweap.io  *.thinglink.com *.thinglink.me *.twimg.com *.twitch.tv *.twitter.com *.unikam.de *.usercentrics.eu *.userlike.com *.vimeo.com *.wahlplus.de *.walls.io *.webstream.eu *.xing-events.com *.youstreamit.de *.youtube.com api-baustellenportal.sylphen.com api.mapbox.com app.cituro.com app.powr.io app.sli.do auskunft.nvv.de baustellennavi.de bc.pressmatrix.com berufsausbildung-aachen-ihk.de bluecard-eu.de branchenpuls.odis-berlin.de bxb-festival.app cdn.contentful.com cdn.doo.net/assets/js/viovendi-embed-static-1.js cdn.knightlab.com cdn.podigee.com cdn.podlove.org cdnjs.cloudflare.com chat.gr-apps.de client.inecos.de code.createjs.com code.jquery.com/jquery-3.1.1.min.js code.jquery.com/jquery-3.4.1.min.js connect.facebook.net consentcdn.cookiebot.com corona.conterra.de covid19.webtvcampus.de cta.ihk.i40.de datawrapper.dwcdn.net dbaw.specials-bahn.de detmold.ihk-beitragsrechner.de dihk.imageplant.de doo.net e.issuu.com e.video-cdn.net easy-feedback.com easy-feedback.de editor.signavio.com embed.nexx.cloud eoa2.bildung1.gfi.ihk.de events-to-impress.activehosted.com expertenpool.automatisierungsregion.de fahrinfo.vbb.de geometro-cockpit.com geometro-cockpit.de geoportal-hamburg.de geoportal.metropolregion.hamburg.de gwatch.events haffhus.s3.eu-central-1.amazonaws.com handelskammer-bremen.appointmind.net heimatshoppen.ihk-industrie-treffpunkt.de hk24.sharepoint.com html5-player.libsyn.com iframe.wvd-portfolio.de ihk-ar.ycms.rocks ihk-baustellen-portal.de:5555 ihk-berlin-meetings.webex.com ihk-darmstadt-portal.rexx-recruitment.com ihk-essen.jobs.personio.de ihk-hl.gr-live.de ihk-kassel.perbit-job.de ihk-wahl.info ihk-weiterbildung-oldenburg.de ihk-zu-dortmund-1.jobs.personio.de ihk.prototype.berlin ihk.selbstdenker.com ihk24.epccm19.com ihk24.omq.de ihk24.omq.io ihknw.pi-asp.de ihkob.wekando.eu imagemarker.com ims-files-cdn.net infographic.statista.com isi.hdb-hamburg.de jobs.ihk-niederrhein.de jsfiddle.net komsis.inecos.de kvg-kassel.widget-generator.de link.webropolsurveys.com live.c3networking.de livestream.kemweb.de livestream.watch/vp/nachhaltigkeitsdialog.html login.microsoftonline.com mailto: maps2.sylphen.com matomo.rexx-systems.commatomo.js maxcdn.bootstrapcdn.com media.graphassets.com media.graphcms.com media.video.taxi mediathek.ihk-gfi.de mukihk24.z6.web.core.windows.net my.immobilienfotograf-berlin.com my.tikee.io myjobboard.de n873043.websitebuilder.online news.ihk-sh.de online.fliphtml5.com p668079.webspaceconfig.de pam.ihk-schleswig-holstein.de playout.3qsdn.com plugins.flockler.com pruefungen-cottbus-ihk.de publish.flyeralarm.digital rh1.chatmodul.de roundme.com routenplaner.bus-bahn-thueringen.de s2survey.net s3.fraunhofer.de service.tecintelli.de share.ihkzuschwerin.de  smart.ihk-berlin.de standortfinder.rlp.de start.video-stream-hosting.de static-exp1.licdn.com static.dvinci-easy.com stats.g.doubleclick.net streaming.sendewerk.berlin tecintelli-static-ttl.obs.eu-de.otc.t-systems.com/ tel: tuerchen.com umap.openstreetmap.fr userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com vstdbv3 w.soundcloud.com walls.io web.inxmail.com weltmetropole.app widget.taggbox.com wms02.exmap.de wss://chat.userlike.com/chat/ wss://umd.userlike.com/umd/ www.architekt-krieger.de www.aufstiegs-bafoeg.de www.bahn.de www.berufe.tv www.branchenpuls.berlin www.bso-hessen.de www.chatbase.co www.econda-monitor.de www.etermin.net www.eventbrite.de www.finest-jobs.com www.forschungsfinder-hessen.de www.gatewatch.eu www.giu-kalender.org www.google.analytics.com www.googletagmanager.com www.handelskammer-bremen.de www.hvv.de www.ihk-arbeitsgemeinschaft-rlp.de www.ihk-berlin.de www.ihk-berlin.org www.ihk-bw.digital www.ihk-ecofinder.de www.ihk-gfi.de www.ihk-koblenz.de www.ihk-lehrstellenboerse.de www.ihk-lueneburg.de www.ihk-magdeburg.de www.ihk-ostbrandenburg.de www.ihk-praktikumsportal.de www.ihk-rlp.de www.ihk-wiesbaden.de www.ihkac-anwendungen.de www.inno-vet.de www.instagram.com www.iwd.de www.kandidatenmanagement.de www.leg-thueringen.de www.media42day.com www.menti.com www.mint-in-hessen.de www.onlinebewerbungsserver.de www.plattform-i40.de www.powr.io www.praktikum.info www.rmv.de www.stadtradeln.de www.terminland.de www.tfaforms.com www.total-lokal.de www.tvo.de www.vvs.de www.webstream.eu www.youtube-nocookie.com zukunftsdialog-fachkraefte.berlin zukunftsforum-wirksame-bildung.de zvlms.fraunhofer.de  ;  report-uri /blueprint/servlet/csplogging/logViolation ; 5
object-src 'self' https://www.youtube.com/;frame-src 'self' mailto: tel: https://3cx.com https://player.vimeo.com/ https://vars.hotjar.com/ https://www.google.com https://cse.google.com https://services-sandbox.google-3cx.com https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://td.doubleclick.net/ https://bid.g.doubleclick.net https://www.loom.com https://www.youtube.com https://www.youtube-nocookie.com/ https://www.googletagmanager.com; frame-ancestors 'self' 5
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * blob:; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * data: blob:; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * data:; report-uri https://hyperia.report-uri.com; block-all-mixed-content; upgrade-insecure-requests 5
default-src * 'unsafe-inline' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.s3.yandex.net *.mail.ru *.market.yandex.ru *.yandex.ru *.mindbox.ru *.rnet.plus *.rambler.ru *.adfox.ru *.jsdelivr.net *.pushwoosh.com *.createjs.com *.facebook.net *.maps.yandex.net *.reddigital.ru *.weborama.fr *.24smi.net *.adlooxtracking.com dsp-rambler.ru *.dsp-rambler.ru *.geniusaudience.com *.gnezdo.ru *.hit.gemius.pl *.adlooxtracking.ru *.prom.app.sberdevices.ru *.rambler-co.ru *.webvisor.org *.2xclick.ru *.infox.sg smi2.ru *.otm-r.com *.top100.ru stat.media *.smi2.net *.smi2.ru *.terratraf.io *.soloway.ru vk.com *.getsitecontrol.com www.google-analytics.com www.googletagmanager.com www.tns-counter.ru yandex.ru yastatic.net *.mradx.net *.ampproject.org *.bumlam.com *.imgsniper.com *.terratraf.com *.digitaltarget.ru *.serving-sys.ru *.serving-sys.com serving-sys.ru serving-sys.com adriver.com adriver.ru *.adriver.com *.adriver.ru; report-to csp.rambler-co.ru 5
frame-ancestors 'none';upgrade-insecure-requests; 5
frame-ancestors 'self' https://*.batchgeo.com 5
frame-ancestors *.euractiv.com euractiv.com *.euractiv.fr euractiv.fr *.euractiv.de euractiv.de *.euractiv.gr euractiv.gr *.euractiv.pl euractiv.pl *.euractiv.sk euractiv.sk *.euraciv.cz euractiv.cz      *.euractiv.it euractiv.it *.euractiv.es euractiv.es euractiv.bg api-esp-eu.piano.io; 5
frame-ancestors 'self' https://secure.safecharge.com; 5
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src *; object-src 'self' data:; frame-src 'self' data:; media-src 'self' data:; 5
frame-ancestors 'self'; object-src 'self' 5
base-uri 'self' https://d6tizftlrpuof.cloudfront.net/live/; font-src 'self' data: *.cloudfront.net; form-action 'self'; frame-ancestors 'self' *.mycleverpush.com; img-src * data:; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' *.cloudfront.net *.usabilla.com *.getback.ch *.abtasty.com; upgrade-insecure-requests; worker-src blob: 'self' static.cleverpush.com 5
frame-ancestors https://cms-prod.brxm.grandvision.io 5
default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; worker-src 'self' blob: 5
script-src * 'self' 'unsafe-inline' 'unsafe-eval' wistia.com youtube.com blob: 5
default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; object-src *; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 5
frame-ancestors 'self'; report-uri csp-reports; report-to csp-endpoint; 5
frame-ancestors 'self' *; 5
frame-ancestors 'self' https://fuse.pav.portals.swisslife.ch https://fuse.portals.swisslife.ch https://www.swisslife.ch 5
default-src * data: 'unsafe-inline' 'unsafe-eval' 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' 5
frame-ancestors 'self'; object-src 'none' 5
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 5
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src https://www.google.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://www.youtube.com; frame-ancestors 'none' ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 5
upgrade-insecure-requests; base-uri 'none'; 5
object-src 'none'; frame-ancestors 'self' 5
default-src 'self'; img-src 'self';script-src 'self' 'sha256-J+Y4l+yfxXd4cYzH9LhXUSHSb7zZu2bgddfCumVZJMo=';object-src 'none';form-action 'none';frame-src 'none';style-src 'self' 'sha256-OU0LTytxyR8kjQ+DRjRCDKhUAKEeH7rb0D5nBWOzRlQ=' 5
frame-ancestors 'self' https://preview.plaece.nl 5
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 5
frame-ancestors https://app.pendo.io; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://*.onetrust.com https://*.pendo.io;  font-src 'self' https://fonts.gstatic.com https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://*.pendo.io; connect-src 'self' https://*.pendo.io https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com https://api.ipify.org https://cdn.cookielaw.org https://*.onetrust.com; img-src 'self' data: image/svg+xml https://cdn.cookielaw.org https://*.pendo.io  https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; frame-src 'self' https://app.pendo.io; worker-src 'self' 5
base-uri 'self'; report-uri https://csp-logging.m-operations.com/cspheaders; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.moosend.com *.moostaging.com cdn.transifex.com cdn.segment.com *.adroll.com fast.appcues.com widget.intercom.io www.google-analytics.com app.satismeter.com js.intercomcdn.com ajax.googleapis.com cdn.tiny.cloud social.uploadcare.com js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com pay.google.com songbird.cardinalcommerce.com songbirdstag.cardinalcommerce.com *.paypal.com kit.fontawesome.com storage.googleapis.com js.pusher.com labs.pathfix.com connect.facebook.net sitecoredelivr.sitecorecloud.io portal-staging.sitecore-staging.cloud portal.sitecorecloud.io; object-src 'none'; 5
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob: https:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 5
frame-ancestors 'self' *.insparx.com *.insparx.org; 5
unsafe-inline 5
frame-ancestors 'self'; frame-src 'self' https://www.sitecdn.com braintreegateway.com assets.braintreegateway.com googletagmanager.com https://client.dropcatch.com https://*.paypal.com https://*.paypalobjects.com https://ssl.kaptcha.com; script-src 'self' https://*.paypal.com https://*.googletagmanager.com https://secure.dropcatch.com https://*.google-analytics.com 'unsafe-inline'; connect-src 'self' https://*.amazonaws.com https://*.braintreegateway.com https://*.braintree-api.com https://uilogging.tcdevops.com https://*.google-analytics.com https://translate.dropcatch.com https://client.dropcatch.com wss://rt.dropcatch.com 5
default-src 'self'; img-src * data: 'unsafe-inline' blob:; style-src * 'unsafe-inline' blob:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; form-action *; media-src *.readspeaker.com *.streamlock.net storage.googleapis.com scribit-pro-hosting.storage.googleapis.com scribit-pro.storage.googleapis.com app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self'; worker-src * 'unsafe-inline' blob:; 5
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 5
frame-ancestors 'self' *.mydukaan.io; 5
default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ v.clarity.ms/collect *.microsoft.com *.adnxs.com *.tealiumiq.com login.microsoftonline.com; script-src 'report-sample' 'sha256-th47JTnh6tX15SUn/I+GGmsOSXpa7dh5Skner77gxlY=' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com www.googletagmanager.com/gtag/js merchantpool1.linkedin.com/mdt.js; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com edge-auth.microsoft.com li.protechts.net *.xlgmedia.com *.px-cloud.net merchantpool1.linkedin.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=gg 4
frame-ancestors 'self' https://metrika.yandex.ru https://webvisor.com http://webvisor.com 4
frame-ancestors 'self'; report-uri https://reuters.report-uri.com/r/t/csp/enforce; report-to report-uri 4
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 4
script-src 'sha256-KXVenHG583A83LgYtdx9xEh45z4umJCe6yQqRczE4bs=' 'self' jobs.jobvite.com www.googletagmanager.com cdn.jwplayer.com ssl.p.jwpcdn.com; worker-src blob: 4
frame-ancestors 'self' *.lycos.com 4
media-src https: blob:; connect-src 'self' https: blob: wss:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data: blob:; 4
frame-ancestors 'self' *.kameleoon.com 4
frame-ancestors https://kpmg.experiencecloud.adobe.com https://assets.kpmg.com https://kpmg.com 4
form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 4
default-src 'self' 'unsafe-inline' 'unsafe-eval'              *.nextdoor.com              *.smarty.com              *.crazyegg.com              *.invocacdn.com              *.invoca.net              *.statistinamics.com              static.traversedlp.com              api.traversedlp.com              js.alocdn.com              p.alocdn.com              https://cableone1615402851.zendesk.com/              https://zendesk-eu.my.sentry.io              *.zendesk.com              https://fidelitycommunications.referralrock.com/              https://apps.sitecore.net              *.office.com              *.google.com              *.hsforms.com              *.hsforms.net              *.slgnt.us              *.youtube.com              *.googletagmanager.com              *.sparklight.com              *.zdassets.com              *.googleapis.com              snapwidget.com              fonts.googleapis.com              maps.gstatic.com              cableone.zendesk.com              wss://widget-mediator.zopim.com             *.zopim.com              static.ada.support              sparklight.ada.support              rollout.ada.support              sentry.io              www.cableone.net              *.zopim.com              *.bing.com              *.google-analytics.com              static.hotjar.com              *.googleadservices.com              *.facebook.net              cltgtstor001.blob.core.windows.net              *.adsrvr.org              *.doubleclick.net              *.hotjar.com              cdn.polyfill.io              *.slgnt.us              *.speedtestcustom.com              *.clarity.ms              sparklight.slgnt.us              code.jquery.com              cdnjs.cloudflare.com              woobox.com              *.smartmove.us              jsonip.com              *.wufoo.com              *.gstatic.com              *.googleoptimize.com              optimize.google.com              wss://*.hotjar.com              *.hotjar.io              blob:              dev.visualwebsiteoptimizer.com              *.cognitivlabs.com;               style-src 'self' 'unsafe-inline'              *.crazyegg.com              *.googleapis.com              stackpath.bootstrapcdn.com              use.fontawesome.com              *.smartmove.us              *.google.com;               img-src 'self' data:              cableone1615402851.zendesk.com              *.crazyegg.com              dev.visualwebsiteoptimizer.com              v2assets.zopim.io              *.gstatic.com              www.cableone.net              www.sparklight.com              www.facebook.com              *.google-analytics.com              *.google.com              cableone.zendesk.com              *.smartmove.us              ctam.demdex.net              *.googletagmanager.com              *.clarity.ms              *.bing.com              *.hsforms.com              *.doubleclick.net              *.nextdoor.com             *.rlcdn.com             *.cognitivlabs.com;               font-src 'self' 'unsafe-inline'              https://fonts.gstatic.com              use.fontawesome.com;          upgrade-insecure-requests;          block-all-mixed-content;      4
script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/main_light_binary.js https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/feedback/js/ghelp/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist 4
frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests; 4
default-src https: 'unsafe-eval' 'unsafe-inline'; worker-src blob:; object-src 'none'; frame-ancestors 'none' 4
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 4
frame-ancestors 'self' https://console.dnspod.cn 4
upgrade-insecure-requests;frame-ancestors 'self' https://www.medscape.com https://dusandbox.skipta.com https://doctorunite.com https://generationNP.com https://cardiologistconnect.com https://paunite.com https://cardiologistconnectsandbox.skipta.com https://next.brella.io/ https://www.staging.medscape.com/ https://www.skipta.com/ https://staging.medscape.com/ https://skipta.com/ https://medscape.com/ https://endocrinologistnation.com https://www.endocrinologistnation.com https://amgenicpsp.lightning.force.com/ https://nephrologistconnect.com https://rheumatologynation.com https://dermatologistnation.com 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' api.salemove.com api.salemove.eu ui.customsearch.ai analytics.twitter.com assets.adobedtm.com connect.facebook.net static.ads-twitter.com www.googleadservices.com maps.googleapis.com cdn.tt.omtrdc.net absa.tt.omtrdc.net www.google.com www.gstatic.com analytics.analytics-egain.com abdemo.egain.cloud absablog-dev.disqus.com absablog-sit.disqus.com absablog-uat.disqus.com absablog-prod.disqus.com ajax.googleapis.com platform.twitter.com platform.linkedin.com assets.pinterest.com c.disquscdn.com disqus.com secure.rating-widget.com log.pinterest.com rating-widget.com s.ytimg.com www.youtube.com youtube.com esb.ext.api.uat.absa.co.za client.crisp.chat googleads.g.doubleclick.net www.google.co.za www.google.pl dsp-aud.eskimi.com dsp.eskimi.com dsp-pix.eskimi.com dsp-media.eskimi.com cdn.syndication.twimg.com cse.google.com api-iam.intercom.io api.salemove.eu app.salemove.eu asset-proxy.salemove.eu assets.salemove.eu chunderw-gll.twilio.com chunderw-vpc-gll.twilio.com client-logger.salemove.eu eventgw.twilio.com fonts.googleapis.com fonts.gstatic.com io.salemove.eu js.intercomcdn.com kluster.ws.salemove.eu libs.salemove.com maps.googleapis.com maps.gstatic.com media.twiliocdn.com nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io s3-eu-west-1.amazonaws.com s3.amazonaws.com uplot.salemove.eu widget.intercom.io googletagmanager.com www.googletagmanager.com js-agent.newrelic.com bam.nr-data.net c.la3-c1-fra.salesforceliveagent.com d.la3-c1-fra.salesforceliveagent.com c.la1-c2-par.salesforceliveagent.com d.la1-c2-par.salesforceliveagent.com c.la2-c2-cdg.salesforceliveagent.com c.la1-c2-par.salesforceagent.com d.la2-c2-cdg.salesforceliveagent.com bam-cell.nr-data.net fls.doubleclick.net tt.mbww.com pixel.mathtag.com snap.licdn.com sc-static.net analytics.tiktok.com bat.bing.com fpt.absa.co.za 4
default-src https: data: 'unsafe-inline' 'unsafe-eval';connect-src 'self' https://hossa.inwx.com *.zammad.inwx.de ws: wss: *.google-analytics.com stats.g.doubleclick.net *.hossa.inwx.com; 4
default-src blob: data: https: 'self'; script-src blob: https: 'self' 'unsafe-eval' 'unsafe-inline'; style-src blob: https: 'self' 'unsafe-inline'; media-src blob: https: 'self'; connect-src blob: https: 'self' 'unsafe-inline' wss://*.hotjar.com 4
frame-ancestors 'self' https://www.fortinet.com 4
frame-ancestors 'self' https://*.ariba.com https://*.micron.com https://*.iu.edu https://*.sciquest.com;object-src 'none'; 4
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com *.visualwebsiteoptimizer.com app.vwo.com *.sharethis.com https://unpkg.com/dropzone@5/dist/min/dropzone.min.js  https://d1hgczpbubj217.cloudfront.net/video-widget/ https://www.youtube.com/ https://app-static.turtl.co/embed/turtl.embed.v1.js https://js.zi-scripts.com/zi-tag.js *.mutinycdn.com https://www.clarity.ms; object-src 'self'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *; img-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com * *.mutinycdn.com; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com *; frame-ancestors 'self' https://app.mutinyhq.com; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com * *.mutinyhq.com *.mutinyhq.io *.mutinycdn.com; report-uri /report-csp-violation 4
frame-ancestors https://app.contentful.com 4
frame-ancestors https://sc10cm https://ih-sitecore-qa.hugoandcat.dev https://web-ih-sc-tst-cd-wus2.azurewebsites.net https://web-ih-sc-prd-cm-wus2.azurewebsites.net https://intermountain.dev.local https://intermountainhealth.formstack.com 4
frame-ancestors https://app.storyblok.com/ 4
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src *; object-src *; child-src *; frame-ancestors 'self' https://gls-group.com/ https://gls-group.eu/ https://pilot.gls-group.eu/; form-action *; reflected-xss block; upgrade-insecure-requests; 4
frame-ancestors 'self' https://dato-plugin-3zrf.vercel.app https://factorial-next.admin.datocms.com *.factorial.be *.factorial.ch *.factorial.co *.factorial.fr *.factorial.it *.factorial.mx *.factorialhr.ar *.factorialhr.be *.factorialhr.ch *.factorialhr.cl *.factorialhr.co *.factorialhr.co.uk *.factorialhr.com.ar *.factorialhr.com.br *.factorialhr.de *.factorialhr.es *.factorialhr.fr *.factorialhr.it *.factorialhr.mx *.factorialhr.pt *.fatorial.pt *.factorialhr.com 4
frame-ancestors 'self' letmedate.com www.letmedate.com 4
frame-ancestors 'self' *.affino.com; 4
upgrade-insecure-requests;         default-src 'self'             https://*.canadalife.com;         connect-src 'self'             https://*.canadalife.com             https://*.greatwestlife.com             https://www.google-analytics.com             https://pdx-col.eum-appdynamics.com             https://greatwestlife.sc.omtrdc.net             https://dpm.demdex.net             https://maps.googleapis.com             https://greatwestlife.tt.omtrdc.net             https://*.fls.doubleclick.net             https://stats.g.doubleclick.net             https://*.qualtrics.com             https://*.tt.omtrdc.net             https://analytics.google.com              https://ct.pinterest.com             https://*.force.com             https://*.salesforce-sites.com             https://*.salesforce.com             https://*.salesforceliveagent.com             https://*.mouseflow.com             https://edge.adobedc.net             https://analytics.tiktok.com             https://*.onetrust.com             https://cdn.cookielaw.org             https://pagead2.googlesyndication.com;         script-src 'self' 'unsafe-eval';        script-src-attr 'unsafe-hashes'             'sha256-s03MppK+yldqebQIUHl/a3rnlThCtQkSXSmmZOF3+F4=';         script-src-elem 'self'             'sha256-rxbB0dwoVgxFLovO+2QdlowWXjNRQqQ2N+l1eql3idk='             'sha256-FBNK2rdRWFlHdRsYGZZBmuYu5+CkAl+Wn1JoYWqrksM='             'sha256-F4BYc9lsI/Vrx9C9i80ixfUTjvillF19Ozmb78mybec='             'sha256-AQOwIQfwXmjGkJa3okk527EAh1ebFJRpTTZl+5jRXbY='             'sha256-g2Pta/3ikSvMxquiOYn0GW46rWdTYOpxkQZQy4WkDmg='             'sha256-KoHyQmm+D9hBDaBTR6+gxOIONQBIayKMbpsmhIC1btA='             'sha256-aPmuEA+YTJeUe5vchynnoiv3QTQuOLlWWoFTWMZ0g1g='             'sha256-qLzKpw2YpqphcZ2dUfDq+nZ5lHCEZFVVMQAG3QzDYFs='             'sha256-mpui/uSvBk50FoZaT31+E4TDh6X31gDoxHjIJDzRJZg='             'sha256-77v6+Y2oUkIbs8c4pNz/22z+7s+raZVjnYoWAy3n340='             'sha256-E7YCGQ5MRgDfOE83WCZrO5WMF47b8DMQrCCUsSG4BZA='             'sha256-7sAcIrWL0oWh2ze3yV6tqz1RbnGmqhIx1Qus9jRracQ='             'sha256-M+nrL1i0jyqg3asaQwtMrGR3HewAhiK/bpVvlDbxPVA='             'sha256-2w2VuPWkQ3e1VTwZBpAMJr/J8SGDI2TAq/lDdYX5rCM='             'sha256-QmTlplZrwxtcIjf0Qw5pH3wwugda+oguLrKTkvZcEZg='             'sha256-c/UuTsNI4PzkW3h2TEBTba6cHzrxCGLRLm7e7JFOMTA='             'sha256-iyqTc3hqwkLOBdzXfypaUKkfBjoe6ISFWFJymJlkhi0='             'sha256-y5DfkiVFp/0+RV2R/V4+yuEwoazHEGO2dtoyyobVfMg='             'sha256-6vmJe+REQ2uvXdOcmOA0gV2Ghe2w9VIMFQMDJ6mfiIY='             'sha256-djABxqtTxWmFtje0qzMk5v6m47EuSHXoA7G6ISvWRcM='             'sha256-IkjtHJi30pQL4HJunVbbOb0eddxKbzQS73A/uLX1dxc='             'sha256-y5DfkiVFp/0+RV2R/V4+yuEwoazHEGO2dtoyyobVfMg='             'sha256-sjwHEvEEd6LOECfafoaXLp4pSwGYpxKixkV7uzUd1mI='             'sha256-hUAVVCKUCsvj/NRR8gA7De+28k1VzMT2WZInYuEgow4='             'sha256-Hts4iOCYzEeuX6rdSp2aiZrU4RwBn9aQiN5om8ue+WU='             'sha256-myEuPW+nKtNfz374HWMHz0UGYwyue8KuWk8jIG/3GeQ='             'sha256-47hygcsCeuaz/wFDcfGceDzFRbsMCTKLzIipw5aiGI4='             'sha256-y4f9W+6dx+NJrSoXaIp4Z68xghYiTAOTKAc+aAakarg='             'sha256-Nj9ZkTPsRdNRP79R2LmmJ6tqxvZLVGv/R2HV0/4hAuM='             'sha256-VSXobtrxfF6D1p+BtC9xltlwQmAVWcyRIJuSFJqFdSQ='             'sha256-UslN52emMX/WzG5xOZW4SSmhTC38p8AM6nfHugezhSI='             https://*.canadalife.com             https://assets.adobedtm.com             https://cdn.appdynamics.com             https://www.google-analytics.com/analytics.js             https://connect.facebook.net/en_US/fbevents.js             https://connect.facebook.net/signals/             https://*.qualtrics.com             https://dpm.demdex.net             https://ad.doubleclick.net             https://*.fls.doubleclick.net             https://snap.licdn.com             https://static.ads-twitter.com             https://analytics.twitter.com             https://px.ads.linkedin.com             https://secure.adnxs.com             https://maps.googleapis.com/maps/             https://maps.googleapis.com/maps-api-v3/             https://play.vidyard.com             https://p.adsymptotic.com             https://www.googletagmanager.com/gtag/             https://mboxedge35.tt.omtrdc.net             https://s.pinimg.com/ct/             https://ct.pinterest.com             https://googleads.g.doubleclick.net             https://bat.bing.com/bat.js             https://bat.bing.com/p/action/11042675.js             https://bat.bing.com/p/insights/t/11042675             https://www.googleadservices.com             https://analytics.google.com             https://*.force.com             https://*.salesforce.com             https://*.salesforce-sites.com             https://*.salesforceliveagent.com             https://*.mouseflow.com             https://www.gstatic.com             https://www.google.com/recaptcha/enterprise.js             https://www.redditstatic.com/ads/pixel.js             https://analytics.tiktok.com             https://cdn.cookielaw.org             https://embed.myadvocado.com;         style-src 'self' blob: 'unsafe-inline'             https://*.canadalife.com             https://*.vidyard.com             https://*.qualtrics.com             https://*.force.com             https://*.salesforce-sites.com             https://fonts.googleapis.com;         img-src 'self' data:             https://*.canadalife.com             https://*.ggpht.com             https://*.googleapis.com/             https://greatwestlife.sc.omtrdc.net             https://greatwestlife.tt.omtrdc.net             https://www.facebook.com             https://*.qualtrics.com             https://cm.everesttech.net             https://*.fls.doubleclick.net             https://maps.googleapis.com             https://px.ads.linkedin.com             https://www.linkedin.com             https://ad.doubleclick.net             https://secure.adnxs.com             https://analytics.twitter.com             https://p.adsymptotic.com             https://adservice.google.com/ddm/             https://adservice.google.ca/ddm/             https://dpm.demdex.net             https://maps.gstatic.com             https://*.vidyard.com             https://*.qualtrics.com             https://www.google.ca/ads/             https://www.google.com/ads/             https://www.google-analytics.com             https://www.google.com/pagead/             https://www.google.ca/pagead/             https://www.googletagmanager.com             https://t.co             https://s.pinimg.com/ct/             https://ct.pinterest.com             https://bat.bing.com             https://*.force.com             https://*.salesforce-sites.com             https://ca-gmtdmp.mookie1.com             https://cdn.cookielaw.org             https://alb.reddit.com             https://www.redditstatic.com;         font-src 'self' data:             https://*.canadalife.com             https://fonts.googleapis.com             https://fonts.gstatic.com             https://*.qualtrics.com             https://*.vidyard.com;         frame-src 'self'             https://play.vidyard.com             https://*.qualtrics.com             https://www.youtube.com             https://www.pinterest.com             https://gwl.demdex.net             https://*.force.com             https://www.google.com             https://td.doubleclick.net             https://ct.pinterest.com             https://embed.myadvocado.com;         child-src             https://*.canadalife.com             https://*.qualtrics.com             https://greatwestlife.sc.omtrdc.net             https://greatwestlife.tt.omtrdc.net;         object-src 'none';         base-uri 'none'; 4
default-src 'self'; script-src https://cdnjs.cloudflare.com https://autosug.ebay.com https://suggestqueries.google.com https://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.nr-data.net https://www.google.com https://s.flocdn.com https://*.s1search.co https://swurl.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src https://cdnjs.cloudflare.com 'unsafe-inline' 'self'; connect-src https://api.picclick.com https://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.nr-data.net https://*.s1search.co https://soflopxl.com https://swurl.com 'self'; img-src *; font-src https://cdnjs.cloudflare.com data: 'self'; 4
frame-ancestors 'self' https://*.infomaker.io https://login.leaddesk.com https://login-qed.leaddesk.com https://login-qed-fi1.leaddesk.com https://login-qed-fi2.leaddesk.com 4
default-src='self' 4
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 4
upgrade-insecure-requests;, upgrade-insecure-requests 4
frame-ancestors 'self' *.pedidosya.com *.pedidosya.cl *.pedidosya.com.ar *.pedidosya.com.bo *.pedidosya.com.pa *.pedidosya.com.py *.pedidosya.com.uy *.pedidosya.com.ve *.pedidosya.com.pe *.pedidosya.com.ec *.pedidosya.com.gt *.pedidosya.com.hn *.pedidosya.cr *.pedidosyasv.com.sv *.pedidosyani.com.ni *.pedidosya.com.do 4
frame-ancestors 'self'; object-src 'none'; 4
connect-src 'self' data: *.ampproject.org *.clarity.ms/collect *.facebook.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.linximpulse.net *.loggly.com *.plyr.io *.rdstation.com.br *.retargeter.com.br *.shopback.net *.shopconvert.com.br *.shoptarget.com.br *.voxus.tv api.ipify.org ckies.net https://ampcid.google.com.br https://analytics.tiktok.com/ https://api2.amplitude.com/2/httpapi https://app.securiti.ai https://app.splithero.com/api/sync https://bat.bing.com https://boards-api.greenhouse.io https://cdn-prod.securiti.ai https://cdn.linkedin.oribi.io https://cdn.privacytools.com.br https://dashboard.purplemetrics.com.br https://freegeoip.app https://noembed.com https://notify.bugsnag.com https://px.ads.linkedin.com https://s.yimg.com https://stats.g.doubleclick.net https://suportelinx.my.salesforce-scrt.com https://viacep.com.br https://www.googletagmanager.com wss://*.hotjar.com www.google-analytics.com; font-src 'self' data: *.gstatic.com script.hotjar.com https://use.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.ampproject.org *.bizographics.com *.cloudfront.net *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.novahaus.com.br *.omguk.com *.rawgit.com *.rdstation.com.br *.reclameaqui.com.br *.shopback.net *.shopconvert.com.br *.shoptarget.com.br *.tailtarget.com *.unpkg.com *.voxus.com.br *.w3-edge.com *.youtube.com *.ytimg.com https://analytics.tiktok.com https://app.splithero.com https://bat.bing.com https://cdn-prod.securiti.ai https://cdn.amplitude.com https://cdn.jsdelivr.net/gh/davidmz/apng-canvas@v2.0.0/build/apng-canvas.min.js https://cdn.jsdelivr.net/npm/@amplitude/amplitude-js-gtm@3.3.0/dist/index.js https://cdn.mouseflow.com https://cdn.privacytools.com.br https://dashboard.purplemetrics.com.br https://s.yimg.com https://suportelinx.my.site.com https://unpkg.com https://www.clarity.ms snap.licdn.com targeting.voxus.tv; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.shopback.net https://cdn-prod.securiti.ai https://dashboard.purplemetrics.com.br/widget/widget.css https://dashboard.purplemetrics.com.br/widget/styles.css https://cdn.privacytools.com.br/ https://suportelinx.my.site.com; img-src 'self' data: *.linx.com.br *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.com.br *.doubleclick.net *.gravatar.com *.w.org *.linkedin.com *.shopback.net *.adsymptotic.com cliente.linx.com.br *.adnxs.com smartbmc.com.br *.smartbmc.com.br *.googletagmanager.com https://frame-images.com https://www.gstatic.com https://bat.bing.com https://sp.analytics.yahoo.com https://*.tailtarget.com https://qr-code.ithemes.com https://*.purplemetrics.com.br/ https://c.clarity.ms/ https://c.bing.com/ https://cdn.privacytools.com.br/; default-src https: 4
frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 4
upgrade-insecure-requests; default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' 4
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src 'self' blob: data: https:; 4
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src *; 4
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self' https:; object-src 'none'; 4
object-src *; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'self' blob:; base-uri https: http: 4
frame-ancestors 'self' https://*.superoffice.com https://royalqueenseedssp.inone.useinsider.com 4
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors 'none'; 4
frame-ancestors media.kaufland.de media.kaufland.com wissen-kaufland.kcenter.usu.com kaufland.staffbase.com 'self' 4
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: ; 4
default-src https: 'unsafe-inline' 'unsafe-eval' data: 4
worker-src 'self' blob: 4
frame-ancestors none; 4
script-src 'unsafe-inline' 'unsafe-eval' http: https: 4
script-src 'self' 'unsafe-inline' 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.sanity.io www.youtube.com www.youtube-nocookie.com i.ytimg.com yt3.ggpht.com fonts.gstatic.com www.google-analytics.com www.googletagmanager.com www.gstatic.com stats.g.doubleclick.net www.google.co.uk static.hotjar.com static.ads-twitter.co mwww.facebook.com dc.ads.linkedin.com t.co vars.hotjar.com in.hotjar.com p.adsymptotic.com analytics.twitter.com cdn.jsdelivr.net d1a1ax4tcp3m3j.cloudfront.net dqm.crownpeak.com geolocation.onetrust.com cdn.baycloud.com static.ads-twitter.com connect.facebook.net snap.licdn.com staticcontents.investisdigital.com script.hotjar.com maps.googleapis.com sc.lfeeder.com netlify-cdp-loader.netlify.app cd-prod.wdesk.com www.googleadservices.com assets.adobedtm.com unilever.d3.sc.omtrdc.net acdn.adnxs.com js-agent.newrelic.com bam.nr-data.net insight.adsrvr.org cdn.cookielaw.org *.demdex.net cm.everesttech.net c.evidon.com 4
frame-ancestors 'self' https://*.bdo.global 4
default-src 'self' *.idrive.com *.idrivesync.com  https://graph.facebook.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.chatbot.com https://www.clarity.ms https://*.bing.com https://maxaccess-api.onlineada.workers.dev https://snap.licdn.com https://px.ads.linkedin.com https://cdn.jsdelivr.net https://js.zohocdn.com https://salesiq.zoho.com https://embed.tawk.to https://app.chatsupport.co https://*.zendesk.com https://static.zdassets.com https://tagmanager.google.com https://static.idriveonlinebackup.com https://js.hcaptcha.com https://*.facebook.com https://bmrsignal.idrivelite.com https://*.google.com https://apis.google.com https://accounts.google.com https://www.google-analytics.com https://*.criteo.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.criteo.net https://cdn.livechatinc.com https://gum.criteo.com https://sslwidget.criteo.com https://*.livechatinc.com https://ajax.googleapis.com https://html5shim.googlecode.com https://s.adroll.com https://a.adroll.com https://d.adroll.com https://www.google.com https://www.idrivedownloads.com http://ssl.p.jwpcdn.com https://www.youtube.com https://px.spiceworks.com https://connect.facebook.net https://5358683.fls.doubleclick.net https://platform.twitter.com https://www.googleadservices.com https://www.gstatic.com https://ssl.google-analytics.com https://code.jquery.com https://js.stripe.com https://www.googletagmanager.com https://api.maxaccess.io; img-src https://* 'self' data: blob: www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' https://embed.tawk.to https://css.zohocdn.com https://tagmanager.google.com https://static.idriveonlinebackup.com https://fonts.googleapis.com https://ssl.google-analytics.com https://code.jquery.com; font-src https://* https://fonts.gstatic.com data: ; object-src 'self' https://secure.livechatinc.com; frame-src https://* 'self' data: blob:; media-src https://* blob:; worker-src https://* blob:; connect-src wss: https://* blob:; frame-ancestors 'self'; 4
worker-src 'self'; 4
default-src 'self' http: https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 4
script-src 'self' 4
frame-ancestors 'self' https://webvisor.com http://webvisor.com; 4
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'self'; report-uri https://revalize.report-uri.com/r/t/csp/enforce 4
default-src https://faelix.net; img-src https://faelix.net https://faelix.net/static/ https://analytics.faelix.link https://platform.twitter.com https://syndication.twitter.com; script-src https://faelix.net/static/javascripts/ https://faelix.net/elasticlunr.min.js https://faelix.net/search_index.en.js https://analytics.faelix.link https://platform.twitter.com/widgets.js https://unpkg.com/website-carbon-badges@1.1.3/b.min.js 'unsafe-eval' 'unsafe-inline'; connect-src https://fulcrm.email/webform/1/5/faelix.net/website-enquiry/contact/person.name/person.email/email/8r7lurl0u31535mccf86l0r341l650f3 https://api.websitecarbon.com/b https://analytics.faelix.link; frame-src https://platform.twitter.com https://grafana.faelix.net https://youtu.be https://www.youtube.com; font-src https://faelix.net; style-src 'unsafe-inline' https://faelix.net/static/css/ https://faelix.net/static/main.css https://faelix.net/static/webfonts.css https://faelix.net/static/stylesheets/ https://faelix.net/static/iconoir/ 4
frame-ancestors 'self';upgrade-insecure-requests; 4
default-src https://assets.gameduell.de https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://gameduell.de https://gameduell.com https://gameduell.fr https://gameduell.nl https://gameduell.co.uk https://gameduell.se https://gameduell.dk https://gameduell.at https://gameduell.ca https://gameduell.es; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: asset: https://assets.gameduell.de *.google-analytics.com https://webchat.helpshift.com https://seal.digicert.com https://seal-goldengate.bbb.org https://connect.facebook.net https://www.redditstatic.com https://www.dwin1.com https://www.awin1.com https://*.micropayment.de https://*.checkout.com 'report-sample'; img-src 'self' data: blob: https://mein.gameduell.de https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es blob: https://assets.gameduell.de https://media.gameduell.de https://seal.digicert.com https://d2duuy9yo5pldo.cloudfront.net https://www.facebook.com https://alb.reddit.com https://www.awin1.com 'report-sample'; style-src 'self' blob: 'unsafe-inline' https://assets.gameduell.de https://seal-blue.bbb.org; object-src 'self' https://*.gameduell.de https://assets.gameduell.de; connect-src 'self' wss://*.gameduell.de wss://my.gameduell.com wss://mon.gameduell.fr wss://mijn.gameduell.nl wss://www.gameduell.de wss://www.gameduell.com wss://www.gameduell.fr wss://www.gameduell.nl wss://www.gameduell.co.uk wss://www.gameduell.se wss://www.gameduell.dk wss://www.gameduell.at wss://www.gameduell.ca wss://www.gameduell.es https://*.gameduell.de blob: https://assets.gameduell.de https://cdp.cloud.unity3d.com https://config.uca.cloud.unity3d.com https://perf-events.cloud.unity3d.com https://*.checkout.com https://*.boku.com; form-action 'self' https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es 'report-sample'; child-src 'self' blob: https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://assets.gameduell.de https://*.helpshift.com https://*.micropayment.de https://*.checkout.com https://*.boku.com; font-src 'self' data: blob: https://assets.gameduell.de https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://assets.gameduell.de https://*.helpshift.com https://www.awin1.com https://*.micropayment.de https://*.checkout.com https://*.boku.com https://orange.w-ha.com https://3dsecure-vrp.de; worker-src 'self' blob:; media-src 'self' data: blob: https://assets.gameduell.de; frame-ancestors 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://admintool.gameduell.de; base-uri 'self' https://assets.gameduell.de https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es; manifest-src blob: 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es; report-uri /gd/rest/jslog/csp 4
upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; object-src 'none'; base-uri 'none'; 4
default-src 'self' *.miraheze.org *.mirabeta.org *.wikitide.org *.wikitide.net;  script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.miraheze.org *.mirabeta.org *.wikitide.org *.wikitide.net *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com www.google.com apis.google.com platform.twitter.com wiki-assets.sumin.wiki cdnjs.cloudflare.com cdn.jsdelivr.net fastly.jsdelivr.net cdn.syndication.twimg.com openlayers.org www.gstatic.cn hcaptcha.com *.hcaptcha.com bandcamp.com;  style-src 'self' data: 'unsafe-inline' miraheze.org wikitide.org *.miraheze.org *.mirabeta.org *.wikitide.org *.wikitide.net *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com fonts.googleapis.com cdn.jsdelivr.net fastly.jsdelivr.net cdnjs.cloudflare.com platform.twitter.com ton.twimg.com hcaptcha.com *.hcaptcha.com;  img-src blob: 'self' data: miraheze.org wikitide.org *.miraheze.org *.mirabeta.org *.wikitide.org *.wikitide.net upload.wikimedia.org wikimedia.org maps.google.com www.gstatic.com maxcdn.bootstrapcdn.com *.twimg.com i.imgur.com image.tmdb.org *.googleusercontent.com *.fontawesome.com *.dropboxstatic.com *.redd.it *.redditmedia.com mirrors.creativecommons.org www.gnu.org live.staticflikr.com cdn.pixabay.com cdn.geogebra.org docs.blender.org *.imgbox.com tile.openstreetmap.org *.tile.openstreetmap.org cdn.discordapp.com na.llnet.sims3storee.cdn.ea.com *.fastly.net minotar.net db.onlinewebfonts.com openlayers.org discordapp.com imgbb.com postimages.org platform.twitter.com syndication.twitter.com img.newspapers.com cdn.smutstone.com storage.googleapis.com *.fbcdn.net i.ytimg.com *.imgbb.com simgbb.com *.simgbb.com ibb.co *.ibb.co *.postimages.org postimgs.org *.postimgs.org postimg.cc *.postimg.cc *.rbxcdn.com cms-imgp.jw-cdn.org;  font-src 'self' data: *.miraheze.org *.mirabeta.org *.wikitide.org *.wikitide.net fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net fastly.jsdelivr.net db.onlinewebfonts.com upload.wikimedia.org;  media-src 'self' blob: *.miraheze.org *.mirabeta.org *.wikitide.org *.wikitide.net upload.wikimedia.org embed.nicovideo.jp *.youtube.com *.youtube-nocookie.com player.twitch.tv clips.twitch.tv player.vimeo.com apis.google.com bandcamp.com;  frame-src 'self' *.miraheze.org *.mirabeta.org *.wikitide.org *.wikitide.net www.google.com docs.google.com apis.google.com web.libera.chat snap.berkeley.edu *.youtube-nocookie.com www.youtube.com player.twitch.tv platform.twitter.com discord.com discordapp.com embed.nicovideo.jp syndication.twitter.com open.spotify.com www.gofundme.com archive.org w.soundcloud.com query.wikidata.org player.vimeo.com www.bing.com lucid.app scratch.mit.edu hcaptcha.com *.hcaptcha.com bandcamp.com;  connect-src 'self' *.miraheze.org *.mirabeta.org *.wikitide.org *.wikitide.net www.wikidata.org *.wikipedia.org www.mediawiki.org *.wikimedia.org *.wikinews.org *.wiktionary.org cdn.jsdelivr.net storage.googleapis.com *.youtube-nocookie.com hcaptcha.com *.hcaptcha.com; 4
<options and value> 4
default-src 'self'; connect-src * data: 'unsafe-inline'; font-src *; frame-src *; img-src * blob: data: ; media-src *; object-src *; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; worker-src 'self' blob:; child-src blob:; 4
default-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https: data:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src *; media-src https: data: blob:; worker-src https: blob:; frame-src 'self' https: blob:; frame-ancestors 'self'; upgrade-insecure-requests 4
frame-ancestors 'self' *.deloitte.com; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: amazon-adsystem.com *.amazon-adsystem.com  paa-reporting-advertising.amazon *.paa-reporting-advertising.amazon *; frame-ancestors 'self' ekat.festool.de 4
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 4
default-src 'self' data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self'; frame-src https:; img-src data: https:; media-src https:; object-src 'none'; sandbox allow-downloads allow-forms allow-pointer-lock allow-presentation allow-same-origin allow-scripts allow-popups; 4
default-src https: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.qualtrics.com; script-src https: 'unsafe-inline' 'unsafe-eval' https://*.qualtrics.com; style-src https: 'unsafe-inline' https://*.qualtrics.com; img-src https: data: https://*.qualtrics.com; font-src data: https:; connect-src https: wss://*.hotjar.com https://*.qualtrics.com; media-src blob: https:; object-src https:; frame-src http: https: https://*.qualtrics.com; worker-src blob: https:; frame-ancestors 'self' https://isrvr.com http://isrvr.com https://iportal.ajginternational.com http://iportal.ajginternational.com https://share.penunderwriting.co.uk http://share.penunderwriting.co.uk https://internal.client.gallagherheath.local http://internal.client.gallagherheath.local https://my2.siteimprove.com; form-action 'self' https://analytics.clickdimensions.com *.clickdimensions.com https://www.payconnexion.com  https://*.qualtrics.com https://forms.hsforms.com/; upgrade-insecure-requests; block-all-mixed-content; manifest-src https: ;  4
default-src 'self' 'unsafe-inline' https://*.lt02.net https://*.tangiblee.com https://download-video.akamaized.net https://vod-progressive.akamaized.net https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.tiktok.com https://www.talkable.com https://pm.w55c.net https://*.marketingcloudapis.com https://*.smartgiftit.com https://*.listrak.com https://*.pulseidconnect.com https://*.fedex.com https://*.salesforce.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://account.demandware.com https://*.api.commercecloud.salesforce.com https://*.riskified.com https://player.vimeo.com https://*.cloudfront.net https://*.adyen.com https://*.cquotient.com https://cdn.builder.io https://*.yottaa.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://dev.movado.com https://id5-sync.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://cdn.cookielaw.org https://cdn-swell-assets.yotpo.com; connect-src 'self' https://pixels.spotify.com https://evnt.byspotify.com https://*.lt02.net https://*.tangiblee.com https://analytics.pangle-ads.com https://evt-eu.klarnaservices.com wss://*.inside-graph.com https://mvmt.7eer.net https://test.adyen.com/hpp/skipDetails wss://input.noibu.com https://www.facebook.com https://pubsub.googleapis.com https://*.noibu.com https://*.adyen.com https://www.talkable.com https://js.klarna.com https://api.cooladata.com https://*.inside-graph.com https://media.istockphoto.com https://*.appspot.com https://*.google.com.pk https://movado-item.smartgift-uat.net https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.smartgiftit.com https://*.tiktok.com https://*.marketingcloudapis.com https://*.fedex.com https://*.pulseidconnect.com https://*.salesforce.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://account.demandware.com https://*.api.commercecloud.salesforce.com https://google.com https://cdn.acsbapp.com https://*.riskified.com https://*.onetrust.com https://api.honeybadger.io https://*.joinclyde.com https://*.equalweb.com https://*.criteo.com https://*.eum-appdynamics.com https://*.luckyorange.com wss://visitors.live wss://*.visitors.live https://*.amazonaws.com https://trail.grin.co https://static-na.payments-amazon.com https://maps.googleapis.com https://*.amazon.com  https://*.doubleclick.net https://*.pinterest.com https://*.yotpo.com https://*.taboola.com https://*.quantcount.com https://s.yimg.com https://us-central1-adaptive-growth.cloudfunctions.net https://*.snapchat.com https://*.bing.com https://*.cloudfront.net https://*.google-analytics.com https://d1lu3pmaz2ilpx.cloudfront.net https://www.cloudflare.com https://cdn.cookielaw.org https://*.luckyorange.net https://*.cquotient.com https://*.builder.io https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.affirm.com https://*.yottaa.net https://*.listrakbi.com https://bl.listrakbi.com https://*.google.com https://google.com/pay https://evt-na.klarnaservices.com; img-src 'self' 'unsafe-inline' data: blob: https://*.lt02.net https://*.tangiblee.com https://*.facebook.com https://cfvod.kaltura.com https://beta.pulseidconnect.com https://dsp.adfarm1.adition.com https://movado.pulseidconnect.com https://c1.adform.net https://image8.pubmatic.com https://connect.facebook.net https://pixel.tapad.com https://sync.srv.stackadapt.com https://cdn-assets.affirm.com https://rtb.openx.net https://saas2.pulseidconnect.com https://id5-sync.com https://www.google.nl https://matching.ivitrack.com https://*.thebrighttag.com https://*.yieldlab.net https://cm.adform.net https://www.google.co.uk https://www.google.co.in https://prregcroab.icu https://tpcs.payu.in https://pixel-sync.sitescout.com https://prreqcroab.icu https://www.ojrq.net https://www.fossil.com https://sync-tm.everesttech.net https://ad.turn.com https://ws.rqtrk.eu https://live.rezync.com https://x.dlx.addthis.com https://adgen.socdm.com https://media.istockphoto.com https://sync.ipredictive.com https://api.brandbassador.com https://www.google.com.pk https://pm.w55c.net https://jelly.mdhv.io https://adx.dable.io https://www.talkable.com https://cdn.aralego.net https://bh.contextweb.com https://cs.adingo.jp https://idsync.rlcdn.com https://sync.aralego.com https://beacon.krxd.net https://*.ibytedtos.com https://*.amazonaws.com https://*.beamimpact.com https://*.smartgiftit.com https://match.prod.bidr.io https://public-prod-dspcookiematching.dmxleo.com https://www.googleadservices.com https://*.cooladata.com https://i6.liadm.com https://aa.agkn.com https://p.rfihub.com https://b1sync.zemanta.com https://sync.crwdcntrl.net https://d.turn.com https://tapestry.tapad.com https://criteo-partners.tremorhub.com https://ade.clmbtech.com https://ad.tpmn.co.kr https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://hb.yahoo.net https://tags.bluekai.com https://1f2e7.v.fwmrm.net https://match.adsrvr.org https://dpm.demdex.net https://secure.adnxs.com https://ib.adnxs.com https://s.ad.smaato.net https://match.sharethrough.com https://trends.revcontent.com https://simage2.pubmatic.com https://sync.outbrain.com https://jadserve.postrelease.com https://exchange.mediavine.com https://i.liadm.com https://ad.360yield.com https://ads.stickyadstv.com https://r.casalemedia.com https://*.criteo.com https://visitor.omnitagjs.com https://tg.socdm.com https://*.yahoo.com https://eb2.3lift.com https://criteo-sync.teads.tv https://*.taboola.com https://rtb-csync.smartadserver.com https://pixel.rubiconproject.com https://contextual.media.net https://partner.mediawallahscript.com https://x.bidswitch.net https://*.googleapis.com https://track.linksynergy.com https://*.cloudfront.net https://*.pinterest.com https://*.twitter.com https://t.co https://*.riskified.com https://*.gstatic.com https://*.payments-amazon.com  https://m.media-amazon.com https://pixel.quantserve.com https://www.google-analytics.com https://*.tiktok.com https://www.facebook.com https://*.quantcount.com https://www.google.com https://*.bing.com https://listen.audiohook.com https://cdn.cookielaw.org https://mediacdn.espssl.com https://logs-01.loggly.com https://www.googletagmanager.com https://*.cquotient.com https://*.yotpo.com https://cdn.builder.io https://*.shopify.com https://*.doubleclick.net https://*.listrakbi.com https://bl.listrakbi.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://pay.google.com https://id5-sync.com https://*.pointmediatracker.com https://*.inside-graph.com https://*.bidr.io https://*.imrworldwide.com; style-src 'self' 'unsafe-inline' https://*.lt02.net https://*.tangiblee.com https://*.beamimpact.com https://*.tiktok.com https://*.inside-graph.com https://*.listrakbi.com https://prreqcroab.icu https://*.googleapis.com https://*.cloudfront.net https://*.smartgiftit.com https://*.riskified.com https://*.typeform.com https://www.talkable.com https://code.jquery.com https://mediacdn.espssl.com https://*.bootstrapcdn.com https://*.klarnacdn.net https://*.yotpo.com  https://cdnjs.cloudflare.com https://*.typekit.net https://www.google.com https://*.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.cquotient.com https://us-sandbox-live.inside-graph.com; base-uri 'self'; form-action 'self' https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.lt02.net https://www.facebook.com https://*.adyen.com https://*.amazon.com https://*.paypal.com/; font-src 'self' data: https://cdn.builder.io https://x.klarnacdn.net https://*.espssl.com https://*.shopify.com https://*.yotpo.com https://cdn2.smartgiftit.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.gstatic.com  https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.typekit.net https://cdnjs.cloudflare.com; frame-src 'self' https://*.lt02.net https://*.tangiblee.com https://*.youtube.com https://www.talkable.com https://tsdtocl.com https://*.self-veri.com https://*.eshopworld.com  https://*.api.commercecloud.salesforce.com https://*.inside-graph.com https://*.typeform.com https://*.affirm.com https://tapestry.tapad.com https://criteo-partners.tremorhub.com https://ade.clmbtech.com https://ad.tpmn.co.kr https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://aa.agkn.com https://live.rezync.com https://sync.crwdcntrl.net https://*.yahoo.net https://tags.bluekai.com https://*.criteo.net https://*.joinclyde.com https://*.criteo.com https://*.appdynamics.com https://www.facebook.com https://www.surveymonkey.com https://*.pinterest.com https://platform.twitter.com https://*.snapchat.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.google.com https://*.doubleclick.net https://*.linksynergy.com https://*.listrak.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pixels.spotify.com https://pixel.byspotify.com https://*.lt02.net https://*.tangiblee.com https://js.klarna.com https://*.equalweb.com https://www.googleadservices.com https://*.igodigital.com https://secure.quantserve.com https://s.pinimg.com https://api.sb.joinclyde.com https://api.joinclyde.com https://dynamic.criteo.com https://*.cloudfront.net https://widget.us.criteo.com https://www.google.nl/pagead https://www.google.nl https://sslwidget.criteo.com https://rules.quantcount.com https://googleads.g.doubleclick.net https://bat.bing.com https://connect.facebook.net https://cdn.noibu.com https://*.tiktok.com https://cdn.appdynamics.com https://beacon.riskified.com https://ajax.googleapis.com https://cdn.cookielaw.org/scripttemplates https://www.google-analytics.com https://init.blackcrow.ai https://*.synchronycredit.com https://www.talkable.com https://pay.google.com https://*.appdynamics.com https://www.recaptcha.net https://*.affirm.com https://*.paypalobjects.com https://*.paypal.cn https://*.paypal.com https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.smartgiftit.com https://*.marketingcloudapis.com https://*.listrak.com https://*.pulseidconnect.com https://*.fedex.com https://*.salesforce.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://account.demandware.com https://*.api.commercecloud.salesforce.com https://*.riskified.com https://*.inside-graph.com https://embed.typeform.com https://*.yotpo.com https://d.impactradius-event.com https://*.listrakbi.com https://www.gstatic.com https://*.cquotient.com https://*.usablenet.com https://static-na.payments-amazon.com https://*.googleapis.com https://*.klarnaservices.com https://*.cloudflare.com https://www.google.com https://*.yottaa.com https://www.googleoptimize.com https://*.cookielaw.org https://*.movado.com https://*.googletagmanager.com https://*.oliviaburton.com https://*.concord.com https://*.concord.ch https://*.movadocompanystore.com https://*.collect.igodigital.com https://*.adyen.com https://*.mvmt.com https://*.klarna.com https://*.tangiblee.com;script-src-elem 'self' 'unsafe-inline' https://*.lt02.net https://*.tangiblee.com https://*.youtube.com https://cdnapisec.kaltura.com https://*.equalweb.com https://*.ibytedtos.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://conoret.com https://www.talkable.com https://static.ads-twitter.com https://*.googletagmanager.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.tiktok.com https://*.smartgiftit.com https://*.marketingcloudapis.com https://*.pulseidconnect.com https://*.fedex.com https://*.salesforce.com https://*.thomsonreuters.com https://account.demandware.com https://acsbapp.com https://*.riskified.com https://*.klarnaservices.com https://*.cooladata.com https://oliviaburton.usablenet.com https://*.inside-graph.com https://*.typeform.com https://*.criteo.com https://*.igodigital.com https://init.blackcrow.ai https://cdn.noibu.com https://*.usedrop.io https://widget.surveymonkey.com https://www.googleadservices.com https://*.adyen.com https://www.google-analytics.com https://*.quantcount.com https://*.snapchat.com https://*.taboola.com https://api.ipify.org https://*.twitter.com https://bat.bing.com https://s.pinimg.com https://sc-static.net https://connect.facebook.net https://s.yimg.com https://cdn.pdst.fm https://googleads.g.doubleclick.net https://secure.quantserve.com https://code.jquery.com https://api.sb.joinclyde.com https://api.joinclyde.com https://*.appdynamics.com https://movado.usablenet.com https://*.builder.io https://d.impactradius-event.com https://*.cloudfront.net https://*.rakuten.com https://*.affirm.com https://*.yotpo.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://www.gstatic.com https://cdn.cookielaw.org https://www.googleoptimize.com https://cdn.yottaa.com https://*.google.com https://*.googleapis.com https://static-na.payments-amazon.com https://mvmtwatches.usablenet.com https://*.cquotient.com https://*.listrakbi.com https://bl.listrakbi.com https://*.listrak.com https://*.typekit.net  https://*.linksynergy.com https://*.klarna.com https://*.tangiblee.com; style-src-elem 'self' 'unsafe-inline' https://*.lt02.net https://*.tangiblee.com https://*.inside-graph.com https://*.equalweb.com https://x.klarnacdn.net https://*.beamimpact.com https://*.riskified.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://embed.typeform.com https://www.talkable.com https://*.cloudfront.net https://us-sandbox-live.inside-graph.com https://*.yotpo.com https://maxcdn.bootstrapcdn.com https://mediacdn.espssl.com https://code.jquery.com https://fonts.googleapis.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.typekit.net  https://*.linksynergy.com https://*.cloudflare.com https://*.listrakbi.com https://bl.listrakbi.com https://*.smartgiftit.com https://*.tangiblee.com; report-uri https://test.adyen.com/hpp/skipDetails https://cdn.cookielaw.org/scripttemplates https://*.googleapis.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://cdn-swell-assets.yotpo.com; sandbox allow-forms allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox allow-modals allow-top-navigation allow-top-navigation-by-user-activation; frame-ancestors 'self' https://test.adyen.com/hpp/skipDetails https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.cookielaw.org https://*.googleapis.com https://*.yotpo.com; worker-src blob: 'self' https://*.lt02.net https://*.tangiblee.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch; 4
default-src 'self' https://*.abgemea.com https://fonts.googleapis.com https://use.fontawesome.com ws.sharethis.com unpkg.com https://maxcdn.bootstrapcdn.com dpm.demdex.net avisbudgetgroup.tt.omtrdc.net https://*.bing.com https://*.virtualearth.net; object-src *; img-src data: *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; connect-src *; font-src 'self' data: https://*.abgemea.com https://fonts.gstatic.com https://*.bing.com https://use.fontawesome.com https://*.virtualearth.net https://maxcdn.bootstrapcdn.com 4
frame-ancestors 'self' https://app.contentful.com; 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: legacy.questdiagnostics.com www.questdiagnostics.com *.scene7.com  tags.tiqcdn.com  www.googletagmanager.com www.youtube.com analytics.js *.google-analytics.com *.qualtrics.com img04.en25.com cdn.cookielaw.org maps.googleapis.com *.questdiagnostics.com *.demandbase.com js.hs-analytics.net secure.quantserve.com bs.serving-sys.com api.fouanalytics.com *.linkedin.com  *.licdn.com *.facebook.net *.facebook.com *.hotjar.com; connect-src 'self' *.scene7.com  target.questdiagnostics.com *.google-analytics.com stats.g.doubleclick.net *.qualtrics.com cdn.cookielaw.org *.onetrust.com maps.googleapis.com *.questdiagnostics.com dpm.demdex.net wss: directline.botframework.com api.company-target.com api.fouanalytics.com *.demandbase.com  *.linkedin.com  *.licdn.com *.facebook.net *.facebook.com *.hotjar.com; frame-ancestors 'self' *.questdiagnostics.com *.qdx.com 4
default-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.sprinklr.com 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bing.com https://*.fonts.net https://*.sprinklr.com; script-src 'self' 'unsafe-inline'  'unsafe-eval' https://storage.cloud.kargo.com *.invocacdn.com pnapi.invoca.net *.invoca.net https://*.recaptcha.net  *.bridgestonetire.com hub.firestonecompleteautocare.com *.doubleclick.net *.adobedtm.com *.google-analytics.com *.everestjs.net *.pinimg.com *.hotjar.com *.bing.com *.googleadservices.com *.xg4ken.com *.facebook.net *.doubleclick.com *.googletagmanager.com *.akamaihd.net *.marchex.io *.everesttech.net *.iperceptions.com *.powerreviews.com *.iovation.com *.iesnare.com *.googleapis.com *.virtualearth.net *.recaptcha.net *.gstatic.com *.jquery.com *.twitter.com *.ads-twitter.com https://assets.adobedtm.com/ https://www.google.com/recaptcha/ https://login.dotomi.com/ https://www.youtube.com/ https://*.cloudfront.net/ https://*.incontact.com/ https://*.dialogtech.com/ https://*.sprinklr.com/; img-src * data: blob: ; connect-src *; frame-src *; font-src 'self' https://*.fonts.net data: 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn01l.vaillant-group.com *.adalyser.com *.adform.com *.adform.net *.adroll.com *.bing.com *.consentmanager.net *.contactis.ua *.contentsquare.net *.criteo.com *.doubleclick.net *.g.doubleclick.net *.facebook.com *.facebook.net *.googleadservices.com *.googleapis.com *.google.com *.google.de *.gstatic.com *.hotjar.com *.ibm.com *.loyjoy.com *.optimizely.com *.outbrain.com *.pinterest.com *.presage.io *.serving-sys.com *.taboola.com *.youtube.com *.zenloop.com a.mgid.com acdn.adnxs.com c.seznam.cz c1.rfihub.net cdn.inis360.com cdn.oribi.io cdn-assets-prod.s3.amazonaws.com cloudrizon.formstack.com graph.facebook.com heizungonline.vaillant.de io.fusedeck.net mes-devis.saunierduval.fr mojklient.vaillant.pl offerte.bulex.be offer.vaillant.be offre.bulex.be optimizely.s3.amazonaws.com popup.campaign.playable.com preventivi.vaillant.it s.pinimg.com s.yimg.com snap.licdn.com static.ads-twitter.com static.cleverpush.com static.criteo.net tags.creativecdn.com toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de verkoopkansen.vaillant.nl widget.trustpilot.com www.clarity.ms www.google-analytics.com www.googletagmanager.com www.recaptcha.net www.instalxpert.be; connect-src 'self' ws: *.analytics.google.com *.clarity.ms *.contentsquare.net *.criteo.com *.doubleclick.net *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.hotjar.com *.hotjar.io *.linkedin.com *.loyjoy.com *.optimizely.com *.outbrain.com *.pinterest.com *.serving-sys.com *.taboola.com ams.creativecdn.com api.cleverpush.com capi.vaillant.es heizungonline.vaillant.de ib.adnxs.com mes-devis.saunierduval.fr mojklient.vaillant.pl offerte.bulex.be offre.bulex.be offer.vaillant.be preventivi.vaillant.it s.yimg.com toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de verkoopkansen.vaillant.nl; style-src 'self' 'unsafe-inline' *.zenloop.com cdn01l.vaillant-group.com cloudrizon.formstack.com heizungonline.vaillant.de toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de mes-devis.saunierduval.fr mojklient.vaillant.pl offerte.bulex.be offer.vaillant.be offre.bulex.be preventivi.vaillant.it toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud verkoopkansen.vaillant.nl www.googletagmanager.com www.instalxpert.be; img-src 'self' blob: data: *.adalyser.com *.adform.net *.adroll.com *.bidswitch.net *.bing.com *.clarity.ms *.consentmanager.net *.contentsquare.net *.doubleclick.net *.facebook.net *.facebook.com *.g.doubleclick.net *.google.de *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.loyjoy.com *.outbrain.com *.presage.io *.pubmatic.com *.taboola.com a.mgid.com a.twiago.com ad.360yield.com ad.yieldlab.net cdn01l.vaillant-group.com cdn.optimizely.com contextual.media.net criteo-partners.tremorhub.com criteo-sync.teads.tv e1.emxdgt.com eb2.3lift.com exchange.mediavine.com dis.criteo.com dpm.demdex.net dsum-sec.casalemedia.com gum.criteo.com hb.yahoo.net heizungonline.vaillant.de ib.adnxs.com id5-sync.com jadserve.postrelease.com match.sharethrough.com matching.ivitrack.com mes-devis.saunierduval.fr mkt.saunierduval.es mkt.vaillant.es mojklient.vaillant.pl toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de offerte.bulex.be offre.bulex.be offer.vaillant.be pixel.rubiconproject.com preventivi.vaillant.it rtb-csync.smartadserver.com r.casalemedia.com res.cloudinary.com server.seadform.net sp.analytics.yahoo.com static.cleverpush.com sync-criteo.ads.yieldmo.com us-u.openx.net ups.analytics.yahoo.com verkoopkansen.vaillant.nl visitor.omnitagjs.com; font-src 'self' data: *.loyjoy.com cdn01l.vaillant-group.com fonts.cdnfonts.com heizungonline.vaillant.de mes-devis.saunierduval.fr mojklient.vaillant.pl offerte.bulex.be offre.bulex.be offer.vaillant.be preventivi.vaillant.it script.hotjar.com toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de verkoopkansen.vaillant.nl; object-src 'none'; base-uri 'self'; form-action 'self' eshopspares.protherm.sk pontbevaltas.saunierduval.hu self-service.vaillant.de shop.vaillant.at http://sso.wigam.com sso.wigam.com https://sso.wigam.com:8016 http://www.columbusconnect.it *.columbusconnect.it *.officego.de *.plansoft-online.de *.saunierduval.es *.vaillant.es *.vaillant-group.com; frame-src 'self' *.adroll.com *.adform.net *.captivate.fm *.cdn.optimizely.com *.cdn-pci.optimizely.com *.consentmanager.net *.criteo.com *.doubleclick.net *.g.doubleclick.net *.google.com *.oplead.com *.pinterest.com *.rfihub.com *.saunierduval-piecedetachee.fr *.saunierduval.es *.vaillant-systeme.de *.vaillantkotle.cz *.vaillant.es *.vaillant.ua 27052801.hs-sites-eu1.com aides.saunierduval.fr ams.creativecdn.com apps.vaillantgroup.org bayi.demirdokum.net cat.vaillant.it cat.hermann-saunierduval.it cerpadla.protherm.cz cloud.at.vgmarketingcloud.com contotermicovaillant.vaillantgroup.it contotermicohsd.vaillantgroup.it customer.vaillant.com.tr epaper.paper2web.ch fiches-qce.saunierduval.fr foerdermittelsuche.betatool.de form.jotform.com forms.iframes-saunierduval.es forms.office.com gutschein.vaillant.de identity.vaillant-group.com iframe.vaillantbayiminternette.com iqg.vaillant.com kotle.protherm.cz mapapartnerov.protherm.sk marktraum.betatool.de mkt.saunierduval.es optimum.vaillant.at pompe-a-chaleur.saunierduval.fr portal.vaillant.ua powerfinder.vaillant.it powerfinder.hermann-saunierduval.it servicevaillant.wufoo.com servis.demirdokum.net servis.protherm.sk share-eu1.hsforms.com simulator.vaillant.com tarif-public.saunierduval.fr tools.vaillant.nl ucretsizkesif.demirdokum.com.tr urunler.demirdokum.com.tr vaillant.cleverpush.com vaillant.cyber-time.at vaillantclub.vaillant.com.tr vaillant-group.campaign.playable.com vaillant-systeme.de vf.r3f.technology widget.trustpilot.com wpcalc.vaillant.ch wwwvaillantbe.mycleverpush.com www.foerderdata.at www.foerdermittelauskunft.de www.kalkulator-vaillant.pl www.mepcontent.com www.recaptcha.net www.youtube.com; upgrade-insecure-requests; 4
object-src 'none'; base-uri 'self' 4
default-src 'self';font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com consent.trustarc.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com consent.trustarc.com *.google-analytics.com *.arkoselabs.com *.trustev.com mpsnare.iesnare.com https://ht.blackhawknetwork.com *.newrelic.com *.nr-data.net *.datadome.co *.captcha-delivery.com *.googletagmanager.com *.jquery.com *.cloudflare.com s3.amazonaws.com testing.conversionteam.com *.blackhawknetwork.com *.sardine.ai;script-src-attr 'unsafe-inline';connect-src 'self' *.trustarc.com *.trustev.com *.google-analytics.com wss://mpsnare.iesnare.com *.nr-data.net stats.g.doubleclick.net *.datadome.co *.blackhawknetwork.com *.sardine.ai;img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com data: s3.amazonaws.com testing.conversionteam.com *.blackhawknetwork.com;style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com www.googletagmanager.com;frame-src *;object-src 'none';media-src 'self' *.iesnare.com data:;frame-ancestors 'self' cardholder.jokercard.ca;base-uri 'self';form-action 'self';upgrade-insecure-requests 4
connect-src https: 'self'; img-src 'self' data: https://*; default-src blob: https: 'unsafe-inline' 'unsafe-eval' 4
block-all-mixed-content;upgrade-insecure-requests; 4
frame-ancestors 'self' https://familywatchdog.us https://*.familywatchdog.us ; 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.clarivate.com https://*.clarivate.com https://clarivate.com https://*.nr-data.net https://*.zi-scripts.com/ https://static.lightning.force.com https://*.clarity.ms https://*.salesforceliveagent.com https://analytics.decisionresourcesgroup.com https://analytics.twitter.com *.turtl.co https://app.gatedcontent.com https://app.icontact.com https://assets.vidyard.com https://assistant.woorank.com https://bam-cell.nr-data.net https://bat.bing.com https://cdn.bizible.com https://cdn.cookielaw.org https://cdn.jifo.co https://cdnjs.cloudflare.com https://clarivateanalytics.my.salesforce.com https://clarivateanalytics.my.site.com https://clarivatecommunities.force.com https://preview-clarivatecommunities.cs16.force.com https://img.en25.com/ https://code.jquery.com https://connect.facebook.net https://derwent.com https://dev.visualwebsiteoptimizer.com https://e.infogram.com https://embed.acast.com https://googleads.g.doubleclick.net https://img06.en25.com https://j.6sc.co https://js-agent.newrelic.com https://maps.googleapis.com https://maps.gstatic.com https://platform.twitter.com https://play.vidyard.com https://public.flourish.studio https://publons.com https://s786780033.t.eloqua.com https://s.infogram.com https://scholaroneideas.secure.force.com https://script.hotjar.com https://secure.eloqua.com https://snap.licdn.com https://static.addtoany.com https://static.ads-twitter.com *.criteo.net https://static.doubleclick.net https://static.hotjar.com https://unpkg.com https://widget.sndcdn.com https://www.3blmedia.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com *.criteo.com https://www.google-analytics.com  https://cdn.jsdelivr.net https://app.vwo.com https://*.googlesyndication.com https://*.zoominfo.com https://translate.google.com https://*.googleapis.com https://*.amcharts.com; frame-ancestors 'self' *.clarivate.com *.compumark.com *.compumark.cn 4
default-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com https://*.zdassets.com;  script-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com; connect-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com wss://*.zopim.com https://*.zdassets.com; upgrade-insecure-requests; report-uri /csp.cgi; 4
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 4
default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors 'self' 4
report-to default 4
frame-ancestors 'self' *.plentymarkets-cloud-ie.com *.my.plentysystems.com 4
frame-ancestors 'self' *.commercevision.biz *.commercevision.com.au 4
frame-ancestors 'self' https://app.socialscreen.com 4
frame-ancestors 'self'; base-uri 'self' 4
frame-ancestors 'self' http://webvisor.com https://webvisor.com https://metrika.yandex.ru http://metrika.yandex.ru 4
default-src 'self' data: http: https: ws: wss:; script-src 'unsafe-inline' 'unsafe-eval' http: https: ; style-src 'unsafe-inline' 'unsafe-eval' http: https:; 4
img-src * blob: data:;font-src * 4
frame-ancestors https://customer.educations.com 4
frame-ancestors 'self' https://uscreen.io https://*.uscreen.io https://www.uscreen.tv https://app.uscreen.tv/ 4
frame-ancestors 'self' *.hotmart.com *.buildstaging.com *.kpages.com.br *.klickpages.com.br sun.eduzz.com http://*.monetizze.com.br https://*.monetizze.com.br http://aporasal.net https://aporasal.net http://adf.ly https://adf.ly 4
default-src 'self' https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; script-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 4
upgrade-insecure-requests; frame-ancestors: self 4
frame-ancestors https://*.login.smartweb.test https://*.admin.shop-sftest.io https://*.webshop-admin.scannet.dk https://*.admin.hostedshop.io https://*.admin.hostedcms.io https://*.webshop.dandomain.dk 4
default-src https: ws: data: 'unsafe-inline' 'unsafe-eval'; 4
frame-ancestors 'self' https://gtranslate.io; 4
frame-ancestors 'self'   https://partner.tp-link.com https://partner-test.tp-link.com 3
default-src 'none' ; connect-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; manifest-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; media-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; script-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com 'unsafe-inline' 'unsafe-eval' ; font-src data:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; img-src data:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; style-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com 'unsafe-inline' ; object-src 'none' ; worker-src blob: ; child-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; frame-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; form-action  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; frame-ancestors 'self' https://html.duckduckgo.com; base-uri 'self' ; block-all-mixed-content ; 3
frame-ancestors nypost.com decider.com pagesix.com *.nypost.com *.decider.com *.pagesix.com; form-action 'self' *.nypdev.com nypost.com decider.com pagesix.com *.nypost.com *.decider.com *.pagesix.com 3
frame-ancestors 'self' https://onlinexperiences.com https://next.brella.io https://pheedloop.com https://gather.town https://datadog.docebosaas.com/ 3
frame-ancestors 'self' https://*.trontv.com https://rainberrytv.com; 3
frame-ancestors https://*.mongodb.com 3
frame-ancestors 'self' *.vice.com vicetv.com *.vicetv.com *.viceops.net 3
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com www.tjk-njk.com *.exoclick.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.xnxx.com/csp-reports; report-to csp-endpoint 3
frame-ancestors 'self' *.verizon.com *.verizonwireless.com *.vzwcorp.com; 3
base-uri 'self' analytics.c2comms.cloud; block-all-mixed-content; child-src 'self' blob: *.brightcove.com *.brightcove.net; connect-src 'self' *.force.com *.brightcove.com *.salesforce.com *.salesforceliveagent.com siemenscrm.my.salesforce-sites.com siemensint.my.salesforce-sites.com *.tt.omtrdc.net *.eu.auth0.com *.usercentrics.eu adservice.google.com adservice.google.com api.dc.siemens.com assets.new.siemens.com blob: cdn.cookielaw.org cdn.siemens-web.com *.c2comms.cloud cdn.siemens.com cdn.segment.com api.segment.io assets.new.siemens.com cognito-identity.eu-west-1.amazonaws.com data.cdn.siemens.com dataplane.rum.eu-west-1.amazonaws.com dc.oracleinfinity.io dev.api.dc.siemens.com edge.api.brightcove.com geolocation.onetrust.com *.brightcovecdn.com *.boltdns.net *.brightcove.net www.siemens.com *.ingest.sentry.io privacyportal-eu.onetrust.com profiles.siemens.com searchapi.new.siemens.com secure.brightcove.com siemens.demdex.net siemens.sc.omtrdc.net siemensdigitalindustries.nanorep.co sts.eu-west-1.amazonaws.com tools.adlytics.net uat.api.dc.siemens.com visitor-services.nanorep.com w3.siemens.com www.facebook.com www.google.com www.google.com *.brapps.siemens.cloud *.brappsqa.siemens.cloud mktdplp102cdn.azureedge.net 322e30018b7e4846825041773c891f42.svc.dynamics.com e070f2c1c4514ee2b79becebacc0f9b2.svc.dynamics.com *.virtualevent.siemens.com go.cuenect.de partnerinfo.siemens.at hitech.at www.siemens.at resource.finnchat.com api-fra.livechatinc.com ue2gfcryae.execute-api.eu-central-1.amazonaws.com sea-api.siemens.cloud sleeknotestaticcontent.sleeknote.com images.sleeknote.com dvt4t9p29wi8.cloudfront.net *.hotjar.com *.hotjar.io wss://*.hotjar.com www.hqs.sbt.siemens.com www.cdn.botfriendsx.com *.smooch.io wss://*.smooch.io d1p0l0wtisukf7.cloudfront.net author.new.siemens.com cdn.linkedin.oribi.io rs.eu1.fullstory.com cert-portal.siemens.com api.demandbase.com www.yousty.ch survey.adlytics.net ghsszvtech.execute-api.us-east-1.amazonaws.com participant.connect.us-east-1.amazonaws.com wss://tufsuyburufn.transport.connect.us-east-1.amazonaws.com gbs-emobility-chat.s3.us-east-1.amazonaws.com irpages2.eqs.com api.maze.co prompts.maze.co fairtouch.siemens.com cdn.fairtouch.siemens.com author.new.siemens.com community.siemens.com directline.botframework.com api.xcelerator.siemens.com api.marketplace.siemens.com public-apim.siemens.com reporting-hub.ryze-digital.de wss://directline.botframework.com *.adyen.com *.xcelerator.siemens.com px.ads.linkedin.com www.google.com adservice.google.com googleads.g.doubleclick.net payment.siemens.com *.execute-api.eu-west-1.amazonaws.com; default-src 'self' blob:; font-src 'self' cdn.siemens-web.com *.c2comms.cloud cdn.siemens.com cdn.segment.com api.segment.io assets.new.siemens.com data: tools.adlytics.net script.hotjar.com www.cdn.botfriendsx.com reporting-hub.ryze-digital.de; frame-ancestors 'self' *.c2comms.cloud contentpath.siemens.com mc.contentpath.siemens.com resources.dc.siemens.com siemensfactoryautomation.pathfactory.com myaccount.lingotek.com; frame-src 'self' *.force.com *.salesforce.com *.salesforceliveagent.com siemenscrm.my.salesforce-sites.com siemensint.my.salesforce-sites.com *.usercentrics.eu bid.g.doubleclick.net td.doubleclick.net cdn.siemens-web.com *.c2comms.cloud cdn.siemens.com cdn.segment.com api.segment.io assets.new.siemens.com jobs.siemens-info.com pages.siemens-info.com playout.3qsdn.com sites.siemens-info.com tpc.googlesyndication.com www.facebook.com 322e30018b7e4846825041773c891f42.svc.dynamics.com e070f2c1c4514ee2b79becebacc0f9b2.svc.dynamics.com secure-fra.livechatinc.com vars.hotjar.com *.c2comms.cloud *.siemens.com maestrobot.it-app.biz dvt4t9p29wi8.cloudfront.net *.adyen.com secure.ixopay.com; img-src 'self' *.boltdns.net *.siemens.com *.tt.omtrdc.net *.usercentrics.eu 825113843.privacysandbox.googleadservices.com ad.doubleclick.net adservice.google.com adservice.google.com android-webview-video-poster: blob: brightcove04pmdo-a.akamaihd.net cdn.cookielaw.org cdn.siemens-web.com *.c2comms.cloud cdn.siemens.com cdn.segment.com api.segment.io assets.new.siemens.com data: dc.ads.linkedin.com dc.oracleinfinity.io googleads.g.doubleclick.net *.brightcove.com *.brightcove.net px.ads.linkedin.com px4.ads.linkedin.com secure.adnxs.com siemens.mindsphere.io siemens.sc.omtrdc.net stats.adlytics.net t.co tr.outbrain.com trc.taboola.com www.facebook.com www.google.com www.google.com www.googletagmanager.com www.linkedin.com 322e30018b7e4846825041773c891f42.svc.dynamics.com e070f2c1c4514ee2b79becebacc0f9b2.svc.dynamics.com cdn.go.cuenect.net siemenscrm--c.vf.force.com siemenscrm.lightning.force.com siemenscrm.my.salesforce.com partnerinfo.siemens.at hitech.at baudoku.1000eyes.de cdn.livechatinc.com cdn.livechat-files.com analytics.sleeknote.com static.hotjar.com script.hotjar.com botbuilder.siemens.cloud *.smooch.io ib.adnxs.com maestrobot.it-app.biz www.blids.de analytics.twitter.com *.prescreen.io dvt4t9p29wi8.cloudfront.net reporting-hub.ryze-digital.de universe.send.microad.jp insight.adsrvr.org dq3yfnoirppqu.cloudfront.net *.adyen.com pixel.quantserve.com s.gravatar.com i1.wp.com; manifest-src 'self' *.c2comms.cloud; media-src 'self' *.brightcove.com assets.new.siemens.com blob: *.brightcovecdn.com *.boltdns.net *.brightcove.net dvt4t9p29wi8.cloudfront.net; object-src players.brightcove.net w3.siemens.com; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.force.com *.salesforce.com *.salesforceliveagent.com siemenscrm.my.salesforce-sites.com siemensint.my.salesforce-sites.com *.ste.dc.siemens.com *.usercentrics.eu ajax.googleapis.com analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org cdn.siemens-web.com *.c2comms.cloud cdn.siemens.com cdn.segment.com api.segment.io assets.new.siemens.com client.rum.us-east-1.amazonaws.com connect.facebook.net cookies.siemens.com d.oracleinfinity.io data.cdn.siemens.com dataplane.rum.eu-central-1.amazonaws.com geolocation.onetrust.com googleads.g.doubleclick.net img.en25.com jsd-widget.atlassian.com my.nanorep.com www.siemens.com *.brightcove.net *.brightcove.com profiles.siemens.com scripts.demandbase.com siemensdigitalindustries.nanorep.co snap.licdn.com static.ads-twitter.com tools.adlytics.net tpc.googlesyndication.com vjs.zencdn.net w3.siemens.com www.automation.siemens.com www.google.com www.google.com www.googleadservices.com www.googletagmanager.com mktdplp102cdn.azureedge.net wwwstage.siemens.com resource.finnchat.com cdn.livechatinc.com api.livechatinc.com api-fra.livechatinc.com secure-fra.livechatinc.com sleeknotecustomerscripts.sleeknote.com sleeknotestaticcontent.sleeknote.com static.hotjar.com script.hotjar.com botbuilder.siemens.cloud www.cdn.botfriendsx.com *.smooch.io 322e30018b7e4846825041773c891f42.svc.dynamics.com www.sfs.siemens.de anteilspreise.siemens.com *.virtualevent.siemens.com *.c2comms.cloud edge.eu1.fullstory.com snippet.maze.co reporting-hub.ryze-digital.de vi.ml314.com ml314.com secure.quantserve.com rules.quantcount.com payment.siemens.com secure.ixopay.com; style-src 'self' 'unsafe-inline' *.force.com *.salesforce.com *.salesforceliveagent.com siemenscrm.my.salesforce-sites.com siemensint.my.salesforce-sites.com *.usercentrics.eu cdn.siemens-web.com *.c2comms.cloud cdn.siemens.com cdn.segment.com api.segment.io assets.new.siemens.com www.siemens.com profiles.siemens.com tools.adlytics.net w3.siemens.com static.hotjar.com script.hotjar.com www.cdn.botfriendsx.com www.sfs.siemens.de anteilspreise.siemens.com reporting-hub.ryze-digital.de; upgrade-insecure-requests; worker-src 'self' 'unsafe-inline' blob:; report-uri https://w3.siemens.com/report?environment=siemenscom-prod&release=a379e95a; report-to commscloud 3
frame-ancestors http://*.ccf.org https://*.ccf.org https://clevelandclinic.ungerboeck.com https://*.clevelandclinic.org http://*.clevelandclinic.org 3
frame-ancestors 'self' *.ffxblue.com.au *.ffx.io *.smh.com.au *.theage.com.au *.brisbanetimes.com.au *.watoday.com.au *.cdn.ampproject.org *.platform.ink; upgrade-insecure-requests 3
frame-ancestors 'self' *.bazaarvoice.com 3
frame-ancestors 'self' https://*.nbcnews.com https://*.today.com https://*.msnbc.com https://*.telemundo.com https://*.nbcnewstools.net https://*.eonline.com https://*.cnbc.com 3
default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 3
frame-ancestors self https://*.wayfair.com https://*.wayfair.ca https://*.wayfair.co.uk https://*.wayfair.de https://*.wayfair.ie https://*.jossandmain.com https://*.allmodern.com https://*.birchlane.com https://*.perigold.com 3
frame-ancestors 'self' https://www.thomsonreuters.com 3
default-src 'self' http: https: 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.brighttalk.com *.pdst.fm *.doubleclick.net  *.google-analytics.com  *.bing.com  *.googleadservices.com  *.facebook.net  *.techtarget.com  *.demandbase.com *.googletagmanager.com munchkin.marketo.net *.cookielaw.org *.adroll.com *.licdn.com *.mxpnl.com *.chtbl.com *.invoca.net *.livehelpnow.net addsearch.com *.youtube.com *.vidyard.com *.hotjar.com *.driftt.com *.searchcdn.com *.salesforceliveagent.com *.force.com *.salesforce.com *.salesforce-sites.com *.google.com *.googleoptimize.com *.redditstatic.com *.jsdelivr.net unpkg.com *.highcharts.com *.zi-scripts.com 3
default-src 'self' p11.techlab-cdn.com;  worker-src 'self' blob:;  script-src 'self' 'unsafe-eval' 'unsafe-inline'     https://*.googleapis.com     https://*.gstatic.com     *.google.com     https://*.ggpht.com     *.googleusercontent.com     blob:     https://www.jsctool.com     https://jsctool.com     https://*.optimizely.com     https://secure.pay1.de     https://www.img-bahn.de     https://cms.static-bahn.de     https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com     https://hcaptcha.com     https://*.hcaptcha.com     https://*.bahn.de     https://*.bahn.com     https://app.crossengage.io     https://ucm-eu.verint-cdn.com     https://*.go-mpulse.net p11.techlab-cdn.com;  connect-src 'self'     https://*.googleapis.com     *.google.com     https://*.gstatic.com     data:     blob:     https://p11.techlab-cdn.com     https://www.jsctool.com     https://jsctool.com     https://assets.static-bahn.de     https://dmp.adform.net     https://siteintercept.qualtrics.com     https://logx.optimizely.com     https://*.optimizely.com     https://hcaptcha.com     https://*.hcaptcha.com     https://collect.tealiumiq.com     https://trk-api.crossengage.io     https://accounts.bahn.de     https://ucm-eu.verint-cdn.com     https://hoover-eu.verint-api.com     https://*.akstat.io     https://*.go-mpulse.net     wss://hoover-eu.verint-api.com p11.techlab-cdn.com;  frame-src 'self'     *.google.com     https://cms.static-bahn.de     https://secure.pay1.de     https://hcaptcha.com     https://*.hcaptcha.com     https://*.bahn.de     https://www.abo-bahn.de     https://db.novafind.eu     https://kundenkarte-db.mvv-muenchen.de     https://transport.novafind.eu     https://a791773171.cdn.optimizely.com/     https://nextalert-db.nexterite.eu     https://s-bahn-muenchen-live.de     https://garantien-formular.cs100.force.com     https://accounts.bahn.de     https://db-bordgastronomie.de     https://ersatzkarte-dbregiobusnord.de     https://dbaw.specials-bahn.de     https://anreiseservice.specials-bahn.de     https://analytics.geops.de     https://*.sbahnm.geops.de     https://fipo.deutschebahn.com     https://kdialog-garantie.cs174.force.com     https://regioforce.my.salesforce-sites.com     https://www.jugendticket-nds.de     https://ketchum.flyingspoon.de     https://a1.adform.net     https://dbstreckenagent.de     https://www.dbstreckenagent.de;  frame-ancestors 'self';  style-src 'self'     https://fonts.googleapis.com     https://www.jsctool.com     https://jsctool.com     https://hcaptcha.com     https://*.hcaptcha.com     'unsafe-inline';  font-src 'self' data: https://fonts.gstatic.com;  img-src 'self'     https://*.googleapis.com     https://*.gstatic.com     *.google.com     *.googleusercontent.com     https://www.awin1.com     https://partner-bahn.de     https://cm.g.doubleclick.net     https://fcmatch.google.com     https://fcmatch.youtube.com     https://dmp.adform.net     https://cdn.optimizely.com     https://*.qualtrics.com     https://assets.static-bahn.de     https://*.bahn.de     https://assets-ri.extranet.deutschebahn.com     https://cms.static-bahn.de     https://*.akstat.io     data:;  media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de; 3
child-src 'unsafe-inline' 'self' *.directnic.net *.livechatinc.com *.livechat.s3.amazonaws.com *.livechat-files.com *.paypal.com *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.g.doubleclick.net *.braintree.com *.hcaptcha.com; frame-ancestors 'self' directnic.net; 3
base-uri 'none';child-src *.youtube.com;connect-src 'self' https:;default-src 'self';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src vercel.live prismic.io *.prismic.io *.youtube.com *.twitter.com *.facebook.com *.google.com;img-src * data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' vercel.live *.google-analytics.com *.bing.com *.clarity.ms *.facebook.net *.googletagmanager.com *.helpscout.net prismic.io *.prismic.io www.google.com www.gstatic.com;style-src 'self' 'unsafe-inline';worker-src 'self'; 3
default-src 'none'; base-uri 'self'; child-src 'self'; connect-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.wistia.com *.wistia.net www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net embedwistia-a.akamaihd.net *.litix.io www.facebook.com *.ubembed.com hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.net *.hsforms.com *.marketo.com *.marketo.net *.mktoresp.com *.mktoutil.com *.emarsys.com *.onetrust.com *.cookielaw.org sentry.io *.sentry.io *.clickcease.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.mouseflow.com *.cdn.linkedin.oribi.io *.oribi.io app.clearbit.com *.visualwebsiteoptimizer.com *.ads.linkedin.com cdn.dreamdata.cloud tracking.g2crowd.com fclog.baidu.com; font-src 'self' data: *.kinstacdn.com *.slidesharecdn.com *.wistia.com *.wistia.net; form-action 'self' www.facebook.com *.hsforms.net *.hsforms.com; frame-ancestors 'self' *.covideo.com; frame-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.marketo.com *.marketo.net html5-player.libsyn.com bid.g.doubleclick.net www.facebook.com js.driftt.com *.ubembed.com *.googlesyndication.com *.hsforms.net *.hsforms.com *.slideshare.net *.wistia.com *.wistia.net *.on24.com *.emarsys.com *.vidmails.com *.covideo.com *.g2.com *.hotjar.com *.clearbitjs.com *.marketimpacttools.com *.doubleclick.net open.spotify.com *.adobe.com; img-src 'self' data: *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.wistia.com *.wistia.net *.gravatar.com www.googletagmanager.com www.google-analytics.com analytics.twitter.com *.px.ads.linkedin.com googleads.g.doubleclick.net *.linkedin.com www.facebook.com connect.facebook.net t.co embedwistia-a.akamaihd.net *.hsforms.net *.hsforms.com *.adsymptotic.com *.glasgowlive.co.uk s.w.org *.cookielaw.org *.hotjar.com *.clearbitjs.com *.visualwebsiteoptimizer.com cdn.filestackcontent.com; media-src 'self' blob: data: *.kinstacdn.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.driftqa.com *.driftt.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.marketo.com *.marketo.net *.ubembed.com *.wistia.com *.wistia.net googleads.g.doubleclick.net www.googleadservices.com tracking.g2crowd.com snap.licdn.com connect.facebook.net static.ads-twitter.com analytics.twitter.com js.driftt.com *.hsforms.net *.hsforms.com *.googlesyndication.com *.onetrust.com *.cookielaw.org sentry.io *.sentry.io *.on24.com *.clickcease.com *.hotjar.com *.clearbitjs.com tag.clearbitscripts.com *.mouseflow.com *.visualwebsiteoptimizer.com marketo.clearbit.com cdn.dreamdata.cloud reveal.clearbit.com *.adobe.com fxgate.baidu.com js.sentry-cdn.com; style-src 'self' 'unsafe-inline' *.kinstacdn.com *.marketo.com *.marketo.net  *.adobe.com; worker-src 'self' blob:; 3
upgrade-insecure-requests; default-src https: blob: wss: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob: data:;frame-src https: blob: data:; report-uri /cspreports 3
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 3
default-src 'self' consentcdn.cookiebot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: munchkin.marketo.net  *.mktoweb.com challenges.cloudflare.com bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com  bluebeam2--shareddev.sandbox.my.site.com *.vidyard.com *.bluebeam.com *.wpengine.com *.pardot.com www.google-analytics.com fonts.gstatic.com *.cookiebot.com www.googletagmanager.com *.visualwebsiteoptimizer.com connect.facebook.net googleads.g.doubleclick.net *.hotjar.net *.hotjar.com snap.licdn.com bat.bing.com s.yimg.com snap.licdn.com *.google.com bat.bing.com sp.analytics.yahoo.com px.ads.linkedin.com stats.g.doubleclick.net www.facebook.com p.adsymptotic.com cdn.linkedin.oribi.io www.youtube.com; connect-src 'self' *.mktoresp.com *.execute-api.us-east-1.amazonaws.com *.execute-api.eu-west-2.amazonaws.com *.execute-api.ap-southeast-2.amazonaws.com *.execute-api.eu-central-1.amazonaws.com *.execute-api.eu-north-1.amazonaws.com region1.analytics.google.com *.analytics.google.com bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com bluebeam2--shareddev.sandbox.my.site.com content.hotjar.io wss://ws.hotjar.com px.ads.linkedin.com pagead2.googlesyndication.com www.google-analytics.com stats.g.doubleclick.net vc.hotjar.io s.yimg.com *.hotjar.com *.cookiebot.com analytics.google.com *.visualwebsiteoptimizer.com yoast.com www.google.com cdn.linkedin.oribi.io googleads.g.doubleclick.net gw.linkedin.oribi.io ad.doubleclick.net www.facebook.com bat.bing.com www.googleapis.com; img-src 'self' data: imgsct.cookiebot.com www.google.co.uk www.google.nl www.google.no www.google.fr www.google.es www.google.dk www.google.se www.google.co.jp www.google.co.kr www.google.it www.google.fi www.google.be www.google.com.au *.vidyard.com *.visualwebsiteoptimizer.com sp.analytics.yahoo.com *.bing.com www.facebook.com px.ads.linkedin.com www.google.com p.adsymptotic.com secure.gravatar.com www.linkedin.com www.google-analytics.com gw.linkedin.oribi.io www.googletagmanager.com ad.doubleclick.net ps.w.org; style-src 'self' 'unsafe-inline' bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com bluebeam2--shareddev.sandbox.my.site.com *.bluebeam.com *.wpengine.com fonts.googleapis.com; base-uri 'self'; form-action 'self' *.bluebeam.com www.facebook.com *.my.salesforce.com *.salesforce.com; object-src data: 'unsafe-eval'; font-src 'self' *.bluebeam.com *.wpengine.com fonts.googleapis.com fonts.gstatic.com data: 'unsafe-eval'; media-src 'self' *.bluebeam.com *.wpengine.com *.cookiebot.com; frame-src 'self' challenges.cloudflare.com *.vidyard.com *.bluebeam.com *.cookiebot.com *.hotjar.com www.facebook.com www.youtube.com td.doubleclick.net 9747788.fls.doubleclick.net roicalbucket.s3-website-us-east-1.amazonaws.com roical.bluebeam-dev.com roical.bluebeam.com go.pardot.com; 3
default-src 'self'; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://www.google.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://consentcdn.cookiebot.com https://*.streamlock.net/ https://*.ingest.sentry.io https://*.zeturf.com https://*.zeturf.be https://maps.googleapis.com https://zz.connextra.com https://*.clarity.ms https://*.bing.com https://www.facebook.com; frame-src 'self' https://consentcdn.cookiebot.com/ https://vision.prod.thebetmakers.com/ https://api-vcs-awstbmtst002.mugbookie.com/ https://www.youtube.com/ https://www.googletagmanager.com/ https://td.doubleclick.net https://www.facebook.com; img-src 'self' https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.googletagmanager.com/ https://www.google.fr https://www.google.com https://cdnjs.cloudflare.com https://maps.gstatic.com https://maps.googleapis.com https://*.googleusercontent.com data: https://*.zeturf.com https://*.zeturf.be https://*.ytimg.com https://zz.connextra.com https://*.adnxs.com https://*.bidr.io https://www.facebook.com https://connect.facebook.net https://*.cookiebot.com https://*.clarity.ms https://*.bing.com https://www.paypalobjects.com; font-src 'self' https://cdnjs.cloudflare.com/ https://fonts.gstatic.com/ https://github.com https://*.zeturf.com https://*.zeturf.be; media-src 'self' https://*.streamlock.net/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.jsdelivr.net https://maps.googleapis.com https://*.cookiebot.com https://*.zeturf.com https://*.zeturf.be https://*.sentry-cdn.com https://connect.facebook.net https://static.ads-twitter.com https://zz.connextra.com https://*.clarity.ms; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/ https://*.zeturf.com https://*.zeturf.be 3
frame-ancestors 'self' https://frida.main.messefrankfurt.com/ 3
upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com  http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com *.miro.com cisco.techdatavendors.be *.service-now.com *.thousandeyes.com *.duo.com duo.com *.umbrella.com *.pricespider.com *.mapbox.com  cdnjs.cloudflare.com https://community.cisco.com/; 3
frame-ancestors 'self' https://*.refinitiv.com https://*.lseg.com; 3
add_header Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval'" always; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.rtx.com https://*.raytheon.com https://*.rtxapps.com blob: https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://*.crazyegg.com https://ipmeta.io https://*.licdn.com https://*.linkedin.com https://static.ads-twitter.com https://connect.facebook.net https://www.youtube.com https://www.googleadservices.com https://*.twimg.com https://*.twitter.com https://rockwellcollinsaerospace.us-7.evergage.com https://static.ctctcdn.com https://listgrowth.ctctcdn.com https://visitor2.constantcontact.com/api/v1/signup_forms/209bf8ea-ae37-4c00-b293-172a892f887b https://siteimproveanalytics.com https://googleads.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: data: https://cdn.evgnet.com/beacon/rockwellcollinsaerospace/development/scripts/evergage.min.js  https://cdn.evgnet.com/beacon/rockwellcollinsaerospace/production/scripts/evergage.min.js;          img-src 'self' https://*.rtx.com data: www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.linkedin.com https://p.adsymptotic.com https://*.licdn.com https://t.co https://www.facebook.com https://*.twimg.com https://*.twitter.com https://static.ctctcdn.com https://*.siteimproveanalytics.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://*.ggpht.com data:;            style-src 'self' 'unsafe-inline' https://*.rtx.com https://*.raytheon.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.licdn.com https://*.twitter.com https://*.twimg.com https://static.ctctcdn.com;            font-src 'self' https://*.rtx.com https://cdnjs.cloudflare.com https://fonts.gstatic.com;            frame-src 'self' https://app.prattwhitney.com https://*.twitter.com https://*.fls.doubleclick.net https://*.rtx.com https://*.youtube.com/ https://*.raytheon.com https://www.rockwellcollins.com https://*.salesforce.com *.google.com; upgrade-insecure-requests; block-all-mixed-content; worker-src blob: ; 3
frame-ancestors 'self' https://comscore.sharepoint.com https://*.skilljar.com https://*.basis.net; 3
frame-ancestors 'self' http://api.securedvisit.com http://track.securedvisit.com http://content.securedvisit.com http://images.securedvisit.com http://track.sv.rkdms.com *.loudcrowd.com *.lookaside.fbsbx.com 3
frame-ancestors https://*.marketo.com 3
frame-ancestors https://oa.sheincorp.cn https://activity-admin.biz.sheincorp.cn https://csp.sheincorp.cn https://sqs-admin.biz.sheincorp.cn https://sqs-admin.biz.sheinbackend.com https://sqs-admin-gray01.biz.sheinbackend.com https://sqs-admin-eur.biz.sheinbackend.com https://grey-sqs-admin.biz.sheincorp.cn https://sqs-admin-gray01-eur.biz.sheinbackend.com https://ccc.biz.sheincorp.cn https://ccc-store.biz.sheincorp.cn https://ccc-store.shein.com *.shein.com https://www.shein.com.hk https://www.shein.com.vn https://www.shein.com.mx https://www.shein.co.uk https://www.shein.tw https://www.shein.se https://co.shein.com https://www.shein.com.co 3
frame-ancestors 'self' https://nurture.solarwinds.com/ https://solarwinds.pathfactory.com/ https://orangematter.solarwinds.com/ https://thwack.solarwinds.com/ https://www.solarwinds.com/ https://try.solarwinds.com/ https://customerportal.solarwinds.com/ https://www.g2.com/ 3
frame-ancestors 'self' *.tournamentsoftware.com *.toernooi.nl 3
default-src * blob: data: http: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://reports.nameshield.net/ 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.etracker.com https://*.etracker.de https://*.jwpcdn.com https://customers.lmis.de http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de https://live.flyp.tv; style-src 'self' 'unsafe-inline' https://*.etracker.de https://*.jwpcdn.com http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; img-src 'self' data: https://sg.geodatenzentrum.de https://jwpltx.com http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de https://*.flockler.com https://*.twimg.com; connect-src 'self' https://*.etracker.com https://*.etracker.de https://sg.geodatenzentrum.de https://*.jwpcdn.com http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; font-src 'self' data: https://*.jwpcdn.com; object-src 'self'; media-src 'self' https://*.streamfarm.net http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de https://*.flockler.com https://*.twimg.com; form-action 'self'; frame-src 'self' https://*.twitter.com https://vimeo.com https://player.vimeo.com https://customers.lmis.de https://vdi.p5.easire.com https://bmwi-batteriezellfertigung.interactive-scape.com https://de.digital https://preview-kaenef.bmwk.de https://live.flyp.tv; frame-ancestors 'self' http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; 3
frame-ancestor https://admin.theworld.org https://*-the-world.pantheonsite.io; 3
frame-ancestors https://*.publons.com:* http://*.publons.com:* https://publons.com:* https://cortellis.com:* https://*.cortellis.com:* http://*.cortellis.com:* https://cortellis.cn:* https://*.cortellis.cn:* http://*.cortellis.cn:* https://*.clarivate.com:* http://*.clarivate.com:* https://*.dev-wos.com:* http://*.dev-wos.com:* https://*.endnote.com:* http://*.endnote.com:* https://*.myendnoteweb.com:* http://*.myendnoteweb.com:* https://myendnoteweb.com:* https://*.dev-cortellis.com:* http://*.dev-cortellis.com:* https://*.ezproxy.auckland.ac.nz:* http://*.ezproxy.auckland.ac.nz:* http://*.dev.oneplatform.build:* https://*.dev.oneplatform.build:* https://*.cptest.idm.oclc.org:* https://*.idm.oclc.org:* https://*.libproxy.albany.edu:* https://*.twu.edu:* http://*.dev-cortellis.cn:* https://*.dev-cortellis.cn:* http://webofscience.com:* https://webofscience.com:* http://*.webofscience.com:* https://*.webofscience.com:* https://*.proxy.lnu.se:* https://*.ub.oru.se:* https://*.griffith.edu.au:* https://*.uexternado.edu.co:* http://*.s3-website-us-west-2.amazonaws.com:* https://*.s3-website-us-west-2.amazonaws.com:* https://*.msu.edu:* https://*.library.nova.edu:* https://*.dev-scholarone.com:* https://*.clarivate.cn:* https://*.dev-incites.com:* https://*.targetsafety.info:* https://*.gethealthbase.com:* https://*.clarivate.net:* http://*.library.vanderbilt.edu:* https://*.library.vanderbilt.edu:* https://*.dev-innovation.com:* https://*.derwentinnovation.com:*; sandbox allow-top-navigation allow-same-origin allow-scripts allow-popups allow-forms 3
frame-ancestors 'self' *.jivosite.com *.jivosite.com/ *.webim.ru *.webim.ru/ bam.nr-data.net/ metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.webvisor.com http://*.webvisor.com http://webvisor.com https://*.webvisor.com http://webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net; form-action 'self' *.timeweb.ru *.timeweb.com *.timeweb.net timeweb.com timeweb.ru timeweb.net http://timeweb.com/; default-src 'self' 'unsafe-inline' 'unsafe-eval' www.1c-bitrix.ru gw.timeweb.com https://smartcaptcha.yandexcloud.net smartcaptcha.yandexcloud.net https://cdn.mxpnl.com cdn.mxpnl.com *.jivo.ru *.jivosite.com *.jivosite.com/ *.webim.ru *.webim.ru/ *.timeweb.net *.timeweb.ru timeweb.eu vds-static.timeweb.com cloud.timeweb.com timeweb.cloud public-api.timeweb.com content.timeweb.com api.craftum.com api-v2.craftum.com *.yandex.ru yandex.ru wss://*.timeweb.ru wss://*.timeweb.net www.googletagmanager.com www.google-analytics.com disutgh7q0ncc.cloudfront.net eligibility.wootric.com wootric-eligibility.herokuapp.com facebook.com connect.facebook.net *.facebook.com mc.yandex.md mc.yandex.ru *.livetex.ru *.livetex.me stats.g.doubleclick.net *.google.com *.google.ru *.sendpulse.com data: vk.com *.vk.com dadata.ru *.dadata.ru *.hostings.info *.hosters.ru bitrix.info static.criteo.net *.push.world *.gstatic.com recreativ.ru sslwidget.criteo.com *.googleapis.com *.webpushs.com i.imgur.com ipic.su *.sendpulse.com www.youtube.com s.tmimgcdn.com cdn.jsdelivr.net mc.webvisor.org https://*.getsitecontrol.com yastatic.net *.witstroom.com metrika.yandex.ru *.yandex.tld *.yandex.net myreviews.dev https://myreviews.dev webvisor.com *.witstroom.com:8080 https://checks.botfaqtor.ru *.giphy.com *.giphy.com/ *.jivosite.com *.jivosite.com/ *.webim.ru *.webim.ru/ wss://*.jivosite.com https://www.googleoptimize.com/ blob: timeweb.com content.saas-support.com cdn.envybox.io whitesaas.com https://directus-twtech.timeweb.net https://api-qa.timeweb.ru 3
frame-ancestors 'self' *.3sharecorp.com https://corpextdev.b2clogin.com https://corpsso.b2clogin.com https://staging.comfortsite.com https://nva-av-tkweb1pr https://igrawsndc012r:10446 https://elibrary.tranetechnologies.com/ 3
frame-ancestors 'self' https://www.caracoltvcorporativo.com https://www.ailnews.tv https://titanes.noticias.caracoltv.com https://www.caracoltv.com https://www.noticiascaracol.com https://www.premiomedioambiente.caracoltv.com https://play.caracoltv.com https://www.caracolinternacional.com https://lakalle.bluradio.com https://www.bluradio.com https://hjck.com https://www.shock.co  https://*.caracolnext.com 3
font-src 'self' data: *.kornferry.com *.kfadvance.com *.fontawesome.com *.typography.com *.hotjar.com *.hotjar.io *.hotjar.io *.juicer.io;, frame-ancestors 'self' data: *.kornferry.com *.kfadvance.com; 3
frame-ancestors 'self' *.kaskus.co.id *.kaskus.id 3
frame-ancestors 'self' *.model-t.cc.commerce.ondemand.com *.devleaseweb.com *.leaseweb.com 3
frame-src 'self'  https://*.zf.com https://*.dynamics.com/ https://embed.neospace.io/ https://app.powerbi.com https://684e6358a25146d7b2463db408d33a1e.svc.dynamics.com https://maps.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.instagram.com https://*.twitter.com; child-src 'self'  https://*.youtube.com https://*.youtube-nocookie.com https://*.instagram.com https://*.twitter.com ; worker-src blob: https://*.zf.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.dynamics.com/ https://*.microsoft.com https://*.azureedge.net https://cdnapi.kaltura.com https://api.de.kaltura.com https://cdnapisec.kaltura.com https://*.zf.com https://skk.erecruiter.pl https://mktdplp102cdn.azureedge.net/public/latest/js/form-loader.js https://vjs.zencdn.net https://cdn.syndication.twimg.com https://cdn.cookielaw.org https://*.twitter.com https://*.facebook.net https://*.piwik.pro https://maps.googleapis.com https://dqm.crownpeak.com; frame-ancestors 'self' https://*.zf.com https://araiv.com https://www.zffcn.com https://zf-lifetec.com https://*.dynamics.com/ https://*.microsoft.com https://*.azureedge.net https://*.crownpeak.com; 3
frame-ancestors dev.mwcbarcelona.com www.mwcbarcelona.com mwcbarcelona.com dev.mwc-africa.com www.mwc-africa.com mwc-africa.com dev.mwclasvegas.com www.mwclasvegas.com mwclasvegas.com dev.gsmaevents.com www.gsmaevents.com staging.gsmaevents.com gsmaevents.com gsma.force.com gsma.my.site.com 3
default-src * data: 'unsafe-eval' 'unsafe-inline' blob: 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.verbraucherzentrale.de cdn.jsdelivr.net player.podigee-cdn.net cdn.syndication.twimg.com platform.twitter.com syndication.twitter.com verbraucherzentrale-sachsen.cloud.purpleview.de https://www.verbraucherzentrale.de/ https://www.verbraucherzentrale.nrw/core/modules/ckeditor/ https://vimeo.com/ https://podcast-player.audiocon.de/  https://secure.spendenbank.de https://www.audiocon.de/ https://lebensmittel-reise.de/foodmap/ https://www.googletagmanager.com https://gemeinschaftsredaktion.de https://www.googleadservices.com https://googleads.g.doubleclick.net https://api.kns.codiac.de https://player.podigee-cdn.net/podcast-player https://cdn.podigee.com https://cdnjs.cloudflare.com https://code.highcharts.com https://cdn.podlove.org https://verbraucherzentrale.bryter.io https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://static.newsletter2go.com/ https://cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://app.bryter.io https://heizsystemvergleich.vz-nrw.de https://maps.googleapis.com https://www.helpmundo.de https://www.helpdirect.org https://rdr.kns.codiac.de https://empathy-portal.de/ https://matomo.verbraucherzentrale.de/ https://unpkg.com; script-src-elem 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'unsafe-eval' *; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://secure.spendenbank.de https://matomo.verbraucherzentrale.de ton.twimg.com platform.twitter.com syndication.twitter.com https://cdn.podigee.com/ https://player.podigee-cdn.net/ https://fonts.googleapis.com/ https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.podlove.org https://rdr.kns.codiac.de https://www.verbraucherzentrale.nrw https://unpkg.com ; frame-ancestors 'self' *.verbraucherzentrale.de verbraucherzentrale.de vznrw-piwik.init-ag.de cdn.jsdelivr.net gemeinschaftsredaktion.de *.gemeinschaftsredaktion.de vzbv.de www.vzbv.de test.vzbv.de www.fakeshoperkennung.de www.fake-shop-erkennung.de www.verbraucherzentrale-niedersachsen.de www.verbraucherzentrale-niedersachsen.de; object-src 'self' cdn.jsdelivr.net  *.verbraucherzentrale.de; 3
default-src 'self' data: ; child-src 'self' blob: ; img-src * data: blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://remote.captcha.com https://hcaptcha.com https://*.hcaptcha.com blob: ; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com ; base-uri 'none' ; font-src 'self' data: ; form-action 'self' ; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com blob: ; frame-ancestors 'self' ; connect-src 'self' https://xmpp.contactoffice.com https://hcaptcha.com https://*.hcaptcha.com https://blockchain.info https://api.coinlayer.com https://api.friendlycaptcha.com ; 3
frame-ancestors 'self' https://*.ziggo.nl https://*.vodafone.nl https://*.vfz-services.nl https://*.prod.aws.ziggo.io https://*.acc.aws.ziggo.io https://*.dev.aws.ziggo.io https://*.hollandsnieuwe.nl https://vodafoneziggo.portal.mobilewater.nl; 3
connect-src 'self' registry.tierra.net:8443 wss://registry.tierra.net:8443 *.tierra.net *.zdassets.com *.zendesk.com api.smooch.io wss://*.smooch.io *.sentry.io; default-src 'none'; font-src 'self' static.tierra.net maxcdn.bootstrapcdn.com use.fontawesome.com use.typekit.net; frame-src 'self' www.youtube.com player.vimeo.com static.tierra.net; img-src 'self' *.tierra.net secure.gravatar.com *.wp.com *.amazonaws.com *.zendesk.com *.zdassets.com data:; media-src; object-src *.tierra.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' static.tierra.net ajax.googleapis.com www.googletagmanager.com maxcdn.bootstrapcdn.com use.fontawesome.com *.zdassets.com *.zendesk.com api.smooch.io *.clearhello.com; style-src 'self' 'unsafe-inline' static.tierra.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com use.fontawesome.com *.typekit.net; upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; report-uri /special/report/csp; report-to default 3
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; 3
frame-ancestors 'self' *.thalesgroup.com; report-uri https://cpl.thalesgroup.com/report-uri/enforce 3
default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 3
frame-ancestors 'self' *.backushospital.org  *.charlottehungerford.org  *.ctorthoinstitute.org  *.ctorthomidstate.org  *.ctorthostvincents.org  *.hartfordhealthcare.org  *.hartfordhealthcare.org  *.hartfordhealthcareathome.org  *.hartfordhealthcaremedicalgroup.org  *.hartfordhealthcarerehabnetwork.org  *.hartfordhospital.org  *.hartfordhospital.org  *.hhcandme.com  *.hhcbehavioralhealth.org  *.hhcconnect.com  *.hhcconnect.net  *.hhcconnect.org  *.hhchealth.com  *.hhchealth.net  *.hhchealth.org  *.hhcseniorservices.org  *.hhcsystem.org  *.instituteofliving.org  *.integratedcarepartners.org  *.midstatemedical.org  mychartplus.org *.mychartplus.org  *.natchaug.org  *.rushford.org  *.stvincents.org  *.thocc.org 3
default-src 'self' https://zendesk-eu.my.sentry.io https://sdk.twilio.com https://eventgw.twilio.com wss://nequi.zendesk.com wss://voice-js.roaming.twilio.com https://ajax.googleapis.com wss://api.smooch.io https://sdk.twilio.com https://zendesk-eu.my.sentry.io https://media.smooch.io https://api.smooch.io https://nequi.zendesk.com/ https://ekr.zendesk.com https://ekr.zdassets.com https://static.zdassets.com 'unsafe-inline' *.website-files.com cdn.jsdelivr.net https://ajax.googleapis.com fonts.googleapis.com blob:; script-src-elem 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com https://analytics.tiktok.com/ https://ajax.googleapis.com https://www.googletagservices.com/ https://securepubads.g.doubleclick.net/ http://127.0.0.1:5500/ https://us1.clevertap-prod.com/ https://static.elfsight.com/platform/platform.js https://cdn.jsdelivr.net/ https://static.ads-twitter.com https://tpc.googlesyndication.com https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://snap.licdn.com https://connect.facebook.net https://s.yimg.com https://www.google.com https://www.gstatic.com/ https://*.cloudfront.net/ https://*.website-files.com/ https://*.zdassets.com/ https://www.googletagmanager.com/; connect-src https://analytics.tiktok.com/ https://px.ads.linkedin.com 'self' https://widget-mediator.zopim.com https://zendesk-eu.my.sentry.io wss://voice-js.roaming.twilio.com wss://api.smooch.io https://sdk.twilio.com https://media.smooch.io https://api.smooch.io https://ekr.zendesk.com *.visualwebsiteoptimizer.com app.vwo.com https://securepubads.g.doubleclick.net/ https://nequi-colombia.webflow.io/ https://raw.githubusercontent.com https://ad.doubleclick.net/ https://cdn.linkedin.oribi.io/ https://analytics.google.com https://*.nequi.com.co https://webflow-user-file-uploads-tmp-production.s3.amazonaws.com/ https://webflow.com/ https://s.yimg.com https://stats.g.doubleclick.net https://ekr.zdassets.com/ https://www.google-analytics.com https://nequi.zendesk.com/ https://zendesk-eu.my.sentry.io wss://widget-mediator.zopim.com; media-src https://cdn.prod.website-files.com cdn.prod.website-files.com/ https://cdn.prod.website-files.com cdn.prod.website-files.com assets-global.website-files.com/ https://static.zdassets.com; font-src https://assets.website-files.com https://fonts.gstatic.com data:; frame-src https://www.facebook.com/ https://www.googletagmanager.com https://heyzine.com/ https://geo-nequi.puntored.co/ https://public.transacciones.com.co/ app.vwo.com *.visualwebsiteoptimizer.com https://cdn.embedly.com/ https://w.soundcloud.com/ https://accounts.google.com/ https://drive.google.com/ https://www.youtube.com/ https://www.instagram.com/ https://status.nequi.com.co/ https://www.google.com/ https://tpc.googlesyndication.com/ https://*.doubleclick.net/; img-src https://d3e54v103j8qbb.cloudfront.net/ https://cdn.prod.website-files.com cdn.prod.website-files.com/ https://ad.doubleclick.net 'self' https://widget-mediator.zopim.com https://v2assets.zopim.io https://nequi.zendesk.com https://static.zdassets.com https://*.zdusercontent.com https://media.smooch.io https://accounts.zendesk.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://pagead2.googlesyndication.com/ https://tpc.googlesyndication.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.facebook.com https://sp.analytics.yahoo.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://www.google-analytics.com https://cdn.prod.website-files.com cdn.prod.website-files.com assets-global.website-files.com https://www.google.com https://analytics.twitter.com https://t.co https://www.google.com.co 3
frame-ancestors 'self' https://*.beyondtrust.com https://beyondtrust.com https://*.entitle.io; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.btdevops.io https://*.wistia.com; object-src 'self'; 3
frame-ancestors 'self' https://es.chevrolet.com 3
upgrade-insecure-requests; frame-ancestors 'none'; object-src 'none' 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.everbridge.com https://*.everbridge.net https://*.g2crowd.com https://*.site.com https://*.salesforce-sites.com https://cdn.cookielaw.org https://*.onetrust.com https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.adsymptotic.com https://bestinenterpriseresilience.com https://*.bestinenterpriseresilience.com https://secure.adnxs.com https://*.cookiebot.com https://*.addtoany.com https://*.google.com https://www.googleanalytics.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googlesyndication.com https://www.googleadservices.com https://www.googleoptimize.com https://optimize.google.com https://*.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com https://*.hotjar.com https://*.hotjar.io https://www.g2.com  https://*.linkedin.com https://snap.licdn.com https://*.marketo.net https://*.marketwire.com https://*.marketo.com https://*.mktoresp.com https://*.mktoutil.com https://analytics.twitter.com https://static.ads-twitter.com https://*.driftt.com https://*.hotjar.com https://*.6sense.com https://*.6sc.co https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://www.comparably.com https://*.itcentralstation.com https://www.peerspot.com https://cdn.amcharts.com https://*.gravatar.com https://*.cdninstagram.com https://*.instagram.com https://player.simplecast.com https://*.vimeo.com https://vpn.seminolecountyfl.gov/ https://*.youtube.com https://*.ytimg.com https://*.zoominfo.com https://t.co/i/adsct https://*.gstatic.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://cdn.linkedin.oribi.io https://bat.bing.com https://c.bing.com https://*.clarity.ms https://*.adsrvr.org https://script.googleusercontent.com https://*.ziftsolutions.com https://*.ziftmarcom.com https://*.ziftone.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; media-src 'self' https://js.driftt.com; object-src 'self' https://*.everbridge.com;  style-src 'self' 'unsafe-inline' https://*.everbridge.com https://*.site.com https://*.force.com https://*.salesforce-sites.com https://fonts.googleapis.com https://fonts.googleapis.com https://translate.googleapis.com https://www.googleoptimize.com https://www.googletagmanager.com https://tagmanager.google.com https://optimize.google.com https://www.google-analytics.com https://static.addtoany.com https://*.marketo.com https://*.ziftsolutions.com;  3
frame-ancestors https://www.check24.de/ https://finanzen.check24.de/ 'self' 3
frame-ancestors 'self' https://keepersecurity.com https://keepersecurity.eu https://keepersecurity.com.au https://keepersecurity.jp https://keepersecurity.ca; 3
default-src 'self' 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bing.com *.firestonecompleteautocare.com; script-src 'self' 'unsafe-inline'  'unsafe-eval' *.firestonecompleteautocare.com *.tiktok.com *.doubleclick.net *.adobedtm.com *.google-analytics.com *.everestjs.net *.pinimg.com *.hotjar.io *.hotjar.com *.bing.com *.googleadservices.com *.xg4ken.com *.facebook.net *.doubleclick.com *.googletagmanager.com *.akamaihd.net *.marchex.io *.everesttech.net *.iperceptions.com *.powerreviews.com *.iovation.com *.iesnare.com *.googleapis.com *.virtualearth.net *.recaptcha.net *.gstatic.com *.adroll.com; img-src * data: blob: ; connect-src *; frame-src *; font-src 'self' data: 3
default-src 'self' easy.gr *.easy.gr *.cookiebot.com *.tawk.to *.paypal.com googleads.g.doubleclick.net stats.g.doubleclick.net *.google.com *.youtube.com;script-src 'self' *.paypal.com *.paypalobjects.com *.braintreegateway.com easy.gr *.easy.gr *.youtube.com  'unsafe-inline' https://pagead2.googlesyndication.com 'unsafe-eval' *.googleusercontent.com *.gstatic.com tippedjs.com fancyapps.com ajax.googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to cdn.jsdelivr.net *.facebook.com *.facebook.net *.cookiebot.com *.doubleclick.net *.google.com googleads.g.doubleclick.net stats.g.doubleclick.net *.googlesyndication.com *.google.com *.google.gr *.youtube.com *.unpkg.com ;style-src 'self' easy.gr *.easy.gr 'unsafe-inline' ajax.googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to fonts.googleapis.com cdn.jsdelivr.net *.facebook.com *.facebook.net *.cookiebot.com *.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net;img-src 'self' data: easy.gr *.easy.gr 'unsafe-inline' https://quickchart.io  ajax.googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to cdn.jsdelivr.net tawk.link s3.amazonaws.com *.facebook.com *.facebook.net *.cookiebot.com *.doubleclick.net *.google.com cdn.jsdelivr.net *.google.gr *.google.nl *.paypalobjects.com *.paypal.com googleads.g.doubleclick.net stats.g.doubleclick.net *.googlesyndication.com ;font-src 'self' easy.gr *.easy.gr 'unsafe-inline' ajax.googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to fonts.gstatic.com *.facebook.com *.facebook.net *.cookiebot.com *.paypalobjects.com stats.g.doubleclick.net ;connect-src 'self' easy.gr *.easy.gr 'unsafe-inline' *.tawk.to wss://*.tawk.to  *.lottiefiles.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to *.facebook.com *.facebook.net *.cookiebot.com *.doubleclick.net *.google.com *.paypal.com googleads.g.doubleclick.net stats.g.doubleclick.net google.com *.youtube.com *.googlesyndication.com ; frame-src 'self' easy.gr *.easy.gr  'unsafe-inline' *.paypal.com *.paypalobjects.com *.doubleclick.net *.cookiebot.com *.tawk.to ; 3
frame-ancestors 'self' www.cv.ee cv.ee www.cv.lv cv.lv www.prakse.lv prakse.lv https://www.fritz-henkel.com https://fritz-henkel.com dm.henkel-dam.com; 3
default-src 'none'; connect-src 'self' https://releases.grapheneos.org/; font-src 'self'; img-src 'self'; manifest-src 'self'; script-src 'self'; style-src 'self'; webrtc 'block'; form-action 'none'; frame-ancestors 'none'; base-uri 'none'; require-trusted-types-for 'script'; trusted-types 'none' 3
manifest-src 'self'; 3
frame-ancestors 'self' *.genesazrak.com *.888casinoarabic.net *.arabiccasino888.com *.casinoarabic888.com *.casinoarabic-888.com *.888-casinoarabic.com *.888casino-arabic.com http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ http://localhost:* https://localhost:* *.bingosys.net *.secured-igaming-usa.com *.888.pt *.sisportsbook.com *.888poker.de *.888slots.de *.safe-iplay.com http://*.safe-iplay.com http://*.888sport.com http://*.sisportsbook.com http://*.secured-igaming-usa.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888ladies.com *.888.pt cmsp *.harrahscasino.com *.wsop.com *.delawarepark.com *.doverdowns.com *.harringtongamingonline.com *.secured-igaming-services.com *.secured-igaming-usa.com *.igaming-services.com *.888.ca *.888casino.ca *.888poker.ca *.888sport.ca *.888.nl *.888casino.nl *.888poker.nl *.888sport.nl *.ar-888-casino.com *.888casino-ar.com *.ar888-casino.com *.arab888-casino.com *.casinoelarab-888.com *.alarab-888casino.com *.casinoalarab-888.com *.888casino-alarab.com *.888casino-arabian.com *.arabian-888casino.com *.888-casino-arabian.com *.888-casino-alarab.com *.ballysdover.com *.888casino-uae.com *.playat888-games.com *.888casino-game.com *.online-arabic-casino.net *.tripleeight.live *.playat888online.com *.888games-uae.com *.triple-eight-games.com *.play-casino-now.com *.888slots-uae.com *.888-uae.com *.mrgreen.de *.mrgreen.se *.mrgreen.com *.mrgreen.dk *.williamhill.com *.williamhill.local *.williamhill-pp2.com *.clevernt.com *.cleverwebserver.com 3
child-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.googleapis.com *.cookieyes.com cdn-cookieyes.com *.paypal.com;font-src 'self' fonts.gstatic.com;frame-src 'self' *.paypal.com;frame-ancestors 'self';img-src *.mvmnet.com data: maps.gstatic.com *.gstatic.com *.ggpht.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.googleapis.com *.facebook.com *.cookieyes.com cdn-cookieyes.com *.paypalobjects.com *.google.it *.paypal.com;manifest-src 'self';media-src 'self';object-src 'self';worker-src 'self'; 3
default-src 'self'; script-src 'self' webstats.surf.nl *.mailplus.nl platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com www.instagram.com www.google.com www.gstatic.com surfnl.containers.piwik.pro pretalx.surf.nl 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com *.vwo.com static.site24x7rum.eu; style-src 'self' 'unsafe-inline' static.mailplus.nl fonts.googleapis.com use.typekit.net p.typekit.net platform.twitter.com surfnl.containers.piwik.pro  surfnl.piwik.pro; img-src http: https: surfnl.containers.piwik.pro surfnl.piwik.pro data:;; frame-src 'self' *.surf.nl openonderwijsapi.nl www.surfspace.nl surfspace.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com www.google.com https://surf.apnd.me/OWD23/program https://surf.apnd.me/ACUD23/program; child-src 'self' surf.mediamission.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com; font-src 'self' fonts.gstatic.com surfnl.containers.piwik.pro surfnl.piwik.pro data:; connect-src 'self' surfnl.piwik.pro webstats.surf.nl surfnl.containers.piwik.pro  surfnl.piwik.pro pretalx.surf.nl; report-uri /report-csp-violation; upgrade-insecure-requests 3
object-src https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com; frame-ancestors 'self' https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com  https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com https://*.cvent.com http://*.cvent.com; report-uri /report-csp-violation 3
default-src 'self' data: blob:; 3
frame-ancestors 'self'  teams.microsoft.com *.teams.microsoft.com 3
default-src * 'unsafe-inline' 'unsafe-eval' 3
connect-src 'self' *.edenred.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google-analytics.com https://cdn.cookielaw.org https://*.onetrust.com http://*.xiti.com; font-src 'self' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com https://fonts.gstatic.com data:; img-src 'self' *.edenred.com https://cdn.cookielaw.org data: https://api.mapbox.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.ytimg.com; media-src 'self' *.edenred.com; object-src 'self' *.edenred.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com fonts.googleapis.com cdn.cookielaw.org https://fonts.gstatic.com https://www.youtube.com https://www.youtube-nocookie.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tag.aticdn.net https://api.mapbox.com https://cdn.jsdelivr.net https://connect.facebook.net cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com www.gstatic.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com fonts.googleapis.com cdn.cookielaw.org https://fonts.gstatic.com https://tagmanager.google.com cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' *.edenred.com; report-uri https://www.edenred.com/fr/system/reporting/csp; report-to csp 3
base-uri 'self';  form-action 'self';  frame-ancestors 'none'; 3
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.vgrblogg.se/ https://*.boost.ai/ https://*.entryscape.com https://*.stratsys.com/ registry.dataportalvast.se http://piwik-ext.vgregion.se/ http://piwik-ext.vgregion.se/piwik.js https://*.vgregion.se https://*.vimeocdn.com https://player.vimeo.com/ https://www.youtube.com https://cdn.siteimprove.net/ https://vgrintern.boost.ai https://vgregion.esmaker.net/ https://ssl.webserviceaward.com/; style-src 'unsafe-inline' 'self' https://*.vgrblogg.se/ https://*.vimeocdn.com https://ssl.webserviceaward.com/wsc/client/wscSelVisit.css https://*.stratsys.com/ registry.dataportalvast.se https://*.vgregion.se https://cdn.jsdelivr.net/npm/vuetify@2.x/dist/vuetify.min.css; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.vgrblogg.se/ https://*.boost.ai/ https://ssl.webserviceaward.com/wsc/client/wscSelVisit.css https://*.vimeocdn.com registry.dataportalvast.se http://piwik-ext.vgregion.se/ https://nominatim.openstreetmap.org https://*.vgregion.se https://id.siteimprove.com https://my2.siteimprove.com/ https://vgrintern.boost.ai https://td.azure-api.net/ *.t-d.se; font-src 'self' data: https://static.entryscape.com/ https://static2.sharepointonline.com/ https://players.cupix.com/*; frame-src  'self' https://*.siteimprove.com/ https://*.vgrblogg.se/ https://sketchfab.com/ https://play.gu.se/ https://forms.office.com/ https://*.microsoftstream.com/ https://nominatim.openstreetmap.org https://www.google.com https://maps.google.se https://e.infogram.com https://vimeo.com https://player.vimeo.com https://www.youtube.com https://*.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.naturbruk.nu *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com https://players.cupix.com/; img-src 'self' data: https://*.vgrblogg.se/ https://api.lantmateriet.se https://ssl.webserviceaward.com/wsc/  https://i.vimeocdn.com/ https://i.ytimg.com/ https://a.basemaps.cartocdn.com https://b.basemaps.cartocdn.com https://c.basemaps.cartocdn.com https://*.amazonaws.com/ https://sahlgrenskaliv.se/ https://*.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.naturbruk.nu *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com blob:; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-ancestors 'self' *.vgrblogg.se *.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.naturbruk.nu *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com; prefetch-src 'self' https://*.t-d.se https://*.stratsys.com/; 3
frame-ancestors 'self' https://*.cite-sciences.fr https://*.palais-decouverte.fr https://*.universcience.fr; 3
block-all-mixed-content;frame-ancestors *.mail.com 3
default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' 'self' *; style-src 'unsafe-inline' *; img-src 'self' data: *; connect-src *; frame-src 'self' *; font-src data: *; media-src *; worker-src 'self' blob: *; 3
default-src 'self'; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; connect-src * ws:; font-src *; frame-src *; media-src * 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self'; object-src 'none'; 3
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; object-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' https:; font-src 'self' https:; connect-src 'self' https: wss:; frame-ancestors 'self' 3
frame-src localhost *.realms.tv youtube.com *.youtube.com twitch.tv *.twitch.tv vimeo.com *.vimeo.com facebook.com *.facebook.com transistor.fm *.transistor.fm apple.com *.apple.com spotify.com *.spotify.com *.cloudflarestream.com *.soundslice.com *.google.com *.stripe.com *.hs-sites.com *.hubspot.com *.hsforms.net *.hsforms.com; frame-ancestors 'self' popdaze.com; img-src 'self' *.realms.tv data: blob: *.imgur.com *.hsforms.com *.hsforms.net *.hubspot.com *.gravatar.com *.ytimg.com *.vimeocdn.com *.jtvnw.net *.fbcdn.net *.scdn.co *.googletagmanager.com *.intercomcdn.com *.intercomassets.com *.intercomcdn.eu *.intercomusercontent.com *.intercom.io *.intercom-attachments-1.com *.intercom-attachments.eu *.au.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com *.intercomassets.eu youtube.com *.youtube.com twitch.tv *.twitch.tv vimeo.com *.vimeo.com facebook.com *.facebook.com transistor.fm *.transistor.fm apple.com *.apple.com spotify.com *.spotify.com *.cloudflarestream.com *.soundslice.com; script-src 'self' *.realms.tv 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.googletagmanager.com *.stripe.com *.hscollectedforms.net *.hsadspixel.net *.hs-banner.com *.hs-analytics.net *.hubspot.com *.hscollectedforms.net *.hsforms.net *.hsforms.com *.vimeo.com *.hs-scripts.com *.intercom.io *.intercomcdn.com *.sentry.io; 3
frame-ancestors 'self' *.ncmec.org *.missingkids.org *.adobecqms.net *.ncmecad.net *.articulate.com articulateusercontent.com ncmec.docebosaas.com learn.secondcity.com *.dcbstatic.com; 3
default-src 'self';  worker-src 'self' blob:;  script-src 'self' 'unsafe-eval' 'unsafe-inline'     https://*.googleapis.com     https://*.gstatic.com     *.google.com     https://*.ggpht.com     *.googleusercontent.com     blob:     https://www.jsctool.com     https://jsctool.com     https://*.optimizely.com     https://secure.pay1.de     https://www.img-bahn.de     https://cms.static-bahn.de     https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com     https://hcaptcha.com     https://*.hcaptcha.com     https://*.bahn.de     https://*.bahn.com     https://app.crossengage.io     https://ucm-eu.verint-cdn.com     https://*.go-mpulse.net;  connect-src 'self'     https://*.googleapis.com     *.google.com     https://*.gstatic.com     data:     blob:     https://p11.techlab-cdn.com     https://www.jsctool.com     https://jsctool.com     https://assets.static-bahn.de     https://dmp.adform.net     https://siteintercept.qualtrics.com     https://logx.optimizely.com     https://*.optimizely.com     https://hcaptcha.com     https://*.hcaptcha.com     https://collect.tealiumiq.com     https://trk-api.crossengage.io     https://accounts.bahn.de     https://ucm-eu.verint-cdn.com     https://hoover-eu.verint-api.com     https://*.akstat.io     https://*.go-mpulse.net     wss://hoover-eu.verint-api.com;  frame-src 'self'     *.google.com     https://cms.static-bahn.de     https://secure.pay1.de     https://hcaptcha.com     https://*.hcaptcha.com     https://*.bahn.de     https://www.abo-bahn.de     https://db.novafind.eu     https://kundenkarte-db.mvv-muenchen.de     https://transport.novafind.eu     https://a791773171.cdn.optimizely.com/     https://nextalert-db.nexterite.eu     https://s-bahn-muenchen-live.de     https://garantien-formular.cs100.force.com     https://accounts.bahn.de     https://db-bordgastronomie.de     https://ersatzkarte-dbregiobusnord.de     https://dbaw.specials-bahn.de     https://anreiseservice.specials-bahn.de     https://analytics.geops.de     https://*.sbahnm.geops.de     https://fipo.deutschebahn.com     https://kdialog-garantie.cs174.force.com     https://regioforce.my.salesforce-sites.com     https://www.jugendticket-nds.de     https://ketchum.flyingspoon.de     https://a1.adform.net     https://dbstreckenagent.de     https://www.dbstreckenagent.de;  frame-ancestors 'self';  style-src 'self'     https://fonts.googleapis.com     https://www.jsctool.com     https://jsctool.com     https://hcaptcha.com     https://*.hcaptcha.com     'unsafe-inline';  font-src 'self' data: https://fonts.gstatic.com;  img-src 'self'     https://*.googleapis.com     https://*.gstatic.com     *.google.com     *.googleusercontent.com     https://www.awin1.com     https://partner-bahn.de     https://cm.g.doubleclick.net     https://fcmatch.google.com     https://fcmatch.youtube.com     https://dmp.adform.net     https://cdn.optimizely.com     https://*.qualtrics.com     https://assets.static-bahn.de     https://*.bahn.de     https://assets-ri.extranet.deutschebahn.com     https://cms.static-bahn.de     https://*.akstat.io     data:;  media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de; 3
frame-ancestors 'self' https://next.brella.io/ https://taikalyhty.shapespark.com/;            script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mktdplp102cdn.azureedge.net/ https://*.dynamics.com https://tietoevry-ext.boost.ai/                        https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://code.jquery.com/ https://maxcdn.bootstrapcdn.com/ https://s.usea01.idio.episerver.net/                        https://cdnjs.cloudflare.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://sc.lfeeder.com/ https://connect.facebook.net/                        https://acdn.adnxs.com/ https://cdn.mookie1.com/ https://tietoevry.piwik.pro/ https://ajax.googleapis.com/ https://angular-ui.github.io/                        https://netdna.bootstrapcdn.com/ https://az416426.vo.msecnd.net/ https://www.youtube.com/ https://dl.episerver.net/ https://www.gstatic.com                        https://www.google.com/recaptcha/api.js https://www.googleadservices.com https://player.vimeo.com https://plugins.flockler.com;           frame-src 'self' https://www.googletagmanager.com https://qfx.tools.investis.com https://viz.tools.investis.com https://irs.tools.investis.com                        https://tietoevry.dfs.investis.com https://tools.eurolandir.com https://open.spotify.com https://tools.euroland.com https://maps.google.com                       https://www.google.com https://*.svc.dynamics.com https://www.youtube.com/ https://brand.tietoevry.com/;           object-src 'none' 3
frame-ancestors 'self' https://*.solidpixels.net https://*.solidpixels.com https://*.solidpixels.cz; report-uri https://o428203.ingest.sentry.io/api/4505516549210112/security/?sentry_key=6eb445158e4a410c830e7e424f2d7b56 3
frame-ancestors 'self' https://rewarding.wind.it https://grandecinema3.tre.it https://www.grandecinema3.it; 3
default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; 3
upgrade-insecure-requests; frame-ancestors 'self' tigertech.net *.tigertech.net; 3
frame-ancestors 'self' https://accounts.icarsuite.com https://dealerships.icarsuite.com 3
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 3
object-src 'self'; manifest-src 'self'; worker-src 'self' blob: https://customer-t79v13gisi5h8yrx.cloudflarestream.com; font-src 'self' data: https://fonts.gstatic.com; frame-ancestors 'self'; 3
default-src 'self' 'unsafe-inline' data: https: ; style-src 'self' 'unsafe-inline' 3
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 3
frame-ancestors 'self' https://guides.opentext.com https://content.microfocus.com; default-src data: 'unsafe-inline' 'unsafe-eval' https:;style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src  https:; connect-src https:; object-src https:; child-src https:; 3
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.com.sg  *.interactivebrokers.com.hk  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  *.interactiveadvisors.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.clientam.ch  *.clientam.com.hk  *.go-mpulse.net  *.akstat.io  widgets.tipranks.com  site.recognia.com  ibkr.paxosclients.com  worldtrader.hsbc.ae  *.ibkrcampus.com  ibkrcampus.com  www.ibkrguides.com  *.traderstation-international.com; 3
upgrade-insecure-requests; frame-ancestors 'self' https://www.domainsherpa.com; default-src 'self'; object-src 'none'; worker-src 'self'; frame-src 'self' https:; form-action 'self' https://www.paypal.com; font-src 'self' data: https://nameproscdn.com https://fonts.gstatic.com https://use.fontawesome.com; img-src 'self' data: https: blob:; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloudflareinsights.com https://challenges.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://js.stripe.com https://www.google.com https://www.gstatic.com https://s.imgur.com https://platform.twitter.com https://cdn.syndication.twimg.com; style-src 'report-sample' 'self' 'unsafe-inline' https://nameproscdn.com https://platform.twitter.com; connect-src 'self' https://nameproscdn.com https://www.google-analytics.com https://stats.g.doubleclick.net; media-src 'self' https://nameproscdn.com 3
nosniff 3
default-src 'self' *.joinsmarty.com *.google.com *.googleapis.com *.googleoptimize.com *.googletagmanager.com *.google-analytics.com *.googleusercontent.com *.googlesyndication.com *.stripe.com *.trustpilot.com *.facebook.net *.facebook.com *.pinimg.com *.bing.com *.pinterest.com *.stripe.network *.clarity.ms cdn.ywxi.net *.gstatic.com *.trustedsite.com *.transactiongateway.com cdn.sitesasset.com smrty.s3.us-west-1.amazonaws.com smrty.s3.us-west-2.amazonaws.com smrty-qa.s3.us-west-1.amazonaws.com smrty-qa.s3.us-west-2.amazonaws.com smrty.s3-us-west-1.amazonaws.com smrty.s3-us-west-2.amazonaws.com smrty-qa.s3-us-west-1.amazonaws.com smrty-qa.s3-us-west-2.amazonaws.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com *.ladesk.com *.doubleclick.net *.shareasale.com *.shopify.com assets-global.website-files.com *.impact.com *.cloudfront.net *.awin.net *.awin.com *.bravodeal.com *.bravo-savings-network.com *.jquery.com *.digitaloceanspaces.com data: blob: 'unsafe-inline' 'unsafe-eval' *.amazon.com *.barcodelookup.com *.cookiepro.com *.here.com *.hereapi.com *.google.co.in *.ssl-images-amazon.com *.onetrust.com media.pepperjamnetwork.com *.sentry.io *.shipmentsfree.com r0 cache www.googletagmanager.com ad.doubleclick.net www.advconversion.com *.taboola.com post.adgatemedia.com bat.bing.com conversions.clickmeter.com liquidpch.go2cloud.org s.yimg.com servetrack.go2cloud.org trends.revcontent.com e9lak.endtrk.com klaymedia.servecvr.com events.pushtrack.co www.groovast.com trk.shophermedia.net go.shetrack.com amplify.outbrain.com rtb.mfadsrvr.com tracking.lifestylejournal.com www.googleadservices.com *.playgamesnow.org www.drcvr.com *.mediago.io s.pinimg.com secco.servecvr.com tracking.propelmedia.com appfocus.go2cloud.org wsdk.rokt.com r.financebuzz.com static.ads-twitter.com pubads.g.doubleclick.net pushpros.go2cloud.org *.liadm.com www.steadyhop.com securetracking.adsprotection.com www.tp88trk.com f.cstpersl.com t1.anytrack.io imtrk.go2cloud.org ad.propellerads.com www.imcounting.com serve.popads.net www.pbterra.com www.chant3rm1.com eng.trkcnv.com *.dergoodting.com *.cvrdomain.com traktum.com cdn1.decide.dev restersu.info *.zeeto.io *.pixelitooo.com *.conversionpx.com f.fluadv.com track.adspostx.com *.free-shipments.com *.freeshipments.com *.getsmartyapp.com *.getsmartyoffers.com *.getsmartyplus.com *.getsmartysavings.com *.joinsmartyplus.com *.lapost.com *.nocostshipping.com *.savewithsmarty.com *.savingsforthesavvy.com *.shipmentfree.com *.shipmentprotection.com *.smartyaffiliates.com *.smartycashback.com *.smartycoins.com *.smartyestsavings.com *.smartymoneysavings.com *.smartyplus.net *.smartypremium.com *.try-smarty.com cdn.joinsmarty.com 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; 3
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dom101.mapres *.dom101.intres *.dom101.prdres hcaptcha.com *.hcaptcha.com *.tiqcdn.com my.tealiumiq.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.youtube.com youtube.com; connect-src *.dom101.mapres *.dom101.intres *.dom101.prdres 'self' hcaptcha.com *.hcaptcha.com *.tealiumiq.com *.2o7.net; img-src data: 'self' hcaptcha.com *.hcaptcha.com *.gravatar.com *.2o7.net *.googleapis.com *.groupebpce.fr *.intrabpce.fr; style-src 'self' hcaptcha.com *.hcaptcha.com 'unsafe-inline'; font-src data: 'self'; frame-ancestors *.dom101.mapres *.dom101.intres *.dom101.prdres 'self'; frame-src https: *; script-src-attr 'unsafe-inline'; worker-src *.bluecoat.com; 3
block-all-mixed-content; frame-ancestors 'none'; 3
default-src 'self' 'unsafe-inline' *.website-files.com *.bam-x.com *.narrativ.com *.planethowl.com *.braze.com *.doubleclick.net *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.facebook.com *.facebook.net *.hotjar.com *.klaviyo.com *.segment.com *.segment.io *.webflow.com webflow.com d3e54v103j8qbb.cloudfront.net js.appboycdn.com wss://*.hotjar.com https://cdnjs.cloudflare.com/ajax/libs/jquery-nice-select/ *.googleapis.com *.hubspot.com *.hs-scripts.com *.google.pl unpkg.com weblocks.io *.jsdelivr.net *.hsforms.com *.hsforms.net *.hscollectedforms.net js.hs-analytics.net js.hs-banner.com i.vimeocdn.com https://hubspot-forms-static-embed.s3.amazonaws.com/prod/ vimeo.com *.vimeo.com cdn.embedly.com vimeocdn.com *.vimeocdn.com *.gstatic.com; font-src 'self' data: *.webflow.com fonts.gstatic.com; object-src 'none'; style-src 'unsafe-inline' https:; base-uri 'self'; form-action 'self' webto.salesforce.com forms.hsforms.com; frame-ancestors 'none'; upgrade-insecure-requests; frame-src 'self' data: vimeo.com cdn.embedly.com *.vimeo.com vimeocdn.com *.vimeocdn.com www.google.com forms.hsforms.com *.website-files.com; img-src http: https: data:; 3
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: mediastream: blob: filesystem: about: 'unsafe-eval' 'unsafe-inline'; connect-src * data: mediastream: blob: filesystem: about: 'unsafe-eval' 'unsafe-inline'; frame-src * data: mediastream: blob: filesystem: about: 'unsafe-eval' 'unsafe-inline' 3
frame-ancestors 'self' *.ci360.sas.com app.contentstack.com 3
object-src 'none'; form-action 'self'; frame-ancestors 'self'; 3
frame-ancestors https://dgbuilder.io http://dgbuilder.io 3
frame-ancestors 'self' ersag.com.tr *.ersag.com.tr 3
frame-ancestors 'self' https://translate.google.com 3
worker-src 'self' 3
frame-ancestors 'self' https://consent.axarnet.es https://*.axarnet.es https://consent.cookiefirst.com;frame-src 'self' data: youtube.com https://www.youtube.com youtu.be https://youtu.be embedsocial.com https://embedsocial.com livechat.messagebird.com https://livechat.messagebird.com/ ocw.messagebird.com/ https://ocw.messagebird.com/; 3
upgrade-insecure-requests; report-to endpoint; report-uri https://report.api.jtl-software.com/csp/; default-src 'self';base-uri 'self';form-action 'self' www.facebook.com/tr/ kundencenter.jtl-software.de checkout.jtl-software.com;frame-ancestors 'self';connect-src 'self' api.personio.de/recruiting/applicant px.ads.linkedin.com/wa/ px.ads.linkedin.com/attribution_trigger googleads.g.doubleclick.net adservice.google.com/pagead *.google.com *.google.de *.google.at *.google.ch *.google.pl *.google.es *.google.nl *.google.co.uk *.google.com.tr *.google.it *.google.fr *.google.co.in *.google.com.ua *.google.dk *.google.lu *.google.co.th *.google.pt *.google.be *.google.cz *.google.com.pk *.google.gr *.google.ru *.google.ba *.google.hu *.google.se *.google.com.cy *.google.com.eg *.google.bg *.google.ro *.google.lt *.google.co.jp *.google.rs *.google.co.id *.google.com.au *.google.hr *.google.ae *.google.co.ma *.google.ie *.google.fi *.google.com.br *.google.com.vn analytics.google.com/g/collect www.google-analytics.com region1.analytics.google.com region1.google-analytics.com/g/collect stats.g.doubleclick.net/g/collect stats.g.doubleclick.net/j/collect region1.analytics.google.com/g/collect maps.googleapis.com www.facebook.com/tr/ *.clarity.ms/collect bat.bing.com/actionp/0 stats.jtl-software.de/matomo.php crm.jtl-software.de consent.jtl-software.de;font-src 'self' cdn.jtl-software.com fonts.gstatic.com/s/roboto/v30/ data:;frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ td.doubleclick.net www.google.com/recaptcha/api2/anchor www.recaptcha.net/recaptcha/api2/anchor www.facebook.com/tr/ consent.jtl-software.de;child-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ td.doubleclick.net www.google.com/recaptcha/api2/anchor www.recaptcha.net/recaptcha/api2/anchor www.facebook.com/tr/ consent.jtl-software.de;img-src 'self' cdn.jtl-software.com img.youtube.com i.ytimg.com px.ads.linkedin.com googleads.g.doubleclick.net/pagead/ *.google.com *.google.de *.google.at *.google.ch *.google.pl *.google.es *.google.nl *.google.co.uk *.google.com.tr *.google.it *.google.fr *.google.co.in *.google.com.ua *.google.dk *.google.lu *.google.co.th *.google.pt *.google.be *.google.cz *.google.com.pk *.google.gr *.google.ru *.google.ba *.google.hu *.google.se *.google.com.cy *.google.com.eg *.google.bg *.google.ro *.google.lt *.google.co.jp *.google.rs *.google.co.id *.google.com.au *.google.hr *.google.ae *.google.co.ma *.google.ie *.google.fi *.google.com.br *.google.com.vn www.google-analytics.com stats.g.doubleclick.net/g/collect wwww.googletagmanager.com maps.googleapis.com/maps/ maps.gstatic.com/mapfiles/ www.facebook.com/tr/ www.facebook.com/privacy_sandbox/pixel/register/trigger/ c.clarity.ms/c.gif c.bing.com/c.gif bat.bing.com/action/0 bilder.jtl-software.de data:;object-src 'none';script-src 'self' cdn.jtl-software.com www.youtube.com/iframe_api www.youtube.com/s/player/ snap.licdn.com/li.lms-analytics/insight.min.js www.googleadservices.com/ googleads.g.doubleclick.net/pagead/ www.google.com/pagead/ www.recaptcha.net/recaptcha/api.js www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/releases/ www.google-analytics.com/analytics.js www.google-analytics.com/plugins/ua/ec.js www.googletagmanager.com/gtm.js www.googletagmanager.com/gtag/ www.googletagmanager.com/debug/ maps.googleapis.com/maps/ maps.googleapis.com/maps-api-v3/api/js/ connect.facebook.net/en_US/fbevents.js connect.facebook.net/signals/config/ www.clarity.ms/tag/kmqrcg56hz www.clarity.ms/s/ bat.bing.com/bat.js bat.bing.com/p/action/56224185.js stats.jtl-software.de/matomo.js crm.jtl-software.de consent.jtl-software.de/dist/client/privacy.js 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' cdn.jtl-software.com fonts.googleapis.com/css crm.jtl-software.de consent.jtl-software.de/dist/client/privacy.css 'unsafe-inline';worker-src 'self' www.google.com/recaptcha/api2/webworker.js blob:; 3
default-src https: blob: data: 'self'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' ; img-src https: data: ; media-src https: blob: ; upgrade-insecure-requests; block-all-mixed-content; connect-src https: wss://*.hotjar.com; 3
default-src * blob: data: about:; worker-src * blob:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob:; img-src * data:; style-src * 'self' 'unsafe-inline'; base-uri 'self' https://cdn.justpremium.com; form-action 'self' 3
script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' blob: data: https://*.ydl8.top https://*.huayuschool.cc https://*.google.com https://*.geetest.com https://*.geevisit.com https://s.adroll.com https://d.adroll.com https://www.googletagmanager.com https://appleid.cdn-apple.com https://vk.com https://*.prdredir.com https://analytics.tiktok.com https://connect.facebook.net https://*.appsflyer.com https://*.google-analytics.com https://telegram.org https://*.ada.support https://widget-mediator.zopim.com https://*.bitgetpro.site https://*.bitget.cc https://*.bgbstatic.com https://*.bitget.vin https://*.yinshen.top https://gateway.test.95516.com https://*.checkout.com https://gateway.95516.com https://www.facebook.com https://*.youtube.com https://dn-staticdown.qbox.me https://*.bitget.style https://*.59ow.com https://*.pujieco.com https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.uykdjs.com https://*.megacheck.net https://megacheck.net https://*.7b7x.com https://7b7x.com https://cdn.builder.io https://*.onfido.com https://applepay.cdn-apple.com https://*.apple.com https://*.gstatic.com https://*.googleapis.com https://api-web.wwmxd.info https://api-web.wwmxd.site;connect-src 'self' 'report-sample' data: blob: ws: wss: https://www.googletagmanager.com wss://*.ydl8.top wss://*.huayuschool.cc https://*.ydl8.top https://*.huayuschool.cc https://*.google.com wss://*.bitgetpro.site wss://*.bitget.cc https://*.google-analytics.com https://analytics.tiktok.com https://*.appsflyer.com https://www.facebook.com https://*.analytics.google.com https://*.ada.support https://s.adroll.com https://d.adroll.com https://wa.onelink.me https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://*.bitgetpro.site https://*.bitget.cc https://*.bgbstatic.com https://*.bitget.vin https://*.yinshen.top https://gateway.test.95516.com https://*.checkout.com https://gateway.95516.com https://telegram.org https://*.youtube.com wss://*.bitget.online https://www.tradingview.com https://api.tronstack.io https://*.noxiaohao.com https://*.bitget.style https://*.59ow.com https://*.pujieco.com wss://*.bitget.vin wss://*.bitget.style wss://*.59ow.com wss://*.pujieco.com wss://*.yinshen.top https://megacheck.vip https://*.megacheck.vip wss://*.megacheck.vip wss://megacheck.vip https://*.megacheck.net wss://*.megacheck.net https://megacheck.net wss://megacheck.net https://*.saintpay.com https://*.skypay.space wss://*.saintpay.com wss://*.skypay.space wss://*.noxiaohao.com https://*.yinshen.top:8443 https://*.omkbic.com:8443 https://*.uykdjs.com wss://*.uykdjs.com https://dn-staticdown.qbox.me https://*.7b7x.com https://7b7x.com wss://*.7b7x.com wss://7b7x.com wss://*.ada.support wss://*.checkout.com https://cdn.builder.io https://*.onfido.com https://fp-constantid.bitkeep.vip https://api-web.bitkeep.app https://api-web.bitkeep.asia https://api-web.bitkeep.biz https://api-web.bitkeep.fun https://api-web.bitkeep.life https://api-web.bitkeep.top https://api-web.bitapi.vip https://api-web.chainnear.com https://api-web.lymryy.com:9443 https://api-web.wwmxd.info https://api-web.wwmxd.site https://sensors-ab.gdrichem.com:8443 https://img.gurenla.com https://img.bitgetimg.com;frame-src 'self' 'report-sample' blob: data: https://*.google.com https://*.ydl8.top https://*.huayuschool.cc https://*.bitgetpro.site https://*.bitget.cc https://*.bitget.vin https://*.bgbstatic.com https://www.facebook.com https://oauth.telegram.org https://telegram.org https://*.checkout.com https://*.ada.support https://*.youtube.com https://www.googletagmanager.com https://widget-mediator.zopim.com https://*.yinshen.top https://gateway.test.95516.com https://*.google-analytics.com https://megacheck.vip https://*.megacheck.vip https://*.bitget.style https://*.59ow.com https://*.pujieco.com https://*.saintpay.com https://*.skypay.space https://*.uykdjs.com https://*.megacheck.net https://megacheck.net https://*.7b7x.com https://7b7x.com https://bitget.banxa.com https://*.onfido.com https://*.95516.com https://www.bitgetwidget.com https://*.nihaopay.com https://onramp.money https://*.simplexcc.com https://*.revolut.com;frame-ancestors 'self' https://*.bitgetpro.site https://*.bitget.cc https://*.bitget.vin;report-uri https://a643dc1f417234b232e383bb33da229f.report-uri.com/r/d/csp/enforce; 3
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; report-uri https://stats.xilo.net/ruri/r/d/csp/enforce 3
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 3
frame-ancestors 'self'; upgrade-insecure-requests; object-src 'none'; script-src 'sha256-7/fy7EjXUskn9MLHbin/b0A7LQ32mACPQ2SdNj/O/vA=' 'unsafe-inline'; require-trusted-types-for 'script'; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com  cdn.cookielaw.org t.contentsquare.net track.gaconnector.com tracker.gaconnector.com app.contentsquare.com ma.zoho.eu maillist-manage.eu pagesense-proxy.eu js.stripe.com scout-cdn.salesloft.com secure.seat6worn.com googleads.g.doubleclick.net bat.bing.com connect.facebook.net player.vimeo.com chat.puzzel.com *.google.com t.gatorleads.co.uk www.gstatic.com snap.licdn.com js.driftt.com js.driftqa.com www.googletagmanager.com static.hotjar.com script.hotjar.com www.google-analytics.com www.googleadservices.com connect.facebook.net pi.pardot.com; default-src 'self' 'unsafe-inline' ma.zoho.eu maillist-manage.eu idx.liadm.com cdn.linkedin.oribi.io ws://127.0.0.1:35729 *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com bat.bing.com scout.salesloft.com js.driftqa.com js.driftt.com chat.puzzel.com www.google-analytics.com script.hotjar.com stats.g.doubleclick.net in.hotjar.com; frame-src 'self' *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com td.doubleclick.net js.stripe.com https://player.vimeo.com https://youtu.be https://www.youtube.com/ *.google.com js.driftt.com vars.hotjar.com www.facebook.com; style-src-elem 'self' 'unsafe-inline' blob: *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com fonts.googleapis.com; img-src 'self' blob: data: cdn.cookielaw.org *.contentsquare.net i.vimeocdn.com *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com scout.eu1.salesloft.com bat.bing.com chat.puzzel.com *.linkedin.com p.adsymptotic.com popup.communigator.co.uk www.facebook.com www.google-analytics.com www.google.com www.google.co.uk script.hotjar.com; font-src data: 'self' *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com script.hotjar.com fonts.gstatic.com; child-src blob:; worker-src blob:; connect-src thghosting.local *.thghosting.local gb1-li-thghostinguat-001.io.thehut.local *.gb1-li-thghostinguat-001.io.thehut.local gb4-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local hosting.ing-dev.co.uk *.hosting.ing-dev.co.uk thghosting.com *.thghosting.com ingenuitycloudservices.com *.ingenuitycloudservices.com cdn.cookielaw.org track.gaconnector.com *.contentsquare.net ma.zoho.eu cdn.linkedin.oribi.io idx.liadm.com *.google-analytics.com ma.zoho.eu maillist-manage.eu scout.salesloft.com js.stripe.com px.ads.linkedin.com idx.liadm.com; 3
default-src 'self' cdn.invicti.com static.getclicky.com embed-ssl.wistia.com/deliveries/8e4be7011c8173f56f7717e7332cd52a7803b61e.bin; script-src 'self' 'unsafe-eval' 'unsafe-inline' go2.invicti.com cdn.invicti.com *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com tcp.googlesyndication.com www.googleadservices.com googleads.g.doubleclick.net *.greenhouse.io *.visualwebsiteoptimizer.com *.vwo.com app.vwo.com *.hotjar.com connect.facebook.net www.facebook.com bat.bing.com *.mutinycdn.com px.ads.linkedin.com www.linkedin.com snap.licdn.com sjs.bizographics.com js.driftt.com *.clearbitjs.com *.marketo.net *.mktoresp.com cdn.bizible.com *.calendly.com vidassets.terminus.services static.getclicky.com anchor.fm ct.capterra.com/capterra_tracker.js tag.demandbase.com *.newrelic.com js.zi-scripts.com/zi-tag.js schedule-staging.zoominfo.com/zischedule.js schedule.zoominfo.com/zischedule.js ws-assets-staging.zoominfo.com/formcomplete.js ws-assets.zoominfo.com/formcomplete.js; style-src 'self' 'unsafe-inline' www.invicti.com go2.invicti.com cdn.invicti.com *.googleapis.com *.vwo.com; frame-src go2.invicti.com cdn.invicti.com *.googletagmanager.com bid.g.doubleclick.net docs.google.com/presentation/ *.greenhouse.io app.vwo.com *.hotjar.com www.facebook.com *.youtube.com *.youtube-nocookie.com *.youtube.com player.vimeo.com *.driftt.com calendly.com anchor.fm *.soundcloud.com *.slideshare.net; frame-ancestors 'self' *.invicti.com *.acunetix.com app.mutinyhq.com; font-src 'self' data: cdn.invicti.com *.gstatic.com app.vwo.com *.hotjar.com; img-src 'self' data: www.invicti.com *.invicti.com cdn.invicti.com go2.invicti.com ssl.gstatic.com www.gstatic.com *.googleusercontent.com *.google.com *.google.co.uk *.google.de *.google.fr *.google.ar *.google.com.br *.google.com.tr *.google.nl *.google.cn *.google.ca *.google.it *.google.co.il *.googleapis.com *.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net stats.g.doubleclick.net *.visualwebsiteoptimizer.com www.facebook.com *.bing.com bat.bing.com *.ytimg.com *.vimeocdn.com *.mutinyhq.io images.mutinycdn.com *.linkedin.com px.ads.linkedin.com cdn.bizible.com cdn.bizibly.com p.adsymptotic.com vidassets.terminus.services *.gravatar.com match.prod.bidr.io id.rlcdn.com e-2072.adzerk.net/e/2072/419463/e.gif; object-src 'self' cdn.invicti.com; media-src 'self' blob: cdn.invicti.com js.driftqa.com; connect-src 'self' cdn.invicti.com go2.invicti.com *.google.com *.google-analytics.com stats.g.doubleclick.net pagead2.googlesyndication.com/pagead/buyside_topics/set/ boards-api.greenhouse.io/v1/boards/invictisecurity/jobs *.visualwebsiteoptimizer.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.facebook.com *.vimeo.com vimeo.com *.mutinycdn.com api-v2.mutinyhq.io api.mutinyhq.io cdn.linkedin.oribi.io px.ads.linkedin.com/wa *.clearbit.com *.mktoresp.com *.mktoutil.com *.adnxs.com js-staging.zi-scripts.com/unified/v1/master/getSubscriptions js.zi-scripts.com/unified/v1/master/getSubscriptions ws.zoominfo.com; worker-src 'self' blob: dev.visualwebsiteoptimizer.com 3
default-src https: *.hotjar.com *.hotjar.io *.wistia.com *.wistia.net 'self' 'unsafe-inline' 'unsafe-eval'; font-src https: *.hotjar.com *.hotjar.io *.wistia.com *.tawk.to fonts.gstatic.com data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src https: *.hotjar.com *.hotjar.io *.tawk.to cdn.jsdelivr.net tawk.link *.iubenda.com *.wistia.com *.wistia.net data: 'self' 'unsafe-inline' 'unsafe-eval'; script-src blob: https: 'self' *.hotjar.com *.hotjar.io *.iubenda.com *.wistia.com *.wistia.net *.tawk.to cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src https: *.litix.io *.wistia.com *.tawk.to wss://*.tawk.to *.hotjar.com *.hotjar.io wss://*.hotjar.com; frame-src https: 'self' blob: *.hotjar.com *.hotjar.io *.tawk.to fast.wistia.com fast.wistia.net; style-src blob: https: 'self' *.hotjar.com *.hotjar.io *.iubenda.com fast.wistia.com *.tawk.to fonts.googleapis.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; media-src * blob: data: https: *.wistia.com *.wistia.net 'self' 'unsafe-inline' 'unsafe-eval'; 3
default-src https: http: 'unsafe-inline' data: blob: 'unsafe-eval' 3
frame-ancestors 'self'; base-uri 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 3
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app-fnsp-matomo-analytics-prod.azurewebsites.net/ https://statistikk.fnsp.no/ https://web-sdk-eu.aptrinsic.com/ https://code.jquery.com/ https://maxcdn.bootstrapcdn.com/ https://cdnjs.cloudflare.com https://cdn.jsdelivr.net/ https://cdn.tiny.cloud https://www.cdisol.blog https://js.monitor.azure.com; object-src 'none'; manifest-src https://www.cdisol.blog; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://web-sdk-eu.aptrinsic.com/ https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net/ https://www.cdisol.blog; font-src 'self' data: https://fonts.gstatic.com/ https://dhm5hy2vn8l0l.cloudfront.net/ https://web-sdk-eu.aptrinsic.com/ https://esp-eu.aptrinsic.com/; img-src 'self' data: https://*.nhn.no https://www.fnsp.no https://www.ahus.no/ https://ahus.no https://www.betanienhospital.no/ https://betanienhospital.no/ https://www.betaniensykehus.no https://betaniensykehus.no https://www.diakonhjemmetsykehus.no https://diakonhjemmetsykehus.no https://fellesinnhold.hn.nhn.no/ https://www.finnmarkssykehuset.no https://finnmarkssykehuset.no https://www.haraldsplass.no/ https://haraldsplass.no/ https://www.hsr.as https://hsr.as https://www.helgelandssykehuset.no https://helgelandssykehuset.no https://www.helse-bergen.no https://helse-bergen.no https://www.helse-fonna.no https://helse-fonna.no https://www.helse-forde.no https://helse-forde.no https://www.helse-midt.no https://helse-midt.no https://www.helse-mr.no https://helse-mr.no https://www.helsenordikt.no https://helsenordikt.no https://www.helse-nord.no https://helse-nord.no https://www.hnt.no https://hnt.no https://www.helse-sorost.no https://helse-sorost.no https://www.helse-stavanger.no https://helse-stavanger.no https://www.helse-vest-ikt.no https://helse-vest-ikt.no https://www.helse-vest.no https://helse-vest.no https://www.helseplattformen.no https://helseplattformen.no https://www.hdo.no/ https://hdo.no/ https://www.hemit.no https://hemit.no https://www.lovisenbergsykehus.no https://lovisenbergsykehus.no https://www.luftambulanse.no https://luftambulanse.no https://www.martinahansen.no/ https://martinahansen.no/ https://www.jdps.no/ https://jdps.no/ https://www.olaviken.no https://olaviken.no https://www.nordlandssykehuset.no https://nordlandssykehuset.no https://www.nortrials.no/ https://nortrials.no/ https://www.nyemetoder.no/ https://nyemetoder.no/ https://www.oslo-universitetssykehus.no https://oslo-universitetssykehus.no https://www.pasientreiser.no https://pasientreiser.no https://www.revmatismesykehuset.no/ https://revmatismesykehuset.no/ https://www.saman.no https://saman.no https://www.sjukehusapoteka-vest.no https://sjukehusapoteka-vest.no https://www.solli.no https://solli.no https://www.sshf.no/ https://sshf.no/ https://sthf.no https://www.sthf.no https://www.spesialisthelsetjenesten.no https://spesialisthelsetjenesten.no https://www.stolav.no https://stolav.no https://www.sunnaas.no/ https://sunnaas.no/ https://www.sykehusapotekene.no https://sykehusapotekene.no https://www.sykehusapotek-nord.no https://sykehusapotek-nord.no https://www.sykehusapoteket.no https://sykehusapoteket.no https://www.sykehusbygg.no https://sykehusbygg.no https://www.sykehuset-ostfold.no https://sykehuset-ostfold.no https://siv.no/ https://www.siv.no/ https://www.sykehuset-innlandet.no https://sykehuset-innlandet.no https://www.sykehusinnkjop.no https://sykehusinnkjop.no https://www.sykehuspartner.no https://sykehuspartner.no https://www.unn.no https://unn.no https://www.vestreviken.no https://vestreviken.no https://bjorkeli.no https://www.bjorkeli.no https://sp.tinymce.com; media-src 'self' https://*.nhn.no https://www.ahus.no/ https://ahus.no https://www.betanienhospital.no/ https://betanienhospital.no/ https://www.betaniensykehus.no https://betaniensykehus.no https://www.diakonhjemmetsykehus.no https://diakonhjemmetsykehus.no https://fellesinnhold.hn.nhn.no/ https://www.finnmarkssykehuset.no https://finnmarkssykehuset.no https://www.haraldsplass.no/ https://haraldsplass.no/ https://www.hsr.as https://hsr.as https://www.helgelandssykehuset.no https://helgelandssykehuset.no https://www.helse-bergen.no https://helse-bergen.no https://www.helse-fonna.no https://helse-fonna.no https://www.helse-forde.no https://helse-forde.no https://www.helse-midt.no https://helse-midt.no https://www.helse-mr.no https://helse-mr.no https://www.helsenordikt.no https://helsenordikt.no https://www.helse-nord.no https://helse-nord.no https://www.hnt.no https://hnt.no https://www.helse-sorost.no https://helse-sorost.no https://www.helse-stavanger.no https://helse-stavanger.no https://www.helse-vest-ikt.no https://helse-vest-ikt.no https://www.helse-vest.no https://helse-vest.no https://www.helseplattformen.no https://helseplattformen.no https://www.hdo.no/ https://hdo.no/ https://www.hemit.no https://hemit.no https://www.lovisenbergsykehus.no https://lovisenbergsykehus.no https://www.luftambulanse.no https://luftambulanse.no https://www.martinahansen.no/ https://martinahansen.no/ https://www.jdps.no/ https://jdps.no/ https://www.olaviken.no https://olaviken.no https://www.nordlandssykehuset.no https://nordlandssykehuset.no https://www.nortrials.no/ https://nortrials.no/ https://www.nyemetoder.no/ https://nyemetoder.no/ https://www.oslo-universitetssykehus.no https://oslo-universitetssykehus.no https://www.pasientreiser.no https://pasientreiser.no https://www.revmatismesykehuset.no/ https://revmatismesykehuset.no/ https://www.saman.no https://saman.no https://www.sjukehusapoteka-vest.no https://sjukehusapoteka-vest.no https://www.solli.no https://solli.no https://www.sshf.no/ https://sshf.no/ https://sthf.no https://www.sthf.no https://www.spesialisthelsetjenesten.no https://spesialisthelsetjenesten.no https://www.stolav.no https://stolav.no https://www.sunnaas.no/ https://sunnaas.no/ https://www.sykehusapotekene.no https://sykehusapotekene.no https://www.sykehusapotek-nord.no https://sykehusapotek-nord.no https://www.sykehusapoteket.no https://sykehusapoteket.no https://www.sykehusbygg.no https://sykehusbygg.no https://www.sykehuset-ostfold.no https://sykehuset-ostfold.no https://siv.no/ https://www.siv.no/ https://www.sykehuset-innlandet.no https://sykehuset-innlandet.no https://www.sykehusinnkjop.no https://sykehusinnkjop.no https://www.sykehuspartner.no https://sykehuspartner.no https://www.unn.no https://unn.no https://www.vestreviken.no https://vestreviken.no https://bjorkeli.no https://www.bjorkeli.no; connect-src 'self' https://esp-eu.aptrinsic.com/ https://app-fnsp-matomo-analytics-prod.azurewebsites.net/ https://pui.episerver.net/ https://dc.services.visualstudio.com/; frame-src 'self' https://dashboard.find.episerver.net/ https://uib.cloud.panopto.eu/ https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://vimeo.com/ https://youtu.be/ https://medfilm.se/ https://film.oslo-universitetssykehus.no/ https://ntnu.cloud.panopto.eu/ https://open.spotify.com/ https://podcasts.apple.com https://ekstranett.helse-midt.no/ https://app-fnsp-matomo-analytics-prod.azurewebsites.net/ https://fellesinnhold.fnsp.nhn.no https://fnsp.fnsp.nhn.no https://www.fnsp.no https://navikt.github.io https://acast.com/ https://www.acast.com/ https://hf02.totaldata.no/ https://players.brightcove.net/ https://*.fnsp.nhn.no; frame-ancestors 'self'; 3
default-src 'self' *.coveo.com *.chatlayer.ai *.adobe.com bcove.video optimize.google.com *.api.brightcove.com api.bcovlive.io *.bcovlive.io *.sep.bcovlive.io bcovlive-a.akamaihd.net *.o.brightcove.com players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com *.boltdns.net brightcove.vo.llnwd.net *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.analytics.edgekey.net *.media.brightcove.com hlstoken-a.akamaihd.net *.gallerysites.net *.bcvp0rtal.com *.brightcovecdn.com manifest.prod.boltdns.net eba-api.uk.experian.com smeservices.uk.experian.com *.hotjar.com sjs.bizographics.com cdn.taboola.com trc.taboola.com *.js.ubembed.com *.events.ubembed.com assets.ubembed.com www.dwin1.com bat.bing.com t.co cdn.smct.co smct.co j.flxpxl.com *.doubleclick.net www.googleadservices.com www.google.com www.googletagmanager.com tagmanager.google.com *.googleapis.com ssl.gstatic.com www.google-analytics.com ssl.google-analytics.com adservice.google.com adservice.google.co.uk www.google.co.uk analytics.twitter.com platform.twitter.com static.ads-twitter.com *.linkedin.com www.facebook.com connect.facebook.net *.outbrain.com builder-assets.unbounce.com *.boldchat.com www.dianomi.com *.pingdom.net *.cloudfront.net *.eloqua.com *.quantserve.com rules.quantcount.com img.en25.com snap.licdn.com secure.livechatinc.com maxcdn.bootstrapcdn.com *.gstatic.com cdn.livechatinc.com themes.googleusercontent.com *.experian.com ui.customsearch.ai hosteduxprod.blob.core.windows.net *.brightcove.com *.brightcove.net vjs.zencdn.net *.adobedtm.com *.demdex.net *.omniture.com *.youtube.com *.hotjar.io; img-src 'self' data: *; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; font-src 'self' data: *; object-src 'none'; media-src * blob:; worker-src blob: 'self'; frame-ancestors 'self'; 3
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' * 3
frame-ancestors https://*.builder.io https://builder.io 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval';  style-src 'self' 'unsafe-inline'; img-src * data:; 3
img-src * 3
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: mediastream:; 3
default-src 'self' data: blob: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net 'unsafe-eval' 'unsafe-inline'; img-src     'self' data: content: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net;style-src   'self' data: blob: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net 'unsafe-inline'; media-src *; 3
script-src https: 'unsafe-inline' 'unsafe-eval' 3
default-src 'none'; object-src 'self'; media-src blob: https://s3.amazonaws.com https://*.genial.ly https://*.aiaibot.com https://*.elsevier.com https://*.zdassets.com https://*.scene7.com https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.podcast.co https://*.pod.co https://*.radio.co https://*.lpsnmedia.net https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.hirslanden.ch https://*.infocentric.ch https://*.wistia.com https://*.medicosearch.ch https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://*.userway.org https://*.powerappsportals.com https://*.linkedin.com https://*.pinterest.com https://*.adform.net; font-src 'self' data: https://*.podigee.com https://*.podigee-cdn.net https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.amazonaws.com https://portal.k8s.preprod.msio.cloud https://*.medicosearch.ch https://*.powerappsportals.com https://*.linkedin.com https://*.pinterest.com https://*.adform.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://elshbe.mediclinic.co.za https://superspider-dev.azurewebsites.net https://*.data.adobedc.net https://extend.vimeocdn.com https://*.sc.omtrdc.net https://*.2o7.net https://assets.adobedtm.com https://www.googleoptimize.com https://googleads.g.doubleclick.net https://portal.k8s.preprod.msio.cloud https://*.aiaibot.com https://analytics.tiktok.com https://mcmebotstorage.blob.core.windows.net https://protect-de.mimecast.com https://*.yandex.ru https://*.zdassets.com https://analytics-eu.clickdimensions.com https://widget-mediator.zopim.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://cdnjs.cloudflare.com https://*.zvv.ch https://*.genial.ly https://*.3qsdn.com https://*.scene7.com https://*.pinimg.com https://*.podigee.com https://*.podigee-cdn.net https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.typeform.com https://play.pod.co https://siteimproveanalytics.com https://*.lpsnmedia.net https://*.licdn.com https://sc-static.net https://*.liveperson.net https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.linkedin.com https://*.instagram.com https://*.mediclinic.com https://*.elfsight.com https://uberall.com https://static-prod.uberall.com https://api.instacloud.io https://mediclinic.mediaplatform.com https://api.doctena.ch https://createsend.com https://createsend1.com https://*.createsend.com https://*.createsend1.com https://cdn.dotcy.com.cy https://*.crazyegg.com https://prodmcmebot.azurewebsites.net https://testmcmebot.azurewebsites.net https://*.medicosearch.ch https://*.infocentric.ch https://www.puls-berufe.ch https://*.gstatic.com https://*.google.com https://*.sprechzimmer.ch https://*.wistia.com https://fast.wistia.net https://src.litix.io https://s.ytimg.com https://www.youtube.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.googletagmanager.com https://maps.googleapis.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://connect.facebook.net https://*.twitter.com https://cdn.syndication.twimg.com https://csi.gstatic.com https://*.podcast.co https://*.pod.co https://*.radio.co https://code.jquery.com https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://*.clever-click.ch https://*.sli.do https://scatec.io https://soundcloud.com/ https://*.userway.org https://*.stag.mcme.az.bh.mehilainen.care https://*.powerappsportals.com https://*.pinterest.com https://*.adform.net; connect-src 'self' https://px.ads.linkedin.com/wa https://*.googlesyndication.com https://cdn.linkedin.oribi.io https://adservice.google.com https://analytics.google.com https://*.112.2o7.net https://dpm.demdex.net https://createsend.com https://createsend1.com https://*.createsend.com https://*.createsend1.com https://*.aiaibot.com https://api.bing.microsoft.com https://analytics.tiktok.com https://*.yandex.ru https://pecontent-health-elsevier-com.s3.amazonaws.com https://*.zdassets.com https://*.elsevier.com https://*.zendesk.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://cdnjs.cloudflare.com https://*.pinterest.com https://*.medicosearch.ch https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://stats.g.doubleclick.net https://*.blueglass.io https://*.mediclinic.co.za https://*.podcast.co https://*.pod.co https://*.radio.co https://*.googleadservices.com https://*.google-analytics.com https://*.analytics.google.com https://*.elfsight.com https://uberall.com https://blog.hirslanden.ch https://er24.info https://*.typeform.com https://*.wistia.com https://*.litix.io https://www.facebook.com https://*.crazyegg.com https://*.akamaihd.net https://www.google-analytics.com https://s7.addthis.com https://m.addthis.com https://*.tagboard.com https://tagboard.com https://*.onetrust.com https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://ton.twimg.com https://*.clever-click.ch https://scatec.io https://*.sli.do https://*.userway.org https://*.stag.mcme.az.bh.mehilainen.care https://*.powerappsportals.com https://*.adform.net; img-src * 'self' data:; style-src 'self' 'unsafe-inline' https://mcmebotstorage.blob.core.windows.net https://protect-de.mimecast.com https://*.podigee.com https://*.podigee-cdn.net https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://*.ads-twitter.com https://*.google.ch https://mediclinic.mediaplatform.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://cdn.dotcy.com.cy https://*.medicosearch.ch https://portal.k8s.preprod.msio.cloud https://cloud.typography.com https://*.sprechzimmer.ch https://*.twitter.com https://www-prod.hirslanden.ch https://*.tagboard.com https://tagboard.com https://*.crazyegg.com https://ton.twimg.com https://*.userway.org https://*.powerappsportals.com https://*.linkedin.com https://*.pinterest.com https://*.adform.net; frame-src 'self' https://feed.yellow.camera https://*.pinterest.com https://hirslandenag.demdex.net https://portal.k8s.preprod.msio.cloud https://*.medicosearch.ch https://analytics-eu.clickdimensions.com https://*.goreview.co.za https://*.aiaibot.com https://webform.mediclinicsa.co.za https://*.indigo.online https://*.artbutler.com https://*.zvv.ch https://*.genial.ly https://*.3qsdn.com https://*.tourmkr.com https://tourmkr.com https://*.tourextender.ch https://tourextender.ch https://*.podigee.com https://*.podigee-cdn.net https://*.infomaniak.com https://*.business360.ch https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.typeform.com https://*.doubleclick.ne https://*.pinimg.com https://*.doubleclick.net https://*.yandex.ru https://play.pod.co https://*.onedoc.ch https://onedoc.ch https://vimeo.com https://*.vimeo.com https://*.brightcove.net https://mixlr.com https://*.mixlr.com https://*.liveperson.net https://*.lpsnmedia.net https://*.snapchat.com https://*.ads-twitter.com https://*.linkedin.com https://*.instagram.com https://*.mediclinic.com https://*.mediclinic.co.za https://mediclinic.mediaplatform.com http://mcairportrdauh.royalwebhosting.net https://*.google.ch https://*.twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.doctena.com https://createsend.com https://createsend1.com https://*.createsend.com https://*.createsend1.com https://*.google.com https://*.googletagmanager.com https://w.soundcloud.com https://cdn.dotcy.com.cy https://prodmcmebot.azurewebsites.net https://testmcmebot.azurewebsites.net https://fast.wistia.com https://s7.addthis.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://www.youtube.com https://*.sprechzimmer.ch https://www.med-congress.info https://*.datahouse.ch https://*.detailnet.ch https://www2.hirslanden.ch https://vr.zaak.ch https://staticxx.facebook.com https://www.facebook.com https://tourmake.it https://tools.eurolandir.com https://twitter.com https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://*.crazyegg.com https://www.facebook.com https://*.clever-click.ch https://*.sli.do https://*.userway.org https://*.stag.mcme.az.bh.mehilainen.care https://*.powerappsportals.com https://*.adform.net; child-src 'self' blob: https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.ads-twitter.com https://*.google.ch http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://staticxx.facebook.com https://fast.wistia.com https://s7.addthis.com https://*.twitter.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://*.crazyegg.com https://ton.twimg.com https://*.clever-click.ch https://*.sli.do https://*.userway.org https://*.stag.mcme.az.bh.mehilainen.care https://*.powerappsportals.com https://*.linkedin.com https://*.pinterest.com https://*.adform.net; frame-ancestors 'self' https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://*.crazyegg.com https://*.clever-click.ch https://*.sli.do https://*.userway.org https://*.stag.mcme.az.bh.mehilainen.care https://*.powerappsportals.com https://*.linkedin.com https://*.pinterest.com https://*.adform.net ; 3
default-src * 'unsafe-inline' 'unsafe-eval' data: 3
default-src https:; connect-src https: wss: http:; font-src https: data:; img-src https: data: blob:; frame-src https: blob:; frame-ancestors 'self'; worker-src blob: https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 3
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'self' data: blob: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self'; object-src * 'self'; child-src * 'self'; frame-src * 'self'; frame-ancestors * 'self'; form-action * 'self' 3
frame-ancestors 'self' https://www.anglaisfacile.com https://www.francaisfacile.com https://www.tolearnenglish.com https://www.tolearnfrench.com https://www.allemandfacile.com https://www.espagnolfacile.com https://www.nlfacile.com https://www.italien-facile.com https://www.mesoutils.com https://www.mesexercices.com https://www.mathematiquesfaciles.com https://www.touslescours.com https://www.tolearnfrench.com https://*.tolearnfree.com; report-uri https://tolearnfree.report-uri.io/r/default/csp/enforce; base-uri 'self'; 3
default-src * 'self' blob: data: gap:; style-src * 'self' 'unsafe-inline' blob: data: gap:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * 'self' 'unsafe-inline' blob: data: gap:; connect-src 'self' * 'unsafe-inline' blob: data: gap:; frame-src * 'self' blob: data: gap: 3
frame-ancestors 'self' https://immobilier.jll.be https://events1.social27.com https://jll.maps.arcgis.com https://tools.jll.com https://journeys.jll.com https://qa-journeys.jll.com; 3
frame-ancestors 'self' https://smarthub.keystoneacademic.com https://sanity.keg.com; 3
connect-src http://ip-api.com/ 'self' https: data: 3
base-uri 'self' feed.pghub.io pandg.tapad.com ; font-src 'self' https: data: feed.pghub.io pandg.tapad.com ; frame-src 'self' https://feed.pghub.io https://www.youtube.com https://www.youtube-nocookie.com https://consumersupport.pg.com https://*.google.com www.google-analytics.com https://*.pricespider.com feed.pghub.io pandg.tapad.com ; img-src 'self' data: https://cdn.cookielaw.org https://*.mapbox.com https://*.bazaarvoice.com https://www.google.com images.ctfassets.net pixel.tapad.com www.googletagmanager.com www.google-analytics.com https://*.pricespider.com https://www.mapbox.com feed.pghub.io pandg.tapad.com ; object-src 'none' feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://*.pricespider.com https://*.mapbox.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.bazaarvoice.com https://*.segment.com https://*.mapbox.com https://*.pricespider.com https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://code.jquery.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.criteo.com https://static.criteo.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.pinimg.com https://ct.pinterest.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://js.adsrvr.org https://d.impactradius-event.com https://static.ads-twitter.com https://analytics.twitter.com https://pghub.io https://analytics.tiktok.com https://*.ibytedtos.com https://*.contentsquare.net https://app.contentsquare.com feed.pghub.io pandg.tapad.com ; upgrade-insecure-requests  ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; 3
default-src 'self' 'unsafe-inline';  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://cdn-ukwest.onetrust.com https://img.en25.com https://connect.facebook.net https://use.typekit.net https://az416426.vo.msecnd.net https://www.civica.com https://snap.licdn.com https://cdnjs.cloudflare.com https://*.episerver.net https://www.youtube.com https://geolocation.onetrust.com/ https://s3121.t.eloqua.com https://cdn.tiny.cloud/ https://static.oktopost.com/ https://okt.to/ https://*.demandbase.com/ https://s2079104782.t.eloqua.com/ https://cdn.cookielaw.org/;  connect-src 'self' https://*.onetrust.com https://*.visualstudio.com https://*.google-analytics.com https://stats.g.doubleclick.net https://s3121.t.eloqua.com https://civica-privacy.my.onetrust.com https://cookiesuksouth.blob.core.windows.net/  https://cdn.linkedin.oribi.io https://img.en25.com https://*.demandbase.com/ https://api.company-target.com https://www.google.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://cdn.cookielaw.org/  https://segments.company-target.com https://tracking.civica.co.uk/;  object-src 'none';  media-src 'self' data:;  img-src 'self' data: https://www.facebook.com https://*.eloqua.com https://p.typekit.net https://*.google-analytics.com https://*.linkedin.com https://www.google.com https://www.google.co.uk https://www.google.co.in https://licensebuttons.net https://p.adsymptotic.com https://sp.tinymce.com https://*.onetrust.com https://www.googletagmanager.com https://id.rlcdn.com/ https://segments.company-target.com/;  style-src 'self' 'unsafe-inline' data: https://cdn.tiny.cloud;  frame-ancestors 'self';  child-src 'self';  frame-src 'self' https://www.youtube.com https://*.fls.doubleclick.net/ https://player.vimeo.com https://www.facebook.com/ https://s.company-target.com/;  font-src 'self' https://use.typekit.net; 3
script-src * 'self' 'unsafe-inline' 'unsafe-eval' 3
script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://clients2.google.com https://payments.sandbox.google.com https://payments.google.com https://maps.googleapis.com https://translate.googleapis.com https://translate.google.com https://support.google.com https://www.gstatic.cn https://families.google.com https://clients1.google.com https://myaccount.google.com https://accounts.google.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/main_light_binary.js https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/feedback/js/ghelp/ https://www.google.com/js/bg/ https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PlayStoreUi/cspreport/allowlist 3
default-src *; font-src * data:;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 3
frame-ancestors 'self' http://admin.bonami.cz 3
frame-ancestors 'self' https://*.etracker.com 3
img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data: 3
default-src 'self' * 'unsafe-inline'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com www.google.com www.youtube.com cdn.cookielaw.org www.youtube-nocookie.com snap.licdn.com connect.facebook.net b2b.intrum.com b2b.intrum.fi b2b.intrum.dk track.adform.net googleads.g.doubleclick.net pi.pardot.com www.gstatic.com *.intrum.com *.hotjar.com *.inzynk.io; font-src 'self' 'unsafe-inline' fonts.gstatic.com; object-src 'none'; img-src * 'self' data: 3
frame-ancestors 'self' www.charleskeith.com www.pedroshoes.com 3
frame-ancestors 'self' *.sivuviidakko.fi *.lianacms.com *.tagomocms.fi; 3
frame-src 'self' 3
upgrade-insecure-requests; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.clarity.ms www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com unpkg.com img03.en25.com d.la3-c2-ia7.salesforceliveagent.com c.la3-c2-ia7.salesforceliveagent.com comeandsee.my.site.com www.mczbf.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com tags.srv.stackadapt.com members.cj.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com c.la3-c2-ia7.salesforceliveagent.com comeandsee.my.site.com www.artfut.com my.tealiumiq.com t.contentsquare.net d.la3-c2-ia7.salesforceliveagent.com canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com unpkg.com img03.en25.com www.mczbf.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com d.la3-core1.sfdc-lywfpd.salesforceliveagent.com d.la1-core1.sfdc-yzvdd4.salesforceliveagent.com map.brightcove.com assets.map.brightcove.com tags.srv.stackadapt.com members.cj.com; 3
frame-ancestors 'self' localhost:* *.tason.com http://localhost:3000 https://www.targetmarketing.co.kr https://mktplatform.tason.com https://dev-mktplatform.tason.com 3
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self'; object-src 'self'; connect-src wss: https: 3
object-src 'self' data: 3
script-src-elem *.newrelic.com *.maxymiser.net *.googletagmanager.com *.oracleinfinity.io *.crazyegg.com *.facebook.net *.getblue.io *.air.tech *.google-analytics.com *.doubleclick.net *.kommunicate.io *.youtube.com *.soicos.com *.tiktok.com *.yandex.com *.onesignal.com onesignal.com *.verificado.ai https://cdn-mz-gj-vai.verificado.ai/widget/main.js *.google.com *.gstatic.com https://www.google.com/recaptcha/ *.googleadservices.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.lightwidget.com *.clarity.ms *.bing.com unpkg.com *.greencolumnart.com *.hotjar.com *.cloudfront.net code.jquery.com stackpath.bootstrapcdn.com cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem fonts.googleapis.com *.kommunicate.io *.soicos.com *.verificado.ai *.cloudflare.com *.typekit.net https://www.google.com/recaptcha/ *.googletagmanager.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.crazyegg.com *.clarity.ms *.bing.com *.cdnfonts.com *.greencolumnart.com *.hotjar.io *.hotjar.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com use.typekit.net *.cloudflare.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com maxcdn.bootstrapcdn.com *.greencolumnart.com *.hotjar.io *.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.googletagmanager.com *.facebook.com *.transbank.cl *.sabbi.cl *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.cardinalcommerce.com *.paypal.com *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.payulatam.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.youtube.com *.vimeo.com *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.weltpixel.com *.facebook.com https://web.facebook.com *.google.com *.cnetcontent.com *.vimeo.com https://event.getblue.io *.getblue.io *.flipsnack.com https://heyzine.com https://promogallonic.com https://front-notrack.indexado.production.pmbox.cloud https://fichashppervasive.blob.core.windows.net https://notrack.indexado.pmbox.cloud https://emersya.com *.lightwidget.com/ https://mc.yandex.ru/ https://mc.yandex.md/ https://firalivepro.blob.core.windows.net/ https://fira-live-player-pro.azurewebsites.net/ https://20839951p.rfihub.com/ *.googletagmanager.com *.doubleclick.net *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.wufoo.com/ https://wufoo.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.soicos.com *.crazyegg.com *.verificado.ai https://komax-tracking.oms.linets.cl/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br mercadopago.cl/ *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.integration.komax.eclt.lnt.cl *.gstatic.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.connect.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.paypal.com *.syndigo.com *.syndigo.cloud *.google.com.co *.google.com.pa *.teads.tv *.gap.cl https://fichashppervasive.blob.core.windows.net *.komaxchile.cl/ *.kliper.cl/ https://dc.oracleinfinity.io/ https://s3.amazonaws.com/ https://stags.bluekai.com/ https://cm.g.doubleclick.net https://rrstatic.retailrocket.net/ https://mc.yandex.ru/ https://an.yandex.ru/ https://mc.yandex.md/ *.maxymiser.net *.komaxchile.cl *.bananarepublic.cl *.brooksbrothers.cl *.dcshoes.cl *.kipling.cl *.kivul.cl *.kliper.cl *.marmot.cl *.mammut.cl *.oldnavy.cl *.stoked.cl *.surprice.cl *.thenorthface.cl *.ugg.cl *.bananarepublic.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.kommunicate.io https://km-prod-s3-bucket.s3.amazonaws.com *.elfsight.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.cl *.google.com.pe *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.gap.com.pe news-oldnavy.cl *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.oraclecloud.com *.guess.cl *.greencolumnart.com *.hotjar.io *.hotjar.com komax-files.s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://cdn.polyfill.io https://browser.sentry-cdn.com *.integration.komax.eclt.lnt.cl https://www.googletagmanager.com tagmanager.google.com cdn.cs.1worldsync.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.facebook.net *.connect.facebook.net *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.paypal.com *.bootstrapcdn.com *.pingdom.net *.woorank.com *.demdex.net *.cnetcontent.com *.syndigo.com *.syndigo.cloud https://event.getblue.io *.getblue.io https://p.teads.tv https://smetrics.verdugotienda.com *.maxymiser.net/ *.kommunicate.io *.retailrocket.net *.oracleinfinity.io *.crazyegg.com *.komaxchile.cl *.oraclecloud.com *.onesignal.com https://onesignal.com/ *.googleoptimize.com *.lightwidget.com *.air.tech *.rfihub.net *.hicloud.com *.tiktok.com *.hotjar.com *.bananarepublic.cl/ *.brooksbrothers.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.elfsight.com https://mc.yandex.ru/ https://mc.yandex.md/ https://an.yandex.ru/ *.tenetcomm.com/ https://tenetcomm.com/ *.wufoo.com/ https://wufoo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.nr-data.net unpkg.com *.soicos.com *.verificado.ai *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.greencolumnart.com code.jquery.com cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com tagmanager.google.com *.cloudflare.com *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com https://rrstatic.retailrocket.net/ https://widget.kommunicate.io/ *.fontawesome.com https://firalivepro.blob.core.windows.net *.brooksbrothers.cl/ https://*.komaxchile.cl *.bananarepublic.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.kommunicate.io unsafe-inline *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com maxcdn.bootstrapcdn.com *.greencolumnart.com *.hotjar.io *.hotjar.com 'self' 'unsafe-inline'; object-src *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com 'self' 'unsafe-inline'; media-src *.adobe.com *.syndigo.com *.syndigo.cloud https://emersya.com *.bananarepublic.cl/ *.brooksbrothers.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.kommunicate.io *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.youtube.com youtube.com *.greencolumnart.com *.hotjar.io *.hotjar.com 'self' 'unsafe-inline'; manifest-src *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net https://*.ingest.sentry.io wss://tm.filter:1502/ xml.ssreviewsportal.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.google.com *.paypal.com *.pingdom.net *.woorank.com *.demdex.net *.cnetcontent.com *.youtube.com *.syndigo.com *.syndigo.cloud product-feature-service.production.alquimio.cloud api.repositorio.production.alquimio.cloud orchestrator.production.aks.alquimio.cloud *.teads.tv *.doubleclick.net *.kommunicate.io *.oracleinfinity.io *.oraclecloud.com *.tiktok.com https://mc.yandex.ru/ https://an.yandex.ru https://mc.yandex.md/ *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.maxymiser.net/ *.elfsight.com https://analytics.pangle-ads.com/ *.tenetcomm.com/ https://tenetcomm.com/ *.wufoo.com/ https://wufoo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.crazyegg.com *.nr-data.net *.sentry.io *.google-analytics.com *.facebook.net google.com *.soicos.com *.yandex.com *.verificado.ai *.amazonaws.com https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com  wss://*.zendesk.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com wss://ws.hotjar.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com http: https: blob: 'self' 'unsafe-inline'; default-src *.maxymiser.net *.komaxchile.cl *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com 'self' 'unsafe-inline'; 3
'self' 3
frame-ancestors whitelabel.camspower.com cams.dnxlive.com 3
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; 3
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 3
frame-ancestors 'self' https://*.moody.edu 3
default-src https: data: 'unsafe-inline' blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net *.google-analytics.com https://www.googleanalytics.com https://www.google.com/recaptcha/ https://www.recaptcha.net https://www.gstatic.com/recaptcha/ https://api.maptiler.com https://cdn.maptiler.com https://connect.facebook.com https://connect.facebook.net https://bat.bing.com https://js.stripe.com https://*.googletagmanager.com/ https://pagead2.googlesyndication.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com/ https://beacon-v2.helpscout.net/ https://kit.fontawesome.com/ https://api.mapbox.com/ https://*.hotjar.com https://*.hotjar.io https://widget.surveymonkey.com/ https://ajax.googleapis.com/ https://js.sentry-cdn.com https://browser.sentry-cdn.com https://o4507096105549824.ingest.de.sentry.io https://*.visualwebsiteoptimizer.com https://app.vwo.com; img-src 'self'  https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.babysits.com https://*.babysits.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://bat.bing.com https://www.facebook.com https://www.facebook.net https://ade.googlesyndication.com https://pagead2.googlesyndication.com/ https://*.g.doubleclick.net https://*.googleusercontent.com https://*.hotjar.com https://*.hotjar.io https://*.visualwebsiteoptimizer.com https://chart.googleapis.com https://wingify-assets.s3.amazonaws.com https://app.vwo.com data: blob: ; connect-src 'self' https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://cdn.babysits.com https://events.babysits.com https://events.staging.babysits.net https://events.babysits.com.development.babysits.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com/ https://*.g.doubleclick.net https://www.googleadservices.com/ https://www.facebook.com https://api.stripe.com https://api.maptiler.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://bam.nr-data.net https://bam-cell.nr-data.net wss://*.pusher.com https://ka-p.fontawesome.com/ https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://o4507096105549824.ingest.de.sentry.io https://cdn.liveness.rekognition.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com wss://streaming-rekognition.eu-west-1.amazonaws.com/start-face-liveness-session-websocket https://*.visualwebsiteoptimizer.com https://app.vwo.com; frame-src 'self'  https://www.google.com https://td.doubleclick.net/ https://bid.g.doubleclick.net https://www.facebook.com https://js.stripe.com https://hooks.stripe.com https://www.youtube-nocookie.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.recaptcha.net https://*.hotjar.com https://*.hotjar.io https://*.surveymonkey.com/ https://app.vwo.com https://*.visualwebsiteoptimizer.com; worker-src blob: ; child-src blob: ; font-src https://cdn.babysits.com https://*.hotjar.com https://*.hotjar.io https://app.vwo.com https://*.visualwebsiteoptimizer.com; frame-ancestors 'self'; object-src 'none' ; base-uri 'none'; style-src 'self' 'unsafe-inline' https://*.visualwebsiteoptimizer.com https://app.vwo.com https://s3.amazonaws.com https://cdn.maptiler.com; 3
frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests; form-action 'self' https://hayward.com/customer/account/logout/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.yotpo.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; style-src https://haywardpools.tfaforms.net/ https://stackpath.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/css/font-awesome.min.css *.adobe.com fonts.googleapis.com *.yotpo.com *.googleapis.com unsafe-inline assets.braintreegateway.com static.ecorebates.com 'self' 'unsafe-inline'; script-src https://code.jquery.com/jquery-1.12.4.min.js https://code.jquery.com/jquery-2.2.4.min.js https://code.jquery.com/jquery-3.2.1.min.js https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.3.5/jquery.fancybox.min.js https://html5.dcatalog.com/dcviewer.js https://api.ipify.org/ https://unpkg.com/react@18/umd/react.production.min.js https://unpkg.com/react-dom@18/umd/react-dom.production.min.js https://assets.adobedtm.com/ https://adobedc.demdex.net/ https://edge.adobedc.net https://haywardpools.tfaforms.net/ https://widget-hosts.mavenoid.com https://app.mavenoid.com https://api.mavenoid.com/ https://mavenoidfiles.com/ https://mavenoid.com/ assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com bam.nr-data.net js-agent.newrelic.com tfaforms.com adobedc.demdex.net *.yotpo.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com static.ecorebates.com hayward.ecorebates.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src https://www.youtube.com 'self' *.adobe.com www.totallyhayward.com 'self' 'unsafe-inline'; img-src https://hayward-pool-assets.com https://haywardpools.tfaforms.net https://mavenoidfiles.com/ https://mavenoid.com/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; frame-src http://www.haywardnet.com https://html5.dcatalog.com https://haywardpools.tfaforms.net https://maps.google.com/ blob: fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com haywardpools.tfaforms.net *.yotpo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; font-src https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/ *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com static.ecorebates.com data: 'self' 'unsafe-inline'; connect-src https://www.haywardnet.com/inground/products/energysolutions/getEnergyCalculatorResults.cfm https://hayward.ecorebates.com/ https://hayward-test-jsons.s3.amazonaws.com/data/locationData.json https://hayward-test-jsons.s3.amazonaws.com/data/featuresData.json https://hayward-test-jsons.s3.amazonaws.com/data/materialData.json https://hayward-test-jsons.s3.amazonaws.com/data/propertyTypeData.json https://hayward-test-jsons.s3.amazonaws.com/data/shapeSizeData.json https://hayward-test-jsons.s3.amazonaws.com/data/galleryData.json https://www.youtube.com https://assets.adobedtm.com/ https://adobedc.demdex.net/ https://edge.adobedc.net https://us-east-1-otel.formassembly.com/v1/traces https://stats.g.doubleclick.net/g/collect https://widget-hosts.mavenoid.com https://app.mavenoid.com https://api.mavenoid.com/ https://mavenoidfiles.com/ https://mavenoid.com/ https://commerce.hayward-pool-assets.com/magento/ dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com thm.visa.com api.addressy.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com bam.nr-data.net js-agent.newrelic.com *.yotpo.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; default-src  'self' 'unsafe-inline' 'unsafe-eval'; 3
script-src 'self' 'unsafe-eval' blob: open.spotifycdn.com open-review.spotifycdn.com quicksilver.scdn.co www.google-analytics.com www.googletagmanager.com static.ads-twitter.com analytics.twitter.com s.pinimg.com sc-static.net https://www.google.com/recaptcha/ cdn.ravenjs.com connect.facebook.net www.gstatic.com sb.scorecardresearch.com pixel-static.spotify.com cdn.cookielaw.org geolocation.onetrust.com www.googleoptimize.com www.fastly-insights.com static.hotjar.com script.hotjar.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion/ https://analytics.tiktok.com/i18n/pixel/sdk.js https://analytics.tiktok.com/i18n/pixel/identify.js https://analytics.tiktok.com/i18n/pixel/config.js https://www.redditstatic.com/ads/pixel.js https://t.contentsquare.net/uxa/22f14577e19f3.js 'sha256-WfsTi7oVogdF9vq5d14s2birjvCglqWF842fyHhzoNw=' 'sha256-KRzjHxCdT8icNaDOqPBdY0AlKiIh5F8r4bnbe1PQwss=' 'sha256-Z5wh7XXSBR1+mTxLSPFhywCZJt77+uP1GikAgPIsu2s='; frame-ancestors 'self' https://adgen-dev.spotify.com/account/*/ad/*/details https://adgen-dev.spotify.com/preview/* https://ads-voltron-ui-*.slingshot-instance.spotify.net/account/*/ad/*/details https://ads-voltron-ui-*.slingshot-instance.spotify.net/preview/* https://local.spotify.net/account/*/ad/*/details https://local.spotify.net/preview/*; 3
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob:; frame-ancestors 'self'; form-action 'self'; 3
default-src * 'unsafe-eval' 'unsafe-inline' 'unsafe-dynamic' data: filesystem: about: blob: ws: wss: 3
default-src 'self' https://videos.ctfassets.net/ feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' * ; img-src * 'self' data: https: blob: ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 3
frame-ancestors 'self'; frame-src enovationgroup.com *.enovationgroup.com *.stuurlui.dev *.savviihq.com *.facebook.com *.google.com *.cookiebot.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.fontawesome.com *.ont.stuurlui.dev *.ontw.stuurlui.dev *.zaurus.io *.doubleclick.net forms.zoho.eu forms.zohopublic.eu 3
frame-ancestors 'self' apac.marketing.adobe.com 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: javascript: instagram.com https://api.clientify.net wolkvox-cobrowsing-agent-fd5zvw7swa-ue.a.run.app widget02.wolkvox.com d335luupugsy2.cloudfront.net wolkvox-cobrowsing-agent-fd5zvw7swa-ue.a.run.app https://platform.bluemessaging.net checkout.wompi.co *app.sitp.gov.co *.firebaseio.com *.aldeamo.com *.bootstrapcdn.com *.cloudflare.com https://chat1-cls27.i6.inconcertcc.com https://webchat-cls27.i6.inconcertcc.com *.facebook.net *.fontawesome.com https://mas-spn.inconcertcc.com *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.hippochat.io *.hotjar.com *.jquery.com *.jsdelivr.net *.livechatinc.com *.snapengage.com *.twimg.com *.twitter.com *.uniquindio.edu.co unpkg.com *.ytimg.com *.youtube.com *.zendesk.com ; img-src 'self' blob: data: javascript: *.aldeamo.com *.amazonaws.com *.bluemessaging.net *.cool especiales.presidencia.gov.co *.facebook.com fuguchat.s3.ap-south-1.amazonaws.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.gstatic.com *.hippochat.io *.hotjar.com *.livechatinc.com sedeelectronica.com.co sellodeexcelencia.gov.co *.snapengage.com s-static.ak.facebook.com stats.g.doubleclick.net synersis.co:8442 smartlink.cool *.twimg.com *.twitter.com *.uniquindio.edu.co vozme.com *.youtube.com *.zendesk.com ; style-src 'self' 'unsafe-inline' https://apps.clientify.net wolkvox-cobrowsing-agent-fd5zvw7swa-ue.a.run.app https://platform.bluemessaging.net *.aldeamo.com *.bootstrapcdn.com govco.sedeelectronica.com.co ton.twimg.com *.cali.gov.co https://mas-spn.inconcertcc.com https://cdn.jsdelivr.net  *.cloudflare.com *.fontawesome.com *.hippochat.io *.hotjar.com *.jquery.com *.nexura.com *.gstatic.com *.google.com *.googleapis.com sedeelectronica.com.co *.twitter.com *.uniquindio.edu.co *.zendesk.com ; font-src 'self' data: *.cali.gov.co https://mas-spn.inconcertcc.com govco.sedeelectronica.com.co sedeelectronica.com.co *.fontawesome.com *.hotjar.com *.bootstrapcdn.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.nexura.com sedeelectronica.com.co *.uniquindio.edu.co ; object-src 'self' data: ; frame-ancestors 'self' *.nexura.com *.uniquindio.edu.co ; media-src 'self' blob: https://c11.radioboss.fm:18054/stream  *.radioboss.fm:18054/stream  *.uniquindio.edu.co vozme.com smartlink.cool *.smartlink.cool ; 3
policy 3
default-src *;   img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;   style-src  'self' 'unsafe-inline' * 3
default-src 'self'; frame-ancestors 'self' 3
frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 3
default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self'; upgrade-insecure-requests; 3
frame-ancestors 'self' my.samsonite.test.frucon.net my.samsonite.staging.frucon.net my.samsonite.com *.narvar.com narvar.com *.integrations-narvar.com dobit.com *.dobit.com samsonite-dxp.dobit.com http://localhost:88; base-uri 'self'; 3
default-src 'self'; child-src blob:; media-src * 'self' data: https: blob:; style-src 'self' 'unsafe-inline' *.pricespider.com *; img-src * 'self' data: https: blob: *.pricespider.com; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: https:; frame-src *; 3
default-src * data: 'unsafe-inline' 'unsafe-eval'; 3
frame-ancestors 'self' *.betssongroupaffiliates.com 3
frame-ancestors 'self' http://*.elsevier.es/ 3
frame-ancestors 'self' *.azdev.direct *.adobe.com direct.lvh.me:8080 3
frame-ancestors 'self' http://duravit.com https://dna.duravit.com http://staffbase.com capacitor://duravit.com capacitor://staffbase.com localhost:*; 3
frame-ancestors 'self' https://accept.authorize.net 3
frame-ancestors 'self' *.11freunde.de *; 3
default-src 'self' *.via-mobilis.com api.via-mobilis.com http://media.viamobilis.export.doorlinkenvoorraad.nl https://stockway.pro accounts.google.com www.google.com *.googleadservices.com *.trustpilot.com *.googlesyndication.com *.googletagservices.com *.static-viamobilis.com static-viamobilis.com *.ampproject.net https://acdn.adnxs.com/ *.doubleclick.net *.criteo.com *.youtube.com youtube.com *.komoot.de photon.kamoot.de *.komoot.io photon.komoot.io *.hotjar.com *.usersnap.com criteo.net *.criteo.net *.tawk.to cloud.panono.com poulalion.eu *.vimeo.com www.recaptcha.net *.facebook.com https://platform.twitter.com ; img-src * *.google-analytics.com *.googletagmanager.com data: blob: 'self' ; script-src * *.googleanalytics.com *.google-analytics.com *.googleoptimize.com https://photon.komoot.de/ https://my.via-mobilis.com/ 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'self' 'unsafe-inline' https://static-viamobilis.com; font-src * data:; connect-src * data: 'self'; base-uri 'self' ; worker-src * data: blob: 3
frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com *.casinoalternativen.com *.onlinecasinobonus24.xyz *.livetableshu.com webcache.googleusercontent.com 3
default-src 'self' *.smartbox.com *.bongo.be *.bongo.nl *.emozione3.it *.lavidaesbella.es *.dakotabox.es *.dakotabox.fr *.cadeaubox.be *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.google.be *.google.se *.google.ch *.google.de *.google.se *.google.nl *.google.co.uk *.google.es *.google.pt *.google.it *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li smartboxprod.112.2o7.net *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es *.lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.sharethis.com *.pinterest.com *.s3-us-west-2.amazonaws.com *.instagram.com *.w.org *.ampproject.org *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr *.onetrust.com *.amazon-adsystem.com *.everesttech.net *.demdex.net s3.eu-west-1.amazonaws.com mpi-v2-simulation.test.v-psp.com *.trusted.com secure7.arcot.com leetchi.com webpayment.payline.com *.cloudfunctions.net *.freshrelevance.com s3.amazonaws.com *.contentsquare.net t.contentsquare.net app.contentsquare.com static-eu.payments-amazon.com *.fbapphouse.com static-eu.payments-amazon.com mws-eu.amazonservices.com api.sandbox.amazon.de api.amazon.de payments-de.amazon.com payments.amazon.it images-na.ssl-images-amazon.com m.media-amazon.com payments-eu.amazon.com payments.amazon.es payments.amazon.fr payments.amazon.it payments.amazon.co.uk payments.amazon.com payments.amazon.de cdn.aimtell.com log.aimtell.com am.freshrelevance.com api.stripe.com js.stripe.com q.stripe.com analytics.aimtell.com beacon.aimtell.com api.aimtell.com c7.dycdn.net *.lepotcommuntest.fr lepotcommun.fr cx.atdmt.com snap.licdn.com cdn.aimtell.io sts.comp.eu blob: sts.ccmp.eu s.kk-resources.com px.ads.linkedin.com xd.wayin.com u360.d-bi.fr demob2c.wbe.travel c7.dycdn.net *.cloudfront.net am.freshrelevance.com c.contentsquare.net cm.everesttech.net smartbox.demdex.net img-statics.com get.smart-data-systems.com stats.webleads-tracker.com precart-js.s3-website-eu-west-1.amazonaws.com sp.analytics.yahoo.com eqy.link track.adform.net s.yimg.com s2.adform.net ws: wss: cdn.wisepops.com loader.wisepops.com popup.wisepops.com tracking.wisepops.com pixel.bsmartdata.com creativecdn.com payments-de-sandbox.amazon.com *.outbrain.com widget.trustpilot.com sc-static.net tr.snapchat.com cdn.jsdelivr.net ga-demographics-into-adobe.ew.r.appspot.com smartbox-france.my.join-stories.com www.link-page.info *.criteo.com exchange.mediavine.com sync-t1.taboola.com criteo-sync.teads.tv visitor.omnitagjs.com criteo-partners.tremorhub.com sync-criteo.ads.yieldmo.com tags.creativecdn.com ams.creativecdn.com fledge-eu.creativecdn.com images.unsplash.com unsplash.com fonts.join-stories.com images.join-stories.com videos.join-stories.com api.stories.studio *.my.join-stories.com s3.eu-west-3.amazonaws.com s.pinimg.com signals.aimtell.com content.wbeapi.com *.adn.cloud static.ada.support rollout.ada.support smartbox.ada.support cdn.linkedin.oribi.io s.wayin.com unpkg.com stats.g.doubleclick.net k-aeul.contentsquare.net c.contentsquare.net wss://am.freshrelevance.com region1.google-analytics.com measurement-api.criteo.com td.doubleclick.net analytics.tiktok.com x.wayin.com payment.direct.worldline-solutions.com; 3
default-src 'self' https://www.dlcompare.com https://*.dlcompare.com https://*.amazonaws.com https://www.googletagmanager.com https://www.youtube.com https://*.youtube.com http://youtu.be https://www.google.com https://fonts.gstatic.com https://twitter.com https://*.twitter.com https://platform-lookaside.fbsbx.com https://streamable.com https://player.vimeo.com https://player.twitch.tv https://gfycat.com https://discordapp.com https://discord.com https://cdn.iframe.ly https://www.google-analytics.com https://stats.g.doubleclick.net https://if-cdn.com https://*.hotjar.com https://vc.hotjar.io/ wss://*.hotjar.com https://gleam.io; style-src 'self' 'unsafe-inline' https://www.dlcompare.com https://*.dlcompare.com https://*.amazonaws.com https://fonts.googleapis.com https://cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' https://www.dlcompare.com https://*.dlcompare.com https://*.amazonaws.com https://cdn.jsdelivr.net https://connect.facebook.net https://platform.twitter.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com https://*.gleam.io https://*.gleamjs.io/ https://*.google.com; img-src 'self' data: https://www.dlcompare.com https://*.dlcompare.com https://*.amazonaws.com https://cdn.akamai.steamstatic.com https://steamcdn-a.akamaihd.net https://cdn.staticaly.com https://graph.facebook.com https://*.twitter.com https://*.cloudfront.net/facebook/ https://*.cloudfront.net/twitter/ https://*.cloudfront.net/instagram/ https://i.imgur.com https://if-cdn.com https://www.google-analytics.com https://platform-lookaside.fbsbx.com https://www.google.com https://*.fbcdn.net https://*.hotjar.com https://*.gleam.io https://flagcdn.com https://cdn.discordapp.com https://discord.com 3
frame-ancestors 'self' analytics.pt-dlr.de 3
frame-ancestors 'self' *.casinomodule.com *.playngonetwork.com *.comeoncasino.com; 3
default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors *; upgrade-insecure-requests; object-src 'none' 3
frame-ancestors 'self' https://cms.hanleywood.com 3
frame-ancestors 'self' https://drivmp--fullcopy.lightning.force.com https://drivmp--fullcopy.my.salesforce.com https://drivmp--fullcopy--c.visualforce.com https://drivmp.lightning.force.com https://drivmp.my.salesforce.com https://drivmp--c.visualforce.com https://drivmp--fullcopy.sandbox.lightning.force.com https://drivmp--fullcopy.sandbox.my.salesforce.com https://drivmp--fullcopy--c.sandbox.visualforce.com https://drivmp--fullcopy--c.sandbox.vf.force.com https://drivmp--c.vf.force.com 3
frame-ancestors 'self' *.multimediabs.com *.orange.com *.orange-business.com 3
object-src 'none'; frame-ancestors 'none' 3
script-src 'self' 'unsafe-inline' https://static.cloudflareinsights.com https://stage-rotators-cdn.griffona.app https://cdnboost.net *.google-analytics.com *.sentry-cdn.com; connect-src * 3
font-src fonts.gstatic.com use.typekit.net https://www.gstatic.com https://fonts.gstatic.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com use.fontawesome.com data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; frame-ancestors www.paypalobjects.com 'self'; form-action https://enews.dynatrap.com/ https://enews.terro.com/ https://enews.victorpest.com/ https://enews.havahart.com/ https://enews.mosquitomagnet.com/ https://enews.perkypet.com/ https://enews.saferbrand.com/ https://enews.zarebasystems.com/ https://enews.vlink.victorpest.com/ https://enews.woodstreambrands.ca/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; style-src api.tiles.mapbox.com widget.freshworks.com *.usablenet.com *.udev1a.net https://fonts.googleapis.com/ https://*.typekit.net/ *.adobe.com fonts.googleapis.com *.sharethis.com unsafe-inline assets.braintreegateway.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.gstatic.com use.fontawesome.com cdn.listrakbi.com cdn.pricespider.com 'self' 'unsafe-inline'; script-src *.pricespider.com api.tiles.mapbox.com snap.licdn.com widget.freshworks.com *.usablenet.com *.udev1a.net https://www.google.com/ https://www.gstatic.com/ https://commerce.adobedtm.com/ https://app.jazz.co/ *.marketingcloudfx.com c.amazon-adsystem.com assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.sharethis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com *.gstatic.com js.klevu.com *.ksearchnet.com maps.googleapis.com *.googleapis.com *.maxmind.com services.listrak.com *.listrakbi.com *.tiktok.com *.bing.com *.hotjar.com connect.facebook.net wtbevents.pricespider.com locate.pricespider.com bam.nr-data.net js-agent.newrelic.com cdn.leadmanagerfx.com agent.marketingcloudfx.com use.fontawesome.com *.truevaultcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src *.cdninstagram.com *.adobe.com player.vimeo.com download-video.akamaized.net 'self' 'unsafe-inline'; img-src bat.bing.com *.google.ca *.pricespider.com px.ads.linkedin.com *.cdninstagram.com *.mapbox.com   cdnjs.cloudflare.com  polaris.truevaultcdn.com https://samples.woodstream.com/ *.google.com.ua *.google.pl assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.klevu.com *.ksearchnet.com flagpedia.net maps.gstatic.com www.facebook.com *.google.com *.usablenet.com www.dynatrap.com *.listrakbi.com www.gstatic.com www.zarebasystems.com maps.googleapis.com www.woodstream.com www.woodstreampartnerportal.com www.woodstreampartnerportal.ca www.terro.com www.victorpest.com www.havahart.com www.mosquitomagnet.com www.perkypet.com www.saferbrand.com vlink.victorpest.com www.woodstreambrands.ca storage.googleapis.com mediacdn.espssl.com *.woodstreampartnerportal.com s7d2.scene7.com data: 'self' 'unsafe-inline'; frame-src www.paypalobjects.com s.amazon-adsystem.com https://a40.usablenet.com/ https://ws-nameplate-printer.netlify.app/ services.listrak.com player.flipsnack.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://www.google.com *.googleapis.com *.google.com *.weltpixel.com *.usablenet.com 'self' 'unsafe-inline'; connect-src stats.g.doubleclick.net content.hotjar.io *.hotjar.com bat.bing.com wss://*.hotjar.com/ *.mapbox.com cdn.linkedin.oribi.io widget.freshworks.com vc.hotjar.io woodstream.freshdesk.com https://commerce.adobedc.net/ https://commerce.adobe.io/ https://graph.instagram.com/ 'self' https://prod-29.westus.logic.azure.com/ *.webpagefx.org https://us-central1-ws-m2-dev-migration-map.cloudfunctions.net https://instagramfeed-lvc56rmsca-uc.a.run.app *.pricespider.com *.mapbox.com   cdnjs.cloudflare.com  https://pagead2.googlesyndication.com/ https://prod-180.westus.logic.azure.com/ googleads.g.doubleclick.net js.go2sdk.com *.amazon-adsystem.com ara.paa-reporting-advertising.amazon *.google-analytics.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.sharethis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.klevu.com *.ksearchnet.com www.gstatic.com maps.googleapis.com *.googleapis.com *.mmapiws.com *.tiktok.com recs.listrakbi.com paypal.com bam.nr-data.net *.leadmanagerfx.com *.marketingcloudfx.com *.truevaultcdn.com 'self' 'unsafe-inline'; 3
default-src http: 'unsafe-inline' 'unsafe-eval' 3
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-eval'; block-all-mixed-content; upgrade-insecure-requests 3
default-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.culturaldistrict.org *.hotjar.io *.hotjar.com https://embed.typeform.com *.googleapis.com https://www.googletagmanager.com https://static.formstack.com *.pittsburghsymphony.org https://cdnjs.cloudflare.com https://unpkg.com *.typekit.net https://static.geetest.com *.gbox.me; connect-src 'self' *.amazonaws.com *.googlesyndication.com/ https://pct.formstack.com https://api.addressy.com https://trustarts.queue-it.net https://analytics.tiktok.com *.purechat.com https://adservice.google.com https://analytics.google.com https://services.postcodeanywhere.co.uk https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://maps.googleapis.com https://online.anyflip.com https://checkoutshopper-live-us.adyen.com/ *.typeform.com *.datadome.co ct.captcha-delivery.com https://rum.browser-intake-datadoghq.com; img-src https: data:; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com *.formstack.com https://use.typekit.net; object-src 'none'; media-src 'self' *.culturaldistrict.org; frame-src 'self' https://widgets.resy.com *.approveforgood.com/ https://geo.captcha-delivery.com *.applytojob.com/ *.doubleclick.net *.culturaldistrict.org *.formstack.com *.googlesyndication.com/ *.pittsburghsymphony.org https://form.typeform.com/ *.youtube.com https://www.youtube-nocookie.com/ https://w.soundcloud.com/ https://e.issuu.com https://insight.adsrvr.org https://player.vimeo.com https://vars.hotjar.com https://www.facebook.com *.google.com https://www.recaptcha.net https://online.anyflip.com https://albumizr.com/ https://checkoutshopper-live-us.adyen.com/; frame-ancestors 'self'; 3
frame-ancestors 'self' https://*.sdcounty.ca.gov:*; 3
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 3
frame-ancestors 'none'; report-uri csp-reports; report-to csp-endpoint; 3
frame-ancestors 'self' *.volusion.com 3
default-src 'self' *.google.com *.addthis.com *.brazenconnect.com *.youtube.com *.vimeo.com *.dvidshub.net *.military.com *.cloudfront.net; img-src 'self' data: *.sharethis.com *.bing.com *.clarity.com *.clarity.ms *.linkedin.com *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.storeimaging.com *.ytimg.com *.vimeocdn.com *.click2apply.net *.staticflickr.com *.cloudfront.net; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.fonts.net *.cloudfront.net *.brazenconnect.com; font-src 'self' *.jsdelivr.net *.gstatic.com *.fonts.net; script-src-elem 'self' 'unsafe-inline' *.sharethis.com *.clarity.com *.clarity.ms *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.licdn.com *.brazenconnect.com *.addthis.com *.moatads.com *.addthisedge.com *.military.com *.cloudfront.net *.vimeo.com; connect-src 'self' *.sharethis.com *.clarity.com *.clarity.ms *.googleapis.com *.google-analytics.com *.addthis.com *.brazenconnect.com *.linkedin.com *.linkedin.oribi.io *.luckyorange.com *.luckyorange.net wss://*.live *.doubleclick.net; form-action 'self' *.gdmissionsystems.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; 3
default-src 'self'; connect-src *; font-src data: *; frame-src *; img-src data: *; media-src *; object-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; 3
default-src *; font-src 'self' data: https://static.opencityitalia.it https://fonts.gstatic.com https://acsbapp.com https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https:; img-src * 'self' data: https: blob:; report-uri 3
same-origin 3
frame-ancestors 'self' https://citylightcloud.com https://geocentric.com 3
base-uri 'self'; frame-ancestors 'none'; report-uri /report-csp-violation 3
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 3
frame-ancestors 'self' https://saint-gobain.wmh-demos.com/; 3
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; 3
policy-definition 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: cdn.intersport.serv.si www.intersport.si intersport.si preview.ssgtm.intersport.si ssgtm.intersport.si www.intersport.hr appleid.cdn-apple.com/appleauth/ applepay.cdn-apple.com *.cookiebot.com cdnjs.cloudflare.com ajax.googleapis.com fcm.googleapis.com fonts.googleapis.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.googleoptimize.com maps.googleapis.com maps.gstatic.com fonts.gstatic.com www.gstatic.com *.google.com google.com www.google.si www.google.de googleads.g.doubleclick.net stats.g.doubleclick.net omara.cdn-cnj.si img.cdn-cnj.si cpx.smind.si cpx.smind.hr cpx.smind.rs chimpstatic.com connect.facebook.net stats.g.doubleclick.net www.facebook.com *.creativecdn.com creativecdn.com *.paypal.com www.paypal.com www.paypalobjects.com platform.linkedin.com *.twitter.com *.pinterest.com www.youtube.com *.mercator.si maxcdn.bootstrapcdn.com secure.gravatar.com dts.cld.bz edge.fullstory.com fullstory.com rs.fullstory.com www.pimcore.org yoast.com *.braintreegateway.com *.braintree-api.com *.segmentify.com cdn.sgmntfy.com api.instacloud.io *.fna.fbcdn.net *.vimeo.com i.vimeocdn.com my.matterport.com my.mpskin.com graph.instagram.com *.cdninstagram.com cdn.crobox.io api.crobox.com; frame-ancestors 'self' blob: https://vr.intersport.si https://vr.intersport.hr https://vr.intersport.rs https://vr.intersport.ba https://vr.intersport.me; 3
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' 3
frame-ancestors 'self' *.get-paid.com *.flokigames.com *.localhost freebitcoin.io http://localhost:3000 3
default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' 3
upgrade-insecure-requests; report-uri 3
frame-ancestors 'self' app.optimizely.com unileverde.inone.useinsider.com *.adobe.com *.adobemc.com  https://api.useinsider.com/;script-src data: https: wss: about: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com unileverde.api.useinsider.com;style-src data: https: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com unileverde.api.useinsider.com;img-src data: https: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com unileverde.api.useinsider.com;font-src data: https: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com unileverde.api.useinsider.com;connect-src data: https: wss: about: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com unileverde.api.useinsider.com;frame-src data: https: wss: about: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com unileverde.api.useinsider.com; 3
frame-ancestors 'self' *.cms.snakeware.nl *.snakeware.nl *.snakeware.cloud *.snakeware.test *.snakeware.local 3
frame-src 'self' *.youtube.com static.addtoany.com td.doubleclick.net static.addtoany.com www.google.com sidebar.bugherd.com 18.134.245.132 *.issuu.com youtube.com *.hsforms.com issuu.com; object-src 'none';base-uri 'self' 3
block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests; 3
upgrade-insecure-requests; frame-ancestors 'self'; default-src * data: 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; worker-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; child-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; base-uri 'self'; 3
script-src 'self' http://java.sun.com/jsp/jstl/core http://java.sun.com/jsp/jstl/fmt http://tiles.apache.org/tags-tiles 'unsafe-inline' 'wasm-unsafe-eval' 3
default-src https: wss://*.hotjar.com wss://wc.dcbprotect.com:8080 'unsafe-inline' 3
frame-ancestors 'self'; report-uri https://stoklasa.report-uri.io/r/default/csp/enforce 3
default-src 'self'; img-src 'self' data:; 3
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com github.githubassets.com edge.fullstory.com rs.fullstory.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ 2
img-src 'self' blob: data: icloud.com *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.icloud-content.com.cn *.apple-mapkit.com *.mzstatic.com; media-src 'self' blob: data: *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.icloud-content.com.cn; font-src 'self' blob: data: icloud.com *.icloud.com *.apple.com *.cdn-apple.com; connect-src blob: 'self' icloud.com *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.icloud-content.com.cn *.apple-mapkit.com; frame-src 'self' blob: mailto: tel: *.icloud.com *.apple.com *.icloud-sandbox.com *.icloud-content.com *.icloud-content.com.cn; frame-ancestors 'self' *.icloud.com *.apple.com; form-action 'self' *.icloud.com *.apple.com; child-src blob: 'self'; base-uri 'self' *.icloud.com *.cdn-apple.com; report-uri https://feedbackws.icloud.com/reportRaw 2
default-src 'self' data: blob:;script-src *.whatsapp.com *.whatsapp.net *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval' 'self' data: blob: *.twitter.com;style-src *.whatsapp.com *.whatsapp.net 'unsafe-inline' *.facebook.com 'self' data: blob:;connect-src *.whatsapp.com *.whatsapp.net wss://*.facebook.com:* *.fbcdn.net 'self' data: blob:;font-src *.whatsapp.com *.whatsapp.net *.facebook.com static.xx.fbcdn.net data: https://fonts.gstatic.com;img-src *.whatsapp.com *.whatsapp.net *.facebook.com *.fbcdn.net static.xx.fbcdn.net 'self' data: blob: *.ytimg.com *.twitter.com;media-src *.fbcdn.net 'self' data: blob:;frame-src *.facebook.com *.whatsapp.com 'self' data: blob: https://*.youtube.com *.youtube-nocookie.com *.twitter.com;block-all-mixed-content;upgrade-insecure-requests; 2
report-uri https://metrics.roblox.com/v1/csp/report?type=enforce; upgrade-insecure-requests;  script-src 'self' 'unsafe-inline' roblox.com *.evidon.com *.gigya.com *.google-analytics.com *.ns1p.net adservice.google.com cdn.arkoselabs.com connect.facebook.net funcaptcha.com js.rbxcdn.com js.stripe.com long.open.weixin.qq.com midas.gtimg.cn radar.cedexis.com res.wx.qq.com roblox-api.arkoselabs.com roblox-load-generator-configuration.s3.us-east-2.amazonaws.com s.ytimg.com sb.scorecardresearch.com static.rbxcdn.com www.google.com www.gstatic.com www.youtube.com h.online-metrix.net request.eprotect.vantivcnp.com request.eprotect.vantivpostlive.com *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net cdn.veriff.me *.lightstep.com client-api.arkoselabs.com api.arkoselabs.com *.sierra.chat sierra.chat;  img-src 'self' data: *.cloudfront.net *.gilcdn.com *.gldcdn.com *.google-analytics.com *.google.com *.kaptcha.com *.rbxcdn.com *.roblox.com *.robloxlabs.com googleads.g.doubleclick.net i.ytimg.com www.googletagmanager.com robloxcorp.s.llnwi.net roblox-poc.global.ssl.fastly.net d1unuk07s6td74.cloudfront.net *.sierra.chat sierra.chat *.stripe.com *.tarobicdn.com *.tarobidevsandboxcdn.com;  connect-src 'self' *.roblox.com *.robloxlabs.com *.rblx.org *.rbx.com *.rbxcdn.com *.roblox.cn *.simulpong.com *.lightstep.com *.ns1p.net *.arkoselabs.com *.kaptcha.com *.google.com *.google-analytics.com *.doubleclick.net *.sentry.io wss://realtime.roblox.com wss://realtime.sitetest1.robloxlabs.com wss://realtime.sitetest2.robloxlabs.com wss://realtime.sitetest3.robloxlabs.com wss://realtime-signalr.roblox.com *.braintree-api.com *.braintreegateway.com d1q2u37vreaobr.cloudfront.net funcaptcha.com robloxcorp.s.llnwi.net roblox-poc.global.ssl.fastly.net d1unuk07s6td74.cloudfront.net *.sierra.chat sierra.chat; 2
default-src 'none'; script-src 'self' 'sha256-qcMXZ/ErgDG9p2Htysz9era6iflv8JXya41zOY0slSc=' 'sha256-ydM8qJ+T0Nd7adK8t34/cs0GvvCG0JBujCWzV3uML8E=' 'sha256-TzTXRDJBcbY1qVQheGb/4iSGqKPqCg6XVoerYf5BYMY=' embed.cloudflarestream.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data:; font-src fonts.gstatic.com; connect-src 'self' 1.1.1.1 1.0.0.1 *.cloudflare-dns.com *.help.every1dns.net; frame-src embed.cloudflarestream.com; manifest-src 'self' 2
frame-ancestors 'self' https://*.al-array.com/ 2
frame-ancestors 'self' *.intranet *.uolinc.com; 2
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 2
frame-ancestors 'self' https://*.target.com; 2
frame-ancestors https://www.evernote.com https://stage.evernote.com https://app.preprod3.evernote.com 2
frame-ancestors 'self' https://*.mglu.io https://*.magalu.com https://*.luizalabs.com https://*.magazineluiza.com.br; 2
upgrade-insecure-requests; frame-ancestors 'self'; report-uri https://www.argos.co.uk/logging-api/2/security 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://tabor.ru http://tabor.ru *.tabor.ru tabor.ru m.tabor.ru http://m.tabor.ru https://m.tabor.ru http: vk.com *.vk.com vk.me *.vk.me vk.me *.vk.me fbcdn.net *.fbcdn.net akamaihd.net *.akamaihd.net mycdn.me *.mycdn.me yandex.ru *.yandex.ru yadro.ru *.yadro.ru https: vk.com *.vk.com vk.me *.vk.me vk.me *.vk.me fbcdn.net *.fbcdn.net akamaihd.net *.akamaihd.net mycdn.me *.mycdn.me yandex.ru *.yandex.ru yadro.ru *.yadro.ru ; img-src * 'self' blob: data:;connect-src * 'self' file: data: blob: filesystem:; frame-ancestors *.tabor.ru *.tabor.by *.tab33.com *.tabor.kz *.mintapp.org; 2
frame-ancestors http://*.wps.com https://*.wps.com 2
frame-ancestors 'self' https://*.sweb.ru https://webvisor.com  http://webvisor.com ; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src 'self' https://assets.guim.co.uk https://pasteup.guim.co.uk https://interactive.guim.co.uk https://dashboard.ophan.co.uk data:; connect-src https: wss: blob:; child-src https: blob:; object-src 'none'; base-uri 'none' 2
frame-ancestors 'self' hhs.gov *.hhs.gov 2
frame-ancestors 'self' https://yotpo--uat.sandbox.my.site.com https://partners.yotpo.com https://www.yotpo.com https://*.paperflite.com https://content.yotpo.com https://yotpo.app.workramp.com 2
frame-src 'self' ms-windows-store: get.microsoft.com https: data:; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; img-src 'self' http://cps-static.rovicorp.com https: data: 2
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval';  frame-ancestors 'self' *.weborama.com *.adways.com *.adpaths.com; 2
upgrade-insecure-requests; frame-ancestors 'self' http://*.elconfidencial.com:* https://*.elconfidencial.com:* www.elconfidencial.com blogs.elconfidencial.com bc.marfeel.com *.google.es *.google.com *.cdn.ampproject.org es.grupogo.punto player.h-cdn.com; report-uri https://elconfidencial.report-uri.io/r/default/csp/enforce 2
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.teams.microsoft.us teams.microsoft.us *.teams.office.com *.skype.com outlook.office.com outlook-sdf.office.com outlook.office365.com outlook-sdf.office365.com outlook.live.com outlook-sdf.live.com 2
default-src 'self' data:;script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.fbcdn.net connect.facebook.net *.oculus.com www.meta.com/3ds2/ddc/ www.meta.com/3ds2/challenge_complete/ gw.conversionsapigateway.com https://*.youtube.com;style-src 'self' 'unsafe-inline' data: *.fbcdn.net 'unsafe-eval' *.oculus.com www.meta.com/3ds2/ddc/ www.meta.com/3ds2/challenge_complete/;connect-src blob: *.fbcdn.net www.meta.com *.www.meta.com www.facebook.com/tr/ secure.facebook.com/payments/generate_token *.oculus.com www.meta.com/3ds2/ddc/ www.meta.com/3ds2/challenge_complete/ gw.conversionsapigateway.com;font-src data: *.fbcdn.net *.oculus.com www.meta.com/3ds2/ddc/ www.meta.com/3ds2/challenge_complete/;img-src 'self' blob: data: *.fbcdn.net *.fbsbx.com *.oculuscdn.com www.facebook.com/tr/ *.cdninstagram.com *.oculus.com www.meta.com/3ds2/ddc/ www.meta.com/3ds2/challenge_complete/ gw.conversionsapigateway.com https://*.ytimg.com *.youtube.com;media-src blob: data: *.fbcdn.net *.cdninstagram.com *.oculuscdn.com;child-src blob: data: *.fbcdn.net;frame-src data: *.fbcdn.net www.facebook.com/tr/ www.meta.com/common/ *.www.meta.com/common/ *.fbsbx.com/ www.meta.com/tealium/ *.www.meta.com/tealium/ www.meta.com/payments/ *.www.meta.com/payments/ *.fbthirdpartypixel.com *.oculus.com www.meta.com/3ds2/ddc/ www.meta.com/3ds2/challenge_complete/ centinelapi.cardinalcommerce.com centinelapistag.cardinalcommerce.com gw.conversionsapigateway.com https://*.youtube.com;worker-src blob: data: *.fbcdn.net;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 2
object-src *; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; 2
: frame ancestors 'none'; 2
frame-ancestors 'self'; upgrade-insecure-requests;form-action 'self' slashdot.org slashdot.us15.list-manage.com;frame-src 'self' slashdot.org *.lijit.com *.btloader.com http://*.pro-market.net *.crsspxl.com *.google.com *.googlesyndication.com *.safeframe.usercontent.goog *.doubleclick.net challenges.cloudflare.com *.recaptcha.net recaptcha.net *.adnxs.com *.indexww.com *.rubiconproject.com *.pubmatic.com *.smartadserver.com *.tapad.com http://*.youtube.com http://*.youtube-nocookie.com slashdotmedia.com; object-src http://*.youtube.com;script-src 'self' slashdot.org *.slashdot.org slashdot.org *.slashdotmedia.com a.fsdn.com challenges.cloudflare.com *.lijit.com *.moatads.com *.adsafeprotected.com *.sharethrough.com *.2mdn.net *.adnxs.com *.jobbio.com *.script.ac *.defybrick.com *.aniview.com *.vidazoo.com *.pubmatic.com chimpstatic.com *.mailchimp.com mc.us15.list-manage.com ml314.com *.stack-sonar.com *.licdn.com translate.googleapis.com *.doubleclick.net *.googleadservices.com translate.google.cn *.gstatic.cn *.google.com *.consentmanager.net *.microsofttranslator.com *.gstatic.com *.googletagservices.com *.recaptcha.net recaptcha.net *.google-analytics.com *.googlesyndication.com *.cloudflareinsights.com d3tglifpd8whs6.cloudfront.net rpxnow.com btloader.com *.crsspxl.com http://*.pro-market.net *.4dex.io *.adnxs-simple.com *.s-onetag.com *.rubiconproject.com *.trustarc.com *.truste.com *.doubleverify.com *.tapad.com *.pghub.io pghub.io *.sharethru.com j.6sc.co adservice.google.ad adservice.google.ae adservice.google.at adservice.google.be adservice.google.bg adservice.google.ca adservice.google.ch adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.kr adservice.google.co.th adservice.google.co.uk adservice.google.co.zw adservice.google.com.au adservice.google.com.bo adservice.google.com.hk adservice.google.com.mx adservice.google.com.ph adservice.google.com.pk adservice.google.com.sa adservice.google.com.sg adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.fi adservice.google.fr adservice.google.gr adservice.google.hu adservice.google.ie adservice.google.it adservice.google.li adservice.google.lu adservice.google.mu adservice.google.mv adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.se adservice.google.sk adservice.google.com.br adservice.google.com.ar adservice.google.cl adservice.google.com.co adservice.google.com.cu adservice.google.com.cy adservice.google.es adservice.google.hr adservice.google.im adservice.google.lk adservice.google.me adservice.google.mg adservice.google.com.mm adservice.google.com.ng adservice.google.com.np adservice.google.com.pr adservice.google.com.uy adservice.google.co.za adservice.google.jo adservice.google.bs adservice.google.al adservice.google.co.tz adservice.google.rw adservice.google.hn adservice.google.lt adservice.google.iq adservice.google.si adservice.google.bj adservice.google.co.ao adservice.google.com.gh adservice.google.kz adservice.google.com.eg adservice.google.com.ec adservice.google.co.ve adservice.google.com.py adservice.google.lv adservice.google.mn adservice.google.com.bn adservice.google.tn adservice.google.ml adservice.google.is adservice.google.com.sv adservice.google.com.bz adservice.google.az adservice.google.gt adservice.google.sn adservice.google.cm adservice.google.com.kh adservice.google.ge adservice.google.com.et adservice.google.com.pe adservice.google.com.ly adservice.google.co.mz adservice.google.com.bh adservice.google.com.mt adservice.google.ps adservice.google.so adservice.google.bf adservice.google.co.nz adservice.google.com.gt adservice.google.co.zm adservice.google.je adservice.google.cv adservice.google.la adservice.google.bi adservice.google.com.jm adservice.google.tt adservice.google.com.kw adservice.google.cd adservice.google.gy adservice.google.tg adservice.google.com.af adservice.google.com.lb adservice.google.sr adservice.google.com.ni adservice.google.ki adservice.google.com.na adservice.google.ht adservice.google.nr adservice.google.td adservice.google.co.ls adservice.google.gl adservice.google.bt adservice.google.tm adservice.google.com.vc adservice.google.co.bw adservice.google.vg adservice.google.as adservice.google.cg adservice.google.com.ag adservice.google.com.tj adservice.google.dm adservice.google.to adservice.google.dj adservice.google.cf adservice.google.ws adservice.google.st adservice.google.gm adservice.google.fm adservice.google.com.sb adservice.google.com.pg adservice.google.com.gi adservice.google.com.ai adservice.google.co.ck adservice.google.ru adservice.google.nu adservice.google.com.my adservice.google.com.bd adservice.google.ci adservice.google.co.cr adservice.google.co.ke adservice.google.co.ug adservice.google.co.uz adservice.google.co.vi adservice.google.ms adservice.google.com.fj adservice.google.com.om adservice.google.com.pa adservice.google.com.qa adservice.google.ga adservice.google.gg adservice.google.kg adservice.google.md adservice.google.mk adservice.google.mw adservice.google.ne adservice.google.sm adservice.google.tl adservice.google.sc adservice.google.vu 'unsafe-inline' 'unsafe-eval';report-uri https://sourceforge.report-uri.com/r/d/csp/enforce 2
default-src https: blob: data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval'; object-src none; frame-src 'self' https: mailto: tel: *.usercentrics.com https://vars.hotjar.com; block-all-mixed-content 2
base-uri 'self'; font-src 'self' https: data: *.taboola.com; form-action 'self'; frame-ancestors *; img-src 'self' https: data: *.testfaz.net *.faz.net *.taboola.com; object-src 'self'; script-src-attr 'unsafe-inline'; style-src https: 'unsafe-inline' 'self' *.testfaz.net *.faz.net *.taboola.com; script-src 'unsafe-inline' 'unsafe-eval' https: *; upgrade-insecure-requests; connect-src *; default-src 'self' https:; frame-src *; media-src 'self' https: data:; worker-src * blob:; 2
default-src * 'self' data: 'unsafe-inline' blob:;script-src * 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.trustarc.com *.doubleclick.net *.sas.com assets.adobedtm.com ssl.google-analytics.com  accdn.lpsnmedia.net www.googletagmanager.com www.google-analytics.com bat.bing.com benchtag.co front.facetz.net *.facebook.net *.facebook.com www.googleadservices.com tb.juiceadv.com *.linkedin.com pixel.mathtag.com pixel.quantserve.com *.quora.com analytics.twitter.com tagmanager.google.com mc.yandex.ru static.ads-twitter.com snap.licdn.com *.bizographics.com dev.visualwebsiteoptimizer.com scripts.demandbase.com consent.truste.com s.yimg.com ssl.gstatic.com api.company-target.com script.crazyegg.com platform.twitter.com sp.analytics.yahoo.com x.bidswitch.net ad4.adfarm1.adition.com livestream.co *.brightcove.net track.adform.net *.adsrvr.org www.vintom.com b92.yahoo.co.jp cdn.appdynamics.com execution-dscvrtraffic.cidev.sas.us *.brightcove.com *.mrpfd.com d3js.org *.d3.org *.khoros.com proactive-chat-server-us.prod.aws.lcloud.com messaging-auth-us-west-2.prod.aws.lcloud.com;style-src 'self' data: 'unsafe-inline' *.sas.com fast.fonts.net *.cloudflare.com *.khoros.com proactive-chat-server-us.prod.aws.lcloud.com messaging-auth-us-west-2.prod.aws.lcloud.com *.brightcove.com *.googleapis.com *.crazyegg.com;img-src * 'self' blob: data: *.google-analytics.com *.doubleclick.net www.google.com www.googletagmanager.com *.sas.com front.facetz.net *.facebook.com www.googleadservices.com tb.juiceadv.com ext.ligatus.com bcp.crwdcntrl.net pixel.mathtag.com *.quora.com cdn.taboola.com analytics.twitter.com d.company-target.com mc.yandex.ru t.co px.ads.linkedin.com *.bizographics.com insight.adsrvr.org assets.adobedtm.com *.brightcove.com *.khoros.com proactive-chat-server-us.prod.aws.lcloud.com messaging-auth-us-west-2.prod.aws.lcloud.com;font-src * 'self' data: *.sas.com fast.fonts.net; connect-src * 'self' *.sas.com *.brightcove.com ma156-r.analytics.edgekey.net api.company-target.com livestream.com www.vintom.com *.doubleclick.net assets.adobedtm.com;frame-src 'self' assets.adobedtm.com lpcdn.lpsnmedia.net www.youtube.com s7.addthis.com *.twitter.com *.sas.com pixel.mathtag.com livestream.com ad4.adfarm1.adition.com www.vintom.com *.doubleclick.net *.facebook.net *.trustarc.com *.facebook.com *.linkedin.com *.chargebee.com *.sli.do *.logentries.com *.amuselabs.com amuselabs.com *.jmp.com *.outgrow.us *.khoros.com proactive-chat-server-us.prod.aws.lcloud.com messaging-auth-us-west-2.prod.aws.lcloud.com *.service-now.com *.visualize-roi.com *.brightcove.com *.adsrvr.org;frame-ancestors *.sas.com *.jmp.com *.gatheriq.analytics *.curriculumpathways.com *.hubb.me 2
default-src https: 'unsafe-eval' 'unsafe-inline' data: 'self' blob:; connect-src wss: https: ; object-src 'self' blob: ; 2
frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests; 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' ajax.cloudflare.com www.yola.com unpkg.com       *.yolacdn.net cdn.ravenjs.com *.googleapis.com *.sharethis.com www.googleoptimize.com www.googletagmanager.com *.googleusercontent.com       *.gstatic.com secure.gravatar.com www.facebook.com www.google-analytics.com *.google.com *.yola.net *.yola.com *.yolaqa.com       stats.g.doubleclick.net *.fullstory.com s.w.org *.sitewit.com *.wikimedia.org www.youtube.com wp-themes.com *.sitebuilderhostqa.net       data: blob:;frame-ancestors 'self'; form-action 'self'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com data: blob:; upgrade-insecure-requests; 2
connect-src 'self' *.maps.yandex.net api-maps.yandex.ru api.selectel.ru hog.selectel.ru https://chatwoot.selectel.ru wss://chatwoot.selectel.ru google-analytics.bi.owox.com googleads.g.doubleclick.net region1.google-analytics.com region1.analytics.google.com https://analytics.google.com https://statuspal.io/api/v2/status_pages/selectel/summary https://api.mindbox.ru https://personalization-web-stable.mindbox.ru https://selectel.ru https://top-fwz1.mail.ru https://tracker.softcube.com https://web.popmechanic.ru https://selectel.matomo.cloud/ leads.selectel.ru mc.yandex.ru selectel.ru sendsay.ru stats.g.doubleclick.net suggest-maps.yandex.ru wss://api.selectel.ru wss://ws.selectel.ru www.google-analytics.com www.youtube.com https://yulixr.ru/ https://hooks.zapier.com/hooks/catch/11509819/ https://hooks.zapier.com/hooks/catch/12416931/ https://script.google.com/a/macros/selectel.com/s/AKfycbzM4er3RoKbPw3cQALGtakLQ7xfTtUk8PETDoXQyYh6kiCLnhu1oO4iCy2CuhT38cGrCA/exec; default-src 'none'; font-src 'self' data: https://cdn.selectel.ru https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/; frame-ancestors 'self' my.selectel.ru promo.selectel.ru go.teachbase.ru learn.selectel.org webvisor.com metrika.yandex.ru; frame-src 'self' api-maps.yandex.ru calc.selectel.ru https://chatwoot.selectel.ru googleads.g.doubleclick.net https://forms.amocrm.ru/ https://player.vimeo.com/ https://vk.com/ www.google.com www.google.ru www.youtube.com; img-src https: data: blob: region1.google-analytics.com region1.analytics.google.com; manifest-src 'self'; media-src 'self' https://chatwoot.selectel.ru https://cdn.selectel.ru https://files.selectel.ru; object-src 'self' blob:; report-uri https://relay.selectel.ru/api/87/security/?sentry_key=33110db9255441e5b312279003c189b1 https://relay.selectel.ru/api/20/csp-report/?sentry_key=7af12a7683624269a0cab11188e3d86e; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.maps.yandex.net api-maps.yandex.ru cdn.ampproject.org hog.selectel.ru https://chatwoot.selectel.ru https://api.mindbox.ru/ https://cdn.selectel.ru https://cse.google.com/adsense/search/async-ads.js https://cse.google.com/cse.js https://cse.google.com/cse/element/v1 https://embed.typeform.com/embed.js https://forms.amocrm.ru/ https://googleads.g.doubleclick.net https://s.ytimg.com https://script.softcube.com https://static.popmechanic.ru https://top-fwz1.mail.ru https://vk.com https://www.google.com https://cdn.matomo.cloud/selectel.matomo.cloud/ https://selectel.matomo.cloud/ mc.yandex.ru personalization-web-stable.mindbox.ru selectel.ru ssl.google-analytics.com static.ads-twitter.com suggest-maps.yandex.ru tagmanager.google.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com yastatic.net; style-src 'self' 'unsafe-inline' https://cdn.selectel.ru/ https://chatwoot.selectel.ru https://fonts.googleapis.com https://static.popmechanic.ru https://tagmanager.google.com/ https://www.google.com/cse/static/element/ https://www.google.com/cse/static/style/look/v4/espresso.css https://personalization-web-stable.mindbox.ru/; upgrade-insecure-requests; 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.ew.com 2
default-src 'self' *.clover.com cloverstatic.com dev.cloverstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ipv6.6sc.co j.6sc.co secure.adnxs.com js.adsrvr.org *.amazon-adsystem.com analytics.bgalytics.com bat.bing.com cdn.bttrack.com https://www.clarity.ms cdnjs.cloudflare.com d3sbxpiag177w8.cloudfront.net *.clover.com cloverstatic.com dev.cloverstatic.com googleads.g.doubleclick.net stats.g.doubleclick.net *.t.eloqua.com img.en25.com *.evidon.com connect.facebook.net tracker.gaconnector.com www.google-analytics.com apis.google.com optimize.google.com tagmanager.google.com www.google.com www.googleadservices.com maps.googleapis.com *.googletagmanager.com www.googletagmanager.com *.greenhouse.io www.gstatic.com heapanalytics.com cdn.heapanalytics.com script.hotjar.com static.hotjar.com js.hs-analytics.net js.hs-scripts.com mpsnare.iesnare.com widget.intercom.io js.intercomcdn.com pnapi.invoca.net solutions.invocacdn.com snap.licdn.com munchkin.marketo.net *.mountain.com apps.mypurecloud.com nifegwy.neustar.biz h.online-metrix.net *.optimizely.com cdn.optimizely.com amplify.outbrain.com s.pinimg.com *.qualtrics.com rules.quantcount.com secure.quantserve.com cdn.ravenjs.com recaptcha.net www.redditstatic.com https://analytics.tiktok.com tags.tiqcdn.com play.vidyard.com *.walkme.com sp.analytics.yahoo.com s.yimg.com www.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com d3sbxpiag177w8.cloudfront.net *.clover.com cloverstatic.com dev.cloverstatic.com optimize.google.com tagmanager.google.com chart.googleapis.com fonts.googleapis.com heapanalytics.com *.qualtrics.com; img-src blob: data: 'self' firstdatacloverwebsite.122.2o7.net b.6sc.co js.adsrvr.org p.adsymptotic.com data.adxcel-ec2.com mver.agkn.com s.amazon-adsystem.com apintego.com arttrk.com cx.atdmt.com *.bing.com bat.bing.com *.clarity.ms d3sbxpiag177w8.cloudfront.net dxkdvuv3hanyu.cloudfront.net res.cloudinary.com *.clover.com cloverstatic.com dev.cloverstatic.com www.google.co.uk www.google.co.in www.google.co.id www.google.com.pr www.google.com.br www.google.com.co images.contentful.com *.ctfassets.net *.doubleclick.net *.g.doubleclick.net *.t.eloqua.com *.evidon.com *.eyeota.net connect.facebook.net www.facebook.com *.ggpht.com *.google-analytics.com www.google-analytics.com *.google.com *.analytics.google.com www.google.com www.google.ca www.google.de www.google.ie *.googleapis.com chart.googleapis.com maps.googleapis.com *.googletagmanager.com www.googletagmanager.com lh3.googleusercontent.com *.gstatic.com heapanalytics.com script.hotjar.com track.hubspot.com static.intercomassets.com *.intercomcdn.com js.intercomcdn.com uploads.intercomusercontent.com *.ads.linkedin.com www.linkedin.com *.online-metrix.net *.optimizely.com amplify.outbrain.com amplifypixel.outbrain.com tr.outbrain.com data.pendo.io *.perka.com s.pinimg.com ct.pinterest.com *.qualtrics.com pixel.quantserve.com recaptcha.net alb.reddit.com www.redditstatic.com *.rfihub.com cdn.vidyard.com play.vidyard.com *.vimeocdn.com *.walkme.com sp.analytics.yahoo.com s.yimg.com; font-src data: 'self' maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.clover.com cloverstatic.com dev.cloverstatic.com use.fontawesome.com fonts.gstatic.com heapanalytics.com script.hotjar.com *.intercomcdn.com js.intercomcdn.com *.qualtrics.com; connect-src 'self' 52.71.121.170 44.238.122.172 34.215.155.61 44.212.189.233 54.156.2.105 18.210.229.244 3.212.39.155 35.160.46.251 52.22.50.55 100.20.58.101 c.6sc.co ipv6.6sc.co 35.85.84.151 44.228.85.26 secure.adnxs.com collection.bgalytics.com bat.bing.com browser-intake-datadoghq.com *.browser-intake-datadoghq.com *.clarity.ms https://a.clarity.ms *.clover.com wss://*.clover.com cloverstatic.com dev.cloverstatic.com *.contentful.com *.ctfassets.net *.datadoghq.com *.g.doubleclick.net *.evidon.com www.facebook.com oamportal.fdvs.com secure.geonames.org *.google-analytics.com www.google-analytics.com *.google.com analytics.google.com apis.google.com www.google.com maps.googleapis.com storage.googleapis.com *.googletagmanager.com *.greenhouse.io heapanalytics.com *.hotjar.com *.hotjar.io vc.hotjar.io wss://*.hotjar.com wss://ws4.hotjar.com *.intercom.io wss://*.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com pnapi.invoca.net *.mktoresp.com *.mktoutil.com *.tt.omtrdc.net h.online-metrix.net *.optimizely.com cdn.linkedin.oribi.io https://cdn.linkedin.oribi.io *.perka.com ct.pinterest.com *.qualtrics.com recaptcha.net *.reddit.com redditstatic.com www.redditstatic.com sentry.io *.sentry.io collection.sperse.io api.thelevelup.com https://analytics.tiktok.com s.yimg.com; media-src 'self' *.clover.com cloverstatic.com dev.cloverstatic.com *.ctfassets.net commondatastorage.googleapis.com js.intercomcdn.com cdn.vidyard.com gateway.zscloud.net; object-src 'self' *.clover.com cloverstatic.com dev.cloverstatic.com h.online-metrix.net vd.vidoplay.com; child-src intercom-sheets.com player.vimeo.com www.youtube.com; frame-src mailto: 'self' tel: *.adsrvr.org insight.adsrvr.org s.amazon-adsystem.com players.brightcove.net *.clover.com cloverstatic.com dev.cloverstatic.com sync-flow.codat.io *.doubleclick.net *.fls.doubleclick.net bid.g.doubleclick.net www.facebook.com accounts.google.com docs.google.com optimize.google.com www.google.com maps.googleapis.com boards.greenhouse.io vars.hotjar.com intercom-sheets.com h.online-metrix.net *.optimizely.com *.cdn.optimizely.com *.perka.com https://ct.pinterest.com *.qualtrics.com play.vidyard.com player.vimeo.com www.youtube.com *.ytimg.com; frame-ancestors *.clover.com cloverstatic.com dev.cloverstatic.com *.optimizely.com *.perka.com; 2
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' documentservices.adobe.com *.dickssportinggoods.com *.akamaihd.net *.scene7.com app.link *.bazaarvoice.com *.radar.com *.googleapis.com *.certona.net *.certona.com res-x.com *.res-x.com maxcdn.bootstrapcdn.com c.go-mpulse.net akstat.io h.online-metrix.net tags.tiqcdn.com s.pinimg.com a.wishabi.com analytics.twitter.com analytics-static.ugc.bazaarvoice.com apps.bazaarvoice.com bat.bing.com beacon.riskified.com *.branch.io qognvtzku-x.global.ssl.fastly.net ciunnwhq.micpn.com connect.facebook.net ct.pinterest.com utt.impactcdn.com d2oh4tlt9mrke9.cloudfront.net dickssportinggoods.demdex.net dicks-sporting-goods.pxf.io dpm.demdex.net dsg.tt.omtrdc.net dsg2.btttag.com e.dickssportinggoods.com edge1.certona.net f.wishabi.net gateway.dcsg.com *.getmetrical.com img.riskified.com match.adsrvr.org *.kampyle.com *.nextdoor.com network.bazaarvoice.com network-a.bazaarvoice.com pinterest.adsymptotic.com pixel.rubiconproject.com pixel.tapad.com r.dlx.addthis.com sc-static.net smetrics.dickssportinggoods.com snap.adsrvr.org so.rlcdn.com static.ads-twitter.com t.co tr.snapchat.com www.facebook.com www.googletagmanager.com www.hlserve.com www.res-x.com x.skimresources.com *.criteo.com cdn.hlserve.com b.hlserve.com www.google.com *.g.doubleclick.net *.doubleclick.net *.googlesyndication.com adservice.google.com c.riskified.com ws.sessioncam.com www.googleadservices.com cdn.brandingbrand.com dsg2m.btttag.com www.google-analytics.com cdnjs.cloudflare.com *.cloudfront.net *.iesnare.com code.jquery.com www.paymentjs.firstdata.com www.gstatic.com www.everestjs.net www.paypal.com *.paypalobjects.com *.braintreegateway.com tagtracking.vibescm.com cdn.auth0.com polyfill.io cdn.tagdelivery.com *.truefitcorp.com *.affirm.com *.afterpay.com *.hlserve.com *.anyguide.com resources.digital-cloud.medallia.com *.anyroad.com checkoutshopper-live.adyen.com *.stylitics.com prod.accdab.net *.cdn-net.com *.syndigo.com *.zoovu.com *.curalate.com assets-barracuda-runner.azureedge.net *.liveperson.net *.lpsnmedia.net *.adoberesources.net *.adobedc.net *.attn.tv analytics.tiktok.com *.quantummetric.com *.contentsquare.net *.contentsquare.com *.fullstory.com *.yottaa.com *.yottaa.net *.ntcacdn.net *.recaptcha.net *.bambuser.com *.mycustomizer.com *.flippenterprise.net *.collectivevoice.com ln-rules.rewardstyle.com accounts.google.com *.rokt.com *.tvpixel.com *.monetate.net blob: apps.byondxr.com acrobatservices.adobe.com ; worker-src blob:; frame-ancestors *.dickssportinggoods.com; child-src *.monetate.net acrobatservices.adobe.com documentservices.adobe.com *.attn.tv dcsg.jotform.com *.dickssportinggoods.com *.quantummetric.com *.adyen.com *.afterpay.com *.paypal.com *.paypalobjects.com *.liveperson.net *.lpsnmedia.net dickssportinggoods.demdex.net *.criteo.com *.criteo.net maps.google.com accounts.google.com hosted.where2getit.com mobile.where2getit.com fit.dksxchange.com www.thinglink.com dicks-cti.gvcommerce.com www.youtube.com *.truefitcorp.com *.affirm.com *.doubleclick.net *.g.doubleclick.net *.pinterest.com *.googleapis.com tr.snapchat.com resources.digital-cloud.medallia.com *.hlserve.com *.facebook.com static.ads-twitter.com *.tagdelivery.com *.fls.doubleclick.net prod.accdab.net www.cdn-net.com *.googlesyndication.com *.safeframe.googlesyndication.com www.google.com *.anyroad.com *.mycustomizer.com *.collectivevoice.com ln-rules.rewardstyle.com display.ugc.bazaarvoice.com api.bazaarvoice.com *.bazaarvoice.com *.bambuser.com *.radar.com *.recaptcha.net *.rokt.com *.ntcacdn.net sketchfab.com blob:; 2
default-src 'self'; base-uri 'self'; child-src blob:; connect-src 'self' https: https://*.algolia.net https://*.algolianet.com https://insights.algolia.io https://func.bitwarden.com https://status.bitwarden.com https://us-central1-adaptive-growth.cloudfunctions.net https://pdf-convert.bitwarden.com https://aorta.clickagy.com https://hemsync.clickagy.com https://ws.zoominfo.com https://bitwarden.freshsales.io https://stats.g.doubleclick.net https://www.google-analytics.com https://api.hubapi.com https://forms.hubspot.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://bat.bing.com https://cdn.linkedin.oribi.io https://i.clarity.ms https://scout.salesloft.com https://script.crazyegg.com https://tattle.api.osano.com; img-src 'self' data: https: https://*.algolia.net https://images.ctfassets.net https://res.cloudinary.com https://www.google.com https://www.google-analytics.com https://i.ytimg.com https://*.hsforms.com https://track.hubspot.com https://analytics.twitter.com https://t.co https://alb.reddit.com https://aorta.clickagy.com https://bat.bing.com https://i.vimeocdn.com https://id.rlcdn.com https://idsync.rlcdn.com https://insight.adsrvr.org https://px.ads.linkedin.com https://p.adsymptotic.com https://stags.bluekai.com; font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net; form-action 'self' https://forms.hsforms.com https://www.facebook.com; frame-ancestors 'none'; frame-src https://app.hubspot.com https://start.bitwarden.com https://*.doubleclick.net https://boards.greenhouse.io https://s.company-target.com https://docs.google.com https://forms.hsforms.com https://player.vimeo.com https://preview.widgets.ninetailed.io/ https://us02web.zoom.us https://www.facebook.com/ https://www.googletagmanager.com https://www.youtube.com https://*.hs-sites.com; manifest-src 'self'; object-src 'none'; report-uri https://csp-report.browser-intake-us3-datadoghq.com/api/v2/logs?dd-api-key=pub41b0937554d4ab91e35c9ae62433371b&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/ https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hsforms.net https://js.hubspot.com https://amplify.outbrain.com https://tr.outbrain.com https://wave.outbrain.com https://j.6sc.co https://tag.demandbase.com https://a.quora.com https://amplify.outbrain.com https://assets.freshsales.io https://bat.bing.com https://boards.greenhouse.io https://cdn.jsdelivr.net/npm/search-insights@2.0.4 https://cdn.pdst.fm https://cmp.osano.com https://connect.facebook.net https://mountain.com https://*.mountain.com https://extend.vimeocdn.com https://googleads.g.doubleclick.net https://libraries.hund.io https://ml314.com https://*.ml314.com https://player.vimeo.com https://plausible.io https://script.crazyegg.com https://scout-cdn.salesloft.com https://snap.licdn.com https://static.ads-twitter.com https://tag.clearbitscripts.com https://cdn.hubilo.com https://tags.clickagy.com https://js.usemessages.com https://ws.zoominfo.com https://www.clarity.ms https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.redditstatic.com https://x.clearbitjs.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://libraries.hund.io; worker-src 'self' blob: 2
default-src 'self' https:; frame-src 'self' https: blob:; worker-src 'self' blob: ; child-src blob: ; script-src 'self' https: 'unsafe-inline' https://vaas.acapela-group.com 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob: https://*.code.org; font-src 'self' https: data:; connect-src 'self' https: https://api.pusherapp.com wss://ws.pusherapp.com http://localhost:8080 https://curriculum.code.org/ wss://*.code.org; media-src 'self' https: data: https://*.code.org http://vaas.acapela-group.com; report-uri //code.org/https/mixed-content; frame-ancestors 'self' https://*.schoology.com http://*.disney.com http://*.diznee.net cuantrix.mx code.org studio.code.org curriculum.code.org https://*.lausd.iap.allhere.co 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.marthastewart.com 2
frame-ancestors 'self' *.northpass.com 2
frame-ancestors 'self' *.newgrounds.com 2
frame-ancestors 'self' *.ebscohost.com *.ebsco.com; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src 'self' blob: www.facebook.com m.facebook.com facebook.com content.dionglobal.in icicibank.paymetry.com www.twitter.com twitter.com soundhelix.com *.go-mpulse.net www.iciciprulife.com cdn.jsdelivr.net code.jquery.com iciciauto.com icici.skryptech.com wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com googletagmanager.com icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com senseforth.com cdn.ampproject.org cdnjs.cloudflare.com connect.facebook.net facebook.net marketingplatform.google.com google.com www.google.com www.google-analytics.com google-analytics.com *.visualwebsiteoptimizer.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com fonts.googleapis.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com cugd2qa.crm8.dynamics.com cugd1uat.crm8.dynamics.com cugd2uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com analytics.google.com snap.licdn.com leads.icicibank.com www.indiatimes.com economictimes.indiatimes.com www.googletagmanager.com ribstgnew.icicibank.com www.icicibank.com icici.nanorep.co nanorep.co nanorep.com;object-src 'none';child-src 'self' blob: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' firebasestorage.googleapis.com fcm.googleapis.com test-securetoken.sandbox.googleapis.com staging-www.sandbox.googleapis.com securetoken.googleapis.com apis.google.com www.googleapis.com securetoken.googleapis.com www.gstatic.com ibot.icicibank.com assets.adobedtm.com https://www.gstatic.com/firebasejs/4.10.1/firebase.js *.demdex.net cm.everesttech.net assets.adobedtm.com wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com ibotuat.icicibank.com platform.twitter.com platform.linkedin.com static.addtoany.com www.linkedin.com *.go-mpulse.net d1ls4i8l5ki52s.cloudfront.net cugd1uat.crm8.dynamics.com *.fls.doubleclick.net cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com snap.licdn.com go-mpulse.net www.iciciprulife.com addtoany.com tagmanager.google.com www.tagmanager.google.com linkedin.com content.dionglobal.in analytics.google.com www.googleadservices.com fonts.googleapis.com icicibank.paymetry.com beta-icicibank.paymetry.com cugd1qa.crm8.dynamics.com cdn.jsdelivr.net cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com code.jquery.com iciciauto.com icici.skryptech.com buy.icicibank.com buystaging.niveussolutions.com icicicashback.com maps.gstatic.com gstatic.com www.icicibank.com icicibank.com googleadservices.com googleads.g.doubleclick.net twitter.com cdn.ampproject.org ampproject.org icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com adobe.com doubleclick.net marketingplatform.google.com www.google.com google.com www.google-analytics.com ssl.google-analytics.com ssl.google-analytics.com visitor-services.nanorep.com nanorep.com icici.nanorep.co leads.icicibank.com cdnjs.cloudflare.com cloudfunctions.net senseforth.com amazonaws.com ajax.googleapis.com maps.googleapis.com googleapis.com *.visualwebsiteoptimizer.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com assets.adobedtm.com google-analytics.com adobecqms.net googletagmanager.com www.indiatimes.com economictimes.indiatimes.com ribstgnew.icicibank.com www.googletagmanager.com www.facebook.com facebook.com bing.com connect.facebook.net www.youtube.com demdex.net omtrdc.net data:;connect-src 'self' googleads.g.doubleclick.net https://icicibank-mkt-prod4.campaign.adobe.com/ici/webregisterAndroid.jssp icicibank-mid-prod4-all-t.adobe-campaign.com smetrics.icicibank.com edge.adobedc.net https://fcm.googleapis.com/fcm/connect/subscribe https://fcm.googleapis.com/fcm/connect/unsubscribe https://icicibank-mkt-stage1.campaign.adobe.com/ici/webregisterAndroid.jssp https://icicibank-mid-stage1-all-t.adobe-campaign.com www.google.co.in *.akstat.io *.demdex.net cm.everesttech.net assets.adobedtm.com *.adobedc.net  wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com wss://ccaiuatws.icicibank.com ccaiuatws.icicibank.com apibankingonesandbox.icicibank.com ibotuat.icicibank.com *.go-mpulse.net go-mpulse.net snap.licdn.com cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com fonts.googleapis.com cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com analytics.google.com www.analytics.google.com www.iciciprulife.com addtoany.com icicibank.paymetry.com beta-icicibank.paymetry.com marketingplatform.google.com www.google.com google.com www.google-analytics.com google-analytics.com adobecqms.net cdn.jsdelivr.net code.jquery.com content.dionglobal.in iciciauto.com icici.skryptech.com buy.icicibank.com buystaging.niveussolutions.com icicicashback.com maps.gstatic.com gstatic.com www.icicibank.com icicibank.com linkedin.com twitter.com cdn.ampproject.org ampproject.org icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com g.doubleclick.net doubleclick.net cdnjs.cloudflare.com googleadservices.com visitor-services.nanorep.com nanorep.com connect.facebook.net cloudfunctions.net senseforth.com icici.nanorep.co amazonaws.com ajax.googleapis.com maps.googleapis.com googleapis.com www.indiatimes.com economictimes.indiatimes.com www.googletagmanager.com leads.icicibank.com *.visualwebsiteoptimizer.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com googletagmanager.com www.facebook.com facebook.com bing.com asia-south1-quantum-flood-755.cloudfunctions.net ribstgnew.icicibank.com stats.g.doubleclick.net assets.adobedtm.com www.youtube.com demdex.net omtrdc.net money2india.icicibank.co.in wss://icicibankstt.senseforth.com/transcribe;img-src 'self' ad.doubleclick.net ibot.icicibank.com *.demdex.net cm.everesttech.net  wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com assets.adobedtm.com storage.googleapis.com ibotuat.icicibank.com www.google-analytics.com syndication.twitter.com fonts.googleapis.com ssl.gstatic.com g.doubleclick.net cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com snap.licdn.com analytics.google.com www.analytics.google.com google-analytics.com *.go-mpulse.net go-mpulse.net icicibank.paymetry.com beta-icicibank.paymetry.com cdn.jsdelivr.net cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com code.jquery.com content.dionglobal.in iciciauto.com icici.skryptech.com beta-icicibank.paymetry.com addtoany.com buy.icicibank.com buystaging.niveussolutions.com cdnjs.cloudflare.com rukminim1.flixcart.com m.media-amazon.com icicicashback.com maps.gstatic.com www.gstatic.com gstatic.com www.icicibank.com icicibank.com www.iciciprulife.com linkedin.com twitter.com doubleclick.net cdn.ampproject.org ampproject.org spa.gy t4.rolsoninfotech.com voiceassist.urja.com icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com www.google.co.in icici.nanorep.co visitor-services.nanorep.com nanorep.com cloudfunctions.net leads.icicibank.com senseforth.com ajax.googleapis.com maps.googleapis.com googleapis.com amazonaws.com google.co.in *.visualwebsiteoptimizer.com marketingplatform.google.com www.google.com ribstgnew.icicibank.com google.com googleads.g.doubleclick.net adobecqms.net www.indiatimes.com economictimes.indiatimes.com googleadservices.com googletagmanager.com www.googletagmanager.com www.facebook.com facebook.com bing.com connect.facebook.net assets.adobedtm.com www.youtube.com everesttech.net demdex.net omtrdc.net data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com snap.licdn.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com *.go-mpulse.net analytics.google.com cugd2uat.crm8.dynamics.com  wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com icicibank.paymetry.com beta-icicibank.paymetry.com go-mpulse.net addtoany.com cdn.jsdelivr.net code.jquery.com cugd2qa.crm8.dynamics.com content.dionglobal.in iciciauto.com icici.skryptech.com buy.icicibank.com buystaging.niveussolutions.com icicicashback.com maps.gstatic.com gstatic.com linkedin.com googletagmanager.com www.googletagmanager.com cdnjs.cloudflare.com www.icicibank.com icicibank.com www.iciciprulife.com twitter.com doubleclick.net cdn.ampproject.org ampproject.org spa.gy t4.rolsoninfotech.com voiceassist.urja.com v icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com ajax.googleapis.com maps.googleapis.com googleapis.com marketingplatform.google.com www.google.com google.com adobecqms.net www.indiatimes.com economictimes.indiatimes.com icici.nanorep.co visitor-services.nanorep.com nanorep.com cloudfunctions.net leads.icicibank.com senseforth.com amazonaws.com tagmanager.google.com www.tagmanager.google.com *.visualwebsiteoptimizer.com googleadservices.com bootstrapcdn.com ribstgnew.icicibank.com;font-src 'self' data: maps.gstatic.com gstatic.com fonts.gstatic.com;frame-src 'self' *.demdex.net www.iciciprulife.com web.facebook.com platform.twitter.com www.linkedin.com infinity.icicibank.com infinity.icicibank.co.in iciciprulife.com au.personalcard.net *.fls.doubleclick.net nli.icicibank.com cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com snap.licdn.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com analytics.google.com cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com fonts.googleapis.com ribstgnew.icicibank.com icicibank.paymetry.com cdn.jsdelivr.net code.jquery.com content.dionglobal.in iciciauto.com icici.skryptech.com icicibank.paymetry.com beta-icicibank.paymetry.com ajax.googleapis.com maps.googleapis.com googleapis.com addtoany.com buy.icicibank.com buystaging.niveussolutions.com bid.g.doubleclick.net cdnjs.cloudflare.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com icicicashback.com maps.gstatic.com gstatic.com icicibank.com linkedin.com twitter.com cdn.ampproject.org www.indiatimes.com economictimes.indiatimes.com ampproject.org icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com senseforth.com googletagmanager.com www.googletagmanager.com www.facebook.com facebook.com visitor-services.nanorep.com nanorep.com marketingplatform.google.com www.google.com google.com adobecqms.net www.youtube.com www.icicibank.com leads.icicibank.com icicibank.adobecqms.net; 2
frame-ancestors 'self' *.appfolio.com *.appfolioinc.com *.appfolioinvestmentmanagement.com *.folio-guard.com *.storyblok.com 2
base-uri 'self'; style-src 'self' 'unsafe-inline' https://static.popmechanic.ru https://events.nethouse.ru https://fonts.googleapis.com *.jivo.ru *.jivosite.com; img-src 'self' https://res.cloudinary.com https://www.google-analytics.com https://tr.lfeeder.com https://www.google.ru https://tr-rc.lfeeder.com https://mc.yandex.ru *.jivo.ru *.jivosite.com data: blob:; connect-src 'self' https://*.doubleclick.net https://res.cloudinary.com https://www.google-analytics.com https://analytics.google.com https://mc.yandex.ru https://*.mindbox.ru https://jivo-userdata.obs.ru-moscow-1.hc.sbercloud.ru wss://*.jivosite.com wss://*.jivo.ru *.jivo.ru *.jivosite.com; form-action 'self'; frame-ancestors 'self' *.jivo.ru *.jivosite.com https://*.mindbox.ru https://*.popmechanic.ru/ https://kinescope.io/ https://cdn-static.egoiapp2.com https://cloudinary.com https://*.cloudinary.com; child-src https://mc.yandex.ru; frame-src 'self' *.jivo.ru *.jivosite.com https://*.youtube.com https://mc.yandex.ru https://*.facebook.com https://*.marquiz.ru https://*.mindbox.ru https://*.popmechanic.ru/ https://kinescope.io/ https://cdn-static.egoiapp2.com https://*.google.com https://*.doubleclick.net https://tpc.googlesyndication.com https://events.nethouse.ru https://cloudinary.com https://*.cloudinary.com https://go.vooozer.com https://www.google.com/recaptcha https://recaptcha.google.com/recaptcha; block-all-mixed-content; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: mediastream: android-webview-video-poster: https://*.goodrx.com https://blocked.goodrx.com https://*.grxstatic.com https://*.grxweb.com https://*.heydoctor.com https://d4fuqqd5l3dbz.cloudfront.net https://*.px-cloud.net https://*.perimeterx.net https://*.pxchk.net https://*.px-cdn.net https://*.px-client.net https://*.split.io https://gx9e.app.link https://app.link https://*.branch.io https://bnc.lt https://*.doubleclick.net https://*.2mdn.net https://*.osano.com https://optimizely-edge.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagservices.com https://*.googletagmanager.com https://bat.bing.com https://*.sentry-cdn.com https://sentry.io https://*.ingest.sentry.io https://cdn.ampproject.org https://*.doubleverify.com https://*.typekit.net https://c.evidon.com https://l.betrad.com https://d79i1fxsrar4t.cloudfront.net https://static.legitscript.com https://cdn.contentful.com https://unpkg.com https://*.ctfassets.net https://cdnjs.cloudflare.com https://*.appsflyer.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://s3-us-west-2.amazonaws.com https://s3.amazonaws.com https://my.wpengine.com https://*.mzstatic.com https://*.onelink.me https://www.recaptcha.net https://datawrapper.dwcdn.net https://hire.withgoogle.com https://www.youtube.com https://*.insightexpressai.com https://adservice.google.co.in https://*.verticalhealth.net https://d.turn.com https://idsync.rlcdn.com https://di.rlcdn.com https://*.adsafeprotected.com https://*.flashtalking.com https://tracker.samplicio.us https://choices.truste.com https://choices.trustarc.com https://cf.adxcel.com https://*.accelerator.ibm.com https://*.serving-sys.com https://cdn.besafe.global https://api.lever.co https://*.segment.io https://*.segment.com https://sc.iasds01.com https://sb.voicefive.com https://*.scorecardresearch.com https://*.iqfp1.com https://*.dvtps.com https://*.pxsrv.net https://*.dvva.io https://js.stripe.com https://fast.wistia.com https://platform.twitter.com https://*.hcn.health https://trc.lhmos.com https://js.appboycdn.com https://cdn.materialdesignicons.com https://*.twilio.com https://*.twiliocdn.com wss://*.twilio.com https://*.heydoctor.io https://*.deepintent.com https://*.moatads.com https://*.s.moatpixel.com https://*.jwpcdn.com https://*.jwplayer.com https://*.jwplatform.com https://*.jwpltx.com https://*.jwpsrv.com https://*.mux.com https://videos-fms.jwpsrv.com https://videos-cloudflare.jwpsrv.com https://*.datadoghq.com https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sync.graph.bluecava.com https://*.adsrvr.org https://*.parsely.com https://*.qualtrics.com https://res.lassomarketing.io https://*.gvt1.com https://*.googlevideo.com https://*.quantummetric.com https://*.ads.linkedin.com https://snap.licdn.com https://p.adsymptotic.com https://*.linkedin.oribi.io https://sjs.bizographics.com https://*.videoamp.com https://*.trustpilot.com https://hcpverify.com https://*.hcpverify.com https://iassist.com https://*.iassist.com https://rampjs-cdn.system1.com https://soflopxl.com https://p.alcmpn.com https://partners-medicare.askchapter.org https://www.adsensecustomsearchads.com https://syndicatedsearch.goog https://*.braze.com https://*.innovid.com https://www.medtargetsystem.com https://*.adlightning.com https://*.riddle.com; frame-ancestors 'self' data: blob: mediastream: android-webview-video-poster: https://*.goodrx.com https://*.grxstatic.com https://*.rlcdn.com https://hcpverify.com https://*.hcpverify.com https://iassist.com https://*.iassist.com; report-uri https://sentry.io/api/5148329/security/?sentry_key=b77e90b1f5654f2e83a0238f4cf07987 2
default-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.microsoft.com js.monitor.azure.com dc.services.visualstudio.com try-ppe.dot.net aznb-ame-prod.azureedge.net client-api.arkoselabs.com afd-markdowneditor-public-bvaydge8egfggtbs.b01.azurefd.net;style-src 'self' 'unsafe-inline' *.microsoft.com aznb-ame-prod.azureedge.net try-ppe.dot.net afd-markdowneditor-public-bvaydge8egfggtbs.b01.azurefd.net;img-src * data: blob:;frame-ancestors docs.microsoft.com *.docs.microsoft.com learn.microsoft.com *.learn.microsoft.com labclient.labondemand.com portal.azure.com *.portal.azure.com portal.azure.us portal.azure.cn *.onecloud.azure-test.net *.sharepoint.com localhost:3000;worker-src 'self' blob: *.microsoft.com;form-action 'self' *.microsoft.com *.azure.cn *.pearsonvue.com;media-src 'self' blob: *.microsoft.com *.azure.cn videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net videoencodingpubdevwus.blob.core.windows.net;base-uri 'self';font-src 'self' https: data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.afterpay.com *.clearpay.co.uk *.clearpay.com *.googleapis.com public.fbot.me static.fbot.me campaign.fbot.me lcx-embed.bambuser.com www.googletagmanager.com *.onetrust.com *.cookielaw.org *.bizible.com hbiq.net cdn.branch.io sc-static.net snap.licdn.com connect.facebook.net munchkin.marketo.net www.googleadservices.com cdn.dashhudson.com djnf6e5yyirys.cloudfront.net cdn.builder.io t.contentsquare.net www.google-analytics.com googleads.g.doubleclick.net app.link v5tufwer.micpn.com pi.pardot.com tag.clearbitscripts.com/v1/pk_ba428737ee82fd942f13030da0c2629b/tags.js tag.rmp.rakuten.com metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/lp.js x.clearbitjs.com/v2/pk_ba428737ee82fd942f13030da0c2629b/tracking.min.js x.clearbitjs.com/v2/pk_ba428737ee82fd942f13030da0c2629b/destinations.min.js analytics.tiktok.com bat.bing.com/bat.js bat.bing.com/p/action/137009782.js afterpay-business-site.vercel.app afterpay-consumer-content-hub.vercel.app cdn.amplitude.com *.adsrvr.org *.pinimg.com *.snapchat.com j.6sc.co tag.demandbase.com www.workwithsquare.com; img-src * data:; object-src 'none'; base-uri 'none'; 2
upgrade-insecure-requests; default-src 'self' https://pdfbuilder.mca.gov.in http://pdfbuilder.mca.gov.in http://mca.gov.in/ https://mca.gov.in/ http://www.mca.gov.in/ https://www.mca.gov.in/ http://mca21.gov.in/ https://mca21.gov.in/ http://www.mca21.gov.in/ https://www.mca21.gov.in/ https://www.mygov.in/ https://www.boportal.mca.gov.in/ http://www.boportal.mca.gov.in/ https://sso.mca.gov.in/ http://sso.mca.gov.in/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/npm/disable-devtool http://cdn.jsdelivr.net/npm/disable-devtool https://v3chat.mca.gov.in/ http://v3chat.mca.gov.in/ http://mca.gov.in/ https://mca.gov.in/ http://www.mca.gov.in/ https://www.mca.gov.in/ http://mca21.gov.in/ https://mca21.gov.in/ http://www.mca21.gov.in/ https://www.mca21.gov.in/ https://www.mygov.in/ http://www.feedrapp.info https://www.feedrapp.info https://feedrapp.info seal.entrust.net; img-src 'self' https://cbpssubscriber.mygov.in http://mca.gov.in/ https://mca.gov.in/ http://www.mca.gov.in/ https://www.mca.gov.in/ http://mca21.gov.in/ https://mca21.gov.in/ http://www.mca21.gov.in/ https://www.mca21.gov.in/ https://www.mygov.in/ seal.entrust.net  data: blob: filesystem:;style-src 'self' 'unsafe-inline' http://mca.gov.in/ https://mca.gov.in/ http://www.mca.gov.in/ https://www.mca.gov.in/ http://mca21.gov.in/ https://mca21.gov.in/ http://www.mca21.gov.in/ https://www.mca21.gov.in/ https://www.mygov.in/; font-src 'self' http://mca.gov.in/ https://mca.gov.in/ http://www.mca.gov.in/ https://www.mca.gov.in/ http://mca21.gov.in/ https://mca21.gov.in/ http://www.mca21.gov.in/ https://www.mca21.gov.in/ https://www.mygov.in/; child-src 'self' http://mca.gov.in/ https://mca.gov.in/ http://www.mca.gov.in/ https://www.mca.gov.in/ http://mca21.gov.in/ https://mca21.gov.in/ http://www.mca21.gov.in/ https://www.mca21.gov.in/ https://www.mygov.in/; object-src 'self' http://mca.gov.in/ https://mca.gov.in/ http://www.mca.gov.in/ https://www.mca.gov.in/ http://mca21.gov.in/ https://mca21.gov.in/ http://www.mca21.gov.in/ https://www.mca21.gov.in/ https://www.mygov.in/; media-src 'self' blob: mediastream http://mca.gov.in/ https://mca.gov.in/ http://www.mca.gov.in/ https://www.mca.gov.in/ http://mca21.gov.in/ https://mca21.gov.in/ http://www.mca21.gov.in/ https://www.mca21.gov.in/ https://www.mygov.in/; connect-src 'self' https://pdfbuilder.mca.gov.in http://pdfbuilder.mca.gov.in http://www.mca.gov.in/ https://www.mca.gov.in/  wss: ws: https: ; frame-src 'self' https://www.facebook.com/ https://www.youtube.com/ http://www.feedrapp.info data: blob: 2
frame-ancestors 'self' https://*.athenahealth.com/ https://*.athenahealth.com:*/ https://*.athenanet.athenahealth.com/ https://*.athenanet.athenahealth.com:*/ https://*.nimbus.athena.io/ 2
frame-ancestors 'self' https://*.momoshop.com.tw http://*.momoshop.com.tw; 2
frame-ancestors *.oray.com scrm-wx.weiling.cn 2
frame-ancestors 'self' https://*.movavi.de https://*.movavi.com https://*.movavi.ru https://*.pdfchef.com https://*.screencapture.com https://*.movavivideosuite.com https://*.gecata.com https://*.movavi.id https://movavi.id https://*.videoconverter.com https://*.fastreel.com http://webvisor.com https://portal1.comm100.io; report-uri https://o474997.ingest.sentry.io/api/5707278/security/?sentry_key=25e22998a8224d34a8ffbc4cae02fc48&sentry_environment=production; report-to csp-endpoint 2
base-uri 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none'; upgrade-insecure-requests; 2
upgrade-insecure-requests; default-src 'self'; base-uri 'self'; child-src 'self'; connect-src *.liveagent.com *.qualityunit.com *.urlslab.com *.flowhunt.io data.debugbear.com stats.g.doubleclick.net googleads.g.doubleclick.net adservice.google.com analytics.google.com region1.analytics.google.com region1.google-analytics.com cdn.dreamdata.cloud pagead2.googlesyndication.com www.google.com www.google.ae www.google.at www.google.com.au www.google.bg www.google.com.br www.google.ca www.google.ch www.google.cn www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.it www.google.co.jp www.google.co.kr www.google.lt www.google.lv www.google.com.mt www.google.nl www.google.no www.google.co.nz www.google.pl www.google.pt www.google.ro www.google.ru www.google.se www.google.si www.google.sk www.google.td www.google.tg www.google.com.tr www.google.com.ua www.google.co.uk www.google.com.vn conversions-config.reddit.com my.yoast.com maps.googleapis.com readaloud.googleapis.com ad.doubleclick.net q.quora.com data: 'self'; font-src *.liveagent.com *.qualityunit.com fonts.gstatic.com fonts.googleapis.com use.fontawesome.com data: 'self'; frame-src *.liveagent.com *.qualityunit.com www.google.com td.doubleclick.net www.youtube.com youtu.be player.vimeo.com blob: 'self'; img-src *.liveagent.com *.qualityunit.com www.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net api.urlslab.com *.flowhunt.io ct.capterra.com www.google.com www.google.ae www.google.at www.google.com.au www.google.bg www.google.com.br www.google.ca www.google.ch www.google.cn www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.it www.google.co.jp www.google.co.kr www.google.lt www.google.lv www.google.com.mt www.google.nl www.google.no www.google.co.nz www.google.pl www.google.pt www.google.ro www.google.ru www.google.se www.google.si www.google.sk www.google.td www.google.tg www.google.com.tr www.google.com.ua www.google.co.uk www.google.com.vn q.quora.com tracking.g2crowd.com alb.reddit.com www.googleadservices.com *.gravatar.com maps.googleapis.com i.ytimg.com *.elementor.com blob: data: 'self'; manifest-src 'self'; media-src *.liveagent.com ssl.gstatic.com data: 'self'; object-src 'none'; script-src *.liveagent.com *.qualityunit.com www.googletagmanager.com www.google.com www.gstatic.com www.google-analytics.com analytics.qualityunit.com cdn.dreamdata.cloud ct.capterra.com www.redditstatic.com a.quora.com 'unsafe-eval' 'unsafe-inline' 'self'; script-src-elem *.liveagent.com *.qualityunit.com *.urlslab.com *.flowhunt.io cdn.debugbear.com www.google.com www.googletagmanager.com ajax.googleapis.com apis.google.com ssl.google-analytics.com www.google-analytics.com analytics.qualityunit.com cdn.dreamdata.cloud a.quora.com www.gstatic.com www.redditstatic.com ct.capterra.com maps.googleapis.com yoast.com cdnjs.cloudflare.com www.youtube.com data: 'unsafe-inline' 'self'; script-src-attr 'unsafe-inline' 'self'; style-src www.gstatic.com fonts.googleapis.com data: 'unsafe-inline' 'self'; style-src-elem *.liveagent.com *.qualityunit.com fonts.googleapis.com www.gstatic.com p.typekit.net use.fontawesome.com ka-p.fontawesome.com data: 'unsafe-inline' 'self'; style-src-attr *.liveagent.com *.qualityunit.com 'unsafe-inline' 'self'; worker-src data: blob: 'self'; form-action *.liveagent.com *.ladesk.com *.qualityunit.com  qualityunit.us3.list-manage.com 'self'; 2
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob: 'self' data:; object-src 'none'; child-src https: data: blob:; form-action https:; block-all-mixed-content; 2
report-uri https://impactother.report-uri.com/r/d/csp/reportOnly; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss: *; base-uri 'self'; 2
default-src https:; child-src blob: https:; connect-src blob: https: wss:; form-action https:; frame-ancestors https: http://webvisor.com; media-src blob: https:; object-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: 2
frame-ancestors 'self' *.gov.on.ca *.ontario.ca *.ontariogovernment.ca; 2
frame-ancestors https://*.upwave.com 2
frame-ancestors 'self' https://liveshopping.bonprix.de/ https://www.liveshopping.bonprix.de/ https://app.eu.contentful.com 2
frame-ancestors 'self' *.commscope.com *.ruckusnetworks.com *.punchout2go.com *.ariba.com ; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.parismatch.com https://*.lejdd.fr 2
default-src 'self' https: data: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'self'; img-src 'self' http: data: 2
frame-ancestors *.motor1.com 2
frame-ancestors https://*.ooma.com http://*.ooma.com 2
frame-ancestors 'self' https://*.weheartit.com https://weheartit.com https://*.fooducate.com https://fooducate.com 2
frame-ancestors 'self' https://store-qa2.enphase.com https://store.enphase.com/; report-uri https://enphase.com/report-uri/enforce 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: health.gov https://d1il786i4vdqy4.cloudfront.net https://dap.digitalgov.gov https://platform.twitter.com https://www.google.com https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://cdn.syndication.twimg.com https://ton.twimg.com https://fonts.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com https://themes.googleusercontent.com https://analytics.google.com *.analytics.google.com *.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net *.youtube.com *.youtube-nocookie.com survey.alchemer.com *.ytimg.com, frame-ancestors 'self' 2
frame-src 'self' bat.bing.com https://*.blackbaudhosting.com https://blackbaud.com https://*.doubleclick.net https://embed.tawk.to https://connect.facebook.net https://*.hotjar.com https://cdn.jsdelivr.net https://*.kaltura.com https://snap.licdn.com https://www.podbean.com sc-static.net *.snapchat.com https://www.youtube-nocookie.com https://www.youtube.com https://discoveruni.gov.uk https://widget.discoveruni.gov.uk https://www.google.com https://www.facebook.com https://libraryhelp.shef.ac.uk https://theaccessplatform.com https://tappage.theaccessplatform.com https://www.googletagmanager.com https://www.findaphd.com https://player.vimeo.com https://app.geckoform.com https://roundme.com https://*.wondavr.com https://wvr.li https://api3-eu.libcal.com https://calendar.google.com https://payments.blackbaud.com https://*.shef.ac.uk/ https://my.matterport.com https://docs.google.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.blackbaud.com *.blackbaudhosting.com http://*.onetrust.com https://*.bing.com https://*.blackbaudhosting.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.hotjar.com https://*.kaltura.com https://*.shef.ac.uk https://*.sheffield.ac.uk https://*.snapchat.com https://*.theaccessplatform.com https://*.twitter.com https://ajax.googleapis.com https://analytics.tiktok.com https://app.geckoform.com https://bat.bing.com https://blackbaud.com https://cdn.jsdelivr.net https://cdn.theaccessplatform.com https://connect.facebook.net https://discoveruni.gov.uk https://embed.geckochat.io https://embed.tawk.to https://libraryhelp.shef.ac.uk https://player.vimeo.com https://sc-static.net https://snap.licdn.com https://static.ads-twitter.com https://static.cloudflareinsights.com/ https://tagmanager.google.com https://tappage.theaccessplatform.com https://theaccessplatform.com https://tr.snapchat.com https://translate.google.com https://widget.discoveruni.gov.uk https://www.facebook.com https://www.findaphd.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.podbean.com https://www.youtube-nocookie.com https://www.youtube.com *.newrelic.com *.ttl.ai https://api.mapbox.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://*.sheffield.ac.uk *.theaccessplatform.com https://bbox.blackbaudhosting.com https://embed.geckochat.io https://fonts.geckoform.com https://fonts.googleapis.com https://payments.blackbaud.com https://www.findaphd.com https://www.googletagmanager.com https://www.gstatic.com https://cdn.sheffield.ac.uk *.ttl.ai https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; base-uri 'self'; form-action 'self' https://search.sheffield.ac.uk; frame-ancestors 'self' 2
frame-ancestors 'self' http://content.servicenow.com https://content.servicenow.com https://your.servicenow.com https://servicenow.highspot.com https://partnerportalalphadev.service-now.com https://hidevidc.service-now.com 2
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'self' *.usask.ca https: data: blob:; media-src 'self' *.usask.ca https: blob:; font-src 'self' *.usask.ca https: data:; worker-src 'self' *.usask.ca https: blob:; frame-ancestors self *.usask.ca; 2
default-src 'self' * data: blob: 'unsafe-inline' 'unsafe-eval'; object-src 'none' 2
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss: https:; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 2
frame-ancestors *.plaync.com *.ncsoft.com *.plaync.com.tw *.ncsoft.jp 2
frame-ancestors 'self' https://ton.org; 2
default-src 'self'; font-src data: https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud; script-src 'self' https://*.bazaarvoice.com https://*.mm.dm.de https://app.usercentrics.eu https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.dm.de https://tags.tiqcdn.com https://www.dm.de; worker-src 'self' blob:; connect-src  'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.dm.de https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://coupon-aktionen.dm.de https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omc.dm.de https://product-based-recos.services.dmtech.com https://products.dm.de https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://signin.dm.de https://sos-prod.availability.services.dmtech.com https://staedtetour.dm-fb2.de https://storage.googleapis.com/gift-card-builder-emergency-disabled-bucket/ https://cartnext.services.dmtech.com https://products.dm.de https://shopping-list-prod.services.dmtech.com; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud; form-action 'self' https://*.bazaarvoice.com https://checkout.dm.de https://giftcard-checkout.dm.de/api/checkout https://signin.dm.de; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.dm.de https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://composer.apps.nonprod.gcp.dmtech.cloud https://content-preview.apps.prod.gcp.dmtech.cloud https://d2pqvatijh75rn.cloudfront.net https://d3s22jwy77sx9i.cloudfront.net https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.apps.nonprod.gcp.dmtech.cloud https://*.apps.prod.gcp.dmtech.cloud https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42007 https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.dm.de https://*.lxprod.ka.de.dm-drogeriemarkt.com https://app.datadoghq.eu https://studio.dm-drogeriemarkt.com; frame-src 'self' https://*.bazaarvoice.com https://*.dm.de https://*.services.dmtech.com https://app.usercentrics.eu https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://player.podigee-cdn.net https://sandbox.om.dm.de https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.dm.de https://*.services.dmtech.com https://events.mapbox.com; child-src 'self' blob:; manifest-src 'self'; report-uri /__csp-reports__; upgrade-insecure-requests; 2
frame-ancestors 'self' amadeus.com outpayce.com www.amadeus.com amadeus.seismic.com seismic.com liveshareeu1.seismic.com  www.outpayce.com  jobs.amadeus.com corporate.amadeus.com t3ch.amadeus.com digital-guidelines.internal.amadeus.com sales-playbook.internal.amadeus.com startups.amadeus.com hotels.amadeus.com opportunities.jobs.amadeus.com brand-marketing-center.internal.amadeus.com brandcenter.amadeus.com contentsourcing.amadeus.com partners.amadeus.com vdp.amadeus.com brand-guidelines.internal.amadeus.com cytric.amadeus.com 2
frame-ancestors *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app *.adguard.info 'self'; connect-src *.adguard-dns.com *.adguard.org filters.adtidy.org https-filtering-check.adtidy.org *.agstcdn.com *.agrd.eu *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app *.adguard.info 'self'; script-src https://cdn.paddle.com/paddle/paddle.js https://widget.cloudpayments.ru/bundles/cloudpayments.js hcaptcha.com *.hcaptcha.com https://challenges.cloudflare.com/turnstile/v0/api.js *.agstcdn.com *.agrd.eu *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app *.adguard.info 'unsafe-inline' 'unsafe-eval' 'self'; style-src cdn.paddle.com *.adguard.org *.agstcdn.com *.agrd.eu *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app *.adguard.info 'unsafe-inline' 'self'; img-src * data: *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app *.adguard.info 'self'; frame-src *; font-src *.adguard.org *.agstcdn.com *.agrd.eu *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app *.adguard.info 'self' data:; object-src https://cdn.adtidy.org *.agstcdn.com *.agrd.eu *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app *.adguard.info 'self'; media-src cdn.adtidy.org *.agstcdn.com *.agrd.eu *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app *.adguard.info 'self'; report-uri /api/247/security/?sentry_key=f9f67ed550ee435e96c854cdb8278247; default-src *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app *.adguard.info 'self' 2
frame-ancestors 'self' *.marketscreener.com *.zonebourse.com *.scoopnest.com; 2
default-src 'self' 'unsafe-inline' files.zohopublic.eu css.zohocdn.com js.zohocdn.com salesiq.zohopublic.eu app.fastbots.ai cdnjs.cloudflare.com *.maxcdn.com ajax.googleapis.com maxcdn.bootstrapcdn.com *.facebook.com *.facebook.net webhosting.dk *.webhosting.dk fonts.gstatic.com googleadservices.com doubleclick.net *.doubleclick.net *.googleadservices.com; ;frame-ancestors 'self' *.webhosting.dk webhosting.dk ajax.googleapis.com *.facebook.com *.facebook.net googleadservices.com doubleclick.net *.doubleclick.net *.googleadservices.com; img-src https://* data:; frame-src 'self' 'unsafe-inline' ajax.googleapis.com  *.facebook.com *.facebook.net webhosting.dk *.webhosting.dk fonts.gstatic.com doubleclick.net *.doubleclick.net *.googleadservices.com googleadservices.com app.fastbots.ai salesiq.zohopublic.eu; 2
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: 2
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval', form-action 'self', img-src 'self' data: https://www.google.com https://www.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://stats.g.doubleclick.net https://snap.licdn.com https://www.facebook.com https://connect.facebook.net https://*.linkedin.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-operators.s3-eu-west-1.amazonaws.com https://cdn.jsdelivr.net, script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://stats.g.doubleclick.net https://snap.licdn.com https://www.facebook.com https://connect.facebook.net https://*.linkedin.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://*.cloudfront.net https://api.userlike.com https://cdn.jsdelivr.net https://plausible.io, style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net, base-uri 'self', 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.citi.com *.google.com *.qualtrics.com bat.bing.com ct.pinterest.com www.youtube.com cdn.plaid.com code.jquery.com pwm-image.trendmicro.com *.google-analytics.com js.adsrvr.org s.pinimg.com ui.powerreviews.com *.liveperson.com nexus.ensighten.com cdn.boomtrain.com lptag.liveperson.net s.yimg.com gc.kis.v2.scr.kaspersky-labs.com script.crazyegg.com maps.googleapis.com www.googletagmanager.com live.rezync.com mpsnare.iesnare.com negbar.ad-blocker.org video.limelight.com cdn.gbqofs.com ds-aksb-a.akamaihd.net googleads.g.doubleclick.net get663.com c1.rfihub.net www.adobetag.com c.tvpixel.com www.googleadservices.com tpc.googlesyndication.com bcdn-god.we-stats.com a.rfihub.com services-dev.sdiapi.com blob: p11.techlab-cdn.com; object-src 'none'; frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net 2
default-src https:; connect-src https: *; script-src 'unsafe-inline' 'unsafe-eval' https: *; style-src 'unsafe-inline' https: *; img-src 'self' data: https: www.googletagmanager.com www.google-analytics.com; font-src 'self' data: https: fonts.gstatic.com; object-src 'self'; frame-src *; frame-ancestors 'self' https://citizensadvicegateshead.org.uk; 2
frame-ancestors 'self' https://*.paperflite.com https://experience.chargebee.com 2
object-src 'none'; frame-ancestors 'self' https://deploy.mca.tid.es     https://deploy.tid.es *.o2.de *.o2.com *.o2online.de *.telefonica.com;     script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tiktok.com *.o2.com *.o2.de *.spatialbuzz.com *.usercentrics.eu     *.baqend.com *.o2online.de *.telefonica.de *.o9.de *.googletagmanager.com *.trbo.com *.google-analytics.com     *.kampyle.com *.adoberesources.net *.matelso.de *.contentsquare.net *.nowinteract.com *.demoup.com *.auracognitive.com     *.adtelligence.de *.aklamio.com *.promisejs.org *.usabilla.com *.jsdelivr.net *.cloudflare.com *.abtasty.com     *.blob.core.windows.net *.blau.o9.de *.blau.de *.ad4m.at track.adform.net www.facebook.com *.doubleclick.net     adservice.google.com a.twiago.com www.youtube.com o2-music-cms-a.preprod.ava-digi.de www.google.co.in     analytics.google.com dpm.demdex.net www.google-analytics.com imagesrv.adition.com www.google.com     dsum-sec.casalemedia.com rtb-csync.smartadserver.com ih.adscale.de trc.taboola.com ad11.adfarm1.adition.com ad4m.at     *.spatialbuzz.net https://live-chat-static.sprinklr.com https://live-chat-static.sprinklr.com     https://spx-components.cdn.sprinklr.com https://sprcdn.sprinklr.com https://sprcdn-assets.sprinklr.com     https://prod3-spx-components.cdn.sprinklr.com https://prod14-sprapp-tier1.sprinklr.com     https://prod-sprapp-tier1.sprinklr.com https://prod3-live-chat.sprinklr.com https://s2.adform.net; 2
default-src *; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; font-src *; img-src * data: 2
frame-ancestors https://app.storyblok.com; 2
default-src 'self' 'unsafe-inline' data: keyweb.de *.keyweb.de keyweb.3cx.eu:5001; script-src 'self' 'unsafe-inline' 'unsafe-eval' keyweb.de *.keyweb.de downloads-global.3cx.com *.youtube.com *.google.com *.gstatic.com;  img-src 'self' 'unsafe-inline' data:; frame-src 'self' keyweb.3cx.eu:5001 *.youtube.com chat.keyweb.de; 2
frame-src 'self' *.optimizely.com *.doubleclick.net *.adsrvr.org *.bounceexchange.com *.amazon-adsystem.com *.owneriq.net *.google.com *.facebook.com *.facebook.net *.rokt.com *.amazon.com *.paypal.com *.payments-amazon.com *.sojern.com *.qantasloyalty.com *.qantas.com tag.yieldoptimizer.com img3.avis.com img3.budget.com img3.paylesscar.com *.youtube.com  quantserv.com  adnxs.com  impactradius-event.com  dgm-au.com  everestjs.net  everesttech.net  yahoo.com  xg4ken.com *.online-metrix.net *.uplift.com  *.quantummetric.com api.securedvisit.com  track.securedvisit.com content.securedvisit.com images.securedvisit.com track.sv.rkdms.com *.mypurecloud.com  *.nagich.com cloudfront.net  bing.com go.pardot.com sme.avis.co.nz sme.avis.com.au sme.budget.co.nz sme.budget.com.au *.salecycle.com abgnz.wufoo.com; 2
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval' always 2
frame-ancestors 'self' https://bravenetmarketing.com https://manage.bravehost.com; 2
frame-ancestors demdex.net *.demdex.net storyblok.com *.storyblok.com iq.com.br *.iq.com.br azulis.com.br *.azulis.com.br salveospequenos.com.br *.salveospequenos.com.br br.originhosting.io *.br.originhosting.io itau.com.br *.itau.com.br credicard.com.br *.credicard.com.br acordocerto.com.br *.acordocerto.com.br consumidorpositivo.com.br *.consumidorpositivo.com.br 2
upgrade-insecure-requests; frame-ancestors *.gonitro.com *.live.com *.sharepoint.com 2
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' http://alteryx.lookbookhq.com https://alteryx.lookbookhq.com http://alteryx.pathfactory.com https://alteryx.pathfactory.com; 2
frame-src *; frame-ancestors 'self'; 2
default-src https: data: wss: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'self' 2
object-src 'none'; frame-ancestors 'self'; 2
frame-ancestors 'self' *.eur.nl 2
object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam.nr-data.net https://cdn.syndication.twimg.com https://cdn.tradelab.fr https://connect.facebook.net https://d2hya7iqhf5w3h.cloudfront.net https://dfc.inovestor.com https://fonts.bunny.net https://js-agent.newrelic.com https://platform.twitter.com https://script.crazyegg.com https://snap.licdn.com https://tm.vendemore.com https://www.google-analytics.com https://www.googletagmanager.com https://s.go-mpulse.net https://its.tradelab.fr https://js.hsadspixel.net/fb.js https://a.optnmstr.com https://www.youtube.com https://s.ytimg.com https://www.google.com https://www.gstatic.com https://app.interactiveads.ai https://maps.googleapis.com https://cdn.rawgit.com http://cdn.siteimprove.net https://tagmanager.google.com https://c.go-mpulse.net https://173c5b0c.akstat.io https://bam-cell.nr-data.net https://files.cdn.leadfamly.com *.leadoo.com https://www.buzzsprout.com https://www.facebook.com https://platform.marksmen.nl *.mouseflow.com https://js-eu1.hs-scripts.com https://js-eu1.hsforms.net https://js-eu1.hs-banner.com https://js-eu1.hsleadflows.net https://js.hsforms.net https://forms.hsforms.com https://www.googleadservices.com cdn.jsdelivr.net dfc.inovestor.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; style-src * 'unsafe-inline' 'unsafe-eval' 2
default-src 'none'; media-src *; font-src 'self' *.typekit.net *.cloudfront.net fonts.gstatic.com data:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' substackapi.com boards.greenhouse.io cdn.jsdelivr.net cdn.optimizely.com *.parsely.com connect.facebook.net info.a16z.com munchkin.marketo.net plausible.io px.ads.linkedin.com snap.licdn.com static.ads-twitter.com www.youtube.com script.crazyegg.com www.google-analytics.com www.googletagmanager.com a16z.com blob:; style-src 'unsafe-inline' *.typekit.net fonts.googleapis.com info.a16z.com a16z.com; connect-src *; frame-src 'self' *.loom.com *.cdn.optimizely.com *.simplecast.com gamma.app boards.greenhouse.io www.youtube.com info.a16z.com; base-uri 'none'; form-action 'self' info.a16z.com; frame-ancestors 'self' 2
frame-ancestors 'self' corning.com *.corning.com *.corningmsp.com *.ceros.com *.ariba.com 2
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net bat.bing.com *.amazon-adsystem.com s.amazon-adsystem.com *.v.liveperson.net googleads.g.doubleclick.net connect.facebook.net static.ads-twitter.com tags.tiqcdn.com lptag.liveperson.net lpcdn.lpsnmedia.net cdn.optimizely.com accdn.lpsnmedia.net www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com cdn-assets-prod.s3.amazonaws.com app.contentsquare.com *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com; img-src data: * blob: *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.contentsquare.net bat.bing.com manifest.prod.boltdns.net *.brightcovecdn.com adservice.google.com *.api.brightcove.com brightcove.hs.llnwd.net www.facebook.com maps.googleapis.com www.google.com www.googletagmanager.com *.siteintercept.qualtrics.com ad.doubleclick.net http://127.0.0.1:5000 http://127.0.0.1:5000/* stats.g.doubleclick.net www.google-analytics.com t.co analytics.twitter.com analytics.google.com logx.optimizely.com www.google.co.uk hsbc.co.uk www.hsbc.co.uk *.demdex.net *.lo.cobrowse.liveperson.net *.tt.omtrdc.net *.sc.omtrdc.net *.mcmprod.hsbc.co.uk rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk www.askus.hsbc.co.uk www.security.hsbc.co.uk translate.googleapis.com *.brightcove.com cdn-assets-prod.s3.amazonaws.com www.isstukdev.hsbc.co.uk www.mcmdev.hsbc.co.uk www.mcmperf.hsbc.co.uk www.isstukuat.hsbc.co.uk www.isstuk.hsbc.co.uk *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com stream-dev.data.hsbc.com *.akamaihd.net; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com connect.facebook.net www.youtube.com m.youtube.com *.demdex.net www.googletagmanager.com td.doubleclick.net *.ep-mimecast.facebook.com 8068700.fls.doubleclick.net gateway.zscalertwo.net google.com *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com; frame-ancestors 'self' www.hsbc.co.uk *.liveperson.net; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com *.cloudfront.net at.alicdn.com cdn.jsdelivr.net; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.askus.hsbc.co.uk www.googletagmanager.com *.lo.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net manifest.prod.boltdns.net ssl.gstatic.com brightcove.hs.llnwd.net; manifest-src 'self' www.hsbc.co.uk; upgrade-insecure-requests ; report-uri /csp/report; 2
default-src 'self' atos.net *.atos.net *.pardot.com assets.adobedtm.com *.cloudflare.com *.cloudfront.net *.vimeo.com *.vimeocdn.com *.akamaized.net *.tiny.cloud *.tinymce.com *.bootstrapcdn.com yoast.com *.yoast.com data: 'unsafe-inline' 'unsafe-eval' blob: *.friendlycaptcha.com code.jquery.com *.gravatar.com ps.w.org klasresearch.com  *.marketo.net *.mktoresp.com *.mktoweb.com tools.eurolandir.com static.dialogflow.com pbs.twimg.com *.youtube-nocookie.com *.youtube.com *.ytimg.com *.gstatic.com *.googleapis.com tribl.io *.olark.com *.mrpdata.net *.linkedin.com *.company-target.com *.google-analytics.com *.google.fr *.google.com *.oktopost.com okt.to *.adform.net *.demandbase.com *.rlcdn.com *.bidr.io *.accountinsight.cloud *.licdn.com atos.tt.omtrdc.net content.onlinexperiences.com onlinexperiences.com w.soundcloud.com *.aio-events.com *.appspot.com cdn.syndication.twimg.com *.twimg.com *.twitter.com *.microsoft.com *.azureedge.net *.botframework.com *.bizzabo.com updates.themepunch-ext-c.tools updates.themepunch-ext-b.tools updates.themepunch-ext-a.tools updates.themepunch.tools sliderrevolution.com *.sliderrevolution.com *.olympicchannel.com olympics.com *.cookielaw.org *.onetrust.com optanon.blob.core.windows.net *.glassdoor.com indd.adobe.com *.libsyn.com smartslider3.com *.twimg.com *.googleusercontent.com yt3.ggpht.com *.cdninstagram.com *.xx.fbcdn.net *.matomo.cloud cdn.linkedin.oribi.io; frame-ancestors 'self' atos.net *.atos.net atosnews.net atos365.sharepoint.com; 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://api.amplitude.com https://api2.amplitude.com  https://*.crazyegg.com wss://*.hotjar.com wss://*.qualified.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com https://*.office.com https://*.office365.com https://*.microsoft365.com https://*.cloud.microsoft; 2
frame-ancestors 'self' https://*.wikiloc.com; 2
base-uri 'self'; default-src wss: ws-eu.pusher.com scatec.io *.tradetracker.net leadbooster-chat.pipedrive.com tradetracker.com *.tradetracker.com 'self' blob: data: *.googleapis.com tt-wp-corporate-site.s3.amazonaws.com *.gstatic.com *.google-analytics.com *.vimeo.com vimeo.com *.doubleclick.net doubleclick.net stats.g.doubleclick.net vod-progressive.akamaized.net; frame-src *.googletagmanager.com tradetracker.com *.tradetracker.com 'self' blob: i.vimeocdn.com f.vimeocdn.com vimeo.com fresnel.vimeocdn.com player.vimeo.com; img-src *.googletagmanager.com cdn.tradetracker.net i.vimeocdn.com tt-wp-corporate-site.s3.amazonaws.com tr.lfeeder.com scatec.io tradetracker.com *.tradetracker.com leadbooster-chat.pipedrive.com 'self' blob: data: res.cloudinary.com *.facebook.com *.google-analytics.com *.doubleclick.net maps.gstatic.com *.ggpht *.googleapis.com *.hotjar.com *.hotjar.io *.licdn.com *.fbsbx.com *.google.com *.google.nl *.google.ae *.google.com.ag *.google.pl *.google.ru *.google.se *.google.ca *.google.com.au *.google.co.nz *.google.com.ua *.google.es *.google.co.uk *.google.com.br *.google.it *.google.co.in *.google.hu *.google.no *.google.com.mx *.google.be *.google.de *.google.fr *.google.fi *.google.dk *.google.at *.googleusercontent.com *.fbcdn.net *.cdninstagram.com assets.tradetracker.com; script-src 'unsafe-eval' tradetracker.com *.tradetracker.com leadbooster-chat.pipedrive.com 'self' 'unsafe-inline' blob: *.googletagmanager.com *.google-analytics.com cdn.auth0.com cdn.jsdelivr.net cdnjs.cloudflare.com *.hotjar.com *.hotjar.io *.youtube.com/iframe_api *.vimeo.com vimeo.com *.ytimg.com maps.googleapis.com scatec.io sc.lfeeder.com code.jquery.com *.tradetracker.net *.tradetracker.com; style-src *.rocketcdn.me tradetracker.com *.tradetracker.com 'self' blob: 'unsafe-inline' *.googleapis.com *.hotjar.com *.hotjar.io data:; object-src tradetracker.com *.tradetracker.com; script-src-elem js.pusher.com maps.googleapis.com scatec.io tradetracker.com *.tradetracker.com *.jquery.com *.google-analytics.com *.googletagmanager.com sc.lfeeder.com leadbooster-chat.pipedrive.com 'unsafe-inline'; 2
frame-ancestors 'self' https://www.gi-de.com/ https://acm.gi-de.com/ https://gi-de-ms.my.salesforce.com/ https://gi-de-ms--uat.my.salesforce.com/ https://gi-de-ms--dev.my.salesforce.com/ https://gi-de-ct--test.my.salesforce.com/ https://gi-de-ct.my.salesforce.com/ https://gi-de-vd.my.salesforce.com/ https://gi-de-vd--vduat.my.salesforce.com/; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net/ *.googlesyndication.com/ tagmanager.google.com *.googletagmanager.com/ *.facebook.net/ *.typekit.net/ *.google-analytics.com/ *.lightwidget.com/ *.youtube.com/ *.ytimg.com/ *.lightwidget.com/ fast.fonts.net/ cdn.inspectlet.com/ *.bing.com/ *.gstatic.com/ *.google.com/recaptcha/ maps.googleapis.com/ *.googleadservices.com/ *.clarity.ms unpkg.com/; object-src 'self'; style-src 'self' 'unsafe-inline' fast.fonts.net/ fonts.googleapis.com/ ; img-src 'self' about: *.google-analytics.com/ *.typekit.net/ *.g.doubleclick.net/ *.googletagmanager.com/ *.carilionclinic.ovidds.com/ *.i.ytimg.com/ *.img.youtube.com/ *.youtube.com/ *.google.com/ads/ *.facebook.com/ *.bing.com/ *.googleapis.com/ *.ytimg.com/ *.flaticon.com *.w3.org/ maps.gstatic.com/ *.clarity.ms/ data:; media-src 'self'; frame-src 'self' *.lightwidget.com/ *.facebook.com/ *.vimeo.com/ *.youtube.com/ *.google.com/ *.carilionclinic.org; frame-ancestors 'self'; child-src 'self'; font-src 'self' *.googleusercontent.com/ *.typekit.net/ fast.fonts.net/ fonts.gstatic.com/; connect-src 'self' *.inspectlet.com/ *.google-analytics.com/ *.g.doubleclick.net/ carilionclinic.ovidds.com/ *.googleadservices.com/ *.google.com/pagead/ *.facebook.com/tr/ *.googleapis.com/ bat.bing.com/ *.clarity.ms/ analytics.google.com/; report-uri /report-csp-violation 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net *;  img-src 'self' data: *;  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *;  font-src 'self' 'unsafe-inline' https://fonts.gstatic.com *;  upgrade-insecure-requests;  block-all-mixed-content; 2
frame-ancestors 'self' *.virginmoney.com; 2
default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob: 2
frame-ancestors 'self' *.finder.com *.finder.com.au https://foxbusiness.com https://www.foxbusiness.com https://superguide.com.au https://www.superguide.com.au; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://tsdtocl.com https://google.com/pagead/form-data/1071727046 https://privacyportal.onetrust.com https://edge.adobedc.net https://cm.everesttech.net https://google.com/ccm/form-data/1071727046 https://onsemi.demdex.net https://geolocation.onetrust.com https://i.liadm.com/s/66627 https://trc.taboola.com/sg/liveintent/1/um https://cdn.cookielaw.org https://assets.adobedtm.com https://adobedc.demdex.net https://dpm.demdex.net https://data.enablementadobe.com https://*.wootric.com https://wootric-eligibility.herokuapp.com https://s.yimg.com https://static.lightning.force.com https://onsemineworg.my.salesforce.com https://service.force.com https://d.la2-c1-ia5.salesforceliveagent.com https://c.la2-c1-ia5.salesforceliveagent.com https://onsemineworg.my.site.com https://c1.sfdcstatic.com https://www.gstatic.cn https://www.recaptcha.net https://onsemineworg.my.salesforce.com https://onsemineworg.my.site.com https://d.la2-c1-ia5.salesforceliveagent.com https://service.force.com https://c1.sfdcstatic.com https://onsemi.componentsearchengine.com https://*.plexim.com https://event.on24.com https://my.onsemi.com https://www.onsemi.jp https://www.onsemi.cn https://www.onsemi.com https://identity.onsemi.com https://tags.tiqcdn.cn https://api.ipify.org https://p.adsymptotic.com https://*.ztsrv.com https://px.ads.linkedin.com https://my.demio.com https://angular-ui.github.io https://vidassets.terminus.services https://cdn.bigzeta.com https://api.bigzeta.com https://info.onsemi.com https://cdn.demio.com https://onsemi.ladesk.com https://onsemi.taleo.net https://*.gcs-web.com https://*.atdmt.com https://*.mktoresp.com https://*.marketo.com https://*.taboola.com https://*.tealiumiq.com https://*.tealium.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.baidu.com https://*.geniusmonkey.com https://*.doubleclick.net https://*.gstatic.com https://*.linkedin.com https://*.pingdom.net https://*.crazyegg.com https://*.marketo.net https://*.licdn.com https://www.google.com https://*.tiqcdn.com https://*.digikey.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.facebook.com https://*.boltdns.net https://*.brightcove.net https://*.brightcove.com https://*.zencdn.net https://*.akamaihd.net https://*.cloud.coveo.com https://*.org.coveo.com https://*.ytimg.com https://go.onsemi.com https://*.kc-usercontent.com https://app.kontent.ai blob: data:  https://cdn.linkedin.oribi.io https://767-faw-709.mktoutil.com https://sp.analytics.yahoo.com https://*.analytics.google.com https://analytics.google.com https://*.cdn.office.net  https://insight.adsrvr.org  https://js.adsrvr.org https://*.6sc.co https://j.6sc.co https://c.6sc.co https://ipv6.6sc.co https://b.6sc.co https://*.6sense.com 2
default-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com www.googletagmanager.com tagmanager.google.com www.googleadservices.com optimize.google.com *.googleapis.com js.hs-banner.com js.hs-scripts.com www.google-analytics.com static.hotjar.com bizographics.com static.ads-twitter.com *.postcodeanywhere.co.uk services.postcodeanywhere.co.uk *.pcapredict.com *.loqate.com *.addressy.com api.addressy.com *.gbgplc.com snap.licdn.com *.facebook.net googleads.g.doubleclick.net js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net sjs.bizographics.com script.hotjar.com px.ads.linkedin.com analytics.twitter.com www.google.com *.gstatic.com platform.linkedin.com js.usemessages.com addtocalendar.com *.sharethis.com amplify.outbrain.com js.hsforms.net forms.hsforms.com *.onetrust.com bat.bing.com use.typekit.net cdnjs.cloudflare.com *.opmnstr.com snid.snitcher.com a.trstplse.com *.wistia.com *.wistia.net player.vimeo.com *.demandbase.com src.litix.io cdn.jsdelivr.net static.codepen.io platform.twitter.com zucvhpjgqj.execute-api.ap-southeast-2.amazonaws.com hosted.mastersoftgroup.com a.omappapi.com unpkg.com npmcdn.com secure.perk0mean.com ruler.nyltx.com *.clickcease.com tr.outbrain.com analytics.nyltx.com ifaqs.flexanswer.com static.zdassets.com *.buzzsprout.com *.litix.io www.clickcease.com monitor.clickcease.com tr.outbrain.com *.sg.va.sabio.cloud js.monitor.azure.com j.6sc.co tracking.g2crowd.com js.hubspot.com *.customersure.com *.visualwebsiteoptimizer.com www.atmrum.net *.cloudfront.net scout-cdn.salesloft.com https://*.maze.co/ esm.sh secure.imaginative-24.com webeo-web-content.s3-eu-west-1.amazonaws.com www.clarity.ms; style-src 'self' blob: 'unsafe-inline' *.googleapis.com tagmanager.google.com optimize.google.com fonts.googleapis.com addtocalendar.com *.loqate.com cloudflare.com cdnjs.cloudflare.com *.typekit.net *.pcapredict.com *.addressy.com *.postcodeanywhere.co.uk *.gbgplc.com fast.wistia.com cdn.jsdelivr.net a.omappapi.com *.sg.va.sabio.cloud ifaqs.flexanswer.com *.cloudfront.net unpkg.com https://*.maze.co/; img-src 'self' data: blob: 'unsafe-inline' *.gravatar.com gbg-global.azureedge.net *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com t.co/i/adsct *.google.com *.gstatic.com www.glassdoor.co.uk *.google.co.uk *.google-analytics.com *.googleusercontent.com *.facebook.com *.hubspot.com cdnjs.cloudflare.com stats.g.doubleclick.net glassdoor.co.uk maps.gstatic.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com optimize.google.com *.sharethis.com dashboard.umbraco.org px.ads.linkedin.com www.linkedin.com tr.outbrain.com amplifypixel.outbrain.com *.vimeo.com p.typekit.net bat.bing.com a.opmnstr.com p.adsymptotic.com *.omappapi.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net match.prod.bidr.io segments.company-target.com syndication.twitter.com connect.facebook.net *.onetrust.com id.rlcdn.com ifaqs.flexanswer.com *.loqate.com gbgstorage01.blob.core.windows.net *.sg.va.sabio.cloud *.zopim.io *.placeholder.com i.vimeocdn.com *.hsforms.com analytics.twitter.com b.6sc.co *.visualwebsiteoptimizer.com gbgcmsprdsto.blob.core.windows.net gbgcmsprdblobcdn.azureedge.net https://*.maze.co/ secure.imaginative-24.com *.clarity.ms; font-src 'self' *.gstatic.com *.typekit.net *.wistia.com cdnjs.cloudflare.com script.hotjar.com a.omappapi.com data: ifaqs.flexanswer.com s3-us-west-2.amazonaws.com *.sg.va.sabio.cloud https://*.maze.co/; media-src 'self' *.wistia.net *.wistia.com embedwistia-a.akamaihd.net data: blob: static.zdassets.com; worker-src  blob:; child-src blob:; connect-src 'self' *.google-analytics.com api.hubapi.com *.hubspot.com *.hotjar.com vc.hotjar.io *.sharethis.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com decollector.tealeaf.ibmcloud.com gbg-global.azureedge.net www.facebook.com *.vimeo.com *.vimeocdn.com *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net *.onetrust.com *.omappapi.com api.opmnstr.com performance.typekit.net api.trstplse.com api.company-target.com stats.g.doubleclick.net segments.company-target.com hosted.mastersoftgroup.com *.loqate.com wss: ir.q4europe.com *.lottiefiles.com snid.snitcher.com analytics.nyltx.com ekr.zdassets.com ifaqs.flexanswer.com flexanswer1656.zendesk.com docs.idscan.com monitor.clickcease.com *.sg.va.sabio.cloud dc.services.visualstudio.com forms.hsforms.com gbg.workable.com www.workable.com *.atmrum.net gbg-cms-web-uat-staging.azurewebsites.net gbg-cms-web-dev.azurewebsites.net gbg.local maps.googleapis.com *.execute-api.ap-southeast-2.amazonaws.com cdn.linkedin.oribi.io px.ads.linkedin.com m1.openfpcdn.io *.applicationinsights.azure.com ipv6.6sc.co c.6sc.co content.hotjar.io *.customersure.com gbgplc.com demotiles.maplibre.org api.maptiler.com *.analytics.google.com scout.salesloft.com https://*.maze.co/ *.6sense.com *.clarity.ms; frame-src 'self' www2.gbgplc.com *.vimeo.com vimeo.com *.youtube.com *.vimeocdn.com platform.twitter.com syndication.twitter.com *.fls.doubleclick.net vars.hotjar.com www.facebook.com stats.g.doubleclick.net fast.wistia.net fast.wistia.com www.glassdoor.co.uk www.google.com optimize.google.com www.linkedin.com ir.q4europe.com c.sharethis.mgr.consensu.org *.hsforms.com *.onetrust.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com *.hubspot.com app.hubspot.com *.hs-sites.com codepen.io *.loqate.com *.buzzsprout.com *.umbraco.com www.edisoninvestmentresearch.com *.customersure.com td.doubleclick.net docs.google.com; frame-ancestors 'self' *.loqate.com gbgplc.sharepoint.com;  2
frame-ancestors 'self' *.cisco.com; 2
default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; object-src 'none'; worker-src 'self'; block-all-mixed-content 2
frame-ancestors 'self' https://www.renesas.cn http://www.renesas.cn https://icp.renesas.com http://icp.renesas.com https://icp.renesas.cn http://icp.renesas.cn http://www3.renesas.cn https://www3.renesas.cn 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: upscope.com *.upscope.com app-cdn.upscope.io js.stripe.com app.intercom.io widget.intercom.io js.intercomcdn.com snap.licdn.com www.googletagmanager.com code.upscope.io js.upscope.io assets.apollo.io data.upscope.com; frame-ancestors 'self' 2
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://*.zenaps.com https://*.criteo.com https://static.criteo.net https://tpc.googlesyndication.com https://wb.messengerpeople.com https://ct.pinterest.com https://*.recaptcha.net https://*.snapchat.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://ln-rules.rewardstyle.com https://www.pinterest.com https://www.pinterest.co.uk https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance https://app.qubit.com blob: https://*.abtasty.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://d2d7do8qaecbru.cloudfront.net; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://analytics.tiktok.com https://*.google.co.uk https://tr.snapchat.com https://*.qubit.com https://*.qubitproducts.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://horizon-api.www.myprotein.com https://*.contentsquare.net https://*.abtasty.com https://*.rlcdn.com https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://*.storystream.ai https://*.pndsn.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://*.vimeocdn.com https://player.vimeo.com https://*.criteo.com https://*.criteo.net https://*.akamaized.net https://sgtm.myprotein.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn https://d7c4jjeuqag9w.cloudfront.net blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com https://fonts.smct.co https://fonts.smct.io; form-action 'self' https://www.facebook.com https://checkout.myprotein.com https://connect.facebook.net https://m.myprotein.com https://www.myprotein.com https://ct.pinterest.com https://*.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; manifest-src 'none' 'self'; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn https://player.vimeo.com https://media.storystream.ai https://*.akamaized.net blob: https://*.vimeocdn.com https://*.myprotein.com; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://*.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://*.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://*.googletagservices.com https://*.google.co.uk https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://*.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.googlesyndication.com https://static.ads-twitter.com https://*.twitter.com https://s.pinimg.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://sc-static.net https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://twitter.com https://tpc.googlesyndication.com https://*.baidu.com https://www.google.com https://google.co.uk https://lantern.roeyecdn.com https://lantern.roeye.com https://analytics.tiktok.com https://*.ibytedtos.com https://static.thgcdn.cn https://static.goqubit.com https://*.qubit.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://assets.dekopay.com blob: https://*.abtasty.com https://tr.snapchat.com https://cdn.pubnub.com https://sgtm.myprotein.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://ucarecdn.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn https://d7c4jjeuqag9w.cloudfront.net https://*.abtasty.com https://*.gstatic.com https://fonts.smct.co https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data:; frame-src https://* about: javascript:; frame-ancestors 'self' http://*.vegas.com https://*.vegas.com 2
object-src 'none'; report-uri /report-csp-violation 2
style-src 'self' 'unsafe-inline' api-maps.yandex.ru fonts.googleapis.com www.youtube.com broker-vb-temp.halykbank.kz; 2
default-src 'self' *.sensortower.com *.sensortower-china.com *.facebook.com; connect-src 'self' *.sensortower.com *.sensortower-china.com *.netlify.app *.bugsnag.com *.lever.co *.doubleclick.net *.adroll.com *.google-analytics.com *.analytics.google.com analytics.google.com cdn.cookielaw.org *.mktoutil.com *.mktoresp.com *.salesloft.com *.pubmatic.com *.advertising.com *.taboola.com *.3lift.com *.clickagy.com *.zoominfo.com *.osano.com *.linkedin.oribi.io; base-uri 'none'; form-action *.facebook.com connect.facebook.net; img-src * data:; media-src * data:; object-src 'none'; script-src 'self' 'unsafe-inline' *.sensortower.com *.sensortower-china.com *.zoominfo.com *.google-analytics.com *.facebook.net *.bizible.com *.licdn.com *.cookielaw.org *.googletagmanager.com *.marketo.net *.salesloft.com *.adroll.com e.infogram.com *.vidyard.com *.clickagy.com *.osano.com *.metadata.io; style-src 'self' 'unsafe-inline' *.sensortower.com *.sensortower-china.com fonts.googleapis.com *.googletagmanager.com; font-src 'self' *.sensortower.com *.sensortower-china.com fonts.gstatic.com data:; frame-src 'self' *.sensortower.com *.sensortower-china.com e.infogram.com *.vidyard.com; frame-ancestors 'self' https://app.contentful.com; 2
worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 2
script-src 'self' 'unsafe-inline' munchkin.marketo.net *.facebook.net *.googletagmanager.com *.mxpnl.com *.chtbl.com *.barracudamsp.com *.cookielaw.org *.marketo.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.demandbase.com *.vidyard.com *.adroll.com *.licdn.com *.redditstatic.com *.liveperson.net *.lpsnmedia.net assets.adobedtm.com *.driftt.com *.searchcdn.com unpkg.com *.youtube.com *.highcharts.com *.zi-scripts.com 2
frame-ancestors http://webvisor.com 2
default-src 'self' www.microsoft.com; script-src 'self' www.microsoft.com js.monitor.azure.com assets.adobedtm.com wcpstatic.microsoft.com mem.gfx.ms 'unsafe-inline' snap.licdn.com www.clarity.ms *.google.com www.gstatic.com 204-kzg-685.mktoweb.com bat.bing.com acdn.adnxs.com; style-src 'self' www.microsoft.com 'unsafe-inline' 204-kzg-685.mktoweb.com; font-src 'self' c.s-microsoft.com www.microsoft.com data:; img-src 'self' data: img-prod-cms-rt-microsoft-com.akamaized.net googleads.g.doubleclick.net www.facebook.com px.ads.linkedin.com *.google.com *.google.co * dev-about.ads.microsoft.com qa-about.ads.microsoft.com about.ads.microsoft.com; connect-src 'self' js.monitor.azure.com assets.adobedtm.com wcpstatic.microsoft.com mem.gfx.ms px.ads.linkedin.com mscom.demdex.net browser.events.data.microsoft.com d.clarity.ms target.microsoft.com dpm.demdex.net *.clarity.ms/collect bat.bing.com dev-about.ads.microsoft.com qa-about.ads.microsoft.com about-uat.ads.microsoft.com beta-about.ads.microsoft.com about.ads.microsoft.com *.adnxs.com; frame-src 'self' *.google.com * 204-kzg-685.mktoweb.com www.microsoft.com; 2
default-src 'self' d1a19ys8w1wkc1.cloudfront.net; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' https://rcdfcdn.mars.com https://stage-rcdfcdn.mars.com; worker-src * blob:; style-src * 'unsafe-inline'; 2
default-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru payanyway.ru *.payanyway.com ; script-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru payanyway.ru *.payanyway.com payanyway.ru https://pay.google.com https://pay.yandex.ru https://mc.yandex.ru 'report-sample' 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru payanyway.ru www.payanyway.ru *.payanyway.com 'unsafe-inline'; img-src * data:; font-src 'self' data: *.moneta.ru *.moneta.com *.payanyway.ru payanyway.ru *.payanyway.com ; connect-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru payanyway.ru sbp.payanyway.ru *.payanyway.com https://mc.yandex.ru https://qr.nspk.ru ; frame-src https: sberpay: sbolpay: qr.nspk.ru ; report-uri /cspreport.htm 2
default-src 'self'; connect-src https: wss:; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com; frame-src https:; img-src https: data:; media-src https: blob:; worker-src blob:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; form-action https:; report-uri https://csp-reports.globalweb.aws.assaabloy.com/reports; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.sprinklr.com *.leadfamly.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com data: *.sprinklr.com; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-src *; frame-src *; media-src * blob:; worker-src * blob:; 2
frame-ancestors https://*.enjoy4fun.com https://*.beesads.com 2
report-uri https://www.homeaffairs.gov.au; frame-ancestors https://app.monsido.com https://*.immi.gov.au https://*.border.gov.au https://*.customs.gov.au https://*.abf.gov.au https://*.homeaffairs.gov.au https://*.harmony.gov.au https://*.nationalsecurity.gov.au https://*.idmatch.gov.au https://*.disasterassist.gov.au https://*.livingsafetogether.gov.au https://*.organisationalresilience.gov.au https://*.tisn.gov.au https://*.triplezero.gov.au https://*.cicentre.gov.au https://*.mara.gov.au https://*.auscheck.gov.au https://*.CISC.gov.au https://*.cetc.gov.au https://*.osi.gov.au https://*.gov.au https://bordertv.au.vbrickrev.com https://*.translation.gov.au https://*.odwt.app 2
default-src 'self' www.app5.unisys.com js.qualified.com wwwdev-unisyscorp.msappproxy.net wwwqa-unisyscorp.msappproxy.net data: ws: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.adsrvr.org *.intentsify.io acdn.adnxs.com *.techtarget.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com js.qualified.com www.googleadservices.com *.optimizely.com *.twitter.com *.gartner.com cdn.pdst.fm www.gstatic.com *.6sc.co t.contentsquare.net app.contentsquare.com *.google.com *.cloudfront.net *.createjs.com *.facebook.net *.eloqua.com *.statcounter.com *.youtube.com *.vimeocdn.com *.en25.com *.demandbase.com *.hotjar.com *.licdn.com *.adroll.com https://www.google-analytics.com *.googletagmanager.com https://js.ipredictive.com *.google-analytics.com *.trustarc.com https://www.googletagmanager.com https://vimeo.com *.vimeo.com https://js.hs-banner.com https://js.hs-scripts.com https://js.usemessages.com https://js.hscollectedforms.net https://js.hs-analytics.net https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://code.jquery.com https://s7.addthis.com https://v1.addthisedge.com https://m.addthis.com/ https://z.moatads.com https://maxcdn.bootstrapcdn.com https://www.facebook.com *.episerver.net *.bing.com *.virtualearth.net *.unisys.com https://api.company-target.com *.sharethis.com https://unpkg.com *.consensu.org https://ajax.googleapis.com https://cdnjs.cloudflare.com https://t.contentsquare.net/ https://static.ads-twitter.com/ *.newscred.com *.rezync.com; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.gartner.com https://fonts.googleapis.com *.episerver.net *.bing.com https://maxcdn.bootstrapcdn.com https://unpkg.com *.sharethis.com https://*.unisys.com; img-src 'self' blob: data: http: https: *.ipredictive.com www.googletagmanager.com *.contentsquare.net https://cdn.optimizely.com; font-src 'self' *.gartner.com data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.unisys.com; connect-src 'self' *.ads.linkedin.com https://logx.optimizely.com *.techtarget.com *.demandbase.com https://*.optimizely.com https://us-central1-adaptive-growth.cloudfunctions.net *.optimizely.com *.6sc.co *.adnxs.com cdn.linkedin.oribi.io *.trustarc.com *.hotjar.io *.hotjar.com *.doubleclick.net *.google.com *.googletagmanager.com *.google-analytics.com https://forms.hubspot.com https://api.hubspot.com https://m.addthis.com https://dc.services.visualstudio.com https://vimeo.com ws: wss: *.bing.com *.episerver.net *.virtualearth.net https://api.company-target.com https://c.statcounter.com *.contentsquare.net; child-src blob: 'self' *.trustarc.com https://api.hubspot.com https://app.hubspot.com https://vimeo.com *.vimeo.com https://www.youtube.com https://s7.addthis.com; media-src 'self' www.app5.unisys.com wwwdev-unisyscorp.msappproxy.net wwwqa-unisyscorp.msappproxy.net https://*.unisys.com; frame-src * csxd.unisys.com; worker-src 'self' blob: data: 2
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://store.akamai.steamstatic.com/ https://store.akamai.steamstatic.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://community.akamai.steamstatic.com/ https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://shared.akamai.steamstatic.com/ https://checkout.steampowered.com/; frame-src 'self' steam:  http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'none'; 2
default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' data:; object-src 'none'; frame-src 'self' https://player.vimeo.com/ https://download-video.akamaized.net/ https://www.google.com/; connect-src 'self' https://yoast.com/ https://www.google-analytics.com/ https://region1.google-analytics.com/; media-src 'self' https://player.vimeo.com/ https://download-video.akamaized.net/ https://vod-progressive.akamaized.net/; form-action 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/ https://www.gstatic.com/ https://deliveryhero.com/ https://www.googletagmanager.com/ https://www.buzzsprout.com/ https://cdnjs.cloudflare.com/; style-src 'self' 'unsafe-inline'; img-src 'self' https://s.w.org/ https://ps.w.org/ https://secure.gravatar.com/ https://pubads.g.doubleclick.net/  data:; worker-src 'self' blob:; report-to csp-endpoint; 2
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation-by-user-activation; frame-ancestors 'self' *.huffpost.com *.huffingtonpost.com *.huffpost.net *.buzzfeed.com clients.opinary.com compass.pressekompass.net *.newsbreak.com *.newsbreakapp.com *.upday-content.com *.upday.com; report-uri https://huffpost.report-uri.com/r/d/csp/enforce; 2
frame-ancestors 'self' *.authorize.net 2
worker-src 'self' https:; 2
frame-ancestors 'self' https://*.riu.com https://*.apps.riu.com https://*.stay-app.com https://www.googleapis.com https://*.google.com https://connect.facebook.net https://*.akamaitechnologies.com https://*.yandex.com https://*.msn.com https://*.googlebot.com https://*.gstatic.com https://static.cloudflareinsights.com https://www.riuagents.com; 2
default-src 'none'; media-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self'; connect-src 'self'; 2
object-src 'none'; form-action 'self'; frame-ancestors 'none' 2
default-src https:  wss://*.hotjar.com wss://*.qualified.com; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self' *.experityhealth.com; frame-src data: https:; media-src blob: data: https:; object-src 'self' blob:; worker-src blob: 'self'; child-src blob:; upgrade-insecure-requests; 2
frame-ancestors 'self' https://*.europeanpressprize.com https://europeanpressprize.com 2
default-src 'self' https://*.e-i.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.e-i.com https://*.linkedin.com https://cdn.matomo.cloud https://cdn.tagcommander.com https://cmcic.matomo.cloud https://googleads.g.doubleclick.net https://platform.linkedin.com https://snap.licdn.com https://tag.aticdn.net https://www.google.com https://www.google.com/recaptcha/ https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.e-i.com; img-src 'self' blob: data: https://*.e-i.com https://*.linkedin.com https://ad.doubleclick.net https://conv.indeed.com/pagead/ https://googleads.g.doubleclick.net https://i.ytimg.com https://img.youtube.com https://manager.tagcommander.com https://www.google.com https://www.google.fr https://www.googletagmanager.com; object-src 'none'; media-src 'self' blob: https://*.e-i.com; base-uri 'none'; form-action 'self' https://www.linkedin.com; frame-ancestors 'self'; child-src 'self' blob: https://*.e-i.com https://*.fls.doubleclick.net https://api.linkedin.com https://bid.g.doubleclick.net https://recaptcha.google.com https://td.doubleclick.net https://www.google.com https://www.linkedin.com https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://*.e-i.com https://*.googlesyndication.com https://*.linkedin.com https://adservice.google.com https://cmcic.matomo.cloud https://googleads.g.doubleclick.net https://logs1412.xiti.com https://stats.g.doubleclick.net https://www.google.com https://www.googleadservices.com https://zkkwkzt.pa-cd.com; report-uri 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src https: data:; worker-src blob:; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubb61413121040ab6931e3bb32a195b78a&dd-evp-origin=content-security-policy&ddsource=csp-report; 2
frame-ancestors 'self' www.united-internet-media.de adimg.uimserv.net advideo.uimserv.net 2
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: * 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 2
default-src 'self' https://*.giosg.com https://*.giosgusercontent.com https://*.interactionbuilder.giosg.com https://*.mouseflow.com; img-src 'self' https://*.mouseflow.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.google.fi https://*.google.ie https://*.google.nl https://*.bing.com https://*.omtrdc.net https://*.tt.omtrdc.net https://*.onetrust.com https://*.onetrust.eu https://*.demdex.net https://*.everesttech.net https://*.adobedtm.com https://*.facebook.com https://*.linkedin.com https://*.adform.net https://*.g.doubleclick.net https://app.readpeak.com https://*.giosgusercontent.com https://images.ctfassets.net data:; media-src https://*; script-src 'unsafe-inline' 'unsafe-eval' https://*; style-src 'unsafe-inline' 'self' https://*; connect-src https://* wss://*.service.lahitapiola.fi; frame-src https://*; worker-src blob:; child-src https://*.mouseflow.com blob:; font-src 'self' https://*.googleapis.com/ https://*.gstatic.com https://*.giosgusercontent.com https://*.mouseflow.com; 2
frame-ancestors 'self' https://*.fashionjobs.com https://*.fashionnetwork.com https://*.fashiongroup.com https://*.fashionmag.biz https://fashionmag.biz https://fashionnetworkevents.com https://*.fashionnetworkevents.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://sb.scorecardresearch.com https://*.yahoo.com blob: wss:; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation allow-storage-access-by-user-activation; img-src 'self' https: data: blob: https://*.yimg.com https://bats.video.yahoo.com https://*.scorecardresearch.com https://*.adaptv.advertising.com https://trk.vidible.tv https://beap.gemini.yahoo.com https://api.cloudinary.com; object-src https://*.engadget.com https://s.yimg.com https://api.cloudinary.com; worker-src 'self' blob:; manifest-src 'self' https://s.yimg.com; font-src 'self' data: https://*.engadget.com https://s.yimg.com https://fonts.gstatic.com https://*.spot.im https://assets.video.yahoo.net; connect-src 'self' https://*.engadget.com https://s.yimg.com https://*.yahoo.net https://*.yahoo.com https://*.yahoosandbox.com https://*.oath.com https://*.advertising.com https://*.cdn.yimg.com https://ad.doubleclick.net https://*.doubleverify.com https://*.googlesyndication.com https://*.spot.im https://*.giphy.com https://*.vidible.com https://*.media.yahoo.com:4443 https://*.skimresources.com https://*.taboola.com https://securepubads.g.doubleclick.net https://*.spotim.market https://*.criteo.com https://*.criteo.net https://*.pubmatic.com https://*.rubiconproject.com https://*.lijit.com https://*.gumgum.com https://*.openx.net https://*.adtelligent.com https://*.casalemedia.com https://*.creativecdn.com https://*.adnxs.com https://*.nighttstand.com https://*.rlcdn.com https://*.adsrvr.org https://*.adform.net https://*.vidible.tv https://*.uplynk.com https://*.edgekey.net https://*.doubleclick.net https://d1z2jf7jlzjs58.cloudfront.net https://*.pixel.parsely.com https://*.aniview.com https://*.ad-score.com https://polarcdn-terrax.com https://*.polarcdn-terrax.com https://*.polarcdn.com https://polarcdn-engine.com https://polarcdn-pentos.com https://videodelivery.net https://*.videodelivery.net https://sf-hs-sg.ibytedtos.com https://b1h.zemanta.com https://hb-api.omnitagjs.com https://search.spotxchange.com https://video-api.yql.yahoo.com https://edgecast-vod.yimg.com https://assets.video.yahoo.net https://cdn-ssl.vidible.tv/prod https://*.doubleclick.net https://edgecast-vod.yahoo.net https://*.vpg.cdn.yimg.com https://s.yimg.com https://media.zenfs.com https://assets.video.yahoo.net https://ads.adaptv.advertising.com https://video.adaptv.advertising.com https://tpc.googlesyndication.com/ima3vpaid https://*.adsafeprotected.com https://*.pictela.net https://api.cloudinary.com https://*.media.net https://*.clean.gg https://*.liadm.com https://sdk.privacy-center.org/f5623e34-377a-419c-8bb7-3928cebffbc9/ https://icu.newsroom.bi/ingest.php https://events.newsroom.bi https://flowcards.mrf.io https://compassdata.mrf.io https://sdk.mrf.io; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://*.engadget.com https://*.oath.com https://*.yahoo.com; report-uri https://csp.yahoo.com/beacon/csp?src=engadget; report-to csp-endpoint; 2
default-src 'self' 'unsafe-eval' http: https: data: blob: 'unsafe-inline' 2
frame-ancestors 'self' https://builder.io; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:; frame-ancestors https://epson.com https://*.epson.com https://*.epson.jp https://*.epson https://*.goepson.com https://epson.ca https://epson.com.mx https://epson.com.ar https://epson.com.bo https://epson.com.br https://epson.co.cr https://epson.cl https://epson.com.co https://epson.com.do https://epson.com.ec https://epson.com.py https://epson.com.pe https://epson.com.uy https://epson.com.ve https://solheimcup2023.eu https://cm.lpga.com https://cm.epsontour.com https://www.lpga.com https://www.epsontour.com https://www.skyscanner.net https://widgets.skyscanner.net https://js.skyscnr.com https://css.skyscnr.com 2
default-src 'self'; frame-src 'none'; connect-src 'self'; font-src 'self' data:; img-src 'self' data:; media-src data:; script-src 'self' 'unsafe-eval' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc='; style-src 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'none'; block-all-mixed-content; form-action 'none'; 2
frame-ancestors www.xendit.co 2
frame-ancestors 'self'; img-src 'self'; 2
frame-ancestors 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://assets.adobedtm.com https://*.google-analytics.com https://*.serving-sys.com https://player.vimeo.com https://www.googletagmanager.com https://*.g.doubleclick.net https://dc.ads.linkedin.com https://connect.facebook.net https://www.facebook.com  https://www.google.it https://www.google.com https://luxottica.122.2o7.net https://*.linkedin.com https://explore.eyemed.com https://p.adsymptotic.com https://s3-us-west-2.amazonaws.com  https://ajax.googleapis.com https://preview.luxotticaeyecare.luxottica.com https://www.youtube.com https://code.jquery.com https://cdnjs.cloudflare.com https://fast.wistia.net https://eyemed.com https://vimeo.com https://soundcloud.com https://docs.google.com https://up.pixel.ad https://*.basis.net https://*.sitescout.com https://*.doubleclick.net https://region1.analytics.google.com https://*.clarip.com ; 2
object-src *.calgary.ca:*; frame-ancestors *.calgary.ca:* *.coc.ca thecityofcalgary.maps.arcgis.com 2
default-src 'self' 'unsafe-inline';frame-src 'self' 'unsafe-inline' https://cnhindustrialnv.gcs-web.com https://auth1.cnhindustrial.com https://www1.cnhindustrial.com https://open.spotify.com https://iveco.ubiest.com https://tools.eurolandir.com https://vimeo.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://www.stockexpert.it https://www.google.com https://servizi2.message-asp.com;img-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://tmpprod-eucompwaf010.azureedge.net data:;style-src 'self' 'unsafe-inline' https://privacyportal-eu-cdn.onetrust.com https://fonts.googleapis.com;font-src 'self' 'unsafe-inline' https://privacyportal-eu-cdn.onetrust.com https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content;script-src-elem 'self' 'unsafe-inline' https://cnhindustrialnv.gcs-web.com/ https://auth1.cnhindustrial.com https://www1.cnhindustrial.com https://privacyportal-eu-cdn.onetrust.com https://www.google-analytics.com https://www.youtube.com https://cdn.cookielaw.org https://www.google.com https://www.gstatic.com https://geolocation.onetrust.com https://www.googletagmanager.com https://static.site24x7rum.eu;connect-src 'self' 'unsafe-inline' https://cnhindustrialnv.gcs-web.com/ https://auth1.cnhindustrial.com https://www1.cnhindustrial.com https://privacyportal-eu-cdn.onetrust.com https://region1.google-analytics.com https://charts3.equitystory.com https://cdn.cookielaw.org https://www.google-analytics.com https://geolocation.onetrust.com https://col.site24x7rum.eu https://www.youtube.com;script-src 'self' 'unsafe-inline' https://cnhindustrialnv.gcs-web.com/ https://auth1.cnhindustrial.com https://www1.cnhindustrial.com https://charts3.equitystory.com https://cdn.cookielaw.org https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://geolocation.onetrust.com https://www.youtube.com;frame-ancestors 'self'; 2
frame-ancestors 'self' https://microapps.google.com https://workspace.hansel.io https://www.atlasobscura.com https://www.flyertalk.com https://www.smartertravel.com https://www.afar.com https://roadtrippers.com https://matadornetwork.com https://www.cloudsdeal.com https://www.top10coupons.in https://www.oyoos.com; 2
frame-ancestors *.frankfurt-airport.com *.fraport.de https://fraportag.sharepoint.com https://external.airport.ai; 2
base-uri 'none'; font-src 'self' data: *.screeb.app blob:; img-src 'self' data: idfm-production-rp.osc-secnum-fr1.scalingo.io *.screeb.app images.prismic.io data.iledefrance-mobilites.fr portail-idfm.cdn.prismic.io *.contentsquare.net www.iledefrance-mobilites.fr iledefrance-mobilites.fr; object-src 'none'; style-src 'self' 'unsafe-inline' storage.googleapis.com fonts.googleapis.com *.screeb.app cdn.jsdelivr.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.matomo.cloud t.screeb.app www.youtube.com blob: rogeraccess.rogervoice.com idfm-production-common-design.osc-secnum-fr1.scalingo.io storage.googleapis.com *.contentsquare.net; connect-src 'self' idfm-production-back.osc-secnum-fr1.scalingo.io *.contentsquare.net *.matomo.cloud wss://*.screeb.app *.screeb.app; default-src 'self'; frame-src 'self' *.screeb.app data.iledefrance-mobilites.fr www.youtube.com production-rogeraccess-webapp.rogervoice.com; media-src 'self' blob:; 2
default-src * blob: 'unsafe-inline' 'unsafe-eval'; script-src * blob: 'unsafe-inline' 'unsafe-eval'; worker-src * blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; font-src * data: 'unsafe-inline'; frame-ancestors 'self'; form-action *; report-to endpoint-1 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri https://iplogger.org/csp.php; 2
script-src 'strict-dynamic' 'nonce-rAnd0m123' 'unsafe-inline' http: https:; object-src 'none'; base-uri 'none'; require-trusted-types-for 'script'; report-uri https://remote.vis.com.tw; 2
default-src 'none'; connect-src 'self' 'unsafe-inline' https://cdn.cookielaw.org/ https://www.google-analytics.com/ https://*.facebook.com; font-src 'self' data: https://cdnjs.cloudflare.com/ https://*.google.com/ https://*.typekit.net/; img-src 'self' data: https://*.gravatar.com/ https://*.ytimg.com/ https://*.gstatic.com/ https://*.google.com/ https://www.google-analytics.com/; frame-src 'self' https://www.youtube-nocookie.com/ https://*.twitter.com/ https://*.google.com/ https://*.facebook.com https://*.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://*.gstatic.com/ https://*.google.com/ https://*.typekit.net/; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://cdn.cookielaw.org/ https://ajax.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://*.twitter.com/ https://*.gstatic.com/ https://*.google.com/ https://*.typekit.net/; block-all-mixed-content; 2
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.com https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.com https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com ;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.com  https://smetrics.vwfs.com https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.com;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.com https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com https://*.google.com;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.com https://smetrics.vwfs.com https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com ;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net ;            media-src https://www.youtube-nocookie.com 'self' ; 2
default-src 'self' wss: https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.atriumhealth.org https://*.evgnet.com https://*.fortawesome.com https://*.googleapis.com https://*.odeza.com https://atriumhealth.secure.force.com https://atriumhealthbotv4windows.azurewebsites.net https://az416426.vo.msecnd.net https://cdnjs.cloudflare.com https://clres.s3.amazonaws.com https://code.jquery.com https://dev.virtualearth.net https://developers.google.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://static.cloud.coveo.com https://unpkg.com https://www.bing.com https://www.google.com https://www.gstatic.com https://www.youtube.com https://connect.facebook.net; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.atriumhealth.org https://*.evgnet.com https://*.fortawesome.com https://use.fortawesome.com https://*.googleapis.com https://*.odeza.com https://atriumhealth.us-7.evergage.com https://az416426.vo.msecnd.net https://cdnjs.cloudflare.com https://clres.s3.amazonaws.com https://code.jquery.com https://dev.virtualearth.net https://developers.google.com https://maxcdn.bootstrapcdn.com https://r.bing.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://static.cloud.coveo.com https://unpkg.com https://www.bing.com https://www.google.com https://www.gstatic.com https://www.youtube.com https://connect.facebook.net; 2
default-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.youtube.com; img-src 'self' *.zoll.de zoll.de *.itzbund.de *.geodatenzentrum.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.youtube.com 2
default-src 'self'  *.arista.com;  frame-ancestors 'self'  *.arista.com;  form-action 'self'  *.arista.com  *.onelogin.com  *.salesforce.com  forms.hsforms.com  syndication.twitter.com;  script-src 'self'  'unsafe-inline'  'unsafe-eval'  customer.cludo.com  cdn.cookielaw.org  geolocation.onetrust.com  js.hsforms.net  forms.hsforms.com  js-na1.hs-scripts.com  js.hs-analytics.net  js.hs-banner.com  js.hsleadflows.net  *.smartrecruiters.com  www.google.com  *.gstatic.com  www.google-analytics.com  *.googletagmanager.com  maps.google.com  maps.googleapis.com  *.googleapis.com  platform.twitter.com  cdn.syndication.twimg.com  connect.facebook.net  platform.linkedin.com  www.youtube.com;  connect-src 'self'  api-eu1.cludo.com  api.cludo.com  cdn.cookielaw.org  geolocation.onetrust.com  privacyportal.onetrust.com  forms.hsforms.com  forms.hubspot.com  stats.g.doubleclick.net  www.google-analytics.com *.analytics.google.com *.googletagmanager.com;  child-src 'self'  forms.hsforms.com  js.hs-analytics.net  www.youtube.com  www.facebook.com  web.facebook.com  platform.twitter.com  syndication.twitter.com  web.facebook.com  www.google.com  www.google-analytics.com  *.livestream.com  vimeo.com  player.vimeo.com;  style-src 'self'  'unsafe-inline'  fonts.googleapis.com  platform.twitter.com  *.twimg.com;  font-src  'self'  fonts.gstatic.com;  img-src 'self' data:  customer.cludo.com  cdn.cookielaw.org  perf.hsforms.com  track.hubspot.com  forms-na1.hsforms.com  forms.hsforms.com  i.ytimg.com  *.gstatic.com  maps.google.com  maps.googleapis.com  *.googleapis.com  *.ggpht.com  www.google-analytics.com  *.googletagmanager.com  stats.g.doubleclick.net  platform.twitter.com  *.twimg.com  syndication.twitter.com  www.facebook.com  i.vimeocdn.com;  upgrade-insecure-requests;  report-uri /csp-report/ 2
style-src 'unsafe-inline' https://*.sitecore.com;base-uri 'self';connect-src https://*.6sc.co https://*.6sense.com https://*.adnxs.com https://*.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://api.ipify.org https://px.ads.linkedin.com https://*.bing.com wss://ws.qualified.com https://*.quantcount.com https://*.salesloft.com https://*.sitecore.com https://*.sitecorecloud.io;default-src data: blob: https://*.sitecore.com https://*.sitecore.net https://*.hhogdev.com https://*.stylelabs.cloud https://*.googleapis.com https://*.gstatic.com https://*.azureedge.net https://*.bolddns.net;font-src https://*.sitecore.com;frame-src https://*.google.com https://td.doubleclick.net https://capture.navattic.com https://app.qualified.com https://*.sitecore.com https://*.sitecorecontenthub.cloud;img-src https://*.6sc.co https://www.googletagmanager.com https://*.google.com https://*.google.ca https://*.google.co.uk https://googleads.g.doubleclick.net https://*.google-analytics.com https://px.ads.linkedin.com https://*.bing.com https://*.sitecore.com https://*.sitecorecloud.io https://*.sitecorecontenthub.cloud https://*.force.com https://wwwsitecorecom.azureedge.net;media-src https://app.qualified.com https://*.sitecorecloud.io https://*.sitecorecontenthub.cloud;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sitecore.com http://*.6sc.co https://*.googlesyndication.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.recaptcha.net https://*.gstatic.cn https://*.gstatic.com https://*.linkedin.com https://*.licdn.com https://*.pardot.com https://*.qualified.com https://*.salesloft.com https://d35vb5cccm4xzp.cloudfront.net https://*.bing.com https://secure.quantserve.com;style-src-attr 'unsafe-inline' https://*.sitecore.com; 2
frame-ancestors 'self' https://app.experiencewelcome.com/ 2
frame-ancestors 'self' http://broadridge.lookbookhq.com https://broadridge.lookbookhq.com http://explore.broadridge.com https://explore.broadridge.com; 2
default-src 'self'; frame-src *; media-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src * 'unsafe-inline'; font-src *; connect-src *;script-src 'unsafe-inline' t.contentsquare.net app.contentsquare.com; child-src blob:; worker-src blob:; img-src *.contentsquare.net; connect-src *.contentsquare.net; frame-src csxd.{crossdomain} 2
form-action 'self' *.facebook.com; frame-ancestors 'self' app.contentful.com; frame-src 'self' *.workhuman.com *.workhumanpreprod.com app.netlify.com *.googletagmanager.com *.doubleclick.net *.cdn.optimizely.com pixel.mathtag.com cdn.useproof.com *.cookiebot.com *.facebook.com *.twitter.com 862-jiq-698.mktoweb.com cookie.havasedge.com fast.wistia.net youtube.com www.youtube.com bat.bing.com ; base-uri 'none'; object-src 'self'; child-src 'self' *.fls.doubleclick.net; upgrade-insecure-requests; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce 2
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 2
frame-ancestors 'self' support.azazie.com customerservice.azazie.com 2
font-src 'self' 2
default-src * blob:; connect-src https: wss:; font-src https: data:; frame-src https: data: qa-freeconferencecall: freeconferencecall: qa-startmeeting: startmeeting:; img-src https: data:; media-src https: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: data:; style-src https: 'unsafe-inline'; worker-src https: blob:; report-uri https://csp-bin.freeconferencecall.com/bins/b56a1d03/ 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com  *.stitcher.com use.typekit.net https://fonts.gstatic.com data:; media-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.gstatic.com *.bakermckenzie-podcastlibrary-wordpress.onenorth.com bakermckenzie-podcastlibrary-wordpress.onenorth.com blob: ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.oribi.io *.onetrust.com  *.stitcher.com *.google-analytics.com translate.googleapis.com stats.g.doubleclick.net cdn.cookielaw.org *.mktoresp.com blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com translate.google.com *.google-analytics.com app-static.turtl.co static.ads-twitter.com munchkin.marketo.net cdn.cookielaw.org snap.licdn.com *.ceros.com connect.facebook.net *.cloudfront.net; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: filesystem: *.google-analytics.com *.bakermckenzie.com bakermckenzie.com *.googletagmanager.com gstatic.com *.gstatic.com translate.google.com *.siteimproveanalytics.io px.ads.linkedin.com *.linkedin.com p.adsymptotic.com  cdn.cookielaw.org; frame-src 'self' gateway.zscalertwo.net *.youtube.com *.stitcher.com *.libsyn.com *.buzzsprout.com *.spotify.com *.podbean.com *.soundcloud.com *.podcasts.apple.com omny.fm *.vbrick.com *.bryter.io *.bakermckenzie.com *.youtube-nocookie.com *.vimeo.com *.google.com *.googletagmanager.com *.yoshki.com app-static.turtl.co view.ceros.com 2
frame-ancestors *.pennymac.com *.adobe.com 2
frame-ancestors *.acuitybrandslighting.net *.acuitybrands.com *.acuitybrands.ca *.acuitybrands.com.mx *.acuitybrandstoronto.com *.besalfund.org *.dglogik.com *.distech-controls.com *.eldoled.com *.iotaengineering.com *.ke2therm.com *.luminis.com *.mcclungfoundation.org; 2
default-src  'self'; img-src  'self'; script-src  'self' 'unsafe-inline'; object-src  'self'; style-src  'self' 'unsafe-inline'; 2
default-src 'self' blob:; img-src 'self' *.boxcdn.net *.maropost.com *.amazonaws.com *.adyen.com *.cloudfront.net *.userlike.com flp-service.zendesk.com static.zdassets.com consent.cookiefirst.com *.ytimg.com *.livehelpnow.net *.pcdn.co *.sharethis.com  *.contentsquare.net *.content-square.fr *.contentsquare.com *.googleapis.com *.s3.us-east-1.amazonaws.com *.s3.us-east-2.amazonaws.com *.amazonaws.com *.gstatic.com *.clicktale.net pixy.org *.chargebee.com *.nextsphere.com *.ppipe.net *.myecheck.com *.oppwa.com  *.flptitan.com *.foreverliving.com *.flpi.com foreverliving.com seeklogo.com  stats.g.doubleclick.net www.google.com www.google.com.sg data: *.s3.us-west-2.amazonaws.com *.s3-us-west-2.amazonaws.com www.google.co.in *.vimeocdn.com *.youtube.com *.s3.amazonaws.com x1.xingassets.com  blob:  oppwa.com *.google-analytics.com data: s3-us-west-2.amazonaws.com *.facebook.com *.googletagmanager.com optimize.google.com *.boxcloud.com app.tlinky.com *.fedex.com *.google.co.uk *.google.ie widgets.trustedshops.com *.google.com.mm; script-src 'self' *.userlike.com *.cdn01.boxcdn.net api.smooch.io *.adyen.com *.nexiopay.com *.cdn.jsdelivr.net *.jsdelivr.net *.amazonaws.com *.worldpay.com *.cloudfront.net *.mgipayments.com *.boxcdn.net *.boxcloud.com *.box.com *.s3-eu-west-1.amazonaws.com *.payvision.com *.siteprerender.com siteprerender.com *.google.com *.mgr.consensu.org *.livehelpnow.net *.contentsquare.net *.content-square.fr *.contentsquare.com *.sharethis.com walls.io  *.facebook.net *.cdn-javascript.net cdn-javascript.net x-apple-ql-id *.static-resource.com static-resource.com flpqa.com flp.com flp360.social *.flpqa.com *.flp.com *.flp360.social *.clicksapp.net clicksapp.net *.s3.us-east-1.amazonaws.com *.clicktale.net *.chargebee.com *.authorize.net *.ppipe.net www.youtube.com *.oppwa.com  *.s3-us-west-2.amazonaws.com *.myecheck.com *.googleapis.com *.flptitan.com foreverliving.com *.foreverliving.com *.flpi.com *.cloudflare.com *.bootstrapcdn.com  *.s3.amazonaws.com  *.dropbox.com *.nextsphere.com optimize.google.com www.googletagmanager.com *.google-analytics.com blob: fonts.gstatic.com test.acaptureservices.com   *.clicksafe.lloydstsb.com oppwa.com acaptureservices.com  consent.cookiefirst.com www.dropbox.com content.googleapis.com dl.dropboxusercontent.com graph.microsoft.com static.zdassets.com js.live.net *.paypal.com *.b-cdn.net connect.facebook.net js.hs-scripts.com fonts.gstatic.com maps.gstatic.com clickapp.net static-resource.com *.nexiopaysandbox.com cdn-javascript.net *.paypalobjects.com app.tlinky.com widgets.trustedshops.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.livehelpnow.net *.adyen.com *.cookiefirst.com *.clicktale.net *.chargebee.com *.cdn.jsdelivr.net *.contentsquare.net *.content-square.fr *.contentsquare.com *.google-analytics.com *.nextsphere.com x-apple-ql-id *.s3-us-west-2.amazonaws.com *.ppipe.net *.typekit.net *.oppwa.com *.myecheck.com *.acaptureservices.com *.flptitan.com *.foreverliving.com foreverliving.com *.flpi.com *.google.com fonts.googleapis.com cdnjs.cloudflare.com oppwa.com *.s3.amazonaws.com maxcdn.bootstrapcdn.com app.tlinky.com *.nexiopaysandbox.com *.nexiopay.com *.boxcdn.net googletagmanager.com cdn.honey.io 'unsafe-inline'; font-src 'self' *.boxcdn.net *.cdn01.boxcdn.net *.nexiopay.com *.box.com *.cdn.jsdelivr.net *.cloudfront.net *.livehelpnow.net *.clicktale.net *.chargebee.com *.nextsphere.com *.ppipe.net *.contentsquare.net *.content-square.fr *.contentsquare.com *.typekit.net *.myecheck.com  flpqa.com flp.com flp360.social *.flpqa.com *.flp.com *.flp360.social *.bootstrapcdn.com *.oppwa.com *.flptitanqa.com *.flptitan.com *.foreverliving.com foreverliving.com *.flpi.com data: cdnjs.cloudflare.com fonts.gstatic.com *.b-cdn.net *.s3.amazonaws.com oppwa.com 'unsafe-inline'; connect-src 'self' wss://umd.userlike.com wss://chat.userlike.com *.nexiopay.com *.s3.us-east-2.amazonaws.com v2.zopim.com ekr.zdassets.com flp-service.zendesk.com *.1drv.com *.nexiopay.com *.cloudfront.net *.cookiefirst.com *.adyen.com *.userlike.com *.box.com *.boxcloud.com api.ipify.org *.livehelpnow.net *.consensu.org *.vimeocdn.com *.contentsquare.net *.content-square.fr *.contentsquare.com *.sharethis.com *.googleapis.com www.google.com.sg stats.g.doubleclick.net www.facebook.com *.s3.us-west-2.amazonaws.com *.socialsales.io *.clicktale.net *.nextsphere.com  *.ppipe.net vimeo.com *.authorize.net  *.myecheck.com *.oppwa.com *.flpi.com *.nstitan.com  s3-us-west-2.amazonaws.com *.s3.amazonaws.com *.acaptureservices.com *.s3-us-west-2.amazonaws.com *.chargebee.com *.google.com oppwa.com *.mgipayments.com *.google-analytics.com www.googletagmanager.com graph.microsoft.com google.com *.worldpay.com *.zdassets.com *.trustedshops.com api.trustbadge.etrusted.com trustbadge.api.etrusted.com logging.trustbadge.com content.googleapis.com dl.dropboxusercontent.com *.google.co.in youtube.com static.zdassets.com *.boxcdn.net *.youtube.com wss://api.smooch.io *.s3-eu-west-1.amazonaws.com js.live.net sandbox.mgipayments.com cdn.worldpay.com sandbox.mgipayments.com  connect.facebook.net js.hs-scripts.com fonts.gstatic.com maps.gstatic.com clickapp.net cdn.jsdelivr.net static-resource.com cdn-javascript.net  *.nexiopaysandbox.com cdn.worldpay.com *.flptitan.com flptitan.com foreverliving.com app.tlinky.com *.fbo.flptitan.com *.foreverliving.com *.fbo.foreverliving.com www.gstatic.com www.dropbox.com zendesk-eu.my.sentry.io data: blob:; media-src 'self' *.boxcdn.net *.amazonaws.com *.userlike.com *.flptitan.com app.tlinky.com *.cloudfront.net *.youtube.com *.youtu.be *.foreverliving.com *.s3-us-west-2.amazonaws.com *.s3.us-west-2.amazonaws.com  blob:; frame-src 'self' *.datatrans.com *.mfgroup.ch *.nexiopay.com *.ngenius-payments.com *.boxcdn.net api.nexiopay.com *.flpqa.com *.userlike.com *.adyen.com *.amazonaws.com *.cloudfront.net *.facebook.com *.mgipayments.com *.livehelpnow.net *.sandbox.ngenius-payments.com *.acehubpaymentservices.com *.contentsquare.net *.content-square.fr *.contentsquare.com *.sharethis.com *.mgr.consensu.org  walls.io *.chargebee.com x-apple-ql-id *.youtube.com *.ppipe.net *.socialsales.io socialsales.io *.worldpay.com *.nextsphere.com  vimeo.com *.oppwa.com *.myecheck.com *.acaptureservices.com *.flptitan.com *.foreverliving.com *.clicksafe.lloydstsb.com foreverliving.com flptitan.com *.boxcloud.com *.flpi.com *.google.com *.vimeo.com oppwa.com  dl.dropboxusercontent.com graph.microsoft.com  acs-public.tp.mastercard.com content.googleapis.com *.nexiopaysandbox.com app.tlinky.com youtu.be youtube.com *.cardinalcommerce.com; frame-ancestors 'self' *.socialsales.io socialsales.io *.nexiopay.com foreverliving.com *.foreverliving.com *.flptitan.com flptitan.com *.contentsquare.net *.flptitan.com:8080 *.content-square.fr *.contentsquare.com *.chargebee.com flp360-tools.flptitan.com youtu.be app.tlinky.com flpqa.com flp.com flp360.social *.flpqa.com *.nexiopaysandbox.com *.boxcdn.net *.flp.com *.flp360.social vimeo.com *.vimeo.com *.youtube.com youtube.com *.worldpay.com 2
object-src 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 2
script-src 'self' 'sha256-q3WPosO4ONuL9p9ddEof/RtCIL08oBEgIPy68LjtLi8=' 'sha256-tMi+Pw5dWcckZaS5akdDvLbCRNPU47NUC7hBXzfNY9o=' 'sha256-rl5eji7XRCo2LMjj9lSpETeAroYm6eXnYZ57qpVunAQ=' 'sha256-iqOPaRlwwgtNy7J3vh/+LSW9/QVdN+Fl+YfMS8+GcPo=' 'sha256-PjdrWslsi4D6PN2ig+ljhmG5YLxPL647O0B9KAK8+lk=' 'sha256-51q9Jkddg0uc+3FW6ecf6jkMOr8hVAVNsxsw7gNqjjk=' 'sha256-Xh45oAnXb7apbW4QE7QEbCe4zGVzgNybHVUWDG6nMc0=' 'sha256-cWlUrd0XAxbUuEowrgGTAJOgrrFZ+Zg7KoqM0zoJi/c=' 'sha256-DRZpXPn1GCIU7BPkJ/xb/k/iZ9VtNhB0kL+R0rAyVOo=' 'sha256-MlR+o2h5r9m8DdZk1GxjLKOiL57reuEkcKKNf5Q/Xk0=' 'sha256-5z0mqfXoQdaswiTfD0q5tdra5kMX3TaXEcjX8FbSJ9c=' 'sha256-U3i1w5pESFxExrmA/RmoulibY0UtRJ6+N061RYm8GzQ=' 'sha256-iiOEk8AzgueoHkB1wHTEuNyZzJ7PvNGcU8Cf3C6QknM=' 'sha256-P3SvISywA0roA0BYCMQYftzdU53nkW8e/5A/Pqa0Zk4=' 'sha256-USTrNh+UNt+mBiIBvECPo0xWO3Z9yuN4yGO4XXSCqv8=' 'sha256-1OJoWFTRiz5Qn0QNWZG5lJWTi4v5otVmw+QefdOjXOg=' 'sha256-OpsdwbNy6088hMQRrp63vUqHaaEPpgKXuH18niYVZ34=' 'sha256-rwMOiOeVICH7/Cjy5SkreID3OOi5HTrit357k22hUDQ=' 'sha256-sWITfQ9rgDwKqksaLnQ9nrqSB5J+KfaUaMNSgpKYL0Y=' 'sha256-rNAWiF5llk4C4DGZqpiV+PC+ipjBiiMX0l8pqGf+PCU=' 'sha256-xV97M+lSIvvvSpx63GR/fApoy8sg47XkGkZkkn7RsaU=' 'sha256-FtmNZCwIPFBoItSYSjqyebn0K4W8YbpzinowGObyiZg=' 'sha256-ei+7cqqHXuFtO9PVrcrvAyAFNah0YT48+ecxANvdaik=' 'sha256-hvnpRxZVTvw5G7LyHI5AF8admAm/kEr0s1SkmYWtcN8=' 'sha256-buShqqvpyfyMytAevbY3Cjy6zZFEooyWtg42vUWrhiw=' 'sha256-pEnT8DjKoi+LpcY3MB2rFTqFbcBwMcR/g+iii2HQ2LM=' 'sha256-rNAWiF5llk4C4DGZqpiV+PC+ipjBiiMX0l8pqGf+PCU=' 'sha256-ZP3UmfOigbNFUDcrEIKj8yU0+7jeU/C4qxJ/4n4HRQo=' 'sha256-ETgXJJ3OuVkQgNb5lDzSYwJGbxchLQb3VoGwqsfYIGk=' 'sha256-mZWo2sJSmaBLGkgCpXLPpAnnLbfPaO68xCZUgjaMxVM=' 'sha256-ztI/hQqEXQp1679LG8zjtYNYa2ldiTNQJhKeNFmREiY=' 'sha256-ThwGm6ahqfkxEBtaLrV/Zo+m8ikXvcLQR4xvkp6rmug=' 'sha256-XBKoMsWPfwL9SoDgTp5Lz8RshbkmVaxQ14jQri56NjY=' 'sha256-icc0pV/PKFETIr4EibMH9gavAdBt4iL2Q28lk2GspWQ=' 'sha256-032BSw0ElgNhMyldQkJHl1X+Do+kj2rqiaK7rMQpcDs=' 'sha256-wxLN/Ivd2DLbX9YgtTaC3nt3DyofMHoUSFoaxscfjUE=' 'sha256-hZLhDYbz2Yx5f5Rp3gcoQoxx6ftd0kap4gpEEz5+fGk=' assets.adobedtm.com www.youtube.com cdn.cookielaw.org js.hs-scripts.com p.teads.tv js.adsrvr.org js.hsadspixel.net js.hs-banner.com js.hs-analytics.net connect.facebook.net demdex.net www.google.com www.gstatic.com www.googletagmanager.com tags.srv.stackadapt.com zn097ucyqha0b5qpt-aramark.siteintercept.qualtrics.com www.googleadservices.com siteintercept.qualtrics.com tag.demandbase.com privacyportaluat.onetrust.com static.hotjar.com script.hotjar.com hotjar.com platform.twitter.com www.instagram.com srv.stackadapt.com www.stackadapt.com https://embedsocial.com/ 2
frame-ancestors 'self' https://*.particle.io http://particle.lookbookhq.com https://particle.lookbookhq.com http://particle.pathfactory.com https://particle.pathfactory.com 2
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.vidyard.com *.google-analytics.com *.elliemae.com *.typekit.net *.eloqua.com *.crazyegg.com *.pingdom.net *.driftt.com *.drift.com *.vidyard.com *.tribl.io *.en25.com *.appspot.com *.facebook.net *.bing.com *.bizographics.com *.doubleclick.net *.linkedin.com *.facebook.com *.google.com *.on24.com *.contentstack.io *.zscalertwo.net ipapi.co *.amazonaws.com *.googleapis.com http://images.engage.elliemae.com/ *.gstatic.com *.myfonts.net *.googleadservices.com *.mapbox.com *.youtube.com *.vimeo.com *.swiftype.com *.jsdelivr.net *.disqus.com *.disquscdn.com disqus.com *.zoominfo.com *.pusher.com *.icemortgagetechnology.com *.pardot.com unpkg.com *.google.co.in www.googleoptimize.com cdn.cookielaw.org privacyportal.onetrust.com *.clickagy.com  *.demandbase.com match.prod.bidr.io id.rlcdn.com *.company-target.com vimeo.com *.licdn.com *.linkedin.oribi.io *.hsforms.com *.hsleadflows.net *.hs-analytics.net *.hs-banner.com *.hubspot.com *.hs-scripts.com *.hsforms.net *.infogram.com 2
upgrade-insecure-requests; frame-ancestors 'self' *.magenta.at *.t-mobile.at *.s-budget-mobile.at *.esp.ownsolutions.net magenta-at.cleverq.de www.youtube.com; 2
frame-ancestors 'self' *.youtube.com *.vimeo.com; 2
default-src 'self' blob: https://*.cnn.com:* http://*.cnn.com:* *.cnn.io:* *.cnn.net:* *.turner.com:* *.turner.io:* *.ugdturner.com:* courageousstudio.com *.vgtf.net:*; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' blob: *; child-src 'self' blob: *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: blob: *; media-src 'self' data: blob: *; font-src 'self' data: *; connect-src 'self' data: *; frame-ancestors 'self' https://*.cnn.com:* http://*.cnn.com https://*.cnn.io:* http://*.cnn.io:* *.turner.com:* courageousstudio.com; 2
default-src 'self'; font-src 'self' data: https://cdn.jdrf.design https://script.hotjar.com https://cdn.acsbapp.com https://maxcdn.bootstrapcdn.com https://secure8.convio.net https://fonts.gstatic.com https://use.typekit.net https://cloud.typography.com matchbox.hepdata.com; frame-src 'self' blob: https://widget.thegivingblock.com/ https://td.doubleclick.net/ https://word.rodeo/ https://prod-useast-b.online.tableau.com/ https://www2.jdrf.org https://crosswordlabs.com https://jdrf.massrel.io https://*.jdrfoverlays.com https://jdrfoverlays.com https://tgbwidget.com https://public.tableau.com/ https://app.hubspot.com https://www.youtube-nocookie.com https://a597080980.cdn.optimizely.com https://wp.freemius.com https://player.vimeo.com https://antidote.me https://www.youtube.com https://public.domo.com https://www.google.com https://my.walls.io https://www.facebook.com https://www.matchinggifts.com https://ww2.matchinggifts.com https://javamatch.matchinggifts.com https://x.adroll.com; img-src 'self' blob: https://s.amazon-adsystem.com/ https://cm.g.doubleclick.net https://public.tableau.com/static/images/Ma/MapsActiveGrants-US/MapsActiveGrants-US/1.png https://public.tableau.com/static/images/7N/7NPFK7P5M/1.png data: https://www.dafdirect.org https://ipv4.d.adroll.com https://x.bidswitch.net https://*.reson8.com https://reson8.com https://idsync.rlcdn.com https://dsum-sec.casalemedia.com https://sync.srv.stackadapt.com https://tags.bluekai.com  https://dpm.demdex.net https://usermatch.krxd.net  https://cms.analytics.yahoo.com https://pixel.rubiconproject.com https://us-u.openx.net https://sync.taboola.com  https://image2.pubmatic.com https://sync.outbrain.com https://ib.adnxs.com  https://ups.analytics.yahoo.com  https://eb2.3lift.com https://d.adroll.com https://script.hotjar.com https://pixel.quantserve.com https://cdn.acsbapp.com https://gravatar.com https://s3-us-west-2.amazonaws.com https://wpstorelocator.co https://khms0.googleapis.com https://khms1.googleapis.com https://maps.google.com https://s38924.pcdn.co https://gravityforms.s3.amazonaws.com https://s3.amazonaws.com https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://marvel-processor.bc0a.com https://updates.bnecreative.com https://s.w.org https://ps.w.org https://a1.b0e8.com https://marvel-b1-cdn.bc0a.com https://www.google.co.in https://www.google.co.in/pagead/1p-user-list/982455586/ https://googleads.g.doubleclick.net https://*.wpengine.com https://bat.bing.com https://nova.collect.igodigital.com https://p.typekit.net https://secure.gravatar.com https://sp.analytics.yahoo.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.jdrf.org  https://dx.mountain.com https://px.mountain.com https://gs.mountain.com/gs https://44.238.122.172/is https://100.20.58.101/is https://35.85.84.151/is https://44.228.85.26/is https://34.215.155.61/is https://35.160.46.251/is https://52.71.121.170/is https://18.210.229.244/is https://44.212.189.233/is https://3.212.39.155/is https://52.22.50.55/is https://54.156.2.105/is matchbox.hepdata.com *.ads.linkedin.com ajax.googleapis.com; manifest-src 'self'; media-src 'self'; object-src 'none'; report-uri https://6467beef974ac544f93aa9e8.endpoint.csper.io https://www2.jdrf.org; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://widget.thegivingblock.com/widget/script.js https://www.harborcompliance.com/js/dynamic-disclosures.js https://online.tableau.com/javascripts/api/tableau.embedding.3.latest.min.js https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js https://platform.massrelevance.com https://www.dafdirect.org https://public.tableau.com/javascripts/api/viz_v1.js https://analytics.tiktok.com https://rules.quantcount.com https://tgbwidget.com/widget/script.js https://d.adroll.com https://cdnjs.cloudflare.com https://secure.quantserve.com https://js.dev.shift4.com/shift4.js https://s.adroll.com https://cdn.segment.com https://js.hs-scripts.com https://maps.google.com https://ajax.aspnetcdn.com https://djtflbt20bdde.cloudfront.net https://player.vimeo.com https://antidote.me https://www.fullstory.com https://fullstory.com https://www.gstatic.com https://www.google.com https://cdn.optimizely.com https://maps.googleapis.com https://cdn.jsdelivr.net https://marvel-b2-cdn.bc0a.com https://cdn.b0e8.com https://cdn.mxpnl.com https://acsbapp.com https://jdrfapistage.wpengine.com https://*.collect.igodigital.com https://bat.bing.com https://connect.facebook.net https://*.doubleclick.net https://jdrfapi.wpengine.com https://s.yimg.com https://s3.amazonaws.com https://*.hotjar.com https://secure.adnxs.com https://unpkg.com https://use.typekit.net https://walls.io https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://www2.jdrf.org https://dx.mountain.com https://px.mountain.com https://gs.mountain.com/gs https://44.238.122.172/is https://100.20.58.101/is https://35.85.84.151/is https://44.228.85.26/is https://34.215.155.61/is https://35.160.46.251/is https://52.71.121.170/is https://18.210.229.244/is https://44.212.189.233/is https://3.212.39.155/is https://52.22.50.55/is https://54.156.2.105/is matchbox.hepdata.com snap.licdn.com https://ams.wpml.org; style-src 'report-sample' 'self' 'unsafe-inline' https://www.dafdirect.org https://www.gstatic.com https://ajax.googleapis.com https://rgsharedweb.s3.amazonaws.com https://use.fontawesome.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://use.typekit.net https://cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://jdrfapi.wpengine.com https://jdrfapistage.wpengine.com  https://cloud.typography.com matchbox.hepdata.com; worker-src 'self' blob: https://www.jdrf.org https://dx.mountain.com https://px.mountain.com https://gs.mountain.com/gs https://44.238.122.172/is https://100.20.58.101/is https://35.85.84.151/is https://44.228.85.26/is https://34.215.155.61/is https://35.160.46.251/is https://52.71.121.170/is https://18.210.229.244/is https://44.212.189.233/is https://3.212.39.155/is https://52.22.50.55/is https://54.156.2.105/is; connect-src 'self' https://www.harborcompliance.com/dynamic-disclosures/public-api/subscriptions/fb24b4c8-2b27-4d65-86d7-e37bff85eb69 https://prod-useast-b.online.tableau.com/vizportal/api/web/v1/auth/embed/signin https://analytics.google.com https://*.optimizely.com https://optimizely.com https://www.facebook.com https://www.facebook.com/tr https://*.hubspot.com https://hubspot.com https://pixel.quantcount.com https://spreadsheets.google.com https://host-v618rd.api.swiftype.com https://metrics.hotjar.io https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://content.hotjar.io wss://ws.hotjar.com https://in.hotjar.com https://www2.jdrf.org https://acsbapp.com https://stagingjdrf.wpengine.com https://errors.client.optimizely.com https://my.yoast.com https://vc.hotjar.io https://my.wpengine.com https://yoast.com https://www.jdrf.org https://www.google-analytics.com https://www.google.co.in https://cdn.acsbapp.com https://logx.optimizely.com https://secure8.convio.net https://maps.googleapis.com https://s.yimg.com https://stats.g.doubleclick.net https://dx.mountain.com https://px.mountain.com https://gs.mountain.com/gs https://44.238.122.172/is https://100.20.58.101/is https://35.85.84.151/is https://44.228.85.26/is https://34.215.155.61/is https://35.160.46.251/is https://52.71.121.170/is https://18.210.229.244/is https://44.212.189.233/is https://3.212.39.155/is https://52.22.50.55/is https://54.156.2.105/is matchbox.hepdata.com *.ads.linkedin.com bat.bing.com https://ams.wpml.org; 2
default-src *; 		child-src 'self' blob:; 		connect-src * blob: ws: wss:; 		frame-src 'self' api.foxentry.cz www.databreakers.com cdn.msgok.net 			www.mall.tv mall.fameplay.tv fameplay.tv www.google.com 			www.youtube.com creativecdn.com sketchfab.com 			socialplugin.facebook.net www.kdukvh.com tcp.googlesyndication.com 			www.zbozi.cz 			cj.dotomi.com 			payu.com secure.payu.com merch-prod.snd.payu.com 			data:; 		script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.mall.cz *.mall.sk *.mall.hr *.mall.hu *.mall.pl *.mimovrste.com 			*.google-analytics.com ajax.googleapis.com mallgroup-api.exponea.com supine.io *.clarity.ms www.googleadservices.com 			download.databreakers.com connect.facebook.net api.mapy.cz *.cdn.nrholding.net 			c.seznam.cz tpc.googlesyndication.com www.zbozi.cz cdn.msgok.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ 			code.jquery.com translate.google.com cdn.jsdelivr.net cloudflare.hcaptcha.com static.cloudflareinsights.com 			www.googletagmanager.com *.foxentry.cz im9.cz/js/ bat.bing.com *.adform.net static.criteo.net sslwidget.criteo.com 			*.doubleclick.net *.mallgroup.com yottlyscript.com login.dognet.sk etargetnet.com secure.smartform.cz 4w.smartform.cz 			ssl.heureka.cz ssl.heureka.sk localhost:* *.cs.mall.local *.cs.mall.test www.arukereso.hu 			tracking.channelsight.com ngastatic.com/s4c/tracker.js sk.search.etargetnet.com/j/ 			*.mczbf.com *.cj.com *.payu.com; 		style-src * 'unsafe-inline'; 		img-src * data:; 		object-src 'none' 2
connect-src 'self' *.googleadservices.com google.com *.google.com *.analytics.google.com *.google-analytics.com *.cookiebot.com *.doubleclick.net *.omappapi.com pagesense-collect.zoho.eu www.google-analytics.com fonts.googleapis.com https://*.googletagmanager.com *.limesurvey.org salesiq.zohopublic.eu wss://vts.zohopublic.eu; default-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.limesurvey.org www.youtube.com frontend.pay1.de www.google.com kiwiirc.com limesurvey.org; font-src 'self' *.zohocdn.com *.typekit.net https://tagmanager.google.com data: fonts.gstatic.com maxcdn.bootstrapcdn.com projectfiles.limesurvey.org github.com; style-src 'unsafe-inline' *.zohocdn.com *.zohopublic.eu heapanalytics.com https://tagmanager.google.com fonts.googleapis.com https://www.googletagmanager.com 'self' maxcdn.bootstrapcdn.com projectfiles.limesurvey.org ajax.googleapis.com www.google.com; form-action 'self' https://authentication.cardinalcommerce.com https://*.six-payment-services.com https://*.securesuite.co.uk https://*.cic.fr https://*.arcot.com www.paypal.com survey.limesurvey.org; frame-ancestors 'self' *.limesurvey.org; img-src 'self' https://*.google-analytics.com www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com data: *; manifest-src 'self'; media-src 'self' *.zohocdn.com; script-src 'self' *.zohopublic.eu https://privacy.cortina-consult.com https://maillist-manage.eu https://*.zoho.eu https://*.zohocdn.com https://*.limesurvey.org googleads.g.doubleclick.net https://googleads.g.doubleclick.net data: https://tagmanager.google.com https://heapanalytics.com https://*.pagesense.io https://*.omappapi.com https://*.hotjar.com https://*.heapanalytics.com https://*.cookiebot.com 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com secure.pay1.de projectfiles.limesurvey.org www.google.com www.google-analytics.com appscdn.joomla.org; frame-src *.zohopublic.eu https://*.hotjar.com https://*.cookiebot.com https://*.visa.com https://authentication.cardinalcommerce.com 3dsecure.icscards.nl https://*.pay1.de docs.google.com https://td.doubleclick.net 'self' download.limesurvey.org kiwiirc.com www.youtube.com limesurvey.org secure.pay1.de; object-src 'self'; report-uri https://www.limesurvey.org/violation.php; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: wss: *.2o7.net *.ac-systems.com *.adobe.com *.adobe.io *.adobedtm.com *.adoberesources.net *.adsymptotic.com *.akamaihd.net *.amazonaws.com *.amelia.com *.arcgis.com *.atdmt.com *.base.be *.bbvms.com *.bluebillywig.com *.bluecoat.com *.clarity.ms *.cloudfront.net *.companymatch.me *.contentsquare.com *.contentsquare.net *.cookielaw.org *.customersaas.com *.day.com *.demdex.net *.doubleclick.net *.driftqa.com *.driftt.com *.everesttech.net *.facebook.com *.facebook.net *.fontawesome.com *.force.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.hotjar.com *.hotjar.io *.licdn.com *.linkedin.com *.litix.io *.loadinggif.com *.luckycycle.com *.marketo.net *.mktoresp.com *.mktoutil.com *.mobistar.be *.nettjar.com *.omtrdc.net *.onetrust.com *.oribi.io *.pegacloud.net *.pingvp.com *.pinimg.com *.pinterest.com *.premiumplus.io *.qelpcare.com *.salesforce.com *.salesforceliveagent.com *.sfdcstatic.com *.snapchat.com *.speedtestcustom.com *.telenet-ops.be *.telenet.be *.telenet.be:* *.telenet.be.seg.js *.telenetcampagnes.be *.typekit.net *.typography.com *.unpkg.com *.upc.ch *.usabilla.com *.vimeo.com *.webgains.com *.webgains.io *.wista.com *.wistia.com *.wistia.net *.youtube.com *.ytimg.com *.zdassets.com *.zendesk.com *.zentr.cc *.zentrick.com *.zopim.com *.zopim.io https://app.insites.com https://app.prospect.silktide.com https://cookies-data.onetrust.io https://eu.cobrowse.pega.com https://euassets.cobrowse.pega.com https://eur01.safelinks.protection.outlook.com https://euuat.cobrowse.pega.com https://euuatassets.cobrowse.pega.com https://html5-player.libsyn.com https://playlist.megaphone.fm https://sandbox-telenet.24sessions.com https://telenet.24sessions.com https://widget.euw1.chat.pega.digital sc-static.net https://embed.binkies3d.com https://binkiesproductionweu.servicebus.windows.net https://binkiescontentnode.blob.core.windows.net https://az589851.vo.msecnd.net https://binkiesteaserstorage.blob.core.windows.net;img-src 'self' blob: data: *.telenet.be *.telenet.be:* https: http://loadinggif.com *.doubleclick.net *.loadinggif.com https://binkiescontentnode.blob.core.windows.net https://az589851.vo.msecnd.net https://binkiesdevnode.blob.core.windows.net;report-uri https://api.prd.telenet.be/csp-violation-report; 2
base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; child-src blob:; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com *.cstmapp.com 212.55.0.184; style-src 'self' https: 'unsafe-inline'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com *.cstmapp.com 212.55.0.184; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com *.cstmapp.com 212.55.0.184; font-src 'self' data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com *.cstmapp.com 212.55.0.184; connect-src 'self'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com *.cstmapp.com 212.55.0.184; frame-src 'self' data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com *.cstmapp.com 212.55.0.184; frame-ancestors 'self'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com *.cstmapp.com 212.55.0.184; object-src data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com *.cstmapp.com 212.55.0.184; media-src 'self' data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com *.cstmapp.com 212.55.0.184; worker-src 'self' data: blob:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com *.cstmapp.com 212.55.0.184 2
default-src 'self'; img-src * data: blob:; media-src * data: blob:; object-src 'none'; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'wasm-unsafe-eval' 'inline-speculation-rules' *.thirdweb.com *.thirdweb-dev.com vercel.live js.stripe.com pg.paper.xyz portal.usecontext.io; connect-src * data: blob:; worker-src 'self' blob:; block-all-mixed-content; 2
data: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors https://*.cleverwebserver.com https://*.clevernt.com; worker-src 'self' blob: 2
default-src 'self' https://play.vidyard.com; connect-src 'self' https://googleads.g.doubleclick.net https://www.google.com https://*.linkedin.com https://*.zi-scripts.com https://*.googlesyndication.com https://*.calibermind.com https://*.visualwebsiteoptimizer.com https://*.clarity.ms https://cdn.linkedin.oribi.io https://*.yoast.com https://*.certinia.com https://*.metarouter.io https://*.6sc.co https://analytics.google.com https://*.6sense.com https://*.mktoutil.com https://*.chilipiper.com https://c.6sc.co https://secure.adnxs.com https://ws.zoominfo.com https://*.pathfactory.com https://bidr.io https://rlcdn.com https://stats.g.doubleclick.net https://*.marketo.com https://munchkin.marketo.net https://*.mktoresp.com https://1x8clt34ex4l3nepm7b15t5f-wpengine.netdna-ssl.com https://bat.bing.com https://cdn.cookielaw.org https://play.vidyard.com https://web-analytics.engagio.com https://www.google-analytics.com https://www.googletagmanager.com https://*.onetrust.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://*.cloudflareinsights.com https://*.zi-scripts.com https://unpkg.com https://yoast.com https://*.yoast.com https://static.srcspot.com https://*.clarity.ms https://*.calibermind.com https://*.metarouter.io https://www.googleoptimize.com https://js.chilipiper.com https://j.6sc.co https://cdn-app.pathfactory.com https://s.adroll.com https://ws-assets.zoominfo.com https://*.certinia.com https://*.google.com https://www.google-analytics.com https://cdn.syndication.twimg.com https://cdn.jsdelivr.net https://app.cdn.lookbookhq.com https://*.marketo.com https://1x8clt34ex4l3nepm7b15t5f-wpengine.netdna-ssl.com https://play.vidyard.com https://*.netdna-ssl.com https://www.googletagmanager.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://*.vidyard.com https://img.en25.com http://ct.capterra.com https://tribl.io https://munchkin.marketo.net https://bat.bing.com https://snap.licdn.com https://a.quora.com https://web-analytics.engagio.com https://googleads.g.doubleclick.net https://dn1f1hmdujj40.cloudfront.net https://platform.twitter.com https://www.gstatic.com https://dev.visualwebsiteoptimizer.com https://ml314.com https://www.googleadservices.com; img-src https: data: https://www.google-analytics.com https://optimize.google.com https://1x8clt34ex4l3nepm7b15t5f-wpengine.netdna-ssl.com; frame-src 'self' mailto: api-cbb17618.duosecurity.com https://*.doubleclick.net https://public-profile.whistic.com https://financialforce.outgrow.us https://financialforce.chilipiper.com https://securityscorecard.com https://player.vimeo.com  https://*.certinia.com https://*.twitter.com https://bid.g.doubleclick.net https://*.vidyard.com https://app-sjg.marketo.com https://tribl.io https://*.google.com; font-src 'self' data: https://*.pathfactory.com https://*.netdna-ssl.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://www.certinia.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://unpkg.com https://js.chilipiper.com https://*.certinia.com https://cdnjs.cloudflare.com https://*.google.com https://fonts.googleapis.com https://platform.twitter.com https://app.cdn.lookbookhq.com https://1x8clt34ex4l3nepm7b15t5f-wpengine.netdna-ssl.com https://tribl.io https://*.netdna-ssl.com https://www.googletagmanager.com https://code.jquery.com https://gmpg.org https://maxcdn.bootstrapcdn.com https://tribl.io https://cdn.cookielaw.org https://app-sjg.marketo.com https://cdn-app.pathfactory.com; frame-ancestors 'self' https://library.certinia.com; object-src 'none'; upgrade-insecure-requests; worker-src 'self' blob:; 2
default-src 'self'; script-src 'self' js.stripe.com static.cloudflareinsights.com www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/releases/; img-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com; form-action 'self'; frame-src js.stripe.com www.google.com; report-uri https://scotthelme.report-uri.com/r/d/csp/enforce; report-to default 2
frame-ancestors https://*.zscalertwo.net *.sick.com *.sickcn.net *.sickcn.com *.crm4.dynamics.com; 2
frame-ancestors bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.virginplus.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.luckymobile.ca; script-src https://*.go-mpulse.net https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.youtube.com https://bat.bing.com https://tr.snapchat.com https://s.ytimg.com https://*.micpn.com https://*.clarity.ms https://*.telebec.com https://*.northerntel.ca https://*.analytics-egain.com https://*.branch.io https://app.link 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob: ; object-src https://refer.bell.ca 2
object-src 'none'; frame-ancestors https://*.powerdms.com; upgrade-insecure-requests 2
default-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; report-uri https://csp.d47wgg8.com 2
base-uri 'self'; child-src * gap:; frame-src * gap:; connect-src *; default-src 'self' 'unsafe-inline' *.google-analytics.com *.hotjar.com *.googletagmanager.com *.dre.pt *.diariodarepublica.pt *.hotjar.io *.doubleclick.net *.knightlab.com *.google.com *.google.pt gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' fonts.gstatic.com themes.googleusercontent.com data:; img-src * data: blob:; script-src 'unsafe-inline' * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors *.incm.pt *.dre.pt *.diariodarepublica.pt 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=rcTvsotZ5X7N1l32FJbggUgEap%2FV5DrHN3UVfIKOwbVybNlE8EkKlTmU%2BRKOXrf41gErjCwACMbYTgLlMSBScA%3D%3D; 2
worker-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googlecommerce.com *.googleadservices.com *.braintreegateway.com *.googleapis.com *.cloudflare.com *.planetart.com *.newrelic.com *.twitter.com *.ads-twitter.com *.facebook.net *.adroll.com *.livechatinc.com cdn.brcdn.com www.paypalobjects.com *.brsrvr.com *.nr-data.net *.pcrl.co *.picreel.com *.bing.com *.extole.com *.yimg.com *.yahoo.com *.sharethis.com *.amazonaws.com *.rubiconproject.com *.doubleclick.net *.ups-mi.net *.pinterest.com *.paypal.com *.tellapal.com *.momsaffiliate.com *.emjcd.com *.shareasale.com t.co *.locker2.com *.adxcel-ec2.com *.gstatic.com *.steelhousemedia.com www.googletagmanager.com pixel.cdnwidget.com snap.licdn.com px.ads.linkedin.com *.tvsquared.com unpkg.com d39517acq78dhc.cloudfront.net js.braintreegateway.com *.cardinalcommerce.com *.dca0.com d.adroll.mgr.consensu.org *.ccdc02.com *.openx.net *.rlcdn.com *.adnxs.com *.bidswitch.net *.3lift.com *.taboola.com *.pubmatic.com *.outbrain.com *.casalemedia.com *.advertising.com www.clickcease.com cdn.levelaccess.net *.mail.simplytoimpress.com *.mail.simplytoimpress.co.uk *.mail.canvasworld.com *.mail.photoaffections.com *.mail.mycustomcase.com *.eml.legacylane.com *.eml.parkerandpip.com *.eml.gifts.com track.cordial.io *.personalcreations.com tags.tiqcdn.com use.typekit.net dpm.demdex.net www.lightboxcdn.com t.channeladvisor.com tag.bounceexchange.com s.pinimg.com assets.bounceexchange.com api.bounceexchange.com *.cj.com a.omappapi.com analytics.tiktok.com lightboxapi.azurewebsites.net cdn.attn.tv *.afterpay.com *.mountain.com *.nextdoor.com utt.impactcdn.com *.sjv.io *.clarity.ms d.impactradius-event.com tags.crwdcntrl.net *.rokt.com cdn.cookielaw.org *.iseeme.com *.bookofus.com *.vimeo.com *.vimeocdn.com https://*.kaptcha.com *.niceincontact.com d2zm0lpns956f8.cloudfront.net websdk.appsflyer.com *.bazaarvoice.com mpsnare.iesnare.com *.appsflyer.com shop.pe mapi.gifts.com metrics.simplytoimpress.com metrics.photoaffections.com metrics.canvasworld.com metrics.mycustomcase.com metrics.simplytoimpress.co.uk metrics.parkerandpip.com metrics.legacylane.com metrics2.gifts.com d32u6scf3pzwp7.cloudfront.net;frame-ancestors 'self' https://www.gifts.com https://*.personalcreations.com;object-src 'self' https://www.gifts.com;upgrade-insecure-requests 2
base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com https://cdn.cookielaw.org https://cdn.mouseflow.com https://www.googletagmanager.com 'sha256-Dx27nJacTJnwhtDLRsHGASB9VX+OjI0kkwC4KqW9uWE=' 'sha256-Uat8f2TlJaGiTp3+3JnDx/qOYFdPOSX6IcGnbcsktag=' https://widget.netigate.se https://widget-api.netigate.se https://widgetapi-stage.netigate.se https://netigate.se https://devwidgetstatic.z6.web.core.windows.net; frame-src 'self' https://cdn.cookielaw.org https://www.google-analytics.com https://www.youtube-nocookie.com/ https://www.youtube.com/ https://s20.video-stream-hosting.de https://start.video-stream-hosting.de; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com https://cdn.cookielaw.org 2
img-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es *.facebook.com *.linkedin.com *.ytimg.com secure.gravatar.com data: https: 'self'; style-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es *.vimeocdn.com *.vimeo.com data: https: 'unsafe-inline' 'self'; object-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es data: https: 'unsafe-inline' 'self'; script-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es data: https: 'unsafe-eval' 'unsafe-inline' 'self'; 2
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; 2
script-src 'self'; 2
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com api.userway.org cdn.userway.org cdn77.api.userway.org telemetry.transcend.io transcend-cdn.com *.sentry.io *.deviceinfresolver.com cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com vgs-collect-keeper.apps.verygood.systems www.air-port-codes.com sdk.iad-05.braze.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com maps.googleapis.com storage.googleapis.com/rent-reporting-oon-lease-upload-bucket-prod/ storage.googleapis.com/rent-reporting-oon-lease-upload-bucket-staging/ cognito-identity.us-west-2.amazonaws.com snippet.meticulous.ai user-events-v3.s3-accelerate.amazonaws.com onlineleasing.related.com openboxsoftware.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com openbox-redirect.wiremockapi.cloud analytics.tiktok.com api.segment.io cdn.segment.com conversions-config.reddit.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai pixel-config.reddit.com rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com tr.snapchat.com tr6.snapchat.com uw.srv.stackadapt.com www.facebook.com www.redditstatic.com *.analytics.google.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com ; default-src 'self' *.biltrewards.com www.google.com www.gstatic.com cdn.plaid.com snippet.meticulous.ai ; font-src 'self' *.biltrewards.com fonts.googleapis.com cdn.userway.org ; frame-ancestors 'self' *.biltrewards.com *.ngrok.io bilt-qa.framer.website cdpn.io codepen.io *.activebuilding.com *.avalonaccess.com *.henrihome.com avalonaccess.com www.hqo.co www.hqo.com www.hqoapp.com *.activebuilding.docker *.henridev.com *.lvh.me:3000 *.securecafe.com rp.ams-dev-avalonbay.com ; frame-src 'self' *.biltrewards.com www.datocms-assets.com cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com decagon.ai cardswitcher.knotapi.com development-knotapi.vercel.app alloysdk.alloy.co cdn.userway.org sync-transcend-cdn.com *.jamsadr.com *.soul-cycle.com mailto: *.soul-cycle.com tr.snapchat.com bid.g.doubleclick.net td.doubleclick.net www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.analytics.google.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com google.com googleads.g.doubleclick.net ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com browser.sentry-cdn.com js.sentry-cdn.com cdn.deviceinf.com www.google.com www.gstatic.com maps.googleapis.com cdn.plaid.com js.verygoodvault.com decagon.ai snippet.meticulous.ai cdn.userway.org static.ada.support transcend-cdn.com analytics.tiktok.com api.smooch.io b-code.liadm.com cdn.mgln.ai cdn.refersion.com cdn.segment.com connect.facebook.net east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com sc-static.net srv.stackadapt.com tags.srv.stackadapt.com tr.snapchat.com uw.srv.stackadapt.com www.redditstatic.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com www.googleadservices.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com east.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com ; 2
default-src 'self' * data: https: blob:; object-src 'self'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; worker-src * 'self' blob:; img-src * 'self' data: https: blob:; style-src * 'self' 'unsafe-inline'; font-src * data:; frame-src * 'self' 2
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.roh.org.uk roh.global.ssl.fastly.net bam.nr-data.net bat.bing.com bs.serving-sys.com canopylabstracking.s3.amazonaws.com connect.facebook.net *.cloudfront.net intljs.rmtag.com js-agent.newrelic.com nxtck.com rules.quantcount.com secure-ds.serving-sys.com secure.quantserve.com tags.rd.linksynergy.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com https://tagmanager.google.com http://*.hotjar.com https://*.hotjar.com https://optimize.google.com https://*.bookatable.com https://youtube.com https://*.youtube.com https://static.ads-twitter.com https://analytics.twitter.com https://app.charitycheckout.co.uk https://media.imi.chat/ https://analytics.tiktok.com/ https://*.ctnsnet.com consentag.eu collector-11526.tvsquared.com https://cdn-ukwest.onetrust.com/ https://geolocation.onetrust.com/ https://cdn.bitmovin.com/ https://cdn.cookielaw.org/ https://www.gstatic.com/ https://talkdeskchatsdk.talkdeskapp.com/ https://*.prospect2.com/ https://prism.app-us1.com/ https://diffuser-cdn.app-us1.com/ https://trackcmp.net/; style-src 'self' blob: 'unsafe-inline' https://cloud.typography.com https://*.googleapis.com https://static.roh.org.uk https://static.rolex.com https://optimize.google.com https://*.googleapis.com https://*.bookatable.com https://tagmanager.google.com https://youtube.com https://*.youtube.com https://media.imi.chat/ https://*.typekit.net/; object-src 'none'; worker-src blob:; 2
frame-ancestors 'self'; frame-src  *.facebook.com *.google.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.fontawesome.com *.yourhosting.nl *.freshdesk.com *.freshchat.com demo.arcade.software *.typeform.com *.hsforms.com *.doubleclick.net yoursitehulp.nl app.vwo.com *.versio.nl *.hubspot.com yourhosting-25507368.hs-sites-eu1.com 2
frame-ancestors 'self' https://*.qtx.dev https://*.dev.qtxquartz.com https://*.stage.qtxquartz.com https://www.fiercewireless.com https://www.fiercetelecom.com https://sample.dragonforms.com https://*.questexinfo.com http://resources.questex.com https://resources.questex.com 2
frame-ancestors 'self' https://nurture.solarwinds.com/ 2
img-src data: https: 2
frame-ancestors 'self' https://microapps.google.com/ 2
base-uri 'none'; connect-src 'self' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.24plus.be https://*.omtrdc.net https://dpm.demdex.net https://kbc.symex.be https://uat.serversidegraphics.com https://uk.personalcard.net https://www.facebook.com https://*.contentsquare.net https://admp-tc-mediahuis.adtlgc.com https://es6-elasticapm.kbc.be https://es6-elasticapm-a.kbc.be https://*.contentsquare.net https://onesignal.com https://*.googleapis.com https://*.adobe.com https://viewlicense.adobe.io https://*.adobedc.net https://adobedc.demdex.net; child-src 'self' blob: https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc-group.com https://*.omniture.com https://assets.adobedtm.com https://kbcgroup.demdex.net https://uat.serversidegraphics.com https://uk.personalcard.net https://www.google.com/recaptcha/ https://www.youtube-nocookie.com https://*.instagram.com https://kbc.symex.be https://*.trustarc.com https://code3.adtlgc.com/ https://scdn.cxense.com/ https://player.hihaho.com/ https://*.adobedc.net; default-src 'self'; font-src 'self' data: https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.googleapis.com https://fonts.gstatic.com; frame-ancestors 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbcgroup.com https://*.kbc-group.com https://*.kbcgroup.eu https://*.adobe.com; frame-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc-group.com https://*.omniture.com https://assets.adobedtm.com https://kbcgroup.demdex.net https://uat.serversidegraphics.com https://uk.personalcard.net https://www.google.com/recaptcha/ https://www.youtube-nocookie.com https://*.instagram.com https://kbc.symex.be https://*.trustarc.com https://code3.adtlgc.com/ https://scdn.cxense.com/ https://player.hihaho.com/ https://documentservices.adobe.com/; img-src 'self' data: https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.contentsquare.net https://*.doubleclick.net https://*.facebook.com https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.24plus.be https://*.omtrdc.net https://*.adobemc.com https://action.metaffiliation.com https://*.instagram.com https://scontent.cdninstagram.com https://cbc.azureedge.net https://cm.everesttech.net https://csi.gstatic.com https://*.linkedin.com https://dpm.demdex.net https://edash.azureedge.net https://invest.azureedge.net https://kbc.azureedge.net https://*.googleapis.com https://maps.gstatic.com https://mba.azureedge.net https://mbj.azureedge.net https://pixel.everesttech.net https://scomcluster.cxense.com https://secure.adnxs.com https://t.co https://touch.azureedge.net https://uat.serversidegraphics.com https://uk.personalcard.net https://www.google.be https://www.google.com https://www.googleadservices.com https://img.youtube.com https://*.truste.com https://*.trustarc.com https://cdn.publish.macrobond.net https://*.cxense.com https://*.contentsquare.net https://refini.tv https://product.datastream.com; media-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.24plus.be https://cbc.azureedge.net https://edash.azureedge.net https://invest.azureedge.net https://kbc.azureedge.net https://mba.azureedge.net https://mbj.azureedge.net https://touch.azureedge.net; object-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be; script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kbc-group.com https://*.24plus.be https://*.omtrdc.net https://adhese.mediahuis.be https://analytics.twitter.com https://*.instagram.com https://scontent.cdninstagram.com https://assets.adobedtm.com https://connect.facebook.net https://dpm.demdex.net https://googleads.g.doubleclick.net https://*.googleapis.com https://pixel.everesttech.net https://platform.twitter.com https://s.ytimg.com https://secure.adnxs.com https://snap.licdn.com https://static.ads-twitter.com https://www.everestjs.net https://www.google.com/recaptcha/ https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.youtube-nocookie.com https://www.youtube.com https://t.contentsquare.net https://contentsquare.com https://code3.adtlgc.com https://*.trustarc.com https://*.truste.com https://*.cxense.com https://shared.mediahuis.be https://t.contentsquare.net https://contentsquare.com https://*.contentsquare.com https://player.hihaho.com/ https://documentservices.adobe.com/ https://uk.personalcard.net; style-src 'self' 'unsafe-inline' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://cdn.tt.omtrdc.net https://*.googleapis.com https://uk.personalcard.net; manifest-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.24plus.be https://cdn.tt.omtrdc.net https://*.googleapis.com; worker-src 'self' blob:;  2
frame-ancestors 'self' https://uad.sonera.fi/ https://*.f-secure.com; 2
frame-ancestors nuinvest.com.br *.nuinvest.com.br nubank.com.br *.nubank.com.br 2
default-src 'self' cdn.vidyard.com play.vidyard.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.clarity.ms *.clickagy.com *.datasite.com *.dca0.com *.g2.com *.googleapis.com *.gstatic.com *.hotjar.com *.pendo.io *.osano.com *.salesforceliveagent.com *.storage.googleapis.com *.twimg.com *.zoominfo.com ajax.aspnetcdn.com analytics.twitter.com apis.google.com assets.adobedtm.com b.sf-syn.com bat.bing.com cdn.jsdelivr.net cdn.vidyard.com cdnjs.cloudflare.com code.createjs.com connect.facebook.net contact-datasite.secure.force.com cookie-cdn.cookiepro.com ct.capterra.com d.adroll.com d.adroll.mgr.consensu.org datasite.my.salesforce.com datasite--staging.lightning.force.com dc.services.visualstudio.com geolocation.onetrust.com go.datasite.com googleads.g.doubleclick.net http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://publish.twitter.com https://s.ytimg.com https://syndication.twitter.com/ https://www.youtube.com js.monitor.azure.com js.zi-scripts.com lltrck.com pi.pardot.com platform.linkedin.com platform.twitter.com play.vidyard.com s.adroll.com s.yimg.com scout-cdn.salesloft.com secure.golp4elik.com service.force.com snap.licdn.com sp.analytics.yahoo.com ssl.pstatic.net stackpath.bootstrapcdn.com staging-contact-datasite.cs191.force.com static.ads-twitter.com static.lightning.force.com tracking.g2crowd.com use.fontawesome.com wcs.naver.net www.google.co.uk www.google.com www.googleadservices.com www.google-analytics.com zi-tag.js https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api; style-src 'self' 'unsafe-inline' *.datasite.com *.googleapis.com *.gstatic.com *.osano.com *.pendo.io *.storage.googleapis.com *.twimg.com *.typekit.net cdnjs.cloudflare.com contact-datasite.secure.force.com cookie-cdn.cookiepro.com https://*.googletagmanager.com kendo.cdn.telerik.com netdna.bootstrapcdn.com platform.twitter.com platform.twitter.com/css/ service.force.com stackpath.bootstrapcdn.com staging-contact-datasite.cs191.force.com tagmanager.google.com ton.twimg.com use.fontawesome.com www.google.co.uk www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' data: *.typekit.net cdnjs.cloudflare.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com tagmanager.google.com; img-src 'self' blob: data: *.capterra.com *.googleapis.com *.gstatic.com *.osano.com *.pendo.io *.storage.googleapis.com *.twimg.com analytics.google.com analytics.twitter.com b.sf-syn.com bat.bing.com capterra.s3.amazonaws.com cdn.vidyard.com cookie-cdn.cookiepro.com ct.capterra.com data.useranalytics.global.datasite.com googleads.g.doubleclick.net https://*.googletagmanager.com https://static.licdn.com https://syndication.twitter.com i.ytimg.com images.g2crowd.com lltrck.com pbs.twimg.com platform.tumblr.com platform.twitter.com/css/ play.vidyard.com px.ads.linkedin.com px4.ads.linkedin.com sp.analytics.yahoo.com t.co web.facebook.com www.facebook.com www.google.co.uk www.google.com www.google-analytics.com www.linkedin.com www.redditstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://cdn.insight.sitefinity.com https://dec.azureedge.net; media-src 'self' blob: data: cdn.vidyard.com; form-action 'self' datasite.sitefinity.cloud datasite-stg.sitefinity.cloud event.on24.com gateway.on24.com go.datasite.com localhost:18080 localhost:5001 login.microsoftonline.com platform.twitter.com syndication.twitter.com webto.salesforce.com; frame-src 'self' *.g2.com *.osano.com *.pendo.io *.vidyard.com b.sf-syn.com bid.g.doubleclick.net datainsights-cdn.dm.aws.gartner.com merrillcorp.demdex.net platform.twitter.com service.force.com syndication.twitter.com td.doubleclick.net twitter.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com; frame-ancestors 'self' https://*.datasite.com; child-src 'self' blob: accounts.google.com apis.google.com badge.stumbleupon.com https://platform.twitter.com/ https://player.vimeo.com/ https://syndication.twitter.com/ https://w.soundcloud.com/ https://www.youtube.com/ https://www.youtube-nocookie.com staticxx.facebook.com web.facebook.com www.facebook.com; connect-src 'self' 'unsafe-inline' data: wss: *.adroll.com *.analytics.google.com *.clarity.ms *.clickagy.com *.datasite.com *.dca0.com *.google.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.hotjar.com *.hotjar.io *.osano.com *.pendo.io *.storage.googleapis.com *.salesforce-communities.com *.tt.omtrdc.net *.zoominfo.com accounts.google.com analytics.google.com bat.bing.com cdn.linkedin.oribi.io contact-datasite.secure.force.com cookie-cdn.cookiepro.com dc.services.visualstudio.com dpm.demdex.net geolocation.onetrust.com googleads.g.doubleclick.net https://*.googletagmanager.com js.zi-scripts.com nam.veta.naver.com play.vidyard.com privacyportal.cookiepro.com px.ads.linkedin.com s.yimg.com scout.salesloft.com secure.adnxs.com staging-contact-datasite.cs191.force.com stats.g.doubleclick.net tagmanager.google.com tracking.g2crowd.com wcs.naver.com www.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; object-src 'self' cdn.vidyard.com; worker-src 'self' blob: *.osano.com 2
default-src 'none'; connect-src *; font-src * data: about:; frame-src *; img-src * data: about:; media-src 'self' www.l3harris.com; script-src 'self' 'strict-dynamic' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com 'nonce-GbAhlJ6kQUj6OGn-mTP2Zw'; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.wescam.info www.googletagmanager.com cdn.userway.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; form-action 'self' www.facebook.com; frame-ancestors 'self'; report-uri https://www.l3harris.com/report-uri/enforce 2
default-src 'self' https://www.figma.com/ https://cdnjs.cloudflare.com/ https://plugin.handtalk.me https://stats.g.doubleclick.net; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js cdnjs.cloudflare.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net http://maps.google.com https://unpkg.com www.googletagmanager.com https://*.cookiebot.com *.ads-twitter.com *.doubleclick.net *.teads.tv *.cdnjs.cloudflare.com plugin.handtalk.me https://d335luupugsy2.cloudfront.net https://cdn.jsdelivr.net *.plugin.handtalk.me https://www.gstatic.com/ https://static.elfsight.com/ 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src data: blob: * 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.google.com https://consentcdn.cookiebot.com https://td.doubleclick.net https://fledge.teads.tv https://cloud.news.borgwarner.com https://open.spotify.com; connect-src accounts.google.com *.mktoresp.com *.visualstudio.com http://maps.googleapis.com https://*.cookiebot.com https://*.google-analytics.com https://*.teads.tv https://api.mypartfinder.com https://webservice.tecalliance.services https://stats.g.doubleclick.net https://pageview-notify.rdstation.com.br https://popups.rdstation.com.br https://*.handtalk.me https://core.service.elfsight.com https://storage.elfsight.com https://www.google.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.azureedge.net; child-src 'self' https://www.figma.com/ https://www.google.com/ *.borgwarner.com borgwarner.com https://*.cookiebot.com https://plugin.handtalk.me phinia.wd5.myworkdayjobs.com configurator.delphiautoparts.com 2
frame-ancestors 'none'; report-uri https://prod-th-csp-service.rbictg.com/csp; report-to csp-endpoint 2
frame-ancestors 'self' https://www.spikenow.com/ https://spikenow.com/ https://lp.spikenow.com/ 2
frame-ancestors 'self' https://virtual-tours.msccruises.com; 2
default-src 'self'; media-src 'self' *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com; form-action 'self' *.cision.com; base-uri 'self'; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: google-analytics.com 2.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; font-src 'self' data: https://use.typekit.net fonts.googleapis.com fonts.gstatic.com; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com 'unsafe-inline' https: s7.addthis.com; connect-src 'self' 'unsafe-inline' https: http: s7.addthis.com; frame-ancestors 'self'; manifest-src 'self'; 2
frame-ancestors 'self' https://*.zaxy.com.br https://*.sandaliasipanema.com.br https://*.lojacartago.com.br https://*.grendenekids.com.br https://*.grendha.com.br https://*.shopmelissaeu.com https://*.shopmelissa.com https://*.grendene.com.br 2
default-src 'self';base-uri 'self';script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' cdn.appdyanamics.com;script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.cookielaw.org fast.wistia.net api.ipify.org snap.licdn.com connect.facebook.net s.dpmsrv.com tag.demandbase.com googleads.g.doubleclick.net ib.adnxs.com a.dpmsrv.com cdn.appdynamics.com cdn.mouseflow.com fast.wistia.com c.amazon-adsystem.com s2.adform.net a2.adform.net cdn.evgnet.com unpkg.com cdn.getsmartcontent.com www.youtube.com pixel.mathtag.com analytics.tiktok.com cdnjs.cloudflare.com pi.pardot.com connect.guardiangroupbenefits.com flex.cybersource.com testflex.cybersource.com *.fls.doubleclick.net *.guardianlife.com guardianlife.us-1.evergage.com cm.g.doubleclick.net maps.googleapis.com www.googleadservices.com *.onelink-edge.com;frame-src 'self' *.youtube.com script.hotjar.com vars.hotjar.com *.guardiananytime.com *.adsrvr.org my.visme.co *.ipipeline.com guardianlife.com *.guardianlife.com guardianlife.uat.aws.glic.com *.bound360.com tagmanager.google.com www.podbean.com cloud.alert.guardiandirect.com cloud.connect.guardian pixel.mathtag.com/ pi.pardot.com go.pardot.com connect.guardiangroupbenefits.com guardianabsence.webflow.io *.ebix.com d.agkn.com s.company-target.com cdn.appdynamics.com *.fls.doubleclick.net www.guardianlife.com a2.adform.net c1.adform.net fast.wistia.net td.doubleclick.net block.opendns.com cloud.guardianlife.com flex.cybersource.com testflex.cybersource.com guardianlife.us-1.evergage.com cdn.evgnet.com;font-src 'self' data: fast.wistia.net fonts.gstatic.com fast.wistia.com guardianlife.us-1.evergage.com;media-src 'self' data: blob:;connect-src 'self' www.google-analytics.com *.cookielaw.org collectorprod.glic.com cdn.segment.com api.segment.io graphql.contentful.com www.google.com app.launchdarkly.com api.company-target.com stats.g.doubleclick.net clientstream.launchdarkly.com tag-logger.demandbase.com px.ads.linkedin.com events.launchdarkly.com pdx-col.eum-appdynamics.com fast.wistia.net distillery.wistia.com fast.wistia.com embed-cloudfront.wistia.com fg8vvsvnieiv3ej16jby.litix.io cdn.contentful.com preview.contentful.com pipedream.wistia.com s.amazon-adsystem.com guardianlife.us-1.evergage.com privacyportal-na01.onetrust.com geolocation.onetrust.com guardianlife-privacy.my.onetrust.com googleads.g.doubleclick.net block.opendns.com adservice.google.com maps.googleapis.com www.googletagmanager.com segments.company-target.com embed-ssl.wistia.com cdn.evgnet.com *.onelink-edge.com;style-src 'self' 'unsafe-inline' https:;object-src 'none';img-src 'self' data: fast.wistia.net images.ctfassets.net www.google-analytics.com px.ads.linkedin.com id.rlcdn.com www.facebook.com ib.adnxs.com secure.adnxs.com embed-ssl.wistia.com downloads.ctfassets.net www.googletagmanager.com a1.seadform.net www.google.com fast.wistia.com ad.doubleclick.net block.opendns.com maps.gstatic.com maps.googleapis.com googleads.g.doubleclick.net segments.company-target.com www.linkedin.com pippio.com embed-ssl.wistia.com pdx-col.eum-appdynamics.com guardianlife.us-1.evergage.com cdn.evgnet.com cdn.cookielaw.org idsync.rlcdn.com 2
frame-ancestors 'self';default-src https: data: 'unsafe-eval' 'unsafe-inline'; img-src * data:; 2
default-src https: *.willistowerswatson *.wtwco data: blob: 'unsafe-eval' 'unsafe-inline' 2
frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 2
frame-ancestors 'self' https://flex.twilio.com 2
default-src data: blob: 'self' https://*.ugc.gov.in 'unsafe-inline' *.ugc.gov.in 'unsafe-eval' https://fonts.googleapis.com/ https://fonts.gstatic.com/; script-src *.ugc.gov.in 'unsafe-eval' blob: 'self'  https://www.google.com/recaptcha/api.js ugc.gov.in ugc.gov.in/bundles/* ugc.gov.in/js/owl.carousel.min.js https://platform.twitter.com/widgets.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtag/js; img-src * data: blob: 'unsafe-inline'; frame-src *; manifest-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.ugc.gov.in/ *.node.js *.page-style.js https://fonts.googleapis.com/; object-src 'none'; base-uri 'none'; 2
default-src 'self' blob: data: gap: ; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' *.entel.cl *.ampproject.org *.cliengo.com *.onesignal.com *.entelcc.cl:9001 *.entelcc.cl *.en.tel *.adnxs.com *.doubleclick.net *.rfihub.com *.digitalbeat.cl *.vimeo.com *.facebook.net *.google.com *.googleapis.com *.googletagmanager.com *.googleoptimize.com *.qualtrics.com *.cloudfront.net *.google-analytics.com *.youtube.com https://tagmanager.google.com https://googleads.g.doubleclick.net https://cdn.cookielaw.org/ https://api.onesignal.com https://ws01.a365.com.pe:5443 https://ad.soicos.com https://api.instanda.us https://widget.ocularsolution.com https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js https://entel.sistemaimpulsa.com https://cdn.mouseflow.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com/cdn-cgi/scripts/04b3eb47/cloudflare-static/mirage2.min.js https://ds-aksb-a.akamaihd.net/aksb.min.js https://front.optimonk.com/public/122144/js/preload.js https://gs-cdn.optimonk.com/jfclientsdk/latest/jfclientsdk.min.js https://hit.uptrendsdata.com/rum.min.js https://sslwidget.criteo.com/event https://static.criteo.net/js/ld/ld.js https://unpkg.com https://diffuser-cdn.app-us1.com/diffuser/diffuser.js https://entel.sistemaimpulsa.com/catchform-oportunidades.js https://js.hs-analytics.net/ https://js.hs-banner.com/6758175.js https://js.hs-scripts.com/6758175.js https://js.hsadspixel.net/fb.js https://js.hsleadflows.net/leadflows.js https://prism.app-us1.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://tpc.googlesyndication.com/sodar/1s9mPOHO.js https://track.neianalytics.com/piwik.js https://trackcmp.net/t_prism_sitemessages.php https://www.googleadservices.com https://apiexternaluat.entel.cl/auth/oauth/v2/token https://apiexternaluat.entel.cl/common/event/v2/clicktoCall/publish https://personalizacion-apis-dot-api-project-307770427626.uc.r.appspot.com wss://claudia-bff-web-production.lisstaylor.net/ https://snap.licdn.com/ https://www.gstatic.com https://smtpjs.com/v3/smtp.js https://code.jquery.com/jquery-3.5.1.min.js https://use.fontawesome.com/releases/v5.0.6/js/all.js https://www.google-analytics.com/analytics.js https://embedded-files.tryadviser.com https://cloudfront.barilliance.com/entel.cl https://cloudfront.barilliance.com/entel.cl/cbar.js.php https://www.barilliance.net https://static.barilliance.com/web-push/service-worker.js https://assets.videsk.io https://api.telegram.org https://www.google.cl http://js.hsforms.net/forms/v2.js https://js.hsadspixel.net/fb.js https://js.hsleadflows.net/leadflows.js https://hcaptcha.com *.ocularsolution.com *.run.app https://header-menu-widget-bundle-zz66vo2nua-tl.a.run.app/bundle.js https://www.googleoptimize.com/optimize.js https://cdn.alive.haus/ https://api-events.alive.haus/ https://www.liveentel.cl/ https://site.golive.haus/ https://*.maze.co/ https://tags.tiqcdn.com/libs/tealiumjs/latest/tealium_collect.min.js https://tags.tiqcdn.com/shared/tms/ *.bing.com https://analytics.tiktok.com/ https://*.digitalretail.vodafone.com https://entel.cdn.modyo.com *.visualwebsiteoptimizer.com https://app.vwo.com https://*.clarity.ms https://api-encrypt-dot-entel-vm-md-ct.rj.r.appspot.com/encrypt-node-crypto-js visitor-service-us-east-1.tealiumiq.com visitor-service.tealiumiq.com ; style-src 'unsafe-inline' 'report-sample' 'self' *.digitalbeat.cl *.google.com *.googletagmanager.com *.entel.cl *.en.tel *.entelcc.cl:9001 *.entelcc.cl *.onesignal.com *.doubleclick.net https://tagmanager.google.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css https://embedded-files.tryadviser.com https://assets.videsk.io *.ocularsolution.com https://www.barilliance.net https://*.maze.co/ *.bing.com https://*.digitalretail.vodafone.com https://entel.cdn.modyo.com *.visualwebsiteoptimizer.com https://app.vwo.com ; font-src 'self' 'unsafe-inline' data: *.entel.cl *.onesignal.com *.entelcc.cl:9001 *.entelcc.cl *.doubleclick.net *.en.tel https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css https://*.maze.co/ https://*.digitalretail.vodafone.com https://db.onlinewebfonts.com/t/ https://entel.cdn.modyo.com ; object-src 'self' ; base-uri 'self' ; connect-src 'self' *.entel.cl *.digitalbeat.cl *.entelcc.cl:9001 *.entelcc.cl *.onesignal.com *.doubleclick.net *.rfihub.com *.zendesk.com *.en.tel *.onetrust.com https://notifications-icommkt.com https://track-icommkt.com https://connect.facebook.net https://graph.instagram.com/ wss://olivia-bff-web-production.coffeew.net https://entel.sistemaimpulsa.com https://api.hsforms.com https://ws01.a365.com.pe:5443 *.google.com *.google.cl *.googleapis.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net https://api.instanda.us https://content-sheets.googleapis.com https://corsanywhereentel.herokuapp.com https://corsanywhereentel-dot-entel-vm-md-run.rj.r.appspot.com https://api-encrypt-dot-entel-vm-md-ct.rj.r.appspot.com/encrypt-node-crypto-js https://entel-vm-md-ct.rj.r.appspot.com https://front.optimonk.com https://hit.uptrendsdata.com https://jfapiprod.optimonk.com https://n2.mouseflow.com https://54.94.191.152 *.qualtrics.com https://api.hubapi.com https://entel-flujo-unificado-logs-prd.herokuapp.com https://entel-texting2.herokuapp.com https://forms.hubspot.com https://hooks.zapier.com http://200.27.23.102/Test_WF_ENTEL6/WebServices/WorkflowEngineSOA.asmx https://apiexternaluat.entel.cl/auth/oauth/v2/token https://apiexternaluat.entel.cl/common/event/v2/clicktoCall/publish https://personalizacion-apis-dot-api-project-307770427626.uc.r.appspot.com wss://claudia-bff-web-production.lisstaylor.net https://cdn.ampproject.org https://gcs-storage.airavirtual.com https://track-icommkt.com https://portal.cci-entel.cl https://eccnetserver.entelcallcenter.cl https://vssnippets-deployer-dot-entel-vm-md.uc.r.appspot.com/ https://vssnippets-deployer-dot-entel-vm-md-run.uc.r.appspot.com/ https://cdn.cookielaw.org/ https://api.videsk.io wss://api.videsk.io https://api.telegram.org https://www.google.cl https://api.hubapi.com https://forms.hsforms.com https://us-central1-entel-vm-md-run.cloudfunctions.net/ *.ocularsolution.com https://js.hs-banner.com https://cdn.alive.haus/ https://api-events.alive.haus https://www.liveentel.cl/ https://site.golive.haus/ https://api.ipify.org https://api-ip-entel.herokuapp.com https://www.barilliance.net https://*.maze.co/ https://prompts.maze.co/ https://graph.microsoft.com/ https://mindicador.cl/api/uf https://fonts.gstatic.com/ https://www.gstatic.com/ https://www.googleoptimize.com https://cdn.mouseflow.com/ https://www.youtube.com/iframe_api https://collect.tealiumiq.com/entel/ https://lh3.googleusercontent.com/ https://analytics.tiktok.com/ https://*.digitalretail.vodafone.com https://entel.cdn.modyo.com https://gateway.zscalertwo.net *.visualwebsiteoptimizer.com https://app.vwo.com https://api-lanus-uat.web.app https://*.clarity.ms *.bing.com visitor-service-us-east-1.tealiumiq.com visitor-service.tealiumiq.com ; frame-src 'self' *.entel.cl *.ocularsolution.com *.doubleclick.net *.onesignal.com *.entelcc.cl:9001 *.entelcc.cl *.rfihub.com *.vimeo.com https://entel-vm-md.firebaseapp.com https://entel-vm-md-run.firebaseapp.com/ https://individeo.com/ *.google.com *.digitalbeat.cl *.en.tel *.ventastecnicas.cl *.qualtrics.com https://bid.g.doubleclick.net https://gum.criteo.com https://www.youtube.com https://digitalcorp.cl/ https://eccnetserver.entelcallcenter.cl https://entelfidelizacion.cl https://lw.cliengo.com https://www.youtube-nocookie.com https://www.facebook.com https://entelchile.speedtestcustom.com https://qaentel.autoasegurado.cl https://amp-publisher-samples-staging.herokuapp.com https://www.entel.cl/tiendas/totalpack https://entelagenda.totalpack.cl https://entelecommerce.speedtestcustom.com https://entel.tryadviser.com https://forms.hsforms.com https://bop-tde.brightstar.com/ https://alb-alive-1021733634.us-west-2.elb.amazonaws.com/ https://cdn.alive.haus/ https://api-events.alive.haus https://www.liveentel.cl/ https://site.golive.haus/ https://www.barilliance.net https://bop-tde.brightcell-logistics.com https://gateway.zscalertwo.net *.visualwebsiteoptimizer.com https://app.vwo.com bytedance: sslocal: ; frame-ancestors 'self' https://www.entel.cl https://altiplano.entel.cl https://miperfil.entel.cl https://miportal.entel.cl https://bop-tde.brightcell-logistics.com/ ; img-src 'self' data: *.entel.cl *.digitalbeat.cl *.rfihub.com *.doubleclick.net *.onesignal.com *.cliengo.com *.adnxs.com *.entelcc.cl:9001 *.entelcc.cl *.en.tel *.googleusercontent.com *.ocularsolution.com *.qualtrics.com https://clients1.google.com https://ds-aksb-a.akamaihd.net https://maps.googleapis.com *.google-analytics.com *.google.cl *.google.com *.google.com.br *.google.co.in *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ade.googlesyndication.com https://ssl.gstatic.com https://www.gstatic.com https://maps.gstatic.com https://www.facebook.com https://connect.facebook.net https://scontent.cdninstagram.com https://graph.instagram.com https://pixel-rmk.blueknow.com http://testentel.i2b.cl https://f.hubspotusercontent20.net https://i.ytimg.com https://px.ads.linkedin.com https://track.hubspot.com https://track.neianalytics.com https://p.adsymptotic.com https://pixel.rubiconproject.com https://ad.soicos.com/conv.php https://www.linkedin.com/px/li_sync https://maps.google.com https://embedded-files.tryadviser.com https://cdn.cookielaw.org https://assets.videsk.io https://videsk.io *.barilliance.com https://bimgs.s3.amazonaws.com *.hubspotusercontent-na1.net https://firebasestorage.googleapis.com *.googleapis.com https://www.barilliance.net https://*.maze.co/ https://storage.cloud.google.com *.bing.com https://analytics.tiktok.com/ https://*.digitalretail.vodafone.com https://admin-portal-media-bucket-prod.s3.eu-central-1.amazonaws.com https://entel.cdn.modyo.com *.visualwebsiteoptimizer.com https://app.vwo.com ; manifest-src 'self' ; media-src 'self' *.entel.cl *.vimeo.com *.onesignal.com *.entelcc.cl:9001 *.entelcc.cl *.doubleclick.net *.en.tel https://www.entel.cl https://entel.cl https://vod-progressive.akamaized.net *.ocularsolution.com https://www.barilliance.net https://entel.cdn.modyo.com ; worker-src 'self' https://www.entel.cl/public/js/importer.js https://d196nughcth94f.cloudfront.net/service-worker_icomm.js https://notifications-icommkt.com https://track-icommkt.com https://www.barilliance.net https://www.entel.cl/* blob: ; upgrade-insecure-requests; 2
frame-ancestors 'self' mijn.hosting.nl 2
default-src https: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'self' blob:; img-src 'self' data: https:; font-src 'self' data: https:; frame-ancestors 'self' https://*.adobe.com https://*.adobe.io https://*.adobe.net https://*.omniture.com; connect-src 'self' https: wss://*.hotjar.com; worker-src blob:; 2
default-src https: unsafe-inline https://sdn.sitecore.net; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: http: 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https://chat.adecco.com wss://directline.botframework.com https://directline.botframework.com https://www.google.com/pagead/landing https://cdn.vev.design https://www.google.com/pagead/landing https://snap.licdn.com/ https://px.ads.linkedin.com https://px.ads.linkedin.com/wa https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://t.indeed.com https://apply.indeed.com/ https://maps.googleapis.com https://api-us2.herefish.com https://cdn.equalweb.com https://access.equalweb.com wss://chatbot-api.jobijoba.io https://*.herefish.com https://cdn.cookielaw.org https://chatbot-widget.jobijoba.io https://api.omappapi.com https://api.herefish.com https://dc.services.visualstudio.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com  https://cdn.linkedin.oribi.io https://*.qualified.com wss://*.qualified.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://was-nam-us-qa-calculation.azurewebsites.net  https://was-nam-us-prd-calculation.azurewebsites.net https://stats.g.doubleclick.net https://help.hotjar.com https://support.google.com https://*.omappapi.com https://bhgateway.azurewebsites.net https://was-nam-us-dev-bhapi.azurewebsites.net https://bhgatewayqa.azurewebsites.net/tk/fol/d00d7224567448908769a002fb2c7a55/cs https://bhgateway.azurewebsites.net/tk/fol/be667283af7c4d799c7adc7d062166c0/cs; font-src 'self' https:;frame-ancestors 'self' https://mycrc.lhh.com https://cdn.linkedin.oribi.io https://www.jobup.ch https://www.jobs.ch https://www.experteer.ch https://pro.komin.io/; 2
script-src 'self' https://*.googletagmanager.com https://*.gstatic.com https://*.google.com https://*.google.pl https://*.google-analytics.com https://*.googleapis.com https://*.googleadservices.com https://*.ggpht.com https://*.googleusercontent.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.snrcdn.net https://chat.pekao.com.pl https://public.tableau.com https://bat.bing.com https://platform.twitter.com 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors 'self'; object-src 'none'; 2
frame-ancestors https://blog.sherwin-williams.com https://www.sherwin-williams.com https://*.sherwin-williams.com 2
base-uri https://www.lumni.fr; frame-ancestors https://www.lumni.fr 2
frame-ancestors 'self' https://www.leboncoin.fr https://*.leboncoin.fr 2
default-src 'self' 'unsafe-inline' *.googleusercontent.com https://unpkg.com https://www.firstbus.co.uk *.gstatic.com *.google.co.uk *.facebook.com *.googleapis.com *.hotjar.com *.unpkg.com *.tiktok.com *.googleadservices.com *.twitter.com *.youtube.com *.google-analytics.com *.google.com *.googletagmanager.com *.cookiepro.com *.doubleclick.net *.cloudflare.com *.t.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cardinalcommerce.com *.paypalobjects.com *.paypal.com *.comcarde.com *.vimeo.com https://unpkg.com/@googlemaps/markerclustererplus/dist/index.min.js https://unpkg.com/@googlemaps/markerclustererplus@1.2.10/dist/index.min.js *.unpkg.com https://unkpkg.com https://www.google.co.uk *.gstatic.com *.googleapis.com *.hotjar.com *.ads-twitter.com *.unpkg.com *.tiktok.com *.googleadservices.com *.google-analytics.com *.google.com *.jsdelivr.net *.googletagmanager.com *.cookiepro.com *.doubleclick.net *.cloudflare.com js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com c.paypal.com api.braintreegateway.com www.paypalobjects.com client-analytics.braintreegateway.com; style-src 'self' 'unsafe-inline' *.cloudflare.com *.jsdelivr.net *.unpkg.com *.jquery.com assets.braintreegateway.com; img-src 'self' 'unsafe-inline' data: *.paypalobjects.com https://adservice.google.com *.google.com https://www.google.com *.gstatic.com *.google.gg *.google.bs *.google.tn *.google.hn *.google.com.om *.google.com.ag *.google.com.ng *.googleusercontent.com *.google.com.gi *.google.es *.google.com.mx *.google.dk *.google.is *.google.me *.google.com.co *.google.com.ec *.firstbus.co.uk *.googletagmanager.com *.google.ad *.google.hu *.google.gy *.google.co.bw *.google.com.lb *.google.ca *.google.com.hk *.google.mg *.google.co.ma *.google.jo *.google.com.qa *.google.com.pr *.google.im *.google.fr *.facebook.com *.google.cz *.google.cl *.google.co.in *.google.com.sa *.google.com.bd *.google.pt *.google.nl *.google-analytics.com *.google.co.th *.google.lv *.google.com.ph *.cookiepro.com *.firstgroup.com *.google.no *.google.co.id *.google.be *.google.com.sg *.google.co.kr *.google.sk *.google.gr *.google.com.tr *.google.co.tz *.google.com.au *.google.lk *.google.com.my *.google.kg *.ytimg.com *.google.kz *.google.rs *.google.lu *.google.com.eg *.google.pl *.google.com.mt *.google.com.cy *.google.mv *.google.com.jm *.google.cv *.twitter.com *.google.bg *.google.fi *.google.com.ar *.google.ee *.google.com.gh *.google.co.jp *.doubleclick.net *.google.cn *.google.ae *.google.com.et *.google.ru *.google.com.bo *.google.je *.google.com.pe *.google.ch *.google.se *.google.ro *.google.co.nz *.plusbus.info *.google.co.uk *.google.hr *.google.com.tw *.google.it *.paypal.com *.google.com.np *.googleapis.com *.google.cm *.google.com.br *.google.co.za *.google.dm *.google.com.kw *.google.mk *.google.com.pk *.google.tt *.google.co.ke *.google.com.bh *.google.lt *.google.com.bn *.google.at *.google.ie *.google.de *.t.co *.google.si *.google.lv assets.braintreegateway.com checkout.paypal.com *.thisisdax.com; style-src-elem 'self' 'unsafe-inline' assets.braintreegateway.com cdn.jsdelivr.net *.googleapis.com https://unpkg.com https://cdnjs.cloudflare.com *.gstatic.com; frame-src * 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' https://pagead2.googlesyndication.com https://www.google.com wss://ws.hotjar.com https://content.hotjar.io *.google-analytics.com https://region1.google-analytics.com *.google-analytics.com *.google.co.uk *.cardinalcommerce.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.comcarde.com *.cookiepro.com https://www.facebook.com *.analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com *.google.rs *.google.be *.google.ae *.google.gg *.google.com.om *.google.com.gi *.google.es *.google.com.mx *.google.dk *.google.com.co *.googletagmanager.com *.google.hu *.google.co.bw *.google.ca *.google.com.hk *.google.im *.google.fr *.linkedin.com api.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com; 2
frame-ancestors https://*.flexera.com https://*.flexera.de https://*.revenera.com https://*.revenera.de https://ecommerce-flexeracommunity.cs201.force.com https://staging-flexeracommunity.cs203.force.com; default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; form-action 'self'; script-src * 'unsafe-eval' 'unsafe-inline' https:; style-src * 'self' 'unsafe-inline' https: 2
default-src https://optimize.google.com 'self'; font-src https://fonts.google.com https://fonts.gstatic.com https://optimize.google.com https://fonts.googleapis.com 'self' data:; style-src https://fonts.google.com https://fonts.gstatic.com https://optimize.google.com https://www.gstatic.com https://fonts.googleapis.com 'self' 'unsafe-inline'; img-src https://static3.santander.pl https://tmlead.pl https://optimize.google.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.facebook.com https://pixel.wp.pl https://my.tealiumiq.com https://lux.speedcurve.com https://*.googleapis.com https://adservice.google.com https://googleads.g.doubleclick.net https://maps.google.com https://user-event-tracker.crazyegg.com https://static3.bzwbk.pl https://collect.tealiumiq.com https://dentsu-tracking.com https://www.google.com https://aff.sendhub.pl https://www.webankieta.pl https://bat.bing.com https://rejestr.santander.pl static.yourcx.io https://www.google.pl https://maps.gstatic.com https://bankmozliwosci.santander.pl https://px.ads.linkedin.com https://www.googletagmanager.com https://google.com https://www.google-analytics.com https://app.revhunter.tech 'self' data:; frame-src https://www.figma.com https://invis.io https://optimize.google.com https://santanderleasing.pl opinia.santander.pl https://www.webankieta.pl https://www.facebook.com https://cloud.webankieta.pl https://santandertfi.pl https://netevent.tv https://projects.invisionapp.com https://doladuj-tutaj.autopay.pl https://tutajdoladuj.blue.pl https://datacloud.tealiumiq.com https://fundusze.santandertfi.pl https://a25315130017.cdn.optimizely.com *.doubleclick.net https://bank.santander.pl https://partner-it.com.pl https://www.youtube.com 'self'; script-src https://cdn.speedcurve.com https://library.startquestion.com https://santanderleasing.pl https://optimize.google.com https://www.googleadservices.com https://stats.g.doubleclick.net https://pixel.wp.pl https://unpkg.com https://maps.googleapis.com https://santandertfi.pl https://my.tealiumiq.com https://static.site24x7rum.com https://app.startquestion.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://cdn.optimizely.com https://maps.google.com https://code.jquery.com https://www.gstatic.com https://www.youtube.com https://www.google.com https://connect.facebook.net https://www.googleoptimize.com https://analytics.tiktok.com https://tags.tiqcdn.com https://s.ytimg.com https://files.startquestion.com https://tags.creativecdn.com https://cloud.webankieta.pl https://snap.licdn.com https://bat.bing.com static.yourcx.io https://omnibot.santander.pl https://maps.gstatic.com https://santander-prod.stanusch.com https://fundusze.santandertfi.pl https://www.googletagmanager.com https://www.google-analytics.com https://files.webankieta.pl 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'self'; connect-src https://aplikacje-pfrportal.pl https://analytics.tiktok.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://region1.google-analytics.com https://www.facebook.com https://my.tealiumiq.com https://maps.googleapis.com https://bat.bing.com https://adservice.google.com https://omnibot.santander.pl https://app.startquestion.com https://col.site24x7rum.com https://region1.analytics.google.com cf.santander.pl https://santander-prod.stanusch.com https://collect.tealiumiq.com https://www.google-analytics.com https://logx.optimizely.com https://www.startquestion.com https://errors.client.optimizely.com 'self' 2
frame-ancestors 'self' https://*.osp.tech 2
frame-ancestors 'self' https://cdn.adkaora.space; 2
frame-ancestors 'self' https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob:; 2
frame-ancestors 'self' *.c3.ai *.folloze.com c3.ai folloze.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onenorth.com *.ropesgray.com *.cookielaw.org *.google.com *.gstatic.com *.googletagmanager.com *.sharethis.com siteimproveanalytics.com *.passle.net *.linkedin.com *.licdn.com *.cloudflare.com *.googleapis.com *.google-analytics.com *.lfeeder.com *.vimeo.com *.twitter.com; img-src 'self' data: *.onenorth.com *.ropesgray.com *.sharethis.com *.googletagmanager.com *.linkedin.com *.siteimproveanalytics.io *.adsymptotic.com *.lfeeder.com *.google.com *.google-analytics.com *.doubleclick.net *.twitter.com *.passle.net *.cookielaw.org *.ropesgray.com *.onenorth.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.myfonts.net *.sharethis.com *.passle.net *.cloudflare.com *.cloudfront.net *.typekit.net *.googleapis.com; font-src 'self' 'unsafe-inline' data: *.bootstrapcdn.com *.myfonts.com *.cloudfront.net *.typekit.net *.gstatic.com; frame-src 'self' 'unsafe-inline' *.ropesgray.com *.sharethis.com *.passle.net *.taleo.net *.brightcove.net *.google.com *.youtube.com *.vimeo.com *.yoshki.com *.twitter.com *.transistor.fm; connect-src 'self' 'unsafe-inline' *.cookielaw.org *.onetrust.com *.sharethis.com *.google-analytics.com *.doubleclick.net *.passle.net *.crwdcntrl.net *.oribi.io; upgrade-insecure-requests; block-all-mixed-content; 2
default-src 'self' https:; font-src 'self' https: data: fonts.gstatic.com; img-src 'self' https: data: blob: cdn.ckeditor.com via.placeholder.com; object-src 'none'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' cdn.ckeditor.com ajax.googleapis.com widget.trustpilot.com cdn.dynamicyield.com pagead2.googlesyndication.com *.scarabresearch.com www.paypalobjects.com js.braintreegateway.com cdn.cookielaw.org; style-src 'self' https: 'unsafe-inline' cdn.ckeditor.com fonts.googleapis.com data:; connect-src 'self' https: data: blob: api.sofort.com 2
upgrade-insecure-requests; frame-ancestors 'self' dotroll.com *.dotroll.com 2
default-src http: https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; font-src 'self' https:; 2
script-src 'self' https://itunes.apple.com www.youtube.com https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.youtube-nocookie.com; font-src https://fonts.gstatic.com; 2
manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests; frame-ancestors 'self' clientelastaging.papersource.com https://www.papersource.com/ www.papersource.com https://design.papersource.com/ https://*.rewardstyle.com; form-action 'self' https://1.camp.papersource.com:9101 https://accounts.google.com https://www.facebook.com https://design.papersource.com/ https://*.bizrate.com  geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://papersource.resultsstage.com https://tagmanager.google.com https://papersource.resultspage.com https://cdn.cookielaw.org https://*.rewardstyle.com *.googletagmanager.com *.impactcdn.com https://*.bizrate.com  *.adobe.com fonts.googleapis.com fastly-cloud.typenetwork.com/projects/7821/fontface.css unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.paypal.com https://www.paypalobjects.com https://core.spreedly.com https://papersource.resultspage.com https://app.customily.com https://js-agent.newrelic.com https://papersource.resultsstage.com https://*.addthis.com https://*.addthisedge.com https://www.google-analytics.com https://*.optimove.net https://*.optimove.events https://static.zdassets.com https://bam.nr-data.net https://z.moatads.com https://v1.addthisedge.com https://widget-mediator.zopim.com/* https://widgets.pinterest.com https://graph.facebook.com https://integration9tracksdk-stg.optimove.net https://integration9tracksdk-stg.optimove.net/* https://integration9tracksdk-stg.optimove.net/piwik.php https://assets.pinterest.com/js/pinmarklet.js https://cdn.gartnerstudios.com https://tags.bkrtx.com https://cdn.attn.tv *.mouseflow.com  https://cdn.cookielaw.org https://secure.quantserve.com/quant.js https://*.channeladvisor.com/ https://connect.facebook.net/ https://*.pinimg.com/ https://bat.bing.com/ https://rules.quantcount.com/ https://*.go-mpulse.net/ https://*.pinterest.com/ https://*.sli-spark.com/  https://embed.acuityscheduling.com/ https://*.rewardstyle.com https://*widget.gleamjs.io *.impactcdn.com https://utt.impactcdn.com https://*.bizrate.com  https://*.arttrk.com/pixel/  https://arttrk.com https://sts.eccmp.com  https://s.t.papersource.com https://*.gleamjs.io assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://*.customily.com https://*.amazonaws.com *.vantivprelive.com *.vantivcnp.com https://www.mczbf.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; media-src https://static.zdassets.com *.adobe.com; img-src 'self' data: https://*.scene7.com https://*.paypal.com https://www.paypalobjects.com https://store.paradoxlabs.com https://papersource.resultsstage.com https://assets.resultspage.com https://www.google-analytics.com https://*.optimove.net https://*.gstatic.com https://www.googletagmanager.com https://bam.nr-data.net https://stats.g.doubleclick.net https://api.gartnerstudios.com https://app.customily.com https://cm.g.doubleclick.net/pixel* https://create.paper-source.com/* https://gcm.optimove.events/setCookie* https://www.addthis.com/bookmark.php https://log.pinterest.com https://cm.g.doubleclick.net https://gcm.optimove.events https://www.google.com/ads/ga-audiences https://*.google.com https://*.papersource.com https://*.paper-source.com https://*.emjcd.com https://*.dotomi.com *.mouseflow.com  https://cdn.cookielaw.org https://*.pinterest.com/ https://www.google.com.ua/ https://papersource.resultspage.com/ https://design.papersource.com/ https://*.rewardstyle.com https://arttrk.com/ *.impactcdn.com papersource.pxf.io https://www.ojrq.net https://logs-01.loggly.com https://*.bizrate.com   https://sts.eccmp.com  https://s.t.papersource.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com https://*.customily.com https://*.amazonaws.com 'self' data: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube.com/embed/* https://s7.addthis.com https://assets.pinterest.com https://login.dotomi.com https://www.google.com https://stags.bluekai.com https://core.conversant.mgr.consensu.org https://papersource.attn.tv https://ct.pinterest.com/ https://www.facebook.com/ https://*.attn.tv/ https://*.paypalobjects.com/ https://app.squarespacescheduling.com/ https://*.rewardstyle.com papersource.pxf.io https://*.bizrate.com  fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com creatives.attn.tv c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://static.zdassets.com https://tagmanager.google.com https://papersource.resultsstage.com https://papersource.resultspage.com/ fonts.googleapis.com fonts.gstatic.com https://*.customily.com https://*.amazonaws.com 'self' data: fastly-cloud.typenetwork.com/projects/7821/ data: 'self' 'unsafe-inline'; connect-src 'self' https://*.addthis.com https://www.paypal.com https://*.optimove.events https://*.optimove.net https://ekr.zdassets.com https://www.google-analytics.com/collect https://www.google-analytics.com/r/collect https://papersource.zendesk.com https://bam.nr-data.net wss://widget-mediator.zopim.com/* wss://widget-mediator.zopim.com https://static.zdassets.com https://app.customily.com https://integration9tracksdk-stg.optimove.net https://integration9tracksdk-stg.optimove.net/* https://integration9tracksdk-stg.optimove.net/piwik.php https://api.gartnerstudios.com/ https://cdn.gartnerstudios.com/ https://1.camp.papersource.com:9101/gartner/images https://*.sjwoe.co https://*.pinterest.com  https://cdn.cookielaw.org  https://*.googleapis.com https://*.go-mpulse.net/ https://*.akstat.io/ https://www.sjwoe.com/ https://geolocation.onetrust.com/ https://*.akamaihd.net/ https://*.rewardstyle.com  papersource.pxf.io https://*.bizrate.com  https://s.t.papersource.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.customily.com https://*.amazonaws.com 'self' data: *.mczbf.com *.doubleclick.net *.google-analytics.com *.zendesk.com *.optimove.net *.zopim.com *.attn.tv *.attentivemobile.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; default-src 'self' https://static.zdassets.com https://s7.addthis.com/static/sh* https://*.rewardstyle.com https://*.arttrk.com/ https://*.bizrate.com  https://*arttrk.com/pixel/  'self' 'unsafe-inline' 'unsafe-eval'; worker-src 'self' https://core.spreedly.com https://s7.addthis.com https://www.youtube.com/embed/*; 2
default-src * data: blob: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 2
base-uri 'self'; child-src 'self'; connect-src 'self' https://*.meo.pt https://*.botschool.ai https://api.botschool.ai wss://api.botschool.ai wss://api.ng.botschool.ai https://webchat.ng.botschool.ai https://*.engagement.coremedia.cloud wss://*.engagement.coremedia.cloud https://*.byside.com wss://*.byside.com https://cdn-api-weglot.com https://*.evergage.com https://www.facebook.com https://*.google-analytics.com https://adservice.google.com https://analytics.google.com https://region1.analytics.google.com https://www.google.com https://*.googleapis.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://in.hotjar.com https://*.inmobi.com https://*.inside-graph.com wss://*.inside-graph.com https://cmp.quantcast.com https://*.cmp.quantcast.com https://pixel.quantcount.com https://analytics.tiktok.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.weglot.com https://*.clarity.ms https://*.doubleclick.net https://gateway.zscaler.net https://quantcast.mgr.consensu.org https://*.quantcast.mgr.consensu.org https://www.google.pt https://services.sapo.pt https://signet-spot.telecom.pt; default-src 'self'; font-src 'self' data: https://*.meo.pt https://cdnjs.cloudflare.com https://use.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com https://eu-cdn.inside-graph.com https://connect.facebook.net https://fast.fonts.net https://gateway.zscaler.net; form-action 'self' https://*.meo.pt https://*.engagement.coremedia.cloud https://*.byside.com https://www.facebook.com https://connect.facebook.net https://gateway.zscaler.net; frame-ancestors 'self' https://en.meo.pt https://gateway.zscaler.net https://cinema.sapo.pt https://mag.sapo.pt; frame-src 'self' https://*.meo.pt https://*.engagement.coremedia.cloud https://stags.bluekai.com https://*.byside.com https://www.facebook.com https://*.figma.com https://www.google.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://vars.hotjar.com https://*.inside-graph.com https://meo.speedtestcustom.com https://meoteste.speedtestcustom.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.youtube.com https://*.smark.io https://*.meo.velocidi.io https://*.doubleclick.net https://gateway.zscaler.net https://signet-spot.telecom.pt; img-src 'self' data: https: https://wingify-assets.s3.amazonaws.com https://chart.googleapis.com https://*.visualwebsiteoptimizer.com https://*.vwo.com; media-src 'self' data: https://*.meo.pt https://gateway.zscaler.net; report-to cspenforce; report-uri https://cspreport.apps.meo.pt/Services/Rest.svc/CSP/pkX84pGsGX/Enforce; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.meo.pt https://*.botschool.ai https://img.botschool.ai https://webchat.ng.botschool.ai https://*.engagement.coremedia.cloud https://tags.bkrtx.com https://*.byside.com https://cdnjs.cloudflare.com https://cdn.evgnet.com https://*.google-analytics.com https://optimize.google.com https://www.google.com https://www.googleadservices.com https://*.googleapis.com https://www.googleoptimize.com https://*.googlesyndication.com https://www.googletagmanager.com https://www.gstatic.com https://*.hotjar.com https://*.inmobi.com https://*.inside-graph.com https://cmp.quantcast.com https://rules.quantcount.com https://secure.quantserve.com https://*.serving-sys.com https://analytics.tiktok.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.weglot.com https://p.smrk.io https://*.meo.velocidi.io https://u.heatmap.it https://www.clarity.ms https://mstat.acestream.net https://*.doubleclick.net https://connect.facebook.net https://gateway.zscaler.net https://quantcast.mgr.consensu.org https://selo.confio.pt; style-src 'self' 'unsafe-inline' https://*.meo.pt https://*.botschool.ai https://img.botschool.ai https://webchat.ng.botschool.ai https://*.engagement.coremedia.cloud https://s3.amazonaws.com https://*.byside.com https://use.fontawesome.com https://optimize.google.com https://*.googleapis.com https://www.googletagmanager.com https://www.gstatic.com https://*.inside-graph.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://cdn.weglot.com https://fast.fonts.net https://gateway.zscaler.net https://selo.confio.pt; worker-src 'self' blob:; object-src 'none' 2
frame-ancestors 'self' https://*.cornerstoneondemand.com https://csod-studio.vercel.app https://*.csod-preview.com;upgrade-insecure-requests;default-src 'self' https://*.cornerstoneondemand.com;connect-src *;font-src *;form-action *;frame-src *;img-src * data:;manifest-src * 'unsafe-inline';media-src *;object-src *;script-src * 'unsafe-eval' 'unsafe-inline';style-src * 'unsafe-inline';worker-src * blob: 2
default-src 'self' data: *.dv.socure.io *.adobedc.net *.googletagmanager.com *.trustarc.com *.mpsnare.iesnare.com https://mpsnare.iesnare.com https://*.extole.io https://*.xtlo.net; object-src 'self' *.googletagmanager.com *.trustarc.com; child-src 'self' ujet.co *.adobedc.net *.ujet.co *.truste.com *.trustarc.com *.googletagmanager.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adobedc.net *.dv.socure.io *.truste.com *.consent.trustarc.com *.googletagmanager.com *.trustarc.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.stackadapt.com *.tags.srv.stackadapt.com *.redditstatic.com *.forter.com tags.stackadapt.com https://mpsnare.iesnare.com https://share.walmartmoneycard.com *.go2bank.com *.go2financial.com *.go2bankonline.com *.fuelcdn.com *.exacttarget.com *.adobe.com *.mpsnare.iesnare.com *.tvsquared.com ujet.co *.ujet.co google-analytics.com *.google-analytics.com trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.salesforceliveagent.com *.hypemarks.com websdk.appsflyer.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net https://*.extole.io https://*.xtlo.net https://*.decibelinsight.net https://*.decibel.com blob: https://api.cloudsponge.com analytics.tiktok.com https://cdnjs.cloudflare.com; connect-src 'self' https://pie-secure-gdrewardsdev.nextestate.com/ https://qa-secure-gdrewardsdev.nextestate.com *.adobedc.net *.googletagmanager.com *.dv.socure.io *.trustarc.com *.truste.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.go2bank.com *.google-analytics.com *.walmartmoneycard.com/events *.appsflyer.com *.go2bank.com *.go2bankonline.com *.go2financial.com wss://mpsnare.iesnare.com/star *.appsflyer.com go2bank.sjv.io  kampyle.com *.mpsnare.iesnare.com *.kampyle.com mobileapi.locatorsearch.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com vimeo.com *.vimeo.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com s.ytimg.com connect.facebook.net storify.com *.fyre.co *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net https://*.cloudsponge.com https://*.decibelinsight.net https://*.decibel.com wss://*.decibelinsight.net https://*.extole.io https://*.xtlo.net analytics.tiktok.com https://maps.googleapis.com https://analytics.pangle-ads.com https://pagead2.googlesyndication.com; img-src 'self' data: https://arttrk.com https://trkn.us https://rdcdn.com p.alocdn.com *.dv.socure.io *.adobedc.net aa.trkn.us i.ytimg.com *.googletagmanager.com *.trustarc.com *.truste.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.reddit.com *.rdcdn.com *.mdhv.io *.go2bank.com *.go2bankonline.com *.go2financial.com *.ojrq.net *.tvsquared.com google-analytics.com *.google-analytics.com i.vimeocdn.com www.google.co.in *.google.co.in kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.force.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com cdn.livefyre.com bootstrap.livefyre.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net data: blob: https://*.extole.io https://*.xtlo.net data: https://api.cloudsponge.com https://*.walmartmoneycard.com analytics.tiktok.com ; style-src 'self' 'unsafe-inline' *.adobedc.net *.dv.socure.io *.googletagmanager.com *.trustarc.com *.truste.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.exacttarget.com kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.go2bankonline.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.go2financial.com *.adobecqms.net *.googleadservices.com cdn.livefyre.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com use.typekit.net *.typekit.net https://*.extole.io https://*.xtlo.net https://fonts.googleapis.com https://api.cloudsponge.com; font-src 'self' data: *.dv.socure.io *.adobedc.net kampyle.com *.googletagmanager.com *.trustarc.com *.truste.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.appsflyer.com *.kampyle.com use.typekit.net *.use.typekit.net *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.go2financial.com *.adobecqms.net *.livefyre.com https://*.extole.io https://*.xtlo.net https://fonts.gstatic.com https://api.cloudsponge.com; frame-src 'self' *.pardot.com *.dv.socure.io *.adobedc.net *.googletagmanager.com *.trustarc.com *.truste.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.go2bank.com ujet.co *.ujet.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.facebook.com facebook.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.hypemarks.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.go2financial.com *.adobecqms.net www.youtube.com player.vimeo.com *.demdex.net trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co cdn-gdc.com *.cdn-gdc.com bytedance: sslocal:; frame-ancestors 'self' *.dv.socure.io *.adobedc.net https://*.greendot.com https://*.go2bank.com https://*.go2financial.com https://*.walmartmoneycard.com https://*.chirpwhitelabel.com;; 2
frame-ancestors 'none'; form-action 'self'; base-uri 'self' 2
default-src * 'unsafe-inline' 'unsafe-eval' data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 2
frame-src https://*.yellohvillage.es https://*.yellohvillage.co.uk https://*.yellohvillage.de https://*.yellohvillage.it https://*.yellohvillage.fr https://*.yellohvillage.nl https://www.youtube.com https://*.fls.doubleclick.net https://td.doubleclick.net https://www.google.com https://yellohvillage.demdex.net https://*.admin.yellohvillage.fr https://admin.yellohvillage.fr https://*.iadvize.com https://*.criteo.com https://static.criteo.net https://*.facebook.com https://*.omtrdc.net; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.hotjar.com https://*.addthis.com https://*.fr.datacamping.com https://*.es.datacamping.com https://*.de.datacamping.com  https://*.it.datacamping.com https://*.en.datacamping.com https://*.nl.datacamping.com https://cdn.mouseflow.com https://maps.googleapis.com https://www.gstatic.com https://api.ipify.org https://connect.facebook.net https://*.script.admo.tv https://js-agent.newrelic.com https://*.googletagmanager.com https://sdk.privacy-center.org https://*.clarity.ms https://*.demdex.net https://yellohvillage.d3.sc.omtrdc.net https://www.google.com  https://*.google-analytics.com https://www.facebook.com https://*.criteo.com https://static.criteo.net https://www.youtube.com https://bam.nr-data.net https://stats.g.doubleclick.net https://www.googleadservices.com https://*.iadvize.com https://bat.bing.com https://assets.adobedtm.com https://yellohvillage.admo.tv  https://*.yellohvillage.fr https://*.omtrdc.net https://*.zemanta.com https://itswhile.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.fr.datacamping.com https://*.es.datacamping.com https://*.de.datacamping.com https://*.it.datacamping.com https://*.en.datacamping.com https://*.nl.datacamping.com https://cdn.mouseflow.com https://maps.googleapis.com https://www.googleadservices.com https://www.gstatic.com https://api.ipify.org https://connect.facebook.net https://static.criteo.net https://*.script.admo.tv  https://js-agent.newrelic.com https://*.googletagmanager.com  https://sdk.privacy-center.org https://*.clarity.ms https://*.demdex.net https://yellohvillage.d3.sc.omtrdc.net https://www.google.com  https://*.google-analytics.com  https://www.facebook.com https://*.criteo.com https://www.youtube.com https://bam.nr-data.net https://stats.g.doubleclick.net https://*.iadvize.com https://bat.bing.com  https://assets.adobedtm.com https://yellohvillage.admo.tv https://*.yellohvillage.fr https://*.omtrdc.net; img-src https: data: 'self' 'unsafe-inline' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; default-src 'self' 'unsafe-inline' data: https://*.yellohvillage.es https://*.yellohvillage.co.uk https://*.yellohvillage.de https://*.yellohvillage.it https://*.yellohvillage.fr https://*.yellohvillage.nl wss://*.iadvize.com https://googleads.g.doubleclick.net https://www.google.com https://*.googleapis.com https://adservice.google.com/ https://*.datacamping.com/ https://www.photoscamping.com https://*.yellohvillage.fr https://bam.nr-data.net https://yellohvillage.d3.sc.omtrdc.net https://bat.bing.com https://*.admo.tv https://ad.doubleclick.net https://stats.g.doubleclick.net https://*.clarity.ms https://*.iadvize.com https://dpm.demdex.net https://api.privacy-center.org https://www.facebook.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://o2.mouseflow.com https://*.criteo.com https://*.omtrdc.net wss://ws.hotjar.com https://content.hotjar.io https://*.zemanta.com https://itswhile.com; object-src 'none'; 2
default-src 'self' https://*.wistia.com https://*.wistia.net; child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.litix.io https://*.wistia.com https://*.wistia.net https://*.algolia.net aorta.clickagy.com hemsync.clickagy.com https://www2.ttec.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://px.ads.linkedin.com https://js.zi-scripts.com https://ws.zoominfo.com https://privacyportal.onetrust.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://fbo-b.flippingbook.com https://online.flippingbook.com https://d17lvj5xn8sco6.cloudfront.net https://*.doubleclick.net https://pi.pardot.com; font-src 'self' data: https://fonts.gstatic.com https://*.wistia.com https://cdnjs.cloudflare.com; frame-src 'self' https://www.googletagmanager.com https://*.doubleclick.net https://js.driftt.com https://widget.drift.com https://fast.wistia.com https://fast.wistia.net hemsync.clickagy.com https://insight.adsrvr.org https://www2.ttec.com https://online.flippingbook.com https://match.adsrvr.org; img-src 'self' data: https://www.ttec.com www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.doubleclick.net https://www.google.com https://google.com https://*.wistia.com https://*.wistia.net https://cdn.cookielaw.org https://px.ads.linkedin.com https://ade.googlesyndication.com https://www.linkedin.com https://fonts.gstatic.com https://online.flippingbook.com https://d17lvj5xn8sco6.cloudfront.net; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net; object-src 'none'; script-src 'self' 'strict-dynamic' cdn.jsdelivr.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com 'nonce-rBvvELFjfy47lmRPJB6vEQ'; script-src-elem 'self' https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://www.google.com https://js.driftt.com https://widget.drift.com https://*.wistia.com https://*.wistia.net https://src.litix.io js.zi-scripts.com tags.clickagy.com https://www2.ttec.com https://snap.licdn.com/ https://www.gstatic.com https://ws-assets.zoominfo.com https://pagead2.googlesyndication.com https://js.adsrvr.org/ https://privacyportal.onetrust.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://online.flippingbook.com https://d33i2vgywgme2s.cloudfront.net https://js.sentry-cdn.com https://pi.pardot.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com 'nonce-rBvvELFjfy47lmRPJB6vEQ'; style-src 'self' 'unsafe-inline' blob: https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://fast.wistia.com https://privacyportal.onetrust.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com use.fontawesome.com; base-uri 'self'; frame-ancestors 'self' 2
default-src 'self' 'unsafe-inline' *.2degreesmobile.co.nz *.2degreesbroadband.co.nz *.2degrees.nz *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com *.google-analytics.com *.lift.acquia.com *.sentry.io *.addsearch.com *.qualtrics.com *.youtube.com unpkg.com *.nice-incontact.com staticcdn.co.nz *.doubleclick.net *.google.com *.hotjar.com *.newrelic.com *.bugsnag.com *.nr-data.net *.googleadservices.com *.segment.com *.segment.io *.amplitude.com *.contentsquare.net *.youtube-nocookie.com  *.rawgit.com *.licdn.com blob: wss: *.googleapis.com *.facebook.net *.fullstory.com chosen.css *.jquery.js; object-src 'none'; img-src * data: 2
default-src 'self' *.nts.live *.ntslive.co.uk; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.europe-west1.firebasedatabase.app https://*.soundcloud.com *.mixcloud.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://*.google.com https://www.youtube.com *.ytimg.com *.list-manage.com https://unpkg.com *.gstatic.com *.doubleclick.net https://connect.facebook.net https://js.stripe.com https://www.paypal.com https://www.paypalobjects.com https://*.onetrust.com;connect-src *; img-src 'self' data: https:; media-src 'self' https://*.ntslive.net http://*.ntslive.net https://*.ntslive.co.uk https://*.sndcdn.com; style-src 'unsafe-inline' 'self' hello.myfonts.net https://optimize.google.com https://fonts.googleapis.com https://*.typekit.net; child-src 'self' *.mixcloud.com https://*.vimeo.com https://*.soundcloud.com https://bandcamp.com https://*.youtube.com; font-src 'self' data: fonts.gstatic.com https://*.typekit.net https://*.nts.live; frame-src *.mixcloud.com https://*.vimeo.com https://*.soundcloud.com https://bandcamp.com https://*.youtube.com https://*.google.com *.doubleclick.net *.firebaseapp.com https://js.stripe.com *.paypal.com https://www.paypalobjects.com; 2
default-src 'self'; img-src data: 'self' https://media.home.bargains https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://*.cookielaw.org; style-src 'self' 'nonce-8Jhw1Lzp' 'nonce-9dj7hsk2' https://tagmanager.google.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; script-src 'self' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'nonce-8Jhw1Lzp' https://js.stripe.com https://tagmanager.google.com https://*.googletagmanager.com https://*.clarity.ms https://*.cookielaw.org; frame-ancestors 'none'; frame-src https://js.stripe.com https://hooks.stripe.com; connect-src 'self' https://api.stripe.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.algolianet.com https://*.algolia.net https://*.algolia.io https://*.clarity.ms https://*.cookielaw.org https://*.onetrust.com https://o4504927879692288.ingest.sentry.io; 2
default-src 'self' blob: https://10web.io *.10web.io; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' 'report-sample' ajax.cloudflare.com *.googleoptimize.com *.tiktok.com *.clarity.ms https://*.smooch.io https://*.zendesk.com https://widget.trustpilot.com/ https://embed.typeform.com/next/embed.js *.hotjar.com https://api.smooch.io/ https://cdn.jsdelivr.net/* *.luckyorange.com https://api.smooch.io https://js.hsleadflows.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hubspotfeedback.com https://js.usemessages.com https://js.hscollectedforms.net https://js.hsforms.net https://forms.hsforms.com  *.hubspot.com *.hubspot.net *.hs-scripts.com  *.hs-analytics.net jsfiddle.net *.jsfiddle.net *.bing.com *.datatables.net *.gstatic.com instagram.com *.instagram.com instagr.am https://10web.io *.10web.io *.twitter.com twitter.com *.google.com google.com *.firstpromoter.com firstpromoter.com *.facebook.net *.facebook.com facebook.com *.fbcdn.net reddit.com *.reddit.com redditstatic.com *.redditstatic.com quora.com *.quora.com *.cloudflare.com cloudflare.com https://d10lpsik1i8c69.cloudfront.net https://googleads.g.doubleclick.net *.googleapis.com https://s.ytimg.com https://snap.licdn.com https://static.ads-twitter.com *.google-analytics.com google-analytics.com https://www.googleadservices.com https://*.googletagmanager.com https://googletagmanager.com https://www.youtube.com *.zdassets.com *.zendesk.com *.zopim.com *.zopim.io zopim.com *.googleusercontent.com googleusercontent.com *.sentry-cdn.com producthunt.com *.producthunt.com *.fontawesome.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js data:; style-src 'self' 'unsafe-inline' 'report-sample' https://embed.typeform.com/next/css/widget.css https://10web.io *.10web.io https://*.smooch.io https://*.zendesk.com https://hello.myfonts.net/count/36f1f3 https://tools.luckyorange.com *.datatables.net https://d10lpsik1i8c69.cloudfront.net *.googleapis.com *.googleusercontent.com googleusercontent.com google.com *.google.com *.googletagmanager.com googletagmanager.com *.sentry-cdn.com *.fontawesome.com data: blob: https://10web.io *.10web.io; img-src * 'self' data: blob:; font-src 'self' data:  https://10web.io *.10web.io https://*.smooch.io https://*.zendesk.com *.gstatic.com *.googleusercontent.com googleusercontent.com storage.googleapis.com https://s3.amazonaws.com/luckyorange-clickstream/fonts/ hello.myfonts.net *.fontawesome.com; connect-src * 'self'; media-src 'self' https://10web.io *.10web.io *.s3.us-west-2.amazonaws.com *.amazonaws.com https://s3-us-west-2.amazonaws.com/10web-tts/audios/* *.s3.amazonaws.com *.imgur.com imgur.com https://d10lpsik1i8c69.cloudfront.net wss://*.smooch.io https://*.smooch.io https://*.zendesk.com *.zdassets.com *.zendesk.com *.zopim.com *.zopim.io zopim.com *.google.com google.com *.googleusercontent.com googleusercontent.com *.sentry-cdn.com *.firstpromoter.com firstpromoter.com; frame-src 'self'   jsfiddle.net https://form.typeform.com https://demo.arcade.software https://widget.trustpilot.com https://forms.hsforms.com/ https://app.hubspot.com *.jsfiddle.net https://anchor.fm https://10web.io *.10web.io *.google.com google.com *.doubleclick.net *.facebook.com facebook.com *.facebook.net *.fbcdn.net instagram.com *.instagram.com instagr.am *.youtube.com youtube.com *.firstpromoter.com firstpromoter.com jsfiddle.net https://app.hubspot.com  *.jsfiddle.net https://anchor.fm https://10web.io *.10web.io *.google.com google.com *.doubleclick.net *.facebook.com facebook.com *.facebook.net *.fbcdn.net instagram.com *.instagram.com instagr.am *.youtube.com youtube.com *.firstpromoter.com firstpromoter.com; base-uri 'self' https://10web.io *.10web.io; manifest-src 'self' https://10web.io *.10web.io; report-uri https://o397950.ingest.sentry.io/api/5263028/security/?sentry_key=8444a18b08184aef960a8eded99e7e7a; 2
worker-src * 2
frame-ancestors 'self' http://*.commonwealthu.edu https://*.commonwealthu.edu http://commonwealthu.prod.acquia-sites.com https://commonwealthu.prod.acquia-sites.com http://commonwealthustage.prod.acquia-sites.com https://commonwealthustage.prod.acquia-sites.com http://commonwealthudev.prod.acquia-sites.com https://commonwealthudev.prod.acquia-sites.com http://commonwealthura.prod.acquia-sites.com https://commonwealthura.prod.acquia-sites.com http://commonwealth.ddev.site https://commonwealth.ddev.site https://*.vimeo.com https://*.youtube.com https://bbox.blackbaudhosting.com; report-uri https://www.commonwealthu.edu/report-uri/enforce 2
frame-ancestors 'self' http://*.airtable.com https://*.therapybrands.com; 2
default-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://mycliplister.com  https://*.mycliplister.com  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://lidl-latuaopinioneconta.it  https://lidl-fatturaelettronica.it  data:  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://lidl-latuaopinioneconta.it  https://lidl-fatturaelettronica.it; img-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.mycliplister.com  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.googleadservices.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.creativecdn.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://c1.adform.net  https://ce.lijit.com  https://criteo-partners.tremorhub.com  https://*.teads.tv  https://dpm.demdex.net  https://e1.emxdgt.com  https://eb2.3lift.com  https://exchange.mediavine.com  https://hb.yahoo.net  https://id5-sync.com  https://jadserve.postrelease.com  https://matching.ivitrack.com  https://pixel.rubiconproject.com  https://*.casalemedia.com  https://sync-criteo.ads.yieldmo.com  https://sync.1rx.io  https://rt.udmserve.net  https://ssc-cms.33across.com  https://ads.yieldmo.com  https://s.seedtag.com  https://sync.go.sonobi.com  https://fast.nexx360.io  https://*.upe.schwarz  'unsafe-inline'  https://*.adyen.com  data:; object-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'; script-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 2
frame-ancestors 'self' https://dashboard.sitew.com https://www.sitew.com; 2
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 2
frame-ancestors 'self' http://webvisor.com; 2
base-uri 'self';default-src 'self';object-src 'self';frame-ancestors 'self';style-src 'self' 'unsafe-inline' https://*.google.com http://*.googleapis.com https://*.googleapis.com;font-src 'self' data:;img-src 'self' data: blob: https:;script-src 'self' https://*.mollie.com https://*.adyen.com https://*.bing.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://icu.cvwizard.com https://*.tapfiliate.com https://*.cookiebot.com https://appleid.cdn-apple.com https://*.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://*.clarity.ms 'nonce-d-a73f5bcc-e2d5-4577-a47f-e0ace5c1d648' 'nonce-g-233b8bf4-8147-4ad6-a1dd-50ec83db77d4' 'nonce-b-8136c1f9-f0fd-4ca8-9512-9041cd9f90b5' 'nonce-s-a3071b71-c95d-4b11-be65-ad4b1f39bf4f';child-src 'self' data: https:;frame-src 'self' data: https:;connect-src 'self' https://*.mollie.com https://*.adyen.com https://*.bing.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://icu.cvwizard.com https://*.tapfiliate.com https://*.cookiebot.com https://appleid.cdn-apple.com https://*.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://*.clarity.ms https://*.google-analytics.com https://*.doubleclick.net https://frstre.com https://*.linkedin.oribi.io; 2
style-src 'self' 'unsafe-inline' https: data: ; script-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: blob: https: ; font-src 'self' https: data: ; media-src 'self' http: blob: ; connect-src 'self' https: blob: ; object-src 'self' blob:; frame-src 'self' *.vimeo.com https: ; 2
frame-ancestors 'self' https://customerfinancing.directcapital-sit.com https://customerfinancing.directcapital2.com https://www.customerfinancing.com https://customerfinancing.directcapital-test1.com https://customerfinancing.directcapital-test2.com https://customerfinancing.directcapital-test3.com https://customerfinancing.directcapital-test4.com onlineapps-conv.readiness.ibanking-services.com onlineapps.ibanking-services.com ibanking-services.com https://*.fisglobal.com https://*.citbank.com https://citcom-dev.ase1-dev.citnet.cit.com https://*.firstcitizens.com 2
default-src 'self' secure.test.bs.ch secure.bs.ch www.staatskalender.bs.ch www.tiefbauamt.test.bs.ch www.tiefbauamt.bs.ch egov-by-zid.ch www.leastyger-photography.ch www.regierungsrat.bs.ch *.showare.ch *.solique.ch de.wikipedia.org *.youtube.com map.geo.test.bs.ch map.geo.bs.ch *.abel-systems.ch www.eventdb.bs.ch www.rechtsprechung.gerichte-bs.ch *.basleratlas.ch *.google.com staticweb.bs.ch statabs.github.io statabs-test.github.io public.tableau.com cdn.knightlab.com service.buschviper.ch hit.uptrendsdata.com draeggwaegg.ch www.ub.basleratlas.ch eepurl.com www.tageskarte-gemeinde.ch blog.staatsarchiv-bs.ch data.bs.ch muenzwurf.statabs.ch marketing.us8.list-manage.com basleratlas.ch 1270.appointmind.net avenue.argusdatainsights.ch seu2.cleverreach.comi multimedia-bs.ch klv.egov.bs.ch *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io proxydk1si.siteimprove.systemsi www.linkedin.com static.licdn.com www.entwicklung.bs.ch wmts.geo.bs.ch;script-src 'self' bdm-bs.bot.abraxas-apis.ch standortmarketing.prog.online s.ytimg.com *.youtube.com *.piwikpro.com 'unsafe-inline' multimedia-bs.ch hit.uptrendsdata.com baselstadt.containers.piwik.pro baselstadt.piwik.pro bot.bs-kt.prod.byerley.ch embed.typeform.com chat.aiaibot.com 'unsafe-eval' map.geo.bs.ch siteimproveanalytics.com platform.twitter.com static.licdn.com www.linkedin.com;connect-src 'self' standortmarketing.prog.online hit.uptrendsdata.com *.piwikpro.com *.piwik.pro *.containers.piwik.pro api.aiaibot.com klv.egov.bs.ch map.geo.bs.ch www.linkedin.com static.licdn.com www.entwicklung.bs.ch wmts.geo.bs.ch;img-src 'self' bdm-bs.bot.abraxas-apis.ch bdm-bs.bot.abraxas-apps.ch *.prog.online multimedia-bs.ch *.piwikpro.com *.abel-systems.ch www.test.bs.ch www.bs.ch hit.uptrendsdata.com *.piwik.pro data: 'unsafe-eval' bot.bs-kt.prod.byerley.ch www.pd-bs.ch *.siteimproveanalytics.io static.licdn.com www.linkedin.com www.entwicklung.bs.ch wmts.geo.bs.ch;style-src 'self' bdm-bs.bot.abraxas-apis.ch 'unsafe-inline' bot.bs-kt.prod.byerley.ch map.geo.bs.ch www.linkedin.com;frame-src * mailto:; 2
default-src 'self'; connect-src 'self' https://euc-widget.freshworks.com https://*.google-analytics.com https://carenzorgt.freshdesk.com; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net; frame-src https://wchat.eu.freshchat.com https://513969701343894.eu.webpush.freshchat.com; img-src 'self' data: blob: https://p.typekit.net https://d1yim1i5ghw5xv.cloudfront.net https://*.mijnio.nl https://www.google-analytics.com https://euc-widget.freshworks.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://use.typekit.net https://euc-widget.freshworks.com https://*.google-analytics.com https://wchat.eu.freshchat.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://euc-widget.freshworks.com https://wchat.eu.freshchat.com; report-uri /csp_reports 2
frame-src 'self' https://app.aiden.cx https://api.dpdconnect.nl https://www.youtube.com https://www.obelink.be https://vars.hotjar.com https://www.facebook.com https://surfly.com https://www.google.com folder.obelink.nl flyer.obelink.de https://api.growthbook.io https://tcp.googlesyndication.com; 2
default-src 'self' * 'unsafe-inline' *.3qsdn.com *.payengine.de data: blob:; style-src 'self' *.googleapis.com *.gstatic.com 'unsafe-inline' *.vorteilsguru.de *.3qsdn.com; img-src * 'unsafe-inline' data:; script-src * 'unsafe-eval' 'unsafe-inline' blob:; font-src 'self' *.gstatic.com 'unsafe-inline' *.vorteilsguru.de *.3qsdn.com data: 2
upgrade-insecure-requests; report-uri /csp/report; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.milliman.com https://www.googletagmanager.com https://www.google-analytics.com https://www.buzzsprout.com https://bat.bing.com https://js.driftt.com https://js.adsrvr.org https://solutions.invocacdn.com https://milliman.aiproxies.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://analytics.cdn.aimediagroup.com https://pnapi.invoca.net https://googleads.g.doubleclick.net https://analytics.aimediagroup.com https://maps.googleapis.com https://snap.licdn.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://public.tableau.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://static.hotjar.com https://script.hotjar.com https://*.6sc.co https://static.cloud.coveo.com https://siteimproveanalytics.com https://www.clarity.ms; img-src 'self' data: https://*.milliman.com https://assets.buzzsprout.com https://www.google-analytics.com https://www.googletagmanager.com https://bat.bing.com https://cf-images.us-east-1.prod.boltdns.net https://analytics.aimediagroup.com https://milliman.aiproxies.com https://www.google.com https://www.google.ca https://match.adsrvr.org https://maps.googleapis.com https://maps.gstatic.com *.googleapis.com *.ggpht https://px.ads.linkedin.com https://www.linkedin.com https://p.adsymptotic.com https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://www.youtube.com https://public.tableau.com https://syndication.twitter.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://*.6sc.co https://*.siteimproveanalytics.io; style-src 'self' 'unsafe-inline' https://*.milliman.com https://fonts.googleapis.com https://cloud.typenetwork.com https://assets.buzzsprout.com https://platform.twitter.com https://ton.twimg.com; font-src 'self' https://*.milliman.com https://fonts.gstatic.com https://cloud.typenetwork.com https://ton.twimg.com https://fastly-cloud.typenetwork.com; frame-src 'self' https://www.arcgis.com https://*.milliman.com https://players.brightcove.net https://www.buzzsprout.com https://insight.adsrvr.org https://app.powerbi.com https://js.driftt.com https://milliman.maps.arcgis.com https://*.makeaclickablemap.com https://makeaclickablemap.com https://www.google.com https://assets.milliman.com https://milliman-milwaukee-reports.azurewebsites.net https://td.doubleclick.net/ https://twitter.com https://platform.twitter.com https://html5-player.libsyn.com https://bid.g.doubleclick.net https://www.youtube.com https://public.tableau.com https://vars.hotjar.com https://syndication.twitter.com https://milliman.aiproxies.com https://*.vimeo.com; child-src 'self' https://*.milliman.com https://players.brightcove.net https://www.buzzsprout.com https://app.powerbi.com https://milliman.maps.arcgis.com https://*.makeaclickablemap.com https://makeaclickablemap.com https://www.google.com https://assets.milliman.com https://milliman-milwaukee-reports.azurewebsites.net https://twitter.com https://www.twitter.com html5-player.libsyn.com https://bid.g.doubleclick.net; connect-src 'self' https://millimanproductionmo4t0l69.org.coveo.com https://*.milliman.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://assets5.lottiefiles.com https://*.analytics.org.coveo.com https://*.clarity.ms https://lottie.host https://assets9.lottiefiles.com https://analytics.cloud.coveo.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bat.bing.com  https://pnapi.invoca.net https://bam.nr-data.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://usageanalytics.coveo.com https://platform.cloud.coveo.com https://www.milliman.com https://us.milliman.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://maps.googleapis.com https://milliman.aiproxies.com https://*.6sc.co https://geolocation.onetrust.com https://secure.adnxs.com; upgrade-insecure-requests;  block-all-mixed-content; 2
frame-ancestors https://opengov.com https://procurement.ogstaging.us 2
frame-ancestors self; 2
frame-ancestors 'self' https://*.wapcar.my 2
frame-ancestors 'self' https://cart.penguinrandomhouse.com/ https://sites.dev.penguinrandomhouse.com/ https://sites.tst.penguinrandomhouse.com/ https://sites.prh.com/ https://iteratehq.com/ *.penguinrandomhouse.com *.dev.penguinrandomhouse.com *.tst.penguinrandomhouse.com 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-src *; img-src * data: blob:; object-src 'self'; form-action *; frame-ancestors 'self' https://captcha.gecirtnotification.com 2
frame-ancestors 'none';  block-all-mixed-content; 2
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * data: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; worker-src *.qare.fr *.public-prod.qare.tech *.public-dev.qare.tech *.public-staging.qare.tech *.eks.testing.qare.tech *.eks.dynamic.qare.tech *.public-external.qare.tech *.qare.io www.gstatic.com blob:; font-src * 2
default-src *.crazyegg.com *.cognigy.ai blob: wss: https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src https: data:; object-src 'self' blob:; media-src data:; 2
script-src 'unsafe-eval' 'self' blob: *.hcsctest.net *.hcsc.net 'sha256-uXvul1BzUGtLk4tj5Zg5gGJQDjBxPK2zm9gXj1WQBd4=' 'sha256-ehPVrgdV2GwJCE7DAMSg8aCgaSH3TZmA66nZZv8XrTg=' 'sha256-roBKNtTORGqYTZrY132I7LjnRPmJRBYk0vsWsfTJfi8=' 'sha256-Hu+TB+7+tbK6BX5NWGt+0M+Bq+eQTLzu4mfAdMsLwio=' 'sha256-m6IeQPb422Ecu6vAsJ4XwC+Q4Bnlo5vWz/eAbO1BMMY=' 'sha256-SPsZXjscKwSgFBbdcFRAE/GR7YyFgkl7d5tVBREd+pE=' 'sha256-SDHTnkuO02em0DcuwqvF5tDafRm8LYNMnYP+a2QMeyA=' 'sha256-oFLLqxbCZekFnkJfG4JJcqpyCzBF/l8PMUBQFcUbeZ0=' 'sha256-faXCajxRfsxc0bae7+yr2K8V6v+j+fXiAfrDzmO7g4o=' 'sha256-GvTqW2N1yqVSPv2NunuZcmhuOzJPlyqjIbTCod/tAWo=' 'sha256-DmzNnZo/dKWxeeIrc7o2Qln6ZXMz6DCUkXbQ9r/1uBM=' 'sha256-ehPVrgdV2GwJCE7DAMSg8aCgaSH3TZmA66nZZv8XrTg=' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' 'sha256-uXvul1BzUGtLk4tj5Zg5gGJQDjBxPK2zm9gXj1WQBd4=' *.decibelinsight.net *.twitter.com hcsctest.net *.bcbsil.com *.bcbstx.com *.hcsc.net contentz.mkt922.com healthcareservicecorporation.sc.omtrdc.net resources.digital-cloud-west.medallia.com dx.steelhousemedia.com cdn.decibelinsight.net *.facebook.net *.googleadservices.com bat.bing.com *.googletagmanager.com nexus.ensighten.com *.google-analytics.com js-cdn.dynatrace.com assets.adobedtm.com googleads.g.doubleclick.net gateway.foresee.com dx.steelhousemedia.com *.kampyle.com *.medallia.com, frame-src 'self' *.twitter.com hcsc.demdex.net players.brightcove.net *.youtube.com resources.digital-cloud-west.medallia.com healthcareservicecorporation.sc.omtrdc.net *.kampyle.com *.medallia.com, frame-ancestors 'self', worker-src 'self' blob: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' ipredictive.com *.adyen.com adyen.com *.scene7.com adgrx.com demdex.net ads.yieldmo.com a.bigcontent.io adnxs.com attentivemobile.com *.attn.tv attn.tv *.audioeye.com audioeye.com bidswitch.net *.btttag.com www.bluecore.com bluekai.com *.creativecdn.com certona.net www.res-x.com cloudflare.com *.cloudfront.net cloudfront.net *.coach.com *.cquotient.com cquotient.com *.criteo.net criteo.net *.criteo.com criteo.com w55c.net *.doubleclick.net *.facebook.com *.facebook.net facebook.net fonts.net *.fonts.net *.fonts.com *.forter.com forter.com stickyadstv.com v.fwmrm.net www.google.co.in *.google.com www.google.de www.googleadservices.com googleapis.com cloudfunctions.net www.googletagmanager.com *.google-analytics.com 360yield.com casalemedia.com ivitrack.com *.kargo.com kargo.com klarna.com *.klarna.com klarnacdn.net *.klarnacdn.net klarnaevt.com *.klarnaevt.com *.klarnaservices.com liadm.com addressy.com media.net mediavine.com mediawallahscript.com cookielaw.org postrelease.com needle.com agkn.com *.onetrust.com onetrust.com *.optimizely.com outbrain.com *.paypal.com www.paypalobjects.com pinimg.com pinterest.com *.powerreviews.com pubmatic.com qualtrics.com *.qualtrics.com *.quantummetric.com quantummetric.com rmp.rakuten.com revcontent.com rubiconproject.com sharethrough.com *.shoprunner.com smartadserver.com *.stuartweitzman.com stuartweitzman.com *.stuartweitzman.ca taboola.com www.talkable.com tangiblee.com tapad.com teads.tv *.tiktok.com tiktok.com *.adsrvr.org adsrvr.org tremorhub.com 3lift.com truefitcorp.com ad.smaato.net clmbtech.com mdhv.io postcodeanywhere.co.uk rqtrk.eu ws.rqtrk.eu techlab-cdn.com udmserve.net www.yext-pixel.com pcapredict.com *.bing.com api.bluecore.com api.bluecore.app edge1.certona.net cdnjs.cloudflare.com maps.googleapis.com us-central1-cohinc-146020.cloudfunctions.net cdn.cookielaw.org *.needle.com ct.pinterest.com *.rmp.rakuten.com cdn.tangiblee.com p11.techlab-cdn.com dpm.demdex.net ib.adnxs.com secure.adnxs.com x.bidswitch.net tags.bluekai.com www.gstatic.com fonts.gstatic.com aa.agkn.com s.pinimg.com pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com pixel.tapad.com *.truefitcorp.com ice.360yield.com dsum-sec.casalemedia.com hbx.media.net ssp-csync.smartadserver.com sync.taboola.com sync.teads.tv eb2.3lift.com services.postcodeanywhere.co.uk tapes11111.pcapredict.com tapestry.a.bigcontent.io api.addressy.com js-agent.newrelic.com sessions.bugsnag.com bam.nr-data.net events.attentivemobile.com exchange.mediavine.com r.casalemedia.com s.ad.smaato.net sync-t1.taboola.com cm.adgrx.com sync-criteo.ads.yieldmo.com *.pubmatic.com ad.360yield.com ads.stickyadstv.com criteo-sync.teads.tv contextual.media.net fluentdapi.stg.shoprunner.io i8.amplience.net *.amazonaws.com *.drivecommerce.com m.media-amazon.com apay-us.amazon.com static-na.payments-amazon.com rt.udmserve.net cdn.static.amplience.net partner.mediawallahscript.com matching.ivitrack.com i.liadm.com jadserve.postrelease.com tapestry.tapad.com trends.revcontent.com criteo-partners.tremorhub.com ade.clmbtech.com sync.outbrain.com mathtag.com dwin1.com iesnare.com mpsnare.iesnare.com bh.contextweb.com pixel.s3xified.com s.seedtag.com mixer.mobon.net sync.cootlogix.com cm-exchange.toast.com *.33across.com 33across.com *.lijit.com sync.bidence.net sync.1rx.io cm.mgid.com csync.loopme.me sync.e-planning.net idsync.rlcdn.com sync.console.adtarget.com.tr dynl.mktgcdn.com 1f2e7.v.fwmrm.net adx.dable.io cs.adingo.jp tg.socdm.com adgen.socdm.com sync.aralego.com us-u.openx.net vid.vidoomy.com cdn.honey.io cloudinary.com res.cloudinary.com usersync.gumgum.com sync.connectad.io inv-nets.admixer.net *.googlesyndication.com sync.addlv.smt.docomo.ne.jp t.adx.opera.com visitor.omnitagjs.com ad.tpmn.co.kr tst.kaptcha.com crwdcntrl.net www.google.com.ua *.Yahoo.com ad-stir.com sync.ad-stir.com gssprt.jp cs.gssprt.jp send.microad.jp s-cs.send.microad.jp www.google.ca simpli.fi ad.yieldlab.net sync.targeting.unrulymedia.com onetag-sys.com beacon.krxd.net cm.adform.net *.shoppinggives.com pippio.com tapestry.support jira.tapestry.support sentry.io *.mapbox.com *.force.com www.google.es www.google.by www.google.fr www.google.co.uk www.google.co.il www.google.com.sa www.google.com.vn www.google.rs www.google.com.bh www.google.com.br www.google.com.eg www.google.se www.google.it www.google.com.uy www.google.co.nz www.google.com.gt www.google.co.th www.google.co.kr www.google.ie www.google.bs www.google.pl www.google.com.mx www.google.com.sv www.google.co.cr www.google.ru www.google.tt www.google.co.ug www.google.rw www.google.com.pe www.google.com.lb www.google.com.hk www.google.com.ec www.google.com.gh www.google.com.ng www.google.com.co www.google.com.ar www.google.tn consent.linksynergy.com *.demandware.net *.katespade.com *.coachoutlet.com cm.meba.kr us.ck-ie.com b.admedia.com *.instagram.com api.capitaloneshopping.com cm.igaw.io rstyle.me cdn.ivaws.com link.shoplooks.com *.rewardstyle.com www.metziahs.com safe.menlosecurity.com us.ck-ie.com *.thebrighttag.com *.semasio.net sync.srv.stackadapt.com *.kampyle.com *.medallia.com *.aralego.net app.collectivevoice.com *.rewardStyle.com brandcycle.net link.shoplooks.com slooks.top smilekols.com go.magik.ly media.paroleparis.com c.fanstoshop qa.res-x.com google.com cdn.wyng.com *.bluecore.app *.liadm.com *.tapestry.com *.lilyai.net monetate.net *.monetate.net *.pixlee.co *.turnto.com *.edgecastcdn.net *.pixlee.com *.pixleeteam.com *.pxlecdn.com *.shopify.com *.cdn.shopifycloud.com shop.app *.shopifysvc.com *.stripe.com data: blob:; 2
frame-ancestors 'self' *.genesazrak.com *.888casinoarabic.net *.arabiccasino888.com *.casinoarabic888.com *.casinoarabic-888.com *.888-casinoarabic.com *.888casino-arabic.com http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ http://localhost:* https://localhost:* *.bingosys.net *.secured-igaming-usa.com *.888.pt *.sisportsbook.com *.888poker.de *.888slots.de *.safe-iplay.com http://*.safe-iplay.com http://*.888sport.com http://*.sisportsbook.com http://*.secured-igaming-usa.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888ladies.com *.888.pt cmsp *.harrahscasino.com *.wsop.com *.delawarepark.com *.doverdowns.com *.harringtongamingonline.com *.secured-igaming-services.com *.secured-igaming-usa.com *.igaming-services.com *.888.ca *.888casino.ca *.888poker.ca *.888sport.ca *.888.nl *.888casino.nl *.888poker.nl *.888sport.nl *.ar-888-casino.com *.888casino-ar.com *.ar888-casino.com *.arab888-casino.com *.casinoelarab-888.com *.alarab-888casino.com *.casinoalarab-888.com *.888casino-alarab.com *.888casino-arabian.com *.arabian-888casino.com *.888-casino-arabian.com *.888-casino-alarab.com *.ballysdover.com *.888casino-uae.com *.playat888-games.com *.888casino-game.com *.online-arabic-casino.net *.tripleeight.live *.playat888online.com *.888games-uae.com *.triple-eight-games.com *.play-casino-now.com *.888slots-uae.com *.888-uae.com *.mrgreen.de *.mrgreen.se *.mrgreen.com *.mrgreen.dk *.williamhill.com *.williamhill.local *.williamhill-pp2.com *.williamhill-pp1.es *.williamhill.es *.williamhill-pp1.it *.williamhill.it 2
https://miclarocorp.z01.azurefd.net https://fonts.googleapis.com 2
upgrade-insecure-requests ; default-src 'none'; img-src 'self' https://*.apple.com https://*.mzstatic.com data:; style-src 'self' https://*.apple.com 'unsafe-inline'; font-src 'self' https://*.apple.com; media-src 'self' https://*.apple.com blob:; connect-src 'self' https://*.apple.com https://*.mzstatic.com; script-src 'self' https://*.apple.com 'unsafe-eval' 'sha256-4ywTGAe4rEpoHt8XkjbkdOWklMJ/1Py/x6b3/aGbtSQ=' blob:; frame-src 'self' https://*.apple.com itmss: itms-appss: itms-bookss: itms-itunesus: itms-messagess: itms-podcasts: itms-watchs: macappstores: musics: apple-musics: podcasts: videos:; 2
default-src 'self'; child-src 'self' www.facebook.com www.youtube.com vk.com yastatic.net api-maps.yandex.ru google.com www.google.com login.vk.com connect.ok.ru connect.facebook.net staticxx.facebook.com widget.payselection.com widget2.payselection.com widget.cloudpayments.ru; frame-src 'self' egrp365.org extra.egrp365.org extra.egrp365.ru docs.google.com www.facebook.com www.youtube.com vk.com yastatic.net api-maps.yandex.ru google.com www.google.com login.vk.com connect.ok.ru connect.facebook.net staticxx.facebook.com widget.payselection.com widget2.payselection.com widget.cloudpayments.ru yandex.ru mc.yandex.ru; script-src 'unsafe-inline' 'unsafe-eval' 'self' ajax.cloudflare.com *.egrp365.org widgets.egrp365.ru extra.egrp365.ru yastatic.net vk.com m.vk.com login.vk.com connect.ok.ru connect.facebook.net yandex.ru api-maps.yandex.ru *.maps.yandex.net *.maps.yandex.ru www.google-analytics.com www.googletagmanager.com mc.yandex.ru cdn.jsdelivr.net cdn.mxpnl.com *.jivosite.com *.jivo.ru www.gstatic.com www.google.com http://188.166.98.145 https://pkk.rosreestr.ru pkkn.egrp365.org https://dev.virtualearth.net widget.payselection.com widget.cloudpayments.ru mc.webvisor.org; style-src 'unsafe-inline' 'self' *.egrp365.ru *.egrp365.org api-maps.yandex.ru fonts.googleapis.com *.jivo.ru *.jivosite.com; img-src data: 'self' https: http://*.rosreestr.ru *.egrp365.org *.maps.yandex.net *.maps.yandex.ru *.img.avito.st cdn-p.cian.site cdn.n1.ru; font-src data: 'self' egrp365.ru egrp365.org fonts.gstatic.com fonts.googleapis.com themes.googleusercontent.com cdn.saas-support.com; connect-src https: http://*.rosreestr.ru wss://*.jivosite.com wss://*.jivo.ru http://127.0.0.1:4059 'self' egrp365.ru wss://egrp365.ru; object-src 'self' egrp365.ru; media-src *.jivo.ru; report-uri /cspn.php; 2
default-src 'self' data: https://*.commerce.gov https://www.eda.gov https://eda.gov https://*.eda.gov https://unpkg.com https://*.basemaps.cartocdn.com https://*.vimeo.com https://*.googletagmanager.com https://polyfill.io https://www.googletagmanager.com https://*.mbda.gov https://*.d.commerce.gov https://content.govdelivery.com https://www.google-analytics.com https://use.fontawesome.com https://dap.digitalgov.gov https://*.twitter.com https://*.twimg.com https://*.youtube.com https://livestream.com https://*.livestream.com https://api.new.livestream.com https://emenuapps.ita.doc.gov https://rev-vbrick.uspto.gov https://*.facebook.com https://*.mapbox.com https://*.cloudflare.com https://*.tile.openstreetmap.org https://git.commerce.gov https://cdn.siteimprove.net https://youtube-nocookie.com https://translate.google.com https://www.gstatic.com https://fonts.gstatic.com https://app.powerbigov.us https://*.googleapis.com https://www.youtube-nocookie.com https://api.data.gov https://*.uspto.gov 'unsafe-inline' 'unsafe-eval' ;upgrade-insecure-requests; 2
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.sharethis.com *.botmd.io *.google-analytics.com  cdn.ampproject.org; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.simsys.sg *.sharethis.com *.cdninstagram.com *.botmd.io *.s3.amazonaws.com *.google-analytics.com *.google.com *.google.com.sg; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.sharethis.com player.vimeo.com *.facebook.com *.youtube.com *.botmd.io *.google.com https://form.gov.sg td.doubleclick.net youtu.be; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.sharethis.com bcp.crwdcntrl.net *.ent.ap-southeast-1.aws.found.io *.google-analytics.com https://stats.g.doubleclick.net *.amazonaws.com https://data.stbuttons.click/data c.ltmsphrcl.net; media-src 'self' data: blob: *.cdninstagram.com *.botmd.io *.s3.amazonaws.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: data:; object-src 'none' 2
default-src 'self' https://static.ojohosts.ca https://ojohomes-static.prod.ojocore.ca https://mls-photos.ojo.ca https://www.houseful.ca/; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.bing.com https://www.houseful.ca/ https://cdn.jsdelivr.net https://js.usemessages.com https://a.quora.com https://js.hscollectedforms.net https://qvdt3feo.com https://appleid.cdn-apple.com https://static.ojohosts.ca *.houseful.ca https://ojohomes-static.prod.ojocore.ca https://dev.visualwebsiteoptimizer.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://login.dev.houseful.ca https://login.stage.houseful.ca https://login.houseful.ca https://www.gstatic.com https://storage.googleapis.com *.googleapis.com *.google.com *.google.co.in https://app.satismeter.com *.stackadapt.com *.pinimg.com https://briskpelican.io https://js.hs-scripts.com https://login.dev.houseful.ca https://login.stage.houseful.ca https://login.houseful.ca https://js.hs-banner.com https://js.hs-analytics.net https://js.hsadspixel.net https://edge.fullstory.com https://rs.fullstory.com; style-src 'self' 'unsafe-inline' https://www.houseful.ca/ https://www.google-analytics.com https://cdn.ojo.me https://static.ojohosts.ca https://ojohomes-static.prod.ojocore.ca *.googleapis.com *.google.com *.stackadapt.com; font-src 'self' 'unsafe-inline' https://www.houseful.ca/ https://cdn.ojo.me https://static.ojohosts.ca https://ojohomes-static.prod.ojocore.ca https://fonts.gstatic.com; img-src 'self' data: blob: https://mls-photos.ojo.ca *.clarity.ms *.bing.com *.stackadapt.com *.doubleclick.net https://fonts.gstatic.com https://www.houseful.ca/ https://static.ojohosts.ca https://staging-img.ojohosts.ca https://static.ojohosts.ca https://ojohomes-static.prod.ojocore.ca https://forms.hsforms.com https://www.googletagmanager.com https://staging-img.movoto.com https://www.facebook.com https://connect.facebook.net https://www.google-analytics.com https://dev.visualwebsiteoptimizer.com *.google.com *.google.co.in *.google.ca *.googleapis.com https://login.dev.houseful.ca https://login.stage.houseful.ca https://login.houseful.ca https://maps.gstatic.com *.ggpht.com *.pinterest.com *.quora.com https://track.hubspot.com  https://photos.wolfnet.com; connect-src 'self' https://www.houseful.ca/ https://ojohomes-boundaries.prod.ojocore.ca https://ojohomes-boundaries.dev.ojocore.ca *.ojocore.ca *.oktapreview.com https://q.quora.com https://pagead2.googlesyndication.com https://api.hubspot.com https://google.com *.google.com *.clarity.ms *.bing.com https://forms.hscollectedforms.net https://cdn.ojo.me *.google.com *.google.co.in *.google.ca https://www.google-analytics.com https://stats.g.doubleclick.net https://static.ojohosts.ca https://ojohomes-static.prod.ojocore.ca *.googleapis.com *.facebook.com https://app.satismeter.com *.stackadapt.com https://login.dev.houseful.ca https://login.stage.houseful.ca https://login.houseful.ca *.pinterest.com https://briskpelican.io https://api.hubapi.com https://analytics.crea.ca https://edge.fullstory.com https://rs.fullstory.com; object-src 'self' https://www.houseful.ca/; worker-src 'self' https://www.houseful.ca/; frame-ancestors 'self' *.houseful.ca *.datadoghq.com; frame-src 'self' *; 2
font-src https://themes.googleusercontent.com https://fonts.gstatic.com https://www.concentrix.com https://fonts.googleapis.com https://cnxc.wpenginepowered.com https://www.concentrix.com https://gallery.concentrix.com https://lottiefiles.com data www.concentrix.com https://cdn.knightlab.com/; frame-ancestors https://munchkin.marketo.net https://www.concentrix.com https://cnxc.wpenginepowered.com https://www.concentrix.com 'self' https://gallery.concentrix.com www.concentrix.com; 2
default-src 'self' *.capitaland.com *.capitastar.com the-ascott.com *.the-ascott.com *.adobedtm.com *.instagram.com *.facebook.com *.twitter.com *.linkedin.com youtube.com *.youtube.com *.trustarc.com googletagmanager.com *.googletagmanager.com *.googleadservices.com *.nr-data.net *.newrelic.com *.addthis.com *.googleapis.com *.addthisedge.com *.moatads.com *.adobedtm.com *.stackla.com *.google.com *.google.com.vn *.gstatic.com *.google.com.sg *.recaptcha.net *.shareinvestor.com *.baidu.com *.youku.com *.wisers.net weibo.com *.ascendas-reit.com *.a-itrust.com *.facebook.net *.ascottresidencetrust.com *.cict.com.sg *.clct.com.sg cmmt.com.my *.capita3eats.com *.google-analytics.com *.eunoia.asia ecapitamall.com *.turn.com *.licdn.com *.doubleclick.net *.adsrvr.org capitaland.sc.omtrdc.net *.zencdn.net *.mediaiqdigital.com *.demdex.net capitaland.tt.omtrdc.net *.bdimg.com *.everesttech.net js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.usemessages.com *.hubspot.com www.google-analytics.com *.adsymptotic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.cloudflare.com tracker.sqreemtech.com code.jquery.com *.vimeo.com chio.space *.clickdimensions.com *.ads-twitter.com t.co s3-ap-southeast-1.amazonaws.com my.matterport.com *.sqreemtech.com analyticswritenew.xerevo.com *.polyv.net *.videocc.net *.fbcdn.net *.justeasy.cn *.cdninstagram.com *.twimg.com *.ytimg.com *.typeform.com *.logwork.com logwork.com *.youtube-nocookie.com *.tiktok.com *.amgdgt.com www.onemap.gov.sg www.discoverasr.com *.appier.net id5-sync.com *.id5-sync.com *.crwdcntrl.net *.force.com *.salesforce.com *.salesforceliveagent.com kuula.co *.outbrain.com unpkg.com ir.capitalandinvest.com *.ttwstatic.com *.datawrkz.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://capitaland-studio.vercel.app https://trk.ultraind.in capitaland.my.site.com *.spaceconnect.co cdn.linkedin.oribi.io addtoany.com *.addtoany.com *.outbrain.com gv.com.sg *.gv.com.sg snow-shaw-cdn.azureedge.net *.snow-shaw-cdn.azureedge.net cdn.brand-display.com data: 'unsafe-eval' 'unsafe-inline' blob:; 2
default-src 'self' ajax.googleapis.com maxcdn.bootstrapcdn.com irs.tools.investis.com *.analytics.google.com *.google.com *.google-analytics.com fonts.gstatic.com; img-src 'self' 'unsafe-inline' * data: www.w3.org irs.tools.investis.com; frame-src 'self' *.investis.com *.youtube.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.youtube-nocookie.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com fonts.googleapis.com maxcdn.bootstrapcdn.com irs.tools.investis.com fonts.gstatic.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.investisdigital.com fast.fonts.net; font-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com fast.fonts.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.analytics.google.com *.google.com *.google-analytics.com ajax.googleapis.com irs.tools.investis.com *.googletagmanager.com *.google-analytics.com *.investisdigital.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.lfeeder.com *.youtube.com youtube-nocookie.com; connect-src 'self' *.investisdigital.com ajax.googleapis.com *.googletagmanager.com *.analytics.google.com *.google.com *.google-analytics.com *.google-analytics.com maps.googleapis.com maps.google.com *.amazonaws.com stats.g.doubleclick.net; base-uri 'none'; 2
frame-ancestors 'self' https://*.clasquin.com https://clasquin.com 2
default-src 'self' blob: https://staffbase.com https://s15952.pcdn.co; report-uri https://casper-de1.staffbase.com/report/staffbase.com; script-src 'report-sample' 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://analytics.twitter.com https://bat.bing.com https://cdn.cookielaw.org https://cdn.linkedin.oribi.io/34930/ https://cdnjs.cloudflare.com/ajax/libs/dompurify/ https://connect.facebook.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.hubspot.com https://js.hscta.net https://*.hubspot.net https://*.hsforms.com https://googleads.g.doubleclick.net https://hackerone.com https://npmcdn.com/pikasso@4.2.0/build/umd.min.js https://pikasso-preview.bananatag.com https://j.6sc.co https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.hsforms.net https://*.hsleadflows.net https://*.qualified.com https://maps.googleapis.com https://okt.to/ping https://rum-static.pingdom.net https://snap.licdn.com https://static.ads-twitter.com https://static.oktopost.com/oktrk.js https://tagmanager.google.com https://tags.clickagy.com/data.js https://tracking.g2crowd.com https://ws.zoominfo.com https://www.gartner.com/reviews/public/Widget/js/widget.js https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://s15952.pcdn.co; font-src 'self' data: application/x-font-woff https://*.google-analytics.com https://cdn.getspeechify.com/hosted-fonts/GreycliffCF-*.woff2 https://fonts.staffbase.com https://www.gartner.com https://s15952.pcdn.co; img-src 'self' data: image/svg+xml https: https://s15952.pcdn.co; style-src https: 'self' 'unsafe-inline' 'report-sample'; connect-src https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat  'self' https://*.google-analytics.com https://*.pingdom.net https://*.ads.linkedin.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://aorta.clickagy.com/data https://api.ipstack.com https://app.qualified.com https://bat.bing.com https://*.6sc.co https://cdn.cookielaw.org https://cdn.linkedin.oribi.io/partner/34930/domain/staffbase.com/token https://*.hubapi.com https://js.hscta.net https://*.hsforms.com https://*.hubspot.com https://geolocation.onetrust.com https://hackerone.com https://hemsync.clickagy.com/external/hasHashes https://hubspot-forms-static-embed.s3.amazonaws.com https://*.6sc.co https://*.6sense.com https://*.hs-banner.com https://*.linkedin.oribi.io/event https://tracking.g2crowd.com https://privacyportal.onetrust.com https://secure.adnxs.com/getuidj https://staffbase-privacy-request.my.onetrust.com/request/v1/consentreceipts https://stats.g.doubleclick.net https://ws.zoominfo.com/pixel/collect https://www.facebook.com wss://app.qualified.com wss://ws.qualified.com https://s15952.pcdn.co; frame-src https:; media-src https:; frame-ancestors 'none'; 2
default-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com trck.spoteffects.net www.lotto.de m.lotto.de www.youtube.com; script-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com connect.facebook.net cdn.1tag.dentsu.de delivery.1tag.dentsu.de responder.wt-safetag.com tags.tiqcdn.com app.usercentrics.eu privacy-proxy.usercentrics.eu 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com www.google.com data1.bresera.com data1.open-dog.com connect.facebook.net tags.tiqcdn.com cdn.1tag.dentsu.de delivery.1tag.dentsu.de responder.wt-safetag.com tags.tiqcdn.com app.usercentrics.eu privacy-proxy.usercentrics.eu 'unsafe-inline' 'unsafe-eval'; style-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com translate.googleapis.com cdn.1tag.dentsu.de delivery.1tag.dentsu.de 'unsafe-inline'; style-src-elem 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com www.gstatic.com 'unsafe-inline'; connect-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com m.lotto.de www.lotto.de miframe.lotto.de iframe.lotto.de www.youtube.com trck.spoteffects.net cdn.1tag.dentsu.de delivery.1tag.dentsu.de www.facebook.com translate.googleapis.com api.usercentrics.eu consent-api.service.consent.usercentrics.eu aggregator.service.usercentrics.eu graphql.usercentrics.eu data:; font-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com fonts.gstatic.com api.rabatta.app data:; img-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com s.w.org ps.w.org www.gstatic.com secure.gravatar.com cdn.1tag.dentsu.de delivery.1tag.dentsu.de eurojackpot.webtrekk.net fbc.wcfbc.net ad3.adfarm1.adition.com imagesrv.adition.com i.ytimg.com www.facebook.com fonts.gstatic.com app.usercentrics.eu uct.service.usercentrics.eu www.googleadservices.com adservice.google.com *.googleapis.com www.google-analytics.com translate.google.com pagead2.googlesyndication.com www.google.ae www.google.al www.google.at www.google.ba www.google.be www.google.bg www.google.ca www.google.ch www.google.co.cr www.google.co.in www.google.co.kr www.google.com www.google.co.ma www.google.com.br www.google.com.cy www.google.com.do www.google.com.eg www.google.com.gh www.google.com.gt www.google.com.mx www.google.com.ph www.google.com.sg www.google.com.tr www.google.com.ua www.google.co.th www.google.co.uk www.google.co.ve www.google.co.za www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gm www.google.gr www.google.hr www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.lk www.google.lu www.google.lv www.google.me www.google.mk www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk data:; child-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com www.googleapis.com cdn.1tag.dentsu.de delivery.1tag.dentsu.de; frame-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com m.lotto.de www.lotto.de lotto.de www.youtube-nocookie.com www.facebook.com app.usercentrics.eu; base-uri 'self'; report-uri https://1934a11189c9ec9d302de0ee10e4c650.report-uri.com/r/t/csp/enforce 2
frame-ancestors 'self' www.amway.com.au www.amway.co.nz www.amway.com.vn www.amway.my www.amway.sg www.amway.com.bn www.amway.com.ph admin.amway.my admin.amway.sg admin.amway.com.bn 2
object-src 'none'; upgrade-insecure-requests; block-all-mixed-content 2
default-src * data: blob: 'unsafe-inline' 'unsafe-eval' frame-ancestors: 'self' *.mheducation.com; 2
default-src 'self' blob:  p11.techlab-cdn.com; font-src 'self' * data: ; connect-src 'self' *.visualwebsiteoptimizer.com app.vwo.com * p11.techlab-cdn.com; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com app.vwo.com * blob:  p11.techlab-cdn.com; script-src-elem 'unsafe-inline' 'self' *.visualwebsiteoptimizer.com app.vwo.com * blob:  p11.techlab-cdn.com;	img-src 'self' *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com * data:; worker-src 'self' blob:; frame-src 'self' app.vwo.com *.visualwebsiteoptimizer.com *; media-src 'self' library.homeserve.com; 2
frame-ancestors 'self' *.teledyne.com 2
default-src 'self' * script-src 'self' 'unsafe-eval'  style-src * 'unsafe-inline' data: 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; object-src 'none'; base-uri 'none'; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' https: data:; media-src 'self' https: data: blob:; style-src 'self' 'unsafe-inline'; default-src 'self' https: wss:; trusted-types default goog#html; font-src 'self' data:; 2
font-src fonts.gstatic.com use.typekit.net *.cdnfonts.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com https://media.flixcar.com https://media.flixfacts.com *.oppwa.com https://cdn.cs.1worldsync.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com https://credomatic.compassmerchantsolutions.com https://integracion.alignetsac.com https://eu-test.oppwa.com https://staging.ptranz.com/api/spi/Conductor https://gateway.ptranz.com/api/spi/Conductor https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://vpayment.verifika.com https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.twitter.com https://service.force.com/ https://h.online-metrix.net https://www.facebook.com/ https://integracion.alignetsac.com https://eu-test.oppwa.com https://preaprobados.unicomer.com/ https://lacuracaoapps.com/ https://unicomer-ecuador-guayaquil.dispatchtrack.com/ https://unicomer-ecuador-quito.dispatchtrack.com/ https://ficohsa.pixelpay.app https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://ppipe.net https://vpayment.verifika.com https://media.flixcar.com https://hp.omnitok.com/ https://front-notrack.indexado.production.pmbox.cloud https://pagostest.datafast.com.ec https://eu-test.ppipe.net https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com/ https://www.youtube.com https://www.facebook.com/ connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com https://service.force.com/ https://h.online-metrix.net https://integracion.alignetsac.com https://eu-test.oppwa.com https://preaprobados.unicomer.com/ https://lacuracaoapps.com/ https://unicomer-ecuador-guayaquil.dispatchtrack.com/ https://unicomer-ecuador-quito.dispatchtrack.com/ https://ficohsa.pixelpay.app https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://ppipe.net https://vpayment.verifika.com https://media.flixcar.com https://hp.omnitok.com/ https://front-notrack.indexado.production.pmbox.cloud https://pagostest.datafast.com.ec https://eu-test.ppipe.net https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.v1.modern-life-interactive.com https://v1.modern-life-interactive.com hn.ficoposonline.com *.cloudfront.net https://notrack.indexado.pmbox.cloud media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://centinelapistag.cardinalcommerce.com/ https://www.mcprod.courts.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com https://vpos.infonet.com.py/ https://vpos.infonet.com.py:8888/ https://centinelapi.cardinalcommerce.com https://centinelapi.cardinalcommerce.com/V1/Cruise/Collect 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://www.magezon.com https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://lcoimgprod-grupounicomer.netdna-ssl.com https://cmsuat.lacuracaonline.com https://maps.gstatic.com https://maps.googleapis.com/ *.online-metrix.net https://radioshackla-uat-grupounicomer.netdna-ssl.com https://log.pinterest.com https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://eu-test.oppwa.com https://img.youtube.com https://unicomer--c.na100.visual.force.com https://unicomer--c.vf.force.com https://unicomer.lightning.force.com https://unicomer.my.salesforce.com https://unicomer--uat.sandbox.my.site.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec *.demoup.com https://media.flixcar.com https://rt.flix360.com https://event.syndigo.cloud https://event.webcollage.net https://fonts.gstatic.com https://www.googletagmanager.com https://d3np41mctoibfu.cloudfront.net https://media.flixfacts.com https://content.syndigo.com https://s3-sa-east-1.amazonaws.com *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.ggpht.com https://cdn.cs.1worldsync.com https://files.alquimio.cloud https://fichashppervasive.blob.core.windows.net *.cc.cnetcontent.com https://mycliplister.com/ *.igodigital.com/ https://grupounicomerhelp.zendesk.com https://static.zdassets.com *.zendesk.com/ media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com * www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-ds.com www.googletagmanager.com *.fontawesome.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu https://h.online-metrix.net *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.cdnfonts.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu https://service.force.com https://integracion.alignetsac.com https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://eu-test.oppwa.com https://gollo.force.com https://unicomer.my.site.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://vpayment.verifika.com https://unicomer--uat.sandbox.my.site.com https://media.flixcar.com https://www.googletagmanager.com https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.1worldsync.com media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com unsafe-inline assets.braintreegateway.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline'; object-src https://h.online-metrix.net *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://image.unicomermktg.com 'self' blob: *.demoup.com *.oppwa.com https://static.zdassets.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net * www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com https://maps.googleapis.com https://service.force.com/ https://log.pinterest.com https://h.online-metrix.net https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://integracion.alignetsac.com https://eu-test.oppwa.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx blob: media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: http://c.statcounter.com https://www.google.com http://www.google.com http://csi.gstatic.com http://localhost:29838; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 2
object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 2
base-uri 'self'; connect-src 'self' data: https://*.applicationinsights.azure.com https://matomo.dekra.bawue.com https://*.clarity.ms https://*.g.doubleclick.net https://dekra-dev-search-api.e-spirit.cloud https://dekra-search-api.e-spirit.cloud https://*.google.at https://*.google.be https://*.google.cl https://*.google.co.jp https://*.google.co.uk https://*.google.com https://*.google.com.br https://*.google.com.tw https://*.google.com.ua https://*.google.co.cr https://*.google.cz https://*.google.de https://*.google.es https://*.google.fi https://*.google.fr https://*.google.hr https://*.google.hu https://*.google.co.in https://*.google.it https://*.google.co.kr https://*.google.lu https://*.google.co.ma https://*.google.com.mx https://*.google.nl https://*.google.pl https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.se https://*.google.sk https://*.google-analytics.com https://maps.googleapis.com https://*.googletagmanager.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://cdn.linkedin.oribi.io https://dc.services.visualstudio.com https://*.linkedin.com https://api.newsletter2go.com https://*.snapengage.com; default-src 'none'; manifest-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com; form-action 'self'; frame-ancestors 'self' https://dekra.e-spirit.hosting https://dekradev.e-spirit.hosting https://dekraqa.e-spirit.hosting; frame-src 'self' https://*.doubleclick.net https://vars.hotjar.com https://player.vimeo.com https://www.youtube.com; img-src 'self' data: https://*.baidu.com https://*.bing.com https://*.clarity.ms https://media.dekra.com https://media-test.dekra.com https://*.g.doubleclick.net https://dekra-media.e-spirit.cloud https://dekradev-media.e-spirit.cloud https://dekraqa-media.e-spirit.cloud https://dekraprod-media.e-spirit.cloud https://connect.facebook.net https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/ https://*.google.at https://*.google.be https://*.google.cl https://*.google.co.jp https://*.google.co.uk https://*.google.com https://*.google.com.br https://*.google.com.tw https://*.google.com.ua https://*.google.co.cr https://*.google.cz https://*.google.de https://*.google.es https://*.google.fi https://*.google.fr https://*.google.hr https://*.google.hu https://*.google.co.in https://*.google.it https://*.google.co.kr https://*.google.lu https://*.google.co.ma https://*.google.com.mx https://*.google.nl https://*.google.pl https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.se https://*.google.sk https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://maps.gstatic.com https://*.hotjar.com https://px.ads.linkedin.com https://*.snapengage.com https://i.ytimg.com; media-src https://dekra-media.e-spirit.cloud https://dekradev-media.e-spirit.cloud https://dekraqa-media.e-spirit.cloud https://dekraprod-media.e-spirit.cloud; object-src 'none'; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://hm.baidu.com https://matomo.dekra.bawue.com https://www.clarity.ms https://googleads.g.doubleclick.net https://dekra.e-spirit.hosting https://dekradev.e-spirit.hosting https://dekraqa.e-spirit.hosting https://connect.facebook.net https://www.google.com https://www.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.hotjar.com https://*.hs-scripts.com https://snap.licdn.com https://*.snapengage.com https://webforms-live.dekra.com/static/webforms.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com; upgrade-insecure-requests 2
frame-ancestors aima.gov.pt www-qld.aima.gov.pt 2
frame-ancestors 'self';upgrade-insecure-requests; report-uri https://l.iplsc.com/logger/ 2
frame-ancestors 'self' *.realescort.fi *.realescort.eu *.realescort.se *.realescort.dk; img-src 'self' data: *.realescort.fi *.realescort.eu *.realescort.se *.realescort.dk storage.googleapis.com 2
default-src 'self' *.novica.com *.novica.net;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';img-src * data:;frame-src *;connect-src *;media-src *;font-src *;worker-src * blob:; 2
frame-ancestors 'self' https://english-improve.com/ https://english-improve.stage-boosters.com https://stage.spanish-boost.com https://spanish-boost.com 2
frame-ancestors 'self' https://status.4me.com;img-src 'self' data: https://forms.hsforms.com  https://track.hubspot.com  https://px.ads.linkedin.com  https://www.google-analytics.com  https://www.google.be  https://c.clarity.ms  https://www.googletagmanager.com  https://www.google.nl  https://forms-na1.hsforms.com  https://itrp-blog.s3-accelerate.amazonaws.com  https://lh6.googleusercontent.com  https://lh5.googleusercontent.com  https://googleads.g.doubleclick.net  https://www.google.de  https://lh3.googleusercontent.com  https://www.google.ca  https://www.google.co.uk  https://www.google.at  https://i.vimeocdn.com  https://www.g2.com  https://pagead2.googlesyndication.com  https://www.google.com.ph  https://www.google.co.kr  https://www.google.fr  https://www.google.ro  https://www.google.com.tr  https://i.ytimg.com  https://www.google.rs  https://www.google.co.in  https://www.google.co.za  https://www.google.com.vn  https://www.google.fi  https://www.google.it  https://www.google.pt  https://www.google.es  https://adservice.google.com  https://stats.g.doubleclick.net  https://www.google.rw  https://translate.google.com  https://fonts.gstatic.com  https://www.google.ch  https://www.google.is  https://www.google.com.eg  https://www.google.pl  https://www.google.dk  https://www.google.ie  https://www.google.com.ng  https://www.google.com.au  https://www.google.hr  https://www.google.com.sa  https://www.google.com.tw  https://www.google.co.jp  https://www.google.kz  https://www.google.sk  https://translate.googleapis.com  https://www.gstatic.com  https://www.google.ru  https://safetyculture.com  https://www.shutterstock.com  https://www.nationalretail.org.au  https://www.google.lu  https://webeo-web-content.s3-eu-west-1.amazonaws.com  https://www.google.se  https://www.google.li  https://www.google.no  https://www.google.co.nz  https://www.google.co.id  https://region1.google-analytics.com  https://d3fvlpdr5b7667.cloudfront.net  https://lh4.googleusercontent.com  https://www.google.si  https://www.google.com.co  https://www.google.com.mx  https://www.google.com.sg  https://www.google.com.hk  https://www.google.co.th  https://www.google.am  https://www.google.co.ke  https://www.google.com.gh  https://www.google.com.br  https://c.bing.com  https://www.google.com.bd  https://secure.herb2warn.com  https://dc.ads.linkedin.com  https://www.google.ae  https://www.google.cz  https://www.google.ge  https://www.linkedin.com  https://www.google.com.ua  https://www.google.bg  https://www.google.com.qa  https://www.google.hu  https://really-simple-ssl.com  https://www.google.com.mm  https://www.google.ps  https://www.google.com.do  https://www.google.lk  https://imgsct.cookiebot.com  https://www.google.mu  https://www.google.im  https://www.google.com.my  https://www.google.com.np  https://www.google.by  https://www.google.tn  https://www.google.co.il  https://www.google.lt  https://www.google.gr  https://www.google.co.ug  https://ssl.google-analytics.com  https://www.google.ee  https://exceptions.hs-embed-reporting.com  https://www.google.me  https://www.google.com.ar  https://www.google.com.pk  https://b.6sc.co  https://secure.gravatar.com https://ts.w.org https://s.w.org https://ps.w.org ; default-src 'self'; script-src 'self' 'unsafe-inline' https://consent.cookiebot.com  https://www.googletagmanager.com  https://js.hsleadflows.net  https://js.hscollectedforms.net  https://js.hs-scripts.com  https://consentcdn.cookiebot.com  https://js.hs-banner.com  https://secure.herb2warn.com  https://snap.licdn.com  https://www.google-analytics.com  https://js.hs-analytics.net  https://www.clarity.ms  https://googleads.g.doubleclick.net  https://4me-status.instatus.com  https://js.hsadspixel.net  https://www.youtube.com  https://js.hsforms.net  https://boards.greenhouse.io  https://pagead2.googlesyndication.com  https://www.googleadservices.com  https://tpc.googlesyndication.com  https://player.vimeo.com  https://translate.google.com  https://translate.googleapis.com  https://webeo-web-content.s3-eu-west-1.amazonaws.com  data:  https://apis.google.com  https://cdnjs.cloudflare.com  https://connect.facebook.net  https://www.google.com  https://js.stripe.com  webkit-masked-url://hidden/  https://securepubads.g.doubleclick.net  https://ssl.google-analytics.com  https://j.6sc.co  https://status.4me.com  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://consent.cookiebot.com  https://www.googletagmanager.com  https://js.hsleadflows.net  https://js.hscollectedforms.net  https://js.hs-scripts.com  https://consentcdn.cookiebot.com  https://js.hs-banner.com  https://secure.herb2warn.com  https://snap.licdn.com  https://www.google-analytics.com  https://js.hs-analytics.net  https://www.clarity.ms  https://googleads.g.doubleclick.net  https://4me-status.instatus.com  https://js.hsadspixel.net  https://www.youtube.com  https://js.hsforms.net  https://boards.greenhouse.io  https://pagead2.googlesyndication.com  https://www.googleadservices.com  https://tpc.googlesyndication.com  https://player.vimeo.com  https://translate.google.com  https://translate.googleapis.com  https://webeo-web-content.s3-eu-west-1.amazonaws.com  data:  https://apis.google.com  https://cdnjs.cloudflare.com  https://connect.facebook.net  https://www.google.com  https://js.stripe.com  webkit-masked-url://hidden/  https://securepubads.g.doubleclick.net  https://ssl.google-analytics.com  https://j.6sc.co  https://status.4me.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://www.gstatic.com  https://cdn.jsdelivr.net  https://webeo-web-content.s3-eu-west-1.amazonaws.com  https://www.googletagmanager.com  https://www.4me.com ; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com  https://www.gstatic.com  https://cdn.jsdelivr.net  https://webeo-web-content.s3-eu-west-1.amazonaws.com  https://www.googletagmanager.com  https://www.4me.com ; font-src 'self' https://fonts.gstatic.com  https://cdn.jsdelivr.net  https://static.hsappstatic.net  https://static.zohocdn.com  data:; frame-src 'self' https://4me-status.instatus.com  https://consentcdn.cookiebot.com  https://td.doubleclick.net  https://www.youtube.com  https://boards.greenhouse.io  https://player.vimeo.com  https://tpc.googlesyndication.com  https://forms.hsforms.com  https://www.googletagmanager.com  null  https://static.hsappstatic.net  https://js.hscollectedforms.net  https://js.stripe.com  https://block.opendns.com  http://td.doubleclick.net.x.144ddf7b0b3b2047fd0a87d06c30fb8b7f64.d0452397.id.opendns.com  https://gateway.zscalertwo.net  https://status.4me.com  blob:; connect-src 'self' https://forms.hscollectedforms.net  https://consentcdn.cookiebot.com  https://www.google-analytics.com  https://4me-status.instatus.com  https://px.ads.linkedin.com  https://region1.google-analytics.com  https://reallyfreegeoip.org  https://analytics.google.com  https://api.hubapi.com  https://v.clarity.ms  https://forms.hsforms.com  https://pagead2.googlesyndication.com  https://forms.hubspot.com  https://region1.analytics.google.com  https://u.clarity.ms  https://adservice.google.com  https://s.clarity.ms  https://stats.g.doubleclick.net  https://y.clarity.ms  https://p.clarity.ms  https://n.clarity.ms  https://t.clarity.ms  https://j.clarity.ms  https://o.clarity.ms  https://r.clarity.ms  https://x.clarity.ms  https://k.clarity.ms  https://www.google.at  https://f.clarity.ms  https://z.clarity.ms  https://www.g2.com  https://w.clarity.ms  https://www.google.de  https://www.google.nl  https://www.google.fr  https://q.clarity.ms  https://d.clarity.ms  https://i.clarity.ms  https://www.google.co.za  https://www.google.be  https://hubspot-forms-static-embed.s3.amazonaws.com  https://e.clarity.ms  https://www.google.dk  https://www.google.ie  https://www.google.com.tr  https://b.clarity.ms  https://www.google.com.eg  https://www.google.ca  data:  https://www.google.ch  https://www.google.kz  https://www.google.sk  https://translate.googleapis.com  https://ldynamicspublicapi.leadforensics.com  https://www.google.co.uk  https://www.google.pl  https://www.google.es  https://yoast.com  https://www.google.ru  https://h.clarity.ms  https://www.google.com.au  https://www.google.co.id  https://www.google.com.my  https://www.google.co.kr  https://www.google.co.in  https://www.google.com.hk  https://www.google.hr  https://l.clarity.ms  https://a.clarity.ms  https://www.google.lu  https://googleads.g.doubleclick.net  https://www.google.pt  https://www.google.com.ng  https://www.google.com.ua  https://www.clarity.ms  https://www.google.hu  https://www.google.com.br  https://www.google.se  https://www.google.com.do  https://www.google.lk  https://m.clarity.ms  https://www.google.it  https://www.google.li  https://www.google.ae  https://www.google.com.ph  https://g.clarity.ms  https://www.google.co.ke  https://www.google.com.sg  https://www.google.rs  https://www.google.co.th  https://www.google.co.jp  https://www.google.no  https://www.google.com.mx  https://securepubads.g.doubleclick.net  https://www.google.com.sa  https://www.google.fi  https://c.6sc.co  https://ipv6.6sc.co  https://www.google.bg;  media-src 'self' data:  https://upload.wikimedia.org;  worker-src 'self' blob:; 2
default-src 'self' 'unsafe-inline' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.veteransadvantage.com https://*.wesalute.com https://*.wesaluteapis.com https://ajax.cloudflare.com https://static.cloudflareinsights.com https://performance.radar.cloudflare.com https://cdn.kustomerapp.com https://browser.sentry-cdn.com https://connect.facebook.net https://cdn.segment.com https://cdn.amplitude.com https://edge.fullstory.com https://rs.fullstory.com https://cmp.osano.com https://www.google.com https://www.gstatic.com https://apis.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://bat.bing.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://snap.licdn.com https://js.stripe.com https://cdn.sprig.com https://cdn.userleap.com https://embed.bookingvault.com https://secure.rezserver.com https://public.profitwell.com https://js-agent.newrelic.com https://*.newrelic.com https://*.nr-data.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.posthog.com; connect-src 'self' https://*.wesalute.com https://*.wesaluteapis.com https://*.algolia.net https://*.algolianet.com https://cloudflareinsights.com https://adservice.google.com https://www.googleadservices.com https://www.google.com https://ad.doubleclick.net https://stats.g.doubleclick.net https://bat.bing.com https://*.kustomerapp.com https://*.pndsn.com https://s3.amazonaws.com/kustomer-prod1-attachments https://cdn.jsdelivr.net https://sentry.io https://o287038.ingest.sentry.io https://api.segment.io https://cdn.segment.com https://*.amplitude.com https://edge.fullstory.com https://rs.fullstory.com https://*.api.osano.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googleapis.com https://us-central1-veterans-advantage-arsenal.cloudfunctions.net https://www.facebook.com/tr/ https://api.sprig.com https://api.bookingvault.com https://www2.profitwell.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://*.newrelic.com https://*.nr-data.net https://*.posthog.com; style-src 'self' 'unsafe-inline' https://fonts.wesalute.com https://fonts.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://embed.bookingvault.com; font-src 'self' data: https://fonts.wesalute.com https://cdn.honey.io https://cdn.ivaws.com https://cdn.kustomerapp.com https://fonts.gstatic.com https://themes.googleusercontent.com https://embed.bookingvault.com; img-src blob: data: https:; media-src blob: data: https:; object-src 'none'; frame-src 'self' https://*.wesalute.com https://*.wesaluteapis.com https://*.kustomer.help https://player.vimeo.com https://www.youtube.com https://www.c-span.org/video/standalone/ https://www.google.com https://tpc.googlesyndication.com https://bid.g.doubleclick.net https://td.doubleclick.net https://10165061.fls.doubleclick.net https://www.facebook.com https://js.stripe.com https://cmp.osano.com https://veterans-advantage-arsenal.firebaseapp.com; frame-ancestors 'self' https://*.wesalute.com; report-uri https://o287038.ingest.sentry.io/api/1865718/security/?sentry_key=33c7a6dee3b040bc9bc48cd898e2dd9b&sentry_environment=prod 2
font-src https: data: blob:; frame-ancestors 'self' medialibrarycdn.blueyonder.com cdn.blueyonder.com by-media-library.azureedge.net blueyonder.com; img-src https: data: blob:; default-src https: data: blob: wss:; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: 'unsafe-inline'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googlesyndication.com https://cdn.matomo.cloud/ https://verbund.matomo.cloud https://cdnjs.cloudflare.com https://www.googleadservices.com https://analytics.verbund.com/matomo.js https://consent.verbund.com https://snap.licdn.com https://unpkg.com https://webcast.a1.net https://vjs.zencdn.net https://googleadservices.com https://www.gstatic.com https://js.anyline.com https://dev.visualwebsiteoptimizer.com https://verbundblog.disqus.com https://connect.facebook.net https://*.google.com https://*.googleapis.com https://s.ytimg.com https://*.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://platform.linkedin.com https://code.jquery.com https://platform.twitter.com https://c.disquscdn.com https://disqus.com https://*.disqus.com https://apps.verbund.at https://emea3.recruitmentplatform.com https://code.createjs.com https://amplify.outbrain.com/cp/obtp.js https://tr.outbrain.com/cachedClickId https://googleads.g.doubleclick.net; font-src 'self' https://netdna.bootstrapcdn.com https://fonts.gstatic.com data:; frame-src 'self' https://*.googlesyndication.com https://consent.verbund.com https://verbund.prosiebensat1puls4.tv/ https://base.streamdiver.com/ https://my.walls.io/ https://uvp-ots.sf.apa.at https://www.google.com https://optimize.google.com https://*.disqus.com https://disqus.com https://www.facebook.com https://connect.facebook.net https://www.googletagmanager.com https://www.youtube.com https://staticxx.facebook.com https://*.doubleclick.net https://*.twitter.com https://accounts.google.com https://irs.tools.investis.com https://apps.verbund.at; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://consent.verbund.com https://streamer.a1.net; media-src * blob: data:; img-src 'self' https://*.googlesyndication.com https://consent.verbund.com https://content.prescreen.io https://jobdata.prescreen.io https://px.ads.linkedin.com https://webcast.a1.net https://www.pw-footprints.de https://connect.facebook.net https://*.doubleclick.net https://3662592.fls.doubleclick.net https://*.google-analytics.com https://www.google.com https://www.google.at https://www.google.de https://*.gstatic.com https://stats.g.doubleclick.net https://*.googleapis.com https://dev.visualwebsiteoptimizer.com https://*.twitter.com https://www.foto-webcam.eu https://*.it-wms.com data: https://i.ytimg.com https://www.facebook.com https://c.disquscdn.com https://referrer.disqus.com https://maps.google.com https://cx.atdmt.com https://www.verbund.com https://tr.outbrain.com; connect-src 'self' https://*.googlesyndication.com https://verbund.matomo.cloud https://analytics.verbund.com/matomo.php https://cdn.linkedin.oribi.io/partner/4825250/domain/verbund.com/token https://consent.verbund.com https://at-cdn14.streamdiver.com https://metrics.articulate.com/v1/import https://streamer.a1.net https://webcast.a1.net https://*.analytics.google.com https://analytics.google.com https://maps.googleapis.com https://reporting.anyline.com https://js.anyline.com https://anyline-reporting.herokuapp.com https://*.doubleclick.net https://*.google-analytics.com https://www.googleapis.com https://links.services.disqus.com https://dev.visualwebsiteoptimizer.com https://emea3.recruitmentplatform.com https://www.google.com/pagead/landing https://px.ads.linkedin.com/wa/; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://consent.verbund.com https://webcast.a1.net https://optimize.google.com https://c.disquscdn.com https://fonts.googleapis.com https://tagmanager.google.com; worker-src blob: https://www.verbund.com https://*.verbund.com; frame-ancestors 'self' https://energiemanagement.verbund.at; 2
frame-ancestors *.ooma.com *.ooma.ca https://*.ooma.com https://*.ooma.ca *.talkatone.com https://www.talkatone.com 2
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.medco.com *.express-scripts.com *.evernorth.com *.linkedin.com *.accredo.com *.adobedtm.com *.everestjs.net *.omtrdc.net *.qualtrics.com *.cigna.com *.google-analytics.com *.launchdarkly.com *.braintreegateway.com *.braintree-api.com *.paypal.com *.s3.amazonaws.com d17f9hu9hnb3ar.cloudfront.net *.branch.io app.link *.googleapis.com tlt.cigna.com cdn.cookielaw.org *.onetrust.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: static.addtoany.com www.google-analytics.com *.adobedtm.com *.googletagmanager.com  munchkin.marketo.net  *.brightcove.com  *.marketo.com *.mktoresp.com *.brightcove.net dotsub.com vjs.zencdn.net 112.2o7.net  *.cloudflare.com *.qualtrics.com  *.d41.co *.facebook.net *.licdn.com  *.newrelic.com *.nr-data.net *.ads-twitter.com *.twitter.com *.s3.amazonaws.com d17f9hu9hnb3ar.cloudfront.net unpkg.com *.rlcdn.com *.agkn.com www.googleadservices.com *.doubleclick.net activitymap.adobe.com *.branch.io app.link insight.adsrvr.org *.googleapis.com tlt.cigna.com *.evernorthcaregroup.com cdn.cookielaw.org *.onetrust.com cdn.jsdelivr.net tag.demandbase.com *.verint-cdn.com *.wevalueyourfeedback.com *.verint-api.com; style-src 'self' 'unsafe-inline' blob: static.addtoany.com fonts.googleapis.com fonts.gstatic.com *.marketo.com *.cloudflare.com *.s3.amazonaws.com d17f9hu9hnb3ar.cloudfront.net *.evernorthcaregroup.com unpkg.com *.verint-cdn.com *.wevalueyourfeedback.com *.verint-api.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.google-analytics.com *.112.2o7.net *.brightcove.com pbs.twimg.com d8-es-rgadev-com.s3.amazonaws.com *.brightcove.com brightcove.hs.llnwd.net googletagmanager.com *.prod.boltdns.net brightcove.vo.llnwd.net *.omtrdc.net *.destinationrx.com *.qualtrics.com openbadges.blob.core.windows.net *.everesttech.net *.facebook.com *.linkedin.com *.adsymptotic.com *.googletagmanager.com t.co *.twitter.com *.linkedin.com *.demdex.net *.s3.amazonaws.com d17f9hu9hnb3ar.cloudfront.net *.facebook.net *.marketo.com *.express-scripts.com *.evernorth.com *.doubleclick.net *.google.com *.branch.io app.link *.privacysandbox.googleadservices.com *.adsrvr.org *.googleapis.com maps.gstatic.com lh3.googleusercontent.com tlt.cigna.com cdn.cookielaw.org *.onetrust.com id.rlcdn.com *.verint-cdn.com *.wevalueyourfeedback.com; media-src 'self' 'unsafe-inline' blob:  *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.akamaihd.net *.s3.amazonaws.com d17f9hu9hnb3ar.cloudfront.net; frame-src 'self' static.addtoany.com *.marketo.com *.demdex.net  *.doubleclick.net *.facebook.com *.brightcove.net *.s3.amazonaws.com d17f9hu9hnb3ar.cloudfront.net *.qualtrics.com activitymap.adobe.com *.omniture.com *.google.com *.evernorthcaregroup.com s.company-target.com; frame-ancestors 'self' *.medco.com *.express-scripts.com *.evernorth.com *.accredo.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com themes.googleusercontent.com fonts.gstatic.com *.marketo.com *.qualtrics.com d17f9hu9hnb3ar.cloudfront.net *.evernorth.com  *.express-scripts.com *.verint-cdn.com *.wevalueyourfeedback.com; connect-src 'self' *.mktoresp.com *.brightcove.com dotsub.com *.prod.boltdns.net *.google-analytics.com *.s3.amazonaws.com *.112.2o7.net *.omtrdc.net *.qualtrics.com  *.akamaihd.net *.demdex.net *.mktoutil.com *.nr-data.net *.facebook.com *.s3.amazonaws.com d17f9hu9hnb3ar.cloudfront.net *.d41.co *.branch.io app.link *.express-scripts.com *.evernorth.com *.googleapis.com *.eloqua.com tlt.cigna.com cdn.cookielaw.org *.onetrust.com *.demandbase.com api.company-target.com *.verint-cdn.com *.wevalueyourfeedback.com *.demandbase.com *.linkedin.com *.brightcovecdn.com; report-uri /report-csp-violation 2
frame-ancestors 'self' *.thetoyshop.com *.elc.co.uk 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:;style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https:;font-src 'self' data: https:;connect-src 'self' https: wss: blob:;manifest-src 'self' blob:;media-src 'self' data: https: blob:;object-src 'none';child-src 'self' https: data: blob:;form-action 'self' https: 2
frame-ancestors *.mewatch.sg *.8world.com *.8days.sg *.channelnewsasia.com *.mediacorp.sg *.melisten.sg *.todayonline.com home.mediacorp.grp mediacorpteams.sharepoint.com 2
frame-ancestors ptisp.pt my.ptisp.pt oppwa.com; 2
default-src 'self' *.sulzer.com;                      img-src * data: blob: 'unsafe-inline' 'self' https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://img.youtube.com http://sulzer.com *.google-analytics.com *.analytics.google.com;                      font-src 'self' data: https://fonts.gstatic.com;                      style-src 'unsafe-inline' 'self' https://fast.fonts.net;                      script-src 'unsafe-inline' 'unsafe-eval' 'self' https://go.sulzer.com/pd.js https://www.google.com/recaptcha/api.js https://www.gstatic.com https://pi.pardot.com/analytics https://go.sulzer.com/analytics https://pi.pardot.com/pd.js http://cdn.pardot.com/pd.js https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.youtube.com https://s.ytimg.com/yts/jsbin/www-widgetapi-vflnjBBxk/www-widgetapi.js https://s.ytimg.com https://cdn.cookielaw.org *.hotjar.com *.hotjar.io *.callrail.com;                      connect-src 'self' https://www.google-analytics.com https://mybusiness.googleapis.com https://stats.g.doubleclick.net https://analytics.google.com https://cdn.cookielaw.org https://maps.googleapis.com *.google-analytics.com *.analytics.google.com https://geolocation.onetrust.com https://privacyportal-ch.onetrust.com https://www.google.ch *.hotjar.io;                      child-src 'self' https://www.platform-viewer.v-ex.com https://www.google.com https://sulzer.us6.list-manage.com http://www.sulzerpumpsmexico.com https://app.xtremelocator.com https://ir.tools.investis.com https://www.youtube.com http://8826991.fls.doubleclick.net/ https://sulzer-pump-types.v-ex.app/ https://app.xtremelocator.com/ *.doubleclick.net;                      media-src 'self' https://youtu.be https://www.youtube.com 2
default-src 'self' https://*.kindly.ai https://*.kindlycdn.com https://*.pusher.com wss://ws-eu.pusher.com wss://ws-eu.pusher.com:443 wss://sage.kindly.ai;    script-src 'self' 'unsafe-eval' 'unsafe-inline' https://plausible.io https://chat.kindlycdn.com https://acsbapp.com;    connect-src 'self' https://plausible.io https://chat.kindlycdn.com https://acsbapp.com https://cdn.acsbapp.com/ https://*.kindly.ai wss://ws-eu.pusher.com https://sockjs-eu.push wss://*.kindly.ai;    style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;    img-src 'self' https://media.graphassets.com https://*.kindlycdn.com blob: data:;    media-src 'self' https://media.graphassets.com;    font-src 'self' https://fonts.gstatic.com https://chat.kindlycdn.com data:;    object-src 'none';    base-uri 'self';    form-action 'self';    frame-ancestors 'none';    frame-src https://www.youtube.com;    upgrade-insecure-requests; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://sbnation.coral.coralproject.net/api/graphql/live; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2
object-src 'none'; block-all-mixed-content; upgrade-insecure-requests; 2
frame-ancestors 'self' https://vculungscan.com https://www.vculungscan.com; 2
default-src * 'unsafe-inline' 'unsafe-eval' text/javascript*; img-src data: w3.org/svg/2000 http: https:; script-src * 'unsafe-inline' 'unsafe-eval' data: 2
default-src 'self' *.kampyle.com *.vanguard.com:* *.vgcontent.info:* *.vanguard.com *.vanguardinvestor.co.uk *.vanguard.co.uk;base-uri 'self';font-src 'self' https: data: *.vanguard.com:* *.vgcontent.info:*;form-action 'self';frame-ancestors 'self';img-src 'self' data: vanguard.d2.sc.omtrdc.net *.amazon-adsystem.com www.facebook.com *.doubleclick.net www.google.com *.adservice.google.com *.ytimg.com *.llnw.net sjs.bizographics.com *.linkedin.com snap.licdn.com P.adsymptotic.com *.kampyle.com insight.adsrvr.org *.vanguard.com:* *.vgcontent.info:* *.vanguard.com *.vanguard.co.uk  ade.googlesyndication.com *.vanguardinvestor.co.uk;object-src 'none';script-src 'self' 'unsafe-inline' *.vgdynamic.info connect.facebook.net www.googleadservices.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net *.youtube.com/ blob: *.limelight.com/ *.kampyle.com *.vanguard.com:* *.vgcontent.info:* corp-pmj-ukpi.web.vanguard.com corp-pmj-ukpi.webt.vanguard.com *.vanguardinvestor.co.uk cdn.botframework.com/botframework-webchat/latest/webchat.js;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' *.kampyle.com *.vanguard.com:* *.vgcontent.info:*;connect-src *.demdex.net vanguard.d2.sc.omtrdc.net *.tt.omtrdc.net *.llnw.net *.kampyle.com *.medallia.com *.medallia.eu *.vanguard.com *.vanguard.co.uk static.vgcontent.info cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com corp-pmj.webt.vanguard.com corp-pmj-ukpi.web.vanguard.com corp-pmj-ukpi.webt.vanguard.com corp.etm.testassets.vgdynamic.info corp.etm.assets.vgdynamic.info corp.at2.assets.vgdynamic.info *.googlesyndication.com www.google.com googleads.g.doubleclick.net 'self' *.vanguardinvestor.co.uk *.vanguardinvestor.com directline.botframework.com;frame-src *.demdex.net *.youtube.com *.limelight.com 'self' *.vanguard.com *.kampyle.com insight.adsrvr.org vanguard-pf-git-vgpf-prod-raindrop-tech.vercel.app vanguard-pf-git-vgpf-dev-raindrop-tech.vercel.app;media-src blob:;upgrade-insecure-requests 2
frame-ancestors pms.a-premium.com pms.a-premium-test.com; 2
default-src 'self' https://*.wistia.com https://*.wistia.net; connect-src * data: https: https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.wistia.com https://*.wistia.net https://src.litix.io data: https:; img-src * 'self' data: https: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; media-src * 'self' data: blob: https: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; style-src * 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://fast.wistia.com;font-src * data: https:; frame-src * data: https: https://fast.wistia.com https://fast.wistia.net; child-src blob:; worker-src 'self' blob:; 2
default-src 'self' recrutement.orano.group oranoweb.cms.orano.group https://career-i18n.demo.cleverconnect.com career.demo.cleverconnect.com *.google.fr *.google.com *.google-analytics.com *.googletagmanager.com analytics.tiktok.com *.facebook.com *.sc-static.net snap.licdn.com insight.adsrvr.org googleads.g.doubleclick.net www.googleadservices.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org code.jquery.com ws.facil-iti.com tag.aticdn.net www.googletagmanager.com www.google-analytics.com https://s4.ispring.eu https://11471784.fls.doubleclick.net https://secure.adnxs.com https://career-i18n.demo.cleverconnect.com https://career.demo.cleverconnect.com https://logws1332.ati-host.net *.goldenbees.fr https://cdn.facil-iti.app https://ecb.qualquantsignals.com https://googleads.g.doubleclick.net https://www.googleadservices.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://unpkg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://ws.facil-iti.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.xiti.com *.ati-host.net https://secure.adnxs.com *.blob.core.windows.net cdn.orano.group oranocms.azureedge.net *.adsrvr.org https://raw.githubusercontent.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google.fr https://www.google.com https://ecb.qualquantsignals.com https://ws.facil-iti.com https://*.tile.openstreetmap.org https://*.tile.openstreetmap.fr https://tiles.stadiamaps.com; media-src 'self' data: blob: *.ausha.co; frame-src https://cdn.streamlike.com https://ws.facil-iti.com 'self' https://oranoweb.cms.orano.group/ recrutement.orano.group *.youtube.com *.youtube.fr https://11471784.fls.doubleclick.net www.google.com https://cdn.facil-iti.app/ https://web-service.facil-iti.app/ https://www.googletagmanager.com/ https://orano.kantree.io/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com ws.facil-iti.com recrutement.orano.group blob:; connect-src 'self' https://career-i18n.demo.cleverconnect.com https://career.demo.cleverconnect.com accounts.google.com https://www.google.com https://googleads.g.doubleclick.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.xiti.com ws.facil-iti.com recrutement.orano.group www.googletagmanager.com www.google-analytics.com http://oranoweb.cms.orano.group https://s4.ispring.eu https://logws1332.ati-host.net https://maps.googleapis.com/ https://pagead2.googlesyndication.com/ https://web-service.facil-iti.app https://dhllvtr.pa-cd.com; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.cookiebot.com https://*.etracker.com https://www.etracker.de; frame-ancestors 'self' https://*.etracker.com https://www.etracker.de 2
frame-ancestors 'self' https://*.breuninger.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://players.brightcove.net/ https://www.recaptcha.net https://www.gstatic.com https://js-agent.newrelic.com https://pi.pardot.com https://www.youtube.com https://in2.taskanalytics.com https://bam.nr-data.net https://snap.licdn.com https://googleads.g.doubleclick.net https://info.weareplanet.com https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com https://tag.demandbase.com https://j.6sc.co https://tracking.g2crowd.com https://connect.facebook.net https://tpc.googlesyndication.com https://cdn.weglot.com/weglot.min.js cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com maps.googleapis.com; frame-ancestors 'self'; report-uri https://www.weareplanet.com/report-uri/enforce 2
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; 2
default-src 'self';style-src 'self'  'unsafe-inline';font-src 'self' data:; 2
frame-ancestors 'self' https://chayns.de https://qa.tobit.team https://tobit.team 2
frame-ancestors 'self' www.amway.id admin.amway.id beta.amway.id www.amway.co.th admin.amway.co.th beta.amway.co.th smart.amway.co.th admin.smart.amway.co.th bodykeychallenge.amway.co.th amway-th.ada.support bodykeymentor.amway.co.th creatorschallenge.amway.co.th challenge.amway.co.th  privilege.amway.co.th 2
default-src https: 'unsafe-inline'; frame-ancestors 'self' 2
frame-ancestors 'self' *.dorotheum.com *.google.com *.barnebys.de *.barnebys.com *.artnet.com *.artnet.de *.artprice.com *.drouot.com *.auction.fr *.art-spotter.net *.lot-tissimo.com *.sixbid.com *.numisbids.com; 2
default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' ; img-src 'self' * https: http: data:  2
default-src 'none'; connect-src 'self'; img-src 'self' 'unsafe-inline' data: ; style-src 'self' 'unsafe-inline'; media-src 'self'; frame-ancestors 'self'; font-src 'self' data: ;script-src 'self' 'unsafe-inline' 'unsafe-eval';object-src 'self';frame-src 'self' https://*.sonicwall.com/ 2
default-src https: data: wss://*.hotjar.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; 2
default-src 'self' *.stripchat.com data: blob: *.amplitude.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.lovense.club:* *.lovense.com *.lovense-api.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn1.com *.doppiocdn.net *.doppiocdn.org *.doppiocdn.media *.doppiocdn.live *.doppiostreams.com *.trafficjunky.net main.exoclick.com tsyndicate.com *.hotjar.com *.hotjar.io fpnpmcdn.net loo3laej.com stripchat.page mc.thedd.online;img-src 'self' * data: blob: android-webview-video-poster:;script-src 'self' *.stripchat.com data: 'unsafe-inline' 'unsafe-eval' blob: *.amplitude.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.hpyrdr.dev *.hytto.com *.lovense.club:* *.lovense.com *.lovense-api.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.trafficjunky.net *.google.com platform.twitter.com main.exoclick.com tsyndicate.com wss://*.sc-apps.com www.googleadservices.com cdnjs.cloudflare.com/ajax/libs/fingerprintjs2/2.1.2/fingerprint2.min.js *.hotjar.com *.crowdin.com cdntechone.com fpnpmcdn.net loo3laej.com stripchat.page mc.thedd.online *.nktrdr.com *.ktkjmp.com *.xhamster.com *.llyjmp.com *.lxzrdr.com *.stripcash.com *.mnaspm.com *.rmhfrtnd.com *.xxxivjmp.com *.xxxvjmp.com *.xxxviijmp.com *.xxxviiijmp.com *.rmshqa.com *.xlivrdr.com *.xlvrdr.com *.xlviirdr.com *.xlviiirdr.com *.zybrdr.com *.bbrdbr.com *.dmsktmld.com *.fxmnba.com *.althz.com;connect-src 'self' *.stripchat.com *.amplitude.com *.doubleclick.net *.flixstorage.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.hytto.com *.lovense.club:* *.lovense.com *.lovense-api.com *.stripcdn.com *.xhamsterlive.com *.xlivesex.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn1.com *.doppiocdn.net *.doppiocdn.org *.doppiocdn.media *.doppiocdn.live *.doppiostreams.com syndication.twitter.com wss://*.stripchat.com wss://*.stripcdn.com wss://*.stripcdn.com:8090 wss://*.stripst.com wss://*.stripst.dev wss://*.strpst.com wss://*.strwst.com wss://*.doppiocdn.com wss://*.doppiocdn.org wss://*.doppiocdn.media wss://*.lovense.com wss://*.lovense-api.com wss://*.sc-apps.com *.crowdin.com crowdin.com datatechone.com stquality.org accounts.google.com fpnpmcdn.net loo3laej.com stripchat.page mc.thedd.online *.nktrdr.com *.ktkjmp.com *.xhamster.com *.llyjmp.com *.lxzrdr.com *.stripcash.com *.mnaspm.com *.rmhfrtnd.com *.xxxivjmp.com *.xxxvjmp.com *.xxxviijmp.com *.xxxviiijmp.com *.rmshqa.com *.xlivrdr.com *.xlvrdr.com *.xlviirdr.com *.xlviiirdr.com *.zybrdr.com *.bbrdbr.com *.dmsktmld.com *.fxmnba.com *.althz.com;media-src 'self' *.stripchat.com data: blob: *.ahcdn.com *.lovense.club:* *.lovense.com *.lovense-api.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn1.com *.doppiocdn.net *.doppiocdn.org *.doppiocdn.media *.doppiocdn.live stripchat.page;style-src 'self' *.stripchat.com 'unsafe-inline' *.googleapis.com *.hytto.com *.lovense.club:* *.lovense.com *.lovense-api.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.tagmanager.google.com *.crowdin.com accounts.google.com stripchat.page;frame-src * data:;report-uri /_csp 2
frame-ancestors 'self' https://newapp.etracker.com; 2
default-src 'self' https:; img-src 'self' https: data:; media-src 'self' https: data:; script-src https: 'unsafe-inline' blob:; style-src 'self' https: 'unsafe-inline'; object-src 'none'; connect-src 'self' https: wss: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: wss:; img-src https: data:; font-src https: data:; 2
upgrade-insecure-requests;block-all-mixed-content 2
default-src 'self' 'unsafe-inline' repay.wpengine.com https: data:; font-src 'self' *.fontawesome.com fonts.googleapis.com fonts.gstatic.com data: repay.wpengine.com data: https: *.hotjar.com; style-src 'self' 'unsafe-inline' *.fontawesome.com cdn.jsdelivr.net fonts.googleapis.com cdnjs.cloudflare.com repay.wpengine.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fontawesome.com cdnjs.cloudflare.com cdn.jsdelivr.net cdn-cookieyes.com *.cdn-cookieyes.com *.googletagmanager.com repay.wpengine.com https: *.hotjar.com *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.hsadspixel.net *.hubspotfeedback.com *.usemessages.com *.hs-analytics.net *.hscollectedforms.net *.hsforms.net *.hsforms.com *.incontact.com *.incontact.com *.adsrvr.org *.linkedin.com *.licdn.com; connect-src 'self' *.fontawesome.com cdn-cookieyes.com *.cdn-cookieyes.com *.cookieyes.com *.googletagmanager.com *.google-analytics.com repay.wpengine.com https: *.hotjar.com wss://*.hotjar.com wss://*.niceincontact.com *.hotjar.io *.hubspot.com api.hubapi.com js.usemessages.com js.hsleadflows.net js.hs-banner.com js.hubspotfeedback.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com forms.hsforms.com *.incontact.com *.adsrvr.org *.linkedin.com *.licdn.com; img-src 'self' data: https: *.gravatar.com *.cookieyes.com cdn-cookieyes.com *.cdn-cookieyes.com *.repay.com *.businesswire.com repay.wpengine.com *.hotjar.com *.hubspot.com *.hubspot.net *.hsforms.com *.linkedin.com *.licdn.com; frame-src https: *.incontact.com *.doubleclick.net vars.hotjar.com *.vimeo.com *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com; child-src app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com; form-action https: 'self' javascript: *.hsforms.com *.hubspot.com 2
frame-ancestors 'self' *.zinghr.com; 2
script-src 'self' kit.fontawesome.com cdn.callrail.com https://*.google.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com player.vimeo.com clicky.com in.getclicky.com static.getclicky.com code.jquery.com 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' 'unsafe-inline' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.cookielaw.org https://www.googletagmanager.com https://addsearch.com https://www.google-analytics.com https://www.googleanalytics.com https://snap.licdn.com https://www.redditstatic.com https://googleads.g.doubleclick.net https://js.hs-scripts.com https://analytics.tiktok.com https://connect.facebook.net https://j.6sc.co https://amplify.outbrain.com https://tr.outbrain.com https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://js.hubspot.com https://js.hsforms.net https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/releases/ https://s8.searchcdn.com https://grid.is https://edge.fullstory.com https://www.comeet.co https://player.vimeo.com https://www.youtube.com https://apollo.io https://cdn.ampproject.org https://bugcrowd.com https://assets.bugcrowdusercontent.com https://www.google.com https://optimize.google.com https://www.googleoptimize.com https://dev.visualwebsiteoptimizer.com https://js.hscta.net https://js-eu1.hscta.net https://no-cache.hubspot.com https://*.hubspot.com https://*.hs-sites.com	https://*.hs-sites-eu1.com https://cta-service-cms2.hubspot.com https://tagmanager.google.com https://www.gstatic.com https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://app.addsearch.com https://*.cloudfront.net https://optimize.google.com https://www.comeet.com https://tagmanager.google.com https://www.googleoptimize.com; img-src 'self' https: data: blob:; connect-src 'self' https://api.ipstack.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://fb-capi.rapyd.net https://analytics.google.com https://www.google-analytics.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://ipv6.6sc.co https://analytics.tiktok.com https://dashboard.rapyd.net https://cta-service-cms2.hubspot.com https://api.hubapi.com https://forms.hubspot.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://cdn.linkedin.oribi.io https://c.6sc.co https://edge.fullstory.com https://rs.fullstory.com https://secure.adnxs.com https://dev.visualwebsiteoptimizer.com https://pagead2.googlesyndication.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; frame-ancestors 'self' https://grid.is https://www.rapyd.is; frame-src https://www.rapyd.net https://aax-eu.amazon-adsystem.com https://www.facebook.com https://optimize.google.com https://www.google.com https://forms.hsforms.com https://grid.is https://www.rapyd.is https://www.comeet.co https://player.vimeo.com https://bugcrowd.com https://www.googleoptimize.com https://www.youtube.com https://apollo.io https://s-eu1.hscta.net https://no-cache.hubspot.com https://*.hs-sites-eu1.com https://*.hs-sites.com 2
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://use.typekit.net https://script.crazyegg.com https://snap.licdn.com https://bat.bing.com https://static.hotjar.com https://cdn.feathr.co https://jobs.assp.org https://a.omappapi.com https://googleads.g.doubleclick.net https://script.hotjar.com https://polo.feathr.co https://tracking.magnetmail.net banman.assp.org https://cdn.datatables.net https://platform-api.sharethis.com/ https://buttons-config.sharethis.com/ https://count-server.sharethis.com/ https://www.medtargetsystem.com/javascript/beacon.js 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://maxcdn.bootstrapcdn.com https://a.omappapi.com https://cdn.datatables.net 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://www.google.com https://marco.feathr.co https://px.ads.linkedin.com https://bat.bing.com https://p.typekit.net https://polo.feathr.co banman.assp.org https://kendo.cdn.telerik.com/ https://platform-cdn.sharethis.com/ https://www.medtargetsystem.com *.omappapi.com/ https://match.adsrvr.org store.assp.org *.feathr.co *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://maxcdn.bootstrapcdn.com https://use.typekit.net; frame-src 'self' https://td.doubleclick.net https://platform.twitter.com www.google.com app.fulfillengine.com/ www.youtube.com https://player.vimeo.com/ https://open.spotify.com/ https://www.medtargetsystem.com/ https://vimeo.com/ web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://analytics.google.com https://script.crazyegg.com https://px.ads.linkedin.com https://polo.feathr.co https://api.omappapi.com wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io safetyfocus.assp.org https://search.asse.org:9443/ https://l.sharethis.com/ https://www.facebook.com/tr/ https://www.facebook.com/ *.google.com *.omappapi.com *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 2
frame-ancestors 'self' https://borisfx.com/documentation/silhouette/;, frame-ancestors 'self' https://borisfx.com/documentation/silhouette-2022/;, frame-ancestors 'self' https://borisfx.com/documentation/silhouette-2022.5/;, frame-ancestors 'self' https://borisfx.com/documentation/silhouette-2023/;, frame-ancestors 'self' https://borisfx.com/documentation/optics/; 2
frame-ancestors 'self'; base-uri 'self'; object-src 'none'; 2
upgrade-insecure-requests;frame-ancestors 'self'; 2
font-src 'self' prd-cdn.abrdn.com data: https://fonts.gstatic.com https://stackpath.bootstrapcdn.com *.qumucloud.com *.abrdn.com; frame-ancestors 'self' *.abrdn.com *.qumucloud.com https://www.asia-focus.co.uk https://www.asian-income.co.uk https://www.abrdnchina.co.uk https://www.abrdndiversified.co.uk https://www.abrdnequityincome.com https://www.eurologisticsincome.co.uk https://www.abrdnjapan.co.uk https://www.latamincome.co.uk https://www.newdawn-trust.co.uk https://www.abrdnnewindia.co.uk https://www.abrdnpeot.co.uk https://www.abrdnpit.co.uk https://www.abrdnsmallercompaniesincome.co.uk https://www.abrdnuksmallercompaniesgrowthtrust.co.uk https://www.asiadragontrust.co.uk https://www.ceibalimited.co.uk https://www.dunedinincomegrowth.co.uk https://www.murray-income.co.uk https://www.murray-intl.co.uk https://www.shiresincome.co.uk https://www.northamericanincome.co.uk https://www.ukcpreit.com https://www.invtrusts.co.uk https://dqm.crownpeak.com; upgrade-insecure-requests; 2
style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com code.jquery.com static.cinepolis.com stage-modernizacion.cinepolis.com fonts.googleapis.com mapbox-gl.com blob: api.mapbox.com events.mapbox.com service.force.com d.la4-c2cs-dfw.salesforceliveagent.com cinepolisdevops--devops.my.salesforce.com d.la2-c1-ph2.salesforceliveagent.com d.la1-c1-ia4.salesforceliveagent.com tagmanager.google.com fonts.googleapis.com; font-src 'self' data: fonts.gstatic.com blob: api.mapbox.com events.mapbox.com; "default-src" 'script-src' 'self' stage.cinepolis.com static.cinepolis.com stage-modernizacion.cinepolis.com localhost tpc.googlesyndication.com mapbox-gl.com blob: api.mapbox.com events.mapbox.com data: securepubads.g.doubleclick.net pagead2.googlesyndication.com google.com csi.gstatic.com analytics.google.com/g/collect www.google-analytics.com/collect www.google-analytics.com/j/collect www.google.com/ads/measurement/l stats.g.doubleclick.net/j/collect dynatrace.com js-cdn.dynatrace.com https://js-cdn.dynatrace.com/jstag/15c157a40ab/ruxitagent_A2NVfqru_10257221222094147.js https://bf87178acl.bf.dynatrace.com/ bf87178acl.bf.dynatrace.com https://js-cdn.dynatrace.com/ https://sb.scorecardresearch.com/ sb.scorecardresearch.com *.dynatrace.com google-analytics.com/ stage-modernizacion.cinepolis.com.gt/ https://www.google-analytics.com/g/collect; img-src 'self' https://www.facebook.com/* static.cinepolis.com tagmanager.com googletagmanager.com tpc.googlesyndication.com cinepolis.com stage.cinepolis.com data: mapbox-gl.com blob: api.mapbox.com events.mapbox.com ssl.gstatic.com securepubads.g.doubleclick.net google.com pagead2.googlesyndication.com www.google-analytics.com/collect www.google-analytics.com/j/collect www.google.com/ads/measurement/l www.googletagmanager.com/a googleads.g.doubleclick.net/pagead/interaction/ www.google.com/ads/ga-audiences www.google.com/ads/ga-audiences https://www.google.com.mx/ads/ga-audiences https://sb.scorecardresearch.com/ sb.scorecardresearch.com *.dynatrace.com *.twitter.com/* www.facebook.com/* www.facebook.com/tr/*; frame-src 'unsafe-eval' 'self' td.doubleclick.net securepubads.g.doubleclick.net tpc.googlesyndication.com static.cinepolis.com stage.cinepolis.com stage-modernizacion.cinepolis.com mapbox-gl.com blob: api.mapbox.com events.mapbox.com youtube.com www.youtube.com service.force.com d.la4-c2cs-dfw.salesforceliveagent.com cinepolisdevops--devops.my.salesforce.com d.la2-c1-ph2.salesforceliveagent.com d.la1-c1-ia4.salesforceliveagent.com *.safeframe.googlesyndication.com safeframe.googlesyndication.com google.com www.google.com googleads.g.doubleclick.net/ https://8267269.fls.doubleclick.net/ 8267269.fls.doubleclick.net td.doubleclick.net; "script-src" 'unsafe-inline' 'unsafe-eval' 'self' tpc.googlesyndication.com googletagmanager.com cdnjs.cloudflare.com static.cinepolis.com code.jquery.com mapbox-gl.com blob: api.mapbox.com events.mapbox.com pagead2.googlesyndication.com partner.googleadservices.com google-analytics.com apis.google.com google-analytics.com youtube.com www.youtube.com service.force.com d.la4-c2cs-dfw.salesforceliveagent.com cinepolisdevops--devops.my.salesforce.com d.la2-c1-ph2.salesforceliveagent.com d.la1-c1-ia4.salesforceliveagent.com securepubads.g.doubleclick.net tagmanager.google.com www.googletagmanager.com www.google-analytics.com/gtm/optimize.js www.google-analytics.com/analytics.js www.google-analytics.com/analytics.js adservice.google.com.mx/adsid/integrator.js www.google-analytics.com/plugins/ua/ec.js www.google-analytics.com/plugins/ua/linkid.js www.google-analytics.com/gtm/js www.google-analytics.com/collect www.google-analytics.com/j/collect adservice.google.com/adsid/integrator.js www.googletagservices.com/activeview/js/current/rx_lidar.js connect.facebook.net/en_US/fbevents.js js-cdn.dynatrace.com/jstag/15c157a40ab/ruxitagent_A2NVfqru_10257221222094147.js b.scorecardresearch.com/beacon.js analytics.tiktok.com/i18n/pixel/events.js assistant.woorank.com/hydra/assistantLoader.latest.js static.ads-twitter.com/uwt.js connect.facebook.net/signals/config/375285878099814 dynatrace.com js-cdn.dynatrace.com https://js-cdn.dynatrace.com/jstag/15c157a40ab/ruxitagent_A2NVfqru_10257221222094147.js https://bf87178acl.bf.dynatrace.com/ bf87178acl.bf.dynatrace.com https://js-cdn.dynatrace.com/ https://sb.scorecardresearch.com/ sb.scorecardresearch.com *.dynatrace.com *.facebook.net/* connect.facebook.net/*; worker-src 'unsafe-eval' 'unsafe-inline' 'self' mapbox-gl.com blob: api.mapbox.com events.mapbox.com youtube.com www.youtube.com service.force.com d.la4-c2cs-dfw.salesforceliveagent.com cinepolisdevops--devops.my.salesforce.com d.la2-c1-ph2.salesforceliveagent.com d.la1-c1-ia4.salesforceliveagent.com; frame-ancestors tpc.googlesyndication.com static.cinepolis.com stage.cinepolis.com stage-modernizacion.cinepolis.com mapbox-gl.com blob: api.mapbox.com events.mapbox.com youtube.com www.youtube.com service.force.com d.la4-c2cs-dfw.salesforceliveagent.com cinepolisdevops--devops.my.salesforce.com d.la2-c1-ph2.salesforceliveagent.com d.la1-c1-ia4.salesforceliveagent.com; object-src 'none'; 2
default-src 'self' https://*.gravatar.com https://*.gstatic.com https://www.google.com https://www.google-analytics.com https://*.sender.mobi  'unsafe-inline'; frame-src 'self' https://*.gravatar.com https://*.google.com https://*.sender.mobi; script-src 'self' https://*.sender.mobi https://*.gravatar.com https://*.gstatic.com https://www.google.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://*.gravatar.com https://www.google.com https://www.google.com.ua https://*.sender.mobi https://www.google-analytics.com  https://*.gstatic.com data:; object-src 'self'; font-src 'self' https://*.gravatar.com https://*.gstatic.com https://www.google.com https://fonts.gstatic.com https://fonts.googleapis.com data:; style-src * blob: 'self' https://*.gravatar.com https://*.gstatic.com https://www.google.com https://*.sender.mobi https://fonts.gstatic.com https://fonts.googleapis.com 'unsafe-inline'; 2
frame-src 'self' https://*.adsrvr.org https://*.edkt.io https://*.adnxs.com https://*.omniture.com https://*.teads.tv https://*.everesttech.net https://*.everestjs.net https://fledge.teads.tv https://*.adentifi.com https://*.linkedin.com https://*.licdn.com https://*.sojern.com https://*.videoamp.com https://awin1.com https://dwin1.com https://*.adobe.com https://*.niceincontact.com https://na-gateway.mastercard.com https://mtf.gateway.mastercard.com https://analytics.analytics-egain.com https://princesscruises.egain.cloud https://surfly-us.com https://princess.qualtrics.com https://sr.rlcdn.com https://www.facebook.com https://assets.adobedtm.com https://cdn.appdynamics.com https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://carnivalbrands.demdex.net https://servedby.flashtalking.com https://www.youtube.com https://*.princess.com https://*.ocean.com https://*.pinterest.com https://*.td.doubleclick.net https://*.tpc.googlesyndication.com https://publish-p107522-e1006297.adobeaemcloud.com https://td.doubleclick.net https://tpc.googlesyndication.com;frame-ancestors 'self' https://*.princess.com https://*.polarres.com https://*.clubprincess.com https://*.medallionclassmarket.com  https://*.princesspromotions.com https://*.ocean.com  https://*.niceincontact.com https://*.adobeaemcloud.com; 2
script-src http: https: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' *.uhg.com *.optum.com *.uhc.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com uhgenterprise.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us covid19.rallyhealth.com insight.adsrvr.org  www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ www.recaptcha.net match.adsrvr.org; frame-src 'self' https://community.pregnancy.org https://optum.marketing.adobe.com *.uhg.com *.optum.com *.uhc.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com uhgenterprise.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us covid19.rallyhealth.com insight.adsrvr.org www.recaptcha.net match.adsrvr.org; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src 'unsafe-inline' 'unsafe-eval' *; script-src 'unsafe-inline' 'unsafe-eval' *; img-src * data: about:; frame-src 'self' *; worker-src blob:; object-src https://wnyc-project-prod.s3.amazonaws.com; frame-ancestors 'self' localhost *; media-src 'self' *; 2
<policy directive>; 2
frame-ancestors 'self' *.storyblok.com; 2
frame-ancestors 'self' everygame.eu www.everygame.eu sblp.everygame.eu sports.everygame.eu poker.everygame.eu casino.everygame.eu classic.everygame.eu lobby.everygame.eu:2072 account.everygame.eu client.horizonpokernetwork.eu 2
frame-ancestors *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'self'; connect-src *.adguard-dns.com *.adguard.org filters.adtidy.org https-filtering-check.adtidy.org *.agstcdn.com *.agrd.eu *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'self'; script-src https://cdn.paddle.com/paddle/paddle.js https://widget.cloudpayments.ru/bundles/cloudpayments.js hcaptcha.com *.hcaptcha.com https://challenges.cloudflare.com/turnstile/v0/api.js *.agstcdn.com *.agrd.eu *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src cdn.paddle.com *.adguard.org *.agstcdn.com *.agrd.eu *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'unsafe-inline' 'self'; img-src * data: *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'self'; frame-src *; font-src *.adguard.org *.agstcdn.com *.agrd.eu *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'self' data:; object-src https://cdn.adtidy.org *.agstcdn.com *.agrd.eu *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'self'; media-src cdn.adtidy.org *.agstcdn.com *.agrd.eu *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'self'; report-uri /api/247/security/?sentry_key=f9f67ed550ee435e96c854cdb8278247; default-src *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'self' 2
frame-ancestors 'self' https://*.brille24.de 2
frame-ancestors 'self' https://*.childrensnebraska.org; 2
frame-ancestors http://ecomdisplay.int/ 2
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://www.youtube.com/iframe_api https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com https://www.googletagmanager.com/ http://s7.addthis.com/ https://m.addthis.com/ https://z.moatads.com/ https://v1.addthisedge.com/ 'self' web-chat.nativechat.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://mma.prnewswire.com/ https://www.addthis.com/ 'self' web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://www.google-analytics.com/; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://s7.addthis.com/ 'self' web-chat.nativechat.com; frame-src web-chat.nativechat.com 'self' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://am-assets.pl www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com accounts.google.com widget.helpcrunch.com connect.facebook.net stats.pusher.com secure.payu.com script.hotjar.com static.hotjar.com chat.dropped.net.pl js.pusher.com;style-src 'self' 'unsafe-inline' https://am-assets.pl fonts.googleapis.com accounts.google.com chat.dropped.net.pl; 2
base-uri 'self';frame-ancestors 'self'; 2
default-src 'self'; script-src 'report-sample' 'self' https://www.googleadservices.com https://www.googletagmanager.com https://www.googletagmanager.com/debug/bootstrap https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.recaptcha.net/recaptcha/api.js www.gstatic.com; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' careem.com https://analytics.google.com https://remittance-service.pvt-cx.gw.staging.teamdisplayed.com https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://td.doubleclick.net/ https://www.googletagmanager.com https://www.recaptcha.net https://www.youtube.com; img-src 'self' https://www.google.com/pagead https://googleads.g.doubleclick.net https://www.google.com.pk https://careem-public-web-media.imgix.net https://upload-cdn.careem.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://upload-cdn.careem.com https://careem-public-web-media.imgix.net; report-uri https://646c74d0974ac544f93aad6a.endpoint.csper.io/?v=3; worker-src 'none'; form-action 'self'; 2
frame-ancestors 'self' https://*.locasun.com; 2
default-src 'self' wss: https://*.contentful.com https://*.kampyle.com wss://*.ooklaserver.net https://*.tigocloud.net https://*.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://*.crazyegg.com; frame-src 'self' https://*.tigocloud.net https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://*.google-analytics.com https://www.youtube.com https://6493920.fls.doubleclick.net https://*.kampyle.com https://*.crazyegg.com https://affperformance.com; script-src 'self' blob: https://*.tigocloud.net https://*.kampyle.com https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://*.google-analytics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.youtube.com https://6493920.fls.doubleclick.net https://maps.googleapis.com https://www.gstatic.com/ https://sync.smartadserver.com https://s.ytimg.com https://facebook.com/signals/iwl.js https://widget-mediator.zopim.com https://*.licdn.com 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-lfXlPY3+MCPOPb4mrw1Y961+745U3WlDQVcOXdchSQc=' https://www.clarity.ms https://eum.instana.io https://*.crazyegg.com https://*.smooch.io https://tigo.us18.list-manage.com https://*.cybba.solutions https://ads.sonataplatform.com 'sha256-7Fp7MEYPiWwFlFSMtMrgFGtyV65kiMzqzrPzl5b9JcE=' 'sha256-1eitAMOMBEWQWrEo2CI2KMY9gYgxOeJjntcD0Puyirw=' 'sha256-kw7rMCesUws2kQMU9IXUxO6kflQ3bRrMMDWqFbNNfHs=' 'sha256-FrQ57L9tMdJJ722FWKhQSqaJ3Gd4s4rKlbk+K1DW+t4=' 'sha256-mjWayJ8bIILZRwmU4qhz1tO/F4oF7grwSWF0Gi1bRZ0='; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com https://*.zendesk.com; img-src 'self' data: blob: https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://*.google-analytics.com https://*.tigocloud.net https://*.contentful.com https://*.kampyle.com https://static.zdassets.com https://*.googletagmanager.com https://images.ctfassets.net https://*.g.doubleclick.net https://lh3.googleusercontent.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://maps.gstatic.com https://www.facebook.com https://analytics.twitter.com https://static.ads-twitter.com https://*.speedtestcustom.com https://*.zendesk.com https://static.zdassets.com https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://sync.smartadserver.com https://*.zopim.io https://svr.mic.edge.com.py https://*.kampyle.com https://c.clarity.ms https://c.bing.com https://*.crazyegg.com https://affperformance.com https://*.cybba.solutions; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://fonts.googleapis.com https://*.zendesk.com https://*.tigocloud.net https://*.kampyle.com https://*.crazyegg.com; connect-src * data: https://*.crazyegg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; object-src 'none'; form-action 'self' https://www.facebook.com; base-uri 'self' https://md-scp.kampyle.com; frame-ancestors 'self' 2
frame-ancestors https:; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.truist.com *.truistsecurities.com *.truistinsurance.com *.truistleadershipinstitute.com *.sheffieldfinancial.com *.bridgetrusttitle.com *.grandbridge.com *.mcgriff.com *.about.paymypremiums.com *.afco.com *.afcodirect.com *.cafo.com *.postechnologygroup.com *.primeratepfc.com *.regionalacceptance.com  https://gateway.zscalerthree.net https://fast.wistia.com 4264071.fls.doubleclick.net https: accdn.lpsnmedia.net ad.doubleclick.net adservice.google.com analytics.tiktok.com bat.bing.com cdnjs.cloudflare.com cdn.cookielaw.org https://assets.adobedtm.com cm.g.doubleclick.net connect.facebook.com connect.facebook.net ct.pinterest.com d.adroll.com doubleclick.net dsum-sec.casalemedia.com eb2.3lift.com geolocation.onetrust.com globalsiteanalytics.com googleads.g.doubleclick.net ib.adnxs.com idsync.rlcdn.com image2.pubmatic.com img.en25.com insight.adsrvr.org js.adsrvr.org login.zscalerthree.net lpcdn.lpsnmedia.net lptag.liveperson.net pixel.rubiconproject.com px.ads.linkedin.com s.adroll.com s.pinimg.com s1137986.t.eloqua.com s1358293874.t.eloqua.com sc-static.net siteintercept.qualtrics.com snap.licdn.com snapchat.com solutions.invocacdn.com static.ads-twitter.com sync.outbrain.com sync.taboola.com td.doubleclick.net tr.snapchat.com trc.taboola.com ups.analytics.yahoo.com us-u.openx.net utt.impactcdn.com va.v.liveperson.net www.facebook.com www.googleadservices.com www.googletagmanager.com www.pages02.net www.sc.pages02.net x.bidswitch.net zn9enqgwlulcwnbsw-truistcx.siteintercept.qualtrics.com blob:; worker-src 'self' blob: 2
frame-ancestors ; default-src 'self' 'unsafe-inline' mineralstage.wpengine.com www.google-analytics.com *.google.com maps.googleapis.com stats.g.doubleclick.net *.chilipiper.com *.clickagy.com www.googletagmanager.com *.breezy.hr *.linkedin.oribi.io *.linkedin.com *.wistia.com *.zoominfo.com *.litix.io cdn.cookielaw.org *.onetrust.com vimeo.com dev.visualwebsiteoptimizer.com; font-src 'self' use.typekit.net fonts.gstatic.com data:; frame-src 'self' 'unsafe-inline' player.vimeo.com js.driftt.com *.bugherd.com mineraltree.breezy.hr *.mineraltree.com *.googletagmanager.com optimize.google.com *.youtube.com *.chilipiper.com *.doubleclick.net data:; img-src 'self' mineralstage.wpengine.com www.google.com www.google-analytics.com maps.gstatic.com maps.googleapis.com *.googletagmanager.com optimize.google.com *.linkedin.com lltrck.com b.6sc.co p.adsymptotic.com *.clickagy.com *.rlcdn.com *.bing.com *.wistia.com *.vimeocdn.com *.chilipiper.com cdn.cookielaw.org *.visualwebsiteoptimizer.com data:; media-src 'self' mineralstage.wpengine.com blob:; script-src 'self' 'unsafe-inline' mineralstage.wpengine.com js.driftt.com *.bugherd.com j.6sc.co www.googletagmanager.com www.google-analytics.com maps.googleapis.com www.googleoptimize.com optimize.google.com player.vimeo.com pi.pardot.com ws.zoominfo.com tracking.leadlander.com snap.licdn.com go.mineraltree.com mineraltree.breezy.hr *.chilipiper.com *.bing.com *.clickagy.com *.wistia.com *.capterra.com cdn.cookielaw.org dev.visualwebsiteoptimizer.com cdn.jsdelivr.net blob:; style-src 'self' 'unsafe-inline' mineralstage.wpengine.com *.typekit.net *.googleapis.com optimize.google.com; 2
default-src 'self' https://*.hornetsecurity.com https://*.nitrocdn.com;         object-src 'none';         connect-src 'self' https://*.hornetsecurity.com https://*.nitrocdn.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com         https://*.hotjar.io https://*.livechatinc.com https://www.google-analytics.com         wss://*.hotjar.com https://nominatim.openstreetmap.org https://cloud.elegantthemes.com         https://api.signalize.com https://*.analytics.google.com https://analytics.google.com https://api.typeform.com         https://*.hotjar.com https://www.etracker.de https://www.google.com.pk         https://get663.com https://www.google.de wss https://stats.g.doubleclick.net https://adservice.google.com         https://nitropack.io https://hornetsecurity.matomo.cloud https://yoast.com         https://to.getnitropack.com https://www.hornetsecurity.com https://api.wppopupmaker.com https://*.friendlycaptcha.com https://*.friendlycaptcha.eu;         script-src-elem 'self' 'unsafe-inline' blob: https://*.hornetsecurity.com https://*.nitrocdn.com         https://nitroscripts.com https://script.hotjar.com https://embed.typeform.com         https://www.googleadservices.com https://static.ads-twitter.com         https://cdn.jsdelivr.net https://*.kaspersky-labs.com https://pi.pardot.com https://*.livechatinc.com         https://api.signalize.com https://snap.licdn.com https://www.redditstatic.com https://connect.facebook.net         https://*.etracker.com https://tags.srv.stackadapt.com https://www.google.com https://maps.googleapis.com         https://*.hotjar.com https://www.etracker.de https://www.googletagmanager.com https://*.amazonaws.com         https://*.wistia.com https://fast.wistia.net https://platform.twitter.com http://cdn.livechatinc.com         http://cdn.pardot.com https://bat.bing.com https://www.gstatic.com https://www.google-analytics.com         https://nitropack.io https://cdn.matomo.cloud https://www.youtube.com https://cdnjs.cloudflare.com res;         worker-src blob: 'self' data: https://*.hornetsecurity.com https://*.nitrocdn.com;         style-src-elem 'self' 'unsafe-inline' https://*.hornetsecurity.com https://*.nitrocdn.com         https://www.googletagmanager.com https://api.signalize.com https://www.gstatic.com https://embed.typeform.com         https://use.fontawesome.com https://unpkg.com https://stackpath.bootstrapcdn.com https://*.googleapis.com         https://tags.srv.stackadapt.com https://cdnjs.cloudflare.com https://adblockers.opera-mini.net         https://*.kaspersky-labs.com https://fast.wistia.com data https://www.hornetsecurity.com;         frame-src 'self' https://lcweb.dikelicensing.com https://*.hornetsecurity.com https://*.nitrocdn.com         https://www.youtube-nocookie.com https://*.livechatinc.com https://html5-player.libsyn.com https://form.typeform.com         https://fast.wistia.net https://fast.wistia.com https://www.altaro.com https://www.youtube.com https://*.frcapi.com;         media-src 'self' https://*.hornetsecurity.com https://*.nitrocdn.com         https://cdn.livechatinc.com data https://ssl.gstatic.com;         img-src 'self' data: https://*.hornetsecurity.com https://*.nitrocdn.com https://www.linkedin.com         https://*.openstreetmap.org         https://ps.w.org https://cdn.gravity.com https://www.google-analytics.com https://bat.bing.com         https://www.facebook.com https://t.co https://px.ads.linkedin.com https://cdn.livechat-static.com         https://www.elegantthemes.com https://analytics.twitter.com https://alb.reddit.com https://www.google.com.ni         https://googleads.g.doubleclick.net android-webview-video-poster https://www.google.com.vn https://*.wistia.com         https://fast.wistia.net https://www.google.cn https://spamina.com https://www.google.az https://www.google.bs         https://www.google.mg https://www.google.com.tw https://www.google.com.lb https://www.google.com.ua         https://yastatic.net https://www.google.co.ug https://www.google.com.bo https://www.google.mn         https://www.google.com.qa https://www.google.co.bw https://www.hornetsecurity.com https://www.google.co.zw         https://www.google.com.kw blob file https://youtu.be https://www.google.is https://umt.ag https://www.google.iq         https://www.google.com.bn https://www.gstatic.com https://nitropack.io https://pos.baidu.com https://www.google.com.om https://www.google.sc https://www.google.sn https://assets.msn.com https://hornetsecurity.matomo.cloud https://www.google.com.jm https://www.google.am https://seclinks.cloud-security.net https://www.heise.de https://www.google.de https://www.google.com https://www.google.tg;         script-src eval 'self' 'unsafe-inline' 'unsafe-eval' https://*.hornetsecurity.com https://*.nitrocdn.com https://www.google.com https://cdn.livechatinc.com https://cdn.matomo.cloud https://www.youtube.com;         frame-ancestors 'self' https://*.hornetsecurity.com https://*.nitrocdn.com;         style-src 'self' 'unsafe-inline' https://*.hornetsecurity.com https://*.nitrocdn.com https://fonts.googleapis.com;         font-src 'self' data: https://*.hornetsecurity.com https://*.nitrocdn.com https://fonts.cdnfonts.com         https://fonts.gstatic.com https://cdn.livechatinc.com         https://github.com https://cdnjs.cloudflare.com;         child-src blob;         base-uri about https://www.xing.com; 2
default-src 'self' www.google.com www.googletagmanager.com storage.googleapis.com www.youtube.com secure.livechatinc.com *.stripe.com truevalue.fisherprinting.net ezadtv.app.ezai.io; connect-src 'self' *.facebook.com www.googletagmanager.com www.google-analytics.com api.ezai.io analytics.google.com vc.hotjar.io wss://ws.hotjar.com content.hotjar.io truevalue.fisherprinting.net api.livechatinc.com; font-src * data:; img-src * data:; script-src * connect.facebook.net 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'unsafe-inline'; 2
child-src 'self' blob:;connect-src * ws-mt1.pusher.com https://accounts.google.com/gsi/;default-src 'self' assets.travix.com *.cdn-net.com;img-src 'self' * data:;font-src 'self' data: assets.travix.com fonts.googleapis.com fonts.gstatic.com js.skyscnr.com;object-src 'self';media-src 'self';manifest-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https: cdnjs.cloudflare.com/polyfill assets.travix.com six.cdn-net.com tagmanager.google.com *.criteo.com *.cdn-net.com *.doubleclick.net *.facebook.net *.facebook.com *.googleadservices.com ad.zanox.com ads.travelaudience.com adservice.google.com analytics.skyscanner.net awin1.com bat.bing.com cdn.pushalert.co ck.ncclick.co.kr click.accesstrade.in.th clkuk.tradedoubler.com connect.facebook.net deploy.mopinion.com ds1.nl dwin1.com emjcd.com google-analytics.com googletagmanager.com securepubads.g.doubleclick.net kayak.com static.ads-twitter.com t.cfjump.com t1.daumcdn.net tm.tradetracker.net track.adform.net track.omguk.com tradedoubler.net ts.tradetracker.net wcs.naver.net *.creativecdn.com cars.cartrawler.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://accounts.google.com/gsi/client *.cartrawler.com static.assets.uat.trip.travix.com static-assets.travix.com;style-src 'self' 'unsafe-inline' blob: https://accounts.google.com/gsi/style fonts.googleapis.com tagmanager.google.com googletagmanager.com cars.cartrawler.com product-router.cartrawler.com d6tizftlrpuof.cloudfront.net https://accounts.google.com/gsi/style *.cartrawler.com;frame-src www.booking.com *.bstatic.com *.doubleclick.net ogone-tpp.prd.travix.com aci-tpp.prd.travix.com centinelapi.cardinalcommerce.com pay.google.com *.cdn-net.com product-router.cartrawler.com https://claims.cloud.hopper.com/ https://checkout.paypal.com/ https://www.sandbox.paypal.com/ https://www.paypal.com/ *.cardinalcommerce.com https://www.google.com/maps/ https://www.youtube.com/embed/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ *.creativecdn.com https://accounts.google.com/gsi/ *.trip.com;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests 2
frame-ancestors 'self' cdn.matrixlms.com 2
frame-ancestors 'self' https://*.rapid7.com 2
frame-ancestors 'self' * 2
base-uri 'self'; script-src 'report-sample' 'unsafe-eval' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-8hfDTWqu8k9HvHzrkzt+xhtPpKaUxiTKKafbnLtHZCs=' 'sha256-SMUeP6E2pMrxXZ8/eWo6OvoLUN6jMLYb5qEUgHaaDrA=' 'sha256-EUBEF5WvTGqk0hm+1BG7zR6I+6+DGb6OOh8cyLSJhBk=' 'sha256-EVfbJoCaYvQGy63aF4IaFkCgygoCP13tlf39WBoqnmQ=' 'sha256-XnNQECY9o+nIv2Qgcd1A39YarwxTm10rhdzegH/JBxY=' 'sha256-0XMgg4rqcxPYJ6gk7kILQRAbBe9xK3+Ik6iWqGJcYWg=' 'sha256-g8iVyamDwt3OeOKt7rpBJ01H71OFT38TNW31YoDqtg4=' 'sha256-L0DnDaq26Adb1CiOJaNeUyPd9e4qJm+x6Ywtoa+S3+4=' 'sha256-U7KwF5KvWsJaK9Am2TfiRzMq4/MU6CWFj0mfRqtZkfA=' 'sha256-910MBH4o0XYmt2KdyUfPUnjODdvSFGgoCIXR7njrfSw=' 'sha256-nwrPrPUzetXBOU2PA9lEiV0YlyEa2u1K1E9PzmP4iY8=' 'sha256-mjdgHR9aXy+6OwAGlNS/XgNcYG1Uhd2U4pl8vi7+XCY=' 'sha256-/bm28XTHBk/2+8w4OK5Z3PKsnHRjh6YGqEZrDmAzpxo=' 'sha256-un4Od7TXS3yFrOZTtMAVbkJ1wXe6c2+09LvfoBl4jh4=' 'sha256-fe+DmxUPcLoM27k80UR5jvvr4aLfF0rSHKV5SemJPzg=' 'sha256-qo1RuSBojC8D1TICoE4IFgVurx/k8U1oZK9MRDE/KlE=' 'sha256-mRKioI8+U/Z6IlUernsYX+VQ/+1ZmIz0Exd6vI7EZNY=' 'sha256-Gjk/4NYwu3CbqK8Gj2MWMzyS9v/i8sLwf6xwP/oH5M8=' 'sha256-hRyOf0WLnTNjcFQ90fQeHumVAWjriqpnqRUaI6h1vj0=' 'sha256-8W8281SYt1k0eR9Y0z66gdPlhw9xO1U+Pwx9xjYYfwo=' 'sha256-q5qXN11uZHDKvdYtrAbOosaCyKbZxuxxNck525tOrsk=' 'sha256-PGwKPKtgIFR7BBaTEzRxRl4FWV1uufjCt5TVa6TI12k=' 'sha256-W0QY3aFcPnZSSetdi5gTeKy2IQMi3eCafbIVKAa20Zg=' 'sha256-aroGK3JMjlNu/zPuSeivrWD3UC/3tMaU+UuxKWdimpM=' 'sha256-ky6kwALluZeYIOUb67vYvNIm+6GYo9ZIpE5+6fUAbiU=' 'sha256-hMbRFabSSL7CIDsoqw8tkSvYtzZ1NeJqQyhGZdSdnxQ=' 'sha256-ceLZobD9Q86jstPOfW76BNTxXlZ7mTw0PF66debOnx4=' 'sha256-X2HVLVOvP9Opbf0ClAql73Fbwflss+KO544zddICf4U=' 'sha256-aZTZsmwqKP8HIwXU9SL0uRZWX9soMifegql0XmccYEw=' 'sha256-1rN3TBB70ehRoaiW/CvP3GHTNFr593iDXloGmle9JiY=' 'sha256-x1FQfFjfHqekbV7feKwmQ6gSdooZVGPGLXw1OK5YdiI=' 'sha256-yri+yF9cdn4VkD2uOCWeqlkqpeFZ/SmhDMhon/fQzEc=' 'sha256-XjcRVp58oyAqZCEyhIdbxI6UjLqnQdmi6PBfRy1+BgA=' 'sha256-bQXNx2wNfK+Khvyw++rw7cScVp1Eo8GHhINrXBvF2Kc=' 'sha256-Kqjmds221Sxp42v6MMfVXhclGVC7fCZX4ESjxL3gVLw=' 'sha256-mK2LcNpqkDcXTppsyMqneuE6GEJ5j+7REt0lTsRKUUU=' 'sha256-fCl5PYrISg7MPsnIeZ+T6npnLgyi68m9NcGT5ONA6pI=' 'sha256-H50ABvo0XriiYrFw1nag3drPHQoIE34FfOWFzlCHy3E=' 'sha256-wE+KqdimW+7MWcIE1UdqfODsz8hgcsyd2YuAQ4gVmTY=' 'sha256-MaUq5Wt30Bl8clIlW7/zvNPuKmnZdlAxopQigKrPLso=' 'sha256-I3J1LKXta0FJ/3+aa+dBNCE5dV3fjcG7p7ulnbtcMp0=' 'sha256-zpqVdE6ttrmhTiPbjKj6s39iaE9RMfzNp6aF7UKwtBY=' 'sha256-8kotGhRmEBiesu8MHsrDeRTEpj3SSDokReILPbeA37I=' 'sha256-OyfHFA4tRzHfTynnYncdFb31ISeCD7Am01txqn+O4ys=' 'sha256-DMT61jx96o8Zt4O6NPLDbLFDtyQSPa4zNGgdA8jCqF4=' 'sha256-cdJLDgaTPPJz9rqWbXcX70modqLshn8Wti8X7csGKLs=' 'sha256-Ubpp3UAuqVQ2aqrQydRcFipkEq08tYYEskh9QC1G50Q=' 'sha256-savpz652hUrFSTNoRdzTuvttLoQ8UN1p2KhaqZs4RFo=' 'sha256-d7o/iD0TcPtTf9pAbqA9aa2qsmdqPtbqxI3YMwTtrrA=' 'sha256-vKTtXqBsPdGS4/zx94PM36gvdxCJ/Ax00pQQzPjQipM=' 'sha256-JX/B96MKyLyvkF8KBl3WNnl4E4qTPbCHIVjK18Wsrv4=' 'self' www.linkedin.com/autofill/js/autofill.js static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com content.linkedin.com snap.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com sjs.bizographics.com *.salesforceliveagent.com bcvipva02.rightnowtech.com bcvipac02.rightnowtech.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net cdn.linkedin.oribi.io cdn.tt.omtrdc.net bat.bing.com connect.facebook.net cdn.walkme.com gist.github.com embedr.flickr.com; worker-src 'none'; frame-ancestors 'self' *.linkedin.com experience.adobe.com; frame-src blob: lnkd-communities: voyager: *; connect-src wss: blob: data: *; img-src blob: data: android-webview-video-poster: *; media-src blob: data: *; style-src 'unsafe-inline' *; form-action 'self' *.linkedin.com linkedin.secure.force.com linkedinresearch.qualtrics.com *.salesforceliveagent.com linkedin.my.salesforce-sites.com; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=m 2
default-src https: 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com; img-src https: data:; connect-src wss://*.tawk.to *.tawk.to *.lobbes.nl *.lobbesspeelgoed.be *.lobbesspielzeug.de *.lobbesjouet.fr *.icecat.biz bat.bing.com www.google-analytics.com stats.g.doubleclick.net squeezely.tech *.trustedshops.com *.trustbadge.com *.clic2buy.com trustbadge.api.etrusted.com *.etrusted.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.com *.facebook.net *.click2buy.com *.clic2drive.com *.convertexperiments.com *.plausible.io https://googleads.g.doubleclick.net *.cookiebot.com https://cookiebot.com https://plausible.io *.beslist.nl; report-uri https://www.lobbes.nl/CspReport; report-to https://www.lobbes.nl/CspReport; 2
frame-ancestors 'self' https://*.elastic.co https://elasticsandbox.docebosaas.com https://elastic.docebosaas.com https://www.gather.town; 2
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.youtube.com s.ytimg.com cm.g.doubleclick.net soma.smaato.net us-u.openx.net bossgmarketingmedia.blob.core.windows.net tags.bluekai.com x.bidswitch.net s.acxiomapac.com trc.taboola.com *.fls.doubleclick.net *.facebook.net *.facebook.com *.adobedtm.com *.demdex.net ocbcbosdev.112.2o7.net *.ocbc.demdex.net *.everesttech.net *.tt.omtrdc.net *.omtrdc.net *.bankofsingapore.com *.partnerID.demdex.hnet insight.adsrvr.org *.sqreemtech.com *.googletagmanager.com *.doubleclick.net *.google.com *.googleapis.com *.linkedin.com px.ads.linkedin.com snap.licdn.com linkedin.com px4.ads.linkedin.com sjs.bizographics.com p.adsymptotic.com *.xerevo.com https://anchor.fm; img-src 'self' 'unsafe-inline' *.google.com *.googleapis.com bossgmarketingmedia.blob.core.windows.net *.google.com.sg *.google-analytics.com stats.g.doubleclick.net cm.g.doubleclick.net soma.smaato.net us-u.openx.net tags.bluekai.com x.bidswitch.net s.acxiomapac.com trc.taboola.com *.fls.doubleclick.net *.facebook.net *.facebook.com assets.adobedtm.com dpm.demdex.net ocbcbosdev.112.2o7.net fast.ocbc.demdex.net *.tt.omtrdc.net *.sc.omtrdc.net *.omtrdc.net smetrics.bankofsingapore.com *.everesttech.net fast.partnerID.demdex.hnet insight.adsrvr.org *.sqreemtech.com *.googletagmanager.com *.doubleclick.net *.google.com *.googleapis.com dc.ads.linkedin.com px.ads.linkedin.com snap.licdn.com linkedin.com p.adsymptotic.com *.xerevo.com; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.doubleclick.net *.google.com *.googleapis.com; child-src 'self' *.ocbc.com; frame-src 'self' *.ocbc.local *.ocbc.com productgroup.bankofsingapore.com *.youtube.com bossgmarketingmedia.blob.core.windows.net cm.g.doubleclick.net soma.smaato.net us-u.openx.net tags.bluekai.com x.bidswitch.net s.acxiomapac.com trc.taboola.com *.fls.doubleclick.net *.facebook.net *.facebook.com assets.adobedtm.com ocbcbosdev.112.2o7.net ocbc.demdex.net *.demdex.net *.tt.omtrdc.net smetrics.bankofsingapore.com *.everesttech.net fast.partnerID.demdex.hnet insight.adsrvr.org *.sqreemtech.com *.googletagmanager.com *.doubleclick.net *.google.com *.googleapis.com *.demdex.net https://anchor.fm; media-src 'self' 'unsafe-inline' productgroup.bankofsingapore.com bossgmarketingmedia.blob.core.windows.net *.youtube.com cm.g.doubleclick.net *.facebook.net *.facebook.com assets.adobedtm.com *.doubleclick.net *.google.com *.googleapis.com; connect-src 'self' 'unsafe-inline' *.google-analytics.com assets.adobedtm.com dpm.demdex.net ocbcbosdev.112.2o7.net fast.ocbc.demdex.net *.tt.omtrdc.net smetrics.bankofsingapore.com *.amazonaws.com *.googletagmanager.com *.google.com *.googleapis.com snap.licdn.com cdn.linkedin.oribi.io gw.linkedin.oribi.io ocbc.sc.omtrdc.net stats.g.doubleclick.net stats.g.doubleclick.net; 2
connect-src 'self'   https://*.friendlycaptcha.com/ https://vimeo.com https://hcaptcha.com https://apm-web.index-education.com/ https://*.hcaptcha.com ndx.plus *.ndx.plus https://*.index-education.com http://*.index-education.com http://*.datatables.net;default-src 'self'  ndx.plus *.ndx.plus https://*.index-education.com http://*.index-education.com;frame-ancestors 'self' ;frame-src   *.index-education.france https://hcaptcha.com https://*.hcaptcha.com https://static.scelliuspaiement.labanquepostale.fr *.openstreetmap.org http://*.index-education.net https://*.index-education.net *.hyperplanning.fr http://*.vimeo.com https://vimeo.com https://*.vimeo.com https://www.youtube.com https://*.index-education.com http://*.index-education.com http://index-education.com https://app.mailjet.com;media-src 'self'  https://*.vimeo.com https://vimeo.com https://*.index-education.com http://*.index-education.com;object-src 'self'  *.index-education.france *.index-education.com;script-src 'self'  'unsafe-inline' 'unsafe-eval' ndx.plus *.ndx.plus  https://hcaptcha.com https://*.hcaptcha.com https://static.scelliuspaiement.labanquepostale.fr *.licdn.com *.tiny.cloud *.adobe.com *.cloudflare.com https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com *.datatables.net https://*.index-education.com http://*.index-education.com http://index-education.com https://app.mailjet.com;style-src 'self'  'unsafe-inline' https://hcaptcha.com ndx.plus *.ndx.plus https://*.hcaptcha.com https://static.scelliuspaiement.labanquepostale.fr https://*.index-education.com http://*.index-education.com;font-src 'self'  ndx.plus *.ndx.plus https://*.index-education.com http://*.index-education.com *.index-education.net data:;connect-src 'self'   https://*.friendlycaptcha.com/ https://vimeo.com https://hcaptcha.com https://apm-web.index-education.com/ https://*.hcaptcha.com ndx.plus *.ndx.plus  https://forum-dev.index-education.com http://*.index-education.com http://*.datatables.net;default-src 'self'  *.bootstrapcdn.com ndx.plus *.ndx.plus https://*.index-education.com http://*.index-education.com;frame-ancestors 'self' ;frame-src   *.index-education.france https://hcaptcha.com https://*.hcaptcha.com https://static.scelliuspaiement.labanquepostale.fr *.openstreetmap.org http://*.index-education.net https://*.index-education.net *.hyperplanning.fr http://*.vimeo.com https://vimeo.com https://*.vimeo.com https://www.youtube.com https://*.index-education.com http://*.index-education.com http://index-education.com https://app.mailjet.com;media-src 'self'  https://*.vimeo.com https://vimeo.com https://*.index-education.com http://*.index-education.com;object-src 'self'  data:* *.index-education.france *.index-education.com;script-src 'self'  'unsafe-inline' 'unsafe-eval' ndx.plus *.ndx.plus  https://hcaptcha.com https://*.hcaptcha.com https://static.scelliuspaiement.labanquepostale.fr *.licdn.com *.tiny.cloud *.adobe.com *.cloudflare.com https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com code.jquery.com *.datatables.net https://*.index-education.com http://*.index-education.com https://*.bootstrapcdn.com http://index-education.com https://app.mailjet.com;style-src 'self'  'unsafe-inline' https://hcaptcha.com ndx.plus *.ndx.plus https://*.hcaptcha.com https://static.scelliuspaiement.labanquepostale.fr *.bootstrapcdn.com https://*.index-education.com http://*.index-education.com;font-src 'self'  *.bootstrapcdn.com ndx.plus *.ndx.plus https://*.index-education.com http://*.index-education.com *.index-education.net data:;worker-src 'self' blob: https://*.index-education.com;img-src 'self'  https://*.index-education.com ndx.plus *.ndx.plus *.linkedin.com blob: data:; 2
object-src 'none'; script-src * 'unsafe-eval' 'unsafe-inline' blob: data:; base-uri 'self' 2
default-src data: blob: 'unsafe-inline' 'self' *.domainoo.com images.prismic.io 2
frame-ancestors 'self'; object-src 'self'; 2
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-ancestors 'self' 2
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; connect-src 'self' *.amazonaws.com *.amazoncognito.com api.pwnedpasswords.com; frame-ancestors 'self' sf360.com.au; frame-src 'self' https://www.google.com/recaptcha/ 2
frame-ancestors https://*.ringcentral.com https://*.ringcentral.ca https://*.ringcentral.co.uk https://*.ringcentral.com.au https://*.ringcentral.eu https://support.ringcentral.biz https://outlook.live.com https://outlook.office365.com https://outlook.office.com 2
frame-ancestors 'self' https://*.zbj.com https://*.tianpeng.com https://*.chatm.com https://*.mysipo.com https://*.zhubajie.la *.zbjdev.com hljcg.hlj.gov.cn *.qjzbj.com 2
default-src 'self' 'unsafe-inline' *.sernet.de *.usercentrics.eu; style-src 'self' 'unsafe-inline'; img-src 'self' *.usercentrics.eu *.prive.eu; frame-ancestors 'self' 2
frame-ancestors https://*.pironet-ndh.com:4433 'self' 2
frame-ancestors 'self' https://*.axesor.es https://*.google.es https://*.google.com; 2
frame-ancestors https://www.iway.ch https://www.sak-digital.ch https://freerideict.ch https://www.crossdata.ch https://www.telcomnet.ch https://www.rhone.ch https://www.uli-l.ch https://www.pc-zbinden.ch https://www.2com.ch https://www.jpag.ch https://www.bluenetsys.ch https://www.bluenetworksystems.ch https://www.agiba.ch https://agiba.ch https://www.ewh.ch https://isptv.ch/ https://www.isptv.ch/ https://profifon.ch https://starnet24.com/ https://www.jobs.ch/ 2
default-src 'self' * data:; font-src 'self' * data:; frame-src *; img-src * data: android-webview-video-poster:; media-src * data: blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; worker-src * blob:; frame-ancestors 'self' https://verizonconnect.getambassador.com/; 2
default-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com; script-src 'self' 'unsafe-eval' 'sha256-gRDEu9VjFgoCHl/dpm5jryxzl9WjRjZwU3fnyZ7cJIE=' https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com  https://www.google.com https://www.gstatic.com 'sha256-P90+IJUMHWXZlYpnQCzMlWRCBCmXPNM7ixjroel4370=' 'sha256-vN1bFh7BNh0zvnVo/MbagsEueHabWoRTFDCvjDlQpBk='; frame-src 'self' https://www.google.com; img-src 'self' data: https://www.google.com.vn; connect-src 'self' https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net; 2
frame-ancestors 'self' http://renaissance.lookbookhq.com https://renaissance.lookbookhq.com http://renaissance.pathfactory.com https://renaissance.pathfactory.com http://content.renaissance.com https://content.renaissance.com 2
default-src 'self' blob: *.energieag.at news.netzooe.at energieag.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com *.vimeo.com i.ytimg.com connect.facebook.net app.adwordsagentur.at s.ksrndkehqnwntyxlhgto.com *.hotjar.com *.hotjar.io  wss://*.hotjar.com www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.de *.google.com google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info *.marketingsuite.info sc-static.net *.konzertmeister.app *.podigee-cdn.net *.podigee.com *.podigee.io marketing.piwik.pro energieag.containers.piwik.pro energieag.piwik.pro empathy-portal.de eag.viewer.cit-fusion.com *.adition.com *.powerbi.com cdnjs.cloudflare.com www.youtube-nocookie.com *.ytimg.com *.googlesyndication.com streamio.com energieag.current-picturepark.com *.mouseflow.com github.com wss://*.cognigy.ai *.cognigy.ai *.githubusercontent.com maps.google.de *.fliphtml5.com cdn.jsdelivr.net *.spotify.com 'unsafe-inline' 'unsafe-eval' data: 2
frame-ancestors 'self'; frame-src  *.facebook.com *.google.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.fontawesome.com *.versio.nl *.freshdesk.com *.freshchat.com *.typeform.com *.hsforms.com *.doubleclick.net *.yourhosting.nl *.cookiebot.com 2
frame-ancestors 'self' *.gestionradioqc.com *.cogecolive.com;upgrade-insecure-requests 2
default-src * 'unsafe-inline'; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * data:; font-src * data:; worker-src * blob:; 2
object-src; worker-src 'self' blob: *.cyres.fr ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com *.cyres.fr *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.google-analytics.com *.youtube.com cdn-cookieyes.com code.createjs.com; frame-src 'self' *.youtube.com *.google.com;font-src 'self' https://www.cyres.fr https://cyres.fr https://fonts.gstatic.com data:; 2
default-src * 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: blob:; font-src * 'self' data:; 2
frame-ancestors 'self' shopmetrics.com *.shopmetrics.com gigspot.com *.gigspot.com *.velocity.online; object-src 'self'; report-uri /CSPEndpoint.aspx; report-to default; 2
frame-ancestors 'self' https://student-stg.elsanow.co https://student.elsaspeak.com 2
frame-ancestors 'self' *.humacom.com *.iofbonehealth.org *.osteoporosis.foundation 2
base-uri zonapagos.com *.zonapagos.com 2
frame-ancestors 'self' https://app.storyblok.com; 2
frame-ancestors 'self' https://boobyday.com https://preprod.boobyday.com https://payment.morning.cat 2
frame-ancestors 'self' https://splytech.io https://*.splytech.io 2
frame-ancestors 'self' https://jobsearch.createyourowncareer.com  https://www.benet.bertelsmann.com https://www.benet.bertelsmann.de; 2
frame-ancestors 'self' https://www.centerparcs.fr/booking/ https://www.centerparcs.nl/booking/ https://www.centerparcs.de/booking/ https://www.centerparcs.com/booking/ https://www.centerparcs.eu/booking/ https://www.centerparcs.ch/booking/ https://www.centerparcs.be/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: ws: *.bankofamerica.com *.ml.com institute1.bofa.com bcbolt446c5271-a.akamaihd.net bcsecure01-a.akamaihd.net brightcove04pmdo-a.akamaihd.net hlsak-a.akamaihd.net hslsslak-a.akamaihd.net www.ustrust.ml.bac-assets.com www1.bac-assets.com c.betrad.com cf-images.us-east-1.prod.boltdns.net manifest.prod.boltdns.net edge.api.brightcove.com metrics.brightcove.com sadmin.brightcove.com secure.brightcove.com players.brightcove.net api.company-target.com cdn.cookielaw.org data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com dpm.demdex.net 1359940.fls.doubleclick.net www.glance.net storage.glancecdn.net www.glancecdn.net www.myglance.net cobrowse-location.glance.net s1056.glance.net www-bofa.myglance.net cdn-bofa.myglance.net googleads.g.doubleclick.net stats.g.doubleclick.net c.evidon.com dgcollector.evidon.com l.evidon.com www.facebook.com adservice.google.com cct.google.com www.google.com www.googleadservices.com www.google-analytics.com maps.googleapis.com www.googletagmanager.com maps.gstatic.com dc.ads.linkedin.com etui.fs.ml.com rg.ml.com bankofamerica.tt.omtrdc.net cdn.tt.omtrdc.net mboxedge34.tt.omtrdc.net akamai.tiqcdn.com tags.tiqcdn.com analytics.twitter.com vjs.zencdn.net cdnapisec.kaltura.com analytics.kaltura.com cfvod.kaltura.com geolocation.onetrust.com *.glance.net assets.adobedtm.com;font-src 'self' http: https: vjs.zencdn.net data:; 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livingstonintl.com *.livingston.com lii-mkt-content.s3.amazonaws.com pi.pardot.com *.cassiecloud.com *.wistia.com static.ada.support js.zi-scripts.com script.hotjar.com https://static.hotjar.com/ *.chilipiper.com *.forchili.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.google.com https://www.google.com/recaptcha/api.js *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com https://secure.geobytes.com/ https://connect.facebook.net/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://api.fouanalytics.com;style-src 'self' 'unsafe-inline' *.livingstonintl.com *.livingston.com lii-mkt-content.s3.amazonaws.com fonts.googleapis.com *.cassiecloud.com www.googletagmanager.com;object-src 'none';base-uri 'self';connect-src 'self' *.livingstonintl.com *.livingston.com lii-mkt-content.s3.amazonaws.com *.cassiecloud.com ipapi.co js.zi-scripts.com *.chilipiper.com *.forchili.com *.ada.support ws.zoominfo.com *.wistia.com https://*.litix.io analytics.google.com *.analytics.google.com *.googleapis.com www.google-analytics.com stats.g.doubleclick.net https://px.ads.linkedin.com/ https://api.fouanalytics.com;font-src 'self' data: *.livingstonintl.com *.livingston.com *.gstatic.com *.wistia.com;frame-src 'self' *.livingstonintl.com *.livingston.com *.ada.support td.doubleclick.net https://www.google.com/ https://www.youtube.com *.chilipiper.com *.forchili.com;img-src 'self' data: *.livingstonintl.com *.livingston.com lii-mkt-content.s3.amazonaws.com cscript-cdn-use.cassiecloud.com *.wistia.com www.google-analytics.com www.google.com www.googletagmanager.com *.gstatic.com *.googleapis.com secure.gravatar.com *.chilipiper.com https://www.facebook.com/ https://px.ads.linkedin.com/ https://www.linkedin.com/;manifest-src 'self';media-src 'self' blob: *.livingstonintl.com *.livingston.com lii-mkt-content.s3.amazonaws.com;worker-src 'none'; 2
base-uri 'self';	default-src 'self';	connect-src 'self' https://reseau.coraxis.fr/ https://faq.coraxis.fr/ https://whois.coraxis.fr/;	style-src 'unsafe-inline' 'self' https://css.transform.coraxis.fr https://fonts.googleapis.com https://cdnjs.cloudflare.com https://uicdn.toast.com; font-src 'self' https://css.transform.coraxis.fr https://fonts.googleapis.com https://fonts.gstatic.com; 	script-src 'unsafe-inline' 'unsafe-eval' 'self' https://js.transform.coraxis.fr https://www.gstatic.com https://www.google.com/recaptcha/ https://maps.googleapis.com https://cdnjs.cloudflare.com https://uicdn.toast.com https://blueimp.github.io https://ajax.googleapis.com; 	img-src 'self' https://media.transform.coraxis.fr https://js.transform.coraxis.fr https://css.transform.coraxis.fr https://maps.googleapis.com https://maps.gstatic.com data:;  child-src 'self' https://www.youtube.com https://www.google.com/recaptcha/;	media-src 'self';	form-action 'self'   https://faq.coraxis.fr/ https://admin.coraxis.fr;	frame-ancestors 'self'; 2
base-uri 'self'; child-src 'self'; connect-src 'self' https://*.altice.pt https://*.meo.pt https://*.engagement.coremedia.cloud wss://*.engagement.coremedia.cloud https://*.byside.com wss://*.byside.com https://cdn-api-weglot.com https://*.google-analytics.com https://*.analytics.google.com https://*.inmobi.com https://cmp.quantcast.com https://*.cmp.quantcast.com https://pixel.quantcount.com https://*.weglot.com https://*.doubleclick.net https://gateway.zscaler.net; default-src 'self'; font-src 'self' data: https://*.altice.pt https://fonts.gstatic.com https://gateway.zscaler.net; form-action 'self' https://*.engagement.coremedia.cloud https://*.byside.com https://gateway.zscaler.net; frame-ancestors 'self' https://www.altice.pt https://gateway.zscaler.net; frame-src 'self' https://*.engagement.coremedia.cloud https://*.byside.com https://cdn.embedly.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://gateway.zscaler.net; img-src 'self' data: https:; media-src 'self' data:; report-to cspenforce; report-uri https://cspreport.apps.meo.pt/Services/Rest.svc/CSP/Oy7m2UgneY/Enforce; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.altice.pt https://*.meo.pt https://*.engagement.coremedia.cloud https://*.byside.com https://*.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://*.inmobi.com https://cmp.quantcast.com https://rules.quantcount.com https://secure.quantserve.com https://*.weglot.com https://connect.facebook.net https://gateway.zscaler.net https://quantcast.mgr.consensu.org; style-src 'self' 'unsafe-inline' https://*.altice.pt https://fonts.googleapis.com https://www.gstatic.com https://cdn.weglot.com https://gateway.zscaler.net; worker-src 'self'; object-src 'none' 2
default-src  'self' ; img-src      'self' 'unsafe-inline' 'unsafe-eval' data: *.esputnik.com *.cloudflare.com *.githubusercontent.com *.openstreetmap.org *.facebook.com *.facebook.net *.ta-da.ua *.ta-da.net.ua *.ta-da.com.ua ta-da.ua;  script-src   'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.esputnik.com *.google.com *.bitrix24.ua *.facebook.net *.facebook.com *.googleapis.com *.googletagmanager.com *.ta-da.ua *.ta-da.net.ua *.ta-da.com.ua *.google-analytics.com *.hotjar.com;  script-src-elem   'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.esputnik.com *.google.com *.bitrix24.ua *.facebook.net *.facebook.com *.googleapis.com *.googletagmanager.com *.ta-da.ua *.ta-da.net.ua *.ta-da.com.ua *.google-analytics.com *.hotjar.com;  style-src    'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bitrix24.ua *.ta-da.ua *.ta-da.net.ua *.ta-da.com.ua;  font-src     'self' data: *.gstatic.com *.googleapis.com *.bitrix24.ua *.ta-da.ua *.ta-da.net.ua *.ta-da.com.ua;  frame-src    'self' *.openstreetmap.org *.google.com *.facebook.com *.facebook.net *.ta-da.ua *.ta-da.net.ua *.ta-da.com.ua;  object-src   'self' *.ta-da.ua *.ta-da.net.ua *.ta-da.com.ua;  connect-src  'self' *.esputnik.com https://esputnik.com *.ta-da.ua *.ta-da.net.ua *.ta-da.com.ua *.googleapis.com *.google-analytics.com *.sentry.io *.facebook.net *.facebook.com;  2
frame-ancestors https://*.teknikproffset.se https://pj-guiding-content.sanity.studio 'self' 2
script-src-elem link.sportsgirl.com.au *.wufoo.com *.pinterest.com *.jotform.com *.jotfor.ms *.squarecdn.com *.hotjar.com *.rmp.rakuten.com *.facebook.net *.googletagmanager.com *.api.useinsider.com foursixty.com *.adsrvr.org *.scarabresearch.com *.plugins.emarsys.net stockinstore.net *.reloop.com.au *.resultspage.com *.pinimg.com *.bing.com *.tiktok.com *.newrelic.com *.google-analytics.com https://wisepops.net *.wisepops.com https://3739-1.sli-r.com/r-api/ https://googleads.g.doubleclick.net *.stockinstore.net *.cloudflare.com https://maps.googleapis.com *.afterpay.com *.addressfinder.io https://www.google.com https://www.gstatic.com *.sli-r.com *.braintreegateway.com *.paypal.com https://ap-gateway.mastercard.com *.zdassets.com https://www.googleadservices.com https://staticw2.yotpo.com https://tpc.googlesyndication.com https://jp-tags.rd.linksynergy.com api.neverbounce.com *.forter.com *.surveymonkey.com *.googleapis.com *.kaltura.com *.creativecdn.com *.sli-spark.com *.useinsider.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem *.jotfor.ms *.sli-r.com https://foursixty.com/ *.resultspage.com *.stockinstore.net https://assets.api.useinsider.com/ *.addressfinder.io https://fonts.googleapis.com https://staticw2.yotpo.com *.creativecdn.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com 'unsafe-inline' data: *.gstatic.com *.typekit.net *.stockinstore.net *.afterpay.com *.hotjar.com *.useinsider.com *.yotpo.com *.googleapis.com *.jotfor.ms *.slant.co cdn.neverbounce.com *.cdnfonts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * link.sportsgirl.com.au link.sussan.com.au 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.mastercard.com *.adsrvr.org *.useinsider.com *.linksynergy.com *.tiktok.com *.hotjar.com *.doubleclick.net *.demdex.net *.reloop.com.au *.myunidays.com *.facebook.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.yotpo.com bid.g.doubleclick.net *.youtube-nocookie.com *.bolt.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk * *.pinterest.com https://bid.g.doubleclick.net *.cloudflarestream.com videodelivery.net *.surveymonkey.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.afterpay.com *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.paypal.com *.sportsgirl.com.au *.suzannegrae.com.au *.sussan.com.au *.cdninstagram.com *.gstatic.com *.googleapis.com *.google.com *.google.com.au *.google.co.nz *.google.com.ua *.google.by *.google.us *.google.de *.stockinstore.net *.rakuten.com *.afterpay.com *.nr-data.net *.adsrvr.org *.linksynergy.com *.bing.com *.doubleclick.net *.resultspage.com *.resultsstage.com *.resultsdemo.com *.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com *.wisepops.net *.useinsider.com *.omtrdc.net *.2o7.net *.adobedtm.com *.demdex.net *.everesttech.net *.reloop.com.au *.unidays.world www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com *.cloudfront.net *.jotfor.ms *.jotform.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com *.youtube.com https://site-assets.afterpay.com/ *.kaltura.com *.facebook.com *.pinterest.com *.sli-spark.com https://yotpo-editor-production.s3.amazonaws.com *.creativecdn.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googletagmanager.com *.addressfinder.io https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.plugins.emarsys.net *.scarabresearch.com tagmanager.google.com *.paypal.com *.resultspage.com *.resultsstage.com *.resultsdemo.com *.gstatic.com *.google.com *.sli-spark.com *.cloudfront.net *.sli-r.com *.mastercard.com *.googleapis.com https://connect.facebook.net http://connect.facebook.net *.doubleclick.net *.stockinstore.net http://stockinstore.net http://stockinstore.net/* *.cloudflare.com *.useinsider.com *.livechatinc.com *.adsrvr.org *.newrelic.com *.wisepops.com *.getwisp.co *.wisepops.net *.linksynergy.com *.rakuten.com *.afterpay.com *.nr-data.net *.bing.com *.hotjar.com *.tiktok.com *.omtrdc.net *.2o7.net *.adobedtm.com *.demdex.net *.everesttech.net *.reloop.com.au *.myunidays.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googleadservices.com *.yotpo.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk *.squarecdn.com https://hbiq.net songbirdstag.cardinalcommerce.com *.googleads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.addressfinder.io static.afterpay.com/ tagmanager.google.com fonts.google.com *.googleapis.com *.stockinstore.net http://stockinstore.net http://stockinstore.net/* *.resultspage.com *.resultsstage.com *.resultsdemo.com *.afterpay.com *.api.useinsider.com *.reloop.com.au *.hotjar.com unsafe-inline *.yotpo.com *.squarecdn.com assets.braintreegateway.com *.jotfor.ms 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: blob: *.kaltura.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.addressfinder.io static.afterpay.com *.scarabresearch.com *.eservice.emarsys.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.paypal.com *.braintree-api.com *.braintreegateway.com https://connect.facebook.net http://connect.facebook.net *.doubleclick.net *.stockinstore.net http://stockinstore.net http://stockinstore.net/* *.resultspage.com *.resultsstage.com *.resultsdemo.com *.cloudflare.com *.googleapis.com *.rakuten.com *.nr-data.net *.useinsider.com *.wisepops.com *.wisepops.net *.getwisp.co *.amplitude.com *.tiktok.com *.hotjar.com *.demdex.net *.everesttech.net *.adobedtm.com *.reloop.com.au *.myunidays.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com *.cloudfront.net https://wisepops.net/my-wisepop *.forter.com wisepops.net www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com vimeo.com *.bolt.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk *.cardinalcommerce.com *.google.com google.com *.afterpay.com *.sentry.io *.api.useinsider.com *.hotjar.io *.pinterest.com wss://ws.hotjar.com/api/v2/client/ws *.zdassets.com *.bing.com *.zendesk.com *.zendesk-eu.my.sentry.io https://www.google.com.au/ads/* https://www.google.com.au/ analytics.pangle-ads.com *.kaltura.com *.creativecdn.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' *.wistia.com *.hotjar.com www.google.com www.google.co.in pages.wcgclinical.com www.google-analytics.com *.doubleclick.net; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.wcgclinical.com trinitymedia.ai *.trinitymedia.ai *.cookielaw.org www.googletagmanager.com *.marketo.com *.marker.io pages.wcgclinical.com www.google-analytics.com www.googleadservices.com *.doubleclick.net *.hotjar.com unpkg.com *.unpkg.com *.marketo.net *.cloudfront.net *.mktoresp.com www.google.com *.cdntwrk.com snap.licdn.com *.wistia.com *.wistia.net wcgclinical.staging.wpengine.com widget.yeps.io www.buzzsprout.com gstatic.com *.gstatic.com pki.goog *.pki.goog *.google.com googleapis.com *.googleapis.com js.zi-scripts.com; style-src 'self' 'unsafe-inline' *.cloudfront.net fonts.googleapis.com pages.wcgclinical.com *.cdntwrk.com *.wcgclinical.com *.marketo.com; object-src 'self' *.wcgclinical.com *.wcgirb.com; base-uri 'self'; connect-src 'self' *.amazonaws.com *.googlesyndication.com *.cookielaw.org *.google-analytics.com *.linkedin.oribi.io *.onetrust.com *.doubleclick.net *.marker.io *.hotjar.io *.hotjar.com *.mktoresp.com *.hotjar.io *.wistia.com *.wistia.net fg8vvsvnieiv3ej16jby.litix.io *.yeps.io embedwistia-a.akamaihd.net js.zi-scripts.com; font-src 'self' fast.wistia.com fonts.gstatic.com data:; frame-src 'self' *.wcgclinical.com trinitymedia.ai *.trinitymedia.ai *.marker.io *.doubleclick.net *.hotjar.com *.google.com *.wistia.net *.wistia.com *.powerbi.com *.youtube.com *.vimeo.com wcgclinical.outgrow.us *.five9.com *.marketo.com www.buzzsprout.com data:; img-src 'self' www.wcgclinical.com www.wcgirb.com *.gravatar.com www.google-analytics.com www.googletagmanager.com www.google.com www.google.co.in *.cdntwrk.co *.cdntwrk.com *.wistia.net *.wistia.com *.fdanews.com via.placeholder.com wcgclinical.staging.wpengine.com embedwistia-a.akamaihd.net wcgclinical.wpengine.com px.ads.linkedin.com *.cookielaw.org data:; media-src 'self' *.wistia.com embedwistia-a.akamaihd.net embed-fastly.wistia.com data: blob:; worker-src 'self' blob:; 2
frame-src *; frame-ancestors *; 2
frame-ancestors 'none'; object-src 'none'; upgrade-insecure-requests 2
worker-src * data: blob: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' 2
default-src https: 'unsafe-eval' 'unsafe-inline' 2
child-src 'self' https://*.hotjar.com https://www.rightworks.com; connect-src 'self' https://*.6sc.co https://*.abtasty.com https://*.clarity.ms https://*.cvent.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.ba https://*.google.com https://*.googlesyndication.com https://*.happyfoxchat.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://*.mktoresp.com https://*.mutinycdn.com https://*.mutinyhq.com https://*.mutinyhq.io https://*.olark.com https://*.outbrain.com https://*.parsely.com https://*.reddit.com https://*.redditstatic.com https://*.sitesearch360.com https://*.storylane.io https://*.typeform.com https://*.wistia.com https://*.youtube.com https://cdn.linkedin.oribi.io https://designer-api.hu-manity.co https://grsm.io https://happyfoxchat.com https://ipv6.6sc.co https://js.callrail.com https://maps.googleapis.com https://o132438.ingest.sentry.io https://partnerlinks.io https://scout.salesloft.com https://secure.adnxs.com https://tagmanager.google.com https://transactional-api.hu-manity.co https://www.googletagmanager.com https://www.rightworks.com wss://*.hotjar.com wss://ws.hotjar.com; default-src 'self' https://rightworks.com https://www.rightworks.com; font-src 'self' data: https://*.gstatic.com https://*.sfdcstatic.com https://*.wp.com https://common-fonts.abtasty.com https://fonts.googleapis.com https://fonts.gstatic.com https://static.olark.com https://webpack.mutinyhq.com/app/assets/0cba14176273c0b62665.woff https://www.rightworks.com; frame-ancestors 'self' https://*.smartvault.com https://app.mutinyhq.com https://www.rightworks.com; frame-src 'self' https://*.cookiebot.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.hotjar.com/ https://*.instagram.com https://*.marketo.com https://*.rightnetworks.com https://*.sitescout.com https://*.smartvault.com https://*.storylane.io https://*.typeform.com https://*.vimeo.com https://*.wistia.com/ https://*.youtube.com https://app.mutinyhq.com https://calendly.com https://d1l7z5ofrj6ab8.cloudfront.net https://happyfoxchat.com https://js.driftt.com https://open.spotify.com https://qa-assistant.abtasty.com https://s-static.ak.facebook.com https://service.force.com https://static.olark.com https://tagmanager.google.com https://widget.drift.com https://widget.happyfoxchat.com https://widgets.wp.com https://www.g2.com https://www.rightworks.com; img-src 'self' data: https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.ba https://*.google.com https://*.google.hr https://*.gravatar.com https://*.gstatic.com https://*.images.cvent.com https://*.instagram.com https://*.linkedin.com https://*.mutinycdn.com https://*.outbrain.com https://*.parsely.com https://*.sitesearch360.com https://*.vimeocdn.com https://*.wistia.com https://*.yahoo.com https://*.youtube.com https://alb.reddit.com https://analytics.twitter.com https://attr.ml-api.io https://b.6sc.co https://bat.bing.com https://c.clarity.ms https://ct.capterra.com https://editor-assets.abtasty.com https://googleads.g.doubleclick.net https://img.youtube.com https://info.rightnetworks.com https://info.rightworks.com https://log.olark.com https://maps.googleapis.com https://pixel.wp.com https://s.ml-attr.com https://s.w.org https://secure.adnxs.com https://storage.pardot.com https://t.co https://teddytor.abtasty.com https://tr.outbrain.com https://www.googletagmanager.com https://www.rightworks.com; media-src 'self' blob: data: file: https://*.wistia.com/ https://js.driftt.com https://www.rightworks.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adroll.com https://*.ads-twitter.com https://*.calendly.com https://*.doubleclick.net https://*.drift.com https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.hotjar.com https://*.instagram.com https://*.linkedin.com https://*.marketo.com https://*.marketo.net https://*.mutinycdn.com https://*.olark.com https://*.outbrain.com https://*.pardot.com https://*.parsely.com https://*.partnerstack.com https://*.redditstatic.com https://*.rightnetworks.com https://*.rightworks.com https://*.salesforceliveagent.com https://*.storylane.io https://*.transactionpro.com https://*.twitter.com https://*.typeform.com https://*.vimeo.com https://*.wistia.com https://*.wp.com https://amplify.outbrain.com/cp/obtp.js https://bat.bing.com https://cdn.callrail.com https://cdn.hu-manity.co https://cdn.sitesearch360.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://d1l7z5ofrj6ab8.cloudfront.net https://extend.vimeocdn.com https://happyfoxchat.com https://j.6sc.co https://js.callrail.com https://js.driftt.com https://lex.33across.com https://qa-assistant.abtasty.com/bundle.js https://s3.amazonaws.com https://scout-cdn.salesloft.com https://service.force.com https://snap.licdn.com https://snippet.growsumo.com https://tagmanager.google.com https://teddytor.abtasty.com https://tr.outbrain.com https://transactionpro.us20.list-manage.com https://try.abtasty.com https://widget.drift.com https://widget.happyfoxchat.com https://wistia.com https://www.clarity.ms https://www.googleadservices.com https://www.googletagmanager.com https://www.rightworks.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.gravatar.com https://*.marketo.com https://*.typeform.com https://*.wp.com https://cdnjs.cloudflare.com https://code.jquery.com https://common-fonts.abtasty.com https://service.force.com https://static.olark.com https://tagmanager.google.com https://teddytor.abtasty.com https://webpack.mutinyhq.com/app/assets/0cba14176273c0b62665.woff https://www.rightworks.com; worker-src 'self' blob: data: file: filesystem: https://www.rightworks.com unsafe-eval unsafe-inline 2
default-src 'self' *.eisneramper.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.googleadservices.com https://okt.to https://view.ceros.com https://buttons-config.sharethis.com https://connect.facebook.net https://googleads.g.doubleclick.net https://i.simpli.fi/p https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsforms.net https://okt.to/ping https://platform-api.sharethis.com https://player.vimeo.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://static.oktopost.com https://t.sharethis.com https://tag.simpli.fi https://unpkg.com/ https://w.usabilla.com/ https://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.gstatic.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://js.hs-banner.com https://content.hotjar.io wss: https://analytics.google.com https://api.hubapi.com https://bcp.crwdcntrl.net https://forms.hsforms.com https://l.sharethis.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://unpkg.com https://www.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://insights.eisneramper.com https://view.ceros.com *.hsforms.com *.hsforms.net *.podbean.com https://11782456.fls.doubleclick.net https://player.vimeo.com https://t.sharethis.com https://td.doubleclick.net https://www.google.com; img-src 'self' https https://fei.pro-market.net https://platform-cdn.sharethis.com https://l.sharethis.com https://okt.to https://track.hubspot.com https://jelly-v6.mdhv.io data: https://ad.doubleclick.net https://analytics.twitter.com https://cm.g.doubleclick.net https://forms-na1.hsforms.com https://forms.hsforms.com https://i.vimeocdn.com https://jelly.mdhv.io https://p1.aprimocdn.net https://px.ads.linkedin.com https://sync.sharethis.com https://t.co https://um.simpli.fi https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com; manifest-src 'self'; media-src 'self'; worker-src 'none';frame-ancestors 'self' *.concurra.com; form-action https: ; report-to csp-endpoint; 2
base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://*.doubleclick.net https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://app.usercentrics.eu https://connect.facebook.net https://dmp.theadex.com https://maps.google.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://console.googletagservices.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' https://*.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.safeframe.googlesyndication.com https://api.theadex.com https://app.usercentrics.eu https://tpc.googlesyndication.com *.googletagservices.com; frame-ancestors 'self'; form-action 'self'; default-src 'self'; worker-src 'self'; object-src 'none'; img-src * 'self' data:; manifest-src 'self'; connect-src 'self' https://*.analytics.google.com https://*.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.marktguru.at https://*.marktguru.de https://*.usercentrics.eu https://csi.gstatic.com https://mppx.marktguru.at https://mppx.marktguru.de https://pagead2.googlesyndication.com; font-src 'self' https://fonts.gstatic.com; 2
upgrade-insecure-requests;frame-ancestors 'none' 2
upgrade-insecure-requests; form-action https://www.metrovalencia.es https://sis.redsys.es; block-all-mixed-content; 2
default-src https:; frame-src https: blob:; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; 2
frame-ancestors ‘none’; default-src ‘self’, script-src ‘*://*.payfast.io:*’ 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net https://googleads.g.doubleclick.net https://m.extellio.com https://region1.analytics.google.com https://www.google.com https://cdn.cookielaw.org https://maps.googleapis.com https://cdn.cookielaw.org https://maps.googleapis.com https://script.e-space.se https://www.googletagmanager.com https://region1.google-analytics.com https://www.google-analytics.com https://geolocation.onetrust.com https://pagead2.googlesyndication.com https://privacyportal-de.onetrust.com https://static.hotjar.com https://connect.facebook.net https://snap.licdn.com https://script.extellio.com https://a.omappapi.com https://api.omappapi.com https://px.ads.linkedin.com https://pi.pardot.com https://www.recaptcha.net https://www.gstatic.com https://www2.fossanalytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://maps.googleapis.com https://cdn.cookielaw.org https://maps.googleapis.com https://script.e-space.se https://www.googletagmanager.com https://region1.google-analytics.com https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com https://script.extellio.com https://a.omappapi.com https://www.recaptcha.net https://www.gstatic.com https://pagead2.googlesyndication.com; img-src 'self' data: https://www.google.com https://maps.googleapis.com https://maps.gstatic.com https://cdn.cookielaw.org https://pi.pardot.com https://www.facebook.com https://px.ads.linkedin.com https://www.googletagmanager.com https://i.ytimg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://a.omappapi.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com; child-src 'self' 'unsafe-inline' https://www.youtube.com https://www.recaptcha.net https://www.facebook.com https://player.youku.com https://td.doubleclick.net; upgrade-insecure-requests;  block-all-mixed-content; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.aspnetcdn.com *.vimeocdn.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com https://hcaptcha.com *.surveymonkey.com *.googleoptimize.com *.cookiebot.com *.vimeo.com *.facebook.net https://acsbapp.com *.amazonaws.com *.jotfor.ms *.jotform.com 'unsafe-inline' 'unsafe-eval'; style-src data: 'self' *.googleapis.com *.sonichealthcare.com *.gstatic.com *.mailchimp.com *.jotfor.ms 'unsafe-inline' 'unsafe-eval'; connect-src data: 'self' *.googleapis.com *.google-analytics.com https://stats.g.doubleclick.net https://cdn.acsbapp.com; font-src 'self' data: *.googleapis.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.google-analytics.com *.gstatic.com *.googleapis.com https://cms-liquidstate-cloud.s3.amazonaws.com *.o3n.io *.google.com *.googletagmanager.com *.bing.com *.facebook.com *.linkedin.com 'unsafe-inline'; frame-src 'self' *.google.com *.youtube.com https://www.zeemaps.com *.surveymonkey.com *.hcaptcha.com *.vimeo.com *.facebook.com *.sonichealthcareusa.com *.jotform.com *.jotfor.ms *.propath.com *.sonichealth.us; object-src 'none'; 2
default-src: self'; 2
script-src 'self' https://tag.simpli.fi https://bam-cell.nr-data.net https://cdn.cookielaw.org https://widget.trustpilot.com https://api.map.baidu.com https://fast.wistia.net https://fast.wistia.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://www.googleadservices.com https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.gstatic.com https://www.google.com https://optanon.blob.core.windows.net https://cdn.callrail.com https://pi.pardot.com https://geolocation.onetrust.com https://tags.tiqcdn.com https://intljs.rmtag.com https://tags.rd.linksynergy.com https://act-us.rd.linksynergy.com https://resources.xg4ken.com https://go.control4.com https://dev.visualwebsiteoptimizer.com https://connect.facebook.net https://bat.bing.com https://solutions.invocacdn.com https://js-agent.newrelic.com https://bam.nr-data.net https://pnapi.invoca.net https://maps.googleapis.com  https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/ 'unsafe-eval' 'unsafe-inline' 2
frame-ancestors 'self' https://moderncampus.lookbookhq.com https://moderncampus.pathfactory.com https://resources.moderncampus.com http://moderncampus.lookbookhq.com http://moderncampus.pathfactory.com http://resources.moderncampus.com http://*.paperflite.com https://*.paperflite.com http://*.cleverstory.io https://*.cleverstory.io; 2
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'self' blob: *; img-src * data: blob:; connect-src *; font-src 'self' data: *; object-src 'self'; media-src 'self' blob: *; child-src *; base-uri 'self' 2
upgrade-insecure-requests;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://lp.thinkproject.com https://snap.licdn.com https://munchkin.marketo.net https://js.storylane.io https://cdn.cookielaw.org https://assets.adoberesources.net https://documentcloud.adobe.com https://www.google-analytics.com https://ajax.cloudflare.com;connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://lp.thinkproject.com https://*.mktoresp.com https://*.mktoutil.com https://cdn.linkedin.oribi.io https://*.cookielaw.org https://*.onetrust.com *.adobe.io wss://*.adobe.io https://px.ads.linkedin.com;font-src 'self' https://fonts.gstatic.com https://*.typekit.net;frame-src 'self' https://www.googletagmanager.com https://*.doubleclick.net https://bid.g.doubleclick.net https://www.youtube.com https://youtu.be https://www.youtube-nocookie.com https://lp.thinkproject.com https://app.storylane.io https://play.goconsensus.com https://vimeo.com https://player.vimeo.com https://documentcloud.adobe.com; 2
frame-ancestors app.storyblok.com 2
upgrade-insecure-requests;script-src * 'unsafe-eval' 'unsafe-inline';script-src-attr 'unsafe-inline';style-src * 'unsafe-inline';img-src * data:;font-src *;connect-src *;manifest-src data:;frame-ancestors 'self';form-action *;base-uri 'self';object-src 'none' 2
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ct.captcha-delivery.com/c.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com https://www.google-analytics.com/analytics.js https://static.doubleclick.net/instream/ad_status.js https://*.googleapis.com https://www.youtube.com/s/player/a1d7d0f8/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com/iframe_api https://www.google.com https://static.hotjar.com/c/hotjar-1800997.js https://app.termly.io https://player.vimeo.com/api/player.js; object-src 'none'; worker-src 'self' blob:; base-uri 'self'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com  https://www.googletagmanager.com  https://analytics.tiktok.com https://connect.facebook.net https://googleads.g.doubleclick.net https://plausible.io https://tag.goadopt.io https://www.google-analytics.com https://www.googletagmanager.com https://irisapi.alaresinternet.com.br https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://beta.scribo.dev https://app.scribo.dev https://api.tinybird.co  https://www.google.com.br https://analytics.google.com https://irisapi.alaresinternet.com.br https://api.rd.services  https://analytics.tiktok.com https://cms.webbytelecom.com.br https://disclaimer-api.goadopt.io https://pagead2.googlesyndication.com https://plausible.io https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data:  https://dwu86ft0a6abz.cloudfront.net https://fonts.gstatic.com; frame-src 'self' https://td.doubleclick.net https://www.facebook.com https://www.google.com; img-src 'self' data: https://cms.webbytelecom.com.br https://dwu86ft0a6abz.cloudfront.net https://www.facebook.com https://www.google.com https://www.google.com.br https://irisapi.alaresinternet.com.br https://www.google.com https://ofertasteste.grupoconexao.net.br https://sales.alaresinternet.com.br https://storage.googleapis.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' api.ipify.org px.ads.linkedin.com *.outbrain.com *.akamaihd.net *.akstat.io *.analytics.google.com *.demdex.net *.go-mpulse.net *.google-analytics.com *.googletagmanager.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com cdn.linkedin.oribi.io s.yimg.com *.report.gbss.io  cdn.gbqofs.com  api.fundpress.io  api-uk.kurtosys.app assets.adobedtm.com cdn.cookielaw.org cm.everesttech.net geolocation.onetrust.com mandg.scene7.com privacyportal-de.onetrust.com  search-api.swiftype.com smetrics.mandg.com stats.g.doubleclick.net prudentialdistributi.tt.omtrdc.net policylookup.mandg.com pdx-col.eum-appdynamics.com  api.pru.co.uk www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat analytics.google.com adservice.google.com prudential.distribution.team.prudential.co.uk cas.zma.gs c.zmags.com fml-x.com; font-src 'self' data: api.fundpress.io fonts.gstatic.com use.typekit.net at.alicdn.com images.getfastr.com; form-action 'self' wwwx.pruadviser.co.uk; frame-ancestors 'self' mypru.pru.co.uk www.mymandg.co.uk  *.fundslibrary.co.uk www.platformservices.co.uk www.mandg.com; frame-src 'self' www.mandg.com interactive.mandg.com *.demdex.net  *.pruadviser.co.uk www.brighttalk.com digitalsecure.mandg.com forms.mymandg.co.uk securedigital.wealth.mandg.com securedigital.pru.mandg.com securedigital.prudential.co.uk secure.digital.mandg.com www.google.com irpages2.equitystory.com insight.adsrvr.org infogram.com e.infogram.com match.adsrvr.org mandg.fidainformatica.it mandg.videomarketingplatform.co mandg-podcast.videomarketingplatform.co prudential.videomarketingplatform.co recaptcha.google.com view.ceros.com www.youtube-nocookie.com igccharges.mandg.com *.doubleclick.net adclick.g.doubleclick.net sustainabilityprofiletool.mandg.com api.pru.co.uk digital-api.dg.pru.co.uk open.spotify.com wwwx.pruadviser.co.uk flo.uri.sh contentcontrol.api.zmags.com cas.zma.gs *.t.eloqua.com; img-src 'self' data: prudential.videomarketingplatform.co mandg-podcast.videomarketingplatform.co fonts.googleapis.com *.akstat.io *.demdex.net *.google-analytics.com *.googletagmanager.com ad.doubleclick.net api.fundpress.io  api-uk.kurtosys.app adservice.google.com assets.adobedtm.com cdn.cookielaw.org cm.everesttech.net www.google.com www.google.co.uk i.ytimg.com mandg.scene7.com smetrics.mandg.com ttcontacts.com 797110.global.siteimproveanalytics.io insight.adsrvr.org *.wealth.mandg.com lantern9.mandg.com sp.analytics.yahoo.com www.facebook.com px.ads.linkedin.com www.google.co.in www.linkedin.com privacy-digital.mandg.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat wwwx.pruadviser.co.uk public.flourish.studio img.creator-prod.zmags.com cas.zma.gs images.getfastr.com getfastr.com zmags.com c.zmags.com mypru.pru.co.uk analytics.twitter.com fonts.gstatic.com mandg.videomarketingplatform.co report.23video.com delivery.twentythree.com; media-src data: blob: mandg.scene7.com mandg.videomarketingplatform.co mandg-podcast.videomarketingplatform.co prudential.videomarketingplatform.co; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.siteintercept.qualtrics.com *.outbrain.com *.demdex.net *.go-mpulse.net *.google-analytics.com *.googletagmanager.com  *.report.gbss.io  assets.adobedtm.com api.fundpress.io  api-uk.kurtosys.app cdn.cookielaw.org cdn.gbqofs.com www.brighttalk.com cm.everesttech.net e.infogram.com geolocation.onetrust.com www.google.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com js.adsrvr.org mandg.scene7.com  report.23video.com siteimproveanalytics.com connect.facebook.net img.en25.com snap.licdn.com fml-x.com; script-src-elem 'self' 'unsafe-inline' prudential.videomarketingplatform.co mandg-podcast.videomarketingplatform.co *.demdex.net *.go-mpulse.net *.google-analytics.com *.googletagmanager.com  *.report.gbss.io assets.adobedtm.com api.fundpress.io  api-uk.kurtosys.app cdn.cookielaw.org cdn.gbqofs.com www.brighttalk.com cm.everesttech.net e.infogram.com geolocation.onetrust.com www.google.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com js.adsrvr.org mandg.scene7.com  report.23video.com siteimproveanalytics.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com img.en25.com connect.facebook.net snap.licdn.com s.yimg.com view.ceros.com privacy-digital.mandg.com infogram.com prudential.distribution.team.prudential.co.uk public.flourish.studio cas.zma.gs getfastr.com zmags.com tr.outbrain.com wave.outbrain.com amplify.outbrain.com static.ads-twitter.com mandg.videomarketingplatform.co fml-x.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com mandg.scene7.com; style-src-elem 'self' 'unsafe-inline' prudential.videomarketingplatform.co mandg-podcast.videomarketingplatform.co fonts.googleapis.com mandg.scene7.com use.typekit.net p.typekit.net prudential.distribution.team.prudential.co.uk cas.zma.gs mandg.videomarketingplatform.co; worker-src 'self' blob:; base-uri 'self'; upgrade-insecure-requests; report-uri /csp/log 2
default-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://*.google-analytics.com https://*.openstreetmap.org data: blob:; 2
upgrade-insecure-requests;block-all-mixed-content; 2
frame-ancestors http://*.seagate.com https://*.seagate.com http://*.seagate.cn https://*.seagate.cn http://seagate.saleshood.com https://seagate.saleshood.com; 2
font-src mm-static.mustcheck.com shopping.qantas.com sc-static.net ecomm-cdn.trurating.com static.zip.co *.abtasty.com *.zipmoney.com.au *.klarnacdn.net *.stockinstore.net *.akamaihd.net olapic-data.s3.amazonaws.com calvinklein.com.au data: *.gstatic.com 'self' data: 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action ct.pinterest.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.googletagmanager.com *.google.com *.doubleclick.net *.hotjar.com *.pmnts.io *.pmnts-sandbox.io 'self'; frame-src start.zip.co block.opendns.com security-au.mimecast.com m.cmpgn.page gateway.zscloud.net gateway.zscalerthree.net gateway.zscalerone.net www.paypalobjects.com *.googlesyndication.com clickmeter.com rebrandly.com *.teads.tv *.adsrvr.org fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.abtasty.com *.facebook.com *.pmnts.io *.pmnts-sandbox.io *.klarna.com *.force.com *.pinterest.com *.clearpay.co.uk *.afterpay.com tr.snapchat.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.google.com/ https://www.youtube.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.doubleclick.net *.vimeo.com *.hotjar.com *.clickmeter.com wss://*.hotjar.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src blob: pvhba.zendesk.com https://v2assets.zopim.io https://static.zdassets.com *.googlesyndication.com media.littlebirdie.com.au api.fillr.com beacon.krxd.net zip.co pixel.rubiconproject.com olapic.s3.amazonaws.com www.google.co.nz photorankmedia-a.akamaihd.net z1photorankmedia-a.akamaihd.net z3photorankmedia-a.akamaihd.net www.vanheusen.com.au au.tommy.com www.calvinklein.com.au *.calvinklein.com analytics.pangle-ads.com bpi.zip.co pvhba-imgix-calvin-klein-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-cms-content-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-ck-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-th-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-vh-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-tommy-hilfiger-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-van-heusen-m2prod.s3.ap-southeast-2.amazonaws.com imgix-pvhba-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-m2prod-maintenance.s3.ap-southeast-2.amazonaws.com prreqcroab.icu analytics.tiktok.com ecomm-cdn.trurating.com df45ay5pw60dy.cloudfront.net duuytoqss3gu4.cloudfront.net d3nocrch4qti4v.cloudfront.net au.tommy.com *.pvh-staging.com pixel.quantserve.com *.analytics.yahoo.com *.contentsquare.net assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://static.afterpay.com https://site-assets.afterpay.com/ *.abtasty.com *.turn.com *.bazaarvoice.com *.amgdgt.com *.photorank.me z2photorankmedia-a.akamaihd.net *.presage.io *.teads.tv *.adsrvr.org *.adnxs.com *.tommy.com *.klarna.com *.klarnaevt.com *.klarnacdn.net display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.klarnaservices.com https://www.magezon.com *.pinterest.com *.facebook.com *.facebook.com/tr *.google.com *.google.com.au www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.roymorgan.com *.doubleclick.net *.facebook.net *.googleapis.com *.gstatic.com *.zipmoney.com.au *.googletagmanager.com *.imgix.net static.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.zendesk.com cdn.evgnet.com ct.pinterest.com *.calvinklein.co.nz *.abtasty.com *.adnxs.com *.adobe.com *.adobedtm.com *.afterpay.com *.afterpay.com *.akamaihd.net *.attraqt.io *.bazaarvoice.com *.braintreegateway.com *.calvinklein.com.au *.cardinalcommerce.com *.ccdc02.com *.cfjump.com *.cloudflare.com *.cloudfront.net *.contentsquare.net app.contentsquare.com *.doubleclick.net *.facebook.net *.force.com *.forter.com *.google-analytics.com *.google.com *.google.com.au *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.luckyorange.net *.my.salesforce.com *.newrelic.com *.nr-data.net *.particularaudience.com *.paypal.com *.paypalobjects.com *.pinimg.com *.pmnts-sandbox.io *.pmnts.io *.roymorgan.com *.salesforceliveagent.com *.stockinstore.net *.teads.tv *.tiktok.com *.tommy.com *.trurating.com *.usabilla.com *.vanheusen.com.au *.vimeocdn.com *.yimg.com *.ytimg.com *.zdassets.com *.zipmoney.com.au 1eafapi.cardinalcommerce.com 1eafstag.cardinalcommerce.com acdn.adnxs.com analytics-static.ugc.bazaarvoice.com analytics.tiktok.com api.bazaarvoice.com api.braintreegateway.com api.sandbox.braintreegateway.com apps-stg.nexus.bazaarvoice.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com assets.braintreegateway.com c.paypal.com cdn.attraqt.io cdn.particularaudience.com cfjump.tommy.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com connect.facebook.net display.ugc.bazaarvoice.com ecommwidget.trurating.com gateway.pmnts-sandbox.io gateway.pmnts.io geoapi.cardinalcommerce.com geostag.cardinalcommerce.com https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.9.3/Chart.js https://cdnjs.cloudflare.com/ajax/libs/handlebars.js/4.0.3/handlebars.min.js https://js.afterpay.com https://js.sandbox.afterpay.com https://portal.afterpay.com https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.sandbox.clearpay.co.uk https://static.afterpay.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ includestest.ccdc02.com js.adsrvr.org js.braintreegateway.com mpsnare.iesnare.com network-stg.bazaarvoice.com network.bazaarvoice.com p.teads.tv pay.google.com photorankstatics-a.akamaihd.net rules.quantcount.com s.pinimg.com s.yimg.com s.ytimg.com s7.addthis.com sc-static.net secure.authorize.net secure.quantserve.com songbird.cardinalcommerce.com static.zip.co static.zipmoney.com.au stg.api.bazaarvoice.com t.cfjump.com t.paypal.com test.authorize.net tr.snapchat.com vimeo.com wss://widget-mediator.zopim.com www.google-analytics.com www.google.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.vimeo.com zip.co; style-src 'self' 'unsafe-inline' d1m2uzvk8r2fcn.cloudfront.net www.gstatic.com *.abtasty.com *.adobe.com *.akamaihd.net *.bazaarvoice.com *.force.com *.googleapis.com *.klarnacdn.net *.stockinstore.net assets.stockinstore.net bpi.zip.co display.ugc.bazaarvoice.com fonts.googleapis.com js.afterpay.com js.sandbox.afterpay.com photorankstatics-a.akamaihd.net service.force.com static.afterpay.com static.zip.co www.google.com www.googletagmanager.com; object-src 'self' 'unsafe-inline'; media-src data: vod-progressive.akamaized.net player.vimeo.com *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.evergage.com cdn0.forter.com www.googletagmanager.com pvhba-imgix-calvin-klein-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-cms-content-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-ck-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-th-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-vh-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-tommy-hilfiger-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-van-heusen-m2prod.s3.ap-southeast-2.amazonaws.com imgix-pvhba-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-m2prod-maintenance.s3.ap-southeast-2.amazonaws.com pixel.quantcount.com network-a.bazaarvoice.com *.sandbox.my.site.com *.pvh-staging.com www.facebook.com pvh-brands.imgix.net tru-live-eventhubs.servicebus.windows.net analytics.pangle-ads.com *.googlesyndication.com *.yimg.com *.contentsquare.net dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.abtasty.com *.luckyorange.net wss://*.zendesk.com *.zendesk.com *.particularaudience.com *.tiktok.com stockinstore.net *.stockinstore.net *.cloudfront.net *.klarnaevt.com *.klarnacdn.net *.akamaihd.net zendesk-eu.my.sentry.io *.teads.tv *.snapchat.com *.amplitude.com *.clearpay.co.uk *.afterpay.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.klarna.com *.klarnaservices.com ekr.zdassets.com/ *.pinterest.com *.google.com *.google.com.au api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google-analytics.com *.forter.com wss://*.zopim.com *.doubleclick.net *.attraqt.io *.zipmoney.com.au *.hotjar.io wss://*.hotjar.com zip.co *.zip.co *.nr-data.net *.hotjar.com *.trurating.com *.analytics.tiktok.com wss://*.forter.com *.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blob: http: https: blob: 'self' 'unsafe-inline'; worker-src blob:; default-src https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://calvinkleinau.zendesk.com https://calvinkleinnz.zendesk.com https://tommyau.zendesk.com https://tommynz.zendesk.com https://vanheusenau.zendesk.com https://vanheusenau.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://calvinkleinau.zendesk.com wss://calvinkleinnz.zendesk.com wss://tommyau.zendesk.com wss://tommynz.zendesk.com wss://vanheusenau.zendesk.com wss://vanheusenau.zendesk.com wss://*.zopim.com *.abtasty.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline' 2
child-src 'self' lh-content.s3.amazonaws.com *.experts-promotion.com *.vimeo.com vimeo.com *.youtube.com csp.screen9.com *.video-cdn.net *.cloudfront.net ecentry.pixieset.com lufthansa.pixieset.com maya-production-backend.eu-de.mybluemix.net *.brusselsairlines.com; 2
style-src 'self' 'unsafe-inline' 2
default-src 'self';font-src fonts.gstatic.com; base-uri 'self'; img-src * data:; media-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src mailto: *;  navigate-to *; connect-src *; 2
frame-ancestors  'self' *.geant.org geant.org *.geant.net geant.net; frame-src 'self' *.geant.org geant.org *.geant.net geant.net https://mstdn.social https://youtube.com https://*.youtube.com https://*.google.com https://*.google.co.uk https://*.nordu.net https://*.vimeo.com submerse.eu *.submerse.eu https://js.stripe.com https://www.youtube-nocookie.com https://*.revolugo.com https://*.canva.com https://platform.twitter.com https://anchor.fm https://airtable.com https://*.spotify.com https://checkout.freemius.com/; 2
default-src *; connect-src * blob: ; media-src * blob: data:; ; object-src * data: blob:; script-src * 'unsafe-eval' 'unsafe-inline' blob:; style-src * 'unsafe-inline'; img-src * data: blob:; frame-ancestors 'self' https://scatbook.com https://darkfans.com; 2
connect-src 'self' https: ws: https://ww2-api.tigocloud.net https://analytics.google.com https://cdn.cookielaw.org https://script.hotjar.com https://stats.g.doubleclick.net;  img-src 'self' data: blob: https://ww2-cdn.tigocloud.net https://ww2-api.tigocloud.net https://www.millicom.com https://www.google.com.gt https://www.google-analytics.com https://cdn.cookielaw.org https://i.ytimg.com; media-src 'self' data: blob: https://ww2-cdn.tigocloud.net;  default-src 'self';  base-uri 'self';  font-src 'self' https: data:;  form-action 'self';  frame-ancestors 'self';  object-src 'none';  script-src 'self' https: https://analytics.google.com https://cdn.cookielaw.org https://script.hotjar.com https://stats.g.doubleclick.net 'unsafe-inline';  script-src-attr 'unsafe-inline';  style-src 'self' https: 'unsafe-inline'; frame-src 'self' https://www.youtube.com/; 2
default-src 'self' *.nrw.de;    script-src  'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net;    style-src   'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net;    font-src data: *;    img-src  data: *;    frame-ancestors 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com;    worker-src  'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de;    frame-src   'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de;    object-src  'self';    connect-src 'self' *.nrw.de svc.webspellchecker.net;    media-src *; upgrade-insecure-requests; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://www.youtube.com https://siteimproveanalytics.com https://kit.fontawesome.com https://analytics.rubensteintech.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://dnn506yrbagrg.cloudfront.net https://www.google-analytics.com https://uk1.siteimprove.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://fast.wistia.com https://*.crazyegg.com https://js.hs-scripts.com https://js.hs-banner.com https://s3.amazonaws.com https://js.hs-analytics.net https://js.hsforms.net https://forms.hsforms.com https://tagmanager.google.com https://consent.cookiebot.com https://e.infogram.com https://prezi.com https://consentcdn.cookiebot.com https://app.wistia.com ; style-src 'self' 'unsafe-inline' http://hello.myfonts.net https://hello.myfonts.net https://cloud.typenetwork.com https://hello.myfonts.net https://fonts.googleapis.com https://tagmanager.google.com https://*.crazyegg.com ; font-src 'self' data: https://*.wistia.com https://ka-f.fontawesome.com https://cloud.typenetwork.com https://static.hotjar.com https://fonts.gstatic.com ; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com https://i.vimeocdn.com https://insights.hotjar.com https://static.hotjar.com https://embed-ssl.wistia.com https://analytics.rubensteintech.com https://www.google-analytics.com https://uk1.siteimprove.com https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://embedwistia-a.akamaihd.net https://fast.wistia.com https://*.crazyegg.com https://embed-fastly.wistia.com https://user-event-tracker.crazyegg.com https://track.hubspot.com https://forms.hubspot.com https://10144.global.siteimproveanalytics.io https://ssl.gstatic.com https://www.gstatic.com data: https://bclplaw.vuturevx.com https://www.bclplaw.com https://www.bryancave.com ; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com https://cdn.plyr.io https://ka-f.fontawesome.com https://*.hotjar.com:* wss://*.hotjar.com https://*.crazyegg.com https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com https://distillery.wistia.com https://pipedream.wistia.com https://fast.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://embed-ssl.wistia.com https://www.google-analytics.com https://analytics.rubensteintech.com https://stats.g.doubleclick.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://consentcdn.cookiebot.com https://maps.googleapis.com https://embed-cloudfront.wistia.com ; frame-src 'self' https://vars.hotjar.com https://www.google.com/recaptcha/ https://www.youtube.com https://player.vimeo.com https://fast.wistia.com https://forms.hsforms.com https://cdn.yoshki.com https://e.infogram.com https://prezi.com https://analytics.rubensteintech.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://fast.wistia.net https://*.crazyegg.com https://services.bclplaw.marketing/infographics/ ; child-src 'self' blob: https://vars.hotjar.com ; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net ; frame-ancestors 'self' https://fast.wistia.com https://fast.wistia.net ; 2
default-src 'self'; media-src *.purechatcdn.com;font-src * data:;img-src * data:; script-src * data: 'unsafe-inline' 'unsafe-eval' *.purechat.com *.purechatcdn.com *.gstatic.com *.google-analytics.com analytics.google.com *.youtube.com *.youtube-nocookie.com  *.hcaptcha.com *.googleapis.com; connect-src 'self' *.purechat.com *.purechatcdn.com *.opmnstr.com *.omappapi.com *.gstatic.com *.google-analytics.com analytics.google.com *.youtube.com *.youtube-nocookie.com  *.hcaptcha.com *.googleapis.com stats.g.doubleclick.net bat.bing.com *.clarity.ms *.ispringsolutions.com; style-src * 'unsafe-inline'; frame-src 'self' www.google.com *.youtube.com *.youtube-nocookie.com *.hcaptcha.com *.jobscore.com *.umbraco.com; 2
img-src * data:; font-src * data:; connect-src *; form-action *; default-src 'self'; object-src *; media-src *; child-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * blob: 'unsafe-inline'; 2
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline' 'unsafe-hashes'; font-src * data: blob: 'unsafe-inline'; worker-src * 'self' blob: 2
frame-ancestors 'self' *.napco.com; 2
frame-ancestors 'self' https://*.model-t.cc.commerce.ondemand.com https://*.freedom.com.au 2
frame-ancestors https://www.airship.com/ https://app.mutinyhq.com/; upgrade-insecure-requests; 2
frame-ancestors https://connext.conti.de/; 2
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'self' *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob:; 2
default-src 'self' data: https://uoflhealth.org https://*.typekit.net/ https://fonts.gstatic.com/ https://player.vimeo.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.jsdelivr.net/ https://www.mealpro.net/ https://browser.sentry-cdn.com/ https://player.vimeo.com/ https://*.googletagmanager.com/ https://www.google-analytics.com/ https://snap.licdn.com/ https://script.crazyegg.com/ https://www.google.com/ https://*.tvsquared.com/ https://connect.facebook.net/ https://up.pixel.ad/ https://tags.w55c.net/ https://jelly.mdhv.io/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://maps.googleapis.com/ https://www.gstatic.com/ https://www.instagram.com/ https://*.hotjar.com/; connect-src 'self' https://*.scriptpro.com/ https://px.ads.linkedin.com/wa/ https://jelly-v6.mdhv.io/ https://jelly.mdhv.io/ https://www.mealpro.net/ https://ipapi.co/ https://*.yoast.com/ https://*.typekit.net/ https://vimeo.com/ https://script.crazyegg.com/ https://www.google-analytics.com/ https://www.facebook.com/ https://sentry.io/api/ https://maps.googleapis.com/ https://www.gstatic.com/ https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://tracking.crazyegg.com/ https://analytics.google.com/ https://stats.g.doubleclick.net/ https://cdn.linkedin.oribi.io/ https://*.hotjar.com/ https://*.hotjar.io wss://*.hotjar.com; img-src 'self' data: https://embed-ssl.wistia.com/ https://www.mealpro.net/ https://qr-code.ithemes.com/ https://uoflhealth.org https://secure.gravatar.com/ https://tags.w55c.net/ https://jelly.mdhv.io/ https://www.google-analytics.com/ https://www.facebook.com/ https://px.ads.linkedin.com/ https://pixel.tapad.com/ https://match.sharethrough.com/ https://collector-16691.us.tvsquared.com/ https://www.linkedin.com/ https://pixel.sitescout.com/ https://contextual.media.net/ https://px4.ads.linkedin.com/ https://match.adsrvr.org/ https://www.google.com/ https://p.adsymptotic.com/ https://ad.sxp.smartclip.net/ https://px.britepool.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://i.vimeocdn.com/ https://ps.w.org/ https://www.googletagmanager.com https://cdn.hub.visualcomposer.com/ https://analytics.google.com/ https://stats.g.doubleclick.net/ https://jelly-v6.mdhv.io/ https://*.hotjar.com/ https://collector-22595.us.tvsquared.com/; style-src 'self' 'unsafe-inline' https://www.mealpro.net/ https://*.typekit.net/ https://fonts.googleapis.com/ https://sync.1rx.io/ https://bh.contextweb.com/ https://*.hotjar.com/; frame-src 'self' https://www.cdc.gov/ https://www.mealpro.net/ https://*.ket.org/ https://ket.org/ https://ondemand.viewmedica.com/ https://widget.spreaker.com/ https://www.youtube-nocookie.com/ https://www.whas11.com/ https://www.youtube.com/ https://www.facebook.com/ https://pixel.sitescout.com/ https://player.vimeo.com/ https://bid.g.doubleclick.net/ https://www.google.com/ https://embed.sounder.fm/ https://vimeo.com/ https://mychart.uoflhealth.org/ https://docs.google.com/ https://www.practicematch.com/ https://www.ket.org/ https://peace-podcast.sounder.fm/ https://maps.google.com/ https://www.instagram.com/ https://player.pbs.org/ https://*.hotjar.com/ https://*.google.com; 2
default-src 'self' *.isitesoftware.com *.digitaldisplays.io digitaldisplays.io *.schoolnutritionandfitness.com schoolnutritionandfitness.com http://district.schoolnutritionandfitness.com onlineordering-images.s3.amazonaws.com digitaldisplays-media.s3.amazonaws.com d36ka9bgcta1yj.cloudfront.net cdnjs.cloudflare.com code.jquery.com *.fontawesome.com *.gstatic.com *.googleapis.com www.google-analytics.com *.google.com *.amazonaws.com *.twitter.com cdn.syndication.twimg.com *.youtube.com connect.facebook.net *.facebook.com *.instagram.com *.vimeo.com *.payaconnect.com frontierchildnutrition.com *.myschoolmenuboards.com myschoolmenuboards.com translate.google.com unpkg.com 'unsafe-inline' 'unsafe-eval' data:; img-src * data: blob: about:; report-uri https://cgc5aq2c40.execute-api.us-west-2.amazonaws.com/dev/csp-violation-report; 2
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * blob: data: 'unsafe-inline';connect-src * 'unsafe-inline'; frame-src * 2
object-src 'none'; frame-src *; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 2
frame-ancestors 'self' *.heartinternet.com:* *.heartinternet.co.uk:* *.heartinternet.uk:* *.heart-internet.com:* *.heart-internet.co.uk:* *.123-reg.co.uk:* *.vps-10.com:* *.ds-10.com:* *.managethisdomain.com:*; 2
default-src * 'unsafe-eval' 'unsafe-inline' gap://ready file:; style-src 'self' 'unsafe-inline'; media-src *; img-src * 'self' filesystem: data: blob:; 2
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.typekit.net *.audioeye.com cdn.shopify.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.googletagmanager.com *.gstatic.com *.jst.ai ajax.googleapis.com *.affirm.com *.launchdarkly.com connect.facebook.net *.audioeye.com *.imgur.com web.hyro.ws wss://web.hyro.ws 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com *.google.com *.demdex.net www.googletagmanager.com *.instagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.vimeo.com *.hotjar.com *.doubleclick.net *.jst.ai *.paymetric.com *.affirm.com *.audioeye.com *.imgur.com web.hyro.ws wss://web.hyro.ws *.zdassets.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net validator.swagger.io *.cdninstagram.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com via.placeholder.com *.klaviyo.com *.google.com *.google.ca *.facebook.com *.fls.doubleclick.net googleapis.com *.affirm.com *.jst.ai cdn.cookielaw.org *.audioeye.com *.imgur.com blob: *.bing.com *.clarity.ms web.hyro.ws wss://web.hyro.ws *.zdassets.com https://imgs.signifyd.com https://*.online-metrix.net s7d9.scene7.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 *.gstatic.com *.google.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com *.instagram.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com api.airbud.io demo.airbud.io ajax.googleapis.com *.klaviyo.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net player.vimeo.com *.typekit.net *.hotjar.com *.jst.ai *.kmail-lists.com *.affirm.com *.launchdarkly.com *.audioeye.com *.imgur.com cdn.cookielaw.org *.bing.com *.clarity.ms web.hyro.ws wss://web.hyro.ws *.zdassets.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net https://static.klaviyo.com unsafe-inline assets.braintreegateway.com api.airbud.io demo.airbud.io *.klaviyo.com *.typekit.net *.affirm.com *.launchdarkly.com connect.facebook.net *.jst.ai *.audioeye.com web.hyro.ws *.zdassets.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.imgur.com blob: web.hyro.ws *.zdassets.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.klaviyo.com prod.airbud.io bam.nr-data.net *.google-analytics.com *.doubleclick.net *.kmail-lists.com *.youtube.com *.affirm.com *.launchdarkly.com *.jst.ai *.audioeye.com *.imgur.com hyropublic.blob.core.windows.net *.cookielaw.org *.onetrust.com *.clarity.ms *.bing.com web.hyro.ws wss://web.hyro.ws wss://widget-mediator.zopim.com *.zdassets.com wheelprossupport.zendesk.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dewebmakers.nl *.google-analytics.com *.googleapis.com *.googletagmanager.com api.salesfeed.com *.googleadservices.com *.facebook.net *.doubleclick.net *.cloudflare.com cdn.leadinfo.net *.seranking.com https://monitor.fraudblocker.com https://cdn-cookieyes.com; object-src *; style-src 'self' 'unsafe-inline' *.dewebmakers.nl cdn.leadinfo.net seomator.com fonts.googleapis.com; img-src * data:; media-src *; frame-src *; font-src *; connect-src * 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' blob: data: https://code.jquery.com https://*.ydl8.top https://*.huayuschool.cc https://*.google.com https://*.geetest.com https://*.geevisit.com https://www.googletagmanager.com https://appleid.cdn-apple.com https://vk.com https://*.prdredir.com https://analytics.tiktok.com https://connect.facebook.net https://*.appsflyer.com https://*.google-analytics.com https://telegram.org https://*.ada.support https://widget-mediator.zopim.com https://*.bitgetpro.site https://*.bitget.cc https://*.bgbstatic.com https://*.bitget.site https://*.bitget.live https://*.bitget.vin https://*.gdrichem.com https://gateway.test.95516.com https://*.checkout.com https://gateway.95516.com https://www.facebook.com https://*.youtube.com https://dn-staticdown.qbox.me https://*.bitget.online https://*.bitgettr.com https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.megacheck.net https://megacheck.net https://*.7b7x.com https://7b7x.com https://*.onfido.com https://cdn.builder.io https://www.fedstable.com https://applepay.cdn-apple.com https://*.apple.com https://*.gstatic.com https://*.googleapis.com https://mc.yandex.ru https://mc.yandex.com https://*.bitget.style https://api-web.wwmxd.info https://api-web.wwmxd.site https://pixel.mathtagmedia.com https://*.adroll.com http://www.googletagmanager.com https://*.bitget.com;connect-src 'self' 'report-sample' data: blob: ws: wss: https://www.googletagmanager.com https://ces2007.org wss://*.ydl8.top wss://*.huayuschool.cc https://*.ydl8.top https://*.huayuschool.cc https://*.google.com https://stats.g.doubleclick.net wss://*.bitgetpro.site wss://*.bitget.cc https://*.google-analytics.com https://analytics.tiktok.com https://*.appsflyer.com https://www.facebook.com https://*.analytics.google.com https://*.ada.support wss://*.ada.support https://wa.onelink.me https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://*.bitgetpro.site https://*.bitget.cc https://*.bgbstatic.com https://*.bitget.site https://*.bitget.live https://*.bitget.vin wss://*.bitget.site wss://*.bitget.live wss://*.bitget.vin https://*.gdrichem.com https://gateway.test.95516.com https://*.checkout.com wss://*.checkout.com https://gateway.95516.com https://telegram.org https://*.youtube.com wss://*.bitget.online https://www.tradingview.com https://api.tronstack.io https://*.bitget.online https://*.bitgettr.com wss://*.bitgettr.com wss://*.gdrichem.com https://megacheck.vip https://*.megacheck.vip wss://megacheck.vip wss://*.megacheck.vip https://*.megacheck.net wss://*.megacheck.net https://megacheck.net wss://megacheck.net https://*.saintpay.com wss://*.saintpay.com https://*.skypay.space wss://*.skypay.space https://*.noxiaohao.com wss://*.noxiaohao.com https://*.omkbic.com:8443 https://dn-staticdown.qbox.me https://*.7b7x.com https://7b7x.com wss://*.7b7x.com wss://7b7x.com https://*.onfido.com https://cdn.builder.io https://www.fedstable.com wss://www.fedstable.com wss://stream.fedstable.com https://*.glassgs.com https://mc.yandex.com https://mc.yandex.ru wss://*.bitget.style https://*.bitget.style https://fp-constantid.bitkeep.vip https://api-web.bitkeep.app https://api-web.bitkeep.asia https://api-web.bitkeep.biz https://api-web.bitkeep.fun https://api-web.bitkeep.life https://api-web.bitkeep.top https://api-web.bitapi.vip https://api-web.chainnear.com https://api-web.lymryy.com:9443 https://api-web.wwmxd.info https://api-web.wwmxd.site https://pixel.mathtagmedia.com https://*.adroll.com https://www.google.co.kr https://www.google.com.bd https://google.com https://www.google.co.in https://www.google.ru https://sensors-ab.gdrichem.com:8443 https://img.gurenla.com https://img.bitgetimg.com https://*.bitget.com;frame-src 'self' 'report-sample' blob: data: https://*.google.com https://*.ydl8.top https://*.huayuschool.cc https://*.bitgetimg.com https://*.bitgetpro.site https://*.bitget.cc https://*.bitget.site https://*.bitget.live https://*.bitget.vin https://*.bgbstatic.com https://www.facebook.com https://oauth.telegram.org https://telegram.org https://*.checkout.com https://*.ada.support https://*.youtube.com https://www.googletagmanager.com https://widget-mediator.zopim.com https://*.gdrichem.com https://gateway.test.95516.com https://*.google-analytics.com https://*.bitget.online https://*.bitgettr.com https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.megacheck.net https://megacheck.net https://*.7b7x.com https://7b7x.com https://bitget.banxa.com https://*.onfido.com https://*.95516.com https://www.bitgetwidget.com https://*.bitget.style https://mc.yandex.com https://mc.yandex.ru https://*.nihaopay.com https://onramp.money https://*.simplexcc.com https://*.adroll.com https://pixel.mathtagmedia.com https://td.doubleclick.net https://www.bitgetapp.com https://pixel.mathtag.com https://*.bitget.com https://*.revolut.com;frame-ancestors 'self' https://web-lowcode.sniper5.vip https://*.bitgetpro.site https://*.bitget.cc;report-uri https://a643dc1f417234b232e383bb33da229f.report-uri.com/r/d/csp/enforce; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' * 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: chrome-extension:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data: blob: about:; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'self' https:; frame-src 'self' https:; connect-src 'self' https: wss: blob:; worker-src 'self' https: data: blob:; manifest-src 'self'; default-src 'self' 2
default-src 'unsafe-inline' 'self' *; script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self' *; style-src-elem 'unsafe-inline' 'self' *; font-src 'self' *; img-src 'self' data: * 2
default-src 'self' blob:; img-src 'self' 'unsafe-eval' data: blob: stats.g.doubleclick.net *.trbo.com *.gstatic.com *.google.de *.google.com img.youtube.com *.eu-central-1.amazonaws.com *.bing.com *.clarity.ms photoservice.cloud *.google-analytics.com *.cdninstagram.com *.saal-digital.net *.saal-digital.com *.saal-digital.de *.photo-portal.shop http://localhost:60101 *.googleusercontent.com *.paypal.com *.paypalobjects.com *.hotjar.com *.facebook.com *.ytimg.com *.cookiepro.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.trbo.com *.saal-digital.net *.photo-portal.shop *.clarity.ms *.bing.com *.hotjar.com connect.facebook.net blob: *.cookiepro.com s3.eu-central-1.amazonaws.com photoservice.cloud *.google-analytics.com *.googletagmanager.com *.cdninstagram.com *.google.com *.paypalobjects.com *.paypal.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.eu-central-1.amazonaws.com *.eu-central-1.amazonaws.com photoservice.cloud *.cookiepro.com fonts.googleapis.com *.hotjar.com *.saal-digital.net; font-src 'self' *.eu-central-1.amazonaws.com photoservice.cloud oam-software.com om.ssw-software.com *.gstatic.com *.paypalobjects.com *.hotjar.com; connect-src 'self' data: blob: *.dropboxapi.com *.eu-central-1.amazonaws.com photoservice.cloud *.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.cookiepro.com *.googleusercontent.com http://localhost:60139 http://localhost:60600 http://localhost:60111 http://localhost:60101 http://localhost:49860 *.saal-digital.net *.photo-portal.shop *.saal-digital.net *.amazoncognito.com *.paypal.com *.clarity.ms c.bing.com *.hotjar.com *.hotjar.io wss://*.hotjar.com; frame-src *; object-src 'none'; 2
frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com 2
frame-ancestors 'self' *.bdswiss.com *.bdstrading.com *.swissmarkets.com *.viverno.com *.bdswissid.com *.bdswiss-id.com *.bdswiss-kr.com *.bdswisskr.com *.bdswiss-tr.com; 2
frame-ancestors 'self' https://rewards.theexcellencecollection.com https://tecloyalty.c5.stage.livecms.site; 2
frame-ancestors 'self' *.netcine.yt netcine.yt 2
default-src 'self' gap: 'unsafe-inline';     script-src 'self'         data: https://cdn.amcharts.com         data: https://c.mql5.com/         data: https://cdn.ampproject.org/         data: https://content.mql5.com/         data: https://connect.facebook.net/         data: https://ifccd.net         data: *.ifcmiran.asia         data: *.tradeifcm.asia         data: https://apis.google.com         data: www.google-analytics.com         data: www.googleadservices.com         data: www.googletagmanager.com         data: https://www.google.com/         data: www.googleapis.com/         data: cse.google.com/         data: clients1.google.com/         data: https://www.gstatic.com/         data: https://www.googleadservices.com        data: trade.mql5.com         data: https://ipinfo.io         data: https://ajax.cloudflare.com         data: https://yastatic.net/share2/share.js         data: https://mc.yandex.ru/metrika/tag.js         data: https://dsp-media.eskimi.com         data: wcs.naver.net/wcslog.js         data: *.bing.com         data: *.twitter.com         data: *.adroll.com         data: widget.trustpilot.com         data: connect.facebook.net         data: https://www.aparat.com         'unsafe-eval' 'unsafe-inline';     frame-src 'self'         data: *.trustpilot.com         data: *.google.com         data: https://*.adroll.com         data: https://component.autochartist.com         data: *.ifcm-invest.com         data: https://www.tradays.com         data: https://www.mql5.com         data: https://www.youtube.com         data: https://chat.ifctr.asia         data: https://chat.ifcmarkets.com         data: https://chat.ifcmfx.com         data: https://chat.ifcmfx.cn         data: https://chat.ifcm.co.uk         data: https://chat.ifcmarkets.tw         data: https://chat.ifcmarkets.my         data: https://chat.ifcmarkets.net         data: https://chat.ifcmarkets.hk         data: https://chat.ifcmarkets.mx         data: https://chat.ifcmarkets.com.br         data: https://chat.ifcmarkets.co.id         data: https://chat.ifcmarkets.co.in         data: https://chat.ifcmarkets.co         data: https://chat.ifcmarkets.ae         data: https://trade.mql5.com         data: https://td.doubleclick.net         data: *.googletagmanager.com         data: *.ifcmarkets.com         data: *.ifcmiran.asia         data: *.tradeifcm.asia         data: https://*.facebook.com         data: https://www.aparat.com         data: https://ifccd.net;     media-src *         data: https://www.ifcmarkets.com/downloads/video/;    object-src *;     style-src 'self'         data: *.ifcmiran.asia         data: https://ifccd.net         data: https://pr.ifccd.net         data: https://www.google.com         data: https://fonts.googleapis.com         'unsafe-inline';     img-src *         data: http://www.w3.org/;     font-src 'self'         data: *.ifcmiran.asia         data: https://ifccd.net         data: https://fonts.gstatic.com         data: https://fonts.googleapis.com         data: https://pr.ifccd.net;     connect-src *;     manifest-src 'self'         data: https://ifccd.net         data: https://be1.ifcmfar.com         data: *.ifcmiran.asia 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval'; 2
frame-ancestors 'self' *.telekurier.at; 2
default-src 'self' unsafe-inliv.es; style-src 'self' 'unsafe-inline' avatel.es *.avatel.es *.googleapis.com *.jsdelivr.net *.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' avatel.es *.avatel.es *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com connect.facebook.net analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.googleadservices.com *.doubleclick.net player.vimeo.com f.vimeocdn.com cdn.jsdelivr.net cdn-cookieyes.com 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' avatel.es *.avatel.es *.jquery.com *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com connect.facebook.net analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.googleadservices.com *.doubleclick.net player.vimeo.com f.vimeocdn.com cdn.jsdelivr.net cdn-cookieyes.com 'unsafe-inline'; connect-src 'self' 'unsafe-inline' blob: avatel.es *.avatel.es clictv.es *.clictv.es *.googleapis.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.doubleclick.net *.facebook.com *.googlesyndication.com log.cookieyes.com https://cdn-cookieyes.com www.google.com fresnel.vimeocdn.com; img-src 'self' 'unsafe-inline' blob: data: avatel.es *.avatel.es secure.gravatar.com *.google.com *.google.es analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.googleapis.com maps.gstatic.com *.facebook.com correostelecom.es *.correostelecom.es *.doubleclick.net https://cdn-cookieyes.com ade.googlesyndication.com; frame-src 'self' 'unsafe-inline' avatel.es *.avatel.es *.google.com *.doubleclick.net avatel.speedtestcustom.com *.facebook.com *.googletagmanager.com *.googlesyndication.com player.vimeo.com youtube.com *.youtube.com; font-src 'self' data: fonts.gstatic.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.yukiworks.com https://apis.google.com https://*.googleapis.com https://ssl.google-analytics.com https://*.freshchat.com https://*.freshworks.com https://js.mollie.com/v1/mollie.js https://cdn4.mxpnl.com http://fast.appcues.com https://cdn.jsdelivr.net/npm/redoc/bundles/redoc.standalone.js https://cdn.wootric.com/wootric-sdk.js https://*.wootric.eu https://cdn-visma-app-switcher-faatcndaebg3hqhu.z01.azurefd.net/webcomponents/index.js https://*.securelogin.nu http://127.0.0.1:5173 https://uptime.betterstack.com/widgets/announcement.js;      frame-ancestors 'self' https://*.yukiworks.nl https://*.yukiworks.be https://*.yukiworks.es https://*.yukiworks.com http://localhost; img-src 'self' https: data: http:; 2
frame-ancestors 'self' https://*.foodinfluencersunited.nl https://*.foodinfluencersunited.com 2
block-all-mixed-content; connect-src 'self' services.thelist.tas.gov.au *.googleapis.com *.google-analytics.com *.hotjar.com *.hotjar.io stats.g.doubleclick.net *.sproutlabs.com.au wss: *.hotjar.com cdnjs.cloudflare.com cdn.jsdelivr.net; default-src 'none'; font-src 'self' data: application/font-woff *.gstatic.com *.bootstrapcdn.com cdnjs.cloudflare.com; frame-src 'self' *.hotjar.com *.google.com *.youtube.com youtube.com *.youtube-nocookie.com *.facebook.com *.surveymonkey.com *.createsend1.com *.tas.gov.au *.vimeo.com zingtree.com nre.snapforms.com.au; img-src 'self' *.tas.gov.au *.openstreetmap.org i.ytimg.com prod.smassets.net data: www.google-analytics.com *.google.com *.gstatic.com *.googleapis.com code.jquery.com cdnjs.cloudflare.com cdn.jsdelivr.net; manifest-src 'self'; media-src 'self'; object-src 'self' zingtree.com; script-src 'self' *.tas.gov.au *.google.com *.googleapis.com *.surveymonkey.com www.google-analytics.com www.googletagmanager.com *.gstatic.com *.facebook.net *.createsend1.com *.hotjar.com *.jwpcdn.com *.ravenjs.com code.jquery.com cdnjs.cloudflare.com *.bootstrapcdn.com zingtree.com cdn.jsdelivr.net cdn.jsdelivr.net nre.snapforms.com.au 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com code.jquery.com *.jwpcdn.com *.bootstrapcdn.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; 2
frame-ancestors 'self' http://emprotest:8080 http://emprolive:8080 http://emprodev:8080 http://ecm-live:8080 http://ecm-test:8080 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: tel:; frame-ancestors 'self' https://*.glgresearch.com; frame-src 'self' *.buzzsprout.com https://*.marketo.com https://*.mktoresp.com https://*.google.com https://*.doubleclick.net https://*.zoominfo.com https://www.googletagmanager.com https://player.vimeo.com *.youtube-nocookie.com *.youtube.com *.greenhouse.io; report-uri https://external-webhooks.glgresearch.com/content-security-policy-logs/; 2
base-uri 'self'; block-all-mixed-content; child-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://vimeo.com https://player.vimeo.com blob:; connect-src 'self' https://static.panascais.net https://assets.panascais.net https://images.panascais.net https://noembed.com https://www.youtube.com https://www.youtube-nocookie.com https://vimeo.com https://player.vimeo.com https://api.mapbox.com https://events.mapbox.com; default-src 'self'; font-src https://static.panascais.net; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://vimeo.com https://player.vimeo.com; img-src 'self' https://static.panascais.net https://images.panascais.net https://videos.panascais.net https://i.ytimg.com https://img.youtube.com https://i.vimeocdn.com data: blob:; manifest-src 'self'; media-src https://static.panascais.net https://videos.panascais.net; object-src 'none'; script-src 'self' https://assets.panascais.net https://s.ytimg.com https://www.youtube.com https://vimeo.com https://player.vimeo.com; style-src https://assets.panascais.net 'unsafe-inline'; upgrade-insecure-requests; worker-src 'self' blob:; report-uri https://panascais.net/api/report/content-security-policy; 2
default-src 'self' naturaprende.net *.naturaprende.net escuelanaturayavon.net *.escuelanaturayavon.net *.jsdelivr.net unpkg.com cdnjs.cloudflare.com cdn.datatables.net *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com.ar *.google.com *.youtube.com *.ytimg.com naturamediaawsbucket.s3.sa-east-1.amazonaws.com 'unsafe-inline' data:; frame-src * 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: 2
img-src 'self' blob: *.googlesyndication.com 'unsafe-inline' data: 2
default-src 'self';script-src 'self' cdn.jsdelivr.net cdn.bc0a.com consents-cf.bc0a.com ixfd1-api.bc0a.com cdn.b0e8.com img.en25.com img04.en25.com www.googletagmanager.com api.brightedge.com www.google-analytics.com jobs.jobvite.com s1503422690.t.eloqua.com www.datadoghq-browser-agent.com ixcontents.b4e0.com js.zi-scripts.com ws-assets.zoominfo.com static.hotjar.com script.hotjar.com metrics.hotjar.io tags.clickagy.com js.adsrvr.org 'unsafe-eval' 'unsafe-inline';style-src 'self' cdn.b0e8.com 'unsafe-inline';connect-src 'self' ws://alliant.com http://alliant.com ws://umbracoalliant-admin-prod-windows-app.azurewebsites.net http://umbracoalliant-admin-prod-windows-app.azurewebsites.net ixfd1-api.bc0a.com www.google-analytics.com stats.g.doubleclick.net s1503422690.t.eloqua.com api.brightedge.com jobs.jobvite.com cookie-cdn.bc0a.com rum.browser-intake-us3-datadoghq.com js.zi-scripts.com ws.zoominfo.com *.hotjar.io *.hotjar.com *.clickagy.com wss://ws.hotjar.com;font-src 'self';img-src 'self' marvel-b1-cdn.bc0a.com marvel-processor.bc0a.com a1.b0e8.com dashboard.umbraco.com www.google-analytics.com *.clickagy.com s1503422690.t.eloqua.com;media-src 'none';object-src 'none';frame-ancestors 'self';frame-src 'self' w.soundcloud.com jobs.jobvite.com www.youtube-nocookie.com player.vimeo.com;report-uri /csp-report 2
frame-ancestors 'self' *.psplugin.com 2
default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self' *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com https://www.gstatic.com/recaptcha/ *.bing.com *.clarity.ms 'sha256-OV+W5aN+wXLQMwrLt6Me/DVM/QLZyWr6AqI2ONGntw8='; connect-src 'self' google.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com *.bing.com *.clarity.ms; script-src-elem 'self' *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com https://www.gstatic.com/recaptcha/ *.bing.com *.clarity.ms 'sha256-OV+W5aN+wXLQMwrLt6Me/DVM/QLZyWr6AqI2ONGntw8='; img-src 'self' google.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com *.bing.com *.clarity.ms; style-src 'self' 'unsafe-hashes' *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-/Q4se7FLGCaPFRdiDgb/uQcgnY12w7eKaV8TA9b4SEc='; frame-ancestors 'self'; form-action 'self'; manifest-src 'self'; font-src 'self'; frame-src 'self' *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com https://www.gstatic.com/recaptcha/ 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.twitter.com *.googletagmanager.com *.cookielaw.org static.addtoany.com cdnjs.cloudflare.com cdn.bc0a.com assets.sitescdn.net fonts.googleapis.com *.siteimprove.net ajax.googleapis.com visit.sanmanuel.com klear.com cdn.b0e8.com *.google-analytics.com *.bing.com *.amazon-adsystem.com *.clarity.ms *.siteimproveanalytics.com *.adsrvr.org *.youtube.com connect.facebook.net munchkin.marketo.net s.yimg.com googleads.g.doubleclick.net *.cloudfront.net *.viralsweep.com *.pollstream.com insiderdata360online.com *.sevenrooms.com *.i4go.com *.recaptcha.net *.gstatic.com answers-embed.yaamava.com.pagescdn.com *.byspotify.com *.instagram.com *.visrez.com *.stackadapt.com *.googleadservices.com siteimproveanalytics.com tags.srv.stackadapt.com pixel.byspotify.com *.visitingmedia.com visitingmedia.com *.jquery.com *.sevenrooms.com id.eu.siteimprove.com *.quantserve.com rules.quantcount.com qvdt3feo.com *.vimeo.com; script-src-elem 'self' 'unsafe-inline' assets.sitescdn.net visit.sanmanuel.com cdn.siteimprove.net *.instagram.com *.googletagmanager.com cdn.cookielaw.org cdn.jsdelivr.net connect.facebook.net siteimproveanalytics.com tags.srv.stackadapt.com pixel.byspotify.com *.youtube.com munchkin.marketo.net bat.bing.com c.amazon-adsystem.com googleads.g.doubleclick.net *.google-analytics.com static.addtoany.com interactive.visrez.com secure.quantserve.com *.clarity.ms rules.quantcount.com visitingmedia.com *.sevenrooms.com code.jquery.com insiderdata360online.com  tags.srv.stackadapt.com answers-embed.yaamava.com.pagescdn.com platform.twitter.com cdnjs.cloudflare.com unpkg.com qvdt3feo.com i4m.i4go.com *.googleadservices.com klear.com https://player.vimeo.com/api/player.js *.viralsweep.com https://js.adsrvr.org/up_loader.1.1.0.js https://cdn.userway.org *.vimeo.com; style-src 'self' 'unsafe-inline'  *.jsdelivr.net *.sitescdn.net fonts.googleapis.com visit.sanmanuel.com d1p5cqqchvbqmy.cloudfront.net *.sevenrooms.com *.visrez.com *.stackadapt.com  *.visitingmedia.com visitingmedia.com *.sevenrooms.com id.eu.siteimprove.com  *.quantserve.com  *.vimeo.com; report-uri /report-csp-violation 2
object-src 'none'; frame-ancestors 'self'; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-downloads; base-uri 'self'; 2
default-src 'none'; script-src 'self' https: blob: 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org www.googletagmanager.com www.googleadservices.com snap.licdn.com/li.lms-analytics/insight.min.js js.hs-scripts.com/4398552.js googleads.g.doubleclick.net/pagead/; style-src 'self' 'unsafe-inline'; img-src 'self' https: data: blob: android-webview-video-poster: px.ads.linkedin.com www.googletagmanager.com; media-src 'self' https: monkapps.com; frame-src 'self' https: www.youtube.com; frame-ancestors 'self'; font-src 'self' data: https: fonts.gstatic.com; connect-src 'self' https: cdn.cookielaw.org www.googleadservices.com www.google.com/pagead/ googleads.g.doubleclick.net/pagead/ www.google-analytics.com/g/collect; manifest-src 'self'; script-src-elem 'self' https: 'unsafe-inline' www.googletagmanager.com www.googleadservices.com; report-uri https://sentry.nadapada.net/api/125/security/?sentry_key=b569db56805c4e5f98879e39f0fc3053 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mc.yandex.ru https://www.googletagmanager.com https://www.google-analytics.com https://points.boxberry.de https://widget.cdek.ru https://api-maps.yandex.ru https://*.maps.yandex.net https://yastatic.net; style-src 'self' 'unsafe-inline' https://points.boxberry.de https://widget.cdek.ru; img-src 'self' data: https://mc.yandex.ru https://www.google-analytics.com https://points.boxberry.de https://api-maps.yandex.ru https://*.maps.yandex.net https://widget.cdek.ru https://pvzimage.cdek.ru; connect-src 'self' https://mc.yandex.ru https://www.google-analytics.com https://widget.cdek.ru https://pim.solvos.ru; font-src 'self' https://fonts.gstatic.com; frame-src https://points.boxberry.de; manifest-src 'self'; 2
frame-ancestors 'self' http://www.philips.com.au *.philips.com *.philips.com.au https://philipsigtdpv.com 2
default-src 'self' blob:;script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://cdn.jsdelivr.net http://d2c7xlmseob604.cloudfront.net  http://js.hs-scripts.com http://munchkin.marketo.net http://translate.google.com/translate_a/element.js http://web.bentley.com https://*.ads-twitter.com https://*.amazonaws.com https://*.bentley.com https://*.bing.com https://*.brightcove.net https://www.clarity.ms https://*.cloudflare.com https://*.cloudfront.net https://*.company-target.com https://*.demandbase.com https://*.doubleclick.net https://*.facebook.net https://*.feedbackify.com https://*.flockler.com https://*.getsmartling.com https://*.google-analytics.com https://*.google.com https://googleads.g.doubleclick.net https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://www.google-analytics.com https://www.google.com https://*.gstatic.cn https://*.gstatic.com https://*.hsforms.net https://*.jotform.com https://*.marketo.com https://*.marketo.net https://*.mouseflow.com https://*.onetrust.com https://*.pagespeed-mod.com https://*.pingdom.net https://pixel.byspotify.com https://qvdt3feo.com https://*.recaptcha.net https://*.redditstatic.com https://static.hsappstatic.net/MeetingsEmbed/ex/MeetingsEmbedCode.js  https://*.salesloft.com https://*.surveysparrow.com https://tags.srv.stackadapt.com https://*.tourial.com https://*.twitter.com https://*.userway.org https://*.zencdn.net https://1.safecdn01.com https://accessibilityserver.org https://api.hubspot.com https://bat.bing.com/bat.js https://beacon-v2.helpscout.net/ https://bentleypocstg.wpengine.com https://blibok.com https://c.itaozi.cn https://cdn.cookielaw.org https://cdn.mathjax.org https://cdn.mouseflow.com https://click.easypower.com  https://client.prod.mplat-ppcprotect.com https://connect.facebook.net https://conoret.com https://cookie-cdn.cookiepro.com https://d2c7xlmseob604.cloudfront.net https://fast.wistia.com https://form.jotform.com/static/feedback.js https://forms.hubspot.com https://gateway.on24.com https://images.uc.cn https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectforms.net https://js.hsforms.net https://js.hsleadflows.net https://js.hubspot.com https://js.usemessages.com https://mstat.acestream.net https://munchkin.marketo.net https://ob.segreencolumn.com https://pixel.byspotify.com https://players.brightcove.net  https://relatedgamesnet-a.akamaihd.net https://scout-cdn.salesloft.com https://search.imtt.qq.com  https://service.excentos.com https://snap.licdn.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com https://tag.demandbase.com https://tags.srv.stackadapt.com https://ucads-cdn.ucweb.com https://unpkg.com https://unpkg.zhimg.com https://vjs.zencdn.net https://w8o39.m70vee7.com https://*.youtube.com https://*.visualwebsiteoptimizer.com https://app.vwo.com;style-src 'self' 'unsafe-inline' data: https://*.bentley.com https://*.googleapis.com https://cdn.jsdelivr.net https://*.easypower.com https://service.excentos.com https://s3.amazonaws.com https://tags.srv.stackadapt.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.userway.org https://web.bentley.com;object-src 'self' https://*.brightcove.net;connect-src 'self' data: http://ad.doubleclick.net http://gjtrack.ucweb.com https: https://*.doubleclick.net https://*.hubspot.com https://adservice.google.com https://bcbolt446c5271-a.akamaihd.net https://bcsecure01-a.akamaihd.net https://forms.hubspot.com https://stats.g.doubleclick.net wss://www.bentley.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; font-src 'self' data: http://themes.googleusercontent.com https:;frame-ancestors 'self' *.bentley.com https://*.docebosaas.com/ https://bentleysystems.gcs-web.com/ https://bentleysystems-preview.gcs-web.com/;frame-src https://7668309.hs-sites.com/ http://www.facebook.com https://*.bentley.com https://*.brightcove.net https://*.core.windows.net https://*.doubleclick.net https://*.facebook.com https://*.flickr.com https://*.getsmartling.com https://*.google.com https://*.googletagmanager.com https://*.hs-scripts.com https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.jotform.com https://*.menlosecurity.com https://*.on24.com https://*.onetrust.com https://*.podbean.com https://*.recaptcha.net https://*.surveysparrow.com https://*.tourial.com https://*.twitter.com https://*.userway.org https://*.wpengine.com https://*.youtube.com https://*.zscalerthree.net https://7rx80283.ibosscloud.com https://block.opendns.com https://blocked.freedom.to https://bpb.opendns.com https://cdn.cookielaw.org https://click.easypower.com https://div.show https://gateway.zscaler.net https://gateway.zscalertwo.net https://gateway.zscloud.net https://leap13.github.io https://login.zscloud.net https://mozbar.moz.com https://*.statuspage.io https://remove.video https://s.company-target.com https://skytraf.xyz https://www.ciuvo.com https://zswpmanager.wip.mmc.com https://wp-rocket.me/ https://app.vwo.com https://*.visualwebsiteoptimizer.com;img-src 'self' blob: data: http://www.bentley.com https: https://t.co https://*.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com https://app.vwo.com;manifest-src 'self';media-src 'self' blob: data: https:;report-uri https://6449169ef1e3671a29137d52.endpoint.csper.io?v=7;worker-src 'self' blob:; 2
frame-ancestors 'self' https://event.on24.com/ https://insightsoftware.highspot.com/ 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' 2
frame-ancestors *.mcdonalds2.sk *.mcdonalds2.cz *.mcdonalds.cz *.mcdonalds.sk *.mcdonalds360.cz *.mcdonalds360.sk; form-action *.mcdonalds2.sk *.mcdonalds2.cz *.mcdonalds.sk *.mcdonalds.cz tr.snapchat.com; object-src 'none'; 2
frame-src self *.microfocus.com *.ubembed.com *.opentext.com https://12964123.fls.doubleclick.net/ https://js.driftt.com https://bid.g.doubleclick.net https://optimize.google.com/ https://dev.visualwebsiteoptimizer.com https://www.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://www.brighttalk.com/ https://bcove.video/ https://app.vwo.com https://www.googletagmanager.com https://microfocuspartner.force.com https://www.linkedin.com/ https://platform.twitter.com/ https://www.research.net https://irs.tools.investis.com/ https://players.brightcove.net/ https://otp.tools.investis.com/ https://microfocus-education.sabacloud.com https://recaptcha.net https://html5-player.libsyn.com/ http://demo.havendemo.com/ https://open.spotify.com https://player.vimeo.com/; frame-ancestors self *.microfocus.com *.opentext.com https://microfocus.lookbookhq.com https://microfocus-education.sabacloud.com https://recaptcha.net https://microfocuspartner.force.com; 2
frame-ancestors 'self' dampsoft.de *.dampsoft.de 2
default-src 'self' *.sitevision-cloud.se *.sitevision.se data:; img-src 'self' * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.readspeaker.com svanalytics.piwik.pro svanalytics.containers.piwik.pro *.sitevision-cloud.se *.sitevision.se *.tt.se *.rekai.se *.twitter.com blob:; style-src 'self' *.bootstrapcdn.com *.readspeaker.com *.sitevision-cloud.se *.sitevision.se 'unsafe-inline'; font-src 'self' *.bootstrapcdn.com data: *.sitevision-cloud.se *.sitevision.se; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *.readspeaker.com svanalytics.piwik.pro svanalytics.containers.piwik.pro *.rekai.se *.vimeo.com *.bootstrapcdn.com *.sitevision.se *.sitevision-cloud.se blob:; 2
default-src 'none'; child-src 'self'; connect-src 'self' https://*.bynder.com https://*.cloudflare.com https://*.cloudfront.net https://*.jsdelivr.net https://adservice.google.com https://bat.bing.com https://brandportal.falck.com https://browser-intake-datadoghq.eu https://collect.falck.dk https://consent.app.cookieinformation.com https://esp-eu.aptrinsic.com https://googleads.g.doubleclick.net/ https://maps.googleapis.com https://policy.app.cookieinformation.com https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://tracker.falck-sverige.open-analytics.se https://westeurope-5.in.applicationinsights.azure.com https://www.falck.com https://www.google-analytics.com https://www.google.com https://www.google.dk; font-src 'self' https://*.bynder.com https://*.cloudfront.net https://*.cloudfront.net/graphik/ https://*.cloudfront.net/lato/ https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://prd-falckcdn.azureedge.net; frame-src 'self' blob: https://*.fls.doubleclick.net https://falck.23video.com https://paybill.falck.us https://player.vimeo.com/ https://policy.app.cookieinformation.com; img-src 'self' blob: data: https://*.bynder.com https://*.cloudfront.net https://*.global.siteimproveanalytics.io https://ad.doubleclick.net https://analytics.sleeknote.com https://bat.bing.com https://brandportal.falck.com https://cdn.honey.io https://connect.facebook.net https://falck.dk https://fonts.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://translate.google.com https://www.facebook.com https://www.falck.dk/ https://www.google-analytics.com https://www.google.at https://www.google.co.id https://www.google.co.uk https://www.google.com https://www.google.com.tr https://www.google.com.ua https://www.google.com.uy https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.nl https://www.google.pl https://www.google.ro https://www.google.se https://www.googletagmanager.com https://www.linkedin.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.cloudflare.com https://*.jsdelivr.net https://bat.bing.com https://cdn-4.convertexperiments.com https://code.jquery.com https://connect.facebook.net https://consent.app.cookieinformation.com https://js.monitor.azure.com https://maxcdn.bootstrapcdn.com https://policy.app.cookieinformation.com https://prd-falckcdn.azureedge.net https://siteimproveanalytics.com https://sleeknotecustomerscripts.sleeknote.com https://sleeknotestaticcontent.sleeknote.com https://snap.licdn.com https://tracker.falck-sverige.open-analytics.se https://widget.trustpilot.com https://www.datadoghq-browser-agent.com https://www.google-analytics.com https://www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' https://*.bynder.com https://*.cloudflare.com https://*.jsdelivr.net https://bat.bing.com https://cdn-4.convertexperiments.com https://cdn.treasuredata.com https://code.jquery.com https://connect.facebook.net https://consent.app.cookieinformation.com https://eu01.in.treasuredata.com https://js.monitor.azure.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://policy.app.cookieinformation.com https://prd-falckcdn.azureedge.net https://siteimproveanalytics.com https://sleeknotecustomerscripts.sleeknote.com https://sleeknotestaticcontent.sleeknote.com https://snap.licdn.com https://tracker.falck-sverige.open-analytics.se https://web-sdk-eu.aptrinsic.com https://widget.trustpilot.com https://www.datadoghq-browser-agent.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.cloudflare.com https://*.jsdelivr.net https://prd-falckcdn.azureedge.net; style-src-elem 'self' 'unsafe-inline' https://*.cloudflare.com https://*.cloudfront.net https://*.jsdelivr.net https://cdn.honey.io https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://prd-falckcdn.azureedge.net https://web-sdk-eu.aptrinsic.com https://www.gstatic.com; media-src data: https://*.bynder.com https://*.cloudfront.net https://brandportal.falck.com; manifest-src https://landesite.falck.com https://www.falck.co https://www.falck.com https://www.falck.com.au https://www.falck.de https://www.falck.es https://www.falck.fi https://www.falck.fr https://www.falck.nl https://www.falck.no https://www.falck.pt https://www.falck.ro https://www.falck.sk https://www.falck.uk https://www.falck.us https://www.falckbrasil.com.br https://www.falckhealthcare.dk https://www.falckitalia.it https://www.falcksverige.se https://www.mit.falck.dk; worker-src blob:; report-to stott-security-endpoint;report-uri https://www.falck.com/stott.security.optimizely/api/cspreporting/reporturiviolation/; 2
default-src *.cloudflare.com *.youtube.com *.powerfulreveal.com *.semoelectric.coop *.cdn.js *.jsdelivr.net *.commentportal.com commentportal.com *.google.com bootstrapcdn.com  googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com *.crowdfiber.io data: *.googletagmanager.com luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net *.nwwsd.org facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.facebook.net *.smeco.coop electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' billing.nwwsd.org elfsight.com icua.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co *.cooperative.com *.google-analytics.com gmpg.org cloudfront.net *.ctctcdn.com *.marketingautomation.services *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com *.azgt.coop; 2
default-src     'self'; frame-ancestors 'self'; style-src       'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.sandbox.my.salesforce-sites.com static.lightning.force.com; script-src      'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.sandbox.my.salesforce-sites.com static.lightning.force.com; style-src-elem  'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.sandbox.my.salesforce-sites.com static.lightning.force.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.sandbox.my.salesforce-sites.com static.lightning.force.com; font-src        'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.sandbox.my.salesforce-sites.com static.lightning.force.com data:; connect-src     'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.sandbox.my.salesforce-sites.com static.lightning.force.com; frame-src       'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.sandbox.my.salesforce-sites.com static.lightning.force.com; form-action     'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.sandbox.my.salesforce-sites.com static.lightning.force.com; img-src         'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.sandbox.my.salesforce-sites.com static.lightning.force.com data:; upgrade-insecure-requests 2
frame-ancestors 'self' *, object-src 'none', font-src 'self' https://fonts.gstatic.com https://script.hotjar.com/, frame-src 'self' https://www.google.com/  https://consentcdn.cookiebot.com/ https://outlook.office365.com/ https://sflink.maltego.com/ https://www.youtube.com/ https://app.vwo.com/ https://www.youtube-nocookie.com/ https://forms.office.com/, img-src 'self' data: https://analytics.twitter.com https://chart.googleapis.com https://company.g2.com https://dev.visualwebsiteoptimizer.com https://px.ads.linkedin.com https://t.co https://useruploads.visualwebsiteoptimizer.com https://wingify-assets.s3.amazonaws.com https://www.google.com https://www.google.com.br https://imgsct.cookiebot.com/ https://www.google-analytics.com/ https://px4.ads.linkedin.com/ https://bat.bing.com/ https://www.fbi.gov/ https://static.maltego.com/cdn/ 2
object-src 'none'; script-src 'self' 'unsafe-inline' 'strict-dynamic' https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://ws.zoominfo.com/pixel/615b474d39247c001cc2f2f2 https://www.googletagmanager.com/gtag/js https://code.jquery.com/ https://clients3.weblink.com.au/ https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/cxbus.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/widgets-core.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/webchat.min.js https://d2uinmo2bcbdsn.cloudfront.net/ https://snap.licdn.com/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js http://cdn.jsdelivr.net/npm/jquery-validation@1.17.0/dist/jquery.validate.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/ScrollTrigger.min.js https://cdnjs.cloudflare.com/ajax/libs/jarallax/2.1.3/jarallax.min.js https://pym.nprapps.org/pym.v1.min.js https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d3js.org https://platform.twitter.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com/gtm.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/hotjar-2877749.js https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://ws.zoominfo.com/pixel/615b474d39247c001cc2f2f2 https://www.googletagmanager.com/gtag/js https://script.hotjar.com/modules.5dca1694a4338dade13b.js https://connect.facebook.net/signals/config/1761455807365259 https://connect.facebook.net/signals/config/685668156287079 https://pi.pardot.com/pd.js https://pi.pardot.com/analytics https://marketing.aes.com/analytics https://cdn.cookielaw.org/scripttemplates/202211.1.0/otBannerSdk.js https://js-agent.newrelic.com/async-api.6bb277af-1225.min.js https://js-agent.newrelic.com/lazy-loader.48127245-1225.min.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://cdn.cookielaw.org/consent/27cd7b43-53f3-46bb-9267-e0af03db8d70/OtAutoBlock.js https://siteintercept.qualtrics.com https://googleads.g.doubleclick.net https://zn9sohtzqeoni8wpq-aescorp.siteintercept.qualtrics.com https://cdn.cookielaw.org/scripttemplates/202209.1.0/otBannerSdk.js https://zncwhklt9qhc4tztc-aescorp.siteintercept.qualtrics.com https://www.google.co.in/pagead https://www.gstatic.com/recaptcha/releases https://script.hotjar.com https://js-agent.newrelic.com https://bam.nr-data.net https://connect.facebook.net https://apps.mypurecloud.com https://dhqbrvplips7x.cloudfront.net https://www.googleadservices.com/ https://www.gstatic.com/ https://cdn.cookielaw.org/ https://eb2.3lift.com/ https://www.google.co.in/ https://pippio.com/ https://widgets.hive.genesys.com/ https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/cxbus.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/widgets-core.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/webchat.min.js https://d2uinmo2bcbdsn.cloudfront.net/ https://snap.licdn.com/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js http://cdn.jsdelivr.net/npm/jquery-validation@1.17.0/dist/jquery.validate.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/ScrollTrigger.min.js https://cdnjs.cloudflare.com/ajax/libs/jarallax/2.1.3/jarallax.min.js https://pym.nprapps.org/pym.v1.min.js http://cdn.jsdelivr.net http://d3js.org/d3.v4.min.js http://cdnjs.cloudflare.com http://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.7.0/Chart.min.js http://cdnjs.cloudflare.com/ajax/libs/chartjs-plugin-doughnutlabel/2.0.3/chartjs-plugin-doughnutlabel.js https://static.hotjar.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d3js.org https://platform.twitter.com https://unpkg.com https://www.google.com; frame-ancestors 'self'; report-uri https://www.aesindiana.com/report-uri/enforce 2
worker-src blob:;default-src 'self' http://www.ltgplc.com/ https://go.ltgplc.com https://go.to.peoplefluent.com https://pf-marketing.kzoplatform.com https://pf-customers.kzoplatform.com https://gomo.kzoplatform.com https://percolate.blogtalkradio.com https://www.blogtalkradio.com http://www.ltgplc.com/ https://go.ltgplc.com https://www.youtube.com https://go.pardot.com https://www.clickcease.com https://td.doubleclick.net;script-src-elem 'self' 'unsafe-inline' https://snap.licdn.com https://microapps.pf-labs.net https://go.to.peoplefluent.com https://ltg.breezy.hr https://pi.pardot.com/ https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com https://www.clickcease.com https://monitor.clickcease.com https://go.to.peoplefluent.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clarity.ms https://*.clarity.ms https://*.brilliantchap.com https://www.youtube.com https://*.brilliantlocco.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://microapps.pf-labs.net https://cdn.inspectlet.com https://go.to.peoplefluent.com https://ltg.breezy.hr https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://pi.pardot.com https://go.ltgplc.com https://monitor.clickcease.com https://go.to.peoplefluent.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clickcease.com https://www.clarity.ms https://*.clarity.ms https://*.brilliantchap.com https://*.brilliantlocco.com;font-src 'self' data: https://ui.peoplefluent.com https://use.typekit.net https://fonts.gstatic.com;style-src 'self' 'unsafe-inline' https://ui.peoplefluent.com https://microapps.pf-labs.net https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com;img-src 'self' data: https://d33wubrfki0l68.cloudfront.net https://t.co https://cdn.sanity.io https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://s.clarity.ms https://c.bing.com https://*.clarity.ms https://*.brilliantchap.com https://i.ytimg.com https://googleads.g.doubleclick.net https://*.brilliantlocco.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat;media-src 'self' data: https://cdn.sanity.io;connect-src 'self' https://ltg.breezy.hr https://www.google-analytics.com https://go.to.peoplefluent.com https://stats.g.doubleclick.net https://monitor.clickcease.com https://region1.analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clickcease.com https://adservice.google.com https://*.google.com https://cdn.linkedin.oribi.io https://s.clarity.ms https://*.clarity.ms https://*.brilliantchap.com https://*.api.sanity.io https://px.ads.linkedin.com https://*.brilliantlocco.com 2
child-src 'self'; connect-src 'self' *.bluecrossma.com *.googleapis.com *.kampyle.com *.apigee.net *.brightcove.com *.boltdns.net *.akamaihd.net *.medallia.com *.nr-data.net *.brightcove.net *.bluecrossma.org *.brightcovecdn.com; frame-src 'self' *.apigee.net *.medallia.com *.google.com ahealthymelhnsearch.wholehealthmd.com *.bluecrossma.com *.brightcove.net; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kampyle.com *.adobedtm.com *.medallia.com *.cloudflare.com *.apigee.net *.brightcove.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill-fastly.io https://rebilly.github.io https://unpkg.com platform.instagram.com platform.twitter.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; script-src-elem 'self' 'unsafe-inline' *.kampyle.com *.adobedtm.com *.medallia.com *.cloudflare.com *.zencdn.net *.newrelic.com *.bluecrossma.org *.apigee.net *.brightcove.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill-fastly.io https://rebilly.github.io https://unpkg.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com *.googleapis.com *.kampyle.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; worker-src 'self' blob: *.bluecrossma.com; frame-ancestors 'self' *.caremark.com *.fepblue.com; report-uri https://www.bluecrossma.org/report-uri/enforce 2
default-src 'none'; script-src 'self' cdn.robinhood.com cdn.pdst.fm/ping.min.js 'unsafe-inline' www.google-analytics.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ tagmanager.google.com ssl.google-analytics.com connect.facebook.net sc-static.net d.impactradius-event.com www.redditstatic.com analytics.tiktok.com boards.greenhouse.io bat.bing.com www.googleadservices.com static.ads-twitter.com s.yimg.com *.usercentrics.eu snap.licdn.com public.flourish.studio/resources/embed.js csi.gstatic.com cdn.parsely.com *.doubleclick.net *.googlesyndication.com *.googletagservices.com platform.twitter.com/ platform.instagram.com/ www.instagram.com/embed.js www.threads.net/embed.js www.tiktok.com/embed.js lf16-tiktok-web.tiktokcdn-us.com/ www.facebook.com/ www.youtube.com/ ak.sail-horizon.com *.celtra.com *.heapanalytics.com heapanalytics.com *.doubleverify.com *.infogram.com 'unsafe-inline' 'unsafe-eval' ; worker-src 'self' blob: ; frame-src www.google.com/recaptcha/ www.youtube.com/iframe_api/ www.youtube.com/embed/ www.googletagmanager.com boards.greenhouse.io tr6.snapchat.com tr.snapchat.com fcm.quick1fr.com *.usercentrics.eu *.googlesyndication.com *.doubleclick.net *.googletagservices.com platform.twitter.com/ www.instagram.com/ www.tiktok.com/ www.facebook.com/ www.linkedin.com/ www.threads.net/ flo.uri.sh/ datawrapper.dwcdn.net/ www.googleadservices.com *.twitch.tv *.infogram.com ; style-src 'self' 'unsafe-inline' cdn.robinhood.com tagmanager.google.com fonts.googleapis.com heapanalytics.com *.googletagmanager.com ; font-src 'self' cdn.robinhood.com data: fonts.gstatic.com *.celtra.com heapanalytics.com *.auryc.com ; media-src 'self' cdn.robinhood.com *.usercentrics.eu *.celtra.com ; img-src 'self' images.robinhood.com cdn.robinhood.com www.google-analytics.com stats.g.doubleclick.net i.ytimg.com/vi/ images.ctfassets.net/5ft2qdzfrz9o/ images.ctfassets.net/mwphzyq69oso/ images.ctfassets.net/fomw95h5b4ty/ images.ctfassets.net/lnmc2aao6j57/ www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.facebook.com www.google.com tr.snapchat.com tr6.snapchat.com bat.bing.com googleads.g.doubleclick.net pixel.pointmediatracker.com cnv.event.prod.bidr.io/log/cnv data: alb.reddit.com analytics.twitter.com t.co sp.analytics.yahoo.com *.usercentrics.eu cdn.blisspointmedia.com/assets/img/ px.ads.linkedin.com blob: * ; frame-ancestors 'self' ; manifest-src 'self' cdn.robinhood.com ; connect-src 'self' robinhood.com *.robinhood.com *.apollo.rhinternal.net www.google-analytics.com stats.g.doubleclick.net bat.bing.com/actionp/ us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink ssl.google-analytics.com analytics.google.com sentry.io o62437.ingest.sentry.io www.googletagmanager.com tagmanager.google.com analytics.tiktok.com boards-api.greenhouse.io preview.contentful.com cdn.contentful.com s.yimg.com *.usercentrics.eu api.instagram.com/ px.ads.linkedin.com mjml-api.apollo.rhinternal.net *.parsely.com *.doubleclick.net *.googlesyndication.com api.sail-personalize.com api.sail-track.com csi.gstatic.com *.celtra.com api.sailthru.com heapanalytics.com *.auryc.com *.google.com *.doubleverify.com *.imgix.net ; upgrade-insecure-requests; block-all-mixed-content; report-uri https://o62437.ingest.sentry.io/api/1336410/security/?sentry_key=dadc326d25814a55b5486cb04f439a29; base-uri 'self' 2
frame-ancestors 'self' *.e-spirit.hosting; base-uri 'self' 2
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 2
frame-src 'self' *.cybersoulhost.ru *.gosuslugi.ru yandex.ru *.yandex.ru yastatic.net *.youtube.com *.culturaltracking.ru *.smart-bilet.ru t.me telegram.org vk.com 2
frame-ancestors 'self' https://eway.my.salesforce.com/; 2
require-trusted-types-for 'script';report-uri /_/ChromeWebStoreConsumerFeUi/cspreport 2
frame-ancestors 'self' *.dynatrace.org *.dynatrace.com *.dynatrace.cn 2
base-uri 'self'; object-src 'none'; frame-ancestors 'self'; default-src * data: blob: filesystem: about: ws: wss: http: https: 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none'; 2
style-src * blob: 'unsafe-inline'; img-src * data: 'unsafe-inline'; font-src * data: 'unsafe-inline'; media-src * data: 'unsafe-inline'; connect-src * ws: wss:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; 2
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' https://mynfon.net https://partners.nfon.com; 2
font-src *.olark.com mediacdn.espssl.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.zopim.com *.zopim.io *.widen.net *.widencdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.authorize.net destinilocators.com *.duosecurity.com *.olark.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.zendesk.com *.widen.net *.widencdn.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io store.paradoxlabs.com frontiercoop.widen.net *.olark.com lux.speedcurve.com mediacdn.espssl.com brxcdn.com *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com *.widen.net *.widencdn.net *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.exponea.com *.authorize.net js-agent.newrelic.com bam.nr-data.net destinilocators.com *.olark.com cdn.speedcurve.com acsbapp.com s.pinimg.com bat.bing.com ct.pinterest.com js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.google.com *.zendesk.com *.widen.net *.widencdn.net https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.olark.com mediacdn.espssl.com *.klevu.com *.ksearchnet.com 'unsafe-inline' assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com *.widen.net *.widencdn.net tagmanager.google.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.olark.com *.zopim.com *.zopim.io *.widen.net *.widencdn.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.exponea.com *.authorize.net bam.nr-data.net lux.speedcurve.com *.acsbapp.com acsbapp.com ct.pinterest.com bat.bing.com *.olark.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.twitter.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com https://stats.g.doubleclick.net *.zendesk.com *.widen.net *.widencdn.net *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.olark.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; style-src 'self' 'unsafe-inline'; 2
default-src 'self' https://videos.ctfassets.net/ feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 2
default-src 'self' *.tenancydepositscheme.com *.thedisputeservice.co.uk; script-src 'self' 'unsafe-inline' *.tenancydepositscheme.com *.google.com *.googleapis.com *.livechatinc.com *.landbot.io *.vertical.plus *.gstatic.com *.livechat-static.com *.firebaseio.com cdnjs.cloudflare.com code.createjs.com *.google-analytics.com *.hotjar.com *.bing.com *.smartlook.com *.smartlook.cloud *.licdn.com *.googletagmanager.com *.doubleclick.net *.ads-twitter.com *.facebook.net *.tiktok.com *.outbrain.com api.swiftype.com app.mailjet.com *.dotdigital-pages.com elevenlabs.io; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net fonts.googleapis.com www.gstatic.com maxcdn.bootstrapcdn.com *.landbot.io *.hotjar.com; img-src * 'self' data:; font-src 'self' data: fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com cdn.livechatinc.com secure.livechatinc.com cdn.landbot.io *.hotjar.com; connect-src 'self' *.googleapis.com *.google.com *.landbot.io *.livechatinc.com *.firebaseio.com wss://*.firebaseio.com apikeys.civiccomputing.com *.smartlook.com *.smartlook.cloud *.hotjar.com *.hotjar.io *.linkedin.oribi.io *.google-analytics.com *.doubleclick.net *.tiktok.com *.linkedin.com *.outbrain.com *.bing.com wss://ws.hotjar.com; media-src 'self' cdn.livechatinc.com secure.livechatinc.com cdn.livechat-static.com; object-src 'self'; child-src 'self' *.livechatinc.com google.com fonts.google.com; frame-src 'self' *.tenancydepositscheme.com *.livechatinc.com www.google.com *.landbot.io *.firebaseio.com *.facebook.com *.youtube.com *.youtube-nocookie.com *.vimeo.com x7qru.mjt.lu td.doubleclick.net *.dotdigital-pages.com elevenlabs.io; manifest-src 'self' 2
Content-Security-Policy: default-src https: 2
frame-ancestors 'self' https://commerceinsights.ibmcloud.com 2
frame-ancestors https://*.descartes.com https://*.folloze.com; report-uri /report-csp-violation 2
frame-ancestors https://www.notion.so 2
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob:;script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline';img-src * 'self' data:;frame-ancestors 'self' https://www.visma.com/ online.superoffice.com apps.risevision.com desktop.visma.com asp.visma.com hlasp.visma.com es-eu-dev-api01.episerver.net;worker-src * 'self' blob:;connect-src * 'self' blob:;font-src * 'self' data:;frame-src * 'self';media-src * 'self' blob:;object-src * 'self'; 2
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https://cms.luxhosting.com https://analytics.sleeknote.com https://www.googletagmanager.com https://fonts.gstatic.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' https://stablechat.mysecurecloudhost.com; upgrade-insecure-requests; 2
frame-ancestors 'none'; report-uri /system/csp_reports 2
worker-src 'self' localhost blob:;img-src data: 'self' maps.gstatic.com *.googleapis.com *.ggpht.com *.facebook.com *.google-analytics.com *.google.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://static.trackedweb.net/ https://live.chatmeter.com/ https://static.highlight.io/ https://embed.shopgenie.io/ https://home-c32.nice-incontact.com/ https://maps.googleapis.com/ https://surfly.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.highlight.io/  https://embed.shopgenie.io/ https://home-c32.nice-incontact.com/ https://maps.googleapis.com/ https://surfly.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.gstatic.com/; object-src 'none' 2
default-src blob: https: wss: data: 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src https: data:; worker-src blob: data:; 2
default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 2
default-src 'self'; img-src 'self' https: *.google-analytics.com *.analytics.google.com data: www.google.com www.gravatar.com img.youtube.com https://gezondpl-production-files.s3.amazonaws.com/sync/site; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com assets.mlcdn.com *.mailerlite.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.mailerlite.com tpc.googlesyndication.com data:; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' *.sentry.io *.sentry-cdn.com *.google-analytics.com *.analytics.google.com www.google.com adservice.google.com adservice.google.nl adservice.google.be adservice.google.es adservice.google.de adservice.google.co.uk adservice.google.co.th adservice.google.pl adservice.google.au adservice.google.sr adservice.google.fr adservice.google.tr adservice.google.it adservice.google.ch adservice.google.pt adservice.google.com.au adservice.google.com.eg adservice.google.com.mx adservice.google.co.za adservice.google.co.id adservice.google.at tpc.googlesyndication.com www.googletagservices.com securepubads.g.doubleclick.net www.gstatic.com static.mailerlite.com cdn.mailerlite.com d24s38jd6z1bka.cloudfront.net www.googletagmanager.com cdn.ampproject.org adsfac.eu connect.facebook.net pagead2.googlesyndication.com assets.mlcdn.com adsfac.eu mlcdn.com *.adform.net; connect-src 'self' ejeylotbz1.execute-api.eu-west-1.amazonaws.com iarbv22z1h.execute-api.eu-west-1.amazonaws.com *.sentry.io *.google-analytics.com *.analytics.google.com securepubads.g.doubleclick.net pagead2.googlesyndication.com csi.gstatic.com adservice.google.com www.facebook.com stats.g.doubleclick.net ad.doubleclick.net *.doubleclick.net adclick.g.doubleclick.net doublieclick.net googleads.g.doubleclick.net www.googletagmanager.com; form-action 'self' static.mailerlite.com; frame-ancestors 'none'; frame-src 'self' *.safeframe.googlesyndication.com www.google.com www.youtube.com www.onlineassessmenttool.com www.onlinequizcreator.com securepubads.g.doubleclick.net player.vimeo.com vimeo.com 10063619.fls.doubleclick.net doubleclick.net googlesyndication.com *.googlesyndication.com; object-src 'none'; base-uri 'self' gezondheidsplein-nuxt-node14-development.eba-yacsfrnc.eu-west-1.elasticbeanstalk.com 2
report-uri https://8200068e1bbb5c22d2e57dd38c2ddbcf.report-uri.com/r/t/csp/reportOnly; 2
script-src 'self' https: 'unsafe-eval' 'unsafe-inline' 2
default-src 'self'; connect-src 'self' *.readspeaker.com https://www.piwik.bayern.de/ wss://*.assistent.bayern.de/chat/widget/; manifest-src 'self'; img-src 'self' data: https://*.assistent.bayern.de/bot-media/ https://*.assistent.bayern.de/static/ https://i.ytimg.com/; font-src 'self' data: https://*.assistent.bayern.de/static/; frame-src *.readspeaker.com https://geoportal.bayern.de/ https://www.youtube-nocookie.com/ https://www.youtube.com/; media-src 'self' *.readspeaker.com; prefetch-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://www.piwik.bayern.de/piwik/piwik.js https://*.assistent.bayern.de/static/ 2
frame-ancestors 'self' chromacam.me personifyinc.com 2
require-trusted-types-for 'script';report-uri /_/GoogleCloudUxWebAppCgcUi/cspreport 2
default-src 'self' www.google-analytics.com region1.google-analytics.com *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google.com www.gstatic.com www.google-analytics.com region1.google-analytics.com *.openstreetmap.org; img-src 'self' 'unsafe-inline' www.google-analytics.com secure.gravatar.com *.tile.openstreetmap.org data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-src 'self' www.google.com *.openstreetmap.org; object-src 'none'; font-src 'self' 'unsafe-inline' fonts.gstatic.com data:; 2
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://cdn.plyr.io https://www.youtube.com https://player.vimeo.com https://connect.facebook.net https://googleads.g.doubleclick.net https://stable.loyjoy.com https://snap.licdn.com/ https://www.google.com/ https://www.gstatic.com/; 2
default-src 'self' *.googlesyndication.com;style-src 'unsafe-inline' *.livenationinternational.com *.googleapis.com *.monetate.net *.amondo.com tagmanager.google.com platform.twitter.com use.fontawesome.com rsms.me;img-src 'self' data: *.livenationinternational.com www.lntvglobal.com *.2mdn.net *.betrad.com *.celtra.com *.doubleverify.com *.evidon.com *.facebook.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.mgr.consensu.org *.monetate.net *.ticketm.net *.tmol.co *.quantserve.com *.youtube.com *.adzip.co *.twitter.com *.tiktokcdn.com *.scdn.co *.twimg.com *.analytics.google.com *.google-analytics.com ad.doubleclick.net ads.celtra.com adservice.google.com dt.adsafeprotected.com cache-ssl.celtra.com media.ticketmaster.com media.ticketmaster.co.uk pixel.adsafeprotected.com pixel.moatads.com px.moatads.com secure.adnxs.com tagmanager.google.com track.celtra.com www.google.co.uk www.google.com www.googletagmanager.com api.permutive.com cdn.permutive.com cdn.cookielaw.org insight.adsrvr.org match.adsrvr.org fxctag.com googlesync.permutive.com t.co tr.snapchat.com b97.yahoo.co.jp appboy-images.com braze-images.com cdn.braze.eu media.amondo.com static.amondo.com secure.adnxs.com match.adsrvr.org cm.g.doubleclick.net dpm.demdex.net image2.pubmatic.com d.turn.com sync.go.sonobi.com token.rubiconproject.com match.prod.bidr.io ad.360yield.com sync.smartadserver.com sync.1rx.io u.openx.net pixel.tapad.com sync.colossusssp.com ssum-sec.casalemedia.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livenationinternational.com *.2mdn.net *.bannersnack.com *.doubleverify.com *.evidon.com *.g.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.lytics.io *.quantcount.com *.monetate.net *.universe.com *.adzip.co *.tiktok.com *.tiktokcdn.com *.amondo.com *.ad.gt geolocation.onetrust.com cdn.cookielaw.org cdn.ampproject.org ad.doubleclick.net ads.celtra.com adservice.google.co.uk adservice.google.com bam.nr-data.net cache-ssl.celtra.com connect.facebook.net evidon.mgr.consensu.org js-agent.newrelic.com pixel.adsafeprotected.com secure.adnxs.com secure.quantserve.com static.adsafeprotected.com tagmanager.google.com widget.ticketmaster.eu www.google-analytics.com www.googletagmanager.com z.moatads.com api.permutive.com cdn.permutive.com www.instagram.com analytics.twitter.com platform.twitter.com cdn.syndication.twimg.com secure.wufoo.com static.ads-twitter.com js.adsrvr.org fxctag.com sc-static.net tag.lexer.io www.googleadservices.com s.yimg.jp b92.yahoo.co.jp js.appboycdn.com tag.durationmedia.net be.durationmedia.net stage-be.durationmedia.net stage-tag.durationmedia.net tpc.googlesyndication.com securepubads.g.doubleclick.net googleads.g.doubleclick.net pagead2.googlesyndication.com safeframe.googlesyndication.com cdn.confiant-integrations.net rumcdn.geoedge.be tr.snapchat.com id.hadron.ad.gt ad.gt cdn.hadronid.net;connect-src 'self' *.be.durationmedia.net *.doubleverify.com *.evidon.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.permutive.com *.tmol.co *.tmol.io *.prmutv.co *.analytics.google.com *.google-analytics.com *.amondo.com *.ad.gt be.durationmedia.net geolocation.onetrust.com cdn.cookielaw.org privacyportal.onetrust.com csi.gstatic.com vendorlist.consensu.org widget.ticketmaster.eu www.googletagmanager.com track.celtra.com analytics.google.com analytics.tiktok.com ib.adnxs.com www.google.com sdk.iad-05.braze.com durationmedia-d.openx.net rtb.openx.net u.openx.net js-sec.indexww.com dsum.casalemedia.com htlb.casalemedia.com ssp.theadx.com bid.contextweb.com bh.contextweb.com t.pubmatic.com hbopenbid.pubmatic.com ads.pubmatic.com image8.pubmatic.com ads.servenobid.com public.servenobid.com sync.1rx.io ap.lijit.com sync.adkernel.com id.hadron.ad.gt ad.gt cdn.hadronid.net adservice.google.com www.ticketmaster.co.uk www.ticketmaster.co.nz www.ticketmaster.com.au www.ticketmaster.de tr.snapchat.com;font-src *.livenationinternational.com fonts.gstatic.com widget.ticketmaster.eu use.fontawesome.com rsms.me static.amondo.com s3-res.amondo.com;frame-src *.2mdn.net *.bannersnack.com *.doubleverify.com *.dvtps.com *.evidon.com *.facebook.com *.fls.doubleclick.net *.googlesyndication.com *.googletagservices.com *.jebbit.com *.monetate.net *.ticketmaster.co.uk *.twitch.tv *.bilibili.com *.player.vimeo.com *.soundcloud.com *.instagram.com *.twitter.com *.spotify.com *.tiktok.com *.tiktokcdn.com *.youtube.com *.youtu.be cookies.onetrust.mgr.consensu.org music.163.com player.vimeo.com secureframe.doubleclick.net terriverhoeven.wufoo.com universe.queue-it.net v.qq.com www.google.com www.universe.com insight.adsrvr.org tr.snapchat.com static.amondo.com rsms.me td.doubleclick.net;media-src www.lntvglobal.com *.livenationinternational.com *.amondo.com;worker-src 'self' blob: 2
frame-ancestors 'self' kedge.edu *.kedge.edu; 2
default-src https: ws: wss: data: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self'; object-src 'self'; script-src 'self' https:  'unsafe-eval' 'unsafe-inline' blob:; 2
frame-ancestors 'self' *.bambuser.com 2
default-src * data: filesystem: about: blob: ws: wss:; script-src * data: filesystem: about: blob: ws: wss: 'unsafe-eval' 'unsafe-inline'; style-src * data: filesystem: about: blob: ws: wss: 'unsafe-inline'; frame-ancestors 'self' 2
default-src *; style-src http: https: 'unsafe-inline' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data:; font-src 'self' http: https: data:; img-src 'self' https: http: data:; worker-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: 2
frame-ancestors https://*.liveswitch.io; upgrade-insecure-requests 2
font-src fonts.gstatic.com use.typekit.net *.cloudfront.net *.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.facebook.com *.jascoproducts.com *.hsforms.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.stripe.com *.doubleclick.net *.facebook.com *.google.com www.paycomonline.net *.hsforms.net *.hsforms.com *.nice-incontact.com www.xtento.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com c1.ugc.bazaarvoice.com *.hsforms.com *.cloudfront.net *.bing.com *.google.com *.facebook.com *.facebook.net *.googletagmanager.com *.doubleclick.net *.adroll.com *.casalemedia.com *.rubiconproject.com *.advertising.com *.outbrain.com *.pubmatic.com *.yahoo.com *.taboola.com *.3lift.com *.bidswitch.net *.rlcdn.com *.adnxs.com *.openx.net *.mathtag.com *.pippio.com blog.byjasco.com *.hubspot.com *.clarity.ms *.ytimg.com/ byjasco.com *.bazaarvoice.com shareasale.com wheelofpopups-bucket.s3.amazonaws.com static-na.payments-amazon.com segments.company-target.com *.cdninstagram.com *.cordinateme.com cordinateme.com *.byjasco.com *.enbrightenme.com enbrightenme.com *.ezzwave.com ezzwave.com *.ezzigbee.com ezzigbee.com *.easyzigbee.com easyzigbee.com *.myselectsmart.com myselectsmart.com *.mytouchsmart.com mytouchsmart.com *.ecosurvivor.com ecosurvivor.com seg.sharethis.com www.xtento.com cdn.xtento.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unpkg.com commerce.adobedtm.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.stripe.com *.hs-scripts.com *.hsadspixel.net *.hsleadflows.net *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net *.googletagmanager.com *.bing.com *.google.com *.facebook.net *.doubleclick.net *.gstatic.com *.adroll.com *.newrelic.com *.nr-data.net bam-cell.nr-data.net *.clarity.ms *.hsforms.net *.hsforms.com *.nice-incontact.com d38xvr37kwwhcm.cloudfront.net www.xtento.com cdn.xtento.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com display.ugc.bazaarvoice.com *.cloudfront.net *.cloudflare.com *.lambda-url.us-west-2.on.aws *.popt.in unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.byjasco.com byjasco.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.hubspot.com *.hubapi.com *.doubleclick.net *.google-analytics.com *.facebook.com *.bing.com *.adroll.com *.nr-data.net bam-cell.nr-data.net *.clarity.ms *.hsforms.com *.cloudflare.com *.grin.co api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.ddev.site https://*.soenen-verzekeringen.be https://*.vanbreda-ausloos.be https://*.vanbreda-cornelis.be https://*.vanbreda-soenen.be https://*.justitia.be https://*.vanbreda-agencies.be https://*.vanbreda.com https://*.vanbreda.be https://*.deltablue.io; img-src 'self' data: https://www.facebook.com https://px4.ads.linkedin.com https://px.ads.linkedin.com https://imgsct.cookiebot.com https://bat.bing.com/ https://*.ddev.site https://*.soenen-verzekeringen.be https://*.vanbreda-ausloos.be https://*.vanbreda-cornelis.be https://*.vanbreda-soenen.be https://*.justitia.be https://*.vanbreda-agencies.be https://*.vanbreda.com https://*.vanbreda.be https://*.deltablue.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; font-src 'self' data: https://use.typekit.net; style-src 'self' 'unsafe-inline' https://*.ddev.site https://*.soenen-verzekeringen.be https://*.vanbreda-ausloos.be https://*.vanbreda-cornelis.be https://*.vanbreda-soenen.be https://*.justitia.be https://*.vanbreda-agencies.be https://*.vanbreda.com https://*.vanbreda.be https://*.deltablue.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' https://www.clarity.ms https://connect.facebook.net/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://bat.bing.com https://*.ddev.site https://*.deltablue.io https://*.soenen-verzekeringen.be https://*.vanbreda-ausloos.be https://*.vanbreda-cornelis.be https://*.vanbreda-soenen.be https://*.justitia.be https://*.vanbreda-agencies.be https://*.vanbreda.com https://*.vanbreda.be https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.recaptcha.net https://www.gstatic.com unpkg.com consent.cookiebot.com consentcdn.cookiebot.com cdn.polyfill.io; frame-src 'self' https://www.recaptcha.net/ consentcdn.cookiebot.com *.youtube-nocookie.com *.youtube.com https://*.ddev.site https://*.soenen-verzekeringen.be https://*.vanbreda-ausloos.be https://*.vanbreda-cornelis.be https://*.vanbreda-soenen.be https://*.justitia.be https://*.vanbreda-agencies.be https://*.vanbreda.com https://*.vanbreda.be https://*.deltablue.io; frame-ancestors 'self' 'unsafe-inline' https://*.ddev.site https://*.soenen-verzekeringen.be https://*.vanbreda-ausloos.be https://*.vanbreda-cornelis.be https://*.vanbreda-soenen.be https://*.justitia.be https://*.vanbreda-agencies.be https://*.vanbreda.com https://*.vanbreda.be https://*.deltablue.io; connect-src 'self' https://w.clarity.ms https://bat.bing.com/ https://px.ads.linkedin.com/ consentcdn.cookiebot.com https://*.craftcms.com https://craftcms.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com 2
frame-ancestors 'self' *.ergodirekt.de:* *.ergo.com:* *.ergo:* *.ergo.de *.ergocarbon.com *.ergo-reiseversicherung.de *.dkv.com; 2
frame-ancestors 'self' *.vpro.nl:* *.human.nl *.vprobroadcast.com *.2doc.nl *.vprogids.nl *.brainwash.nl vpro.matomo.cloud omroephuman.matomo.cloud; 2
default-src 'self' https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://*; img-src 'self' data: https://*; worker-src 'self' blob:; 2
allow 'self'; 2
frame-ancestors 'self' *.brandwatch.com https://insights.hotjar.com; object-src 'none'; form-action 'self'; 2
default-src 'self' blob: centinelapi.cardinalcommerce.com *.consentmanager.net api.cyberity.ru *.doubleclick.net www.facebook.com ffin.global *.google-analytics.com *.analytics.google.com pay.google.com code.jivosite.com code.jivo.ru *.mail.ru api.sumsub.com widget.trustpilot.com ddc.worldpay.com yastatic.net youtube.com *.youtube.com *.zdassets.com *.tradernet.by; img-src 'self' 'unsafe-inline' blob: data: *.appsflyer.com bat.bing.com *.carrotquest.app *.carrotquest.io inappstory.com/stories/loader.gif *.consentmanager.net *.clarity.ms *.doubleclick.net earn.broker earn.eu www.facebook.com ffin.global *.freedom24.com w8ben.freedomholdingcorp.com cs.getinappstory.com gocpa.cloud www.googletagmanager.com www.google-analytics.com www.google.am www.google.com www.google.kz www.google.ru www.google.com.cy google.com.cy google.am google.kz chart.googleapis.com www.gstatic.com trade.inveza.com code.jivosite.com code.jivo.ru cdn-kz.kursiv.media top-fwz1.mail.ru trade.mind-money.eu content.mql5.com *.onelink.me t.co *.tradernet.by *.tradernet.com *.tradernet.kz *.tradernet.ru turlov.co.za analytics.twitter.com vk.com login.vk.com ddc.worldpay.com mc.yandex.ru v2.zopim.com mc.yandex.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: ffin.global *.freedom24.com www.google-analytics.com pay.google.com cdn.jsdelivr.net *.tradernet.com *.tradernet.ru yastatic.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com fonts.googleapis.com www.gstatic.com code.jivosite.com code.jivo.ru cdn.jsdelivr.net yastatic.net; font-src 'self' data: *.appsflyer.com cdn.carrotquest.app cs.getinappstory.com fonts.gstatic.com v2.zopim.com; connect-src 'self' blob: *.amazonaws.com wss://*.amazonaws.com *.appsflyer.com api.carrotquest.app wss://realtime-services-eu-chat-2.carrotquest.io realtime-services-eu-chat-2.carrotquest.io wss://rts-v2.carrotquest.app/websocket_connect_time rts-v2.carrotquest.app/websocket_connect_time api.carrottrack.app/users/$self_user/events api.carrottrack.app/users/$self_user/props delivery.consentmanager.net/delivery/ *.clarity.ms suggestions.dadata.ru stats.g.doubleclick.net wss://wss.earn.broker wss://wss.ffdigital.ch wss://wss.tradernet.am ffin.global mo.ffinpay.ru eun1.fptls.com eun1.fptls.com *.freedom24.com wss://wss.freedom24.com api.getinappstory.com/v2/ *.google-analytics.com *.analytics.google.com analytics.google.com pay.google.com www.google.com google.com pagead2.googlesyndication.com *.gstatic.com iframe.ly wss://wss.inveza.com *.jivosite.com *.jivo.ru wss://*.jivosite.com wss://*.jivo.ru top-fwz1.mail.ru www.mczbf.com wss://wss.mind-money.eu content.mql5.com www.sjwoe.com *.tradernet.com *.typi.team wss://wss.trader.az wss://wss.tradernet.by wss://wss.tradernet.com wss://wss.tradernet.global wss://wss.tradernet.kg wss://wss.tradernet.kz tradernet.ru admin.tradernet.ru sentry.dev.tradernet.ru wss://wss.tradernet.ru wss://wss2.tradernet.ru wss://wss.tradernet.ua wss://wss.tradernet.uz wss://wss.wisdompointcapital.com ddc.worldpay.com mc.yandex.ru ekr.zdassets.com *.zendesk.com widget-mediator.zopim.com v2.zopim.com wss://widget-mediator.zopim.com mc.yandex.com wss://wssdev.tradernet.dev wss://wss.tradernet.dev wss://wss.tfos.com wss://wss.walletsolutions.eu; frame-ancestors 'self' https://*.bankffin.kz https://*.freedom24.com https://bankffin.kz https://freedom24.ru https://*.tradernet.com; 2
manifest-src *; default-src 'self' blob:; media-src * data: blob:; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: data:; img-src * 'self' data: blob: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; frame-src *; connect-src https: wss:; object-src 'none' 2
frame-ancestors 'self' https://jobcloud.ch https://*.jobcloud.ch https://jobs.ch https://*.jobs.ch https://jobup.ch https://*.jobup.ch https://ingjobs.ch https://ictcareer.ch https://jobs4sales.ch https://financejobs.ch https://medtalents.ch https://jobwinner.ch https://alpha.ch https://topjobs.ch https://*.jobscout24.ch https://impieghi.ch https://*.impieghi.ch https://*.stellenmarkt.ch 2
frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline';style-src 'self' 'report-sample' 'unsafe-inline';object-src 'none';frame-src 'self';child-src 'self';img-src 'self';font-src 'self';connect-src 'self';manifest-src 'self';base-uri 'self';form-action 'self';media-src 'self';prefetch-src 'self';worker-src 'self'; 2
frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com 2
default-src 'self' blob: 'unsafe-inline' *.snu.edu.in  *.google.co.in *.nopaperforms.com *.ytimg.com *.doubleclick.net *.sharethis.com  *.google.co.in *.googletagmanager.com *.google.com *.youtube.com *.youtube-nocookie.com *.spotify.com *.googleusercontent.com *.cloudflare.com *.google-analytics.com *.googleadservices.com *.youtube.com *.spotify.com *.jsdelivr.net *.googleapis.com *.google.com;frame-ancestors 'self' *.youtube.com *.nopaperforms.com *.spotify.com  *.google.co.in; font-src 'self' *.gstatic.com *.cloudflare.com *.jsdelivr.net data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nopaperforms.com *.google.co.in *.sharethis.com *.jquery.com *.googletagmanager.com *.google.com *.gstatic.com *.youtube.com *.tradingview.com *.google-analytics.com *.googleadservices.com *.cloudflare.com *.spotify.com 2
default-src 'self' wss://10.100.41.98:21021/ws; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com unpkg.com/@frontify/ *.cloudinary.com https://cdn.plyr.io https://player.vimeo.com https://s7.addthis.com https://z.moatads.com https://m.addthis.com https://careers.pageuppeople.com https://vimeo.com *.googletagmanager.com *.google.com cdnjs.cloudflare.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.plyr.io 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.frontify.com *.cloudinary.com https://www.addthis.com https://fortescue-brand-dev-01.s3.amazonaws.com https://fmgl-dev.equ.com.au fortescue.tba.build fortescuecom-nonprod-env.eba-e36srkcg.ap-southeast-2.elasticbeanstalk.com fmgl-website-media-497161030042.s3.ap-southeast-2.amazonaws.com fmgl-website-media-497161030042.s3.amazonaws.com fmgl-website-media-281431401319.s3.amazonaws.com *.fortescue.com *.googletagmanager.com *.google.com.au *.doubleclick.net 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com; connect-src data: accounts.google.com *.google-analytics.com *.gstatic.com *.mktoresp.com *.frontify.com *.cloudinary.com https://noembed.com https://cdn.plyr.io https://m.addthis.com https://careers.pageuppeople.com *.google.com *.doubleclick.net *.microsoftonline.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.frontify.com *.cloudinary.com https://fortescue-brand-dev-01.s3.amazonaws.com https://fmgl-dev.equ.com.au fortescue.tba.build fortescuecom-nonprod-env.eba-e36srkcg.ap-southeast-2.elasticbeanstalk.com fmgl-website-media-497161030042.s3.ap-southeast-2.amazonaws.com fmgl-website-media-497161030042.s3.amazonaws.com fmgl-website-media-281431401319.s3.amazonaws.com *.fortescue.com; child-src https://clients3.weblink.com.au/ www.google.com *.frontify.com cloudinary.com *.cloudinary.com https://s7.addthis.com *.microsoftonline.com 'self' web-chat.nativechat.com 2
default-src *; script-src *  'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: https:; font-src * data: https:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.fensterversand.com *.fensterversand.at *.fenetre24.com *.fenetre24.be *.haustueren.de *.finestre.com *.ventanas.es *.windows24.com *.neuffer.de *.neuffer-payment.com *.k8s.nng-stage.de *.nng-prod.de *.amazonaws.com *.cloudflare.com *.cloudfront.net *.google.com *.google.de *.googleapis.com *.googlecode.com *.googletagmanager.com *.gstatic.com *.attributy.com *.spoteffects.net *.google-analytics.com *.googlecommerce.com *.googleadservices.com unpkg.com *.matomo.cloud *.etrusted.com *.trustedshops.com *.bootstrapcdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.jquery.com *.typeform.com *.doubleclick.net *.userlike.com wss://*.userlike.com userlike-cdn-umm.b-cdn.net *.optimizely.com *.facebook.net *.facebook.com s7.addthis.com thdoan.github.io data: *.geschuetzteinkaufen.commerzbank.de *.usd.de *.ogone.com *.sofort.com *.billpay.de *.paypal.de *.paypal.com *.paypalobjects.com *.pay1.de *.klarnacdn.net *.klarna.com *.klarnaevt.com http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com *.hotjarconsent.com *.mouseflow.com *.bing.com *.mozilla.org *.jsdelivr.net *.trackjs.com *.consensu.org *.consentmanager.net *.taboola.com *.googleusercontent.com cdn.datatables.net *.criteo.com *.twiago.com *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.teads.tv *.3lift.com *.yahoo.com *.yahoo.net *.adform.net *.omnitagjs.com *.casalemedia.com id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.sharethrough.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.demdex.net *.krxd.net *.emxdgt.com *.solutenetwork.com *.ubembed.com *.1rx.io *.adsensecustomsearchads.com 2
default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://bat.bing.com https://channel.me https://engie.conversationalsdevelopment.nl https://cdn.conversationalsdevelopment.nl https://api.seamly.ai wss://api.seamly.ai wss://api.seamly-app.com https://api.seamly-app.com https://engie-engie.digitalcx.com https://api.digitalcx.com https://www.50five-engie.nl https://engie.pti.nl https://api.ipdata.co https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.fls.doubleclick.net https://stats.g.doubleclick.net https://google.com https://www.google.com https://www.google.nl https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://ajax.googleapis.com https://adservice.google.com https://storage.googleapis.com https://www.gstatic.com https://s.ytimg.com https://code.jquery.com https://snap.licdn.com https://px.ads.linkedin.com https://api.membergetmember.co https://embedded.membergetmember.co https://events.membergetmember.co https://heartbeat.membergetmember.co https://tracking.membergetmember.co https://prod-mgw.engie-app.nl/api/v1/opening-hours https://prod-mgw.engie-app.nl/api/v1/waiting-times https://prod-mgw.engie-app.nl/api/v1/opening-hours/waiting-time https://*.optimizely.com https://ws.pushcall.com https://smartcontactbutton.pushcall.com https://api.storyteq.com https://assets.storyteq.com https://www.youtube.com https://www.youtube-nocookie.com https://v2.zopim.com wss://widget-mediator.zopim.com https://static.zdassets.com https://ekr.zdassets.com;font-src 'self' data:;img-src https://bat.bing.com https://cdn.conversationalsdevelopment.nl https://newstat.net https://ds1.nl https://www.google.nl https://www.google.com https://storage.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://snap.licdn.com https://px.ads.linkedin.com https://cdn.optimizely.com https://api.storyteq.com https://assets.storyteq.com 'self' data:;style-src 'self' 'unsafe-inline' https://www.50five-engie.nl https://storage.googleapis.com https://fonts.googleapis.com https://cdn.conversationalsdevelopment.nl; 2
default-src  'self'; img-src  'self'; script-src  'self'; object-src  'self'; style-src  'self' 'unsafe-inline'; 2
frame-ancestors 'self' *.authorize.net; 2
script-src-elem 'self' 'unsafe-inline' *; 2
frame-ancestors 'self' https://www.quandoo-partner.com/ https://ws.ephapay.net/ https://pp.ephapay.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://adservice.google.com https://google.com https://www.google.com https://www.google.co.uk https://googleads.g.doubleclick.net https://maps.google.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pay.google.com https://www.googletagmanager.com https://www.gstatic.com https://region1.google-analytics.com https://analytics.google.com https://www.google-analytics.com https://region1.analytics.google.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://analytics.tiktok.com https://tr.snapchat.com https://spay.samsung.com https://4625502.fls.doubleclick.net https://5181002.fls.doubleclick.net https://s7.addthis.com https://6nw8ohlf.micpn.com https://api.woosmap.com https://bda.bookatable.com https://bf61376cao.bf.dynatrace.com https://bookings.designmynight.com https://castle.verseapps.co.uk https://cdn.jsdelivr.net https://code.jquery.com https://cognito-identity.eu-west-1.amazonaws.com https://ep.smct.co https://firehose.eu-west-1.amazonaws.com https://ipl.smct.io https://js.smct.co https://js.smct.io https://miller-and-carter.sjv.io https://partners.designmynight.com https://platform.twitter.com https://rules.quantcount.com https://safekey-3.americanexpress.com https://sc-static.net https://script.hotjar.com https://sdk.woosmap.com https://secure.quantserve.com https://servedby.flashtalking.com https://smct.co https://static.hotjar.com https://static.uk.eagleeye.com https://stats.g.doubleclick.net https://svht.tradedoubler.com https://utt.impactcdn.com https://vintage-inns.pxf.io https://widgets.designmynight.com https://cdn.fingerprint.host https://cdn.fingerprint-staging.host https://www.dwin1.com; object-src 'none'; base-uri 'none'; 2
default-src 'self' *.adobeaemcloud.com/ *.youtube.com/ https://app.chargebee.com/ *.googlesyndication.com/ www.youtube.com *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/  *.googleapis.com/ *.googletagmanager.com/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.trustcommander.net/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ *.my.site.com/ *.comdirect.de/ *.force.com/ *.salesforce-sites.com/ https://vimeo.com/ *.blueconic.net/ *.trustcommander.net/ *.amazon-adsystem.com/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.b-cdn.net/ *.amazonaws.com/ *.userlike.com/ *.criteo.net/ *.criteo.com/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/; style-src 'self' https://danone.github.io/aem.edp-dach-fruchtzwerge/ *.my.salesforce-sites.com *.tiktok.com *.typekit.net/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.force.com/ *.salesforce.com/ *.youtube.com youtube.com https://app.chargebee.com/  *.squarelovin.com/ https://squarelovin.com/ *.adyen.com/ *.googlesyndication.com/ *.chargebee.com/ *.static.criteo.net/ *.criteo.com/ *.mopinion.com/ *.gstatic.com/ *.live2support.com/ *.lpsnmedia.net/ *.commander1.com/ *.bootstrapcdn.com/ *.tagcommander.com/ https://www.google.nl/ https://dpm.demdex.net/ *.focusgames.co.uk/ https://assets.adobedtm.com/ *.zencdn.net/ *.sharethis.com/ *.googleapis.com/ *.pinimg.com/ *.google.com/ *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.my.site.com/ *.trustcommander.net/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ *.comdirect.de/ https://vimeo.com/ *.force.com/ *.salesforce-sites.com/ *.trustcommander.net/ *.amazon-adsystem.com/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ https://start.video-stream-hosting.de/ *.nutriciaflocare.com/ *.b-cdn.net/ *.amazonaws.com/ *.userlike.com/ *.criteo.net/ *.criteo.com/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/ 'unsafe-inline'; script-src 'self' sgtm.volvic.de/ sgtm.volvic.ch/ sgtm.provamel.de/ sgtm.danone-dany.de/ https://danone.github.io/aem.edp-dach-fruchtzwerge/ https://js-agent.newrelic.com/ *.my.salesforce-sites.com *.licdn.com *.usercentrics.eu *.tiktok.com *.monitor.azure.com/ https://s7g10.scene7.com/ *.teads.tv/ *.youtube.com/ *.channelsight.com/ *.typekit.net/ https://sgtm.fruchtzwerge.de/ https://sgtm.aptaclub.de/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.salesforceliveagent.com/ *.force.com/ *.salesforce.com/ *.squarelovin.com/ https://squarelovin.com/ https://app.chargebee.com/ *.paypal.com/ *.nxtck.com/ *.googlesyndication.com/ *.adyen.com/ *.chargebee.com/ https://static.criteo.net/js/ld/ld.js *.criteo.com/ *.ytimg.com/ https://live2support.com/ *.mopinion.com/ *.googletagmanager.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ https://s.pinimg.com/ *.tagcommander.com/ *.twitter.com/ *.pinterest.com/ *.instagram.com/ https://services.postcodeanywhere.co.uk/ *.commandersact.com/ *.facebook.net/ *.google.ie/ *.lpsnmedia.net/ *.pinimg.com/ *.danone-dtc.net/ *.hotjar.com/ *.focusgames.co.uk/ *.outbrain.com/ *.google.com/ *.google.com.ph/ *.google.co.in/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.theadex.com *.commander1.com/ *.liveperson.net/ *.doubleclick.net/ *.gstatic.com/ *.aptaclub.de/ *.milupa.de/ https://sgtm.nutricia.de/ *.digital4danone.com/ *.aptaclub.at/ *.milupa.at/ *.aptaclub.ch/ *.milupa.ch/ *.yopro.de/ *.aptaclub.com.vn/ *.addthisedge.com/ *.ads-twitter.com/ *.adnxs.com/ *.adventori.com/ https://adventori.com/ https://dsp.adfarm1.adition.com/ *.widgets.trustedshops.com/ www.youtube.com *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.comdirect.de/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.my.site.com/ *.trustcommander.net/ *.blueconic.net/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ https://vimeo.com/ *.force.com/ *.salesforce-sites.com/ *.linkedin.oribi.io/ *.adnxs.com/ *.vivenio.de/ *.doubleclick.net/ *.amazon-adsystem.com/ *.google.ie/ *.google.co.in/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.trustcommander.net/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.amazonaws.com/ *.b-cdn.net/ *.userlike.com/ *.criteo.net/ *.criteo.com/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/ 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://sync.1rx.io/ https://danone.github.io/aem.edp-dach-fruchtzwerge/ *.sync.1rx.io/ *.usercentrics.eu https://www.aptaclub.de/ *.aptaclub.de/ https://www.aptaclub.at/ *.aptaclub.at/ https://www.aptaclub.ch/ *.aptaclub.ch/ https://www.nutricia.de/ *.nutricia.de/ https://www.danonino.ch/ *.danonino.ch/ https://www.fruchtzwerge.at/ *.fruchtzwerge.at/ https://www.fruchtzwerge.de/ *.fruchtzwerge.de/ https://www.milupa.at/ *.milupa.at/ https://www.milupa.de/ *.milupa.de/ https://s7g10.scene7.com/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ data: *.force.com/ *.salesforce.com/ *.visualforce.com/ *.digital4danone.com/ *.google-analytics.com/ https://app.chargebee.com/ *.analytics.google.com/ *.squarelovin.com/ https://squarelovin.com/ *.googlesyndication.com/ *.assetsadobe.com/ *.adyen.com/ *.ytimg.com/ *.live2support.com/ https://ca-live.adyen.com/ https://www.google.de/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ https://services.postcodeanywhere.co.uk/ http://danonegroup-stage.neolane.net/ https://ca-live.adyen.com/ *.cx.atdmt.com/ *.danone-dtc.net/ https://ct.pinterest.com/ *.outbrain.com/ *.danone.com/ *.atdmt.com/ *.pinterest.com/ *.commander1.com/ *.tagcommander.com/ *.lpsnmedia.net/ *.adnxs.com/ *.adition.com/ *.focusgames.co.uk/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.theadex.com/ *.google-analytics.com/ *.sharethis.com/ *.gstatic.com/ *.googleapis.com/ *.w3.org/ *.mookie1.com/ *.pinimg.com/ *.pinterest.com/ *.facebook.com/ *.googletagmanager.com/ *.linkedin.com/ https://t.co/ *.adsrvr.org/ *.crm4d.com/ *.adotmob.com/ *.goldenbees.fr  *.taboola.com/ *.mediavine.com/ *.ivitrack.com/ *.tremorhub.com/ *.spx.smartclip.com/ *.liadm.com/ *.smaato.net/ *.ads.yieldmo.com/ *.bing.com/ *.advertising.com/ *.criteo.com/ *.3lift.com/ *.smartadserver.com/ *.360yield.com/ *.pubmatic.com/ *.casalemedia.com/ *.yahoo.com/ *.teads.tv/ *.adform.net/ *.adscale.de/ *.media.net/ *.yieldlab.net/ *.bidswitch.net/ *.sharethrough.com/ *.twiago.com/ *.stickyadstv.com/ *.omnitagjs.com/ *.ad.smaato.net/ *.sxp.smartclip.net/ *.rubiconproject.com/ *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.my.site.com/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.trustcommander.net/ *.comdirect.de/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ https://vimeo.com/ *.blueconic.net/ *.force.com/ *.salesforce-sites.com/ https://sgtm.nutricia.de/ *.google.com/ *.amazon-adsystem.com/ *.google.fr/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.trustcommander.net/ *.commander1.com/ *.tagcommander.com/ *.id5-sync.com/ *.trustedshop.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.amazonaws.com/ *.b-cdn.net/ *.userlike.com/ *.criteo.net/ *.criteo.com/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/; frame-src 'self' *.office.com/ https://danone.github.io/aem.edp-dach-fruchtzwerge/ *.my.salesforce-sites.com *.akamaized.net *.teads.tv/ *.nutricia.de *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.force.com/ *.salesforce.com/ *.paypal.com  *.adyen.com/ https://app.chargebee.com/ *.squarelovin.com/ https://squarelovin.com/ *.googlesyndication.com/ *.chargebee.com/ *.static.criteo.net/ *.criteo.com/ *.tohklom.com/  *.tagcommander.com/ https://aax-eu.amazon-adsystem.com/ *.amazon-adsystem.com/ *.liveperson.net/ *.vimeo.com/ *.live2support.com/ *.google.com/ *.lpsnmedia.net/ *.hotjar.com/ *.commander1.com/ *.proprofs.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ *.facebook.com/ *.doubleclick.net/ *.theadex.com/ *.sharethis.com/ *.addthis.com *.youtube.com *.adsrvr.org/ *.spotify.com/ *.cloudfront.net/ *.instagram.com/ *.soundcloud.com/ *.twitter.com/ *.pinterest.com/ *.trustcommander.net/ *.amazon-adsystem.com/ *.flockler.com/ *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.trustcommander.net/ *.commander1.com/ *.blueconic.net/ *.my.site.com/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.focusgames.co.uk/ *.trustcommander.net/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ *.comdirect.de/ https://vimeo.com/ *.tagcommander.com/ *.force.com/ *.salesforce-sites.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.amazonaws.com/ *.b-cdn.net/ *.userlike.com/ *.criteo.net/ *.criteo.com/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/; connect-src 'self' https://id5-sync.com/ *.tiktok.com/ *.linkedin.com/ *.azure.com/ https://danone.github.io/aem.edp-dach-fruchtzwerge/ *.s3.eu-west-1.amazonaws.com/ https://bam.eu01.nr-data.net/ *.my.salesforce-sites.com *.usercentrics.eu *.teads.tv/ https://s7g10.scene7.com/ https://dc.services.visualstudio.com/ https://sgtm.fruchtzwerge.de/ https://sgtm.aptaclub.de/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/  *.force.com/ *.salesforce.com/ *.google-analytics.com/ https://app.chargebee.com/ *.analytics.google.com/ *.squarelovin.com/ https://squarelovin.com/ *.paypal.com *.sentry.io/ *.googlesyndication.com/ *.adyen.com/ *.live2support.com/ https://sentry.labdigital.nl *.addthis.com/ *.mopinion.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ *.danone-dtc.net/ *.ct.pinterest.com/ *.privacy.trustcommander.net/ https://services.postcodeanywhere.co.uk/ *.commercetools.com/ *.google-analytics.com *.facebook.com/ *.omtrdc.net/ *.hotjar.com/ *.pinterest.com/ *.trustcommander.net/ *.commander1.com/ *.sharethis.com/ *.doubleclick.net/ *.blueconic.net/ *.aptaclub.at/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.focusgames.co.uk/ *.milupa.de/ *.milupa.at/ *.fruchtzwerge.de/ *.fruchtzwerge.at/ *.danonino.ch/ *.aptaclub.ch/ *.yopro.de/ *.my.site.com/ *.trustcommander.net/ *.comdirect.de/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ https://vimeo.com/ *.linkedin.oribi.io/ *.force.com/ *.salesforce-sites.com/ *.google-analytics.com/ *.amazon-adsystem.com/ https://sgtm.nutricia.de/ *.digital4danone.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.amazonaws.com/ *.b-cdn.net/ *.userlike.com/ *.criteo.net/ *.criteo.com/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/; font-src 'self' https://danone.github.io/aem.edp-dach-fruchtzwerge/ *.danone-dtc.net *.typekit.net/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ data: *.salesforce.com/ *.adyen.com/ *.squarelovin.com/ https://app.chargebee.com/  https://squarelovin.com/ *.googlesyndication.com/ *.gstatic.mopinion.com/ https://gstatic.mopinion.com/ *.gstatic.com/ *.live2support.com/ *.danone-dtc.net/ https://vjs.zencdn.net/ https://squarelovin.com/ *.comdirect.de/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.focusgames.co.uk/ *.my.site.com/ *.trustcommander.net/ *.blueconic.net/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ https://vimeo.com/ https://app.chargebee.com/ *.force.com/ *.salesforce-sites.com/ *.amazon-adsystem.com/ *.googlesyndication.com/ *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.trustcommander.net/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.amazonaws.com/ *.b-cdn.net/ *.userlike.com/ *.criteo.net/ *.criteo.com/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/; media-src 'self' *.lpsnmedia.net/ *.squarelovin.com/ *.digital4danone.com/; 2
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data: blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2
default-src http: data: 'unsafe-inline' 'unsafe-eval' 2
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; object-src 'none'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; 2
default-src 'self' *.mytolino.com *.mytolino.de data: *.pageplace.de www.googletagmanager.com *.doubleclick.net www.google.com www.google.de www.googleadservices.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com connect.facebook.net www.facebook.com 'unsafe-inline' 2
default-src * 'unsafe-inline' 'unsafe-eval' data: gap: content: blob:; form-action *; upgrade-insecure-requests 2
default-src 'none'; style-src 'unsafe-inline'; 2
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline';frame-src * mailto: data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' *.acaa-cmps.com *.dbedirectory.com *.uhsvendors.com *.mdbecert.com *.mwdbe.com *.traviscountyhub.com *.civilrightsystem.com *.gob2g.com *.mwdsbe.com *.mwsbe.com *.sbeda.com *.thesupplierclearinghouse.com *.smwbe.com *.diversitycomplance.com *.civilrightsconnect.com *.b2gnow.com *.newnycontracts.com *.diversitysystem.com *.dbesystem.com *.civilrightsconnect.dot.gov *.sbdbe.com *.sctrca.org *.civilrightsconnect.dot.gov *.webnclink.org *.vendorreg.com *.txdotcms.com *.diversitysoftware.com *.sbecompliance.com; 2
default-src 'self'; img-src 'self' https://app-atl.five9.com https://app.five9.com/ data:; frame-ancestors 'self'; font-src 'self' https://cdnjs.cloudflare.com/; upgrade-insecure-requests; frame-src 'self' https://www.google.com/ https://player.vimeo.com https://app-atl.five9.com/ https://app.five9.com; connect-src 'self' https://www.google-analytics.com/ https://api.marker.io/ https://vimeo.com/; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/ https://use.fontawesome.com/ https://app-atl.five9.com/ https://app.five9.com/; script-src 'self' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://app-atl.five9.com/ https://app.five9.com/ https://cdnjs.cloudflare.com/ajax/libs/ https://edge.marker.io/latest/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 2
frame-ancestors 'self'; default-src https://images.saasant.info https://cdn.saasant.info  www.facebook.com 'self' ; worker-src blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:https://www.saasant.com https://cdn.saasant.info *.convertexperiments.com  https://images.saasant.info https://cdn.saasant.info  https://images.saasant.info   *.clarity.ms *.omappapi.com *.omwpapi.com  *.woopra.com *.hotjar.com  consent.cookiefirst.com https://googleads.g.doubleclick.net https://analytics.google.com *.saasant.com https://js.stripe.com  https://cdnjs.cloudflare.com *.freshchat.com https://platform.twitter.com https://app.box.com  https://www.paypal.com  https://www.paypalobjects.com  https://www.googleadservices.com https://www.googletagmanager.com *.doubleclick.net  https://cdn.jsdelivr.net  www.facebook.com  https://embed.tawk.to  https://bam.nr-data.net  https://js-agent.newrelic.com  https://apis.google.com  https://www.gstatic.com https://appcenter.intuit.com https://www.google.com https://www.google-analytics.com https://ajax.googleapis.com  http://local.saasant.com; img-src https://cdn.saasant.info  https://images.saasant.info *.omappapi.com *.convertexperiments.com *.omwpapi.com *.clarity.ms consent.cookiefirst.com https://www.google.com/ads https://analytics.google.com https://www.google.com/pagead/* 'self' *.saasant.com *.doubleclick.net https://cdn.jsdelivr.net/  https://www.sandbox.paypal.com https://www.paypal.com  https://www.google.com https://www.google.co.in  https://*.tawk.to  ssl.comodo.com  https://appcenter.intuit.com https://www.google-analytics.com https://www.sandbox.paypal.com https://www.paypal.com http://local.saasant.com  https://ssl.gstatic.com  data:; style-src 'self' 'unsafe-inline' https://cdn.saasant.info  https://images.saasant.info  *.omappapi.com  *.omwpapi.com  consent.cookiefirst.com *.freshchat.com  https://cdn.jsdelivr.net  https://fonts.googleapis.com  https://appcenter.intuit.com http://local.saasant.com ; font-src 'self' https://cdn.saasant.info  https://images.saasant.info *.omappapi.com *.omwpapi.com https://static-v.tawk.to  https://fonts.gstatic.com  data:; frame-src 'self' https://www.chatbase.co *.hotjar.com  *.freshchat.com https://js.stripe.com/  https://app.box.com/  https://*.facebook.com https://www.sandbox.paypal.com/ https://www.paypal.com/  https://*.tawk.to  https://mp.liferay.com  https://www.google.com https://youtu.be https://www.youtube.com ; connect-src 'self'  https://transactions.saasant.com https://cdn.saasant.info *.convertexperiments.com https://images.saasant.info  *.saasant.com desktop.saasant.com  *.clarity.ms *.cookiefirst.com *.omappapi.com *.omwpapi.com https://consent.cookiefirst.com https://api.cookiefirst.com static.cookiefirst.com https://saasant.com https://stats.g.doubleclick.net https://analytics.google.com *.doubleclick.net https://www.paypal.com  wss://*.tawk.to https://*.tawk.to https://ssl.google-analytics.com https://appcenter.intuit.com https://local.saasant.com https://www.google.com https://www.google-analytics.com 2
frame-ancestors 'self' https://*.biahosted.com https://*.paymentiq.io https://*.safecharge.com 2
frame-ancestors 'self' https://mcnk64xr71xx8t-v1mr4dcx1zk84.pub.sfmc-content.com 2
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' app.optimizely.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: *.christianjobs.com www.churchstaffing.com *.churchstaffing.com www.childrens-ministry-deals.com childrens-ministry-deals.com support.salemchurchproducts.com conversations.app-us1.com *.ably.io realtime.ably.io *.ably-realtime.com trackcmp.net n.clarity.ms *.stripe.com *.survicate.com youthworker.com www.youthworker.com *.app-us1.com scpmedia.activehosted.com *.braintreegateway.com js.braintreegateway.com *.renewedvision.com *.livechatinc.com *.livechat.com livechat.com *.stackadapt.com *.srv.stackadapt.com *.unpkg.com unpkg.com *.clarity.ms api.sermonsearch.com *.crazyegg.com *.gstatic.com lightboxapi1.azurewebsites.net lightboxapi2.azurewebsites.net lightboxapi3.azurewebsites.net *.googleadservices.com *.swncdn.com salemchurchproducts.s3.amazonaws.com *.google.com *.bing.com *.facebook.com *.facebook.net connect.facebook.net *.google-analytics.com *.googletagmanager.com *.blueconic.net *.googleapis.com *.sitescout.com *.sermonspice.com ct.pinterest.com *.worshiphousemedia.com worshiphousemedia.com *.salemchurchproducts.com *.salemwebnetwork.com *.lightboxcdn.com *.ubembed.com *.bootstrapcdn.com *.jwpcdn.com fonts.gstatic.com *.s3.amazonaws.com salemmediagroup.blueconic.net *.g.doubleclick.net *.kissmetrics.com *.googlesyndication.com kit-free.fontawesome.com *.fontawesome.com *.yahoo.com srv3.wa.marketingsolutions.yahoo.com flex.atdmt.com *.atdmt.com widget.freshworks.com *.freshworks.com salemchurchproducts.freshdesk.com *.freshdesk.com cdn.linkedin.oribi.io api.omappapi.com *.omappapi.com snap.licdn.com *.linkedin.com googletagservices.com *.googletagservices.com whm.attn.tv *.attn.tv events.attentivemobile *.attentivemobile.com *.hellopastors.com fonts.bunny.net www.googletagmanager.com *.googletagmanager.com api.omwpapi.com ;
	script-src 'self' 'unsafe-inline' blob: 'unsafe-eval' data: api.sermonsearch.com www.youthworker.com youthworker.com *.unpkg.com unpkg.com api.omappapi.com *.omappapi.com www.childrens-ministry-deals.com childrens-ministry-deals.com *.sitescout.com *.sermonspice.com *.gstatic.com *.lightboxcdn.com *.googleapis.com bid.g.doubleclick.net *.google.com pubads.g.doubleclick.net *.s3.amazonaws.com worshiphousemedia.s3.amazonaws.com *.google-analytics.com *.salemwebnetwork.com *.facebook.com *.facebook.net *.googlesyndication.com *;
	img-src 'unsafe-inline' 'unsafe-eval' data: *;
	frame-src 'unsafe-inline' 'unsafe-eval' data: youthworker.com www.youthworker.com www.churchstaffing.com *.churchstaffing.com www.childrens-ministry-deals.com childrens-ministry-deals.com api.sermonsearch.com *.sitescout.com ct.pinterest.com *.worshiphousemedia.com worshiphousemedia.com *.salemchurchproducts.com *.salemwebnetwork.com *.ubembed.com *.bootstrapcdn.com *.jwpcdn.com fonts.gstatic.com *.s3.amazonaws.com salemmediagroup.blueconic.net *.g.doubleclick.net *.lightboxcdn.com *.kissmetrics.com *.facebook.com *.googlesyndication.com www.googletagmanager.com *.googletagmanager.com *;
	style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com *; 2
default-src 'unsafe-inline' 'unsafe-eval' * data: blob:; frame-ancestors 'self' https://app.optimizely.com; 2
base-uri 'self' ; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://hcaptcha.com https://*.hcaptcha.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors https://myprofile.trimble.com https://stage.myprofile.trimblecloud.com https://myprofile-pt.dev.id.trimblecloud.com https://myprofile-qa.dev.id.trimblecloud.com https://myprofile-qa1.dev.id.trimblecloud.com https://dxdev.my.trimblecloud.com https://dxqa.my.trimblecloud.com https://mytdev.my.trimblecloud.com https://mtqa.my.trimblecloud.com https://dev.my.trimblecloud.com https://sit.my.trimblecloud.com https://uat.my.trimblecloud.com https://my.trimble.com 2
connect-src 'self' *.cfbenchmarks.com; 2
default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; img-src 'self'; frame-src 'self'; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'; 2
default-src 'self'; connect-src 'self' http://ad.doubleclick.net https://*.analytics.google.com https://*.api.userway.org https://*.clarity.ms https://*.demdex.net https://*.eset.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.tt.omtrdc.net https://adservice.google.com https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.go-mpulse.net https://cdn.acsbapp.com https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cookies-data.onetrust.io https://ep.smct.co https://eset.tt.omtrdc.net https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://ipb.smct.co https://ipb.smct.io https://js.smct.co https://js.smct.io https://maps.googleapis.com https://mapsresources-pa.googleapis.com https://privacyportal.onetrust.com https://px.ads.linkedin.com https://region1.google-analytics.com https://replay.uxtweak.com https://s.yimg.com https://script.crazyegg.com https://smct.co https://stats.g.doubleclick.net https://tracker.clickguard.com https://www.facebook.com https://www.g2.com https://www.google-analytics.com https://www.google.by https://www.google.ch https://www.google.co.uk https://www.google.co.uz https://www.google.com https://www.google.com.tj https://www.google.com.tr https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lt https://www.google.lv https://www.google.pl https://www.google.ru https://www.googletagmanager.com wss://*.hotjar.com; font-src 'self' data: https://*.gstatic.com https://cdn.userway.org https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com; form-action 'self' https://enjoy.eset.com https://int.forms.eset.com https://notify.eset.com https://s1069307879.t.eloqua.com https://secure.eset-la.com https://store.eset.com https://support.eset.com https://webto.salesforce.com; frame-ancestors 'self'; frame-src 'self' https://*.fls.doubleclick.net https://8117415.fls.doubleclick.net https://bid.g.doubleclick.net https://download.eset.com https://eset.demdex.net https://hemsync.clickagy.com https://int.form.eset.com https://js.smct.io https://ls.smct.co https://protectdemo.eset.com https://smct.co https://td.doubleclick.net https://tpc.googlesyndication.com https://unity.survey-solutions.cloud https://vars.hotjar.com https://widget.trustpilot.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: http://ad.doubleclick.net https://*.adform.net https://*.ads.linkedin.com https://*.yahoo.co.jp https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.at https://adservice.google.ch https://adservice.google.co.jp https://adservice.google.com https://adservice.google.de https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.bing.com https://c.clarity.ms https://captcha.eset.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.smct.co https://cdn.smct.io https://cdn1.esetstatic.com https://cm.everesttech.net https://cm.g.doubleclick.net https://connect.facebook.net https://dc.ads.linkedin.com https://dpm.demdex.net https://events.smct.co https://googleads.g.doubleclick.net https://i.ytimg.com https://images.g2crowd.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pubads.g.doubleclick.net https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://script.hotjar.com https://sgtm.eset.com https://ssitecat.eset.com https://ssl.google-analytics.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://tribl.io https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.tt https://www.google.vg https://www.google.vu https://www.googleadservices.com https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com; manifest-src 'self'; media-src 'self'; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.la1-c2-fra.salesforceliveagent.com https://*.replay.uxtweak.com https://*.salesforceliveagent.com https://acsbap.com https://acsbapp.com https://assets.esetstatic.com https://bat.bing.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cdnjs.cloudflare.com https://connect.facebook.net https://d.la1-c2-cdg.salesforceliveagent.com https://embed.tawk.to https://googleads.g.doubleclick.net https://img06.en25.com https://invitejs.trustpilot.com https://js.smct.co https://js.smct.io https://maps.googleapis.com https://obchod.eset.com https://pagead2.googlesyndication.com https://platform.twitter.com https://s786665.t.eloqua.com https://script.hotjar.com https://sgtm.eset.com https://smct.co https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.hotjar.com https://store.eset.com https://tpc.googlesyndication.com https://tribl.io https://widget.trustpilot.com https://www.clarity.ms https://www.google-analytics.com https://www.google.ae https://www.google.am https://www.google.at https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.ca https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zw https://www.google.com https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.md https://www.google.me https://www.google.mk https://www.google.nl https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.se https://www.google.si https://www.google.sk https://www.google.tn https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com https://static.hotjar.com; worker-src 'self'; report-uri https://www-eset-com.api.cspconsole.com/v1/csp/report; report-to default; 2
frame-ancestors https://app.storyblok.com 2
default-src 'self'; script-src 'unsafe-eval' 'self' stats.aws.at unpkg.com www.google.com www.gstatic.com www.youtube.com aws.jobbase.io aws.onlyfy.jobs letter.eyepin.com 'nonce-W59jk9Di9' 'nonce-fs4B35gA'; style-src 'self' 'unsafe-inline' fast.fonts.net unpkg.com fonts.gstatic.com; img-src 'self' data: unpkg.com *.tile.openstreetmap.org stats.aws.at; frame-src www.google.com www.youtube.com www.youtube-nocookie.com aws.jobbase.io aws.onlyfy.jobs letter.eyepin.com; font-src 'self' data: fast.fonts.net fonts.gstatic.com; connect-src 'self' stats.aws.at nominatim.openstreetmap.org api.mapbox.com letter.eyepin.com 2
frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com https://nordfx.com https://nuode.me https://nuode.info/, object-src 'self' 2
frame-ancestors 'self' https://showroom.alh.de https://www.hallesche.de https://www.alte-leipziger.de https://hallesche.de https://alte-leipziger.de https://vermittlerportal.al-h-konzern.de https://vermittlerportal.de 2
default-src * blob: data: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' id-logistics.my.salesforce.com; 2
default-src https: blob: data: wss: 'unsafe-inline' 'unsafe-eval' 2
upgrade-insecure-requests; script-src 'self' 'nonce-{SERVER-GENERATED-NONCE}'; object-src 'none'; script-src-elem 'unsafe-inline' 'self' https://www.googletagmanager.com/gtm.js?id=GTM-PB4F9FBJ https://www.googletagmanager.com/gtag/js?id=G-J4RHV9TE5V 'nonce-{SERVER-GENERATED-NONCE}'; base-uri 'self'; img-src https: data:; 2
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://*.mscanada.ca https://*.spcanada.ca https://apply.workable.com https://www.workable.com https://cdn.livechatinc.com https://api.livechatinc.com https://js-agent.newrelic.com https://www.googletagmanager.com https://bam.nr-data.net https://mssp.tfaforms.net https://www.google-analytics.com https://analytics.google.com https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com/uwt.js https://1805bd6b0033416884c70511c9030226.js.ubembed.com https://connect.facebook.net/en_US/fbevents.js https://bat.bing.com/bat.js https://dcvxs6ggqztsa.cloudfront.net/widget/production/embed.js https://connect.facebook.net https://assets.ubembed.com https://bat.bing.com https://a.omappapi.com/app/js/api.min.js https://cdnjs.cloudflare.com/ajax/libs/dragula/3.7.3/dragula.min.js; object-src 'none'; style-src 'report-sample' 'self' 'unsafe-inline' https://*.mscanada.ca https://ccf807.spcanada.ca https://cdn.jsdelivr.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://mssp.tfaforms.net; img-src 'self' data: https://*.mscanada.ca https://*.spcanada.ca https://bam.nr-data.net https://analytics.google.com https://www.google.ca https://stats.g.doubleclick.net https://bat.bing.com https://www.google.com https://www.googletagmanager.com; media-src 'self' https://cdn.livechatinc.com; frame-src 'self' https://secure.livechatinc.com https://www.youtube.com https://mssp.tfaforms.net; frame-ancestors 'self'; child-src 'none'; font-src 'self' data: https://ccf807.mscanada.ca https://cdn.jsdelivr.net https://cdn.livechatinc.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; connect-src 'self' https://*.mscanada.ca https://*.spcanada.ca https://api.livechatinc.com https://bam.nr-data.net https://mssp.tfaforms.net https://analytics.google.com https://www.google-analytics.com 2
default-src 'none'; media-src *; manifest-src 'none'; frame-src https://*.hushmail.com https://forms.hubspot.com https://*.hubspot.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://forms.hsforms.com https://*.google-analytics.com https://*.doubleclick.net https://hushforms.com https://widget.trustpilot.com https://vars.hotjar.com/ https://*.hs-sites.com https://fast.wistia.net https://www.hushmail.com 'self'; object-src 'self'; child-src 'self'; font-src https://*.hushmail.com https://fonts.gstatic.com https://script.hotjar.com 'self'; style-src https://*.hushmail.com https://hushforms.com https://fonts.googleapis.com 'self' 'unsafe-inline'; connect-src https://*.hushmail.com https://*.hubspot.com https://*.hsforms.net https://*.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://stats.g.doubleclick.net https://frstre.com https://tapfiliate.com https://hushforms.com https://*.capterra.com https://*.google.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://d3hb14vkzrxvla.cloudfront.net https://chatapi.helpscout.net https://beaconapi.helpscout.net wss://ws-helpscout.pusher.com https://sockjs-helpscout.pusher.com https://api.hubapi.com https://*.hotjar.com https://*.hotjar.io wss://ws18.hotjar.com 'self'; img-src * data:; script-src https://*.hushmail.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsleadflows.net https://js.hsforms.net https://js.usemessages.com https://forms.hubspot.com https://forms.hsforms.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://*.doubleclick.net https://*.tapfiliate.com https://hushforms.com https://*.capterra.com https://widget.trustpilot.com https://beacon-v2.helpscout.net/ https://js.hs-banner.com https://js.hsadspixel.net https://*.hotjar.com https://js.hubspot.com 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.hushmail.com; report-uri /cspreport/ 2
frame-ancestors https://*.procampaign.net 2
base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://kit.fontawesome.com https://mpsnare.iesnare.com https://widget.trustpilot.com https://kit-pro.fontawesome.com https://www.googletagmanager.com https://bat.bing.com https://www.dwin1.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://b.sbox.stats.paypal.com https://sdk.privacy-center.org https://api.privacy-center.org https://sibautomation.com https://cdn.shipup.co *.abtasty.com *.googleapis.com https://pagead2.googlesyndication.com https://widget.botmind.io 2
frame-ancestors 'self' *.connectmeinforma.com dev.totem-app.com 2
default-src 'self'; font-src *;img-src * data:; script-src *; style-src *; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' https: data:; media-src 'self' https: data: blob:; object-src 'none'; font-src 'self' https: data:; default-src 'self' https: wss:; base-uri 'none'; 2
frame-ancestors 'self' https://pdftron.sanity.studio; 2
default-src 'none'; script-src 'self' 'nonce-3423fsdf3kj34j' *.hsforms.net *.hs-scripts.com *.googletagmanager.com *.google.com *.osano.com *.usemessages.com *.hubspot.com *.hsadspixel.net *.hs-analytics.net *.hscollectedforms.net *.hsleadflows.net *.hs-banner.com *.facebook.net js.zi-scripts.com ws.zoominfo.com tags.clickagy.com ws-assets.zoominfo.com schedule.zoominfo.com api.schedule.zoominfo.com  *.buzzsprout.com snap.licdn.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com *.osano.com;object-src 'self' *.osano.com; base-uri 'self'; connect-src 'self' *.hsforms.com *.hscollectedforms.net analytics.google.com *.google-analytics.com *.hubspot.com *.doubleclick.net *.hubapi.com *.linkedin.com *.osano.com aorta.clickagy.com  hemsync.clickagy.com ws.zoominfo.com api.schedule.zoominfo.com *.googleadservices.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' *.osano.com *.hsforms.com *.youtube.com *.google.com *.openssf.org *.landscape2.io *.buzzsprout.com aorta.clickagy.com hemsync.clickagy.com *.doubleclick.net;img-src 'self' data: *.hsforms.com *.hubspot.com *.hubspot.net *.ads.linkedin.com secure.gravatar.com *.w.org *.google.com *.google-analytics.com  *.facebook.com *.linuxfoundation.org; manifest-src 'self'; media-src 'self'; worker-src blob: *.osano.com; frame-ancestors 'self'; form-action 'self' *.hsforms.com; 2
default-src 'self'; connect-src *; img-src 'self' data: 2
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' ; 2
script-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com maps.googleapis.com www.googleadservices.com bat.bing.com s.yimg.com sp.analytics.yahoo.com; 2
frame-ancestors https://lunar-website-studio.vercel.app https://lunar-website-studio-staging.vercel.app https://lunar-website-studio-dev.vercel.app https://www.lunar.app 2
upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; object-src 'none'; base-uri 'none' 2
default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval' ;  object-src 'none' ;  frame-ancestors 'self' ;  base-uri 'self' ;  prefetch-src 'self' ;  img-src https: data: ; 2
default-src 'self' ;   script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://analitica.dacoruna.gal https://www.youtube.com https://www.gstatic.com ;   img-src 'self' data: blob: https://*.dacoruna.gal ;   frame-src 'self' https://cas.dacoruna.gal https://www.google.com https://www.youtube.com https://calendar.google.com ;   style-src 'self' 'unsafe-inline' ;   font-src 'self' ;   connect-src 'self' https://analitica.dacoruna.gal ;   object-src 'self' ;   frame-ancestors 'self' ; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdnjs.cloudflare.com *.google-analytics.com https://www.google-analytics.com *.googleapis.com https://www.google.com/js https://www.google.com/ads https://www.googletagmanager.com https://cloud.typography.com *.gstatic.com https://stats.g.doubleclick.net *.cloudfront.net https://www.youtube.com *.youtube.com https://app.termly.io https://i.ytimg.com https://yt3.ggpht.com https://static.doubleclick.net https://secure.quantserve.com https://snap.licdn.com https://rules.quantcount.com https://pixel.quantserve.com https://px.ads.linkedin.com http://www.google.com https://p.adsymptotic.com https://lbm.doitbestonline.com https://media.mydoitbest.com ; frame-src 'self' https://app.termly.io https://www.youtube.com https://www.google.com ; frame-ancestors 'self'; base-uri 'none'; object-src 'none'; 2
frame-ancestors 'self' *.icewarp.com 2
frame-ancestors 'self' https://flocktory.com https://*.flocktory.com http://webvisor.com http://*.webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net ; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: data: https: blob:; connect-src https: wss:; img-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; upgrade-insecure-requests; frame-ancestors 'self' https://*.revolve.com; 2
upgrade-insecure-requests; default-src *; media-src * data: blob: rtmp: mediastream:; child-src * data: blob: gsa: webviewprogressproxy:; img-src * data: blob: android-webview-video-poster:; script-src * 'unsafe-inline' 'unsafe-eval' data: opera:; frame-src * 'unsafe-inline' data: gsa: webviewprogressproxy:; style-src * 'unsafe-inline' data:; connect-src * 'unsafe-inline' ws: wss:; font-src * data:; object-src *; report-uri /members/util/log_csp/ 2
default-src 'self' https: data:; connect-src 'self' ws: https:; img-src 'self' https: data:; media-src 'self' https: data:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; script-src-elem 'self' https: 'unsafe-inline'; frame-ancestors https://audi-admin.porsche-holding.com; 2
default-src *; img-src * blob: data:; style-src 'unsafe-inline' *; script-src 'unsafe-inline' 'unsafe-eval' *; font-src * data:; frame-src 'self' *.cxf-public-multisite.prod-mul-we-cxf.michelin.fr *.youtube.com *.google.com *.hcaptcha.com www.googletagmanager.com *.doubleclick.net *.pixlee.com *.pixlee.co empower.my.salesforce.com *.qualtrics.com 2
upgrade-insecure-requests  ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com *.mapbox.com *.lytics.io js.jebbit.com blob: feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org script.crazyegg.com js.jebbit.com js.adsrvr.org connect.facebook.net z.moatads.com cdn.segment.com pghub.io www.youtube.com *.lytics.io *.bazaarvoice.com *.pricespider.com cdnjs.cloudflare.com *.mapbox.com *.iesnare.com feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' insight.adsrvr.org *.doubleclick.net feed.pghub.io www.facebook.com consumersupport.pg.com pgnagain.jebbit.com jebbit.ilovegain.com www.youtube.com pg-lex.my.salesforce-sites.com pandg.tapad.com ; img-src 'self' data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com pixel.tapad.com *.doubleclick.net www.facebook.com *.lytics.io *.akamaihd.net *.moatads.com *.pricespider.com *.bazaarvoice.com i.ytimg.com cdn.cookielaw.org feed.pghub.io pandg.tapad.com ; connect-src 'self' *.google-analytics.com *.cookielaw.org *.jebbit.com *.doubleclick.net *.crazyegg.com *.adsrvr.org *.segment.com *.segment.io *.bazaarvoice.com *.pricespider.com *.mapbox.com geolocation-db.com *.algolia.net *.algolianet.com wss: feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 2
default-src 'self'; script-src 'self' http: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' http: https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: http: https:; font-src 'self' http: https:; connect-src 'self' http: https:; frame-src 'self' http: https: 2
frame-ancestors 'self'; img-src https://* data: 2
frame-ancestors 'self' https://brita-int.ff360.de 2
frame-ancestors *.hudongba.com *.hdb.com *.qq.com 2
frame-ancestors 'self' https://*.getresponse.com 2
default-src 'self' 'unsafe-inline'; 2
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://dec.azureedge.net/ https://munchkin.marketo.net https://js.hs-scripts.com https://js.hs-analytics.net https://contents-calculator.swintonassets.uk/ https://accident-map.swintonassets.uk/ https://api.tiles.mapbox.com https://burglary-map.swintonassets.uk https://crime-map.swintonassets.uk https://complaintsform.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://quiz.tryinteract.com/ https://api.contents-calculator.swintonassets.uk https://infographic.swintonassets.uk https://flo.uri.sh/ https://www.youtube.com/ https://chat.atlantagroup.co.uk/ https://prod.respondselfserve.com https://www.google-analytics.com/ https://www.google.co.uk https://schema.org https://ict.infinity-tracking.net https://track.omguk.com https://googleleads.g.doubleclick.net https://9210165.fls.doubleclick.net https://secure.adnxs.com/px https://secure.quantserve.com/ https://rules.quantcount.com/ https://ppc.swintonassets.uk https://connect.facebook.net/ https://script.crazyegg.com/ https://errors-tracking.crazyegg.com https://tracking.crazyegg.com https://hud.crazyegg.com https://vector.crazyegg.com https://ftrk.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://sampling-ratio.crazyegg.com https://sample-api-v2.crazyegg.com https://acsbap.com/apps/ https://acsbapp.com/apps/ https://secure.servicetick.com/ https://widget.trustpilot.com https://register.feefo.com/ https://bat.bing.com/ https://script.infinity-tracking.com https://googleads.g.doubleclick.net https://edge.quantserve.com https://cdn-launching.servicetick.com https://ad.doubleclick.net https://rules.quantcount.com https://pixel.quantserve.com https://pagead2.googlesyndication.com https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://code.jquery.com https://almanac.jaywing.com https://mazda.almanac.jaywing.com https://*.civiccomputing.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.googlesyndication.com https://www.clarity.ms https://static.hotjar.com https://script.hotjar.com https://compare.defaqto.com/ https://www.youtube-nocookie.com https://swintonchat.widget.custhelp.com https://dqm.crownpeak.com https://swintonchat.custhelp.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://www.rnengage.com https://snippet.maze.co/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.autonetinsurance.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.atlantagroup.co.uk https://dynamic.criteo.com https://dynamic.criteo.net https://smct.co https://js.smct.co https://smct.io https://js.smct.io *.bmw-motorrad-insurance.com https://cdnjs.cloudflare.com https://*.webchat.helpshift.com https://api.crazyegg.com/ *.healthy-pets.co.uk https://lptag.liveperson.net https://cdn.lpsnmedia.net https://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://lo.v.liveperson.net 'self' web-chat.nativechat.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://*.googleapis.com https://*.gstatic.com https://*.googlesyndication.com https://use.fontawesome.com https://fast.fonts.net https://cdn-launching.servicetick.com https://ppc-v3.swintonassets.uk https://optimize.google.com https://fonts.googleapis.com https://swintonchat.widget.custhelp.com https://script.crazyegg.com https://errors-tracking.crazyegg.com https://hud.crazyegg.com https://vector.crazyegg.com https://ftrk.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://sampling-ratio.crazyegg.com https://sample-api-v2.crazyegg.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://api.contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://api.tiles.mapbox.com https://maxcdn.bootstrapcdn.com/ https://snippet.maze.co/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.atlantagroup.co.uk *.autonetinsurance.co.uk *.bmw-motorrad-insurance.com https://cdnjs.cloudflare.com https://api.crazyegg.com/ *.healthy-pets.co.uk https://lptag.liveperson.net https://cdn.lpsnmedia.net https://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://lo.v.liveperson.net 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://*.dec.sitefinity.com https://*.google.com https://*.google.co.uk https://*.doubleclickbygoogle.com https://*.doubleclick.com https://*.doubleclick.net https://*.googleads.g.doubleblick.net https://*.googleadservices.com https://*.googletagservices.com https://*.googlesyndication.com https://*.app-measurement.com *.eloqua.com https://track.hubspot.com https://bat.bing.com https://secure.adnxs.com https://ad.doubleclick.net https://pxl.qccerttest.com https://pixel.quantserve.com https://cm.g.doubleclick.net https://ib.adnxs.com https://us-u.openx.net https://stags.bluekai.com https://dpm.demdex.net https://idsync.rlcdn.com https://ups.analytics.yahoo.com https://dsum-sec.casalemedia.com https://ce.lijit.com https://x.bidswitch.net https://beacon.krxd.net https://rtb-csync.smartadserver.com https://sync.search.spotxchange.com https://aa.agkn.com https://e1.emxdgt.com https://sync.crwdcntrl.net https://eb2.3lift.com https://sync.1rx.io https://cs.lkqd.net https://sync.taboola.com https://quantcast.partners.tremorhub.com https://sync.teads.tv https://sync.outbrain.com https://router.infolinks.com https://cms.quantserve.com https://ad.yieldlab.net https://web1.acsbapp.com https://adservice.google.com *.entirecoverinsurance.co.uk https://script.hotjar.com https://www.hotjar.com https://www.google-analytics.com https://optimize.google.com https://track.omguk.com https://www.rnengage.com https://www.carolenash.com https://public.flourish.studio *.just-motorcycleinsurance.com *.autonetinsurance.co.uk *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.atlantagroup.co.uk https://googletagmanager.com https://google.com https://google.co.uk https://dai.google.com https://adsense.google.com https://adsense.google.co.uk https://region1.app-measurement.com https://eu.app-measurement.com https://script.crazyegg.com https://errors-tracking.crazyegg.com https://hud.crazyegg.com https://vector.crazyegg.com https://ftrk.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://sampling-ratio.crazyegg.com https://sample-api-v2.crazyegg.com https://static.hotjar.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://api.contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://api.tiles.mapbox.com https://maxcdn.bootstrapcdn.com/ 'unsafe-inline' https://dynamic.criteo.com https://dynamic.criteo.net https://smct.co https://cdn.smct.co https://smct.io https://cdn.smct.io https://px.smct.co https://px.smct.io https://ep.smct.co https://ep.smct.io https://snippet.maze.co/ *.bmw-motorrad-insurance.com https://api.crazyegg.com/ *.healthy-pets.co.uk data: https://cdn.lpsnmedia.net data: https://lpcdn.lpsnmedia.net 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://use.fontawesome.com https://acsbapp.com https://script.hotjar.com https://fast.fonts.net https://fonts.gstatic.com https://flo.uri.sh/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.atlantagroup.co.uk https://maxcdn.bootstrapcdn.com/ *.autonetinsurance.co.uk https://fonts.smct.co https://fonts.smct.io https://snippet.maze.co/ *.bmw-motorrad-insurance.com *.healthy-pets.co.uk; frame-src https://widget.trustpilot.com https://prod.respondselfserve.com https://*.doubleclick.com https://*.doubleclick.net https://*.googlesyndication.com https://www.youtube.com https://www.facebook.com https://compare.defaqto.com/ https://*.webchat.helpshift.com https://player.vimeo.com https://optimize.google.com https://datawrapper.dwcdn.net https://flo.uri.sh/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.atlantagroup.co.uk https://static.hotjar.com https://script.hotjar.com https://www.youtube-nocookie.com https://script.crazyegg.com https://errors-tracking.crazyegg.com https://hud.crazyegg.com https://vector.crazyegg.com https://ftrk.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://sampling-ratio.crazyegg.com https://sample-api-v2.crazyegg.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://api.contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://maxcdn.bootstrapcdn.com/ *.autonetinsurance.co.uk https://dynamic.criteo.com https://dynamic.criteo.net https://smct.co https://smct.io https://ls.smct.co https://ls.smct.io https://d2d7do8qaecbru.cloudfront.net https://www.veed.io/ *.bmw-motorrad-insurance.com *.healthy-pets.co.uk https://cdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lo.shiftstatus.liveperson.net 'self' web-chat.nativechat.com; connect-src accounts.google.com https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' chat.atlantagroup.co.uk https://cdn.acsbapp.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://web.lon.infinity-tracking.com https://nas.lon.infinity-tracking.com https://ict.infinity-tracking.net https://googleads4.g.doubleclick.net *.mackenziehodgson.co.uk *.justmotorinsurance.com *.just-motorcycleinsurance.com *.expressbikeinsurance.com *.insurance.harley-davidson.uk *.carolenash.com *.carolenash.ie *.atlantagroup.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.swinton.co.uk *.insurance4carhire.com *.comparemybikeinsurance.com *.kdbmedicals.co.uk https://nas.lon.infinity-tracking.net https://*.civiccomputing.com https://*.google.com https://*.google.co.uk https://*.doubleclickbygoogle.com https://*.doubleclick.com https://*.doubleclick.net https://*.googleadservices.com https://*.googletagservices.com https://*.app-measurement.com https://*.googlesyndication.com https://a.clarity.ms https://vc.hotjar.io https://pixel.quantcount.com https://api.crownpeak.net *.entirecoverinsurance.co.uk https://surveystats.hotjar.io https://content.hotjar.io wss://wsp27.hotjar.com wss://ws.hotjar.com https://analytics.paymentshield.co.uk *.autonetinsurance.co.uk *.paymentshield.co.uk *.wearemarmalade.co.uk *.bewiser.co.uk https://doubleclick.net https://dai.google.com https://adsense.google.com https://adsense.google.co.uk https://region1.app-measurement.com https://eu.app-measurement.com https://script.crazyegg.com https://errors-tracking.crazyegg.com https://hud.crazyegg.com https://vector.crazyegg.com https://ftrk.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://sampling-ratio.crazyegg.com https://sample-api-v2.crazyegg.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://script.hotjar.com https://hotjar.io https://api.contents-calculator.swintonassets.uk https://smct.co https://js.smct.co https://smct.io https://js.smct.io https://ipb.smct.co https://ipb.smct.io https://cfg.smct.co https://cfg.smct.io https://ep.smct.co https://ep.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://acsbapp.com https://acsbap.com https://api.maze.co/ https://prompts.maze.co/ *.bmw-motorrad-insurance.com https://api.crazyegg.com/ *.healthy-pets.co.uk wss://lo.msg.liveperson.net https://cdn.lpsnmedia.net https://accdn.liveperson.net  https://lpcdn.lpsnmedia.net 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://player.vimeo.com blob: https://cdn.lpsnmedia.net blob: https://lpcdn.lpsnmedia.net; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: 'self' web-chat.nativechat.com 2
connect-src * 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gbqofs.io *.gbqofs.com *.google.com *.googletagmanager.com *.googleadservices.com *.evidon.com *.gstatic.com *.youtube.com *.facebook.net *.google-analytics.com *.cloudfront.net *.force.com *.salesforce.com *.salesforceliveagent.com *.sessioncam.com *.doubleclick.net cdn.jsdelivr.net *.cloudflare.com js.adsrvr.org snap.licdn.com t23.intelliad.de *.usabilla.com *.fusepump.com *.adimo.co *.googlesyndication.com *.newrelic.com *.licdn.com bam.nr-data.net secure.cavy9soho.com *.amazon-adsystem.com static.ads-twitter.com static.hotjar.com ict.infinity-tracking.net script.crazyegg.com *.brand-display.com *.pricespider.com *.ktxlytics.io *.bazaarvoice.com *.tiles.mapbox.com blob: d6tizftlrpuof.cloudfront.net *.amazonaws.com cdn.hypemarks.com cdn.cookielaw.org unpkg.com apps.nestle.co.uk ndeuprpromotheuseuwesta.z6.web.core.windows.net *.teads.tv cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com *.googleapis.com *.turtl.co; frame-ancestors 'self' https://content.nestleprofessional.us https://minorsfoodservice.com; connect-src 'self' *.gbqofs.io *.gbqofs.com *.google.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.evidon.com *.secure.force.com *.sessioncam.com *.fusepump.com *.amazonaws.com *.googlesyndication.com *.newrelic.com *.licdn.com bam.nr-data.net *.ktxlytics.io *.mapbox.com *.pricespider.com d6tizftlrpuof.cloudfront.net *.usabilla.com cdn.linkedin.oribi.io collect.analyze.ly cdn.growthbook.io cdn.cookielaw.org apps.nestle.co.uk *.teads.tv cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com *.googleapis.com *.linkedin.com; report-uri /report-csp-violation 2
frame-ancestors 'self' https://*.goldmansachs.com https://*.gs.com; 2
frame-ancestors 'self' piwik.mpg.de statistics.mpg.de statistik.mpg.de; 2
frame-ancestors 'self' meisterdrucke.com meisterdrucke.de meisterdrucke.at; 2
frame-ancestors 'self'  app.getbee.io supplier.eu.ziftone.com pimcore.eu.ziftone.com partner.pimcore.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: javascript: https://cdn.siftscience.com alcaldiapereira.agenti.com.co https://checkout.wompi.co/widget.js wolkvox-cobrowsing-agent-fd5zvw7swa-ue.a.run.app widget02.wolkvox.com d335luupugsy2.cloudfront.net wolkvox-cobrowsing-agent-fd5zvw7swa-ue.a.run.app https://platform.bluemessaging.net app.sitp.gov.co *.firebaseio.com *.aldeamo.com *.bootstrapcdn.com *.cloudflare.com https://chat1-cls27.i6.inconcertcc.com https://webchat-cls27.i6.inconcertcc.com *.facebook.net *.fontawesome.com https://mas-spn.inconcertcc.com *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.hippochat.io *.hotjar.com *.jquery.com *.jsdelivr.net *.livechatinc.com *.snapengage.com *.twimg.com *.twitter.com *.uniquindio.edu.co unpkg.com *.ytimg.com *.youtube.com *.zendesk.com ; img-src 'self' blob: data: javascript: static.placetopay.com/placetopay-logo.svg https://govco.sedeelectronica.com.co *.aldeamo.com *.amazonaws.com *.bluemessaging.net *.cool especiales.presidencia.gov.co *.facebook.com fuguchat.s3.ap-south-1.amazonaws.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.gstatic.com *.hippochat.io *.hotjar.com *.livechatinc.com sedeelectronica.com.co sellodeexcelencia.gov.co *.snapengage.com s-static.ak.facebook.com stats.g.doubleclick.net synersis.co:8442 smartlink.cool *.twimg.com *.twitter.com *.uniquindio.edu.co vozme.com *.youtube.com *.zendesk.com ; style-src 'self' 'unsafe-inline' alcaldiapereira.agenti.com.co wolkvox-cobrowsing-agent-fd5zvw7swa-ue.a.run.app widget02.wolkvox.com d335luupugsy2.cloudfront.net wolkvox-cobrowsing-agent-fd5zvw7swa-ue.a.run.app https://platform.bluemessaging.net *.aldeamo.com *.bootstrapcdn.com govco.sedeelectronica.com.co ton.twimg.com *.cali.gov.co https://mas-spn.inconcertcc.com https://cdn.jsdelivr.net  *.cloudflare.com *.fontawesome.com *.hippochat.io *.hotjar.com *.jquery.com *.nexura.com *.gstatic.com *.google.com *.googleapis.com sedeelectronica.com.co *.twitter.com *.uniquindio.edu.co *.zendesk.com ; font-src 'self' data: alcaldiapereira.agenti.com.co *.cali.gov.co https://mas-spn.inconcertcc.com govco.sedeelectronica.com.co sedeelectronica.com.co *.fontawesome.com *.hotjar.com *.bootstrapcdn.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.nexura.com sedeelectronica.com.co *.uniquindio.edu.co ; object-src 'self' data: ; frame-ancestors 'self' *.nexura.com *.uniquindio.edu.co ; media-src 'self' blob: https://c11.radioboss.fm:18054/stream  *.radioboss.fm:18054/stream  *.uniquindio.edu.co vozme.com smartlink.cool *.smartlink.cool ; 2
upgrade-insecure-requests;
               script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.bing.com https://dev.virtualearth.net https://ajax.googleapis.com https://ajax.aspnetcdn.com https://r.bing.com 'unsafe-inline' 'unsafe-eval';
               style-src 'self' https://r.bing.com https://www.bing.com https://ajax.googleapis.com 'unsafe-inline';
               font-src 'self' https://fonts.gstatic.com https://r.bing.com https://www.bing.com;
               connect-src 'self' https://www.google-analytics.com https://www.bing.com https://api.weather.com https://r.bing.com https://dev.virtualearth.net https://t.ssl.ak.tiles.virtualearth.net;
               img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.bing.com https://dev.virtualearth.net https://ajax.googleapis.com https://t.ssl.ak.dynamic.tiles.virtualearth.net https://t.ssl.ak.tiles.virtualearth.net data:;
               frame-src 'self' https://www.hydropoint.com https://www.baselinesystems.com https://hydropoint.sharepoint.com https://www.weathertrak.net;
               frame-ancestors 'self';
               object-src 'none' 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: 2
default-src 'self' https://*.lufthansa-city.com https://*.lufthansagroup.com https://*.lufthansagroup.careers https://s.ytimg.com https://*.youtube.com https://*.youtube-nocookie.com https://*.twitter.com https://*.twimg.com; script-src 'self' https://*.lufthansa-city.com *.ytimg.com *.youtube.com *.youtube-nocookie.com ; style-src 'self' https://*.lufthansagroup.com https://*.lufthansagroup.careers; object-src 'self'; 2
base-uri 'self' https:; block-all-mixed-content; child-src 'self' https:; connect-src 'self' https:; font-src 'self' data: https:; form-action 'self' https:; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' data: https:; media-src 'self' https:; object-src 'self' https:; prefetch-src 'self' https:; report-to csp_default; report-uri https://o956100.ingest.sentry.io/api/5979820/security/?sentry_key=3365bf3db95341e8b0c888222a947b0e; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; worker-src 'self' https: 2
default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: http: https: *.3lift.com *.adform.net *.adnxs.com *.adroll.com *.affilired.com *.bidswitch.net *.calendly.com *.casalemedia.com *.cdn-cookieyes.com *.clarity.ms *.cloudflare.com *.denomatic.com *.doubleclick.net *.escuelaeuropeaexcelencia.com *.esginnova.com *.facebook.com *.facebook.net *.firebasedatabase.app *.fs1.hubspotusercontent-na1.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googleusercontent.com *.gravatar.com *.gstatic.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.hsappstatic.net *.hscta.net *.hsforms.com *.hsforms.net *.hubspot.com *.hubspot.net *.hubspotusercontent10.net *.isotools.us *.jquery.com *.jsdelivr.net *.kantansoftware.com *.licdn.com *.linkedin.com *.openx.net *.outbrain.com *.pmg-ssi.com *.pubmatic.com *.responsivevoice.org *.rubiconproject.com *.serviceform.com *.stripe.com *.taboola.com *.ucarecdn.com *.usemessages.com *.vimeo.com *.w.org *.yahoo.com cdn-cookieyes.com; img-src 'self' blob: data: *.3lift.com *.adform.net *.adnxs.com *.adroll.com *.affilired.com *.bidswitch.net *.calendly.com *.casalemedia.com *.cdn-cookieyes.com *.clarity.ms *.cloudflare.com *.denomatic.com *.doubleclick.net *.escuelaeuropeaexcelencia.com *.esginnova.com *.facebook.com *.facebook.net *.firebasedatabase.app *.fs1.hubspotusercontent-na1.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googleusercontent.com *.gravatar.com *.gstatic.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.hsappstatic.net *.hscta.net *.hsforms.com *.hsforms.net *.hubspot.com *.hubspot.net *.hubspotusercontent10.net *.isotools.us *.jquery.com *.jsdelivr.net *.kantansoftware.com *.licdn.com *.linkedin.com *.openx.net *.outbrain.com *.pmg-ssi.com *.pubmatic.com *.responsivevoice.org *.rubiconproject.com *.serviceform.com *.stripe.com *.taboola.com *.ucarecdn.com *.usemessages.com *.vimeo.com *.w.org *.yahoo.com cdn-cookieyes.com; frame-ancestors 'self' *.3lift.com *.adform.net *.adnxs.com *.adroll.com *.affilired.com *.bidswitch.net *.calendly.com *.casalemedia.com *.cdn-cookieyes.com *.clarity.ms *.cloudflare.com *.denomatic.com *.doubleclick.net *.escuelaeuropeaexcelencia.com *.esginnova.com *.facebook.com *.facebook.net *.firebasedatabase.app *.fs1.hubspotusercontent-na1.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googleusercontent.com *.gravatar.com *.gstatic.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.hsappstatic.net *.hscta.net *.hsforms.com *.hsforms.net *.hubspot.com *.hubspot.net *.hubspotusercontent10.net *.isotools.us *.jquery.com *.jsdelivr.net *.kantansoftware.com *.licdn.com *.linkedin.com *.openx.net *.outbrain.com *.pmg-ssi.com *.pubmatic.com *.responsivevoice.org *.rubiconproject.com *.serviceform.com *.stripe.com *.taboola.com *.ucarecdn.com *.usemessages.com *.vimeo.com *.w.org *.yahoo.com cdn-cookieyes.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: block *.3lift.com *.adform.net *.adnxs.com *.adroll.com *.affilired.com *.bidswitch.net *.calendly.com *.casalemedia.com *.cdn-cookieyes.com *.clarity.ms *.cloudflare.com *.denomatic.com *.doubleclick.net *.escuelaeuropeaexcelencia.com *.esginnova.com *.facebook.com *.facebook.net *.firebasedatabase.app *.fs1.hubspotusercontent-na1.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googleusercontent.com *.gravatar.com *.gstatic.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.hsappstatic.net *.hscta.net *.hsforms.com *.hsforms.net *.hubspot.com *.hubspot.net *.hubspotusercontent10.net *.isotools.us *.jquery.com *.jsdelivr.net *.kantansoftware.com *.licdn.com *.linkedin.com *.openx.net *.outbrain.com *.pmg-ssi.com *.pubmatic.com *.responsivevoice.org *.rubiconproject.com *.serviceform.com *.stripe.com *.taboola.com *.ucarecdn.com *.usemessages.com *.vimeo.com *.w.org *.yahoo.com cdn-cookieyes.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests 2
default-src https: data: wss://*.hotjar.com wss://*.crazyegg.com *.crazyegg.com wss://*.zohopublic.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; media-src 'self' blob: data: https:; 2
frame-ancestors 'self' https://www.totbarcelona.cat https://totbarcelona.cat https://vadevi.elmon.cat https://vadegust.cat https://www.vadegust.cat https://monesport.cat https://www.monesport.cat https://www.catorze.cat https://catorze.cat https://balearsvadegust.cat https://www.balearsvadegust.cat https://monterrassa.cat https://monplaneta.cat https://www.la-clau.net https://www.tornaveu.cat https://tornaveu.cat https://www.elmon.cat https://mundus.cat https://vermuts.es https://vinari.cat https://totbarcelona.elmon.cat https://la-clau.net https://diarilaveu.cat https://www.diarilaveu.cat https://diarilaveu.com https://www.diarilaveu.com https://laveupv.com https://www.laveupv.com https://balearsvadevi.cat https://www.balearsvadevi.cat https://elsingular.cat https://www.elsingular.cat https://mon.cat https://www.mon.cat https://www.lasemaineduroussillon.com https://lasemaineduroussillon.com https://lasemaine.elmon.cat; 2
base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com https://lht.mindbreeze.com 'unsafe-inline' 'unsafe-eval' https://lht-acc.mindbreeze.com 'unsafe-inline' 'unsafe-eval' https://code.etracker.com https://app.usercentrics.eu/ https://www.etracker.de/; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com 2
SAMEORIGIN 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tawk.to cdn.jsdelivr.net fw-cdn.com *.freshdesk.com *.freshworks.com https://fonts.googleapis.com/css https://*.freshchat.com/ https:; manifest-src 'self'; child-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to cdn.jsdelivr.net *.freshdesk.com *.freshworks.com https://fonts.googleapis.com/css https://*.freshchat.com/; font-src 'self' fonts.gstatic.com cdn.livechatinc.com *.tawk.to; img-src 'self' cdn.jsdelivr.net tawk.link https: data: cdn.databerjalan.com cdn.databerjalan.com cdn.livechat-files.com www.google-analytics.com; media-src 'self' data: cdn.databerjalan.com dataset.catgarong.com cdn.livechatinc.com youtube.com vimeo.com geo.dailymotion.com twitch.com; object-src 'self' data:; connect-src 'self' data: cdn.databerjalan.com cdn.databerjalan.com cdn.livechat-files.com www.google-analytics.com unpkg.com *.tawk.to wss://*.tawk.to https: wss:; frame-src *.tawk.to https:; frame-ancestors 'self'; form-action 'self' *.tawk.to 2
default-src * data: blob: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: wss: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; report-uri https://912c98659423667ae9a3372f78cdda6d.report-uri.com/r/d/csp/enforce 2
script-src * 'unsafe-eval' 'unsafe-inline'; worker-src data: blob: * 2
default-src *; font-src * data:;img-src * data: blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src * blob: data:; object-src * data:; 2
default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 2
upgrade-insecure-requests; frame-ancestors 'none'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 2
frame-ancestors https://touchscreens.mitsishotels.com https://mitsis365.sharepoint.com 2
default-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: ; img-src * data: ; connect-src * ; worker-src blob: ; frame-ancestors 'none'; 2
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bugherd.com cdn.penguin.co.uk *.ads-twitter.com *.doubleclick.net *.jquery.com *.yoast *.quizzes.cx *.shopifycdn.com *.jsdelivr.net *.facebook.net *.tiktok.com cdnjs.cloudflare.com *.googleadservices.com *.googletagmanager.com *.pinimg.com *.pinterest.com *.doubleclick.net *.ads-twitter.com *.adobedtm.com ssl.google-analytics.com fonts.googleapis.com *.google.com *.gstatic.com *.facebook.com connect.facebook.net www.dwin2.com *.riddle.com *.hotjar.com *.cloudfront.net *.newrelic.com *.nr-data.net instagram.com *.instagram.com *.twitter.com therandomhousegroupltd.d3.sc.omtrdc.net therandomhousegroupl.tt.omtrdc.net *.onetrust.com *.google-analytics.com *.typekit.net *.bootstrapcdn.com *.fontawesome.com *.wpengine.com *.msgfocus.com *.youtube.com *.schema.org aax-eu.amazon-adsystem.com; object-src 'self'; frame-ancestors 'none'; 2
default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 2
img-src data: 'self' https: blob: https://www.facebook.com https://images.prismic.io https://content-eu-central-1.knowunity.com https://content-eu-central-1.knowunity.dev https://px.ads.linkedin.com/collect; font-src 'self'; connect-src *; object-src data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://connect.facebook.net https://apis.google.com https://www.google.com https://appleid.cdn-apple.com https://js.hcaptcha.com https://analytics.tiktok.com https://sc-static.net https://js.stripe.com https://cdnjs.cloudflare.com https://apps.elfsight.com https://static.elfsight.com https://accounts.google.com/gsi/client https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.clarity.ms https://tr.snapchat.com https://www.paypal.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style; style-src-elem 'self' https://accounts.google.com/gsi/style 'unsafe-inline'; script-src-elem * 'unsafe-inline' blob: 'self'; media-src https: 'self'; worker-src blob:; frame-ancestors 'self'; frame-src https://www.youtube.com https://accounts.google.com https://newassets.hcaptcha.com https://appleid.apple.com https://js.stripe.com https://www.facebook.com https://drive.google.com/ https://tr.snapchat.com https://js.stripe.com https://hooks.stripe.com https://cloudflarestream.com https://customer-8ik8x9s31pwtfi7p.cloudflarestream.com https://accounts.google.com/gsi/ https://calendly.com https://www.sandbox.paypal.com https://www.paypal.com; 2
default-src * ; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; object-src *; media-src *; frame-src *; connect-src *; worker-src *; 2
default-src 'self' feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' * ; img-src * 'self' data: https: blob: ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 2
connect-src 'self' inetchat.zoner.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com www.google-analytics.com *.smartlook.cloud *.doubleclick.net https://web.facebook.com https://www.facebook.com https://manychat.com https://socialplugin.facebook.net *.google-analytics.com https://search.zonercloud.cz https://*.clarity.ms https://www.google.com https://pagead2.googlesyndication.com https://cdn.linkedin.oribi.io adservice.google.com www.google.cz *.analytics.google.com px.ads.linkedin.com;default-src 'self' www.google-analytics.com www.google.com inetchat.zoner.com;font-src 'self' fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;img-src 'self' data: stats.g.doubleclick.net www.google-analytics.com www.google.cz www.google.com inetchat.zoner.com www.facebook.com c.imedia.cz http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.inpage.cz https://www.inpage.sk https://c.seznam.cz https://i.ytimg.com *.twitter.com https://seal.digicert.com ad.czechia.com  api.thegreenwebfoundation.org www.abuseipdb.com www.googletagmanager.com https://px.ads.linkedin.com https://c.bing.com https://c.clarity.ms www.google.sk www.google.es www.google.de www.google.sn;manifest-src 'self';script-src 'self' 'unsafe-inline' data: www.google.com www.gstatic.com googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com www.googletagmanager.com inetchat.zoner.com partner.zonercloud.sk partner.zonercloud.cz connect.facebook.net c.imedia.cz rec.smartlook.com *.twitter.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://seal.digicert.com ad.czechia.com https://c.seznam.cz https://widget.manychat.com https://mccdn.me www.clarity.ms https://search.zonercloud.cz https://snap.licdn.com https://*.clarity.ms 'unsafe-eval';style-src 'self' 'unsafe-inline' fonts.googleapis.com;frame-ancestors 'none';form-action 'self' admin.czechia.com admin.slovaknet.sk *.csob.cz;base-uri 'self';object-src 'none';frame-src 'self' *.inpage.cz *.inpage.sk *.inpageweb.com www.youtube.com www.google.com maps.google.com inetchat.zoner.com partner.zonercloud.sk partner.zonercloud.cz https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.twitter.com www.metercustom.net https://web.facebook.com https://www.facebook.com *.doubleclick.net https://docs.google.com;report-uri /csp-report-endpoint; 2
default-src 'self' https://*.optimizely.com https://www.google-analytics.com https://*.heg-cp.com; style-src 'self' 'unsafe-inline' https://*.hosteurope.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hosteurope.de https://js.leadinspector.de http://js.leadinspector.de https://js.leadinspector.de tags.tiqcdn.com https://*.doubleclick.net https://static-artifact.heg-cp.com https://cdn.polyfill.io https://www.google.com https://www.gstatic.com https://*.optimizely.com http://*.optimizely.com www.googleadservices.com https://bat.bing.com www.dwin1.com https://connect.facebook.net https://www.google-analytics.com ajax.googleapis.com https://*.twitter.com https://static.ads-twitter.com https://*.ampproject.org; font-src 'self' data:; object-src 'self'; img-src 'self' 'unsafe-inline' https://www.hosteurope.com/ data: https://www.google.com.ua https://*.leadinspector.de https://i.ytimg.com https://*.g.doubleclick.net https://bat.bing.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://www.google.de https://t.co https://*.multiscreensite.com; frame-src 'self' https://www.google.com https://*.optimizely.com https://*.facebook.com https://*.facebook.net www.youtube.com *.vimeo.com *.vimeocdn.com *.doubleclick.net; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; img-src https: data: ; worker-src blob: https: ; connect-src https: wss: 2
default-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src 'self' data:; 2
media-src * 2
default-src 'self' https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.google.com https://*.googleapis.com 'unsafe-inline'; img-src 'self' https://*.gstatic.com https://*.google.com https://*.googleapis.com https://trustseal.enamad.ir https://logo.samandehi.ir https://*.google-analytics.com data:; script-src-elem 'self' https://*.getclicky.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://*.googletagmanager.com https://*.google-analytics.com 'unsafe-inline'; frame-src 'self' https://www.aparat.com https://www.adsensecustomsearchads.com https://*.google.com; frame-ancestors 'self' https://www.aparat.com; 2
default-src 'self' blob: ws: data: https://s3.sa-east-1.amazonaws.com https://maps.googleapis.com https://api.inspectos.com https://api.inspecao360.com https://cdn.linkedin.oribi.io https://px4.ads.linkedin.com https://px.ads.linkedin.com https://www.google-analytics.com https://mdls.dynamsoftonline.com https://sdls.dynamsoftonline.com; script-src 'self' 'unsafe-eval' blob: https://use.fontawesome.com https://maps.googleapis.com https://snap.licdn.com https://www.googletagmanager.com https://www.google-analytics.com https://gc.kes.v2.scr.kaspersky-labs.com https://www.gstatic.com https://www.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; report-to 'self'; object-src 'self'; img-src 'self' blob: https://khms0.googleapis.com https://khms1.googleapis.com https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://inspectos-imoveis.s3-sa-east-1.amazonaws.com https://maps.googleapis.com https://maps.gstatic.com https://s3.sa-east-1.amazonaws.com data: https://px.ads.linkedin.com https://www.google-analytics.com https://px4.ads.linkedin.com; frame-src 'self' blob: https://www.google.com https://igw.inspectos.com; font-src data: 'self' https://use.fontawesome.com https://fonts.gstatic.com; connect-src 'self' blob: data: https://api-brd-pre.inspectos.com https://api-brd-sin.inspectos.com https://api-bar-imo.inspectos.com https://api-cas-imo.inspectos.com https://api-adc-con.inspectos.com https://api-brd-fin.inspectos.com https://api-brd-con.inspectos.com https://api-btp-seg.inspectos.com https://api-ezz-seg.inspectos.com https://api-pos-seg.inspectos.com https://api-scr-seg.inspectos.com https://api-std-imo.inspectos.com https://api-std-con.inspectos.com https://api-sbr-seg.inspectos.com https://api-swr-seg.inspectos.com https://api-azl-seg.inspectos.com https://flb-897122623.inspectos.com https://px.ads.linkedin.com https://www.google-analytics.com https://api.inspectos.com https://api.inspecao360.com https://maps.googleapis.com https://s3.sa-east-1.amazonaws.com https://fonts.googleapis.com https://inspecao360-midia-temp.s3.sa-east-1.amazonaws.com https://inspecao360-midia.s3.sa-east-1.amazonaws.com https://fonts.gstatic.com https://mdls.dynamsoftonline.com; media-src 'self' blob: https://inspecao360-midia.s3.sa-east-1.amazonaws.com; manifest-src 'self'; 2
base-uri 'self'; object-src 'none'; frame-ancestors 'self'; 2
default-src  * 'unsafe-inline' 'unsafe-eval' ; img-src * blob: data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dynamics.com *.cloudinary.com api.stockdio.com *.googletagmanager.com *.azureedge.net *.monitor.azure.com *.livechatinc.com https://static.meiqia.com secure-fra.livechatinc.com *.google.com *.gstatic.com/ https://cdn.matomo.cloud https://hms.matomo.cloud https://cdn.cookielaw.org/ https://hm.baidu.com/ https://snap.licdn.com/ https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api https://cdn.matomo.cloud; font-src 'self' data: api.stockdio.com *.googletagmanager.com *.gstatic.com https://at.alicdn.com/; connect-src 'self' *.dynamics.com *.cloudinary.com api.stockdio.com *.googletagmanager.com *.onetrust.com dc.services.visualstudio.com *.azureedge.net *.hms-networks.com https://api.instatus.com  *.meiqia.com *.livechatinc.com https://hms.matomo.cloud/ https://cdn.cookielaw.org/ https://px.ads.linkedin.com/ wss://camorope-client-a.meiqia.com/ https://*.insight.sitefinity.com https://*.dec.sitefinity.com; img-src 'self' data: blob: *.dynamics.com *.cloudinary.com api.stockdio.com *.googletagmanager.com *.hms-networks.com *.azureedge.net *.meiqia.com *.cookielaw.org https://cdn.cookielaw.org/ https://hm.baidu.com/ https://px.ads.linkedin.com/ https://tenant-assets.meiqiausercontent.com/ https://cdn.livechat-static.com/ https://cdn.livechat-files.com/ https://*.meiqiausercontent.com https://cdn.files-text.com/ https://cdn.insight.sitefinity.com https://dec.azureedge.net; style-src 'self' 'unsafe-inline' api.stockdio.com *.googletagmanager.com *.googleapis.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; frame-src 'self' *.dynamics.com *.cloudinary.com api.stockdio.com *.googletagmanager.com *.azureedge.net *.bihl-wiedemann.de secure-fra.livechatinc.com *.google.com https://www.youtube.com warranty.hms-networks-data.com; media-src 'self' data: blob: *.cloudinary.com api.stockdio.com *.googletagmanager.com *.hms-networks.com *.azureedge.net https://static.meiqia.com/; child-src 'self' blob: *.dynamics.com *.cloudinary.com api.stockdio.com *.googletagmanager.com *.hms-networks.com *.bihl-wiedemann.de 2
default-src 'self'; base-uri 'self'; child-src https://policy.app.cookieinformation.com blob:; connect-src 'self' *.cookieinformation.com https://app-cctadop-cms-3cd-prod-a.azurewebsites.net/ https://app-cctadop-api-prod-a.azurewebsites.net/ dpm.demdex.net *.sc.omtrdc.net https://udviklingsogforenk.tt.omtrdc.net *.kaltura.com *.readspeaker.com https://api.cludo.com https://supchat.skat.supwizapp.com wss://supchat.skat.supwizapp.com https://info.skat.dk/; font-src 'self' data:; frame-ancestors 'self' https://sktst.dk https://info.skat.dk; frame-src 'self' https://policy.app.cookieinformation.com *.kaltura.com https://skat.dk https://app-eu.readspeaker.com https://info.skat.dk/; img-src 'self' https://app-cctadop-cms-3cd-prod-a.azurewebsites.net/ data: *.kaltura.com *.cludo.com https://skat.dk *.sc.omtrdc.net https://supchat.skat.supwizapp.com https://info.skat.dk https://meeting.skat.dk; media-src 'self' *.kaltura.com data: blob: https://supchat.skat.supwizapp.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://policy.app.cookieinformation.com https://policy.cookieinformation.com *.kaltura.com *.readspeaker.com https://supchat.skat.supwizapp.com; style-src 'self' 'unsafe-inline' *.readspeaker.com *.supwizapp.com; 2
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob:; 2
default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline'; 2
img-src * data: 2
img-src https: 'self' blob: data:; worker-src 'self' blob:; manifest-src 'self' data:; default-src https: wss:; script-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; frame-ancestors 'self' https://*.dentr.net https://*.dentr.io https://manage.portal-test.net https://*.portal-test.net https://portal.dentally.com; 2
frame-ancestors 'self' *.roomlynx.net 2
img-src * blob: data:; 2
default-src blob: data: file: 'self' https://connect.facebook.net https://api.trafficguard.ai https://tgtag.io/ https://vitals.vercel-insights.com https://www.facebook.com/ https://*.google.com https://*.gstatic.com https://*.getloconow.com https://*.easyvideo.in https://*.loco.gg https://loco.gg https://*.google.com https://media.vmax.com/ https://as.vmax.com/getad.php https://imasdk.googleapis.com https://www.googleadservices.com/ https://www.google.co.in/pagead https://www.google.com/pagead https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://partner.googleadservices.com/ https://s0.2mdn.net/ https://pagead2.googlesyndication.com https://stats.g.doubleclick.net/ https://csi.gstatic.com/ https://www.googletagservices.com https://pubads.g.doubleclick.net https://redirector.gvt1.com/ https://*.googlevideo.com/ https://td.doubleclick.net/ https://locoapp.verloop.io/ http://imasdk.googleapis.com/ https://accounts.google.com/ https://api2.amplitude.com/2/httpapi; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://connect.facebook.net https://api.trafficguard.ai https://tgtag.io/ https://vitals.vercel-insights.com https://www.facebook.com/ https://*.google.com/ https://*.googletagmanager.com https://*.google-analytics.com https://*.getloconow.com https://*.easyvideo.in https://*.loco.gg https://loco.gg https://player.live-video.net https://www.googleadservices.com https://cdn.jsdelivr.net https://media.vmax.com/ https://as.vmax.com/getad.php https://imasdk.googleapis.com/ https://www.google.co.in/pagead https://www.google.com/pagead https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://partner.googleadservices.com/ https://s0.2mdn.net/ https://pagead2.googlesyndication.com https://stats.g.doubleclick.net/ https://csi.gstatic.com/ https://www.googletagservices.com https://pubads.g.doubleclick.net https://redirector.gvt1.com/ https://*.googlevideo.com/ https://td.doubleclick.net/ https://locoapp.verloop.io/ https://cdn-ops.verloop.io/livechat-script/1.1.23/script.min.js https://api2.amplitude.com/2/httpapi; connect-src 'self' https://connect.facebook.net https://api.trafficguard.ai https://tgtag.io/ https://vitals.vercel-insights.com https://www.facebook.com/ https://*.loco.gg https://loco.gg https://*.getloconow.com https://*.easyvideo.in https://player.live-video.net/ https://api.amplitude.com https://*.sentry.io wss://*.getloconow.com:9002 wss://cf-mqtt-ws.getloconow.com wss://dev-cf-mqtt-ws.getloconow.com https://*.googleapis.com http://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.livelikecdn.com https://*.pubnubapi.com https://global.poe.live-video.net/ https://media.vmax.com/ https://as.vmax.com/getad.php https://imasdk.googleapis.com/ https://www.google.co.in/pagead https://www.google.com/pagead https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://partner.googleadservices.com/ https://s0.2mdn.net/ https://pagead2.googlesyndication.com https://stats.g.doubleclick.net/ https://csi.gstatic.com/ https://www.googletagservices.com https://pubads.g.doubleclick.net https://redirector.gvt1.com/ https://*.googlevideo.com/ https://td.doubleclick.net/ https://locoapp.verloop.io/ https://api2.amplitude.com/2/httpapi; style-src 'self' 'unsafe-inline' https://connect.facebook.net https://api.trafficguard.ai https://tgtag.io/ https://www.facebook.com/ https://*.googleapis.com https://*.getloconow.com https://*.easyvideo.in https://*.google.com https://*.loco.gg https://loco.gg https://media.vmax.com/ https://as.vmax.com/getad.php https://imasdk.googleapis.com/ https://www.google.co.in/pagead https://www.google.com/pagead https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://partner.googleadservices.com/ https://s0.2mdn.net/ https://pagead2.googlesyndication.com https://stats.g.doubleclick.net/ https://csi.gstatic.com/ https://www.googletagservices.com https://pubads.g.doubleclick.net https://redirector.gvt1.com/ https://*.googlevideo.com/ https://td.doubleclick.net/ https://locoapp.verloop.io/ https://api2.amplitude.com/2/httpapi; frame-ancestors 'self' https://*.getloconow.com https://*.easyvideo.in https://*.loco.gg https://loco.gg https://liquipedia.net/; img-src * data:; media-src * blob: data: file:; font-src 'self' fonts.gstatic.com data:; object-src 'none'; worker-src * blob: data: file:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' b2c.benuta.at b2c.benuta.ch b2c.benuta.co.uk b2c.benuta.cz b2c.benuta.de b2c.benuta.dk b2c.benuta.es b2c.benuta.eu b2c.benuta.fi b2c.benuta.fr b2c.benuta.it b2c.benuta.nl b2c.benuta.no b2c.benuta.pl b2c.benuta.pt b2c.benuta.se b2c.benuta.com connect.getflowbox.com www.googletagmanager.com tagmanager.google.com www.youtube.com www.google.com www.gstatic.com x.klarnacdn.net pay.google.com https://wchat.freshchat.com https://connect.getflowbox.com app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net s.pinimg.com load.sumo.com vercel.live bat.bing.com connect.facebook.net sumo.com cdn.vercel-insights.com *.sovendus.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.dotdigital-pages.com dotdigital-pages.com *.trackedweb.net *.s24.com *.hotjar.com https://collector-37445.tvsquared.com *.tvsquared.com https://pixel.biano.it https://it.bianopixel.com dynamic.criteo.com sslwidget.criteo.com static.ads-twitter.com widget.reviews.io *.newrelic.com *.cnstrc.com cnstrc.com *.powerrobotflower.com https://*.adroll.com http://*.adroll.com https://us-u.openx.net http://us-u.openx.net https://idsync.rlcdn.com http://idsync.rlcdn.com https://ib.adnxs.com http://ib.adnxs.com https://x.bidswitch.net http://x.bidswitch.net https://ads.yahoo.com http://ads.yahoo.com https://eb2.3lift.com http://eb2.3lift.com https://trc.taboola.com http://trc.taboola.com https://simage2.pubmatic.com http://simage2.pubmatic.com https://sync.outbrain.com http://sync.outbrain.com https://pixel.rubiconproject.com http://pixel.rubiconproject.com https://dsum-sec.casalemedia.com http://dsum-sec.casalemedia.com https://pixel.advertising.com http://pixel.advertising.com d.adroll.mgr.consensu.org p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com snap.licdn.com sync.taboola.com s.analytics.yahoo.com; connect-src 'self' data: sockjs-us3.pusher.com *.sentry.io sentry.brandung-dev.de eu.playground.klarnaevt.com eu.klarnaevt.com https://wchat.freshchat.com *.getflowbox.com app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu *.benuta.at *.benuta.ch *.benuta.co.uk *.benuta.cz *.benuta.de *.benuta.dk *.benuta.es *.benuta.eu *.benuta.fi *.benuta.fr *.benuta.it *.benuta.nl *.benuta.no *.benuta.pl *.benuta.pt *.benuta.se *.benuta.com www.google-analytics.com stats.g.doubleclick.net graphql.contentful.com *.ksearchnet.com ksearchnet.com www.google.com sumo.com ct.pinterest.com googleads.g.doubleclick.net js.klevu.com bat.bing.com vitals.vercel-insights.com vercel.live *.pusher.com *.adyen.com wss://ws-us3.pusher.com *.klarnacdn.net *.klarna.com *.appspot.com googletagmanager.com google-analytics.com region1.google-analytics.com region1.analytics.google.com ws://127.0.0.1:53911 *.dotdigital-pages.com dotdigital-pages.com *.trackedweb.net *.s24.com *.hotjar.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://p.biano.it https://it.bianopixel.com ads.x.com static.ads-twitter.com ads-twitter.com ads-api.twitter.com analytics.twitter.com tiktok.com public.app.priceshape.io measurement-api.criteo.com api.reviews.io *.nr-data.net *.googlesyndication.com *.cnstrc.com cnstrc.com *.powerrobotflower.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; style-src 'self' 'unsafe-inline' data: tagmanager.google.com wchat.freshchat.com www.benuta.eu www.googletagmanager.com assets.reviews.io widget.reviews.io d1azc1qln24ryf.cloudfront.net d19ayerf5ehaab.cloudfront.net cdn.icomoon.io *.cnstrc.com cnstrc.com; font-src 'self' data: assets.vercel.com assets.reviews.io d19ayerf5ehaab.cloudfront.net cdn.icomoon.io; prefetch-src 'self'; img-src 'self' blob: data: ssl.gstatic.com www.gstatic.com x.klarnacdn.net *.adyen.com app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu *.cloudfront.net googleads.g.doubleclick.net www.google.com www.google.de www.google-analytics.com ct.pinterest.com bat.bing.com media.sumo.com assets.vercel.com b2b.benuta.com vercel.com vercel.live www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com *.getflowbox.com https://collector-37445.tvsquared.com *.tvsquared.com checkoutshopper-live.adyen.com x.klarnacdn.net images.ctfassets.net downloads.ctfassets.net downloads.ctfassets.net www.paypalobjects.com www.checkoutshopper-live.adyen.com *.benuta.at *.benuta.ch *.benuta.co.uk *.benuta.cz *.benuta.de *.benuta.dk *.benuta.es *.benuta.eu *.benuta.fi *.benuta.fr *.benuta.it *.benuta.nl *.benuta.no *.benuta.pl *.benuta.pt *.benuta.se *.benuta.com *.b2b.benuta.com checkoutshopper-live.adyen.com static.ads-twitter.com ads-twitter.com ads-api.twitter.com analytics.twitter.com t.co *.cnstrc.com cnstrc.com *.reviews.co.uk *.reviews.io *.powerrobotflower.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.adroll.com http://*.adroll.com https://us-u.openx.net http://us-u.openx.net https://idsync.rlcdn.com http://idsync.rlcdn.com https://ib.adnxs.com http://ib.adnxs.com https://x.bidswitch.net http://x.bidswitch.net https://ads.yahoo.com http://ads.yahoo.com https://eb2.3lift.com http://eb2.3lift.com https://trc.taboola.com http://trc.taboola.com https://simage2.pubmatic.com http://simage2.pubmatic.com https://sync.outbrain.com http://sync.outbrain.com https://pixel.rubiconproject.com http://pixel.rubiconproject.com https://dsum-sec.casalemedia.com http://dsum-sec.casalemedia.com https://pixel.advertising.com http://pixel.advertising.com d.adroll.mgr.consensu.org p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com snap.licdn.com sync.taboola.com s.analytics.yahoo.com; media-src 'self' videos.ctfassets.net; manifest-src 'self' 2
default-src 'unsafe-inline' 'unsafe-eval' data: blob: *; 2
img-src https: 2
frame-ancestors 'self' *.everydayhealth.com *.infermedica.com *.ceros.com *.opinionstage.com *.doctor.com *.googleapis.com *.zdbb.net *.specless.tech *.specless.io *.totalbrain.com *.migraineagain.com *.epionhealth.com 2
frame-ancestors 'self' *.union.hu *.unionbiztosito.hu *.viennalife.hu; 2
frame-ancestors 'self' https://www.youtube.com 2
default-src 'self' https://www.mgweb.co.il; frame-ancestors 'self'; connect-src https:; frame-src https:; font-src https: 'unsafe-inline'; img-src https: 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; 2
default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' http://webvisor.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.value-domain.com www.xrea.com www2.xrea.com www.coreserver.jp www2.coreserver.jp www.value-server.com www2.value-server.com www.google-analytics.com *.googlesyndication.com *.doubleclick.net www.google.com;img-src *; 2
script-src 'self'; object-src 'self' 2
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.hotjar.com https://*.leadinfo.net https://api.adcalls.nl https://api.leadinfo.com https://api.widget.futy.io https://consentcdn.cookiebot.com https://*.clarity.ms https://forms-eu1.hubspot.com https://*.g.doubleclick.net wss://*.hotjar.com https://*.dynamics.com https://js-eu1.hs-banner.com https://cdn.linkedin.oribi.io https://*.googlesyndication.com https://www.google.com https://bat.bing.com https://www.facebook.com https://px.ads.linkedin.com; font-src 'self' https://themes.googleusercontent.com; frame-src 'self' https://consentcdn.cookiebot.com https://static.addtoany.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://e.issuu.com https://forms.office.com https://player.vimeo.com https://vars.hotjar.com https://*.dynamics.com https://www.facebook.com https://analytics-eu.clickdimensions.com https://td.doubleclick.net; img-src 'self' data: https://www.google.com https://www.google.nl https://leadpack-cf.yourwoo.com https://*.svc.dynamics.com https://*.google-analytics.com https://www.googletagmanager.com https://*.linkedin.com https://www.facebook.com https://c.clarity.ms https://c.bing.com https://tr.lfeeder.com https://forms-eu1.hsforms.com https://track-eu1.hubspot.com https://*.lfeeder.com https://*.leadfeeder.com https://bat.bing.com https://imgsct.cookiebot.com https://*.g.doubleclick.net; script-src 'self' 'unsafe-inline' cdnjs.cloudflare.com https://leadpack-cf.yourwoo.com https://mktdplp102cdn.azureedge.net https://polyfill.io https://static.addtoany.com https://unpkg.com https://www.google.com; script-src-elem 'self' 'unsafe-inline' https://*.cookiebot.com https://koi-3qneu2w9pc.marketingautomation.services https://tag.perfectaudience.com https://pixel-geo.prfct.co https://static.addtoany.com https://www.google-analytics.com https://eu2.snoobi.eu https://www.gstatic.com https://www.googletagmanager.com https://snap.licdn.com https://*.hotjar.com https://connect.facebook.net https://www.clarity.ms https://script.adcalls.nl https://cdn.leadinfo.net https://static.mailerlite.com https://sc.lfeeder.com https://v1.widget.futy.io https://js-eu1.hs-scripts.com https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://js-eu1.hscollectedforms.net https://js-eu1.hsleadflows.net https://www.googleoptimize.com https://*.lfeeder.com https://*.leadfeeder.com https://www.youtube.com https://bat.bing.com https://www.googleadservices.com https://*.dynamics.com cdnjs.cloudflare.com https://leadpack-cf.yourwoo.com https://mktdplp102cdn.azureedge.net https://polyfill.io https://unpkg.com https://www.google.com; style-src 'self' 'unsafe-inline' https://static.mailerlite.com cdnjs.cloudflare.com 2
worker-src 'self' blob; 2
frame-ancestors 'self' http://www.iffas.org; 2
frame-ancestors 'self' pro.leparking.ch pro.dasparking.de pro.leparking.fr pro.theparking-cars.co.uk pro.theparking.ca pro.theparking-cars.com pro.leparking.be bresil.leparking.fr pro.nl.leparking.be pro.fr.theparking.ca roextpro.ads4all.fr atextpro.ads4all.fr bgextpro.ads4All.fr czextpro.ads4all.fr eeextpro.ads4all.fr grextpro.ads4all.fr hrextpro.ads4all.fr huextpro.ads4all.fr ltextpro.ads4all.fr luextpro.ads4all.fr lvextpro.ads4all.fr siextpro.ads4all.fr skextpro.ads4all.fr pro.de.leparking.ch keextpro.ads4all.fr pro.el-parking.es pro.oparking.pt pro.theparking.eu pro.el-parking.pe pro.leparking.ma pro.ilparking.it; 2
default-src 'none'; connect-src yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.com https://fundingchoicesmessages.google.com  http://pagead2.googlesyndication.com https://csi.gstatic.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net *.google-analytics.com https://clk.streamgo.ru 'report-sample'; font-src https://yastatic.net https://fonts.gstatic.com; frame-src https://yastatic.net https://*.g.doubleclick.net https://tpc.googlesyndication.com https://www.google.com 'report-sample'; img-src * data: 'report-sample'; manifest-src 'self'; media-src data: 'self' https://strm.yandex.ru https://*.strm.yandex.net https://cdn.streamgo.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://yandex.ru https://yastatic.net https://fundingchoicesmessages.google.com http://pagead2.googlesyndication.com https://adservice.google.ae https://adservice.google.at https://adservice.google.az https://adservice.google.be https://adservice.google.bg https://adservice.google.bj https://adservice.google.by https://adservice.google.ca https://adservice.google.ch https://adservice.google.cl https://adservice.google.co.id https://adservice.google.co.il https://adservice.google.co.in https://adservice.google.co.jp https://adservice.google.co.kr https://adservice.google.co.uk https://adservice.google.co.uz https://adservice.google.co.za https://adservice.google.com https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.br https://adservice.google.com.cy https://adservice.google.com.eg https://adservice.google.com.gh https://adservice.google.com.ng https://adservice.google.com.pk https://adservice.google.com.sg https://adservice.google.com.tj https://adservice.google.com.tr https://adservice.google.com.tw https://adservice.google.com.ua https://adservice.google.com.vn https://adservice.google.cz https://adservice.google.de https://adservice.google.ee https://adservice.google.es https://adservice.google.fi https://adservice.google.fr https://adservice.google.ge https://adservice.google.gl https://adservice.google.gr https://adservice.google.hu https://adservice.google.ie https://adservice.google.iq https://adservice.google.it https://adservice.google.jo https://adservice.google.kg https://adservice.google.kz https://adservice.google.lt https://adservice.google.lu https://adservice.google.lv https://adservice.google.md https://adservice.google.mn https://adservice.google.mv https://adservice.google.nl https://adservice.google.no https://adservice.google.pl https://adservice.google.ps https://adservice.google.pt https://adservice.google.ro https://adservice.google.ru https://adservice.google.sc https://adservice.google.se https://adservice.google.sk https://adservice.google.sn https://adservice.google.tm https://pagead2.googlesyndication.com https://partner.googleadservices.com https://tpc.googlesyndication.com https://www.google-analytics.com https://www.googletagservices.com www.googletagmanager.com https://www.gstatic.com https://mc.yandex.ru https://mc.yandex.com 'report-sample'; style-src 'self' 'unsafe-inline' https://www.gstatic.com 'report-sample'; report-uri /csp-report.php 2
frame-ancestors 'self' *.benjerry.com *.crownpeak.com *.bazaarvoice.com *.adobe.com *.pricespider.com *.mapbox.com cdnjs.cloudflare.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; frame-src 'self' https:; img-src 'self' https:; connect-src 'self' https:; 2
font-src cdn.giosgusercontent.com fonts.googleapis.com *.gstatic.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com *.maksuturva.fi *.qa.ambientia.fi *.instru.fi *.keops.fi *.nissen.fi *.collector.se *.signicat.com *.collectorbank.se *.walley.se *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.giosgusercontent.com *.giosg.com www.facebook.com *.google.com *.doubleclick.net *.api.ditto.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.instru.fi *.keops.fi *.nissen.fi *.consentmanager.net *.qa.ambientia.fi secure.adnxs.com c.delivery.consentmanager.net www.google.fi *.google.com www.facebook.com maps.googleapis.com *.gstatic.com www.maksuturva.fi www.googleoptimize.com *.googletagmanager.com https://www.unifaunonline.se https://*.tile.openstreetmap.org/ *.klevu.com *.ksearchnet.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com jquery.sellxed.com *.qa.ambientia.fi *.instru.fi *.keops.fi *.nissen.fi cdn.consentmanager.net delivery.consentmanager.net static.hotjar.com script.hotjar.com bsdk.api.ditto.com maps.googleapis.com maps.google.com cdnjs.cloudflare.com service.giosg.com embed.upseller.cloud googleads.g.doubleclick.net *.adform.net connect.facebook.net *.google.com www.googleoptimize.com *.googletagmanager.com https://api.unifaun.com js.klevu.com *.ksearchnet.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.instru.fi *.keops.fi *.nissen.fi cdn.consentmanager.net delivery.consentmanager.net *.qa.ambientia.fi hello.myfonts.net service.giosg.com embed.upseller.cloud fonts.googleapis.com *.google.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.api.ditto.com maps.googleapis.com service.giosg.com vc.hotjar.io www.google.com *.analytics.google.com *.doubleclick.net www.facebook.com www.google.fi *.consentmanager.net *.adform.net *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
frame-ancestors 'self' https://app.storyblok.com/ 2
frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com *.casinoalternativen.com *.onlinecasinobonus24.xyz *.livetableshu.com 2
frame-ancestors 'self'  https://next.adabra.com/ https://my.adabra.com/ https://app.blendee.com/ 2
frame-ancestors 'self' https: 2
img-src * blob: data:; default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 2
default-src https: data: blob:;script-src https: 'unsafe-eval' 'unsafe-inline';style-src https: 'unsafe-eval' 'unsafe-inline'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: intent: fb-messenger:; frame-ancestors self; 2
frame-ancestors 'self' https://*.mindtickle.com https://*.mindtickle.app https://digdeeper.sysdig.com https://enablement.sysdig.com 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *; 2
default-src * blob: data: https: *.crazyegg.com; script-src https: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com; style-src https: 'unsafe-inline' *.crazyegg.com; worker-src blob: 'self' 2
default-src 'self' https:; connect-src 'self' ws: https:; img-src 'self' https: data:; media-src 'self' https: data:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; script-src-elem 'self' https: 'unsafe-inline'; frame-ancestors https://seat-admin.porsche-holding.com; 2
frame-ancestors 'self' *.ofbusiness.com 2
object-src 'self'; base-uri 'self'; frame-ancestors 'self' https://www.vacaturesonline.nl; default-src blob: https://cdn.livechatinc.com https://*.vacaturesonline.nl https://*.ictergezocht.nl https://*.werkzoeken.nl https://*.technicus.nl https://vars.hotjar.com https://accounts.google.com https://www.youtube.com https://docs.google.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://*.werkzoeken.nl https://*.technicus.nl https://*.vacaturesonline.nl https://*.ictergezocht.nl; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://cdn-cookieyes.com https://accounts.google.com https://maps.googleapis.com https://api.livechatinc.com https://cdn.livechatinc.com https://bat.bing.com https://ajax.cloudflare.com https://*.google.com https://*.google.nl https://*.hotjar.com https://*.licdn.com https://*.werkzoeken.nl https://*.technicus.nl https://*.vacaturesonline.nl https://*.ictergezocht.nl https://www.googletagmanager.com https://www.googleadservices.com https://maps.googleapis.com https://*.doubleclick.net https://*.linkedin.com https://www.gstatic.com https://js.live.net https://www.google-analytics.com https://sjs.bizographics.com https://www.dropbox.com https://apis.google.com https://api.smooch.io; connect-src 'self' https://directory.cookieyes.com https://cdn-cookieyes.com https://log.cookieyes.com  http://maps.googleapis.com https://www.google.nl https://api.livechatinc.com https://*.analytics.google.com https://api.maptiler.com https://*.microsoft.com https://*.hotjar.io https://*.hotjar.com https://*.doubleclick.net https://www.google-analytics.com wss://*.hotjar.com https://*.vacaturesonline.nl; frame-src 'self' https://secure.livechatinc.com https://*.google.com/ https://www.youtube.com https://vars.hotjar.com https://www.werkzoeken.nl https://www.ictergezocht.nl https://www.technicus.nl; font-src 'self' data: https://cdn.livechatinc.com https://*.werkzoeken.nl https://*.vacaturesonline.nl https://*.technicus.nl https://*.ictergezocht.nl https://*.hotjar.com https://fonts.gstatic.com; img-src 'self' blob: data: https://cdn-cookieyes.com https://cdn.livechat-files.com https://cdn.livechatinc.com https://bat.bing.com https://script.hotjar.com https://*.linkedin.com https://*.werkzoeken.nl https://*.technicus.nl https://*.vacaturesonline.nl https://*.ictergezocht.nl https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://*.analytics.google.com https://www.google.com https://www.google.nl https://*.doubleclick.net; 2
font-src data: https: 'self';connect-src data: https: wss: blob:;default-src 'unsafe-eval' 'unsafe-inline' data: https:;form-action https:;img-src 'self' data: https: blob:;media-src 'self';object-src 'none';script-src data: https: blob: 'unsafe-inline' 'unsafe-eval' id3.expertus.com.ua;style-src data: https: 'self' 'unsafe-inline' 2
frame-ancestors admin.bookingeuro.it 2
frame-ancestors 'self' *.nokia.com *.ceros.com 2
frame-src https://*; child-src https://*; report-uri /report-csp-violation; upgrade-insecure-requests 2
style-src * 'self' 'unsafe-inline'; 2
default-src * https: data: 'unsafe-inline' 'unsafe-eval'; 2
frame-ancestors 'self' online.eccmid.org *.eccmid.org; 2
frame-ancestors 'self' *.thebarrelroom *.dx.commercecloud.salesforce.com *.authorize.net 2
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';script-src-attr * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors 'none';frame-src * data: blob:;form-action *;base-uri 'self';object-src 'none' 2
default-src * https: data: blob: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; frame-ancestors 'self'; 2
default-src 'self'; font-src *; img-src *; script-src 'unsafe-eval' 'unsafe-inline' *; style-src 'unsafe-inline' *; connect-src *; form-action *; frame-ancestors 'self'; child-src *;object-src 'self' data: https://marketplace.phi-production.cloud; 2
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 2
frame-ancestors 'self'; block-all-mixed-content 2
script-src 'self' www.google-analytics.com *.googleapis.com www.googletagmanager.com api.nasdaqomx.wallst.com *.vimeo.com *.vimeocdn.com www.gstatic.com 'unsafe-inline' ssl.google-analytics.com *.doubleclick.net *.google.com *.google.com.au www.youtube.com *.dynonobel.com code.jquery.com assets.adobedtm.com 'unsafe-eval' *.cloudfront.net *.multiview.com *.kickfire.com *.rumiview.com *.dialogtech.com; 2
default-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*; object-src 'self' data: blob: https://*; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline' 'self' https:; frame-src *; style-src * 'unsafe-inline'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.smartadserver.com tumblr.com *.rakuten.com *.ads.yieldmo.com *.linksynergy.com *.amazon-adsystem.com *.taboola.com *.primis.tech *.adsymptotic.com pippio.com *.pippio.com  *.sharethrough.com *.openx.net *.rubiconproject.com *.adnxs.com *.rlcdn.com *.lijit.com *.crwdcntrl.net *.bluekai.com *.bfmio.com *.exelator.com *.stickyadstv.com *.pubmatic.com *.smaato.net *.1rx.io *.3lift.com *.tremorhub.com *.tapad.com *.agkn.com *.intentiq.com  *.hotjar.io *.calltrk.com *.hotjar.com *.franklinevsystems.com *.365insightcreative.com *.zaius.com *.videohub.tv *.pro-market.net *.simpli.fi *.rfihub.com *.linkedin.com *.licdn.com *.adsrvr.org *.bing.com *.servicetitan.com *.rfihub.net *.jollyoutdoorjogger.com *.yahoo.com *.adsrvr.org *.media6degrees.com *.dstillery.com *.tradingview.com *.aptrinsic.com *.azure.com *.newsletter2go.com *.acsbapp.com *.sirv.com *.surveymonkey.com littlegiant.com *.littlegiant.com littlegiantbrasil.com *.littlegiantbrasil.com franklinwater.com *.franklinwater.com ffsbrasil.com *.ffsbrasil.com *.typography.com *.visualstudio.com *.widencdn.net *.widen.net secure.keep0push.com *.omappapi.com *.googletagmanager.com chat.franklin-electric.com *.addsearch.com addsearch.com *.perk0mean.com *.typekit.net *.msecnd.net *.cloudflare.com *.episerver.net  *.cloudfront.net *.searchcdn.com franklinfueling.com *.franklinfueling.com franklingrid.com *.franklingrid.com *.youtube.com youtube.com *.gstatic.com *.googleapis.com html5shiv.googlecode.com google-analytics.com www.google-analytics.com stats.g.doubleclick.net *.pingdom.net *.myfonts.net *.opmnstr.com *.optnmnstr.com *.optnmstr.com *.mstrlytcs.com *.doubleclick.net *.pardot.com google.com *.google.com *.googleadservices.com *.doubleclick.net acsbapp.com code.jquery.com *.optmnstr.com *.facebook.com *.facebook.net *.twitter.com youtu.be i.ytimg.com cdn.datatables.net cdn.jsdelivr.net *.whizeo.com secure.intelligentdatawisdom.com secure.intelligententerpriseacumen.com 2
default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/enforce; connect-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat 2
frame-ancestors 'self' svb.matomo.cloud 2
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline' 2
form-action 'self', frame-ancestors 'self' 2
default-src https:; connect-src https: wss: http:; font-src https: data:; img-src https: data: blob:; frame-src https: blob:; frame-ancestors 'self'; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 2
frame-ancestors 'self' *.plataformaneo.com.br 2
script-src https: 'unsafe-inline' 'unsafe-eval'; worker-src blob: 'self' 2
“default-src" 2
default-src: https: 2
base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com https://lht.mindbreeze.com https://code.etracker.com https://app.usercentrics.eu/ https://www.etracker.de/; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com 2
default-src * data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'unsafe-inline' data: blob:; img-src * data: blob:; font-src * data: blob:; connect-src * data: blob:; media-src * data: blob:; object-src * data: blob:; frame-src * data: blob:; 2
default-src ‘self’; 2
frame-ansectors 'self' 2
default-src 'none'; connect-src https://yastatic.net https://fundingchoicesmessages.google.com http://pagead2.googlesyndication.com *.yandex.ru  https://csi.gstatic.com  https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ua https://mc.yandex.uz https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://www.google-analytics.com yandex.ru https://ymetrica1.com *.google.com 'report-sample'; font-src https://fonts.gstatic.com https://yastatic.net 'report-sample'; frame-src https://ad.mail.ru https://googleads.g.doubleclick.net https://mc.yandex.md https://mc.yandex.com https://player.vimeo.com https://tpc.googlesyndication.com *.google.com https://www.youtube.com https://yastatic.net *.yandex.ru 'report-sample'; img-src 'self' data: an.yandex.ru *.mds.yandex.net counter.yadro.ru https://*.verify.yandex.ru https://amc.yandex.ru https://csi.gstatic.com https://favicon.yandex.net https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.ua https://mc.yandex.uz https://verify.yandex.ru https://www.google-analytics.com https://www.google.ru https://www.googletagmanager.com https://www.gstatic.com https://yastatic.net imagecache.worldwide-ad-network.biz mc.yandex.ru pagead2.googlesyndication.com *.googleusercontent.com *.google.com 'report-sample'; script-src 'self' 'unsafe-inline' an.yandex.ru https://fundingchoicesmessages.google.com  http://pagead2.googlesyndication.com https://ad.mail.ru https://adservice.google.ae https://adservice.google.at https://adservice.google.az https://adservice.google.be https://adservice.google.bg https://adservice.google.bj https://adservice.google.by https://adservice.google.ca https://adservice.google.ch https://adservice.google.cl https://adservice.google.co.id https://adservice.google.co.il https://adservice.google.co.kr https://adservice.google.co.uk https://adservice.google.co.uz https://adservice.google.co.za https://adservice.google.com https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.br https://adservice.google.com.cy https://adservice.google.com.eg https://adservice.google.com.hk https://adservice.google.com.lb https://adservice.google.com.mx https://adservice.google.com.ng https://adservice.google.com.pa https://adservice.google.com.pk https://adservice.google.com.sg https://adservice.google.com.tj https://adservice.google.com.tr https://adservice.google.com.tw https://adservice.google.com.ua https://adservice.google.com.vn https://adservice.google.cz https://adservice.google.de https://adservice.google.ee https://adservice.google.es https://adservice.google.fi https://adservice.google.fr https://adservice.google.ge https://adservice.google.gl https://adservice.google.gr https://adservice.google.hu https://adservice.google.ie https://adservice.google.iq https://adservice.google.it https://adservice.google.jo https://adservice.google.kg https://adservice.google.kz https://adservice.google.lt https://adservice.google.lu https://adservice.google.lv https://adservice.google.md https://adservice.google.mn https://adservice.google.mv https://adservice.google.nl https://adservice.google.no https://adservice.google.pl https://adservice.google.ps https://adservice.google.pt https://adservice.google.ro https://adservice.google.ru https://adservice.google.sc https://adservice.google.se https://cda.worldwide-ad-network.biz https://cdb.worldwide-ad-network.biz https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz https://mc.yandex.uz https://pagead2.googlesyndication.com https://partner.googleadservices.com https://r.mradx.net https://tpc.googlesyndication.com https://www.google-analytics.com https://www.googletagservices.com https://yandex.ru https://yastatic.net mc.yandex.ru www.googletagmanager.com 'report-sample'; style-src 'self' 'unsafe-inline' https://cda.worldwide-ad-network.biz https://cdb.worldwide-ad-network.biz https://fonts.googleapis.com; media-src data: strm.yandex.ru *.strm.yandex.net; report-uri /csp-report.php 2
frame-ancestors 'self' https://www.facebook.com 2
'self' *.model-t.cc.commerce.ondemand.com 2
frame-ancestors 'self' *.recia.fr *.netocentre.fr netocentre.fr *.touraine-eschool.fr *.chercan.fr colleges41.fr *.colleges41.fr e-college.indre.fr *.e-college.indre.fr  mon-e-college.loiret.fr *.mon-e-college.loiret.fr *.colleges-eureliens.fr *.nextcloud.recia.aquaray.com 2
worker-src blob:; 2
frame-ancestors  https://*.netinfo.bg/ 2
base-uri 'self'; default-src 'self'; script-src 'self' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.cloudflareinsights.com https://bat.bing.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.google.co.uk https://*.google.com https://bat.bing.com; connect-src 'self' https://*.google.co.uk https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://bat.bing.com; object-src 'none'; upgrade-insecure-requests; 2
referrer no-referrer 2
https: 2
default-src 'self';    img-src 'self' s3-ap-northeast-1.amazonaws.com *.cloudfront.net;    media-src 'self' s3-ap-northeast-1.amazonaws.com *.cloudfront.net;    style-src 'self' 'nonce-yiyABNgr0rFv5i+sndZpFTeyWOw=' fonts.googleapis.com cdn.jsdelivr.net *.cloudfront.net;    style-src-attr 'self' 'nonce-yiyABNgr0rFv5iasndZpFTeyWOw=';    script-src 'self' 'nonce-acga38w6Qa0Xoa7JsaBE0xAWWP0=' www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net ajax.googleapis.com *.cloudfront.net *.mul-pay.jp;    font-src 'self' data: fonts.gstatic.com fonts.googleapi.com *.cloudfront.net;    form-action 'self';    connect-src 'self' www.google-analytics.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com;    frame-ancestors 'self'; 2
default-src 'self' https://*.userlane.com; script-src 'self' https://*.pinterest.com https://*.azureedge.net https://*.clarity.ms https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://*.dynamics.com https://www.googleanalytics.com https://optimize.google.com https://*.mailplus.nl https://connect.facebook.net https://*.clickdimensions.com https://www.gstatic.com https://www.google.com https://www.paypal.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com https://script.hotjar.com https://tag.static.eu.context.cloud.sap https://www.google-analytics.com https://*.hotjar.com 'unsafe-inline' https://www.googletagmanager.com https://ssl.google-analytics.com https://*.vo.msecnd.net https://*.userlane.com https://www.googleoptimize.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.hotjar.com 'unsafe-inline' https://optimize.google.com https://*.clickdimensions.com https://*.vo.msecnd.net https://cdnjs.cloudflare.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com https://cdn-images.mailchimp.com https://fonts.googleapis.com https://*.userlane.com 'unsafe-inline'; connect-src 'self' https://*.westeurope.logic.azure.com https://*.azureedge.net  https://*.dynamics.com https://*.clarity.ms https://o1121245.ingest.sentry.io https://*.google-analytics.com https://*.analytics.google.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://htp741805396-hamiplant.api.eu.context.cloud.sap/ https://htp741805397-hamiplant.api.eu.context.cloud.sap/ https://htp741805396.api.eu.context.cloud.sap/ https://htp741805397.api.eu.context.cloud.sap/ https://tag.static.eu.context.cloud.sap/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://www.sandbox.paypal.com/ https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://*.userlane.com; img-src 'self' https://*.holexflower.com https://holex.tech https://*.clarity.ms https://i.pinimg.com https://*.pinterest.com https://*.1ps.nl https://*.florinet.nl https://*.azureedge.net https://*.dynamics.com https://freshandeasy.nl https://image.floriday.io https://shop.florashopping.nl https://www.flowersplantsandmore.com https://AlfaPro-Online.com https://www.terhaarornamental.nl https://zentoo.florinet.nl https://mijoflowers.com https://pictures.flowerwebshop.net https://023.kbt-pro.nl https://images.easyflor.nl https://webshop3.florashopping.nl https://pictures.flowersales.nl https://vmp.starflor.nl https://img.greenmaster.nl https://webshop.welyflor.com https://webshop3.wbe.nl https://4att.uniware.nl https://services.sdf.nl https://groenenmeer.sdfcloud.nl https://webshop.gdekoning.nl https://webshop.rotoflowers.nl  https://img.img20.match-online.nl https://img20.match-online.nl https://winco.florisoftcloud.nl https://summit.florinet.nl https://webshop.freshcap.eu https://webshop.eijkpotplanten.nl https://www.tgca.nl https://webshop.hpvannieuwkerk.nl https://webshop.floraunited.nl https://*.hotjar.com https://floralwebshop.com https://img.floraplaza.nl https://optimize.google.com https://test-pictures.flowerwebshop.com https://www.google-analytics.com https://*.analytics.google.com https://webshop.mdk.nl https://website.pfitzer.nl https://www.duif.nl https://www.facebook.com https://webshop.fsq.nl/ https://webshop.demooij-import.com/ https://www.ccpictures.net/ https://res.cloudinary.com/ https://*.userlane.com http://83.98.232.238/ https://webshop.frescoflowers.nl/ http://zentoo.florinet.nl/ https://webshop.arendroses.nl/ https://webshop.decofresh.com/ http://summit.florinet.nl/ http://winco.florisoftcloud.nl/ https://www.paypalobjects.com/ https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://p7.1ps.nl/ https://hus.1ps.nl/ https://api.floriday.io/ http://images.duif.nl/ http://213.125.32.122:81/ https://image.freshportal.com/ http://85.17.33.195/ http://img.logicab.nl/ http://lw-fps-img-01.freshportal.nl/ http://img20.match-online.nl/ https://images.connectwebshop.nl/ https://*.ozplanten.nl https://shop.floraplaza.nl/ data: https://*.google-analytics.com http://webshop.hamifleurs.nl http://webshop.flowertrading.nl https://ssl.google-analytics.com https://www.googletagmanager.com https://floraxchange.blob.core.windows.net http://shop.flowertrading.nl http://accp.flowertrading.nl https://dutchplantshop.nl https://img20.match-online.nl http://www.gasagroup.com https://img.ozexport.nl https://images.connectwebshop.nl http://webshop.flowertrading.nl https://services.sdf.nl/ https://ozplanten.nl https://garden-line.nl https://plantsplaza.com https://alfapro-online.com https://*.freshportal.nl https://img.logicab.nl https://beeldbankfotos.royalfloraholland.com https://api.floriday.com https://images.duif.nl https://023.kbt-pro.nl https://img.greenmaster.nl https://cms.pt-creations.nl; font-src 'self' https://*.hotjar.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.userlane.com data:; frame-src 'self' https://optimize.google.com https://*.hotjar.com https://player.cloudinary.com https://login.microsoftonline.com https://login.windows.net https://forms.office.com https://e.issuu.com https://www.sandbox.paypal.com/ https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://*.vimeo.com/ https://*.youtube.com/ https://*.twitter.com https://*.facebook.com/ https://*.pinterest.com/ https://issuu.com/ https://*.google.com; frame-ancestors 'self' https://accstorefront.cuyu7qqhig-dutchflow1-p2-public.model-t.cc.commerce.ondemand.com/; 2
connect-src 'self' *.luigisbox.com *.google.com *.google.cz *.google.sk *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.googlesyndication.com skoda-dily-db3 *.doubleclick.net *.mail-komplet.cz *.groovehq.com *.europa.eu *.deepl.com *.jquery.com *.heureka.cz *.heureka.sk *.facebook.net *.jquery.com 2
default-src * data: blob:  about: ws: wss: 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' https://*.inchcapedigital.com; 2
base-uri 'self'; font-src 'self' https: data:; form-action 'self' https:; frame-ancestors 'self'; img-src 'self' data: https:; object-src 'none'; script-src-attr 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; upgrade-insecure-requests; default-src 'self'; frame-src 'self' https:; worker-src 'self' blob: https:; connect-src 'self' https: wss:; media-src 'self' https:; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 2
default-src * https: data: blob: wss: 'unsafe-inline' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.visualwebsiteoptimizer.com app.vwo.com https://cdnjs.cloudflare.com https://browser.sentry-cdn.com *.azureedge.net https://client.prod.repmap.microsoft.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.cookiebot.com https://www.youtube.com https://sc-static.net https://connect.facebook.net https://*.snapchat.com https://snap.licdn.com https://www.googleadservices.com analytics.tiktok.com https://static.hotjar.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://*.visualwebsiteoptimizer.com app.vwo.com https://loyal-lyrebird.cloudvent.net https://*.typekit.net; img-src 'self' data: https://*.visualwebsiteoptimizer.com app.vwo.com https://picsum.photos https://*.picsum.photos https://*.cloudfront.net https://*.azureedge.net https://assets-eur.mkt.dynamics.com *.microsoft.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleusercontent.com/docsdf https://*.snapchat.com https://snap.licdn.com https://www.facebook.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.nl https://*.linkedin.com https://*.svc.dynamics.com https://*.cookiebot.com https://loyal-lyrebird.cloudvent.net; media-src 'self'; frame-src 'self' https://app.vwo.com https://www.youtube.com https://www.youtube-nocookie.com https://tourmkr.com *.svc.dynamics.com https://projects.ivorystudio.net https://open.spotify.com https://*.cookiebot.com https://docs.google.com https://*.snapchat.com https://td.doubleclick.net https://www.facebook.com; font-src 'self' data: https://script.hotjar.com https://loyal-lyrebird.cloudvent.net https://*.typekit.net; connect-src 'self' https://sentry.netvlies.nl *.svc.dynamics.com https://*.visualwebsiteoptimizer.com app.vwo.com https://*.analytics.google.com https://*.cookiebot.com https://region1.google-analytics.com www.google-analytics.com analytics.tiktok.com stats.g.doubleclick.net https://*.snapchat.com https://snap.licdn.com https://cdn.linkedin.oribi.io https://vc.hotjar.io wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://*.linkedin.com https://surveystats.hotjar.io https://ask.hotjar.io https://in.hotjar.com https://*.googlesyndication.com https://sentry.netvlies.nl/api/106/store/ https://sentry.netvlies.nl/api/106/envelope/; report-uri /report-csp-violation 2
default-src 'self' data: 'unsafe-inline' https://bewatec.virtual-spaces.de https://outlook.office365.com https://matomo.bewatec.customer.planetary-quantum.net https://matomo.bewatec.com https://use.bewatec.com https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://bewatec.clickmeeting.com; font-src 'self' data:; img-src https: data: https://matomo.bewatec.customer.planetary-quantum.net https://matomo.bewatec.com https://use.bewatec.com https://snap.licdn.com; media-src https: data:; object-src 'none'; script-src 'self' 'unsafe-inline' http://localhost:3000 https://matomo.bewatec.customer.planetary-quantum.net https://matomo.bewatec.com https://use.bewatec.com https://snap.licdn.com https://embed.clickmeeting.com https://bewatec.clickmeeting.com; form-action 'self' https://seu2.cleverreach.com; frame-ancestors 'self' https://app.bewatec.com https://app.staging.bewatec.com com.bewatec.inhospital; base-uri 'self' 2
frame-ancestors tarketthome.com www.tarketthome.com 2
connect-src 'self' blob: https://api.x.ai https://api.x.com https://jf.x.com https://jf.twitter.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com ws://localhost:8008/v2/ipc https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com https://localhost.twitter.com:3443 https://localhost.x.com:3443; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://static.ads-twitter.com  'nonce-OWY5NTdmNzAtMjEyNy00MGM3LTllYjAtOWQ0MmFmNGY5MWMw'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
default-src 'self';base-uri 'self';script-src 'nonce-k8ijEyWLZFH2/3g1piL3BQ==' 'strict-dynamic' 'report-sample' https:;report-to csp-endpoint;upgrade-insecure-requests;style-src 'self' 'report-sample' *.cdn.office.net *.microsoft.com res-dev.cdn.officeppe.net 'unsafe-inline' https://www.microsoft.com/;font-src 'self' data: *.cdn.office.net res-dev.cdn.officeppe.net data c.s-microsoft.com *.microsoft.com;connect-src 'self' https://browser.pipe.aria.microsoft.com https://browser.events.data.microsoft.com *.office.com *.cdn.office.net res-dev.cdn.officeppe.net https://consentreceiverfd-prod.azurefd.net data:;frame-src https://login.microsoftonline.com https://login.live.com mem.gfx.ms amcdn.msftauth.net amcdn.msauth.net;img-src * data: blob:;worker-src 'self' blob:;child-src 'self' blob:;report-uri https://csp.microsoft.com/report/Harmony-App-PROD;form-action https://login.microsoftonline.com;frame-ancestors 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-dVwsdtj_6zdSpaGEnE7R6A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com pinterest-yamagata.s3.amazonaws.com pinterest-yamagata.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.sofort.com *.tink.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.youtube-nocookie.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-537be1035b16a0e8c50442d29611eebf' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=7392983521695884; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=7392983521695884 1
script-src 'unsafe-eval' sf16-website-login.neutral.ttwstatic.com s20.tiktokcdn.com *.tiktokcdn-us.com www.google.com recaptcha.google.com js.hcaptcha.com client-api.arkoselabs.com www.gstatic.com connect.facebook.net; frame-src *.tiktok.com accounts.google.com www.google.com recaptcha.google.com www.facebook.com *.kakao.com lf16-web.tiktokcdn.com assets.braintreegateway.com appleid.apple.com access.line.me api.twitter.com h.online-metrix.net bytedance: newassets.hcaptcha.com client-api.arkoselabs.com; worker-src https: blob:; frame-ancestors tea-va.bytedance.net www.tiktok.com; report-to csp-endpoint; upgrade-insecure-requests ; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: wss://*.tiktok.com wss://*.tiktokv.com wss://*.tiktokv.eu wss://tiktok.com wss://tiktokv.com *.adsintegrity.net *.akamaized.net *.amazonaws.com *.bing.com *.bitssec.com *.braintree-api.com *.braintreegateway.com *.bytedapm.com *.bytedgame.com *.bytehwm-row.com *.byteicdn.com *.byteintl.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.bytelemon.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.cloudflare.com *.ctfassets.net *.doubleclick.net *.evbuc.com *.eventim.de *.facebook.com *.facebook.net *.fbsbx.com *.fcdnstatic-intl.com *.fdmstatic.com *.g-p-static.com *.gauthmath.com *.giphy.com *.goofy-cdn.com *.goofy.app *.google-analytics.com *.google.ae *.google.ca *.google.ci *.google.co.bw *.google.co.id *.google.co.il *.google.co.jp *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.uk *.google.co.ve *.google.com *.google.com.br *.google.com.co *.google.com.eg *.google.com.kh *.google.com.mt *.google.com.ng *.google.com.pe *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.sa *.google.com.tr *.google.com.vn *.google.de *.google.dz *.google.fr *.google.ge *.google.ht *.google.it *.google.me *.google.nl *.google.pl *.google.pt *.google.ru *.google.se *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.net *.ibytedtos.com *.ibyteimg.com *.isnssdk.com *.jumio.ai *.kakao.com *.lemon8-app.com *.lemon8cdn.com *.licdn.com *.linkedin.com *.midtrans.com *.muscdn.com *.musical.ly *.oecstatic.com *.omise.co *.pangle-ads.com *.paypal.com *.pipopay.com *.pipopayment.us *.redditstatic.com *.resso.me *.sgsnssdk.com *.soundon.global *.tableau.com *.tenor.com *.tiktok-row.net *.tiktok.com *.tiktok.ru *.tiktok.vn *.tiktokapis.com *.tiktokcdn-eu.com *.tiktokcdn-in.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokcreativeone.com *.tiktokforbusinessoutbound.com *.tiktokglobalshop.com *.tiktokmusic.me *.tiktokshop.com *.tiktokstaticb.com *.tiktokus.info *.tiktokv.com *.tiktokv.eu *.tiktokv.us *.tiktokw.eu *.tiktokw.us *.topbuzzcdn.com *.ttlivecdn.com *.ttlstatic.com *.ttwstatic.com *.vimeo.com *.vodupload.com *.yahoo.co.jp *.yhgfb-static.com *.youtube-nocookie.com *.zhiliaoapp.com code.jquery.com facebook.com google.com i.ticketweb.com images.universe.com media.ticketmaster.eu res.cloudinary.com s1.ticketm.net static-label.frontgatetickets.com t.co tikitoks.com tiktok.com tiktok.ua tiktok.vn tiktokfollowersfree.com tiktokv.com unpkg.com vimeo.com; report-uri https://mon.us.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&revision=52c5e353-14be-4487-9f40-543777a8b973 1
default-src 'none'; font-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' data: https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://donorbox.org https://js.stripe.com/v3/ https://sdks.shopifycdn.com https://www.paypal.com https://www.paypalobjects.com https://widget.thegivingblock.com https://*.shift4.com ; img-src 'self' data: blob: https://www.google-analytics.com https://*.paypal.com https://www.paypalobjects.com https://ak2s.abmr.net https://ak1s.abmr.net https://www.google.com https://cdn.shopify.com https://v.shopify.com ; frame-src https://donorbox.org https://www.youtube.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://js.stripe.com/v3/ https://js.stripe.com/v2/ https://www.paypal.com https://outreach.abetterinternet.org https://app.netlify.com https://widget.thegivingblock.com/ ; connect-src 'self' https://d4twhgtvn0ff5.cloudfront.net/ https://letsencrypt-merch.myshopify.com https://monorail-edge.shopifysvc.com https://www.paypal.com https://www.google-analytics.com ; 1
require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport,script-src 'report-sample' 'nonce--lCVG8oAj5bqsOZ4-FkLRg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://jf.x.com https://jf.twitter.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com ws://localhost:8008/v2/ipc https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com https://localhost.twitter.com:3443 https://localhost.x.com:3443; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://static.ads-twitter.com  'nonce-NjViZTRjYzQtOTc1NS00MTk3LTliYWUtNTI2ODI4MWNkYzAy'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
default-src 'self' data: 'unsafe-inline' https://www.apachecon.com/ https://analytics.apache.org/ http://analytics.apache.org/ https://www.youtube-nocookie.com https://www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.apache.org/ http://analytics.apache.org/ https://www.youtube-nocookie.com https://www.youtube.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; img-src 'self' 'https://www.apache.org/'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net https://piwik.avm.de https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net; img-src 'self' https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net https://piwik.avm.de data: ; font-src 'self' https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net; connect-src 'self' https://sso.myfritz.net https://gateway.myfritz.net wss://gateway.myfritz.net https://piwik.avm.de; frame-src 'self' https://sso.myfritz.net https://www.google.com/recaptcha/; media-src 'none'; object-src 'none'; worker-src 'none'; manifest-src https://www.myfritz.net/static/manifest.json https://sso.myfritz.net/static/manifest.json; frame-ancestors https://sso.myfritz.net https://www.myfritz.net; form-action 'self' https://www.myfritz.net 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com organizer.bizzabo.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-CwbPQHAT6IlfC0S6MMCZhA=='; report-uri https://send.hsbrowserreports.com/csp/report; upgrade-insecure-requests; 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-+ybquXJUplqFnH9klf8kG6iDq0qqBG' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
default-src 'self' data: https://*.pcdn.co http://*.pcdn.co https://*.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat http://t.co https://*.facebook.com https://*.facebook.net https://*.quora.com  https://*.ads-twitter.com https://*.media.net http://*.media.net https://*.twitter.com https://*.youtube.com https://*.ytimg.com https://noembed.com https://cdn.plyr.io https://*.akamaihd.net https://*.googleapis.com  https://*.googleusercontent.com https://*.gstatic.com https://*.consensu.org https://*.livechatinc.com/ https://*.ads.linkedin.com/ https://*.linkedin.com/ https://*.pm-srv.co https://bat.bing.com/bat.js https://bat.bing.com https://share.transistor.fm/ https://cdn.cookielaw.org https://*.privacyrequest.net https://privacyrequest.net https://*.consentmanager.net https://*.googlesyndication.com/ 'unsafe-inline'; 1
frame-ancestors 'self' v8.1c.ru metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com; script-src 'self' 1c.ru *.1c.ru mc.yandex.ru www.google-analytics.com www.google.com www.gstatic.com api-maps.yandex.ru yastatic.net *.maps.yandex.net vk.com code.jquery.com yandex.st app.chaport.com app.chaport.ru call.chatra.io cdn-ru.bitrix24.ru 1csoft.bitrix24.ru www.googletagmanager.com www.youtube.com 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' https: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: ; img-src 'self' data: https: ; font-src 'self' data: https://cdn.statcdn.com/ ; style-src 'self' 'unsafe-inline' https://cdn.statcdn.com/ https://content.pendo.statista.com/ https://typo3.prod.aws.statista.com/ ; object-src 'self' https://cdn.statcdn.com/ ; frame-src 'self' https: ; frame-ancestors 'none' ; connect-src 'self' https: wss://ws.hotjar.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'nonce-NDEsNCwxODksOSwxMzEsMjQ1LDIwMiwzNg==' https://discord.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://script.crazyegg.com https://*.website-files.com https://global.localizecdn.com https://cdn.localizeapi.com https://d3e54v103j8qbb.cloudfront.net https://gist.github.com https://unpkg.com/@splinetool/runtime/build/runtime.js https://*.twitter.com https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js https://boards-api.greenhouse.io https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js https://cdn.finsweet.com/files/fscalendar/calendar-invite-v1.0.min.js 'sha256-mjdgHR9aXy-6OwAGlNS_XgNcYG1Uhd2U4pl8vi7-XCY=' 'sha256-gqG2LEZaHDwOL3S_CXJTuk_f3LimTEyruhOc_U0_QUY=' 'sha256-y0oGiuXZdmX7xRABTnY5cbHkfghDqbfX6JoerXLgVJc=' 'sha256-gBzDBwsujjXjXk6GLgdSlLIrvt5h0s3F_qF7Qt8TYwY=' 'sha256-TrY3AqlyKfZdsI3LYsy6u8GAhckLEXeyLcFK2gOe18U=' 'sha256-lVOL-gH47X0Li5QriWNZ69Hcr-71DsXFvGmQxN9TpBw=' 'sha256-j11ZNhk91nmUjPCBAIRcvJeEgnkbdJ9qNqoEMekilec=' 'sha256-1sQ9sTbc6Lumd2Frwf7IBwGG02gPTreTI8QBBW5kibM=' 'sha256-uh1p-Vy3_Cn66Ugk4Hak-gGr2Udg7yiI_5u5E_BdCRM=' 'sha256-7JHgDILwD7i_kvnHwJFF5WsHHmIc98tkBqDqbv47iFE=' 'sha256-KvstP_RIj6GGaE25Mqo-kIO0_WVEls1n5tnNhm8zmPA=' 'sha256-6xIDOlx5P0LKHv8fkot5ULOnB8ySdhjJi5r_ZP5EDPY=' 'sha256-jY_7jWrddtNUb-Y4CFKWaH-R2lrqgm_LAX72E8SLqKw=' 'sha256-MdICB9cW7ILT3ZeSxhN2YlpFxEsn5WHr03Ix-WVpHsw=' 'sha256-fUfByJGhChEFu7PE5HJfFwiYKySnP1H0iXvAxkauLNU=' 'sha256-xjkCDxBOM2TlIn5DpGQM4aJldb4AiHMKlRjfW46l-x0=' 'sha256-VOPfGBY-XgTDMwhG41S5eZyMKlu3gN60suwCPDWZ8MY=' 'sha256-tVeTMYknRG_IAdCHRGlDd9S2bX2_rX0e4HpaP9lgKWY=' 'sha256-kprfDg8ElCpUCFQAX5shnAPf3i59vVTSy02AjZXV3k0=' 'sha256-llLws8TR-U3nNRCIvJNVc-SGscqwyeO1IPgpbnWuZdc=' 'sha256-h9lm4cvrD7egZu1GTAE1h2IDy1K4fXgD-q_O7aEosuw=' 'sha256-_cdQbTQzcfSt2_aCceUvkUmLh1WMdvlKbi1BBG7u8Jg=' 'sha256-U0jHWhsvIpjnwYKeJS_-2pe9ROsYnck5ZB2aXNyKWq8=' 'sha256-rB4G_-e_bAPU7rKI_9HC1lBZ0XEa_nHDH6hXFz4GIh4=' 'sha256-N02bP-slnHB-OYEN6imRqCHcHLN5DvBouRmyO2qcQYU=' 'sha256-QHiY6i8ql9SJTaFXzUhm08ZWuNz0QarKruf0Omd9-OQ=' 'sha256-s4OBHcHJnkGxjEyNJhU5BQt4qlt6MH07rG/j/hFOUnE=' 'sha256-s4OBHcHJnkGxjEyNJhU5BQt4qlt6MH07rG_j_hFOUnE=' 'sha256-mjdgHR9aXy+6OwAGlNS/XgNcYG1Uhd2U4pl8vi7+XCY=' 'sha256-jY/7jWrddtNUb+Y4CFKWaH+R2lrqgm/LAX72E8SLqKw=' 'sha256-lVOL+gH47X0Li5QriWNZ69Hcr+71DsXFvGmQxN9TpBw=' 'sha256-/cdQbTQzcfSt2/aCceUvkUmLh1WMdvlKbi1BBG7u8Jg=' 'sha256-N02bP+slnHB+OYEN6imRqCHcHLN5DvBouRmyO2qcQYU=' 'sha256-gqG2LEZaHDwOL3S/CXJTuk/f3LimTEyruhOc/U0/QUY=' 'sha256-llLws8TR+U3nNRCIvJNVc+SGscqwyeO1IPgpbnWuZdc=' 'sha256-gBzDBwsujjXjXk6GLgdSlLIrvt5h0s3F/qF7Qt8TYwY=' 'sha256-6xIDOlx5P0LKHv8fkot5ULOnB8ySdhjJi5r/ZP5EDPY=' 'sha256-7JHgDILwD7i/kvnHwJFF5WsHHmIc98tkBqDqbv47iFE=' 'sha256-VOPfGBY+XgTDMwhG41S5eZyMKlu3gN60suwCPDWZ8MY='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hcaptcha.com https://hcaptcha.com https://*.website-files.com https://*.githubassets.com; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.facebook.com https://cdn.discordapp.com https://hackerone-api.discord.workers.dev/user-avatars/ https://safety.discord.com https://discordmoderatoracademy.zendesk.com https://assets-global.website-files.com data: https://*.website-files.com https://global.localizecdn.com https://cdn.localizeapi.com https://*.ytimg.com https://uploads-ssl.webflow.com; font-src 'self' https://fonts.gstatic.com https://fonts.gstatic.com https://*.website-files.com https://uploads-ssl.webflow.com; connect-src 'self' https://discordapp.com https://discord.com https://connect.facebook.net https://api.greenhouse.io https://api.github.com https://sentry.io https://www.google-analytics.com https://hackerone-api.discord.workers.dev https://*.hcaptcha.com https://hcaptcha.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location ws://127.0.0.1:* http://127.0.0.1:* https://global.localizecdn.com https://cdn.localizeapi.com https://*.website-files.com https://webflow.com/api/ https://script.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://tracking.crazyegg.com; media-src 'self' https://cdn.discordapp.com/assets/ https://cdn.discordapp.com/promotions/premium-marketing/ https://*.website-files.com; frame-src https://discordapp.com/domain-migration https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://www.youtube.com/embed/ https://hackerone.com/631fba12-9388-43c3-8b48-348f11a883c0/ https://10851314.fls.doubleclick.net/ https://*.twitter.com https://*.vimeo.com; 1
default-src 'self';connect-src 'self' ws: https://*.google-analytics.com https://s3-eu-west-1.amazonaws.com;img-src 'self' https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com/ data: https://*.google-analytics.com https://*.doubleclick.net https://s3.amazonaws.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://js-agent.newrelic.com/nr-1044.min.js https://www.google.com https://www.gstatic.com https://*.google-analytics.com http://*.getclicky.com;style-src 'self' 'unsafe-inline' http://maxcdn.bootstrapcdn.com https://*.googleapis.com https://www.gstatic.com;font-src 'self' https://www.gstatic.com https://*.gstatic.com http://maxcdn.bootstrapcdn.com;frame-src 'self' https://www.google.com https://*.s3.amazonaws.com;report-uri /csp; 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://*.apple.com http://*.apple.com https://*.mzstatic.com https://*.apple-mapkit.com https://p-events-delivery.akamaized.net http://p-events-delivery.akamaized.net https://apple-events.akamaized.net https://mediaservices.cdn-apple.com http://mediaservices.cdn-apple.com https://wwdr-aws-dev.apple.com https://bricks.cdn-apple.com 1
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060 https://steamvideo-a.akamaihd.net/; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host ; 1
base-uri 'self'; default-src 'none'; form-action https://account.mail.ru https://auth.mail.ru https://e.mail.ru https://yandex.ru https://widgets.mail.ru 'self'; script-src https://*.adlooxtracking.com https://*.adlooxtracking.ru https://*.adsafeprotected.com https://*.doubleverify.com https://*.imgsmail.ru https://*.mail.ru https://*.moatads.com https://*.mradx.net https://*.serving-sys.com https://*.serving-sys.ru https://*.vk.com https://*.vk.ru https://*.weborama-tech.ru https://*.weborama.fr https://an.yandex.ru https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://home.mrgcdn.ru https://iframe.s3.yandex.net https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://ok.ru https://st.mycdn.me https://static.dzeninfra.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net 'unsafe-eval' 'unsafe-inline' 'nonce-36e0a62d90553c8397960c7383de4691' 'strict-dynamic' 'report-sample'; connect-src https://*.adlooxtracking.com https://*.adlooxtracking.ru https://*.adsafeprotected.com https://*.cold-video.dzeninfra.ru https://*.doubleverify.com https://*.dzen.ru https://*.extcdn.dzeninfra.ru https://*.hot-video.dzeninfra.ru https://*.imgsmail.ru https://*.mail.ru https://*.moatads.com https://*.mradx.net https://*.ok.ru https://*.serving-sys.com https://*.serving-sys.ru https://*.vk.com https://*.vk.ru https://*.weborama-tech.ru https://*.weborama.fr https://an.yandex.ru https://avatars.dzeninfra.ru https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://cdn.dzen.ru https://cold-video.dzeninfra.ru https://consentmanager.mgr.consensu.org https://dzen.ru https://home.mrgcdn.ru https://jstracer.yandex.ru https://log.strm.yandex.ru https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://ok.ru https://playlog.dzen.ru https://s3.dzeninfra.ru https://static.dzeninfra.ru https://strm.yandex.ru https://verify.yandex.ru https://video.dzen.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net https://ymetrica1.com; img-src blob: data: https://*.mail.ru https://*.radar.imgsmail.ru https://*.userapi.com https://*.zen.zeta.dzen.ru https://presizer.imgsmail.ru https://i.mycdn.me https://a.delivery.consentmanager.net https://ad.adriver.ru https://amc.yandex.ru https://an.yandex.ru https://avatars.dzeninfra.ru https://avatars.mds.yandex.net https://bs.serving-sys.com https://bs.serving-sys.ru https://bs.yandex.ru https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://cdn.dzen.ru https://counter.yadro.ru https://d.mradx.net https://dzen.ru https://favicon.yandex.net https://fmdata.imgsmail.ru https://home.imgsmail.ru https://img.imgsmail.ru https://imgs2.imgsmail.ru https://impression.appsflyer.com https://likemore-go.imgsmail.ru https://limg.imgsmail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://mgcomru.solution.weborama.fr https://pixel.adlooxtracking.ru https://playlog.dzen.ru https://pogoda.imgsmail.ru https://promoimages.hb.bizmrg.com https://pulse.imgsmail.ru https://r.mradx.net https://s3.dzeninfra.ru https://static.dzeninfra.ru https://storage.mds.yandex.net https://video.dzen.ru https://vk.com https://vk.ru https://vkplay.ru https://wcm-ru.frontend.weborama.fr https://wcm.weborama-tech.ru https://www.tns-counter.ru https://yandex.ru https://yastatic.net 'self'; manifest-src https://limg.imgsmail.ru; media-src blob: data: https://*.cold-video.dzeninfra.ru https://*.extcdn.dzeninfra.ru https://*.hot-video.dzeninfra.ru https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://*.ok.ru https://*.strm.yandex.ru https://*.vk.com https://*.vk.ru https://*.yandex.net https://cdn.dzen.ru https://cold-video.dzeninfra.ru https://mail.ru https://ok.ru https://strm.yandex.ru https://video.dzen.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net; style-src blob: https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://home.mrgcdn.ru https://static.dzeninfra.ru https://yandex.st https://yastat.net https://yastatic.net 'unsafe-eval' 'unsafe-inline'; font-src blob: data: https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://an.yandex.ru https://yastat.net https://yastatic.net 'self'; frame-src https://*.doubleverify.com https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://*.ok.ru https://*.vk.com https://*.vk.ru https://*.yandex.ru https://app.appsflyer.com https://awaps.yandex.net https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://mini.vkplay.ru https://ok.ru https://vk.com https://vk.ru https://yandex.ru https://yastat.net https://yastatic.net https://widgets.mail.ru; report-uri https://cspreport.mail.ru/home?disposition=report&rev=16.07.24; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-4lqaFks70XUpffN71d0Yow=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
connect-src 'self' https://search.brave.com https://brave-software.ghost.io https://analytics.brave.com; default-src 'none'; media-src 'self'; font-src 'self'; frame-ancestors 'self' https://ads.brave.com https://ads.bravesoftware.com; frame-src 'self' https://blocksurvey.io https://contact.ads.brave.com https://html5-player.libsyn.com https://player.vimeo.com https://boards.greenhouse.io https://www.youtube-nocookie.com https://app.boostr.com/; img-src 'self' data: https://imgs.search.brave.com https://analytics.brave.com https://boards.greenhouse.io; script-src 'self' https://analytics.brave.com https://boards.greenhouse.io; style-src 'self' 'unsafe-inline'; object-src 'self'; manifest-src 'self'; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://cdn.amplitude.com https://api.amplitude.com https://dev-embed.notion.co https://embed.notion.co https://static.zdassets.com https://api.smooch.io	 https://solve-widget.forethought.ai https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://cdn.segment.com https://analytics.pgncs.notion.so https://o324374.ingest.sentry.io https://checkout.stripe.com https://js.stripe.com https://embed.typeform.com https://admin.typeform.com https://public.profitwell.com https://static.profitwell.com https://js.sentry-cdn.com https://js.chilipiper.com https://platform.twitter.com https://cdn.syndication.twimg.com https://accounts.google.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://cdn01.boxcdn.net https://cdn.sprig.com https://assets.customer.io https://track.customer.io https://code.gist.build https://www.google.com https://www.gstatic.com https://challenges.cloudflare.com https://pagead2.googlesyndication.com https://x.clearbitjs.com https://connect.facebook.net https://snap.licdn.com/ https://px.ads.linkedin.com/ https://munchkin.marketo.net https://414-xmy-838.mktoutil.com https://info.notion.com https://bat.bing.com https://s.yimg.jp https://www.youtube-nocookie.com https://www.youtube.com/iframe_api https://js.partnerstack.com https://partnerlinks.io https://analytics.tiktok.com/ https://vitals.vercel-insights.com https://va.vercel-scripts.com https://vercel.live https://www.redditstatic.com https://static.ads-twitter.com https://insights.metadata.io https://acdn.adnxs.com/dmp/up/pixie.js https://a.usbrowserspeed.com https://static.hotjar.com https://script.hotjar.com;connect-src 'self' data: blob: https://cdn.amplitude.com https://api.amplitude.com https://www.notion.so https://api.embed.ly https://dev-embed.notion.co https://embed.notion.co https://ekr.zdassets.com https://ekr.zendesk.com	 https://makenotion.zendesk.com	 https://api.smooch.io	 wss://api.smooch.io	 https://api.forethought.ai https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://cdn.segment.com https://api.segment.io https://analytics.pgncs.notion.so https://api.pgncs.notion.so https://o324374.ingest.sentry.io https://checkout.stripe.com https://js.stripe.com https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://www2.profitwell.com https://tracking.chilipiper.com https://api.chilipiper.com https://api.unsplash.com https://api.giphy.com/ https://giphy-analytics.giphy.com/ https://media0.giphy.com/ https://media1.giphy.com/ https://media2.giphy.com/ https://media3.giphy.com/ https://media4.giphy.com/ https://media5.giphy.com/ https://media6.giphy.com/ https://media7.giphy.com/ https://media8.giphy.com/ https://media9.giphy.com/ https://media10.giphy.com/ https://boards-api.greenhouse.io https://accounts.google.com https://oauth2.googleapis.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://www.googletagmanager.com https://analytics.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://telemetry.transcend.io https://api.statuspage.io https://pgncd.notion.so https://api.statsig.com https://statsigapi.net https://exp.notion.so https://api.box.com https://*.mux.com https://api.sprig.com https://storage.googleapis.com https://cdn.sprig.com https://cdn.userleap.com https://assets.customer.io https://track.customer.io https://*.api.gist.build https://*.cloud.gist.build https://api.palette.dev https://pagead2.googlesyndication.com https://google.com https://x.clearbitjs.com https://app.clearbitjs.com https://connect.facebook.net https://snap.licdn.com/ https://px.ads.linkedin.com/ https://munchkin.marketo.net https://414-xmy-838.mktoutil.com https://info.notion.com https://bat.bing.com https://s.yimg.jp https://www.youtube-nocookie.com https://www.youtube.com/iframe_api https://js.partnerstack.com https://grsm.io https://partnerlinks.io https://analytics.tiktok.com/ https://vitals.vercel-insights.com https://va.vercel-scripts.com https://vercel.live https://www.redditstatic.com https://static.ads-twitter.com https://insights.metadata.io https://acdn.adnxs.com/dmp/up/pixie.js https://a.usbrowserspeed.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com wss://msgstore.www.notion.so https://msgstore.www.notion.so https://audioprocessor.www.notion.so wss://audioprocessor.www.notion.so ws://localhost:* ws://127.0.0.1:* https://prod-files-secure.s3.us-west-2.amazonaws.com https://notion-emojis.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https://file.notion.so notion://file.notion.so https://www.notion.com;font-src 'self' data: https://cdnjs.cloudflare.com https://cdn01.boxcdn.net https://fonts.gstatic.com;img-src 'self' data: blob: https: https://images.ctfassets.net https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.mux.com https://track.customer.io https://file.notion.so notion://file.notion.so;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://github.githubassets.com https://js.chilipiper.com https://platform.twitter.com https://ton.twimg.com https://accounts.google.com https://transcend-cdn.com https://cdn01.boxcdn.net https://code.gist.build https://fonts.googleapis.com;frame-ancestors 'self' notion://www.notion.so;worker-src 'self' blob:;child-src 'self' blob:;media-src blob: https: http: https://*.mux.com https://file.notion.so notion://file.notion.so;frame-src https: http: https://accounts.google.com https://renderer.gist.build https://code.gist.build https://challenges.cloudflare.com 1
frame-ancestors 'self';img-src 'self' https://* data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* *.disneyplus.com:*;worker-src 'self' blob:;manifest-src 'self' *.disneyplus.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
frame-ancestors 'self' https://*.otto.de https://*.ottogroup.com https://og2gether.sharepoint.com https://otto.mpp360.cloud; 1
base-uri https://*.ryanair.com https://*.laudamotion.com; child-src https://*.hotjar.com https://*.hotjar.io 'self'; worker-src https://*.ryanair.com 'self'; connect-src 'self' https://*.ryanair.com https://*.launchdarkly.com https://bam.nr-data.net/ https://dpm.demdex.net https://js-agent.newrelic.com https://script.hotjar.com https://smetrics.ryanair.com https://*.hotjar.com https://*.hotjar.io https://*.boxever.com https://www.gstatic.com https://news.ryanair.com wss://*.hotjar.com https://www.rentalcars.com https://*.accdab.net https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://ad.doubleclick.net https://www.google.com https://ryanairsupport.zendesk.com wss://ryanairsupport.zendesk.com https://www.ryanair.com https://api.ryanair.com https://assets.ryanair.com https://desktopapps.ryanair.com https://places-rooms.ryanair.com https://help.ryanair.com wss://help.ryanair.com; default-src 'self' https://ajax.googleapis.com https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com https://*.google-analytics.com https://ryanairsupport.zendesk.com wss://ryanairsupport.zendesk.com https://help.ryanair.com wss://help.ryanair.com; frame-src 'self' https://*.ryanair.com https://ryanair.demdex.net https://*.hotjar.com https://*.hotjar.io https://*.cdn-net.com https://*.accdab.net https://www.google.com; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://ajax.googleapis.com https://assets.ryanair.com; img-src 'self' data: https://*.hotjar.com https://*.hotjar.io https://bam.nr-data.net https://dpm.demdex.net https://smetrics.ryanair.com https://www.gstatic.com https://cm.g.doubleclick.net https://*.criteo.com https://www.facebook.com https://play-lh.googleusercontent.com https://v2assets.zopim.io https://static.zdassets.com https://s3.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://v2uploads.zopim.io https://pixel.quantserve.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://play-lh.googleusercontent.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.fr164-11.ryanair.com https://ryanairsupport.zendesk.com https://*.zdusercontent.com https://assets.ryanair.com/; manifest-src https://*.ryanair.com https://*.laudamotion.com; object-src 'self' https://*.cdn-net.com; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.boxever.com https://*.cdn-net.com https://*.googleapis.com https://*.launchdarkly.com https://assets.ryanair.com https://bam.nr-data.net https://d1mj578wat5n4o.cloudfront.net https://js-agent.newrelic.com https://*.hotjar.com https://*.hotjar.io https://www.gstatic.com https://cdnjs.cloudflare.com https://*.accdab.net https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com https://www.googleadservices.com https://www.google.com https://*.google-analytics.com https://*.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://ryanairsupport.zendesk.com wss://ryanairsupport.zendesk.com https://polyfill.ryanair.com https://help.ryanair.com wss://help.ryanair.com; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com; frame-ancestors 'self'; report-uri /csp-report?app=homepage; 1
script-src 'nonce-uJ7F1ctXLXfzB6K5IHyFrQ==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=qi7yR82aKimsBCs2dmYcCSGg7X3Nd8nw0L9YOe_HRbzpKahN-AYpETPFsxM57fsdLtLf&policy_id=9&user_id=&request_id=1f9d15e8-9c75-47ea-b360-245912fdf203; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
script-src 'nonce-rQqcC58WQUzEaUDNKeIbNQ==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=qi7yR82aKimsBCs2dmYcCSGg7X3Nd8nw0L9YOe_HRbzpKahN-AYpETPFsxM57fsdLtLf&policy_id=9&user_id=&request_id=a3fa3544-d1eb-43e0-a5d2-c735e6590b07; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
frame-ancestors https://*.poki.io http://localhost:1234 1
upgrade-insecure-requests; default-src 'self' https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; object-src https:; form-action https:; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=sph&d=2024-07-26 1
default-src 'self' https://consent.badoo.com; script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-qQLjRmUY2rjkzGb7RRlq9Q==' badoocdn.com *.badoocdn.com https://consent.badoo.com https://*.googletagmanager.com https://tr.snapchat.com https://tr-shadow.snapchat.com; style-src 'self' 'unsafe-inline'; connect-src 'self' *.badoo.com *.badoo.eu *.badoo.us https://consent.badoo.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://tr.snapchat.com https://tr-shadow.snapchat.com; child-src 'self'; font-src * data:; manifest-src 'self'; base-uri 'self'; frame-src * bds: bdp:; img-src * data: blob:; media-src * data: blob:; report-uri /jss/csp_report.phtml?token=badoo_homepage&env=production; upgrade-insecure-requests; 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: blob:; object-src 'none'; media-src 'self' https: data: blob:; frame-src 'self' https:; worker-src 'self' blob:; child-src 'self' blob:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; connect-src https: wss:; font-src https: data:; media-src https: blob: data:; worker-src https: blob:; object-src 'none'; 1
upgrade-insecure-requests; frame-ancestors 'self' http://*.hulu.com https://*.hulu.com; 1
frame-ancestors *.ouest-france.fr www.google.com https://amp-ouest--france-fr.cdn.ampproject.org http://www.ultimedia.com https://fr.ouestfrance.OuestFrance *.presseocean.fr *.courrierdelouest.fr *.lemainelibre.fr *.maville.com *.francelive.fr *.sipaof.fr ouest-france.geovoile.com 1
frame-ancestors *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 1
frame-ancestors https://admarket.no https://admarket.schibsted.se https://schibsted.dredition-beta.aptoma.no/ https://schibsted.dredition.aptoma.no/; upgrade-insecure-requests 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https: 1
default-src 'self' *  ;style-src  https: data: 'unsafe-inline';img-src  https: blob: data:;child-src data:;object-src 'none';worker-src blob: https://*.olx.pl  ;frame-src  https: blob:;script-src  https: 'unsafe-inline' 'unsafe-eval';font-src data: 'self' https: ;connect-src 'self' * blob: 1
frame-ancestors 'self' *.avira.com *.avira.org *.avira.net *.prod-blog.avira.com prod-blog.avira.com; 1
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com ; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com; font-src data: https: https://fonts.gstatic.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://*.vnexpress.net https://vnexpress.net 1
default-src 'self' * *.faphouse.com; img-src * data: blob:; media-src * blob:; script-src 'self' 'unsafe-inline' blob: https://assets-ah.flixcdn.com www.google.com www.gstatic.com *.amplitude.com www.google-analytics.com www.googleanalytics.com www.googletagmanager.com www.googleoptimize.com optimize.google.com tagmanager.google.com *.hotjar.com https://pm-api.faphouse.com https://pm.faphouse.com/pm/ https://assets-ah.flixcdn.com/ comments.faphouse.com studio.faphouse.com joinmy.fans 'unsafe-eval' challenges.cloudflare.com; style-src * 'unsafe-inline'; font-src * data: 'unsafe-inline'; frame-ancestors 'self' 1
frame-ancestors 'self' https://*.taboola.com 1
frame-ancestors 'none'; default-src 'self' https vlibras.gov.br dicionario2.vlibras.gov.br cdp.cloud.unity3d.com config.uca.cloud.unity3d.com traducao2.vlibras.gov.br www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google.com www.gstatic.com barra.brasil.gov.br vlibras.gov.br; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdn.dsgovserprodesign.estaleiro.serpro.gov.br cdnjs.cloudflare.com vlibras.gov.br barra.brasil.gov.br; img-src 'self' data: www.gstatic.com cdn.dsgovserprodesign.estaleiro.serpro.gov.br vlibras.gov.br; font-src 'self' use.typekit.net data: cdn.dsgovserprodesign.estaleiro.serpro.gov.br fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com barra.brasil.gov.br vlibras.gov.br; object-src 'none'; frame-src www.google.com; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self';media-src 'self' https://*.divarcdn.com;script-src https://divar.ir https://*.divarcdn.com https://*.hotjar.com 'unsafe-eval' 'unsafe-inline' https://www.clarity.ms https://www.googletagmanager.com https://google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://cdn.yektanet.com https://audience-cdn.yektanet.com https://s1.mediaad.org https://cdn.sanjagh.com https://www.googleadservices.com https://www.gstatic.com;worker-src 'self' https://www.gstatic.com blob:;style-src 'self' 'unsafe-inline' https://*.divarcdn.com https://fonts.googleapis.com https://www.googletagmanager.com https://*.hotjar.com;img-src 'self' data: blob: https://divar.ir https://*.divarcdn.com https://trustseal.enamad.ir https://google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://www.googletagmanager.com https://*.openstreetmap.org https://*.balad.ir https://*.cafebazaar.ir https://www.google.com https://www.google.nl https://www.google.de https://www.google.ae https://www.google.fr https://www.google.ca https://www.google.co.uk https://www.google.com.au https://logo.samandehi.ir https://cdn.karnameh.com https://map.divar.ir https://*.hotjar.com https://*.clarity.ms https://c.bing.com;connect-src 'self' https://divar.ir https://*.divar.ir https://*.divarcdn.com https://google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.doubleclick.net https://*.delivery.zeerak.cloud https://*.leogames.co https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://api.mediaad.org https://ua.yektanet.com https://audience.yektanet.com https://api.sanjagh.com https://api.karnameh.com https://sentry.divar.cloud wss://submit-warning.divar.ir https://tiles.raah.ir https://*.clarity.ms https://c.bing.com;font-src 'self' https://*.divarcdn.com https://fonts.gstatic.com https://*.hotjar.com data:;object-src 'none';frame-ancestors 'none';base-uri 'self';frame-src 'self' https://ua.yektanet.com https://mediacdn.mediaad.org;child-src blob:;manifest-src 'self';upgrade-insecure-requests;block-all-mixed-content 1
script-src 'nonce-0KBZ4JU0ctlC5BfDzkh9Tg==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=qi7yR82aKimsBCs2dmYcCSGg7X3Nd8nw0L9YOe_HRbzpKahN-AYpETPFsxM57fsdLtLf&policy_id=9&user_id=&request_id=51f9e2f2-646b-414b-a59a-afb1be42c1e8; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
default-src * blob:; img-src * data: blob: resource: t.captcha.qq.com *.dun.163yun.com *.dun.163.com *.126.net *.nosdn.127.net nos.netease.com; connect-src * wss: blob: resource:; frame-src 'self' *.zhihu.com mailto: tel: weixin: *.vzuu.com mo.m.taobao.com getpocket.com note.youdao.com safari-extension://com.evernote.safari.clipper-Q79WDW8YH9 blob: mtt: zhihujs: captcha.guard.qcloud.com pos.baidu.com dup.baidustatic.com openapi.baidu.com wappass.baidu.com passport.baidu.com *.cme.qcloud.com vs-cdn.tencent-cloud.com t.captcha.qq.com *.dun.163yun.com *.dun.163.com *.126.net *.nosdn.127.net nos.netease.com; script-src 'self' blob: *.zhihu.com g.alicdn.com qzonestyle.gtimg.cn res.wx.qq.com open.mobile.qq.com 'unsafe-eval' unpkg.zhimg.com unicom.zhimg.com resource: zhihu-live.zhimg.com captcha.gtimg.com captcha.guard.qcloud.com pagead2.googlesyndication.com cpro.baidustatic.com pos.baidu.com dup.baidustatic.com i.hao61.net jsapi.qq.com 'nonce-a6811bb8-54e1-4f8f-a175-666cfa7dd6d2' hm.baidu.com zz.bdstatic.com b.bdstatic.com imgcache.qq.com vs-cdn.tencent-cloud.com www.mangren.com www.yunmd.net zhihu.govwza.cn p.cnwza.cn gw.alipayobjects.com ssl.captcha.qq.com t.captcha.qq.com *.dun.163yun.com *.dun.163.com *.126.net *.nosdn.127.net nos.netease.com; style-src 'self' 'unsafe-inline' *.zhihu.com unicom.zhimg.com resource: captcha.gtimg.com www.mangren.com ssl.captcha.qq.com t.captcha.qq.com *.dun.163yun.com *.dun.163.com *.126.net *.nosdn.127.net nos.netease.com; font-src * data:; frame-ancestors *.zhihu.com 1
default-src 'self' *.indiamart.com *.intermesh.net *.imimg.com *.imutils.com 'unsafe-inline' maps.google.com *.g.doubleclick.net *.gstatic.com app.powerbi.com cdn-data.media4trade.com *.google-analytics.com https://duse.intermesh.net/ *.googleapis.com  maxcdn.bootstrapcdn.com js-agent.newrelic.com code.jquery.com bam.nr-data.net www.google.co.in *.amazonaws.com cdn.datatables.net cdnjs.cloudflare.com data: 'unsafe-eval'   www.youtube.com *.googleusercontent.com *.google.com *.googletagmanager.com *.knowlarity.com https://cloudphone.tatateleservices.com *.airtel.in https://www.facebook.com/ https://www.instagram.com/ www.googletagservices.com mc.yandex.ru cdn.prod.uidapi.com connect.facebook.net www.instagram.com graph.instagram.com https://img.youtube.com www.googleadservices.com pagead2.googlesyndication.com cdn.ampproject.org i.ytimg.com https://www.youtube-nocookie.com partner.googleadservices.com static.doubleclick.net tpc.googlesyndication.com cdn.jsdelivr.net    td.doubleclick.net *.clarity.ms ; connect-src *; frame-src *; img-src data: *  ; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src data:; font-src https: data:; frame-ancestors 'self' https://wpe.codes https://my.wpengine.com https://app.kameleoon.com; connect-src https: wss:; img-src https: data:; worker-src blob: https:; media-src https: blob:; 1
base-uri 'self'; connect-src * blob: data: *.crazyegg.com ; default-src 'self' *.meetup.com *.dev.meetup.com:8001 www.sjwoe.com *.crazyegg.com blob: ; font-src * data:; frame-ancestors 'self'; frame-src *; img-src * data: blob: *.crazyegg.com ;media-src *.meetup.com *.dev.meetup.com:8001 https://secure.meetupstatic.com www.sjwoe.com *.sendbird.com https://sendbird-us-3.s3.amazonaws.com; script-src * 'unsafe-eval' 'unsafe-inline' *.crazyegg.com; style-src * 'unsafe-inline' *.crazyegg.com ; object-src 'none' 1
frame-ancestors https://voxmedia.stories.usechorus.com 'self' 1
default-src 'self' data: blob: *.mega.co.nz *.mega.nz *.mega.io http://*.mega.co.nz http://*.mega.nz http://*.mega.io wss://*.karere.mega.nz wss://*.sfu.mega.co.nz *.karere.mega.nz:1380 http://127.0.0.1:6341 localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz *.mega.io data: blob:; frame-src 'self' *.megapay.nz ad.mega.nz mega: *.megaad.nz https://mega.nz/ https://mega.io/; img-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob: mega.nz 1
frame-ancestors 'self' esbroadcom.lookbookhq.com mfbroadcom.lookbookhq.com; script-src 'self' data: blob: https://script.crazyegg.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://ajax.googleapis.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://searchunify.com https://searchunify.broadcom.com https://tag.demandbase.com/9a4d64cf696797e4.min.js https://tag.demandbase.com *.adroll.com *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com *.brightcove.com *.brightcove.net https://images.sw.broadcom.com 'nonce-ZjUwMzUyMmJjMQ/NjBiODY5OGYwMWVkN2Q='; object-src 'self'; 1
base-uri 'self'; default-src https:; object-src 'none'; frame-src 'self' *.acronis.com *.salesforceliveagent.com *.driftt.com *.visualize-roi.com *.doubleclick.net optimize.google.com platform.twitter.com syndication.twitter.com vars.hotjar.com widget.trustpilot.com www.facebook.com www.google.com www.youtube.com www.recaptcha.net *.visualwebsiteoptimizer.com app.vwo.com; frame-ancestors 'none'; font-src 'self' *.acronis.com fonts.googleapis.com fonts.gstatic.com script.hotjar.com; style-src 'unsafe-inline' 'self' *.acronis.com cdn.cookielaw.org fonts.googleapis.com optimize.google.com platform.twitter.com tagmanager.google.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; img-src 'self' data: *.acronis.com *.analytics.google.com *.clarity.ms *.facebook.com *.g.cn *.g.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.linkedin.com *.twimg.com *.ytimg.com acronis.events b.6sc.co bat.bing.com c.bing.com c212.net cdn.cookielaw.org maps.gstatic.com media.slapfive.com optimize.google.com p.adsymptotic.com pixel.mathtag.com script.hotjar.com ssl.gstatic.com syndication.twitter.com trkn.us www.gstatic.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com www.mczbf.com alb.reddit.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleapis.com *.gstatic.com; connect-src 'self' ws: *.6sc.co *.6sense.com *.workday.com *.herokuapp.com *.acronis.com *.adnxs.com *.analytics.google.com *.bing.com *.clarity.ms *.fullcircleinsights.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.mutinycdn.com *.onetrust.com *.s3.amazonaws.com *.scarabresearch.com *.schemaapp.com *.sentry.io *.visualize-roi.com *.influ2.com *.linkedin.com 929-hvv-335.mktoresp.com api.greenhouse.io cdn.cookielaw.org maps.googleapis.com cdn.linkedin.oribi.io www.mczbf.com *.visualwebsiteoptimizer.com app.vwo.com www.redditstatic.com 6sense.deian.eu *.mplat-ppcprotect.com *.reddit.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleapis.com *.gstatic.com; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-3526bf274012d750b32decbd46a0e950' *.acronis.com *.googletagmanager.com tagmanager.google.com *.visualize-roi.com optimize.google.com www.google-analytics.com www.googleadservices.com www.googleanalytics.com www.googleoptimize.com *.visualwebsiteoptimizer.com app.vwo.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 1
form-action https:; frame-ancestors https://app.contentful.com https://verkada.teamaligned.com 1
base-uri 'self' *.silverchair.com jamanetwork.com edhub.ama-assn.org www.facebook.com subs-test.ama-assn.org payment.edhub.ama-assn.org; form-action *; frame-ancestors 'self' *.silverchair.com jamanetwork.com edhub.ama-assn.org www.facebook.com subs-test.ama-assn.org payment.edhub.ama-assn.org; object-src 'none'; 1
frame-ancestors 'self' https://kuleuven.be https://*.kuleuven.be https://*.edu.kuleuven.cloud ; 1
default-src 'self' akm-img-a-in.tosshub.com ads.pubmatic.com mab.chartbeat.com pagead2.googlesyndication.com recengine.intoday.in https://embed.indiatoday.in https://trc.taboola.com analytics.google.com feeds.intoday.in adblock-tester.com securepubads.g.doubleclick.net c.amazon-adsystem.com 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src 'self' akm-img-a-in.tosshub.com fonts.gstatic.com 'unsafe-inline' data:; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' * https://www.indiatoday.in fonts.googleapis.com akm-img-a-in.tosshub.com instore-tosshub-com.s3.ap-south-1.amazonaws.com https://vidstat.taboola.com 'unsafe-inline'; frame-src *; media-src * blob:; connect-src * 'self' 'unsafe-inline'; worker-src 'self' 'unsafe-inline' * blob:; 1
base-uri 'self'; block-all-mixed-content; child-src 'self' ; connect-src 'self' *.adobe.io *.adobelogin.com *.services.adobe.com wwwimages2.adobe.com sstats.adobe.com performance.typekit.net wss://performance.typekit.net use.typekit.net p.typekit.net primer.typekit.net api2.branch.io geo-dc.adobe.com prod.adobeccstatic.com *.behance.net ans.oobesaas.adobe.com prod-rel-ffc-ccm.oobesaas.adobe.com dc-api.adobecontent.io files.acrobat.com files-download2.acrocomcontent.com createpdf.acrobat.com/createpdf/api/ *.amazonaws.com prod.wopi.acrobat.adobe.com *.blob.core.windows.net cdn-sharing.adobecc.com files-asr.acrobat.com createpdf-asr.acrobat.com cloud-asr.acrobat.com upload2-asr.files.acrobat.com files-download2-asr.acrocomcontent.com jobtracker-asr.acrobat.com dc-api-v2.adobecontent.io cvs.adobe.com/content/ detect.adobedccdn.com:* *.sentry.io *.adobesign.com *.adobesigncdn.com *.echosign.com *.echocdn.com documents.adobe.com *.documents.adobe.com api.rocketlawyer.com fillsign.acrobat.com/api/ fillsign-asr.acrobat.com comments.acrobat.com send.acrobat.com send-asr.acrobat.com *.demdex.net adobe.tt.omtrdc.net commerce.adobe.com plan.adobe.com odin.adobe.com cdn.cookielaw.org privacyportal.onetrust.com geolocation.onetrust.com/cookieconsentpub/ by2.uservoice.com client.messaging.adobe.com server.messaging.adobe.com graph.microsoft.com *.sharepoint.com api.onedrive.com *.files.1drv.com *.svc.ms *.storage.live.com blob: apis.google.com *.googleapis.com *.googleusercontent.com accounts.google.com/gsi/status accounts.google.com/gsi/log docs.google.com/feeds/ faster.typekit.net express.adobe.com sdk-1p.cc-embed.adobe.com express-embed.adobe.com new.express.adobe.com cc-embed.adobe.com ffc-static-cdn.oobesaas.adobe.com pandora-cdn.adobe.com *.go-mpulse.net *.akstat.io; default-src 'self' *.adobelogin.com/favicon.ico express.adobe.com; font-src 'self' data: *.adobe.com *.typekit.com *.typekit.net *.adobeccstatic.com *.behance.net *.adobesign.com *.adobesigncdn.com *.echosign.com *.echocdn.com fonts.gstatic.com; form-action *.adobelogin.com *.officeapps.live.com login.live.com; frame-src 'self' data: blob: documentcloud.adobe.com acrobat.adobe.com *.adobe.io *.adobelogin.com *.services.adobe.com dc-api.adobecontent.io *.amazonaws.com *.blob.core.windows.net cdn-sharing.adobecc.com dc-api-v2.adobecontent.io *.officeapps.live.com login.live.com *.adobesign.com *.adobesigncdn.com *.echosign.com *.echocdn.com documents.adobe.com *.documents.adobe.com api.rocketlawyer.com *.demdex.net commerce.adobe.com plan.adobe.com www.google.com/recaptcha/ acrobat.uservoice.com video.tv.adobe.com ui.messaging.adobe.com zeonchatclient-va6.cloud.adobe.io *.sharepoint.com api.onedrive.com *.files.1drv.com *.svc.ms content.googleapis.com/static/ accounts.google.com drive.google.com express.adobe.com express-embed.adobe.com new.express.adobe.com quick-actions.express.adobe.com auth-light.identity.adobe.com acrs.adobe.com/requestAccess; img-src 'self' about: blob: data: *.adobe.com p.typekit.net *.adobelogin.com *.acrobat.com *.acrocomcontent.com *.adobecontent.io *.adobe.io *.adobeccstatic.com *.behance.net cdn-sharing.adobecc.com www.facebook.com/tr *.adobesign.com *.adobesigncdn.com *.echosign.com *.echocdn.com api.rocketlawyer.com ab.adobe-identity.com dpm.demdex.net cm.everesttech.net *.googleusercontent.com cdn.cookielaw.org; media-src 'self' ; manifest-src 'self'; script-src 'self' 'unsafe-eval' www.adobe.com wwwimages2.adobe.com *.adobelogin.com use.typekit.com use.typekit.net auth.services.adobe.com prod.adobeccstatic.com *.behance.net www.adobe.com/content/dam/cc/ www.adobe.com/content/dam/dx-dc/ static.adobesigncdn.com assets.adobedtm.com api.demandbase.com/api/v2/ip.json www.adobe.com/marketingtech/ commerce.adobe.com plan.adobe.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.adobe.com/etc/beagle/public/globalnav/adobe-privacy/latest/privacy.min.js www.adobe.com/etc.clientlibs/globalnav/clientlibs/base/privacy-standalone.js cdn.cookielaw.org/scripttemplates/ cdn.cookielaw.org/consent/ cdn.cookielaw.org/logos/ geolocation.onetrust.com/cookieconsentpub/ geo2.adobe.com/json/ widget.uservoice.com by2.uservoice.com client.messaging.adobe.com apis.google.com/js/ accounts.google.com/gsi/client express.adobe.com sdk-1p.cc-embed.adobe.com express-embed.adobe.com new.express.adobe.com cc-embed.adobe.com shared-components.adobe.com pandora-cdn.adobe.com ffc-static-cdn.oobesaas.adobe.com c.go-mpulse.net s.go-mpulse.net 'sha256-2syTLyJaKRWr1+QYQY8N7QGh31qpyUvqa8T93nTzXrQ=' 'sha256-RBNvo1WzZ4oRRq0W9+hknpT7T8If536DEMBg9hyq/4o='; style-src *.adobe.com use.typekit.com use.typekit.net *.adobeccstatic.com *.adobesigncdn.com accounts.google.com/gsi/style pandora-cdn.adobe.com 'self' 'unsafe-inline'; worker-src 'self' ; report-uri https://dc-api.adobe.io/system/csp; 1
frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.hsadspixel.net *.hs-analytics.net *.hubapi.com *.hscta.net *.hubspot.com *.hs-sites.com *.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotvideo.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com *.hubapi.com *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google.de *.googlesyndication.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn-cookieyes.com cookieyes.com *.cookieyes.com *.pingdom.net *.zdassets.com *.zendesk.com wss://*.zopim.com *.zopim.com *.key-systems.net; style-src 'unsafe-inline' 'self' *.hsadspixel.net *.hs-analytics.net *.hubapi.com *.hscta.net *.hubspot.com *.hs-sites.com *.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotvideo.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com *.hubapi.com *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google.de *.googlesyndication.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn-cookieyes.com cookieyes.com *.cookieyes.com *.pingdom.net *.zdassets.com *.zendesk.com wss://*.zopim.com *.zopim.com *.key-systems.net; img-src 'self' *.hsadspixel.net *.hs-analytics.net *.hubapi.com *.hscta.net *.hubspot.com *.hs-sites.com *.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotvideo.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com *.hubapi.com *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google.de *.googlesyndication.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn-cookieyes.com cookieyes.com *.cookieyes.com *.pingdom.net *.zdassets.com *.zendesk.com wss://*.zopim.com *.zopim.com *.key-systems.net api.qrserver.com; connect-src 'self' *.hsadspixel.net *.hs-analytics.net *.hubapi.com *.hscta.net *.hubspot.com *.hs-sites.com *.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotvideo.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com *.hubapi.com *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google.de *.googlesyndication.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn-cookieyes.com cookieyes.com *.cookieyes.com *.pingdom.net *.zdassets.com *.zendesk.com wss://*.zopim.com *.zopim.com *.key-systems.net 1
frame-ancestors https://*.sprinklr.com 1
default-src 'self'; img-src 'self' task.gda.pl *.task.gda.pl; script-src 'self'; 1
frame-ancestors 'self' https://*.zeotap.com; default-src https:; connect-src https://*.zeotap.com wss://*.zeotap.com api.amplitude.com *.googleapis.com config.ff.harness.io; object-src 'none'; font-src * https://fonts.gstatic.com; img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' *.zeotap.com online.tableau.com cdn.amplitude.com static.cloudflareinsights.com; style-src 'unsafe-inline' *.zeotap.com cdnjs.cloudflare.com unpkg.com fonts.googleapis.com 1
default-src 'self' https://cutt.ly https://www.cutt.ly https://www.google.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://cutt.ly https://www.cutt.ly;  img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://*.gstatic.com https://scontent.xx.fbcdn.net https://platform-lookaside.fbsbx.com https://www.facebook.com https://cutt.ly https://www.cutt.ly;  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://platform.twitter.com https://cutt.ly https://www.cutt.ly;  font-src 'self' data: https://fonts.gstatic.com https://platform.twitter.com;  connect-src 'self' https://*.google-analytics.com https://*.facebook.com https://*.fbcdn.net https://graph.facebook.com https://api.twitter.com https://cutt.ly https://www.cutt.ly;  frame-src 'self' https://challenges.cloudflare.com https://www.google.com https://www.facebook.com https://platform.twitter.com;  object-src 'none';  frame-ancestors 'self'; worker-src 'self' blob: https://challenges.cloudflare.com; 1
default-src https:; img-src https: data:; frame-ancestors 'none' 1
default-src 'self' apikeys.civiccomputing.com clapi.civiccomputing.com content.googleapis.com/ https://20.26.48.39 https://fonts.googleapis.com https://fonts.gstatic.com/ https://livechat.ico.org.uk https://webservices.data-8.co.uk player.vimeo.com/ wss://20.26.48.39 wss://livechat.ico.org.uk www.vimeo.com/ www.youtube-nocookie.com/; style-src 'self' 'unsafe-inline' apikeys.civiccomputing.com clapi.civiccomputing.com content.googleapis.com/ https://20.26.48.39 https://fonts.googleapis.com https://fonts.gstatic.com/ https://livechat.ico.org.uk https://webservices.data-8.co.uk player.vimeo.com/ wss://20.26.48.39 wss://livechat.ico.org.uk www.vimeo.com/ www.youtube-nocookie.com/ https://chatbot.ico.org.uk/chat/css/; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.cloudflare.com analytics.silktide.com https://js.monitor.azure.com/scripts/b/ai.2.min.js ajax.aspnetcdn.com/ajax/signalr/jquery.signalr-2.1.2.min.js apikeys.civiccomputing.com apis.google.com/_/scs/apps-static/_/js/ apis.google.com/js/ cc.cdn.civiccomputing.com/8/cookieControl-8.2.min.js cdnjs.cloudflare.com/ajax/libs/FileSaver.js/1.3.8/FileSaver.min.js clapi.civiccomputing.com content.googleapis.com/ https://20.26.48.39 https://apis.google.com https://fonts.googleapis.com https://fonts.gstatic.com/ https://livechat.ico.org.uk https://webservices.data-8.co.uk player.vimeo.com/ webservices.data-8.co.uk/javascript/predictiveaddress.js wss://20.26.48.39 wss://livechat.ico.org.uk www.vimeo.com/ www.youtube-nocookie.com/ https://chatbot.ico.org.uk/chat/js/; img-src 'self' data: https://i.vimeocdn.com/video/ https://icostorageprod.blob.core.windows.net https://our.umbraco.com/ https://dashboard.umbraco.org/ https://umbraco.tv/ apikeys.civiccomputing.com clapi.civiccomputing.com content.googleapis.com/ https://20.26.48.39 https://fonts.googleapis.com https://fonts.gstatic.com/ https://livechat.ico.org.uk https://upload.wikimedia.org https://webservices.data-8.co.uk player.vimeo.com/ wss://20.26.48.39 wss://livechat.ico.org.uk www.vimeo.com/ www.youtube-nocookie.com/ https://chatbot.ico.org.uk/chat/image/ https://chatbot.ico.org.uk/image/; child-src 'self' https://secure6.arcot.com/ https://pay.realexpayments.com/ apikeys.civiccomputing.com https://app.powerbi.com clapi.civiccomputing.com content.googleapis.com/ https://20.26.48.39 https://content.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com/ https://livechat.ico.org.uk https://webservices.data-8.co.uk player.vimeo.com/ wss://20.26.48.39 wss://livechat.ico.org.uk www.vimeo.com/ www.youtube-nocookie.com/ https://chatbot.ico.org.uk/; connect-src 'self' blob: a.eu.silktide.com https://our.umbraco.com/ https://dc.services.visualstudio.com/v2/track apikeys.civiccomputing.com clapi.civiccomputing.com content.googleapis.com/ https://20.26.48.39 https://en.wikipedia.org/ https://fonts.googleapis.com https://fonts.gstatic.com/ https://livechat.ico.org.uk https://webservices.data-8.co.uk https://www.gravatar.com/avatar/ player.vimeo.com/ wss://20.26.48.39 wss://livechat.ico.org.uk www.vimeo.com/ www.youtube-nocookie.com/; media-src 'self' blob: apikeys.civiccomputing.com clapi.civiccomputing.com content.googleapis.com/ https://20.26.48.39 https://fonts.googleapis.com https://fonts.gstatic.com/ https://livechat.ico.org.uk https://webservices.data-8.co.uk  player.vimeo.com/ wss://20.26.48.39 wss://livechat.ico.org.uk www.vimeo.com/ www.youtube-nocookie.com/; object-src 'none'; frame-src *; 1
default-src 'self'; object-src 'none'; connect-src 'self' https://bdr.piwik.pro https://bdr.containers.piwik.pro; img-src 'self' data:; script-src 'self' 'nonce-5091909' https://bdr.piwik.pro https://bdr.containers.piwik.pro; style-src 'self' 'nonce-5091909'; font-src 'self' data:; 1
worker-src blob:; frame-ancestors 'self' https://www.surveymonkey.com https://google.com https://app.asana.com https://blog.asana.com https://academy.asana.com; report-uri https://app.asana.com/-/csp_report; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ajax.aspnetcdn.com https://bat.bing.com https://sjs.bizographics.com https://ct.capterra.com https://googleads.g.doubleclick.net https://ethn.io https://connect.facebook.net https://tracking.g2crowd.com https://www.google-analytics.com https://apis.google.com https://www.googleadservices.com https://*.googleapis.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://ssl.gstatic.com https://script.hotjar.com https://static.hotjar.com https://cdn.jotfor.ms https://form.jotform.us https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://accounts.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://luna1.co https://js.recurly.com https://fast.wistia.com https://fast.wistia.net https://www.youtube.com https://s.ytimg.com https://*.marketo.com https://*.marketo.net https://cdnjs.cloudflare.com https://api.ipify.org https://cdn.pdst.fm https://*.vimeocdn.com https://resources.asana.com https://w58858w0sjxx.statuspage.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://*.logs.datadoghq.com https://www.datadoghq-browser-agent.com https://tagmanager.google.com/debug https://t.contentsquare.net contentsquare.com app.contentsquare.com https://solve-widget.forethought.ai https://cdn.jsdelivr.net/npm/@sheerid/jslib@1/ https://v2.listenloop.com https://boards.greenhouse.io/embed/job_board/js https://www.redditstatic.com/ads/pixel.js https://yjtag.jp/tag.js https://s.yjtag.jp/tag.js https://s.yimg.jp/ https://yjtag.yahoo.co.jp/tag https://analytics.tiktok.com/i18n/pixel/ https://s.pinimg.com/ct/ https://tag.demandbase.com/37001681d9f07945.min.js https://tag.clearbitscripts.com https://x.clearbitjs.com https://b92.yahoo.co.jp/rt/ https://t-antenna.asana.com/ https://scripts.postie.com/wbgboxjj/lp.1.js https://b91.yahoo.co.jp/pagead/ https://b98.yahoo.co.jp/ https://accounts.google.com/gsi/client  https://js.adstk.io/convpixel.js https://a.quora.com/qevents.js https://d34r8q7sht0t9k.cloudfront.net/tag.js https://collector-39548.us.tvsquared.com/tv2track.js https://*.qualified.com https://static.xingcdn.com/xingtrk/index.js https://ct.pinterest.com/static/ct/token_create.js https://*.6sc.co https://*.6sense.com https://js.zi-scripts.com/ 1
report-uri /csp; child-src 'self' 'self' blob:; connect-src *; default-src 'self'; img-src 'self' data: *.facebook.com https://wise.com https://gtm.wise.com https://tw-avatar.s3.eu-central-1.amazonaws.com https://tw-test-avatar-storage.s3.eu-west-1.amazonaws.com https://*.doubleclick.net https://www.googleadservices.com https://alb.reddit.com https://*.yahoo.co.jp https://bat.bing.com https://cx.atdmt.com https://daw291njkc3ao.cloudfront.net https://dq8dwmysp7hk1.cloudfront.net https://d2dgj1jjqgsb96.cloudfront.net https://help.wise.com/ https://platform-lookaside.fbsbx.com https://pixel.pointmediatracker.com https://cnv.event.prod.bidr.io https://q.quora.com https://s3-eu-west-1.amazonaws.com https://t.co https://wise.desk.com https://widgets.wise.com https://www.google-analytics.com https://www.gstatic.com https://i.ytimg.com https://px.ads.linkedin.com https://www.linkedin.com https://aax-eu.amazon-adsystem.com https://www.googletagmanager.com https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.sg https://www.google.com.ph https://www.google.com.my https://www.google.com.mx https://www.google.com.ua https://www.google.com.vn https://www.google.com.tr https://www.google.com.ar https://www.google.com.hk https://www.google.com.pk https://www.google.com.pe https://www.google.com.ng https://www.google.com.cy https://www.google.com.mt https://www.google.com.bd https://www.google.com.eg https://www.google.co.uk https://www.google.co.th https://www.google.co.jp https://www.google.co.nz https://www.google.co.id https://www.google.co.kr https://www.google.co.ve https://www.google.co.in https://www.google.co.il https://www.google.co.za https://www.google.de https://www.google.ca https://www.google.es https://www.google.pl https://www.google.ie https://www.google.ch https://www.google.pt https://www.google.nl https://www.google.it https://www.google.hu https://www.google.fr https://www.google.be https://www.google.ro https://www.google.fi https://www.google.cl https://www.google.cz https://www.google.ae https://www.google.lu https://www.google.se https://www.google.ru https://www.google.at https://www.google.bg https://www.google.ee https://www.google.dk https://www.google.no https://www.google.gr https://www.google.sk https://www.google.lt https://www.google.lv https://www.google.ge https://www.google.hr https://www.google.me *.googleusercontent.com http://wi.se https://wi.se https://collector-20079.tvsquared.com https://analytics.twitter.com https://tr.line.me https://c5.adalyser.com https://pixel.pointmediatracker.com https://cnv.event.prod.bidr.io https://lux.speedcurve.com; font-src 'self' data: https://fonts.gstatic.com https://widgets.wise.com/; object-src 'self'; media-src 'self' https://wise.com/; manifest-src 'self' 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'self' https://wise.com https://gtm.wise.com https://js-agent.newrelic.com https://bam.nr-data.net/ https://ajax.cloudflare.com bat.bing.com https://s.yimg.jp https://*.yahoo.co.jp a.quora.com static.hotjar.com https://script.hotjar.com/ https://collector-20079.tvsquared.com https://d.line-scdn.net www.google.co.uk www.google.com www.googletagmanager.com/ tagmanager.google.com/ https://storage.googleapis.com https://ajax.googleapis.com/ https://microapps.google.com https://microapps-prod-tt.sandbox.google.com googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com static.ads-twitter.com analytics.twitter.com www.snapengage.com insitez.blob.core.windows.net sjs.bizographics.com *.mxpnl.com https://cdn.pdst.fm https://us-central1-adaptive-growth.cloudfunctions.net https://bidr.io https://d2dgj1jjqgsb96.cloudfront.net https://www.redditstatic.com/ads/pixel.js https://snap.licdn.com https://js.adsrvr.org https://c5.adalyser.com https://transferwise.com https://bidr.io https://cdn.speedcurve.com https://lux.speedcurve.com; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com/css tagmanager.google.com/; frame-ancestors 'self' https://wiseturkiye.com.tr https://microapps.google.com https://microapps-prod-tt.sandbox.google.com; frame-src youtube.com www.youtube.com www.youtube-nocookie.com https://vars.hotjar.com https://bid.g.doubleclick.net https://www.googletagmanager.com https://insight.adsrvr.org https://match.adsrvr.org https://wise.com https://transferwise.com; worker-src 'self' blob: 1
default-src https://*.peacocktv.com; form-action https://*.force.com https://*.my.salesforce.com https://*.salesforce-sites.com https://tr.snapchat.com https://*.qualtrics.com; font-src 'self' data: https://*.peacocktv.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.peacocktv.com https://core.spreedly.com https://browser.sentry-cdn.com https://*.salesforceliveagent.com https://*.force.com https://*.my.salesforce.com https://*.salesforce-sites.com https://*.optimizely.com https://nbcstreaming.sc.omtrdc.net https://connect.facebook.net https://static.ads-twitter.com https://analytics.twitter.com https://assets.adobedtm.com https://js.createsend1.com https://www.googletagmanager.com https://nbcuss.demdex.net https://jssdkcdns.mparticle.com https://www.google.com https://googleads.g.doubleclick.net https://platform.twitter.com https://www.googleadservices.com https://www.google-analytics.com https://t.contentsquare.net https://s.pinimg.com https://sc-static.net https://www.redditstatic.com https://analytics.tiktok.com https://pixelb.randi.adswizz.com https://imp.i305175.net https://www.ojrq.net https://logs-01.loggly.com https://peacock.sjv.io https://s0.ipstatp.com https://d.impactradius-event.com https://bid.g.doubleclick.net https://wsdk.rokt.com https://apps.rokt.com https://js.adsrvr.org https://insight.adsrvr.org https://cdn.cookielaw.org https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://bat.bing.com https://*.onetrust.com https://s.yimg.com https://sp.analytics.yahoo.com https://s.amazon-adsystem.com https://c.amazon-adsystem.com https://apps.rokt.com https://p.teads.tv https://a.teads.tv https://s8t.teads.tv https://tr.snapchat.com https://www.paypal.com https://www.clarity.ms https://ct.pinterest.com https://*.qualtrics.com https://client.px-cloud.net; connect-src 'self' localhost:* ws://localhost:* https://*.campaign.adobe.com https://*.peacocktv.com https://core.spreedly.com https://*.force.com https://*.salesforce.com https://*.my.salesforce.com https://*.salesforce-sites.com https://graph.facebook.com https://nbcuss.demdex.net https://identity.mparticle.com https://jssdks.mparticle.com https://createsend.com https://www.createsend.com https://www.facebook.com https://*.ott.sky.com https://sas-apm-prod.telemetry.nbcuott.com https://0d15692193ba43a8a9384fed500b3a1d.apm.us-east-1.aws.cloud.es.io https://sdk.iad-03.appboy.com https://sdk.iad-03.braze.com https://*.contentsquare.net https://*.optimizely.com https://ct.pinterest.com https://nbcstreaming.sc.omtrdc.net https://analytics.tiktok.com https://cdn.cookielaw.org https://*.onetrust.com https://bat.bing.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://tr.snapchat.com https://www.google-analytics.com https://imp.i305175.net https://analytics.twitter.com https://dpm.demdex.net https://ad.doubleclick.net https://s.yimg.com https://sp.analytics.yahoo.com https://s.amazon-adsystem.com https://c.amazon-adsystem.com https://t.teads.tv https://cm.teads.tv https://*.paypal.com https://api.ipify.org https://www.redditstatic.com https://analytics.pangle-ads.com https://*.analytics.google.com https://stats.g.doubleclick.net https://tr6.snapchat.com https://*.clarity.ms https://*.qualtrics.com https://collector-pxj0mh4met.px-cloud.net https://collector-pxj0mh4met.px-cdn.net https://b.px-cdn.net; img-src 'self' data: localhost:* https://peacocktv.com https://*.peacocktv.com https://t.co https://www.facebook.com https://nbcstreaming.sc.omtrdc.net https://www.google.com https://www.google.co.uk https://us-gmtdmp.mookie1.com https://www.google-analytics.com https://*.contentsquare.net https://stats.g.doubleclick.net https://s.pinimg.com https://sc-static.net https://www.redditstatic.com https://analytics.tiktok.com https://pixelb.randi.adswizz.com https://imp.i305175.net https://www.ojrq.net https://logs-01.loggly.com https://peacock.sjv.io https://d.agkn.com https://s0.ipstatp.com https://alb.reddit.com https://ct.pinterest.com https://business.topbuzz.com https://bid.g.doubleclick.net https://wsdk.rokt.com https://apps.rokt.com https://js.adsrvr.org https://insight.adsrvr.org https://cdn.cookielaw.org https://bat.bing.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://*.onetrust.com https://analytics.twitter.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://s.yimg.com https://sp.analytics.yahoo.com https://roost.nbcuni.com https://s.amazon-adsystem.com https://c.amazon-adsystem.com https://t.teads.tv https://cm.teads.tv https://a.teads.tv https://s8t.teads.tv https://www.paypalobjects.com https://*.scene7.com https://ad.doubleclick.net https://cm.everesttech.net https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.peacocktv.com https://*.force.com https://*.salesforce-sites.com https://*.my.salesforce.com https://cdn.cookielaw.org https://*.onetrust.com; media-src 'self' data: blob: localhost:* https://peacocktv.com https://*.peacocktv.com https://roost.nbcuni.com; frame-src https://core.spreedly.com https://*.peacocktv.com https://nbcuss.demdex.net https://*.force.com https://*.my.salesforce.com https://*.salesforce-sites.com https://tr.snapchat.com https://*.fls.doubleclick.net https://td.doubleclick.net https://imp.i305175.net https://bid.g.doubleclick.net https://wsdk.rokt.com https://apps.rokt.com https://js.adsrvr.org https://insight.adsrvr.org https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://peacockprincess22.creativezing.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://tr6.snapchat.com https://pinterest.com http://ct.pinterest.com https://match.adsrvr.org https://s.amazon-adsystem.com https://apps.rokt.com https://p.teads.tv https://a.teads.tv https://www.youtube.com https://*.paypal.com https://*.optimizely.com https://*.qualtrics.com https://open.spotify.com; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self'; font-src 'self' https://www.citrix.com; style-src-elem 'self' https://www.citrix.com 'unsafe-inline' 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io *.contentful.com bid.g.doubleclick.net *.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net https://*.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net *.contentful.com 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com images.ctfassets.net https://cdn.jsdelivr.net https://unpkg.com/@rive-app/canvas@2.10.1/rive.wasm *.litix.io https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com https://*.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' 'sha256-cc60iDuEUKTNkKYpz2vlEgGOssRRzDfo9rv0YBux2ak=' https://app.getreprise.com *.litix.io *.contentful.com https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com 'strict-dynamic' 'nonce-ZTc2YzE2ZTItOTIyZi00MjMyLWE0YTEtOTJjNDJmYmUyNTJj'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
default-src data: blob: https://*.fbcdn.net https://*.facebook.com *.fbsbx.com *.messenger.com;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' *.messenger.com https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *.facebook.com *.fbcdn.net *.messenger.com;connect-src http://localhost:3103 *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' *.messenger.com wss://*.messenger.com www.messenger.com wss://*.messenger.com:* https://*.google-analytics.com;font-src *.messenger.com *.facebook.com https://*.fbcdn.net data: https://fonts.gstatic.com;img-src *.fbcdn.net https://*.facebook.com cdninstagram.com *.cdninstagram.com data: *.fbsbx.com *.messenger.com messenger.com blob: android-webview-video-poster: *.xx.fbcdn.net https://messenger.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://*.google-analytics.com;media-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.cdninstagram.com blob: https://*.giphy.com;frame-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.cdninstagram.com blob: *.doubleclick.net; 1
default-src 'self'; script-src 'self' analytics.hcaptcha.com a.hcaptcha.com js.hcaptcha.com newassets.hcaptcha.com assets.website-files.com assets-global.website-files.com d3e54v103j8qbb.cloudfront.net hcaptcha.com static.cloudflareinsights.com intuitionmachines.widget.insent.ai embed.typeform.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' assets-global.website-files.com embed.typeform.com 'unsafe-hashes'; object-src 'self' uploads-ssl.webflow.com; base-uri 'self'; connect-src 'self' analytics.hcaptcha.com a.hcaptcha.com accounts.hcaptcha.com newassets.hcaptcha.com assets.hcaptcha.com webflow.com cloudflareinsights.com; font-src 'self' embed.typeform.com data:; frame-src 'self' newassets.hcaptcha.com assets.hcaptcha.com intuitionmachines.widget.insent.ai embed.typeform.com form.typeform.com; img-src 'self' assets.website-files.com assets-global.website-files.com uploads-ssl.webflow.com embed.typeform.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-ancestors 'self' newassets.hcaptcha.com assets.hcaptcha.com a.hcaptcha.com dashboard.hcaptcha.com intuitionmachines.widget.insent.ai embed.typeform.com; upgrade-insecure-requests 1
media-src 'self' https: blob:; connect-src 'self' https: wss://www.fool.com wss://*.33across.com wss://*.hotjar.com https://api.pink-boat.fool.com; img-src 'self' data: https: https://g.foolcdn.com https://optimize.google.com https://www.google-analytics.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com https: https://evs.pink-boat.fool.com; default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https:; upgrade-insecure-requests; style-src 'self' data: 'unsafe-inline' https: http://fonts.googleapis.com https://fonts.googleapis.com https://optimize.google.com; frame-src 'self' https: https://optimize.google.com; font-src 'self' data: https: https://fonts.gstatic.com 1
default-src 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: about: miroapp: wss: ws: *; frame-src 'unsafe-inline' 'unsafe-eval' data: blob: miroapp: *; base-uri 'unsafe-inline' about: data: *; form-action 'unsafe-inline' data: post-it-alpha: post-it: com.mmm.postit.miro: *; worker-src 'unsafe-inline' data: blob: miroapp: *; report-uri https://s.realtimeboard.com/api/25/security/?sentry_key=fb5e3001534f453e85d1771b1088b293&sentry_environment=production; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://go.dashlane.com https://vercel.live https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com http://connect.facebook.net https://heapanalytics.com https://cdn.heapanalytics.com https://cm.g.doubleclick.net https://bid.g.doubleclick.net/ https://googleads.g.doubleclick.net https://d2c7xlmseob604.cloudfront.net https://www.googleadservices.com/pagead/ http://munchkin.marketo.net https://www.google.com https://platform.twitter.com https://ajax.googleapis.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://snap.licdn.com https://*.driftt.com http://*.adroll.com/ https://*.dca0.com/ http://cdn.bizible.com/ https://unpkg.com/ https://*.marker.io/ https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.teads.tv https://bat.bing.com http://static.ads-twitter.com https://s.pinimg.com https://www.redditstatic.com https://a.quora.com http://*.liadm.com https://a.omappapi.com https://tag.clearbitscripts.com http://j.6sc.co https://s3.eu-west-1.amazonaws.com https://ampcid.google.com https://ampcid.google.fr https://ct.pinterest.com; child-src 'self' blob:; style-src 'self' 'unsafe-inline' http://go.dashlane.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://translate.googleapis.com https://*.omappapi.com; font-src 'self' data: https://fonts.gstatic.com https://static3.avast.com https://www.clearplay.com; connect-src 'self' blob: https://ripleyprd.wpengine.com https://*.dashlane.com https://*.dashlane.com:* https://vitals.vercel-insights.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://www.googletagmanager.com https://heapanalytics.com https://api.smartling.com https://stats.g.doubleclick.net http://*.mktoresp.com https://go.dashlane.com https://www.facebook.com https://403-exy-689.mktoutil.com https://*.adroll.com/ https://*.dca0.com/ https://assets1.lottiefiles.com/ https://d38muu3h4xeqr1.cloudfront.net https://cdn.linkedin.oribi.io https://*.marker.io/ https://vercel.live https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.teads.tv https://bat.bing.com http://static.ads-twitter.com https://s.pinimg.com https://www.redditstatic.com https://a.quora.com http://*.liadm.com https://*.omappapi.com https://tag.clearbitscripts.com http://j.6sc.co https://s3.eu-west-1.amazonaws.com https://ampcid.google.com https://ampcid.google.fr https://ct.pinterest.com http://c.6sc.co https://ipv6.6sc.co https://api.chilipiper.com https://api.greenhouse.io/v1/boards/dashlane/embed/jobs https://px.ads.linkedin.com/ https://pixel-config.reddit.com/ https://ampcid.google.com.br/; frame-src 'self' http://go.dashlane.com http://youtube.com https://www.facebook.com https://*.doubleclick.net https://www.googleadservices.com https://www.youtube.com https://www.slideshare.net/ https://platform.twitter.com https://giphy.com https://*.driftt.com https://d38muu3h4xeqr1.cloudfront.net/ https://*.marker.io/ https://ct.pinterest.com/ https://*.teads.tv https://dashlane.chilipiper.com; img-src 'self' data: *; manifest-src 'self'; media-src 'self' data: https://ripleyprd.wpengine.com https://*.driftt.com; object-src 'self'; worker-src 'self' blob:; base-uri ; block-all-mixed-content; frame-ancestors 'self'; report-uri https://api.dashlane.com/v1/monitoring/ReportCSPViolation; report-to endpoint-report-csp-violation; 1
default-src *;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline' blob:;img-src * data: blob:;media-src * data:;font-src * data: https: 1
default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://*.nuance.com https://*.wf.com https://*.google.com; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://www.facebook.com https://cx.atdmt.com https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://*.mworld.com https://*.postrelease.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://*.advanced-web-analytics.com https://iframe.arkoselabs.com https://*.doubleclick.net; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nuance.com; script-src 'nonce-61ddd68c-a683-4027-84b8-42850cc73348' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.nuance.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp 1
frame-ancestors 'self' https://afiliados.locaweb.com.br 1
frame-ancestors 'self' www.lgechat.com lgechat.com *.lgsolutions.com b2bmkt.lge.com; 1
report-uri https://gcp.api.snapchat.com/web-reporting/report;report-to main-endpoint 1
frame-ancestors *.gallupatwork.com *.gallupatwork.au *.gallupatwork.sg *.gallupatwork.uk *.gallup.com 1
default-src data: blob: *.threads.net *.instagram.com *.facebook.com *.fbcdn.net;script-src 'unsafe-inline' blob: data: 'self' 'unsafe-eval' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* static.cdninstagram.com;style-src data: blob: 'unsafe-inline' *.fbcdn.net *.threads.net *.facebook.com *.instagram.com static.cdninstagram.com;connect-src blob: 'self' *.threads.net wss://*.threads.net:* *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* *.instagram.com *.cdninstagram.com wss://*.instagram.com:*;font-src data: static.cdninstagram.com;img-src data: blob: android-webview-video-poster: *.threads.net *.instagram.com *.facebook.com *.fbcdn.net *.cdninstagram.com about.fb.com engineering.fb.com *.fbsbx.com pps.whatsapp.net *.giphy.com https://www.gstatic.com;media-src data: blob: android-webview-video-poster: *.threads.net *.instagram.com *.facebook.com *.fbcdn.net *.cdninstagram.com *.fbsbx.com https://*.giphy.com https://www.gstatic.com;frame-src 'self' *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; 1
default-src 'none'; connect-src 'self'  https://medlineplus.gov www.google-analytics.com stats.g.doubleclick.net *.crazyegg.com *.qualtrics.com; font-src 'self' data: https://medlineplus.gov ; media-src 'self' https://medlineplus.gov ; worker-src 'self' blob: https://medlineplus.gov ; frame-src https://medlineplus.gov  www.googletagmanager.com https://platform.twitter.com:443 https://syndication.twitter.com:443; frame-ancestors 'self' https://guides.nnlm.gov https://medlineplus.gov; img-src 'self' data: https://medlineplus.gov https://accreditnet.urac.org https://www.urac.org https://content.govdelivery.com https://ssl.adam.com/ www.google-analytics.com www.googletagmanager.com gtrk.s3.amazonaws.com stats.g.doubleclick.net https://syndication.twitter.com:443 https://platform.twitter.com:443 *.twimg.com *.qualtrics.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://medlineplus.gov  https://content.govdelivery.com https://platform.twitter.com:443 syndication.twitter.com https://dap.digitalgov.gov *.crazyegg.com www.google-analytics.com www.googletagmanager.com *.cloudfront.net *.nlm.nih.gov ajax.googleapis.com cdn.syndication.twimg.com *.qualtrics.com; style-src 'self' 'unsafe-inline' https://medlineplus.gov  https://content.govdelivery.com https://platform.twitter.com:443; object-src 'none'; upgrade-insecure-requests; report-uri https://nlmoccs.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' http: https: data: blob:;script-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval';style-src 'self' https: data: 'unsafe-inline';img-src 'self' https: data: blob:;media-src 'self' https: http: blob: data:;connect-src http: https: ws: wss: 1
frame-ancestors 'self' esbroadcom.lookbookhq.com mfbroadcom.lookbookhq.com; script-src 'self' data: blob: https://script.crazyegg.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://ajax.googleapis.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://searchunify.com https://searchunify.broadcom.com https://tag.demandbase.com/9a4d64cf696797e4.min.js https://tag.demandbase.com *.adroll.com *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com *.brightcove.com *.brightcove.net https://images.sw.broadcom.com 'nonce-ZTUwNzJhYmU1Yg/YWQxYmNhYWFhYjRiMDU='; object-src 'self'; 1
default-src 'self' https://www.freebsd.org/ https://docs.freebsd.org/; style-src 'self' https://www.freebsd.org/ https://docs.freebsd.org/ 'unsafe-inline'; script-src 'self' https://www.freebsd.org/ https://docs.freebsd.org/ https://ssl.google-analytics.com/ga.js 'unsafe-inline' resource: data: blob:; img-src 'self' https://www.freebsd.org/ https://docs.freebsd.org https://ssl.google-analytics.com/ https://chart.googleapis.com/ data: blob:; upgrade-insecure-requests 1
default-src 'self'           *.weather.gov *.noaa.gov           code.jquery.com           cdn.gov.cfigroup.com           s.go-mpulse.net           *.digitalgov.gov           *.google-analytics.com           www.googletagmanager.com           *.arcgis.com *.arcgisonline.com            *.google.com           *.youtube.com *.youtube-nocookie.com           *.twitter.com *.x.com           *.facebook.com           data: * mediastream: * blob: * about: * 'unsafe-eval' 'unsafe-inline'     1
base-uri 'none'; child-src *.shipt.com *.adsrvr.org *.criteo.com *.criteo.net *.doubleclick.net *.googlesyndication.com *.kampyle.com *.medallia.com *.pinterest.com *.recruitics.com *.sprinklr.com *.use1.pure.cloud *.visammg.com apps.rokt.com hooks.stripe.com js.stripe.com recaptcha.google.com request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com tr.snapchat.com www.youtube.com csxd.shipt.com 'self' blob:; connect-src 'self' *.bing.com *.branch.io *.clarity.ms *.contentsquare.net *.criteo.com *.criteo.net *.doubleclick.net *.dynatrace.com *.google.com google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.kampyle.com *.medallia.com *.mouseflow.com *.shipt.com *.sprinklr.com *.use1.pure.cloud *.bugsnag.com d37hm4w715hh7d.cloudfront.net adservice.google.com analytics.tiktok.com api.segment.io api.stripe.com js.stripe.com cdn.segment.com connect.facebook.net ct.pinterest.com s.yimg.com tr.snapchat.com wss://*.sprinklr.com www.facebook.com www.googletagmanager.com zapier.com https://p2blobstore.blob.core.windows.net; font-src 'self' data: *.kampyle.com *.medallia.com *.sprinklr.com *.shipt.com; form-action *.facebook.com *.shipt.com accounts.google.com appleid.apple.com ct.pinterest.com tr.snapchat.com; frame-ancestors *.shipt.com; img-src 'self' data: blob: *; object-src 'none'; script-src 'self' 'report-sample' *.bing.com *.clarity.ms *.criteo.com *.criteo.net *.dstillery.com *.doubleclick.net *.googlesyndication.com *.hlserve.com *.kampyle.com *.medallia.com *.media6degrees.com *.recruitics.com *.shipt.com *.sprinklr.com *.use1.pure.cloud *.dynatrace.com adserver.pandora.com analytics-sm.com js.adsrvr.org s.pinimg.com ct.pinterest.com sc-static.net ajax.cloudflare.com analytics.tiktok.com app.contentsquare.com apps.rokt.com dhqbrvplips7x.cloudfront.net app.link connect.facebook.net cdn.branch.io cdn.mouseflow.com cdn.segment.com js.stripe.com maps.googleapis.com p2blobstore.blob.core.windows.net request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com t.contentsquare.net tr.snapchat.com snap.licdn.com web.btncdn.com www.google.com/recaptcha/ www.googleadservices.com www.googletagmanager.com www.gstatic.com/recaptcha/ s.yimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.kampyle.com *.medallia.com *.shipt.com; worker-src 'self' blob:; default-src 'self'; upgrade-insecure-requests; media-src 'self' *.shipt.com *.use1.pure.cloud *.sprinklr.com 1
frame-ancestors *.icann.org 1
frame-ancestors 'self' pmt.honeywell.com sps.honeywell.com ppe.sps.honeywell.com; 1
default-src http: https: data: blob:; media-src http: https: data: blob:; img-src http: https: data: blob:; script-src http: https: data: 'self' 'unsafe-inline' assets.adobedtm.com players.brightcove.net edge.api.brightcove.com metrics.brightcove.com vjs.zencdn.net edge-player.wirewax.com manifest.prod.boltdns.net bcboltbde696aa-a.akamaihd.net cdn.cookielaw.org; style-src http: https: data: 'self' 'unsafe-inline' assets.adobedtm.com players.brightcove.net players.brightcove.net edge.api.brightcove.com metrics.brightcove.com vjs.zencdn.net edge-player.wirewax.com manifest.prod.boltdns.net bcboltbde696aa-a.akamaihd.net cdn.cookielaw.org; connect-src http: https: data:; worker-src http: https: data: blob:; font-src http: https: data:; frame-ancestors ey.com www.ey.com beta.ey.com apps.ey.com aemapps-preview.ey.com aemapps.ey.com; 1
frame-ancestors 'self' https://braze.com https://*.braze.com https://braze.co.jp https://www.braze.co.jp 1
script-src 'nonce-0419f7d69f35414096af284d02ffb3cc' 'strict-dynamic' 'wasm-unsafe-eval' 'unsafe-eval' *.bdxiguastatic.com *.bytescm.com *.bytetos.com *.toutiao.com *.ibytedapm.com bdxiguastatic.com *.bytedance.net *.bytegoofy.com;connect-src 'self' http://localhost:25171 vc-gate.ndcpp.com *.hypercachenet.com:* *.ugslb.com *.vvipquan.com *.livehwc3.cn *.smtcdns.net *.bytefcdnrd.com zone1-services-cdn.com *.yhgfb-cn-static.com skincareadvertsking.com infragrid.v.network *.ksyungslb.com *.ksyungslb2.com  code.jquery.com ws://127.0.0.1:* www.wetab.link *.toutiaostatic.com *.douyinvod.com meetlookup.com *.sinaimg.cn xg.eggvod.cn tl.ytlogs.ru ocs-cn-north1.heytapcs.com analytics.google.com scriptcat.org tvax2.sinaimg.cn test.jpnet.cc q.qlogo.cn greasyfork.org translate.googleapis.com stats.g.doubleclick.net chrome-tools.shank.ifeng.com v7.pstatp.com wv.china.expressplay.cn cdnmd.global-cache.online safe.usergrowth.com.cn hm.baidu.com *.byteacctimg.com *.tbcache.com *.jomodns.com *.volcsiriusbd.com:* *.volcsirius.com:* *.bsgslb.cn:* *.zzcdnx.com:* *.bsccdn.net:* *.ourdvsss.com:* *.idouyinvod.com:* *.snssdk.com *.volcimagex.net *.bdxiguaimg.com *.toutiaoimg.com *.bytedance.com *.bdxiguastatic.com *.ixigua.com *.byteeffecttos.com *.itoutiaoimg.com *.toutiao.com *.365yg.com *.govwza.cn trans.xdtsmart.com *.douyinpic.com wx.qlogo.cn *.google-analytics.com *.zijieapi.com *.byteimg.com *.bytescm.com *.bytedance.net *.bytegoofy.com;report-to slardar-endpoint;upgrade-insecure-requests 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-SmIqJx+MRgTjerVZ/wzRQXcPp3VZOo' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
default-src 'self' https:; font-src 'self' https://hover-assets.s3.ca-central-1.amazonaws.com/ https://s3.ca-central-1.amazonaws.com/hover-assets/ https://fonts.gstatic.com/ https://p1.answerdash.com/ https://maxcdn.bootstrapcdn.com/; img-src 'self' data: https://hover-assets.s3.ca-central-1.amazonaws.com/ https://s3.ca-central-1.amazonaws.com/hover-assets/ https://*.paypal.com/ https://www.facebook.com/ https://connect.facebook.net/ https://www.linkedin.com/ https://px.ads.linkedin.com/ https://px4.ads.linkedin.com https://chart.googleapis.com/ https://www.google.com/ https://www.google.ca/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://*.zopim.io/ https://api.smooch.io/ https://hover.zendesk.com/ https://*.licdn.com/ https://*.hsforms.net/ https://*.hsforms.com/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ad.doubleclick.net/ https://hover-assets.s3.ca-central-1.amazonaws.com/ https://s3.ca-central-1.amazonaws.com/hover-assets/ https://*.google-analytics.com/ https://www.googleadservices.com/ https://*.googletagmanager.com/ https://www.google.com/ https://www.gstatic.com https://*.braintreegateway.com/ https://*.paypal.com/ https://*.marketingsolutions.yahoo.com/ https://cdnjs.cloudflare.com/ https://www.paypalobjects.com/ https://browser.sentry-cdn.com/ https://sentry.io/ https://p1.answerdash.com/ https://utt.impactcdn.com/ https://*.impact.com/ https://hover-affiliates.pxf.io/ https://d33wwcok8lortz.cloudfront.net/ https://snap.licdn.com/ https://px.ads.linkedin.com/ https://connect.facebook.net/ https://static.zdassets.com/ https://api.smooch.io/ https://hover.zendesk.com/ https://googleads.g.doubleclick.net/ https://*.hscollectedforms.net/ https://*.hsleadflows.net/ https://*.hsforms.net/ https://*.hsforms.com/; style-src 'self' 'unsafe-inline' https://*.braintreegateway.com/ https://hover-assets.s3.ca-central-1.amazonaws.com/ https://s3.ca-central-1.amazonaws.com/hover-assets/ https://p1.answerdash.com/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://*.paypal.com/; frame-src 'self' https://assets.braintreegateway.com/ https://td.doubleclick.net/ https://hover-affiliates.pxf.io/ https://www.ojrq.net/ https://*.fls.doubleclick.net/ https://*.kaptcha.com/ https://*.paypal.com/ https://*.hsforms.net/ https://*.hsforms.com/; connect-src 'self' https://*.google-analytics.com/ https://*.analytics.google.com/ https://*.googletagmanager.com/ https://analytics.google.com/ https://pagead2.googlesyndication.com/ https://px.ads.linkedin.com/ https://*.braintree-api.com/ https://*.braintreegateway.com/ https://client-analytics.braintreegateway.com/ https://*.paypal.com/ https://api.smooch.io/ https://hover.zendesk.com/ https://ekr.zdassets.com/ https://ad.doubleclick.net/ https://stats.g.doubleclick.net/ wss://widget-mediator.zopim.com/ https://cdn.linkedin.oribi.io/ https://sentry.io/ https://www.facebook.com/ https://*.hscollectedforms.net/ https://*.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com; media-src 'self' https://px.ads.linkedin.com/ https://static.zdassets.com/ 1
report-uri /csp-violation; default-src 'self' https://*.huntress.io https://huntresscdn.com https://static.huntresscdn.com; font-src 'self' data: https://fonts.gstatic.com https://beacon-v2.helpscout.net https://huntresscdn.com https://static.huntresscdn.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://beacon-v2.helpscout.net https://checkout.stripe.com https://huntresscdn.com https://static.huntresscdn.com https://static.hotjar.com https://script.hotjar.com https://api.canny.io; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://checkout.stripe.com https://huntresscdn.com https://static.huntresscdn.com; script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://www.google-analytics.com https://www.googletagmanager.com https://static.hotjar.com/ https://script.hotjar.com https://beacon-v2.helpscout.net https://d12wqas9hcki3z.cloudfront.net https://d33v4339jhl8k0.cloudfront.net https://checkout.stripe.com https://js.stripe.com https://canny.io https://api.canny.io https://assets.canny.io https://static.zdassets.com https://ekr.zdassets.com https://huntress.zendesk.com https://widget-mediator.zopim.com https://api.smooch.io https://huntresscdn.com https://static.huntresscdn.com; connect-src 'self' https://*.huntress.io https://huntress-user-uploads.s3.amazonaws.com https://*.google-analytics.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://d3hb14vkzrxvla.cloudfront.net https://beaconapi.helpscout.net https://chatapi.helpscout.net wss://*.pusher.com https://*.sumologic.com https://checkout.stripe.com https://js.stripe.com https://canny.io https://*.canny.io wss://*.canny.io https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://huntress.zendesk.com https://*.zopim.com https://api.smooch.io wss://huntress.zendesk.com wss://*.zopim.com wss://api.smooch.io https://sessions.bugsnag.com https://notify.bugsnag.com https://huntresscdn.com https://static.huntresscdn.com https://us-autocomplete-pro.api.smartystreets.com https://international-autocomplete.api.smarty.com https://webhooks.fivetran.com; frame-src 'self' https://www.google.com https://www.recaptcha.net https://beacon-v2.helpscout.net https://checkout.stripe.com https://js.stripe.com https://canny.io https://changelog-widget.canny.io https://app.datadoghq.com; object-src 'self' https://beacon-v2.helpscout.net; img-src 'self' data: https://*.huntress.io https://huntress-user-uploads.s3.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com https://static.hotjar.com/ https://script.hotjar.com https://*.gravatar.com https://beacon-v2.helpscout.net https://d33v4339jhl8k0.cloudfront.net https://linkmaker.itunes.apple.com https://*.stripe.com https://static.zdassets.com https://ekr.zdassets.com https://huntress.zendesk.com https://*.zopim.io https://*.zdusercontent.com https://media.smooch.io https://huntresscdn.com https://static.huntresscdn.com https://s3-eu-west-1.amazonaws.com https://tiles.stadiamaps.com; media-src 'self' https://beacon-v2.helpscout.net https://static.zdassets.com https://ekr.zdassets.com https://huntress.zendesk.com https://*.zopim.io https://*.zdusercontent.com https://huntresscdn.com https://static.huntresscdn.com 1
frame-ancestors 'self'; default-src blob: https: data: *.sprinklr.com wss://*.sprinklr.com *.liveperson.net wss://*.liveperson.net 'unsafe-inline' 'unsafe-eval'; 1
style-src * blob: 'unsafe-inline'; script-src * blob: 'unsafe-inline' 'unsafe-eval'; worker-src * blob:; frame-ancestors 'self' http://*.carwale.com https://*.carwale.com https://*.bikewale.com https://*.cartrade.com https://*.lead2retail.in https://*.autobiz.in https://lms.bgauss.com; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thoughtco.com 1
default-src 'none'; media-src 'self' https://videos.ctfassets.net:*; script-src-elem 'self' 'nonce-7939b348-b417-4635-9e6e-3e4836d97ac4' https://transcend-cdn.com/cm/fa619274-3c15-4155-bbec-c0cb75733259/airgap.js https://transcend-cdn.com/cm/fa619274-3c15-4155-bbec-c0cb75733259/ui.js https://transcend-cdn.com/cm/fa619274-3c15-4155-bbec-c0cb75733259/xdi.js 'unsafe-hashes' 'sha256-cdFvGnPvdeavqCupE0X1iKxDb2jmBXXTGmE6AcHOk+c=' 'sha256-yT/s9zf56jX7wyB2f+yhxGo0VBoDnFqMx5qPvh0jvgQ=' 'sha256-TQ9lqihfbMvC+yQs4RAPRBe8No3FB3+MYPxT/OnPn/A=' 'sha256-ep0lyBO1i+WpsX2W3CxFRXjI+Hxg1zdLj+K4nN4Yzdk='; script-src 'self' 'wasm-unsafe-eval' 'nonce-7939b348-b417-4635-9e6e-3e4836d97ac4' https://transcend-cdn.com/cm/fa619274-3c15-4155-bbec-c0cb75733259/airgap.js https://transcend-cdn.com/cm/fa619274-3c15-4155-bbec-c0cb75733259/ui.js https://transcend-cdn.com/cm/fa619274-3c15-4155-bbec-c0cb75733259/xdi.js; style-src 'self' 'nonce-7939b348-b417-4635-9e6e-3e4836d97ac4' https://transcend-cdn.com 'unsafe-hashes' 'sha256-oV3jdqk8GO/BUZSwos543OlGzhzxD3uMNE23EaxYMEQ=' 'sha256-/4tktfVAle+8ojynlFnhze1lbgwtFnndScvcHIucgqc=' 'sha256-zlqnbDt84zf1iSefLU/ImC54isoprH/MRiVZGskwexk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-7JyL1A8Kywti3E1sWTTspFukJsEOqlNFJPIxVimWbAQ='; style-src-elem 'self' 'nonce-7939b348-b417-4635-9e6e-3e4836d97ac4' https://transcend-cdn.com 'unsafe-hashes' 'sha256-oV3jdqk8GO/BUZSwos543OlGzhzxD3uMNE23EaxYMEQ=' 'sha256-/4tktfVAle+8ojynlFnhze1lbgwtFnndScvcHIucgqc=' 'sha256-zlqnbDt84zf1iSefLU/ImC54isoprH/MRiVZGskwexk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-7JyL1A8Kywti3E1sWTTspFukJsEOqlNFJPIxVimWbAQ='; style-src-attr 'unsafe-inline'; connect-src 'self' https://unpkg.com/@rive-app/canvas@2.7.6/rive.wasm https://assets.ctfassets.net:* https://start.1password.com https://start.1password.ca https://start.1password.eu https://www.google-analytics.com https://9gnqx00du4.execute-api.us-east-1.amazonaws.com/prod/contact_us https://us.app.unleash-hosted.com https://flow.1passwordservices.com https://telemetry.transcend.io/collect https://rum.browser-intake-datadoghq.com https://sst.1passwordservices.com https://c.6sc.co https://ipv6.6sc.co https://b.6sc.co https://epsilon.6sense.com https://transcend-cdn.com; manifest-src 'self'; font-src 'self'; object-src 'self'; img-src 'self' blob: http://images.ctfassets.net:* https://images.ctfassets.net:* https://www.google.com https://www.google-analytics.com https://sst.1passwordservices.com https://stats.g.doubleclick.net https://insight.adsrvr.org https://px.mountain.com https://b.6sc.co; child-src https://www.youtube-nocookie.com https://secure.livechatinc.com; frame-src https://www.youtube-nocookie.com https://www.youtube-nocookie.com/embed https://secure.livechatinc.com https://player.vimeo.com https://insight.adsrvr.org https://match.adsrvr.org https://drift.1passwordservices.com https://sync-transcend-cdn.com https://www.figma.com; form-action 'self' https://start.1password.com https://flow.1passwordservices.com; prefetch-src 'self' https://app.1password.com https://app.1password.ca https://app.1password.eu; frame-ancestors https://*.1passwordservices.com https://*.1password.com https://*.1password.ca https://*.1password.eu https://main.1pstage.com; report-uri https://csp.1passwordservices.com/report?tags=1pw_prd; report-to csp-endpoint 1
default-src 'unsafe-inline' 'unsafe-eval' data: blob: *; frame-ancestors 'self' 1
frame-ancestors 'self' https://*.clickup.com 1
frame-ancestors https://playersupport.my.salesforce.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thebalancemoney.com 1
default-src https:;connect-src https:;font-src https: data:;frame-src http: https:;img-src https: data:;media-src https: data: blob:;object-src 'none';script-src 'unsafe-inline' 'unsafe-eval' https:;style-src 'unsafe-inline' https:; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellmind.com 1
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; 1
default-src https 'self'; child-src * data: blob:; connect-src 'self' blob: www.dropbox.com api.dropboxapi.com s3.amazonaws.com/gumroad s3.amazonaws.com/gumroad/ gumroad-public-storage.s3.amazonaws.com gumroad-public-storage.s3.amazonaws.com/ s3.amazonaws.com/gumroad-public-storage s3.amazonaws.com/gumroad-public-storage/ www.google.com www.gstatic.com *.facebook.com *.facebook.net *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com analytics.google.com *.analytics.google.com files.gumroad.com/ d1bdh6c3ceakz5.cloudfront.net/ *.braintreegateway.com www.paypalobjects.com *.paypal.com *.braintree-api.com iframe.ly app.gumroad.com; font-src * data: blob:; frame-src * data: blob:; img-src * data: blob:; media-src * data: blob:; object-src * data: blob:; script-src 'self' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com js.stripe.com api.stripe.com *.braintreegateway.com *.braintree-api.com www.paypalobjects.com *.paypal.com *.google-analytics.com *.googletagmanager.com optimize.google.com www.googleadservices.com www.google.com www.gstatic.com *.facebook.net *.facebook.com www.dropbox.com s.ytimg.com cdn.iframe.ly platform.twitter.com cdn.jwplayer.com *.jwpcdn.com gumroad.us3.list-manage.com analytics.twitter.com app.gumroad.com assets.gumroad.com 'nonce-RXQL0FGkO0Y+iMfzUgngfHTLZhZAhrWv48vutpt1HyQ=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' s.ytimg.com optimize.google.com assets.gumroad.com; worker-src * data: blob: 1
frame-ancestors 'self' https://blog.hootsuite.com https://app.contentful.com https://hootsuite.com https://staging.hootsuite.com/; report-uri https://o3805.ingest.sentry.io/api/6608832/security/?sentry_key=f44c14ec894c4667b3fd34b84042794d 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io *.contentful.com bid.g.doubleclick.net *.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net https://*.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net *.contentful.com 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com images.ctfassets.net https://cdn.jsdelivr.net https://unpkg.com/@rive-app/canvas@2.10.1/rive.wasm *.litix.io https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com https://*.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' 'sha256-cc60iDuEUKTNkKYpz2vlEgGOssRRzDfo9rv0YBux2ak=' https://app.getreprise.com *.litix.io *.contentful.com https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com 'strict-dynamic' 'nonce-NjY0OWM5MGYtNTE5Ny00OGM2LWIyNTktOTgyYTBiMjIwZmZl'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' features.hrw.org www.googletagmanager.com www.googleadservices.com connect.facebook.net static.ads-twitter.com analytics.twitter.com googleads.g.doubleclick.net *.clarity.ms js-agent.newrelic.com bam.nr-data.net www.instagram.com ajax.googleapis.com www.google-analytics.com code.jquery.com cdn.syndication.twimg.com maxcdn.bootstrapcdn.com www.youtube.com www.google.com maps.google.com maps.googleapis.com fast.wistia.net fast.wistia.com www.giftcalcs.com open-analytics.hrw.org open-analytics-dashboard.hrw.org www.googleanalytics.com www.googleoptimize.com *.crazyegg.com blob: https://cdn.jsdelivr.net https://cdnjs.cloudflare.com platform.twitter.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 'report-sample' features.hrw.org maxcdn.bootstrapcdn.com ton.twimg.com platform.twitter.com fonts.googleapis.com open-analytics-dashboard.hrw.org *.crazyegg.com blob: *.typekit.net fast.fonts.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline' 'report-sample'; frame-ancestors 'self' features.hrw.org 1
frame-ancestors 'self' http://tanium.lookbookhq.com https://tanium.lookbookhq.com http://tanium.pathfactory.com https://tanium.pathfactory.com *.tanium.com 1
frame-ancestors 'self' https://*.sproutsocial.com https://sproutsocial.com; 1
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com 1
default-src 'self' *.onetrust.com *.oribi.io *.facebook.com *.google-analytics.com *.doubleclick.net; font-src *;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; manifest-src *; connect-src *; frame-src *; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellhealth.com 1
default-src https:; img-src 'self' data: https:; script-src 'unsafe-inline' https:;style-src 'unsafe-inline' https:; object-src 'self' https:; font-src https: data:; worker-src blob:; connect-src https:; 1
media-src 'self' data: blob: https://*.pscp.tv/ https://*.periscope.tv/ https://*.global.ssl.fastly.net https://*.twimg.com https://*.video.pscp.tv; img-src 'self' data: blob: https://*.pscp.tv/ https://*.periscope.tv/ https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com/prod-periscope-profile/ https://*.twimg.com https://*.googleusercontent.com https://scontent.xx.fbcdn.net https://*.bugsnag.com https://*.google-analytics.com; default-src 'self' blob: https://*.global.ssl.fastly.net https://*.pscp.tv/ https://*.periscope.tv/; object-src 'self' https://*.pscp.tv/ https://*.periscope.tv/; child-src 'self' blob: https://*.pscp.tv/ https://*.periscope.tv/ https://twitter.com https://*.google.com/recaptcha/; frame-ancestors 'self' https://*.pscp.tv/ https://*.periscope.tv/; style-src 'self' blob: 'unsafe-inline' https://*.pscp.tv/ https://*.periscope.tv/; font-src 'self' data: https://*.pscp.tv/ https://*.periscope.tv/; frame-src 'self' blob: https://*.pscp.tv/ https://*.periscope.tv/ https://twitter.com https://periscope-all.firebaseapp.com/ https://*.google.com/recaptcha/ https://*.vimeo.com https://*.tipalti.com; report-uri https://twitter.com/i/csp_report?a=OBSXE2LTMNXXAZJNO5SWE%3D%3D%3D&ro=false; script-src 'self' https://*.pscp.tv/ https://*.periscope.tv/ https://cdn.polyfill.io https://d24n15hnbwhuhn.cloudfront.net https://app.link https://bnc.lt https://*.branch.io https://*.google-analytics.com https://apis.google.com/ https://*.google.com/recaptcha/ https://*.gstatic.com/recaptcha/ https://appleid.cdn-apple.com 'unsafe-eval' 'nonce-46ea431e34a447e78ed25f9c59f42d87'; connect-src 'self' https://*.pscp.tv/ https://*.periscope.tv/ wss://*.pscp.tv/ wss://*.periscope.tv/ https://*.video.pscp.tv https://*.twimg.com https://twitter.com https://*.global.ssl.fastly.net https://api.amplitude.com/ https://*.branch.io https://bnc.lt https://*.bugsnag.com https://licensing.bitmovin.com/ https://analytics-ingress-global.bitmovin.com https://www.googleapis.com/ https://securetoken.googleapis.com https://s3.us-west-2.amazonaws.com/periscope-user-data-reports-prod/ https://s3.us-west-2.amazonaws.com/periscope-user-data-reports-dev/ https://periscope-user-data-reports-prod.s3.us-west-2.amazonaws.com/ https://periscope-user-data-reports-dev.s3.us-west-2.amazonaws.com/ 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.traveloka.com 1
base-uri 'self'; block-all-mixed-content; connect-src 'self' https://api.github.com/repos/ https://api.github.com/search/issues https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com fastly-insights.com *.fastly-insights.com *.ethicalads.io https://api.pwnedpasswords.com https://cdn.jsdelivr.net/npm/mathjax@3.2.2/es5/sre/mathmaps/ https://2p66nmmycsj3.statuspage.io; default-src 'none'; font-src 'self' fonts.gstatic.com; form-action 'self' https://checkout.stripe.com; frame-ancestors 'none'; frame-src 'none'; img-src 'self' https://pypi-camo.freetls.fastly.net/ https://*.google-analytics.com https://*.googletagmanager.com *.fastly-insights.com *.ethicalads.io ethicalads.blob.core.windows.net; script-src 'self' https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.fastly-insights.com *.ethicalads.io 'sha256-U3hKDidudIaxBDEzwGJApJgPEf2mWk6cfMWghrAa6i0=' https://cdn.jsdelivr.net/npm/mathjax@3.2.2/ 'sha256-1CldwzdEg2k1wTmf7s5RWVd7NMXI/7nxxjJM2C4DqII=' 'sha256-0POaN8stWYQxhzjKS+/eOfbbJ/u4YHO5ZagJvLpMypo='; style-src 'self' fonts.googleapis.com *.ethicalads.io 'sha256-2YHqZokjiizkHi1Zt+6ar0XJ0OeEy/egBnlm+MDMtrM=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-JLEjeN9e5dGsz5475WyRaoA4eQOdNPxDIeUhclnJDCE=' 'sha256-mQyxHEuwZJqpxCw3SLmc4YOySNKXunyu2Oiz1r3/wAE=' 'sha256-OCf+kv5Asiwp++8PIevKBYSgnNLNUZvxAp4a7wMLuKA=' 'sha256-h5LOiLhk6wiJrGsG5ItM0KimwzWQH/yAcmoJDJL//bY='; worker-src *.fastly-insights.com 1
block-all-mixed-content; frame-src 'self' https://*.uber.com https://*.ubereats.com http://*.cdn-net.com https://tr.snapchat.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://www.google.com/recaptcha/ https://auth.uberinternal.com https://gumi.criteo.com/ https://mug.criteo.com https://gum.criteo.com https://catalogs.uberinternal.com/ bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net *.optimizely.com; worker-src 'self' blob:; child-src 'self' blob: bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net; connect-src 'self' 'self' https://*.uber.com https://duyt4h9nfnj50.cloudfront.net https://d3fa76b550dpw9.cloudfront.net https://d4p17acsd5wyj.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://dkl8of78aprwd.cloudfront.net https://cn-geo1.uber.com https://d1goeicueq33a8.cloudfront.net https://siteintercept.qualtrics.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://analytics.tiktok.com https://analytics.google.com https://dynamic.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://sslwidget.criteo.com https://tr.snapchat.com https://app.paypay.ne.jp https://stg.paypay-corp.co.jp https://image.paypay.ne.jp https://d1g1f25tn8m2e6.cloudfront.net https://www.google.com/pagead/landing https://googleads.g.doubleclick.net/pagead/landing https://dyguxp1m9tbrw.cloudfront.net https://u-vsm.tmobiapi.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://maps.googleapis.com https://www.gstatic.com https://44.238.122.172 https://100.20.58.101 https://35.85.84.151 https://44.228.85.26 https://34.215.155.61 https://35.160.46.251 https://52.71.121.170 https://18.210.229.244 https://44.212.189.233 https://3.212.39.155 https://52.22.50.55 https://54.156.2.105 events.uber.com api.mixpanel.com d3i4yxtzktqr9n.cloudfront.net *.optimizely.com *.google-analytics.com *.tealiumiq.com *.demdex.net https://api-js.mixpanel.com; manifest-src 'self' https://*.uber.com; form-action 'self' https://tr.snapchat.com https://www.facebook.com/tr/ https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com; frame-ancestors 'self' https://www.nimblerx.com https://static-team-ops.nimbleandsimple.com https://pharma.uber.com http://local.shakeshack.com https://shakeshack.prod.acquia-sites.com https://www.shakeshack.com https://dev.shakeshack.com https://stg.shakeshack.com https://shakeshack.com https://pre-prod.shakeshack.com https://stg-green.shakeshack.com https://stg-alt.shakeshack.com https://front-hml-delivery.azurewebsites.net https://front-dev-delivery.azurewebsites.net https://front-prd-delivery.azurewebsites.net https://deliverycontrol.grupomadero.com.br https://delivery.grupomadero.com.br https://staging-shop.mccolls.co.uk https://shop.mccolls.co.uk https://stoq.shop https://staging.stoq.shop https://admin.stoq.shop https://admin-staging.stoq.shop https://www.gcom.com.br https://www.spoleto.com.br https://www.koni.com.br https://www.lebonton.com.br https://www.gokoni.com https://www.cutthecrap.com.br https://www.risierisoteria.com.br https://www.giustoculinaria.com.br https://www.roomservicedelivery.com.br https://www.strogonosso.com.br https://voalzira.online/ https://voalzira.online/minhaloja https://medmate.com.au https://order.manoosh.com.au https://test.expresskfc.com/ https://expresskfc.com/ https://www.test.expresskfc.com/ https://www.expresskfc.com/ https://kfccostarica.cr/ https://www.kfccostarica.cr/ https://express.dospinos.com/ https://mcstaging.dospinos.com/ https://shopuat.pxpay.com.tw/ https://shop.pxpay.com.tw/ https://app.cocinasocultas.com https://app.foodstarsuk.com https://app.pruebehubster.com https://app.pruebehubster.com.mx https://app.tryhubster.co.uk https://app.tryhubster.com https://app.tryhubster.com.au https://app.tryotter.com https://catalogs.uberinternal.com https://catalogs-staging.uberinternal.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://health-staging.uber.com https://health.uber.com https://admin.restoplus.com https://admin.staging.restoplus.com https://admin.qa1.restoplus.com https://admin.qa2.restoplus.com https://admin.qa3.restoplus.com https://admin.qa4.restoplus.com https://admin.qa5.restoplus.com https://admin.qa6.restoplus.com https://orders.restoplus.com https://orders.staging.restoplus.com https://orders.qa1.restoplus.com https://orders.qa2.restoplus.com https://orders.qa3.restoplus.com https://orders.qa4.restoplus.com https://orders.qa5.restoplus.com https://orders.qa6.restoplus.com https://pos.restoplus.com https://pos.staging.restoplus.com https://pos.qa1.restoplus.com https://pos.qa2.restoplus.com https://pos.qa3.restoplus.com https://pos.qa4.restoplus.com https://pos.qa5.restoplus.com https://pos.qa6.restoplus.com https://beta-shop.cashier.tw https://shop.cashier.tw https://indev-webapp.cashier.tw https://indev-beta-shop.cashier.tw https://indev-shop.cashier.tw https://us-int-office.tabit-int.com https://us-office.tabit-stage.com/auth/login https://us-demo-office.tabit-stage.com https://us-office.tabit.cloud https://foxtrotco.com/tracking https://foxtrotco.com/orderconfirmation https://foxtrotco.com/home https://foxtrotco.com https://app.onhere.com.br https://beta.inline.app https://staging.inline.app https://inline.app https://shane.machinat.dev/ https://app.topcaisse.fr https://ordering.ritas.com http://ordering.ritas.com https://ordering.ritas.stage.demotesturl.net http://ordering.ritas.stage.demotesturl.net https://*.cookiedelivery.com ee.magento.test 245.magento.test uber.improntus.dev https://dev.kfc.co.uk https://qa.kfc.co.uk https://brand.preprod.platform.kfcapi.com/ https://www.kfc.co.uk/ https://qa-kfc-za.eu.cognizantorderservnxtgen.com/ https://dev-kfc-za.eu.cognizantorderservnxtgen.com/ https://uat-kfc-za.eu.cognizantorderservnxtgen.com/ https://perf-kfc-za.eu.cognizantorderservnxtgen.com/ https://pen-kfc-za.eu.cognizantorderservnxtgen.com/ https://betatest.kfc.co.za/ https://order.kfc.co.za/ https://shop.pxgo.com.tw/ https://shopuat.pxpay.com.tw/ https://delivery.jimmybrings.com.au/ https://staging.jimmybrings.com.au/ https://beta.jimmybrings.com.au/ https://49171584-9e6d-4979-ab61-27a301a7e33e-production.au.prd.c.deity.cloud/ https://42d9d738-3eab-441f-91de-1afcd88b770f-acceptance.au.prd.c.deity.cloud/ https://1b8d2377-9260-4384-bc9f-aa1086543c69-test.au.prd.c.deity.cloud/ https://jimmybrings.com.au/ https://www.kfccostarica.cr https://www.kfccostarica.com https://kfccostarica.cr https://kfccostarica.com https://edb-staging.uber.com https://edb.uber.com 'self' quiznos.co.cr https://quiznos.co.cr https://pos.mymealsy.com https://stage.mymealsy.com https://dev.mymealsy.com https://fast.tk3c.com https://fdtest.tk3c.com https://panda-express.wallia.dev https://127.0.0.1:5173/ https://test.tacobellpr.com/ https://test.arcoprueba.com/ https://www.tacobellpr.com/ https://tacobellpr.com/ https://www.kfcpuertorico.com/ https://kfcpuertorico.com/ https://boba.rbteawalnut.com/ https://qjmpdemo.altaineapps.com/ https://stinkerapi.altaineapps.com/ https://mapcoapi.altaineapps.com/ https://loyalty.ritasice.com https://loyalty.stage.demotesturl.net https://loyalty.training.demotesturl.net https://loyalty.dev.demotesturl.net https://web-ordering.test.apps.gyg.com.au/ https://web-ordering.staging.apps.gyg.com.au/ https://order.guzmanygomez.com.au/ https://*.order.staging.apps.gyg.com.au/ https://*.order.test.apps.gyg.com.au/ https://*.order.prod.apps.gyg.com.au https://test-store.deliclever.com/ https://vicio.menu/ https://*.homeriabktest.com https://*.burgerkingemcasa.com https://*.burgerkingencasa.es https://*.windelivery-alsea.com https://*.windelivery.es https://*.windelivery.io https://uboard.ueat.io https://uboard-beta.ueat.io https://uboard-staging.ueat.io https://uboard.ueat.dev *.appspaces.ca *.paidshipping.com *.shiptime.com https://darwinnow.io/ https://darwinfood.com https://ewpf-staging.uber.com/ https://ewpf.uber.com/ https://yurinowqa.azurewebsites.net http://takeaway.sticksnsushi.com https://*.flipdish.com https://*.inovretail.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com 'nonce-babda234-2e5b-4d89-8c17-aa63377e89ee' https://bat.bing.com https://*.qualtrics.com https://analytics.twitter.com http://www.googletagservices.com http://*.cdn-net.com https://sc-static.net https://tr.snapchat.com https://*.yjtag.jp https://yjtag.yahoo.co.jp https://b92.yahoo.co.jp https://*.yimg.jp https://*.outbrain.com https://www.redditstatic.com https://analytics.tiktok.com https://dynamic.criteo.com https://static.criteo.net https://sslwidget.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://d4p17acsd5wyj.cloudfront.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://dca.ubereats.com https://phx.ubereats.com https://ln-rules.rewardstyle.com/bookmarklet.js https://dx.mountain.com/spx https://gs.mountain.com/gs https://px.mountain.com/st https://js.adsrvr.org/up_loader.1.1.0.js 'unsafe-eval' script.crazyegg.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com maps.google.com tags.tiqcdn.com beacon.krxd.net cdn.krxd.net cdn.mxpnl.com www.googleadservices.com www.ziprecruiter.com analytics.recruitics.com edge.quantserve.com secure.quantserve.com connect.facebook.net cdn.nanigans.com api.nanigans.com *.adroll.com s.yimg.com sp.analytics.yahoo.com click.app-cast.com i.l.inmobicdn.net *.optimizely.com *.tealiumiq.com *.doubleclick.net static.ads-twitter.com https://www.google-analytics.com https://ssl.google-analytics.com maps.googleapis.com maps.google.com; style-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com https://api.tiles.mapbox.com https://fonts.googleapis.com; report-uri https://csp.uber.com/csp?a=web-eats-v2&ro=false 1
connect-src 'self' www.google-analytics.com stats.addtoany.com sentry.io maps.googleapis.com googleapis.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com cdn.datatables.net cdn.jsdelivr.net; img-src 'self' data: caltech-prod.s3.amazonaws.com s3-us-west-1.amazonaws.com/www-prod-storage.cloud.caltech.edu/ i.ytimg.com www.youtube.com player.vimeo.com ustvstaticcdn1-a.akamaihd.net www.slideshare.net cdn.slidesharecdn.com www.gravatar.com stats.g.doubleclick.net cdnjs.cloudflare.com *.staticflickr.com *.cdninstagram.com www.google-analytics.com *.gstatic.com *.google.com *.googleapis.com googleapis.com www.facebook.com cdn.datatables.net https://static.hotjar.com https://script.hotjar.com; object-src 'self'; font-src 'self' public.slidesharecdn.com fonts.gstatic.com https://script.hotjar.com data:; default-src 'self'; form-action 'self' *.wufoo.com docs.google.com www.its.caltech.edu caltech.us5.list-manage.com api-a3b78b57.duosecurity.com; frame-src 'self' www.youtube.com player.vimeo.com www.ustream.tv www.slideshare.net *.wufoo.com calendar.google.com docs.google.com www.google.com maps.google.com accounts.google.com cse.google.com s3-us-west-2.amazonaws.com form.jotform.com static.addtoany.com *.facebook.com *.facebook.net api-a3b78b57.duosecurity.com cdn.knightlab.com www.buzzsprout.com caltech.us5.list-manage.com eyes.nasa.gov *.everbridge.net w.soundcloud.com; frame-ancestors 'self' *.caltech.edu; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com cdn.mathjax.org stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com *.google.com *.googleapis.com googleapis.com api.duosecurity.com browser.sentry-cdn.com www.feedrapp.info sentry.io static.addtoany.com *.facebook.net cdn.datatables.net www.youtube.com cdn.jsdelivr.net https://static.hotjar.com https://script.hotjar.com; child-src 'self' www.youtube.com player.vimeo.com www.slideshare.net *.wufoo.com calendar.google.com docs.google.com accounts.google.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com googleapis.com *.google.com cdn.datatables.net https://static.hotjar.com https://script.hotjar.com cdn.jsdelivr.net; base-uri 'self' *.caltech.edu; media-src 'self' www.youtube.com player.vimeo.com; report-uri /_csp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' p.adsymptotic.com *.linkedin.com *.kampyle.com *.medallia.com *.vanguard.com *.vanguard.com:* *.youtube.com *.vgdynamic.info adservice.google.com *.vgcontent.info *.vgcontent.info:* *.omtrdc.net *.demdex.net *.doubleclick.net *.youtube-nocookie.com *.limelight.com *.llnw.net *.e-vanguard.com *.omniture.com activitymap.adobe.com *.amazon-adsystem.com *.llnw.net *.myvisualiq.net *.go-mpulse.net *.akastat.io *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.analytics.yahoo.com *.invoca.net *.adsrvr.org *.pinterest.com *.pinimg.com cdn.cookielaw.org ads.undertone.com evt.undertone.com .fm b.videoamp.com privacyportal-de.onetrust.com geolocation.onetrust.com rtb.adgrx.com login.dotomi.com bat.bing.com *.bttrack.com bttrack.com pix.pontiac.media *redditstatic.com *.reddit.com *.undertone.com www.google.com api.ipify.org action.dstillery.com action.media6degrees.com analytics.twitter.com t.co *.bing.com/bat.js tags.w55c.net arttrk.com *.arttrk.com *.pdst img.byspotify.com; frame-src p.adsymptotic.com *.linkedin.com *.kampyle.com *.medallia.com *.vanguard.com *.vanguard.com:* *.youtube.com *.vgdynamic.info adservice.google.com *.vgcontent.info *.vgcontent.info:* *.omtrdc.net *.demdex.net *.doubleclick.net *.youtube-nocookie.com *.limelight.com *.llnw.net *.e-vanguard.com *.omniture.com activitymap.adobe.com *.amazon-adsystem.com *.llnw.net *.myvisualiq.net *.go-mpulse.net *.akastat.io *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.analytics.yahoo.com *.invoca.net *.adsrvr.org *.pinterest.com *.pinimg.com cdn.cookielaw.org ads.undertone.com evt.undertone.com .fm b.videoamp.com privacyportal-de.onetrust.com geolocation.onetrust.com rtb.adgrx.com login.dotomi.com bat.bing.com *.bttrack.com bttrack.com pix.pontiac.media *redditstatic.com *.reddit.com *.undertone.com www.google.com api.ipify.org action.dstillery.com action.media6degrees.com analytics.twitter.com t.co *.bing.com/bat.js tags.w55c.net arttrk.com *.arttrk.com *.pdst img.byspotify.com; img-src p.adsymptotic.com *.linkedin.com *.kampyle.com *.medallia.com *.vanguard.com *.vanguard.com:* *.youtube.com *.vgdynamic.info adservice.google.com *.vgcontent.info *.vgcontent.info:* *.omtrdc.net *.demdex.net *.doubleclick.net *.youtube-nocookie.com *.limelight.com *.llnw.net *.e-vanguard.com *.omniture.com activitymap.adobe.com *.amazon-adsystem.com *.llnw.net *.myvisualiq.net *.go-mpulse.net *.akastat.io *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.analytics.yahoo.com *.invoca.net *.adsrvr.org *.pinterest.com *.pinimg.com cdn.cookielaw.org ads.undertone.com evt.undertone.com .fm b.videoamp.com privacyportal-de.onetrust.com geolocation.onetrust.com rtb.adgrx.com login.dotomi.com bat.bing.com *.bttrack.com bttrack.com pix.pontiac.media *redditstatic.com *.reddit.com *.undertone.com www.google.com api.ipify.org action.dstillery.com action.media6degrees.com analytics.twitter.com t.co *.bing.com/bat.js tags.w55c.net arttrk.com *.arttrk.com *.pdst img.byspotify.com; media-src 'self' *.vgdynamic.info *.youtube-nocookie.com *.limelight.com *.llnw.net blob:; worker-src 'self' blob:; font-src 'self' *.vanguard.com *.vgcontent.info *.vgdynamic.info *.vgdynamic.info:* *.vgcontent.info:* data:; 1
frame-ancestors 'self' *.wallet.airpay.vn *.shopee.kr *.airpay.vn *.shopeemobile.com *.shopee.vn *.shopee.cn *.shopee.io *.facebook.com *.dailyshopee.vn https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
default-src 'none'; script-src 'self' blob: 'nonce-e7FpctoAPodyTwSNdrfg4Q==' 'unsafe-inline' 'unsafe-eval' mc.yandex.ru yandex.st yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.yandex-team.ru aflt.market.yandex.ru www.youtube.com *.vimeo.com s.ytimg.com lpc.s3.mdst.yandex.net abt.s3.yandex.net chat.s3.yandex.net *.api-maps.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yandex.com *.yandex.com ya.ru *.ya.ru; style-src 'self' 'unsafe-inline' 'unsafe-eval' yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.s3.yandex.net lpc.s3.mdst.yandex.net yandex.st banners.adfox.ru content.adfox.ru *.ya.ru; font-src 'self' data: yandex.ru an.yandex.ru *.s3.yandex.net yastatic.net yastat.net *.yandex.ru *.ya.ru; img-src * 'self' blob: data: android-webview-video-poster: *.yandex.net *.s3.yandex.net yastatic.net http://lpc.s3.mds.yandex.net http://yastatic.net mc.admetrica.ru avatars-fast.yandex.net favicon.yandex.net *.verify.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net avatars.mds.yandex.net *.yandex.ru *.ya.ru; frame-src 'self' data: yabrowser: turbopages.org *.turbopages.org yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.yandex-team.ru *.video.yandex.ru *.market.yandex.ru www.youtube.com *.vimeo.com embed.megogo.net coub.com awaps.yandex.net yandexadexchange.net *.yandexadexchange.net banners.adfox.ru meyou.ru broadcast.comdi.com datalens.yandex partner.market.yandex.ru go.yandex yango.com yandexteam-my.sharepoint.com *.bookmate.ru bookmate.ru yandex.com yandex.com.tr yandex.com.am yandex.com.ge yandex.md yandex.by yandex.kz yandex.uz yandex.rs *.yandex.com *.yandex.com.tr *.yandex.com.am *.yandex.com.ge *.yandex.md *.yandex.by *.yandex.kz *.yandex.uz *.yandex.rs ya.ru *.ya.ru; media-src * 'self' data: blob: *.video.yandex.ru *.storage.yandex.net *.s3.yandex.net *.cdn.yandex.net yastatic.net *.yandex.net *.strm.yandex.ru yandex.st banners.adfox.ru content.adfox.ru yastat.net yandex.ru *.yandex.ru ya.ru *.ya.ru; connect-src 'self' blob: yandexmetrica.com:* mc.admetrica.ru yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.yandex-team.ru yandex.st milab.s3.yandex.net *.k50.ru *.k50dev.ru openkitchen.media auto.ru yango.com ads.adfox.ru ads6.adfox.ru ya.ru *.ya.ru dev.introvert.bz; form-action https://*; worker-src blob: yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.yandex-team.ru; object-src yastatic.net; report-uri https://csp.yandex.net/csp?from=lp-constructor&project=lp-constructor&yandex_login=undefined&yandexuid=5111707531721958298; child-src 'self'; frame-ancestors 'self' webvisor.com http://webvisor.com *.mtproxy.yandex.net www.kinopoisk.ru *.yandex-team.ru n.maps.yandex.ru yandex.ru yandex.com yandex.com.tr yandex.com.am yandex.com.ge yandex.md yandex.by yandex.kz yandex.uz yandex.net yandex.rs *.yandex.ru *.yandex.ru:* *.yandex.com:* *.yandex.com.tr:* *.yandex.com.am *.yandex.com.ge *.yandex.md *.yandex.by *.yandex.kz *.yandex.uz *.yandex.net *.yandex.rs ya.ru *.ya.ru; 1
default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' 'unsafe-inline' https://ob.iseaskies.com https://obs.iseaskies.com *.mountain.com https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co https://www.clarity.ms/ https://ajax.googleapis.com/ https://cdn.rudderlabs.com/; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://www.facebook.com/tr/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co ob.iseaskies.com obs.iseaskies.com https://t.clarity.ms/collect https://px.ads.linkedin.com/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' blob: e.issuu.com insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com https://zscaler.my.site.com/ https://zscalergov.my.site.com/ https://api.intellimize.co https://117186981.intellimizeio.com/ https://app.netlify.com/ https://*.adroll.com/; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com https://zscalergov.my.site.com/; 1
img-src 'self' data: https://api.starlink.com https://analytics.starlink.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.googleadservices.com https://cdn.cookielaw.org https://ads-twitter.com https://analytics.twitter.com https://ads-api.twitter.com https://t.co https://maps.googleapis.com https://maps.gstatic.com https://www.facebook.com/ https://www.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://*.cdn.adyen.com; connect-src 'self' https://api.starlink.com https://www.starlink.com https://analytics.starlink.com https://maps.googleapis.com/ https://api.mapbox.com/ https://events.mapbox.com/ https://*.tiles.mapbox.com/ https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://hcaptcha.starlink.com https://*.hcaptcha.starlink.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.cookielaw.org https://static.ads-twitter.com https://ads-twitter.com https://analytics.twitter.com https://ads-api.twitter.com https://geolocation.onetrust.com https://privacyportal.onetrust.com https://*.googleapis.com https://www.facebook.com/ https://www.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com; script-src 'self' 'unsafe-eval' 'sha256-2DEjUdQEjzQwkkDbMWsYDL4QmKAW/lOUg2LW1jQZICo=' 'sha256-2NpbIZvRgAEhRKnMNR6HJ9vRUbZu2P6w97ajM3zGN+8=' 'sha256-nzQvvRV+mw+Ved4Bd/Y4TPL8+F+jjs4Yt7M2sMSLO0s=' https://api.starlink.com https://maps.googleapis.com/ https://hcaptcha.starlink.com https://*.hcaptcha.starlink.com https://hcaptcha.com https://*.hcaptcha.com https://analytics.starlink.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://cdn.cookielaw.org https://static.ads-twitter.com https://connect.facebook.net https://www.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com; font-src 'self' https://api.starlink.com https://fonts.gstatic.com data: application/font-woff; style-src 'self' 'unsafe-inline' https://api.starlink.com https://hcaptcha.starlink.com https://*.hcaptcha.starlink.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.cookielaw.org https://static.ads-twitter.com https://fonts.googleapis.com; frame-ancestors 'self' https://api.starlink.com; frame-src https://hcaptcha.starlink.com https://*.hcaptcha.starlink.com https://hcaptcha.com https://*.hcaptcha.com https://bid.g.doubleclick.net https://td.doubleclick.net https://www.youtube.com; worker-src 'self' blob: ; child-src 'self' blob: ; 1
default-src 'self'; script-src 'self' https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://pagead2.googlesyndication.com https://optimize.google.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.redditstatic.com https://connect.facebook.net https://analytics.tiktok.com https://analytics.twitter.com http://static.ads-twitter.com https://static.ads-twitter.com https://cdn.taboola.com https://trc.taboola.com https://secure.adnxs.com 'unsafe-inline'; style-src 'self' https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline'; connect-src 'self' https://consentcdn.cookiebot.com https://vitals.vercel-insights.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://pagead2.googlesyndication.com https://www.google.com https://www.google.ge https://www.google.co.uk https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://analytics.tiktok.com https://t.co https://cds.taboola.com https://trc-events.taboola.com https://pips.taboola.com/ https://kite-web.production.data.aws.jagex.com; img-src 'self' data: https://images.ctfassets.net https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://www.google.com https://www.google.ge https://www.google.co.uk https://*.fls.doubleclick.net https://googleads.g.doubleclick.net https://ade.googlesyndication.com https://optimize.google.com https://i.ytimg.com https://img.youtube.com https://www.google.be https://alb.reddit.com https://secure.adnxs.com https://www.facebook.com https://t.co https://analytics.twitter.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://consentcdn.cookiebot.com https://www.youtube.com https://*.fls.doubleclick.net https://td.doubleclick.net https://www.facebook.com https://optimize.google.com; object-src 'none'; child-src 'none'; media-src 'self' https://videos.ctfassets.net https://cdn.runescape.com https://www.youtube.com; base-uri 'self'; form-action 'self' https://www.facebook.com; frame-ancestors 'self' 1
frame-ancestors 'self' https: *.treasuredata.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thespruce.com 1
frame-ancestors 'self' porkbun.weeblycloud.com; default-src 'none'; object-src 'self' porkbun-media.s3.us-west-2.amazonaws.com porkbun-media.s3-us-west-2.amazonaws.com; media-src 'self' beacon-v2.helpscout.net; frame-src td.doubleclick.net service.mtcaptcha.com service2.mtcaptcha.com widget.trustpilot.com porkbun-media.s3.us-west-2.amazonaws.com porkbun-media.s3-us-west-2.amazonaws.com www.recaptcha.net *.paypal.com assets.braintreegateway.com www.facebook.com hooks.stripe.com stripe.com www.youtube.com bid.g.doubleclick.net 'self' www.google.com www.googletagmanager.com *.fls.doubleclick.net js.stripe.com nonce-eb7ddcf66ef02e7baababc1d49244801c6c40ccaafc84abf761a0841be26efe6; script-src data: 'self' 'unsafe-eval' www.clarity.ms bat.bing.com code.jquery.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js snap.licdn.com service.mtcaptcha.com service2.mtcaptcha.com cdn.veriff.me analytics.tiktok.com www.redditstatic.com analytics.twitter.com static.ads-twitter.com *.crazyegg.com chimpstatic.com widget.trustpilot.com www.recaptcha.net www.paypalobjects.com *.paypal.com js.braintreegateway.com tpc.googlesyndication.com beacon-v2.helpscout.net translate.google.com translate.googleapis.com www.gstatic.com www.gstatic.cn js.stripe.com use.fontawesome.com googleads.g.doubleclick.net www.googletagmanager.com *.analytics.google.com *.google-analytics.com www.googleadservices.com connect.facebook.net www.google.com js.stripe.com 'unsafe-inline'; connect-src 'self' nonce-eb7ddcf66ef02e7baababc1d49244801c6c40ccaafc84abf761a0841be26efe6 bat.bing.com *.clarity.ms analytics.google.com www.facebook.com cdn.linkedin.oribi.io api.veriff.me stationapi.veriff.com analytics.tiktok.com q.stripe.com wss://ws-helpscout.pusher.com *.crazyegg.com *.paypal.com core33-helpscout.pusher.com *.braintree-api.com *.braintreegateway.com sentry.io sockjs-helpscout.pusher.com d3hb14vkzrxvla.cloudfront.net beaconapi.helpscout.net chatapi.helpscout.net translate.googleapis.com translate.google.com stats.g.doubleclick.net *.analytics.google.com *.google-analytics.com; img-src 'self' blob: data: *.clarity.ms *.bing.com analytics.twitter.com px.ads.linkedin.com alb.reddit.com easy-links.s3.us-west-2.amazonaws.com pubads.g.doubleclick.net chatapi-prod.s3.amazonaws.com t.co porkbun-media.s3.us-west-2.amazonaws.com porkbun-media.s3.us-west-2.amazonaws.com porkbun-media.s3-us-west-2.amazonaws.com *.crazyegg.com *.paypal.com beacon-v2.helpscout.net porkbun.com q.quora.com d33v4339jhl8k0.cloudfront.net porkbunblog.files.wordpress.com www.googletagmanager.com www.gstatic.com www.gstatic.cn translate.google.com translate.googleapis.com stats.g.doubleclick.net www.google.com googleads.g.doubleclick.net *.analytics.google.com *.google-analytics.com www.facebook.com q.stripe.com nonce-eb7ddcf66ef02e7baababc1d49244801c6c40ccaafc84abf761a0841be26efe6; style-src 'self' assets.braintreegateway.com translate.googleapis.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' www.paypalobjects.com fonts.gstatic.com nonce-eb7ddcf66ef02e7baababc1d49244801c6c40ccaafc84abf761a0841be26efe6; 1
frame-ancestors 'self' https://rex.apnic.net https://rex.stg.xyz.apnic.net 1
frame-ancestors 'self' https://tpc.googlesyndication.com 1
default-src 'unsafe-inline' 'unsafe-eval' vitals.vercel-insights.com https: data: wss://*.qualified.com; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'none';              img-src 'self' https://testing.developer.gimp.org https://developer.gimp.org https://blogs.gnome.org;              style-src 'self';              script-src 'self' https://www.openhub.net;              font-src 'self';              child-src 'self' https://peer.tube https://www.openhub.net https://www.youtube.com https://www.youtube-nocookie.com https://video.blender.org;              object-src 'none';              media-src 'self' https://download.gimp.org https://download-fallback.gimp.org https://www.mirrorservice.org https://*.ftp.acc.umu.se https://ftp.rrze.uni-erlangen.de;              base-uri 'self';              form-action 'self' https://www.paypal.com https://gitlab.gnome.org;              frame-ancestors 'self'; 1
script-src 'self' 'unsafe-inline' https://cdn.mxpnl.com https://fast.appcues.com 1
base-uri https://www.amnesty.org;frame-ancestors https://oneamnesty.sharepoint.com https://ui.dev;upgrade-insecure-requests; default-src 'self' data: https://www.amnesty.org; connect-src 'self' https://apikeys.civiccomputing.com https://clapi.civiccomputing.com https://www.google.com https://my2.siteimprove.com https://googleads.g.doubleclick.net https://id.siteimprove.com https://www.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://contentassistant.eu.siteimprove.com https://public.flourish.studio https://oneamnesty.sharepoint.com/ https://pagesense-collect.zoho.eu; font-src 'self' data: https://www.amnesty.org https://fonts.gstatic.com https://script.hotjar.com; frame-src 'self' data: https://amnesty-crisis-evidence-lab.github.io https://amnestywebsite.github.io https://e.infogram.com https://flo.uri.sh https://public.flourish.studio https://infogram.com https://join.amnesty.org https://js.stripe.com https://platform.twitter.com https://recaptcha.google.com https://story.mapme.com https://www.facebook.com https://www.google.com https://www.recaptcha.net https://www.youtube-noocookie.com https://www.youtube.com https://youtu.be https://w.soundcloud.com https://play.prx.org https://viewer.mapme.com https://vars.hotjar.com https://my2.siteimprove.com https://player.vimeo.com https://datawrapper.dwcdn.net https://syndication.twitter.com https://twitter.com https://contentassistant.eu.siteimprove.com https://cdn.knightlab.com https://podcasters.spotify.com https://open.spotify.com https://sketchfab.com https://afghan-testimonies.netlify.app https://ui.dev https://api.mapbox.com https://pagesense.zoho.eu; img-src 'self' 'strict-dynamic' data: https://www.amnesty.org https://public.flourish.studio https://www.gstatic.com https://www.google-analytics.com https://podfollow.com https://www.facebook.com https://www.google.com https://www.google.co.uk https://static.hotjar.com https://script.hotjar.com https://datawrapper.dwcdn.net https://syndication.twitter.com https://twitter.com https://cdn.knightlab.com https://podcasters.spotify.com https://open.spotify.com https://sketchfab.com https://afghan-testimonies.netlify.app https://dev.visualwebsiteoptimizer.com https://pagesense-collect.zoho.eu; manifest-src 'self'; media-src 'self' https://player.vimeo.com https://datawrapper.dwcdn.net https://syndication.twitter.com https://twitter.com https://contentassistant.eu.siteimprove.com https://podcasters.spotify.com https://open.spotify.com https://sketchfab.com https://afghan-testimonies.netlify.app; object-src 'self'; script-src 'self' 'unsafe-inline' https://www.amnesty.org https://www.googletagmanager.com https://e.infogram.com https://cc.cdn.civiccomputing.com https://www.recaptcha.net https://www.gstatic.com https://www.google.com https://js.stripe.com https://static.hotjar.com https://script.hotjar.com https://player.vimeo.com https://datawrapper.dwcdn.net https://platform.twitter.com https://syndication.twitter.com https://twitter.com https://contentassistant.eu.siteimprove.com https://www.google-analytics.com; script-src-attr 'self' 'strict-dynamic'; script-src-elem 'self' 'unsafe-inline' https://www.amnesty.org https://www.googletagmanager.com https://e.infogram.com https://cc.cdn.civiccomputing.com https://www.recaptcha.net https://www.gstatic.com https://js.stripe.com https://www.google-analytics.com https://platform.twitter.com https://cdn.siteimprove.net https://www.googleoptimize.com https://static.hotjar.com https://connect.facebook.net https://script.hotjar.com https://platform.twitter.com https://public.flourish.studio https://afghan-testimonies.netlify.app https://dev.visualwebsiteoptimizer.com https://pagesense.zoho.eu https://cdn-eu.pagesense.io; style-src 'self' 'unsafe-inline' https://www.amnesty.org https://static.hotjar.com https://script.hotjar.com; style-src-attr 'self' 'unsafe-inline'; 1
script-src * 'unsafe-inline' 'unsafe-eval'; script-src-attr 'self' 'unsafe-inline'; script-src-elem * 'unsafe-inline'; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://edit.staging.fema.gov https://edit.staging.fema.gov/:178 https://edit.fema.gov https://edit.fema.gov/:178 https://www.fema.gov https://www.fema.gov/:178 https://content.govdelivery.com https://cdn.jsdelivr.net fonts.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://unpkg.com; frame-ancestors 'self'; report-uri https://www.fema.gov/report-uri/enforce 1
upgrade-insecure-requests; font-src data: https:; img-src data: https:; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; manifest-src 'self'; object-src 'none'; report-uri https://tsddev.report-uri.com/r/d/csp/enforced; report-to default; 1
default-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.dominos.com; font-src data: https://*.dominos.com https://fonts.gstatic.com https://storage.googleapis.com; style-src 'unsafe-inline' blob: https://*.bing.com https://*.dominos.com https://*.gstatic.com https://*.here.com https://fonts.googleapis.com https://www.youtube.com https://rafd.bingstatic.com; script-src-elem 'unsafe-eval' 'unsafe-inline' https://*.abmr.net https://*.appdynamics.com https://*.bing.com https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://*.here.com https://*.mathtag.com https://*.moatads.com https://*.nextdoor.com https://*.ntv.io https://*.omtrdc.net https://*.raygun.com https://*.raygun.io https://*.turn.com https://*.twitter.com https://*.vertamedia.com https://*.virtualearth.net https://ad.atdmt.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net https://connect.facebook.net https://ct.pinterest.com https://ds-aksb-a.akamaihd.net https://js.braintreegateway.com https://nextdoor.com https://s.pinimg.com https://s.yimg.com https://s.ytimg.com https://sc-static.net https://*.snapchat.com https://sp.analytics.yahoo.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.xx.fbcdn.net https://tags.tiqcdn.com https://www.googleadservices.com https://www.paypal.com https://www.paypalobjects.com https://www.youtube.com https://rafd.bingstatic.com https://web.btncdn.com https://ink1001.com.micpn.com https://www.googletagmanager.com https://analytics.tiktok.com https://*.liadm.com https://www.redditstatic.com https://cdn.quantummetric.com https://*.go-mpulse.net https://*.kaptcha.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.abmr.net https://*.appdynamics.com https://*.bing.com https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://*.here.com https://*.mathtag.com https://*.moatads.com https://*.nextdoor.com https://*.ntv.io https://*.omtrdc.net https://*.raygun.com https://*.raygun.io https://*.turn.com https://*.twitter.com https://*.vertamedia.com https://*.virtualearth.net https://ad.atdmt.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net https://connect.facebook.net https://ct.pinterest.com https://ds-aksb-a.akamaihd.net https://js.braintreegateway.com https://nextdoor.com https://s.pinimg.com https://s.yimg.com https://s.ytimg.com https://sc-static.net https://*.snapchat.com https://sp.analytics.yahoo.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.xx.fbcdn.net https://tags.tiqcdn.com https://www.googleadservices.com https://www.paypal.com https://www.paypalobjects.com https://www.youtube.com https://rafd.bingstatic.com https://web.btncdn.com https://ink1001.com.micpn.com https://www.googletagmanager.com https://analytics.tiktok.com https://*.liadm.com https://cdn.quantummetric.com https://*.go-mpulse.net https://*.kaptcha.com; img-src data: blob: https://*.akamaihd.net https://*.bing.com https://*.clicktale.net https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.everesttech.net https://*.googleapis.com https://*.gstatic.com https://*.here.com https://*.ispot.tv https://*.mathtag.com https://*.nextdoor.com https://*.paypal.com https://www.paypalobjects.com https://*.pinterest.com https://*.postrelease.com https://*.turn.com https://*.virtualearth.net https://*.yp.com https://assets.braintreegateway.com https://checkout.paypal.com https://*.agkn.com https://dsum-sec.casalemedia.com https://i.ytimg.com https://pinterest.adsymptotic.com https://*.tapad.com https://px.moatads.com https://ssl.google-analytics.com https://static.xx.fbcdn.net https://t.co https://www.facebook.com https://www.google.com https://s.amazon-adsystem.com https://*.yahoo.com https://rp.liadm.com/ https://beacon.krxd.net https://click.exacttarget.com https://click.s11.exacttarget.com https://analytics.tiktok.com https://*.liadm.com https://alb.reddit.com/ https://analytics.twitter.com https://*.akstat.io https://www.googleadservices.com https://trkn.us https://*.kaptcha.com https://*.w55c.net https://pixel.rubiconproject.com https://idsync.rlcdn.com; frame-src blob: data: https://*.appdynamics.com https://*.cardinalcommerce.com https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googlesyndication.com https://*.kaptcha.com https://*.pinterest.com https://*.snapchat.com https://assets.braintreegateway.com https://*.paypal.com https://cdnssl.clicktale.net https://d.agkn.com https://pixel.mathtag.com https://pixel.tapad.com https://r.dlx.addthis.com https://snap.adbrn.com https://so.rlcdn.com https://www.youtube.com https://x.skimresources.com bytedance: sslocal: https://*.powerbi.com https://www.paypalobjects.com; child-src blob: https://*.dominos.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net https://*.kaptcha.com; worker-src blob: https://*.dominos.com https://cdnssl.clicktale.net; connect-src blob: https://*.akamaihd.net https://*.bing.com https://*.braintree-api.com https://*.clicktale.net https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.here.com https://*.moatads.com https://*.nextdoor.com https://*.omtrdc.net https://*.raygun.com https://*.raygun.io https://*.vertamedia.com https://*.virtualearth.net https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://client-analytics.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://col.eum-appdynamics.com https://ct.pinterest.com https://ssp.lkqd.net https://*.paypal.com https://*.launchdarkly.com https://*.cybersource.com https://*.aciondemand.com https://*.googleapis.com https://*.liadm.com/ https://analytics.tiktok.com https://*.snapchat.com https://*.quantummetric.com https://*.akstat.io https://*.go-mpulse.net https://*.akamaihd.net https://*.kaptcha.com https://*.googlesyndication.com https://*.microsoftonline.com https://www.redditstatic.com https://*.pinterest.com https://*.tealiumiq.com; 1
form-action 'self'; default-src 'self'; img-src 'self' data:; script-src 'self'; base-uri 'none'; frame-ancestors 'none' 1
default-src 'self' *.brightcove.com *.browser-intake-datadoghq.com *.coveo.com *.criteo.com *.criteo.net *.demdex.net *.doubleclick.net *.eloqua.com *.ensighten.com *.experian.com *.experiancs.com *.experiandirect.com *.freecreditreport.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.teads.tv *.pinterest.com *.hotjar.com *.iesnare.com *.infogram.com *.liadm.com *.linkedin.com *.optmster.com *.optmstr.com *.optnmnstr.co *.optnmnstr.com *.optnmstr.com *.powerreviews.com *.soundcloud.com *.tableau.com *.twitter.com *.twonil.com *.vimeo.com *.yahooapis.com *.youtube.com *.hubapi.com *.hubspot.com *.tt.omtrdc.net adobetag.com api.company-target.com api.experianmarketingservices.com api.instagram.com api.jublo.net api.omniture.com app.optinmonster.com apps.rokt.com assets.adobedtm.com bat.bing.com businesscreditfacts.com cdn.appdynamics.com cdn.syndication.twimg.com cdn.taboola.com cdnjs.cloudflare.com code.highcharts.com connect.facebook.net contractorcheck.com d.net.google.com d.turn.com dev.visualwebsiteoptimizer.com embed.pscp.tv experianservicescorp.122.2o7.net fbcdn.net forms.hubspot.com freecreditscore.com graph.facebook.com googleapis.com hooks.slack.com img.en25.com info.inbound-bis.com itunes.apple.com js.bizographics.com js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.net jsonip.com js.usemessages.com loadm.exelator.com m.addthis.com m.addthisedge.com maps.google.com maxcdn.bootstrapcdn.com mediaplayer.yahoo.com moodysanalytics.com optinmonster.com pixel.tapad.com play.google.com players.brightcove.net plus.google.com pt.ispot.tv rtd-tm.everesttech.net s.amazon-adsystem.com s.yimg.com s.ytimg.com s7.addthis.com scontent.cdninstagram.com scontent.xx.fbcdn.net scripts.demandbase.com secure.adnxs.com secure.leadback.advertising.com securetracking.adsprotection.com *.xg4ken.com smartbusinessreports.com https://sc-static.net *.snapchat.com snap.licdn.com sp.analytics.yahoo.com ssl.google-analytics.com static.ads-twitter.com sync.tidaltv.com tag.demandbase.com tagmanager.google.com trc.taboola.com twemoji.maxcdn.com video.xx.fbcdn.net vjs.zencdn.net widget.surveymonkey.com widgets.outbrain.com https://*.brightfunnel.com http://*.hotjar.com https://*.hotjar.com https://*.hsadspixel.net https://*.jsdelivr.net https://*.mstrlytcs.com https://a.optmnstr.com https://api.optmnstr.com https://autocomplete.demandbase.com http://autocomplete.demandbase.com ws://*.hotjar.com wss://*.hotjar.com *.edq.com www.facebook.com www.google-analytics.com www.google.com http://www.google.com www.googleadservices.com www.googletagmanager.com www.slideshare.net www.youtube.com globalsiteanalytics.com *.mczbf.com *.sjwoe.com analytics.tiktok.com cdn.pdst.fm *.trustpilot.com trkn.us us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm *.qualtrics.com analytics.google.com *.nextdoor.com *.google.com *.yoast.com yoast.com *.datadoghq-browser-agent.com *.datadoghq.com *.yieldmo.com pix.pub *.biocatch.com *.we-stats.com activitymap.adobe.com *.branch.io app.link *.app.link s.pinimg.com unpkg.com *.inmobicdn.net analytics-sm.com 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; font-src * data:; frame-ancestors 'self' 1
frame-ancestors statsig.com *.statsig.com 'self' 1
default-src * 'unsafe-inline' 'unsafe-eval' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: ; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 'unsafe-eval'; media-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline' 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com pinterest-yamagata.s3.amazonaws.com pinterest-yamagata.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.sofort.com *.tink.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.youtube-nocookie.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-1ccaa97163c6afaf682bfe50c6c01f36' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=1011208324128266; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=1011208324128266 1
frame-ancestors 'self' *.wallet.airpay.sg *.shopee.kr *.airpay.sg *.shopeemobile.com *.shopee.sg *.shopee.cn *.shopee.io *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://polygon.coral.coralproject.net/api/graphql/live; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self' maxcdn.bootstrapcdn.com *.maxcdn.bootstrapcdn.com in.hotjar.com *.in.hotjar.com *.hotjar.com *.licdn.com stats.g.doubleclick.net *.stats.g.doubleclick.net ajax.googleapis.com *.ajax.googleapis.com apis.google.com *.apis.google.com google.com *.google.com cdnjs.cloudflare.com *.cdnjs.cloudflare.com ajax.googleapis.com *.ajax.googleapis.com google-analytics.com *.google-analytics.com *.fontawesome.com *.googletagmanager.com *.js.ubembed.com *.ads.linkedin.com *.linkedin.com *.google.com.ua *.facebook.com *.gravatar.com q.quora.com *.hotjar.io hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.com api-iam.intercom.io *.licdn.com cdn.linkedin.oribi.io *.taboola.com; img-src * data:; frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' http: https: ; style-src * 'unsafe-inline'; media-src *; frame-src *;font-src * 'self' data:; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.travelandleisure.com 1
default-src 'self' ; style-src  https: 'unsafe-inline'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' https://top-fwz1.mail.ru/ https://yastatic.net/ https://cdn.ckeditor.com/ https://morp.firstvds.ru/ https://vk.com/ https://www.youtube.com/ https://cse.google.com/ https://*.chathost.ru/ https://*.carrotquest.app/ https://www.googletagmanager.com/ https://www.google.com/ https://my.firstvds.ru/ https://www.google-analytics.com/ https://mc.yandex.ru/ https://mc.yandex.com/ https://www.gstatic.com/ 'unsafe-inline'; img-src * data: blob:; connect-src 'self' https://analytics.google.com/ https://stats.g.doubleclick.net/ https://api.carrottrack.app/ https://www.google-analytics.com/ https://*.carrottrack.io/ https://*.carrotquest.app/ wss://*.carrotquest.app/ https://mc.yandex.ru/ https://mc.yandex.com/ https://*.chathost.ru/; frame-src 'self' https://mc.yandex.ru/ https://morp.firstvds.ru/ https://www.youtube.com/ https://www.google.com/; font-src 'self' data: https://fonts.gstatic.com/ https://*.carrotquest.app/; media-src 'self' https://*.carrotquest.app/; object-src 'none'; frame-ancestors 'self' https://metrika.yandex.ru/ http://webvisor.com; 1
frame-ancestors https://adm.findagrave.com 1
upgrade-insecure-requests; default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.smart-cloud-intelligence.com/ https://secure.smart-cloud-intelligence.com/js/ https://secure.smart-cloud-intelligence.com/Track/ https://secure.smart-cloud-intelligence.com/js/269760.js https://secure.smart-cloud-intelligence.com/Track/Capture.aspx https://secure.365syndicate-smart.com/js/794216.js https://*.365syndicate-smart.com/ https://secure.365syndicate-smart.com/Track/ https://secure.365syndicate-smart.com/Track/Capture.aspx https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/ https://*.list-manage.com/; img-src 'self' data: https://fia-tech.com https://www.paypalobjects.com/ https://www.greatplacetowork.com/images/profiles/7037816/ https://secure.gravatar.com/avatar/; object-src 'self' data: https://fia-tech.com https://*.paypal.com/ https://*.stripe.com/ https://player.vimeo.com/; frame-src 'self' data: https://fia-tech.com https://*.paypal.com/ https://*.stripe.com/ https://player.vimeo.com/; 1
frame-ancestors frame-ancestors 'self' 1
frame-ancestors https://*.mintegral.com 1
frame-ancestors 'self' https://*.joyn.de https://app.datadoghq.eu; 1
default-src 'self'; font-src 'self' fonts.gstatic.com; frame-src 'self' *.googletagmanager.com *.doubleclick.net https://*.google.com https://*.youtube.com https://accounts.google.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://ssl.gstatic.com/brand-architecture/ *.googletagmanager.com *.google-analytics.com *.googleadservices.com https://*.youtube.com https://*.ytimg.com https://apis.google.com https://accounts.google.com/gsi/client https://www.googleoptimize.com https://www.gstatic.com https://ajax.googleapis.com *.thinkwithgoogle.com *.thinkwithgoogle.goog 'strict-dynamic' 'sha256-vi9h3P9VjInsPsB9kwZuXKMHKiagz9KnOkuXOVX7O1g=' 'sha256-X0JWsAG/k2sIeTfXAL+VH5SdA6bef2aT/CoRG/FEQFc=' 'sha256-uV3MJak3jcDQZeDpjoi5NuUOKAQe8qE+Z+MpOCWxhpE=' 'sha256-0Cqwq2yr0A7o9kZpqY/cNveUUoUADOFM99v4/8FS4i4=' 'sha256-niUgG4ChWvW/z2qZLGjXATgbPm7xEiQOwFelweUfAuI=' 'sha256-6MAtiH3nKhs3pPODS8FGHaYy+lVAsIOG7qtjsDXoiGI=' 'sha256-5ZYQZbSDXHiq7Ah2brCxM88kr3r4esTrsuuZ29F0p4U=' 'sha256-Q6WEaEVeLip353B+a9OqeJkwUHRDfZIxaBlJpp2O4ns=' https://www.thinkwithgoogle.com 'nonce-E0f8JsaObjZkfs6Rq69FHA==' *.google.com; connect-src *.google.com 'self' https://analytics.google.com https://www.google-analytics.com https://releases.wagtail.io https://stats.g.doubleclick.net https://adservice.google.com/pagead/regclk *.google-analytics.com *.analytics.google.com *.googlesyndication.com https://accounts.google.com/gsi/ https://www.gstatic.com https://googleads.g.doubleclick.net/; media-src 'self' *.googleapis.com; base-uri 'none'; img-src 'self' data: *.googleapis.com https://*.googleadservices.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://*.doubleclick.net https://*.google.com *.youtube.com https://*.ytimg.com https://*.googleusercontent.com https://www.google.com.co/ads/ga-audiences https://csi.gstatic.com https://fonts.gstatic.com https://www.gstatic.com https://www.thinkwithgoogle.com *.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://accounts.google.com/gsi/style https://optimize.google.com https://www.gstatic.com https://gstatic.com *.googletagmanager.com https://www.thinkwithgoogle.com; object-src 'none' 1
default-src 'self' data: https://*.cafebazaar.ir https://*.cafebazaar.cloud ; frame-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cafebazaar.ir https://*.cafebazaar.cloud https://tagmanager.google.com https://imasdk.googleapis.com https://s0.2mdn.net https://adservice.google.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.jsdelivr.net; worker-src 'self' data: blob: https://*.cafebazaar.ir https://*.cafebazaar.cloud; style-src 'self' data: 'unsafe-inline' https://*.cafebazaar.ir https://*.cafebazaar.cloud https://tagmanager.google.com https://fonts.googleapis.com; img-src * data: blob: android-webview-video-poster:; font-src * data:; connect-src *; media-src * data: blob: blob: https://*.cafebazaar.ir https://*.cafebazaar.cloud; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' https://console.wetest.net https://beacon.woa.com/ https://*.qq.com https://*.wetest.net 1
frame-ancestors 'self'; report-uri https://www.ge.com/report-uri/enforce 1
report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-kf94Qa1t3vSzYOi5jqpBZ6TvSis=' 'nonce-/VqyDD4FxTmWq89Rze/jNF1lb5U=' 1
default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; 1
connect-src 'self' wss://*.zopim.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; frame-ancestors 'self' https://*.adobemsbasic.com https://*.adobe.com https://*.lingotek.com https://*.nuance.com https://nuance.seismic.com; frame-src 'self' https:; upgrade-insecure-requests; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; img-src data: http://www.w3.org/2000/svg https:; 1
font-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://js-agent.newrelic.com https://s7.addthis.com https://www.googletagmanager.com https://www.google-analytics.com https://bam.nr-data.net https://m.addthis.com https://z.moatads.com https://cdnjs.cloudflare.com https://polyfill.io; script-src-elem 'self' 'unsafe-inline' https://nb-sec-nber.pantheonsite.io https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://js-agent.newrelic.com https://www.googletagmanager.com https://www.google-analytics.com https://bam.nr-data.net https://s7.addthis.com https://m.addthis.com https://z.moatads.com https://cdnjs.cloudflare.com https://polyfill.io; style-src-elem 'self' 'unsafe-inline'; frame-ancestors 'self'; upgrade-insecure-requests 1
base-uri 'self'; default-src 'self'; connect-src 'self' blob: https://tenor.com https://*.tenor.co https://*.tenor.com https://*.googleapis.com https://*.google-analytics.com https://*.doubleclick.net https://pixel.mtrcs.samba.tv; script-src 'self' data: blob: https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com https://*.google-analytics.com https://*.googletagmanager.com https://*.facebook.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://pixel.mtrcs.samba.tv https://*.google.com 'nonce-NjA5NjliNzYtOTY4Mi00OGMyLWI4NzQtNDc0MTkxMDJlNDAw' 'unsafe-eval'; style-src 'self' https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com https://*.googleapis.com https://*.googletagmanager.com 'unsafe-inline'; font-src 'self' https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com https://*.gstatic.com; img-src 'self' blob: data: https://media.tenor.co https://media.tenor.com https://media1.tenor.co https://media1.tenor.com https://c.tenor.com/ https://tenor.googleapis.com/ https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://pixel.mtrcs.samba.tv http: https:; media-src 'self' blob: data: https://media.tenor.co https://media.tenor.com https://media1.tenor.co https://media1.tenor.com https://c.tenor.com/; frame-src 'self' https://www.google.com/recaptcha/ https://www.facebook.com/tr/ https://*.google.com https://*.googleapis.com; object-src 'none' 1
connect-src 'self' 'unsafe-inline' https://sg.mmstat.com https://www.google-analytics.com https://g.alicdn.com; default-src 'self'; style-src 'self' 'unsafe-inline' https://lazada-com.oss-ap-southeast-1.aliyuncs.com https://unpkg.com/aos@3.0.0-beta.6/dist/aos.css https://g.alicdn.com https://dev.g.alicdn.com; object-src 'none'; frame-src 'self' 'unsafe-inline' https://www.youtube.com https://sg.mmstat.com https://g.alicdn.com; frame-ancestors 'self'; font-src 'self' https://lazada-com.oss-ap-southeast-1.aliyuncs.com; media-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://lazada-com.oss-ap-southeast-1.aliyuncs.com https://code.jquery.com https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com/bootstrap/ https://www.google-analytics.com/analytics.js https://unpkg.com/aos@3.0.0-beta.6/dist/aos.js https://g.alicdn.com https://dev.g.alicdn.com https://www.youtube.com https://sg.mmstat.com; img-src 'self' data: https://lazada-com.oss-ap-southeast-1.aliyuncs.com/ https://www.google-analytics.com https://g.alicdn.com https://dev.g.alicdn.com https://lzd-aut-lazada-com-staging.oss-ap-southeast-1.aliyuncs.com/ https://sg.mmstat.com https://umdc.alibaba-inc.com/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://cdnjs.cloudflare.com/ajax/libs/velocity/1.2.2/velocity.min.js https://cdnjs.cloudflare.com/ajax/libs/velocity/1.2.2/velocity.ui.min.js https://cdnjs.cloudflare.com/ajax/libs/datatables/1.10.12/js/jquery.dataTables.min.js https://cdnjs.cloudflare.com/ajax/libs/datatables/1.10.12/js/dataTables.bootstrap.min.js https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/* https://www.googletagmanager.com/* https://cdn.popt.in/pixel.js https://www.google-analytics.com/analytics.js https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js https://player.ooyala.com/static/v4/production/analytics-plugin/googleAnalytics.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js https://www.googletagmanager.com/gtag/js https://analytics.google.com/* https://www.googletagmanager.com/debug/bootstrap https://www.googletagmanager.com/debug/badge https://web-chat.nativechat.com/3.12.2/sdk/nativechat.js; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css https://cdnjs.cloudflare.com/ajax/libs/datatables/1.10.12/css/dataTables.bootstrap.min.css https://cdn.popt.in/css/heb-fonts.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css https://cdn.popt.in/css/poptin-style-en.css https://cdn.popt.in/css/poptin-animations.css https://www.gpo.gov/CustomResources/css/scrolling-nav-index.css https://www.googletagmanager.com/debug/badge.css https://fonts.popt.in https://cdn.popt.in https://web-chat.nativechat.com/3.12.2/sdk/nativechat.css; font-src 'self' fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/fonts/fontawesome-webfont.woff2 https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/fonts/fontawesome-webfont.woff https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/fonts/fontawesome-webfont.ttf kendo.cdn.telerik.com netdna.bootstrapcdn.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.ttf data: https://cdn.popt.in/fonts/fontawesome/fa-brands-400.woff2 https://cdn.popt.in/fonts/fontawesome/fa-brands-400.ttf; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://web-chat.nativechat.com/; media-src 'self' data: blob:; frame-src https://www.google.com/ https://www.facebook.com/ https://www.gpo.gov/ https://www.youtube.com/ https://web-chat.nativechat.com/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' d3lopmpcew67el.cloudfront.net accounts.google.com https://www.google-analytics.com/j/collect https://stats.g.doubleclick.net/j/collect https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://display.popt.in/APIRequest/68463719072e4 https://display.popt.in/APIRequest/viewed/ee6c12968a725 https://display.popt.in/APIRequest/conversion/ https://analytics.google.com/* https://www.googletagmanager.com/* https://analytics.google.com/g/collect https://stats.g.doubleclick.net/g/collect; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.consentmanager.net *.etracker.com *.etracker.de *.leadinfo.net *.leadinfo.com; img-src * data:; frame-ancestors 'none'; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.website-files.com https://*.prod.website-files.com https://uploads-ssl.webflow.com https://webflow.com https://*.survicate.com https://*.survicate-cdn.com https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://static.intercomassets.com https://*.cookiepro.com geolocation.onetrust.com https://www.googletagmanager.com https://d3e54v103j8qbb.cloudfront.net https://*.google-analytics.com https://*.googlesyndication.com https://*.analytics.google.com https://analytics.google.com https://adservice.google.com www.googleadservices.com https://stats.g.doubleclick.net https://td.doubleclick.net https://rec.smartlook.com https://*.smartlook.cloud https://web-sdk.smartlook.com https://assets.calendly.com https://tracking.g2crowd.com https://cdn.mxpnl.com https://api-js.mixpanel.com https://snap.licdn.com https://js.hs-scripts.com https://js.hsleadflows.net https://js.hs-analytics.net https://js.hs-banner.com *.hsforms.net *.hsforms.com https://forms.hubspot.com https://tag.clearbitscripts.com https://*.clearbit.com https://x.clearbitjs.com https://js.partnerstack.com partnerlinks.io https://grsm.io https://dev.visualwebsiteoptimizer.com https://px.ads.linkedin.com *.sharethis.com ipapi.co https://www.youtube-nocookie.com https://www.youtube.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://calendly.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.linkedin.com/ https://bcp.crwdcntrl.net https://*.recruiteecdn.com https://*.recruitee.com https://cdn.embedly.com/ https://*.demio.com https://tube.rvere.com; media-src https: data:; img-src https: data:; report-to csp-endpoint-landing; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net https://fp.zenaps.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.dwin1.com/ https://www.youtube.com/iframe_api https://s.ytimg.com https://assets.planethoster.com/ https://maps.googleapis.com/ https://ads2.adverline.com/ https://tags.dynamo.one/ https://smct.co/ https://apis.google.com/ https://widget.trustpilot.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://bat.bing.com/ https://lantern.roeyecdn.com/ https://googleads.g.doubleclick.net/ https://www.clarity.ms/; img-src 'self' www.facebook.com data: https://www.planethoster.com/ https://assets.planethoster.com/ https://maps.gstatic.com/ https://smct.co/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.ca/ https://www.google.fr/ https://www.google.be/ https://www.google.ch/ https://bat.bing.com/ https://lantern.roeye.com/ https://c.clarity.ms/; font-src 'self' data: fonts.gstatic.com https://assets.planethoster.com/; frame-src https://www.awin1.com/ https://www.zenaps.com/ https://ads2.adverline.com/ https://staticxx.facebook.com/ https://www.google.com/ https://www.facebook.com/ https://player.vimeo.com https://www.youtube.com/ https://tags.dynamo.one/ https://smct.co/ https://accounts.google.com/ https://widget.trustpilot.com/ https://td.doubleclick.net/; connect-src 'self' https://www.facebook.com/ https://stats.g.doubleclick.net/ https://fp.zenaps.com/ https://assets.planethoster.com/ https://smct.co/ https://widget.trustpilot.com/ https://www.google-analytics.com/ https://pagead2.googlesyndication.com/ https://bat.bing.com/ https://z.clarity.ms/; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://assets.planethoster.com/; 1
connect-src 'self' *.googleapis.com *.google.com *.gstatic.com *.vimeo.com/api/ vimeo.com/api/ *.bc0a.com/ *.google-analytics.com/ *.zoomph.com youtube.com stats.g.doubleclick.net marvel-b1-cdn.bc0a.com home.dartmouth.edu cse.google.com *.withgoogle.com *.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' fonts.gstatic.com *.googleusercontent.com; frame-src 'self' *.google.com player.vimeo.com/video/ *.dartmouth.edu/ *.amazonaws.com *.zoomph.com *.youtube.com youtube.com twitter.com *.spotify.com *.soundcloud.com soundcloud.com pollev-embeds.com mosaically.com lottiefiles.com giphy.com *.bc0a.com marvel-b1-cdn.bc0a.com home.dartmouth.edu *.withgoogle.com *.googleadservices.com www.vimeo.com *.twitter.com orders-bb.us-east-1.widencdn.net *.widencdn.net; img-src 'self' *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com *.bc0a.com *.zoomph.com *.youtube.com youtube.com marvel-b1-cdn.bc0a.com *.dartmouth.edu *.withgoogle.com *.googleadservices.com *.google-analytics.com www.vimeo.com *.googletagmanager.com *.global.siteimproveanalytics.io orders-bb.us-east-1.widencdn.net *.widencdn.net data: www.w3.org/2000/svg https://www.google-analytics.com https://www.googletagmanager.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' *.zoomph.com *.dartmouth.edu *.bc0a.com *.googletagmanager.com www.googletagmanager.com *.youtube.com youtube.com *.google-analytics.com stats.g.doubleclick.net marvel-b1-cdn.bc0a.com home.dartmouth.edu cse.google.com *.google.com *.withgoogle.com *.googleadservices.com www.vimeo.com https://cdn.bc0a.com https://cdnjs.cloudflare.com https://platform.twitter.com https://player.vimeo.com https://www.youtube.com platform.instagram.com platform.twitter.com; script-src-elem 'self' 'unsafe-inline' *.zoomph.com *.dartmouth.edu *.bc0a.com *.googletagmanager.com www.googletagmanager.com *.youtube.com youtube.com *.google-analytics.com stats.g.doubleclick.net marvel-b1-cdn.bc0a.com home.dartmouth.edu cse.google.com *.google.com *.withgoogle.com *.googleadservices.com www.google.com *.vimeo.com vimeo.com siteimproveanalytics.com *.googleapis.com https://cdn.bc0a.com https://cdnjs.cloudflare.com https://platform.twitter.com https://player.vimeo.com https://www.youtube.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.googleusercontent.com *.bc0a.com home.dartmouth.edu *.google.com *.withgoogle.com *.googleadservices.com https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' *.rocketalumnisolutions.com *.bc0a.com home.dartmouth.edu *.google.com *.withgoogle.com *.googleadservices.com orders-bb.us-east-1.widencdn.net *.widencdn.net 1
script-src 'nonce-kLdEoLLizjaH/cnHFc6NsQ==' 'strict-dynamic' 'unsafe-eval' 'report-sample' https: 'unsafe-inline'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=FN7TXR-brmRf-trf2WZcHGABEhjjA3rRO3AiSIS2QClB23Czx14gpY37yPwdiGQS&policy_id=10&user_id=&request_id=95d6156f-f76b-43d3-bfac-13ca7409bf75; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
upgrade-insecure-requests; script-src 'self' *.harborfreight.com www.redditstatic.com ads.nextdoor.com *.perimeterx.net *.px-cdn.net *.px-cloud.net *.pxchk.net *.px-client.net cdn.mxpnl.com s.trackonomics.net client.px-cloud.net t.ssl.ak.dynamic.tiles.virtualearth.net dev.virtualearth.net tpc.googlesyndication.com ygscdn.azureedge.net analytics.tiktok.com login-ds.dotomi.com login.dotomi.com api.securedvisit.com track.securedvisit.com content.securedvisit.com  track.sv.rkdms.com images.securedvisit.com tr2.smarterhq.io d1n00d49gkbray.cloudfront.net members.cj.com cj.com cdn.480app.com cdn.cookielaw.org view.publitas.com pixel.mathtag.com *.cdn-net.com *.accdab.net *.dynamicyield.com *.oracleinfinity.io *.googletagmanager.com docs.paymentjs.firstdata.com bat.bing.com www.youtube.com s.ytimg.com *.bing.com *.vimeo.com cdns.brsrvr.com www.google-analytics.com *.adobetag.com *.gstatic.com cdn.tt.omtrdc.net harborfreight.tt.omtrdc.net px.owneriq.net *.res-x.com seal.verisign.com *.google.com *.igodigital.com *.akamaihd.net *.googleadservices.com *.google-analytics.com *.doubleclick.net *.demdex.net *.mouseflow.com *.fastly.net *.sitelabweb.com mpsnare.iesnare.com *.googleapis.com *.payeezy.com *.facebook.net *.facebook.com *.newrelic.com *.nr-data.net *.nmgassets.com *.turnto.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.harborfreight.com www.googletagmanager.com rwww.bing.com www.bing.com r.bing.com members.cj.com cj.com *.dynamicyield.com *.googleapis.com *.akamaihd.net *.turnto.com *.vimeo.com *.fontawesome.com tagmanager.google.com 'unsafe-inline'; img-src 'self' blob: data: alb.reddit.com icon.parcellab.com cdn.parcellab.com ad.doubleclick.net flask.nextdoor.com pippio.com www.bing.com r.bing.com t.ssl.ak.dynamic.tiles.virtualearth.net region1.google-analytics.com region1.analytics.google.com login.dotomi.com 805793671.privacysandbox.googleadservices.com crrecommendedmark.org analytics.tiktok.com 10563850.fls.doubleclick.net login-ds.dotomi.com api.securedvisit.com track.securedvisit.com content.securedvisit.com  track.sv.rkdms.com images.securedvisit.com *.cdnwidget.com tr2.smarterhq.io cdn.cookielaw.org cdn.dynamicyield.com *.harborfreight.com pixel.mathtag.com *.oracleinfinity.io *.googletagmanager.com cx.atdmt.com www.googleadservices.com bat.bing.com p.brsrvr.com *.akamaihd.net akamai.mathtag.com *.edgecastcdn.net *.www.turnto.com *.youtube.com *.ytimg.com *.vimeocdn.com px.owneriq.net *.g.doubleclick.net www.google-analytics.com *.ggpht.com *.google.com images.scanalert.com *.facebook.com scontent.xx.fbcdn.net ssl.gstatic.com *.sitelabweb.com *.igodigital.com *.cloudinary.com *.googleapis.com *.abmr.net *.gstatic.com *.nr-data.net *.norton.com *.nmgplatform.com *.marinsm.com cdn.ywxi.net; worker-src blob: 'self' *.perimeterx.net *.px-cdn.net *.px-cloud.net *.pxchk.net *.px-client.net *.akamaihd.net player.vimeo.com www.google.com *.youtube.com youtube.com *.cloudinary.com *.facebook.com *.nr-data.net *.apply2jobs.com; connect-src 'self' *.harborfreight.com hft-prod.actioniq.mr-in.com www.redditstatic.com pixel-config.reddit.com conversions-config.reddit.com *.brsrvr.com www.googletagmanager.com analytics.pangle-ads.com pagead2.googlesyndication.com direct-collect.dy-api.com gs.nmgassets.com *.px-client.net privacyportal-harborfreight.my.onetrust.com s.tracknomics.net *.px-cdn.net *.px-cloud.net *.pxchk.net t.ssl.ak.tiles.virtualearth.net t.ssl.ak.dynamic.tiles.virtualearth.net dev.virtualearth.net www.bing.com region1.google-analytics.com region1.analytics.google.com ascpqnj-oam.global.ssl.fastly.net maps.googleapis.com analytics.google.com crrecommendedmark.org analytics.tiktok.com *.cdnwidget.com *.cdnbasket.net tr2.smarterhq.io pixel.mathtag.com privacyportal.onetrust.com cdn.cookielaw.org *.accdab.net *.dynamicyield.com www.facebook.com *.nmgplatform.com *.demdex.net *.sitelabweb.com *.nr-data.net *.akamaihd.net *.cloudinary.com *.google-analytics.com *.mouseflow.com *.doubleclick.net vimeo.com fonts.googleapis.com use.fontawesome.com fonts.gstatic.com bat.bing.com 1
default-src * data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googlesyndication.com *.google.com *.google.com.sg *.google.com.br *.google-analytics.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleoptimize.com *.facebook.net *.facebook.com *.bing.com *.clarity.ms *.builder.io builder.io *.datadome.co https://static.ads-twitter.com https://edge.fullstory.com *.hotjar.io *.hotjar.com https://browser-intake-datadoghq.com *.tiktok.com https://cdnjs.cloudflare.com *.scorecardresearch.com; img-src 'self' data: *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googlesyndication.com *.google.com *.google.com.sg *.google.com.br *.google-analytics.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleoptimize.com *.facebook.net *.facebook.com *.bing.com *.clarity.ms *.twitter.com https://secure.gravatar.com *.ytimg.com *.hotjar.com *.scorecardresearch.com *.krxd.net *.navdmp.com *.builder.io *.tiktok.com s3-sa-east-1.amazonaws.com/frame-image-br/bg.png; object-src 'none'; style-src 'unsafe-inline' *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googleapis.com *.datadome.co *.hotjar.com; connect-src 'self' *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googlesyndication.com *.google.com *.google.com.sg *.google.com.br *.google-analytics.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleoptimize.com *.googleapis.com *.bing.com *.clarity.ms *.builder.io builder.io *.datadome.co https://browser-intake-datadoghq.com https://logs.browser-intake-datadoghq.com https://apigw-commons-prd.ecsbr.net https://apigw-commons-hml.ecsbr.net wss://*.hotjar.com *.hotjar.io *.hotjar.com *.tiktok.com *.facebook.com *.creativecdn.com *.criteo.com; frame-ancestors 'self' *.builder.io builder.io; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubf04a976b916505501a2a6a2ad08ea01a&dd-evp-origin=content-security-policy&ddsource=csp-report; worker-src 'self' blob: *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.builder.io builder.io https://browser-intake-datadoghq.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://content.linkedin.com https://platform.linkedin.com https://services.tmpwebeng.com https://static-exp1.licdn.com https://snap.licdn.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://cdn-ukwest.onetrust.com https://code.jquery.com https://geolocation.onetrust.com https://googletagmanager.com https://google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com;style-src 'self' 'unsafe-inline' *.google.com code.jquery.com fonts.googleapis.com privacyportal-cdn.onetrust.com www.googletagmanager.com https://services.tmpwebeng.com;object-src *.googlesyndication.com;child-src 'self' blob: *.google.com *.doubleclick.net *.googlesyndication.com www.googletagmanager.com;base-uri 'self';form-action 'self' *.google.com;worker-src 'self' blob: www.google.com;font-src 'self' https://fonts.gstatic.com;frame-src 'self' https://www.google.com https://www.youtube.com https://privacyportal.onetrust.com https://www.linkedin.com; 1
frame-ancestors 'self' *.wallet.airpay.co.th *.shopee.kr *.airpay.co.th *.shopeemobile.com *.shopee.co.th *.shopee.cn *.shopee.io *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.health.com 1
media-src yastatic.net;connect-src *.strm.yandex.net mc.yandex.com yandex.by yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru mc.yandex.by yabs.yandex.by yabs.yandex.ru tts.voicetech.yandex.net 'self' wss://webasr.yandex.net;img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru yandex.by 'self' yastatic.net data: mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.by mc.yandex.ru avatars.mds.yandex.net favicon.yandex.net blob:;script-src 'nonce-9JWIUkEmbvFkQT/4FCBGcA==' mc.yandex.com yastatic.net yandex.by mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.yandex.by;child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net mc.yandex.ru mc.yandex.md mc.yandex.by yandex.by yabs.yandex.by downloader.yandex.net *.cdn.yandex.net yabs.yandex.ru browser.yandex.ru browser.yandex.by blob: *.ya.ru *.yandex.ru ya.ru yandex.ru;style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.by&showid=1721955713833799-10869557464690602313-balancer-l7leveler-kubr-yp-vla-74-BAL&h=stable-portal-mordago-159.klg.yp-c.yandex.net&yandexuid=8906023131721955713&&version=2024-07-24-611&adb=0;default-src 'self' yastatic.net yastat.net;font-src yastatic.net 1
default-src 'self' *.filezilla-project.org; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * blob: 1
frame-ancestors *.adspower.com 1
connect-src *.strm.yandex.net mc.yandex.com yandex.com.tr yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru mc.yandex.com.tr tts.voicetech.yandex.net 'self' wss://webasr.yandex.net;img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru yandex.com.tr 'self' yastatic.net data: mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.com.tr mc.yandex.ru favicon.yandex.net avatars.mds.yandex.net blob:;script-src 'nonce-Qs7E1TrFVMRjqXu58bawmg==' mc.yandex.com yastatic.net yandex.com.tr mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.yandex.com.tr;child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net mc.yandex.ru mc.yandex.md mc.yandex.com.tr yandex.com.tr blob: *.ya.ru *.yandex.ru ya.ru yandex.ru;style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.com.tr&showid=1721955948247736-4959146294856983327-balancer-l7leveler-kubr-yp-sas-173-BAL&h=stable-portal-mordago-51.klg.yp-c.yandex.net&yandexuid=8569833271721955948&&version=2024-07-24-611&adb=0;media-src yastatic.net;default-src 'self' yastatic.net yastat.net;font-src yastatic.net 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https: android-webview-video-poster:;font-src 'self' data: https:;connect-src 'self' https: wss: blob: android-webview-video-poster:;manifest-src 'self' blob:;media-src 'self' data: https: blob:;object-src 'none';child-src 'self' https: data: blob:;form-action 'self' https: 1
default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: ; 1
font-src 'self' data:; frame-ancestors 'none' 1
child-src blob:; connect-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://telia-se.blueconic.net https://t944.telia.se https://n467.telia.se https://telia-se-b2b.blueconic.net https://*.doubleclick.net https://*.giosg.com https://*.giosgusercontent.com *.whisbi.com static.customersaas.com teliase-259.qelpcare.com static-accept.customersaas.com *.ace.teliacompany.com telia.humany.net *.kampyle.com *.medallia.eu *.decibelinsight.net *.decibel.com wss://*.decibelinsight.net https://*.adyen.com https://*.tf-b2c.com https://www.google-analytics.com ssgtm.telia.se https://optimizely.teliacompany.com; default-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io; font-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io *.whisbi.com static.customersaas.com static-accept.customersaas.com *.ace.teliacompany.com telia.humany.net *.kampyle.com *.medallia.eu https://*.tf-b2c.com data:; frame-src https://coverage.ddc.teliasonera.net https://glu2.han.telia.se https://*.doubleclick.net https://telia.bbvms.com static.customersaas.com static-accept.customersaas.com https://*.giosg.com https://*.giosgusercontent.com *.kampyle.com *.medallia.eu *.ace.teliacompany.com telia.humany.net https://*.adyen.com https://*.tf-b2c.com https://optimizely.teliacompany.com; img-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io https://cdn.cookielaw.org https://geolocation.onetrust.com *.whisbi.com https://dcosix8as1189.cloudfront.net https://s3-eu-west-1.amazonaws.com/whi-deck-bucket-001/ https://www.facebook.com/ d35v9wsdymy32b.cloudfront.net d3mwk3f7r8fv9u.cloudfront.net images.customersaas.com horizon-cms.s3.eu-central-1.amazonaws.com *.ace.teliacompany.com telia.humany.net https://telia-se.blueconic.net https://t944.telia.se https://n467.telia.se https://telia-se-b2b.blueconic.net *.kampyle.com *.medallia.eu https://*.adyen.com https://*.tf-b2c.com https://www.google-analytics.com https://www.google.com https://www.google.se https://www.googletagmanager.com https://optimizely.teliacompany.com data:; object-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io; report-uri /.api/csp-report/v1/report; script-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://telia-se.blueconic.net https://t944.telia.se https://n467.telia.se https://telia-se-b2b.blueconic.net https://*.giosg.com https://*.giosgusercontent.com *.whisbi.com https://connect.facebook.net static.customersaas.com static-accept.customersaas.com *.ace.teliacompany.com telia.humany.net *.kampyle.com *.medallia.eu *.decibelinsight.net *.decibel.com wss://*.decibelinsight.net https://*.adyen.com https://*.tf-b2c.com https://www.google-analytics.com https://www.googletagmanager.com ssgtm.telia.se blob: https://optimizely.teliacompany.com https://coverage.ddc.teliasonera.net https://glu2.han.telia.se 'unsafe-inline' 'unsafe-eval'; style-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io https://*.giosg.com https://*.giosgusercontent.com *.whisbi.com static.customersaas.com static-accept.customersaas.com *.ace.teliacompany.com telia.humany.net *.kampyle.com *.medallia.eu https://*.adyen.com https://*.tf-b2c.com https://telia-se.blueconic.net https://t944.telia.se https://n467.telia.se https://telia-se-b2b.blueconic.net 'unsafe-inline'; worker-src blob: 1
default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic' 'unsafe-inline' 'nonce-TkuOjxWaOOVAluUsQyzkHQ=='; style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.realsimple.com 1
default-src 'self' https://api.mixpanel.com; script-src 'self' 'unsafe-eval' 'nonce-vw/M1EJtfJm4SIes+W5PaCZGFTwAGtQUq/fcbk8QS9ZWpPve9CW6MVbxhTZeopQWzWf9HgCW2H9DE5IQs2sQjQ==' https://*.facebook.net https://www.facebook.com https://snap.licdn.com https://connect.liblynx.com https://sandbox.liblynx.com https://www.google-analytics.com https://optimize.google.com https://ssl.google-analytics.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://api.mixpanel.com https://www.googletagmanager.com https://kit.fontawesome.com https://use.fontawesome.com https://pro.fontawesome.com https://scholar.google.com https://api.altmetric.com https://d1bxh8uas1mnw7.cloudfront.net https://js.trendmd.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://connect.liblynx.com https://sandbox.liblynx.com https://stats.g.doubleclick.net https://cdn.mxpnl.com https://images.mxpnl.com https://badges.altmetric.com https://d1uo4w7k31k5mn.cloudfront.net https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io data:; connect-src 'self' https://shop.emerald.com/ https://www.facebook.com https://www.google-analytics.com https://api.mixpanel.com/ https://scholar.google.com https://*.trendmd.com https://cc.trendmd.co https://ka-p.fontawesome.com https://kit.fontawesome.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com https://d1bxh8uas1mnw7.cloudfront.net https://trendmd.s3.amazonaws.com https://css.trendmd.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' https://www.googletagmanager.com https://optimize.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; object-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk *.newrelic.com *.betrad.com bam.nr-data.net static.addtoany.com cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com *.cloudfront.net *.serving-sys.com 7225833.collect.igodigital.com connect.facebook.net stats.g.doubleclick.net *.googleoptimize.com cdn.jsdelivr.net static.ads-twitter.com snap.licdn.com *.googleadservices.com *.outbrain.com *.usabilla.com googleads.g.doubleclick.net analytics.twitter.com  cdn.hypemarks.com www.gstatic.com unpkg.com cdn.gbqofs.com c.lytics.io cdn.cookielaw.org addtocalendar.com d3js.org; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com cloud.typography.com *.google.com cdn.jsdelivr.net *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com c.lytics.io *.nestlepurinacareers.com *.nestlejobs.com unpkg.com *.cloudfront.net *.usabilla.com addtocalendar.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.cloudflare.com *.google-analytics.com stats.g.doubleclick.net ade.googlesyndication.com www.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to brand-ecommerce-assets.fusepump.com *.evidon.com nova.collect.igodigital.com *.facebook.com www.google.co.in *.outbrain.com *.cloudfront.net *.ads.linkedin.com *.googletagmanager.com t.co p.adsymptotic.com analytics.twitter.com cdn.cookielaw.org c.lytics.io *.cloudfront.net *.usabilla.com *.google.com cdn.jsdelivr.net app.bowencraggs.com *.staticflickr.com 'about:blank'; media-src 'self'; frame-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com *.doubleclick.net *.facebook.com *.google.com cdn.hypemarks.com *.cloudfront.net *.usabilla.com *.q4web.com; child-src 'self' blob: static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.cloudfront.net *.usabilla.com; connect-src 'self' brand-ecommerce-api.fusepump.com *.google-analytics.com collect.analyze.ly secure-ds.serving-sys.com bam.nr-data.net *.g.doubleclick.net cdnjs.cloudflare.com pagead2.googlesyndication.com *.linkedin.com *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com c.lytics.io *.cookielaw.org *.nestlepurinacareers.com https://olivia.paradox.ai unpkg.com *.google.com report.nestle.gbqofs.io wss://ws.paradox.ai *.tintup.com *.us-east-1.amazonaws.com *.cloudfront.net *.usabilla.com maps.googleapis.com addtocalendar.com cdn.jsdelivr.net; upgrade-insecure-requests 1
default-src 'self'; connect-src 'self' *.nr-data.net https://*.go-mpulse.net www.googletagmanager.com *.google-analytics.com https://*.akstat.io https://csp.withgoogle.com https://maps.googleapis.com *.nanorep.co *.nanorep.com *.monsido.com https://*.nr-data.net https://shyrka-prod-usw2.s3.us-west-2.amazonaws.com https://*.newrelic.com https://*.usw2.pure.cloud wss://*.usw2.pure.cloud *.weglot.com cdn-api-weglot.com *.qualtrics.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com; frame-src 'self' https://cse.google.com https://www.googletagmanager.com https://calendar.google.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.com *.tableau.com *.arcgis.com https://app.powerbi.us https://app.powerbigov.us https://*.usw2.pure.cloud *.qualtrics.com https://public.tableau.com https://iwddata.iwd.iowa.gov https://data.iowa.gov; img-src 'self' data: https: *.nr-data.net *.google.com www.googletagmanager.com *.qualtrics.com; object-src 'self' https://*.usw2.pure.cloud; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.nr-data.net https://*.go-mpulse.net https://cse.google.com https://googletagmanager.com https://js-agent.newrelic.com https://tagmanager.google.com https://www.google.com https://www.googletagmanager.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.com *.nanorep.co https://*.google.com https://*.newrelic.com https://*.usw2.pure.cloud *.weglot.com cdn-api-weglot.com *.qualtrics.com https://cdnjs.cloudflare.com https://unpkg.com public.tableau.com nonce-BfhHzgGKGoxZJjInVjOtAw; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com *.google.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.co *.nanorep.com https://partner.googleadservices.com https://maps.googleapis.com https://*.usw2.pure.cloud *.weglot.com cdn-api-weglot.com https://js-agent.newrelic.com https://s.go-mpulse.net *.qualtrics.com https://cdnjs.cloudflare.com https://cse.google.com https://unpkg.com public.tableau.com; style-src 'self' 'unsafe-inline' *.google.com www.googletagmanager.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.co *.nanorep.com https://fonts.googleapis.com *.weglot.com cdn-api-weglot.com *.qualtrics.com cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
connect-src 'self' https://chat.elster.de wss://chat.elster.de ; default-src 'self' ; font-src 'self' data: https://chat.elster.de ; form-action 'self' ; frame-ancestors 'self' ; img-src 'self' https://chat.elster.de ; media-src 'self' https://download.elster.de ; object-src 'none' ; script-src 'self' https://chat.elster.de ; style-src 'self' 'unsafe-inline' https://chat.elster.de 1
default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-Nzk3MTY1MGEtYTY1MC00NzhmLWIzODQtN2ZhZDlkZWEwMGMz' 'unsafe-inline' 'unsafe-eval'; img-src *; media-src https://*.cloudflarestream.com; font-src https://web-assets.stockx.com https://cash-f.squarecdn.com; connect-src 'self' http://www.google-analytics.com https://*; style-src 'self' 'unsafe-inline' https://web-assets.stockx.com https://checkoutshopper-live.adyen.com https://*.hub-box.com https://*.braintree-api.com https://*.braintreegateway.com https://*.adyen.com https://*.cash.app; frame-src https://* https://*; base-uri 'none'; object-src 'none'; report-to csp-endpoint 1
frame-ancestors default-src 'self' https://d2l.ucalgary.ca; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://plausible.io https://www.googletagservices.com https://cdn.cookielaw.org https://fonts.gstatic.com http://sb.scorecardresearch.com http://static.ads-twitter.com http://news.atptour.com https://news.atptour.com https://tunein.com https://r1-t.trackedlink.net/ https://bam-cell.nr-data.net/ https://vjs.zencdn.net/ https://itp-atp-sls.infosys-platforms.com/ https://www.riddle.com https://e.infogram.com https://www.googletagmanager.com/ https://imasdk.googleapis.com/ https://script.crazyegg.com/ https://googleads.g.doubleclick.net/ https://securepubads.g.doubleclick.net/ https://connect.facebook.net/ https://sb.scorecardresearch.com/ https://static.ads-twitter.com/ https://analytics.tiktok.com/ https://www.google-analytics.com/ https://livestream.com https://mail.tennisunited.co https://s0.2mdn.net/instream/video/client.js https://adservice.google.com.mx/adsid/integrator.js https://imasdk.googleapis.com/js/sdkloader/ima3.js https://js-agent.newrelic.com/ https://www.googleadservices.com/ https://bs.serving-sys.com/ https://adservice.google.com/ https://players.brightcove.net/ https://secure-ds.serving-sys.com/ https://tpc.googlesyndication.com/ https://c1.rfihub.net/ https://analytics.twitter.com/ https://www.instagram.com/ https://platform.twitter.com/ https://pagead2.googlesyndication.com/ https://r1.marketing-pages.com https://www.gstatic.com/ https://static.smartframe.io https://*.brightcove.com https://*.brightcove.net https://*.sportradar.com https://*.livestream.com https://*.shorthandstories.com https://*.shorthand.com https://*.sf-ads.io https://*.sf-insights.io https://*.sf-logs.io;style-src 'self' 'unsafe-inline' https://itp-atp-sls.infosys-platforms.com/ https://fonts.googleapis.com/ https://www.riddle.com https://news.atptour.com/ https://e.infogram.com https://avplayer-cdn.sportradar.com/ https://*.typekit.net https://*.shorthandstories.com https://*.shorthand.com ;worker-src blob: 1
default-src 'self' *.kpn.com; script-src 'self' cdn.blueconic.net kpn.blueconic.net assets.adobedtm.com *.kpn.com; style-src 'self'; img-src 'self'; font-src 'self'; connect-src 'self' kpn.blueconic.net; object-src 'self' 1
frame-ancestors 'self' https://fws.gov; 1
frame-ancestors 'self' *.miami.edu; 1
frame-ancestors *.3ds.com *.solidworks.com; base-uri 'self' 1
default-src https:; img-src data: https: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src https:; font-src data: https:; media-src blob: https:; worker-src https: 'unsafe-inline' 'unsafe-eval' blob:; 1
default-src 'self' https://*.google.com https://auth.zonatelecom.ru/ https://*.zonatelecom.ru *.zonatelecom.ru ws://*.zonatelecom.ru wss://*.zonatelecom.ru *.svc.team www.google-analytics.com https://vk.com https://mc.yandex.ru https://yastatic.net https://*.doubleclick.net http://*.zonatelecom.ru https://*.mail.ru https://*.yandex.ru https://*.maps.yandex.net https://widget.cloudpayments.ru/bundles/cloudpayments.js https://*.carrottrack.io wss://*.carrottrack.io  https://*.payselection.com wss://*.payselection.com ws://*.payselection.com;base-uri 'none';style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.zonatelecom.ru blob:;img-src 'self' https://cdn.zonatelecom.ru *.svc.team *.zonatelecom.ru https://www.google.com https://www.google.ru www.googletagmanager.com https://www.google-analytics.com https://vk.com https://*.vk.com https://mc.yandex.ru https://*.mail.ru https://*.maps.yandex.net https://*.yandex.ru data: blob: https:;connect-src https: 'self' wss: ws://bitrix24.zonatelecom.ru uaas.yandex.ru *.zonatelecom.ru wss://*.payselection.com;font-src 'self' fonts.gstatic.com;manifest-src 'self';object-src 'none';script-src 'self' https://*.svc.team http://*.svc.team https://auth.zonatelecom.ru/ https://*.zonatelecom.ru 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com https://vk.com https://mc.yandex.ru https://yastatic.net https://*.mail.ru https://*.yandex.ru https://*.maps.yandex.net https://widget.cloudpayments.ru/bundles/cloudpayments.js https://popup-static.unisender.com abt.s3.yandex.net https://*.carrottrack.io http://*.carrottrack.io wss://*.carrottrack.io  ws://*.carrottrack.io  https://*.payselection.com;frame-src 'self' https://*.payselection.com https://widget.cloudpayments.ru https://www.google.com https://bitrix24.zonatelecom.ru/ https://*.yandex.ru https://yandex.ru https://apps.zonatelecom.ru/ https://auth.zonatelecom.ru/ https://*.zonatelecom.ru/ https://www.zonatelecom.ru/ https://*.auth.svc.team https://*.payselection.com http://localhost:3000/ http://*.ztk-front.svc.team https://*.ztk-front.svc.team;frame-ancestors 'self' https://*.payselection.com https://widget.cloudpayments.ru https://www.google.com https://bitrix24.zonatelecom.ru/ https://yandex.ru https://apps.zonatelecom.ru/ https://auth.zonatelecom.ru/ https://*.zonatelecom.ru/ https://www.zonatelecom.ru/ https://*.auth.svc.team https://*.payselection.com http://localhost:3000/ http://*.ztk-front.svc.team https://*.ztk-front.svc.team 1
connect-src 'self' www.google-analytics.com stats.g.doubleclick.net ; default-src 'self' ; font-src 'self' fonts.googleapis.com fonts.gstatic.com data: ; frame-ancestors 'self' ; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com scone-pa.clients6.google.com www.youtube.com player.vimeo.com ; img-src 'self' www.google.com www.google-analytics.com ssl.gstatic.com www.gstatic.com gstatic.com data: * ; object-src 'none' ; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' 'sha256-4ryYrf7Y5daLOBv0CpYtyBIcJPZkRD2eBPdfqsN3r1M=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' www.google.com apis.google.com www.gstatic.com gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com gstatic.com tagmanager.google.com ; 1
frame-ancestors 'self' *.chefkoch.de *.chefkoch-cdn.de www-chefkoch-de.cdn.ampproject.org 1
object-src 'none'; script-src 'nonce-aA4K9AXLO8iKB8zPF0AVVw==' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'none'; report-uri https://csp.withgoogle.com/csp/kaggle/20201130; frame-src 'self' https://www.kaggleusercontent.com https://www.youtube.com/embed/ https://polygraph-cool.github.io https://www.google.com/recaptcha/ https://www.docdroid.com https://www.docdroid.net https://kaggle-static.storage.googleapis.com https://kkb-production.jupyter-proxy.kaggle.net https://kkb-production.firebaseapp.com https://kaggle-metastore.firebaseapp.com https://apis.google.com https://content-sheets.googleapis.com/ https://accounts.google.com/ https://storage.googleapis.com https://docs.google.com https://drive.google.com https://calendar.google.com/ ; 1
frame-ancestors 'self' *.lbl.gov; 1
script-src 'nonce-Xn8npM98NePvU7/5PJt5hg==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=qi7yR82aKimsBCs2dmYcCSGg7X3Nd8nw0L9YOe_HRbzpKahN-AYpETPFsxM57fsdLtLf&policy_id=9&user_id=&request_id=5fc9fb34-88e2-4875-80ec-6ce37487f34f; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-qdQHmIdip4RnjFthKv5HehaKJuIkAK' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
script-src 'nonce-xgN3fGYn58_c1Ep3aOXG9Q' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about_google; base-uri 'none' 1
worker-src 'self' blob: *.vix.tv *.vix.com; frame-ancestors SAMEORIGIN; 1
default-src 'self'; img-src 'self' * data:; object-src 'none'; font-src 'self' fonts.gstatic.com data:; script-src 'self' https://*.getsitecontrol.com https://*.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://*.adroll.com https://*.statcounter.com https://*.facebook.net 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.googletagmanager.com; base-uri 'self'; form-action 'self'; connect-src 'self' https://*.getsitecontrol.com https://*.getsitectrl.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://client.namebright.com https://logging.namebright.com https://*.doubleclick.net https://*.statcounter.com https://*.launchdarkly.com; frame-src www.youtube.com https://client.namebright.com https://beta.namebright.com/assets/refresh-token.html; frame-ancestors https://client.namebright.com; media-src http://www.sitecdn.com 1
default-src 'self' https://api-www.louvre.fr;base-uri 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;script-src 'self' 'strict-dynamic' 'unsafe-inline' https://tag.aticdn.net https://www.youtube.com 'nonce-189e8850-fc8d-48a4-aff3-b27b00489c58';img-src 'self' data: https://api-www.louvre.fr https://i.ytimg.com https://i.vimeocdn.com;media-src 'self' https://api-www.louvre.fr https://*.ausha.co;connect-src 'self' https://api-www.louvre.fr fxxslpn.pa-cd.com;frame-src https://www.youtube.com https://player.vimeo.com https://livemap.getwemap.com;frame-ancestors 'none';form-action 'self' https://api-www.louvre.fr;manifest-src 'self';font-src 'self' https://fonts.gstatic.com;object-src 'none';upgrade-insecure-requests 1
default-src 'self' *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data:; connect-src *; img-src * blob: data:; child-src *; media-src *; frame-ancestors 'self' *.activenetwork.com *.active.com *.activekids.com; worker-src * blob:; object-src *; 1
script-src 'nonce-LHR9LERiYMMSLKAR77rymg==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=qi7yR82aKimsBCs2dmYcCSGg7X3Nd8nw0L9YOe_HRbzpKahN-AYpETPFsxM57fsdLtLf&policy_id=9&user_id=&request_id=430cfe1a-2660-47b4-a945-950f023c7086; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://cdn.greenhousegroup.com https://cdnjs.cloudflare.com/ajax/libs/basicModal/3.3.9/basicModal.min.js https://cdn.jsdelivr.net/gh/bramkorsten/ https://app.eu.pendo.io https://pendo-eu-static.storage.googleapis.com https://cdn.eu.pendo.io https://pendo-eu-static-4527820689702912.storage.googleapis.com https://data.eu.pendo.io; connect-src 'self' https://*.lemonpi.io https://cdn.jsdelivr.net/gh/bramkorsten/ https://app.eu.pendo.io https://data.eu.pendo.io https://pendo-eu-static-4527820689702912.storage.googleapis.com ws:; img-src * data: blob:; media-src * data: blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://public-assets.os.wpp.com/fonts/ https://use.typekit.net https://p.typekit.net https://cdnjs.cloudflare.com/ajax/libs/basicModal/3.3.9/basicModal.min.css https://cdnjs.cloudflare.com/ajax/libs/css-spinning-spinners/1.1.1/load4.css https://unpkg.com/balloon-css/balloon.min.css https://app.eu.pendo.io https://cdn.eu.pendo.io https://pendo-eu-static-4527820689702912.storage.googleapis.com data:; frame-ancestors 'self' https://*.lemonpi.io https://app.eu.pendo.io https://*.wpp-stage.os-dev.io https://*.os.wpp.com; font-src 'self' data: https://*.lemonpi.io https://fonts.gstatic.com https://public-assets.os.wpp.com/fonts/ https://use.typekit.net  chrome-extension:; frame-src https://lemonpi-prod-templates.s3.amazonaws.com https://lemonpi-test-templates.s3.amazonaws.com https://www.google.com https://templates.lemonpi.io/ https://templates-test.lemonpi.io/ http://localhost:*/ http://127.0.0.1:*/ https://app.eu.pendo.io ; report-uri https://sentry.lemonpi.io/api/37/security/?sentry_key=2a59c9b4a41445c69bb6e35986859c5e; child-src https://app.eu.pendo.io 1
default-src 'none'; object-src https://*.covers.com; base-uri https://*.covers.com; form-action http://*.covers.com https://*.covers.com https://accounts.google.com https://www.facebook.com/tr/ https://forms.hsforms.com;  frame-ancestors https://*.covers.com;  block-all-mixed-content; img-src data: https://collector.routy.app/ https://*.covers.com https://*.s3.amazonaws.com https://*.brid.tv https://d29xw9s9x32j3w.cloudfront.net https://imgsct.cookiebot.com https://dpm.demdex.net https://evanalytics.com https://cm.everesttech.net https://www.facebook.com https://public.flourish.studio https://www.gannett-cdn.com https://translate.google.com https://www.google-analytics.com https://ajax.googleapis.com https://www.googletagmanager.com https://*.hotjar.com https://forms.hsforms.com https://forms-na1.hsforms.com https://*.hubspot.com https://userimages-covers.imgix.net https://pixel.mathtag.com https://triathlon.sc.omtrdc.net https://alb.reddit.com https://*.scorecardresearch.com https://t.co https://*.twimg.com https://*.twitter.com https://dev.visualwebsiteoptimizer.com https://useruploads.visualwebsiteoptimizer.com https://i.ytimg.com https://triumphglobaldevelopment.112.2o7.net https://trillioncoverscom.112.2o7.net https://adobedc.demdex.net/ee/v1/interact https://edge.adobedc.net/ee/irl1/v1/interact https://edge.adobedc.net/ee/irl1/v1/collect; script-src blob: https://www.redditstatic.com/ads/pixel.js https://static.ads-twitter.com https://evanalytics.com https://triathlon.sc.omtrdc.net https://activitymap.adobe.com https://e.clarity.ms https://www.clarity.ms 'unsafe-inline' 'unsafe-eval' https://*.covers.com https://www.facebook.com/ https://pixel.mathtag.com https://connect.facebook.net/ https://forms.hsforms.com https://js.hsforms.net https://www.datadoghq-browser-agent.com https://*.datadoghq.com https://www.google-analytics.com https://www.googletagservices.com https://ajax.googleapis.com https://assets.adobedtm.com https://code.jquery.com https://*.cookiebot.com https://fonts.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://cdn.ampproject.org  https://cdn.syndication.twimg.com https://cdnjs.cloudflare.com https://imasdk.googleapis.com https://*.brid.tv https://platform.twitter.com https://public.flourish.studio https://*.hotjar.com https://apis.google.com https://ajax.aspnetcdn.com https://cdn.datatables.net https://certify.gpwa.org https://cdn.jsdelivr.net https://dev.visualwebsiteoptimizer.com https://edge.fullstory.com; style-src 'self' 'unsafe-inline'  https://*.covers.com https://evanalytics.com https://kit.fontawesome.com https://covers.com https://localhost:44383 https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://accounts.google.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.brid.tv https://www.gstatic.com https://platform.twitter.com https://ton.twimg.com; style-src-elem 'unsafe-inline' localhost:* https://accounts.google.com https://evanalytics.com https://unpkg.com https://*.covers.com https://covers.com https://localhost:44383 https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.brid.tv https://www.gstatic.com https://platform.twitter.com https://ton.twimg.com; script-src-elem 'unsafe-inline' https://cdn.routy.app/collector/ localhost:* https://accounts.google.com https://*.sendtonews.com https://d29xw9s9x32j3w.cloudfront.net https://*.amazon-adsystem.com https://*.googlesyndication.com https://*.indexww.com https://*.2mdn.net https://*.resonate.com https://*.fastclick.net https://www.everestjs.net https://www.redditstatic.com/ads/pixel.js https://static.ads-twitter.com https://evanalytics.com https://activitymap.adobe.com https://www.clarity.ms https://e.clarity.ms https://connect.facebook.net https://*.hsforms.net https://*.hsforms.com https://*.hubapi.com/ https://iframe.fresh8.co/ https://stackpath.bootstrapcdn.com https://suggestqueries.google.com https://www.datadoghq-browser-agent.com https://*.datadoghq.com https://bam-cell.nr-data.net https://js-agent.newrelic.com https://pixel.mathtag.com https://unpkg.com https://*.covers.com https://www.google-analytics.com https://cdn.cookielaw.org https://www.googletagmanager.com https://assets.adobedtm.com https://cdnjs.cloudflare.com https://*.hotjar.com https://static.zdassets.com  https://*.googleapis.com  https://*.cookiebot.com https://apis.google.com https://code.jquery.com https://www.google.com https://www.googletagservices.com https://translate.googleapis.com https://www.gstatic.com https://ajax.aspnetcdn.com https://cdn.datatables.net https://platform.twitter.com https://cdn.syndication.twimg.com https://ton.twimg.com https://*.brid.tv https://public.flourish.studio https://cdn.ampproject.org https://certify.gpwa.org https://cdn.jsdelivr.net https://dev.visualwebsiteoptimizer.com https://edge.fullstory.com; connect-src localhost:* https://*.covers.com wss://*.covers.com https://redir.adap.tv https://*.amazon.dev https://*.amazon-adsystem.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.ampproject.net https://cdn.ampproject.org https://cdn.brid.tv https://services.brid.tv https://*.casalemedia.com https://api.clarifyip.com https://e.clarity.ms/collect https://www.clarity.ms/collect https://d29xw9s9x32j3w.cloudfront.net https://consentcdn.cookiebot.com https://cdn.cookielaw.org https://*.datadoghq.com https://www.datadoghq-browser-agent.com https://dpm.demdex.net https://*.doubleclick.net https://evanalytics.com https://lasteventf-tm.everesttech.net https://www.facebook.com/tr/ https://accounts.google.com https://www.google-analytics.com https://www.googleapis.com https://*.googlesyndication.com https://www.googletagmanager.com https://csi.gstatic.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://forms.hsforms.com https://api.hubspot.com https://forms.hubspot.com https://triathlon.sc.omtrdc.net https://conversions-config.reddit.com https://www.redditstatic.com https://*.sendtonews.com https://*.twitter.com https://ekr.zdassets.com https://covers.zendesk.com wss://widget-mediator.zopim.com https://adobedc.demdex.net/ee/v1/interact https://edge.adobedc.net/ee/ https://triumphglobaldevelopment.112.2o7.net https://trillioncoverscom.112.2o7.net https://edge.fullstory.com https://rs.fullstory.com https://rs.fullstory.com/rec/page; font-src data: https://img.sportsbookreview.com https://script.hotjar.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://ka-f.fontawesome.com https://*.covers.com; frame-src https://playground.arcade.staging.net.management/ https://accounts.google.com https://activitymap.adobe.com https://forms.hsforms.com/ https://iframe.fresh8.co/ https://open.spotify.com/ https://www.facebook.com/tr/ https://*.ampproject.net https://pixel.mathtag.com https://html5-player.libsyn.com https://*.twitter.com https://vars.hotjar.com https://www.google.com https://consentcdn.cookiebot.com https://*.covers.com https://www.googletagmanager.com https://www.youtube.com https://flo.uri.sh https://imasdk.googleapis.com https://services.brid.tv https://tri.demdex.net https://*.googlesyndication.com https://art19.com https://embeds.audioboom.com; media-src data: blob: https://d29xw9s9x32j3w.cloudfront.net https://cdn.brid.tv https://www.covers.com; 1
default-src 'self' fonts.googleapis.com *.gstatic.com data: 'unsafe-inline' 'unsafe-eval' blob: zenodo-broker.web.cern.ch zenodo-broker-qa.web.cern.ch maxcdn.bootstrapcdn.com cdnjs.cloudflare.com ajax.googleapis.com webanalytics.web.cern.ch 1
frame-ancestors 'self' *.twitter.com; frame-src *.unodc.org *.twitter.com *.youtube.com *.powerbi.com *.youtube-nocookie.com public.tableau.com *.google.com mailchi.mp *.facebook.com 1
frame-ancestors 'self' https://catchplugins.com; 1
frame-ancestors 'self' *.ffxblue.com.au *.ffx.io *.afr.com *.cdn.ampproject.org *.platform.ink; upgrade-insecure-requests 1
frame-ancestors 'self' adria.contentexchange.me adria.ign.com alo.contentexchange.me alo.rs b92.net bastabalkana.com bgonline.rs bulevar.b92.net citymagazine.rs color.rs crvenazvezdainfo.com direktno.rs dnevnik.rs edukujse.com fantasticna.com gloria.rs goglasi.com grand.online hellomagazin.rs horoskopzadanas.com hotsport.rs hrana-pice-price.com idjtv.com informer.rs ispovesti.com k-013.com kokosovoulje.com krstarica.rs kupujemprodajem.com lepotaizdravlje.rs limundo.com ljubavni-stihovi.com logicno.com luftika.rs luftika.rs mojamakuvabolje.prva.rs mojauto.rs mojkvadrat.rs mojtrg.rs mojtrg.rs moodiranje.rs najboljicajevi.com najcestitkezarodjendan.com najzdravijahrana.com najzdravlje.com naslovi.net nedeljnik.rs niskevesti.rs nova.rs polovniautomobili.com pressserbia.com prva.rs prvaplus.prva.rs recepti-kuvar.rs receptizajela.com republika.rs ringier.contentexchange.me rs.n1info.com rs.sputniknews.com sanovniksanjarica.com sanovniksnova.com savrsena.com sportske.net sportklub.rs srbijadanas.rs story.rs superzena.b92.net svetplus.com svetputovanja.info teenstars.rs telegraf.rs titlovi.com tracara.com tvin.rs vrelegume.rs zdravino.com livepreview.adform.com 1
child-src 'self' *.catawiki.com *.catawiki.com *.criteo.com *.criteo.net 5139330.fls.doubleclick.net bid.g.doubleclick.net blob: cdn.catawiki.net ct.pinterest.com js.stripe.com platform.twitter.com tpc.googlesyndication.com vars.hotjar.com www.facebook.com www.trustpilot.com www.youtube.com www.google.com www.recaptcha.net widget.trustpilot.com; connect-src * wss://*.catawiki.com wss://*.hotjar.com wss://*.pusher.com; default-src 'self' *.catawiki.com cdn.catawiki.net; font-src 'self' *.catawiki.com cdn.catawiki.net cdn.kustomerapp.com fonts.gstatic.com script.hotjar.com static.criteo.net; form-action 'self' *.catawiki.com www.facebook.com; frame-src *.catawiki.com *.criteo.com *.criteo.net 5139330.fls.doubleclick.net bid.g.doubleclick.net ct.pinterest.com js.stripe.com platform.twitter.com tpc.googlesyndication.com vars.hotjar.com www.facebook.com www.trustpilot.com www.youtube.com www.google.com www.recaptcha.net widget.trustpilot.com; img-src * blob: data:; media-src blob: *.catawiki.com cdn.catawiki.net cdn.builder.io videos.ctfassets.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.catawiki.com *.criteo.com *.perimeterx.net *.px-cdn.net *.px-cloud.net *.pxchk.net *.px-client.net amplify.outbrain.com assets.pinterest.com assets.zendesk.com bat.bing.com cdn.catawiki.net cdn.kustomerapp.com cdn4.userzoom.com connect.facebook.net google-analytics.com googleads.g.doubleclick.net js.stripe.com maps.googleapis.com platform.twitter.com s.pinimg.com script.hotjar.com snap.licdn.com ssl.google-analytics.com static.ads-twitter.com static.criteo.net static.hotjar.com tpc.googlesyndication.com w.usabilla.com widget.trustpilot.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.recaptcha.net www.redditstatic.com www.youtube.com; style-src 'self' 'unsafe-inline' *.catawiki.com cdn.catawiki.net fonts.googleapis.com; worker-src 'self' *.catawiki.com blob: cdn.catawiki.net 1
frame-ancestors 'self'  *.ampproject.org *.zdbb.net 1
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com https://b-q.citrusad.com https://kingfisher-france.citrusad.com https://kingfisher-sandbox.citrusad.com;style-src * data: 'unsafe-inline'; font-src * data: ; 1
default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com 1
script-src 'nonce-bKUAzBgyhPNU6q7B5xuJWA==' 'strict-dynamic' 'unsafe-eval' 'report-sample' https: 'unsafe-inline'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=FN7TXR-brmRf-trf2WZcHGABEhjjA3rRO3AiSIS2QClB23Czx14gpY37yPwdiGQS&policy_id=10&user_id=&request_id=ad947e7e-dd3f-477e-a644-c2fe0dbaad04; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
object-src 'none';frame-ancestors 'self';form-action https://prices.appleinsider.com https://appleinsider.us8.list-manage.com 'self';block-all-mixed-content;upgrade-insecure-requests; 1
default-src 'self' d2kfnvwohu0503.cloudfront.net staticinstapaper.s3.amazonaws.com staticinstapaper.s3.dualstack.us-west-2.amazonaws.com;script-src 'self' 'nonce-eaekjAmNHo' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' js.stripe.com d2kfnvwohu0503.cloudfront.net staticinstapaper.s3.amazonaws.com staticinstapaper.s3.dualstack.us-west-2.amazonaws.com use.typekit.net www.google-analytics.com www.google.com www.gstatic.com cdn.carbonads.com srv.carbonads.net;font-src 'self' d2kfnvwohu0503.cloudfront.net staticinstapaper.s3.amazonaws.com staticinstapaper.s3.dualstack.us-west-2.amazonaws.com *.typekit.net netdna.bootstrapcdn.com;style-src 'self' netdna.bootstrapcdn.com d2kfnvwohu0503.cloudfront.net staticinstapaper.s3.amazonaws.com staticinstapaper.s3.dualstack.us-west-2.amazonaws.com 'unsafe-inline';connect-src 'self' *.carbonads.net carbonads.net js.stripe.com www.google-analytics.com;frame-src 'self' js.stripe.com *.youtube.com youtube.com *.vimeo.com vimeo.com www.google.com ifttt.com;img-src * data:; 1
script-src 'self' www.google-analytics.com blockchain.info static.moonpay.com 'unsafe-inline' 1
frame-ancestors https://ads.idntimes.com https://fyi.idntimes.com 1
frame-ancestors 'self' www.seznam.cz share.seznam.cz search.seznam.cz www.google.cz www.google.com *.seznamakce.cz www.seznamzpravy.cz admin.seznamzpravy.cz *.seznamzpravy.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.szn.cz *.sdn.cz gacz.hit.gemius.pl scz.hit.gemius.pl www.google-analytics.com https://www.googletagmanager.com/gtag/js cdn-gl.imrworldwide.com *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.instagram.com *.tiktok.com *.ttwstatic.com https://www.gstatic.com https://ajax.googleapis.com login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com cdn.id5-sync.com tags.crwdcntrl.net *.seznamzpravy.cz https://www.seznamzpravy.cz 1
default-src https: wss: data: blob:         *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net mail.ru         ;       base-uri 'self';       manifest-src 'self';       worker-src 'self' blob:;       object-src 'none';       style-src         'self' blob: 'unsafe-inline' 'unsafe-eval'         *.imgsmail.ru *.mail.ru *.mradx.net         *.uxfeedback.ru fonts.googleapis.com         yastatic.net *.adfox.ru         ;       img-src         'self' data: blob: *;       font-src         'self' data: blob: https:         *.imgsmail.ru *.mail.ru *.mradx.net         yastatic.net         ;       media-src         'self' *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.vk.com data: mail.ru ok.ru vk.com         yastatic.net *.yandex.net *.yandex.ru *.adfox.ru yandex.ru yandex.com         ;       script-src         'self' 'unsafe-eval' 'unsafe-inline'         *.yandex.ru mc.yandex.com mc.yandex.md mc.webvisor.com mc.webvisor.org yastatic.net         enterprise.api-maps.yandex.ru *.maps.yandex.net yandex.ru yandex.com *.adfox.ru *.yandex.net         *.googletagmanager.com *.google-analytics.com         www.googleadservices.com www.google.com googleads.g.doubleclick.net         www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.youtube.com         https://widget.cloudpayments.ru         *.adriver.ru         *.imgsmail.ru *.mail.ru *.mradx.net *.odnoklassniki.ru *.relap.io *.vk.com mail.ru vk.com         *.uxfeedback.ru         mod.calltouch.ru         ceditor.setka.io         *.mango-office.ru telegram.org         ;       connect-src         'self' *.vkusvill.ru         *.yandex.ru mc.yandex.com mc.yandex.md mc.webvisor.com mc.webvisor.org yastatic.net         enterprise.api-maps.yandex.ru *.maps.yandex.net yandex.ru *.taxi.yandex.net *.adfox.ru         *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com         *.google.ru         *.adriver.ru         mod.calltouch.ru         *.dzen.ru *.imgsmail.ru *.mail.ru *.mradx.net *.relap.io *.vk.com mail.ru relap.io vk.com         *.uxfeedback.ru         health.offfy.com         *.mango-office.ru         ;       frame-src         'self' blob:         youtube.com www.youtube.com         *.yandex.ru mc.yandex.com mc.yandex.md mc.webvisor.com mc.webvisor.org yastatic.net music.yandex.com         enterprise.api-maps.yandex.ru yandexadexchange.net *.yandexadexchange.net *.adfox.ru         bid.g.doubleclick.net td.doubleclick.net         www.google.com/recaptcha/ recaptcha.google.com/recaptcha/         https://widget.cloudpayments.ru         *.adriver.ru *.googletagmanager.com         *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.vk.com mail.ru ok.ru vk.com         kinescope.io cdn.embedly.com         embed.podcasts.apple.com         ;       frame-ancestors 'self';       report-uri /ajax/vvlog/report_csp.php;       report-to csp-violation-report 1
default-src 'self'; script-src 'self' c.mql5.com www.tradays.com www.metatrader5.com metatraderweb.app www.mql5.com content.mql5.com search.mql5.com search.mql5.com https://c.paypal.com https://pay.google.com maps.googleapis.com maps.google.com https://cdn.chatbot.com test-api.sumsub.com api.sumsub.com static.sumsub.com 'unsafe-inline' 'unsafe-eval'; style-src c.mql5.com www.tradays.com 'unsafe-inline' fonts.gstatic.com fonts.googleapis.com; img-src 'self' msg1.mql5.com msg2.mql5.com msg3.mql5.com msg4.mql5.com c.mql5.com content.mql5.com charts.mql5.com www.mql5.com www.tradays.com www.metatrader5.com blob: data: *.tile.openstreetmap.org https://c.paypal.com https://b.stats.paypal.com https://dub.stats.paypal.com https://www.gstatic.com csi.gstatic.com maps.gstatic.com maps.google.com maps.googleapis.com chart.googleapis.com khms0.googleapis.com khms1.googleapis.com khms2.googleapis.com khms3.googleapis.com; media-src 'self' msg1.mql5.com msg2.mql5.com msg3.mql5.com msg4.mql5.com c.mql5.com www.metatrader5.com; font-src c.mql5.com fonts.gstatic.com fonts.googleapis.com; connect-src 'self' metatraderweb.app www.mql5.com www.metatrader5.com https://msg1.mql5.com wss://msg1.mql5.com https://msg2.mql5.com https://msg3.mql5.com https://msg4.mql5.com wss://msg2.mql5.com wss://msg3.mql5.com wss://msg4.mql5.com wss://gwt1.mql5.com wss://gwt2.mql5.com wss://gwt3.mql5.com wss://gwt4.mql5.com wss://gwt5.mql5.com wss://gwt6.mql5.com wss://gwt7.mql5.com wss://gwt8.mql5.com wss://gwt9.mql5.com wss://gwt10.mql5.com wss://gwt11.mql5.com wss://gwt12.mql5.com wss://gwt13.mql5.com wss://gwt14.mql5.com wss://gwt15.mql5.com wss://gwt99.mql5.com https://cdn.chatbot.com maps.googleapis.com; frame-src 'self' c.mql5.com www.tradays.com trade.metatrader5.com metatraderweb.app player.youku.com www.youtube.com player.vimeo.com vk.com https://c.paypal.com https://pay.google.com https://cdn.chatbot.com test-api.sumsub.com api.sumsub.com blob: mql5buy: mql4buy:; object-src 'self' c.mql5.com www.metatrader5.com www.youtube.com; worker-src 'self' c.mql5.com www.metatrader5.com www.youtube.com; 1
default-src 'self' *.rajasthan.gov.in; frame-src *; font-src *; media-src *; img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rajasthan.gov.in *.maps.api.here.com; style-src * 'unsafe-inline'; connect-src 'self' *; object-src 'none'; base-uri 'self' 1
frame-ancestors 'self' https://lckm.dev02.vobacom.info https://www.sse.lodz.pl https://lodz.travel https://www.zjazdowa.com.pl https://www.lcf.pl https://makis.pl https://www.mpolodz.pl https://www.mcmsrodmiescie.pl https://expo-lodz.pl http://expo-lodz.pl http://bionanopark.pl/ https://www.wtbs.pl https://www.lodz-airport.pl https://*.lodz.pl https://ads.biblioteka.lodz.pl; default-src 'self'; connect-src https://lodz.pl https://*.lodz.pl https://*.analytics.google.com https://pagead2.googlesyndication.com/getconfig/ https://fundingchoicesmessages.google.com/ https://p.clarity.ms/collect https://region1.google-analytics.com https://*.facebook.com/ https://ads.biblioteka.lodz.pl/www/delivery/asyncspc.php https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://connect.facebook.net/; font-src 'self'  https://fonts.gstatic.com/; form-action 'self' https://newsletter.uml.lodz.pl https://www.facebook.com/; frame-src 'self' https://tpc.googlesyndication.com/ https://googleads.g.doubleclick.net/ https://td.doubleclick.net/ https://www.google.com/ https://kuula.co/ https://www.youtube-nocookie.com https://ads.biblioteka.lodz.pl https://newsletter.uml.lodz.pl https://platform.twitter.com https://uml.lodz.pl https://*.facebook.com/ https://connect.facebook.net; img-src 'self' https://c.clarity.ms https://www.gstatic.com/ https://fundingchoicesmessages.google.com/ https://lh3.googleusercontent.com/ https://widget.jutromedical.com https://2k.trackgecko.pl https://region1.google-analytics.com https://googleads.g.doubleclick.net https://ads.biblioteka.lodz.pl/www/  https://multimedia.newsletter.uml.lodz.pl data: https://www.facebook.com/ https://www.google-analytics.com https://www.google.com https://www.google.pl; media-src 'self'; script-src 'self' 'unsafe-inline' https://www.clarity.ms/tag/ https://tpc.googlesyndication.com/ https://www.clarity.ms/s/0.7.20/clarity.js https://fundingchoicesmessages.google.com/ https://www.clarity.ms/tag/jnbug4lfqt https://pagead2.googlesyndication.com/pagead/ https://widget.jutromedical.com https://www.googleadservices.com/ https://www.google.com/pagead/ https://www.google.pl https://googleads.g.doubleclick.net https://ads.biblioteka.lodz.pl https://connect.facebook.net/ https://newsletter.uml.lodz.pl/ https://platform.twitter.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.youtube.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://widget.jutromedical.com https://newsletter.uml.lodz.pl/; worker-src 'self'; 1
default-src https://*.zoomgov.com https://zoomgov.com blob: 'self'; script-src https://zoomgov.com  https://*.zoomgov.com 'unsafe-eval' 'unsafe-inline' blob: about: https://ajax.aspnetcdn.com/ajax/3.5/MicrosoftAjax.js https://appsforoffice.microsoft.com https://assets.zendesk.com https://autocomplete.demandbase.com https://cdn-javascript.net https://cdn-js.net https://cdn.wootric.com https://cdncache-a.akamaihd.net https://connect.facebook.net https://consent.trustarc.com https://d.adroll.mgr.consensu.org https://googleads.g.doubleclick.net https://pi.pardot.com https://ruanshi2.8686c.com https://s.dcbap.com https://s.ytimg.com https://s3.amazonaws.com https://scout-cdn.salesloft.com https://sealserver.trustwave.com https://secure-cdn.mplxtms.com https://serve2.cheqzone.com https://snap.licdn.com https://sp.analytics.yahoo.com https://static.zdassets.com https://hcaptcha.com https://assets.hcaptcha.com https://static2.sharepointonline.com https://tag.demandbase.com https://tpc.googlesyndication.com https://tracking.g2crowd.com https://trk.techtarget.com https://www.comeet.co https://www.dropbox.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.recaptcha.net https://www.gstatic.com https://www.youtube.com https://hcaptcha.com https://assets.hcaptcha.com https://*.ada.support https://*.adroll.com https://*.google.com https://*.hotjar.com https://*.linkedin.com  https://*.zoomcloudpbx.com https://*.zopim.com https://adroll.com https://google.com https://cdn.cookielaw.org  https://linkedin.com https://source.zoomgov.com 'self'; img-src https: http: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: data: blob: 'self' 1
style-src 'self' *.fontawesome.com 'unsafe-inline'  fonts.googleapis.com *.userway.org chat.kerala.gov.in *.youtube.com ajax.googleapis.com;  font-src 'self' fonts.gstatic.com *.fontawesome.com *.userway.org chat.kerala.gov.in *.youtube.com ajax.googleapis.com;  script-src 'unsafe-inline' 'self' 'unsafe-eval' *.fontawesome.com *.userway.org chat.kerala.gov.in *.googletagmanager.com *.youtube.com ajax.googleapis.com; img-src   blob: data: *.userway.org chat.kerala.gov.in 'self' https:;frame-ancestors 'self' *.kerala.gov.in *.ckeditor.com ; connect-src 'self' blob: data: image/svg+xml *.userway.org chat.kerala.gov.in *.google-analytics.com;frame-src 'self' *.userway.org chat.kerala.gov.in *.youtube.com ajax.googleapis.com *.google.com *.vimeo.com; object-src 'none'; media-src 'self'; manifest-src 'self';  default-src 'self' blob: data: 'unsafe-eval' 'unsafe-inline'; form-action 'self'; 1
default-src 'self' https: 'unsafe-inline' blob: data:; connect-src 'self' account.envato.com:* *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.googlesyndication.com *.litix.io *.wistia.com embedwistia-a.akamaihd.net api.btloader.com www.facebook.com consentcdn.cookiebot.com www.clarity.ms a.clarity.ms b.clarity.ms c.clarity.ms d.clarity.ms e.clarity.ms f.clarity.ms g.clarity.ms h.clarity.ms i.clarity.ms j.clarity.ms k.clarity.ms l.clarity.ms m.clarity.ms n.clarity.ms o.clarity.ms p.clarity.ms q.clarity.ms r.clarity.ms s.clarity.ms t.clarity.ms u.clarity.ms v.clarity.ms w.clarity.ms x.clarity.ms y.clarity.ms z.clarity.ms c.bing.com *.amazon-adsystem.com cdn.jsdelivr.net *.publisher-services.amazon.dev; frame-ancestors 'self'; script-src 'self' https: 'unsafe-inline' blob: data: 1
frame-ancestors 'self' *.purestorage.com *.flashstack.com; object-src 'none'; upgrade-insecure-requests; 1
default-src  'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; connect-src 'self' *.adac.de *.adac.biz reisecheck.adac.wiif.com api-eu.cleverpush.com geoip-api.cleverpush.com static-eu.cleverpush.com adacstaging.mycleverpush.com adacde.mycleverpush.com delivery.consentmanager.net d.delivery.consentmanager.net adac.containers.piwik.pro adac.piwik.pro widget.moin.ai api.moin.ai wss://bot.moin.ai/primus data.kameleoon.io na-data.kameleoon.io editor.kameleoon.com api.kameleoon.com customers.kameleoon.com old.kameleoon.com logger.kameleoon.eu static.kameleoon.com xqo3vq9f2l.kameleoon.eu uku18p2r38.kameleoon.eu cdn.jsdelivr.net www.pincamp.de; font-src 'self' assets.adac.de widget.moin.ai; frame-src 'self' adac.de www.adac.de si.adac.de assets.adac.de cdn.consentmanager.net adacstaging.mycleverpush.com adacde.mycleverpush.com login.adac.de login-i.adac.de login-t.adac.de login-t02.adac.de; frame-ancestors 'self' app.contentful.com *.song-club.de; img-src 'self' data: blob: assets.adac.de cdn.consentmanager.net delivery.consentmanager.net d.delivery.consentmanager.net adac.containers.piwik.pro adac.piwik.pro static-eu.cleverpush.com media.moin.ai static.kameleoon.com storage.kameleoon.eu xqo3vq9f2l.kameleoon.eu uku18p2r38.kameleoon.eu www.pincamp.de tracking.xadspoteffects.com; object-src 'self'; media-src 'self' blob: assets.adac.de media.moin.ai; script-src 'nonce-RpweDATjerr14pq6RH28tA==' 'strict-dynamic'; style-src 'self' 'unsafe-inline' adac.containers.piwik.pro widget.moin.ai cdn.jsdelivr.net; form-action 'none'; report-uri https://adaconlineapim.adac.de/browser-reporting/csp?source=v3-40-0; report-to main-endpoint 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com/; img-src 'self' data: https://www.google-analytics.com/ https://www.paypalobjects.com/ https://stats.g.doubleclick.net/; style-src 'self' 'unsafe-inline'; child-src 'none'; object-src 'none' 1
default-src https://*.mgid.com https://cdn.ampproject.org/ https://*.googlesyndication.com https://*.bseindia.com 'self'  ;  img-src https://*.bseindia.com https://*.mgid.com *.gstatic.com *.google.com https://www.google.co.in/  https://i.marketsmojo.com https://www.google-analytics.com https://*.doubleclick.net  https://tpc.googlesyndication.com https://googleads.g.doubleclick.net  https://www.google.com https://chatbot.bseindia.com 'self' https://googleads.g.doubleclick.net data: chrome-extension-resource storage.googleapis.com pagead2.googlesyndication.com;;   script-src blob: filesystem: https://translate.googleapis.com/ https://translate-pa.googleapis.com/  https://*.bseindia.com https://*.mgid.com  https://jsc.mgid.com/ *.gstatic.com *.google.com https://s.go-mpulse.net/ https://*.googlesyndication.com/ https://cdn.ampproject.org/ https://acdn.adnxs.com https://ajax.googleapis.com  https://www.google-analytics.com https://adservice.google.co.in https://adservice.google.com  https://securepubads.g.doubleclick.net https://j.marketsmojo.com https://www.googletagservices.com  https://www.googletagmanager.com https://chatbot.bseindia.com https://streamlive.bseindia.com https://apis.google.com    'self' 'unsafe-inline' 'unsafe-eval' data: pagead2.googlesyndication.com storage.googleapis.com googleads.g.doubleclick.net ajax.googleapis.com; ;   connect-src * data: blob: filesystem:;   style-src *.gstatic.com *.google.com https://*.bseindia.com https://cdn.ampproject.org/ https://c.marketsmojo.com https://fonts.googleapis.com  https://chatbot.bseindia.com  'self'  data: chrome-extension-resource: 'unsafe-inline' *.gstatic.com *.google.com  pagead2.googlesyndication.com storage.googleapis.com googleads.g.doubleclick.net ajax.googleapis.com;  frame-src https://*.bseindia.com *.gstatic.com *.google.com https://www.youtube-nocookie.com/ https://www.youtube.com/  https://directline.botframework.com/ https://chatbot.bseindia.com/ https://chatbot.bseindia.com/ https://*.googlesyndication.com/ https://secureframe.doubleclick.net/ 'self' data: chrome-extension-resource:;  font-src https://*.bseindia.com https://*.mgid.com *.gstatic.com *.google.com https://fonts.gstatic.com 'self' data: chrome-extension-resource: *.bseindia.com *.gstatic.com *.google.com fonts.googleapis.com; frame-ancestors 'self'; object-src 'self';  media-src * data: blob: filesystem:;worker-src 'self' 'unsafe-inline' * blob: 1
default-src 'self' https://*.audioeye.com https://s3.tradingview.com https://*.prismic.io https://prismic.io https://js.driftt.com https://widget.drift.com https://*.google.com https://google.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://diffuser-cdn.app-us1.com https://*.audioeye.com https://snap.licdn.com https://*.linkedin.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://audioeye.activehosted.com https://zalywzdew6.execute-api.us-west-2.amazonaws.com https://trackcmp.net https://*.vimeo.com https://*.partnerstack.com https://*.adsymptotic.com https://*.quotemedia.com https://cdnjs.cloudflare.com https://*.gstatic.com https://googleads.g.doubleclick.net https://fonts.googleapis.com https://*.growsumo.com https://grsm.io https://*.ads-twitter.com https://t.co https://*.twitter.com https://api.airtable.com https://*.hs-scripts.com https://hs-scripts.com https://*.hotjar.com https://hotjar.com https://*.hscollectedforms.net https://*.hs-banner.com https://*.mixpanel.com wss://*.hotjar.com https://*.hs-analytics.net https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://*.hotjar.io https://*.usemessages.com https://*.hsappstatic.net https://*.nr-data.net https://*.ably.io https://*.heapanalytics.com https://heapanalytics.com https://js.chargebee.com https://audioeye.chargebee.com https://audioeye-test.chargebee.com https://*.stripe.com https://*.clickcease.com https://boards-api.greenhouse.io https://netlify-cdp-loader.netlify.app https://*.netlify.com https://html2canvas.hertzen.com https://*.googleoptimize.com https://*.browser-intake-datadoghq.com https://*.youtube.com https://dev.visualwebsiteoptimizer.com https://js.zi-scripts.com https://ws.zoominfo.com https://tags.clickagy.com https://client-api.auryc.com https://mt.auryc.com https://api.hubapi.com https://*.mutinyhq.com https://*.mutinyhq.io https://*.mutinycdn.com https://pro.ip-api.com/ https://alocdn.com/c/vn3d8u2u/a/xtarget/p.json https://9xgnrndqve.execute-api.us-west-2.amazonaws.com/b2b https://cdn-cookieyes.com/ https://*.cookieyes.com https://*.googlesyndication.com https://www.figma.com/ https://*.reddit.com https://*.redditstatic.com; frame-ancestors 'self' https://app.mutinyhq.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3.tradingview.com https://*.prismic.io https://prismic.io https://js.driftt.com https://widget.drift.com https://*.google.com https://google.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://diffuser-cdn.app-us1.com https://*.audioeye.com https://snap.licdn.com https://*.linkedin.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://audioeye.activehosted.com https://zalywzdew6.execute-api.us-west-2.amazonaws.com https://trackcmp.net https://*.vimeo.com https://*.partnerstack.com https://*.adsymptotic.com https://*.quotemedia.com https://cdnjs.cloudflare.com https://*.gstatic.com https://googleads.g.doubleclick.net https://fonts.googleapis.com https://*.growsumo.com https://grsm.io https://*.ads-twitter.com https://t.co https://*.twitter.com https://api.airtable.com https://*.hs-scripts.com https://hs-scripts.com https://*.hotjar.com https://hotjar.com https://*.hscollectedforms.net https://*.hs-banner.com https://*.mixpanel.com wss://*.hotjar.com https://*.hs-analytics.net https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://*.hotjar.io https://*.usemessages.com https://*.hsappstatic.net https://*.nr-data.net https://*.ably.io https://*.heapanalytics.com https://heapanalytics.com https://js.chargebee.com https://audioeye.chargebee.com https://audioeye-test.chargebee.com https://*.stripe.com https://*.clickcease.com https://boards-api.greenhouse.io https://netlify-cdp-loader.netlify.app https://*.netlify.com https://html2canvas.hertzen.com https://*.googleoptimize.com https://*.browser-intake-datadoghq.com https://www.datadoghq-browser-agent.com https://dev.visualwebsiteoptimizer.com https://js.zi-scripts.com https://ws.zoominfo.com https://ws-assets.zoominfo.com https://tags.clickagy.com https://js.hsadspixel.net/fb.js https://*.mutinycdn.com https://s3-us-west-2.amazonaws.com/b2bjsstore/b/ZQ6J2RHEV56D/reb2b.js.gz https://pro.ip-api.com/ https://b-code.liadm.com/lc2.js https://cdn-cookieyes.com/ https://*.cookieyes.com https://*.youtube.com https://*.redditstatic.com; style-src 'self' 'unsafe-inline' https://s3.tradingview.com https://*.prismic.io https://prismic.io https://*.google.com https://google.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://diffuser-cdn.app-us1.com https://*.audioeye.com https://snap.licdn.com https://*.linkedin.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://audioeye.activehosted.com https://zalywzdew6.execute-api.us-west-2.amazonaws.com https://trackcmp.net https://*.vimeo.com https://*.partnerstack.com https://*.adsymptotic.com https://*.quotemedia.com https://cdnjs.cloudflare.com https://*.gstatic.com https://googleads.g.doubleclick.net https://fonts.googleapis.com https://*.growsumo.com https://grsm.io https://*.ads-twitter.com https://t.co https://*.twitter.com https://api.airtable.com https://*.hs-scripts.com https://hs-scripts.com https://*.hotjar.com https://hotjar.com https://*.hscollectedforms.net https://*.hs-banner.com https://*.mixpanel.com wss://*.hotjar.com https://*.hs-analytics.net https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://*.hotjar.io https://*.usemessages.com https://*.hsappstatic.net https://*.nr-data.net https://*.ably.io https://*.heapanalytics.com https://heapanalytics.com https://js.chargebee.com https://audioeye.chargebee.com https://audioeye-test.chargebee.com https://*.stripe.com https://*.clickcease.com https://boards-api.greenhouse.io https://netlify-cdp-loader.netlify.app https://*.netlify.com https://html2canvas.hertzen.com https://*.googleoptimize.com https://*.browser-intake-datadoghq.com; img-src 'self' https://s3.tradingview.com https://*.prismic.io https://prismic.io https://*.google.com https://google.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://diffuser-cdn.app-us1.com https://*.audioeye.com https://snap.licdn.com https://*.linkedin.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://audioeye.activehosted.com https://zalywzdew6.execute-api.us-west-2.amazonaws.com https://trackcmp.net https://*.vimeo.com https://*.partnerstack.com https://*.adsymptotic.com https://*.quotemedia.com https://cdnjs.cloudflare.com https://*.gstatic.com https://googleads.g.doubleclick.net https://fonts.googleapis.com https://*.growsumo.com https://grsm.io https://*.ads-twitter.com https://t.co https://*.twitter.com https://api.airtable.com https://*.hs-scripts.com https://hs-scripts.com https://*.hotjar.com https://hotjar.com https://*.hscollectedforms.net https://*.hs-banner.com https://*.mixpanel.com wss://*.hotjar.com https://*.hs-analytics.net https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://*.hotjar.io https://*.usemessages.com https://*.hsappstatic.net https://*.nr-data.net https://*.ably.io https://*.heapanalytics.com https://heapanalytics.com https://js.chargebee.com https://audioeye.chargebee.com https://audioeye-test.chargebee.com https://*.stripe.com https://*.clickcease.com https://boards-api.greenhouse.io https://netlify-cdp-loader.netlify.app https://*.netlify.com https://html2canvas.hertzen.com https://*.googleoptimize.com https://*.browser-intake-datadoghq.com https://dev.visualwebsiteoptimizer.com https://*.mutinycdn.com https://cdn-cookieyes.com https://*.cookieyes.com https://i.ytimg.com https://*.reddit.com/ data:; worker-src blob:; font-src 'self' https://s3.tradingview.com https://*.prismic.io https://prismic.io https://*.google.com https://google.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://diffuser-cdn.app-us1.com https://*.audioeye.com https://snap.licdn.com https://*.linkedin.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://audioeye.activehosted.com https://zalywzdew6.execute-api.us-west-2.amazonaws.com https://trackcmp.net https://*.vimeo.com https://*.partnerstack.com https://*.adsymptotic.com https://*.quotemedia.com https://cdnjs.cloudflare.com https://*.gstatic.com https://googleads.g.doubleclick.net https://fonts.googleapis.com https://*.growsumo.com https://grsm.io https://*.ads-twitter.com https://t.co https://*.twitter.com https://api.airtable.com https://*.hs-scripts.com https://hs-scripts.com https://*.hotjar.com https://hotjar.com https://*.hscollectedforms.net https://*.hs-banner.com https://*.mixpanel.com wss://*.hotjar.com https://*.hs-analytics.net https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://*.hotjar.io https://*.usemessages.com https://*.hsappstatic.net https://*.nr-data.net https://*.ably.io https://*.heapanalytics.com https://heapanalytics.com https://js.chargebee.com https://audioeye.chargebee.com https://audioeye-test.chargebee.com https://*.stripe.com https://*.clickcease.com https://boards-api.greenhouse.io https://netlify-cdp-loader.netlify.app https://*.netlify.com https://html2canvas.hertzen.com https://*.googleoptimize.com https://*.browser-intake-datadoghq.com https://dev.visualwebsiteoptimizer.com data: ; manifest-src 'self' ; upgrade-insecure-requests; block-all-mixed-content ; 1
frame-ancestors 'self' *.jetblue.com 1
default-src 'self'; frame-src https://js.stripe.com https://newassets.hcaptcha.com https://www.paypal.com https://www.sandbox.paypal.com; font-src 'self' data:; img-src 'self' data: https://www.paypalobjects.com; object-src 'none'; script-src 'self' https://js.stripe.com https://js.hcaptcha.com https://newassets.hcaptcha.com https://www.paypal.com https://www.sandbox.paypal.com 'nonce-VEgzyQpsZFRXGhk8y5h7VA=='; style-src 'self' 'unsafe-inline'; base-uri 'self'; connect-src 'self' https://*.mullvad.net 1
upgrade-insecure-requests;default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:;media-src https: blob:;child-src https: blob:;font-src https: data:; img-src https: data:; 1
frame-ancestors 'self' *.signupgenius.com *.signupgenius.rocks *.signupgenius.dev 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://towardsdatascience.com https://*.towardsdatascience.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
img-src 'self' https: data: cdn.paris.fr; frame-ancestors 'self' *; frame-src 'self' * 1
img-src 'self' data: api.reciteme.com pixel.wp.com px.ads.linkedin.com bat.bing.com www.google-analytics.com www.facebook.com www.google.com doublethedonation.com www.googletagmanager.com 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com organizer.bizzabo.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-xiR9KR467g3wCo1exI/fHw=='; report-uri https://send.hsbrowserreports.com/csp/report; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://developers.google.com/tag-platform/security/guides/csp https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://apikeys.civiccomputing.com https://cc.cdn.civiccomputing.com https://www.google-analytics.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; child-src 'self'; frame-src 'self' https://*.fls.doubleclick.net https://td.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://player.vimeo.com; connect-src 'self' https://clapi.civiccomputing.com https://googleads.g.doubleclick.net https://www.google.com/pagead/landing https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://apikeys.civiccomputing.com https://cc.cdn.civiccomputing.com https://connect.facebook.net https://www.googletagmanager.com https://region1.google-analytics.com https://pagead2.googlesyndication.com; img-src 'self' https://www.facebook.com https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://i.vimeocdn.com data:; font-src 'self' https://fonts.gstatic.com data:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; 1
default-src https: https://*.api.useinsider.com/ https://*.webmotors.com.br/insider/insider-sw-sdk.js 'unsafe-inline'; script-src https: https://www.datadoghq-browser-agent.com/ https://cdn.taboola.com/ https://dynamic.criteo.com/ https://www.googleadservices.com/ https://sb.scorecardresearch.com/ https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://tags.creativecdn.com/ https://securepubads.g.doubleclick.net/ 'unsafe-eval' 'unsafe-inline'; script-src-elem https: https://cdn.taboola.com/ https://tags.creativecdn.com/ https://googleads.g.doubleclick.net/ https://securepubads.g.doubleclick.net/ https://dynamic.criteo.com/ https://survey.survicate.com/ https://webmotors.api.useinsider.com/ https://connect.facebook.net/ 'unsafe-inline'; style-src https: 'unsafe-inline'; worker-src blob: https://*.api.useinsider.com/ https://*.webmotors.com.br/insider/insider-sw-sdk.js; img-src https: data: blob: https://sync.bidence.net/; connect-src https: wss://*.webmotors.com.br/ https://dpm.demdex.net/ https://webmotors.tt.omtrdc.net/ https://webmotors.sc.omtrdc.net/ https://api.trafficguard.ai/; font-src 'self' data: https://fonts.gstatic.com/ https://surveys-static.survicate.com/ https://use.typekit.net/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://*.mktoutil.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://*.criteo.com https://public.cobrowse.oraclecloud.com https://sc54374195us1.cobrowse.oraclecloud.com https://sc54374195us1.cobrowse.oraclecloud.com/launcher.js https://bat.bing.com https://www.youtube.com https://www.clarity.ms https://cdnjs.cloudflare.com https://webto.salesforce.com https://tracker.adreadyclick.com https://code.jquery.com https://kit.fontawesome.com https://survey.alchemer.com https://www.surveygizmo.com https://tr.snapchat.com https://tr-shadow.snapchat.com https://*.go-mpulse.net https://*.rfihub.net https://cdn.boomtrain.com https://secure.adnxs.com https://acdn.adnxs.com https://*.kaltura.com https://live.rezync.com https://www.googleadservices.com https://analytics.tiktok.com https://bs.serving-sys.com https://secure-ds.serving-sys.com  https://sc-static.net https://snap.licdn.com https://*.optimix.cn https://munchkin.marketo.net https://cdn.resonate.com https://libjs.s4mdsp.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net https://google.com https://googleads.g.doubleclick.net https://js.hs-scripts.com https://www.googletagmanager.com https://*.ets.org https://assets.adobedtm.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://888-oul-143.mktoweb.com; style-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.mktoutil.com https://google.com https://googleads.g.doubleclick.net https://cdn.jsdelivr.net https://www.surveygizmo.com https://fonts.googleapis.com https://*.ets.org https://maxcdn.bootstrapcdn.com https://assets.adobedtm.com https://ka-f.fontawesome.com https://888-oul-143.mktoweb.com; font-src 'self' data: https://*.google-analytics.com https://*.mktoutil.com https://ka-p.fontawesome.com https://google.com https://googleads.g.doubleclick.net https://www.surveygizmo.com https://*.kaltura.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://ka-f.fontawesome.com https://*.kaltura.com; connect-src 'self' https://*.tt.omtrdc.net https://www.google.com https://pagead2.googlesyndication.com https://*.google-analytics.com https://*.mktoutil.com https://ib.adnxs.com https://google.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://tr.snapchat.com https://kit.fontawesome.com https://webto.salesforce.com https://www.livelook.com/cobrowse/auth https://www.livelook.com https://*.clarity.ms/ https://ka-p.fontawesome.com https://pixelconnector.adready.com https://*.kaltura.com https://*.akamaihd.net https://*.rfihub.net https://*.akstat.io https://*.go-mpulse.net https://people.api.boomtrain.com https://events.api.boomtrain.com https://www.facebook.com https://analytics.tiktok.com https://lm.serving-sys.com https://secure-ds.serving-sys.com https://tr-shadow.snapchat.com https://cdn.linkedin.oribi.io https://analytics.google.com https://stats.g.doubleclick.net https://709-zco-379.mktoresp.com https://www.google-analytics.com https://ssl.google-analytics.com https://ds.reson8.com https://forms.hscollectedforms.net https://*.ets.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://ka-f.fontawesome.com https://cdn.cookielaw.org wss://oda-e40b50f987234cd9917401d2041ee2c6-da2.data.digitalassistant.oci.oraclecloud.com wss://oda-7d45bc8b07464a85817b482742d79302-da2.data.digitalassistant.oci.oraclecloud.com wss://oda-b5675d826e074d05b3305135c81c2162-da2.data.digitalassistant.oci.oraclecloud.com; frame-ancestors https://toeflibt.ets.org https://toeflibt-dev.ets.org https://toeflibt-test.ets.org https://toeflibt-stg.ets.org https://v2-dev.ereg.ets.org https://v2-tst.ereg.ets.org https://v2-uat.ereg.ets.org https://v2.ereg.ets.org; frame-src 'self' https://*.google-analytics.com https://*.mktoutil.com https://google.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.livelook.com/ https://td.doubleclick.net/ https://static.criteo.net https://*.criteo.com https://www.googletagmanager.com https://public.cobrowse.oraclecloud.com https://s.amazon-adsystem.com https://*.kaltura.com https://*.fls.doubleclick.net https://*.rfihub.com https://www.facebook.com https://*.snapchat.com https://e03.optimix.cn https://www.google-analytics.com https://ssl.google-analytics.com https://888-oul-143.mktoweb.com https://www.youtube.com https://*.ets.org https://oda-e40b50f987234cd9917401d2041ee2c6-da2.data.digitalassistant.oci.oraclecloud.com https://oda-7d45bc8b07464a85817b482742d79302-da2.data.digitalassistant.oci.oraclecloud.com https://oda-b5675d826e074d05b3305135c81c2162-da2.data.digitalassistant.oci.oraclecloud.com; media-src 'self' blob: data: https://*.ets.org https://*.kaltura.com https://public.cobrowse.oraclecloud.com https://google.com https://googleads.g.doubleclick.net ; img-src 'self' data: https: https://www.surveygizmo.com https://i.ytimg.com https://www.google-analytics.com https://ssl.google-analytics.com https://aax-eu.amazon-adsystem.com https://bx01.optimix.cn https://cm.g.doubleclick.net https://e03.optimix.cn https://forms.hsforms.com https://track.hubspot.com https://google.com https://googleads.g.doubleclick.net https://www.facebook.com https://px.ads.linkedin.com https://cfvod.kaltura.com https://maps.gstatic.com https://cdn.cookielaw.org https://objectstorage.us-ashburn-1.oraclecloud.com https://*.akstat.io; worker-src blob: https:; 1
default-src 'self'; connect-src 'self' rdap.nic.scb rdap1.nic.scb rdap2.nic.scb rdap.thains.co.th www.google-analytics.com; frame-src 'self' www.google.com; style-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com; img-src 'self' www.thnic.or.th www.google-analytics.com data:; 1
object-src 'none', frame-ancestors https://www.facebook.com 1
frame-ancestors 'self' https://webvisor.com 1
default-src 'self' ; script-src 'self'  https://*.google.com https://*.googletagmanager.com https://*.googleoptimize.com https://*.google-analytics.com https://*.slack.com https://*.livestorm.co https://*.agoda.com https://*.aviasales.ru https://*.aviasales.com https://*.uxfeedback.ru http://*.facebook.net 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://*.jsdelivr.net https://*.yandex.ru https://*.webvisor.org https://*.avsplow.com; style-src 'self'  'unsafe-inline' https://*.googleapis.com https://*.uxfeedback.ru; img-src 'self'  https://*.amazonaws.com https://*.cloudfront.net https://*.ctfassets.net https://*.travelpayouts.com data: https://*.webvisor.org https://*.yandex.com https://*.yandex.ru https://*.google.com https://*.google.co https://*.facebook.com; connect-src 'self'  https://*.amazonaws.com https://*.cloudfront.net https://*.ctfassets.net https://*.uxfeedback.ru https://*.rollbar.com https://*.yandex.ru https://*.webvisor.org https://*.google-analytics.com https://*.analytics.google.com https://*.doubleclick.net http://avsplow.com; font-src 'self'  https://*.gstatic.com; media-src 'self'  https://*.cloudfront.net https://*.ctfassets.net; frame-src 'self'  https://*.google.com https://*.slack.com https://*.livestorm.co https://*.agoda.com https://*.yandex.ru; object-src 'none'; 1
default-src 'self' *.hkcsl-5g.com www.1010-5g.com *.facebook.com *.instagram.com *.taboola.com *.doubleclick.net *.google-analytics.com *.ytimg.com *.netvigator.com *.kudostat.com *.google.com *.google.com.hk;       connect-src 'self' s.yimg.com *.tealiumiq.com *.hkcsl-5g.com www.1010-5g.com *.netvigator.com *.google.com *.google.com.hk *.google-analytics.com *.doubleclick.net *.taboola.com;       script-src 'self' *.createjs.com *.yahoo.com *.yahoodns.net *.yimg.com sp.analytics.yahoo.com s.yimg.com *.tiqcdn.com *.jquery.com *.google.com *.hkcsl-5g.com www.1010-5g.com *.cheqzone.com *.echarts.baidu.com *.netvigator.com *.taboola.com *.hkt.com *.shop.hkt.com *.hktshop.com *.google-analytics.com *.googleadservices.com *.kudostat.com *.googletagmanager.com *.doubleclick.net *.facebook.net  *.google.com *.gstatic.com 'unsafe-inline' 'unsafe-eval';      img-src 'self' *.yahoo.com *.tealiumiq.com *.pccw.com *.googleadservices.com *.hkcsl-5g.com www.1010-5g.com *.facebook.net *.w3.org *.ytimg.com *.cheqzone.com *.netvigator.com *.google.com *.google.com.hk *.kudostat.com *.hkt.com *.shop.hkt.com *.hktshop.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.facebook.com *.instagram.com *.taboola.com data:;      style-src 'self' *.hkcsl-5g.com www.1010-5g.com *.googleapis.com *.netvigator.com *.hkt.com *.shop.hkt.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net 'unsafe-inline';      frame-src 'self' key2connect.com *.hkcsl-5g.com www.1010-5g.com *.hkt.com *.shop.hkt.com *.cheqzone.com *.facebook.com *.instagram.com *.taboola.com *.hkt.com *.shop.hkt.com *.youtube.com *.doubleclick.net  *.google.com *.pccw.com *.matterport.com;      font-src 'self' *.hkcsl-5g.com www.1010-5g.com *.cheqzone.com *.facebook.com *.instagram.com *.taboola.com *.hkt.com *.shop.hkt.com *.youtube.com *.doubleclick.net  *.google.com *.pccw.com *.matterport.com *.gstatic.com data:; 1
frame-ancestors 'self';media-src 'self' js.intercomcdn.com; connect-src 'self' https://cdn.cookielaw.org api-iam.intercom.io nexus-websocket-a.intercom.io api-iam.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io cdn.cookielaw.org geolocation.onetrust.com www.google-analytics.com *.clarity.ms stats.g.doubleclick.net;default-src 'self';frame-src 'self' intercom-sheets.com; script-src 'self' *.intercomcdn.com *.heapanalytics.com www.googletagmanager.com cdn.cookielaw.org platform.twitter.com www.clarity.ms www.google-analytics.com static.ads-twitter.com widget.intercom.io 'unsafe-inline';style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com;img-src 'self' *.intercomcdn.com fonts.gstatic.com fast.fonts.net heapanalytics.com cdn.cookielaw.org c.clarity.ms t.co analytics.twitter.com c.bing.com www.google.com www.google.com.np https://www.googletagmanager.com static.intercomassets.com data:;object-src 'none';base-uri 'self';form-action 'self';upgrade-insecure-requests 1
frame-ancestors https://app.roll20.net https://roll20.net https://marketplace.roll20.net https://*.inspectlet.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.szn.cz *.sdn.cz gacz.hit.gemius.pl scz.hit.gemius.pl www.google-analytics.com https://www.googletagmanager.com/gtag/js cdn-gl.imrworldwide.com *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.instagram.com *.tiktok.com *.ttwstatic.com https://www.gstatic.com https://ajax.googleapis.com login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com cdn.id5-sync.com tags.crwdcntrl.net *.sport.cz https://www.sport.cz https://olympics.sport.cz;frame-ancestors 'self' www.seznam.cz share.seznam.cz search.seznam.cz www.google.cz www.google.com *.seznamakce.cz www.sport.cz admin.sport.cz https://hc-vitkovice.cz https://www.hc-vitkovice.cz https://hcltv.cz https://www.hcltv.cz https://hcmotor.cz https://www.hcmotor.cz https://hokejkv.cz https://www.hokejkv.cz https://apklh.cz https://www.apklh.cz https://bkboleslav.cz https://www.bkboleslav.cz https://hc-kometa.cz https://www.hc-kometa.cz https://hc-olomouc.cz https://www.hc-olomouc.cz https://hcbilitygri.cz https://www.hcbilitygri.cz https://hcdynamo.cz https://www.hcdynamo.cz https://hcocelari.cz https://www.hcocelari.cz https://hcplzen.cz https://www.hcplzen.cz https://hcsparta.cz https://www.hcsparta.cz https://hokej.cz https://www.hokej.cz https://mountfieldhk.cz https://www.mountfieldhk.cz https://rytirikladno.cz https://www.rytirikladno.cz https://hcverva.cz https://www.hcverva.cz https://hcvl.cz https://www.hcvl.cz 1
frame-src 'self' *.consumerfinance.gov *.googletagmanager.com *.google-analytics.com *.googleoptimize.com optimize.google.com www.youtube.com *.qualtrics.com mailto:; media-src 'self' *.consumerfinance.gov; style-src 'self' 'unsafe-inline' *.consumerfinance.gov *.googletagmanager.com optimize.google.com fonts.googleapis.com api.mapbox.com; font-src 'self' fonts.gstatic.com; img-src 'self' *.consumerfinance.gov www.ecfr.gov s3.amazonaws.com img.youtube.com *.google-analytics.com *.googletagmanager.com optimize.google.com api.mapbox.com *.tiles.mapbox.com blob: data: www.gravatar.com *.qualtrics.com *.mouseflow.com i.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.consumerfinance.gov dap.digitalgov.gov *.googleanalytics.com *.google-analytics.com *.googletagmanager.com *.googleoptimize.com optimize.google.com api.mapbox.com js-agent.newrelic.com bam.nr-data.net gov-bam.nr-data.net *.youtube.com *.ytimg.com *.mouseflow.com *.geo.census.gov about: www.federalregister.gov *.qualtrics.com; connect-src 'self' *.consumerfinance.gov *.google-analytics.com *.googleoptimize.com *.tiles.mapbox.com api.mapbox.com bam.nr-data.net gov-bam.nr-data.net s3.amazonaws.com public.govdelivery.com n2.mouseflow.com *.qualtrics.com raw.githubusercontent.com; default-src 'self' 1
frame-ancestors https://www.postermywall.com/ 1
default-src 'self';style-src 'self' https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval';script-src 'nonce-edItzHOWBxoiNZvby67z1dlTjKjtKiTc' 'strict-dynamic' https: 'unsafe-inline' 'unsafe-eval';img-src 'self' https://*.google.co.in https://*.google.co.id https://maps.gstatic.com https://maps.googleapis.com https://googleapis.com https://s-media-cache-ak0.pinimg.com https://i.pinimg.com https://*.cloudfront.net https://reviews.123rf.com https://wikipedia.org https://api.veritrans.co.id https://res.cloudinary.com https://image.shutterstock.com https://tineye.com https://stats.g.doubleclick.net https://doctor.halodoc.com https://www.google-analytics.com https://www.facebook.com https://halodoc-sumba.s3-ap-southeast-1.amazonaws.com https://s3-ap-southeast-1.amazonaws.com https://www.google.com https://www.google.com.sg data: *.xendit.co *.midtrans.com *.veritrans.co.id *.mixpanel.com *.google-analytics.com https://impressions.onelink.me https://www.googletagmanager.com https://halodoc-sumba.s3.ap-southeast-1.amazonaws.com https://js.xendit.co/v1/xendit.min.js https://www.gstatic.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://twemoji.maxcdn.com https://s3.eu-west-1.amazonaws.com https://tidio-images-messenger.s3.amazonaws.com https://ciwss.com https://media.glassdoor.com https://halolab-assets.prod.halodoc.com https://braze-images.com;connect-src 'self' https://pinimg.com https://*.cloudfront.net https://123rf.com https://fonts.gstatic.com https://tineye.com https://res.cloudinary.com https://image.shutterstock.com https://www.halodoc.com https://halodoc-sumba.s3-ap-southeast-1.amazonaws.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://analytics.google.com https://connect.facebook.net https://www.facebook.com https://www.gstatic.com https://s3-ap-southeast-1.amazonaws.com https://doctor.halodoc.com https://web-halodoc-api.prod.halodoc.com https://qiscus-lb.api.halodoc.com wss://qiscus-mqtt.api.halodoc.com:1886/mqtt https://api.midtrans.com https://cdn.appsflyer.com https://cdn.ampproject.org https://cdn.amplitude.com https://api.amplitude.com/ https://s.yimg.com https://api.midtrans.com https://api.veritrans.co.id https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://sp.analytics.yahoo.com https://fonts.googleapis.com https://www.google.com.sg https://www.google.com https://fcm.googleapis.com *.midtrans.com *.xendit.co *.veritrans.co.id *.mixpanel.com *.google-analytics.com https://firebaseinstallations.googleapis.com https://banner.appsflyer.com https://wa.onelink.me https://wa.appsflyer.com https://websdk.appsflyer.com https://halodoc-sumba.s3.ap-southeast-1.amazonaws.com https://web.prod.halodoc.com https://script.google.com https://script.googleusercontent.com https://creatives-cdn.appsflyer.com https://events-logger.appsflyer.com https://af-event-logger.appsflyer.com/log-event https://js.xendit.co/v1/xendit.min.js https://api.xendit.co https://sentry-new.tidio.co https://socket.tidio.co https://api-v2.tidio.co wss://sentry-new.tidio.co wss://socket.tidio.co wss://api-v2.tidio.co https://sdk.iad-05.braze.com https://magneto.api.halodoc.com https://magneto-stage.api.halodoc.com https://erx.halodoc.com/ https://cdn.linkedin.oribi.io https://widget-v4.tidiochat.com https://bam.nr-data.net https://maps.googleapis.com https://pagead2.googlesyndication.com;font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com https://cdn.appsflyer.com data:;object-src 'none';frame-src *;media-src 'self' https://*.cloudfront.net http://*.cloudfront.net;base-uri 'self';form-action 'self';frame-ancestors 'self';upgrade-insecure-requests 1
default-src 'self' static.amazon.jobs; connect-src 'self' adservice.google.com amazonhr.sc.omtrdc.net autocomplete.geocoder.api.here.com cognito-identity.eu-west-1.amazonaws.com cognito-identity.us-east-1.amazonaws.com cognito-identity.us-west-2.amazonaws.com dataplane.rum.eu-west-1.amazonaws.com dataplane.rum.us-east-1.amazonaws.com dataplane.rum.us-west-2.amazonaws.com dpm.demdex.net fls-eu.amazon.com fls-na.amazon.com geocoder.api.here.com static.amazon.jobs sts.eu-west-1.amazonaws.com sts.us-east-1.amazonaws.com sts.us-west-2.amazonaws.com unagi-eu.amazon.com unagi-fe.amazon.com unagi-na.amazon.com www.google-analytics.com; font-src 'self' data: fonts.gstatic.com m.media-amazon.com static.amazon.jobs; frame-src 'self' 11435057.fls.doubleclick.net amazonhr.demdex.net  duaa2xs5z3ldn.cloudfront.net www.youtube.com www.youtube-nocookie.com; img-src 'self' data: amazonhr.sc.omtrdc.net cm.everesttech.net d1.awsstatic.com fonts.gstatic.com internal-cdn.amazon.com m.media-amazon.com s3.us-west-2.amazonaws.com s3-us-west-2.amazonaws.com static.amazon.jobs static-gamma.amazon.jobs translate.google.com www.google-analytics.com; script-src 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' apply.talentbrew.io assets.adobedtm.com d1fc8wv8zag5ca.cloudfront.net d1o95ve0lr2m33.cloudfront.net d1t40axu4ik42k.cloudfront.net images-na.ssl-images-amazon.com static.amazon.jobs static-gamma.amazon.jobs www.googletagmanager.com www.youtube.com; style-src 'self' 'unsafe-inline' static.amazon.jobs; style-src-elem 'self' 'unsafe-inline' static.amazon.jobs static-gamma.amazon.jobs www.gstatic.com; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; report-to amazon-jobs 1
default-src 'self' bumbcdn.com *.bumbcdn.com eu1.ecdn2.bumbcdn.com; connect-src 'self' chatdate.app eu1.chatdate.app us1.chatdate.app am1.chatdate.app gew3.chatdate.app fr1.chatdate.app bumbcdn.com *.bumbcdn.com eu1.ecdn2.bumbcdn.com  https://*.amazon-adsystem.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://google.com https://*.google.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://www.facebook.com https://cdn.ampproject.org https://api.giphy.com https://www.googleadservices.com https://attestation.android.com https://csi.gstatic.com https://s0.2mdn.net https://api.tenor.com https://g.tenor.com https://maps.googleapis.com https://consent.badoo.com https://essentialaccessibility.com https://tr.snapchat.com https://bic-core.dlocal.com/;  script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-kTvvD2PCMLahEDgAqbl+bXTfLFM=' 'report-sample' bumbcdn.com *.bumbcdn.com eu1.ecdn2.bumbcdn.com  https://*.googletagmanager.com https://connect.facebook.net https://securepubads.g.doubleclick.net https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://s0.2mdn.net https://cdn.ampproject.org https://c.amazon-adsystem.com https://www.google-analytics.com https://pay.google.com https://adservice.google.com https://www.googletagservices.com https://maps.googleapis.com https://dashboard.essentialaccessibility.com https://consent.badoo.com https://essentialaccessibility.com https://www.google.com https://cdn.plaid.com https://tr.snapchat.com https://cdn.plaid.com; style-src 'self' 'unsafe-inline' bumbcdn.com *.bumbcdn.com eu1.ecdn2.bumbcdn.com https://fonts.googleapis.com; font-src 'self' data: bumbcdn.com *.bumbcdn.com eu1.ecdn2.bumbcdn.com https://fonts.gstatic.com https://tpc.googlesyndication.com;  prefetch-src 'self'  bumbcdn.com *.bumbcdn.com eu1.ecdn2.bumbcdn.com https://cdn.plaid.com ; img-src * data: blob: android-webview-video-poster:; child-src 'self' blob:; worker-src 'self' blob:; media-src * data: blob:; object-src 'self'  bumbcdn.com *.bumbcdn.com eu1.ecdn2.bumbcdn.com; base-uri 'self'; manifest-src 'self' chatdate.app eu1.chatdate.app us1.chatdate.app am1.chatdate.app gew3.chatdate.app fr1.chatdate.app; form-action 'self'  https://www.facebook.com; frame-src * hon:; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /jss/csp_report.phtml?token=hotornot_mobile_web&release=31120&env=production 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' unequalbrake.com a.pub.network *.adswizz.com *.a-f.io *.google-analytics.com *.quantserve.com *.googletagmanager.com *.google.com *.nr-data.net www.gstatic.com *.quantcast.com *.scorecardresearch.com *.consensu.org *.mxpnl.com *.newrelic.com *.hadronid.net *.adsafeprotected.com *.quantcount.com *.videoplayerhub.com www.googletagservices.com *.facebook.com *.confiant-integrations.net *.facebook.net *.cdn-apple.com *.twitter.com *.stripe.com btloader.com *.amazon-adsystem.com *.doubleclick.net *.criteo.net *.googlesyndication.com *.cookielaw.org secure.cdn.fastclick.net cdn.id5-sync.com https://*; img-src 'self' data: *.audiomack.com *.google-analytics.com merequartz.com *.adsafeprotected.com *.facebook.com *.scorecardresearch.com google-analytics.com data: *; connect-src 'self' 'unsafe-inline' *.audiomack.com *.a-f.io *.quantcast.com *.pub.network *.mxpnl.com *.advertising.com *.adswizz.com *.quantcount.com *.doubleclick.net audiomack.test *.googleapis.com optimise.net *.facebook.com *.consensu.org *.newrelic.com *.gstatic.com *.facebook.net unequalbrake.com *.scorecardresearch.com *.google-analytics.com *.googletagmanager.com *.google.com data: *; frame-src 'self' *.audiomack.com *.google.com *.googlesyndication.com *.adswizz.com *.stripe.com *.pubmatic.com *.openx.net *.3lift.com *.casalemedia.com *.indexww.com gum.criteo.com cdn.undertone.com *.lijit.com ads.yieldmo.com contextual.media.net js-sec.indexww.co ads.pubmatic.com eus.rubiconproject.com *.facebook.com *; font-src 'self' data: fonts.gstatic.com; object-src 'self'; media-src 'self' *.audiomack.com * data:; frame-ancestors 'self' 1
object-src 'none'; base-uri 'none'; frame-ancestors 'self'; upgrade-insecure-requests 1
frame-ancestors 'self' www.seznam.cz share.seznam.cz search.seznam.cz www.google.cz www.google.com *.seznamakce.cz www.super.cz admin.super.cz *.super.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.szn.cz *.sdn.cz gacz.hit.gemius.pl scz.hit.gemius.pl www.google-analytics.com https://www.googletagmanager.com/gtag/js cdn-gl.imrworldwide.com *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.instagram.com *.tiktok.com *.ttwstatic.com https://www.gstatic.com https://ajax.googleapis.com login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com cdn.id5-sync.com tags.crwdcntrl.net *.super.cz https://www.super.cz 1
frame-ancestors *.procore.com https://app.contentful.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.litix.io embedwistia-a.akamaihd.net/ https://*.marketo.net https://*.salesforceliveagent.com https://*.wistia.com https://1.tl813.com https://a.adroll.com/ https://a.sfdcstatic.com https://analytics.twitter.com https://apis.google.com https://app-sj15.marketo.com https://autocomplete.demandbase.com https://cdn.cookielaw.org/consent/4a3b4a16-9af0-4726-976d-39737fb16905.js https://checkout.stripe.com https://connect.facebook.net https://connectors.tableau.com https://d.adroll.com/ https://d.adroll.mgr.consensu.org https://demdex.com https://dpm.demdex.net https://fast.wistia.com https://fast.wistia.net/ https://geolocation.onetrust.com https://googleads.g.doubleclick.net/ https://js.adsrvr.org/ https://m.addthis.com https://m.addthisedge.com https://omtr2.partners.salesforce.com https://org62.my.salesforce.com https://platform.twitter.com https://play.vidyard.com https://px.ads.linkedin.com/ https://quip-cdn.com https://quip-marketing.com https://s.adroll.com/ https://s.ytimg.com https://s7.addthis.com https://scripts.demandbase.com https://sdk.snapkit.com https://secure2.sfdcstatic.com https://sjs.bizographics.com https://snap.licdn.com/ https://src.litix.io https://ssl.google-analytics.com https://static.ads-twitter.com https://static.lightning.force.com https://store.salesforce.com https://t.sf14g.com https://tag.demandbase.com/shared/forms.min.js https://tagmanager.google.com https://tracking.g2crowd.com https://vidassets.terminus.services https://wistia.com https://www-onepick-opensocial.googleusercontent.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.linkedin.com/csp/dtag https://www.youtube.com; frame-ancestors https://www.quip-resource-center.com http://www.quip-resource-center.com; report-uri /csp-report 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *; object-src 'none'; base-uri 'none'; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; font-src 'self' data:; form-action *; frame-src blob: *; frame-ancestors 'self'; connect-src *; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://x.clearbitjs.com/ https://googleads.g.doubleclick.net/ https://www.google.com/recaptcha/  https://www.gstatic.com/recaptcha/ https://www.googleadservices.com/ https://cdn.dreamdata.cloud/ https://cdn.mouseflow.com/ https://static.hsappstatic.net/ *.nrich.ai https://cdnjs.cloudflare.com/ https://*.hs-analytics.net/ https://*.hubspot.com/ https://*.hubspot.net/ https://hubspot.net/ https://*.hs-banner.com/ https://io.clickguard.com/ http://js.hsadspixel.net/fb.js https://js.hscollectedforms.net/collectedforms.js https://js.usemessages.com/conversations-embed.js  https://snap.licdn.com/li.lms-analytics/insight.min.js https://*.hotjar.com/ https://tag.clearbitscripts.com/ https://tracking.g2crowd.com/ https://www.clarity.ms/  https://platform.linkedin.com/ https://platform.twitter.com/ https://www.gartner.com/ https://secure.smart-company-vision.com/ https://tag.clearbitscripts.com/ https://s3-us-west-2.amazonaws.com/ https://js.hubspotfeedback.com/ https://unpkg.com/swiper/swiper-bundle.min.js https://b-code.liadm.com/lc2.js https://cdn.ampproject.org/ https://www.googletagmanager.com/gtm.js https://secure.smart-company-vision.com/js/267476.js https://js.hsadspixel.net/ https://apis.google.com/js/client.js; object-src 'none'; report-uri https://o1168991.ingest.sentry.io/api/6261364/security/?sentry_key=7d242ac12119401194fa3bf0fb45a4bf;; upgrade-insecure-requests 1
default-src 'self' *.10086.cn cdnjs.cloudflare.com pcache.cmam.migu.cn ccdownucrm.migudm.cn https://pc-dl.migufun.com:8443 pc-dl.migufun.com open.tyst.migu.cn p.cnwza.cn *.govwza.cn api.map.baidu.com *.bdimg.com *.baidu.com mgcdnvod.migucloud.com *.cmpassport.com res.wx.qq.com mgcdn.vod.migucloud.com 111.7.203.227 111.7.203.228 111.7.202.175 111.7.202.179 blob: data: 'unsafe-inline' 'unsafe-eval'; 1
upgrade-insecure-requests;connect-src * data: blob: 'unsafe-inline'; 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; frame-ancestors *; script-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; worker-src blob:; child-src * 'self' blob:; 1
default-src 'self'; media-src 'self' 'unsafe-inline' https://chat.fortifi.io/ https://bat.bing.com/ https://player.vimeo.com/ https://vod-progressive.akamaized.net/; img-src 'self' 'unsafe-inline' https://i.ytimg.com/ https://chat.fortifi.io/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://bat.bing.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.facebook.com/ https://connect.facebook.net/ data: https://storage.googleapis.com/ https://haveibeenpwned.com/ https://resources.totalav.com/ https://assets.totalav.com/ https://logs-01.loggly.com/ https://www.mczbf.com/ https://stats.totalav.com https://award.totalav.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://chat.fortifi.io/; font-src 'self' https://fonts.gstatic.com https://chat.fortifi.io/; script-src 'self' 'unsafe-inline' https://stats.totalav.com https://googletagmanager.com/ https://googleadservices.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://widget.trustpilot.com/ https://chat.fortifi.io/ https://cfgchat.fortifi.io/ https://www.facebook.com/ https://connect.facebook.net/ https://url.totalav.com http://url.totalav.com/px/init/fortifi.js https://www.gstatic.com/ https://utt.impactcdn.com/ https://www.mczbf.com/; worker-src 'self' blob; frame-src 'self' blob: https://chat.fortifi.io/ https://player.vimeo.com https://www.youtube.com/ https://www.facebook.com/ https://widget.trustpilot.com/ https://vod-progressive.akamaized.net/ https://my.totalav.com https://www.google.com/; connect-src 'self' https://my.totalav.com https://ajax.totalav.com https://login.totalav.com https://signup.totalav.com https://my.totalav.com https://bat.bing.com/ wss://chat.fortifi.io/ https://stats.totalav.com https://www.mczbf.com/; frame-ancestors 'self' 1
frame-ancestors 'self' *.lpl.com; 1
default-src 'none'; base-uri 'none'; frame-src checkout.stripe.com *.google.com; frame-ancestors 'none'; style-src *.scryfall.com scryfall.com; script-src *.scryfall.com scryfall.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.cloudflareinsights.com checkout.stripe.com 'unsafe-eval'; img-src *.scryfall.io *.scryfall.com scryfall.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.stripe.com data:; font-src *.scryfall.com scryfall.com; manifest-src *.scryfall.com scryfall.com; connect-src api.scryfall.com scryfall.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com cloudflareinsights.com checkout.stripe.com; block-all-mixed-content; 1
base-uri 'self'; default-src 'self' https:; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' https: data: www.openstreetmap.org siegel.ausgezeichnet.org www.google.com www.gstatic.com www.clickcease.com monitor.clickcease.com; script-src 'self' www.openstreetmap.org siegel.ausgezeichnet.org www.google.com www.gstatic.com www.clickcease.com monitor.clickcease.com 'nonce-uUS2PxNr11fZzW9kZ5R7bSydYZ1M1BJs'; style-src 'self' https: data: 'unsafe-inline' www.openstreetmap.org siegel.ausgezeichnet.org www.google.com www.gstatic.com www.clickcease.com monitor.clickcease.com; object-src 'self'; form-action 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://cdn.syndication.twimg.com https://s.ytimg.com https://z.moatads.com https://v1.addthisedge.com https://m.addthis.com https://api-public.addthis.com https://www.youtube.com https://d3js.org https://dap.digitalgov.gov https://www.google-analytics.com https://s7.addthis.com https://vjs.zencdn.net https://platform.twitter.com https://www.google.com https://ssl.p.jwpcdn.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://*.fontawesome.com https://*.addtoany.com https://cpsc-d8-media-prod.s3.amazonaws.com https://cpsc-d8-media-stg.s3.amazonaws.com https://*.govdelivery.com https://cdnjs.cloudflare.com https://unpkg.com https://*.highcharts.com https://naver.github.io https://*.hotjar.com; img-src 'self' data: https://www.googletagmanager.com https://rtb.adentifi.com  https://px.adentifi.com https://www.cpsc.gov https://cpsc-d8-media-prod.s3.amazonaws.com https://cpsc-d8-media-stg.s3.amazonaws.com https://i.ytimg.com https://jwpltx.com https://www.google-analytics.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://cdn.jsdelivr.net https://*.govdelivery.com; style-src 'self' 'unsafe-inline' https://ton.twimg.com https://platform.twitter.com https://fonts.googleapis.com https://vjs.zencdn.net https://cpsc-d8-media-stg.s3.amazonaws.com https://cpsc-d8-media-prod.s3.amazonaws.com https://cdn.jsdelivr.net https://*.gstatic.com https://cdnjs.cloudflare.com https://naver.github.io; font-src 'self' data: https://fonts.gstatic.com https://ssl.p.jwpcdn.com https://cdn.jsdelivr.net; frame-src 'self' http://*.cpsc.gov https://*.searchblox.com https://s7.addthis.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.google.com https://static.addtoany.com https://public.govdelivery.com https://open.spotify.com https://*.googletagmanager.com/; connect-src 'self' https://vod.cpsc.gov https://m.addthis.com https://www.google-analytics.com https://www.saferproducts.gov https://stats.addtoany.com https://public.govdelivery.com https://analytics.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; object-src 'none'; frame-ancestors 'self'; media-src 'self' blob: https://cpsc-d8-media-prod.s3.amazonaws.com https://cpsc-d8-media-stg.s3.amazonaws.com 1
default-src 'self'; img-src 'self' data: *; object-src 'self'; connect-src 'self' https://www.goodsync.com https://www.google-analytics.com https://api.reviews.co.uk https://knrpc.olark.com https://*.doubleclick.net https://analytics.google.com https://www.google.com https://pagead2.googlesyndication.com https://bat.bing.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.goodsync.com/ https://tagmanager.google.com/ https://static.olark.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com https://assets.olark.com https://api.olark.com https://knrpc.olark.com https://static.olark.com https://widget.reviews.co.uk https://www.googletagmanager.com/ https://widget.reviews.io https://www.google-analytics.com/ https://www.googleadservices.com/ https://connect.facebook.net/ https://*.doubleclick.net/ https://tagmanager.google.com/ https://bat.bing.com/ https://www.youtube.com/ https://s.ytimg.com/ https://tpc.googlesyndication.com; font-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://www.goodsync.com https://static.olark.com; frame-src 'self' https://control.goodsync.com/ https://www.goodsync.com https://jobs.goodsync.com https://docs.google.com https://www.google.com https://static.olark.com https://widget.reviews.co.uk https://widget.reviews.io/ https://*.doubleclick.net/ https://www.youtube.com/ https://s.ytimg.com/ https://tpc.googlesyndication.com; media-src 'self' https://static.olark.com 1
script-src 'nonce--J7NlXB1Ed5vflAk4xowVg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chromebook; base-uri 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com/ https://ebbot-v2.storage.googleapis.com https://mfstatic.com blob: https://uu.sitevision-cloud.se blob: api.mazemap.com api.mapbox.com d1bxh8uas1mnw7.cloudfront.net api.altmetric.com https://static.uu.se/ https://cdn.jsdelivr.net *.readspeaker.com *.twitter.com *.ctnotes.com; style-src 'self' 'unsafe-inline' https://mfstatic.com api.mazemap.com d1bxh8uas1mnw7.cloudfront.net https://ebbot-v2.storage.googleapis.com https://static.uu.se/ *.readspeaker.com; font-src 'self' *.uu.se https://mfstatic.com https://resources.ebbot.ai https://sp.saml.v2.ebbot.app data: ; base-uri 'self'; manifest-src 'self'; form-action 'self' https://ui.ungpd.com/Api/Subscriptions/ *.readspeaker.com *.paypal.com; img-src 'self' data: *; frame-ancestors 'self' diskus.ub.uu.se; object-src 'self' blob: ; frame-src 'self' www.youtube.com maps.google.se www.google.com uppsala.instructuremedia.com ullsalen.its.uu.se v1.mediaflow.com v2.mediaflow.com uu.mediaflowportal.com urplay.se player.acast.com embed.acast.com open.spotify.com cloud.timeedit.net *.readspeaker.com datawrapper.dwcdn.net *.twitter.com https://media.medfarm.uu.se https://statsvet-kalendermodul.its.uu.se *.vimeo.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com/ https://v1.mediaflow.com https://v2.mediaflow.com https://mfstatic.com https://m.mediaflow.com tiles.mazemap.com api.mazemap.com events.mapbox.com api.mapbox.com https://ebbot-v2.storage.googleapis.com wss://v2.ebbot.app https://v2.ebbot.app https://sp.saml.v2.ebbot.app https://stats.mediaflowpro.com hedgehog.cb.uu.se *.readspeaker.com *.ctnotes.com https://vimeo.com; child-src 'self' 'unsafe-inline' blob: api.mazemap.com api.mapbox.com link.mazemap.com use.mazemap.com d1bxh8uas1mnw7.cloudfront.net api.altmetric.com https://ebbot-v2.storage.googleapis.com; upgrade-insecure-requests; media-src 'self' blob: https://uu.sitevision-cloud.se https://m.mediaflow.com https://v1.mediaflow.com https://v2.mediaflow.com; 1
frame-ancestors http://localhost:* file: *.sf.intra.laposte.fr *.labanquepostale.fr; 1
default-src 'self'; connect-src *; frame-src *; font-src * data:;img-src * data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'unsafe-inline';worker-src * blob: data:; 1
object-src 'none'; default-src * 'unsafe-inline' blob: data:; img-src * 'self' data: https: blob:; media-src * 'unsafe-inline' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; font-src * data: 1
default-src 'self' *.thehartford.com *.hfdstatic.com aa.agkn.com report.thehartford.gbqofs.io cdn.gbqofs.com console.thehartford.glassboxdigital.io; font-src 'self' data: *.thehartford.com *.hfdstatic.com fonts.gstatic.com *.kampyle.com dnsl4xr6unrmf.cloudfront.net; frame-ancestors 'self' *.thehartford.com; frame-src *.optimizely.com *.thehartford.com *.kampyle.com cl.exct.net www.youtube.com pub.s1.exacttarget.com *.doubleclick.net hosted.where2getit.com uk132.infusionsoft.com *.tealiumiq.com connect.facebook.net *.akamaihd.net pinecast.com storage.pinecast.net insight.adsrvr.org match.adsrvr.org mc3jl4gfl2432w-98y2stw11txh8.pub.sfmc-content.com www.google.com *.qualtrics.com agents.floodsmart.gov pixel.sitescout.com pixel-sync.sitescout.com attribution.sitescout.com up.pixel.ad cdn01.basis.net; connect-src *.tealiumiq.com *.thehartford.com *.kampyle.com *.powerreviews.com rules.atgsvcs.com www.google-analytics.com *.doubleclick.net img.c3tag.com www.googletagmanager.com ampcid.google.com s.srvsynd.com api.genesyscloud.com 530-ct.c3tag.com *.akamaihd.net *.optimizely.com www.google.com analytics.google.com region1.google-analytics.com region1.analytics.google.com *.qualtrics.com acdn.adnxs.com d2hrivdxn8ekm8.cloudfront.net d1lu3pmaz2ilpx.cloudfront.net dvqigh9b7wa32.cloudfront.net d330aiyvva2oww.cloudfront.net *.cookielaw.org *.cookiepro.com *.onetrust.com report.thehartford.gbqofs.io cdn.gbqofs.com console.thehartford.glassboxdigital.io *.hfdstatic.com hartfordinsurancegroup.pxf.io services-api.wyng.com content-api.wyng.com experiences.wyng.com wyng.io facebook.com; img-src 'self' data: *.thehartford.com *.optimizely.com *.hfdstatic.com *.kampyle.com *.powerreviews.com ecf.d41.co aa.agkn.com so.rlcdn.com http://image.insurance.thehartford.com res.cloudinary.com aa.agkn.com *.tealiumiq.com da.usaa.com uk132.infusionsoft.com hits.convergetrack.com www.google-analytics.com *.doubleclick.net www.google.com www.facebook.com secure.adnxs.com www.googletagmanager.com sp.analytics.yahoo.com bat.bing.com analytics.convertlanguage.com *.akamaihd.net thumb.service.pinecast.com px.ads.linkedin.com insight.adsrvr.org px.ads.linkedin.com p.adsymptotic.com www.linkedin.com cookie.havasedge.com event.havasedge.com tag.havasedge.com cx.atdmt.com match.sharethrough.com gw.helixbi.io api.securedvisit.com track.securedvisit.com content.securedvisit.com images.securedvisit.com track.sv.rkdms.com www.gstatic.com region1.google-analytics.com region1.analytics.google.com data.adxcel-ec2.com match.adsrvr.org *.qualtrics.com ib.adnxs.com *.cookielaw.org *.onetrust.com https://logs-01.loggly.com https://www.ojrq.net https://utt.impactcdn.com https://pubads.g.doubleclick.net hartfordinsurancegroup.pxf.io cdn.wyng.com dnsl4xr6unrmf.cloudfront.net pixel.sitescout.com ad.doubleclick.net pixel.sitescout.com pixel-sync.sitescout.com attribution.sitescout.com up.pixel.ad cdn01.basis.net; style-src 'self' *.thehartford.com *.hfdstatic.com *.kampyle.com *.powerreviews.com fonts.googleapis.com *.custhelp.com *.akamaihd.net 'unsafe-inline' www.gstatic.com *.cookielaw.org *.cookiepro.com *.onetrust.com agents.floodsmart.gov; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tealiumiq.com *.optimizely.com *.thehartford.com *.hfdstatic.com *.kampyle.com *.powerreviews.com vsvipmw01.rightnowtech.com *.custhelp.com rules.atgsvcs.com www.linkedin.com *.doubleclick.net *.akamaihd.net secure.adnxs.com insight.adsrvr.org data.adxcel-ec2.com aa.agkn.com aa.agkn.com sp.analytics.yahoo.com static.atgsvcs.com beacon.krxd.net bat.bing.com sjs.bizographics.com 530-ct.c3tag.com hits.convergetrack.com s.delvenetworks.com as00.estara.com conv-tm.everesttech.net www.facebook.com connect.facebook.net adservice.google.com www.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com mpsnare.iesnare.com uk132.infusionsoft.com solutions.invocacdn.com secure.leadforensics.com px.ads.linkedin.com www.livelook.com cdn.mouseflow.com mpp.mxptint.net onlinebusinessservicsc60333118us1.cobrowse.oraclecloud.com public.cobrowse.oraclecloud.com pixelg.adswizz.com www.rackcdn.com bcvipmw11.rightnowtech.com www.rnengage.com s.srvsynd.com trc.taboola.com tags.tiqcdn.com www.youtube.com i.ytimg.com i9.ytimg.com s.ytimg.com adadvisor.net cdn.ampproject.org analytics.convertlanguage.com so.rlcdn.com ecf.d41.co cdn.embed.ly js.adsrvr.org cdn-assets-prod.s3.amazonaws.com optimizely.s3.amazonaws.com cdn.invoca.solutions pnapi0.invoca.net sdk.helixbi.io snap.licdn.com pnapi.invoca.net api.securedvisit.com track.securedvisit.com content.securedvisit.com images.securedvisit.com track.sv.rkdms.com www.gstatic.com acdn.adnxs.com d2hrivdxn8ekm8.cloudfront.net d1lu3pmaz2ilpx.cloudfront.net dvqigh9b7wa32.cloudfront.net d330aiyvva2oww.cloudfront.net *.qualtrics.com *.cookielaw.org *.cookiepro.com *.onetrust.com report.thehartford.gbqofs.io cdn.gbqofs.com console.thehartford.glassboxdigital.io https://logs-01.loggly.com https://www.ojrq.net https://utt.impactcdn.com https://pubads.g.doubleclick.net hartfordinsurancegroup.pxf.io dnsl4xr6unrmf.cloudfront.net cdnjs.cloudflare.com code.jquery.com pixel.sitescout.com pixel-sync.sitescout.com attribution.sitescout.com up.pixel.ad cdn01.basis.net; media-src storage.pinecast.net pinecast.com; 1
default-src https://www.myherbalife.com/QBhW2I/a6v6Lu/CzW/YPrz/fXNDC/OhkEmmht4GLN/HndgAQ/Vx4_NDh/vOw0  * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; 1
frame-ancestors 'self' https://ecoticias.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://*.googlesyndication.com https://www.zenaps.com https://www.youtube.com https://tr.snapchat.com https://tr6.snapchat.com https://www.pinterest.com https://www.pinterest.co.uk https://csxd.contentsquare.net blob: https://app.qubit.com https://*.abtasty.com https://youtube.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://the.sciencebehindecommerce.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://tr.snapchat.com https://ct.pinterest.com https://*.matalan.co.uk https://*.contentsquare.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://analytics.tiktok.com https://horizon-api.www.matalan.co.uk https://*.qubit.com https://*.qubitproducts.com https://tr6.snapchat.com https://*.abtasty.com https://www.matalan.co.uk/e2/ds/relay https://horizon-api.www.matalan.co.uk/graphql https://*.ingest.sentry.io https://s1.thcdn.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://connect.facebook.net https://tr.snapchat.com https://checkout.matalan.co.uk https://www.matalan.co.uk; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googlesyndication.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://s.pinimg.com https://*.contentsquare.net https://app.contentsquare.com https://*.prod.mplat-ppcprotect.com https://*.lunio.ai https://analytics.tiktok.com https://*.ibytedtos.com https://static.goqubit.com https://*.qubit.com https://tr.snapchat.com https://static.ads-twitter.com https://analytics.twitter.com https://*.abtasty.com https://s1.thcdn.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://*.abtasty.com https://s1.thcdn.com; upgrade-insecure-requests; report-to report-endpoint; 1
frame-ancestors 'self' https://*.canalrcn.com https://canalrcn.com https://*.canalrcndigital.com https://*.canalrcn.tech https://noticiasrcn.com https://*.noticiasrcn.com; 1
frame-ancestors 'self' https://*.arvato-systems-media.net http://*.arvato-systems-media.net https://*.coremedia.vm https://*.coremedia.cloud https://*.coremedia.io https://*.coremedia.com https://*.quickrun.io https://*.coremedia.rocks https://studio.coremedia.pandora.net https://*.bots.kore.ai 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data:; connect-src 'self' https: wss://*.intercom.io/; font-src 'self' https: data:; media-src https:; child-src 'self' https:; form-action 'self' https:; frame-ancestors 'none'; object-src 'none'; frame-src 'self' https:; worker-src 'self' https:; manifest-src 'self'; base-uri 'self'; upgrade-insecure-requests 1
frame-ancestors 'self' https://shippingeasy.com 1
frame-ancestors https://stat-01.ccc.eu https://ccc.eu 1
base-uri 'self' *.nr-data.net; child-src blob:; connect-src 'self' wss://*.planetromeo.com wss://*.romeo.com wss://*.hunqz.com *.planetromeo.com *.romeo.com offline-page.pages.dev *.facebook.com *.gstatic.com *.googlesyndication.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.smaato.net *.smaato.com *.maptiler.com *.report-uri.com wss://*.firebaseio.com *.googleapis.com *.zendesk.com; font-src 'self' *.gstatic.com *.typekit.net data:; form-action 'self' *.planetromeo.com *.romeo.com google.com; frame-ancestors *.romeo.com *.planetromeo.com *.hunqz.com; frame-src 'self' *.romeo.com *.planetromeo.com *.hunqz.com recaptcha.net *.doubleclick.net *.google.com *.googlesyndication.com *.googletagservices.com *.blufm.de blufm.de *.firebaseio.com *.youtube.com *.facebook.com *.twitter.com; img-src https: data: blob: *.smaato.net; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ampproject.org *.doubleclick.net *.googlesyndication.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googletagservices.com recaptcha.net *.newrelic.com *.nr-data.net *.siftscience.com *.smaato.net *.firebaseio.com *.twitter.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net; worker-src 'self' blob:; default-src 'self' *.planetromeo.com *.romeo.com *.hunqz.com *.googlesyndication.com; 1
frame-ancestors 'self' https://*.magazinevoce.com.br https://*.influenciadormagalu.com.br; 1
frame-ancestors 'self' https://apicms.betplay.com.co 1
frame-ancestors 'self' *.ncaa.com *.sdata-cloud.com *.ampproject.org; 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval' chrome-extension: data: *.googleapis.com *.gstatic.com *.googleusercontent.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://recaptcha.net https://cdn.cookielaw.org  blob:; object-src https:; style-src 'unsafe-inline' https:; img-src 'self' https: *.keepeek-dev.com *.keepeek.com https://cdn.cookielaw.org mediaassets.airbus.com data:; media-src 'self' https: *.keepeek-dev.com *.keepeek.com blob:; frame-src 'self' https: https://www.youtube.com/embed/ https://youtu.be https://www.google.com/maps/ *.keepeek-dev.com *.keepeek.com; child-src blob:; font-src https: data:; connect-src https: wss://ws.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
connect-src 'self' https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://*.miniclip.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://jobvite.com https://*.jobvite.com  https://www.google.com; img-src 'self' data: 'unsafe-inline' https://static-prod-web.miniclip.com; media-src 'self' https://static-prod-web.miniclip.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.jobvite.com https://www.datadoghq-browser-agent.com; style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com; upgrade-insecure-requests; 1
frame-ancestors https://hpsecurity.my.salesforce.com; 1
default-src 'self' https://internshala.com https://*.internshala.com; img-src 'self' https://internshala.com https://*.internshala.com https://s3-ap-south-1.amazonaws.com/internshala-uploads-new/ https://internshala-uploads-new.s3-ap-south-1.amazonaws.com/ https://s3-ap-southeast-1.amazonaws.com/internshala-uploads/ https://internshala-uploads.s3-ap-southeast-1.amazonaws.com/ https://s3-ap-south-1.amazonaws.com/isp-uploads/ https://isp-uploads.s3-ap-south-1.amazonaws.com/ https://*.google.com https://*.google-analytics.com https://*.g.doubleclick.net data: https://pagead2.googlesyndication.com https://maps.gstatic.com https://www.googletagmanager.com https://conv.indeed.com https://csi.gstatic.com https://*.facebook.com https://*.linkedin.com https://p.adsymptotic.com https://*.clarity.ms https://*.bing.com blob: https://*.calendly.com https://calendly.com https://internshala-uploads.internshala.com/ https://training-uploads.internshala.com/ https://*.googleusercontent.com https://cdn.ischoolconnect.com/ https://d1aeya7jd2fyco.cloudfront.net/ https://cache.careers360.mobi/ https://clubs.internshala.com/ https://*.google.com.uk https://*.google.com.br https://*.google.com.mx https://*.google.com.ar https://*.google.com.tr https://*.google.com.hk https://*.google.com.sg https://*.google.com.sa https://*.google.com.ua https://*.google.com.tw https://*.google.com.my https://*.google.com.ph https://*.google.com.bd https://*.google.com.ng https://*.google.com.gh https://*.google.com.pk https://*.google.com.bh https://*.google.com.np https://*.google.com.eg https://*.google.com.om https://*.google.com.cy https://*.google.co.au https://*.google.co.jp https://*.google.co.kr https://*.google.co.in https://*.google.co.id https://*.google.co.za https://*.google.co.uk https://*.google.co.ma https://*.google.ca https://*.google.de https://*.google.fr https://*.google.es https://*.google.it https://*.google.ru https://*.google.cn https://*.google.tg https://*.google.lv https://*.google.ba https://*.google.ae https://*.google.lk https://www.google.co.ma https://www.google.com.ng https://www.google.com.bd https://www.google.com.pk https://www.google.com.sa https://www.google.com.ph https://www.google.com.af https://www.google.com.kw https://www.google.com.gh https://www.google.ca https://www.google.ae https://www.google.nl https://www.google.fr https://www.google.de https://www.google.gr; media-src 'self' https://internshala.com https://*.internshala.com https://s3-ap-south-1.amazonaws.com/internshala-uploads-new/ https://internshala-uploads-new.s3-ap-south-1.amazonaws.com/ https://s3-ap-southeast-1.amazonaws.com/internshala-uploads/ https://internshala-uploads.s3-ap-southeast-1.amazonaws.com/ data: https://internshala-uploads.internshala.com/ https://training-uploads.internshala.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-DP0iR27xFX+PlzWqSsZRRw==' https://internshala.com https://*.internshala.com https://*.google.com https://*.googletagmanager.com https://*.googleadservices.com https://www.googleadservices.com https://*.facebook.net https://*.facebook.com https://*.googleads.g.doubleclick.net https://*.jquery.com https://*.bootstrapcdn.com https://*.google-analytics.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://*.gstatic.com https://*.linkedin.com https://snap.licdn.com https://*.clarity.ms https://*.netcoresmartech.com https://*.calendly.com https://calendly.com https://*.google.com.uk https://*.google.com.br https://*.google.com.mx https://*.google.com.ar https://*.google.com.tr https://*.google.com.hk https://*.google.com.sg https://*.google.com.sa https://*.google.com.ua https://*.google.com.tw https://*.google.com.my https://*.google.com.ph https://*.google.com.bd https://*.google.com.ng https://*.google.com.gh https://*.google.com.pk https://*.google.com.bh https://*.google.com.np https://*.google.com.eg https://*.google.com.om https://*.google.com.cy https://*.google.co.au https://*.google.co.jp https://*.google.co.kr https://*.google.co.in https://*.google.co.id https://*.google.co.za https://*.google.co.uk https://*.google.co.ma https://*.google.ca https://*.google.de https://*.google.fr https://*.google.es https://*.google.it https://*.google.ru https://*.google.cn https://*.google.tg https://*.google.lv https://*.google.ba https://*.google.ae https://*.google.lk https://www.google.co.ma https://www.google.com.ng https://www.google.com.bd https://www.google.com.pk https://www.google.com.sa https://www.google.com.ph https://www.google.com.af https://www.google.com.kw https://www.google.com.gh https://www.google.ca https://www.google.ae https://www.google.nl https://www.google.fr https://www.google.de https://www.google.gr; style-src 'self' 'unsafe-inline' https://internshala.com https://*.internshala.com https://*.bootstrapcdn.com https://fonts.googleapis.com https://*.google.com https://*.calendly.com; font-src 'self' data: https://internshala.com https://*.internshala.com https://fonts.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com https://*.google.com; frame-src https://*.facebook.com https://*.facebook.net https://*.doubleclick.net https://*.google.com https://*.googletagmanager.com https://*.linkedin.com https://*.youtube.com https://*.ccavenue.com https://content.googleapis.com https://content-youtube.googleapis.com/ https://*.calendly.com https://calendly.com https://*.googlesyndication.com; manifest-src 'self' https://*.netcoresmartech.com; frame-ancestors 'self' https://internshala.com https://*.internshala.com; object-src 'none'; connect-src 'self' wss://internshala.com wss://*.internshala.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com/ https://*.doubleclick.net https://*.facebook.com https://*.instagram.com https://*.clarity.ms https://*.netcoresmartech.com https://pagead2.googlesyndication.com https://cdn.linkedin.oribi.io/ https://br.internshala.com/ https://*.google.com.uk https://*.google.com.br https://*.google.com.mx https://*.google.com.ar https://*.google.com.tr https://*.google.com.hk https://*.google.com.sg https://*.google.com.sa https://*.google.com.ua https://*.google.com.tw https://*.google.com.my https://*.google.com.ph https://*.google.com.bd https://*.google.com.ng https://*.google.com.gh https://*.google.com.pk https://*.google.com.bh https://*.google.com.np https://*.google.com.eg https://*.google.com.om https://*.google.com.cy https://*.google.co.au https://*.google.co.jp https://*.google.co.kr https://*.google.co.in https://*.google.co.id https://*.google.co.za https://*.google.co.uk https://*.google.co.ma https://*.google.ca https://*.google.de https://*.google.fr https://*.google.es https://*.google.it https://*.google.ru https://*.google.cn https://*.google.tg https://*.google.lv https://*.google.ba https://*.google.ae https://*.google.lk https://www.google.co.ma https://www.google.com.ng https://www.google.com.bd https://www.google.com.pk https://www.google.com.sa https://www.google.com.ph https://www.google.com.af https://www.google.com.kw https://www.google.com.gh https://www.google.ca https://www.google.ae https://www.google.nl https://www.google.fr https://www.google.de https://www.google.gr; base-uri 'self'; report-uri https://track.internshala.com/csp/0; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-g6H2BHHVaZuTHZtYDRD7UQ==' https://internshala.com https://*.internshala.com https://*.google.com https://*.googletagmanager.com https://*.googleadservices.com https://www.googleadservices.com https://*.facebook.net https://*.facebook.com https://*.googleads.g.doubleclick.net https://*.jquery.com https://*.bootstrapcdn.com https://*.google-analytics.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://*.gstatic.com https://*.linkedin.com https://snap.licdn.com https://*.clarity.ms https://*.netcoresmartech.com https://*.calendly.com https://calendly.com https://*.google.com.uk https://*.google.com.br https://*.google.com.mx https://*.google.com.ar https://*.google.com.tr https://*.google.com.hk https://*.google.com.sg https://*.google.com.sa https://*.google.com.ua https://*.google.com.tw https://*.google.com.my https://*.google.com.ph https://*.google.com.bd https://*.google.com.ng https://*.google.com.gh https://*.google.com.pk https://*.google.com.bh https://*.google.com.np https://*.google.com.eg https://*.google.com.om https://*.google.com.cy https://*.google.co.au https://*.google.co.jp https://*.google.co.kr https://*.google.co.in https://*.google.co.id https://*.google.co.za https://*.google.co.uk https://*.google.co.ma https://*.google.ca https://*.google.de https://*.google.fr https://*.google.es https://*.google.it https://*.google.ru https://*.google.cn https://*.google.tg https://*.google.lv https://*.google.ba https://*.google.ae https://*.google.lk https://www.google.co.ma https://www.google.com.ng https://www.google.com.bd https://www.google.com.pk https://www.google.com.sa https://www.google.com.ph https://www.google.com.af https://www.google.com.kw https://www.google.com.gh https://www.google.ca https://www.google.ae https://www.google.nl https://www.google.fr https://www.google.de https://www.google.gr; 1
default-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://mycliplister.com  https://*.mycliplister.com  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.glami.cz  https://*.googleapis.com  https://*.lidl-shop.pl  https://*.lidl-sklep.pl  https://*.online-metrix.net  https://*.parcellab.com  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://analytics.google.com  https://awin1.com  https://cloud.news.lidl.pl  https://criteo.com  https://csr.onet.pl  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://ec.monplat-cdn.com  https://facebook.com  https://fonts.gstatic.com  https://glami.cz  https://hlserve.com  https://im9.cz  https://imedia.cz  https://lidl-shop.com  https://lidl-shop.pl  https://lidl-sklep.pl  https://ligadx.com  https://ligatus.com  https://login.dognet.pl  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pixel.wp.pl  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net  data:  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.glami.cz  https://*.lidl-shop.pl  https://*.lidl-sklep.pl  https://*.lidl.pl  https://*.online-metrix.net  https://*.tradedoubler.com  https://*.vrxs.de  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://balancechecks.tx-gate.com  https://cloud.news.lidl.pl  https://criteo.com  https://csr.onet.pl  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://facebook.com  https://glami.cz  https://hlserve.com  https://im9.cz  https://imedia.cz  https://lidl-shop.com  https://lidl-shop.pl  https://lidl-sklep.pl  https://ligadx.com  https://ligatus.com  https://login.dognet.pl  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net; img-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.mycliplister.com  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.googleadservices.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.creativecdn.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://c1.adform.net  https://ce.lijit.com  https://criteo-partners.tremorhub.com  https://*.teads.tv  https://dpm.demdex.net  https://e1.emxdgt.com  https://eb2.3lift.com  https://exchange.mediavine.com  https://hb.yahoo.net  https://id5-sync.com  https://jadserve.postrelease.com  https://matching.ivitrack.com  https://pixel.rubiconproject.com  https://*.casalemedia.com  https://sync-criteo.ads.yieldmo.com  https://sync.1rx.io  https://rt.udmserve.net  https://ssc-cms.33across.com  https://ads.yieldmo.com  https://s.seedtag.com  https://sync.go.sonobi.com  https://fast.nexx360.io  https://*.upe.schwarz  'unsafe-inline'  https://*.adscale.de  https://*.advertising.com  https://*.adyen.com  https://*.assets.lidl  https://*.criteo.com  https://*.criteo.net  https://*.demdex.net  https://*.demoup.com  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.glami.cz  https://*.googleapis.com  https://*.lidl-shop.cz  https://*.lidl-shop.pl  https://*.lidl-sklep.pl  https://*.lidl.pl  https://*.online-metrix.net  https://*.openx.net  https://*.parcellab.com  https://*.pubmatic.com  https://*.smartclip.net  https://*.stickyadstv.com  https://*.taboola.com  https://*.tradedoubler.com  https://*.twiago.com  https://*.xplosion.de  https://*.yahoo.com  https://*.yieldlab.net  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://analytics.google.com  https://awin1.com  https://cloud.news.lidl.pl  https://content.odj.cloud  https://contextual.media.net  https://criteo-sync.teads.tv  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://facebook.com  https://glami.cz  https://hlserve.com  https://i.liadm.com  https://im9.cz  https://imedia.cz  https://lh3.googleusercontent.com  https://lidl-shop.com  https://lidl-shop.pl  https://lidl-sklep.pl  https://lidl.pl  https://ligadx.com  https://ligatus.com  https://login.dognet.pl  https://m6r.eu  https://match.sharethrough.com  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pixel.wp.pl  https://play-lh.googleusercontent.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://sync.outbrain.com  https://t.semtrack.de  https://taboola.com  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://translate.google.com  https://twiago.com  https://visitor.omnitagjs.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net  data:; object-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.glami.cz  https://*.lidl-shop.pl  https://*.lidl-sklep.pl  https://*.online-metrix.net  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://cloud.news.lidl.pl  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://facebook.com  https://glami.cz  https://hlserve.com  https://im9.cz  https://imedia.cz  https://lidl-shop.com  https://lidl-shop.pl  https://lidl-sklep.pl  https://ligadx.com  https://ligatus.com  https://login.dognet.pl  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net; script-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.glami.cz  https://*.googleapis.com  https://*.lidl-shop.pl  https://*.lidl-sklep.pl  https://*.online-metrix.net  https://*.parcellab.com  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://adservice.google.de  https://advertising.com  https://awin1.com  https://cloud.news.lidl.pl  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://ec.monplat-cdn.com  https://facebook.com  https://glami.cz  https://hlserve.com  https://im9.cz  https://imedia.cz  https://lidl-shop.com  https://lidl-shop.pl  https://lidl-sklep.pl  https://ligadx.com  https://ligatus.com  https://login.dognet.pl  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pixel.wp.pl  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'  https://*.criteo.com  https://*.criteo.net  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.glami.cz  https://*.googleapis.com  https://*.lidl-shop.cz  https://*.lidl-shop.pl  https://*.lidl-sklep.pl  https://*.online-metrix.net  https://*.parcellab.com  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://cloud.news.lidl.pl  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://facebook.com  https://glami.cz  https://hlserve.com  https://im9.cz  https://imedia.cz  https://lidl-shop.com  https://lidl-shop.pl  https://lidl-sklep.pl  https://ligadx.com  https://ligatus.com  https://login.dognet.pl  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 1
default-src 'self'  blob:  data:  https:  https://*.assets.schwarz  https://*.doubleclick.net  https://*.discoverfy.io  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl.es  https://*.livebuy.io  https://*.medallia.eu  https://*.tradedoubler.com  https://*.youtube-nocookie.com  https://cdn.cookielaw.org  https://*.visualwebsiteoptimizer.com  https://app.vwo.com  https://chart.googleapis.com  data:  https://csp.cre.lidl-shop.com; frame-src https://*.doubleclick.net  https://*.discoverfy.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl.es  https://*.livebuy.io  https://*.medallia.eu  https://*.tradedoubler.com  https://*.youtube-nocookie.com  https://cdn.aplazame.com/  https://checkout.aplazame.com/  https://consentcdn.cookiebot.com/  https://creativecdn.com  https://*.creativecdn.com  https://form.lidl.com/  https://forms-prod.enc-test.de/  https://gum.criteo.com  https://sorteo.esdelidl.es  https://static.criteo.net  https://www.google.com  https://www.youtube.com  https://*.visualwebsiteoptimizer.com  https://app.vwo.com  https://chart.googleapis.com; img-src 'self'  data:  https:  https://*.assets.schwarz  https://*.doubleclick.net  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl.es  https://*.livebuy.io  https://*.medallia.eu  https://*.tradedoubler.com  https://cdn.cookielaw.org  https://*.visualwebsiteoptimizer.com  https://app.vwo.com  https://chart.googleapis.com  data:; object-src https://*.leaflets.schwarz  https://*.livebuy.io  https://*.tradedoubler.com  data:; script-src 'self'  'unsafe-eval'  'unsafe-inline'  blob:  https:  https://*.doubleclick.net  https://*.discoverfy.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl.es  https://*.livebuy.io  https://*.medallia.eu  https://*.tradedoubler.com  https://ajax.googleapis.com  https://c.searchhub.io  https://cdn.cookielaw.org  https://creativecdn.com  https://*.creativecdn.com  https://recommendations.lidl-shop.com  https://www.googletagmanager.com  https://www.youtube.com  https://*.visualwebsiteoptimizer.com  https://app.vwo.com  https://chart.googleapis.com  data:; style-src 'self'  'unsafe-inline'  https:  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl.es  https://*.medallia.eu  https://*.tradedoubler.com  https://*.visualwebsiteoptimizer.com  https://app.vwo.com  https://chart.googleapis.com; frame-ancestors 'self'  https://*.lidl.com  https://*.lidl.es  https://*.livebuy.io  https://beeem.co; report-uri https://csp.cre.lidl-shop.com/csp/report; 1
frame-ancestors http://docplanner-front-test.docplanner.com https://docplanner-front-test.docplanner.com *.doctoralia.com.br doctoraliaone-br2-candidate.azurewebsites.net 1
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'unsafe-inline' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com; img-src 'self' *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' 1
connect-src 'self' consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com data: blob: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; default-src 'self'; font-src 'self' data: fonts.gstatic.com https://*.hotjar.com; frame-src 'self' youtube.com www.youtube.com www.youtube-nocookie.com consentcdn.cookiebot.com *.google.com www.google.com/recaptcha recaptcha.google.com/recaptcha/; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: consent.cookiebot.com consentcdn.cookiebot.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com  www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://*.hotjar.com; style-src 'self' 'unsafe-inline' *.googletagmanager.com fonts.googleapis.com https://*.hotjar.com;; frame-ancestors 'self' ; 1
frame-ancestors 'self' http://signifyd.lookbookhq.com https://signifyd.lookbookhq.com http://signifyd.pathfactory.com https://signifyd.pathfactory.com http://resources.signifyd.com https://resources.signifyd.com https://www.signifyd.com 1
default-src 'self' https://*; connect-src 'self' https://* wss:; media-src 'self' https://* blob:; font-src 'self' https://* data:; img-src * data:; script-src https://* 'unsafe-inline' 'unsafe-eval'; style-src https://* 'unsafe-inline'; frame-src 'self' https://* mailto:; worker-src blob:; 1
script-src 'self' 'unsafe-eval' https://*.usajobs.gov/ https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://gateway.answerscloud.com https://dap.digitalgov.gov https://*.bing.com https://*.virtualearth.net https://cdn.ampproject.org https://go.usa.gov https://*.foresee.com https://device.4seeresults.com https://survey.answerscloud.com https://survey.foreseeresults.com https://*.fr011.ttecfed.com https://*.azure.com https://touchpoints.app.cloud.gov https://www.ssa.gov 'nonce-SimLwl/BPOHWmd1obpbSD3EPQhSF3VD9GUBJxlc2VJQ='; form-action 'self' * https://*.usajobs.gov/; object-src 'none'; frame-ancestors 'self'; frame-src 'self' *; img-src 'self' data: https://*.usajobs.gov/ https://*.usajobs.gov https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.bing.com https://*.virtualearth.net https://*.foresee.com https://touchpoints.app.cloud.gov https://*.fr011.ttecfed.com; connect-src https://*.usajobs.gov/ https://*.bing.com https://*.dev.virtualearth.net https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.foresee.com https://device.4seeresults.com https://survey.answerscloud.com https://survey.foreseeresults.com wss://hoover.foresee.com https://*.fr011.ttecfed.com https://dap.digitalgov.gov https://*.intelligencecareers.gov https://*.azure.com https://touchpoints.app.cloud.gov; font-src 'self' data: https://*.usajobs.gov/ https://cxsurvey.foresee.com2 https://gateway.foresee.com https://*.fr011.ttecfed.com https://touchpoints.app.cloud.gov; upgrade-insecure-requests 1
default-src 'none'; img-src 'self' data: https://admin.media.liu.se https://post-image.getflowbox.com https://storage.gra.cloud.ovh.net https://www.liu.se https://liu.diva-portal.org https://www2.bibl.liu.se https://i.ytimg.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://syndication.twitter.com https://d2rfa446ja7yzb.cloudfront.net; connect-src 'self' wss://ebbot.eu https://ebbot.eu https://storage.gra.cloud.ovh.net https://search.liu.se https://webstat.liu.se https://www2.bibl.liu.se https://chat-eu.libanswers.com https://vod-progressive.akamaized.net https://cicptqmkej.execute-api.eu-west-1.amazonaws.com https://9mn3sm7015.execute-api.eu-west-1.amazonaws.com https://a.getflowbox.com https://gateway.getflowbox.com https://powerva.microsoft.com https://75ef70113386e45c814f199b22604d.53.environment.api.powerplatform.com https://54bd0db7f610ef1ab766eb3adc3e4e.4d.environment.api.powerplatform.com wss://54bd0db7f610ef1ab766eb3adc3e4e.4d.environment.api.powerplatform.com https://directline.botframework.com wss://directline.botframework.com; frame-ancestors 'self' ; script-src 'self' https://storage.gra.cloud.ovh.net https://www.liu.se https://webstat.liu.se https://www2.bibl.liu.se https://liu-se.libanswers.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.google.com https://www.gstatic.com https://connect.getflowbox.com https://gateway.getflowbox.com https://www.youtube.com https://cdn.botframework.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://storage.gra.cloud.ovh.net https://www.liu.se https://www2.bibl.liu.se https://platform.twitter.com; frame-src 'self' https://www2.bibl.liu.se https://api.screen9.com https://liu-se.libanswers.com https://admin.media.liu.se https://vimeo.com https://player.vimeo.com https://embed.ur.se https://www.youtube.com https://www.podbean.com https://platform.twitter.com https://syndication.twitter.com https://www.google.com; form-action 'self' https://search.liu.se https://marketing.studentrecruitment.liu.se *.ebscohost.com publications.ebsco.com libris.kb.se *.diva-portal.org search.scifree.se; font-src 'self' https://storage.gra.cloud.ovh.net; media-src 'self' https://admin.media.liu.se https://player.vimeo.com https://*.akamaized.net https://cdn.flbx.io; base-uri 'none' 1
frame-ancestors https://apuestas.wplay.co https://m.wplay.co https://www.wplay.co 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-YTlmNTZmMGIwMTUyNDBjMWExMzE5MGZkY2E0OTY3MTY=' https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rijksoverheid.nl; font-src 'self' https://statistiek.rijksoverheid.nl; object-src 'none'; connect-src https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl; img-src 'self' data: https://d3oiud1b8fohdw.cloudfront.net https://statistiek.rijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.toegankelijkheidsverklaring.nl; media-src 'self' https://*.rovid.nl https://*.rijksoverheidsvideo.nl; form-action 'self' https://export.highcharts.com https://*.contenttoolsrijksoverheid.nl https://*.rijksoverheid.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
script-src 'nonce-2IsNmb2ZmaU4us4jmccD1w' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/googleorg; base-uri 'none' 1
default-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://mycliplister.com  https://*.mycliplister.com  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.criteo.com  https://*.criteo.net  https://*.adyen.com  https://*.demoup.com  https://www.dwin1.com  data:  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://*.demoup.com; img-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.mycliplister.com  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.googleadservices.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.creativecdn.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://c1.adform.net  https://ce.lijit.com  https://criteo-partners.tremorhub.com  https://*.teads.tv  https://dpm.demdex.net  https://e1.emxdgt.com  https://eb2.3lift.com  https://exchange.mediavine.com  https://hb.yahoo.net  https://id5-sync.com  https://jadserve.postrelease.com  https://matching.ivitrack.com  https://pixel.rubiconproject.com  https://*.casalemedia.com  https://sync-criteo.ads.yieldmo.com  https://sync.1rx.io  https://rt.udmserve.net  https://ssc-cms.33across.com  https://ads.yieldmo.com  https://s.seedtag.com  https://sync.go.sonobi.com  https://fast.nexx360.io  https://*.upe.schwarz  'unsafe-inline'  https://*.adnxs.com  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.doubleclick.net  https://*.rubiconproject.com  https://*.taboola.com  https://*.teads.tv  https://lantern.roeye.com  https://www.lidl.fr  data:; object-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'; script-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.criteo.com  https://*.criteo.net  https://*.adyen.com  https://*.demoup.com  https://lantern.roeyecdn.com  https://www.dwin1.com; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 1
script-src 'nonce-2MdK8rEez6PB4sQG9tJONrnaDFv/ERhQeXsO5MD9TLM=' 'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' https: http:; object-src 'self'; 1
default-src data: blob: 'self' 'unsafe-inline' 'unsafe-eval' *.iliad.it osm.proxad.net acsbapp.com *.acsbapp.com *.googleapis.com www.googletagmanager.com fonts.gstatic.com maps.gstatic.com connect.facebook.net www.googleadservices.com www.facebook.com googleads.g.doubleclick.net www.google.com www.google.fr www.youtube.com aax-eu.amazon-adsystem.com *.adform.net *.outbrain.com creativecdn.com libjs.s4mdsp.com  evt.s4mdsp.com tracking.lqm.io app.contentsquare.com *.contentsquare.net www.gstatic.com c.amazon-adsystem.com 1
base-uri 'self'; form-action 'self'; object-src 'none'; frame-ancestors 'self'; script-src 'strict-dynamic' 'nonce-LoFCSFo99wgbQu4ikgaV8oIDSZY9nXYL';upgrade-insecure-requests; 1
connect-src 'self' 'unsafe-inline' https://*.google-analytics.com http://*.orange.mg https://www.google-analytics.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.twimg.com  https://*.twitter.com https://*.google-analytics.com  http://*.orange.mg https://*.orange.mg https://www.google-analytics.com https://*.facebook.com https://connect.facebook.net https://www.googletagmanager.com; img-src 'self' data:  https://*.twitter.com https://*.twimg.com  http://www.orange.mg  https://www.googletagmanager.com https://www.google-analytics.com https://*.facebook.com http://*.facebook.com ; style-src 'self' 'unsafe-inline' https://*.cloudflare.com https://*.twitter.com https://*.googleapis.com; font-src 'self' https://*.gstatic.com https://*.cloudflare.com ; child-src *; object-src 'none' 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com www.tjk-njk.com *.xnxx20.com *.exoclick.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.xnxx20.com *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.xnxx20.com/csp-reports; report-to csp-endpoint 1
default-src 'self' https://prod-web-plugins.s3.amazonaws.com https://cdn01.sura.net.pe; img-src 'self' blob: data: https://prod-web-plugins.s3.amazonaws.com https://www.google.com.pe https://liveness-web.toc.ai https://www.googletagmanager.com https://cdn01.sura.net.pe https://www.facebook.com https://www.google-analytics.com https://www.google.com.co https://*.google.com https://www.afpintegra.pe https://*.teads.tv https://cnv.leadsglobal.com https://leadsglobal.go2cloud.org https://fonts.gstatic.com https://px.ads.linkedin.com https://*.hotjar.com https://dev.visualwebsiteoptimizer.com; script-src 'self' https://prod-web-plugins.s3.amazonaws.com https://prod-liveness.tocws.com https://cdnjs.cloudflare.com https://liveness-web.toc.ai https://cdn.jsdelivr.net https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://optimize.google.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn01.sura.net.pe https://a2.adform.net https://p.teads.tv https://snap.licdn.com https://apps.usw2.pure.cloud https://d2p6t0n5dix9gn.cloudfront.net https://pagead2.googlesyndication.com https://*.hotjar.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://liveness-web.toc.ai https://prod-web-plugins.s3.amazonaws.com https://cdnjs.cloudflare.com https://*.google.com https://fonts.googleapis.com https://cdn01.sura.net.pe https://www.gstatic.com https://www.googletagmanager.com https://*.hotjar.com; font-src https://cdnjs.cloudflare.com https://*.hotjar.com https://fonts.gstatic.com https://cdn01.sura.net.pe; connect-src 'self' https://prod-liveness.tocws.com https://pagead2.googlesyndication.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io wss://prod-liveness.toc.ai wss://prod-liveness.tocws.com wss://prod-liveness-ms.tocws.com https://prod-liveness.toc.ai https://liveness-web.toc.ai https://prod-api.7oc.cl https://www.afpintegra.pe https://www.google-analytics.com https://*.g.doubleclick.net https://api.canalesremotos.afpintegra.pe https://*.cercania.afpintegra.pe wss://*.amazonaws.com https://*.amazonaws.com https://cdn01.sura.net.pe https://cdn.linkedin.oribi.io https://gtmserver.afpintegra.pe https://*.teads.tv https://cnv.leadsglobal.com https://leadsglobal.go2cloud.org https://analytics.google.com https://customsearch.googleapis.com https://www.google.com https://px.ads.linkedin.com https://*.usw2.pure.cloud https://d2p6t0n5dix9gn.cloudfront.net wss://webmessaging.usw2.pure.cloud https://dev.visualwebsiteoptimizer.com; frame-src data: 'unsafe-inline' 'self' blob: https://*.doubleclick.net https://*.teads.tv https://*.hotjar.com https://cdn01.sura.net.pe https://www.youtube.com https://www.afpintegra.pe https://www2.sbs.gob.pe https://cognito-idp.us-west-2.amazonaws.com https://api.cercania.afpintegra.pe https://afiliacion.api.cercania.afpintegra.pe https://www.google.com https://optimize.google.com https://irene-chatbot.sura.net.pe https://sura-integra-webapps.s3.us-west-2.amazonaws.com https://dyo3z5271kl7e.cloudfront.net https://apps.usw2.pure.cloud; object-src * blob: https://www.afpintegra.pe; 1
upgrade-insecure-requests ; frame-src 'self' *.algolia.com *.js.driftt.com *.pendo.io app-ab39.marketo.com codesandbox.io js.driftt.com res.cloudinary.com vars.hotjar.com www.facebook.com www.welcometothejungle.com www.youtube-nocookie.com www.youtube.com calendly.com play.vidyard.com *.codesandbox.io *.arcade.software s.company-target.com x.adroll.com ; frame-ancestors 'self' algolia.sitespect.com *.algolia.com 1
frame-ancestors https://*.dnevnik.hr https://beta-showbuzz.dnevnik.hr https://dnevnik.hr 1
default-src https: wss://floatbot.ai *.gstatic.com *.googleapis.com data: https://*.zscalerthree.net 'self' https://www.google-analytics.com https://fonts.gstatic.com https://floatbot.ai https://cdn.jsdelivr.net; script-src https://*.zscalerthree.net https://offerswidget.visa.com https://apis.mapmyindia.com https://www.mappls.com 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://www.googleadservices.com *.googleapis.com https://floatbot.ai *.gstatic.com www.google.com *.google-analytics.com apis.google.com https://www.googletagmanager.com https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' * https://cdn.jsdelivr.net *.googleapis.com *.gstatic.com www.google.com ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://unpkg.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://cdn.amcharts.com https://code.responsivevoice.org; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://unpkg.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; img-src 'self' data:; connect-src 'self'; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; media-src 'self' data:; upgrade-insecure-requests; block-all-mixed-content; frame-src 'self' https://www.google.com/; report-uri /csp-report-endpoint; 1
default-src 'self' data: https://*.pcdn.co http://*.pcdn.co https://www.google-analytics.com https://www.googletagmanager.com http://www.googleadservices.com https://*.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.gstatic.com https://b.delivery.consentmanager.net/delivery/ https://cdn.consentmanager.net/ http://cdn.consentmanager.net/ https://*.privacyrequest.net https://privacyrequest.net 'unsafe-inline'; 1
default-src https: data:; img-src https: 'unsafe-inline' data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; upgrade-insecure-requests 1
default-src https: wss: blob: 'self' *.demandbase.com *.evergage.com foxit.us-6.evergage.com; img-src 'self' data: www.google.com www.google-analytics.com optimize.google.com www.googletagmanager.com *.stripe.com *.clarity.ms tribl.io px.ads.linkedin.com www.linkedin.com cc.swiftype.com *.bing.com images.g2crowd.com *.g2.com *.outbrain.com *.adroll.com alb.reddit.com 11145320.fls.doubleclick.net www.facebook.com sealserver.trustwave.com i.imgur.com *.checkout.visa.com *.mastercard.com *.discovercard.com *.discover.com *.online-metrix.net q.quora.com d.adroll.com accounts.zendesk.com hero.kingpinkton.com ct.capterra.com tracking.g2crowd.com aorta.clickagy.com googleads.g.doubleclick.net srv.stackadapt.com pixel-sync.sitescout.com id.rlcdn.com *.gravatar.com secure.gravatar.com *.paypal.com www.google.com.hk www.google.com.tw segments.company-target.com tags.srv.stackadapt.com dev.visualwebsiteoptimizer.com cdn-cookieyes.com *.visualwebsiteoptimizer.com app.vwo.com chart.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com static.cloudflareinsights.com kit.fontawesome.com www.google.com www.googletagmanager.com *.googleadservices.com www.google-analytics.com www.googleanalytics.com www.googleoptimize.com optimize.google.com googleads.g.doubleclick.net static.addtoany.com platform.twitter.com pi.pardot.com static.hotjar.com script.hotjar.com bat.bing.com s.swiftypecdn.com go.foxitinfo.com widget.trustpilot.com amplify.outbrain.com tr.outbrain.com q.quora.com 11145320.fls.doubleclick.net c.sf-syn.com scout-cdn.salesloft.com static.zdassets.com api.smooch.io widget-mediator.zopim.com tracking.g2crowd.com tags.srv.stackadapt.com *.zoominfo.com *.chilipiper.com www.redditstatic.com d.adroll.mgr.consensu.org d.adroll.com s.adroll.com snap.licdn.com connect.facebook.net static.ads-twitter.com sealserver.trustwave.com *.clarity.ms tribl.io *.stripe.com m.stripe.network *.paypal.com *.checkout.visa.com *.mastercard.com *.discovercard.com *.discover.com h.online-metrix.net www.aexp-static.com www.paypalobjects.com www.youtube.com villain.kingpinkton.com hero.kingpinkton.com unpkg.com *.cloudfront.net tags.clickagy.com public.profitwell.com *.demandbase.com apis.google.com www.google.com.hk js.driftt.com t.usermaven.com *.doubleclick.net google.com.tw paapi8916.d41.co cdn-0.d41.co a.quora.com *.rlcdn.com *.d41.co *.recaptcha.net *.gstatic.com cdn.evgnet.com *.company-target.com foxit.us-6.evergage.com *.evergage.com dev.visualwebsiteoptimizer.com cdn-cookieyes.com *.visualwebsiteoptimizer.com app.vwo.com *.gstatic.cn *.amazon-adsystem.com www.foxit.com; style-src 'self' 'unsafe-inline' https: www.google-analytics.com www.googletagmanager.com optimize.google.com s.swiftypecdn.com fonts.googleapis.com *.cloudflare.com tags.srv.stackadapt.com *.demandbase.com foxit.us-6.evergage.com *.visualwebsiteoptimizer.com app.vwo.com www.foxit.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com ka-f.fontawesome.com script.hotjar.com foxit.us-6.evergage.com; object-src 'self' *.foxitsoftware.com; worker-src 'unsafe-inline' 'self' blob:; 1
frame-ancestors 'self' https://*.taz.de https://taz.de https://www.tazlablive.de/ 1
block-all-mixed-content; script-src 'nonce-8q7JNrT_0Ki1bRWw8qU5CQ==' 'strict-dynamic'; style-src 'nonce-8q7JNrT_0Ki1bRWw8qU5CQ==' 1
frame-ancestors 'self' *.intuit.com; 1
frame-ancestors 'self' https://*.erp.tu-dresden.de:* https://piwik.mz.tu-dresden.de https://matomo.tu-dresden.de 1
base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.pdx-2.pipedriveassets.com cdn.segment.com *.pipedrive.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com snippet.growsumo.com cdn.cookielaw.org geolocation.onetrust.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com connect.facebook.net *.hotjar.com *.outbrain.com www.redditstatic.com www.youtube.com play.vidyard.com *.doubleclick.net *.taboola.com app.livestorm.co www.googleadservices.com static.ads-twitter.com https://*.browser-intake-datadoghq.com www-cms.pipedriveassets.com bat.bing.com *.quora.com js.grsm.io analytics.tiktok.com c.amazon-adsystem.com vitals.vercel-insights.com a.omappapi.com googleadservices.com tpc.googlesyndication.com analytics.twitter.com; style-src 'self' 'unsafe-inline' cdn.pdx-2.pipedriveassets.com fonts.googleapis.com www.googletagmanager.com www-cms.pipedriveassets.com a.omappapi.com; frame-src cdn.pdx-2.pipedriveassets.com *.cdn.optimizely.com *.cdn-pci.optimizely.com www.facebook.com www.youtube.com www.youtube-nocookie.com www.google.com play.vidyard.com *.doubleclick.net app.livestorm.co tpc.googlesyndication.com airtable.com webforms.pipedrive.com s.amazon-adsystem.com *.hotjar.com; img-src 'self' data: https://*; object-src 'none'; worker-src 'self' blob:;; report-uri https://www.pipedrive.com/api/csp-reports 1
frame-ancestors s.syzs.qq.com webapp.gameloop.com *.nimo.tv; report-uri https://csp.nimo.tv/csp?sentry_id=160&sentry_key=da306e6f5c0246cebb17c067f24a8795 1
default-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src *; 1
default-src 'self' *.lexmark.com lexmark.122.2o7.net activitymap.adobe.com assets.adobedtm.com documentservices.adobe.com viewlicense.adobe.io bat.bing.com *.addressy.com *.braintree-api.com *.braintreegateway.com *.cardinalcommerce.com api.cloudinary.com res.cloudinary.com *.powerreviews.com mpsnare.iesnare.com s.amazon-adsystem.com s3.amazonaws.com s3.eu-central-1.amazonaws.com *.boldchat.com ipinfo.io maxcdn.bootstrapcdn.com *.channeladvisor.com dpm.demdex.net lexmark.demdex.net *.digitalriver.com *.doubleclick.net *.eloqua.com img.en25.com cm.everesttech.net www.facebook.com connect.facebook.net google.com www.google.com *.google-analytics.com adservice.google.com analytics.google.com www.googleadservices.com www.googletagmanager.com maps.googleapis.com ajax.googleapis.com www.gstatic.com ssl.p.jwpcdn.com jwpltx.com snap.licdn.com www.linkedin.com *.mgid.com oc-cdn-ocprod.azureedge.net *.omnichannelengagementhub.com *.omtrdc.net *.outbrain.com *.salesloft.com *.srv.stackadapt.com *.taboola.com tribl.io lexmark.verifyit.us *.pagead2.googlesyndication.com pagead2.googlesyndication.com *.paypal.com 'unsafe-eval' 'unsafe-inline';       font-src 'self' *.lexmark.com maxcdn.bootstrapcdn.com fonts.gstatic.com;       style-src 'self' *.lexmark.com maxcdn.bootstrapcdn.com oc-cdn-ocprod.azureedge.net ui.powerreviews.com fonts.googleapis.com tags.srv.stackadapt.com 'unsafe-inline';       img-src 'self' https: data:;       object-src 'none';       form-action 'self' *;       frame-ancestors 'self' https://oc-cdn-ocprod.azureedge.net https://lexmark.center-suite.com https://lexmark.hub.nexuscenter.io;       frame-src *;       upgrade-insecure-requests;       report-uri /bin/lexmark/csp-report;       report-to lxk-report 1
default-src 'self'; script-src 'self' https://contentassistant.eu.siteimprove.com https://piwik.mw.uni-freiburg.de https://*.google.com https://siteimproveanalytics.com https://cdn.siteimprove.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.siteimprove.com https://*.siteimproveanalytics.io https://piwik.mw.uni-freiburg.de; img-src 'self' data:  https://public.tableau.com https://*.w.org https://*.uni-freiburg.de https://*.google.com https://*.googleapis.com https://*.siteimproveanalytics.io; style-src 'self' https://*.google.com  https://piwik.mw.uni-freiburg.de 'unsafe-inline'; font-src 'self' https://piwik.mw.uni-freiburg.de data:; base-uri 'self' https://piwik.mw.uni-freiburg.de/central/; frame-ancestors 'self' https://bz-medien.expo-ip.com/; frame-src 'self' https://my2.siteimprove.com https://piwik.mw.uni-freiburg.de https://videoportal.uni-freiburg.de https://*.google.com; form-action 'self'; block-all-mixed-content 1
frame-ancestors 'self' http://*.schwab.com https://*.schwab.com https://tags.tiqcdn.com https://static.ads-twitter.com https://t.co https://di.rlcdn.com https://connect.facebook.net https://www.facebook.com https://d.agkn.com https://2530996.fls.doubleclick.net https://sb.scorecardresearch.com https://www.googletagmanager.com https://s.yimg.com https://sp.analytics.yahoo.com https://px.airpr.com https://dpx.airpr.com https://secure.adnxs.com https://schwab.demdex.net https://googleads.g.doubleclick.net https://adservice.google.com https://schwab.tt.omtrdc.net https://smetric.schwab.com https://content.schwab.com https://client.schwab.com https://lms.schwab.com https://www.schwabcdn.com https://*.schwabinstitutional.com https://*.dev-schwab.acsitefactory.com https://*.test-schwab.acsitefactory.com https://*.train-schwab.acsitefactory.com https://*.schwab.acsitefactory.com https://*.schwab.co.uk https://*.schwab.com.hk https://*.schwab.com.sg https://*.schwab.com.au https://*.schwabcharitable.org https://*.schwabmoneywise.com; report-uri /report-csp-violation 1
frame-src 'self' https://match.adsrvr.org/ https://x.adroll.com/ https://www.votervoice.net/ https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://go.earnin.com https://privacyportal.onetrust.com https://www.googletagmanager.com https://a12093810619.cdn.optimizely.com https://td.doubleclick.net https://insight.adsrvr.org; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' mattermost.com *.mattermost.com d30ia583fbtg8i.cloudfront.net snap.licdn.com www.redditstatic.com bat.bing.com connect.facebook.net pubads.g.doubleclick.net www.trustradius.com use.typekit.net fonts.gstatic.com fast.wistia.com fast.wistia.net embed-cloudfront.wistia.com distillery.wistia.com pipedream.wistia.com dudodiprj2sv7.cloudfront.net cdn.cookielaw.org geolocation.onetrust.com api.lever.co *.algolia.net *.algolianet.com www.googletagmanager.com *.googlesyndication.com *.googleapis.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat googleads.g.doubleclick.net analytics.google.com www.google-analytics.com stats.g.doubleclick.net platform.twitter.com static.ads-twitter.com munchkin.marketo.net *.mktoutil.com tag.demandbase.com d20519brkbo4nz.cloudfront.net tag.clearbitscripts.com api-preview.luckyorange.com wss://realtime.luckyorange.com settings.luckyorange.com tools.luckyorange.com api.company-target.com 161-fbe-733.mktoresp.com app.clearbit.com reveal.clearbit.com x.clearbitjs.com wss://in.visitors.live in.visitors.live client-registry.mutinycdn.com px.ads.linkedin.com *.reddit.com cdn.rudderlabs.com api-v2.mutinyhq.io api.rudderlabs.com pdat.matterlytics.com segments.company-target.com; style-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' mattermost.com *.mattermost.com d30ia583fbtg8i.cloudfront.net snap.licdn.com www.redditstatic.com bat.bing.com connect.facebook.net pubads.g.doubleclick.net www.trustradius.com use.typekit.net p.typekit.net fonts.googleapis.com www.googletagmanager.com; img-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' mattermost.com *.mattermost.com d30ia583fbtg8i.cloudfront.net snap.licdn.com www.redditstatic.com bat.bing.com connect.facebook.net pubads.g.doubleclick.net media.trustradius.com secure.gravatar.com fast.wistia.com embed-ssl.wistia.com cdn.cookielaw.org www.googletagmanager.com fonts.gstatic.com user-images.githubusercontent.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat t.co analytics.twitter.com id.rlcdn.com alb.reddit.com *.linkedin.com px.ads.linkedin.com px4.ads.linkedin.com segments.company-target.com www.facebook.com; frame-src mattermost.com *.mattermost.com d30ia583fbtg8i.cloudfront.net snap.licdn.com www.redditstatic.com bat.bing.com connect.facebook.net pubads.g.doubleclick.net fast.wistia.net forms.mattermost.com capture.navattic.com *.productboard.com *.youtube.com s.company-target.com td.doubleclick.net *.facebook.com; 1
frame-ancestors 'self' localhost *.teamwork.com *.teamworkpm.net *.helpdocsite.com teams.microsoft.com *.teams.microsoft.com *.skype.com teamworkintegrations.ngrok.io *.us.teamworkops.com teams.cloud.microsoft outlook.cloud.microsoft m365.cloud.microsoft app.hubspot.com app-eu1.hubspot.com; 1
default-src 'self' blob: *.wistia.com/ https://embedwistia-a.akamaihd.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googleadservices.com/ https://ss-consent-or.trustarc.com/ https://googleads.g.doubleclick.net/ https://assets.bugcrowdusercontent.com/ https://bugcrowd.com/ https://j.6sc.co/ https://static.addtoany.com/ https://cdn.shortpixel.ai/ https://ml6scwx5agca.i.optimole.com/ https://consent.trustarc.com/ https://fast.wistia.net/ https://fast.wistia.com/ *.adroll.com/ *.geocomply.net/ *.geocomply.com/ https://analytics.twitter.com/ https://static.ads-twitter.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://www.google-analytics.com/ https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://ajax.googleapis.com/ https://snap.licdn.com/ https://pi.pardot.com/ https://tracking.g2crowd.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://copytocdn.s3.amazonaws.com/ https://ss-consent-or.trustarc.com/ https://www.google.com/ https://localhost:* https://www.google.de/ https://no-cdn.shortpixel.ai/ *.linkedin.com/ https://p.adsymptotic.com/ https://www.google.com.ua/ https://b.6sc.co/ https://cdn.shortpixel.ai/ https://ml6scwx5agca.i.optimole.com/ *.wistia.com/ https://consent-pref.trustarc.com/ https://consent.truste.com/ https://consent.trustarc.com/ https://fast.wistia.net/ https://ups.analytics.yahoo.com/ *.geocomply.com/ *.geocomply.net/ https://analytics.twitter.com/i/ https://www.google.pl/ https://www.google.ca/ https://www.linkedin.com/px/ https://google.com.ua/ https://t.co/ https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://ajax.googleapis.com/ https://www.google-analytics.com/ https://www.google.com/ads/ https://px.ads.linkedin.com/ data:; style-src 'self' 'unsafe-inline' https://fast.wistia.com/ https://fast.wistia.net/ *.geocomply.com/ https://fonts.googleapis.com https://assets.zendesk.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://ajax.googleapis.com/; font-src 'self' https://ss-consent-or.trustarc.com/ https://fast.wistia.com/ https://consent.trustarc.com/ https://fast.wistia.net/ *.geocomply.com/ https://themes.googleusercontent.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://ajax.googleapis.com/ https://fonts.gstatic.com/ data:; frame-src 'self' https://td.doubleclick.net/ https://bugcrowd.com/ https://static.addtoany.com/ https://consent-pref.trustarc.com/ https://fast.wistia.net/embed/ https://applications.zoom.us/ *.geocomply.com/ https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://ajax.googleapis.com/ https://www.youtube.com/ https://www.google.com/;  frame-ancestors 'self' https://applications.zoom.us/; connect-src 'self' https://pagead2.googlesyndication.com/ https://ss-consent-or.trustarc.com/ https://consent.trustarc.com/ https://www.g2.com/ https://www.g2.com/ https://consent-reporting.trustarc.com/ https://consent-pref.trustarc.com/ https://www.google.de/ https://epsilon.6sense.com/ https://cdn.linkedin.oribi.io/ https://secure.adnxs.com/ https://c.6sc.co/ https://ipv6.6sc.co/ https://www.google.com.ua/ https://www.google.pl https://stats.g.doubleclick.net/ https://fg8vvsvnieiv3ej16jby.litix.io/ https://analytics.google.com/ *.analytics.google.com/ https://embedwistia-a.akamaihd.net/ *.wistia.com/ https://fast.wistia.net/ *.geocomply.com/ *.geocomply.net/ https://www.google-analytics.com/ wss.plc-gc.com:* wss://wss.plc-gc.com:*; object-src 'self' 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; img-src 'self' data: 'unsafe-inline' https: 'unsafe-eval' 'unsafe-inline'; 1
frame-ancestors 'self' https://*.fresha.com https://*.adyen.com 1
frame-ancestors 'self' https://static1.lacoste.com https://*.omni.manh.com https://*.sharinpix.com 1
default-src * data: *; frame-ancestors 'self' *.salarynet.local:* *.salary.com trustmineral.com/ *.trustmineral.com *; font-src * data: *; img-src 'self' data: * about: blob: *; worker-src *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; media-src 'self' blob: *; 1
frame-ancestors 'self' https://h5.mall.sunmi.com https://mall.sunmi.com 1
default-src 'self' api.balena-cloud.com; script-src 'self' 'unsafe-eval' 'nonce-balena-inline-config' *.gstatic.com *.googleapis.com *.google.com *.google-analytics.com *.cloudfront.net cdn.mxpnl.com js.intercomcdn.com widget.intercom.io cdn.statuspage.io/se-v2.js js.recurly.com js.stripe.com; connect-src 'self' api.balena-cloud.com builder.balena-cloud.com data.balena-cloud.com webresources.balena-cloud.com actions.balena-devices.com terminal.balena-devices.com wss://terminal.balena-devices.com *.sentry.io sentry.io app.getsentry.com raw.githubusercontent.com api.github.com maps.googleapis.com api.recurly.com api.stripe.com www.google-analytics.com *.intercom.io wss://*.intercom.io uploads.intercomcdn.com *.statuspage.io *.algolia.net; frame-src 'self' api.recurly.com js.stripe.com hooks.stripe.com www.google.com; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com; img-src 'self' data: raw.githubusercontent.com files.balena-cloud.com webresources.balena-cloud.com *.gstatic.com *.googleapis.com *.google-analytics.com *.intercomcdn.com *.intercomassets.com stats.g.doubleclick.net *.gravatar.com; media-src *.intercomcdn.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com js.intercomcdn.com; report-uri https://api.balena-cloud.com/csp-report; object-src 'none'; base-uri 'self' 1
default-src 'self';base-uri 'none';child-src 'none';script-src 'self' ;script-src-elem 'self' 'unsafe-inline' blob: https://snyk.io https://*.snyk.io https://*.netlify.app https://*.dev.snyk.io https://*.usercentrics.eu cdn.segment.com bat.bing.com https://*.6sense.com https://*.6sc.co https://linkedin.com https://*.linkedin.com www.google.com www.google-analytics.com *.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net https://*.doubleclick.net/ ssl.google-analytics.com https://www.gstatic.com https://widget.intercom.io https://js.intercomcdn.com https://assets.trendemon.com https://trackingapi.trendemon.com 479-bcc-915.mktoweb.com munchkin.marketo.net https://platform.twitter.com fast.wistia.com www.gartner.com https://cdnjs.cloudflare.com https://connect.facebook.net https://snap.licdn.com https://*.vercel-scripts.com https://vercel.live/ https://netlify-cdp-loader.netlify.app https://js.zi-scripts.com https://schema.milestoneinternet.com https://tracking.intentsify.io;connect-src 'self'  https://*.snyk.io https://*.dev.snyk.io https://*.usercentrics.eu https://677-thp-415.mktoresp.com *.segment.com *.segment.io https://res.cloudinary.com https://bat.bing.com https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com fast.wistia.com https://embed-cloudfront.wistia.com https://distillery.wistia.com https://boards-api.greenhouse.io https://secure.adnxs.com https://cdn.linkedin.oribi.io https://*.6sense.com https://*.6sc.co https://linkedin.com https://*.linkedin.com https://storage.googleapis.com https://*.googlesyndication.com https://js.zi-scripts.com https://*.zoominfo.com https://vercel.live/ https://ingesteer.services-prod.nsvcs.net https://677-thp-415.mktoutil.com https://schema.milestoneinternet.com;style-src 'self' 'unsafe-inline' 479-bcc-915.mktoweb.com *.snyk.io www.gartner.com cdn.segment.io fonts.googleapis.com;img-src 'self' data: https://res.cloudinary.com https://*.usercentrics.eu https://bat.bing.com https://*.6sense.com https://*.6sc.co https://linkedin.com https://*.linkedin.com https://static.intercomassets.com https://*.intercomcdn.com https://messenger-apps.intercom.io www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net www.google.com www.google.co.uk www.googletagmanager.com https://*.trendemon.com https://img.youtube.com https://i.ytimg.com fast.wistia.com https://syndication.twitter.com https://embed-ssl.wistia.com www.gartner.com https://reviews.static.gartner.com https://www.linkedin.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.facebook.com;frame-src 'self' *.snyk.io https://res.cloudinary.com 479-bcc-915.mktoweb.com bid.g.doubleclick.net *.doubleclick.net www.google.com www.youtube.com https://*.6sense.com https://*.6sc.co https://linkedin.com https://*.linkedin.com https://i.ytimg.com https://platform.twitter.com www.gartner.com https://www.facebook.com https://app.netlify.com https://player.simplecast.com https://app.usercentrics.eu https://vercel.live/ play.vidyard.com/;form-action 'self' https://www.facebook.com;frame-ancestors 'self' https://resources.snyk.io https://app.contentful.com https://www.linkedin.com;font-src 'self' data: fast.wistia.com www.gartner.com https://fonts.intercomcdn.com;media-src 'self' blob: https://res.cloudinary.com https://js.intercomcdn.com;worker-src 'self' blob:;manifest-src 'self';object-src https://res.cloudinary.com; 1
upgrade-insecure-requests; object-src 'none'; frame-ancestors 'self' partners.securiti.ai 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: wss: *.ameriprise.com *.ampf.com *.ameripriseadvisors.com  *.qualtrics.com *.glance.net  *.googleapis.com  *.google.com *.twitter.com *.twimg.com *.linkedin.com *.quantserve.com *.google-analytics.com *.egain.cloud *.analytics-egain.com *.akamaihd.net *.prod.boltdns.net https://ssl.google-analytics.com https://snap.licdn.com  https://bat.bing.com https://connect.facebook.net trkn.us s.ameriprisestats.com https://assets.adobedtm.com  https://rules.quantcount.com  https://maxcdn.bootstrapcdn.com https://trkn.us https://d.turn.com  *.doubleclick.net  https://s.ameriprisestats.com secure.img-cdn.mediaplex.com https://cdn.ameriprisecontent.com https://maps.googleapis.com *.zscalertwo.net *.online-metrix.net *.gstatic.com *.pietech.com/ https://www.refinitiv.com/  https://maps.google.com https://awm-app-aitt.ampf.com https://www.dinkytown.net http://www.sipc.org/ https://www.riversource.com/ *.investormailbox.com/  https://www.forefieldkt.com https://4266532.fls.doubleclick.net https://advisorcompass.112.2o7.net  https://fonts.googleapis.com https://uat-federation.usbank.com https://www.google.com https://pixel.quantserve.com  http://www.opinionlab.com  https://www.googletagmanager.com https://www.thompsonreuters.com https://stackoverflow.com https://brokerage.ameriprise.com https://www.quovo.com/  http://www.advicentsolutions.com/aup https://www.nmlsconsumeraccess.org/ https://www.fdic.gov/ https://newpublic.cfraresearch.com/legal/   https://secure.opinionlab.com http://brokercheck.finra.org/  http://www.prnewswire.com http://pdf.reuters.com http://www.jenner.com http://www.bankofengland.co.uk/PRA/ http://www.zillow.com/zestimate/ *.barclaycardus.com  16056.id.amgdgt.com/  http://www.moneyguidepro.com/ https://platform.twitter.com https://apis.google.com http://videojs.com https://web-2-tel.com https://px.ads.linkedin.com    https://www.linkedin.com https://p.adsymptotic.com  https://dpm.demdex.net  https://googleads.g.doubleclick.net https://www.googleadservices.com https://cm.everesttech.net https://ad.doubleclick.net https://www.facebook.com https://cdn.syndication.twimg.com https://ameriprisefinancial.demdex.net https://gateway.zscalertwo.net *.advisorcompass.com  https://login.zscalertwo.net https://ocs.ameriprise.com https://h.online-metrix.net *.d.aa.online-metrix.net *.ggpht.com https://edge.api.brightcove.com *.brightcovecdn.com *.crwdcntrl.net https://cdn.gbqofs.com *.brightcove.net https://insight.adsrvr.org https://tags.w55c.net https://vjs.zencdn.net  https://metrics.brightcove.com  https://secure.brightcove.com  https://report.ameriprise.glassboxdigital.io https://bid.g.doubleclick.net https://cm.g.doubleclick.net https://tags.w55c.net https://dsum-sec.casalemedia.com *.morningstar.com https://www.mediamath.com/ https://pixel.mathtag.com https://aa.agkn.com https://players.brightcove.net/ https://sync.search.spotxchange.com https://loadus.exelator.com https://x.bidswitch.net https://pixel.advertising.com https://ads.scorecardresearch.com https://us-u.openx.net https://contextual.media.net https://match.adsrvr.org https://ad.sxp.smartclip.net https://px.britepool.com *.bluekai.com https://idsync.rlcdn.com https://www.google.co.in https://ameriprisefinancial.egain.cloud https://ameriprisefinancialdev.egain.cloud https://cloud-us.analytics-egain.com/ *.glancecdn.net *.amazonaws.com  https://presence.glance.net https://ampf.htm2pdf.co.uk https://pixel.rubiconproject.com https://cdn.segment.com https://api.segment.io ameriprise-fsc.my.salesforce.com   *.launchdarkly.com cdn.linkedin.oribi.io js.adsrvr.org ameriprisefinancial.tt.omtrdc.net cdn.cookielaw.org geolocation.onetrust.com cobranding.ameriprise.com acas.acuant.net https://cdn.cookielaw.org https://geolocation.onetrust.com *.fiservapps.com https://ais-ui.fiservapps.com 1
default-src 'self'; manifest-src 'self'; connect-src 'self' https://*.ezodn.com https://*.ezoic.net; font-src 'self'; img-src data: *; script-src 'self' 'unsafe-inline' https://*.ezodn.com; style-src 'self' 'unsafe-inline' * 1
default-src https: 'unsafe-inline' https://*.hotjar.com:* https://*.hotjar.io:* wss://*.hotjar.com *.crazyegg.com https://mailtrack.me ; script-src 'self' 'unsafe-inline' https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://embed.typeform.com https://d5phz18u4wuww.cloudfront.net https://cdnjs.cloudflare.com https://seal.digicert.com https://js.stripe.com https://www.googleadservices.com https://billing.quaderno.io https://www.gstatic.com https://s3-eu-west-1.amazonaws.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://d1fc8wv8zag5ca.cloudfront.net https://*.hotjar.com https://cdn.jsdelivr.net/gh/snowplow https://connect.facebook.net https://www.googletagmanager.com https://*.cookiebot.com *.crazyegg.com https://mailtrack.me ; img-src 'self' data: https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.es https://www.google.com https://mailtrackio.typeform.com https://www.googleadservices.es https://www.googleadservices.com https://googleads.g.doubleclick.net https://seal.digicert.com https://billing.quaderno.io https://s3-eu-west-1.amazonaws.com https://dc.ads.linkedin.com https://d1ptrxl5bj7757.cloudfront.net https://analytics-v2.mailtrack.io https://px.ads.linkedin.com https://www.linkedin.com https://www.facebook.com/tr/ https://www.googletagmanager.com https://templates-images-dev.s3.eu-west-1.amazonaws.com https://templates-images-prod.s3.eu-west-1.amazonaws.com https://*.cookiebot.com *.crazyegg.com https://mailtrack.me https://mt-video-dev.s3.eu-west-1.amazonaws.com https://mt-video-prod.s3.eu-west-1.amazonaws.com ; object-src 'none'; font-src 'self' https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://cdnjs.cloudflare.com https://s3-eu-west-1.amazonaws.com https://mailtrack.me ; worker-src blob: ; 1
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com browser.events.data.microsoft.com edge.fullstory.com rs.fullstory.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ 1
default-src 'self' static.flightstats.com/ www.google-analytics.com securepubads.g.doubleclick.net www.google-analytics.com https://*.googlesyndication.com *.onetrust.com geolocation.onetrust.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'none';img-src 'self' data: *.cirium.io *.cirium.dev *.flightstats.com *.flightstats.io www.cirium.com *.cirium.com *.google-analytics.com *.googlesyndication.com *.google.com *.googletagmanager.com assets.braintreegateway.com checkout.paypal.com *.eloqua.com cdn.cookielaw.org *.onetrust.com geolocation.onetrust.com;object-src 'none';script-src 'self' 'sha256-LtTzENrCXCQCBUtkD4RrXKmfwmT7WSTvkY2Y/FLADts=' *.cirium.io *.cirium.dev *.flightstats.com *.flightstats.io www.google.com/ www.gstatic.com/recaptcha/ www.googletagmanager.com/gtag/ www.googletagservices.com adservice.google.com js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com c.paypal.com img.en25.com cdn.cookielaw.org *.onetrust.com geolocation.onetrust.com *.awswaf.com 'nonce-yEWoLD9eBMYBUUFo1N8QHg==';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;frame-src *.googlesyndication.com www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ *.doubleclick.net/ https://www.youtube.com/ assets.braintreegateway.com c.paypal.com *.cardinalcommerce.com;connect-src *.cirium.io *.cirium.dev *.flightstats.com *.flightstats.io https://static.flightstats.com https://securepubads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://analytics.google.com www.google-analytics.com *.googlesyndication.com *.braintree-api.com api.braintreegateway.com client-analytics.braintreegateway.com cdn.cookielaw.org *.onetrust.com geolocation.onetrust.com *.awswaf.com 1
default-src * data: blob: 'unsafe-eval' 'unsafe-inline';    script-src * data: blob: 'unsafe-eval' 'unsafe-inline';    font-src 'self';    frame-ancestors cpmstar.com www.cpmstar.com;    upgrade-insecure-requests; 1
frame-ancestors 'self' https://logmein.lookbookhq.com https://logmein.pathfactory.com https://explore.logmein.com https://web-eugamma.boldchat.com https://web-gamma.boldchat.com https://web-eu.boldchat.com https://logmeinrescue.lookbookhq.com https://logmeinrescue.pathfactory.com https://explore.logmeinrescue.com https://bold360.lookbookhq.com https://bold360.pathfactory.com https://explore.bold360.com https://explore.goto.com ; object-src 'none'; 1
default-src 'self' noembed.com static.zdassets.com ekr.zdassets.com https://avm-cs.zendesk.com wss://pod-28.zendesk.com avm.zendesk.com v2.zopim.com wss://widget-mediator.zopim.com vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com ytimg.com s.ytimg.com data: avm.de service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de assets.avm.de maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com img.youtube.com www.surveygizmo.eu 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' avm.de *.avm.de piwik.avm.de vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com https://www.youtube-nocookie.com https://www.youtube.com maps.google.com *.googleapis.com https://static.zdassets.com pod-28.zendesk.com 'unsafe-inline' ; media-src 'self' *.avm.de static.zdassets.com *.googleapis.com *.gstatic.com ytimg.com s.ytimg.com blob: data: ; worker-src 'self' blob: ; frame-ancestors 'self'  1
default-src 'none'; img-src 'self'; script-src 'unsafe-inline'; style-src 'self' 1
frame-ancestors 'self' lokalise.com *.lokalise.com landing.test.lokalise.cloud 1
frame-ancestors 'self' https://*.fanbox.cc 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.blacknut.com *.blacknut.net *.blacknutlemag.com *.blacknut.biz *.google-analytics.com *.googletagmanager.com *.youtube.com *.googleapis.com *.stripe.com data: *.jsdelivr.net *.facebook.com *.facebook.net *.doubleclick.net *.google.com *.google.fr *.gouv.fr js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net js.hsadspixel.net *.hubspot.com *.hubapi.com *.google.ie *.googleadservices.com *.metaffiliation.com api.mixpanel.com ipinfo.io freegeoip.net marketing-image-production.s3.amazonaws.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.usemessages.com u360.d-bi.fr analytics.google.com *.google.com *.google.ie *.clarity.ms clarity.microsoft.com *.gstatic.com *.firebaseio.com *.taboola.com *.adnxs.com *.affilae.com *.hs-banner.com *.blacknut.biz *.api.sanity.io *.sanity.build s3.eu-west-1.amazonaws.com blacknut-prod-images.b-cdn.net blacknut-prod-videos.b-cdn.net 1
default-src 'self' spotify.okta.com *.oktacdn.com; connect-src 'self' spotify.okta.com spotify-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com spotify.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' spotify.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' spotify.okta.com *.oktacdn.com; frame-src 'self' spotify.okta.com spotify-admin.okta.com login.okta.com *.vidyard.com com-okta-authenticator: api-0f3c7c4d.duosecurity.com; img-src 'self' spotify.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' spotify.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://dashboards.spotify.net; report-uri https://oktacsp.report-uri.com/r/t/csp/enforce; report-to csp 1
frame-ancestors 'self' https://*.kinsta.com https://*.kinsta.ninja 1
connect-src 'self' *.6sc.co *.6sense.com *.hs-banner.com aorta.clickagy.com api.hsforms.com api.hubapi.com app.clearbit.com cdn.linkedin.oribi.io conversions-config.reddit.com hemsync.clickagy.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://analytics.google.com https://home.stellarite.io material-site.cdn.prismic.io opps-api.getwarmly.com pixel-config.reddit.com px.ads.linkedin.com ws.zoominfo.com www.redditstatic.com;default-src 'self';font-src 'self' fonts.gstatic.com;frame-src 'self' hemsync.clickagy.com https://recaptcha.google.com/recaptcha/ https://td.doubleclick.net https://www.google.com/recaptcha/ material-site.prismic.io open.spotify.com www.vimeo.com www.youtube.com;img-src 'self' *.6sc.co alb.reddit.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com images.prismic.io material-site.cdn.prismic.io/material-site/ prismic-io.s3.amazonaws.com/material-site/ px.ads.linkedin.com px4.ads.linkedin.com ssl.gstatic.com track.hubspot.com www.linkedin.com;media-src 'self' material-site.cdn.prismic.io;script-src 'nonce-T9BLvAp35BH8clRwaTyd' 'self' 'strict-dynamic' *.6sc.co *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net 6sense.com cdnjs.cloudflare.com https://*.googletagmanager.com https://www.google.com https://www.google.com/recaptcha/ https://www.googleadservices.com https://www.gstatic.com/recaptcha/ js.zi-scripts.com prismic.io px.ads.linkedin.com snap.licdn.com static.cdn.prismic.io tag.clearbitscripts.com tags.clickagy.com unpkg.com ws.zoominfo.com www.redditstatic.com x.clearbitjs.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.usz.ch https://*.usz.ch/hit.xiti https://player.captivate.fm https://*.youtube.com https://*.sibforms.com https://*.stripe.com https://*.googletagmanager.com https://*.yellow.camera https://*.doubleclick.net https://*.googleapis.com https://*.issuu.com https://*.zeotap.com https://*.adnxs.com; frame-ancestors 'self' https://intranet.sp.usz.ch https://intranet.spt.usz.ch https://intranet.spd.usz.ch; font-src 'self' data:; img-src 'self' data: https://*.usz.ch/hit.xiti https://*.sibforms.com https://*.yellow.camera https://*.babygalerie24.ch https://*.ytimg.com https://*.ggpht.com; media-src 'self' data:; connect-src 'self' https://player.captivate.fm https://yoast.com https://*.cookielaw.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sibforms.com https://*.cookielaw.org https://*.googletagmanager.com https://*.aticdn.net https://*.jsdelivr.net https://*.google-analytics.com https://*.youtube.com 1
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.plyr.io cdnjs.cloudflare.com *.click4assistance.co.uk *.discoveruni.gov.uk discoveruni.gov.uk www.googleoptimize.com www.googletagmanager.com www.google-analytics.com *.blackbaudhosting.com cdn.jsdelivr.net i.vimeocdn.com *.unibuddy.co cdn.matomo.cloud snap.licdn.com acdn.adnxs.com static.ads-twitter.com *.quantserve.com *.hotjar.com www.google.com www.google.co.uk www.googleadservices.com *.google.com gtm *.gstatic.com wss://*.hotjar.com in.hotjar.com *.hotjar.io *.facebook.com *.twitter.com *.ads-twitter.com t.co *.ads.linkedin.com *.g.doubleclick.net snap.licdn.com *.youtube-nocookie.com www.youtube.com payments.blackbaud.com *.quantcount.com *.doubleclick.net player.vimeo.com developers.panopto.com www.instagram.com connect.facebook.net optimize.google.com surrey.matomo.cloud js-agent.newrelic.com googletagmanager.com bam.nr-data.net dev.visualwebsiteoptimizer.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com sky.blackbaudcdn.net prospect-form-plugin.2u.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.plyr.io cdnjs.cloudflare.com cdn.jsdelivr.net i.vimeocdn.com *.unibuddy.co fonts.googleapis.com payments.blackbaud.com bbox.blackbaudhosting.com surrey.matomo.cloud optimize.goo optimize.google.com hello.myfonts.net *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; img-src 'self' data: fastly.picsum.photos picsum.photos www.googletagmanager.com *.twimg.com scontent.cdninstagram.com *.instagram.com s.ytimg.com i.ytimg.com youtu.be www.facebook.com *.google.com *.quantserve.com analytics.twitter.com *.linkedin.com www.google.co.uk ib.adnxs.com t.co www.google-analytics.com *.click4assistance.co.uk *.doubleclick.net surrey.cloud.panopto.eu bbox.blackbaudhosting.com i.vimeocdn.com *.cloudfront.net discoveruni.gov.uk bbox.blackbaudhosting.com optimize.google.com fonts.googleapis.com optimize.google.com surrey.matomo.cloud google.co.in prreqcroab.icu googleads.g.doubleclick.net gstatic.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat www.gstatic.com dev.visualwebsiteoptimizer.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com script.hotjar.com; media-src 'self'; frame-src 'self' www.youtube.com youtu.be *.vimeo.com vimeo.com unibuddy.co open.spotify.com platform.twitter.com www.facebook.com www.instagram.com www.google.com *.click4assistance.co.uk popcard.unibuddy.co surrey.cloud.panopto.eu bbox.blackbaudhosting.com optimize.google.com embedder.wirewax.com payments.blackbaud.com *.doubleclick.net www.youtube-nocookie.com app.vwo.com *.visualwebsiteoptimizer.com embed-standalone.spotify.com *.360marketinglab.org.uk host.nxt.blackbaud.com; child-src www.youtube.com youtu.be *.vimeo.com vimeo.com unibuddy.co blob:; font-src 'self' hello.myfonts.net fonts.gstatic.com surrey.matomo.cloud hotjar.com script.hotjar.com; connect-src  'self' noembed.com *.linkedin.com *.googleapis.com connect.facebook.net www.facebook.com ws.sessioncam.com surrey-search.clients.uk.funnelback.com connect.facebook.net surrey.matomo.cloud www.google-analytics.com pixel.quantcount.com *.google.com *.doubleclick.net *.linkedin.oribi.io prod-discoveruni.azure-api.net payments.blackbaud.com services.postcodeanywhere.co.uk vc.hotjar.io in.hotjar.com google.co.uk cdn.plyr.io *.visualwebsiteoptimizer.com app.vwo.com prospect-form-packages.2u.com browser-intake-datadoghq.com geo.mktg.2u.com tmq.prod.2u.com imq.2u.com ib.adnxs.com surrey-search.funnelback.squiz.cloud; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' https://cdn.fwupd.org/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.fwupd.org/;img-src 'self' https://cdn.fwupd.org/ data:;style-src 'self' 'unsafe-inline' https://cdn.fwupd.org/;font-src 'self' https://cdn.fwupd.org/;frame-ancestors 'none';object-src 'none';connect-src 'self' https://cdn.fwupd.org/ 1
report-uri https://csp.microsoft.com/report/PowerAutomate-MakerPortal; 1
frame-ancestors 'self' *.zabbix.com https://challenges.cloudflare.com 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: blob:; child-src https: blob:; object-src 'none' 1
frame-ancestors 'self' *.kameleoon.com *.kameleoon.eu *.providence.org provcustomerservicedev.crm.dynamics.com provcustomerserviceuat.crm.dynamics.com provcustomerservice.crm.dynamics.com ; 1
default-src 'none'; base-uri 'none'; img-src 'self' https:; style-src 'self'; font-src 'self'; connect-src 'self'; script-src 'nonce-99IfEcfpW5P3Vh90nEJHWDogj29UHjEqDkzKA5qDP3KX5Anf' 1
frame-src 'self' *.google.com *.gstatic.com *.quora.com snapwidget.com *.consensu.org *.sharethis.com *.doubleclick.net *.greenhouse.io *.payoneer.com *.trustpilot.com *.oraclecloud.com *.driftt.com *.ubembed.com *.youtube.com *.github.io *.userway.org v.qq.com *.adpartner.pro *.facebook.com *.chilipiper.com *.teamme.io *.adsrvr.org *.googlesyndication.com ssgtm-sbyzlt5hyq-ey.a.run.app *.optimizely.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'  *.googletagmanager.com *.cookielaw.org *.convertexperiments.com *.marketo.net *.googleadservices.com *.bing.com *.licdn.com *.facebook.net *.taboola.com *.yimg.jp *.yahoo.co.jp *.doubleclick.net *.sharethis.com *.consensu.org snapwidget.com *.onetrust.com *.greenhouse.io *.payoneer.com *.mouseflow.com *.salesloft.com *.trendemon.com *.trustpilot.com *.ubembed.com *.google.com *.gstatic.com *.dynatrace.com *.oraclecloud.com *.baidu.com *.driftt.com *.youtube.com *.daumcdn.net unpkg.com *.yandex.ru *.cloudflare.com *.strattic.com *.6sc.co *.jsdelivr.net *.bootstrapcdn.com *.twitter.com *.ads-twitter.com *.highcharts.com *.github.io *.qualtrics.com *.microsoft.com  *.userway.org *.tiktok.com *.googleoptimize.com accessibilityserver.org *.adnxs.com *.pdst.fm *.fullstory.com *.redditstatic.com *.cheqzone.com *.clarity.ms *.line-scdn.net redditstatic.s3.amazonaws.com wcs.naver.net *.googlesyndication.com *.google-analytics.com *.adpartner.pro *.line-cdn.net *.line-scdn.net *.chilipiper.com *.teamme.io *.quora.com *.adsrvr.org *.amplitude.com server-side-tagging-sbyzlt5hyq-uc.a.run.app *.trackjs.com ssgtm-sbyzlt5hyq-ey.a.run.app *.optimizely.com optimizely.s3.amazonaws.com; 1
default-src 'none';base-uri 'self';block-all-mixed-content;connect-src 'self';font-src 'self';form-action 'self' https://search.f-droid.org;frame-ancestors 'self';img-src 'self' https://f-droid.org;manifest-src 'self';media-src 'self';script-src 'self';style-src 'self' 'unsafe-inline'; 1
default-src 'self' data: blob: *.wien.gv.at *.data.gv.at *.magwien.gv.at sabio.magwien.gv.at *.cookiebot.com *.wien.at *.kavedo.com; connect-src 'self' *.magwien.gv.at *.wien.gv.at *.data.gv.at *.cookiebot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: siteimproveanalytics.com *.siteimproveanalytics.io siteimproveanalytics.io *.youtube.com *.vimeo.com consentcdn.cookiebot.com consent.cookiebot.com *.wien.gv.at *.wien.at www.gstatic.com *.kavedo.com npmcdn.com nominatim.openstreetmap.org *.magwien.gv.at unpkg.com fonts.googleapis.com s3-shared.labs.sabio.de maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' *.data.gv.at *.magwien.gv.at *.wien.gv.at *.kavedo.com npmcdn.com unpkg.com *.sabio.de *.googleapis.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com; img-src 'self' data: blob: *.wien.gv.at *.cookiebot.com *.siteimproveanalytics.io siteimproveanalytics.io *.youtube.com *.ytimg.com *.wien.at *.kavedo.com npmcdn.com *.openstreetmap.org *.magwien.gv.at; frame-src 'self' api-mp.adrom.net basemap.at consentcdn.cookiebot.com *.data.gv.at e.issuu.com experience.arcgis.com issuu.com lvg.maps.arcgis.com public.tableau.com vimeo.com *.youtube.com kalender.digital *.wien.at *.wien.gv.at *.youtube-nocookie.com calendar.google.com accounts.google.com *.magwien.gv.at; font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com *.kavedo.com *.wien.gv.at *.magwien.gv.at; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com www.tjk-njk.com *.xv-ru.com *.exoclick.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com wss://*.1ka.com https://*.1ka.com https://media.1ka.com https://u.1ka.com https://n.1ka.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.1ka.com *.xv-ru.com *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.xv-ru.com/csp-reports; report-to csp-endpoint 1
default-src 'self';  style-src 'self' 'unsafe-inline' https://*.le.ac.uk https://test-uol.azorus.com https://oc-cdn-public-gbr.azureedge.net/livechatwidget/ https://*.spotify.com https://sketchfab.com https://le.ac.uk https://www.clarity.ms https://cdnjs.cloudflare.com https://cdn.curator.io https://embedsocial.com https://www.findaphd.com https://fonts.googleapis.com https://www.gstatic.com https://meetandengage.com https://*.flockler.com https://*.flockler.app https://tagmanager.google.com https://www.googletagmanager.com;  img-src 'self' blob: data: https://track.adform.net https://s2.adform.net https://c.bing.com https://pool.adizio.com https://c.clarity.ms https://test-uol.azorus.com https://*.spotify.com https://pool.a872.com https://*.adnxs.com https://cdn.curator.io https://*.cdninstagram.com https://*.doubleclick.net https://connect.facebook.net https://discoveruni.gov.uk https://www.facebook.com https://*.fbcdn.net https://www.findaphd.com https://*.flockler.com https://flockler.com https://*.flockler.app https://*.google.com https://www.google.com https://www.google.co.uk https://googleads.g.doubleclick.net https://*.google-analytics.com https://www.googleapis.com https://www.googletagmanager.com https://*.gstatic.com https://i.ytimg.com https://www.instagram.com https://le.ac.uk https://www.linkedin.com https://livestream.com https://meetandengage.com https://pbs.twimg.com https://px.ads.linkedin.com https://*.rackcdn.com https://*.scdn1.secure.raxcdn.com https://stats.g.doubleclick.net https://t.co https://www.tag4arm.com https://*.twitter.com/ https://ads.brandadvance.co.uk/;  script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.le.ac.uk https://test-uol.azorus.com https://track.adform.net https://s2.adform.net https://cdn.botframework.com/botframework-webchat/ https://unpkg.com/react@17.0.2/umd/react.production.min.js https://unpkg.com/react-dom@17.0.2/umd/react-dom.production.min.js https://oc-cdn-public-gbr.azureedge.net/livechatwidget/ https://acdn.adnxs.com/dmp/up/ https://*.spotify.com https://sketchfab.com https://le.ac.uk https://libraryhelp.le.ac.uk https://ajax.googleapis.com https://www.clarity.ms https://cdn.curator.io https://cc.cdn.civiccomputing.com https://cdnjs.cloudflare.com https://cdn.oribi.io https://cdn.unibuddy.co https://connect.facebook.net https://discoveruni.gov.uk https://dnn506yrbagrg.cloudfront.net https://embedsocial.com https://fl-cdn.scdn1.secure.raxcdn.com https://www.findaphd.com https://*.flockler.com https://flockler.embed.codes https://*.flockler.app https://googleads.g.doubleclick.net https://tagmanager.google.com https://www.googleadservices.com https://*.google-analytics.com https://www.googleapis.com https://www.googletagmanager.com https://www.gstatic.com https://*.hotjar.com https://*.ibytedtos.com https://www.linkedin.com https://meetandengage.com https://popcard.unibuddy.co https://px.ads.linkedin.com https://s.ytimg.com https://s0.ipstatp.com https://sc-static.net https://snap.licdn.com https://static.ads-twitter.com https://www.tagarm.com https://*.tiktok.com https://*.twitter.com https://widget.discoveruni.gov.uk https://widget.unistats.ac.uk https://www.youtube.com https://*.dotdigital-pages.com https://*.dotdigital-pages.com https://unpkg.com/acs_webchat-chat-adapter@0.0.35-beta.20/dist/chat-adapter.js;  frame-src 'self' https://*.le.ac.uk https://test-uol.azorus.com https://oc-cdn-public-gbr.azureedge.net https://iframe.dacast.com https://*.spotify.com https://sketchfab.com https://embedsocial.com https://www.facebook.com https://*.flipsnack.com https://*.doubleclick.net https://forms.office.com https://www.google.com https://www.googleapis.com https://www97.lamp.le.ac.uk https://libservices.le.ac.uk https://leicester.cloud.panopto.eu https://livestream.com https://www.linkedin.com https://www.le.ac.uk https://meetandengage.com https://myleicester.le.ac.uk https://vimeo.com https://player.vimeo.com https://podcasts.le.ac.uk https://popcard.unibuddy.co https://w.soundcloud.com https://static.ads-twitter.com https://staticxx.facebook.com https://www.tag4arm.com https://tourmkr.com https://platform.twitter.com https://tr.snapchat.com https://unibuddy.co https://*.hotjar.com https://www.viewmake.com https://widget.unistats.ac.uk https://www.youtube.com https://www.youtube-nocookie.com https://momento360.com https://*.dotdigital-pages.com https://comms.omnichannelengagementhub.com;  frame-ancestors 'self';  connect-src 'self' blob: https://azfa-sitecorebotdv.azurewebsites.net/ https://azfa-sitecorebotapite.azurewebsites.net/ https://directline.botframework.com wss://directline.botframework.com https://*.microsoft.com https://*.omnichannelengagementhub.com https://*.clarity.ms https://*.le.ac.uk https://*.spotify.com https://apikeys.civiccomputing.com https://api.curator.io https://stats.g.doubleclick.net https://www.facebook.com https://*.flockler.com https://*.flockler.app https://*.google.com https://*.google-analytics.com https://www.googleapis.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www9.lamp.le.ac.uk https://gw.oribi.io https://prod-discoveruni.azure-api.net https://tr.snapchat.com https://www.tag4arm.com https://analytics.tiktok.com https://tourmkr.com https://ekr.zdassets.com https://*.dotdigital-pages.com https://*.trouter.skype.com wss://*.trouter.skype.com https://edge.skype.com https://*.communication.azure.com https://ib.adnxs.com https://acdn.adnxs.com;  font-src 'self' data: https://maxcdn.bootstrapcdn.com https://cdn.curator.io https://fonts.gstatic.com https://le.ac.uk https://meetandengage.com https://*.hotjar.com;  object-src 'self' https://*.spotify.com https://forms.office.com;  media-src 'self' https://le.ac.uk https://*.le.ac.uk https://*.spotify.com https://pool.a8723.com https://*.fbcdn.net https://*.xx.fbcdn.net https://*.flockler.com https://*.flockler.app https://*.cdninstagram.com https://video.twimg.com https://videos.dailymail.co.uk;  upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wpml.org *.toolset.com *.stripe.com *.google.com *.googletagmanager.com a.quora.com www.redditstatic.com *.doubleclick.net yoast.com *.googleadservices.com *.jquery.com *.web-view.net *.ytimg.com *.nr-data.net js-agent.newrelic.com *.youtube.com *.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com connect.facebook.net fast.wistia.com *.helpscout.net *.clarity.ms *.termly.io *.googlesyndication.com; frame-src 'self' *.stripe.com *.google.com *.doubleclick.net *.youtube.com *.facebook.com s-static.ak.facebook.com wp-rocket.me *.termly.io; object-src 'self'; worker-src blob: https://wpml.org; connect-src 'self' *.wpml.org https://pagead2.googlesyndication.com https://conversions-config.reddit.com https://www.redditstatic.com https://*.doubleclick.net q.quora.com *.clarity.ms *.helpscout.net *.wistia.com *.termly.io d3hb14vkzrxvla.cloudfront.net *.nr-data.net *.facebook.com yoast.com wss://chat-support.wpml.org https://chat-support.wpml.org wss://activity-tracker.wpml.org https://activity-tracker.wpml.org ams.wpml.org https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat 1
connect-src 'self' *.licdn.com  *.goldenbees.fr  *.doubleclick.net  *.indeed.com  https://tools.euroland.com  https://pr.globenewswire.com/  https://player.podigee-cdn.net/  https://tools.eurolandir.com/  https://ing.blueconic.net  https://plugins.blueconic.net  *.readspeaker.com  https://assets.adobedtm.com  https://www.google-analytics.com  https://www.googletagmanager.com  https://working2.ad.ing.net  https://getxmlfeed.000webhostapp.com  https://cdn.dimml.io  https://www.youtube.com  https://www.youtube-nocookie.com  https://platform.twitter.com  https://w.soundcloud.com  https://cdn.podigee.com  https://emplocity.com  https://connect.facebook.net  https://open.spotify.com; child-src 'self' *.licdn.com  *.goldenbees.fr  *.doubleclick.net  *.indeed.com  https://www.flickr.com/  https://activitymap.adobe.com/  https://tools.euroland.com  https://pr.globenewswire.com/  https://tools.eurolandir.com/  https://syndication.twitter.com/  https://player.podigee-cdn.net/  *.readspeaker.com  https://www.youtube.com  https://www.youtube-nocookie.com  https://platform.twitter.com  https://w.soundcloud.com  https://cdn.podigee.com  https://emplocity.com  https://connect.facebook.net  https://open.spotify.com; report-uri /csp-violation-report-endpoint/ 1
script-src 'strict-dynamic' https: 'nonce-YzRiMmYyNjctY2Y5NS00ZDlmLWEzZDctZGYyMmE3YTgxMzk3'; object-src 'none'; base-uri 'none'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'nonce-a9e5261bfc491348aa0825cabc28403f' 'self' https: data:; frame-src 'self' ockto: https:; frame-ancestors 'self'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src 'self' data: https:; font-src *; 1
report-uri https://99designs.report-uri.com/r/d/csp/enforce; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob: android-webview-video-poster:; upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' data: blob: https://*.fb.gg https://*.fbcdn.net;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; 1
default-src 'self';img-src 'self' data: *;font-src 'self' data:;connect-src 'self' *.daserste.de *.ardmediathek.de *.ardaudiothek.de *.tagesschau.de *.sportschau.de *.kika.de;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
base-uri 'self'; connect-src https://developer-assets.spotifycdn.com https://embed-cdn.spotifycdn.com https://stats.g.doubleclick.net https://*.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://translate.googleapis.com https://cdn.cookielaw.org https://*.onetrust.com https://*.spotify.com https://*.spotify.net https://*.sentry.io wss://*.spotify.com wss://*.spotify.net; form-action https:; frame-ancestors 'self' https://*.spotify.com https://*.spotify.net; object-src 'none'; script-src https://developer-assets.spotifycdn.com https://*.spotify.com https://*.spotify.net https://open.spotifycdn.com https://embed-cdn.spotifycdn.com https://*.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://translate.googleapis.com https://translate.google.com https://cdn.cookielaw.org 'unsafe-eval' 'sha256-WfsTi7oVogdF9vq5d14s2birjvCglqWF842fyHhzoNw=' https://open.spotify.com 'sha256-usT+6qPuOS6IkYtKfVmDANmKvyw2VIa1A0slyo1mSmw='; report-uri https://o22381.ingest.sentry.io/api/4504887026384896/security/?sentry_key=f4a7c7c55acb47ab8ff900050fce0bd4 1
default-src 'none'; script-src 'self' vimeo.com https://gist.github.com www.slideshare.net 'unsafe-eval' https://assets.hackmd.io https://www.google.com https://apis.google.com https://docs.google.com https://accounts.google.com https://www.dropbox.com https://www.google-analytics.com https://stats.g.doubleclick.net https://secure.quantserve.com https://rules.quantcount.com https://pixel.quantserve.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://cdn.ravenjs.com https://browser.sentry-cdn.com https://js.stripe.com 'nonce-f7ddfb14-3361-4a9f-b96e-211d805e3335' 'sha256-EtvSSxRwce5cLeFBZbvZvDrTiRoyoXbWWwvEVciM5Ag=' 'sha256-NZb7w9GYJNUrMEidK01d3/DEtYztrtnXC/dQw7agdY4=' 'sha256-L0TsyAQLAc0koby5DCbFAwFfRs9ZxesA+4xg0QDSrdI=' 'sha256-8HvL1KRq6jEwDkuVgxMDK7Gag1vnT70L0Lfoa1E3YsY=' 'sha256-81acLZNZISnyGYZrSuoYhpzwDTTxi7vC1YM4uNxqWaM=' https://tally.so https://tracks.hackmd.io https://plausible.io; img-src * data: blob:; style-src 'self' 'unsafe-inline' https://assets-cdn.github.com https://github.githubassets.com https://assets.hackmd.io https://www.google.com https://fonts.gstatic.com; font-src 'self' data: https://public.slidesharecdn.com https://assets.hackmd.io https://script.hotjar.com; object-src *; media-src *; frame-src *; child-src *; connect-src *; base-uri 'none'; form-action 'self' https://www.paypal.com; upgrade-insecure-requests 1
frame-ancestors https://*.bancopan.com.br 1
frame-ancestors 'self' btprt.dj snip.ly 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com cdn.tiny.cloud partner.hostnet.de assets.zendesk.com www.google-analytics.com ajax.googleapis.com www.googleadservices.com googleads.g.doubleclick.net connect.facebook.net static.zdassets.com; connect-src 'self' spelling.tiny.cloud hyperlinking.tiny.cloud hostnet.zendesk.com ekr.zdassets.com; img-src 'self' data: sp.tinymce.com partner.hostnet.de stats.g.doubleclick.net *.vimeocdn.com cdnjs.cloudflare.com cdn.hostnet.de www.facebook.com www.googletagmanager.com www.google.de www.google.com www.google-analytics.com; style-src 'self' 'unsafe-inline' cdn.tiny.cloud *.vimeocdn.com; media-src 'self' player.vimeo.com; frame-src 'self' player.vimeo.com https://vnc.hostnet.de:*; font-src 'self' data:; 1
default-src 'self' tpc.googlesyndication.com;frame-ancestors 'self';frame-src 'self' https://staticcdn.co.nz *.youtube.com www.facebook.com connect.facebook.net gsa://onpageload trademe.wufoo.com matterport.com *.matterport.com viewer.metamaker.istaging.com vtc.virtualtourscreator.com.au app.cloudpano.com youriguide.com virtualtour.laserfocus.co.nz s3virtualtour.esoft.com www.boxbrownie.com kuula.co tours.virtualpro.nz open.littlehinges.com ipropertyexpress.com virtual-tour.ipropertyexpress.com app.envisionvr.net realsee.ai realsee.jp https://api.trademe.co.nz/ https://auth.trademe.co.nz https://api.trademe.co.nz/graphql/ https://*.app.trade.me https://vimeo.com https://*.vimeo.com https://cdn.diakrit.com https://livetour.istaging.com https://vtc.virtualtourscreator.com.au https://app.cloudpano.com https://static.instavid360.com/ https://storage.googleapis.com https://www.google.com https://www.google.co.nz *.googlesyndication.com console.googletagservices.com *.doubleclick.net https://www.adsensecustomsearchads.com https://syndicatedsearch.goog *.trademepayments.co.nz:* *.pingauth.trademe.co.nz:* mfa.trademe.co.nz mfa-test.trademe.co.nz;font-src 'self' data: www.trademe.co.nz fonts.googleapis.com fonts.gstatic.com https://*.appsflyer.com;img-src 'self' data: blob: www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com *.ggpht.com i.ytimg.com i.vimeocdn.com www.facebook.com https://staticcdn.co.nz *.segment.com https://api.trademe.co.nz/ *.tmcdn.co.nz https://api.trademe.co.nz/graphql/ https://trademe-prod-cdn.global.ssl.fastly.net https://*.trademe.co.nz https://images.tmsandbox.co.nz *.google.com *.google.co.nz *.google.com.au *.google.co.uk *.google.lk *.google.co.in *.google.com.sg *.google.com.sa *.google.cn *.google.com.ph *.google.com.hk *.google.co.kr *.google.de *.google.ca *.google.co.jp *.google.com.fj *.google.co.id *.google.ae *.google.com.my *.google.co.th *.google.fr *.google.nl *.google.com.tw *.google.com.br *.google.es *.google.ie *.google.cl *.google.se *.google.ar *.google.com.vn *.googlesyndication.com *.doubleclick.net *.googleusercontent.com https://www.adsensecustomsearchads.com https://syndicatedsearch.goog https://*.appsflyer.com https://impressions.onelink.me api.myautoshop.co.nz images.myautoshop.co.nz sslphotos.jato.com via.placeholder.com https://static.instavid360.com/;media-src https://static.instavid360.com/;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com;script-src 'self' 'sha256-9ucjAp3srQpYhQP83Bwdp7YrnrlGIICrV9luRdzS2fE=' 'sha256-ngFYgAN/oU7iQUOSoK4wCm1rsjFLczlQ4y9Q0lbAfNE=' 'report-sample' https://staticcdn.co.nz connect.facebook.net www.google-analytics.com www.googletagmanager.com *.googletagservices.com www.gstatic.com dnn506yrbagrg.cloudfront.net *.googleapis.com www.youtube.com s.ytimg.com script.crazyegg.com *.segment.com *.appboycdn.com *.google.com *.google.co.nz *.google.com.au *.google.co.uk *.google.lk *.google.co.in *.google.com.sg *.google.com.sa *.google.cn *.google.com.ph *.google.com.hk *.google.co.kr *.google.de *.google.ca *.google.co.jp *.google.com.fj *.google.co.id *.google.ae *.google.com.my *.google.co.th *.google.fr *.google.nl *.google.com.tw *.google.com.br *.google.es *.google.ie *.google.cl *.google.se *.google.ar *.google.com.vn *.googleadservices.com *.doubleclick.net *.googlesyndication.com cdn.ampproject.org https://www.adsensecustomsearchads.com https://syndicatedsearch.goog *.appsflyer.com *.afterpay.com *.app.trade.me *.newrelic.com *.nr-data.net;form-action 'self' trademe.wufoo.com www.facebook.com connect.facebook.net d3f5l8ze0o4j2m.cloudfront.net https://api.trademe.co.nz/ https://api.trademe.co.nz/graphql/ https://*.app.trade.me;connect-src 'self' https://api.trademe.co.nz/ https://auth.trademe.co.nz https://api.trademe.co.nz/graphql/ *.tmcdn.co.nz https://*.app.trade.me *.segment.io *.segmentapis.com *.segment.com *.braze.com sentry.io www.facebook.com www.google-analytics.com *.gstatic.com *.googleapis.com www.googletagmanager.com *.google.com *.google.co.nz *.google.com.au *.google.co.uk *.google.lk *.google.co.in *.google.com.sg *.google.com.sa *.google.cn *.google.com.ph *.google.com.hk *.google.co.kr *.google.de *.google.ca *.google.co.jp *.google.com.fj *.google.co.id *.google.ae *.google.com.my *.google.co.th *.google.fr *.google.nl *.google.com.tw *.google.com.br *.google.es *.google.ie *.google.cl *.google.se *.google.ar *.google.com.vn google.com *.doubleclick.net *.googlesyndication.com https://www.adsensecustomsearchads.com https://syndicatedsearch.goog https://*.appsflyer.com https://*.afterpay.com api.amplitude.com https://*.app.trade.me https://*.nr-data.net https://api.topsort.com/v2/events;child-src 'self';worker-src 'self';object-src 'none';report-uri https://www.trademe.co.nz/a/csp-report-uri 1
default-src 'none';  base-uri 'self';  frame-ancestors 'self' https://*.barclays.co.uk https://*.uk.barclays;  script-src 'self' 'unsafe-eval' 'unsafe-inline' tags.tiqcdn.com collect.tealiumiq.com beacon.krxd.net cdn.krxd.net consumer.krxd.net gateway.answerscloud.com s.go-mpulse.net www.media.barclays.co.uk maps.googleapis.com www.google.com www.gstatic.com api.travelex.net resources.barclays.co.uk barclaysbankplc.tt.omtrdc.net barclaysbankplc.demdex.net cm.everesttech.net dpm.demdex.net *.siteintercept.qualtrics.com;  style-src 'self' 'unsafe-inline' www.media.barclays.co.uk fonts.googleapis.com;  object-src 'self';  worker-src 'self';  child-src demo.barclays.co.uk edigitalsurvey.com cdn.krxd.net www.google.com www.media.barclays.co.uk barclaysbankplc.demdex.net cm.everesttech.net dpm.demdex.net *.siteintercept.qualtrics.com;  frame-src 'self' demo.barclays.co.uk edigitalsurvey.com cdn.krxd.net www.google.com www.media.barclays.co.uk barclaysbankplc.demdex.net cm.everesttech.net dpm.demdex.net *.siteintercept.qualtrics.com;  img-src 'self' data: demo.barclays.co.uk collect.tealiumiq.com cdnjs.cloudflare.com adservice.google.co.uk ad.doubleclick.net adservice.google.com apiservices.krxd.net beacon.krxd.net googleads.g.doubleclick.net googleads4.g.doubleclick.net jslog.krxd.net smetrics.barclays.co.uk www.facebook.com www.google.co.uk www.google.com maps.googleapis.com maps.google.com www.google.fr adservice.google.fr www.google.de www.google.es adservice.google.es www.google.nl www.google.se www.google.co.id www.google.co.il www.google.be www.google.sk www.google.co.nz www.google.co.za www.google.com.sg www.google.pt www.google.ca www.google.cz www.google.com.cy www.google.com.au adservice.google.com.au www.google.mk www.google.je adservice.google.je www.google.co.ug www.google.com.hk www.google.ro www.google.bg www.google.im www.google.co.ao www.google.ie adservice.google.ie www.google.com.ng www.google.it adservice.google.it www.google.lt www.google.ae www.google.gr www.google.com.mx www.google.hu www.google.ch www.google.ru www.google.com.eg www.google.com.pk www.google.com.bh www.google.pl adservice.google.pl www.google.co.in www.gstatic.com www.google-analytics.com www.google.lu www.google.co.jp www.google.com.tr adservice.google.co.il adservice.google.co.zw adservice.google.com.sa adservice.google.ae adservice.google.pt www.google.com.my adservice.google.nl www.google.gg adservice.google.be adservice.google.cz www.google.co.th adservice.google.de www.google.com.gh www.google.com.sa www.google.ge www.google.com.br www.google.com.tw www.google.dk www.google.com.ph adservice.google.co.za www.google.lv adservice.google.gg adservice.google.ca www.google.at www.google.rs www.google.com.mt adservice.google.com.hk www.google.no www.google.com.qa www.google.co.ke www.barclays.co.uk adservice.google.gr www.google.fi adservice.google.co.jp adservice.google.co.in www.google.com.vc www.google.lk adservice.google.ch www.google.com.ua www.google.az www.google.by www.google.com.kw adservice.google.com.sg adservice.google.im adservice.google.no www.google.co.zw www.google.mu www.google.com.vn adservice.google.com.br adservice.google.lv adservice.google.com.kw adservice.google.com.tr www.google.co.kr adservice.google.az adservice.google.hu adservice.google.co.th www.google.cm www.google.mw www.google.com.ar www.google.co.ma www.google.com.gi www.google.co.tz www.google.com.om www.google.com.af adservice.google.lt adservice.google.co.nz www.google.tt www.google.ms adservice.google.ro www.google.dz adservice.google.com.my www.google.com.pe www.google.com.jm www.google.com.sl adservice.google.com.cy adservice.google.se www.google.com.ec www.google.hr www.google.al adservice.google.ru www.google.co.mz adservice.google.com.ng www.google.com.et www.google.com.bn www.google.sh www.google.com.pa www.google.ci www.google.cl adservice.google.bg www.google.co.ve www.google.bs www.google.com.ag www.google.hn adservice.google.hn www.google.iq www.google.so www.google.com.np maps.gstatic.com www.media.barclays.co.uk 5452834.fls.doubleclick.net dev.day.com pixel.quantserve.com bclays-ads.aimatch.com barclaysbankplc.demdex.net cm.everesttech.net dpm.demdex.net *.siteintercept.qualtrics.com;  connect-src 'self' formsdss-v3.uk.barclays bclays-ads.aimatch.com search.barclays.co.uk collect.tealiumiq.com *.akamaihd.net *.akstat.io beacon.krxd.net c.go-mpulse.net jslog.krxd.net www.media.barclays.co.uk device.4seeresults.com dpm.demdex.net barclaysbankplc.tt.omtrdc.net smetrics.barclays.co.uk *.siteintercept.qualtrics.com maps.googleapis.com;  font-src 'self' data: fonts.gstatic.com www.media.barclays.co.uk;  manifest-src 'self';  media-src 'self' demo.barclays.co.uk www.media.barclays.co.uk;  prefetch-src 'self'; 1
frame-ancestors https://www.ato.gov.au https://virtualassistant.ato.gov.au https://www.beta.ato.gov.au 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.byrdie.com 1
frame-ancestors 'self' ruckuswireless.com www.ruckuswireless.com 192.168.1.0/24 1
default-src 'self'; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://secure.gaug.es https://gravatar.com https://www.gravatar.com https://secure.gravatar.com https://*.fastly-insights.com https://avatars.githubusercontent.com; object-src 'none'; script-src 'self' 'sha256-d8BfrKFC6GOH8sHkHPe0WRYrAiIvDn8UIwURqFEBqNQ=' https://secure.gaug.es https://www.fastly-insights.com 'nonce-c894210a54e05ab51a79d3520cb5c092'; style-src 'self' https://fonts.googleapis.com 'nonce-c894210a54e05ab51a79d3520cb5c092'; connect-src 'self' https://s3-us-west-2.amazonaws.com/rubygems-dumps/ https://*.fastly-insights.com https://fastly-insights.com https://api.github.com http://localhost:*; form-action 'self' https://github.com/login/oauth/authorize; frame-ancestors 'self'; base-uri 'self'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub852fa3e2312391fafa5640b60784e660&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Arubygems.org%2Cversion%3Ae1ae15703c70f0db17c1524bee7b8f25cb9e7c27%2Cenv%3Aproduction%2Ctrace_id%3A997131222637187308 1
script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https:; script-src-elem 'self' blob: 'unsafe-inline' https:; report-uri /reports/csp/uri; report-to csp-reports; 1
font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; img-src 'self' www.w3.org; object-src 'none'; frame-ancestors *; report-uri https://www.opengroup.org/report-uri/enforce 1
img-src http://* https://* data: 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-F7Dzwax8kZlU4ZQ5NHuZPojF1XfgE2' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
default-src 'self'; img-src 'self' https://www.ncsc.gov.uk/ data: https://s3.eu-west-2.amazonaws.com/tapestry-content/ https://s3-eu-west-2.amazonaws.com/tapestry-content/ blob: https://www.ncsc.gov.uk/* 'unsafe-inline' https://ssl.gstatic.com/ https://*.google-analytics.com https://*.analytics.google.com www.google-analytics.com; media-src 'self' data: https://s3.eu-west-2.amazonaws.com/tapestry-content/ https://s3-eu-west-2.amazonaws.com/tapestry-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://storage.googleapis.com/ https://www.googleoptimize.com/* https://www.googleoptimize.com/ ; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://storage.googleapis.com/ https://www.googleoptimize.com/ ; style-src 'self' 'unsafe-inline'  https://optimize.google.com https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' data: https://fonts.gstatic.com ; connect-src 'self' https://forms.office.com/ https://*.google-analytics.com https://*.analytics.google.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net  https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-2.amazonaws.com/tapestry-content/ https://s3-eu-west-2.amazonaws.com/tapestry-content/; worker-src 'self'; frame-src 'self' https://forms.office.com/ https://optimize.google.com https://www.youtube.com/ https://www.youtube-nocookie.com https://open.spotify.com/; object-src 'self' 1
default-src 'self' https://*.ntc.net.np https://www.google.com; font-src 'self' https: data:; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' https:; form-action 'self' https://epay.esewa.com.np; object-src 'self'; style-src 'self' 'unsafe-inline' https:; connect-src 'self' https://*.ntc.net.np https://api.ipify.org https://app.namastepay.com:9911 https://www.google-analytics.com; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src blob: ;child-src blob: 'self' https://d13h4w8gjgv887.cloudfront.net;media-src blob: 'self' https://video.joomcdn.net https://*.amazonaws.com https://d13h4w8gjgv887.cloudfront.net;form-action https:;frame-src 'self' https: ;frame-ancestors 'none';manifest-src 'self';base-uri 'none';font-src data: https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://d13h4w8gjgv887.cloudfront.net https://hcaptcha.com https://*.hcaptcha.com https://cdn.crowdin.com https://top-fwz1.mail.ru;connect-src 'self' https://api.joom.com https://api-secure.joom.one https://api.joompay.tech https://http-babylone-client-faq-api.joom.it https://*.google-analytics.com https://*.analytics.google.com https://*.googleapis.com https://google-analytics.com https://analytics.google.com https://pagead2.googlesyndication.com https://www.facebook.com https://bnc.lt https://joom.test-app.link https://stats.g.doubleclick.net https://*.joomcdn.net https://*.amazonaws.com https://mc.yandex.ru https://mc.yandex.com https://d13h4w8gjgv887.cloudfront.net https://*.riskified.com https://hcaptcha.com https://*.hcaptcha.com https://*.live-video.net https://joom-web.ey.r.appspot.com https://crowdin.com https://widget.trustpilot.com https://*.creativecdn.com https://*.dwin1.com https://top-fwz1.mail.ru https://www.wepowerconnections.com https://tr.kickbite.io https://service.nalog.ru https://*.clarity.ms https://analytics.tiktok.com https://s.kelkoogroup.net https://www.google.com https://google.com https://pay.google.com https://sentry.joom.it;img-src 'self' data: https: blob:;script-src 'strict-dynamic' 'nonce-MC41MDYzOTk=' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: data: 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://d13h4w8gjgv887.cloudfront.net https://hcaptcha.com https://*.hcaptcha.com https://cdn.crowdin.com https://top-fwz1.mail.ru;report-uri https://sentry.joom.it/api/3/security/?sentry_key=b68f31beac04417da5e79086aa76f8d6&sentry_release=web-client@4.8.5-1721735977&sentry_environment=prod 1
default-src 'self'; script-src 'self' 'unsafe-inline' translate.googleapis.com certificates.webtests.com blob:; style-src 'self' 'unsafe-inline' certificates.webtests.com fonts.googleapis.com translate.googleapis.com; font-src 'self' fonts.gstatic.com data:; img-src 'self' certificates.webtests.com data:; object-src 'none'; report-uri https://hpage-report.uriports.com/reports/enforce 1
base-uri 'self'; default-src 'self' *.livechatinc.com secure.livechatinc.com www.facebook.com www.googletagmanager.com www.google.com fonts.gstatic.com nordlayer.com *.nordlayer.com graphql.contentful.com t.co bat.bing.com cx.atdmt.com s1.nordcdn.com www.googleadservices.com cdn.growthbook.io *.google-analytics.com www.facebook.com connect.facebook.net www.linkedin.com px.ads.linkedin.com *.oribi.io analytics.twitter.com static.ads-twitter.com stats.g.doubleclick.net p.adsymptotic.com api.iterable.com sentry.netaltr.com www.gstatic.com snap.licdn.com *.clarity.ms *.6sc.co *.6sense.com *.sleeknote.com *.inwebr.com *.wisepops.com *.wisepops.net wisepops.net *.ahrefs.com ahrefs.com *.salesloft.com cdn.dreamdata.cloud *.chilipiper.com https://s3-us-west-2.amazonaws.com/b2bjsstore/b/ https://b-code.liadm.com/lc2.js https://rp.liadm.com idx.liadm.com https://pro.ip-api.com https://alocdn.com/c/vn3d8u2u/a/xtarget/p.json https://*.execute-api.us-west-2.amazonaws.com/b2bjsstore/b/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livechatinc.com secure.livechatinc.com www.facebook.com www.googletagmanager.com www.google.com fonts.gstatic.com nordlayer.com *.nordlayer.com graphql.contentful.com t.co bat.bing.com cx.atdmt.com s1.nordcdn.com www.googleadservices.com cdn.growthbook.io *.google-analytics.com www.facebook.com connect.facebook.net www.linkedin.com px.ads.linkedin.com *.oribi.io analytics.twitter.com static.ads-twitter.com stats.g.doubleclick.net p.adsymptotic.com api.iterable.com sentry.netaltr.com www.gstatic.com snap.licdn.com *.clarity.ms *.6sc.co *.6sense.com *.sleeknote.com *.inwebr.com *.wisepops.com *.wisepops.net wisepops.net *.ahrefs.com ahrefs.com *.salesloft.com cdn.dreamdata.cloud http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com *.chilipiper.com https://*.cookiebot.com:* *.typeform.com *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com https://a.quora.com/qevents.js *.redditstatic.com *.alb.reddit.com; connect-src 'self' *.livechatinc.com secure.livechatinc.com www.facebook.com www.googletagmanager.com www.google.com fonts.gstatic.com nordlayer.com *.nordlayer.com graphql.contentful.com t.co bat.bing.com cx.atdmt.com s1.nordcdn.com www.googleadservices.com cdn.growthbook.io *.google-analytics.com www.facebook.com connect.facebook.net www.linkedin.com px.ads.linkedin.com *.oribi.io analytics.twitter.com static.ads-twitter.com stats.g.doubleclick.net p.adsymptotic.com api.iterable.com sentry.netaltr.com www.gstatic.com snap.licdn.com *.clarity.ms *.6sc.co *.6sense.com *.sleeknote.com *.inwebr.com *.wisepops.com *.wisepops.net wisepops.net *.ahrefs.com ahrefs.com *.salesloft.com cdn.dreamdata.cloud http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.chilipiper.com https://consentcdn.cookiebot.com *.typeform.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.redditstatic.com *.alb.reddit.com; form-action 'self' webto.salesforce.com https://www.facebook.com/tr *.hsforms.com; frame-src 'self' *.livechatinc.com secure.livechatinc.com www.facebook.com www.googletagmanager.com www.google.com fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com *.chilipiper.com www.youtube.com https://www.youtube.com/ www.youtube-nocookie.com https://www.youtube-nocookie.com/ player.vimeo.com https://player.vimeo.com/ https://consentcdn.cookiebot.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com *.typeform.com; img-src * data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://ct.capterra.com https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://q.quora.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net *.typeform.com; media-src 'self' 'unsafe-inline' videos.ctfassets.net nordlayer.com *.nordlayer.com false; font-src 'self' data: www.google.com fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; child-src 'self' *.hsforms.com; 1
frame-ancestors vanderbilt.edu/AEA 'self' 1
frame-ancestors 'self' https://esirket.com https://app.mukellef.co https://app-beta.mukellef.co https://app.bizimsiparis.com https://bizimsiparis.com https://findara.co https://dgpfdemo.dgpays.com https://bilanco.co https://app.bilanco.co 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://1444264.collect.igodigital.com https://bam.nr-data.net https://js-agent.newrelic.com https://static.addtoany.com https://static.ads-twitter.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.youtube.com https://analytics.twitter.com https://s.ytimg.com https://www.google.com https://www.gstatic.com https://bam-cell.nr-data.net/ https://cdnjs.cloudflare.com https://unpkg.com https://pi.pardot.com/analytics https://fast.wistia.com https://wistia.com https://fast.wistia.net https://www.googleadservices.com https://wistia.com https://hackerone.com https://cdn.cookielaw.org https://js.zi-scripts.com https://img.en25.com https://code.jquery.com https://cdn.jsdelivr.net/npm/js-cookie@3.0.5; object-src 'none'; img-src 'self' https://nova.collect.igodigital.com https://www.googletagmanager.com https://t.co data: https: https://trck.www4.earlywarning.com https://trck.www4.zellepay.com; media-src 'self' https://www.youtube.com https://www.youtube-nocookie.com; frame-src 'self' https://www.youtube.com https://www.google.com/ https://www.youtube-nocookie.com https://www.googletagmanager.com https://static.addtoany.com https://hackerone.com https://fast.wistia.com; frame-ancestors 'self'; font-src 'self'; connect-src 'self' https://www.google-analytics.com https://privacyportal.onetrust.com https://bam-cell.nr-data.net https://pi.pardot.com/analytics https://cdn.cookielaw.org https://px.ads.linkedin.com/wa/ https://js.zi-scripts.com https://bam.nr-data.net/ https://ws.zoominfo.com; report-uri https://jhcspviolation.report-uri.com/r/d/csp/reportOnly 1
default-src data: https://* http://*; script-src 'unsafe-inline' 'unsafe-eval' https: http: data:; style-src 'self' 'unsafe-inline'; style-src-elem 'self' https://* http://* 'unsafe-inline'; script-src-elem 'self' https://* http://* 'unsafe-inline'; font-src data: https://* http://*; frame-ancestors 'none'; object-src 'none'; base-uri 'none'; upgrade-insecure-requests 1
base-uri 'self'; child-src 'self' blob:; connect-src 'self' https://*.qualtrics.com https://rivian-privacy.my.onetrust.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://rum.browser-intake-datadoghq.com https://rum-http-intake.logs.datadoghq.com webpack: https://rivian.com/api/gql/orders/graphql https://rivian.com/api/gql/content/graphql https://rivian.com/api/gql/content/graphql https://rivian.com/api/gql/orders/graphql https://analytics.google.com https://script.crazyegg.com https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.* https://*.bing.com https://media.rivian.com https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://tracking.crazyegg.com https://stats.g.doubleclick.net https://api.mapbox.com https://events.mapbox.com https://*.connect.us-east-1.amazonaws.com wss://*.connect.us-east-1.amazonaws.com https://*.facebook.com https://assets.rivian.com https://www.googleadservices.com https://google.com; default-src 'self'; font-src 'self' https://assets.rivian.com https://fonts.gstatic.com https://fonts.googleapis.com data:; form-action 'self' https://feedback.rivian.com https://*.facebook.com; frame-ancestors 'self' https://*.splashthat.com https://splashthat.com https://app.contentful.com; frame-src 'self' https://*.blivenyc.com https://optimize.google.com https://www.google.com https://*.splashthat.com https://splashthat.com https://*.doubleclick.net https://feedback.rivian.com https://*.facebook.com; img-src 'self' https://*.blivenyc.com https://*.bing.com https://cdn.cookielaw.org https://images.rivian.com https://media.rivian.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.* https://maps.googleapis.com https://www.google.* https://www.google.com https://www.googleadservices.com https://assets.rivian.com https://optimize.google.com https://*.facebook.com https://*.qualtrics.com data: https://authenticate.dc.goriv.co/ https://login.microsoftonline.com/; manifest-src 'self'; media-src 'self' https://*.blivenyc.com https://media.rivian.com https://videos.rivian.com https://assets.rivian.com https://digital-dev-protected-images.dev.ue1.dc.goriv.co blob:; object-src 'none'; script-src 'self' https://rivian.com https://*.blivenyc.com https://*.bing.com https://*.goriv.co https://*.rivian.com https://*.qualtrics.com https://*.googletagmanager.com https://*.google-analytics.com https://maps.googleapis.com https://cdn.cookielaw.org https://script.crazyegg.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/releases/ https://splashthat.com https://*.facebook.net https://*.doubleclick.net 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' 'self' https://rivian.com https://*.blivenyc.com https://fonts.googleapis.com https://optimize.google.com https://script.crazyegg.com; worker-src blob:; 1
style-src 'unsafe-inline' 'self' *; font-src 'self' * data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *; object-src 'self' *; frame-src 'self' *; connect-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *; 1
base-uri 'none';child-src 'self' * blob:;connect-src 'self' https://cdn.coda.io wss://coda.io https://coda.io wss://*.intercom.io https://coda-us-west-2-prod-blobs-upload.s3-accelerate.amazonaws.com https://coda-us-west-2-prod-packs-upload.s3-accelerate.amazonaws.com https://coda-us-west-2-prod-packs.s3.us-west-2.amazonaws.com https://codahosted.io https://codacontent.io https://coda.io https://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://sdk.iad-05.braze.com https://accounts.google.com https://app.getsentry.com https://iframe.ly https://cdn.iframe.ly https://api.rollbar.com https://baconipsum.com https://api.trello.com https://api.stripe.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com/ccm/collect https://www.facebook.com https://*.marketo.com https://*.mktoresp.com https://*.mktoutil.com https://*.mutinycdn.com https://*.mutinyhq.com https://*.mutinyhq.io https://cdn.cookielaw.org https://*.onetrust.com https://us-central1-adaptive-growth.cloudfunctions.net https://sink.pdst.fm https://grsm.io https://partnerlinks.io https://pixel.pvd.to https://tracker.pixeltracker.co https://pixelconnector.pixeltracker.co https://login.microsoftonline.com https://graph.microsoft.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.api.sanity.io https://*.apicdn.sanity.io https://statsig.coda.io https://statsigapi.net https://app.clearbit.com https://cdn.linkedin.oribi.io https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://api.sprig.com https://cdn.sprig.com https://pixels.spotify.com/v1/ingest ;default-src 'self' https://cdn.coda.io https://codacontent.io https://coda-us-west-2-prod-blobs.s3.us-west-2.amazonaws.com https://coda.io;font-src data: https://cdn.coda.io https://js.intercomcdn.com https://fonts.intercomcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://use.typekit.net;form-action 'self' https://api-iam.intercom.io https://intercom.help *.coda.io;frame-ancestors  *.coda.io *.intercom-sheets.com teams.microsoft.com chrome-extension://ocjjmmnhefcaopncklmdodfglamkeign  *.sanity.studio  ;frame-src *;img-src * blob: data:;media-src 'self' https://cdn.coda.io https://js.intercomcdn.com https://cdn.sanity.io;object-src 'none';report-uri /csp-violation;script-src 'strict-dynamic' 'nonce-33e3eb7813fc483298a6858dfc4c3227' 'unsafe-inline' 'unsafe-eval' https: https://*.mutinycdn.com https://*.googletagmanager.com;style-src 'self' 'unsafe-inline' blob: https://accounts.google.com https://cdn.coda.io https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net  https://*.mktoweb.com;worker-src 'self' blob: 1
frame-ancestors 'self' *.simplilearn.com gamooga.com careerkarma.com ifacet.iitk.ac.in 1
frame-ancestors 'self' https://www.stems-music.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com.sg *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.facebook.net *.facebook.com ajax.aspnetcdn.com www.redditstatic.com *.linkedin.com https://www.youtube.com *.bilibili.com *.youtube-nocookie.com https://player.vimeo.com https://platform.twitter.com https://w.soundcloud.com platform.tumblr.com fonts.gstatic.com kendo.cdn.telerik.com https://libapp.ntu.edu.sg https://cdn.knightlab.com https://syndication.twitter.com https://static.licdn.com https://s.ytimg.com https://publish.twitter.com *.twimg.com http://platform.stumbleupon.com/1/widgets.js *.insight.sitefinity.com https://dec.azureedge.net/ https://*.dec.sitefinity.com https://dc.services.visualstudio.com *.mktoresp.com pbs.twimg.com platform.twitter.com munchkin.marketo.net *.eloqua.com track.hubspot.com https://i.ytimg.com netdna.bootstrapcdn.com https://nostalgic-roentgen-a5aaef.netlify.app *.cloudfront.net https://www.thinglink.com data: blob: js.hs-scripts.com js.hs-analytics.net cdn.ampproject.org *.ntu.edu.sg https://ntu-cris-test.4science.cloud https://az416426.vo.msecnd.net/scripts/a/ai.0.js *.mapsindoors.com https://cdn.applozic.com/applozic/applozic.chat-6.1.min.js *.cognitoforms.com *.usetiful.com https://a.opmnstr.com https://snap.licdn.com https://js.hs-banner.com https://js.hsadspixel.net https://js.hsleadflows.net *.g.doubleclick.net badge.stumbleupon.com wss://socket2.applozic.com *.typeform.com *.omappapi.com *.hubspotusercontent40.net *.hubapi.com *.hubspot.com *.hsforms.com *.dialogflow.com walls.io *.walls.io *.surveysparrow.com app.sli.do www.pbrain.biz cdn.unibuddy.co unibuddy.co *.launchpad6.com *.hscta.net *.hscollectedforms.net *.hsforms.net *.hubspotusercontent00.net *.hubspotusercontent-na1.net *.tableau.com www.google.co.id https://analytics.tiktok.com *.accredify.io cdnjs.cloudflare.com schemata.openattestation.com www.w3.org *.comm100.com *.comm100vue.com *.comm100.io *.viewin360.co *.viziofly.com *.hs-sites.com https://popcard.unibuddy.co/ https://pages.kuula.co/ http://cdn.thinglink.me/jse/responsive.js *.sharethis.com *.dacast.com bcp.crwdcntrl.net https://ntu.imail-host.com https://polyfill.io https://cdn.jsdelivr.net *.maglr.com https://forms.office.com *.superchar.xyz https://assets.pxlecdn.com/assets/pixlee_widget_1_0_0.js https://assets.pixlee.com/assets/fp.js https://photos.pixlee.co superchar.xyz https://*.ntuinnovates.world https://ntuinnovates.world https://app-script.monsido.com https://*.doubleclick.net https://14120583.fls.doubleclick.net https://cdn.mathjax.org https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com https://lib-essential.netlify.app https://api.sg.kaltura.com; 1
frame-ancestors *.hoopladigital.com 1
frame-ancestors *.reviews.co.uk *.reviews.io 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://s7ap1.scene7.com/ https://authapp.ultimatix.net/ https://auth.ultimatix.net/ https://fonts.googleapis.com/ https://gateway.zscalerthree.net/; frame-src 'self' https://content.dionglobal.in/ https://td.doubleclick.net/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://11821448.fls.doubleclick.net/ https://gateway.on24.com/ https://s.company-target.com/ https://stories.storifyme.com/ https://www.google.com/ https://www.yputube.com/ https://gateway.zscalerthree.net/ https://www.recaptcha.net recaptcha.google.com tcs.demdex.net https://www.linkedin.com https://px.ads.linkedin.com/ https://storifyme.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' consent.trustarc.com gateway.zscalerthree.net https://s7ap1.scene7.com https://acdn.adnxs.com https://unpkg.com/  https://www.recaptcha.net https://s.yimg.jp/ https://www.google-analytics.com https://snap.licdn.com/ https://gateway.on24.com/ https://am.yahoo.co.jp/ https://www.googleadservices.com/ https://cdn.storifyme.com/ https://storifyme.xyz/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.jsdelivr.net/ https://auth.ultimatix.net/ https://authapp.ultimatix.net/ https://www.gstatic.com/ https://assets.adobedtm.com assets.adobedtm.com/launch-ENf1df16a3f7b54565aae5a7b51c3e89ed-staging.min.js ds-aksb-a.akamaihd.net https://www.youtube.com https://play.google.com/ https://youtube.com https://www.google.com onetrust.com ajax.googleapis.com https://fonts.googleapis.com/ https://maps.googleapis.com/ platform.twitter.com https://d36cz9buwru1tt.cloudfront.net cdn.ampproject.org maxcdn.bootstrapcdn.com https://code.jquery.com/ cdn.datatables.net https://cdnjs.cloudflare.com/ https://content.dionglobal.in/ https://maxcdn.bootstrapcdn.com https://twitter.com/ https://www.linkedin.com https://px.ads.linkedin.com https://www.facebook.com/ https://connect.facebook.net/ https://www.facebook.net https://www.instagram.com/ https://www.w3.org/ sites.tcs.com https://www.googletagmanager.com tata.com tcs.com business4.tcs.com slideshare.net https://api.company-target.com/ https://tcs.tt.omtrdc.net/ tcscom.sc.omtrdc.net https://www.google.co.in googleads.g.doubleclick.net https://ogp.me/ https://sling.apache.org/ https://jcp.org/ https://www.tcs.com/partners itunes.apple.com mboxedge31.tt.omtrdc.net dpm.demdex.net cm.everesttech.net adsymptotic.com https://p.adsymptotic.com/ bid.g.doubleclick.net nasscom.in in.explara.com store.mortgagebankers.org netdna.bootstrapcdn.com static.doubleclick.net i.ytimg.com https://www.businessofapps.com/ https://www.nytimes.com/ ibegin.tcs.com icandidateuat.ultimatix.net https://ims-na1.adobelogin.com/ https://www.demandbase.com/ https://704-zbe-801.mktoresp.com/ https://744-fui-742.mktoresp.com/ smetrics.tcs.com https://cdn.cookielaw.org/ https://munchkin.marketo.net/ tag.demandbase.com apache.org schema.org code.eligrey.com github.com developer.mozilla.org scottjehl.github.io https://github.com/ https://pages.github.com/ w3c.github.io modernjavascript.blogspot.com tc39.github.io modernizr.com vimeo.com blob:; media-src 'self' https://s7ap1.scene7.com/ https://s7mbrstream-ap1.scene7.com/ data: blob:; img-src 'self' https://cm.everesttech.net/ https://authapp.ultimatix.net/ https://www.google.co.in/ https://facebook.com https://ad.doubleclick.net/ https://ib.adnxs.com https://www.facebook.com https://www.google.com/ https://googleads.g.doubleclick.net/ https://am.yahoo.co.jp/ https://auth.ultimatix.net/ https://segments.company-target.com/ https://match.prod.bidr.io/ https://pbs.twimg.com/ https://match.prod.bidr.io/ https://id.rlcdn.com/ https://maps.googleapis.com https://maps.gstatic.com https://i.ytimg.com/ https://gateway.zscalerthree.net/ https://cdn.storifyme.com/ https://www.tcs.com/ https://www.google-analytics.com https://www.linkedin.com https://px.ads.linkedin.com https://p.adsymptotic.com https://dpm.demdex.net/ https://tcs.demdex.net/ smetrics.tcs.com s7ap1.scene7.com https://cdn.cookielaw.org/ data:; connect-src 'self' https://content.dionglobal.in https://tag-logger.demandbase.com/ https://facebook.com https://www.facebook.com https://pagead2.googlesyndication.com/ https://privacyportal.onetrust.com/ https://apm.yahoo.co.jp/ https://am.yahoo.co.jp/ https://cdn.linkedin.oribi.io/ https://www.linkedin.com https://geoip-js.com/ https://704-zbe-801.mktoutil.com/ https://geolocation.onetrust.com/ https://maps.googleapis.com https://privacyportaluat.onetrust.com/ https://s7mbrstream-ap1.scene7.com/ https://px.ads.linkedin.com https://www.google-analytics.com https://704-zbe-801.mktoresp.com/ https://744-fui-742.mktoresp.com/ https://assets.adobedtm.com https://api.company-target.com/ cdn.cookielaw.org tcs.tt.omtrdc.net https://dpm.demdex.net/ https://tcs.demdex.net/ onetrust.com smetrics.tcs.com storifyme.com https://cdn.storifyme.com/ https://s7ap1.scene7.com; base-uri 'none' ; object-src https://authapp.ultimatix.net https://auth.ultimatix.net; frame-ancestors 'self' ; font-src 'self' https://fonts.gstatic.com/ data: 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.tripsavvy.com 1
base-uri https://www.mbank.pl; report-uri https://www.csp.mbank.pl; default-src 'none'; manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ad.doubleclick.net https://cdn.ampproject.org https://cdn.mbiscuit.mbank.pl https://cdn.skp.mbank.pl https://cdn.syndication.twimg.com https://connect.facebook.net https://ghmpl.hit.gemius.pl https://googleads.g.doubleclick.net https://maps.googleapis.com https://optimize.google.com https://pagead2.googlesyndication.com https://platform.twitter.com https://r.skp.mbank.pl https://s.ytimg.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://tagmanager.google.com https://tpc.googlesyndication.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.ampproject.org https://cdn.skp.mbank.pl https://fonts.googleapis.com https://fonts.gstatic.com https://optimize.google.com https://platform.twitter.com https://tagmanager.google.com https://ton.twimg.com https://www.mbank.pl; img-src 'self' data: https://*.fls.doubleclick.net https://abs.twimg.com https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.com https://cdn.ampproject.org https://cdn.skp.mbank.pl https://cm.g.doubleclick.net https://csi.gstatic.com https://ghmpl.hit.gemius.pl https://googleads.g.doubleclick.net https://i.ytimg.com https://khms0.googleapis.com https://khms1.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://marketing.tr.netsalesmedia.pl https://optimize.google.com https://pbs.twimg.com https://platform.twitter.com https://redirect.skp.mbank.pl https://region1.analytics.google.com https://region1.google-analytics.com https://s.ytimg.com https://ssl.google-analytics.com https://ssl.gstatic.com https://stats.g.doubleclick.net https://syndication.twitter.com https://tagmanager.google.com https://ton.twimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.hr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.no https://www.google.pl https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.mbank.pl; font-src 'self' data: https://cdn.mbiscuit.mbank.pl https://fonts.gstatic.com https://www.mbank.pl; connect-src 'self' https://ad.doubleclick.net https://adservice.google.com https://api.mbiscuit.mbank.pl https://api.skp.mbank.pl https://cdn.ampproject.org https://cm.g.doubleclick.net https://form.axaubezpieczenia.pl https://ghmpl.hit.gemius.pl https://googleads.g.doubleclick.net https://lp.skp.mbank.pl https://maps.googleapis.com https://pagead2.googlesyndication.com https://r.skp.mbank.pl https://redirect.skp.mbank.pl https://region1.analytics.google.com https://region1.google-analytics.com https://search.interconsystems.pl https://stats.g.doubleclick.net https://syndication.twitter.com https://tagmanager.google.com https://tracker.skp.mbank.pl https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.pl https://www.googletagmanager.com https://www.mbank.pl wss://api.skp.mbank.pl wss://r.skp.mbank.pl; media-src 'self' data: https://cdn.skp.mbank.pl https://www.mbank.pl; object-src 'self' https://www.mbank.pl https://www.youtube.com; frame-src 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://form.mbank.pl https://optimize.google.com https://platform.twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://www.facebook.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; child-src 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://form.mbank.pl https://tagmanager.google.com https://www.facebook.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; form-action 'self' https://form.mbank.com.pl https://form.mbank.pl https://www.mbank.pl; frame-ancestors 'self' https://www.mbank.pl; 1
script-src 'self' assets.adobedtm.com *.cognizant.com insight.adsrvr.org maps.googleapis.com www.google-analytics.com global.cognizant.com pi.pardot.com scripts.demandbase.com www.google-analytics.com px.ads.linkedin.com www.youtube.com tr.outbrain.com amplifypixel.outbrain.com munchkin.marketo.net ssl.google-analytics.com static.doubleclick.net ssl.google-analytics.com www.facebook.com connect.facebook.net www.googletagmanager.com connect.facebook.net miscmagazine.com graph.facebook.com api.linkedin.com api.instagram.com news.cognizant.com investors.cognizant.com *.onetrust.com api.twitter.com googleads.g.doubleclick.net static.doubleclick.net public.slidesharecdn.com www.slideshare.net saasfocus.com ideacouture.com digitally.cognizant.com originchddco.cognizant.com originchdai.cognizant.com originltfow.cognizant.com t.contentsquare.net t.contentsquare.net/uxa/* *.contentsquare.net api.company-target.com/* c.6sc.co cognizant.sc.omtrdc.net https: 'unsafe-inline' 'unsafe-eval' data: blob:; 1
default-src 'self'; connect-src 'self' https://www.google-analytics.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.funnelback.com https://*.abs.gov.au https://analytics.google.com; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; frame-src 'self' https://*.hotjar.com https://*.hotjar.io https://www.youtube.com https://www.youtube-nocookie.com https://platform.twitter.com https://www.facebook.com/ https://web.facebook.com/ https://maps.abs.gov.au/ https://absstats.maps.arcgis.com https://storymaps.arcgis.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://statmaps.abs.gov.au/; img-src 'self' data: blob: http://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.ytimg.com https://analytics.google.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://platform.twitter.com/ https://connect.facebook.net https://analytics.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ cdn.jsdelivr.net connect.facebook.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com platform.twitter.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; worker-src 'self' blob: https://*.hotjar.com https://*.hotjar.io; base-uri 'none'; form-action 'self' https://*.clients.funnelback.com https://*.abs.gov.au; frame-ancestors 'none'; upgrade-insecure-requests 1
object-src 'none'; frame-ancestors https://*.ncrvoyix.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'; 1
script-src 'nonce-s3nS8Snz9VaDL86cPV4-FQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about_appsheet_com; base-uri 'none' 1
connect-src 'self' https://*.i-ready.com https://*.trackjs.com https://*.google-analytics.com https://*.googletagmanager.com; frame-ancestors 'none'; 1
default-src 'self' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch data: https://www.metanet.ch; base-uri 'none'; connect-src 'self' https://region1.google-analytics.com/ https://*.consentmanager.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://activity.wisepops.com https://popup.wisepops.com https://tracking.wisepops.com https://app.getwisp.co https://wisepops.net https://notifications.wisepops.com https://sst.metanet.ch https://pagesense-collect.zoho.eu https://salesiq.zohopublic.eu wss://vts.zohopublic.eu https://vts.zohopublic.eu https://pagead2.googlesyndication.com; font-src 'self' data: https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://fonts.gstatic.com https://css.zohocdn.com https://pagead2.googlesyndication.com; frame-ancestors 'self'; frame-src 'self' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://www.youtube.com https://bid.g.doubleclick.net https://td.doubleclick.net https://notifications.wisepops.com https://wisepops.net https://pagead2.googlesyndication.com; img-src 'self' data: https://*.consentmanager.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.de https://www.google.at https://www.google.ch https://*.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://static.metanet.ch https://www.gstatic.com https://ssl.gstatic.com https://cdn.wisepops.com https://tracking.wisepops.com https://dx4nr741tfc02.cloudfront.net https://wisp-production-storage.s3.amazonaws.com https://cdn.wisepops.net https://pagesense-collect.zoho.eu https://pagead2.googlesyndication.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://cdn.wisepops.com https://loader.wisepops.com https://app.getwisp.co https://wisepops.net https://cdn.wisepops.net https://sst.metanet.ch https://cdn-eu.pagesense.io https://salesiq.zohopublic.eu https://js.zohocdn.com https://js.zohostatic.eu https://pagead2.googlesyndication.com; style-src 'self' 'unsafe-inline' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://fonts.googleapis.com https://css.zohocdn.com https://css.zohostatic.eu https://pagead2.googlesyndication.com 1
connect-src venus.yidianzixun.com:9001 venus.yidianzixun.com:3081 venus.yidianzixun.com:3082 venus.yidianzixun.com:3083 http://dev.yidianzixun.com:3080 http://*.yidianzixun.com https://*.yidianzixun.com http://yun.lvehaisen.com http://*.go2yd.com http://*.baidu.com https://*.baidu.com https://*.baidustatic.com http://www.qchannel03.cn http://engine.tuistone.com; frame-ancestors 'self' 1
frame-ancestors 'none'; form-action 'self'; 1
frame-ancestors 'self' https://*.inconvo.chat https://*.yougov.chat 1
default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' https://gebrauchtwagen.autobild.de https://vorschau.autobild.de https://interred.autobild.de 1
frame-ancestors 'self' https://www.bing.com https://www.google.com https://*.search.yahoo.com https://www.naver.com https://www.baidu.com 1
frame-ancestors 'self' ssense.com *.ssense.com 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.yieldify.com/ 1
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.ca  *.interactivebrokers.com.hk  *.interactivebrokers.hk  *.interactivebrokers.ch  *.interactivebrokers.eu  *.interactivebrokers.ie  *.interactivebrokers.lu  *.interactivebrokers.hu  *.interactivebrokers.com.sg  *.ibkr.com.sg  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  IBKR.docebosaas.com  *.interactiveadvisors.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.clientam.ch  *.youtube.com  *.clientam.com.hk  *.go-mpulse.net  *.akstat.io  *.lynxbroker.com  impact.interactivebrokers.com  widgets.tipranks.com  site.recognia.com  *.portfolioanalyst.com  portfolioanalyst.com  www.portfolioanalyst.com  www.interactivebrokers.com  https://www.interactivebrokers.com/  ibkr.paxosclients.com  worldtrader.hsbc.ae  *.xstaging.tv  *.ibkrcampus.com  ibkrcampus.com  www.ibkrguides.com  *.greenwichcompliance.com; 1
frame-ancestors 'self' *.crestron.com *.crestron.com:81; 1
default-src 'self' 'unsafe-inline'; script-src cloud.ru content.cloud.ru cdn.cloud.ru mtm.sbercloud.tech *.mindbox.ru *.jivo.ru ad.adriver.ru dmp.sbermarketing.ru www.googleanalytics.com www.google-analytics.com www.googleoptimize.com www.googletagmanager.com www.googleadservices.com mc.yandex.ru connect.facebook.net top-fwz1.mail.ru api.ipify.org vk.com googleads.g.doubleclick.net yastatic.net *.cdnvideo.ru st.top100.ru www.youtube.com optimize.google.com abt.s3.yandex.net www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval' data: blob:; img-src *.ops.beeline.ru *.jivo.ru tech.rtb.mts.ru *.hc.sbercloud.ru *.hc.cloud.ru rogue-peach-406.notion.site verok.notion.site optimize.google.com i.ytimg.com mc.yandex.ru cdn.cloud.ru cdn.sbercloud.ru aicloudnamespace.s3pd02.sbercloud.ru cloud.ru www.google.com www.google.ru vk.com www.google-analytics.com www.facebook.com www.googletagmanager.com content.cloud.ru google-analytics.bi.owox.com kraken.rambler.ru top-fwz1.mail.ru ad.adriver.ru *.mindbox.ru data:; connect-src console.cloud.ru *.jivo.ru *.mindbox.ru uaas.yandex.ru dmp.sbermarketing.ru mlspace.aicloud.sbercloud.ru cloud.ru api.cloud.ru mtm.sbercloud.tech www.facebook.com www.google-analytics.com mc.yandex.ru top-fwz1.mail.ru stats.g.doubleclick.net vk.com kraken.rambler.ru sentry.sbercloud.tech analytics.google.com wss://*.jivo.ru blob:; frame-src console.cloud.ru vk.com rutube.ru content.adriver.ru optimize.google.com w.soundcloud.com readymag.website readymag.com www.facebook.com www.youtube.com mc.yandex.ru www.google.com recaptcha.google.com blob:; media-src cdn.cloud.ru cdn-video.cloud.ru cloud.ru *.jivo.ru; style-src cloud.ru optimize.google.com *.jivo.ru fonts.googleapis.com 'unsafe-inline'; font-src cloud.ru fonts.gstatic.com data:; worker-src blob:; child-src mc.yandex.ru blob:; style-src-elem 'unsafe-inline' cloud.ru  *.jivo.ru *.mindbox.ru; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' attentivemobile.com events.attentivemobile.com demdex.net dpm.demdex.net *.amazonaws.com m.media-amazon.com static-na.payments-amazon.com apay-us.amazon.com www.dwin1.com *.a.bigcontent.io *.adnxs.com adnxs.com bidswitch.net x.bidswitch.net bluekai.com *.bluekai.com cloudflare.com *.cloudflare.com *.cloudfront.net cohimg.net *.coachoutlet.com coachoutlet.com *.stuartweitzman.com *.criteo.com *.facebook.com *.facebook.net *.forter.com forter.com stickyadstv.com ads.stickyadstv.com www.googleadservices.com *.gstatic.com adservice.google.co.id 360yield.com ad.360yield.com *.yahoo.com casalemedia.com ivitrack.com matching.ivitrack.com cm.adgrx.com klarna.com *.klarna.com klarnacdn.net *.klarnacdn.net klarnaevt.com *.klarnaevt.com klarnaservices.com *.klarnaservices.com jsdelivr.net *.jsdelivr.net liadm.com *.liadm.com media.net contextual.media.net mediavine.com exchange.mediavine.com mediawallahscript.com partner.mediawallahscript.com mountain.com *.mountain.com micpn.com pmwclnsg.micpn.com postrelease.com jadserve.postrelease.com agkn.com aa.agkn.com *.online-metrix.net online-metrix.net outbrain.com *.outbrain.com pinimg.com s.pinimg.com pdst.fm cdn.pdst.fm powerreviews.com *.powerreviews.com pubmatic.com simage2.pubmatic.com revcontent.com trends.revcontent.com rubiconproject.com pixel.rubiconproject.com force.com *.force.com *.my.salesforce.com *.salesforceliveagent.com sharethrough.com match.sharethrough.com shoprunner.com *.shoprunner.com *.signifyd.com signifyd.com smartadserver.com rtb-csync.smartadserver.com sc-static.net snapchat.com tr.snapchat.com taboola.com sync-t1.taboola.com tapad.com tapestry.tapad.com teads.tv criteo-sync.teads.tv *.tiktok.com trackjs.com *.trackjs.com tremorhub.com criteo-partners.tremorhub.com 3lift.com eb2.3lift.com twitter.com *.twitter.com ads-twitter.com static.ads-twitter.com ad.smaato.net s.ad.smaato.net rqtrk.eu ws.rqtrk.eu wknd.ai tag.wknd.ai *.attn.tv *.bing.com *.btttag.com *.bluecore.com *.creativecdn.com certona.net *.certona.net www.res-x.com cloudfront.net *.coach.com coach.com *.cquotient.com cquotient.com *.criteo.net *.doubleclick.net doubleclick.net facebook.net *.google.com www.google.com.gt www.google.jo www.google.az *.google.com.lb *.google.co.ma www.google.com.ag www.google.com.jm www.google.mk www.google.com.om www.google.com.my www.google.co.nz www.google.com.au www.google.al www.google.se www.google.com.uy *.google.co.in www.google.co.cr www.google.co.uk www.google.cn www.google.com.ar www.google.hn *.google.iq www.google.ps www.google.hr www.google.com.np www.google.co.za www.google.com.ec www.google.com.kw www.google.com.bd www.google.at *.google.com.gh www.google.ro *.google.am www.google.ca www.google.com.mm *.google.it www.google.kg www.google.pt www.google.com.tw www.google.sr www.google.rw www.google.com.ng www.google.co.jp www.google.ba www.google.bg www.google.com.bo www.google.com.tj ww.google.com.cy www.google.co.tz www.google.rs *.google.bs www.google.ci www.google.im www.google.es www.google.ga www.google.co.ug www.google.co.vi www.google.gy www.google.mn www.google.com.cy www.google.com.vc www.google.com.pg www.google.com.qa www.google.dz www.google.cl www.google.so www.google.la *.google.com.sg *.google.com.co www.google.by www.google.com.sv www.google.com.br *.google.ae www.google.com.do *.google.com.mx *.google.co.il www.google.sn www.google.com.fj www.google.si www.google.dk www.google.lv *.google.com.pe www.google.tn www.google.md *.google.com.ua www.google.com.ly www.google.com.bn www.coachoutlet.cn www.google.tt www.google.gr www.google.co.id www.google.ch www.google.be www.google.mu www.forbes.com www.google.lk www.google.com.mt *.google.com.sa www.google.com.eg www.google.de www.google.cz *.google.lt *.google.com.bh *.google.com.ph www.google.com.pa *.cloudfunctions.net www.googletagmanager.com *.google.co.th www.google.nl www.google.co.ke www.google.pl www.google.com.bz www.google.mw www.google.ht www.google.ge www.google.mv www.google.ee www.google.lu *.google.ie www.google.sk www.google.mg www.google.co.uz www.google.com.ni www.google.hu www.google.com.cu www.google.com.py *.google.com.kh www.google.co.kr www.google.no www.google.fi www.google.co.zm *.google.co.ve www.google.fr *.google.com.vn *.google.com.tr *.google-analytics.com *.google.kz www.google.com.hk *.google.ru *.google.com.pr *.cookielaw.org onetrust.com *.onetrust.com *.optimizely.com optimizely.com *.paypal.com www.paypalobjects.com pinterest.com *.pinterest.com *.quantummetric.com *.rakuten.com tangiblee.com *.tangiblee.com adsrvr.org *.adsrvr.org techlab-cdn.com p11.techlab-cdn.com *.bounceexchange.com api.bluecore.app cnstrc.com *.cnstrc.com *.audioeye.com *.shoppinggives.com api.images.drivecommerce.com api.addressy.com sync-criteo.ads.yieldmo.com services.postcodeanywhere.co.uk *.adyen.com tapes11111.pcapredict.com *.googleapis.com img1.cohimg.net match.prod.bidr.io jelly.mdhv.io images.coach.comis visitor.omnitagjs.com *.socdm.com *.casalemedia.com ade.clmbtech.com events.bouncex.net *.shoprunner.io adx.dable.io ad.tpmn.co.kr cdn.aralego.net sync.1rx.io he.lijit.com cm.adform.net e.dlx.addthis.com 68794905.akstat.io trial-eum-clienttons-s.akamaihd.net login.dotomi.com s.thebrighttag.com ad.yieldlab.net beacon.krxd.net *.amplience.net aorta.clickagy.com thrtle.com p.alcmpn.com *.googlesyndication.com statsigapi.net sync.aralego.com cs.adingo.jp *.rlcdn.com us-u.openx.net cdn.wyng.com pippio.com fast.fonts.net api2.fonts.com www.yext-pixel.com *.drrv.co tapestry.support jira.tapestry.support *.needle.com *.my.salesforce-sites.com *.mapbox.com dynl.mktgcdn.com www.upsellit.com api.bounce-commerce.de smct.co edgeshoppingstatic.azureedge.net cdn.honey.io t.co cdn.ivaws.com sentry.io *.sentry.io api.fillr.com sas.selleramp.com 905trk.com *.instagram.com ln-rules.rewardstyle.com www.coachthailand.win www.shopstyle.com www.foxnews.com *.dealmoon.com tracking.narvar.com go.magik.ly mostlycoupons.com yandex.ru rd.bizrate.com lustrelife.com *.55haitao.com www.bradsdeals.com www.dealmoon.ca rstyle.me www.groupon.com coccoc.com *.coachoutlet.co *.youtube.com youtube.com capitaloneshopping.com www.retailmenot.com www.buyandship.today thecouponboutique.com www.premiumoutlets.com m.baidu.com www.supermama.lt www.simon.com ww55.affinity.net www.savewithsydney.com *.securedvisit.com *.qualtrics.com *.linksynergy.com mpsnare.iesnare.com www.wepowerconnections.com *.loveslisa.tech id5-sync.com *.simpli.fi *.talkable.com track.sv.rkdms.com cdn.shopping.gives *.cloudinary.com cms.katespade.com yastatic.net www.buyma.com tapestryinc.us-7.evergage.com fonts.cdnfonts.com safe.menlosecurity.com s.pubmine.com i.ytimg.com brandcycle.trackonomics.net www.metziahs.com *.kampyle.com *.medallia.com *.fwmrm.net tag.yieldoptimizer.com shareasale.com *.scene7.com app.collectivevoice.com *.rewardStyle.com brandcycle.net link.shoplooks.com slooks.top smilekols.com go.magik.ly media.paroleparis.com c.fanstoshop qa.res-x.com *.monetate.net *.kargo.com *.persado.com *.persa.do *.bluecore.app *.pub.lilyai.net c.amazon-adsystem.com *.shopify.com *.cdn.shopifycloud.com shop.app *.shopifysvc.com *.stripe.com *.tapestry.com *.pixlee.co *.turnto.com *.edgecastcdn.net *.pixlee.com *.pixleeteam.com *.pxlecdn.com *.kahoona.io *.afterpay.com *.squarecdn.com data: blob:; 1
base-uri 'self'; default-src 'self'; connect-src 'self' https://thg-ingenuity-admin.thg-corporate.com https://px.ads.linkedin.com https://*.zoho.eu https://salesiq.zoho.eu *.contentsquare.net wss://*.zohopublic.eu https://*.zohopublic.eu https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://facebook.com https://track.gaconnector.com https://*.analytics.google.com https://vimeo.com https://bat.bing.com wss://*.hotjar.com https://content.hotjar.io https://cdn.linkedin.oribi.io https://adservice.google.com https://*.google.com https://*.google.co.uk https://*.google.ie https://*.google.ro https://*.hotjar.io https://*.hotjar.com https://*.gaconnector.com https://scout.salesloft.com https://*.googlesyndication.com https://c.az.contentsquare.net; font-src 'self' https://fcdn.thg-corporate.com/' data: 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://fcdn.thg-corporate.com/  https://css.zohocdn.com; frame-src data: blob: 'self' https://fcdn.thg-corporate.com/ https://thg-ingenuity-admin.thg-corporate.com/ https://static.googleusercontent.com/ https://research.google.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://vars.hotjar.com https://js.stripe.com https://player.vimeo.com https://gateway.zscalertwo.net https://www.facebook.com https://checkout.stripe.com https://hooks.stripe.com https://catalogue.thehutgroup.com https://td.doubleclick.net https://forms.zohopublic.eu https://www.linkedin.com https://online.fliphtml5.com https://s3.eu-west-1.amazonaws.com; img-src 'self' https://fcdn.thg-corporate.com/ *.contentsquare.net  https://*.linkedin.com https://www.googletagmanager.com https://*.thcdn.com data: https://salesiq.zohopublic.eu https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.google.co.uk https://*.google.ie https://*.google.ro https://*.bing.com https://*.facebook.com https://*.vimeocdn.com https://www.google-analytics.com https://c.az.contentsquare.net; script-src 'unsafe-inline' 'self' 'unsafe-eval' https://js.zohostatic.eu https://static.zohocdn.com t.contentsquare.net app.contentsquare.com https://tracker.gaconnector.com/gaconnector.js https://tracker.gaconnector.com/gaconnector-server.js https://snap.licdn.com https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://js.zohocdn.com https://salesiq.zoho.eu https://www.google-analytics.com https://crm.zoho.eu https://googleads.g.doubleclick.net https://bat.bing.com https://ma.zoho.eu https://track.gaconnector.com https://maillist-manage.eu https://connect.facebook.net https://js.stripe.com https://*.zoho.eu http://*.zoho.eu httpF://maillist-manage.eu https://checkout.stripe.com https://*.doubleclick.net https://*.hotjar.com https://px.ads.linkedin.com https://scout-cdn.salesloft.com https://*.linkedin.com; style-src 'self' 'unsafe-inline' data: https: https://fonts.googleapis.com https://fcdn.thg-corporate.com/  https://css.zohocdn.com https://css.zohostatic.eu; object-src 'none'; worker-src 'self' blob:; media-src 'self' https://fcdn.thg-corporate.com/ https://blogscdn.thehut.net https://catalogue.thehutgroup.com; report-uri https://csp.thehut.net/cspReport.txt; report-to csp-endpoint; 1
frame-ancestors 'self' studio.yourstory.com; 1
default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://*.nuance.com https://*.wf.com https://*.google.com; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://www.facebook.com https://cx.atdmt.com https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://*.mworld.com https://*.postrelease.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://*.advanced-web-analytics.com https://iframe.arkoselabs.com https://*.doubleclick.net; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nuance.com; script-src 'nonce-30f14501-5205-4f70-86f0-10bde2e20f39' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.nuance.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp 1
default-src 'self' *  ;style-src  https: data: 'unsafe-inline';img-src  https: blob: data:;child-src data:;object-src 'none';worker-src blob: https://*.olx.bg  ;frame-src  https: blob:;script-src  https: 'unsafe-inline' 'unsafe-eval';font-src data: 'self' https: ;connect-src 'self' * blob: 1
frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com www.acquiaacademy.com acquia.seismic.com app.veertly.com widen--servcom.sandbox.my.site.com widen--sitepreview.na135.force.com community.widen.com acquia.atlassian.net rise.articulate.com; report-uri /report-csp-violation 1
frame-ancestors 'self' https://parapetstudios.com https://www.parapetstudios.com https://overseer.gp4f.com https://www.overseer.gp4f.com https://ows.smartoptix.com https://www.ows.smartoptix.com 1
connect-src https: wss://api-alb.rainn.org 'unsafe-inline' 'unsafe-eval' 1
default-src https://tpc.googlesyndication.com https://*.safeframe.googlesyndication.com 'self'; img-src data: https://pagead2.googlesyndication.com https://click.topturizm.ru https://d2ttnongggltje.cloudfront.net https://top-fwz1.mail.ru https://onesignal.com https://*.onesignal.com https://matchid.adfox.yandex.ru https://*.adfox.ru http://banners.adfox.ru https://hexagon-analytics.com https://*.g.doubleclick.net https://s.youtube.com https://www.kayak.com https://*.facebook.com https://*.clicktripz.com https://*.amazonaws.com https://*.gstatic.com https://*.googleapis.com https://img.twiket.cfafom.ua https://media.expedia.com https://www.google-analytics.com https://servedbyadbutler.com https://b.siftscience.com https://usage.trackjs.com https://*.amadeus.com https://*.onetwotrip.com https://*.google.com https://www.google.ru https://ads.otthyper.com https://*.rackcdn.com https://*.mapbox.com https://*.bstatic.com https://img.twiket.com.ua https://cdn.cartrawler.com https://www.tcsbank.ru https://level.travel https://*.4sqi.net https://d2f9dw3b0opbul.cloudfront.net https://www.sixt.de https://*.olt.su https://s3.level.travel https://static.europcar.com https://*.vk.com https://vk.com https://an.yandex.ru https://tpc.googlesyndication.com https://www.google.com.ua https://ad.mail.ru https://mc.yandex.ru https://*.googleusercontent.com 'self'; script-src https://*.googletagmanager.com https://cdn.polyfill.io https://partner.tophotels.ru https://banners.adfox.ru https://top-fwz1.mail.ru https://onesignal.com https://*.onesignal.com https://*.doubleclick.net https://*.clicktripz.com https://matchid.adfox.yandex.ru https://ads.adfox.ru https://npmcdn.com https://connect.mail.ru https://static.olark.com https://*.gstatic.com https://www.odnoklassniki.ru https://connect.ok.ru https://*.facebook.net https://*.facebook.com https://*.amazonaws.com https://*.googleapis.com https://*.addthis.com https://yastatic.net https://*.criteo.com https://static.criteo.net https://*.google.com https://*.google.com.ua https://www.googleadservices.com https://*.otthyper.com https://www.google-analytics.com https://www.googletagservices.com https://adservice.google.ru https://cdn.ampproject.org https://*.googlesyndication.com https://*.onetwotrip.com https://vk.com https://www.tns.counter.ru https://bs.serving-sys.com https://adriver.ru https://gemius.pl https://weborama.com https://*.splitmetrics.com https://dalusewymm5m7.cloudfront.net https://*.googletagmanager.com.ua https://*.googletagmanager.de https://adservice.google.com https://js.crypto.com https://*.bridgerpay.com https://*.googleusercontent.com https://appleid.cdn-apple.com https://mc.yandex.ru 'self' 'unsafe-inline' 'unsafe-eval'; frame-src https: ; connect-src https://pagead2.googlesyndication.com https://*.g.doubleclick.net https://csi.gstatic.com https://ads.adfox.ru https://translate.yandex.net https://servedbyadbutler.com https://*.onetwotrip.com https://ads.otthyper.com https://capture.trackjs.com https://*.youtube.com https://www.google-analytics.com https://www.tcsbank.ru https://connect.mail.ru https://onesignal.com https://*.onesignal.com https://*.blablacar.com https://*.clicktripz.com https://top-fwz1.mail.ru https://*.splitmetrics.com wss://*.onetwotrip.com https://tpc.googlesyndication.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://mc.yandex.ru 'self'; style-src https://tagmanager.google.com https://partner.tophotels.ru https://npmcdn.com https://*.amazonaws.com https://*.googleapis.com https://onesignal.com https://*.onesignal.com https://*.facebook.com https://partner.onetwotrip.com https://*.googletagmanager.com.ua https://*.googletagmanager.de https://www.google-analytics.com https://fonts.googleapis.com 'self' 'unsafe-inline'; font-src https://static.onetwotrip.com https://fonts.gstatic.com https://partner.onetwotrip.com https://fonts.googleapis.com 'self' data: ; form-action *; report-uri https://www.onetwotrip.com/_api/statistics/addCSPR; object-src https://ott-static.s3.eu-central-1.amazonaws.com; frame-ancestors https://*.onetwotrip.com https://vk.com https://*.vk.com https://trvl.spasibosberbank.travel 'self'; 1
block-all-mixed-content; frame-src 'self' https://*.uber.com https://*.ubereats.com http://*.cdn-net.com https://tr.snapchat.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://www.google.com/recaptcha/ https://auth.uberinternal.com https://gumi.criteo.com/ https://mug.criteo.com https://gum.criteo.com https://catalogs.uberinternal.com/ bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net *.optimizely.com; worker-src 'self' blob:; child-src 'self' blob: bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net; connect-src 'self' 'self' https://*.uber.com https://duyt4h9nfnj50.cloudfront.net https://d3fa76b550dpw9.cloudfront.net https://d4p17acsd5wyj.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://dkl8of78aprwd.cloudfront.net https://cn-geo1.uber.com https://d1goeicueq33a8.cloudfront.net https://siteintercept.qualtrics.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://analytics.tiktok.com https://analytics.google.com https://dynamic.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://sslwidget.criteo.com https://tr.snapchat.com https://app.paypay.ne.jp https://stg.paypay-corp.co.jp https://image.paypay.ne.jp https://d1g1f25tn8m2e6.cloudfront.net https://www.google.com/pagead/landing https://googleads.g.doubleclick.net/pagead/landing https://dyguxp1m9tbrw.cloudfront.net https://u-vsm.tmobiapi.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://maps.googleapis.com https://www.gstatic.com https://44.238.122.172 https://100.20.58.101 https://35.85.84.151 https://44.228.85.26 https://34.215.155.61 https://35.160.46.251 https://52.71.121.170 https://18.210.229.244 https://44.212.189.233 https://3.212.39.155 https://52.22.50.55 https://54.156.2.105 events.uber.com api.mixpanel.com d3i4yxtzktqr9n.cloudfront.net *.optimizely.com *.google-analytics.com *.tealiumiq.com *.demdex.net https://api-js.mixpanel.com; manifest-src 'self' https://*.uber.com; form-action 'self' https://tr.snapchat.com https://www.facebook.com/tr/ https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com; frame-ancestors 'self' https://www.nimblerx.com https://static-team-ops.nimbleandsimple.com https://pharma.uber.com http://local.shakeshack.com https://shakeshack.prod.acquia-sites.com https://www.shakeshack.com https://dev.shakeshack.com https://stg.shakeshack.com https://shakeshack.com https://pre-prod.shakeshack.com https://stg-green.shakeshack.com https://stg-alt.shakeshack.com https://front-hml-delivery.azurewebsites.net https://front-dev-delivery.azurewebsites.net https://front-prd-delivery.azurewebsites.net https://deliverycontrol.grupomadero.com.br https://delivery.grupomadero.com.br https://staging-shop.mccolls.co.uk https://shop.mccolls.co.uk https://stoq.shop https://staging.stoq.shop https://admin.stoq.shop https://admin-staging.stoq.shop https://www.gcom.com.br https://www.spoleto.com.br https://www.koni.com.br https://www.lebonton.com.br https://www.gokoni.com https://www.cutthecrap.com.br https://www.risierisoteria.com.br https://www.giustoculinaria.com.br https://www.roomservicedelivery.com.br https://www.strogonosso.com.br https://voalzira.online/ https://voalzira.online/minhaloja https://medmate.com.au https://order.manoosh.com.au https://test.expresskfc.com/ https://expresskfc.com/ https://www.test.expresskfc.com/ https://www.expresskfc.com/ https://kfccostarica.cr/ https://www.kfccostarica.cr/ https://express.dospinos.com/ https://mcstaging.dospinos.com/ https://shopuat.pxpay.com.tw/ https://shop.pxpay.com.tw/ https://app.cocinasocultas.com https://app.foodstarsuk.com https://app.pruebehubster.com https://app.pruebehubster.com.mx https://app.tryhubster.co.uk https://app.tryhubster.com https://app.tryhubster.com.au https://app.tryotter.com https://catalogs.uberinternal.com https://catalogs-staging.uberinternal.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://health-staging.uber.com https://health.uber.com https://admin.restoplus.com https://admin.staging.restoplus.com https://admin.qa1.restoplus.com https://admin.qa2.restoplus.com https://admin.qa3.restoplus.com https://admin.qa4.restoplus.com https://admin.qa5.restoplus.com https://admin.qa6.restoplus.com https://orders.restoplus.com https://orders.staging.restoplus.com https://orders.qa1.restoplus.com https://orders.qa2.restoplus.com https://orders.qa3.restoplus.com https://orders.qa4.restoplus.com https://orders.qa5.restoplus.com https://orders.qa6.restoplus.com https://pos.restoplus.com https://pos.staging.restoplus.com https://pos.qa1.restoplus.com https://pos.qa2.restoplus.com https://pos.qa3.restoplus.com https://pos.qa4.restoplus.com https://pos.qa5.restoplus.com https://pos.qa6.restoplus.com https://beta-shop.cashier.tw https://shop.cashier.tw https://indev-webapp.cashier.tw https://indev-beta-shop.cashier.tw https://indev-shop.cashier.tw https://us-int-office.tabit-int.com https://us-office.tabit-stage.com/auth/login https://us-demo-office.tabit-stage.com https://us-office.tabit.cloud https://foxtrotco.com/tracking https://foxtrotco.com/orderconfirmation https://foxtrotco.com/home https://foxtrotco.com https://app.onhere.com.br https://beta.inline.app https://staging.inline.app https://inline.app https://shane.machinat.dev/ https://app.topcaisse.fr https://ordering.ritas.com http://ordering.ritas.com https://ordering.ritas.stage.demotesturl.net http://ordering.ritas.stage.demotesturl.net https://*.cookiedelivery.com ee.magento.test 245.magento.test uber.improntus.dev https://dev.kfc.co.uk https://qa.kfc.co.uk https://brand.preprod.platform.kfcapi.com/ https://www.kfc.co.uk/ https://qa-kfc-za.eu.cognizantorderservnxtgen.com/ https://dev-kfc-za.eu.cognizantorderservnxtgen.com/ https://uat-kfc-za.eu.cognizantorderservnxtgen.com/ https://perf-kfc-za.eu.cognizantorderservnxtgen.com/ https://pen-kfc-za.eu.cognizantorderservnxtgen.com/ https://betatest.kfc.co.za/ https://order.kfc.co.za/ https://shop.pxgo.com.tw/ https://shopuat.pxpay.com.tw/ https://delivery.jimmybrings.com.au/ https://staging.jimmybrings.com.au/ https://beta.jimmybrings.com.au/ https://49171584-9e6d-4979-ab61-27a301a7e33e-production.au.prd.c.deity.cloud/ https://42d9d738-3eab-441f-91de-1afcd88b770f-acceptance.au.prd.c.deity.cloud/ https://1b8d2377-9260-4384-bc9f-aa1086543c69-test.au.prd.c.deity.cloud/ https://jimmybrings.com.au/ https://www.kfccostarica.cr https://www.kfccostarica.com https://kfccostarica.cr https://kfccostarica.com https://edb-staging.uber.com https://edb.uber.com 'self' quiznos.co.cr https://quiznos.co.cr https://pos.mymealsy.com https://stage.mymealsy.com https://dev.mymealsy.com https://fast.tk3c.com https://fdtest.tk3c.com https://panda-express.wallia.dev https://127.0.0.1:5173/ https://test.tacobellpr.com/ https://test.arcoprueba.com/ https://www.tacobellpr.com/ https://tacobellpr.com/ https://www.kfcpuertorico.com/ https://kfcpuertorico.com/ https://boba.rbteawalnut.com/ https://qjmpdemo.altaineapps.com/ https://stinkerapi.altaineapps.com/ https://mapcoapi.altaineapps.com/ https://loyalty.ritasice.com https://loyalty.stage.demotesturl.net https://loyalty.training.demotesturl.net https://loyalty.dev.demotesturl.net https://web-ordering.test.apps.gyg.com.au/ https://web-ordering.staging.apps.gyg.com.au/ https://order.guzmanygomez.com.au/ https://*.order.staging.apps.gyg.com.au/ https://*.order.test.apps.gyg.com.au/ https://*.order.prod.apps.gyg.com.au https://test-store.deliclever.com/ https://vicio.menu/ https://*.homeriabktest.com https://*.burgerkingemcasa.com https://*.burgerkingencasa.es https://*.windelivery-alsea.com https://*.windelivery.es https://*.windelivery.io https://uboard.ueat.io https://uboard-beta.ueat.io https://uboard-staging.ueat.io https://uboard.ueat.dev *.appspaces.ca *.paidshipping.com *.shiptime.com https://darwinnow.io/ https://darwinfood.com https://ewpf-staging.uber.com/ https://ewpf.uber.com/ https://yurinowqa.azurewebsites.net http://takeaway.sticksnsushi.com https://*.flipdish.com https://*.inovretail.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com 'nonce-be50037e-538d-4c70-9909-df35a8adf710' https://bat.bing.com https://*.qualtrics.com https://analytics.twitter.com http://www.googletagservices.com http://*.cdn-net.com https://sc-static.net https://tr.snapchat.com https://*.yjtag.jp https://yjtag.yahoo.co.jp https://b92.yahoo.co.jp https://*.yimg.jp https://*.outbrain.com https://www.redditstatic.com https://analytics.tiktok.com https://dynamic.criteo.com https://static.criteo.net https://sslwidget.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://d4p17acsd5wyj.cloudfront.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://dca.ubereats.com https://phx.ubereats.com https://ln-rules.rewardstyle.com/bookmarklet.js https://dx.mountain.com/spx https://gs.mountain.com/gs https://px.mountain.com/st https://js.adsrvr.org/up_loader.1.1.0.js 'unsafe-eval' script.crazyegg.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com maps.google.com tags.tiqcdn.com beacon.krxd.net cdn.krxd.net cdn.mxpnl.com www.googleadservices.com www.ziprecruiter.com analytics.recruitics.com edge.quantserve.com secure.quantserve.com connect.facebook.net cdn.nanigans.com api.nanigans.com *.adroll.com s.yimg.com sp.analytics.yahoo.com click.app-cast.com i.l.inmobicdn.net *.optimizely.com *.tealiumiq.com *.doubleclick.net static.ads-twitter.com https://www.google-analytics.com https://ssl.google-analytics.com maps.googleapis.com maps.google.com; style-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com https://api.tiles.mapbox.com https://fonts.googleapis.com; report-uri https://csp.uber.com/csp?a=web-eats-v2&ro=false 1
style-src 'self' 'unsafe-inline' https://www.denic.de https://fonts.googleapis.com; object-src 'self'; script-src 'self' https://app.guestoo.de https://www.denic.de https://my.visme.co https://denic.matomo.cloud https://cdn.matomo.cloud 'unsafe-inline'; img-src 'self' data: https://www.denic.de https://denic.matomo.cloud https://cdn.matomo.cloud; frame-src 'self' https://app.guestoo.de https://my.visme.co 1
default-src https: 'self' data:; font-src https: data:; img-src https: data:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 1
frame-ancestors 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://ajax.googleapis.com https://www.google.com; 1
default-src 'none';script-src 'self' 'unsafe-inline' https://js.stripe.com https://ct.pinterest.com https://api.livechatinc.com https://formstack.com https://pi.pardot.com https://info.anchor.com.au https://widget.trustpilot.com https://www.googletagmanager.com https://connect.facebook.net https://platform.twitter.com https://www.google-analytics.com https://www.googleadservices.com https://s.adroll.com https://static.ads-twitter.com https://s.pinimg.com https://s.yimg.com https://static.getclicky.com https://sys.greechat.com https://analytics.formstack.com https://d.adroll.mgr.consensu.org https://cdn.livechatinc.com https://sp.analytics.yahoo.com https://googleads.g.doubleclick.net https://analytics.twitter.com https://secure.livechatinc.com https://d.adroll.com https://digitalpacificgroup.formstack.com https://static.formstack.com https://hostopia.bamboohr.com https://f.vimeocdn.com https://in.getclicky.com; img-src 'self' https://sp.analytics.yahoo.com https://analytics.twitter.com https://www.google.co.in https://pixel.prfct.co https://image2.pubmatic.com https://cm.g.doubleclick.net  https://x.adroll.com  https://mlvgk8mdrlmi.i.optimole.com https://secure.gravatar.com https://t.co https://www.google-analytics.com https://ct.pinterest.com https://www.facebook.com https://syndication.twitter.com https://stats.g.doubleclick.net https://www.google.com https://www.google.com.au https://d.adroll.com https://pixel.advertising.com https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://sync.outbrain.com https://simage2.pubmatic.com https://ads.yahoo.com https://eb2.3lift.com https://x.bidswitch.net https://sync.taboola.com https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://match.adsrvr.org https://rc.rlcdn.com https://csyn-r.cxense.com https://seg.sharethis.com https://resources.bamboohr.com https://crucialau.activehosted.com data: 'unsafe-inline';style-src 'self' 'unsafe-inline' https://static.formstack.com https://hostopia.bamboohr.com;font-src 'self' https://static.formstack.com https://themes.googleusercontent.com data: 'unsafe-inline'; frame-src https://js.stripe.com https://ct.pinterest.com https://x.adroll.com https://td.doubleclick.net https://widget.trustpilot.com https://platform.twitter.com https://www.facebook.com https://secure.livechatinc.com https://player.vimeo.com https://www.youtube.com; connect-src https://d.adroll.com https://analytics.google.com https://digitalpacificgroup.formstack.com https://www.google-analytics.com https://s.yimg.com https://ct.pinterest.com https://hostopia.bamboohr.com; media-src https://cdn.livechatinc.com; 1
frame-src https://*; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.uibk.ac.at; style-src 'self' 'unsafe-inline' https://*.uibk.ac.at; img-src 'self' data: https://*.uibk.ac.at; media-src 'self' blob: https://*.uibk.ac.at; font-src 'self' data: https://*.uibk.ac.at; object-src 'self'; base-uri 'self'; form-action 'self' https://*.uibk.ac.at; default-src 'self' https://*.uibk.ac.at; 1
frame-ancestors https://*.builder.io https://builder.io http://localhost:1234 1
default-src 'self' customer-cubrih08bflu3z2b.cloudflarestream.com pages.churnbuster.io ghbtns.com *.algolia.net help.ghost.io resources.ghost.io tutorials.ghost.io changelog.ghost.io t.firstpromoter.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net https://cdn.firstpromoter.com proxy-assets.churnbuster.io https://static.ads-twitter.com https://e.ghost.org https://*.posthog.com; style-src 'self' 'unsafe-inline' proxy-assets.churnbuster.io https://*.posthog.com; font-src 'self' rsms.me/inter/font-files/; img-src 'self' 'unsafe-inline' data: supapjpiqdfzuaordcdx.supabase.co/storage/ analytics.twitter.com https://t.co https://*.posthog.com; connect-src 'self' https://*.algolia.net https://*.algolianet.com analytics.twitter.com https://ads-api.twitter.com/ t.firstpromoter.com https://e.ghost.org https://*.posthog.com; 1
default-src 'none'; script-src 'self' blob: 'nonce-ISBgbWp1GpPjkrRtlFu6nQ==' 'unsafe-inline' 'unsafe-eval' mc.yandex.ru mc.yandex.com yandex.st yandex.com *.yandex.com yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.yandex-team.ru aflt.market.yandex.ru www.youtube.com *.vimeo.com s.ytimg.com lpc.s3.mdst.yandex.net abt.s3.yandex.net chat.s3.yandex.net *.api-maps.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yandex.com *.yandex.com ya.ru *.ya.ru; style-src 'self' 'unsafe-inline' 'unsafe-eval' yandex.com *.yandex.com yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.s3.yandex.net lpc.s3.mdst.yandex.net yandex.st banners.adfox.ru content.adfox.ru *.ya.ru; font-src 'self' data: yandex.ru an.yandex.ru *.s3.yandex.net yastatic.net yastat.net *.yandex.ru *.ya.ru; img-src * 'self' blob: data: android-webview-video-poster: *.yandex.net *.s3.yandex.net yastatic.net http://lpc.s3.mds.yandex.net http://yastatic.net mc.admetrica.ru avatars-fast.yandex.net favicon.yandex.net *.verify.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net avatars.mds.yandex.net *.yandex.ru *.yandex.com *.ya.ru; frame-src 'self' data: yabrowser: turbopages.org *.turbopages.org yandex.com *.yandex.com yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.yandex-team.ru *.video.yandex.ru *.market.yandex.ru www.youtube.com *.vimeo.com embed.megogo.net coub.com awaps.yandex.net yandexadexchange.net *.yandexadexchange.net banners.adfox.ru meyou.ru broadcast.comdi.com datalens.yandex partner.market.yandex.ru go.yandex yango.com yandexteam-my.sharepoint.com *.bookmate.ru bookmate.ru yandex.com yandex.com.tr yandex.com.am yandex.com.ge yandex.md yandex.by yandex.kz yandex.uz yandex.rs *.yandex.com *.yandex.com.tr *.yandex.com.am *.yandex.com.ge *.yandex.md *.yandex.by *.yandex.kz *.yandex.uz *.yandex.rs ya.ru *.ya.ru; media-src * 'self' data: blob: *.video.yandex.ru *.storage.yandex.net *.s3.yandex.net *.cdn.yandex.net yastatic.net *.yandex.net *.strm.yandex.ru yandex.st banners.adfox.ru content.adfox.ru yastat.net yandex.ru *.yandex.ru ya.ru *.ya.ru; connect-src 'self' blob: mc.yandex.com yandexmetrica.com:* mc.admetrica.ru yandex.com *.yandex.com yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.yandex-team.ru yandex.st milab.s3.yandex.net *.k50.ru *.k50dev.ru openkitchen.media auto.ru yango.com ads.adfox.ru ads6.adfox.ru *.yandex.com ya.ru *.ya.ru dev.introvert.bz *.yango.com; form-action https://*; worker-src blob: yandex.com *.yandex.com yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.yandex-team.ru; object-src yastatic.net; report-uri https://csp.yandex.net/csp?from=lp-constructor&project=lp-constructor&yandex_login=undefined&yandexuid=6996245291721959026; child-src 'self'; frame-ancestors 'self' webvisor.com http://webvisor.com *.mtproxy.yandex.net www.kinopoisk.ru *.yandex-team.ru n.maps.yandex.ru yandex.com yandex.ru yandex.com.tr yandex.com.am yandex.com.ge yandex.md yandex.by yandex.kz yandex.uz yandex.net yandex.rs *.yandex.com *.yandex.ru:* *.yandex.com:* *.yandex.com.tr:* *.yandex.com.am *.yandex.com.ge *.yandex.md *.yandex.by *.yandex.kz *.yandex.uz *.yandex.net *.yandex.rs ya.ru *.ya.ru; 1
frame-ancestors 'self' webwavecms.com webwave.me ro.webwave.me webwave.ro webwave.com.au szablony.webwavecms.com templates.webwave.me templates.webwave.com.au sabloane.webwave.ro ; 1
frame-ancestors 'self' https://www.rioseo.com https://jsfiddle.net https://ideas.hallmark.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' mw-uk2-uat.thehut.net mw.thghosting.com request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com fonts.gstatic.com use.fontawesome.com www.google.co.uk *.dwin1.com www.google.com *.puzzel.com *.bing.com static.addtoany.com m.addthisedge.com *.addthis.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com *.pingdom.net *.qualtrics.com *.cloudfront.net widget.trustpilot.com fp.gdmdigital.com *.linkedin.com *.facebook.com *.typekit.net ajax.googleapis.com analytics.google.com v2.visualwebsiteoptimizer.com useruploads.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com livechat.uk2group.com www.googleadservices.com tagmanager.google.com www.googletagmanager.com d2wy8f7a9ursnm.cloudfront.net *.uk2.net code.jquery.com *.steelhousemedia.com *.adroll.com connect.facebook.net platform.twitter.com apis.google.com tracking.websitealive.com www.gstatic.com https://www.google-analytics.com secure.leadforensics.com *.adnxs.com https://optimize.google.com *.hcaptcha.com; img-src 'self' 'unsafe-inline' *.thgingenuity.com img.zohostatic.eu googletagmanager.com canarytokens.com *.uk2.net data: *.typekit.net *.gstatic.com *.bing.com secure.gravatar.com *.pingdom.net v2.visualwebsiteoptimizer.com placehold.it useruploads.visualwebsiteoptimizer.com syndication.twitter.com https://script.hotjar.com http://script.hotjar.com dev.visualwebsiteoptimizer.com livechat.uk2group.com googleads.g.doubleclick.net www.googleadservices.com *.steelhousemedia.com chart.googleapis.com widget.trustpilot.com notify.bugsnag.com stats.g.doubleclick.net www.google.com www.google.co.uk https://www.google-analytics.com 55b558c7-resources.bk-partnersasia.com csi.gstatic.com www.facebook.com images.websitealive.com tracking.websitealive.com https://optimize.google.com; style-src 'self' 'unsafe-inline' *.uk2.net www.google.co.uk *.puzzel.com *.pingdom.net https://use.fontawesome.com maxcdn.bootstrapcdn.com *.steelhousemedia.com fonts.gstatic.com www.google.com tagmanager.google.com dev.visualwebsiteoptimizer.com livechat.uk2group.com  tracking.websitealive.com widget.trustpilot.com fonts.googleapis.com https://optimize.google.com https://fonts.googleapis.com; frame-src 'self' *.hcaptcha.com *.uk2.net cdn.forms-content.sg-form.com static.addtoany.com https://vars.hotjar.com *.twitter.com *.addthis.com www.google.co.uk www.google.com *.steelhousemedia.com player.vimeo.com a5.websitealive.com www.youtube.com widget.trustpilot.com tracking.websitealive.com apis.google.com accounts.google.com platform.twitter.com staticxx.facebook.com www.facebook.com dev.visualwebsiteoptimizer.com livechat.uk2group.com https://optimize.google.com; connect-src 'self' *.hcaptcha.com *.google-analytics.com *.paypal.com *.io.thehut.local mw-uk2-uat.thehut.net mw.thghosting.com static.addtoany.com googleadservices.com stats.g.doubleclick.net *.puzzel.com *.pingdom.net widget.trustpilot.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com *.twitter.com *.uk2.net *.addthis.com dev.visualwebsiteoptimizer.com livechat.uk2group.com mw-uk2-uat.thehut.net mw.thghosting.com fonts.googleapis.com https://www.google-analytics.com www.gstatic.com connect.facebook.net bat.bing.com *.sentry.io; font-src 'self' *.uk2.net data: http://script.hotjar.com https://script.hotjar.com fonts.gstatic.com use.typekit.net *.puzzel.com https://use.fontawesome.com maxcdn.bootstrapcdn.com fonts.googleapis.com; default-src 'self' data: *.puzzel.com *.uk2.net; object-src 'none'; 1
default-src 'self' *.overcast-cdn.com; script-src 'self' *.overcast-cdn.com 'nonce-EbIhEtJrhU4Mzf9qAivGJA=='; style-src 'self' *.overcast-cdn.com 'nonce-c6qaORDCKc9gGcqYkd+swA=='; object-src 'none'; frame-src 'none'; media-src * http://*; connect-src * http://* *.overcast-cdn.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.adroll.com *.bing.com *.calltrk.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hs-analytics.net *.hs-banner.com *.hs-script.com *.hsadspixel.net *.hscollectedforms.net *.hsforms.com *.hsforms.net *.hsleadflows.net *.hubapi.com *.hubspi.com *.hubspot.com *.licdn.com *.loopanalytics.com *.linkedin.com *.quora.com *.rackcdn.com *.salesloft.com *.oribi.io *.typekit.net *.upsellit.com *.wp.com *.youtube.com fonts.googleapis.com js.hs-scripts.com data:; 1
default-src 'self' *.canadianwebhosting.com *.idig.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.canadianwebhosting.com *.idig.net www.google.com *.google-analytics.com www.gstatic.com connect.facebook.net analytics.twitter.com static.ads-twitter.com cdn.optimizely.com js.hs-analytics.net static-rtb.adkernel.com s.yimg.com sp.analytics.yahoo.com snap.licdn.com px.ads.linkedin.com *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.canadianwebhosting.com *.idig.net *.fontawesome.com fonts.googleapis.com www.gstatic.com; img-src 'self' data: *.canadianwebhosting.com *.idig.net analytics.twitter.com www.gstatic.com *.google-analytics.com seal-mbc.bbb.org t.co www.facebook.com *.adkernel.com ib.adnxs.com *.google.com; font-src 'self' *.idig.net *.fontawesome.com fonts.gstatic.com; connect-src 'self' *.idig.net *.google-analytics.com tor-speedtest.canadianwebhosting.com van-speedtest.canadianwebhosting.com https://analytics.google.com; frame-src 'self' static-rtb.adkernel.com www.google.com www.youtube.com 1
default-src 3lift.com a.ad.gt *.adroll.com adsrvr.orgajax.aspnetcdn.com ads.yahoo.com ajax.aspnetcdn.com *.akamaihd.net *.amazonaws.com assets.pinterest.com *.azurewebsites.net *.bambuser.com b-code.liadm.com beacon.sojern.com bidagent.xad.com *.bing.com blob: *.blob.core.windows.net *.boomtrain.com cdn.hadronid.net cdnjs.cloudflare.com cdn.jsdelivr.net cdn.shopify.com *.clarity.ms *.clickmeter.com *.cloudfront.net code.jquery.com connect.facebook.net connect.nosto.com *.cookielaw.org data: dev2assets.simon-ops.com *.doubleclick.net dsum-sec.casalemedia.com eb2.3lift.com *.elfsightcdn.com *.elfsight.com errorpageseus2.z20.web.core.windows.net facebook.net fcmatch.youtube.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.mx *.googlesyndication.com *.googletagmanager.com *.gstatic.cn *.gstatic.com ib.adnxs.com id.hadron.ad.gt ids.ad.gt idsync.rlcdn.com i.liadm.com insight.adsrvr.org js.adsrvr.org linkedin.com live.rezync.com log.pinterest.com *.mappedin.ca *.mappedin-cloud.com *.mappedin.com match.adsrvr.org mipubapistorageprod.blob.core.windows.net *.movienewsletters.net *.movies-previews.com *.onetrust.com *.oribi.io p.ad.gt p.adsymptotic.com *.pdst.fm *.perimeterx.net *.pingdom.net pixel.advertising.com pixel.rubiconproject.com pixels.ad.gt pixel.sojern.com p.placed.com *.premiumoutlets.com *.premiumoutlets.com.mx proton.ad.gt *.pubmatic.com px.ads.linkedin.com *.px-cdn.net *.pxchk.net *.px-client.net *.px-cloud.net *.qualtrics.com *.quantcount.com *.quantserve.com *.rackcdn.com *.rackspacecloud.com *.rackspace.com *.recaptcha.net rlcdn.com rp.liadm.com rtb-csync.smartadserver.com *.s3.amazonaws.com s3.amazonaws.com seg.ad.gt 'self' *.sentry.io simage2.pubmatic.com *.simoncentral.com *.simon.com *.simonpropertygroup.com *.simonwifi.com *.siteimproveanalytics.com siteimproveanalytics.com *.siteimproveanalytics.io smnsrch.azureedge.net snap.licdn.com sp.analytics.yahoo.com *.splashthat.com *.spotify.com stackpath.bootstrapcdn.com sync.outbrain.com sync.taboola.com tags.srv.stackadapt.com themes.googleusercontent.com trc.taboola.com 'unsafe-eval' 'unsafe-inline' ups.analytics.yahoo.com us-central1-adaptive-growth.cloudfunctions.net us-u.openx.net *.videoamp.com *.westworldmedia.com www.datocms-assets.com www.facebook.com www.linkedin.com x.bidswitch.net yimg.com *.yottaa.net; frame-ancestors 'self'; img-src 3lift.com a.ad.gt *.adroll.com adsrvr.orgajax.aspnetcdn.com ads.yahoo.com ajax.aspnetcdn.com *.akamaihd.net *.amazonaws.com assets.pinterest.com *.azurewebsites.net *.bambuser.com b-code.liadm.com beacon.sojern.com bidagent.xad.com *.bing.com blob: *.blob.core.windows.net *.boomtrain.com cdn.hadronid.net cdnjs.cloudflare.com cdn.jsdelivr.net cdn.shopify.com *.clarity.ms *.clickmeter.com *.cloudfront.net code.jquery.com connect.facebook.net connect.nosto.com *.cookielaw.org data: dev2assets.simon-ops.com *.doubleclick.net dsum-sec.casalemedia.com eb2.3lift.com *.elfsightcdn.com *.elfsight.com errorpageseus2.z20.web.core.windows.net facebook.net fcmatch.youtube.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.mx *.googlesyndication.com *.googletagmanager.com *.gstatic.cn *.gstatic.com ib.adnxs.com id.hadron.ad.gt ids.ad.gt idsync.rlcdn.com i.liadm.com insight.adsrvr.org js.adsrvr.org linkedin.com live.rezync.com log.pinterest.com *.mappedin.ca *.mappedin-cloud.com *.mappedin.com match.adsrvr.org mipubapistorageprod.blob.core.windows.net *.movienewsletters.net *.movies-previews.com *.onetrust.com *.oribi.io p.ad.gt p.adsymptotic.com *.pdst.fm *.perimeterx.net *.pingdom.net pixel.advertising.com pixel.rubiconproject.com pixels.ad.gt pixel.sojern.com p.placed.com *.premiumoutlets.com *.premiumoutlets.com.mx proton.ad.gt *.pubmatic.com px.ads.linkedin.com *.px-cdn.net *.pxchk.net *.px-client.net *.px-cloud.net *.qualtrics.com *.quantcount.com *.quantserve.com *.rackcdn.com *.rackspacecloud.com *.rackspace.com *.recaptcha.net rlcdn.com rp.liadm.com rtb-csync.smartadserver.com *.s3.amazonaws.com s3.amazonaws.com seg.ad.gt 'self' *.sentry.io simage2.pubmatic.com *.simon.com *.simonpropertygroup.com *.simonwifi.com *.simpli.fi *.siteimproveanalytics.com siteimproveanalytics.com *.siteimproveanalytics.io smnsrch.azureedge.net snap.licdn.com sp.analytics.yahoo.com *.splashthat.com *.spotify.com stackpath.bootstrapcdn.com sync.outbrain.com sync.taboola.com tags.srv.stackadapt.com themes.googleusercontent.com trc.taboola.com 'unsafe-eval' 'unsafe-inline' ups.analytics.yahoo.com us-central1-adaptive-growth.cloudfunctions.net us-u.openx.net *.videoamp.com *.westworldmedia.com www.datocms-assets.com www.facebook.com www.linkedin.com x.bidswitch.net yimg.com *.yottaa.net; script-src 3lift.com a.ad.gt *.adroll.com adsrvr.orgajax.aspnetcdn.com ads.yahoo.com ajax.aspnetcdn.com *.akamaihd.net *.amazonaws.com assets.pinterest.com *.azurewebsites.net *.bambuser.com b-code.liadm.com beacon.sojern.com bidagent.xad.com *.bing.com blob: *.blob.core.windows.net *.boomtrain.com cdn.hadronid.net cdnjs.cloudflare.com cdn.jsdelivr.net cdn.shopify.com *.clarity.ms *.clickmeter.com *.cloudfront.net code.jquery.com connect.facebook.net connect.nosto.com *.cookielaw.org data: dev2assets.simon-ops.com *.doubleclick.net dsum-sec.casalemedia.com eb2.3lift.com *.elfsightcdn.com *.elfsight.com errorpageseus2.z20.web.core.windows.net facebook.net fcmatch.youtube.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.mx *.googlesyndication.com *.googletagmanager.com *.gstatic.cn *.gstatic.com ib.adnxs.com id.hadron.ad.gt ids.ad.gt idsync.rlcdn.com i.liadm.com insight.adsrvr.org js.adsrvr.org linkedin.com live.rezync.com log.pinterest.com *.mappedin.ca *.mappedin-cloud.com *.mappedin.com match.adsrvr.org mipubapistorageprod.blob.core.windows.net *.movienewsletters.net *.movies-previews.com *.onetrust.com *.oribi.io p.ad.gt p.adsymptotic.com *.pdst.fm *.perimeterx.net *.pingdom.net pixel.advertising.com pixel.rubiconproject.com pixels.ad.gt pixel.sojern.com p.placed.com *.premiumoutlets.com proton.ad.gt *.pubmatic.com px.ads.linkedin.com *.px-cdn.net *.pxchk.net *.px-client.net *.px-cloud.net *.qualtrics.com *.quantcount.com *.quantserve.com *.rackcdn.com *.rackspacecloud.com *.rackspace.com *.recaptcha.net rlcdn.com rp.liadm.com rtb-csync.smartadserver.com *.s3.amazonaws.com s3.amazonaws.com seg.ad.gt 'self' *.sentry.io simage2.pubmatic.com *.simon.com *.simonpropertygroup.com *.simonwifi.com *.siteimproveanalytics.com siteimproveanalytics.com *.siteimproveanalytics.io smnsrch.azureedge.net snap.licdn.com sp.analytics.yahoo.com *.splashthat.com *.spotify.com stackpath.bootstrapcdn.com sync.outbrain.com sync.taboola.com tag.simpli.fi tags.srv.stackadapt.com themes.googleusercontent.com trc.taboola.com 'unsafe-eval' 'unsafe-inline' ups.analytics.yahoo.com us-central1-adaptive-growth.cloudfunctions.net us-u.openx.net *.videoamp.com *.westworldmedia.com www.datocms-assets.com www.facebook.com www.linkedin.com x.bidswitch.net yimg.com *.yottaa.net; script-src-elem 3lift.com a.ad.gt *.adroll.com adsrvr.orgajax.aspnetcdn.com ads.yahoo.com ajax.aspnetcdn.com *.akamaihd.net *.amazonaws.com assets.pinterest.com *.azurewebsites.net *.bambuser.com b-code.liadm.com beacon.sojern.com bidagent.xad.com *.bing.com blob: *.blob.core.windows.net *.boomtrain.com cdn.hadronid.net cdnjs.cloudflare.com cdn.jsdelivr.net cdn.shopify.com *.clarity.ms *.clickmeter.com *.cloudfront.net code.jquery.com connect.facebook.net connect.nosto.com *.cookielaw.org data: dev2assets.simon-ops.com *.doubleclick.net dsum-sec.casalemedia.com eb2.3lift.com *.elfsightcdn.com *.elfsight.com errorpageseus2.z20.web.core.windows.net facebook.net fcmatch.youtube.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.mx *.googlesyndication.com *.googletagmanager.com *.gstatic.cn *.gstatic.com ib.adnxs.com id.hadron.ad.gt ids.ad.gt idsync.rlcdn.com i.liadm.com insight.adsrvr.org js.adsrvr.org linkedin.com live.rezync.com log.pinterest.com *.mappedin.ca *.mappedin-cloud.com *.mappedin.com match.adsrvr.org mipubapistorageprod.blob.core.windows.net *.movienewsletters.net *.movies-previews.com *.onetrust.com *.oribi.io p.ad.gt p.adsymptotic.com *.pdst.fm *.perimeterx.net *.pingdom.net pixel.advertising.com pixel.rubiconproject.com pixels.ad.gt pixel.sojern.com p.placed.com *.premiumoutlets.com proton.ad.gt *.pubmatic.com px.ads.linkedin.com *.px-cdn.net *.pxchk.net *.px-client.net *.px-cloud.net *.qualtrics.com *.quantcount.com *.quantserve.com *.rackcdn.com *.rackspacecloud.com *.rackspace.com *.recaptcha.net rlcdn.com rp.liadm.com rtb-csync.smartadserver.com *.s3.amazonaws.com s3.amazonaws.com seg.ad.gt 'self' *.sentry.io simage2.pubmatic.com *.simon.com *.simonpropertygroup.com *.simonwifi.com *.simpli.fi *.siteimproveanalytics.com siteimproveanalytics.com *.siteimproveanalytics.io smnsrch.azureedge.net snap.licdn.com sp.analytics.yahoo.com *.splashthat.com *.spotify.com stackpath.bootstrapcdn.com sync.outbrain.com sync.taboola.com tag.simpli.fi tags.srv.stackadapt.com themes.googleusercontent.com trc.taboola.com 'unsafe-eval' 'unsafe-inline' ups.analytics.yahoo.com us-central1-adaptive-growth.cloudfunctions.net us-u.openx.net *.videoamp.com *.westworldmedia.com www.datocms-assets.com www.facebook.com www.linkedin.com x.bidswitch.net yimg.com *.yottaa.net; report-uri https://qoe-1.yottaa.net/_/csp-reports?siteKey=etWhA4-bSWUsVg 1
default-src 'self' *.fitchratings.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.google.com *.google.co.uk *.google.com.hk *.twitter.com *.googletagmanager.com *.google-analytics.com fitchconnect.piwikpro.com fitchconnect.piwik.pro *.brightcove.net *.brightcove.com munchkin.marketo.net your.fitchratings.com *.evidon.com cdn2.funnelenvy.com script.crazyegg.com *.licdn.com *.clearbitscripts.com *.clearbit.com *.idio.co chart-studio.plotly.com public.flourish.studio  app.fitchconnect-stg.com app.fitchconnect.com *.fitch.group *.hotjar.com vjs.zencdn.net *.mktorest.com *.clearbitjs.com *.ads-twitter.com *.googleadservices.com *.linkedin.com *.googlesyndication.com *.doubleclick.net *.bizographics.com *.adsymptotic.com *.linkedin.oribi.io; style-src 'self' 'unsafe-inline' blob: your.fitchratings.com fonts.googleapis.com *.fitch.group *.hotjar.com *.googletagmanager.com; connect-src 'self' blob: *.fitchratings.com notify.bugsnag.com *.brightcove.com *.brightcove.net 732-ckh-767.mktoresp.com fx.fitchgroup.co *.boltdns.net *.akamaihd.net *.crazyegg.com *.idio.co *.brightcovecdn.com *.marketo.net *.fitch.group *.evidon.com *.funnelenvy.com *.google.com *.google.co.uk *.google.com.hk *.twitter.com *.googletagmanager.com *.google-analytics.com fonts.googleapis.com *.piwikpro.com *.piwik.pro *.licdn.com images.ctfassets.net fonts.gstatic.com api.sjpf.io api.fpjs.io *.hotjar.com *.hotjar.io wss://*.hotjar.com *.mktorest.com *.clearbit.com *.googleadservices.com *.linkedin.oribi.io *.googlesyndication.com *.linkedin.com *.bizographics.com *.adsymptotic.com *.doubleclick.net; img-src 'self' blob: data: *.evidon.com *.googletagmanager.com trk.funnelenvy.com images.ctfassets.net *.boltdns.net metrics.brightcove.com l.betrad.com fitchconnect.piwikpro.com fitchconnect.piwik.pro *.linkedin.com *.adsymptotic.com *.idio.co *.fitch.group *.openstreetmap.org *.fitchratings.com httpsak-a.akamaihd.net *.hotjar.com *.google-analytics.com *.twitter.com t.co *.doubleclick.net *.googlesyndication.com *.gstatic.com *.google.com *.google.co.uk *.google.com.hk; font-src 'self' data: *.fitchratings.com fonts.gstatic.com *.hotjar.com; frame-src 'self' *.fitchratings.com *.evidon.com infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com your.fitch.group flo.uri.sh plotly.com chart-studio.plotly.com fitchgroup.eu.qualtrics.com indd.adobe.com *.hotjar.com *.doubleclick.net; worker-src 'self' blob:; child-src 'self' blob:; media-src 'self' blob: *.fitchratings.com *.brightcove.com videos.ctfassets.net *.akamaihd.net manifest.prod.boltdns.net; object-src 'none'; 1
default-src data: blob: https:; style-src 'self' 'unsafe-inline' *.googleapis.com https://s.ntv.io/; frame-ancestors 'self' *.golf.com; script-src 'unsafe-inline' 'unsafe-eval' blob: https:; 1
frame-ancestors https://8x8.vc 1
default-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.fontawesome.com https://unpkg.com *.webspellchecker.net *.epo.org *.jquery.com *.cloudflare.com *.jsdelivr.net; style-src 'self' 'unsafe-inline' *.webspellchecker.net https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.css https://cdn.jsdelivr.net/gh/cferdinandi/tabby@12.0.3/dist/css/tabby-ui.min.css https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/codemirror.css https://cdn.jsdelivr.net/gh/NigelOToole/progress-tracker@v2.0.7/src/styles/progress-tracker.css; img-src 'self' 'unsafe-inline' *.pixabay.com data: *.iconify.design *.ytimg.com *.google.com *.epo.org; frame-src *.youtube.com 'self' *.epo.org *.epoline.org; frame-ancestors 'self'; child-src blob:; font-src 'self' *.fontawesome.com *.webspellchecker.net data:; connect-src 'self' *.fontawesome.com *.webspellchecker.net *.epo.org storage.googleapis.com *.friendlycaptcha.com; report-uri /report-csp-violation 1
frame-ancestors https://*.deichmann.com/ https://*.myshoes.de/ 'self'; 1
default-src 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://teams.microsoft.com https://retailservices.teams.microsoft.com https://retailservices-ppe.teams.microsoft.com https://local.teams.office.com https://devspaces.skype.com https://ssauth.skype.com https://teams.microsoft.com.mcas.ms https://teams.microsoft.com.us3.cas.ms https://local.teams.office.com:8080 https://teams.live.com https://outlook-sdf.office.com https://outlook.office.com/ https://assignments.onenote.com https://browser-sandbox.meshxp.net/ https://spoolclientsdk.skype.com https://acsinternal-cte-beta.azurewebsites.net https://acssample-beta.azurewebsites.net https://acssample-stable.azurewebsites.net https://loop.microsoft.com https://*.loop.microsoft.com https://loop.cloud.microsoft https://loop.cloud-dev.microsoft https://app.int.whiteboard.microsoft.com https://whiteboard.cloud-dev.microsoft https://*.whiteboard.microsoft.com https://whiteboard.microsoft.com https://whiteboard.office.com https://teams.cloud.microsoft https://outlook.cloud.microsoft https://m365.cloud.microsoft https://res-sdf.cdn.office.net https://res.cdn.office.net https://mesh.public.onecdn.static.microsoft; base-uri 'none'; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'report-sample' http://amcdn.msftauth.net https://amcdn.msftauth.net https://*.office365.com https://*.office.net https://shell.cdn.office.net https://cdn.fluidpreview.office.net https://js.monitor.azure.com https://res-1.cdn.office.net https://res.cdn.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net; style-src 'self' 'unsafe-inline' 'report-sample' https://*.office.net https://res.cdn.office.net https://cdn.fluidpreview.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net; font-src 'self' data: https://*.office.net https://spoprod-a.akamaihd.net https://static2.sharepointonline.com fs.microsoft.com; img-src 'self' blob: data: https://*.office.com https://*.office.net https://*.office365.com https://outlook.live.com https://*.teams.microsoft.com https://*.officeapps.live.com https://web.vortex.data.microsoft.com https://shell.cdn.office.net https://urlp.asm.skype.com https://urlp.sfbassets.com https://*.svc.ms https://login.live.com https://storage.live.com https://az495088.vo.msecnd.net; connect-src 'self' blob: https://* wss://whiteboard.microsoft.com/sync wss://*.whiteboard.microsoft.com wss://whiteboard.microsoft.com wss://*.svc.ms wss://dogfood.augloop.svc.cloud.microsoft wss://*.dogfood.augloop.svc.cloud.microsoft wss://*.augloop-dogfood.officeppe.com wss://augloop-dogfood.officeppe.com wss://augloop.svc.cloud.microsoft wss://*.augloop.svc.cloud.microsoft wss://*.augloop.office.com wss://augloop.office.com wss://augloop-gcc.office.com wss://*.augloop-gcc.office.com; frame-src 'self' https://*; form-action 'self' https://*; worker-src 'self'; media-src 'self'; object-src 'none'; report-uri https://csp.microsoft.com/report/WhiteboardWebClient-WhiteboardApp-PROD; report-to csp-endpoint; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' mediastream: filesystem: *.infoblox.com *.pantheonsite.io *.infoblox.local *.vimeo.com *.addthis.com *.typekit.net *.driftt.com *.drift.com *.google-analytics.com *.eloqua.com *.nr-data.net *.doubleclick.net *.linkedin.com *.vidyard.com *.google.com *.captivate.fm *.soundcloud.com *.youtube.com *.6sense.com *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.pathfactory.com *.mktoresp.com *.google.co.in *.adnxs.com https://sites.google.com/infoblox.com https://sites.google.com/infoblox.com/salesworkspace/ https://infoblox.litmos.com/ *.use.fontawesome *.info.infoblox.com https://internetidentity.com *.kaltura.com *.hotjar.com *.widgets.peerspot.com https://ca.app.wednesdaytalent.com/static/cafe/widget.js *.ca.app.wednesdaytalent.com https://ca.app.wednesdaytalent.com/candidate_app_by_url https://main.d32i5xvw3fvi3u.amplifyapp.com/ https://ca.app.wednesdaytalent.com/ https://cdn.bizible.com/scripts/bizible.js *.getsmartling.com https://cdn.linkedin.oribi.io/ https://cdn.bizible.com/ www.infoblox.com infoblox.b-cdn.net consent-pref.trustarc.com unpkg.com cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: filesystem: *.google.com *.addthis.com *.addthisedge.com *.moatads.com *.cookielaw.org *.driftt.com *.bidr.io *.cloudfront.net *.bing.com *.linkedin.com *.licdn.com *.typekit.net *.googletagmanager.com js.driftt.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.newrelic.com *.nr-data.net *.vidyard.com *.captivate.fm *.soundcloud.com https://cdnjs.cloudflare.com *.jobvite.com *.infoblox.com *.lltrck.com lltrck.com https://lltrck.com https://ajax.googleapis.com *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.adnxs.com *.google.co.in https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com https://widgets.itcentralstation.com *.kaltura.com *.hotjar.com *.trustarc.com *.widgets.peerspot.com https://widgets.peerspot.com/ https://ca.app.wednesdaytalent.com/static/cafe/widget.js *.ca.app.wednesdaytalent.com https://ca.app.wednesdaytalent.com/candidate_app_by_url https://main.d32i5xvw3fvi3u.amplifyapp.com/ https://ca.app.wednesdaytalent.com/ https://cdn.bizible.com/scripts/bizible.js *.getsmartling.com https://cdn.linkedin.oribi.io/ https://cdn.bizible.com/ www.infoblox.com consent-pref.trustarc.com unpkg.com ionfiles.scribblecdn.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' filesystem: *.google.com *.googleapis.com *.typekit.net *.gstatic.com *.googleusercontent.com https://info.infoblox.com/js/forms2/css/  *.infoblox.com  *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.bootstrapcdn.com *.google.co.in https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com *.kaltura.com *.trustarc.com *.widgets.peerspot.com https://ca.app.wednesdaytalent.com/static/cafe/widget.js *.ca.app.wednesdaytalent.com https://ca.app.wednesdaytalent.com/candidate_app_by_url https://main.d32i5xvw3fvi3u.amplifyapp.com/ https://ca.app.wednesdaytalent.com/ *.getsmartling.com https://cdn.linkedin.oribi.io/ https://cdn.bizible.com/ www.infoblox.com consent-pref.trustarc.com cdnjs.cloudflare.com; img-src 'self' https: data: blob: *.infoblox.com https://infoblox.com *.bing.com *.adsymptotic.com *.googleusercontent.com *.gstatic.com *.pantheonsite.io *.infoblox.local *.linkedin.com *.drift.com *.eloqua.com *.typekit.net *.google-analytics.com *.google.com *.doubleclick.net *.gravatar.com https://play.vidyard.com https://cdn.vidyard.com https://i.ytimg.com *.vimeocdn.com https://share.vidyard.com/ *.googletagmanager.com https://lltrck.com *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.facebook.com *.google.co.in *.snaproute.com snaproute.com https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com *.kaltura.com *.hotjar.com *.trustarc.com *.widgets.peerspot.com https://main.d32i5xvw3fvi3u.amplifyapp.com/ https://ca.app.wednesdaytalent.com/ *.getsmartling.com https://cdn.linkedin.oribi.io/ https://cdn.bizible.com/ www.infoblox.com consent-pref.trustarc.com; font-src 'self' https: data: filesystem: use.typekit.net *.use.fontawesome.com; media-src 'self' mediastream: blob: filesystem: *.driftqa.com *.kaltura.com js.driftt.com infoblox.b-cdn.net; frame-ancestors 'self' https: data: http://*.infoblox.com https://*.infoblox.com https://sites.google.com/infoblox.com https://sites.google.com/infoblox.com/salesworkspace/ https://infoblox.litmos.com/ http://infoblox.litmos.com/ https://infoblox.mindtickle.com/ https://infobloxpartners.mindtickle.com/ https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com https://widgets.itcentralstation.com *.kaltura.com *.hotjar.com *.trustarc.com *.driftt.com *.widgets.peerspot.com https://main.d32i5xvw3fvi3u.amplifyapp.com/ https://ca.app.wednesdaytalent.com/ *.getsmartling.com https://cdn.linkedin.oribi.io/ https://cdn.bizible.com/ consent-pref.trustarc.com; frame-src 'self' blob: https://www.youtube-nocookie.com https://play.vidyard.com https://www.google.com *.youtube.com *.vimeo.com https://w.soundcloud.com/ https://player.captivate.fm/ jobs.jobvite.com info.infoblox.com *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.facebook.com https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com https://widgets.itcentralstation.com *.kaltura.com *.hotjar.com *.trustarc.com *.driftt.com *.widgets.peerspot.com https://main.d32i5xvw3fvi3u.amplifyapp.com/ https://ca.app.wednesdaytalent.com/ *.getsmartling.com https://cdn.linkedin.oribi.io/ https://cdn.bizible.com/ https://app.teamwalnut.com interactive.esg-global.com 1
frame-ancestors 'self' https://*.ensineme.com.br https://*.estacio.br https://*.yduqs.com.br https://*.wyden.com.br https://*.ibmec.br https://*.idomed.com.br https://*.damasio.com.br 1
default-src 'self' https://play.vidyard.com *.vidyard.com *.onesignal.com *.segment.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' region1.google-analytics.com region1.analytics.google.com *.google-analytics.com *.analytics.google.com https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ https://* https://srvfrontcer.claro.com.co:7002 https://widget.sndcdn.com *.sndcdn.com https://js-agent.newrelic.com *.newrelic.com https://bam.nr-data.net *.nr-data.net *.claro.com.co *.claro.com *.googleadservices.com *.tags.bkrtx.com *.tags.bluekai.com *.amazonaws.com https://s3.amazonaws.com https://static.opentok.com https://static.opentok.com *.opentok.com https://browseranalytic.com *.browseranalytic.com https://widget.sndcdn.com *.sndcdn.com https://js.hsforms.net *.hsforms.net https://scp.kampyle.com *.individeo.com *.kampyle.com https://tpbancolombia.teleperformance.co *.teleperformance.co https://stati.in *.stati.in blob: https://play.vidyard.com *.vidyard.com https://static.zdassets.com https://clousc.com *.clousc.com https://static.hsappstatic.net *.hsappstatic.net https://forms.hsforms.com *.hsforms.com *.zdassets.com https://plinksoporte.zendesk.com *.zendesk.com https://play.vidyard.com *.vidyard.com https://d10lpsik1i8c69.cloudfront.net https://app.hubspot.com *.hubspot.com https://a.omappapi.com *.omappapi.com https://js.hs-scripts.com *.hs-scripts.com *.cloudfront.net https://people.wsuite.com *.wsuite.com https://js.hs-analytics.net *.hs-analytics.net https://widget-mediator.zopim.com *.zopim.com https://js.hs-banner.com *.hs-banner.com https://ajax.googleapis.com *.googleapis.com https://static.browseranalytic.com https://code.angularjs.org https://player.vimeo.com *.vimeo.com *.angularjs.org *.browseranalytic.com *.connect.facebook.net *.facebook.net https://polyfill.io *.polyfill.io https://library-sdb.apps.bancolombia.com *.bancolombia.com https://f.vimeocdn.com *.vimeocdn.com https://syndication.twitter.com *.twitter.com https://cdn.syndication.twimg.com *.twimg.com *.facebook.com *.script.hotjar.com https://asistencia.webv2.allus.com.co https://cdn.todo1.com *.todo1.com *.allus.com.co *.vars.hotjar.com *.t.co *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.hotjar.com https://tags.bkrtx.com https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.grupobancolombia.com https://lptag.liveperson.net https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com *.cdn.dynamicyield.com *.st.dynamicyield.com *.rcom.dynamicyield.com https://cdn.dynamicyield.com https://st.dynamicyield.com https://rcom.dynamicyield.com https://unpkg.com https://accdn.lpsnmedia.net https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://www.sc.pages03.net https://www.youtube.com *.youtube.com https://resources.digital-cloud-west.medallia.com https://cdn.jsdelivr.net *.cdn.jsdelivr.net https://www.googleoptimize.com https://api.glia.com/ *.onesignal.com *.segment.com; img-src 'self' region1.google-analytics.com region1.analytics.google.com *.google-analytics.com *.analytics.google.com https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ data: https://* https://srvfrontcer.claro.com.co:7002 https://a.tribalfusion.com *.tribalfusion.com https://dpm.demdex.net *.demdex.net *.claro.com.co *.claro.com *.cloudfront.net *.px.ads.linkedin.com *.linkedin.com *.facebook.com *.amazonaws.com https://secure.gravatar.com *.gravatar.com https://pf-emoji-service--cdn.us-east-1.prod.public.atl-paas.net *.atl-paas.net https://vop.sundaysky.com *.sundaysky.com https://odr.mookie1.com *.mookie1.com https://monstat.com *.monstat.com https://pxl.jivox.com *.jivox.com https://vop.sundaysky.com *.sundaysky.com https://s3.amazonaws.com https://cdn2.hubspot.net https://i.stack.imgur.com *.imgur.com *.cloudfront.net https://widget.sndcdn.com *.sndcdn.com https://i1.sndcdn.com *.sndcdn.com https://a.omappapi.com *.omappapi.com *.hubspot.net https://upload.wikimedia.org *.wikimedia.org https://f.hubspotusercontent20.net https://play.vidyard.com *.vidyard.com *.hubspotusercontent20.net https://i1.sndcdn.com *.sndcdn.com https://track.hubspot.com https://i1.wp.com *.wp.com https://theme.zdassets.com *.zdassets.com *.hubspot.com https://soporte.plink.com.co *.plink.com.co https://cx.atdmt.com *.atdmt.com https://i.ytimg.com https://b1sync.zemanta.com *.zemanta.com https://sync.crwdcntrl.net *.crwdcntrl.net https://www.googletagmanager.com *.googletagmanager.com https://platform.twitter.com *.twitter.com https://abs.twimg.com *.ytimg.com https://i.vimeocdn.com *.vimeocdn.com https://xrbcqpor01.bancolombia.com:10039 *.bancolombia.com https://maps.googleapis.com *.googleapis.com https://yt3.ggpht.com *.ggpht.com https://connect.facebook.net *.facebook.net https://asistencia.webv2.allus.com.co *.allus.com.co *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co https://p.adsymptotic.com *.cdn.dynamicyield.com *.dynamicyield.com *.grupobancolombia.com https://tags.bluekai.com *.pages03.net *.maps.gstatic.com https://maps.gstatic.com *.gstatic.com https://resources.digital-cloud-west.medallia.com https://sync.teads.tv *.teads.tv https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net *.onesignal.com *.segment.com; media-src 'self' https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ https://* https://srvfrontcer.claro.com.co:7002 *.claro.com.co *.claro.com *.googleadservices.com *.grupobancolombia.com *.amazonaws.com *.cloudfront.net https://s3.amazonaws.com https://static.zdassets.com *.zdassets.com https://static.zdassets.com *.zdassets.com https://www.youtube.com https://asistencia.webv2.allus.com.co *.allus.com.co *.youtube.com blob: data: *.onesignal.com *.segment.com; frame-src 'self' https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ https://ws.grupokonecta.co:5000/ https://* https://srvfrontcer.claro.com.co:7002 https://widget.spreaker.com *.spreaker.com *.claro.com.co *.claro.com *.googleadservices.com https://bcapi.apichefcompany.com *.cloudfront.net *.apichefcompany.com *.google-analytics.com *.facebook.com https://w.soundcloud.com *.soundcloud.com https://series1.cma.com.br *.cma.com.br https://bancolombia.olb.todo1.com *.todo1.com https://tpbancolombia.teleperformance.co *.teleperformance.co https://extractosinternet.bancolombia.com *.bancolombia.com https://forms.hsforms.com *.hsforms.com https://play.vidyard.com *.vidyard.com https://platform.twitter.com *.twitter.com https://vars.hotjar.com https://player.vimeo.com *.vimeo.com https://resources.digital-cloud-west.medallia.com *.medallia.com https://asistencia.webv2.allus.com.co *.allus.com.co https://series1.cma.com.br *.cma.com.br https://stags.bluekai.com https://api.skaduks.com https://bid.g.doubleclick.net *.grupobancolombia.com https://www.google.com *.google.com https://www.google-analytics.com https://cdn.dynamicyield.com *.dynamicyield.com https://lpcdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://www.youtube.com *.youtube.com https://9811311.fls.doubleclick.net https://webapp1.allus.com.co https://gmsdigitales.claro.com.co:8443 https://vc.hotjar.io *.onesignal.com *.segment.com; style-src 'self' 'unsafe-inline' https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ https://* https://srvfrontcer.claro.com.co:7002 *.claro.com.co *.claro.com https://asistencia.webv2.allus.com.co https://cdnjs.cloudflare.com *.cloudflare.com https://library-sdb.apps.bancolombia.com *.bancolombia.com *.amazonaws.com https://s3.amazonaws.com https://assets.kampyle.com *.kampyle.com https://cdn2.hubspot.net *.hubspot.net https://galatea-dev.apps.ambientesbc.com *.ambientesbc.com https://cdn.jsdelivr.net *.jsdelivr.net https://cdn2.hubspot.net https://assets.vidyard.com *.vidyard.com *.hubspot.net https://static.zdassets.com *.zdassets.com *.webv2.allus.com.co https://www.gstatic.com *.gstatic.com https://f.vimeocdn.com *.vimeocdn.com https://platform.twitter.com *.twitter.com https://www.grupobancolombia.com https://use.fontawesome.com *.fontawesome.com *.grupobancolombia.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://nominatim.openstreetmap.org https://servcompwctb.claro.com.co https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com https://unpkg.com *.onesignal.com *.segment.com; connect-src 'self' region1.google-analytics.com region1.analytics.google.com *.google-analytics.com *.analytics.google.com https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ https://* https://bam.nr-data.net *.nr-data.net https://srvfrontcer.claro.com.co:7002 *.claro.com.co *.claro.com https://gms-digitales.claro.com.co:8443 *.claro.com.co:8443 *.claro.com.co:8030 https://webrtc.claro.com.co:8030 *.stats.g.doubleclick.net *.cloudfront.net https://fresnel.vimeocdn.com *.vimeocdn.com data: https://player-telemetry.vimeo.com *.vimeo.com https://api-widget.soundcloud.com *.soundcloud.com https://external.apps.bancolombia.com *.bancolombia.com https://api.us.apiconnect.ibmcloud.com *.ibmcloud.com https://jsonip.com *.jsonip.com https://resources.digital-cloud-west.medallia.com *.medallia.com https://inveco-services.qdata.io *.qdata.io https://identify.hotjar.com https://wave.sndcdn.com *.sndcdn.com https://api.ipify.org *.ipify.org *.hotjar.com https://alivionofinancieros.isobarapi.com *.individeo.com https://track.individeo.com *.isobarapi.com https://130vod-adaptive.akamaized.net *.akamaized.net https://c.browseranalytic.com *.amazonaws.com https://s3.amazonaws.com *.claro.com.co *.claro.com https://forms.hsforms.com *.hsforms.com https://tpbancolombia.teleperformance.co *.teleperformance.co https://raw.vidyard.com *.vidyard.com wss://tpbancolombia.teleperformance.co *.teleperformance.co https://ekr.zdassets.com https://api-k8-cer.plink.com.co https://api.plink.com.co *.plink.com.co https://api.omappapi.com *.omappapi.com *.zdassets.com wss://widget-mediator.zopim.com *.zopim.com https://plinksoporte.zendesk.com *.zendesk.com https://settings.luckyorange.net *.luckyorange.net https://digital.sanchobbdoapp.com https://www.calculadoralaboral.co *.calculadoralaboral.co *.sanchobbdoapp.com *.browseranalytic.com https://strfeedrt01.cma.com.br *.cma.com.br https://syndication.twitter.com *.twitter.com https://stats.g.doubleclick.net https://bcapi.apichefcompany.com *.apichefcompany.com https://bid.g.doubleclick.net *.googlevideo.com https://api.skaduks.com https://nominatim.openstreetmap.org https://servcompwctb.claro.com.co:7002 *.cdn.dynamicyield.com *.dynamicyield.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.cdn.dynamicyield.com *.st.dynamicyield.com *.rcom.dynamicyield.com https://cdn.dynamicyield.com https://st.dynamicyield.com https://rcom.dynamicyield.com https://www.facebook.com https://cdn.jsdelivr.net *.jsdelivr.net *.facebook.com https://external-qa.apps.ambientesbc.com https://lpcdn.lpsnmedia.net https://firestore.googleapis.com https://www.youtube.com *.youtube.com https://9811311.fls.doubleclick.net https://webapp1.allus.com.co https://yt3.ggpht.com *.yt3.ggpht.com https://i.ytimg.com *.i.ytimg.com *.googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.grupobancolombia.com https://gmsdigitales.claro.com.co:8443 https://vc.hotjar.io *.onesignal.com *.segment.com; font-src 'self' data: https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ https://* https://srvfrontcer.claro.com.co:7002 https://www.grupobancolombia.com *.grupobancolombia.com *.cloudfront.net https://cdnjs.cloudflare.com *.cloudflare.com https://jsbin-user-assets.s3.amazonaws.com *.amazonaws.com https://static.zdassets.com *.zdassets.com https://assets.kampyle.com *.kampyle.com https://fonts.gstatic.com *.gstatic.com https://library-sdb.apps.bancolombia.com *.bancolombia.co https://galatea-dev.apps.ambientesbc.com *.ambientesbc.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com *.onesignal.com *.segment.com; frame-ancestors 'self' https://ws.grupokonecta.co:5000/; 1
frame-ancestors 'self' *.griffith.edu.au 1
frame-ancestors 'self' https://*.sachsen.de; 1
default-src 'none'; connect-src 'self' *.licdn.com *.licdn.cn *.linkedin.com *.linkedin.cn cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ v.clarity.ms/collect *.microsoft.com *.adnxs.com *.tealiumiq.com login.microsoftonline.com; script-src 'report-sample' 'sha256-th47JTnh6tX15SUn/I+GGmsOSXpa7dh5Skner77gxlY=' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com static.licdn.cn static-exp1.licdn.cn static-exp2.licdn.cn static-exp3.licdn.cn platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com platform.linkedin.cn platform-akam.linkedin.cn platform-ecst.linkedin.cn platform-azur.linkedin.cn snap.licdn.com snap.licdn.cn www.googletagmanager.com/gtag/js merchantpool1.linkedin.com/mdt.js merchantpool1.linkedin.cn/mdt.js; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com static.licdn.cn static-exp1.licdn.cn static-exp2.licdn.cn static-exp3.licdn.cn; media-src 'self' *.licdn.com *.licdn.cn *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com static.licdn.cn static-exp1.licdn.cn static-exp2.licdn.cn static-exp3.licdn.cn; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com *.linkedin.cn www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.licdn.cn *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com edge-auth.microsoft.com li.protechts.net *.xlgmedia.com *.px-cloud.net merchantpool1.linkedin.com merchantpool1.linkedin.cn; frame-ancestors 'self' *.www.linkedin.com:* *.www.linkedin.cn:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=gd 1
script-src 'unsafe-inline' 'unsafe-eval' https:; worker-src blob: https: https://api.useinsider.com; 1
report-to csp-report; frame-ancestors 'self' 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-2GTTdQs1EJe632tJo0GSSg=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; worker-src 'self' blob:; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://bam.nr-data.net https://www.googletagmanager.com https://js-agent.newrelic.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ cdnjs.cloudflare.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com stackpath.bootstrapcdn.com unpkg.com; base-uri 'none'; frame-ancestors 'self' 1
upgrade-insecure-requests;  frame-ancestors 'self' https://cops.devexternal.wickes.co.uk/  https://cops-cand.devexternal.wickes.co.uk/ https://cops.external.wickes.co.uk/ 1
font-src https://cdn.checkout.com *.fontawesome.com fonts.gstatic.com cdn.checkout.com script.hotjar.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com affiliates.cdkeys.com tr.snapchat.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.cdkeys.com app.storyblok.com 'self'; frame-src bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com https://js.checkout.com *.klarna.com landofcoder.com *.addthis.com *.facebook.com *.twitter.com fp.cdkeys.com ad4m.at widget.trustpilot.com simplicity.trustpilot.com www.facebook.com js.checkout.com embed.twitch.tv accounts.google.com web.facebook.com www.trustpilot.com vars.hotjar.com sandbox-checkout.epag.io checkout.epag.io tr.snapchat.com www.emjcd.com static.criteo.net cj.dotomi.com *.doubleclick.net *.paypal.com www.paypalobjects.com pay.google.com unpkg.com optimize.google.com apps.rokt.com wsdk.rokt.com platform.twitter.com ad.ad-srv.net analytics.fatmedia.io shop.spreadshirt.com cdkeys.myspreadshop.com preview.tagging.cdkeys.com tagging.cdkeys.com *.dwin1.com *.awin1.com *.zenaps.com gum.criteo.com c.bing.com the.sciencebehindecommerce.com cdkeys.pxf.io cdkeys.sjv.io *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.addthisedge.com *.twitter.com *.cdkeys.com *.omn-it.net www.gravatar.com *.paypal.com steamcdn-a.akamaihd.net *.storyblok.com www.google.tm optimize.google.com *.doubleclick.net ssl.gstatic.com www.gstatic.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat *.spreadshirt.com image.spreadshirtmedia.com cdkeys.myspreadshop.com cm.everesttech.net preview.tagging.cdkeys.com tagging.cdkeys.com www.facebook.com static.xx.fbcdn.net alb.reddit.com tr.snapchat.com t.co cw.addthis.com syndication.twitter.com ad.360yield.com *.3lift.com sync.ad-stir.com *.adform.net *.adnxs.com *.adscale.de *.amazon-adsystem.com anymindgroup.go2cloud.org pixel.advertising.com x.bidswitch.net bat.bing.com www.bizrate.com tags.bluekai.com match.bnmla.com r.casalemedia.com usersync.cdglib.com www.chinesean.com *.criteo.com dpm.demdex.net *.dotomi.com sync.e-planning.net secure.getprice.com.au matching.ivitrack.com beacon.krxd.net *.liadm.com contextual.media.net visitor.omnitagjs.com *.openx.net sync.outbrain.com jadserve.postrelease.com *.pubmatic.com idsync.rlcdn.com pixel.rubiconproject.com match.sharethrough.com *.smaato.net *.smartadserver.com *.smartclip.net tg.socdm.com *.stickyadstv.com *.taboola.com pixel.tapad.com criteo-sync.teads.tv s.thebrighttag.com criteo-partners.tremorhub.com *.yahoo.com ad.yieldlab.net ads.yieldmo.com sync-criteo.ads.yieldmo.com lt45.net ds1.net dt51.net ndt5.net fr135.net as.ad4m.at ad.ad-srv.net *.clarity.ms *.dwin1.com *.awin1.com *.zenaps.com gum.criteo.com c.bing.com the.sciencebehindecommerce.com *.loggly.com www.ojrq.net cdkeys.pxf.io cdkeys.sjv.io delight-magento.fly.dev delight-s3-bucket.s3.eu-west-2.amazonaws.com tvspix.com tvpix.com 'self' data: data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://cdn.checkout.com *.klarnacdn.net landofcoder.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.net *.twitter.com prodregistryv2.org featureassets.org cdn.jsdelivr.net widget.trustpilot.com invitejs.trustpilot.com connect.facebook.net cdn.checkout.com *.algolia.net embed.twitch.tv *.google.com platform.twitter.com www.google.com www.gstatic.com cdn.simility.com static.hotjar.com script.hotjar.com sandbox-checkout.epag.io checkout.epag.io *.doubleclick.net *.zoho.com *.criteo.net *.criteo.com sc-static.net analytics.twitter.com *.ads-twitter.com *.bing.com www.redditstatic.com maillist-manage.com *.paypal.com *.cnnx.io unpkg.com ad4m.at/osij2yav.js optimus.360and1.com www.googleoptimize.com optimize.google.com apps.rokt.com wsdk.rokt.com *.clarity.ms *.cdkeys.com *.omn-it.net *.spreadshirt.com adtm.spreadshirts.net cdkeys.myspreadshop.com dpm.demdex.net static.zdassets.com/ *.dwin1.com *.awin1.com *.zenaps.com gum.criteo.com c.bing.com the.sciencebehindecommerce.com analytics.fatmedia.io utt.impactcdn.com delight-magento.fly.dev analytics.tiktok.com app.termly.io *.gstatic.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://cdn.checkout.com *.fontawesome.com cdn.checkout.com maxcdn.bootstrapcdn.com optimize.google.com adtm.spreadshirts.net cdkeys.myspreadshop.com delight-magento.fly.dev *.googleapis.com *.gstatic.com *.trustpilot.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src cdn.cdkeys.com static.zdassets.com *.dwin1.com *.awin1.com *.zenaps.com gum.criteo.com c.bing.com the.sciencebehindecommerce.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolianet.com *.insights.algolia.io https://js.checkout.com *.klarnaevt.com landofcoder.com prodregistryv2.org featureassets.org www.facebook.com js.checkout.com *.simility.com graph.facebook.com *.hotjar.com *.hotjar.io wss://*.hotjar.com/api/v2/client/ws *.google.com google.com *.doubleclick.net freegeoip.app maillist-manage.com invitejs.trustpilot.com bat.bing.com unpkg.com insights.algolia.io *.clarity.ms *.spreadshirt.com cdkeys.myspreadshop.com dpm.demdex.net preview.tagging.cdkeys.com tagging.cdkeys.com static.zdassets.com ekr.zdassets.com cdkeys.zendesk.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.dwin1.com *.awin1.com *.zenaps.com gum.criteo.com c.bing.com the.sciencebehindecommerce.com cdkeys.pxf.io cdkeys.sjv.io api.delightglobal.io pro.ip-api.com analytics.tiktok.com app.termly.io t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
media-src yastatic.net;connect-src *.strm.yandex.net mc.yandex.com yandex.uz yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru mc.yandex.uz tts.voicetech.yandex.net 'self' wss://webasr.yandex.net;img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru yandex.uz 'self' yastatic.net data: mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.uz mc.yandex.ru favicon.yandex.net avatars.mds.yandex.net blob:;script-src 'nonce-QJcyAA4XVs4nPd+Bi/uQUA==' mc.yandex.com yastatic.net yandex.uz mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.yandex.uz;child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net mc.yandex.ru mc.yandex.md mc.yandex.uz yandex.uz blob: *.ya.ru *.yandex.ru ya.ru yandex.ru;style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.uz&showid=1721958280347588-2680136528506345910-znjl6qkmk2bip2zr-BAL&h=stable-portal-mordago-242.vla.yp-c.yandex.net&yandexuid=2063459101721958280&&version=2024-07-24-611&adb=0;default-src 'self' yastatic.net yastat.net;font-src yastatic.net 1
frame-ancestors 'self' http://turan.urw.com/ https://turan-web.preprod.cloud.coreoz.com/ https://turan-web2.preprod.cloud.coreoz.com/ https://apollo.int.coreoz.com/world https://prod.id.westfield.com/ https://id.westfield.com/ https://turan-v2.urw.com/ https://turan-web3.preprod.cloud.coreoz.com/ https://unibail-turan-web.int.coreoz.com/ 1
default-src 'self'; connect-src 'self' https://api.daad.de *.daad.com *.daad.de *.doubleclick.net www.youtube.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googlevideo.com directline.botframework.com wss://directline.botframework.com; font-src 'self' data: fonts.gstatic.com; frame-src www.youtube.com www.youtube-nocookie.com *.daad.com *.daad.de newsletter.alumniportal-deutschland.org; img-src data: blob: *; media-src https://api.daad.de *.daad.com *.daad.de *.googlevideos.com www.youtube-nocookie.com; object-src 'none'; script-src 'self' 'self' 'unsafe-eval' 'unsafe-inline' www.daad.de www.youtube.com www.google.com www.google-analytics.com *.googletagmanager.com static.doubleclick.net cdn.jsdelivr.net ajax.googleapis.com; style-src 'unsafe-inline' www.youtube.com; base-uri 'none'; form-action https://api.daad.de validator.w3.org export.highcharts.com; frame-ancestors https://*.daad.com http://*.daad.com 1
default-src http: https://*.livemaster.ru https://*.googlesyndication.com 'self'; script-src http: https://*.livemaster.ru https://googletagmanager.com https://*.cloudfront.net https://*.maps.yandex.net https://secure.payu.ru https://*.jivo.ru https://*.jivosite.com https://cdn.adlook.me https://use.fontawesome.com https://adservice.google.com https://adservice.google.ru https://*.google-analytics.com https://www.googletagservices.com https://*.yandex.ru https://mc.webvisor.org https://www.googletagmanager.com https://*.google.com https://securepubads.g.doubleclick.net https://cdn.jsdelivr.net https://www.gstatic.com https://*.pinterest.com https://i.pinimg.com https://*.twitter.com https://twitter.com https://connect.facebook.net https://yastatic.net https://vk.com https://cdn.ampproject.org https://pagead2.googlesyndication.com https://top-fwz1.mail.ru https://api.vk.com https://connect.ok.ru https://connect.mail.ru https://checkout.rbk.money 'unsafe-inline' 'unsafe-eval' 'self' blob: data:; font-src http: https://*.livemaster.ru 'self' https://fonts.gstatic.com; img-src https://*.livemaster.ru https://www.livemaster.ru:1812 https://csi.gstatic.com https://log.pinterest.com https://*.adfox.ru https://*.googlesyndication.com https://*.googletagmanager.com https://syndication.twitter.com https://top-fwz1.mail.ru https://*.google-analytics.com https://*.facebook.com https://*.google.com https://*.google.ru https://counter.yadro.ru https://*.yandex.ru https://*.yandex.net https://mc.webvisor.org https://vk.com https://*.vk.com https://*.g.doubleclick.net https://*.livemaster.ru https://*.livemaster.com 'self' data: blob: http:; frame-src http: https://*.livemaster.ru 'self' https://*.facebook.net https://*.googlesyndication.com https://dl.metabar.ru https://static.cmptch.com https://www.livemaster.ru:1862 https://secure.payu.ru https://checkout.rbk.money https://*.yandex.ru https://www.googletagmanager.com https://*.twitter.com https://*.facebook.com https://vk.com https://*.vk.com https://*.g.doubleclick.net https://yastatic.net https://www.youtube.com https://*.google.com https://player.vimeo.com https://mc.webvisor.org; frame-ancestors 'self' https://*.livemaster.ru https://www.livemaster.ru:1862 https://*.payu.ru https://secure.payu.ru https://checkout.rbk.money https://*.yandex.ru https://www.googletagmanager.com https://*.twitter.com https://*.facebook.com https://vk.com https://*.vk.com https://*.g.doubleclick.net https://yastatic.net https://www.youtube.com https://www.google.com https://player.vimeo.com https://mc.webvisor.org https://webvisor.com http://webvisor.com; style-src http: https://*.livemaster.ru 'unsafe-inline' https://tagmanager.google.com https://*.googleapis.com https://www.livemaster.ru:1862 https://*.livemaster.ru; connect-src https://*.livemaster.ru https://*.googlesyndication.com https://yandex.ru https://yandex.com  https://mc.webvisor.org https://login.vk.com http: https://yandexmetrica.com:29010 https://*.payu.ru https://*.payu.com https://www.livemaster.ru:1862 https://*.lmteam.ru https://*.yandex.net https://ymetrica.com https://ymetrica1.com https://ymetrica2.com https://*.google-analytics.com http://*.google.com https://www.googleapis.com wss://*.livemaster.ru wss://*.jivo.ru wss://*.jivosite.com https://*.livemaster.ru https://*.livemaster.com https://graph.facebook.com https://matchid.adfox.yandex.ru https://*.g.doubleclick.net https://top-fwz1.mail.ru https://*.adfox.ru https://*.yandex.ru https://*.yandex.com https://getyabrowser.com https://*.appmetrica.webvisor.com https://www.facebook.com https://csi.gstatic.com https://player.vimeo.com https://*.clickmeeting.com 'self'; object-src http: https://*.livemaster.ru 'self' https://player.vimeo.com https://www.youtube.com; report-uri /ajax/cspcollector.php 1
default-src 'self'; script-src 'self' qrc: 'nonce-Zjk1YmY5MTYtNmU1NC00ZGQzLWFlYzctMDQyNGZhZmFhZDA3' 'strict-dynamic' www.youtube.com *.googletagmanager.com googletagmanager.com tagmanager.google.com http://static.geevisit.com https://gcaptcha4.geetest.com https://gcaptcha4.geetest.com https://static.geetest.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' fonts.googlefonts.cn fonts.googleapis.com *.googletagmanager.com googletagmanager.com tagmanager.google.com https://static.geetest.com https://static.geevisit.com; img-src 'self' blob: data: https: ; font-src 'self' data: fonts.gstatic.com fonts.gstatic.googlefonts.cn; media-src 'self' *.bambulab.cn *.bambulab.com *.bblmw.cn *.bblmw.com; connect-src 'self' https:; frame-src www.youtube-nocookie.com www.facebook.com; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; block-all-mixed-content; report-uri /api/_csp_report; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://impactapi.causeview.com https://maps.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js https://js-agent.newrelic.com https://www.googletagmanager.com https://chimpstatic.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://downloads.mailchimp.com https://mc.us1.list-manage.com https://matchbox.hepdata.com https://commerce.coinbase.com https://data.processwebsitedata.com https://fe.sitedataprocessing.com https://cdn.jsdelivr.net/npm/search-insights@2.13.0/dist/search-insights.min.js; img-src 'self' data: https://cdn.mises.org https://www.google.ca https://www.google.com https://i.creativecommons.org https://licensebuttons.net https://www.google-analytics.com https://mcusercontent.com https://maps.gstatic.com https://s3.amazonaws.com https://impactapi.causeview.com  https://live-mises-api.pantheonsite.io https://cdn-images.mailchimp.com https://matchbox.hepdata.com/; frame-ancestors 'self' https://glockenspiel-bluebird-4h6c.squarespace.com https://www.misesgraduateschool.org https://misesgraduateschool.org https://api-public.addthis.com https://m.addthis.com https://mises.org https://impactapi.causeview.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
img-src 'self' data:;font-src 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' fast.fonts.net *.hubspot.com *.akamaihd.net *.vimeo.com *.hsforms.net *.sharethis.com *.google-analytics.com *.gstatic.com *.twitter.com *.addthis.com *.googleapis.com *.youtube.com *.adyen.com *.hs-scripts.com *.hs-analytics.net *.twimg.com *.wowza.com *.pcissc.org latencytimer.azurewebsites.net cc.cdn.civiccomputing.com cdnjs.cloudflare.com cdn.parsely.com api.parsely.com p1.parsely.com *.googletagmanager.com stats.g.doubleclick.net apikeys.civiccomputing.com *.cludo.com *.pcisecuritystandards.org *.force.com pcisecuritystandards.studio *.hsforms.com blob: data:; img-src https: data:; 1
frame-ancestors 'self' https://*.clio.com https://cliocloudconference.com https://events1.social27.com https://kba.freestonelms.com 1
frame-src 'self' *.google.com *.withgoogle.com www.youtube.com; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.gstatic.com *.google.com; style-src 'self' 'unsafe-inline' *.google.com *.gstatic.com fonts.googleapis.com https://sites.research.google; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleanalytics.com *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com https://ssl.google-analytics.com www.youtube.com https://sites.research.google; media-src 'self' https://*.googleusercontent.com/ https://storage.googleapis.com/gweb-research2023-stg-media-mvp/ https://storage.googleapis.com/gweb-research2023-stg-media/ https://storage.googleapis.com/gweb-research2023-media/; img-src 'self' data: https://storage.cloud.google.com/gweb-research2023-stg-media-mvp/ https://*.googleusercontent.com/ https://storage.googleapis.com/gweb-research2023-stg-media-mvp/ https://storage.googleapis.com/gweb-research2023-stg-media/ https://storage.googleapis.com/gweb-research2023-media/ https://research.google *.googletagmanager.com *.google-analytics.com https://*.googleusercontent.com/ https://blogger.googleusercontent.com *.ytimg.com http://1.bp.blogspot.com/ http://2.bp.blogspot.com/ http://3.bp.blogspot.com/ http://4.bp.blogspot.com/; default-src 'self' *.gstatic.com 1
frame-ancestors 'self' https://move.mvg.de; report-uri /report-csp-violation 1
frame-ancestors *.cepal.org 1
default-src 'self' https://api.crownpeak.net https://api.skfbearingselect.com https://dqm.crownpeak.com https://*.linkedin.oribi.io https://*.applicationinsights.azure.com https://westeurope.livediagnostics.monitor.azure.com *.consentmanager.net promo.skf.com *.promo.skf.com *.actonservice.com *.ads.linkedin.com skfsso-test.skf.com skfsso-qa.skf.com skfsso.skf.com https: ;script-src 'unsafe-inline' 'self' 'unsafe-eval' https://cdn.jsdelivr.net https://api.crownpeak.net https://api.skfbearingselect.com https://dqm.crownpeak.com https://skfsso.skf.com https://skfsso-test.skf.com https://skfsso-qa.skf.com https://*.googleapis.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://mc.yandex.ru https://yastatic.net https://www.google.iq https://www.google.com.eg https://www.google.com.co https://www.google.co.kr https://www.google.com.sa https://www.google.com.ni https://www.google.rs https://www.google.com.pk https://www.google.com.gt https://www.google.al https://www.google.hn https://www.google.dz https://www.google.com.ec https://www.google.jo https://www.gstatic.com https://remote.captcha.com https://www.google.com.bh https://www.googleadservices.com https://*.doubleclick.net https://az416426.vo.msecnd.net https://bam.nr-data.net https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://code.jquery.com/jquery-3.6.0.slim.min.js https://connect.facebook.net https://*.promo.skf.com https://js-agent.newrelic.com https://*.googleapis.com https://promo.skf.com https://script.hotjar.com https://snap.licdn.com https://stackpath.bootstrapcdn.com https://static.hotjar.com https://*.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://service.giosg.com https://bookeo.com https://*.bookeo.com https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com https://recaptcha.net https://*.go-mpulse.net https://*.giosg.com;style-src 'unsafe-inline' 'self' https://api.crownpeak.net https://api.skfbearingselect.com https://dqm.crownpeak.com https://skfsso.skf.com https://skfsso-test.skf.com https://skfsso-qa.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com https://recaptcha.net https://*.googleapis.com https://use.fontawesome.com https://service.giosg.com; media-src blob: https://skfsso.skf.com https://skfsso-test.skf.com https://staging.prod.skf.com https://skf.com https://www.skf.com https://skfsso-qa.skf.com https://cdn.test.skfmediahub.skf.com https://*.skfmediahub.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://www.youtube.com https://hiresmedia.skf.com;connect-src 'unsafe-inline' 'self' https://api.crownpeak.net https://api.skfbearingselect.com https://www.skfptp.com https://*.actonsoftware.com https://dqm.crownpeak.com https://skfsso.skf.com https://skfsso-test.skf.com https://skfsso-qa.skf.com https://*.applicationinsights.azure.com https://*.linkedin.oribi.io https://cdn.test.skfmediahub.skf.com https://*.skfmediahub.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com https://recaptcha.net https://mc.yandex.ru https://skfcom-stag-fileupload.azurewebsites.net https://skfcom-staging-contactskfservice.azurewebsites.net https://skfcom-prod-fileupload.azurewebsites.net https://skfcom-prod-contactskfservice.azurewebsites.net https://p11.techlab-cdn.com https://*.googleapis.com https://www.facebook.com wss://*.hotjar.com https://*.hotjar.com https://*.googlevideo.com https://*.doubleclick.net https://webapi.partcommunity.com https://bam.nr-data.net https://search.skf.com https://webassistants.partcommunity.com https://*.google-analytics.com https://*.analytics.google.com https://*.giosg.com https://bookeo.com https://*.bookeo.com https://*.hotjar.io https://dc.services.visualstudio.com/v2/track wss://messagerouter.giosg.com https://*.akstat.io https://*.go-mpulse.net https://traceparts-cache.s3.eu-west-1.amazonaws.com https://*.giosgusercontent.com https://px.ads.linkedin.com https://maintenanceapps.skf.com;font-src 'unsafe-inline' 'self' https://api.crownpeak.net https://api.skfbearingselect.com https://dqm.crownpeak.com https://skfsso.skf.com https://skfsso-test.skf.com https://skfsso-qa.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://hcaptcha.com https://fonts.skf.com https://*.hcaptcha.com https://*.qualtrics.com https://recaptcha.net https://use.typekit.net https://fonts.gstatic.com https://script.hotjar.com https://use.fontawesome.com https://*.giosgusercontent.com data: ;frame-src 'unsafe-inline' 'self' https://api.crownpeak.net https://*.doubleclick.net https://api.skfbearingselect.com https://dqm.crownpeak.com https://skfsso.skf.com https://skfsso-test.skf.com https://skfsso-qa.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com https://recaptcha.net https://www.skf.com https://webapi.partcommunity.com https://www.youtube.com/ https://vars.hotjar.com https://www.google.com https://bookeo.com https://*.bookeo.com https://*.clients.giosgusercontent.com https://service.giosg.com https://www.facebook.com https://www.traceparts.com;img-src 'unsafe-inline' 'self' https://api.crownpeak.net https://*.doubleclick.net https://api.skfbearingselect.com https://dqm.crownpeak.com https://skfsso.skf.com https://skfsso-test.skf.com https://skfsso-qa.skf.com https://cdn.test.skfmediahub.skf.com https://*.skfmediahub.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com https://recaptcha.net https://mc.yandex.ru https://*.googleapis.com https://www.google.com https://*.ggpht.com https://www.gstatic.com https://www.google.co.bw https://www.google.az https://www.google.am https://www.google.co.ke https://www.google.is https://www.google.hr https://www.google.sr https://www.google.mk https://www.google.com.py https://www.google.co.uz https://www.google.com.uy https://www.google.com.do https://www.google.com.bz https://www.google.com.na https://www.google.co.zm https://www.google.cm https://www.google.bg https://www.google.iq https://www.google.co.tz https://www.google.com.bh https://www.google.com.ec https://www.google.com.ph https://www.google.com.om https://www.google.al https://www.google.gr https://www.google.dz https://www.google.com.mt https://www.google.lt https://www.google.rs https://www.google.co.ma https://www.google.com.sa https://www.google.jo https://www.google.com.co https://www.google.co.kr https://www.google.mg https://www.google.com.eg https://www.google.com.pk https://www.google.rw https://www.google.ba https://www.google.co.il https://www.google.lu https://www.google.ge https://www.google.hn https://www.google.com.ua https://www.google.com.my https://www.google.co.jp https://www.google.sk https://www.google.co.nz https://www.google.ae https://www.google.co.id https://www.google.kz https://www.google.ro https://www.google.com.tw https://www.google.com.sg https://www.google.com.bd https://www.google.com.vn https://www.google.com.hk https://www.google.com.ar https://www.google.pt https://www.google.co.ve https://www.google.hu https://www.google.com.qa https://www.google.lv https://www.google.si https://www.google.ie https://vehicleaftermarket.skf.com https://www.google.com.sv https://www.google.dk https://www.google.co.th https://www.google.co.za https://www.google.cl https://www.google.tt https://www.google.com.ar https://www.google.ee https://www.google.ru https://px.ads.linkedin.com https://p.adsymptotic.com https://www.google.co.in https://www.google.com.ng https://www.google.cz https://www.google.ca https://www.google.fr https://www.google.com.br https://www.google.pl https://www.google.de https://www.google.ch https://www.google.com.pe https://*.ads.linkedin.com https://www.google.tn https://www.google.be https://www.google.by https://www.google.es https://www.google.com.tr https://www.google.com.au https://www.google.com.mx https://www.google.at https://www.google.fi https://www.google.co.uk https://www.google.nl https://www.google.it https://search.skf.com https://yt3.ggpht.com https://*.ytimg.com https://img.youtube.com http://www.skf.com https://*.promo.skf.com https://*.googleapis.com https://maps.gstatic.com https://promo.skf.com https://www.linkedin.com https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://www.google.com https://www.google.no https://www.google.se https://cdn.giosgusercontent.com https://static.giosg.com https://www.googletagmanager.com https://script.hotjar.com https://*.akstat.io data:; 1
frame-ancestors 'self' http://localhost:* https://*.admin.faithlifesites.com https://admin.faithlifesites.com https://*.sites.faithlife.com https://*.faithlife.com http://local.app.logos.com:* https://app.logos.com https://*.app.logos.com logos-app://* https://builder.io; object-src https://cloud.faithlife.net https://cloud.mail.logos.com; base-uri https://optimize.google.com; block-all-mixed-content 1
media-src 'self' data: blob: https://*.pscp.tv/ https://*.periscope.tv/ https://*.global.ssl.fastly.net https://*.twimg.com https://*.video.pscp.tv; img-src 'self' data: blob: https://*.pscp.tv/ https://*.periscope.tv/ https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com/prod-periscope-profile/ https://*.twimg.com https://*.googleusercontent.com https://scontent.xx.fbcdn.net https://*.bugsnag.com https://*.google-analytics.com; default-src 'self' blob: https://*.global.ssl.fastly.net https://*.pscp.tv/ https://*.periscope.tv/; object-src 'self' https://*.pscp.tv/ https://*.periscope.tv/; child-src 'self' blob: https://*.pscp.tv/ https://*.periscope.tv/ https://twitter.com https://*.google.com/recaptcha/; frame-ancestors 'self' https://*.pscp.tv/ https://*.periscope.tv/; style-src 'self' blob: 'unsafe-inline' https://*.pscp.tv/ https://*.periscope.tv/; font-src 'self' data: https://*.pscp.tv/ https://*.periscope.tv/; frame-src 'self' blob: https://*.pscp.tv/ https://*.periscope.tv/ https://twitter.com https://periscope-all.firebaseapp.com/ https://*.google.com/recaptcha/ https://*.vimeo.com https://*.tipalti.com; report-uri https://twitter.com/i/csp_report?a=OBSXE2LTMNXXAZJNO5SWE%3D%3D%3D&ro=false; script-src 'self' https://*.pscp.tv/ https://*.periscope.tv/ https://cdn.polyfill.io https://d24n15hnbwhuhn.cloudfront.net https://app.link https://bnc.lt https://*.branch.io https://*.google-analytics.com https://apis.google.com/ https://*.google.com/recaptcha/ https://*.gstatic.com/recaptcha/ https://appleid.cdn-apple.com 'unsafe-eval' 'nonce-8d790f404d5e44f89b28089fb0b7b5a8'; connect-src 'self' https://*.pscp.tv/ https://*.periscope.tv/ wss://*.pscp.tv/ wss://*.periscope.tv/ https://*.video.pscp.tv https://*.twimg.com https://twitter.com https://*.global.ssl.fastly.net https://api.amplitude.com/ https://*.branch.io https://bnc.lt https://*.bugsnag.com https://licensing.bitmovin.com/ https://analytics-ingress-global.bitmovin.com https://www.googleapis.com/ https://securetoken.googleapis.com https://s3.us-west-2.amazonaws.com/periscope-user-data-reports-prod/ https://s3.us-west-2.amazonaws.com/periscope-user-data-reports-dev/ https://periscope-user-data-reports-prod.s3.us-west-2.amazonaws.com/ https://periscope-user-data-reports-dev.s3.us-west-2.amazonaws.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.peopleenespanol.com 1
default-src https: ws: data: blob: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' *  ;style-src  https: data: 'unsafe-inline';img-src  https: blob: data:;child-src data:;object-src 'none';worker-src blob: https://*.olx.pt  ;frame-src  https: blob:;script-src  https: 'unsafe-inline' 'unsafe-eval';font-src data: 'self' https: ;connect-src 'self' * blob: 1
frame-ancestors 'self' https://*.adobe.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' silverdaddies.com *.silverdaddies.com *.google.com *.googleapis.com *.gstatic.com 1
form-action https://webto.salesforce.com/servlet/servlet.WebToLead https://www.kaleidescape.com https://kaleidescape.com; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://stats.spdns.de; object-src 'none' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ ; img-src 'self' data: https://ssl.gstatic.com/ https://stats.spdns.de https://status.securepoint.de; media-src 'none'; frame-src https://stats.spdns.de/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; connect-src 'self' https://*.checkdns.spdyn.de/ https://*.checkcat.spdyn.de/; font-src 'self' https://fonts.gstatic.com 1
frame-ancestors 'self' https://www.olp.gr 1
frame-ancestors https://*.meijer.com 1
upgrade-insecure-requests; default-src 'self' cdn1.svenskaspel.net;script-src 'self' cdn1.svenskaspel.net api.www.svenskaspel.se www.google-analytics.com region1.google-analytics.com www.googletagmanager.com tagmanager.google.com 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net track.adform.net s1.adform.net s2.adform.net https://*.hotjar.com gtm.www.svenskaspel.se assets.adobedtm.com smetricstur.www.svenskaspel.se metricstur.www.svenskaspel.se https://*.qualtrics.com adobedc.demdex.net edge.adobedc.net server.adobedc.net *.youtube.com;style-src 'self' 'unsafe-inline' cdn1.svenskaspel.net tagmanager.google.com www.googletagmanager.com fonts.googleapis.com https://*.hotjar.com https://*.qualtrics.com;img-src https://api.www.svenskaspel.se 'self' data: cdn1.svenskaspel.net api.www.svenskaspel.se www.google-analytics.com region1.google-analytics.com https://www.facebook.com https://fonts.gstatic.com/ www.googletagmanager.com gtm.www.svenskaspel.se https://*.hotjar.com smetricstur.www.svenskaspel.se metricstur.www.svenskaspel.se cm.everesttech.net dpm.demdex.net https://siteintercept.qualtrics.com adobedc.demdex.net edge.adobedc.net server.adobedc.net *.cloudfront.net *.solidtango.com *.ytimg.com *.youtube-nocookie.com *.youtube.com;font-src 'self' cdn1.svenskaspel.net data: https://fonts.gstatic.com/ https://*.hotjar.com;media-src 'none';frame-src 'self' api.www.svenskaspel.se https://www.facebook.com https://connect.facebook.net https://vars.hotjar.com svenskaspel.demdex.net https://*.qualtrics.com adobedc.demdex.net edge.adobedc.net smetricstur.www.svenskaspel.se server.adobedc.net *.solidtango.com *.youtube-nocookie.com *.youtube.com;object-src 'none';frame-ancestors 'none';worker-src *.svenskaspel.se:*;connect-src 'self' https://api.www.svenskaspel.se cdn1.svenskaspel.net api.www.svenskaspel.se wss://api.www.svenskaspel.se www.google-analytics.com region1.google-analytics.com www.google.com googleads.g.doubleclick.net gtm.www.svenskaspel.se https://*.hotjar.com:* https://*.hotjar.io:* wss://*.hotjar.com dpm.demdex.net targettur.www.svenskaspel.se https://*.qualtrics.com adobedc.demdex.net edge.adobedc.net smetricstur.www.svenskaspel.se server.adobedc.net otlp.svenskaspel.net; 1
default-src 'self' blob: https://api.giphy.com https://iframe.mediadelivery.net https://*.b-cdn.net https://*.bunnycdn.com https://*.skool.com https://google.com https://*.google.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://youtube.com https://*.youtube.com https://*.loom.com *.wistia.com *.wistia.net https://*.litix.io https://embedwistia-a.akamaihd.net https://facebook.com https://*.facebook.net https://*.facebook.com https://*.fbsbx.com https://*.amazonaws.com https://*.googletagmanager.com https://*.googleads.g.doubleclick.net https://*.doubleclick.net/ https://*.googleadservices.com fonts.googleapis.com fonts.gstatic.com *.stripe.com https://cdn.growthbook.io; font-src 'self' blob: https://api.giphy.com https://iframe.mediadelivery.net https://*.b-cdn.net https://*.bunnycdn.com https://*.skool.com https://google.com https://*.google.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://youtube.com https://*.youtube.com https://*.loom.com *.wistia.com *.wistia.net https://*.litix.io https://embedwistia-a.akamaihd.net https://facebook.com https://*.facebook.net https://*.facebook.com https://*.fbsbx.com https://*.amazonaws.com https://*.googletagmanager.com https://*.googleads.g.doubleclick.net https://*.doubleclick.net/ https://*.googleadservices.com fonts.googleapis.com fonts.gstatic.com *.stripe.com https://cdn.growthbook.io 'self' data:; media-src 'self' blob: https://api.giphy.com https://iframe.mediadelivery.net https://*.b-cdn.net https://*.bunnycdn.com https://*.skool.com https://google.com https://*.google.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://youtube.com https://*.youtube.com https://*.loom.com *.wistia.com *.wistia.net https://*.litix.io https://embedwistia-a.akamaihd.net https://facebook.com https://*.facebook.net https://*.facebook.com https://*.fbsbx.com https://*.amazonaws.com https://*.googletagmanager.com https://*.googleads.g.doubleclick.net https://*.doubleclick.net/ https://*.googleadservices.com fonts.googleapis.com fonts.gstatic.com *.stripe.com https://cdn.growthbook.io 'self' data:; img-src 'self' blob: https://api.giphy.com https://iframe.mediadelivery.net https://*.b-cdn.net https://*.bunnycdn.com https://*.skool.com https://google.com https://*.google.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://youtube.com https://*.youtube.com https://*.loom.com *.wistia.com *.wistia.net https://*.litix.io https://embedwistia-a.akamaihd.net https://facebook.com https://*.facebook.net https://*.facebook.com https://*.fbsbx.com https://*.amazonaws.com https://*.googletagmanager.com https://*.googleads.g.doubleclick.net https://*.doubleclick.net/ https://*.googleadservices.com fonts.googleapis.com fonts.gstatic.com *.stripe.com https://cdn.growthbook.io https: data:; script-src 'self' blob: https://api.giphy.com https://iframe.mediadelivery.net https://*.b-cdn.net https://*.bunnycdn.com https://*.skool.com https://google.com https://*.google.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://youtube.com https://*.youtube.com https://*.loom.com *.wistia.com *.wistia.net https://*.litix.io https://embedwistia-a.akamaihd.net https://facebook.com https://*.facebook.net https://*.facebook.com https://*.fbsbx.com https://*.amazonaws.com https://*.googletagmanager.com https://*.googleads.g.doubleclick.net https://*.doubleclick.net/ https://*.googleadservices.com fonts.googleapis.com fonts.gstatic.com *.stripe.com https://cdn.growthbook.io 'unsafe-eval' 'unsafe-inline'; style-src 'self' blob: https://api.giphy.com https://iframe.mediadelivery.net https://*.b-cdn.net https://*.bunnycdn.com https://*.skool.com https://google.com https://*.google.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://youtube.com https://*.youtube.com https://*.loom.com *.wistia.com *.wistia.net https://*.litix.io https://embedwistia-a.akamaihd.net https://facebook.com https://*.facebook.net https://*.facebook.com https://*.fbsbx.com https://*.amazonaws.com https://*.googletagmanager.com https://*.googleads.g.doubleclick.net https://*.doubleclick.net/ https://*.googleadservices.com fonts.googleapis.com fonts.gstatic.com *.stripe.com https://cdn.growthbook.io 'unsafe-inline'; connect-src 'self' blob: https://api.giphy.com https://iframe.mediadelivery.net https://*.b-cdn.net https://*.bunnycdn.com https://*.skool.com https://google.com https://*.google.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://youtube.com https://*.youtube.com https://*.loom.com *.wistia.com *.wistia.net https://*.litix.io https://embedwistia-a.akamaihd.net https://facebook.com https://*.facebook.net https://*.facebook.com https://*.fbsbx.com https://*.amazonaws.com https://*.googletagmanager.com https://*.googleads.g.doubleclick.net https://*.doubleclick.net/ https://*.googleadservices.com fonts.googleapis.com fonts.gstatic.com *.stripe.com https://cdn.growthbook.io wss://*.skool.com ws://localhost:3000/_next/webpack-hmr https://o4505174093594624.ingest.sentry.io 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thesprucepets.com 1
base-uri 'self'; form-action 'self' https://www.facebook.com; frame-ancestors 'self' https://staging.qualityhealth.com https://qualityhealth.com https://www.qualityhealth.com https://pagemanager.sharecare.com https://www.sharecare.com; upgrade-insecure-requests ; connect-src 'self' https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.facebook.com https://smetrics.sharecare.com https://pagemanager.sharecare.com https://stpgmgr.wpenginepowered.com https://www.sharecare.com https://securepubads.g.doubleclick.net https://pagead2.googlesyndication.com https://privacyportal-na01.onetrust.com https://www.google.com https://googleads.g.doubleclick.net https://vjs.zencdn.net https://edge.api.brightcove.com https://manifest.prod.boltdns.net https://about.sharecare.com https://cdnjs.cloudflare.com; default-src 'self'; font-src 'self' https://fonts.sharecare.com https://cdn.jsdelivr.net https://pagemanager.sharecare.com https://stpgmgr.wpenginepowered.com https://www.sharecare.com https://use.typekit.net https://fonts.gstatic.com https://pagemanager.sharecare.com; frame-src *; img-src 'self' data: https://smetrics.sharecare.com https://sb.scorecardresearch.com https://www.google.com https://www.facebook.com https://cdn.jsdelivr.net https://connect.facebook.net https://pagemanager.sharecare.com https://stpgmgr.wpenginepowered.com https://www.sharecare.com https://s.sharecare.com https://s3.amazonaws.com https://p.typekit.net https://cdn.tapnative.com https://tcp.googlesyndication.com https://www.medtargetsystem.com https://adservice.google.com https://cdn.ampproject.org https://*.doubleclick.net https://ad.doubleclick.net https://match.deepintent.com https://trc.lhmos.com https://*.googlesyndication.com https://secure.adnxs.com https://preferences.trustarc.com https://choices.trustarc.com https://track.customer.io  https://cdn.cookielaw.org https://www.googletagmanager.com https://metrics.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://about.sharecare.com; media-src *; object-src 'none'; prefetch-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://assets.adobedtm.com https://use.typekit.net https://cdn.cookielaw.org https://s.sharecare.com https://preferences.truste.com https://sb.scorecardresearch.com https://www.googleadservices.com https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.google.com https://pi.pardot.com https://www2.sharecare.com https://pagemanager.sharecare.com https://stpgmgr.wpenginepowered.com https://www.sharecare.com https://geolocation.onetrust.com https://ajax.googleapis.com https://www.googletagservices.com https://content.tapnative.com https://securepubads.g.doubleclick.net https://www.medtargetsystem.com https://adservice.google.com https://tcp.googlesyndication.com https://match.deepintent.com https://trc.lhmos.com https://tpc.googlesyndication.com https://cdn.ampproject.org https://assets.customer.io https://ssl.google-analytics.com https://code.jquery.com https://privacyportal-na01.onetrust.com https://players.brightcove.net https://ajax.googleapis.com https://cdn.krxd.net https://vjs.zencdn.net https://edge.api.brightcove.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *; worker-src 'self' blob:; 1
base-uri 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' *.conetix.com.au https://info.conetix.com https://www.google-analytics.com https://ekr.zdassets.com https://i.clarity.ms https://conetix.zendesk.com https://ekr.zendesk.com wss://widget-mediator.zopim.com https://stats.g.doubleclick.net wss://widget-mediator.zopim.com https://m.addthis.com https://api-public.addthis.com https://*.clarity.ms https://conetix.sendsafely.com https://static-conetix.sendsafely.com https://conetix.sendsafely-au.com https://connect.facebook.net https://graph.facebook.com/ https://analytics.google.com wss://pod-25.zendesk.com 1
img-src 'self' data: https://*.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://ssl.gstatic.com https://www.gstatic.com https://*.paddle.com https://v2.zopim.com https://*.zopim.io; media-src https://v2.zopim.com https://static.zdassets.com; object-src 'none'; worker-src 'none'; style-src 'self' 'unsafe-inline' https://*.paddle.com https://fonts.googleapis.com https://optimize.google.com https://tagmanager.google.com; font-src 'self' data: https://fonts.gstatic.com https://v2.zopim.com; frame-ancestors 'none'; report-uri /api/v1/reports; 1
frame-ancestors 'self'; base-uri 'self'; form-action 'self' *.paypal.com; default-src 'none'; connect-src 'self' *.amazonaws.com *.mapbox.com *.googleapis.com *.airmap.com *.altitudeangel.com *.airspacelink.com *.api.airmarket.io *.airmarket.io *.helphero.co api.conveythis.com api.tiles.openaip.net *.paypal.com geogratis.gc.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.mapbox.com *.airmap.io *.airmarket.io *.conveythis.com *.stripe.com *.helphero.co helphero.co *.google.com *.gstatic.com blob:; font-src 'self' fonts.gstatic.com; img-src 'self' *.amazonaws.com *.tiles.mapbox.com *.altitudeangel.com *.airmarket.io airmarket.io *.googleapis.com *.gstatic.com *.conveythis.com *.autelrobotics.com *.skypixel.com *.paypal.com *.paypalobjects.com data: blob: data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.mapbox.com *.gstatic.com; frame-src 'self' *.stripe.com embed.windy.com; object-src 'none'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.mapbox.com *.stripe.com *.paypal.com *.airmarket.io geogratis.gc.ca 1
style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' app.convert.com; child-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; frame-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com region1.google-analytics.com logs.convertexperiments.com 1003350.metrics.convertexperiments.com 1003343.metrics.convertexperiments.com sentry.prod.mozaws.net o1069899.sentry.io o1069899.ingest.sentry.io https://accounts.firefox.com.cn/ stage.cjms.nonprod.cloudops.mozgcp.net cjms.services.mozilla.com; img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com data: mozilla.org www.googletagmanager.com www.google-analytics.com adservice.google.com adservice.google.de adservice.google.dk creativecommons.org cdn-3.convertexperiments.com logs.convertexperiments.com images.ctfassets.net; font-src 'self'; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com; script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com cdn-3.convertexperiments.com app.convert.com data.track.convertexperiments.com 1003350.track.convertexperiments.com 1003343.track.convertexperiments.com 1
frame-ancestors 'self' http://webvisor.com; default-src 'self' https://yandex.ru; font-src 'self'; script-src 'self' https://api-maps.yandex.ru https://maps.google.com https://code.jivosite.com https://www.googletagmanager.com https://stats.hts.ru https://mc.yandex.ru https://yastatic.net https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://mc.yandex.ru https://code.jivosite.com https://*.jivosite.com; img-src 'self' https://ext.host-tracker.com https://api-maps.yandex.ru https://counter.yadro.ru http://cp.hts.ru https://mc.yandex.ru https://*.maps.yandex.net http://www.hts.ru http://hubble.ht-systems.ru https://stats.hts.ru https://www.google-analytics.com data:; media-src 'self' https://code.jivosite.com; style-src 'self' 'unsafe-inline'; object-src 'self' 1
default-src 'self' https://*.eib.org; connect-src 'self' vimeo.com eib.containers.piwik.pro eib.piwik.pro infogram.com *.readspeaker.com *.eib.org *.hotjar.com *.fontawesome.com *.googletagmanager.com *.google-analytics.com *.google.com *.demdex.net *.curator.io fonts.googleapis.com unpkg.com; script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' web-eur.cvent.com cdn.jsdelivr.net googleads.g.doubleclick.net eib.piwik.pro *.smartsurvey.co.uk eib.containers.piwik.pro *.eib.org *.hotjar.com unpkg.com *.tt.omtrdc.net *.fontawesome.com infogram.com *.infogram.com *.syndication.twimg.com *.google.com *.facebook.net *.twitter.com *.gstatic.com *.europa.eu *.jquery.com *.bit.ly *.demdex.net *.adobedtm.com *.googleapis.com *.googletagmanager.com www.googleadservices.com  *.youtube.com *.mailjet.com *.google-analytics.com s.ytimg.com fonts.gstatic.com *.bootstrapcdn.com cdnjs.cloudfare.com *.visme.co europa.eu *.curator.io *.readspeaker.com; style-src 'self' 'report-sample' 'unsafe-inline' cdn.jsdelivr.net *.eib.org unpkg.com eib.containers.piwik.pro  *.fontawesome.com *.googletagmanager.com *.google.com *.twitter.com *.gstatic.com *.europa.eu fonts.googleapis.com *.bootstrapcdn.com app.mailjet.com europa.eu *.curator.io cdn1.readspeaker.com; object-src 'self'; worker-src 'none'; child-src 'self'; frame-src data: web-eur.cvent.com *.spotify.com *.eib.org www.weforum.org datawrapper.dwcdn.net *.smartsurvey.co.uk *.hotjar.com *.3dvista.com livestream.com infogram.com *.infogram.com *.sli.do *.vimeo.com vimeo.com *.europa.eu *.exposure.co *.tiesraides.lv *.twitter.com *.google.com youtu.be *.acast.com *.visme.co *.mailjet.com *.mjt.lu *.youtube.com europa.eu *.curator.io *.readspeaker.com player.clevercast.com; font-src 'self' data: *.eib.org eib.containers.piwik.pro  fonts.gstatic.com *.fontawesome.com  europa.eu *.curator.io; img-src 'self' data: *.vimeocdn.com *.google.com *.google.fr *.google.lu *.google.de googleads.g.doubleclick.net infogram-thumbs-1024.s3-eu-west-1.amazonaws.com infogram.com  *.eib.org *.youtube.com *.mailjet.com eib.piwik.pro eib.containers.piwik.pro *.facebook.com *.twitter.com *.googletagmanager.com *.twimg.com *.europa.eu *.google-analytics.com eib.sc.omtrdc.net europa.eu *.fastly.net server.arcgisonline.com *.curator.io; form-action 'self' https://*.eib.org *.readspeaker.com; base-uri 'self'; frame-ancestors 'self'; report-uri /csp-reports.php; upgrade-insecure-requests; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.treehugger.com 1
base-uri 'none'; img-src * data: blob:; require-trusted-types-for 'script'; media-src 'self' data: *.gstatic.com storage.googleapis.com *.googlevideo.com; font-src 'self' themes.googleusercontent.com *.gstatic.com https://fonts.gstatic.com storage.googleapis.com fonts.googleapis.com *.cdn.ampproject.org; default-src 'self' *.gstatic.com storage.googleapis.com; object-src 'none'; connect-src 'self' cdn.ampproject.org *.google.com storage.googleapis.com https://services.google.com/fb/submissions/thekeywordtest/ https://services.google.com/fb/submissions/0a65d7733e1f11ea9701614fc033d30c/ *.gstatic.com gstatic.com *.cdn.ampproject.org *.doubleclick.net https://readaloud.googleapis.com/ *.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com storage.googleapis.com *.google.com cdn.ampproject.org; frame-src 'self' www.google.com *.youtube.com youtube.com accounts.google.com *.doubleclick.net apis.google.com optimize.google.com *.google.com *.cdn.ampproject.org https://www.gstatic.com/ https://www.youtube-nocookie.com/; script-src 'self' 'unsafe-eval' *.googleanalytics.com *.google-analytics.com *.youtube.com youtube.com optimize.google.com https://s.ytimg.com *.googletagmanager.com storage.googleapis.com *.googleapis.com *.google.com cdn.ampproject.org *.gstatic.com gstatic.com googleadservices.com *.googleadservices.com 'sha256-hdPneczWRi+c9LQVo+PzNzlNr9TacChC0CW0fiDBHkI=' 'sha256-DE/j4w1a1HDIXysWgFTrJCJK6JWEcHqScfyMr9zq9R4=' 'sha256-Ehy9lGqrTi8OqqWxX1HN6hKJT7iwwYMFJ+HLjpEobO0=' 'sha256-s/yvuH0ZHyO+7N8dM5CshPem4K1PknDExYN18xHq0LI=' 'sha256-MWQdkIAX5J//suH1t5P3PFFwFUiphY0PxD6VVzbBehQ=' 'sha256-587vJAV9t9k86IMQixmyKa7lbPaDhkGzrJsdngtoiAA=' 'sha256-nlbIOie3vmdUUZjQFDMa7iipxS6Qst8pPhTLjibMsRk=' 'sha256-lgJnwAolJEfUZqcADCe937u5G/i9edAudHv5GJlMHHo=' 'sha256-f4ki6ad4xHBnfj+FbRBUifEbj0rzaa2pNLDbnZ3IEMs=' 'sha256-PnD9J8UK8zpwVizQXkEtbZOvTiv9C/05Nn81NEwPBoQ=' 'sha256-IHJHx/ev1AojCsnOCpg0yqGX6hsg0CPBpcNodZR3ZuE=' 'sha256-kYDvl4o9O3XKKtgQW4BZzZZ44BDD2lwJj6eNJ8HyqWg=' 'sha256-786mZQPkATV3kJd7q8ZuwoTH4U3/0WniBdyVOgZQpv4=' 'sha256-Xyk5Ei/Yh7DuZgaxNfbPswkpmMKHk5Jy18vkxjfPMj0=' 'sha256-1lOrojGb+aoV56bZpsODLpb+j+HHbONNEpX/YqVtiUU=' 'sha256-sAsQphoZozaLVFpcda3bvT5euqcGL4MqVnizAR+Xla4=' 'sha256-qmxgNLBk8DehEAH10pxGKDVGIrss69LIPlCGOCw3O78=' 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thesprucecrafts.com 1
default-src 'self';object-src 'self';frame-src 'self' blob: https://*.youtube.com https://*.youtube-nocookie.com https://consentcdn.cookiebot.eu https://www.aerzteblatt.de https://www.blutspenden.de https://www.swr.de https://www.tagesschau.de https://www.iwkoeln.de https://ngp.zdf.de https://players.brightcove.net https://www.facebook.com https://europa.eu https://dk2wss784le25.cloudfront.net https://www.intermedia-solutions.net https://webtv.bundestag.de https://api.de.kaltura.com https://newsroom.consilium.europa.eu/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://consentcdn.cookiebot.eu https://consent.cookiebot.eu https://siteimproveanalytics.com;style-src 'self' data: 'unsafe-inline';img-src 'self' data:;font-src 'self' data: 'unsafe-inline';connect-src 'self' https://consentcdn.cookiebot.eu;manifest-src 'self' 1
object-src 'none'; script-src 'nonce-4cef2e88-63e9-4697-b220-1c859bbc1e70' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'none'; report-uri /csp-reports 1
default-src 'self'; img-src 'self' data: *; object-src 'self'; connect-src 'self' https://www.roboform.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://api.reviews.co.uk https://api.reviews.io https://analytics.google.com https://www.google.com https://adservice.google.com https://www.rsbrjk4ik.com https://pagead2.googlesyndication.com https://gtm.roboform.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.roboform.com/ https://tagmanager.google.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com https://www.googletagmanager.com/ https://widget.reviews.io https://www.google-analytics.com/ https://www.googleadservices.com/ https://connect.facebook.net/ https://*.doubleclick.net/ https://tagmanager.google.com/ https://bat.bing.com/ https://www.youtube.com/ https://s.ytimg.com/ https://www.rsbrjk4ik.com/ https://gtm.roboform.com/ https://tpc.googlesyndication.com/; font-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://www.roboform.com; frame-src 'self' https://docs.google.com/ https://widget.reviews.io/ https://*.doubleclick.net/ https://www.google.com https://www.facebook.com https://www.emjcd.com https://cj.dotomi.com https://www.youtube.com https://tpc.googlesyndication.com; frame-ancestors 'self' 1
default-src 'none';form-action 'self';base-uri 'none';child-src 'self' https://www.youtube.com/embed/;connect-src 'self' https://ps.containers.piwik.pro https://ps.piwik.pro https://www.google.com/recaptcha/;font-src 'self';frame-src 'self' https://www.youtube.com/embed/ https://www.google.com/recaptcha/;img-src 'self' https://i.ytimg.com/;media-src 'self' https://d21v5rjx8s17cr.cloudfront.net/ https://d2gl1b374o3yzk.cloudfront.net/;script-src 'self' https://ps.containers.piwik.pro/ppms.js https://ps.piwik.pro/ppms.js https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ 'nonce-DqKWKyd8gFzKsQYf1Upq8scE2csFZ+Ri' 'strict-dynamic';style-src 'self'; 1
default-src 'self' vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io wss://*.vercel.com localhost:* chrome-extension://*;script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.google-analytics.com www.googleadservices.com www.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.twimg.com cdn.ampproject.org www.googletagmanager.com *.googleapis.com *.heapanalytics.com heapanalytics.com *.fides-cdn.ethyca.com *.ethyca.com cdn.ethyca.com cdn.vercel-insights.com va.vercel-scripts.com vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io wss://*.vercel.com localhost:* chrome-extension://*;child-src *.youtube.com *.youtube-nocookie.com *.stripe.com www.google.com td.doubleclick.net github.com calendly.com vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io wss://*.vercel.com localhost:* chrome-extension://*;style-src 'self' 'unsafe-inline' *.googleapis.com heapanalytics.com vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io wss://*.vercel.com localhost:* chrome-extension://*;img-src * blob: data:;media-src 'self' videos.ctfassets.net user-images.githubusercontent.com replicate.delivery blob: data: vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io wss://*.vercel.com localhost:* chrome-extension://*;connect-src wss://ws-us3.pusher.com data: *;font-src 'self' *.vercel.com *.gstatic.com vercel.live;worker-src 'self' *.vercel.com blob: 1
frame-ancestors 'none'; connect-src 'self' www.google-analytics.com https://sessions.bugsnag.com wss://ws-mt1.pusher.com https://sockjs.pusher.com1 https://sidebar.bugherd.com *.google-analytics.com *.analytics.google.com api.userback.io logx.optimizely.com 287-ugb-469.mktoresp.com px.ads.linkedin.com events.rm-api.com stats.g.doubleclick.net cdn-prod.securiti.ai app.securiti.ai ws.zoominfo.com play.vidyard.com https://lottie.host https://sockjs.pusher.com https://analytics.google.com; object-src blend.localhost blendcom.localhost blendcom2.localhost blend.com blendcom2-blend.pantheonsite.io; img-src 'self' blob: blendcom2-blend.pantheonsite.io blend.com p.typekit.net www.googletagmanager.com www.google-analytics.com secure.gravatar.com data: *.gravatar.com *.cloudfront.net https://sidebar.bugherd.com https://bugherd-attachments.s3.amazonaws.com *.google-analytics.com *.analytics.google.com px.ads.linkedin.com cdn.bizible.com px4.ads.linkedin.com *.google.com *.facebook.com t.co analytics.twitter.com cdn.bizibly.com videos.blend.com play.vidyard.com cdn.vidyard.com image.cnbcfm.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net https://www.bugherd.com devserver.blend.localhost devserver.blendcom2.localhost https://sidebar.bugherd.com *.google-analytics.com *.analytics.google.com static.userback.io/widget/v1.js cdn.optimizely.com *.googletagmanager.com static.ads-twitter.com connect.facebook.net snap.licdn.com munchkin.marketo.net ws.zoominfo.com metadata-static-files.sfo2.cdn.digitaloceanspaces.com assets.rampmetrics.com cdn.bizible.com cdn-prod.securiti.ai info.blend.com cdnjs.cloudflare.com play.vidyard.com https://unpkg.com/@lottiefiles/ https://unpkg.com/@dotlottie/ https://googleads.g.doubleclick.net; style-src 'unsafe-inline' 'self' cdn-prod.securiti.ai info.blend.com; font-src 'self' data: *.typekit.net; frame-src 'self' *.youtube.com https://sidebar.bugherd.com info.blend.com play.vidyard.com docs.google.com player.cnbc.com td.doubleclick.net; base-uri 'none' 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https://cms.mochahost.com https://analytics.sleeknote.com https://www.googletagmanager.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' https://stablechat.mysecurecloudhost.com; upgrade-insecure-requests; 1
default-src 'none'; base-uri 'self' docs.helpscout.net; block-all-mixed-content; child-src 'self' assets.braintreegateway.com assets.rescuetime.com assets-dev.rescuetime.com c.paypal.com www.youtube.com player.vimeo.com fast.wistia.net moz-extension://* chrome-extension://*; connect-src 'self' d3ccrbqtj64zhq.cloudfront.net support-media.rescuetime.com d1tc833ex4oc93.cloudfront.net assets.rescuetime.com assets-dev.rescuetime.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.sandbox.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com *.paypal.com www.google-analytics.com connect.facebook.net www.facebook.com ysxtsrzt2b4s.statuspage.io rescuetime.helpscoutdocs.com secure.helpscout.net api.ipify.org beaconapi.helpscout.net chatapi.helpscout.net d3hb14vkzrxvla.cloudfront.net stats.g.doubleclick.net *.sumologic.com sentry.io *.ingest.sentry.io *.sentry-cdn.com wss: wss://*.pusher.com slack.com *.asana.com trello.com *.atlassian.com github.com *.google.com exist.io *.visualwebsiteoptimizer.com app.vwo.com logo.clearbit.com *.ubembed.com *.userleap.com *.sprig.com *.usersnap.com *.gist.build blog.rescuetime.com *.fontawesome.com *.getharvest.com; font-src 'self' data: d1tc833ex4oc93.cloudfront.net assets.rescuetime.com assets-dev.rescuetime.com fonts.gstatic.com app.vwo.com *.ubembed.com *.userleap.com *.sprig.com *.usersnap.com *.gist.build *.fontawesome.com; form-action 'self' community.rescuetime.com blog.rescuetime.com *.welltory.com slack.com *.asana.com trello.com *.atlassian.com github.com *.github.com google.com *.google.com *.microsoftonline.com twitter.com *.twitter.com facebook.com *.facebook.com linkedin.com *.linkedin.com spotify.com *.spotify.com getharvest.com *.getharvest.com; frame-ancestors moz-extension://* chrome-extension://*; frame-src 'self' d3ccrbqtj64zhq.cloudfront.net support-media.rescuetime.com d1tc833ex4oc93.cloudfront.net assets.rescuetime.com assets-dev.rescuetime.com assets.braintreegateway.com *.paypal.com djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net platform.twitter.com www.googletagmanager.com www.google.com bid.g.doubleclick.net *.facebook.com tst.kaptcha.com ssl.kaptcha.com www.youtube.com moz-extension://* chrome-extension://* ifttt.com *.vimeo.com app.vwo.com *.ubembed.com *.userleap.com *.sprig.com *.usersnap.com *.userreport.com *.gist.build; img-src 'self' data: d3ccrbqtj64zhq.cloudfront.net support-media.rescuetime.com d1tc833ex4oc93.cloudfront.net assets.rescuetime.com assets-dev.rescuetime.com assets.braintreegateway.com *.paypal.com platform.twitter.com pbs.twimg.com www.google-analytics.com connect.facebook.net *.facebook.com d33v4339jhl8k0.cloudfront.net moz-extension://* chrome-extension://* via.placeholder.com ifttt.com api.producthunt.com zapier.com cdn.zapier.com www.google.com googleads.g.doubleclick.net *.adsymptotic.com *.visualwebsiteoptimizer.com *.ads.linkedin.com app.vwo.com track.customer.io secure.gravatar.com logo.clearbit.com *.ubembed.com *.userleap.com *.sprig.com *.usersnap.com *.scdn.co *.userreport.com *.gist.build *.spotify.com *.spotifycdn.com; manifest-src 'self'; media-src 'self' beacon-v2.helpscout.net support-media-storage.s3.amazonaws.com d3ccrbqtj64zhq.cloudfront.net support-media.rescuetime.com d1tc833ex4oc93.cloudfront.net assets.rescuetime.com assets-dev.rescuetime.com; object-src 'self' djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net assets.rescuetime.com assets-dev.rescuetime.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' d1tc833ex4oc93.cloudfront.net assets.rescuetime.com assets-dev.rescuetime.com js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com d12wqas9hcki3z.cloudfront.net d33v4339jhl8k0.cloudfront.net djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net cdn.ravenjs.com platform.twitter.com www.google-analytics.com www.googletagmanager.com www.google.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com zapier.com connect.facebook.net dev.visualwebsiteoptimizer.com app.vwo.com cdn.rawgit.com player.vimeo.com assets.customer.io *.licdn.com *.ubembed.com *.userleap.com *.sprig.com *.usersnap.com *.sentry-cdn.com *.gist.build gist-queue-consumer-api.cloud.gist.build ajax.googleapis.com blog.rescuetime.com *.userreport.com *.fontawesome.com; style-src 'self' 'unsafe-inline' d1tc833ex4oc93.cloudfront.net assets.rescuetime.com assets-dev.rescuetime.com fonts.googleapis.com beacon-v2.helpscout.net d12wqas9hcki3z.cloudfront.net djtflbt20bdde.cloudfront.net app.vwo.com *.ubembed.com *.userleap.com *.sprig.com *.usersnap.com *.gist.build *.fontawesome.com; upgrade-insecure-requests; worker-src blob:; report-uri https://www.rescuetime.com/csp-report 1
default-src https: data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'none'; base-uri 'none'; connect-src 'self' https://media.web.dnb.no https://s7mbrstream-g1.scene7.com https://assets.adobedtm.com https://player.vimeo.com https://www.youtube-nocookie.com https://api.screen9.com https://chat.screen9.com https://dnbbankasa.tt.omtrdc.net https://mboxedge37.tt.omtrdc.net https://cognito-identity.eu-north-1.amazonaws.com https://pzoi5kbexnfyvaotpsa7pjcvnq.appsync-api.eu-north-1.amazonaws.com https://rum.web.dnb.no https://um.web.dnb.no https://ametrics.web.dnbbank.no https://mobilbank.api.dnb.no/ https://m.dnb.no https://www.dnb.no https://dnb.no https://api-open.ccp.dnb.no; font-src 'self' data:; form-action https://dnb.no https://www.dnb.no https://m.dnb.no; frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://api.screen9.com https://chat.screen9.com https://chat.dnb.no; img-src 'self' data: https://media.web.dnb.no https://i.ytimg.com https://ametrics.web.dnbbank.no https://m.dnb.no https://www.dnb.no https://dnb.no; manifest-src 'self'; media-src blob: https://media.web.dnb.no https://s7mbrstream-g1.scene7.com; report-uri /portalfront/csp/cspreportlog.php; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://media.web.dnb.no https://assets.adobedtm.com https://rum.web.dnb.no https://js-cdn.dynatrace.com https://um.web.dnb.no https://ametrics.web.dnbbank.no; style-src 'self' 'unsafe-inline' https://media.web.dnb.no; worker-src blob: 'self'; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-WsKtm+jz1u+5edx3TzxdSg=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
frame-ancestors 'self' *.zte.com.cn; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zte.com.cn snap.licdn.com hm.baidu.com www.googletagmanager.com; worker-src 'self' blob:; object-src 'self' *.zte.com.cn; 1
default-src *; base-uri *; font-src data: *; frame-src 'self' fbrpc: *; img-src data: *; media-src 'self' www-assets.bradsdeals.com www-assets-staging.bradsdeals.com blob:; script-src 'unsafe-inline' 'unsafe-eval' data: *; style-src 'unsafe-inline' blob: * 1
child-src accounts.firefox.com www.google-analytics.com *.mozilla.com 'self' *.mozilla.net www.googletagmanager.com js.stripe.com www.youtube.com *.mozilla.org; script-src s.ytimg.com 'unsafe-inline' www.google-analytics.com *.mozilla.com 'unsafe-eval' 'self' *.mozilla.net www.googletagmanager.com js.stripe.com www.youtube.com *.mozilla.org tagmanager.google.com; frame-src accounts.firefox.com www.google-analytics.com *.mozilla.com 'self' *.mozilla.net www.googletagmanager.com js.stripe.com www.youtube.com *.mozilla.org; default-src *.mozilla.com *.mozilla.org 'self' *.mozilla.net; font-src *.mozilla.com *.mozilla.org 'self' *.mozilla.net; style-src 'unsafe-inline' *.mozilla.com 'self' *.mozilla.net *.mozilla.org; connect-src o1069899.sentry.io cjms.services.mozilla.com sentry.prod.mozaws.net www.google-analytics.com o1069899.ingest.sentry.io https://accounts.firefox.com/ *.mozilla.com 'self' *.mozilla.net www.googletagmanager.com region1.google-analytics.com stage.cjms.nonprod.cloudops.mozgcp.net *.mozilla.org; img-src images.ctfassets.net www.google-analytics.com data: *.mozilla.com mozilla.org 'self' *.mozilla.net www.googletagmanager.com creativecommons.org *.mozilla.org 1
default-src 'self' *.fec.gov *.app.cloud.gov; connect-src 'self' *.fec.gov *.app.cloud.gov https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/; img-src 'self' *.fec.gov *.app.cloud.gov data: https://*.ssl.fastly.net https://www.google-analytics.com https://tiles.stadiamaps.com/tiles/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://dap.digitalgov.gov https://www.google.com/recaptcha/ https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' data:; object-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: *.eurovisionworld.com; connect-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.eurovisionworld.com eurovision.world eurovision.bet *.twitter.com *.facebook.net *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.cloudflare.com *.googlesyndication.com instagram.com *.instagram.com *.youtube.com 1
frame-ancestors 'self' https://content.amplience.net https://primark.app.amplience.net https://app.amplience.net; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/ https://open.spotify.com/ https://www.gstatic.com/ https://tracking.g2crowd.com/ https://dataroid.com https://cdn-www.dataroid.com/ https://*.dataroid.com https://cdnjs.cloudflare.com https://analytics.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/ https://connect.facebook.net https://cdn.jsdelivr.net/npm/swiper@11https://px.ads.linkedin.com https://www.g2.com/ https://snap.licdn.com/ https://code.jquery.com https://www.youtube.com/; style-src 'self' https://cdn.jsdelivr.net/ https://open.spotify.com/ https://dataroid.com https://cdn-www.dataroid.com/ https://*.dataroid.com https://fonts.googleapis.com https://www.g2.com/ https://www.youtube.com/ 'unsafe-inline'; img-src 'self' data:  https://secure.gravatar.com/ https://px.ads.linkedin.com/ https://www.google.com/ https://www.google.com.tr/ https://www.facebook.com/ https://open.spotify.com/ https://www.gstatic.com/ https://dataroid.com https://cdn-www.dataroid.com/ https://*.dataroid.com https://images.g2crowd.com https://www.g2.com/ https://www.youtube.com/; font-src 'self' https://www.dataroid.com https://cdn-www.dataroid.com/ https://*.dataroid.com https://fonts.gstatic.com; connect-src 'self' https://open.spotify.com/ https://www.gstatic.com/ https://tracking.g2crowd.com/ https://www.dataroid.com https://cdn-www.dataroid.com/ https://*.dataroid.com https://analytics.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://connect.facebook.net https://px.ads.linkedin.com; frame-src 'self' https://open.spotify.com/ https://www.dataroid.com https://cdn-www.dataroid.com/ https://*.dataroid.com https://www.google.com https://www.g2.com/ https://www.youtube.com/; object-src 'none'; base-uri 'self'; form-action 'self' https://www.gstatic.com/; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' https://*.procaresoftware.com; 1
frame-ancestors 'self' promo.bank.gov.ua power.bank.gov.ua lp.bank.gov.ua stage.bank.gov.ua test.bank.gov.ua 1
frame-ancestors https://*.1stdibs.com; 1
frame-ancestors 'self'; default-src https: 'unsafe-eval' 'unsafe-inline' 'self' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' https: data:; script-src-elem 'self' 'unsafe-inline' https: blob:; connect-src 'self' https://bat.bing.com/ https://metrics.hotjar.io/ https://google.com/ccm/form-data/936575551 https://analytics.google.com https://pixel-config.reddit.com/pixels/t2_tc9ivusr/config https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_tc9ivusr_telemetry https://conversions-config.reddit.com/v1/pixel/error wss://ws.hotjar.com https://px.ads.linkedin.com/attribution_trigger https://px.ads.linkedin.com/wa/ https://content.hotjar.io https://vc.hotjar.io https://stats.g.doubleclick.net https://orders.resilio.com https://api-iam.intercom.io https://global.sitesearch360.com https://insights.sitesearch360.com https://ws.zoominfo.com https://google.com/pagead/form-data/936575551 https://tracking.g2crowd.com https://api.omappapi.com https://js.zi-scripts.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io; img-src 'self' https: data: 1
default-src 'self' 'unsafe-inline' *.stripe.com *.paypal.com *.paypalobjects.com platform.twitter.com syndication.twitter.com code.jquery.com cdn.jsdelivr.net www.gstatic.com www.google.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.googleapis.com *.fontawesome.com api.ipdata.co 1
frame-ancestors 'self' https://www.highspot.com https://app.highspot.com; 1
frame-src 'self' ableton: bandcamp.com www.facebook.com optimize.google.com embed.spotify.com open.spotify.com w.soundcloud.com player.vimeo.com www.youtube-nocookie.com www.youtube.com ljsp.lwcdn.com brandfolder.com www.instagram.com crowdin.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' api.soundcloud.com w.soundcloud.com www.youtube.com www.youtube-nocookie.com s.ytimg.com www.googleadservices.com googleads.g.doubleclick.net optimize.google.com connect.facebook.net recommender.scarabresearch.com www.instagram.com cdn.syndication.twimg.com platform.twitter.com syndication.twitter.com use.typekit.net cdn.crowdin.com crowdin.com cdn.matomo.cloud analytics.ableton.com cdn.jsdelivr.net cdn-resources.ableton.com; style-src 'unsafe-inline' optimize.google.com fonts.googleapis.com platform.twitter.com ton.twimg.com use.typekit.net cdn.crowdin.com cdn.jsdelivr.net cdn-resources.ableton.com; frame-ancestors 'self' ableton.lightning.force.com; object-src 'self'; default-src 'self' blob: data: https: ableton:; report-uri /csp/report/ 1
default-src data: bama.ir *.bama.ir; font-src bama.ir *.bama.ir https://fonts.gstatic.com data:; img-src bama.ir *.bama.ir https://trustseal.enamad.ir eanjoman.ir https://eanjoman.ir https://*.google.com https://google-analytics.com https://*.google-analytics.com https://www.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://*.g.doubleclick.net https://analytics.google.com https://*.analytics.google.com https://marketingplatform.google.com https://ssl.gstatic.com https://www.gstatic.com blob: data: *.clarity.ms clarity.ms c.bing.com; worker-src bama.ir *.bama.ir; style-src 'unsafe-inline' bama.ir *.bama.ir https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://analytics.google.com https://*.analytics.google.com https://marketingplatform.google.com https://tagmanager.google.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' bama.ir *.bama.ir https://m.asanpardakht.com/cdn/asanbridge-1.0.2.min.js https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://analytics.google.com https://*.analytics.google.com https://marketingplatform.google.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js *.clarity.ms clarity.ms c.bing.com; connect-src bama.ir *.bama.ir https://trustseal.enamad.ir eanjoman.ir https://eanjoman.ir apm.bama.ir https://apm.bama.ir      https://*.google.com https://www.google-analytics.com https://*.googleapis.com https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://analytics.google.com https://*.analytics.google.com https://marketingplatform.google.com https://*.g.doubleclick.net  *.clarity.ms clarity.ms c.bing.com; form-action bama.ir *.bama.ir; frame-ancestors bama.ir *.bama.ir https://m.asanpardakht.ir https://m.asanpardakht.com https://pwa.dev.tasn.ir https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://analytics.google.com https://*.analytics.google.com https://marketingplatform.google.com ; frame-src bama.ir *.bama.ir https://google-analytics.com https://*.google-analytics.com https://*.doubleclick.net https://doubleclick.net https://googletagmanager.com https://*.googletagmanager.com https://analytics.google.com https://*.analytics.google.com https://marketingplatform.google.com ; object-src 'none'; base-uri bama.ir *.bama.ir; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.isbank.com.tr *.google.com *.google.com.tr *.efilli.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.yandex.ru *.taboola.com *.intisbank *.uatisbank *.dmzisbank *.taboola.com *.signfordeaf.com *.youtube.com *.facebook.net *.facebook.com *.adform.net *.googleapis.com *.gstatic.com *.webservice.foreks.com *.maxiweb.isbank.com.tr data:; frame-src 'self' maxiweb.isbank.com.tr webservice.foreks.com www.youtube.com 1
upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none' 1
default-src 'self';frame-src 'self' auth.yads.tech blob: https://mc.yandex.ru https://mc.yandex.com;worker-src 'self' blob:;font-src 'self' static.yads.tech;img-src 'self' data: air-space-users-content.s3.eu-central-1.amazonaws.com https://mc.yandex.ru https://mc.yandex.com static.yads.tech;style-src 'self' 'unsafe-inline' static.yads.tech;child-src blob: https://mc.yandex.ru https://mc.yandex.com;connect-src 'self' auth.yads.tech air-space-users-content.s3.eu-central-1.amazonaws.com https://mc.yandex.ru https://mc.yandex.com app.yads.tech logs-ingest.yads.tech;script-src-elem https://mc.yandex.ru https://mc.yandex.com https://yastatic.net static.yads.tech 'self' 'nonce-5d00a5ca65e42ccc225ee825c185c7bb';script-src https://mc.yandex.ru https://mc.yandex.com https://yastatic.net static.yads.tech 'self' 'nonce-5d00a5ca65e42ccc225ee825c185c7bb' 1
default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline' 1
frame-ancestors 'self' *.singtel.com *.singtelgroup.net *.singtelshop.com singtel.sharepoint.com; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; connect-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' https: blob: data:; font-src 'self' https:; object-src 'none'; base-uri 'self'; form-action 'self'; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self'; connect-src 'self' https:; font-src 'self' data: https:; frame-src 'self' https:; img-src 'self' https: blob: data:; manifest-src 'none'; media-src 'none'; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; worker-src blob: 1
frame-ancestors 'self' *.brandwatch.com; object-src 'none'; 1
default-src https:; script-src blob: https: 'unsafe-eval' 'unsafe-inline';media-src blob: https:; worker-src blob: https://*.zacks.com; style-src https: 'unsafe-inline'; img-src https: data: 'self'; frame-ancestors 'self' zacks.com *.zacks.com; 1
base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com https://www.googletagmanager.com https://eref.uni-bayreuth.de https://www.uni-bayreuth.de https://*.usercentrics.eu; frame-src 'self' https://forms.zohopublic.eu https://zcmp.eu https://bayh-zcmp.maillist-manage.eu https://www.youtube-nocookie.com https://desk.zoho.eu https://salesiq.zohopublic.eu/; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com http://www.test-unib.de/ 1
frame-src 'self' blob: 'self' https://www.google.com.ua https://secure.wayforpay.com https://api.fondy.eu https://www.facebook.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.youtube.com https://www.youtube-nocookie.com/ https://player.vimeo.com https://www.ukrnames.com https://bg.ukrnames.com https://cdn.ukrnames.ua https://apis.google.com https://accounts.google.com https://www.google.com https://embed.tawk.to https://cdn.datatables.net https://play.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' blob: 'self' https://www.ukrnames.com https://secure.wayforpay.com https://api.fondy.eu https://bg.ukrnames.com https://cdn.ukrnames.ua https://cdn.datatables.net https://embed.tawk.to https://cdn.jsdelivr.net https://ajax.googleapis.com https://www.googleadservices.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net  https://apis.google.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://googletagmanager.com https://maps.google.com https://maps.googleapis.com https://translate.google.com https://accounts.google.com https://play.google.com; style-src 'self' 'unsafe-inline' https://secure.wayforpay.com https://api.fondy.eu https://embed.tawk.to https://cdn.datatables.net https://bg.ukrnames.com https://cdn.ukrnames.ua https://accounts.google.com https://fonts.googleapis.com; font-src 'self' data: https://embed.tawk.to https://fonts.gstatic.com; img-src 'self' data: https://*.amazonaws.com https://embed.tawk.to https://cdn.datatables.net  https://cdn.ukrnames.ua https://bg.ukrnames.com https://www.facebook.com https://m.facebook.com https://connect.facebook.net https://*.gstatic.com https://www.google.com https://www.google.ru https://www.google.es https://www.google.fr https://www.google.nl https://www.google.kz https://www.google.by https://www.google.de https://www.google.pl https://www.google.ae https://www.google.md https://www.google.ca https://www.google.com.ua https://www.google.com.tr https://www.google.co.uk https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com blob: 'self' https://bg.ukrnames.com https://cdn.ukrnames.ua https://accounts.google.com; connect-src blob: 'self' wss://www.ukrnames.com wss://*.tawk.to https://www.facebook.com https://secure.wayforpay.com https://api.fondy.eu https://*.tawk.to https://www.google-analytics.com https://stats.g.doubleclick.net 1
frame-ancestors 'self' https://thetitanawards.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' platform.twitter.com bat.bing.com *.stripe.com *.sift.com media.twiliocdn.com d10hbub4nkludc.cloudfront.net d36pgh4m67wnlt.cloudfront.net staticcdn.openrent.co.uk imagescdn.openrent.co.uk d294caftvmxj2y.cloudfront.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.googleadservices.com *.doubleclick.net *.youtube.com *.ytimg.com *.google.co.uk *.google.com *.googlesyndication.com *.gstatic.com www.facebook.com connect.facebook.net; style-src 'self' 'unsafe-inline' static0.twilio.com d10hbub4nkludc.cloudfront.net d36pgh4m67wnlt.cloudfront.net staticcdn.openrent.co.uk imagescdn.openrent.co.uk d294caftvmxj2y.cloudfront.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.googleadservices.com *.doubleclick.net *.youtube.com *.ytimg.com *.google.co.uk *.google.com *.googlesyndication.com *.gstatic.com; img-src 'self' data: blob: https:; font-src 'self' data: *.gstatic.com d10hbub4nkludc.cloudfront.net d36pgh4m67wnlt.cloudfront.net staticcdn.openrent.co.uk imagescdn.openrent.co.uk d294caftvmxj2y.cloudfront.net; frame-src 'self' platform.twitter.com syndication.twitter.com *.stripe.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.googleadservices.com *.doubleclick.net *.youtube.com *.ytimg.com *.google.co.uk *.google.com *.googlesyndication.com *.gstatic.com www.facebook.com connect.facebook.net; frame-ancestors 'self'; connect-src 'self' *.stripe.com stats.g.doubleclick.net *.sentry.io bat.bing.com api.getaddress.io eventgw.twilio.com media.twiliocdn.com wss://chunderw-vpc-gll.twilio.com d10hbub4nkludc.cloudfront.net d36pgh4m67wnlt.cloudfront.net staticcdn.openrent.co.uk imagescdn.openrent.co.uk d294caftvmxj2y.cloudfront.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.googleadservices.com *.doubleclick.net *.youtube.com *.ytimg.com *.google.co.uk *.google.com *.googlesyndication.com *.gstatic.com www.facebook.com connect.facebook.net; object-src 'self' data:; media-src 'self' api.twilio.com d10hbub4nkludc.cloudfront.net d36pgh4m67wnlt.cloudfront.net staticcdn.openrent.co.uk imagescdn.openrent.co.uk d294caftvmxj2y.cloudfront.net; worker-src 'self' blob; report-uri https://orreports2.report-uri.com/r/t/csp/enforce; 1
connect-src 'self' https://reallyfreegeoip.org/json/ https://api.github.com https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io https://content.hotjar.io wss://*.hotjar.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com/ https://www.redditstatic.com/ads/conversions-config/ https://conversions-config.reddit.com/; base-uri *.wazuh.com wazuh.com; default-src 'self' https: data:; script-src 'self' *.wazuh.com wazuh.com *.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com  https: 'unsafe-inline'; object-src 'self' *.wazuh.com wazuh.com; style-src 'self' *.googleapis.com https://optimize.google.com 'unsafe-inline'; img-src 'self' *.wazuh.com wazuh.com *.gravatar.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://www.google.com.ar https://www.google.es https://www.googletagmanager.com/ https://stats.g.doubleclick.net https://www.facebook.com/ https://px.ads.linkedin.com/ https://px4.ads.linkedin.com/ https://www.linkedin.com/px/ https://script.hotjar.com http://script.hotjar.com https://alb.reddit.com https://t.co/i/adsct https://analytics.twitter.com/i/adsct data:; media-src 'self' *.wazuh.com wazuh.com; frame-ancestors 'self'; frame-src *; font-src 'self' https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com data: 1
base-uri 'self'; default-src 'self' blob: data: https:; worker-src 'self' blob:; frame-ancestors 'self' *.paddle.com *.prismic.io https://www.profitwell.com https://paddle.enablix.com; media-src 'self' blob: data: https:; script-src 'nonce-XQ+bOaAc5Q6fN22oYybeXO+2Mm+9/40Z' 'strict-dynamic' 'unsafe-inline' 'self' https: http: 'self' 'unsafe-inline' 'unsafe-eval' *.stackadapt.com *.twitter.com *.iubenda.com connect.facebook.net *.cloudfront.net *.hsforms.com googleads.g.doubleclick.net *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsforms.net *.hsleadflows.net *.hotjar.com *.licdn.com *.ads-twitter.com *.doubleclick.net *.google-analytics.com *.google.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.redditstatic.com *.youtube.com *.sentry-cdn.com *.visualwebsiteoptimizer.com dnf20ypvrc856.cloudfront.net dta8euw1l8gvs.cloudfront.net app.vwo.com https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.wistia.com *.licdn.com *.ads-twitter.com *.doubleclick.net *.hotjar.com *.redditstatic.com *.profitwell.com *.bing.com js.hubspot.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net www.clarity.ms *.hs-scripts.com connect.facebook.net *.rudderlabs.com *.influ2.com *.stackadapt.com *.metadata.io *.clearbitscripts.com *.clearbitjs.com *.kustomerapp.com *.qualified.com *.iubenda.com *.netlify.app *.hsforms.net *.googletagmanager.com *.googleapis.com prismic.io *.prismic.io *.mplat-ppcprotect.com status.io *.visualwebsiteoptimizer.com dnf20ypvrc856.cloudfront.net dta8euw1l8gvs.cloudfront.net app.vwo.com tracking.g2crowd.com cdn.jsdelivr.net/npm/hockeystack@latest/hockeystack.min.js cdn.jsdelivr.net/npm/hockeystack@latest/hockeystack-qualified.min.js js.stripe.com/v3/ cdnjs.cloudflare.com/polyfill/ *.sentry-cdn.com; style-src 'self' 'unsafe-inline' *.cloudfront.net *.youtube.com *.visualwebsiteoptimizer.com dnf20ypvrc856.cloudfront.net dta8euw1l8gvs.cloudfront.net app.vwo.com s3.amazonaws.com https: blob:; object-src 'none'; font-src 'self' *.cloudfront.net *.gstatic.com data: https:; connect-src 'self' *.sentry.io *.visualwebsiteoptimizer.com dnf20ypvrc856.cloudfront.net dta8euw1l8gvs.cloudfront.net *.qualified.com app.vwo.com ws: wss: https: data:; img-src 'self' *.googletagmanager.com *.ctfassets.net *.reddit.com *.cloudfront.net *.ytimg.com *.adsymptotic.com *.ads.linkedin.com t.co *.hubspot.com *.facebook.com *.google.com *.youtube.com *.ggpht.com *.visualwebsiteoptimizer.com dnf20ypvrc856.cloudfront.net dta8euw1l8gvs.cloudfront.net chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com data: https:; frame-src 'self' *.youtube.com *.wistia.net *.wistia.com *.hsforms.com paddle.kustomer.help *.kustomerapp.com *.qualified.com app.netlify.com *.doubleclick.net *.prismic.io www.slideshare.net app.vwo.com *.visualwebsiteoptimizer.com dnf20ypvrc856.cloudfront.net dta8euw1l8gvs.cloudfront.net js.stripe.com; upgrade-insecure-requests; report-uri https://o522631.ingest.sentry.io/api/6141897/security/?sentry_key=543039e78e964ab2b1ae4c577751b645 1
frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com *.boursobank.com; object-src 'none' 1
default-src 'self' *.talent.com *.neuvoo.com neuvoo.com neuvoo.ca *.acsbapp.com acsbapp.com js.stripe.com fonts.gstatic.com fonts.googleapis.com *.google.com *.doubleclick.net s3.amazonaws.com *.googlesyndication.com *.atlassian.net *.googleapis.com *.cookielaw.org *.onetrust.com *.bing.com *.cloudflare.com; img-src https: 'unsafe-inline' data: 'unsafe-eval' 'unsafe-inline' blob:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; frame-ancestors 'self' www.jobs-im-suedwesten.de www.energyjobline.com www.onlyengineerjobs.com www.meinestelle.de www.startus.cc www.mapmeo.com www.papa-jobs.ch job.kurier.at www.jobs-in-chemie.de www.med-jobs.com; frame-src *.google.com *.doubleclick.net *.googlesyndication.com *.talent.com talent.com *.stripe.com *.atlassian.net *.adsensecustomsearchads.com *.hotjar.com syndicatedsearch.goog; worker-src data: *.talent.com 'unsafe-eval' 'unsafe-inline' blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bcbsks.com unpkg.com fast.wistia.com *.googletagmanager.com *.google-analytics.com *.ads-twitter.com www.gstatic.com *.bing.com connect.facebook.net 100011161.collect.igodigital.com snap.licdn.com *.adsrvr.org bam.nr-data.net googleads.g.doubleclick.net js-agent.newrelic.com tags.srv.stackadapt.com public.tableau.com qvdt3feo.com code.jquery.com www.google.com analytics.silktide.com static.cloudflareinsights.com www.covermymeds.com www.googleadservices.com cdn.datatables.net cdnjs.cloudflare.com www.eventbrite.com https://www.google.co.uk www.clarity.ms *.callrail.com *.simpli.fi tag.demandbase.com pagead2.googlesyndication.com cdn.jsdelivr.net blob:; object-src 'none'; style-src 'self' 'unsafe-inline' www.bcbsks.com bcbsks.prod.acquia-sites.com fast.fonts.net fonts.googleapis.com tags.srv.stackadapt.com www.covermymeds.com cdn.datatables.net cdnjs.cloudflare.com; img-src 'self' p.dlx.addthis.com www.google.com *.google-analytics.com nova.collect.igodigital.com *.bing.com t.co analytics.twitter.com *.wistia.com www.facebook.com *.g.doubleclick.net *.google.com public.tableau.com *.bcbsks.com tools.applemediaservices.com apple-resources.s3.amazonaws.com connect.facebook.net secure.adnxs.com *.linkedin.com www.googletagmanager.com *.covermymeds.com cdn.datatables.net embedwistia-a.akamaihd.net c.clarity.ms um.simpli.fi * data:; media-src 'self' *.wistia.com www.google.com embedwistia-a.akamaihd.net fast.wistia.net blob:; frame-src 'self' *.bcbsks.com https://d1eoo1tco6rr5e.cloudfront.net/ *.adsrvr.org www.facebook.com public.tableau.com *.fls.doubleclick.net td.doubleclick.net www.youtube.com www.googletagmanager.com staywell.mydigitalpublication.com e.issuu.com www.eventbrite.com insight.adsrvr.org www.kff.org s.company-target.com; font-src 'self' fast.fonts.net fast.wistia.com fonts.gstatic.com data:; connect-src 'self' *.bugsnag.com *.google-analytics.com stats.g.doubleclick.net ad.doubleclick.net *.googleadservices.com www.googleadservices.com *.google.com *.wistia.com *.litix.io bam.nr-data.net cdn.linkedin.oribi.io www.facebook.com tags.srv.stackadapt.com embedwistia-a.akamaihd.net bat.bing.com a.us.silktide.com https://connect.facebook.net https://www.google.co.uk pagead2.googlesyndication.com *.clarity.ms js.callrail.com api.company-target.com tag-logger.demandbase.com px.ads.linkedin.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self';script-src 'self' blob: https://assets.adobedtm.com https://cdn.helsenorge.no 'nonce-930RIn2PKGbI/fu2VTLFdIXFfpnjnAHnXqTlNfiT/z4=';style-src 'self' 'unsafe-inline' https://cdn.helsenorge.no;img-src 'self' data: https://ehelse.d3.sc.omtrdc.net https://cm.everesttech.net https://dpm.demdex.net https://boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com https://i.vimeocdn.com https://img.youtube.com https://cdn.helsenorge.no https://tjenester.helsenorge.no;font-src 'self' data: https://cdn.helsenorge.no;connect-src 'self' https://dpm.demdex.net https://ehelse.d3.sc.omtrdc.net https://helsenorge-helfo.boost.ai https://id.siteimprove.com https://tjenester.helsenorge.no https://snowstorm.terminologi.ehelse.no;frame-src 'self' https://dpm.demdex.net https://helsenorge.demdex.net https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://tjenester.helsenorge.no;frame-ancestors 'self';object-src 'self';media-src 'self';upgrade-insecure-requests;report-uri https://tjenester.helsenorge.no/api/v1/Csp/Enforce; 1
default-src http: https: data: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' us.creativecdn.com *.encuentra24.com *.inmobiliaria24.com *.casas24.com *.carros24.com encuentra24.zendesk.com *.youtube.com view.atdmt.com www.facebook.com www.google.com encuentra24.wufoo.com.mx encuentra24.ticforum-ca.com tpc.googlesyndication.com googleads.g.doubleclick.net storage.googleapis.com js.stripe.com e24.unityducruet.com cotizador.unityducruet.com api-js.datadome.co s.ytimg.com www-widgetapi.js googlesyndication.com youtube.com teads.tv; 1
default-src 'self'; connect-src 'self' matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de *.akamaihd.net *.evostream.com; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de *.bmbfcluster.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de *.akamaihd.net *.evostream.com; frame-src *.datenportal.bmbf.de *.google.com *.gstatic.com *.youtube.com *.vimeo.com vimeo.com  *.unesco.de *.readspeaker.com datawrapper.dwcdn.net https://streaming.sendewerk.berlin app.sli.do *.unitylivestream.com playout.3qsdn.com klimacampus.org; img-src 'self' data: matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.geodatenzentrum.de *.openstreetmap.org *.openstreetmap.de *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self' data: *.sp.epl30.intern *.kooperation-international.de; 1
default-src 'self'; font-src 'none'; frame-ancestors 'self'; img-src 'self' data: www.gravatar.com *.wp.com tile.openstreetmap.org gps.tile.openstreetmap.org *.tile.thunderforest.com tile.tracestrack.com *.openstreetmap.fr matomo.openstreetmap.org https://openstreetmap-user-avatars.s3.dualstack.eu-west-1.amazonaws.com https://openstreetmap-gps-images.s3.dualstack.eu-west-1.amazonaws.com; manifest-src 'self'; media-src 'none'; object-src 'self'; script-src 'self' matomo.openstreetmap.org; worker-src 'none'; child-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; frame-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; connect-src 'self' matomo.openstreetmap.org https://nominatim.openstreetmap.org/ https://query.openstreetmap.org/query-features https://routing.openstreetmap.de/ https://graphhopper.com/api/1/route https://valhalla1.openstreetmap.de/route; form-action 'self' render.openstreetmap.org; style-src 'self' 'unsafe-inline' 'nonce-BL6C2I6DLSVDKsCC54XF+1EEi4Jj/tJc' 1
frame-ancestors https://app.reskyt.com https://app.deporvillage.com 1
default-src 'self'  https://itemku.com ;script-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.googletagmanager.com *.googleadservices.com *.googleoptimize.com *.google-analytics.com *.talkjs.com *.tiktok.com *.facebook.net *.doubleclick.net *.gstatic.com *.hotjar.com *.crazyegg.com itemku-game.s3.ap-southeast-1.amazonaws.com d1ydmqq23rvhbb.cloudfront.net *.polyfill.io polyfill.io *.googlesyndication.com app.termly.io *.clarity.ms lbd.itemku.com beacon.riskified.com *.rapyd.net cdnjs.cloudflare.com  https://s.itemku.com https://itemku.com ;connect-src 'self' https: data: blob: ws: wss: *.crazyegg.com  https://itemku.com ;img-src 'self' https: http: blob: data: *.crazyegg.com  https://itemku.com ;font-src *.gstatic.com https: http:  https://itemku.com ;style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.itemku.com *.talkjs.com *.crazyegg.com https://s.itemku.com https://itemku.com ;frame-ancestors 'self' *.google.com *.googletagmanager.com *.googleadservices.com *.talkjs.com *.gle/ https://forms.gle/ *.tiktok.com *.facebook.net *.doubleclick.net *.hotjar.com *.byte-stack.net *.ovo.id itemku.com *.dana.id  https://itemku.com ;media-src 'self' https: *.talkjs.com  https://itemku.com ;frame-src 'self' *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.talkjs.com *.gle/ https://forms.gle/ *.tiktok.com *.facebook.net *.doubleclick.net *.hotjar.com *.youtube.com *.crazyegg.com *.byte-stack.net *.ovo.id itemku.com *.googlesyndication.com *.dana.id app.termly.io *.rapyd.net *.youtube-nocookie.com/  https://itemku.com ;worker-src 'self' blob:  https://itemku.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.trendyol.com https://www.trendyol-milla.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.cloudflareinsights.com https://cdn.dsmcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://static.ads-twitter.com https://creativecdn.com https://www.glami.com.tr https://www.googleadservices.com https://static.criteo.net https://analytics.tiktok.com https://connect.facebook.net https://googleads.g.doubleclick.net https://sslwidget.criteo.com https://analytics.twitter.com https://tpc.googlesyndication.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://pagead2.googlesyndication.com https://www.gstatic.com https://auth.trendyol.com https://auth.trendyol-milla.com https://payment.trendyol.com https://payment.trendyol-milla.com https://maps.googleapis.com https://console.brightmountainmedia.com https://cdn.cookielaw.org https://img2-digitouch.mncdn.com https://www.googleoptimize.com platform.twitter.com analytics.tiktok.com sslwidget.criteo.com bam.nr-data.net www.google-analytics.com connect.facebook.net ssl.google-analytics.com www.googleadservices.com static.ads-twitter.com mc.yandex.ru googleads.g.doubleclick.net public.trendyol.com public.trendyol-milla.com www.googletagmanager.com s3.amazonaws.com cdnjs.cloudflare.com js-agent.newrelic.com img-trendyol.mncdn.com mc.yandex.com translate.google.com code.jquery.com translate.googleapis.com translate.yandex.net https://google.com https://www.google.com cdn.cookielaw.org static.criteo.net static.cloudflareinsights.com widget.eu.criteo.com www.googleoptimize.com https://gumgum.com https://static.zdassets.com https://media.flixsyndication.net https://static-assets.flix360.io https://media.flixcar.com https://media.flixsyndication.net https://media.flixfacts.com https://prod.flixgvid.flix360.io; report-uri https://public.trendyol.com/discovery-web-websfxsecurity-santral/csp https://public.trendyol-milla.com/discovery-web-websfxsecurity-santral/csp 1
default-src 'self'; child-src 'self' blob: https://platform.twitter.com https://www.youtube.com https://ens2.lacity.org https://syndication.twitter.com https://cse.google.com https://chipweb.azurewebsites.net https://vars.hotjar.com https://lacity.granicus.com https://www.google.com https://local.nixle.com; connect-src 'self' https://geohub.lacity.org https://opendata.arcgis.com https://*.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://calendar.lacity.org https://www.lacity.org/feeds/city-directory wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://c.go-mpulse.net https://*.akstat.io https://api.lacity.org https://*.akamaihd.net https://surveystats.hotjar.io https://bam.nr-data.net https://api.userway.org/api/ https://maps.googleapis.com https://l.sharethis.com https://www.lacity.gov/feeds/city-directory https://*.userway.org https://public.gis.lacounty.gov https://kit.fontawesome.com/ https://ka-p.fontawesome.com/ https://d4p29bwn040fq.cloudfront.net/; font-src 'self' https://fonts.gstatic.com https://themes.googleusercontent.com https://use.fontawesome.com https://pro.fontawesome.com https://stackpath.bootstrapcdn.com https://*.hotjar.com https://cdn.userway.org/widgetapp/bundles/udf/ https://kit.fontawesome.com/ https://ka-p.fontawesome.com/; frame-src 'self' https://platform.twitter.com https://www.youtube.com https://ens2.lacity.org https://syndication.twitter.com https://cse.google.com https://chipweb.azurewebsites.net https://vars.hotjar.com https://lacity.granicus.com https://www.google.com https://local.nixle.com https://player.vimeo.com/ https://cdn.userway.org/ https://www.powr.io/; img-src 'self' https: blob: data:; manifest-src 'none'; media-src 'self' https: blob:; object-src 'none'; prefetch-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://calendarui.lacity.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://chipweb.azurewebsites.net https://cse.google.com https://maps.googleapis.com https://platform.twitter.com https://stackpath.bootstrapcdn.com https://translate.google.com https://translate.googleapis.com https://unpkg.com https://www.google.com https://www.youtube.com https://www.google-analytics.com https://cdn.syndication.twimg.com https://*.hotjar.com https://s.go-mpulse.net https://www.gstatic.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam.nr-data.net https://translate-pa.googleapis.com/ https://googleapis.com https://cdn.userway.org/ https://www.powr.io https://platform-api.sharethis.com https://buttons-config.sharethis.com https://kit.fontawesome.com/ https://ka-p.fontawesome.com/ https://cdn.gtranslate.net/ cdn.jsdelivr.net cdnjs.cloudflare.com https://kit.fontawesome.com https://maxcdn.bootstrapcdn.com mdbootstrap.com stackpath.bootstrapcdn.com; script-src-attr 'self' 'unsafe-inline' 'report-sample'; script-src-elem 'self' 'unsafe-inline' 'report-sample' https://calendarui.lacity.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://chipweb.azurewebsites.net https://cse.google.com https://maps.googleapis.com https://platform.twitter.com https://stackpath.bootstrapcdn.com https://translate.google.com https://translate.googleapis.com https://unpkg.com https://www.google.com https://www.youtube.com https://www.google-analytics.com https://cdn.syndication.twimg.com https://*.hotjar.com https://s.go-mpulse.net https://www.gstatic.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam.nr-data.net https://translate-pa.googleapis.com/ https://googleapis.com https://cdn.userway.org/ https://www.powr.io https://platform-api.sharethis.com https://buttons-config.sharethis.com https://kit.fontawesome.com/ https://ka-p.fontawesome.com/ https://cdn.gtranslate.net/ cdn.jsdelivr.net cdnjs.cloudflare.com https://kit.fontawesome.com https://maxcdn.bootstrapcdn.com mdbootstrap.com stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' 'report-sample' data: https://chipweb.azurewebsites.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://translate.googleapis.com https://use.fontawesome.com https://pro.fontawesome.com https://www.google.com https://calendarui.lacity.org https://platform.twitter.com https://cdn.userway.org/ https://ton.twimg.com https://www.gstatic.com/ https://*.hotjar.com https://kit.fontawesome.com/ https://ka-p.fontawesome.com/ cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline' 'report-sample'; style-src-elem 'self' 'unsafe-inline' 'report-sample' data: https://chipweb.azurewebsites.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://translate.googleapis.com https://use.fontawesome.com https://pro.fontawesome.com https://www.google.com https://calendarui.lacity.org https://platform.twitter.com https://cdn.userway.org/ https://ton.twimg.com https://www.gstatic.com/ https://*.hotjar.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; worker-src 'self' blob:; base-uri 'self'; form-action 'self' https://platform.twitter.com https://syndication.twitter.com; frame-ancestors 'self' 1
default-src 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' www.googletagmanager.com https://connect.facebook.net 'unsafe-inline'; script-src 'self' 'unsafe-eval' www.googletagmanager.com https://connect.facebook.net; connect-src 'self' https://api.gx.me https://api.stats.gx.games https://sentry-relay.opera-api.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; img-src 'self' data: blob: https://play.gxc.gg https://play.gx.games www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://www.facebook.com; media-src https://play.gxc.gg https://play.gx.games; font-src 'self'; base-uri 'self'; manifest-src 'self'; frame-src https://play.gxc.gg https://play.gx.games 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com pinterest-yamagata.s3.amazonaws.com pinterest-yamagata.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.sofort.com *.tink.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.youtube-nocookie.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-dde6397a1eb6aa9b2dd9c0ea5f3be031' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=8091198602496775; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=8091198602496775 1
frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/ 1
frame-ancestors 'self' https://*.arg.igrupobbva 1
default-src 'self' play.vidyard.com *.forsta.com *.rioseo.com *.g2crowd.com t.co self js.zi-scripts.com/zi-tag.js; script-src 'self' self go.forsta.com ws-assets.zoominfo.com cdn.bizible.com cdn.linkedin.oribi.io cdn.b0e8.com www.google-analytics.com www.googletagmanager.com play.vidyard.com assets.vidyard.com unpkg.com js-agent.newrelic.com snap.licdn.com static.ads-twitter.com analytics.twitter.com www.googleadservices.com script.hotjar.com static.hotjar.com forsta.bamboohr.com 972-oec-621.mktoweb.com munchkin.marketo.net j.6sc.co cdn.cookielaw.org bam.nr-data.net geolocation.onetrust.com www.google.com tpc.googlesyndication.com maps.googleapis.com digitalfeedback.us.confirmit.com www.gstatic.com *.smartrecruiters.com *.bc0a.com g10102301085.co *.castos.com optimize.google.com jobpal-sm.s3.amazonaws.com api.smooch.io forsta1--forstaful.sandbox.my.salesforce-sites.com *.forsta.com *.rioseo.com *.g2crowd.com t.co js.zi-scripts.com ws.zoominfo.com tags.clickagy.com js.zi-scripts.com/zi-tag.js blob:  'unsafe-inline' 'unsafe-eval'; style-src 'self' self go.forsta.com 972-oec-621.mktoweb.com fonts.googleapis.com legal.forsta.com static.smartrecruiters.com www.googletagmanager.com *.bc0a.com optimize.google.com jobpal-sm.s3.amazonaws.com *.forsta.com *.rioseo.com t.co js.zi-scripts.com/zi-tag.js 'unsafe-inline'; frame-ancestors 'self' http://library.forsta.com https://library.forsta.com https://resources.rioseo.com http://resources.rioseo.com https://www.rioseo.com http://www.rioseo.com js.zi-scripts.com/zi-tag.js ; frame-src self go.forsta.com play.vidyard.com vars.hotjar.com 972-oec-621.mktoweb.com tpc.googlesyndication.com www.google.com www.googletagmanager.com survey.us.confirmit.com subscriptions.smartrecruiters.com *.bc0a.com 6352b8cc15f5f7-88529694.castos.com optimize.google.com *.forsta.com *.rioseo.com t.co td.doubleclick.net hemsync.clickagy.com js.zi-scripts.com/zi-tag.js; object-src 'none'; base-uri 'self'; form-action 'self' self webto.salesforce.com *.forsta.com *.rioseo.com js.zi-scripts.com/zi-tag.js; connect-src 'self' self jobpal-sm.s3.amazonaws.com cdn.linkedin.oribi.io px.ads.linkedin.com go.forsta.com play.vidyard.com www.google-analytics.com cdn.cookielaw.org 972-oec-621.mktoresp.com 972-oec-621.mktoutil.com secure.adnxs.com stats.g.doubleclick.net bam.nr-data.net privacyportal.onetrust.com geolocation.onetrust.com forsta.bamboohr.com *.6sense.com *.google.com adservice.google.com maps.googleapis.com translate.googleapis.com www.googletagmanager.com www.googleapis.com maps.googleapis.com analytics.google.com region1.google-analytics.com region1.analytics.google.com *.6sc.co digitalfeedback.us.confirmit.com *.hotjar.io *.hotjar.com wss://*.hotjar.com ws.zoominfo.com *.bc0a.com 61d78a8eb35a9f00ecfd7ee9.config.smooch.io api.smooch.io wss://api.smooch.io *.forsta.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn ww.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat *.g2crowd.com t.co js.zi-scripts.com aorta.clickagy.com hemsync.clickagy.com js.zi-scripts.com/zi-tag.js; font-src 'self' data: self fonts.gstatic.com legal.forsta.com jobpal-sm.s3.amazonaws.com *.forsta.com *.rioseo.com t.co js.zi-scripts.com/zi-tag.js; media-src *.bc0a.com *.forsta.com *.rioseo.com *.castos.com *.b0e8.com t.co jobpal-sm.s3.amazonaws.com js.zi-scripts.com/zi-tag.js; img-src https: data:; report-uri https://forsta.report-uri.com/r/t/csp/enforce 1
frame-ancestors 'self' https://*.mixmax.com https://mail.google.com; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' https://*.uni-paderborn.de https://www.youtube-nocookie.com https://player.vimeo.com https://*.upb.de https://streaming.uni-paderborn.de:2233 https://*.google.com ; font-src 'self' https://*.uni-paderborn.de data:; img-src 'self' data: https://pbs.twimg.com https://*.google.com https://www.googleapis.com https://*.uni-paderborn.de https://*.gstatic.com/images; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.uni-paderborn.de https://www.google.com https://cse.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; media-src 'self' https://*.uni-paderborn.de https://*.upb.de https://streaming.uni-paderborn.de:2233 blob:; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ 'self'  mailto: tel: https://*.uni-paderborn.de https://www.youtube-nocookie.com https://player.vimeo.com https://*.upb.de https://streaming.uni-paderborn.de:2233 https://*.google.com 1
frame-ancestors 'self' https://*.uit.no https://www.kunnskapscim.no https://uit.topdesk.net 1
object-src none 1
frame-ancestors 'self';  default-src 'self' ncku.edu.tw  im.mailcloud.com.tw;  script-src 'self' 'unsafe-eval' 'unsafe-inline' ncku.edu.tw  im.mailcloud.com.tw;  connect-src 'self' ncku.edu.tw  im.mailcloud.com.tw;  frame-src ncku.edu.tw  im.mailcloud.com.tw;  font-src * data:;  img-src * data:;  style-src * 'unsafe-inline'; 1
frame-src 'self' https://licensing.gaming-curacao.com/validator/?lh=4330cbeb5eaec053f4bb8f1acb848511&template=tseal https://challenges.cloudflare.com 1
default-src * gap:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * data: blob: android-webview-video-poster:; style-src * 'unsafe-inline'; 1
font-src 'self' data: *.googleapis.com https://*.gstatic.com https://d2ub1k1pknil0e.cloudfront.net; media-src 'self'; manifest-src https://d2ub1k1pknil0e.cloudfront.net; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.formstack.com data: https://*.eventbrite.com https://*.hotjar.com https://*.hotjar.io https://*.clickdimensions.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.facebook.com https://*.facebook.net https://googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://*.google.com https://*.gstatic.com https://*.doubleclick.net https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io https://*.yimg.com https://*.matterport.com https://staticcdn.co.nz https://*.tiktok.com https://*.formstack.com https://d2ub1k1pknil0e.cloudfront.net; img-src 'self' data: https: https://d2ub1k1pknil0e.cloudfront.net; frame-src 'self' https://webcast.massey.ac.nz https://www.massey.ac.nz https://*.windcave.com https://*.paycorp.com.au https://*.eventbrite.com https://*.hotjar.com https://*.hotjar.io https://*.clickdimensions.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.facebook.com https://*.facebook.net https://googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://*.google.com https://*.gstatic.com https://*.doubleclick.net https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io https://*.yimg.com https://*.matterport.com https://staticcdn.co.nz https://*.tiktok.com https://*.formstack.com; style-src 'self' 'unsafe-inline' https:; default-src 'self'; object-src 'self' blob:; connect-src 'self' https://*.swiftype.com https://*.eventbrite.com https://*.hotjar.com https://*.hotjar.io https://*.clickdimensions.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.facebook.com https://*.facebook.net https://googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://*.google.com https://*.gstatic.com https://*.doubleclick.net https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io https://*.yimg.com https://*.matterport.com https://staticcdn.co.nz https://*.tiktok.com https://*.formstack.com; child-src https:; report-uri https://o115950.ingest.sentry.io/api/5340269/csp-report/?sentry_key=fe8681a26224499cb51618fd877c5f4c&sentry_environment=production&sentry_release=7cd916b0 1
block-all-mixed-content; default-src 'self'; img-src 'self' https://images.opencollective.com https://next-images.opencollective.com data: *.paypal.com opencollective.com blog.opencollective.com blob: i.ytimg.com opencollective-production.s3.us-west-1.amazonaws.com opencollective-production.s3-us-west-1.amazonaws.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com; connect-src 'self' https://opencollective-prod-api.herokuapp.com https://pdf.opencollective.com https://next-pdf.opencollective.com https://rest.opencollective.com https://ml.opencollective.com wtfismyip.com *.paypal.com *.paypalobjects.com sentry.io *.sentry.io atlas.shopifycloud.com atlas.shopifysvc.com country-service.shopifycloud.com maps.googleapis.com https://wise.com https://transferwise.com https://sandbox.transferwise.tech https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://www.google.com https://api.cryptonator.com https://plausible.io opencollective-production.s3.us-west-1.amazonaws.com opencollective-production.s3-us-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'nonce-e9c8695b-06e3-43ce-9786-8a21d9a08bfc' maps.googleapis.com js.stripe.com *.paypal.com *.paypalobjects.com https://hcaptcha.com https://js.hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://www.google.com https://plausible.io; frame-src blob: www.youtube.com www.youtube-nocookie.com opencollective.com anchor.fm podcasters.spotify.com player.vimeo.com js.stripe.com *.paypal.com *.openstreetmap.org https://wise.com https://transferwise.com https://sandbox.transferwise.tech https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://www.google.com; object-src opencollective.com 1
frame-ancestors 'self' *.mega.cl *.meganoticias.cl *.etc.cl *.google.com www-meganoticias-cl.cdn.ampproject.org 1
frame-ancestors *.txstate.edu *.txst.edu *.tsus.edu *.tjctc.org; 1
frame-ancestors https://tongji.baidu.com/ https://www.jiguang.cn/ https://devsvc.jpushoa.com/ 1
frame-ancestors 'self' *.bonhams.com 1
base-uri https://*.avo.app; default-src 'self'; script-src 'self' 'nonce-jvTP8z8NzbF5NauQ5VZoWaeRZt0NDijg' 'strict-dynamic' https://cdn.avo.app https://www.googletagmanager.com https://*.googletagmanager.com https://cdn.segment.com https://*.mxpnl.com https://edge.fullstory.com https://rs.fullstory.com https://cdn.amplitude.com https://cdn.iubenda.com https://widget.intercom.io https://cdn.jsdelivr.net https://canny.io https://js.intercomcdn.com https://www.iubenda.com https://www.youtube.com https://s.ytimg.com https://ajax.googleapis.com https://www.google-analytics.com https://optimize.google.com https://grow.clearbitjs.com https://www.googleoptimize.com https://snap.licdn.com https://www.googleanalytics.com https://embed.typeform.com; style-src 'self' 'unsafe-inline' https://cdn.avo.app https://*.website-files.com https://uploads-ssl.webflow.com https://cdn.jsdelivr.net https://www.iubenda.com https://fonts.googleapis.com https://optimize.google.com https://github.githubassets.com https://www.googletagmanager.com https://embed.typeform.com https://rsms.me; img-src 'self' data: blob: https://jitpack.io/v/avohq/android-avo-inspector.svg https://badge.fury.io/js/avo-inspector.svg https://img.shields.io https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.linkedin.com https://*.website-files.com https://uploads-ssl.webflow.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://www.google-analytics.com https://*.googletagmanager.com https://*.google-analytics.com https://heapanalytics.com https://www.google.co.uk https://www.google.is https://static.intercomassets.com https://lh3.googleusercontent.com https://js.intercomcdn.com https://downloads.intercomcdn.com https://api.producthunt.com https://www.facebook.com https://grow.clearbitjs.com https://p.adsymptotic.com https://rs.fullstory.com https://track.hubspot.com https://forms.hsforms.com https://*.hubspotusercontent-na1.net https://js.hsleadflows.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:; font-src 'self' data: https://*.website-files.com https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com https://rsms.me https://uploads-ssl.webflow.com https://cdn.avo.app; connect-src 'self' https://*.mixpanel.com https://consent.iubenda.com https://avo-web-app.appspot.com https://api.avo.app https://api.amplitude.com https://*.algolia.net https://api.segment.io https://cdn.segment.com https://edge.fullstory.com https://rs.fullstory.com https://*.googleapis.com *.google.com https://sentry.io https://*.ingest.sentry.io https://api-iam.intercom.io https://uploads.intercomcdn.com wss://*.intercom.io https://*.intercom.io https://*.intercomcdn.com https://api.mixpanel.com https://heapanalytics.com https://www.google-analytics.com https://hits-i.iubenda.com https://canny.io/api/ https://api.canny.io/ https://webflow.com https://cdn.dreamdata.cloud https://*.posthog.com/ https://app.clearbit.com/v1/ https://forms.hubspot.com https://api.hubapi.com https://forms.hsforms.com https://forms.hscollectedforms.net https://cdn.linkedin.oribi.io https://gtm-wgcclnd-n2zkm.uc.r.appspot.com https://*.google-analytics.com https://*.googletagmanager.com https://*.dopt.com wss://*.dopt.com https://*.gstatic.com https://px.ads.linkedin.com data: blob:; media-src https://js.intercomcdn.com https://cdn.avo.app https://www.avo.app https://*.website-files.com; object-src 'none'; frame-src https://www.avo.app https://cdn.iubenda.com https://js.stripe.com https://www.youtube.com https://canny.io https://changelog-widget.canny.io https://optimize.google.com https://share.transistor.fm  https://intercom-sheets.com https://forms.hubspot.com https://my.causal.app https://form.typeform.com https://cdn.embedly.com; frame-ancestors 'self' http://localhost:1235/ http://avo.localhost https://*.avo-dev.app/ https://*.avo.app/ https://*.mixpanel.com https://consent.iubenda.com https://avo-web-app.appspot.com https://api.avo.app https://api.amplitude.com https://*.algolia.net https://api.segment.io https://cdn.segment.com https://*.fullstory.com https://www.googleapis.com https://firestore.googleapis.com https://firebaselogging.googleapis.com https://firebaseremoteconfig.googleapis.com https://firebaseinstallations.googleapis.com https://sentry.io https://*.ingest.sentry.io https://api-iam.intercom.io https://uploads.intercomcdn.com wss://*.intercom.io https://*.intercom.io https://*.intercomcdn.com https://securetoken.googleapis.com https://api.mixpanel.com https://heapanalytics.com https://firebasestorage.googleapis.com https://www.google-analytics.com https://hits-i.iubenda.com https://canny.io/api/users/identify https://webflow.com https://cdn.dreamdata.cloud https://firebaselogging-pa.googleapis.com/ https://*.posthog.com/; upgrade-insecure-requests; report-uri https://o998558.ingest.sentry.io/api/5957408/security/?sentry_key=1866be293d8e4d708c3551795e7aeea8 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: mailto:; media-src * data: blob:; font-src * data: blob:; frame-ancestors 'self' *.powtoon.com teams.microsoft.com *.teams.microsoft.com *.skype.com bb.powtoon.co *.instructure.com *.sliceapp.net; img-src * data: blob: 1
frame-ancestors 'self' https://*.centris.ca; default-src 'self' https://*.centris.ca https://analytics.google.com https://*.google-analytics.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.g.doubleclick.net https://www.google.ca https://www.google.com https://www.googletagmanager.com https://sb.scorecardresearch.com https://cdn.jsdelivr.net https://*.locallogic.co https://cdnjs.cloudflare.com https://browser.sentry-cdn.com https://maps.google.com https://maps.google.ca https://maps.googleapis.com https://*.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://unpkg.com https://*.arcgis.com https://events.mapbox.com https://maxcdn.bootstrapcdn.com https://*.lrcontent.com https://connect.facebook.net https://snap.licdn.com https://*.hotjar.com https://*.hotjar.io https://www.facebook.com https://*.loginradius.com https://www.prospectsweb.com https://qc.prospects.com https://www.youtube.com https://*.tryinteract.com https://spark.adobe.com https://*.surveymonkey.com https://ajax.googleapis.com https://*.ofsys.com https://ofsys.com https://*.dialoginsight.com https://*.pinterest.com https://*.pinterest.ca https://s.pinimg.com https://api.maptiler.com https://*.research.net https://cdn.linkedin.oribi.io wss://ws.hotjar.com https://sdk.privacy-center.org https://api.privacy-center.org https://datawrapper.dwcdn.net https://datawrapper.dwcdn.net https://secure.quantserve.com https://*.quantcount.com blob: 'unsafe-inline' 'unsafe-eval'; img-src * data: 1
default-src 'self'; base-uri 'self'; script-src 'nonce-98b092fe6a7bd032585a4784bcd67f2a' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; connect-src 'self' www.googletagmanager.com *.facebook.com translate.googleapis.com *.instana.io wss://mpsnare.iesnare.com *.usercentrics.eu bat.bing.com/actionp/ *.liadm.com *.parship.dev www.googleadservices.com *.doubleclick.net *.google.com google.com; frame-ancestors 'self' secure1.parship.com secure1.eharmony.com secure1.elitepartner.de *.parship.dev; frame-src 'self' support.eharmony.com tms.eharmony.com *.greatviews.de app.usercentrics.eu www.youtube-nocookie.com accounts.google.com translate.googleapis.com *.doubleclick.net *.liadm.com; object-src 'none'; img-src 'self' data: *.instana.io *.parship.dev static.cloudflareinsights.com app.usercentrics.eu/ www.gstatic.com/images/ i.ytimg.com google.com *.google.com www.google.co.uk www.google.ca www.google.de www.google.at www.google.ch www.google.nl www.google.be www.google.fr www.google.com.au www.googleadservices.com www.googletagmanager.com googleads.g.doubleclick.net *.liadm.com sli.eharmony.com; font-src 'self' *.typekit.net; style-src 'self' 'unsafe-inline' 'report-sample' *.typekit.net accounts.google.com/gsi/style translate.googleapis.com; upgrade-insecure-requests; report-uri /ls/ 1
default-src 'self' https://checkout.stripe.com;img-src https: data:;style-src 'self' 'unsafe-inline' https://static.pokefarm.com;connect-src 'self' https://api.stripe.com https://staryu.pokefarm.com https://cloudflareinsights.com;frame-src 'self' https://www.youtube.com https://platform.twitter.com https://www.facebook.com https://js.stripe.com https://hooks.stripe.com data:;frame-ancestors 'self';script-src 'self' https://www.google.com https://platform.twitter.com https://js.stripe.com https://static.pokefarm.com https://staryu.pokefarm.com https://static.cloudflareinsights.com;font-src https: data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' https://*.thrivent.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.thrivent.com https://*.adobedtm.com https://browser-intake-datadoghq.com https://cdn.cookielaw.org https://*.fullstory.com https://*.cdn.apollographql.com https://thrivent.sb.blueconic.net https://thrivent.blueconic.net https://connect.facebook.net https://bat.bing.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.site.com https://*.qualtrics.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://*.thrivent.com https://*.googleapis.com https://*.qualtrics.com https://thrivent.sb.blueconic.net https://*.salesforce.com https://*.site.com https://*.force.com; img-src 'self' data: blob: https://*.thrivent.com https://cdn.cookielaw.org https://thriventcdn.brandworkz.com https://*.cdn.apollographql.com https://cm.everesttech.net https://ad.ipredictive.com https://bat.bing.com https://www.facebook.com https://*.demdex.net https://*.s3.amazonaws.net https://www.google.com https://www.googletagmanager.com https://a.mktgcdn.com https://maps.gstatic.com; font-src 'self' data: https://*.thrivent.com https://*.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://*.thrivent.com https://browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://edge.fullstory.com https://*.launchdarkly.com https://cdn.cookielaw.org https://*.demdex.net https://smetrics.thriventfinancial.com https://rs.fullstory.com https://thrivent.sb.blueconic.net https://cdn.qumucloud.com https://fonts.googleapis.com https://fonts.gstatic.com https://google.com https://bat.bing.com https://login.microsoftonline.com https://*.qualtrics.com https://*.onetrust.com https://*.adobedtm.com https://*.salesforce-scrt.com https://*.site.com https://*.force.com https://www.google.com https://www.googletagmanager.com https://maps.googleapis.com https://*.us.yextapis.com; frame-ancestors 'self' https://*.thrivent.com; form-action 'self' https://*.thrivent.com; base-uri 'self' https://*.thrivent.com; frame-src 'self' https://*.thrivent.com https://thrivent.demdex.net https://sandbox.embed.apollographql.com https://www.google.com https://td.doubleclick.net https://*.salesforce.com https://*.site.com https://*.force.com; manifest-src 'self' https://*.thrivent.com https://*.cdn.apollographql.com; 1
frame-ancestors 'self' http://vodafone.lookbookhq.com https://vodafone.lookbookhq.com http://vodafone.pathfactory.com https://vodafone.pathfactory.com 1
frame-ancestors 'self';default-src 'self' *.gov.in *.digilocker.gov.in *.dl6.in *.digitallocker.gov.in *.api-setu.in *.mybharat.gov.in data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gov.in *.digilocker.gov.in *.dl6.in *.digitallocker.gov.in *.api-setu.in *.mybharat.gov.in; style-src 'self' 'unsafe-inline' *.gov.in *.digilocker.gov.in *.dl6.in *.digitallocker.gov.in *.api-setu.in *.mybharat.gov.in object-src 'self' data 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self' *.switch.ch *.swcdr.unic24a.net *.unic24a.dev; img-src 'self' *.switch.ch *.swcdr.unic24a.net *.unic24a.dev data:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; connect-src 'self' *.switch.ch *.swcdr.unic24a.net *.unic24a.dev tracker.switch.ch; frame-src 'self' *.youtube.com *.vimeo.com *.switch.ch; media-src 'self' *.switch.ch *.swcdr.unic24a.net *.unic24a.dev *.ytimg.com; script-src-elem 'self' 'unsafe-inline' *.switch.ch tracker.switch.ch; script-src 'self' report-sample 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors https://oss.ctyun.cn  https://bcp.ctyun.cn https://www.ctyun.cn https://ocss.ctyun.cn https://msap.ctyun.cn https://www.sail-cloud.com http://ccty-ccse-sh.sail-cloud.com 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://seekingalpha.com https://oculusab--c.vf.force.com https://oculusab.lightning.force.com 1
default-src data: blob: 'self' *;script-src secure.facebook.com internalfb.com *.internalfb.com 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' 'self' s-static.internalfb.com *;connect-src internalfb.com *.internalfb.com secure.facebook.com *.facebook.com *.instagram.com *.cdninstagram.com *.fbcdn.net *.od.fbinfra.net graph.intern.facebook.com wss://*.internalfb.com wss://*.internalfb.com:* wss://*.facebook.com:* wss://*.od.fbinfra.net:* https://*.whatsapp.com/graphql/ facebook.com *.facebook.net wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: 'self' https://*.google-analytics.com;font-src data: internalfb.com *.internalfb.com *.facebook.com *.fbcdn.net;img-src *.fbcdn.net *.facebook.com *.instagram.com *.cdninstagram.com internalfb.com *.internalfb.com data: blob: * https://*.google-analytics.com;media-src *.fbcdn.net internalfb.com *.internalfb.com data: blob: *;frame-src internalfb.com *.internalfb.com data: blob: *.facebook.com *;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.internalfb.com/csp/reporting/?minimize=0; 1
frame-ancestors 'self' https://admin-scbcw-prod.scb.co.th 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.esakal.com;block-all-mixed-content; 1
frame-ancestors https://www.delta.nl https://www.zeelandnet.nl 1
frame-ancestors 'self' http://www.dove.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com d3vqdsjiuv1717.cloudfront.net frictionless-shopping-prod.unileversolutions.com 1
block-all-mixed-content; base-uri 'none'; connect-src 'self' https://api.monzo.com https://internal-api.monzo.com https://o23827.ingest.sentry.io https://api.tools.s101.nonprod-ffs.io https://static-assets.monzo.com https://static-assets.monzo-s101.com https://monzo-prod-s3bucketcreator-ffs-web-export.s3-eu-west-1.amazonaws.com https://monzo-s101-s3bucketcreator-ffs-nonprod-web-export.s3-eu-west-1.amazonaws.com https://monzo-s101-qr-challenge.s3.eu-west-1.amazonaws.com https://monzo-prod-qr-challenge.s3.eu-west-1.amazonaws.com https://assets.ctfassets.net https://www.facebook.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://adservice.google.com https://*.google-analytics.com https://*.analytics.google.com https://www.google.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://google.com https://api.greenhouse.io https://api.s101.nonprod-ffs.io https://sentry.io https://tr.snapchat.com https://tr-shadow.snapchat.com https://tr6.snapchat.com https://evnt.byspotify.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://px4.ads.linkedin.com https://analytics.tiktok.com https://widget.trustpilot.com; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'none'; img-src 'self' data: https://api.monzo.com https://internal-api.monzo.com https://api.tools.s101.nonprod-ffs.io https://public-images.monzo.com/ https://static-assets.monzo.com https://static-assets.monzo-s101.com https://monzo-prod-s3bucketcreator-ffs-web-export.s3-eu-west-1.amazonaws.com https://monzo-s101-s3bucketcreator-ffs-nonprod-web-export.s3-eu-west-1.amazonaws.com https://images.ctfassets.net https://images.contentful.com/ https://www.facebook.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com https://www.google.co.uk https://ad.doubleclick.net https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://monzo-prod-user-images.imgix.net https://monzo-nonprod-user-images.imgix.net https://monzo.com https://api.s101.nonprod-ffs.io https://public-images.monzo.com https://monzo.com/static/images/ https://www.monzo.com/static/images/ https://sc-static.net https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.linkedin.com/px/li_sync https://analytics.tiktok.com https://i.ytimg.com https://tracking.audio.thisisdax.com; manifest-src 'self'; object-src 'none'; script-src 'self' https://internal-api.monzo.com https://static-assets.monzo.com https://static-assets.monzo-s101.com https://monzo-prod-s3bucketcreator-ffs-web-export.s3-eu-west-1.amazonaws.com https://monzo-s101-s3bucketcreator-ffs-nonprod-web-export.s3-eu-west-1.amazonaws.com  https://connect.facebook.net https://staticxx.facebook.com 'sha256-cEA11bFWm3xkaqL5YA+oY0dsdGZ6JnmzjDmEA96JzYo=' https://www.googleadservices.com/pagead/conversion.js https://www.google-analytics.com 'sha256-Sf/bfPa04gP4XF4eVUK6B0ojQIKrG9TJWcA3rLgVpv4=' https://tagmanager.google.com https://www.googletagmanager.com 'sha256-MddmuEIlDGvOcbqXlxVDI8Q0HFDdz9gjOtWTEPtAvl4=' 'sha256-y2VCPRiE7sBqGhfmTFepaHF+xkNOHft2dNlhZN30AK0=' https://api.greenhouse.io 'sha256-UWs4lvG6fHLGx7Zfzb7S9mWOLxoSjrsdT3XzE8y4Ehg=' https://community.monzo.com https://api.s101.nonprod-ffs.io https://sc-static.net https://tr.snapchat.com/ 'sha256-kwIKGTQhR0XTp/8zT4nG3Su0wN4z4vW5vKx5aYRcB/4=' https://pixel.byspotify.com 'sha256-ippMM2y/IQkwYY42CPdY+pZ45HKmpJW2lrbTQJ7SrV0=' 'sha256-TTc+2yck8kAT5wu4NtOmgizC1cpdD85hIBiS4mg/GzA=' https://snap.licdn.com https://analytics.tiktok.com 'sha256-UTzaeHrlz2QknghM/s5S6eVsLJg/BSW54vfZCPodtE4=' 'sha256-Yv+8qDvH/z6iJXcg9IOLmzlQIiOags5Ro/pYuo+hjRY=' https://widget.trustpilot.com https://platform.twitter.com; style-src 'self' https://static-assets.monzo.com https://static-assets.monzo-s101.com https://monzo-prod-s3bucketcreator-ffs-web-export.s3-eu-west-1.amazonaws.com https://monzo-s101-s3bucketcreator-ffs-nonprod-web-export.s3-eu-west-1.amazonaws.com 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; upgrade-insecure-requests; media-src 'self' https://videos.ctfassets.net https://videos.contentful.com https://www.monzo.com/static/images/ https://monzo.com/static/images/ https://www.monzo.com/static/images/blog/ https://monzo.com/static/images/blog/; worker-src 'none'; report-uri https://o23827.ingest.sentry.io/api/4505743602483200/security/?sentry_key=06894583d63658ed47fe4e9943f497fa&sentry_environment=production&sentry_release=c119ce49b71cddbc6932856ebe9a2f510f7cbdbb; frame-src https://www.facebook.com https://connect.facebook.net https://www.google.com https://bid.g.doubleclick.net https://*.doubleclick.net https://community.monzo.com https://tr.snapchat.com https://tr-shadow.snapchat.com bytedance: sslocal: https://widget.trustpilot.com https://platform.twitter.com https://player.vimeo.com https://www.youtube.com www.youtube-nocookie.com; prefetch-src https://static-assets.monzo.com https://static-assets.monzo-s101.com https://monzo-prod-s3bucketcreator-ffs-web-export.s3-eu-west-1.amazonaws.com https://monzo-s101-s3bucketcreator-ffs-nonprod-web-export.s3-eu-west-1.amazonaws.com; default-src https://static-assets.monzo.com https://static-assets.monzo-s101.com https://monzo-prod-s3bucketcreator-ffs-web-export.s3-eu-west-1.amazonaws.com https://monzo-s101-s3bucketcreator-ffs-nonprod-web-export.s3-eu-west-1.amazonaws.com; 1
default-src *;script-src 'unsafe-eval' 'unsafe-inline' * data:;child-src *;connect-src *;font-src * data:;form-action *;frame-src *;frame-ancestors 'self';img-src * data:;media-src *;object-src *;style-src 'unsafe-inline' * data:;upgrade-insecure-requests;block-all-mixed-content;report-uri https://yoti.report-uri.io/r/default/csp/reportOnly; 1
frame-ancestors https://wear.jp https://wear.net https://wear.tw http://bo.wear.jp https://bo.wear.jp; 1
default-src 'self' data: blob: *.mega.co.nz *.mega.nz *.mega.io http://*.mega.nz http://*.mega.io; script-src 'self' *.mega.co.nz *.mega.nz *.mega.io https://*.googletagmanager.com https://analytics.google.com *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent20.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com data: blob:; connect-src *.mega.co.nz *.mega.nz *.mega.io http://*.mega.nz http://*.mega.io https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz *.mega.io *.hubspotusercontent20.net cdn2.hubspot.net data: blob:; frame-src 'self' *.megapay.nz mega: *.megaad.nz https://mega.nz/ https://mega.io/ *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com; img-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob: mega.nz *.hubspot.com js.hscta.net no-cache.hubspot.com *.hubspotusercontent20.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com; frame-ancestors 'self' https://mega.nz/; child-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob: mega.nz *.hsforms.com; 1
default-src 'self' https://*.market-pay.com/  https://*.market-pay.com/* https://*.youtube.com/ https://*.youtube.com/* https://*.partnerbookingkit.com/ https://*.partnerbookingkit.com/* https://*.pinterest.com/ https://*.pinterest.com/* https://*.exelator.com/ https://*.adswizz.com/ https://*.exelator.com/* https://*.adswizz.com/* https://*.theaa.digital/ https://*.theaa.digital/* https://*.theaa.com/* https://*.theaa.com/ https://*.lpsnmedia.net/ https://*.lpsnmedia.net/* https://*.aspnetcdn.com/ https://*.aspnetcdn.com/* https://*.googleapis.com/ https://*.googleapis.com/* https://*.optimizely.com/ https://*.optimizely.com/* https://*.quantummetric.com/ https://*.quantummetric.com/* https://*.jquery.com/ https://*.jquery.com/* https://*.facebook.net/ https://*.facebook.net/* https://*.trustarc.com/ https://*.truste.com/ https://*.doubleclick.net/  https://*.trustarc.com/* https://*.truste.com/* https://*.doubleclick.net/* https://*.liveperson.net/ https://*.liveperson.net/* https://*.quantserve.com/ https://*.quantserve.com/* https://*.ads-twitter.com/ https://*.hotjar.com/ https://*.quantserve.com/* https://*.ads-twitter.com/* https://*.hotjar.com/* https://*.tiqcdn.com/ https://*.tiqcdn.com/* https://*.trustpilot.com/ https://www.google-analytics.com/ https://*.trustpilot.com/* https://www.google-analytics.com/* https://www.googletagmanager.com/ https://*.googletagmanager.com/* https://bat.bing.com/ https://bat.bing.com/* https://*.tealiumiq.com https://*.tealiumiq.com/* https://*.google.com https://*.google.com/* https://www.google.co.uk https://www.google.co.uk/* https://*.google-analytics.com/ https://*.google-analytics.com/* https://*.googletagmanager.com/* https://*.snapchat.com https://*.snapchat.com/*; frame-src 'self' https://*.market-pay.com/  https://*.market-pay.com/* https://*.youtube.com/ https://*.youtube.com/* https://*.partnerbookingkit.com/ https://*.partnerbookingkit.com/* https://*.vimeo.com/ https://*.vimeo.com/* https://*.trustpilot.com/ https://*.trustpilot.com/* https://*.trustarc.com/ https://*.trustarc.com/* https://*.theaa.com/ https://*.theaa.digital/ http://*.doubleclick.net/ http://*.doubleclick.net/* https://*.optimizely.com https://*.optimizely.com/* https://*.doubleclick.net/ https://*.doubleclick.net/* https://*.hotjar.com/ https://*.hotjar.com/* https://www.google.com/ https://www.google.com/* https://*.decibelinsight.net/ https://*.decibelinsight.net/* https://*.quantummetric.com/ https://*.quantummetric.com/* https://*.lpsnmedia.net/ https://*.lpsnmedia.net/* https://*.iesnare.com/ https://*.iesnare.com/* https://*.liveperson.net/ https://*.liveperson.net/* https://*.tvsquared.com https://*.tvsquared.com/* https://*.snapchat.com https://*.snapchat.com/* https://*.theaa.digital/ https://*.theaa.digital/* https://*.theaa.com/* https://*.theaa.com/ https://www.youtube.com/ https://www.youtube.com/* https://*.stripe.com/ https://*.stripe.com/* https://*.salecycle.com https://*.salecycle.com/* blob: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src 'self' https://*.market-pay.com/  https://*.market-pay.com/* https://*.youtube.com/ https://*.youtube.com/* https://*.partnerbookingkit.com/ https://*.partnerbookingkit.com/* https://*.vimeo.com/ https://*.vimeo.com/* https://*.lpsnmedia.net/ https://*.optimizely.com https://*.optimizely.com/* https://*.lpsnmedia.net/* https://mpsnare.iesnare.com https://mpsnare.iesnare.com/* blob: data:;font-src 'self' https://*.market-pay.com/  https://*.market-pay.com/* https://*.partnerbookingkit.com/ https://*.partnerbookingkit.com/* https://*.youtube.com/ https://*.youtube.com/* https://fonts.gstatic.com https://fonts.gstatic.com/* 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; connect-src *; img-src * data: blob: ;script-src 'self' https://*.market-pay.com/  https://*.market-pay.com/* https://*.partnerbookingkit.com/ https://*.partnerbookingkit.com/* https://*.youtube.com/ https://*.youtube.com/* https://*.vimeo.com/ https://*.vimeo.com/* https://*.facebook.net/ https://*.facebook.net/* https://*.quantcount.com/ https://*.snapchat.com/ https://*.quantserve.com/ https://*.quantcount.com/* https://*.snapchat.com/* https://*.quantserve.com/* https://*.tvsquared.com/ https://*.dwin1.com/ https://*.bing.com/ https://*.pinimg.com/ https://*.tvsquared.com/* https://*.dwin1.com/* https://*.bing.com/* https://*.pinimg.com/* https://*.ads-twitter.com/ https://*.redditstatic.com/ https://*.trustpilot.com/ https://*.ads-twitter.com/* https://*.redditstatic.com/* https://*.trustpilot.com/* https://cdn.co-buying.com/ https://widget.trustpilot.com/ https://*.theaa.digital/ https://cdn.co-buying.com/* https://widget.trustpilot.com/* https://*.theaa.digital/* https://*.theaa.digital/* https://*.theaa.com/* https://*.theaa.com/ https://*.google-analytics.com/ https://*.addthis.com/ https://*.addthis.com/* https://*.bazaarvoice.com/ https://*.bazaarvoice.com/* http://*.googletagmanager.com/ https://*.googletagmanager.com/ https://*.googletagmanager.com/*https://*.cloudflare.com/ https://*.cloudflare.com/* https://*.googleapis.com/ https://*.googleapis.com/* https://*.gstatic.com/ https://*.google.com/* https://*.google.com/ https://*.optimizely.com https://*.optimizely.com/ https://mpsnare.iesnare.com/ https://*.jquery.com https://*.jquery.com/* https://*.aspnetcdn.com/ https://*.aspnetcdn.com/* http://tags.tiqcdn.com/ https://tags.tiqcdn.com/ https://collect.tealiumiq.com/ http://*.truste.com/ https://*.truste.com/ https://*.trustarc.com/ https://*.decibelinsight.net/ https://*.lpsnmedia.net/ https://*.lpsnmedia.net/* https://*.liveperson.net/ https://*.liveperson.net/* https://*.decibelinsight.net/* http://*.tealiumiq.com/ https://*.tealiumiq.com/ http://*.doubleclick.net/ https://*.doubleclick.net/ https://*.hotjar.com/ https://static.cloudflareinsights.com/ https://cdn.quantummetric.com/ https://*.facebook.net/ https://sc-static.net https://*.quantserve.co https://*.licdn.com/ https://*.impactcdn.com/ https://*.googleadservices.com https://*.responsetap.com/ https://*.roeyecdn.com 'unsafe-inline' 'unsafe-eval' blob:; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com www.tjk-njk.com *.exoclick.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.pornorama.com/csp-reports; report-to csp-endpoint 1
connect-src 'self' https://api2.amplitude.com https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps-api-v3/api/ https://maps.googleapis.com/maps/api/mapsjs/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/$rpc/ https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps/api/staticmap https://platform-api.sharethis.com/js/sharethis.js https://buttons-config.sharethis.com/js/ https://l.sharethis.com/pview https://ascensioncrm--uat.sandbox.my.site.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm--acc.sandbox.my.salesforce.com/ https://service.force.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm.my.salesforce.com https://ascension.force.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://static.lightning.force.com/ https://service.force.com/ https://*.salesforceliveagent.com/chat/ https://ascensioncrm.my.site.com/ https://ascensioncrm.my.salesforce-scrt.com/ https://a.tiles.mapbox.com/ https://*.localsearchprofiles.com/ https://support.doctorpodcasting.com/ https://radiomd.com/ https://az416426.vo.msecnd.net/scripts/ https://dc.services.visualstudio.com/v2/track https://static.srcspot.com/libs/hannie.js blob: https://bcbolt446c5271-a.akamaihd.net/media/ https://players.brightcove.net/ https://edge.api.brightcove.com/ https://metrics.brightcove.com/ https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://cf-images.us-east-1.prod.boltdns.net/ https://manifest.prod.boltdns.net/ https://gallery-metrics.api.brightcove.com/ https://service.reputation.com/ https://api.mapbox.com/ assets.reputation.com *.visualwebsiteoptimizer.com app.vwo.com *.ascension.org;default-src 'self' blob: *.ascension.org;font-src 'self' fonts.gstatic.com https://fonts.googleapis.com https://ascensioncrm--uat.sandbox.my.site.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm--acc.sandbox.my.salesforce.com/ https://service.force.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm.my.salesforce.com https://ascension.force.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://static.lightning.force.com/ https://service.force.com/ https://*.salesforceliveagent.com/chat/ https://ascensioncrm.my.site.com/ https://ascensioncrm.my.salesforce-scrt.com/ data: *.ascension.org;frame-src 'self' *.formstack.com https://www.formassembly.com/ https://www.volgistics.com/ https://ascension.tfaforms.net/ blob: https://bcbolt446c5271-a.akamaihd.net/media/ https://players.brightcove.net/ https://edge.api.brightcove.com/ https://metrics.brightcove.com/ https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://cf-images.us-east-1.prod.boltdns.net/ https://manifest.prod.boltdns.net/ https://gallery-metrics.api.brightcove.com/ https://ascensioncrm--uat.sandbox.my.site.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm--acc.sandbox.my.salesforce.com/ https://service.force.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm.my.salesforce.com https://ascension.force.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://static.lightning.force.com/ https://service.force.com/ https://*.salesforceliveagent.com/chat/ https://ascensioncrm.my.site.com/ https://ascensioncrm.my.salesforce-scrt.com/ *.youtube.com/ https://a.tiles.mapbox.com/ https://*.localsearchprofiles.com/ https://support.doctorpodcasting.com/ https://radiomd.com/ https://az416426.vo.msecnd.net/scripts/ https://dc.services.visualstudio.com/v2/track https://static.srcspot.com/libs/hannie.js app.vwo.com *.visualwebsiteoptimizer.com *.ascension.org;img-src 'self' https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps-api-v3/api/ https://maps.googleapis.com/maps/api/mapsjs/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/$rpc/ https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps/api/staticmap https://service.reputation.com/ https://api.mapbox.com/ assets.reputation.com https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://service.force.com/embeddedservice/ https://ascensioncrm.my.site.com/ https://a.tiles.mapbox.com/ https://*.localsearchprofiles.com/ https://support.doctorpodcasting.com/ https://radiomd.com/ https://az416426.vo.msecnd.net/scripts/ https://dc.services.visualstudio.com/v2/track https://static.srcspot.com/libs/hannie.js blob: https://bcbolt446c5271-a.akamaihd.net/media/ https://players.brightcove.net/ https://edge.api.brightcove.com/ https://metrics.brightcove.com/ https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://cf-images.us-east-1.prod.boltdns.net/ https://manifest.prod.boltdns.net/ https://gallery-metrics.api.brightcove.com/ *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com data: *.ascension.org;object-src 'none' ;script-src 'self' 'unsafe-eval' https://cdn.amplitude.com https://ascensioncrm--uat.sandbox.my.site.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm--acc.sandbox.my.salesforce.com/ https://service.force.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm.my.salesforce.com https://ascension.force.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://static.lightning.force.com/ https://service.force.com/ https://*.salesforceliveagent.com/chat/ https://ascensioncrm.my.site.com/ https://ascensioncrm.my.salesforce-scrt.com/ https://tfaforms.com https://service.reputation.com/ https://api.mapbox.com/ assets.reputation.com https://www.googletagmanager.com/gtm.js 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/react/18.2.0/ https://cdnjs.cloudflare.com/ajax/libs/react-dom/18.2.0/  https://cdnjs.cloudflare.com/ajax/libs/es6-shim/ https://cdnjs.cloudflare.com/ajax/libs/es5-shim/ https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps-api-v3/api/ https://maps.googleapis.com/maps/api/mapsjs/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/$rpc/ https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps/api/staticmap https://platform-api.sharethis.com/js/sharethis.js https://buttons-config.sharethis.com/js/ https://l.sharethis.com/pview https://a.tiles.mapbox.com/ https://*.localsearchprofiles.com/ https://support.doctorpodcasting.com/ https://radiomd.com/ https://az416426.vo.msecnd.net/scripts/ https://dc.services.visualstudio.com/v2/track https://static.srcspot.com/libs/hannie.js blob: https://bcbolt446c5271-a.akamaihd.net/media/ https://players.brightcove.net/ https://edge.api.brightcove.com/ https://metrics.brightcove.com/ https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://cf-images.us-east-1.prod.boltdns.net/ https://manifest.prod.boltdns.net/ https://gallery-metrics.api.brightcove.com/ blob: *.visualwebsiteoptimizer.com app.vwo.com *.ascension.org;style-src 'self' 'unsafe-eval' 'unsafe-inline' https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://service.force.com/embeddedservice/ https://ascensioncrm.my.site.com/ fonts.gstatic.com https://fonts.googleapis.com https://service.reputation.com/ https://api.mapbox.com/ assets.reputation.com *.visualwebsiteoptimizer.com app.vwo.com *.ascension.org; 1
default-src 'self';base-uri 'self';script-src 'nonce-m6Xn1Zzho2mtj2zIUBLlUw==' 'strict-dynamic' 'report-sample' https:;report-to csp-endpoint;upgrade-insecure-requests;style-src 'self' 'report-sample' *.cdn.office.net *.microsoft.com res-dev.cdn.officeppe.net 'unsafe-inline' https://www.microsoft.com/;font-src 'self' data: *.cdn.office.net res-dev.cdn.officeppe.net data c.s-microsoft.com *.microsoft.com;connect-src 'self' https://browser.pipe.aria.microsoft.com https://browser.events.data.microsoft.com *.office.com *.cdn.office.net res-dev.cdn.officeppe.net https://consentreceiverfd-prod.azurefd.net data:;frame-src https://login.microsoftonline.com https://login.live.com mem.gfx.ms amcdn.msftauth.net amcdn.msauth.net https://login.live-int.com https://login.windows-ppe.net;img-src * data: blob:;worker-src 'self' blob:;child-src 'self' blob:;;report-uri https://csp.microsoft.com/report/Harmony-App-SDF;object-uri none;object-src 'none';form-action https://login.microsoftonline.com;frame-ancestors 'self'; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; script-src  https: 'unsafe-inline' 'unsafe-eval'; connect-src  https: 'unsafe-inline'; img-src  https: data: blob: 'unsafe-inline'; frame-src https:; style-src https: 'unsafe-inline'; font-src data:  https: 'unsafe-inline'; 1
frame-ancestors 'self' https://*.discoverfinancial.com https://*.discoverihs.com https://www.discoverstudentloans.com cdnssl.clicktale.net 1
frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: 1
default-src 'self'; frame-ancestors 'self'; frame-src * ; media-src *; img-src * blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' embed.typeform.com app.sealmetrics.com flickr.com accounts.google.com optimize.google.com platform.twitter.com static.ads-twitter.com cdn.cookielaw.org  snap.licdn.com www.dev-com.repsol.com  www.repsol.com www.dev-net.repsol.com www.google-analytics.com analytics.tiktok.com cdns.eu1.gigya.com *.tribalfusion.com consent.cookiebot.com www.googleadservices.com googleads.g.doubleclick.net *.krxd.net connect.facebook.net consentcdn.cookiebot.com trc.taboola.com wave.outbrain.com tr.outbrain.com assets.adobedtm.com www.googletagmanager.com www.youtube.com *.google-analytics.com *.analytics.google.com apis.google.com www.google.com www.recaptcha.net cdn.taboola.com amplify.outbrain.com trc.taboola.com tr.outbrain.com wave.outbrain.com ads-engagement.presage.io www.gstatic.com static.hotjar.com www.static.hotjar.com script.hotjar.com www.script.hotjar.com  ; style-src * 'unsafe-inline'; font-src * blob: data:; connect-src * blob: data: 1
default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content 1
frame-ancestors 'self' *.lufthansa.com *.miles-and-more.com *.swiss.com *.amadeus.com *.amadeus.net *.brusselsairlines.com *.austrian.com; script-src *.exactag.com *.quantummetric.com *.monetate.net *.doubleclick.net *.googleadservices.com *.tiqcdn.com *.tealiumiq.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.usabilla.com *.artefact.com *.skyscanner.net *.skyscanner.net *.facebook.com *.facebook.net *.kayak.com *.amadeus.com *.lufthansa-group.com *.austrian.com *.lufthansa.com *.swiss.com *.brusselsairlines.com *.go-mpulse.net *.techlab-cdn.com *.instagram.com *.akamaihd.net *.akstat.io *.cloudfront.net *.cognigy.cloud *.googleapis.com *.gstatic.com *.sheerid.com *.meili.travel *.dwin1.com 'unsafe-inline' 'unsafe-eval'; object-src 'none' 1
upgrade-insecure-requests;default-src 'self' https://*.crazyegg.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pi.pardot.com https://*.zen.co.uk https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://dnn506yrbagrg.cloudfront.net https://az416426.vo.msecnd.net https://*.bizographics.com https://snap.licdn.com https://*.hotjar.com https://bat.bing.com https://s3.amazonaws.com https://*.ads.linkedin.com https://errors.angularjs.org https://code.jquery.com https://stackpath.bootstrapcdn.com https://www.googleadservices.com https://tagmanager.google.com https://www.gstatic.com https://googleads.g.doubleclick.net https://secure.leadforensics.com https://secure.quantserve.com https://rules.quantcount.com https://platform.twitter.com https://cdn.syndication.twimg.com https://connect.facebook.net https://widget.trustpilot.com https://dec.azureedge.net https://cdn.insight.sitefinity.com https://static.mention-me.com https://tag.mention-me.com https://optimize.google.com https://cdn.cookielaw.org https://cdn-ukwest.onetrust.com https://static.ads-twitter.com https://analytics.twitter.com https://secure.adnxs.com https://www.facebook.com https://websites.cdn.getfeedback.com https://*.popupsmart.com https://p.teads.tv https://player.vimeo.com https://tags.srv.stackadapt.com https://*.crazyegg.com https://www.clarity.ms https://*.expertrec.com blob: https://*.sub2tech.com https://ads.nextdoor.com https://service.force.com https://zeninternet.my.salesforce.com https://*.salesforceliveagent.com https://static.lightning.force.com https://lightening.secure.force.com https://zeninternet.my.salesforce-sites.com https://www.youtube.com https://d3gw8apj7f38d6.cloudfront.net;object-src 'none';style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://tagmanager.google.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://optimize.google.com https://*.popupsmart.com https://tags.srv.stackadapt.com https://*.crazyegg.com https://service.force.com https://lightening.secure.force.com https://zeninternet.my.salesforce-sites.com;img-src 'self' blob: https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://i.ytimg.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://ad.doubleclick.net https://gtrk.s3.amazonaws.com https://*.zen.co.uk/ https://zen-marketingwebsite-data.s3.amazonaws.com https://zen-marketingwebsite2-data.s3.amazonaws.com https://zen-marketingwebsite.s3.amazonaws.com https://cdn-ukwest.onetrust.com data: https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://t.co https://www.facebook.com https://*.ads.linkedin.com https://www.linkedin.com https://*.gstatic.com https://pixel.quantserve.com https://bat.bing.com https://secure.adnxs.com https://*.popupsmart.com https://*.teads.tv https://i.vimeocdn.com https://*.crazyegg.com https://*.clarity.ms https://d20j3a1e4m2ov9.cloudfront.net https://flask.nextdoor.com https://www.youtube.com;media-src 'self';frame-src 'self' https://www.youtube.com https://player.vimeo.com https://myaccount.zen.co.uk https://www.google.com https://maps.google.com https://optimize.google.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://identity.testing.zen.co.uk https://identity.zen.co.uk https://vars.hotjar.com https://widget.trustpilot.com https://mention-me.com https://zen.mention-me.com https://servedby.flashtalking.com https://www.getfeedback.com https://zeninternet.getfeedback.com https://dubb.com https://*.crazyegg.com https://12507069.fls.doubleclick.net https://td.doubleclick.net https://view.genial.ly https://cloud.e.zen.co.uk https://service.force.com https://zeninternet.my.salesforce.com;font-src 'self' https://use.fontawesome.com https://script.hotjar.com https://fonts.gstatic.com data:;connect-src 'self' https://www.google-analytics.com https://www.googleadservices.com https://www.google.co.uk https://region1.google-analytics.com https://region1.analytics.google.com https://nl-api.dec.sitefinity.com https://nl-api.insight.sitefinity.com https://zen-marketingwebsite.s3.amazonaws.com https://cdn.cookielaw.org https://cdn-ukwest.onetrust.com https://privacyportal-uk.onetrust.com https://in.hotjar.com https://vc.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net https://tag.mention-me.com https://mention-me.com https://graph.facebook.com https://*.popupsmart.com https://*.teads.tv https://tags.srv.stackadapt.com https://cdn.linkedin.oribi.io https://*.crazyegg.com https://*.clarity.ms https://*.expertrec.com https://flask.nextdoor.com https://lightening.secure.force.com https://zeninternet.my.salesforce-sites.com https://apm.zen.co.uk https://ih4anl1qy8.execute-api.eu-west-1.amazonaws.com https://*.zen.co.uk;frame-ancestors 'self' https://portal.zenbusiness.co.uk https://enlighten2.testing.zen.co.uk https://enlighten2.zen.co.uk https://12507069.fls.doubleclick.net;report-uri /WebResource.axd?cspReport=true 1
frame-ancestors https://*.shopstyleops.com/ https://local.shopstyleops.com:*/ https://*.shopstylecollective.com https://shopstylecollective.com https://*.collectivevoicelocal.com https://collectivevoicelocal.com https://*.collectivevoiceqa.com https://collectivevoiceqa.com https://*.collectivevoicedev.com https://collectivevoicedev.com https://*.collectivevoicebeta.com https://collectivevoicebeta.com https://*.collectivevoice.com https://collectivevoice.com; report-uri /csp-violation; 1
frame-ancestors 'self' https://webvisor.com https://awards.ratingruneta.ru 1
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; upgrade-insecure-requests; 1
default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://px.ads.linkedin.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'self'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'self'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default; 1
object-src 'self' https://hightail.com;base-uri 'self';img-src https: http: blob: data:; frame-src https://* https://www.google.com/recaptcha/ 'self';font-src 'self' https://hightail.com data: ;script-src data: 'unsafe-inline' 'unsafe-eval' 'self' https://forms.hsforms.com/embed/ https://app.link/ http://js.bizographics.com/ http://stats.pusher.com/ http://www.googleadservices.com/ https://www.googleadservices.com https://www.google-analytics.com/ https://cdn.branch.io/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com/ https://dc.ads.linkedin.com/ https://px.ads.linkedin.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://sjs.bizographics.com/ https://assets.zendesk.com/ https://www.bizographics.com/ https://secure.adnxs.com/ https://v2.zopim.com/ https://*.pusher.com/ https://*.hs-banner.com/ https://*.hs-scripts.com/ https://*.hs-analytics.net/ https://*.hsforms.net/ https://*.hsadspixel.net/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://googleads.g.doubleclick.net/ https://forms.hubspot.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://request.eprotect.vantivprelive.com/ https://request.eprotect.vantivcnp.com/ https://*.global.ssl.fastly.net/ http://*.hs-analytics.net/ http://*.hs-scripts.com/ http://*.hsforms.net/ http://*.hsadspixel.net/ http://cdnjs.cloudflare.com/ https://static.zdassets.com/ http://www.google-analytics.com/ https://*.pendo.io/ http://ajax.googleapis.com/ https://img.en25.com/i/livevalidation_standalone.compressed.js https://img.en25.com/Web/OpenTextGlobal/ https://pendo-io-static.storage.googleapis.com/ https://*.googletagmanager.com/ https://pendo-static-5705431416832000.storage.googleapis.com/ http://cdn.jsdelivr.net/npm/cookieconsent@3/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://player.vimeo.com/* https://d2t77mnxyo7adj.cloudfront.net/v1/c.js http://now.eloqua.com/visitor/ http://secure.p01.eloqua.com/visitor/ http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://*.bing.com/ https://*.hotjar.com/ https://*.facebook.net/ https://*.doubleclick.net/ https://*.hsadspixel.net/ https://*.hs-scripts.com/ https://*.clarity.ms/ data https://hightail.com/; frame-ancestors 'self' https://hightail.com; 1
frame-ancestors 'self' https://*.facebook.com https://*.google.com 1
frame-ancestors 'self' https://*.unige.it 1
require-trusted-types-for 'script' 1
frame-ancestors 'self' https://www.trendhunter.com https://www.jeremygutsche.com https://www.betterandfaster.com https://www.trendreports.com https://www.futurefestival.com https://www.keynotes.org https://www.exploitingchaos.com https://www.trendhunter.ai https://www.createthefuturebook.com https://go.trendhunter.com 1
frame-ancestors 'self' *.sportradarserving.com sportradarserving.com 1
default-src recreativdesign.com fonts.gstatic.com www.google.com data: 'self' st11.rcvlink.com;img-src recreativdesign.com image/svg+xml data: www.google.com.ua www.google.com www.googletagmanager.com googleads.g.doubleclick.net *.iubenda.com recreativ.com st11.rcvlink.com;style-src 'unsafe-inline' *.iubenda.com recreativdesign.com fonts.googleapis.com;script-src recreativdesign.com www.google.com www.googletagmanager.com www.google.com.ua ajax.googleapis.com www.gstatic.com googleads.g.doubleclick.net cdnjs.cloudflare.com *.iubenda.com crypto.dev2.rcrtv.net payfor.dev 'unsafe-inline' 'unsafe-eval' 'self';connect-src *.iubenda.com pagead2.googlesyndication.com crypto.dev2.rcrtv.net payfor.dev recreativdesign.com 'self';frame-src *.iubenda.com www.google.com td.doubleclick.net www.gstatic.com crypto.dev2.rcrtv.net payfor.dev;base-uri 'self';object-src 'self';style-src-elem recreativdesign.com www.google.com www.googletagmanager.com ajax.googleapis.com www.gstatic.com googleads.g.doubleclick.net fonts.googleapis.com cdnjs.cloudflare.com *.iubenda.com 'unsafe-inline' 'unsafe-eval' 'self' 1
default-src 'self' *; style-src * 'unsafe-inline'; img-src * data: content: * 'self'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' * 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *; base-uri 'self' 1
default-src 'self'; frame-src http: data:; connect-src http: data:; script-src 'unsafe-inline' 'unsafe-eval' http:; style-src 'unsafe-inline' http:; img-src http: data:; font-src http: data: 1
img-src 'self' https://img.awvvvvw.live; 1
frame-ancestors 'self' *.dnc.io 1
default-src 'self' https://static.linear.app;connect-src 'self' https://o415358.ingest.sentry.io/api/5337513/ https://o415358.ingest.sentry.io/api/4504277957279744/ wss://ornj730p.api.sanity.io/ https://ornj730p.apicdn.sanity.io/ https://*.linear.app https://9RXBCYQ6DV-dsn.algolia.net https://*.google-analytics.com/ https://linearstatus.com/ https://app.posthog.com https://*.browser-intake-datadoghq.com http://127.0.0.1:44450/ http://127.0.0.1:18450/ http://127.0.0.1:33234/ https://api.linear.app https://client-api.linear.app wss://sync.linear.app/ https://storage.googleapis.com/uploads.linear.app/ https://storage.googleapis.com/linear-uploads-europe-west1/ https://storage.googleapis.com/imports.linear.app/ https://storage.googleapis.com/linear-imports-europe-west1/ https://storage.googleapis.com/public.linear.app/ https://www.google-analytics.com/j/collect https://ornj730p.api.sanity.io/;script-src 'unsafe-inline' 'self' blob: https://www.googletagmanager.com/gtag/ https://www.google-analytics.com/analytics.js https://js.stripe.com/v3 https://jobs.ashbyhq.com/Linear/embed https://e.linear.app https://static.linear.app;style-src 'self' 'unsafe-inline' https://static.linear.app;font-src 'self' data: https://static.linear.app;img-src 'self' data: blob: https://*.linear.app https://*.googleusercontent.com https://www.google-analytics.com https://cdn.sanity.io/images/ornj730p/ https://linear.app/cdn-cgi/imagedelivery/ https://avatars.githubusercontent.com https://i.ytimg.com/vi/ https://avatars.slack-edge.com https://pbs.twimg.com/profile_images/ https://pbs.twimg.com/ext_tw_video_thumb/;frame-ancestors 'self' https://cms.linear.app;frame-src *;media-src blob: https://uploads.linear.app https://public.linear.app https://imports.linear.app https://static.linear.app https://cdn.sanity.io/files/ornj730p/ https://video.twimg.com/ext_tw_video/ https://linear.app/static/;report-uri https://api.linear.app/report-violation 1
frame-ancestors 'self' https://*.csus.edu https://csus.cascadecms.com https://csus.service-now.com 1
frame-ancestors 'self' https://www.channel4000.com/ https://kdvr.com/ https://kfor.com/ https://fox2now.com/ https://fox5sandiego.com/ https://ktla.com/ https://fox40.com/ https://fox4kc.com/ https://wgntv.com/ https://fox8.com/ https://khon2.com/ https://klfy.com/ https://kron4.com/ https://krqe.com/ https://wavy.com/ https://wfla.com/ https://wivb.com/ https://wkrg.com/ https://wkrn.com/ https://woodtv.com/ https://wwlp.com/ https://channel4000.com/ https://koin.com/ https://wreg.com/ https://wric.com/ https://fox59.com/ https://wspa.com/ https://wgno.com/ https://myfox8.com/ https://nbc4i.com/ https://kxan.com/ https://wtnh.com/ https://stage.nxstrib.com/ https://nxs-staging.go-vip.net/ https://wate.com/ https://wkbn.com/ https://cbs17.com/ https://wpri.com/ https://wsav.com/ https://whnt.com/ https://who13.com/ https://abc27.com/ https://cbs42.com/ https://wjhl.com/ https://cw33.com/ https://cw39.com/ https://localdvm.com/watch-dcw50/ https://wgnradio.com/ https://phl17.com/ https://cbs4indy.com/ https://borderreport.com/ https://everythinglubbock.com/ https://myhighplains.com/ https://nxsttv-stage.go-vip.net/ https://nxstrib-com-staging.go-vip.net/ https://myarklamiss.com/ https://kark.com/ https://siouxlandproud.com/ https://keloland.com/ https://easttexasmatters.com/ https://texomashomepage.com/ https://kget.com/ https://yourbigsky.com/ https://8newsnow.com/ https://mysterywire.com/ https://fox16.com/ https://conchovalleyhomepage.com/ https://yourbasin.com/ https://nwahomepage.com/ https://ozarksfirst.com/ https://westernslopenow.com/ https://yourcentralvalley.com/ https://fourstateshomepage.com/ https://ksnt.com/ https://ksn.com/ https://bigcountryhomepage.com/ https://arklatexhomepage.com/ https://ktsm.com/ https://abc4.com/ https://valleycentral.com/ https://kxnet.com/ https://fox21news.com/ https://fox44news.com/ https://wane.com/ https://binghamtonhomepage.com/ https://wboy.com/ https://pahomepage.com/ https://wbtw.com/ https://counton2.com/ https://wcia.com/ https://wdhn.com/ https://wdtn.com/ https://localdvm.com/ https://tristatehomepage.com/ https://mytwintiers.com/ https://mychamplainvalley.com/ https://wearegreenbay.com/ https://wfxrtv.com/ https://cnyhomepage.com/ https://ourquadcities.com/ https://wjtv.com/pine-belt-news/ https://wjbf.com/ https://yourerie.com/ https://upmatters.com/ https://wjtv.com/ https://fox46.com/ https://wiproud.com/ https://wlns.com/ https://mypanhandle.com/ https://centralillinoisproud.com/ https://foxlexington.com/ https://wnct.com/ https://cenlanow.com/ https://wowktv.com/ https://wvillustrated.com// https://mystateline.com/ https://wrbl.com/ https://rochesterfirst.com/ https://localsyr.com/ https://wearecentralpa.com/ https://news10.com/ https://wtrf.com/ https://mywabashvalley.com/ https://brproud.com/ https://wvnstv.com/ https://informnny.com/ https://wytv.com/ https://pix11.com/ https://www.snntv.com/ https://www.wavy.com/ https://cw33.com/ https://www.dcnewsnow.com/ https://www.ketk.com/ https://www.ktalnews.com/ https://www.qcnews.com/ https://fox56news.com/ https://www.wtaj.com/ https://www.newsnationnow.com/ https://thehill.com/; 1
frame-ancestors 'self'; object-src https://*.ediblearrangements.com/; media-src https://*.ediblearrangements.com/ 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.uni-graz.at https://webcmp.uni-graz.at https://oembed.uni-graz.at https://bezahlung.uni-graz.at https://webstat.uni-graz.at https://ask.uni-graz.at/ https://beta.ug.aios.dev/ https://*.googletagmanager.com https://connect.facebook.net; img-src 'self' data: https://static.uni-graz.at https://bezahlung.uni-graz.at https://online.uni-graz.at/ https://screenshot.uni-graz.at/ https://webstat.uni-graz.at https://ask.uni-graz.at/ https://beta.ug.aios.dev/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://www.facebook.com; style-src 'self' 'unsafe-inline' https://static.uni-graz.at https://ask.uni-graz.at/ https://beta.ug.aios.dev/; font-src 'self' https://static.uni-graz.at; object-src 'self' https://static.uni-graz.at; frame-src 'self' https://static.uni-graz.at https://webstat.uni-graz.at https://unitube.uni-graz.at https://open.spotify.com https://www.vimeo.com https://www.youtube.com; worker-src 'none'; connect-src 'self' https://static.uni-graz.at https://webcmp.uni-graz.at https://oembed.uni-graz.at https://bezahlung.uni-graz.at https://search.uni-graz.at/rest/getSuggestions https://webstat.uni-graz.at https://ask.uni-graz.at/ wss://api.ug.leftshift.one/mqtt  https://beta.ug.aios.dev/ wss://api.azure-cloud.aios.dev/mqtt https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://www.facebook.com; report-uri /de/log.raw?context=CSP 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *;worker-src 'self' blob:; 1
default-src 'none';child-src 'self' 'unsafe-eval' data: *.kakao.com *.daum.net *.upbit.com *.upbitit.com *.upbitit.sh *.upbitit.cool *.upbitit.city *.upbitit.in *.upbitit.me *.teledit.com *.google.com *.youtube.com *.instagram.com *.facebook.com *.twitter.com *.onesignal.com onesignal.com *.amazonaws.com 127.0.0.1:15018 'sha256-0Ql1J31jzC6EHJM2MUoUyEgmRntzyhoDq7h/gZw/BuQ=' 'sha256-pVP3wiRK6EgotPvbJ2R65xpjHaVawiUq7xpvmES7HRA=' 'sha256-HrYkl2rawjkoYYuXeaUW9DuuuV0RMPdyk1VfrnOfve8=' 'sha256-Imv8rgvxn2GP4QJH/s+T5I8tEtsRwclyX3+LH36ke+U=';worker-src 'self' 'unsafe-eval' data: *.kakao.com *.daum.net *.upbit.com *.upbitit.com *.upbitit.sh *.upbitit.cool *.upbitit.city *.upbitit.in *.upbitit.me *.teledit.com *.google.com *.youtube.com *.instagram.com *.facebook.com *.twitter.com *.onesignal.com onesignal.com *.amazonaws.com 127.0.0.1:15018 'sha256-0Ql1J31jzC6EHJM2MUoUyEgmRntzyhoDq7h/gZw/BuQ=' 'sha256-pVP3wiRK6EgotPvbJ2R65xpjHaVawiUq7xpvmES7HRA=' 'sha256-HrYkl2rawjkoYYuXeaUW9DuuuV0RMPdyk1VfrnOfve8=' 'sha256-Imv8rgvxn2GP4QJH/s+T5I8tEtsRwclyX3+LH36ke+U=' blob:;frame-src 'self' 'unsafe-eval' data: *.kakao.com *.daum.net *.upbit.com *.upbitit.com *.upbitit.sh *.upbitit.cool *.upbitit.city *.upbitit.in *.upbitit.me *.teledit.com *.google.com *.youtube.com *.instagram.com *.facebook.com *.twitter.com *.onesignal.com onesignal.com *.amazonaws.com 127.0.0.1:15018 'sha256-0Ql1J31jzC6EHJM2MUoUyEgmRntzyhoDq7h/gZw/BuQ=' 'sha256-pVP3wiRK6EgotPvbJ2R65xpjHaVawiUq7xpvmES7HRA=' 'sha256-HrYkl2rawjkoYYuXeaUW9DuuuV0RMPdyk1VfrnOfve8=' 'sha256-Imv8rgvxn2GP4QJH/s+T5I8tEtsRwclyX3+LH36ke+U=' blob:;frame-ancestors 'self';script-src 'self' 'unsafe-eval' data: blob: resource: 202.150.191.199 *.google.com *.googleapis.com *.gstatic.com localhost:5000 localhost:8080 localhost:8081 *.upbit.io *.upbit.com *.upbitit.com *.upbitit.sh *.upbitit.cool *.upbitit.city *.upbitit.in *.upbitit.me *.kakao.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.facebook.com api.calq.io *.twitter.com *.twimg.com *.onesignal.com onesignal.com *.nr-data.net *.newrelic.com *.datadoghq-browser-agent.com cdn.jsdelivr.net 'sha256-AmiIBiDMlUtAs2tJB7jErMe/d3rBPYNUQQIZZdI0/mw=' 'sha256-tR4f5esF7ogSmVINwuWYjYLydFvDU/NenPTDeJQHINs=' 'sha256-b0JiL6WgW/t6gnaiUl78Mlg1q3/pUtetuNGA6BYlnH4=' 'sha256-6j87i3n9lWPVmuX+Udb9PQmkHb7ucVoDtHD6HKJXPLI=' 'sha256-t6C3BkAxW5wuha7GldeGWafgEpleF3eDfNI3xT52/eU=' 'sha256-EQmj6Ha49NOPh0LdNXNUL4d1kUdtlRkdWwcOBab0Ut0=' 'sha256-nNAB7wzHoZ2H2aPXc92gTFy5PUJbI0DgcTKKke1IAME=' 'sha256-f1HK/Dqj6PZZhqO05NmaOi3WSD+H8wH+8Hf8e1w8vQc=' 'sha256-a3jrMYVXEEA6OiADmrxAYVqEyCuvciqKxYphw6Z0AiY=' 'sha256-lo7ZdP6kFds+wf1WMWvn7MhcFVFJV44kAXODRevzRZ8=' 'sha256-/LzxZZCN0YqeSff/J4EBdtuOn2O0NSITdBZkJFIk+Ko=' 'sha256-pq6kbeGlAEeHYBthGd32bJmZGkgiqvxz5199By9lOcY=' 'sha256-NnrjSbntVW306IHkOlwVBC4qIdqWhdj8mf62RaIn6Hw=' 'sha256-SXfx+5vjh9r66UjLQcTxkeAHyelEt20ClYWC4Eabjc4=' 'sha256-S/WWv1gyiLN0ksV2n8CoNhT3b1aJlAFVOTaNCsXDIdY=' 'sha256-WmnJ6wW5Y2n0gjbKF1mSQxGVPY6EC3wHJX7vX/T3HsI=' 'sha256-+3W9zufhVFpD1XwP4aFx3yWExD//7uoJ+EnLO3a9V0Q=' 'sha256-0Ql1J31jzC6EHJM2MUoUyEgmRntzyhoDq7h/gZw/BuQ=' 'sha256-pVP3wiRK6EgotPvbJ2R65xpjHaVawiUq7xpvmES7HRA=' 'sha256-HrYkl2rawjkoYYuXeaUW9DuuuV0RMPdyk1VfrnOfve8=' 'sha256-Imv8rgvxn2GP4QJH/s+T5I8tEtsRwclyX3+LH36ke+U='  'sha256-FmdBlmHfq2ipjnGx6IJZaa/6JOMfaapW3QEKwsm1cgM=' cdn.cresendo.net t1.daumcdn.net 'sha256-IMdN53tk7OcIZHNwMvJ59oRkqceBtZMr6bYtJF9HXCs=' 'sha256-uLgqDY2zTj8QoNL2D4QW24EH2OURSBWPBCJ5KsHR+vE=' www.googleadservices.com googleads.g.doubleclick.net 'nonce-e16760d11be053489826e733a90bcf40';connect-src 'self' wss: https: *.upbit.io *.upbit.com *.upbitit.com *.upbitit.sh *.upbitit.cool *.upbitit.city *.upbitit.in *.upbitit.me *.dunamu.com *.upbit.io:8080 *.browser-intake-datadoghq.com;font-src 'self' data: *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.upbit.com *.upbitit.com *.upbitit.sh *.upbitit.cool *.upbitit.city *.upbitit.in *.upbitit.me ;form-action 'self' *.upbit.com *.upbitit.com *.upbitit.sh *.upbitit.cool *.upbitit.city *.upbitit.in *.upbitit.me facebook.com *.twitter.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.upbit.com *.upbitit.com *.upbitit.sh *.upbitit.cool *.upbitit.city *.upbitit.in *.upbitit.me *.twitter.com *.twimg.com *.onesignal.com onesignal.com *.google.com *.googletagmanager.com ;img-src 'self' data: blob: *.luniverse.io *.cur-google.com *.googleapis.com *.gstatic.com *.upbit.com *.upbitit.com *.upbitit.sh *.upbitit.cool *.upbitit.city *.upbitit.in *.upbitit.me *.amazonaws.com *.google-analytics.com *.facebook.com *.google.com *.google.co.kr stats.g.doubleclick.net *.twitter.com *.x.com *.twimg.com *.onesignal.com onesignal.com *.googletagmanager.com via.placeholder.com placeimg.com placekitten.com cdnjs.cloudflare.com cdn.jsdelivr.net 127.0.0.1:15018  clickstream.cresendo.net bc.ad.daum.net;media-src 'self' data: blob: *.luniverse.io *.cur-google.com *.googleapis.com *.gstatic.com *.upbit.com *.upbitit.com *.upbitit.sh *.upbitit.cool *.upbitit.city *.upbitit.in *.upbitit.me *.amazonaws.com *.google-analytics.com *.facebook.com *.google.com *.google.co.kr stats.g.doubleclick.net *.twitter.com *.x.com *.twimg.com *.onesignal.com onesignal.com *.googletagmanager.com via.placeholder.com placeimg.com placekitten.com cdnjs.cloudflare.com cdn.jsdelivr.net 127.0.0.1:15018  clickstream.cresendo.net bc.ad.daum.net;manifest-src 'self';object-src 'self' data: *.upbit.com *.upbitit.com *.upbitit.sh *.upbitit.cool *.upbitit.city *.upbitit.in *.upbitit.me *.amazonaws.com *.twitter.com;base-uri 'self';block-all-mixed-content;script-src-attr 'none';upgrade-insecure-requests 1
script-src 'strict-dynamic' 'nonce-3b6b6d254925439a827bbd2bab36aeb9' 'unsafe-eval'; object-src 'none'; base-uri 'none'; upgrade-insecure-requests; 1
default-src ;script-src 'unsafe-inline' 'self' 'unsafe-eval' https://*.textexpander.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google-analytics.com https://*.googleadservices.com https://*.facebook.net https://*.pvd.to https://*.dwin1.com https://*.doubleclick.net https://*.google.at https://*.twitter.com https://*.iubenda.com https://*.vimeocdn.com https://*.hubspot.com https://*.hscollectedforms.net https://*.hsadspixel.net https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.calendly.com https://*.usemessages.com https://*.recruitee.com https://d10zminp1cyta8.cloudfront.net https://cdnjs.cloudflare.com https://unpkg.com https://*.paddle.com https://*.helpscout.net https://*.google.be https://*.google.ca https://*.google.ch https://*.google.cl https://*.google.co.in https://*.google.co.jp https://*.google.co.kr https://*.google.co.nz https://*.google.co.uk https://*.google.com.ar https://*.google.com.au https://*.google.com.br https://*.google.com.co https://*.google.com.gr https://*.google.com.mx https://*.google.com.pk https://*.google.com.tr https://*.google.com.tw https://*.google.de https://*.google.dk https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.pl https://*.google.pt https://*.googleoptimize.com https://vimeo.com https://*.yoast.com https://*.vimeo.com https://*.google.com https://*.fontawesome.com https://*.hsappstatic.net https://ads.yahoo.com https://*.adroll.com https://d.adroll.mgr.consensu.org https://dsum-sec.casalemedia.com https://eb2.3lift.com https://ib.adnxs.com https://idsync.rlcdn.com https://image2.pubmatic.com https://*.adsymptotic.com https://*.advertising.com https://*.rubiconproject.com https://simage2.pubmatic.com https://*.licdn.com https://*.outbrain.com https://*.taboola.com https://ups.analytics.yahoo.com https://*.bidswitch.net https://*.facebook.com https://*.clearbitscripts.com https://*.clearbitjs.com https://*.hsforms.com https://*.hsforms.net https://*.bing.com https://*.linkedin.com https://*.gstatic.com https://textexpander.com *.visualwebsiteoptimizer.com app.vwo.com https://*.g2crowd.com https://*.attributionapp.com https://*.intercom.io https://*.intercom.com https://*.intercomcdn.com https://*.clarity.ms;style-src https://*.textexpander.com https://sentry.io 'unsafe-inline' 'self' https://*.helpscout.net https://unpkg.com https://*.google.com https://*.fontawesome.com https://*.calendly.com https://*.googleapis.com https://textexpander.com *.visualwebsiteoptimizer.com app.vwo.com https://s3.amazonaws.com https://*.intercom.io https://*.intercom.com https://*.intercomcdn.com;font-src https://*.textexpander.com https://*.gstatic.com data: 'self' https://*.googletagmanager.com https://*.helpscout.net https://*.googleoptimize.com https://*.fontawesome.com https://textexpander.com https://*.intercomcdn.com;img-src * data:;connect-src https://*.textexpander.com wss://visitors.live https://*.hubapi.com https://*.fontawesome.com wss://*.visitors.live https://*.googleapis.com https://*.linkedin.com https://d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com https://*.sumologic.com https://cdn.linkedin.oribi.io 'self' https://*.analytics.google.com https://*.hubspot.com https://*.iubenda.com https://*.pvd.to https://*.recruitee.com https://*.helpscout.net https://sentry.io https://*.facebook.com https://*.google-analytics.com https://*.yoast.com https://*.google.com https://*.adroll.com https://*.googlesyndication.com https://*.clearbit.com https://*.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.bing.com https://*.doubleclick.net https://textexpander.com *.visualwebsiteoptimizer.com app.vwo.com https://*.attributionapp.com https://*.intercom.com https://*.intercom.io https://*.intercomcdn.com wss://*.intercom.io https://*.clarity.ms;media-src https://*.textexpander.com https://*.youtu.be https://vod-progressive.akamaized.net 'self' https://*.vimeocdn.com https://*.helpscout.net https://download-video.akamaized.net https://vimeo.com https://*.vimeo.com https://*.youtube.com https://textexpander.com https://*.intercomcdn.com;object-src https://*.textexpander.com blob: 'self' https://*.helpscout.net https://textexpander.com;frame-src https://*.textexpander.com https://10fastfingers.com https://calendly.com https://*.wufoo.com 'self' https://*.twitter.com https://*.hubspot.com https://*.iubenda.com https://*.vimeocdn.com https://*.helpscout.net https://*.google.at https://*.google.be https://*.google.ca https://*.google.ch https://*.google.cl https://*.google.co.in https://*.google.co.jp https://*.google.co.kr https://*.google.co.nz https://*.google.co.uk https://*.google.com.ar https://*.google.com.au https://*.google.com.br https://*.google.com.co https://*.google.com.gr https://*.google.com.mx https://*.google.com.pk https://*.google.com.tr https://*.google.com.tw https://*.google.de https://*.google.dk https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.pl https://*.google.pt https://vimeo.com https://*.vimeo.com https://*.google.com https://*.youtube-nocookie.com https://*.adroll.com https://*.hsforms.com https://*.youtube.com https://*.doubleclick.net https://*.facebook.com https://textexpander.com *.visualwebsiteoptimizer.com app.vwo.com https://*.attributionapp.com https://*.intercom.io https://*.intercom.com https://*.intercomcdn.com https://*.intercom-reporting.com https://intercom-sheets.com https://fast.wistia.net;worker-src https://*.textexpander.com 'self' blob: https://textexpander.com https://*.intercom-reporting.com https://intercom-sheets.com https://fast.wistia.net https://vimeo.com https://*.youtube.com; 1
default-src 'self' data: blob: *.gstatic.com *.google.com *.google-analytics.com *.nr-data.net *.facebook.com *.facebook.net *.bing.com *.modirum.com *.arcot.com *.creditmutuel.fr *.wlp-acs.com *.bioz.com *.vwr.com *.doubleclick.net *.avantorsciences.com *.nusil.com *.googletagmanager.com *.linkedin.com *.twitter.com *.vwrsurveys.com *.adsymptotic.com *.paymetric.com *.mktoresp.com *.wardsci.com *.sargentwelch.com *.boreal.com *.sargentwelch.ca *.twimg.com *.vwr-cmd.com *.mt.com *.moji-moji.com *.youtube.com youtube.com *.gotowebinar.com *.vwr-cmd2.com *.surveymonkey.com *.instantservice.com *.zencdn.net *.cdntwrk.com www.google.co.in *.hotjar.com *.hotjar.io ahpp.adflex.co.uk ahpp2.adflex.co.uk authentication.cardinalcommerce.com *.pinterest.com *.kickfire.com *.rumiview.com *.vimeo.com *.salesforce.com *.prnewswire.com nebnextvwr.neb.com projects.spielcreative.com projects.ivorystudio.net *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net *.pantheonsite.io *.cloudflare.com *.sinch.com *.chatlayer.ai *.ably.io *.ably-realtime.com wss://realtime.ably.io wss://ws.hotjar.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.facebook.com *.facebook.net *.bing.com *.modirum.com *.arcot.com *.creditmutuel.fr *.wlp-acs.com *.bioz.com *.vwr.com *.googleapis.com *.mktoresp.com *.twitter.com *.twimg.com *.zencdn.net *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net *.sinch.com *.chatlayer.ai *.ably.io *.ably-realtime.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.auth0.com *.google-analytics.com *.facebook.com *.facebook.net *.bing.com *.modirum.com *.arcot.com *.creditmutuel.fr *.wlp-acs.com *.bioz.com *.salesforceliveagent.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.vwr.com *.licdn.com *.cloudflareinsights.com *.vwrsurveys.com *.marinsm.com *.paymetric.com *.google.com *.cloudflare.com *.pardot.com *.doubleclick.net *.googleadservices.com *.facebook.net *.wardsci.com *.verisign.com *.linkedin.com *.twitter.com *.googleapis.com *.sargentwelch.com *.sargentwelch.ca *.marketo.net *.twimg.com *.vwr-cmd.com *.mt.com *.moji-moji.com *.youtube.com youtube.com *.gotowebinar.com *.vwr-cmd2.com *.surveymonkey.com *.instantservice.com *.zencdn.net *.cdntwrk.com www.google.co.in *.hotjar.com *.hotjar.io *.pinimg.com *.avantorsciences.com *.kickfire.com *.rumiview.com *.jquery.com *.prnewswire.com *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net *.sinch.com *.chatlayer.ai *.ably.io *.ably-realtime.com; 1
frame-ancestors 'self' https://dealerexperience.cadillac.com https://dealerexperience-cadillac-com.*.wpx.gm.com 1
default-src 'self' https://maxcdn.bootstrapcdn.com https://app-ab39.marketo.com https://cookiesapac.blob.core.windows.net *.onetrust.com use.typekit.net; script-src 'strict-dynamic' 'nonce-MTcyMTk1OTk3NDE5NzAuODcyMjM1Mw==' 'self' *.youtube.com *.googletagmanager.com *.demandbase.com *.licdn.com *.cloudfront.com *.cloudfront.net *.mktoutil.com assets.adobedtm.com *.wipro.com *.woolmagazine.com match.prod.bidr.io google-analytics.com analytics.twitter.com static.ads-twitter.com *.twitter.com t.co *.marketo.com *.marketo.net geolocation.onetrust.com https://cookiesapac.blob.core.windows.net *.onetrust.com https://maxcdn.bootstrapcdn.com ssl.p.jwpcdn.com content.jwplatform.com *.encoretheme.com use.typekit.net; connect-src 'self' https://www.google-analytics.com/ https://823-vdb-175.mktoresp.com wss://ws16.hotjar.com wss://*.hotjar.com wss://ws8.hotjar.com *.mktoutil.com *.wipro.com *.hotjar.com d.adroll.com *.hotjar.io api.company-target.com 921-uou-112.mktoresp.com *.sc.omtrdc.net *.tt.omtrdc.net assets.adobedtm.com https://dpm.demdex.net https://privacyportal-apac.onetrust.com https://wiprolimited.tt.omtrdc.net https://cookiesapac.blob.core.windows.net *.onetrust.com https://maxcdn.bootstrapcdn.com 'nonce-MTcyMTk1OTk3NDE5NzAuODcyMjM1Mw==' cdn.linkedin.oribi.io https://px.ads.linkedin.com; style-src 'self' 'unsafe-inline' *.appirio.com https://maxcdn.bootstrapcdn.com https://go.wipro.com https://app-ab39.marketo.com https://cookiesapac.blob.core.windows.net *.onetrust.com fonts.googleapis.com stackpath.bootstrapcdn.com *.encoretheme.com use.typekit.net p.typekit.net https://app-static.turtl.co/embed/turtl.embed.v1.css; frame-src 'self' *.vimeo.com *.appirio.com share.transistor.fm go.wipro.com spark.adobe.com *.hotjar.com *.demdex.net www.google.com *.doubleclick.net *.youtube-nocookie.com *.youtube.com https://app-ab39.marketo.com https://www.facebook.com assets.adobedtm.com https://explore.wipro.com/ 'nonce-MTcyMTk1OTk3NDE5NzAuODcyMjM1Mw=='; img-src 'self' data: *.demdex.net *.wipro.com stage2.wipro.com cm.everesttech.net https://i.ytimg.com/ https://prd.jwpltx.com https://www.google.com https://www.facebook.com app-ab39.marketo.com www.google.co.in https://wiprolimited.sc.omtrdc.net p.typekit.net http: https:; form-action facebook.com app-ab39.marketo.com 'nonce-MTcyMTk1OTk3NDE5NzAuODcyMjM1Mw=='; object-src *.wipro.com 'nonce-MTcyMTk1OTk3NDE5NzAuODcyMjM1Mw==' ; media-src 'self' *.youtube.com blob: 'nonce-MTcyMTk1OTk3NDE5NzAuODcyMjM1Mw==';base-uri 'none' 1
default-src 'self' teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/; connect-src 'self' cdn.linkedin.oribi.io *.givelively.org *.mktoresp.com *.mktoutil.com region1.analytics.google.com *.google.com analytics.tiktok.com attestation.android.com bcbolt446c5271-a.akamaihd.net csi.gstatic.com edge.api.brightcove.com gtm-w82hjxd-otazy.uc.r.appspot.com *.addthis.com ka-f.fontawesome.com manifest.prod.boltdns.net notifier-configs.airbrake.io og2022-api.sports.gracenote.com pagead2.googlesyndication.com pixel.adsafeprotected.com *.teamusa.org rum-collector-2.pingdom.net *.g.doubleclick.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ widgets.sports.gracenote.com www.facebook.com *.google-analytics.com www.trackwrestling.com; font-src 'self' cdnjs.cloudflare.com data: fonts.gstatic.com ka-f.fontawesome.com maxcdn.bootstrapcdn.com teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ widgets.sports.gracenote.com www.trackwrestling.com; form-action 'self' analytics.clickdimensions.com bbox.blackbaudhosting.com *.teamusa.org form.usoc.org *.twitter.com teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ teamusa.tfaforms.net teamusa.us2.list-manage.com usateamhandball.us3.list-manage.com usoc.tfaforms.net usopc.tfaforms.net www.facebook.com; frame-src 'self' *.givelively.org abc11.com *.tourneymachine.com anchor.fm app-ab22.marketo.com bbox.blackbaudhosting.com www.bullseyelocations.com www.buzzsprout.com cdn.flipsnack.com classy.org *.classy.org  content.usawmembership.com c.streamhoster.com draftable.com embed.fitrankings.com embed.gettyimages.com free.timeanddate.com gc.com geosnapshot.com indd.adobe.com judoreferee.com kingsumo.com livestream.com online.anyflip.com photos.pixlee.co player.vimeo.com s3.amazonaws.com/online.anyflip.com/vrut/kvxl/ share.transistor.fm st.chatango.com streaming.enetlive.tv tableau.usoc.org teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ themat.tv universe.queue-it.net uploads.knightlab.com usa.asasoftball.com usaboxing.webpoint.us usadiving.ticketspice.com *.wufoo.com usatt.simplycompete.com usawaterski.org *.sport80.com www.givedirect.org www.paypal.com www.paypalobjects.com www.scribd.com www.slideshare.net www.surveymonkey.com www.thorne.com www.universe.com www.usakaratemembership.com www.usaracquetballevents.com www.usawaterski.org www.usawmembership.com *.fls.doubleclick.net *.safeframe.googlesyndication.com *.g.doubleclick.net giphy.com imasdk.googleapis.com *.twitter.com *.teamusa.org players.brightcove.net public.tableau.com snapwidget.com *.addthis.com tpc.googlesyndication.com vplayer.nbcolympics.com vplayer.nbcsports.com *.facebook.com *.google.com www.googletagmanager.com www.instagram.com www.youtube.com; img-src 'self' *.givelively.org *.twimg.com barbend.com bbox.blackbaudhosting.com cdn-images.mailchimp.com cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.0/ajax-loader.gif cf-images.us-east-1.prod.boltdns.net connect.facebook.net content.themat.com data: *.adsafeprotected.com images.sports.gracenote.com images.teamusa.org img.youtube.com iwf.sport i.ytimg.com *.g.doubleclick.net learningacademy1.usadiving.org mcusercontent.com/93fe0d952f40d98f22a93f8e4/images/ metrics.brightcove.com p.adsymptotic.com *.ads.linkedin.com *.googlesyndication.com pixel.quantserve.com reg.usajudo.net s3.amazonaws.com/photos.usacycling.org/ *.twitter.com region1.analytics.google.com *.google-analytics.com *.gstatic.com t.co teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ teamusa.tfaforms.net usoc.tfaforms.net usopc.tfaforms.net t.paypal.com tw-ads.s3-us-west-2.amazonaws.com tw-ads.s3.us-west-2.amazonaws.com upload.wikimedia.org/wikipedia/commons/3/32/Sarah_Docter_1980.jpg usa.asasoftball.com widgets.sports.gracenote.com www.facebook.com www.google.com www.googletagmanager.com www.iwf.net www.linkedin.com www.nationalspeedskatingmuseum.org www.officialgear.com www.paypalobjects.com www.trackwrestling.com www.google.at www.google.be www.google.ca www.google.ch www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.uk www.google.co.vi www.google.com.au www.google.com.hk www.google.com.mx www.google.com.pr www.google.com.sg www.google.com.tw www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.ie www.google.it www.google.lu www.google.nl www.google.no www.google.pt www.google.se www.google.vg; media-src 'self' blob: bcbolt446c5271-a.akamaihd.net bcovlive-a.akamaihd.net manifest.prod.boltdns.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.givelively.org adservice.google.com ajax.googleapis.com *.clickdimensions.com analytics.tiktok.com *.twitter.com app-ab22.marketo.com az124611.vo.msecnd.net/web/v10/CDWidget.js bbox.blackbaudhosting.com www.buzzsprout.com *.adsafeprotected.com cdn.syndication.twimg.com cdnjs.cloudflare.com cdnslssl.coveritlive.com code.jquery.com connect.facebook.net countdown.omegawatches.com *.g.doubleclick.net *.teamusa.org *.addthis.com kit.fontawesome.com maxcdn.bootstrapcdn.com munchkin.marketo.net *.googleadservices.com players.brightcove.net public.tableau.com qa-widgets.sports.gracenote.com reg.usajudo.net rules.quantcount.com rum-static.pingdom.net s3.amazonaws.com/downloads.mailchimp.com/ teamusa.us2.list-manage.com sdk.classy.org secure.quantserve.com *.google-analytics.com snap.licdn.com snapwidget.com stackpath.bootstrapcdn.com static.ads-twitter.com *.wufoo.com tableau.usoc.org *.cdc.gov teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ teamusa.tfaforms.net *.googlesyndication.com usoc.tfaforms.net usopc.tfaforms.net v1.addthisedge.com vjs.zencdn.net widgets.flickr.com widgets.sports.gracenote.com widget.surveymonkey.com www.google.com www.googletagmanager.com www.googletagservices.com www.gstatic.com *.instagram.com www.olympicchannel.com www.paypal.com www.paypalobjects.com www.trackwrestling.com www.universe.com adservice.google.at adservice.google.be adservice.google.ca adservice.google.ch adservice.google.co.jp adservice.google.co.kr adservice.google.co.nz adservice.google.co.uk adservice.google.com.au adservice.google.com.hk adservice.google.com.mx adservice.google.com.pr adservice.google.com.sg adservice.google.com.tw adservice.google.de adservice.google.dk adservice.google.es adservice.google.fi adservice.google.fr adservice.google.gr adservice.google.ie adservice.google.it adservice.google.nl adservice.google.no adservice.google.pt adservice.google.se; style-src 'self' 'unsafe-inline' bbox.blackbaudhosting.com cdn.fonts.net cdn-images.mailchimp.com cdnjs.cloudflare.com cdn-us.clickdimensions.com code.jquery.com fonts.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com reg.usajudo.net static.ctctcdn.com/h/contacts-embedded-signup-assets/1.0.2/css/signup-form.css teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ teamusa.tfaforms.net usoc.tfaforms.net usopc.tfaforms.net www.instagram.com *.teamusa.org www.trackwrestling.com; worker-src 'self' blob:; report-uri https://teamusa.report-uri.com/r/d/csp/enforce 1
default-src https: wss: 'unsafe-eval' 'unsafe-inline' data:; child-src https: blob:; worker-src https: blob:; 1
media-src 'self' www.youtube.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com https://ssl.google-analytics.com www.google.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com maps.gstatic.com maps.googleapis.com pagead2.googlesyndication.com www.googleadservices.com googleads.g.doubleclick.net partner.googleadservices.com adservice.google.com.hk adservice.google.com tpc.googlesyndication.com; connect-src 'self' 'unsafe-inline' www.google-analytics.com maps.googleapis.com fonts.gstatic.com pagead2.googlesyndication.com; 1
upgrade-insecure-requests;frame-ancestors 'self' https://*.apus.edu 1
base-uri 'none'; font-src 'self' blob: data: https://assets.vercel.com https://vercel.live/ *.abtasty.com *.gstatic.com *.googleapis.com; form-action 'self'; frame-ancestors 'self' localhost:* https://mkt-website-studio.tgtg.ninja/; img-src 'self' data: blob: https://vercel.com https://vercel.live/ https://sockjs-mt1.pusher.com/ https://cdn.sanity.io https://images.tgtg.ninja https://i.vimeocdn.com https://apptoogoodtogo.com https://dashboard.feedbucket.app https://www.googletagmanager.com https://*.ytimg.com https://*.googletagmanager.com https://*.abtasty.com https://*.hotjar.com https://*.bing.com https://bat.bing.com https://*.doubleclick.net https://*.linkedin.com https://*.facebook.com https://*.google.com https://*.amazonaws.com https://*.google.es; object-src 'none'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; script-src 'strict-dynamic' 'nonce-097LKapXUY7VUfFqypDszw==' 'self' https: 'unsafe-inline'; upgrade-insecure-requests; frame-src 'self' https://vercel.com https://vercel.live/ https://player.vimeo.com www.youtube.com policy.app.cookieinformation.com *.hotjar.com https://*.doubleclick.net; 1
script-src 'nonce-AtzzwNfqocu6hIYSHatLRA==' 'strict-dynamic' 'unsafe-eval' 'report-sample' https: 'unsafe-inline'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=DzP26V4_g5-Jo1EGvQhXkkZHemGRDBEiveaes0a1SPwwiCU5gFNFeeu5-ztSADfkgw4EiAf-Mg==&policy_id=10&user_id=&request_id=5532d045-fa8a-44de-bef5-e2e0c85152ec; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:; script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:; style-src data: 'unsafe-inline' https: http: blob:; img-src data: https: http: blob:; font-src data: https: http:; connect-src https: wss: ws: http: blob:; media-src https: blob: http:; object-src https: http:; child-src https: data: blob: http:; form-action https: http:; block-all-mixed-content; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.datadoghq-browser-agent.com browser-http-intake.logs.datadoghq.com *.odd.blackspider.com:* *.dev-rd.websense.net:* *.websense.net:* *.mailcontrol.com:* *.forcepoint.net:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.walkme.com; style-src 'self' 'unsafe-inline' *.walkme.com; frame-src 'self' *.websense.com:* *.walkme.com s3.walkmeusercontent.com; font-src 'self' data: *.walkme.com; img-src 'self' data: *.walkme.com s3.walkmeusercontent.com d2qhvajt3imc89.cloudfront.net media-exp1.licdn.com *.forcepoint.com; connect-src 'self' *.walkme.com; worker-src 'self' blob: *.walkme.com; object-src 'self' *.walkme.com; frame-ancestors 'self' *.forcepointone.com:*; 1
upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://utu.piwik.pro https://*.cookiebot.com https://mtm.utu.fi https://*.googletagmanager.com https://*.addtoany.com https://sc-static.net https://cdnjs.cloudflare.com https://*.leaddesk.com https://*.talentadore.com https://*.snapchat.com https://apps.utu.fi https://*.amazonaws.com https://*.infogram.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://analytics.utu.fi https://connect.facebook.net https://*.getjenny.com https://*.unibuddy.co; connect-src 'self' https://utu.piwik.pro ws://*.leaddesk.com https://*.cookiebot.com https://mtm.utu.fi https://ats.talentadore.com/ https://*.google-analytics.com https://www.google.com/pagead/ https://region1.analytics.google.com https://googleads.g.doubleclick.net https://analytics.utu.fi https://stats.g.doubleclick.net https://*.snapchat.com https://*.linkedin.oribi.io https://widget-telwin.getjenny.com; img-src 'self' data: https://*.utu.fi data://*.utu.fi https://*.vipunen.fi https://imgsct.cookiebot.com/ https://mtm.utu.fi https://*.google-analytics.com https://*.google.com https://*.google.fi https://googleads.g.doubleclick.net https://*.googletagmanager.com https://*.leaddesk.com https://*.facebook.com https://px.ads.linkedin.com;  media-src 'self' https: data:; style-src 'self' 'unsafe-inline' https://*.typekit.net https://cdnjs.cloudflare.com; font-src 'self' https://*.typekit.net; frame-src https: 'unsafe-inline'; frame-ancestors 'self' https: https://*.emaileri.fi/; object-src 'none'; 1
default-src 'self' 'unsafe-inline' blob: *.answerscloud.com *.googleapis.com *.gstatic.com hosteduxprod.blob.core.windows.net *.okta.com *.opower.com *.google.com *.medallia.com *.sce.com *.bootstrapcdn.com *.serving-sys.com *.quantummetric.com *.arcgis.com data: *.omtrdc.net *.powerbi.com *.googletagmanager.com *.akamaihd.net *.crazyegg.com  *.googleadservices.com *.doubleclick.net *.ads-twitter.com *.adsrvr.org *.licdn.com *.adobedc.net *.noaa.gov *.youtube.com *.kampyle.com *.linkedin.com *.alida.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fontawesome.com *.adobedtm.com *.answerscloud.com *.twitter.com *.facebook.net *.googleapis.com *.customsearch.ai *.go-mpulse.net *.twimg.com *.okta.com *.opower.com *.google.com *.gstatic.com *.medallia.com *.sce.com *.bootstrapcdn.com *.serving-sys.com *.howsmyssl.com *.quantummetric.com *.arcgis.com *.omtrdc.net *.powerbi.com *.botframework.com *.googletagmanager.com *.akamaihd.net *.crazyegg.com  *.googleadservices.com *.doubleclick.net *.ads-twitter.com *.adsrvr.org *.licdn.com *.adobedc.net *.noaa.gov  *.youtube.com *.kampyle.com *.linkedin.com *.alida.com; object-src 'self' 'unsafe-inline' blob: *.answerscloud.com *.googleapis.com *.gstatic.com hosteduxprod.blob.core.windows.net *.okta.com *.opower.com *.google.com *.medallia.com *.sce.com *.bootstrapcdn.com *.serving-sys.com *.quantummetric.com *.arcgis.com data: *.omtrdc.net *.powerbi.com *.googletagmanager.com *.akamaihd.net *.crazyegg.com  *.googleadservices.com *.doubleclick.net *.ads-twitter.com *.adsrvr.org *.licdn.com *.adobedc.net *.noaa.gov *.youtube.com *.linkedin.com *.alida.com; img-src * data: blob: ; frame-src 'self' blob: data: *.youtube.com *.arcgis.com *.answerscloud.com *.twitter.com *.facebook.net *.facebook.com *.google.com *.gstatic.com *.medallia.com *.sce.com *.adobedtm.com *.demdex.net *.powerbi.com *.doubleclick.net *.adsrvr.org *.licdn.com *.adobedc.net *.noaa.gov  *.kampyle.com *.quantummetric.com *.azurewebsites.net *.alida.com; frame-ancestors *.sce.com *.edison.com *.adobe.com *.doubleclick.net *.quantummetric.com *.azurewebsites.net *.alida.com; child-src *.youtube.com *.arcgis.com *.answerscloud.com *.google.com *.gstatic.com *.medallia.com *.sce.com blob: *.adobedtm.com *.powerbi.com *.adsrvr.org *.licdn.com *.adobedc.net *.ncep.noaa.gov *.quantummetric.com *.azurewebsites.net *.alida.com; connect-src 'self' blob: 'unsafe-inline' *.sce.com *.medallia.com *.oktapreview.com *.googleapis.com *.customsearch.ai *.go-mpulse.net *.akstat.io *.4seeresults.com *.okta.com *.opower.com *.google.com *.gstatic.com *.medallia.com *.serving-sys.com *.quantummetric.com  *.arcgis.com *.arcgisonline.com *.omtrdc.net *.adobedtm.com *.demdex.net *.botframework.com wss: *.googletagmanager.com *.akamaihd.net *.crazyegg.com  *.googleadservices.com *.doubleclick.net *.ads-twitter.com *.adsrvr.org *.licdn.com *.adobedc.net *.noaa.gov  *.kampyle.com *.linkedin.com *.alida.com 1
frame-ancestors  *.jjwxc.net  *.jjwxc.com 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; style-src-elem https: 'unsafe-inline'; media-src https: blob:; img-src https: data:; font-src https: data:; worker-src https: blob:; connect-src https: wss: 1
default-src 'self'; form-action 'self' https://*.hsforms.com; object-src 'self'; connect-src 'self' https://api.github.com https://*.hsforms.com https://element.io https://*.hs-banner.com https://forms-eu1.hscollectedforms.net https://api-eu1.hubapi.com; media-src 'self' https://element.io; style-src 'self' 'unsafe-inline' https://element.io https://*.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://element.io data: https://fonts.gstatic.com; img-src 'self' https://element.io data: https://matomo.riot.im/matomo.php https://*.hsforms.com https://*.hubspot.com https://px.ads.linkedin.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://element.io https://cdnjs.cloudflare.com https://*.cloudfront.net https://ajax.googleapis.com https://matomo.riot.im/matomo.js https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://js-eu1.hsadspixel.net/fb.js https://js-eu1.hscollectedforms.net/collectedforms.js  https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js; child-src 'self' https://*.hsforms.com; frame-src youtube.com www.youtube-nocookie.com https://*.hsforms.com; 1
script-src      'self' data: 'unsafe-eval'     veranstaltungen.uni-kassel.de     stats1.uni-kassel.de     stats3.uni-kassel.de     static.b-ite.com     *.b-ite.com seatfinder.bi    bliothek.kit.edu;  script-src-elem 'self' data: 'unsafe-inline'     stats1.uni-kassel.de     stats3.uni-kassel.de     static.b-ite.com     *.b-ite.com seatfinder.bi    bliothek.kit.edu     www.uni-kassel.de     ajax.googleapis.com     uni-kassel.al.sites.jobware.net     *.uni-kassel.de;  script-src-attr 'self' data: 'unsafe-inline';  style-src       'self' data: 'unsafe-inline'     veranstaltungen.uni-kassel.de     www.uni-kassel.de     *.uni-kassel.de;  style-src-elem  'self' data: 'unsafe-inline'     *.uni-kassel.de;  style-src-attr  'self' data: 'unsafe-inline';  img-src         'self' data:     stats1.uni-kassel.de     stats3.uni-kassel.de     www.uni-kassel.de     i.creativecommons.org     licensebuttons.net     *.uni-kassel.de;  font-src        'self' data: ;  connect-src     'self'     veranstaltungen.uni-kassel.de     stats1.uni-kassel.de     stats3.uni-kassel.de     static.b-ite.com     *.b-ite.com     seatfinder.bibliothek.kit.edu     www.uni-kassel.de     *.uni-kassel.de     karla.hds.hebis.de;  media-src       'self'     www.uni-kassel.de     *.uni-kassel.de;  object-src      'self';  child-src       'self'     static-assets-cdn.i.cloud.eu ;    frame-src       'self'     vimeo.com     player.vimeo.com     www.youtube-nocookie.com     uni-kassel.cloud.panopto.eu     static-assets-cdn.i.cloud.eu     panopto.eu     www.uni-kassel.de     *.hrz.uni-kassel.de     *.its.uni-kassel.de     uni-kassel.al.sites.jobware.net     frame.gruendungslandkarte.de     gruendungslandkarte.de     umap.openstreetmap.fr     umap.openstreetmap.de     *.uni-kassel.de;  worker-src      'self';  frame-ancestors 'self'     www.uni-kassel.de     *.uni-kassel.de     pi.emotouch.de     wpsprod.cchh-da.de;   form-action     'self'     stats1.uni-kassel.de     stats3.uni-kassel.de     karla.hds.hebis.de;   base-uri        'self'; 1
default-src https: wss: data: blob:; script-src 'unsafe-eval' 'unsafe-inline' https:; style-src 'unsafe-inline' https:; frame-ancestors 'self'; 1
default-src 'self' data: *.aldi-international.com *.omtrdc.net *.demdex.net *.gstatic.com ws.sessioncam.com *.doubleclick.net assets.adobedtm.com *.everesttech.net *.pinterest.com; form-action 'self' *.snapchat.com *.facebook.com; frame-ancestors 'self' *.adobe.com help.aldi.us zx9mwudjzwjilqb68f4y.us.prod.ci-aldi.com account.aldi.us; frame-src 'self' data: blob: www.google.com *.facebook.com *.twitter.com g.jwpsrv.com www.youtube.com platform.liquidus.net app.nexuspublications.com.au cpc.elettershop.de live.tourdash.com wbiprod.storedvalue.com *.aldi-international.com tpc.googlesyndication.com home-c4.incontact.com *.demdex.net *.adobe-campaign.com *.adobe.com *.snapchat.com *.pinterest.com *.doubleclick.net *.pinterest.de account.aldi.us *.hotjar.com insight.adsrvr.org match.adsrvr.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.aldi-international.com www.googletagmanager.com *.pinterest.com *.facebook.com *.twitter.com *.ytimg.com *.aldi-sued.com www.googleadservices.com platform.liquidus.net www.yellowmap.de ssl.p.jwpcdn.com www.youtube.com *.cloudfront.net ws.sessioncam.com tpc.googlesyndication.com *.facebook.net *.google.com *.google.de home-c4.incontact.com assets.adobedtm.com *.omtrdc.net *.everesttech.net sc-static.net activitymap.adobe.com *.doubleclick.net *.pinimg.com *.everestjs.net *.demdex.net cm.everesttech.net *.cookielaw.org *.onetrust.com *.snapchat.com *.hotjar.com analytics.tiktok.com js.adsrvr.org; style-src 'self' 'unsafe-inline' *.aldi-international.com *.tt.omtrdc.net *.adobe.com *.cookielaw.org *.onetrust.com; img-src 'self' https: data: *.demdex.net cm.everesttech.net assets.adobedtm.com *.cookielaw.org *.onetrust.com www.googletagmanager.com analytics.tiktok.com; object-src 'self'; connect-src 'self' https: *.tt.omtrdc.net *.sc.omtrdc.net *.demdex.net *.everesttech.net assets.adobedtm.com ws.sessioncam.com *.snapchat.com *.pinterest.com *.cookielaw.org *.onetrust.com *.hotjar.io *.hotjar.com wss://*.hotjar.com analytics.tiktok.com; report-uri /CspReportLogger.php; 1
connect-src 'self' my-ducati-stg.s3.eu-west-1.amazonaws.com my-ducati-dev.s3.eu-west-1.amazonaws.com my-ducati-prd.s3.eu-west-1.amazonaws.com *.dynatrace.com api-public.ducati.com wurfl.io c.go-mpulse.net calculator.vwfs.com calculator.volkswagenbank.de s.yimg.com www.facebook.com *.facebook.com apiwheel.h-en.me *.akstat.io *.akamaihd.net performance.typekit.net *.rsc.cdn77.org dasfelynsaterr.webcam videoram.com www.bing.com *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.analytics.google.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net  *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com secure-ds.serving-sys.com images.ctfassets.net *.serving-sys.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv *.georide.com; font-src data: *.georide.com 'self' fonts.gstatic.com github.com media.ducati.com assets.ducati.com use.typekit.net chrome-extension *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv; script-src-elem data: *.dynatrace.com assets.ducati.com platform.twitter.com  pixel.mathtag.com loadus.exelator.com *.snt.imrworldwide.com pool.adizio.com pool.admedo.com gc.kis.v2.scr.kaspersky-labs.com s.yimg.com sp.analytics.yahoo.com 'self' 'unsafe-inline' *.googleapis.com *.mouseflow.com teads.tv *.georide.com s.go-mpulse.net s2.adform.net use.typekit.net wurfl.io *.googletagmanager.com www.gstatic.com www.volkswagenbank-cloud.de gateway.zscalertwo.net about *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com secure-ds.serving-sys.com bs.serving-sys.com cdn.scaleflex.it analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv; script-src *.dynatrace.com assets.ducati.com platform.twitter.com  s.yimg.com use.typekit.net 'self' 'unsafe-eval' 'unsafe-inline' s.go-mpulse.net wurfl.io *.googletagmanager.com www.gstatic.com www.volkswagenbank-cloud.de *.googleapis.com *.mouseflow.com teads.tv *.georide.com s2.adform.net sp.analytics.yahoo.com *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv; base-uri 'self' *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv *.georide.com; frame-src *.georide.com pixel.mathtag.com platform.twitter.com  www.youtube.com youtu.be www.facebook.com *.googletagmanager.com remove.video *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv; img-src 'self' about data: * *.linkedin.com *.georide.com *.licdn.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv; script-src-attr 'unsafe-inline' *.linkedin.com *.georide.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv; style-src-attr 'unsafe-inline' *.linkedin.com *.georide.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv; style-src-elem 'self' 'unsafe-inline' assets.ducati.com *.georide.com fonts.googleapis.com adblockers.opera-mini.net *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv *.georide.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' assets.ducati.com fonts.googleapis.com translate.googleapis.com *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv *.georide.com 1
frame-ancestors 'self' https://app.optimizely.com 1
default-src *.ugg.com data: 'unsafe-eval' 'unsafe-inline' blob: ws: dms.deckers.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com via.placeholder.com *.deckers.layer0-perma.link *.cquotient.com d.emails.teva.com email.ugg.com email.hoka.com email.koolaburra.com email.sanuk.com email.teva.com *.emails.teva.com blog.ugg.com events.hoka.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp blog.uggaustralia.com www.teva-eu.com scripts.deckers.com rum.ingress.edgio.net *.g.doubleclick.net edgeshoppingstatic.azureedge.net s.retargeted.co *.joinhoney.com d3nocrch4qti4v.cloudfront.net df45ay5pw60dy.cloudfront.net *.arcot.com api.v2.sprocket.bz *.sprocket.bz sprocket-ping.s3.amazonaws.com assets.v2.sprocket.bz assets.sprocket.bz cx.atdmt.com cdn.optimizely.com *.bglobale.com *.formstack.com *.deckers.coremedia.cloud rum-http-intake.logs.datadoghq.com www.datadoghq-browser-agent.com rum.ingress.layer0.co rum.layer0.co api-js.datadome.co js.datadome.co *.pingdom.net *.pitneybowes.com pippio.com hosted.where2getit.com res.cloudinary.com splashthat.eu *.klarnacdn.net *.klarnaservices.com *.klarna.com *.klarnaevt.com dfp.bouncex.net *.bounceexchange.com *.medallia.eu *.kampyle.com cdn.pdst.fm sink.pdst.fm us-central1-adaptive-growth.cloudfunctions.net *.contentsquare.net *.contentsquare.com *.dynamicyield.com *.dy-api.com *.forter.com pay.google.com *.cdn4.forter.com *.linksynergy.com *.paypal.com *.cloud.coveo.com *.securesuite.co.uk www.rsa3dsauth.co.uk *.wlp-acs.com 3ds.redsys.es paiment2.secure.lcl.fr 3ds.nexigroup.com *.creditmutuel.fr *.cardinalcommerce.com acs2-3dsecure.cic.fr acs.revolut.com *.creditmutuel.fr 3dsecure.vrp.de *.mercurypaymentservices.it 3dsecure.nexi.it 3ds-challenge.n26.com sicher-bezahlen.sparkasse.at *.amazon-adsystem.com cartera-cdn.freetls.fastly.net *.abtasty.com guarantee-cdn.com static-fe.payments-amazon.com ad.as.amanad.adtdp.com ad.caprofitx.adtdp.com ad.yieldlab.net ade.clmbtech.com *.socdm.com adx.dable.io au.ants.vn c.bing.com cm-exchange.toast.com cm.mgid.com r.casalemedia.com contextual.media.net criteo-sync.teads.tv cs.adingo.jp point.widget.rakuten.co.jp *.rakuten.co.jp static.rakuten.com *.yimg.jp *.yahoo.co.jp ads.yahoo.com deckers.candypop.jp cs.gssprt.jp eb2.3lift.com *.sharethrough.com rapid-cdn.yottaa.com pixel.advertising.com pixel.tapad.com *.ac.bcon.ecdns.net *.smartadserver.com secure.adnxs.com simage2.pubmatic.com *.criteo.net *.criteo.com sync.outbrain.com us-u.openx.net duuytoqss3gu4.cloudfront.net *.osano.com x.bidswitch.net visitor.omnitagjs.com d.line-scdn.net *.ads.yieldmo.com tr.line.me *.taboola.com *.ad-stir.com tk.jrs5.com *.adsrvr.org cdn.smartnews-ads.com payments-fe.amazon.com m.media-amazon.com apay-up-banner.com chimpstatic.com static.hotjar.com content.hotjar.com t.cfjump.com chipstatic.com cdn.unidays.world api.myunidays.com *.veinteractive.com *.pixlee.com *.pixlee.co *.pxlecdn.com *.cartfulsolutions.com *.global-e.com *.powerreviews.com *.truefitcorp.com *.terracycle.com www.truefit.com *.typekit.net widgets.trustedshops.com *.etrusted.com idsync.rlcdn.com *.zenaps.com cnstrc.com *.strut.fit *.rewardstyle.com *.motionpoint.com s-cs.send.microad.jp *.smaato.net *.e-planning.net *.zemanta.com *.artlabs.ai *.onetrust.com *.stylitics.com *.g.doubleclick.net *.kampyle.com *.fls.doubleclick.net *.doubleclick.net adservice.google.com *.googleadservices.com adservice.google.com www.googletagmanager.com ampcid.google.com *.googlesyndication.com api.amplitude.com translate.googleapis.com apis.google.com www.google-analytics.com ssl.google-analytics.com maps.googleapis.com www.google.ca www.google.com translate.google.com fonts.googleapis.com api.cognitive.microsofttranslator.com browser.translate.yandex.net jjfblogammkiefalfpafidabbnamoknm bmnlcjabgnpnenekpadlanbbkooimhnj chhjbpecpncaggjpdakmflnfcopglcmi bfkjochdalcdahjnliojhpldoogkbglc pfldcnnaiaiaogmpfdjjpdkpnigplfca ajax.googleapis.com api-js.datadome.co *.captcha-delivery.com *.gstatic.com s.w.org *.ediemidnightzombies.com www.gravatar.com api.attentivemobile.com *.attn.tv events.attentivemobile.com *.afterpay.com www.instagram.com *.analytics.yahoo.com pixel-config.reddit.com alb.reddit.com www.redditstatic.com *.hotjar.com *.artlabs.ai downloads.mailchimp.com *.au.hoka.com hokacustomercare.zendesk.com hokanzcustomercare.zendesk.com accentgroupsupport.zendesk.com *.wistia.com *.litix.io embedwistia-a.akamaihd.net *.bouncexchange.com events.bouncex.net pixel.admedia.com www.facebook.com connect.facebook.net *.zdassets.com *.zopim.com widget-mediator.zopim.com *.list-manage.com *.us14.list-manage.com *.gladly.com api.us-1.gladly.chat us-1.gladly.com chat-assets.cdn.gladly.com chat-sdk.cdn.gladly.com js.verygoodvault.com tnt8r4ypmtr.live.verygoodproxy.com vgs-collect-keeper.apps.verygood.systems cdn.studentbeans.com *.90d.io *.smooch.io www.clarity.ms ws.us-1.gladly.chat gladly-production.sinter-collect.com tracead.com www.dwin1.com *.zenaps.com *.adyen.com *.addthis.com *.addthisedge.com *.moatads.com intljs.rmtag.com *.likeshop.me cdn.cookielaw.org www.gstatic.com fonts.gstatic.com sc-static.net bat.bing.com www.bing.com cdn.yottaa.com qoe-1.yottaa.net *.tealiumiq.com *.sitelabweb.com cdn.quadpay.com csp-reporting.cloudflare.com d38d4ysphgm9dz.cloudfront.net d35u1vg1q28b3w.cloudfront.net d2o5idwacg3gyw.cloudfront.net d6tizftlrpuof.cloudfront.net d38d4ysphgm9dz.cloudfront.net nsg.symantec.com px.owneriq.net tags.w55c.net mc.yandex.ru mc.yandex.com mc.yandex.kz yandex.net api.pinpiaa.com omwbh6dj4a.execute-api.ap-southeast-2.amazonaws.com cmp.osano.com *.usabilla.com *.newgistics.com mpsnare.iesnare.com *.cdnwidget.com *.squarecdn.com js.squareup.com *.cdnbasket.net resources.digital-cloud.medallia.eu t.co platform.twitter.com static.ads-twitter.com analytics.twitter.com tag.rmp.rakuten.com point.widget.rakuten.co.jp analytics.tiktok.com cdn.loom.com rs.fullstory.com edge.fullstory.com *.usw2.cordial.com hokaoneone.locally.com tr.snapchat.com tr6.snapchat.com www.awin1.com hm.baidu.com *.parcellab.com analytics.convertlanguage.com *.verygoodvault.com ugg.review.eprize.com ugg.promo.eprize.com www.paypalobjects.com www.youtube.com *.brightcove.com *.pinterest.com s.pinimg.com *.cheqzone.com i.ytimg.com cdn.jsdelivr.net call.chatra.io services.sheerid.com cdn.honey.io i.honey-images.com cdn.joinhoney.com cdn.ivaws.com *.capitaloneshopping.com *.locally.com s7.addthis.com *.dashhudson.com likeshop.me trial-eum-clientnsv4-s.akamaihd.net tags.tiqcdn.com code.jquery.com maxcdn.bootstrapcdn.com strutagiocdn.blob.core.windows.net frame.hub-box.com sandbox.frame.hub-box.com google.com analytics.google.com *.analytics.google.com *.google-analytics.com ampcid.google.co.in ampcid.google.co.jp ampcid.google.com.ph ampcid.google.com.pk ampcid.google.cz ampcid.google.dk ampcid.google.ee ampcid.google.es ampcid.google.fr ampcid.google.ge ampcid.google.hu ampcid.google.ht ampcid.google.kz ampcid.google.lt ampcid.google.mn ampcid.google.nl ampcid.google.no ampcid.google.pl ampcid.google.bs ampcid.google.by ampcid.google.ca ampcid.google.cl ampcid.google.co.il ampcid.google.co.kr ampcid.google.co.nz ampcid.google.co.ve ampcid.google.co.za ampcid.google.co.zw api.fillr.com ampcid.google.com.au ampcid.google.com.ec ampcid.google.com.jm ampcid.google.com.mx ampcid.google.com.pr ampcid.google.com.sg ampcid.google.com.tr ampcid.google.com.ua ampcid.google.de ampcid.google.gr ampcid.google.ie ampcid.google.it ampcid.google.mv ampcid.google.ru ampcid.google.ro ampcid.google.se ampcid.google.pt ampcid.google.hr ampcid.google.at ampcid.google.az ampcid.google.be ampcid.google.bg ampcid.google.ch ampcid.google.co.id ampcid.google.co.ma ampcid.google.co.th ampcid.google.com.ar ampcid.google.com.br ampcid.google.com.bz ampcid.google.com.co ampcid.google.com.cy ampcid.google.com.do ampcid.google.com.gt ampcid.google.com.hk ampcid.google.com.mt ampcid.google.com.ng ampcid.google.com.ni ampcid.google.com.pe ampcid.google.com.py ampcid.google.com.sa ampcid.google.com.tj ampcid.google.com.tw ampcid.google.com.uy ampcid.google.dm ampcid.google.dz ampcid.google.fi ampcid.google.hn ampcid.google.lu ampcid.google.lv ampcid.google.ps ampcid.google.rs ampcid.google.si ampcid.google.sk ampcid.google.cn ampcid.google.co.id ampcid.google.co.th ampcid.google.co.hk ampcid.google.co.pe ampcid.google.co.tw ampcid.google.co.uy ampcid.google.tn ampcid.google.ae ampcid.google.lk ampcid.google.com.bh ampcid.google.com.vn www.google.al www.google.at www.google.am www.google.az www.google.ba www.google.be www.google.bg www.google.by www.google.ch www.google.fi www.google.ie www.google.ps www.google.tt www.google.co.bz www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.ma www.google.com.au www.google.com.co www.google.com.do www.google.com.gh www.google.com.gt www.google.com.lb www.google.com.mx www.google.com.ng www.google.com.om www.google.com.ph www.google.com.pr www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.tr www.google.com.ua www.google.com.py www.google.co.ke www.google.co.th www.google.lk www.google.tn www.google.bf www.google.co.nz www.google.co.uk www.google.is www.google.im www.google.cz www.google.de www.google.ee www.google.es www.google.fr www.google.ge www.google.gr www.google.hr www.google.ht www.google.hu www.google.ie www.google.it www.google.lt www.google.md www.google.me www.google.mk www.google.mt www.google.no www.google.nl www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.ae www.google.bs www.google.cl www.google.co.cr www.google.co.ve www.google.co.vi www.google.co.za www.google.com.ec www.google.com.hk www.google.com.jm www.google.com.kw www.google.com.pa www.google.com.sg www.google.mv www.google.co.id www.google.com.my www.google.com.pk www.google.com.vn www.google.dk www.google.mn www.google.kz www.google.vg www.google.hn www.google.com.eg www.google.ad www.google.je www.google.co.bw www.google.com.ar www.google.com.bd www.google.com.bo www.google.com.br www.google.com.cy www.google.com.pe www.google.com.sv www.google.com.uy www.google.com.qa www.google.dz www.google.iq www.google.jo www.google.sk www.google.si www.google.nl www.google.lv www.google.lu www.google.lv www.google.kg www.google.dm www.google.co.uz www.google.sr www.google.je www.google.gg www.google.com.qa www.google.mt www.google.com.bn www.google.com.bh www.google.co.uz www.google.cn www.google.tn www.google.mg www.google.com.ai www.google.li www.google.as www.google.dj www.google.com.mt www.google.ga www.google.sn www.google.com.gi www.google.mu www.google.gy; font-src *.ugg.com *.demandware.net *.commercecloud.salesforce.com *.truefitcorp.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp use.typekit.net *.osano.com *.klarnacdn.net cdn.gladly.com *.deckers.coremedia.cloud cdn.dynamicyield.com fonts.googleapis.com cdn.loom.com *.global-e.com cdn.honey.io likeshop.me script.hotjar.com cdn.joinhoney.com fonts.gstatic.com use.fontawesome.com cdn.ivaws.com *.strut.fit appdown.pstatic.net *.deckers.layer0-perma.link data: *.wistia.com static.formstack.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com static.rakuten.com *.medallia.eu *.captcha-delivery.com *.kampyle.com; style-src *.ugg.com *.deckers.coremedia.cloud *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.demandware.net *.veinteractive.com *.bounceexchange.com cdn.dynamicyield.com integrations.etrusted.com *.klarnacdn.net ui.powerreviews.com *.osano.com web-assets.stylitics.com use.fontawesome.com ui.powerreviews.com cdn.honey.io cdn.joinhoney.com js.verygoodvault.com *.global-e.com *.truefitcorp.com *.deckers.layer0-perma.link www.truefit.com cdn.90d.io cdn.gladly.com chat-sdk.cdn.gladly.com *.typekit.net www.karmanow.com *.parcellab.com *.captcha-delivery.com *.formstack.com translate.googleapis.com d3nocrch4qti4v.cloudfront.net d6tizftlrpuof.cloudfront.net cdn.ivaws.com www.paypalobjects.com *.sprocket.bz sprocket-ping.s3.amazonaws.com *.pxlcdn.com fonts.googleapis.com *.adyen.com *.medallia.eu *.kampyle.com downloads.mailchimp.com data: 'unsafe-inline' *.sprocket.bz sprocket-ping.s3.amazonaws.com; form-action *.ugg.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.eu payments.amazon.co.jp www.amazon.co.jp *.demandware.net *.snapchat.com www.facebook.com *.adyen.com email.teva.com email.ugg.com email.hoka.com email.sanuk.com email.koolaburra.com *.securev2.global-e.com *.secure5.arcot.com *.securesuite.co.uk 3ds-challenge.n26.com *.sparkasse.at 3d-secure.pluscard.de *.creditmutuel.fr 3ds.redsys.es acs.apata.io acs.mercurypaymentservices.it authentication.cardinalcommerce.com 3ds.nexigroup.com *.revolut.com *.cic.fr *.captcha-delivery.com *.americanexpress.com paiement1.secure.lcl.fr paiement2.secure.lcl.fr verify.monzo.com *.rsa3dsauth.co.uk *.wlp-acs.com *.3ds.borica.bg *.acs1.icicibank.com *.sps-system.com centinelapi.cardinalcommerce.com *.arcot.com accentgroup.formstack.com; media-src *.ugg.com blob: dms.deckers.com res.cloudinary.com *.demandware.net *.commercecloud.salesforce.com *.captcha-delivery.com cdn8.forter.com *.90d.io static.zdassets.com chat-sdk.cdn.gladly.com images.powerreviews.comundefined cdn.gladly.com; worker-src *.ugg.com blob: *.osano.com *.captcha-delivery.com; child-src *.ugg.com *.demandware.net *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.commercecloud.salesforce.com *.snapchat.com guarantee-cdn.com v3.rest-ar.com *.osano.com *.doubleclick.net vars.hotjar.com www.awin1.com *.afterpay.com px.owneriq.net pal-test.adyen.com *.americanexpress.com chat-sdk.cdn.gladly.com *.facebook.com *.pixlee.co *.zenaps.com *.bounceexchange.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com www.paypal.com ln-rules.rewardstyle.com nsg.symantec.com *.klarna.com *.arcot.com *.pinterest.com track.usw2.cordial.com *.global-e.com wkxppshj-qx.global.ssl.fastly.net checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.sandbox.paypal.com *.ediemidnightzombies.com assets.v2.sprocket.bz *.studentbeans.com *.myunidays.com point.widget.rakuten.co.jp *.bglobale.com www.google.com *.amazon-adsystem.com *.truefitcorp.com *.locally.com *.strut.fit www.pubxtags.com tracead.com photos.pixlee.com *.splashthat.eu hosted.where2getit.com sketchfab.com *.criteo.com *.criteo.net www.youtube.com *.verygoodvault.com pay.google.com www.terracycle.com sandbox.frame.hub-box.com acs2-3dsecure.cic.fr verify.monzo.com paiement2.secure.lcl.fr www.rsa3dsauth.co.uk channel-cards-html.loydsbankinggroup.com *.creditmutuel.fr acs.mercurypaymentservice.it 3ds.redsys.es acs.revolut.com www.securesuite.co.uk pci-connect.squareup.com 3dsecure.nexi.it www.rsa3dsauth.co.uk *.wlp-acs.com frame.hub-box.com ugg.promo.eprize.com ugg.review.eprize.com d.emails.teva.com cdn.attn.tv creatives.attn.tv *.artlabs.ai app.collectivevoice.com *.medallia.eu *.kampyle.com *.captcha-delivery.com; report-uri https://www.ugg.com/_/csp-reports 1
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com browser.events.data.microsoft.com edge.fullstory.com rs.fullstory.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com www.youtube-nocookie.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ 1
default-src 'self'; base-uri 'self' https:; child-src 'self' https:; connect-src 'self' https: wss:; font-src http: https: 'self' data:; form-action 'self' https:; frame-ancestors http://*.yardbarker.com; img-src 'self' https: data:; manifest-src 'self'; media-src 'self' blob: https:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' http: https: 'self'; upgrade-insecure-requests; worker-src 'self' blob: https://*.sendtonews.com https://*.modxcloud.com 1
frame-ancestors 'self' http://www.1001games.com 1
report-uri https://www.debugbear.com/_/csp; default-src * 'self'; script-src 'strict-dynamic' 'nonce-499ddf87-736b-4243-a86e-28221926cc02' 'unsafe-inline' 'self' https: ; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; object-src 'none'; base-uri 'none'; frame-ancestors 'none' 1
frame-ancestors 'self' *.paessler.com 1
script-src-attr 'unsafe-inline';img-src 'self' https: data: blob:;script-src * 'unsafe-inline' blob:;worker-src * blob:;frame-src *;connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://cdn.ampproject.org https://svibeacon.onezapp.com https://*.upload.app https://*.google.com;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
frame-ancestors 'self' *.iza.org; 1
default-src *.addthis.com *.adform.net *.algolia.com *.algolia.net *.algolianet.com *.algolianet.net *.calameo.com *.culture.fr *.doubleclick.net *.facebook.com *.facebook.net *.g.doubleclick.net *.getwemap.com *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.huma-num.fr *.ingest.sentry.io *.instagram.com *.maptiler.com *.readspeaker.com *.tarteaucitron.io *.tolk.ai *.twitter.com *.wikimedia.org *.wikipedia.org http://apis.syllabs.com http://infolettres-internes.culture.gouv.fr http://infolettres-ministere.culture.gouv.fr http://www.culture.fr http://www.culture.gouv.fr https://api.mapbox.com https://m.addthis.com https://s7.addthis.com https://semaphore.culture.gouv.fr https://semrecf2.culture.fr https://sesame.culture.fr https://stats.g.doubleclick.net https://tarteaucitron.io https://www.culture.fr https://www.culture.gouv.fr https://www.facebook.com https://www.google-analytics.com inline moz-extension 'self' tarteaucitron.io 'unsafe-eval' 'unsafe-inline' wss://genii-messages.tolk.ai; block-all-mixed-content; font-src *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.maptiler.com *.readspeaker.com *.tolk.ai *.twitter.com *.wikimedia.org *.wikipedia.org data: https://fonts.googleapis.com https://fonts.gstatic.com https://infolettres.duministeredelaculture.fr https://livemap.getwemap.com https://maxcdn.bootstrapcdn.com inline 'self' 'unsafe-inline'; frame-src *.adform.net *.calameo.com *.culture.gouv.fr *.dailymotion.com *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.fr *.googleapis.com *.gouv.fr *.instagram.com *.jcloud.ik-server.com *.maptiler.com *.openstreetmap.fr *.pop.culture.gouv.fr *.readspeaker.com *.soundcloud.com *.tolk.ai *.twitter.com *.vimeo.com *.wikimedia.org *.wikipedia.org http://platform.twitter.com http://s7.addthis.com http://www.instagram.com https://data.culturecommunication.gouv.fr https://livemap.getwemap.com https://www.facebook.com https://www.youtube.com inline 'self' 'unsafe-inline'; img-src *.adform.net *.culture.fr *.culture.gouv.fr *.doubleclick.net *.et-gv.fr *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.gouv.fr *.instagram.com *.maptiler.com *.picsum.photos *.readspeaker.com *.tarteaucitron.io *.tolk.ai *.twitter.com *.wikimedia.org *.wikipedia.org data: http://www.culture.fr http://www.culture.gouv.fr https://ad.doubleclick.net https://analytics.getwemap.com https://api.getwemap.com https://iecs.culture.gouv.fr https://livemap.getwemap.com https://logs4.xiti.com https://picsum.photos https://semrecf2.culture.fr https://sesame.culture.fr https://sf1-eu.readspeaker.com https://static.piste.gouv.fr https://tarteaucitron.io https://tile.openstreetmap.org https://www.culture.fr https://www.culture.gouv.fr https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com inline 'self' tarteaucitron.io 'unsafe-inline'; script-src *.addthis.com *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.maptiler.com *.readspeaker.com *.tarteaucitron.io *.tolk.ai *.twitter.com *.wikimedia.org *.wikipedia.org addthid blob: http://connect.facebook.net http://platform.twitter.com http://s7.addthis.com http://siteimproveanalytics.com http://tag.aticdn.net http://www.instagram.com https://ajax.googleapis.com https://api.dmcdn.net https://api.mapbox.com https://app.readspeaker.com https://gva.et-gv.fr https://iecs.culture.gouv.fr https://infolettres.duministeredelaculture.fr https://livemap.getwemap.com https://logp5.xiti.com https://logs152.xiti.com https://m.addthis.com https://sf1-eu.readspeaker.com https://tarteaucitron.io https://v1.addthisedge.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gouvernement.fr https://z.moatads.com inline moz-extension 'self' tarteaucitron.io 'unsafe-eval' 'unsafe-inline' 'nonce-OWEzNDFjNzExNTZlMjczNWU0NjU1ZmNiYWIzYjdhZmU='; style-src *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.gouv.fr *.instagram.com *.maptiler.com *.readspeaker.com *.tarteaucitron.io *.tolk.ai *.twitter.com *.wikimedia.org *.wikipedia.org https://fonts.googleapis.com https://infolettres.duministeredelaculture.fr https://sf1-eu.readspeaker.com https://tarteaucitron.io inline 'self' tarteaucitron.io 'unsafe-inline' 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-QaIoukiucHt0SINGl0Seog' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self' *.ibs.it 'unsafe-inline' 'unsafe-eval' *.visualstudio.com *.awin1.com yourcitynolimits.com edgeshoppingstatic.azureedge.net appleid.cdn-apple.com *.lafeltrinelli.it maxcdn.bootstrapcdn.com mozbar.moz.com *.calicluo.com *.stoploco.com *.colloquiumz.com eu.klarnaevt.com api.clean-blocker.com js.klarna.com *.jsdelivr.net *.bing.com api.blocksly.org a.twiago.com *.thebrighttag.com jadserve.postrelease.com jwpltx.com trends.revcontent.com fibs-prd-apim-gw.life-cloud.net europe.directline.botframework.com europe.directline.botframework.com *.lacedefe.com s.ad.smaato.net *.zunelrish.com *.demdex.net s.kelkoogroup.net *.go-mpulse.net http://p2c.xplace.de code.jquery.com sync.aralego.com creativecdn.com *.creativecdn.com *.3lift.com trk.lgw.io insights.algolia.io alemobility.com icecat.biz tapestry.tapad.com *.algolianet.com *.tradedoubler.com *.socdm.com *.tradetracker.com *.tradetracker.net ray.st i.liadm.com the.sciencebehindecommerce.com tafopo.navahididi.com g.alicdn.com pubmatic.com *.criteo.net *.criteo.com criteo-partners.tremorhub.com *.avast.com *.azure.net *.monitor.azure.net conoret.com *.bidswitch.net contextual.media.net ads.stickyadstv.com *.clmbtech.com *.logitalie.com *.jwpcdn.com *.moiziq.com data1.pakolir.com *.krxd.net *.ampproject.org *.adform.net id5-sync.com *.moz.com pixel.rubiconproject.com ups.analytics.yahoo.com *.dable.com ibs-prod.mirakl.net sync-criteo.ads.yieldmo.com ad.yieldlab.net criteo-partners.tremorhub.com idsync.rlcdn.com ad.tpmn.co.kr *.mediawallahscript.com *.kk-resources.com *.igodigital.com *.smartadserver.com *.w3.org *.googletagmanager.com bsa-media.s3.amazonaws.com *.pubmatic.com *.googletagservices.com inishop.com www.youtube-nocookie.com *.googleoptimize.com *.blob.core.windows.net samples.findawayworld.com *.akamaihd.net *.kobo.com *.klarnacdn.net *.b-cdn.net *.sharethrough.com *.lift.com *.pletar.com *.adingo.jp *.bidswitch.com *.adnxs.com *.casalemedia.com *.salemedia.com *.mediavine.com *.googleadservices.com conversiontag.commerce-connector.com *.youtube.com *.360yield.com *.ivitrack.com *.clarity.com *.clarity.ms cr-input.mxpnl.net *.tiktok.com *.outbrain.com criteo-sync.teads.tv *.taboola.com *.omnitagjs.com *.facebook.com *.facebook.net *.algorecs.com *.onetrust.com fibs-prd-apim.azure-api.net *.riskified.com *.icecat.biz *.cookielaw.org *.addtoany.com *.cloudflare.com *.cloudfront.net *.nedua *.doubleclick.net *.wepowerconnections.com *.richrelevance.com *.msecnd.net *.gstatic.com polyfill.io *.algolia.net *.googlesyndication.com *.google-analytics.com *.addthisedge.com *.googleapis.com *.moatads.com *.dwin1.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat properties: blob: data: https: wss:;upgrade-insecure-requests;report-uri https://fibs-prd-apim.azure-api.net/csp-prd-ai/ibs-v1/Track 1
default-src 'unsafe-inline' 'unsafe-eval' http://img.qianlong.com http://upload.qianlong.com *.qianlong.com http://slwza.qianlong.com https://tts.yunmd.net https://qlstats.bjnews.com.cn hm.baidu.com qlstats.bjnews.com.cn 1
img-src *;frame-ancestors * 1
default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple.com.cn *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com https://recyclingprogram.apple.com.cn swdlp.apple.com www.apple.com.cn www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple.com.cn *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: apple.com *.apple.com *.apple.com.cn *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com *.apple.com.cn 1
frame-ancestors http://docplanner-front-test.docplanner.com https://docplanner-front-test.docplanner.com *.jameda.de doctoraliaone-de2-candidate.azurewebsites.net 1
frame-ancestors 'self'; object-src 'none'; base-uri 'self'; script-src 'nonce-sgwscorp' 'strict-dynamic' 'self' https://assets.southernglazers.com https://assets.adobedtm.com/ https://web.miappi.com https://open.spotifycdn.com https://www.google.com https://www.gstatic.com https://www.youtube.com https://www.googleoptimize.com https://static.doubleclick.net https://secure.quantserve.com https://rules.quantcount.com; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.flightglobal.com https://eme.abacusemedia.com; 1
frame-ancestors 'self' dw.beyondtrustcloud.com dwspectrum.com; 1
frame-ancestors 'self' https://preview.codecanyon.net 1
frame-ancestors 'self' *.cafe24.com *.cafe24shop.com *.hanpda.com *.wehost24.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.youtube.com www.twitter.com api.reciteme.com www.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com bam-cell.nr-data.net js-agent.newrelic.com cdn.syndication.twimg.com digitalfeedback.euro.confirmit.com platform.twitter.com cdn.unibuddy.co cdn.pubble.io pubble.io www.pubble.io js.pusher.com media.pubble.io https://cse.google.com https://www.google.com www.google.com cse.google.com consent.cookiebot.com consentcdn.cookiebot.com assets.calendly.com dci2.ttl.ai static.ttlagency.uk https://cues.ttl.ai/ gstatic.com www.gstatic.com instagram.com www.instagram https://sf16-scmcdn-sg.ibytedtos.com/goofy/tiktok/falcon/embed/embed_v0.0.8.js https://sf16-scmcdn-sg.ibytedtos.com https://www.instagram.com/embed.js https://www.tiktok.com/embed.js https://s16.tiktokcdn.com/tiktok/falcon/embed/embed_lib_v0.0.7.js https://connect.facebook.net https://dcu-ie.libanswers.com/load_chat.php https://www.recaptcha.net/recaptcha/api.js https://track.adform.net https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://www.googletagmanager.com/debug/badge.css https://static.hotjar.com/c/hotjar-3924047 https://static.hotjar.com https://script.hotjar.com/modules.429236d560f51d186b8b.js https://static.hotjar.com/c/hotjar-3924047.js https://*.hotjar.com https://script.hotjar.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' www.google-analytics.com www.youtube.com www.twitter.com api.reciteme.com www.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com bam-cell.nr-data.net js-agent.newrelic.com digitalfeedback.euro.confirmit.com cdn.pubble.io pubble.io www.pubble.io platform.twitter.com cdn.syndication.twimg.com www.google.com consent.cookiebot.com consentcdn.cookiebot.com media.pubble.io cse.google.com assets.calendly.com cdn.unibuddy.co dci2.ttl.ai static.ttlagency.uk gstatic.com www.gstatic.com instagram.com www.instagram https://sf16-scmcdn-sg.ibytedtos.com/goofy/tiktok/falcon/embed/embed_v0.0.8.js https://sf16-scmcdn-sg.ibytedtos.com https://www.instagram.com/embed.js https://www.tiktok.com/embed.js https://s16.tiktokcdn.com/tiktok/falcon/embed/embed_lib_v0.0.7.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net https://dcu-ie.libanswers.com/load_chat.php https://www.cincopa.com/media-platform/runtime/libasync.js https://rtcdn.cincopa.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://analytics.tiktok.com/i18n/pixel/events.js https://analytics.tiktok.com/i18n/pixel/identify.js https://analytics.tiktok.com/i18n/pixel/config.js https://bam.nr-data.net https://www.recaptcha.net/recaptcha/api.js https://embed.ycb.me https://track.adform.net https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://www.googletagmanager.com/debug/badge.css https://static.hotjar.com/c/hotjar-3924047.js https://static.hotjar.com https://script.hotjar.com https://script.hotjar.com/modules.429236d560f51d186b8b.js https://*.hotjar.com https://cdn.botframework.com/botframework-webchat/latest/webchat.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com; style-src 'self' 'unsafe-inline' platform.twitter.com ton.twimg.com cdn.pubble.io pubble.io https://www.google.com consent.cookiebot.com consentcdn.cookiebot.com api.reciteme.com dci2.ttl.ai static.ttlagency.uk gstatic.com www.gstatic.com fonts.googleapis.com instagram.com www.instagram https://sf16-scmcdn-sg.ibytedtos.com/goofy/tiktok/falcon/embed/embed_v0.0.8.js https://sf16-scmcdn-sg.ibytedtos.com https://www.instagram.com/embed.js https://www.tiktok.com/embed.js https://s16.tiktokcdn.com/tiktok/falcon/embed/embed_lib_v0.0.7.css https://rtcdn.cincopa.com https://www.googletagmanager.com/debug/badge.css https://*.hotjar.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' dci2.ttl.ai static.ttlagency.uk gstatic.com www.gstatic.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com app.vwo.com https:; worker-src 'self' blob: 1
manifest-src 'self' *.nationwidechildrens.org www.nationwidechildrens.org *.onoursleeves.org www.onoursleeves.org; frame-ancestors 'self' www.nationwidechildrens.org *.nationwidechildrens.org *.columbuschildrens.net www.columbuschildrens.net *.onoursleeves.org www.onoursleeves.org; report-uri https://cahg.nationwidechildrens.org/CAHubGateway/api/Hub/ContentSecurityPolicyReport 1
default-src 'none'; script-src acdn.adnxs.com cdn.admo.tv cstatic.weborama.fr dc.ads.linkedin.com developers.atinternet-solutions.com *.dom101.mapres *.dom101.intres *.dom101.prdres *.doubleclick.net d.turn.com *.evermaps.net *.facebook.net facebook.com *.gbpce.net *.googletagmanager.com *.googleadservices.com *.hcaptcha.com *.inbenta.io *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.k-app.io marketing.adobe.com my.tealiumiq.com publicidees.com px.ads.linkedin.com r.turn.com secure.adnxs.com 'self' snap.licdn.com support.criteo.com *.tiqcdn.com 'unsafe-inline' 'unsafe-eval' *.1bis.com *.myfeelback.com cdn.trustindex.io analytics.tiktok.com s2.adform.net track.adform.net *.adform.net *.bing.com *.teads.tv *.linkeo.com *.banquepopulaire.fr; connect-src *.dom101.mapres *.dom101.intres *.dom101.prdres *.inbenta.io *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.k-app.io *.omtrdc.net 'self' *.tealiumiq.com *.2o7.net *.hcaptcha.com cdn.linkedin.oribi.io adservice.google.com www.facebook.com *.prod.mycloud.intrabpce.fr google.com *.google.com analytics.tiktok.com px.ads.linkedin.com pagead2.googlesyndication.com gen-chat.i-bp.banquepopulaire.dev:8888 gen-widgets.hom.mycloud.intrabpce.fr gen-widgets.prod.mycloud.intrabpce.fr *.teads.tv *.banquepopulaire.fr; img-src data: cdn.admo.tv *.cloudimg.io cstatic.weborama.fr developers.atinternet-solutions.com *.doubleclick.net d.turn.com www.facebook.com www.google.fr www.google.com *.googletagmanager.com *.inbenta.com *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.k-app.io *.omtrdc.net ib.adnxs.com publicidees.com *.hcaptcha.com r.turn.com secure.adnxs.com 'self' snap.licdn.com support.criteo.com *.myfeelback.com *.kxcdn.com www.linkedin.com dc.ads.linkedin.com px.ads.linkedin.com px4.ads.linkedin.com cdn.trustindex.io my.tealiumiq.com action.metaffiliation.com *.bing.com *.teads.tv *.linkeo.com *.banquepopulaire.fr; style-src fonts.googleapis.com *.inbenta.io 'self' *.hcaptcha.com 'unsafe-inline' *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.k-app.io cdn.trustindex.io *.linkeo.com *.banquepopulaire.fr; font-src data: fonts.gstatic.com *.inbenta.io 'self'; frame-ancestors *.dom101.mapres *.dom101.intres *.dom101.prdres 'self' *.banquepopulaire.fr; frame-src https: *; worker-src 'self' blob:; report-uri https://www.csp.bpce.fr/v1/record; 1
default-src 'self' 'unsafe-inline' https://*.bing.com https://*.clarity.ms; media-src 'self'; img-src 'self' https://cm.everesttech.net https://gsdmairforcestage.112.2o7.net https://*.maze.co https://sgtm.airforce.com https://*.doubleclick.net https://sync.search.spotxchange.com https://dsum-sec.casalemedia.com https://sync.1rx.io https://ps.eyeota.net https://contextual.media.net https://tags.bluekai.com https://exchange-match.mediaplex.com https://ap.lijit.com https://dpm.demdex.net https://beacon.krxd.net https://ib.adnxs.com https://idsync.rlcdn.com https://pixel.rubiconproject.com https://*.pubmatic.com https://gsdmairforceprod.112.2o7.net/ https://eb2.3lift.com/ https://crb.kargo.com/ https://ups.analytics.yahoo.com https://cs.admanmedia.com https://ads.stickyadstv.com https://match.sharethrough.com https://us-u.openx.net https://match.adsrvr.org https://*.dotomi.com https://partners.tremorhub.com https://bh.contextweb.com https://simage2.pubmatic.com https://cms.analytics.yahoo.com https://*.googletagmanager.com https://*.google-analytics.com https://optimize.google.com https://cdn.cookielaw.org https://fonts.gstatic.com https://c.bing.com https://c.clarity.ms https://www.google.com.eg https://*.google.com https://*.g.doubleclick.net https://*.analytics.google.com https://bat.bing.com https://*.linkedin.com https://www.facebook.com https://*.snapchat.com https://p.adsymptotic.com https://i.ytimg.com https://maps.gstatic.com https://maps.googleapis.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.appcast.io https://*.maze.co https://login-ds.dotomi.com https://www.googleoptimize.com https://login.dotomi.com https://*.snapchat.com https://*.google-analytics.com https://*.googleanalytics.com https://optimize.google.com https://cdn.cookielaw.org https://*.clarity.ms https://www.analytics.google.com https://sc-static.net https://snap.licdn.com https://connect.facebook.net https://bat.bing.com https://www.youtube.com https://maps.googleapis.com https://*.salesforceliveagent.com https://www.googleadservices.com https://*.googletagmanager.com https://assets.adobedtm.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://*.maze.co https://fonts.googleapis.com https://*.googletagmanager.com; font-src 'self' https://*.maze.co https://fonts.gstatic.com data:; frame-src 'self' 'unsafe-inline' https://gsdm.demdex.net https://optimize.google.com https://*.doubleclick.net https://www.facebook.com https://www.youtube.com https://4136874.fls.doubleclick.net https://*.snapchat.com https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' https://px.ads.linkedin.com https://*.linkedin.com https://*.adobedc.net https://*.adobedtm.com https://*.demdex.net https://*.maze.co https://sgtm.airforce.com https://gsdm.tt.omtrdc.net https://maps.googleapis.com https://*.g.doubleclick.net https://*.google.com https://cdn.linkedin.oribi.io https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.googletagmanager.com https://www.google.com.eg https://d.clarity.ms https://www.clairty.ms https://*.clarity.ms https://*.snapchat.com https://stats.g.doubleclick.net https://*.analytics.google.com https://www.facebook.com https://bat.bing.com https://*.google-analytics.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com *.google-analytics.com www.googleadservices.com *.google.com *.google.ad *.google.ae *.google.com.tr *.google.co.il *.google.co.cr *.google.ca *.google.com.ua *.google.es *.google.co.in *.google.com.sg *.google.com.np *.google.com.mt *.google.de *.google.com.bd *.google.co.id *.google.it *.google.co.uk *.google.co.th  *.google.co.kr  *.google.fr *.google.co.za *.google.com.my *.google.com.co *.google.co.ve *.google.com.sa *.google.pt *.google.be *.google.cz *.google.co.ma *.google.com.br *.google.com.cy *.google.co.jp *.google.com.vn *.google.com.tw *.google.ro *.google.co.ke *.google.com.ng *.google.hu *.google.pl *.google.ie *.google.nl *.google.se *.google.com.do *.google.com.mx *.google.co.mz *.google.at *.google.com.ph *.google.ge *.google.com.au *.google.dz *.google.ch *.google.rs *.google.cn *.google.la *.google.by *.google.com.gt *.google.tn *.google.cl *.google.com.py *.google.ge *.google.com.ar *.google.lk *.google.com.kh *.google.ru *.google.com.mm *.google.az *.google.com.hk *.google.kz *.google.com.gh *.google.am *.google.me *.google.com.et *.google.no *.google.md *.google.com.pk *.google.bj *.google.com.af *.google.hr *.google.co.uz *.google.com.pa *.google.com.sv *.google.cm *.google.bg *.google.sk *.google.com.pr *.google.com.eg *.google.lu *.google.al *.google.si *.google.com.jm *.google.iq *.google.lu *.google.com.pe *.google.com.ec *.google.com.bo *.google.kg *.google.mu *.google.sn *.google.rw *.google.co.ug *.google.gr *.google.fi *.google.mk *.google.com.lb *.google.ee *.google.jo *.google.ba *.google.com.sv *.google.ps *.google.com.fj *.google.co.ao *.google.com.gi *.google.com.qa *.google.tt *.google.gy *.google.lt *.google.com.sv *.google.mg *.google.tm *.google.gm *.google.so *.google.cz *.google.co.tz *.google.com.uy *.google.bf *.google.vg *.google.com.cu *.google.sm *.google.com.bn *.google.hn *.google.ci *.google.com.na *.google.co.ls *.google.dk *.google.co.nz *.google.ht *.google.cv *.google.ne *.google.mv google.com.sb google.is google.com.ly google.com.kw google.co.vi google.je google.sc google.cd google.mg google.cg google.lv google.tg google.bt google.vu google.dz google.com.pg google.ht google.com.ni google.co.id google.com.uy google.mn google.bs google.tj google.co.uk google.com.sl google.com.bz google.ml google.com.ph google.co.in google.tm google.ms google.com.tj www.pagespeed-mod.com *.doubleclick.net http://ad.doubleclick.net *.gstatic.com www.youtube.com i.ytimg.com cdn.jsdelivr.net widget.trustpilot.com wa.onelink.me ajax.cloudflare.com *.gravatar.com *.clarity.ms *.bing.com *.userway.org snap.licdn.com px.ads.linkedin.com/; frame-ancestors 'self'; report-uri https://brightdata.com/web_api/report_csp 1
default-src 'self' https://dqsvtm1sk5z3l.cloudfront.net/;base-uri 'self';script-src 'self' 'unsafe-eval' 'strict-dynamic' 'nonce-HRKwjeVhYV' https://dqsvtm1sk5z3l.cloudfront.net/;style-src 'self' 'unsafe-inline';font-src 'self' https://dqsvtm1sk5z3l.cloudfront.net/ data:;img-src 'self' https://adserver.cluep.com/ https://www.google-analytics.com/ https://cas.cluep.com https://i.vimeocdn.com/ data: https://dqsvtm1sk5z3l.cloudfront.net/;connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ *.ingest.sentry.io;object-src 'none';manifest-src 'self' https://dqsvtm1sk5z3l.cloudfront.net/;upgrade-insecure-requests 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.analyticsinsight.net;block-all-mixed-content; 1
default-src 'self' about: data: blob: analytics.google.com bam.nr-data.net app.energycap.com *.kampyle.com *.nr-data.net *.force.com *.browsealoud.com *.constantcontact.com *.ctctcdn.com www.facebook.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com cascade2.libchat.com px.ads.linkedin.com track.mailerlite.com *.medallia.com *.monsido.com *.newrelic.com *.sdge.com *.sharethis.com speech.speechstream.net public.tableau.com *.twimg.com *.twitter.com www.wageworks.com static.wixstatic.com cola.unh.edu www.consumer.ftc.gov sandiego.gov *.sandiego.gov stats.g.doubleclick.net bam.nr-data.net speech.speechstream.net firstsearch.oclc.org *.granicus.com *.weather.gov; script-src 'self' about: data: blob: *.live-sdgov.pantheonsite.io *.twitter.com *.polyfill.io *.amazonaws.com *.hdrelay.com manage.hdrelay.com *.monsido.com *.googleapis.com 'unsafe-eval' 'unsafe-inline' *.kampyle.com *.medallia.com visualsponline.azurewebsites.net *.nr-data.net *.force.com *.newrelic.com *.google-analytics.com *.ads-twitter.com *.browsealoud.com *.cloudflare.com *.ctctcdn.com *.google.com *.googleadservices.com *.googletagmanager.com *.gstatic.com t.ifvox.com v2.libanswers.com *.licdn.com www.peakdemocracy.com *.sharethis.com public.tableau.com cdn.syndication.twimg.com *.cloudfront.net connect.facebook.net *.newrelic.com vjs.zencdn.net firstsearch.oclc.org *.typeform.com *.instagram.com cdn.rawgit.com cdn.jsdelivr.net a.fsdn.com/con/js/sftheme/vendor/modernizr.3.3.1.custom.js cdn.datatables.net; style-src 'self' 'unsafe-inline' *.force.com *.browsealoud.com ws.sharethis.com events.constantcontact.com static.ctctcdn.com *.googleapis.com *.gstatic.com cdn-images.mailchimp.com static.mailerlite.com ton.twimg.com platform.twitter.com vjs.zencdn.net cdnjs.cloudflare.com cdn.jsdelivr.net cdn.datatables.net; img-src 'self' data: blob: * www.google.es *.browsealoud.com *.constantcontact.com *.ctctcdn.com www.facebook.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com cascade2.libchat.com px.ads.linkedin.com track.mailerlite.com *.monsido.com *.newrelic.com *.sdge.com *.sharethis.com public.tableau.com *.twimg.com *.twitter.com www.wageworks.com static.wixstatic.com *.ytimg.com cola.unh.edu www.consumer.ftc.gov sandiego.gov *.sandiego.gov stats.g.doubleclick.net bam.nr-data.net firstsearch.oclc.org www.google.it www.google.pt www.google.com.ph www.google.com.om www.google.co.uk www.google.com.mx www.google.de www.google.co.in; frame-src 'self' *.waze.com td.doubleclick.net app.energycap.com api.exchqzdata.com datasd.typeform.com data: *.medallia.com *.amazonaws.com *.arcgis.com sandiego.bibliocommons.com www.facebook.com support.gale.com *.google.com portal.hdontap.com manage.hdrelay.com cdn.knightlab.com stories.opengov.com www.opentownhall.com www.peakdemocracy.com prezi.com sandiego.seamlessdocs.com public.tableau.com app.truelook.com *.twitter.com player.vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com *.sandiego.gov *.sharethis.com c.sharethis.mgr.consensu.org *.granicus.com app.powerbigov.us *.instagram.com *.hylandcloud.com app.truelook.cloud *.smartsheet.com padlet.com *.indigov.com *.office365.com forms.office.com; font-src 'self' data: *.force.com themes.googleusercontent.com fonts.gstatic.com *.sandiego.gov vjs.zencdn.net fonts.googleapis.com cdnjs.cloudflare.com; connect-src 'self' data: blob: www.google.ca *.hdrelay.com *.kampyle.com *.nr-data.net *.force.com *.browsealoud.com *.constantcontact.com *.ctctcdn.com www.facebook.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com cascade2.libchat.com px.ads.linkedin.com track.mailerlite.com *.medallia.com *.monsido.com *.newrelic.com *.sdge.com *.sharethis.com speech.speechstream.net public.tableau.com *.twimg.com *.twitter.com www.wageworks.com static.wixstatic.com cola.unh.edu www.consumer.ftc.gov sandiego.gov *.sandiego.gov stats.g.doubleclick.net bam.nr-data.net speech.speechstream.net firstsearch.oclc.org *.granicus.com *.us-west-2.amazonaws.com wss://*.us-west-2.amazonaws.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline'  https://base.mirror.xyz https://static-assets.coinbase.com/js/cca/v0.0.1.js https://cca-lite.coinbase.com https://*.walletconnect.org wss://*.walletconnect.org wss://*.walletconnect.com https://*.walletconnect.com https://explorer-api.walletconnect.com;connect-src 'self' https://blob.vercel-storage.com https://zku9gdedgba48lmr.public.blob.vercel-storage.com https://*.walletconnect.org wss://*.walletconnect.org wss://*.walletconnect.com https://*.walletconnect.com https://explorer-api.walletconnect.com https://api.sprig.com https://cdn.sprig.com https://boards.greenhouse.io https://boards-api.greenhouse.io https://cca-lite.coinbase.com https://static-assets.coinbase.com/js/cca/v0.0.1.js wss://www.walletlink.org/rpc https://analytics-service-dev.cbhq.net mainnet.base.org sepolia.base.org https://cloudflare-eth.com https://i.seadn.io/ https://api.opensea.io https://ipfs.io wss://www.walletlink.org https://base.easscan.org/graphql https://api.guild.xyz/   https://flag.lab.amplitude.com/sdk/v2/flags https://api.lab.amplitude.com/sdk/v2/vardata;frame-ancestors 'self' https://base.mirror.xyz;form-action 'self' https://base.mirror.xyz;img-src 'self' blob: https://blob.vercel-storage.com https://zku9gdedgba48lmr.public.blob.vercel-storage.com data: https://*.walletconnect.com/ https://i.seadn.io/ https://ipfs.io; 1
frame-ancestors 'self' https://*.newspicks.com 1
default-src 'self'; block-all-mixed-content; child-src 'self' blob: 1327335.fls.doubleclick.net bid.g.doubleclick.net d6tizftlrpuof.cloudfront.net pasaanvraag.schiphol.nl www.youtube.com 5980017.fls.doubleclick.net www.googletagmanager.com www.facebook.com connect.facebook.net *.dynamics.com *.azureedge.net *.microsoft.com www.google.com; connect-src 'self' *.schiphol.nl *.digitalredesign.nl *.schiphol.dev wss://ws-eu.pusher.com api.usabilla.com app.getsentry.com sentry.io *.ingest.sentry.io *.nr-data.net d6tizftlrpuof.cloudfront.net doubleclickadexchange.net *.google-analytics.com pagead2.googlesyndication.com jy11djjhoa.execute-api.eu-west-1.amazonaws.com *.g.doubleclick.net *.tiles.mapbox.com api.mapbox.com obipubvideo.s3.eu-central-1.amazonaws.com ws-eu.pusher.com stats.pusher.com events.mapbox.com api-cdn.embed.ly chat-schipholccc.cs83.force.com schipholccc.secure.force.com schipholccc.my.salesforce.com schipholccc.my.salesforce-sites.com *.facebook.com *.appspot.com *.dynamics.com *.azureedge.net *.microsoft.com api.leadinfo.com collector.leadinfo.net consentcdn.cookiebot.com; font-src 'self' data: fonts.gstatic.com tagmanager.google.com themes.googleusercontent.com cdn.schiphol.nl fonts.googleapis.com cdn.leadinfo.net; frame-ancestors 'self' *.my.salesforce.com www.kcmsurvey.com *.schiphol.nl *.digitalredesign.nl *.schiphol.dev *.dynamics.com *.azureedge.net *.microsoft.com; frame-src 'self' blob: 1327335.fls.doubleclick.net bid.g.doubleclick.net d6tizftlrpuof.cloudfront.net pasaanvraag.schiphol.nl www.youtube.com 5980017.fls.doubleclick.net www.googletagmanager.com www.facebook.com connect.facebook.net *.dynamics.com *.azureedge.net *.microsoft.com www.google.com html5-player.libsyn.com cdn.embedly.com service.force.com schipholccc.secure.force.com schipholccc.my.salesforce.com schipholccc.my.salesforce-sites.com *.my.salesforce.com www.kcmsurvey.com consentcdn.cookiebot.com customer.bookingbug.com; img-src 'self' https: data: blob: *.ctfassets.net *.nr-data.net bat.bing.com bat.r.msn.com cdncash.org d6tizftlrpuof.cloudfront.net doubleclick.net ge0ip.com ge0ip.net ge0ip.org *.doubleclick.net lancheck.net maps.googleapis.com *.schiphol.nl *.digitalredesign.nl *.schiphol.dev schiphol.mobi tagmanager.google.com takethatad.com tm.tradetracker.net ts.tradetracker.net tl.tradetracker.net w.usabilla.com *.google-analytics.com www.google.com www.google.nl www.googleadservices.com www.gstatic.com www.seebuyflyhappyhour.nl connect.facebook.net www.facebook.com s.ytimg.com lh3.googleusercontent.com ad.doubleclick.net adservice.google.com adservice.google.nl assets.libsyn.com ssl-static.libsyn.com *.content.force.com schipholccc.secure.force.com schipholccc.my.salesforce.com schipholccc.my.salesforce-sites.com opt.objectiveportal.com *.linkedin.com *.appspot.com collector.leadinfo.net cdn.leadinfo.net; manifest-src 'self' cdn.schiphol.nl; script-src 'self' data: asset: blob: 'unsafe-inline' 'unsafe-eval' *.schiphol.nl *.digitalredesign.nl *.schiphol.dev ajax.googleapis.com api.usabilla.com apps-analytics.net *.nr-data.net bat.bing.com cdn.optimizely.com cdncash.org d1fc8wv8zag5ca.cloudfront.net d6tizftlrpuof.cloudfront.net d19tqk5t6qcjac.cloudfront.net ge0ip.com ge0ip.net ge0ip.org js-agent.newrelic.com tagmanager.google.com tm.tradetracker.net w.usabilla.com *.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com connect.facebook.net www.facebook.com *.tiles.mapbox.com www.youtube.com s.ytimg.com googleads.g.doubleclick.net www.google.com *.dynamics.com *.azureedge.net *.microsoft.com js.pusher.com stats.pusher.com *.salesforceliveagent.com *.my.salesforce.com service.force.com ajax.cloudflare.com cdn.embedly.com chat-schipholccc.cs83.force.com static.lightning.force.com schipholccc.secure.force.com schipholccc.my.salesforce.com schipholccc.my.salesforce-sites.com consent.cookiebot.com opt.objectiveportal.com snap.licdn.com sentry.io *.sentry-cdn.com cdn.leadinfo.net consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' blob: tagmanager.google.com d6tizftlrpuof.cloudfront.net www.gstatic.com api.tiles.mapbox.com cdn.schiphol.nl cdn.embedly.com static.libsyn.com service.force.com *.my.salesforce.com chat-schipholccc.cs83.force.com schipholccc.secure.force.com schipholccc.my.salesforce.com schipholccc.my.salesforce-sites.com www.googletagmanager.com fonts.googleapis.com cdn.leadinfo.net; worker-src 'self' blob: 1327335.fls.doubleclick.net bid.g.doubleclick.net d6tizftlrpuof.cloudfront.net pasaanvraag.schiphol.nl www.youtube.com 5980017.fls.doubleclick.net www.googletagmanager.com *.facebook.com *.dynamics.com *.azureedge.net *.microsoft.com www.google.com 1
frame-ancestors 'self' https://*.contentful.com 1
script-src 'self' 'unsafe-inline'  https://cmp.osano.com/ https://maps.googleapis.com/ https://static.cloudflareinsights.com/;    style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/;    font-src 'self' https://fonts.gstatic.com/;    object-src 'none';    base-uri 'self';    worker-src 'self' blob:;    form-action 'self';    frame-ancestors 'none';    report-uri https://sentry.intercars.eu/api/96/security/?sentry_key=02e558b4cccc4d9699cb1989b968f672; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://s0.wp.com https://s1.wp.com https://s2.wp.com; script-src 'self' 'unsafe-inline' https://cdn.cookielaw.org https://bam.nr-data.net https://privacyportal.onetrust.com https://geolocation.onetrust.com https://stats.wp.com https://js-agent.newrelic.com https://www.google-analytics.com https://s0.wp.com https://s1.wp.com https://s2.wp.com https://www.googletagmanager.com; frame-src 'self' https://widgets.wp.com/ https://player.vimeo.com/; frame-ancestors none; connect-src 'self' https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://www.google-analytics.com; img-src 'self' data: https://secure.gravatar.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://pixel.wp.com https://i.vimeocdn.com/; font-src 'self' data: https://s0.wp.com https://s1.wp.com https://s2.wp.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' mw-uk2-uat.thehut.net mw.thghosting.com *.midphase.com *.uk2group.com request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com *.dwin1.com *.hsforms.com *.hsforms.net *.puzzel.com *.google.com *.google.co.uk *.googleapis.com *.gdmdigital.com *.bing.com *.jquery.com platform.linkedin.com www.linkedin.com platform.twitter.com *.pingdom.net *.websitealive.com m.addthisedge.com ssl.google-analytics.com *.addthis.com *.trustpilot.com *.cloudfront.net *.visualwebsiteoptimizer.com *.adroll.com *.facebook.net www.googleadservices.com *.qualtrics.com www.google.com apis.google.com www.googletagmanager.com www.google-analytics.com cdn.syndication.twimg.com syndication.twitter.com platform.twitter.com fp.gdmdigital.com connect.facebook.net app.yieldify.com yieldify.com www.gstatic.com *.cloudfront.net tracking.websitealive.com secure.adnxs.com  www.youtube.com s.ytimg.com *.hcaptcha.com; img-src 'self' *.thgingenuity.com img.zohostatic.eu *.midphase.com *.uk2group.com *.puzzel.com *.bing.com www.linkedin.com *.gravatar.com ssl.google-analytics.com *.pingdom.net *.websitealive.com *.adroll.com *.licdn.com *.twimg.com *.bidswitch.net *.rlcdn.com *.licdn.com www.privacytrust.com *.twitter.com *.openx.net *.doubleclick.net *.cloudfront.net *.adnxs.com go.flx1.com pbs.twimg.com platform.twitter.com *.facebook.com csi.gstatic.com syndication.twitter.com s.c.lnkd.licdn.com *.etrust.org *.gstatic.com 55b558c7-resources.bk-partnersasia.com *.visualwebsiteoptimizer.com www.google-analytics.com www.facebook.com www.google.com www.google.co.uk stats.g.doubleclick.net data: https://script.hotjar.com http://script.hotjar.com; style-src 'self' 'unsafe-inline' *.midphase.com *.twitter.com *.puzzel.com *.google.com *.pingdom.net *.websitealive.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.cloudfront.net; frame-src 'self' *.midphase.com cdn.forms-content.sg-form.com *.uk2group.com *.puzzel.com *.hsforms.com *.hsforms.net *.facebook.net *.facebook.com https://vars.hotjar.com *.twitter.com *.websitealive.com staticxx.facebook.com *.addthis.com *.trustpilot.com *.google.com www.youtube.com app.yieldify.com accounts.google.com apis.google.com www.facebook.com *.hcaptcha.com; connect-src 'self' *.hcaptcha.com *.google-analytics.com *.sentry.io mw-uk2-uat.thehut.net mw.thghosting.com *.midphase.com m.addthis.com *.puzzel.com *.trustpilot.com *.pingdom.net *.twitter.com ws://127.0.0.1:35729 http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com *.visualwebsiteoptimizer.com geo.yieldify.com mw.thghosting.com bat.bing.com; font-src 'self' data: *.midphase.com http://script.hotjar.com https://script.hotjar.com *.puzzel.com fonts.gstatic.com maxcdn.bootstrapcdn.com stats.g.doubleclick.net; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.midphase.com *.puzzel.com; frame-ancestors 'self'; 1
default-src 'self'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com https://heapanalytics.com; font-src 'self' data: fonts.gstatic.com https://heapanalytics.com; frame-ancestors 'self'; frame-src 'self' widgets.jobscore.com www.google.com www.googletagmanager.com www.youtube.com https://trueanthem.lpages.co https://app.termly.io; form-action 'self'; img-src 'self' data: www.googletagmanager.com secure.gravatar.com https://heapanalytics.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.google.com https://www.googletagmanager.com https://www.gstatic.com https://cdnjs.cloudflare.com https://embed.lpcontent.net *.trueanthem.com https://cdn.heapanalytics.com https://heapanalytics.com https://app.termly.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com https://heapanalytics.com 1
upgrade-insecure-requests; frame-ancestors 'self' https://avalara.sb.amp.vg https://avalara.amp.vg https://partner.avalara.com 1
upgrade-insecure-requests; default-src 'self' https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; object-src https:; form-action https:; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=ln_shp&d=2024-07-26 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-IhnMdfK5Op9CU/KTZpHyBw==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob:; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://*.aol.com https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com https://bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/ https://interactives.ap.org; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
report-uri /report-csp;report-to /report-csp;base-uri 'self';child-src number26://* *.n26.com n26.com *.doubleclick.net pixel.mathtag.com n26.go2cloud.org www.googletagmanager.com *.youtube-nocookie.com youtube-nocookie.com boards.greenhouse.io;connect-src 'self' https://spc.n26.com * https://*.logs.datadoghq.eu;font-src 'self' data:;img-src https://spc.n26.com 'self' data: images.ctfassets.net images.contentful.com * *.greenhouse.io;media-src videos.contentful.com videos.ctfassets.net;object-src 'none';style-src 'unsafe-inline' 'self' tagmanager.google.com;script-src 'self' cdn.number26.de 'unsafe-inline' * connect.facebook.net *.youtube-nocookie.com s.ytimg.com youtube-nocookie.com youtube.com boards.greenhouse.io datadoghq.eu datadoghq-browser-agent.com cdn.cookielaw.org;worker-src 'self';default-src *;frame-ancestors app.contentful.com 'self' *.n26.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://t.co https://twitter.com  https://static.ads-twitter.com *.ads-twitter.com *.api.useinsider.com *.useinsider.com  https://cdn.evgnet.com https://cdn.evergage.com https://standardbank.germany-2.evergage.com  https://td.doubleclick.net  https://stbg.standardbank.co.za https://stream.tribeca.vidavee.com  *.tt.omtrdc.net   cdn.evgnet.com cdn.evergage.com standardbank.germany-2.evergage.com analytics.tiktok.com *.fls.doubleclick.net *.map2.ssl.hwcdn.net *.tt.omtrdc.net 18.158.66.119 18.158.9.206 18.197.87.55 3.122.158.135 52.44.37.68 open.spotify.com feeds.standardbank.com cdn.cookielaw.org *.onetrust.com wss://xjuef7bvmngknfbxn2tirmfmiy.appsync-realtime-api.eu-west-1.amazonaws.com/  8448999.fls.doubleclick.net standardbank.germany-2.evergage.com accstandardbank.d1.sc.omtrdc.net ad.doubleclick.net analytics.twitter.com api.production.helium.servismatrix.com/ assets.adobedtm.com beacon.krxd.net bfrb-001.sandbox.us01.dx.commercecloud.salesforce.com bid.g.doubleclick.net/xbbe/pixel bs.serving-sys.com business.twitter.com cbks0.googleapis.com cdn.krxd.net cdnjs.cloudflare.com client.demdex.net cm.everesttech.net code.jquery.com cognito-identity.eu-west-1.amazonaws.com/ connect.facebook.net consumer.krxd.net digitalbanking.standardbank.co.za:8083 dc.ads.linkedin.com digitalbanking.standardbank.co.za:8083/ dpm.demdex.net enboard.meplus enboarder.com eu.enboarder.com fast.standardbank.demdex.net fonts.googleapis.com fonts.gstatic.com geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com googleads.g.doubleclick.net img.youtube.com jslog.krxd.net khms0.googleapis.com khms1.googleapis.com lightning.production.helium.servismatrixcdn.com/v2/latest/bundle-messenger.js maps.googleapis.com maps.gstatic.com maps.lightstoneproperty.co.za my.enboarder.com pixel.facebook.com px.ads.linkedin.com sborg-heupper-mcprdstandardbank.s3.amazonaws.com/ sborg-heupper-mcprdstandardbank.s3.eu-west-1.amazonaws.com/ secure-ds.serving-sys.com snap.licdn.com standardbank.demdex.net static.ads-twitter.com static.enboarder.netdomain tpc.googlesyndication.com tribeca.vidavee.com us.enboarder.com wr32shlrp2.execute-api.eu-west-1.amazonaws.com/monitoring/watchdog/metrics www.facebook.com www.google.co.za www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.homeloans1.standardbank.co.za www.youtube.com xjuef7bvmngknfbxn2tirmfmiy.appsync-api.eu-west-1.amazonaws.com/graphql xjuef7bvmngknfbxn2tirmfmiy.appsync-realtime-api.eu-west-1.amazonaws.com; frame-ancestors 'self' api.production.helium.servismatrix.com/ bfrb-001.sandbox.us01.dx.commercecloud.salesforce.com cognito-identity.eu-west-1.amazonaws.com/ digitalbanking.standardbank.co.za:8083/ enboard.meplus enboarder.com eu.enboarder.com img.youtube.com lightning.production.helium.servismatrixcdn.com/v2/latest/bundle-messenger.js my.enboarder.com sborg-heupper-mcprdstandardbank.s3.amazonaws.com/ sborg-heupper-mcprdstandardbank.s3.eu-west-1.amazonaws.com/ static.enboarder.netdomain tribeca.vidavee.com us.enboarder.com wr32shlrp2.execute-api.eu-west-1.amazonaws.com/monitoring/watchdog/metrics xjuef7bvmngknfbxn2tirmfmiy.appsync-realtime-api.eu-west-1.amazonaws.com ; 1
frame-ancestors 'self' https://*.stuba.sk http://*.stuba.sk; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com unpkg.com/@frontify/ *.cloudinary.com http://s3.amazonaws.com/ https://donorbox.org/ https://public.flourish.studio/ http://pagead2.googlesyndication.com/ https://partner.googleadservices.com/ https://adservice.google.com/ https://tpc.googlesyndication.com/ https://lawfareblog.us3.list-manage.com/ https://cdn.sajari.com/ http://cdn.sajari.com/ https://www.googletagmanager.com/ 'self' cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://use.typekit.net/ https://p.typekit.net/ http://cdn-images.mailchimp.com/ 'self' web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.frontify.com *.cloudinary.com https://via.placeholder.com/ http://cdn-images.mailchimp.com/ https://public.flourish.studio/ https://pagead2.googlesyndication.com/ https://lawfare-dev.idevdesign.net/ https://lawfare-qa.idevdesign.net/ https://lawfare-assets-new.azureedge.net http://lawfare-dev.idevdesign.net/ http://lawfare-qa.idevdesign.net/ https://re.sajari.com/ assets.documentcloud.org ir-na.amazon-adsystem.com lawfare.s3-us-west-2.amazonaws.com 25.media.tumblr.com assets.rappler.com azelin.files.wordpress.com b-i.forbesimg.com blogs.piie.com brightcove.vo.llnwd.net c.gigcount.com cdn.c.photoshelter.com cdn.static-economist.com cdn.theatlantic.com cdn2.i-scmp.com chertoffgroup.com clausewitzforkids.files.wordpress.com cloudfront-media.reason.com cnnphilippines.com cnponline.org d1udmfvw0p7cd2.cloudfront.net drawnward.com ecx.images-amazon.com edge.alluremedia.com.au en.dangcongsan.vn globalnation.inquirer.net graphics8.nytimes.com gunpowderandlead.org htmlimg1.scribdassets.com i.dailymail.co.uk i.ndtvimg.com i.telegraph.co.uk i1.cpcache.com i2.cdn.turner.com ichef-1.bbci.co.uk images.chinatopix.com images.en.yibada.com imgs.xkcd.com law.fordham.edu law.pepperdine.edu law.rwu.edu law.wlu.edu libertasq.files.wordpress.com media.hoover.org media.nola.com media.npr.org media.philstar.com media.wwnorton.com moritzlaw.osu.edu ngrams.googlelabs.com normanweaver.files.wordpress.com o.onionstatic.com pop.h-cdn.co s15.postimg.org s2.reutersmedia.net s3.reutersmedia.net s4.reutersmedia.net sa.kapamilya.com static.thanhniennews.com static2.businessinsider.com t1.gstatic.com thediplomat.com thumbs.media.smithsonianmag.comfiler ukcatalogue.oup.com upload.wikimedia.org veggiebunch.co.za web.law.columbia.edu ws-na.amazon-adsystem.com www.bangkokpost.com www.bloomberg.com www.brookings.edu www.channelnewsasia.com www.charliesavage.com www.dw.com www.ethanzuckerman.com www.fcps.edu www.fed-soc.org www.hrw.org www.intellectualventures.com www.journalism.org www.law.harvard.edu www.law.leeds.ac.uk www.law.pitt.edu www.law.uchicago.edu www.law.unimelb.edu.au www.lawandsecurity.org www.lawfareblog.com www.liquidplanner.com www.maritime-executive.com www.ohchr.org www.pclob.gov www.people-press.org www.postwritersgroup.com www.skatingonstilts.com www.smbc-comics.com www.straitstimes.com www.telegraph.co.uk www.theonion.com www.vermontlaw.edu www.washington.edu www.washingtoninstitute.org www.washingtonpost.com www.wired.com www.zazzle.com aoav.org.uk assets.libsyn.com chart.googleapis.com d2mxuefqeaa7sj.cloudfront.net dl.dropboxusercontent.com docs.google.com e-estonia.com encrypted-tbn1.gstatic.com encrypted-tbn3.gstatic.com fbcdn-sphotos-h-a.akamaihd.net gallery.mailchimp.com i.guim.co.uk i0.wp.com i2.wp.com image.ibb.co images.duckduckgo.com img.washingtonpost.com immersion.media.mit.edu lawfareblog.com lh3.googleusercontent.com lh4.googleusercontent.com lh5.googleusercontent.com lh6.googleusercontent.com media.defense.gov media2.wnyc.org news.usni.org politicalscience.stanford.edu prod01-cdn03.cdn.firstlook.org s.yimg.com s22.postimg.cc scontent-iad3-1.xx.fbcdn.net screenshotscdn.firefoxusercontent.com shop.americanbar.org si.wsj.net spaghettionthewallproductions.files.wordpress.com ssl.gstatic.com static01.nyt.com timedotcom.files.wordpress.com twimg0-a.akamaihd.net twitframe.com web.archive.org www.ejiltalk.org www.paypalobjects.com www.steptoecyberblog.com www.whitehouse.gov www.yahoo.com www.yapsody.com 'self' web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://use.typekit.net/; frame-src * 'self' web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.frontify.com *.cloudinary.com http://www.ustream.tv/ https://www.ustream.tv/ https://www.npr.org/ https://pagead2.googlesyndication.com/ http://jsonapi.sajari.net/; media-src 'self' data: blob: *.frontify.com *.cloudinary.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://video.ibm.com/ *.frontify.com cloudinary.com *.cloudinary.com https://embed.acast.com https://player.blubrry.com/ http://html5-player.libsyn.com/ https://donorbox.org/ https://flo.uri.sh/ https://www.ustream.tv/ http://www.ustream.tv/ https://www.npr.org/ https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://www.google.com/ http://jsonapi.sajari.net/ https://embed.podcasts.apple.com/ https://embed.documentcloud.org/ https://www.c-span.org/ http://c-span.org/ https://www.senate.gov/ https://senate.gov/ https://v.24liveblog.com/ http://v.24liveblog.com/ https://open.acast.com/ https://sphinx.acast.com/ https://stitcher2.acast.com/ https://securepubads.g.doubleclick.net/ 'self' web-chat.nativechat.com 1
default-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob: 1
frame-ancestors https://app.storyblok.com/; 1
default-src 'self'; img-src 'self' data: blob: https://*.akamaized.net https://yt3.ggpht.com https://cdn.xsolla.net https://secure.xsolla.com https://www.google.com https://www.google-analytics.com https://*.owox.com https://*.playkot.com https://supercitygame.com https://www.google.de; media-src https://*.akamaized.net https://*.playkot.com; font-src https://*.akamaized.net https://fonts.gstatic.com https://*.playkot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.akamaized.net https://static.xsolla.com https://cdn.jsdelivr.net https://connect.facebook.net https://*.doubleclick.net https://yt3.ggpht.com https://cdn.pushwoosh.com https://www.googletagmanager.com https://www.google-analytics.com https://js.sentry-cdn.com https://www.google.com https://www.gstatic.com https://*.playkot.com https://*.helpshift.com; connect-src 'self' data: https://*.akamaized.net https://*.doubleclick.net https://platform-lookaside.fbsbx.com https://*.playkot.team https://www.google-analytics.com https://*.google-analytics.com https://cp.pushwoosh.com https://*.playkot.com wss://*.scwk8.playkot.team https://*.supercitygame.com/; frame-src https://www.youtube.com https://*.xsolla.com https://www.google.com https://*.helpshift.com/; child-src 'self' https://www.youtube.com 1
frame-ancestors 'none'; object-src 'self'; script-src 'self' 'unsafe-inline' https://static.zdassets.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.google-analytics.com/ https://boards.greenhouse.io/; 1
default-src 'self' https://www-assets.kolide.com; font-src 'self' https://www-assets.kolide.com https://fonts.gstatic.com data:; img-src http://www.googletagmanager.com 'self' https: data:; media-src 'self' https://www-assets.kolide.com https://lp.kolide.co; object-src 'none'; style-src 'self' https: 'unsafe-inline' blob:; base-uri 'self'; frame-ancestors 'self' https://www-assets.kolide.com; script-src https://js.stripe.com https://www.googletagmanager.com/gtag/js https://js.hs-scripts.com https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hsadspixel.net https://js.usemessages.com https://static.hsappstatic.net https://snap.licdn.com https://cdnjs.cloudflare.com/ajax/libs/tocbot/4.23.0/tocbot.min.js https://cdnjs.cloudflare.com/ajax/libs/mermaid/9.3.0/mermaid.min.js https://www.recaptcha.net https://www.gstatic.com/recaptcha/ https://plausible.io https://www.redditstatic.com/ https://www-assets.kolide.com https://app.kolide.com https://k2.kolide.com https://auth.kolide.com https://k2-marketing.herokuapp.com https://www.kolide.com https://gist.github.com https://platform.twitter.com https://www.googletagmanager.com/gtm.js https://js.hsforms.net/forms/embed/v2.js https://sdk.avoma.com/scheduler-router.js 'nonce-525ed07aac507434b56cad8476bdf4fd'; frame-src https://www.google.com https://www.recaptcha.net https://www.gstatic.com/recaptcha/ https://js.stripe.com https://meetings.hubspot.com https://app.hubspot.com https://www.loom.com https://speakerdeck.com https://platform.twitter.com https://www.youtube.com https://open.spotify.com https://www.googletagmanager.com https://forms.hsforms.com https://book.avoma.com; connect-src https://*.bugsnag.com https://www.google-analytics.com https://forms.hubspot.com https://api.hubapi.com/ https://api.hubspot.com/ https://js.hs-banner.com https://plausible.io https://cdn.linkedin.oribi.io https://www-assets.kolide.com k2.kolide.com app.kolide.com auth.kolide.com k2-marketing.herokuapp.com www.kolide.com wss://k2-marketing.herokuapp.com wss://app.kolide.com wss://auth.kolide.com wss://k2.kolide.com wss://www.kolide.com https://forms.hsforms.com 1
frame-src https://www.youtube.com 'self' 1
default-src 'self'  s3-eu-west-1.amazonaws.com  in.hotjar.com  s7g10.scene7.com  static-jmpovh.hyperlab.pl  maps.googleapis.com  analytics.tiktok.com  popups.landingi.com  stats.landingi.com  region1.google-analytics.com  vc.hotjar.io  lightboxes.landingi.com  tagmanager.landingi.io  app.push-ad.com  www.google-analytics.com  geolocation.onetrust.com  stats.g.doubleclick.net  api3.push-ad.com  ct.pinterest.com  app2.push-api.pl  track.push-ad.com  cdn.cookielaw.org  static.biedronka.local  static-wwwbiedronkapl-dev-php56.hyperlab.pl  static.biedronka.pl  pagead2.googlesyndication.com  www.google.com  googleads.g.doubleclick.net tr.snapchat.com dmp.push-api.pl ams.creativecdn.com jmp-privacy.my.onetrust.com cdn.jsdelivr.net tr6.snapchat.com *.crazyegg.com; script-src 'self'  data:  http:  https:  'unsafe-inline'  'unsafe-eval'  s7g10.scene7.com  cdn-jmpovh.hyperlab.pl  static-jmpovh.hyperlab.pl  maps.googleapis.com  code.jquery.com  www.youtube.com  lf16-tiktok-web.ttwstatic.com  www.tiktok.com  s3-eu-west-1.amazonaws.com  stats.landingi.com  old.assets-landingi.com  assetslp.link  popups.landingi.com  scripts.assets-landingi.com  ucarecdn.com  script.hotjar.com  app.push-ad.com  analytics.tiktok.com  acdn.adnxs.com  code.createjs.com  static.biedronka.local  static-wwwbiedronkapl-dev-php56.hyperlab.pl  static.biedronka.pl  connect.facebook.net  www.googletagmanager.com  biedronka.push-ad.com  myao.adocean.pl  cdn.cookielaw.org  www.google.com  www.gstatic.com  www.google-analytics.com  s.pinimg.com  static.hotjar.com  googleads.g.doubleclick.net sc-static.net tr.snapchat.com landingistats.com tags.creativecdn.com ams.creativecdn.com ssl.p.jwpcdn.com cdn.jsdelivr.net sf16-website-login.neutral.ttwstatic.com *.crazyegg.com; style-src 'self'  'unsafe-inline'  s7g10.scene7.com  static-jmpovh.hyperlab.pl  p.typekit.net  use.typekit.net  lf16-tiktok-web.ttwstatic.com  s3-eu-west-1.amazonaws.com  styles.assets-landingi.com  api3.push-ad.com  app2.push-api.pl  app.push-ad.com  static.biedronka.local  static-wwwbiedronkapl-dev-php56.hyperlab.pl  static.biedronka.pl  fonts.googleapis.com www.googletagmanager.com *.crazyegg.com; font-src 'self'  data:  static-jmpovh.hyperlab.pl  use.typekit.net  s3-eu-west-1.amazonaws.com  styles.assets-landingi.com  fonts.assets-landingi.com  static.biedronka.local  static-wwwbiedronkapl-dev-php56.hyperlab.pl  static.biedronka.pl  fonts.gstatic.com; img-src 'self'  data:  http:  https:  cdn.biedronka.pl  s7g10.scene7.com  cdn-jmpovh.hyperlab.pl  static-jmpovh.hyperlab.pl  maps.googleapis.com  maps.gstatic.com  pl-gmtdmp.mookie1.com  icons.assets-landingi.com  www.facebook.com  ib.adnxs.com  cdn.lugc.link  images.assets-landingi.com  s3-eu-west-1.amazonaws.com  app.push-api.pl  www.google-analytics.com  www.google.pl  www.google.com  ct.pinterest.com  static.biedronka.local  static-wwwbiedronkapl-dev-php56.hyperlab.pl  static.biedronka.pl  secure.adnxs.com  cdn2-wwwbiedronkapl-dev-php56.hyperlab.pl  cdn.biedronka.pl  cdn2.biedronka.pl  cdn.cookielaw.org  www.googletagmanager.com *.crazyegg.com; frame-src 'self'  data:  http:  https:  www.tiktok.com  www.youtube.com  landingipopups.com  creativecdn.com  ct.pinterest.com  biedronka.push-ad.com  www.google.com tr.snapchat.com td.doubleclick.net ams.creativecdn.com www.instagram.com *.crazyegg.com; connect-src 'self'  data:  http:  https: wss: *.crazyegg.com ws.hotjar.com; worker-src 'self'  data:  http:  https: blob: *.crazyegg.com; 1
default-src 'self' https://api.segment.io https://*.doubleclick.net https://*.fls.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.google.com https://*.google-analytics.com https://*.pinimg.com https://*.pinterest.com https://*.youtube.com https://api.company-target.com https://*.ada.support; connect-src 'self' https://api.segment.io https://cdn.segment.com/v1/projects/ldsdtRtKVXqIHgDurIGPl4bLIr6Vfd7D/settings https://cdn.segment.com/v1/projects/1TssNhyW2N3vJHSTNL4aWKjzMDB6IgVL/settings https://cdn.segment.com/analytics-next/bundles/* https://cdn.segment.com/next-integrations/integrations/* https://bam.nr-data.net https://bam-cell.nr-data.net https://*.doubleclick.net https://*.fls.doubleclick.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.pinterest.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://*.ada.support https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://cookie-cdn.cookiepro.com https://platform.cloud.coveo.com https://analytics.cloud.coveo.com/ https://*.imgix.net https://pinterestnonproduction1xprk3f11.org.coveo.com https://pinterestnonproduction1xprk3f11.analytics.org.coveo.com https://pinterestproductionohr9ejs4.org.coveo.com https://pinterestproductionohr9ejs4.analytics.org.coveo.com; font-src 'self' data: https://*.hotjar.com https://*.hotjar.io https://*.ada.support; frame-src 'self' https://*.hotjar.com https://*.hotjar.io https://*.ada.support; img-src 'self' data: https://secure.adnxs.com https://static.ads-twitter.com https://www.bizographics.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://connect.facebook.net https://www.facebook.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://*.linkedin.com https://*.ads.linkedin.com https://*.dc.ads.linkedin.com https://*.pinimg.com https://*.pinterest.com https://t.co https://*.twitter.com https://*.youtube.com https://*.hotjar.com https://*.hotjar.io https://*.ada.support https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://cookie-cdn.cookiepro.com https://*.imgix.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.ads-twitter.com https://googleads.g.doubleclick.net https://connect.facebook.net https://*.google.com https://*.googleadservices.com https://www.googletagmanager.com https://*.google-analytics.com https://www.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://*.pinimg.com https://*.pinterest.com https://*.twitter.com https://cdn.segment.com https://tag.demandbase.com https://scripts.demandbase.com https://api.demandbase.com https://autocomplete.demandbase.com https://id.rlcdn.com https://d.company-target.com https://*.hotjar.com https://*.hotjar.io https://*.ada.support https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://cookie-cdn.cookiepro.com https://assets.pinterest.com https://cdn.jsdelivr.net https://polyfill-fastly.io https://static.ada.support; style-src 'self' 'unsafe-inline' https://*.pinimg.com https://*.pinterest.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://cookie-cdn.cookiepro.com https://cdn.jsdelivr.net; frame-ancestors 'self'; report-uri https://www.pinterest.com/_/_/csp_report/ 1
base-uri 'self'; block-all-mixed-content; child-src: blob:; connect-src 'self' https://*.wistia.com https://*.wistia.net https://sentry.io; default-src 'self' https://sentry.io; font-src 'self' https://static-assets.life.church data: https://*.wistia.com; frame-ancestors 'self'; frame-src https://fast.wistia.com https://fast.wistia.net; img-src 'self' https://chop-marketing.imgix.net https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://cdn.sanity.io data:; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://sentry.io https://*.wistia.com https://*.wistia.net https://src.litix.io https://www.googletagmanager.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' blob: https://fast.wistia.com; upgrade-insecure-requests; 1
frame-ancestors 'self'; report-uri https://www.leidos.com/vdp 1
frame-ancestors 'self' *.nyp.org *.prod.acquia-sites.com 1
default-src 'self'; frame-ancestors 'self' https://mclaren.bloomreach.io https://test-mclaren.bloomreach.io; style-src 'self' 'unsafe-inline' https://d7c4jjeuqag9w.cloudfront.net https://static-cdn.mclaren.com https://*.kampyle.com https://*.medallia.com https://*.medallia.eu https://mclaren.bloomreach.io; img-src 'self' data: *; media-src 'self' https://video.twimg.com https://mclaren.bloomreach.io https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai; font-src 'self' https://d7c4jjeuqag9w.cloudfront.net https://static-cdn.mclaren.com https://*.kampyle.com https://*.medallia.com https://*.medallia.eu https://mclaren.bloomreach.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://region1.google-analytics.com https://tracking.client.com https://metrics.client.com https://ucarecdn.com/libs/widget/3.17.2/uploadcare.full.min.js https://platform.twitter.com https://d7c4jjeuqag9w.cloudfront.net https://apps.storystream.ai https://static-cdn.mclaren.com https://cdn.cookielaw.org https://cdn-ukwest.onetrust.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://cdn.usefathom.com/script.js https://i7bx8z.mclaren.com/script.js https://qd5tp4.mclaren.com/script.js https://rfa8z9.mclaren.com/script.js https://www.youtube.com https://connect.facebook.net https://platform.linkedin.com https://*.kampyle.com https://*.medallia.com https://*.medallia.eu https://collection.decibelinsight.net https://lcinternational.demdex.net https://cdnjs.cloudflare.com/ajax/libs/jsrender/ https://cdnjs.cloudflare.com/ajax/libs/gsap/ https://cdn.jsdelivr.net/npm/twemoji@11.3.0/2/ https://twemoji.maxcdn.com/2/ https://mclaren.bloomreach.io; frame-src 'self' https://td.doubleclick.net https://platform.twitter.com https://www.youtube.com https://www.facebook.com https://*.kampyle.com https://*.medallia.com https://*.medallia.eu https://smc-lp.s4hana.ondemand.com https://my.forms.app https://cloud.email.racing.mclaren.com https://mclaren.bloomreach.io; connect-src 'self' *.google-analytics.com https://region1.google-analytics.com https://tracking.client.com https://metrics.client.com https://598nyfqkt7.execute-api.eu-west-1.amazonaws.com https://upload.uploadcare.com https://syndication.twitter.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://www.google-analytics.com https://*.google-analytics.com/g/ https://stats.g.doubleclick.net https://*.kampyle.com https://*.medallia.com https://*.medallia.eu https://*.mclaren.com/racing-feeds/ https://*.hana.ondemand.com wss://f1-feed.mclaren.com/socket.io/ https://f1-feed.mclaren.com/socket.io/ https://collection.decibelinsight.net wss://collection.decibelinsight.net https://mclaren.bloomreach.io; manifest-src 'self' https://static-cdn.mclaren.com https://mclaren.bloomreach.io; worker-src 'self' blob:; object-src 'none'; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src * data:; connect-src * data:; media-src * blob:; worker-src 'self' blob:; 1
object-src 'none'; default-src * 'unsafe-inline' blob: data:; img-src * 'self' data: https:; media-src * 'unsafe-inline' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; font-src * data:; frame-ancestors 'self'; 1
default-src https:; connect-src https://bi.zone https://*.bi.zone https://ip2c.org https://*.yandex.ru https://*.yandex.md https://bitrix.info wss://*.bi.zone; font-src 'self' data: https://fonts.gstatic.com:*; img-src 'self' blob: data: https://*.bi.zone https://vk.com https://*.yandex.ru https://*.ggpht.com https://*.ytimg.com; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' data: blob: properties: 'report-sample' 'unsafe-inline' 'unsafe-eval' *.asaas.com https://logs.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://www.datadoghq-browser-agent.com https://www.asaas.com https://*.amazonaws.com https://*.userguiding.com https://*.nr-data.net https://*.intercom.io wss://*.intercom.io https://*.intercomassets.com https://*.intercomassets.eu https://intercom.help https://intercom-sheets.com https://www.intercom-reporting.com https://*.youtube.com https://player.vimeo.com https://fast.wistia.net https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomcdn.io https://*.intercomusercontent.com https://*.intercom-attachments.eu https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://*.gstatic.com https://tagmanager.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googleusercontent.com https://*.googleapis.com https://*.googleadservices.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.googlesyndication.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.facebook.net https://*.facebook.com https://*.linkedin.com https://*.ads.linkedin.com https://*.linkedin.oribi.io https://*.licdn.com https://*.adsymptotic.com https://*.fullstory.com https://*.getblue.io https://*.criteo.com https://*.criteo.net https://*.tremorhub.com https://*.teads.tv https://*.getbeamer.com https://*.taboola.com https://tsdtocl.com https://*.bing.com https://*.clarity.ms https://*.typekit.net https://*.adyen.com https://*.clearsale.com.br https://*.credithub.com.br https://*.outbrain.com https://*.omnitagjs.com https://*.twitter.com https://*.ads-twitter.com https://*.hotmart.com https://*.openstreetmap.org https://*.jquery.com https://*.fontawesome.com https://*.segment.com https://*.segment.io https://js.hsforms.net/forms/v2.js https://*.hs-scripts.com/ https://js.hs-analytics.net/ https://js.hscollectedforms.net/ https://js.hubspot.com https://js.usemessages.com/ https://js.hs-banner.com/ https://api.hubspot.com/ https://track.hubspot.com https://js.hs-analytics.net/ https://forms.hscollectedforms.net/ https://app.hubspot.com/ https://cta-service-cms2.hubspot.com/ https://*.hsforms.com/; upgrade-insecure-requests; block-all-mixed-content; 1
base-uri 'self' beebom.com; object-src 'none'; 1
default-src 'self' https:; connect-src 'self' https://*.adroll.com/ https://*.qualtrics.com/ https://*.signifyd.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://cdn.growthbook.io/ http://*.treasuredata.com/ https://*.treasuredata.com/ https://*.onetrust.com/ https://ct.pinterest.com/ https://bat.bing.com/ https://analytics.tiktok.com/ https://*.snapchat.com/ https://s.yimg.com/ https://*.hotjar.com wss://*.hotjar.com https://*.snapshot.com/ https://*.twitter.com/ https://pxl.jivox.com/ https://*.ingest.sentry.io/ https://cdn.cookielaw.org https://www.facebook.com/ https://polyfill.io/ https://sentry.io/ https://web-sdk.control.kochava.com/ http://web-sdk.control.kochava.com/ https://*.littlecaesars.com https://*.azurewebsites.net https://stats.g.doubleclick.net https://ssl.gstatic.com https://col.eum-appdynamics.com 'unsafe-eval' 'unsafe-inline' https://littlecaesars.fbmta.com/ https://*.virtualearth.net https://www.google-analytics.com/collect; font-src 'self' data: https://*.hotjar.com/ https://fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' https://ct.pinterest.com/ https://*.qualtrics.com/ https://*.signifyd.com/ https://*.online-metrix.net/ https://player.vimeo.com https://*.hotjar.com/ https://*.littlecaesars.com https://*.cybersource.com https://*.snapchat.com https://d1eoo1tco6rr5e.cloudfront.net/ http://tagmanager.google.com/ https://www.facebook.com/ https://www.google.com/recaptcha/ https://littlecaesarenterprises.formstack.com https://www.youtube.com/embed/ https://cdn.appdynamics.com https://request.eprotect.vantivcnp.com https://request.eprotect.vantivprelive.com https://libs.na.bambora.com https://*.adsrvr.org/ https://*.fls.doubleclick.net/ https://bid.g.doubleclick.net/; img-src 'self' data: https://*.adroll.com/ https://*.qualtrics.com/ https://*.signifyd.com/ https://i.vimeocdn.com https://*.g.doubleclick.net/ https://*.adsrvr.org/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://*.treasuredata.com/ https://cdn.cookielaw.org https://ct.pinterest.com/ https://alb.reddit.com/ https://*.hotjar.com https://px.gumgum.com/ https://*.twitter.com/ https://*.jivox.com/ https://*.littlecaesars.com/ https://www.google.com/ https://*.googleusercontent.com https://bat.bing.com/ https://hexagon-analytics.com/ https://www.datocms-assets.com https://lcemedia.blob.core.windows.net https://*.gstatic.com/ https://googleapis.com https://maps.googleapis.com https://col.eum-appdynamics.com https://www.facebook.com https://t.co https://mobileblobfiles.blob.core.windows.net/ https://sp.analytics.yahoo.com/ https://connect.facebook.net/; object-src https://littlecaesars.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.treasuredata.com/ https://*.treasuredata.com/ https://*.adroll.com/ https://*.qualtrics.com/ https://*.signifyd.com/ https://*.googletagmanager.com/ https://s.pinimg.com/ https://*.hotjar.com/ https://*.twitter.com/ https://analytics.tiktok.com/ https://pxl.jivox.com/ https://geolocation.onetrust.com https://bat.bing.com/ https://cdn.cookielaw.org https://*.cybersource.com https://www.google.com/ https://*.snapchat.com https://sc-static.net https://googleads.g.doubleclick.net/ https://*.googleadservices.com/ https://*.sift.com/ https://*.virtualearth.net https://polyfill.io/ https://sentry.io/ https://request.eprotect.vantivcnp.com https://request.eprotect.vantivprelive.com https://s.ytimg.com/ https://www.youtube.com https://googleapis.com https://maps.googleapis.com https://cdn.appdynamics.com https://libs.na.bambora.com https://static.ads-twitter.com https://js.adsrvr.org https://connect.facebook.net https://www.gstatic.com/recaptcha/ http://web-sdk.control.kochava.com/ https://assets.kochava.com/ http://assets.kochava.com/ https://s.yimg.com/ https://sp.analytics.yahoo.com/ https://www.redditstatic.com/; style-src 'self' 'unsafe-inline' https://*.signifyd.com/ https://tagmanager.google.com https://googleapis.com https://fonts.googleapis.com https://*.virtualearth.net https://f.vimeocdn.com; 1
default-src * data: blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://tag.demandbase.com https://assets.adobedtm.com https://com-avaya.netmng.com https://cdn.avaya-learning.com https://js.zi-scripts.com https://maxcdn.bootstrapcdn.com https://*.oracleinfinity.io https://tags.clickagy.com https://s.go-mpulse.net https://*.zoominfo.com https://*.vidyard.com https://*.neverbounce.com https://*.avayacloud.com https://js.hsadspixel.net https://up.pixel.ad https://unpkg.com https://static.hotjar.com https://script.hotjar.com https://cdn.jsdelivr.net https://www.trustradius.com https://ssl.google-analytics.com https://www.storygize.net https://cdn.storygize.net https://s.yimg.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://stats.sa-as.com https://*.paymetric.com http://*.avaya.com  https://gateway.zscalertwo.net https://s0.2mdn.net https://geolocation.onetrust.com https://cdn.cookielaw.org https://prdapp02.xisecurenet.com http://wm2.wiredminds.de https://wm2.wiredminds.de https://*.avaya.com https://*.cloudfront.net https://*.en25.com https://*.googleapis.com https://www.googletagmanager.com https://*.google.com https://*.linkedin.com https://*.serving-sys.com https://79423.analytics.edgekey.net https://ad.atdmt.com https://cdn.syndication.twimg.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://cookies.onetrust.com https://ds-aksb-a.akamaihd.net https://gateway.zscaler.net https://gateway.zscloud.net https://googleads.g.doubleclick.net https://optanon.blob.core.windows.net https://*.twitter.com https://static.ads-twitter.com https://qaapp02.xisecurenet.com https://s1737033466.t.eloqua.com https://s3.amazonaws.com https://secure.adnxs.com https://service.maxymiser.net https://snap.licdn.com https://tags.tiqcdn.com https://use.fontawesome.com https://use.typekit.net https://www.bizographics.com https://*.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.viewbix.com https://*.arkoselabs.com; style-src 'self' 'unsafe-inline' https://cdn.avaya-learning.com https://*.cloudfront.net https://unpkg.com https://cdnjs.cloudflare.com https://www.trustradius.com https://*.avaya.com https://www.gstatic.com https://cdn.jsdelivr.net https://*.google.com https://*.googleapis.com https://gateway.zscaler.net https://maxcdn.bootstrapcdn.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://platform.twitter.com https://ton.twimg.com https://use.fontawesome.com; connect-src 'self' https://googleads.g.doubleclick.net https://tag-logger.demandbase.com https://px.ads.linkedin.com https://www.google.com https://api.company-target.com https://privacyportal-de.onetrust.com https://dpm.demdex.net https://avayallc.tt.omtrdc.net https://js.zi-scripts.com https://*.onetrust.com https://cdn.linkedin.oribi.io https://*.akamaihd.net https://hemsync.clickagy.com https://aorta.clickagy.com https://*.vidyard.com https://*.zoominfo.com https://*.hotjar.com wss://*.hotjar.com https://*.lottiefiles.com https://avayabot.avaya.com https://*.hotjar.io https://bat.bing.com https://*.lottiefiles.com https://forms.visistat.com wss://*.hotjar.com https://*.hotjar.com https://analytics.google.com  https://*.analytics.google.com https://s1737033466.t.eloqua.com https://www.trustradius.com https://dudodiprj2sv7.cloudfront.net https://s.yimg.com https://api.kickfire.com http://*.avaya.com wss://*.avaya.com https://*.avaya.de https://s1737033466.t.eloqua.com https://*.akstat.io https://*.viewbix.com http://production.shippingapis.com https://secure.shippingapis.com https://c.go-mpulse.net https://code.jquery.com https://ds-aksb-a.akamaihd.net https://*.googleapis.com https://ma193-r.analytics.edgekey.net https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://ru.api4load.com https://syndication.twitter.com https://www.apple.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.postescanada-canadapost.ca https://geolocation.onetrust.com; frame-ancestors 'self' https://*.avaya.com ; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.google-analytics.com *.google.com/ https://dec.azureedge.net/ munchkin.marketo.net *.wistia.com *.wistia.net http://js.hsforms.net/ https://forms.hsforms.com/ https://js.hs-banner.com https://js.hsleadflows.net *.hubspot.com https://js.hscollectedforms.net cdn.kendostatic.com https://app.usercentrics.eu/ https://az416426.vo.msecnd.net/ https://js.hsadspixel.net/ https://js.usemessages.com/ https://www.googletagmanager.com https://www.googleadservices.com *.demandbase.com https://rec.smartlook.com https://snap.licdn.com https://www.redditstatic.com https://tracking-cdn.figpii.com *.inspectlet.com https://statics-cdn.figpii.com slideslive.com/embed_presentation.js *.zoominfo.com tags.clickagy.com https://cdnjs.cloudflare.com *.outbrain.com *.doubleclick.net *.hawksearch.net *.g2crowd.com *.sentry-cdn.com/ 'self' cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net web-chat.nativechat.com *.eloqua.com *.en25.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.wistia.com https://www.googletagmanager.com *.hawksearch.net 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com i.ytimg.com https://syndication.twitter.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://www.altair.com *.google-analytics.com *.linkedin.com https://static.licdn.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net https://js.hsleadflows.net *.hsforms.com *.usercentrics.eu https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com *.google.com/ https://px.ads.linkedin.com https://www.googletagmanager.com https://p.adsymptotic.com *.hubspot.com *.hsappstatic.net https://alb.reddit.com https://tr.outbrain.com https://hn.inspectlet.com https://connect.facebook.net https://px.adentifi.com https://rtb.adentifi.com https://cm.g.doubleclick.net *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.m *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.g2crowd.com 'self' track.hubspot.com js.hsleadflows.net forms.hsforms.com web-chat.nativechat.com *.eloqua.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.wistia.com https://www.altair.com/include-header-footer/fonts/; frame-src *.hubspot.com *.hsforms.com *.hs-sites.com *.usercentrics.eu *.google.com *.youtube.com https://player.vimeo.com https://mkt.panopticon.altair.com *.facebook.com *.slideslive.com *.wistia.com *.wistia.net hemsync.clickagy.com *.company-target.com https://slideslive.com *.doubleclick.net 'self' forms.hsforms.com web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com *.google.com/ *.wistia.com https://embedwistia-a.akamaihd.net https://fg8vvsvnieiv3ej16jby.litix.io https://hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com https://api.hubapi.com https://forms.hubspot.com *.usercentrics.eu https://dc.services.visualstudio.com *.company-target.com https://manager.eu.smartlook.cloud https://www.facebook.com/tr https://events-writer.smartlook.com https://assets-proxy.smartlook.cloud https://sessions.bugsnag.com *.figpii.com wss://tdw.figpii.com *.inspectlet.com wss://ws.inspectlet.com https://slideslive.com https://web-writer.us.smartlook.cloud https://*.googlesyndication.com cdn.linkedin.oribi.io *.zoominfo.com *.clickagy.com *.demandbase.com *.outbrain.com *.doubleclick.net *.linkedin.com *.hawksearch.net *.hawksearch.com *.redditstatic.com *.reddit.com *.g2crowd.com *.wistia.net *.g2.com 'self' forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.wistia.net *.wistia.com https://embedwistia-a.akamaihd.net; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: 'self' web-chat.nativechat.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.elev.io *.google.com elev.io google.com fonts.googleapis.com *.google-analytics.com *.googletagmanager.com cdn.statuspage.io serve.albacross.com connect.facebook.net static.ads-twitter.com ws.zoominfo.com www.googleadservices.com cdn.segment.com googleads.g.doubleclick.net cdn.heapanalytics.com cdn.amplitude.com j.6sc.co snap.licdn.com *.iubenda.com client.prod.mplat-ppcprotect.com instantfox.co apis.google.com www.gstatic.com;style-src 'self' 'unsafe-inline' rsms.me elev.io fonts.googleapis.com;font-src 'self' 'unsafe-inline' data: cdn.elev.io rsms.me fonts.gstatic.com 1
default-src 'self' *.greenhouse.io *.sharethis.com *.rhombusads.com *.google-analytics.com *.doubleclick.net *.fullstory.com *.mktoresp.com *.hscollectedforms.net *.hsforms.com veradigm-com-cache.s3.amazonaws.com *.cookiebot.com *.analytics.google.com *.ads.linkedin.com *.acsbapp.com *.google.com acsbapp.com ws.zoominfo.com *.hubspot.com *.driftt.com *.crazyegg.com blob:; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src *.greenhouse.io *.doubleclick.net *.marketo.com *.sitescout.com *.krxd.net *.youtube.com *.sharethis.com *.consensu.org *.cookiebot.com *.hsforms.com issuu.com *.google.com *.drift.com *.driftt.com *.adroll.com *.crazyegg.com; img-src 'self' data: *.zoominfo.com *.google-analytics.com *.marketo.com *.linkedin.com *.lfeeder.com *.sitescout.com *.adsymptotic.com *.krxd.net *.youtube.com *.sharethis.com *.googleapis.com *.gstatic.com *.googleusercontent.com *.doubleclick.net *.google.com *.fullstory.com *.hubspot.com *.analytics.google.com *.hsforms.com *.geniusmonkey.com *.cookiebot.com *.capterra.com *.adroll.com *.bidswitch.net *.openx.net *.adnxs.com *.analytics.yahoo.com *.rlcdn.com *.googlesyndication.com *.rubiconproject.com *.casalemedia.com *.pubmatic.com *.outbrain.com *.taboola.com *.3lift.com *.company-target.com *.facebook.com; object-src 'none'; script-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.greenhouse.io *.zoominfo.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.marketo.com *.marketo.net *.licdn.com *.pixel.ad *.krxd.net *.lfeeder.com *.sharethis.com *.google.com *.googleadservices.com *.doubleclick.net *.youtube.com *.fullstory.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsforms.com *.hsforms.net *.hscollectedforms.net *.cookiebot.com *.geniusmonkey.com *.adroll.com *.ads.linkedin.com acsbapp.com *.acsbapp.com *.gstatic.com *.drift.com *.driftt.com *.crazyegg.com *.contextweb.com *.hubspot.com connect.facebook.net blob: 'unsafe-eval' *.googletagmanager.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com *.marketo.com *.google.com *.crazyegg.com; 1
default-src 'none'; connect-src 'self' ipleak.net:* *.ipleak.net:* ipleak.net *.ipleak.net; font-src 'self'; frame-src 'self' *.google.com; img-src 'self' data:; script-src 'self'; style-src 'self'; manifest-src 'self'; base-uri 'none'; form-action 'self' 1
frame-src accounts.firefox.com *.mozilla.net *.mozilla.com www.googletagmanager.com www.google-analytics.com www.youtube.com 'self' js.stripe.com *.mozilla.org; script-src tagmanager.google.com s.ytimg.com *.mozilla.net *.mozilla.com www.googletagmanager.com 'unsafe-inline' www.google-analytics.com www.youtube.com 'self' 'unsafe-eval' js.stripe.com *.mozilla.org; img-src mozilla.org images.ctfassets.net data: creativecommons.org *.mozilla.net *.mozilla.com www.googletagmanager.com www.google-analytics.com 'self' *.mozilla.org; default-src *.mozilla.com *.mozilla.net *.mozilla.org 'self'; child-src accounts.firefox.com *.mozilla.net *.mozilla.com www.googletagmanager.com www.google-analytics.com www.youtube.com 'self' js.stripe.com *.mozilla.org; font-src *.mozilla.net *.mozilla.com *.mozilla.org 'self'; connect-src o1069899.sentry.io o1069899.ingest.sentry.io region1.google-analytics.com cjms.services.mozilla.com *.mozilla.net *.mozilla.com www.googletagmanager.com www.google-analytics.com stage.cjms.nonprod.cloudops.mozgcp.net sentry.prod.mozaws.net 'self' https://accounts.firefox.com/ *.mozilla.org; style-src *.mozilla.net *.mozilla.com 'unsafe-inline' 'self' *.mozilla.org 1
default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'nonce-VakHnXsYYoVrVjLymlStPdU6'; img-src 'self' data: https://*.parnassys.net/; connect-src 'self'; font-src 'self'; object-src 'none'; manifest-src 'self'; child-src 'self'; base-uri 'self'; frame-src 'self' 1
default-src 'self'; connect-src 'self'; img-src *; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; 1
upgrade-insecure-requests; media-src https: data: blob:; img-src https: data: blob:; object-src 'none'; worker-src 'self' blob:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://app.mutinyhq.com 1
frame-ancestors 'self' app.nearpod.com; 1
frame-ancestors 'self' https://*.charlotte.edu https://*.uncc.edu https://uncc.instructure.com; frame-src 'self' comgooglemaps: gsa: https://9572357.fls.doubleclick.net https://accounts.google.com https://adservices.brandcdn.com https://airtable.com https://anchor.fm https://api.recollect.net https://apis.google.com https://app.smartsheet.com https://*.arcgis.com https://bid.g.doubleclick.net https://bot.ivy.ai https://calendar.google.com https://calendly.com https://cdnapisec.kaltura.com https://cdn.exchmapdata.com https://cdn.knightlab.com https://cdn.youvisit.com https://*.charlotte.edu https://chart-studio.plotly.com https://c.sharethis.mgr.consensu.org https://d1eoo1tco6rr5e.cloudfront.net https://datastudio.google.com https://datawrapper.dwcdn.net https://docs.google.com https://drive.google.com https://edabroad.h5p.com https://e.infogram.com https://e.issuu.com https://embed.financialaidtv.com https://embed.ocelotbot.com https://embed.podcasts.apple.com https://embed.styledcalendar.com https://*.flowpaper.com https://flowpaper.com https://*.github.io https://*.hotjar.com https://*.hotjar.io https://insight.adsrvr.org https://libraryh3lp.com https://livestream.com https://loader.webspellchecker.net https://lookerstudio.google.com https://maphub.net https://maps.google.com https://match.adsrvr.org https://mcmap.org https://m.facebook.com https://my.matterport.com https://*.netlify.app https://platform.twitter.com https://player.vimeo.com https://public.tableau.com https://pub.s10.exacttarget.com https://*.rlets.com https://*.shinyapps.io https://*.skedda.com https://*.spotify.com https://syndication.twitter.com https://t.sharethis.com https://*.uncc.edu https://uncc.financialaidtv.com https://uncc-mps-training.s3.amazonaws.com https://view-awesome-table.com https://vimeo.com https://web.facebook.com https://whova.com https://w.soundcloud.com https://ws.sharethis.com https://www.buzzsprout.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.instagram.com https://www.theweather.com https://www.youtube.com https://www.youtube-nocookie.com https://youtu.be https://youtube.com 1
frame-ancestors 'self' editor.construct.net preview.construct.net animate.construct.net; script-src construct-static.com www.construct.net www.youtube.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.paypal.com js.braintreegateway.com www.paypalobjects.com accounts.google.com www.googletagmanager.com www.google.com apis.google.com r.stripe.com js.stripe.com connect.facebook.net 'unsafe-inline' 'unsafe-hashes'; 1
frame-ancestors 'self' https://*.cae.plexusvirtual.com https://*.caeoneworld2020.com http://3.23.73.238; 1
default-src 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://cdn.jsdelivr.net/npm/ https://assets.adoberesources.net https://documentcloud.adobe.com blob:; style-src 'self' 'unsafe-inline' *.typekit.net https:; img-src https: data: blob: 'self' https://assets.adoberesources.net https://lh3.googleusercontent.com; media-src https: 'self'; object-src 'self'; font-src https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net 'self' https:; frame-ancestors https://*.hubspot.com https://info.atlascopco.us https://info.atlascopcoupdates.com http://*.scene7.com https://atlascopco-preview.adobecqms.net 'self'; frame-src https: https://documentcloud.adobe.com; connect-src https: .adobe.io wss://.adobe.io wss://ws.hotjar.com 'self'; worker-src blob:; child-src blob: 1
base-uri 'self'; default-src 'self' https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' 'nonce-23456789' 'nonce-34567891' 'nonce-45678912' 'nonce-56789123' https://gov1.siteIntercept.qualtrics.com https://*.gov1.siteIntercept.qualtrics.com https://www.google.com https://*.google.com https://www.googletagmanager.com https://*.www.googletagmanager.com https://*.googletagmanager.com https://www.googleadservices.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://*.googleads.g.doubleclick.net:* *.googleadservices.net https://*.www.google.com:* *.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://www.benefits.gov https://*.benefits.gov https://www.youtube.com https://*.youtube.com https://www.youtube.com/iframe_api https://www.youtube.com/www-widgetapi https://i.ytimg.com https://*.ytimg.com https://noembed.com data: blob:; script-src-elem 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://*.google.com https://www.googletagmanager.com https://*.www.googletagmanager.com https://*.googletagmanager.com https://www.googleadservices.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://*.googleads.g.doubleclick.net:* *.googleadservices.net https://*.www.google.com:* *.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://gov1.siteIntercept.qualtrics.com https://*.gov1.siteIntercept.qualtrics.com https://api.benefits.gov https://*.api.benefits.gov https://www.benefits.gov https://*.benefits.gov https://www.youtube.com https://*.youtube.com https://www.youtube.com/iframe_api https://www.youtube.com/www-widgetapi https://i.ytimg.com https://*.ytimg.com https://noembed.com data: blob:; connect-src 'self' https://www.benefits.gov https://*.benefits.gov https://api.benefits.gov https://*.api.benefits.gov https://www.youtube.com https://*.youtube.com https://www.youtube.com/iframe_api https://www.youtube.com/www-widgetapi https://i.ytimg.com https://*.ytimg.com https://noembed.com https://gov1.siteIntercept.qualtrics.com https://*.gov1.siteIntercept.qualtrics.com https://www.google.com https://*.google.com https://www.googletagmanager.com https://*.www.googletagmanager.com https://*.googletagmanager.com https://www.googleadservices.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://*.googleads.g.doubleclick.net:* *.googleadservices.net https://*.www.google.com:* *.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net directline.botframework.com https://webto.salesforce.com data: blob: wss:; frame-src 'self' https://www.youtube.com https://*.youtube.com https://www.youtube.com/iframe_api https://www.youtube.com/www-widgetapi https://i.ytimg.com https://*.ytimg.com https://noembed.com https://www.google.com blob:; child-src 'self' https://api.benefits.gov https://*.api.benefits.gov https://www.youtube.com https://*.youtube.com https://www.youtube.com/iframe_api https://www.youtube.com/www-widgetapi https://i.ytimg.com https://*.ytimg.com https://noembed.com data: blob:; object-src 'self' blob:; img-src 'self' https://www.benefits.gov https://*.benefits.gov https://api.benefits.gov https://*.api.benefits.gov https://analytics.twitter.com https://*.analytics.twitter.com https://platform.twitter.com https://t.co https//*.t.co https://static.ads-twitter.com https://*.static.ads-twitter.com https://ton.twitter.com https://*.ton.twitter.com https://syndication.twitter.com https://*.syndication.twitter.com https://connect.facebook.net https://*.connect.facebook.net https://*.facebook.com https://*.fbcdn.net https://*.facebook.net https://*.fbcdn.net https://*.facebook.com https://*.fbcdn.net https://*.facebook.net https://www.google.com https://*.google.com https://www.googletagmanager.com https://*.www.googletagmanager.com https://*.googletagmanager.com https://www.googleadservices.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://*.googleads.g.doubleclick.net:* *.googleadservices.net https://*.www.google.com:* *.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://www.youtube.com https://*.youtube.com https://www.youtube.com/iframe_api https://www.youtube.com/www-widgetapi https://i.ytimg.com https://*.ytimg.com https://noembed.com data: blob:; media-src 'self' https://www.youtube.com https://*.youtube.com https://www.youtube.com/iframe_api https://www.youtube.com/www-widgetapi https://i.ytimg.com https://*.ytimg.com https://noembed.com blob:; frame-ancestors 'self'; form-action 'self' https://www.benefits.gov https://*.benefits.gov https://api.benefits.gov https://*.api.benefits.gov; manifest-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://www.benefits.gov https://*.benefits.gov data: blob:; style-src-attr 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.benefits.gov https://*.benefits.gov data:; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; worker-src 'self' directline.botframework.com data: blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hse.ie *.jquery.com *.adobedtm.com *.googletagmanager.com *.force.com *.cloudfront.net  *.salesforceliveagent.com *.cookielaw.org *.google-analytics.com *.hotjar.com *.healthatlasireland.ie *.cloudflare.com *.gstatic.com *.osi.ie *.juicer.io naashospital.ie *.twitter.com *.fbcdn.net *.fontawesome.com *.contactcentrechat.com *.usabilla.com *.google.com *.salesforce.com *.squiz.cloud *.containers.piwik.pro;img-src 'self' *.hse.ie *.ytimg.com *.google-analytics.com *.2o7.net *.osi.ie *.googletagmanager.com data: *.gstatic.com *.googleapis.com *.ggpht *.cloudfront.net *.cookielaw.org *.usabilla.com *.gravatar.com 1
script-src https://cs.money 'self' 'unsafe-eval' *.cs.money 'nonce-uKTDvm87Em7xkkcAk5pNlg==' https://owox.cs.money https://support.cs.money https://tagmanager.google.com https://connect.facebook.net https://analytics.tiktok.com https://metrics.hotjar.io https://bat.bing.com https://tr.snapchat.com https://gleam.io https://sc-static.net https://script.hotjar.com;worker-src 'self' data: blob:;object-src https://cs.money;img-src https://cs.money 'self' https: data:;default-src 'self' https://cs.money;connect-src https://cs.money wss://cs.money 'self' *.cs.money https://widget.trustpilot.com https://owox.cs.money https://api.amplitude.com https://esputnik.com https://analytics.tiktok.com https://analytics.pangle-ads.com https://bat.bing.com https://*.googlesyndication.com https://*.doubleclick.net https://*.google.com https://*.usedesk.ru https://*.esputnik.com https://*.snapchat.com https://*.yandex.ru https://*.yandex.com https://*.hotjar.io https://*.facebook.com https://*.google-analytics.com https://*.sentry.io https://*.grafana.net wss://*.hotjar.com wss://*.usedesk.ru wss://support.cs.money *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat;media-src 'self' https://www.googletagmanager.com https://secure.usedesk.ru/;form-action 'self' https://facebook.com https://www.facebook.com;font-src 'self' https://fonts.gstatic.com;frame-src https://www.youtube.com https://www.facebook.com/ https://cashier.bridgerpay.com/ https://widget.trustpilot.com https://gleam.io https://*.doubleclick.net https://*.snapchat.com https://*.sumsub.com https://*.yandex.ru https://*.yandex.com;base-uri 'self';frame-ancestors 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self' *.wartsila.com *.wistia.com https://t.wartsila.tiedosto.com https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com twitter.com https://waertsilae.leadfamly.com https://go.pardot.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://cdn.flipsnack.com tools.eurolandir.com asia.tools.euroland.com www.facebook.com https://innovatics.fi https://*.innovatics.fi cdn.cookielaw.org *.leadoo.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://s.ytimg.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.curator.io *.google-analytics.com https://www.youtube.com/iframe_api https://www.youtube.com/s/ *.twitter.com twitter.com https://static.ads-twitter.com https://dec.azureedge.net/ www.googletagmanager.com https://snap.licdn.com www.googleadservices.com https://code.jquery.com https://ajax.microsoft.com cdn.pardot.com https://track.gaconnector.com https://tag.demandbase.com https://serve.nrich.ai pi.pardot.com https://cdnjs.cloudflare.com https://tag.nrich.ai https://audience.nrich.ai pages.wartsila.digital *.doubleclick.net doubleclick.net https://app.interactiveads.ai *.wistia.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input kendo.cdn.telerik.com https://unpkg.com s7.addthis.com m.addthis.com https://z.moatads.com/addthismoatframe568911941483/moatframe.js https://v1.addthisedge.com docs.google.com tools.euroland.com https://t.wartsila.tiedosto.com fast.wistia.net meltwater.fi https://api-public.addthis.com wartsila-reports.studio.crasman.fi https://ipmeta.io t.co https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com https://safety-day-bingo-prod.s3.eu-west-1.amazonaws.com https://waertsilae.leadfamly.com https://go.pardot.com *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://stackpath.bootstrapcdn.com https://sentiment.inderes.fi https://*.hotjar.com wss://*.hotjar.com tools.eurolandir.com asia.tools.euroland.com *.pingdom.net *.imp.stackadapt.com *.srv.stackadapt.com srv.stackadapt.com cdn.cookielaw.org *.leadoo.com https://code.createjs.com/1.0.0/createjs.min.js https://hm.baidu.com/hm.js https://*.linkedin.com https://*.baidu.com https://*.cdn.bcebos.com 'self' web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com *.twimg.com *.curator.io *.twitter.com twitter.com https://d35islomi5rx1v.cloudfront.net https://d20rdry57v9fzf.cloudfront.net wartsila-flexicycle.s3.amazonaws.com docs.google.com *.wistia.com wartsila-reports.studio.crasman.fi https://cdnjs.cloudflare.com t.co https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com https://safety-day-bingo-prod.s3.eu-west-1.amazonaws.com https://waertsilae.leadfamly.com https://go.pardot.com m.addthis.com pages.wartsila.digital fast.fonts.net *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://stackpath.bootstrapcdn.com https://sentiment.inderes.fi tools.eurolandir.com asia.tools.euroland.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input https://code.jquery.com https://res.leadoo.com *.srv.stackadapt.com srv.stackadapt.com cdn.cookielaw.org *.leadoo.com https://*.baidu.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src www.linkedin.com data: blob: * android-webview-video-poster: https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input fast.wistia.net *.wistia.com *.stackadapt.com sitefinity-videos-stage.s3.eu-west-1.amazonaws.com *.google-analytics.com google-analytics.com *.analytics.google.com analytics.google.com https://*.linkedin.com 'self' web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: themes.googleusercontent.com/static/fonts/inconsolata/v5/BjAYBlHtW3CJxDcjzrnZCIbN6UDyHWBl620a-IRfuBk.woff https://cdnjs.cloudflare.com https://app.powerbi.com https://curatorio.s3.amazonaws.com https://github.com login.microsoftonline.com https://safety-day-bingo-prod.s3.eu-west-1.amazonaws.com https://waertsilae.leadfamly.com https://go.pardot.com fast.fonts.net *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com *.curator.io https://*.hotjar.com wss://*.hotjar.com tools.eurolandir.com asia.tools.euroland.com *.wistia.com https://res.leadoo.com *.stackadapt.com; frame-src 'self' *.wartsila.com https://go.pardot.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com tools.euroland.com tools.eurolandir.com asia.tools.euroland.com https://innovatics.fi https://*.innovatics.fi https://www.youtube.com https://www.google.com www.facebook.com https://w.soundcloud.com/ https://snapwidget.com/ pages.wartsila.digital meltwater.fi https://s.company-target.com/ https://app.powerbi.com *.leadoo.com *.doubleclick.net doubleclick.net web-chat.nativechat.com forms.hsforms.com; connect-src data: accounts.google.com *.curator.io *.mktoresp.com https://track.gaconnector.com https://serve.nrich.ai https://api.company-target.com *.google-analytics.com google-analytics.com *.analytics.google.com analytics.google.com *.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://api-public.addthis.com https://s7.addthis.com https://embedwistia-a.akamaihd.net fast.wistia.net https://d20rdry57v9fzf.cloudfront.net wartsila-flexicycle.s3.amazonaws.com https://ipmeta.io https://t.wartsila.tiedosto.com t.co https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com https://tag.nrich.ai https://match.prod.bidr.io *.twitter.com https://waertsilae.leadfamly.com https://go.pardot.com m.addthis.com pages.wartsila.digital https://*.hotjar.io *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://crmsrv.azurewebsites.net https://sentiment.inderes.fi https://*.hotjar.com wss://*.hotjar.com https://cdn.flipsnack.com tools.eurolandir.com asia.tools.euroland.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input www.facebook.com https://www.quandl.com *.pingdom.net wartsila.avaus.fi https://maps.googleapis.com https://sitefunc1.azurewebsites.net https://bot.leadoo.com https://iapi.leadoo.com https://anl.leadoo.com *.stackadapt.com https://innovatics.fi https://*.innovatics.fi risk.ipmeta.io segments.company-target.com cdn.cookielaw.org *.onetrust.com cdn.linkedin.oribi.io *.leadoo.com application/wasm blob: https://tag-logger.demandbase.com/ googlesyndication.com *.googlesyndication.com *.doubleclick.net doubleclick.net https://*.google.com https://*.linkedin.com https://*.baidu.com https://*.safe.baidu.com 'self' forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://video-frt3-2.cdninstagram.com https://www.youtube.com https://embedwistia-a.akamaihd.net https://*.hotjar.com wss://*.hotjar.com tools.eurolandir.com asia.tools.euroland.com *.wistia.com fast.wistia.net sitefinity-videos-stage.s3.eu-west-1.amazonaws.com https://*.baidu.com; child-src https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: *.twitter.com twitter.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://s7.addthis.com www.slideshare.net https://www.google.com pages.wartsila.digital https://snapwidget.com https://innovatics.fi https://*.innovatics.fi tools.euroland.com *.doubleclick.net doubleclick.net https://app.interactiveads.ai meltwater.fi www.linkedin.com *.wistia.com https://d20rdry57v9fzf.cloudfront.net wartsila-flexicycle.s3.amazonaws.com wartsila-reports.studio.crasman.fi https://t.wartsila.tiedosto.com t.co https://api.curator.io https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com https://waertsilae.leadfamly.com https://go.pardot.com *.wartsila.com https://*.hotjar.com wss://*.hotjar.com https://cdn.flipsnack.com tools.eurolandir.com asia.tools.euroland.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input https://www.quandl.com https://bot.leadoo.com cdn.linkedin.oribi.io cdn.cookielaw.org *.leadoo.com 'self' web-chat.nativechat.com 1
frame-ancestors 'self'; report-uri https://3f88b768f9ca759710ab36a8b6c50c86.report-uri.com/r/d/csp/reportOnly 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.screendaily.com; 1
default-src 'self' wss: https://*.contentful.com https://*.kampyle.com wss://*.ooklaserver.net https://*.tigocloud.net https://*.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://*.crazyegg.com; frame-src 'self' https://*.tigocloud.net https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://*.google-analytics.com https://www.youtube.com https://6493920.fls.doubleclick.net https://*.kampyle.com https://*.crazyegg.com https://www.arcgis.com https://tigoune.maps.arcgis.com https://www.une.com.co https://*.une.com.co; script-src 'self' blob: https://*.tigocloud.net https://*.kampyle.com https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://*.google-analytics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.youtube.com https://6493920.fls.doubleclick.net https://maps.googleapis.com https://www.gstatic.com/ https://sync.smartadserver.com https://s.ytimg.com https://facebook.com/signals/iwl.js https://widget-mediator.zopim.com https://*.licdn.com 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-lfXlPY3+MCPOPb4mrw1Y961+745U3WlDQVcOXdchSQc=' https://www.clarity.ms https://eum.instana.io https://*.crazyegg.com https://*.smooch.io https://tigoune.maps.arcgis.com https://www.une.com.co https://*.une.com.co 'sha256-mBcgzZ36s/ssKaH7/DbbJEMtbumFZHsz1tRHoAWJISU=' 'sha256-4jLXDjttYgZGdR3ly3AXw5YG6hUiB0vhH49x3gF4v6o=' 'sha256-nSNutDm4b0xlOVJ6d2o6FfQtTqubddecmFK5u1bH9eQ=' 'sha256-2UoXH2Nxa9FD+HQj/Hp5juuacBa0PfUJVyanLHuDPOE=' 'sha256-ndwrZ6zP2oTUI+w2j6dZpKqLIRJPL6Dzo+eibGHpySA=' 'sha256-ISlsDOLXS/YaZ5Yp82THTVSNnRQlXpWmyA/JKprgPcs=' 'sha256-FrQ57L9tMdJJ722FWKhQSqaJ3Gd4s4rKlbk+K1DW+t4=' 'sha256-oedBOFB5GzS6TQP57rWXpAGTuk7Xdg5oTwd7cfpsgD8=' 'sha256-328cDLcn7JqOaIi33fS2EgVOUb2qeSwcEAQUi5gv7Hc=' https://analytics.tiktok.com; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com https://*.zendesk.com; img-src 'self' data: blob: https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://*.google-analytics.com https://*.tigocloud.net https://*.contentful.com https://*.kampyle.com https://static.zdassets.com https://*.googletagmanager.com https://images.ctfassets.net https://*.g.doubleclick.net https://lh3.googleusercontent.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://maps.gstatic.com https://www.facebook.com https://analytics.twitter.com https://static.ads-twitter.com https://*.speedtestcustom.com https://*.zendesk.com https://static.zdassets.com https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://sync.smartadserver.com https://*.zopim.io https://svr.mic.edge.com.py https://*.kampyle.com https://c.clarity.ms https://c.bing.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://fonts.googleapis.com https://*.zendesk.com https://*.tigocloud.net https://*.kampyle.com https://*.crazyegg.com; connect-src * data: https://*.crazyegg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; object-src 'none'; form-action 'self' https://www.facebook.com; base-uri 'self' https://md-scp.kampyle.com; frame-ancestors 'self' 1
script-src 'unsafe-inline' 'self' https://*.googleapis.com https://www.gstatic.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'unsafe-inline' 'self'; default-src 'self'; frame-src 'self' https://www.google.com https://player.vimeo.com https://www.youtube.com; connect-src 'self' https://www.google-analytics.com; img-src 'self' https://i.ytimg.com; 1
base-uri 'self' about: *;child-src 'none';connect-src 'self' webpack://* *;default-src 'self';font-src 'self' data: fonts.gstatic.com *;form-action 'self' https: *;frame-ancestors 'none';frame-src  'self' data: https:;img-src * 'self' data: https:;manifest-src 'self';media-src 'self' https: *;object-src 'none';prefetch-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.hs-scripts.com *.hsforms.net *.hsforms.com *.clearbit.com www.google-analytics.com;style-src 'self' 'unsafe-inline' https:;worker-src 'self'; 1
worker-src blob: *.uhhospitals.org; default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.uhhospitals.org *.typekit.net *.uhhospitals.org *.siteimproveanalytics.com siteimproveanalytics.com *.bing.com *.youtube.com *.invoca.net s.ytimg.com *.ytimg.com *.facebook.net *.invocacdn.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.facebook.com *.siteimproveanalytics.io *.doubleclick.net *.gstatic.com *.w3.com *.podbean.com *.ads-twitter.com *.twitter.com *.t.co t.co *.alphonso.tv *.calculatestuff.com calculatestuff.com doubleclick.net *.selfcare.info selfcare.info *.digitalmedia.hhs.gov api.digitalmedia.hhs.gov *.appcatalyst.com appcatalyst.com *.staywellsolutionsonline.com staywellsolutionsonline.com *.hhs.gov *.livestream.com livestream.com *.issuu.com issuu.com *.isu.pub isu.pub *.w3.org w3.org *.quantserve.com quantserve.com *.boxcloud.com boxcloud.com *.box.com box.com *.bananatag.com bananatag.com *.alpixtrack.com alpixtrack.com *.adxcel-ec2.com *.data.adxcel-ec2.com data.adxcel-ec2.com adxcel-ec2.com *.cancer.gov cancer.gov *.kramesstaywell.com kramesstaywell.com *.nextdoor.com nextdoor.com *.youtube-nocookie.com youtube-nocookie.com *.licdn.com licdn.com *.stackadapt.com stackadapt.com *.hepdata.com hepdata.com *.jsdelivr.net cdn.jsdelivr.net *.pinimg.com s.pinimg.com *.pinterest.com ct.pinterest.com *.googleoptimize.com *.domo.com domo.com *.marketingcloudapis.com marketingcloudapis.com *.epic.com *.vfpnext.com *.adobedtm.com *.adobedc.net https://adobedc.demdex.net http://edge.adobedc.net https://atlas.microsoft.com *.visualstudio.com atlas.min.js cdnapisec.kaltura.com; frame-ancestors 'self' *.uhhospitals.org; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.storyblok.com *.clarity.ms https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://mc.yandex.ru/ *.hotjar.com/ https://snap.licdn.com/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/ https://www.googleoptimize.com/optimize.js *.googletagmanager.com/ https://multilogin.postaffiliatepro.com/ *.hs-scripts.com/ *.hs-analytics.net/ *.usemessages.com/ *.hscollectedforms.net/ *.hs-banner.com/ 'unsafe-eval' *.livechatinc.com *.youtube.com *.livechat-static.com *.google.com *.livechatinc.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.livechatinc.com *.youtube.com *.google.com; connect-src 'self' *.google.com *.clarity.ms https://d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com https://cdn.linkedin.oribi.io *.cloudfront.net *.hotjar.com https://mc.yandex.ru https://mc.yandex.md *.analytics.google.com/ *.google-analytics.com/ https://stats.g.doubleclick.net/ *.hscollectedforms.net/ *.hubspot.com/ *.zapier.com/; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://mc.yandex.md/ https://www.youtube.com https://td.doubleclick.net/ https://secure.livechatinc.com/; img-src data: * *.livechatinc.com *.youtube.com *.google.com *.livechat-files.com *.livechat-static.com; manifest-src 'self'; media-src 'self' *.storyblok.com *.livechatinc.com *.youtube.com *.google.com *.livechat-static.com; object-src 'self' *.livechatinc.com *.youtube.com *.google.com; child-src 'self' *.livechatinc.com *.youtube.com *.google.com; ; worker-src 'none'; frame-ancestors 'self' *.storyblok.com; 1
default-src 'self' *.quantummetric.com hawaiianairlinesinc.marketing.adobe.com 'unsafe-inline' 'unsafe-eval' data: blob:; worker-src blob:; child-src blob:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; img-src * data:; connect-src * data:; font-src * data:; frame-src *; frame-ancestors 'self' hawaiianairlinesinc.marketing.adobe.com https://www.kayak.com/; media-src 'self' *.s-hawaiianairlines.com 1
default-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com http://ssllogo.twca.com.tw https://www.google-analytics.com https://fonts.gstatic.com; script-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com http://ssllogo.twca.com.tw; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' https://www.youtube.com https://www.94bot.com;img-src 'self' blob: data: https://ssllogo.twca.com.tw http://www.twca.com.tw 1
default-src 'self' *; child-src 'self' * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' * blob:; img-src 'self' * data: blob:; style-src 'self' 'unsafe-inline' *; font-src 'self' * data:; connect-src 'self' * blob: data:; media-src 'self' * blob: data:; object-src 'self' *; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-BxHJ1mXKDTXAtJRk5BnFOw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.capterra.com *.ads-twitter.com *.tawk.to *.crisp.chat cdn-cookieyes.com *.jsdelivr.net *.xing-share.com *.xing.com *.hotjar.com *.hotjar.io *.ads.linkedin.com cdn.svgator.com *.licdn.com *.opmnstr.com *.omappapi.com *.alexametrics.com *.yandex.ru *.youtube.com *.redditstatic.com s.ytimg.com *.syncfusion.com *.syncfusion.de *.google.com maps.googleapis.com storage.googleapis.com ajax.googleapis.com www.gstatic.com *.googletagmanager.com cdnjs.cloudflare.com www.googleadservices.com connect.facebook.net use.typekit.net *.google-analytics.com googleads.g.doubleclick.net *.ytimg.com cdn.swaychat.com serve.albacross.com api.swayio.com *.firebaseio.com verify.authorize.net seal.digicert.com cdn.rawgit.com *.addthis.com m.addthisedge.com *.visualwebsiteoptimizer.com app.vwo.com *.paypal.com; worker-src 'self' blob:; style-src  'self' 'unsafe-inline'   *.xing-share.com *.xing.com *.jsdelivr.net *.crisp.chat cdn-cookieyes.com *.omappapi.com *.bootstrapcdn.com *.syncfusion.com *.syncfusion.de *.redditstatic.com cdn.swaychat.com *.google.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.rawgit.com *.paypal.com; frame-src cdn.swaychat.com *.stripe.com *.amazonaws.com *.facebook.com  *.xing-share.com *.xing.com *.hotjar.com *.hotjar.io *.opmnstr.com *.firebaseio.com *.syncfusion.com *.syncfusion.de bid.g.doubleclick.net td.doubleclick.net *.addthis.com www.youtube.com api.swayio.com *.google.com www.gstatic.com *.paypal.com; object-src 'self' *.syncfusion.com; base-uri 'none'; frame-ancestors 'self' 1
frame-ancestors 'self' https://optimize.google.com/ https://www.facebook.com/ 1
default-src 'self'; img-src * data: https://cdn-au.onetrust.com; form-action 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; font-src * data:; connect-src *; frame-src *; frame-ancestors 'self' https://sffwebdev.azureedge.net https://uat.silverfernfarmer.co.nz https://www.silverfernfarmer.co.nz 1
frame-ancestors *.odb.sh.cn www.dianchang.cn *.jiemian.com 1
worker-src 'self'; script-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self'; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.healthday.com https://spanish.healthday.com;block-all-mixed-content; 1
base-uri 'self'; default-src 'self' https:; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' https: data: www.openstreetmap.org siegel.ausgezeichnet.org www.google.com www.gstatic.com www.clickcease.com monitor.clickcease.com; script-src 'self' www.openstreetmap.org siegel.ausgezeichnet.org www.google.com www.gstatic.com www.clickcease.com monitor.clickcease.com 'nonce-SuvgjS9QpQGXPqwt2vuDWmjpzXAm6HWH'; style-src 'self' https: data: 'unsafe-inline' www.openstreetmap.org siegel.ausgezeichnet.org www.google.com www.gstatic.com www.clickcease.com monitor.clickcease.com; object-src 'self'; form-action 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.hotjar.com https://www.googletagmanager.com https://cdn.glassix.com https://js.nagich.co.il https://script.hotjar.com https://www.google-analytics.com https://www.googleadservices.com https://cdn.popt.in https://r.icreate-campaign.com https://center.icreate-campaign.com https://googleads.g.doubleclick.net https://connect.facebook.net https://access.nagich.co.il https://cse.google.com https://www.google.com optimize.google.com https://www.googleoptimize.com https://fonts.googleapis.com https://optimize.google.com/ cdn.popt.in https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://static.hotjar.com https://www.googletagmanager.com https://cdn.glassix.com https://js.nagich.co.il https://script.hotjar.com https://www.google-analytics.com https://www.googleadservices.com https://cdn.popt.in https://r.icreate-campaign.com https://center.icreate-campaign.com https://googleads.g.doubleclick.net https://connect.facebook.net https://access.nagich.co.il https://cse.google.com https://www.google.com optimize.google.com https://www.googleoptimize.com https://fonts.googleapis.com https://optimize.google.com cdn.popt.in https://www.youtube.com https://bringthemhomenow.net https://dev.visualwebsiteoptimizer.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cse.google.com https://www.google.com https://center.icreate-campaign.com https://fonts.googleapis.com https://optimize.google.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://center.icreate-campaign.com www.google.com https://cse.google.com https://fonts.googleapis.com https://optimize.google.com cdn.popt.in https://cdn.glassix.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com unpkg.com; worker-src 'self' blob:; frame-ancestors 'self' acad-sec.lndo.site acad-sec9.lndo.site bible.lndo.site bible9.lndo.site ch.lndo.site ch9.lndo.site comlit.lndo.site comlit9.lndo.site communication.lndo.site communication9.lndo.site d2021.lndo.site d20219.lndo.site econ.lndo.site econ9.lndo.site education.lndo.site education9.lndo.site engineering.lndo.site engineering9.lndo.site french.lndo.site french9.lndo.site geoenv.lndo.site geoenv9.lndo.site gondabrain.lndo.site gondabrain9.lndo.site ict.lndo.site ict9.lndo.site imba.lndo.site imba9.lndo.site is.lndo.site is9.lndo.site law.lndo.site law9.lndo.site life-sciences.lndo.site life-sciences9.lndo.site lisa.lndo.site lisa9.lndo.site management.lndo.site management9.lndo.site math.lndo.site math9.lndo.site mba.lndo.site mba9.lndo.site medicine.lndo.site medicine9.lndo.site multi-judaic.lndo.site multi-judaic9.lndo.site nano.lndo.site nano9.lndo.site physics.lndo.site physics9.lndo.site politics.lndo.site politics9.lndo.site psychology.lndo.site psychology9.lndo.site social-work.lndo.site social-work9.lndo.site sociology.lndo.site sociology9.lndo.site talmud.lndo.site talmud9.lndo.site translation.lndo.site translation9.lndo.site culture.lndo.site culture9.lndo.site gender.lndo.site gender9.lndo.site jewish-history.lndo.site jewish-history9.lndo.site mgl.lndo.site mgl9.lndo.site pconfl.lndo.site pconfl9.lndo.site jewish-faculty.lndo.site jewish-faculty9.lndo.site jart.lndo.site jart9.lndo.site yesod.lndo.site yesod9.lndo.site optometrics.lndo.site optometrics9.lndo.site middle-east.lndo.site middle-east9.lndo.site hebrew.lndo.site hebrew9.lndo.site social-health.lndo.site social-health9.lndo.site classics.lndo.site classics9.lndo.site graduate-school.lndo.site graduate-school9.lndo.site desigprog.lndo.site desigprog9.lndo.site criminology.lndo.site criminology9.lndo.site demo2.lndo.site demo29.lndo.site demo.lndo.site demo9.lndo.site dean.lndo.site dean9.lndo.site arabic.lndo.site arabic9.lndo.site philosophy.lndo.site philosophy9.lndo.site learning-and-teaching.lndo.site learning-and-teaching9.lndo.site jphilosophy.lndo.site jphilosophy9.lndo.site dangoor-medicine.lndo.site dangoor-medicine9.lndo.site lib.lndo.site lib9.lndo.site hebrew-literature.lndo.site hebrew-literature9.lndo.site cs.lndo.site cs9.lndo.site music.lndo.site music9.lndo.site stuad.lndo.site stuad9.lndo.site history.lndo.site history9.lndo.site efl.lndo.site efl9.lndo.site barav.lndo.site barav9.lndo.site english.lndo.site english9.lndo.site tiful.lndo.site tiful9.lndo.site mechina-kda.lndo.site mechina-kda9.lndo.site social-sciences.lndo.site social-sciences9.lndo.site superconductivity.lndo.site superconductivity9.lndo.site interdis.lndo.site interdis9.lndo.site mali.lndo.site mali9.lndo.site humanities.lndo.site humanities9.lndo.site esc.lndo.site esc9.lndo.site law-clinics.lndo.site law-clinics9.lndo.site midrasha.lndo.site midrasha9.lndo.site mzb.lndo.site mzb9.lndo.site *.biu.ac.il; report-uri https://www.biu.ac.il/report-uri/enforce 1
frame-ancestors https://*.isomedia.com/ 'self'; 1
default-src 'self' d6tizftlrpuof.cloudfront.net *.rechtspraak.nl rechtspraak.piwikpro.com media.ssr.nl www.rovid.nl app.springcast.fm virtuele-tour-rechtspraak.nl *.usabilla.com *.youtube.com *.fireside.fm fireside.fm *.mediasite.com *.google.com 'unsafe-inline'; script-src 'self' d6tizftlrpuof.cloudfront.net *.rechtspraak.nl rechtspraak.piwikpro.com app.springcast.fm virtuele-tour-rechtspraak.nl *.usabilla.com *.youtube.com *.fireside.fm fireside.fm *.mediasite.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.rechtspraak.nl d6tizftlrpuof.cloudfront.net 'unsafe-inline'; img-src 'self' data: *.rechtspraak.nl *.rechtspraak.nl rechtspraak.piwikpro.com virtuele-tour-rechtspraak.nl d6tizftlrpuof.cloudfront.net *.usabilla.com www.rovid.nl; frame-ancestors 'none' 1
connect-src 'self' mixpanel-api-proxy-soaps.ondigitalocean.app https://uploads.intercomcdn.com *.stripe.com connect.facebook.net fbcapi.novoresume.io novoresume.com *.pinterest.com api.usabilla.com api-iam.intercom.io wss://nexus-websocket-a.intercom.io *.google.com vc.hotjar.io *.hotjar.com ws://*.hotjar.com *.doubleclick.net *.clarity.ms *.linkedin.com cdn.linkedin.oribi.io https://widget.trustpilot.com https://vimeo.com *.novoresume.com; default-src 'self' 'unsafe-inline' *.novoresume.com; font-src 'self' data: fonts.gstatic.com *.novoresume.com *.googleapis.com d6tizftlrpuof.cloudfront.net js.intercomcdn.com *.novoresume.com; frame-src 'self' *.stripe.com *.googleapis.com *.pinterest.com d6tizftlrpuof.cloudfront.net *.google.com *.hotjar.com *.novoresume.com https://intercom-sheets.com https://optimize.google.com https://widget.trustpilot.com https://player.vimeo.com *.novoresume.com; img-src 'self' data: *.novoresume.com https://downloads.intercomcdn.com https://www.googletagmanager.com https://cx.atdmt.com *.clarity.ms *.bing.com csi.gstatic.com www.gstatic.com *.doubleclick.net log.pinterest.com *.google.com connect.facebook.net fbcapi.novoresume.io *.pinterest.com *.googleadservices.com www.facebook.com d6tizftlrpuof.cloudfront.net w.usabilla.com gifs.intercomcdn.com t.co static.intercomassets.com js.intercomcdn.com https://optimize.google.com https://bat.bing.com *.linkedin.com https://*.vimeocdn.com *.novoresume.com www.google.us; media-src 'self' js.intercomcdn.com *.novoresume.com *.novoresume.com; object-src 'self' 'unsafe-eval' *.novoresume.com *.novoresume.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.novoresume.com mixpanel-api-proxy-soaps.ondigitalocean.app d6tizftlrpuof.cloudfront.net *.clarity.ms *.google.com *.googleadservices.com connect.facebook.net fbcapi.novoresume.io *.pinimg.com snap.licdn.com assets.pinterest.com www.googletagmanager.com *.doubleclick.net www.facebook.com api.usabilla.com w.usabilla.com widget.intercom.io js.intercomcdn.com *.hotjar.com https://optimize.google.com https://bat.bing.com https://widget.trustpilot.com https://player.vimeo.com *.novoresume.com www.google.us; style-src 'self' 'unsafe-inline' *.novoresume.com tagmanager.google.com d6tizftlrpuof.cloudfront.net *.googleapis.com https://optimize.google.com *.novoresume.com 1
default-src 'self' 'unsafe-inline'  https://js.monitor.azure.com https://westus3-1.in.applicationinsights.azure.com ; frame-ancestors https://pos.uhaul.net; 1
frame-ancestors *.mysmartprice.com *.google.com www-mysmartprice-com.cdn.ampproject.org 1
script-src 'self' 'sha256-152qnSojXPPJBO5ypmrZJeZhpvmsrci2Y3Qw5yXp7e0=' 'unsafe-inline' https://platform.twitter.com https://stats.hey.com https://sdks.shopifycdn.com; object-src 'self'; connect-src https://stats.hey.com https://monorail-edge.shopifysvc.com https://basecamp-kitsch.myshopify.com https://basecamp.us2.list-manage.com 'self'; 1
default-src 'self'; script-src *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com cdnjs.cloudflare.com https://syndication.twitter.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com az416426.vo.msecnd.net googleads.g.doubleclick.net benchtag.co *.hotjar.com tags.srv.stackadapt.com sc-static.net js.adsrvr.org snap.licdn.com www.googleadservices.com s.yimg.com sp.analytics.yahoo.com kendo.cdn.telerik.com *.amazon-adsystem.com https://player.idomoo.com https://*.taboola.com https://*.quantserve.com https://*.rnengage.com https://*.snapchat.com https://*.quantcount.com https://*.formsite.com z.moatads.com edge.quantserve.com https://mu-search.clients.funnelback.com https://*.siteintercept.qualtrics.com https://cdn.wishpond.net https://api3-au.libcal.com https://*.onetrust.com https://analytics.tiktok.com https://acdn.adnxs.com https://kit.fontawesome.com https://www.googletagmanager.com https://*.custhelp.com https://*.juicer.io https://*.google-analytics.com https://*.monsido.com https://embedsocial.com https://ka-p.fontawesome.com https://player.video.wowza.com https://cdn.jsdelivr.net https://ipinfo.io 'self' cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'unsafe-inline' 'unsafe-eval'; style-src netdna.bootstrapcdn.com kendo.cdn.telerik.com platform.twitter.com/css/ *.twimg.com tags.srv.stackadapt.com sp.analytics.yahoo.com https://mu-search.clients.funnelback.com https://fonts.googleapis.com https://*.custhelp.com https://*.juicer.io https://cdn.jsdelivr.net 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com mu-publishing.azureedge.net mu-publishing-blob.azureedge.net mu-website.azureedge.net mu-website-blob.azureedge.net mu-website-ae.azureedge.net mu-website-ae-blob.azureedge.net mu-uat.azureedge.net mu-uat-blob.azureedge.net mu-dev.azureedge.net mu-dev-blob.azureedge.net murdochbackup.blob.core.windows.net p.adsymptotic.com sp.analytics.yahoo.com *.fls.doubleclick.net px.ads.linkedin.com tracking.monsido.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com cm.everesttech.net insight.adsrvr.org ups.analytics.yahoo.com cm.g.doubleclick.net murdoch-website-001.azurewebsites.net pixel.quantserve.com pixel.rubiconproject.com match.adsrvr.org https://*.taboola.com https://*.rnengage.com scontent.cdninstagram.com https://dpm.demdex.net https://ib.adnxs.com www.murdoch.edu.au data: https://*.onetrust.com blob: https://www.google.com https://www.google.com.au https://*.juicer.io htps://*.googletagmanager.com https://*.doubleclick.net https://*.snapchat.com https://announcements.murdoch.edu.au https://cdn.jsdelivr.net 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src kendo.cdn.telerik.com netdna.bootstrapcdn.com https://connect.prospectivestudent.info data: https://*.fontawesome.com https://fonts.gstatic.com https://static.juicer.io https://*.custhelp.com 'self'; connect-src *.google-analytics.com *.murdoch.edu.au tags.srv.stackadapt.com in.hotjar.com *.mktoresp.com dc.services.visualstudio.com dpm.demdex.net s.yimg.com murdoch-website-001.azurewebsites.net https://*.taboola.com https://*.snapchat.com https://mu-search.clients.funnelback.com https://stats.g.doubleclick.net *.wishpond.net *.wishpond.com wss://artisan.wishpond.com https://*.libcal.com https://*.doubleclick.net https://analytics.tiktok.com *.fontawesome.com https://*.onetrust.com https://*.google-analytics.com https://*.juicer.io https://analytics.google.com https://*.custhelp.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self'; child-src 'self' *.murdoch.edu.au *.fls.doubleclick.net https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com https://player.vimeo.com https://w.soundcloud.com murdochuni.demdex.net *.hotjar.com bid.g.doubleclick.net *.amazon-adsystem.com *.adsrvr.org open.spotify.com www.podbean.com https://*.snapchat.com https://fs7.formsite.com https://publisher.ascentone.com https://cdn.wishpond.net *.ascentone.com https://embedded.wishpondpages.com https://connect.prospectivestudent.info https://*.flipsnack.com https://*.doubleclick.net https://vimeo.com https://embedsocial.com https://*.google.com https://echo360.net.au 1
script-src 'nonce-wiO7MkAqY4hjo08xVA/N/A==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=qi7yR82aKimsBCs2dmYcCSGg7X3Nd8nw0L9YOe_HRbzpKahN-AYpETPFsxM57fsdLtLf&policy_id=9&user_id=&request_id=300e71c5-edc3-4951-bea5-d65bfe517a5e; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
frame-ancestors 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com https:;img-src https: data: 'self' maps.gstatic.com *.googleapis.com *.ggpht.com;style-src 'self' 'unsafe-inline' https:; 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-1iU0qZYiGvG03UlJvWrog5cuxFEDVv' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.segment.com https://cdn.rollbar.com https://connect.facebook.net https://hcaptcha.com https://*.hcaptcha.com https://platform.twitter.com https://js.sentry-cdn.com https://www.googletagmanager.com https://browser.sentry-cdn.com https://widget.intercom.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; form-action 'self'; media-src https: blob:; font-src https: data:; prefetch-src https: data:; style-src 'unsafe-inline' https: data:; img-src https: data:; connect-src https: wss: blob: data: *.sentry.io; worker-src 'self' blob:; frame-src https: dcl:; child-src https: blob:; object-src 'none'; frame-ancestors 'none' 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.nearpod.com/ https://nearpod.com/ https://classroom.google.com/ https://*.gooru.org/ https://gooru.org/ https://*.powerschool.com https://powerschool.com 1
default-src 'self' *.analytics.google.com *.google.com *.google-analytics.com; img-src 'self' 'unsafe-inline' * data: www.w3.org; frame-src 'self' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net staticcontents.investis.com 77d8e64489354683a242e226ad9ed96b.svc.dynamics.com confirmsubscription.com vars.hotjar.com in.hotjar.com my.walls.io *.fls.doubleclick.net www.youtube.com www.google.com irs.tools.investis.com otp.tools.investis.com ir.tools.investis.com players.brightcove.net rolls-royce.staging.investis.com rolls-royce.production.investis.com www.facebook.com *.doubleclick.net staticzone.idigitalcontents.com viz.tools.investis.com form.typeform.com matt317952.typeform.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net assets.investisdigital.com staticcontents.investis.com tagmanager.google.com viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com staticzone.idigitalcontents.com viz.tools.investis.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fast.fonts.net embed.typeform.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com staticzone.idigitalcontents.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com tagmanager.google.com *.fonts.com fast.fonts.net *.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net mktdplp102cdn.azureedge.net staticcontents.investis.com js-agent.newrelic.com otp.tools.investis.com staticzone.idigitalcontents.com viz.tools.investis.com *.analytics.google.com *.google.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com edge.api.brightcove.com *.googleapis.com tagmanager.google.com stats.g.doubleclick.net *.investisdigital.com googleads.g.doubleclick.net googleadservices.com cdn.jsdelivr.net cdnjs.cloudflare.com facebook.com www.gstatic.com pi.pardot.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com static.ads-twitter.com snap.licdn.com *.googleadservices.com analytics.twitter.com *.flickr.com tag.demandbase.com *.lead-analytics-1000.com *.leadforensics.com track.accountinsight.cloud *.adnxs.com fast.fonts.net *.typekit.net *.lfeeder.com embed.typeform.com; media-src 'self' *.brightcove.com *.brightcovecdn.com brightcove.hs.llnwd.net viz.tools.investis.com; connect-src 'self' *.linkedin.com px.ads.linkedin.com/wa/ cdn.linkedin.oribi.io bam.eu01.nr-data.net *.googlesyndication.com *.analytics.google.com *.google.com *.google-analytics.com www.google.co.in analytics.google.com www.facebook.com/tr/ in.hotjar.com staticzone.idigitalcontents.com viz.tools.investis.com *.investisdigital.com edge.api.brightcove.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net ipapi.connectid.cloud api.company-target.com segments.company-target.com *.typekit.net *.amazonaws.com *.googleapis.com; base-uri 'none'; 1
frame-ancestors 'self' *.xtb.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com bam.nr-data.net *.addtoany.com *.go-mpulse.net *.newrelic.com *.qualtrics.com *.adobedtm.com tags.tiqcdn.com cdn.jsdelivr.net *.akamaihd.net *.ceros.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' *.demdex.net *.ytimg.com *.youtube.com data: libertymutualgroup.com *.libertymutualgroup.com libertymutual.com *.libertymutual.com *.qualtrics.com *.akstat.io cm.everesttech.net; frame-src 'self' *.youtube.com *.addtoany.com libertymutualcorporate.demdex.net *.facebook.com *.ceros.com; font-src 'self' fonts.gstatic.com; connect-src 'self' *.youtube.com *.akamaihd.net *.akstat.io *.qualtrics.com bam.nr-data.net c.go-mpulse.net *.demdex.net collect.tealiumiq.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.ads-twitter.com *.adyen.com *.agilone.com *.algolia.net *.algolianet.com *.analytics.google.com *.api.bazaarvoice.com *.attentivemobile.com *.attn.tv *.bazaarvoice.com *.bing.com *.bounceexchange.com *.bouncex.net *.cdnbasket.net *.cdnwidget.com *.collect.igodigital.com *.contentsquare.net *.criteo.com *.facebook.com *.facebook.net *.fls.doubleclick.net *.g.doubleclick.net *.ggpht.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.igodigital.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.liadm.com *.mag.bazaarvoice.com *.monetate.net *.nextdoor.com *.nr-data.net *.onetrust.com *.pepperjam.com *.pinimg.com *.pinterest.com *.revlifter.io *.rsa3dsauth.co.uk *.scene7.com *.securesuite.co.uk *.smarterhq.io *.snapchat.com *.staging.bigcontent.io *.studentbeans.com *.truefitcorp.com *.twitter.com *.ventrica.io *.wknd.ai *.zdassets.com *.zendesk.com *.zopim.com ad.doubleclick.net ade.googlesyndication.com algolia.net algolianet.com analytics.tiktok.com api.addressy.com api.official-coupons.com api.official-deals.co.uk app.contentsquare.com bid.g.doubleclick.net clarks.a.bigcontent.io cdn.c1.amplience.net cdn.cookielaw.org cdn.media.amplience.net cdn.static.amplience.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com clarkscs.zendesk.com cloud.email.clarks.com cookie-cdn.cookiepro.com edgeshoppingstatic.azureedge.net ekr.zdassets.com ekr.zendesk.com fonts.googleapis.com insights.algolia.io int-ds-shared-1.monetate.org js-agent.newrelic.com kargo.clarks.com localhost:2323 marketer.monetate.net pay.google.com pippio.com *.experticity.com *.expertvoice.com private-media-node12.s3.eu-west-1.amazonaws.com res.cloudinary.com sc-static.net static.zdassets.com t.co t.contentsquare.net t.paypal.com t.pepperjamnetwork.com tagmanager.google.com td.doubleclick.net the.sciencebehindcommerce.com tr2.smarterhq.io v2assets.zopim.io zendesk-eu.my.sentry.io wss://*.zendesk.com wss://*.zopim.com wss://clarkscs.zendesk.com www.ascendpartner.com www.awin1.com *.clarity.ms www.dwin1.com www.googleadservices.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com www.upsellit.com www.youtube.com youtube.com *.global-e.com *.bglobale.com https://www.clarks.co.uk/assets/ https://www.clarksusa.com/assets/ https://google.com/pay *.kaptcha.com x.bidswitch.net ib.adnxs.com dis.criteo.com contextual.media.net pixel.rubiconproject.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com hb.yahoo.net c1.adform.net cm.adform.net visitor.omnitagjs.com r.casalemedia.com id5-sync.com ad.360yield.com matching.ivitrack.com exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com match.sharethrough.com criteo-partners.tremorhub.com ad.yieldlab.net sync-criteo.ads.yieldmo.com e1.emxdgt.com ib.adnxs.com dpm.demdex.net gum.criteo.com beacon.krxd.net *.smooch.io metatest.clarks.com metaevents-1p.stitcherads.com kargo.clarks.com metaevents.stitcherads.com prf.hn *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws https://bff.prod.aws.clarks.com/graphql cognito-idp.eu-west-1.amazonaws.com https://www.clarks.com https://preview.clarks.com; worker-src blob:; font-src 'self' data: fonts.gstatic.com *.klarnacdn.net; frame-ancestors 'self'; upgrade-insecure-requests ; 1
frame-ancestors 'self' https://dbwas.service.deutschebahn.com 1
script-src: self 1
frame-ancestors *.lsm.lv; 1
default-src 'self' yoast.com my.wpengine.com *.osano.com *.piwik.pro; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn.jsdelivr.net unpkg.com my.wpengine.com www.google.com www.googletagmanager.com www.google-analytics.com www.gstatic.com *.osano.com *.piwik.pro; style-src 'self'  'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com use.fontawesome.com *.osano.com *.piwik.pro; img-src 'self' data: 1.gravatar.com secure.gravatar.com dify.wpengine.com www.googletagmanager.com www.google-analytics.com *.osano.com *.piwik.pro; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com use.fontawesome.com; frame-src 'self' www.youtube.com www.google.com *.osano.com *.piwik.pro; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests 1
default-src 'none'; connect-src https://status.jumpdesktop.com wss://widget-mediator.zopim.com https://ekr.zdassets.com https://jumpdesktop.zendesk.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-src https://www.youtube.com https://jumpdesktop.zdassets.com; img-src 'self' data:; script-src 'self' https://static.zdassets.com https://static.zdassets.com https://jumpdesktop.zendesk.com https://hyperping.io 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; media-src 'self' https://static.zdassets.com 1
default-src 'self' *.uniandes.edu.co cdn.jsdelivr.net https://static.genial.ly https://analytics.google.com https://www.google-analytics.com https://api.usercentrics.eu/settings/* https://stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://analytics.google.com https://www.google.com; img-src 'self' https://googleads.g.doubleclick.net https://img.genial.ly https://static.genial.ly https://assets.genial.ly https://cdn.userway.org https://px.ads.linkedin.com https://nova.collect.igodigital.com https://www.googletagmanager.com https://img.youtube.com https://uct.service.usercentrics.eu https://ad.doubleclick.net https://cdn.ckeditor.com https://www.google-analytics.com https://www.facebook.com https://cdn.eventtia.com https://maps.googleapis.com https://app.usercentrics.eu *.uniandes.edu.co data: https://clients1.google.com https://www.google.com https://www.google.com.co; font-src 'self' https://fonts.genial.ly https://statics-view.genial.ly https://fonts.gstatic.com https://themes.googleusercontent.com *.uniandes.edu.co cdn.jsdelivr.net cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net https://www.google.com; script-src-elem 'self' 'unsafe-inline' https://uniandes.edu.co https://www.youtube.com https://cdn.rawgit.com https://script.hotjar.com https://www.googleadservices.com https://statics-view.genial.ly https://view.genial.ly https://cdn.navdmp.com https://usr.navdmp.com https://d2rp1k1dldbai6.cloudfront.net https://files1.cybba.solutions https://storage.googleapis.com https://static.hotjar.com https://cdn.userway.org https://snap.licdn.com https://7226694.collect.igodigital.com https://tag.navdmp.com https://www.rtb123.com https://googleads.g.doubleclick.net https://tags.crwdcntrl.net https://cdn.ckeditor.com https://player.vimeo.com https://www.gstatic.com https://connect.facebook.net https://maps.googleapis.com https://app.usercentrics.eu https://app.usercentrics.eu/browser-ui/latest/loader.js  https://cdn.jsdelivr.net https://www.googletagmanager.com https://www.google.com https://cse.google.com https://www.google-analytics.com https://app.usercentrics.eu/browser-ui/3.40.0/index.module.js; frame-src  'self' https://www.facebook.com/ https://view.genially.com/ https://vde.uniandes.edu.co/ https://widget.spreaker.com/ https://uniandes.moveonca.com https://v.calameo.com/ https://w.soundcloud.com/ https://cdn.userway.org https://8282677.fls.doubleclick.net/ https://maps.google.com/ https://player.vimeo.com https://mc68t6c33k84-n3zw9q231h6qvk1.pub.sfmc-content.com/ https://www.google.com/ https://pub.s7.exacttarget.com/ https://view.genial.ly https://www.youtube.com/ https://www.youtube.com.co https://td.doubleclick.net/; connect-src 'self' https://vc.hotjar.io https://www.facebook.com https://view.genial.ly https://logger.genial.ly https://aggregator.service.usercentrics.eu https://cdn77.api.userway.org https://cdn.userway.org https://px.ads.linkedin.com https://ib.adnxs.com/getuidj https://api.userway.org https://consent-api.service.consent.usercentrics.eu https://api.usercentrics.eu/settings/oidwKvlqGMSVn-/latest/es.json https://api.usercentrics.eu https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com https://maps.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://statics-view.genial.ly https://cdn.userway.org https://cdn.ckeditor.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.google.com https://api.userway.org https://px.ads.linkedin.com; 1
default-src 'self' 'unsafe-inline' *; img-src data: * ; frame-ancestors 'self'; form-action 'self' https://*.facebook.com https://*.azureedge.net https://*.dynamics.com; 1
default-src https: wss: data: blob:; script-src data: 'self' blob: 'unsafe-inline' bogotateescucha.bogota.gov.co stackpath.bootstrapcdn.com sdki.truepush.com *.unpkg.com *.polyfill.io *.twitter.com cdn.ampproject.org cliente.avanti-it.co embed.ex.co e.infogram.com f.vimeocdn.com api.mapbox.com code.jquery.com *.googleadservices.com sc-static.net *.googletagmanager.com sb.scorecardresearch.com *.hotjar.com cdnjs.cloudflare.com cdn.rawgit.com s.ytimg.com *.google-analytics.com www.instagram.com/embed.js unpkg.com www.powr.io translate.googleapis.com cdn.jsdelivr.net *.playbuzz.com googleads.g.doubleclick.net public.tableau.com ajax.googleapis.com maxcdn.bootstrapcdn.com cdn.syndication.twimg.com *.facebook.net platform.twitter.com maps.googleapis.com *.youtube.com *.google.com *.gstatic.com contacto195.comware.com.co *.addtoany.com https://cdn.userway.org/widget.js https://cdn.userway.org/widgetapp/2024-05-21-12-45-17/widget_app_base_1716295517676.js https://cdn.userway.org/remediation/2024-05-21-12-45-17/free/remediation-tool-free.js?ts=1716295517676 https://cdn.userway.org/widgetapp/2024-05-21-12-45-17/widget_app_lazy_1716295517676.js https://cdn.userway.org/widgetapp/2024-05-21-12-45-17/scan/scan_1716295517676.js 'unsafe-eval'; style-src 'self' 'unsafe-inline' bogotateescucha.bogota.gov.co cdn.ampproject.org cliente.avanti-it.co use.fontawesome.com unpkg.com stackpath.bootstrapcdn.com yui.yahooapis.com tagmanager.google.com ton.twimg.com api.mapbox.com contacto195.comware.com.co maxcdn.bootstrapcdn.com translate.googleapis.com cdn.jsdelivr.net platform.twitter.com fonts.googleapis.com cdnjs.cloudflare.com static.addtoany.com https://cdn.userway.org/widgetapp/bundles/udf/udf.css; frame-src 'self' https:; font-src 'self' data: bogotateescucha.bogota.gov.co use.fontawesome.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net *.hotjar.com contacto195.comware.com.co fonts.gstatic.com cdnjs.cloudflare.com; form-action 'self' platform.twitter.com etb.com www.facebook.com tr.snapchat.com syndication.twitter.com; object-src 'self' blob:; base-uri 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://quip-amazon-cdn.com https://quip-cdn.com; report-uri /csp-report 1
default-src wss://comet.rabota.ru *.sbermarketing.ru sbermarketing.ru front-log.rabota.ru *.rabota.space rabota.ru *.rabota.ru *.yandex.md *.yandex.ru *.yandex.net *.yandexadexchange.net *.mail.ru vk.com *.twitter.com *.odnoklassniki.ru *.rambler.ru *.adfox.ru *.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.facebook.com *.facebook.net *.instagramm.ru *.ucweb.com *.newrelic.com *.nr-data.net *.livetex.ru *.livetex.me *.2gis.ru *.2gis.com 2gis.github.io polyfill.io *.calltouch.ru ws://*.jivosite.com *.jivosite.com ws://*.jivo.ru *.jivo.ru *.vimeocdn.com  *.youtube.com *.youtu.be *.vimeo.com *.rutube.ru *.coub.com *.imgsmail.ru *.dadata.ru *.mediator.media stat.media *.stat.media static.smi2.net smi2.ru *.smi2.ru e-cc01-i.sber247.ru *.experrto.io sa.online.sberbank.ru *.online.sberbank.ru *.sberbank.ru sa.online.sberbank.ru:8098/metrics/partners recaptcha.net *.recaptcha.net *.recaptcha.net/recaptcha/api.js ad.adriver.ru rezumet.ru yandex.ru id.sber.ru yastatic.net;script-src 'unsafe-inline' 'unsafe-eval' sp.otm-r.com *.sbermarketing.ru sbermarketing.ru *.rabota.space rabota.ru *.rabota.ru yandex.ru *.yandex.md *.yandex.ru *.yandex.net *.yandexadexchange.net *.googleusercontent.com *.googletagmanager.com *.googleapis.com creativecdn.com *.creativecdn.com www.google-analytics.com stats.g.doubleclick.net *.rambler.ru yastatic.net vk.com *.twitter.com *.odnoklassniki.ru *.mail.ru *.facebook.net *.instagramm.ru unpkg.com *.livetex.ru *.livetex.me *.google.com *.newrelic.com *.nr-data.net ws://*.jivosite.com *.jivosite.com ws://*.jivo.ru *.jivo.ru *.gstatic.com *.ucweb.com *.2gis.ru *.2gis.com polyfill.io *.calltouch.ru *.adfox.ru 2gis.github.io *.vimeocdn.com *.youtube.com *.imgsmail.ru collector.mediator.media *.dadata.ru *.mediator.media *.helpdeskeddy.com *.surveymonkey.com anketolog.ru *.jsdelivr.net *.ytimg.com static.smi2.net smi2.ru stat.media *.stat.media *.smi2.ru *.criteo.net *.criteo.com cdn.ampproject.org *.buzzsprout.com e-cc01-i.sber247.ru *.experrto.io sa.online.sberbank.ru *.online.sberbank.ru *.sberbank.ru sa.online.sberbank.ru:8098/metrics/partners recaptcha.net *.recaptcha.net *.recaptcha.net/recaptcha/api.js st.top100.ru yastatic.net mc.yandex.ru www.artfut.com tags.soloway.ru/DSPCounter.min.js content.adriver.ru/AdRiverFPS.js ad.adriver.ru *.onef.pro telegram.org/js/telegram-web-app.js *.hybrid.ai rezumet.ru;style-src 'unsafe-inline' 'unsafe-eval' blob: *.rabota.space rabota.ru *.rabota.ru *.googleapis.com *.gstatic.com *.2gis.ru *.2gis.com *.vimeocdn.com *.jivo.ru *.yandex.md yandex.ru *.yandex.ru *.yandex.net *.yandexadexchange.net 2gis.github.io *.dadata.ru anketolog.ru static.smi2.net smi2.ru stat.media *.stat.media *.smi2.ru *.jsdelivr.net e-cc01-i.sber247.ru sa.online.sberbank.ru *.online.sberbank.ru *.sberbank.ru sa.online.sberbank.ru:8098/metrics/partners rezumet.ru;img-src * data: blob: mc.yandex.ru;font-src 'self' data: blob: *.rabota.space rabota.ru *.rabota.ru *.jsdelivr.net *.livetex.ru *.livetex.me *.gstatic.com sa.online.sberbank.ru *.online.sberbank.ru *.sberbank.ru sa.online.sberbank.ru:8098/metrics/partners recaptcha.net *.recaptcha.net *.recaptcha.net/recaptcha/api.js rezumet.ru yastatic.net chrome-extension:;worker-src *.rabota.space rabota.ru *.rabota.ru rezumet.ru;frame-src blob: madte.st madtest.ru *.rabota.space rabota.ru *.rabota.ru oprosso.net creativecdn.com *.creativecdn.com *.facebook.com *.facebook.net *.instagramm.ru yastatic.net *.google.com *.livetex.ru *.livetex.me *.2gis.ru *.2gis.com yandex.ru *.yandex.md *.yandex.ru *.yandex.net *.yandex.tld *.yandexadexchange.net vk.com *.twitter.com *.odnoklassniki.ru *.youtube.com *.ucweb.com *.imgsmail.ru *.googleusercontent.com *.googletagmanager.com *.helpdeskeddy.com *.surveymonkey.com anketolog.ru *.hurma.ai hurma.ai *.vimeocdn.com  *.youtube.com *.youtu.be *.vimeo.com *.rutube.ru rutube.ru *.coub.com coub.com *.ytimg.com *.fls.doubleclick.net static.smi2.net smi2.ru stat.media *.stat.media *.smi2.ru *.criteo.net *.criteo.com w.soundcloud.com *.rambler.ru music.yandex.ru podcasts.apple.com podcasts.google.com *.buzzsprout.com e-cc01-i.sber247.ru *.experrto.io app.ex.co infogram.com embed.podcasts.apple.com interacty.me p.interacty.me recaptcha.net *.recaptcha.net *.recaptcha.net/recaptcha/api.js sber-zvuk.com webvisor.com *.webvisor.com mc.yandex.ru content.adriver.ru rezumet.ru;object-src 'self' blob:;media-src blob: *.rabota.ru rabota.ru *.rabota.space rabota.ru *.rabota.ru *.jivosite.com *.jivo.ru *.vimeocdn.com *.helpdeskeddy.com *.surveymonkey.com rezumet.ru;report-uri https://www.rabota.ru/snitch.txt;base-uri 'none';frame-ancestors 'self' https://metrika.yandex.ru https://webvisor.com https://*.webvisor.com https://*.telegram.org; 1
default-src 'self'; object-src 'none'; connect-src 'self' https://cdn.polyfill.io https://*.addthis.com https://v1.addthisedge.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://prc-search.squiz.cloud; frame-ancestors 'self'; form-action 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.polyfill.io https://*.addthis.com https://v1.addthisedge.com https://*.googletagmanager.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://assets.pinterest.com https://sdk.reachout.com https://forums-syndication.reachout.com; child-src 'self' https://player.vimeo.com https://omny.fm https://s7.addthis.com https://assets.pinterest.com https://sdk.reachout.com https://forums-syndication.reachout.com https://www.google.com/ https://vimeo.com; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://via.placeholder.com https://i.vimeocdn.com https://*.addthis.com https://log.pinterest.com https://www.google.com.au/ads/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://s3.amazonaws.com/icomoon.io/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js https://ga.jspm.io/npm:es-module-shims@1.7.1/dist/es-module-shims.js https://kit.fontawesome.com/ https://kit.fontawesome.com/29b2028b7f.js https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js *.swmed.edu *.utsouthwestern.edu https://tagmanager.google.com https://www.googleadservices.com https://cdn.jsdelivr.net/npm/@popperjs/core@2.11.6/dist/umd/popper.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js *.taggbox.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://w.soundcloud.com/player/api.js https://siteimproveanalytics.com/js/siteanalyze_67564.js https://static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.min.js https://www.youvisit.com/tour/Embed/js3 https://s.ytimg.com/yts/jsbin/www-widgetapi-vfldp9JMF/www-widgetapi.js https://s.ytimg.com/yts/jsbin/www-widgetapi-vflGYMLFw/www-widgetapi.js https://www.youvisit.com/SmartScript/latest/smartscript.js https://utsw.flintbox.com/embed.js https://utsw.flintbox.com/assets/iframe-container-5933c9a9de9740bee358da320c7bf82406da2e2f6e93843b06b4514c2030dfd9.js https://www.gstatic.com https://unpkg.com https://cdn.storygize.net https://bs.serving-sys.com *.pinterest.com *.hotjar.com https://platform.twitter.com https://assets.pinterest.com https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.js http://www.facebook.com/plugins/like.php https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js https://cdnjs.cloudflare.com/ajax/libs/foundation/6.4.3/js/foundation.min.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_format_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_default_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_ui_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_corechart_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_fw_module.js https://www.gstatic.com/charts/46.2/third_party/dygraphs/dygraph-tickers-combined.js https://www.gstatic.com/charts/46.2/third_party/webfontloader/webfont.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_bar_module.js https://cdnjs.cloudflare.com/ajax/libs/foundation-essential/5.2.2/js/vendor/modernizr.js https://www.google-analytics.com/analytics.js https://script.crazyegg.com/pages/scripts/0017/5050.js https://static.hotjar.com/c/hotjar-30590.js https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js https://www.storygize.net/a/cecea51f-563b-4ac4-9a2a-8a3660977ad2/abdo.js https://connect.facebook.net/en_US/fbevents.js https://www.gstatic.com/charts/46.2/loader.js https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu https://snap.licdn.com/li.lms-analytics/insight.min.js; connect-src 'self' *.swmed.edu *.utsouthwestern.edu https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css https://ka-f.fontawesome.com/releases/v6.5.0/css/free-v4-shims.min.css https://ka-f.fontawesome.com/releases/v6.5.0/css/free.min.css https://ka-f.fontawesome.com/releases/v6.5.0/css/free-v5-font-face.min.css https://ka-f.fontawesome.com/releases/v6.5.0/css/free-v4-font-face.min.css https://ka-f.fontawesome.com/releases/v6.4.2/css/free.min.css https://ka-f.fontawesome.com/releases/v6.4.2/css/free-v4-shims.min.css https://ka-f.fontawesome.com/releases/v6.4.2/css/free-v5-font-face.min.css https://ka-f.fontawesome.com/releases/v6.4.2/css/free-v4-font-face.min.css https://www.google-analytics.com https://analytics.google.com https://cdn.linkedin.oribi.io https://lm.serving-sys.com *.taggbox.com *.crazyegg.com *.hotjar.io *.hotjar.com https://www.juicer.io https://stats.g.doubleclick.net/j/collect https://listgrowth.ctctcdn.com/v1/5626582cad2b3868b069a1d065b39fd3.json https://visitor2.constantcontact.com/api/v1/signup_forms/ https://secure-ds.serving-sys.com/adServingData/PROD/TMClient/8/6218 https://graph.facebook.com/58323112191/picture https://www.juicer.io/api/page_views https://www.juicer.io/api/feeds/home-page-393b6969-47a9-40b5-b6a5-297bc3722122 https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu; frame-src 'self' *.swmed.edu https://app.powerbi.com/ *.utsouthwestern.edu https://app.truelook.com/ https://utsw.flintbox.com/ https://td.doubleclick.net *.taggbox.com https://forms.office.com/ *.hotjar.com https://www.youvisit.com https://cdn.youvisit.com https://w.soundcloud.com https://platform.twitter.com https://www.facebook.com https://yoshki.com/badge-apta.html https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu https://px.ads.linkedin.com 1
default-src * https: data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; 1
default-src * data: blob: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' *.knightlab.com *.biologicaldiversity.org biologicaldiversity.org; 1
default-src 'unsafe-inline' 'unsafe-eval' data: blob: *; frame-ancestors 'self' https://*.ergo.com https://*.ergo.de; 1
default-src 'self'; object-src 'none'; script-src 'self' https://www.googletagmanager.com/gtag/js https://www.google-analytics.com https://dap.digitalgov.gov; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com/gtag/js https://www2.donotcall.gov; base-uri 'none'; form-action 'self'; frame-src 'none'; frame-ancestors 'self'; report-uri https://telemetry.consumersentinel.gov/api/contentsecuritypolicy; 1
default-src 'self' wss://socket.24live.co https: data: blob: 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' staatskanzlei-thueringen.de *.staatskanzlei-thueringen.de *.flickr.com *.thueringen.de *.mediathek-deutschland.com 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com 1
default-src 'self'; base-uri 'self'; script-src 'unsafe-inline' 'self' statistiek.rvo.nl *.obi4wan.com *.shoppingminds.com *.shoppingminds.net *.creative-serving.com stats.pusher.com cdn.conversationalsdevelopment.nl cdn.seamly-app.com; style-src 'self' 'unsafe-inline' *.rvo.nl cdn.seamly-app.com; object-src *.rvo.nl; connect-src 'self' *.rvo.nl *.rvochat.nl *.rovid.nl *.obi4wan.ai *.shoppingminds.com *.shoppingminds.net *.creative-serving.com *.pusher.com wss://*.pusher.com *.obi4wan.com wss://api.seamly-app.com api.seamly-app.com; img-src 'self' data: *.rvo.nl *.rovid.nl *.obi4wan.com *.shoppingminds.com *.shoppingminds.net *.creative-serving.com *.mediatheekrijksoverheid.nl services.arcgisonline.com www.toegankelijkheidsverklaring.nl; media-src 'self' *.seamly-app.com *.rovid.nl *.mediatheekrijksoverheid.nl; form-action 'self' *.rvo.nl; frame-ancestors 'self' *.rvo.nl; frame-src 'self' *.rvo.nl; script-src-elem 'self' 'unsafe-inline' statistiek.rvo.nl *.obi4wan.com *.shoppingminds.com *.shoppingminds.net *.creative-serving.com stats.pusher.com cdn.seamly-app.com; upgrade-insecure-requests; report-uri https://sentry.dtnr.nl/api/23/security/?sentry_key=75abd3b6f5714c10b9152afedb286218&sentry_environment=prod 1
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://blueimp.github.io *.jquery.com *.toast.com *.jsdelivr.net *.datatables.net *.cloudflare.com https://unpkg.com https://snap.licdn.com *.linkedin.com *.lh.pl *.googletagmanager.com *.facebook.net *.google-analytics.com *.doubleclick.net *.google.com *.gstatic.com www.googleadservices.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.toast.com *.linkedin.com *.googleapis.com *.jsdelivr.net *.datatables.net *.cloudflare.com https://unpkg.com; img-src 'self' *.linkedin.com *.jsdelivr.net *.datatables.net *.cloudflare.com https://unpkg.com *.lh.pl *.googletagmanager.com *.facebook.net *.google-analytics.com *.doubleclick.net *.google.com *.gstatic.com www.googleadservices.com data: *.google.pl *.google.com *.google-analytics.com *.facebook.com; font-src 'self' *.gstatic.com; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; frame-ancestors https://*.frost.com https://*.customerleadershipcouncil.com/ https://*.gilcouncil.com; 1
report-to default; default-src 'none'; img-src 'self' https://ijs.si https://www.ijs.si; style-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' www.projekt-asistent.si:* http://www.projekt-asistent.si:* http://projekt-asistent.si:* http://bio.ijs.si; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; connect-src 'self'; frame-src 'self' 1
base-uri 'self';connect-src 'self' *.stripo.email *.firstpromoter.com esputnik.com *.esputnik.com *.google.com *.google.com.ua *.google-analytics.com *.googletagmanager.com *.googleapis.com https://www.clarity.ms *.plerdy.com events.getsitectrl.com https://rum-collector-2.pingdom.net *.pinterest.com https://stats.g.doubleclick.net *.getsitecontrol.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.jsdelivr.net https://hackerone.com https://cdn.datatables.net https://cdn.ampproject.org https://maxcdn.bootstrapcdn.com https://www.facebook.com http://www.trustlogo.com https://secure.trust-provider.com https://www.instantssl.com https://raw.githubusercontent.com https://stripo-dev.devel.ardas.dp.ua https://s3.eu-west-1.amazonaws.com https://stripoeditor.stripocdnplugin.email https://vimeo.com https://api.vk.com https://i.ytimg.com https://www.youtube.com https://s.ytimg.com https://stripoeditor.stripocdn.email wss://d.plerdy.com *.websitevoice.com https://bat.bing.com https://analytics.tiktok.com https://firstpromoter.com/api/v1/promoters/create *.typeform.com *.growthbook.io https://o.clarity.ms *.clarity.ms wss://stripo-cdn.stripo.email https://*.linkedin.com/ *.google.ie data:;default-src 'self' *.stripo.email *.esputnik.com blob: https://cdn.ampproject.org https://viewstripo.email youtu.be https://www.youtube.com https://www.facebook.com https://hackerone.com *.plerdy.com events.getsitectrl.com https://www.clarity.ms https://stripo.email https://staging.stripo.email https://stripoeditor.stripocdn.email;form-action 'self' *.stripo.email *.facebook.com;img-src 'self' *.stripo.email https://stripo-cdn.stripo.email blob: https://stripo.email *.google-analytics.com https://optimize.google.com https://* data:;object-src 'none';script-src 'self' blob: *.stripo.email 'unsafe-inline' 'unsafe-eval' https://hackerone.com *.pinterest.com https://code.jquery.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.clarity.ms *.google-analytics.com *.plerdy.com events.getsitectrl.com *.firstpromoter.com https://esputnik.com *.tiktok.com *.esputnik.com https://cdn.amplitude.com https://www.googletagmanager.com https://maxcdn.bootstrapcdn.com *.ttwstatic.com/obj/tiktok-web-us/tiktok/falcon/embed https://cdn.datatables.net https://rum-static.pingdom.net https://connect.facebook.net https://cdn.ampproject.org https://s.pinimg.com *.getsitecontrol.com http://www.trustlogo.com https://secure.trust-provider.com https://www.instantssl.com https://raw.githubusercontent.com https://stripo-dev.devel.ardas.dp.ua https://s3.eu-west-1.amazonaws.com https://stripoeditor.stripocdnplugin.email https://api.vk.com https://www.googleoptimize.com https://optimize.google.com https://snap.licdn.com https://accounts.google.com *.bing.com *.websitevoice.com *.facebook.com/tr https://static.ads-twitter.com/uwt.js *.typeform.com https://analytics.tiktok.com *.adroll.com *.ttwstatic.com/obj/tiktok-web/tiktok/ *.ttwstatic.com/obj/tiktok-web-us/tiktok/ https://stripo-cdn.stripo.email;style-src 'self' *.stripo.email 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://stripoeditor.stripocdn.email https://* https://stripo-cdn.stripo.email data:;report-uri 'self';upgrade-insecure-requests;font-src https://fonts.gstatic.com https://* https://stripo-cdn.stripo.email data:;frame-src *.stripo.email *.tiktok.com https://optimize.google.com https://secure.esputnik.com esputnik.com https://hackerone.com https://www.youtube.com https://facebook.com https://www.facebook.com *.plerdy.com https://www.pinterest.com https://accounts.google.com *.pinterest.com *.typeform.com *.adroll.com;frame-ancestors *.stripo.email https://optimize.google.com https://secure.esputnik.com esputnik.com https://hackerone.com https://www.youtube.com https://facebook.com https://www.facebook.com 1
default-src 'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval' https://paybox.doare.org https://services.sdiapi.com https://vice-prod.sdiapi.com https://ucarecdn.com https://d1aqhv4sn5kxtx.cloudfront.net https://www.dafdirect.org pay.google.com *.paypal.com *.paypalobjects.com https://www.instagram.com *.tiktokcdn-us.com https://pay.google.com https://static.fundraiseup.com https://cdn.fundraiseup.com https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/ https://api.mapbox.com/ https://js.verygoodvault.com https://a.gusc.cartocdn.com https://m.addthis.com https://v1.addthisedge.com https://z.moatads.com https://s7.addthis.com https://cdn.signalfx.com https://static.everyaction.com https://lf16-tiktok-web.ttwstatic.com https://www.tiktok.com https://cdn.insight.sitefinity.com https://unpkg.com/ https://ci-public.s3.amazonaws.com https://ci-ooh.s3.amazonaws.com https://fastaction.ngpvan.com https://js2.verygoodvault.com https://profile.ngpvan.com https://d3rse9xjbp8270.cloudfront.net https://www.youtube-nocookie.com https://secure.everyaction.com https://rules.quantcount.com https://secure.quantserve.com https://www.youtube.com https://unpkg.com https://geolocation.onetrust.com/ https://cdn.cookielaw.org/ https://static.arcgis.com https://sp.analytics.yahoo.com https://s.yimg.com https://donorbox.org https://optimize.google.com https://tagmanager.google.com https://www.conservation.org https://app.vwo.com https://public.tableau.com *.typeform.com https://s3.amazonaws.com/trk.cetrk.com/f/t.js *.visualwebsiteoptimizer.com *.crazyegg.com *.stripe.com bitpay.com api.tiles.mapbox.com fast.wistia.com googleads.g.doubleclick.net www.googleadservices.com bat.bing.com secure.adnxs.com *.googletagmanager.com js.stripe.com dcc4iyjchzom0.cloudfront.net cartocdn-gusc.global.ssl.fastly.net conservation.carto.com sp13loader.ciapps.org maps.googleapis.com https://cdnjs.cloudflare.com http://conservation-tron.imgix.net ajax.googleapis.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://conservation-org.tron.silvertech.net https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com; style-src 'self' 'unsafe-inline' https://d1aqhv4sn5kxtx.cloudfront.net https://www.dafdirect.org *.tiktokcdn-us.com https://ci-sharks.s3.amazonaws.com https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/ https://api.mapbox.com https://static.everyaction.com https://lf16-tiktok-web.ttwstatic.com https://embed.typeform.com https://unpkg.com/ https://unpkg.com/leaflet@1.7.1 https://ci-public.s3.amazonaws.com https://ci-ooh.s3.amazonaws.com https://ci-everyaction-public.s3.amazonaws.com https://d3rse9xjbp8270.cloudfront.net https://optimize.google.com https://tagmanager.google.com https://tagmanager.google.com api.tiles.mapbox.com sp13loader.ciapps.org  fonts.googleapis.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; img-src d2iwpl8k086uu2.cloudfront.net https://static.fundraiseup.com https://cicloud.imgix.net https://ciorg.imgix.net https://www.dafdirect.org https://ad.doubleclick.net t.paypal.com pay.google.com *.paypalobjects.com https://ucarecdn.com https://ci-sharks.s3.amazonaws.com https://a.gusc.cartocdn.com https://static.everyaction.com https://sp.analytics.yahoo.com https://upload.wikimedia.org https://www.clker.com https://ci-everyaction.imgix.net https://storage.googleapis.com https://api.mapbox.com https://ci-ooh.s3.amazonaws.com https://d1aqhv4sn5kxtx.cloudfront.net https://secure.everyaction.com https://d1aqhv4sn5kxtx.cloudfront.net https://secure.everyaction.com https://d3rse9xjbp8270.cloudfront.net http://cicloud.s3.amazonaws.com https://cicloud.s3.amazonaws.com https://pixel.quantserve.com https://njoel9cc11.execute-api.us-east-1.amazonaws.com https://d2ey44ppm6i0sm.cloudfront.net https://53f5mmurac.execute-api.us-east-1.amazonaws.com https://53f5mmurac.execute-api.us-east-1.amazonaws.com https://d1wrq3tu9qy8md.cloudfront.net https://ci-pixel-ephemeral.s3.amazonaws.com https://ci-pixel-persistent.s3.amazonaws.com https://cicloud.s3.amazonaws.com/ https://cdn.cookielaw.org/ https://firecastwebserver01.ciapps.org https://services.arcgisonline.com https://server.arcgisonline.com https://d1iczxrky3cnb2.cloudfront.net https://ssl.gstatic.com https://www.gstatic.com http://cloud.conservation.org.s3.amazonaws.com/ https://cloud.conservation.org.s3.amazonaws.com/ https://www.arcgis.com/ https://public.tableau.com https://ci-public.s3.amazonaws.com *.crazyegg.com *.visualwebsiteoptimizer.com *.stripe.com *.googletagmanager.com sitefinity.ciapps-aws.org www.google.com.br www.google.com bat.bing.com stats.g.doubleclick.net cartocdn-gusc.global.ssl.fastly.net sp13loader.ciapps.org *.maps.api.here.com ciorg.imgix.net ciapps-kiwi.imgix.net 'self' maps.gstatic.com http://conservation-tron.imgix.net maps.googleapis.com https://conservation-org.tron.silvertech.net/ i.ytimg.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com; font-src 'self' https://static.fundraiseup.com https://static.everyaction.com https://d3rse9xjbp8270.cloudfront.net sp13loader.ciapps.org themes.googleusercontent.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' d2iwpl8k086uu2.cloudfront.net https://reports.sdiapi.com https://upload.uploadcare.com https://cicloud.s3.amazonaws.com https://api.typeform.com https://www.google.com/pay https://google.com/pay pay.google.com *.paypalobjects.com *.paypal.com https://www.facebook.com https://fndrsp-checkout.net https://api.fundraiseup.com https://sentry.fundraiseup.com https://fndrsp.net https://api-public.addthis.com https://rum-ingest.us1.signalfx.com https://geolocation.onetrust.com https://api.insight.sitefinity.com https://fastaction.ngpvan.com https://profile.ngpvan.com https://actions.everyaction.com https://secure.everyaction.com *.crazyegg.com https://recording.crazyegg.com https://privacyportal-eu.onetrust.com https://analytics.google.com https://stats.g.doubleclick.net https://script.crazyegg.com https://ci-public.s3.amazonaws.com https://conservation.org.s3.amazonaws.com https://dvm5qo6r5pdyf.cloudfront.net https://cdn.cookielaw.org/ https://tracking.crazyegg.com https://s.yimg.com https://api.altmetric.com https://doi.org https://api.crossref.org https://data.crossref.org https://carbonfootprint.short.car-calc.cc sample-api-v2.crazyegg.com https://cibitly.ciapps.org https://act.conservation.org https://firecastwebserver01.ciapps.org stripe.ciapps.org checkout.stripe.com bitpay.ciapps.org *.google-analytics.com bitpay.com events.mapbox.com api.mapbox.com convio.ciapps.org secure2.convio.net sharkstracker.ciapps.org conservation.carto.com sp13loader.ciapps.org accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com data: blob: ; media-src d2iwpl8k086uu2.cloudfront.net https://ooh.ciapps-aws.org https://dow8iayks4wtt.cloudfront.net http://cicloud.s3.amazonaws.com https://ci-ooh.s3.amazonaws.com civideos.ciapps.org 'self' data: blob:; child-src 'self' https://services.sdiapi.com https://embed.ted.com https://www.paypal.com https://www.paypalobjects.com https://td.doubleclick.net https://player.pbs.org https://www.instagram.com https://pay.google.com https://conservation.maps.arcgis.com https://js.verygoodvault.com https://s7.addthis.com/ https://v.qq.com https://js2.verygoodvault.com https://forms.microsoft.com https://app.powerbi.com https://open.spotify.com https://donorbox.org/ https://optimize.google.com https://app.vwo.com https://firecastwebserver01.ciapps.org https://form.jotform.com/ https://www.un.org https://logiprod.conservation.org/ https://www.arcgis.com/ https://public.tableau.com *.microsoftonline.com *.office.com *.typeform.com www.tiktok.com data: blob: checkout.stripe.com bitpay.com bid.g.doubleclick.net sitefinity.ciapps-aws.org submit.jotformz.com form.jotformz.com 8760954.fls.doubleclick.net js.stripe.com www.qzzr.com https://platform.twitter.com/ http://conservation-tron.imgix.net https://syndication.twitter.com/ https://www.youtube.com/ https://conservation-org.tron.silvertech.net/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; 1
frame-ancestors *.payback.de; report-uri /blueberry/servlet/handler/cspreporting 1
frame-ancestors 'self' *.wallet.airpay.com.co *.shopee.kr *.airpay.com.co *.shopeemobile.com *.shopee.com.co *.shopee.cn *.shopee.io *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
default-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https: data:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src *; media-src https: data: blob:; worker-src https: blob:; frame-src 'self' https:; frame-ancestors 'self'; upgrade-insecure-requests 1
script-src 'self' https://*.patreon.com 'unsafe-inline' 1
frame-ancestors 'self' www.ed2go.com; upgrade-insecure-requests; 1
connect-src adobedc.demdex.net edge.adobedc.net *.amazonaws.com *.doubleclick.net *.googleapis.com *.kyruus.com cdn.cookielaw.org geolocation.onetrust.com 'self' Test *.visualstudio.com wss:; default-src blob: data: https: 'self'; frame-src *.agkn.com *.doubleclick.net *.google.com mdlink.ucsfmedicalcenter.org ucsfmychart.ucsfmedicalcenter.org testmyc.ucsfmedicalcenter.org 'self' *.sitecore.net *.vimeo.com *.youtube.com; script-src try.abtasty.com *.adobedtm.com *.answerscloud.com *.azurewebsites.net *.calltrk.com *.clicktale.net *.cloudflare.com *.cloudflareinsights.com *.doubleclick.net *.evaliahealth.com *.facebook.net *.foresee.com *.google.com *.googleadservices.com *.googleapis.com *.gstatic.com *.invoca.net *.invocacdn.com *.jsdelivr.net *.msecnd.net *.cookielaw.org cdn.cookielaw.org *.radiomd.com 'self' *.skyword.com *.tealiumiq.com *.tiqcdn.com *.twitter.com datalayer.ucsfhealth.org 'unsafe-eval' 'unsafe-inline' *.vimeo.com *.vimeocdn.com *.visto1.net; style-src *.fonts.net *.googleapis.com optimize.google.com 'self' 'unsafe-inline'; worker-src blob:; 1
default-src 'self' *.bikemap.net bikemap-development-media.s3.eu-central-1.amazonaws.com media.bikemap.net;  script-src 'self' *.bikemap.net bikemap-development-media.s3.eu-central-1.amazonaws.com media.bikemap.net www.googletagmanager.com js-agent.newrelic.com bam.nr-data.net    'unsafe-eval' 'unsafe-inline';  connect-src 'self' *.bikemap.net bikemap-development-media.s3.eu-central-1.amazonaws.com media.bikemap.net *.google-analytics.com bam.nr-data.net api.tomtom.com;  style-src 'self' *.bikemap.net bikemap-development-media.s3.eu-central-1.amazonaws.com media.bikemap.net 'unsafe-inline';  img-src 'self' *.bikemap.net bikemap-development-media.s3.eu-central-1.amazonaws.com media.bikemap.net www.googletagmanager.com blob: data:;  font-src 'self' *.bikemap.net bikemap-development-media.s3.eu-central-1.amazonaws.com media.bikemap.net;  object-src 'none';  base-uri 'self';  form-action 'none';  frame-ancestors 'none';  upgrade-insecure-requests; 1
frame-ancestors 'self' https://www.w3schools.com https://classroom.google.com https://diksha.gov.in https://*.diksha.gov.in https://bmzbbujw9kal.compat.objectstorage.ap-mumbai-1.oraclecloud.com 1
default-src 'none'; form-action 'self' https://www.facebook.com; frame-ancestors 'self' https://*.matomo.cloud https://*.innocraft.cloud http://localhost; base-uri 'self' https://demo-web.matomo.org https://web.innocraft.cloud; prefetch-src 'self'; connect-src 'self' https://matomo.org  https://web.innocraft.cloud https://www.userlike.com https://cdn.plyr.io https://demo-web.matomo.org https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com wss://chat.userlike.com wss://umd.userlike.com https://api.userlike.com https://video.matomo.org; script-src 'self' https://snap.licdn.com  https://userlike-cdn-umm.b-cdn.net https://web.innocraft.cloud https://cdn.matomo.cloud https://embed.clickmeeting.com https://madmimi.com https://cdn.shortpixel.ai https://cdnjs.cloudflare.com https://www.youtube.com api.userlike.com https://d3dc1lgancj6l0.cloudfront.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://static.matomo.org https://demo-web.matomo.org https://m-img.org 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://demo-web.matomo.org https://web.innocraft.cloud https://static.matomo.org; img-src 'self'   https://demo-web.matomo.org https://web.innocraft.cloud https://plugins.matomo.org https://qrcode.kaywa.com https://raw.githubusercontent.com https://user-images.githubusercontent.com https://m-img.org https://piwik.org https://matomo.org https://static.matomo.org https://video.matomo.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com data:; media-src 'self' https://video.matomo.org https://www.matomo.org https://matomo.org blob:; font-src 'self' https://userlike-cdn-umm.b-cdn.net https://demo-web.matomo.org https://web.innocraft.cloud https://static.matomo.org data:  https://github.com https://d3dc1lgancj6l0.cloudfront.net; frame-src 'self' https://www.facebook.com https://play.quickchannel.com https://matomo.clickmeeting.com https://embed.clickmeeting.com https://www.youtube-nocookie.com https://demo.matomo.cloud https://demo-web.matomo.org https://demo2.piwik.org https://demo2.matomo.org; 1
default-src 'self'; connect-src 'self' app.adjust.com api.traderepublic.com tracking.traderepublic.com sentry.traderepublic.com rum-http-intake.logs.datadoghq.eu *.browser-intake-datadoghq.eu browser-intake-datadoghq.eu boards-api.greenhouse.io cdn.contentful.com api.contentful.com www.g.doubleclick.net www.google.de www.google.fr www.google.at www.google.es www.google.it www.google.nl www.google.pl *.google-analytics.com trc-events.taboola.com psb.taboola.com *.analytics.google.com analytics.google.com bat.bing.com mp.traderepublic.com cdn.linkedin.oribi.io amplify.outbrain.com tr.outbrain.com; script-src 'self' 'unsafe-inline' cdn.adjust.com g.microsoft.com www.google.com analytics.twitter.com googleads.g.doubleclick.net trc.taboola.com psb.taboola.com tr.outbrain.com boards.greenhouse.io *.google-analytics.com www.googleadservices.com snap.licdn.com bat.bing.com static.ads-twitter.com connect.facebook.com connect.facebook.net amplify.outbrain.com wave.outbrain.com cdn.taboola.com www.googletagmanager.com www.datadoghq-browser-agent.com sc-static.net tracking.traderepublic.com *.adform.net; img-src 'self' data: trc.taboola.com connect.facebook.net t.co www.linkedin.com www.facebook.com cds.taboola.com psb.taboola.com p.adsymptotic.com www.google.com www.google.de www.google.fr www.google.at www.google.es www.google.it www.google.nl www.google.be www.google.ee www.google.fi www.google.gr www.google.ie www.google.pt www.google.lt www.google.lu www.google.lv www.google.si www.google.sk *.google-analytics.com *.analytics.google.com analytics.google.com tracking.traderepublic.com tr.outbrain.com images.ctfassets.net images.contentful.com assets.traderepublic.com boards.greenhouse.io www.googletagmanager.com px.ads.linkedin.com px4.ads.linkedin.com bat.bing.com googleads.g.doubleclick.net amplify.outbrain.com; style-src 'self' 'unsafe-inline'; font-src 'self'; media-src videos.contentful.com videos.ctfassets.net; child-src boards.greenhouse.io www.googletagmanager.com *.adform.net; base-uri 'self' 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.downtoearth.org.in;block-all-mixed-content; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.smarttech.com 1
default-src 'self' ; style-src 'self' 'unsafe-inline' *.googleapis.com *.cloudfront.net *.datablocks.se *.adverty.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net *.usemessages.com *.lfeeder.com *.cloudfront.net *.datablocks.se *.adverty.com; connect-src *; img-src *; media-src *; manifest-src *; font-src *; frame-src * 1
frame-ancestors 'self' myonline.bradley.edu bradley.meritpages.com 1
default-src 'self' https://*.stan.com.au; child-src 'self' https://www.youtube.com.au; connect-src 'self' blob: https://*.adyen.com https://*.akamaihd.net https://*.braintreegateway.com https://*.doubleclick.net https://*.google.com https://*.ovpobs.tv https://*.paypal.com https://*.stan.com.au https://*.stripe.com https://*.visualwebsiteoptimizer.com https://analytics.pangle-ads.com https://analytics.tiktok.com https://app.vwo.com https://ara.paa-reporting-advertising.amazon https://bat.bing.com https://conversions-config.reddit.com https://ib.adnxs.com https://ipv4.podscribe.com https://payments.braintree-api.com https://pixel-config.reddit.com https://pixel.tapad.com https://s.amazon-adsystem.com https://sink.pdst.fm https://tr.snapchat.com https://tr6.snapchat.com https://us-central1-adaptive-growth.cloudfunctions.net https://verifi.podscribe.com https://www.facebook.com https://www.google-analytics.com https://www.redditstatic.com; form-action 'self' https://*.stan.com.au https://www.facebook.com https://checkoutshopper-live-au.adyen.com; font-src 'self' data: https://www.stan.com.au; frame-src 'self' https://*.amazon-adsystem.com https://*.doubleclick.net https://*.paypal.com https://*.stripe.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://apps.rokt.com https://checkoutshopper-live-au.adyen.com https://insight.adsrvr.org https://match.adsrvr.org https://servedby.flashtalking.com https://platform.twitter.com https://tr.snapchat.com https://www.facebook.com https://www.google.com https://www.youtube.com; img-src 'self' blob: data: https://*.adyen.com https://*.akamaihd.net https://*.bing.com https://*.doubleclick.net https://*.google.com.au https://*.google.com https://*.ovpobs.tv https://*.paypal.com https://*.stan.com.au https://*.visualwebsiteoptimizer.com https://alb.reddit.com https://analytics.twitter.com https://app.vwo.com https://chart.googleapis.com https://i.ytimg.com https://t.co https://tr.snapchat.com https://verifi.podscribe.com https://wingify-assets.s3.amazonaws.com https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' blob:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.doubleclick.net https://*.ovpobs.tv https://*.paypal.com https://*.stan.com.au https://*.stripe.com https://*.visualwebsiteoptimizer.com https://acdn.adnxs.com https://analytics.tiktok.com https://analytics.twitter.com https://app.vwo.com https://apps.rokt.com https://bat.bing.com https://c.amazon-adsystem.com https://cdn.pdst.fm https://connect.facebook.net https://d34r8q7sht0t9k.cloudfront.net https://js.adsrvr.org https://redditstatic.s3.amazonaws.com https://sc-static.net https://static.ads-twitter.com https://tr.snapchat.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.paypalobjects.com https://www.redditstatic.com; style-src 'self' 'unsafe-inline' https://*.test.streamco.com.au https://*.visualwebsiteoptimizer.com https://app.vwo.com https://fonts.googleapis.com; worker-src 'self' blob:; report-uri https://api.stan.com.au/features/v1/collect-csp; 1
default-src https://talkjs.com https://*.talkjs.com wss://talkjs.com wss://*.talkjs.com; font-src https: data:; img-src 'self' http: https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com; style-src https: data: 'unsafe-inline'; frame-src https://*.talkjs.com https://talkjs.retool.com; connect-src https://talkjs.com https://*.talkjs.com wss://talkjs.com wss://*.talkjs.com https://api.hsforms.com https://plausible.io https://*.trackjs.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://www.google-analytics.com https://analytics.google.com https://*.google-analytics.com; object-src 'none'; 1
frame-ancestors https://methstreams.com https://nbastreamswatch.com https://nbastreamslinks.com https://watchnbastreams.com https://crackstreams.ws https://mlb.trybarry.shop 1
default-src 'none';frame-ancestors 'none' 1
frame-ancestors 'self' login.microsoftonline.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft 1
base-uri 'self'; object-src 'none'; default-src 'self'  *.optimizely.com *.onetrust.com blob: *.svb.com *.zscloud.net cookielaw.org; frame-ancestors 'self' *.seismic.com *.blueconic.net *.svb.com; frame-src 'self' *.slideshare.net *.podbean.com *.wistia.net *.mktoweb.com *.onetrust.com *.company-target.com *.doubleclick.net *.google.com *.svb.com *.optimizely.com *.wistia.com *.youtube-nocookie.com *.youtu.be *.youtube.com *.vimeo.com; connect-src 'self' wss: *.spotify.com *.cloudfunctions.net *.redditstatic.com *.reddit.com *.bing.com *.aptrinsic.com *.linkedin.com *.msecnd.net *.bostonprivate.com *.voxsnap.com *.googlesyndication.com *.svb.com *.visualstudio.com *.googletagmanager.com *.kampyle.com *.demandbase.com *.company-target.com *.mktoresp.com *.mktorest.com *.oribi.io *.doubleclick.net *.google.com *.crazyegg.com *.onetrust.com *.cookielaw.org *.optimizely.com *.google-analytics.com *.googleapis.com *.wistia.net *.wistia.com *.blueconic.net; img-src 'self' *.ytimg.com *.reddit.com *.bidswitch.net *.casalemedia.com *.rubiconproject.com *.yahoo.net *.idio.co *.pubmatic.com *.yahoo.com *.voxsnap.com *.adsrvr.org *.svb.com data: cdn.optimizely.com *.googletagmanager.com *.company-target.com *.twitter.com t.co *.kampyle.com *.bing.com *.episerver.net *.rlcdn.com *.linkedin.com *.cookielaw.org *.google.com *.adnxs.com *.doubleclick.net *.google-analytics.com *.gstatic.com *.googleapis.com *.wistia.net *.wistia.com; font-src 'self' data: *.onetrust.com *.cloudfront.net *.bootstrapcdn.com *.voxsnap.com *.svb.com *.gstatic.com *.wistia.net *.wistia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.welcomesoftware.com *.pdst.fm *.redditstatic.com *.googlesyndication.com *.googleadservices.com *.onetrust.com  *.sentry-cdn.com *.aptrinsic.com *.azure.com *.bootstrapcdn.com *.jquery.com *.onlineaccess1.com *.mktoweb.com *.voxsnap.com *.voxsnap.com *.bing.com *.demandbase.com *.adnxs.com *.ads-twitter.com *.marketo.net blob: *.doubleclick.net *.licdn.com *.crazyegg.com *.wistia.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.blueconic.net *.cookielaw.org *.msecnd.net *.episerver.net *.optimizely.com *.kampyle.com dixonandmoe.com *.youtube-nocookie.com *.youtu.be *.youtube.com *.vimeo.com *.wistia.net *.zencdn.net *.svb.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com; style-src 'self' 'unsafe-inline' *.onetrust.com *.aptrinsic.com *.googletagmanager.com *.bootstrapcdn.com *.mktoweb.com *.voxsnap.com *.zencdn.net *.googleapis.com *.svb.com; media-src 'self' blob: *.youtube-nocookie.com *.youtu.be *.youtube.com *.vimeo.com *.svb.com *.voxsnap.com *.wedia-group.com *.wistia.net *.wistia.com; form-action 'self' *.bostonprivate.com *.svb.com; report-uri /cspreport; report-to csp-endpoint; upgrade-insecure-requests; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://static-us.christianlouboutin.com https://us.christianlouboutin.com https://*.christianlouboutin.com data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://www.booxi.com https://www.booxi.eu *.baqend.com *.abtasty.com abtasty.com www.paypalobjects.com www.booxi.eu www.booxi.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://www.facebook.com https://idcheck.acs.touchtechpayments.com/v1/payerAuthentication https: *.salesforce.com https://*/* *.baqend.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com magento-cloudflare.jetrails.com https://www.youtube.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.freecaster.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://checkoutshopper-live-au.adyen.com https://www.facebook.com https://vimeo.com https://s7.addthis.com https: https://*.online-metrix.net https://imgs.signifyd.com *.contentsquare.net abtasty.com *.abtasty.com *.blivenyc.com https://www.booxi.com https://www.booxi.eu 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com *.ytimg.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://static-us.christianlouboutin.com https://us.christianlouboutin.com https://*.christianlouboutin.com https://imgs.signifyd.com https://*.online-metrix.net imgs.cdn-btsg.com https://px.ads.linkedin.com *.facebook.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com *.doubleclick.net https://bat.bing.com *.google.com https://www.google.fr *.google.nl https://www.google.at https://www.google.bs https://www.google.co.in https://maps.gstatic.com https://maps.googleapis.com https://chart.googleapis.com *.gstatic.com https://lh3.googleusercontent.com https://googleads.g.doubleclick.net *.useinsider.com https://www.booxi.com https://www.booxi.eu *.pinterest.com *.teads.tv *.snapchat.com https://*.googletagmanager.com *.baqend.com *.contentsquare.net https://analytics.tiktok.com *.abtasty.com abtasty.com browser-intake-datadoghq.eu a.mktgcdn.com cdn.cookielaw.org data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.google.com/ https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://static-us.christianlouboutin.com https://us.christianlouboutin.com https://*.christianlouboutin.com imgs.cdn-btsg.com https://cdn-scripts.signifyd.com https://s.pinimg.com https://snap.licdn.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://cdn.mxpnl.com data: *.google.com *.google.nl *.googletagmanager.com https://polyfill.io *.google-analytics.com tpc.googlesyndication.com www.youtube.com www.gstatic.com https://bat.bing.com https://maps.googleapis.com https://c.la1-c2-ord.salesforceliveagent.com https://www.gstatic.com https://bat.bing.com/bat.js *.facebook.net https://s7.addthis.com https://m.addthis.com https://v1.addthisedge.com https://z.moatads.com *.pinterest.com https://graph.facebook.com https://d.line-scdn.net https://analytics.tiktok.com https://sf16-scmcdn-va.ibytedtos.com *.useinsider.com *.instana.io *.salesforceliveagent.com https://europe-west1-consent-lab.cloudfunctions.net https://www.booxi.eu https://www.booxi.com *.teads.tv sc-static.net https://www.datadoghq-browser-agent.com browser-intake-datadoghq.eu *.cloudflare.com *.snapchat.com googleads.g.doubleclick.net stats.g.doubleclick.net *.salesforce.com *.salesforce-sites.com cdn.jsdelivr.net https://*.onetrust.com ajax.cloudflare.com https://static.lightning.force.com *.contentsquare.net *.cloudflareinsights.com *.target2sell.mirakl.net *.pw.adn.cloud cdn.cookielaw.org *.baqend.com *.onetrust.com *.abtasty.com abtasty.com https://service.force.com conversions.lunio.ai *.prod.mplat-ppcprotect.com *.debugbear.com www.booxi.eu www.booxi.com www.datadoghq-browser-agent.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com https://static-us.christianlouboutin.com https://us.christianlouboutin.com https://*.christianlouboutin.com data: https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://tagmanager.google.com https://*.salesforce.com *.salesforce-sites.com https://service.force.com https://www.booxi.com https://www.booxi.eu *.baqend.com *.abtasty.com abtasty.com www.booxi.eu www.booxi.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://static-us.christianlouboutin.com https://us.christianlouboutin.com https://*.vimeo.com https://*.akamaized.net blob: *.useinsider.com *.baqend.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://static-us.christianlouboutin.com https://us.christianlouboutin.com https://*.christianlouboutin.com *.salesforce-sites.com googleads.g.doubleclick.net imgs.cdn-btsg.com https://us-central1-data-hal-9000.cloudfunctions.net *.algolia.net *.google-analytics.com stats.g.doubleclick.net https://bat.bing.com https://s7.addthis.com https://api-js.mixpanel.com *.facebook.com https://pinterest.com *.pinterest.com *.google.nl https://analytics.tiktok.com *.instana.io https://europe-west1-consent-lab.cloudfunctions.net https://rum.browser-intake-datadoghq.eu https://session-replay.browser-intake-datadoghq.eu browser-intake-datadoghq.eu https://cdn.linkedin.oribi.io *.teads.tv *.snapchat.com https://*.googleapis.com *.baqend.com *.onetrust.com *.contentsquare.net *.target2sell.com *.cloudflareinsights.com https://*.freecaster.com *.adn.cloud *.abtasty.com abtasty.com *.salesforce.com *.prod.mplat-ppcprotect.com *.target2sell.mirakl.net *.blivenyc.com *.debugbear.com cdn.cookielaw.org geolocation.onetrust.com *.run.app https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.sportsline.com *.cbssports.com *.ampproject.org *.amp.cloudflare.com; default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https:; block-all-mixed-content; report-uri https://cbscom.report-uri.com/r/d/csp/reportOnly 1
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw  flightbookings.airnewzealand.com.cn flightbookings.airnewzealand.co.jp identity.airnewzealand.com au-connect.authsignal.com auth.identity.airnewzealand.com auth.identity.qual.airnewzealand.com koruclub.airnewzealand.com auth.airnewzealand.co.nz; script-src 'self' p-airnz.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com display.wayin.com www.everestjs.net *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com s.swiftypecdn.com upgrade.plusgrade.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com static.hotjar.com script.hotjar.com yourir.info *.airnewzealand.co.nz auth.airnewzealand.co.nz ssl.google-analytics.com cdnjs.cloudflare.com musculahq.appspot.com dnn506yrbagrg.cloudfront.net xsell.expedia.com ddc.optimahub.com www.newzealand.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js oc-cdn-public-oce.azureedge.net; style-src 'unsafe-inline' p-airnz.com fonts.googleapis.com tagmanager.google.com s.swiftypecdn.com upgrade-cdn-prd.plusgrade.com static.hotjar.com script.hotjar.com yourir.info 'self' oc-cdn-public-oce.azureedge.net; img-src https: data: static.hotjar.com script.hotjar.com; font-src p-airnz.com fonts.googleapis.com fonts.gstatic.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com 'self' data:; media-src 'self' p-airnz.com ; frame-src 'self' *.google.com auth.identity.airnewzealand.com identity.airnewzealand.com au-connect.authsignal.com nz.fltmaps.com airpointscalculator.co.nz www.youtube.com airnz.wufoo.com xd.wayin.com display.engagesciences.com www.everestjs.net pixel.everesttech.net *.demdex.net *.doubleclick.net www.googletagmanager.com *.cdn-pci.optimizely.com nebula-cdn.kampyle.com vars.hotjar.com *.airnewzealand.co.nz auth.airnewzealand.co.nz sec.windcave.com uat.windcave.com hotels.airnewzealand.co.nz oc-cdn-public-oce.azureedge.net blob: airnz-cargo.chooose.today airnz-corporate.chooose.today emissions-platform.airnewzealand.co.nz; connect-src 'self' api.airnz.io api.airnz.ai *.googleapis.com *.google.com *.gstatic.com auth.airnewzealand.co.nz identity.airnewzealand.com *.demdex.net *.tt.omtrdc.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net adservice.google.com www.google.com *.optimizely.com s.swiftypecdn.com search-api.swiftype.com *.kampyle.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.sentry.io yourir.info ssl.google-analytics.com muscula.herokuapp.com sec.windcave.com uat.windcave.com tourismnz.sc.omtrdc.net https://widget.timatic.iata.org/api/; object-src 'none'; frame-ancestors 'self' https: http:; report-uri /csp-report 1
frame-ancestors 'self' https://*.blueconic.net; 1
upgrade-insecure-requests; default-src data: blob: https: gap: gap-iab: 'unsafe-inline' 'unsafe-eval'; form-action https: 1
frame-ancestors 'self' microsoftonline.com sharepoint-df.com sharepoint.com sharepointonline.com spgrid.com spolabs.com spoppe.com sposites.com partner.microsoftonline.cn sharepoint.cn sharepoint.de myus.msftsptest.com my.microsoftpersonalcontentppe.com wopi.onedrive.com wopi.onedrive-tst.com outlook.office.com outlook-sdf.office.com outlook.live.com outlook-sdf.live.com outlook-tdf.live.com sdfpilot.live.com outlook.office365.us outlook.office365.com exchangelabs.live-int.com office-int.com officeapps.live-int.com officeapps.live.com *.teams.microsoft.com teams.cloud.microsoft *.microsoft365.com *.office.com m365.cloud.microsoft outlook.live.com outlook.office.com outlook.office365.com outlook-sdf.office.com outlook-sdf.office365.com outlook.cloud.microsoft edgeservices.bing.com www.bing.com www.staging-bing-int.com copilot.microsoft.com accounts2.creately.com msteams.creately.com app.creately.com app2.creately.com app-eu.creately.com api-eu.creately.com app-au.creately.com api-au.creately.com app-uae.creately.com api-uae.creately.com api.creately.com accounts.google.com docs.google.com teams.microsoft.com *.ngrok.io *.atlassian.net *.fic.cloud *.fullyincontrol.cloud *.sharepoint.com; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-qri5I2ZkWgWmxYUyS4Lrvg=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com *.policytech.com ethicspointvp.com 'self' 'unsafe-eval' 'unsafe-inline' *.navexglobal.com app.pendo.io cdn.pendo.io data.pendo.io app.eu.pendo.io cdn.eu.pendo.io data.eu.pendo.io pendo-static-5068799715311616.storage.googleapis.com pendo-static-5176557049217024.storage.googleapis.com pendo-static-5938830502264832.storage.googleapis.com pendo-eu-static-5068799715311616.storage.googleapis.com pendo-eu-static-5176557049217024.storage.googleapis.com pendo-eu-static-5938830502264832.storage.googleapis.com; connect-src *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com *.policytech.com ethicspointvp.com 'self' 'unsafe-eval' 'unsafe-inline' wss: *.navexglobal.com navex-be-dev.zoominsoftware.io navex-be-prod.zoominsoftware.io *.truste.com *.newrelic.com *.nr-data.net app.pendo.io data.pendo.io api.feedback.us.pendo.io app.eu.pendo.io data.eu.pendo.io api.feedback.eu.pendo.io pendo-static-5068799715311616.storage.googleapis.com pendo-static-5176557049217024.storage.googleapis.com pendo-static-5938830502264832.storage.googleapis.com pendo-eu-static-5068799715311616.storage.googleapis.com pendo-eu-static-5176557049217024.storage.googleapis.com pendo-eu-static-5938830502264832.storage.googleapis.com app.launchdarkly.com events.launchdarkly.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com *.policytech.com ethicspointvp.com cdn.jsdelivr.net iph.zoominsoftware.io www.googletagmanager.com www.google-analytics.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5068799715311616.storage.googleapis.com pendo-static-5176557049217024.storage.googleapis.com pendo-static-5938830502264832.storage.googleapis.com app.eu.pendo.io cdn.eu.pendo.io pendo-eu-static-5068799715311616.storage.googleapis.com pendo-eu-static-5176557049217024.storage.googleapis.com pendo-eu-static-5938830502264832.storage.googleapis.com *.truste.com *.newrelic.com *.nr-data.net ajax.googleapis.com data: *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com *.policytech.com ethicspointvp.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5068799715311616.storage.googleapis.com pendo-static-5176557049217024.storage.googleapis.com pendo-static-5938830502264832.storage.googleapis.com app.eu.pendo.io cdn.eu.pendo.io pendo-eu-static-5068799715311616.storage.googleapis.com pendo-eu-static-5176557049217024.storage.googleapis.com pendo-eu-static-5938830502264832.storage.googleapis.com *.truste.com *.navexglobal.com ; img-src 'self' data: *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com *.policytech.com ethicspointvp.com cdn.pendo.io app.pendo.io data.pendo.io cdn.eu.pendo.io app.eu.pendo.io data.eu.pendo.io pendo-static-5068799715311616.storage.googleapis.com pendo-static-5176557049217024.storage.googleapis.com pendo-static-5938830502264832.storage.googleapis.com *.truste.com *.navexglobal.com pendo-eu-static-5068799715311616.storage.googleapis.com pendo-eu-static-5176557049217024.storage.googleapis.com pendo-eu-static-5938830502264832.storage.googleapis.com 0jjym5j2w4.execute-api.us-east-1.amazonaws.com navex-be-dev.zoominsoftware.io navex-be-prod.zoominsoftware.io; frame-src *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com *.policytech.com ethicspointvp.com app.pendo.io portal.feedback.us.pendo.io app.eu.pendo.io portal.feedback.eu.pendo.io player.vimeo.com 'self' 'unsafe-eval' *.navexglobal.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com app.pendo.io cdn.pendo.io app.eu.pendo.io cdn.eu.pendo.io pendo-static-5068799715311616.storage.googleapis.com pendo-static-5176557049217024.storage.googleapis.com pendo-static-5938830502264832.storage.googleapis.com pendo-eu-static-5068799715311616.storage.googleapis.com pendo-eu-static-5176557049217024.storage.googleapis.com pendo-eu-static-5938830502264832.storage.googleapis.com fonts.googleapis.com *.ethicspoint.com *.typekit.net cloud.typography.com; font-src 'self' fonts.gstatic.com ajax.googleapis.com *.typekit.net fonts.gstatic.com; frame-ancestors 'self' app.pendo.io app.eu.pendo.io *.ethicspointvp.com; 1
frame-ancestors self https://api.cf4677zld0-thepepboy1-p1-public.model-t.cc.commerce.ondemand.com:443  https://api-ccv2-prod-hybris.pepboys.com:443  https://ccv2-prod-hybris.pepboys.com:443 https://www.pepboys.com:443 1
frame-ancestors 'self' https://cms.mixbook.com https://help.mixbook.com https://mixbook.kustomerapp.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.mayerbrown.com www.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com www.youtube.com www.vimeo.com player.vimeo.com/ cdn.cookielaw.org stats.g.doubleclick.net *.onetrust.com *.org.coveo.com *.commoninja.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mayerbrown.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com cdnjs.cloudflare.com player.polyv.net cdn.cookielaw.org sc.lfeeder.com view.ceros.com *.vimeo.com *.commoninja.com ; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.mayerbrown.com fonts.googleapis.comsrc fast.fonts.net ; media-src 'self' 'unsafe-inline' 'unsafe-eval' *.mayerbrown.com www.youtube.com www.vimeo.com player.vimeo.com ; img-src * 'self' 'unsafe-inline' 'unsafe-eval' *.mayerbrown.com data: filesystem: ; font-src 'self' *.mayerbrown.com fonts.gstatic.com data: ; frame-src 'self' *.mayerbrown.com player.vimeo.com www.youtube.com www.vimeo.com www.google.com view.ceros.com html5-player.libsyn.com connect.mayerbrown.com cdn.yoshki.com airtable.com ; 1
default-src 'self' naspers-corp-v2.cm.invdcloud-is.co.uk naspers-corp-v2.cm.idxcloud.co.uk *.analytics.google.com *.google.com *.google-analytics.com naspers-corp-v2.cd.invdcloud-is.co.uk naspers-corp-v2.cd.idxcloud.co.uk cdn.jsdelivr.net cdnjs.cloudflare.com www.google.com code.jquery.com geoid.investisdigital.com www.googletagmanager.com www.connectidfeed.com;  img-src 'self' 'unsafe-inline' data: naspers-corp-v2.cm.invdcloud-is.co.uk i.vimeocdn.com i.ytimg.com www.youtube-nocookie.com naspers-corp-v2.cm.idxcloud.co.uk google-analytics.com tr.lfeeder.com naspers-corp-v2.cd.invdcloud-is.co.uk naspers-corp-v2.cd.idxcloud.co.uk www.google.com www.google.co.in viz.tools.investis.com *.brightcove.com *.boltdns.net cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com www.googletagmanager.com www.connectidfeed.com p.typekit.net;   frame-src 'self' www.youtube-nocookie.com td.doubleclick.net player.vimeo.com naspers-corp-v2.cm.invdcloud-is.co.uk naspers-corp-v2.cm.idxcloud.co.uk *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net naspers-corp-v2.cd.invdcloud-is.co.uk naspers-corp-v2.cd.idxcloud.co.uk otp.tools.investis.com cdn.jsdelivr.net www.youtube.com cdnjs.cloudflare.com www.google.com code.jquery.com www.google-analytics.com fonts.googleapis.com www.googletagmanager.com www.connectidfeed.com irs.tools.investis.com;   style-src assets.investisdigital.com 'self' 'unsafe-inline' 'unsafe-eval' p.typekit.net naspers-corp-v2.cm.invdcloud-is.co.uk naspers-corp-v2.cm.idxcloud.co.uk naspers-corp-v2.cd.invdcloud-is.co.uk naspers-corp-v2.cd.idxcloud.co.uk *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net viz.tools.investis.com cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com use.typekit.net https://assets.investisdigital.com; script-src player.vimeo.com f.vimeocdn.com www.youtube-nocookie.com sc.lfeeder.com staticcontents.investisdigital.com *.analytics.google.com *.google.com *.google-analytics.com *.amazonaws.com  assets.investisdigital.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net 'self' 'unsafe-inline' otp.tools.investis.com www.youtube.com connect.facebook.net 'unsafe-eval' naspers-corp-v2.cm.invdcloud-is.co.uk naspers-corp-v2.cm.idxcloud.co.uk naspers-corp-v2.cd.invdcloud-is.co.uk naspers-corp-v2.cd.idxcloud.co.uk unpkg.com www.google.com cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com viz.tools.investis.com www.googletagmanager.com fonts.googleapis.com www.connectidfeed.com use.typekit.net irs.tools.investis.com; media-src 'self' blob: naspers-corp-v2.cm.invdcloud-is.co.uk naspers-corp-v2.cm.idxcloud.co.uk naspers-corp-v2.cd.invdcloud-is.co.uk naspers-corp-v2.cd.idxcloud.co.uk *.brightcovecdn.com cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com www.googletagmanager.com fonts.googleapis.com www.connectidfeed.com; connect-src www.youtube-nocookie.com *.analytics.google.com *.google.com *.google-analytics.com *.amazonaws.com assets.investisdigital.com  viz.tools.investis.com www.naspers.com naspers-corp-v2.cm.invdcloud-is.co.uk naspers-corp-v2.cm.idxcloud.co.uk naspers-corp-v2.cd.invdcloud-is.co.uk naspers-corp-v2.cd.idxcloud.co.uk stats.g.doubleclick.net www.connectidfeed.com *.brightcove.com geoid.investisdigital.com region1.google-analytics.com cookiemanager.investisdigital.com www.youtube.com fonts.googleapis.com;font-src 'self' naspers-corp-v2.cm.invdcloud-is.co.uk naspers-corp-v2.cm.idxcloud.co.uk naspers-corp-v2.cd.invdcloud-is.co.uk naspers-corp-v2.cd.idxcloud.co.uk www.connectidfeed.com www.googletagmanager.com use.typekit.net; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.youtube-nocookie.com *.itzbund.de *.energiewechsel.de *.deutschland-machts-effizient.de *.app.powerbi.com *.karriere.bafa.de *.atlas.geomer-maps.de *.twitter.com api.signalize.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src karriere.bafa.de atlas.geomer-maps.de app.powerbi.com *.energiewechsel.de *.deutschland-machts-effizient.de *.youtube-nocookie.com *.itzbund.de *.youtube.com *.twitter.com; img-src 'self' data: *.youtube.com *.youtube-nocookie.com *.itzbund.de *.openstreetmap.org *.twimg.com; connect-src 'self' *.itzbund.de; frame-ancestors 'self' *.kfw.de *.bafa.de *.energiewechsel.de; upgrade-insecure-requests; 1
frame-ancestors http://msdcxp.msp.int http://msdcxp.msp.de 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none';worker-src blob: 'self' 1
default-src 'none'; child-src 'self' *.kaltura.com *.surveygizmo.com cdn.calconic.com insuranceservicesofficeinc.demdex.net; connect-src 'self' data: *.albacross.com *.brightcove.com *.commoninja.com *.crazyegg.com *.facebook.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googlesyndication.com *.kaltura.com *.kampyle.com *.linkedin.com *.optimizely.com *.srv.stackadapt.com *.xactware.com app.calconic.com bcbolt446c5271-a.akamaihd.net cdn-app.continual.ly cdn.calconic.com cdn.cookielaw.org dc.services.visualstudio.com dl.episerver.net dpm.demdex.net geolocation.onetrust.com google.co.in http://ad.doubleclick.net https://adservice.google.com https://api.adblocking247.com https://api.aituria.com https://api.awesomeblocker.com https://app.continual.ly/ https://cdn.linkedin.oribi.io/partner/1669474/domain/verisk.com/token https://cdn.linkedin.oribi.io/partner/384036/domain/maplecroft.com/token https://s.yimg.com https://statistics-dot-calconic-app.appspot.com/api/stats/push https://wss-pr.continual.ly:6001 https://www.google.com.pr hubspot-forms-static-embed.s3.amazonaws.com manifest.prod.boltdns.net opreq.observepoint.com privacyportal.onetrust.com secure.adnxs.com verisk.d1.sc.omtrdc.net veriskisonetprod.112.2o7.net ws.hotjar.com; font-src 'self' data: *.cloudfront.net *.googleapis.com *.gstatic.com *.kaltura.com cdnjs.cloudflare.com dl.episerver.net vjs.zencdn.net; frame-src 'self' *.acast.com *.brightcove.net *.commoninja.com *.eloqua.com *.facebook.com *.g.doubleclick.net *.google.com *.gstatic.com *.kaltura.com *.kampyle.com *.maplecroft.com *.optimizely.com *.pardot.com *.readymag.com *.surveygizmo.com *.twitter.com *.youtube.com activitymap.adobe.com app.powerbi.com bloomberg.com capture.navattic.com cdn-app.continual.ly cdn.calconic.com datawrapper.dwcdn.net dl.episerver.net flo.uri.sh https://app.continual.ly/ insuranceservicesofficeinc.demdex.net lifedemo.shinyapps.io optimize.google.com player.vimeo.com public.tableau.com survey.alchemer.com td.doubleclick.net verisk.postclickmarketing.com www.buzzsprout.com www.google.com www.insurancejournal.tv www.youtube-nocookie.com; img-src 'self' data: *.air-worldwide.com *.albacross.com *.brightcove.com *.commoninja.com *.eloqua.com *.facebook.com *.g.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kaltura.com *.kampyle.com *.linkedin.com *.maplecroft.com *.optimizely.com *.srv.stackadapt.com *.twimg.com *.twitter.com *.verisk.com *.youtube.com 6016449.global.siteimproveanalytics.io api.mapbox.com assets.adobedtm.com cdn.cookielaw.org cf-images.us-east-1.prod.boltdns.net cm.everesttech.net dl.episerver.net dpm.demdex.net https://sp.analytics.yahoo.com i.ytimg.com jumbe.zaius.com maps.gstatic.com optimize.google.com p.adsymptotic.com public.tableau.com verisk.d1.sc.omtrdc.net veriskisonetprod.112.2o7.net w3.poweradvocate.com www.google.co.uk www.google.com www.greatplacetowork.com www.gstatic.com; media-src 'self' blob: *.air-worldwide.com *.gstatic.com *.kaltura.com *.srv.stackadapt.com bcbolt446c5271-a.akamaihd.net dl.episerver.net manifest.prod.boltdns.net; script-src-elem 'self' 'unsafe-inline' *.albacross.com *.cave9tape.com *.cloudfront.net *.cookielaw.org *.facebook.com *.facebook.net *.g.doubleclick.net *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kaltura.com *.kampyle.com *.licdn.com *.oktopost.com *.salesforceliveagent.com *.srv.stackadapt.com *.twitter.com *.xactware.com assets.adobedtm.com cdn-app.continual.ly cdn.calconic.com cdn.datatables.net cdnjs.cloudflare.com code.jquery.com dl.episerver.net https://okt.to https://s.yimg.com https://script.hotjar.com https://static.hotjar.com img.en25.com js.monitor.azure.com maxcdn.bootstrapcdn.com siteimproveanalytics.com static.oktopost.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ads-twitter.com *.albacross.com *.cave9tape.com *.cloudflare.com *.cloudfront.net *.commoninja.com *.cookielaw.org *.facebook.net *.fraudblocker.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.herbgreencolumn.com *.hsforms.com *.kaltura.com *.licdn.com *.linkedin.com *.maplecroft.com *.oktopost.com *.optimizely.com *.pardot.com *.readymag.com *.salesforceliveagent.com *.twimg.com *.twitter.com *.xactware.com *.youtube.com activitymap.adobe.com api-ssl.bitly.com az416426.vo.msecnd.net cdn-app.continual.ly cdn-assets-prod.s3.amazonaws.com cdn.calconic.com cdn.mouseflow.com cdnjs.cloudflare.com code.jquery.com dl.episerver.net geolocation.onetrust.com https://js.monitor.azure.com img.en25.com ionfiles.scribblecdn.ne js.hsforms.net js.monitor.azure.com maxcdn.bootstrapcdn.com optimize.google.com player.vimeo.com players.brightcove.net public.flourish.studio public.tableau.com s1065293013.t.eloqua.com script.crazyegg.com secure.leadforensics.com siteimproveanalytics.com unpkg.com vjs.zencdn.net www.buzzsprout.com www.googleadservices.com www.googleanalytics.com www.googleoptimize.com www.gstatic.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.srv.stackadapt.com cdn-app.continual.ly cdn.jsdelivr.net dl.episerver.net https://app.continual.ly/css/gekr8k83y6vw/custom.css; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.srv.stackadapt.com *.twimg.com *.twitter.com *.verisk.com cdn-app.continual.ly cdn.jsdelivr.net cdnjs.cloudflare.com dl.episerver.net optimize.google.com unpkg.com; script-src-attr 'unsafe-inline' *.srv.stackadapt.com *.xactware.com; report-to stott-security-endpoint;report-uri https://www.verisk.com/stott.security.optimizely/api/cspreporting/reporturiviolation/; 1
frame-ancestors 'self' https://www.thenation.com https://www.rfi.fr bo.francemm.com http://rec.bo.francemm.com https://rec.rfi.fr 1
default-src * 'unsafe-inline' data:; img-src     * 'unsafe-inline' 'unsafe-eval' data:;  script-src  'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.wpengine.com *.bootstrapcdn.com *.twitter.com *.jquery.com *.fontawesome.com *.google.com *.pinterest.com *.gstatic.com *.uploadlibrary.com *.thomascook.com *.hotjar.com *.imi.chat *.adyen.com *.spendology.io *.webtrends-optimize.com *.azurewebsites.net *.webtrends.com *.optimize.com *.doubleclick.net *.googlesyndication.com *.googletagservices.com *.google.co.uk *.google.com.ua *.direct.ingenico.com cc-cdn.com *.google.nl *.appsflyer.com *.freshchat.com *.btttag.com *.euc-freshbots.ai *.trustpilot.com *.cookielaw.org *.worldline-solutions.com https://embed.typeform.com/next/embed.js https://tgtag.io *.bing.com *.clarity.ms *.tiktok.com https://www.awin1.com *.reflow.tv;  style-src   'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.wpengine.com *.bootstrapcdn.com *.imi.chat *.adyen.com *.spendology.io *.thomascook.com *.google.com *.webtrends-optimize.com *.azurewebsites.net *.webtrends.com *.optimize.com *.freshchat.com *.euc-freshbots.ai *.typeform.com *.typekit.net;  font-src    'self' data: *.googleapis.com *.adyen.com *.gstatic.com *.wpengine.com *.imi.chat *.spendology.io *.thomascook.com https://script.hotjar.com *.bootstrapcdn.com *.typekit.net;  object-src  'self' *.adyen.com;  frame-src   'self' data: *.facebook.com https://platform.twitter.com *.google.com *.hotjar.com *.imi.chat *.adyen.com *.vimeo.com *.youtube.com *.doubleclick.net *.thomascook.io *.youtu.be *.googlesyndication.com https://www.covidchecker.com *.direct.ingenico.com *.modirum.com *.thomascook.com *.freshchat.com *.euc-freshbots.ai *.trustpilot.com *.cardinalcommerce.com *.braintreegateway.com *.braintree-api.com *.rsa3dsauth.co.uk *.arcot.com *.mycardsecure.com *.monzo.com *.capitalone.com *.touch.tech *.wibmo.com *.mncbank.co.id *.typeform.com *.revolut.com *.sparkassen-kreditkarten.de *.swedbank.se *.wlp-acs.com *.rabobank.nl *.tsys.co.uk *.marqeta.com *.viseca.ch *.apata.io *.redsys.es *.edb.com *.asseco-see.hr *.mashreq.com *.cm-cic.com *.monext.fr *.garanti.com.tr;  form-action * 'self' 'unsafe-inline' 'unsafe-eval' *.adyen.com *.thomascook.io *.thomascook.com; 1
default-src 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: about: ws: *; frame-src 'unsafe-inline' 'unsafe-eval' data: blob: *; base-uri 'unsafe-inline' about: data: *; form-action 'unsafe-inline' data: *; worker-src 'unsafe-inline' data: blob: *; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://scrumorg.disqus.com https://c.disquscdn.com https://disqus.com https://referrer.disqus.com https://connect.facebook.net https://apis.google.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.recaptcha.net/ https://www.gstatic.com/ https://www.gstatic.cn https://ssl.google-analytics.com https://static.zdassets.com https://cdn.evgnet.com https://cdn.evergage.com https://scrumdotorg.us-6.evergage.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.scrum.org https://unpkg.com https://widget.trustpilot.com; frame-ancestors 'self'; report-uri https://www.scrum.org/report-uri/enforce 1
img-src https:; frame-ancestors 'self' https://*.uni-augsburg.de; 1
default-src 'unsafe-inline' 'unsafe-eval' https: data: wss: 1
script-src 'report-sample' 'nonce-e0c36f8b3dcaa95481ee8124825dcc81-argus' 'strict-dynamic' 'self' 'unsafe-eval' *.ibytedtos.com *.bytegoofy.com *.byteintl.net *.bytescm.com *.bytedance.net *.byted.org *.toutiaostatic.com *.seriali18nstatic.com *.byteintlapi.com *.bytedapm.com *.bytetos.com *.ibytedapm.com *.zijieapi.com *.snssdk.com *.bytedance.com *.pstatp.com *.bytednsdoc.com *.byted-static.com *.yhgfb-cn-static.com; connect-src 'self' data: https://*.fizzo.org https://fizzo.org https://*.byteoversea.com https://*.tiktokv.com https://*.ibytedtos.com *.idouyinvod.com:* *.volcsiriusbd.com:* *.volcsirius.com:* *.tt.x.bsgslb.cn:* *.dy.zzcdnx.com:* *.qc.bsccdn.net:* *.smtcdns.com:* *.ugslb.com:* *.livehwc3.cn:* *.smtcdns.net:* *.bytefcdnrd.com:* *.ksyungslb.com:* *.ksyungslb2.com:* *.ourdvsss.com:* *.tbcache.com:* *.jomodns.com:* *.douyincdn.com:* *.ixigua.com:* *.bdxigualive.com:* *.pstatp.com:* *.douyinliving.com:* *.picovr.com:* *.huoshanlive.com:* *.ihuoshanlive.com:* *.volccdn.com:* *.bestv.com.cn:* *.bytefcdn.com:* *.douyinvod.com:* *.bytescm.com *.bytetos.com *.ibytedapm.com *.zijieapi.com *.snssdk.com *.bytedance.com *.bytedance.net *.pstatp.com *.bytednsdoc.com *.bytegoofy.com *.byted-static.com *.yhgfb-cn-static.com *.byted.org *.tiktok.com *.goofy.app *.googleapis.com *.google-analytics.com *.google.com https://www.google.co.id https://stats.g.doubleclick.net; report-to slardar-endpoint; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests ; 1
default-src 'self' *;  connect-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *;  script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *;  img-src 'self' blob: data: *;  frame-src 'self' blob: data: *;  object-src 'self' blob: data: *;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.addictinggames.com https://*.shockwave.com https://*.scorecardresearch.com https://*.recurly.com https://*.cdn.yollamedia.com https://*.yollamedia.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.googletagservices.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://local.addictinggames.com:3000 https://local.shockwave.com:3000;  style-src 'self' 'unsafe-inline' https://*.addictinggames.com https://*.shockwave.com https://*.scorecardresearch.com https://*.recurly.com https://*.cdn.yollamedia.com https://*.yollamedia.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.googletagservices.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://local.addictinggames.com:3000 https://local.shockwave.com:3000;  font-src 'self' https://*.addictinggames.com https://*.shockwave.com https://*.scorecardresearch.com https://*.recurly.com https://*.cdn.yollamedia.com https://*.yollamedia.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.googletagservices.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://local.addictinggames.com:3000 https://local.shockwave.com:3000;  base-uri 'self' https://*.addictinggames.com https://*.shockwave.com https://*.scorecardresearch.com https://*.recurly.com https://*.cdn.yollamedia.com https://*.yollamedia.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.googletagservices.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://local.addictinggames.com:3000 https://local.shockwave.com:3000;  form-action 'self' https://*.addictinggames.com https://*.shockwave.com https://*.scorecardresearch.com https://*.recurly.com https://*.cdn.yollamedia.com https://*.yollamedia.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.googletagservices.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://local.addictinggames.com:3000 https://local.shockwave.com:3000;  frame-ancestors 'none';  upgrade-insecure-requests; 1
default-src 'none'; script-src 'self' *.b0e8.com *.bc0a.com marvel-b2-cdn.bc0a.com www.google-analytics.com www.googletagmanager.com play.vidyard.com assets.vidyard.com unpkg.com *.newrelic.com snap.licdn.com static.ads-twitter.com analytics.twitter.com www.googleadservices.com script.hotjar.com static.hotjar.com 972-oec-621.mktoweb.com munchkin.marketo.net j.6sc.co bam.nr-data.net geolocation.onetrust.com *.google.com tpc.googlesyndication.com maps.googleapis.com www.gstatic.com js.hsforms.net *.hsforms.com *.pressganey.com *.cdntwrk.com www.googleoptimize.com connect.facebook.net js.hs-scripts.com js.usemessages.com js.hs-analytics.net js.hs-banner.com cdn.cookielaw.org *.wistia.com *.wistia.net src.litix.io fast.wistia.com *.googletagmanager.com info.pressganey.com js.hsleadflows.net cdn.linkedin.oribi.io *.hubspot.com analytics.google.com *.zi-scripts.com *.zoominfo.com js.hsadspixel.net subscriptions.smartrecruiters.com static.smartrecruiters.com www.smartrecruiters.com jobpal-sm.s3.amazonaws.com pressganey.com cdn.jsdelivr.net *.castos.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 972-oec-621.mktoweb.com fonts.googleapis.com legal.pressganey.com static.smartrecruiters.com *.hsforms.com *.wistia.com *.cdntwrk.com *.googletagmanager.com *.google.com *.hubspot.com jobpal-sm.s3.amazonaws.com pressganey.com *.castos.com 'unsafe-inline'; frame-ancestors 'self' library.forsta.com resources.rioseo.com pressganey.com; frame-src 'self' play.vidyard.com vars.hotjar.com 972-oec-621.mktoweb.com tpc.googlesyndication.com *.google.com pressganey.com www.googletagmanager.com survey.us.confirmit.com js.hsforms.net *.hsforms.com www.facebook.com app.livestorm.co *.hubspot.com pressganey-20208516.hs-sites.com jobpal-sm.s3.amazonaws.com pressganey.com *.castos.com; object-src 'none'; base-uri 'self'; form-action 'self' webto.salesforce.com *.hsforms.com www.facebook.com *.google.com *.hubspot.com jobpal-sm.s3.amazonaws.com pressganey.com; connect-src 'self' 'self' go.pressganey.com play.vidyard.com www.google-analytics.com cdn.cookielaw.org 972-oec-621.mktoresp.com 972-oec-621.mktoutil.com secure.adnxs.com stats.g.doubleclick.net bam.nr-data.net privacyportal.onetrust.com geolocation.onetrust.com www.google.com adservice.google.com *.googleapis.com *.googletagmanager.com *.googleapis.com maps.googleapis.com *.google.com *.6sc.co digitalfeedback.us.confirmit.com vc.hotjar.io *.hotjar.com wss://*.hotjar.com *.hsforms.com *.cdntwrk.com js.hs-banner.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://api.glitch.com www.facebook.com cdn.linkedin.oribi.io *.hubspot.com analytics.google.com *.zi-scripts.com ws.zoominfo.com api.hubapi.com 61d78a8eb35a9f00ecfd7ee9.config.smooch.io jobpal-sm.s3.amazonaws.com pressganey.com cdn.growthbook.io px.ads.linkedin.com *.castos.com; font-src 'self' data: fonts.gstatic.com *.cdntwrk.com *.hubspot.com jobpal-sm.s3.amazonaws.com pressganey.com ; media-src 'self' blob: data: *.wistia.com *.wistia.net embedwistia-a.akamaihd.net embed-fastly.wistia.com *.google.com *.hubspot.com jobpal-sm.s3.amazonaws.com pressganey.com *.castos.com; img-src https: data:; report-uri https://pressganey.report-uri.com/r/t/csp/enforce 1
frame-ancestors https://*.cspire.com:* 1
script-src 'nonce-61bb2626-0691-4523-8bcb-ea448ce3cab6' https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/ 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://*.media-amazon.com https://d2c.aws.amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://dvj5x88797nbe.cloudfront.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://*.amazon.com https://cognito-identity.us-east-1.amazonaws.com https://dataplane.rum.us-east-1.amazonaws.com https://prod.tools.shortbread.aws.dev https://prod.log.shortbread.aws.dev https://sts.us-east-1.amazonaws.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://*.amazonpay.com https://apac.account.amazon.com https://vs.aws.amazon.com/ https://d2c.aws.amazon.com/ https://na.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.de https://cdn.aws.training https://prod.us-east-1.search.avalon.aws.dev https://7m5y5tkfr5.execute-api.us-east-1.amazonaws.com https://ftj9wpwlq4.execute-api.us-east-1.amazonaws.com https://aws.amazon.com https://a0.awsstatic.com; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training https://dvj5x88797nbe.cloudfront.net; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de https://support.aws.training; frame-src 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; default-src 'self'; 1
frame-ancestors 'self' http://www.philips.co.uk *.philips.com *.philips.co.uk https://philipsigtdpv.com 1
default-src 'self' https: data: wss: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://sentry.stg.drchrono.dev/api/3/security/?sentry_key=214b3d414c5b49fda88012161318b1d1&sentry_environment=headers 1
frame-ancestors 'self' https://*.cn.ca; 1
default-src 'none';base-uri 'none';connect-src 'self' https://speedtest.kagi-0e7.workers.dev https://speedtest.kagi.workers.dev https://kagi.com https://*.kagi.com/ https://*.mapbox.com/ https://api.mapbox.com/ https://*.hereapi.com/ https://en.wikipedia.org/* https://*.apple-mapkit.com/ https://gsp10-ssl.ls.apple.com https://static.midomi.com https://*.googleapis.com https://*.gstatic.com https://tile.openstreetmap.org;font-src 'self' https://*.kagi.com/ https://kagi.com https://fonts.gstatic.com data:; form-action 'self' https:;frame-src 'self' https://*.kagi.com/ https://www.paypal.com/ ; frame-ancestors 'none';img-src 'self'  https://*.apple-mapkit.com/ https://*.kagi.com/ http://static.soundhound.com https://upload.wikimedia.org https://kagifeedback.org https://*.gstatic.com https://*.googleapis.com https://www.paypalobjects.com/ https://tile.openstreetmap.org data: blob:; media-src 'self' https://kagifeedback.org https://*.kagi.com/; style-src 'self' https://*.kagi.com/ https://static.midomi.com https://*.googleapis.com https://api.mapbox.com 'unsafe-inline' https://api.mapbox.com/; worker-src 'self' https://*.kagi.com/ blob:;child-src 'self' https://*.kagi.com/ blob:;object-src 'none';script-src 'strict-dynamic' 'nonce-cnXfxlFKYNu-QvhJzbO6Yw' 'unsafe-inline' https://*.kagi.com ; 1
default-src 'self' *.kuajingmaihuo.com *.cdnfe.com blob: data: 'unsafe-eval' 'unsafe-inline'; report-uri /api/sec-csp/110001254/enforce 1
default-src 'self' youtube.com *.youtube.com trustpilot.com *.trustpilot.com googleapis.com *.googleapis.com google.com *.google.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com *.bing.com *.doubleclick.net *.facebook.com *.fbcdn.net *.facebook.net *.paddle.com cdn.jsdelivr.net *.tawk.to *.gstatic.com;child-src 'self' youtube.com *.youtube.com trustpilot.com *.trustpilot.com googleapis.com *.googleapis.com google.com *.google.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com *.bing.com *.doubleclick.net *.facebook.com *.fbcdn.net *.facebook.net *.paddle.com cdn.jsdelivr.net *.tawk.to *.gstatic.com;connect-src https: *.tawk.to wss://*.tawk.to;script-src https: 'unsafe-inline' 'unsafe-eval' *.tawk.to cdn.jsdelivr.net;img-src https: data: *.tawk.to cdn.jsdelivr.net;style-src * 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net;font-src https: data: *.tawk.to fonts.gstatic.com;media-src https:;object-src https:;form-action *;frame-src *; 1
frame-ancestors 'self' https://*.punchout2go.com/ https://*.gep.com/ https://*.ariba.com/ https://*.hubwoo.com/ https://*.sciquest.com/ https://*.tradecentric.com/ 1
default-src 'self'; base-uri 'none'; child-src 'self' blob: app.netlify.com netlify-cdp-loader.netlify.app; connect-src 'self' *.lottiefiles.com *.myshopify.com *.onetrust.com graphql.datocms.com test.aws.fooropa.com stockist.co *.stockist.workers.dev *.cloudfunctions.net bat.bing.com *.ip-api.com *.mapbox.com *.breezy.hr *.clarity.ms www.facebook.com *.doubleclick.net www.googletagmanager.com www.google-analytics.com analytics.google.com *.googleapis.com analytics.tiktok.com *.yotoplay.com *.reviews.io *.lr-ingest.io *.logrocket.io *.logrocket.com *.lr-in-prod.com *.gorgias.chat *.gorgias.io wss://*.gorgias.chat api.gorgias.work *.sentry.io *.amplitude.com stream.mux.com *.analytics.google.com *.google-analytics.com *.maze.co rum.browser-intake-datadoghq.eu rum.browser-intake-datadoghq.com cdn.amplitude.com sdk.fra-02.braze.eu/ api.pennies.org.uk yoto-media-api-prod-smart-cable-photos.s3.eu-west-2.amazonaws.com ingesteer.services-prod.nsvcs.net *.visualwebsiteoptimizer.com app.vwo.com heapanalytics.com *.auryc.com widget.trustpilot.com; media-src 'self' cdn.yoto.io cdn.shopify.com listen.radioking.com www.datocms-assets.com s3.radio.co *.gorgias.chat stream.mux.com; font-src 'self' data: fonts.gstatic.com *.gorgias.chat *.gorgias.io *.maze.co heapanalytics.com *.auryc.com; form-action 'self' www.facebook.com yoto-media-api-prod-smart-cable-photos.s3.eu-west-2.amazonaws.com; frame-ancestors *.netlify.app; frame-src contact.gorgias.help player.vimeo.com *.breezy.hr *.netlify.app widget.trustpilot.com support.yotoplay.com *.yotoplay.com yoto-support.gorgias.help app.netlify.com netlify-cdp-loader.netlify.app *.maze.co www.facebook.com app.vwo.com *.visualwebsiteoptimizer.com logwork.com www.youtube.com; img-src 'self' blob: data: 'unsafe-inline' www.datocms-assets.com dummyimage.com source.unsplash.com images.unsplash.com cdn.shopify.com *.onetrust.com *.blob.core.windows.net ssl.gstatic.com bat.bing.com *.breezy.hr stockist.co *.mapbox.com *.googleapis.com maps.gstatic.com *.clarity.ms www.facebook.com *.doubleclick.net www.googletagmanager.com www.google-analytics.com analytics.google.com www.google.com www.google.co.uk *.quantcount.com *.quantserve.com *.gorgias.io picsum.photos *.picsum.photos *.maze.co *.gorgias.chat *.tvsquared.com *.demdex.net appboy-images.com braze-images.com cdn.braze.eu s3-eu-west-1.amazonaws.com/penniesfoundation/charities/000000-150.png s3-eu-west-1.amazonaws.com/penniesfoundation/charities/20000073-150.png *.visualwebsiteoptimizer.com chart.googleapis.com cdn.pushcrew.com app.vwo.com heapanalytics.com; manifest-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' bat.bing.com *.breezy.hr *.onetrust.com *.clarity.ms *.mountain.com www.facebook.com connect.facebook.net tagmanager.google.com widget.trustpilot.com www.googletagmanager.com www.google-analytics.com *.googleapis.com cdn.jsdelivr.net analytics.tiktok.com stockist.co *.stockist.co *.cloudflare.com www.googleoptimize.com *.yotoplay.com www.dwin1.com app.backinstock.org *.quantcount.com *.quantserve.com cdn.lr-in-prod.com cdn.lr-ingest.io cdn.logrocket.io *.gorgias.chat *.gorgias.io polyfill.io snippet.maze.co snap.licdn.com *.amplitude.com app.netlify.com netlify-cdp-loader.netlify.app netlify-rum.netlify.app *.maze.co www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu rum.browser-intake-datadoghq.com js.sentry-cdn.com browser.sentry-cdn.com *.tvsquared.com js.go2sdk.com js.appboycdn.com contact.gorgias.help/api/contact-forms/loader.js *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com heapanalytics.com cdn.heapanalytics.com cdn.logwork.com; style-src * 'self' data: 'unsafe-inline' www.datocms-assets.com tagmanager.google.com fonts.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com heapanalytics.com; worker-src 'self' blob:; report-uri https://o219359.ingest.sentry.io/api/4505918023008256/security/?sentry_key=2ac3cae6afd61d8a2d6e49621c07025f; report-to csp-endpoint; 1
default-src 'self'; script-src 'unsafe-inline' 'self' https://kit.fontawesome.com/771805b96d.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js; style-src  'unsafe-inline' 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://use.fontawesome.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://ka-p.fontawesome.com https://region1.google-analytics.com https://www.google-analytics.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src https://www.youtube.com 'self'; img-src 'self' https://www.google-analytics.com https://www.jisc.ac.uk; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
block-all-mixed-content; font-src https://backdrop.atgtickets.com data: 'self'; frame-ancestors 'none'; manifest-src 'none'; media-src 'none'; object-src 'none'; worker-src 'none' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://fosstodon.org; img-src 'self' https: data: blob: https://fosstodon.org; style-src 'self' https://fosstodon.org 'nonce-Hip5allPd6Qc8mtBen6WNg=='; media-src 'self' https: data: https://fosstodon.org; frame-src 'self' https:; manifest-src 'self' https://fosstodon.org; form-action 'self'; child-src 'self' blob: https://fosstodon.org; worker-src 'self' blob: https://fosstodon.org; connect-src 'self' data: blob: https://fosstodon.org https://cdn.fosstodon.org wss://fosstodon.org; script-src 'self' https://fosstodon.org 'wasm-unsafe-eval' 1
frame-ancestors 'self' www1.tu-ilmenau.de;  frame-src 'self' *.tu-ilmenau.de *.vimeo.com *.vimeocdn.com thunibib-ilmenau.gbv.de service1.bibliothek.tu-ilmenau.de:8383 *.openstreetmap.org thefi1.tu-ilmenau.de:3000; 1
default-src * data: blob:; script-src sc.lfeeder.com vidassets.terminus.services forms.hsforms.com js.hsforms.net cdn.popt.in static1.twitcount.com js.hs-banner.com js.hs-analytics.net  js.hsadspixel.net platform.twitter.com js.hs-scripts.com www.googletagmanager.com googleads.g.doubleclick.net a.quora.com platform.linkedin.com s7.addthis.com  px.ads.linkedin.com snap.licdn.com d3e54v103j8qbb.cloudfront.net d1tdp7z6w94jbb.cloudfront.net static.hsappstatic.net ajax.googleapis.com code.jquery.com use.typekit.net www.googleadservices.com www.fullstory.com testfairy.com *.testfairy.com *.intercom.io *.intercomcdn.com *.facebook.net tracking.leadlander.com b.sf-syn.com *.google-analytics.com *.google.com *.googleapis 'unsafe-inline'; style-src data: blob: 'unsafe-inline' *; 1
default-src 'self' gso.amocrm.com gso.kommo.com; script-src 'self' 'strict-dynamic' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://assets.calendly.com https://platform.twitter.com piper.amocrm.com gso.amocrm.com piper.kommo.com gso.kommo.com https://my.hellobar.com https://www.google-analytics.com https://www.youtube.com 'sha256-qZJmHHAaUu28WoFKc0FVNpA5ikXzX0NBeqIpY0bQXIA=' 'sha256-V7US+zMwAMOPr/YqM4zVsHsKGl3xUiVIwhFUvnv87QE=' 'sha256-J8lzg3ubs2SO6PW9MmHWe1UzbBMwuiLWxN/otQCygyY=' 'sha256-eH5kMeUdc48DzHbZtubwbQ1dUOxSsKEw4nqHROB4O+g=' 'sha256-disSjv6Cqh2qc1///UXyReEByhnnMEGIa7VnqInfjls=' 'sha256-sejyC18/DnWxENEG0wtqHl60q8kck4ZIDJVPYZoFY2Y=' 'sha256-yHwihVYvV0uJwcx2/8gO6wxKSQKbIKgPrOhvJErN3Zs=' 'sha256-DpOoqibK/BsYhobWHnU38Pyzt5SjDZuR/mFsAiVN7kk=' https://ajax.googleapis.com https://www.facebook.com https://connect.facebook.net https://graph.facebook.com vk.com https://login.vk.com top-fwz1.mail.ru https://mc.yandex.ru https://yastatic.net 'nonce-e9af510aa1a2'; style-src 'self' https://fonts.googleapis.com 'strict-dynamic' 'unsafe-inline' https://unpkg.com https://assets.calendly.com https://cdn.jsdelivr.net q4s5p2q6.stackpathcdn.com pcfcdn.kommo.com gso.amocrm.com gso.kommo.com connect.facebook.net; form-action 'self' https://www.facebook.com; frame-ancestors 'self' https://*.kommo.com chrome-extension://cfaicdlgblgdchnpdilihjmfnogpjakl chrome-extension://eaeaddaoioikiaokcmjfeghddidmmfhc; worker-src blob:; object-src 'none'; font-src 'self' data: q4s5p2q6.stackpathcdn.com pcfcdn.kommo.com https://fonts.gstatic.com; img-src 'self' data: blob: https://*.kommo.com https://*.amocrm.com https://seal.godaddy.com https://px.ads.linkedin.com https://partnersus.s3.amazonaws.com https://partnersus-test.s3.eu-west-1.amazonaws.com https://amocrm.com https://kommo.com https://giphy.com https://*.giphy.com https://pbs.twimg.com https://i.ytimg.com https://www.statista.com https://syndication.twitter.com https://bat.bing.com q4s5p2q6.stackpathcdn.com pcfcdn.kommo.com https://i.postimg.cc https://widgets.amocrm.com https://widgets.kommo.com piper.amocrm.com gso.amocrm.com piper.kommo.com gso.kommo.com https://www.google-analytics.com https://google-analytics.com https://analytics.google.com https://www.google.com https://www.google.ru https://www.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://vk.com https://mc.yandex.ru https://yastatic.net https://mc.yandex.md; media-src 'self' q4s5p2q6.stackpathcdn.com pcfcdn.kommo.com; frame-src 'self' www.facebook.com socialplugin.facebook.net www.googletagmanager.com forms.amocrm.com forms.kommo.com calendly.com platform.twitter.com d562488024744908ac9e9fa9d3112067.pages.ubembed.com giphy.com td.doubleclick.net piper.amocrm.com gso.amocrm.com piper.kommo.com gso.kommo.com button.kommo.com button.amocrm.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com https://www.facebook.com https://vk.com https://mc.yandex.ru; connect-src 'self' https://*.kommo.com https://cdn.linkedin.oribi.io https://connect.ok.ru https://appbroker.amostage.com https://appbroker.amocrm.com https://pagead2.googlesyndication.com gso.amocrm.com gso.kommo.com lc-en.amocrm.com lc-en.kommo.com https://pro.ip-api.com https://www.google-analytics.com https://google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.facebook.com https://graph.facebook.com https://vk.com https://login.vk.com https://top-fwz1.mail.ru https://mc.yandex.ru https://mc.yandex.md; base-uri 'self'; 1
default-src 'self' www.googletagmanager.com discover-euc1.sitecorecloud.io *.userconsent.org *.userway.org https://apis.government.ae *.readspeaker.com *.ytimg.com *.tra.gov.ae cdn.appdynamics.com i.ibb.co www.facebook.com cdnapisec.kaltura.com *.tdra.gov.ae *.doubleclick.net *.yahooapis.com www.google-analytics.com *.gstatic.com *.google.com *.googleapis.com www.google-analytics.com www.youtube.com 'unsafe-inline' 'unsafe-eval' data: ; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self'; 1
default-src * 'self' data: 'unsafe-inline' ifaqs.flexanswer.com m1.dimelochat.com  onelogin.m1.com.sg www.m1.com.sg www.gstatic.com www.google.com *.m1net.com.sg youtube.com maps.googleapis.com cloud.typography.com www.google-analytics.com *.survey.alchemer.com *.survey.alchemer.eu *.criteo.com *.criteo.net *.appier.net *.queue-it.net *.bf.dynatrace.com console-flex-api.ap.sabio.cloud console.ap.sabio.cloud *.apimsit.m1.com.sg *.apimuat.m1.com.sg *.m1.com.sg *.b2clogin.com *.loginsit3.m1.com.sg *.loginuat.m1.com.sg *.loginsit2.m1.com.sg *.apim.m1.com.sg *.loginpt.m1.com.sg *.login.m1.com.sg; img-src *.m1.com.sg ifaqs.flexanswer.com *.s3.amazonaws.com console-flex-api.ap.sabio.cloud console.ap.sabio.cloud 'self' blob: data: https:; style-src 'self' 'unsafe-inline' ifaqs.flexanswer.com www.google-analytics.com cloud.typography.com www.m1.com.sg console-flex-api.ap.sabio.cloud console.ap.sabio.cloud; font-src 'self' data: 'unsafe-inline' ifaqs.flexanswer.com *.amazonaws.com console-flex-api.ap.sabio.cloud console.ap.sabio.cloud; object-src 'self' 'none' 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; font-src https: data: https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; script-src data: https: 'unsafe-inline' 'unsafe-eval' http://tableau-internal https://viz.aihw.gov.au; img-src blob: data: https: 'unsafe-inline' 'unsafe-eval' 1
default-src 'none';base-uri 'self';connect-src 'self';form-action 'self';manifest-src 'self' data:;font-src 'self';child-src https://www.youtube-nocookie.com;frame-src https://www.youtube-nocookie.com https://*.screen9.com;frame-ancestors 'self';worker-src 'self';img-src 'self' data: https://i.ytimg.com/vi/;object-src 'none';script-src 'self' 'sha256-v7nzrjvPdsyHF2LFWiAcj7/YRFQq5XyZuhATblCzFko=';style-src 'self' 'sha256-C7vpsE1KLI7RuUgCprJTQZin6dWK+ccynbOx+OqjVow=' 'sha256-tbWZ4NP1341cpcrZVDn7B3o9bt/muXgduILAnC0Zbaw='; 1
default-src 'self' *.posti.fi *.googlesyndication.com; style-src 'unsafe-inline' 'self' *.posti.fi optimize.google.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com *.force.com posti.my.salesforce-sites.com posti.my.site.com *.salesforce.com *.euc-freshbots.ai; font-src 'self' data: *.posti.fi *.hotjar.com *.force.com posti.my.salesforce-sites.com posti.my.site.com *.sfdcstatic.com tagmanager.google.com fonts.googleapis.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.posti.fi cdn.ampproject.org *.doubleclick.net https://www.googleoptimize.com/ adservice.google.fi adservice.google.com optimize.google.com *.usemessages.com *.adform.net *.leadoo.com analytics.tiktok.com forms.hsforms.com *.hsforms.net *.hubspot.com *.hscollectedforms.net *.hs-banner.com js-agent.newrelic.com bam.eu01.nr-data.net *.hs-scripts.com *.hsleadflows.net *.hs-analytics.net sb.scorecardresearch.com connect.facebook.net www.googletagservices.com *.typeform.com *.krxd.net *.force.com posti.my.salesforce-sites.com posti.my.site.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com *.hotjar.com maps.googleapis.com locationservice.posti.com/location *.my.salesforce.com *.salesforceliveagent.com *.declaration.postinext.fi *.lfeeder.com *.euc-freshbots.ai *.declaration.posticloud.fi *.pusher.com *.cookielaw.org *.onetrust.com *.postinext.fi ajax.googleapis.com *.googlesyndication.com www.googleadservices.com cdnjs.cloudflare.com www.google.com *.licdn.com code.jquery.com *.hsadspixel.net api.hubapi.com www.gstatic.com https://videobot.com; frame-src optimize.google.com https://videobot.com *.videobot.com *.adform.net *.typeform.com *.krxd.net *.hs-sites-eu1.com app.hubspot.com www.googletagmanager.com www.googletagservices.com forms.hsforms.com *.googlesyndication.com *.hotjar.com *.posti.fi www.facebook.com www.youtube.com *.force.com posti.my.salesforce-sites.com posti.my.site.com *.salesforce.com *.onetrust.mgr.consensu.org *.leadoo.com client.myzef.com www.google.com postidigital.github.io jakelu.posti.fi *.doubleclick.net; child-src 'self' *.hotjar.com https://videobot.com; img-src 'self' blob: data: *.posti.fi *.adform.net optimize.google.com *.gstatic.com *.googlesyndication.com *.hsforms.net *.hsforms.com *.krxd.net *.force.com posti.my.salesforce-sites.com posti.my.site.com www.facebook.com www.googletagmanager.com sb.scorecardresearch.com *.hubspot.net *.hubspot.com maps.googleapis.com ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.fi www.google.com www.netposti.fi *.doubleclick.net *.hotjar.com *.ctfassets.net maps.gstatic.com *.lfeeder.com *.freshbots.ai *.euc-freshbots.ai *.cookielaw.org *.onetrust.com code.jquery.com *.postinext.fi *.linkedin.com dmp.adform.net www.googleadservices.com *.adsymptotic.com cdn.posti.fi analytics.tiktok.com https://customer-rcv5hn1o7pwty4ce.cloudflarestream.com; connect-src 'self' *.posti.fi adservice.google.fi adservice.google.com optimize.google.com maps.googleapis.com *.cloudflarestream.com *.videobot.com bam.eu01.nr-data.net *.salesforceliveagent.com vc.hotjar.io api.posti.com *.api.posti.com *.api.posti.fi *.hscollectedforms.net *.hubspot.com *.hsforms.com *.hubapi.com vbvavibkgkermrl.form.io *.google-analytics.com www.google-analytics.com *.doubleclick.net *.force.com posti.my.salesforce-sites.com posti.my.site.com locationservice.posti.com *.leadoo.com analytics.tiktok.com *.hotjar.io *.hotjar.com wss://*.hotjar.com picc.posti.fi:* picc8.posti.fi:* *.form.io www.facebook.com *.declaration.postinext.fi *.declaration.posticloud.fi *.euc-freshbots.ai *.pusher.com wss://*.pusher.com prd.graphql.posticloud.fi/graphql *.cookielaw.org *.onetrust.com *.postinext.fi *.googlesyndication.com *.execute-api.eu-west-1.amazonaws.com www.google.com forms.hsforms.com https://customer-rcv5hn1o7pwty4ce.cloudflarestream.com; media-src 'self' blob: *.ctfassets.net https://customer-rcv5hn1o7pwty4ce.cloudflarestream.com; frame-ancestors 'self' apps.itella.com salesfra.me *.posti.fi *.posticloud.fi itella.ee; object-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.uni-greifswald.de; frame-ancestors *.uni-greifswald.de; frame-src https: 1
frame-ancestors http://dev.beta.cnyes.cool http://b2b.cnyes.com https://b2b.cnyes.com http://campaign.cnyes.com https://campaign.cnyes.com http://localhost:* https://docker.cnyes.cool https://uat02.etnet.com.hk https://content.etnet.com.hk https://www.cnyes.com https://www.beta.cnyes.cool https://www.stage.cnyes.cool https://dev.beta.cnyes.cool https://news.cnyes.com https://news.stage.cnyes.cool https://news.beta.cnyes.cool https://m.cnyes.com https://m.stage.cnyes.cool https://m.beta.cnyes.cool https://anuenews.cnyes.com https://news2.beta.cnyes.cool https://news2.stage.cnyes.cool https://forex2.beta.cnyes.cool https://forex2.stage.cnyes.cool https://anueforex.cnyes.com 1
base-uri 'self'; default-src 'self' 'nonce-c0bb0d2a10aedcc46af4f9773ac70764' https://cdn.shopify.com https://shopify.com; frame-ancestors 'self' app.contentful.com none; style-src privacyportalde-cdn.onetrust.com *.googletagmanager.com privacyportalde-cdn.onetrust.com mondelez.review.eprize.com hello.myfonts.net p.typekit.net mondelez-modals.merkleinc.com static-tracking.klaviyo.com http://c.lytics.io static.klaviyo.com use.typekit.net *.doogma.com googletagmanager.com tagmanager.google.com fonts.googleapis.com s3-us-west-2.amazonaws.com *.click2cart.com click2cart.co *.click2cart.co maxcdn.bootstrapcdn.com 'self' 'unsafe-inline' https://cdn.shopify.com; connect-src 'self' googleads.g.doubleclick.net www.google.com www.mczbf.com wss://tolerant-kiwi-magical.ngrok-free.app:* privacyportalde-cdn.onetrust.com wss://ws-mt1.pusher.com screenshots.bugherd.com/health sockjs.pusher.com *.bugherd.com sidebar.bugherd.com/binoculars tagging.oreo.com sessions.bugsnag.com *.bugsnag.com stats.g.doubleclick.net analytics.google.com nprd-gtm-d2c-1-server.mdlzapps.cloud privacyportal-de.onetrust.com cdn.acsbapp.com o19233.ingest.sentry.io analytics.tiktok.com analytics.pangle-ads.com *.klavyio.com api-js.datadome.co a.klaviyo.com static-forms.klaviyo.com fast.a.klaviyo.com geolocation.onetrust.com cdn.cookielaw.org *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.shopify.com *.myshopify.com *.doogma.com monorail-edge.shopifysvc.com s3-us-west-2.amazonaws.com *.click2cart.com click2cart.co *.click2cart.co *.convertexperiments.com shop.oreo.com 'self' https://monorail-edge.shopifysvc.com; form-action 'self'; object-src 'none'; img-src 'self' data: cdnjs.cloudflare.com idsync.rlcdn.com www.mczbf.com tagging.oreo.com d.agkn.com stats.g.doubleclick.net analytics.google.com d2iiunr5ws5ch1.cloudfront.net d3k81ch9hvuctc.cloudfront.net c.lytics.io fonts.gstatic.com cm.g.doubleclick.net t.co ad.doubleclick.net analytics.twitter.com cdn.cookielaw.org *.google-analytics.com googletagmanager.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com blob: images.ctfassets.net videos.ctfassets.net cdn.shopify.com *.doogma.com screendoogmacom.s3.amazonaws.com images-tastehub.mdlzapps.cloud *.google-analytics.com click2cart.com *.bugherd.com; media-src 'self' data: images.ctfassets.net videos.ctfassets.net cdn.shopify.com images-tastehub.mdlzapps.cloud; script-src 'self' 'strict-dynamic' privacyportalde-cdn.onetrust.com cdn.acsbapp.com pnzzmlvk.micpn.com acsbapp.com c.lytics.io analytics.tiktok.com acsbap.com cdn.cookielaw.org static.ads-twitter.com static.klaviyo.com static-tracking.klaviyo.com *.googletagmanager.com tagmanager.google.com blob: *.shopify.com 'unsafe-eval' *.doogma.com s3-us-west-2.amazonaws.com *.click2cart.com 'unsafe-hashes' 'sha256-ldNO9pII0S0qZFNvWIu8QaeieCEU4Ebs/hKQcJiaav8=' 'sha256-JivjteQzOFNs0SxkyyivpTbXybbi3B4N57K3Pyny9og=' 'sha256-qVWbMXMqZjy+Le+NWOs0nMIk3zAS/IW8ZPIw850ZmuQ=' 'sha256-xWyeACf7ZOesFE8wK3sQrZWPcsC9gw1qe/uS2V0ERco=' 'sha256-7hiC1d6xCwoyVQpxYWf7gXI7sOo2WRNYvRY3v/RiCL4=' 'sha256-FktX8P26Qa8BEDjKcUTaYi31wGF8gz/5JH+aYBhxiYk=' 'nonce-c0bb0d2a10aedcc46af4f9773ac70764'; font-src 'self' oreo.com privacyportalde-cdn.onetrust.com eprize-content.s3.amazonaws.com static.klaviyo.com data: hello.myfonts.net/count/39ff8f www.oreo.com use.typekit.net fonts.gstatic.com data: *.shopify.com *.doogma.com maxcdn.bootstrapcdn.com; frame-src 'self' c.lytics.io *.google.com td.doubleclick.net *.fls.doubleclick.net www.youtube.com www.youtube-nocookie.com *.bugherd.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://platform.twitter.com https://connect.facebook.net https://public.tableau.com/ https://www.googletagmanager.com https://www.gstatic.com https://*.google.com/ https://*.udea.edu.co/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.lpages.co/ https://*.doubleclick.net https://api.myjson.com https://translate.googleapis.com https://static.ads-twitter.com https://analytics.twitter.com https://cdn.syndication.twimg.com https://*.zopim.com https://cdn.jsdelivr.net https://*.hotjar.com https://localhost:* wss://localhost:* https://js.center.io https://cdn.mxpnl.com https://*.google-analytics.com https://*.optimizely.com https://*.bootstrapcdn.com https://*.jquery.com https://*.sharethis.com https://*.haikudeck.com https://*.newrelic.com https://connect.facebook.net https://www.googleadservices.com https://assets.pinterest.com https://*.nr-data.net https://checkout.stripe.com https://js.stripe.com/v2/ https://platform.twitter.com  https://*.surveymonkey.com https://*.googleapis.com https://static.accountdock.com https://*.accountdock.com https://*.cloudfront.net https://*.intercom.io https://*.intercomcdn.com https://tagmanager.google.com https://www.googletagmanager.com https://*.ytimg.com https://cdnjs.cloudflare.com https://*.google.com; object-src 'self'; img-src * data:; frame-src 'self'  https://*.hotjar.com https://*.doubleclick.net https://syndication.twitter.com https://js.center.io https://*.google.com https://twitter.com https://facebook.com https://linkedin.com https://www.haikudeck.com https://*.vimeo.com https://*.parse.com https://*.sharethis.com https://*.filepicker.io https://googleads.g.doubleclick.net https://checkout.stripe.com https://js.stripe.com/v2/ https://twitter.com https://facebook.com https://linkedin.com https://platform.twitter.com https://*.facebook.com https://*.surveymonkey.com https://*.amazonaws.com https://static.accountdock.com https://*.accountdock.com https://accountdock.com https://www.googletagmanager.com https://*.youtube.com  https://surveymonkey.com https://*.cloudfront.net; font-src 'self' data: https://api.myjson.com https://static.accountdock.com https://*.accountdock.com https://*; connect-src 'self' https://l.sharethis.com https://api.leadpages.io https://api.myjson.com https://translate.googleapis.com wss://*.hotjar.com https://*.hotjar.com wss://*.zopim.com https://*.zopim.com https://localhost:* wss://localhost:* https://*.haikudeck.com:* https://*.mixpanel.com https://*.optimizely.com https://*.nr-data.net wss://*.haikudeck.com:* https://*.profitwell.com wss://*.intercom.io https://*.intercom.io http://*.haikudeck.com https://*.stripe.com https://*.cloudfront.net; style-src 'self' 'unsafe-inline' https://translate.googleapis.com https://platform.twitter.com https://static.accountdock.com https://*.accountdock.com https://*.cloudflare.com https://fonts.googleapis.com https://*.bootstrapcdn.com https://*.sharethis.com https://checkout.stripe.com https://js.stripe.com/v2/ https://*.google.com https://*.cloudfront.net; 1
frame-ancestors https://go.wepay.com/ 1
frame-ancestors 'self' https://*.wynnlasvegas.com 1
default-src 'self'; img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://bam.nr-data.net https://doypq9et62aku.cloudfront.net/ https://v4-web-static.s3.amazonaws.com https://home-static.tigertext.com https://sdk.tigertext.me https://cdn.mxpnl.com https://js-agent.newrelic.com data:; style-src 'self' 'unsafe-inline' https://v4-web-static.s3.amazonaws.com https://home-static.tigertext.com data:; font-src 'self' https://fonts.gstatic.com/ https://cdnjs.cloudflare.com https://v4-web-static.s3.amazonaws.com https://home-static.tigertext.com data:; ; frame-src 'self' https://*.tigertext.me https://*.tigertext.xyz https://*.tigertext.com tigertext://* data:; connect-src 'self' https://*.tigertext.me https://*.tigertext.xyz https://*.tigertext.com https://api.mixpanel.com/ https://bam.nr-data.net/ data:; 1
default-src 'self' data: 'unsafe-inline' fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' api-maps.yandex.ru yastatic.net core-renderer-tiles.maps.yandex.net bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org; img-src 'self' api-maps.yandex.ru core-renderer-tiles.maps.yandex.net data: blob: vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org; frame-src 'self' youtube.com www.youtube.com oauth.telegram.org fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org; font-src 'self' fonts.googleapis.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.advantshop.net *.advantshop.by *.advantshop.com *.advantshop.kz *.advstatic.ru  *.advant.shop www.google-analytics.com ssl.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net apis.google.com vk.com www.facebook.com connect.facebook.net platform.twitter.com cdn.syndication.twimg.com counter.rambler.ru cdn.jsdelivr.net ymetrica.com mc.yandex.ru yastatic.net api-maps.yandex.ru top-fwz1.mail.ru counter.yadro.ru top-abd.mail.ru *.jivosite.com *.chat2desk.com static.woopra.com www.woopra.com dadata.ru advantshop.disqus.com www.googletagmanager.com tagmanager.google.com ajax.googleapis.com advantschool.ru data:; 1
child-src blob: 'self';connect-src 'self' https://*.yimg.com https://*.yahoo.com https://s.yimg.com/nq/ads/mb/native/* https://service.cmp.oath.com https://www.yahoo.com/p.gif https://smetrics.att.com/id https://dpm.demdex.net/id https://video-api.yql.yahoo.com/ https://edgecast-vod.yahoo.net/ https://*.vpg.cdn.yimg.com/ https://media.zenfs.com/ https://assets.video.yahoo.net/ https://ads.adaptv.advertising.com/ https://video.adaptv.advertising.com/ https://consent.yahoo.com/ https://ganon.yahoo.com/ https://geo.yahoo.com/ https://guce.yahoo.com/ https://api.taboola.com/1.2/json/taboola-usersync/user.sync https://gpt.mail.yahoo.net/ https://alpha-gpt.mail.yahoo.net/ https://alpha-gam.mail.yahoosandbox.net/ https://canary-gam.mail.yahoosandbox.net/ https://gam.mail.yahoosandbox.net/;default-src 'self';font-src https: data:;frame-src https://*.yahoo.com https://*.yimg.com https://*.ymail.com https://secure.bannerfarm.ace.advertising.com https://cmp.advertising.com https://assets.video.yahoo.net/ https://opus.analytics.yahoo.com https://tsdtocl.com/ https://consent.yahoo.com/ https://guce.yahoo.com/ https://pfs.yahoo.com https://gpt.mail.yahoo.net/sandbox https://alpha-gpt.mail.yahoo.net/sandbox https://alpha-gam.mail.yahoosandbox.net/sandbox https://canary-gam.mail.yahoosandbox.net/sandbox https://gam.mail.yahoosandbox.net/sandbox https://norrin.tbl.mail.yahoosandbox.net https://alpha-tbl.mail.yahoosandbox.net https://tbl.mail.yahoosandbox.net;img-src data: blob: http: https: https://ganon.yahoo.com/ https://geo.yahoo.com/;media-src blob: https://*.yahoo.com https://*.yimg.com;report-uri https://csp.yahoo.com/beacon/csp?src=mail-norrin;script-src 'self' https://s.yimg.com/nq/nr/ https://s.yimg.com/os/yaft/ https://s.yimg.com/ss/ https://s.yimg.com/aaq/yc/ https://s.yimg.com/ds/scripts/ https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://s.yimg.com/aaq/vzm/ https://s.yimg.com/cx/pv/ https://s.yimg.com/nq/polyfills/ https://yep.video.yahoo.com/ https://s.yimg.com/rx/ https://assets.video.yahoo.net/ https://jsapi.login.yahoo.com/w/ https://s.aolcdn.com/membership/omp-static/omp-widgets/ https://qa.checkout.yahoo.com/widget/ https://checkout.yahoo.com/widget/ https://s.yimg.com/cv/apiv2/partner-portals/att/adobe_analytics/ https://consent.cmp.oath.com/ https://opus.analytics.yahoo.com/ https://s.yimg.com/oa/ https://s.yimg.com/uc/sf/ https://s.yimg.com/cx/acookie/ 'sha256-lRMQ2lQozgbWLOqNJOrnclJXX6G77pQVIlF8SAI3++I=' 'sha256-xx5VFh71P/poOsh6S7wo5Hz/h6kNWHqOpIqJR04djx4=' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://s.yimg.com/oa/ 'nonce-TJXz/vbBlVfT8ziTM+sU/m4LWQchp/Z7pK6jM20YUhCiiVnZ' ;style-src 'self' https://s.yimg.com/nq/nr/ https://assets.video.yahoo.net/ 'unsafe-inline';worker-src 'self' blob:;manifest-src https://s.yimg.com/nq/nr/json/ 1
img-src 'self' data: https://t.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.google-analytics.com https://www.3blmedia.com https://www.linkedin.com https://maps.gstatic.com https://maps.googleapis.com https://analytics.twitter.com https://dashboard.umbraco.org https://cdn5.dcbstatic.com 1
frame-ancestors 'self' esbroadcom.lookbookhq.com mfbroadcom.lookbookhq.com; script-src 'self' data: blob: https://script.crazyegg.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://ajax.googleapis.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://searchunify.com https://searchunify.broadcom.com https://tag.demandbase.com/9a4d64cf696797e4.min.js https://tag.demandbase.com *.adroll.com *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com *.brightcove.com *.brightcove.net https://images.sw.broadcom.com 'nonce-ZTdlYjEwYWFlMA/Y2YxZjU5YTJjYzBjNjU='; object-src 'self'; 1
script-src 'unsafe-inline' 'unsafe-eval' * ; 1
default-src 'self' *.adobe.io *.omtrdc.net www.facebook.com www.google-analytics.com; frame-src 'self' https://tools.eurolandir.com/ https://gamma.euroland.com/ https://www.youtube.com/ https://wavedw.santandergroup.net/ https://td.doubleclick.net/ https://documentservices.adobe.com https://open.spotify.com https://www.tiktok.com/ https://tr.snapchat.com *.google.com *.fls.doubleclick.net https://documentcloud.adobe.com https://irs.tools.investis.com https://lpcdn.lpsnmedia.net https://platform.twitter.com https://www.facebook.com https://www.linkedin.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://www.instagram.com/ https://player.cnbc.com https://www.bloomberg.com https://waveplayer01.santandergroup.net https://syndication.twitter.com/ ; media-src 'self' https://waveplayer01.santandergroup.net https://www.santander.com;  img-src 'self' https://adservice.google.com https://*.inspiringbenefits.com https://*.linkedin.com https://abs.twimg.com https://analytics.twitter.com https://bat.bing.com https://dev.day.com https://googleads.g.doubleclick.net https://i.ytimg.com https://pbs.twimg.com https://platform.twitter.com https://px.ads.linkedin.com https://syndication.twitter.com https://t.co https://ton.twimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.es  *.omtrdc.net data: w3.org/svg/2000 https://*.clarity.ms https://dummyimage.com https://www.santander.com https://*.bing.com; script-src 'self' https://qvdt3feo.com/ https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_lib_v1.0.12.js https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_v1.0.12.js https://www.tiktok.com/embed.js https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web/tiktok/falcon/embed/embed_v1.0.11.js https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web/tiktok/falcon/embed/embed_lib_v1.0.11.js track.adform.net 'unsafe-inline' 'unsafe-eval' https://tr.snapchat.com cdn-dev.wdesk.org cdn-prod.wdesk.com sc-static.net platform.instagram.com documentservices.adobe.com www.googletagmanager.com maps.googleapis.com gruposantand-stage.adobemsbasic.com gruposantand-prod.adobemsbasic.com geolocation.onetrust.com cdn.cookielaw.org tbcdn.talentbrew.com player.vimeo.com www.youtube.com www.google.com www.gstatic.com lptag.liveperson.net accdn.lpsnmedia.net lo.v.liveperson.net lpcdn.lpsnmedia.net fonts.gstatic.com www.google-analytics.com player.vimeo.com s.ytimg.com www.youtube.com irs.tools.investis.com tags.tiqcdn.com www.adobe.io tag.oniad.com  sstats.adobe.com documentcloud.adobe.com p13n.adobe.io viewlicense.adobe.io use.typekit.net santander.com www.santander.com gruposantand-prod.adobemsbasic.com static-exp1.licdn.com bat.bing.com stackadapt.com srv.stackadapt.com tags.srv.stackadapt.com syndication.twitter.com cdn.syndication.twimg.com licdn.com www.linkedin.com www.omtrdc.net www.instagram.com platform.twitter.com tbcdn.talentbrew.com maps.googleapis.com player.vimeo.com www.google.com www.google.es www.google-analytics.com www.gstatic.com www.google.com www.gstatic.com lptag.liveperson.net accdn.lpsnmedia.net lo.v.liveperson.net lpcdn.lpsnmedia.net www.youtube.com player.vimeo.com s.ytimg.com www.youtube.com irs.tools.investis.com tags.tiqcdn.com r3---sn-h5q7dne6.googlevideo.com ikuna.s3.amazonaws.com assets.adobedtm.com www.googletagmanager.com static.ads-twitter.com snap.licdn.com connect.facebook.net analytics.twitter.com https://www.googleadservices.com googleads.g.doubleclick.net https://accdn.lpsnmedia.net/api/account/52492817/configuration/setting/accountproperties/ https://assets.adobedtm.com/fdfbb5376673/978974bd73e8/launch-a4fb25bd3770.min.js sc-static.net/scevent.min.js https://bat.bing.com/bat.js https://cdn.syndication.twimg.com/timeline/profile https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10781141842/ https://lpcdn.lpsnmedia.net/le_unified_window/10.17.0.8-release_5442/ui-framework.js https://lptag.liveperson.net/tag/tag.js https://platform.twitter.com/widgets.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://tags.srv.stackadapt.com/events.js https://tags.tiqcdn.com/utag/santander/corporate-main-aem/prod/utag.js https://www.clarity.ms/tag/b84z53kzvw https://www.google-analytics.com/analytics.js  https://www.googletagmanager.com/gtag/js https://www.youtube.com/iframe_api https://www.clarity.ms https://www.go-mpulse.net https://www.google-analytics.com; style-src tbcdn.talentbrew.com 'self' 'unsafe-inline' https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_lib_v1.0.12.css https://lf16-tiktok-web.ttwstatic.com/ https://platform.twitter.com https://tags.srv.stackadapt.com https://ton.twimg.com https://tags.srv.stackadapt.com/sa.css; connect-src 'self' https://googleads.g.doubleclick.net/pagead/landing https://www.google.com/pagead/landing https://region1.google-analytics.com https://px.ads.linkedin.com https://cdn.linkedin.oribi.io/partner/3624849/domain/ https://*.tiktok.com https://adservice.google.com https://analytics.google.com https://cdn.cookielaw.org https://bat.bing.com https://collect.tealiumiq.com *.omtrdc.net https://region1.analytics.google.com https://stats.g.doubleclick.net https://tags.srv.stackadapt.com https://viewlicense.adobe.io https://www.clarity.ms https://*.clarity.ms https://www.google-analytics.com https://www.google.es https://www.facebook.com/tr/ https://*.go-mpulse.net https://*.akstat.io https://*.akamaihd.net https://tr.snapchat.com/p data:; font-src 'self' data:; object-src 'self' https://8853727.fls.doubleclick.net https://documentcloud.adobe.com https://irs.tools.investis.com https://lpcdn.lpsnmedia.net https://platform.twitter.com https://www.facebook.com https://www.linkedin.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://www.instagram.com/ https://player.cnbc.com https://www.bloomberg.com https://waveplayer01.santandergroup.net https://syndication.twitter.com/; 1
frame-ancestors 'self' https://*.astro.com.my; 1
default-src 'self' *;  connect-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *;  script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *;  img-src 'self' blob: data: *;  frame-src 'self' blob: data: *;  object-src 'self' blob: data: *;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.addictinggames.com https://*.shockwave.com https://*.scorecardresearch.com https://*.recurly.com https://*.cdn.yollamedia.com https://*.yollamedia.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.googletagservices.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.posthog.com https://local.addictinggames.com:3000 https://local.shockwave.com:3000;  style-src 'self' 'unsafe-inline' https://*.addictinggames.com https://*.shockwave.com https://*.scorecardresearch.com https://*.recurly.com https://*.cdn.yollamedia.com https://*.yollamedia.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.googletagservices.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.posthog.com https://local.addictinggames.com:3000 https://local.shockwave.com:3000;  font-src 'self' https://*.addictinggames.com https://*.shockwave.com https://*.scorecardresearch.com https://*.recurly.com https://*.cdn.yollamedia.com https://*.yollamedia.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.googletagservices.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.posthog.com https://local.addictinggames.com:3000 https://local.shockwave.com:3000;  base-uri 'self' https://*.addictinggames.com https://*.shockwave.com https://*.scorecardresearch.com https://*.recurly.com https://*.cdn.yollamedia.com https://*.yollamedia.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.googletagservices.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.posthog.com https://local.addictinggames.com:3000 https://local.shockwave.com:3000;  form-action 'self' https://*.addictinggames.com https://*.shockwave.com https://*.scorecardresearch.com https://*.recurly.com https://*.cdn.yollamedia.com https://*.yollamedia.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.googletagservices.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.posthog.com https://local.addictinggames.com:3000 https://local.shockwave.com:3000;  frame-ancestors 'none';  upgrade-insecure-requests;  worker-src 'self' blob: https://*.addictinggames.com https://*.shockwave.com https://*.scorecardresearch.com https://*.recurly.com https://*.cdn.yollamedia.com https://*.yollamedia.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.googletagservices.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.posthog.com https://local.addictinggames.com:3000 https://local.shockwave.com:3000; 1
block-all-mixed-content; frame-ancestors https://bigscoots.com https://portal.bigscoots.com/ https://www.bigscoots.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' jira.reactos.org www.google.com www.gstatic.com; img-src 'self' data:; 1
img-src 'self' https: data: ;; script-src-elem 'unsafe-inline' 'self' data: *.hubspot.com js.hs-analytics.net js.hs-banner.com *.hs-scripts.com js.hscollectedforms.net js.hsforms.net js.hsleadflows.net js.usemessages.com snap.licdn.com static.ads-twitter.com www.google-analytics.com www.googletagmanager.com www.hypernode.nl analytics.twitter.com wchat.freshchat.com www.google.com www.gstatic.com gist.github.com cdn.jsdelivr.net cdn.randomhow.com connect.facebook.net s3.amazonaws.com platform.twitter.com ssl.google-analytics.com www.hypernode.com www.pagespeed-mod.com asciinema.org cdn.mxpnl.com gc.kis.v2.scr.kaspersky-labs.com ucads-cdn.ucweb.com byte.us2.list-manage.com www.youtube.com cdn.leadinfo.net motu.teamblue.services *.isy-teamblue.services *.iubenda.com *.recaptcha.net fast.wistia.com https://*.hotjar.com;; style-src-attr 'unsafe-inline';; style-src-elem 'unsafe-inline' 'self' fonts.googleapis.com wchat.freshchat.com www.hypernode.nl github.githubassets.com *.hypernode.com https://*.hotjar.com https://cdn.iubenda.com;; script-src 'unsafe-eval' 'self' www.google.com www.hypernode.nl 'unsafe-inline' js.hs-banner.com js.hs-scripts.com js.hsleadflows.net www.google-analytics.com www.googletagmanager.com analytics.twitter.com snap.licdn.com static.ads-twitter.com wchat.freshchat.com www.gstatic.com connect.facebook.net wasm-eval s3.amazonaws.com www.hypernode.com js.hsadspixel.net js.hubspotfeedback.com js.usemessages.com js.hs-analytics.net js.hscollectedforms.net js.hsforms.net js-na1.hs-scripts.com forms.hsforms.com www.youtube.com cdn.leadinfo.net https://static-exp1.licdn.com https://content.linkedin.com motu.teamblue.services *.iubenda.com *.srv.isy-teamblue.services https://platform.linkedin.com https://*.hotjar.com;; style-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com wchat.freshchat.com www.hypernode.nl translate.googleapis.com www.hypernode.com https://cdn.leadinfo.net;; child-src www.youtube.com wchat.freshchat.com www.google.com 'self' app.hubspot.com 253949009329559.webpush.freshchat.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com;; connect-src *.oribi.io *.google.com *.hubspot.com api.hubapi.com www.facebook.com js.usemessages.com js.hsleadflows.net js.hubspotfeedback.com js.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com forms.hsforms.com js.hs-banner.com *.google-analytics.com 'self' www.google.co.in www.google.nl www.google.pl www.hypernode.com www.hypernode.nl yoast.com www.google.co.za www.google.co.uk www.google.de www.google.dk www.google.ro www.google.rs www.google.se www.google.ca www.google.com.au www.google.ie meetlookup.com www.google.be *.cdn77.org code.jquery.com *.kaspersky-labs.com www.google.cn www.google.com.eg www.google.com.pk www.google.fi www.google.it www.google.lv *.linkedin.com *.licdn.com *.hypernode.io *.make.com https://api.leadinfo.com https://collector.leadinfo.net *.teamblue.services *.gcp.cloud.es.io *.iubenda.com *.googlesyndication.com *.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;; font-src 'self' fonts.gstatic.com data: cdn.faceworks.nl cdn.megabonus.com use.typekit.net *.hypernode.nl *.hypernode.com https://cdn.leadinfo.net https://*.hotjar.com;; form-action my.hypernode.com forms.hsforms.com forms.hubspot.com 'self' www.hypernode.com www.facebook.com;; frame-src www.youtube.com 'self' 253949009329559.webpush.freshchat.com wchat.freshchat.com www.google.com recaptcha.google.com mozbar.moz.com www.hypernode.com platform.twitter.com app.hubspot.com www.hypernode.nl asciinema.org *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com www.linkedin.com www.facebook.com td.doubleclick.net www.googletagmanager.com https://www.iubenda.com 'unsafe-eval';; default-src 'self' 'unsafe-eval' 'unsafe-inline' 253949009329559.webpush.freshchat.com adservice.google.com analytics.google.com analytics.twitter.com data: fonts.googleapis.com fonts.gstatic.com forms.hsforms.com forms.hubspot.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hscollectedforms.net js.hsleadflows.net px.ads.linkedin.com secure.gravatar.com snap.licdn.com static.ads-twitter.com stats.g.doubleclick.net t.co track.hubspot.com wchat.freshchat.com www.google-analytics.com www.google.com www.google.nl www.googletagmanager.com www.gstatic.com www.hypernode.com www.hypernode.nl www.youtube.com a.slack-edge.com gist.github.com github.githubassets.com www.google.dk www.google.co.uk www.slideshare.net api.hubspot.com app.hubspot.com yoast.com asciinema.org support.hypernode.com www.google.be www.google.co.in www.google.de www.google.ru;; frame-ancestors 'self' about;; worker-src 'self';; object-src 'self' www.hypernode.com;; media-src 'self'; base-uri 'self'; report-uri https://madebyus.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' *.genworth.com https://miro.com/ https://app.storyblok.com; worker-src blob: *.genworth.com; frame-src *.genworth.com h.online-metrix.net *.rightprospectus.com; media-src *.genworth.com *.storyblok.com *.wistia.com data: blob:; font-src 'self' *.genworth.com *.storyblok.com *.wistia.com data:; connect-src 'self' *.genworth.com *.crazyegg.com *.wistia.com fast.wistia.net maps.googleapis.com api.mixpanel.com; img-src 'self' *.genworth.com *.storyblok.com *.wistia.com *.online-metrix.net *.tile.openstreetmap.org data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' *.genworth.com *.storyblok.com *.wistia.com *.crazyegg.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://static.preprod.siteimprove.com tags.srv.stackadapt.com; img-src 'self' * data: *.global.siteimproveanalytics.io px.ads.linkedin.com www.google.com www.google.co.uk b.6sc.co www.facebook.com bat.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.preprod.siteimprove.com https://code.jquery.com/jquery-3.5.0.js hello.siteimprove.com https://cdn.siteimprove.net/cms/overlay.js az416426.vo.msecnd.net www.googletagmanager.com consent.cookiebot.com consentcdn.cookiebot.com siteimproveanalytics.com j.6sc.co googleads.g.doubleclick.net www.google.com https://cdn.jsdelivr.net www.google.co.uk cdn.dreamdata.cloud play.vidyard.com snap.licdn.com pi.pardot.com connect.facebook.net tracking.g2crowd.com bat.bing.com tags.srv.stackadapt.com js.qualified.com js.zi-scripts.com; connect-src 'self' 'unsafe-inline' dc.services.visualstudio.com www.google.com epsilon.6sense.com px.ads.linkedin.com secure.adnxs.com applications.zoom.us wss://ws.qualified.com www.siteimprove.com marketingservices.siteimprove.com dc.services.visualstudio.com google.com consentcdn.cookiebot.com googleads.g.doubleclick.net ipv6.6sc.co cdn.dreamdata.cloud pi.pardot.com tags.srv.stackadapt.com js.zi-scripts.com tags.srv.stackadapt.com ws.zoominfo.com c.6sc.co cdn.linkedin.oribi.io; frame-src www.youtube.com videos.siteimprove.com https://play.vidyard.com applications.zoom.us https://hello.siteimprove.com https://cdn.siteimprove.net/cms/overlay.js consentcdn.cookiebot.com www.facebook.com app.qualified.com td.doubleclick.net www.g2.com; font-src 'self' 'unsafe-inline' https://static.preprod.siteimprove.com pardot-marketing-bucket.s3.eu-central-1.amazonaws.com; 1
font-src 'self' data: https: https://fonts.gstatic.com; frame-src 'self' https: https://optimize.google.com; default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https:; media-src 'self' https: blob:; connect-src 'self' https: wss://www.fool.com wss://*.33across.com wss://*.hotjar.com https://api.pink-boat.fool.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com https: https://evs.pink-boat.fool.com; style-src 'self' data: 'unsafe-inline' https: http://fonts.googleapis.com https://fonts.googleapis.com https://optimize.google.com; img-src 'self' data: https: https://g.foolcdn.com https://optimize.google.com https://www.google-analytics.com; upgrade-insecure-requests 1
default-src 'self' https://cdn.tresorit.com; script-src 'self' https://cdn.tresorit.com https://*.google-analytics.com https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://ajax.googleapis.com https://tagmanager.google.com https://az579219.vo.msecnd.net https://az416426.vo.msecnd.net https://static.hotjar.com https://script.hotjar.com https://snap.licdn.com https://bat.bing.com https://api.userlike.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://d3dc1lgancj6l0.cloudfront.net https://pi.pardot.com https://go.tresorit.com https://connect.facebook.net https://snap.licdn.com https://userlike-cdn-umm.b-cdn.net 'sha256-v1oYH69RcooFs6F5XhMTzHiWlftYwnuQHDxIz0suNeo=' 'sha256-yZFBBEAhVR7+Ftx72ma6BMxZ0sAlz7DrJpEQjM6yvdk=' 'sha256-y/5mPR8QdGvI0a6FfOwVWx71NjFHmb9oim1jH5qUf70=' 'sha256-O4+7KaDBQWWDASKibiU3ZxCe3z6j9JqvGcZpc13s3vY=' 'sha256-A9OR8VD4geqgEh9hE4ebqacrWXK2zshlphl3Y+oGDBY='; style-src 'self' 'unsafe-inline' https://cdn.tresorit.com https://tagmanager.google.com https://fonts.googleapis.com https://az579219.vo.msecnd.net https://optimize.google.com https://assets.calendly.com https://static.hotjar.com https://script.hotjar.com; img-src 'self' data: https: https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://static.hotjar.com https://script.hotjar.com; frame-src 'self' https://cdn.tresorit.com https://www.googletagmanager.com https://tagmanager.google.com https://vars.hotjar.com https://apisandbox.zuora.com https://test.zuora.com https://www.zuora.com https://www.youtube.com https://www.youtube-nocookie.com https://az579219.vo.msecnd.net https://optimize.google.com https://forms.office.com/ https://calendly.com https://api.userlike.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://d3dc1lgancj6l0.cloudfront.net https://td.doubleclick.net; font-src 'self' data: https://cdn.tresorit.com https://fonts.gstatic.com https://script.hotjar.com https://az579219.vo.msecnd.net https://d3dc1lgancj6l0.cloudfront.net https://userlike-cdn-umm.b-cdn.net; connect-src 'self' https://cdn.tresorit.com https://www.google.com https://*.analytics.google.com https://adservice.google.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://installer.tresorit.com https://subscribeapi.tresorit.com https://webapi.tresorit.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://174-dsp-873.mktoresp.com https://stats.g.doubleclick.net wss://umd.userlike.com https://umd.userlike.com https://api.userlike.com https://d3upe020n1uosc.cloudfront.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://www.userlike.com https://abuseapi.tresorit.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://www.facebook.com/tr/ https://bat.bing.com blob:; media-src 'self' https://cdn.tresorit.com https://az579219.vo.msecnd.net https://d3dc1lgancj6l0.cloudfront.net https://userlike-store-media-files.s3.amazonaws.com https://www.userlike.com blob:; child-src 'self' https://api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://d3dc1lgancj6l0.cloudfront.net blob:; manifest-src 'none'; object-src 'self'; script-src-attr 'none'; worker-src 'none'; base-uri 'none'; form-action 'self'; frame-ancestors 'self' https://www.zuora.com https://tresorit.ghost.io https://blog.tresorit.com https://send.tresorit.com; report-uri https://webapi.tresorit.com/v1/weblogformdata/cspwebsite 1
base-uri 'self';connect-src 'self' https://* wss://localhost:5173/ wss://ws.hotjar.com/ data:;default-src 'self';form-action 'self';img-src 'self' https://* https://resources.videvo.net/ data:;media-src 'self' https://* data:;object-src 'none';script-src 'self' https://* 'unsafe-inline' 'unsafe-eval' https://resources.videvo.net/;style-src 'self' 'unsafe-inline' https://resources.videvo.net/ https://accounts.google.com/gsi/style;script-src-elem https://* 'unsafe-inline' 'unsafe-eval' 'self' https://resources.videvo.net/;frame-src https://videocontent.es/ https://www.vaslou.com/ https://www.thefilmfund.co/ https://rushradar.com/ https://accounts.google.com/ https://eus.rubiconproject.com/ https://ads.pubmatic.com/ https://acdn.adnxs.com/ https://gum.criteo.com/ https://securepubads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://www.google.com/ https://*.googlesyndication.com/ https://*.securepubads.g.doubleclick.net/ https://*.google.com/ 'self';frame-ancestors https://videocontent.es/ https://www.vaslou.com/ https://www.thefilmfund.co/ https://rushradar.com/ https://accounts.google.com/ https://eus.rubiconproject.com/ https://ads.pubmatic.com/ https://acdn.adnxs.com/ https://gum.criteo.com/ https://securepubads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://www.google.com/ https://*.googlesyndication.com/ https://*.securepubads.g.doubleclick.net/ https://*.google.com/ 'self';style-src-elem 'unsafe-inline' 'self' https://resources.videvo.net/ https://accounts.google.com/gsi/style;style-src-attr 'unsafe-inline' 'self' https://resources.videvo.net/ https://accounts.google.com/gsi/style;font-src 'self' * data: 1
upgrade-insecure-requests; frame-ancestors collibra.sanity.studio localhost; 1
connect-src 'self' https: blob: data:; frame-ancestors 'self' https://accounts.kaleido.ai https://www.remove.bg https://www.unscreen.com https://www.designify.com https://app.storyblok.com 1
frame-ancestors *.tapinto.net tapinto.net *.facebook.com *.halstonmedia.com *.commercemagazinenj.com 1
script-src  'self' 'unsafe-inline' 'unsafe-eval' https://siteapi.inno.tech https://inno-siteapi.kometa.vc https://draft-productstudio.kometa.vc https://inno-siteapi.kometa.vc https://api.uxrocket.ru https://stream.datago.ru  https://mc.yandex.ru https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://chat.vtb.ru wss://chat.vtb.ru https://*.adriver.ru https://vk.com https://top-fwz1.mail.ru https://yastatic.net; style-src 'self' 'unsafe-inline' https://siteapi.inno.tech https://inno-siteapi.kometa.vc https://draft-productstudio.kometa.vc https://inno-siteapi.kometa.vc https://api.uxrocket.ru https://chat.vtb.ru wss://chat.vtb.ru https://yastatic.net; img-src * data:; font-src 'self' data: https://siteapi.inno.tech https://inno-siteapi.kometa.vc https://draft-productstudio.kometa.vc https://inno-siteapi.kometa.vc  https://chat.vtb.ru wss://chat.vtb.ru https://yastatic.net; media-src 'self' blob: https://siteapi.inno.tech https://inno-siteapi.kometa.vc https://draft-productstudio.kometa.vc https://inno-siteapi.kometa.vc  https://chat.vtb.ru wss://chat.vtb.ru; frame-src 'self' 'unsafe-inline' blob: https://siteapi.inno.tech https://inno-siteapi.kometa.vc https://draft-productstudio.kometa.vc https://inno-siteapi.kometa.vc https://stream.datago.ru https://*.roseltorg.ru:* https://api-maps.yandex.ru:* https://chat.vtb.ru wss://chat.vtb.ru https://yastatic.net; connect-src 'self' blob: https://siteapi.inno.tech https://inno-siteapi.kometa.vc https://draft-productstudio.kometa.vc https://inno-siteapi.kometa.vc https://api.uxrocket.ru https://stream.datago.ru https://*.corp.dev.vtb:*  https://mc.yandex.ru https://suggestions.dadata.ru https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://geocode-maps.yandex.ru/ https://chat.vtb.ru wss://chat.vtb.ru https://*.adriver.ru https://vk.com https://top-fwz1.mail.ru https://siteapi.vtb.ru https://marketplace.vtb.ru https://auto.vtb.ru https://ipoteka.vtb.ru https://cl.vtb.ru https://cc.vtb.ru https://vb.vtb.ru https://yastatic.net; frame-ancestors 'self' https://siteapi.inno.tech https://inno-siteapi.kometa.vc https://draft-productstudio.kometa.vc https://inno-siteapi.kometa.vc  https://*.vtb.ru:*; 1
default-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' 'self'; connect-src 'self'; img-src 'self'; style-src 'unsafe-inline' 'self'; font-src 'self'; frame-src 'self'; object-src 'self'; 1
frame-ancestors 'self' aws-prod1.docebosaas.com explore.skillbuilder.aws 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com www.google-analytics.com cdn.jsdelivr.net *.brightcove.com *.doubleclick.net *.jsdelivr.net geoid.investisdigital.com cookiemanager.investisdigital.com stories.syngenta.com gateway.shorthand.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com otp.tools.investis.com unpkg.com cdn.rawgit.com  https://gateway.zscalertwo.net stories.syngenta.com iframely.shorthand.com analytics.shorthand.com platform.twitter.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net stories.syngenta.com; img-src 'self' 'unsafe-inline' * data:; frame-src 'self' staticcontents.investis.com www.google.com irs.tools.investis.com otp.tools.investis.com ir.tools.investis.com www.youtube.com www.facebook.com stories.syngenta.com iframely.shorthand.com platform.twitter.com syndication.twitter.com www.linkedin.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; connect-src 'self' www.facebook.com www.google-analytics.com gateway.shorthand.com stats.g.doubleclick.net geoid.investisdigital.com cookiemanager.investisdigital.com 1
default-src 'self' staticcontents.investis.com media.idigitalcontents.com *.diageohorizon.com fonts.gstatic.com fonts.googleapis.com viz.tools.investis.com edge.api.brightcove.com; img-src 'unsafe-inline' data: *; frame-src 'self' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net www.nyse.com *.doubleclick.net www.youtube-nocookie.com diageogb2024eutfm.q4web.com www.googletagmanager.com www.google.com my.matterport.com ir.connectidfeed.com consentcdn.cookiebot.com www.youtube.com viz.tools.investis.com player.vimeo.com irs.tools.investis.com irs.tools.investis.com otp.tools.investis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net https://cdn.quantummetric.com *.typekit.net cdn.fonts.net cdn.jsdelivr.net *.diageohorizon.com; font-src 'self' 'unsafe-inline' data: fonts.idigitalcontents.com cdn.fonts.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.diageohorizon.com *.onetrust.com snap.licdn.com staticcontents.investisdigital.com www.diageoagegate.com *.lfeeder.com https://cdn.quantummetric.com *.quantummetric.com unpkg.com www.srihash.org www.google.com irs.tools.investis.com otp.tools.investis.com cdn.jsdelivr.net www.youtube-nocookie.com www.youtube.com consent.cookiebot.com *.vimeocdn.com www.gstatic.com cdnjs.cloudflare.com diageoagegate.diageoplatform.com www2.investisdigital.com www.googletagmanager.com web.diageoagegate.com *.vimeo.com vimeo.com *.google-analytics.com; connect-src 'self' www.diageo.com *.diageohorizon.com *.onetrust.com https://cdn.quantummetric.com *.quantummetric.com px.ads.linkedin.com *.amazonaws.com *.google.com *.doubleclick.net diageogb2024eutfm.q4web.com diageo-stage-api.connectid.cloud diageo-stage-api.connectid.cloud/api/alljobs diageo-stage-api.connectid.cloud/api/jobs diageo-api.connectid.cloud/api/alljobs diageo-api.connectid.cloud/api/jobs irs.tools.investis.com diageo-api.connectid.cloud/api/multijobs *.google-analytics.com *.vimeocdn.com pagead2.googlesyndication.com stats.g.doubleclick.net stats.g.doubleclick.net; object-src 'self'; base-uri; form-action 'self'; 1
default-src 'self';  script-src 'self' https://maps.googleapis.com https://newlogin.dimepkairos.com.br https://5chat.5hub.com.br https://script.hotjar.com https://code.jquery.com https://static.hotjar.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://cdn.dimepkairos.com.br https://www.google-analytics.com https://cdnjs.cloudflare.com https://l2.io https://cdn.jsdelivr.net https://js-agent.newrelic.com 'unsafe-eval' 'unsafe-inline';  style-src 'self' https://newlogin.dimepkairos.com.br https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.gstatic.com 'unsafe-inline';  font-src 'self' https://newlogin.dimepkairos.com.br https://fonts.gstatic.com;  img-src 'self' data: *;  connect-src 'self' https://maps.googleapis.com https://maps.google.com https://maps.google https://stats.g.doubleclick.net https://tagus.5hub.com.br https://www.google.com https://www.google-analytics.com https://bam.nr-data.net http://127.0.0.1:8731;  frame-src 'self' https://qcmaint.dimepkairos.com.br https://www.google.com https://5chat.5hub.com.br https://www.dimep.space https://qcmaint.mdcomune.com.br https://www.dimepkairos.com.br https://www.mdcomune.com.br https://www.dimepkairos.pt https://www.dimepkairos.com.mx;  object-src 'self';  base-uri 'self';  form-action 'self';  frame-ancestors 'self';  block-all-mixed-content;  upgrade-insecure-requests; 1
default-src 'self'        https://cdn.jsdelivr.net;    script-src 'self' 'unsafe-eval' 'unsafe-inline'        https://maps.googleapis.com        https://cdn.segment.com        https://ze.delivery        https://www.googletagmanager.com        https://optanon.blob.core.windows.net        https://www.google-analytics.com        https://connect.facebook.net        https://code.jquery.com        https://websdk.appsflyer.com        https://cdn.cookielaw.org        https://analytics.tiktok.com        https://*.hotjar.com        https://*.tailtarget.com        https://pixel.mathtag.com        https://web-sdk-cdn.singular.net        https://*.clearsale.com.br        https://cdn.jsdelivr.net        https://www.googleadservices.com        https://*.ze.delivery;    style-src 'self' 'unsafe-inline'        https://fonts.googleapis.com        https://optanon.blob.core.windows.net;    img-src 'self' blob: data:        courier-images-web.imgix.net        courier-images-frontrelease.imgix.net        courier-images-prod.imgix.net        https://www.google-analytics.com        https://www.facebook.com        https://www.google.com        https://www.google.com.br        https://*.tailtarget.com        https://*.singular.net        https://*.hotjar.com        https://*.incognia.com        https://*.typeform.com        https://*.doubleclick.net        https://*.tiktok.com        https://*.onetrust.com        https://*.gstatic.com        https://*.mathtag.com        https://*.googleadservices.com        https://*.facebook.net        https://*.amazoncognito.com        https://*.google.com        https://*.ze.delivery        https://img.saveur-biere.com        https://content.hotjar.io        https://translate.google.com        https://adservice.google.com        https://tags.w55c.net        https://tags.bluekai.com        https://dsum-sec.casalemedia.com        https://idsync.rlcdn.com        https://*.stickyadstv.com        https://*.akgn.com        https://ups.analytics.yahoo.com;    font-src 'self'        https://fonts.gstatic.com;    worker-src 'self' blob:;    object-src 'none';    base-uri 'self';    form-action 'self';    frame-ancestors 'self'        https://www.typeform.com;    frame-src 'self'        https://form.typeform.com        https://*.doubleclick.net        https://www.typeform.com        https://*.google.com;    upgrade-insecure-requests;    connect-src 'self'        https://*.split.io        https://*.ze.delivery        https://api.club.zedelivery.in        https://*.incognia.com        wss://conn-check.incognia.com        wss://ws.hotjar.com        https://cdn.segment.com        https://api.segment.io        https://maps.googleapis.com        https://www.google-analytics.com        https://stats.g.doubleclick.net        https://*.appsflyer.com        https://wa.onelink.me        https://cdn.cookielaw.org        https://analytics.tiktok.com        https://*.onetrust.com        https://analytics.google.com        https://*.hotjar.com        https://*.hotjar.io        https://cognito-idp.us-west-2.amazonaws.com        https://cdn.jsdelivr.net        https://*.dynamsoft.com        https://*.zedelivery.in        https://ze-auth-service-consumer-prod.auth.us-west-2.amazoncognito.com        https://ze-auth-service-consumer-frontrelease.auth.us-west-2.amazoncognito.com; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' stats.g.doubleclick.net snap.licdn.com px.ads.linkedin.com privacyportal-de.onetrust.com cdn.cookielaw.org ajax.googleapis.com fast.fonts.net player.vimeo.com code.jquery.com geolocation.onetrust.com www.google-analytics.com www.lansrv090.com vimeo.com f.vimeocdn.com i.vimeocdn.com fresnel.vimeocdn.com player-telemetry.vimeo.com 117vod-adaptive.akamaized.net www.googletagmanager.com googleads.g.doubleclick.net www.gstatic.com static.doubleclick.net fonts.gstatic.com www.youtube.com players.brightcove.net metrics.brightcove.com vjs.zencdn.net edge.api.brightcove.com admin.brightcove.com 8vod-adaptive.akamaized.net blob: data:; form-action 'self' data:; plugin-types application/x-shockwave-flash application/pdf 1
default-src 'self' https://*.gaf.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.gaf.com https://gafcom.mpeasylink.com https://js.monitor.azure.com https://www.googletagmanager.com https://cdn.cookielaw.org https://*.go-mpulse.net https://*.cloudfront.net https://www.youtube.com https://*.licdn.com https://googleads.g.doubleclick.net https://bat.bing.com https://connect.facebook.net https://img03.en25.com https://*.hotjar.com https://ws.contobox.com https://www.clarity.ms https://geoip-js.com https://*.googleapis.com https://tracking.skyword.com https://www.google.com https://www.gstatic.com https://*.bazaarvoice.com https://www.googleadservices.com https://js.hsforms.net https://22168879.fs1.hubspotusercontent-na1.net https://*.cloudflare.com https://*.vercel.app https://*.ceros.com https://eave.us https://cdn.jsdelivr.net https://intheworks.site https://code.jquery.com https://mpsnare.iesnare.com https://analytics.convertlanguage.com; style-src 'unsafe-inline' 'self' https://*.gaf.com https://fonts.googleapis.com https://www.googletagmanager.com https://carluccidesign.com https://*.vercel.app https://*.ceros.com https://eave.us https://cdn.jsdelivr.net https://intheworks.site https://display.ugc.bazaarvoice.com; connect-src 'self' https://*.gaf.com https://*.in.applicationinsights.azure.com https://cdn.cookielaw.org https://*.go-mpulse.net https://api-engage-us.sitecorecloud.io https://*.google.com https://stats.g.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://px.ads.linkedin.com https://*.contobox.com https://*.clarity.ms https://*.cloud.coveo.com https://*.googleapis.com https://*.hotjar.io https://surefiregaf.webservices.sfs.io https://bat.bing.com https://*.bazaarvoice.com https://www.google-analytics.com https://forms.hsforms.com https://*.ceros.com https://eave.us https://geoip-js.com https://geolocation.onetrust.com https://privacyportal.onetrust.com https://www.facebook.com https://api.hubapi.com https://www.googleadservices.com; font-src 'self' https://*.gaf.com data: https://fonts.googleapis.com https://fonts.gstatic.com https://carluccidesign.com https://*.vercel.app https://*.ceros.com https://eave.us https://intheworks.site https://apps.bazaarvoice.com; frame-src 'self' https://gafcom.mpeasylink.com https://*.gaf.com https://*.fls.doubleclick.net https://*.doubleclick.net https://www.youtube.com https://www.google.com https://*.chameleonpower.com https://view.ceros.com https://carluccidesign.com https://*.vercel.app https://*.ceros.com https://eave.us https://intheworks.site https://api.bazaarvoice.com https://display.ugc.bazaarvoice.com https://www.facebook.com https://pixel.sitescout.com https://forms.hsforms.com https://gafsustainability.website1.dev; img-src 'self' https://*.gaf.com https://*.siplast.com data: https://px.ads.linkedin.com https://cdn.cookielaw.org https://www.linkedin.com https://*.t.eloqua.com https://www.facebook.com https://*.bing.com https://ad.doubleclick.net https://*.google.com https://trkn.us https://maps.gstatic.com https://*.googleapis.com https://*.bazaarvoice.com https://ad.ipredictive.com https://*.linkedin.com https://forms-na1.hsforms.com https://www.googletagmanager.com https://carluccidesign.com https://*.ceros.com https://eave.us https://i.ytimg.com https://intheworks.site https://*.clarity.ms https://tags.w55c.net https://tracking.skyword.com https://fonts.gstatic.com https://forms.hsforms.com https://clickserv.sitescout.com https://*.googleusercontent.com https://googleads.g.doubleclick.net; upgrade-insecure-requests; block-all-mixed-content; report-uri /cspreports.xml 1
script-src 'self' 'report-sample' 'nonce-e7eb8d60d392e08e38295aca' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' 'sha256-kbHtQyYDQKz4SWMQ8OHVol3EC0t3tHEJFPCSwNG9NxQ=' 'sha256-NCKNRxHOZ9NZZP1xYaFbbqjnjnIkTO+5uafvQF2F+Ok=' 'sha256-MF4OdOnsHLn63JSCXslyutSsN6cn2VjFCfcBkh8UA+U=' 'sha256-NyU5VcnUQ+qsk+xqFFnzgzL0ogzibyKUEOEJiGnm6LI=' 'sha256-xqRANPm8v5XHL3LopmHGSCIBVnSm+dHOI4AnlD0pWeY=' 'sha256-+w8qqRyG3+lLwdlPmZJJA5+4engGjZ6fe9i303mvhpg=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI='; object-src 'none'; base-uri 'self'; frame-ancestors https://la.utexas.edu https://www.la.utexas.edu https://learn.stanford.edu https://idss.mit.edu https://idss-gl.mit.edu https://*.mygreatlearning.com https://*.greatlearning.in https://mbaonline.snu.edu.in https://snu.edu.in https://sme.snu.edu.in https://iiitd.ac.in https://www.iiitd.ac.in https://pgdcsai.iiitd.ac.in https://www.greatlakes.edu.in https://onlinejain.com https://www.onlinejain.com https://www.jain-online.com https://jain-online.com https://*.bhartiaxa.com https://professionalonline2.mit.edu https://professional.mit.edu https://professional-education-gl.mit.edu https://www.srmonline.in https://srmonline.in https://careerkarma.com https://pes.edu https://*.olympuslms.com https://onlineexeced.mccombs.utexas.edu https://www.greatlakes.org.in; report-uri /csp-report; report-to web-csp-endpoint; 1
frame-ancestors 'self' http://10.100.2.145 1
frame-ancestors 'self' https://*.jatkoaika.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-0XMonv-yYZhf2jQlegeQhw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors https://www.domainesia.com/ https://my.domainesia.com/ 1
default-src https: *; script-src https: 'unsafe-inline' 'unsafe-eval' *;img-src data: https:;font-src data: https:;style-src https: 'unsafe-inline' *;upgrade-insecure-requests;frame-ancestors 'self'; base-uri 'none'; frame-src mailto: *; worker-src blob: * ; child-src blob: ; 1
default-src 'self' *.linktr.ee help.linktr.ee *.intercom.io intercom.io *.intercomcdn.com intercomcdn.com; script-src 'self' *.jsdelivr.net jsdelivr.net *.ashbyhq.com ashbyhq.com *.airtable.com airtable.com *.mountain.com tiktok.com *.tiktok.com *.ttwstatic.com ttwstatic.com *.linktr.ee statsigapi.net *.statsigapi.net statsig.com *.statsig.com featuregates.org *.featuregates.org prodregistryv2.org *.prodregistryv2.org featureassets.org *.featureassets.org *.trustpilot.com *.marker.io *.profitwell.com *.branch.io *.intercom.io intercom.io https://*.intercom.io https://*.intercom.com *.intercomcdn.com https://js.intercomcdn.com intercomcdn.io *.redditstatic.com *.sc-static.net sc-static.net *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com app.link *.exchangerate.host *.doubleclick.net *.cloudfunctions.net *.googleadservices.com analytics.tiktok.com analytics.twitter.com bat.bing.com *.onetrust.com cdn.heapanalytics.com cdn.amplitude.com api2.amplitude.com cdn.pdst.com cdn.pdst.fm *.facebook.net *.pinterest.com heapanalytics.com *.gastbyjs.io websitelinktree.gatsbyjs.io assets.production.linktr.ee analytics.google.com unpkg.com s.pinimg.com static.ads-twitter.com *.googleoptimize.com *.clarity.ms *.ads-twitter.com *.youtube.com *.chargebee.com *.stripe.com *.snapchat.com *.tiktokcdn-us.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com *.hsforms.net *.hsforms.com *.adoralytics.com adoralytics.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: *.facebook.net *.bing.com linktreestg.wpengine.com *.api.blog.production.linktr.ee https://api.blog.production.linktr.ee *.linktr.ee *.gatsbyjs.io *.trustpilot.com *.branch.io *.intercomcdn.com intercomcdn.io *.intercomassets.com *.intercomcdn.eu *.intercomusercontent.com *.intercom.io intercom.io *.intercom-attachments-1.com *.hsforms.net *.hsforms.com *.snapchat.com *.clarity.ms *.reddit.com *.intercom-attachments.eu *.au.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com *.intercomassets.eu q.quora.com bat.bing.com *.facebook.com heapanalytics.com t.co *.twitter.com *.facebook.com *.pinterest.com *.google-analytics.com *.onetrust.com *.cloudfront.com *.stripe.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googletagmanager.com; style-src 'self' *.ttwstatic.com *.tiktokcdn-us.com *.linktr.ee fonts.googleapis.com *.stripe.com 'unsafe-inline'; font-src 'self' data: *.linktr.ee https://js.intercomcdn.com https://fonts.intercomcdn.com fonts.gstatic.com; form-action 'self' *.facebook.com *.intercom.help *.intercom.io intercom.io https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://messenger-apps.intercom.io *.hsforms.net *.hsforms.com *.snapchat.com; connect-src 'self' *.browser-intake-datadoghq.com *.gstatic.com *.doubleclick.net *.bing.com *.googlesyndication.com tiktok.com *.tiktok.com facebook.com *.facebook.com *.linktr.ee statsigapi.net *.statsigapi.net statsig.com *.statsig.com featuregates.org *.featuregates.org prodregistryv2.org *.prodregistryv2.org featureassets.org *.featureassets.org *.amplitude.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io *.exchangerate.host https://capi.tr.ee *.featuregates.org featuregates.org *.snapchat.com *.branch.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com *.clarity.ms ingress.linktr.ee *.onetrust.com *.hsforms.net *.hsforms.com *.amazonaws.com *.profitwell.com *.gatsbyjs.io *.google-analytics.com analytics.tiktok.com *.analytics.google.com analytics.google.com *.google.com.au stats.g.doubleclick.net google-analytics.com ct.pinterest.com *.googleadservices.com *.google.com *.cloudfunctions.net wss://*.intercom.io https://*.intercom.io https://*.intercom.com https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.intercomusercontent.com *.adoralytics.com adoralytics.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105; media-src 'self' *.linktr.ee *.intercomcdn.com intercomcdn.io *.ctfassets.net; frame-src 'self' *.ttwstatic.com ttwstatic.com *.ashbyhq.com ashbyhq.com *.airtable.com airtable.com tiktok.com *.tiktok.com *.linktr.ee https://linktr.ee *.trustpilot.com *.branch.io *.intercom.io intercom.io *.intercomcdn.com intercomcdn.io *.snapchat.com *.pinterest.com *.doubleclick.com *.doubleclick.net *.facebook.com *.formstack.com *.google.com *.hsforms.net *.hsforms.com *.stripe.com https://*.intercom.io https://*.intercom.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net spotify.com *.spotify.com; child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; worker-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; object-src 'none'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub3c5384c350f7b86c67a1cba0b315ee9d&dd-evp-origin=content-security-policy&ddsource=csp-report; 1
frame-ancestors 'self' https://awards.ratingruneta.ru; 1
default-src 'self' * data: blob:; img-src 'self' * 'unsafe-inline' data: blob:; style-src 'self' * 'unsafe-inline' data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob:; object-src 'none'; worker-src 'self' data: blob: resume.io *.resume.io cvster.nl *.cvster.nl cvmonk.nl *.cvmonk.nl cvapp.es *.cvapp.es cvapp.it *.cvapp.it cvapp.fr *.cvapp.fr cvkungen.se *.cvkungen.se cv.dk *.cv.dk cv.app *.cv.app resume.app *.resume.app cvapp.cz *.cvapp.cz cvapp.fi *.cvapp.fi cvapp.no *.cvapp.no cveasy.pl *.cveasy.pl cvapp.de *.cvapp.de rirekisho.jp *.rirekisho.jp onlinecurriculo.com.br *.onlinecurriculo.com.br career.io *.career.io cvapp.ro *.cvapp.ro cvapp.gr *.cvapp.gr cvapp.hu *.cvapp.hu resume-test.io *.resume-test.io cvapp.nz *.cvapp.nz cvapp.ie *.cvapp.ie lebenslaufapp.ch *.lebenslaufapp.ch lebenslaufapp.at *.lebenslaufapp.at cvapp.bg *.cvapp.bg cvapp.cl *.cvapp.cl; frame-src https:; frame-ancestors 'self' vwo.com *.vwo.com 1
frame-ancestors 'self' https://*.playerauctions.com 1
default-src 'unsafe-eval' 'unsafe-inline' blob: *;frame-src about: *;img-src data: about: blob: *;font-src data: *;frame-ancestors self my.readymag.com readymag.website readymag.com 1
upgrade-insecure-requests; form-action 'self' https://www.impeka.in/submit; frame-ancestors 'self'; object-src 'none'; base-uri 'none' 1
base-uri 'self'; style-src 'self' 'unsafe-inline' *.ase-usw1-shared-prd.p.azurewebsites.net *.cognitoforms.com *.dignityhealth.org *.foresee.com *.hellohumankindness.org *.marketo.com *.twimg.com fonts.googleapis.com gateway.foresee.com use.typekit.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.crazyegg.com *.dignityhealth.org *.evaliahealth.com *.evaliahealth.com *.everesttech.net *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.gstatic.com/recaptcha/ *.hellohumankindness.org *.inquicker.com *.invoca.net *.jotform.io *.marketo.com *.marketo.net *.mktoutil.com *.recaptcha.net/recaptcha/ *.recaptcha.net/recaptcha/ *.tealiumiq.com *.tealiumiq.com *.youtube.com ajax.googleapis.com ajax.microsoft.com assets.adobedtm.com bam-cell.nr-data.net bam.nr-data.net cdn.commonspirit.org cdn.jsdelivr.net/npm/twemoji@13 cdnjs.cloudflare.com code.jquery.com commonspirit.experiencecloud.adobe.com decodedigital.s3.amazonaws.com dignityhealth.hrm.healthgrades.com experience.adobe.com gateway.foresee.com google-analytics.com googleads.g.doubleclick.net hipaa.jotform.com js-agent.newrelic.com login.commonspirit.org maps.googleapis.com pc-dignityhealth-visitor-service.tealiumiq.com platform.twitter.com s.yimg.com solutions.invocacdn.com support.doctorpodcasting.com/widget/easyXDM.js tags.tiqcdn.com tags.tiqcdn.com twemoji.maxcdn.com unpkg.com use.typekit.net www.googletagmanager.com; frame-src 'self' *.jotform.io *.marketo.com *.vimeo.com *.youtube.com calendar.google.com commonspirit.demdex.net dignityhealth.hrm.healthgrades.com docasap.com identityspa.dignityhealth.org support.doctorpodcasting.com www.cognitoforms.com www.google.com www.google.com www.recaptcha.net; img-src 'self' *.agkn.com *.ase-usw1-shared-prd.p.azurewebsites.net *.crazyegg.com *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.googleadservices.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.hellohumankindness.org *.marketo.com *.stackadapt.com *.twimg.com *.vimeocdn.com *.youtube.com bam.nr-data.net cdn.jotfor.ms d1ffafozi03i4l.cloudfront.net data: dpm.demdex.net i.ytimg.com login.commonspirit.org qvdt3feo.com s3.amazonaws.com s3.amazonaws.com/assets.gyant.com/ twemoji.maxcdn.com use.typekit.net www.google.com www.googletagmanager.com; connect-src 'self' *.ase-usw1-shared-prd.p.azurewebsites.net *.ase-usw1-shared-prd.p.azurewebsites.net *.crazyegg.com *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.hellohumankindness.org *.inquicker.com *.mktoresp.com *.mktoutil.com *.mktoutil.com *.omtrdc.net ajax.microsoft.com analytics.google.com api.ipify.org app-w2-owrapi-prd.azurewebsites.net bam-cell.nr-data.net bam.nr-data.net commonspirit.sc.omtrdc.net commonspirit.tt.omtrdc.net device.4seeresults.com dpm.demdex.net fid.agkn.com fonts.googleapis.com google-analytics.com identity-api.commonspirit.org identity-func.commonspirit.org lasteventf-tm.everesttech.net login.commonspirit.org maps.googleapis.com pc-dignityhealth-collect.tealiumiq.com pc-dignityhealth-visitor-service.tealiumiq.com pnapi.invoca.net readaloud.googleapis.com s.yimg.com s3.amazonaws.com/assets.gyant.com/ translate.googleapis.com www.googletagmanager.com; default-src 'self' *.dignityhealth.org analytics.foresee.com commonspirit.demdex.net identity-func.commonspirit.org identity-spa.commonspirit.org login.commonspirit.org pc-dignityhealth-collect.tealiumiq.com; font-src 'self' *.ase-usw1-shared-prd.p.azurewebsites.net *.dignityhealth.org *.gstatic.com *.slant.co cdn.jorfor.ms data: gateway.foresee.com s3.amazonaws.com/assets.gyant.com/ use.typekit.net; 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.sensibull.com https://kite.zerodha.com; report-uri https://7eae552da389ebb083bedadbd9428ed2.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'self' *.ancestrydata.com genlookups.com *.genlookups.com *.legacy.com whostextingmykids.com *.usphonebook.com 1
default-src 'self' *.gstatic.com *.guestplan.com *.weborama.fr https://cdn.guestplan.com https://pathenederland.qualifioapp.com https://files.qualifio.com *.googlesyndication.com *.bluebillywig.com https://www.cm.com data:; script-src-elem 'unsafe-inline' 'self' https://analytics.tiktok.com https://oa.openxcdn.net/esp.js https://cdn.prod.uidapi.com/uid2SecureSignal.js https://static.criteo.net/js/ld/publishertag.ids.js https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js https://cdn.id5-sync.com/api/1.0/esp.js https://cdn.guestplan.com *.googleadservices.com https://www.googletagservices.com https://pathe.bbvms.com *.weborama.fr https://www.gstatic.com https://pathenederland.qualifioapp.com https://files.qualifio.com wss://*.omnidesk.io *.omnidesk.io *.emsecure.net *.bluebillywig.com *.bbvms.com *.mathtag.com *.googlesyndication.com *.jwpcdn.com *.360yield.com *.google.com *.moatads.com *.google.nl *.cloudflare.com *.facebook.net *.facebook.com *.doubleclick.net *.google-analytics.com *.blueconic.net https://p969.pathe.nl *.googletagmanager.com *.pathe.nl https://webchat.digitalcx.com; frame-src 'self' https://cdn.guestplan.com https://www.360superview.nl https://media.adrcdn.com *.weborama.fr https://www.google.com https://pathenederland.qualifioapp.com https://files.qualifio.com *.360yield.com *.hostedbypoort80.nl *.poort80.nl *.pathe.nl *.doubleclick.net *.openstreetmap.org *.googlesyndication.com *.facebook.com; img-src 'self' *.media.tumblr.com https://gstpln-cdn-img-prod.azureedge.net https://cdn.guestplan.com https://cdn-img.guestplan.com https://images.assettype.com https://gifimage.net *.gifs.com *.giphy.com *.kinja-img.com https://pathe-cdp.triple-it.nl https://pathe.blueconic.net https://p969.pathe.nl *.weborama.fr connect.facebook.net *.omnidesk.io *.kijkwijzer.nl https://gifimage.net *.adform.net *.adnxs.com https://id5-sync.com *.adyen.com *.bluebillywig.com *.bbvms.com *.gifs.com *.giphy.com *.kinja-img.com https://jwpltx.com *.doubleclick.net *.moatads.com *.smadex.com *.bidswitch.net *.crwdcntrl.net *.e-planning.net *.360yield.com *.googlesyndication.com *.hostedbypoort80.nl *.poort80.nl *.google-analytics.com *.pathe.nl *.facebook.com *.google.com *.google.nl data:; style-src 'self' https://fonts.googleapis.com https://cdn.guestplan.com https://pathenederland.qualifioapp.com https://files.qualifio.com wss://*.omnidesk.io *.omnidesk.io *.bluebillywig.com *.blueconic.net https://p969.pathe.nl 'unsafe-inline'; connect-src 'self' https://analytics.tiktok.com https://etender-connect.com https://cdn.guestplan.com https://nominatim.openstreetmap.org https://pathenederland.qualifioapp.com https://files.qualifio.com wss://*.omnidesk.io *.omnidesk.io *.bbvms.com *.google-analytics.com *.360yield.com *.googlesyndication.com *.gstatic.com *.blueconic.net https://p969.pathe.nl *.doubleclick.net *.facebook.com *.hostedbypoort80.nl *.poort80.nl *.pathe.nl https://cxcomlive-webconvwa-weu.azurewebsites.net wss://cxcomlive-webconvwa-weu.azurewebsites.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.bluebillywig.com https://www.googleadservices.com https://www.googletagservices.com https://partner.googleadservices.com *.weborama.fr https://cdn.guestplan.com https://pathenederland.qualifioapp.com https://files.qualifio.com *.hostedbypoort80.nl *.poort80.nl wss://*.omnidesk.io *.omnidesk.io https://pathe.bbvms.com *.moatads.com *.mathtag.com *.jwpcdn.com *.cloudflare.com https://*.facebook.com https://*.facebook.net https://*.blueconic.net https://p969.pathe.nl https://www.googletagmanager.com https://*.googleapis.com https://www.google-analytics.com https://*.gstatic.com https://*.doubleclick.net https://pathe.emsecure.net *.google.com *.google.nl *.360yield.com *.googlesyndication.com; frame-ancestors 'self' *.weborama.fr https://pathenederland.qualifioapp.com https://files.qualifio.com *.pathe.nl *.hostedbypoort80.nl *.poort80.nl; media-src 'self' wss://*.omnidesk.io https://cdn.guestplan.com https://pathe.blueconic.net https://p969.pathe.nl *.omnidesk.io *.bluebillywig.com *.cloudfront.net *.pathe.nl *.hostedbypoort80.nl *.poort80.nl *.triple-it.nl data:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.nyi.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'  www.youtube.com www.youtube-nocookie.com; font-src 'self' data:; img-src 'self' pbs.twimg.com data:; media-src 'self' pb.twimg.com data:; frame-src 'self' www.google.com www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' 1
default-src 'self' https: data: blob:; base-uri 'self'; connect-src 'self' https: https://lynn-latam-production-br-ch-reg-t2793.azurewebsites.net/widget/main https://lynn-latam-production-br-ch-reg-t2793.azurewebsites.net/chatHub/negotiate wss://lynn-latam-production-br-ch-reg-t2793.azurewebsites.net/chatHub; img-src data: 'self' w3.org/svg/2000 https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: data: blob:; script-src-attr 'self' 'unsafe-inline' https: data: blob:; style-src 'self' 'unsafe-inline' https: data: blob:; object-src 'none'; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: about: 'unsafe-inline'; frame-ancestors 'self' *.greenvelopetesting.com *.greenvelope.com localizejs.com localize.live *.facebook.com; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' *.googletagmanager.com *.youtube.com *.doubleclick.net *.adsrvr.org *.google.com; img-src * data:; 1
script-src 'nonce-2SVwwjg2E+QxOC82UQYLWA==' 'strict-dynamic' 'unsafe-eval' 'report-sample' https: 'unsafe-inline'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=A1asMZamDCOu-y8_H3hilJaX-DiZ4ubd_xPkDJU2bnDl2QueiJv03gPam6EQ&policy_id=10&user_id=&request_id=176daa82-bff6-40f1-ba6a-8c47317f53af; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
frame-ancestors 'self';  default-src 'self' tn.edu.tw mb.tn.edu.tw ;  script-src 'self' 'unsafe-eval' 'unsafe-inline' tn.edu.tw mb.tn.edu.tw ;  connect-src 'self' tn.edu.tw mb.tn.edu.tw ;  frame-src tn.edu.tw mb.tn.edu.tw ;  font-src * data:;  img-src * data:;  style-src * 'unsafe-inline'; 1
referrer 'origin-when-crossorigin'; 1
frame-ancestors 'self' https://*.webow.jp https://netdoor.tv https://netdoor.live; 1
frame-ancestors 'self' https://mycpd.racgp.org.au 1
default-src *.nav.no portal-admin.oera.no; script-src *.nav.no portal-admin.oera.no *.tingtun.no termer.no uxsignals-frontend.uxsignals.app.iterate.no *.psplugin.com *.hotjar.com *.taskanalytics.com nav.boost.ai 'unsafe-inline' 'unsafe-eval'; script-src-elem *.nav.no portal-admin.oera.no *.tingtun.no termer.no uxsignals-frontend.uxsignals.app.iterate.no video.qbrick.com play2.qbrick.com analytics.qbrick.com *.ip-only.net blob: *.psplugin.com *.hotjar.com *.taskanalytics.com nav.boost.ai 'unsafe-inline'; worker-src *.nav.no portal-admin.oera.no blob:; style-src *.nav.no portal-admin.oera.no 'unsafe-inline' *.psplugin.com *.googleapis.com *.gstatic.com; font-src *.nav.no portal-admin.oera.no data: video.qbrick.com play2.qbrick.com analytics.qbrick.com *.ip-only.net blob: *.psplugin.com *.hotjar.com cdn.nav.no *.googleapis.com *.gstatic.com; img-src *.nav.no portal-admin.oera.no data: video.qbrick.com play2.qbrick.com analytics.qbrick.com *.ip-only.net blob: *.psplugin.com *.vimeocdn.com *.hotjar.com www.vergic.com; object-src video.qbrick.com play2.qbrick.com analytics.qbrick.com *.ip-only.net blob:; connect-src *.nav.no portal-admin.oera.no video.qbrick.com play2.qbrick.com analytics.qbrick.com *.ip-only.net blob: api.uxsignals.com *.boost.ai *.psplugin.com *.hotjar.com *.hotjar.io *.taskanalytics.com; media-src video.qbrick.com play2.qbrick.com analytics.qbrick.com *.ip-only.net blob: ihb.nav.no; child-src *.nav.no blob:; style-src-elem *.nav.no *.psplugin.com 'unsafe-inline' *.googleapis.com *.gstatic.com; frame-src *.hotjar.com player.vimeo.com video.qbrick.com *.nav.no; frame-ancestors 'self' *.psplugin.com; 1
child-src * blob:; default-src * 'unsafe-inline'; font-src * 'unsafe-inline' data:; img-src * 'unsafe-inline' data: blob:; object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src * blob: 1
frame-ancestors 'self' *.curiositystream.com; report-uri https://n8205b602a.execute-api.us-east-1.amazonaws.com/Prod/cspreport; report-to csp-endpoint 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oktacdn.com *.oktacdn.com convergeoperations.com *.convergeoperations.com tsp.gov *.tsp.gov googleapis.com *.googleapis.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com gov *.gov; connect-src 'self' oktacdn.com *.oktacdn.com okta.com *.okta.com convergeoperations.com *.convergeoperations.com tsp.gov *.tsp.gov googleapis.com *.googleapis.com google-analytics.com *.google-analytics.com gov *.gov; img-src 'self' oktacdn.com *.oktacdn.com tsp.gov *.tsp.gov convergeoperations.com *.convergeoperations.com googleapis.com *.googleapis.com google-analytics.com *.google-analytics.com gov *.gov ytimg.com *.ytimg.com; style-src 'self' 'unsafe-inline' oktacdn.com *.oktacdn.com convergeoperations.com *.convergeoperations.com tsp.gov *.tsp.gov googleapis.com *.googleapis.com google-analytics.com *.google-analytics.com gov *.gov; font-src 'self' oktacdn.com *.oktacdn.com convergeoperations.com *.convergeoperations.com tsp.gov *.tsp.gov googleapis.com *.googleapis.com fonts.gstatic.com gov *.gov; form-action 'self' salesforce.com *.salesforce.com oktacdn.com *.oktacdn.com okta.com *.okta.com convergeoperations.com *.convergeoperations.com googleapis.com tsp.gov *.tsp.gov *.googleapis.com google-analytics.com *.google-analytics.com gov *.gov; frame-src 'self' convergeoperations.com *.convergeoperations.com youtube.com *.youtube.com gov *.gov; frame-ancestors 'self' convergeoperations.com *.convergeoperations.com tsp.gov *.tsp.gov youtube.com *.youtube.com; 1
default-src 'report-sample' 'none' ; img-src 'report-sample' 'self' data: https://prod-horizon.static.securetheorem.com https://caprica-static.securetheorem.com https://prod-caprica.firebaseapp.com https://educate.securetheorem.com https://disco-order-721.firebaseapp.com https://files-static.datatheorem.com/portal/ https://storage.googleapis.com/spa-screenshots/ https://storage.googleapis.com/spa-library-resources/ https://storage.googleapis.com/disco-order-721-app-store-privacy-screenshot/ https://lh3.googleusercontent.com https://lh3.ggpht.com https://lh4.ggpht.com https://lh5.ggpht.com https://lh6.ggpht.com https://play-lh.googleusercontent.com https://is1-ssl.mzstatic.com https://is2-ssl.mzstatic.com https://is3-ssl.mzstatic.com https://is4-ssl.mzstatic.com https://is5-ssl.mzstatic.com https://logo.clearbit.com https://d1nxzqpcg2bym0.cloudfront.net/itunes_connect/ https://d1nxzqpcg2bym0.cloudfront.net/google_play/ https://www.google-analytics.com https://www.googletagmanager.com ; media-src https://educate.securetheorem.com https://files-static.datatheorem.com/portal/ ; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net ; script-src 'report-sample' 'self' https://datatheorem.sentry.io https://www.google-analytics.com https://www.googletagmanager.com ; connect-src 'report-sample' 'self' blob: https://api.securetheorem.com https://storage.googleapis.com https://prod-dopinder-v2.securetheorem.com/ https://appupload.securetheorem.com *.sentry.io https://www.google-analytics.com https://www.googleapis.com ; frame-src 'report-sample' 'self' blob: https://educate.securetheorem.com https://www.youtube-nocookie.com https://zoom.us https://www.securetheorem.com ; font-src 'report-sample' 'self' data: https://fonts.gstatic.com https://use.typekit.net https://p.typekit.net ; object-src 'report-sample' 'none' ; frame-ancestors 'self' ; report-uri https://o1421491.ingest.us.sentry.io/api/6767243/security/?sentry_key=e958eee4d16443b4a6674cda8c008ca7 1
default-src data: https:; script-src data: 'unsafe-inline' 'unsafe-eval' https:; style-src data: 'unsafe-inline' https:; child-src data: https: tel: http://help.xsolla.com http://www.xsolla.com; frame-src data: https: tel: http://help.xsolla.com http://www.xsolla.com; worker-src https://*.viveport.com blob:; upgrade-insecure-requests; 1
frame-ancestors kennisbank.efteling.nl portal.polly.help app.polly.help; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://static.cloud.coveo.com https://translate.google.com https://translate.googleapis.com https://www.google-analytics.com https://fonts.googleapis.com https://www.gstatic.com translate-pa.googleapis.com https://e.prezicdn.net https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com public.tableau.com https://platform.twitter.com; style-src 'self' 'unsafe-inline' https://static.cloud.coveo.com https://translate.google.com https://translate.googleapis.com https://www.google-analytics.com https://fonts.googleapis.com https://www.gstatic.com https://e.prezicdn.net https://maps.googleapis.com; img-src 'self' data: https://static.cloud.coveo.com https://translate.google.com https://translate.googleapis.com https://www.google-analytics.com https://fonts.googleapis.com https://www.gstatic.com https://e.prezicdn.net https://maps.googleapis.com https://maps.gstatic.com https://*.twitter.com; font-src 'self' https://static.cloud.coveo.com https://translate.google.com https://translate.googleapis.com https://www.google-analytics.com https://fonts.googleapis.com https://www.gstatic.com https://fonts.gstatic.com https://e.prezicdn.net https://maps.googleapis.com; connect-src 'self' https://static.cloud.coveo.com https://translate.google.com https://translate.googleapis.com https://www.google-analytics.com https://fonts.googleapis.com https://www.gstatic.com translate-pa.googleapis.com https://e.prezicdn.net https://maps.googleapis.com https://publications.saskatchewan.ca; frame-src 'self' https://revsharesaskatchewan.ca https://public.tableau.com https://www.youtube.com https://immigration.saskatchewan.ca https://e.prezicdn.net https://prezi-nocookies.com https://maps.googleapis.com https://www.google.com https://fmt-public.selkirksystems.com https://www.facebook.com https://*.twitter.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'none'; upgrade-insecure-requests; object-src 'self'; frame-src vimeo.com *.vimeo.com view.ceros.com form.typeform.com athabascau.kudoboard.com www.youtube-nocookie.com *.issuu.com *.statuspage.io *.hotjar.com *.osano.com *.brightcove.net livestream.com *.livestream.com *.doubleclick.net *.snapchat.com *.hsforms.com *.intelliresponse.com *.g.doubleclick.net *.adsrvr.org *.githubassets.com www-preview.athabascau.ca *.libanswers.com *.fls.doubleclick.net *.cloudfront.net airtable.com *.airtable.com *.athabascau.ca *.canadahelps.org *.youtube.com *.youtu.be *.google.com; media-src 'self' *.canadahelps.org *.athabascau.ca *.youtube.com *.youtu.be *.vimeo.com; manifest-src 'self'; connect-src 'self' wss: api.acquiretm.com www.redditstatic.com conversions-config.reddit.com pixel-config.reddit.com api.typeform.com *.hotjar.com *.api.osano.com *.hubspot.com *.osano.com *.google.com *.googlesyndication.com wurfl.io *.snapchat.com *.oribi.io googleads.g.doubleclick.net analytics.google.com *.tiktok.com *.hotjar.io *.livestream.com *.on.aws *.dev.athabascau.cloud *.sitesearch360.com *.linkedin.com *.amazonaws.com livestream.com *.hsforms.com *.crazyegg.com *.wootric.com *.herokuapp.com *.facebook.com *.libanswers.com *.hubapi.com *.yimg.com *.cloudfront.net *.247-inc.net *.s3.amazonaws.com *.athabascau.ca *.google-analytics.com stats.g.doubleclick.net; worker-src 'self' *.osano.com *.athabascau.ca osano.js blob:; img-src *.adsymptotic.com *.linkedin.com *.cloud *.googlesyndication.com *.reddit.com *.sitesearch360.com *.snapchat.com *.gstatic.com *.hotjar.com *.bing.com *.hsforms.com *.doubleclick.net *.ads.linkedin.com *.analytics.yahoo.com t.co *.twitter.com *.hubspot.com www-preview.athabascau.ca *.facebook.com *.siteimproveanalytics.io *.google.com *.google.ca *.google-analytics.com 'self' *.athabascau.ca *.library.athabascau.ca www.googletagmanager.com data: *.wp.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.github.com *.googlesyndication.com *.redditstatic.com *.google.ca *.osano.com *.bing.com *.snapchat.com *.adsymptotic.com static.hotjar.com *.hotjar.com sc-static.net *.tiktok.com *.sitesearch360.com unpkg.com livestream.com *.livestream.com *.tribalfusion.com *.githubassets.com *.acuityplatform.com *.wootric.com *.googleadservices.com *.ipify.org *.twitter.com t.co *.licdn.com googleads.g.doubleclick.net *.libanswers.com blob: http: https: *.hs-banner.com *.hsadspixel.net *.hs-analytics.net *.analytics.yahoo.com *.hs-scripts.com *.facebook.net siteimproveanalytics.com *.ads-twitter.com *.fls.doubleclick.net *.adsrvr.org *.yimg.com *.cloudfront.net *.eyereturn.com *.hscta.net *.athabascau.ca *.cloudfront.net *.hsforms.com *.hsforms.net *.canadahelps.org athabascau.acquiretm.com *.crazyegg.com *.youtube.com browser-update.org *.google-analytics.com *.googleapis.com code.jquery.com *.cloudflare.com wurfl.io *.googletagmanager.com *.athabascau.ca *.list-manage.com *.google.com *.gstatic.com; style-src blob: http: https: 'self' 'unsafe-inline' *.githubassets.com *.osano.com *.cloudflare.com *.googleapis.com *.google.com *.googleoptimize.com *.athabascau.ca; font-src 'self' *.athabascau.ca *.hotjar.com *.cloudflare.com *.gstatic.com; form-action 'self' *.search.serialssolutions.com *.snapchat.com *.hsforms.com *.athabascau.ca; base-uri 'self'; frame-ancestors 'self' *.athabascau.ca vimeo.com *.vimeo.com; 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com pinterest-yamagata.s3.amazonaws.com pinterest-yamagata.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.sofort.com *.tink.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.youtube-nocookie.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-1ab58864c25f4e235980acc64c4856c4' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=1675522817709238; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=1675522817709238 1
default-src https: data: wss: 'unsafe-eval' 'unsafe-inline' 1
object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://go2.grafana.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://x.clearbitjs.com https://app.clearbit.com https://munchkin.marketo.net https://connect.facebook.net https://snap.licdn.com https://www.google-analytics.com/ https://px.ads.linkedin.com https://www.linkedin.com https://fresnel.vimeocdn.com https://f.vimeocdn.com https://vimeo.com https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://api.twitter.com https://twitter.com https://static.hotjar.com https://in.hotjar.com https://script.hotjar.com https://www.googletagmanager.com/gtag/ *.googleadservices.com https://googleads.g.doubleclick.net/pagead/ https://static.doubleclick.net https://www.youtube.com https://www.eventbrite.com http://rsdk.grafana.com http://rsdk2.grafana.com https://heypal.chat https://www.heypal.chat https://pal-api-production.up.railway.app https://faro-collector-prod-us-central-0.grafana.net https://*.fullstory.com https://rsi.grafana.com https://cdn.mouseflow.com https://widget.intercom.io https://js.intercomcdn.com https://*.qualtrics.com https://js.zi-scripts.com https://tags.clickagy.com 1
frame-src https://*.pilotflyingj.com https://pilotflyingj.com https://www.pilotflyingj.com https://demo.docusign.net https://docusign.net https://powerforms-d.docusign.net https://na2.docusign.net https://powerforms.docusign.net https://youtube.com https://www.youtube.com https://*.doubleclick.net https://*.surveymonkey.com https://player.vimeo.com; frame-ancestors 'self' https://pilotcompany.com https://jobs.pilotflyingj.com https://saratogarack.com https://one9fuelnetwork.com https://www.pilotflyingj.com https://pilotflyingj.com https://na2.docusign.net https://powerforms.docusign.net 1
default-src 'self' *.oeamtc.at ; child-src 'self' *.oeamtc.at blob: ; connect-src 'self' *.oeamtc.at *.tiles.mapbox.com *.usercentrics.eu api.mapbox.com events.mapbox.com ssl.p.jwpcdn.com streamer.a1.net www.googletagmanager.com webstream.a1.net ; font-src 'self' *.oeamtc.at data: fonts.gstatic.com ; frame-src 'self' *.doubleclick.net *.oeamtc.at oeamtc.podigee.io recaptcha.google.com/recaptcha/ www.google.com/recaptcha/ www.riddle.com www.youtube.com youtube.com player.podigee-cdn.net ; img-src 'self' *.oeamtc.at *.usercentrics.eu blob: data: www.googletagmanager.com webstream.a1.net ; media-src 'self' *.oeamtc.at blob: streamer.a1.net ; object-src 'self' *.oeamtc.at *.usercentrics.eu ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.oeamtc.at *.usercentrics.eu ssl.p.jwpcdn.com www.google.com/recaptcha/ www.googletagmanager.com www.gstatic.com/recaptcha/ ; script-src-elem 'self' 'unsafe-inline' *.oeamtc.at imagesrv.adition.com *.usercentrics.eu ssl.p.jwpcdn.com www.google.com/recaptcha/ www.googletagmanager.com www.gstatic.com/recaptcha/ vbzcrz.oeamtc.at ; style-src 'self' 'unsafe-inline' *.oeamtc.at ; worker-src 'self' *.oeamtc.at blob: ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.adobe.com https://*.franke.com https://*.scene7.com https://*.franke.coffee https://*.pardot.com https://*.googleadservices.com https://*.facebook.net https://*.licdn.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.adobedtm.com https://*.go-mpulse.net https://*.cookiebot.com https://www.googletagmanager.com https://*.clarity.ms https://*.yimg.jp https://*.pinimg.com https://*.doubleclick.net https://*.googlesyndication.com https://*.pinterest.com; style-src 'self' 'unsafe-inline' https://*.franke.com https://*.scene7.com https://*.googleapis.com; connect-src 'self' https://*.adobe.io https://*.franke.com https://*.scene7.com https://*.oribi.io https://*.akamaihd.net https://*.akstat.io https://*.franke.com https://*.azurewebsites.net https://*.googleapis.com https://*.go-mpulse.net https://*.demdex.net https://*.omtrdc.net https://*.clarity.ms https://*.google.com https://*.doubleclick.net https://*.googlesyndication.com https://*.pinterest.com https://*.cookiebot.com https://*.linkedin.com https://*.adobedc.net; frame-src 'self' https://*.adobe.com https://*.facebook.com https://*.google.com https://*.demdex.net https://www.youtube.com https://player.vimeo.com https://player.youku.com https://*.cookiebot.com https://*.doubleclick.net https://*.pinterest.com; img-src 'self' * data://* data: blob:; font-src 'self' https://*.gstatic.com data://*; media-src 'self' https://*.franke.com; 1
frame-ancestors 'unsafe-inline' 'self' 1
frame-ancestors 'self' mutinyHq_1.0 https://app.mutinyhq.com;; upgrade-insecure-requests 1
default-src 'self'; connect-src 'self' https://*.yandex.ru/ https://*.yandex.az https://*.yandex.by https://*.yandex.co.il https://*.yandex.com https://*.yandex.com.am https://*.yandex.com.ge https://*.yandex.com.tr https://*.yandex.ee https://*.yandex.fr https://*.yandex.kg https://*.yandex.kz https://*.yandex.lt https://*.yandex.lv https://*.yandex.md https://*.yandex.tj https://*.yandex.tm https://*.yandex.ua https://*.yandex.uz https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://o424403.ingest.sentry.io/ https://suggestions.dadata.ru/ https://app.comagic.ru/ https://tracker.comagic.ru/ https://server.comagic.ru/; img-src * 'unsafe-inline' https://*.yandex.ru/ https://*.yandex.az https://*.yandex.by https://*.yandex.co.il https://*.yandex.com https://*.yandex.com.am https://*.yandex.com.ge https://*.yandex.com.tr https://*.yandex.ee https://*.yandex.fr https://*.yandex.kg https://*.yandex.kz https://*.yandex.lt https://*.yandex.lv https://*.yandex.md https://*.yandex.tj https://*.yandex.tm https://*.yandex.ua https://*.yandex.uz https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com data: https://*.maps.yandex.net; object-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://*.yandex.ru/ https://*.yandex.az https://*.yandex.by https://*.yandex.co.il https://*.yandex.com https://*.yandex.com.am https://*.yandex.com.ge https://*.yandex.com.tr https://*.yandex.ee https://*.yandex.fr https://*.yandex.kg https://*.yandex.kz https://*.yandex.lt https://*.yandex.lv https://*.yandex.md https://*.yandex.tj https://*.yandex.tm https://*.yandex.ua https://*.yandex.uz https://yastatic.net 'unsafe-inline' https://*.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://smartcaptcha.yandexcloud.net https://*.google.com/recaptcha/api.js https://*.gstatic.com/recaptcha/ 'unsafe-inline' https://*.maps.yandex.net https://app.comagic.ru/ 'unsafe-eval'; frame-ancestors 'self'; frame-src 'self' blob: https://*.yandex.ru/ https://*.yandex.az https://*.yandex.by https://*.yandex.co.il https://*.yandex.com https://*.yandex.com.am https://*.yandex.com.ge https://*.yandex.com.tr https://*.yandex.ee https://*.yandex.fr https://*.yandex.kg https://*.yandex.kz https://*.yandex.lt https://*.yandex.lv https://*.yandex.md https://*.yandex.tj https://*.yandex.tm https://*.yandex.ua https://*.yandex.uz https://smartcaptcha.yandexcloud.net https://*.google.com/; child-src blob: https://*.yandex.ru/ https://*.yandex.az https://*.yandex.by https://*.yandex.co.il https://*.yandex.com https://*.yandex.com.am https://*.yandex.com.ge https://*.yandex.com.tr https://*.yandex.ee https://*.yandex.fr https://*.yandex.kg https://*.yandex.kz https://*.yandex.lt https://*.yandex.lv https://*.yandex.md https://*.yandex.tj https://*.yandex.tm https://*.yandex.ua https://*.yandex.uz; prefetch-src 'self' https://smartcaptcha.yandexcloud.net; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://caast.tv https://*.caast.tv; connect-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://caast.tv https://*.caast.tv wss://*.caast.tv https://*.mux.com; img-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://*.caast.tv; frame-src * data: blob: https://caast.tv https://*.caast.tv; style-src * data: blob: 'unsafe-inline' 'unsafe-eval';media-src * data: blob: 'unsafe-inline' 'unsafe-eval'; child-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://caast.tv https://*.caast.tv; font-src  * data: blob: 'unsafe-inline' 'unsafe-eval'; worker-src * data: blob: 'unsafe-inline' 'unsafe-eval' ; 1
frame-ancestors 'self' lk21official.skin https://*.lk21official.live https://*.lk21official.bio https://*.lk21official.lol https://*.nontondrama.lol https://*.lk21official.co https://*.nontondrama.click https://*.lk21official.plus https://*.lk21official.shop https://*.lk21official.pro https://*.btsremade.org https://*.love-local.com https://*.lk21official.wiki https://*.era316dev.com https://lk21official.baby https://lk21official.homes https://mamamas.xyz https://lk21official.co https://www.layarkaca21.icu https://lk21official.vip https://*.layarkaca21.autos https://*.lk21official.blog https://*.lk21official.life https://*.lk21official.icu https://*.lk21official.world https://*.lk21official.co.uk https://*.lk21official.mom 1
frame-ancestors 'self' https://*.mastercontrol.com; object-src 'none'; base-uri 'self' https://*.mastercontrol.com https://*.clarity.ms; report-uri https://reportcsp.azurewebsites.net/api/CSPViolation 1
frame-ancestors 'self' https://*.jugendherberge.de https://piwik.jugendherberge.de 1
default-src 'self' https://*.forwardemail.net:* https://forwardemail.net https://forwardemail.net:* ; connect-src 'self' data: https://*.forwardemail.net:* https://forwardemail.net https://forwardemail.net:*  https://www.paypal.com https://noembed.com; font-src 'self' data: https://*.forwardemail.net:* https://forwardemail.net https://forwardemail.net:* ; img-src 'self' data: https://*.forwardemail.net:* https://forwardemail.net https://forwardemail.net:*  https://badge.hardenize.com https://tracking.qa.paypal.com https://www.paypalobjects.com https://github.com https://*.github.com https://githubusercontent.com https://*.githubusercontent.com https://shields.io https://*.shields.io https://ytimg.com https://*.ytimg.com; style-src 'self' data: https://*.forwardemail.net:* https://forwardemail.net https://forwardemail.net:*  'unsafe-inline' https://www.paypal.com https://challenges.cloudflare.com; script-src 'self' https://*.forwardemail.net:* https://forwardemail.net https://forwardemail.net:*  'unsafe-inline' https://challenges.cloudflare.com https://www.paypal.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' data: https://*.forwardemail.net:* https://forwardemail.net https://forwardemail.net:*  https://www.youtube.com https://*.youtube-nocookie.com https://challenges.cloudflare.com https://www.paypal.com; report-uri https://forwardemail.net/report; base-uri 'self'; form-action 'self' https://www.anrdoezrs.net https://login.ubuntu.com 1
style-src 'self' 'unsafe-inline' *.gac.edu *.gustavus.edu tennisandlifecamps.org www.gstatic.com *.googleapis.com www.reservecloud.com *.curator.io *.tinymce.com cdnjs.cloudflare.com uicdn.toast.com matchbox.hepdata.com *.technolutions.net; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=TW&lang=zh-Hant-TW&device=desktop&yrid=70n24dtja60ji&partner=; 1
default-src * https; font-src *;img-src * data:; style-src * https: 'unsafe-inline';frame-src *;script-src * https: 'unsafe-inline' 'unsafe-eval';upgrade-insecure-requests 1
default-src 'self';script-src 'self' http: https: 'unsafe-inline' 'unsafe-eval';style-src 'self' http: data: https: 'unsafe-inline';img-src 'self' http: https: data: blob:;media-src 'self' https://static.zdassets.com;connect-src 'self' http: https: wss:;font-src 'self' http: https:;frame-src https:;frame-ancestors none 1
default-src blob: ;child-src blob: 'self' https://d13h4w8gjgv887.cloudfront.net;media-src blob: 'self' https://video.joomcdn.net https://*.amazonaws.com https://d13h4w8gjgv887.cloudfront.net;form-action https:;frame-src 'self' https: ;frame-ancestors 'none';manifest-src 'self';base-uri 'none';font-src data: https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://d13h4w8gjgv887.cloudfront.net https://hcaptcha.com https://*.hcaptcha.com https://cdn.crowdin.com https://top-fwz1.mail.ru;connect-src 'self' https://api.joom.com https://api-secure.joom.one https://api.joompay.tech https://http-babylone-client-faq-api.joom.it https://*.google-analytics.com https://*.analytics.google.com https://*.googleapis.com https://google-analytics.com https://analytics.google.com https://pagead2.googlesyndication.com https://www.facebook.com https://bnc.lt https://joom.test-app.link https://stats.g.doubleclick.net https://*.joomcdn.net https://*.amazonaws.com https://mc.yandex.ru https://mc.yandex.com https://d13h4w8gjgv887.cloudfront.net https://*.riskified.com https://hcaptcha.com https://*.hcaptcha.com https://*.live-video.net https://joom-web.ey.r.appspot.com https://crowdin.com https://widget.trustpilot.com https://*.creativecdn.com https://*.dwin1.com https://top-fwz1.mail.ru https://www.wepowerconnections.com https://tr.kickbite.io https://service.nalog.ru https://*.clarity.ms https://analytics.tiktok.com https://s.kelkoogroup.net https://www.google.com https://google.com https://pay.google.com https://sentry.joom.it https://www.joom.ru;img-src 'self' data: https: blob:;script-src 'strict-dynamic' 'nonce-MC4zNTAxODU=' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: data: 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://d13h4w8gjgv887.cloudfront.net https://hcaptcha.com https://*.hcaptcha.com https://cdn.crowdin.com https://top-fwz1.mail.ru;report-uri https://sentry.joom.it/api/3/security/?sentry_key=b68f31beac04417da5e79086aa76f8d6&sentry_release=web-client@4.8.5-1721735977&sentry_environment=prod 1
connect-src 'self' *.studs.ltd wss://*.amazonaws.com *.amazonaws.com *.intentiq.com *.nitropay.com *.googleapis.com *.intercomcdn.com *.userway.org *.softswiss.net *.agechecker.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat bing.com *.bing.com apple.com *.apple.com cdn-apple.com *.cdn-apple.com taboola.com *.taboola.com onesignal.com *.onesignal.com intercom.io *.intercom.io blox.land *.blox.land termly.io *.termly.io api.ipify.org cdn.growthbook.io *.bloxflip.com stripe.com *.inteniq.com *.stripe.com *.roblox.com *.robloxlabs.com *.rbx.com *.rbxcdn.com *.roblox.cn *.simulpong.com *.lightstep.com *.ns1p.net *.arkoselabs.com *.kaptcha.com *.google.com *.google-analytics.com *.doubleclick.net *.sentry.io wss://*.intercom.io *.tiktok.com tiktok.com *.mixpanel.com wss://*.hotjar.io *.hotjar.io wss://*.bloxflip.com wss://realtime.roblox.com wss://realtime.sitetest1.robloxlabs.com wss://realtime.sitetest2.robloxlabs.com wss://realtime.sitetest3.robloxlabs.com wss://realtime-signalr.roblox.com *.braintree-api.com hcaptcha.com googletagmanager.com videodelivery.net *.cloudflarestream.com *.hcaptcha.com *.braintreegateway.com d1q2u37vreaobr.cloudfront.net funcaptcha.com; report-uri https://6513195608615f75764fb31f.endpoint.csper.io?v=0; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://cardano.org https://new-cardano-org-staging.netlify.app https://www.googletagmanager.com https://js.hsforms.net https://forms.hsforms.com https://www.google.com https://www.gstatic.com; img-src 'self' https://cardano.org https://new-cardano-org-staging.netlify.app https://forms.hsforms.com https://forms-eu1.hsforms.com data: https://*.ytimg.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube.com https://www.google.com https://*.hsforms.com; media-src 'self' https://www.youtube.com; connect-src 'self' https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.com https://*.google-analytics.com 1
frame-ancestors 'self' https://*.swansea.ac.uk https://*.swan.ac.uk https://app.myday.cloud myday://app.myday.cloud https://swanseauni.myday.cloud https://swansea-uk.libwizard.com; 1
default-src 'self'; connect-src 'self' https://*.ada.support https://*.analytics.google.com https://*.clarity.ms https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.io https://*.linkedin.co https://*.linkedin.com https://*.mypurecloud.com wss://*.mypurecloud.com https://ads-api.twitter.com https://cdn.linkedin.oribi.io https://connect.facebook.net https://gtm-mr26nnc-ztexm.uc.r.appspot.com https://maps.googleapis.com https://static.ads-twitter.com https://webto.salesforce.com https://www.facebook.com https://*.curator.io/ https://*.eskimi.com; script-src 'unsafe-eval' https://*.googletagmanager.com https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com 'nonce-6388711d-9940-4ed7-9ab4cdce51d09847'; script-src-elem 'self' https://*.ada.support https://*.ads-twitter.com https://*.clarity.ms https://*.google-analytics.com https://*.licdn.com https://*.tarteaucitron.io https://connect.facebook.net https://maps.googleapis.com https://static.ads-twitter.com https://tarteaucitron.io https://www.googleadservices.com 'strict-dynamic' 'nonce-6388711d-9940-4ed7-9ab4cdce51d09847'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mypurecloud.com https://*.tarteaucitron.io https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://cdn.curator.io; object-src 'none'; img-src 'self' data: https://*.bing.com https://*.clarity.ms https://*.facebook.com https://*.linkedin.com https://*.mypurecloud.com https://analytics.twitter.com https://t.co https://tarteaucitron.io https://curator-assets.b-cdn.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://*.g.doubleclick.net https://*.googleapis.com https://maps.gstatic.com https://www.gstatic.com https://ssl.gstatic.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat; font-src 'self' https://fonts.gstatic.com data:;; base-uri 'none'; media-src 'self'; frame-src 'self' https://*.ada.support https://*.digicelgroup.com https://*.doubleclick.net https://*.mypurecloud.com https://bid.g.doubleclick.net https://digicel.bigidprivacy.cloud https://service.digiceltt.com https://www.facebook.com; form-action https://www.facebook.com; frame-ancestors 'none' 1
frame-ancestors 'self' cms.dxp.tedbaker.com youtube.com www.youtube.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://static-maps.yandex.ru https://assetsgarantibbva.com *.amazon-adsystem.com *.amazon-adsystem.com paa-reporting-advertising.amazon *.paa-reporting-advertising.amazon *.hangikredi.com *.tiktok.com *.garantibbvayatirim.com.tr *.garantiyatirim.com.tr *.garantibbva.com.tr *.garanti.com.tr *.garantibbvaemeklilik.com.tr *.garantiemeklilik.com.tr *.gteknoloji.com.tr *.gteknolojidmz.com.tr *.garantibank.ro *.garantiemeklisandigi.org.tr *.api.useinsider.com https://*.useinsider.com wss://*.matriksdata.com *.matriksdata.com *.dataroid.com *.google.com *.google.com.tr *.doubleclick.net https://googleads.g.doubleclick.net *.efilli.com *.fw.garanti.com.tr *.googletagmanager.com *.fw.garantibbva.com.tr ajax.googleapis.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.signfordeaf.com;media-src 'self' data: *.signfordeaf.com http://*.signfordeaf.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' *.api.useinsider.com https://*.useinsider.com;connect-src 'self' data: *.garantibbvayatirim.com.tr *.paa-reporting-advertising.amazon *.kaspersky-labs.com *.amazon-adsystem.com *.garantiyatirim.com.tr *.garantibbva.com.tr *.garanti.com.tr *.garantibbvaemeklilik.com.tr *.garantiemeklilik.com.tr *.gteknoloji.com.tr *.gteknolojidmz.com.tr *.garantibank.ro *.garantiemeklisandigi.org.tr *.assetsgarantibbva.com *.api.useinsider.com https://*.useinsider.com wss://*.matriksdata.com *.matriksdata.com *.dataroid.com *.efilli.com *.fw.garanti.com.tr *.googletagmanager.com *.fw.garantibbva.com.tr *.highcharts.com *.tiktok.com ajax.googleapis.com fonts.googleapis.com *.google-analytics.com *.google.com *.google.com.tr *.doubleclick.net https://googleads.g.doubleclick.net *.signfordeaf.com;worker-src 'self' *.kaspersky-labs.com *.assetsgarantibbva.com *.garantibbva.com.tr; script-src-elem 'self' 'unsafe-inline' *.amazon-adsystem.com *.tiktok.com *.hangikredi.com *.googleapis.com *.facebook *.kaspersky-labs.com *.googletagmanager.com *.dataroid.com *.efilli.com *.useinsider.com *.assetsgarantibbva.com *.garantibbva.com.tr; frame-src 'self' https://video.garanti.com.tr *.amazon-adsystem.com *.api.useinsider.com *.kaspersky-labs.com *.doubleclick.net *.efilli.com *.assetsgarantibbva.com *.garantibbva.com.tr; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.efilli.com *.api.useinsider.com *.doubleclick.net https://static-maps.yandex.ru *.assetsgaranti.com *.assetsgarantibbva.com  https://assetsgarantibbva.com *.highcharts.com *.garantibbvayatirim.com.tr *.kaspersky-labs.com *.garantiyatirim.com.tr *.garantibbva.com.tr *.garanti.com.tr *.garantibbvaemeklilik.com.tr *.garantiemeklilik.com.tr *.gteknoloji.com.tr *.gteknolojidmz.com.tr *.garantibank.ro *.garantiemeklisandigi.org.tr *.api.useinsider.com https://*.useinsider.com wss://*.matriksdata.com *.matriksdata.com *.dataroid.com *.google.com *.google.com.tr *.doubleclick.net https://googleads.g.doubleclick.net *.efilli.com *.fw.garanti.com.tr *.googletagmanager.com *.fw.garantibbva.com.tr ajax.googleapis.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.signfordeaf.com;style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.dataroid.com *.kaspersky-labs.com *.googletagmanager.com *.efilli.com *.useinsider.com *.api.useinsider.com fonts.googleapis.com ajax.googleapis.com *.assetsgarantibbva.com *.garantibbva.com.tr;font-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.useinsider.com *.assetsgarantibbva.com *.garantibbva.com.tr *.api.useinsider.com fonts.go/ogleapis.com ajax.googleapis.com fonts.gstatic.com; 1
default-src 'self' blob: ;style-src 'self' 'unsafe-inline' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.split.io *.google-analytics.com *.googletagmanager.com instant.page *.googleadservices.com *.ranksci.com *.lr-ingest.io *.facebook.net *.yimg.com *.bing.com *.g.doubleclick.net *.yahoo.com *.paypal.com *.paypalobjects.com *.brcdn.com *.bamboohr.com *.powerreviews.com *.braintreegateway.com *.zdassets.com *.zopim.com *.iesnare.com *.msn.com *.twitter.com *.letslinc.com *.gstatic.com *.crisp.chat *.ampproject.org *.pay.google.com *.segment.com *.vercel.app *.youtube.com *.maker.co *.vercel-insights.com *.lr-in.com *.lr-in-prod.com *.ingest-lr.com *.zinrelo.com *.clrt.ai vercel.live *.here.com *.js.api.here.com *.hereapi.com blob: ;worker-src 'self' blob: ;img-src 'self' data: *.speedwaymotors.com *.speedway2.com p.brsrvr.com *.powerreviews.com i.ytimg.com static.pxlecdn.com dy5vgx5yyjho5.cloudfront.net *.crisp.chat *.google.com *.google-analytics.com *.googletagmanager.com *.facebook.com *.bing.com *.cloudinary.com *.vercel.com smi-static-content.s3-us-west-2.amazonaws.com smi-static-content.s3.us-west-2.amazonaws.com *.yahoo.com *.bamboohr.com *.paypal.com *.paypalobjects.com *.gstatic.com *.here.com *.js.api.here.com *.hereapi.com ;font-src 'self' 'unsafe-inline' data: * ;frame-ancestors 'self' *.speedwaymotors.com ;form-action 'self' *.speedwaymotors.com *.powerreviews.com *.facebook.com *.google.com *.here.com *.js.api.here.com *.hereapi.com ;frame-src 'self' td.doubleclick.net *.youtube.com *.maker.co vercel.live *.facebook.com *.letslinc.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.google.com *.amazonaws.com *.tiktok.com ;connect-src 'self' *.google.com *.split.io *.google-analytics.com *.googletagmanager.com instant.page *.googleadservices.com *.ranksci.com *.lr-ingest.io *.facebook.net *.yimg.com *.bing.com *.g.doubleclick.net *.yahoo.com *.paypal.com *.paypalobjects.com *.brcdn.com *.bamboohr.com *.powerreviews.com *.braintreegateway.com *.zdassets.com *.zopim.com *.iesnare.com *.msn.com *.twitter.com *.letslinc.com *.gstatic.com *.crisp.chat *.ampproject.org *.pay.google.com *.segment.com *.vercel.app *.youtube.com *.maker.co *.vercel-insights.com *.lr-in.com *.lr-in-prod.com *.ingest-lr.com *.zinrelo.com *.clrt.ai vercel.live *.here.com *.js.api.here.com *.hereapi.com blob: *.speedwaymotors.com *.speedway2.com p.brsrvr.com *.powerreviews.com i.ytimg.com static.pxlecdn.com dy5vgx5yyjho5.cloudfront.net *.crisp.chat *.google.com *.google-analytics.com *.googletagmanager.com *.facebook.com *.bing.com *.cloudinary.com *.vercel.com smi-static-content.s3-us-west-2.amazonaws.com smi-static-content.s3.us-west-2.amazonaws.com *.yahoo.com *.bamboohr.com *.paypal.com *.paypalobjects.com *.gstatic.com *.here.com *.js.api.here.com *.hereapi.com *.googlesyndication.com noembed.com wss://client.relay.crisp.chat *.google.com api.askmiso.com api.ipstack.com api.segment.io *.letslinc.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.braintree-api.com google.com *.smartystreets.com ; 1
base-uri 'self';connect-src 'self' *.nr-data.net https://sponge.creditkarma.co.uk https://www.google-analytics.com https://region1.analytics.google.com https://creditkarmacdn-a.akamaihd.net https://stats.g.doubleclick.net https://api2.branch.io https://accounts.creditkarma.co.uk;default-src *.creditkarma.co.uk https://creditkarmacdn-a.akamaihd.net;font-src https://creditkarmacdn-a.akamaihd.net;img-src 'self' 'unsafe-inline' https://creditkarmacdn-a.akamaihd.net https://intlck.imgix.net https://kpluk.imgix.net https://ck-content.imgix.net https://ckpoc.imgix.net https://ck-uk-offers.imgix.net https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.uk https://assets.thisisbud.com https://res.cloudinary.com;script-src 'strict-dynamic' *.creditkarma.co.uk *.creditkarma.com https://creditkarmacdn-a.akamaihd.net https://api-ckuk.nd.nudatasecurity.com https://sierra.kilo.ckapis.co.uk https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com 'nonce-e73c3ab2dfcbb7f2924772c3c907316e';style-src 'self' 'unsafe-inline' https://creditkarmacdn-a.akamaihd.net;worker-src 'self';report-uri https://sponge.creditkarma.co.uk/csp-report 1
default-src *.pendo.saashr.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' * *.pendo.saashr.com app.eu.pendo.io pendo-eu-static.storage.googleapis.com pendo-eu-static-d276745b-378e-428a-493e-755dc699451d.storage.googleapis.com; style-src fonts.googleapis.com 'self' 'unsafe-inline' *.googleapis.com *.twitter.com *.instagram.com *.facebook.net *.twimg.com *.pendo.saashr.com app.eu.pendo.io pendo-eu-static.storage.googleapis.com pendo-eu-static-d276745b-378e-428a-493e-755dc699451d.storage.googleapis.com; img-src * data: blob: *.pendo.saashr.com app.eu.pendo.io pendo-eu-static-d276745b-378e-428a-493e-755dc699451d.storage.googleapis.com; frame-ancestors file: cdvfile: 'self'; frame-src 'self' *.google.com app.eu.pendo.io; font-src 'self' fonts.gstatic.com; connect-src 'self' *.pendo.saashr.com app.eu.pendo.io pendo-eu-static-d276745b-378e-428a-493e-755dc699451d.storage.googleapis.com 1
default-src 'self' https://trillian.cachefly.net https://static.olark.com https://forms.hubspot.com; script-src 'self' https://trillian.cachefly.net https://*.olark.com https://www.google-analytics.com https://ct.capterra.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsleadflows.net https://js.hs-banner.com; style-src 'self' https://trillian.cachefly.net https://static.olark.com 'unsafe-inline'; object-src 'none'; base-uri 'none'; connect-src 'self' https:; media-src 'self' https:; img-src 'self' http: https: data:; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com http://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/ https://p.typekit.net https://use.typekit.net https://loves-stage.quiq-api.com https://static.quiq-cdn.com https://resources.digital-cloud-west.medallia.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://316202.tctm.co/p.js https://316202.tctm.co/t.js http://assets.adobedtm.com https://assets.flex.twilio.com https://cdn.appdynamics.com https://cdnjs.cloudflare.com https://connect.facebook.net https://dni.trumeasure.com https://i.simpli.fi https://img03.en25.com/ https://insight.adsrvr.org/track/up https://js.adsrvr.org/up_loader.1.1.0.js https://loves.quiq-api.com https://loves-cep-socket-ssl.herokuapp.com http://*.google.com https://www.google-analytics.com https://loves-stage.quiq-api.com https://sentry.goquiq.com https://www.googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://static.quiq-cdn.com https://tag.simpli.fi https://use.typekit.net https://316202.cctm.xyz/t.js consent.api.osano.com tattle.api.osano.com cmp.osano.com disclosure.api.osano.com https://googleads.g.doubleclick.net https://resources.digital-cloud-west.medallia.com/ https://secure.informationcreativeinnovative.com; img-src 'self' data: https: http://authoringstg.loves.com https://*.googleapis.com https://*.gstatic.com; frame-src 'self' https://*.google.com https://insight.adsrvr.org/ https://loves-stage.quiq-api.com https://sentry.goquiq.com https://loves.quiq-api.com https://static.quiq-cdn.com/ https://www.act-news.com/ https://www.youtube.com https://resources.digital-cloud-west.medallia.com/; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net; connect-src 'self' https://col.eum-appdynamics.com/eumcollector/beacons/browser/v2/AD-AAB-AAP-AVU/adrum https://col.eum-appdynamics.com https://loves-stage.quiq-api.com https://sentry.goquiq.com https://loves.quiq-api.com https://loves-cep-socket-ssl.herokuapp.com wss://loves-cep-socket-ssl.herokuapp.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.googleapis.com https://*.google.com https://*.gstatic.com consent.api.osano.com tattle.api.osano.com cmp.osano.com disclosure.api.osano.com https://resources.digital-cloud-west.medallia.com/ https://secure.informationcreativeinnovative.com; frame-ancestors 'self'; 1
connect-src 'self' https://www.paypal.com https://fastmail.innocraft.cloud https://o73885.ingest.sentry.io/api/; default-src 'none'; img-src 'self' data: https://fastmail.innocraft.cloud https://*.twimg.com https://*.twitter.com https://www.gravatar.com https://icgroup.helpspot.com https://www.paypalobjects.com http://www.pobox.com https://*.gstatic.com https://www.fastmail.com https://*.zdusercontent.com https://fastmail.zendesk.com https://pobox.zendesk.com; font-src 'self' data: http://fonts.gstatic.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.twitter.com https://*.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com https://connect.facebook.net https://fastmail.innocraft.cloud https://listbox.com https://run-static.pingdom.net https://*.gstatic.com https://*.facebook.com https://talon-ehawk.netdna-ssl.com https://www.e-hawk.net https://www.ehawk.net https://www.paypalobjects.com https://www.paypal.com https://icgroup.helpspot.com; object-src 'none'; frame-src 'self' data: https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.google.com; frame-ancestors 'self' 1
default-src 'self' https://www.norc.org https://norc.org *.osano.com https://norc-mkt-prod1-m.adobe-campaign.com https://cdn.jsdelivr.net https://player.vimeo.com https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://s7d1.scene7.com https://norc.tt.omtrdc.net https://assets.adobedtm.com https://dpm.demdex.net https://norc.demdex.net https://norc-mkt-stage1-m.adobe-campaign.com *.algolia.net *.algolianet.com https://cdn.plyr.io; img-src 'self' https://www.norc.org https://norc.org https://publish-p48206-e244563.adobeaemcloud.com https://norc.sc.omtrdc.net https://cdn.plyr.io http://s7d1.scene7.com https://s7d1.scene7.com https://assets.adobedtm.com https://i.ytimg.com; script-src 'self' 'unsafe-eval' 'nonce-2726c7f26c' 'sha256-QCX2WrJAVBq3gCFlmChFAsBql01DvEVZnvaj3mPNl6Y=' https://www.norc.org https://norc.org *.osano.com https://connect.facebook.net/en_US/sdk.js https://norc-mkt-prod1-m.adobe-campaign.com https://cdn.jsdelivr.net https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://assets.adobedtm.com *.algolia.net *.algolianet.com; style-src 'self' 'unsafe-inline' https://www.norc.org https://norc.org https://norc-mkt-prod1-m.adobe-campaign.com https://fonts.googleapis.com https://fonts.gstatic.com https://assets.adobedtm.com;child-src 'self' *.osano.com blob:;frame-src 'self' https://static.contextall.com *.osano.com *.youtube.com *.youtube-nocookie.com https://norc-mkt-prod1-m.adobe-campaign.com https://norc-mkt-stage1-m.adobe-campaign.com; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; object-src 'none'; report-uri /api/csp/report; connect-src 'self' https: wss://*.hotjar.com wss://*.hotjar.io 1
frame-src 'self' www.google.com/recaptcha/api2/ vars.hotjar.com *.hotjar.io api.razorpay.com/v1/checkout/public intercom-sheets.com www.google.com/maps/embed/v1/place *.doubleclick.net; frame-ancestors https://tracxn.com https://platform.tracxn.com 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' ; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.newsweek.pl::PROD_USP 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://privacyportal.onetrust.com http://www.google-analytics.com https://ssl.google-analytics.com;                script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://privacyportal.onetrust.com http://www.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com;                img-src 'self' data: http://www.google-analytics.com https://www.google-analytics.com https://www.google.co.in https://www.google.com https://stats.g.doubleclick.net https://ssl.google-analytics.com https://cdn.cookielaw.org; 1
connect-src 'self' https://*.fortnox.se https://apps-develop.alfa.fnox.se https://skatteverket.entryscape.net https://*.cision.com https://cdn.legaonline.se https://teamtailor-production.s3.eu-west-1.amazonaws.com https://api.friendlycaptcha.com https://*.freshchat.com https://sitegainer.com https://*.sitegainer.com https://cdn-sitegainer.com https://*.cdn-sitegainer.com https://*.symplify.com https://*.pro.ip-api.com https://connect.facebook.net https://api.addsearch.com https://export.highcharts.com/ https://*.offerta.se/ https://*.sentry.io https://fortnox.piwik.pro https://fortnox.containers.piwik.pro https://fortnox.piwik.pro/consent/collect https://stats.g.doubleclick.net https://www.google-analytics.com https://*.gstatic.com 'unsafe-eval' https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://tagmanager.google.com https://www.googleadservices.com https://bat.bing.com https://snap.licdn.com https://match.adsby.bidtheatre.com https://fonts.googleapis.com https://*.upsales.com https://*.linkedin.oribi.io https://px.ads.linkedin.com https://p.adsymptotic.com https://*.hotjar.com/ http://*.hotjar.com/ https://*.hotjar.io http://*.hotjar.io wss://*.hotjar.com wss://*.sitegainer.com https://www.facebook.com; frame-ancestors https://*.fortnox.se; frame-src https://*.fortnox.se https://www.youtube.com https://player.vimeo.com https://vimeo.com https://fortnox.containers.piwik.pro https://*.freshchat.com https://*.hotjar.com/ https://sitegainer.com https://www.facebook.com/ https://static-fortnox.sendsafely.co.uk/html/dropzone.html https://export.highcharts.com https://td.doubleclick.net ; report-uri /api/cspreport 1
frame-ancestors 'self' http://*.societanaturalistinapoli.it; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.diffords.com *.diffordsguide.com getaddress-cdn.azureedge.net stats.g.doubleclick.net api.getaddress.io *.googleapis.com *.gstatic.com *.google.co.uk connect.facebook.net *.facebook.com *.amazon.com *.typekit.net certify-js.alexametrics.com *.google.com *.youtube.com *.ytimg.com cdnjs.cloudflare.com api-cdn.amazon.com *.myfonts.net *.opayo.eu.elavon.com d31qbv1cthcecs.cloudfront.net *.googletagmanager.com *.google-analytics.com *.slideshare.net *.issuu.com; frame-ancestors 'self'; object-src 'self' *.google.com maps.google.co.uk; img-src 'self' data: * 1
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' http://cdn.segmentify.com:* wss://*.hotjar.com frame-ancestors 'self'; 1
style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' https://top-fwz1.mail.ru https://mc.yandex.ru https://privacy-cs.mail.ru https://api-maps.yandex.ru https://ppdu.ru https://abt.s3.yandex.net https://yastatic.net 'unsafe-inline'; img-src 'self' https://top-fwz1.mail.ru https://api-maps.yandex.ru https://adv.vbr.ru https://tracking.banki.ru https://tracker.myfin.group; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://static.ads-twitter.com https://analytics.twitter.com https://us1.siteimprove.com https://siteimproveanalytics.com/ https://cdn.jsdelivr.net https://snap.licdn.com https://use.typekit.net https://www.instagram.com https://tag.demandbase.com https://cc.cdn.civiccomputing.com https://cdnjs.cloudflare.com https://code.jquery.com https://unpkg.com https://www.tintup.com; script-src-elem 'self' 'unsafe-inline' https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://static.ads-twitter.com https://analytics.twitter.com https://us1.siteimprove.com https://siteimproveanalytics.com/ https://cdn.jsdelivr.net https://snap.licdn.com https://use.typekit.net https://www.instagram.com https://tag.demandbase.com https://cc.cdn.civiccomputing.com https://cdnjs.cloudflare.com https://code.jquery.com https://unpkg.com https://www.tintup.com 1
font-src fonts.gstatic.com use.typekit.net *.cloudmaestro.com cdn.livechatinc.com static.klaviyo.com preprod.sdbullion.com adm.sdbullion.com sdbullion.com *.sdbullion.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.shopperapproved.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com *.sdbullion.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.addthis.com bitpay.com test.bitpay.com cdn.plaid.com *.pandadoc.com gum.criteo.com *.hotjar.com/ secure.livechatinc.com ssl.kaptcha.com static.criteo.net *.tradingview.com *.sdbullion.com platform.twitter.com widget.nfusionsolutions.com www.facebook.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com https://www.shopperapproved.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com aa.agkn.com ad.360yield.com ad.tpmn.co.kr ad.turn.com *.addthis.com ade.clmbtech.com ads.stickyadstv.com ads.yahoo.com bat.bing.com blob: www.bizrate.com cdn.cookielaw.org cdn.livechatinc.com cdn.livechat-files.com cdn.stickyadstv.com *.cloudfront.net *.cloudmaestro.com cm.g.doubleclick.net contextual.media.net *.clarity.ms csm.va.us.criteo.net criteo-partners.tremorhub.com criteo-sync.teads.tv c.bing.com dis.criteo.com eb2.3lift.com exchange.mediavine.com gum.criteo.com idsync.rlcdn.com img.onesignal.com i.liadm.com ib.adnxs.com https://jadserve.postrelease.com match.sharethrough.com matching.ivitrack.com us.creativecdn.com partner.mediawallahscript.com pixel.rubiconproject.com public-prod-dspcookiematching.dmxleo.com r.casalemedia.com rtb-csync.smartadserver.com sdbullion.com 'self' seal.digicert.com secure.adnxs.com shareasale.com www.shareasale.com simage2.pubmatic.com sp.analytics.yahoo.com sync.bidence.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com s.ad.smaato.net tags.bluekai.com tapestry.tapad.com tg.socdm.com trends.revcontent.com ups.analytics.yahoo.com vid.vidoomy.com visitor.omnitagjs.com x.bidswitch.net verify.authorize.net www.facebook.com www.shopperapproved.com ws.rqtrk.eu preprod.sdbullion.com adm.sdbullion.com *.sdbullion.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://www.shopperapproved.com https://direct.shopperapproved.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com s7.addthis.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com acdn.adnxs.com *.addthis.com api.livechatinc.com bat.bing.com bitpay.com cdn.cookielaw.org cdn.livechatinc.com cdn.onesignal.com cdn.plaid.com cdnjs.cloudflare.com *.clarity.ms *.cloudmaestro.com connect.facebook.net d5yoctgpv4cpx.cloudfront.net dwin1.com *.googletagmanager.com *.hotjar.com form.jotform.com *.klaviyo.com onesignal.com seal.digicert.com ssl.kaptcha.com sslwidget.criteo.com static.criteo.net s1.cnnx.io s3.tradingview.com *.twitter.com verify.authorize.net v1.addthisedge.com widget.nfusionsolutions.com widget.us.criteo.com www.dwin1.com www.shopperapproved.com z.moatads.com preprod.sdbullion.com adm.sdbullion.com sdbullion.com *.sdbullion.com bam.nr-data.net tagmanager.google.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.klaviyo.com *.cloudmaestro.com onesignal.com preprod.sdbullion.com adm.sdbullion.com sdbullion.com *.sdbullion.com www.shopperapproved.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cdn.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com ekr.zdassets.com/ *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com api.livechatinc.com *.klaviyo.com https://bt.signifyd.com:11103 cdn.cookielaw.org *.clarity.ms *.kmail-lists.com geolocation.onetrust.com onesignal.com privacyportal-eu.onetrust.com seal.digicert.com ssl.kaptcha.com stats.g.doubleclick.net *.twitter.com verify.authorize.net bam.nr-data.net sdbullion.com *.sdbullion.com rkkck31tec.execute-api.eu-central-1.amazonaws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri sdbullion.com *.sdbullion.com 'self' 'unsafe-inline'; 1
script-src-elem 'nonce-psegnjcsp-unsafeinline' 'strict-dynamic' *.pseg.com *.gstatic.com *.force.com *.cloudflare.com player.vimeo.com *.aspnetcdn.com *.google-analytics.com *.google.com *.googletagmanager.com *.googleapis.com *.adsrvr.org *.salesforce-sites.com *.salesforce.com *.salesforceliveagent.com *.my.site.com connect.facebook.net platform.twitter.com; frame-ancestors *.pseg.com *.salesforce.com; connect-src *.pseg.com *.gstatic.com *.force.com *.aspnetcdn.com *.google-analytics.com *.analytics.google.com *.google.com *.googletagmanager.com *.googleapis.com *.my.site.com *.windows.net cdnjs.cloudflare.com stats.g.doubleclick.net px.ads.linkedin.com; img-src *.pseg.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.vimeocdn.com *.google.com *.facebook.com px.ads.linkedin.com data:; base-uri 'self'; object-src 'none'; script-src 'nonce-psegnjcsp-unsafeinline' 'strict-dynamic' *.pseg.com *.gstatic.com *.force.com *.cloudflare.com player.vimeo.com *.aspnetcdn.com *.google-analytics.com *.google.com *.googletagmanager.com *.googleapis.com *.adsrvr.org *.salesforce-sites.com *.salesforce.com *.salesforceliveagent.com *.my.site.com connect.facebook.net platform.twitter.com;  1
frame-ancestors edge.arista.com *.edge.arista.com arista.com *.arista.com *.untangle.com untangle.com *.untanglesystems.com untanglesystems.com ws.zoominfo.com ws-assets.zoominfo.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; child-src 'self' *.vimeo.com *.vidyard.com; script-src 'self' *.emailsys2a.net js.driftt.com *.salesviewer.com ss.leica-geosystems.com *.js.driftt.com img.en25.com leica.softwarelist.orgando.de *.formstack.com slsntllgnc.com leica.partnersuche.orgando.de leica-gnss.digtive.de *.addthis.com *.googlesyndication.com *.createjs.com *.googleapis.com *.googleadservices.com *.youtube.com *.twitter.com *.taggbox.com *.tagbox.com *.vidyard.com 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' *.cookielaw.org cdnjs.cloudflare.com connect.facebook.net *.hexagongeosystems.com *.doubleclick.net *.pardot.com sc.lfeeder.com *.licdn.com *.ads-twitter.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.taboola.com s3.amazonaws.com downloads.mailchimp.com emailsys2a.net; style-src 'unsafe-inline' 'report-sample' 'self' fonts.googleapis.com *.gstatic.com *.formstack.com leica.partnersuche.orgando.de leica-gnss.digtive.de cdnjs.cloudflare.com *.tagbox.com *.taggbox.com *.hexagongeosystems.com cdn-images.mailchimp.com; object-src 'self'; connect-src 'self' *.formstack.com *.leica-geosystems.com capig.stape.cc maps.googleapis.com leica.backend.digtive.de backend.partnersuche.orgando.de slsntllgnc.com privacyportal.onetrust.com pagead2.googlesyndication.com *.taggbox.com *.google.com *.google.co.nz cdn.cookielaw.org px.ads.linkedin.com *.clarity.ms *.doubleclick.net *.google-analytics.com *.vidyard.com *.taboola.com; font-src 'self' fonts.gstatic.com *.formstack.com fonts.googleapis.com leica.partnersuche.orgando.de leica-gnss.digtive.de *.cloud.coveo.com data: *.tagbox.com *.wasabisys.com *.hexagongeosystems.com; frame-src 'self' *.driftt.com connect.hxgnsmartnet.com *.formstack.com smartnetna.com view.genially.com view.genial.ly *.youtube-nocookie.com *.nrtk.eu hxgncontent.com *.hxgncontent.com *.leica-geosystems.com *.vimeo.com weu-cdn-geo-01.azureedge.net *.hexagongeosystems.com td.doubleclick.net *.google.com *.youtube.com *.youtu.be *.twitter.com *.vidyard.com *.hexagongeosystems.com indd.adobe.com; img-src https: data:; manifest-src 'self' *.hexagongeosystems.com; media-src 'self'; 1
frame-ancestors https://*.lifeextension.com http://localhost:4201/; 1
default-src 'self' https://www.it-recht-kanzlei.de/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.it-recht-kanzlei.de/ https://chat.it-recht-kanzlei.de:3000/ https://maps.google.com/maps-api-v3/ https://maps.google.com/maps/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.google.com/maps/api/ https://maps.googleapis.com/ https://apis.google.com https://platform.twitter.com https://connect.facebook.net https://ssl.google-analytics.com https://www.google-analytics.com https://widgets.shopvote.de https://dev.w3.org/SVG/modules/ref/master/ref2.js; img-src 'self' https://www.it-recht-kanzlei.de/ https://*.it-recht-kanzlei.de/ blob: data: *; style-src 'self' 'unsafe-inline' https://www.it-recht-kanzlei.de/ https://widgets.shopvote.de/ https://fonts.googleapis.com https://fonts.gstatic.com; font-src 'self' https://www.it-recht-kanzlei.de/ https://fonts.gstatic.com; child-src 'self' blob: data: https://www.it-recht-kanzlei.de/ https://www.shopvote.de/ https://widgets.shopvote.de/ https://www.google.com/ https://syndication.twitter.com https://platform.twitter.com https://web.facebook.com https://staticxx.facebook.com https://www.facebook.com https://www.google-analytics.com https://apis.google.com https://accounts.google.com; object-src 'self' https://www.it-recht-kanzlei.de/; connect-src 'self' https://www.it-recht-kanzlei.de/ https://widgets.shopvote.de/ https://chat.it-recht-kanzlei.de:3000/ https://cdn.it-recht-kanzlei.de:444/ https://www.google-analytics.com https://*.it-recht-kanzlei.de/ https://maps.googleapis.com/maps/api/; media-src 'self' 1
frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: *.cloudmaestro.com polyfill.io *.searchspring.net *.googletagmanager.com *.cookiebot.com www.gstatic.com *.helpscout.net *.google-analytics.com *.facebook.net *.fbcdn.net *.yimg.com *.bing.com *.criteo.net *.criteo.com *.jmbullion.com *.yahoo.com *.googleapis.com *.shopperapproved.com *.nr-data.net *.newrelic.com *.inspectlet.com *.intellisuggest.com *.paypalobjects.com *.paypal.com *.online-metrix.net *.twimg.com *.twitter.com *.instagram.com widget-mediator.zopim.com *.youtube.com *.doubleclick.net *.cloudfront.net bitpay.com *.bitpay.com *.nfusionsolutions.biz *.cdn77.org *.plaid.com *.routingnumbers.info *.tradingview.com *.smartystreets.com wsonline.seisint.com *.googleadservices.com *.nfusionsolutions.com *.google.com *.nameapi.org *.taxjar.com raw.githubusercontent.com cdn.ampproject.org *.wompmobile.com *.zopim.com cdnjs.cloudflare.com az690879.vo.msecnd.net jmbullion-connect.awsapps.com api-cache.searchspring.io 7hkez9.a.searchspring.io tpc.googlesyndication.com p11.techlab-cdn.com cdncy.jmbullion.com www.dwin1.com gstatic.com www.awin1.com the.sciencebehindecommerce.com static.zdassets.com *.womp.me wompme.blob.core.windows.net/ wompme.blob.core.windows.net jmbullionpwa.azureedge.net songbird.cardinalcommerce.com static.klaviyo.com static-tracking.klaviyo.com cdn.jsdelivr.net *.fpapi.io *.fpcdn.io fpcdn.io fpapi.io api.fpjs.io *.api.fpjs.io *.braintreegateway.com *.braintree-api.com pay.google.com womp.me *.fptls.com fptls.com *.contentsquare.net app.contentsquare.com ob.segreencolumn.com obs.segreencolumn.com track.wickedreports.com widget.wickedreports.com cdn.onesignal.com onesignal.com www.redditstatic.com alb.reddit.com *.dynamicyield.com s.pinimg.com *.olark.com js.klarna.com x.klarnacdn.net; report-uri /.webscale/csp-report 1
default-src 'self'; style-src 'self' https://*.mittwald.de 'unsafe-inline'; font-src 'self' data: userlike-cdn-umm.b-cdn.net fonts.gstatic.com; connect-src *; child-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net blob:; img-src 'self' https://*.mittwald.de https://*.mittwald.systems https://mittwald-av-manager.de https://audatis.ds-manager.com userlike-cdn-operators.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-web.b-cdn.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com data:; script-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net https://audatis.ds-manager.com 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-4y/gEB2/KIwZFTfNqwXJq4olzvmQ0S214m9jwKgNXoc=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc='; frame-src 'self' https://*.mittwald.de https://mittwald-av-manager.de https://varnish-editor.dev.mittwald.systems https://varnish-editor.mittwald.de https://audatis.ds-manager.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net www.youtube.com player.vimeo.com blob:; frame-ancestors https://*.mittwald.de https://*.mittwald.systems https://*.mittwald.it http://localhost:3000 blob:; media-src userlike-cdn-umm.b-cdn.net userlike-store-media-files.s3.amazonaws.com www.userlike.com blob:; object-src 'none' 1
base-uri 'none'; object-src 'self' *.amazonaws.com; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: 'nonce-Vn5PRIYB4KFvC0hTlnCzZdPH2dCusTjfZhrIhCB/dRQ='; report-uri https://europe-central2-fundigic-cloud.cloudfunctions.net/siepomaga-csp 1
default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' blob: 'unsafe-eval' *.google.com https://www.google.com https://www.google-analytics.com https://www.google-analytics.com/j/collect https://www.gstatic.com https://www.google.com.mx https://www.googletagmanager.com https://google.com/pay https://adservice.google.com https://pay.google.com https://pay.google.com/about/redirect/ https://analytics.google.com https://fonts.gstatic.com https://www.googleadservices.com https://www.googletagmanager.com https://paypal.com https://www.paypal.com/sdk/js https://checkout.paypal.com https://www.paypalobjects.com *.paypal.com https://assets.braintreegateway.com *.braintreegateway.com *.braintree-api.com https://www.facebook.com https://connect.facebook.net https://www.facebook.com/tr/ *.sentry.io *.ingest.sentry.io *.riskified.com *.affirm.com https://tracker.affirm.com *.braze.com https://sdk.iad-05.braze.com/api/v3/data/ https://global.ketchcdn.com *.mparticle.com https://bat.bing.com *.forter.com https://utt.impactcdn.com https://cdn.pdst.fm https://cdn.ketchjs.com https://app.link;style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://www.googletagmanager.com;img-src 'self' data: blob: *.gametime.co/ *;connect-src 'self' *.gametime.co/ https://gametime.hnyj8s.net *.riskified.com *.mparticle.com *.pusher.com https://sockjs-mt1.pusher.com wss://ws-mt1.pusher.com *.google.com https://www.google.com https://www.google-analytics.com https://www.google-analytics.com/j/collect https://www.gstatic.com https://www.google.com.mx https://www.googletagmanager.com https://google.com/pay https://adservice.google.com https://pay.google.com https://pay.google.com/about/redirect/ https://analytics.google.com https://fonts.gstatic.com https://www.googleadservices.com https://www.googletagmanager.com https://sandbox.affirm.com https://sandbox.affirm.com/fonts https://www.sandbox.paypal.com/ https://paypal.com https://www.paypal.com/sdk/js https://checkout.paypal.com https://www.paypalobjects.com *.paypal.com https://assets.braintreegateway.com *.braintreegateway.com *.braintree-api.com *.affirm.com https://tracker.affirm.com *.datadoghq.com *.browser-intake-us5-datadoghq.com  https://session-replay.browser-intake-us5-datadoghq.com/api/v2/replay https://www.facebook.com https://connect.facebook.net https://www.facebook.com/tr/ *.sentry.io *.ingest.sentry.io *.cloudfront.net https://global.ketchcdn.com *.forter.com *.braze.com https://sdk.iad-05.braze.com/api/v3/data/ *.doubleclick.net https://bat.bing.com https://pixels.spotify.com https://api2.branch.io https://api.buttercms.com https://api.lever.co https://api.rollbar.com *.amazonaws.com;worker-src 'self' blob:;form-action 'self' https://www.facebook.com https://connect.facebook.net https://www.facebook.com/tr/;manifest-src 'self' *.google.com https://www.google.com https://www.google-analytics.com https://www.google-analytics.com/j/collect https://www.gstatic.com https://www.google.com.mx https://www.googletagmanager.com https://google.com/pay https://adservice.google.com https://pay.google.com https://pay.google.com/about/redirect/ https://analytics.google.com https://fonts.gstatic.com https://www.googleadservices.com https://www.googletagmanager.com;frame-src 'self' *.google.com https://www.google.com https://www.google-analytics.com https://www.google-analytics.com/j/collect https://www.gstatic.com https://www.google.com.mx https://www.googletagmanager.com https://google.com/pay https://adservice.google.com https://pay.google.com https://pay.google.com/about/redirect/ https://analytics.google.com https://fonts.gstatic.com https://www.googleadservices.com https://www.googletagmanager.com https://sandbox.affirm.com https://sandbox.affirm.com/fonts https://www.sandbox.paypal.com/ https://assets.braintreegateway.com *.braintreegateway.com *.braintree-api.com https://paypal.com https://www.paypal.com/sdk/js https://checkout.paypal.com https://www.paypalobjects.com *.paypal.com https://www.facebook.com https://connect.facebook.net https://www.facebook.com/tr/ https://player.vimeo.com/ *.doubleclick.net;font-src 'self' data: https://sandbox.affirm.com https://sandbox.affirm.com/fonts https://www.sandbox.paypal.com/ *.google.com https://www.google.com https://www.google-analytics.com https://www.google-analytics.com/j/collect https://www.gstatic.com https://www.google.com.mx https://www.googletagmanager.com https://google.com/pay https://adservice.google.com https://pay.google.com https://pay.google.com/about/redirect/ https://analytics.google.com https://fonts.gstatic.com https://www.googleadservices.com https://www.googletagmanager.com https://fp.affirm-stage.com https://use.fontawesome.com;base-uri 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self' https:;connect-src 'self' https: https://api.mobius.highereducation.com https://api.stripe.com https://js-agent.newrelic.com https://bam.nr-data.net https://api.honeybadger.io https://api.sail-personalize.com https://api.sail-track.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://privacyportal.onetrust.com wss://*.hotjar.com https://generalassembly.pxf.io;font-src 'self' data: https: https://ga-static-assets-s3.global.ssl.fastly.net https://fonts.gstatic.com;img-src 'self' data: blob: https: https://ga-static-assets-s3.global.ssl.fastly.net https://www.google-analytics.com https://ga-core.s3.amazonaws.com https://stats.g.doubleclick.net https://dc.ads.linkedin.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com/ https://generalassemb.ly/ https://s3.amazonaws.com/static-assets.generalassemb.ly/ https://px.ads.linkedin.com https://grow.clearbitjs.com https://ws.zoominfo.com;object-src 'none';worker-src blob: https:;media-src 'self' data: blob: https:;script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://cdn.cookielaw.org https://ga-static-assets-s3.global.ssl.fastly.net https://ak.sail-horizon.com https://www.google-analytics.com https://d1fc8wv8zag5ca.cloudfront.net https://tagmanager.google.com https://connect.facebook.net/ https://code.jquery.com/ https://geolocation.onetrust.com https://bam-cell.nr-data.net https://cdn.optimizely.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://stats.g.doubleclick.net https://snap.licdn.com https://utt.impactcdn.com;script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' https://cdn.mobius.highereducation.com https://www.googletagmanager.com https://www.google-analytics.com https://ak.sail-horizon.com https://cdn.optimizely.com https://www.googleadservices.com https://stats.g.doubleclick.net https://js-agent.newrelic.com https://x.clearbitjs.com https://grow.clearbitjs.com https://ws.zoominfo.com;style-src 'self' data: https: 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://ssl.gstatic.com https://cdn.cookielaw.org https://optanon.blob.core.windows.net;frame-ancestors 'self';upgrade-insecure-requests;report-uri /core_content_security_policy/reports; 1
font-src 'self' *.fantrax.com fantraximg.com fonts.googleapis.com fonts.gstatic.com; frame-ancestors 'self'; 1
report-uri /api/report-csp-violation; script-src 'self' 'wasm-unsafe-eval' cdn.eiger.io cdn.dev.eiger.io cmp.osano.com consent.api.osano.com disclosure.api.osano.com tattle.api.osano.com *.google-analytics.com *.googletagmanager.com app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-5533347562455040.storage.googleapis.com data.pendo.io widget.intercom.io app.intercom.io js.intercomcdn.com content.product.eiger.io data.product.eiger.io tagmanager.google.com use.typekit.net performance.typekit.com cdnjs.cloudflare.com cdn.jsdelivr.net code.jquery.com js.stripe.com connect-js.stripe.com www.datadoghq-browser-agent.com 'sha256-1eJArrmrWAFkIw+mfskp4IYAwyLTHlG7k2ticca+J/Y=' 'nonce-a453ac3e-e802-4959-88c3-57f3fd6b721e'; style-src 'self' 'unsafe-inline' cdn.eiger.io cdn.dev.eiger.io tagmanager.google.com *.googletagmanager.com fonts.googleapis.com use.typekit.net app.pendo.io cdn.pendo.io pendo-static-5533347562455040.storage.googleapis.com content.product.eiger.io data.product.eiger.io; font-src 'self' cdn.eiger.io cdn.dev.eiger.io use.typekit.net fonts.gstatic.com data: https://js.intercomcdn.com https://fonts.intercomcdn.com; connect-src 'self' cmp.osano.com consent.api.osano.com disclosure.api.osano.com tattle.api.osano.com stats.g.doubleclick.net/ s3.amazonaws.com/mfmatterhorn/ s3.amazonaws.com/mfvesuvius/ s3.amazonaws.com/mf-k2/ cognito-idp.us-east-1.amazonaws.com cdn.eiger.io/ cdn.dev.eiger.io/ performance.typekit.net app.pendo.io data.pendo.io pendo-static-5533347562455040.storage.googleapis.com https://via.intercom.io https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com content.product.eiger.io data.product.eiger.io *.google-analytics.com *.browser-intake-datadoghq.com status.eiger.io js.stripe.com connect-js.stripe.com mfeiger-production.s3.amazonaws.com mf-smartslice.s3.amazonaws.com performance.typekit.net wss://www.eiger.io; img-src 'self' data: cdn.eiger.io cdn.dev.eiger.io p.typekit.net data.pendo.io cdn.pendo.io app.pendo.io pendo-static-5533347562455040.storage.googleapis.com data.pendo.io content.product.eiger.io data.product.eiger.io blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com *.google-analytics.com *.googletagmanager.com fonts.gstatic.com stats.g.doubleclick.net mfeiger-production.s3.amazonaws.com cdn.eiger.io; frame-src app.pendo.io *.googletagmanager.com js.stripe.com connect-js.stripe.com cmp.osano.com consent.api.osano.com disclosure.api.osano.com tattle.api.osano.com player.vimeo.com *.youtube.com; child-src app.pendo.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; frame-ancestors app.pendo.io; form-action 'self' app.pendo.io https://intercom.help https://api-iam.intercom.io *.eiger.io *.markforged.com https://markforged--uat.sandbox.my.site.com http://localhost:3030; media-src 'self' cdn.eiger.io cdn.dev.eiger.io https://js.intercomcdn.com; worker-src 'self' blob: 1
frame-ancestors 'self' *.taxact.com *.taxactonline.com *.salemove.com secure.balancefin.com 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.chemistryworld.com https://eme.abacusemedia.com; 1
child-src 'self' https://*.getbeamer.com https://*.statuspage.io https://changelog.cloudsmith.com https://consentcdn.cookiebot.com https://fast.wistia.net https://giphy.com https://intercom-sheets.com https://js.stripe.com https://player.vimeo.com https://share.intercom.io https://vars.hotjar.io https://www.google.com/recaptcha/ https://www.intercom-reporting.com https://www.youtube.com; connect-src 'self' https://*.adroll.com https://*.analytics.google.com https://*.clarity.ms https://*.getbeamer.com https://*.google-analytics.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.intercom.io https://*.logs.datadoghq.com https://*.sentry.io/ https://*.statuspage.io https://analytics.google.com https://api.stripe.com https://app.getsentry.com https://bat.bing.com https://cdn.linkedin.oribi.io https://consentcdn.cookiebot.com https://forms.hubspot.com https://googleads.g.doubleclick.net https://js.intercomcdn.com https://rs.fullstory.com https://simple.cloudsmith.io https://stats.g.doubleclick.net https://surveystats.hotjar.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://vc.hotjar.io https://www.google-analytics.com https://www.google.com https://www.google.lt wss://*.hotjar.com wss://*.intercom.io wss://realtime.getbeamer.com https://api.cloudsmith.io https://api-g.cloudsmith.io https://api-prd.cloudsmith.io https://assets.cloudsmith.media https://cloudsmith-package-uploads-prd.s3.amazonaws.com https://cloudsmith-package-uploads-prd.s3-accelerate.amazonaws.com; media-src 'self' https://app.getbeamer.com https://giphy.com https://js.intercomcdn.com https://assets.cloudsmith.media https://prd.cloudsmith.media https://users.cloudsmith.media; form-action 'self' https://api-iam.intercom.io https://billing.stripe.com https://billing.cloudsmith.com https://intercom.help https://messenger-apps.intercom.io https://cloudsmith.io https://www.cloudsmith.io https://www-g.cloudsmith.io https://prd.cloudsmith.io https://web-prd.cloudsmith.io https://web-prd.cloudsmith.io; default-src 'self'; object-src 'self'; worker-src 'self' blob: https://assets.cloudsmith.media; frame-src 'self' https://*.getbeamer.com https://*.statuspage.io https://changelog.cloudsmith.com https://consentcdn.cookiebot.com https://fast.wistia.net https://giphy.com https://hooks.stripe.com https://intercom-sheets.com https://js.stripe.com https://player.vimeo.com https://share.intercom.io https://td.doubleclick.net https://vars.hotjar.io https://www.google.com/recaptcha/ https://www.intercom-reporting.com https://www.youtube.com; img-src 'self' data: https: https://assets.cloudsmith.media https://prd.cloudsmith.media https://users.cloudsmith.media; script-src 'self' data: https://*.adroll.com https://*.fullstory.com https://*.getbeamer.com https://*.googletagmanager.com https://*.intercom.io https://*.statuspage.io https://api.stripe.com https://bat.bing.com https://browser.sentry-cdn.com/ https://cdn.mxpnl.com https://cdn.ravenjs.com https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/ https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://d.adroll.mgr.consensu.org https://js.intercomcdn.com https://js.stripe.com https://maps.googleapis.com https://maps.gstatic.com https://pagead2.googlesyndication.com https://rum-static.pingdom.net https://script.hotjar.com https://sentry.io/api/ https://sjs.bizographics.com https://snap.licdn.com https://static.hotjar.com https://tagmanager.google.com https://tpc.googlesyndication.com https://translate.google.com https://www.clarity.ms https://www.datadoghq-browser-agent.com https://www.google-analytics.com https://www.google.com https://www.google.com/pagead/ https://www.google.com/recaptcha/ https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/firebasejs/ https://www.gstatic.com/recaptcha/ https://assets.cloudsmith.media 'nonce-G7QlBB9LDmw858GyXZCQmQ=='; style-src 'self' 'unsafe-inline' https://*.typekit.net https://*.hotjar.com https://app.getbeamer.com/styles/ https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://assets.cloudsmith.media; font-src 'self' data: https://app.getbeamer.com https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.intercomcdn.com https://js.intercomcdn.com https://script.hotjar.com https://use.typekit.net https://assets.cloudsmith.media 1
default-src https: 'unsafe-inline' ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com; font-src https: 'unsafe-inline' data: ;connect-src 'self' https: wss: ;base-uri 'self' https: ;form-action 'self' https://wttc.activehosted.com/proc.php; img-src * data: ; 1
frame-ancestors self  https://*.123greetings.com http://*.123g.us https://*.123g.us; 1
default-src 'self' blob: *.brightcove.com *.crazyegg.com *.brightcove.net   https: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' kpc.webmail.kpnmail.nl cloud.kpnmail.nl; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; 1
default-src 'self' https://*.lifepointspanel.com; connect-src 'self' https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://*.clarity.ms https://bat.bing.com https://stats.g.doubleclick.net https://www.google.co.uk https://capig.lifepointspanel.com *.nr-data.net; font-src 'self' data: https://www.lifepointspanel.com https://panel-lifepointsportals.drupal.production.platone.red https://content.lifepointspanel.com; frame-src https://*.trustpilot.com https://consent.kantar.com https://bid.g.doubleclick.net https://td.doubleclick.net https://10766450.fls.doubleclick.net https://www.youtube.com; img-src 'self' data: https://*.lifepointspanel.com https://panel-lifepointsportals.drupal.production.platone.red https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://*.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://adservice.google.com https://10766450.fls.doubleclick.net https://ad.doubleclick.net https://*.clarity.ms https://*.bing.com https://www.facebook.com https://s1.adform.net https://sb.scorecardresearch.com https://sb.voicefive.com https://secure.insightexpressai.com https://a.e-webtrack.net https://img.macromill.com https://www.insightexpressai.com https://www.rlcdn.com https://flextrack.msi-aci.com https://ads.e-webtrack.net https://*.nudatasecurity.com; object-src 'none'; script-src 'self' 'unsafe-inline' blob: https://*.lifepointspanel.com https://panel-lifepointsportals.drupal.production.platone.red https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://js-agent.newrelic.com https://redditstatic.com https://*.trustpilot.com https://www.clarity.ms https://www.google-analytics.com https://analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://tag.simpli.fi https://a.e-webtrack.net cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://www.lifepointspanel.com https://content.lifepointspanel.com https://panel-lifepointsportals.drupal.production.platone.red https://cdn.jsdelivr.net; frame-ancestors 'self' 1
frame-ancestors about: 'self' https://*.airtransat.com https://*.transat.com https://www.transatagentdirect.com 1
default-src 'self' data: https://internalgogdemo.terracycle.com https://dva1blx501zrw.cloudfront.net/ https://dva1blx501zrw.cloudfront.net/ https://fonts.gstatic.com/ https://use.typekit.net/ https://*.noibu.com/ wss://*.noibu.com/; script-src 'self' 'unsafe-inline' data: https://internalgogdemo.terracycle.com https://dva1blx501zrw.cloudfront.net/ https://analytics.twitter.com/ https://apis.google.com/_/scs/apps-static/ https://apis.google.com/js/platform.js https://apis.google.com/se/0/wm/1/ https://assets.pinterest.com/js/pinit.js https://assets.pinterest.com/js/pinit_main.js https://assets.pinterest.com/js/pinmarklet.js https://s.pinimg.com/ct/ https://b-code.liadm.com/a-00v3.min.js https://cdn.leadmanagerfx.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://js.hs-scripts.com/ https://log.pinterest.com/ https://maps.googleapis.com/ https://platform.twitter.com/js/ https://platform.twitter.com/widgets.js https://*.quora.com/qevents.js https://script.hotjar.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://static.hotjar.com/ https://use.typekit.net/ https://*.google-analytics.com https://*.analytics.google.com https://www.google.com/recaptcha/ https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com/ https://www.googleadservices.com/pagead/conversion.js https://*.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.redditstatic.com/ads/pixel.js https://ads.nextdoor.com/public/pixel/ndp.js https://www.clarity.ms/ https://js.hscollectedforms.net/collectedforms.js https://js.hs-banner.com/ https://js.hs-analytics.net/ https://*.wufoo.com/scripts/embed/form.js https://js.hsadspixel.net/fb.js https://js.hsleadflows.net/leadflows.js https://tag.rmp.rakuten.com/125112.ct.js https://js-agent.newrelic.com/ https://analytics.tiktok.com https://stats.g.doubleclick.net https://cdn.cookielaw.org/ https://js.hubspot.com/ https://amplify.outbrain.com/cp/obtp.js https://*.attn.tv/ https://*.attentive.com https://*.attentivemobile.com https://js.hsforms.net/forms/embed/v2.js https://js.hubspot.com/web-interactives-embed.js https://amplify.outbrain.com https://wave.outbrain.com/ https://analytics.tiktok.com/ https://tr.outbrain.com/ https://cdn.noibu.com/collect.js https://*.noibu.com/ wss://*.noibu.com/ https://unpkg.com/swagger-ui-dist@5.11.0/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ 'unsafe-eval' https://s3.amazonaws.com/assets/errors*; style-src 'self' 'unsafe-inline' https://dva1blx501zrw.cloudfront.net/ https://syndication.twitter.com/ https://fonts.googleapis.com/ https://optimize.google.com https://unpkg.com/swagger-ui-dist@5.11.0/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ https://fonts.googleapis.com/css https://s3.amazonaws.com/assets/errors*; frame-src 'self' https://staticxx.facebook.com/ https://web.facebook.com/ https://www.facebook.com/ https://accounts.google.com/ https://apis.google.com/ https://optimize.google.com/ https://www.google.com/recaptcha/ https://editorium.herokuapp.com/ https://editoriumstage.terracycle.com/ https://vars.hotjar.com/ https://i.liadm.com/ https://*.pinterest.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://terracycle.wufoo.com/ https://www.youtube.com/ https://www.recaptcha.net/ https://terracycle.wufoo.com/ https://player.vimeo.com/ https://forms.hubspot.com/ https://td.doubleclick.net/ https://terracycle-6369378.hs-sites.com/ https://privacyportal.onetrust.com/ https://*.attn.tv/ https://*.attentive.com https://*.attentivemobile.com https://forms.hsforms.com/; img-src 'self' https://internalgogdemo.terracycle.com https://dva1blx501zrw.cloudfront.net/ https://dva1blx501zrw.cloudfront.net/ https://d280jbtwinny2v.cloudfront.net/ https://d35jj3xv1zfqx0.cloudfront.net/ https://dva1blx501zrw.cloudfront.net/ https://tc-global-prod.s3.amazonaws.com/ https://s3.amazonaws.com/tc-global-prod/ https://s3.amazonaws.com// https://s3.amazonaws.com/gog-prod/ https://*.terracycle.com/ https://alb.reddit.com/ https://assets.pinterest.com/images/pidgets/ https://c.liadm.com/ https://log.pinterest.com/ https://maps.googleapis.com/ https://maps.gstatic.com/mapfiles/ https://p.typekit.net/ https://*.quora.com/ https://*.ads.linkedin.com/ https://rp.liadm.com/ https://stats.g.doubleclick.net/r/ https://syndication.twitter.com/i/ https://ct.pinterest.com/v3/ https://t.co/ https://www.facebook.com/tr/ https://optimize.google.com/ https://*.google-analytics.com https://*.googletagmanager.com https://tc-shop-stage.s3.amazonaws.com/ https://tc-shop-prod.s3.amazonaws.com/ https://flask.nextdoor.com/ https://forms.hsforms.com/ https://track.hubspot.com/ https://*.clarity.ms https://img.youtube.com/ https://p.adsymptotic.com/d/px/ https://analytics.tiktok.com/ https://cdn.cookielaw.org/ https://6369378.fs1.hubspotusercontent-na1.net https://consent.linksynergy.com/ https://perf-na1.hsforms.com https://*.attn.tv/ https://*.attentive.com https://*.attentivemobile.com https://forms-na1.hsforms.com https://cta-service-cms2.hubspot.com/ https://static.hubspot.com/ https://static.hsappstatic.net/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ data: https://s3.amazonaws.com/assets/errors/logo-white* https://www.google.at/ https://www.google.be/ https://www.google.br/ https://www.google.ca/ https://www.google.ch/ https://www.google.co.uk/ https://www.google.com/ https://www.google.de/ https://www.google.dk/ https://www.google.es/ https://www.google.fr/ https://www.google.hu/ https://www.google.ie/ https://www.google.jp/ https://www.google.kr/ https://www.google.mx/ https://www.google.nl/ https://www.google.nz/ https://www.google.se/ https://shop.terracycle.com/en-US/ filesystem:; connect-src 'self' https://internalgogdemo.terracycle.com https://dva1blx501zrw.cloudfront.net/ https://dva1blx501zrw.cloudfront.net/ https://ipapi.co/json https://pro.ip-api.com/json/ https://maps.googleapis.com/ https://in.hotjar.com/api/v1/client/sites/600250/ https://in.hotjar.com/api/v2/client/sites/600250/ https://vc.hotjar.io/views/600250 https://t.leadmanagerfx.com/visit/add/4529 https://us-east1-idyllic-vehicle-159522.cloudfunctions.net/mcfx-visitor-information https://*.google-analytics.com https://*.googletagmanager.com https://analytics.google.com https://*.analytics.google.com https://rp.liadm.com/ https://forms.hubspot.com/ https://t.leadmanagerfx.com/ https://www.clarity.ms/ https://*.clarity.ms https://js.hs-banner.com/ https://stats.g.doubleclick.net/ https://ct.pinterest.com/user/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://privacyportal.onetrust.com/request/v1/consentreceipts https://api.hubapi.com/ https://cta-service-cms2.hubspot.com/ https://forms.hsforms.com https://cdn.linkedin.oribi.io/partner/2230314/domain/terracycle.com/token https://*.attn.tv/ https://*.attentive.com https://*.attentivemobile.com https://tr.outbrain.com/ https://analytics.tiktok.com/ https://hubspot-forms-static-embed.s3.amazonaws.com https://staging.shop.terracycle.com/ https://shop.terracycle.com/ https://*.noibu.com/ wss://*.noibu.com/ 1
frame-ancestors 'self' https://clipdrop.co/ https://*.preview.clipdrop.co 1
default-src 'self' 'unsafe-inline' blob: https://avanza.se; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://push.avanza.se https://smetrics.avanza.se; connect-src 'self' wss://*.avanza.se https://push.avanza.se https://smetrics.avanza.se https://sentry.avanza.se https://cdnjs.cloudflare.com/ajax/libs/twemoji/; worker-src blob:; img-src 'self' blob: data: https://avanza.se https://smetrics.avanza.se https://track.adrecord.com https://cdn.quartr.com https://cdnjs.cloudflare.com/ajax/libs/twemoji/; font-src 'self' data:; media-src 'self' data: https://files.quartr.com; frame-src 'self' bankid:; object-src 'none'; report-uri https://sentry.avanza.se/api/5/security/?sentry_key=091020b22086092bff20bae1dfa98c14&sentry_environment=prod 1
frame-ancestors 'self' https://win.sportmaps.ru/ 1
style-src 'self' 'unsafe-inline' *.seb.se seb.humany.net; script-src 'self' 'unsafe-eval' 'nonce-l2/fm+kSbb0D/Es4se93Kcjk5JKtN6XgBtIZq/yPZBY=' 'report-sample' *.seb.se seb.humany.net https://activitymap.adobe.com/sc15/activitymap/index.js https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com; img-src 'self' *.seb.se seb.d3.sc.omtrdc.net https://cdn.optimizely.com cache.cvm3.se data:; frame-src 'self' *.seb.se seb-external.creo.se seb-external.creomediamanager.com player.cvm3.se seb-live.creo.se https://a26926230211.cdn.optimizely.com https://a26926230211.cdn-pci.optimizely.com activitymap.adobe.com; font-src 'self' content.seb.se seb.humany.net ace-knowledge-cdn.teliacompany.net data:; connect-src 'self' *.seb.se seb.humany.net *.sebgroup.com seb.d3.sc.omtrdc.net https://*.optimizely.com; base-uri 'self'; object-src 'none'; report-uri /api/csp-report/ 1
frame-ancestors 'self' http://www.philips.de *.philips.com *.philips.de https://philipsigtdpv.com 1
base-uri 'self'; block-all-mixed-content; child-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://vimeo.com https://player.vimeo.com blob:; connect-src 'self' https://static.essential.gg https://assets.essential.gg https://images.essential.gg https://noembed.com https://www.youtube.com https://www.youtube-nocookie.com https://vimeo.com https://player.vimeo.com https://stream.mux.com https://*.cfcdn.mux.com https://*.fastly.mux.com https://image.mux.com https://vod.api.video https://embed.api.video https://vod.api.video https://api.mapbox.com https://events.mapbox.com; default-src 'self'; font-src https://static.essential.gg; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://vimeo.com https://player.vimeo.com; img-src 'self' https://static.essential.gg https://images.essential.gg https://videos.essential.gg https://i.ytimg.com https://img.youtube.com https://i.vimeocdn.com https://image.mux.com https://vod.api.video data: blob:; manifest-src 'self'; media-src blob: https://static.essential.gg https://videos.essential.gg https://stream.mux.com https://*.cfcdn.mux.com https://*.fastly.mux.com https://vod.api.video https://embed.api.video; object-src 'none'; script-src 'self' https://assets.essential.gg https://s.ytimg.com https://www.youtube.com https://vimeo.com https://player.vimeo.com; style-src https://assets.essential.gg 'unsafe-inline'; upgrade-insecure-requests; worker-src 'self' blob:; report-uri https://essential.gg/api/report/content-security-policy; 1
frame-ancestors *.breitling.com 1
default-src 'self' blob: *.aman-d8.my127.site *.brightcove.net *.brightcove.com *.boltdns.net *.akamaihd.net *.typekit.net *.nr-data.net *.buyatab.com *.aman.com *.quantummetric.com cloud.typography.com  'unsafe-inline' 'unsafe-eval'; worker-src blob:; child-src blob:; ; script-src 'self' 'unsafe-inline' blob: *.googleapis.com 'unsafe-eval' *.brightcove.net *.googletagmanager.com *.newrelic.com *.nr-data.net *.typekit.net *.buyatab.com *.aman.com *.ipstack.com *.quantummetric.com *.doubleclick.net *.googleadservices.com impactradius-event.com utt.impactcdn.com *.cinnox.com *.gstatic.com *.onetrust.com *.synxis.com *.recaptcha.net *.google.com logs-01.loggly.com ojrq.net *.zencdn.net *.thehotelsnetwork.com *.google-analytics.com cdn.rudderlabs.com https://d2wy8f7a9ursnm.cloudfront.net/v6/bugsnag.min.js *.api.rudderlabs.com *.analytics.google.com s.yimg.jp snap.licdn.com connect.facebook.net d.line-scdn.net p.relay-t.io js.sentry-cdn.com *.yahoo.co.jp *.clarity.ms static.sojern.com bat.bing.com cdn.linkedin.oribi.io https://cdn.jsdelivr.net/gh/jonthornton/jquery-timepicker@1.14.0/jquery.timepicker.min.js https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/js/intlTelInput-jquery.min.js https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/js/intlTelInput.min.js https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/js/utils.js fxgate.baidu.com secure-hotel-tracker.com newbooking.azds.com *.cinnox.cn https://*.googletagmanager.com aman-d8.my127.site browser.sentry-cdn.com *.visualwebsiteoptimizer.com app.vwo.com https://acsbapp.com https://accesswidget-log-receiver.acsbapp.com https://global.localizecdn.com https://js.appboycdn.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' cloud.typography.com *.buyatab.com *.aman.com *.cinnox.com *.googleapis.com *.bootstrapcdn.com *.synxis.com *.thehotelsnetwork.com https://cdn.jsdelivr.net/gh/jonthornton/jquery-timepicker@1.14.0/jquery.timepicker.min.css https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/css/intlTelInput.min.css newbooking.azds.com cdnjs.cloudflare.com *.cinnox.cn *.aman-d8.my127.site *.visualwebsiteoptimizer.com app.vwo.com https://use.fontawesome.com; img-src 'self' data: *.brightcove.net *.brightcove.com *.googletagmanager.com *.buyatab.com *.aman.com *.cinnox.com *.boltdns.net *.google-analytics.com *.onetrust.com *.thehotelsnetwork.com https://www.google.com https://www.google.com.uk https://www.google.co.uk https://px.ads.linkedin.com https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/img/flags.png bat.bing.com tr.line.me ad.doubleclick.net doubleclick.net www.facebook.com *.clarity.ms newbooking.azds.com dbmajt85xhr99.cloudfront.net controlcenter-p1.synxis.com newbooking.azds.com dbmajt85xhr99.cloudfront.net d1t1qzzb2zwrre.cloudfront.net *.bing.com *.linkedin.com *.cinnox.cn https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.aman-d8.my127.site *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com appboy-images.com braze-images.com cdn.braze.eu; media-src 'self' blob: *.buyatab.com *.aman.com *.akamaihd.net *.boltdns.net *.aman-d8.my127.site; frame-src *; frame-ancestors 'self'; font-src 'self' data: *.typekit.net *.aman.com *.gstatic.com *.cinnox.com *.thehotelsnetwork.com newbooking.azds.com dbmajt85xhr99.cloudfront.net d1t1qzzb2zwrre.cloudfront.net *.cinnox.cn *.aman-d8.my127.site https://use.fontawesome.com; connect-src 'self' *.aman.com *.boltdns.net  *.thehotelsnetwork.com *.quantummetric.com *.akamaihd.net *.doubleclick.net *.google-analytics.com *.nr-data.net ws: 'unsafe-eval' *.googleapis.com *.onetrust.com *.synxis.com  *.cinnox.com impactradius-event.com utt.impactcdn.com *.brightcove.com ojrq.net logs-01.loggly.com amanresorts.pxf.io api.rudderlabs.com *.rudderstack.com sessions.bugsnag.com p.relay-t.io cdn.linkedin.oribi.io pagead2.googlesyndication.com *.clarity.ms newbooking.azds.com *.analytics.google.com *.cinnox.cn https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.aman-d8.my127.site px.ads.linkedin.com am.yahoo.co.jp *.visualwebsiteoptimizer.com app.vwo.com https://cdn.acsbapp.com/config/stage.www.aman.com/config.json https://cdn.acsbapp.com/cache/app/wildcards.json https://sdk.iad-01.braze.com https://sdk.fra-02.braze.eu; upgrade-insecure-requests 1
upgrade-insecure-requests; default-src 'none'; script-src 'strict-dynamic' 'nonce-QaubzFrprloLYjhcrkY0aIh5GDDxuXMP' 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.sentry.dev www.googletagmanager.com plausible.io player.vimeo.com; connect-src 'self' sentry.io *.sentry.io *.sentry.dev reload.getsentry.net vimeo.com plausible.io; img-src 'self' sentry.io *.sentry.io data: *.sentry.dev storage.googleapis.com sentry-blog.storage.googleapis.com www.googletagmanager.com i.vimeocdn.com images.ctfassets.net; style-src 'self' 'unsafe-inline' *.sentry.dev; media-src 'self' videos.ctfassets.net; font-src 'self' *.sentry.dev fonts.gstatic.com; frame-src player.vimeo.com demo.arcade.software recaptcha.google.com www.google.com; manifest-src 'self' *.sentry.dev; base-uri 'none'; frame-ancestors *.sentry.io; report-uri https://o1.ingest.sentry.io/api/1297627/security/?sentry_key=e811b9077ef64dcf8a279ec18a61b222 1
default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: https://c.iad.oracleinfinity.io blob:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; frame-ancestors 'self' https://*.beocms.com https://communities.evonik.com; frame-src 'self' data: https: blob:; connect-src 'self' data: https: wss:; media-src 'self' data: https: blob: 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com unpkg.com www.googletagmanager.com www.googleadservices.com *.hotjar.com load.sumo.com static.ads-twitter.com snap.licdn.com connect.facebook.net js.hs-scripts.com v2.zopim.com pulsate.agilecrm.com api.bufferapp.com graph.facebook.com api.facebook.com widgets.pinterest.com reddit.com www.reddit.com js.hsadspixel.net js.hs-banner.com js.hs-analytics.net static.zdassets.com googleads.g.doubleclick.net *.google.com *.gstatic.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mas.to; img-src 'self' https: data: blob: https://mas.to; style-src 'self' https://mas.to 'nonce-DhnBXw6fGF9dkHUssn68KA=='; media-src 'self' https: data: https://mas.to; frame-src 'self' https:; manifest-src 'self' https://mas.to; form-action 'self'; child-src 'self' blob: https://mas.to; worker-src 'self' blob: https://mas.to; connect-src 'self' data: blob: https://mas.to https://media.mas.to wss://mas.to; script-src 'self' https://mas.to 'wasm-unsafe-eval' 1
default-src 'self'; frame-src https://www.google.com https://forms.hsforms.com; script-src 'self' 'sha256-7Y4cJY0mqvPonOInOT8niwU3D9HLQNL8gZhKeOYFKvo=' https://js.hsforms.net/forms/v2.js https://forms.hsforms.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.hsadspixel.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://cdn.heapanalytics.com/ https://www.clarity.ms https://www.googletagmanager.com https://www.google-analytics.com http://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.hs-analytics.net; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; connect-src 'self' https://hubspot-forms-static-embed.s3.amazonaws.com/prod/8870246/3b963190-42f0-4c10-92de-945c798eddb5.json.gz https://forms.hsforms.com/emailcheck/v1/json-ext https://forms.hubspot.com https://api.hsforms.com https://api.hubapi.com https://www.clarity.ms https://script.google.com https://hooks.slack.com https://script.googleusercontent.com https://www.google-analytics.com https://stats.g.doubleclick.net; object-src 'self'; img-src * 'self' data: https:; frame-ancestors 'self'; 1
default-src * blob:;connect-src 'self' 'unsafe-inline' https://px.ads.linkedin.com https://app.clearbit.com https://adservice.google.com  https://dev.visualwebsiteoptimizer.com https://cdn.bizible.com https://api.craftcms.com https://region1.analytics.google.com/ https://stats.g.doubleclick.net https://analytics.google.com https://*.6sc.co https://*.6sense.com https://*.fullstory.com https://*.getkoala.com/ https://www.redditstatic.com/ https://www.apollo.io/ https://assets.apollo.io https://signalwire.com https://www.facebook.com wss://*.signalwire.com https://*.signalwire.com https://cdn.signalwire.com https://signalwire.s3-us-west-2.amazonaws.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://app.termly.io https://munchkin.marketo.net https://262-hgr-311.mktoresp.com http://262-hgr-311.mktoweb.com https://262-hgr-311.mktoweb.com  http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat;frame-src 'self' https://www.facebook.com https://js.stripe.com https://www.youtube.com https://youtube.com https://*.signalwire.com https://cdn.signalwire.com https://www.google.com https://www.gstatic.com https://app.termly.io https://vars.hotjar.com https://game.crisp.chat http://262-hgr-311.mktoweb.com https://262-hgr-311.mktoweb.com;child-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com blob:;worker-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com blob:;style-src 'self' 'unsafe-inline' https://github.githubassets.com https://tagmanager.google.com https://stackpath.bootstrapcdn.com https://*.signalwire.com https://cdn.signalwire.com https://fonts.gstatic.com https://fonts.googleapis.com https://client.crisp.chat http://262-hgr-311.mktoweb.com https://262-hgr-311.mktoweb.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://x.clearbitjs.com https://www.youtube.com https://youtube.com https://tag.clearbitscripts.com  https://dev.visualwebsiteoptimizer.com https://cdn.bizible.com https://www.clickcease.com https://ajax.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://googleads.g.doubleclick.net https://sjs.bizographics.com https://www.googleadservices.com https://tagmanager.google.com https://www.googletagmanager.com https://*.6sc.co https://*.6sense.com https://*.fullstory.com https://*.getkoala.com/ https://www.redditstatic.com/ https://www.apollo.io/ https://assets.apollo.io https://signalwire.com  https://code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://js.usemessages.com https://snap.licdn.com https://gist.github.com https://js.stripe.com https://*.signalwire.com https://cdn.signalwire.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://app.termly.io https://d3js.org https://cdn.jsdelivr.net https://munchkin.marketo.net https://262-hgr-311.mktoresp.com http://262-hgr-311.mktoweb.com https://262-hgr-311.mktoweb.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://client.crisp.chat https://settings.crisp.chat;font-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com http://mcdn.signalwire.com https://mcdn.signalwire.com https://fonts.gstatic.com https://fonts.googleapis.com http://script.hotjar.com https://script.hotjar.com https://client.crisp.chat data:;img-src * data: 1
default-src 'self' misc.poalim-site.co.il fonts.googleapis.com; img-src 'self' data: connect.facebook.net https://*.googletagmanager.com www.googletagmanager.com www.facebook.com www.google.co.il www.google.com googleads.g.doubleclick.net https://*.google-analytics.com www.google-analytics.com maps.googleapis.com https://*.gstatic.com maps.gstatic.com misc.poalim-site.co.il; script-src 'self' 'unsafe-inline' 'unsafe-eval' misc.poalim-site.co.il *.bcodes.co.il https://*.googletagmanager.com www.googletagmanager.com  www.googleadservices.com www.google-analytics.com analytics.google.com googleads.g.doubleclick.net maps.googleapis.com www.youtube.com tagmanager.google.com connect.facebook.net; connect-src 'self' misc.poalim-site.co.il stats.g.doubleclick.net https://*.google-analytics.com www.google-analytics.com maps.googleapis.com www.youtube.com youtu.be https://*.analytics.google.com https://*.googletagmanager.com www.facebook.com analytics.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com; frame-src 'self' open.spotify.com tools.bizportal.co.il bid.g.doubleclick.net td.doubleclick.net *.bcodes.co.il www.youtube.com poalimcalculator.kavmanche.co.il www.facebook.com https://butterfly-button.web.app; font-src 'self' fonts.gstatic.com fonts.googleapis.com; report-to default 1
frame-ancestors 'self' *.mastercard.com *.cardinalcommerce.com *.adyen.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' http://cdn.appdynamics.com http://sin-col.eum-appdynamics.com https://safe1.dbswiso.prd https://safe2.dbswiso.prd sin-col.eum-appdynamics.com cdn.appdynamics.com *.mastercard.com *.cardinalcommerce.com *.adyen.com dbs-widgets.factsetdigitalsolutions.com dbs-api.factsetdigitalsolutions.com *.agoda.net *.travelapi.com api.emmprd.asia.manulife.com ap-gateway.mastercard.com adservice.google.com.sg www.prv.dbs.com.sg adservice.google.com.tw *.safeframe.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com www.google.com.tw csi.gstatic.com pagead2.googlesyndication.com securepubads.g.doubleclick.net www.googletagmanager.com tagmanager.google.com fonts.googleapis.com ssl.gstatic.com https://go.dbs.com www.gstatic.com fonts.gstatic.com www.google-analytics.com analytics.google.com ssl.google-analytics.com www.googleadservices.com www.google.com googleads.g.doubleclick.net bid.g.doubleclick.net securepubads.g.doubleclick.net http://q-xx.bstatic.com http://dom.jtb.co.jp secure.worldpay.com centinelapi.cardinalcommerce.com images.krisshop.com http://pix6.agoda.net maps.gstatic.com *.googleapis.com *.ggpht.com edge.prod-ext.api.manulife.com  cm.g.doubleclick.net fcmatch.google.com fcmatch.youtube.com www.trinaxmind.com api-us.faceplusplus.com cdn.glassboxcdn.com report.gbpilot.glassboxdigital.io report.dbs.glassboxdigital.io s.ytimg.com  idealanalyticsapi.dbs.com vc.hotjar.io dbs.com.sg https://qmslivechat.dbs.com www.orangeteeproperties.com storage.googleapis.com v1.addthisedge.com v1.addthis.com ampcid.google.com adservice.google.com ad.doubleclick.net ampcid.google.com.sg amp-error-reporting.appspot.com cdn.ampproject.org ssl.gstatic.com i.travelapi.com http://www.tripadvisor.com marketplace.dbs.com.sg marketplace-pilot.dbs.com.sg avp.blob.core.windows.net marketplace-pilot.dbs.com in.hotjar.com prod2-content-care-community-cdn.sprinklr.com script.hotjar.com vars.hotjar.com http://www.outbrain.com static.hotjar.com pixel.tapad.com res.cloudinary.com sc4.omniture.com authorize.omniture.com authorize.omniture.com sitecatalyst.omniture.com marketplace.dbs.com tagmanager.google.com wss://chatbanking.dbs.com gllt.morningstar.com img.tepcdn.com wss://qmslivechat.dbs.com platform-lookaside.fbsbx.com http://chart.googleapis.com http://tags.crwdcntrl.net http://bs.serving-sys.com cdn.jsdelivr.net http://www.dbs.com.sg internet-banking-pilot.dbs.com.sg prod2-content.sprinklr.com prod2-care-community-cdn.sprinklr.com *.akstat.io directline.botframework.com www.dbs.com.sg qmslivechat.dbs.com cdnjs.cloudflare.com www.gstatic.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.google.com certify.alexametrics.com www.dbs.com.sg www.youtube.com www.linkedin.com www.google.com.sg bcp.crwdcntrl.net www.dbs.com www.googleapis.com ajax.googleapis.com maps.gstatic.com fonts.googleapis.com property.atomic-marketplace.com www.facebook.com dc.ads.linkedin.com chatbanking.dbs.com bat.bing.com tr.outbrain.com snap.licdn.com chart.googleapis.com assets.adobedtm.com dbs.tt.omtrdc.net somniture.dbs.com.sg dpm.demdex.net dbs.demdex.net www.posb.com.sg farm-sg.plista.com amplifypixel.outbrain.com js.adsrvr.org s.go-mpulse.net c.go-mpulse.net maxcdn.bootstrapcdn.com sjs.bizographics.com tags.crwdcntrl.net code.jquery.com tpt.mysocialpixel.com www.dbs.com.sg use.fontawesome.com ds-aksb-a.akamaihd.net googleads.g.doubleclick.net px.ads.linkedin.com bs.serving-sys.com secure-ds.serving-sys.com ssl.google-analytics.com connect.facebook.net chatbanking-uat.dbs.com qmslivechat.dbs.com i.ytimg.com scrbizim.xyz insight.adsrvr.org www.google.co.in cx.atdmt.com *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.demdex.net secure.marketinghub.hp.com m.addthisedge.com m.addthis.com s7.addthis.com graph.facebook.com api-public.addthis.com atomic-marketplace.com i.i-sgcm.com s3-ap-southeast-1.amazonaws.com by.essl.optimost.com secure.marketinghub.opentext.com chatbanking-sit.dbs.com stats.g.doubleclick.net maps.googleapis.com amplify.outbrain.com fonts.gstatic.com prod2-sprcdn-assets.sprinklr.com prod2-sprcdn.sprinklr.com lookaside.facebook.com www.sprinklr.com api-01.ubx.ibmmarketingcloud.com s7.addthis.com dbs.demdex.net platform.twitter.com d31qbv1cthcecs.cloudfront.net bid.g.doubleclick.net cdn-akamai.mookie1.com tags.tiqcdn.com wss://directline.botframework.com directline.com *.akamaihd.net *.fls.doubleclick.net wss://directline.botframework.com directline.botframework.com collect-ap-northeast-1.tealiumiq.com collect-ap-northeast-2.tealiumiq.com collect-ap-northeast-3.tealiumiq.com collect.tealiumiq.com visitor-service-ap-northeast-1.tealiumiq.com visitor-service-ap-northeast-2.tealiumiq.com visitor-service-ap-northeast-3.tealiumiq.com visitor-service.tealiumiq.com api.tealiumiq.com tealiumtags.dbs.com.sg directline.com blob: data:; style-src 'self' 'unsafe-inline' tagmanager.google.com prod2-care-community-cdn.sprinklr.com chatbanking.dbs.com qmslivechat.dbs.com wss://directline.botframework.com fonts.googleapis.com graph.facebook.com maxcdn.bootstrapcdn.com directline.botframework.com www.dbs.com.sg directline.com chatbanking.dbs.com; 1
connect-src 'self' wss://streamer.finance.yahoo.com/ http://udc.yahoo.com/v2/public/yql http://video-api.yql.yahoo.com/v1/video/sapi/streams/ https://video-api.yql.yahoo.com/v1/video/sapi/streams/ https://securepubads.g.doubleclick.net/pagead/ https://securepubads.g.doubleclick.net/gampad/ads https://securepubads.g.doubleclick.net/pcs/view https://securepubads.g.doubleclick.net/static/topics/topics_frame.html https://googleads.g.doubleclick.net/td/auctionwinner https://pagead2.googlesyndication.com/getconfig/sodar https://pagead2.googlesyndication.com/pagead/ https://pagead2.googlesyndication.com/pcs/activeview https://pagead2.googlesyndication.com/gampad/ads https://csi.gstatic.com http://geo.yahoo.com https://s.yimg.com https://*.yahoo.net https://*.yahoo.com https://*.oath.com https://*.cdn.yimg.com https://ad.doubleclick.net https://*.taboola.com https://*.liadm.com https://*.media.net https://bam.nr-data.net/ https://*.clean.gg https://*.pubmatic.com https://*.adsrvr.org https://*.criteo.com https://*.casalemedia.com https://*.taboola.com https://*.rubiconproject.com https://*.openx.net https://*.yieldmo.com https://*.media.net https://*.3lift.com https://*.sharethrough.com https://*.lijit.com/ https://*.indexww.com/ https://oathmembershipsupport.my.salesforce.com/ https://oathmembershipsupport.my.salesforce-sites.com/ https://smetrics.att.com/ https://dpm.demdex.net/ https://static.criteo.net/js/ld/publishertag.prebid.144.js; default-src 'self'; font-src 'self' data: https://finance.yahoo.com https://s.yimg.com https://fonts.gstatic.com https://cdn.taboola.com; frame-src 'self' https://www.bankrate.com https://www.credible.com https://widget-yahoo.ofx.com https://sp.analytics.yahoo.com https://yahoo.real-estate.hk https://*.safeframe.googlesyndication.com https://tpc.googlesyndication.com https://www.google.com https://securepubads.g.doubleclick.net https://console.googletagservices.com https://smartasset.com https://p.bankrate.com https://s.yimg.com https://fc.yahoo.com https://finance.yahoo.com https://guce.oath.com https://guce.yahoo.com https://consent.yahoo.com https://delivery.vidible.tv https://platform.twitter.com https://*.advertising.com https://yahoo.crunchbaseembed.com https://www.surveymonkey.com https://opus.analytics.yahoo.com/ https://openweb.jac.yahoosandbox.com/ https://www.myfinance.com https://primetime.bluejeans.com https://hb.yahoo.net/ https://cdn.yahoofinance.com/ https://checkout.yahoo.com/ https://iframely.publishing.yahoo.net https://flo.uri.sh/ https://www.youtube.com https://www.instagram.com https://static2.chartbeat.com https://chartbeat.com https://pbs.yahoo.com/ https://*.pubmatic.com https://*.adsrvr.org https://*.criteo.com https://*.casalemedia.com https://*.taboola.com https://*.rubiconproject.com https://*.openx.net https://*.yieldmo.com https://*.media.net https://*.3lift.com https://*.sharethrough.com https://*.lijit.com/ https://*.indexww.com/ https://service.force.com/ https://guce.yahoofinance.com https://att.demdex.net/ https://embed.fireplace.yahoo.com/ https://w.soundcloud.com/player/ https://www.dailymotion.com/embed/video/ https://a1.api.bbc.co.uk https://a.abcnews.go.com https://abc11.com https://abc13.com https://abc7.com https://abc7chicago.com https://abc7news.com https://abc7ny.com https://abc.go.com https://abcnews.go.com https://ad.doubleclick.net https://aol.com https://api.usatoday.com https://art19.com https://bearswire.usatoday.com https://bengalswire.usatoday.com https://billswire.usatoday.com https://books.google.com https://brightcove.hs.llnwd.net https://brownswire.usatoday.com https://buckeyeswire.usatoday.com https://bucswire.usatoday.com https://cdn.livestream.com https://celticswire.usatoday.com https://cf-particle-html-test.eip.telegraph.co.uk https://cf-particle-html.eip.telegraph.co.uk https://cf.eip.telegraph.co.uk https://chiefswire.usatoday.com https://coltswire.usatoday.com https://compass.pressekompass.net https://cowboyswire.usatoday.com https://datastudio.google.com https://dk79lclgtez2i.cloudfront.net https://docs.google.com https://drive.google.com https://e.infogr.am https://earthengine.google.com https://elections.ap.org https://embed-ssl.ted.com https://embed.4gtv.tv https://embed.etonline.com https://embed.radiopublic.com https://embed.scribblelive.com https://embed.simplecast.com https://embed.spotify.com https://embed.teamcoco.com https://embed.ted.com https://embed.theguardian.com https://embed.tumblr.com https://embed.vevo.com https://emp.bbc.co.uk https://engadget.com https://es.scribd.com https://espn.go.com https://f1.media.brightcove.com https://fightingirishwire.usatoday.com https://fivethirtyeight.abcnews.go.com https://fr.scribd.com https://fusiontables.google.com https://golfweek.usatoday.com https://graphics8.nytimes.com https://img.etonline.com https://indd.adobe.com https://interactive.vanityfair.com https://interactives.ap.org https://it.scribd.com https://king5.com https://launch.newsinc.com https://link.brightcove.com https://link.monetizer101.com https://livestream.com https://m.youtube-nocookie.com https://m.youtube.com https://maps.google.ca https://maps.google.com https://mapsengine.google.com https://media.king5.com https://media.mtvnservices.com https://media.wfaa.com https://n.rivals.com https://nbcbayarea.com https://nbcchicago.com https://nbcphiladelphia.com https://nbcwashington.com https://netswire.usatoday.com https://new.livestream.com https://nittanylionswire.usatoday.com https://o.aolcdn.com https://open.whitehouse.gov https://ophan.theguardian.com https://packerswire.usatoday.com https://partners.fantasypros.com https://pca.eonline.com https://player.cnbc.com https://player.ina.fr https://player.ooyala.com https://player.pbs.org https://player.simplecast.com https://player.snacktv.de https://player.theplatform.com https://player.vimeo.com https://player.washingtonpost.com https://podcasts.turner.com https://pressroom.turner.com https://readerschoice.allure.com https://reverb.twitter.com https://s.aolcdn.com https://s.embed.live.huffingtonpost.com https://saintswire.usatoday.com https://scache.vevo.com https://script.google.com https://secure-embed.rtve.es https://secure.hulu.com https://secure.mlb.com https://securea.mlb.com https://sep.yimg.com https://soundcloud.com https://sp.yimg.com https://spreadsheets.google.com https://ssc.independent.co.uk https://static.open-voice.vidible.tv https://static.telegraph.co.uk https://staticxx.facebook.com https://storify.com https://touchdownwire.usatoday.com https://twitter.com https://uw-media.usatoday.com https://video-api-secure.wsj.com https://video-api.wsj.com https://video.foxnews.com https://video.nhl.com https://video.thescore.com https://vimeo.com https://vine.co https://volswire.usatoday.com https://vplayer.nbcsports.com https://washingtonfootballwire.usatoday.com https://wcnc.com https://web.facebook.com https://wfaa.com https://widget.deezer.com https://widgets.ign.com https://antena3.com https://autoblog.com https://bbc.co.uk https://bloomberg.com https://cbc.ca https://cbs.com https://cbssports.com https://www.clicktivatedvideoplayer2.com https://www.clicktivatedvideoplayer.com https://www.deezer.com https://www.eonline.com https://www.facebook.com https://www.flickr.com https://www.funnyordie.com https://www.gamespot.com https://www.gq.com https://www.hellomagazine.com https://www.history.com https://www.hulu.com https://www.kcrg.com https://www.kcrw.com https://www.lasexta.com https://www.liveleak.com https://www.mediamatters.org https://www.mlb.com https://www.msnbc.msn.com https://www.nbc.com https://www.nbcnews.com https://www.nhl.com https://www.npr.org https://www.nydailynews.com https://www.nytimes.com https://www.reuters.com https://www.scribd.com https://www.sny.tv https://www.tumblr.com https://www.usatoday.com https://www.ustream.tv https://www.viddler.com https://www.viki.com https://www.washingtonpost.com https://www.whosay.com https://ssl.coveritlive.com https://yahoo.com https://youtube-nocookie.com https://documentcloud.org https://rcm-fe.amazon-adsystem.com https://embed.music.apple.com https://open.spotify.com https://view.ceros.com https://flourish.studio https://player.soundon.fm https://embedder.wirewax.com https://embed.acast.com https://vplayer.nbcolympics.com; img-src 'self' data: blob: about: https://finance.yahoo.com https://*.yimg.com https://*.yahoo.com https://*.ybp.yahoo.com https://sb.scorecardresearch.com https://*.googlesyndication.com https://www.facebook.com https://syndication.twitter.com https://securepubads.g.doubleclick.net/pagead/adview http://www.google.com/ads/measurement/l https://googleads.g.doubleclick.net/pagead/interaction/ https://platform.twitter.com https://*.wc.yahoodns.net https://*.yahoo.net https://*.cloudfront.net/pixel.gif https://yahoovod.hs.llnwd.net/pixel.gif https://vop-yahoo.secure.footprint.net/pixel.gif https://s2.coinmarketcap.com/static/img/coins/ https://*.liadm.com https://vop-yahoo.akamaized.net/pixel.gif https://pbs.twimg.com https://ping.chartbeat.net https://pong.chartbeat.net https://static2.chartbeat.com https://res.cloudinary.com https://*.taboola.com https://*.pubmatic.com https://*.adsrvr.org https://*.criteo.com https://*.casalemedia.com https://*.taboola.com https://*.rubiconproject.com https://*.openx.net https://*.yieldmo.com https://*.media.net https://*.3lift.com https://*.sharethrough.com https://*.lijit.com/ https://*.indexww.com/ https://o.aolcdn.com/images/dims https://smetrics.att.com/b/ss/attnetprod/; manifest-src 'self' https://s.yimg.com; media-src 'self' blob: https://finance.yahoo.com https://s.yimg.com; object-src 'none'; report-to csp-endpoint; report-uri https://csp.yahoo.com/beacon/csp?src=yahoofinance; sandbox allow-downloads allow-forms allow-modals allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://polyfills.yahooapis.com https://cdn.jsdelivr.net/npm/ https://edge-mcdn.secure.yahoo.com/ybar/cerebro_min.js https://*.oath.com https://s.yimg.com https://jac.yahoosandbox.com/2.0.0/jac.js https://cdn.ampproject.org/rtv/ https://securepubads.g.doubleclick.net/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://adservice.google.com/adsid/integrator.js https://securepubads.g.doubleclick.net/pagead/ https://tpc.googlesyndication.com/sodar/sodar2.js https://tpc.googlesyndication.com/pagead/js/ https://www.googletagservices.com/activeview/js/current/rx_lidar.js https://pagead2.googlesyndication.com/pagead/ https://pagead2.googlesyndication.com/gampad/ https://console.googletagservices.com/pubconsole/loader.js https://www.googletagservices.com/activeview/js/ https://hb.yahoo.net/bidexchange.js https://opus.analytics.yahoo.com/tag/opus.js https://hb.yahoo.net/tcb.js https://hb.yahoo.net/ss/nes/dfs https://pagead2.googlesyndication.com/tag/js/gpt.js https://openweb.jac.yahoosandbox.com/1.5.0/jac.js https://consent.cmp.oath.com https://*.finance.yahoo.com https://static2.chartbeat.com https://cdn.rawgit.com/dcodeIO/protobuf.js/ https://s.aolcdn.com/membership/omp-static/omp-widgets/ https://cdn.taboola.com https://gum.criteo.com/ https://service.force.com/embeddedservice/5.0/ https://*.salesforceliveagent.com/ https://oathmembershipsupport.my.salesforce.com/ https://oathmembershipsupport.my.salesforce-sites.com/ https://static.lightning.force.com/ https://platform.twitter.com https://static.criteo.net/js/ld/publishertag.prebid.144.js; style-src 'self' 'unsafe-inline' https://finance.yahoo.com https://s.yimg.com https://platform.twitter.com https://cdn.taboola.com https://service.force.com/ https://oathmembershipsupport.my.salesforce-sites.com/; worker-src 'self' blob: https://finance.yahoo.com 1
default-src 'self' 'unsafe-inline' jobs.b-ite.com; base-uri 'self'; connect-src 'self' *.preview.kkn.zd.intranet.bund.de wss://chat.userlike.com chat.userlike.com wss://umd.userlike.com userlike.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de *.cloudfront.net data-8ec206415a.dnb.de jobs.b-ite.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de *.de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net data-8ec206415a.dnb.de userlike-cdn-umm.b-cdn.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.aktion-mensch.de *.sample-videos.com *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net *.cloudfront.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.gsb.dev.materna.net *.preview.kkn.zd.intranet.bund.de *.preview.kkn.zd.intranet.bund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de *.cloudfront.net; frame-ancestors *.gsb.dev.materna.net *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 1
frame-ancestors https://metrika.yandex.ru http://webvisor.com https://is-mmk.ru https://mmk.ru http://awards.ratingruneta.ru https://awards.ratingruneta.ru 1
default-src 'self' https://bin.bnbstatic.com https://public.bnbstatic.com https://*.wistia.com https://*.wistia.net https://*.saasexch.com https://*.saasexch.co;script-src blob: 'self' 'nonce-4c622405-478f-4ccf-aae8-9ffe8275e874' https://cdn.ampproject.org https://bat.bing.com/ https://www.googletagmanager.com https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://www.youtube.com https://optimize.google.com https://monitor.geetest.com https://static.geetest.com https://api.geetest.com https://fast.wistia.com https://bin.bnbstatic.com https://www.googleanalytics.com https://www.googleoptimize.com https://*.analytics.google.com https://cdn.cookielaw.org https://euob.segreencolumn.com https://public.bnbstatic.com https://geolocation.onetrust.com https://privacyportal-bn.my.onetrust.com 'unsafe-inline' 'unsafe-eval' https://*.saasexch.com https://*.saasexch.co https://accounts.binance.com https://www.google.com https://*.wistia.com https://*.wistia.net https://src.litix.io data:;style-src 'self' 'unsafe-inline' blob: https://fast.wistia.com https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://*.saasexch.co https://optimize.google.com https://fonts.googleapis.com https://dn-staticdown.qbox.me https://static.geetest.com;font-src 'self' data: https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://*.saasexch.co https://*.wistia.com https://at.alicdn.com https://fonts.gstatic.com;connect-src 'self' https://api.saasexch.com https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://*.saasexch.co https://log.bntrace.com https://api.saasexch.com/bapi/themis/api/ wss://stream.binance.com wss://nbstream.binance.com wss://haodesk.binance.im https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://*.agora.io:* https://*.edge.agora.io:* https://*.sd-rtn.com:* https://*.edge.sd-rtn.com:* wss://*.agora.io:* wss://*.edge.agora.io:* wss://*.sd-rtn.com:* wss://*.edge.sd-rtn.com:* wss://chat-wss.yshyqxx.com https://*.s3-accelerate.amazonaws.com wss://*.binance.com https://*.binance.com https://frontend-m.binance.cloud https://sensors.binance.cloud https://report.binance.gg https://*.sentry.io https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net 'self' data: https://www.binance.com https://bat.bing.com/ https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://www.google.com/ https://image.binance.vision https://ask-api.binance.vision wss://stream.binance.com:9443 wss://ws.blockchain.info https://cdn.ampproject.org https://*.hotjar.com wss://*.hotjar.com https://*.analytics.google.com https://accounts.binance.com https://cdn.cookielaw.org wss://chat-wss.binance.com https://geolocation.onetrust.com https://privacyportal-bn.my.onetrust.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://data-collect.toolsfdg.net;img-src 'self' data: blob: 'self' data: https://bat.bing.com/ https://www.googletagmanager.com/ https://image.binance.vision http://www.google-analytics.com https://www.google-analytics.com https://*.analytics.google.com https://optimize.google.com https://static.geetest.com https://dn-staticdown.qbox.me https://bin.bnbstatic.com https://public.bnbstatic.com https://cdn.cookielaw.org https://obseu.segreencolumn.com https://www.google.com/ https://d383i2qzdd3zq2.cloudfront.net https://geolocation.onetrust.com https://privacyportal-bn.my.onetrust.com https://sensors.binance.cloud https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://*.saasexch.com https://*.saasexch.co https://public-1259603563.file.myqcloud.com https://static-file-1259603563.file.myqcloud.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://analytics.twitter.com https://t.co https://www.facebook.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://public.nftstatic.com;media-src 'self' https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://*.saasexch.co https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com;frame-src 'self' 'self' data: https://www.youtube.com https://fast.wistia.net https://embed.theblockcrypto.com https://vars.hotjar.com https://optimize.google.com https://fast.wistia.com https://bid.g.doubleclick.net;object-src 'none';base-uri 'self' 1
font-src *.fontawesome.com *.typekit.net *.twilio.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.aurusepay.com *.auruspay.com h.online-metrix.net td.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com h.online-metrix.net https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org tracking.deepsearch.adlucent.com *.twilio.com *.zumiez.com blob: *.online-metrix.net *.google.com *.googletagmanager.com *.doubleclick.net scene7.zumiez.com scene7.zumiez.ca s7d1.scene7.com *.rfksrv.com *.gstatic.com *.crowdtwist.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com h.online-metrix.net *.googletagmanager.com tracking.deepsearch.adlucent.com *.newrelic.com *.twilio.com *.scarabresearch.com *.rfk.zumiez.com *.rfk.zumiez.ca *.sc.zumiez.com *.sc.zumiez.ca *.cloudfront.net *.rfksrv.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline *.typekit.net *.aurusepay.com *.auruspay.com 'self' 'unsafe-inline'; object-src *.twilio.com *.zumiez.com blob: 'self' 'unsafe-inline'; media-src *.adobe.com *.twilio.com *.zumiez.com scene7.zumiez.com scene7.zumiez.ca 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com ws: h.online-metrix.net *.twilio.com *.zumiez.com *.aurusepay.com *.auruspay.com *.scarabresearch.com stats.g.doubleclick.net analytics.google.com bam.nr-data.net *.rfk.zumiez.com *.rfk.zumiez.ca *.sc.zumiez.com *.sc.zumiez.ca *.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.zumiez.com blob: 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.addtoany.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.youtube.com https://www.youtube-nocookie.com https://s.ytimg.com https://w.soundcloud.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.vimeo.com https://vimeo.com/api/oembed.json https://ajax.cloudflare.com https://player.vimeo.com https://static.oktopost.com/oktrk.js https://okt.to https://crmemails.ogilvy.com https://secure.link5view.com https://tag.demandbase.com https://boards.greenhouse.io https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://static.addtoany.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' data: https://static.addtoany.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://okt.to https://stats.g.doubleclick.net https://www.google.com https://www.google.co.in https://secure.link5view.com https://crmemails.ogilvy.com https://match.prod.bidr.io https://segments.company-target.com *.ads.linkedin.com; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://w.soundcloud.com https://static.addtoany.com https://boards.greenhouse.io https://td.doubleclick.net; frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com https://tagmanager.google.com data:; connect-src 'self' https://www.google-analytics.com https://bam.nr-data.net https://api.company-target.com https://stats.g.doubleclick.net https://boards-api.greenhouse.io https://boards.greenhouse.io/ https://analytics.google.com/ *.ads.linkedin.com; report-uri /report-csp-violation 1
frame-ancestors 'self' *.chatbot.com; 1
child-src 'self' go.pardot.com forms.office.com *.reciteme.com *.typeform.com syndication.twitter.com npl-digital.gitlab-docs.npl.co.uk cdn.jsdelivr.net vars.hotjar.com api.altmetric.com badge.dimensions.ai cdn.pydata.org d1bxh8uas1mnw7.cloudfront.net https://twitter.com https://cdn.syndication.twimg.com https://platform.twitter.com *.moatads.com *.addthisedge.com *.npl.co.uk *.e-npl.co.uk *.scribd.com *.issuu.com *.google.com *.amrislive.com player.vimeo.com s7.addthis.com www.youtube.com *.webspellchecker.net npldigital.atlassian.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.reciteme.com  *.typeform.com  syndication.twitter.com npl-digital.gitlab-docs.npl.co.uk cdn.jsdelivr.net static.hotjar.com script.hotjar.com www.gstatic.com api.altmetric.com badge.dimensions.ai cdn.pydata.org d1bxh8uas1mnw7.cloudfront.net https://platform.twitter.com https://twitter.com https://cdn.syndication.twimg.com *.moatads.com *.addthisedge.com  script.crazyegg.com fast.fonts.net m.addthisedge.com m.addthis.com s7.addthis.com www.googletagmanager.com www.google-analytics.com tagmanager.google.com maps.googleapis.com *.google.com *.webspellchecker.net npldigital.atlassian.net; 1
default-src https: 'self'; font-src https: data:;  img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarkcountynv.gov https://*.govdelivery.com  https://*.revize.com https://cdnjs.cloudflare.com https://www.gstatic.com https://cdn.userway.org https://*.google.com https://siteimproveanalytics.com https://*.jsdelivr.net https://*.jquery.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://api.recollect.net/ https://assets.us.recollect.net https://*.govdelivery.com https://s3.amazonaws.com http://*.leg.state.nv.us/ http://*.facebook.net/ http://*.simpli.fi/ https://static.ctctcdn.com/; style-src * 'unsafe-inline' 1
frame-ancestors https://*.bizapedia.com 1
base-uri 'self'; default-src 'self' *.shopify.com *.ctfassets.net *.zdassets.com *.vimeo.com *.youtube.com *.klaviyo.com *.cloudfront.net *.segment.com *.segment.io *.yotpo.com *.organiccdn.io organiccdn.io *.organicly.io *.doucbleclick.net *.amazon-adsystem.com *.33across.com *.presage.io *.gumgum.com *.adnxs.com *.sonobi.com *.casalemedia.com *.criteo.com *.kargo.com *.googlesyndication.com *.doubleclick.net *.criteo.net *.a2z.com *.gstatic.com *.sentry.io *.cookielaw.org *.onetrust.com *.vimeocdn.com *.googletagmanager.com 'self' 'nonce-a3039b5bd0eea862f32fa29944a3907f' https://cdn.shopify.com https://shopify.com; frame-ancestors *.contentful.com; style-src 'self' *.ctfassets.net *.typekit.net *.klaviyo.com *.yotpo.com *.organiccdn.io organiccdn.io *.vimeocdn.com 'self' 'unsafe-inline' https://cdn.shopify.com; connect-src self *.yotpo.com vimeo.com *.zdassets.com *.zendesk.com *.klaviyo.com *.organiccdn.io organiccdn.io *.organicly.io *.doucbleclick.net *.amazon-adsystem.com *.33across.com *.presage.io *.gumgum.com *.adnxs.com *.sonobi.com *.casalemedia.com *.criteo.com *.kargo.com *.googlesyndication.com *.doubleclick.net *.criteo.net *.a2z.com *.gstatic.com *.sentry.io *.segment.com *.segment.io *.yotpo.com *.cookielaw.org *.onetrust.com *.vimeocdn.com *.googletagmanager.com *.myshopify.com *.omnitagjs.com *.google.com *.google-analytics.com *.pubmatic.com 'self' https://monorail-edge.shopifysvc.com https://field-stream.myshopify.com https://field-stream.myshopify.com; font-src 'self' *.typekit.net data: localhost:* *.shopify.com *.yotpo.com; script-src * 'self' 'unsafe-eval' 'nonce-a3039b5bd0eea862f32fa29944a3907f'; img-src *; frame-src *; media-src *; object-src *; child-src * 1
frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com *.forsalebyowner.com *.int.fsbocloud.net 1
connect-src *; frame-src *; media-src blob: https:; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' *.amplience.net;upgrade-insecure-requests 1
default-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https:;img-src 'self'  https: data:;style-src 'self' 'unsafe-inline' *.swiftypecdn.com *.twitter.com cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com maxcdn.bootstrapcdn.com;font-src 'self' *.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com data:;connect-src 'self' *;base-uri 'self';frame-src 'self' *.tourial.com player.vimeo.com *.stripe.com www.facebook.com www.google.com platform.twitter.com *.cookiebot.eu;form-action 'self' *.stripe.com *.swiftype.com cc.swiftype.com k.clarity.ms www.facebook.com www.google.com; report-uri https://www.netwrix.com/Resources/LogCSP 1
default-src 'self' data: ws: blob: *.nr-data.net fonts.gstatic.com fonts.googleapis.com *.facebook.com *.office365.com *.kuka.com *.mouseflow.com *.zscaler.net d2csxpduxe849s.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.embedly.com *.embed.ly *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.facebook.net snap.licdn.com *.linkedin.com *.bing.com *.ads-twitter.com *.twitter.com *.bizographics.com *.baidu.com *.google.com *.gstatic.com *.instabot.io *.yandex.ru *.convertwork.cn *.hotjar.com *.cavy9soho.com *.cloudflare.com *.force.com *.my.salesforce.com *.salesforceliveagent.com *.kuka.com *.cloudflareinsights.com *.mouseflow.com *.zscaler.net *.youtube.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.force.com *.kuka.com *.googletagmanager.com; child-src 'self' blob: *.vimeo.com; frame-src 'self' *.quartalflife.com *.youtube.com *.youtu.be *.youku.com *.embedly.com *.embed.ly player.youku.com https: *.doubleclick.net snap.licdn.com *.presono.com *.linkedin.com *.juicer.io *.audi-mediacenter.com *.office365.com *.mouseflow.com; connect-src 'self' data: ws: blob: *.googleadservices.com *.googlesyndication.com adservice.google.com *.instabot.io *.yandex.ru *.hotjar.com *.bing.com *.office365.com *.kuka.com *.mouseflow.com *.convertwork.cn noembed.com *.google.com *.doubleclick.net; frame-ancestors 'self' https://kuka.presono.com *.kuka.com *.sandbox.my.site.com 1
upgrade-insecure-requests; frame-ancestors 'self' *.seznam.cz www.sreality.cz admin.sreality.cz *.sreality.cz; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.hit.gemius.pl *.im.cz *.imedia.cz *.imedia.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.cz *.sdn.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.seznam.cz *.sklik.cz *.sreality.cz *.sreality.cz *.szn.cz ads.celtra.com ams.creativecdn.com browser.sentry-cdn.com connect.facebook.net gacz.hit.gemius.pl scz.hit.gemius.pl https://www.sreality.cz login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz ; script-src-elem blob: 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.hit.gemius.pl *.im.cz *.imedia.cz *.imedia.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.cz *.sdn.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.seznam.cz *.sklik.cz *.sreality.cz *.sreality.cz *.szn.cz ads.celtra.com ams.creativecdn.com browser.sentry-cdn.com connect.facebook.net gacz.hit.gemius.pl scz.hit.gemius.pl https://www.sreality.cz login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz 1
frame-ancestors 'self' *.telia.ee 1
frame-ancestors *.retentionscience.com 1
default-src 'unsafe-inline' 'unsafe-eval' https:; img-src https: data:; font-src https: data: 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.www.shopping.com *.ebaystatic.com *.www.shopping.com *.ebaystatic.cn *.gstatic.com *.googleapis.com use.fontawesome.com; connect-src 'self' *.ebay.com *.www.shopping.com *.ebaystatic.com *.www.shopping.com data: *.google-analytics.com *.perfdrive.com *.analytics.google.com *.doubleclick.net *.googleapis.com *.shopping.com *.ebayimg.com wss://127.0.0.1:* *.amplitude.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ebay.com *.www.shopping.com *.ebaystatic.com *.www.shopping.com *.ebaystatic.cn blob: data: *.google-analytics.com *.googletagmanager.com *.fidoapi.com *.translate.google.com *.akamaihd.net; upgrade-insecure-requests; frame-ancestors 'none' ; img-src 'self' data: https://*; default-src 'self' blob: data: wss: mediastream: *.ebay.com *.www.shopping.com *.ebaystatic.com *.www.shopping.com *.ebayimg.com *.shopping.com *.gstatic.com https://github.com/google *.fontawesome.com *.bootstrapcdn.com *.doubleclick.net *.cloudflare.com;  report-uri https://monitor.ebay.com/csp-report/sdcui/DefaultPage?id=2162557078521529389&rid=t6paerj1%3Fdlkr%3D9vbdvl2%3E%60jhs.2b1712%3F41e*rvj%60p-190ecc7ac92-0x1703#pd 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.unpri.org; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sfasu.edu *.tableau.com *.typekit.net cdn.jsdelivr.net *.fontawesome.com *.google-analytics.com *.facebook.net *.facebook.com *.newrelic.com *.nr-data.net *.ocelotbot.com *.vimeo.com *.technolutions.net *.adroll.com *.consensu.org *.simpli.fi *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google.com *.b0e8.com *.dstillery.com *.marchex.io *.quantserve.com *.adsrvr.org *.bc0a.com *.media6degrees.com *.quantcount.com *.adentifi.com *.meritpages.com *.cloudflare.com unpkg.com *.jsdelivr.net *.adsymptotic.com *.libanswers.com *.libcal.com *.libapps.com *.springyaws.com sfasu.libanswers.com doublethedonation.com; img-src 'self' data: *.3lift.com *.addthis.com *.adentifi.com *.adnxs.com *.adroll.com *.adsrvr.org *.adsymptotic.com *.advertising.com *.agkn.com *.apxlv.com *.b0e8.com *.bfmio.com *.bidswitch.net *.bluekai.com *.casalemedia.com *.cogocast.net *.company-target.com *.crwdcntrl.net *.demdex.net *.doubleclick.net *.dstillery.com *.exelator.com *.facebook.com *.google-analytics.com *.google.com *.googleadservices.com *.googletagmanager.com *.intentiq.com *.lijit.com *.marchex.io *.mathtag.com *.ocelotbot.com *.openx.net *.outbrain.com *.placeholder.com *.pro-market.net *.pubmatic.com *.qccerttest.com *.quantserve.com *.reson8.com *.rlcdn.com *.rubiconproject.com *.sfasu.edu *.simpli.fi *.spotxchange.com *.stickyadstv.com *.taboola.com *.tapad.com *.tremorhub.com *.trueleadid.com *.typekit.net *.yahoo.com *.youtube.com meritpages.com pippio.com thrtle.com *.s3.amazonaws.com doublethedonation.com fakeimg.pl; frame-ancestors 'self' *.sfasu.edu *.ocelotbot.com; report-uri /report-csp-violation 1
frame-ancestors 'self' indusind.com iblnic.indusind.com default-src 'self' nonce-src bank.indusind.com chatbot-api.indusind.com analytics.google.com fonts.googleapis.com fonts.gstatic.com www.google.com google.com www.googletagmanager.com googletagmanager.com www.gstatic.com gstatic.com youtube.com; 1
default-src blob: 'self' *.mgm.mo; script-src *.mgm.mo *.google.com *.gstatic.com *.recaptcha.net *.google-analytics.com *.googleadservices.com *.aliyuncs.com *.tiqcdn.com *.googletagmanager.com hm.baidu.com *.facebook.net *.bing.com *.doubleclick.net blob: 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.mgm.mo fonts.googleapis.com data:; font-src data: *.gstatic.com *.mgm.mo 'self'; img-src *.googletagmanager.com *.mgm.mo *.aliyuncs.com *.bing.com *.google-analytics.com *.google.com *.google.co.jp *.baidu.com *.facebook.com data: blob: 'self';media-src 'self' *.mgm.mo *.oss-cn-hongkong.aliyuncs.com;frame-src 'self' *.tiqcdn.com *.youtube.com *.ytimg.com *.recaptcha.net *.facebook.com *.google.com; connect-src 'self' *.mgm.mo *.google-analytics.com *.doubleclick.net *.google.com *.facebook.com; 1
frame-ancestors 'self' login.transporeon.com login.int.transporeon.nil login.dev.transporeon.nil login.test.transporeon.com www.transporeon.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: wss: ws: mediastream: iurny.com *.iurny.com indigitall.com *.indigitall.com *.stornaway.io s.w.org *.w.org *.fontawesome.com *.gravatar.com *.googletagmanager.com *.google-analytics.com *.facebook.com *.facebook.net snap.licdn.com *.linkedin.com stats.g.doubleclick.net *.google.com *.google.es *.gstatic.com; img-src 'self' data: https://secure.gravatar.com https://s.w.org https://static.hsappstatic.net; frame-src 'self' https://app.hubspot.com; connect-src 'self' wss: cdn.linkedin.oribi.io *.indigitall.com *.google.com *.linkedin.com https://exceptions.hubspot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.hubspot.com https://mcl.spur.us; worker-src 'self' blob:; frame-ancestors 'none'; 1
default-src 'none'; img-src 'self' data: https://ssl.gstatic.com https://www.gstatic.com https://res.cloudinary.com 8218820.fls.doubleclick.net https://vipps.no https://www.vipps.no https://px.ads.linkedin.com https://www.facebook.com https://maps.gstatic.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.no https://www.googletagmanager.com; object-src  'self' https://vipps.no/documents/; font-src  'self' https://fonts.gstatic.com; manifest-src 'self'; child-src 'self' 8218820.fls.doubleclick.net https://player.gobistories.co https://www.youtube-nocookie.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.googleadservices.com https://www.google.com https://maps.googleapis.com https://snap.licdn.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.gstatic.com https://www.google.com https://checkout.vipps.no https://cdn.mxpnl.com https://euwa.puzzel.com https://feedback.puzzel.com/; frame-src https://www.youtube-nocookie.com https://www.google.com https://player.gobistories.co https://8218820.fls.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src  'self' https://api.gobistories.co https://chat.vipps.no https://chat-test.vsmb.no/ https://vipps.no https://www.vipps.no https://api-eu.mixpanel.com https://api.puzzel.com/; form-action  'self' https://webto.salesforce.com https://vipps.no https://www.vipps.no https://login-staging.vipps.io/ https://login.vipps.io/ 1
default-src 'unsafe-inline' 'self' https: wss: data:; img-src blob: data: https:; media-src blob: data: https:; script-src 'unsafe-eval' 'unsafe-inline' https:; worker-src 'self' blob:; frame-ancestors 'self' https://*.unitycms.io; 1
script-src 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' *; 1
require-trusted-types-for 'script';report-uri /_/GameCenterUi/cspreport 1
frame-ancestors https://attransit.njt.gov/ https://master-7rqtwti-n2wop6ggfbwbm.us-2.platformsh.site/ 1
frame-ancestors 'self' https://www.creality.com http://*.creality.com; 1
default-src 'self' https: 'unsafe-inline' https://wam.ae https://*.wam.ae https://www.youtube.com https://s.ytimg.com https://img.youtube.com https://www.googletagmanager.com;
                                           font-src 'self' data: https://wam.ae https://*.wam.ae https://fonts.googleapis.com https://fonts.gstatic.com;
                                           style-src 'self' 'unsafe-inline' https://wam.ae https://*.wam.ae https://fonts.googleapis.com;
                                           script-src 'self' https: 'unsafe-inline' https://wam.ae https://*.wam.ae https://www.youtube.com https://s.ytimg.com https://www.googletagmanager.com;
                                           img-src 'self' data: https://wam.ae https://*.wam.ae https://img.youtube.com https://i.ytimg.com;
                                           frame-src 'self' https://wam.ae https://*.wam.ae https://www.youtube.com;
                                           connect-src 'self' https://wam.ae https://*.wam.ae https://www.google-analytics.com;
                                           object-src 'self' https://wam.ae https://*.wam.ae;
                                           media-src 'self' https://wam.ae https://*.wam.ae;
                                           form-action 'self' https://wam.ae https://*.wam.ae;
                                           frame-ancestors 'none';
                                           worker-src 'none';
                                           manifest-src 'self' https://wam.ae https://*.wam.ae;
                                           navigate-to *.wam.ae;
                                           block-all-mixed-content;
                                           child-src 'self';
                                           base-uri 'self';
                                           upgrade-insecure-requests; 1
default-src 'self' https://*.vica.gov.sg https://*.mol-vica.com https://*.dcube.cloud/ https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ https://*.wogaa.sg youtube.com www.youtube.com tourmkr.com www.tourmkr.com *.hawksearch.com *.hawksearch.net https://static.zdassets.com https://ekr.zdassets.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://v2.zopim.com https://test-gpc-1.sg.va.sabio.cloud https://assets.dcube.cloud https://assets.wogaa.sg https://api-vica-ana.vica.gov.sg https://chat.vica.gov.sg https://chat.mol-vica.com https://va.ecitizen.gov.sg https://api-vica-ana.mol-vica.com https://webchat.vica.gov.sg https://irasdigitalgallery.com/ https://www.search.gov.sg https://api.search.gov.sg https://assets.search.gov.sg https://search.gov.sg; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js blob: https://www.onemap.gov.sg https://*.vica.gov.sg https://*.mol-vica.com *.googletagmanager.com *.google-analytics.com https://www.onemap.sg/ https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net https://static.zdassets.com https://ekr.zdassets.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://v2.zopim.com https://test-gpc-1.sg.va.sabio.cloud https://assets.dcube.cloud https://assets.wogaa.sg https://api-vica-ana.vica.gov.sg https://chat.vica.gov.sg https://chat.mol-vica.com https://va.ecitizen.gov.sg https://api-vica-ana.mol-vica.com https://webchat.vica.gov.sg https://*.dcube.cloud https://assets.adobedtm.com/ https://*.wogaa.sg https://unpkg.com https://www.tiktok.com *.ttwstatic.com https://api.search.gov.sg https://www.search.gov.sg https://www.google.com https://www.gstatic.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://*.vica.gov.sg https://*.mol-vica.com https://www.onemap.sg/ https://static.zdassets.com https://ekr.zdassets.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://v2.zopim.com https://test-gpc-1.sg.va.sabio.cloud https://assets.dcube.cloud https://assets.wogaa.sg https://api-vica-ana.vica.gov.sg https://chat.vica.gov.sg https://chat.mol-vica.com https://va.ecitizen.gov.sg https://api-vica-ana.mol-vica.com https://webchat.vica.gov.sg *.ttwstatic.com https://www.search.gov.sg 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://www.onemap.sg/ www.iras.gov.sg/media/ pps.iras.gov.sg/media-cnt/ ppo.iras.gov.sg/media-ort/ ppu.iras.gov.sg/media-uat/ eysfcloudmedia.blob.core.windows.net eysfcloudmediadev.blob.core.windows.net *.azureedge.net *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://static.zdassets.com https://ekr.zdassets.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://v2.zopim.com https://test-gpc-1.sg.va.sabio.cloud https://assets.dcube.cloud https://assets.wogaa.sg https://api-vica-ana.vica.gov.sg https://chat.vica.gov.sg https://chat.mol-vica.com https://va.ecitizen.gov.sg https://api-vica-ana.mol-vica.com https://file.go.gov.sg https://webchat.vica.gov.sg https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://dpm.demdex.net/ https://*.vica.gov.sg https://www.youtube.com img.youtube.com https://*.cdninstagram.com https://assets.search.gov.sg 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://*.vica.gov.sg https://*.mol-vica.com https://static.zdassets.com https://ekr.zdassets.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://v2.zopim.com https://test-gpc-1.sg.va.sabio.cloud https://assets.dcube.cloud https://assets.wogaa.sg https://api-vica-ana.vica.gov.sg https://chat.vica.gov.sg https://chat.mol-vica.com https://va.ecitizen.gov.sg https://api-vica-ana.mol-vica.com https://webchat.vica.gov.sg https://www.search.gov.sg; frame-src www.google.com https://irasdigitalgallery.com https://www.tiktok.com https://www.youtube.com https://www.search.gov.sg https://www.google.com https://search.gov.sg 'self' web-chat.nativechat.com forms.hsforms.com; connect-src accounts.google.com wss://chat.vica.gov.sg https://*.vica.gov.sg https://*.mol-vica.com *.google-analytics.com *.mktoresp.com *.visualstudio.com *.hawksearch.com *.hawksearch.net https://static.zdassets.com https://ekr.zdassets.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://v2.zopim.com https://test-gpc-1.sg.va.sabio.cloud https://assets.dcube.cloud https://assets.wogaa.sg https://api-vica-ana.vica.gov.sg https://chat.vica.gov.sg https://chat.mol-vica.com https://va.ecitizen.gov.sg https://api-vica-ana.mol-vica.com https://webchat.vica.gov.sg https://*.dcube.cloud https://dpm.demdex.net/ https://*.wogaa.sg https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com/ https://iras-cms.s3.ap-southeast-1.amazonaws.com https://irasdigitalgallery.com/ https://api.search.gov.sg https://assets.search.gov.sg 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: *.azureedge.net https://static.zdassets.com https://*.vica.gov.sg https://*.mol-vica.com https://ekr.zdassets.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://v2.zopim.com https://test-gpc-1.sg.va.sabio.cloud https://assets.dcube.cloud https://assets.wogaa.sg https://api-vica-ana.vica.gov.sg https://chat.vica.gov.sg https://chat.mol-vica.com https://va.ecitizen.gov.sg https://api-vica-ana.mol-vica.com https://webchat.vica.gov.sg; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.onemap.gov.sg/ https://*.vica.gov.sg https://*.mol-vica.com https://www.onemap.sg/ https://www.google.com/ https://static.zdassets.com https://ekr.zdassets.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://v2.zopim.com https://test-gpc-1.sg.va.sabio.cloud https://assets.dcube.cloud https://assets.wogaa.sg https://api-vica-ana.vica.gov.sg https://chat.vica.gov.sg https://chat.mol-vica.com https://va.ecitizen.gov.sg https://api-vica-ana.mol-vica.com https://webchat.vica.gov.sg https://tourmkr.com/ https://www.tourmkr.com/ https://wogaa.demdex.net https://irasdigitalgallery.com/ web-chat.nativechat.com; frame-ancestors www.google.com 'self' 1
default-src 'self'; script-src 'self' 'nonce-MmE1NmI3YjQtNGU0My00MGUyLTllMDctNGEyZmEzNWEwODYx' 'strict-dynamic' ; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data: https://pbs.twimg.com https://abs.twimg.com images.x.ai; font-src https://use.typekit.net 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; connect-src 'self' https://x.ai https://boards-api.greenhouse.io; 1
default-src c.wgr.de 'self'; script-src c.wgr.de connect.facebook.net www.googleadservices.com www.googletagmanager.com www.google.com googleads.g.doubleclick.net www.google.de maps.googleapis.com 'self' 'unsafe-eval' 'unsafe-inline' https://l.ecn-ldr.de; style-src c.wgr.de 'self' 'unsafe-inline'; object-src 'self'; img-src c.wgr.de d32wqyuo10o653.cloudfront.net www.facebook.com googleads.g.doubleclick.net www.google.com www.google.de maps.googleapis.com *.gstatic.com 'self' data: *.econda-monitor.de; frame-src newsletter.schulbuchzentrum-online.de www.facebook.com 'self'; child-src newsletter.schulbuchzentrum-online.de www.facebook.com 'self'; font-src c.wgr.de 'self' data:; connect-src https://mein.westermann.de/ www.facebook.com 'self' *.crosssell.info *.econda-monitor.de 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ecommerce.pagosinteligentes.com as-bot-locationapi-lab.azurewebsites.net independientes.aportesenlinea.com [fdbd:dc05:ff:ff:ffdf:83bb:c4dc:a8fe]:9447 www.google.com.ar api-cdn.mypurecloud.com adservice.google.com.gt www.google.cv www.google.mg [fdbd:dc05:ff:ff:e5f9:dae0:3a94:2626]:9416 tramites.cancilleria.gov.co [fdbd:dc05:ff:ff:e82b:18f:7d34:9138]:9395 *.googlesyndication.com [fdbd:dc05:ff:ff:f176:577f:83e9:1646]:9263 [fdbd:dc05:ff:ff:ed76:c9ea:31b8:8112]:9418 [fdbd:dc05:ff:ff:f0d9:8d46:e05b:67f4]:9380 www.google.com.ly [fdbd:dc05:ff:ff:f5b0:ddc6:ee05:51ad]:9344 partners.safetypay.com [fdbd:dc05:ff:ff:fb6d:6df7:c397:d163]:9290 [fdbd:dc05:ff:ff:ecac:ffee:2509:4d06]:9496 www.google.sk [fdbd:dc05:ff:ff:fb15:fc96:f921:2018]:9354 [fdbd:dc05:ff:ff:f03f:27ec:1335:abf2]:9468 adservice.google.de [fdbd:dc05:ff:ff:f492:a9cf:cd64:4fa5]:9261 [fdbd:dc05:ff:ff:e9b8:accc:bea3:1064]:9430 [fdbd:dc05:ff:ff:fe0b:4d69:a97f:ddb5]:9316 www.google.com.pe www.google.cd www.google.co.vi landing.datawifi.co production.wompi.co www.google.lt www.mercadopago.com www.google.co.in [fdbd:dc05:ff:ff:e886:be65:7455:8ec]:9319 clientes.flypass.com.co api.vkanalytics.net adservice.google.al www.google.mw [fdbd:dc05:ff:ff:feef:5333:f563:9fb1]:9253 [fdbd:dc05:ff:ff:eb3f:d4e6:b807:1d4]:9235 [fdbd:dc05:ff:ff:f4fe:393d:c2ae:458a]:9309 www.google.gr qncdn.aoscdn.com [fdbd:dc05:ff:ff:fdda:26f0:9b32:6899]:9302 ssl.gstatic.com api.kushkipagos.com www.google.com.tr www.google.ga [fdbd:dc05:ff:ff:e7f4:2d7f:4b04:e056]:9240 [fdbd:dc05:ff:ff:ff41:ca84:5f1f:9893]:9419 payonline-web.sistecredito.com api.mypurecloud.com *.botframework.com serviciosweb.shd.gov.co [fdbd:dc05:ff:ff:ec5a:7a:796f:be8d]:9478 [fdbd:dc05:ff:ff:ebfd:74f1:834a:6696]:9437 www.alkosto.com [fdbd:dc05:ff:ff:fbc9:8db8:3847:33b9]:9323 [fdbd:dc05:ff:ff:e9bb:f12c:7058:720a]:9402 www.mipagoamigo.com [fdbd:dc05:ff:ff:ed6c:7973:6ec1:92f9]:9444 [fdbd:dc05:ff:ff:f414:a673:3e2f:6cd0]:9243 [fdbd:dc05:ff:ff:effe:3cd2:db57:2848]:9374 [fdbd:dc05:ff:ff:eaff:3c93:711e:279a]:9387 *.js-agent.newrelic.com www.banco.colpatria.com.co adservice.google.hu [fdbd:dc05:ff:ff:e7f4:2d7f:4b04:e056]:9229 *.doubleclick.net *.eloqua.com [fdbd:dc05:ff:ff:fc86:42f1:dfab:2265]:9442 [fdbd:dc05:ff:ff:e807:2350:d625:b06b]:9249 www.google.am [fdbd:dc05:ff:ff:e7d4:c752:2e96:70ef]:9259 [fdbd:dc05:ff:ff:e256:c463:d9e1:485]:9303 [fdbd:dc05:ff:ff:e6c1:77bd:1c0:da40]:9205 www.google.tn www.google.com.cy secure-checkout.payvalida.com www.google.com.bd api.solaranalyticscorp.com s1585023691.t.eloqua.com www.google-analytics.com [fdbd:dc05:ff:ff:e8f6:35c3:deff:8f92]:9216 adservice.google.gr api.socialsolutionapp.com [fdbd:dc05:ff:ff:e2e4:15c6:6e28:3f40]:9241 www.google.pt apm.safecharge.com adservice.google.tn [fdbd:dc05:ff:ff:ea77:eb18:a52e:981a]:9318 www.google.jo www.google.fr [fdbd:dc05:ff:ff:ef47:c605:2920:dc0]:9215 [fdbd:dc05:ff:ff:fad9:b9a7:ae0e:1fcc]:9446 [fdbd:dc05:ff:ff:e45f:8a22:4186:8d9e]:9465 [fdbd:dc05:ff:ff:e72:654b:e13:e2f9]:9485 [fdbd:dc05:ff:ff:e9e0:846:5003:bf6e]:9400 [fdbd:dc05:ff:ff:e61d:5099:5ba8:60b8]:9344 www.google.sn lsrelay-config-production.s3.amazonaws.com www.google.co.ug adservice.google.sk [fdbd:dc05:ff:ff:f414:a673:3e2f:6cd0]:9270 www.google.cf www.google.lv rialto-gms.s3.amazonaws.com secure-short.payv.co registro.pse.com.co empresas.miplanilla.com www.google.vg www.google.nl [fdbd:dc05:ff:ff:f25c:a29b:155:1ab6]:9479 [fdbd:dc05:ff:ff:fbd4:df8e:c4a9:aa6e]:9247 [fdbd:dc05:ff:ff:fb6d:6df7:c397:d163]:9311 oppvm9uoxg.execute-api.us-east-1.amazonaws.com [fdbd:dc05:ff:ff:fe0b:4d69:a97f:ddb5]:9393 [fdbd:dc05:ff:ff:f27d:9f23:a4db:2c7]:9405 gateway2.tucompra.com.co [fdbd:dc05:ff:ff:ea30:b3ca:f93e:e759]:9268 [fdbd:dc05:ff:ff:e38e:7873:cf1f:e2cf]:9492 [fdbd:dc05:ff:ff:ea77:eb18:a52e:981a]:9392 [fdbd:dc05:ff:ff:f582:44f5:1f55:e366]:9212 pagos.eaab.gov.co etb.com [fdbd:dc05:ff:ff:f719:78b2:b35f:e4aa]:9288 [fdbd:dc05:ff:ff:e550:3edf:df13:4fd]:9488 www.google.co.ke adservice.google.com.ar [fdbd:dc05:ff:ff:ed76:c9ea:31b8:8112]:9240 [fdbd:dc05:ff:ff:ed66:9fe3:1632:b267]:9296 davivienda.com www.google.co.uz www.google.com.gt [fdbd:dc05:ff:ff:ef47:a463:e130:7ab6]:9287 www.google.ps cobrowse.mypurecloud.com [fdbd:dc05:ff:ff:f5b0:ddc6:ee05:51ad]:9261 www.bancodeoccidente.com.co www.google.com.my [fdbd:dc05:ff:ff:ecf5:c2db:4101:a9ef]:9485 www.google.bs link.globalpay.com.co [fdbd:dc05:ff:ff:ea4d:adb5:bb0f:6084]:9453 as-bot-empresas-pro.azurewebsites.net apps.mypurecloud.com [fdbd:dc05:ff:ff:fbd4:df8e:c4a9:aa6e]:9270 [fdbd:dc05:ff:ff:f553:4681:7e5c:8a6a]:9261 wss://hdndukmu7i.execute-api.us-east-1.amazonaws.com [fdbd:dc05:ff:ff:ee93:7b07:93c7:7924]:9500 [fdbd:dc05:ff:ff:eb2:729d:5ba0:8c3e]:9267 adservice.google.lt ipn.depositcheckout.com cdnmi.global-cache.online [fdbd:dc05:ff:ff:ea24:22bd:62dc:9dde]:9200 [fdbd:dc05:ff:ff:f5dc:55b3:1940:2450]:9466 www.google.com.pa tags.bluekai.com cos469m71m.execute-api.us-east-1.amazonaws.com booking.avianca.com www.google.lu www.google.dz [fdbd:dc05:ff:ff:facb:69c4:f2e1:d125]:9450 [fdbd:dc05:ff:ff:e72:654b:e13:e2f9]:9408 [fdbd:dc05:ff:ff:fef3:5ddf:ad8c:14b0]:9475 adservice.google.com.pe adservice.google.co.in www.movilexito.com [fdbd:dc05:ff:ff:f3cf:394b:81cb:add5]:9279 adservice.google.cv 7896543.s3.amazonaws.com [fdbd:dc05:ff:ff:f792:cb4b:9497:522]:9464 maps.gstatic.com [fdbd:dc05:ff:ff:eda3:c8c1:87c7:a766]:9470 [fdbd:dc05:ff:ff:fc75:e423:4b99:4e59]:9294 [fdbd:dc05:ff:ff:fec8:b89:bef:b4c6]:9346 as-statistics-empresas-pro.azurewebsites.net [fdbd:dc05:ff:ff:ea1c:5688:93a9:41fd]:9362 www.colsubsidio.com www.google.be [fdbd:dc05:ff:ff:eea:4168:5afd:5247]:9411 [fdbd:dc05:ff:ff:f88c:6120:46d3:68b1]:9276 [fdbd:dc05:ff:ff:f47:4ea7:91e1:4f84]:9448 www.google.cz fonts.gstatic.com img03.en25.com www.google.mk analytics.google.com bf52864zaf.bf.dynatrace.com www.google.co.ve [fdbd:dc05:ff:ff:f27d:9f23:a4db:2c7]:9421 [fdbd:dc05:ff:ff:fd53:1637:2257:ab3e]:9428 www.google.ci [fdbd:dc05:ff:ff:f54b:122:2c3f:f8bc]:9396 [fdbd:dc05:ff:ff:e75c:968f:4e96:fc5f]:9346 www.google.tt [fdbd:dc05:ff:ff:f906:6873:314f:7424]:9351 www.edificiosdavivienda.com www.youtube.com www.google.no 1.b406929acabac9b095f124c81bdfcf57f.com [fdbd:dc05:ff:ff:e9eb:95f2:c4d7:cd57]:9289 js-agent.newrelic.com adservice.google.com.hk csi.gstatic.com [fdbd:dc05:ff:ff:e97e:182c:c5:de1f]:9457 attestation.android.com www.google.ch [fdbd:dc05:ff:ff:f74c:491:d5b0:30c5]:9234 [fdbd:dc05:ff:ff:f962:94f2:8f88:9953]:9442 *.windows.net www.google.com.mx www.gstatic.com [fdbd:dc05:ff:ff:ee93:7b07:93c7:7924]:9461 www.google.com.pr www.google.com.br www.google.com.jm despegar.com.co [fdbd:dc05:ff:ff:f8ad:37b2:d18f:12e4]:9216 adservice.google.is adservice.google.com.uy [fdbd:dc05:ff:ff:e9b2:5ae2:fe0b:713b]:9495 adservice.google.co.jp [fdbd:dc05:ff:ff:ec3f:3e9a:922:4158]:9357 [fdbd:dc05:ff:ff:e713:657c:7a34:bfb8]:9212 [fdbd:dc05:ff:ff:e244:c51b:f3f0:d342]:9492 [fdbd:dc05:ff:ff:f257:a0b0:7127:f09a]:9414 adservice.google.it www.google.com.ni adservice.google.se [fdbd:dc05:ff:ff:e727:776:74b1:d606]:9234 [fdbd:dc05:ff:ff:e466:1dd8:568e:20bc]:9497 www.google.ge www.despegar.com.co adservice.google.com.gh secure.payco.co [fdbd:dc05:ff:ff:ee5a:851c:bc23:471]:9227 adservice.google.com.kw [fdbd:dc05:ff:ff:f181:1f6d:a6b3:a847]:9493 [fdbd:dc05:ff:ff:f61a:9771:d084:d603]:9399 www.google.com [fdbd:dc05:ff:ff:f1ec:c470:54ea:fa2b]:9449 gateway1.ecollect.co [fdbd:dc05:ff:ff:eb9e:3f3a:b5b5:1194]:9211 www.google.com.ua adservice.google.com.sa www.google.co.ao adservice.google.com.au [fdbd:dc05:ff:ff:f9c6:ce1:7beb:ebd4]:9236 www.google.com.cu adservice.google.co.il www.google.com.om adservice.google.co.zw api.datacloudstat.com www.google.dk cs.hae123.cn www.davivienda.com.co adservice.google.fi www.google.com.lb dvvapps.io [fdbd:dc05:ff:ff:f747:302:c81:cdb2]:9248 www.rushbet.co *.facebook.net www.google.com.vc [fdbd:dc05:ff:ff:f346:3b16:677f:cbec]:9420 [fdbd:dc05:ff:ff:fb9a:eb80:32d4:628f]:9486 *.mypurecloud.com adservice.google.com.py tl.ytlogs.ru [fdbd:dc05:ff:ff:fe0e:7106:3dae:be95]:9235 transaction-redirect.wompi.co [fdbd:dc05:ff:ff:eefc:155f:6116:751b]:9269 [fdbd:dc05:ff:ff:e26:466a:fb4e:3420]:9287 *.google.com www.google.bg [fdbd:dc05:ff:ff:ff07:64a2:97c:ae14]:9254 [fdbd:dc05:ff:ff:ffff:455:14a:67bb]:9249 [fdbd:dc05:ff:ff:ea4e:e6ef:cce1:5754]:9435 *.nr-data.net [fdbd:dc05:ff:ff:f2d:91e3:72ca:6c68]:9354 www.avvillas.com.co adservice.google.pl [fdbd:dc05:ff:ff:f006:97e0:a0d4:4c2e]:9234 [fdbd:dc05:ff:ff:ef24:eaee:9ac2:2d14]:9373 www.google.co.mz adservice.google.com.ph [fdbd:dc05:ff:ff:f618:2501:6c:6d3]:9429 adservice.google.com.tw ssl.google-analytics.com [fdbd:dc05:ff:ff:e9b2:5ae2:fe0b:713b]:9264 independientes.miplanilla.com cdn.honey.io [fdbd:dc05:ff:ff:e397:f72c:d3f6:c46a]:9444 [fdbd:dc05:ff:ff:e33d:586f:b744:fc32]:9485 [fdbd:dc05:ff:ff:fc99:90ef:f75:30cc]:9284 webcheckout.payty.com [fdbd:dc05:ff:ff:f47:4ea7:91e1:4f84]:9204 adservice.google.com.na www.google.sr api.mkmediaworks.com adservice.google.co.ve [fdbd:dc05:ff:ff:e91c:3dd2:a330:373a]:9433 www.hawkersco.com [fdbd:dc05:ff:ff:e514:50f8:3bcc:2716]:9367 adservice.google.com.bz www.google.co.kr [fdbd:dc05:ff:ff:e887:7f2:4f99:d7e7]:9451 bcdn-god.we-stats.com [fdbd:dc05:ff:ff:fcb7:5350:af3c:1756]:9338 [fdbd:dc05:ff:ff:ea4e:e6ef:cce1:5754]:9366 [fdbd:dc05:ff:ff:ff3a:1296:8d03:d060]:9487 [fdbd:dc05:ff:ff:f95b:64b5:5716:97d]:9484 googletagmanager.com [fdbd:dc05:ff:ff:f068:ab68:e4ae:504b]:9338 www.google.co.zw www.google.bf [fdbd:dc05:ff:ff:fad8:7b5b:8efb:cd9f]:9256 www.google.co.il [fdbd:dc05:ff:ff:e6c1:77bd:1c0:da40]:9468 www.google.com.ng www.google.gy *.apps.mypurecloud.com www.google.at *.googleadservices.com prod.daviviendaapp.com checkout.payulatam.com [fdbd:dc05:ff:ff:f0ab:6e89:26e3:b34a]:9358 adservice.google.com.ec transacciones.bancofinandina.com adservice.google.co.kr www.google.co.jp adservice.google.hr [fdbd:dc05:ff:ff:f423:ec6d:c8a4:e20e]:9211 [fdbd:dc05:ff:ff:f346:3b16:677f:cbec]:9376 adservice.google.com.kh www.google.com.bo directline.botframework.com [fdbd:dc05:ff:ff:eefe:478b:2013:6cad]:9330 1.c81358859121583b7adf2ace89cb39f44.com maxcdn.bootstrapcdn.com www.pagos.alkomprar.com [fdbd:dc05:ff:ff:f792:cb4b:9497:522]:9468 portalpagos.claro.com.co nuevaversion.bbvanet.com.co [fdbd:dc05:ff:ff:f9e2:a028:4b09:7ac2]:9341 www.pasarelapagosaval.com directv.paymentez.com [fdbd:dc05:ff:ff:e713:657c:7a34:bfb8]:9265 [fdbd:dc05:ff:ff:fcb6:3fab:7f1e:b884]:9384 *.bam.nr-data.net transacciones.tigo.com.co adservice.google.ie adservice.google.co.ao [fdbd:dc05:ff:ff:ee27:1fad:1494:3b45]:9244 adservice.google.com.af www.google.com.qa adservice.google.ru msecure.epayco.co [fdbd:dc05:ff:ff:ed66:9fe3:1632:b267]:9274 www39.todo1.com [fdbd:dc05:ff:ff:f0bd:3269:a9f4:8c8f]:9500 www.google.com.sg [fdbd:dc05:ff:ff:eadf:f227:8d5b:a779]:9467 [fdbd:dc05:ff:ff:e23b:9735:58ef:2008]:9464 [fdbd:dc05:ff:ff:f167:4369:e1fc:a0d]:9318 google.com [fdbd:dc05:ff:ff:e56c:14f9:3d27:657f]:9428 api.highdataanalytics.com [fdbd:dc05:ff:ff:e97e:182c:c5:de1f]:9351 transac.segurosbolivar.com rappi.com *.facebook.com [fdbd:dc05:ff:ff:f1b5:d411:acbb:9c5a]:9315 adservice.google.co.za www.davivienda.cr www.google.com.eg api.freevideoguard.org api.solarspireconsulting.com www.google.com.mt [fdbd:dc05:ff:ff:f5b0:ddc6:ee05:51ad]:9339 www.pagodigital.co [fdbd:dc05:ff:ff:ef47:c605:2920:dc0]:9328 adservice.google.gy colvdox7cg.execute-api.us-east-1.amazonaws.com www.google.ae [fdbd:dc05:ff:ff:e37f:859f:6841:2719]:9286 adservice.google.at www.zonapagos.com [fdbd:dc05:ff:ff:ea1e:793a:4c8f:bb05]:9408 [fdbd:dc05:ff:ff:f6a7:c648:9d4e:1df8]:9273 adservice.google.com.ag www.google.hn [fdbd:dc05:ff:ff:fe63:c621:b2dc:c9e2]:9215 www.google.co.id [fdbd:dc05:ff:ff:fdd8:d182:a3d3:3706]:9446 checkout.placetopay.com www.googletagservices.com servicio.nuevosoi.com.co *.despegar.com.co [fdbd:dc05:ff:ff:f27d:9f23:a4db:2c7]:9426 adservice.google.com adservice.google.com.sv [fdbd:dc05:ff:ff:ef24:eaee:9ac2:2d14]:9246 www.google.cl adservice.google.bg [fdbd:dc05:ff:ff:f492:a9cf:cd64:4fa5]:9362 adservice.google.sr [fdbd:dc05:ff:ff:fe0b:4d69:a97f:ddb5]:9226 region1.analytics.google.com www.enlace-apb.com [fdbd:dc05:ff:ff:e8fe:af87:4342:ef7e]:9286 adservice.google.com.co [fdbd:dc05:ff:ff:fa93:ee5:442f:b357]:9387 [fdbd:dc05:ff:ff:f0c7:20e9:4e2d:6118]:9228 [fdbd:dc05:ff:ff:f346:3b16:677f:cbec]:9202 recarga-daviplata.epayco.co overbridgenet.com api.wompi.co www.e-collect.com [fdbd:dc05:ff:ff:e514:50f8:3bcc:2716]:9209 [fdbd:dc05:ff:ff:ef47:a463:e130:7ab6]:9266 portalpagosapp.claro.com.co secure.epayco.co [fdbd:dc05:ff:ff:ed6c:7973:6ec1:92f9]:9249 dynatrace.com www.google.iq [fdbd:dc05:ff:ff:ef97:b252:f11c:1e48]:9389 betplay.com.co [fdbd:dc05:ff:ff:f492:a9cf:cd64:4fa5]:9446 adservice.google.co.nz www.google.ad www.google.ro www.google.by ecommerce.credibanco.com [fdbd:dc05:ff:ff:f4fe:393d:c2ae:458a]:9230 mi.tigo.com.co www.ciuvo.com [fdbd:dc05:ff:ff:e550:3edf:df13:4fd]:9238 [fdbd:dc05:ff:ff:e6c1:77bd:1c0:da40]:9479 www.google.co.cr www.google.com.fj secure.safecharge.com [fdbd:dc05:ff:ff:f947:9e88:9f15:ca33]:9342 [fdbd:dc05:ff:ff:ed3d:ef74:10b8:c061]:9236 [fdbd:dc05:ff:ff:ed76:c9ea:31b8:8112]:9208 [fdbd:dc05:ff:ff:efd5:3e2f:ea05:2990]:9469 cdn.jsdelivr.net [fdbd:dc05:ff:ff:e3ec:9b7a:9345:3685]:9377 incomedomain.sistecredito.com www.google.es [fdbd:dc05:ff:ff:ecbb:7535:18f:a3c6]:9200 banco.itau.co [fdbd:dc05:ff:ff:fe2e:722b:c353:7f14]:9487 www.google.fi ponos.zeronaught.com www.google.it www.google.com.co [fdbd:dc05:ff:ff:e3d4:67d6:c2d6:381f]:9200 adservice.google.es [fdbd:dc05:ff:ff:fa01:e80b:a3d5:4c5]:9391 idata.easysol.net [fdbd:dc05:ff:ff:fa9a:e16b:420e:e9b7]:9462 www.google.com.sv adservice.google.ad trendlavida.com adservice.google.ro [fdbd:dc05:ff:ff:e421:69b7:4768:702a]:9496 adservice.google.ae [fdbd:dc05:ff:ff:f346:3b16:677f:cbec]:9228 [fdbd:dc05:ff:ff:ed45:8231:234a:ac42]:9390 [fdbd:dc05:ff:ff:eefc:155f:6116:751b]:9279 [fdbd:dc05:ff:ff:e887:7f2:4f99:d7e7]:9493 [fdbd:dc05:ff:ff:ed3b:b367:937a:201f]:9239 static3.avast.com api.amcreativemedia.com [fdbd:dc05:ff:ff:ec6f:6073:c319:de42]:9231 www.google.se [fdbd:dc05:ff:ff:eea:4168:5afd:5247]:9282 [fdbd:dc05:ff:ff:e8fe:af87:4342:ef7e]:9231 adservice.google.iq [fdbd:dc05:ff:ff:e967:848c:1998:1e60]:9462 [fdbd:dc05:ff:ff:fd37:60b0:c1b2:7eae]:9217 www.google.ee [fdbd:dc05:ff:ff:f7b8:7f78:49:8e4f]:9468 www.intercom.com.co tags.bkrtx.com adservice.google.cl [fdbd:dc05:ff:ff:efac:a555:370d:ff7d]:9237 *.*.mypurecloud.com mcidonaciones.com adservice.google.com.eg s3.amazonaws.com www.google.is [fdbd:dc05:ff:ff:e3fe:b1bd:720d:d369]:9289 adservice.google.hn prod.claro-wallet.tpaga.co [fdbd:dc05:ff:ff:ed3b:b367:937a:201f]:9211 [fdbd:dc05:ff:ff:e807:2350:d625:b06b]:9201 [fdbd:dc05:ff:ff:ee9:de75:a8a2:87ff]:9376 www.google.cn zswpmanager.wip.mmc.com adservice.google.com.sg wss://directline.botframework.com [fdbd:dc05:ff:ff:e37c:aee1:ff1b:5dee]:9279 [fdbd:dc05:ff:ff:f6ae:7ef2:ebba:8c69]:9490 [fdbd:dc05:ff:ff:e38f:5e8b:fa18:4690]:9388 [fdbd:dc05:ff:ff:e6b8:445a:2242:c56b]:9414 [fdbd:dc05:ff:ff:f093:2413:ba53:69c]:9216 *.webmessaging.mypurecloud.com [fdbd:dc05:ff:ff:e9eb:95f2:c4d7:cd57]:9300 accounts.google.com pouch-global-font-assets.s3.eu-central-1.amazonaws.com www.google.com.ag [fdbd:dc05:ff:ff:fe0b:4d69:a97f:ddb5]:9290 [fdbd:dc05:ff:ff:f01b:c65d:a450:9a54]:9416 [fdbd:dc05:ff:ff:ea1c:5688:93a9:41fd]:9444 adservice.google.com.mt [fdbd:dc05:ff:ff:f99:c278:5f84:abf7]:9433 [fdbd:dc05:ff:ff:fc8f:ba39:2eaa:60b0]:9295 [fdbd:dc05:ff:ff:e72:654b:e13:e2f9]:9260 *.googleapis.com www.google.co.za picoyplacasolidario.movilidadbogota.gov.co [fdbd:dc05:ff:ff:fe63:c621:b2dc:c9e2]:9321 i.ytimg.com www.nu.com.co www.google.bj www.google.co.nz www.google.ie adservice.google.bs [fdbd:dc05:ff:ff:f808:adcf:55bf:d0c1]:9500 www.google.ru [fdbd:dc05:ff:ff:e50e:66c8:5058:c113]:9242 psedian.pse.com.co [fdbd:dc05:ff:ff:fb96:a372:d850:1a8f]:9289 api.payulatam.com [fdbd:dc05:ff:ff:fed8:d8a4:f84f:9359]:9485 [fdbd:dc05:ff:ff:f89:4483:997f:514d]:9402 portalpagosempresa.claro.com.co [fdbd:dc05:ff:ff:ee70:8411:f0f1:9768]:9464 www.google.com.bz [fdbd:dc05:ff:ff:f27d:9f23:a4db:2c7]:9370 api.ciuvo.com adservice.google.com.ng [fdbd:dc05:ff:ff:fb64:f7f5:11d5:e26f]:9470 [fdbd:dc05:ff:ff:f25c:a29b:155:1ab6]:9277 www.googletagmanager.com www.google.com.et account.yajuego.co secure.placetopay.com [fdbd:dc05:ff:ff:e3d4:67d6:c2d6:381f]:9272 adservice.google.lu adservice.google.nl adservice.google.vg [fdbd:dc05:ff:ff:eed4:d6ec:48f0:9e7b]:9228 [fdbd:dc05:ff:ff:f311:a22:b7ea:5f90]:9347 www.google.hr api.openpay.co www.google.com.af [fdbd:dc05:ff:ff:e3d4:67d6:c2d6:381f]:9380 [fdbd:dc05:ff:ff:ed65:bd0b:a7af:44ab]:9203 www.google.com.ec adservice.google.com.bo *.dvvapps.io www.google.com.kh [fdbd:dc05:ff:ff:f218:3692:fc1d:e946]:9230 www.google.com.vn www.oracle.com www.miplanilla.com [fdbd:dc05:ff:ff:f6ae:7ef2:ebba:8c69]:9454 [fdbd:dc05:ff:ff:ee8:d360:1386:5b60]:9476 www.segurosbolivar.com adservice.google.ps translate.google.com adservice.google.pt as-bot-empresassite-pro.azurewebsites.net [fdbd:dc05:ff:ff:f5b0:ddc6:ee05:51ad]:9207 [fdbd:dc05:ff:ff:e8cd:b864:c72d:438]:9391 [fdbd:dc05:ff:ff:e5d3:cb00:af4a:f25f]:9408 recarga.nequi.com.co www.google.com.bh [fdbd:dc05:ff:ff:f167:4369:e1fc:a0d]:9441 independientes2.miplanilla.com youtube.com [fdbd:dc05:ff:ff:ee93:7b07:93c7:7924]:9399 www.google.co.uk zscaler-blockpage.endress.com www.google.com.do [fdbd:dc05:ff:ff:f181:1f6d:a6b3:a847]:9246 eco.credibanco.com *.googleusercontent.com [fdbd:dc05:ff:ff:eedc:33b5:1b53:7296]:9380 *.gstatic.com [fdbd:dc05:ff:ff:e91c:3dd2:a330:373a]:9394 [fdbd:dc05:ff:ff:f189:9354:bf30:15c6]:9393 [fdbd:dc05:ff:ff:fd9b:8b77:b11e:c252]:9347 [fdbd:dc05:ff:ff:f181:1f6d:a6b3:a847]:9367 api.ipify.org aplicaciones.icetex.gov.co adservice.google.co.id www.google.com.py www.google.pl adservice.google.fr [fdbd:dc05:ff:ff:e61d:5099:5ba8:60b8]:9220 [fdbd:dc05:ff:ff:fd9a:cfc1:1488:8ddc]:9207 www.google.com.na [fdbd:dc05:ff:ff:f414:a673:3e2f:6cd0]:9341 *.myshopify.com stags.bluekai.com [fdbd:dc05:ff:ff:f9c1:b387:3071:4a5d]:9361 www.google.az [fdbd:dc05:ff:ff:f8ad:37b2:d18f:12e4]:9357 region1.google-analytics.com [fdbd:dc05:ff:ff:e70e:911d:e697:9619]:9311 [fdbd:dc05:ff:ff:ef43:2ff2:42f4:3ded]:9396 [fdbd:dc05:ff:ff:e256:c463:d9e1:485]:9345 www.google.com.tw *.davivienda.com [fdbd:dc05:ff:ff:f4fe:393d:c2ae:458a]:9355 [fdbd:dc05:ff:ff:e948:544:34cb:9d26]:9392 [fdbd:dc05:ff:ff:ee9:de75:a8a2:87ff]:9333 adservice.google.ge www.google.mv [fdbd:dc05:ff:ff:eadf:f227:8d5b:a779]:9493 adservice.google.com.ni www.google.com.kw www.aportesenlinea.com [fdbd:dc05:ff:ff:eefe:478b:2013:6cad]:9313 www.google.com.mm www.google.al www.beneficiosdavivienda.com [fdbd:dc05:ff:ff:eea:4168:5afd:5247]:9408 portalpagos.facture.co [fdbd:dc05:ff:ff:f410:8934:f3df:db6d]:9211 www.google.com.uy fileupload.mypurecloud.com adservice.google.dk www.google.hu www.abcpagos.com [fdbd:dc05:ff:ff:e7b9:751c:61f1:551f]:9327 [fdbd:dc05:ff:ff:eed5:166a:456a:1b7a]:9472 www.google.co.tz www.google.la *.dynatrace.com [fdbd:dc05:ff:ff:ec30:42c9:38d6:49c2]:9358 [fdbd:dc05:ff:ff:f343:254:879a:8095]:9382 www.google.si *.cloudfront.net www.google.com.sa www.google.com.au adservice.google.ch [fdbd:dc05:ff:ff:f102:9bb2:2c89:ff5c]:9252 [fdbd:dc05:ff:ff:f896:9869:914b:1633]:9415 [fdbd:dc05:ff:ff:eb3f:d4e6:b807:1d4]:9462 www.google.md [fdbd:dc05:ff:ff:e2e0:e206:8d76:e5e8]:9218 1.a79ab95c1589a13f8a4cab612bc71f9f7.com callback.payulatam.com colombia.recaudoexpress.com [fdbd:dc05:ff:ff:f49c:56af:b16b:f92d]:9459 [fdbd:dc05:ff:ff:ecc8:dd18:f77e:b56a]:9310 www.google.com.pg [fdbd:dc05:ff:ff:e6bd:3789:fa79:2157]:9436 www.google.co.th adservice.google.com.ua [fdbd:dc05:ff:ff:e8ae:7e43:345a:8b4b]:9278 [fdbd:dc05:ff:ff:ee78:dae3:4810:1347]:9346 [fdbd:dc05:ff:ff:fd13:a875:8e04:54ff]:9220 [fdbd:dc05:ff:ff:e8fe:af87:4342:ef7e]:9249 trii.ws [fdbd:dc05:ff:ff:fcb:9a38:4eb2:2fec]:9473 [fdbd:dc05:ff:ff:fe0e:7106:3dae:be95]:9408 adservice.google.cz [fdbd:dc05:ff:ff:e9b2:5ae2:fe0b:713b]:9297 [fdbd:dc05:ff:ff:fce8:334:2226:f2c6]:9305 api.global-data-lab.com www.google.ca banco-co-gateway-pagos.fif.tech [fdbd:dc05:ff:ff:f15f:9c2d:8a80:2e6e]:9431 www.google.ht [fdbd:dc05:ff:ff:ee5a:851c:bc23:471]:9355 www13.epm.com.co wss://webmessaging.mypurecloud.com www.google.co.ma adservice.google.com.mx adservice.google.co.th www.google.de www.youtube-nocookie.com [fdbd:dc05:ff:ff:f46c:3420:3b03:50de]:9340 [fdbd:dc05:ff:ff:f61a:9771:d084:d603]:9355 www.psepagos.co adservice.google.com.br adservice.google.com.jm [fdbd:dc05:ff:ff:e945:c234:1186:8855]:9327 [fdbd:dc05:ff:ff:e97e:182c:c5:de1f]:9486 adservice.google.com.pr [fdbd:dc05:ff:ff:ed6c:7973:6ec1:92f9]:9251 *.mypureclouod.com adservice.google.tt queue.eticket.com.co [fdbd:dc05:ff:ff:f311:a22:b7ea:5f90]:9395 checkout.goupagos.com.co adservice.google.co.uk www.pagosvirtualesavvillas.com.co static.zohocdn.com adservice.google.no www.ktronix.com [fdbd:dc05:ff:ff:f410:d915:d7e:c8a5]:9239 [fdbd:dc05:ff:ff:fd37:60b0:c1b2:7eae]:9200 mediosdepago.transfiriendo.com www.google.com.hk adservice.google.be [fdbd:dc05:ff:ff:ef47:a463:e130:7ab6]:9207 [fdbd:dc05:ff:ff:fd9a:cfc1:1488:8ddc]:9461 www.despegar.com [fdbd:dc05:ff:ff:f48:1210:bfdf:86e1]:9414 [fdbd:dc05:ff:ff:ee13:c7b8:aa6c:1b1e]:9350; frame-ancestors 'self' davivienda.com *.davivienda.com prod.uhrs.playmsn.com ;  1
frame-ancestors 'self' https://*.legalmatch.com https://*.legalmatchca.com https://*.lawyerslegallaws.com 1
frame-ancestors http://*.jschina.com.cn https://*.jschina.com.cn http://www.jsthinktank.com https://www.jsthinktank.com http://www.jswyw.com https://www.jswyw.com http://www.jsjc.gov.cn https://www.jsjc.gov.cn http://www.zgjssw.gov.cn https://www.zgjssw.gov.cn http://www.jsllzg.cn https://www.jsllzg.cn 1
default-src 'self' chat.ind.nl; script-src 'self' statistiek.rijksoverheid.nl piwik.dtnr.nl statistics.ind.nl chat.ind.nl deploy.mopinion.com collect.mopinion.com *.seamly-app.com 'nonce-93lM72Ir2SoicmmOjC3yoc5rQSATosN2'; style-src 'self' 'unsafe-inline' *.mopinion.com *.seamly-app.com chat.ind.nl; img-src 'self' data: statistics.ind.nl *.mopinion.com chat.ind.nl; media-src 'self' *.rovid.nl chat.ind.nl; frame-ancestors 'self'; font-src 'self' *.mopinion.com chat.ind.nl; connect-src 'self' *.seamly-app.com *.mopinion.com chat.ind.nl ws:; base-uri 'self' 1
default-src 'self' fonts.gstatic.com *.helpcrunch.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline' *; font-src 'self' fonts.gstatic.com *.helpcrunch.com *.seranking.com data: *; connect-src *; base-uri 'self'; worker-src *; manifest-src 'none'; media-src 'self'; img-src 'self' data: *; object-src 'self'; frame-src 'self' *; form-action 'self' *.seranking.com *.facebook.com *.hsforms.com *.highcharts.com; 1
default-src * http://manifest.prod.boltdns.net https://manifest.prod.boltdns.net manifest.prod.boltdns.net *.amazonaws.com *.analytics.google.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.onetrust.com subscriptions.smartrecruiters.com d1hgczpbubj217.cloudfront.net www.connectidfeed.com data: 'unsafe-eval' 'unsafe-inline' blob:; script-src 'self' a.usbrowserspeed.com a.remarketstats.com i.liadm.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.analytics.google.com *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.youtube.com *.onetrust.com subscriptions.smartrecruiters.com otp.tools.investis.com d1hgczpbubj217.cloudfront.net staticcontents.investisdigital.com *.googleapis.com www.youtube.com script.hotjar.com sc.lfeeder.com vjs.zencdn.net cdnjs.cloudflare.com static.hotjar.com secure.intuitive-intuition.com cdn.cookielaw.org cdn.cookielaw.org www.googletagmanager.com connect.facebook.net cdn.jsdelivr.net secure.smart-enterprise-52.com *.brightcove.net platform.twitter.com viz.tools.investis.com www.google-analytics.com *.brightcove.net blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net fonts.idigitalcontents.com fonts.gstatic.com viz.tools.investis.com *.brightcove.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.onetrust.com subscriptions.smartrecruiters.com; object-src 'none'; font-src 'self' 'unsafe-inline' data: players.brightcove.net fonts.idigitalcontents.com fonts.gstatic.com idx.liadm.com vjs.zencdn.net viz.tools.investis.com *.brightcove.net *.onetrust.com; frame-src 'self' https://forms.docq.app/ www.youtube.com td.doubleclick.net *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.youtube.com platform.twitter.com irs.tools.investis.com otp.tools.investis.com www.connectidfeed.com subscriptions.smartrecruiters.com *.googleapis.com ; frame-ancestors 'self' https://allowed-origin.com; img-src data: 'self' viz.tools.investis.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com *.facebook.com *.google-analytics.com *.googleapis.com *.google.com tr.lfeeder.com google-analytics.com *.gstatic.com www.google.co.uk www.googletagmanager.com subscriptions.smartrecruiters.com *.ytimg.com *.youtube.com cdn.cookielaw.org cf-images.eu-west-1.prod.boltdns.net www.google.co.in metrics.brightcove.com *.brightcove.net manifest.prod.boltdns.net; manifest-src 'self'; media-src 'self' house-fastly-signed-eu-west-1-prod.brightcovecdn.com *.onetrust.com blob:; worker-src 'self' 'unsafe-inline' * blob:; connect-src 'self' www.angloamerican.com code.highcharts.com http://manifest.prod.boltdns.net https://manifest.prod.boltdns.net wss://ws.hotjar.com *.hotjar.io *.hotjar.com data: house-fastly-signed-eu-west-1-prod.brightcovecdn.com privacyportal-eu.onetrust.com manifest.prod.boltdns.net www.connectidfeed.com subscriptions.smartrecruiters.com d1hgczpbubj217.cloudfront.net *.analytics.google.com *.google-analytics.com *.amazonaws.com tupf3ye5m3.execute-api.eu-west-1.amazonaws.com google-analytics.com *.googleapis.com *.onetrust.com cdn.cookielaw.org idx.liadm.com analytics.google.com stats.g.doubleclick.net edge.api.brightcove.com *.brightcove.net players.brightcove.net viz.tools.investis.com analytics.google.com *.google-analytics.com *.youtube.com *.investisdigital.com edge.api.brightcove.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net ipapi.connectid.cloud *.typekit.net *.amazonaws.com *.google.com; base-uri 'self'; 1
default-src self; script-src *.cloudfront.net *.sessioncam.com *.hypemarks.com *.usabilla.com *.pantheonsite.io *.unpkg.com *.krxd.net 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk *.newrelic.com *.betrad.com bam.nr-data.net static.addtoany.com https://cdnjs.cloudflare.com *.fusepump.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com d22xmn10vbouk4.cloudfront.net *.serving-sys.com 7225833.collect.igodigital.com connect.facebook.net stats.g.doubleclick.net https://www.gstatic.com https://*.sessioncam.com https://d2oh4tlt9mrke9.cloudfront.net ws://*.sessioncam.com wss://*.sessioncam.com *.gigya.com https://bv.js *.bazaarvoice.com *.amazonaws.com *.adimo.co *.nestle-brands.co.uk https://mpsnare.iesnare.com/snare.js *.rawgit.com *.adsrvr.org *.jsdelivr.net *.google.com *.googleoptimize.com *.bing.com *.gbqofs.com *.gbqofs.io ; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com cloud.typography.com *.google.com *.use.fontawesome.com *.bazaarvoice.com *.fontawesome.com *.adimo.co https://optimize.google.com https://www.gstatic.com/charts/51/css/core/tooltip.css https://www.gstatic.com/charts/51/css/util/util.css; img-src *.cloudfront.net *.sessioncam.com *.usabilla.com *.google.co.in *.nestle.co.uk 'self' data: *.googleapis.com *.gstatic.com *.cloudflare.com *.google-analytics.com https://stats.g.doubleclick.net www.google.com www.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to brand-ecommerce-assets.fusepump.com *.evidon.com https://nova.collect.igodigital.com https://www.facebook.com *.krxd.net *.nestlebeverages.acsitefactory.com be.factory.nescafe.com belgium.nestlebeverages.acsitefactory.com www.nescafe.com *.ytimg.com *.bazaarvoice.com *.gigya.com *.stage4.factory.nescafe.com *.nescafe.com *.purina.co.uk *.google-analytics.com *.google.com *.bing.com *.analytics.google.com; media-src 'self'; frame-src https://nescafegold-winteredition.arweb.app/ *.cloudfront.net *.sessioncam.com *.doubleclick.net 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com https://brand-ecommerce-assets.fusepump.com www.google.com *.krxd.net www.facebook.com https://l3.evidon.com/ *.gigya.com *.adimo.co *.bazaarvoice.com *.nestle-brands.co.uk *.adsrvr.org https://optimize.google.com; frame-ancestors 'self' https://nescafegold-winteredition.arweb.app/; child-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com ; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com *.fontawesome.com; connect-src *.bing.com 'self' brand-ecommerce-api.fusepump.com  *.sessioncam.com *.usabilla.com *.google-analytics.com https://collect.analyze.ly https://secure-ds.serving-sys.com *.amazonaws.com *.bazaarvoice.com *.nestle-brands.co.uk *.nr-data.net *.evidon.com *.g.doubleclick.net https://accounts.eu1.gigya.com *.flipkart.com *.api.experianmarketingservices.com https://api.experianmarketingservices.com/sync/queryresult/EmailValidate/1.0/10773728-4c4d-43e6-959a-dd3889366f85 *.sessioncam.com *.gbqofs.io *.analytics.google.com *.gbqofs.com  https://www.gstatic.com/charts/geochart/10/mapfiles/019_COUNTRIES.js https://www.gstatic.com/charts/regioncoder/0//geocodes/countries_en.js *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com 1
default-src 'self' https://akkadia.org 1
media-src onelya.ru; 1
default-src  * 'unsafe-inline' 'unsafe-eval'; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: script: https://static.cloudflareinsights.com https://www.googletagmanager.com https://www.clarity.ms; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://cse.google.com https://translate-pa.googleapis.com https://translate.google.com https://translate.googleapis.com https://analytics.multimediagdansk.pl https://s-eu-1.pushpushgo.com https://system.cookieform.pl https://cdnjs.cloudflare.com https://static.apester.com https://sdk.apester.com https://connect.facebook.net https://cdn.jsdelivr.net https://maps.googleapis.com https://www.youtube.com https://s7.addthis.com https://maps.google.com https://form.jotform.com https://goo.gle https://cdn.jotfor.ms https://fburl.com https://acc-gmg-chat.altar.com.pl https://e.infogram.com https://code.jquery.com; style-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://code.jquery.com https://cdnjs.cloudflare.com https://acc-gmg-chat.altar.com.pl; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://cdnjs.cloudflare.com data:; img-src 'self' https://gdansk.pl https://download.cloudgdansk.pl https://image.cloudgdansk.pl https://files.cloudgdansk.pl https://foto.cloudgdansk.pl https://www.gstatic.com https://fonts.gstatic.com https://www.google.com https://translate.googleapis.com https://static-a.pushpushgo.com https://t.multimediagdansk.pl https://maps.gstatic.com https://maps.googleapis.com https://www.drmg.gdansk.pl https://maps.google.com https://www.gov.pl data:; connect-src 'self' https://api.multimediagdansk.pl https://api2.multimediagdansk.pl ckan.multimediagdansk.pl https://analytics.multimediagdansk.pl https://system.cookieform.pl https://www.youtube.com https://player.vimeo.com https://translate.googleapis.com https://tv.multimediagdansk.pl https://stream.multimediagdansk.pl https://files.cloudgdansk.pl https://events.apester.com https://maps.googleapis.com https://www.gstatic.com https://kamera.task.gda.pl https://download.cloudgdansk.pl data:; media-src 'self' https://www.youtube.com https://player.vimeo.com https://tv.multimediagdansk.pl https://stream.multimediagdansk.pl https://kamera.task.gda.pl blob:; frame-src 'self' https://gdansk.pl https://www.facebook.com https://player.webcamera.pl https://kamera.task.gda.pl https://airpomerania.pl https://www.youtube.com https://calendar.google.com https://download.cloudgdansk.pl https://files.cloudgdansk.pl https://forms.freshmail.io https://drive.google.com https://player.vimeo.com https://webstream1.webcamera.pl https://form.jotform.com https://eu-submit.jotform.com https://witkac.pl https://e.infogram.com; frame-ancestors 'self' https://www.gdansk.pl https://drive.google.com https://accounts.google.com; worker-src 'self' blob:; object-src 'none'; 1
default-src 'self'; 	style-src 'self' *.adobe.io/ *.adobe.com/ https://s.pinimg.com/ct/core.js/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.digital4danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/  *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ *.clevy.io/ *.commandersact.com/ *.twimg.com/ *.twitter.com/ *.live2support.com/ *.lpsnmedia.net/ *.gstatic.com/ *.commander1.com/ *.bootstrapcdn.com/ *.tagcommander.com/ *.zencdn.net/ *.sharethis.com/ *.googleapis.com/ *.google.com/ 'unsafe-inline';     script-src 'self' *.adobe.io/ *.adobe.com/ https://s.pinimg.com/ct/core.js/ https://js-agent.newrelic.com/ *.audioeye.com/ *.github.io/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.seg.js/ *.digital4danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/ *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ *.ads-twitter.com/ *.clevy.io/ *.tiktok.com/ https://sc-static.net/ *.hypemarks.com/ *.licdn.com/ *.commandersact.com/ *.twimg.com/ *.trustcommander.net/ *.cdn.syndication.twimg.com/ *.zencdn.net/ https://telegram.org/ https://youtube.com/iframe_api *.youtube.com/ *.twitter.com/ *.pinterest.com/ *.ytimg.com/ *.secutix.com/ *.swaven.com/ *.live2support.com/ *.googletagmanager.com/ *.tagcommander.com/ *.facebook.net/ *.google.ie/ *.google.de/ *.lpsnmedia.net/ *.hotjar.com/ *.outbrain.com/ *.google.com/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.theadex.com *.commander1.com/ *.liveperson.net/ *.doubleclick.net/ *.gstatic.com/ *.digital4danone.com/ *.addthisedge.com/ 'unsafe-inline' 'unsafe-eval' blob:;     img-src 'self'  *.adobe.io/ *.adobe.com/ https://s.pinimg.com/ct/core.js/ *.google.com.mx/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.ytimg.com/ *.digital4danone.com/ *.google-analytics.com/ *.analytics.google.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/  *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ data: *.digital4danone.com/ *.clevy.io/ *.digital4danone.com.cn/ https://t.co/ *.hypemarks.com/ *.linkedin.com/ *.assetsadobe.com/ *.live2support.com/ *.twimg.com/ *.swaven.com/ *.twitter.com/ *.trustcommander.net/ *.cdninstagram.com/ *.outbrain.com/ *.danone.com/ *.commander1.com/ *.tagcommander.com/ *.lpsnmedia.net/ *.adnxs.com/ *.adition.com/ *.doubleclick.net/ *.instagram.com/ *.soundcloud.com/ *.pinterest.com/ *.google.ie/ *.google.co.in/ *.theadex.com/ *.google-analytics.com/ *.google.com.ph/ *.google.com/ *.sharethis.com/ *.gstatic.com/ *.googleapis.com/ *.w3.org/ *.mookie1.com/ *.facebook.com/ *.googletagmanager.com/ *.youtube.com/;     frame-src 'self' *.adobe.io/ *.adobe.com/ https://s.pinimg.com/ct/core.js/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.digital4danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/  *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ *.clevy.io/ *.tintup.com/ *.commandersact.com/ *.vimeo.com/ *.linkedin.com/ *.instagram.com/ *.soundcloud.com/ *.pinterest.com/ *.twitter.com/ https://cdn.trustcommander.net/ https://t.me/ https://static.rolex.com/ *.swaven.com/ *.ausha.co/ *.q4europe.com/ *.tohklom.com/  *.tagcommander.com/ *.liveperson.net/ *.live2support.com/ *.google.com/ *.lpsnmedia.net/ *.hotjar.com/ *.commander1.com/ *.proprofs.com/ *.facebook.com/ *.doubleclick.net/ *.theadex.com/ *.sharethis.com/ *.addthis.com/ *.youtube.com/ *.adsrvr.org/ *.cloudfront.net/ *.spotify.com/ *.hypemarks.com/;     connect-src 'self' *.adobe.io/ *.adobe.com/ https://s.pinimg.com/ct/core.js/ https://bam.eu01.nr-data.net/ *.google.com/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.scene7.com/ *.digital4danone.com/ *.google-analytics.com/ *.analytics.google.com/ *.ylt.nl/ *.danone.id/ *.weezevent.com/ https://yourdriversfordanonebenelux.com/  *.snapchat.com/ *.mathtag.com/ *.tiktok.com/ *.clevy.io/ *.commandersact.com/ *.googleapis.com/ *.privacy.commander1.com/ *.privacy.trustcommander.net/ https://privacy.trustcommander.net/ https://privacy.commander1.com/ *.q4europe.com/ *.swaven.com/ *.youtube.com/ *.live2support.com/ *.addthis.com/ *.google-analytics.com *.facebook.com/ *.instagram.com/ *.secutix.com/ *.omtrdc.net/ *.sharethis.com/ *.doubleclick.net/;     font-src 'self' *.adobe.io/ *.adobe.com/ https://s.pinimg.com/ct/core.js/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.digital4danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/ *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ *.commandersact.com/ *.live2support.com/ data: *.amazonaws.com/ *.gstatic.com/ *.zencdn.net/;     media-src 'self' *.adobe.io/ *.adobe.com/ https://s.pinimg.com/ct/core.js/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.digital4danone.com/ *.danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/ *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ *.lpsnmedia.net/ *.digital4danone.com/ blob: 1
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'self' http://www.farmzone.com https://www.farmzone.com http://www.zoneverte.com https://www.zoneverte.com http://widget.twnmm.com https://widget.twnmm.com https://s1.twnmm.com http://*.theweathernetwork.com https://*.theweathernetwork.com http://*.meteomedia.com https://*.meteomedia.com https://www.flonase.ca https://sdk.privacy-center.org https://api.privacy-center.org; 1
default-src 'self'; connect-src 'self' x5paket.ru https://*.googletagmanager.com https://cp.pushwoosh.com sentry-do.x5.ru id.x5.ru *.adfox.ru https://*.adriver.ru https://*.google-analytics.com https://*.analytics.google.com https://www.google-analytics.com r.mradx.net *.mail.ru https://*.skcrtxr.com https://skcrtxr.com https://mc.yandex.ru https://mc.yandex.md yastatic.net *.yandex.ru yandex.ru 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.google.ru https://*.perekrestok.ru:* perekrestok.ru:* *.x5.ru perekrestok.digift.ru; font-src 'self' data:;  img-src 'self' data: blob: *.x5.ru x5paket.ru perekrestok.digift.ru photos.okolo.app *.adfox.ru https://*.hybrid.ai https://*.googletagmanager.com https://*.google-analytics.com https://www.google-analytics.com https://top-fwz1.mail.ru https://mc.yandex.ru *.yandex.ru yandex.ru *.yandex.net i.ytimg.com 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.google.ru https://*.ngenix.net img.perekrestok.ru cdn-img.perekrestok.ru; frame-ancestors 'self'; form-action 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' perekrestok.digift.ru *.x5.ru x5paket.ru *.adfox.ru https://*.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://top-fwz1.mail.ru https://privacy-cs.mail.ru https://mc.yandex.ru http://yandex.ru/ https://yastatic.net/ yastatic.net *.yandex.ru yandex.ru *.yandex.net https://cdn.skcrtxr.com https://tags.soloway.ru https://*.hybrid.ai https://*.ngenix.net https://api-maps.yandex.ru https://*.adriver.ru; style-src 'self' 'unsafe-inline' *.perekrestok.ru perekrestok.ru *.adfox.ru yastatic.net 'unsafe-eval'; frame-src 'self' perekrestok.digift.ru x5paket.ru x5id.ru id.x5.ru *.x5.ru myapelsin.ru *.adfox.ru https://*.adriver.ru yastatic.net *.yandex.ru yandexadexchange.net *.yandexadexchange.net 'unsafe-inline' 'unsafe-eval'; object-src 'none'; child-src perekrestok.digift.ru *.x5.ru x5paket.ru *.perekrestok.ru perekrestok.ru gw-cmdm.x5.ru 'self' x5id.ru id.x5.ru 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors bghweb-editor-kkn2.prod.gsb.zd.in.bund.de piwik.itzbund.de 1
default-src 'self' contentassistant.eu.siteimprove.com id.eu.siteimprove.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com:* https://*.google-analytics.com https://e.infogram.com cdn.siteimprove.net cdn.jsdelivr.net snap.licdn.com connect.facebook.com connect.facebook.net app.socialsignin.net static.hotjar.com script.hotjar.com *.youtube.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.cloudfront.net https://cdnjs.cloudflare.com fonts.google.com fonts.googleapis.com *.youtube.com; img-src * 'self' data: https: https://*.google-analytics.com https://*.analytics.google.com; media-src *; frame-src 'self' www.youtube.com youtube.com *.infogram.com; child-src 'self' *.youtube.com *.infogram.com; font-src fonts.gstatic.com themes.googleusercontent.com; connect-src 'self' region1.google-analytics.com socsi.in 1
frame-ancestors http://*.t-mobile.nl https://*.t-mobile.nl http://*.tele2.nl https://*.tele2.nl http://*.ben.nl https://*.ben.nl https://app.storyblok.com https://internet.odido.nl http://*.odido.nl https://*.odido.nl 1
frame-ancestors *.diffen.com 1
default-src 'self' *.reutersevents.com https://cdn.permutive.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://ajax.googleapis.com https://www.googletagmanager.com http://www.w3.org https://player.vimeo.com *.swapcard.com https://fonts.gstatic.com https://cdnjs.cloudflare.com 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' app.optimizely.com 1
report-uri / 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.sunstar.com.ph https://anymind360.com;block-all-mixed-content; 1
default-src 'self'; script-src 'self' 'unsafe-inline' blob: 'unsafe-eval' connect.facebook.net www.youtube.com s.ytimg.com *.google-analytics.com www.googleadservices.com www.googletagmanager.com *.g.doubleclick.net *.google.com www.gstatic.com maps.googleapis.com *.analytics.google.com js-agent.newrelic.com *.nr-data.net *.hs-analytics.net *.hs-scripts.com *.hsadspixel.net *.jsadspixel.net *.hscollectedforms.net *.hs-banner.com js.hsleadflows.net js.hsforms.net js.hubspot.com app.termly.io cdn.linkedin.oribi.io snap.licdn.com player.vimeo.com js.zi-scripts.com *.zoominfo.com tags.clickagy.com cdn.jsdelivr.net; img-src 'self' data: sonifi.com www.sonifi.com sonifisolutions.com www.sonifisolutions.com sonifihealth.com www.sonifihealth.com blog.sonifihealth.com www.facebook.com connect.facebook.net *.google-analytics.com analytics.google.com *.gstatic.com maps.googleapis.com *.g.doubleclick.net www.googletagmanager.com adservice.google.com pagead2.googlesyndication.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.hubspot.com *.hsforms.com *.hs-embed-reporting.com www.gravatar.com secure.gravatar.com *.ads.linkedin.com www.linkedin.com *.vimeocdn.com; frame-src 'self' www.youtube.com *.doubleclick.net *.google.com www.facebook.com connect.facebook.net player.vimeo.com static.hsappstatic.net app.hubspot.com *.googletagmanager.com app.termly.io hemsync.clickagy.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com www.gstatic.com; font-src 'self' data: fonts.gstatic.com fonts.intercomcdn.com use.typekit.net; connect-src 'self' *.nr-data.net *.google.com *.google-analytics.com *.doubleclick.net analytics.google.com adservice.google.com translate.googleapis.com pagead2.googlesyndication.com www.google.com.sv www.google.com.sa www.google.com.pk www.google.com.ph www.google.co.uk www.google.co.kr www.google.co.jp www.google.co.in www.google.ca www.google.com.au www.google.ie www.google.ae *.hubspot.com *.hubapi.com www.facebook.com app.termly.io cdn.linkedin.oribi.io snap.licdn.com yoast.com/feed/widget/ js.hsadspixel.net forms.hsforms.com aorta.clickagy.com hemsync.clickagy.com *.zi-scripts.com ws.zoominfo.com px.ads.linkedin.com; media-src 'self' data:; report-uri https://sonifi.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.datatables.net *.azurewebsites.net api.massrelevance.com https://tags.srv.stackadapt.com/events.js https://tags.srv.stackadapt.com/sa.css; font-src 'self' fonts.gstatic.com; img-src 'self' data: images.unsplash.com source.unsplash.com www.google.co.in my.tealiumiq.com collect.tealiumiq.com www.google.de assets-us-01.kc-usercontent.com preview-assets-us-01.kc-usercontent.com *.kc-usercontent.com www.facebook.com t.co www.google-analytics.com www.google.com www.google.co.uk i.ytimg.com maps.gstatic.com maps.googleapis.com images.ctfassets.net lamama.org api.massrelevance.com *.instagram.com *.cdninstagram.com pbs.twimg.com massrel-pub.a.ssl.fastly.net *.fbcdn.net *.linkedin.com p.adsymptotic.com consent.trustarc.com consent-pref.trustarc.com analytics.twitter.com https://www.redditstatic.com/ads/pixel.js https://alb.reddit.com/rp.gif?ts=1710227305641&id=a2_dzq3gijugocs&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=d083d438-c336-4aac-b6f5-a8f59500795c&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1280&sw=720&v=rdt_c9439d84&dpm=&dpcc=&dprc= https://tags.srv.stackadapt.com/sa.jpeg https://*.mypurecloud.com https://*.use1.pure.cloud;; frame-src www.youtube.com share.transistor.fm www.facebook.com consent-pref.trustarc.com analytics.twitter.com https://apps.mypurecloud.com/ https://fast.wistia.net/; script-src 'unsafe-eval' 'self' 'unsafe-inline' tags.tiqcdn.com tags-eu.tiqcdn.com my.tealiumiq.com collect.tealiumiq.com connect.facebook.net analytics.twitter.com static.ads-twitter.com www.googletagmanager.com www.google-analytics.com www.youtube.com s.ytimg.com maps.googleapis.com *.search.windows.net cdn.datatables.net cdnjs.cloudflare.com unpkg.com www.elanco.com api.massrelevance.com snap.licdn.com/li.lms-analytics/insight.min.js static.doubleclick.net googleads.g.doubleclick.net snap.licdn.com/li.lms-analytics/insight.old.min.js consent.truste.com consent.trustarc.com elanco.com consent-pref.trustarc.com https://apps.mypurecloud.com/ https://dhqbrvplips7x.cloudfront.net https://tags.srv.stackadapt.com/events.js https://www.redditstatic.com/ads/pixel.js https://*.nr-data.net https://*.newrelic.com https://*.mypurecloud.com https://*.use1.pure.cloud;; connect-src cdn.linkedin.oribi.io *.search.windows.net *.azurewebsites.net www.elanco.com elanco.com collect.tealiumiq.com api.massrelevance.com https://region1.google-analytics.com/ *.tealiumiq.com www.google-analytics.com stats.g.doubleclick.net analytics.twitter.com www.facebook.com maps.googleapis.com https://tags.srv.stackadapt.com/events.js https://www.redditstatic.com/ads/pixel.js https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/a2_dzq3gijugocs_telemetry https://conversions-config.reddit.com/v1/pixel/error https://tags.srv.stackadapt.com/sa.jpeg https://tags.srv.stackadapt.com/saq_pxl?uid=b2iYRisW-kjQzKqpafMX3w&is_js=true&landing_url=https%3A%2F%2Fdev-elanco-web.azurewebsites.net%2Fen-ca&t=Elanco%20%7C%20Products%20and%20Solutions%20to%20Enhance%20Animal%20Health&tip=Qq7l-6MfR-sAtxDDH32G23GUojqkPOtCKOzpGaIBTVA&host=https%3A%2F%2Fdev-elanco-web.azurewebsites.net&sa_conv_data_css_value=&sa_conv_data_image_value=&sa-user-id-v2=s%253Ahv2aWF69WPh-WQXRTQoXLhRIu3g.glBNednZXi0nszh7xipzPbjWm2uFlwRpV0lzQR7Kua4&sa-user-id=s%253A0-86fd9a58-5ebd-58f8-7e59-05d14d0a172e.SxVoYzTnyK2eyTq2qTEYcgHjalhaoM5jPe80X5iBrAQ&sa-user-id-v3=s%253AAQAKIHozaPG8LBW8iMLSUKn4hZLhqULe2XRikp-F_hpVX0d_EHwYBCDp_r-vBjABOgRCSa5nQgQp9poF.4Gfr5EBEGktPeDGxRhVc1vxH3QONPQqsA74qJj03s6M https://tags.srv.stackadapt.com/js_tracking?url=https%3A%2F%2Fdev-elanco-web.azurewebsites.net%2Fen-ca&uid=b2iYRisW-kjQzKqpafMX3w&v=1&host=https%3A%2F%2Fdev-elanco-web.azurewebsites.net https://*.nr-data.net https://shyrka-prod.s3.amazonaws.com https://*.newrelic.com https://*.mypurecloud.com https://*.use1.pure.cloud wss://*.mypurecloud.com wss://*.use1.pure.cloud;; media-src https://*.mypurecloud.com https://*.use1.pure.cloud;; object-src https://*.mypurecloud.com https://*.use1.pure.cloud;; child-src https://*.mypurecloud.com https://*.use1.pure.cloud; 1
frame-ancestors 'self' *.uni-weimar.de 1
default-src 'none';script-src *.oktacdn.com 'SELF';style-src *.oktacdn.com *.googleapis.com 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'SELF' 'UNSAFE-HASHES';connect-src *.avidsuite.com wss://login.avidsuite.com *.okta.com 'SELF';font-src *.gstatic.com *.oktacdn.com 'SELF';frame-ancestors 'SELF';img-src *.oktacdn.com *.avidxchange.net *.avidsuite.com *.okta.com data: 'SELF';form-action *.avidsuite.com https://api.avidxcloud.com/SecPlat/SecAvid/avidauth/ *.okta.com 'SELF' *.avidxchange.net; 1
img-src 'self' 'nonce-fopneshFejnihegOfGeahyryahiOk' data: *.cdnbay.com cdn.speedtest.hostiserver.com img.hostiserver.com hscdn.cdnbay.com https://merchant.revolut.com https://merchant-mgmt.revolut.com https://merchant-secure.revolut.com *.revolut.com https://analytics.google.com www.google.com www.google-analytics.com *.doubleclick.net https://www.gstatic.com www.googletagmanager.com www.googleadservices.com *.googleapis.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdnbay.com cdn.speedtest.hostiserver.com img.hostiserver.com hscdn.cdnbay.com https://merchant.revolut.com https://merchant-mgmt.revolut.com https://merchant-secure.revolut.com *.revolut.com https://analytics.google.com www.google.com www.google-analytics.com *.doubleclick.net https://www.gstatic.com www.googletagmanager.com www.googleadservices.com *.googleapis.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat pay.google.com; style-src 'self' 'unsafe-inline' *.cdnbay.com cdn.speedtest.hostiserver.com img.hostiserver.com hscdn.cdnbay.com https://analytics.google.com www.google.com www.google-analytics.com *.doubleclick.net https://www.gstatic.com www.googletagmanager.com www.googleadservices.com *.googleapis.com https://merchant.revolut.com https://merchant-mgmt.revolut.com https://merchant-secure.revolut.com *.revolut.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat; frame-ancestors 'self' https://merchant.revolut.com https://merchant-mgmt.revolut.com https://merchant-secure.revolut.com *.revolut.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat https://analytics.google.com www.google.com www.google-analytics.com *.doubleclick.net https://www.gstatic.com www.googletagmanager.com www.googleadservices.com *.googleapis.com https://pay.google.com; frame-src 'self' https://merchant.revolut.com https://merchant-mgmt.revolut.com https://merchant-secure.revolut.com *.revolut.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat https://analytics.google.com www.google.com www.google-analytics.com *.doubleclick.net https://www.gstatic.com www.googletagmanager.com www.googleadservices.com *.googleapis.com https://pay.google.com; font-src 'self' data: *.cdnbay.com cdn.speedtest.hostiserver.com img.hostiserver.com hscdn.cdnbay.com https://analytics.google.com www.google.com www.google-analytics.com *.doubleclick.net https://www.gstatic.com www.googletagmanager.com www.googleadservices.com *.googleapis.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat fonts.gstatic.com; manifest-src 'self' *.cdnbay.com cdn.speedtest.hostiserver.com img.hostiserver.com hscdn.cdnbay.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat https://merchant.revolut.com https://merchant-mgmt.revolut.com https://merchant-secure.revolut.com *.revolut.com https://pay.google.com; connect-src 'self' https://storage.crisp.chat https://stats.g.doubleclick.net https://www.google.com wss://client.relay.crisp.chat wss://stream.relay.crisp.chat https://merchant.revolut.com https://merchant-mgmt.revolut.com https://merchant-secure.revolut.com *.revolut.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat https://analytics.google.com www.google.com www.google-analytics.com *.doubleclick.net https://www.gstatic.com www.googletagmanager.com www.googleadservices.com *.googleapis.com https://google.com/pay https://pay.google.com; default-src 'self' 'unsafe-inline' *.cdnbay.com cdn.speedtest.hostiserver.com img.hostiserver.com hscdn.cdnbay.com https://analytics.google.com www.google.com www.google-analytics.com *.doubleclick.net https://www.gstatic.com www.googletagmanager.com www.googleadservices.com *.googleapis.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.ecovadis.com *.googleapis.com *.cookielaw.org *.cloudflare.com *.facebook.net *.cdntwrk.com *.wistia.com *.ml314.com ml314.com *.pardot.com *.salesloft.com *.hotjar.com *.pathmotion.io *.demandbase.com *.googletagmanager.com *.youtube.com *.cookielaw.org *.cloudflare.com *.cdntwrk.com *.wistia.com *.wistia.net *.googletagmanager.com *.google-analytics.com *.hotjar.com *.ecovadis-surveys.com *.licdn.com *.google.com *.gstatic.com *.gstatic.cn *.googleadservices.com *.doubleclick.net *.pardot.com *.recaptcha.net *.zscloud.net *.jsdelivr.net *.facebook.net *.scoop.it *.googleapis.com *.zoominfo.com *.clickagy.com *.hs-scripts.com *.zi-scripts.com *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hsforms.net yoast.com *.hubspot.com blob:; style-src 'report-sample' 'self' 'unsafe-inline' *.ecovadis.com  *.cloudflare.com *.googleapis.com *.scoop.it; object-src 'none'; base-uri 'self'; connect-src 'self' * *.ecovadis.com api.mixpanel.com cdn.cookielaw.org embedwistia-a.akamaihd.net *.wistia.com *.wistia.net *.litix.io v2.api.uberflip.com *.onetrust.com *.google-analytics.com stats.g.doubleclick.net *.hotjar.com *.hotjar.com *.hotjar.io *.company-target.com *.salesloft.com *.recaptcha.net cdn.linkedin.oribi.io *.facebook.net *.google.com *.clickagy.com *.zoominfo.com *.demandbase.com *.zi-scripts.com *.hscollectedforms.net *.hubapi.com; font-src 'self' data: *.ecovadis.com/ *.gstatic.com *.wistia.com *.wistia.net *.wp.com; frame-src 'self' *.ecovadis.com *.ecovadis-surveys.com *.ecovadis-survey.com ecovadis.career-inspiration.com *.hotjar.com *.google.com  *.recaptcha.net *.facebook.com *.company-target.com *.doubleclick.net securityscorecard.com *.hsforms.com *.hsappstatic.net *.hubspot.com *.embedly.com *.wistia.com; img-src 'self' data: *.ecovadis.com *.cdntwrk.com *.wistia.com *.wistia.net *.scoop.it *.gravatar.com *.cookielaw.org *.google-analytics.com *.googletagmanager.com *.google.com *.google.pl https://id.rlcdn.com https://match.prod.bidr.io *.linkedin.com *.company-target.com  *.recaptcha.net *.facebook.com *.doubleclick.net *.clickagy.com *.openx.net *.rlcdn.com *.agkn.com *.google.it *.google.fr *.google.de *.hsforms.com *.hubspot.com *.hubspotusercontent-eu1.net *.hsappstatic.net *.googleusercontent.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.ecovadis.com *.wistia.net blob:; frame-ancestors 'self' *.ecovadis.com; worker-src blob:; 1
default-src 'self' data: https: 'unsafe-eval' 'unsafe-inline'; img-src * 'self' data: https:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.cookiebot.com bam.nr-data.net cdn.jsdelivr.net js-agent.newrelic.com youtube.com codepen.io *.codepen.io *.hotjar.com polyfill.io; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.google-analytics.com *.hotjar.com; frame-src 'self' blob: *.googletagmanager.com *.cookiebot.com *.youtube.com codepen.io *.hotjar.com player.vimeo.com; child-src 'self' blob: *.googletagmanager.com *.cookiebot.com *.youtube.com codepen.io *.hotjar.com player.vimeo.com; font-src 'self' data: script.hotjar.com; connect-src 'self' *.google-analytics.com bam.nr-data.net *.cookiebot.com *.hotjar.com wss://*.hotjar.com *.doubleclick.net; upgrade-insecure-requests 1
frame-ancestors 'self'; img-src 'self' data: https:; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://uxplanet.org https://*.uxplanet.org https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
connect-src 'self' bmz.de *.bmz.de; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistik.bmz.de; object-src 'none'; form-action 'self'; upgrade-insecure-requests; frame-ancestors 'self'; img-src 'self' data: https://statistik.bmz.de *.bmz.de *.ukraine-wiederaufbauen.de; default-src 'self'; font-src 'self' data:; frame-src https://statistik.bmz.de https://www.youtube-nocookie.com https://webtv.bundestag.de 1
upgrade-insecure-requests; frame-ancestors 'self' *.seznam.cz www.sauto.cz admin.sauto.cz *.sauto.cz; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.cz *.szn.cz gacz.hit.gemius.pl scz.hit.gemius.pl *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com cdn.id5-sync.com tags.crwdcntrl.net *.sauto.cz login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz connect.facebook.net seznam.daktela.com *.hit.gemius.pl www.googletagmanager.com *.hotjar.com unpkg.com/@seznam; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.cz *.szn.cz gacz.hit.gemius.pl scz.hit.gemius.pl *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com cdn.id5-sync.com tags.crwdcntrl.net *.sauto.cz blob: login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz connect.facebook.net seznam.daktela.com *.hit.gemius.pl www.googletagmanager.com *.hotjar.com unpkg.com/@seznam 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.stockbit.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub1d9a1c8916e2bfd1c2dbec72dd1a5283&dd-evp-origin=content-security-policy&ddsource=csp-report; 1
default-src https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://privacyportal.onetrust.com https://geolocation.onetrust.com https://v2.zopim.com https://ekr.zdassets.com https://stats.g.doubleclick.net https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *  https://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://api.mapbox.com wss://widget-mediator.zopim.com https://eucs5.klevu.com https://stats.klevu.com https://fonts.googleapis.com https://static.zdassets.com https://ekr.zdassets.com wss://*.zopim.com https://www.better.org.uk https://www.tag4arm.com https://vc.hotjar.io https://in.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ekr.zdassets.com/compose/zopim_chat/2rIpBkS7T2wycdNchPW1IDU6Q9werhJj https://fonts.googleapis.com ; img-src * 'self' data: https://*.google-analytics.com https://*.g.doubleclick.net https://*.cloudinary.com/* https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://api.mapbox.com; script-src:  https://*.googletagmanager.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.compassion.com; 1
frame-ancestors 'self' https://hella.sharepoint.com https://e2b.hella.com https://e2b-test.hella.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kaust.edu.sa *.googleapis.com *.gstatic.com www.googletagmanager.com www.google.com *.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://www.youtube.com/ https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://cdnjs.cloudflare.com https://api.cdnjs.com api.flickr.com www.flickr.com *.fontawesome.com https://feed.informer.com https://www.myleads.website/form/submit https://cdn.plyr.io https://www.youtube.com https://player.vimeo.com https://vimeo.com; style-src 'self' 'unsafe-inline' *.kaust.edu.sa *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://cdnjs.cloudflare.com *.fontawesome.com https://fonts.bunny.net/ https://campus360.org/; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://cdnjs.cloudflare.com *.fontawesome.com https://fonts.bunny.net/ https://www.brizy.cloud/; img-src 'self' https://kaust.edu.sa/ *.kaust.edu.sa *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.azureedge.net https://cdnjs.cloudflare.com live.staticflickr.com https://feed.informer.com https://cloud-1de12d.b-cdn.net/ https://i.ytimg.com https://campus360.org/ https://www.brizy.cloud/; media-src 'self' 'script-src' data: blob: https://www.brizy.cloud/; frame-src 'self' *.kaust.edu.sa https://www.youtube.com/ https://player.vimeo.com/ https://vimeo.com https://www.google.com/ https://www.youtube-nocookie.com https://campus360.org/ https://w.soundcloud.com/ https://www.brizy.cloud/; child-src 'self' *.kaust.edu.sa https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://cdnjs.cloudflare.com *.google.com https://www.youtube-nocookie.com; connect-src 'self' *.kaust.edu.sa accounts.google.com https://www.youtube-nocookie.com *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://api.cdnjs.com https://cdnjs.cloudflare.com https://campus360.org/ https://www.myleads.website https://www.brizy.cloud/; 1
frame-ancestors 'self' https://www.wur.nl https://*.3po.nl https://smaaklessen-online.nl; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com http://*.hotjar.com:* http://*.hotjar.io http://*.googletagmanager.com http://*.google-analytics.com http://*.google.com http://*.gstatic.com http://*.googleapis.com http://*.youtube.com http://*.facebook.com http://*.facebook.net https://*.kampyle.com https://*.medallia.com http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://*.clarovideo.net http://*.claromusica.com http://*.claromarketingtool.pe http://*.claro.com.pe http://claro.clientcampaigns.live https://*.google.com.mx https://*.google.com.pe https://*.hotjar.com:* https://*.hotjar.io https://*.googletagmanager.com https://tags.bkrtx.com https://stags.bluekai.com https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://digitasgt.com https://*.ads-twitter.com https://*.twitter.com https://t.co https://*.doubleclick.net https://*.adform.net https://*.clarovideo.net https://*.claromusica.com https://*.claro.com.pe https://api-prod-hn.prod.clarodigital.net https://stackpath.bootstrapcdn.com https://*.clarity.ms https://*.jsdelivr.net https://claro.clientcampaigns.live https://claro-middleware-apigw-brjb7ubo.uk.gateway.dev https://claroperupoc.vteximg.com.br https://*.clarodigital.net https://*.googleoptimize.com https://*.tiktok.com https://*.ytimg.com https://*.bootstrapcdn.com https://*.cloudflare.com https://unpkg.com https://claromarketingtool.pe https://*.claromarketingtool.pe https://api-football-v1.p.rapidapi.com https://www.youtube-nocookie.com https://cdnjs.cloudflare.com https://claro.turnosaloha.com https://hablandoclaro.pe https://netdna.bootstrapcdn.com https://analytics.pangle-ads.com https://player.twitch.tv https://cdn.onesignal.com https://smartechlatam.online https://*.api-sports.io https://*.sorteosclaro.pe https://*.bing.com https://onesignal.com https://*.onesignal.com https://cdn.mxpnl.com https://live.rezync.com https://*.lightboxcdn.com https://*.boomtrain.com https://*.cloudfront.net https://cf.ignitionone.com https://api.zetaglobal.net https://netmng.com https://*.netmng.com https://*.mixpanel.com https://*.rfihub.com https://*.rfihub.net https://*.dev-limprod.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://cdn.pushcrew.com https://useruploads.vwo.io https://*.fouanalytics.com https://*.claromarketingcloud.pe https://*.adnxs.com https://*.instana.io; media-src 'self' mediastream: blob: https://*.claro.com.pe; 1
connect-src 'self' https: *.jotun.com *.jotunprofessionals.com localhost:* *.visualstudio.com *.google-analytics.com *.googleapis.com *.cloudfront.net *.azure.com *.snapchat.com *.doubleclick.net *.qbrick.com *.dna.ip-only.net .hotjar.com *.hotjar.io wss: *.hotjar.com; default-src 'self' *.jotun.com *.jotunprofessionals.com * localhost:*; frame-src 'self' https: *.jotun.com *.jotunprofessionals.com localhost:* *.hcaptcha.com *.snapchat.com *.youtube.com *.issuu.com; media-src 'self' data: https: blob: *.jotun.com *.jotunprofessionals.com *.dna.ip-only.net; img-src 'self' data: https: *.jotun.com *.jotunprofessionals.com *.googletagmanager.com *.google.com *.google.nl *.cloudfront.net *.sharethis.com *.azure.com *.zaius.eu *.facebook.com *.dna.ip-only.net localhost:* *.hotjar.com; style-src 'self' *.jotun.com *.jotunprofessionals.com localhost:* *.jsdelivr.net *.googleapis.com 'unsafe-inline' *.hotjar.com 'unsafe-inline'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com 'unsafe-inline' *.hotjar.com; script-src 'self' data: https: blob: localhost:* *.jotun.com *.jotunprofessionals.com  *.hcaptcha.com *.azure.com *.qbrick.com *.jsdelivr.net *.googletagmanager.com *.cloudfront.net *.sharethis.com *.azure.com 'unsafe-inline' 'unsafe-eval' *.hotjar.com 'unsafe-inline'; script-src-elem 'self' https: localhost:* *.jotun.com *.jotunprofessionals.com  *.googletagmanager.com *.cloudfront.net *.sharethis.com *.azure.com *.spinnaker-js.com sc-static.net *.snapchat.com *.google-analytics.com *.googleapis.com *.facebook.net *.youtube.com *.qbrick.com  'unsafe-inline' *.hotjar.com 'unsafe-inline' 1
default-src 'self';        object-src 'self' *.cdn.datatables.net cdn.datatables.net;        connect-src 'self' *.mikrotik.com *.mt.lv maps.googleapis.com fonts.googleapis.com *.doubleclick.net;        script-src 'self' 'unsafe-inline' 'unsafe-eval' data: unpkg.com i.mt.lv *.google.com gstatic.com code.jquery.com *.gstatic.com www.google-analytics.com googleapis.com *.googleapis.com *.mikrotik.com mikrotik.com;        style-src 'self' 'unsafe-inline' i.mt.lv fonts.googleapis.com unpkg.com *.mikrotik.com mikrotik.com code.jquery.com use.typekit.net www.mikrotik.com;        img-src 'self' data: *.mikrotik.com *.mt.lv i.ytimg.com api.tiles.mapbox.com *.tile.openstreetmap.org unpkg.com *.arcgisonline.com stats.g.doubleclick.net www.google-analytics.com mikrotik.com www.mikrotik.com forum.mikrotik.com 1.aerial.maps.cit.api.here.com 2.aerial.maps.cit.api.here.com 3.aerial.maps.cit.api.here.com 4.aerial.maps.cit.api.here.com gstatic.com http://services.ga.gov.au *.gstatic.com *.googleapis.com *.arcgisonline.com *.google.com *.google.lv *.routerboard.com;        frame-src 'self' *.mikrotik.com *.mt.lv youtu.be youtube.com www.youtube.com www.google.com;        font-src 'self' data: mikrotik.com fonts.gstatic.com www.mikrotik.com i.mt.lv;        frame-ancestors 'self' *.mt.lv; 1
upgrade-insecure-requests; report-uri https://www.dasoertliche.de/csp-report 1
frame-ancestors 'self' https://*.ecplaza.net; 1
img-src * 'self' https: 'unsafe-eval' data: https://*.transcend.io/* https://*.mutinycdn.com/* https://*.mutinyhq.io/* https://*.mutinyhq.com/* https://*.qualified.com/* https://*.wistia.com/* http://splashthat.com/* http://*.marketo.net/* http://*.6sc.co/* https://app.qualified.com/ https://sync.transcend.io/ https://vercel.live/ https://www.youtube.com/ http://668-yxh-576.mktoweb.com/ https://cdn.transcend.io/ https://splashthat.com/ http://splashthat.com/ http://munchkin.marketo.net/ wss://ws.qualified.com/ https://client-registry.mutinycdn.com/ http://668-yxh-576.mktoresp.com https://videos.ctfassets.net/ wss://ws7.hotjar.com/ wss://ws-us3.pusher.com/ https://events.rm-api.com/ https://app.mutinyhq.com/; frame-ancestors 'self' https://app.mutinyhq.com/; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googletagservices.com https://adservice.google.com https://tpc.googlesyndication.com https://www.youtube.com/iframe_api https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://securepubads.g.doubleclick.net assets.adobedtm.com syndication.twitter.com www.rumiview.com i.simpli.fi rumiview.com https://www.recaptcha.net/ *.analytics.google.com *.mktoresp.com https://analytics.google.com http://analytics.google.com https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://dec.azureedge.net https://player.vimeo.com/api/player.js; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.google.com https://stats.g.doubleclick.net https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net www.rumiview.com *.analytics.google.com https://*.googletagmanager.com https://cdn.insight.sitefinity.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.google.com/ *.safeframe.googlesyndication.com https://www.recaptcha.net/ https://tpc.googlesyndication.com https://www.youtube.com https://9066869.fls.doubleclick.net/ https://securepubads.g.doubleclick.net/; connect-src 'self' accounts.google.com *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://securepubads.g.doubleclick.net https://pagead2.googlesyndication.com *.analytics.google.com https://*.googletagmanager.com https://analytics.google.com https://stats.g.doubleclick.net http://analytics.google.com http://stats.g.doubleclick.net; media-src 'self' data: blob:; child-src 'self'; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' data: blob: *.vimeo.com *.jivosite.com *.vimeocdn.com *.googletagmanager.com *.mappls.com *.mapmyindia.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.vimeo.com *.mappls.com *.mapmyindia.com *.googleapis.com; 1
upgrade-insecure-requests; frame-ancestors 'self' *.ibercajadirecto.com *.ibercaja.es; 1
default-src 'self'; script-src 'self' *.amazon-adsystem.com snap.licdn.com *.hotjar.com googleads.g.doubleclick.net *.googleadservices.com cdn1.rainlocal.com analytics.tiktok.com *.collect.igodigital.com us.personalcard.net uat.serversidegraphics.com www.google-analytics.com tagmanager.google.com www.googletagmanager.com maps.googleapis.com *.segmint.net *.bizographics.com cdn.timetrade.com *.youtube.com *.linkedin.com *.facebook.net *.facebook.com *.krxd.net *.bugherd.com *.trustarc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' tagmanager.google.com www.googletagmanager.com fonts.googleapis.com 'unsafe-inline'; img-src 'self' data: *.doubleclick.net *.rubiconproject.com *.adnxs.com *.adsrvr.org *.linkedin.com *.collect.igodigital.com us.personalcard.net uat.serversidegraphics.com www.google-analytics.com *.google.com *.googletagmanager.com *.g.doubleclick.net maps.googleapis.com *.gstatic.com i.ytimg.com jwpltx.com products.gobankingrates.com *.facebook.com *.krxd.net *.agkn.com *.depositaccounts.com *.bugherd.com *.trustarc.com *.cloudfront.net; connect-src 'self' adservice.google.com *.amazon-adsystem.com *.hotjar.com *.hotjar.io *.linkedin.com maps.googleapis.com us.personalcard.net analytics.tiktok.com uat.serversidegraphics.com www.google-analytics.com analytics.google.com *.g.doubleclick.net *.segmint.net *.krxd.net *.bugsnag.com *.pusher.com *.hawksearch.net *.hawksearch.com; child-src 'self' tagmanager.google.com www.googletagmanager.com *.segmint.net *.timetrade.com *.timetradesystems.com www.fintactix.net appvault.com *.serversidegraphics.com us.personalcard.net *.fls.doubleclick.net *.krxd.net; frame-src 'self' *.doubleclick.net *.amazon-adsystem.com *.youtube.com player.vimeo.com tagmanager.google.com www.googletagmanager.com *.segmint.net *.timetrade.com *.timetradesystems.com www.fintactix.net *.appvault.com *.serversidegraphics.com us.personalcard.net *.fls.doubleclick.net *.krxd.net *.bugherd.com *.trustarc.com; font-src 'self' data: uat.serversidegraphics.com fonts.googleapis.com fonts.gstatic.com; report-uri /csp-report.do 1
frame-ancestors 'self' *.testberichte.de 1
frame-ancestors 'self'  wbpa.wdo.io eu.wotblitz.com na.wotblitz.com asia.wotblitz.com ru.wotblitz.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://pawoo.net; img-src 'self' https: data: blob: https://pawoo.net; style-src 'self' https://pawoo.net 'nonce-ScB0uOxmRYmfol2hkhP1JQ=='; media-src 'self' https: data: https://pawoo.net; frame-src 'self' https:; manifest-src 'self' https://pawoo.net; form-action 'self'; connect-src 'self' data: blob: https://pawoo.net https://img.pawoo.net wss://pawoo.net; script-src 'self' https://pawoo.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.recaptcha.net https://www.gstatic.com 'wasm-unsafe-eval'; child-src 'self' blob: https://pawoo.net; worker-src 'self' blob: https://pawoo.net 1
script-src 'self' *.hdfcsec.com *.googleapis.com *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.zopim.com *.facebook.net *.everestjs.net *.google-analytics.com *.cloudflare.com *.twitter.com *.twimg.com *.jquery.com *.bootstrapcdn.com *.zdassets.com *.izooto.com *.jsdelivr.net 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' snowplow-web.wogaa.sg static.zdassets.com www.facebook.com cdn.syndication.twimg.com video.fsin8-1.fna.fbcdn.net video.fsin8-2.fna.fbcdn.net snowplow-web.wogaa.sg www.google-analytics.com ekr.zdassets.com flexanswer1654.zendesk.com onemap.gov.sg widget-mediator.zopim.com www.google.com www.gstatic.com static.elfsight.com;style-src 'self' 'unsafe-inline' test-gpc-1.sg.va.sabio.cloud webchat.vica.gov.sg lf16-tiktok-web.ttwstatic.com sf16-website-login.neutral.ttwstatic.com cdn.jsdelivr.net test-gpc-1.sg.va.sabio.cloud platform.twitter.com assets.dcube.cloud www.facebook.com fonts.googleapis.com assets.wogaa.sg www.gstatic.com va.ecitizen.gov.sg;script-src 'self' test-gpc-1.sg.va.sabio.cloud webchat.vica.gov.sg lf16-tiktok-web.ttwstatic.com sf16-website-login.neutral.ttwstatic.com www.tiktok.com static.elfsight.com assets-stage-elfsight-com.sfo2.cdn.digitaloceanspaces.com 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net d3pdo5aouiodr4.cloudfront.net zx54f7wti6.execute-api.ap-southeast-1.amazonaws.com googleads.g.doubleclick.net www.googleadservices.com www.google.com test-gpc-1.sg.va.sabio.cloud platform.twitter.com connect.facebook.net assets.dcube.cloud cdn.syndication.twimg.com www.facebook.com assets.adobedtm.com www.google-analytics.com www.googletagmanager.com cdn.jsdelivr.net app-script.monsido.com assets.wogaa.sg polyfill.io va.ecitizen.gov.sg static.zdassets.com unpkg.com www.gstatic.com;font-src 'self' va.ecitizen.gov.sg test-gpc-1.sg.va.sabio.cloud s3-us-west-2.amazonaws.com assets.dcube.cloud assets.wogaa.sg fonts.gstatic.com;img-src data: 'self' files.elfsightcdn.com bucket-common.vica.gov.sg dpm.demdex.net cm.everesttech.net d33wubrfki0l68.cloudfront.net www.google.com is4-ssl.mzstatic.com www.google.com.sg test-gpc-1.sg.va.sabio.cloud pbs.twimg.com syndication.twitter.com platform.twitter.com abs.twimg.com www.facebook.com scontent.fsin8-2.fna.fbcdn.net scontent.fsin8-1.fna.fbcdn.net maps-a.onemap.sg maps-b.onemap.sg maps-c.onemap.sg tracking.monsido.com www.google-analytics.com www.onemap.gov.sg docs.onemap.sg ncspteltd.sc.omtrdc.net cdn.jsdelivr.net va.ecitizen.gov.sg;child-src blob: *;connect-src 'self' *;worker-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' * 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://api.eu1.exponea.com/js/exponea.min.js https://www.google-analytics.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://*.hotjar.com https://*.hotjar.io https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://files.vr.fi https://api.tiles.mapbox.com https://cdn.jsdelivr.net/npm/chart.js@3.5.1 https://cdn.jsdelivr.net/npm/chartjs-plugin-datalabels@2.0.0 https://cdn.jsdelivr.net/npm/chart.js@3.9.1 https://cdn.jsdelivr.net/npm/chartjs-plugin-datalabels@2.1.0 https://connect.facebook.net https://api.mapbox.com https://www.gstatic.com https://www.google.com https://googletagmanager.com https://tagmanager.google.com https://www.googleanalytics.com  https://www.googleoptimize.com https://optimize.google.com https://bat.bing.com https://api.eu1.exponea.com https://*.convertexperiments.com https://*.interactionbuilder.giosg.com https://*.giosg.com https://*.giosgusercontent.com; style-src 'self' 'unsafe-inline' https://api.tiles.mapbox.com https://files.vr.fi https://googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com  https://fonts.googleapis.com https://translate.googleapis.com https://optimize.google.com https://*.hotjar.com https://*.hotjar.io https://*.giosg.com https://*.giosgusercontent.com; img-src 'self' data: https://images.ctfassets.net https://px.ads.linkedin.com https://px4.ads.linkedin.com https://*.google-analytics.com https://*.analytics.google.com https://www.google.com https://ad.doubleclick.net https://files.vr.fi https://giosg-chat-public-eu.s3.amazonaws.com https://collector.vr.fi https://adservice.google.com https://www.facebook.com https://www.googleadservices.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.linkedin.com https://translate.google.com https://optimize.google.com https://*.hotjar.com https://*.hotjar.io https://i.ytimg.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://*.giosg.com https://*.giosgusercontent.com; font-src 'self' data: https://use.fontawesome.com https://giosg-chat-public-eu.s3.amazonaws.com https://files.vr.fi https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.giosg.com https://*.giosgusercontent.com; connect-src 'self' wss://messagerouter.giosg.com wss://*.hotjar.com https://sentry.io https://api.eu1.exponea.com https://collector.vr.fi https://www.google.com https://www.google.fi https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://rata.digitraffic.fi https://vc.hotjar.io https://api.mapbox.com https://events.mapbox.com https://aste-hvv.vr.fi https://junatkartalla-cal-prod.herokuapp.com https://*.hotjar.com https://*.hotjar.io https://crm-customerforms-prod-attachment-data.s3.eu-west-1.amazonaws.com https://crm-customerforms-dr-attachment-data.s3.eu-west-1.amazonaws.com https://region1.google-analytics.com https://*.vrpublic.fi https://cdn.linkedin.oribi.io https://app.eu1.exponea.com https://*.convertexperiments.com https://test.lippu-test.vr.fi https://www.lippu.vr.fi https://common-gis-test.vr.fi https://common-gis.vr.fi https://*.giosg.com https://*.giosgusercontent.com; media-src 'self' https://videos.ctfassets.net https://*.giosg.com https://*.giosgusercontent.com; object-src 'self' https://*.giosg.com https://*.giosgusercontent.com; child-src 'self' blob: https://*.hotjar.com https://*.hotjar.io https://vr.leadfamly.com https://my.matterport.com https://www.youtube.com https://youtube.com https://www.google.com https://*.vr.fi https://optimize.google.com https://link.webropolsurveys.com https://*.giosg.com https://*.giosgusercontent.com; worker-src 'self' blob: https://*.vr.fi https://*.giosg.com https://*.giosgusercontent.com; frame-ancestors 'self' https://www.cwt-train-online.fi; form-action 'self' https://www.facebook.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' https://api.eu1.exponea.com 1
default-src 'self' *.clario.co *.kromtech.net;frame-src 'self' *.liadm.com *.doubleclick.net *.hotjar.com *.google.com *.facebook.com *.youtube.com *.youtube-nocookie.com https://*.google.com https://*.hotjar.com *.clario.co https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.trustpilot.com https://dl2.clario.co/;child-src 'self';img-src 'self' *.kromtech.net *.clario.co *.ytimg.com data: *.visualwebsiteoptimizer.com *.bing.com *.google-analytics.com *.facebook.com *.liadm.com *.doubleclick.net *.hotjar.com *.owox.com *.zoomsupport.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.taboola.com *.googletagmanager.com *.clarity.ms *.linkedin.com/ https://p.adsymptotic.com https://impressions.onelink.me https://unpkg.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clario.co *.google.com *.taboola.com https://*.google.com *.gstatic.com https://*.gstatic.com *.google-analytics.com https://*.google-analytics.com *.googletagmanager.com https://*.googletagmanager.com *.googleadservices.com *.bing.com *.facebook.net *.hotjar.com https://*.hotjar.com *.liadm.com *.visualwebsiteoptimizer.com *.kromtech.net https://*.kromtech.net *.doubleclick.net *.youtube.com *.ytimg.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googleoptimize.com/ https://snap.licdn.com https://websdk.appsflyer.com *.trustpilot.com *.sentry-cdn.com http://cdn.mxpnl.com *.mackeeper.com *.clarity.ms https://api.account.mackeeper.com https://api.account.sz.mackeeper.com;style-src 'self' 'unsafe-inline' *.clario.co *.googleapis.com *.kromtech.net https://*.kromtech.net *.google.com *.googletagmanager.com https://zchat.account.sz.clario.co https://zchat.account.clario.co https://zchat.account.mackeeper.com https://zchat.account.sz.mackeeper.com;font-src 'self' data: *.clario.co *.gstatic.com *.hotjar.com *.kromtech.net https://*.kromtech.net https://zchat.account.sz.clario.co https://zchat.account.clario.co https://cdn.appsflyer.com https://zchat.account.sz.mackeeper.com https://zchat.account.mackeeper.com;object-src 'self';connect-src 'self' *.clario.co http://clario.co https://clario.co *.google.com *.kromtech.net http://lumis.com http://kromtech.net https://kromtech.net *.facebook.com *.hotjar.io *.hotjar.com *.doubleclick.net *.google-analytics.com *.taboola.com wss://*.hotjar.com https://*.hotjar.com https://firebasedynamiclinks.googleapis.com/ *.appsflyer.com https://sentry.cloudmccloud.com https://api-js.mixpanel.com https://crm.account.mackeeper.com https://crm.account.sz.mackeeper.com https://chat-crm.account.mackeeper.com https://chat-crm.account.sz.mackeeper.com/ *.mackeeper.com *.clarity.ms https://api.account.mackeeper.com https://api.account.sz.mackeeper.com https://api-ne.mackeeper.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.asicentral.com *.youtube.com *.google.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.facebook.com *.facebook.net *.vimeo.com *.googletagmanager.com/ *.deskpro.com *.pardot.com *.hotjar.com *.hotjar.io/ *.soundcloud.com/ *.linkedin.com *.twitter.com https://js.hsforms.net js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com www.gstatic.com https://bat.bing.com https://translate.googleapis.com https://twitter.com https://reports.hrmdirect.com https://www.instagram.com https://www.tiktok.com https://cdnjs.cloudflare.com https://servedbyadbutler.com https://widgets.getsitecontrol.com https://kit.fontawesome.com https://ajax.googleapis.com https://google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com https://lf16-tiktok-web.ttwstatic.com https://public.flourish.studio https://code.jquery.com https://asicentral.tourial.com;object-src 'self' *.googlesyndication.com;style-src 'self' 'unsafe-inline' *.asicentral.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.deskpro.com *.google.com *.pardot.com *.hotjar.com *.hotjar.io/ https://*.fontawesome.com/ https://cdnjs.cloudflare.com https://reports.hrmdirect.com https://lf16-tiktok-web.ttwstatic.com;img-src 'self' data: *.asicentral.com *.facebook.com *.facebook.net *.hotjar.com *.hotjar.io/ *.vimeocdn.com/ *.youtube.com/ *.google.com/ *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.hsforms.com *.hubspot.com https://bat.bing.com https://assets-us1-cloud.deskpro.com https://syndication.twitter.com https://servedbyadbutler.com https://dashboard.umbraco.org https://dashboard.umbraco.com https://www.gravatar.com https://public.flourish.studio;media-src 'self' *.asicentral.com *.facebook.com *.vimeo.com/ *.youtube.com/;frame-src 'self' *.hotjar.com/ *.hotjar.io/ *.youtube.com/ *.asicentral.com/ *.vimeo.com/ *.hubspot.com *.google.com *.facebook.com *.facebook.net *.soundcloud.com/ 43541275.hs-sites.com/ *.linkedin.com https://twitter.com *.twitter.com https://asicentral.hrmdirect.com https://www.instagram.com https://lf16-tiktok-web.ttwstatic.com https://www.tiktok.com https://biteable.com https://datawrapper.dwcdn.net https://flo.uri.sh *.hsforms.com *.hs-scripts.com https://asicentral.tourial.com;font-src 'self' data: *.bootstrapcdn.com/ *.google.com/ https://fonts.gstatic.com *.fontawesome.com/ *.gstatic.com;base-uri 'self';child-src 'self' blob: data: *.vimeo.com *.google.com *.facebook.com *.youtube.com;form-action 'self' *.google.com *.facebook.com *.facebook.net *.asicentral.com *.jsdelivr.net *.hsforms.com;frame-ancestors 'self' *.asicentral.com;worker-src blob: https://www.asicentral.com;upgrade-insecure-requests;block-all-mixed-content 1
default-src 'self' https://www.zsl.org https://cms.zsl.org; object-src 'none'; base-uri 'self'; style-src 'self' https://www.zsl.org https://cms.zsl.org 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://tagmanager.google.com https://www.googletagmanager.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com https://www.tripadvisor.co.uk https://static.tacdn.com ; font-src 'self' https://www.zsl.org https://cms.zsl.org data: https://p.typekit.net https://use.typekit.net https://fonts.gstatic.com https://fonts.googleapis.com https://script.hotjar.com https://static.tacdn.com ; script-src 'self' https://www.zsl.org https://cms.zsl.org 'nonce-31497a4231454438324f52347752436b' 'sha256-ZnhAS6LXLZWmpPSEDrVRkNeIsVEIsRredGkFx2WiKec=' 'sha256-iW4WnuBtxrtQK6YASZph6rx6yZZMg0U77OLIlEZvlDA=' 'sha256-48TuDkUabuH2v1zRqgyqecgn+HRkc9gfpOVMELfgzQI=' 'sha256-U96gVTGDtlmnaK204EbaOTNyZRKvfBiWyuolgJwd8CI=' 'sha256-2L/tFj1yFovfnD4TertAGuww56zrGsGC1JDWaqC75s0=' 'sha256-9HOlWcnxwIXUmTPdnAhre+W8Z0FDeSQmn4+a1GXnQSA=' 'sha256-dKGt8dCuqKR/hwtTSFNbDeXeYUxOjtop6H2SYqoIGvc=' 'sha256-y6gO+OYD2TDPY9r3GtOTvnCs5/oE/O7PmNL2zaGYeJQ=' 'sha256-Jg7eYnts8zlTEJyHuCysngL/qIiJiSEFfkFvZJOMRGY=' https://cdn.jsdelivr.net https://connect.facebook.net https://cookie-cdn.cookiepro.com https://r1.dotdigital-pages.com https://r1-t.trackedlink.net/_dmpt.js https://s.yimg.com/wi/ytc.js https://static.hotjar.com https://script.hotjar.com https://analytics.twitter.com https://static.ads-twitter.com/uwt.js https://www.dwin1.com/15333.js https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://www.youtube.com https://www.youtube-nocookie.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://campaign.zsl.org https://reclaimhub.com https://www.tripadvisor.co.uk https://www.tripadvisor.com https://static.tacdn.com https://www.jscache.com https://analytics.tiktok.com https://static.trackedweb.net https://www.googletagmanager.com https://lantern.roeyecdn.com https://go.affec.tv https://cdn.cookielaw.org https://secure.adnxs.com ; connect-src 'self' https://www.zsl.org https://cms.zsl.org https://cookie-cdn.cookiepro.com https://s.yimg.com https://stats.g.doubleclick.net https://*.google.co.uk https://*.google.com https://*.google-analytics.com https://geolocation.onetrust.com https://privacyportal.cookiepro.com https://*.analytics.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com/tr/ https://campaign.zsl.org https://analytics.tiktok.com https://px.ads.linkedin.com ; frame-src 'self' https://www.zsl.org https://cms.zsl.org data: https://*.fls.doubleclick.net https://vars.hotjar.com https://www.facebook.com https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://r1.dotdigital-pages.com https://www.arcgis.com https://html5-player.libsyn.com https://campaign.zsl.org https://www.google.com https://bid.g.doubleclick.net https://td.doubleclick.net https://reclaimhub.com https://zsl-london-zoo-timeline.octophindev.com https://cdn.knightlab.com https://my.matterport.com https://hhakkinen.shinyapps.io ; frame-ancestors 'self' https://www.zsl.org https://cms.zsl.org https://cms.zsl.org https://www.zsl.org https://cms.londonzoo.org https://www.londonzoo.org https://cms.whipsnadezoo.org https://www.whipsnadezoo.org https://campaign.zsl.org ; img-src 'self' https://www.zsl.org https://cms.zsl.org data: https://analytics.twitter.com https://cookie-cdn.cookiepro.com https://sp.analytics.yahoo.com https://t.co https://www.facebook.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.uk https://www.google.be https://campaign.zsl.org https://static.hotjar.com https://script.hotjar.com https://i.ytimg.com https://*.fls.doubleclick.net https://ad.doubleclick.net https://*.googlesyndication.com https://www.tripadvisor.co.uk https://px.ads.linkedin.com https://adservice.google.com https://lantern.roeye.com https://map.go.affec.tv ; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-sclotusinnline' static.trunkpkg.com www.googletagmanager.com apis.google.com accounts.google.com *.mediacdn.vn *.vnpt.vn *.cdnchinhphu.vn *.cnnd.vn vscc-hosting.mediacdn.vn platform.twitter.com connect.facebook.net  www.google-analytics.com cdn.syndication.twimg.com *.sohatv.vn media1.admicro.vn chinhphu.vn *.chinhphu.vn *.admicro.vn contineljs.com *.contineljs.com *.genmonet.com genmonet.com cdnstoremedia.com *.cdnstoremedia.com amcdn.com *.amcdn.com nanda.vn *.nanda.vn static.amcdn.vn deqik.com imasdk.googleapis.com *.zalo.me za.zdn.vn td.doubleclick.net instagram.com; child-src 'self' *.cnnd.vn *.mediacdn.vn *.vnpt.vn *.sohatv.vn sport5.vn sport5.cnnd.vn blob: *.admicro.vn *.youtube.com *.facebook.com *.twitter.com twitter.com *.youtu.be www.instagram.com instagram.com www.google-analytics.com apis.google.com accounts.google.com contineljs.com *.contineljs.com genmonet.com *.genmonet.com cdnstoremedia.com *.cdnstoremedia.com amcdn.com *.amcdn.com nanda.vn *.nanda.vn *.zalo.me za.zdn.vn td.doubleclick.net instagram.com; form-action 'self' *.cnnd.vn syndication.twitter.com platform.twitter.com; object-src 'self'; media-src 'self' blob: *.sohatv.vn *.qltns.mediacdn.vn *.vnpt.vn *.cdnchinhphu.vn *.zalo.me za.zdn.vn td.doubleclick.net instagram.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://*.clarity.ms https://www.notifyvisitors.com https://static.ads-twitter.com https://www.linkedin.com https://web-in21.mxradon.com https://bat.bing.com http://*.googleadservices.com https://f1.leadsquaredcdn.com https://*.notifyvisitors.com wss://kotaksecurities-uat.allincall.in wss://*.notifyvisitors.com https://fonts.gstatic.com https://*.googleapis.com https://kotak9-securities-acc.allincall.in https://kotak-securities-acc.allincall.in https://stats.g.doubleclick.net https://www.facebook.com https://www.google.com https://www.google.co.in https://accounts.google.com https://kotaksecurities-uat.allincall.in https://kotak-securities-acc-uat.allincall.in https://*.doubleclick.net https://*.amazonaws.com https://adservice.google.com https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.11.4/jquery-ui.js https://*.cloudfront.net/Simplify360Chat.js https://www.youtube.com https://www.gstatic.com https://websdk.appsflyer.com https://unpkg.com/web-vitals@3/dist/web-vitals.iife.js 1
img-src 'self' *.azurewebsites.net *.wpengine.com *.chuckecheese.com *.cecentertainment.net *.azureedge.net *.typekit.net *.gstatic.com *.googleapis.com data: *.bing.com t.co *.adnxs.com *.google-analytics.com *.google.co.in *.google.com *.facebook.com *.adroll.com *.ktxlytics.io *.windows.net *.sc-static.net *.snapchat.com *.smushcdn.com *.doubleclick.net *.five9.com *.moengage.com *.googletagmanager.com *.wistia.com *.clarity.ms 1
frame-ancestors 'self' http://stfrontdeskstg.smartone.com http://stfrontdesk.smartone.com http://smartone-pro.redso.com.hk https://smartone-pro.redso.com.hk https://smartoneplus.s-rewards.hk 1
upgrade-insecure-requests;frame-ancestors 'self' *.bochk.com *.bocgroup.com *.ftcwifi.com *.posangonline.com 1
default-src 'self'; connect-src 'self' https://kontakt.tuhh.de/api/search.php https://jobs.b-ite.com/api/v1/postings/search; font-src 'self' data:; frame-src 'self' https://www.youtube.com https://cse.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.tuhh.de https://*.tu-harburg.de; img-src 'self' data: https://www.juicer.io https://img.youtube.com https://*.openstreetmap.org https://unpkg.com https://*.google.com https://*.gstatic.com https://*.tuhh.de https://*.tu-harburg.de; media-src 'self' https://*.tuhh.de https://*.tu-harburg.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://cdn.jsdelivr.net https://unpkg.com https://cse.google.com https://www.google.com/cse/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.b-ite.com/jobs-api/ https://cs-assets.b-ite.com/technische-uni-hamburg/jobs-api/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://unpkg.com https://www.google.com/cse/ https://cs-assets.b-ite.com/technische-uni-hamburg/jobs-api/; frame-ancestors 'self'; report-uri https://intranet.tuhh.de/cspreport.php 1
default-src https://player.vimeo.com docs.google.com https://optimize.google.com https://www.splash-screen.net support.google.com https://cdn.cookielaw.org policies.google.com https://maps.googleapis.com optimize.google.com stats.g.doubleclick.net cse.google.com maps.google.com www.google.com https://9274211.fls.doubleclick.net https://leads.sandboxbnpparibas.pl prospectleads.bnpparibas.pl https://geolocation.onetrust.com leads.sandboxbnpparibas.pl bnp-paribas.user.com https://www.clarity.ms www.ratatu.pl https://bat.bing.com calendar.google.com analytics.twitter.com widget.user.com https://api.ehoundplatform.com https://privacyportal-fr.onetrust.com https://vimeo.com googleads.g.doubleclick.net play.google.com developers.google.com qtank.salesmore.pl apis.google.com 'self'; font-src https://leads.sandboxbnpparibas.pl docs.google.com https://themes.googleusercontent.com/ fonts.googleapis.com prospectleads.bnpparibas.pl https://geolocation.onetrust.com leads.sandboxbnpparibas.pl support.google.com policies.google.com www.ratatu.pl calendar.google.com widget.user.com https://api.ehoundplatform.com https://fonts.gstatic.com googleads.g.doubleclick.net play.google.com developers.google.com themes.googleusercontent.com cse.google.com maps.google.com www.google.com apis.google.com https://9274211.fls.doubleclick.net 'self'; style-src docs.google.com support.google.com https://cdn.cookielaw.org policies.google.com https://maps.googleapis.com privacyportal.onetrust.com https://www.gstatic.com cse.google.com maps.google.com www.google.com https://9274211.fls.doubleclick.net https://fonts.googleapis.com https://leads.sandboxbnpparibas.pl prospectleads.bnpparibas.pl https://tagmanager.google.com https://geolocation.onetrust.com leads.sandboxbnpparibas.pl bnp-paribas.user.com www.googleapis.com www.ratatu.pl calendar.google.com widget.user.com https://api.ehoundplatform.com googleads.g.doubleclick.net play.google.com developers.google.com https://skk.erecruiter.pl apis.google.com https://www.ytimg.com 'self' 'nonce-0ZrXRKKQQOsX5JkZBa1ILg=='; img-src docs.google.com https://optimize.google.com https://img.youtube.com https://www.facebook.com https://cdn.cookielaw.org https://pixel.wp.pl policies.google.com https://cm.g.doubleclick.net stats.g.doubleclick.net maps.google.com www.google.com www.gstatic.com bcp.crwdcntrl.net https://9274211.fls.doubleclick.net www.google-analytics.com www.0.s-nk.pl https://leads.sandboxbnpparibas.pl fonts.googleapis.com leads.sandboxbnpparibas.pl ajax.googleapis.com bnp-paribas.user.com https://www.clarity.ms www.ratatu.pl https://www.googleapis.com widget.user.com https://ade.googlesyndication.com googleads.g.doubleclick.net developers.google.com https://skk.erecruiter.pl www.s3.cdn03.imgwykop.pl https://www.twitter.com https://emplocity.com https://googleads4.g.doubleclick.net https://www.googleadservices.com i.ctnsnet.com support.google.com https://ib.adnxs.com https://dot.wp.pl region1.google-analytics.com https://i.ytimg.com googleapis.com https://googleads.g.doubleclick.net maps.googleapis.com https://www.google-analytics.com/ https://maps.google.com gcm.ctnsnet.com www.googletagmanager.com cse.google.com https://www.emplocity.com https://tbl.tradedoubler.com clients1.google.com https://ad.doubleclick.net prospectleads.bnpparibas.pl https://geolocation.onetrust.com www.linkedin.com region1.analytics.google.com https://s1.2mdn.net https://bat.bing.com calendar.google.com https://www.google.pl analytics.twitter.com https://sp.analytics.yahoo.com https://maps.gstatic.com https://api.ehoundplatform.com www.passets.pinterest.com https://i.vimeocdn.com https://developers.google.com play.google.com apis.google.com www.passets.pinimg.com 'self'; frame-src https://emplocity.com www.wykop.pl https://player.vimeo.com docs.google.com https://www.linkedin.com https://s-static.ak.facebook.com https://www.s-static.ak.facebook.com https://www.facebook.com support.google.com policies.google.com stats.g.doubleclick.net https://platform.linkedin.com cse.google.com maps.google.com www.google.com static.ak.facebook.com https://www.wykop.pl https://www.youtube.com https://9274211.fls.doubleclick.net https://leads.sandboxbnpparibas.pl www.facebook.com prospectleads.bnpparibas.pl leads.sandboxbnpparibas.pl https://bid.g.doubleclick.net bnp-paribas.user.com https://4397256.fls.doubleclick.net www.ratatu.pl https://accounts.google.com calendar.google.com widget.user.com https://api.ehoundplatform.com https://vimeo.com googleads.g.doubleclick.net play.google.com https://web.facebook.com developers.google.com apis.google.com 'self'; script-src https://player.vimeo.com www.widgets.pinterest.com https://optimize.google.com https://app.ehoundplatform.com https://cdn.cookielaw.org https://pixel.wp.pl https://platform.linkedin.com https://www.gstatic.com www.google.com www.assets.pinterest.com https://www.youtube.com https://9274211.fls.doubleclick.net www.google-analytics.com www.0.s-nk.pl https://leads.sandboxbnpparibas.pl https://www.google.com https://cse.google.com fonts.googleapis.com leads.sandboxbnpparibas.pl ajax.googleapis.com bnp-paribas.user.com https://partner.googleadservices.com https://www.clarity.ms www.cdn.api.twitter.com www.ratatu.pl https://www.googleapis.com www.platform.linkedin.com www.static.ak.facebook.com widget.user.com https://apis.google.com https://skk.erecruiter.pl https://emplocity.com https://px.wp.pl https://www.googleadservices.com https://www.splash-screen.net https://www.s-static.ak.facebook.com https://www.oauth.googleusercontent.com https://maps.googleapis.com googleapis.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net maps.googleapis.com privacyportal.onetrust.com https://maps.google.com www.googletagmanager.com https://cdn.jsdelivr.net clients1.google.com https://ad.doubleclick.net https://connect.facebook.net prospectleads.bnpparibas.pl https://tagmanager.google.com https://geolocation.onetrust.com https://leads.sanboxbnpparibas.pl https://s.ytimg.com http://platform.linkedin.com www.linkedin.com https://bat.bing.com https://www.bnpparibas.pl https://www.google.pl analytics.twitter.com https://api.ehoundplatform.com https://maps.gstatic.com https://vimeo.com https://developers.google.com https://prospectleads.bnpparibas.pl player.vimeo.com https://www.google-analytics.com analytics.google.com www.platform.twitter.com https://www.apis.google.com 'self' 'unsafe-eval' 'nonce-0ZrXRKKQQOsX5JkZBa1ILg==' 'strict-dynamic'; object-src docs.google.com https://stats.g.doubleclick.net support.google.com https://cdn.cookielaw.org policies.google.com https://maps.googleapis.com stats.g.doubleclick.net cse.google.com maps.google.com www.google.com https://9274211.fls.doubleclick.net https://www.youtube.com https://leads.sandboxbnpparibas.pl prospectleads.bnpparibas.pl https://geolocation.onetrust.com leads.sandboxbnpparibas.pl bnp-paribas.user.com www.ratatu.pl https://bat.bing.com calendar.google.com widget.user.com https://api.ehoundplatform.com googleads.g.doubleclick.net play.google.com developers.google.com apis.google.com; connect-src https://emplocity.com docs.google.com https://pagead2.googlesyndication.com https://v.clarity.ms https://www.splash-screen.net https://www.facebook.com support.google.com https://cdn.cookielaw.org policies.google.com https://maps.googleapis.com region1.google-analytics.com stats.g.doubleclick.net cf.bnpparibas.pl https://app.userengage.com wss://bnp-paribas.user.com www.googletagmanager.com cse.google.com maps.google.com www.google.com https://9274211.fls.doubleclick.net https://www.youtube.com https://leads.sandboxbnpparibas.pl prospectleads.bnpparibas.pl https://geolocation.onetrust.com leads.sandboxbnpparibas.pl bnp-paribas.user.com region1.analytics.google.com www.splash-screen.net https://www.clarity.ms www.ratatu.pl https://bat.bing.com calendar.google.com analytics.twitter.com https://www.google.pl widget.user.com https://y.clarity.ms https://api.ehoundplatform.com https://privacyportal-fr.onetrust.com https://vimeo.com googleads.g.doubleclick.net play.google.com developers.google.com https://www.google-analytics.com analytics.google.com qtank.salesmore.pl apis.google.com https://csp.withgoogle.com 'self'; form-action 'self'; report-to csp-endpoint; base-uri 'self' 1
frame-ancestors 'self' fleetfarm.com *.fleetfarm.com *.flippenterprise.net *.googletagmanager.com *.vimeo.com *.cloudfront.net *.adsrvr.org *.listrakbi.com *.pinimg.com *.facebook.net *.tiktok.com; 1
default-src 'self';; base-uri 'self';; connect-src 'self' 'nonce-e7bc7b7875e32078fcd103d77163cf39' geolocation.onetrust.com 120-gkj-051.mktoutil.com 120-gkj-051.mktoresp.com www.google.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com secure.adnxs.com cdn.cookielaw.org api.lever.co vimeo.com https://pagead2.googlesyndication.com googlesyndication.com https://investors.palantir.com https://palantir.com;; font-src 'self' fonts.gstatic.com;; frame-src 'self' 'nonce-e7bc7b7875e32078fcd103d77163cf39' 120-gkj-051.mktoweb.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ bid.g.doubleclick.net cdn.cookielaw.org player.vimeo.com www.youtube.com www.youtube-nocookie.com palantir.tfaforms.net www.google.com;; img-src 'self' 'nonce-e7bc7b7875e32078fcd103d77163cf39' cdn.cookielaw.org www.linkedin.com/px/ heapanalytics.com www.google.com googleads.g.doubleclick.net p.adsymptotic.com secure.adnxs.com px.ads.linkedin.com www.googletagmanager.com www.google-analytics.com https://ade.googlesyndication.com data: i.ytimg.com 'nonce-e7bc7b7875e32078fcd103d77163cf39';; script-src 'self' 'nonce-e7bc7b7875e32078fcd103d77163cf39' 120-gkj-051.mktoweb.com www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ snap.licdn.com munchkin.marketo.net palantir.tfaforms.net player.vimeo.com cdn.cookielaw.org https://*.googletagmanager.com;; style-src 'self' 'unsafe-inline' 120-gkj-051.mktoweb.com www.googletagmanager.com hello.myfonts.net fonts.googleapis.com palantir.tfaforms.net;; object-src 'none'; frame-ancestors 'self' https://resources.palantir.com;; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.twitter.com https://*.sumsub.com;script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.sumsub.com;img-src 'self' data: blob: https://objects-eu.idanalyzer.com https://*.google-analytics.com https://*.googletagmanager.com https://*.twitter.com https://*.xeggex.com https://*.sumsub.com;connect-src 'self' https://*.google-analytics.com https://*.sumsub.com wss://*.xeggex.com wss://xeggex.com https://*.xeggex.com;frame-src 'self' https://*.twitter.com https://*.sumsub.com https://*.cloudflare.com;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'none'; base-uri 'self' *.32auctions.com; connect-src 'self' *.32auctions.com *.googlesyndication.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.google.com; font-src 'self' https: data:; form-action 'self' *.32auctions.com; frame-ancestors 'self'; frame-src 'self' *.32auctions.com *.googlesyndication.com *.doubleclick.net *.google.com *.youtube-nocookie.com *.facebook.com *.recaptcha.net *.stripe.com; img-src 'self' data: *.32auctions.com *.facebook.com *.twimg.com *.googlesyndication.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; manifest-src 'self' *.32auctions.com; object-src 'none'; script-src 'self' *.32auctions.com 'strict-dynamic' 'unsafe-inline' *.googlesyndication.com *.gstatic.com *.stripe.com *.facebook.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat 'nonce-8a7218ca386d09d3dbfdfd131b463185'; style-src 'self' 'unsafe-inline' *.32auctions.com fonts.googleapis.com *.gstatic.com; report-uri /csp_violation_reports 1
object-src self 'self' 'unsafe-inline'; media-src *.adobe.com self https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests; frame-ancestors 'self' self https://*.grabagun.com https://*.credova.com https://*.authorize.net *.authorize.net 'self'; form-action 'self' geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com self https://*.authorize.net *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://widgets.turnto.com/ https://static.olark.com/ https://optimize.google.com https://fonts.googleapis.com https://web-sdk.aptrinsic.com/ http://cdn.avmws.com/ https://cdn.listrakbi.com/ *.adobe.com https://tagmanager.google.com https://d22q3dafggn5rg.cloudfront.net https://www.google.com https://www.google.pl https://www.google.com.ua https://www.google.ca *.turnto.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdns.brsrvr.com/ https://cdn.scarabresearch.com/ https://d22q3dafggn5rg.cloudfront.net/ https://certify-js.alexametrics.com/ https://static.zdassets.com/ https://www.googletagmanager.com/ https://google.com/ https://widget-mediator.zopim.com/ https://www.google-analytics.com/ https://www.gstatic.com/ https://widgets.turnto.com/ https://suggest.dxpapi.com https://jstest.authorize.net https://ajax.cloudflare.com/ https://js-agent.newrelic.com https://bam.nr-data.net/ https://static.olark.com/ https://maps.googleapis.com/ https://js.authorize.net/ https://www.youtube.com/ https://s.ytimg.com/ https://static.scarabresearch.com/ https://www.google.com/ https://knrpc.olark.com/ https://api.olark.com/ https://www.googleapis.com/ https://bam-cell.nr-data.net/ https://plugin.credova.com/ https://static.cloudflareinsights.com/ *.crazyegg.com https://image.grabagun.com https://optimize.google.com https://up.pixel.ad/ https://web-sdk.aptrinsic.com/ https://googleads.g.doubleclick.net/ https://cdn.avmws.com/1023073/ https://ssl.avmws.com/1023073/ https://*.googleapis.com *.google-analytics.com *.analytics.google.com https://shopper.shop.pe https://d3rr3d0n31t48m.cloudfront.net https://addshoppers.s3.amazonaws.com https://nytrng.com https://voltn.com https://addshoppers.com https://static.traversedlp.com https://shop.pe https://s1.listrakbi.com/ https://s2.listrakbi.com/ https://cdn.listrakbi.com/ https://at1.listrakbi.com/ https://al1.listrakbi.com/ https://bl.listrakbi.com/ https://oc.listrakbi.com/ https://edge.fullstory.com/ https://services.listrak.com/ https://api.videoly.co/ https://dapi.videoly.co/ https://arches.avantlink.com/ https://api.smooch.io/ assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com https://www.google-analytics.com googleads.g.doubleclick.net analytics.google.com https://www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com www.googletagmanager.com www.google-analytics.com *.exponea.com *.plugins.emarsys.net *.scarabresearch.com www.xtento.com cdn.xtento.com self https://maps.googleapis.com https://fonts.googleapis.com/* https://tagmanager.google.com https://d22q3dafggn5rg.cloudfront.net https://www.gstatic.com https://www.google.pl https://www.google.com.ua https://www.google.ca https://static.zdassets.com https://cdns.brsrvr.com https://cdn.scarabresearch.com https://static.cloudflareinsights.com https://*.credova.com https://*.authorize.net https://*.fullstory.com https://cdn.userway.org *.maxmind.com *.turnto.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://www.xtento.com https://certify.alexametrics.com https://p.brsrvr.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com/ https://www.google.com.ua/ https://amasty.com/ data: https://maps.gstatic.com/ https://maps.googleapis.com/ https://wac.edgecastcdn.net/ https://www.googletagmanager.com/ https://www.google.ca/ https://log.olark.com/ https://bam-cell.nr-data.net/ https://plugin.credova.com/ *.crazyegg.com https://image.grabagun.com https://redirect.prod.experiment.routing.cloudfront.aws.a2z.com/ https://optimize.google.com https://pixel.sitescout.com/ https://tracking.avantlink.com/ https://*.googleapis.com https://shopper.shop.pe https://i.liadm.com https://s1.listrakbi.com/ https://s2.listrakbi.com/ https://sca1.listrakbi.com/ https://sca2.listrakbi.com/ http://mediacdn.espssl.com/ https://rs.fullstory.com/ https://dapi.videoly.co/ https://i.ytimg.com/ https://connect.bolt.com/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net https://cm.everesttech.net https://*.omtrdc.net/ widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com https://www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.xtento.com cdn.xtento.com self https://grabagun.com https://img.youtube.com https://maps.googleapis.com https://maps.gstatic.com https://wac.edgecastcdn.net https://d22q3dafggn5rg.cloudfront.net https://www.google.com https://www.google.pl https://www.google.com.ua https://www.google.ca https://static.zdassets.com https://cdns.brsrvr.com https://cdn.scarabresearch.com https://*.credova.com https://*.userway.org wac.edgecastcdn.net store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; frame-src 'self' https://static.olark.com/ https://www.google.com https://www.youtube.com https://gun-rebates.com/ https://win-a-truck.com/ https://preferences.grabagun.com/ https://www.youtube-nocookie.com https://sandbox-lending.credova.com/ https://lending.credova.com/ https://image.grabagun.com/ https://optimize.google.com https://pixel.sitescout.com/ https://photos.pixlee.co/ https://*.doubleclick.net/ *.google-analytics.com *.analytics.google.com https://nytrng.com https://services.listrak.com/ https://arches.avantlink.com/ fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.xtento.com self https://*.grabagun.com https://*.credova.com https://*.authorize.net photos.pixlee.co *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com https://optimize.google.com https://image.grabagun.com data: self https://d22q3dafggn5rg.cloudfront.net https://*.authorize.net data: 'self' 'unsafe-inline'; connect-src 'self' https://ekr.zdassets.com/ https://recommender.scarabresearch.com/ https://grabagun.zendesk.com/ wss://widget-mediator.zopim.com https://cdn-ws.turnto.com/ https://bam.nr-data.net/ https://js.authorize.net/ https://jstest.authorize.net/ https://www.google-analytics.com https://ws.turnto.com https://webchannel-content.eservice.emarsys.net https://recommender-eu.scarabresearch.com/ https://static.zdassets.com/ https://knrpc.olark.com/ https://apitest.authorize.net/ wss://grabagun.zendesk.com/ https://api2.authorize.net/ https://stats.g.doubleclick.net/ https://bam-cell.nr-data.net/ https://sandbox-lending-api.credova.com/ https://lending-api.credova.com/ https://we.turnto.com/ *.crazyegg.com https://image.grabagun.com https://esp-m.aptrinsic.com/ https://*.googleapis.com *.google-analytics.com *.analytics.google.com https://shop.pe *.shop.pe https://product.listrakbi.com/ https://recs.listrakbi.com/ https://bl.listrakbi.com/ https://onsite-api.listrak.com/ https://oc.listrakbi.com/ https://rs.fullstory.com/ https://edge.fullstory.com/ wss://api.smooch.io/faye https://zendesk-eu.my.sentry.io/ dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.exponea.com *.scarabresearch.com *.eservice.emarsys.net self https://stats.g.doubleclick.net https://d22q3dafggn5rg.cloudfront.net https://bam-cell.nr-data.net https://grabagun.zendesk.com https://static.zdassets.com https://cdns.brsrvr.com https://cdn.scarabresearch.com https://*.credova.com https://*.demdex.net https://*.authorize.net https://*.fullstory.com https://*.listrakbi.com https://*.userway.org *.mmapiws.com *.turnto.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; default-src 'self' https://static.zdassets.com https://static.olark.com *.crazyegg.com https://fonts.googleapis.com/ https://image.grabagun.com self https://d22q3dafggn5rg.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; worker-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdns.brsrvr.com/ https://cdn.scarabresearch.com/ https://d22q3dafggn5rg.cloudfront.net/ https://certify-js.alexametrics.com/ https://static.zdassets.com/ https://www.googletagmanager.com/ https://google.com/ https://widget-mediator.zopim.com/ https://www.google-analytics.com/ https://www.gstatic.com/ https://widgets.turnto.com/ https://suggest.dxpapi.com https://jstest.authorize.net https://ajax.cloudflare.com/ https://js-agent.newrelic.com https://bam.nr-data.net/ https://static.olark.com/ https://maps.googleapis.com/ https://js.authorize.net/ https://www.youtube.com/ https://s.ytimg.com/ https://static.scarabresearch.com/ https://www.google.com/ https://knrpc.olark.com/ https://api.olark.com/ https://www.googleapis.com/ https://bam-cell.nr-data.net/ https://plugin.credova.com/ https://static.cloudflareinsights.com/ *.crazyegg.com https://image.grabagun.com https://optimize.google.com blob: *.google-analytics.com *.analytics.google.com; 1
default-src 'self' blob: *;base-uri 'self';font-src 'self' data: https://tv4play.humany.net/ https://apps.mypurecloud.com/ https://chat.kindlycdn.com/;form-action 'self' *;frame-ancestors 'self' *;img-src 'self' data: *;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;script-src-attr 'none';style-src 'self' 'unsafe-inline' * 1
default-src 'self'; script-src 'self' https://*.staging.skyra.no/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://uxsignals-frontend.uxsignals.app.iterate.no *.hereapi.com *.api.here.com *.adobe.com *.boost.ai *.episerver.net *.sits.no https://*.vergic.com https://*.psplugin.com blob: https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://region1.google-analytics.com https://ajax.cloudflare.com https://chat.puzzel.com https://siteimproveanalytics.com 'unsafe-inline' 'unsafe-eval'; media-src https://chat.puzzel.com 'self'; style-src 'self' *.api.here.com https://tagmanager.google.com https://dl.episerver.net https://chat.puzzel.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.vergic.com https://*.psplugin.com 'unsafe-inline'; connect-src 'self' https://*.skyra.no blob: *.hereapi.com *.api.here.com *.skatteetaten.no *.sits.no https://*.boost.ai https://api.uxsignals.com https://chat.puzzel.com https://www.google-analytics.com https://region1.google-analytics.com https://*.psplugin.com https://*.vergic.com wss://*.psplugin.com wss://*.vergic.com wss:;form-action 'self';font-src https://*.psplugin.com *.api.here.com https://fonts.googleapis.com https://fonts.gstatic.com https://chat.puzzel.com https://static2.sharepointonline.com 'self'; img-src 'self' blob: data: www.google-analytics.com *.adobe.com *.api.here.com *.gstatic.com https://purecatamphetamine.github.io https://www.googletagmanager.com https://mts.googleapis.com https://dl.episerver.net *.global.siteimproveanalytics.io *.sits.no https://*.psplugin.com https://img.freepik.com/free-vector/businessman-character-avatar-isolated_24877-60111.jpg https://*.vergic.com data:; object-src 'self'; frame-ancestors 'self'; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https: kompensasjonsordning.no *.kompensasjonsordning.no 1
default-src *;frame-src * data: https://connect.trezor.io/* https://connect.trezor.io/;img-src * data:;script-src 'unsafe-eval' blob: 'unsafe-inline' *;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self' data: blob: http://*.iter.org https://*.iter.org; connect-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.iter.org https://*.iter.org http://p.jwpcdn.com http://*.gstatic.com https://*.gstatic.com https://cdnjs.cloudflare.com http://*.facebook.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.twimg.com http://*.linkedin.com https://*.linkedin.com http://*.google-analytics.com https://*.google-analytics.com https://*.googleapis.com http://*.google.com https://*.google.com https://*.google-analytics.com http://*.cloudflare.com https://*.dacast.com https://play.webvideocore.net https://s3.amazonaws.com https://*.reciteme.com https://*.googletagmanager.com https://*.youtube.com; object-src 'self' https://player.dacast.com https://*.akamaihd.net; style-src 'self' 'unsafe-inline' http://*.google.com https://*.google.com https://fonts.googleapis.com https://www.gstatic.com https://player.dacast.com https://*.microsoft.com https://*.reciteme.com https://*.dacast.com https://*.zencdn.net https://*.googleapis.com; img-src * data: blob:; frame-src 'self' http://*.iter.org https://*.iter.org http://*.youtube.com https://*.youtube.com https://*.google.com http://*.google.com http://*.googleapis.com https://*.googleapis.com http://*.facebook.com https://*.facebook.com https://play.webvideocore.net https://*.issuu.com https://*.reciteme.com https://*.mapme.com; media-src blob: 'self' http://*.iter.org https://*.iter.org https://*.akamaihd.net https://*.reciteme.com https://cdn.plyr.io; font-src 'self' data: blob: http://*.iter.org https://*.iter.org https://player.dacast.com https://*.sharepointonline.com https://*.microsoft.com https://fonts.gstatic.com https://*.reciteme.com; worker-src blob: 'self' http://*.iter.org https://*.iter.org 1
frame-ancestors https://*.kunstmatrix.com; 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://jf.x.com https://jf.twitter.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com ws://localhost:8008/v2/ipc https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com https://localhost.twitter.com:3443 https://localhost.x.com:3443; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://static.ads-twitter.com  'nonce-MTM2YjFlZDctMDM2Yi00YmU1LTlkMWUtMTVlYjkyODBiMjVk'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
frame-ancestors 'self' https://*.omni.manh.com 1
connect-src 'self' *.doubleclick.net *.google-analytics.com *.google.com *.googleadservices.com *.googlesyndication.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.youtube.com auto-dot-marketing-api-proxy-dot-fiber-marketing-staging.appspot.com greenhouse-dot-fiber-marketing-live.appspot.com greenhouse-reader-dot-fiber-marketing-live.appspot.com recaptcha-dot-fiber-marketing-live.appspot.com schedule-callback-api-dot-fiber-marketing-live.appspot.com; default-src 'self'; font-src 'self' data: *.gstatic.com; frame-src 'self' *.doubleclick.net *.google.com *.googlesyndication.com *.youtube.com gfiber.speedtestcustom.com secure.livechatinc.com; img-src 'self' data: *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com auto-dot-marketing-api-proxy-dot-fiber-marketing-staging.appspot.com greenhouse-reader-dot-fiber-marketing-live.appspot.com i.ytimg.com; media-src 'self' *.googleapis.com; object-src 'none'; report-uri https://csp.withgoogle.com/csp/fiber-marketing-live; script-src 'report-sample' 'self' *.doubleclick.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.youtube.com auto-dot-marketing-api-proxy-dot-fiber-marketing-staging.appspot.com 'sha256-+crVDHpwn4JCOR/hKFmvIV/09GkRrEdVaY181VoCKAw=' 'sha256-0u46H/ZCDitptxthZesday8sZUWJW0nIbKeBWi4DNBY=' 'sha256-3uJoBIYAyyT448EC/jrU3CQf5jcLlgxM+vrxY0ST1eY=' 'sha256-4S/F5107zkcPgSAedP8v1znv6rGNqPbv27XT3dkO+6o=' 'sha256-5T9tPlaWW3Ueu4CQtPMWuoQnm+VOzQ5zc9M3XwzY898=' 'sha256-6Nv9ozO3an4VH7CuuAzkQQcXVWkvpgireNoGFs9LjCo=' 'sha256-9izYA3MaWXZp6FXbhxaWkW0rB9q2ujAWlJqniIDBRKc=' 'sha256-AAjpQ9/A6E0Xycvf16MIcmUKX+2HXurKBWscU0iCvos=' 'sha256-CnUZc/1+7WxwF0sqUt01FuqcMesooAiiWCyZrkSikaQ=' 'sha256-csCzE6Oclj3Gx04nonK8e/Mniv2Mq7NGy+jzgrKBgQU=' 'sha256-DMVzafV2jcRK56BASGGT37bXDhDSU+mD8f7u7FcGVeA=' 'sha256-DUL9J9HfVS4bTE+hb8W7LyQhmq9yZNQyBRbDUNJ3n+U=' 'sha256-eBOY55jeJ1FnTjd2dnXuBS2faeY7bXTjRulqchuZv4U=' 'sha256-eIa86U4nWrdWiozQZ+Z1FOPLR/9emrz2/qcz5rDyY0o=' 'sha256-f1Zpf6yzPt5qdcllz/UBFnVaQCOnFucAngmZMO77hdQ=' 'sha256-GFLtBszHHM9+xGOSEV5S8vUFq6zKZwh96E/nnaaSbFM=' 'sha256-HSv6TjYgBnT8MBVYgy4omprHDLyaL95thQdPnGvzWI8=' 'sha256-iVssU7kSKNRnAFS7l0E7nOLxD7Ct+dbHbNi/fSwuIOE=' 'sha256-kveO7g/T72yOUPI8Z6e8UKLa/d5O/3VwdLwjziXKPVo=' 'sha256-Nb+QS77jINCcCEeiAIaBIz4Ig/dGlusmR7YVfCvDlM4=' 'sha256-ocn/WmpL721QG+tQcxXBarTDKegE1FSSALDFBywPIC4=' 'sha256-OeGGy7pRUDd0Ghb6+4HDEN2SdQ/j7OhxLndjF6N+x8w=' 'sha256-oUjRGyF1jVKJO735Z/tIa5PPFiu4lOUCbKmyAORN13w=' 'sha256-PjqsSf3f4egZkc+XOX26EwU4SrPU35qwyDzTeToEmZQ=' 'sha256-QneH55Pw/Dji6LopknCaVkCZUl6DzkmcJFTZhxhlgl8=' 'sha256-reC2x+RelxmSNoeHe20AJaSZClV7MC5YEEoTaVqFuu0=' 'sha256-Rpe0Hr+pdBBC25RPV4T3nBSSAUwMjckHcXSp15KWILg=' 'sha256-RYDYGex1p9VPu3EjGuc37Wm7oeBXn9NryJkx+z5gvEw=' 'sha256-UnJIWcy+TBibBDAJO3iiHpjJDfDBDSrHtRRE15Ky4ZQ=' 'sha256-WkTuvJQWg5txM/Vwx0YPVn0kZTMQf5g4pTqHjA0RdD0=' 'sha256-wMAXEQE12q+aJLCoQ5TKpd+P9nze2/JpiQ3M1CrPBzw=' 'sha256-X4q8iI51UmZEFLwZIjCjsdyzHm8MSsrDhWj614Cbo1g=' 'sha256-XJQ8d2QPP1o6zkBFuRFbC8b0eJDf7///CTSiPo1ufWE=' 'sha256-YnP56nFOilZ4tv9rWtfz4j7PNrQk0/D4Opn7kU1XDYY='; style-src 'report-sample' 'self' 'unsafe-inline' *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com gstatic.com; upgrade-insecure-requests 1
connect-src 'self' https://segment-api.ethoslife.com https://api.stage.ethoslife.com https://www.ethoslife.com https://api.ethoslife.com https://browser-intake-datadoghq.com https://io.ethoslife.com https://*.ethoslife.com wss://io.ethoslife.com https://www.getethos.com https://api.getethos.com https://io.getethos.com wss://io.getethos.com https://*.ar1d.net https://*.segment.io https://*.bing.com https://*.fullstory.com https://*.facebook.com https://*.facebook.net https://rp4.liadm.com https://*.googleapis.com https://*.gstatic.com https://google.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.google.ca https://*.doubleclick.net https://boards-api.greenhouse.io https://api.stripe.com https://*.launchdarkly.com https://*.adroll.com https://*.pinterest.com https://*.katch.com https://create.leadid.com https://create.lidstatic.com https://info.leadid.com https://d2m2wsoho8qq12.cloudfront.net https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://*.ar1d.net https://*.optimizely.com https://vc.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://rum-http-intake.logs.datadoghq.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com/ https://www.datadoghq-browser-agent.com/datadog-rum-v4.js https://api.userway.org https://cdn.userway.org https://app.leadsrx.com https://b-code.liadm.com https://rp.liadm.com https://analytics.tiktok.com https://hello.staticstuff.net https://win.staticstuff.net https://*.transcend.io https://late-glade-2372.tines.com https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com blob: https://*.transcend.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.stage.ethoslife.com https://acdn.adnxs.com https://*.ethoslife.com https://*.getethos.com https://*.netlify.com https://*.facebook.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.google.ca https://*.doubleclick.net https://*.segment.com https://*.bing.com https://*.fullstory.com https://fullstory.com https://*.taboola.com https://*.linkedin.com https://*.licdn.com https://js.stripe.com https://*.quora.com https://*.adroll.com https://*.pinimg.com https://aa.agkn.com https://create.leadid.com https://create.lidstatic.com https://info.leadid.com https://d2m2wsoho8qq12.cloudfront.net https://*.katch.com https://js.driftt.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://*.optimizely.com https://assets.customer.io http://tagmanager.google.com/debug http://www.googletagmanager.com https://cdn-assets-prod.s3.amazonaws.com/js/preview2/11355970984.js https://optimizely.s3.amazonaws.com/ https://*.hotjar.com https://www.datadoghq-browser-agent.com/datadog-rum-us.js https://www.datadoghq-browser-agent.com/datadog-rum-v4.js https://vt.myvisualiq.net https://px.airpr.com/airpr.js https://cdn.pbbl.co https://cdn.userway.org https://amplify.outbrain.com https://tr.outbrain.com https://*.segment.com https://*.segment.io https://app.leadsrx.com https://b-code.liadm.com https://rp.liadm.com https://analytics.tiktok.com https://d11tldh9zr4z08.cloudfront.net https://hello.staticstuff.net https://win.staticstuff.net https://cdn.riskid.security https://*.transcend.io/ https://www.youtube-nocookie.com/ https://unpkg.com/netlify-cms@%5E2.0.0/dist/netlify-cms.js https://media-library.cloudinary.com https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://websitevisitorleads.com; object-src 'self'; frame-src 'self' https://stage.ethoslife.com https://agents.stage.ethoslife.com https://agents.ethoslife.com https://quote-widget.ethoslife.com https://quote-widget.getethos.com https://*.facebook.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.google.ca https://*.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com/ https://js.stripe.com https://d2m2wsoho8qq12.cloudfront.net/ https://hooks.stripe.com https://ethslf.com https://player.vimeo.com https://fast.wistia.net https://www.quotelab.com https://t1.webbconnected.com https://www.emjcd.com https://cj.dotomi.com https://www.mailtrck.com https://www.trcknow.com https://pranwtr.com https://gztkr.mobi https://prformc.com https://www.authoritytrcker.com https://315track.com https://js.driftt.com https://share.intercom.io https://*.optimizely.com https://vars.hotjar.com https://cdn.pbbl.co https://cloudinary.com/ https://console.cloudinary.com/ https://cdn.userway.org https://www.xol82trk.com https://hackerone.com https://*.transcend.io https://ct.pinterest.com/ https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net; font-src 'self' data: https://*.gstatic.com https://js.intercomcdn.com https://script.hotjar.com; img-src 'self' data: http://www.google-analytics.com http://bat.bing.com https://res.cloudinary.com https://*.facebook.com https://*.facebook.net https://rp4.liadm.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.google.ca https://*.googleadservices.com https://*.google-analytics.com https://*.doubleclick.net https://*.bing.com https://*.yahoo.com https://*.googletagmanager.com https://*.taboola.com https://*.linkedin.com https://create.leadid.com https://data.adxcel-ec2.com https://*.pinterest.com https://*.adroll.com https://*.twitter.com https://*.reddit.com https://*.quora.com https://click.clktraker.com https://pinterest.adsymptotic.com https://*.bluekai.com https://*.rlcdn.com https://*.adnxs.com https://*.nextinsure.com https://*.digitru.st https://*.sharethrough.com https://*.quotelab.com https://*.shmktpl.com https://*.bizographics.com https://*.openx.net https://*.bidswitch.net https://pixel.advertising.com https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://sync.outbrain.com https://eb2.3lift.com https://fcmatch.youtube.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://track.customer.io/ https://*.segment.io https://*.hotjar.com https://t.myvisualiq.net https://tapestry.tapad.com https://loadus.exelator.com https://dpm.demdex.net https://dpx.airpr.com https://pixel.pointmediatracker.com/ https://cnv.event.prod.bidr.io https://px0.pbbl.co https://aa.agkn.com https://cdn.userway.org https://tr.outbrain.com https://pixel.videohub.tv https://rp.liadm.com https://analytics.tiktok.com https://data.adxcel-ec2.com https://i.ytimg.com/; media-src 'self' https://js.intercomcdn.com https://cdn.userway.org https://res.cloudinary.com; default-src 'self'; worker-src 'self' https://www.datadoghq-browser-agent.com/datadog-rum-v4.js; frame-ancestors https://agents.ethoslife.com; 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ 1
frame-ancestors 'self' https://material.dahuasecurity.com https://www.wisualarm.com https://innovationcentercis.dahuasecurity.com https://www.dahuasecurity.com https://software.dahuasecurity.com https://innovationcenteruk.dahuasecurity.com https://global-innovation-center.dahuasecurity.com https://backend.dahuasecurity.com http://www.dahuasecurity.com.ps https://dahuatech.s5.udesk.cn 1
object-src players.brightcove.net www.realpage.com s.realpage.com vjs.zencdn.net; frame-ancestors 'self' *.realpage.com *.seismic.com www.realpagelearning.com *.yieldstar.com *.mpfyieldstar.com www.on-site.com; report-to violation; 1
default-src 'self'; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' https://js.stripe.com https://*.braintreegateway.com https://client.crisp.chat/ https://api.github.com https://www.google.com/ https://www.gstatic.com/ https://www.googletagmanager.com https://www.google-analytics.com https://heapanalytics.com https://*.heapanalytics.com; img-src 'self' data: https://cdn.loom.com/ https://checkout.paypal.com https://*.braintreegateway.com https://*.crisp.chat/ heapanalytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://client.crisp.chat/; font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://client.crisp.chat/; media-src 'self' https://*.amazonaws.com; frame-src 'self' https://www.google.com/ https://js.stripe.com/ https://hooks.stripe.com/ https://client.crisp.chat/ https://www.youtube.com/ https://www.loom.com/ player.vimeo.com checkout.paypal.com; object-src 'self'; connect-src 'self' api.github.com https://www.google.com/ www.google-analytics.com heapanalytics.com https://avatar-cdn.atlassian.com wss://*.crisp.chat/ https://*.crisp.chat/ https://api.stripe.com; 1
report-uri https://o133414.ingest.us.sentry.io/api/4507454004789248/security/?sentry_key=227a1f1da0ce8dfdc74b1333e0e62a83; upgrade-insecure-requests 1
default-src 'none'; img-src 'self' https://piwik.dnsforge.de; style-src 'self'; script-src 'self' https://piwik.dnsforge.de; connect-src 'self'; font-src 'self'; base-uri 'none'; frame-ancestors 'none'; form-action 'self'; block-all-mixed-content 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: blob: 'unsafe-inline'; style-src 'self' data: blob: 'unsafe-inline' *.connatix.com; 1
frame-ancestors home.siberianhealth.com; 1
child-src 'self' *.vimeo.com *.vimeocdn.com www.youtube.com *.qualified.com; default-src 'self' 'unsafe-inline' vitals.vercel-insights.com wss://ws.qualified.com *.vimeo.com *.hotjar.com *.hotjar.io wss://*.hotjar.com; frame-src app.qualified.com player.vimeo.com vars.hotjar.com www.facebook.com t.sharethis.com *.qualified.com *.company-target.com https://challenges.cloudflare.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com www.youtube.com cdn.forms-content.sg-form.com boards.greenhouse.io job-boards.greenhouse.io https://a26988130118.cdn.optimizely.com https://a26988130118.cdn-pci.optimizely.com; worker-src 'self' blob:; connect-src 'self' vitals.vercel-insights.com *.qualified.com wss://*.qualified.com www.google-analytics.com analytics.google.com/g/collect *.vimeo.com vimeo.com *.ingest.sentry.io www.datocms-assets.com www.youtube.com legal.wiz.io *.algolia.net *.algolianet.com *.algolia.io *.company-target.com *.demandbase.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn.bizible.com bat.bing.com cdn.cookielaw.org tracking.g2crowd.com static.hotjar.com script.hotjar.com *.sharethis.com a.clarity.ms/collect *.onetrust.com *.clarity.ms j.6sc.co snap.licdn.com *.redditstatic.com static.ads-twitter.com ws.zoominfo.com connect.facebook.net tkr.techtarget.com epsilon.6sense.com ipv6.6sc.co c.6sc.co ib.adbnxs.com trk.techtarget.com ib.adnxs.com munchkin.marketo.net 120-tfk-810.mktoutil.com 120-tfk-810.mktoresp.com secure.adnxs.com www.facebook.com cdn.linkedin.oribi.io epsilon-cloudfront.6sense.com tags.clickagy.com *.doubleclick.net ws://localhost:3000 https://logx.optimizely.com https://*.optimizely.com tags.srv.stackadapt.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.hotjar.com data:; img-src 'self' data: https: http: *.hotjar.com tags.srv.stackadapt.com; media-src 'self' https: mediastream: *.qualified.com; object-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' va.vercel-scripts.com vitals.vercel-insights.com tagmanager.google.com www.googleadservices.com www.googletagmanager.com www.google-analytics.com js.qualified.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net *.hotjar.com *.demandbase.com *.quora.com https://challenges.cloudflare.com tags.srv.stackadapt.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com www.youtube.com cdn.forms-content.sg-form.com boards.greenhouse.io job-boards.greenhouse.io cdn.bizible.com bat.bing.com cdn.cookielaw.org tracking.g2crowd.com static.hotjar.com script.hotjar.com *.sharethis.com a.clarity.ms/collect *.onetrust.com *.clarity.ms j.6sc.co snap.licdn.com *.redditstatic.com static.ads-twitter.com ws.zoominfo.com connect.facebook.net tkr.techtarget.com epsilon.6sense.com ipv6.6sc.co c.6sc.co ib.adbnxs.com trk.techtarget.com ib.adnxs.com munchkin.marketo.net 120-tfk-810.mktoutil.com 120-tfk-810.mktoresp.com secure.adnxs.com www.facebook.com cdn.linkedin.oribi.io epsilon-cloudfront.6sense.com tags.clickagy.com *.doubleclick.net https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.vimeocdn.com *.qualified.com *.hotjar.com tags.srv.stackadapt.com; form-action 'self' www.facebook.com; frame-ancestors 'self' https://partners.wiz.io; 1
frame-ancestors 'self' www.google.com www.izzi.mx www.wizz.mx www.wizzplus.mx www.izziflex.mx www.izzimovil.mx paypal.com u.mitec.com.mx web.izzidigital.mx script.crazyegg.com wizz.mx wizzplus.mx izzi.mx 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://7295740.collect.igodigital.com https://*.doubleclick.net https://api.addressfinder.io https://api.lo.ranqx.com https://calculators.gbst.com https://connect.facebook.net https://maps.googleapis.com https://media.kiwibank.co.nz https://*.googlesyndication.com https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googletagservices.com https://www.youtube.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.googletagmanager.com https://youtube.com https://www.youtube.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://media.kiwibank.co.nz;connect-src 'self' https://*.optimizely.com https://public-web-deployment.kb.ap-southeast-2.aws.found.io https://analytics.google.com https://api.kiwibank.co.nz https://api.lo.ranqx.com https://*.doubleclick.net https://maps.googleapis.com https://rates.kiwibank.co.nz https://public-web-deployment.ent.ap-southeast-2.aws.found.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.linkedin.com https://api.addressfinder.io; font-src 'self' https://fonts.gstatic.com https://media.kiwibank.co.nz https://fonts.googleapis.com;frame-src https://*.doubleclick.net https://cloud.communication.kiwibank.co.nz https://kiwibank.prod.digital.gbst.com https://www.youtube.com https://youtube.com https://a25750620975.cdn.optimizely.com https://a25750620975.cdn-pci.optimizely.com;img-src 'self' data: https://*.doubleclick.net https://i.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://media.kiwibank.co.nz https://nova.collect.igodigital.com https://*.linkedin.com https://www.facebook.com https://*.google-analytics.com https://www.google.co.nz https://*.googletagmanager.com https://app.optimizely.com https://cdn.optimizely.com https://www.google.com https://*.googlesyndication.com https://*.2mdn.net https://www.google.com.au; frame-ancestors 'self' https://app.optimizely.com; object-src 'self' data: ; 1
frame-ancestors 'self' *.inforcloudsuite.com 1
base-uri 'self';object-src 'none';style-src 'self' https://fonts.googleapis.com go.kollective.com pages.riverbed.com 'unsafe-inline' data:;frame-ancestors 'self';worker-src blob: ; 1
block-all-mixed-content;frame-ancestors 'none';upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.etracker.com https://*.it-nr.de https://*.itk-rheinland.de https://*.duesseldorf.de 1
script-src https: 'self' 'unsafe-eval' 'unsafe-inline' *.hudexchange.info *.cloudflare.com *.jquery.com *.googleapis.com *.gstatic.com www.googletagmanager.com www.google-analytics.com *.chimpstatic.com 1
default-src 'self' ; connect-src 'self' https://*.twimg.com https://*.twitter.com https://*.x.com https://api.meetup.com https://s1259914507.t.eloqua.com; font-src 'self' https://*.twimg.com https://*.twitter.com https://*.x.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.cms-twdigitalassets.com data:; frame-src 'self' https://twitter.com https://x.com https://*.twitter.com https://*.x.com https://www.gstatic.com https://www.google.com https://docs.google.com https://www.youtube.com https://glitch.com https://trello.com https://iframe.arkoselabs.com; img-src 'self' https://*.twimg.com https://*.twitter.com https://*.x.com https://twitter.com https://x.com https://*.google-analytics.com https://*.analytics.google.com https://cdn.cms-twdigitalassets.com https://*.g.doubleclick.net https://www.google.com/pagead/1p-user-list/780419404/ https://maps.googleapis.com https://s1259914507.t.eloqua.com https://px.ads.linkedin.com https://p.adsymptotic.com/d/px https://maps.gstatic.com https://udc-neb.kampyle.com/ https://t.co data:; media-src 'self' https://*.twimg.com https://*.twitter.com https://*.x.com https://cdn.cms-twdigitalassets.com; object-src 'self' ; script-src 'self' 'sha256-9G5TwxImuKFNB+uY9x5+mjMfXDSza+S1DEsjxK1xeWw=' https://*.twimg.com https://*.twitter.com https://*.x.com https://www.gstatic.com https://www.google.com https://api.meetup.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://cdn.cms-twdigitalassets.com; style-src 'self' 'unsafe-inline' https://*.twimg.com https://*.twitter.com https://*.x.com https://fonts.googleapis.com https://cdn.cms-twdigitalassets.com; report-uri https://twitter.com/i/csp_report https://x.com/i/csp_report; frame-ancestors 'self' 1
frame-ancestors 'self' https://victorinox.frontastic.io ; default-src 'self' ; media-src 'self' data: *.victorinox.com *.swissarmy.com *.wenger.ch static.zdassets.com ; frame-src 'self' https: ; worker-src 'self' blob: ; child-src 'self' blob: *.victorinox.com *.swissarmy.com *.wenger.ch *.tangiblee.com *.photorank.me *.pinterest.com https://web.facebook.com https://fbsbx.com https://*.google.com https://www.youtube.com https://www.facebook.com https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://emersya.com/ https://www.pinterest.com https://www.pinterest.co.uk https://www.pinterest.ch https://www.pinterest.de https://www.pinterest.fr https://www.pinterest.it https://www.pinterest.at https://www.pinterest.se https://www.pinterest.ru https://www.pinterest.ie https://secure.img-cdn.mediaplex.com *.fls.doubleclick.net *.doubleclick.net vars.hotjar.com victorinox-fr-affiliate-programme.sjv.io player.vimeo.com assets.bounceexchange.com ; img-src 'self' data: https: https://api.qrserver.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.victorinox.com *.swissarmy.com *.wenger.ch *.paypalobjects.com *.cloudfront.net *.cdn4.forter.com *.baidu.com *.onetrust.com *.getback.ch *.taboola.com *.yahoo.co.jp *.bazaarvoice.com *.cdn77.org *.zoovu.com *.tangiblee.com *.contentsquare.com *.zopim.com *.bdimg.com maps.google.com load.sumome.com load.sumo.com https://*.googletagmanager.com https://*.google-analytics.com www.googleadservices.com www.sc.pages03.net static.hotjar.com tag.wknd.ai assets.bounceexchange.com api.bounceexchange.com dev.bounceexchange.com tag.bounceexchange.com dash-staging.bounceexchange.com bat.bing.com snap.licdn.com t.contentsquare.net contentsquare.com static.ads-twitter.com analytics.tiktok.com analytics.twitter.com platform.twitter.com script.hotjar.com googleads.g.doubleclick.net s.yimg.jp px.adhigh.net assets.zendesk.com intljs.rmtag.com static.zdassets.com ut.rd.linksynergy.com br-victorinox.netmng.com tags.srv.stackadapt.com d.impactradius-event.com s.pinimg.com cdn.tangiblee.com cscoreproweustor.blob.core.windows.net js.monitor.azure.com api.channelsight.com cdn.channelsight.com *.klaviyo.com emersya.com cdn.emersya.com cdn.brcdn.com f.monetate.net se.monetate.net cdn.cookielaw.org cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com photorankstatics-a.akamaihd.net https://*.google.com www.paypal.com www.gstatic.com www.gstatic.cn www.dwin1.com connect.facebook.net openpay.s3.amazonaws.com swissarmy.cardconnect.com:* vx.local:* *.clarity.ms *.openpay.mx *.googlesyndication.com https://www.recaptcha.net https://services.postcodeanywhere.co.uk *.sprinklr.com https://rum-static.pingdom.net https://rum-collector-2.pingdom.net *.teads.tv www.googleoptimize.com https://eubroken.mysingleromance.com https://dem.mysingleromance.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.nxtck.com *.leadsrx.com *.dash-staging.bounceexchange.com *.dash.bounceexchange.com https://checkoutshopper-test.adyen.com https://live.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://contest.victorinox.com https://view.juneapp.com https://unpkg.com *.google-analytics.com *.netlify.app https://emea02-nonprod.cluster.observability.cloud.sap:9999 *.youtube.com https://emea01.cluster.observability.cloud.sap:9999 https://victorinox-swiss-army.locally.com; font-src 'self' data: *.victorinox.com *.swissarmy.com *.wenger.ch *.hotjar.com *.cdn77.org *.cloudfront.net *.tangiblee.com olapic-data.s3.amazonaws.com photorankstatics-a.akamaihd.net fonts.gstatic.com emersya.com cdn.emersya.com fast.fonts.net cdnjs.cloudflare.com cdn.megabonus.com static3.avast.com cdn.honey.io netdna.bootstrapcdn.com assets.bounceexchange.com *.sprinklr.com *.channelsight.com; form-action 'self' https: ; connect-src 'self' ws: wss: *.victorinox.com *.swissarmy.com *.wenger.ch *.forter.com *.klaviyo.com *.amazonaws.com *.onetrust.com *.paypal.com *.paypalobjects.com *.openpay.mx *.taboola.com *.victorinox.com *.tangiblee.com *.contentsquare.net *.bazaarvoice.com *.getback.ch *.hotjar.com *.zoovu.com *.facebook.com https://*.google.com *.instagram.com sumo.com api.openweathermap.org https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com emersya.com cdn.emersya.com ws.emersya.com cdn.cookielaw.org d2o5idwacg3gyw.cloudfront.net photorankstatics-a.akamaihd.net photorankapi-a.akamaihd.net https://*.g.doubleclick.net analytics.tiktok.com ekr.zdassets.com swissarmy.zendesk.com widget-mediator.zopim.com bat.bing.com px.adhigh.net hm.baidu.com tags.srv.stackadapt.com ct.pinterest.com api.channelsight.com dc.services.visualstudio.com vc.hotjar.io victorinox-fr-affiliate-programme.sjv.io events.bouncex.net coupons.bounceexchange.com *.cdnwidget.com *.cdnbasket.net maps.googleapis.com *.clarity.ms https://services.postcodeanywhere.co.uk https://api.addressy.com *.sprinklr.com https://rum-static.pingdom.net https://rum-collector-2.pingdom.net *.teads.tv https://dem.mysingleromance.com cdn.linkedin.oribi.io https://*.csftr.com *.googlesyndication.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.nxtck.com *.leadsrx.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://live.adyen.com *.frontastic.rocks *.frontastic.live *.frontastic.io *.linkedin.com *.cloudflare.com *.adyen.com https://emea02-nonprod.cluster.observability.cloud.sap:9999 *.youtube.com *.youku.com https://emea01.cluster.observability.cloud.sap:9999; style-src 'self' 'unsafe-inline' *.victorinox.com *.swissarmy.com *.wenger.ch *.cdn77.org *.tangiblee.com assets-static.victorinox.com *.klaviyo.com photorankstatics-a.akamaihd.net fonts.googleapis.com emersya.com cdn.emersya.com api.map.baidu.com fast.fonts.net static.getback.ch cdnjs.cloudflare.com tags.srv.stackadapt.com cdn.channelsight.com tiger-cdn.zoovu.com translate.googleapis.com assets.bounceexchange.com https://services.postcodeanywhere.co.uk *.sprinklr.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://live.adyen.com; report-to csp-endpoint; 1
default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data: *.tchncs.de 1
default-src 'self'; connect-src *; font-src *; img-src data: blob: *; script-src 'unsafe-eval' 'unsafe-inline' *; style-src 'unsafe-inline' try.abtasty.com 'self'; frame-src *; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.asb.co.nz https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.co.nz https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com https://*.twitter.com https://*.youtube-nocookie.com https://*.youtube.com https://asbbankltd.tt.omtrdc.net https://d3f5l8ze0o4j2m.cloudfront.net https://quoteapi.com https://dpm.demdex.net https://asb.demdex.net https://*.pingdom.net https://nebula-cdn.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com wss://*.decibelinsight.net wss://*.decibelinsight.com https://staticcdn.co.nz https://*.staticcdn.co.nz https://asb.sc.omtrdc.net https://assets.adobedtm.com https://*.analytics.google.com https://*.asbbank.co.nz; worker-src 'self' blob:; 1
upgrade-insecure-requests; default-src 'self' *.rchsd.org *.mapbox.com *.googleapis.com https://www.google-analytics.com *.selfcare.info *.appcatalyst.com https://perfalytics.com https://api.perfalytics.com; child-src 'self' blob: data: *.rchsd.org; font-src 'self' https://fonts.gstatic.com data: *.rchsd.org *.mapbox.com *.selfcare.info *.appcatalyst.com; form-action 'self'; frame-src 'self' *.kidshealth.org *.youtube.com *.youtu.be *.vimeo.com *.vimeocdn.com www.youtube-nocookie.com *.freshpaint-hipaa-videos.com *.google.com *.googleapis.com *.mapbox.com *.selfcare.info *.appcatalyst.com; img-src 'self' 'unsafe-inline' blob: data: *.rchsd.org kidshealth.org *.kidshealth.org www.kidshealth.org *.youtube.com *.youtu.be *.vimeo.com *.vimeocdn.com *.freshpaint-hipaa-videos.com *.google.com *.googleapis.com *.gstatic.com *.mapbox.com *.selfcare.info *.appcatalyst.com; media-src 'self' *.kidshealth.org *.youtube.com *.youtu.be *.vimeo.com *.vimeocdn.com *.freshpaint-hipaa-videos.com *.mapbox.com *.selfcare.info *.appcatalyst.com; object-src 'self' blob: data: *.kidshealth.org *.mapbox.com *.selfcare.info *.appcatalyst.com; style-src 'self' 'unsafe-inline' data: *.rchsd.org *.kidshealth.org *.google.com *.googleapis.com fonts.gstatic.com *.mapbox.com *.selfcare.info *.appcatalyst.com; style-src-attr 'self' 'unsafe-inline' data: *.rchsd.org *.kidshealth.org *.google.com *.googleapis.com fonts.gstatic.com *.mapbox.com *.selfcare.info *.appcatalyst.com; style-src-elem 'self' 'unsafe-inline' data: *.rchsd.org *.kidshealth.org *.google.com *.googleapis.com fonts.gstatic.com *.mapbox.com *.selfcare.info *.appcatalyst.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com cse.google.com *.googleapis.com https://www.google.com https://www.googletagservices.com *.mapbox.com *.selfcare.info *.appcatalyst.com https://perfalytics.com https://api.perfalytics.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.rchsd.org data: *.rchsd.org kidshealth.org *.kidshealth.org *.googletagmanager.com *.googleapis.com *.mapbox.com *.selfcare.info *.appcatalyst.com https://perfalytics.com https://api.perfalytics.com; 1
upgrade-insecure-requests;connect-src 'self' *.adroll.com *.clarity.ms *.doubleclick.net *.equinox.com *.google.com *.googlesyndication.com *.mapbox.com *.onetrust.com *.snapchat.com *.splashthat.com *.visualwebsiteoptimizer.com *.mosopay.com analytics.google.com analytics.tiktok.com api.ipify.org api.ipstack.com bat.bing.com cdn.cookielaw.org cdn.linkedin.oribi.io dpm.demdex.net equinox.attn.tv equinox-elastic-monitoring.apm.us-east-1.aws.found.io equinox-production.apm.us-east-1.aws.found.io equinoxfitnessclubs.tt.omtrdc.net events.attentivemobile.com google.com ipv4.icanhazip.com maps.googleapis.com sdk.iad-03.braze.com us-central1-adaptive-growth.cloudfunctions.net www.facebook.com www.google.co.in www.google.co.uk www.google.com.ph www.google-analytics.com www.googletagmanager.com;default-src 'self';font-src 'self' data: assets.cdn-equinox.com use.fontawesome.com;form-action 'self' *.equinox.com equinox-spa.com www.facebook.com;frame-ancestors 'self' *.salesforce.com;frame-src 'self' *.adsrvr.org *.doubleclick.net *.onetrust.com *.salesforce.com *.snapchat.com equinox.demdex.net open.spotify.com s.tiled.co www.facebook.com;img-src 'self' data: *.adroll.com *.adsrvr.org *.bing.com *.clarity.ms *.ctfassets.net *.doubleclick.net *.equinox.com *.liadm.com *.linkedin.com *.pubmatic.com *.visualwebsiteoptimizer.com ads.resetsrv.com ads.scorecardresearch.com assets.cdn-equinox.com beacon.krxd.net braze-images.com cdn.cookielaw.org cm.everesttech.net connect.facebook.net cw.addthis.com data02.digiseg.net dis.criteo.com dpm.demdex.net dsum-sec.casalemedia.com eb2.3lift.com eqxwebdev.112.2o7.net fei.pro-market.net he.lijit.com ib.adnxs.com idsync.rlcdn.com image2.pubmatic.com maps.googleapis.com maps.gstatic.com media.cdn-equinox.com meta.resetdigital.co pippio.com pixel.rubiconproject.com px.steelhousemedia.com s.thebrighttag.com secure.adnxs.com segments.company-target.com sync.outbrain.com sync.resetdigital.co sync.taboola.com sync2.resetdigital.co tags.bluekai.com trkn.us ups.analytics.yahoo.com us-u.openx.net usermatch.krxd.net www.facebook.com www.google.co.in www.google.co.uk www.google.com www.google.com.ph www.google-analytics.com www.googletagmanager.com x.bidswitch.net;media-src 'self' data: videos.ctfassets.net;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adroll.com *.doubleclick.net *.mapbox.com *.mountain.com *.salesforce.com *.salesforceliveagent.com *.snapchat.com *.visualwebsiteoptimizer.com a1.adform.net acdn.adnxs.com analytics.tiktok.com assets.adobedtm.com bat.bing.com cdn.attn.tv cdn.cookielaw.org cdn.pdst.fm connect.facebook.net js.adsrvr.org maps.googleapis.com meta.resetdigital.co sc-static.net secure.adnxs.com snap.licdn.com s2.adform.net www.clarity.ms www.google-analytics.com www.googleadservices.com www.googletagmanager.com;style-src 'self' 'unsafe-inline' *.mapbox.com *.salesforce.com service.force.com use.fontawesome.com;worker-src 'self' blob:;base-uri 'self';object-src 'none';script-src-attr 'none' 1
base-uri 'none';connect-src 'self' *.swiftype.com https://assets.westpac.co.nz https://westpacnewzealand.tt.omtrdc.net http://westpacnewzealand.tt.omtrdc.net https://smetrics.comms.westpac.co.nz https://westpacnewzealand.sc.omtrdc.net https://dpm.demdex.net https://connect.facebook.net https://www.facebook.com https://www.instagram.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com https://www.google.co.nz/ads/ga-audiences https://google.com https://*.google.com https://adservice.google.com https://www.google.com https://*.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://*.qualtrics.com https://analytics.tiktok.com https://*.dynatrace.com https://*.bf.dynatrace.com https://*.linkedin.oribi.io https://*.linkedin.com *.google.com https://*.gstatic.com https://googleads.g.doubleclick.net https://*.googlesyndication.com;default-src 'self';form-action 'self' https://*.westpac.co.nz https://*.microsoftonline.com/ https://www.facebook.com/tr/;img-src 'self' *.ytimg.com https://staticcdn.co.nz https://api.rkd.refinitiv.com https://smetrics.comms.westpac.co.nz https://westpacnewzealand.sc.omtrdc.net https://cm.everesttech.net https://dpm.demdex.net https://connect.facebook.net https://www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https: https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com data: https://analytics.tiktok.com blob:;media-src 'self' data:;object-src 'none';font-src 'self' https://fonts.gstatic.com data:;upgrade-insecure-requests;style-src 'self' 'unsafe-inline' https://www.gstatic.com https://tagmanager.google.com https://fonts.googleapis.com;script-src www.youtube.com s.ytimg.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ player.vimeo.com api.swiftype.com https://staticcdn.co.nz https://assets.adobedtm.com https://js.adsrvr.org https://insight.adsrvr.org https://*.adsrvr.org https://*.westpac.co.nz https://code.jquery.com https://connect.facebook.net https://www.facebook.com https://*.google-analytics.com https://www.googletagmanager.com 'unsafe-eval' https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://*.qualtrics.com https://analytics.tiktok.com https://*.licdn.com 'unsafe-inline' https://maps.googleapis.com;frame-src *.youtube.com www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ player.vimeo.com https://staticcdn.co.nz https://insight.adsrvr.org https://*.adsrvr.org https://wnzl.demdex.net https://*.westpac.co.nz https://www.facebook.com https://*.doubleclick.net https://stats.g.doubleclick.net https://www.googletagmanager.com https://bid.g.doubleclick.net bytedance: sslocal: 'self';child-src player.vimeo.com 'self';script-src-elem https://staticcdn.co.nz https://assets.adobedtm.com https://js.adsrvr.org https://insight.adsrvr.org https://*.adsrvr.org https://*.westpac.co.nz https://smetrics.comms.westpac.co.nz http://smetrics.comms.westpac.co.nz https://code.jquery.com https://connect.facebook.net https://www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.qualtrics.com https://analytics.tiktok.com https://*.dynatrace.com https://*.licdn.com https://www.googleadservices.com *.google.com https://*.gstatic.com https://googleads.g.doubleclick.net https://*.googlesyndication.com 'self' 'unsafe-inline' https://maps.googleapis.com https://gateway.zscalerthree.net https://*.zscalerthree.net;worker-src 'self' player.vimeo.com blob:;report-uri https://f57dec9bb841167d21b72acf82b7adf4.report-uri.com/r/t/csp/enforce;report-to https://f57dec9bb841167d21b72acf82b7adf4.report-uri.com/r/t/csp/enforce 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; object-src 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' *.googletagmanager.com *.tidio.co *.doubleclick.net *.tidiochat.com *.cloudflare.com *.alicdn.com *.cloudflareinsights.com 'unsafe-inline'; upgrade-insecure-requests; 1
default-src 'self' *.dpm.demdex.net/id https://www.search.gov.sg https://search.gov.sg; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com *.monsido.com https://snap.licdn.com/ https://schemas.microsoft.com/ https://assets.adobedtm.com/ https://www.youtube.com/s/player/ *.google-analytics.com https://www.youtube.com/iframe_api https://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com https://www.onemap.gov.sg https://www.onemap.gov.sg/* https://assets.wogaa.sg https://www.googletagmanager.com/gtag/ https://cdn.jsdelivr.net/npm/@glidejs/glide https://code.jquery.com https://player.vimeo.com https://cdnjs.cloudflare.com https://www.googletagmanager.com/ https://r.turn.com/server/beacon_call.js https://googleads.g.doubleclick.net/ blob: https://api.search.gov.sg https://www.search.gov.sg https://www.google.com https://www.gstatic.com https://client.aga.chatbot.i2r.a-star.edu.sg https://loader.aga.chatbot.i2r.a-star.edu.sg/chatbot.min.js https://loader.aga.chatbot.i2r.a-star.edu.sg https://loader.aga.chatbot.i2r.a-star.edu.sg/chatbot.js 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://assets.wogaa.sg/fonts/LibreFranklin/stylesheet.css https://assets.wogaa.sg/fonts/stylesheet/3.0.0-656/production/sentiments.css https://assets.wogaa.sg/fonts/stylesheet/3.0.0-647/production/sentiments.css https://assets.wogaa.sg/fonts/stylesheet/3.0.0-651/production/sentiments.css https://assets.wogaa.sg/fonts/stylesheet/3.0.0-657/production/sentiments.css https://assets.wogaa.sg/ https://www.search.gov.sg https://loader.aga.chatbot.i2r.a-star.edu.sg/chatbot.css 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://tracking.monsido.com/ https://www.a-star.edu.sg/ https://www-a-star-edu-sg-admin.cwp-stg.sg/ https://www-a-star-edu-sg-admin.cwp.sg/ https://www-a-star-upgrade-edu-sg-admin.cwp.sg/ https://www-a-star-upgrade-edu-sg.cwp.sg/ https://via.placeholder.com/ https://www.gis.a-star.edu.sg/ https://jglaborg.files.wordpress.com/ https://chewlab.github.io/ https://i.ytimg.com/ https://dpm.demdex.net/ https://www.a-star.edu.sg.lb.cwp.sg/ https://www.a-star.edu.sg.lb.cwp.sg/images/ https://assets.search.gov.sg *.eloqua.com https://px.ads.linkedin.com https://wogadobeanalytics.sc.omtrdc.net https://www.googletagmanager.com https://cm.everesttech.net/cm/dd https://p.adsymptotic.com/d https://r.turn.com/r/beacon https://www.google.com/ https://www.google.com.sg/ https://www.google.co.id/ https://t984-p547-blue-admin.prd.cwp2.sg/ https://loader.aga.chatbot.i2r.a-star.edu.sg/assets/svg/launcher_button.svg https://loader.aga.chatbot.i2r.a-star.edu.sg/assets/svg/launcher_close_button.svg https://loader.aga.chatbot.i2r.a-star.edu.sg/assets/svg/expand.svg https://loader.aga.chatbot.i2r.a-star.edu.sg/assets/svg/compress.svg https://loader.aga.chatbot.i2r.a-star.edu.sg/assets/svg/close.svg 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://fonts.googleapis.com/ https://assets.wogaa.sg/fonts/ https://www.search.gov.sg; frame-src https://drive.google.com/ https://www.youtube.com/ https://www.facebook.com/ https://w.soundcloud.com/ https://form.gov.sg/ https://www.onemap.sg/ https://padlet.com/ https://player.vimeo.com/ https://www.google.com/ https://www.theasys.io/ https://www.xendsys.com/ https://www.youtube-nocookie.com/ https://maps.google.com/ https://a-star.us17.list-manage.com/ https://4d.silvrcraft.com/ https://www.onemap.gov.sg/ https://platform.twitter.com/ https://wogaa.demdex.net/ https://www.a-star.edu.sg/ https://www.linkedin.com/ https://safe.menlosecurity.com/ https://www-a-star-edu-sg.cwp.sg/ https://www-a-star-edu-sg-admin.cwp.sg/ https://youtu.be/ https://www.canva.com/ https://sandboxj.solstice.sg/astar_debug/ https://play.solstice.sg/astar/ https://td.doubleclick.net/ https://www.search.gov.sg https://www.google.com https://search.gov.sg https://client.aga.chatbot.i2r.a-star.edu.sg 'self' web-chat.nativechat.com; connect-src accounts.google.com *.mktoresp.com https://www.google-analytics.com/j/collect https://www.google-analytics.com/g/collect https://stats.g.doubleclick.net/j/collect https://dpm.demdex.net/id https://snowplow-web.wogaa.sg/sg.wogaa/cs1 https://heatmaps.monsido.com https://miniq.xyz https://tracking.monsido.com/* https://analytics.google.com/g/collect https://cdn.linkedin.oribi.io/ https://stats.g.doubleclick.net https://snap.licdn.com/ www.googleadservices.com px.ads.linkedin.com https://api.search.gov.sg https://assets.search.gov.sg https://loader.aga.chatbot.i2r.a-star.edu.sg/config.json https://loader.aga.chatbot.i2r.a-star.edu.sg/wrapper.html https://client.aga.chatbot.i2r.a-star.edu.sg/getLoaderConfig 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com 'self' web-chat.nativechat.com; frame-ancestors https://safe.menlosecurity.com/ https://www-a-star-edu-sg-admin.cwp.sg/ https://www.a-star.edu.sg/ 'self'; object-src 'none' 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' *; 1
frame-ancestors 'self' api.bugguide.net trends.ent.iastate.edu www.ent.iastate.edu www.ppem.iastate.edu 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://analytics.google.com https://connect.facebook.net;script-src-elem 'self' 'unsafe-inline' https://a.magsrv.com https://www.googletagmanager.com https://analytics.google.com https://static.cloudflareinsights.com https://static.hotjar.com https://cdn.amplitude.com https://script.hotjar.com https://connect.facebook.net https://nethunt.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' https://img.telemetr.io http://s3t3d2y8.afcdn.net data: https:;media-src 'self' 'unsafe-inline' https://*.tlmtr.cc;connect-src 'self' http://s.pemsrv.com https://s.magsrv.com https://gw-prod.telemetr.io https://graphql.new.telemetr.io wss://graphql.new.telemetr.io https://export-api.telemetr.io https://www.googletagmanager.com https://analytics.google.com https://stats.g.doubleclick.net https://static.hotjar.com https://cdn.amplitude.com https://api2.amplitude.com https://www.google-analytics.com wss://ws.hotjar.com https://content.hotjar.io https://www.facebook.com https://img-dev.telemetr.io https://nethunt.com;font-src 'self' https://fonts.gstatic.com/;frame-src https://a.adtng.com https://docs.google.com https://drive.google.com;object-src 'none'; 1
frame-ancestors 'none'; object-src 'none'; 1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' blob: https:; style-src 'unsafe-inline' https:; font-src https: data:; media-src http: https:; img-src http: https: data: 1
default-src 'self' https://api.observablehq.com https://events.observablehq.com https://static.observablehq.com https://observablehq.com https://*.static.observableusercontent.com; connect-src 'self' https://api.observablehq.com https://events.observablehq.com https://static.observablehq.com wss://ws.observablehq.com https://connector.observableusercontent.com https://js.stripe.com https://*.ingest.sentry.io https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net/j/collect https://www.googleapis.com https://*.googletagmanager.com https://graph.microsoft.com https://*.clarity.ms https://api.openai.com https://*.contentful.com https://sdk.iad-05.braze.com https://*.ads.linkedin.com https://cdn.linkedin.oribi.io https://www.redditstatic.com https://pixel-config.reddit.com; font-src https://fonts.gstatic.com https://use.fontawesome.com; frame-ancestors 'none'; frame-src https://observablehq.com https://observablehq.com/embed/ https://*.static.observableusercontent.com https://js.stripe.com https://www.youtube.com/embed/ https://docs.google.com https://challenges.cloudflare.com data: blob:; img-src https://api.observablehq.com https://*.static.observableusercontent.com https://static.observablehq.com https://observablehq.com https://*.githubusercontent.com https://*.stripe.com https://avatars.observableusercontent.com https://avatars-next.observableusercontent.com https://*.google-analytics.com https://www.google.com/ads/ga-audiences https://*.googletagmanager.com https://*.ads.linkedin.com https://*.clarity.ms https://*.bing.com static.observableusercontent.com https://images.ctfassets.net https://alb.reddit.com https://appboy-images.com https://braze-images.com https://cdn.braze.eu https://*.amazonaws.com data: blob:; manifest-src 'none'; media-src https://static.observablehq.com https://videos.ctfassets.net; object-src 'none'; script-src 'self' 'sha256-ERfeEwC9NC9b9t4L2Qp3/yGGgUmFfGH8pIR8kI04FUM=' 'sha256-UJ7XRVoD2oZRK3RRMLdPrdHA+LguX3UEXAZ6hVbuYIk=' 'sha256-E8fjaxUWJTzw+p0U0obCJnciUlgSrzubZcmiKi7SR6c=' 'sha256-g7o+8EOFBiI0+GgtiBaQ0yy0tWJ7XM5PfA6GFm61bw8=' https://static.observablehq.com https://www.googleapis.com https://apis.google.com https://*.googletagmanager.com https://js.stripe.com https://*.clarity.ms https://snap.licdn.com https://js.appboycdn.com https://www.redditstatic.com https://challenges.cloudflare.com; style-src https://static.observablehq.com https://observablehq.com https://fonts.googleapis.com https://use.fontawesome.com 'unsafe-inline'; worker-src https://observablehq.com 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://over.eo.nl; worker-src blob: https://*.eo.nl; media-src blob: https://*.eo.nl https: https://*.cdn.streamgate.nl 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: data: blob: wss:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src https:; frame-ancestors 'self'; frame-src https:; worker-src https: blob:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' data: blob:; manifest-src https:; form-action https:; block-all-mixed-content; upgrade-insecure-requests; report-uri https://classaction.report-uri.io/r/default/csp/enforce; 1
default-src 'self' *.unionbankph.com *.azurewebsites.net *.finchatbot.com/;                  style-src 'self' 'unsafe-inline' *.unionbankph.com *.azurewebsites.net maxcdn.bootstrapcdn.com *.googleapis.com *.bootstrapcdn.com *.cloudflare.com;                  font-src 'self' maxcdn.bootstrapcdn.com *.gstatic.com *.yellowmessenger.com;                  script-src https://*.go-mpulse.net 'self' 'unsafe-eval' 'unsafe-inline' *.jsdelivr.net *.google.com *.facebook.net *.gstatic.com *.googletagmanager.com *.google-analytics.com *.msecnd.net *.addthis.com *.qgraph.io *.googleapis.com *.yellowmessenger.com *.youtube.com *.appsflyer.com *.criteo.com;                  frame-src 'self' blob: data: *.gstatic.com *.googleapis.com *.google.com *.youtube.com *.facebook.com *.yellowmessenger.com *.finchatbot.com/;                  connect-src https://*.go-mpulse.net https://*.akstat.io 'self' *.visualstudio.com *.google-analytics.com wss://app.yellowmessenger.com/ wss://app.yellowmessenger.com/websocket/ *.yellowmessenger.com analytics.google.com/ *.googletagmanager.com *.facebook.com *.criteo.com;                  img-src https://*.akstat.io 'self' *.unionbankph.com *.amazonaws.com *.facebook.com *.theunionbanker.com *.googleapis.com *.gstatic.com *.google-analytics.com *.githubusercontent.com data: *.yellowmessenger.com *.ytimg.com;                 media-src *.yellowmessenger.com; 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.hotjar.com *.hotjar.io code.jquery.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com rawgit.com *.googleapis.com tpc.googlesyndication.com www.youtube.com ad-log.dable.io pixel.mathtag.com td.doubleclick.net www.facebook.com www.google.com pagead2.googlesyndication.com 12327270.fls.doubleclick.net px.ads.linkedin.com www.google.com www.gstatic.com analytics.google.com analytics.tiktok.com www.google-analytics.com bat.bing.com www.facebook.com api.dable.io bat.bing.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net pixel.mathtag.com s.yimg.com snap.licdn.com sp-api.dable.io static.ads-twitter.com static.dable.io track.omguk.com utt.impactcdn.com www.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.gstatic.com *.qualtrics.com tools.ietf.org eqms.rhbgroup.com; frame-src 'self' *.qualtrics.com eqms.rhbgroup.com www.youtube-nocookie.com tpc.googlesyndication.com omny.fm assets.bwbx.io www.youtube.com www.google.com td.doubleclick.net *.fls.doubleclick.net pixel.mathtag.com; style-src 'self' 'unsafe-inline' *; style-src-elem 'self' 'unsafe-inline' *; img-src * data:; font-src 'self' * data:; connect-src 'self' wss://*.hotjar.com *.hotjar.com *.hotjar.io *.qualtrics.com tools.ietf.org eqms.rhbgroup.com transient-api-admin-lb.intranet.rhbgroup.com transientstg.rhbgroup.com www.google.com.sg fonts.googleapis.com stats.g.doubleclick.net pixel.mathtag.com td.doubleclick.net www.facebook.com www.google.com pagead2.googlesyndication.com 12327270.fls.doubleclick.net px.ads.linkedin.com www.google.com www.gstatic.com analytics.google.com analytics.tiktok.com www.google-analytics.com bat.bing.com www.facebook.com api.dable.io bat.bing.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net pixel.mathtag.com s.yimg.com snap.licdn.com sp-api.dable.io static.ads-twitter.com static.dable.io track.omguk.com utt.impactcdn.com www.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.gstatic.com maps.googleapis.com www.googleapis.com www.google.com.my cdn.linkedin.oribi.io; upgrade-insecure-requests; 1
frame-ancestors 'self' *.cdmx.gob.mx https://cdmx.gob.mx 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://*.google.com/ https://www.facebook.com/ https://www.youtube.com/ https://www.google.ca/ https://dev.visualwebsiteoptimizer.com/ https://*.clarity.ms/ https://*.moneris.com/ https://cookie-cdn.cookiepro.com/ https://cdnjs.cloudflare.com/ https://twitter.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://maxcdn.bootstrapcdn.com/ https://*.hs-analytics.net/ https://*.hubspot.com/ https://*.hsforms.com/ https://*.hs-banner.com/ https://*.hscollectedforms.net/ https://acuityplatform.com/ https://*.hs-scripts.com/ https://cdn.jsdelivr.net/ https://snap.licdn.com https://*.gstatic.com https://secure.data-insight365.com/ https://ajax.cloudflare.com/ https://www.googleadservices.com/ https://*.googlesyndication.com/ https://*.garda.com https://fournitures.tv.garda.com https://clarity.microsoft.com https://www.indexexchange.com https://casalemedia.com https://*.liadm.com/ https://doubleclick.net https://vimeo.com https://www.linkedin.com https://liadm.com https://demdex.net https://pubmatic.com/ https://*.pardot.com https://yahoo.com https://*.yahoo.com https://www.eyeota.com/ https://eyeota.net https://www.advertising.yahooinc.com/ https://advertising.com http://agkn.com https://tapad.com http://adnxs.com http://pro-market.net https://bidswitch.net https://*.bing.com/ https://www.salesforce.com https://www.oracle.com https://bluekai.com https://www.mediamath.com https://mathtag.com https://*.demdex.net https://business.adobe.com https://connect.facebook.net/ https://static.ads-twitter.com/ https://*.nr-data.net https://www.nr-data.net https://*.newrelic.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net/ https://geolocation.onetrust.com/ https://privacyportal.cookiepro.com/ https://www.google-analytics.com/ https://bam.nr-data.net/ https://stats.g.doubleclick.net/ https://*.doubleclick.net/ https://*.google.ca https://*.google.co.uk https://*.google.fr https://*.google.co.in https://*.google.co.ke https://*.google.pl https://*.google.co.tz https://*.google.de data: https://ad.doubleclick.net https://www.linkedin.com/ https://rt.newswire.ca https://i.ytimg.com/ https://mma.prnewswire.com/ https://c212.net/ https://pixel.mathtag.com/ https://t.co/ https://analytics.twitter.com/ https://td.doubleclick.net https://10644070.fls.doubleclick.net/ https://fonts.googleapis.com blob:; manifest-src 'self'; media-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; report-uri https://c197f2682cc60d2edc7ca183b2a9af96.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' *.bnpparibas *.mosaic.fr *.biapi.pro *.dev.echonet *.bnpparibas.net *.protection24.com *.facil-iti.com *.herokuapp.com  *.matmut.com *.cardif-iard.fr; 1
frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self' 1
upgrade-insecure-requests; script-src 'unsafe-eval' 'unsafe-inline' 'self' https: matomo-kb.finalist.nl; object-src 'none'; base-uri 'none'; frame-ancestors 'self' https://*.beesmart.nl https://www.kb.nl 1
default-src 'self' *.uni-bamberg.de zammad.rz.uni-bamberg.de api.rz.uni-bamberg.de public-tickets--cmdb-k843-2-dev.rproxy.it-fopro.uni-bamberg.de www-daten-i1656.rproxy.it-fopro.uni-bamberg.de tandem-bot.institut-ida.de cdn.botframework.com *.infogram.com *.mapbox.com scontent.cdninstagram.com platform.twitter.com *.twitter.com *.twimg.com *.facebook.net *.unity3d.com *.b-ite.com 'unsafe-inline' 'unsafe-eval' blob: data: wss:; script-src 'self' *.uni-bamberg.de zammad.rz.uni-bamberg.de api.rz.uni-bamberg.de public-tickets--cmdb-k843-2-dev.rproxy.it-fopro.uni-bamberg.de www-daten-i1656.rproxy.it-fopro.uni-bamberg.de tandem-bot.institut-ida.de cdn.botframework.com *.b-ite.com 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self' *.uni-bamberg.de tandem-bot.institut-ida.de cdn.botframework.com *.infogram.com *.mapbox.com scontent.cdninstagram.com platform.twitter.com *.twitter.com *.twimg.com *.facebook.net *.unity3d.com *.b-ite.com 'unsafe-inline' 'unsafe-eval' blob: data:; frame-src *; object-src 'none'; frame-ancestors 'self' *.ddev.site https://*.uni-bamberg.de 1
report-uri https://m.namava.ir/CSPreports; script-src blob: data 'self' 'unsafe-eval' 'unsafe-inline' namava.ir *.namava.ir https://www.namava.tv www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://mc.yandex.ru https://stats.g.doubleclick.net www.gstatic.com http://xslt.alexa.com http://ssl.p.jwpcdn.com https://cdn.jsdelivr.net https://cdn.ampproject.org https://www.google.com https://script.crazyegg.com http://script.crazyegg.com https://ssl.widgets.webengage.com https://c.webengage.com https://static.hotjar.com https://script.hotjar.com https://www.clarity.ms https://notification.webengage.com https://www.googleoptimize.com http://optimize.google.com https://optimize.google.com https://s3.amazonaws.com https://cdn.yektanet.com https://audience-scripts.yektanet.com https://s1.mediaad.org; object-src 'self' 1
connect-src 'self' *.sentry.io https://*.doubleclick.net *.google.com https://*.googlesyndication.com wss://*.hotjar.com hotjar.com https://*.hotjar.io *.segment.com *.segment.io *.facebook.com *.google-analytics.com google.com.au *.google.com.au gstatic.com *.gstatic.com https://*.vibe.co https://auth.tuckercarlson.com https://*.launchdarkly.com https://*.algolia.net/ https://*.algolia.io https://google.com https://*.algolianet.com https://submit.lightboxcdn.com/Keen/ https://submitcus.lightboxcdn.com/Keen/ cdn.cookielaw.org geolocation.onetrust.com pixels.spotify.com; default-src 'self'; font-src 'self' fonts.cdnfonts.com https://*.typekit.net fonts.google.com fonts.gstatic.com fonts.googleapis.com https://*.lightboxcdn.com; frame-src 'self' https://*.doubleclick.net https://*.cloudflarestream.com https://playlist.megaphone.fm/ https://*.facebook.com; img-src 'self' https://*.doubleclick.net *.facebook.com *.google.com google.com.vn *.google.com.vn imagedelivery.net https://*.vibe.co *.twitter.com *.lightboxcdn.com https://t.co https://next-prod.tuckercarlson.com https://*.googleadservices.com cdn.cookielaw.org pixel.quantserve.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com *.cloudflareinsights.com *.cloudflarestream.com *.doubleclick.net *.googleadservices.com https://*.googlesyndication.co *.googletagmanager.com https://*.hotjar.com *.jquery.com *.jsdelivr.net *.sentry-cdn.com *.segment.com googlesyndication.com *.googlesyndication.com google.com *.google.com https://*.vibe.co *.lightboxcdn.com https://*.facebook.net https://*.ads-twitter.com https://*.rmbl.ws https://*.cloudflare.com https://tuckercarlson.com/ https://api.keen.io/3.0/projects/53ab77e2c9e1637d8a000000/ cdn.cookielaw.org pixel.byspotify.com secure.quantserve.com rules.quantcount.com; style-src 'unsafe-inline' https://*.cdnfonts.com https://*.typekit.net 'self' https://*.lightboxcdn.com fonts.googleapis.com; worker-src blob: 'self'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=4jj2EFxje_Lxiuxikizaii.ttZGPH2gBu8SNzrS.vto-1721961705-1.0.1.1-WYHY5iTlTwjVxqH8vI3UblQ1Jb.r9jlgRomPlCT3QEflXrLov9I5R2pRsAGsduhinOj34LvA2XdteenW4K9oT5QZ7AYUgNaVnOAUj1qqRF02KBobqjG1YqbdGi5VgqOpNF2fg7tun_95hSqGkeCgkBojqo.MDe81BdM2_NoORPvOb6ovNkYIgSjEw1G0Ag_hUpUF79IN2ekQPcVHhb6Lqg; report-to cf-bgiadotrrzywrwic 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src https: data:; 1
frame-ancestors https://*.tatacliq.com; connect-src 'self' measurement-api.criteo.com ws://localhost:9858/ rum-collector-2.pingdom.net www.google.co.in t.co analytics.twitter.com q.quora.com *.tatacliq.com *.tataque.com *.tataunistore.com *.akstat.io *.go-mpulse.net *.youtube.com *.youtu.be  *.facebook.com *.google.com *.google-analytics.com *.flixcar.com *.juspay.in *.stripe.com *.tatadigital.com *.instacred.me *.ed-sys.net *.appsflyer.com *.madstreetden.com *.demdex.net *.onedirect.in *.ipify.org *.yupl.us *.tt.omtrdc.net *.omtrdc.net *.adobedtm.com *.cloudfront.net *.epsilondelta.co *.amazonaws.com *.facebook.net *.clevertap.com *.doubleclick.net *.haptikapi.com *.hellohaptik.com *.haptik.me *.bing.com *.akamaihd.net instacred.me wss://*.haptik.me *.o-s.io https://cqt.conneqtcorp.com https://e2e.tataque.com https://rs.fullstory.com https://siteintercept.qualtrics.com dapi.tatadigital.com  *.designhubz.com https://vimeo.com *.launchdarkly.com https://firebaseinstallations.googleapis.com https://firebaseremoteconfig.googleapis.com/  https://cdn.firebase.com https://*.firebaseio.com 1
script-src blob:  'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' * *.googletagmanager.com *.google.com *.google-analytics.com *.googlesyndication.com *.interempresas.net *.doubleclick.net *.youtube.com *.flowplayer.org *.gstatic.com; img-src 'self' blob: data: *.interempresas.net *.googlesyndication.com *.google-analytics.com *.googletagmanager.com *.google.com *.doubleclick.net *.youtube.com *.gstatic.com *; connect-src 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.googlesyndication.com *.interempresas.net *.doubleclick.net *.youtube.com *.gstatic.com *.flowplayer.org *; object-src *.interempresas.net; media-src blob: * 1
default-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com https://*.facebook.com *.facebook.com https://googletagmanager.com googletagmanager.com https://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com *.google-analytics.com https://*.google.com *.google.com https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com https://*.gstatic.cn *.gstatic.cn https://*.jsdelivr.net *.jsdelivr.net https://*.rawgit.com *.rawgit.com https://*.ddfstatic.com *.ddfstatic.com https://cdn.plyr.io cdn.plyr.io https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://*.bangbros.com *.bangbros.com https://*.nikkiprice.com *.nikkiprice.com https://*.girlsgonewild.com *.girlsgonewild.com https://*.naked.com *.naked.com https://*.st-content.com *.st-content.com https://*.sellvids.com *.sellvids.com https://*.hazecash.com *.hazecash.com https://*.xxxpawn.com *.xxxpawn.com https://*.gaypawn.com *.gaypawn.com https://*.miakhalifa.com *.miakhalifa.com https://*.americanpervert.com *.americanpervert.com https://*.xnxx.com *.xnxx.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://www.google-analytics.com www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://region1.google-analytics.com/g/collect; font-src 'self' https://cdn.jsdelivr.net/npm/ https://fonts.gstatic.com fonts.gstatic.com data:; img-src 'self' https://*.gtflixtv.com *.gtflixtv.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://www.xvideos.com www.xvideos.com https://*.xvideos.red *.xvideos.red https://*.1ka.com *.1ka.com https://cdn.jsdelivr.net cdn.jsdelivr.net https://www.google-analytics.com www.google-analytics.com https://www.google.com/ads/ga-audiences https://stats.g.doubleclick.net/r/collect https://region1.google-analytics.com region1.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ data:; object-src 'none'; script-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://uploader.gtflixtv.com uploader.gtflixtv.com https://uploader-beta.gtflixtv.com uploader-beta.gtflixtv.com https://pornbox.com pornbox.com https://*.googleapis.com *.googleapis.com https://www.google.com/recaptcha/ www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://google-analytics.com google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ https://cdn.jsdelivr.net/npm/ https://cdn.rawgit.com/yuku-t/jquery-textcomplete/ https://*.ddfstatic.com *.ddfstatic.com https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://apis.google.com/js/platform.js 'unsafe-inline' 'unsafe-eval'; report-uri /api/js-error; 1
default-src 'self' flickrembed.com *.flickrembed.com *.jquery.com *.flickr.com *.twitter.com *.gstatic.com *.weloveiconfonts.com weloveiconfonts.com *.googletagmanager.com *.google-analytics.com *.youtube.com youtube.com *.ytimg.com *.google.com *.googlevideo.com *.googleapis.com *.facebook.net *.facebook.com *.doubleclick.net *.rss2json.com *.instagram.com *.googleservices.com *.office.com *.matterport.com *.cloudflare.com *.benchmarkemail.com *.renem.es *.openstreetmap.org *.opentopomap.org *.ign.es data: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self';script-src 'unsafe-inline' 'self' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://consent.trustarc.com https://consent-pref.trustarc.com https://bat.bing.com https://connect.facebook.net https://cdn.appdynamics.com https://www.googleoptimize.com https://optimize.google.com https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://bam-cell.eu01.nr-data.net;style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com https://optimize.google.com;connect-src 'self' https://col.eum-appdynamics.com https://*.google-analytics.com *.google-analytics.com https://api.zuko.io https://consent.trustarc.com https://consent-pref.trustarc.com https://bat.bing.com https://*.analytics.google.com https://stats.g.doubleclick.net https://bam.nr-data.net https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://bam-cell.eu01.nr-data.net;img-src 'self' data: https://fonts.gstatic.com https://www.google-analytics.com www.google-analytics.com https://consent.trustarc.com https://consent-pref.trustarc.com www.googletagmanager.com https://bat.bing.com https://www.facebook.com https://optimize.google.com https://www.gstatic.com https://consent-or.trustarc.com https://www.google.co.uk https://*.analytics.google.com;object-src 'none';font-src 'self' https://consent.trustarc.com https://fonts.gstatic.com;frame-src 'self' https://consent-pref.trustarc.com https://optimize.google.com https://www.youtube-nocookie.com;frame-ancestors 'none';upgrade-insecure-requests;base-uri 'self' 1
frame-ancestors 'self' https://manage.electronicdesign.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
base-uri 'self' capture.trackjs.com;connect-src 'self' https://*.verkkokauppa.com https://cdn.verk.net https://*.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.googlesyndication.com https://*.clarity.ms https://bat.bing.com https://www.google.fi https://translate.googleapis.com https://capture.trackjs.com https://*.instagram.com https://login.microsoftonline.com https://*.facebook.com https://*.richrelevance.com https://*.zopim.com https://api.custobar.com https://track.adform.net https://cdn.contentful.com https://preview.contentful.com https://*.doubleclick.net https://*.zendesk.com wss://*.zendesk.com wss://*.zopim.com https://ekr.zendesk.com https://zendesk-eu.my.sentry.io https://ekr.zdassets.com https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://cdn.optimizely.com https://logx.optimizely.com https://*.usercentrics.eu;default-src 'self';font-src https://fonts.googleapis.com https://fonts.gstatic.com https://v2.zopim.com https://cdn.verk.net data:;form-action 'self' connect.facebook.net *.verkkokauppa.com epmt.nordea.fi *.signicat.com maksuluotto.fi *.aktia.fi epayment1.point.fi epayment2.point.fi https://idp.collectorbank.se/;frame-ancestors 'self';frame-src 'self' https://view.24mags.com/schedule/verkkokauppa.com/ https://www.googletagmanager.com https://www.youtube.com https://connect.facebook.net https://login.microsoftonline.com https://login.live.com https://player.twitch.tv https://*.google.com https://*.googlesyndication.com https://*.facebook.com https://*.instagram.com https://*.doubleclick.net https://livestream.com https://accounts.google.com/gsi/ https://*.usercentrics.eu;img-src 'self' https://*.verkkokauppa.com https://cdn.verk.net https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.google.com https://*.clarity.ms https://*.bing.com https://px.ads.linkedin.com https://www.googletagmanager.com https://www.google.fi https://www.google.ru https://www.google.se https://www.google.no https://www.google.de https://www.google.pl https://www.google.ee https://www.google.nl https://www.google.co.uk https://www.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.facebook.com https://*.bazaarvoice.com https://*.zopim.io https://img.youtube.com https://usage.trackjs.com https://adsby.improveads.fi https://i.ytimg.com https://*.gstatic.com https://*.doubleclick.net https://cx.atdmt.com https://images.ctfassets.net/nggsuamsum0l/ https://*.usercentrics.eu https://*.zendesk.com https://*.zdusercontent.com data: blob: https://www.td-renew.com https://www.securecmr.com https://www.tdsynnex-renew.com;manifest-src 'self';media-src 'self' https://v2.zopim.com https://static.zdassets.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 'strict-dynamic' 'nonce-8feb6dc0ea9ff5da1c3f3493952fd8b9';style-src 'self' 'unsafe-inline' https://cdn.verk.net https://*.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;worker-src 'self';report-uri https://verkkokauppa.report-uri.com/r/t/csp/enforce;block-all-mixed-content 1
default-src 'none'; base-uri 'self';  manifest-src 'self'; script-src 'self' 'nonce-686e35a0-4af9-11ef-bf25-63a503526861' 'unsafe-eval' https://mfstatic.com/ *.rekai.se www.filemail.com siteimproveanalytics.com svanalytics.containers.piwik.pro; img-src 'self' https://*.inviewer.se/ www.filemail.com https://*.siteimproveanalytics.io https://mfstatic.com https://assets.mediaflowpro.com; style-src 'self' 'unsafe-inline' https://mfstatic.com/ www.filemail.com; font-src 'self' https://mfstatic.com/fonts/ www.filemail.com; frame-src 'self' https://*.reachmee.com/ https://play.mediaflowpro.com/ www.filemail.com; connect-src 'self' *.rekai.se www.filemail.com svanalytics.piwik.pro svanalytics.containers.piwik.pro https://mediaflow.com https://*.mediaflow.com https://mfstatic.com https://stats.mediaflowpro.com; media-src 'self' https://m.mediaflow.com blob:; worker-src 'self' blob:; 1
frame-ancestors https://*.smartassist.ai https://*.kore.ai https://*.korebots.com https://*.kore.ai https://*.kore.com https://bots.kore.ai 1
frame-ancestors 'self' https://*.faucetcrypto.com; script-src 'self' 'nonce-19b712c0-7df0-4c10-a5be-beefdea341eb' 'strict-dynamic' 1
default-src https: 'self'; connect-src 'self' data: https: wss: about: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com; font-src 'self' data: https: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com; frame-src 'self' data: https: wss: about: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com; img-src 'self' https: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com; script-src 'self' data: https: wss: about: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com; style-src 'self' data: https: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com 1
frame-ancestors 'self' https://research-studio.messari.io https://marketing-studio.messari.io https://storybook.messari.io 1
default-src 'self' *.genealogybank.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.genealogybank.com *.newsbank.com js.recurly.com app.raaft.io c.sproutvideo.com api.smooch.io www.gstatic.com polyfill.io www.google.com unpkg.com cdn.plot.ly cdn.optimizely.com code.jquery.com www.googleadservices.com tags.srv.stackadapt.com js.adsrvr.org a.quora.com d10lpsik1i8c69.cloudfront.net cdnjs.cloudflare.com cdn.jsdelivr.net kit.fontawesome.com www.googletagmanager.com www.google-analytics.com contentz.mkt912.com a.trstplse.com *.mountain.com googleads.g.doubleclick.net connect.facebook.net s.yimg.com s.pinimg.com static.zdassets.com bat.bing.com ct.pinterest.com dev.visualwebsiteoptimizer.com ajax.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com; connect-src 'self' wss: *.genealogybank.com api.recurly.com *.familysearch.org familysearch.org *.amazonaws.com api.smooch.io cdn.plot.ly q.quora.com dev.q.quora.com *.visualwebsiteoptimizer.com app.vwo.com cdn.visualwebsiteoptimizer.com tags.srv.stackadapt.com www.pinterest.com ka-f.fontawesome.com analytics.google.com www.google-analytics.com api.trstplse.com ekr.zdassets.com ct.pinterest.com genealogybank.zendesk.com s.yimg.com stats.g.doubleclick.net settings.luckyorange.net connect.facebook.net bat.bing.com 54.156.2.105 3.212.39.155 44.212.189.233 52.71.121.170 52.22.50.55 18.210.229.244; img-src 'self' data: *.genealogybank.com *.newsbank.com *.familysearch.org *.zendesk.com static.zdassets.com app.raaft.io trustpulse.s3.amazonaws.com a.trstplse.com cdn-thumbnails.sproutvideo.com aa.agkn.com match.sharethrough.com tags.bluekai.com pixel.tapad.com www.google-analytics.com loadm.exelator.com dpm.demdex.net px.steelhousemedia.com q.quora.com googleads.g.doubleclick.net cm.g.doubleclick.net track.searchiq.co match.adsrvr.org secure.adnxs.com www.google.com sp.analytics.yahoo.com insight.adsrvr.org www.facebook.com www.pages01.net bat.bing.com www.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com securetracking.adsprotection.com tags.srv.stackadapt.com 5212.xg4ken.com; style-src 'self' 'unsafe-inline' *.genealogybank.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com c.sproutvideo.com tags.srv.stackadapt.com js.recurly.com cdn.jsdelivr.net fonts.googleapis.com bat.bing.com *.visualwebsiteoptimizer.com app.vwo.com; font-src 'self' data: maxcdn.bootstrapcdn.com cdn.jsdelivr.net fonts.gstatic.com ka-f.fontawesome.com; frame-src 'self' *.genealogybank.com api.recurly.com app.raaft.io videos.sproutvideo.com www.youtube.com www.google.com www.facebook.com insight.adsrvr.org match.adsrvr.org td.doubleclick.net ct.pinterest.com d1eoo1tco6rr5e.cloudfront.net *.visualwebsiteoptimizer.com app.vwo.com; base-uri 'self'; form-action 'self' www.facebook.com 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://cohere.io https://*.cohere.io https://*.visualforce.com; 1
'nonce-ZqLuyo6qNuVWE2UW0DbKdwAAAAA';frame-ancestors 'self' bbh.com bbhluxembourgfunds.com bbhfunds.com brightcove.com brightcove.net *.bbh.com *.eglobalcustody.com; 1
frame-src 'self' https://files.reallygoodemails.com/ https://js.stripe.com/ https://parcel.io/ https://www.youtube.com/ https://www.google.com/ https://vars.hotjar.com/ https://dntcl.qualaroo.com/ https://ct.pinterest.com/ https://rge-prod.firebaseapp.com/ https://rge-staging.firebaseapp.com/ https://vercel.live/ 1
default-src 'self' liberapay.com;connect-src 'self' *.liberapay.org;form-action 'self';img-src * blob: data:;object-src 'none';upgrade-insecure-requests; 1
script-src 'nonce-0179b9ed389cee1689184f366449b80a' dashboard.weglot.com *.weglot.com *.stripe.com *.announcekit.app *.nolt.io *.jsdelivr.net *.firstpromoter.com beacon-v2.helpscout.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.gstatic.com static.ads-twitter.com analytics.twitter.com bat.bing.com snap.licdn.com *.snap.licdn.com *.redditstatic.com connect.facebook.net *.hotjar.com *.hotjar.io a.quora.com cdn.firstpromoter.com https: http: 'unsafe-inline' 'strict-dynamic'; object-src 'none'; base-uri 'self';frame-ancestors 'none'; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-8NKjUqGouIDcWY4jbzaidw=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
font-src 'self' https: blob: data:; style-src * 'self' https: 'unsafe-inline'; script-src 'self' 'unsafe-eval' https: blob: was: ws: 'nonce-uUGz7OVS4CFll0ABz0kzTQ=='; default-src 'self' 'unsafe-eval' https: blob: ws: wss:; media-src * blob: data:; img-src * blob: data:; object-src 'self' 1
frame-ancestors degreed.com *.degreed.com *.degreed.dev 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sibforms.com *.hotjar.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src * blob: data:; media-src 'none'; connect-src *; font-src 'self'; frame-src 'self' app.storylane.io *.sentry.io; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://*.vimeocdn.com https://www.youtube.com/ https://stats.yudu.com/ https://cdn.gubagoo.io/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://js.hs-analytics.net/ https://js.hs-banner.com/ https://js.hs-scripts.com/ https://js.hsadspixel.net/ https://js.hsforms.net/ https://js.hubspot.com/ https://js.hsleadflows.net/ https://maps.googleapis.com/ https://player.vimeo.com/ https://snap.licdn.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/; style-src 'report-sample' 'self' 'unsafe-inline' https://p.typekit.net/p.css https://use.typekit.net/wuj3nkx.css; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.vimeocdn.com wss://node.gubagoo.io https://px.ads.linkedin.com https://analytics.google.com https://cbo-loader.gubagoo.io https://cdn.linkedin.oribi.io https://cdn.gubagoo.io https://api.hubapi.com https://forms.hsforms.com https://*.hubspot.com https://gubagoo.io https://maps.googleapis.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com *.googlesyndication.com; font-src 'self' https://use.typekit.net/af/; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://td.doubleclick.net https://forms.hsforms.com https://player.vimeo.com https://w.soundcloud.com https://www.facebook.com; img-src 'self' data: https://reyrey.com https://i.ytimg.com https://linkedin.com https://www.linkedin.com https://cdn.gubagoo.io https://*.hsforms.com https://forms.hsforms.com https://gubagoo.io https://i.vimeocdn.com https://maps.gstatic.com https://px.ads.linkedin.com https://*.cdninstagram.com https://*.hubspot.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://cdn.gubagoo.io; report-uri https://6462df2f0c2db5717a7fa02d.endpoint.csper.io/?v=0; worker-src 'none'; frame-ancestors 'self' https://app.pageproof.com; 1
default-src 'self' assets.adobedtm.com; img-src * data:; font-src * data:; style-src 'self' 'unsafe-inline' data: s7e5a.scene7.com vestas.scene7.com fonts.googleapis.com; media-src s7e5a.scene7.com vestas.scene7.com s7mbrstream-g1.scene7.com *.spotify.com; frame-src policy.app.cookieinformation.com video.vestas.com newsroom.cision.com www.google.com www.video.vestas.com www.facebook.com cloud.marketing.vestas.com www.youtube.com www.arcgis.com vestas-english.newsroom.cision.com survey.extellio.com *.spotify.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' policy.app.cookieinformation.com script.e-space.se script.hotjar.com siteimproveanalytics.com snap.licdn.com static.hotjar.com www.googletagmanager.com www.google-analytics.com assets.adobedtm.com www.gstatic.com www.google.com sc.lfeeder.com connect.facebook.net s7e5a.scene7.com vestas.scene7.com maps.googleapis.com consent.app.cookieinformation.com region1.google-analytics.com www.youtube.com m.extellio.com script.extellio.com sfxway.com *.spotify.com *.kickfire.com; connect-src 'self' assets.adobedtm.com policy.app.cookieinformation.com publish.ne.cision.com cdn.linkedin.oribi.io vestas.tt.omtrdc.net in.hotjar.com www.google-analytics.com maps.googleapis.com s7e5a.scene7.com vestas.scene7.com consent.app.cookieinformation.com region1.google-analytics.com m.extellio.com s7mbrstream-g1.scene7.com; worker-src blob:; 1
default-src  'self'; base-uri  'self'; prefetch-src  *; img-src  'self'  https:  data:; script-src  'self' https://*.smart.com; style-src  'self' 'unsafe-inline'; connect-src  'self' https://*.smart.com; media-src  https://s7.future.smart.com; object-src  'none'; form-action  'self'; frame-src  'self' https://s7.future.smart.com 1
frame-ancestors https://www.emaar.com; upgrade-insecure-requests; 1
default-src 'self'; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data:; frame-src *; media-src *; connect-src *; block-all-mixed-content 1
frame-ancestors 'self' *.weebly.com 1
default-src 'self' https://spaceship-cdn.com; connect-src 'self' https://spaceship-cdn.com https://s3.us-west-2.amazonaws.com/production-pdf-generation-api-pdf-documents/ https://s3.us-west-2.amazonaws.com/production-website-featurerequesthub-storage/ https://production-hosting-cpaneltransferin-bff-storage.s3.us-west-2.amazonaws.com/ https://premiums.namecheapapi.com https://aftermarket.namecheapapi.com https://api.revved.com https://bam.nr-data.net wss://notification.admin.spaceship.net wss://notification.www.spaceship.com wss://domains-ws.revved.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com wss://www.spaceship.com https://www.spaceship.com https://*.crazyegg.com https://static.ads-twitter.com https://chat.engagement.ai https://sb-asp-admin.et.namecheap.tech wss://sb-asp-admin.et.namecheap.tech https://api.stripe.com https://maps.googleapis.com https://*.thunderbolt.com wss://*.thunderbolt.com https://production-thunderbolt-thunderbolt-storage.s3.us-west-2.amazonaws.com wss://svs.sb.hosting.spaceship.net:* wss://us-phx-1-vm-console.spaceship.com https://production-aftermarket-sellerhubbff-storage.s3.us-west-2.amazonaws.com; script-src https://spaceship-cdn.com https://*.paypal.com https://js.stripe.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.googletagmanager.com https://www.googleadservices.com https://*.g.doubleclick.net 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com https://www.googleadservices.com https://*.crazyegg.com https://static.ads-twitter.com https://cdn.engagement.ai https://maps.googleapis.com https://challenges.cloudflare.com https://*.tunnel.rnd.namecheap.net; style-src https://spaceship-cdn.com 'unsafe-inline' https://*.crazyegg.com; font-src https://spaceship-cdn.com https://fonts.googleapis.com data:; frame-src https://*.paypal.com https://js.stripe.com https://www.google.com https://*.doubleclick.net https://*.crazyegg.com https://chat.engagement.ai blob: https://hooks.stripe.com https://challenges.cloudflare.com; img-src 'self' https://spaceship-cdn.com https://*.paypal.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.google.com https://bam.nr-data.net data: https://*.crazyegg.com https://api.producthunt.com; worker-src blob:; report-uri /report/csp-violation 1
frame-ancestors 'self' https://backend-dvg.rotterdam.nl *.platform.sh *.rotterdam.hosted-temp.com *.rotterdam.nl https://rotterdam.ddev.site *.expoints.nl/ https://gemeenterotterdam1.expoints.nl; default-src 'self' https://backend-dvg.rotterdam.nl *.platform.sh *.rotterdam.hosted-temp.com scribit-pro-hosting.storage.googleapis.com *.readspeaker.com *.expoints.nl/; img-src 'self' data: https://backend-dvg.rotterdam.nl https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://test.virtuele-gemeente-assistent.nl https://mijn.test.virtuele-gemeente-assistent.nl https://www.toegankelijkheidsverklaring.nl https://www.instagram.com *.readspeaker.com https://syndication.twitter.com https://6006165.global.siteimproveanalytics.io *.siteimproveanalytics.io *.expoints.nl/; connect-src 'self' https://backend-dvg.rotterdam.nl https://test.virtuele-gemeente-assistent.nl wss: ws: https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl wss://test.virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl api.scribit.pro *.readspeaker.com https://open.spotify.com/ https://soundcloud.com/ https://www.iheart.com/ https://api.deepl.com/v2/translate https://gemeenterotterdam1.expoints.nl https://*.expoints.nl; font-src 'self' data: *.readspeaker.com *.ionicframework.com https://gemeenterotterdam1.expoints.nl https://*.expoints.nl; frame-src 'self' https://backend-dvg.rotterdam.nl https://sts.rotterdam.nl https://sts.rotterdam.nl https://gemeenteraad.rotterdam.nl sdk.companywebcast.com https://www.instagram.com https://*.issuu.com/ https://kaartlaag.rotterdam.nl *.youtube-nocookie.com *.vimeo.com https://open.spotify.com/ https://w.soundcloud.com/ https://www.iheart.com/ *.readspeaker.com https://syndication.twitter.com https://platform.twitter.com https://*.expoints.nl; media-src 'self' *.readspeaker.com; child-src 'self' https://sts.rotterdam.nl https://sts.rotterdam.nl blob: *.youtube-nocookie.com *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://backend-dvg.rotterdam.nl *.platform.sh *.rotterdam.hosted-temp.com *.rotterdam.nl https://test.virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://virtuele-gemeente-assistent.nl https://www.instagram.com *.scribit.pro www.youtube.com *.readspeaker.com https://platform.twitter.com https://siteimproveanalytics.com/js/siteanalyze_6006165.js https://platform.instagram.com/en_US/embeds.js https://gemeenterotterdam1.expoints.nl https://*.expoints.nl; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://backend-dvg.rotterdam.nl *.platform.sh *.rotterdam.hosted-temp.com *.rotterdam.nl https://mijn.test.virtuele-gemeente-assistent.nl https://test.virtuele-gemeente-assistent.nl https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl *.readspeaker.com https://gemeenterotterdam1.expoints.nl https://*.expoints.nl; style-src-attr 'unsafe-hashes' 'sha256-AF+AAZ9Z3mmKmwFbsDCVEPWGt4PySG8V/PpVNVjxb7o=' 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' 'sha256-zlqnbDt84zf1iSefLU/ImC54isoprH/MRiVZGskwexk=' 'sha256-KpSV7LuPYEu58+3u9LJr9v5Drm0uIKEv0h3u/+NVNm8=' 'sha256-8ilcya6PJ2mDcuNFfcZaaOL85o/T7b8cPlsalzaJVOs=' 'sha256-B0sREGwikShC0TA+wCLpD2QdDs7Vy9DLG5cPvTs5IMs=' 'sha256-sYkIODYA//1iY7apXtEv7hNGrtmrXBZmwaFZXFXwSsY=' 'sha256-NaWwnJevOrXydjfjT5eD6vnm2WLvJ7KP0dgSFSYKB5E=' 'sha256-tdB3YxIFeeJqr15OAav25tSJ0jbfU0q9ZZLH/xvb2fI=' 'sha256-FFltmHwlADhUUYXpvgRFf4b2XDafcpXpK6a1Her3XFo=' 'sha256-dMefF46gjIdjjnuydP6Nr7gaWbMNzFCuKLQDzFCj3q0=' 'sha256-mO93q4arg7Xz1Iq05lBuCfzcjH/7HiLQQiCBh6k8uDQ=' 'sha256-wUayk64gTwRA2mCqIET4wdFPL0If6hWLQdga4fFS4vo=' 'sha256-psFse5qnRHGZKcguuRInwkIEE+KAbKYXLcZN8oBR6So=' 'sha256-bWFcIHUkv3S/q++XC09SmQ2JDZLOeqduIJ4Fh3j6py8=' 'sha256-l6khRnjaVBZm7Z9S5+A/4ZrRnU7hBbTAGeVNTXpAbwU=' 'sha256-bdu4XjKR3UPx1iS23kdTkPKNFgazBeVTbuxYqEp0DYc=' 'sha256-iSenMpxWneYIQn8oj45JKUrqalowUP37Grx9qYBk71U=' 'sha256-7Buq1vYNyuCqzL1qi1GDgIjjEI9dRccdIAbriq90CJg=' 'sha256-nd/XcY53KxgscLkvRS9wYXmU11ZQ+4U9t051MUJx5yE=' 'sha256-+sWhfTcZSG7XrsT61RI144ba9rE54ohM2kU43W6Do4U=' 'sha256-V7Nfgc45dEPdMpv+C9eGLuNDdx1lqLWBvD21n/nTbnw=' 'sha256-Di1xujw891gUw2f4Dcl3e05ECLSB4DK5RmDJ02qCl+M=' 'sha256-TCR4SO0z8m2yl2c09FRxJPfIIC+cCTD2Pt4vFHYdozA=' 'sha256-Syi3PbGJutUnGOw/+0uuur8vO6rKGQK3uinG2NAdSLQ=' 'sha256-VPHc/7xBTnzQ2w/c21rl9vrJzKimAyHBFGe1sS0x4dQ=' 'sha256-FIxAmhlquL19XlaBA+iSyXXJ/LwRQNfL4iJxYNitGV8=' 'sha256-mr1Ym7HxHASt6RfTa/KwxW8yynUtAIGrIuKNkTwex1Y=' 'sha256-2NJPv3sf+mSp8Y7aLXXjpsguaqnB+wpWpLE9k0bfT1A=' 'sha256-wwBytE0zrqrHUYnbFU/Hb+54aEwvXA/AUC3iiEtZoYo=' 'sha256-I9afoREoJ2XrBnLZ3pTdhTKkUNSalNUujQrgipUEhNc=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-0KLMFriemffdQKhnQYTsle9GpNpjT9Wikqb41i8USJg=' 'sha256-VTq1asG2HYDP/tAnd97wS5FfA/jKE3I2wTEmyzRZREs=' 'sha256-qiM21AzSpGuI2RbaDOFjq4c2kLCU9Vu2HiJUxaenfuw='; 1
default-src 'self'; script-src 'self'; object-src 'none' 1
default-src 'self'; img-src * data:; media-src * blob:; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * data:; frame-src *; connect-src * 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-/M6aONJB6QXm/+21Bu1OYw=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' demdex.net dpm.demdex.net adnxs.com *.scene7.com *.adnxs.com attentivemobile.com events.attentivemobile.com attn.tv audioeye.com *.audioeye.com bidswitch.net *.bidswitch.net *.bing.com bluekai.com *.bluekai.com bounceexchange.com *.bounceexchange.com bouncex.net events.bouncex.net creativecdn.com *.creativecdn.com certona.net edge1.certona.net www.res-x.com cloudflare.com *.cloudflare.com *.cloudfront.net cloudfront.net *.coach.com coach.com cnstrc.com cquotient.com criteo.com criteo.net *.criteo.net *.criteo.com *.doubleclick.net *.facebook.com *.facebook.net facebook.net fonts.net fast.fonts.net *.forter.com forter.com stickyadstv.com ads.stickyadstv.com *.google.com www.google.co.kr www.google.com.do www.google.lv www.google.com.ly www.google.com.vn www.google.ie www.google.co.ve www.google.kz www.google.com.ec www.google.dk www.google.com.pa www.google.com.pe www.google.as www.google.ro www.google.ch www.google.fr www.google.com.mx www.google.com.ph www.google.gr www.google.co.nz www.google.nl www.google.se www.google.com.ua www.google.co.in www.google.co.id www.google.es www.google.com.jm www.google.hn www.google.com.py www.google.com.np www.google.ca www.google.com.co *.gstatic.com www.google.ae googleapis.com *.googleapis.com cloudfunctions.net *.cloudfunctions.net www.googletagmanager.com *.google-analytics.com 360yield.com ad.360yield.com casalemedia.com r.casalemedia.com ivitrack.com matching.ivitrack.com klarna.com *.klarna.com klarnacdn.net *.klarnacdn.net klarnaevt.com *.klarnaevt.com klarnaservices.com *.klarnaservices.com *.linksynergy.com liadm.com *.liadm.com media.net *.media.net mediavine.com exchange.mediavine.com mediawallahscript.com partner.mediawallahscript.com micpn.com b6sgkpgq.micpn.com cookielaw.org cdn.cookielaw.org postrelease.com jadserve.postrelease.com agkn.com aa.agkn.com onetrust.com *.online-metrix.net online-metrix.net *.optimizely.com optimizely.com outbrain.com *.paypal.com www.paypalobjects.com pinimg.com s.pinimg.com pinterest.com *.pinterest.com pdst.fm cdn.pdst.fm powerreviews.com *.powerreviews.com pubmatic.com qualtrics.com *.qualtrics.com quantummetric.com *.rakuten.com rlcdn.com idsync.rlcdn.com revcontent.com trends.revcontent.com rubiconproject.com pixel.rubiconproject.com force.com my.salesforce.com *.my.salesforce.com *.force.com *.salesforceliveagent.com sharethrough.com match.sharethrough.com signifyd.com *.signifyd.com smartadserver.com *.smartadserver.com sc-static.net snapchat.com tr.snapchat.com taboola.com *.taboola.com tangiblee.com *.tangiblee.com tapad.com *.tapad.com teads.tv *.teads.tv *.tiktok.com tiktok.com adsrvr.org *.adsrvr.org tremorhub.com *.tremorhub.com 3lift.com eb2.3lift.com twitter.com *.twitter.com ads-twitter.com static.ads-twitter.com t.co *.smaato.net rqtrk.eu ws.rqtrk.eu techlab-cdn.com p11.techlab-cdn.com wknd.ai tag.wknd.ai www.yext-pixel.com scene7.com typekit.net *.typekit.net cdnwidget.com *.cdnwidget.com pippio.com *.attn.tv bazaarvoice.com *.btttag.com bootstrapcdn.com maxcdn.bootstrapcdn.com *.cquotient.com adsymptotic.com www.googleadservices.com *.katespade.com katespade.com www.katespade.co.uk *.linkedin.com cdnbasket.net *.cdnbasket.net *.onetrust.com openx.net *.quantummetric.com securedvisit.com track.securedvisit.com squadded.co static.squadded.co *.cnstrc.com sv.rkdms.com *.yahoo.com *.youtube.com zineone.com *.zineone.com *.adroll.com static-na.payments-amazon.com m.media-amazon.com *.amazonaws.com apay-us.amazon.com ntp.msn.com api.images.drivecommerce.com api2.fonts.com dynl.mktgcdn.com *.socdm.com static.squad-shopping.com static.lisa-cdn.net rstyle.me katespadesurprise.loveslisa.tech *.googlesyndication.com services.postcodeanywhere.co.uk *.truefitcorp.com *.adyen.com *.dealmoon.com www.bradsdeals.com www.shopstyle.com rd.bizrate.com www.afrugalchick.com thecouponboutique.com hip2save.com giftful.com www.eonline.com capitaloneshopping.com www.passionforsavings.com *.addressy.com *.ampproject.net thekrazycouponlady.com sas.selleramp.com *.dealmoon.ca appium.io *.shoprunner.com *.shoprunner.io qa-specops.loopassets.net *.stuartweitzman.com images.katespade.comis cms.coachoutlet.com tapestry.support jira.tapestry.support *.needle.com *.mapbox.com cdn.honey.io edgeshoppingstatic.azureedge.net exchjsdata.com cdn.ivaws.com dealsea.com deref-mail.com go.magik.ly www.ecosia.org legacy-myemail.cox.net *.demandware.net *.instagram.com usage.trackjs.com mpsnare.iesnare.com v.fwmrm.net 1f2e7.v.fwmrm.net *.my.salesforce-sites.com sentry.io *.narvar.com link.edgepilot.com www.shopstyle.ca tapes11111.pcapredict.com ad.tpmn.co.kr *.clmbtech.com visitor.omnitagjs.com tst.kaptcha.com *.yieldmo.com *.kampyle.com *.medallia.com dsum-sec.casalemedia.com us-u.openx.net sync.outbrain.com *.pubmatic.com *.bluecore.com *.amplience.net cs.adingo.jp *.aralego.com *.aralego.net *.krxd.net *.stackadapt.com cdn.jsdelivr.net *.cloudinary.com api.fillr.com snap.licdn.com api.bluecore.app e1.emxdgt.com app.collectivevoice.com *.rewardStyle.com brandcycle.net link.shoplooks.com slooks.top smilekols.com go.magik.ly media.paroleparis.com c.fanstoshop qa.res-x.com *.katespadeoutlet.com katespadeoutlet.com cdn.wyng.com shpog-kso.ovative.com *.bluecore.app *.tapestry.com *.lilyai.net monetate.net *.monetate.net *.pixlee.co *.turnto.com *.edgecastcdn.net *.pixlee.com *.pixleeteam.com *.pxlecdn.com *.persado.com *.persa.do *.shopify.com *.cdn.shopifycloud.com shop.app *.shopifysvc.com *.stripe.com *.kahoona.io data: blob:; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.analytics.google.com www.google-analytics.com ajax.aspnetcdn.com ajax.googleapis.com cdnjs.cloudflare.com www.googleadservices.com www.googletagmanager.com tagmanager.google.com *.doubleclick.net flex.msn.com bat.bing.com dvrt.t101.com unpkg.com www.google.com www.gstatic.com https://ads.recon.com recon-static.t101cdn.net www.recon.com;object-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com recon-static.t101cdn.net www.recon.com;img-src 'self' data: blob: www.google-analytics.com analytics.google.com dvrt.t101.com *.g.doubleclick.net www.googleadservices.com www.googletagmanager.com www.google.com www.google.co.uk www.google.au www.google.fr www.google.ie www.google.it www.google.nl www.google.ca www.google.es www.google.de www.gstatic.com *.r.msn.com bat.bing.com *.r.bat.bing.com recon-images.t101cdn.net recon-static.t101cdn.net images.email.recon.com static.recon.t101cdn.net recon-media.t101content.net media.recon.t101cdn.net ssl.gstatic.com https://ads-static.recon.com https://ads.recon.com media.recon.t101api.com www.recon.com;media-src 'self' recon-static.t101cdn.net www.recon.com;frame-src www.google.com;font-src 'self' fonts.gstatic.com sxt.cdn.skype.com recon-static.t101cdn.net www.recon.com;connect-src 'self' *.t101api.com www.google-analytics.com analytics.google.com *.analytics.google.com stats.g.doubleclick.net www.google.com www.gstatic.com https://ads.recon.com *.recon.t101api.com recon-static.t101cdn.net www.recon.com;frame-ancestors 'none';manifest-src 'self';report-uri https://t101.report-uri.com/r/d/csp/enforce 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data:; frame-src 'self' https://www.youtube.com/embed/qYp89jjpv4M; style-src 'self' 'unsafe-inline' data:; img-src 'self' data: https://*.usom.gov.tr;script-src 'self' 'unsafe-inline' 'unsafe-eval';media-src 'self' https://*.usom.gov.tr https://*.siberyildiz.com 1
frame-ancestors 'self' https://price.com.hk https://*.price.com.hk 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; img-src 'self' data: lh3.googleusercontent.com lh3.ggpht.com www.google.com maps.gstatic.com maps.googleapis.com ; style-src-elem 'self' 'unsafe-inline' widget.freshworks.com fonts.googleapis.com ; font-src 'self' data: fonts.gstatic.com ;  script-src-elem 'self' 'unsafe-inline' www.clarity.ms widget.freshworks.com fonts.googleapis.com code.jquery.com apis.google.com maps.googleapis.com ;connect-src 'self' r.clarity.ms maps.googleapis.com widget.freshworks.com ; 1
script-src 'self' 'nonce-GLHHthBSiQ' 'strict-dynamic' https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleoptimize.com https://cse.google.com https://www.google.com/cse/static https://staging2.webwinkelkeur.nl https://js.hellomedian.com; connect-src 'self' https://*.analytics.google.com https://*.google-analytics.com https://www.facebook.com/tr/ https://stats.g.doubleclick.net https://dashboard.webwinkelkeur.nl https://www.googleoptimize.com https://www.googleapis.com https://*.clarity.ms/collect https://ljj3ynf0ak.execute-api.eu-west-1.amazonaws.com/prod/isp-data https://cdn.linkedin.oribi.io https://*.belco.io wss://*.belco.io https://belco-prod.s3-eu-central-1.amazonaws.com/ https://js.hellomedian.com https://cdn.hellomedian.com https://hlg.tokbox.com/prod/ wss://socket.hellomedian.com https://staging2.webwinkelkeur.nl; object-src 'none' 1
default-src https://www.mcdonalds.fr *.mcdonalds.fr *.contentstack.com *.woosmap.com *.googleapis.com *.privacy-center.org *.gstatic.com *.as8677.net *.mcdonalds.fr *.googletagmanager.com *.google-analytics.com *.brig.ht *.youtube-nocookie.com *.youtube.com *.amazoncognito.com *.twitter.com *.algolia.com *.algolia.net *.admo.tv mcdonalds-operations.fr *.mcdonalds-operations.fr *.worldline-solutions.com *.ads-twitter.com *.abtasty.com *.sentry.io analytics.google.com *.analytics.google.com snap.licdn.com *.outbrain.com *.presage.io *.capadresse.com *.datadome.co *.captcha-delivery.com  *.doubleclick.net googletagmanager.com analytics.google.com *.analytics.google.com snap.licdn.com 'unsafe-eval' 'unsafe-inline' ; img-src data: https: http: ; frame-src www.mcdonalds.fr *.brig.ht *.youtube-nocookie.com *.youtube.com *.twitter.com mcdonalds-operations.fr *.mcdonalds-operations.fr *.abtasty.com *.doubleclick.net googletagmanager.com analytics.google.com *.analytics.google.com snap.licdn.com 1
script-src 'self' at.alicdn.com 'unsafe-eval' 'unsafe-inline' data: blob: *.dancf.com *.gaoding.com hm.baidu.com tongji.baidu.com assetscli.udesk.cn ttxsapp.udesk.cn retcode.alicdn.com www.google-analytics.com www.googletagmanager.com cdn.lr-ingest.io www.googleadservices.com googleads.g.doubleclick.net https://quickapp/jssdk.webview.min.js https://apis.google.com https://g.alicdn.com *.aliapp.org *.alibaba.com *.aliyun.com https://webapi.amap.com *.amap.com https://accounts.google.com *.dns-detect.alicdn.com https://res2.wx.qq.com https://www.fxiaoke.com https://web.cdn.openinstall.io https://www.clarity.ms; frame-ancestors 'self' god-mgr.dancf.com ttxsapp.udesk.cn tongji.baidu.com https://ytcs.lenovo.net http://ytcs.lenovo.net https://ytcstest.lenovo.net http://*.365editor.com https://cdn.lr-ingest.io https://mp.weixin.qq.com https://testsmb.lenovo.net/  http://*.gaoding.com https://www.xmyeditor.com http://xmyplus.jiangniaocloud.top http://*.chinaso.com http://*.chinaso365.com http://*.huanleguang.com http://*.huanleguang.cn http://bj.96weixin.com http://*.haoche.cn https://*.haoche.cn http://*.haoche.cn:*/ http://*.shuaishou.com http://localhost:*  http://*.sensorsdata.cn http://*.uupoop.com/ https://*.fnwenjuan.cn http://*.mangoerp.com http://mangoerp.com http://*.dianxiaomi.com http://*.eccang.com/ http://*.smartapps.cn http://*.chaojimoban.com http://*.dianxiaobao.net http://*.elstgl.com http://*.maimiao.icu/ http://*.lediaocha.com http://cloud.ekuajing.cn http://172.16.23.196:1234/ http://fabu.yxbf.net http://*.wenjuan.com:* https://sirius-desktop-web.lx.netease.com https://*.cowork.netease.com:* https://*.office.163.com http://*.xbongbong.com http://*.amywechat.com http://*.shangqiukuajing.com https://www.wenjuan.top https://www.wenjuan.in https://www.wenjuan8.cn https://www.wenjuan.design https://www.wenjuan.com http://*.ecsale8.com http://*.b2csupply1.com http://*.jm-erp.com http://jm-erp.com http://*.sellerwell.com https://apis.google.com http://*.gf.com.cn https://gallery.shuiditech.com https://*.yishangai.com https://yishangai.com https://*.efundsdemo.com https://*.efunds.com.cn https://moc.ljsyy.net https://moc.sobey-cloud69.com https://weichuan.tezign.com https://www.gzyphc.com https://editor.gzyphc.com https://app.gzyphc.com http://oms.test.igetget.dc https://oms.luojilab.com https://design.luojilab.com http://oms-host.sim.svc.luojilab.dc http://intelligent-design.test.svc.luojilab.dc https://soubaoapp.cn https://bgnow.cn https://mf.yueyimuying.com https://mf.ciduapp.com https://*.manbanapp.cn https://www.fxiaoke.com 1
default-src 'self' *.gotoassist.com *.dev-gotoassist.com fastsupport.com i1fastsupport.com stage.fastsupport.com 'unsafe-inline' 'unsafe-eval' data: *.getgo.com *.google.com *.google-analytics.com *.googleapis.com 1
frame-ancestors 'self' https://bancaporinternet.bbva.pe  https://pidetutarjeta.bbva.pe https://tarjetas.bbva.pe https://cuentas.bbva.pe https://prestamos.bbva.pe https://extranetperu.grupobbva.pe 1
base-uri 'self';default-src 'none'; connect-src 'self' inline-only: *; font-src 'self' data: *; img-src 'self' *;script-src 'self' 'unsafe-hashes' 'sha256-H2tlmRuSoiM440uTQK7H3mt3L74Xvy3HDbFQqhasmLM=' 'sha256-F31Z235J4JoHiQd4pwhlVGhZAo9TL1xXkr998POEVGk=' 'sha256-dg9STQouzRiKJUO3yike1CtjTb8JY3xoFiB0syjsclM=' 'sha256-npzn7ujSOdyjMmFgVUD96cEc+e4ADPr6/G36kMw42xg=' 'sha256-5TFWe/7xA1mUO7yvl+1rrgKnK4IkLgDeImwowoNtSio=' 'sha256-0ris5gmMUJMPIW5+I0NnEuFoC0HsIyvgUblcUKRj8DU=' 'sha256-2YCB6Lhue7C9r6969mhdpe1UfjRUR3HR4A0E0by9Kgg=' 'sha256-dPdAVNwRUBOO9U/2jj9+7Wrv56B40z2Jv1G60xrq99k=' 'sha256-1v5J2KvQP4Gbm3K2rHEJwOXTbrRded9lfuiMfmyrgLQ=' 'sha256-zjjpOAlgWBBa3LGAToXGdQdBJ74Nk1FbPuXvyyNud+c=' 'sha256-6Vxqk2EtHXjiJTfzUejPw5pYIuKocUwpWnj5ceUldH4=' 'sha256-jWeJInrhgp2bhmYq4ENjpiKhX8vgbI25wEHe7xZmntk=' 'sha256-MkZksky8RCDrddFfcsZvpoIOBWi+U4WdS/AUDSRoFWc=' 'sha256-JgUlUrFxfMASKHj7b/5oFO6lurjlitmjXKYNNDMUD+Y=' 'sha256-jwKtf7qtuAMIgLD43eyvgH971eEPHz3iVd6yMxfeA9A=' 'sha256-D/PRixJhLrpI1HflSDVH9owyKK3PGUoiNKrmyLvd3tM=' 'sha256-HSqFHC4bxSGLtwIKYvWNU/qQ4Q0oBveduu1wZdFXO+M=' 'sha256-nFFbE/gfqIA03gqrxwtcaywPXAg1nnX0YRI/RaMK8Lo=' 'sha256-k0FSIbTuVFHaoQGas062MT8MxUolKkiZqbpYaF929+c=' 'sha256-rqmm25uujCmwRm3UkPUpq2WM1jbmHLDuEQGkdF9+470=' 'sha256-U7ve//F4t99wIgL0aTmqx7pcSv+0E36f4XP+HwqZU30=' 'sha256-zZ15axXrbdoSqrE42O5dT3pilUPZCKObwx+aitQeT78=' 'sha256-C76Klxj0BnbMe8uaGS7kU+98MDherr94oIyjKlkWxTk=' 'sha256-244y469+HkRw3VOen69J4OuOZPA1f+0QrXS6/KOHJg0=' 'sha256-DNpb+AMfC5A+CyVJTBZTmmAK5kjYiOPpCYonuCoNUDc=' 'sha256-4xvwiEnvCWO3LygP+6rATbySh1+ealhANaQTvdaQaxk=' 'sha256-ClkLV8HfXoqqJ9Kl5sJglafxsF9F9ogSxHZxhR07bq4=' 'sha256-4TpZ3Tx5SLybDXPQaSHGuP1RU4D+pzck+02JLVY61BY=' 'sha256-osjxnKEPL/pQJbFk1dKsF7PYFmTyMWGmVSiL9inhxJY=' 'unsafe-inline' 'unsafe-eval' https://aicpa.ugc.bazaarvoice.com/static/8502-en_us/bvapi.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/3e79a7f00488/04f604fda4ad/launch-4dd043aa3d36.min.js https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement_Module_ActivityMap.min.js https://bat.bing.com/bat.js https://bat.bing.com/p/action/135000054.js https://cdn.mouseflow.com/projects/79d6f783-d04b-41b1-8cd4-ff5b0aef991b.js https://connect.facebook.net/en_US/fbevents.js https://siteintercept.qualtrics.com/dxjsmodule/11.172e2d2f93de5974ae28.chunk.js https://siteintercept.qualtrics.com/dxjsmodule/11.94e7d7f0c6a48ca94c06.chunk.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://us-content.vergic.com/C684836E-2833-4669-875F-C54261C28192/engage.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtag/js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/extensions/EP4c3fcccffd524251ae198bf677f3b6e9/AppMeasurement.min.js https://assets.adobedtm.com/launch-ENbe9d56e701d340938e112682ad21519f.min.js https://d2qrdklrsxowl2.cloudfront.net/api/configuration.js https://d2qrdklrsxowl2.cloudfront.net/api/viewer/setup/ https://d2qrdklrsxowl2.cloudfront.net/js/generated/bootstrap.built.js https://d2qrdklrsxowl2.cloudfront.net/js/generated/brightcove.v2.built.js https://d2qrdklrsxowl2.cloudfront.net/js/hapyak.js https://d2qrdklrsxowl2.cloudfront.net/js/partners/brightcovePlugin/brightcovePlugin.js https://players.brightcove.net/1485859309/experience_59ca4a72f0534d000fe052ff/live.js https://players.brightcove.net/1485859309/rJBq047Xx_default/index.min.js https://vjs.zencdn.net/vttjs/0.12.5/vtt.global.min.js https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.youtube.com/iframe_api https://a.quora.com/qevents.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/3e79a7f00488/a620dac02c5d/launch-01674e2d033f.min.js https://assets.adobedtm.com/extensions/EP308220a2a4c4403f97fc1960100db40f/AppMeasurement.min.js https://bat.bing.com/bat.js https://bat.bing.com/p/action/135000332.js https://cdn.mouseflow.com/projects/f51c3538-9092-4e2e-aae3-eff0161c955a.js https://connect.facebook.net/en_US/fbevents.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://us-content.vergic.com/C684836E-2833-4669-875F-C54261C28192/engage.js https://www.clarity.ms/tag/uet/135000332 https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.googletagservices.com/tag/js/gpt.js  https://adservice.google.com.ph/adsid/integrator.js https://adservice.google.com/adsid/integrator.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement.min.js https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement_Module_ActivityMap.min.js https://assets.adobedtm.com/launch-EN2c0e28c6709c4e27a936ae1de1381bd2.min.js https://cdn.mouseflow.com/projects/4ac367e9-d555-45b8-8c1c-21159c893c86.js https://connect.facebook.net/en_US/fbevents.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031501.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js https://siteintercept.qualtrics.com/dxjsmodule/11.172e2d2f93de5974ae28.chunk.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://tpc.googlesyndication.com/pagead/js/r20220316/r20110914/client/window_focus_fy2019.js https://tpc.googlesyndication.com/sodar/UFYwWwmt.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.googletagservices.com/activeview/js/current/rx_lidar.js https://www.googletagservices.com/tag/js/gpt.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/3e79a7f00488/8b34a42b9048/94b1f86a0642/EX982a457aa31f49e98223c06cfedf70f2-libraryCode_source.min.js https://assets.adobedtm.com/launch-EN4ac663097b4c4c6483086c5b1a46bf23.min.js https://connect.facebook.net/en_US/fbevents.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031401.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032104.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js https://siteintercept.qualtrics.com/dxjsmodule/11.172e2d2f93de5974ae28.chunk.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.googletagservices.com/tag/js/gpt.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://connect.facebook.net/en_US/fbevents.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.googletagservices.com/tag/js/gpt.js https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement.min.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ *; script-src-elem 'unsafe-inline' *; style-src-elem 'unsafe-inline' *;frame-src 'unsafe-inline' *;worker-src 'unsafe-inline' blob: *;media-src 'unsafe-inline' blob: *; 1
frame-ancestors *.zum.com 1
frame-ancestors https://render.otoy.com 1
default-src 'self' one.org *.one.org; img-src 'self' *.one.org *.googletagmanager.com data: http: https: https://optimize.google.com https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.one.org *.vimeo.com *.cloudflareaccess.com *.cloudflare.com *.tiktok.com *.ibytedtos.com *.tiktokcdn.com *.googleadservices.com *.doubleclick.net *.gstatic.com  *.clarity.ms *.bing.com *.crazyegg.com *.instagram.com *.google.com stats.wp.com scripts.simpleanalyticscdn.com googletagmanager.com unpkg.com *.googletagmanager.com *.googleadservices.com optimize.google.com www.google-analytics.com www.googleoptimize.com ajax.googleapis.com *.twitter.com yoast.com one.actionkit.com connect.facebook.net snap.licdn.com cdn.simpleanalytics.io static.ads-twitter.com public.flourish.studio cdn.flourish.rocks *.ampproject.org *.newmode.net blog.apps.npr.org *.shpg.org *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.greenhouse.io *.usercentrics.com *.kameleoon.eu *.usercentrics.eu data: ;style-src 'self' *.one.org https://optimize.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.cloudflareaccess.com *.tiktokcdn.com https://www.google.com https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.one.org s0.wp.com https://fonts.gstatic.com data:; frame-src 'self' blob: https://flo.uri.sh/ https://*.google.com/ wp.freemius.com *.spotify.com *.tiktok.com *.apple.com *.vimeo.com app.usercentrics.eu https://optimize.google.com https://www.facebook.com *.one.org https://www.youtube.com *.youtube-nocookie.com *.instagram.com *.greenhouse.io *.twitter.com *.newmode.net *.doubleclick.net; connect-src 'self' http: https: https://www.google-analytics.com; 1
frame-ancestors https://app.mutinyhq.com 1
frame-ancestors 'self' zendesk.com training.finalsite.com www.taistn.com www.tri-association.org www.swaes.org www.qais.qc.ca www.partnersinmission.com www.paispa.org www.nysais.org www.nwais.org www.njais.org www.nesacenter.org www.mn-ais.org www.maisschools.com www.mais-web.org www.lmais.org isasw.finalsite.com www.theibsc.org www.fobisia.org www.fcis.org www.cristoreynetwork.org www.cobis.org.uk www.cisontario.ca www.cois.org www.capss.org www.cais.ca www.cabe.org aisne.finalsite.com www.aims-mi.org www.acaap.net www.aassa.com www.aaie.org https://www.finalsite.co.uk www.finalsite.co.uk *.pendo.io pendo-io-static.storage.googleapis.com www.boarding.org.au app.getguru.com; 1
frame-ancestors https://*.farmerama.com https://*.facebook.com/ https://*.y8.com https://www.minijuegos.com/ https://gameplanet.onet.pl/ https://www.gry.pl/ https://www.jetztspielen.de/ https://www.spielen.com/ https://www.jeux.fr/ https://www.jeu.fr/ https://www.games.co.uk/ https://www.spelletjes.nl/ https://www.spel.nl/ https://www.juegos.com/ https://www.gioco.it/ https://www.spela.se/ https://www.ourgames.ru/ https://www.gamesgames.com/ https://www.agame.com/ https://centralagier.wp.pl/ https://www.jetztspielen.ws/ https://www.1001spiele.de/ https://www.gierkionline.pl/ https://www.grajteraz.pl/ https://www.1001giochi.it/ https://www.giochixl.it/ https://www.1001hry.cz/ https://juegosjuegos.ws/ https://www.isladejuegos.com/ https://www.elkspel.nl/ https://www.spelo.se/ https://www.1001games.com/ https://www.speltuin.nl/ https://www.1001pelit.com/ https://www.1001jeux.fr/ https://www.1001games.fr/ https://www.1001spiele.at/ https://farmerama.jeja.pl/ https://www.funnygames.nl/ https://www.clickjogos.com.br/ https://www.oyunskor.com/ https://www.oyunkolu.com/ https://spele.nl/ https://www.dobregry.pl/ https://fotka.com/ https://www.1001games.co.uk/ https://www.1001jocuri.ro/ https://www.1001jogos.com.br/ https://www.1001jogos.pt/ https://www.igrixl.ru/ https://www.jatekokxl.hu/ https://www.juegosjuegos.ws/ https://www.paixnidiaxl.gr/ https://www.spillespill.no/ https://www.spilxl.dk/ https://www.jeux-gratuits.com/ https://kizi.com/ https://www.browsergames.de/ https://www.jeja.pl/ https://www.mmozone.com/ https://www.mmostation.com/ https://www.mmogratis.es/ https://www.gratismmo.de/ https://www.mmorpggratuits.com/ https://www.mmoitalia.it/ https://www.mmoportugal.com/ https://www.juegosdenavegador.com/ https://www.jeuxparnavigateur.net/ https://www.jogosbrowser.com/ https://www.freemmorpglist.com/ https://www.puzzlepuzzles.de/ http://www.mmogratis.com/ https://www.sat1spiele.de/ https://www.flashgames.it/ https://www.prosiebengames.de/ https://www.spielkarussell.de/ https://www.brincar.pt/ https://www.spelle.nl/ https://www.speeleiland.nl/ https://www.kongregate.com/ https://www.kidsmmorpg.com/ https://www.xn--mmoparanios-9db.com/ https://farmerama.rtl.de/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.crazyegg.com https://www.youtube.com https://bat.bing.com https://bat.bing.com/bat.js https://www.youtube.com/s/player/652ba3a2/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com/s/player/9135c2ab/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com/iframe_api https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js https://www.gstatic.com/recaptcha/releases/1kRDYC3bfA-o6-tsWzIBvp7k/recaptcha__en.js https://www.google.com/recaptcha/api.js https://wec-assets.terminus.services https://m.clarity.ms/collect https://www.clarity.ms https://dev.visualwebsiteoptimizer.com https://www.googleoptimize.com https://www.googleanalytics.com https://optimize.google.com https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js https://cdn.cookielaw.org https://*.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://secure.adnxs.com https://d22d1xpx4ztuef.cloudfront.net/jb-cdn-sp-3.5.0.js https://bam.nr-data.net https://gu.bizspring.net https://www.googletagmanager.com https://js-agent.newrelic.com https://stats.wp.com https://widgets.wp.com https://wordpress.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://sjrtp8-cdn.marketo.com https://cdn.livechatinc.com http://cdn.livechatinc.com https://s0.wp.com https://code.jquery.com https://code.jquery.com/jquery-3.3.1.js https://cdn.parsely.com https://stats.wp.com/e-202229.js http://play.vidyard.com https://play.vidyard.com https://connect.facebook.net http://app-sj04.marketo.com http://munchkin.marketo.net http://63475.tctm.co https://64066.tctm.co/t.js https://64066.tctm.co/p.js https://api.livechatinc.com http://www.google-analytics.com https://cdn.mouseflow.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://www.googleadservices.com http://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://code.ionicframework.com https://optimize.google.com https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/css/v2/otnotice-core.css https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com https://s0.wp.com http://app-sj04.marketo.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://u.clarity.ms/collect https://q.clarity.ms/collect https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://tracking.crazyegg.com https://script.crazyegg.com https://v.clarity.ms/collect https://z.clarity.ms/collect https://i.clarity.ms/collect https://bat.bing.com https://pagead2.googlesyndication.com https://r.clarity.ms/collect https://h.clarity.ms/collect https://api.nelioabtesting.com https://googleads.g.doubleclick.net/pagead/landing https://b.clarity.ms/collect https://www.google.com/pagead/landing https://l.clarity.ms/collect https://k.clarity.ms/collect https://j.clarity.ms/collect https://a.clarity.ms/collect https://y.clarity.ms/collect https://x.clarity.ms/collect https://r1.visualwebsiteoptimizer.com/analyze https://t.clarity.ms/collect https://w.clarity.ms/collect https://m.clarity.ms/collect https://px.ads.linkedin.com https://dev.visualwebsiteoptimizer.com https://www.google.co.in https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac-en-us.json https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac-en-us.json https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac.json https://analytics.google.com https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.facebook.com http://play.vidyard.com https://play.vidyard.com http://google.com https://google.com https://cdn.linkedin.oribi.io https://cdn.livechatinc.com https://api.ipify.org https://bam.nr-data.net https://p1.parsely.com https://n2.mouseflow.com https://api.livechatinc.com https://geolocation.onetrust.com https://privacyportal-de.onetrust.com http://090-bzj-603.mktoresp.com http://63475.tctm.co https://cdn.cookielaw.org https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data: https://code.ionicframework.com https://optimize.google.com https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com https://fonts.gstatic.com https://cdn.livechatinc.com https://fonts.gstatic.com https://cdn.mouseflow.com https://s0.wp.com; frame-src 'self' https://brandfolder.com https://aurora.videojet.com https://td.doubleclick.net https://dev.visualwebsiteoptimizer.com https://optimize.google.com https://www.google.com https://cdn.livechatinc.com https://stats.wp.com https://js-agent.newrelic.com http://www.googletagmanager.com https://www.googletagmanager.com https://widgets.wp.com https://wordpress.com https://pages.videojet.com https://communications.videojet.com https://www.facebook.com http://play.vidyard.com https://app-sj04.marketo.com https://bid.g.doubleclick.net https://play.vidyard.com https://secure.livechatinc.com; img-src 'self' data: https://bat.bing.com https://cdn.brandfolder.io https://cdn.brandfolder.io/U309KOI6/at/pwc64v7xhc642kc4jzw85vvb/thermal-transfer-printers-6530-overview-pd.jpg https://c.bing.com/c.gif https://c.clarity.ms/c.gif https://match.adsrvr.org https://wec-assets.terminus.services https://cdn.livechat-files.com https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://optimize.google.com https://ssl.gstatic.com https://www.gstatic.com https://c.jabmo.app https://s.w.org http://www.googleadservices.com https://p1.parsely.com https://videojet-develop.go-vip.net https://secure.gravatar.com https://pixel.wp.com https://pages.videojet.com http://play.vidyard.com https://play.vidyard.com https://cdn.vidyard.com https://www.facebook.com https://www.linkedin.com  https://www.googletagmanager.com https://p.adsymptotic.com https://px4.ads.linkedin.com http://2.gravatar.com http://www.google-analytics.com https://cdn.cookielaw.org https://cdn.livechatinc.com https://global.videojet.com https://px.ads.linkedin.com https://videojet.com https://www.google.co.in https://www.google.com; manifest-src 'self'; media-src 'self' https://cdn.livechatinc.com https://global.videojet.com; worker-src 'self' https://www.videojet.com/0a433153-d644-4a90-9e9d-2a6798084d16  https://www.videojet.com/2714c20b-65e2-44de-b392-7de6d9ed1d0b https://www.videojet.com/00d52daf-2ce5-43d5-8aa5-bada1ae6bb35 https://www.videojet.com/c2a9034a-2113-47b0-95e0-ba70f153ada0 https://www.videojet.com/5e605692-361b-4b3b-8e35-f390a089aec5 https://www.videojet.com/8c980ae2-aee2-49ae-a310-01d4ec69b200 https://www.videojet.com/93a2e38a-1795-4548-a9d5-77016b60d2da https://www.videojet.com/da4bf386-65f8-48d1-9320-7bc8baffb942 https://www.videojet.com/27924d43-ac34-4b4f-9dc8-8c4044b64419 https://www.videojet.com/053c2f2d-12c6-4c7a-ad65-dc3a9fa37e11 https://www.videojet.com/8a8ed960-d9e4-4e75-bcee-b10b973e5538 https://www.videojet.com/4b26b4de-e236-45b4-a332-dcbcab49a215 https://www.videojet.com/6589a4db-4107-48fe-b7ec-a64dfde8efe4 https://www.videojet.com/90e5c3a7-ace9-4cfd-850c-a7cf3bb63a7f https://www.videojet.com/876a4b1e-29d5-4aa9-b700-d19e22919ab3 https://www.videojet.com/be48ff17-3c5f-4363-a81d-fc019f7989d9 https://www.videojet.com/b513495a-d5af-406f-956b-ea8f707d3c83 https://www.videojet.com/9412d8a5-1a32-4101-8a63-6b1f6e039630 https://www.videojet.com/a05777b4-dd1a-4c6c-b531-2f6723deae8d https://www.videojet.com/8d61af98-d917-4429-94b1-0936842ac333 https://www.videojet.com/c134f1fc-70df-4ad4-a498-20f0037e8c5c https://www.videojet.com/c17d1145-be66-4f9c-b6eb-92acdfcf315d https://www.videojet.com/7e685416-f3f7-4121-a4f1-174f7f0c3bec https://www.videojet.com/c696b255-535b-4608-81b7-39e0806df13a https://www.videojet.com/61bd0fb4-b015-40bb-96c9-130e3b985be0 https://www.videojet.com/46892d75-c151-4707-b51c-2292d2d6d65f https://www.videojet.com/f118d694-df45-4bcf-bd4d-aab3b7aeee33 https://www.videojet.com/48017537-929e-4ad5-9757-e67b262d45df https://www.videojet.com/117795bb-b988-48b3-9b0f-5db989c4b691 https://www.videojet.com/1cafafe3-39ff-4f4f-b692-5e038933fc7d https://www.videojet.com/b0936365-29d0-426c-ae87-760d4b3613da https://www.videojet.com/14adb335-c443-4497-ba6a-62aeec9d5f68 https://www.videojet.com/22033d11-8285-45c6-9096-42f6f039514c https://www.videojet.com/d006e5b8-84f5-4676-9727-f926834dcc6c https://www.videojet.com/101e1222-bf33-40be-863f-81ee6807c9c4 https://www.videojet.com/b0e4fb03-3433-449e-9293-6d4e349ad459 https://www.videojet.com/b0e4fb03-3433-449e-9293-6d4e349ad459 https://www.videojet.com/54d65f82-d9d5-4f40-b356-5ff2bfa1ede5 https://www.videojet.com/c27ea47d-1ace-4499-8f48-dd365c2c2cff https://www.videojet.com/67328adb-ce0e-44d8-89ff-907cec9a9572 https://www.videojet.com/2c5dac11-53be-45bd-a1bf-9158e0c258e9 https://www.videojet.com/6c37e40f-eef0-425f-afd2-07cf2902f0c8 https://www.videojet.com/b03ab104-a4cc-490a-8c46-1e6ec48ab5ab https://www.videojet.com/043af784-9c5c-4edd-bff3-38c5eb2f5768 https://www.videojet.com/3585e1e8-d56e-4662-92db-efd1a3f74c40 https://www.videojet.com/3dbad550-e88f-4360-b5d8-9c9281e07435 https://www.videojet.com/095ee2b7-26bc-4836-8d0a-74706fecb366 https://www.videojet.com/00ad9452-3529-4ce0-9ed6-1eaff508d2e9 https://www.videojet.com/114b0a18-57c7-4663-9c1a-527928629afc https://www.videojet.com/32e1040a-1837-41a2-a9f0-af59f6b3b271 https://www.videojet.com/429959ec-3e8a-4c07-9fab-c386491ccd9b https://www.videojet.com/3b662cf4-d714-41f9-bc28-e984e2646ec5 https://www.videojet.com/60497885-22f7-4d78-b232-8a03496a511a https://www.videojet.com/975addda-33ab-419b-be30-f8f28cbcbed2  https://www.videojet.com/fdd687c5-3a20-455e-93a8-249ca0be729b https://www.videojet.com/6d404870-636e-4a2e-90c0-23ff00ec0091 https://www.videojet.com/6a51256c-7fc3-48c4-8ba2-4c2fed76f3fd https://www.videojet.com/159c39b4-c875-49e1-afee-1484faed62e2 https://www.videojet.com/489d5d2c-4da2-4d03-ba13-d691b2048e29 https://www.videojet.com/6ef4e507-36a9-4608-b214-b25fc9f3826c https://www.videojet.com/10d5333b-d694-4260-8849-5409a982f4f2 https://www.videojet.com/7f6f422a-f91d-4566-a955-280febef40f0 https://www.videojet.com/642c9f9a-9c7f-48af-a8bc-b11952d37dbf https://www.videojet.com/70a6aac0-b30b-45dc-a2bf-26c7d77b18fc https://www.videojet.com/a671e91f-8658-4818-ba3f-27a99afbe204 https://www.videojet.com/0d0cc83f-b381-4158-8b09-3694096c6fe6 https://www.videojet.com/440cf408-5c40-42b4-a359-749f3acac925 https://www.videojet.com/36214bec-996a-4e05-970a-d241d12f2db8 https://www.videojet.com/926a8753-53b5-4ad4-a62c-4713dbd1c37f https://www.videojet.com/c9d5afaf-a0aa-4db7-b518-d967b3d81b36 https://www.videojet.com/1295068b-cdb0-46ed-819a-deec0a6a36bd https://www.videojet.com/a644a86c-7519-4f37-aea1-b6d2f9fdc74d https://www.videojet.com/3c3628c1-5a46-41af-a537-db43daeef27f https://www.videojet.com/eaee86f7-2def-47cd-a2da-c205fd59ff74 https://www.videojet.com/d474b2a2-dfbd-4839-801c-7bfa3d00d171 https://www.videojet.com/2bc12286-5f03-4415-8f6b-0b18c6c90678 https://www.videojet.com/53cde3ea-2d8d-4289-aa7e-64e16b22c213 https://www.videojet.com/3243adbf-8aa3-4fa5-8666-2ec5bdb6f8b7 https://www.videojet.com/08a2f4c8-c23c-41fa-b029-ea7e111c1514 https://www.videojet.com/3191c924-2f60-4df2-b958-218e0b9b123e https://www.videojet.com/91a64e33-4c05-4b24-b405-a8461f7f1322 https://www.videojet.com/9600bcf4-3d06-4e24-b9af-7acd859cf28a https://www.videojet.com/0a315fd7-f8d2-4b2b-915b-77c4bd3c0217 https://www.videojet.com/7ab9984b-8cab-4783-b2ab-2427d3b33600 https://www.videojet.com/32afd7a5-fa8b-4d05-8146-ef4a0a4369ab https://www.videojet.com/84173372-c53e-4ed0-8ffe-bdbb31359feb https://www.videojet.com/cf6e098c-906f-4e75-b259-dd7e1c6a0786 https://www.videojet.com/d1fc4e99-bda5-42fd-ac03-2b4ec19dc3ac https://www.videojet.com/3e11e14c-6fe1-45e3-b8bd-5f2339b05902; 1
default-src self; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rawgit.com cdn.datatables.net maxcdn.bootstrapcdn.com maps.googleapis.com www.google.com use.typekit.net p.typekit.net *.google.com az416426.vo.msecnd.net *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net code.jquery.com *.googletagmanager.com asassoc.informz.net *.uniqodo.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://cdn-images.mailchimp.com https://cdn.datatables.net; font-src 'self' use.typekit.net *.google.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' p.typekit.net *.google.com *.azureedge.net *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com cdn.datatables.net; media-src 'self' *.azureedge.net data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com *.mapquest.com *.riddle.com *.twitter.com *.youtube.com *.uniqodo.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.visualstudio.com *.google-analytics.com asassoc.informz.net *.googletagmanager.com *.uniqodo.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.scaledrone.com https://surfly-us.com https://home-c35.nice-incontact.com https://www.youtube.com https://*.userzoom.com https://www.sc.pages08.net https://www.pages08.net https://players.brightcove.net https://map.brightcove.com https://*.psplugin.com https://vjs.zencdn.net https://assets.map.brightcove.com https://cdn-cinfin.azureedge.net https://secure-ds.serving-sys.com https://bs.serving-sys.com https://gateway.zscaler.net https://action.media6degrees.com/ http://action.dstillery.com/ https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://cse.google.com https://www.gstatic.com https://*.googleapis.com https://*.ggpht.com *.googleusercontent.com https://up.pixel.ad https://cdn.cookielaw.org https://*.onetrust.com https://snap.licdn.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://cdn01.basis.net; style-src 'self' 'unsafe-inline' https://*.userzoom.com https://*.psplugin.com https://cdn-cinfin.azureedge.net https://maxcdn.bootstrapcdn.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googleapis.com; img-src 'self' data: blob: https://streetviewpixels-pa.googleapis.com https://*.userzoom.com *.boltdns.net https://i.ytimg.com https://www.sc.pages08.net https://www.pages08.net https://*.psplugin.com https://metrics.brightcove.com https://blog.cinfin.com/ https://gateway.zscaler.net https://stats.g.doubleclick.net https://www.facebook.com https://*.googleapis.com https://www.googletagmanager.com https://maps.google.com https://*.gstatic.com https://*.ggpht.com *.googleusercontent.com https://www.google-analytics.com https://pixel.sitescout.com https://cdn.cookielaw.org https://*.onetrust.com https://snap.licdn.com https://px.ads.linkedin.com https://www.google.com https://arttrk.com; media-src 'self' blob:; frame-src 'self' blob: https://app.surfly-us.com https://surfly-us.com https://home-c35.nice-incontact.com https://cinfin.speedtestcustom.com https://*.userzoom.com *.cinfin.com https://cinfin.hosted.panopto.com https://www.cinfinlearn.com https://players.brightcove.net https://bcove.video https://blog.cinfin.com/ https://players.brightcove.net https://bcove.video https://player.vimeo.com https://www.youtube.com https://widgets.memberedge.io https://www.google.com https://www.googletagmanager.com/ https://secure-ds.serving-sys.com https://pixel.sitescout.com; connect-src 'self' https://sentry.io https://home-c35.nice-incontact.com https://surfly-us.com wss://api.scaledrone.com https://*.cinfin.com:9999 http://sharedservices.cinfin.com https://*.doubleclick.net https://*.psplugin.com https://edge.api.brightcove.com *.akamaihd.net manifest.prod.boltdns.net https://maps.googleapis.com https://www.google-analytics.com https://secure-ds.serving-sys.com https://cdn.cookielaw.org https://*.onetrust.com https://snap.licdn.com https://px.ads.linkedin.com https://cdn.linkedin.oribi.io; font-src 'self' https://*.psplugin.com https://cdn-cinfin.azureedge.net https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com data:; object-src 'none'; form-action 'self' https://cincilink.cinfin.com; frame-ancestors 'self' https://cinfin.speedtestcustom.com https://cincilink.cinfin.com https://www.cinfinlearn.com https://*.psplugin.com; worker-src blob:; 1
frame-ancestors https://*.jobs.cz https://my.teamio.com https://*.facebook.com https://*.kurzy.cz; 1
default-src 'self'; object-src 'none'; base-uri 'none'; script-src 'nonce-a5c5f9d469465fe047c4e2d7a2d0a4a0' 'self' 'strict-dynamic' https://*.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://maps.googleapis.com https://*.pedidosya.com.co; style-src 'nonce-a5c5f9d469465fe047c4e2d7a2d0a4a0' 'self' https://fonts.googleapis.com https://use.fontawesome.com 'sha256-4/2nIlfwIVTJ1+JcNQ6LkeVWzNS148LKAJeL5yofdN4='; font-src 'self' https://fonts.gstatic.com https://web-commons.pystatic.com https://stg-web-commons.pystatic.com https://fonts.googleapis.com https://use.fontawesome.com; img-src 'self' *.pystatic.com https://images.deliveryhero.io https://www.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://www.facebook.com *.googletagmanager.com https://mapsresources-pa.googleapis.com https://lh3.googleusercontent.com https://www.google.com https://www.google.com.ar data:; connect-src 'self' https://*.perimeterx.net https://*.ingest.sentry.io https://sentry-v2.peya.app https://*.googleapis.com https://sdk.iad-01.braze.com https://*.deliveryhero.net https://*.google.com https://browser-http-intake.logs.datadoghq.com https://collector-pxet15wiae.px-cloud.net https://perseus-productanalytics.deliveryhero.net https://analytics.google.com https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.co.co https://*.google.com.co; frame-src 'self' 'strict-dynamic' https://www.facebook.com; frame-ancestors *.pedidosya.com *.pedidosya.cl *.pedidosya.cr *.pedidosyasv.com.sv *.pedidosyani.com.ni *.pedidosya.com.co 'self' *.pedidosya.com.ar *.pedidosya.com.bo *.pedidosya.com.pa *.pedidosya.com.py *.pedidosya.com.uy *.pedidosya.com.ve *.pedidosya.com.pe *.pedidosya.com.ec *.pedidosya.com.gt *.pedidosya.com.hn *.pedidosya.com.do; 1
worker-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googlecommerce.com *.googleadservices.com *.braintreegateway.com *.googleapis.com *.cloudflare.com *.planetart.com *.newrelic.com *.twitter.com *.ads-twitter.com *.facebook.net *.adroll.com *.livechatinc.com cdn.brcdn.com www.paypalobjects.com *.brsrvr.com *.nr-data.net *.pcrl.co *.picreel.com *.bing.com *.extole.com *.yimg.com *.yahoo.com *.sharethis.com *.amazonaws.com *.rubiconproject.com *.doubleclick.net *.ups-mi.net *.pinterest.com *.paypal.com *.tellapal.com *.momsaffiliate.com *.emjcd.com *.shareasale.com t.co *.locker2.com *.adxcel-ec2.com *.gstatic.com *.steelhousemedia.com www.googletagmanager.com pixel.cdnwidget.com snap.licdn.com px.ads.linkedin.com *.tvsquared.com unpkg.com d39517acq78dhc.cloudfront.net js.braintreegateway.com *.cardinalcommerce.com *.dca0.com d.adroll.mgr.consensu.org *.ccdc02.com *.openx.net *.rlcdn.com *.adnxs.com *.bidswitch.net *.3lift.com *.taboola.com *.pubmatic.com *.outbrain.com *.casalemedia.com *.advertising.com www.clickcease.com cdn.levelaccess.net *.mail.simplytoimpress.com *.mail.simplytoimpress.co.uk *.mail.canvasworld.com *.mail.photoaffections.com *.mail.mycustomcase.com *.eml.legacylane.com *.eml.parkerandpip.com *.eml.gifts.com track.cordial.io *.personalcreations.com tags.tiqcdn.com use.typekit.net dpm.demdex.net www.lightboxcdn.com t.channeladvisor.com tag.bounceexchange.com s.pinimg.com assets.bounceexchange.com api.bounceexchange.com *.cj.com a.omappapi.com analytics.tiktok.com lightboxapi.azurewebsites.net cdn.attn.tv *.afterpay.com *.mountain.com *.nextdoor.com utt.impactcdn.com *.sjv.io *.clarity.ms d.impactradius-event.com tags.crwdcntrl.net *.rokt.com cdn.cookielaw.org *.iseeme.com *.bookofus.com *.vimeo.com *.vimeocdn.com https://*.kaptcha.com *.niceincontact.com d2zm0lpns956f8.cloudfront.net websdk.appsflyer.com *.bazaarvoice.com mpsnare.iesnare.com *.appsflyer.com shop.pe mapi.gifts.com metrics.simplytoimpress.com metrics.photoaffections.com metrics.canvasworld.com metrics.mycustomcase.com metrics.simplytoimpress.co.uk metrics.parkerandpip.com metrics.legacylane.com metrics2.gifts.com cdn.photoaffections.com;frame-ancestors 'self' https://www.photoaffections.com https://*.personalcreations.com;object-src 'self' https://www.photoaffections.com;upgrade-insecure-requests 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-inline' https://www.gstatic.com https://accounts.google.com/gsi/client 'nonce-4Ynb5guP0xVdGs1YANuUmbMEYZ/GSF'; report-uri /csp 1
frame-ancestors 'self' https://intranet.krungthai/ https://*.arise.tech/ https://*.krungthai.com/ 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-C0yKQn2wu7KvBbTM8mPzHQ=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; script-src * data: 'unsafe-eval' 'unsafe-inline' blob: http: https:; report-uri /report-csp-violation 1
default-src 'self' https://*.nuance.com https://*.oncor.com; font-src 'self' https://*.gstatic.com https://maps.googleapis.com https://*.typekit.net data:; script-src https://maps.googleapis.com https://*.twitter.com https://twitter.com https://oncor.upgrade.guide https://*.go-mpulse.net https://www.googletagmanager.com https://www.google-analytics.com https://vc.hotjar.io https://www.youtube.com https://*.menlosecurity.com/ https://*.go-mpulse.net https://*.adobedtm.com https://*.hotjar.com https://dtprod.oncor.com https://connect.facebook.net https://*.nuance.com https://s7d1.scene7.com 'self' 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://maps.googleapis.com wss://ws.hotjar.com/api/v2/client/ws https://oncor.upgrade.guide https://*.oncor.com https://*.onc-prod-6f3f407775af43d9511f50fd779b74ec-0000.us-south.containers.appdomain.cloud https://oncor.egnyte.com https://oncor.sc.omtrdc.net https://www.google-analytics.com https://ola-svc-dev.apps.odcocpdev01.stage.corp.oncor.com https://*.akamaihd.net https://*.onc-nonprod-6f3f407775af43d9511f50fd779b74ec-0000.us-south.containers.appdomain.cloud https://*.oncor.com https://*.hotjar.io https://*.akstat.io https://dtprod.oncor.com https://*.go-mpluse.net https://c.go-mpulse.net/api/config.json https://dpm.demdex.net https://*.scene7.com https://*.hotjar.com https://*.nuance.com https://*.menlosecurity.com/ 'unsafe-inline'; img-src 'self' https://*.gstatic.com https://maps.googleapis.com https://*.menlosecurity.com/ https://dpm.demdex.net https://publish-p25404-e81972.adobeaemcloud.com https://*.nuance.com https://oncor.sc.omtrdc.net https://www.facebook.com https://dev.day.com https://s7d1.scene7.com data: blob: 'unsafe-inline';media-src 'self' https://maps.googleapis.com https://player.vimeo.com https://www.youtube.com https://*.menlosecurity.com/ https://*.scene7.com https://media-us2.digital.nuance.com https://*.nuance.com blob:; frame-src 'self' https://maps.googleapis.com https://*.twitter.com https://oncor.upgrade.guide https://*.oncor.com https://*.nuance.com https://oncor.demdex.net https://oncor.egnyte.com https://stormcenter.oncor.com https://www.facebook.com https://www.b2i.us https://player.vimeo.com https://www.youtube.com https://*.menlosecurity.com/ data:; object-src 'self' blob:; style-src 'self' https://maps.googleapis.com https://*.nuance.com https://*.scene7.com https://fonts.googleapis.com 'unsafe-inline'; 1
base-uri 'self'; connect-src 'self' *.userwerk.com native-commerce.com static.native-commerce.com csi.gstatic.com translate.googleapis.com cbooks-piwik.de log.cookieyes.com cdn-cookieyes.com directory.cookieyes.com *.googlesyndication.com; default-src 'self' *.booklooker.de; font-src 'self' data: static.booklooker.de fonts.gstatic.com *.userwerk.com; frame-ancestors 'self' http://kvk.bibliothek.kit.edu; frame-src 'self' *.g.doubleclick.net *.google.de *.google.at *.google.ch *.google.com *.adsensecustomsearchads.com  *.syndicatedsearch.goog syndicatedsearch.goog *.googlesyndication.com *.googleadservices.com *.userwerk.com widget.trustpilot.com; img-src 'self' data: *.booklooker.de *.ausgezeichnet.org cbooks-piwik.de *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.google.com *.google.de *.adsensecustomsearchads.com *.syndicatedsearch.goog syndicatedsearch.goog *.googleapis.com *.gstatic.com i.ebayimg.com rover.ebay.com www.ebayadservices.com widgets.trustedshops.com partners.webmasterplan.com apps.shopauskunft.de cdn-cookieyes.com *.userwerk.com; object-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.booklooker.de siegel.ausgezeichnet.org widgets.trustedshops.com cbooks-piwik.de *.userwerk.com static.native-commerce.com *.google.com *.google.at *.google.ch www.googletagservices.com *.googlesyndication.com adservice.google.de *.googleadservices.com *.googleapis.com adservice.google.nl adservice.google.it adservice.google.pl adservice.google.fr adservice.google.es adservice.google.ru adservice.google.cz adservice.google.co.uk adservice.google.be adservice.google.hu apps.shopauskunft.de/seal_defer/e65e7f526e1c8bee0691e09df5329ab6.js cdn-cookieyes.com *.adsensecustomsearchads.com *.syndicatedsearch.goog *.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.booklooker.de siegel.ausgezeichnet.org widgets.trustedshops.com cbooks-piwik.de *.userwerk.com static.native-commerce.com *.google.com *.google.at *.google.ch www.googletagservices.com *.googlesyndication.com adservice.google.de *.googleadservices.com *.googleapis.com adservice.google.nl adservice.google.it adservice.google.pl adservice.google.fr adservice.google.es adservice.google.ru adservice.google.cz adservice.google.co.uk adservice.google.be adservice.google.hu apps.shopauskunft.de/seal_defer/e65e7f526e1c8bee0691e09df5329ab6.js cdn-cookieyes.com *.adsensecustomsearchads.com *.syndicatedsearch.goog *.googletagmanager.com; style-src 'self' 'unsafe-inline' static.booklooker.de *.gstatic.com; worker-src 'self'; report-uri /interface/csp-report.php; 1
frame-ancestors 'self' media.rakr.net; report-uri https://www.rackspace.com/report-uri/enforce 1
frame-ancestors *.multiplan.us; object-src 'none'; img-src 'self' maps.google.com maps.googleapis.com www.google-analytics.com csi.gstatic.com cdn.appdynamics.com multiplan.us www.multiplan.us discoveryhealthpartners.com www.discoveryhealthpartners.com https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.google.com maps.googleapis.com www.google-analytics.com csi.gstatic.com docasap.com cdn.appdynamics.com multiplan.us www.multiplan.us discoveryhealthpartners.com www.discoveryhealthpartners.com https: http: 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-JDEn/xGB6FcET3NE5Kc0zdYbPuFbcN5Fv2SDGf33Bq+esDwO' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' www.elsiglodetorreon.com.mx www.elsiglodedurango.com.mx tar.mx elsiglo.mx localhost http://localhost el.siglo.mx 1
frame-ancestors 'self' https://mail.google.com chrome-extension://fcinnggknmdfkilogcndkgpojpfojeem;     style-src 'self' 'unsafe-inline' http://*.hiver.space/css/app.css https://cdn.hiverhq.com https://cdnjs.cloudflare.com https://rsms.me https://a.omappapi.com    https://hiverhq.com https://use.typekit.net/pbs3hxh.css https://web-sdk.aptrinsic.com     https://p.typekit.net/p.css https://fonts.googleapis.com https://static.olark.com https://js.chilipiper.com https://static.zohocdn.com https://webfonts.zoho.com; 1
default-src 'self' https://maps.googleapis.com https://*.clarity.ms https://*.google.com https://*.g.doubleclick.net https://*.analytics.google.com https://www.facebook.com https://vc-service.saleago.com https://*.salesmanago.pl https://consentcdn.cookiebot.com https://*.googlesyndication.com https://*.google-analytics.com https://liveupdate.pimcore.org https://*.enea.pl; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://*.g.doubleclick.net https://rec.quartic.pl https://*.clarity.ms https://*.googleadservices.com https://connect.facebook.net https://script.hotjar.com https://static.hotjar.com https://*.adform.net https://fonts.googleapis.com https://*.salesmanago.pl https://*.cookiebot.com https://www.googletagmanager.com https://*.gstatic.com https://liveupdate.pimcore.org https://clients1.google.com https://www.google.com https://www.google-analytics.com https://www.enea.pl/favicon.ico https://www.facebook.com https://*.enea.pl https://www.google.pl https://www.youtube-nocookie.com https://cse.google.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.google.com; img-src 'self' data: https://www.googletagmanager.com https://maps.googleapis.com https://*.bing.com https://*.clarity.ms https://*.gstatic.com https://*.g.doubleclick.net https://secure.sitebees.com https://*.analytics.google.com https://www.googletagmanager.com https://*.salesmanago.pl https://*.googlesyndication.com https://*.google-analytics.com https://*.google.com/generate_204 https://www.google.com https://fonts.googleapis.com https://www.google-analytics.com https://www.enea.pl/favicon.ico https://www.facebook.com https://*.enea.pl https://www.google.pl https://www.youtube-nocookie.com; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com; media-src 'self' https://www.youtube-nocookie.com; object-src 'self' https://*.enea.pl; child-src 'none'; frame-src 'self' https://*.youtube.com  https://cse.google.com https://www.facebook.com https://consentcdn.cookiebot.com https://*.enea.pl https://www.youtube-nocookie.com https://www.google.com https://google.com; frame-ancestors 'self' 1
frame-ancestors 'self' http://*.essilorluxottica.com https://*.essilorluxottica.com; 1
default-src * blob:; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.hongkongdisneyland.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com *.apptentive.com *.bluekai.com *.branch.io app.link www.googleadservices.com www.google.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org; img-src * data: *.akstat.io *.clicktale.net *.contentsquare.net *.google-analytics.com *.googletagmanager.com *.cookielaw.org www.google.com px.ads.linkedin.com; style-src 'self' 'unsafe-inline' *.go.com *.wdpromedia.com *.wdprapps.disney.com *.liveperson.net *.gam-apigw.wdprapps.disney.com tagmanager.google.com fonts.googleapis.com *.apptentive.com; frame-src 'self' *.go.com *.fls.doubleclick.net stags.bluekai.com tags.bluekai.com assets.adobedtm.com *.lpsnmedia.net *.liveperson.net *.facebook.com *.tamgrt.com *.flashtalking.com *.clicktale.net disney.idmelabs.com disney.id.me *.demdex.net cdn1.parksmedia.wdprapps.disney.com cdn2.parksmedia.wdprapps.disney.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com s.amazon-adsystem.com *.bluekai.com *.doubleclick.net *.snapchat.com *.adsrvr.org *.disney.com *.wdpromedia.com 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com tagmanager.google.com *.tt.omtrdc.net blob:; font-src * data: fonts.gstatic.com; connect-src * blob: 'self' *.disney.com *.go.com *.demdex.net adobedc.demdex.net edge.adobedc.net *.tt.omtrdc.net *.akstat.io *.go-mpulse.net *.clicktale.net *.contentsquare.net r.disneystore.com r.disney.com r.disney.go.com r.starwars.com r.disneyjunior.com r.babble.com r.disneybaby.com *.google-analytics.com *.analytics.google.com analytics.google.com *.googletagmanager.com *.cookielaw.org *.onetrust.com *.apptentive.com bat.bing.com *.branch.io *.doubleclick.net cdn.linkedin.oribi.io *.reson8.com *.snapchat.com analytics.tiktok.com s.yimg.com; child-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.hongkongdisneyland.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com *.apptentive.com *.bluekai.com *.branch.io app.link www.googleadservices.com www.google.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org blob:; worker-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.hongkongdisneyland.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com *.apptentive.com *.bluekai.com *.branch.io app.link www.googleadservices.com www.google.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org blob: 1
frame-ancestors 'self' https://uptime.betterstack.com https://logs.betterstack.com; 1
frame-ancestors 'none';default-src 'self' one.o9.de *.o2.com;script-src 'self' one.o9.de *.o2.com 'unsafe-inline' 'unsafe-eval' app.eu.usercentrics.eu www.googletagmanager.com www.google-analytics.com connect.facebook.net region1.google-analytics.com sst.o2online.de sst.blau.de *.usercentrics.eu *.telefonica.de *.o9.de *.o2online.de *.googletagmanager.com;style-src 'self' one.o9.de *.o2.com 'unsafe-inline' 'unsafe-eval' *.o9.de *.telefonica.de *.googleapis.com www.gstatic.com www.googletagmanager.com;connect-src 'self' https: 'unsafe-inline' translate.googleapis.com *.o2online.de *.telefonica.de region1.google-analytics.com www.google-analytics.com *.usercentrics.eu;img-src 'self' *.whatsappsim.de *.nettokom.de *.ayyildiz.de *.o2business.de *.blau.de *.alditalk.de *.alditalk-kundenportal.de ct1-www.atalk.raittwl.de e2e2-www.atalk.raittwl.de e2e1-www.atalk.raittwl.de www.atalk.raittwl.de 'unsafe-inline' uct.eu.usercentrics.eu www.facebook.com www.googletagmanager.com *.gstatic.com *.usercentrics.eu *.o9.de www.google.co.uk www.google.com *.o2online.de region1.analytics.google.com;frame-src 'self' one.o9.de *.o2.com *.usercentrics.eu;font-src 'self' *.o2online.de *.o9.de *.telefonica.de fonts.gstatic.com;worker-src 'none' 1
: default-src data: self 'unsafe-inline' 'unsafe-eval'  *.nbe.com.eg https://www.youtube.com https://migs.mastercard.com.au youtube.com https://migs-mtf.mastercard.com.au https://cap.attempts.securecode.com cdnjs.cloudflare.com facebook.com connect.facebook.net fonts.gstatic.com *.doubleclick.net *.ytimg.com maps.googleapis.com cdn.jsdelivr.net plugin.accessibilityeg.com fonts.googleapis.com *.googlevideo.com *.google.com *.ggpht.com *.twitter.com www.facebook.com maps.gstatic.com wss://*.oraclecloud.com; 1
report-uri /csp-report.php; default-src 'none'; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://www.fio.cz https://www.fio.sk https://www.gstatic.com https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.cz https://www.google.sk https://pagead2.googlesyndication.com https://stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com https://img.bankid.cz; connect-src 'self' *.analytics.google.com *.google-analytics.com https://ajax.googleapis.com https://pagead2.googlesyndication.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://tpc.googlesyndication.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://tpc.googlesyndication.com https://ssl.google-analytics.com; frame-src https://www.googletagmanager.com https://bid.g.doubleclick.net https://www.youtube.com https://maps.google.com https://maps.google.cz https://www.google.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net; frame-ancestors 'self'; base-uri 'self' 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' grid.grupawp.pl adssettings.google.com https://fpnpmcdn.net https://fpjscdn.net wpext.pl *.wpext.pl *.survicate.com *.doubleverify.com s1.adform.net track.adform.net rt.inistrack.net *.sensic.net system3secure.pl sentry-2-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl *.wpimg.pl pocztanh.wpcdn.pl *.wpcdn.pl *.tradedoubler.com *.hit.gemius.pl *.salesmore.pl onapi.o2.pl *.doubleclick.net *.googlesyndication.com *.googletagservices.com *.2mdn.net *.googleadservices.com d.rxthdr.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google-analytics.com *.moatads.com ib.adnxs.com adservice.google.pl adservice.google.com *.meetrics.net *.mxcdn.net *.criteo.com static.criteo.net imasdk.googleapis.com cdn.netsco.re 3p.ampproject.net *.payu.com *.doubleverify.com ho.novem.pl embed.typeform.com; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' adssettings.google.com *.survicate.com pocztanh.wpcdn.pl s1.adform.net track.adform.net rt.inistrack.net system3secure.pl sentry-2-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl *.wpimg.pl; img-src 'self' data: blob: res.cloudinary.com *.nsaudience.pl *.survicate.com events.mediarithmics.com s1.adform.net track.adform.net rt.inistrack.net *.exactag.com  zasobygwp.pl zasoby.tlen.pl pl-gmtdmp.mookie1.com system3secure.pl sentry-2-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl rek.www.wp.pl *.wpimg.pl *.wpcdn.pl *.moatads.com *.tradedoubler.com ads.salesmore.pl *.doubleclick.net *.2mdn.net bs.serving-sys.com *.googlesyndication.com *.google.com delivery.way2traffic.com *.hit.gemius.pl t.qservz.com cdn.qservz.com beta.pocketads.pl ssl.google-analytics.com dmp.adform.net asa.allegro.pl ad.atdmt.com ads.businessclick.com/mailing/ *.meetrics.net *.mxcdn.net *.criteo.com *.criteo.net stags.bluekai.com www.ojrq.net/p/ secure-gl.imrworldwide.com www.facebook.com *.payu.com *.doubleverify.com ho.novem.pl; media-src 'self' v.wpimg.pl adv.wp.pl *.wpcdn.pl data:; child-src 'self' blob: *.hit.gemius.pl system3secure.pl sentry-2-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl stg.wp.pl config.sensic.net *.tagcdn.com *.googlesyndication.com ads.salesmore.pl ad.doubleclick.net *.2mdn.net *.bing.com adexa.me googleads.g.doubleclick.net; frame-src 'self' blob: adssettings.google.com *.survicate.com *.wpext.pl wpext.pl *.wpimg.pl *.hit.gemius.pl system3secure.pl sentry-2-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl stg.wp.pl *.wpcdn.pl config.sensic.net *.tagcdn.com *.googlesyndication.com ads.salesmore.pl ad.doubleclick.net *.2mdn.net *.bing.com adexa.me www.google.com/recaptcha/ *.criteo.com googleads.g.doubleclick.net masscdn.com *.payu.com *.doubleverify.com ho.novem.pl gwp.typeform.com *.doubleclick.net *.googletagservices.com; font-src 'self' data: *.survicate.com a.wpimg.pl *.wpcdn.pl; connect-src 'self' https://fpnpmcdn.net https://api.fpjs.io https://*.api.fpjs.io *.survicate.com *.wpext.pl wpext.pl *.sensic.net *.hit.gemius.pl imppl.tradedoubler.com secure.espago.com wp.tv csi.gstatic.com *.criteo.com static.criteo.net bidder.criteo.com *.moatads.com *.meetrics.net wss://poczta.o2.pl wss://poczta.wp.pl system3secure.pl sentry-2-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl *.wpcdn.pl *.money.pl www.google.com pubs2-eu.creativecdn.com v.wpimg.pl a.wpimg.pl profil.o2.pl *.netscore.eu/v2/api/adinfo/ ib.adnxs.com/ptv *.googlesyndication.com *.payu.com *.doubleverify.com ho.novem.pl *.doubleclick.net *.googletagservices.com; report-uri /csp-reports; manifest-src 'self' 'unsafe-eval' 1
default-src 'self'; font-src 'self' data: https://script.hotjar.com https://*.stackpathcdn.com https://*.googleapis.com https://*.gstatic.com https://*.cloudfront.net; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://*.googleapis.com https://cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://dev.visualwebsiteoptimizer.com https://www.vimeo.com https://vimeo.com https://www.youtube.com  https://*.googletagmanager.com https://tagmanager.google.com https://js.usemessages.com https://www.g2.com https://cmp.osano.com https://player.vimeo.com https://*.workable.com https://js.hsforms.net https://forms.hsforms.com https://j.6sc.co/6si.min.js https://js-na1.hs-scripts.com https://www.google.com https://googleads.g.doubleclick.net https://js.hs-analytics.net https://js.hsadspixel.net https://js.hscollectedforms.net https://*.ensighten.com https://cs.choozle.com https://*.adsrvr.org https://*.hotjar.com https://www.instagram.com https://static.zdassets.com https://s3.amazonaws.com https://*.stackpathcdn.com https://secure.leadforensics.com https://js.hubspot.com https://snap.licdn.com https://js.hs-scripts.com https://tagmanager.google.com https://www.googletagmanager.com https://sjs.bizographics.com https://*.ads.linkedin.com https://ml314.com https://cdn.rawgit.com https://*.googleapis.com https://*.inspectlet.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleadservices.com https://stats.g.doubleclick.net https://cdn.viglink.com https://*.facebook.net https://*.twitter.com https://cdn.ravenjs.com https://*.cloudfront.net https://cdnjs.cloudflare.com https://px.owneriq.net https://*.tynt.com https://tags.bkrtx.com https://www.linkedin.com https://www.snapengage.com; media-src 'self' https://*.endpointprotector.com; connect-src 'self' https://www.netwrix.com https://px.ads.linkedin.com https://vimeo.com https://dev.visualwebsiteoptimizer.com https://cdn.linkedin.oribi.io https://updates.expressionengine.com/ https://pagead2.googlesyndication.com https://idx.liadm.com https://ipv6.6sc.co https://forms.hsforms.com https://*.endpointprotector.com https://secure.adnxs.com https://c.6sc.co https://*.hubspot.com https://api.hubapi.com wss://*.hotjar.com https://*.hotjar.com https://vc.hotjar.io https://*.googlevideo.com https://www.instagram.com https://*.cloudfront.net https://api.viglink.com https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com  https://*.twitter.com https://s3.amazonaws.com https://*.google.com https://stats.g.doubleclick.net; img-src 'self' data: https://dev.visualwebsiteoptimizer.com https://ping.eeharbor.com https://*.googletagmanager.com https://i.vimeocdn.com https://b.6sc.co https://*.hsforms.com https://track.hubspot.com https://cs.choozle.com https://*.fbcdn.net https://*.stackpathcdn.com https://*.linkedin.com https://*.cdninstagram.com https://*.endpointprotector.com https://*.google.com/ https://*.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://secure.gravatar.com https://cdn.viglink.com https://www.google.ro https://*.cloudfront.net https://ic.tynt.com https://px.owneriq.net https://i.ytimg.com; child-src 'self' blob: https://www.g2.com https://player.vimeo.com https://forms.hsforms.com https://*.endpointprotector.com https://app.hubspot.com https://insight.adsrvr.org https://*.cloudfront.net https://vars.hotjar.com https://w.soundcloud.com https://aws-rk02.awdata.net https://td.doubleclick.net https://*.youtube-nocookie.com https://*.googleapis.com https://*.youtube.com https://*.google.com https://*.google.ro https://*.twitter.com https://*.facebook.com https://stags.bluekai.com https://px.owneriq.net; frame-ancestors 'self' https://*.google.com https://*.endpointprotector.com http://*.endpointprotector.es http://*.endpointprotector.de http://*.endpointprotector.fr 1
report-uri https://www.tinkoff.ru/api/front/pwabnpl/log/csp-error?appName=pwabnpl; default-src 'self' *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru *.tinkoff.ru data:; font-src 'self' *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru *.tinkoff.ru data: *.dolyame.ru; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru *.dolyame.ru; img-src 'self' data: *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru *.dolyame.ru 'self' data: *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com connect.facebook.net ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.privacysandbox.googleadservices.com p.formobil.net rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru dp.tinkoffinsurance.ru *.fls.doubleclick.net tms.dmp.wi-fi.ru cdn3.caltat.com sonar.semantiqo.com www.cdn-tinkoff.ru ad.adriver.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr eye.targetads.io tag.rutarget.ru top-fwz1.mail.ru dss.hybrid.ai track-us.bidease.com tech.rtb.mts.ru sync.gonet-ads.com ad.new-programmatic.com mssg.su rap.skcrtxr.com cdn3.uxfeedback.ru widget.uxfeedback.ru  cdn.uxfeedback.ru sm.rtb.mts.ru exchange.buzzoola.com dmp.one sync.bumlam.com wf-ru-frontend.weborama-tech.ru; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru blob: *.dolyame.ru https://www.youtube.com sync.datamind.ru www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr yastatic.net mc.webvisor.com mc.webvisor.org; frame-src 'self' blob: data: *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru *.dolyame.ru https://www.youtube.com *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.fls.doubleclick.net www.cdn-tinkoff.ru mc.yandex.ru yastatic.net mc.webvisor.org metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com; connect-src 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru wss://*.tinkoff.ru wss://*.tcsbank.ru wss://*.tbank.ru 'self' data: self sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ suggest-maps.yandex.ru *.google-analytics.com *.datamind.ru www.google.com analytics.google.com www.google.ru www.facebook.com connect.facebook.net google-analytics.bi.owox.com vk.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr px.adhigh.net eye.targetads.io ad.adriver.ru top-fwz1.mail.ru dss.hybrid.ai tag.rutarget.ru tms.dmp.wi-fi.ru ads.adlook.me dmg.digitaltarget.ru dsum-sec.casalemedia.com id.uma.media prodmp.ru track-us.bidease.com ads.betweendigital.com a.utraff.com rtb.viadata.store reichelcormier.bid x01.aidata.io ssp.bidvol.com cs.gssprt.jp ssp.adriver.ru secure.adnxs.com exchange.buzzoola.com cs-0.moevideo.biz sync.republer.com redirect.frontend.weborama.fr sync.dmp.otm-r.com sync.mediatoday.iae.one an.yandex.ru sync.1dmp.io cm.lentainform.com mitdmp.whiteboxdigital.ru acint.net sync.viadata.store sync.adkernel.com sync.videonow.ru code.moviead55.ru api.imotech.video widget-api.uxfeedback.ru pixel.gooroo.works cfg.tinkoff.ru acdn.tinkoff.ru www.tinkoff.ru www.cdn-tinkoff.ru dolyame.ru tmsg.tinkoff.ru chat.dolyame.ru ms-gateway.tinkoff.ru forma.tinkoff.ru shopping.t-bank-app.ru fallback.cdn-tinkoff.ru 1
default-src 'self' *.getrave.com; frame-ancestors 'self' *.smart911.com *.raveu.com *.getrave.com getrave.com *.zendesk.com; font-src 'self' data: *.getrave.com getrave.com *.gstatic.com;  connect-src 'self' blob: data: *.getrave.com *.raveu.com *.twiliocdn.com *.twilio.com wss://*.twilio.com *.mapbox.com wss://rcv.getrave.com *.walkme.com *.google-analytics.com *.googleapis.com;child-src 'self' *.wistia.net *.youtube.com; style-src 'self' 'unsafe-inline' *.getrave.com getrave.com *.walkme.com *.googleapis.com; img-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.getrave.com getrave.com *.twilio.com *.google.com *.google-analytics.com *.googleapis.com *.walkme.com 1
default-src https://*.sprig.com *.userleap.com 'self' 'unsafe-inline'; script-src https://*.sprig.com *.userleap.com *.greenhouse.io 'self' 'unsafe-inline' 'unsafe-eval' https://js.hsforms.net https://polyfill.io https://*.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://js.hs-analytics.net https://js.hs-scripts.com https://cdn.heapanalytics.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.usemessages.com https://js-na1.hs-scripts.com https://cdn.segment.com https://api.segment.io https://app.launchdarkly.com https://forms.hubspot.com https://rum-http-intake.logs.datadoghq.com https://snap.licdn.com https://static.ads-twitter.com https://analytics.twitter.com https://connect.facebook.net https://ws.zoominfo.com https://scout-cdn.salesloft.com https://googleads.g.doubleclick.net https://static.hsappstatic.net https://www.vimeo.com https://vimeo.com https://*.hsforms.com https://secure.cold5road.com/ https://*.mutinycdn.com https://*.mutinyhq.io https://ajax.googleapis.com https://*.chilipiper.com https://*.clearbitscripts.com https://*.clearbitjs.com https://*.clearbit.com https://www.google.com https://www.googleanalytics.com https://*.qualified.com https://*.website-files.com https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmsfilter@1/cmsfilter.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmsload@1/cmsload.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmscore@1/cmscore.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-animation@1/animation.esm.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmsslider@1/cmsslider.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-queryparam@1/queryparam.js https://*.adroll.com https://tracking.g2crowd.com https://bat.bing.com https://tag.unifyintent.com https://www.redditstatic.com/ads/pixel.js; connect-src blob: data: 'self' https://sprig.com https://*.sprig.com *.userleap.com *.ingest.sentry.io https://api.hubspot.com https://*.google-analytics.com https://*.analytics.google.com https://*.google.com https://*.googletagmanager.com https://*.doubleclick.net https://cdn.segment.com https://api.segment.io https://events.launchdarkly.com https://app.launchdarkly.com https://forms.hubspot.com https://rum-http-intake.logs.datadoghq.com https://ws.zoominfo.com https://scout-cdn.salesloft.com https://scout.salesloft.com https://boards-api.greenhouse.io https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.com https://*.mutinycdn.com https://*.mutinyhq.io https://*.mutinyhq.com https://*.chilipiper.com https://*.mux.com https://storage.googleapis.com https://*.clearbit.com https://cdn.linkedin.oribi.io wss://ws.qualified.com https://*.website-files.com https://px.ads.linkedin.com https://forms.hscollectedforms.net https://bat.bing.com https://clientstream.launchdarkly.com https://tracking.g2crowd.com https://unifyintent.com https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com; img-src https://*.sprig.com *.userleap.com *.assets-servd.host data: 'self' https://track.hubspot.com https://heapanalytics.com https://*.linkedin.com https://t.co https://p.adsymptotic.com https://www.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.googleusercontent.com https://*.analytics.google.com https://*.doubleclick.net/ https://userleap.ghost.io https://*.hsforms.com https://i.vimeocdn.com https://www.gravatar.com https://*.googleadservices.com/ https://js.na.chilipiper.com https://*.mux.com https://*.mutinycdn.com https://*.mutinyhq.io https://analytics.twitter.com https://api.producthunt.com https://uploads-ssl.webflow.com https://*.website-files.com https://*.adroll.com https://i.ytimg.com https://bat.bing.com https://api.urlbox.io https://logo.clearbit.com https://alb.reddit.com/rp.gif; style-src https://*.sprig.com *.userleap.com 'self' 'unsafe-inline' https://fonts.googleapis.com https://js.na.chilipiper.com https://fonts.googleapis.com https://*.website-files.com; worker-src blob:; font-src https://*.sprig.com *.userleap.com 'self' data: https://fonts.gstatic.com https://app.sprig.com https://*.mutinycdn.com https://fonts.gstatic.com https://uploads-ssl.webflow.com https://*.website-files.com; frame-src blob: https://sprig.com https://*.sprig.com *.userleap.com *.greenhouse.io 'self' https://meetings.hubspot.com/ https://player.vimeo.com/ https://app.hubspot.com/ https://share.transistor.fm/ https://www.facebook.com/ https://*.hsforms.com/ https://*.doubleclick.net/ https://www.youtube.com/ https://*.chilipiper.com https://*.wistia.net https://*.qualified.com https://cdn.embedly.com https://*.adroll.com; media-src blob: 'self' https://*.mux.com https://sprig.com https://servd-white-cougar.b-cdn.net https://*.website-files.com; form-action 'self' https://www.facebook.com/ https://*.hsforms.com/; frame-ancestors 'self' https://sprig.com/ https://*.sprig.com https://app.mutinyhq.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.episerver.net *.googleapis.com *.gstatic.com *.afterpay.com *.facebook.net *.bing.com *.pdst.fm *.zipmoney.com.au *.zip.co https://s3.ap-southeast-2.amazonaws.com/cdn.staging/assets/primary/entrypoints/consumer/landing-page/zip-lp-script.js https://s3.ap-southeast-2.amazonaws.com/cdn.staging/assets/primary/resources/amplitude/amplitude-injector.js *.wisepops.com *.cfjump.com *.turn.com *.creativecdn.com *.adairs.com.au *.adairs.co.nz *.hotjar.com  *.jquery.com *.cloudfront.net *.pinimg.com  *.igodigital.com *.inside-graph.com foursixty.com *.paypal.com *.msecnd.net *.googletagmanager.com *.yieldify.com *.google.com *.google-analytics.com *.criteo.net *.criteo.com https://*.clarity.ms *.rakuten.com *.linksynergy.com *.xg4ken.com; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com *.igodigital.com *.googletagmanager.com *.inside-graph.com *.zipmoney.com.au foursixty.com; font-src 'self' data: *.typekit.net *.gstatic.com *.zipmoney.com.au  *.yieldify-production.com; img-src 'self' data: *; connect-src 'self' vimeo.com *.yieldify.com *.yieldify-production.com wss://*.yieldify-production.com yieldify.connectorengine.com *.pinterest.com *.google.com *.hotjar.com wss://*.hotjar.com *.hotjar.io wss://*.hotjar.io *.wisepops.com *.google-analytics.com *.googleapis.com maps.googleapis.com *.braintree-api.com  *.braintreegateway.com *.turn.com *.cloudfunctions.net *.amplitude.com *.visualstudio.com *.paypal.com *.zipmoney.com.au *.zip.co https://s3.ap-southeast-2.amazonaws.com/cdn.staging/assets/primary/entrypoints/consumer/landing-page/zip-lp-au.html *.afterpay.com wss://stellar-live.inside-graph.com *.inside-graph.com *.doubleclick.net *.inside-graph.com foursixty.com https://*.clarity.ms; frame-src 'self' *.google.com adairsmaintenance.s3.ap-southeast-2.amazonaws.com *.exacttarget.com *.flipsnack.com  *.creativecdn.com *.hotjar.com *.youtube.com *.sfmc-content.com *.criteo.com *.myunidays.com *.criteo.net *.yieldify.com *.braintreegateway.com *.paypal.com *.zipmoney.com.au *.optimizely.com *.vimeo.com *.pinterest.com *.zip.co zip.co; worker-src blob:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://chaos.social; img-src 'self' https: data: blob: https://chaos.social; style-src 'self' https://chaos.social 'nonce-jybNCKvN+mkcF/gDaKwe9w=='; media-src 'self' https: data: https://chaos.social; frame-src 'self' https:; manifest-src 'self' https://chaos.social; form-action 'self'; child-src 'self' blob: https://chaos.social; worker-src 'self' blob: https://chaos.social; connect-src 'self' data: blob: https://chaos.social https://assets.chaos.social wss://chaos.social; script-src 'self' https://chaos.social 'wasm-unsafe-eval' 1
default-src *;child-src https:;font-src * data:;img-src * data:;media-src https:;object-src https:;script-src 'unsafe-inline' 'unsafe-eval' https:;style-src 'unsafe-inline' https:;frame-ancestors 'self' https://*.stetson.edu 1
frame-ancestors 'self' https://*.toyota.co.uk https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
frame-ancestors 'self'; report-uri https://o28929.ingest.us.sentry.io/api/676675/security/?sentry_key=ece733f80e4d4958a8c9cfc1f5a6a5db 1
default-src 'self'; connect-src 'self' *.nextinsure.com; font-src 'self' *.gstatic.com *.bootstrapcdn.com; style-src 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' nextinsure.com *.nextinsure.com *.googleapis.com *.bootstrapcdn.com; img-src 'self' www.nextinsure.com nextinsure.com cdn.nextinsure.com imageserver.quinstreet.com data:; style-src-elem * 'unsafe-inline'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' *.webuycars.co.za bat.bing.com www.googleadservices.com www.google.com www.gstatic.com connect.facebook.net www.google-analytics.com googleads.g.doubleclick.net cdn.cookielaw.org www.googletagmanager.com *.walletdoc.com cdn.jsdelivr.net www.youtube.com maps.googleapis.com cdnjs.cloudflare.com ; connect-src 'self' wss://wbconlineauctions.service.signalr.net vimeo.com google.com googleads.g.doubleclick.net wss://wbconlineauction.service.signalr.net wbconlineauction.service.signalr.net www.google.com privacyportal-fr.onetrust.com stats.g.doubleclick.net analytics.google.com www.google-analytics.com geolocation.onetrust.com cdn.cookielaw.org wbconlineauctions.service.signalr.net onlineauctions.azurewebsites.net *.webuycars.co.za wbcnexusnotify.service.signalr.net maps.googleapis.com dc.services.visualstudio.com wss://wbcnexusnotify.service.signalr.net wss://wbcnexusnotify.service.signalr.net wbcnexusnotify.service.signalr.net; img-src 'self' data: www.dekrasmart.co.za www.facebook.com www.google.com www.google-analytics.com www.google.co.za www.webuycars.co.za webuycarsphotos.blob.core.windows.net blob: webuycarscms.blob.core.windows.net webuycarscms.blob.core.windows.net diskdrive.co.za i.ytimg.com img.youtube.com photos.webuycars.co.za cms-cdn.webuycars.co.za intranet.webuycars.co.za maps.gstatic.com maps.googleapis.com nexus.webuycars.co.za webuycarssa.blob.core.windows.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com data:; base-uri 'self'; form-action 'self' www.facebook.com *.walletdoc.com; media-src 'self' webuycarscms.blob.core.windows.net cms-cdn.webuycars.co.za webuycarssa.blob.core.windows.net nexus.webuycars.co.za; manifest-src 'self'; frame-src 'self' blob: player.vimeo.com www.facebook.com www.google.com webuycarssa.blob.core.windows.net td.doubleclick.net pay.ozow.com www.youtube.com; object-src 'self' blob: webuycarssa.blob.core.windows.net nexus.webuycars.co.za intranet.webuycars.co.za; frame-ancestors 'self' sm.iccod.co.za; 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com pinterest-yamagata.s3.amazonaws.com pinterest-yamagata.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.sofort.com *.tink.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.youtube-nocookie.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-db8718c8dc343304410ee4905d6a125e' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=1310037410545978; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=1310037410545978 1
default-src 'self'; script-src 'self' matomo.exigo.ch piwik.exigo.ch 'unsafe-inline'; script-src-elem 'self' https://snap.licdn.com https://px.ads.linkedin.com https://www.googletagmanager.com matomo.exigo.ch piwik.exigo.ch 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src 'self' https://www.linkedin.com/px https://px.ads.linkedin.com https://www.google.ch data: www.wc3.org; connect-src 'self' https://www.google.ch/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-MD39L3G2HM&cid=678811204.1719326380&gtm=45je46j0v9175265388za200zb9176685094&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0&z=1162601447 https://px.ads.linkedin.com https://region1.analytics.google.com https://stats.g.doubleclick.net matomo.exigo.ch piwik.exigo.ch; media-src 'self' youtube; object-src 'self'; prefetch-src 'self'; child-src 'self'; frame-src 'self' https://www.youtube-nocookie.com https://srv-calc.exigo.ch https://stats.exigo.ch/; worker-src 'self'; frame-ancestors 'self'; form-action 'self' https://exigate.exigo.ch https://mailadmin.exigo.ch https://webmail.exigo.ch https://owa.goxchange.ch; upgrade-insecure-requests; block-all-mixed-content; disown-opener; base-uri 'self' *.exigo.ch; manifest-src 'self' *.exigo.ch; 1
frame-ancestors 'self' http://umbracodev.trex.com https://umbracodev.trex.com https://umbracostaging.trex.com https://nextrex.com https://www.nextrex.com https://www.google.com/recaptcha/api.js 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https: *.gea.com; form-action 'self'; frame-src 'self' *.gea.com *.eqs.com embed.acast.com streamstudio.world-television.com *.eurolandir.com www.treedom.net *.qualtrics.com vara-services.com *.podigee.com *.podigee-cdn.net playout.3qsdn.com *.audiocon.de html5-player.libsyn.com forms.office.com embed.contentflow.net 1
frame-ancestors 'self' https://*.infragistics.com https://*.infragistics.co.kr https://*.appbuilder.dev; 1
frame-ancestors 'self' *.wallet.airpay.cl *.shopee.kr *.airpay.cl *.shopeemobile.com *.shopee.cl *.shopee.cn *.shopee.io *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
default-src 'self' data:; img-src data: *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.suub.uni-bremen.de 1
default-src 'self'; font-src 'self' fonts.gstatic.com; frame-src www.google.com; img-src *; media-src 'self' i.gyazo.com; script-src 'self' cdnjs.cloudflare.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com stats.g.doubleclick.net googleads.g.doubleclick.net www.google.com www.gstatic.com; style-src 'self' fonts.googleapis.com 'unsafe-inline'; worker-src 'self'; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; form-action 'self'; upgrade-insecure-requests 1
default-src 'self' cradlepoint.com; font-src 'self' cradlepoint.com *.ericsson.com *.crdlpt-twgthr.com *.pathfactory.com fonts.gstatic.com cdnjs.cloudflare.com data: 'unsafe-inline'; img-src 'self' cradlepoint.com blob: res.cloudinary.com *.cradlepoint.com ik.imagekit.io *.youtube.com i.ytimg.com *.pathfactory.com *.glassdoor.com bat.bing.com t.co *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.ca *.google.ch *.google.de *.google.es *.google.fr *.google.it *.google.co.uk *.google.nl *.google.no *.google.pt *.google.se *.facebook.com d.adroll.com *.twitter.com *.techtarget.com cdn.bizible.com cdn.bizibly.com *.linkedin.com dsum-sec.casalemedia.com pixel.rubiconproject.com sync.outbrain.com ups.analytics.yahoo.com image2.pubmatic.com sync.taboola.com eb2.3lift.com x.bidswitch.net ib.adnxs.com idsync.rlcdn.com us-u.openx.net match.prod.bidr.io id.rlcdn.com segments.company-target.com cdn.cookielaw.org *.marketo.com data:; style-src 'self' *.cradlepoint.com *.jsdelivr.net *.unpkg.com *.crdlpt-twgthr.com app.cdn.lookbookhq.com *.pathfactory.com fonts.googleapis.com cdnjs.cloudflare.com cdn.datatables.net app-sjo.marketo.com fontawesome.com *.fontawesome.com 'unsafe-inline'; style-src-elem 'self' *.cradlepoint.com *.crdlpt-twgthr.com *.unpkg.com cdn.jsdelivr.net app.cdn.lookbookhq.com *.pathfactory.com fonts.googleapis.com cdnjs.cloudflare.com cdn.datatables.net *.marketo.com fontawesome.com *.fontawesome.com 'unsafe-inline'; script-src 'self' cradlepoint.com *.cradlepoint.com *.crdlpt-twgthr.com *.pathfactory.com *.buzzsprout.com app.cdn.lookbookhq.com cdnjs.cloudflare.com js.driftt.com widget.drift.com cdn.cookielaw.org js-agent.newrelic.com assets.calendly.com bam.nr-data.net code.jquery.com cdn.jsdelivr.net *.unpkg.com app-sjo.marketo.com cdn.datatables.net *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.doubleclick.net *.brighttalk.com snap.licdn.com cdn.mouseflow.com s.adroll.com d.adroll.com connect.facebook.net web-analytics.engagio.com bat.bing.com static.ads-twitter.com cdn.bizible.com trk.techtarget.com munchkin.marketo.net tag.demandbase.com yoast.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' cradlepoint.com *.cradlepoint.com cradlepoint-certificates.vercel.app js.driftt.com widget.drift.com app-sjo.marketo.com *.company-target.com *.facebook.com *.doubleclick.net drift-lp-61234949.drift.click *.youtube-nocookie.com *.youtube.com calendly.com forms.office.com *.buzzsprout.com 'unsafe-inline'; frame-ancestors 'self' cradlepoint.lookbookhq.com cradlepoint.pathfactory.com *.cradlepoint.com *.pantheonsite.io; connect-src 'self' cradlepoint.com res.cloudinary.com *.crdlpt-twgthr.com corsproxy.io *.pathfactory.com cdn.cookielaw.org *.onetrust.com bam.nr-data.net *.google.com *.google.ca *.google.ch *.google.de *.google.es *.google.fr *.google.it *.google.co.uk *.google.nl *.google.no *.google.pt *.google.se *.googleadservices.com *.google-analytics.com *.doubleclick.net *.techtarget.com *.company-target.com *.demandbase.com cdn.linkedin.oribi.io 473-zzr-267.mktoresp.com d.adroll.com n2.mouseflow.com *.linkedin.com data:; media-src 'self' cradlepoint.com js.driftt.com; object-src 'none'; 1
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: wss: https://www.catalyst-ca.net https://app.essential-addons.com https://td.doubleclick.net https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.google.com https://*.twitter.com https://*.instagram.com https://*.facebook.com https://consenthub.org cdn.baycloud.com scanner.baycloud.com baycloud.com fonts.googleapis.com consenthub.org fonts.gstatic.com www.googletagmanager.com www.google-analytics.com region1.google-analytics.com stats.g.doubleclick.net unpkg.com ga.jspm.io cdn.jsdelivr.net challenges.cloudflare.com www.google.com cdnjs.cloudflare.com platform.twitter.com syndication.twitter.com static.zdassets.com p13.zdassets.com theme.zdassets.com bigbluebutton.zendesk.com secure.gravatar.com www.gstatic.com player.vimeo.com *.analytics.google.com *.google-analytics.com *.youtube.com *.youtube-nocookie.com *.recaptcha.net *.addthis.com *.addthisedge.com *.adnxs.com *.ads.linkedin.com *.adsrvr.org *.ads-twitter.com *.akamaihd.net *.akstat.io *.amazon.adsystem.com *.amazon-adsystem.com *.baycloud.com *.bazaarvoice.com *.boldapps.net *.caselemedia.com *.chartbeat.com *.chartbeat.net *.cloudfront.net *.demdex.net *.doubleclick.net *.doubleverify.com *.eyeota.net *.facebook.com *.facebook.net *.fls.doubleclick.net *.fontawesome.com *.g.doubleclick.net *.ggpht.com *.gigya.com *.gigya-ext.com *.go-mpulse.net *.google.co.uk *.google.com *.google.de *.google.nl *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googlevideo.com *.gstatic.com *.klaviyo.com *.linkedin.com *.liveperson.net *.lpsnmedia.net *.marketo.com *.mktoresp.com *.moatads.com *.myfonts.net *.navdmp.com *.nr-data.net *.omtrdc.net *.openx.net *.oracleinfinity.io *.paypal.com *.paypalobjects.com *.pinterest.com *.pubmatic.com *.quora.com *.rawgit.com *.rfihub.com *.rubiconproject.com *.safeframe.googlesyndication.com *.sc-static.net *.shopify.com *.shopifycdn.com *.shopifysvc.com *.snapchat.com *.socialshopwave.com *.spotxchange.com *.stripe.com *.tubemogul.com *.twimg.com *.twitter.com *.typekit.com *.typekit.net *.typography.com *.unpkg.com *.wp.com *.yotpo.com *.ytimg.com *.zdassets.com *.zendesk.com *.zeotap.com ad.doubleclick.net adservice.google.com agkn.com ajax.aspnetcdn.com amp.azure.net api.addressy.com api.hubapi.com assets.adobedtm.com az417220.vo.msecnd.net bam.nr-data.net c0.wp.com caselemedia.com cdn.buttercms.com cdn.cookielaw.org cdn.datatables.net cdn.lightwidget.com cdn.polyfill.io cdn.syndication.twimg.com cdn-images.mailchimp.com checkout.paypal.com code.jquery.com consenthub.blob.core.windows.net cookiescannerblazorservice.service.signalr.net fast.fonts.net forms.hsforms.com forms.hubspot.com i.ytimg.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.hsforms.net js.hs-scripts.com js-agent.newrelic.com lonrtp1.marketo.com maps.googleapis.com maps.gstatic.com *.bootstrapcdn.com munchkin.marketo.net paypal.com pbs.twimg.com pixel.wp.com polyfill.io privacybridge.com s2.adform.net s3.amazonaws.com securepubads.g.doubleclick.net shopifyorderlimits.s3.amazonaws.net snap.licdn.com static.doubleclick.net stats.wp.com sync.search.spotxchange.com t.co tr.snapchat.com track.adform.net track.hubspot.com www.googletagservices.com www.recaptcha.net *.vimeo.com *.vimeocdn.com *.sharethis.com testtesttesttest hcaptcha.com *.wikimedia.org ARRAAffinitySameSite region1.analytics.google.com ajax.googleapis.com jnn-pa.googleapis.com ssl.google-analytics.com use.fontawesome.com *.wisepops.com wisepops.net f.vimeocdn.com app.prommt.com www.brownbin.ie api.autoaddress.ie i.vimeocdn.com *.transistor.fm *.autoaddress.ie cdn.mouseflow.com m.stripe.network cdn.shopify.com geolocation-recommendations.shopifyapps.com *.hcaptcha.com duckduckgo.com monorail-edge.shopifysvc.com *.b2clogin.com streetviewpixels-pa.googleapis.com maps.google.ie vod-progressive.akamaized.net rising-sons-brewery.tablepath.com tablepath.blob.core.windows.net *.jotform.com *.jotfor.ms *.hotjar.com *.onetrust.com *.cookielaw.org *.adobe.io *.ip-api.com *.civiccomputing.com api.hubspot.com app.hubspot.com *.hubspot.com static.hsappstatic.net *.gofundme.com cookiebot.com *.cookiebot.com *.stripecdn.com *.hsforms.com *.gravatar.com go.irish-advantage.com prepareforbrexit.com privacyportal-eu.onetrust.com settings.luckyorange.net wp;; script-src 'self' https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.google.com https://*.twitter.com https://*.instagram.com https://*.facebook.com https://consenthub.org https://*.baycloud.com https://*.googletagmanager.com https://*.youtube.com https://*.youtube-nocookie.com https://cdnjs.cloudflare.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.google.com https://*.twitter.com https://*.instagram.com https://*.facebook.com https://consenthub.org https://*.baycloud.com 'unsafe-inline'; font-src 'self' https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.google.com https://*.twitter.com https://*.instagram.com https://*.facebook.com https://consenthub.org https://*.baycloud.com data:; img-src 'self' https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.google.com https://*.twitter.com https://*.instagram.com https://*.facebook.com https://consenthub.org https://*.baycloud.com https://i.ytimg.com https://s.w.orgm https://ps.w.org secure.gravatar.com data:; object-src 'none'; frame-src 'self' https://app.essential-addons.com https://td.doubleclick.net https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.google.com https://*.twitter.com https://*.instagram.com https://*.facebook.com https://consenthub.org https://*.baycloud.com https://td.doubleclick.net https://*.youtube.com https://*.youtube-nocookie.com data:; connect-src 'self' https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.google.com https://*.twitter.com https://*.instagram.com https://*.facebook.com https://consenthub.org; worker-src 'self' blob:; frame-ancestors 'self' ; 1
frame-ancestors 'self' secure.jpay.com; 1
frame-ancestors 'self' https://builder.io 1
child-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;frame-src *; 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com pinterest-yamagata.s3.amazonaws.com pinterest-yamagata.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.sofort.com *.tink.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.youtube-nocookie.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-1ce953044adac69ed74a1886c6151044' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=4757326217239167; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=4757326217239167 1
frame-ancestors self https://www.vfc.com; default-src *.gstatic.com  ir.stockpr.com www.vfc.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; script-src 'nonce-2fa12d5122b1f2d515f76513418600b2fa0f819b959e4a4dbece5abc998b0988' *.equisolve.net qmod.quotemedia.com app.quotemedia.com www.google.com fonts.googleapis.com maps.googleapis.com *.vimeo.com *.youtube.com website-search.ent.us-east-1.aws.found.io fonts.gstatic.com *.google-analytics.com www.gstatic.com browser-update.org cdnjs.cloudflare.com *.googletagmanager.com cdn.jsdelivr.net d1s0e5i1d5m51g.cloudfront.net analytics.imirwin.com ir.stockpr.com www.vfc.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com; connect-src *.equisolve.net qmod.quotemedia.com app.quotemedia.com www.google.com fonts.googleapis.com maps.googleapis.com *.vimeo.com *.youtube.com website-search.ent.us-east-1.aws.found.io fonts.gstatic.com *.google-analytics.com www.gstatic.com browser-update.org cdnjs.cloudflare.com *.googletagmanager.com cdn.jsdelivr.net d1s0e5i1d5m51g.cloudfront.net analytics.imirwin.com ir.stockpr.com www.vfc.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com; style-src fonts.googleapis.com *.gstatic.com *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com qmod.quotemedia.com static.c1.quotemedia.com ir.stockpr.com www.vfc.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; font-src cdnjs.cloudflare.com/ajax/libs/font-awesome/ fonts.googleapis.com *.gstatic.com static.c1.quotemedia.com ir.stockpr.com www.vfc.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; img-src i.ytimg.com qmod.quotemedia.com *.googletagmanager.com *.google-analytics.com chart.apis.google.com *.gstatic.com maps.googleapis.com *.businesswire.com *.vimeocdn.com s3.amazonaws.com/content.stockpr.com/ data: ir.stockpr.com www.vfc.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; frame-src *.google.com youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com vimeo.com player.vimeo.com *.hcaptcha.com hcaptcha.com storymaps.arcgis.com ir.stockpr.com www.vfc.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; object-src *.gstatic.com  ir.stockpr.com www.vfc.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; 1
default-src 'self' 'data'; script-src 'self' 'data' 'unsafe-inline' https://www.google-analytics.com https://kit.fontawesome.com https://www.googletagmanager.com https://maps.googleapis.com; style-src 'self' 'data' 'unsafe-inline'; connect-src 'self' 'data' https://maps.googleapis.com https://*.fontawesome.com https://*.google-analytics.com https://stats.g.doubleclick.net; img-src 'self' 'data' https://maps.gstatic.com data: https://www.google-analytics.com; font-src 'self' 'data' data: https://fonts.gstatic.com https://*.fontawesome.com; report-uri /csprep/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://challenges.cloudflare.com https://optimize.google.com https://www.googleoptimize.com https://*.marketingcloudfx.com https://www.google-analytics.com https://www.google.com https://embed.acuityscheduling.com https://js.stripe.com https://z.moatads.com https://s7.addthis.com https://blog.volgistics.com https://seal.digicert.com https://cdn.leadmanagerfx.com https://bat.bing.com https://ct.capterra.com https://www.googletagmanager.com https://tagmanager.google.com; 1
frame-ancestors 'self' https://prod.lavieenrose.com ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' chrome-extension: data: *.portland.gov *.ssl.fastly.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net unpkg.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com bam.nr-data.net bam-cell.nr-data.net js-agent.newrelic.com fontlibrary.org use.fontawesome.com *.googleapis.com *.gstatic.com *.googleusercontent.com *.portlandoregon.gov *.portlandmaps.com *.arcgis.com server.arcgisonline.com *.openstreetmap.org *.opentopomap.org *.tiles.wmflabs.org *.loop11.com *.rawgit.com api.mapbox.com *.recollect.net coolingsearch.org; frame-src 'self' https://www.youtube.com/embed/ https://player.vimeo.com https://www.google.com/maps/ https://www.portlandoregon.gov/ https://www.portlandmaps.com/ *.arcgis.com arcg.is https://online.tableau.com/ https://public.tableau.com/ *.recollect.net https://app.smartsheet.com/ https://publish.smartsheet.com/ https://app.rankedvote.co/; report-uri https://portlandgov.report-uri.com/r/d/csp/enforce 1
default-src 'none'; form-action 'self' 'report-sample' https://phpmyadmin.adm.tools https://phpmyadmin.mysql.network https://ua.team; child-src 'self'; frame-src 'self' 'report-sample' https://www.facebook.com https://connect.facebook.net https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://apis.google.com https://accounts.google.com https://www.google.com https://js.stripe.com https://play.google.com https://pay.google.com; script-src-attr 'report-sample' 'unsafe-inline'; script-src 'self' 'report-sample' https://www.googleadservices.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://code.highcharts.com https://apis.google.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://googletagmanager.com https://maps.google.com https://maps.googleapis.com https://translate.google.com https://accounts.google.com https://js.stripe.com https://play.google.com https://pay.google.com 'unsafe-inline'; img-src 'self' 'report-sample' blob: data: https://www.facebook.com https://m.facebook.com https://connect.facebook.net https://*.gstatic.com https://*.google.com https://*.google.ru https://*.google.es https://*.google.fr https://*.google.nl https://*.google.kz https://*.google.by https://*.google.de https://*.google.pl https://*.google.ae https://*.google.md https://*.google.ca https://*.google.hu https://*.google.com.ua https://*.google.com.tr https://*.google.co.uk https://*.google.at https://*.google.az https://*.google.jo https://*.google.be https://*.google.it https://*.google.com.cy https://*.google.com.ph https://*.google.kz https://*.google.co.uz https://*.google.dk https://*.google.se https://*.googleapis.com https://analytics.google.com https://www.google-analytics.com https://cdn.adm.tools/ https://storage.adm.tools/ https://billing.adm.tools/ https://cdn.webmail.online/ https://cdn.u.ua/ https://opendata.cdn.express/ https://staff.cdn.express/ https://www.gravatar.com; connect-src 'self' 'report-sample' http://localhost:3000 ws://localhost:3000 https://socket.ua.team wss://socket.ua.team https://emi.webmail.online wss://emi.webmail.online wss://ctl.adm.tools https://tools.adm.tools wss://tools.adm.tools wss://staff.adm.tools wss://emi.adm.tools wss://cmd.adm.tools https://cmd.adm.tools wss://ssh.adm.tools https://ssh.adm.tools wss://chat.adm.tools https://chat.adm.tools https://cam.ukraine.com.ua https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://sentry.adm.tools https://www.facebook.com https://accounts.google.com https://*.stripe.com https://play.google.com https://pay.google.com https://google.com https://cdn.jsdelivr.net https://*.default-host.net https://sentry.adm.tools https://cdn.adm.tools/ https://cdn.u.ua; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; media-src 'self' 'report-sample' 'unsafe-inline' blob: https://cam.ukraine.com.ua https://staff.cdn.express/ https://storage.adm.tools/; manifest-src 'self'; worker-src 'self' blob:; report-uri https://sentry.adm.tools/api/8/security/?sentry_key=05c167ddbc674f3da4da07b891f0bdec; 1
default-src 'self' blob: *.lemnisk.co *.vzeesp.com *.mfilterit.net youtube.googleapis.com api.twitter.com graph.facebook.com *.hdfclife.net *.hdfclife.tech *.hdfclife.com www.google-analytics.com www.googletagmanager.com static.cloudflareinsights.com *.notifyvisitors.com; img-src 'self' c.bing.com *.lemnisk.co *.vzeesp.com *.clarity.ms c.clarity.ms p1.zemanta.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com hdfclifecjauat.112.2o7.net *.visualwebsiteoptimizer.com maps.gstatic.com *.mfilterit.net dm.hybrid.ai dss.hybrid.ai mediasmart.io 3ma79ae7cua.com adgebra.co.in data: dpm.demdex.net *.adsymptotic.com t.co s7ap1.scene7.com analytics.twitter.com *.fbcdn.net *.quora.com alb.reddit.com advertiser.inmobiapis.com p.adsymptotic.com www.linkedin.com s0.2mdn.net *.notifyvisitors.com tr.outbrain.com sp.analytics.yahoo.com s7ap1.scene7.com connect.facebook.net *.doubleclick.net *.taboola.com hdfclife.sc.omtrdc.net ade.clmbtech.com ade.clmbtech.com www.googletagmanager.com i.ytimg.com cm.everesttech.net pixel.mathtag.com maps.googleapis.com *.hdfclife.com *.hdfclife.tech *.hdfclife.net www.google-analytics.com www.google.com www.google.co.in px.ads.linkedin.com www.facebook.com; script-src 'self' blob: cdn.kommunicate.io *.lemnisk.co *.vzeesp.com *.visualwebsiteoptimizer.com app.vwo.com *.mfilterit.net 'unsafe-inline' 'unsafe-eval' *.hdfclife.com *.hdfclife.tech *.hdfclife.net www.instagram.com platform.twitter.com cdnjs.cloudflare.com cdn.jsdelivr.net www.google.com assets.adobedtm.com static.cloudflareinsights.com www.googletagmanager.com pixel.mathtag.com www.google-analytics.com unpkg.com *.vizury.com lifeai.api-hdfclife.com *.doubleclick.net connect.facebook.net snap.licdn.com www.googletagservices.com pagead2.googlesyndication.com www.gstatic.com www.youtube.com maps.googleapis.com hdfclife.demdex.net *.taboola.com s3.amazonaws.com s.yimg.com amplify.outbrain.com ajax.googleapis.com tr.outbrain.com  www.googletagmanager.com hdfclife.demdex.net www.google-analytics.com assets.adobedtm.com *.notifyvisitors.com static.cloudflareinsights.com; font-src 'self' fonts.gstatic.com *.lemnisk.co *.vzeesp.com *.mfilterit.net *.notifyvisitors.com fonts.gstatic.com *.hdfclife.com *.hdfclife.tech *.hdfclife.net data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com v1.fontapi.ir *.lemnisk.co *.vzeesp.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com fonts.googleapis.com *.mfilterit.net *.hdfclife.com *.hdfclife.tech *.hdfclife.net cdn.jsdelivr.net; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net *.hdfclife.com *.hdfclife.tech *.hdfclife.net fonts.googleapis.com *.mfilterit.net *.notifyvisitors.com cdn.jsdelivr.net;  frame-src 'self' *.lemnisk.co *.vzeesp.com hdfclife.peppysurvey.com *.visualwebsiteoptimizer.com app.vwo.com spa.gy ak.gotrackier.com adgebra.co.in *.mfilterit.net td.doubleclick.net emd.hybrid.ai tsdtocl.com cdn1.spa.gy lms.mdsmedia.co.in lifeai-widget.apps-hdfclife.com www.facebook.com www.linkedin.com *.notifyvisitors.com *.twitter.com www.instagram.com *.doubleclick.net *.fls.doubleclick.net www.youtube.com youtube.com hdfclife.demdex.net *.hdfclife.com *.hdfclife.tech *.hdfclife.net pixel.mathtag.com sg-pl.vizury.com www.google.com; connect-src 'self'  *.lemnisk.co *.vzeesp.com mu-pl.lemnisk.co amplify.outbrain.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com edge.adobedc.net *.clarity.ms adobedc.demdex.net p.clarity.ms px.ads.linkedin.com tr.outbrain.com api.fido.id *.visualwebsiteoptimizer.com app.vwo.com fpf.hybrid.ai cdn.linkedin.oribi.io cuberatechnology.piwik.pro cubera.services pixel.cubera.services *.mfilterit.net *.hdfclife.com vspagy.com bcp.crwdcntrl.net *.hdfclife.tech *.hdfclife.net s.yimg.com *.taboola.com hdfclife.sc.omtrdc.net *.google.com maps.googleapis.com *.doubleclick.net www.google-analytics.com wss://wsshm.notifyvisitors.com dpm.demdex.net hdfclife.tt.omtrdc.net *.notifyvisitors.com; script-src-elem 'self' cdn.kommunicate.io *.lemnisk.co *.vzeesp.com cdn12.lemnisk.co cdn25.lemnisk.co www.clarity.ms js-tag.zemanta.com a.quora.com wave.outbrain.com app.vwo.com code.fido.id script.mfilterit.net *.visualwebsiteoptimizer.com *.hdfclife.com *.hdfclife.tech *.hdfclife.net 'unsafe-inline' cubera.containers.piwik.pro googleads.g.doubleclick.net www.googleadservices.com pixel.cubera.services www.googleadservices.com *.hybrid.ai cuberatechnology.containers.piwik.pro cubera.services assets.adobedtm.com *.notifyvisitors.com static.cloudflareinsights.com www.googletagmanager.com lifeai.api-hdfclife.com cdn.jsdelivr.net www.google-analytics.com www.instagram.com *.twitter.com cdnjs.cloudflare.com hdfclife.demdex.net ad.doubleclick.net connect.facebook.net *.taboola.com snap.licdn.com s.yimg.com www.googletagservices.com pagead2.googlesyndication.com unpkg.com t.co static.ads-twitter.com www.youtube.com tsdtocl.com amplify.outbrain.com www.google.com www.redditstatic.com *.inmobicdn.net tr.outbrain.com ajax.googleapis.com www.gstatic.com maps.googleapis.com tags.crwdcntrl.net; worker-src 'self' blob: 1
default-src 'self';script-src 'nonce-16f050e6-6200-459b-aaf4-b794d0f23691' 'strict-dynamic' https: 'unsafe-inline' 'unsafe-eval';connect-src 'nonce-16f050e6-6200-459b-aaf4-b794d0f23691' https: 'unsafe-inline';style-src * 'unsafe-inline'; img-src * data:; font-src * data:;frame-src *.demdex.net *.skat.dk; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.nice-incontact.com *.youtube.com *.3lift.com *.calendly.com *.adnxs.com *.advertising.com *.bidswitch.net *.casalemedia.com *.doubleclick.net *.facebook.com *.openx.net *.outbrain.com *.pubmatic.com *.rlcdn.com *.rubiconproject.com *.taboola.com *.yahoo.com *.pippio.com *.marketo.com *.henryscheincustombranding.com *.acuityscheduling.com *.adroll.com *.dca0.com *.adroll.mgr.consensu.org *.kampyle.com *.go-mpulse.net *.marketo.net *.serving-sys.com *.googleadservices.com *.g.doubleclick.net *.akamaihd.net *.comodo.com *.trustlogo.com *.verisign.com *.websecurity.norton.com *.digicert.com *.coremetrics.com *.googletagmanager.com *.google.com *.google-analytics.com *.algorecs.com *.livechatinc.com *.mybusinessbankcard.com *.hsforms.net *.hsforms.com *.hubspot.com *.cognitoforms.com *.google:* *.gstatic.com *.googleapis.com *.github.com *.jquery.com *.facebook.net *.ak.fbcdn.net *.twimg.com *.dentapure.com *.appspot.com *.insourceonline.com vp.dentrek.com *.henryschein.com *.sullivanschein.com *.bing.com *.pagescdn.com *.sitescdn.net *.licdn.com *.conductor.com cdnjs.cloudflare.com widgets.jotform.io *.jotform.com *.googleoptimize.com *.formsite.com *.fullstory.com blob: data:; connect-src 'self' *.henryscheincustombranding.com calendly.com *.conductor.com *.akstat.io wmg-productdesigner-prod-apim.azure-api.net *.go-mpulse.net *.kampyle.com *.mktoresp.com *.akamaihd.net *.algorecs.com *.livechatinc.com *.vivarep.com *.cognitoforms.com *.google.com *.google-analytics.com *.hsforms.net *.appspot.com *.henryschein.com *.sullivanschein.com *.facebook.com *.bing.com *.g.doubleclick.net *.coremetrics.com *.googletagmanager.com *.adroll.com *.dca0.com *.pagescdn.com *.mktoutil.com cdnjs.cloudflare.com widgets.jotform.io *.jotform.com *.fullstory.com; img-src 'self' wmg-productdesigner-prod-apim.azure-api.net *.ytimg.com *.linkedin.com *.adsymptotic.com *.henryscheincustombranding.com *.3lift.com *.adnxs.com *.advertising.com *.bidswitch.net *.casalemedia.com *.doubleclick.net *.facebook.com *.facebook.net *.openx.net *.outbrain.com *.pubmatic.com *.rlcdn.com *.rubiconproject.com *.taboola.com *.yahoo.com *.pippio.com *.marketo.com *.adroll.com *.dca0.com *.adroll.mgr.consensu.org *.kampyle.com *.g.doubleclick.net *.akamaihd.net *.placeholder.com *.comodo.com *.trustlogo.com *.websecurity.norton.com *.digicert.com *.google:* *.caligor.com *.coremetrics.com *.livechatinc.com *.google.com *.google-analytics.com *.henryschein.com *.sullivanschein.com *.vivarep.com placehold.it placehold.co *.servertastic.com *.gstatic.com *.corporate-ir.net *.appspot.com *.googleapis.com *.insourceonline.com *.istockphoto.com *.hsforms.net *.bing.com *.googletagmanager.com *.commerce-connector.com *.ads.linkedin.com *.vimeocdn.com *.cdn.jotfor.ms px.owneriq.net data:; style-src *.henryscheincustombranding.com *.kampyle.com *.google-analytics.com 'unsafe-inline' 'self' *.marketo.com *.googleapis.com *.cognitoforms.com *.google.com *.livechatinc.com *.hsforms.net *.appspot.com *.henryschein.com *.sullivanschein.com *.facebook.com *.bing.com *.gstatic.com *.sitescdn.net; font-src 'self' *.henryscheincustombranding.com *.kampyle.com *.cdn.skype.com *.googleapis.com *.gstatic.com *.livechatinc.com *.googleusercontent.com *.cognitoforms.com *.hsforms.net *.appspot.com *.henryschein.com *.sullivanschein.com *.facebook.com *.bing.com cdn.jotfor.ms data:; frame-src 'self' *.nice-incontact.com *.marketo.com calendly.com  *.acuityscheduling.com *.hubspot.com *.kampyle.com *.g.doubleclick.net *.google-analytics.com *.google.com *.pendo.io *.bws.birst.com *.trustlogo.com *.comodo.com *.googletagmanager.com *.livechatinc.com *.youtube.com *.vivalearning.com *.vimeo.com *.corporate-ir.net vimeo.com *.facebook.com *.appspot.com *.hsforms.net *.henryschein.com *.sullivanschein.com *.bing.com *.facebook.net *.hsforms.com *.pagescdn.com *.wistia.com *.formsite.com data:; media-src 'self' *.vivarep.com *.kampyle.com *.livechatinc.com *.istockphoto.com *.hsforms.net *.appspot.com *.henryschein.com *.sullivanschein.com *.facebook.com *.bing.com *.dentapure.com;  1
default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval' embedsocial.com acsbapp.com www.google-analytics.com ajax.googleapis.com www.publicalbum.org; font-src 'self' fonts.googleapis.com fonts.gstatic.com acsbapp.com; 1
frame-ancestors 'self' https://thesource.amcnetworks.com https://www.amcnetworks.com; 1
default-src https://assets.easypost.com cdn.plaid.com; script-src assets.easypost.com track.easypost.com tagmanager.google.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com www.gstatic.com www.google.com js.stripe.com cdn.plaid.com maps.googleapis.com eu-cdn.walkme.com cdn.walkme.com eu-playerserver.walkme.com playerserver.walkme.com d3sbxpiag177w8.cloudfront.net d2qhvajt3imc89.cloudfront.net https://*.wistia.com https://*.wistia.net https://*.hsforms.com https://*.hsforms.net https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net 'sha256-t1v231h4Fgv1bBX/cpoBZuwY6r6R6nGx5tOXvVJdBh8=' 'sha256-GNTGX7BhgMv3AL+bv0bfF+5DVGhSrLhYL7AM7TSnAcY=' 'sha256-5yJc48yW6FRCVE9ulLzLOd1lLp7X2Xr2Dd4Y+lZ3XjA=' 'sha256-eV1MSFSoXiIPiHPWbzaJgBby+bxVonlOAE5Cwbaa4lc=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' 'sha256-hW1V3UvI+swwT3wQpebXLpXi/7Q9VUws5NlJTNxM/Tg=' 'sha256-zrkY8YxXr6/SilHSYKlWjWW9kOSQsVsrlGluj7eTzoc=' 'sha256-C1JoeFOby67/dRbyCdcT9jfKk3K2hJnqpQZ3LrmmGzs=' 'sha256-k6J1oE8SmewVpG2+marpuZHcoWF8GNDw9oPpqE2vKeI='; style-src track.easypost.com 'unsafe-inline' tagmanager.google.com fonts.googleapis.com assets.easypost.com www.gstatic.com eu-cdn.walkme.com cdn.walkme.com; img-src easypost-files.s3.us-west-2.amazonaws.com assets.easypost.com assets.track.easypost.com brand.easypostpartnercontent.com cdn.walkme.com d27zb0m07iyic6.cloudfront.net d2qhvajt3imc89.cloudfront.net d3sbxpiag177w8.cloudfront.net dzjsfasj4n94t.cloudfront.net data: ec.walkme.com eu-cdn.walkme.com eu-ec.walkme.com googleads.g.doubleclick.net q.stripe.com region1.analytics.google.com region1.google-analytics.com ssl.google-analytics.com ssl.gstatic.com support.easypost.com track.easypost.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com assets.ctfassets.net images.ctfassets.net videos.ctfassets.net https://*.wistia.com https://*.wistia.net https://*.hsforms.com https://*.hsforms.net https://track.hubspot.com https://embedwistia-a.akamaihd.net https://*.youtube.com; font-src data: assets.easypost.com track.easypost.com fonts.gstatic.com https://*.wistia.com; connect-src easypost-files.s3.us-west-2.amazonaws.com adservice.google.com api-canary.easypost.com api.easypost.com api.lever.co assets.easypost.com cdn.walkme.com ec.walkme.com eu-ec.walkme.com eu-papi.walkme.com eu-rapi.walkme.com https://www.google.com js.stripe.com maps.googleapis.com papi.walkme.com production.plaid.com rapi.walkme.com region1.analytics.google.com region1.google-analytics.com sentry.io track.easypost.com usps.easypost.com www-canary.easypost.com www.easypost.com www.google-analytics.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.com https://*.hsforms.net https://*.hubapi.com https://*.hs-banner.com https://*.hscollectedforms.net https://*.wistia.com https://embedwistia-a.akamaihd.net; worker-src assets.easypost.com www.gstatic.com www.google.com; frame-src assets.track.easypost hire.withgoogle.com cdn.plaid.com eu-cdn.walkme.com cdn.walkme.com js.stripe.com player.captivate.fm track.easypost.com tagmanager.google.com www.googletagmanager.com www.google.com www.youtube.com https://*.hsforms.com https://*.hsforms.net; media-src blob: assets.easypost.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; frame-ancestors 'self' 1
img-src https: data:; upgrade-insecure-requests; 1
frame-ancestors 'self'; default-src 'self' https: data: blob: 'unsafe-eval' 'unsafe-inline'; 1
frame-ancestors 'self' https://alud.deusto.es https://biblioguias.biblioteca.deusto.es; 1
frame-ancestors 'self' https://*.autoalert.com https://service.force.com https://whatfix.com https://cdn.whatfix.com https://addons.whatfix.com https://events.whatfix.com https://videos.whatfix.com 1
frame-ancestors 'self' firesidegatherings.com *.firesidegatherings.com localhost localhost:* *.corp.blizzard.net; 1
frame-ancestors 'self' app.hubspot.com; 1
base-uri 'self';default-src 'none';frame-ancestors 'none';manifest-src cdn.inoc.app;script-src 'nonce-lr2ZhLSUUQY6SoIWksh297ZqIiiums0i' inoc.net www.inoc.net cdn.inoc.app 'strict-dynamic' 'unsafe-inline' fonts.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com;style-src 'nonce-lr2ZhLSUUQY6SoIWksh297ZqIiiums0i' inoc.net www.inoc.net cdn.inoc.app chart.googleapis.com 'unsafe-inline' fonts.googleapis.com;form-action inoc.net www.inoc.net;img-src inoc.net www.inoc.net cdn.inoc.app blog.inoc.net chart.googleapis.com data: https://www.google-analytics.com https://*.google-analytics.com https://www.googletagmanager.com;object-src 'none';font-src fonts.gstatic.com;connect-src https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;frame-src *.google.com 1
frame-ancestors 'self' http://webvisor.com *.custhelp.com 1
frame-ancestors 'self' facebook.com 1
default-src *;img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;media-src * 'self' blob: 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: https:; object-src 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'nonce-nUGgr79+hZrfsbxayObGFw==' 'strict-dynamic' https: 'unsafe-inline' 'self'; upgrade-insecure-requests; 1
frame-ancestors https://*.uny.ac.id; 1
connect-src https://bat.bing.com https://adservice.google.com 'self' *.motel-one.com *.the-cloud-one.com https://*.motel-one.com https://*.the-cloud-one.com https://*.google-analytics.com https://maps.googleapis.com https://*.g.doubleclick.net https://*.facebook.com https://*.adup-tech.com https://*.usercentrics.eu https://*.pinimg.com https://*.pinterest.com https://*.surveysparrow.com https://*.dialogshift.com https://core.prod.co25.net https://*.criteo.com https://*.bing.com https://*.google.com; img-src https://gum.criteo.com https://id5-sync.com https://x.bidswitch.net https://e1.emxdgt.com https://simage2.pubmatic.com https://a.twiago.com https://sync-t1.taboola.com https://hb.yahoo.net https://ad.360yield.com https://jadserve.postrelease.com https://sync-criteo.ads.yieldmo.com https://ad.yieldlab.net https://rtb-csync.smartadserver.com https://contextual.media.net https://visitor.omnitagjs.com https://criteo-partners.tremorhub.com https://r.casalemedia.com https://c1.adform.net https://pixel.rubiconproject.com https://matching.ivitrack.com https://exchange.mediavine.com https://match.sharethrough.com https://criteo-sync.teads.tv https://sync.outbrain.com https://www.google.ro https://cm.adform.net https://eb2.3lift.com https://www.google.rs https://www.google.nl data: *.ytimg.com *.vimeocdn.com 'self' 'unsafe-inline' 'unsafe-eval' https://*.cdninstagram.com https://*.squarelovin.com https://squarelovin.com https://ik.imagekit.io https://*.google-analytics.com https://*.doubleclick.net https://t.co https://*.adup-tech.com https://www.facebook.com https://*.google.de https://*.google.com https://*.google.rs https://*.google.ro https://*.google.nl https://*.cx.atdmt.com https://maps.gstatic.com https://maps.googleapis.com https://ssl.gstatic.com https://www.gstatic.com https://assets.pinterest.com https://log.pinterest.com https://bat.bing.com https://*.hurra.com https://*.fbcdn.net https://image.motel-one.com *.motel-one.com *.the-cloud-one.com https://*.gstatic.com https://*.usercentrics.eu https://*.pinimg.com https://*.pinterest.com https://analytics.twitter.com https://*.adnxs.com https://*.criteo.com https://*.demdex.net https://*.ads.yieldmo.com https://*.3lift.com https://*.smartadserver.com https://*.yahoo.net https://*.yieldlab.net https://*.postrelease.com https://*.ivitrack.com https://*.adform.net https://*.omnitagjs.com https://*.tremorhub.com https://*.teads.tv https://*.casalemedia.com https://*.emxdgt.com https://*.pubmatic.com https://*.twiago.com https://*.mediavine.com https://*.360yield.com https://*.taboola.com https://*.outbrain.com https://*.rubiconproject.com https://*.bidswitch.net https://*.media.net https://*.sharethrough.com https://www.googletagmanager.com https://ih.adscale.de https://ads.betweendigital.com https://ads.travelaudience.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.motel-one.com *.the-cloud-one.com https://*.usercentrics.eu data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.motel-one.com *.the-cloud-one.com https://*.gstatic.com https://brame-static.s3.amazonaws.com https://www.googletagmanager.com https://*.googleapis.com https://www.google-analytics.com https://www.youtube.com https://s.ytimg.com https://cdnjs.cloudflare.com https://code.jquery.com https://*.hurra.com https://*.googleadservices.com https://*.criteo.com https://*.criteo.net https://*.creativecdn.com https://*.facebook.net https://*.doubleclick.net https://*.licdn.com https://*.linkedin.com https://*.facebook.com https://*.adnxs.com https://*.bizographics.com https://*.googlesyndication.com https://*.bing.com https://*.adsrvr.org https://*.cloudfront.net https://*.sia.eu https://*.google.ae https://*.google.at https://*.google.ba https://*.google.be https://*.google.by https://*.google.ca https://*.google.cf https://*.google.ch https://*.google.co.cr https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.nz https://*.google.co.th https://*.google.co.uk https://*.google.co.zw https://*.google.de https://*.google.com https://*.google.com.ar https://*.google.com.au https://*.google.com.bo https://*.google.com.br https://*.google.com.cy https://*.google.com.ec https://*.google.com.eg https://*.google.com.hk https://*.google.com.kw https://*.google.com.mt https://*.google.com.mx https://*.google.com.sg https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.cz https://*.google.dk https://*.google.dz https://*.google.es https://*.google.fi https://*.google.fr https://*.google.ge https://*.google.gr https://*.google.hr https://*.google.hu https://*.google.ie https://*.google.im https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.nl https://*.google.no https://*.google.pl https://*.google.ps https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.se https://*.google.si https://*.adup-tech.com https://static.ads-twitter.com https://analytics.twitter.com https://assets.pinterest.com https://log.pinterest.com https://squarelovin.com https://*.squarelovin.com https://*.usercentrics.eu https://*.pinimg.com https://*.pinterest.com https://*.surveysparrow.com https://*.dialogshift.com https://*.smartrecruiters.com https://ads.travelaudience.com; style-src-attr 'unsafe-inline'; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com *.motel-one.com *.the-cloud-one.com https://*.computop-paygate.com https://*.google.com https://*.gstatic.com https://www.googletagmanager.com https://*.googleapis.com https://www.google-analytics.com https://www.youtube.com https://cdnjs.cloudflare.com https://code.jquery.com https://*.hurra.com https://*.googleadservices.com https://*.criteo.com https://*.criteo.net https://creativecdn.com https://*.creativecdn.com https://*.facebook.net https://*.doubleclick.net https://*.licdn.com https://*.linkedin.com https://*.facebook.com https://*.google.de https://*.adnxs.com https://*.bizographics.com https://*.googlesyndication.com https://*.bing.com https://*.adsrvr.org https://*.cloudfront.net https://*.sia.eu https://*.usercentrics.eu https://assets.pinterest.com https://log.pinterest.com https://*.pinimg.com https://*.pinterest.com https://*.surveysparrow.com https://surveysparrow.com https://*.dialogshift.com https://*.smartrecruiters.com https://*.brame-gamification.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.motel-one.com *.the-cloud-one.com https://*.usercentrics.eu data: https://*.squarelovin.com https://squarelovin.com https://fonts.googleapis.com https://tagmanager.google.com https://*.google.com https://*.dialogshift.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.motel-one.com *.the-cloud-one.com https://*.usercentrics.eu data: https://*.computop-paygate.com https://*.brame-gamification.com https://*.google.com https://*.gstatic.com https://www.googletagmanager.com https://*.googleapis.com https://www.google-analytics.com https://*.doubleclick.net https://*.dialogshift.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: *.ep-mimecast.ads-twitter.com analytics.twitter.com static.ads-twitter.com t.co code.jquery.com cdn.jsdelivr.net googletagmanager.com 'report-sample'; style-src 'self' 'unsafe-inline' 'report-sample' https: platform.twitter.com code.jquery.com cdn.jsdelivr.net googletagmanager.com; object-src 'none'; frame-ancestors t.co twitter.com; block-all-mixed-content; frame-src https: s-usc1c-nss-394.firebaseio.com *.twitter.com twitter.com; child-src 'self' platform.twitter.com googletagmanager.com; img-src 'self' data: blob: https: *.gravatar.com t.co *.twitter.com twitter.com code.jquery.com cdn.jsdelivr.net; font-src 'self' data: https: cdn.jsdelivr.net; connect-src 'self' wss: https: mtn-pulse-files.s3.af-south-1.amazonaws.com about: ajax.googleapis.com googletagmanager.com fonts.googleapis.com fonts.gstatic.com www.google-analytics.comstats.g.doubleclick.net ampcid.google.com analytics.google.com t.co *.twitter.com twitter.com code.jquery.com cdn.jsdelivr.net; manifest-src 'self' data:; base-uri 'self'; form-action 'self' *.twitter.com; media-src 'self' blob: https:; prefetch-src 'self'; worker-src 'self'; 1
default-src https://*.nowtv.it; form-action https://ott-it.secure.force.com https://ott-it.my.salesforce.com https://ott-it.my.salesforce-sites.com; font-src 'self' https://static.skyassets.com https://*.nowtv.it https://web.static.nowtv.com https://cdn-eu.dynamicyield.com https://cdn.braze.eu data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.nowtv.it https://web.static.nowtv.com https://*.klarnacdn.net https://*.klarnaservices.com https://cdn-eu.dynamicyield.com https://cdn.dynamicyield.com https://st-eu.dynamicyield.com https://*.content-square.fr https://*.contentsquare.net https://analytics.global.sky.com https://*.demdex.net https://d3c3cq33003psk.cloudfront.net https://connect.facebook.net https://static.ads-twitter.com https://analytics.twitter.com https://*.doubleclick.net https://www.googleadservices.com https://*.myvisualiq.net https://www.dwin1.com https://*.awin1.com https://*.zenaps.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.salesforce-sites.com https://*.sp-prod.net https://cdn.privacy-mgmt.com https://assets.adobedtm.com https://tapestry.tapad.com https://bat.bing.com https://www.googletagmanager.com https://static.hotjar.com/ https://core.spreedly.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.optimizely.com https://smetrics.nowtv.it https://s.pinimg.com https://sc-static.net https://acdn.adnxs.com https://secure.adnxs.com https://cdn.exactag.com https://static.criteo.net https://amplify.outbrain.com https://s.yimg.com https://tracking.m6r.eu https://tr.outbrain.com https://sslwidget.criteo.com https://m.exactag.com https://analytics.tiktok.com https://the.sciencebehindecommerce.com https://a.twiago.com https://e.clarity.ms https://*.contentsquare.net https://jssdkcdns.mparticle.com https://www.paypal.com https://c.amazon-adsystem.com; connect-src 'self' https://*.ottcds.com https://*.nowtv.it https://*.sky.com https://*.klarnaevt.com https://*.klarnauserservices.com https://*.demdex.net https://graph.facebook.com https://*.contentsquare.net https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.sp-prod.net https://sourcepoint.mgr.consensu.org https://web.static.nowtv.com https://cdn.privacy-mgmt.com https://dcd12547fac74c3cb90d3307a66b8089.apm.eu-west-1.aws.cloud.es.io https://sas-apm.telem.prod.ott.sky https://in.hotjar.com/ https://bat.bing.com https://www.facebook.com https://ct.pinterest.com https://tr.snapchat.com https://s.yimg.com https://analytics.tiktok.com https://the.sciencebehindecommerce.com https://direct.dy-api.eu https://direct-collect.dy-api.eu https://adm.dynamicyield.eu https://px-eu.dynamicyield.com https://cdn-eu.dynamicyield.com https://cdn.dynamicyield.com https://async-px-eu.dynamicyield.com https://rcom-eu.dynamicyield.com https://st-eu.dynamicyield.com https://*.contentsquare.net https://checkoutshopper-live.adyen.com https://identity.mparticle.com https://jssdks.mparticle.com https://www.paypal.com https://sdk.fra-01.braze.eu https://www.google.com https://*.g.doubleclick.net https://aax-eu.amazon-adsystem.com; img-src 'self' data: https://*.nowtv.com https://*.nowtv.it https://web.static.nowtv.com https://t.co https://www.facebook.com https://*.contentsquare.net https://*.awin1.com https://*.zenaps.com https://*.salesforce-sites.com https://cm.everesttech.net https://*.demdex.net https://aa.agkn.com https://pm.w55c.net https://cm.everesttech.net https://*.adnxs.com https://*.doubleclick.net https://rtd.tubemogul.com https://analytics.twitter.com https://p.rfihub.com https://a.collective-media.net https://pixel.quantserve.com https://*.bing.com https://pixel.advertising.com https://image5.pubmatic.com https://a.tribalfusion.com https://cms.analytics.yahoo.com https://odr.mookie1.com https://dmp.v.fwmrm.net https://sync-tm.everesttech.net https://spl.zeotap.com https://*.myvisualiq.net https://tapestry.tapad.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://www.google-analytics.com https://sp.analytics.yahoo.com https://ads-engagement.presage.io https://a.twiago.com https://ct.pinterest.com https://www3.smartadserver.com https://tr.outbrain.com https://www.pinterest.com https://www.pinterest.com https://e.clarity.ms https://cdn.dynamicyield.com https://imageservice.sky.com https://uk.imageservice.sky.com https://*.contentsquare.net https://*.imageservice.sky.com https://*.force.com https://checkoutshopper-live.adyen.com https://www.paypalobjects.com https://cdn.braze.eu; style-src 'self' 'unsafe-inline' https://*.nowtv.it https://web.static.nowtv.com https://*.force.com https://*.my.salesforce.com https://*.salesforce-sites.com https://cdn-eu.dynamicyield.com https://cdn.dynamicyield.com; media-src 'self' data: blob: https://*.nowtv.it https://web.static.nowtv.com; frame-src https://core.spreedly.com https://ottsas.sky.com https://sas.nowtv.it https://ad3.adfarm1.adition.com https://vars.hotjar.com https://*.sp-prod.net https://cdn.privacy-mgmt.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.klarna.com https://*.klarnacdn.net https://tr.snapchat.com https://*.creativecdn.com https://*.awin1.com https://*.zenaps.com https://www.pinterest.com https://gum.criteo.com https://creativecdn.com https://www.pinterest.co.uk https://bskyb.demdex.net https://cmp.nowtv.it https://*.fls.doubleclick.net https://checkoutshopper-live.adyen.com https://ott-it.my.salesforce.com https://ott-it.my.salesforce-sites.com https://ott-it.secure.force.com https://*.contentsquare.net https://www.paypal.com https://www.youtube.com https://aax-eu.amazon-adsystem.com https://td.doubleclick.net https://www.mainadv.com https://hal9000.redintelligence.net; worker-src blob:; upgrade-insecure-requests; 1
default-src 'unsafe-inline' pincong.rocks *.pincong.rocks *.hcaptcha.com *.cloudflare.com;  script-src 'unsafe-inline' 'unsafe-eval' blob: pincong.rocks *.pincong.rocks *.cloudflare.com hcaptcha.com *.hcaptcha.com; img-src data: pincong.rocks *.pincong.rocks *.hcaptcha.com *.cloudflare.com *.imgur.com *.redd.it archive.is web.archive.org upload.wikimedia.org pbs.twimg.com telegra.ph miro.medium.com i.postimg.cc i.lihkg.com i.lih.kg upload.cc pomf2.lain.la files.catbox.moe media.gab.com; media-src data: video.twimg.com files.catbox.moe pomf2.lain.la; frame-src pincong.rocks *.pincong.rocks *.hcaptcha.com *.cloudflare.com www.youtube-nocookie.com; 1
frame-src 'self' vimeo.com player.vimeo.com www.googletagmanager.com  www.youtube.com *.marketo.com *.widencdn.net *.spe.org cdn.knightlab.com widget.taggbox.com www.google.com www.slideshare.net share.transistor.fm spe.widen.net www.podbean.com  player.flipsnack.com ;  report-uri https://www.spe.org/csp/log/ 1
default-src 'unsafe-inline' https: data:; img-src blob: data: https:; media-src blob: data: https:; script-src 'unsafe-eval' 'unsafe-inline' https: blob:; frame-ancestors 'self' https://*.tio.ch 1
default-src 'self' *.juicyscore.ai *.juicyscore.com https://juicyscore.ai https://juicyscore.com https://score.juicyscore.com https://www.googletagmanager.com https://www.google-analytics.com https://a.omappapi.com https://*.google-analytics.com https://analytics.twitter.com https://*.omappapi.com https://t.co *.linkedin.oribi.io *.linkedin.com static.ads-twitter.com; style-src 'self' 'unsafe-inline' https://*.omappapi.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://snap.licdn.com https://juicyscore.ai https://juicyscore.com https://score.juicyscore.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google-analytics.com https://*.omappapi.com 1
base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; worker-src blob:; child-src blob:; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; style-src 'self' https: 'unsafe-inline'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; font-src 'self' data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; connect-src 'self'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; frame-src 'self' data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; frame-ancestors 'self'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; object-src data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138 1
default-src 'self' static.zdassets.com ;style-src 'self' 'unsafe-inline' static.hotjar.com fonts.googleapis.com c0.wp.com *.v2.pressablecdn.com stats.wp.com ;script-src 'self' 'unsafe-inline' *.pressablecdn.com 'unsafe-eval' c0.wp.com *.v2.pressablecdn.com www.googletagmanager.com static.zdassets.com www.google-analytics.com static.hotjar.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net script.hotjar.com www.gstatic.com js.hsforms.net www.google.com stats.wp.com ;font-src 'self' data: *.pressablecdn.com c0.wp.com fonts.gstatic.com static.formstack.com ;img-src 'self' secure.gravatar.com data: *.pressablecdn.com www.google.ca pixel.wp.com track.hubspot.com forms-na1.hsforms.com forms.hsforms.com www.googletagmanager.com qas.enom.com www.google-analytics.com *.zdusercontent.com enom.zendesk.com ;connect-src 'self' analytics.google.com www.google-analytics.com enom.zendesk.com ekr.zdassets.com www.google.ca wss: forms.hsforms.com ting.formstack.com content.hotjar.io ;style-src-elem 'self' c0.wp.com *.pressablecdn.com 'unsafe-inline' *.v2.pressablecdn.com fonts.googleapis.com stats.wp.com ;script-src-elem 'self' 'unsafe-inline' *.pressablecdn.com c0.wp.com www.googletagmanager.com *.v2.pressablecdn.com static.zdassets.com www.google-analytics.com static.hotjar.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net script.hotjar.com www.gstatic.com js.hsforms.net www.google.com stats.wp.com ting.formstack.com www.enom.com static.formstack.com js.stripe.com ;frame-src 'self' td.doubleclick.net www.google.com js.hsforms.net js.hsforms.com forms.hsforms.com fast.wistia.com static.formstack.com js.stripe.com ; 1
default-src 'self' cdn.wcc.witt-weiden.de https://cdn.wcc.witt-weiden.de/graphql;    base-uri 'self';    font-src 'self' cdn.wcc.witt-weiden.de https://fonts.gstatic.com data: https://d3dc1lgancj6l0.cloudfront.net https://dq4irj27fs462.cloudfront.net https://*.userwerk.com;    img-src * data: https://*.userwerk.com;    connect-src 'self' https://cdn.wcc.witt-weiden.de/graphql cdn.wcc.witt-weiden.de cdn.witt.info/ https://images.ctfassets.net te.witt-weiden.de tp.witt-weiden.de wasp.witt-weiden.de wst.witt-weiden.de https://*.analytics.google.com https://*.facebook.com https://*.contentsquare.net https://*.my.onetrust.eu https://*.google-analytics.com https://bat.bing.com eu-witt-gruppe-prod1.mini.snplow.net https://www.google-analytics.com https://www.jsctool.com https://adservice.google.com/pagead/ https://graphql.contentful.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://geolocation.onetrust.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ https://*.creativecdn.com https://*.googlesyndication.com https://*.optimizely.com ct.pinterest.com https://jsctool.com checkout-cdn.aboutyou.cloud checkout-v3.wcc.witt-weiden.de https://*.ingest.sentry.io wss://chat.userlike.com chat.userlike.com api.userlike.com www.userlike.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com wss://umd.userlike.com/umd/ https://*.userwerk.com https://maps.googleapis.com;    object-src 'none';    child-src blob: userlike-cdn-widgets.userlike.com;    script-src * 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.paypal.com userlike-cdn-widgets.userlike.com https://*.userwerk.com;    style-src 'self' cdn.wcc.witt-weiden.de https://www.googletagmanager.com https://fonts.googleapis.com 'unsafe-inline' d.witt-weiden.de checkout-cdn.aboutyou.cloud https://*.adyen.com https://*.paypal.com;    frame-src 'self' checkout-v3.wcc.witt-weiden.de https://*.awin1.com https://*.criteo.net https://*.criteo.com https://*.adrtx.net https://*.contentsquare.net https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://dmp.theadex.com https://5127363.fls.doubleclick.net https://12769738.fls.doubleclick.net https://www.jsctool.com https://creativecdn.com/ https://fledge-eu.creativecdn.com/ https://tbs.tradedoubler.com/ https://survey2.quantilope.com/ https://*.adyen.com https://*.paypal.com https://*.computop-paygate.com userlike-cdn-widgets.userlike.com https://*.userwerk.com;    media-src 'self' cdn.wcc.witt-weiden.de cdn.witt.info/ https://images.ctfassets.net https://videos.ctfassets.net https://www.youtube.com https://witt-gruppe-res.cloudinary.com;    manifest-src 'self' cdn.wcc.witt-weiden.de;    worker-src 'self' cdn.wcc.witt-weiden.de blob:;    form-action 'self' www.facebook.com https://*.userwerk.com;    block-all-mixed-content;    frame-ancestors 'self' https://app.contentful.com;    sandbox allow-scripts allow-forms allow-same-origin allow-top-navigation allow-popups allow-popups-to-escape-sandbox allow-modals; 1
default-src https:; script-src 'unsafe-inline' blob: https: 'unsafe-eval' https://crossway.my.salesforce.com; style-src 'unsafe-inline' https:; font-src https: data:; media-src http: https:; img-src http: https: data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://toolstatic.idesk360.com https://dcr.pathao.com https://static.addtoany.com https://ajax.cloudflare.com https://maps.googleapis.com https://googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://*.cloudfront.net https://toolstatic.idesk360.com https://unpkg.com/ https://hello.myfonts.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://assets.zendesk.com; img-src 'self' data: blob: https://public-content.ap-south-1.linodeobjects.com https://tool.idesk360.com https://toolstatic.idesk360.com https://sociovocal.s3.amazonaws.com https://www.google.com.bd http://pathao.com https://*.w.org https://maps.gstatic.com https://maps.googleapis.com https://googleapis.com https://cdn.pathao.com https://www.google.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://secure.gravatar.com https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://themes.googleusercontent.com; connect-src 'self' https://www.facebook.com wss://tool.idesk360.com https://tool.idesk360.com https://analytics.google.com https://arges.pathao.com https://front-police.pathaointernal.com https://my.yoast.com https://script.google.com https://script.googleusercontent.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com/; object-src 'none'; media-src https://toolstatic.idesk360.com; frame-src self https://dcr.pathao.com/ https://static.addtoany.com https://docs.google.com https://static.zdassets.com https://www.youtube.com/ https://staticxx.facebook.com https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; frame-ancestors 'self' localhost https://business-app.pathao.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://www.google.com/recaptcha/api.js https://ssl.google-analytics.com/ga.js https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/ https://az416426.vo.msecnd.net/scripts/ https://tagmanager.google.com; connect-src 'self' wss://*.parliamentlive.tv/signalr/ wss://parliamentlive.tv/signalr/ wss://*.vualto.com/signalr/ https://dc.services.visualstudio.com/v2/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; img-src 'self' https://2f0f8fc-az-westeurope.fsly.cdn.ebsd.ericsson.net/ https://2f0f8fc-az-westeurope-fsly.cdn.redbee.live/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://exposure.api.redbee.live/v1/ https://eventsink.api.redbee.live/ http://*.ukparliament.groovygecko.com/ https://*.kaltura.com/ http://*.kaltura.com/ https://ssl.google-analytics.com/ https://vodplayer.parliamentlive.tv/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/r/ https://www.google.com/ads/ https://www.google.co.uk/ads/ https://ssl.gstatic.com https://www.gstatic.com data:; font-src 'self' data:; frame-ancestors 'self' *.parliamentlive.tv/; frame-src https://*.vualto.com http://*.vualto.com https://www.google.com/ https://*.parliamentlive.tv/ http://*.parliamentlive.tv/; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://tagmanager.google.com https://fonts.googleapis.com; 1
object-src 'none'; frame-ancestors https://*.neogov.com https://*.neogov.net https://*.neoed.com https://*.neogov.ca https://*.neoed.net; upgrade-insecure-requests 1
frame-ancestors http://webvisor.com; 1
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.geotab.com; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: ; frame-ancestors *.rtl.hu; 1
default-src blob: 'self' *.selinc.com; child-src blob: https://players.brightcove.net *.facebook.com connect.facebook.net; connect-src 'self' blob: *.selinc.com https://selinc.com https://cdn.contentstack.io https://images.contentstack.io https://dc.services.visualstudio.com *.akamaihd.net *.brightcove.com https://players.brightcove.net https://manifest.prod.boltdns.net http://manifest.prod.boltdns.net *.facebook.com connect.facebook.net https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://analytics.google.com https://www.google.com https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js https://translate.googleapis.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.instagram.com https://api.ipify.org https://cdn.linkedin.oribi.io https://*.clarity.ms wss://ektronmessagehubprod.service.signalr.net performance.typekit.net https://p.typekit.net https://use.typekit.net https://www.bing.com https://www3.lenoxsoft.com https://gateway.zscaler.net https://api.userback.io; font-src 'self' data: *.selinc.com https://selinc.com https://discover.selinc.com https://use.fontawesome.com https://fonts.gstatic.com https://use.typekit.net https://cloud.webtype.com https://static.userback.io; frame-src *.selinc.com https://discover.selinc.com https://cdncache-a.akamaihd.net https://players.brightcove.net *.facebook.com connect.facebook.net https://bid.g.doubleclick.net bid.g.doubleclick.net https://www.google.com https://googleleads.g.doubleclick.net https://www.googleadservices.com https://api.heartlandportico.com https://hps.github.io https://html5-player.libsyn.com https://oembed.libsyn.com https://snap.licdn.com https://px.ads.linkedin.com https://players.brightcove.net *.id.opendns.com *.pardot.com https://pigeonhole.at/ https://platform.twitter.com https://syndication.twitter.com; img-src android-webview: android-webview-video-poster: data: * https://images.contentstack.io https://region1.google-analytics.com https://region1.analytics.google.com https://c.bing.com https://c.clarity.ms; media-src 'self' blob: data: *.selinc.com https://bcbolt446c5271-a.akamaihd.net *.brightcove.com *.brightcovecdn.com https://hls.cf.brightcove.com https://secure.brightcove.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com https://manifest.prod.boltdns.net http://manifest.prod.boltdns.net; object-src 'self' https://players.brightcove.net; script-src 'unsafe-inline' 'unsafe-eval' blob: *.selinc.com https://prodcdn.selinc.com https://selinc.com https://selinc.csod.com https://sel2fe.ad.selinc.com:3000 https://unpkg.com *.vo.msecnd.net https://cdncache-a.akamaihd.net *.brightcove.com *.brightcove.net https://players.brightcove.net https://map.brightcove.com https://cdn-cs.conductor.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://www.facebook.com www.googleadservices.com googleads.g.doubleclick.net www.google.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://translate.googleapis.com https://translate.google.com https://snap.licdn.com https://px.ads.linkedin.com https://*.clarity.ms https://pi.pardot.com https://cdn.syndication.twimg.com https://platform.twitter.com use.typekit.net https://www.youtube.com https://vjs.zencdn.net https://asok.nypa.gov https://www3.lenoxsoft.com https://static.userback.io; script-src-elem 'unsafe-inline' 'unsafe-eval' blob: *.selinc.com https://prodcdn.selinc.com https://selinc.com https://selinc.csod.com https://sel2fe.ad.selinc.com:3000 https://unpkg.com *.vo.msecnd.net https://cdncache-a.akamaihd.net *.brightcove.com *.brightcove.net https://players.brightcove.net https://map.brightcove.com https://cdn-cs.conductor.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://www.facebook.com www.googleadservices.com googleads.g.doubleclick.net www.google.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://translate.googleapis.com https://translate.google.com https://snap.licdn.com https://px.ads.linkedin.com https://*.clarity.ms https://pi.pardot.com https://cdn.syndication.twimg.com https://platform.twitter.com use.typekit.net https://www.youtube.com https://vjs.zencdn.net https://asok.nypa.gov https://www3.lenoxsoft.com https://static.userback.io; style-src 'self' blob: 'unsafe-inline' *.selinc.com https://prodcdn.selinc.com https://players.brightcove.net https://connect.facebook.net https://tagmanager.google.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://translate.googleapis.com https://www.googletagmanager.com *.twimg.com https://platform.twitter.com https://p.typekit.net use.typekit.net https://static.userback.io; style-src-elem 'self' blob: 'unsafe-inline' *.selinc.com https://prodcdn.selinc.com https://players.brightcove.net https://connect.facebook.net https://tagmanager.google.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://translate.googleapis.com https://www.googletagmanager.com *.twimg.com https://platform.twitter.com https://p.typekit.net use.typekit.net https://static.userback.io; worker-src 'self' blob:; base-uri 'self' about: https://manifest.prod.boltdns.net https://secure.brightcove.com; report-uri /api/cspNotification/ 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss: https: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; font-src 'self' data: https: 'unsafe-inline'; frame-src 'self' https:; style-src 'self' https: 'unsafe-inline' 1
default-src 'self' cdn.trkkn.com tools.trkkn.com spl.bacardi.com spl-prod.bacardistaging.com age-gate-prod.prod.bacardi.digital *.bacardilimited.com *.bacardi.com store.casabacardi.com www.aserecubano.com www.responsibledrinking.org www.toroverdepr.com congafeatyou.com contact.bacardi.com drinkbacardi.com instagram.com www.instagram.com d.agkn.com lifeisbeautiful.com open.spotify.com bacardi.speakeasy.shop *.hotjar.com *.adsrvr.org pinterest.com player.vimeo.com *.google.com *.hornblower.com *.adimo.co www.bonnaroo.com www.discoverpuertorico.com/info/travel-guidelines www.facebook.com www.googletagmanager.com asystem-library.s3.amazonaws.com www.laconcharesort.com www.marriott.com/hotels/travel/sjuac-ac-hotel-san-juan-condado/ www.nps.gov/saju/index.htm www.reservebar.com www.responsibility.org www.tripadvisor.com www.youtube.com 5337729.fls.doubleclick.net tr.snapchat.com app.roilti.com www.bacardisoundsofsummer.com.au prod-frontend.roilti.com bacardi-animated-model.eyekandy.com; connect-src 'self' *.thisisbeacon.com *.platform.veracitytrustnetwork.com cart-api.liquidcheckout.com utils.liquidcheckout.com api.liquidcheckout.com www.scgrocery.net us-central1-adaptive-growth.cloudfunctions.net *.jebbit.com cdn-ukwest.onetrust.com *.bacardi.digital spl.bacardi.com https://*.algolianet.com https://*.algolia.net https://*.algolia.io liquid-checkout-v1-0-7s7rhms6ea-uc.a.run.app *.google-analytics.com maps.googleapis.com stats.g.doubleclick.net *.hotjar.com vimeo.com *.teads.tv api.usersnap.com 4dvq37jqcg.execute-api.eu-west-1.amazonaws.com *.onetrust.com *.evergage.com tr.snapchat.com www.google.com googleads.g.doubleclick.net; media-src 'self' d323g1xugy1rkz.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.trkkn.com tools.trkkn.com *.thisisbeacon.com *.platform.veracitytrustnetwork.com api.liquidcheckout.com cart-api.liquidcheckout.com www.gstatic.com www.google.com *.jebbit.com www.scgrocery.net d1w9968ecxd3bi.cloudfront.net openfpcdn.io spl.bacardi.com *.bacardi.digital d3hnlaz0mzjpz0.cloudfront.net asystem-library.s3.amazonaws.com cdn.evgnet.com *.evergage.com www.googletagmanager.com *.google-analytics.com maps.googleapis.com *.google.com www.facebook.com connect.facebook.net www.youtube.com *.hornblower.com unpkg.com *.teads.tv *.snapchat.com player.vimeo.com cdn.pdst.fm cdn.adimo.co static.tacdn.com *.hotjar.com mpsnare.iesnare.com www.jscache.com cdn.jsdelivr.net www.tripadvisor.com cdn-ukwest.onetrust.com spl-prod.bacardistaging.com *.bacardi.digital cdn.usersnap.com api.usersnap.com d29mknc5251yuj.cloudfront.net js.adsrvr.org sc-static.net app.roilti.com privacyportal-uk-cdn.onetrust.com *.pinimg.com; style-src 'self' blob: 'unsafe-inline' *.thisisbeacon.com *.platform.veracitytrustnetwork.com *.bacardi.digital js.jebbit.com fonts.googleapis.com fast.fonts.net static.tacdn.com *.evergage.com cdn.jsdelivr.net privacyportal-uk-cdn.onetrust.com; img-src 'self' http://images.salsify.com images.salsify.com data: https://*; font-src 'self' data: https://*; frame-src 'self' intent: https://* 1
default-src 'self' fonts.gstatic.com; connect-src 'self' stats.avocat.fr; frame-src 'self' annuaire.avocat.fr platform.twitter.com www.youtube.com www.youtube-nocookie.com; img-src 'self' data: stats.avocat.fr www.avocat.fr; object-src 'self'; script-src 'self' ajax.googleapis.com stats.avocat.fr connect.facebook.net platform.linkedin.com platform.twitter.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-ancestors 'self'; report-uri https://www.avocat.fr/report-uri/enforce 1
frame-ancestors 'self';media-src 'self' js.intercomcdn.com; connect-src 'self' https://api.sail-track.com https://cdn.cookielaw.org api-iam.intercom.io nexus-websocket-a.intercom.io api-iam.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io geolocation.onetrust.com api.sail-personalize.com api.company-target.com www.google-analytics.com *.clarity.ms siteintercept.qualtrics.com cdn.cookielaw.org ak.sail-track.com stats.g.doubleclick.net tag-logger.demandbase.com;default-src 'self';frame-src 'self' js.driftt.com s.company-target.com intercom-sheets.com;script-src 'self' 'unsafe-inline' widget.intercom.io *.intercomcdn.com cdn.heapanalytics.com www.googletagmanager.com static.cloudflareinsights.com tag.demandbase.com www.clarity.ms ak.sail-horizon.com www.google-analytics.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com cdn.cookielaw.org js.driftt.com *.clarity.ms;style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com;img-src 'self' *.intercomcdn.com www.google-analytics.com fonts.gstatic.com fast.fonts.net cdn.cookielaw.org heapanalytics.com c.clarity.ms id.rlcdn.com c.bing.com segments.company-target.com www.google.com www.google.com.np www.googletagmanager.com static.intercomassets.com data:;object-src 'none';base-uri 'self';form-action 'self';upgrade-insecure-requests 1
connect-src *.google-analytics.com www.google-analytics.com *.analytics.google.com *.wcrf.org *.cloudflare.com *.doubleclick.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com apikeys.civiccomputing.com px.ads.linkedin.com ; default-src 'self' 'unsafe-inline' www.googletagmanager.com; font-src 'self' data: *.wcrf.org; frame-src 'self' data: www.google.com platform.twitter.com www.googletagmanager.com player.vimeo.com vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com *.twitter.com *.cloudflare.com *.doubleclick.net s3-eu-west-1.amazonaws.com calendar.google.com datawrapper.dwcdn.ne datawrapper.dwcdn.net; img-src 'self' data: www.google.com platform.twitter.com www.googletagmanager.com player.vimeo.com vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com *.twitter.com *.cloudflare.com *.doubleclick.net px.ads.linkedin.com www.google.co.uk; media-src 'self' blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' connect.facebook.net; script-src-elem 'self' 'unsafe-inline' player.vimeo.com vimeo.com apis.google.com www.youtube.com www.youtube-nocookie.com platform.twitter.com googletagmanager.com www.googletagmanager.com www.google.com google.com www.gstatic.com gstatic.com www.google-analytics.com connect.facebook.net *.cloudflare.com documentservices.adobe.com a.omappapi.com cc.cdn.civiccomputing.com snap.licdn.com; style-src 'self' 'unsafe-inline' blob:; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com a.omappapi.com snap.licdn.com; worker-src 'self' blob:; 1
default-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' *.google.com *.googleapis.com *.wistia.com api.hubapi.com forms.hubspot.com wss://auntbertha.zendesk.com; script-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' 'unsafe-eval' 'unsafe-inline' *.demdex.net *.google.com *.googleapis.com *.gstatic.com *.statuspage.io *.wistia.com api.rollbar.com assets.adobedtm.com cdn.rollbar.com cdnjs.cloudflare.com/ajax/libs/ connect.facebook.net facebook.com https://*.zopim.com https://*.zopim.io https://chat-api.spartez-software.com https://ekr.zdassets.com https://spartezchatfiles.b-cdn.net https://static.zdassets.com https://www.googletagmanager.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js-na1.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.stripe.com js.usemessages.com static.cloudflareinsights.com track.hubspot.com www.atlassian.com/software/statuspage www.googleadservices.com www.google-analytics.com www.statuspage.com https://cdn.amplitude.com us-central1-searchbertha-hrd.cloudfunctions.net https://program-editor-ui-bqlyzw342a-uc.a.run.app/ https://data-quality-ui-bqlyzw342a-uc.a.run.app/ https://program-api-bqlyzw342a-uc.a.run.app/ https://trusted-networks-cloud-run-bqlyzw342a-uc.a.run.app/; style-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' 'unsafe-inline' *.google.com *.googleapis.com *.gstatic.com blob: data: file: filesystem: https://netdna.bootstrapcdn.com https://program-api-bqlyzw342a-uc.a.run.app/ https://trusted-networks-cloud-run-bqlyzw342a-uc.a.run.app/; img-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' *.akamaihd.net *.demdex.net *.doubleclick.net *.everesttech.net *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.hubspot.com *.wistia.com data: https://*.zopim.com https://*.zopim.io https://www.googletagmanager.com https://avatar-management--avatars.us-west-2.prod.public.atl-paas.net/ https://chat-api.spartez-software.com/ https://program-api-bqlyzw342a-uc.a.run.app/ https://trusted-networks-cloud-run-bqlyzw342a-uc.a.run.app/; font-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' *.gstatic.com data: https://*.zopim.com https://*.zopim.io https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://program-api-bqlyzw342a-uc.a.run.app/ https://trusted-networks-cloud-run-bqlyzw342a-uc.a.run.app/; frame-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' *.careunify.com *.google.com *.periscopedata.com *.statuspage.io *.stripe.com us-central1-searchbertha-hrd.cloudfunctions.net https://program-editor-ui-bqlyzw342a-uc.a.run.app/ https://data-quality-ui-bqlyzw342a-uc.a.run.app/ https://program-api-bqlyzw342a-uc.a.run.app/ https://trusted-networks-cloud-run-bqlyzw342a-uc.a.run.app/; connect-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' *.akamaihd.net *.demdex.net *.googleapis.com *.hubapi.com *.hubspot.com *.rollbar.com *.wistia.com auntbertha.zendesk.com ekr.zdassets.com wss://*.zopim.com www.google-analytics.com https://api.ipify.org/ https://chat-api.spartez-software.com/ wss://chat-ws.spartez-software.com/ https://api2.amplitude.com/2/httpapi https://program-api-bqlyzw342a-uc.a.run.app/ https://trusted-networks-cloud-run-bqlyzw342a-uc.a.run.app/; object-src 'none'; media-src 'self' blob: data:; 1
default-src 'self' https://cancer.org.au https://*.doubleclick.net https://*.google-analytics.com https://*.googleanalytics.com https://*.sharethis.com https://api.usabilla.com https://*.cancer.org.au https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.tiktok.com https://*.dotomi.com https://*.monsido.com https://www.instagram.com https://embedsocial.com https://www.tiktok.com/embed.js https://www.instagram.com/embed.js https://platform.instagram.com/en_US/embeds.js https://*.curator.io https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web/tiktok/falcon/embed/embed_v1.0.11.js https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web/tiktok/falcon/embed/embed_lib_v1.0.11.js https://www.google.com/recaptcha/api.js https://trc.taboola.com https://cdn.taboola.com https://www.ascio.com https://cdn.jsdelivr.net https://*.klaviyo.com https://static.klaviyo.com https://paperform.co https://paperform.co/__embed.min.js https://*.paperform.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://cdn.pdst.fm/ping.min.js https://static.ads-twitter.com/uwt.js https://analytics.google.com https://static-login.sendpulse.com https://gp.webformscr.com https://optimize.google.com https://web.webformscr.com https://*.monsido.com https://cdnjs.cloudflare.com https://recaptcha.net https://duube1y6ojsji.cloudfront.net https://*.paperform.co http://secure.wufoo.com https://api.usabilla.com https://w.usabilla.com https://www.youtube.com https://static.hotjar.com https://script.hotjar.com https://tagmanager.google.com https://d6tizftlrpuof.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net https://d2wy8f7a9ursnm.cloudfront.net https://*.bugherd.com https://bugherd-attachments.s3.amazonaws.com https://cancer.org.au https://*.cancer.org.au https://*.gstatic.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://ajax.googleapis.com https://cse.google.com https://www.google.com.au https://*.googletagmanager.com https://*.google-analytics.com https://code.jquery.com https://use.typekit.net https://*.sharethis.com https://*.facebook.net https://s.ytimg.com https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_v1.0.12.js https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_lib_v1.0.12.js; style-src 'self' 'unsafe-inline' https://embedsocial.com https://cdn.curator.io https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web/tiktok/falcon/embed/embed_lib_v1.0.11.css https://*.klaviyo.com https://static.klaviyo.com  https://*.cancer.org.au https://cancer.org.au https://web.webformscr.com https://d6tizftlrpuof.cloudfront.net https://d2wy8f7a9ursnm.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net https://cdnjs.cloudflare.com https://*.googleapis.com https://*.google.com https://optimize.google.com https://fonts.googleapis.com https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_lib_v1.0.12.css; img-src 'self' data: https://www.google.co.in  https://*.dotomi.com https://*.curator.io https://curator-assets.b-cdn.net https://www.linkedin.com https://p.adsymptotic.com https://p.adsymptotic.com https://px.ads.linkedin.com https://t.co https://analytics.twitter.com https://optimize.google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://*.monsido.com https://*.cancer.org.au https://cancer.org.au  https://*.kc-usercontent.com https://*.youtube.com https://www.youtube.com https://*.youtube.com https://d6tizftlrpuof.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net https://*.bugherd.com https://*.usabilla.com https://www.google-analytics.com https://www.google.com.au https://*.doubleclick.net https://platform-cdn.sharethis.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.facebook.com https://*.typekit.net https://script.hotjar.com https://*.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io; media-src 'self' data: https://curator-assets.b-cdn.net https://*.kc-usercontent.com; font-src 'self' data: https://*.cancer.org.au https://cancer.org.au https://*.typekit.net https://cdnjs.cloudflare.com https://d6tizftlrpuof.cloudfront.net https://d2wy8f7a9ursnm.cloudfront.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.bugherd.com https://d2iiunr5ws5ch1.cloudfront.net https://script.hotjar.com https://static.klaviyo.com; frame-src 'self' https://embedsocial.com https://www.tiktok.com https://www.instagram.com https://tsdtocl.com https://paperform.co https://paperform.co/__embed.min.js https://*.paperform.com https://ads.google.com https://www.linkedin.com https://twitter.com https://app.magicapp.org https://optimize.google.com https://*.paperform.co https://cancer.org.au https://www.youtube.com https://www.facebook.com https://cse.google.com https://*.doubleclick.net https://www.sunsmart.com.au https://c.sharethis.mgr.consensu.org https://www.google.com https://www.google.com.au https://vars.hotjar.com https://d2wy8f7a9ursnm.cloudfront.net https://d6tizftlrpuof.cloudfront.net https://cancercounciltas.wufoo.com; connect-src 'self' https://analytics.tiktok.com https://*.linkedin.com https://api.curator.io https://*.klaviyo.com https://static.klaviyo.com  https://us-central1-adaptive-growth.cloudfunctions.net  https://analytics.google.com https://www.cancercouncilfundraising.com.au https://*.doubleclick.net https://*.google-analytics.com https://*.algolia.net https://*.algolianet.com https://api.usabilla.com https://sessions.bugsnag.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.bugherd.com https://bugherd-attachments.s3.amazonaws.com wss://ws.pusherapp.com https://sockjs.pusher.com https://cdn.linkedin.oribi.io https://heatmaps.monsido.com https://trc-events.taboola.com https://content.hotjar.io https://pips.taboola.com https://cds.taboola.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; object-src 'self'; frame-ancestors 'self' https://app.kontent.ai https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://adservice.google.com https://*.app.magicapp.org https://app.magicapp.org/widget/recommendation/init.js https://analytics.tiktok.com/* https://*.tiktok.com/ https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CNOES83C77UF2JJS2970&lib=ttq 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://www.zenaps.com https://isitetv.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tpc.googlesyndication.com https://tr.snapchat.com https://tr6.snapchat.com https://www.pinterest.com https://www.pinterest.co.uk blob: https://gum.criteo.com https://app.qubit.com https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ct.pinterest.com https://analytics.tiktok.com https://tr.snapchat.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.zavvi.com https://upload.uploadcare.com https://598nyfqkt7.execute-api.eu-west-1.amazonaws.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://*.pndsn.com wss://*.liveperson.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://connect.facebook.net https://www.zavvi.com https://m.zavvi.com https://checkout.zavvi.com https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-media.akamaized.net https://download-video.akamaized.net https://*.zavvi.com https://123vod-adaptive.akamaized.net https://456vod-adaptive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://pagead2.googlesyndication.com https://*.criteo.com https://static.criteo.net https://*.google.co.uk https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://tpc.googlesyndication.com https://*.baidu.com https://sc-static.net https://google.co.uk https://lantern.roeyecdn.com https://lantern.roeye.com https://s.pinimg.com https://analytics.tiktok.com https://*.ibytedtos.com https://static.ads-twitter.com https://analytics.twitter.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://static.goqubit.com https://*.qubit.com https://ucarecdn.com https://cdn.pubnub.com https://assets.dekopay.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' https://www.iobeducacao.com *.userguiding.com *.iob.com.br 1
default-src 'self' *.latoken.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com data: moments.latoken.com; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com *.segment.io *.segment.com static.tildacdn.com fonts.googleapis.com *.tilda.ws *.tildacdn.com gso.amocrm.com *.twitter.com *.twimg.com moments.latoken.com promo.latoken.com *.sendbird.com; manifest-src 'self' 'unsafe-inline' cdn-new.latoken.com; script-src 'unsafe-inline' *.twitter.com *.twimg.com *.visualwebsiteoptimizer.com *.segment.com *.segment.io app.vwo.com gso.amocrm.ru gso.amocrm.com latoken.breezy.hr static.cloudflareinsights.com latoken.com vctv.latoken.com connect.facebook.net mc.yandex.ru *.smartlook.com *.google-analytics.com *.analytics.google.com analytics.google.com *.googletagmanager.com *.youtube.com *.tradingview.com *.zdassets.com *.zopim.com www.google.com www.gstatic.com cdn-new.latoken.com *.hcaptcha.com https://hcaptcha.com *.sendbird.com 'self' *.securionpay.com https://platform.onmeta.in/onmeta-sdk.js www.onmeta.in/onmeta-sdk.js *.onmeta.in https://*.mediamathrdrt.com; connect-src 'self' *.latoken.com wss://*.latoken.com mc.yandex.ru *.smartlook.cloud *.doubleclick.net *.google-analytics.com *.analytics.google.com analytics.google.com *.hcaptcha.com *.breezy.hr *.zdassets.com *.zendesk.com *.zopim.com *.locize.app sentry.latoken.com:8443 www.gstatic.com wss://widget-mediator.zopim.com api.mercuryo.io oplata.qiwi.com fp.qiwi.com w.qiwi.com edge.qiwi.com my.qiwi.com pay.settlepay.net www.facebook.com connect.facebook.net stat.tildacdn.com gso.amocrm.com gso.amocrm.ru forms.tildacdn.com wss://*.cbox.ws widget.mercuryo.io hooks.zapier.com *.visualwebsiteoptimizer.com *.segment.io *.segment.com *.sendbird.com wss://*.sendbird.com *.securionpay.com ws.coincodex.com coincodex.com *.googleapis.com assets.transak.com s2.coinmarketcap.com https://platform.onmeta.in/onmeta-sdk.js www.onmeta.in/onmeta-sdk.js *.onmeta.in https://*.mediamathrdrt.com; frame-src *.visualwebsiteoptimizer.com *.segment.com *.segment.io latoken.com *.latoken.com www.google.com api.mercuryo.io oplata.qiwi.com fp.qiwi.com w.qiwi.com edge.qiwi.com my.qiwi.com pay.settlepay.net pay.itez.com trade-ui.coinify.com widget.xanpool.com embed.bitrefill.com www.youtube.com www.facebook.com connect.facebook.net gso.amocrm.com gso.amocrm.ru *.cbox.ws widget.mercuryo.io *.twitter.com *.doubleclick.net *.securionpay.com hcaptcha.com *.hcaptcha.com pay.mrcr.io pay.mercuryo.io *.hcaptcha.com *.sendbird.com *.coincodex.com https://platform.onmeta.in/onmeta-sdk.js www.onmeta.in/onmeta-sdk.js *.onmeta.in https://js.dev.shift4.com/ https://api.shift4.com/; img-src 'self' blob: data: latoken.com *.latoken.com moments.latoken.com www.gstatic.com www.google-analytics.com www.facebook.com mc.yandex.ru *.tildacdn.com www.google.com www.google.ru www.google.com.ua www.google.de www.google.ge img.youtube.com *.twimg.com *.twitter.com gso.amocrm.com gso.amocrm.ru *.visualwebsiteoptimizer.com *.segment.io *.segment.com *.sendbird.com sendbird-eu-1.s3.amazonaws.com *.zopim.io *.coincodex.com s2.coinmarketcap.com; worker-src self latoken.com *.latoken.com blob:; media-src 'self' *.latoken.com *.zdassets.com 1
default-src 'self' *.esecuredata.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.esecuredata.com *.idig.net *.cloudflare.com *.google-analytics.com; style-src 'self' 'unsafe-inline' *.esecuredata.com *.fontawesome.com; img-src 'self' *.esecuredata.com *.idig.net *.google-analytics.com; font-src 'self' *.fontawesome.com 1
frame-ancestors *.threatspike.com 1
frame-ancestors 'self' *.connectmeinforma.com dev.totem-app.com www.fanexpohq.events 1
default-src 'self' *.vidyard.com https: mailto:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https: mailto: blob:; object-src 'self'; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https: blob:; font-src 'self' https: data:; connect-src 'self' https: wss: ; upgrade-insecure-requests 1
upgrade-insecure-requests; default-src adm-nao.ru *.adm-nao.ru nao24.ru *.nao24.ru static-maps.yandex.ru 'unsafe-inline' vk.com *.vk.com yastatic.net *.yandex.net yandex.st *.yandex.ru yandex.ru *.gosuslugi.ru *.sputnik.ru data: 1
frame-ancestors 'self' https://metallic.io/ 1
default-src * 'unsafe-inline' 'unsafe-eval'; frame-src https://mobilemaps.net.au; frame-ancestors 'none'; img-src * data:; font-src * data:; 1
default-src https: 'self' 'unsafe-eval'  'unsafe-inline' *.hitachivantara.com *.gartner.com  *.hotjar.com players.brightcove.net  *.cloudfront.net *.adobeaemcloud.com author-p120002-e1240831.adobeaemcloud.com  author-p120002-e1162760.adobeaemcloud.com  author-p120002-e1162814.adobeaemcloud.com  author-p120002-e1162813.adobeaemcloud.com hitachivantara.zoom.us *.zi-scripts.com *.agora.io  *.edge.agora.io *.sd-rtn.com *.edge.sd-rtn.com tags.tiqcdn.com *.hds.com; img-src https: data: blob: *; object-src 'self'  ; script-src-elem https: 'unsafe-inline' blob: https://www.hitachivantara.com/* *.hitachivantara.com  ; connect-src https: *.hotjar.com wss://ws.hotjar.com ; frame-ancestors 'self' *.hitachivantara.com *.hotjar.com *.gartner.com *.zi-scripts.com *.lightning.force.com *.vf.force.com *.salesforce.com *.my.salesforce.com *.visual.force.com *.visualforce.com service.force.com acrobatservices.adobe.com *.partnerlocator.hitachivantara.com *.adobeaemcloud.com author-p120002-e1240831.adobeaemcloud.com  author-p120002-e1162760.adobeaemcloud.com  author-p120002-e1162814.adobeaemcloud.com  author-p120002-e1162813.adobeaemcloud.com hitachivantara.zoom.us *.agora.io  *.edge.agora.io *.sd-rtn.com *.edge.sd-rtn.com partnerlocator.hitachivantara.com pages.hitachivantara.com ; frame-src 'self' acrobatservices.adobe.com *.flexnetoperations.com *.hitachivantara.com *.zi-scripts.com *.gartner.com author-p120002-e1240831.adobeaemcloud.com  *.hotjar.com author-p120002-e1162760.adobeaemcloud.com  author-p120002-e1162814.adobeaemcloud.com  author-p120002-e1162813.adobeaemcloud.com hitachivantara.zoom.us *.facebook.com *.adobeaemcloud.com  *.agora.io  *.edge.agora.io *.sd-rtn.com *.edge.sd-rtn.com *.google.com *.gstatic.com *.greenhouse.io *.dacast.com  hitachi.demdex.net *.partnerlocator.hitachivantara.com pages.hitachivantara.com *.hitachinext.com *.g.doubleclick.net *.amazonaws.com *.doubleclick.net *.company-target.com  *.ceros.com  ibc-flow.techtarget.com  hdscorp.my.salesforce.com *.salesfoce.com *.adsrvr.org *.rlcdn.com *.brighttalk.com *.lightning.force.com *.vf.force.com *.my.salesforce.com *.visual.force.com *.visualforce.com service.force.com ; worker-src 'self' blob: *.hitachinext.com *.zi-scripts.com *.adobeaemcloud.com author-p120002-e1240831.adobeaemcloud.com  author-p120002-e1162760.adobeaemcloud.com  author-p120002-e1162814.adobeaemcloud.com  author-p120002-e1162813.adobeaemcloud.com *.agora.io  *.edge.agora.io *.sd-rtn.com *.hotjar.com *.edge.sd-rtn.com ; media-src 'self' blob: *.hitachinext.com *.adobeaemcloud.com author-p120002-e1240831.adobeaemcloud.com  author-p120002-e1162760.adobeaemcloud.com  author-p120002-e1162814.adobeaemcloud.com  author-p120002-e1162813.adobeaemcloud.com hitachivantara.zoom.us *.agora.io  *.edge.agora.io *.sd-rtn.com *.edge.sd-rtn.com *.folloz.com https: ; font-src 'self' data: *; 1
frame-ancestors 'self' intranet.bibb-service.de *.arbeitswelt-portal.de webstats.bibb.de; 1
frame-ancestors 'self' *.webwire.com *.authorize.net; 1
frame-ancestors 'self' *.wellspan.org *.epic.com *.medchatapp.com 1
img-src * blob: data:; frame-ancestors *; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.sanity.io/files/ https://analytics.twitter.com/ https://static.ads-twitter.com/uwt.js https://www.redditstatic.com/ads/pixel.js https://player.vimeo.com/api/player.js https://kantarinteractive.3mil-demo.co.uk/ https://media-cdn.ipredictive.com/js/cirt_v2.min.js https://go.in.kantar.com/ https://media-cdn.ipredictive.com/js/ https://www.googleadservices.com/ https://online2.superoffice.com/ https://snap.licdn.com/li.lms-analytics/ https://services.cognitoforms.com/scripts/ https://embedsocial.com/cdn/iframe.js https://embedsocial.com/embedscript/in.js https://view-awesome-table.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/pagead/conversion_async.js https://cdn.jotfor.ms/js/ https://js.jotform.com/ https://js.jotform.com/vendor/ https://cdn.jotfor.ms/static/ https://cdnjs.cloudflare.com/ajax/libs/punycode/1.4.1/ https://form.jotform.com/jsform/ https://js.hs-analytics.net/analytics/1598004900000/ https://js.hs-analytics.net/analytics/ https://js.hs-banner.com/3788602.js https://js.hscollectedforms.net/collectedforms.js https://forms.hsforms.com/ https://js.hs-scripts.com/3788602.js https://js.hsforms.net/forms/v2.js https://euc-widget.freshworks.com https://app-static.turtl.co/embed/turtl.embed.v1.js https://s.ytimg.com https://www.youtube.com/iframe_api https://pi.pardot.com/ https://go.tnsglobal.com/ https://preferences.kantarworldpanel.com/ https://go.millwardbrown.com/ https://www2.kantar.com https://consent.cookiebot.com/ https://cdn.saberfeedback.com https://feedback.saberfeedback.com/ https://www.youtube.com https://ssl.google-analytics.com/ga.js https://ajax.googleapis.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://ct.capterra.com/ https://gomedia.kantar.com/ https://ws.zoominfo.com/ https://e.infogram.com/ https://consentcdn.cookiebot.com https://player.podigee-cdn.net/ https://digitalpacemaker.podigee.io/ https://crm.zoho.eu/ https://crm.zohopublic.eu/ js-eu1.hsforms.net https://extend.vimeocdn.com https://79b5d9bf7db0483cbfe2471a3040bd31.js.ubembed.com/ https://assets.ubembed.com/ https://scripts.teamtailor-cdn.com siteimproveanalytics.com https://static.hotjar.com https://script.hotjar.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hsadspixel.net https://go.kantarmarketplace.com https://js-na1.hsforms.net https://js-eu1.hsforms.net https://js.hsforms.net https://7f346aea2e09467584ee8045e9295981.js.ubembed.com https://www.cognitoforms.com/ https://js-eu1.hs-scripts.com/ https://js-eu1.hs-analytics.net/analytics/ https://js-eu1.hubspot.com/web-interactives-embed.js https://js-eu1.hs-banner.com/26080127.js https://js-eu1.hscollectedforms.net/collectedforms.js; style-src 'self' 'unsafe-inline' https://cdn.sanity.io/files/ https://embedsocial.com/cdn/iframe-lightbox.min.css https://cdn.jotfor.ms/wizards/languageWizard/custom-dropdown/css/ https://cdn.jotfor.ms/css/styles/payment/ https://cdn.jotfor.ms/themes/CSS/ https://cdn.jotfor.ms/css/ https://cdn.jotfor.ms/css/styles/ https://cdn.jotfor.ms/static/ https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://euc-widget.freshworks.com https://app-static.turtl.co/embed/turtl.embed.v1.css https://feedback.saberfeedback.com/ https://cdn.saberfeedback.com https://tagmanager.google.com/ https://fast.fonts.net https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; connect-src *; img-src 'self' data: https://668620654.privacysandbox.googleadservices.com/ https://405677348.privacysandbox.googleadservices.com/ https://pixel.tapad.com/  https://idsync.rlcdn.com/ https://x.bidswitch.net/ https://stags.bluekai.com/ https://pixel.advertising.com/ https://dsum-sec.casalemedia.com/ https://eu-u.openx.net/ https://alb.reddit.com/ https://px.ads.linkedin.com/ https://pixel.mathtag.com/ https://simage2.pubmatic.com/ https://t.co/ https://ad.ipredictive.com/ https://www.google.co.za/pagead/1p-user-list/668928299/ https://p.adsymptotic.com/ https://px.ads.linkedin.com/ https://www.google.com/ https://www.google.co.uk/ https://www.google.co.uk/ads/ https://events.jotform.com/ https://events.jotform.com/jsform/200924737274357/ https://cdn.jotfor.ms/ https://assets.turtl.co/covers/ https://www.google.co.za/ads/ https://www.googletagmanager.com/ https://www.google.com/ads/ https://track.hubspot.com/ https://forms.hsforms.com/embed/v3/ https://forms.hubspot.com/outpost/formsnextembed/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ *.doubleclick.net https://www.google-analytics.com *.gstatic.com https://maps.googleapis.com https://assets.turtl.co/covers/5ef0c513e144c46e0f06dcca.jpg https://ct.capterra.com/ https://cdn.sanity.io/ https://media.glassdoor.com/ *.siteimproveanalytics.io https://static.hotjar.com https://script.hotjar.com https://forms-eu1.hsforms.com https://imgsct.cookiebot.com https://perf-eu1.hsforms.com/embed/v3/counters.gif https://track-eu1.hubspot.com/__ptq.gif; frame-src 'self' https://kantarinteractive.3mil-demo.co.uk/ https://www.mavens.co.uk/ https://11404277.fls.doubleclick.net/ https://app.livestorm.co/ https://app.powerbi.com/ https://newsletterform.z6.web.core.windows.net/ https://go.in.kantar.com/ http://mkt.kantar.com/ https://tns-portal.rexx-recruitment.com/ https://www.kantarlivefr.com/ https://online2.superoffice.com/ https://v.qq.com/ https://services.cognitoforms.com/f/ https://embedsocial.com/ https://view-awesome-table.com/ https://www.kantarworldpanel.com https://form.jotform.com/ https://submit.jotformeu.com/ https://app-widgets.jotform.io https://www3.kantarmedia.com/ https://datawrapper.dwcdn.net https://widgets.jotform.io/ https://www.kantarmarketplace.com/ https://preferences.kantarworldpanel.com/ https://html5-player.libsyn.com/ https://play.libsyn.com/ https://mkt.kantar.com/ https://forms.hsforms.com/ https://go.pardot.com/ https://go.na.kantar.com/ https://kantar.wd3.myworkdayjobs.com/ https://player.vimeo.com/ https://kantar.turtl.co/ https://www2.kantar.com/ https://staginglocal.kantarmarketplace.com https://go.kantarmarketplace.com/ https://www.youtube.com/iframe_api https://consentcdn.cookiebot.com/ https://go.millwardbrown.com/ https://www.google.com https://www.youtube.com https://apps.sitecore.net/ https://gomedia.kantar.com/ https://anchor.fm/ https://e.infogram.com/ https://player.podigee-cdn.net/ https://audionow.de/ cdn.jotfor.ms https://*.kantar.com/ forms-eu1.hsforms.com https://ktglbuc-my.sharepoint.com/ https://kantar.marketin.cn https://www.baidu.com/ https://forms.zohopublic.eu/ https://79b5d9bf7db0483cbfe2471a3040bd31.pages.ubembed.com https://vars.hotjar.com https://www2.kantar-xtel.com https://www.cognitoforms.com/ https://embed.acast.com/ https://kmpcms.ktrmr.cn; frame-ancestors https://*.khapps.com https://*.khapps.jp; font-src 'self' data: https://cdn.sanity.io/files/ https://www.kantar.com/-/media/Themes/Kantar/Global/KantarMain/fonts/ https://www.kantar.com/-/media/Themes/Kantar/Global/KantarMain/fonts/KantarBrown https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ https://sites.kantarconsulting.com/toolbox/fonts/KantarBrownWeb-Regular.woff2 https://feedback.saberfeedback.com https://fonts.gstatic.com https://script.hotjar.com; media-src 'self' data: https://cdn.sanity.io/ https://vimeo.com/ 1
frame-ancestors 'self' https://app.mutinyhq.com; 1
frame-ancestors 'self' https://rbi.experiencecloud.adobe.com https://fullstory.com https://edge.fullstory.com rs.fullstory.com https://test.salesforce.com https://login.salesforce.com https://unity--trinitydev.my.salesforce.com https://unity--trinitydev.sandbox.my.salesforce.com *.lookbookhq.com *.pathfactory.com *.adobedtm.com https://rbi.demdex.net https://subscriber.icis.com 1
frame-ancestors https://emias.info https://*.emias.info https://metrika.yandex.ru https://metrica.yandex.com https://metrika.yandex.by https://metrica.yandex.com.tr 1
upgrade-insecure-requests; frame-ancestors 'self' *.seznam.cz www.sbazar.cz admin.sbazar.cz *.sbazar.cz; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.cz *.szn.cz gacz.hit.gemius.pl scz.hit.gemius.pl *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com cdn.id5-sync.com tags.crwdcntrl.net *.sbazar.cz login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz connect.facebook.net seznam.daktela.com *.hit.gemius.pl www.googletagmanager.com *.hotjar.com unpkg.com/@seznam; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.cz *.szn.cz gacz.hit.gemius.pl scz.hit.gemius.pl *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com cdn.id5-sync.com tags.crwdcntrl.net *.sbazar.cz blob: login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz connect.facebook.net seznam.daktela.com *.hit.gemius.pl www.googletagmanager.com *.hotjar.com unpkg.com/@seznam; worker-src 'self' blob: www.sbazar.cz admin.sbazar.cz 1
script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' http://www.google.com/recaptcha/api.js https://www.gstatic.com/ https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js http://image.providesupport.com *.exclusivehosting.net; frame-ancestors 'self'; 1
frame-ancestors 'self' https://cdn-pre.tngdigital.com.my https://cdn.tngdigital.com.my 1
frame-ancestors https://www.hoeffner.de 'self' http://images.google.de http://images.google.com https://images.google.de https://images.google.com https://ogone.test.v-psp.com https://secure.ogone.com 1
default-src 'unsafe-inline' 'self' 'unsafe-eval' https://*.edureka.co https://www.google.co.in https://*.paytm.in wss://*.paytm.in https://*.paytm.com wss://*.paytm.com https://*.paytmpayments.com wss://*.paytmpayments.com https://*.indoleads.com https://*.linksynergy.com https://p.easyinsights.in https://api-corp.edureka.co https://cdn.linkedin.oribi.io/ https://*.doubleclick.net https://learningcenter.edureka.co https://*.clevertap-prod.com https://www.clarity.ms https://*.clarity.ms https://s3-eu-west-1.amazonaws.com/static.wizrocket.com https://clk1.reachclk.com https://*.amazonaws.com https://*.googleapis.com https://*.google.com https://fast.wistia.net https://cdnjs.cloudflare.com https://*.jquery.com https://*.bootstrapcdn.com https://*.vizury.com https://*.googleadservices.com https://*.razorpay.com https://*.paypal.com https://mbsy.co https://www.paypalobjects.com https://results.affilitrace.com https://*.freshdesk.com https://*.twitter.com https://*.ytimg.com https://fonts.googleapis.com https://d36mpcpuzc4ztk.cloudfront.net https://www.youtube.com https://*.facebook.com https://*.linkedin.com https://www.googletagmanager.com https://bat.bing.com https://www.google-analytics.com https://static.clevertap.com https://wzrkt.com https://connect.facebook.net https://*.twimg.com https://d1jnx9ba8s6j9r.cloudfront.net https://duyseoho78lqc.cloudfront.net  https://d30aa6afk7qd1v.cloudfront.net https://dop9av6nvryqq.cloudfront.net https://d25qem54r5kbml.cloudfront.net https://d2r1yp2w7bby2u.cloudfront.net https://*.crazyegg.com https://*.bizographics.com https://*.quora.com https://*.useproof.com https://snap.licdn.com https://*.taboola.com https://*.gstatic.com https://*.emjcd.com https://matomo.easyinsights.ai https://*.algolia.net https://*.algolianet.com https://*.admitad.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.algolia.io https://*.zoho.com https://*.zohostatic.com https://*.zohopublic.com wss://*.zohopublic.com https://*.zohocdn.com https://*.googleoptimize.com;font-src data: * blob; img-src data: * blob; 1
frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.getsmartcontent.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://googleads.g.doubleclick.net https://js.adsrvr.org https://munchkin.marketo.net https://s.getsmartcontent.com https://s.swiftypecdn.com https://snap.licdn.com https://snippet.ramblechat.com https://tracker.mrpfd.com https://vidassets.terminus.services https://opench.bamboohr.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com https://www.gartner.com https://fonts.googleapis.com https://fonts.gstatic.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; form-action 'self' https://www.facebook.com https://nmdp.okta.com; 1
content-security-policy: default-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googlesyndication.com/ https://*.gstatic.com https://partner.googleadservices.com https://www.googleoptimize.com https://script.hotjar.com/ https://static.hotjar.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://ajax.googleapis.com/ https://www.calcxml.com/ https://cdnjs.cloudflare.com/ https://*.firebaseio.com https://*.google.com https://*.facebook.net https://*.trustpilot.com https://*.jquery.com https://*.callrail.com https://*.pardot.com https://*.googleapis.com https://*.jsdelivr.net https://*.pingdom.net https://*.brandcdn.com https://*.licdn.com https://*.swiftypecdn.com https://*.visualwebsiteoptimizer.com https://*.credible.com; style-src 'self' 'unsafe-inline' https://profontawesome.com/ https://www.incharge.org/ https://fonts.googleapis.com/ https://www.calcxml.com/ https://www.google.com/ https://optimize.google.com https://*.cloudflare.com; connect-src 'self' wss://*.firebaseio.com https://*.landbot.io https://*.googlesyndication.com/  https://*.google.com https://stats.g.doubleclick.net https://*.googlesyndication.com/ https://*.hotjar.com/ wss://*.hotjar.com/ https://www.calcxml.com/ https://*.googleapis.com/ https://google-analytics.com https://www.google-analytics.com https://googletagmanager.com https://*.facebook.net/ https://*.callrail.com https://*.yoast.com https://yoast.com https://*.wpengine.com https://*.credible.com https://*.pingdom.net; frame-ancestors 'self'; 1
script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://static.addtoany.com; frame-ancestors 'self'; form-action 'self'; 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * blob: data:; font-src * data:; style-src * 'unsafe-inline'; media-src * blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com;connect-src 'self' https://maps.googleapis.com *.sentry.io;img-src 'self' data: https://maps.gstatic.com https://maps.googleapis.com;upgrade-insecure-requests;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
default-src 'none'; font-src 'self' fonts.gstatic.com data:;img-src * 'self' data: https:;script-src 'self' 'unsafe-inline' *.ingest.sentry.io *.segment.com https://www.datadoghq-browser-agent.com *.segment.io munchkin.marketo.net www.google.com google.com *.googletagmanager.com *.licdn.com www.gstatic.com discover.clickhouse.com cdnjs.cloudflare.com clickhouse.com js.stripe.com js.driftt.com *.fullstory.com; connect-src 'self' 'unsafe-inline' wss: *.clickhouse-dev.com:* *.clickhouse-staging.com:* *.clickhouse.cloud:* *.ingest.sentry.io https://*.browser-intake-us3-datadoghq.com *.segment.com *.segment.io *.us-east-2.amazonaws.com *.google-analytics.com *.linkedin.oribi.io clickhouse-staging.auth.us-east-2.amazoncognito.com clickhouse.auth.us-east-2.amazoncognito.com *.mktoresp.com clickhouse.com *.clickhouse.com s3.eu-west-1.amazonaws.com *.fullstory.com *.auth0.com https://cdn.growthbook.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com discover.clickhouse.com; frame-src *.clickhouse-dev.com:* *.clickhouse-staging.com:* *.clickhouse.cloud:* https://discover.clickhouse.com https://www.google.com https://www.googletagmanager.com https://js.stripe.com https://player.vimeo.com https://js.driftt.com/ *.auth0.com; media-src https://js.driftt.com/; object-src 'none'; worker-src blob:;frame-ancestors 'none' 1
default-src 'self' *.vodafone.com *.vodafone.ro wss://*.vodafone.ro *.paymentsos.com *.amazonaws.com *.cookielaw.org *.onetrust.com *.fonts.gstatic.com *.google.com google.com *.google-analytics.com google.ro *.google.ro *.google.co.uk *.google.bg *.google.md *.google.com.ua *.google.com.tr *.google.hu *.google.rs *.teads.tv dpm.demdex.net *.facebook.com *.facebook.net *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net *.ytimg.com *.hotjar.com wss://*.hotjar.com *.adform.net cm.everesttech.net vodafoneromania.demdex.net server.seadform.net *.hotjar.io *.kampyle.com vodafoneromania.tt.omtrdc.net maps.googleapis.com www.youtube.com *.criteo.com *.criteo.net dynamic.criteo.com *.bright-sky.org *.eu01.nr-data.net bs-prod-api-endpoint-a8g4hrcnd5hvahee.z01.azurefd.net data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vodafone.com *.vodafone.ro *.paymentsos.com *.amazonaws.com *.cookielaw.org *.onetrust.com *.tiqcdn.com *.gstatic.com *.teads.tv dpm.demdex.net *.facebook.net *.facebook.com *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net *.youtube.com *.ytimg.com *.hotjar.com *.adform.net *.google.com *.google.ro *.google.co.uk *.google.bg *.google.md *.google.com.ua *.google.com.tr *.google.hu *.google.rs *.kampyle.com maps.googleapis.com *.criteo.com *.criteo.net dynamic.criteo.com *.bright-sky.org *.newrelic.com bs-prod-api-endpoint-a8g4hrcnd5hvahee.z01.azurefd.net; style-src 'self' 'unsafe-inline' *.vodafone.com *.vodafone.ro 1
frame-ancestors 'self' https://www.bodas.net https://comunidad.bodas.net https://landing.bodas.net 1
frame-ancestors 'self' *.digit.in *.ampproject.org *.google.co.in *.google.com 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.appdynamics.com https://*.cloudfront.net https://api.usabilla.com https://googleads.g.doubleclick.net https://*.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://nconnect.facebook.net https://www.youtube.com https://w.usabilla.com https://scripts.nwebsec.com https://www.google.com https://static.doubleclick.net https://api.wunderground.com https://pym.nprapps.org https://connect.facebook.net https://maps.googleapis.com https://*.iperceptions.com https://az452423.vo.msecnd.net https://ips-invite.iperceptions.com https://syndication.twitter.com https://s.ytimg.com https://iperceptions01.azureedge.net https://dnn506yrbagrg.cloudfront.net https://www.gstatic.com https://bat.bing.com https://static.cmptch.com https://s.adroll.com https://d.adroll.com https://media.zoomprospector.com https://*.appdynamics.com https://tagmanager.google.com https://tagmanager.google.com/debug/css.css blob: https://*.aspnetcdn.com https://optimize.google.com https://se-engage-components-dev.herokuapp.com https://se-engage-components-uat.herokuapp.com https://se-engage-manifastener-dev.herokuapp.com https://se-engage-manifastener-uat.herokuapp.com https://se-engage-manifastener-prod.herokuapp.com https://engage-components.stg.rotw.uplight.io https://engage-components.uat.rotw.uplight.io https://engage-components.prd.rotw.uplight.io https://engage-api.simpleenergy.io https://*.zoomprospector.com https://*.licdn.com https://*.adsrvr.org https://*.sizeup.com https://*.dynamics.com https://*.nrel.gov https://*.udev1a.net https://*.usablenet.com https://rec.smartlook.com https://*.fullstory.com https://*.koopid.io https://*.ensighten.com https://*.simpleenergy.io https://*.1trust.app https://*.onetrust.com https://*.koopid.ai https://*.crazyegg.com https://rs.fullstory.com https://edge.fullstory.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://player.vimeo.com https://*.powerclerk.com https://cse.google.com https://clients1.google.com/complete/search https://static.ads-twitter.com https://127.0.0.1/lastNetworkActivity https://kendo.cdn.telerik.com https://*.yimg.com https://*.acuityplatform.com https://*.nextdoor.com https://*.pingdom.com https://*.pingdom.net https://*.adnxs.com/ https://*.verse.com/ https://global.oktacdn.com;object-src 'self' https://www.applianceserviceplan.com;style-src 'self' 'unsafe-inline' https://www.youtube.com https://www.fonts.googleapis.com https://fonts.googleapis.com https://*.cloudfront.net https://tagmanager.google.com/debug/css.css https://optimize.google.com https://*.nrel.gov https://*.udev1a.net https://*.usablenet.com https://*.koopid.io https://*.simpleenergy.io https://*.1trust.app https://*.onetrust.com https://*.koopid.ai https://*.crazyegg.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.powerclerk.com https://www.google.com/cse/ https://kendo.cdn.telerik.com https://*.verse.com/ https://global.oktacdn.com;img-src 'self' https://www.google.com https://www.google-analytics.com https://i.ytimg.com https://www.facebook.com https://*.cloudfront.net https://bat.bing.com https://gtrk.s3.amazonaws.com https://i.vimeocdn.com https://ips-img.iperceptions.com https://maps.googleapis.com https://maps.gstatic.com https://pbs.twimg.com https://stats.g.doubleclick.net https://w.usabilla.com https://www.googletagmanager.com https://www.google.ca https://www.google.co.in https://optimize.google.com https: data: https://*.crazyegg.com https://rs.fullstory.com https://*.powerclerk.com blob:;media-src 'self' https:;frame-src https://*.iperceptions.com https://connect.facebook.net https://ipn2.paymentus.com https://na-sj06.marketo.com https://player.vimeo.com https://www.facebook.com https://www.google.com https://tagmanager.google.com https://optimize.google.com https: https://*.crazyegg.com;font-src 'self' https://fonts.gstatic.com https://cdn.joinhoney.com https: data:;connect-src 'self' https://api.iperceptions.com https://col.eum-appdynamics.com https://stats.g.doubleclick.net https://www.google-analytics.com https: https://*.crazyegg.com https://edge.fullstory.com https://rs.fullstory.com https://*.powerclerk.com;child-src 'self' https://www.googletagmanager.com https://ipn2.paymentus.com https://connect.facebook.net https://www.google.com https://*.iperceptions.com https://tagmanager.google.com https://www.youtube.com https: blob: https://*.crazyegg.com;frame-ancestors 'self' https:;worker-src https: data: blob: https://*.crazyegg.com;report-uri /webapi/reporting/csp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.facebook.net https://*.twitter.com https://*.linkedin.com https://www.google-analytics.com https://cdn.jsdelivr.net https://code.jquery.com https://cdn.syndication.twimg.com https://cdn.rawgit.com  https://static.addtoany.com  https://compteurweb.ehess.fr 1
default-src 'self' data: blob: gap: https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.akamaized.net https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com https://media-.akamaized.net https://gsam.sc.omtrdc.net https://gs-analytics.url.gs.com:8443 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com https://consent.trustarc.com https://fonts.gstatic.com https://fonts.gstatic.com data:; script-src 'self' https://s.dmwdyr.com https://s.gihwyz.com  https://cdn.pdst.fm https://*.marketo.com https://*.mktoweb.com https://consent.trustarc.com https://polyfill.io https://consent-pref.trustarc.com https://fonts.googleapis.com https://assets.adobedtm.com https://ds-aksb-a.akamaihd.net https://*.gsam.com https://*.gs.com https://*.google.com https://snap.licdn.com https://*.gsacquisition.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://*.googletagmanager.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com https://gsam.122.2o7.net https://api.darksky.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://peoplesearch.web.gs.com:7119/ https://*.launchdarkly.com https://cdn.linkedin.oribi.io  https://s.dmwdyr.com https://s.gihwyz.com  https://us-central1-adaptive-growth.cloudfunctions.net https://*.mktoresp.com https://*.marketo.com https://*.qualtrics.com https://*.akamaized.net https://gsam.122.2o7.net https://*.gs.com https://*.gsam.com https://*.demdex.net https://*.omtrdc.net https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com  https://*.gsamsymposium.com  https://consent-pref.trustarc.com https://gsam.sc.omtrdc.net https://gs-analytics.url.gs.com:8443 'unsafe-inline' data:; object-src 'self'; child-src blob: gap: 'self' https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com; frame-src gap: 'self'  https://*.marketo.com https://*.mktoweb.com  https://t2.jiji.com https://*.qualtrics.com https://www.google.com https://*.gs.com https://*.gsam.com https://*.doubleclick.net https://*.gsacquisition.com https://*.goldmansachsbdc.com https://gsam.demdex.net https://*.goldman.com  https://consent-pref.trustarc.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com https://vds.issproxy.com; img-src 'self' https://*.qualtrics.com https://www.commercefunds.com https://p.adsymptotic.com https://ds-aksb-a.akamaihd.net https://*.google.co.in https://*.google.gr https://*.google.co.uk https://*.google.ca https://*.google.fi https://*.google.de https://*.google.fr https://*.google.it  https://*.google.com https://*.demdex.net https://*.gsam.com https://*.gs.com https://*.ads.linkedin.com https://*.doubleclick.net https://www.linkedin.com https://*.gs.com:28500 https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com https://gsam.122.2o7.net https://cm.everesttech.net https://gsam.sc.omtrdc.net https://*.rocaton.com https://consent.trustarc.com  https://consent-pref.trustarc.com data:; style-src 'self' https://s.dmwdyr.com https://s.gihwyz.com  https://*.marketo.com https://*.mktoweb.com  https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com https://fonts.googleapis.com https://fonts.googleapis.com 'unsafe-inline';  frame-ancestors  'self' https://uat-am.gs.com https://am.gs.com; 1
default-src 'self' https:; script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; img-src 'self' data: https://pagead2.googlesyndication.com https://www.google.com.br https://www.google.com https://csi.gstatic.com https://j.clarity.ms https://googleads.g.doubleclick.net https://c.clarity.ms https://c.bing.com/ ; font-src 'self' https: 'unsafe-inline' data:; object-src 'none'; connect-src 'self' wss: https://consent.cookiefirst.com https://edge.cookiefirst.com https://www.google.com https://analytics.google.com https://stats.g.doubleclick.net https://v.clarity.ms https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net/ https://j.clarity.ms https://vc.hotjar.io https://a.clarity.ms; 1
frame-ancestors 'self' *dol.com.br *elitecs.gruporba.com.br 1
default-src 'self' 'unsafe-inline' https://*.oracleinfinity.io/ https://service.maxymiser.net https://*.gbqofs.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://service.maxymiser.net https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.oracleinfinity.io/ https://*.qualtrics.com https://*.tealiumiq.com https://tags.tiqcdn.com https://*.gbqofs.io https://*.gbqofs.com https://d2oh4tlt9mrke9.cloudfront.net/Record/js/sessioncam.recorder.js https://*.euw2.pure.cloud ; object-src 'self' https://*.euw2.pure.cloud; img-src 'self' data: https://service.maxymiser.net https://cdn.optimizely.com https://*.oracleinfinity.io/ https://siteintercept.qualtrics.com https://*.sessioncam.com  https://*.gbqofs.io https://*.gbqofs.com https://*.euw2.pure.cloud https://*.ytimg.com; media-src 'self' https://*.euw2.pure.cloud; frame-src 'self' https://www.youtube-nocookie.com https://service.maxymiser.net https://nsandihowdidwedo.eu.qualtrics.com/ https://*.euw2.pure.cloud; child-src https://*.euw2.pure.cloud; font-src * data:; connect-src 'self' https://shyrka-prod-euw2.s3.eu-west-2.amazonaws.com https://*.euw2.pure.cloud wss://*.euw2.pure.cloud https://*.oracleinfinity.io/ https://siteintercept.qualtrics.com/ https://collect.tealiumiq.com/event https://*.gbqofs.io; report-uri /csp/csp-report 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.cloud; img-src 'self' https: data: blob: https://mastodon.cloud; style-src 'self' https://mastodon.cloud 'nonce-ql9uPNoVJnpkEOdoKCfMPA=='; media-src 'self' https: data: https://mastodon.cloud; frame-src 'self' https:; manifest-src 'self' https://mastodon.cloud; form-action 'self'; connect-src 'self' data: blob: https://mastodon.cloud https://media.mastodon.cloud wss://mastodon.cloud; script-src 'self' https://mastodon.cloud 'wasm-unsafe-eval'; child-src 'self' blob: https://mastodon.cloud; worker-src 'self' blob: https://mastodon.cloud 1
default-src 'self' data: https://storage-cssz-prod.predu.sk https://predushellstorage.blob.core.windows.net https://www.google-analytics.com https://maps.googleapis.com https://*.gstatic.com https://mapserver.mapy.cz https://api.mapy.cz http://api.mapy.cz https://seal.digicert.com https://analytics.cssz.cz; frame-src 'self' https://storage-cssz-prod.predu.sk https://cssz-test.predu.sk https://mpsvczmimoriadna.predu.sk/ https://www.google.com https://docs.google.com https://www.youtube.com https://analytics.cssz.cz https://static.addtoany.com; child-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage-cssz-prod.predu.sk https://cssz-test.predu.sk https://mpsvczmimoriadna.predu.sk https://maps.googleapis.com https://api.mapy.cz https://www.google-analytics.com https://portal.gov.cz https://analytics.cssz.cz https://www.googletagmanager.com https://seal.digicert.com https://static.addtoany.com; style-src 'self' 'unsafe-inline' https://storage-cssz-prod.predu.sk https://fonts.googleapis.com https://api.mapy.cz; connect-src 'self' wss://webchatapi-cssz-prod.predu.sk https://api.mapy.cz https://www.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net; 1
frame-ancestors https://platform.nexo.io https://platform.nexo.com https://support.nexo.io https://support.nexo.com https://nexosurvey.force.com https://nexoio.lightning.force.com https://nexoio--c.visualforce.com https://nexoio.my.site.com 1
default-src https: *.crazyegg.com; base-uri 'self'; connect-src 'self' https://consentcdn.cookiebot.com https://www.google.com https://secure.adnxs.com https://*.craftcms.com https://api.resumatorapi.com https://*.6sc.co wss://ws8.hotjar.com wss://ws10.hotjar.com https://in.hotjar.com https://vc.hotjar.io https://stats.g.doubleclick.net https://www.google-analytics.com https://api.hubapi.com https://forms.hubspot.com https://api.hubspot.com *.crazyegg.com; img-src 'self' https://*.6sc.co https://p.adsymptotic.com https://*.vidyard.com https://px.ads.linkedin.com https://www.linkedin.com https://www.google.com https://www.google.es https://www.google-analytics.com https://www.googletagmanager.com https://secure.gravatar.com data: https://www.bluevoyant.com  https://track.hubspot.com https://secure.gravitar.com *.crazyegg.com https://lh4.googleusercontent.com https://lh6.googleusercontent.com https://s3.us-east-2.amazonaws.com; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.driftt.com https://*.6sc.co https://www2.bluevoyant.com https://pi.pardot.com https://snap.licdn.com https://www.google-analytics.com https://script.hotjar.com https://static.hotjar.com https://secure.gravitar.com https://googletagmanager.com https://www.googletagmanager.com https://hb.wpmucdn.com https://www.bluevoyant.com  https://bluevoyant.com https://js.hs-banner.com https://js.usemessages.com https://js.hs-analytics.net https://js.hsleadflows.net https://js.hsadspixel.net https://js.usemessages.com https://js.hs-banner.com https://js.hsforms.net https://js.hs-scripts.com https://www.youtube.com https://*.crazyegg.com https://play.vidyard.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://hb.wpmucdn.com https://www.bluevoyant.com  https://bluevoyant.com https://hpwpmucdn.com https://fonts.googleapis.com data:; frame-src 'self' https://js.driftt.com https://www.bluevoyant.com https://www2.bluevoyant.com  https://vars.hotjar.com https://app.hubspot.com https://www.youtube.com https://*.googleusercontent.com *.googleusercontent.com https://play.vidyard.com https://consentcdn.cookiebot.com; font-src 'self' https://www.bluevoyant.com  https://fonts.gstatic.com https://cdn2.hubspot.net data:; object-src 'none'; upgrade-insecure-requests; 1
frame-ancestors 'self' *.uxpin.com *.uxpinstage.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com www.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src * 'self' data:; child-src 'self'; frame-src 'self' www.eporner.com ok.ru vk.com *.vk.com www.youtube.com *.google.com; font-src 'self' data:; connect-src 'self' bitru.org wss://bitru.org; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' strict-dynamic blob: app.storyblok.com caudalie.com:* *.caudalie.com:* *.caudalie.services *.caudalie-usa.com localhost:* *.googletagmanager.com *.privacy-center.org *.rakuten.com *.tiktok.com *.facebook.net *.attn.tv *.bing.com sc-static.net *.iadvize.com *.abtasty.com *.bazaarvoice.com *.google-analytics.com *.doubleclick.net *.windows.net *.slgnt.eu *.snapchat.com *.recaptcha.net *.googleapis.com *.google.com *.gstatic.com *.adyen.com *.bambuser.com *.newrelic.com *.nr-data.net *.googleadservices.com *.pinimg.com *.adnxs.com *.batch.com *.matomo.cloud *.pinterest.com twitter.com *.twitter.com *.ads-twitter.com *.clarity.ms *.attentivemobile.com *.paypal.com *.yimg.com *.daumcdn.net *.rainbownine.net *.criteo.com *.criteo.net *.naver.net *.cloudfront.net *.new-programmatic.com vk.com *.yandex.ru cdn.megadata.co.kr ut.rd.linksynergy.com kn.acrosspf.com youtube.com *.youtube.com vimeo.com *.vimeo.com *.trustedshops.com *.artfut.com *.rewardstyle.com mmtro.com *.mmtro.com paypalobjects.com *.paypalobjects.com awswaf.com *.awswaf.com contentsquare.com *.contentsquare.com contentsquare.net *.contentsquare.net openfpcdn.io *.openfpcdn.io cloudflare.com *.cloudflare.com 1
frame-ancestors 'self' https://intranet.nao.org.uk; 1
default-src 'self' https: 'unsafe-eval' 'unsafe-inline'; object-src 'self' blob:; img-src 'self' data: https:; media-src 'self' data: https:; font-src 'self' data: https:; frame-ancestors 'self';worker-src 'self' 'unsafe-inline' * blob:; child-src 'self' https: blob: data:; connect-src 'self' https: wss://*.hotjar.com; 1
default-src 'self' rundfunkbeitrag.de *.rundfunkbeitrag.de logs1409.xiti.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' rundfunkbeitrag.de *.rundfunkbeitrag.de logs1409.xiti.com 1
frame-ancestors *.mi.com; 1
script-src 'self' addtoany.com *.addtoany.com capitaland.my.site.com ipinfo.io *.google.com google.com *.maps.googleapis.com maps.googleapis.com *.googleapis.com googleapis.com *.developers.google.com developers.google.com *.baidu.com baidu.com *.hm.baidu.com hm.baidu.com *.api.map.baidu.com api.map.baidu.com *.z.moatads.com z.moatads.com *.google-analytics.com google-analytics.com *.addthis.com addthis.com *.addthisedge.com addthisedge.com *.cdn.polyfill.io cdn.polyfill.io *.recaptcha.net recaptcha.net *.gstatic.com gstatic.com *.gstatic.cn gstatic.cn *.googletagmanager.com googletagmanager.com *.consent.trustarc.com consent.trustarc.com *.js-agent.newrelic.com js-agent.newrelic.com *.nr-data.net nr-data.net *.googleadservices.com googleadservices.com *.doubleclick.net doubleclick.net *.licdn.com licdn.com *.snap.licdn.com snap.licdn.com *.tiktok.com tiktok.com *.analytics.tiktok.com analytics.tiktok.com *.facebook.net facebook.net *.connect.facebook.net connect.facebook.net *.facebook.com facebook.com *.ads-twitter.com ads-twitter.com *.static.ads-twitter.com static.ads-twitter.com *.bat.bing.com bat.bing.com *.tag.azame.net tag.azame.net *.analytics.twitter.com analytics.twitter.com *.bp-1c51.kxcdn.com bp-1c51.kxcdn.com *.secure.adnxs.com secure.adnxs.com *.googlesyndication.com googlesyndication.com *.triptease.io triptease.io *.onboard.triptease.io onboard.triptease.io *.secure-hotel-tracker.com secure-hotel-tracker.com *.egain.cloud egain.cloud *.ascottintl.egain.cloud ascottintl.egain.cloud *.criteo.net criteo.net *.static.criteo.net static.criteo.net *.gatag.it gatag.it *.ipinyou.com ipinyou.com *.stats.ipinyou.com stats.ipinyou.com *.youtube.com youtube.com *.toup.net toup.net *.googletraveladservices.com googletraveladservices.com *.mmtro.com mmtro.com *.affilired.com affilired.com *.hotelratematch.com hotelratematch.com *.sojern.com sojern.com *.line-scdn.net line-scdn.net *.yandex.ru yandex.ru *.dwin1.com dwin1.com *.yieldoptimizer.com yieldoptimizer.com *.awin1.com awin1.com *.veinteractive.com veinteractive.com *.ebtrk1.com ebtrk1.com *.qualitedesign.fr qualitedesign.fr *.adroll.com adroll.com *.nxtck.com nxtck.com *.tradedoubler.com tradedoubler.com *.yimg.jp yimg.jp *.123compare.me 123compare.me *.smartparity.com smartparity.com *.booklyng.com booklyng.com *.denomatic.com denomatic.com *.zenaps.com zenaps.com *.chinesean.com chinesean.com *.glopss.com glopss.com *.shareasale.com shareasale.com *.tradetracker.net tradetracker.net *.webgains.com webgains.com *.smct.co smct.co *.sp.analytics.yahoo.com sp.analytics.yahoo.com *.b91.yahoo.co.jp b91.yahoo.co.jp *.derbysoft.com derbysoft.com *.redirect.eqtracking.com redirect.eqtracking.com *.thehotelsnetwork.com thehotelsnetwork.com *.stackla.com stackla.com *.accesstrade.ne.jp accesstrade.ne.jp *.clarity.ms clarity.ms *.taboola.com taboola.com *.hybridtheory.com hybridtheory.com *.go.affec.tv go.affec.tv *.accesstrade.co.id accesstrade.co.id *.sojern.com sojern.com *.consent-pref.trustarc.com consent-pref.trustarc.com *.ailab.criteo.com ailab.criteo.com *.criteo.com criteo.com *.p.relay-t.io p.relay-t.io *.policies.google.com policies.google.com *.privacy.yahoo.co.jp privacy.yahoo.co.jp *.googleadservices.com googleadservices.com *.s.yimg.jp s.yimg.jp *.numberly.com numberly.com *.xandr.com xandr.com *.pinterest.com pinterest.com *.ir.baidu.com ir.baidu.com *.hm.baidu.com hm.baidu.com *.js.adsrvr.org js.adsrvr.org *.insight.adsrvr.org insight.adsrvr.org *.adsrvr.org adsrvr.org *.tawk.to tawk.to *.embed.tawk.to embed.tawk.to *.instagram.com instagram.com *.relay-t.io relay-t.io *.secure-relay.com secure-relay.com *.antvoice.com antvoice.com *.avads.net avads.net *.appsflyer.com appsflyer.com assets.adobedtm.com *.adobe.com adobe.com *.adobedc.net * ads.zalo.me ads.zalo.me * s.zzcdn.me s.zzcdn.me *bing.com bing.com *adroll.com adroll.com wcs.naver.net *.naver.net policy.naver.com *.naver.com doubleclick.net *.doubleclick.net google.com *.google.com business.safety.google 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.google.com googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.facebook.net px.ads.linkedin.com snap.licdn.com https:; font-src https: data:; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.google.com googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.facebook.net px.ads.linkedin.com snap.licdn.com https:; style-src 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com www.google.com googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.facebook.net px.ads.linkedin.com snap.licdn.com https:; 1
script-src 'self' https://*.savana.cz 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; frame-src https:; object-src 'none' 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ytimg.com vimeo.com *.vimeo.com www.youtube.com www.google.com www.google.no assets.adobedtm.com sparebank1.d3.sc.omtrdc.net *.cicero.no *.sparebank1.no *.googletagmanager.com cdn.tt.omtrdc.net activitymap.adobe.com cdn.ontame.io; style-src 'self' 'unsafe-inline' *.sparebank1.no www.youtube.com services-test.cicero.no services.cicero.no translate.googleapis.com; img-src 'self' collector.ontame.io *.ytimg.com secure.adnxs.com track.adform.net *.doubleclick.net assets.adobedtm.com sparebank1.d3.sc.omtrdc.net alliansesamarbeidets.tt.omtrdc.net cm.everesttech.net www.facebook.com *.sparebank1.no *.boost.ai www.google.no www.google.com *.demdex.net www.googletagmanager.com www.gstatic.com data:; connect-src 'self' *.cicero.no *.demdex.net *.omtrdc.net *.brreg.no *.sparebank1.no publish.ne.cision.com translate.googleapis.com edge.adobedc.net; font-src 'self' *.sparebank1.no services-test.cicero.no services.cicero.no data:; media-src 'self'; frame-ancestors 'self'; frame-src 'self' newsweb.oslobors.no gateway.euronext.com www.podbean.com outlook.office365.com dev.app.kakadu.no www.kakadu.no snnfinans.no sdk.companywebcast.com candidate.hr-manager.net ir.oms.no channel.royalcast.com www.sr-finans.no *.sparebank1.no lt.morningstar.com www.youtube.com vimeo.com *.vimeo.com assets.adobedtm.com *.demdex.net sparebank1.demdex.net www.sign.nets.eu ir.asp.manamind.com www.sb1finans.no www.snnfinans.no dbsnn.no www.googletagmanager.com *.doubleclick.net www.ident.nets.eu www.sb1fo.no www.webcruiter.no *.easycruit.com sb1mobilbank://event www.sign-preprod1.nets.eu nam11.safelinks.protection.outlook.com nordmore.pameldingssystem.no players.brightcove.net agreeable-forest-0b9a11903.1.azurestaticapps.net activitymap.adobe.com pr.globenewswire.com signant.no; report-uri /bin/logservlet 1
frame-ancestors 'self' https://*.onstar.com https://enrollment.autopartners.net/ https://*.gm.com 1
frame-ancestors 'self' https://baby.ru https://www.baby.ru https://m.baby.ru; 1
default-src 'self' https://valcontent.securustech.net https://www.google-analytics.com http://127.0.0.1:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://securusvideovisitation.securustech.net https://h.online-metrix.net https://valcontent.securustech.net; font-src 'self' data:; img-src * data: blob:; frame-ancestors 'none'; frame-src https://valcontent.securustech.net https://cb.securustech.online https://h.online-metrix.net; style-src 'self' 'unsafe-inline'; object-src https://valcontent.securustech.net; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleapis.com unpkg.com *.google-analytics.com *.google.com *.gstatic.com https://cdn.cookielaw.org; connect-src 'self' *.googleapis.com *.google-analytics.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' blob: data: *.gstatic.com *.googleapis.com *.google.com *.google-analytics.com *.ytimg.com; font-src 'self' *.gstatic.com; frame-src 'self' youtube.com www.youtube.com youtu.be *.novitus.pl *.google.com 1
default-src 'self'; script-src 'self' dnstest2.ficora.fi dnstest.traficom.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi occhat.elisa.fi stat.traficom.fi https://static.aim.front.ai https://traficom-prod.boost.ai stat.viestintavirasto.fi 10.250.193.20 'nonce-ddc344fb-fa04-4fa3-9fb9-68cd3092a115'; img-src 'self' data: https://boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com https://static.aim.front.ai *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi qa.bittimittari.fi prod.bittimittari.fi www.youtube.com img.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com occhat.elisa.fi; style-src 'self' dnstest2.ficora.fi dnstest.traficom.fi occhat.elisa.fi https://static.aim.front.ai https://traficom-prod.boost.ai 'unsafe-inline'; font-src 'self' occhat.elisa.fi https://static.aim.front.ai; object-src 'self' data:; base-uri 'self'; frame-src 'self' *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi qa.bittimittari.fi prod.bittimittari.fi www.youtube.com img.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com occhat.elisa.fi; connect-src 'self' wss://occhat.elisa.fi https://occhat.elisa.fi https://static.aim.front.ai https://traficom-prod.boost.ai https://stat.viestintavirasto.fi https://stat.traficom.fi; form-action 'self' 1
script-src 'report-sample' 'nonce-ePAOYoL6b0qJuWZpxnGKbQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist,require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport 1
frame-ancestors https://sanity.avnsmarketingtest.net http://localhost:3333 1
base-uri 'self' https://webstat.erasmusmc.nl https://webstat01.erasmusmc.nl; connect-src 'self' https://webstat.erasmusmc.nl https://verwijzers.acc-cd.erasmusmc.nl https://verwijzers-temp.erasmusmc.nl https://verwijzers.erasmusmc.nl https://patientenfolders.erasmusmc.nl https://erasmusmc.4cloud.nl; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://webstat.erasmusmc.nl https://webstat01.erasmusmc.nl; frame-src * 'self' https://www.google.com https://www.youtube.com https://player.vimeo.com; img-src 'self' https://i.ytimg.com https://erasmusmc-amazingerasmusmc.s3.eu-central-1.amazonaws.com https://s3-eu-central-1.amazonaws.com https://webstat.erasmusmc.nl https://webstat01.erasmusmc.nl https://patientenfolders.erasmusmc.nl https://erasmusmc.4cloud.nl https://via.placeholder.com https://i.vimeocdn.com https://as1.ftcdn.net data:; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://webstat.erasmusmc.nl https://webstat01.erasmusmc.nl https://www.google.com/recaptcha/api.js https://www.gstatic.com https://player.vimeo.com https://ajax.googleapis.com https://cdnjs.cloudflare.com; style-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com https://webstat.erasmusmc.nl https://webstat01.erasmusmc.nl https://ajax.googleapis.com https://cdnjs.cloudflare.com; worker-src 'none'; 1
default-src 'self'; img-src 'self' https://w3.flatex.de data: https://res.cloudinary.com; font-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://w3.flatex.de; script-src 'self' 'unsafe-inline' https://responder.wt-safetag.com https://www.googletagmanager.com/; frame-src 'self' https://konto.flatex.de https://www.googletagmanager.com/ https://stock.flatexdegiro.com 1
default-src *; connect-src 'self' https: http: wss:; font-src 'self' data: https: http:; img-src 'self' data: https: http:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data:; style-src 'self' 'unsafe-inline' https: http: 1
default-src https:; connect-src wss: https:; font-src https: data:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https:; object-src https:; script-src blob: 'unsafe-inline' 'unsafe-eval' https:; style-src blob: 'unsafe-inline' https:; upgrade-insecure-requests 1
default-src 'self' * data: blob: https: *.safetydetectives.com safetydetectives.com *.safetydetective.com safetydetective.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.safetydetectives.com safetydetectives.com *.safetydetective.com safetydetective.com cdn.cookielaw.org *.clarity.ms *.peacebanana.com *.ostrichesica.com *.googlesyndication.com *.cloudflareinsights.com *.cheqzone.com *.cloudfront.net *.datadoghq-browser-agent.com *.gstatic.com *.google.com *.alooma.com *.doubleclick.net  *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.hhtpp.com *.facebook.net *.dropbox.com *.bing.com *.yandex.ru *.quora.com *.yimg.com sp.analytics.yahoo.com *.hotjar.com *.ipify.org blob: data:; style-src 'self' data: blob: 'unsafe-inline' *;connect-src 'self' data: blob: https: safetydetectives.com *.safetydetectives.com safetydetective.com *.safetydetective.com  *.google-analytics.com *.doubleclick.net *.google.com *.hhtpp.com *.yandex.ru *.gravatar.com wss://*.hotjar.com *.wp.com;font-src 'self' data: blob: *.googletagmanager.com *.googleapis.com *.gstatic.com ; 1
default-src 'self' 'unsafe-inline' https://arvatosystems.matomo.cloud https://salesviewer.org https://salesviewer.com https://*.salesviewer.com https://*.analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.youtube.com https://cdn.linkedin.oribi.io https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.azureedge.net https://*.svc.dynamics.com https://youtube-nocookie.com https://www.youtube-nocookie.com https://socialcloud.bertelsmann.com https://podcasters.spotify.com https://*.spotify.com https://outlook.office365.com https://outlook.office.com https://login.microsoftonline.com https://app.sli.do https://connect.facebook.net https://px.ads.linkedin.com https://td.doubleclick.net https://ib.adnxs.com https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com https://analytics.tiktok.com/;           script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.analytics.google.com https://acdn.adnxs.com https://arvatosystems.matomo.cloud https://salesviewer.org https://salesviewer.com https://*.salesviewer.com https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://www.vimeo.com https://www.google.com https://www.gstatic.com https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.azureedge.net https://*.svc.dynamics.com https://youtube-nocookie.com https://www.youtube-nocookie.com https://socialcloud.bertelsmann.com https://podcasters.spotify.com https://*.spotify.com https://outlook.office365.com https://outlook.office.com https://login.microsoftonline.com https://app.sli.do https://connect.facebook.net https://www.redditstatic.com https://analytics.tiktok.com https://www.googleadservices.com https://pagead2.googlesyndication.com;           style-src 'self' 'unsafe-inline';           img-src 'self' https://ib.adnxs.com https://px.ads.linkedin.com https://www.youtube.com https://www.vimeo.com https://www.google.de/ data: https:;           font-src 'self' 'unsafe-inline' data:;           frame-ancestors 'self'; 1
default-src https://*.wowtv.de; form-action https://ott-de.secure.force.com https://ott-de.my.salesforce.com https://ott-de.my.salesforce-sites.com; font-src 'self' https://static.skyassets.com https://*.wowtv.de https://*.sky.de https://web.static.nowtv.com https://cdn-eu.dynamicyield.com https://cdn.braze.eu https://ott-de.my.salesforce-sites.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.wowtv.de https://web.static.nowtv.com https://*.klarnacdn.net https://*.klarnaservices.com https://*.content-square.fr https://*.contentsquare.net https://analytics.global.sky.com https://*.demdex.net https://d3c3cq33003psk.cloudfront.net https://www.clarity.ms https://connect.facebook.net https://static.ads-twitter.com https://analytics.twitter.com https://*.doubleclick.net https://www.googleadservices.com https://*.myvisualiq.net https://www.dwin1.com https://www.zenaps.com https://*.salesforce.com https://*.salesforceliveagent.com https://ott-de.my.salesforce.com https://*.force.com https://*.salesforce-sites.com https://*.sp-prod.net https://cdn.privacy-mgmt.com https://assets.adobedtm.com https://tapestry.tapad.com https://bat.bing.com https://www.googletagmanager.com https://static.hotjar.com/ https://core.spreedly.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.optimizely.com https://smetrics.sky.de https://s.pinimg.com https://sc-static.net https://acdn.adnxs.com https://secure.adnxs.com https://cdn.exactag.com https://static.criteo.net https://amplify.outbrain.com https://t.nativendo.de https://s.yimg.com https://cdn.audiencemanager.de https://tracking.m6r.eu https://tr.outbrain.com https://prf.audiencemanager.de https://sslwidget.criteo.com https://widget.eu.criteo.com https://m.exactag.com https://analytics.tiktok.com https://the.sciencebehindecommerce.com https://a.twiago.com https://e.clarity.ms https://cdn-eu.dynamicyield.com https://cdn.dynamicyield.com https://st-eu.dynamicyield.com https://jssdkcdns.mparticle.com https://cdn.taboola.com https://wave.outbrain.com https://trc.taboola.com https://cds.taboola.com https://trc-events.taboola.com https://www.paypal.com https://c.amazon-adsystem.com https://tk.amazon-adsystem.com https://s.amazon-adsystem.com https://aax-eu.amazon-adsystem.com https://aax-fe.amazon-adsystem.com https://lantern.roeyecdn.com https://tr.snapchat.com https://ct.pinterest.com https://js.adsrvr.org https://match.adsrvr.org; connect-src 'self' https://*.ottcds.com https://*.wowtv.de https://*.sky.de https://*.sky.com https://*.klarnacdn.net https://*.klarna.com https://*.klarnaevt.com https://*.klarnauserservices.com https://*.demdex.net https://graph.facebook.com https://*.contentsquare.net https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.sp-prod.net https://sourcepoint.mgr.consensu.org https://web.static.nowtv.com https://cdn.privacy-mgmt.com https://dcd12547fac74c3cb90d3307a66b8089.apm.eu-west-1.aws.cloud.es.io https://sas-apm.telem.prod.ott.sky https://integration-e05-rj.cf.dev-paas.bskyb.com https://in.hotjar.com/ https://bat.bing.com https://www.facebook.com https://ct.pinterest.com https://tr.snapchat.com https://s.yimg.com https://analytics.tiktok.com https://the.sciencebehindecommerce.com https://prf.audiencemanager.de https://direct.dy-api.eu https://direct-collect.dy-api.eu https://adm.dynamicyield.eu https://px-eu.dynamicyield.com https://cdn-eu.dynamicyield.com https://cdn.dynamicyield.com https://async-px-eu.dynamicyield.com https://rcom-eu.dynamicyield.com https://st-eu.dynamicyield.com https://sdk.fra-01.braze.eu https://checkoutshopper-live.adyen.com https://identity.mparticle.com https://jssdks.mparticle.com https://trc-events.taboola.com https://www.paypal.com https://tr.outbrain.com https://dr.outbrain.com https://aax-eu.amazon-adsystem.com https://aax-fe.amazon-adsystem.com https://www.google.com https://googleads.g.doubleclick.net https://tr6.snapchat.com https://ib.adnxs.com https://amplify.outbrain.com https://psb.taboola.com https://ara.paa-reporting-advertising.amazon; img-src 'self' data: https://*.wowtv.de https://*.sky.de https://web.static.nowtv.com https://t.co https://www.facebook.com https://*.contentsquare.net https://www.awin1.com https://www.zenaps.com https://cm.everesttech.net https://*.demdex.net https://aa.agkn.com https://pm.w55c.net https://cm.everesttech.net https://*.adnxs.com https://*.doubleclick.net https://rtd.tubemogul.com https://analytics.twitter.com https://p.rfihub.com https://a.collective-media.net https://pixel.quantserve.com https://*.bing.com https://pixel.advertising.com https://image5.pubmatic.com https://a.tribalfusion.com https://cms.analytics.yahoo.com https://odr.mookie1.com https://dmp.v.fwmrm.net https://sync-tm.everesttech.net https://spl.zeotap.com https://*.de.imageservice.sky.com https://de.imageservice.sky.com https://imageservice.sky.com https://*.myvisualiq.net https://tapestry.tapad.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://www.google-analytics.com https://sp.analytics.yahoo.com https://ads-engagement.presage.io https://a.twiago.com https://ct.pinterest.com https://www3.smartadserver.com https://tr.outbrain.com https://www.pinterest.com https://www.pinterest.com https://990304499.privacysandbox.googleadservices.com https://e.clarity.ms https://cdn.dynamicyield.com https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://www.clarity.ms https://c.clarity.ms https://cdn.braze.eu https://checkoutshopper-live.adyen.com https://www.paypalobjects.com https://lantern.roeye.com https://match.adsrvr.org https://cookiesync.eu1.mparticle.com https://ups.analytics.yahoo.com https://cookiesync.mparticle.com; style-src 'self' 'unsafe-inline' https://www.wowtv.de https://web.static.nowtv.com https://*.force.com https://*.my.salesforce.com https://*.salesforce-sites.com https://cdn-eu.dynamicyield.com https://cdn.dynamicyield.com; media-src 'self' data: https://www.wowtv.de https://uiapi.id.wowtv.de https://uiapi.id.stable-int.wowtv.de https://skyticket.sky.de https://uiapi.id.skyticket.sky.de https://uiapi.id.int.skyticket.sky.de https://web.static.nowtv.com; frame-src https://core.spreedly.com https://ottsas.sky.com https://sas.wowtv.de https://uat-p.ottsas.sky.com https://ad3.adfarm1.adition.com https://vars.hotjar.com https://*.sp-prod.net https://cdn.privacy-mgmt.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.klarna.com https://*.klarnacdn.net https://tr.snapchat.com https://*.creativecdn.com https://www.zenaps.com https://9532313.fls.doubleclick.net https://www.pinterest.com https://ct.pinterest.com https://gum.criteo.com https://9532313.fls.doubleclick.net https://www.audiencemanager.de https://creativecdn.com https://www.pinterest.co.uk https://bskyb.demdex.net https://ott-de.my.salesforce.com https://ott-de.secure.force.com https://ott-de.my.salesforce-sites.com https://cmp.wowtv.de https://checkoutshopper-live.adyen.com https://www.paypal.com https://www.youtube.com https://td.doubleclick.net https://aax-eu.amazon-adsystem.com https://ct.pinterest.com; worker-src blob:; upgrade-insecure-requests 1
frame-ancestors 'self' https://manage.firehouse.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self' https://s.pinimg.com youtube.com  www.youtube.com https://youtube.com  https://www.youtube.com  https://ajax.googleapis.com maps.googleapis.com csi.gstatic.com www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com *.g.doubleclick.net https://*.g.doubleclick.net www.bic-media.com https://*.soundcloud.com https://platform.instagram.com https://randomhouse.scnem.com https://sharingbox.rhspecial.de https://*.google.com https://www.youtube-nocookie.com https://s7.addthis.com https://www.facebook.com/ https://vars.hotjar.com/ https://cdn.podigee.com/ https://open.spotify.com https://platform.twitter.com https://syndication.twitter.com https://*.instagram.com https://*.pinterest.com https://*.pinterest.de *.epccm19.com; connect-src 'self' https://trc.taboola.com https://*.ex.co https://*.issuu.com https://*.digitalstores.net https://www.facebook.com https://*.penguinrandomhouse.de https://*.penguin.de https://*.randomhouse.de  https://www.google.com https://www.google.de https://www.google.at https://www.google.ch https://www.google-analytics.com https://*.g.doubleclick.net https://*.playbuzz.com  https://*.addthis.com  https://*.hotjar.com:* https://vc.hotjar.io:* https://*.hotjar.io wss://*.hotjar.com https://ct.pinterest.com https://*.pinterest.de https://book-base.de https://*.tiktok.com https://*.taboola.com *.epccm19.com *.outbrain.com *.bing.com maps.googleapis.com api.friendlycaptcha.com; font-src 'self' fonts.gstatic.com https://use.typekit.net/ https://cdn.podlove.org/ https://script.hotjar.com https://*.podigee.com; frame-ancestors 'self' https://open.spotify.com http://rhdemobilepreview:28080/ http://rhdemobilepreview:28081/ https://*.penguinrandomhouse.de/ ; frame-src 'self' https://*.ex.co https://tpc.googlesyndication.com https://*.penguinrandomhouse.de/ https://*.randomhouse.de https://*.penguin.de https://audionow.de/ https://open.spotify.com https://www.youtube-nocookie.com/ https://vars.hotjar.com/ https://www.facebook.com/ https://s7.addthis.com/ https://s.pinimg.com youtube.com  www.youtube.com https://youtube.com  https://www.youtube.com  https://ajax.googleapis.com maps.googleapis.com csi.gstatic.com www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com *.g.doubleclick.net https://*.g.doubleclick.net www.bic-media.com https://*.soundcloud.com https://platform.instagram.com https://randomhouse.scnem.com https://penguinrandomhouse.scnem2.com https://sharingbox.rhspecial.de  https://*.google.com  https://www.youtube-nocookie.com https://s7.addthis.com  https://cdn.podigee.com/  https://*.twitter.com https://*.instagram.com https://*.pinterest.com https://*.pinterest.de https://*.audionow.de https://book-base.de https://embed.plus.rtl.de *.epccm19.com; img-src 'self' data: www.google-analytics.com csi.gstatic.com https://maps.gstatic.com/mapfiles/ https://*.googleapis.com *.googleapis.com https://bat.bing.com https://static.ex.co https://randomhouse.scnem.com https://px.ads.linkedin.com https://*.outbrain.com/ https://image.isu.pub www.googletagmanager.com *.g.doubleclick.net https://syndication.twitter.com https://o.twimg.com https://platform.twitter.com https://*.twimg.com https://penguinrandomhouse.scnem2.com https://*.randomhouse.de https://pixel.quantserve.com https://*.google.com https://www.google.at https://www.google.ch https://www.google.dk https://www.facebook.com https://www.googleadservices.com https://www.google.de https://*.g.doubleclick.net https://*.playbuzz.com https://www.google-analytics.com https://www.addthis.com https://*.pinterest.com https://*.pinterest.de https://cx.atdmt.com https://cs.lkqd.net https://maps.googleapis.com https://*.hotjar.com https://*.smartadserver.com https://*.penguinrandomhouse.de https://*.randomhouse.de https://*.penguin.de https://book-base.de https://tr.main.bid-prod.technical-service.net https://penguin.epccm19.com; manifest-src 'self' data: www.google-analytics.com csi.gstatic.com https://maps.gstatic.com/mapfiles/ https://*.googleapis.com *.googleapis.com https://bat.bing.com https://static.ex.co https://randomhouse.scnem.com https://px.ads.linkedin.com https://*.outbrain.com/ https://image.isu.pub www.googletagmanager.com *.g.doubleclick.net https://syndication.twitter.com https://o.twimg.com https://platform.twitter.com https://*.twimg.com https://penguinrandomhouse.scnem2.com https://*.randomhouse.de https://pixel.quantserve.com https://*.google.com https://www.google.at https://www.google.ch https://www.google.dk https://www.facebook.com https://www.googleadservices.com https://www.google.de https://*.g.doubleclick.net https://*.playbuzz.com https://www.google-analytics.com https://www.addthis.com https://*.pinterest.com https://*.pinterest.de https://cx.atdmt.com https://cs.lkqd.net https://maps.googleapis.com https://*.hotjar.com https://*.smartadserver.com https://*.penguinrandomhouse.de https://*.randomhouse.de https://*.penguin.de https://book-base.de https://tr.main.bid-prod.technical-service.net https://penguin.epccm19.com; media-src 'self' 10.4.91.62 *.penguinrandomhouse.de *.penguin.de https://book-base.de; object-src 'self' 10.4.91.62 *.penguinrandomhouse.de *.penguin.de; report-to /ContentSecurityPolicyReporter; script-src 'self' 'wasm-unsafe-eval' https://bat.bing.com https://trc.taboola.com https://static.ex.co https://cdn.taboola.com/libtrc/unip/1423689/tfa.js https://tpc.googlesyndication.com https://snap.licdn.com https://*.outbrain.com/ https://s.pinimg.com *.penguinrandomhouse.de *.penguin.de 'unsafe-eval' 'unsafe-inline' https://e.issuu.com/embed.js https://*.googleapis.com *.googleapis.com csi.gstatic.com www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://platform.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://randomhouse.scnem.com  https://penguinrandomhouse.scnem2.com https://sharingbox.rhspecial.de https://secure.quantserve.com https://rules.quantcount.com  https://*.google.com https://www.google.de https://www.google.at https://www.google.ch https://www.gstatic.com https://connect.facebook.net  https://cdn.adrtx.net  https://vgrh.stage.digitalstores.net https://stage.digitalstores.net https://www.googleadservices.com https://*.penguinrandomhouse.de https://*.randomhouse.de https://*.penguin.de https://www.bic-media.com https://*.g.doubleclick.net https://www.facebook.com https://*.playbuzz.com https://cdnjs.cloudflare.com https://s7.addthis.com https://m.addthisedge.com https://v1.addthisedge.com https://v1.addthis.com https://m.addthis.com youtube.com  www.youtube.com https://youtube.com  https://www.youtube.com https://tagmanager.google.com https://s.ytimg.com https://*.podigee.com https://randomhouse.digitalstores.net/pbs.2.js https://cdn.podlove.org  https://*.hotjar.com https://www.instagram.com https://*.pinterest.com https://*.pinterest.de https://*.tiktok.com *.epccm19.com api.friendlycaptcha.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com https://platform.twitter.com https://*.twimg.com  https://res-format-story.playbuzz.com https://optimize.google.com https://*.typekit.net https://cdn.podlove.org/ https://*.podigee.com *.epccm19.com; worker-src * blob: 1
frame-ancestors 'self' https://*.e-conomic.com https://*.secure.e-conomic.com http://localhost:3000; 1
default-src 'none'; connect-src 'self'; font-src *.anidb.net; form-action 'self'; img-src * data:; script-src 'self' *.anidb.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' *; child-src kiwiirc.com *.youtube-nocookie.com www.google.com/recaptcha/; frame-ancestors 'self'; base-uri 'self'; manifest-src *.anidb.net; 1
frame-ancestors 'self' https://*.tacklewarehouse.com; 1
frame-ancestors 'self' https://*.stackoverflow.com http://*.stackoverflow.co; 1
default-src 'self' data: https: wss: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: cdn.ampproject.org www.google.com sale.sulpak.kz www.googletagmanager.com tags.creativecdn.com recommender.scarabresearch.com cdn.retailrocket.ru app.blinger.io sulpak.api.useinsider.com eitri.api.useinsider.com connect.facebook.net content.mql5.com www.google-analytics.com www.googleadservices.com mc.yandex.ru static.hotjar.com script.hotjar.com googleads.g.doubleclick.net kaspi.kz static.demoup.com analytics.tiktok.com maps.googleapis.com code.jquery.com www.gstatic.com export.sulpak.kz media.flixfacts.com media.flixcar.com content.24ttl.stream button.loadbee.com assets.api.useinsider.com api-maps.yandex.ru yastatic.net suggest-maps.yandex.ru widget.devino.chat core-renderer-tiles.maps.yandex.net plerdy.com a.plerdy.com c.plerdy.com h.plerdy.com cdn.loadbee.com prod.flixgvid.flix360.io my.devino.chat widget-chat.devinotele.com epay.homebank.kz epay-oauth.homebank.kz creativecdn.com abt.s3.yandex.net;style-src 'self' 'unsafe-inline' data: blob: www.google.com fonts.googleapis.com assets.api.useinsider.com media.flixcar.com media.flixfacts.com widget.devino.chat cdn.loadbee.com widget-chat.devinotele.com 1
default-src * data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.usap.gov platform.twitter.com dap.digitalgov.gov script.crazyegg.com cdn.syndication.twimg.com www.google-analytics.com www.googletagmanager.com;           object-src 'self';           child-src 'self' platform.twitter.com syndication.twitter.com www.youtube.com;           font-src 'self' www.usap.gov fonts.gstatic.com;           worker-src 'self' blob:;           frame-ancestors 'self';           frame-src 'self' *.brightcove.net nsf.widen.net platform.twitter.com 1
frame-ancestors 'self' https://www.lakeheadu.ca https://wd-www.lakeheadu.ca https://myinfo.lakeheadu.ca https://erpwp.lakeheadu.ca https://wd-cc.lakeheadu.ca 1
default-src 'nonce-f4c0db7f9049a5b27d98199c303371e1' 'self' p11.techlab-cdn.com;font-src 'self' data: *.hotjar.com *.hotjar.io;media-src 'self';style-src 'self' 'unsafe-inline' tagmanager.google.com *.tiles.mapbox.com *.consentmanager.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.eventim-light.com *.gstatic.com *.googleapis.com *.google.com *.google.de *.google-analytics.com *.googletagmanager.com *.facebook.com *.facebook.net *.g.doubleclick.net *.googleadservices.com *.go-mpulse.net *.hotjar.com *.hotjar.io *.optimizely.com *.consentmanager.net *.pardot.com info.eventim-light.de p11.techlab-cdn.com;img-src 'self' data: blob: api.mapbox.com *.eventim.com *.eventim.net *.eventim-light.com *.gstatic.com *.ggpht.com *.googleapis.com *.googlevideo.com *.google.com *.google.de *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.facebook.com *.facebook.net *.fbsbx.com *.adform.net *.akstat.io *.g.doubleclick.net *.googleadservices.com i.vimeocdn.com *.hotjar.com *.hotjar.io *.consentmanager.net;frame-src 'self' www.google.com *.kps-payment.de *.hotjar.com *.hotjar.io *.optimizely.com *.consentmanager.net *.doubleclick.net *.vimeo.com www.eventim-light.de www.eventim-light.es www.eventim-light.no www.lippu-light.fi www.ticketcorner-light.ch www.eventim-light.se www.billetlugen-light.dk www.oeticket-light.com www.eventim-light.co.uk www.eventim-light.nl *.marketing.light-stg.de;frame-ancestors 'self' *.eventim.net *.eventim-light.com:*;connect-src 'self' *.eventim.com *.eventim-light.com *.facebook.com bankauswahl.giropay.de *.tiles.mapbox.com *.mapbox.com *.akstat.io *.go-mpulse.net *.akamaihd.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.de *.hotjar.com *.hotjar.com:* *.hotjar.io *.optimizely.com *.consentmanager.net sentry.ops.tixx-dev.de wss://*.hotjar.com *.googlesyndication.com blob: p11.techlab-cdn.com;worker-src 'self' blob:;child-src blob: 1
default-src 'self';   script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googleadservices.com/ https://www.google.com/ https://partner.googleadservices.com/ https://cse.google.com/ https://use.typekit.net/ https://www.gstatic.com/ https://az416426.vo.msecnd.net/ https://googleads.g.doubleclick.net/ https://*.vivotek.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://snap.licdn.com/ https://js.adsrvr.org/;   img-src 'self' data: https:;   frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://forms.office.com/ https://syndicatedsearch.goog/ https://match.adsrvr.org/ https://td.doubleclick.net/ https://www.google.com/ https://www.youtube.com/ https://insight.adsrvr.org/ https://www.adsensecustomsearchads.com/;   style-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/ https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/;   font-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.gstatic.com/ https://cdnjs.cloudflare.com/;   connect-src 'self' https://webapi.vivotek.com/ https://stats.g.doubleclick.net/ https://analytics.google.com/ https://p.typekit.net/ https://dc.services.visualstudio.com/ https://use.typekit.net/ https://px.ads.linkedin.com/ https://www.google-analytics.com/;         frame-ancestors https://beta.vivotek.com https://delta.plexiland.io; 1
default-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com ergebnisse.westlotto.com wlresults.westlotto.com www.youtube.com error.westlotto.de www.paypal.com www.paypalobjects.com data: blob: ; script-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com ergebnisse.westlotto.com iprospect.involve.me tags.tiqcdn.com t23.intelliad.de js.braintreegateway.com bs.serving-sys.com secure-ds.serving-sys.com secure.adnxs.com acdn.adnxs.com www.paypalobjects.com c.paypal.com www.paypal.com connect.facebook.net maps.googleapis.com data1.open-dog.com www.google-analytics.com www.gstatic.com s3.amazonaws.com www.googletagmanager.com www.pagespeed-mod.com www.google.com www.google.de c.bing.com bat.bing.com www.clarity.ms a.clarity.ms b.clarity.ms c.clarity.ms d.clarity.ms e.clarity.ms f.clarity.ms g.clarity.ms h.clarity.ms i.clarity.ms j.clarity.ms k.clarity.ms l.clarity.ms m.clarity.ms n.clarity.ms www.googleadservices.com secure.adnxs.com googleads.g.doubleclick.net s.yimg.com scripts.psyma.com tpc.googlesyndication.com westlotto.loyjoy.com app-cloud.loyjoy.com cloud.loyjoy.com stable.loyjoy.com jaramyouk.org dan.mgr.consensu.org cdn.dan.mgr.consensu.org delivery.1tag.dentsu.de cdn.1tag.dentsu.de data.min-cdn.net trck.min-cdn.net scripts.psyma.com visitor-service-eu-central-1.tealiumiq.com visitor-service.tealiumiq.com www.awin1.com www.dwin1.com the.sciencebehindecommerce.com ai.trk42.net 12034191.fls.doubleclick.net ad1.adfarm1.adition.com lantern.roeyecdn.com zenloop-website-overlay-production.s3.amazonaws.com async-px-eu.dynamicyield.com cdn-eu.dynamicyield.com st-eu.dynamicyield.com rcom-eu.dynamicyield.com app.usercentrics.eu privacy-proxy.usercentrics.eu s2.adform.net track.adform.net 'unsafe-inline' 'unsafe-eval' data: blob: ; script-src-elem 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com ergebnisse.westlotto.com iprospect.involve.me tags.tiqcdn.com t23.intelliad.de visitor-service-eu-central-1.tealiumiq.com visitor-service.tealiumiq.com js.braintreegateway.com maps.googleapis.com www.googletagmanager.com www.youtube.com www.googleadservices.com googleads.g.doubleclick.net tpc.googlesyndication.com www.google.com secure.adnxs.com acdn.adnxs.com www.paypalobjects.com c.paypal.com www.paypal.com bs.serving-sys.com secure-ds.serving-sys.com scripts.psyma.com connect.facebook.net www.google-analytics.com www.gstatic.com www.pagespeed-mod.com c.bing.com bat.bing.com www.clarity.ms a.clarity.ms b.clarity.ms c.clarity.ms d.clarity.ms e.clarity.ms f.clarity.ms g.clarity.ms h.clarity.ms i.clarity.ms j.clarity.ms k.clarity.ms l.clarity.ms m.clarity.ms n.clarity.ms www.googleadservices.com googleads.g.doubleclick.net data1.bresera.com westlotto.loyjoy.com cloud.loyjoy.com stable.loyjoy.com secure.adnxs.com s.yimg.com sp.analytics.yahoo.com dan.mgr.consensu.org cdn.dan.mgr.consensu.org delivery.1tag.dentsu.de cdn.1tag.dentsu.de data.min-cdn.net trck.min-cdn.net www.awin1.com www.dwin1.com the.sciencebehindecommerce.com translate.googleapis.com ai.trk42.net cdn.jsdelivr.net 12034191.fls.doubleclick.net ad1.adfarm1.adition.com lantern.roeyecdn.com zenloop-website-overlay-production.s3.amazonaws.com async-px-eu.dynamicyield.com cdn-eu.dynamicyield.com st-eu.dynamicyield.com rcom-eu.dynamicyield.com app.usercentrics.eu privacy-proxy.usercentrics.eu s2.adform.net track.adform.net 'unsafe-inline' 'unsafe-eval' data: ;  style-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com ergebnisse.westlotto.com dan.mgr.consensu.org cdn.dan.mgr.consensu.org delivery.1tag.dentsu.de cdn.1tag.dentsu.de 1tag.dentsu.de fonts.googleapis.com translate.googleapis.com cdn-eu.dynamicyield.com 'unsafe-inline' 'unsafe-eval'; style-src-elem 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com ergebnisse.westlotto.com maxcdn.bootstrapcdn.com dan.mgr.consensu.org cdn.dan.mgr.consensu.org delivery.1tag.dentsu.de cdn.1tag.dentsu.de 1tag.dentsu.de fonts.googleapis.com adblockers.opera-mini.net translate.googleapis.com maxcdn.bootstrapcdn.com cdn-eu.dynamicyield.com 'unsafe-inline' 'unsafe-eval' data: ; connect-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com ergebnisse.westlotto.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu yoast.com client-analytics.braintreegateway.com api.braintreegateway.com api.braintreegateway.com payments.braintree-api.com www.paypal.com steganos-api.ciuvo.com www.facebook.com collect-eu-central-1.tealiumiq.com the.sciencebehindecommerce.com usemarketings.com app-cloud.loyjoy.com app-westlotto.loyjoy.com cloud.loyjoy.com stable.loyjoy.com app-stable.loyjoy.com s.yimg.com dan.mgr.consensu.org cdn.dan.mgr.consensu.org delivery.1tag.dentsu.de cdn.1tag.dentsu.de data.min-cdn.net trck.min-cdn.net ib.adnxs.com www.google.com maps.googleapis.com adservice.google.com www.googleadservices.com www.google.de www.google-analytics.com www.googletagmanager.com google.com googleads.g.doubleclick.net translate.googleapis.com translate-pa.googleapis.com region1.google-analytics.com pagead2.googlesyndication.com ad.doubleclick.net c.paypal.com www.wepowerconnections.com adm.dynamicyield.eu async-px-eu.dynamicyield.com cdn-eu.dynamicyield.com pic-westlotto.mentor.neccton.com api.usercentrics.eu ib.adnxs.com consent-api.service.consent.usercentrics.eu privacy-proxy.usercentrics.eu cdn.dynamicyield.com aggregator.service.usercentrics.eu adm.firstspirit-ice.eu graphql.usercentrics.eu c.bing.com bat.bing.com www.clarity.ms a.clarity.ms b.clarity.ms c.clarity.ms d.clarity.ms e.clarity.ms f.clarity.ms g.clarity.ms h.clarity.ms i.clarity.ms j.clarity.ms k.clarity.ms l.clarity.ms m.clarity.ms n.clarity.ms api.fbanalytics.org api.solarspireconsulting.com api.socialsolutionapp.com api.solaranalyticscorp.com api.highdataanalytics.com api.amcreativemedia.com api.mkmediaworks.com api.datacloudstat.com wss://www.westlotto.de data: 'unsafe-inline' 'unsafe-eval' ; font-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com ergebnisse.westlotto.com www.eurojackpot.de eurojackpot.de www.eurojackpot.com eurojackpot.com fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com cdn-eu.dynamicyield.com aggregator.service.usercentrics.eu data: ; img-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com ergebnisse.westlotto.com data.westlotto.de ps.w.org update.creoworx.com mattplugins.com updates.themepunch-ext-c.tools updates.theme-fusion.com secure.gravatar.com csi.gstatic.com maps.gstatic.com www.gstatic.com www.googletagmanager.com google.com googleads.g.doubleclick.net sp.analytics.yahoo.com www.facebook.com connect.facebook.net jonypractic.net proxdevcool.com westlotto01.webtrekk.net app-westlotto.loyjoy.com cloud.loyjoy.com westlotto.loyjoy.com app-cloud.loyjoy.com fbc.wcfbc.net app-stable.loyjoy.com de-gmtdmp.mookie1.com dan.mgr.consensu.org cdn.dan.mgr.consensu.org delivery.1tag.dentsu.de cdn.1tag.dentsu.de lh3.ggpht.com www.facebook.com www.awin1.com geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com c.paypal.com t.paypal.com *.stats.paypal.com c6.paypal.com stats.g.doubleclick.net cx.atdmt.com www.paypal.com www.paypalobjects.com scripts.psyma.com jaramyouk.org simonzody.com collect-eu-central-1.tealiumiq.com s3.amazonaws.com pbs.twimg.com ps.w.org updates.themepunch-ext-b.tools ib.adnxs.com 8453812.fls.doubleclick.net lantern.roeye.com datacloud.tealiumiq.com cdn.dynamicyield.com app.usercentrics.eu uct.service.usercentrics.eu cdn-eu.dynamicyield.com www.wepowerconnections.com www.googleadservices.com adservice.google.com *.googleapis.com www.google-analytics.com translate.googleapis.com translate.google.com fonts.gstatic.com pagead2.googlesyndication.com lh3.google.com www.google.ae www.google.al www.google.at www.google.ba www.google.be www.google.bg www.google.ca www.google.ch www.google.co.cr www.google.co.in www.google.co.kr www.google.com www.google.co.ma www.google.com.br www.google.com.cy www.google.com.do www.google.com.eg www.google.com.gh www.google.com.gt www.google.com.mx www.google.com.ph www.google.com.sg www.google.com.tr www.google.com.ua www.google.co.th www.google.co.uk www.google.co.ve www.google.co.za www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gm www.google.gr www.google.hr www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.lk www.google.lu www.google.lv www.google.me www.google.mk www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.cv www.google.mu www.google.co.ke www.google.co.id www.google.co.jp www.google.dz www.google.hn www.google.com.cu www.google.co.nz www.google.com.au www.google.lt www.google.bt www.google.co.tz www.google.com.tw www.google.co.uz www.google.tn www.google.co.il www.google.im www.google.com.pe www.google.com.qa www.google.ad www.google.am www.google.az www.google.by www.google.cl www.google.com.co c.bing.com bat.bing.com www.clarity.ms a.clarity.ms b.clarity.ms c.clarity.ms d.clarity.ms e.clarity.ms f.clarity.ms g.clarity.ms h.clarity.ms i.clarity.ms j.clarity.ms k.clarity.ms l.clarity.ms m.clarity.ms n.clarity.ms data: blob: ; child-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com ergebnisse.westlotto.com www.youtube.com www.sparkassen-internetkasse.de ciuvo.com westlotto.perbit-job.de partners.webmasterplan.com blob: ; frame-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com ergebnisse.westlotto.com news.westlotto.de www.kununu.com iprospect.involve.me www.youtube.com www.youtube-nocookie.com www.sparkassen-internetkasse.de ciuvo.com westlotto.perbit-job.de westlotto-job.perbit-job.de partners.webmasterplan.com c.paypal.com www.paypal.com www.awin1.com www.dwin1.com td.doubleclick.net tpc.googlesyndication.com api.nakarta.com bid.g.doubleclick.net r.srvtrck.com www.google.com 12034191.fls.doubleclick.net 8453812.fls.doubleclick.net www.facebook.com scripts.psyma.com cookieaquila.com westdeutsche-lotterie-gmbh-co-ohg.jobs.personio.de pic-westlotto.mentor.neccton.com app.usercentrics.eu data: ; worker-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com ergebnisse.westlotto.com blob: ; block-all-mixed-content; base-uri 'self'; report-uri https://1934a11189c9ec9d302de0ee10e4c650.report-uri.com/r/t/csp/enforce 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; 1
script-src-elem 'self' 'unsafe-inline' https://spm.apps.gov.bc.ca/ https://spt.apps.gov.bc.ca/ https://sp-js.apps.gov.bc.ca/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www2.gov.bc.ca https://use.typekit.net https://cdnjs.cloudflare.com https://s7.addthis.com https://m.addthis.com https://z.moatads.com https://v1.addthisedge.com https://dpm.demdex.net https://sync.mathtag.com https://secure.adnxs.com https://www.gstatic.com/dialogflow-console/ https://connect.facebook.net/ https://cdn.jsdelivr.net/gh/ https://static.dialogflow.com/ https://unpkg.com/; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-w9xI+gTn/6V/bpL4N04jnQ==' *.gstatic.com *.google.com *.googleapis.com *.useinsider.com *.youtube.com *.adform.net *.dataroid.com *.efilli.com; style-src 'self' *.googleapis.com 'unsafe-inline'; img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.kuveytturk.com.tr *.efilli.com; font-src 'self' data: *.googleapis.com *.gstatic.com; connect-src 'self' *.googleapis.com *.efilli.com *.dataroid.com *.kuveytturk.com.tr *.kuveytturk.com *.useinsider.com; object-src 'none'; base-uri 'self'; frame-src 'self' *.useinsider.com *.kuveytturk.com.tr *.kuveytturk.com *.google.com *.adform.net *.youtube.com; 1
frame-ancestors 'self' https://mlhq.macmillanlearning.com/panmac/ https://sites-us.lumapps.com/a/macmillan https://siteteam.net/; 1
default-src 'self' 'unsafe-inline' data: *.zscalerone.net *.zscalertwo.net *.zscalerthree.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com code.jquery.com static.cloudflareinsights.com *.zscalerone.net *.zscalertwo.net *.zscalerthree.net yoast.com *.helpscout.net; style-src 'self' 'unsafe-inline' *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.googleapis.com code.jquery.com; font-src * data:; img-src * data:; connect-src 'self' *.google.com *.google-analytics.com *.doubleclick.net yoast.com *.cloudfront.net; frame-src 'self' *.vimeo.com *.libsyn.com *.zscalerone.net *.zscalertwo.net *.zscalerthree.net cdn.yoshki.com/iframe/55845r.html; worker-src 'self' blob: 1
script-src 'nonce-PUbZR56+IIo3+vtWSTCkng==' 'strict-dynamic' 'unsafe-eval' 'report-sample' https: 'unsafe-inline'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=A1asMZamDCOu-y8_H3hilJaX-DiZ4ubd_xPkDJU2bnDl2QueiJv03gPam6EQ&policy_id=10&user_id=&request_id=f96e0210-7142-4b7e-86ef-e18f8f2a6d62; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com pinterest-yamagata.s3.amazonaws.com pinterest-yamagata.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.sofort.com *.tink.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.youtube-nocookie.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-e4c0403b93a9fd971e2328f420e7d2ce' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=9805379084445259; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=9805379084445259 1
default-src 'none'; script-src 'self' *.google-analytics.com *.tiqcdn.com *.sentry-cdn.com 'unsafe-inline'; style-src 'self' 'sha256-2lJlIEmusyb3JNY53ydH88jUAHmut+w9MBHaD2PWEzY=' *.myfonts.net *.googleapis.com; connect-src *.frontdoorhome.com *.zestyio.com *.zesty.io *.zesty.dev frontdoor2019ir.q4web.com *.ingest.sentry.io; frame-src *.vimeo.com *.youtube.com; img-src *.zestyio.com *.zesty.io *.zesty.dev *.google-analytics.com *.doubleclick.net; font-src *.zestyio.com *.zesty.io *.googleapis.com *.gstatic.com 1
upgrade-insecure-requests; default-src https://*.idnet.com https://*.idnet.net 'unsafe-inline' 'unsafe-eval' https://*.google.com https://www.google.co.uk https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com  https://widget.trustpilot.com https://fast.fonts.net https://*.facebook.net https://*.facebook.com https://*.twitter.com https://*.stripe.com https://*.googleapis.com https://www.youtube.com https://www.youtube-nocookie.com  data: ; img-src https: data: android-webview-video-poster: ; font-src https: data: ;  object-src 'self';  base-uri 'self'; form-action https://www.idnet.com https://idnet.us4.list-manage.com; report-uri https://www.idnet.com/api/csp_receiver.php; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.addthis.com *.addthisedge.com *.algolia.net *.algolianet.com *.applicationinsights.azure.com *.applicationinsights.microsoft.com *.doubleclick.net *.facebook.com *.facebook.net *.instagram.com *.tiktok.com lf16-tiktok-web.ttwstatic.com *.fonts.com *.fonts.net *.google-analytics.com *.google.co.nz *.google.com *.google.com.au *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.jsdelivr.net *.moatads.com *.penguin.co.nz *.penguin.com.au *.recaptcha.net *.ubembed.com *.youtube.com *.klaviyo.com *.static.klaviyo.com az416426.vo.msecnd.net dc.services.visualstudio.com penguin-random-house.involve.me rt.services.visualstudio.com secure-ds.serving-sys.com *.typeform.com; object-src 'none'; img-src 'self' https: data:; upgrade-insecure-requests; report-uri https://penguin.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' *.moffitt.org *.googletagmanager.com *.youtube.com *.doubleclick.net *.adsrvr.org *.google.com; img-src * data:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.nift.me/ https://maps.googleapis.com/ https://challenges.cloudflare.com/ https://static.cloudflareinsights.com/ https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases https://www.gstatic.com/charts https://www.google-analytics.com/ https://assets.calendly.com/assets/external/widget.js https://j.6sc.co/j/67eab966-8109-48e4-b303-5dd0b1b8ecd7.js https://j.6sc.co/6si.min.js; style-src 'self' 'unsafe-inline' https://cdn.nift.me/ https://assets.calendly.com/assets/external/widget.css; object-src 'self' https://cdn.nift.me/; base-uri 'self'; connect-src 'self' https://cdn.nift.me/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://*.6sc.co/; font-src 'self' https://cdn.nift.me/ https://fonts.gstatic.com/; frame-src 'self' https://cdn.nift.me/; img-src 'self' https://cdn.nift.me/ https://cdn.nift.me/ https://www.google-analytics.com/collect https://*.6sc.co/v1/beacon/img.gif; frame-ancestors 'self'; 1
default-src https:; script-src 'unsafe-eval' 'unsafe-inline' https://hitbtc.com https://www.google.com https://www.googletagmanager.com https://www.googleadservices.com https://connect.facebook.net https://www.gstatic.com https://www.google-analytics.com https://*.doubleclick.net https://platform.twitter.com https://*.geetest.com  https://static.sumsub.com https://heatherkyc.stagingstuff.com https://posthog.hitbtc.com; img-src 'self' https: data: blob: https://hitbtc.com; font-src https: data:; frame-src https: blob: https://hitbtc.com; media-src https:; object-src https:; child-src 'none'; style-src 'unsafe-inline' https: https://hitbtc.com; connect-src data: https://*:* wss://*:*; frame-ancestors 'self'; worker-src 'self' blob: ; 1
script-src https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'self' 'unsafe-inline' 'self' *.googleapis.com *.gstatic.com *.cloudflare.com *.telerik.com *.bootstrapcdn.com *.fontawesome.com *.jquery.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.cookiebot.com *.google-analytics.com *.adroll.com *.facebook.net sc-static.net *.bytedance.com *.clarity.ms *.snapchat.com *.youtube.com *.jsdelivr.net *.azure.com *.googlesyndication.com *.googleadservices.com *.tagboard.com *.google.com *.satis.fi; style-src https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' 'unsafe-inline' 'unsafe-inline' 'self' *.googleapis.com *.gstatic.com *.cloudflare.com *.telerik.com *.bootstrapcdn.com *.fontawesome.com *.jsdelivr.net *.satis.fi; img-src https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' data: *.windows.net *.google.com *.cookiebot.com *.google-analytics.com *.facebook.com *.adroll.com *.bidswitch.net *.casalemedia.com *.rubiconproject.com *.openx.net *.rlcdn.com *.outbrain.com *.pubmatic.com *.yahoo.com *.taboola.com *.3lift.com *.adnxs.com *.doubleclick.net *.vimeocdn.com *.googlesyndication.com *.reson8.com *.googletagmanager.com *.usaswimming.org *.satis.fi; connect-src https://*.insight.sitefinity.com https://*.dec.sitefinity.com 'self' 'unsafe-inline' 'self' *.googleapis.com *.gstatic.com *.cloudflare.com *.telerik.com *.bootstrapcdn.com *.fontawesome.com *.jquery.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.cookiebot.com *.google-analytics.com *.adroll.com *.facebook.net sc-static.net *.bytedance.com *.clarity.ms *.snapchat.com *.azurewebsites.net *.azure.com *.googlesyndication.com *.google.com *.satis.fi; default-src 'self' 'unsafe-inline' 'self' *.googleapis.com *.gstatic.com *.cloudflare.com *.telerik.com *.bootstrapcdn.com *.fontawesome.com *.jquery.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.cookiebot.com *.satis.fi; font-src  'unsafe-inline' 'self' *.googleapis.com *.gstatic.com *.cloudflare.com *.telerik.com *.bootstrapcdn.com *.fontawesome.com; frame-src  *.adroll.com *.cookiebot.com *.doubleclick.net *.snapchat.com *.youtube.com *.vimeo.com vimeo.com *.google.com *.googlesyndication.com *.tagboard.com *.satis.fi 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.cloudfront.net https://*.doubleclick.net https://*.fls.doubleclick.net https://*.linkedin.com https://cdn.linkedin.oribi.io https://*.sitecorecontenthub.cloud https://*.terminus.services https://*.wistia.com https://*.wistia.net https://ad.ipredictive.com https://ajax.googleapis.com https://analytics.twitter.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cnv.event.prod.bidr.io https://code.jquery.com https://connect.facebook.net https://edge.sitecorecloud.io https://match.adsrvr.org https://maxcdn.bootstrapcdn.com https://vhatv.vha.com https://vitals.vercel-insights.com https://www.cvent.com https://www.ethosce.com https://www.facebook.com https://www.google.ca https://www.google.com https://*.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://*.oneok.com https://vimeo.com https://i.vimeocdn.com https://player.vimeo.com https://discover.sitecorecloud.io https://www.youtube.com; style-src 'self' 'unsafe-inline' data: blob: https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' data: blob: https://fonts.gstatic.com; block-all-mixed-content; media-src 'self' data: blob: https://edge.sitecorecloud.io https://*.sitecorecontenthub.cloud embedwistia-a.akamaihd.net *.wistia.net *.wistia.com; frame-ancestors 'none'; 1
report-uri https://o389095.ingest.sentry.io/api/4503974312935424/security/?sentry_key=b47d15718a5343f497259a10c33fd9e2&sentry_environment=vercel-production&sentry_release=72e6faeeaac2b8668d5d84a2be31ae5ca3a2177e; default-src 'self' blob: https://*.decentralized-content.com; font-src 'self' data: *; media-src 'self' blob: *; object-src 'self' blob: *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://unpkg.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://challenges.cloudflare.com https://vercel.live; child-src 'self' blob: https://*.decentralized-content.com https://auth.privy.io https://verify.walletconnect.com https://verify.walletconnect.org; frame-src 'self' data: 'unsafe-eval' blob: *; connect-src 'self' data: blob: *; frame-ancestors 'self' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://player.vimeo.com https://vimeo.com https://wb.messengerpeople.com https://isitetv.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tpc.googlesyndication.com https://tr.snapchat.com blob: https://www.pinterest.com https://www.pinterest.co.uk https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://*.criteo.com https://ct.pinterest.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.iwantoneofthose.com https://m.iwantoneofthose.com https://checkout.iwantoneofthose.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://tpc.googlesyndication.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://s.pinimg.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' userecho.com userecho.ru *.userecho.com dev.userecho.com:9000 dev.userecho.com:8111 linkhub.online support.userecho.com; report-uri /tools/csp/ 1
default-src 'self' *.afterpay.com *.squarecdn.com *.afterpay-beta.com *.polyfill.io *.everesttech.net *.everestjs.net *.demdex.net *.centerwellpharmacy.com *.squarecdn.com *.facebook.net *.cloudfront.net *.cmcore.com *.salesforce.com  *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv *.vovici.com *.verint-cdn.com *.efmfeedback.com; style-src 'self' 'unsafe-inline' *.everesttech.net *.everestjs.net *.demdex.net *.centerwellpharmacy.com *.facebook.net *.cloudfront.net *.cmcore.com *.salesforce.com  *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv *.vovici.com *.verint-cdn.com *.efmfeedback.com; font-src *.everesttech.net *.everestjs.net *.demdex.net *.centerwellpharmacy.com *.facebook.net *.cloudfront.net *.cmcore.com *.salesforce.com  *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv *.vovici.com *.verint-cdn.com *.efmfeedback.com; frame-src *.everesttech.net *.squarecdn.com *.afterpay.com *.everestjs.net *.demdex.net *.centerwellpharmacy.com  *.facebook.net *.cloudfront.net *.cmcore.com *.salesforce.com  *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv *.vovici.com *.verint-cdn.com *.efmfeedback.com; worker-src   blob: *.everesttech.net *.everestjs.net *.demdex.net *.centerwellpharmacy.com *.facebook.net *.cloudfront.net *.cmcore.com *.salesforce.com  *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv *.vovici.com *.verint-cdn.com *.efmfeedback.com; img-src 'self' data: *.everesttech.net *.afterpay.com *.squarecdn.com *.everestjs.net *.demdex.net *.centerwellpharmacy.com *.facebook.net *.cloudfront.net *.cmcore.com *.salesforce.com  *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv *.onetrust.com *.cookielaw.org *.cookie-cdn.cookiepro.com *.vovici.com *.verint-cdn.com *.efmfeedback.com; script-src-elem 'unsafe-inline' 'unsafe-hashes' *.polyfill.io *.afterpay.com *.squarecdn.com hbiq.net *.everesttech.net *.everestjs.net *.demdex.net *.centerwellpharmacy.com *.facebook.net *.cloudfront.net *.cmcore.com *.salesforce.com  *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv *.onetrust.com *.cookielaw.org *.cookie-cdn.cookiepro.com *.vovici.com *.verint-cdn.com *.efmfeedback.com; script-src 'self' 'unsafe-hashes' 'unsafe-inline' *.polyfill.io *.centerwellpharmacy.com *.everesttech.net *.everestjs.net *.demdex.net *.centerwellpharmacy.com *.facebook.net *.cloudfront.net *.cmcore.com *.salesforce.com  *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv *.vovici.com *.verint-cdn.com *.efmfeedback.com; connect-src wss://hoover.foresee.com https://hoover.foresee.com *.afterpay.com *.squarecdn.com *.amplitude.com *.afterpay-beta.com *.everesttech.net *.everestjs.net *.demdex.net *.centerwellpharmacy.com *.facebook.net *.cloudfront.net *.cmcore.com  *.salesforce.com   *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv *.onetrust.com *.cookielaw.org *.cookie-cdn.cookiepro.com *.vovici.com *.verint-cdn.com *.efmfeedback.com; 1
default-src: 'self' *.euromoney.psdops.com www.euromoney.com www.euromoney.com; frame-src: 'self' *.euromoney.psdops.com www.euromoney.com www.euromoney.com 1
frame-ancestors https://caramel.la https://caramel.la/* 'self' 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-e4tpgyQIgZmacemCXt946A==' yastatic.net mc.yandex.ru mc.yandex.yandex api-maps.yandex.ru *.maps.yandex.net suggest-maps.yandex.ru www.youtube.com s.ytimg.com 'strict-dynamic' 'report-sample'; style-src 'self' 'unsafe-inline' yastatic.net mc.yandex.ru blob:; font-src 'self' yastatic.net data:; img-src 'self' data: blob: avatars.yandex.net mc.admetrica.ru mc.yandex.ru mc.yandex.yandex yastatic.net avatars.mds.yandex.net *.cdn.yandex.net api-maps.yandex.ru *.maps.yandex.net static-maps.yandex.ru yandex.ru *.captcha.yandex.net storage-int.mds.yandex.net tc.mobile.yandex.net www.facebook.com carsharing.s3.yandex.net carsharing-violations.s3.yandex.net linkedin.com *.ads.linkedin.com www.linkedin.com www.google.com www.google.kz www.google.ru www.googleadservices.com googleads.g.doubleclick.net view.adjust.com ya-authproxy.taxi.yandex.yandex taxi-promotions.s3.yandex.net; frame-src 'self' forms.yandex.ru forms.yandex.com forms.yandex.kz forms.yandex.by forms.yandex.yandex www.youtube.com www.youtube-nocookie.com download.yandex.ru *.cdn.yandex.net trust.yandex.yandex; child-src 'self' blob:; connect-src 'self' mc.yandex.ru mc.yandex.yandex blob: yandex.ru passport.yandex.yandex *.yandex.net api-maps.yandex.ru trust.yandex.yandex ya-authproxy.taxi.yandex.yandex yastatic.net yandex.by yandex.ua yandex.kz yandex.com yandex.com.ge yandex.md yandex.kg yandex.uz yandex.ee yandex.rs yandex.lt; media-src streaming.video.yandex.ru *.storage.yandex.net *.cdn.yandex.net yastatic.net; frame-ancestors 'self' support-uber.com *.support-uber.com yango.yandex.com http://webvisor.com eda.yandex *.yandex-team.ru yandex.yandex *.yandex.yandex *.yandex.com; manifest-src 'self'; report-uri https://csp.yandex.net/csp?from=taxifrontend-taxi-frontend-go&project=taxifrontend-taxi-frontend-go&yandex_login=&yandexuid=; 1
script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.foodtecsolutions.com *.hibu.us *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net gh-prod-nitrosites.s3.amazonaws.com; frame-ancestors 'self' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.foodtecsolutions.com *.hibu.us *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net gh-prod-nitrosites.s3.amazonaws.com; 1
upgrade-insecure-requests;  default-src https: data: 'unsafe-inline' 'unsafe-eval' https: https://accounts.google.com/gsi/;  script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://accounts.google.com/gsi/client;  style-src data: 'unsafe-inline' https: https://accounts.google.com/gsi/style;  img-src data: https: blob:;  font-src data: https:;  connect-src https: wss: blob: https://accounts.google.com/gsi/;  media-src data: https: blob:;  object-src https:;  child-src https: data: blob:;  form-action https:;  frame-ancestors 'none'; 1
connect-src 'self' wss://identi.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ajax.googleapis.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com maxcdn.bootstrapcdn.com; font-src 'self' cdnjs.cloudflare.com; img-src *; object-src 'none'; media-src *; child-src 'self' www.youtube.com; frame-ancestors 'none' 1
frame-ancestors 'self' https://*.gitpod.io https://gitpod.io 1
default-src 'self' cdn.cookielaw.org *.byside.com cm.everesttech.net dev.day.com novobanco.pt *.novobanco.pt novobancodosacores.pt *.novobancodosacores.pt *.demdex.net www.google.pt *.evergage.com www.google-analytics.com analytics.google.com *.youtube.com youtube.com *.gstatic.com www.googletagmanager.com www.w3.org *.googleapis.com bdso.sharepoint.com www.google.com vr.unit360.pt *.onlinepayments.pt lm.serving-sys.com oppwa.com *.autenticacao.gov.pt;		font-src 'self' data: *.novobanco.pt novobanco.pt novobancodosacores.pt *.novobancodosacores.pt *.gstatic.com;		frame-ancestors 'self' *.novobanco.pt novobanco.pt novobancodosacores.pt *.novobancodosacores.pt www.olx.pt m.olx.pt bdso.sharepoint.com www.m.olx.pt *.googleapis.com youtube.com *.youtube.com sdk.companywebcast.com vr.unit360.pt *.onlinepayments.pt lm.serving-sys.com oppwa.com *.autenticacao.gov.pt;		script-src 'self' 'unsafe-inline' 'unsafe-eval' cm.everesttech.net dev.day.com www.webrtc-experiment.com *.novobanco.pt *.novobancodosacores.pt ajax.googleapis.com code.createjs.com fonts.googleapis.com webcare.byside.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com s1.byside.com grmtech.net bs.serving-sys.com secure-ds.serving-sys.com s.ytimg.com onlinepayments.pt oppwa.com www.youtube.com d3c3cq33003psk.cloudfront.net tagmanager.google.com googleads.g.doubleclick.net www.googleadservices.com connect.facebook.net www.facebook.com cdn.cookielaw.org cdn.evgnet.com geolocation.onetrust.com optimize.google.com assets.adobedtm.com unpkg.com snap.licdn.com bdso.sharepoint.com *.googleapis.com vr.unit360.pt *.onlinepayments.pt lm.serving-sys.com oppwa.com *.autenticacao.gov.pt https://www.redditstatic.com https://*.qualtrics.com *.loqr.io blob:;		connect-src 'self' privacyportal-eu.onetrust.com *.novobanco.pt novobanco.pt novobancodosacores.pt *.novobancodosacores.pt wss: dpm.demdex.net *.byside.com *.evergage.com cm.everesttech.net dev.day.com *.tt.omtrdc.net cdn.cookielaw.org www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com www.google.pt *.youtube.com youtube.com *.doubleclick.net secure-ds.serving-sys.com bdso.sharepoint.com *.googleapis.com vr.unit360.pt *.onlinepayments.pt *.oppwa.com oppwa.com lm.serving-sys.com cookies-data.onetrust.io www.google.com adservice.google.com autenticacao.gov.pt *.autenticacao.gov.pt *.qualtrics.com https://cdn.linkedin.oribi.io data:;		img-src 'self' data: cdn.cookielaw.org *.byside.com *.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com cm.everesttech.net dev.day.com novobanco.pt *.novobanco.pt novobancodosacores.pt *.novobancodosacores.pt *.demdex.net www.google.pt *.evergage.com www.google-analytics.com analytics.google.com *.youtube.com youtube.com *.gstatic.com www.googletagmanager.com www.w3.org *.googleapis.com www.google.com i.ytimg.com www.facebook.com *.linkedin.com bdso.sharepoint.com vr.unit360.pt *.onlinepayments.pt lm.serving-sys.com bs.serving-sys.com oppwa.com *.autenticacao.gov.pt *.doubleclick.net https://alb.reddit.com https://*.qualtrics.com https://novobancopoc.112.2o7.net blob:;		frame-src 'self' *.googleapis.com *.novobanco.pt *.fls.doubleclick.net tickcounter.com free.timeanddate.com *.morningstar.com youtube.com *.youtube.com *.demdex.net novobancodosacores.pt *.novobancodosacores.pt sdk.companywebcast.com vr.unit360.pt *.onlinepayments.pt lm.serving-sys.com oppwa.com *.autenticacao.gov.pt www.facebook.com eur05.safelinks.protection.outlook.com https://*.qualtrics.com;		style-src 'self' 'unsafe-inline' *.novobanco.pt *.byside.com *.googleapis.com bdso.sharepoint.com youtube.com *.youtube.com vr.unit360.pt *.onlinepayments.pt lm.serving-sys.com autenticacao.gov.pt oppwa.com *.autenticacao.gov.pt *.novobancodosacores.pt; 1
default-src 'none'; connect-src 'self' https://samc.zkb.ch https://same.zkb.ch https://samt.zkb.ch https://samct.zkb.ch https://sameo.zkb.ch https://dpm.demdex.net https://edge.adobedc.net https://adobedc.demdex.net https://*.doubleclick.net https://pagead2.googlesyndication.com https://www.google.com/pagead/landing https://www.google.ch/pagead/landing https://privacyportal-ch.onetrust.com https://geolocation.onetrust.com https://*.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-src 'self' https://www.google.com https://zkb.demdex.net https://dpm.demdex.net https://*.doubleclick.net; frame-ancestors 'self' https://*.adobe.com/; img-src 'self' data: https://dpm.demdex.net https://cm.everesttech.net https://samc.zkb.ch https://*.googleapis.com https://maps.gstatic.com https://*.doubleclick.net https://ade.googlesyndication.com; media-src 'self' https://dpm.demdex.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://assets.adobedtm.com https://cdn.tt.omtrdc.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.tt.omtrdc.net; object-src 'self' 1
frame-ancestors 'self' https://www.matrimonio.com https://community.matrimonio.com https://landing.matrimonio.com 1
default-src 'self' https://*.tellja.eu https://siteintercept.qualtrics.com https://*.clarity.ms https://bat.bing.com https://admin.df.eu/ https://analytics.aklamio.com https://*.ampproject.org https://*.lpsnmedia.net https://*.tealiumiq.com https://*.google.com https://*.google.de https://*.doubleclick.net https://*.optimizely.com https://www.google-analytics.com https://*.facebook.com; connect-src 'self' https://www.google.de https://region1.google-analytics.com https://www.sjwoe.com https://www.emjcd.com https://*.analytics.google.com wss://lo.msg.liveperson.net/ https://*.googlesyndication.com https://www.google-analytics.com https://*.tellja.eu https://*.bing.com https://*.doubleclick.net https://*.metrics.convertexperiments.com https://*.convertexperiments.com https://*.optimizetoolkit.com; style-src 'self' 'unsafe-inline' https://github.githubassets.com https://fonts.googleapis.com https://*.amazonaws.com https://*.convertexperiments.com https://*.metrics.convertexperiments.com https://*.optimizetoolkit.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://pix.hyj.mobi https://d.hyj.mobi https://*.tellja.eu https://*.googletagmanager.com https://*.amazonaws.com https://*.convertexperiments.com https://*.metrics.convertexperiments.com https://*.optimizetoolkit.com https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://gist.github.com https://my.tealiumiq.com http://tags.tiqcdn.com https://*.clarity.ms https://*.omnitagjs.com https://*.adnxs.com https://*.aklamio.com https://*.doubleclick.net https://java.com https://tags.tiqcdn.com https://*.cloudstorage.secureserver.net https://static-artifact.heg-cp.com https://cdn.polyfill.io https://www.google.com https://www.gstatic.com https://*.optimizely.com https://www.googleadservices.com https://bat.bing.com https://www.dwin1.com https://connect.facebook.net https://www.google-analytics.com ajax.googleapis.com https://*.twitter.com https://static.ads-twitter.com https://*.ampproject.org https://*.wsimg.com https://*.liveperson.net https://*.lpsnmedia.net; font-src 'self' https://fonts.gstatic.com https://optimizely.github.io; object-src 'self'; img-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://*.adform.net https://sync.1rx.io https://simage2.pubmatic.com https://e1.emxdgt.com https://s.ad.smaato.net https://rtb-csync.smartadserver.com https://sync.targeting.unrulymedia.com https://ups.analytics.yahoo.com https://csync.loopme.me https://ad.yieldlab.net https://pixel.rubiconproject.com https://ad.360yield.com https://ih.adscale.de https://*.openx.net https://*.connectad.io https://inv-nets.admixer.net https://usync.vrtcal.com https://*.pubmine.com https://cm.adform.net https://*.bidswitch.net https://*.casalemedia.com https://*.tellja.eu https://*.tellja.de https://*.tellja.eu https://my.tealiumiq.com https://collect.tealiumiq.com https://*.convertexperiments.com https://*.metrics.convertexperiments.com https://*.optimizetoolkit.com https://siteintercept.qualtrics.com https://*.google.co.uk https://analytics.twitter.com https://paintbrush.heg-cp.com https://*.clarity.ms https://*.bing.com https://irp.cdn-website.com https://*.atdmt.com https://*.zemanta.com https://*.trustpilot.com https://*.aklamio.com https://img1.wsimg.com https://*.lpsnmedia.net https://java.com https://www.df.eu/ data: https://i.ytimg.com https://*.g.doubleclick.net https://bat.bing.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://www.google.de https://t.co https://*.multiscreensite.com; frame-src 'self' mailto: https://*.liveperson.net/ https://*.tellja.eu https://*.df.eu https://*.dftest.eu https://*.qualtrics.com/ https://*.doubleclick.net https://www.youtube-nocookie.com https://*.aklamio.com https://lo.tokenizer.liveperson.net https://pixel.bsmartdata.com https://www.google.com https://*.optimizely.com  https://*.convertexperiments.com https://*.metrics.convertexperiments.com https://*.optimizetoolkit.com https://*.facebook.com https://*.facebook.net www.youtube.com *.vimeo.com *.vimeocdn.com https://*.fls.doubleclick.net https://*.lpsnmedia.net https://server.lon.liveperson.net/; 1
upgrade-insecure-requests; default-src 'self' 'report-sample'; frame-ancestors 'self'; style-src 'self' 'nonce-5327097b711ff43b58ad2cc5f3880bf7' https://accounts.google.com/gsi/style; script-src 'self' 'report-sample' 'strict-dynamic' 'nonce-5327097b711ff43b58ad2cc5f3880bf7'; connect-src 'self' https://api.nicex.com https://capture.trackjs.com https://*.analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://accounts.google.com/gsi/ wss://*.ws.nicex.com wss://*.nicehash.com; img-src 'self' 'report-sample' https://api.nicex.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://usage.trackjs.com https://i.ytimg.com https://img.youtube.com https://www.gstatic.com https://www.google.com https://static.nicehash.com https://nicex.banxa.com/images/payment-providers/ data:; base-uri 'self'; font-src 'self' https://fonts.gstatic.com data:; form-action 'self' https://api.nicehash.com; child-src 'self' https://recaptcha.net https://www.google.com https://youtube.com https://www.youtube.com https://api.sumsub.com https://accounts.google.com/gsi/; report-uri /_csp_; report-to active 1
script-src 'self'  'unsafe-inline' 'unsafe-eval'  https://blofin.com  https://*.blofin.com https://static.zdassets.com https://static.cloudflareinsights.com https://www.googletagmanager.com https://static.sensorsdata.cn https://challenges.cloudflare.com https://gcaptcha4.geetest.com https://static.geetest.com https://dn-staticdown.qbox.me https://s2.tokeninsight.com https://*.mediamathrdrt.com https://*.zendesk.com https://*.blofin.com blob: 1
frame-src 'self'; frame-ancestors 'self' *.realmmlp.ca *.torontomls.net; object-src 'none'; 1
default-src 'self' cdn.cookielaw.org *.onetrust.com cookie-cdn.cookiepro.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 34.160.4.81 34.96.95.23 https://api.company-target.com/ https://company-target.com/ https://j.6sc.co/ https://tag.demandbase.com/ https://js.hsadspixel.net/ https://js.usemessages.com/ https://js.hubspot.com/ https://js.zi-scripts.com/ https://js.hs-banner.com https://js.hsleadflows.net https://forms.hubspot.com https://js.hscollectedforms.net https://js.intercomcdn.com/ https://s.adroll.com/ https://www.clarity.ms/ https://widget.intercom.io/ *.alorica-dev-digital.com *.landbot.pro landbot.pro *.landbot.io *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net https://cdn.botframework.com/botframework-webchat/latest/webchat-es5.js https://static.landbot.io/landbot-widget/landbot-widget-1.0.0.js cdn.pardot.com go.pardot.com pi.pardot.com googletagmanager.com rum-static.pingdom.net snap.licdn.com www.googletagmanager.com/gtag/js www.googletagmanager.com/gtm.js *.zoominfo.com *.serving-sys.com *.alorica.com *.rlets.com cdn.rlets.com https://capture-api.reachlocalservices.com/originCountry https://pixel.mathtag.com https://www.googleadservices.com https://bat.bing.com https://fastbase.com https://go.alorica.com https://aloricarefresh.blob.core.windows.net www.googletagmanager.com/gtm.js https://googleads.g.doubleclick.net https://www.googletagmanager.com *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net rlets.com reachlocalservices.com facebook.net rlcdn.com gannettdigital.com facebook.com simpli.fi googleservices.com doubleclick.net cdn.cookielaw.org *.onetrust.com cookie-cdn.cookiepro.com *.a.run.app; style-src 'self' 'unsafe-inline' 34.160.4.81 34.96.95.23 *.alorica.com *.alorica-dev-digital.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://localhost:44378 https://www.googletagmanager.com cdn.cookielaw.org *.onetrust.com cookie-cdn.cookiepro.com *.a.run.app blob:; font-src 'self' https://fonts.intercomcdn.com/ fonts.gstatic.com cdn.cookielaw.org *.onetrust.com cookie-cdn.cookiepro.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' https://b.6sc.co/ https://www.google.com.tw/ https://perf-na1.hsforms.com/ https://js.hsleadflows.net https://forms.hsforms.com https://www.alorica.com https://alorica.com https://js.intercomcdn.com/ https://fei.pro-market.net https://c.clarity.ms *.azureedge.net *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com *.eloqua.com track.hubspot.com https://ava-alorica-bot.azurewebsites.net https://static.landbot.io/landbot/files/ https://go.alorica.com https://aloricarefresh.blob.core.windows.net *.imgur.com *.serving-sys.com https://px.ads.linkedin.com https://p.adsymptotic.com https://bat.bing.com https://www.google.com https://www.alorica.com https://www.google.com.ph https://www.googletagmanager.com https://px4.ads.linkedin.com https://pixel.mathtag.com data: blob: *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net rlets.com reachlocalservices.com facebook.net rlcdn.com gannettdigital.com facebook.com simpli.fi cdn.cookielaw.org *.onetrust.com cookie-cdn.cookiepro.com googleservices.com doubleclick.net; media-src 'self' https://js.intercomcdn.com/ *.alorica.com *.azureedge.net data: blob: https://aloricarefresh.blob.core.windows.net; frame-src 'self' https://s.company-target.com/ https://app.hubspot.com https://forms.hubspot.com https://www.buzzsprout.com/ https://pdcn.co/ https://pdcn.com/ youtube.com https://www.youtube.com/ *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net rlets.com reachlocalservices.com facebook.net rlcdn.com gannettdigital.com facebook.com simpli.fi googleservices.com doubleclick.net *.landbot.pro landbot.pro *.landbot.io https://landbot.pro cdn.landbot.io https://landbot.pro/u/ https://go.alorica.com/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://landbot.pro https://go.alorica.com/ go.pardot.com pi.pardot.com cdn.landbot.io *.landbot.pro *.rlets.com cdn.rlets.com https://capture-api.reachlocalservices.com/originCountry https://pixel.mathtag.com https://bid.g.doubleclick.net https://pixel.mathtag.com cdn.cookielaw.org *.onetrust.com cookie-cdn.cookiepro.com; connect-src 'self' https://api.company-target.com/ https://analytics.google.com/ https://ipv6.6sc.co/ https://c.6sc.co/ https://api.hubspot.com/ https://js.zi-scripts.com/ https://api.hubapi.com/ https://cta-service-cms2.hubspot.com/ https://forms.hscollectedforms.net/ https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://forms.hubspot.com *.hsforms.com *.clarity.ms/ wss://nexus-websocket-a.intercom.io/ *.intercom.io https://s.clarity.ms/collect https://api-iam.intercom.io/messenger/web/ping https://www.fastbase.com/ *.alorica.com *.alorica-dev-digital.com https://cdn.linkedin.oribi.io landbot.pro accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.visualstudio.com https://westus.api.cognitive.microsoft.com https://landbot.pro/u/ *.botframework.com https://westus.tts.speech.microsoft.com/cognitiveservices/voices/list wss://*.botframework.com pi.paradot.com cdn.landbot.io *.landbot.pro api.zippopotam.us *.pingdom.net *.serving-sys.com *.google-analytics.com https://stats.g.doubleclick.net *.facebook.com *.rlets.com cdn.rlets.com https://capture-api.reachlocalservices.com/originCountry https://liqadprdct-capture-prod-east.gannettdigital.com https://go.alorica.com https://aloricarefresh.blob.core.windows.net www.googletagmanager.com/gtm.js https://fastbase.com https://bat.bing.com https://ws.zoominfo.com *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net rlets.com reachlocalservices.com facebook.net rlcdn.com gannettdigital.com facebook.com simpli.fi googleservices.com doubleclick.net *.a.run.app https://alorica-iq-webapi-dot-aiq-genai-ava-chatbot.uc.r.appspot.com https://alorica-iq-webapi-dot-aiq-genai-ava-chatbot.uc.r.appspot.com/socket.io https://alorica-iq-webapi-dev-dot-aiq-genai-ava-chatbot.uc.r.appspot.com cdn.cookielaw.org *.onetrust.com cookie-cdn.cookiepro.com; 1
object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://analytics.tiktok.com https://www.tiktok.com https://www.googleadservices.com https://sf16-website-login.neutral.ttwstatic.com http://d.line-cdn.net https://d.line-scdn.net https://hm.baidu.com https://www.clarity.ms https://cdn-au.onetrust.com https://am.yahoo.co.jp https://b99.yahoo.co.jp https://apm.yahoo.co.jp/ https://connect.facebook.net https://googleads.g.doubleclick.net https://js.fout.jp https://s.yimg.jp https://static.ads-twitter.com http://static.ads-twitter.com https://use.typekit.net https://www.clarity.ms https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com http://www.youtube.com; base-uri 'self'; connect-src 'self' https://analytics.tiktok.com https://www.tiktok.com https://www.googleadservices.com https://adservice.google.com https://*.clarity.ms https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://cdn-au.onetrust.com https://analytics.google.com https://am.yahoo.co.jp https://apm.yahoo.co.jp/ https://www.google-analytics.com https://geolocation.onetrust.com; font-src 'self' https://use.typekit.net; frame-src 'self' https://www.tiktok.com https://www.youtube-nocookie.com https://www.youtube.com https://player.youku.com https://js.fout.jp https://td.doubleclick.net https://stats.g.doubleclick.net www.gstatic.com https://www.google.com https://team-lab.mikecrm.com; img-src 'self' https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://b98.yahoo.co.jp https://p77-sign-sg.tiktokcdn.com https://i.ytimg.com https://p16-sign-sg.tiktokcdn.com https://tr.line.me https://hm.baidu.com https://scontent-images-cdn01.com https://cdn-au.onetrust.com https://analytics.twitter.com https://b99.yahoo.co.jp https://cnt.fout.jp https://p.typekit.net https://t.co https://www.facebook.com https://www.google.co.jp https://www.google.com https://c.clarity.ms https://c.bing.com https://team-lab.imagewave.pictures; manifest-src 'self'; media-src 'self' https://www.teamlab.art; worker-src 'none'; 1
default-src *.teva.com *.teva-eu.com data: 'unsafe-eval' 'unsafe-inline' blob: ws: dms.deckers.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com via.placeholder.com *.deckers.layer0-perma.link *.cquotient.com d.emails.teva.com email.ugg.com email.hoka.com email.koolaburra.com email.sanuk.com email.teva.com *.emails.teva.com blog.ugg.com events.hoka.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp blog.uggaustralia.com www.teva-eu.com scripts.deckers.com rum.ingress.edgio.net *.g.doubleclick.net edgeshoppingstatic.azureedge.net s.retargeted.co *.joinhoney.com d3nocrch4qti4v.cloudfront.net df45ay5pw60dy.cloudfront.net cx.atdmt.com cdn.optimizely.com *.bglobale.com *.formstack.com *.deckers.coremedia.cloud rum-http-intake.logs.datadoghq.com www.datadoghq-browser-agent.com rum.ingress.layer0.co rum.layer0.co *.pingdom.net *.pitneybowes.com pippio.com hosted.where2getit.com res.cloudinary.com splashthat.eu *.klarnacdn.net *.klarnaservices.com *.klarna.com *.klarnaevt.com dfp.bouncex.net *.bounceexchange.com *.medallia.eu *.kampyle.com cdn.pdst.fm sink.pdst.fm us-central1-adaptive-growth.cloudfunctions.net *.contentsquare.net *.contentsquare.com *.dynamicyield.com *.dy-api.com *.forter.com pay.google.com *.cdn4.forter.com *.linksynergy.com *.paypal.com *.cloud.coveo.com *.amazon-adsystem.com cartera-cdn.freetls.fastly.net *.abtasty.com guarantee-cdn.com static-fe.payments-amazon.com apay-up-banner.com ad.as.amanad.adtdp.com ad.caprofitx.adtdp.com ad.yieldlab.net ade.clmbtech.com *.socdm.com adx.dable.io au.ants.vn c.bing.com cm-exchange.toast.com cm.mgid.com r.casalemedia.com contextual.media.net criteo-sync.teads.tv cs.adingo.jp point.widget.rakuten.co.jp *.rakuten.co.jp static.rakuten.com *.yimg.jp *.yahoo.co.jp ads.yahoo.com deckers.candypop.jp cs.gssprt.jp eb2.3lift.com *.sharethrough.com rapid-cdn.yottaa.com pixel.advertising.com pixel.tapad.com *.ac.bcon.ecdns.net *.smartadserver.com secure.adnxs.com simage2.pubmatic.com *.criteo.net *.criteo.com sync.outbrain.com us-u.openx.net duuytoqss3gu4.cloudfront.net *.osano.com x.bidswitch.net visitor.omnitagjs.com d.line-scdn.net *.ads.yieldmo.com tr.line.me *.taboola.com *.ad-stir.com tk.jrs5.com *.adsrvr.org cdn.smartnews-ads.com payments-fe.amazon.com m.media-amazon.com chimpstatic.com static.hotjar.com content.hotjar.com t.cfjump.com chipstatic.com cdn.unidays.world api.myunidays.com *.veinteractive.com *.pixlee.com *.pixlee.co *.pxlecdn.com *.cartfulsolutions.com *.global-e.com assets.bounceexchange.com pixel-config.reddit.com *.powerreviews.com *.truefitcorp.com *.terracycle.com *.squarecdn.com js.squareup.com www.truefit.com *.typekit.net widgets.trustedshops.com *.etrusted.com idsync.rlcdn.com *.zenaps.com cnstrc.com *.strut.fit *.rewardstyle.com *.motionpoint.com s-cs.send.microad.jp tr.snapchat.com tr6.snapchat.com *.smaato.net *.e-planning.net *.zemanta.com *.artlabs.ai *.onetrust.com *.stylitics.com *.g.doubleclick.net *.datadome.co *.captcha-delivery.com *.kampyle.com *.fls.doubleclick.net *.doubleclick.net google.com adservice.google.com *.googleadservices.com adservice.google.com www.googletagmanager.com ampcid.google.com *.googlesyndication.com api.amplitude.com translate.googleapis.com apis.google.com www.google-analytics.com ssl.google-analytics.com maps.googleapis.com www.google.ca www.google.com translate.google.com fonts.googleapis.com api.cognitive.microsofttranslator.com browser.translate.yandex.net jjfblogammkiefalfpafidabbnamoknm bmnlcjabgnpnenekpadlanbbkooimhnj chhjbpecpncaggjpdakmflnfcopglcmi bfkjochdalcdahjnliojhpldoogkbglc pfldcnnaiaiaogmpfdjjpdkpnigplfca ajax.googleapis.com *.gstatic.com s.w.org *.ediemidnightzombies.com www.gravatar.com *.attn.tv events.attentivemobile.com *.afterpay.com www.instagram.com *.analytics.yahoo.com alb.reddit.com www.redditstatic.com *.hotjar.com *.artlabs.ai downloads.mailchimp.com *.au.hoka.com hokacustomercare.zendesk.com hokanzcustomercare.zendesk.com accentgroupsupport.zendesk.com *.wistia.com *.litix.io embedwistia-a.akamaihd.net *.bouncexchange.com api.fillr.com events.bouncex.net www.facebook.com connect.facebook.net *.zdassets.com *.zopim.com widget-mediator.zopim.com *.list-manage.com *.us14.list-manage.com api.us-1.gladly.chat chat-sdk.cdn.gladly.com chat-assets.cdn.gladly.com ws.us-1.gladly.chat *.gladly.com js.verygoodvault.com tnt8r4ypmtr.live.verygoodproxy.com vgs-collect-keeper.apps.verygood.systems cdn.studentbeans.com *.90d.io *.smooch.io www.clarity.ms gladly-production.sinter-collect.com tracead.com www.dwin1.com *.zenaps.com *.adyen.com *.addthis.com *.addthisedge.com *.moatads.com intljs.rmtag.com *.likeshop.me cdn.cookielaw.org www.gstatic.com fonts.gstatic.com sc-static.net bat.bing.com www.bing.com cdn.yottaa.com qoe-1.yottaa.net *.tealiumiq.com analytics.tiktok.com *.sitelabweb.com cdn.quadpay.com csp-reporting.cloudflare.com d38d4ysphgm9dz.cloudfront.net d2lxqodqbpy7c2.cloudfront.net d35u1vg1q28b3w.cloudfront.net d2o5idwacg3gyw.cloudfront.net d6tizftlrpuof.cloudfront.net d38d4ysphgm9dz.cloudfront.net nsg.symantec.com px.owneriq.net tags.w55c.net mc.yandex.ru mc.yandex.com mc.yandex.kz yandex.net api.pinpiaa.com omwbh6dj4a.execute-api.ap-southeast-2.amazonaws.com cmp.osano.com *.usabilla.com *.newgistics.com mpsnare.iesnare.com *.cdnwidget.com *.cdnbasket.net resources.digital-cloud.medallia.eu t.co platform.twitter.com static.ads-twitter.com analytics.twitter.com tag.rmp.rakuten.com point.widget.rakuten.co.jp analytics.tiktok.com cdn.loom.com *.usw2.cordial.com hokaoneone.locally.com *.snapchat.com www.awin1.com hm.baidu.com *.parcellab.com analytics.convertlanguage.com *.verygoodvault.com ugg.review.eprize.com ugg.promo.eprize.com www.paypalobjects.com www.youtube.com *.brightcove.com *.pinterest.com ct.pinterest.com s.pinimg.com *.cheqzone.com i.ytimg.com cdn.jsdelivr.net call.chatra.io services.sheerid.com cdn.honey.io i.honey-images.com cdn.joinhoney.com cdn.ivaws.com *.capitaloneshopping.com *.locally.com s7.addthis.com *.dashhudson.com likeshop.me trial-eum-clientnsv4-s.akamaihd.net tags.tiqcdn.com code.jquery.com maxcdn.bootstrapcdn.com strutagiocdn.blob.core.windows.net frame.hub-box.com *.squarecdn.com js.squareup.com sandbox.frame.hub-box.com analytics.google.com *.analytics.google.com *.google-analytics.com ampcid.google.co.in ampcid.google.co.jp ampcid.google.com.ph ampcid.google.com.pk ampcid.google.cz ampcid.google.dk ampcid.google.ee ampcid.google.es ampcid.google.fr ampcid.google.ge ampcid.google.hu ampcid.google.ht ampcid.google.kz ampcid.google.lt ampcid.google.mn ampcid.google.nl ampcid.google.no ampcid.google.pl ampcid.google.bs ampcid.google.by ampcid.google.ca ampcid.google.cl ampcid.google.co.il ampcid.google.co.kr ampcid.google.co.nz ampcid.google.co.ve ampcid.google.co.za ampcid.google.co.zw ampcid.google.com.au ampcid.google.com.ec ampcid.google.com.jm ampcid.google.com.mx ampcid.google.com.pr ampcid.google.com.sg ampcid.google.com.tr ampcid.google.com.ua ampcid.google.de ampcid.google.gr ampcid.google.ie ampcid.google.it ampcid.google.mv ampcid.google.ru ampcid.google.ro ampcid.google.se ampcid.google.pt ampcid.google.hr ampcid.google.at ampcid.google.az ampcid.google.be ampcid.google.bg ampcid.google.ch ampcid.google.co.id ampcid.google.co.ma ampcid.google.co.th ampcid.google.com.ar ampcid.google.com.br ampcid.google.com.bz ampcid.google.com.co ampcid.google.com.cy ampcid.google.com.do ampcid.google.com.gt ampcid.google.com.hk ampcid.google.com.mt ampcid.google.com.ng ampcid.google.com.ni ampcid.google.com.pe ampcid.google.com.py ampcid.google.com.sa ampcid.google.com.tj ampcid.google.com.tw ampcid.google.com.uy ampcid.google.dm ampcid.google.dz ampcid.google.fi ampcid.google.hn ampcid.google.lu ampcid.google.lv ampcid.google.ps ampcid.google.rs ampcid.google.si ampcid.google.sk ampcid.google.cn ampcid.google.co.id ampcid.google.co.th ampcid.google.co.hk ampcid.google.co.pe ampcid.google.co.tw ampcid.google.co.uy ampcid.google.tn ampcid.google.ae ampcid.google.lk ampcid.google.com.bh ampcid.google.com.vn www.google.al www.google.at www.google.am www.google.az www.google.ba www.google.be www.google.bg www.google.by www.google.ch www.google.fi www.google.ie www.google.ps www.google.tt www.google.co.bz www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.ma www.google.com.au www.google.com.co www.google.com.do www.google.com.gh www.google.com.gt www.google.com.lb www.google.com.mx www.google.com.ng www.google.com.om www.google.com.ph www.google.com.pr www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.tr www.google.com.ua www.google.com.py www.google.co.ke www.google.co.th www.google.lk www.google.tn www.google.bf www.google.co.nz www.google.co.uk www.google.is www.google.im www.google.cz www.google.de www.google.ee www.google.es www.google.fr www.google.ge www.google.gr www.google.hr www.google.ht www.google.hu www.google.ie www.google.it www.google.lt www.google.md www.google.me www.google.mk www.google.mt www.google.no www.google.nl www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.ae www.google.bs www.google.cl www.google.co.cr www.google.co.ve www.google.co.vi www.google.co.za www.google.com.ec www.google.com.hk www.google.com.jm www.google.com.kw www.google.com.pa www.google.com.sg www.google.mv www.google.co.id www.google.com.my www.google.com.pk www.google.com.vn www.google.dk www.google.mn www.google.kz www.google.vg www.google.hn www.google.com.eg www.google.ad www.google.je www.google.co.bw www.google.com.ar www.google.com.bd www.google.com.bo www.google.com.br www.google.com.cy www.google.com.pe www.google.com.sv www.google.com.uy www.google.com.qa www.google.dz www.google.iq www.google.jo www.google.sk www.google.si www.google.nl www.google.lv www.google.lu www.google.lv www.google.kg www.google.dm www.google.co.uz www.google.sr www.google.je www.google.gg www.google.com.qa www.google.mt www.google.com.bn www.google.com.bh www.google.co.uz www.google.cn www.google.tn www.google.mg www.google.com.ai www.google.li www.google.as www.google.dj www.google.com.mt www.google.ga www.google.sn www.google.com.gi www.google.mu www.google.gy; font-src *.teva.com *.teva-eu.com *.demandware.net *.commercecloud.salesforce.com *.truefitcorp.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp use.typekit.net *.osano.com *.klarnacdn.net cdn.gladly.com *.deckers.coremedia.cloud cdn.dynamicyield.com fonts.googleapis.com cdn.loom.com static.rakuten.com *.global-e.com cdn.honey.io likeshop.me script.hotjar.com cdn.joinhoney.com fonts.gstatic.com use.fontawesome.com cdn.ivaws.com *.strut.fit *.deckers.layer0-perma.link data: *.wistia.com static.formstack.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com *.medallia.eu *.kampyle.com; style-src *.teva.com *.teva-eu.com *.deckers.coremedia.cloud *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.demandware.net *.veinteractive.com *.bounceexchange.com cdn.dynamicyield.com *.klarnacdn.net ui.powerreviews.com *.osano.com web-assets.stylitics.com use.fontawesome.com ui.powerreviews.com cdn.honey.io cdn.joinhoney.com js.verygoodvault.com *.global-e.com *.truefitcorp.com *.deckers.layer0-perma.link www.truefit.com cdn.90d.io chat-sdk.cdn.gladly.com cdn.gladly.com *.typekit.net www.karmanow.com *.parcellab.com *.formstack.com translate.googleapis.com d3nocrch4qti4v.cloudfront.net d6tizftlrpuof.cloudfront.net cdn.ivaws.com www.paypalobjects.com *.pxlcdn.com fonts.googleapis.com *.adyen.com *.medallia.eu *.kampyle.com downloads.mailchimp.com data: 'unsafe-inline'; form-action *.teva.com *.teva-eu.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.eu payments.amazon.co.jp www.amazon.co.jp *.demandware.net *.snapchat.com www.facebook.com *.adyen.com email.teva.com email.ugg.com email.hoka.com email.sanuk.com email.koolaburra.com *.securev2.global-e.com *.secure5.arcot.com *.securesuite.co.uk *.3ds.borica.bg *.acs1.icicibank.com *.sps-system.com centinelapi.cardinalcommerce.com accentgroup.formstack.com; media-src *.teva.com *.teva-eu.com blob: dms.deckers.com res.cloudinary.com *.demandware.net *.commercecloud.salesforce.com cdn8.forter.com google.com *.90d.io static.zdassets.com chat-sdk.cdn.gladly.com chat-assets.cdn.gladly.com cdn.gladly.com; worker-src *.teva.com *.teva-eu.com blob: *.osano.com; child-src *.teva.com *.teva-eu.com *.demandware.net *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.commercecloud.salesforce.com *.snapchat.com guarantee-cdn.com v3.rest-ar.com *.osano.com *.doubleclick.net vars.hotjar.com www.awin1.com *.afterpay.com px.owneriq.net pal-test.adyen.com *.americanexpress.com *.facebook.com *.pixlee.co *.zenaps.com chat-sdk.cdn.gladly.com *.bounceexchange.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com www.paypal.com ln-rules.rewardstyle.com nsg.symantec.com *.pinterest.com track.usw2.cordial.com *.klarna.com *.global-e.com wkxppshj-qx.global.ssl.fastly.net checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com pci-connect.squareup.com www.sandbox.paypal.com *.ediemidnightzombies.com *.datadome.co *.captcha-delivery.com *.studentbeans.com *.myunidays.com point.widget.rakuten.co.jp *.bglobale.com www.google.com *.amazon-adsystem.com *.truefitcorp.com *.locally.com *.strut.fit www.pubxtags.com tracead.com photos.pixlee.com *.splashthat.eu hosted.where2getit.com sketchfab.com *.criteo.com *.criteo.net www.youtube.com *.verygoodvault.com pay.google.com www.terracycle.com cdn-checkout.joinhoney.com sandbox.frame.hub-box.com frame.hub-box.com pci-connect.squareup.com ugg.promo.eprize.com ugg.review.eprize.com d.emails.teva.com cdn.attn.tv creatives.attn.tv *.artlabs.ai app.collectivevoice.com *.medallia.eu *.kampyle.com; report-uri https://www.teva.com/_/csp-reports 1
frame-ancestors 'self' http://dezshira.in/ https://www.china-briefing.com https://www.india-briefing.com https://www.vietnam-briefing.com https://www.aseanbriefing.com https://www.russia-briefing.com/ https://www.silkroadbriefing.com/ 1
style-src 'self' 'unsafe-inline' *.vitamix.com cloud.typography.com *.bazaarvoice.com *.ssa.gov https://optimize.google.com *.cj.com vitamixmgmtcorp.us-5.evergage.com; frame-ancestors 'self' 1
img-src 'self' *.adsymptotic.com *.atdmt.com *.cloudinary.com *.facebook.com *.google.ca/ads/ga-audiences *.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.gstatic.com *.googleadservices.com *.liadm.com *.linkedin.com *.sonder.com data: maps.googleapis.com maps.gstatic.com *.adyen.com *.adyenpayments.com https://bat.bing.com *.paypal.com *.paypalobjects.com https://s.pinimg.com https://ct.pinterest.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; connect-src 'self' *.cookielaw.org *.doubleclick.net *.greenhouse.io *.liadm.com *.segment.com *.segment.io *.sndr.to *.sonder.com *.sonder.test https://*.sonder-preview.com https://*.browser-intake-datadoghq.com https://*.logs.datadoghq.com https://privacyportal.onetrust.com/request/v1/consentreceipts https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net *.googleadservices.com https://google.com/pay https://www.facebook.com/tr/ https://cdn.linkedin.oribi.io/partner/1571068/domain/sonder.com/token maps.googleapis.com *.adyen.com *.adyenpayments.com *.sentry.io *.paypal.com *.paypalobjects.com https://s.pinimg.com https://ct.pinterest.com *.grafana.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat ; script-src 'self' 'unsafe-inline' assets.sonder.com *.google-analytics.com *.greenhouse.io *.liadm.com *.paypal.com *.paypalobjects.com https://cdn.cookielaw.org https://cdn.segment.com https://connect.facebook.net https://geolocation.onetrust.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com/gtm/js https://*.g.doubleclick.net https://*.doubleclick.net *.googleadservices.com https://js.adsrvr.org https://maps.googleapis.com https://snap.licdn.com https://static.cloudflareinsights.com https://www.datadoghq-browser-agent.com https://www.googleadservices.com https://*.googletagmanager.com https://www.google.com/recaptcha/enterprise.js https://*.google.com *.gstatic.com js.stripe.com *.adyen.com *.adyenpayments.com https://bat.bing.com https://s.pinimg.com/ct/core.js https://s.pinimg.com https://ct.pinterest.com https://unpkg.com ; worker-src blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.newyorker.de *.blob.core.windows.net www.googletagmanager.com www.google-analytics.com *.googleapis.com; style-src 'self' 'unsafe-inline' blob: *.newyorker.de fonts.googleapis.com hello.myfonts.net use.typekit.net; font-src 'self' data: *.newyorker.de fonts.gstatic.com; connect-src 'self' *.newyorker.de www.google-analytics.com region1.google-analytics.com region1.analytics.google.com *.googleapis.com *.doubleclick.net; 1
frame-ancestors 'self' www.targoversicherung.de; 1
frame-ancestors 'self' https://live.thomassabo.com 1
base-uri 'self';default-src 'self';object-src 'self';frame-ancestors 'self';style-src 'self' 'unsafe-inline' https://*.google.com http://*.googleapis.com https://*.googleapis.com;font-src 'self' data:;img-src 'self' data: blob: https:;script-src 'self' https://*.mollie.com https://*.adyen.com https://*.bing.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://icu.jobseeker.com https://*.tapfiliate.com https://*.cookiebot.com https://appleid.cdn-apple.com https://*.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://*.clarity.ms 'nonce-d-bc08ae16-e3ab-49d7-adb4-b00699e70fb4' 'nonce-g-e136c0f1-5f06-456b-a594-4fbe33da803a' 'nonce-b-b226592c-773d-4a94-988b-8f01da2cc753' 'nonce-s-e9764e05-a68b-4284-be2b-fc990597a360';child-src 'self' data: https:;frame-src 'self' data: https:;connect-src 'self' https://*.mollie.com https://*.adyen.com https://*.bing.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://icu.jobseeker.com https://*.tapfiliate.com https://*.cookiebot.com https://appleid.cdn-apple.com https://*.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://*.clarity.ms https://*.google-analytics.com https://*.doubleclick.net https://frstre.com https://*.linkedin.oribi.io; 1
default-src 'self' ; script-src 'self' https://www.googletagmanager.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com 'sha256-xu9Iq5nB3QL00atr1Rq5QHgoWT+CMeSIRxYEQoXF6oc=' 'sha256-Q8ZuYJje7UlpSaSOgMMOAFtU5xSGLKxrnAbf0enZIec=' 'sha256-GZUL2cHNZEB372HDaunFlkmWRlmPjUCVh363Q/Hwkss=' 'sha256-DfG8D9nfn3FARaznOfvCwohx09pdQRZP/yU2N4GrPOM=' 'sha256-wWMpNbh9bP4s3KdaWGtZyNRc6Un5wj4cbA3BIhid/a8=' 'nonce-pbscript'; img-src 'self' data: https://ssl.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com; style-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src-elem 'self' https://fonts.googleapis.com 'sha256-/VVOq+Ws/EiUxf2CU6tsqsHdOWqBgHSgwBPqCTjYD3U=' 'sha256-zZp8BI/LRCsExnI71KZA79vRfTQ/33qQr5GcSWAOwto=' 'sha256-QzbuspFx3XWfDfPzTlfR0J2UlRJ1iYhfJ1wQgds/IA0=' 'sha256-j69g0Z+HAbHBMIzQNFis9uADYR6LPo2LYlSo6DI4wy0=' 'sha256-g1+M02rsvlWQa9CjaRfEaZvT//NG7UhCKe8br+KXuF8=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-vi0IHEWWjH+X+5ImyV6kj/fBMFzSTz4uPlUjRhRTuDQ=' 'sha256-cwZgAPm2CTAW2GLDlL0o2J5isI4Gr0wno+xO/MvtT3s=' 'sha256-mmA4m52ZWPKWAzDvKQbF7Qhx9VHCZ2pcEdC0f9Xn/Po=' 'sha256-cH1+lg4dJr7FMyPRntBLER2hcaREO8zDwh5wmjRu4EQ=' 'sha256-UQBytKn0DQWyDg5/YC+FaQxonSsbQk4k0ErDHqBuhfw=' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-hx0up+5msNNPOIf047hgFKR59NaAvp5txflkdef6WVE=' 'nonce-pbstyle'; frame-src 'self' https://www.google.com https://www.youtube.com https://maegis.pbb.safe/; object-src 'self'; base-uri 'self'; 1
frame-ancestors 'self' https://polkadot-website-staging.netlify.app/ https://polkadot-website.netlify.app/ https://polkadot.ghost.io/ https://cms.polkadot.network/ https://polkadot.network/ 1
default-src 'self' https://pretix.eu https://static.pretix.space; script-src 'self' 'sha256-+tmFggeXIPOAC2UgcQ3LW/gPHTkwyWg3/D6FOJ5BHGo=' 'unsafe-eval' https://matomo.rami.io https://pretix.eu https://static.pretix.space https://support.rami.io; object-src 'none'; frame-src 'self' https://matomo.rami.io https://pretix.eu https://static.pretix.space https://support.rami.io https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' data: https://cdn.pretix.space https://pretix.eu https://static.pretix.space https://support.rami.io; connect-src 'self' https://cdn.pretix.space https://matomo.rami.io https://pretix.eu https://static.pretix.space https://support.rami.io ws://support.rami.io; img-src 'self' data: https://cdn.pretix.space https://matomo.rami.io https://pretix.eu https://static.pretix.space https://support.rami.io; font-src 'self' https://pretix.eu https://static.pretix.space; media-src 'self' data: https://cdn.pretix.space https://pretix.eu https://static.pretix.space; form-action 'self' https: https://pretix.eu 1
default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.walkme.com https://analytics.tiktok.com https://connect.facebook.net https://extend.vimeocdn.com/ga/41833415.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10892526870/ https://js.adsrvr.org/up_loader.1.1.0.js https://maps.googleapis.com https://up.pixel.ad/assets/up.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com https://www.google.com/recaptcha/api.js https://www.gstatic.com; style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://*.walkme.com; img-src 'self' blob: data: https://maps.googleapis.com https://pixel.sitescout.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://maps.gstatic.com; connect-src 'self' https://analytics.tiktok.com https://maps.googleapis.com https://www.google-analytics.com https://*.walkme.com htttps://localhost:5001 https://localhost:44314 https://localhost:54518; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; media-src 'self'; frame-src 'self' https://insight.adsrvr.org https://pixel.sitescout.com https://player.vimeo.com https://td.doubleclick.net https://video.ball.com https://www.youtube.com https://*.walkme.com https://pixel-sync.sitescout.com https://www.google.com; frame-ancestors 'self' https://ball-com-2021-cms.bluemod.me/ https://vision-dev-cms.ball.com https://vision-test-cms.ball.com https://vision-cms.ball.com; worker-src 'none'; manifest-src 'self' 1
connect-src 'self' *.frbservices.org https://analytics.google.com *.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com *.analytics.google.com https://stats.g.doubleclick.net *.fedsearch.org:*; img-src 'self' *.frbservices.org *.eloqua.com *.frbservices.org https://px.ads.linkedin.com https://www.google.com https://www.linkedin.com https://p.adsymptotic.com https://googleads.g.doubleclick.net *.google-analytics.com https://ssl.google-analytics.com *.analytics.google.com https://optimize.google.com https://www.googletagmanager.com; script-src 'self' *.frbservices.org 'unsafe-inline' *.google-analytics.com https://snap.licdn.com https://www.google.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googleanalytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.googleoptimize.com https://optimize.google.com *.frbservices.org; style-src 'self' *.frbservices.org https://fonts.googleapis.com 'unsafe-inline' https://www.googletagmanager.com https://optimize.google.com https://ssl.google-analytics.com *.google-analytics.com; object-src 'self' *.frbservices.org; font-src 'self' https://fonts.gstatic.com; frame-src 'self' *.youtube.com information.frbcommunications.org https://tpc.googlesyndication.com https://optimize.google.com; 1
default-src https:; script-src https: data: 'unsafe-eval' 'unsafe-inline' 'wasm-unsafe-eval' https://cdn.jsdelivr.net/npm/; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; frame-ancestors 'self' https://www.hermespaketshop.de https://paketshop.myhermes.de; worker-src blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adoberesources.net *.apolloplatform.com *.brightcove.com *.brightcove.net *.clarity.ms *.decibelinsight.com *.decibelinsight.net *.doubleclick.net *.franklintempleton.com *.ftsites.com *.fti-cloud.com *.kampyle.com *.marketo.com *.marketo.net *.mktoutil.com *.qualtrics.com *.twimg.com *.yimg.com amplify.outbrain.com apps.mypurecloud.com assets.adoberesources.net bat.bing.com browser-update.org cdn.cookielaw.org cdn.decibelinsight.net classify.gofurther.com connect.facebook.net documentcloud.adobe.com platform.twitter.com resources.digital-cloud-west.medallia.com schema.apolloplatform.com script.mfilterit.net siteimproveanalytics.com snap.licdn.com ssl.google-analytics.com static.ads-twitter.com static.cloudflareinsights.com tr.outbrain.com up.pixel.ad vjs.zencdn.net wss://*.decibelinsight.com wss://*.decibelinsight.net *.taboola.com www.google-analytics.com www.googletagmanager.com zn9nsigbnk054lp8n-frk.siteintercept.qualtrics.com ;  connect-src 'self' *.adobe.io *.akamaihd.net *.apolloplatform.com *.clarity.ms *.analytics.google.com *.boltdns.net *.brightcove.com *.brightcove.net *.browser-intake-datadoghq.com *.decibelinsight.com *.decibelinsight.net *.doubleclick.net *.franklintempleton.com *.frk.com *.ftsites.com *.fti-cloud.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.kampyle.com *.launchdarkly.com *.marketo.com *.mktoresp.com *.mktoutil.com *.onetrust.com *.onetrust.io *.qualtrics.com *.cloudhub.io *.widen.net *.widencdn.net 848-iap-939.mktoresp.com adservice.google.com bat.bing.com cdn.cookielaw.org cdn.linkedin.oribi.io classify.gofurther.com dc.services.visualstudio.com fti.wsodqa.com hummingbirdwebsocket-va7.cloud.adobe.io pdswebapi.fti-cloud.com px.ads.linkedin.com resources.digital-cloud-west.medallia.com s.yimg.com siteimproveanalytics.com wss://*.decibelinsight.com wss://*.decibelinsight.net *.taboola.com www.facebook.com www.fti.wallst.com wss://*.adobe.io ;  img-src 'self' data: *.adsymptotic.com *.akamaihd.net *.analytics.google.com *.boltdns.net *.brightcove.com *.cookielaw.org *.doubleclick.net *.facebook.com *.fti-cloud.com *.franklintempleton.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kampyle.com *.linkedin.com *.qualtrics.com *.siteimproveanalytics.io *.stocksnap.io *.twimg.com *.widen.net *.widencdn.net analytics.twitter.com bat.bing.com browser-update.org c.bing.com c.clarity.ms classify.gofurther.com d21y75miwcfqoq.cloudfront.net di.rlcdn.com fa.aidemsrv.com fml-x.com franklintempletonprod.widen.net pixel.sitescout.com platform.twitter.com px.ads.linkedin.com r.turn.com resources.digital-cloud-west.medallia.com rtp-static.marketo.com sp.analytics.yahoo.com syndication.twitter.com t.co tr.outbrain.com tk-static.fml-x.com www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cn www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.bn www.google.com.br www.google.com.cy www.google.com.hk www.google.com.im www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ph www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hu www.google.ie www.google.it www.google.jo www.google.li www.google.lt www.google.lu www.google.lv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.ru www.google.si www.google.sk assets.adoberesources.net lh3.googleusercontent.com ;  font-src 'self' data: *.ftsites.com fonts.googleapis.com fonts.gstatic.com templeton.com *.franklintempleton.com *.franklintempleton.lu *.typekit.net ;  style-src 'self' 'unsafe-inline' *.franklintempleton.com *.ftsites.com *.googletagmanager.com *.kampyle.com *.marketo.com fonts.googleapis.com fonts.gstatic.com platform.twitter.com *.typekit.net ;  worker-src blob: *.decibel.net ; 1
frame-ancestors 'self' *.pangle.io *.pangle-b.io 1
frame-ancestors 'self' https://www.mariages.net https://communaute.mariages.net https://landing.mariages.net 1
object-src 'none'; frame-ancestors 'none'; report-uri https://dekudeals.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1
frame-ancestors 'self' *.uhg.com *.optum.com *.uhc.com *.pagescdn.com *.yextpages.net *.ahni.com; 1
default-src 'self' ; script-src 'self' *.google.com https://js.live.net *.tinymce.com cdnjs.cloudflare.com *.skoletube.dk *.bornetube.dk *.vivi.dk *.aula.dk; style-src 'self' 'unsafe-inline' *.tinymce.com unpkg.com fonts.googleapis.com; img-src * data: blob: ; font-src 'self' data: *.tinymce.com unpkg.com fonts.gstatic.com; connect-src * data: blob:; media-src 'self' blob: *.aula.dk; object-src 'none' ; frame-src *.google.com *.youtube.com *.skoletube.dk *.bornetube.dk *.emu.dk *.vivi.dk https://www2.infoba.dk/api/Aula/IFrame/7000 https://www2.infoba.dk/api/Aula/IFrame/441 https://www2.infoba.dk/api/Aula/IFrame/3 https://skoleportal.easyiqcloud.dk/UgeplanWidget https://absencewidget.aula.nemborn.com/; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://cdn.mouseflow.com https://static.cloudflareinsights.com https://assets.adobedtm.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://tag.demandbase.com https://googleads.g.doubleclick.net https://connect.facebook.net https://snap.licdn.com https://pi.pardot.com https://static.ads-twitter.com https://go.elsevier.com https://script.leadboxer.com https://activitymap.adobe.com https://www.googleadservices.com https://digitalfeedback.us.confirmit.com https://www.surveygizmo.eu; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://secure-ecsd.elsevier.com images.ctfassets.net https://smetrics.elsevier.com metrics.elsevier.com https://cm.everesttech.net https://cdn.cookielaw.org https://cdn.nonprod.3d4medical.com https://cdn.3d4medical.com *.google-analytics.com https://dpm.demdex.net https://px.ads.linkedin.com https://www.linkedin.com https://www.google.com https://www.google.co.uk https://www.google.nl https://t.co https://analytics.twitter.com https://id.rlcdn.com https://www.facebook.com https://googleads.g.doubleclick.net https://bam.nr-data.net https://osmose-it.s3.amazonaws.com https://survey.us.confirmit.com; font-src 'self'; connect-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://dpm.demdex.net elsevierlimited.tt.omtrdc.net https://smetrics.elsevier.com https://bam.nr-data.net *.notify.elsevier.com *.google-analytics.com https://account.elsevier.com https://account.staging.ecommerce.elsevier.com https://cdn.linkedin.oribi.io https://www.facebook.com https://api.company-target.com localhost:* *.snplow.net https://tag-logger.demandbase.com https://kibana.leadboxer.com https://pagead2.googlesyndication.com https://digitalfeedback.us.confirmit.com https://adservice.google.com https://px.ads.linkedin.com https://o2.mouseflow.com https://widgixeu-beacon.s3.amazonaws.com https://business.api.elsevier.com https://gtm-dotcom.staging.webpresence.elsevier.com https://dotcom.tags.elsevier.com; media-src 'self' videos.ctfassets.net assets.ctfassets.net; object-src 'none'; frame-ancestors 'self' https://app.contentful.com https://3d4medical.com https://completeanatomy.cn; frame-src 'self' https://elsevierlimited.tt.omtrdc.net https://campaigns.elsevier.com https://www.googletagmanager.com https://elsevier.demdex.net https://www.facebook.com https://s.company-target.com https://activitymap.adobe.com https://td.doubleclick.net https://survey.alchemer.eu; base-uri 'self'; form-action 'self'; 1
default-src 'self' https://*.zdassets.com 'unsafe-inline' 'unsafe-eval'; object-src 'self'; frame-src 'self' *.doubleclick.net *.onemap.sg *.onemap.gov.sg www.youtube.com www.flickr.com *.ttwstatic.com *.tiktok.com; img-src 'self' data: https://*.cloudfront.net https://*.doubleclick.net https://www.facebook.com https://*.contentsquare.net https://*.hdb.gov.sg https://www.google-analytics.com https://*.staticflickr.com https://*.analytics.yahoo.com https://i.ytimg.com https://*.google.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.vica.gov.sg https://*.ttwstatic.com https://*.wogaa.sg https://www.google.com; font-src 'self' 'unsafe-inline' https://*.gstatic.com; script-src 'self' https://www.googletagmanager.com https://*.dcube.cloud https://*.contentsquare.net https://*.tiktok.com https://*.facebook.net https://*.hdb.gov.sg https://www.google-analytics.com https://*.vica.gov.sg https://*.flickr.com https://*.adobedtm.com https://*.wogaa.sg https://*.amazonaws.com https://*.yimg.com https://*.ttwstatic.com https://*.google.com https://*.zdassets.com https://*.cobrowse.io https://*.zopim.com 'unsafe-eval' 'unsafe-inline' 'wasm-unsafe-eval' 'inline-speculation-rules'; worker-src 'self' https://www.googletagmanager.com https://*.dcube.cloud https://*.contentsquare.net https://*.tiktok.com https://*.facebook.net https://*.hdb.gov.sg https://www.google-analytics.com https://*.vica.gov.sg blob:; connect-src 'self' *.tiktok.com *.hdb.gov.sg *.contentsquare.net *.vica.gov.sg www.google-analytics.com *.yimg.com *.flickr.com *.sc.omtrdc.net *.demdex.net *.doubleclick.net *.wogaa.sg *.zdassets.com *.cobrowse.io wss://*.cobrowse.io wss://chat.vica.gov.sg *.zendesk.com wss://*.zopim.com blob:; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self'; img-src * data:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src * 'unsafe-inline'; connect-src * https://consentcdn.cookiebot.com; font-src *; frame-src * https://consentcdn.cookiebot.com 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr * 'unsafe-inline'; style-src * 'self' data: 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr * 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self'; object-src * 'self'; frame-src * 'self' 1
default-src * 'unsafe-inline' 'unsafe-eval' data: *.crazyegg.com blob:; script-src * 'unsafe-inline' 'unsafe-eval' data: *.crazyegg.com; connect-src * 'unsafe-inline' 'unsafe-eval' data: *.crazyegg.com; img-src * 'unsafe-inline' 'unsafe-eval' data: blob: *.crazyegg.com; frame-ancestors 'self' https://a.cms.omniupdate.com; font-src * 'unsafe-inline' 'unsafe-eval' data: *.crazyegg.com; 1
frame-ancestors 'self' online.greatergiving.com supporter.greatergiving.com; 1
upgrade-insecure-requests;default-src 'unsafe-inline' 'unsafe-eval' data: https:;script-src 'unsafe-inline' 'unsafe-eval' data: https:;style-src 'unsafe-inline' data: https:;object-src https:; child-src data: https:; img-src data: https:;font-src data: https:; connect-src https: wss:;form-action https:; media-src data: https:; report-uri https://jungefreiheit.de/report.html; 1
frame-ancestors 'self' https://clms.toyo.ac.jp https://clms.dev.toyo.ac.jp; 1
default-src 'self' https: https://bmidxbgroupcprod.netlify.app https://*.cookielaw.org; script-src 'self' https://bmidxbgroupcprod.netlify.app https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com https://*.googletagmanager.com https://googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://www.google-analytics.com https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.hotjar.com https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.hsleadflows.net https://js.hscta.net https://js-eu1.hscta.net https://js.hs-scripts.com https://js-eu1.hs-scripts.com https://*.hs-banner.com https://js-eu1.hs-banner.com https://*.hscollectedforms.net https://js-eu1.hscollectedforms.net https://js.hs-analytics.net https://js-eu1.hs-analytics.net https://*.hsadspixel.net https://vc.hotjar.io https://*.usemessages.com https://static.hsappstatic.net https://*.hubspotfeedback.com https://feedback.hubapi.com https://feedback-eu1.hubapi.com https://*.leadoo.com https://snap.licdn.com https://px.ads.linkedin.com https://*.mopinion.com https://*.mouseflow.com https://*.cookielaw.org https://*.outbrain.com https://cdn.speedcurve.com https://js.adsrvr.org https://*.ads-twitter.com https://www.youtube.com; style-src 'self' https://bmidxbgroupcprod.netlify.app 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com https://*.leadoo.com https://*.mopinion.com https://*.cookielaw.org; img-src 'self' https://bmidxbgroupcprod.netlify.app https://pim-cdn.bmigroup.com https://bmipimngprodtfe.azureedge.net https://store.bmigroup.com https://images.ctfassets.net https://*.dcbstatic.com/ https://*.facebook.com https://servedby.flashtalking.com/ https://*.g.doubleclick.net https://*.google.com https://google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.ae https://*.google.al https://*.google.at https://*.google.ba https://*.google.be https://*.google.bg https://*.google.ch https://*.google.cn https://*.google.cz https://*.google.de https://*.google.dk https://*.google.ee https://*.google.es https://*.google.fi https://*.google.fr https://*.google.hr https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.in https://*.google.it https://*.google.lt https://*.google.lv https://*.google.nl https://*.google.no https://*.google.pl https://*.google.pt https://*.google.ro https://*.google.se https://*.google.si https://*.google.sk https://*.google.co.uk https://*.google.rs https://*.google.co.za https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com blob: data: https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://*.hotjar.com https://f.hubspotusercontent00.net https://*.fs1.hubspotusercontent-na1.net https://*.hubspot.com https://*.hsforms.com https://js.hscta.net https://js-eu1.hscta.net https://*.hsforms.net https://static.hsappstatic.net https://*.leadoo.com https://*.linkedin.com https://p.adsymptotic.com https://*.mopinion.com https://*.mouseflow.com https://*.cookielaw.org https://*.outbrain.com https://lux.speedcurve.com https://analytics.twitter.com https://t.co/i/adsct https://i.ytimg.com; media-src 'self' https://bmidxbgroupcprod.netlify.app https://pim-cdn.bmigroup.com https://bmipimngprodtfe.azureedge.net https://store.bmigroup.com https://assets.ctfassets.net https://downloads.ctfassets.net https://videos.assets.ctfassets.net https://*.leadoo.com https://*.cookielaw.org; connect-src 'self' https://bmidxbgroupcprod.netlify.app https://70f5cb29c2da49c79f1197aef4897fdc.europe-west3.gcp.cloud.es.io:* https://europe-west3-bmi-p-dxb-compute-eu-west.cloudfunctions.net https://pim-cdn.bmigroup.com https://bmipimngprodtfe.azureedge.net https://store.bmigroup.com https://assets.ctfassets.net https://*.googleapis.com https://access.intouch.bmigroup.com https://cdnjs.cloudflare.com https://www.facebook.com/tr/ https://www.googleadservices.com https://pagead2.googlesyndication.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.ae https://*.google.al https://*.google.at https://*.google.ba https://*.google.be https://*.google.bg https://*.google.ch https://*.google.cn https://*.google.cz https://*.google.de https://*.google.dk https://*.google.ee https://*.google.es https://*.google.fi https://*.google.fr https://*.google.hr https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.in https://*.google.it https://*.google.lt https://*.google.lv https://*.google.nl https://*.google.no https://*.google.pl https://*.google.pt https://*.google.ro https://*.google.se https://*.google.si https://*.google.sk https://*.google.co.uk https://*.google.rs https://*.google.co.za data: blob: *.google.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.hubapi.com https://*.hs-banner.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.com https://*.hubspot.com https://*.hscollectedforms.net https://js.hscta.net https://js-eu1.hscta.net https://*.leadoo.com https://px.ads.linkedin.com https://*.mopinion.com https://*.mouseflow.com https://noembed.com https://*.cookielaw.org https://*.onetrust.com https://tr.outbrain.com https://amplify.outbrain.com https://lux.speedcurve.com; frame-src 'self' https://bmidxbgroupcprod.netlify.app https://images.ctfassets.net https://access.intouch.bmigroup.com https://*.bimobject.com https://*.facebook.com https://*.facebook.net https://www.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://*.fls.doubleclick.net *.google.com https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.hotjar.com https://*.hsforms.com https://*.hsforms.net https://app.hubspot.com *.hubspot.com *.hs-sites.com *.hs-sites-eu1.com https://*.leadoo.com https://*.linkedin.com https://*.mopinion.com https://*.mouseflow.com https://*.cookielaw.org https://s.pointerpro.com https://*.surveyanyplace.com https://sketchfab.com/models/ https://my.walls.io https://www.youtube.com; font-src 'self' https://bmidxbgroupcprod.netlify.app https: data: https://fonts.gstatic.com https://*.hotjar.com https://res.leadoo.com https://*.mopinion.com https://*.mouseflow.com; child-src 'self' https://bmidxbgroupcprod.netlify.app https://*.hsforms.com https://*.mouseflow.com; worker-src 'self' https://bmidxbgroupcprod.netlify.app blob:; frame-ancestors 'none'; object-src 'self' https://bmidxbgroupcprod.netlify.app; manifest-src 'self' https://bmidxbgroupcprod.netlify.app; form-action 'self' https://bmidxbgroupcprod.netlify.app https://europe-west3-bmi-p-dxb-compute-eu-west.cloudfunctions.net https://*.hsforms.com 1
default-src * 'self' blob: data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; frame-src * 'self'; frame-ancestors 'self' https://*.emaratalyoum.com  https://*.ey.ae https://stories.nws.ai 1
child-src blob:; connect-src * https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com; font-src 'self' data: https://fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' https://*.fls.doubleclick.net https://fledge.eu.criteo.com https://gum.criteo.com https://www.paypalobjects.com https://td.doubleclick.net https://www.google.com https://www.youtube.com https://www.paypal.com; img-src * self blob: data:; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://www.googleanalytics.com https://www.paypal.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' assets.emarsys.net bat.bing.com c.searchhub.io cdn.exactag.com cdn.scarabresearch.com connect.ekomi.de exctg.roller.de https://*.outbrain.com https://apis.google.com https://googleads.g.doubleclick.net https://www.google.com https://www.googlecommerce.com https://www.googletagmanager.com https://www.paypalobjects.com sslwidget.criteo.com static.criteo.net static.scarabresearch.com m.exactag.com sst.roller.de tm.roller.de https://www.paypal.com https://www.youtube.com https://www.moebel.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com; worker-src * blob:; 1
child-src https://*.fls.doubleclick.net https://bid.g.doubleclick.net form.gov.sg; connect-src *.cwp-stg.sg https://analytics.google.com https://s3-ap-southeast-1.amazonaws.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg blob: https://www.google-analytics.com *.onemap.sg/ https://www.onemap.gov.sg *.dcube.cloud *.wogaa.sg *.demdex.net s.yimg.com *.evergage.com https://dataplane.rum.ap-southeast-1.amazonaws.com https://cognito-identity.ap-southeast-1.amazonaws.com https://sts.ap-southeast-1.amazonaws.com *.mycareersfuture.gov.sg *.app.gov.sg; default-src 'self' *.mycareersfuture.gov.sg *.app.gov.sg *.dcube.cloud *.wogaa.sg wogadobeanalytics.sc.omtrdc.net assets.adobedtm.com *.demdex.net cm.everesttech.net; font-src https://cdnjs.cloudflare.com https://fonts.gstatic.com data: *.dcube.cloud *.wogaa.sg *.mycareersfuture.gov.sg *.app.gov.sg; img-src data: blob: 'self' https://www.google.com https://www.google-analytics.com adservice.google.com https://s3-ap-southeast-1.amazonaws.com https://px.ads.linkedin.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg https://www.facebook.com *.cwp-stg.sg *.onemap.sg/ https://www.onemap.gov.sg https://cdnjs.cloudflare.com *.mycareersfuture.gov.sg https://pixel.quantserve.com wogadobeanalytics.sc.omtrdc.net cm.everesttech.net *.demdex.net https://sg-gmtdmp.mookie1.com https://secure.adnxs.com https://ad.doubleclick.net https://www.talent.com/tracker/img-pixel.php sp.analytics.yahoo.com https://ssl.gstatic.com https://www.gstatic.com; report-uri /csp-report; script-src 'self' blob: https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net s.yimg.com sp.analytics.yahoo.com https://www.google.com www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://p.adsymptotic.com https://rules.quantcount.com https://secure.quantserve.com www.googletagmanager.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg *.dcube.cloud *.wogaa.sg assets.adobedtm.com https://cdn-akamai.mookie1.com https://tags.tiqcdn.com https://cdn.evgnet.com/ https://cdn.evergage.com/ https://tagmanager.google.com https://www.googletagmanager.com https://bat.bing.com s.yimg.com sp.analytics.yahoo.com *.yimg.com *.mycareersfuture.gov.sg *.app.gov.sg; style-src 'self' https://cdnjs.cloudflare.com fonts.googleapis.com unpkg.com *.dcube.cloud *.wogaa.sg https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' *.mycareersfuture.gov.sg *.app.gov.sg; frame-ancestors 'none' 1
default-src 'none'; script-src 'self' 'sha256-LhgjEUDTB5uVcQPxB7ClpuZyNmHM6EsxG6GFSRQyGrM='; img-src 'self' https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://*.qbrick.com:443 https://*.dna.ip-only.net https://bilder.hemnet.se:443 https://mb.cision.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google.se https://9848475f-428b-4380-8d26-dfe74eb251f7.at.rivsec.eu; media-src 'self' https://*.qbrick.com:443 https://*.dna.ip-only.net; connect-src 'self' https://*.demdex.net https://cm.everesttech.net https://feed.jobylon.com https://publish.ne.cision.com https://handelsbanken-marknadsinformation.se https://assets.adobedtm.com https://*.handelsbanken.se https://*.handelsbanken.no https://*.handelsbanken.nl https://*.handelsbanken.com https://*.handelsbanken.co.uk https://*.qbrick.com:443 synpunkter-1788b.firebaseio.com; style-src 'self' 'unsafe-inline'; frame-src https://assets.adobedtm.com https://handelsbanken-marknadsinformation.se *.demdex.net *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de r1.surveysandforms.com handelsbanken.fondlista.se secure.msse.se www.efn.se clients.maptoweb.dk borsrum.episerverhosting.com shbfxcalc.millistream.com www.anpdm.com services.cicero.no nettbank.edb.com cphspk01.shbmain.shb.biz irs.tools.investis.com otp.tools.investis.com vp292.alertir.com forms.apsisforms.com video.qbrick.com dreambroker.com handelsbanken.dreambroker.com web.efn.se news.alertir.com giosg-handelsbanken.giosg.com vp306.alertir.com client3.mailmailmail.net handelsbanken.newsroom.cision.com handelsbanken-en.newsroom.cision.com mb.cision.com app.marketingplatform.com go.beanstream.com; frame-ancestors 'self' *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de; font-src 'self' 1
frame-ancestors 'self' folder.aldi.nl experience.adobe.com aldinord.experiencecloud.adobe.com; default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 1
default-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' 'self' https://stats.ledl.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.trustedshops.com www.google-analytics.com; style-src https: 'unsafe-inline' 'self' *.trustedshops.com www.google-analytics.com; img-src https: 'self' https://stats.ledl.net http://homepage-kosten.de http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.trustedshops.com www.google-analytics.com data:; font-src 'self' *.trustedshops.com https://manage.alldomains.hosting http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io data:; frame-ancestors 'self' https://stats.ledl.net; frame-src 'self' https://stats.ledl.net www.youtube-nocookie.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' *.alldomains.hosting; connect-src 'self' https://stats.ledl.net *.trustedshops.com www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src-elem 'self' 'unsafe-inline'; child-src 'none'; prefetch-src 'none'; worker-src 'self' blob:; 1
frame-ancestors 'self' https://adobemc.com https://centerparcs.experiencecloud.adobe.com https://experience.adobe.com 1
default-src https:; script-src https: svrdntfctn.com *.svrdntfctn.com *.icomera.com icomera.com *.wpengine.com wpengine.com *.google-analytics.com *.googleapis.com *.chimpstatic.com 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src 'self' data: *.icomera.com icomera.com *.wpengine.com wpengine.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com *.ggpht; img-src 'self' data: *.vimeocdn.com *.icomera.com icomera.com *.wpengine.com wpengine.com *.w.org *.google-analytics.com *.mailchimp.com *.gstatic.com *.googleapis.com *.ggpht secure.gravatar.com stats.g.doubleclick.net; connect-src 'self' data: svrdntfctn.com *.svrdntfctn.com *.yoast.com yoast.com *.wpengine.com *.vimeo.com vimeo.com *.google-analytics.com *.doubleclick.net *.googleapis.com; frame-src 'self' data: *.vimeo.com *.google.com e.issuu.com *.googleapis.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https: https://victorianplumbing.co.uk https://*.victorianplumbing.co.uk; script-src-elem 'unsafe-inline' 'strict-dynamic' 'nonce-UpJzW/Fn8coD2TCohKkCzA=='; style-src 'self' 'unsafe-inline' https://victorianplumbing.co.uk https://*.victorianplumbing.co.uk fonts.googleapis.com cdn.taggstar.com assets.bounceexchange.com;  font-src 'self' https://victorianplumbing.co.uk https://*.victorianplumbing.co.uk fonts.gstatic.com; frame-ancestors 'self'; 1
default-src * 'unsafe-inline' 'unsafe-eval' data:; report-uri /report-csp-violation 1
base-uri 'none';object-src 'none';connect-src 'self' https: *.google-analytics.com wss://nexus-websocket-a.intercom.io blob:;default-src 'self' blob: https://1874966808.rsc.cdn77.org;font-src 'self' https: data: https://1874966808.rsc.cdn77.org;frame-src 'self' https://accounts.google.com https://www.google.com https://www.facebook.com https://webforms.pipedrive.com https://td.doubleclick.net/ https://intercom-sheets.com/ https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://www.loom.com;img-src 'self' https: blob: data: *.googletagmanager.com a.storyblok.com img2.storyblok.com;media-src 'self' https: blob: data: a.storyblok.com;report-uri https://fe7d76b887471114b1ffc4f4c426faa7.report-uri.com/r/d/csp/enforce;script-src 'unsafe-inline' 'unsafe-eval' https: 'self' https://apis.google.com https://www.googletagmanager.com https://www.clarity.ms http://app.storyblok.com https://widget.intercom.io https://app.intercom.io https://js.intercomcdn.com https://1874966808.rsc.cdn77.org;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://1874966808.rsc.cdn77.org 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com *.medicover.pl https://www.strefaaptek.pl *.medistore.com.pl https://store.synevo.pl app3.salesmanago.pl sklep.rehasport.pl app3.salesmanago.com *.gstatic.com www.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net https://app3.emlgrid.com *.hotjar.com https://my.hellobar.com https://connect.facebook.net https://cdn.chatbot.com https://code.jquery.com https://cdnjs.cloudflare.com https://cdn-widget.callpage.io https://www.clarity.ms https://promocja.medicover.pl/ https://cdn.livechatinc.com/ https://api.livechatinc.com/ *.consentmanager.net; frame-src 'self' https://www.strefaaptek.pl *.medistore.com.pl *.medicover.pl images.medicover.pl *.gdziepolek.pl covid19.infermedica.com https://koronawirusunas.pl/ platform.twitter.com *.google.com *.youtube.com youtu.be *.hotjar.com cdn.chatbot.com data: medistore.com.pl www.medistore.com.pl w.soundcloud.com/player/ www.youtube.comembed localhost:* https://secure.livechatinc.com/ https://widget-doctor.medicover.pl https://www.strefaaptek.pl/*; object-src 'self'; font-src 'self' https://fonts.gstatic.com data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://www.hirkereso.hu http://img.hirkereso.hu http://gahu.hit.gemius.pl/ http://ls.hit.gemius.pl http://www.idokep.hu https://adservice.google.com https://cse.google.com https://pagead2.googlesyndication.com https://partner.googleadservices.com https://tpc.googlesyndication.com https://www.google-analytics.com https:;report-uri /csp-violation-report-endpoint.php?v=1;report-to csp-endpoint 1
font-src 'self'; frame-src 'self' https: www.youtube-nocookie.com/* ; frame-ancestors 'self' https://*.etracker.com; script-src 'self' https://*.etracker.com https://*.etracker.de *.b-ite.com https://stats.haw-hamburg.de  'unsafe-inline'; connect-src 'self' https://*.etracker.de *.b-ite.com https://stats.haw-hamburg.de;  img-src * *.b-ite.com; style-src 'self' 'unsafe-inline' *.b-ite.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' siteimproveanalytics.com search.usa.gov https://search.usa.gov data.usajobs.gov https://data.usajobs.gov https://dojlogin-test.usdoj.gov https://dap.digitalgov.gov/Universal-Federated-Analytics-Min.js https://siteimproveanalytics.com/js/siteanalyze_57774.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://js-agent.newrelic.com/nr-rum-1.250.0.min.js https://dojlogin-govtest.okta-gov.com https://js-agent.newrelic.com/nr-rum-1.251.1.min.js https://dojlogin.usdoj.gov https://usdoj.okta-gov.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://static.addtoany.com platform.twitter.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://search.usa.gov/assets/sayt.css http://search.usa.gov/assets/sayt.css cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com; report-uri https://www.usmarshals.gov/report-uri/enforce 1
frame-ancestors 'self' https://*.nwea.org; 1
frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com https://play.vidyard.com/ https://td.doubleclick.net/ https://*.api.useinsider.com/; 1
frame-ancestors 'self' *.dormakabacountry.com *.dormakaba.com; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'none'; base-uri 'none'; connect-src 'self' https://*.five9.com https://*.hotjar.com https://*.mktoresp.com https://*.pointillist.com https://translate.google.com https://translate.google.com/* https://translate.googleapis.com https://translate.googleapis.com/* https://maps.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; form-action 'self' https://*.marketo.com https://*.jotform.com https://*.jotformpro.com https://*.arvig.com https://*.arvig.net https://translate.google.com https://translate.google.com/* https://translate.googleapis.com https://translate.googleapis.com/* https://maps.googleapis.com https://*.opendns.com/; frame-ancestors 'none'; frame-src 'self' https://*.jotform.com https://*.jotformpro.com https://*.marketo.com https://*.youtube.com https://youtu.be https://*.arvig.com https://*.arvig.net https://*.five9.com https://*.google.com https://*.paymentus.com https://*.hotjar.com https://maps.googleapis.com https://*.opendns.com/; img-src 'self' https://*.youtube.com https://*.five9.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagemanager.com https://www.google.com https://ssl.gstatic.com https://www.gstatic.com data: https://translate.google.com https://translate.google.com/* https://translate.googleapis.com https://translate.googleapis.com/* https://maps.googleapis.com https://maps.gstatic.com; manifest-src 'none'; media-src https://*.five9.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.marketo.com https://*.marketo.net https://*.five9.com https://www.googletagmanager.com https://*.hotjar.com https://*.pointillist.com https://www.google-analytics.com https://*.mktoresp.com https://tagmanager.google.com https://translate.google.com https://translate.google.com/* https://translate.googleapis.com https://translate.googleapis.com/* https://maps.googleapis.com https://translate-pa.googleapis.com https://translate-pa.googleapis.com/*; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.marketo.com https://*.five9.com https://*.hotjar.com https://www.google-analytics.com https://tagmanager.google.com https://translate.google.com https://translate.google.com/* https://translate.googleapis.com https://translate.googleapis.com/* https://www.gstatic.com https://www.gstatic.com/* https://maps.googleapis.com; worker-src 'none' 1
default-src 'self' blob:; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.juicer.io *.visualwebsiteoptimizer.com app.vwo.com https://cdn.branch.io https://app.link *.greateasternlife.com *.lifeisgreat.net *.adobedtm.com *.facebook.net *.googletagmanager.com *.addthisedge.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.addthis.com *.twitter.com *.youtube.com *.ytimg.com *.licdn.com *.moatads.com *.branch.io *.qualtrics.com *.outbrain.com *.googleanalytics.com *.googleoptimize.com *.google.com *.gstatic.com http://cdn.taboola.com http://trc.taboola.com http://trc-events.taboola.com http://cds.taboola.com https://sp.analytics.yahoo.com https://s.yimg.com analytics.tiktok.com; style-src 'self' 'unsafe-inline' *.bing.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com fonts.googleapis.com optimize.google.com tagmanager.google.com; font-src 'self' data: fonts.gstatic.com; img-src * data: *.bing.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.qualtrics.com *.google-analytics.com *.googletagmanager.com http://cdn.taboola.com http://trc.taboola.com https://sp.analytics.yahoo.com analytics.tiktok.com *.gstatic.com *.google.com *.google.com.sg *.google.com.my *.google.co.id *.google.com.bn *.google.com.mm *.doubleclick.net *.googlesyndication.com; media-src 'self' *.scene7.com; frame-src 'self' concierge-healthconnect.doctoranywhere.com *.juicer.io app.vwo.com *.visualwebsiteoptimizer.com *.feprecisionplus.com https://play.solstice.sg liferiddles.whooshpro.net liferiddles-stg.whooshpro.net *.greateasternlife.com *.doubleclick.net *.twitter.com *.addthis.com *.financialexpress.net *.youtube.com *.facebook.net *.facebook.com optimize.google.com su.vc s.surveyanyplace.com *.qualtrics.com *.google.com *.gstatic.com safe.menlosecurity.com gehc.healthconnect.com.sg; object-src 'self' *.qualtrics.com; connect-src 'self' *.visualwebsiteoptimizer.com app.vwo.com *.branch.io *.greateasternlife.com *.addthis.com *.google-analytics.com *.doubleclick.net *.facebook.net *.facebook.com *.qualtrics.com cdn.linkedin.oribi.io http://cdn.taboola.com http://cds.taboola.com https://s.yimg.com analytics.tiktok.com *.googletagmanager.com *.google.com *.google.com.sg *.google.com.my *.google.co.id *.google.com.bn *.google.com.mm; worker-src 'self' blob:; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.analytics.google.com https://*.bazaarvoice.com https://*.braintree-api.com https://*.braintreegateway.com https://*.btttag.com https://*.criteo.com https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.kampyle.com https://*.medallia.com https://*.paypal.com https://bat.bing.com https://www.bing.com https://*.truefitcorp.com https://adservice.google.com https://amplify.outbrain.com https://analytics.google.com https://api-env.cartfulsolutions.com https://api.cartfulsolutions.com https://apis.google.com https://app.acuityscheduling.com https://assets.adobedtm.com https://careers.lululemon.com https://cdn.cquotient.com https://cdn.honey.io https://cdn.quantummetric.com https://ingest.quantummetric.com https://cdn.treasuredata.com https://cdnjs.cloudflare.com https://challenges.cloudflare.com https://cm.g.doubleclick.net https://cm.teads.tv https://connect.facebook.net https://ct.pinterest.com https://d38d4ysphgm9dz.cloudfront.net https://dpm.demdex.net https://e.cquotient.com https://embed.acuityscheduling.com https://embed.cartfulsolutions.com https://external.quantummetric.com https://fledge.teads.tv https://fonts.googleapis.com https://globalstaticassets.lululemon.com https://google.com https://googleads.g.doubleclick.net https://images.lululemon.com https://intljs.rmtag.com https://ln-rules.rewardstyle.com https://lululemon.quiq-api.com https://lululemonathleticacanadainc.demdex.net https://lululemoninternational-app.quantummetric.com https://lululemoninternational.quantummetric.com https://lululemonusa.tt.omtrdc.net https://maps.googleapis.com https://mpsnare.iesnare.com https://o4503962274299904.ingest.sentry.io https://p.cquotient.com https://p.teads.tv https://pay.google.com https://r.cquotient.com https://s.pinimg.com https://s.yimg.com https://s7mbrstream.scene7.com https://smetrics.lululemon.com.hk https://sslwidget.criteo.com https://static.cloudflareinsights.com https://static.criteo.com https://static.criteo.net https://stats.g.doubleclick.net https://t.teads.tv https://tag.rmp.rakuten.com https://tez.google.com https://tokyo.in.treasuredata.com https://tpc.googlesyndication.com https://tr.outbrain.com https://translate.google.com https://wf.cartfulsolutions.com https://widget.as.criteo.com https://www.cloudflare.com https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.lululemon.co.uk https://www.lululemon.com.hk https://www.paypalobjects.com https://consentag.eu https://*.browser-intake-datadoghq.com https://www.datadoghq-browser-agent.com https://ingesteu.quantummetric.com https://shop.lululemon.com https://consentag.eu https://ctnsnet.com https://ipac.ctnsnet.com https://cdn.ctnsnet.com https://i.ctnsnet.com https://embed-env.cartfulsolutions.com https://wave.outbrain.com https://go.linkby.com wss://lululemoninternational.quantummetric.com wss://mpsnare.iesnare.com; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; img-src * 'self' data: https:; font-src * 'self' data: https:; block-all-mixed-content; 1
default-src 'self' https://*.dicksonone.com https://*.stripe.com https://s3.amazonaws.com https://cdn-cookieyes.com; object-src 'self' https://*.dicksonone.com https://*.stripe.com https://s3.amazonaws.com https://cdn-cookieyes.com; connect-src 'self' https://*.dicksonone.com https://*.stripe.com https://s3.amazonaws.com https://cdn-cookieyes.com https://checkout.stripe.com/ https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.cookieyes.com https://www.snapengage.com; font-src 'self' https://*.dicksonone.com https://*.stripe.com https://s3.amazonaws.com https://cdn-cookieyes.com https://fonts.googleapis.com https://fonts.gstatic.com data:; img-src 'self' https://*.dicksonone.com https://*.stripe.com https://s3.amazonaws.com https://cdn-cookieyes.com https://www.google.com/ads/ https://*.google-analytics.com https://*.googletagmanager.com blob: data:; script-src 'self' https://*.dicksonone.com https://*.stripe.com https://s3.amazonaws.com https://cdn-cookieyes.com https://www.google-analytics.com https://*.googletagmanager.com https://www.snapengage.com https://cdnjs.cloudflare.com/ajax/libs/mathjs/3.12.0/math.min.js https://www.recaptcha.net/recaptcha/api.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://code.highcharts.com https://cdn-cookieyes.com 'unsafe-eval' 'nonce-8MdvpA10lg6lq1mGsXgmMA=='; style-src 'self' https://*.dicksonone.com https://*.stripe.com https://s3.amazonaws.com https://cdn-cookieyes.com https://fonts.googleapis.com 'unsafe-inline'; frame-src 'self' https://*.dicksonone.com https://*.stripe.com https://s3.amazonaws.com https://cdn-cookieyes.com https://www.recaptcha.net 1
default-src 'self' *.d41.co *.imirwin.com px.ads.linkedin.com geo.privacymanager.io cdn.linkedin.oribi.io cdn.cookielaw.org cdn.linkedin.oribi.io *.demandbase.com api.company-target.com geolocation.onetrust.com adservice.google.com www.clarity.ms stats.g.doubleclick.net bam.nr-data.net *.anura.io script.anura.io ads.anura.io www.google-analytics.com *.hotjar.io *.hotjar.com wss://*.hotjar.com www.youtube.com viz.tools.investis.com edge.api.brightcove.com cdnjs.cloudflare.com use.typekit.net kit.fontawesome.com p.typekit.net www.facebook.com lpcdn.lpsnmedia.net ka-f.fontawesome.com ka-p.fontawesome.com *.d41.co; img-src 'self' t.co c.bing.com segments.company-target.com di.rlcdn.com id.rlcdn.com c.clarity.ms px4.ads.linkedin.com p.adsymptotic.com tracking.selective.com www.youtube.com p.adsymptotic.com www.linkedin.com viz.tools.investis.com *.gstatic.com tagmanager.google.com cdn.cookielaw.org www.googletagmanager.com i.ytimg.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.co.in px.ads.linkedin.com www.facebook.com analytics.twitter.com lpcdn.lpsnmedia.net www.rumiview.com; frame-src 'self' i.ytimg.com www.youtube.com *.company-target.com view.ceros.com view.ceros.com www.facebook.com www.google.com player.vimeo.com otp.tools.investis.com irs.tools.investis.com www.youtube.com *.hotjar.com gum.criteo.com lpcdn.lpsnmedia.net bid.g.doubleclick.net td.doubleclick.net va-s.c.liveperson.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com http://www.google-analytics.com www.youtube.com tagmanager.google.com fonts.googleapis.com ka-f.fontawesome.com viz.tools.investis.com use.typekit.net kit.fontawesome.com p.typekit.net kit-free.fontawesome.com; font-src 'self' tagmanager.google.com viz.tools.investis.com fonts.gstatic.com ka-f.fontawesome.com ka-p.fontawesome.com fonts.googleapis.com  use.typekit.net kit.fontawesome.com p.typekit.net kit-free.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' launchpad.privacymanager.io ats-wrapper.privacymanager.io launchpad-wrapper.privacymanager.io *.imirwin.com view.ceros.com static.ads-twitter.com view.ceros.com *.d41.co ats.rlcdn.com tag.demandbase.com www.youtube.com www.gstatic.com www.google.com bam.nr-data.net js-agent.newrelic.com tagmanager.google.com www.googleadservices.com *.googleapis.com cdn.jsdelivr.net script.anura.io www.google-analytics.com viz.tools.investis.com *.hotjar.com www.googletagmanager.com www.youtube.com s.ytimg.com cdnjs.cloudflare.com use.typekit.net kit.fontawesome.com p.typekit.net tag.simpli.fi i.simpli.fi ajax.googleapis.com snap.licdn.com googleads.g.doubleclick.net lptag.liveperson.net connect.facebook.net assets.adobedtm.com static.criteo.net sslwidget.criteo.com accdn.lpsnmedia.net accdn.lpsnmedia.net va.v.liveperson.net widget.us.criteo.com lpcdn.lpsnmedia.net www.rumiview.com otp.tools.investis.com img.en25.com www.clarity.ms analytics.twitter.com cdn.cookielaw.org; 1
child-src 'self';connect-src 'self' https://*.browser-intake-datadoghq.com https://cognito-identity.us-west-2.amazonaws.com https://*.rekognition.amazonaws.com https://api.openai.com https://*.sentry.io http://*.pinalove.com https://*.googletagmanager.com http://*.thaifriendly.com https://*.apple.com https://rum.browser-intake-datadoghq.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.nr-data.net https://*.pinalove.com https://*.tenor.com https://*.thaifriendly.com https://*.trackjs.com wss: wss://*.pinalove.com wss://*.thaifriendly.com wss://*.vietnameselove.com;default-src 'self';font-src 'self' chrome-extension: data: http://*.gstatic.com https://*.gstatic.com;frame-src 'self' https://*.apple.com https://*.g.doubleclick.net https://*.google.com;img-src 'self' blob: data: http://*.gstatic.com https://*.googletagmanager.com http://*.pinalove.com http://*.thaifriendly.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.at https://*.google.be https://*.google.ca https://*.google.ch https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.kr https://*.google.co.nz https://*.google.co.th https://*.google.co.uk https://*.google.com https://*.google.com.au https://*.google.com.my https://*.google.com.ph https://*.google.com.sg https://*.google.com.tr https://*.google.de https://*.google.dk https://*.google.dz https://*.google.es https://*.google.fi https://*.google.fr https://*.google.gr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.no https://*.google.pl https://*.google.ru https://*.google.se https://*.google.si https://*.googleapis.com https://*.gstatic.com https://*.nr-data.net https://*.pinalove.com https://*.tenor.com https://*.thaifriendly.com https://*.trackjs.com https://pinalove.com https://thaifriendly.com https://vietnameselove.com wss://*.pinalove.com wss://*.thaifriendly.com;manifest-src 'self' http://*.thaifriendly.com https://*.thaifriendly.com wss://*.thaifriendly.com;media-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.2checkout.com https://cognito-identity.us-west-2.amazonaws.com https://*.rekognition.amazonaws.com https://*.apple.com https://*.sentry-cdn.com https://*.googleadservices.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.newrelic.com https://*.nr-data.net https://*.trackjs.com;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.googletagmanager.com https://*.yahooapis.com;worker-src 'self' blob:; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.analytics.google.com https://embed.cartfulsolutions.com https://*.awin1.com https://osm.klarnaservices.com https://*.bazaarvoice.com https://*.braintree-api.com https://*.braintreegateway.com https://*.btttag.com https://*.criteo.com https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.kampyle.com https://*.klarna.com https://*.medallia.com https://*.paypal.com https://*.sheerid.com https://*.truefitcorp.com https://*.wepowerconnections.com https://*.zenaps.com https://adservice.google.com https://analytics.google.com https://apis.google.com https://apprl.com https://assets.adobedtm.com https://bat.bing.com https://careers.lululemon.com https://cdn.cookielaw.org https://cdn.cquotient.com https://cdn.honey.io https://cdn.jsdelivr.net https://cdn.quantummetric.com https://ingest.quantummetric.com https://cdnjs.cloudflare.com https://challenges.cloudflare.com https://cm.g.doubleclick.net https://cm.teads.tv https://connect.facebook.net https://ct.pinterest.com https://d38xvr37kwwhcm.cloudfront.net https://dpm.demdex.net https://e.cquotient.com https://eu-library.klarnaservices.com https://eu.klarnaevt.com https://evt-eu.klarnaservices.com https://external.quantummetric.com https://fledge.teads.tv https://fonts.googleapis.com https://geolocation.onetrust.com https://globalstaticassets.lululemon.com https://google.com https://googleads.g.doubleclick.net https://images.lululemon.com https://intljs.rmtag.com https://ln-rules.rewardstyle.com https://lululemon.quiq-api.com https://lululemonathleticacanadainc.demdex.net https://lululemoninternational-app.quantummetric.com https://lululemoninternational.quantummetric.com https://lululemonusa.tt.omtrdc.net https://maps.googleapis.com https://mpsnare.iesnare.com https://p.cquotient.com https://p.teads.tv https://pay.google.com https://privacyportal.onetrust.com https://r.cquotient.com https://rcgmal4n.klarnaservices.com https://s.apprl.com https://s.pinimg.com https://s3.eu-west-1.amazonaws.com https://s7mbrstream.scene7.com https://sc-static.net https://scripts.agilone.com https://smetrics.lululemon.co.uk https://sslwidget.criteo.com https://static.cloudflareinsights.com https://static.criteo.com https://static.criteo.net https://stats.g.doubleclick.net https://t.teads.tv https://tag.rmp.rakuten.com https://tez.google.com https://the.sciencebehindecommerce.com https://tpc.googlesyndication.com https://tr.snapchat.com https://translate.google.com https://v2.waitwhile.com https://widget.as.criteo.com https://www.bing.com https://www.cloudflare.com https://www.dwin1.com https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.lululemon.co.uk https://www.paypalobjects.com https://x.klarnacdn.net https://*.browser-intake-datadoghq.com https://www.datadoghq-browser-agent.com https://analytics.tiktok.com https://ingesteu.quantummetric.com https://shop.lululemon.com https://embed-env.cartfulsolutions.com https://tr6.snapchat.com https://lantern.roeyecdn.com https://pagead2.googlesyndication.com https://sc-static.net https://tr-shadow.snapchat.com https://pixel.tapad.com https://api.cartfulsolutions.com https://api-env.cartfulsolutions.com wss://lululemoninternational.quantummetric.com wss://mpsnare.iesnare.com; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; img-src * 'self' data: https:; font-src * 'self' data: https:; block-all-mixed-content; 1
default-src 'self';script-src 'nonce-3a35889e-4527-4a5c-a3fe-ed7547b99793' 'strict-dynamic' https: 'unsafe-inline' 'unsafe-eval';connect-src 'nonce-3a35889e-4527-4a5c-a3fe-ed7547b99793' https: 'unsafe-inline';style-src * 'unsafe-inline'; img-src * data:; font-src * data:;frame-src *.demdex.net *.skat.dk; 1
frame-ancestors 'self' app.pendo.io https://datamma.guides.nelnet.com 1
style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; frame-src *; 1
frame-ancestors *.airmiles.ca *.cxtrvl.com *.adobe.com *.adobemc.com 1
default-src 'self' wss: https: data: 'unsafe-eval' 'unsafe-inline' 1
default-src 'unsafe-inline' https:; img-src 'self' data: https:; script-src 'unsafe-eval' 'unsafe-inline' https: data: blob:; font-src * data: blob:; frame-src 'self' https://storymaps.arcgis.com/ https://status.nearmap.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https:; 1
style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com; frame-src 'self' https://*.razorpay.com https://*.akasaair.com/  https://*.youtube.com https://*.webengage.co https://*.webengage.com https://*.numr.app https://*.rakuten.com; frame-ancestors 'self' https://*.storyblok.com https://*.rakuten.com; base-uri 'none'; form-action 'self' 1
default-src 'self';    script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.stytch.com https://widget.intercom.io https://js.intercomcdn.com;    connect-src 'self' web.stytch.com telemetry.stytch.com api.groq.com www.google-analytics.com rawcdn.githack.com https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io;    style-src 'self' 'unsafe-inline';    img-src 'self' blob: https: data: *.groq.com *.googleusercontent.com avatars.githubusercontent.com;    font-src 'self' https: data:;    object-src 'none';    base-uri 'self';    form-action 'self';    frame-ancestors 'none';    upgrade-insecure-requests; 1
default-src 'none'; frame-ancestors 'none'; frame-src 'none'; object-src 'none'; worker-src 'none'; manifest-src 'self'; form-action 'self'; connect-src 'self' https://www.rottentomatoes.com; media-src 'self'; base-uri 'self'; img-src 'self' 'unsafe-inline' data: https: http:; style-src 'self' 'unsafe-inline' https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/jsapi https://www.google.com/uds/ 1
frame-ancestors 'self' https://app.kontent.ai; 1
default-src 'self' 'unsafe-inline' https://api.indidata.com/ https://observer.netadclick.com/ https://px.ads.linkedin.com/ https://api.reciteme.com/ https://stats.reciteme.com/  *.stghavaspeople.com https://cdn.linkedin.oribi.io/ https://tracking.tribepad.com/ https://maps.googleapis.com/ https://region1.google-analytics.com/ https://pagead2.googlesyndication.com/ https://stats.g.doubleclick.net/ https://tracking.tribepad.com/ https://www.google-analytics.com/ https://region1.analytics.google.com/ https://www.tesco-careers.com/ http://gw.oribi.io/ ;  font-src 'self' https://api.reciteme.com/; style-src 'self' 'unsafe-inline' https://api.reciteme.com/;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://observer.netadclick.com/ https://api.reciteme.com/ *.stghavaspeople.com https://tracking.tribepad.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ *.stghavaspeople.com/ https://ajax.aspnetcdn.com/ https://cdnjs.cloudflare.com/ https://px.ads.linkedin.com/ http://tracking.tribepad.com/ https://tracking.tribepad.com/ http://cdn.oribi.io/ https://cdn.oribi.io/ http://www.google-analytics.com/ https://sjs.bizographics.com/ https://maps.googleapis.com/ https://www.google-analytics.com https://ajax.googleapis.com https://www.googletagmanager.com https://player.vimeo.com; frame-src 'self' https://observer.netadclick.com/ https://api.indidata.com/ https://2476867.fls.doubleclick.net/ https://td.doubleclick.net/ https://10220835.fls.doubleclick.net/ http://8984071.fls.doubleclick.net/ https://8984071.fls.doubleclick.net/ https://www.googletagmanager.com/  https://www.youtube.com/; img-src 'self' data: 'unsafe-inline' https://api.reciteme.com/ https://www.facebook.com/ https://www.google.co.uk/ https://www.google.com/ https://ad.doubleclick.net/ https://ad.doubleclick.net/ https://px.ads.linkedin.com/ https://secure.adnxs.com/ https://pixel.mediaiqdigital.com/ http://tracking.tribepad.com/ https://tracking.tribepad.com/ https://pixel.mediaiqdigital.com/ http://www.google-analytics.com/ https://www.googletagmanager.com/ https://i.ytimg.com/ https://scontent.xx.fbcdn.net/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://maps.gstatic.com/;  1
media-src yastatic.net;connect-src *.strm.yandex.net mc.yandex.com yandex.lv yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru mc.yandex.lv;img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru yandex.lv 'self' yastatic.net data: mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.lv mc.yandex.ru favicon.yandex.net avatars.mds.yandex.net;script-src 'nonce-CUQe21iQpiAPULYbNSkDJw==' mc.yandex.com yastatic.net yandex.lv mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.yandex.lv;child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net mc.yandex.ru mc.yandex.md mc.yandex.lv yandex.lv *.ya.ru *.yandex.ru ya.ru yandex.ru;style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.lv&showid=1721960218736925-15837379130496372402-balancer-l7leveler-kubr-yp-vla-201-BAL&h=stable-portal-mordago-166.klg.yp-c.yandex.net&yandexuid=7963724021721960218&&version=2024-07-24-611&adb=0;default-src 'self' yastatic.net yastat.net;font-src yastatic.net 1
default-src https:; font-src * data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://consent.cookiebot.com https://*.googletagmanager.com https://code.iconify.design https://acsbapp.com https://ws.zoominfo.com https://www.virtualspirits.com https://www.google.com https://www.youtube.com https://*.hsforms.net https://www.google-analytics.com https://snap.licdn.com https://static.hotjar.com https://*.taboola.com https://www.virtualspirits.com https://connect.facebook.net https://pi.pardot.com https://*.seraphicsecurity.com https://googleads.g.doubleclick.net https://script.hotjar.com https://www.gstatic.com https://play.vidyard.com http://play.vidyard.com https://js-eu1.hs-scripts.com https://app-eu1.hubspot.com https://js-eu1.hubspot.com https://js-eu1.hsadspixel.net https://js-eu1.hscollectedforms.net https://js-eu1.hs-banner.com https://js-eu1.hs-analytics.net https://consentcdn.cookiebot.com/; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.seraphicsecurity.com https://cdn.jsdelivr.net https://www.virtualspirits.com; media-src * blob: data:; img-src * blob: data:; object-src 'self' 'unsafe-inline'; connect-src *; frame-src *; frame-ancestors 'self' https://seraphicalgorithms.lightning.force.com https://seraphicalgorithms.my.salesforce.com; 1
default-src 'self'; font-src 'self' fonts.bunny.net data:; img-src 'self' matomo.sib.swiss fonts.googleapis.com fonts.gstatic.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.sib.swiss; style-src 'self' fonts.bunny.net 'unsafe-inline'; connect-src 'self' matomo.sib.swiss; 1
default-src 'self' https://use.typekit.net; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net *.google.com https://connect.facebook.net *.gstatic.com https://www.google-analytics.com https://*.googleapis.com https://view.ceros.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdn.cookielaw.org; object-src 'none'; style-src 'report-sample' 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://cdn.jsdelivr.net; img-src 'self' data: *.gstatic.com *.littler.com p.typekit.net  https://www.google-analytics.com https://*.googleapis.com https://i.vimeocdn.com https://cdn.cookielaw.org; media-src 'self'; frame-src 'self' https://player.vimeo.com/ https://app.powerbi.com https://w.soundcloud.com https://www.google.com https://view.ceros.com https://players.brightcove.net https://www.youtube.com https://www.youtube-nocookie.com; frame-ancestors 'self'; child-src 'self' https://player.vimeo.com/; font-src 'self' 'unsafe-inline' https://themes.googleusercontent.com use.typekit.net *.gstatic.com data:; connect-src 'self' https://www.google-analytics.com *.algolia.net *.algolianet.com https://insights.algolia.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.salesforceliveagent.com service.force.com *.my.salesforce.com *.google.com *.facebook.net *.facebook.com *.omtrdc.net *.youtube.com *.ytimg.com *.doubleclick.net *.googleapis.com *.bazaarvoice.com *.iesnare.com appleid.cdn-apple.com www.googletagmanager.com www.googleadservices.com activitymap.adobe.com qasfix-hofer.cs101.force.com cs101.salesforce.com https://www.googletagmanager.com/gtag/js *.bing.com https://s.pinimg.com/ct/core.js https://s.pinimg.com/ct/lib/main.2a04f3ee.js hofer.force.com hofer.secure.force.com https://cdn.polyfill.io/v2/polyfill.min.js static.lightning.force.com js-cdn.dynatrace.com int-crm.my.salesforce.com EU17.salesforce.com EU17.force.com EU36.salesforce.com EU36.force.com secure.force.com *.cookielaw.org *.onetrust.com *.salesforce-sites.com s7g10.scene7.com collect.tealiumiq.com tags.tiqcdn.com; object-src 'none'; connect-src 'self' *.omtrdc.net *.demdex.net *.postcodeanywhere.co.uk *.bazaarvoice.com *.facebook.com activitymap.adobe.com sitecatalyst.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com c.la1-c1-fra.salesforceliveagent.com EU17.salesforce.com d.la1-c1-fra.salesforceliveagent.com www.zurueckzumursprung.at https://storefinder.aldi.at https://empty-fridge-widget.vercel.app https://gewinnspiel.aldi-sued.de test.storefinder.aldi.at https://bf51204epo.bf.dynatrace.com/bf int-crm.my.salesforce.com eu36.salesforce.com EU17.force.com EU36.force.com static.lightning.force.com secure.force.com service.force.com *.salesforceliveagent.com *.googleapis.com *.cookielaw.org *.onetrust.com *.salesforce-sites.com s7g10.scene7.com collect.tealiumiq.com *.doubleclick.net *.googlesyndication.com *.google.com; style-src 'self' 'unsafe-inline' *.bazaarvoice.com *.googleapis.com *.omtrdc.net *.my.salesforce.com service.force.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com int-crm.my.salesforce.com EU17.salesforce.com EU17.force.com EU36.salesforce.com EU36.force.com static.lightning.force.com secure.force.com *.salesforceliveagent.com *.cookielaw.org *.onetrust.com *.salesforce-sites.com *.gstatic.com s7g10.scene7.com; font-src 'self' *.gstatic.com data:; frame-src 'self' *.demdex.net *.facebook.com *.google.com *.youtube.com *.youtube-nocookie.com *.customervoice360.com *.adobe.com aldisued.marketing.adobe.com *.psa.at aldisued.experiencecloud.adobe.com web-psa-preprod.mp-testing.com rest-b2b-crt-preprod.mp-testing.com psa-card-administration.mobile-pocket.com *.bazaarvoice.com *.iesnare.com www.elettershop.de t.elettershop.de *.salesforceliveagent.com service.force.com activitymap.adobe.com *.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com *.doubleclick.net www.zurueckzumursprung.at storefinder.aldi.at https://empty-fridge-widget.vercel.app https://gewinnspiel.aldi-sued.de test.storefinder.aldi.at cs107.salesforce.com eu17.salesforce.com medienkontakt.hofer.at int-crm.my.salesforce.com eu36.salesforce.com hofer.secure.force.com EU17.force.com EU36.force.com static.lightning.force.com secure.force.com hofer.force.com check-your-product.com www.check-your-product.com hofer-tickets.at/redeem test.etcgmbh.de/redeem *.salesforce-sites.com *.salesforce.com katalog.hofer.at *.brame.io *.brame-gamification.com brame-static.s3.eu-central-1.amazonaws.com brame-campaign-data-storage.s3.amazonaws.com interaktiv.www.hofer.at *.questback.com; frame-ancestors 'self' https://aldisued.marketing.adobe.com https://aldisued.experiencecloud.adobe.com https://www.elettershop.de https://t.elettershop.de https://experience.adobe.com hofer-custom.staffbase.com unserhofer.hofer.at localhost:* 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn-cookieyes.com *.mczbf.com *.sjwoe.com *.cdn-cookieyes.com forms.hsforms.com *.amazonaws.com *.pelican.com *.stackadapt.com *.emarsys.net *.adroll.com cdnjs.cloudflare.com ajax.googleapis.com *.klaviyo.com js.adsrvr.org tags.crwdcntrl.net *.dynamicyield.com *.hotjar.com www.googletagmanager.com connect.facebook.net snap.licdn.com www.googleadservices.com static.ads-twitter.com analytics.twitter.com bat.bing.com *.avmws.com use.fontawesome.com googleads.g.doubleclick.net *.yotpo.com *.en25.com www.google-analytics.com *.clarity.ms assets.pinterest.com www.google.com cdnapisec.kaltura.com www.gstatic.com cdn.rawgit.com *.datadome.co code.jquery.com *.svn0czn.com cdn.dynamicyield.com *.scarabresearch.com *.simpli.fi *.klarnaservices.com app.intercom.io widget.intercom.io js.intercomcdn.com; script-src-elem 'unsafe-inline' *; media-src data: *.mczbf.com *.sjwoe.com *.cdn-cookieyes.com *.amazonaws.com media.pelican.com cdnapisec.kaltura.com js.intercomcdn.com; connect-src javascript: data: googleads.g.doubleclick.net pixel-config.reddit.com na.klarnaevt.com log.cookieyes.com cdn-cookieyes.com *.cdn-cookieyes.com *.redditstatic.com https://pelicantest.com *.mczbf.com *.sjwoe.com *.cdn-cookieyes.com tr6.snapchat.com tr.snapchat.com px.ads.linkedin.com analytics.tiktok.com js.klarna.com api.hubapi.com forms.hsforms.com *.amazonaws.com *.pelican.com *.btttag.com *.stackadapt.com *.linkedin.oribi.io *.emarsys.net *.yotpo.com *.hotjar.com *.hotjar.io wss://*.hotjar.com stats.g.doubleclick.net *.dynamicyield.com www.google-analytics.com https://analytics.google.com fast.a.klaviyo.com *.klaviyo.com bat.bing.com *.clarity.ms www.facebook.com vc.hotjar.io adservice.google.com www.google.com *.datadome.co analytics.kaltura.com manage.kmail-lists.com www.instagram.com *.scarabresearch.com *.klarnaservices.com api.intercom.io api.au.intercom.io api.eu.intercom.io api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io uploads.intercomcdn.com uploads.intercomcdn.eu uploads.au.intercomcdn.com uploads.intercomusercontent.com; img-src * data: *.mczbf.com *.sjwoe.com cdn-cookieyes.com *.cdn-cookieyes.com js.intercomcdn.com static.intercomassets.com downloads.intercomcdn.com downloads.intercomcdn.eu downloads.au.intercomcdn.com uploads.intercomusercontent.com gifs.intercomcdn.com video-messages.intercomcdn.com messenger-apps.intercom.io messenger-apps.eu.intercom.io messenger-apps.au.intercom.io *.intercom-attachments-1.com *.intercom-attachments.eu *.au.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com static.intercomassets.eu static.au.intercomassets.com; frame-src 'self' osm.klarnaservices.com tr.snapchat.com forms.hsforms.com *.amazonaws.com *.pelican.com www.facebook.com www.instagram.com vars.hotjar.com *.doubleclick.net www.youtube.com www.google.com www.googletagmanager.com insight.adsrvr.org; font-src 'self' data: static.klaviyo.com https://members.cj.com *.mczbf.com *.sjwoe.com *.cdn-cookieyes.com *.amazonaws.com *.pelican.com staticw2.yotpo.com use.fontawesome.com fonts.gstatic.com cdn.honey.io www.slant.co at.alicdn.com fonts.googleapis.com *.klarnacdn.net js.intercomcdn.com fonts.intercomcdn.com; style-src 'self' 'unsafe-inline' *.amazonaws.com *.pelican.com staticw2.yotpo.com use.fontawesome.com cdnjs.cloudflare.com *.klaviyo.com fonts.googleapis.com cdn.honey.io translate.googleapis.com cdn.rawgit.com *.trendmicro.com *.klarnacdn.net; style-src-elem 'unsafe-inline' *; child-src www.google.com www.youtube.com bid.g.doubleclick.net insight.adsrvr.org vars.hotjar.com match.adsrvr.org intercom-sheets.com www.intercom-reporting.com player.vimeo.com fast.wistia.net; frame-ancestors 'self'; object-src 'none'; form-action 'self' forms.hsforms.com *.amazonaws.com *.pelican.com https://www.pelican.com/pid/tools/ www.facebook.com *.mimecast.com *.salesforce.com webto.salesforce.com *.eloqua.com; 1
default-src 'self' data:; object-src 'none'; frame-src 'self' https://player.vimeo.com/ https://download-video.akamaized.net/ https://www.google.com/; connect-src 'self' https://yoast.com/ https://www.google-analytics.com/ https://region1.google-analytics.com/; media-src 'self' https://player.vimeo.com/ https://download-video.akamaized.net/ https://vod-progressive.akamaized.net/ https://errors.syslogistics.io/; form-action 'self' https://login.salesforce.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/ https://www.gstatic.com/ https://deliveryhero.com/ https://www.googletagmanager.com/ https://www.buzzsprout.com/ https://cdnjs.cloudflare.com/ https://errors.syslogistics.io/; style-src 'self' 'unsafe-inline'; img-src 'self' https://s.w.org/ https://ps.w.org/ https://secure.gravatar.com/ https://pubads.g.doubleclick.net/  data:; worker-src 'self' blob:; report-to csp-endpoint; 1
frame-ancestors 'self' mail.google.com chrome-extension://iffdacemhfpnchinokehhnppllonacfj/ chrome-extension://dkfhfaphfkopdgpbfkebjfcblcafcmpi/; 1
frame-ancestors 'self' *.bfh.ch *.pocketcampus.org 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'none'; block-all-mixed-content 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self'; connect-src 'self';media-src 'self'; frame-src www.effektenbank.de irpages2.equitystory.com www.tradegate.ag; base-uri 'self'; object-src 'self'; 1
frame-ancestors 'self' https://mgmt-prod-gcp.keurig.ca; 1
img-src * data:; default-src * 'self'  https://* 'unsafe-inline' 'unsafe-eval';  1
default-src 'self' www.google-analytics.com cdn.userway.org;script-src 'nonce-YXNkYXNkYWlvdTc5OGF5dWhzOWRoOTg3YXloczlkaDlhdXlzZDloYTkwaHNkOThhOThzdWQ5OGE5czhkaDlhaHM=' platform.botscrew.net 'self' cdn.userway.org www.youtube.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com;img-src 'self' www.googletagmanager.com prod-cd-cdn.azureedge.net www.gstatic.com *.cdninstagram.com cdn.userway.org data:; style-src 'self' 'unsafe-inline' www.gstatic.com cdn.userway.org; frame-src e.issuu.com player.restream.io platform.botscrew.net player.castr.com prod-cd-cdn.azureedge.net cdn.userway.org www.gstatic.com www.google.com www.youtube.com;media-src 'self' prod-cd-cdn.azureedge.net data:;connect-src graph.facebook.com www.google-analytics.com 'self' api.userway.org cdn.userway.org cdn77.api.userway.org; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.xpressbet.com *.xpressbetonline.com *.xb-online.com *.youtube.com *.kaltura.com *.paysafecard.com *.facebook.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.facebook.com *.typekit.net *.livehelpnow.net *.xbselect.com *.redditstatic.com *.twitter.com *.polyfill.io *.paypal.com *.optimove.net *.radar.com *.plaid.com *.braintreegateway.com wss:; img-src * data:; font-src *; style-src * 'unsafe-inline'; media-src * blob:; worker-src * blob 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.viu.ca/ advisories.web.viu.ca/ *.heatmap.it/ *.newrelic.com/ *.nr-data.net/ *.google.com/ www.googletagmanager.com/ *.google-analytics.com/ www.googleadservices.com/ www.gstatic.com/ googleads.g.doubleclick.net/ static.ads-twitter.com/ analytics.twitter.com/ platform.twitter.com/ cdn.syndication.twimg.com/ connect.facebook.net/ s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js www.eventbrite.ca/ cdn.lightwidget.com/ www.youtube.com/ www.opentable.com/ *.hotjar.com/ www.socialintents.com/ e.issuu.com/ public.tableau.com/ bbox.blackbaudhosting.com/ www.librarything.com/ live-viu-technology.pantheonsite.io/ cdn.jsdelivr.net/gh/bramstein/ www.pagespeed-mod.com/ *.sharethis.com/ unpkg.com/tippy.js@6 unpkg.com/@popperjs/core@2 cdn.rawgit.com/bramstein/ static.addtoany.com/  https://cdn.jsdelivr.net/gh/davidjbradshaw/iframe-resizer@4.2.10/js/iframeResizer.min.js https://www.instagram.com/embed.js; img-src * data: blob: 'unsafe-inline'; report-uri /report-csp-violation 1
upgrade-insecure-requests; frame-ancestors 'self' ; report-uri https://cspreports.realpage.com/api/reports/save/violation; 1
default-src 'self' 'unsafe-inline' data: https://*.googleapis.com https://www.youtube.com/ https://*.jsdelivr.net https://*.gravatar.com https://*.iubenda.com https://*.googletagmanager.com https://j.6sc.co https://*.hs-scripts.com https://*.hsforms.net https://*.hs-banner.com https://*.hs-analytics.net https://*.google-analytics.com https://*.gstatic.com https://b.6sc.co https://*.g.doubleclick.net https://*.google.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hubspot.com https://www.google.co.uk https://*.hsadspixel.net https://*.hscollectedforms.net https://*.hsforms.com https://api.hubapi.com https://www.googleadservices.com https://*.licdn.com https://*.linkedin.com https://p.adsymptotic.com https://i.ytimg.com https://secure.adnxs.com https://c.6sc.co https://ipv6.6sc.co https://*.youtube-nocookie.com https://*.usemessages.com https://*.zoominfo.com https://*.clickagy.com https://*.hsleadflows.net https://ipv6.6sc.co https://*.usemessages.com https://*.zoominfo.com https://*.youtube-nocookie.com https://*.rlcdn.com https://*.hotjar.com https://*.bluekai.com https://*.crwdcntrl.net wss://ws6.hotjar.com wss://ws45.hotjar.com https://*.linkedin.oribi.io https://*.hotjar.io/ https://*.vimeo.com https://pre.wp-api.depicter.com https://*.depicter.com https://*.pexels.com https://*.unsplash.com https://*.demandbase.com https://api.company-target.com https://*.company-target.com; object-src 'none'; frame-ancestors 'self'; 1
img-src * data:; 1
default-src 'self' cdn.livechatinc.com api.livechatinc.com cdnjs.cloudflare.com fonts.gstatic.com 'unsafe-eval' 'unsafe-inline' data:; script-src 'self' www.google-analytics.com ajax.googleapis.com www.google.com www.gstatic.com cdn.livechatinc.com api.livechatinc.com cdnjs.cloudflare.com seal.entrust.net cdn.jsdelivr.net maxcdn.bootstrapcdn.com ajax.aspnetcdn.com ssl.google-analytics.com 'unsafe-eval' 'unsafe-inline'; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: https:; style-src 'self' ajax.googleapis.com fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com ajax.aspnetcdn.com use.fontawesome.com 'unsafe-inline'; frame-src 'self' secure.livechatinc.com www.google.com www.gstatic.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' https://midockiosk.keefegp.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; img-src 'self' blob: data: * 1
default-src 'self' https://*.yieldify.com https://*.yieldify-production.com https://cdn.productreview.com.au/assets/widgets/loader.js https://api.productreview.com.au/ https://trupanionvideo.wistia.com/; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.yieldify.com *.optimizely.com https://fast.wistia.com/ https://gallery.sprinklr.com/  https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com t.contentsquare.net app.contentsquare.com https://view.ceros.com/ *.google-analytics.com accounts.google.com https://assets.pxlecdn.com https://www.youtube.com/iframe_api https://kit.fontawesome.com/2f70a2f846.js https://unpkg.com/ https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://dev-aflacpetinsurance.trupanion.com https://test-aflacpetinsurance.trupanion.com https://aflacpetinsurance.trupanion.com http://dev-aflacpetinsurance.trupanion.com http://test-aflacpetinsurance.trupanion.com http://aflacpetinsurance.trupanion.com http://www.datejs.com https://github.com https://static.zuora.com/Resources/libs/hosted/1.3.1/zuora-min.js https://sandbox.na.zuora.com/ https://sandbox.na.zuora.com/apps/PublicHostedPageLite.do https://na.zuora.com/apps/PublicHostedPageLite.do https://rest.sandbox.na.zuora.com *.zuora.com https://www.zuora.com https://www.googletagmanager.com https://www.google-analytics.com home-c28.incontact.com bat.bing.com googleads.g.doubleclick.net cdn.bc0a.com google.com cdn1.b0e8.com seal.digicert.com https://t.contentsquare.net https://getrockerbox.com https://rbj26p8v.trupanion.com *.adform.net d.impactradius-event.com www.googleadservices.com assets.pixlee.com td.yieldify.com custom.yieldify.com https://cdn.co-buying.com/embedding.min.js cdn.productreview.com.au https://api.productreview.com.au/ web-modules-de-na1.niceincontact.com https://trupanionvideo.wistia.com/ https://cmp.osano.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://gallery.sprinklr.com/  https://cdn.jsdelivr.net https://pro.fontawesome.com https://cdnjs.cloudflare.com https://dev-aflacpetinsurance.trupanion.com https://test-aflacpetinsurance.trupanion.com https://aflacpetinsurance.trupanion.com http://dev-aflacpetinsurance.trupanion.com http://test-aflacpetinsurance.trupanion.com http://aflacpetinsurance.trupanion.com web-modules-de-na1.niceincontact.com https://trupanionvideo.wistia.com/ 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.productreview.com.au *.niceincontact.com https://cdn.optimizely.com *.wistia.com/ *.sprinklr.com/  *.fbsbx.com/  *.cdninstagram.com/  https://*.yieldify.com https://*.yieldify-production.com bp.trupanion.com *.azureedge.net *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.contentsquare.net *.eloqua.com track.hubspot.com *.imgix.net https://dev-aflacpetinsurance.trupanion.com https://test-aflacpetinsurance.trupanion.com https://aflacpetinsurance.trupanion.com http://dev-aflacpetinsurance.trupanion.com http://test-aflacpetinsurance.trupanion.com http://aflacpetinsurance.trupanion.com bat.bing.com www.google.com www.google.co.in a1.b0e8.com seal.digicert.com https://rbj26p8v.trupanion.com c.az.contentsquare.net logs-01.loggly.com googleads.g.doubleclick.net www.googleadservices.com www.google.ie assets.pixlee.com www.googletagmanager.com ao-de-services.s3.us-west-2.amazonaws.com ao-de-platform-avatars.s3.us-west-2.amazonaws.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: bp.trupanion.com *.productreview.com.au https://gallery.sprinklr.com/  web-modules-de-na1.niceincontact.com https://*.yieldify-production.com fonts.yieldify-production.com/font https://cdn.jsdelivr.net https://ka-p.fontawesome.com https://pro.fontawesome.com/ https://cdnjs.cloudflare.com https://dev-aflacpetinsurance.trupanion.com https://test-aflacpetinsurance.trupanion.com https://aflacpetinsurance.trupanion.com http://dev-aflacpetinsurance.trupanion.com http://test-aflacpetinsurance.trupanion.com http://aflacpetinsurance.trupanion.com www.trupanion.com; object-src 'self' bp.trupanion.com; connect-src accounts.google.com https://tattle.api.osano.com/ https://consent.api.osano.com/ https://gallery.sprinklr.com/  server-side-tagging-xqgk2uszeq-uc.a.run.app *.niceincontact.com api.productreview.com.au https://*.yieldify.com *.yieldify-production.com https://yieldify.connectorengine.com fonts.googleapis.com https://logx.optimizely.com *.optimizely.com https://localhost:44355/ *.contentsquare.net *.mktoresp.com *.visualstudio.com *.wistia.com/ https://ka-p.fontawesome.com https://tru-dev-app-memberportal-api.azurewebsites.net https://dev-poweredbyapi-app.azurewebsites.net https://dev-chewympapi-app.azurewebsites.net https://dev-aflacmpapi-app.azurewebsites.net https://tst-chewympapi-app.azurewebsites.net https://tst-aflacmpapi-app.azurewebsites.net https://prd-chewympapi-app.azurewebsites.net https://prd-aflacmpapi-app.azurewebsites.net https://www-stg.chewy.net https://www-dev.chewy.net https://www.chewy.com https://unpkg.com/ https://auth-integration.chewy.com https://auth-stg.chewy.com/ https://auth.chewy.com https://devaflacpetinsurance.b2clogin.com https://testaflacpetinsurance.b2clogin.com https://aflacpetinsurance.b2clogin.com http://devaflacpetinsurance.b2clogin.com http://testaflacpetinsurance.b2clogin.com http://aflacpetinsurance.b2clogin.com https://sandbox.na.zuora.com https://rest.sandbox.na.zuora.com https://na.zuora.com api.zippopotam.us https://www.googletagmanager.com https://www.google-analytics.com maps.googleapis.com google.com ixfd2-api.bc0a.com bat.bing.com https://photos.pixlee.co/ https://assets.pixlee.com/assets/fp.js stats.g.doubleclick.net trupanion.avo2.net c.az.contentsquare.net region1.google-analytics.com td.yieldify.com v2.dc.yieldify.com edge.yieldify.com gateway.yieldify-production.com cdweb.trupanion.com *.zuora.com https://www.zuora.com https://cdn.co-buying.com bp.trupanion.com *.googlesyndication.com https://trupanionvideo.wistia.com/ channels-de-na1.niceincontact.com wss://chat-gateway-de-na1.niceincontact.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.azureedge.net https://trupanionvideo.wistia.com/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.optimizely.com https://view.ceros.com/ https://c1.adform.net/ bp.trupanion.com https://sandbox.na.zuora.com/ https://na.zuora.com/ *.zuora.com https://www.zuora.com https://unpkg.com/ https://dev-aflacpetinsurance.trupanion.com https://test-aflacpetinsurance.trupanion.com https://aflacpetinsurance.trupanion.com http://dev-aflacpetinsurance.trupanion.com http://test-aflacpetinsurance.trupanion.com http://aflacpetinsurance.trupanion.com https://widget.trustpilot.com https://apisandbox.zuora.com https://www.googletagmanager.com public.tableau.com analytics.clickdimensions.com fast.wistia.net trupanion.qualtrics.com blob: csxd.contentsquare.net trupanion.avo2.net photos.pixlee.co bp.breeder.trupanion.com https://cdn.co-buying.com home-c28.incontact.com https://cdweb.trupanion.com http://cdweb.trupanion.com https://*.yieldify.com td.doubleclick.net https://trupanionvideo.wistia.com/ web-modules-de-na1.niceincontact.com 1
frame-ancestors 'self' https://*.reitmans.com https://*.additionelle.com https://*.rw-co.com https://*.thymematernity.com https://*.penningtons.com http://*.reitmans.com http://*.additionelle.com http://*.rw-co.com http://*.thymematernity.com http://*.penningtons.com https://*.screenmeet.com wss://*.screenmeet.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://foodsharing.de  https://localhost https://nginx https://sentry.io https://photon.komoot.io https://maps.geoapify.com https://maps01.geoapify.com https://maps02.geoapify.com https://maps03.geoapify.com https://tile.openstreetmap.org https://search.mapzen.com https://gitpod.io blob: ws:; img-src 'self' data: https: blob:; media-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self'; frame-ancestors 'none'; worker-src 'self' blob:; child-src 'self' blob:; manifest-src 'self'; 1
default-src 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com *.doubleclick.net api.mapbox.com consentcdn.cookiebot.com consent.cookiebot.com 'self';  object-src 'none'; worker-src blob: ; child-src www.google.com consentcdn.cookiebot.com assist.zoho.eu blob: 'self' ; img-src imgsct.cookiebot.com data: blob: 'self' www.google.ch www.google.com www.google-analytics.com; connect-src 'self' *.tiles.mapbox.com consentcdn.cookiebot.com api.mapbox.com events.mapbox.com www.google-analytics.com stats.g.doubleclick.net region1.analytics.google.com; frame-ancestors 'self' 1
default-src 'none'; base-uri 'self'; frame-ancestors 'self' https://*.barclays.co.uk https://*.uk.barclays; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.crownpeak.com collect.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com barclaysinternational.sc.omtrdc.net bat.bing.com beacon.krxd.net cdn.decibelinsight.net app.decibelinsight.com collection.decibelinsight.net cdn.krxd.net consumer.krxd.net data.rci.eggplant.cloud googleads.g.doubleclick.net img.en25.com metrics.responsetap.com static-ssl.responsetap.com www.google.com www.googleadservices.com www.gstatic.com www.google-analytics.com www.media.barclays.co.uk edigitalsurvey.com barclaysbankplc.demdex.net siteintercept.qualtrics.com *.siteintercept.qualtrics.com; style-src  'self' 'unsafe-inline' www.media.barclays.co.uk fonts.googleapis.com; object-src 'self'; worker-src 'self'; child-src 4482330.fls.doubleclick.net assets.adobedtm.com barclaysbankplc.demdex.net cdn.krxd.net edigitalsurvey.com www.google.com www.media.barclays.co.uk bid.g.doubleclick.net siteintercept.qualtrics.com *.siteintercept.qualtrics.com; frame-src 'self' 4482330.fls.doubleclick.net assets.adobedtm.com barclaysbankplc.demdex.net cdn.krxd.net edigitalsurvey.com www.google.com www.media.barclays.co.uk bid.g.doubleclick.net siteintercept.qualtrics.com *.siteintercept.qualtrics.com; img-src 'self' data: www.barclaycard.co.uk api.company-target.com dynamicmedia.livenationinternational.com d3ne5nhbe3knix.cloudfront.net collect.tealiumiq.com cdnjs.cloudflare.com loadm.exelator.com twitter.com cimage.adobe.com aax-eu.amazon-adsystem.com ad.doubleclick.net adservice.google.com analytics.twitter.com apiservices.krxd.net bat.bing.com beacon.krxd.net beacon.rci.eggplant.cloud bppmdmxgsg.execute-api.eu-west-1.amazonaws.com cm.everesttech.net cm.g.doubleclick.net dc.ads.linkedin.com dpm.demdex.net googleads.g.doubleclick.net www.google-analytics.com insight.adsrvr.org load77.exelator.com loadus.exelator.com pippio.com pixelg.adswizz.com px.ads.linkedin.com smetrics.barclays.co.uk sp.analytics.yahoo.com t.co t.teads.tv www.facebook.com www.google.co.uk www.google.com www.google.es www.google.it adservice.google.co.uk adservice.google.de www.googleadservices.com adservice.google.co.za edigitalsurvey.com www.google.com.jm www.google.gr www.google.fr www.google.com.au www.google.im www.google.ie www.google.co.th www.google.pt www.google.co.in www.google.je www.google.co.za www.google.hr www.google.com.tr www.google.com.sa www.google.pl www.google.com.gi www.google.co.jp www.google.com.hk www.google.de www.google.co.kr www.google.com.ng www.google.com.cy www.google.nl www.google.se www.google.ca adservice.google.es www.google.co.ke www.google.vg www.google.fi www.google.cz www.google.gg adservice.google.hr www.google.co.cr www.google.co.nz www.google.ro www.google.com.mm www.google.ae www.google.be www.google.com.my www.google.so www.google.at www.google.ee www.google.bg www.google.cl www.google.com.sg adservice.google.ae www.google.lv www.google.mu www.google.ch www.google.com.ph www.google.com.tw www.gstatic.com www.google.com.mx www.google.bs www.google.com.vn www.google.com.sl www.google.no www.google.com.bh www.google.co.ao www.google.com.qa adservice.google.mk adservice.google.bg adservice.google.co.in www.google.iq adservice.google.gr www.google.com.kh www.google.mk adservice.google.com.om www.google.co.id www.google.com.ua www.google.is www.google.com.af adservice.google.com.tw  www.google.ru www.google.ms www.google.dk www.google.sk www.google.hu www.google.co.zw www.google.com.co www.google.com.eg www.google.gy www.google.rs www.google.co.il www.google.com.gh www.google.al www.google.tn www.google.com.om www.google.si www.google.md www.google.sn www.google.co.ug www.google.com.ag usermatch.krxd.net ssl.gstatic.com www.google.lt barclaysinternationalbarcardbusinessprod.112.2o7.net www.linkedin.com www.media.barclays.co.uk cx.atdmt.com jslog.krxd.net barclaysbankplc.demdex.net siteintercept.qualtrics.com *.siteintercept.qualtrics.com; connect-src 'self' collect.tealiumiq.com *.crownpeak.com *.akamaihd.net *.akstat.io *.api.decibelinsight.net smetrics.barclays.co.uk barclaysbankplc.tt.omtrdc.net barclaysinternational.sc.omtrdc.net bat.bing.com beacon.krxd.net collection.decibelinsight.net cdn.decibelinsight.net dpm.demdex.net jslog.krxd.net *.tt.omtrdc.net p11.techlab-cdn.com wss://collection.decibelinsight.net www.media.barclays.co.uk research.barclays.co.uk *.infinity-tracking.com ict.infinity-tracking.net siteintercept.qualtrics.com *.siteintercept.qualtrics.com; font-src 'self' fonts.gstatic.com edigitalsurvey.com www.media.barclays.co.uk; manifest-src 'self'; media-src 'self' www.media.barclays.co.uk jslog.krxd.net p.adsymptotic.com cx.atdmt.com; prefetch-src 'self'; 1
frame-ancestors https://*.ncqa.org; 1
frame-ancestors 'self' gvtc.com *.gvtc.com *.zagclients.net 1
frame-ancestors 'self' https://assets.apilayer.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.adobedtm.com *.quantummetric.com https://www.google.com/recaptcha *; object-src 'none' ; connect-src *; font-src *; frame-ancestors https://www.youtube.com/; style-src 'self' 'unsafe-inline' https://*.typekit.net https://sslwidgetmaster.investorroom.com/css *; img-src * 'self' data: blob:; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;worker-src blob:; frame-src https://www.youtube.com/embed/ https://www.google.com/recaptcha *; child-src blob:; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://* *.scalink.com.br *.youtube.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.retargetly.com *.googletagmanager.com *.g.doubleclick.net *.scalink.com.br *.youtube.com; connect-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://* *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.retargetly.com *.privally.global *.facebook.net *.ads-twitter.com *.g.doubleclick.net *.scalink.com.br *.youtube.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://* *.scalink.com.br *.youtube.com; object-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://* *.scalink.com.br *.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' data: https://* *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.retargetly.com *.privally.global *.facebook.net *.ads-twitter.com *.g.doubleclick.net; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' data: https://* *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.retargetly.com *.privally.global *.facebook.net *.ads-twitter.com *.g.doubleclick.net *.scalink.com.br *.youtube.com; base-uri *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.retargetly.com *.privally.global *.facebook.net *.ads-twitter.com *.g.doubleclick.net *.scalink.com.br *.youtube.com; worker-src blob: 'self'; 1
default-src 'self' assets-eu.cdn.systems cdnstatic.thstatic.com *.hlisgames.com *.firebaseio.com https://run.evoplay.games rgw.c00.gcsd.io *.chipy.com *.youtube.com *.datamother.com https://www.google.com https://yard.gcsd.io *.mascot.games *.endorphina.fun; frame-src 'self' https://www.google.com https://vimeo.com https://www.youtube.com https://player.vimeo.com https://www.dailymotion.com https://geo.dailymotion.com https://yard.gcsd.io https://www.hlisgames.com https://run.evoplay.games https://game.chipy.com https://cdnstatic.thstatic.com https://*.mascot.games https://*.perfecttlos.com https://*.mancala66.com https://static.cdngri.com https://*.endorphina.fun https://cdnclient.toogri.com; script-src 'self' data: https://*.getsitecontrol.com https://*.getsitectrl.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://maps.googleapis.com https://code.jquery.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://region1.google-analytics.com https://*.getsitecontrol.com https://*.getsitectrl.com *.firebaseio.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://vimeo.com https://events.getsitectrl.com wss: datamother.com https://maps.googleapis.com; img-src 'self' https://region1.google-analytics.com https://dev.chipy.com https://admin.chipy.com https://chipy.com https://*.getsitecontrol.com https://*.getsitectrl.com https://www.google-analytics.com  https://www.googletagmanager.com https://i.ytimg.com https://i.vimeocdn.com https://videoapi-muybridge.vimeocdn.com data: https://maps.gstatic.com https://mapsresources-pa.googleapis.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; base-uri 'self'; form-action 'self'; upgrade-insecure-requests 1
script-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; worker-src blob: 'self' *.ing.com.tr; object-src 'self'; 1
frame-ancestors http://*.almamedia.net https://*.almamedia.net https://app.powerbi.com 1
child-src https: ; img-src * 'self' data: https:; default-src 'self' https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval' ; object-src 'self' https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' https://*.embibe.com https://jiomeetpro.jio.com https://*.embibe.co.in 1
default-src 'self'; frame-src 'self' www.facebook.com web.facebook.com www.youtube.com livechat.fpt.ai; font-src * data:;img-src * data:; script-src 'unsafe-eval' 'unsafe-inline' *; style-src 'unsafe-inline' *; connect-src * 1
script-src 'self' 'unsafe-inline' *.wlresources.com https://www.google-analytics.com https://www.youtube.com/iframe_api https://s.ytimg.com ; connect-src 'self' *.wlresources.com https://www.google-analytics.com; report-uri /err0r/js?ts=1721955704; frame-ancestors 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://ajax.googleapis.com https://optimize.google.com https://www.youtube.com https://s.ytimg.com https://siteimproveanalytics.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://www.gstatic.com https://use.fontawesome.com https://kit.fontawesome.com https://*.typekit.net https://fast.fonts.net https://cdn.yoshki.com; img-src 'self' data: https://www.googletagmanager.com https://fonts.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://optimize.google.com https://www.google.com https://img.youtube.com https://i.ytimg.com https://cdn.cookielaw.org https://*.siteimproveanalytics.io https://*.analytics.google.com https://cdn.yoshki.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://www.youtube.com https://*.typekit.net https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://fast.fonts.net https://cdn.yoshki.com https://*.fontawesome.com; font-src 'self' data: https://fonts.gstatic.com https://*.typekit.net https://cdnjs.cloudflare.com https://*.fontawesome.com https://fast.fonts.net; frame-src 'self' https://www.youtube.com https://optimize.google.com https://www.google.com https://kirkland.widen.net https://embed.widencdn.net https://*.vimeo.com https://cdn.yoshki.com; frame-ancestors 'self' https://events1.social27.com; child-src 'self' blob: https://www.youtube.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cookielaw.org https://geolocation.onetrust.com https://*.analytics.google.com https://*.fontawesome.com; upgrade-insecure-requests; block-all-mixed-content; 1
upgrade-insecure-requests; script-src 'self' 'nonce-XTb9jnsH8nn3vNKbKY8qZo2W5bFB1ONg' 'unsafe-inline' https://prismic.io https://static.cdn.prismic.io https://*.google.com https://assets.adobedtm.com https://*.hs-scripts.com https://*.googleapis.com https://*.split.io https://*.snapfinance.com https://*.hsforms.net https://*.adsrvr.org https://*.gstatic.com https://*.googletagmanager.com https://js.hs-analytics.net https://js.hsadspixel.net/ https://js.usemessages.com/ https://js.hs-banner.com/ https://*.google-analytics.com https://cdnjs.cloudflare.com https://*.hsforms.com https://connect.facebook.net https://*.online-metrix.net/ https://*.xtlo.net/ https://api.cloudsponge.com https://boards.greenhouse.io/ https://deuan56b7nga3.cloudfront.net/ https://*.bing.com/ https://snap.licdn.com/ https://dev.visualwebsiteoptimizer.com https://*.adroll.com https://*.adroll.mgr.consensu.org https://*.inmarkethub.com https://*.stackadapt.com https://*.bizfocused.com https://*.demandbase.com https://*.heapanalytics.com https://*.github.io https://pixel.advertising.com https://*.outbrain.com https://*.taboola.com https://*.pubmatic.com https://*.adnxs.com https://*.casalemedia.com https://*.rubiconproject.com https://*.3lift.com https://ads.yahoo.com https://*.openx.net https://tag.clearbitscripts.com https://x.clearbitjs.com https://x.bidswitch.net https://up.pixel.ad https://www.youtube.com https://html2canvas.hertzen.com https://pippio.com https://analytics.tiktok.com https://*.googleanalytics.com https://*.googleoptimize.com https://optimize.google.com https://*.hotjar.com https://*.api.useinsider.com https://*.doubleclick.net https://*.googleusercontent.com https://www.googleadservices.com https://*.kameleoon.eu https://*.kameleoon.com https://*.kameleoon.io https://*.niceincontact.com https://*.inmoment.com https://track.my-dv.com https://*.6sc.co; style-src 'self' 'unsafe-inline' https://api.tiles.mapbox.com stackpath.bootstrapcdn.com https://*.google.com https://*.snapfinance.com https://maxcdn.bootstrapcdn.com https://*.googleapis.com https://cdnjs.cloudflare.com https://*.fontawesome.com https://*.xtlo.net/ https://deuan56b7nga3.cloudfront.net/ https://*.stackadapt.com https://optimize.google.com https://*.hotjar.com https://*.kameleoon.eu https://*.kameleoon.com https://*.niceincontact.com; font-src data: 'self' stackpath.bootstrapcdn.com https://*.xtlo.net https://*.snapfinance.com https://*.fontawesome.com https://*.gstatic.com https://maxcdn.bootstrapcdn.com https://deuan56b7nga3.cloudfront.net/ https://*.hotjar.com https://*.niceincontact.com; img-src 'self' data: https://*.casalemedia.com https://*.rubiconproject.com https://*.outbrain.com https://*.taboola.com https://*.pubmatic.com https://*.3lift.com https://*.adnxs.com https://*.openx.net https://www.entitytag.co.uk https://*.prismic.io https://*.xtlo.net https://*.googletagmanager.com https://*.googleapis.com https://*.google.com https://snapcmsimages.s3-us-west-2.amazonaws.com https://*.doubleclick.net https://*.online-metrix.net/ https://*.snapfinance.com https://snapcmsimages.s3.amazonaws.com https://s3-us-west-2.amazonaws.com/snapcmsimages/ https://fc-use1-00-pics-bkt-00.s3.amazonaws.com https://snapmerchantimages.s3.amazonaws.com https://*.google-analytics.com https://*.hubspot.com/ https://www.facebook.com https://connect.facebook.net https://px.ads.linkedin.com https://*.gstatic.com https://d2k2lq7arf6zn3.cloudfront.net/ https://*.adsymptotic.com/ https://*.bing.com/ https://*.hs-scripts.com https://dev.visualwebsiteoptimizer.com https://*.bidr.io https://heapanalytics.com/ https://*.adroll.com https://*.inmarkethub.com https://*.stackadapt.com https://*.bizfocused.com https://snapfinance-devqa-pan.s3.us-west-2.amazonaws.com https://snapfinance-devqa-pan.s3.amazonaws.com https://*.rlcdn.com https://segments.company-target.com https://x.bidswitch.net https://lciapi.ninthdecimal.com https://tapestry.tapad.com https://*.sitescout.com https://pixel.logtrackback.com https://i.ytimg.com http://up.pixel.ad https://*.yelpcdn.com https://*.analytics.google.com https://*.g.doubleclick.net https://optimize.google.com https://*.hotjar.com https://*.kameleoon.eu https://*.kameleoon.com https://*.niceincontact.com https://lb-common.s3.ap-south-1.amazonaws.com/lb-logo.png https://*.6sc.co; frame-ancestors 'self' https://app.hubspot.com/; worker-src blob: https://*.snapfinance.com; 1
base-uri 'self';connect-src 'self' *.clarity.ms *.bing.com *.facebook.com *.mktoresp.com *.ubembed.com *.google.com *.pinterest.com *.wistia.com *.litix.io *.crazyegg.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.onetrust.com;default-src 'self';font-src 'self' data: *.typekit.net;frame-ancestors 'self';frame-src 'self' *.ubembed.com *.doubleclick.net *.vimeo.com *.facebook.com *.youtube.com *.pinterest.com *.explorelearning.com;img-src 'self' data: *.bing.com *.twitter.com *.explorelearning.com *.pinterest.com *.wistia.com *.vimeocdn.com *.ytimg.com *.linkedin.com https://t.co *.facebook.com *.google-analytics.com *.google.com *.googletagmanager.com *.clarity.ms;media-src 'self' *.explorelearning.com blob:;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.bing.com *.google.com *.ubembed.com *.facebook.net *.wistia.com *.doubleclick.net *.marketo.net *.pinimg.com *.crazyegg.com *.licdn.com *.google-analytics.com *.googletagmanager.com *.explorelearning.com *.vimeo.com;style-src 'self' 'unsafe-inline' *.typekit.net *.explorelearning.com;worker-src blob:; 1
default-src 'none'; script-src-elem 'self' 'unsafe-inline' https://cdnjs.cloudflare.com www.googletagmanager.com https://tagmanager.google.com https://analytics.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://snap.licdn.com https://dtzpfzv31buvf.cloudfront.net info.armor.com https://static.ads-twitter.com connect.facebook.net www.gstatic.com bat.bing.com cdn.bizible.com https://*.clarity.ms https://analytics.twitter.com https://*.hs-scripts.com https://tag.demandbase.com https://lptag.liveperson.net https://va.v.liveperson.net https://va.idp.liveperson.net https://va.msg.liveperson.net https://*.liveperson.net https://lpcdn.lpsnmedia.net https://accdn.lpsnmedia.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-analytics.net https://*.hotjar.com https://pi.pardot.com go.armor.com https://snap.licdn.com https://*.linkedin.com; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com www.googletagmanager.com https://tagmanager.google.com https://analytics.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://snap.licdn.com https://dtzpfzv31buvf.cloudfront.net info.armor.com https://static.ads-twitter.com connect.facebook.net www.gstatic.com bat.bing.com cdn.bizible.com https://*.clarity.ms https://analytics.twitter.com https://*.hs-scripts.com https://tag.demandbase.com https://lptag.liveperson.net https://va.v.liveperson.net https://va.idp.liveperson.net https://va.msg.liveperson.net https://*.liveperson.net https://lpcdn.lpsnmedia.net https://accdn.lpsnmedia.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-analytics.net https://*.hotjar.com https://pi.pardot.com go.armor.com https://snap.licdn.com https://*.linkedin.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://ssl.gstatic.com https://dyjgaef5vuq51.cloudfront.net http://info.armor.com info.armor.com https://*.hotjar.com https://snap.licdn.com https://*.linkedin.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://ssl.gstatic.com https://dyjgaef5vuq51.cloudfront.net http://info.armor.com info.armor.com https://*.hotjar.com https://snap.licdn.com https://*.linkedin.com; frame-src 'self' https://www.google.com https://bid.g.doubleclick.net https://www.facebook.com http://info.armor.com info.armor.com https://lpcdn.lpsnmedia.net http://lpcdn.lpsnmedia.net lpcdn.lpsnmedia.net https://va.idp.liveperson.net http://va.idp.liveperson.net https://va-e.c.liveperson.net/; img-src 'self' data: https://www.googletagmanager.com https://analytics.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com https://www.gstatic.com https://px.ads.linkedin.com https://www.linkedin.com https://p.adsymptotic.com https://cdn.bizible.com t.co https://bat.bing.com https://www.facebook.com https://*.clarity.ms https://analytics.twitter.com https://*.bing.com https://connect.facebook.net https://*.ads.linkedin.com https://lpcdn.lpsnmedia.net https://match.prod.bidr.io/cookie-sync/demandbase https://id.rlcdn.com https://segments.company-target.com https://forms.hsforms.com https://privacy-policy.truste.com https://cdn.bizibly.com https://*.hotjar.com https://snap.licdn.com https://*.linkedin.com; media-src 'self' https://lpcdn.lpsnmedia.net https://armor.video https://res.armor.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://snap.licdn.com https://*.linkedin.com; connect-src 'self' https://analytics.google.com https://www.google-analytics.com https://freegeoip.app https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://*.clarity.ms https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://snap.licdn.com https://*.linkedin.com https://bat.bing.com https://va.msg.liveperson.net wss://va.msg.liveperson.net https://api.company-target.com https://forms.hubspot.com https://cdn.linkedin.oribi.io; base-uri 'self'; form-action 'self' https://webto.salesforce.com https://www.facebook.com; frame-ancestors 'self' 1
default-src 'self' clientstream.launchdarkly.com chat-au.libanswers.com api3-au.libcal.com lgapi-au.libapps.com noembed.com cdn.plyr.io lpcdn.lpsnmedia.net iframely.shorthand.com bond.edu.au; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.libcal.com lgapi-au.libapps.com chat-au.libanswers.com lm.serving-sys.com cdn.plyr.io noembed.com stats.g.doubleclick.net adservice.google.com analytics.tiktok.com bond.university cdn.linkedin.oribi.io secure-ds.serving-sys.com www.facebook.com www.google.com tr.snapchat.com bond.edu.au gtm-m6dphq3-zjy3m.uc.r.appspot.com www.capi.bond.edu.au service.ap1.liveassistfor365.com wss://service.ap1.liveassistfor365.com wss://sy.msg.liveperson.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.redditstatic.com *.taboola.com px.ads.linkedin.com api.intentiq.com analytics.google.com munchkin.marketo.net munchkin-cdn.marketo.net 186-xng-575.mktoresp.com *.braintree-api.com *.braintreegateway.com www.gstatic.com blob:; font-src 'self' fonts.gstatic.com data: fonts.googleapis.com use.typekit.net p.typekit.net service.ap1.liveassistfor365.com https://*.hotjar.com; frame-src 'self' www.googletagmanager.com bond.libanswers.com youtube.com www.youtube.com use.mazemap.com player.vimeo.com www.google.com app-sn04.marketo.com e.issuu.com bond.stackmap.com unibuddy.co lpcdn.lpsnmedia.net eap.ascentone.com *.fls.doubleclick.net googleads.g.doubleclick.net tpc.googlesyndication.com www.facebook.com insight.adsrvr.org td.doubleclick.net tr.snapchat.com match.adsrvr.org secure-ds.serving-sys.com ds.serving-sys.com lm.serving-sys.com bs.serving-sys.com server.sy.liveperson.net sy.idp.liveperson.net sy.msg.liveperson.net *.braintreegateway.com iframely.shorthand.com; img-src 'self' ssl.gstatic.com www.gstatic.com fonts.gstatic.com *.google-analytics.com *.googletagmanager.com *.siteimproveanalytics.io libapps.s3.amazonaws.com data: picsum.photos i.picsum.photos i.ytimg.com *.google.com googleads.g.doubleclick.net px.ads.linkedin.com p.adsymptotic.com www.facebook.com dc.ads.linkedin.com insight.adsrvr.org secure.adnxs.com analytics.tiktok.com analytics.twitter.com pixel.roymorgan.com static.bond.edu.au t.co www.linkedin.com www.google.cl www.google.co.cr www.google.co.in www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.th www.google.com.ar www.google.com.co www.google.com.gh www.google.com.my www.google.com.ng www.google.com.ph www.google.com.sb www.google.la www.google.no www.google.nr www.google.tl *.google.com.au www.google.ae *.global.siteimproveanalytics.io ib.adnxs.com www.google.ca www.google.co.bw www.google.co.tz www.google.co.uk www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.cu www.google.com.eg www.google.com.et www.google.com.fj www.google.com.hk www.google.com.lb www.google.com.ly www.google.com.pe www.google.com.pk www.google.com.sg www.google.com.tw www.google.de www.google.es www.google.fr www.google.gr www.google.ie www.google.lk www.google.nl www.google.ps www.google.se *.ads.linkedin.com www.google.bt www.google.co.ke www.google.co.ma www.google.com.af www.google.com.bd www.google.com.ec www.google.com.na www.google.com.pg www.google.com.qa www.google.com.tr www.google.jo www.google.pl www.google.to *.mookie1.com lpcdn.lpsnmedia.net secure-ds.serving-sys.com ds.serving-sys.com *.hotjar.com sync.intentiq.com alb.reddit.com tr.snapchat.com *.taboola.com iframely.shorthand.com; object-src 'none'; script-src 'self' 'wasm-unsafe-eval' siteimproveanalytics.com region-au.libanswers.com sy.v.liveperson.net lptag.liveperson.net lpcdn.lpsnmedia.net accdn.lpsnmedia.net e.issuu.com bond.libanswers.com 'sha256-NLMwpGTm+o0htz/YoD7o9Imc5ipST98gIalWtsQlm08=' 'sha256-/psy9wVB+ufelM86s/I0orYEk8ErruvV8ZqsTbN48BY=' player.vimeo.api player.vimeo.com www.youtube.com www.google.com www.gstatic.com app-sn04.marketo.com tagmanager.google.com *.googletagmanager.com www.google-analytics.com ssl.google-analytics.com 'sha256-bUAiv6MQ42WYRwUuR4M7/PnOd76UAtLA5217HeojERQ=' 'sha256-rN2Z0TylnRQ+5LuO2TTEPDzwF3/eMC8qdO4scNVESN0=' 'sha256-VdTQZOOA6p1QIhBQM+axlBd0ikS+W/fho1WFPEVTcdA=' secure-ds.serving-sys.com platform.twitter.com static.ads-twitter.com snap.licdn.com connect.facebook.net bs.serving-sys.com acdn.adnxs.com ajax.cloudflare.com *.doubleclick.net js.adsrvr.org sc-static.net analytics.tiktok.com secure.adnxs.com www.googleadservices.com *.google.com tpc.googlesyndication.com *.mookie1.com ds.serving-sys.com lm.serving-sys.com gtm-m6dphq3-zjy3m.uc.r.appspot.com www.capi.bond.edu.au service.ap1.liveassistfor365.com *.hotjar.com munchkin.marketo.net *.redditstatic.com *.taboola.com *.linkedin.com tr.snapchat.com *.byspotify.com cafex.com liveassistcloud.com liveassistfor365.com munchkin-cdn.marketo.net 'sha256-nwzZ6ogR/+gkhkg1iPj73cx6AaZwufpAMqVvm8TaxFk=' iframely.shorthand.com analytics.shorthand.com bond.edu.au https://api.mazemap.com https://www.google.com 'nonce-f5lc_PkO0MopwPAT35OyRytq0dGsrgYR'; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com bond.libanswers.com data: fonts.gstatic.com use.typekit.net p.typekit.net app-sn04.marketo.com service.ap1.liveassistfor365.com *.hotjar.com www.googletagmanager.com; worker-src 'self' blob:; frame-ancestors 'self' 1
base-uri 'none'; default-src 'self' https://uberspace.de https://dashboard.uberspace.de https://*.uberspace.is https://analytics.uberspace.de; frame-ancestors 'none'; 1
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report 1
frame-ancestors 'self' http://www.philips.nl *.philips.com *.philips.nl https://philipsigtdpv.com 1
default-src 'self' *.harkins.com *.youtube.com; connect-src 'self' *.harkins.com cdn.cookielaw.org https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net *.icanhazip.com *.ipify.org *.ifconfig.co vimeo.com *.vimeo.com geolocation.onetrust.com *.dayforcehcm.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com cdn.cookielaw.org *.youtube.com *.facebook.net *.googleadservices.com movienewsletters.net *.google.com *.gstatic.com; child-src harkins.com player.vimeo.com *.youtube.com *.google.com *.imgix.net; style-src 'self' 'unsafe-inline' *.harkins.com https://*.googletagmanager.com https://*.tagmanager.google.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' data: *.harkins.com *.imgix.net https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net *.ytimg.com *.harkinsmedia.harkins.com *.devcms.harkins.com *.harkinspopcorn.com cdn.cookielaw.org https://ssl.gstatic.com https://*.gstatic.com; 1
frame-ancestors 'self' https://simplehai.axisdirect.in; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com http://cdnt.netcoresmartech.com https://ds-aksb-a.akamaihd.net https://googleads.g.doubleclick.net https://osjs.netcoresmartech.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn-jp.gsecondscreen.com https://connect.facebook.net https://ds-aksb-a.akamaihd.net https://fonts.googleapis.com https://gateway.zscalertwo.net https://ae.gsecondscreen.com https://dev0-web.netcore.co.in https://cdnjs.cloudflare.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdn.canvasjs.com https://trading.axisdirect.in https://wdc.netcoresmartech.com https://tw.netcore.co.in https://chatb.axisdirect.in https://www.youtube.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://ads.google.com https://s.go-mpulse.net; 1
default-src 'self'; style-src https: 'unsafe-inline'; style-src-elem https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: data: wss: blob:; font-src https: data:; frame-src https:; img-src https: data: 'self'; worker-src blob: https:; media-src blob: https:; frame-ancestors 'self' https://www.sephora.ae/ https://perfumeriafirst.com/ https://stg.elpalaciodehierro.com/ https://www.elpalaciodehierro.com/ 1
default-src https:;connect-src https:;font-src https: data:;frame-src https:;frame-ancestors https:;img-src https: data:;media-src https:;object-src https:;script-src 'unsafe-inline' 'unsafe-eval' https:;style-src 'unsafe-inline' https:; 1
default-src 'self' blob: data: mailto: tel: 'unsafe-inline' 'unsafe-eval' *.onetrust.com *.cookielaw.org *.adobedtm.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.ca *.googleapis.com *.brightcove.com *.brightcove.net *.brightcovecdn.com *.boltdns.net *.demdex.net *.hotjar.com *.twitter.com *.licdn.com *.facebook.net *.zencdn.net *.twitter.com *.go-mpulse.net *.ads-twitter.com *.gstatic.com *.linkedin.com *.hotjor.io *.akstat.io *.customgpt.ai *.botframework.com *.powerplatform.com *.akamaihd.net *.panter.biz *.advancedbionics.com *.salesforce.com *.bing.com *.fonts.net *.doubleclick.net *.salesforceliveagent.com *.salesforce-sites.com *.callrail.com *.microsoft.com *.logwork.com wss://*.botframework.com https://logwork.com https://emersya.com https://*.hotjar.io wss://*.hotjar.com https://zingtree.com https://tridimens.ch https://www.google.com https://www.googleadservices.com https://www.phonak.com.seg https://sonova.tt.omtrdc.net *.force.com https://sonova--qas.sandbox.my.site.com https://www.youtube.com https://www.youtube-nocookie.com https://advancedbionics.formstack.com https://static.formstack.com https://js.stripe.com; img-src 'self' data: *.phonak.com *.advancedbionics.com *.cookielaw.org *.day.com *.everesttech.net https://t.co https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net *.twitter.com *.googletagmanager.com *.gstatic.com *.brightcove.com *.customgpt.ai *.googleapis.com *.google-analytics.com *.boltdns.net *.demdex.net *.linkedin.com *.facebook.com *.facebook.net *.bing.com https://sonovahansatonproduction.112.2o7.net *.emersya.com i.ytimg.com; 1
frame-ancestors 'self' https://plataforma.bancofalabella.cl 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.tnx.it *.tnx.it ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com/gtag/js googleads.g.doubleclick.net www.googletagmanager.com/debug/ maps.googleapis.com/; frame-src 'self' maps.googleapis.com/; 1
frame-ancestors *.justlanded.com *.justlanded.es *.justlanded.co.uk *.justlanded.de *.justlanded.fr *.justlanded.it *.justlanded.jp *.justlanded.at *.justlanded.mx *.justlanded.gr *.justlanded.ru *.justlanded.se *.justlanded.cn *.justlanded.ch *.justlanded.be *.justlanded.co.in *.justlanded.co.nz tpc.googlesyndication.com; form-action shop.justlanded.com *.justlanded.com *.justlanded.es *.justlanded.co.uk *.justlanded.de *.justlanded.fr *.justlanded.it *.justlanded.jp *.justlanded.at *.justlanded.mx *.justlanded.gr *.justlanded.ru *.justlanded.se *.justlanded.cn *.justlanded.ch *.justlanded.be *.justlanded.co.in *.justlanded.co.nz tpc.googlesyndication.com; object-src 'none'; base-uri 'self'; 1
default-src data: 'unsafe-inline' 'unsafe-eval' 'self' www.ateasesystems.net *.ateasesystems.net blob: s3.amazonaws.com cdn.kendostatic.com *.google.com *.google-analytics.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.pingdom.net wss://*.intercom.io *.intercom.io *.googleapis.com *.gstatic.com *.intercomcdn.com static.ateasesystems.net fg-mail-content.s3.amazonaws.com cdn.polyfill.io *.getbee.io *.jquery.com *.smartlook.cloud *.smartlook.com *.cloudflare.com *.vimeo.com *.facebook.net *.youtube.com *.youtube.net *.facebook.com kendo.cdn.telerik.com netdna.bootstrapcdn.com getbootstrap.com netdna.bootstrapcdn.com blueimp.github.io jqueryui.com *.joomag.com *.livechatinc.com *.livechat-static.com *.livechat-files.com *.zdassets.com *.zendesk.com *.my.sentry.io wss://*.zendesk.com *.pendo.io; img-src data: 'self' www.ateasesystems.net *.ateasesystems.net blob: *; frame-src *.promopulse.io *.facebook.com *.youtube.com *.youtu.be *.vimeo.com *.getbee.io *.hotjar.com *.facilisgroup.com *.facilisu.com facilisgroup.com intercom-sheets.com *.intercomcdn.com *.pendo.io; 1
default-src 'self' data: blob: *.armstrong.com *.armstrongceilings.com armstrongceilings.my.salesforce-sites.com d2qrdklrsxowl2.cloudfront.net fonts.gstatic.com  www.google-analytics.com *.akamaihd.net brightcove.hs.llnwd.net *.brightcove.com *.media.brightcove.com manifest.prod.boltdns.net fast.fonts.net ;style-src 'self' 'unsafe-inline' fast.fonts.net d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com fonts.googleapis.com display.ugc.bazaarvoice.com s7d9.scene7.com player.interactivity.brightcove.com;form-action 'self' *.armstrong.com *.armstrongceilings.com armstrongceilings.tfaforms.net *.salesforceliveagent.com *.la3-c2-ia4.salesforceliveagent.com www.facebook.com api.bazaarvoice.com;frame-ancestors 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.armstrong.com *.armstrongceilings.com cdn-cookieyes.com *.bazaarvoice.com js.hsforms.net *.outbrain.com *.salesforceliveagent.com *.ugc.bazaarvoice.com assets.adobedtm.com connect.facebook.net d2qrdklrsxowl2.cloudfront.net googleads.g.doubleclick.net lib-us-3.brilliantcollector.com players.brightcove.net siteintercept.qualtrics.com snap.licdn.com vjs.zencdn.net *.google-analytics.com www.googleadservices.com www.googletagmanager.com znbmda84ti8npbglj-armstrong.siteintercept.qualtrics.com *.googleapis.com html5.dcatalog.com *.google.com display.ugc.bazaarvoice.com www.gstatic.com s7d9.scene7.com *.mountain.com armstrongceilings.tfaforms.net googleads.g.doubleclick.net js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net *.analytics.google.com 100.20.58.101 18.210.229.244 3.212.39.155 34.215.155.61 35.160.46.251 35.85.84.151 44.212.189.233 44.228.85.26 44.238.122.172 52.22.50.55 52.71.121.170 54.156.2.105 player.interactivity.brightcove.com x.clearbitjs.com *.clearbitscripts.com;frame-src *;img-src 'self' data: blob: *;connect-src 'self' *.akamaihd.net *.armstrong.com *.armstrongceilings.com cdn-cookieyes.com *.cookieyes.com forms.hsforms.com *.brightcove.com *.qualtrics.com *.hapyak.com cdn.linkedin.oribi.io armstrong.tt.omtrdc.net brightcove.hs.llnwd.net dpm.demdex.net edge.api.brightcove.com lib-us-3.brilliantcollector.com manifest.prod.boltdns.net stats.g.doubleclick.net *.googleapis.com s7d9.scene7.com www.facebook.com *.google.com forms.hubspot.com *.google-analytics.com 100.20.58.101 18.210.229.244 3.212.39.155 34.215.155.61 35.160.46.251 35.85.84.151 44.212.189.233 44.228.85.26 44.238.122.172 52.22.50.55 52.71.121.170 54.156.2.105 px.ads.linkedin.com;object-src players.brightcove.net *.clearbitscripts.com app.clearbit.com;report-uri https://www.armstrong.com/csp-report.jsp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.maxmind.com *.googletagmanager.com *.en25.com cookiebot.com *.cookiebot.com *.google-analytics.com *.google.com google.com *.google.co.nz *.eloqua.com *.gstatic.com *.googleapis.com *.doubleclick.net *.azureedge.net *.clarity.ms *.swiftype.com *.facebook.net *.pinimg.com *.maxymiser.net *.livechatinc.com *.adnxs.com *.twitter.com *.jotform.io *.bing.com c212.net *.jwplatform.com *.pinterest.com *.salesforceliveagent.com d335luupugsy2.cloudfront.net lmimirroralphapvr.azureedge.net *.yotpo.com *.rdstation.com.br *.mathtag.com *.linkedin.com *.pinimg.com sc-static.net *.force.com t.co *.bluekai.com *.snapchat.com vimeo.com *.lesmills.com *.mediatrackr.com youtube.com *.youtube.com lesmills.disco.ac *.googleadservices.com *.angularjs.org browser-update.org cdn.c212.net *.tiktok.com lesmills.my.salesforce.com snap.licdn.com 1
base-uri 'self'; connect-src 'self'; default-src 'self'; font-src 'self' https://use.typekit.net; frame-src 'self'; img-src 'self' https://p.typekit.net; manifest-src 'self'; media-src 'self'; object-src 'none'; report-uri https://6157275e14681bacfabccdd0.endpoint.csper.io/; script-src 'report-sample' 'self' https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js https://use.typekit.net/gil3vgx.js; style-src 'report-sample' 'self'; worker-src 'none'; 1
frame-ancestors https://bidspirit.com https://*.bidspirit.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com; script-src  'self' blob: 'unsafe-inline' 'unsafe-eval' *.cookieinformation.com recaptcha.net *.vimeo.com *.googletagmanager.com *.licdn.com *.google-analytics.com *.youtube.com *.leadlab.click *.wiredminds.de *.hotjar.com *.myvisitors.se *.nr-data.net *.newrelic.com *.driftt.com *.6sc.co *.doubleclick.net *.qualtrics.com *.gstatic.com *.gstatic.cn *.googleapis.com *.mfn.se *.datablocks.se *.googleadservices.com trelleborg.piwik.pro trelleborg.workbuster.com secure.leadforensics.com *.en25.com *.zscalertwo.net code.highcharts.com *.googlesyndication.com *.google.com *.workbuster.com *.onecruiter.com; font-src  'self' data: fonts.gstatic.com fonts.googleapis.com eur02.safelinks.protection.outlook.com *.hotjar.com app.emarketeer.com *.zscalertwo.net widget.datablocks.se; img-src  'self' data: *.google-analytics.com *.w3.org *.linkedin.com *.google.com *.google.de *.googletagmanager.com *.6sc.co *.google.com *.triggerbee.com *.qualtrics.com *.gstatic.com *.gstatic.cn *.googleapis.com *.hotjar.com *.doubleclick.net *.eloqua.com *.zscalertwo.net widget.datablocks.se *.googleadservices.com *.google.fr; style-src 'self' 'unsafe-inline' cdn.datatables.net fast.fonts.net fonts.googleapis.com *.datablocks.se *.bootstrapcdn.com *.zscalertwo.net;style-src-elem 'self' 'unsafe-inline' cdn.datatables.net fast.fonts.net fonts.googleapis.com *.datablocks.se *.bootstrapcdn.com *.zscalertwo.net; connect-src  'self' ws: *.cookieinformation.com cdn.linkedin.oribi.io *.leadlab.click *.google-analytics.com *.doubleclick.net *.analytics.google.com *.nr-data.net *.hotjar.io *.google.com *.6sc.co *.triggerbee.com *.qualtrics.com *.googlesyndication.com *.googleapis.com *.hotjar.com *.mfn.se *.datablocks.se *.googleadservices.com ws.hotjar.com trelleborg.piwik.pro idx.liadm.com *.zscalertwo.net *.hana.ondemand.com *.linkedin.com *.6sense.com *.trelleborg.com; frame-src  'self' *.cookieinformation.com recaptcha.net *.youtube.com *.driftt.com *.vimeo.com *.doubleclick.net *.sts.trelleborg.com eur02.safelinks.protection.outlook.com iframe.dacast.com trelleborg.workbuster.com app.emarketeer.com view.vzaar.com *.zscalertwo.net *.trelleborgecf.com trelleborg-seals.via-em.com smc-lp.s4hana.ondemand.com sts.trelleborg.com privacyportalde-cdn.onetrust.com *.google.com datamix.si *.qualtrics.com *.workbuster.com *.onecruiter.com privacyportal-de.onetrust.com;  media-src 'self' data: blob: *.w3.org *.driftt.com *.zscalertwo.net; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src * 'self' https: data:; connect-src https: wss:; font-src https: data:; media-src https: blob:; 1
img-src data: *; 1
report-uri https://www.utusan.com.my 1
default-src 'self' https:; script-src 'self' data: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src https:; worker-src 'self' https://cdn.devicevalidation.io https://cs.deviceatlas-cdn.com blob: 1
frame-ancestors 'self' https://manage.ehstoday.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
base-uri 'self'; default-src 'self'; style-src 'self' 'unsafe-inline' static.underhentai.net fonts.googleapis.com *.disquscdn.com www.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.underhentai.net ajax.googleapis.com static.cloudflareinsights.com *.disqus.com *.cloudflare.com data:; img-src 'self' static.underhentai.net *.disqus.com *.disquscdn.com translate.google.com fonts.gstatic.com *.w.org secure.gravatar.com data:; media-src *.underhentai.net; font-src 'self' static.underhentai.net fonts.gstatic.com data:; connect-src 'self' *.g.doubleclick.net *.google.com; worker-src blob:; frame-src 'self' *.underhentai.net *.uhn.cx a.adtng.com disqus.com *.storangeunderh.com mega.nz doodstream.com dooood.com doods.pro d000d.com *.cloudflare.com; frame-ancestors 'self' *.underhentai.net; 1
script-src 'nonce-qMFKz0etgBBvxEVpk9d6eg==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=qi7yR82aKimsBCs2dmYcCSGg7X3Nd8nw0L9YOe_HRbzpKahN-AYpETPFsxM57fsdLtLf&policy_id=9&user_id=&request_id=a218470a-c60d-409a-832a-eed29b77d71d; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-/3SkadI5DL2QoYxtW1oKAK4guVdx0v' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
default-src 'self'; base-uri 'self'; script-src 'nonce-a04df78eaa6cf3f987540c199a492a5a' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; connect-src 'self' www.googletagmanager.com *.facebook.com translate.googleapis.com *.instana.io wss://mpsnare.iesnare.com *.usercentrics.eu bat.bing.com/actionp/ *.liadm.com *.parship.dev www.googleadservices.com *.doubleclick.net *.google.com google.com; frame-ancestors 'self' secure1.parship.com secure1.eharmony.com secure1.elitepartner.de *.parship.dev; frame-src 'self' support.parship.de tms.parship.de *.greatviews.de app.usercentrics.eu www.youtube-nocookie.com accounts.google.com translate.googleapis.com *.doubleclick.net *.liadm.com; object-src 'none'; img-src 'self' data: *.instana.io *.parship.dev static.cloudflareinsights.com app.usercentrics.eu/ www.gstatic.com/images/ i.ytimg.com google.com *.google.com www.google.co.uk www.google.ca www.google.de www.google.at www.google.ch www.google.nl www.google.be www.google.fr www.google.com.au www.googleadservices.com www.googletagmanager.com googleads.g.doubleclick.net *.liadm.com sli.eharmony.com; font-src 'self' *.typekit.net; style-src 'self' 'unsafe-inline' 'report-sample' *.typekit.net accounts.google.com/gsi/style translate.googleapis.com; upgrade-insecure-requests; report-uri /ls/ 1
frame-ancestors 'self' *.knoema.com *.knoema.org 1
frame-ancestors 'self' https://www.bodas.com.mx https://comunidad.bodas.com.mx https://landing.bodas.com.mx 1
default-src self https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; script-src self https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self' https://creator.zmags.com https://www.googletagmanager.com; worker-src blob: data: 1
default-src 'self'; media-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /csp/; 1
default-src 'self' data: https: *.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.cloudflare.com *.youtube.com *.google-analytics.com; style-src 'self' 'unsafe-inline' https: *.googleapis.com *.gstatic.com *.cloudflare.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.fontawesome.com; frame-src http: https: *.facebook.com; 1
default-src 'self' mychart.org *.mychart.org;        script-src 'self' mychart.org *.mychart.org 'unsafe-inline' 'unsafe-eval' stats-test.epic.com stats.epic.com;        connect-src 'self' mychart.org *.mychart.org stats-test.epic.com stats.epic.com;        style-src 'self' mychart.org *.mychart.org fonts.googleapis.com 'unsafe-inline';        font-src 'self' mychart.org *.mychart.org fonts.gstatic.com;        img-src 'self' mychart.org *.mychart.org i.ytimg.com ichart2.epic.com data: stats-test.epic.com stats.epic.com epicpublicsitesqa.blob.core.windows.net epicpublicsitesstg.blob.core.windows.net media.epic.com cfvod.kaltura.com;        media-src 'self' mychart.org *.mychart.org cdn.epic.com;        frame-src 'self' mychart.org *.mychart.org cdnapisec.kaltura.com; 1
frame-ancestors 'self' *.exocad.com *.exocad.net; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.magnolia-cloud.com https://*.walkme.com https://*.linkedin.com https://*.chatanexpert.com https://*.clarity.ms https://*.bing.com https://*.linkedin.oribi.io https://*.salesforce-sites.com https://*.force.com https://*.google.com.mx https://*.licdn.com https://*.google.com https://*.doubleclick.net https://*.adservice.google.com https://*.googleadservices.com https://*.mouseflow.com wss://in.visitors.live https://*.luckyorange.com https://*.usercentrics.eu https://*.dwcdn.net https://*.adsrvr.org https://weatherwidget.io https://cdn.thinglink.me https://www.thinglink.com https://www.wrike.com https://*.megameeting.com https://www.youtube.com https://www.slideshare.net https://www.washingtonpost.com https://www.chasepaymentechhostedpay.com https://sketchfab.com https://r3.visualwebsiteoptimizer.com https://ga-dev-tools.appspot.com https://apis.google.com https://www.google.com https://content.googleapis.com https://ajax.googleapis.com https://www.gstatic.com https://play.vidyard.com https://pi.pardot.com https://dev.visualwebsiteoptimizer.com https://www.googletagmanager.com https://go.jabil.com https://www.google-analytics.com http://stats.g.doubleclick.net https://4bfejp2jq0q2273jfp3mhqaw-wpengine.netdna-ssl.com https://hm.baidu.com https://cse.google.com https://snid.snitcher.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://ton.twimg.com https://maps.googleapis.com https://*.6sc.co https://secure.adnxs.com https://w.soundcloud.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://go.pardot.com https://maxcdn.bootstrapcdn.com ; img-src 'self'  https://* data: blob: ; worker-src 'self' blob: ; child-src 'self' https://*.walkme.com https://*.linkedin.com https://*.chatanexpert.com https://*.clarity.ms https://*.bing.com https://*.linkedin.oribi.io https://*.salesforce-sites.com https://*.force.com https://*.google.com.mx https://*.licdn.com https://*.google.com https://*.doubleclick.net https://*.adservice.google.com https://*.googleadservices.com https://*.mouseflow.com wss://in.visitors.live https://*.luckyorange.com https://*.usercentrics.eu https://*.dwcdn.net https://*.adsrvr.org https://weatherwidget.io https://cdn.thinglink.me https://www.thinglink.com https://www.wrike.com https://*.megameeting.com https://www.youtube.com https://www.slideshare.net https://www.washingtonpost.com https://www.chasepaymentechhostedpay.com https://sketchfab.com https://r3.visualwebsiteoptimizer.com https://ga-dev-tools.appspot.com https://apis.google.com https://www.google.com https://content.googleapis.com https://ajax.googleapis.com https://www.gstatic.com https://play.vidyard.com https://pi.pardot.com https://dev.visualwebsiteoptimizer.com https://www.googletagmanager.com https://go.jabil.com https://www.google-analytics.com http://stats.g.doubleclick.net https://4bfejp2jq0q2273jfp3mhqaw-wpengine.netdna-ssl.com https://hm.baidu.com https://cse.google.com https://snid.snitcher.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://ton.twimg.com https://maps.googleapis.com https://*.6sc.co https://secure.adnxs.com https://w.soundcloud.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://go.pardot.com https://maxcdn.bootstrapcdn.com blob: ; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com data: ; 1
base-uri 'self'; frame-ancestors https://admin.belambra.fr https://belambra.resalys.com https://*.belambra.resalys.com; 1
frame-ancestors http://docplanner-front-test.docplanner.com https://docplanner-front-test.docplanner.com *.doctoralia.es doctoraliaone-es2-candidate.azurewebsites.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' gateway.moneris.com 1
font-src *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: www.truffaut.com fonts.gstatic.com static.truffaut.com staging-static.truffaut.com www.booxi.eu blob: data: *.googleapis.com *.abtasty.com *.onestock-retail.io cdn.jsdelivr.net *.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com *.google.com *.facebook.com *.pinterest.com *.pinterest.fr player.ausha.co *.booxi.eu *.trustcommander.net *.googletagmanager.com *.abtasty.com *.onestock-retail.io *.hotjar.com *.voila.live 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.alothemes.com *.magepow.com 'self' data: data: blob: *.commander1.com manager.tagcommander.com *.googleapis.com images.truffaut.com images-staging.truffaut.com media.truffaut.com metrics.truffaut.com smetrics.truffaut.com k.truffaut.com www.google.fr *.facebook.com *.bing.com *.pinterest.com *.pinterest.fr maps.google.com maps.gstatic.com w.bookcdn.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com static.truffaut.com staging-static.truffaut.com *.clarity.ms *.cloudfront.net *.googletagmanager.com *.abtasty.com *.amazonaws.com *.onestock-retail.io *.hotjar.com www.gstatic.com *.keepeek-dev.com *.voila.live *.mondialrelay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.alothemes.com *.magepow.com www.google.com *.gstatic.com mediatheque.truffaut.com k.truffaut.com *.googleadservices.com cdn.tagcommander.com *.trustcommander.net www.gstatic.com maps.google.com maps.googleapis.com *.pinimg.com *.facebook.com *.facebook.net *.bing.com *.doubleclick.net *.lgw.io static.truffaut.com staging-static.truffaut.com *.woosmap.com www.booxi.eu *.clarity.ms *.googletagmanager.com *.abtasty.com blob: *.googleapis.com *.onestock-retail.io *.hotjar.com www.google.fr *.voila.live unpkg.com *.mondialrelay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com fonts.googleapis.com static.truffaut.com staging-static.truffaut.com www.booxi.eu *.googletagmanager.com *.abtasty.com *.onestock-retail.io cdn.jsdelivr.net *.hotjar.com www.google.fr *.voila.live unpkg.com *.mondialrelay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com images.truffaut.com images-staging.truffaut.com media.truffaut.com *.keepeek-dev.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adyen.com *.alothemes.com *.magepow.com t.elasticsuite.io *.google-analytics.com truffaut.com media.truffaut.com k.truffaut.com static.truffaut.com staging-static.truffaut.com *.googlesyndication.com *.analytics.google.com *.trustcommander.net *.commander1.com *.facebook.net *.facebook.com *.doubleclick.net *.pinterest.com *.pinterest.fr *.clarity.ms *.googleapis.com *.woosmap.com maps.googleapis.com *.googletagmanager.com *.abtasty.com *.onestock-retail.io *.bing.com *.hotjar.com *.hotjar.io wss://*.hotjar.com/api/v2/client/ws *.mondialrelay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com data: blob: *.truffaut.com *.bing.com *.tagcommander.com *.trustcommander.net *.facebook.net *.pinterest.com *.pinterest.fr *.doubleclick.net *.gstatic.com *.pinimg.com *.lgw.io *.google-analytics.com *.analytics.google.com *.google.com *.google.fr *.googleadservices.com *.googletagmanager.com *.bootstrapcdn.com *.facebook.com *.demdex.net *.youtube.com *.bookcdn.com static.truffaut.com staging-static.truffaut.com *.onestock-retail.io *.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; script-src 'self' 'unsafe-inline'; img-src 'self'; style-src 'self' 'unsafe-inline'; report-uri /frontend-api/skynet/csp-uri; report-to skynet 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.karnaval.ir *.google.com *.googletagmanager.com *.google-analytics.com gstatic.com *.gstatic.com cloudflare.com *.cloudflare.com *.openstreetmap.org *.jwplatform.com *.jwpcdn.com *.mci.com *.mci.ir *.samandehi.ir localhost:* https://cdn.karnaval.ir *.aparat.com;frame-ancestors 'self' karnaval.ir *.karnaval.ir 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://*.redintelligence.net blob: https://app.qubit.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://d2d7do8qaecbru.cloudfront.net; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://ct.pinterest.com https://*.google.es https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.myprotein.es https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.es https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn https://fonts.smct.co https://fonts.smct.io https://fonts.gstatic.com; form-action 'self' https://www.facebook.com https://www.myprotein.es https://m.myprotein.es https://checkout.myprotein.es https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://*.redintelligence.net https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com https://static.goqubit.com https://*.qubit.com https://sgtm.myprotein.es https://smct.co https://*.smct.co https://smct.io https://*.smct.io; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn https://fonts.smct.co https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; object-src * data: blob: 'unsafe-inline' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://tribe.net; img-src 'self' https: data: blob: https://tribe.net; style-src 'self' https://tribe.net 'nonce-KlO/S5uAHz8Xn2fPmPpURQ=='; media-src 'self' https: data: https://tribe.net; frame-src 'self' https:; manifest-src 'self' https://tribe.net; form-action 'self'; child-src 'self' blob: https://tribe.net; worker-src 'self' blob: https://tribe.net; connect-src 'self' data: blob: https://tribe.net https://tribe.net wss://tribe.net; script-src 'self' https://tribe.net 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://www.visitdenmark.com https://*.www.visitdenmark.com https://api.www.www.visitdenmark.com 1
script-src 'unsafe-inline' 'unsafe-eval' https: blob:;object-src https://*.ab.gr; base-uri https://tau.collect.igodigital.com/ https://www.contactpigeon.com; upgrade-insecure-requests; frame-ancestors https://*.ab.gr https://*.svc.ab.gr https://d3hz4baxchepgp.cloudfront.net https://view.publitas.com; 1
frame-ancestors https://forms.cps.ca/ https://plausible.cps.ca/ https://cps.ca 1
default-src 'none' ; connect-src https://www.tempest.com https://*.www.tempest.com https://*.tempest.com https://tempest.com https://*.ingest.sentry.tempest.com https://*.apple-mapkit.com ; script-src blob:  https://www.tempest.com https://*.www.tempest.com https://*.tempest.com https://tempest.com https://*.ingest.sentry.tempest.com https://*.apple-mapkit.com https://geoloc.tempest.com 'unsafe-inline' 'unsafe-eval'; manifest-src https://www.tempest.com https://*.www.tempest.com https://tempest.com ; font-src data: https://www.tempest.com https://*.www.tempest.com https://tempest.com https://cdnjs.cloudflare.com/ ; img-src https: data: https://www.tempest.com https://*.www.tempest.com https://tempest.com https://*.tempest.com https://*.bing.com/ https://*.bing.net/ https://*.mm.bing.net https://*.explicit.bing.net ; style-src 'self' https://www.tempest.com https://*.www.tempest.com https://tempest.com https://cdnjs.cloudflare.com/ 'unsafe-inline'; object-src 'none' ; worker-src blob: https://www.tempest.com https://tempest.com https://*.www.tempest.com ; child-src blob:  https://www.tempest.com https://*.www.tempest.com https://tempest.com ; form-action  https://www.tempest.com https://*.www.tempest.com https://tempest.com ; frame-ancestors 'none' ; base-uri 'self' ; block-all-mixed-content; 1
upgrade-insecure-requests; default-src https: blob: wss:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob: data:;frame-src https: blob: data:; report-uri /cspreports 1
frame-ancestors 'self' *.trihealth.com; 1
script-src 'self' 'unsafe-inline' data: https://script.hotjar.com/ https://static.hotjar.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.google.com https://www.google-analytics.com *.youtube.com *.unab.cl https://unab.cl https://test.unab.cl *.pingdom.net *.facebook.net *.facebook.com https://*.googletagmanager.com *.doubleclick.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ *.googleapis.com *.unab.cl https://unab.cl https://test.unab.cl *.facebook.net *.facebook.com; img-src 'self' https://via.placeholder.com/ *.gravatar.com *.google.com *.google.cl *.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.cl *.youtube.com https://unab.cl https://test.unab.cl *.unab.cl https://unabs3.s3.amazonaws.com https://s.w.org *.facebook.net *.facebook.com data:; font-src 'self' https://cdn.jsdelivr.net fonts.gstatic.com *.google.com *.youtube.com *.unab.cl https://test.unab.cl https://unab.cl *.facebook.net *.facebook.com data:; form-action 'self' *.google.com *.unab.cl https://unab.cl https://test.unab.cl *.facebook.net *.facebook.com; frame-ancestors 'self' *.google.com *.youtube.com *.unab.cl https://unab.cl https://test.unab.cl *.facebook.net *.facebook.com; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ *.unab.cl https://unab.cl https://test.unab.cl *.doubleclick.net https://unab.cl https://test.unab.cl *.google.com maps.google.com *.youtube.com *.facebook.net *.facebook.com; media-src 'self' https://unabs3.s3.amazonaws.com *.google.com https://www.google-analytics.com *.youtube.com *.unab.cl https://unab.cl https://test.unab.cl *.facebook.net *.facebook.com; connect-src 'self' https://vc.hotjar.io/ https://in.hotjar.com/ *.unab.cl https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.cl *.pingdom.net; object-src 'self' *.unab.cl; manifest-src 'self' *.unab.cl 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=FR&lang=fr-FR&device=desktop&yrid=5vc6uf5ja5vnn&partner=; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; connect-src https: wss:; img-src * data:; style-src https: 'unsafe-inline'; font-src * data:; 1
frame-ancestors 'self' https://neo.deutsche-wirtschafts-nachrichten.de 1
default-src 'self' static-cdn.mackeeper.com static-cdn.sz.mackeeper.com;frame-ancestors 'self' *.cleverbridge.com;frame-src 'self' *.liadm.com *.doubleclick.net *.hotjar.com *.google.com *.mackeeper.com *.facebook.com *.youtube.com *.trustpilot.com *.criteo.com;child-src 'self';form-action 'self';img-src 'self' data: *.kromtech.net *.mackeeper.com *.visualwebsiteoptimizer.com *.bing.com *.google-analytics.com *.facebook.com *.liadm.com *.doubleclick.net *.hotjar.com *.owox.com *.zoomsupport.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.outbrain.com *.gstatic.com http://mackeeper.com https://mackeeper.com *.atdmt.com https://files.clario.co https://c.clarity.ms https://zchat.account.clario.co/images/ https://files.clario.co/images/ https://zchat.account.sz.clario.co/images/ *.shopperapproved.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.bing.com *.facebook.net *.hotjar.com *.liadm.com *.visualwebsiteoptimizer.com *.kromtech.net *.mackeeper.com *.doubleclick.net *.youtube.com *.ytimg.com *.taboola.com *.outbrain.com *.trustpilot.com http://mackeeper.com https://mackeeper.com http://support.zoomsupport.com http://crm.zoomsupport.com http://chat-crm.zoomsupport.com *.criteo.net *.criteo.com https://www.dwin1.com http://www.youtube.com/player_api https://zchat.account.sz.mackeeper.com https://zchat.account.mackeeper.com https://files.clario.co *.clarity.ms *.googleoptimize.com *.sentry-cdn.com *.shopperapproved.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.kromtech.net *.mackeeper.com *.google.com http://mackeeper.com https://mackeeper.com *.shopperapproved.com;font-src 'self' data: *.gstatic.com *.hotjar.com *.kromtech.net *.mackeeper.com *.shopperapproved.com;object-src 'none';connect-src 'self' *.facebook.com *.mackeeper.com http://mackeeper.com https://mackeeper.com *.hotjar.io *.hotjar.com *.doubleclick.net support.mackeeper.com *.google-analytics.com https://analytics.google.com wss://*.hotjar.com *.taboola.com *.outbrain.com http://rp.liadm.com https://rp.liadm.com https://bat.bing.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.clarity.ms https://sentry.cloudmccloud.com https://zchat.account.clario.co/images/ https://files.clario.co/images/ https://zchat.account.sz.clario.co/images/ 1
default-src 'self' https:;connect-src 'self' blob: https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' 'unsafe-inline' https:;frame-src 'self' https:;img-src 'self' data: https:;font-src 'self' data: https:;worker-src 'self' blob: https:;object-src 'none';frame-ancestors 'none';base-uri 'self'; 1
frame-ancestors 'self' https: *.athensvoice.gr 1
base-uri 'self';default-src 'self';script-src 'self' https://dreambroker.com/resources/js/ 'nonce-9ef662cd-a608-40f7-8e42-2ee25db5a258';style-src 'self' https://fonts.googleapis.com 'nonce-9ef662cd-a608-40f7-8e42-2ee25db5a258';img-src 'self' data: https://cdn.verkkopalvelu.suomi.fi;font-src 'self' https://fonts.gstatic.com;connect-src 'self' https://yhteystietohakemisto.valtori.fi https://api.digitransit.fi https://vaha-mandate-applications-qa.s3.eu-west-1.amazonaws.com https://cdn.matomo.cloud;child-src 'self' https://hkptesti.maanmittauslaitos.fi https://hkp.maanmittauslaitos.fi https://api.digitransit.fi https://dreambroker.com data:;frame-src 'self' https://hkptesti.maanmittauslaitos.fi https://hkp.maanmittauslaitos.fi https://api.digitransit.fi https://dreambroker.com data:;object-src 'none';frame-ancestors https://*.tunnistus.fi;form-action 'self' https://*.tunnistus.fi https://*.suomi.fi;upgrade-insecure-requests;script-src-attr 'none' 1
default-src 'self' download.visaforchina.cn *.alibaba.com *.aliyuncs.com *.alicdn.com *.aliyun.com *.aliapp.org *.mmstat.com *.126.net *.127.net *.163yun.com *.163.com *.netease.com 'unsafe-inline' 'unsafe-eval' blob: data: ; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com ajax.aspnetcdn.com https://www.youtube.com https://s.ytimg.com https://*.googletagmanager.com cdnjs.cloudflare.com *.cognitoforms.com *.google.com *.googleusercontent.com blob: https://*.ggpht.com https://tagmanager.google.com https://cdn.jsdelivr.net https://cdn.polyfill.io https://developer.livehelpnow.net https://www.livehelpnow.net *.scottsdaleaz.gov *.youtube.com https://js.arcgis.com *.recollect.net https://siteimproveanalytics.com https://*.cloudfront.net https://d10hxo0w83tp48.cloudfront.net https://scottsdalepassports.fullslate.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com cdnjs.cloudflare.com https://www.cognitoforms.com https://fonts.googleapis.com https://tagmanager.google.com https://developer.livehelpnow.net *.youtube.com https://js.arcgis.com https://recollect.a.ssl.fastly.net https://scottsdalepassports.fullslate.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com i.ytimg.com data: blob: https://*.googletagmanager.com https://webchat-backend-staging.s3.amazonaws.com https://*.google-analytics.com *.google.com *.googleusercontent.com https://ssl.gstatic.com https://www.gstatic.com https://developer.livehelpnow.net https://www.livehelpnow.net *.scottsdaleaz.gov *.sitefinity.cloud *.youtube.com https://js.arcgis.com https://api.recollect.net https://recollect.a.ssl.fastly.net https://recollect-images.global.ssl.fastly.net https://8575.global.siteimproveanalytics.io https://*.cloudfront.net https://scottsdalepassports.fullslate.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: cdnjs.cloudflare.com https://www.cognitoforms.com https://cdn.livehelpnow.net https://js.arcgis.com https://recollect.a.ssl.fastly.net https://static.cognitoforms.com; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com https://webchat.staging.citibot.io https://www.cognitoforms.com https://cos-gis.maps.arcgis.com https://experience.arcgis.com https://www.eventsquid.com *.google.com *.scottsdaleaz.gov https://api.recollect.net https://wateruseitwisely.com https://scottsdale.libnet.info https://storymaps.arcgis.com *.suiteonemedia.com https://scottsdale.granicus.com/; connect-src 'self' data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com https://webchat-backend.staging.citibot.io https://www.cognitoforms.com https://*.analytics.google.com https://*.google-analytics.com *.google.com blob: https://developer.livehelpnow.net *.scottsdaleaz.gov wss://app.livehelpnow.net https://*.arcgis.com https://utility.arcgisonline.com https://204wdk5l2k.execute-api.us-west-2.amazonaws.com https://d10hxo0w83tp48.cloudfront.net https://participant.connect.us-west-2.amazonaws.com wss://ve9ssukgvevbtq.transport.connect.us-west-2.amazonaws.com https://*.googleapis.com https://api.themoviedb.org https://cognitoprod.blob.core.windows.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://developer.livehelpnow.net *.youtube.com; child-src 'self' https://api.recollect.net; worker-src 'self' blob: 1
base-uri 'self'; default-src 'self' data:; script-src 'self' 'unsafe-eval' 'nonce-6bff613d-bc0a-45da-bb2b-b9a62cf260b7'; img-src 'self' data: https: http:; media-src 'self' data:; style-src 'self' 'unsafe-inline'; connect-src 'self' data: keys.openpgp.org 1
frame-ancestors 'self' *.crictracker.com https://jionews.com *.dailyhunt.in *.ril.com *.pie.news https://jionewsdev1.jio.ril.com 1
default-src 'self' https: *.wogaa.sg *.demdex.net *.everesttech.net *.adobetag.com *.vica.gov.sg *.onemap.gov.sg *.moatads.com wogadobeanalytics.sc.omtrdc.net www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com api.data.gov.sg ifaqs.flexanswer.com *.doubleclick.net *.bootstrapcdn.com *.hotjar.com *.hotjar.io wss://*.hotjar.com; script-src 'self' *.googleapis.com *.gstatic.com www.google.com connect.facebook.net 'unsafe-inline' *.wogaa.sg *.adobedtm.com *.vica.gov.sg *.moatads.com www.google-analytics.com www.googletagmanager.com *.twitter.com *.hotjar.com *.prd.cwp2.sg 'unsafe-eval' https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org; style-src 'self' *.googleapis.com *.gstatic.com 'unsafe-inline' *.vica.gov.sg *.wogaa.sg https://cdn.insight.sitefinity.com https://dec.azureedge.net; img-src 'self' *.gstatic.com *.googleapis.com www.facebook.com data: blob: www.nea.gov.sg *.everesttech.net *.demdex.net *.vica.gov.sg stats.g.doubleclick.net *.onemap.gov.sg *.onemap.sg wogadobeanalytics.sc.omtrdc.net connect.facebook.net www.google-analytics.com www.googletagmanager.com *.googleusercontent.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' data: *.amazonaws.com *.vica.gov.sg *.wogaa.sg *.googleapis.com *.gstatic.com; connect-src 'self' *.gstatic.com *.wogaa.sg dpm.demdex.net wogadobeanalytics.sc.omtrdc.net *.vica.gov.sg wss://*.vica.gov.sg www.google-analytics.com *.googleapis.com api.data.gov.sg smartnation.data.gov.sg data.gov.sg ifaqs.flexanswer.com *.doubleclick.net *.bootstrapcdn.com developers.onemap.sg *.hotjar.com data: *.hotjar.io wss://*.hotjar.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; object-src 'self' 1
block-all-mixed-content; default-src 'self' 'unsafe-inline' *.easyship.com fonts.googleapis.com fonts.ub-assets.com blob: builder-assets.unbounce.com *.website-files.com *.doubleclick.net app.hubspot.com player.vimeo.com *.hotjar.com *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.be *.google.fr *.google.ca *.google.de *.google.es *.google.be *.google.it *.google.ie; form-action 'self'; frame-src 'self' td.doubleclick.net *.cloudflare.com app.hubspot.com *.google.com; frame-ancestors 'self' *.easyship.com *.rainfactory.com *.pachelp.com; object-src 'none'; font-src 'self' data: fonts.gstatic.com fonts.ub-assets.com *.website-files.com *.easyship.com *.hotjar.com; connect-src 'self' *.website-files.com *.linkedin.com *.easyship.com cdn-cookieyes.com *.clarity.ms *.cookieyes.com *.google.com *.hubspot.com *.google-analytics.com stats.g.doubleclick.net sentry.io *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn.plyr.io *.ipify.org *.hsforms.com secure.intelligent-company-365.com www.googletagmanager.com *.cloudflare.com *.cloudflareinsights.com; img-src 'self' *.easyship.com data: *.hsforms.com *.cloudfront.net *.website-files.com cdn-cookieyes.com *.clarity.ms *.bing.com *.google.com *.linkedin.com *.hubspot.com *.intelligent-company-365.com *.facebook.com *.facebook.net easyship.ghost.io *.googletagmanager.com *.google-analytics.com *.googleusercontent.com *.vimeocdn.com *.hotjar.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.hsforms.net *.ubembed.com js.hubspot.com blob: *.easyship.com builder-assets.unbounce.com *.website-files.com ajax.googleapis.com *.cloudfront.net cdn-cookieyes.com *.ads-twitter.com *.bing.com *.clarity.ms *.cloudflare.com *.cloudflareinsights.com *.facebook.net *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsleadflows.net *.impactradius-event.com *.jsdelivr.net *.licdn.com *.twitter.com *.usemessages.com *.vimeo.com *.intelligent-company-365.com *.sentry-cdn.com cdn.plyr.io; upgrade-insecure-requests; 1
frame-ancestors 'self' app.buildfire.com; 1
frame-ancestors http://*.kindermorgan.com https://*.kindermorgan.com 1
frame-ancestors 'self' https://*.comon.ru https://metrika.yandex.ru https://metrika.yandex.by https://metrika.yandex.com https://metrika.yandex.com.tr http://*.webvisor.com https://*.webvisor.com 1
frame-ancestors 'self' sou.ucs.br ucs.br www.ucs.br; 1
base-uri 'www.axelspringer.com'; upgrade-insecure-requests 1; 1
frame-ancestors https://samoletplus.ru https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://webvisor.com 1
default-src 'self' https://* 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https://* 'unsafe-eval' 'unsafe-inline';img-src 'self' https://* 'unsafe-inline'; object-src 'self' 'unsafe-inline';base-uri 'self';style-src-elem https://* 'unsafe-inline';frame-src 'self' https://* 'unsafe-inline';font-src https://* 'unsafe-inline';connect-src https://* 'unsafe-inline';upgrade-insecure-requests 1
connect-src   maps.nextbike.net *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net directline.botframework.com/v3/directline/ wss://directline.botframework.com/v3/directline/ wtb.maptiles.arcgis.com *.arcgisonline.com *.arcgis.com chatbot.wlb.at onlim-chatbot-production.s3.amazonaws.com *.onlim.com wss://*.onlim.com wss://app.onlim.com/api/cs/ws wss://api.onlim.com/cs/ws *.vimeo.com vimeo.com *.addthis.com www.google-analytics.com routenplaner.verkehrsauskunft.at *.wienit.at *.api.wienenergie.at api.wienenergie.at service.wienerstadtwerke.at *.service.wienernetze.at service.wienernetze.at api.wstw.at int-api.wstw.at test-api.wstw.at styles.wienerstadtwerke.at 'self' https://info.wienerlinien.at/api/form/v1/8896c.21k0oa6/null https://www.facebook.com/tr/ *.googleapis.com bestattungwien.piwik.pro jobs.wienerstadtwerke.at digitalesgrab.friedhoefewien.at rns.matelso.de *.wienmobil.at bestattungwien.containers.piwik.pro log.wien; style-src   https://d6tizftlrpuof.cloudfront.net/themes/production/wienerstadtwerke-test-design-wienerstadtwerke-feedbacklet-d69f3b461dc32d40f77b744a4b3eb522.css static.dvinci-easy.com bestattungwien.containers.piwik.pro 'self' styles.wienerstadtwerke.at 'unsafe-inline' fonts.googleapis.com *.onlim.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net *.chatvisor.com; base-uri   'self' *.onlim.com; script-src   https://googleads.g.doubleclick.net/ *.usabilla.com/ *.onlim.com *.onlim.com/ *.googletagmanager.com/ connect.facebook.net/ *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net walls.io *.virtualq.io polyfill.io openstreetmap.org *.openstreetmap.org chatbot.wlb.at app.onlim.com/ *.vimeocdn.com ajax.googleapis.com maps.googleapis.com www.gstatic.com www.google.com www.google-analytics.com assets.adobedtm.com *.ytimg.com *.youtube.com styles.wienerstadtwerke.at 'unsafe-inline' 'unsafe-eval' 'self' https://www.googletagmanager.com/ *.adform.net https://siteimproveanalytics.com static.dvinci-easy.com rns.matelso.de bestattungwien.containers.piwik.pro bestattungwien.piwik.pro https://app.onlim.com/chat-app/js/host.js *.googleadservices.com; frame-src   https://langenacht.orf.at *.wienernetze.at/ lehrlingstest-wienerstadtwerke.azurewebsites.net video.eko.com ubscal.seeyou.at *.issuu.com issuu.com *.walls.io walls.io *.virtualq.io app.onlim.com www.whatchado.com *.vimeo.com vimeo.com *.youtube.com www.google.com www.bestattungwien.at *.friedhoefewien.at mailto: service.wienerstadtwerke.at 'self' *.facebook.com youtu.be https://terminreservierung.staging.reinisch.tech/ *.youtu.be *.wienit.at/ https://sketchfab.com/ td.doubleclick.net embeds.whatchado.com https://terminreservierung.reinisch.tech/; media-src   'self' data: *.onlim.com; img-src   wienitedv.d3.sc.omtrdc.net *.wienernetze.at/ facebook.com/tr/ rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net *.wien.gv.at *.fluidtime.com *.arcgisonline.com onlim-chatbot-production.s3.eu-central-1.amazonaws.com onlim-base.s3.eu-central-1.amazonaws.com dacodi-production.s3.amazonaws.com *.onlim.com *.openstreetmap.org *.vimeocdn.com *.omtrdc.net *.2o7.net maps.googleapis.com maps.gstatic.com *.ytimg.com csi.gstatic.com chatbot.wlb.at *.wienit.at *.upstream-mobility.at blob: data: styles.wienerstadtwerke.at 'self' bestattungwien.containers.piwik.pro https://googleads.g.doubleclick.net *.facebook.com *.siteimproveanalytics.io https://siteimproveanalytics.com bestattungwien.piwik.pro https://www.google.at/pagead/ https://www.google.com/pagead/; default-src   'self'; font-src   bestattungwien.containers.piwik.pro *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net data: styles.wienerstadtwerke.at chatbot.wlb.at *.onlim.com fonts.gstatic.com 'self' https://d6tizftlrpuof.cloudfront.net/themes/production/wienerstadtwerke-test-design-wienerstadtwerke-font-file-url-de462eaa4f394073e3723d639af661c0.woff; 1
frame-src 'self' *.valero.com *.youtube.com; frame-ancestors 'self'; report-uri /report-csp-violation 1
frame-ancestors 'self' https://customercare.cs.pcln.net https://z1.le.liveperson.net https://pricelinepartnernetwork.com https://cares.go.akamai-access.com/; 1
frame-ancestors 'self' *.allovoisins.com 1
frame-ancestors *.vaimo.net *.istore.co.za *.istore.com 1
frame-ancestors 'self' https://histoiredor.popsell.com https://orovivo-tablet.vercel.app 1
default-src 'self' 'unsafe-inline' data: https://www.google-analytics.com https://cdn.userway.org https://edgeshoppingstatic.azureedge.net; script-src 'self' 'unsafe-inline' data: 'unsafe-eval' https://www.nostarch.com https://nostarch.com https://ajax.googleapis.com https://www.google-analytics.com https://cdn.userway.org https://api.userway.org https://ajax.cloudflare.com https://connect.facebook.net https://www.googletagmanager.com; object-src https://www.youtube.com https://w.soundcloud.com; img-src 'self' 'unsafe-inline' data: blob: https://www.nostarch.com https://nostarch.com https://www.google-analytics.com https://www.paypal.com https://www.paypalobjects.com https://api.userway.org https://cdn.userway.org; frame-ancestors 'self'; child-src https://cdn.userway.org https://www.youtube.com https://w.soundcloud.com  https://nostarch.com; font-src 'self' data: moz-extension https://static3.avast.com https://nostarch.com https://fonts.gstatic.com https://cdn.userway.org; connect-src 'self' 'unsafe-inline' data: https://www.google-analytics.com https://stats.g.doubleclick.net https://api.userway.org https://cdn.userway.org https://analytics.google.com; report-uri /report-csp-violation 1
default-src data: 'self' blob: 'unsafe-inline' *.dzo.com.ua *.cipher.kiev.ua:* *.prozorro.gov.ua www.openstreetmap.org *.openprocurement.org depositsign.com view.officeapps.live.com widgets.binotel.com prozorro-ds-prod.s3.eu-central-1.amazonaws.com d38sv8fq5al52n.cloudfront.net connect.facebook.net 'unsafe-eval' www.googletagmanager.com docs.google.com fonts.googleapis.com www.google-analytics.com www.google.com *.hotjar.com *.hotjar.io *.facebook.com *.facebook.net *.doubleclick.net www.google.com.ua fonts.gstatic.com prozorro-ds-prod.s3.eu-central-1.amazonaws.com *.prozorro.gov.ua d38sv8fq5al52n.cloudfront.net connect.facebook.net cdnjs.cloudflare.com id.gov.ua *.sentry-cdn.com *.sentry.io; 1
font-src 'self' https://fonts.gstatic.com https://www.google.com/recaptcha/ https://cdngovbr-ds.estaleiro.serpro.gov.br https://cdnjs.cloudflare.com https://fonts.cdnfonts.com 1
base-uri 'none';object-src 'none';upgrade-insecure-requests; 1
default-src 'self' https://static.lobstr.co https://www.google-analytics.com https://lobstr.zendesk.com https://ekr.zdassets.com 'nonce-f945ada8a19263020e8823c3c9fb83b6fd58b34e2bfbe9a1563981ba78de6111';connect-src 'self' https://lobstr.freshdesk.com https://widget.freshworks.com https://horizon.stellar.lobstr.co https://horizon.stellar.org https://api.anclap.com https://vault.lobstr.co https://static.lobstr.co https://sentry.razortheory.com https://api.cowrie.exchange https://api.fchain.io https://smx.saldo.mx https://api.apay.io https://test.apay.io https://stellaranchor.ntokens.com https://stellaranchor.ntokens.com.br https://api.anchor.com.ar https://k.tempocrypto.com https://a3s.api.stellarport.io https://pagos.saldo.mx https://connect.clickpesa.com https://tff.tiny.group https://www.anchormxn.com https://www.naobtc.com https://testanchor.lobstr.co https://api.anchorusd.com https://transfer-server.stablex.cloud https://lobstr.zendesk.com https://www.google-analytics.com https://ekr.zdassets.com https://unstoppabledomains.com https://usdcswap.ultrastellar.com https://usdcswap.com https://ultrastellar.com https://ultracapital.xyz https://anchor.ultrastellar.com https://polaris.stably.io https://api.dstoq.com https://anchormxn.com https://kbtrading.org https://anchor.thecryptobanker.com https://stellar.moneygram.com https://apisvcs.moneygram.com https://ngnc.online https://anchor.ngnc.online https://anchor.mykobo.co https://orokii.com https://sep6.whalestack.com https://stellar-anchor.payfura.com https://transfer-server.zetl.network https://stellar-anchor.payfura.com https://stellar-sep.triple-a.io https://stellar-sep-24.banxa.com https://kado-anchor-sep.kado.money https://routing.ultrastellar.com https://circle.anchor.mykobo.co https://api.strider.today https://lobstr-sep24.aps.money https://ticker.ultrastellar.com 'nonce-f945ada8a19263020e8823c3c9fb83b6fd58b34e2bfbe9a1563981ba78de6111';img-src 'self' data: https://s3.amazonaws.com/cdn.freshdesk.com/ https://www.google.com https://id.lobstr.co https://www.google-analytics.com https://www.gstatic.com https://cdnjs.cloudflare.com https://static.lobstr.co 'nonce-f945ada8a19263020e8823c3c9fb83b6fd58b34e2bfbe9a1563981ba78de6111';script-src-elem 'self' https://widget.freshworks.com https://unpkg.com https://static.lobstr.co https://assets.zendesk.com https://cdnjs.cloudflare.com https://static.zdassets.com https://code.jquery.com https://www.google.com https://www.gstatic.com https://ajax.cloudflare.com https://ajax.googleapis.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://www.google-analytics.com;script-src 'self' https://widget.freshworks.com https://www.google-analytics.com https://assets.zendesk.com https://unpkg.com https://static.zdassets.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://static.zdassets.com https://static.lobstr.co https://stackpath.bootstrapcdn.com https://www.google.com https://www.gstatic.com https://code.jquery.com 'nonce-f945ada8a19263020e8823c3c9fb83b6fd58b34e2bfbe9a1563981ba78de6111';style-src 'unsafe-inline' https://static.zdassets.com https://ajax.googleapis.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://static.lobstr.co https://widget.freshworks.com;object-src 'none';base-uri 'self';frame-src 'self' https://www.youtube.com https://www.youtube.com/embed/rHQgXYhgKsU https://www.google.com 'nonce-f945ada8a19263020e8823c3c9fb83b6fd58b34e2bfbe9a1563981ba78de6111';font-src 'self' https://fonts.gstatic.com https://static.lobstr.co https://cdnjs.cloudflare.com https://fonts.googleapis.com 'nonce-f945ada8a19263020e8823c3c9fb83b6fd58b34e2bfbe9a1563981ba78de6111';frame-ancestors 'none';report-uri /csp-manager/report/ 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io *.sleeknote.com https://*.sleeknote.com https://heyzine.com/ https://live-campaign-bar-locator.pantheonsite.io/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://campaign.absolut.com/; frame-ancestors 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io *.sleeknote.com https://heyzine.com/ wss://ws.hotjar.com/ https://www.hotjar.com/ https://live-campaign-bar-locator.pantheonsite.io/ https://campaign.absolut.com/; frame-src blob: 'self' https://www.google.com https://www.youtube.com https://absmartini.wpenginepowered.com https://mixedbyai.wpengine.com/ https://*.absolut.com https://iframe-mdm.absolut.com https://live-campaign-paper-bottle.pantheonsite.io/ https://*.sleeknote.com https://td.doubleclick.net https://11963351.fls.doubleclick.net/ *.sleeknote.com https://integrationssite.sleeknote.com https://player.vimeo.com/ https://*.evidon.com https://l3.evidon.com *.swaven.com https://heyzine.com/ https://www.hotjar.com/ wss://ws.hotjar.com/ https://live-campaign-bar-locator.pantheonsite.io/ https://campaign.absolut.com/; worker-src blob: 'self' 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' app.usercentrics.eu www.googletagmanager.com *.google-analytics.com www.googleadservices.com www.google.com *.s-cloud.fi *.doubleclick.net connect.facebook.net *.giosg.com *.giosgusercontent.com *.crazyegg.com files.cdn.leadfamly.com *.visualwebsiteoptimizer.com app.vwo.com; child-src 'self' blob:; frame-src 'self' app.usercentrics.eu *.doubleclick.net *.s-cloud.fi www.facebook.com prisma.leadfamly.com *.giosg.com *.giosgusercontent.com *.crazyegg.com www.youtube.com; style-src 'self' 'unsafe-inline' *.giosg.com *.giosgusercontent.com *.crazyegg.com; font-src * 'self' 'unsafe-inline' data: https; img-src * 'self' googleads.g.doubleclick.net www.google.com data: https; object-src 'self'; connect-src * 'self' *.s-cloud.fi api.usercentrics.eu graphqp.usercentrics.eu *.google-analytics.com *.giosg.com *.giosgusercontent.com *.crazyegg.com data: https; frame-ancestors https://app.contentful.com 1
default-src 'self';      script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pi.pardot.com/ https://www.maplesoft.com/JS/hbx.js https://platform.twitter.com/ https://us-serve.nrich.ai/ https://js.stripe.com/ https://app.termly.io https://us-tag.nrich.ai/ https://apis.google.com/ https://static.ads-twitter.com https://connect.facebook.net https://assets.adobedtm.com/           https://www.googletagmanager.com/ https://www.google-analytics.com/  https://www.google-analytics.com/ https://cdnjs.cloudflare.com/ https://j.6sc.co/ https://bat.bing.com/ https://snap.licdn.com/      https://www.googleadservices.com/      https://secure.quantserve.com/ https://rules.quantcount.com/     https://scripts.demandbase.com/ https://api.company-target.com/ https://cdn.tt.omtrdc.net      https://maplesoftinc.tt.omtrdc.net/ https://code.jquery.com https://dpm.demdex.net/      https://googleads.g.doubleclick.net/ https://tag.demandbase.com/ https://maple.cloud/      https://www.mapleprimes.com/     https://www.maplesoft.com/ https://use.fontawesome.com/ https://code.jquery.com/ https://reports.hrmdirect.com/      https://s3.amazonaws.com/;                        connect-src 'self' https://maplesoftinc.tt.omtrdc.net/ https://px.ads.linkedin.com/ https://google-analytics.com *.google-analytics.com https://stats.g.doubleclick.net/ https://c.6sc.co/ https://ipv6.6sc.co/ https://www.google.com https://googleads.g.doubleclick.net https://epsilon-globalaccelerator.6sense.com/ https://app.termly.io/ https://epsilon.6sense.com/ https://dpm.demdex.net/ https://google.com/      https://dpm.demdex.net/ https://api.company-target.com           https://www.facebook.com/ https://cdn.linkedin.oribi.io/ https://secure.adnxs.com/ https://maplesoftcom.112.2o7.net/ https://analytics.google.com *.analytics.google.com https://bat.bing.com/      https://pagead2.googlesyndication.com/ https://api.maplesoft.com/;     img-src 'self' https://www.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://us-tag.nrich.ai/ https://google-analytics.com https://analytics.google.com *.google-analytics.com *.analytics.google.com  https://stats.g.doubleclick.net https://px.ads.linkedin.com/ https://bat.bing.com/ https://pixel.quantserve.com https://b.6sc.co data: https://www.google.com https://www.google.ca                   https://cm.everesttech.net/ https://maplesoftcom.112.2o7.net/ https://maplesoft.112.2o7.net/ https://id.rlcdn.com/ https://www.maplesoft.com/          https://segments.company-target.com/      https://www.gravatar.com/ https://dpm.demdex.net/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/          https://code.jquery.com/ https://www.linkedin.com/ https://image.e.maplesoft.com/ https://image.s4.exct.net/           https://syndication.twitter.com/ https://s-static.ak.facebook.com/ https://www.googletagmanager.com/ https://api.maplesoft.com/;                          style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://fonts.googleapis.com/  https://cdnjs.cloudflare.com/ https://use.fontawesome.com/          https://code.jquery.com https://www.mapleprimes.com/ https://www.maplesoft.com/ https://code.jquery.com/ https://reports.hrmdirect.com/ https://d22hhoe037sl7u.cloudfront.net/;          base-uri 'self'; object-src 'none';                   font-src 'self' https://fonts.googleapis.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://use.fontawesome.com/;          frame-src 'self' https://www.youtube-nocookie.com https://bid.g.doubleclick.net/ https://www.youtube.com/ https://www.facebook.com/ https://youtube.com/ https://maplesoft.demdex.net/ https://maplesoft.hrmdirect.com/ https://cdn.knightlab.com/ https://api.linktexting.com/ https://talent.sage.hr/ https://js.stripe.com/ https://app.termly.io/ https://s.company-target.com/ https://segments.company-target.com/ https://platform.twitter.com/ https://apis.google.com/ https://accounts.google.com/ https://developers.google.com/ http://developers.google.com https://td.doubleclick.net/;     media-src 'self' http://media.maplesoft.com.s3.amazonaws.com/ https://media.maplesoft.com https://media.maplesoft.com.s3.amazonaws.com/; 1
default-src 'self'; img-src 'self' data:; frame-src 'self' https://www.google.com https://www.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 'self' https://www.woopra.com https://static.woopra.com https://www.google.com https://www.gstatic.com; 1
default-src 'self' 'unsafe-inline' https://img.telemart.ua https://esputnik.com http://hotline.ua https://hotline.ua https://fonts.googleapis.com https://media.flixcar.com;font-src 'self' 'unsafe-inline' https://fonts.gstatic.com data:;img-src * 'self' data: https://img.telemart.ua http://img.telemart.ua https://www.google-analytics.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com http://cdn.sendpulse.com https://connect.facebook.net https://graph.facebook.com http://cdn.lenmit.com https://googleads.g.doubleclick.net https://hotline.ua https://ppcalc.privatbank.ua https://statics.esputnik.com https://www.google-analytics.com http://ajax.googleapis.com http://uaadcodedsp.rontar.com https://www.facebook.com https://www.googleadservices.com https://apis.google.com http://t.trafmag.com http://z.lenmit.com https://track.omguk.com https://pixel.adfyier.com https://webtrafficsource.com https://sdk.lemgear.com https://22admedia.com https://cdnjs.cloudflare.com https://static.hotjar.com https://api.hrznads.com http://api.hrznads.com/ https://forms.esputnik.com https://media.flixfacts.com http://media.flixfacts.com http://cralodas.com.ua http://m.cralodas.com.ua https://prod.flixgvid.flix360.io https://media.flixcar.com http://media.flixcar.com http://c.cralodas.com.ua https://apis.google.com;frame-src 'self' https://www.youtube.com https://www.google.com https://td.doubleclick.net https://www.facebook.com http://media.flixcar.com https://media.flixcar.com;connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://site-script.esputnik.com https://web-events.esputnik.com https://stats.g.doubleclick.net https://esputnik.com https://www.google.com https://www.google.com.ua https://google.com https://pagead2.googlesyndication.com https://streaming.bi.owox.com https://google-analytics.bi.owox.com https://region1.google-analytics.com https://region1.analytics.google.com https://webtrafficsource.com https://forms.esputnik.com https://media.flixfacts.com http://media.flixfacts.com http://media.flixcar.com https://rt.flix360.com https://rt.flix360.com 1
frame-ancestors 'none'; report-uri https://reporting.cybersecurity.2u.com 1
frame-ancestors 'self' https://shop.doterra.com; 1
object-src 'none'; block-all-mixed-content 1
default-src 'self';base-uri 'self'; script-src 'self'  'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com  https://www.google-analytics.com   https://tagmanager.google.com   https://www.googleadservices.com; img-src 'self'  https://www.google-analytics.com  https://www.google.com  https://stats.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com  https://www.google.com.tr data:; style-src 'self'  'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com; font-src 'self'  data: https://fonts.gstatic.com; frame-src 'self'; frame-ancestors 'self'; form-action https://*.btcturk.com; connect-src 'self'  https://www.google-analytics.com https://stats.g.doubleclick.net; media-src 'self'; object-src 'none'; 1
frame-ancestors 'self' https://clientes.hostinet.com https://www.hostinet.com https://hostinet.com https://consent.hostinet.com https://consent.cookiefirst.com https://editor-static-bucket.elementor.com/;frame-src 'self' data: youtube.com https://www.youtube.com youtu.be https://youtu.be embedsocial.com https://embedsocial.com livechat.messagebird.com https://livechat.messagebird.com/ ocw.messagebird.com/ https://ocw.messagebird.com/ https://editor-static-bucket.elementor.com/; 1
default-src 'self'; base-uri 'none'; connect-src https: wss: 'self'; font-src data: fonts.gstatic.com 'self'; frame-src 'self' https:; img-src https: data: 'self'; media-src https: 'self'; object-src 'none'; script-src  'nonce-b2EwYVpkdGUwMnQyUGZCM0s5UDhnN1k0NDNGYnQx' *.unifrog.org  www.dropbox.com/static/api/ apis.google.com accounts.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'self'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://csp.unifrog.org; 1
default-src 'self'; script-src 'self' 'unsafe-inline' data: blob: cdn.polyfill.io *.google-analytics.com *.googletagmanager.com *.googleapis.com www.google.com www.googleadservices.com sdk.privacy-center.org *.facebook.net *.vimeo.com *.twitter.com static.ads-twitter.com *.doubleclick.net *.hotjar.com *.iadvize.com *.twimg.com sc-static.net www.dwin1.com snap.licdn.com *.youtube.com *.youtube-nocookie.com *.autoroutes-trafic.fr authentication.autoroutes-trafic.fr wt3.autoroutes-trafic.fr s.ytimg.com maptiles.azureedge.net *.iadvize.com tag.aticdn.net *.facil-iti.app *.facil-iti.com *.mapbox.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.twitter.com *.twimg.com wt3.autoroutes-trafic.fr *.iadvize.com; img-src 'self' data: blob: *.vinci-autoroutes.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com px.ads.linkedin.com t.co *.google.com *.google.fr *.twimg.com *.twitter.com *.autoroutes-trafic.fr *.blob.core.windows.net *.facebook.com maptiles.azureedge.net *.ytimg.com *.vimeocdn.com filmsgieat.viewsurf.com *.iadvize.com *.privacy-center.org *.facil-iti.app *.facil-iti.com; media-src 'self' data: blob: gieat.viewsurf.com filmsgieat.viewsurf.com *.blob.core.windows.net *.vinci-autoroutes.com *.iadvize.com *.audiomeans.fr *.creacast.com; font-src 'self' data: fonts.gstatic.com *.iadvize.com *.facil-iti.app *.facil-iti.com; connect-src 'self' wss: *.googleapis.com *.blob.core.windows.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com api-ulys-beta.azure-api.net api-ulys.azure-api.net api-ulys-placemark-beta.azurewebsites.net api-ulys-tollstation-beta.azurewebsites.net api-ripit-rec.azurewebsites.net api-ripit.azurewebsites.net *.mapbox.com stats.g.doubleclick.net vimeo.com *.iadvize.com *.privacy-center.org *.xiti.com *.facil-iti.com *.facil-iti.app; frame-src 'self' *.vinci-autoroutes.com *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.vimeo.com *.vimeocdn.com vars.hotjar.com *.twitter.com *.facebook.com vinci-longvilliers.web.app *.iadvize.com *.facil-iti.app; child-src 'self' blob:; worker-src 'self' blob: 1
base-uri 'self' https://optimize.google.com http://optimize.google.com optimize.google.com; default-src 'self'; child-src 'self' https://www.facebook.com http://www.facebook.com www.facebook.com https://vars.hotjar.com http://vars.hotjar.com vars.hotjar.com https://mczbf.com http://mczbf.com mczbf.com https://kdukvh.com http://kdukvh.com kdukvh.com https://emjcd.com http://emjcd.com emjcd.com https://cj.dotomi.com http://cj.dotomi.com cj.dotomi.com https://members.cj.com http://members.cj.com members.cj.com; connect-src 'self' https://eshop.martinus.sk http://eshop.martinus.sk eshop.martinus.sk https://rs3.martinus.sk http://rs3.martinus.sk rs3.martinus.sk https://rs4.martinus.sk http://rs4.martinus.sk rs4.martinus.sk https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com http://*.analytics.google.com *.analytics.google.com https://www.facebook.com/tr/ http://www.facebook.com/tr/ www.facebook.com/tr/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net stats.g.doubleclick.net https://*.luigisbox.com http://*.luigisbox.com *.luigisbox.com https://api.infinario.com http://api.infinario.com api.infinario.com https://bam.nr-data.net http://bam.nr-data.net bam.nr-data.net https://bam-cell.nr-data.net http://bam-cell.nr-data.net bam-cell.nr-data.net https://mrecs.algopine.com http://mrecs.algopine.com mrecs.algopine.com https://optimize.google.com http://optimize.google.com optimize.google.com https://sentry.io http://sentry.io sentry.io https://*.hotjar.com http://*.hotjar.com *.hotjar.com https://vc.hotjar.io http://vc.hotjar.io vc.hotjar.io wss://*.hotjar.com https://consentcdn.cookiebot.com http://consentcdn.cookiebot.com consentcdn.cookiebot.com https://measure.martinus.cz http://measure.martinus.cz measure.martinus.cz https://measure.martinus.sk http://measure.martinus.sk measure.martinus.sk https://content.hotjar.io http://content.hotjar.io content.hotjar.io https://api.typeform.com http://api.typeform.com api.typeform.com https://*.posthog.com http://*.posthog.com *.posthog.com https://*.crazyegg.com http://*.crazyegg.com *.crazyegg.com https://api.databreakers.com http://api.databreakers.com api.databreakers.com https://script.google.com http://script.google.com script.google.com https://publicapi.databreakers.com http://publicapi.databreakers.com publicapi.databreakers.com https://individualizer.databreakers.com/v1/individualizer http://individualizer.databreakers.com/v1/individualizer individualizer.databreakers.com/v1/individualizer https://*.clarity.ms http://*.clarity.ms *.clarity.ms; font-src https://mrtns.eu http://mrtns.eu mrtns.eu https://mrtns.sk http://mrtns.sk mrtns.sk https://script.hotjar.com http://script.hotjar.com script.hotjar.com data:; form-action 'self' https://www.facebook.com/tr/ http://www.facebook.com/tr/ www.facebook.com/tr/ https://connect.facebook.net http://connect.facebook.net connect.facebook.net https://dva.martinus.sk http://dva.martinus.sk dva.martinus.sk https://ja.martinus.sk http://ja.martinus.sk ja.martinus.sk https://www.martinus.sk/my/profile http://www.martinus.sk/my/profile www.martinus.sk/my/profile https://b612.martinus.sk http://b612.martinus.sk b612.martinus.sk; frame-src 'self' https://www.youtube.com http://www.youtube.com www.youtube.com https://www.facebook.com http://www.facebook.com www.facebook.com https://staticxx.facebook.com http://staticxx.facebook.com staticxx.facebook.com https://connect.facebook.net http://connect.facebook.net connect.facebook.net https://vars.hotjar.com http://vars.hotjar.com vars.hotjar.com https://bid.g.doubleclick.net http://bid.g.doubleclick.net bid.g.doubleclick.net https://www.google.com http://www.google.com www.google.com https://api.infinario.com http://api.infinario.com api.infinario.com https://creativecdn.com http://creativecdn.com creativecdn.com https://*.creativecdn.com http://*.creativecdn.com *.creativecdn.com https://helpdesk.martinus.sk http://helpdesk.martinus.sk helpdesk.martinus.sk https://*.ladesk.com http://*.ladesk.com *.ladesk.com https://docs.google.com http://docs.google.com docs.google.com https://inres.uspech.sk http://inres.uspech.sk inres.uspech.sk https://player.vimeo.com http://player.vimeo.com player.vimeo.com https://martinus.us17.list-manage.com http://martinus.us17.list-manage.com martinus.us17.list-manage.com https://optimize.google.com http://optimize.google.com optimize.google.com https://consentcdn.cookiebot.com http://consentcdn.cookiebot.com consentcdn.cookiebot.com https://form.typeform.com http://form.typeform.com form.typeform.com; img-src * data:; media-src https://download.dibuk.eu http://download.dibuk.eu download.dibuk.eu; object-src 'none'; manifest-src 'self' https://www.martinus.sk/manifest.json http://www.martinus.sk/manifest.json www.martinus.sk/manifest.json https://www.martinus.cz/manifest.json http://www.martinus.cz/manifest.json www.martinus.cz/manifest.json; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://mrtns.eu http://mrtns.eu mrtns.eu https://mrtns.sk http://mrtns.sk mrtns.sk https://tagmanager.google.com http://tagmanager.google.com tagmanager.google.com https://cdn.luigisbox.com http://cdn.luigisbox.com cdn.luigisbox.com https://optimize.google.com http://optimize.google.com optimize.google.com https://fonts.googleapis.com http://fonts.googleapis.com fonts.googleapis.com https://embed.typeform.com http://embed.typeform.com embed.typeform.com https://*.crazyegg.com http://*.crazyegg.com *.crazyegg.com 'unsafe-inline'; worker-src 'self' https://api.infinario.com http://api.infinario.com api.infinario.com; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://lavoz.report-uri.io/r/default/csp/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com wss://*.zopim.com http://200.14.213.186 http://201.238.242.206:* http://*.adform.net http://*.ads-twitter.com http://*.clarochile.cl http://*.claromusica.com http://*.clarovideo.net http://*.doubleclick.net http://*.facebook.com http://*.facebook.net http://*.google-analytics.com http://*.googleapis.com http://*.googletagmanager.com http://*.gstatic.com http://*.hotjar.com:* http://*.hotjar.io http://lib-us-1.brilliantcollector.com http://*.twitter.com http://*.youtube.com http://ajax.aspnetcdn.com http://*.retargetly.com http://cap-sg-prd-1.securegateway.appdomain.cloud:15294 http://*.e-contact.cl http://clarochile.custhelp.com http://clickserv.sitescout.com http://ds-aksb-a.akamaihd.net http://elastic-app-amx.tmx-internacional.net http://geoportalclaro.maps.arcgis.com http://googleads.g.doubleclick.net http://maxcdn.bootstrapcdn.com http://pit2.telmexchile.cl http://pixel.sitescout.com http://servicios.fidelis.cl http://t.co http://track.neianalytics.com http://uscollector.tealeaf.ibmcloud.com http://www.altasclarovideo.com http://*.clarovideo.com http://www.clicktochat.cl http://www.google.cl http://*.google.com http://*.google.com.mx http://www.googleadservices.com http://www.portateahora.cl http://youtu.be https://200.14.213.186 https://201.238.242.206:* https://*.adform.net https://*.ads-twitter.com https://*.clarochile.cl https://*.claromusica.com https://*.clarovideo.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com:* https://*.hotjar.io https://*.idx.lat https://lib-us-1.brilliantcollector.com https://*.twitter.com https://*.youtube.com https://ajax.aspnetcdn.com https://*.retargetly.com https://cap-sg-prd-1.securegateway.appdomain.cloud:15294 https://*.e-contact.cl https://clarochile.custhelp.com https://clickserv.sitescout.com https://ds-aksb-a.akamaihd.net https://elastic-app-amx.tmx-internacional.net https://geoportalclaro.maps.arcgis.com https://googleads.g.doubleclick.net https://maxcdn.bootstrapcdn.com https://pit2.telmexchile.cl https://pixel.sitescout.com https://servicios.fidelis.cl https://t.co https://track.neianalytics.com https://uscollector.tealeaf.ibmcloud.com https://www.altasclarovideo.com https://*.clarovideo.com https://www.clicktochat.cl https://www.google.cl https://*.google.com https://*.google.com.mx https://google.com https://*.google.com.ar https://*.pangle-ads.com https://www.googleadservices.com https://www.portateahora.cl https://empresa.solvencia.cl https://claro.solvencia.cl https://plus.raak.cl https://unpkg.com https://player.vimeo.com https://www.youtube-nocookie.com https://www.googleoptimize.com https://convenioclaro.cl https://connect.facebook.net https://*.clarodigital.net https://*.clarity.ms https://lilac.maps.arcgis.com https://gis.lla.com https://analytics.tiktok.com https://*.cloud.vtr.cl https://dev.visualwebsiteoptimizer.com https://youtu.be https://*.vwo.com https://*.tivo.com https://tivo.pactsafe.io https://*.bing.com https://*.ingeauditech.cl https://cdnjs.cloudflare.com https://*.teads.tv https://*.vtr.cl https://*.vtr.com https://*.jsdelivr.net; media-src 'self' mediastream: https://*.clarochile.cl https://*.vtr.com https://*.cloud.vtr.cl; 1
default-src 'self' cdn.jsdelivr.net maxcdn.bootstrapcdn.com; connect-src 'self' *.getdrip.com www.google-analytics.com *.facebook.com *.hotjar.com *.hotjar.io *.olark.com *.doubleclick.net *.osano.com analytics.google.com rs.fullstory.com; font-src 'self' *.brandyourself.com data: fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net static.olark.com *.omappapi.com maxcdn.bootstrapcdn.com; form-action 'self'; img-src * data:; manifest-src 'self' *.brandyourself.com; media-src 'self' *.olark.com *.brandyourself.com; script-src 'self' 'unsafe-eval'  code.jquery.com fullstory.com *.fullstory.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com unpkg.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com *.omappapi.com *.doubleclick.net *.cloudfront.net *.facebook.net *.getdrip.com *.googleapis.com *.hotjar.com *.licdn.com *.olark.com *.optnmstr.com *.osano.com *.google.com *.gstatic.com sleeknotecustomerscripts.sleeknote.com 'nonce-66a2fb1021748' 'sha256-5pBTKcuNzhE2GOCOjgp/A2kciosBHOYJaUrhio7H5Nw=' 'sha256-dEzgimQfc4Eus/opVkbSjWR18IbrGWd7LBC+cHoppuw='; style-src 'self' 'unsafe-inline' blob: cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.olark.com *.omappapi.com unpkg.com *.googleapis.com *.brandyourself.com; frame-src *.olark.com *.vimeo.com *.hotjar.com *.google.com *.googleapis.com *.slideshare.net *.youtube.com cheddar.com; 1
frame-ancestors 'self' media.rakr.net; report-uri https://www.rackspace.com/en-gb/report-uri/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.express-scripts.com *.mdlive.com *.adobedtm.com *.qualtrics.com *.cigna.com *.s3.amazonaws.com *.branch.io *.everestjs.net *.omtrdc.net *.edge.adobedc.net *.demdex.net app.link *.googleapis.com tlt.cigna.com cdn.cookielaw.org *.onetrust.com; child-src 'self' blob: *.mdlive.com *.express-scripts.com *.s3.amazonaws.com *.youtube.com *.vimeo.com *.google.com; connect-src 'self' *.mdlive.com *.mktoresp.com *.adobedtm.com *.brightcove.com *.s3.amazonaws.com *.qualtrics.com *.mktoutil.com *.nr-data.net *.branch.io *.everestjs.net *.omtrdc.net *.edge.adobedc.net *.demdex.net *.prod.boltdns.net *.akamaihd.net app.link *.express-scripts.com tlt.cigna.com cdn.cookielaw.org *.onetrust.com *.optimizely.com *.googlesyndication.com *.bing.com *.verint-cdn.com *.wevalueyourfeedback.com *.brightcovecdn.com; font-src 'self' data: *.mdlive.com fonts.googleapis.com themes.googleusercontent.com fonts.gstatic.com *.marketo.com *.qualtrics.com *.verint-cdn.com *.wevalueyourfeedback.com; frame-src 'self' *.mdlive.com static.addtoany.com *.marketo.com *.demdex.net *.brightcove.net *.s3.amazonaws.com *.trustpilot.com *.qualtrics.com *.youtube.com *.vimeo.com activitymap.adobe.com pixel.sitescout.com *.facebook.com *.google.com *.doubleclick.net; img-src 'self' data: *.mdlive.com *.brightcove.com brightcove.hs.llnwd.net *.destinationrx.com *.qualtrics.com *.s3.amazonaws.com *.marketo.com *.express-scripts.com *.branch.io *.omtrdc.net *.edge.adobedc.net *.demdex.net *.everesttech.net *.prod.boltdns.net i.ytimg.com app.link tlt.cigna.com cdn.cookielaw.org *.onetrust.com px.gumgum.com *.reddit.com pixel.sitescout.com *.facebook.com *.googletagmanager.com *.google.com bat.bing.com *.verint-cdn.com *.wevalueyourfeedback.com *.brightcovecdn.com; media-src 'self' blob: *.brightcove.com *.s3.amazonaws.com *.prod.boltdns.net *.brightcovecdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.mdlive.com *.adobedtm.com *.googletagmanager.com munchkin.marketo.net *.brightcove.com *.marketo.com *.mktoresp.com *.brightcove.net *.qualtrics.com *.s3.amazonaws.com activitymap.adobe.com *.branch.io *.everestjs.net *.omtrdc.net *.edge.adobedc.net *.demdex.net app.link tlt.cigna.com cdn.cookielaw.org *.onetrust.com js-agent.newrelic.com cdn01.basis.net *.redditstatic.com *.facebook.com *.facebook.net *.google.com *.optimizely.com *.pardot.com *.gstatic.com *.doubleclick.net bat.bing.com *.verint-cdn.com *.wevalueyourfeedback.com assets.adobedtm.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://widget.trustpilot.com https://www.google.com; style-src 'self' 'unsafe-inline' *.mdlive.com fonts.googleapis.com fonts.gstatic.com *.marketo.com *.s3.amazonaws.com *.verint-cdn.com *.wevalueyourfeedback.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; frame-ancestors 'self' *.express-scripts.com *.mdlive.com 1
default-src                  'self'            blob:            *.pli.edu            *.akamaihd.net            *.live-video.net            testlegacy.pli.edu;                                      script-src    'self'            'unsafe-inline'  consent.trustarc.com  *.jsdelivr.net  pli.sandbox.my.site.com  pli.sandbox.my.salesforce-scrt.com  http://web-sdk-eu.aptrinsic.com       blob:            'unsafe-eval'     *.bootstrapcdn.com       localhost:44399            flex.cybersource.com            .hotjar.com: .hotjar.com: *.hotjar.io *.hotjar.io *.hotjar.com    *.pli.edu    *.udev1a.net  *.usablenet.com            http://www.google.com             www.gstatic.com            *.vo.msecnd.net            www.googletagmanager.com            http://maps.googleapis.com             tagmanager.google.com            *.google.ca            *.doubleclick.net            *.adsymptotic.com            *.clarity.ms            *.ads.linkedin.com            http://connect.facebook.net             *.bing.com            *.licdn.com            *.facebook.com            *.collect.igodigital.com            http://www.google-analytics.com             load.sumo.com            use.fortawesome.com            http://cdn.polyfill.io             http://code.jquery.com             http://cdnjs.cloudflare.com             http://stackpath.bootstrapcdn.com             http://dl.episerver.net             app.pageproofer.com            http://pi.pardot.com             sumo.b-cdn.net            downloads.mailchimp.com            script.crazyegg.com            mc.us17.list-manage.com            http://static.hotjar.com             http://script.hotjar.com             www.googleadservices.com            http://connect.facebook.net             sjs.bizographics.com            http://cdn.lr-ingest.io             *.doubleclick.net            *.igodigital.com            *.salesforceliveagent.com            *.idio.episerver.net            *.tfaforms.com              *.googleusercontent.com;              connect-src   'self'   *.trustarc.com  pli.sandbox.my.site.com  pli.sandbox.my.salesforce-scrt.com   wss://localhost:44355     wss://localhost:      wss://localhost:44313  *.googlesyndication.com   *.aptrinsic.com   *.linkedin.oribi.io  *.localhost:44356  wss://localhost:44356  localhost:44399            *.pli.edu           http://www.google.com            *.google.ca    *.googleapis.com        plihdpackage-lh.akamaihd.net            *.live-video.net            *.doubleclick.net            *.adsymptotic.com            *.ads.linkedin.com            http://connect.facebook.net             *.bing.com    *.pli.edu        *.licdn.com            *.facebook.com            *.collect.igodigital.com            http://www.google-analytics.com             testflex.cybersource.com            flex.cybersource.com            *.facebook.com            *.collect.igodigital.com            r.lr-ingest.io            http://sumo.com             dc.services.visualstudio.com            media.sumo.com            *.hotjar.io            *.hotjar.com            *.clarity.ms            *.hotjar.com            *.tfaforms.com            http://app.formassembly.com ;              font-src            'self'       *.cloudfront.net     *.pli.edu   fonts.gstatic.com   vars.hotjar.com  http://static.hotjar.com            http://script.hotjar.com            *.trustarc.com;         frame-ancestors 'self' ;  frame-src                  'self'     *.trustarc.com  *.pli.edu    *.udev1a.net  *.usablenet.com   testflex.cybersource.com  pli.sandbox.my.site.com  pli.sandbox.my.salesforce-scrt.com        flex.cybersource.com            http://www.google.com             app.pageproofer.com            www.youtube-nocookie.com            http://www.youtube.com             http://player.vimeo.com             vars.hotjar.com            careers-pli.icims.com            http://www.podbean.com             *.doubleclick.net            plihdpackage-lh.akamaihd.net            *.live-video.net            *.tfaforms.com            *.formassembly.com;              style-src     'self'   *.pli.edu      'unsafe-inline'   *.aptrinsic.com   http://maxcdn.bootstrapcdn.com    http://cdn.jsdelivr.net     use.fortawesome.com            downloads.mailchimp.com            mc.us17.list-manage.com            sumo.b-cdn.net            fonts.googleapis.com            http://dl.episerver.net             sjs.bizographics.com            tagmanager.google.com            www.googletagmanager.com            http://app.formassembly.com  pli.sandbox.my.site.com  pli.sandbox.my.salesforce-scrt.com;     style-src-elem   'self'   'unsafe-inline'  pli.sandbox.my.site.com  pli.sandbox.my.salesforce-scrt.com  *.udev1a.net   *.usablenet.com       http://cdn.jsdelivr.net    http://maxcdn.bootstrapcdn.com     *.aptrinsic.com     www.gstatic.com    fonts.gstatic.com;    img-src                  'self'          *.truste.com  *.trustarc.com  *.pli.edu            data:            fonts.gstatic.com            maps.gstatic.com            http://maps.googleapis.com             www.googletagmanager.com            http://dl.episerver.net         *.usablenet.com          *.google.ca            *.adsymptotic.com            *.ads.linkedin.com            http://connect.facebook.net             *.bing.com            *.hotjar.com            *.hotjar.io            *.licdn.com            *.facebook.com            *.collect.igodigital.com            http://www.google-analytics.com             ssl.gstatic.com            www.gstatic.com            http://www.google.com             gallery.mailchimp.com            media.sumo.com            *.clarity.ms            http://sumo.com  data http://sumo.com             http://dl.episerver.net           *.googleusercontent.com;              base-uri                  'self'; 1
script-src 'self' https://cdn.jsdelivr.net/gh/highlightjs/ https://cdn.jsdelivr.net/npm/mathjax@3/ https://cdnjs.cloudflare.com/polyfill/v3/;style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/gh/highlightjs/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css; 1
default-src https: https://*.fh-swf.de;frame-ancestors https://*.etracker.com;  script-src 'self' https://*.fh-swf.de https://static.b-ite.com https://www.evergabe.nrw.de https://unpkg.com https://openlayers.org https://static.etracker.com/code/e.js https://cdnjs.cloudflare.com/ajax/libs/jquery-easing/ https://cdnjs.cloudflare.com/ajax/libs/underscore.js/ https://*.etracker.com https://*.etracker.de https://cs-assets.b-ite.com/fachhochschule-suedwestfalen/jobs-api/ 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob: http://*.tile.openstreetmap.org; worker-src blob: 1
report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-8wqxv1JSN7tJoIpGG1ktk0YHmkM=' 'nonce-9aEM189RCmJjeLvjIX7Aaufe3cU=' 1
upgrade-insecure-requests; block-all-mixed-content; frame-ancestors *.clifbar.com; 1
default-src https: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src * blob:; media-src https: data: blob:; worker-src https: blob:; upgrade-insecure-requests; frame-ancestors 'self' https://*.mijnmagazines.be https://*.twipemobile.com; 1
frame-ancestors http://methstreams.com http://nbastreamswatch.com http://nbastreamslinks.com http://watchnbastreams.com http://crackstreams.ws 1
frame-ancestors 'self' pluralsight.com pluralsight.highspot.com; 1
default-src 'self' adserv.prsa.org *.feathr.co *.prsa.org *.jwp.io *.jwplayer.com *.jwpcdn.com *.google-analytics.com *.jwpsrc.com *.jwpsrv.com *.twitch.tv cdn3.wowza.com player.cloud.wowza.com documentcloud.adobe.com *.adobe.com *.adobe.io *.informz.net wp.prsa.org quiz.tryinteract.com mightstream.com whova.com *.cloudfront.net *.paypal.com *.paypalobjects.com *.w3.org *.typekit.net netdna.bootstrapcdn.com *.informz.net analytics.google.com cdn.linkedin.oribi.io *.vimeo.com *.gstatic.com *.googleapis.com px.ads.linkedin.com *.acsbapp.com acsbapp.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googleapis.com *.googletagmanager.com *.jwplayer.com *.jwpcdn.com *.gstatic.com acsbapp.com *.acsbapp.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org *.fontawesome.com adserv.prsa.org jobs.prsa.org *.juicer.io *.tawk.to cdn.jsdelivr.net *.feathr.co *.tickcounter.com *.licdn.com *.jwpsrc.com *.jwpsrv.com cdn1.prsa.org https://jwp.io/ cdn.jwplayer.com player.twitch.tv *.cloud.wowza.com documentcloud.adobe.com *.adobe.com *.youtube.com *.youtube-nocookie.com *.informz.net quiz.tryinteract.com mightstream.com whova.com *.cloudfront.net *.paypal.com *.paypalobjects.com *.w3.org *.typekit.net netdna.bootstrapcdn.com *.informz.net *.vimeo.com *.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' adserv.prsa.org *.googleapis.com *.gstatic.com https://www.googletagmanager.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com dec.azureedge.net platform.twitter.com/css/ player.cloud.wowza.com *.twimg.com *.fontawesome.com via.placeholder.com *.juicer.io *.tawk.to cdn.jsdelivr.net *.jwplayer.com *.jwpcdn.com cdn.prsa.org jwp.io documentcloud.adobe.com *.adobe.com *.youtube-nocookie.com quiz.tryinteract.com whova.com *.cloudfront.net *.paypal.com *.paypalobjects.com *.w3.org *.typekit.net netdna.bootstrapcdn.com *.informz.net *.vimeo.com *.gstatic.com *.googleapis.com; font-src 'self' adserv.prsa.org fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com *.juicer.io *.tawk.to cdn.jsdelivr.net *.jwplayer.com *.jwpcdn.com http://cdn.prsa.org/ https://jwp.io/ whova.com *.cloudfront.net *.typekit.net *.informz.net *.vimeo.com *.gstatic.com *.googleapis.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com https://www.googletagmanager.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com via.placeholder.com adserv.prsa.org *.juicer.io *.tawk.to cdn.jsdelivr.net *.jwplayer.com *.jwpcdn.com *.jwpsrv.com *.jwpltx.com *.feathr.co *.linkedin.com *.adsymptotic.com match.adsrvr.org http://cdn.prsa.org/ https://jwp.io/ documentcloud.adobe.com *.adobe.com whova.com *.cloudfront.net *.paypal.com *.paypalobjects.com *.typekit.net *.informz.net *.vimeo.com *.gstatic.com *.googleapis.com; media-src 'self' data: blob: adserv.prsa.org cdn.prsa.org jwp.io cdn.jwplayer.com cdn3.wowza.com whova.com *.cloudfront.net *.typekit.net *.informz.net *.vimeo.com *.gstatic.com *.googleapis.com; form-action 'self' adserv.prsa.org *.facebook.com *.prsa.org quiz.tryinteract.com whova.com *.cloudfront.net *.paypal.com *.paypalobjects.com *.w3.org *.typekit.net *.informz.net *.vimeo.com *.gstatic.com *.googleapis.com; frame-src 'self' *.youtube.com *.twitter.com https://mightstream.com https://www.mightstream.com https://twitter.com https://jwp.io/ https://cdn.jwplayer.com/ adserv.prsa.org *.jwpsrv.com *.jwplayer.com *.tickcounter.com cdn1.prsa.org cdn2.prsa.org *.facebook.com *.twitch.tv *.adobe.com *.cloud.wowza.com/ wp.prsa.org myprsa.prsa.org quiz.tryinteract.com *.youtube-nocookie.com whova.com *.cloudfront.net *.apple.com *.paypal.com *.paypalobjects.com *.w3.org *.typekit.net *.google.com https://outlook.office365.com netdna.bootstrapcdn.com https://netdna.bootstrapcdn.com *.informz.net *.vimeo.com *.gstatic.com *.googleapis.com *.fontawesome.com; 1
object-src 'none';child-src 'self';frame-ancestors 'none' 1
frame-ancestors 'self' https://tmw.secure.vmd.ca; 1
frame-ancestors 'self' https://*.contentful.com https://*.greenislandpreview.be https://starcasino.be; 1
frame-ancestors 'self' https://admin.518.com.tw 1
default-src 'self'; img-src * data: https://*.google-analytics.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline'; media-src *.gtflixtv.com *.pornworld.com; script-src 'self' 'nonce-tKFw9L6HpWsHGqom0PIDQA==' tracking.sexcash.com https://*.googletagmanager.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com 1
script-src 'self' 'unsafe-eval' https://connect.facebook.net https://am.yahoo.co.jp https://b99.yahoo.co.jp https://www.google-analytics.com assets.adobedtm.com https://www.googletagmanager.com http://hm.mieru-ca.com https://hpjp.mieru-ca.com https://www.everestjs.net https://s.yimg.jp http://aigjapan.sc.omtrdc.net https://www.youtube.com 'sha256-dMIRRtml3Oi21Iaq03PtC+8mIuBozHki1nfF3K1YXgw=' 'sha256-Yw3/67WDFoT7czVF2RALaOaLaRtweKwjgMzcHEb7oIs=' 'sha256-+/WzJIUpU+5NsHuQGBp2n0iZvi5LUQ0h8K/qrDy2YJQ=' 'sha256-T4GdVguKtoAY/4wetSihwnlAEpUpN0SBr64TOJa8NU0=' 'sha256-KIDFo1cCsPZjm0CKg+wI3amz1hzD9mNUJ2+4AGHa3uU=' 'sha256-LBsTTQlX5+H68ly1EZvOY6Z9bHzQqntXIpb70r7UJis=' 'sha256-U/nEWHrEPshKXL66+Ph2p6sLJqyHx9w9Sjv8K1Ya0zU=' 'sha256-BcF795XkHI9YEs7DNkb2Auwhmzf0SqcdlO/cXV17POc=' 'sha256-cQonxShNT1IfSfxwOOa2GnQjv3H9iqQdPYmUrW6Tl9w=' 'sha256-Dsxt1/qoUZUtAc/xB2KsqxHj3ORjhh9iGH+ezhmuyks=' 'nonce-qxbfbxjinwnnda';script-src-elem 'self' https://connect.facebook.net https://am.yahoo.co.jp https://b99.yahoo.co.jp https://www.google-analytics.com assets.adobedtm.com https://www.googletagmanager.com http://hm.mieru-ca.com https://hpjp.mieru-ca.com https://www.everestjs.net https://s.yimg.jp http://aigjapan.sc.omtrdc.net https://www.youtube.com 'sha256-dMIRRtml3Oi21Iaq03PtC+8mIuBozHki1nfF3K1YXgw=' 'sha256-Yw3/67WDFoT7czVF2RALaOaLaRtweKwjgMzcHEb7oIs=' 'sha256-+/WzJIUpU+5NsHuQGBp2n0iZvi5LUQ0h8K/qrDy2YJQ=' 'sha256-T4GdVguKtoAY/4wetSihwnlAEpUpN0SBr64TOJa8NU0=' 'sha256-KIDFo1cCsPZjm0CKg+wI3amz1hzD9mNUJ2+4AGHa3uU=' 'sha256-LBsTTQlX5+H68ly1EZvOY6Z9bHzQqntXIpb70r7UJis=' 'sha256-U/nEWHrEPshKXL66+Ph2p6sLJqyHx9w9Sjv8K1Ya0zU=' 'sha256-BcF795XkHI9YEs7DNkb2Auwhmzf0SqcdlO/cXV17POc=' 'sha256-cQonxShNT1IfSfxwOOa2GnQjv3H9iqQdPYmUrW6Tl9w=' 'sha256-Dsxt1/qoUZUtAc/xB2KsqxHj3ORjhh9iGH+ezhmuyks=' 'nonce-qxbfbxjinwnnda'; 1
frame-src 'self' https://*.seabourn.com https://*.freedompay.com https://*.facebook.net https://*.facebook.com https://www.youtube.com https://www.instagram.com https://x.com https://twitter.com https://assets.adobedtm.com https://nebula-cdn.kampyle.com https://snap.licdn.com https://cdnjs.cloudflare.com https://*.go-mpulse.net https://*.akamaihd.net https://na-gateway.mastercard.com https://mtf.gateway.mastercard.com https://tags.fullcontact.com https://carnivalbrands.tt.omtrdc.net https://www.clarity.ms https://*.niceincontact.com https://s.yimg.com https://a.tribalfusion.com https://*.googletagmanager.com https://*.doubleclick.net https://www.gstatic.com https://*.googleadservices.com https://www.google.com https://*.googlesyndication.com https://*.levelaccess.net https://*.impactcdn.com https://*.quantummetric.com https://trck.spoteffects.net https://v5sostqm.micpn.com https://static.simonsignal.com https://*.bing.com; 1
font-src 'self' themes.googleusercontent.com; object-src 'none'; base-uri 'self'; frame-ancestors 'self' 1
frame-src 'self' js.stripe.com; object-src 'none'; frame-ancestors 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://inductiveautomation.com http://account.ia.local/ https://*.inductiveautomation.com https://*.inductiveuniversity.com https://inductiveuniversity.com https://s3.amazonaws.com https://files.inductiveautomation.com https://icccdn.s3.amazonaws.com https://icccdn-production.s3.amazonaws.com https://icccdn-staging.s3.amazonaws.com https://code.jquery.com https://*.youtube.com https://disqus.com https://*.disqus.com https://*.disquscdn.com https://*.wistia.com https://*.wistia.net http://embedwistia-a.akamaihd.net https://*.typekit.net https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.opentracker.net https://*.crazyegg.com https://*.litix.io https://*.marketo.net https://*.mktoresp.com https://*.twitter.com https://*.twimg.com https://*.facebook.net https://*.facebook.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.licdn.com https://cdn.viglink.com https://cdn.jsdelivr.net https://*.adsymptotic.com https://*.stripe.com https://*.stripe.network https://*.akamaized.net https://*.vimeocdn.com https://*.vimeo.com https://*.podbean.com https://*.cdninstagram.com https://*.fontawesome.com https://canny.io https://*.rawgit.com https://*.cloudflare.com https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.getsitecontrol.com https://*.getsitectrl.com https://*.googleadservices.com https://*.doubleclick.net https://js.hs-scripts.com https://*.mouseflow.com https://unpkg.com data: blob:; block-all-mixed-content 1
default-src 'self';style-src 'self' 'unsafe-inline' fonts.gstatic.com fonts.googleapis.com maxcdn.bootstrapcdn.com unpkg.com *.co-vin.in *.gov.in;font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com; script-src 'self'  *.co-vin.in *.gov.in 'unsafe-inline' maxcdn.bootstrapcdn.com prod-cdn.preprod.co-vin.in  *.mapmyindia.com www.mappls.com *.mapmyindia.in data: blob:;connect-src 'self' *.co-vin.in *.gov.in wss://websocketprod.co-vin.in www.mappls.com *.mapmyindia.com *.mapmyindia.in data;img-src 'self' *.co-vin.in *.gov.in *.mapmyindia.com *.mapmyindia.in data: blob:; 1
frame-src 'self' vecer.com *.vecer.com * 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://*.gs.com https://*.gsam.com https://*.akamaihd.net https://consent.trustarc.com https://tags.bkrtx.com https://*.blueconic.net https://www.googletagmanager.com https://snap.licdn.com https://w.usabilla.com https://px.ads.linkedin.com https://pi.pardot.com https://cdn.pardot.com https://*.google-analytics.com https://static.ads-twitter.com https://api.usabilla.com https://*.nnip.com ; style-src 'report-sample' 'unsafe-inline' 'self' https://*.blueconic.net https://*.cloudfront.net ; object-src 'none'; base-uri 'self' https://*.cloudfront.net ; connect-src 'self' https://*.demdex.net https://*.omtrdc.net https://cdn.contentful.com https://*.blueconic.net https://images.ctfassets.net https://*.google-analytics.com https://stats.g.doubleclick.net https://api.usabilla.com https://consent-pref.trustarc.com https://*.nnip.com ; font-src 'self' https://*.cloudfront.net https://consent.trustarc.com ; frame-src 'self' https://gsam.sc.omtrdc.net https://consent-pref.trustarc.com https://www.youtube.com https://share.transistor.fm https://stags.bluekai.com ; img-src 'self' data: https://*.omtrdc.net https://consent.trustarc.com https://consent-pref.trustarc.com https://images.ctfassets.net https://*.google-analytics.com https://*.cloudfront.net https://*.linkedin.com https://w.usabilla.com ; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
frame-ancestors https://www.chasepaymentechhostedpay.com https://havenlife.com 1
object-src 'none'; base-uri 'self';img-src *.melee.gg 'self' data: https://www.paypalobjects.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.datatables.net https://www.disneylorcana.com https://t.paypal.com; script-src 'unsafe-inline' 'self' 'unsafe-eval' https://www.paypal.com https://cdn.melee.gg https://www.googletagmanager.com https://embed.twitch.tv https://www.youtube.com https://www.disneylorcana.com https://www.paypalobjects.com https://cdn.datatables.net https://www.datadoghq-browser-agent.com https://www.google-analytics.com; frame-ancestors 'none'; 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.sogetel.com *.sogetel.net *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.gstatic.com *.googleusercontent.com maps.google.com *.pure.cloud; frame-src *.tvpassport.com *.speedtestcustom.com *.pure.cloud; connect-src wss: *.sogetel.com *.sogetel.net *.pure.cloud; object-src 'none'; upgrade-insecure-requests; 1
frame-src 'self' https://webchat.bidv.com.vn https://bidv.com.vn https://ebank.bidv.com.vn:8000 https://ebank.bidv.com.vn:8001 https://*.google.com https://www.youtube.com https://bidv-livechat.fpt.ai https://bidvbrandvn.api.use https://bidvbrandvn.api.useinsider.com https://*.doubleclick.net 1
default-src 'self' https://go.mercurycards.com; style-src * 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors 'self' https://cp.apply.creditkarma.com/ https://*.facebook.com https://embedded.creditkarma.com/ http://development.amazon.com/ http://pre-prod.amazon.com/ https://www.amazon.com/ https://*.amazon.com/; frame-src 'self' blob: https://testflex.cybersource.com https://flex.cybersource.com https://cmp.osano.com https://connect2.finicity.com https://hcaptcha.com https://*.hcaptcha.com https://s.amazon-adsystem.com https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/ https://1.b406929acabac9b095f124c81bdfcf57f.com/ https://1.c81358859121583b7adf2ace89cb39f44.com/ https://bcdn-god.we-stats.com https://mercuryfinancialciam.okta.com https://www.google.com https://www.inspectlet.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://cdn.trustev.com; object-src 'self' blob:; font-src 'self' * data:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.kameleoon.eu https://testflex.cybersource.com https://flex.cybersource.com https://cmp.osano.com https://go.mercurycards.com https://banner.urlgeni.us https://hcaptcha.com https://*.hcaptcha.com https://c.amazon-adsystem.com https://bcdn-god.we-stats.com https://*.qualtrics.com https://*.fullstory.com https://www.googleadservices.com https://partner.googleadservices.com https://tagmanager.google.com https://mpsnare.iesnare.com https://googlesyndication.com https://www.mercurycards.com https://workforcenow.adp.com https://adservice.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://aa.agkn.com/adscores http://www.macromedia.com https://aa.agkn.com https://pagead2.googlesyndication.com https://www.google-analytics.com https://api.cybersource.com https://apitest.cybersource.com https://cdnjs.cloudflare.com/ https://d10lpsik1i8c69.cloudfront.net https://connect.facebook.net https://cdn.inspectlet.com https://app.trustev.com https://cdn-us.trustev.com https://tpc.googlesyndication.com https://static.ads-twitter.com https://snap.licdn.com blob:; connect-src 'self' https://*.ctfassets.net https://*.contentful.com https://thefontzone.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://testflex.cybersource.com https://flex.cybersource.com https://disclosure.api.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://hcaptcha.com https://*.hcaptcha.com wss://mpsnare.iesnare.com https://wup.mercurycards.com https://logs.mercurycards.com https://mercuryfinancialciam.okta.com https://siteintercept.qualtrics.com https://edge.fullstory.com https://rs.fullstory.com https://*.fullstory.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.cybersource.com https://apitest.cybersource.com https://pagead2.googlesyndication.com https://settings.luckyorange.net https://hn.inspectlet.com wss://ws.inspectlet.com https://app.trustev.com https://cdn-us.trustev.com https://cdn.trustev.com; media-src 'self' data: wss://mpsnare.iesnare.com https://mpsnare.iesnare.com 1
default-src 'self' *.materialdesignicons.com *.azurefd.net *.jsdelivr.net *.zoom.us *.doubleclick.net *.cloudfront.net *.googlesyndication.com *.twitter.com *.opticsinfobase.org *.titanembeds.com *.boltdns.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.osa.org *.3playmedia.com s3.amazonaws.com https://challenges.cloudflare.com/turnstile/ https://unpkg.com *.jsdelivr.net *.cvent.com cdn.mxpnl.com *.mixpanel.com *.zoom.us code.jquery.com *.twitter.com *.doubleclick.net *.ampproject.org *.googleapis.com *.googlesyndication.com *.google-analytics.com www.googleadservices.com *.google.com www.googletagmanager.com www.googletagservices.com www.gstatic.com *.brightcove.net *.zencdn.net *.twimg.com *.ytimg.com www.youtube.com *.myfonts.net *.simpli.fi *.licdn.com *.knightlab.com https://kit.fontawesome.com blob:; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; font-src 'self' data: *; connect-src 'self' cdn.opticsinfobase.org *.gstatic.com *.googleapis.com *.google-analytics.com *.google.com *.3playmedia.com *.cloudfront.net *.osa.org wss://*.osa.org http://www.frontiersinoptics.com www.frontiersinoptics.org www.cleoconference.org www.ofcconference.com api-js.mixpanel.com *.brightcove.com *.brightcove.net *.boltdns.net *.googlesyndication.com *.akamaihd.net *.doubleclick.net https://unpkg.com https://*.zoom.us wss://*.zoom.us https://*.linkedin.com https://*.fontawesome.com blob:; media-src 'self' *.osa.org *.talkjs.com *.zoom.us *.boltdns.net *.akamaihd.net blob:; object-src 'self' *.azurefd.net cdn.opticsinfobase.org cdn.materialdesignicons.com *.cloudfront.net *.googlesyndication.com *.blob.core.windows.net https://*.zoom.us; frame-src 'self' *.azurefd.net *.brightcove.net *.cloudfront.net *.blob.core.windows.net *.osa.org cdn.opticsinfobase.org *.frontiersinoptics.com *.google.com *.googlesyndication.com *.youtube.com https://challenges.cloudflare.com/ https://*.doubleclick.net; frame-ancestors 'self' *.osa.org *.optica.org *.frontiersinoptics.com 1
child-src 'self' *.rfihub.com *.youtube.com *.doubleclick.net *.cosmopolitanlasvegas.com *.addthis.com *.criteo.com *.tocktix.com *.meetingbroker.com *.ticketmaster.com *.chargerback.com *.triptease.io *.exploretock.com bttrack.com *.bttrack.com *.tamgrt.com *.sevenrooms.com sevenrooms.com *.flashtalking.com *.lpsnmedia.net *.facebook.com *.opentable.com liveperson.net *.liveperson.net *.liveperson.com *.lprnd.net *.tripleseat.com google-analytics.com *.google-analytics.com *.snapchat.com https://www.surveygizmo.com/ *.pixlee.co *.cosmopolitanlasvegas.com.pagescdn.com *.mgmresorts.com;frame-ancestors 'self' *.rfihub.com *.youtube.com *.doubleclick.net *.cosmopolitanlasvegas.com *.addthis.com *.criteo.com *.tocktix.com *.meetingbroker.com *.ticketmaster.com *.chargerback.com *.triptease.io *.exploretock.com bttrack.com *.bttrack.com *.tamgrt.com *.sevenrooms.com sevenrooms.com *.flashtalking.com *.lpsnmedia.net *.facebook.com *.opentable.com liveperson.net *.liveperson.net *.liveperson.com *.lprnd.net *.tripleseat.com google-analytics.com *.google-analytics.com *.snapchat.com https://www.surveygizmo.com/ *.pixlee.co *.cosmopolitanlasvegas.com.pagescdn.com *.mgmresorts.com;frame-src 'self' *.rfihub.com *.youtube.com *.doubleclick.net *.cosmopolitanlasvegas.com *.addthis.com *.criteo.com *.tocktix.com *.meetingbroker.com *.ticketmaster.com *.chargerback.com *.triptease.io *.exploretock.com bttrack.com *.bttrack.com *.tamgrt.com *.sevenrooms.com sevenrooms.com *.flashtalking.com *.lpsnmedia.net *.facebook.com *.opentable.com liveperson.net *.liveperson.net *.liveperson.com *.lprnd.net *.tripleseat.com google-analytics.com *.google-analytics.com *.snapchat.com https://www.surveygizmo.com/ *.pixlee.co *.cosmopolitanlasvegas.com.pagescdn.com *.mgmresorts.com 1
object-src 'self'; frame-src 'self'; child-src 'none'; frame-ancestors 'none'; 1
child-src *, child-src *; 1
frame-ancestors https://*.infinitecampus.com 1
default-src 'self'; script-src-elem 'self' 'unsafe-inline' https://cdn.boomtrain.com/ https://live.rezync.com/ https://cdn.jsdelivr.net/ https://www.googleadservices.com/ https://secure.adnxs.com/ https://siteimproveanalytics.com/js/ https://s.swiftypecdn.com/install/v2/st.js https://code.jquery.com/ https://acsbapp.com/ https://*.clarity.ms/ https://bat.bing.com/ https://api.swiftype.com/ https://www.gstatic.com/recaptcha/releases/ https://www.google.com/recaptcha/api.js https://ads.nextdoor.com/public/pixel/ndp.js https://rules.quantcount.com/rules-p-eCN54U9Yg9Egs.js https://secure.quantserve.com/quant.js https://tags.srv.stackadapt.com/events.js https://*.qualtrics.com https://js.adsrvr.org/ https://player.vimeo.com https://action.media6degrees.com/ https://www.googletagmanager.com https://action.dstillery.com https://assets.adobedtm.com https://connect.facebook.net https://googleads.g.doubleclick.net/ https://sidebar.bugherd.com https://www.bugherd.com; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://action.dstillery.com/orbserv/nsjs https://ads.nextdoor.com/public/pixel/ndp.js https://assets.adobedtm.com/ https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net https://js.adsrvr.org/ https://player.vimeo.com/api/player.js https://rules.quantcount.com/ https://secure.quantserve.com/quant.js https://siteimproveanalytics.com/js/ https://*.qualtrics.com/ https://tags.srv.stackadapt.com/events.js https://www.google.com/recaptcha/ https://www.googletagmanager.com/gtag/js; style-src 'report-sample' 'self'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://s.swiftypecdn.com/ https://tags.srv.stackadapt.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://onsiterecs.api.boomtrain.com/ https://events.api.boomtrain.com/ https://people.api.boomtrain.com/ https://accesswidget-log-receiver.acsbapp.com/ https://backend.acsbapp.com/ https://*.clarity.ms/ https://sidebar.bugherd.com/ https://srp.hb-api.omtrdc.net/ https://search-api.swiftype.com/ https://s.swiftypecdn.com/ https://acsbapp.com/ https://cdn.acsbapp.com/ https://sessions.bugsnag.com/ https://sockjs.pusher.com/ https://pixel.quantcount.com/tag/error https://*.qualtrics.com https://smetrics.srpnet.com https://www.facebook.com https://dpm.demdex.net https://tags.srv.stackadapt.com; font-src 'self'; frame-src 'self' https://*.qualtrics.com/ https://www.arcgis.com/ https://arcgis.com/ https://vimeo.com/ https://td.doubleclick.net/ https://experience.arcgis.com/ https://srp-gis.maps.arcgis.com/ https://player.vimeo.com/ https://insight.adsrvr.org/ https://www.google.com/ https://sidebar.bugherd.com/ https://srp.demdex.net/ https://www.facebook.com/; img-src 'self' https://*.clarity.ms/ https://powertogrowphx.com/ https://*.rfihub.com/ https://i0.wp.com/ https://i2.wp.com/ https://sidebar.bugherd.com/ https://bugherd-attachments.s3.amazonaws.com/ https://googleads.g.doubleclick.net/ https://www.youtube.com/ https://i.vimeocdn.com/ https://insight.adsrvr.org/ https://trkn.us/ https://ad.doubleclick.net/ https://cc.swiftype.com/ https://d21y75miwcfqoq.cloudfront.net/e144f3ba https://d2iiunr5ws5ch1.cloudfront.net/ https://bat.bing.com/ https://px.adentifi.com/ https://dpm.demdex.net/ https://ib.adnxs.com/ https://11648.global.siteimproveanalytics.io https://blog.srpnet.com https://ciqtracking.com https://flask.nextdoor.com https://pixel.quantserve.com https://r.turn.com https://secure.adnxs.com/ https://*.qualtrics.com https://smetrics.srpnet.com https://www.facebook.com https://cm.everesttech.net https://content.presspage.com data: https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; report-uri https://srpnet.report-uri.com/r/d/csp/wizard; form-action 'self' https://*.qualtrics.com https://myaccount.srpnet.com/ https://www.facebook.com/tr/ https://myaccountreg.srpnet.com/; frame-ancestors 'self'; worker-src 'none'; 1
frame-ancestors 'self' vk.com *.vk.com; report-uri https://vk.com/csp 1
default-src 'self';   script-src * 'unsafe-inline' 'unsafe-eval'  *.linkedin.com https://secure.dawn3host.com https://tagmanager.google.com challenges.cloudflare.com *.revizto.com *.googlesyndication.com t.co bat.bing.com *.hotjar.io *.google.com googleads.g.doubleclick.net cdnjs.cloudflare.com fonts.googleapis.com ad.doubleclick.net analytics.google.com www.google.ge www.googletagmanager.com 12649329.fls.doubleclick.net stats.g.doubleclick.net adservice.google.com performance.radar.cloudflare.com ws.zoominfo.com *.googleadservices.com https://ssl.google-analytics.com *.google-analytics.com https://*.googletagmanager.com *.twitter.com *.ads-twitter.com *.stripe.network https://m.stripe.network ;  media-src 'self' data:  *.linkedin.com ;   img-src 'self' data: blob:  *.ads-twitter.com *.twitter.com *.linkedin.com https://img.youtube.com https://i.ytimg.com https://resources.bamboohr.com https://bat.bing.com https://t.co https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat ;   font-src 'self' data:  https://fonts.gstatic.com ;   style-src 'self' 'unsafe-inline'  *.linkedin.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://storage.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com *.twitter.com *.ads-twitter.com ;  connect-src 'self' data:  *.linkedin.com https://bat.bing.com https://www.googleadservices.com https://storage.googleapis.com https://fonts.googleapis.com wss://ws.hotjar.com https://content.hotjar.io ade.googlesyndication.com fls.doubleclick.net performance.radar.cloudflare.com ws.zoominfo.com info.revizto.com https://revizto.bamboohr.com *.hotjar.io https://yoast.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.ads-twitter.com *.twitter.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat ;  object-src 'self'  *.linkedin.com ;   base-uri 'self'  *.linkedin.com ;   form-action 'self'  *.linkedin.com ;   style-src-attr 'self' 'unsafe-inline'  *.linkedin.com ;   script-src-elem 'self' 'unsafe-inline' blob *.linkedin.com *.revizto.com https://secure.dawn3host.com https://www.google.com https://www.googletagmanager.com https://static.hotjar.com https://cdn.cookie-script.com https://script.hotjar.com https://cdnjs.cloudflare.com https://www.gstatic.com https://revizto.bamboohr.com https://www.youtube.com https://bat.bing.com https://snap.licdn.com https://ws.zoominfo.com https://connect.facebook.net *.ads-twitter.com *.twitter.com https://m.stripe.network ;  worker-src blob: 'self'  *.linkedin.com *.twitter.com ;   frame-src 'self'  *.linkedin.com https://www.google.com https://www.youtube.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://td.doubleclick.net https://registration.socio.events *.twitter.com *.ads-twitter.com ;  report-uri /policy-report.php; 1
frame-ancestors 'self' https://*.mncdn.com; 1
default-src 'self'; connect-src newpaltz.edu www.newpaltz.edu *.adroll.com jobsability.azurewebsites.net directline.botframework.com wss://directline.botframework.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com *.ibytedtos.com api.idonate.com *.tts.speech.microsoft.com wss://ai.ocelotbot.com *.ocelotbot.com *.snapchat.com *.technolutions.net analytics.tiktok.com; font-src *; frame-src *.newpaltz.edu app.acuityscheduling.com airtable.com map.concept3d.com w2.countingdownto.com www.dhs.gov *.e2ma.net staticxx.facebook.com www.facebook.com newpaltz.financialaidtv.com *.google.com accounts.google.com calendar.google.com embed.idonate.com www.instagram.com cdn.knightlab.com newpaltz.knowmia.com my.matterport.com feed.mikle.com www.myatlascms.com *.ocelotbot.com prezi.com *.snapchat.com snapwidget.com w.soundcloud.com www.suny.edu *.tagboard.com free.timeanddate.com *.tiktok.com *.ttwstatic.com platform.twitter.com syndication.twitter.com *.unibuddy.co unibuddy.co player.vimeo.com vgrad.z19.web.core.windows.net newpaltz.wufoo.com newpaltzschoolofscience.wufoo.com www.youtube.com *.youvisit.com *.zenfolio.com; img-src * blob: data:; media-src 'self' data *.newpaltz.edu; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.newpaltz.edu *.adnxs.com c.amazon-adsystem.com cybba-bucket.s3.amazonaws.com emma-content-aggregates-prd.s3.amazonaws.com *.adroll.com cdn.botframework.com cdnjs.cloudflare.com d2rp1k1dldbai6.cloudfront.net dk98ddgl0znzm.cloudfront.net *.cybba.solutions *.cybba.us googleads.g.doubleclick.net *.dca0.com signup.e2ma.net connect.facebook.net www.google.com cse.google.com *.google-analytics.com www.googleadservices.com storage.googleapis.com www.googletagmanager.com *.ibytedtos.com embed.idonate.com *.instagram.com code.jquery.com *.ocelotbot.com sc-static.net *.stackadapt.com static.tagboard.com *.technolutions.net *.tiktok.com *.tiktokcdn.com *.tiktokcdn-us.com *.ttwstatic.com cdn.unibuddy.co player.vimeo.com *.wufoo.com *.youvisit.com; script-src-elem 'self' 'unsafe-inline' *.newpaltz.edu embed.acuityscheduling.com *.adroll.com emma-content-aggregates-prd.s3.amazonaws.com cdn.botframework.com emma-content-aggregates-prd.s3.amazonaws.com maxcdn.bootstrapcdn.com assets.calendly.com cdnjs.cloudflare.com d2rp1k1dldbai6.cloudfront.net d3gxy7nm8y4yjr.cloudfront.net dk98ddgl0znzm.cloudfront.net *.cybba.solutions googleads.g.doubleclick.net signup.e2ma.net connect.facebook.net ajax.googleapis.com www.google.com *.ibytedtos.com *.instagram.com linkhelp.clients.google.com cse.google.com www.google.com/cse/static www.googleadservices.com *.google-analytics.com www.googletagmanager.com www.gstatic.com embed.idonate.com code.jquery.com *.ocelotbot.com www.recaptcha.net sc-static.net tagboard.com static.tagboard.com *.technolutions.net *.tiktok.com *.tiktokcdn.com *.tiktokcdn-us.com platform.twitter.com *.twimg.com *.ttwstatic.com *.unibuddy.co player.vimeo.com *.wufoo.com *.youvisit.com; style-src 'self' 'unsafe-inline' *.newpaltz.edu maxcdn.bootstrapcdn.com cdnjs.cloudflare.com static-cdn.e2ma.net necolas.github.io www.google.com fonts.googleapis.com www.gstatic.com cdn.jsdelivr.net *.ocelotbot.com *.tiktokcdn.com *.tiktokcdn-us.com *.ttwstatic.com platform.twitter.com *.twimg.com *.technolutions.net; frame-ancestors 'self' https://admissions.newpaltz.edu; upgrade-insecure-requests; 1
default-src rootnet.nl *.rootnet.nl myrootnet.nl *.myrootnet.nl; img-src * data:; style-src 'self' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; form-action 'none'; frame-src data:; script-src 'self'; object-src 'none'; base-uri 'self'; 1
frame-ancestors https://*.framar.bg/ 'self'; 1
frame-ancestors 'self' https://www.carmudi.com.ph https://uat.carmudi.com.ph https://uat1.carmudi.com.ph 1
frame-ancestors 'self' https://*.firstrepublic.com eagleinvest.futureadvisor.com firstrepublicbank.experiencecloud.adobe.com 10to8.com us.10to8.com firstrepublic.seismic.com client.firstrepublic.com; default-src blob: firstrepublic data: https: 'self' wss:; script-src thefontzone.com *.newrelic.com *.typekit.net *.signalintent.com *.amazonaws.com *.google-analytics.com *.siteimprovementanalytics.io *.gstatic.com *.google.com *.everesttech.net *.doubleclick.net * *.we-stats.com *.googleapis.com *.googletagmanager.com *.youtube.com *.jsdelivr.net *.marketo.net *.splash-screen.net *.omtrdc.com *.siteimprovementanalytics.com *.tiqcdn.com *.branch.io *.ytimg.com *.frbnp2.com *.mktoresp.com *.extole.io *.freshaddress.biz *.nr-data.net *.dmdex.net *.marketo.com *.demandbase.com *.googleadservices.com *.facebook.com *.facebook.net *.linkedin.com *.ads-twitter.com *.twitter.com *.quantserve.com *.postrelease.com *.company-target.com *.adservr.org *.adnxs.com *.bidr.io *.adsymptotic.com *.openx.net *.advertising.com *.casalemedia.comfe.rubiconproject.com *.snapchat.com *.tapad.com *.yahoo.com *.3lift.com *.adroll.com *.bidswitch.net *.bing.com *.bttrack.com *.consensu.org *.flashtalking.com *.mathtag.com *.media6degrees.com *.mxptint.net *.outbrain.com *.pubmatic.com *.taboola.com *.newscred.com *.bizographics.com *.vimeo.com *.onlineaccess1.com *.nr-data.net *.fraudmap.net *.10to8.com *.cloudfront.net *.cloudflare.com *.tiles.mapbox.com  app.link dpm.demdex.net 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.newrelic.com *.typekit.net *.signalintent.com *.amazonaws.com *.google-analytics.com *.siteimprovementanalytics.io *.gstatic.com *.google.com *.everesttech.net *.doubleclick.net * *.we-stats.com *.googleapis.com *.googletagmanager.com *.youtube.com *.jsdelivr.net *.marketo.net *.splash-screen.net *.omtrdc.com *.siteimprovementanalytics.com *.tiqcdn.com *.branch.io *.ytimg.com *.frbnp2.com *.mktoresp.com *.extole.io *.freshaddress.biz *.nr-data.net *.dmdex.net *.marketo.com *.demandbase.com *.googleadservices.com *.facebook.com *.facebook.net *.linkedin.com *.ads-twitter.com *.twitter.com *.quantserve.com *.postrelease.com *.company-target.com *.adservr.org *.adnxs.com *.bidr.io *.adsymptotic.com *.openx.net *.advertising.com *.casalemedia.com *.rubiconproject.com *.snapchat.com *.tapad.com *.yahoo.com *.3lift.com *.adroll.com *.bidswitch.net *.bing.com *.bttrack.com *.consensu.org *.flashtalking.com *.mathtag.com *.media6degrees.com *.mxptint.net *.outbrain.com *.pubmatic.com *.taboola.com *.newscred.com *.bizographics.com *.vimeo.com *.onlineaccess1.com *.nr-data.net *.fraudmap.net *.10to8.com *.cloudfront.net *.cloudflare.com 'self' 'unsafe-inline'; font-src *.newrelic.com *.typekit.net *.signalintent.com *.amazonaws.com *.google-analytics.com *.siteimprovementanalytics.io *.gstatic.com *.google.com *.everesttech.net *.doubleclick.net * *.we-stats.com *.googleapis.com *.googletagmanager.com *.youtube.com *.jsdelivr.net *.marketo.net *.splash-screen.net *.omtrdc.com *.siteimprovementanalytics.com *.tiqcdn.com *.branch.io *.ytimg.com *.frbnp2.com *.mktoresp.com *.extole.io *.freshaddress.biz *.nr-data.net *.dmdex.net *.marketo.com *.demandbase.com *.googleadservices.com *.facebook.com *.facebook.net *.linkedin.com *.ads-twitter.com *.twitter.com *.quantserve.com *.postrelease.com *.company-target.com *.adservr.org *.adnxs.com *.bidr.io *.adsymptotic.com *.openx.net *.advertising.com *.casalemedia.com *.rubiconproject.com *.snapchat.com *.tapad.com *.yahoo.com *.3lift.com *.adroll.com *.bidswitch.net *.bing.com *.bttrack.com *.consensu.org *.flashtalking.com *.mathtag.com *.media6degrees.com *.mxptint.net *.outbrain.com *.pubmatic.com *.taboola.com *.newscred.com *.bizographics.com *.vimeo.com *.onlineaccess1.com *.nr-data.net *.fraudmap.net *.10to8.com *.cloudfront.net *.cloudflare.com 'self'; img-src *.newrelic.com *.typekit.net *.signalintent.com *.amazonaws.com *.google-analytics.com *.siteimprovementanalytics.io *.gstatic.com *.google.com *.everesttech.net *.doubleclick.net * *.we-stats.com *.googleapis.com *.googletagmanager.com *.youtube.com *.jsdelivr.net *.marketo.net *.splash-screen.net *.omtrdc.com *.siteimprovementanalytics.com *.tiqcdn.com *.branch.io *.ytimg.com *.frbnp2.com *.mktoresp.com *.extole.io *.freshaddress.biz *.nr-data.net *.dmdex.net *.marketo.com *.demandbase.com *.googleadservices.com *.facebook.com *.facebook.net *.linkedin.com *.ads-twitter.com *.twitter.com *.quantserve.com *.postrelease.com *.company-target.com *.adservr.org *.adnxs.com *.bidr.io *.adsymptotic.com *.openx.net *.advertising.com *.casalemedia.com *.rubiconproject.com *.snapchat.com *.tapad.com *.yahoo.com *.3lift.com *.adroll.com *.bidswitch.net *.bing.com *.bttrack.com *.consensu.org *.flashtalking.com *.mathtag.com *.media6degrees.com *.mxptint.net *.outbrain.com *.pubmatic.com *.taboola.com *.newscred.com *.bizographics.com *.vimeo.com *.onlineaccess1.com *.nr-data.net *.fraudmap.net *.10to8.com *.cloudfront.net *.cloudflare.com 'self' data:; worker-src 'self' blob: firstrepublic; 1
frame-ancestors bnews.vn *.bnews.vn; 1
frame-ancestors 'self' https://mydrive.univ-st-etienne.fr https://mydrive-ng.univ-st-etienne.fr https://laboratoirehubertcurien.univ-st-etienne.fr 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' DlkModas.com.br *.DlkModas.com.br DlkModas.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com traycheckout.com.br atendimen.to hertzen.com doubleclick.net shopback.net googleadservices.com hotjar.com sunset.systems linximpulse.net cartstack.com hotjar.io neoassist.com btg360.com.br cloudflare.com rdstation.com.br retargeter.com.br clearsale.com.br cloudfront.net shopconvert.com.br shoptarget.com.br online-metrix.net performa.ai conectiva.io *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com *.traycheckout.com.br *.atendimen.to *.hertzen.com *.googleadservices.com *.doubleclick.net *.shopback.net *.cartstack.com *.hotjar.io *.hotjar.com *.sunset.systems *.linximpulse.net *.clearsale.com.br *.cloudfront.net *.shopconvert.com.br *.shoptarget.com.br *.online-metrix.net *.performa.ai *.btg360.com.br *.cloudflare.com *.rdstation.com.br *.retargeter.com.br *.conectiva.io wss://signalr.fbits.net *.yapay.com.br k-analytix.com *.k-analytix.com i.konduto.com *.facebook.com *.facebook.net *.yapay.com.br *.traycheckout.com.br *.smarthint.co *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.getblue.io *.tiktok.com *.pinimg.com *.adaction.com.br *.gstatic.com gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com *.e-goi.com signalrcore.fbits.net wss://signalrcore.fbits.net *.squidit.com.br *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.vimeo.com player.vimeo.com teste service.yourviews.com.br *.yourviews.com.br *.directtalk.com.br www9.directtalk.com.br egoi.site *.egoi.site *.us-east-2.amazonaws.com s3.us-east-2.amazonaws.com analytics.pangle-ads.com *.pangle-ads.com lp.egoi.page *.egoi.page *.youtube.com *.youtube *.youtube.com.br cdn-te.e-goi.com *.e-goi cdn-static.egoiapp2.com *.egoiapp2.com *.google.com.br *.reclameaqui.com.br egoi.page app.brcomerce.com.br *.pagar.me *.mundipagg.com streamshop.com.br *.streamshop.com.br egoiapp2.com *.dlkhlog.ecommercestore.com.br *.com.py google.com.py assets.streamshop.com.br *.liveshop.com.br dlk.liveshop.com.br *.braintree-api.com *.*.braintree-api.com *.braintreegateway.com *.*.braintreegateway.com clarity.ms *.clarity.ms *.pagseguro.com.br *.*.pagseguro.com.br googletagmanager.com *.googletagmanager.com *.googletagmanager googletagmanager ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.DlkModas.com.br DlkModas.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
default-src 'self' *.remita.net/ www.youtube.com/ fonts.gstatic.com/ cdnjs.cloudflare.com/ stats.g.doubleclick.net/ webchat.ebanqo.io/ *.google-analytics.com  'unsafe-inline'; img-src 'self' res.cloudinary.com/ remita.net/ rpslblog.xyz/ connect.facebook.net/ data: ebanqo-logos.s3.amazonaws.com/ *.google-analytics.com www.facebook.com/ 'unsafe-inline'; style-src 'self' fonts.googleapis.com/ cdnjs.cloudflare.com/ cdn.jsdelivr.net/ 'unsafe-inline'; script-src 'self' login.remita.net/remita/ cdnjs.cloudflare.com/ajax/ oss.maxcdn.com/ *.google-analytics.com connect.facebook.net/ oss.maxcdn.com/ www.googletagmanager.com cdn.jsdelivr.net/ widget.ebanqo.io/ 'unsafe-inline'; 1
frame-ancestors *.getsquirrel.co *.myshopline.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.barandbench.com https://jionews.com/ https://jionewsdev1.jio.ril.com/;block-all-mixed-content; 1
default-src 'self' blob:; child-src 'self' blob:; connect-src 'self' https://api.ipify.org https://ct.pinterest.com/ https://*.yimg.com https://visitwalesapi.thedms.co.uk https://google-analytics.com https://stats.g.doubleclick.net https://apikeys.civiccomputing.com https://www.facebook.com https://bat.bing.com https://tr.snapchat.com https://*.algolia.net https://*.algolianet.com https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.tiktok.com https://tags.srv.stackadapt.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://tr.outbrain.com https://adservice.google.com/* www.googleadservices.com https://analytics.google.com pagead2.googlesyndication.com https://dev.visualwebsiteoptimizer.com https://*.google.com https://*.google.co.uk https://controlbar.eblocker.org https://*.google.nl https://*.google.de *.visualwebsiteoptimizer.com app.vwo.com https://*.algolia.io https://cc.cdn.civiccomputing.com https://*.snapchat.com https://*.reddit.com https://*.redditstatic.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://www.spatial.io; font-src 'self' fonts.gstatic.com themes.googleusercontent.com data:; frame-src 'self' https://platform.twitter.com https://syndication.twitter.com https://www.instagram.com https://maps.google.com/ https://www.google.com/ https://www.youtube.com/ https://r1.dotmailer-surveys.com https://3981996.fls.doubleclick.net https://tr.snapchat.com/ https://www.google.co.uk/ https://www.facebook.com/ https://player.vimeo.com/ https://r1.dotdigital-pages.com https://open.spotify.com https://*.pinterest.com https://optimize.google.com https://*.algolia.net https://*.algolianet.com https://maps.googleapis.com https://www.googleoptimize.com https://consentag.eu/ https://embed-standalone.spotify.com/ https://web.facebook.com https://*.doubleclick.net https://app.vwo.com https://*.visualwebsiteoptimizer.com app.vwo.com *.visualwebsiteoptimizer.com https://www.komoot.com/ https://strava-embeds.com/ https://cc.cdn.civiccomputing.com https://www.spatial.io; img-src 'self' https://syndication.twitter.com https://platform.twitter.com https://pbs.twimg.com https://maps.googleapis.com https://maps.gstatic.com data: https://stats.g.doubleclick.net/ https://visitwalesimages.thedms.co.uk https://developers.google.com https://3981996.fls.doubleclick.net https://tr.outbrain.com/ https://amplifypixel.outbrain.com/ https://bat.bing.com/ https://www.facebook.com/ https://ct.pinterest.com/ https://t.co https://cm.g.doubleclick.net https://googleads.g.doubleclick.net https://secure.adnxs.com https://idsync.rlcdn.com https://tag.adaraanalytics.com https://pixel.rubiconproject.com https://dsum-sec.casalemedia.com https://us-u.openx.net https://dpm.demdex.net https://www.google.com https://www.google.de https://www.google.co.uk https://beacon.krxd.net https://rtb.gumgum.com https://ad.yieldlab.net https://i.liadm.com https://www.croeso.cymru https://croeso.cymru https://tag.yieldoptimizer.com https://abs.twimg.com https://khms0.googleapis.com https://khms1.googleapis.com https://addevent.com https://www.addevent.com https://sp.analytics.yahoo.com https://www.gstatic.com https://www.visitwales.com https://visitwales.com https://*.google-analytics.com https://*.googletagmanager.com https://analytics.twitter.com https://alb.reddit.com https://ad.doubleclick.net https://adservice.google.co.uk https://adservice.google.com https://connect.facebook.net https://*.visualwebsiteoptimizer.com https://cdn.pushcrew.com https://chart.googleapis.com https://wingify-assets.s3.amazonaws.com https://app.vwo.com https://analytics.tiktok.com https://wingify-assets.s3.amazonaws.com/images/ https://adservice.google.ie https://*.analytics.yahoo.com https://s0.2mdn.net https://match.adsrvr.org https://sync.srv.stackadapt.com https://cm.ctnsnet.com https://qvdt3feo.com/ https://www.google.co.jp https://www.google.com.ua https://www.google.es https://www.google.fr https://www.google.gr https://www.google.it https://www.google.at https://www.google.nl https://google.ch https://facebook.com https://www.google.ch https://www.google.se https://www.google.je https://www.google.co.za https://www.google.com.au https://www.google.ca https://i.ctnsnet.com https://www.google.ie https://www.google.be https://www.google.co.in https://www.google.co.il https://www.google.ae https://www.google.kz https://www.google.com.my https://www.google.co.nz https://www.google.dk https://www.google.im https://i.ytimg.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://*.thedms.com https://*.facebook.com; media-src 'self' https://www.google-analytics.com https://www.croeso.cymru https://croeso.cymru; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://maps.googleapis.com https://cdn.syndication.twimg.com https://www.instagram.com https://r1.dotmailer-surveys.com/ https://www.google-analytics.com https://*.googletagmanager.com https://js-agent.newrelic.com/ https://bam.nr-data.net https://www.googleadservices.com https://8.yimg.com https://connect.facebook.net https://s.pinimg.com https://sc-static.net https://amplify.outbrain.com https://tag.yieldoptimizer.com https://ad.doubleclick.net https://sp.analytics.yahoo.com https://googleads.g.doubleclick.net/ https://static.ads-twitter.com/ https://analytics.twitter.com https://www.google.com https://googletagmanager.com https://google-analytics.com https://r1.dotdigital-pages.com https://tr.outbrain.com https://bat.bing.com https://www.youtube.com https://www.googleoptimize.com https://analytics.tiktok.com https://s.yimg.com blob: https://www.visitwales.com/ https://*.visualwebsiteoptimizer.com https://app.vwo.com https://cdn.pushcrew.com https://tags.srv.stackadapt.com https://wave.outbrain.com https://tr.snapchat.com https://consentag.eu https://qvdt3feo.com https://www.redditstatic.com https://i.ctnsnet.com *.visualwebsiteoptimizer.com app.vwo.com https://addevent.com https://cc.cdn.civiccomputing.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com maps.google.com platform.facebook.com platform.instagram.com platform.twitter.com; script-src-elem 'self' 'unsafe-inline' https://www.tr.outbrain.com https://cc.cdn.civiccomputing.com https://maps.googleapis.com https://platform.twitter.com https://www.instagram.com https://connect.facebook.net https://r1.dotdigital-pages.com https://www.google-analytics.com https://r1.dotmailer-surveys.com https://platform.instagram.com https://www.googleadservices.com https://*.yimg.com https://bat.bing.com https://*.pinimg.com https://sc-static.net https://amplify.outbrain.com https://static.ads-twitter.com https://optimize.google.com https://www.googleoptimize.com https://*.googletagmanager.com https://*.outbrain.com https://googleads.g.doubleclick.net https://analytics.tiktok.com https://www.youtube.com https://www.redditstatic.com/ https://consentag.eu https://tr.snapchat.com https://i.ctnsnet.com https://tags.srv.stackadapt.com https://tag.yieldoptimizer.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://cdn.pushcrew.com https://qvdt3feo.com/ https://www.redditstatic.com *.visualwebsiteoptimizer.com app.vwo.com https://strava-embeds.com/ https://ct.pinterest.com/ https://addevent.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com maps.google.com platform.facebook.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' blob: https://platform.twitter.com https://fonts.googleapis.com https://tags.srv.stackadapt.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://cdn.pushcrew.com https://s3.amazonaws.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-elem 'self' 'unsafe-inline' blob: https://fonts.googleapis.com https://platform.twitter.com https://optimize.google.com https://www.googleoptimize.com https://tags.srv.stackadapt.com/* https://tags.srv.stackadapt.com/sa.css https://tags.srv.stackadapt.com/event.js https://*.stackadapt.com/* https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self' https://www.rslcontent.co.uk www.rslcontent.co.uk https://journeokioskcontent.azurewebsites.net; report-uri https://www.visitwales.com/report-uri/enforce 1
base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src 'self' data: blob: *.wistia.net *.wistia.com embedwistia-a.akamaihd.net; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; worker-src 'self' blob:; font-src 'self' data: blob *.wistia.com *.leandata.com *.gstatic.com; 1
default-src: https:; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN; upgrade-insecure-requests 1
default-src * data: blob: https://cdn.onesignal.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' https://arenabg.com https://arenabg.ch 1
frame-ancestors 'self' https://www.aila.org https://www.aila.org/shop https://www.aila.org/shop/customers/view-digital-goods https://cam.aila.org https://ailalink.aila.org/ https://www.aila.org https://aila.zendesk.com/hc/en-us https://elearning.aila.org https://www.aila.org/conferences/in-person/annual https://www.aila.org/blog https://ailalawyer.com/ https://messages.aila.org/ 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; img-src https: data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com/v3/ https://www.paypalobjects.com https://unpkg.com/@tryghost/portal@~1.22.0/umd/portal.min.js https://cdn.transifex.com https://piwik.savoirfairelinux.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' blob: data: https://www.paypalobjects.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://js.stripe.com/; connect-src 'self' https://telemetry.svc.transifex.net https://geolocation-db.com https://piwik.savoirfairelinux.net https://live-detector.svc.transifex.net https://js.stripe.com; media-src * blob: data:; 1
default-src 'self' *.rockbot.com;
 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.rockbot.com *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.hubspot.com *.hs-analytics.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hs-banner.com *.hsleadflows.net *.hsadspixel.net https://cdn.amplitude.com https://assets.zendesk.com https://static.zdassets.com *.zopim.com https://connect.facebook.net https://cdnjs.cloudflare.com https://d2x3f3hu3pbot6.cloudfront.net https://code.sorryapp.com https://optimize.google.com *.googleoptimize.com *.neverbounce.com *.chilipiper.com *.bing.com *.canva.com *.marker.io *.hotjar.com *.zi-scripts.com *.licdn.com https://cdn.jsdelivr.net https://unpkg.com;
 img-src 'self' data: blob: *.rockbot.com *.google-analytics.com *.facebook.com *.zendesk.com *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.doubleclick.net *.hubspot.com *.hsforms.com *.facebook.com https://d2x3f3hu3pbot6.cloudfront.net https://roqbot.s3.amazonaws.com https://optimize.google.com https://bat.bing.com *.scdn.co *.twimg.com *.canva.com *.sanity.io https://px.ads.linkedin.com *.spotifycdn.com *.hsappstatic.net;
 style-src 'self' *.rockbot.com 'unsafe-inline' https://fonts.googleapis.com https://ajax.googleapis.com https://assets.zendesk.com https://cloud.typography.com *.typekit.net https://d2x3f3hu3pbot6.cloudfront.net https://maxcdn.bootstrapcdn.com https://cdn.datatables.net https://code.sorryapp.com https://optimize.google.com https://cdnjs.cloudflare.com https://pro.fontawesome.com *.canva.com;
 font-src 'self' data: *.rockbot.com https://d2x3f3hu3pbot6.cloudfront.net *.fontawesome.com *.bootstrapcdn.com *.typekit.net *.sorryapp.com https://fonts.gstatic.com https://cdn.neverbounce.com *.canva.com;
 frame-src 'self' *.rockbot.com *.hsforms.com https://rockbot.wufoo.com https://www.google.com *.doubleclick.net https://optimize.google.com *.canva.com https://app.marker.io https://rockbot1.typeform.com *.hs-sites.com;
 frame-ancestors 'self' http://*.rockbot.com https://*.rockbot.com;
 media-src 'self' data: blob: rockbot.com *.rockbot.com https://secure.cdn.wearevl.com *.mcnemanager.com *.zdassets.com https://d2x3f3hu3pbot6.cloudfront.net;
 connect-src blob: 'self' *.rockbot.com *.googleapis.com *.google-analytics.com *.google.com https://google.com *.doubleclick.net *.googlesyndication.com *.zdassets.com https://rockbot.zendesk.com https://api.amplitude.com *.hubspot.com *.hsforms.com *.hubapi.com https://hubspot-forms-static-embed.s3.amazonaws.com *.sorryapp.com *.greenhouse.io wss://widget-mediator.zopim.com *.chilipiper.com https://api.rollbar.com *.bing.com *.sanity.io *.marker.io https://s3.eu-west-1.amazonaws.com wss://ws.hotjar.com *.hotjar.io *.zi-scripts.com *.zoominfo.com https://px.ads.linkedin.com https://cdn.jsdelivr.net https://unpkg.com;
 object-src 'none' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mstdn.jp; img-src 'self' https: data: blob: https://mstdn.jp; style-src 'self' https://mstdn.jp 'nonce-RyyiFI9RsqTzy4I+vS0pkA=='; media-src 'self' https: data: https://mstdn.jp; frame-src 'self' https:; manifest-src 'self' https://mstdn.jp; form-action 'self'; connect-src 'self' data: blob: https://mstdn.jp https://media.mstdn.jp wss://mstdn.jp; script-src 'self' https://mstdn.jp 'wasm-unsafe-eval'; child-src 'self' blob: https://mstdn.jp; worker-src 'self' blob: https://mstdn.jp 1
default-src 'self' suhrkamp.de *.suhrkamp.de *.acast.com *.trustedshops.com *.etrusted.com *.wirth-horn.de *.awin1.com *.dwin1.com https://analytics.twitter.com https://static.ads-twitter.com https://bat.bing.com consent.cookiebot.eu consentcdn.cookiebot.eu s.pinimg.com connect.facebook.net https://www.facebook.com *.podigee.io *.podigee.com *.podigee-cdn.net maps.google.com *.google.com/maps/ https://www.google.com/pagead/ https://www.google-analytics.com https://tagmanager.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net adservice.google.com *.gstatic.com https://www.youtube-nocookie.com https://player.vimeo.com 'unsafe-eval' 'unsafe-inline' *.personio.de *.pinterest.com; img-src data: *; media-src data: *; font-src data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com 1
frame-ancestor 'none'; 1
default-src 'self' *.quill.org quill.org 'unsafe-inline'; base-uri 'self'; connect-src 'self' *.quill.org quill.org *.amplitude.com *.segment.com *.segment.io *.nr-data.net *.google-analytics.com *.google.com *.inspectlet.com *.doubleclick.net *.pusherapp.com *.pusher.com wss://coview.com wss://*.coview.com wss://*.pusher.com wss://*.pusherapp.com wss://*.inspectlet.com *.intercom.io wss://*.intercom.io *.coview.com *.sentry.io wss://*.quill.org *.satismeter.com localhost:8080/ localhost:3200 localhost:3100 wss://localhost:3200 ws://localhost:3200 wss://localhost:3036 ws://localhost:3036 checkout.stripe.com capture-api.ap3prod.com pagead2.googlesyndication.com/; font-src 'self' coview.com *.coview.com intercomcdn.com *.intercomcdn.com quill.org *.quill.org *.typekit.net *.fontawesome.com *.gstatic.com rsms.me *.rsms.me; frame-src 'self' coview.com *.coview.com intercom-sheets.com stripe.com *.stripe.com youtube.com *.youtube.com *.amazonaws.com *.loom.com *.salesmate.io td.doubleclick.net/; img-src * data: blob:; media-src * data: blob:; object-src 'none'; script-src 'self' *.quill.org quill.org 'unsafe-inline' 'unsafe-eval' *.clever.com *.fontawesome.com *.typekit.net *.segment.com *.segment.io *.newrelic.com *.nr-data.net *.googleapis.com *.gstatic.com *.pusher.com *.google-analytics.com *.inspectlet.com *.satismeter.com stripe.com *.stripe.com *.amplitude.com *.doubleclick.net *.intercom.io *.intercomcdn.com *.coview.com *.sentry.io *.heapanalytics.com cdn.jsdelivr.net/npm/vanilla-lazyload@17.8.3/dist/lazyload.min.js *.salesmate.io *.googletagmanager.com code.jquery.com; style-src 'self' *.quill.org quill.org 'unsafe-inline' coview.com *.coview.com *.fontawesome.com *.googleapis.com *.gstatic.com rsms.me 1
frame-ancestors 'self' https://www.facebook.com https://business.facebook.com 1
default-src 'none'; manifest-src 'self'; connect-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' https://img.shields.io https://www.netlify.com https://cdn.jsdelivr.net/ https://github.githubassets.com/ https://user-images.githubusercontent.com/ https://github-production-user-asset-6210df.s3.amazonaws.com 1
frame-ancestors 'self' https://www.arcep.fr https://en.arcep.fr; 1
default-src *; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://protect-eu.mimecast.com https://www.messenger.stratuscx.com https://api.stratuscx.com https://cdn.glassboxcdn.com https://t.contentsquare.net https://app.contentsquare.com https://apps.euw2.pure.cloud https://unpkg.com https://*.cloudflare.com https://cdn.quilljs.com https://*.jquery.com https://*.coveo.com https://*.gstatic.com https://*.jwpsrv.com https://*.jwplayer.com https://*.amazonaws.com https://*.cookiefirst.com https://*.clarity.ms https://*.doubleclick.net https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.jwpcdn.com https://*.jwplatform.com https://*.jwplayer.com https://*.jwpsrv.com https://*.motability.co.uk https://*.motability.org.uk https://*.motabilityoperations.co.uk https://*.newscred.com https://analytics.google.com https://apis.google.com https://bat.bing.com https://c5.adalyser.com https://connect.facebook.net https://tagmanager.google.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://www.messenger.stratuscx.com https://api.stratuscx.com https://*.cloudflare.com https://*.coveo.com https://*.jwpsrv.com https://*.jwplayer.com https://*.googleadservices.com https://*.cookiefirst.com https://*.googleapis.com https://*.jwpcdn.com https://*.jwplayer.com https://*.motability.co.uk https://*.newscred.com https://tagmanager.google.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline'; img-src 'self' data: * https://*.contentsquare.net https://static.hotjar.com https://script.hotjar.com; font-src data: 'self' https://fonts.gstatic.com https://*.jwpcdn.com https://*.jwplayer.com https://script.hotjar.com; media-src blob: 'self' https://*.jwpcdn.com https://*.jwplatform.com https://*.jwplayer.com https://*.jwpsrv.com https://*.speechstream.net https://jwpsrv-vh.akamaihd.net; child-src blob: 'self' https://*.cookiefirst.com https://*.doubleclick.net https://*.jwpcdn.com https://*.jwplatform.com https://*.jwplayer.com https://*.jwpsrv.com; frame-src blob: 'self' https://apps.euw2.pure.cloud https://www.motability.co.uk https://*.cookiefirst.com https://*.doubleclick.net https://*.googleapis.com https://*.googletagmanager.com https://*.jwpcdn.com https://*.jwplatform.com https://*.jwplayer.com https://*.jwpsrv.com https://accounts.google.com https://www.facebook.com https://www.google.com; connect-src 'self' wss://sqzej6e4d7.execute-api.us-east-1.amazonaws.com https://www.messenger.stratuscx.com https://api.stratuscx.com https://report.gb-pov.gbqofs.io https://*.contentsquare.net wss://webmessaging.euw2.pure.cloud https://api-cdn.euw2.pure.cloud https://api.euw2.pure.cloud https://bat.bing.com https://*.googlesyndication.com https://*.coveo.com https://*.jwpsrv.com https://*.jwplayer.com https://*.google.com https://api.experianaperture.io https://*.cookiefirst.com https://*.doubleclick.net https://www.googletagmanager.com https://*.google-analytics.com https://analytics.google.com https://*.motability.co.uk https://*.motability.org.uk https://*.motabilityoperations.co.uk https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; report-uri https://motability.report-uri.io/r/default/csp/enforce; frame-ancestors 'self' https://motability.co.uk https://news.motability.co.uk; 1
default-src 'self'; frame-src * https://*.edomex.gob.mx http://*.edomex.gob.mx;script-src 'self' https://*.edomex.gob.mx https://*.googletagmanager.com https://*.google-analytics.com https://www.google.com/jsapi https://unpkg.com/ https://www.gstatic.com/charts/51/loader.js https://www.gstatic.com/ https://cdn.lordicon.com maxcdn.bootstrapcdn.com code.jquery.com cdn.jsdelivr.net cdn.rawgit.com cdn.datatables.net https://cdnjs.cloudflare.com/ https://platform.twitter.com https://*.occ.com.mx https://www.infomexsinaloa.org https://storage.googleapis.com https://weni-sp-integrations-production.s3.amazonaws.com https://e.issuu.com https://sistemas1.sggedomex.gob.mx/ *.genial.ly/ https://*.google.com/ https://app2.weatherwidget.org/ 'unsafe-eval' 'unsafe-inline'; media-src https://edomex.gob.mx/ https://*.edomex.gob.mx/  *.issemym.gob.mx; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.weatherwidget.org/ cdn.lordicon.com *.edomex.gob.mx https://*.occ.com.mx https://*.amazonaws.com wss://websocket.weni.ai https://www.infomexsinaloa.org https://stats.g.doubleclick.net *.sggedomex.gob.mx/; img-src 'self' * data:; style-src 'self' *.edomex.gob.mx fonts.googleapis.com https://*.google.com/ https://www.gstatic.com fonts.gstatic.com https://unpkg.com/ cdn.jsdelivr.net code.jquery.com maxcdn.bootstrapcdn.com cdn.rawgit.com cdn.datatables.net https://cdnjs.cloudflare.com/ https://*.occ.com.mx 'unsafe-inline' ;font-src 'self' fonts.gstatic.com https://*.occ.com.mx;base-uri 'self'; 1
default-src 'self' video.tophotels.ru *.tophotels.ru www.google-analytics.com mc.yandex.ru carsrent.ru *.carsrent.ru netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru ; font-src 'self' hotelscheck.com.ru; connect-src 'self' *.netlog.ru video.tophotels.ru www.google-analytics.com mc.yandex.ru googletagmanager.com www.googletagmanager.com carsrent.ru *.carsrent.ru netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru google.com *.google.com gstatic.com *.gstatic.com *.adriver.ru 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' blob: data: *; media-src 'self' blob: video.tophotels.ru *.tophotels.ru; frame-src 'self' video.tophotels.ru *.tophotels.ru carsrent.ru *.carsrent.ru youtu.be youtube.com *.youtube.com google.com *.google.com gstatic.com *.gstatic.com *.vimeo.com vimeo.com *.dailymotion.com *.vk.com vk.com *.adriver.ru; script-src 'self' video.tophotels.ru www.google-analytics.com mc.yandex.ru googletagmanager.com www.googletagmanager.com carsrent.ru *.carsrent.ru api-maps.yandex.ru yastatic.net core-renderer-tiles.maps.yandex.net netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru google.com *.google.com gstatic.com *.gstatic.com *.adriver.ru 'unsafe-inline' 'unsafe-eval' 'self';  style-src 'self' carsrent.ru *.carsrent.ru netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru google.com *.google.com gstatic.com *.gstatic.com *.adriver.ru 'unsafe-inline' 'self'; 1
worker-src 'self' blob:; script-src 'strict-dynamic' 'unsafe-eval' 'nonce-v+S+XUSjzGlGRnNlfWrnGA=='; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' https://*.michelin.com 1
upgrade-insecure-requests; default-src https:; connect-src https:; img-src https: data:; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'self' *.getnetset.com https://ajax.googleapis.com https://*.wistia.com https://*.wistia.net https://*.force.com https://embedwistia-a.akamaihd.net https://connect.facebook.net https://tagmanager.google.com https://*.googletagmanager.com https://dend6g4sigg57.cloudfront.net https://www.google-analytics.com https://www.googleadservices.com https://*.doubleclick.net https://sjs.bizographics.com https://*.linkedin.com https://*.licdn.com https://*.olark.com https://*.pardot.com 'unsafe-inline' 'unsafe-eval' blob:; media-src https https://*.olark.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net blob:; 1
frame-ancestors https://*.orbi.kr 1
object-src 'none';frame-ancestors 'self' http://localhost:* https://localhost:* https://admin.deco.cx 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.dailypaws.com 1
default-src dock.ui.bosch.tech *.hotjar.com wss://*.hotjar.com bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com *.boschtt-documents.com www.bimstore.co.uk *.kittelberger.net *.mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; media-src *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; font-src bott-fs.nautilus bott-fs.kittelberger.net script.hotjar.com fonts.gstatic.com *.bosch-thermotechnology.com www.bosch-thermotechnology.us www.heizung-steuern.com fonts.gstatic.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: ; object-src data: 'self'; img-src bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net optimize.google.com www.google-analytics.com www.googletagmanager.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: blob:; style-src bott-fs.nautilus bott-fs.kittelberger.net *.bosch-thermotechnology.com cdn.datatables.net optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com www.bosch-thermotechnology.us *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' 'unsafe-inline' https: ; script-src bott-fs.nautilus bott-fs.kittelberger.net dock.ui.bosch.tech optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com optimize.google.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https:; frame-ancestors bosch.mi4biz.net bott-fs.kittelberger.net *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; connect-src 'self' wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech  www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com dock.ui.bosch.tech mycliplister.com *.mycliplister.com stats.g.doubleclick.net 1
default-src 'self' ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.upc.edu https://*.cookiebot.com tagmanager.google.com https://*.twimg.com https://*.twitter.com *.gstatic.com *.google-analytics.com https://*.googleapis.com https://*.google.com https://*.googletagmanager.com https://*.trengo.eu https://*.usercentrics.eu https://*.clarity.ms data: ;font-src * data: ; style-src * data: 'unsafe-inline' 'unsafe-eval'; child-src *.upc.edu https://*.twitter.com https://*.google.com ; worker-src *.upc.edu https://*.twitter.com https://*.google.com https://cercador.upc.edu ; media-src *.upc.edu https://*.trengo.eu; frame-src *.youtube-nocookie.com  youtu.be *.vimeo.com *.youtube.com *.twitter.com https://*.cookiebot.com twitter.com *.upc.edu www.google.com https://cercador.upc.edu https://*.knightlab.com; connect-src https://*.usercentrics.eu https://consentcdn.cookiebot.com https://cercador.upc.edu https://stats.g.doubleclick.net https://*.analytics.google.com https://*.google-analytics.com https://*.trengo.eu wss://*.pusher.com *.amazonaws.com https://*.clarity.ms 'self' 1
frame-ancestors 'self' https://live.nkd.com https://www2.nkd.com 1
child-src 'self' https://go.online-ident.ch https://go.test.online-ident.ch/ https://go.test.idnow.de https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com; default-src 'self' https://checkbrowser.hin.ch https://go.online-ident.ch https://go.test.online-ident.ch/ https://go.test.idnow.de https://fonts.gstatic.com https://tag.myaspectra.ch https://verify.certifaction.com; font-src 'self' https://fonts.gstatic.com data: ; frame-src 'self' https://tp.srgssr.ch https://www.srf.ch https://gateway.online-ident.ch https://go.online-ident.ch https://gateway.test.online-ident.ch https://go.test.online-ident.ch https://gateway.test.idnow.de https://go.test.idnow.de https://www.gstatic.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://verify.certifaction.com https://www.eTermin.net https://gateway.test.online-ident.ch https://www.ihre-apotheke.ch; img-src 'self' https://tag.myaspectra.ch https://www.w3.org https://0.gravatar.com https://www.hin.ch https://dir.hintest.ch data: ; object-src 'self'; script-src 'self' https://www.islonline.net https://tag.myaspectra.ch https://www.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.eTermin.net 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline' ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ytimg.com *.ytimg.com youtube.com *.youtube.com yandex.ru *.yandex.ru yandex.com *.yandex.com yandex.net *.yandex.net yastatic.net *.yastatic.net yandexadexchange.net *.yandexadexchange.net yandex.st *.yandex.st yastat.net *.yastat.net adfox.ru *.adfox.ru liveinternet.ru *.liveinternet.ru mail.ru *.mail.ru imgsmail.ru *.imgsmail.ru rbfive.bid *.rbfive.bid rambler.ru *.rambler.ru top100.ru *.top100.ru betweendigital.com *.betweendigital.com ad-score.com *.ad-score.com ; object-src 'self' yandex.ru *.yandex.ru yandex.net *.yandex.net yastatic.net *.yastatic.net yandexadexchange.net *.yandexadexchange.net yandex.st *.yandex.st yastat.net *.yastat.net adfox.ru *.adfox.ru ; style-src 'self' 'unsafe-inline' * data: yandex.ru *.yandex.ru yandex.net *.yandex.net yastatic.net *.yastatic.net yandexadexchange.net *.yandexadexchange.net yandex.st *.yandex.st yastat.net *.yastat.net adfox.ru *.adfox.ru ; img-src * data: https: yandex.ru *.yandex.ru yandex.net *.yandex.net yastatic.net *.yastatic.net yandexadexchange.net *.yandexadexchange.net yandex.st *.yandex.st yastat.net *.yastat.net adfox.ru *.adfox.ru; media-src 'self' blob: * data: yandex.ru *.yandex.ru yandex.net *.yandex.net yastatic.net *.yastatic.net yandexadexchange.net *.yandexadexchange.net yandex.st *.yandex.st yastat.net *.yastat.net adfox.ru *.adfox.ru ; frame-src 'self' youtube.com *.youtube.com yandex.ru *.yandex.ru yandex.net *.yandex.net yastatic.net *.yastatic.net yandexadexchange.net *.yandexadexchange.net yandex.st *.yandex.st yastat.net *.yastat.net adfox.ru *.adfox.ru mail.ru *.mail.ru rutube.ru *.rutube.ru ; font-src 'self' data: gstatic.com *.gstatic.com yandex.ru *.yandex.ru yandex.net *.yandex.net yastatic.net *.yastatic.net yandexadexchange.net *.yandexadexchange.net yandex.st *.yandex.st yastat.net *.yastat.net adfox.ru *.adfox.ru ; connect-src 'self' yandex.ru *.yandex.ru yandex.com *.yandex.com yandex.net *.yandex.net yastatic.net *.yastatic.net yandexadexchange.net *.yandexadexchange.net yandex.st *.yandex.st yastat.net *.yastat.net adfox.ru *.adfox.ru mail.ru *.mail.ru rambler.ru *.rambler.ru statforweb.bid *.statforweb.bid tword.ru *.tword.ru realpush.digital *.realpush.digital rbfive.bid *.rbfive.bid pstatrbnew.bid *.pstatrbnew.bid pushreal.media *.pushreal.media realpush.news *.realpush.news betweendigital.com *.betweendigital.com mts.ru *.mts.ru ; 1
font-src 'self' data: *; default-src 'self' 'unsafe-inline' *; img-src * 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' * 1
default-src 'self' www.hsnstore.com cdn.hsnstore.com hsnstore.com *.redsys.es;form-action *.redsys.es *.amazon.es *.amazon.de bancsabadell.com unicaja.es openwaylet-pre.wayletlabs.com www.paypal.com bitpay.com live.sequrapi.com www.facebook.com facebook.com connect.facebook.net secure.paytpv.com api.paycomet.com *.smart2pay.com *.giropay.de *.sofort.com www.hsnstore.com; img-src * data:;style-src 'self' 'unsafe-inline' *.hsnstore.com *.spotlersearch.com spotlersearchanalytics.com static.sooqr.com static.aws-prod.sooqr.com *.redsys.es translate.googleapis.com tagmanager.google.com fonts.googleapis.com *.googletagmanager.com;script-src 'unsafe-eval' 'self' 'unsafe-inline' blob *.queue-it.net *.cdn-apple.com *.payments-amazon.com cdn.hsnstore.com *.spotlersearch.com spotlersearchanalytics.com dynamic.sooqr.com dynamic.aws-prod.sooqr.com apis.google.com www.googletagmanager.com www.google.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net www.google-analytics.com www.salesmanago.pl www.salesmanago.es static.sooqr.com static.aws-prod.sooqr.com sealserver.trustwave.com www.youtube.com www.youtube-nocookie.com s.ytimg.com  maps.googleapis.com tpc.googlesyndication.com live.sequrapi.com tagmanager.google.com images.dmca.com static.criteo.net sslwidget.criteo.com widget.eu.criteo.com secure.paytpv.com api.paycomet.com js-agent.newrelic.com bam.eu01.nr-data.net www.gstatic.com seal.securetrust.com tracker.metricool.com sandbox.sequracdn.com sandbox.sequrapi.com live.sequracdn.com analytics.tiktok.com;font-src data: 'self' www.hsnstore.com *.cdn-apple.com cdn.hsnstore.com fonts.gstatic.com;connect-src *.redsys.es *.redsys.es:25443 *.google-analytics.com *.queue-it.net *.googlesyndication.com *.saleago.com *.criteo.com *.facebook.com *.facebook.net maps.googleapis.com firehose.eu-central-1.amazonaws.com *.amazon.com www.google-analytics.com www.google.com www.salesmanago.pl www.salesmanago.es cdn.hsnstore.com www.hsnstore.com www.facebook.com *.g.doubleclick.net graph.facebook.com api.paycomet.com cognito-identity.eu-central-1.amazonaws.com bam.eu01.nr-data.net *.analytics.google.com identitytoolkit.googleapis.com securetoken.googleapis.com www.google.es sandbox.sequracdn.com live.sequracdn.com analytics.tiktok.com;frame-src *.criteo.com td.doubleclick.net www.hsnstore.com www.hsnstore.pt www.hsnstore.it www.hsnstore.eu www.hsnstore.fr www.hsnstore.de tpc.googlesyndication.com www.google.com www.youtube.com www.youtube-nocookie.com www.facebook.com web.facebook.com connect.facebook.net www.googletagmanager.com *.g.doubleclick.net www.hsnstore.com live.sequrapi.com translate.googleapis.com accounts.google.com staticxx.facebook.com graph.facebook.com api.paycomet.com gum.criteo.com static.criteo.net sandbox.sequrapi.com sandbox.sequracdn.com live.sequracdn.com;object-src *.hsnstore.com;report-uri https://www.hsnstore.com/reportcsp/ 1
font-src *.flixcar.com *.gstatic.com *.fontawesome.com *.flixfacts.com *.flanco.ro 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.payu.ro *.facebook.com *.leanpay.ro 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com *.hotjar.com *.facebook.com *.profitshare.ro *.creativecdn.com creativecdn.com *.doubleclick.net attr-2p.com *.2performant.com *.flanco.ro *.flixcar.com *.cloudfront.net *.digital-catalogue.com *.google.com *.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com s.ytimg.com *.google.com *.google.ro *.google.nl *.facebook.com *.facebook.net *.amazonaws.com *.profitshare.ro *.googletagmanager.com *.doubleclick.net attr-2p.com *.2performant.com *.flanco.ro t.themarketer.com cdn1.themarketer.com 'self' data: http: https: blob: wss: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.mapbox.com *.googleapis.com *.newrelic.com *.nr-data.net *.google.com *.gstatic.com *.amazonaws.com *.7w.ro *.oney.ro *.profitshare.ro *.googletagmanager.com *.googleleadservices.com *.google-analytics.com *.hotjar.com *.uptrendsdata.com *.facebook.net *.facebook.com *.g.doubleclick.net *.tiktok.com *.clarity.ms attr-2p.com *.2performant.com *.flixfacts.com *.flixcar.com *.flix360.io *.flixsyndication.net *.flanco.ro *.cloudflare.com *.avada.io t.themarketer.com cdn1.themarketer.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.mapbox.com *.googleapis.com *.newrelic.com *.nr-data.net *.google.com *.gstatic.com *.amazonaws.com *.7w.ro *.profitshare.ro attr-2p.com *.2performant.com *.flixcar.com *.fontawesome.com t.themarketer.com cdn1.themarketer.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.flixcar.com *.gstatic.com *.fontawesome.com *.flixfacts.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.mapbox.com *.googleapis.com *.newrelic.com *.nr-data.net *.google.com *.gstatic.com *.amazonaws.com *.7w.ro *.oney.ro *.profitshare.ro *.uptrendsdata.com *.g.doubleclick.net *.futuredecoded.ro attr-2p.com *.2performant.com *.flanco.ro https://get.geojs.io *.avada.io t.themarketer.com cdn1.themarketer.com *.google-analytics.com http: https: blob: wss: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' catalogues.aldi.fr experience.adobe.com aldinord.experiencecloud.adobe.com; default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.gstatic.com *.crisp.chat; img-src 'self' data: *.linkedin.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.crisp.chat *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.refiner.io *.recaptcha.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.stripe.com *.crisp.chat *.gstatic.com *.gstatic.cn *.vimeo.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; connect-src *.googleadservices.com *.google.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.stripe.com *.wappalyzer.com *.amazonaws.com *.uptimerobot.com wss://*.crisp.chat *.crisp.chat *.refiner.io; worker-src 'none'; object-src 'none'; form-action 'self'; frame-ancestors 'none'; frame-src *.recaptcha.net *.stripe.com *.crisp.chat *.vimeo.com *.google.com *.refiner.io; media-src 'self' *.crisp.chat; font-src 'self' *.crisp.chat 1
default-src 'self' ; connect-src 'self' https://www.apple.com https://appleid.cdn-apple.com https://appleid.apple.com https://api.apple-cloudkit.com https://feedbackws.apple-cloudkit.com https://*.icloud-content.com https://*.icloud-content.com.cn ; font-src 'self' https://www.apple.com https://appleid.cdn-apple.com https://appleid.apple.com ; frame-src 'self' https://idmsa.apple.com https://signin.apple.com https://gsa.apple.com https://idmsa.apple.com.cn https://familyws.icloud.apple.com  https://apps.apple.com ; img-src 'self' https://www.apple.com https://appleid.cdn-apple.com data: https://*.mzstatic.com https://appleid.apple.com https://*.icloud.com ; media-src data: ; object-src 'none' ; script-src 'self' https://www.apple.com https://appleid.cdn-apple.com https://idmsa.apple.com https://signin.apple.com https://gsa.apple.com https://idmsa.apple.com.cn https://appleid.apple.com ; style-src 'unsafe-inline' 'self' https://www.apple.com https://appleid.cdn-apple.com https://appleid.apple.com ; 1
frame-ancestors http://*.ebs.co.kr https://*.ebs.co.kr http://*.ebsi.co.kr https://*.ebsi.co.kr ; 1
default-src 'self' wss: https://*.contentful.com https://*.kampyle.com wss://*.ooklaserver.net https://*.tigocloud.net https://*.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://*.crazyegg.com; frame-src 'self' https://*.tigocloud.net https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.youtube.com https://6493920.fls.doubleclick.net https://*.kampyle.com https://*.crazyegg.com https://*.tigo.com.hn https://affperformance.com; script-src 'self' blob: https://*.tigocloud.net https://*.kampyle.com https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.youtube.com https://6493920.fls.doubleclick.net https://maps.googleapis.com https://www.gstatic.com/ https://sync.smartadserver.com https://s.ytimg.com https://facebook.com/signals/iwl.js https://widget-mediator.zopim.com https://*.licdn.com 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-lfXlPY3+MCPOPb4mrw1Y961+745U3WlDQVcOXdchSQc=' https://www.clarity.ms https://eum.instana.io https://*.crazyegg.com https://*.smooch.io https://*.tigo.com.hn https://criteo.com/ https://criteo.net https://*.cybba.solutions https://ads.sonataplatform.com 'sha256-25OIC+jlMBg26yHNDU72ZiuTqGX+glEIMhmQkIVLIZo=' 'sha256-xKg/UR4652tuqfDS6s9DVAhH4iMZnCdLA1TzqcUED2I=' 'sha256-Ymh7luPady75kPPU5uQ5RYQvOXNllTuuRsNjDVhHC4s=' 'sha256-7OREd0Wq4sT0UG0sxzBKHswls3uXqC91MPDtRjDN76U=' 'sha256-FrQ57L9tMdJJ722FWKhQSqaJ3Gd4s4rKlbk+K1DW+t4=' 'sha256-+LA7KttY3gftikwDPq75IXzTd178W3yFSI1BAShkLaw=' 'sha256-aNnemuF3A5263pKH6WshB+pSuuufVASa5G2/YI/zoOI='; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com https://*.zendesk.com; img-src 'self' data: blob: https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.tigocloud.net https://*.contentful.com https://*.kampyle.com https://static.zdassets.com https://*.googletagmanager.com https://images.ctfassets.net https://stats.g.doubleclick.net https://lh3.googleusercontent.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://maps.gstatic.com https://www.facebook.com https://analytics.twitter.com https://static.ads-twitter.com https://*.speedtestcustom.com https://*.zendesk.com https://static.zdassets.com https://maps.googleapis.com https://sync.smartadserver.com https://*.zopim.io https://svr.mic.edge.com.py https://*.kampyle.com https://c.clarity.ms https://c.bing.com https://*.crazyegg.com https://affperformance.com https://*.cybba.solutions; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://fonts.googleapis.com https://*.zendesk.com https://*.tigocloud.net https://*.kampyle.com https://*.crazyegg.com; connect-src * data: https://*.crazyegg.com; object-src 'none'; form-action 'self' https://www.facebook.com; base-uri 'self' https://md-scp.kampyle.com; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' https://*.googletagmanager.com;object-src 'self' 'unsafe-inline';font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com/;img-src 'self' 'unsafe-inline' data: https://asset.gsc.com.my/ https://poster.gsc.com.my/ https://i.ytimg.com/ https://tpc.googlesyndication.com/ https://www.google.com/ https://pagead2.googlesyndication.com/ https://googleads.g.doubleclick.net/ https://*.google-analytics.com https://*.googletagmanager.com;media-src 'self' 'unsafe-inline' https://asset.gsc.com.my/;frame-src 'self' 'unsafe-inline' https://www.googleadservices.com https://securepubads.g.doubleclick.net/ https://*.safeframe.googlesyndication.com https://pagead2.googlesyndication.com/ https://tpc.googlesyndication.com/ https://www.google.com/ https://www.googleapis.com/ https://www.youtube.com/;connect-src https://analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com/ https://www.googleapis.com/ https://www.google-analytics.com/ https://securepubads.g.doubleclick.net/ https://cms.gsc.com.my/;style-src 'self' 'unsafe-inline';style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com/;script-src-elem 'self' 'unsafe-inline' https://pagead2.googlesyndication.com https://static.addtoany.com/ https://securepubads.g.doubleclick.net/ https://www.googletagmanager.com/ https://adservice.google.com/ https://www.googletagservices.com/ https://tpc.googlesyndication.com/ https://www.google.com/ https://www.gstatic.com/ 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=finance&region=US&lang=en-US&device=desktop&yrid=53h3edhja605m&partner=; 1
frame-ancestors 'self' *.oneamerica.com http://localhost:*; 1
default-src 'self' data:; font-src 'self' https://fonts.gstatic.com https://cdn.shopify.com/ https://www.mercedesamgf1.com/fonts/ https://mercedes-f1.shorthandstories.com/the-road-to-reims-1954/assets/; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' blob: https://netlify-cdp-loader.netlify.app/netlify.js https://netlify-rum.netlify.app/netlify-rum.js https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://googleads.g.doubleclick.net/ https://cookie-cdn.cookiepro.com https://embedsocial.com https://static.hotjar.com https://script.hotjar.com https://static.klaviyo.com https://static-tracking.klaviyo.com https://connect.facebook.net https://static.ads-twitter.com https://analytics.tiktok.com https://demos.shorthandstories.com https://mercedes-f1.shorthandstories.com https://iframely.shorthand.com https://analytics.shorthand.com https://news.files.bbci.co.uk; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/ https://tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://fonts.googleapis.com https://embedsocial.com https://static.klaviyo.com https://static-tracking.klaviyo.com/ https://demos.shorthandstories.com https://mercedes-f1.shorthandstories.com; img-src 'self' data: blob: https://images.ctfassets.net/ https://downloads.ctfassets.net/ https://www.mercedesamgf1.com/ www.googletagmanager.com https://ssl.gstatic.com https://fonts.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com/pagead/ https://www.google.com/ads/ https://www.google.co.uk/pagead/ https://www.google.co.uk/ads/ https://cookie-cdn.cookiepro.com https://*.cdninstagram.com https://*.fbcdn.net https://*.mercedesamgf1.com https://www.facebook.com https://analytics.twitter.com https://t.co https://picsum.photos https://fastly.picsum.photos https://demos.shorthandstories.com https://mercedes-f1.shorthandstories.com; media-src https://videos.ctfassets.net/ https://demos.shorthandstories.com https://mercedes-f1.shorthandstories.com; connect-src 'self' blob: https://images.ctfassets.net/ https://assets.ctfassets.net/ https://downloads.ctfassets.net/ https://cdn.contentful.com/spaces/ https://zbibmsjqsq-dsn.algolia.net https://zbibmsjqsq-1.algolia.net https://zbibmsjqsq-2.algolia.net https://zbibmsjqsq-3.algolia.net https://e5dqp7eju1-dsn.algolia.net https://e5dqp7eju1-1.algolia.net https://e5dqp7eju1-2.algolia.net https://e5dqp7eju1-3.algolia.net https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://*.mercedesamgf1.com https://*.klaviyo.com https://content.hotjar.io wss://ws.hotjar.com https://analytics.tiktok.com https://gateway.shorthand.com https://stats.g.doubleclick.net https://mercedes-f1.shorthandstories.com/the-road-to-reims-1954/assets/ https://ingesteer.services-prod.nsvcs.net/; frame-src 'self' https://www.youtube.com https://embedsocial.com https://td.doubleclick.net https://embed.api.video https://iframely.shorthand.com; object-src 'none'; 1
base-uri 'none'; frame-ancestors 'none'; object-src 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' playcanvas.com msg.playcanvas.com code.playcanvas.com relay.playcanvas.com https://js.stripe.com https://*.google.com https://*.google-analytics.com https://www.googletagmanager.com https://s3-eu-west-1.amazonaws.com https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src https://playcanvas.com 'self' data:; 1
upgrade-insecure-requests; block-all-mixed-content; default-src https: data: 'unsafe-inline' 'unsafe-eval'; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src 'none'; connect-src https: data: blob:; child-src https: data: blob:; 1
default-src 'self' 'unsafe-inline' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; report-uri /report-csp-violation 1
default-src *.stlouisfed.org https://*.cloudflare.com https://*.juicer.io https://*.googletagmanager.com https://*.moneysmartweek.org https://*.chicagofed.org https://*.frbdiscountwindow.org https://chicagofed.org https://frbdiscountwindow.org https://*.brightcove.net https://*.qualtrics.com  https://*.libsyn.com https://*.youtube.com https://*.appointment-plus.com  https://*.googleapis.com  https://*.google.com https://*.google-analytics.com 'self' * data:;img-src * https://public.tableau.com *.public.tableau.com *.stlouisfed.org *.brightcove.net *.boltdns.net *.akamaihd.net https://*.moneysmartweek.org https://*.chicagofed.org https://*.cloudflare.com https://*.juicer.io https://*.frbdiscountwindow.org https://*.libsyn.com https://*.youtube.com https://chicagofed.org https://*.twitter.com https://frbdiscountwindow.org https://*.qualtrics.com https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com 'self' data: blob:;connect-src *.stlouisfed.org http://manifest.prod.boltdns.net *.boltdns.net https://*.akamaihd.net *.brightcove.net *.brightcove.com  https://*.moneysmartweek.org https://*.chicagofed.org https://*.cloudflare.com https://*.juicer.io https://*.frbdiscountwindow.org https://*.gstatic.com https://chicagofed.org https://*.libsyn.com https://*.youtube.com https://*.twitter.com https://frbdiscountwindow.org https://stats.g.doubleclick.net https://*.qualtrics.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://www.gstatic.com https://*.googletagmanager.com 'self'; script-src https://p3.3playmedia.com *.p3.playmedia.com https://public.tableau.com *.public.tableau.com https://*.pigeonhole.at *.pigeonhole.at *.stlouisfed.org *.boltdns.net *.brightcove.net *.brightcove.com *.zencdn.net https://*.moneysmartweek.org https://*.chicagofed.org https://*.cloudflare.com https://*.juicer.io https://*.frbdiscountwindow.org https://data.chicagofed.org https://chicagofed.org https://*.libsyn.com https://*.youtube.com https://*.twitter.com https://frbdiscountwindow.org https://*.google-analytics.com https://*.qualtrics.com https://*.google.com https://*.googleapis.com https://www.gstatic.com https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' 'self' blob:; frame-src https://p3.3playmedia.com *.p3.playmedia.com https://public.tableau.com *.public.tableau.com https://pigeonhole.at https://*.pigeonhole.at *.stlouisfed.org https://frbanks.okta.com https://*.hapyak.com *.brightcove.net https://*.moneysmartweek.org https://*.chicagofed.org https://*.cloudflare.com https://*.juicer.io https://*.frbdiscountwindow.org https://chicagofed.org https://*.libsyn.com https://*.youtube.com https://*.appointment-plus.com https://*.twitter.com https://frbdiscountwindow.org https://*.qualtrics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com 'self';style-src *.stlouisfed.org *.brightcove.net https://*.chicagofed.org https://*.cloudflare.com https://*.juicer.io https://*.frbdiscountwindow.org https://chicagofed.org https://*.libsyn.com https://*.youtube.com https://*.twitter.com https://*.moneysmartweek.org https://frbdiscountwindow.org https://*.googleapis.com 'self' 'unsafe-inline';media-src *.stlouisfed.org *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcove.net https://*.chicagofed.org https://*.cloudflare.com https://*.juicer.io https://*.moneysmartweek.org https://*.frbdiscountwindow.org https://chicagofed.org https://*.libsyn.com https://*.youtube.com https://*.twitter.com https://frbdiscountwindow.org https://*.googleapis.com 'self' blob:; 1
connect-src 'self' https://*.wistia.com https://api.segment.io https://*.dovetail.com https://analytics.google.com https://app.getvero.com https://cdn.segment.com https://cdn.segment.io https://cdn.linkedin.oribi.io https://embedwistia-a.akamaihd.net https://sentry.io https://o74703.ingest.sentry.io https://stats.g.doubleclick.net https://www.google-analytics.com https://*.facebook.com/ https://*.algolia.net https://fonts.gstatic.com https://images.ctfassets.net https://px.ads.linkedin.com https://*.intercom.io wss://*.intercom.io https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://app.clearbit.com; default-src 'self' https://*.wistia.com https://*.wistia.net; font-src 'self' data: https://*.wistia.com https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com https://script.hotjar.com; frame-src 'self' https://*.stripe.com https://fast.wistia.com https://fast.wistia.net https://optimize.google.com https://webhook.frontapp.com/ https://www.google.com https://calendly.com https://open.spotify.com/ https://www.facebook.com https://www.youtube.com/ https://intercom-sheets.com https://*.arcade.software; img-src 'self' blob: data: https://dovetail.com https://*.stripe.com https://*.wistia.com https://*.wistia.net https://analytics.google.com https://cdn.shopify.com https://cdn.zapier.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://images.ctfassets.net https://images.unsplash.com https://optimize.google.com https://ssl.gstatic.com https://tagmanager.google.com https://www.google.ae https://www.google.at https://www.google.be https://www.google.bs https://www.google.by https://www.google.ca https://www.google.ch https://www.google.ch https://www.google.co.cr https://www.google.co.hp https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.ke https://www.google.co.kr https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.co.zw https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.br https://www.google.com.ec https://www.google.com.eg https://www.google.com.hk https://www.google.com.mx https://www.google.com.my https://www.google.com.ng https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sg https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.vn https://www.google.com https://www.google.cl https://www.google.cz https://www.google.de https://www.google.dk https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.gr https://www.google.hu https://www.google.hr https://www.google.ie https://www.google.iq https://www.google.it https://www.google.lk https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.google.tr https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://zapier-images.imgix.net https://*.linkedin.com https://*.licdn.com https://p.adsymptotic.com https://www.facebook.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com  https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://instatus.com https://*.instatus.com; media-src 'self' blob: data: https://dovetail.com https://*.wistia.com https://*.wistia.net https://*.ctfassets.net https://embedwistia-a.akamaihd.net https://js.intercomcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sentry-cdn.com https://*.stripe.com https://*.wistia.com https://*.wistia.net https://api.segment.io https://cdn.segment.com https://cdn.segment.io https://optimize.google.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://*.linkedin.com https://*.licdn.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://*.intercom.io https://js.intercomcdn.com https://accounts.google.com/gsi/client https://tag.clearbitscripts.com https://x.clearbitjs.com; style-src 'self' 'unsafe-inline' blob: https://fast.wistia.com https://fonts.googleapis.com https://optimize.google.com https://tagmanager.google.com; worker-src 'self' blob: 1
default-src data: 'self' *.summitbb.com *.speedtestcustom.com *.wp.com;     script-src 'self' 'unsafe-inline' 'unsafe-eval' *.summitbb.com *.speedtestcustom.com *.vimeo.com *.googleapis.com *.google.com *.gstatic.com *.facebook.com *.facebook.net *.googletagmanager.com *.google-analytics.com         *.cloudflare.com *.youtube.com *.leadforensics.com *.liadm.com *.simpli.fi *.canddi.com;     style-src 'self' 'unsafe-inline' *.summitbb.com *.speedtestcustom.com *.mypurecloud.com *.cloudflare.com *.wp.com *.googleapis.com *.gstatic.com;     img-src data: 'self' * *.summitbb.com *.speedtestcustom.com;     font-src 'self' data: *.summitbb.com *.speedtestcustom.com *.mypurecloud.com *.wp.com *.gstatic.com;     child-src 'self' blob: data: *.summitbb.com *.speedtestcustom.com;     connect-src 'self' wss: *.summitbb.com *.speedtestcustom.com google.com *.mypurecloud.com *.google.com *.linkedin.com *.doubleclick.net *.googleadservices.com vimeo.com *.google-analytics.com *.gstatic.com *.googleapis.com *.liadm.com;     media-src data: 'self' *.summitbb.com *.speedtestcustom.com *.vimeo.com *.vimeocdn.com;     frame-src 'self' *.attspoc.com *.summit-broadband.com *.summitbb.com *.speedtestcustom.com *.paylocity.com *.doubleclick.net *.googletagmanager.com *.wordpress.com *.elementor.com *.vimeo.com *.google.com *.youtube.com *.aha-images.com *.facebook.com *.facebook.net;     script-src-elem 'unsafe-inline' data: *.demandbase.com *.mypurecloud.com *.googleadservices.com *.crowdfiber.io *.doubleclick.net *.vimeo.com 'self' *.summit-broadband.com *.licdn.com *.summitbb.com *.speedtestcustom.com *.wp.com *.cloudflare.com *.googleapis.com *.google.com *.gstatic.com *.facebook.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.youtube.com         *.leadforensics.com *.liadm.com *.simpli.fi *.canddi.com; 1
default-src 'self' go.sg https://www.shorthand.com *.shorthandstories.com https://cdn1.readspeaker.com https://api.data.gov.sg/; script-src apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://s.ytimg.com https://publish.twitter.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net unpkg.com/@frontify/ https://www.cloudinary.com gov.sg embedsocial.com https://www.embedsocial.com googletagmanager.com https://www.googletagmanager.com readspeaker.com https://www.dcube.cloud https://www.onemap.gov.sg https://www.google-analytics.com https://*.tile.openstreetmap.org twimg.com https://api.data.gov.sg/ *.readspeaker.com https://assets.wogaa.sg/ https://webchat.vica.gov.sg/ *.shorthandstories.com https://www.shorthand.com https://iframely.shorthand.com/ https://analytics.shorthand.com/ https://gateway.shorthand.com/ 'self' web-chat.nativechat.com *.eloqua.com *.en25.com cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ embedsocial.com https://www.embedsocial.com https://www.dcube.cloud https://www.onemap.gov.sg googleapis.com gstatic.com twimg.com https://cdn1.readspeaker.com https://app-eas.readspeaker.com/ https://rstts-eas.readspeaker.com https://media-eas.readspeaker.com https://www.app-eas.readspeaker.com https://assets.wogaa.sg/ https://webchat.vica.gov.sg/ *.shorthandstories.com https://www.shorthand.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ data: blob: https://www.insight.sitefinity.com https://www.dec.sitefinity.com gov.sg https://www.gov.sg https://www.frontify.com https://www.cloudinary.com https://www.youtube.com https://www.facebook.com https://*.tile.openstreetmap.org https://www.google.com.sg https://www.google.com https://img.youtube.com gstatic.com googleapis.com *.shorthandstories.com https://www.shorthand.com https://www.googletagmanager.com twimg.com 'self' web-chat.nativechat.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://www.google.com.sg; frame-src embedsocial.com https://www.embedsocial.com https://www.youtube.com https://www.twitter.com https://www.facebook.com https://www.onemap.gov.sg https://www.shorthand.com https://www.shorthandstories.com https://cdn1.readspeaker.com https://app-eas.readspeaker.com/ https://rstts-eas.readspeaker.com https://media-eas.readspeaker.com https://www.app-eas.readspeaker.com 'self' web-chat.nativechat.com forms.hsforms.com; connect-src data: accounts.google.com https://www.mktoresp.com https://www.frontify.com https://www.cloudinary.com sharethis.com https://www.sharethis.com gov.sg https://www.youtube.com https://www.facebook.com https://www.shorthandstories.com https://www.app-eas.readspeaker.com https://www.stats.g.doubleclick.net https://www.google.com.sg https://www.google.com https://www.analytics.google.com https://analytics.google.com https://stats.g.doubleclick.net https://api.data.gov.sg gstatic.com https://www.googletagmanager.com https://assets.wogaa.sg/ https://webchat.vica.gov.sg/ https://chat.vica.gov.sg/ wss://chat.vica.gov.sg/ *.readspeaker.com https://app-eas.readspeaker.com/ https://snowplow-web.wogaa.sg/ https://rstts-eas.readspeaker.com https://bucket-vica.vica.gov.sg/ *.shorthandstories.com https://www.shorthand.com https://gateway.shorthand.com/ 'self' forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://www.frontify.com https://www.cloudinary.com https://www.youtube.com https://www.facebook.com https://www.shorthand.com https://www.shorthandstories.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.frontify.com cloudinary.com https://www.cloudinary.com embedsocial.com https://www.embedsocial.com https://www.youtube.com https://www.facebook.com https://www.twitter.com https://www.facebook.com/ https://web.facebook.com/ https://cdn1.readspeaker.com https://app-eas.readspeaker.com/ https://rstts-eas.readspeaker.com https://media-eas.readspeaker.com https://www.app-eas.readspeaker.com 'self' web-chat.nativechat.com; form-action 'self' https://login.microsoftonline.com https://www-origin.www.gov.sg https://www.gov.sg https://web-intranet.www.gov.sg https://cdn1.readspeaker.com https://app-eas.readspeaker.com; frame-ancestors 'self' embedsocial.com https://www.embedsocial.com https://www.youtube.com https://www.twitter.com https://www.facebook.com https://www.shorthand.com https://www.shorthandstories.com https://cdn1.readspeaker.com https://app-eas.readspeaker.com/ https://rstts-eas.readspeaker.com https://media-eas.readspeaker.com https://www.app-eas.readspeaker.com; object-src 'self' 1
frame-ancestors 'self' regeneron-com-admin.intouchsol.net admin.regeneron.com 1
policy-uri /'self' 1
default-src 'self' *.jsdelivr.net *.wistia.com fast.wistia.net embed-fastly.wistia.com embedwistia-a.akamaihd.net *.zohopublic.com *.zoho.com *.tile.openstreetmap.org http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.customer.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' datawrapper.dwcdn.net *.facebook.net *.gstatic.com *.google.com *.google-analytics.com *.typekit.com *.addthis.com *.addthisedge.com *.chartbeat.com *.infogram.com *.jquery.com unpkg.com *.newrelic.com *.nr-data.net *.formstack.com *.googleapis.com *.amazonaws.com *.wnyc.org *.cloudflare.com *.twitter.com *.twimg.com airtable.com *.airtable.com *.addthis.com *.moatads.com *.flourish.studio *.uri.sh *.jsdelivr.net *.wistia.com fast.wistia.net embed-fastly.wistia.com embedwistia-a.akamaihd.net d3js.org *.zohopublic.com *.zoho.com  *.customink.com customink.com *.googletagmanager.com googletagmanager.com *.tile.openstreetmap.org *.hotjar.io *.hotjar.com *.customer.io  *.gleap.io *.pagesense.io *.infogr.am; object-src 'self' 'unsafe-inline' *.google.com *.google-analytics.com *.googleapis.com *.wnyc.org *.twitter.com airtable.com *.airtable.com *.wistia.com fast.wistia.net embed-fastly.wistia.com embedwistia-a.akamaihd.net *.zohopublic.com *.zoho.com *.tile.openstreetmap.org *.customer.io; style-src 'self' 'unsafe-inline' unpkg.com *.formstack.com *.google.com *.googleapis.com *.wnyc.org *.twitter.com airtable.com *.airtable.com *.typekit.net *.wistia.com *.wistia.net *.wistia.com fast.wistia.net embed-fastly.wistia.com embedwistia-a.akamaihd.net *.zohopublic.com *.zoho.com *.tile.openstreetmap.org *.customer.io; img-src 'self' 'unsafe-inline' data: cookpolitical.com *.facebook.com *.twimg.com *.typekit.net *.google-analytics.com *.doubleclick.net *.chartbeat.net *.tinypic.com *.wmflabs.org *.formstack.com *.amazonaws.com *.googleapis.com *.wnyc.org *.addthis.com *.twitter.com airtable.com *.airtable.com *.dacast.com *.wistia.net *.wistia.com *.wistia.com fast.wistia.net embed-fastly.wistia.com embedwistia-a.akamaihd.net *.zohopublic.com *.zoho.com  *.tile.openstreetmap.org *.hotjar.com  *.hotjar.io *.customer.io *.google.ca/*; media-src 'self' 'unsafe-inline' *.formstack.com *.google.com  *.google-analytics.com *.googleapis.com *.twitter.com airtable.com *.airtable.com *.dacast.com *.wistia.com fast.wistia.net embed-fastly.wistia.com embedwistia-a.akamaihd.net *.zohopublic.com *.zoho.com *.tile.openstreetmap.org *.hotjar.com  *.hotjar.io *.customer.io *.google.jo; frame-src 'self' 'unsafe-inline' datawrapper.dwcdn.net *.addthis.com *.google.com *.infogram.com *.jquery.com *.formstack.com  *.google-analytics.com *.googleapis.com *.wnyc.org *.twitter.com airtable.com *.airtable.com *.c-span.org *.youtube.com vekeo.com *.moatads.com *.teleforumonline.com *.vekeo.com *.flourish.studio *.uri.sh *.dacast.com *.wistia.com fast.wistia.net embed-fastly.wistia.com embedwistia-a.akamaihd.net *.zohopublic.com *.zoho.com *.customink.com customink.com *.facebook.com facebook.com *.tile.openstreetmap.org  *.hotjar.com *.hotjar.io *.customer.io *.infogr.am adm0.page.link host2.adimpact.com td.doubleclick.net; frame-ancestors 'self' *.formstack.com *.google.com  *.google-analytics.com *.googleapis.com *.wnyc.org *.twitter.com airtable.com *.airtable.com *.vekeo.com *.dacast.com *.wistia.net *.fast.wistia.com *.wistia.com *.wistia.com fast.wistia.net embed-fastly.wistia.com embedwistia-a.akamaihd.net *.zohopublic.com *.zoho.com *.customink.com customink.com  *.tile.openstreetmap.org *.customer.io; child-src *.wistia.com *.wistia.net *.wistia.com fast.wistia.net embed-fastly.wistia.com embedwistia-a.akamaihd.net *.zohopublic.com *.zoho.com  *.tile.openstreetmap.org *.customer.io; font-src 'self' 'unsafe-inline' *.typekit.com *.googleapis.com *.gstatic.com *.twitter.com airtable.com *.airtable.com *.typekit.net data:  *.wistia.com fast.wistia.net embed-fastly.wistia.com embedwistia-a.akamaihd.net *.zohopublic.com *.zoho.com *.tile.openstreetmap.org http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.customer.io; connect-src 'self' 'unsafe-inline' datawrapper.dwcdn.net *.addthis.com *.typekit.net *.google.com *.google-analytics.com *.googleapis.com *.wnyc.org *.twitter.com *.doubleclick.net airtable.com *.airtable.com *.newrelic.com bam.nr-data.net *.jsdelivr.net *.wistia.net *.wistia.com *.zohopublic.com *.zoho.com *.nr-data.net nr-data.net  *.tile.openstreetmap.org http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io *.hotjar.io wss://*.hotjar.com *.customer.io  *.gleap.io; report-uri /report-csp-violation 1
frame-ancestors 'self'; report-uri https://www.hec.edu/en/report-uri/enforce 1
frame-ancestors 'self' *.yourpayroll.com.au ; 1
default-src 'self';  script-src  'self' https:       'unsafe-inline' 'unsafe-eval';  style-src   'self' https:       'unsafe-inline';  font-src    'self' https: data: 'unsafe-inline';  img-src     'self' https: data:;  connect-src 'self' https:;  frame-src   'self' https:;  media-src   'self' https:;  form-action 'self' https:; base-uri    'self';  frame-ancestors 'self' https:;  object-src  'none'; 1
default-src 'self'; font-src * data:; frame-ancestors 'self'; connect-src *; frame-src 'self' https://widget.stackla.com https://hosted.where2getit.com https://*.doubleclick.net https://insight.adsrvr.org https://*.pinterest.com; img-src * data:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.dotomi.com https://connect.facebook.net https://contentz.mkt932.com https://app.everviz.com https://code.highcharts.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinimg.com https://js.adsrvr.org https://analytics.tiktok.com https://*.cookielaw.org https://cdn.jsdelivr.net https://vjs.zencdn.net https://staging-assetscdn.stackla.com https://assetscdn.stackla.com https://*.pages03.net;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.dotomi.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinimg.com https://js.adsrvr.org https://analytics.tiktok.com https://*.cookielaw.org https://cdn.jsdelivr.net https://vjs.zencdn.net https://staging-assetscdn.stackla.com https://assetscdn.stackla.com https://*.pages03.net;  style-src-elem 'self' 'unsafe-inline' *;  style-src 'self' 'unsafe-inline' *; 1
default-src *; style-src 'self' *.vica.gov.sg assets.wogaa.sg assets.juicer.io va.ecitizen.gov.sg fonts.googleapis.com *.onemap.sg unpkg.com www.google.com 'unsafe-inline' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline'; script-src 'self' *.vica.gov.sg assets.wogaa.sg assets.juicer.io assets.adobedtm.com s7.addthis.com va.ecitizen.gov.sg https://www.google-analytics.com/analytics.js v1.addthisedge.com *.addthis.com z.moatads.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js *.onemap.sg fontawesome www.gstatic.com gstatic.com https://kit.fontawesome.com/7329f83c99.js https://www.gstatic.com/recaptcha/releases/qc5B-qjP0QEimFYUxcpWJy5B/recaptcha__en.js  https://www.gstatic.com/recaptcha/releases/r8jtf1oixV0IGff4hgB4EzDF/recaptcha__en.js https://www.google-analytics.com http://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://google-analytics.com unpkg skyrisegreenery ajax.googleapis.com connect.facebook.net graph.facebook.com imaven.nparks.gov.sg assets.adobedtm.com maps.googleapis.com cdnjs.cloudflare.com *.google.com google.com www.google.com *.wogaa.sg 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com 'unsafe-inline';font-src * 'self' static.juicer.io assets.wogaa.sg fonts.gstatic.com data:;img-src * 'self' data: 1
script-src 'self' *.doubleclick.net *.google-analytics.com *.bing.com *.facebook.net *.outbrain.com *.mathtag.com *.proofpoint.com *.clarity.com *.treasuredata.com *.clarity.ms *.licdn.com *.yellowmessenger.com *.googletagmanager.com *.youtube.com *.googleapis.com *.google.com *.gstatic.com *.paytm.in *.paytmpayments.com *.paytmpayments.com *.googlesyndication.com *.googleadservices.com *.ads-twitter.com *.optimizely.com *.visualwebsiteoptimizer.com 'unsafe-inline' 'unsafe-eval' blob: ; 1
default-src 'self' *.zopim.com wss://*.zopim.com; script-src 'unsafe-inline' 'unsafe-eval' www.idecan.org.br idecan.org.br site-idecan-antigo.azurewebsites.net localhost:8000 www.google-analytics.com ajax.googleapis.com *.zopim.com; img-src 'self' www.google-analytics.com idecan.s3.amazonaws.com *.zopim.com; style-src 'unsafe-inline' www.idecan.org.br idecan.org.br site-idecan-antigo.azurewebsites.net localhost:8000; 1
frame-src 'self' www.youtube.com www.google.com www.facebook.com 1
frame-ancestors 'self' https://*.facebook.com https://*.messenger.com 1
connect-src 'self' * ws: blob:; 1
default-src 'self' adservice.google.com app.vwo.com *.azureedge.net blob: data: *.dynamics.com feedback-api.lumoa.me fonts.googleapis.com *.litix.io maps.googleapis.com *.ninchat.com ninchat.com pagead2.googlesyndication.com *.sleeknote.com staz-ada-we-fe-test-www-app.azurewebsites.net:* terveystalo.piwik.pro *.visualwebsiteoptimizer.com *.zef.fi *.wistia.com;script-src 'self' app.vwo.com *.azureedge.net blob cdn.pushcrew.com dynamics.com googleads.g.doubleclick.net/pagead/viewthroughconversion* googleadservices.com/pagead/conversion* googletagmanager.com/gtag/js fast.wistia.net *.jobylon.com *.lfeeder.com maps.googleapis.com ninchat.com s2.adform.net/banners/scripts/st/trackpoint-async.js *.sleeknote.com terveystalo.piwik.pro terveystalo.containers.piwik.pro track.adform.net *.visualwebsiteoptimizer.com *.wistia.com 'nonce-vdv4COVmcDYZNsgpxJkh0yhTiosr84VFPspxLz+sA3U=' 'unsafe-eval' 'unsafe-inline';style-src 'self' ninchat.s3.amazonaws.com app.vwo.com analytics-consent-manager.azureedge.net analytics-consent-manager-test.azureedge.net analytics-consent-manager-prod.azureedge.net fonts.googleapis.com ninchat.com sleeknotestaticcontent.sleeknote.com terveystalo.containers.piwik.pro *.visualwebsiteoptimizer.com 'unsafe-inline';font-src 'self' assets.terveystalo.com data: fonts.gstatic.com ninchat.com sleeknotestaticcontent.sleeknote.com staz-ada-we-fe-test-www-app.azurewebsites.net:* terveystalo.containers.piwik.pro *.wistia.com;img-src 'self' analytics.sleeknote.com app.vwo.com azureedge.net blob: data: dev.visualwebsiteoptimizer.com *.dynamics.com google.com www.google.com google.fi www.google.fi *.googletagmanager.com i.ytimg.com *.jobylon.com *.lfeeder.com maps.googleapis.com maps.gstatic.com *.piwik.pro *.sleeknote.com storage.zef.fi *.terveystalo.com *.wistia.com;frame-ancestors 'self' https://*.terveystalo.com;frame-src 'self' analytics-consent-manager.azureedge.net analytics-consent-manager-test.azureedge.net analytics-consent-manager-prod.azureedge.net analytics-consent-manager-v2-prod.azureedge.net app.vwo.com apps.myzef.com cdn.jobylon.com e.infogram.com *.google.com fast.wistia.net *.investis.com news.alertir.com ninchat.com *.sleeknote.com *.svc.dynamics.com terveystalo.gw.efectecloud.com td.doubleclick.net track.adform.net *.visualwebsiteoptimizer.com zef.fi *.zef.fi *.youtube.com 1
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' 1cbo.ru app.1cbo.ru stage.1cbo.ru dev.1cbo.ru edu.1cbo.ru edu2.1cbo.ru edu3.1cbo.ru edu4.1cbo.ru 1cbo.1c.ru metrika.yandex.ru webvisor.ru webvisor.com info.1cbo.ru cabinet.1cbo.ru 1
frame-ancestors https://app.ctmdev.us https://app.calltrackingmetrics.com https://app.ctm.ninja https://calltrackingmetrics.channeltivity.com 1
default-src 'self' 'unsafe-inline' data: *.friendlycaptcha.com *.kameleoon.io *.doubleclick.net google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat  *.googlesyndication.com *.run.app *.googleapis.com *.akamaihd.net *.crossengage.io *.usercentrics.eu *.google-analytics.com *.gstatic.com *.hotjar.com *.hotjar.io *.kameleoon.com *.kameleoon.eu *.dat.de *.datgroup.com *.fairgarage.de *.fairgarage.com *.b-ite.com *.leadlab.click; form-action 'self' *.dat.de *.datgroup.com *.twitter.com *.cleverreach.com mailings.dat.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleadservices.com *.crossengage.io *.usercentrics.eu *.mouseflow.com *.akamaihd.net *.kameleoon.com *.kameleoon.eu *.hotjar.com *.hotjar.io *.kameleoon.eu *.dat.de *.datgroup.com *.twitter.com *.twimg.com *.fairgarage.de *.fairgarage.com *.b-ite.com *.leadlab.click *.googletagmanager.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com; style-src 'unsafe-inline' 'self' *.kameleoon.com *.kameleoon.eu *.googleapis.com *.twitter.com *.twimg.com *.googleapis.com *.fairgarage.de *.fairgarage.com *.dat.de *.datgroup.com *.googletagmanager.com *.google-analytics.com; worker-src data: 'self' *.dat.de *.datgroup.com *.twitter.com *.youtube.com *.google.com *.vimeo.com blob: 'self' *.dat.de *.datgroup.com; frame-src data: 'self' *.doubleclick.net *.hotjar.com *.hotjar.io *.dat.de *.datgroup.com *.twitter.com *.youtube.com *.youtube-nocookie.com *.google.com *.vimeo.com; img-src 'self' data: *.googleadservices.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.doubleclick.net *.akamaihd.net *.googletagmanager.com *.dat.de *.datgroup.com *.usercentrics.eu *.google.com *.googleapis.com *.gstatic.com *.kameleoon.com *.kameleoon.eu *.hotjar.com *.hotjar.io *.datgroup.com *.twimg.com *.twitter.com *.fairgarage.de *.fairgarage.com *.google-analytics.com; font-src 'self' data: *.fairgarage.com; object-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com audioeye.com *.lisa-cdn.net *.turnto.eu *.turnto.com *.edgecastcdn.net *.lisa-api.net api.hello-lisa.com *.audioeye.com cdnjs.cloudflare.com *.bing.com *.btttag.com *.cloudfront.net cloudfront.net *.coach.com coach.com criteo.com criteo.net *.criteo.net *.criteo.com *.facebook.com *.facebook.net *.forter.com *.google.com *.gstatic.com *.google.co.uk www.google.at www.google.dk www.google.ie www.google.ca www.google.co.in www.google.ae *.google.es *.google.no www.google.gr www.google.se www.googleadservices.com googleapis.com *.googleapis.com *.cloudfunctions.net www.googletagmanager.com *.google-analytics.com www.yext-pixel.com klarna.com *.klarna.com klarnacdn.net *.klarnacdn.net klarnaevt.com *.klarnaevt.com klarnaservices.com *.klarnaservices.com *.optimizely.com optimizely.com *.paypal.com www.paypalobjects.com *.qualtrics.com *.quantummetric.com *.force.com *.my.salesforce.com *.salesforceliveagent.com *.my.salesforce-sites.com *.twitter.com ads-twitter.com static.ads-twitter.com t.co cdnwidget.com *.cdnwidget.com pippio.com bounceexchange.com *.bounceexchange.com bouncex.net events.bouncex.net *.cquotient.com cquotient.com doubleclick.net *.doubleclick.net *.google.de *.google.nl jsdelivr.net *.jsdelivr.net *.katespade.com *.katespade.co.uk katespade.com linksynergy.com *.linksynergy.com cdnbasket.net *.cdnbasket.net cookielaw.org cdn.cookielaw.org *.onetrust.com onetrust.com pinimg.com s.pinimg.com www.pinterest.com ct.pinterest.com *.rakuten.com force.com smct.co *.smct.co *.tiktok.com tiktok.com smct.io *.smct.io techlab-cdn.com p11.techlab-cdn.com wknd.ai tag.wknd.ai static.goqubit.com *.qubit.com *.qubitproducts.com *.drivecommerce.com *.amplience.net *.tangiblee.com services.postcodeanywhere.co.uk api.pinpiaa.com api.soreto.com api.addressy.com *.adyen.com *.cnstrc.com cnstrc.com *.bigcontent.io tapes11111.pcapredict.com realtimeanalytics.yext.com prod-cdn.us.yextapis.com main-de-coach-com-pagescdn-com.preview.pagescdn.com www.linkedin.com *.creativecdn.com creativecdn.com *.mktgcdn.com *.medallia.com *.kampyle.com consent.nxtck.com *.stylitics.com code.jquery.com *.attn.tv *.scene7.com static.lisa-cdn.net katespade-uk.loveslisa.tech events.attentivemobile.com *.upsellit.com *.gocertify.me *.bluecore.app *.bluecore.com bluecore.com bluecore.app *.tapestry.com *.turnto.com *.edgecastcdn.net *.pixlee.co *.yext.com *.yextapis.com *.yextevents.com *.yext-pixel.com *.mktgcdn.com *.pixlee.com *.pixleeteam.com *.pxlecdn.com data: blob:; 1
default-src 'none'; connect-src 'self' blob: *.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru *.adfox.ru yastat.net yandex.ru yandex.com yandexmetrica.com:30103 yandexmetrica.com:29010 ymetrica.com ymetrica1.com ymetrica2.com https://mc.yandex.ru verify.yandex.ru *.ttwstatic.com https://attestation.android.com *.google-analytics.com www.googletagmanager.com *.yandex.kz *.yandex.net *.yandex.com vk.com *.tiktokcdn.com *.ibytedtos.com *.tiktok.com gdepapa8 googleads4.g.doubleclick.net adservice.google.ru adservice.google.com https://rutube.ru googleads.g.doubleclick.net *.googlesyndication.com *.googleadservices.com payselection.com *.payselection.com gdepapa9 gdepapa.ru yoomoney.ru auth.robokassa.ru api-maps.yandex.ru http://www.youtube.com youtube.com *.youtube.com youtu.be counter.yadro.ru cdn.ampproject.org *.google.com *.google.ru *.gstatic.com www.googletagservices.com *.googleapis.com informer.yandex.ru avatars.mds.yandex.net mc.yandex.ru mc.yandex.by mc.yandex.ua mc.yandex.md mc.yandex.fr ; frame-src awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru *.adfox.ru yastat.net https://mc.yandex.ru verify.yandex.ru *.ttwstatic.com https://attestation.android.com *.google-analytics.com www.googletagmanager.com *.yandex.kz *.yandex.net *.yandex.com vk.com *.tiktokcdn.com *.ibytedtos.com *.tiktok.com gdepapa8 googleads4.g.doubleclick.net adservice.google.ru adservice.google.com https://rutube.ru googleads.g.doubleclick.net *.googlesyndication.com *.googleadservices.com payselection.com *.payselection.com gdepapa9 gdepapa.ru yoomoney.ru auth.robokassa.ru api-maps.yandex.ru http://www.youtube.com youtube.com *.youtube.com youtu.be counter.yadro.ru cdn.ampproject.org *.google.com *.google.ru *.gstatic.com www.googletagservices.com *.googleapis.com informer.yandex.ru avatars.mds.yandex.net mc.yandex.ru mc.yandex.by mc.yandex.ua mc.yandex.md mc.yandex.fr ; img-src * data: android-webview-video-poster: ;media-src strm.yandex.ru *.strm.yandex.ru yandex.ru yandex.st yastatic.net *.adfox.ru yastat.net yandex.com data: blob: https://mc.yandex.ru verify.yandex.ru *.ttwstatic.com https://attestation.android.com *.google-analytics.com www.googletagmanager.com *.yandex.kz *.yandex.net *.yandex.com vk.com *.tiktokcdn.com *.ibytedtos.com *.tiktok.com gdepapa8 googleads4.g.doubleclick.net adservice.google.ru adservice.google.com https://rutube.ru googleads.g.doubleclick.net *.googlesyndication.com *.googleadservices.com payselection.com *.payselection.com gdepapa9 gdepapa.ru yoomoney.ru auth.robokassa.ru api-maps.yandex.ru http://www.youtube.com youtube.com *.youtube.com youtu.be counter.yadro.ru cdn.ampproject.org *.google.com *.google.ru *.gstatic.com www.googletagservices.com *.googleapis.com informer.yandex.ru avatars.mds.yandex.net mc.yandex.ru mc.yandex.by mc.yandex.ua mc.yandex.md mc.yandex.fr ; script-src 'unsafe-inline' 'unsafe-eval' an.yandex.ru yandex.st yastatic.net *.adfox.ru yastat.net yandex.ru https://mc.yandex.ru verify.yandex.ru *.ttwstatic.com https://attestation.android.com *.google-analytics.com www.googletagmanager.com *.yandex.kz *.yandex.net *.yandex.com vk.com *.tiktokcdn.com *.ibytedtos.com *.tiktok.com gdepapa8 googleads4.g.doubleclick.net adservice.google.ru adservice.google.com https://rutube.ru googleads.g.doubleclick.net *.googlesyndication.com *.googleadservices.com payselection.com *.payselection.com gdepapa9 gdepapa.ru yoomoney.ru auth.robokassa.ru api-maps.yandex.ru http://www.youtube.com youtube.com *.youtube.com youtu.be counter.yadro.ru cdn.ampproject.org *.google.com *.google.ru *.gstatic.com www.googletagservices.com *.googleapis.com informer.yandex.ru avatars.mds.yandex.net mc.yandex.ru mc.yandex.by mc.yandex.ua mc.yandex.md mc.yandex.fr adservice.google.ro adservice.google.co.id themes.googleusercontent.com ssl.google-analytics.com adservice.google.nl adservice.google.com.cy adservice.google.pl adservice.google.kg adservice.google.cz  adservice.google.com.au adservice.google.md adservice.google.lt adservice.google.com.ph adservice.google.fr adservice.google.com.tj adservice.google.rs adservice.google.co.uk adservice.google.com.vn adservice.google.fi adservice.google.es adservice.google.ee adservice.google.ge adservice.google.sk adservice.google.de adservice.google.kz adservice.google.com.ua *.google.az https://yandexmetrica.com https://yandexmetrica.com:30103 https://yandexmetrica.com:29010 https://ymetrica1.com https://ymetrica2.com https://ymetrica.com ; style-src 'unsafe-inline' 'unsafe-eval' yandex.st yastatic.net *.adfox.ru yastat.net https://mc.yandex.ru verify.yandex.ru *.ttwstatic.com https://attestation.android.com *.google-analytics.com www.googletagmanager.com *.yandex.kz *.yandex.net *.yandex.com vk.com *.tiktokcdn.com *.ibytedtos.com *.tiktok.com gdepapa8 googleads4.g.doubleclick.net adservice.google.ru adservice.google.com https://rutube.ru googleads.g.doubleclick.net *.googlesyndication.com *.googleadservices.com payselection.com *.payselection.com gdepapa9 gdepapa.ru yoomoney.ru auth.robokassa.ru api-maps.yandex.ru http://www.youtube.com youtube.com *.youtube.com youtu.be counter.yadro.ru cdn.ampproject.org *.google.com *.google.ru *.gstatic.com www.googletagservices.com *.googleapis.com informer.yandex.ru avatars.mds.yandex.net mc.yandex.ru mc.yandex.by mc.yandex.ua mc.yandex.md mc.yandex.fr ; font-src 'self' data: an.yandex.ru yastatic.net yastat.net https://mc.yandex.ru verify.yandex.ru *.ttwstatic.com https://attestation.android.com *.google-analytics.com www.googletagmanager.com *.yandex.kz *.yandex.net *.yandex.com vk.com *.tiktokcdn.com *.ibytedtos.com *.tiktok.com gdepapa8 googleads4.g.doubleclick.net adservice.google.ru adservice.google.com https://rutube.ru googleads.g.doubleclick.net *.googlesyndication.com *.googleadservices.com payselection.com *.payselection.com gdepapa9 gdepapa.ru yoomoney.ru auth.robokassa.ru api-maps.yandex.ru http://www.youtube.com youtube.com *.youtube.com youtu.be counter.yadro.ru cdn.ampproject.org *.google.com *.google.ru *.gstatic.com www.googletagservices.com *.googleapis.com informer.yandex.ru avatars.mds.yandex.net mc.yandex.ru mc.yandex.by mc.yandex.ua mc.yandex.md mc.yandex.fr ; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.dinamani.com;block-all-mixed-content; 1
connect-src 'self' https:; default-src 'none'; child-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.globalrelay.com cookie-cdn.cookiepro.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.greenhouse.io *.doubleclick.net *.licdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src  'self' 'unsafe-inline' fonts.gstatic.com  data: ; media-src 'self'  blob:; form-action 'self'; frame-ancestors 'self' login.globalrelay.com ecm.login.globalrelay.com trmc.login.globalrelay.com compliance.login.globalrelay.com controlcenter.globalrelay.com preprod.globalrelay.com dev.globalrelay.com staging.globalrelay.com; frame-src 'self' *.globalrelay.com forms.globalrelay.com cloud.email.globalrelay.com resources.globalrelay.com preprod.globalrelay.com dev.globalrelay.com staging.globalrelay.com globalrelay.turtl.co *.greenhouse.io *.megaphone.fm *.youtube.com *.youtube-nocookie.com *.doubleclick.net *.gotoassist.com; 1
default-src 'none'; script-src 'unsafe-inline' 'self' parlament.web-analytics.ch 'unsafe-eval' ws.parlament.ch www.google.com www.gstatic.com map.geo.admin.ch siteimproveanalytics.com script.crazyegg.com pagestates-tracking.crazyegg.com assets-tracking.crazyegg.com; connect-src 'self' https://par-pcache.simplex.tv ws.parlament.ch api.metagrid.ch map.geo.admin.ch parlament.web-analytics.ch script.crazyegg.com tracking.crazyegg.com pagestates-tracking.crazyegg.com assets-tracking.crazyegg.com; img-src 'self' www.idelec.ch idweb.ch googleapis.com storage.googleapis.com data: parlament.web-analytics.ch 6050425.global.siteimproveanalytics.io; style-src 'unsafe-inline' 'self' fonts.googleapis.com; font-src 'self'; child-src 'self' blob: www.parlament.ch smartmonitor-pd.smartvote.ch par-pcache.simplex.tv matterport.com my.matterport.com; frame-src 'self' blob: smartmonitor-pd.smartvote.ch par-pcache.simplex.tv app.powerbi.com pldembedded.azurewebsites.net www.youtube.com map.geo.admin.ch www.google.com matterport.com my.matterport.com; object-src 'self'; media-src 'self'; manifest-src 'self'; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https:; 1
default-src 'self';img-src 'self' data:;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' https://*.snb.ch;frame-src 'self' https://*.snb.ch;connect-src 'self' https://analytics.snb.ch;font-src 'self' data: 1
default-src 'self' 'unsafe-inline' data: blob:  *.clarity.ms *.cloudflare.com *.yoast.com yoast.com *.tiktok.com *.hotjar.io *.google.com wp-rocket.me *.wistia.com *.litix.io *.helpscout.net distillery.wistia.com *.cloudfront.net *.googletagmanager.com *.mouseflow.com *.hotjar.com *.google-analytics.com *.facebook.net *.pushwoosh.com *.gstatic.com *.doubleclick.net *.youtube.com *.jsdelivr.net; style-src 'self' 'unsafe-inline' use.fontawesome.com *.jsdelivr.net *.google.com *.googletagmanager.com *.mouseflow.com *.gstatic.com *.hotjar.com *.google-analytics.com *.facebook.net *.pushwoosh.com *.googleapis.com *.doubleclick.net *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:  www.clarity.ms *.cloudflare.com *.yoast.com yoast.com *.tiktok.com *.hotjar.io cdn.jsdelivr.net fast.wistia.com beacon-v2.helpscout.net wp-rocket.me *.googleapis.com *.googletagmanager.com *.mouseflow.com *.hotjar.com *.gstatic.com *.google-analytics.com *.facebook.net *.pushwoosh.com *.google.com *.doubleclick.net *.youtube.com; object-src 'self' 'unsafe-inline'; img-src 'self' blob: data: *.gravatar.com *.bing.com *.clarity.ms *.jsdelivr.net wp-rocket.me *.wistia.com *.wistia.com *.facebook.com *.doubleclick.net *.googleapis.com *.googletagmanager.com *.mouseflow.com *.hotjar.com *.gstatic.com *.google-analytics.com *.facebook.net *.pushwoosh.com *.google.com *.google.com.eg *.youtube.com; font-src 'self' data: *.gstatic.com *.fontawesome.com; 1
default-src 'self'; child-src 'self' blob:; connect-src 'self' https://my2.siteimprove.com https://bam-cell.nr-data.net https://www.google-analytics.com https://js.arcgis.com https://services1.arcgis.com https://www.arcgis.com https://*.arcgis.com https://beheer.futureland.nl https://ats-api.portofrotterdam.com https://www.gstatic.com https://*.hotjar.io https://*.hotjar.com https://id.siteimprove.com/connect https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://id.siteimprove.com https://cdn.linkedin.oribi.io/ https://bam.nr-data.net wss://*.hotjar.com/api/v2/client/ws https://cdn-cookieyes.com https://*.cookieyes.com/ https://api.ha.naiade.portofrotterdam.com/ https://px.ads.linkedin.com/wa/; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://js.arcgis.com https://por-widgets.portofrotterdam.com/ https://www.gstatic.com https://*.hotjar.com https://data.maglr.com; frame-src 'self' https://player.vimeo.com https://my2.siteimprove.com https://www.youtube.com https://open.spotify.com https://www.gstatic.com https://www.google.com https://*.hotjar.com https://connections.routescanner.com https://connect.portofrotterdam.com/ https://*.eloqua.com https://portofrotterdam.maglr.com/ https://embed.maglr.com https://share.transistor.fm/; img-src 'self' data: https://6165051.global.siteimproveanalytics.io https://s530024848.t.eloqua.com https://www.google-analytics.com https://tiles.arcgis.com https://por-widgets.portofrotterdam.com https://beheer.futureland.nl https://*.arcgis.com https://www.gstatic.com blob: https://*.hotjar.com https://www.facebook.com https://connect.facebook.net https://www.google.com/ https://px.ads.linkedin.com https://www.linkedin.com https://por-widgets.acc-ifbsema-3x4ujzkamoujy.eu-4.platformsh.site/assets/futureland-agenda.jpg https://cdn-cookieyes.com https://invitation.opinionbar.com/wit/popups/p102042/ https://www.google.bg/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://www.google.com/ads/ga-audiences https://por-widgets.portofrotterdam.com/assets/icon-gebied.svg https://por-widgets.portofrotterdam.com/assets/icon-opslag.svg https://por-widgets.portofrotterdam.com/assets/icon-goederen.svg https://por-widgets.portofrotterdam.com/assets/icon-USP.svg https://data.maglr.com https://system.maglr.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam-cell.nr-data.net blob: https://js-agent.newrelic.com js.arcgis.com https://por-widgets.portofrotterdam.com https://player.vimeo.com https://www.googletagmanager.com https://www.youtube.com https://siteimproveanalytics.com https://img06.en25.com https://code.highcharts.com/highcharts.js https://code.highcharts.com/modules/data.js https://code.highcharts.com/modules/exporting.js https://www.gstatic.com https://*.hotjar.com https://connect.facebook.net cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://code.highcharts.com https://github.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://bam-cell.nr-data.net https://js-agent.newrelic.com https://js.arcgis.com https://player.vimeo.com https://por-widgets.portofrotterdam.com https://www.googletagmanager.com https://img06.en25.com https://siteimproveanalytics.com https://www.googleanalytics.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com https://code.highcharts.com/highcharts.js https://code.highcharts.com/modules/data.js https://code.highcharts.com/modules/exporting.js https://www.gstatic.com https://*.hotjar.com https://connect.facebook.net https://bam.nr-data.net https://por-widgets.acc-ifbsema-3x4ujzkamoujy.eu-4.platformsh.site/FuturelandAgenda.widget.js https://cdn-cookieyes.com/client_data/971cd72c587b4abfc2d54183/banner.js https://cdn-cookieyes.com/client_data/971cd72c587b4abfc2d54183/script.js https://invitation.opinionbar.com/wit/popups/p102042/intercept.js https://invitation.opinionbar.com/wit/popups/p102042/overlay.js https://embed.maglr.com https://data.maglr.com https://system.maglr.com https://por-widgets.portofrotterdam.com/Warehousing.widget.js https://siteimproveanalytics.com/js/siteanalyze_6165051.js cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://code.highcharts.com https://github.com https://www.google.com; style-src 'self' 'unsafe-inline' https://js.arcgis.com https://fonts.googleapis.com https://www.gstatic.com https://data.maglr.com https://system.maglr.com https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self' https://www.portofrotterdam.com; frame-ancestors 'self' https://connections.routescanner.com 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-3043055afa2c45e9aabaec75aa52fe69' https://mywvuchart.com 'self';img-src https://* 'self' blob: data:;style-src https://mywvuchart.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
frame-ancestors 'self' https://cricketpakistan.com.pk https://apis.ideationtec.com/ 1
default-src 'self' *.carbonblack.io carbonblack.io *.cbcloud.de cbcloud.de *.cbcloud.sg cbcloud.sg *.duosecurity.com gstatic.com fonts.gstatic.com 'unsafe-inline' 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://subs.hsj.co.uk; 1
default-src 'self' https://ro.am https://*.wonder.inc https://*.ro.am data: blob: https://js.stripe.com https://calendly.com/ https://www.youtube.com https://internet.game/;script-src 'self' 'wasm-unsafe-eval' https://ro.am blob: https://js.stripe.com https://matomo.ro.am https://appsforoffice.microsoft.com https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/npm/ 'self';style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://ro.am;connect-src 'self' blob: data: http: https: ws: wss:;img-src 'self' blob: data: https: http://books.google.com;form-action 'self' https:;media-src 'self' blob: data: https:;frame-ancestors https://*.office.com https://outlook.office365.com;base-uri 'self';font-src 'self' https: data:;object-src 'none';script-src-attr 'none' 1
default-src 'unsafe-inline' *.akstat.io *.go-mpulse.net 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.googletagmanager.com https://*.googleadservices.com https://*.google.com https://region1.analytics.google.com https://*.analytics.google.com https://*.google.pt https://*.gstatic.com https://yoast.com https://*.googleapis.com https://*.google-analytics.com https://*.gravatar.com https://*.youtube.com https://*.ytimg.com https://*.youtube-nocookie.com https://youtube-nocookie.com https://*.go-mpulse.net https://*.cookielaw.org https://*.onetrust.com https://*.typeform.com https://*.branch.io https://app.link https://*.e-goi.com https://*.egoiapp2.com https://egoiapp2.com https://*.facebook.com https://*.facebook.net https://*.doubleclick.net https://stats.g.doubleclick.net https://*.scorecardresearch.com https://*.akstat.io https://*.akamaihd.net https://*.holdonstranger.com https://*.smartlook.com https://*.smartlook.cloud https://*.bazaarvoice.com https://pingodoce.pt https://www.pingodoce.pt 1
base-uri 'self' ; connect-src 'self' https://file.zoom.us https://file-paa.zoom.us https://us01apizva.zoom.us https://log-gateway.zoom.us https://us01ccistatic.zoom.us https://us01cci.zoom.us wss://zpns.zoom.us/ws https://us01cciapi.zoom.us https://us01campaign.zoom.us https://consent.cookiebot.com wss://wall.nixi1.com  https://wall.nixi1.com https://px.ads.linkedin.com  https://apir.nixi1.com https://adservice.google.com https://cdn.linkedin.oribi.io/ https://pagead2.googlesyndication.com  https://googleads.g.doubleclick.net https://consentcdn.cookiebot.com https://region1.google-analytics.com https://www.google.com; default-src 'self'; font-src 'self' https://assets.l1l.co https://aocs.l1l.co https://assets.l1l.co/chatweb/fonts/Raleway-Medium.ttf https://fonts.gstatic.com https://stackpath.bootstrapcdn.com; frame-src 'self' https://us01ccistatic.zoom.us/ https://www.youtube.com/ https://td.doubleclick.net/  https://consentcdn.cookiebot.com https://player.vimeo.com https://www.google.com https://www.youtube-nocookie.com; img-src 'self' data: https://file.zoom.us https://file-paa.zoom.us https://img.youtube.com https://vumbnail.com https://www.linkedin.com https://i.vimeocdn.com https://imgsct.cookiebot.com https://assets.l1l.co https://i.ytimg.com https://px.ads.linkedin.com https://www.google.com https://www.google.es https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://us01ccistatic.zoom.us; object-src 'none'; report-uri https://64a6558e3723daccf20601d6.endpoint.csper.io/; script-src  'nonce-ogpKExR51ozEN4NiK4maTA==' 'strict-dynamic' 'sha256-2V/Eo6qonFC5Hh0d0ntvjXOJjVzTMoQdZ3r9VWpRL0U='  'sha256-d/LWxV8YLDJOzXanMuab5l9GTAX9zAOnImzPldTHrH8=' 'sha256-HXiAJh84MdjjObB3ThhLBG7DIulxQWAfVPabPu+lPEs=' 'sha256-FYTmr4YLc/kKo72QELzOWKzdifs57bsT2dWxEfzm12c=' 'sha256-h8gG1uNWi02S00uhnnPan+IfTOULBEi0D46e6eAw/dk=' 'sha256-9/aMdaF6mnJPXmaogJHnJZW13dtTQLSbrobRQK8tMCc='   ; style-src 'report-sample' 'self' 'unsafe-inline' https://aocs.l1l.co https://fonts.googleapis.com https://stackpath.bootstrapcdn.com; worker-src blob:; 1
default-src 'none' www.college-de-france.fr www.youtube-nocookie.com podcastfichiers.college-de-france.fr; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.youtube.com cdn.jsdelivr.net https://*.college-de-france.fr; object-src 'none'; img-src 'self' data:; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' fonts.gstatic.com; connect-src https://*.college-de-france.fr ; base-uri 'none'; frame-ancestors 'self'; 1
frame-ancestors 'self' https://webapp.xmtrading.com; 1
default-src 'self' assets.retarus.com; style-src 'self' 'unsafe-inline' *.cloudflare.com *.jsdelivr.net *.googleapis.com *.googletagmanager.com *.gstatic.com assets.retarus.com www.gartner.com; object-src 'none'; base-uri 'self'; connect-src 'self' assets.retarus.com yoast.com *.yoast.com js.zi-scripts.com *.googleapis.com *.google.de *.google.com *.doubleclick.net ws.zoominfo.com consentcdn.cookiebot.com *.google-analytics.com *.leadlab.click px.ads.linkedin.com; font-src 'self' data: *.gstatic *.fonts.googleapis.com www.retarus.com assets.retarus.com; frame-src 'self' *.eTermin.net *.ecovadis.com *.doubleclick.net assets.retarus.com *.youtube-nocookie.com webexpress.retarus.com consentcdn.cookiebot.com www.gartner.com player.vimeo.com; img-src 'self' data: *.yoa.st *.w.org *.google.de *.linkedin.com imgsct.cookiebot.com pci.usd.de *.retarus.com i.vimeocdn.com *.ads.linkedin.com www.googletagmanager.com *.gartner.com assets.retarus.com ; manifest-src 'self' assets.retarus.com ; media-src 'self' assets.retarus.com; frame-ancestors 'self' assets.retarus.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.eTermin.net *.jsdelivr.net *.yoast.com *.googleapis.com js.zi-scripts.com *.vimeocdn.com *.gstatic.com assets.retarus.com snap.licdn.com *.leadlab.click play.vidyard.com www.gartner.com analytics-eu.clickdimensions.com code.createjs.com code.jquery.com *.cookiebot.com cdnjs.cloudflare.com www.googletagmanager.com ; 1
default-src 'self' wss://*.cyberstock.com.my wss://*.maybank2u.com.my *.maybank2u.com.my *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.useinsider.com https://perfectsencollector.com *.google.com  https://analytics.google.com *.googleapis.com *.googletagmanager.com https://*.maybankheart.com; object-src *.maybank2u.com.my; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com; font-src *.gstatic.com *.maybank2u.com.my *.google.com *.mobiletrade.powerbroking2u.com.my; script-src 'self' *.maybank2u.com.my *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.googleapis.com 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.mbww.com *.useinsider.com https://connect.facebook.net *.googleadservices.com *.google.com *.gstatic.com *.cyberstock.com.my; frame-src 'self' *.maybank2u.com.my *.useinsider.com https://unity.cadreon.com *.doubleclick.net *.youtube.com *.google.com *.mobiletrade.powerbroking2u.com.my *.cyberstock.com.my; img-src 'self' data: blob: *.maybank2u.com.my https://emerchant.maybank2u.com.my:8443 *.google-analytics.com *.googlesyndication.com *.doubleclick.net https://www.google.com https://www.google.com.my https://www.google.com.sg https://www.google.co.in https://www.google.co.id https://www.facebook.com/tr/ *.useinsider.com www.maybank.com *.gstatic.com *.googleapis.com http://dbv47yu57n5vf.cloudfront.net https://perfectsencollector.com *.amazonaws.com *.oto.my *.googletagmanager.com *.youtube.com 1
block-all-mixed-content; frame-src 'self' https://*.uber.com https://*.ubereats.com http://*.cdn-net.com https://tr.snapchat.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://www.google.com/recaptcha/ https://auth.uberinternal.com https://gumi.criteo.com/ https://mug.criteo.com https://gum.criteo.com https://catalogs.uberinternal.com/ bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net *.optimizely.com; worker-src 'self' blob:; child-src 'self' blob: bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net; connect-src 'self' 'self' https://*.uber.com https://duyt4h9nfnj50.cloudfront.net https://d3fa76b550dpw9.cloudfront.net https://d4p17acsd5wyj.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://dkl8of78aprwd.cloudfront.net https://cn-geo1.uber.com https://d1goeicueq33a8.cloudfront.net https://siteintercept.qualtrics.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://analytics.tiktok.com https://analytics.google.com https://dynamic.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://sslwidget.criteo.com https://tr.snapchat.com https://app.paypay.ne.jp https://stg.paypay-corp.co.jp https://image.paypay.ne.jp https://d1g1f25tn8m2e6.cloudfront.net https://www.google.com/pagead/landing https://googleads.g.doubleclick.net/pagead/landing https://dyguxp1m9tbrw.cloudfront.net https://u-vsm.tmobiapi.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://maps.googleapis.com https://www.gstatic.com https://44.238.122.172 https://100.20.58.101 https://35.85.84.151 https://44.228.85.26 https://34.215.155.61 https://35.160.46.251 https://52.71.121.170 https://18.210.229.244 https://44.212.189.233 https://3.212.39.155 https://52.22.50.55 https://54.156.2.105 events.uber.com api.mixpanel.com d3i4yxtzktqr9n.cloudfront.net *.optimizely.com *.google-analytics.com *.tealiumiq.com *.demdex.net https://api-js.mixpanel.com; manifest-src 'self' https://*.uber.com; form-action 'self' https://tr.snapchat.com https://www.facebook.com/tr/ https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com; frame-ancestors 'self' https://www.nimblerx.com https://static-team-ops.nimbleandsimple.com https://pharma.uber.com http://local.shakeshack.com https://shakeshack.prod.acquia-sites.com https://www.shakeshack.com https://dev.shakeshack.com https://stg.shakeshack.com https://shakeshack.com https://pre-prod.shakeshack.com https://stg-green.shakeshack.com https://stg-alt.shakeshack.com https://front-hml-delivery.azurewebsites.net https://front-dev-delivery.azurewebsites.net https://front-prd-delivery.azurewebsites.net https://deliverycontrol.grupomadero.com.br https://delivery.grupomadero.com.br https://staging-shop.mccolls.co.uk https://shop.mccolls.co.uk https://stoq.shop https://staging.stoq.shop https://admin.stoq.shop https://admin-staging.stoq.shop https://www.gcom.com.br https://www.spoleto.com.br https://www.koni.com.br https://www.lebonton.com.br https://www.gokoni.com https://www.cutthecrap.com.br https://www.risierisoteria.com.br https://www.giustoculinaria.com.br https://www.roomservicedelivery.com.br https://www.strogonosso.com.br https://voalzira.online/ https://voalzira.online/minhaloja https://medmate.com.au https://order.manoosh.com.au https://test.expresskfc.com/ https://expresskfc.com/ https://www.test.expresskfc.com/ https://www.expresskfc.com/ https://kfccostarica.cr/ https://www.kfccostarica.cr/ https://express.dospinos.com/ https://mcstaging.dospinos.com/ https://shopuat.pxpay.com.tw/ https://shop.pxpay.com.tw/ https://app.cocinasocultas.com https://app.foodstarsuk.com https://app.pruebehubster.com https://app.pruebehubster.com.mx https://app.tryhubster.co.uk https://app.tryhubster.com https://app.tryhubster.com.au https://app.tryotter.com https://catalogs.uberinternal.com https://catalogs-staging.uberinternal.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://health-staging.uber.com https://health.uber.com https://admin.restoplus.com https://admin.staging.restoplus.com https://admin.qa1.restoplus.com https://admin.qa2.restoplus.com https://admin.qa3.restoplus.com https://admin.qa4.restoplus.com https://admin.qa5.restoplus.com https://admin.qa6.restoplus.com https://orders.restoplus.com https://orders.staging.restoplus.com https://orders.qa1.restoplus.com https://orders.qa2.restoplus.com https://orders.qa3.restoplus.com https://orders.qa4.restoplus.com https://orders.qa5.restoplus.com https://orders.qa6.restoplus.com https://pos.restoplus.com https://pos.staging.restoplus.com https://pos.qa1.restoplus.com https://pos.qa2.restoplus.com https://pos.qa3.restoplus.com https://pos.qa4.restoplus.com https://pos.qa5.restoplus.com https://pos.qa6.restoplus.com https://beta-shop.cashier.tw https://shop.cashier.tw https://indev-webapp.cashier.tw https://indev-beta-shop.cashier.tw https://indev-shop.cashier.tw https://us-int-office.tabit-int.com https://us-office.tabit-stage.com/auth/login https://us-demo-office.tabit-stage.com https://us-office.tabit.cloud https://foxtrotco.com/tracking https://foxtrotco.com/orderconfirmation https://foxtrotco.com/home https://foxtrotco.com https://app.onhere.com.br https://beta.inline.app https://staging.inline.app https://inline.app https://shane.machinat.dev/ https://app.topcaisse.fr https://ordering.ritas.com http://ordering.ritas.com https://ordering.ritas.stage.demotesturl.net http://ordering.ritas.stage.demotesturl.net https://*.cookiedelivery.com ee.magento.test 245.magento.test uber.improntus.dev https://dev.kfc.co.uk https://qa.kfc.co.uk https://brand.preprod.platform.kfcapi.com/ https://www.kfc.co.uk/ https://qa-kfc-za.eu.cognizantorderservnxtgen.com/ https://dev-kfc-za.eu.cognizantorderservnxtgen.com/ https://uat-kfc-za.eu.cognizantorderservnxtgen.com/ https://perf-kfc-za.eu.cognizantorderservnxtgen.com/ https://pen-kfc-za.eu.cognizantorderservnxtgen.com/ https://betatest.kfc.co.za/ https://order.kfc.co.za/ https://shop.pxgo.com.tw/ https://shopuat.pxpay.com.tw/ https://delivery.jimmybrings.com.au/ https://staging.jimmybrings.com.au/ https://beta.jimmybrings.com.au/ https://49171584-9e6d-4979-ab61-27a301a7e33e-production.au.prd.c.deity.cloud/ https://42d9d738-3eab-441f-91de-1afcd88b770f-acceptance.au.prd.c.deity.cloud/ https://1b8d2377-9260-4384-bc9f-aa1086543c69-test.au.prd.c.deity.cloud/ https://jimmybrings.com.au/ https://www.kfccostarica.cr https://www.kfccostarica.com https://kfccostarica.cr https://kfccostarica.com https://edb-staging.uber.com https://edb.uber.com 'self' quiznos.co.cr https://quiznos.co.cr https://pos.mymealsy.com https://stage.mymealsy.com https://dev.mymealsy.com https://fast.tk3c.com https://fdtest.tk3c.com https://panda-express.wallia.dev https://127.0.0.1:5173/ https://test.tacobellpr.com/ https://test.arcoprueba.com/ https://www.tacobellpr.com/ https://tacobellpr.com/ https://www.kfcpuertorico.com/ https://kfcpuertorico.com/ https://boba.rbteawalnut.com/ https://qjmpdemo.altaineapps.com/ https://stinkerapi.altaineapps.com/ https://mapcoapi.altaineapps.com/ https://loyalty.ritasice.com https://loyalty.stage.demotesturl.net https://loyalty.training.demotesturl.net https://loyalty.dev.demotesturl.net https://web-ordering.test.apps.gyg.com.au/ https://web-ordering.staging.apps.gyg.com.au/ https://order.guzmanygomez.com.au/ https://*.order.staging.apps.gyg.com.au/ https://*.order.test.apps.gyg.com.au/ https://*.order.prod.apps.gyg.com.au https://test-store.deliclever.com/ https://vicio.menu/ https://*.homeriabktest.com https://*.burgerkingemcasa.com https://*.burgerkingencasa.es https://*.windelivery-alsea.com https://*.windelivery.es https://*.windelivery.io https://uboard.ueat.io https://uboard-beta.ueat.io https://uboard-staging.ueat.io https://uboard.ueat.dev *.appspaces.ca *.paidshipping.com *.shiptime.com https://darwinnow.io/ https://darwinfood.com https://ewpf-staging.uber.com/ https://ewpf.uber.com/ https://yurinowqa.azurewebsites.net http://takeaway.sticksnsushi.com https://*.flipdish.com https://*.inovretail.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com 'nonce-fdaba4ab-bf71-4941-8fca-3a8ba07c64df' https://bat.bing.com https://*.qualtrics.com https://analytics.twitter.com http://www.googletagservices.com http://*.cdn-net.com https://sc-static.net https://tr.snapchat.com https://*.yjtag.jp https://yjtag.yahoo.co.jp https://b92.yahoo.co.jp https://*.yimg.jp https://*.outbrain.com https://www.redditstatic.com https://analytics.tiktok.com https://dynamic.criteo.com https://static.criteo.net https://sslwidget.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://d4p17acsd5wyj.cloudfront.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://dca.ubereats.com https://phx.ubereats.com https://ln-rules.rewardstyle.com/bookmarklet.js https://dx.mountain.com/spx https://gs.mountain.com/gs https://px.mountain.com/st https://js.adsrvr.org/up_loader.1.1.0.js 'unsafe-eval' script.crazyegg.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com maps.google.com tags.tiqcdn.com beacon.krxd.net cdn.krxd.net cdn.mxpnl.com www.googleadservices.com www.ziprecruiter.com analytics.recruitics.com edge.quantserve.com secure.quantserve.com connect.facebook.net cdn.nanigans.com api.nanigans.com *.adroll.com s.yimg.com sp.analytics.yahoo.com click.app-cast.com i.l.inmobicdn.net *.optimizely.com *.tealiumiq.com *.doubleclick.net static.ads-twitter.com https://www.google-analytics.com https://ssl.google-analytics.com maps.googleapis.com maps.google.com; style-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com https://api.tiles.mapbox.com https://fonts.googleapis.com; report-uri https://csp.uber.com/csp?a=web-eats-v2&ro=false 1
default-src 'none'; report-uri /next-external/log/csp/violations; report-to csp-violations; connect-src 'self' wss://www.nordnet.no https://www.googletagmanager.com https://analytics.nordnet.no https://cdn.prod.nntech.io https://files.nordnet.no https://api.prod.nntech.io https://api.test.nntech.io https://experimentation.public.prod.nntech.io https://nordnet.humany.net https://www.google.com https://storage.googleapis.com https://www.recaptcha.net; font-src 'self' https://cdn.prod.nntech.io https://files.nordnet.no https://nordnet.humany.net; frame-src https://10961666.fls.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://w.soundcloud.com https://embed.acast.com https://link.tink.com https://www.tv2.no https://checkout.trustly.com https://www.recaptcha.net https://t.email.nordnet.no; img-src 'self' https://www.googletagmanager.com https://analytics.nordnet.no https://cdn.prod.nntech.io https://files.nordnet.no data: blob: https://shareville-static.s3.amazonaws.com https://shareville-media.s3.amazonaws.com https://nordnet.humany.net https://humany.blob.core.windows.net https://cdn.tink.se https://images.ctfassets.net https://i.vimeocdn.com https://img.youtube.com https://www.recaptcha.net https://www.gstatic.com https://blogg.nordnet.no; manifest-src 'self'; media-src https://cdn.prod.nntech.io https://files.nordnet.no https://videos.ctfassets.net; object-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-56bc6f87-c707-4ffc-bb30-4125bf784241' https://analytics.nordnet.no https://cdn.prod.nntech.io https://files.nordnet.no https://www.gstatic.com https://www.recaptcha.net; script-src-attr 'none'; style-src 'unsafe-inline' 'self' https://cdn.prod.nntech.io https://files.nordnet.no https://nordnet.humany.net https://www.gstatic.com; worker-src 'none'; base-uri 'none'; form-action 'self' https://www.shareville.se https://pvu.nets.no https://pvu.avtalegiro.no https://online.alandsbanken.fi https://verkkopankki.danskebank.fi https://verkkomaksu.handelsbanken.fi https://epmt.nordea.fi https://identify.nordea.com https://verkkomaksu.poppankki.fi https://verkkomaksu.saastopankki.fi https://online.s-pankki.fi https://auth.aktia.fi; frame-ancestors https://app.contentful.com; 1
default-src 'self' data: https://sn2.org *; connect-src 'self' https://sn2.org *; base-uri 'self' *; form-action 'self' *; img-src 'self' data: https://sn2.org *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sn2.org *; style-src 'self' 'unsafe-inline' https://sn2.org *; 1
script-src 'self' www.google.com www.googletagmanager.com ssl.mousestats.com www.youtube.com ajax.googleapis.com www.google-analytics.com connect.facebook.net adservice.google.com cdnjs.cloudflare.com analytics.tiktok.com api.retargetly.com static.hotjar.com snap.licdn.com stats.g.doubleclick.net platform.twitter.com apis.google.com googleads.g.doubleclick.net cdn.userway.org www.clarity.ms script.hotjar.com cdn.jsdelivr.net unpkg.com p.teads.tv *.cloudfront.net teads.tv *.teads.tv marketo.net *.marketo.net pdp-cdn.retargetly.com dev.visualwebsiteoptimizer.com cdn.pannellum.org serverssl.innovatestream.pe:8080 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' www.google.com www.googletagmanager.com ssl.mousestats.com www.youtube.com ajax.googleapis.com www.google-analytics.com connect.facebook.net adservice.google.com cdnjs.cloudflare.com analytics.tiktok.com api.retargetly.com static.hotjar.com snap.licdn.com stats.g.doubleclick.net platform.twitter.com apis.google.com googleads.g.doubleclick.net cdn.userway.org www.clarity.ms script.hotjar.com cdn.jsdelivr.net unpkg.com p.teads.tv *.cloudfront.net teads.tv *.teads.tv marketo.net *.marketo.net pdp-cdn.retargetly.com dev.visualwebsiteoptimizer.com cdn.pannellum.org serverssl.innovatestream.pe:8080 'unsafe-inline' 'unsafe-eval'; object-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com https://mychart.ketteringhealth.org cdn.ketteringhealth.org https://js.dev.shift4.com/shift4.js https://widget.thegivingblock.com/widget/script.js https://yoast.com https://widget.altrulabs.com/ *.pcdn.co https://*.blackbaudcdn.net https://yoast.com https://qvdt3feo.com/events.js https://cdn.callrail.com https://*.authorize.net https://code.jquery.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.youtube.com *.ketthealth.com *.ketteringhealth.org https://*.googleapis.com/ajax/libs/jquery/ https://maps.google.com https://cdnjs.cloudflare.com https://player.vimeo.com https://cdn.chatbot.com https://static.formstack.com https://stats.wp.com https://*.googleapis.com https://transparency.nrchealth.com https://www.googletagmanager.com https://s0.wp.com https://cdn.siteimprove.net https://cdn.parsely.com https://www.google-analytics.com/ https://js-agent.newrelic.com https://cdn.jsdelivr.net https://bam.nr-data.net https://ketteringhealth.formstack.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://js.adsrvr.org https://tags.srv.stackadapt.com https://cdn.datatables.net https://*.doubleclick.net; connect-src 'self' cdn.ketteringhealth.org https://mychart.ketteringhealth.org https://*.yoast.com *.googlesyndication.com https://api.altrulabs.com/dist-api/us/widgets/12013010 *.pcdn.co https://*.authorize.net https://*.googleapis.com https://www.youtube.com https://static.formstack.com https://cdn.chatbot.com data: blob: https://www.google-analytics.com https://region1.google-analytics.com https://p1.parsely.com https://bam.nr-data.net https://stats.g.doubleclick.net https://analytics.google.com https://tags.srv.stackadapt.com https://*.doubleclick.net https://*.youtube.com https://*.google.com https://play.google.com; img-src 'self' *.pcdn.co cdn.ketteringhealth.org https://cdnassets.pagely.com https://s.w.org https://perfmatters.io https://searchwp.com https://transparency.nrchealth.com https://twemoji.maxcdn.com https://yoa.st https://theeventscalendar.com https://www.gravitykit.com https://ps.w.org https://tags.srv.stackadapt.com https://i.ytimg.com https://maps.gstatic.com https://*.googleapis.com https://secure.gravatar.com https://p1.parsely.com https://pixel.wp.com/ data: https://www.google-analytics.com https://www.googletagmanager.com https://s3.amazonaws.cfom https://*.formstack.com https://googleads.g.doubleclick.net https://*.google.com https://www.google.co.uk https://*.doubleclick.net https://*.youtube.com; style-src 'self' 'unsafe-inline' cdn.ketteringhealth.org https://*.googleapis.com *.pcdn.co https://tags.srv.stackadapt.com https://use.typekit.net https://promoter.theeventscalendar.com https://code.jquery.com https://use.fontawesome.com/ *.ketteringhealth.org cdnjs.cloudflare.com https://player.vimeo.com https://transparency.nrchealth.com *.formstack.com/ https://s0.wp.com https://cdn.datatables.net https://static.formstack.com https://*.google.com; font-src 'self' data: cdn.ketteringhealth.org https://s0.wp.com https://fonts.gstatic.com https://use.fontawesome.com *.pcdn.co https://cdnjs.cloudflare.com https://static.formstack.com/forms/css/ https://*.formstack.com https://cdn.altrulabs.com https://*.googleapis.com; frame-src 'self' cdn.ketteringhealth.org https://mychart.ketteringhealth.org https://keepthescore.com widget.thegivingblock.com https://host.nxt.blackbaud.com/ *.pcdn.co https://www.google.com/ https://www.youtube.com https://cdn.ketteringhealth.org *.ketteringhealth.org https://cmetracker.net https://static.formstack.com https://widgets.wp.com https://cdn.chatbot.com/ https://ketteringhealth.formstack.com/ https://tags.srv.stackadapt.com https://*.adsrvr.org/ https://*.doubleclick.net https://play.google.com; frame-ancestors 'self'; media-src 'self' cdn.ketteringhealth.org *.pcdn.co https://*.youtube.com; worker-src 'self' blob: https://*.googleapis.com; 1
frame-ancestors 'self' *.bluetail.salesforce.com *.content.force.com *.documentforce.com *.force.com *.forcesslreports.com *.forceusercontent.com *.lightning.com *.salesforce.com *.salesforceliveagent.com *.salesforce-communities.com trailblazer.me *.visualforce.com *.sfdcstatic.com secure.eloqua.com *.google.com google.com *.doubleclick.net www.facebook.com ssl.google-analytics.com login.salesforce.com test.salesforce.com analytics.localytics.com manifest.localytics.com; 1
script-src 'self' 'unsafe-inline' https://blog.quiteja.com.br https://*.cloudfront.net https://browser.sentry-cdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://*.cloudflare.com/*  https://ajax.cloudflare.com; style-src 'self' 'unsafe-inline' https://blog.quiteja.com.br https://fonts.googleapis.com; object-src 'none'; worker-src 'self' blob: 1
frame-ancestors 'self' v9.jarvisexch.com 99exch.com www.99exch.com 99exch.live www.99exch.live 99exch.green www.99exch.green 99exch.win www.99exch.win cricbet99.com www.cricbet99.com cricbet99.win www.cricbet99.win cricbet99.club www.cricbet99.club cricbet99.green www.cricbet99.green 11xplay.com www.11xplay.com 11xplay.online www.11xplay.online 11xplay.pro www.11xplay.pro 11xplay.green www.11xplay.green play247.win www.play247.win play247.green www.play247.green play247exch.win www.play247exch.win play247.black www.play247.black laser247.com www.laser247.com laser247.online www.laser247.online laserx247.com www.laserx247.com laser247.club www.laser247.club laser247.pro www.laser247.pro play99exch.com www.play99exch.com play99exch.live www.play99exch.live play99exch.win www.play99exch.win play99exch.club www.play99exch.club cricbet99.biz www.cricbet99.biz lotus999.io www.lotus999.io fairdeal.live www.fairdeal.live 1
frame-ancestors deny 1
default-src 'self' data: *.molottery.com *.brightcove.net *.serving-sys.com *.google.com *.google-analytics.com *.googleapis.com    *.doubleclick.net *.pgtb.me *.cloudfront.net *.powerballpowercruise.com *.youtube.com *.facebook.net *.twitter.com animate.adobe.com    code.createjs.com ucarecdn.com *.lndg.page *.cloudflare.com *.gstatic.com *.akamaihd.net *.ucalc.pro www.googletagmanager.com    'unsafe-inline' 'unsafe-eval';  script-src 'self' blob: *.molottery.com *.google.com secure-ds.serving-sys.com *.google-analytics.com players.brightcove.net    vjs.zencdn.net *.cloudfront.net *.cloudflare.com *.ucalc.pro youengage.me *.paperturn-view.com www.googletagmanager.com    'unsafe-inline' 'unsafe-eval';  connect-src 'self' *.molottery.com secure-ds.serving-sys.com players.brightcove.net *.api.brightcove.com *.assets.brightcove.com    *.prod.boltdns.net *.akamaihd.net *.ucalc.pro www.googletagmanager.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval';  img-src 'self' data: blob: *.molottery.com *.google.com players.brightcove.net *.brightcove.com *.boltdns.net *.akamaihd.net    *.google-analytics.com *.ucalc.pro www.googletagmanager.com 'unsafe-inline' 'unsafe-eval';  style-src 'self' *.molottery.com *.google.com *.google-analytics.com *.googleapis.com players.brightcove.net *.ucalc.pro   *.cloudfront.net   'unsafe-inline' 'unsafe-eval';  frame-src 'self' *.molottery.com *.youtube.com players.brightcove.net *.google.com *.lndg.page a.pgtb.me *.ucalc.pro youengage.me   *.paperturn-view.com m.cmpgn.page;  media-src 'self' data: blob: filesystem: *.molottery.com *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net    *.akafms.net *.akamaihd.net *.cf.brightcove.com *.ucalc.pro;  prefetch-src 'self' *.boltdns.net;  1
default-src 'self'; connect-src 'self' https://block.opendns.com https://coopbank.tt.omtrdc.net https://thecooperativebank.d1.sc.omtrdc.net https://www.googleapis.com https://dpm.demdex.net https://www.youtube-nocookie.com *.googleapis.com *.googlevideo.com https://play.google.com https://d2hpwsdp0ihr0w.cloudfront.net *.gbqofs.com *.gbqofs.io *.glassboxdigital.io; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static-assets-cdn.i.cloud.panopto.eu data:; frame-src 'self' https://www.youtube-nocookie.com https://cooperativebank.demdex.net https://cdn.embedly.com https://bpp.cloud.panopto.eu https://widget.trustpilot.com; img-src 'self' data: https://thecooperativebank.d1.sc.omtrdc.net https://www.fscs.org.uk https://cm.everesttech.net https://static-assets-cdn.i.cloud.panopto.eu https://d2hpwsdp0ihr0w.cloudfront.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://bat.bing.com https://tags.tiqcdn.com https://my.tealiumiq.com https://www.googleadservices.com https://www.gstatic.com https://www.google.com https://static-assets-cdn.i.cloud.panopto.eu https://cdn.eu.pendo.io https://cdn.embed.ly https://bpp.cloud.panopto.eu https://widget.trustpilot.com *.gbqofs.com *.gbqofs.io *.glassboxdigital.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://static-assets-cdn.i.cloud.panopto.eu; media-src 'self' blob: 1
frame-ancestors 'self' blob: *.cochlearhearingcenter.com *.cochlear.com *.cochlear.cloud; frame-src 'self' blob: *.site.com *.oncehub.com *.mktoweb.com *.adsrvr.org *.yimg.com *.cochlear.cloud *.qualaroo.com *.simpli.fi *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com marvelapp.com *.salesforce.com *.salesforce-sites.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.cloud *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com  *.marketo.com; connect-src 'self' *.salesforce-scrt.com *.site.com *.hotjar.com *.hotjar.io *.sitecorecloud.io *.geonames.org *.stackadapt.com *.crazyegg.com *.stylelabs.io *.adsrvr.org *.yimg.com *.taboola.com *.onetrust.com *.cookielaw.org *.stylelabs.cloud *.sitecorecontenthub.cloud *.cochlear.cloud *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.geoip-js.com geoip-js.com *.doubleclick.net *.salesforce-sites.com; font-src 'self' data: *.hotjar.com *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com; img-src 'self' data: *.hotjar.com *.stackadapt.com *.naver.net *.naver.com *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.cloud *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au  *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com *.medialead.de; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.site.com *.hotjar.com *.licdn.com *.oncehub.com *.stackadapt.com *.naver.net *.naver.com *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com  *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.cloud *.cochlear.com  *.bootstrapcdn.com *.cloudflare.com  *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.geoip-js.com geoip-js.com *.medialead.de *.adsrvr.org *.taboola.com *.yimg.com *.force.com *.salesforce.com *.salesforce-sites.com; style-src 'unsafe-inline' 'self' *.site.com *.hotjar.com *.mktoweb.com *.googletagmanager.com *.stackadapt.com *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.cloud *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com *.salesforce.com *.salesforce-sites.com; 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com pinterest-yamagata.s3.amazonaws.com pinterest-yamagata.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.sofort.com *.tink.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.youtube-nocookie.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-93360ab9b6944ab67ca8e5503d722852' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=1547138064770336; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=1547138064770336 1
default-src 'self' *; script-src 'self' * 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' *; font-src 'self' * data:; img-src 'self' * data:; style-src 'self' 'unsafe-inline' *; base-uri 'self'; form-action 'self' *; report-to default 1
base-uri 'none';block-all-mixed-content;frame-ancestors 'none';manifest-src 'none';object-src 'none';upgrade-insecure-requests;worker-src 'none'; 1
script-src 'self' https://osuga.com https://www.edenfantasys.com https://www.collarchat.com https://scroller.collarspace.com/scrollerbridge.php https://scroller.collarspace.com/scrollerb.php https://www.collarspace.com/js/scroller75.js https://go2.eabids.com https://www.googletagmanager.com https://cdn.twinrdsyn.com https://twinrdsyn.com https://simplewebanalysis.com https://www.topdisplayformat.com https://www.collarspace.com/default.asp 'unsafe-inline' 'unsafe-eval' https://www.collarspace.com/js/photoChange2020_6_9.min.js https://dating.collarspace.com https://www.extremerestraints.com https://live.collarspace.com https://*.cam4.com https://www.stockroom.com https://*.myshopify.com https://www.tantusinc.com http://www.luxuriousbliss.com https://*.alt.com https://ajax.cloudflare.com https://static.cloudflareinsights.com https://www.collarspace.com/js/default24-7-25a.js https://unpkg.com https://assets3.lottiefiles.com https://assets3.lottiefiles.com/private https://lottie.host https://*.cloudfront.net https://*.bugsnag.com https://www.collarspace.com/js/rsspausescroller.js https://www.collarspace.com/js/default22-11-14bli.js;frame-src https://simplewebanalysis.com https://*.alt.com https://*.youtube.com https://*.chaturbate.com https://www.collarspace.com/sp/js/swipe131.js https://ajax.cloudflare.com https://static.cloudflareinsights.com;img-src 'self' https://* https://simplewebanalysis.com https://*.alt.com data: https://*.youtube.com https://*.chaturbate.com https://www.collarspace.com/sp/js/swipe131.js https://ajax.cloudflare.com https://static.cloudflareinsights.com;connect-src 'self' https://osuga.com https://www.edenfantasys.com https://www.collarchat.com https://go2.eabids.com https://www.google-analytics.com https://www.googletagmanager.com https://simplewebanalysis.com https://*.alt.com https://dating.collarspace.com https://www.extremerestraints.com https://live.collarspace.com https://*.cam4.com https://www.stockroom.com https://*.myshopify.com https://www.tantusinc.com http://www.luxuriousbliss.com https://*.uberkinky.com https://*.youtube.com https://*.chaturbate.com https://www.collarspace.com/sp/js/swipe131.js https://ajax.cloudflare.com https://unpkg.com https://assets3.lottiefiles.com https://assets3.lottiefiles.com/private https://lottie.host https://*.cloudfront.net https://*.bugsnag.com https://static.cloudflareinsights.com;child-src 'none';object-src 'none'; 1
frame-ancestors 'self'; img-src https: data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content; 1
default-src * 'unsafe-inline'; font-src * data:; img-src * data:; frame-ancestors https://*.rainfocus.com; 1
default-src 'self' https://*.ufone.com https://webchatcops.ufone.com https://static.ads-twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ufone.com https://unpkg.com https://cdn.datatables.net https://*.hotjar.com https://webchatcops.ufone.com https://www.googleoptimize.com https://www.google-analytics.com https://optimize.google.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://connect.facebook.net https://ka-f.fontawesome.com https://kit.fontawesome.com https://*.fontawesome.com https://*.bootstrapcdn.com https://*.mookie1.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://*.cloudflare.com https://*.doubleclick.net https://*.gstatic.com https://*.unpkg.com https://bankalfalah.gateway.mastercard.com https://*.datatables.net https://code.jquery.com https://*.googleapis.com https://*.tiqcdn.com https://*.jsdelivr.net; img-src 'self' data: https://c.clarity.ms https://cdn.acsbapp.com https://optimize.google.com https://*.google-analytics.com https://*.facebook.com https://*.bing.com https://ufone.syntecx.org https://ufonecloud.syntracx.com https://*.ufone.com https://*.doubleclick.net https://*.google.com https://*.google.com.pk https://*.datatables.net https://code.jquery.com https://*.doubleclick.net https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.gravatar.com https://*.w.org https://*.telemart.pk https://*.hotjar.com https://analytics.twitter.com https://t.co; style-src 'self' 'unsafe-inline' https://unpkg.com https://cdn.datatables.net https://fonts.googleapis.com https://optimize.google.com https://*.googleapis.com https://*.cloudflare.com https://*.bootstrapcdn.com https://*.fontawesome.com https://*.unpkg.com https://*.datatables.net https://code.jquery.com https://*.hotjar.com https://*.jsdelivr.net; font-src 'self' data: https://acsbapp.com https://unpkg.com https://fonts.gstatic.com https://*.googleusercontent.com https://*.gstatic.com https://*.cloudflare.com https://*.fontawesome.com https://*.unpkg.com https://*.hotjar.com; frame-src https://*.snapchat.com https://*.hotjar.com https://optimize.google.com https://*.facebook.com https://*.ufone.com https://*.google.com https://*.doubleclick.net https://bankalfalah.gateway.mastercard.com https://*.youtube.com https://*.tiqcdn.com; object-src 'none'; connect-src 'self' https://*.clarity.ms https://*.acsbapp.com https://*.snapchat.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://webchatcops.ufone.com https://*.fontawesome.com https://*.google-analytics.com https://*.doubleclick.net https://*.tiktok.com https://*.facebook.com https://*.googleapis.com; frame-ancestors https://*.tiktok.com; script-src-elem 'self' 'unsafe-inline' https://*.ufone.com https://www.clarity.ms https://*.snapchat.com https://acsbapp.com https://sc-static.net https://*.tiktok.com https://www.googletagmanager.com https://*.hotjar.com https://*.mookie1.com https://www.google-analytics.com https://maxcdn.bootstrapcdn.com https://kit.fontawesome.com https://www.googleadservices.com https://connect.facebook.net https://www.googleoptimize.com https://*.doubleclick.net https://static.ads-twitter.com https://*.google.com https://*.googleapis.com https://*.cloudflare.com https://*.unpkg.com https://*.datatables.net https://unpkg.com https://*.gstatic.com https://*.mastercard.com https://*.jquery.com https://*.jsdelivr.net; style-src-elem 'self' 'unsafe-inline' https://*.ufone.com https://*.jquery.com https://*.datatables.net https://unpkg.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.cloudflare.com; 1
default-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://mycliplister.com  https://*.mycliplister.com  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://*.lidl.pt  data:  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://*.lidl.pt; img-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.mycliplister.com  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.googleadservices.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.creativecdn.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://c1.adform.net  https://ce.lijit.com  https://criteo-partners.tremorhub.com  https://*.teads.tv  https://dpm.demdex.net  https://e1.emxdgt.com  https://eb2.3lift.com  https://exchange.mediavine.com  https://hb.yahoo.net  https://id5-sync.com  https://jadserve.postrelease.com  https://matching.ivitrack.com  https://pixel.rubiconproject.com  https://*.casalemedia.com  https://sync-criteo.ads.yieldmo.com  https://sync.1rx.io  https://rt.udmserve.net  https://ssc-cms.33across.com  https://ads.yieldmo.com  https://s.seedtag.com  https://sync.go.sonobi.com  https://fast.nexx360.io  https://*.upe.schwarz  'unsafe-inline'  https://*.adyen.com  https://*.lidl.pt  data:; object-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'; script-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 1
default-src 'self' https://dayone.me https://chocolate-prod.s3.amazonaws.com https://chocolate-prod.s3.us-east-1.amazonaws.com https://dayone-syncmedia-production-new.s3.amazonaws.com https://dayone-syncmedia-production-new.s3.us-east-1.amazonaws.com blob: https://pixel.wp.com/t.gif https://i.ytimg.com/; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://accounts.google.com/gsi/client https://apis.google.com; connect-src 'self' https://dayone.me https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://apis.google.com https://accounts.google.com/gsi/ https://pixel.wp.com/t.gif https://chocolate-prod.s3.amazonaws.com https://chocolate-prod.s3.us-east-1.amazonaws.com https://dayone-syncmedia-production-new.s3.amazonaws.com https://dayone-syncmedia-production-new.s3.us-east-1.amazonaws.com https://o248881.ingest.sentry.io/api/4503976745369600/envelope/ https://public-api.wordpress.com/geo/ https://www.googleapis.com https://api.apple-cloudkit.com/database/1/iCloud.com.dayoneapp.dayone-client-only/production/private/records/ https://api.apple-cloudkit.com/database/1/iCloud.com.dayoneapp.dayone/production/public/users/current https://publish.dayone.app/support/SupportFormConfig.json; frame-src https://accounts.google.com/ blob: https://content.googleapis.com/ https://www.youtube.com/ https://player.vimeo.com/video/ https://embed.spotify.com/ https://open.spotify.com/embed/playlist/; font-src 'self' data:; 1
report-uri /csp-logger;report-to csp-endpoint;default-src 'self' https://vanguardassets.bmstatic.com/assets/;connect-src 'self' https://vanguardassets.bmstatic.com/assets/ https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.ru https://mc.yandex.tr https://mc.yandex.com https://cognito-identity.us-east-1.amazonaws.com https://mobileanalytics.us-east-1.amazonaws.com https://stats.g.doubleclick.net https://www.facebook.com https://connect.facebook.net https://www.google-analytics.com https://*.google-analytics.com https://*.googlesyndication.com https://*.analytics.google.com https://www.google.com/pagead/landing https://googleads.g.doubleclick.net https://analytics.google.com https://api.rollbar.com https://ajax.googleapis.com https://wa.onelink.me https://wa.appsflyer.com https://analytics.tiktok.com/api/v2/pixel https://analytics.tiktok.com/api/v2/pixel/act https://m.m2888.net/c/p/78a1fd2a638d42918f6403e6550027a1 http://www1.dev.bookmate.com/api/v5/mtn_ghana/identity https://www1.dev.bookmate.com/api/v5/mtn_ghana/identity_sign_in;style-src 'self' 'unsafe-inline' https://vanguardassets.bmstatic.com/assets/ https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vanguardassets.bmstatic.com/assets/ https://app.link https://connect.facebook.net https://www.google-analytics.com https://ssl.google-analytics.com https://*.google-analytics.com https://*.googlesyndication.com https://*.analytics.google.com https://www.google.com https://www.googletagmanager.com https://www.googleadservices.com https://www.gstatic.com https://js.stripe.com https://mc.yandex.ru https://tagmanager.google.com https://websdk.appsflyer.com https://wa.onelink.me https://analytics.tiktok.com/;font-src 'self' https://vanguardassets.bmstatic.com/assets/ data: https://fonts.gstatic.com;img-src * 'self' 'unsafe-inline' https://vanguardassets.bmstatic.com/assets/ data: https://www.gstatic.com https://ssl.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net;media-src * 'self' 'unsafe-inline' https://ssl.gstatic.com;frame-src 'self' https://*.bookmate.com https://bookmate.com https://bookmate.onelink.me https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://js.stripe.com https://simplecast.com https://mc.yandex.ru;form-action 'self' https://vanguardassets.bmstatic.com/assets/ https://www.facebook.com;object-src 'none';base-uri 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval' *.medicitalia.it; style-src * data: 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; frame-src *; upgrade-insecure-requests 1
default-src 'self' *.s3.amazonaws.com; font-src 'self' 'unsafe-inline' data: cdnjs.cloudflare.com fonts.gstatic.com *.camuzzigas.com raw.githack.com *.widergy.com *.widergydev.com ; img-src 'self' data: *.facebook.com *.qkdev.com www.googletagmanager.com s.w.org *.camuzzigas.com.ar cdn.datatables.net *.google-analytics.com www.google.com.ar www.google.com www.mozilla.org cdn-production-opera-website.operacdn.com img-prod-cms-rt-microsoft-com.akamaized.net secure.gravatar.com *.camuzzigas.com; connect-src data: ws: *.s3.amazonaws.com *.camuzzigas.com.ar analytics.google.com connect.facebook.com *.camuzzigas.com camuzzigas.com.ar camuzzigas.com stats.g.doubleclick.net yoast.com app-camuzziweb-prod-eus-02.azurewebsites.net *.directline.botframework.com *.google-analytics.com *.widergy.com *.widergydev.com  *.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline'  connect.facebook.net analytics.google.com cdn.jsdelivr.net *.youtube.com api.w3-edge.com maxcdn.bootstrapcdn.com cdn.datatables.net oss.maxcdn.com www.google.com code.createjs.com www.gstatic.com www.googletagmanager.com  *.widergy.com *.googleapis.com *.google-analytics.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net use.fontawesome.com maxcdn.bootstrapcdn.com cdn.datatables.net cdnjs.cloudflare.com fonts.googleapis.com *.widergy.com ; frame-src 'self' td.doubleclick.net *.youtube.com *.vimeo.com www.google.com 1
default-src 'none'; frame-ancestors 'self'; font-src data: https://doublethedonation.com https://fonts.gstatic.com https://fonts.googleapis.com *.tiltify.com assets.tiltify.com site-assets.tiltify.com; img-src 'self' blob: data: *.medium.com https://unsplash.it https://doublethedonation.com assets.tiltify.com site-assets.tiltify.com https://assets.tiltify.com *.bonfireassets.com *.paypal.com https://www.paypalobjects.com https://www.google-analytics.com https://static-cdn.jtvnw.net *.yt-img.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://doublethedonation.com https://js.stripe.com *.tiltify.com assets.tiltify.com site-assets.tiltify.com *.twitch.tv *.freshdesk.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.com *.paypal.com https://www.paypalobjects.com https://connect.facebook.net https://static-na.payments-amazon.com https://widget.freshworks.com; style-src 'self' 'unsafe-inline' *.tiltify.com assets.tiltify.com site-assets.tiltify.com https://doublethedonation.com https://fonts.googleapis.com https://widget.freshworks.com; connect-src 'self' *.amazon.com https://doublethedonation.com *.freshdesk.com *.googleapis.com https://site-search.tiltify.com *.tiltify.com tiltify.com assets.tiltify.com site-assets.tiltify.com wss://websockets.tiltify.com https://locale.tiltify.com https://sentry.io https://api.stripe.com https://cdn.optimizely.com https://www.google-analytics.com https://widget.freshworks.com *.paypal.com; frame-src 'self' https://rumble.com *.amazon.com *.payments-amazon.com *.facebook.com *.twitch.tv https://js.stripe.com https://hooks.stripe.com https://player.twitch.tv https://www.google.com https://www.youtube.com *.paypal.com https://www.paypalobjects.com; manifest-src *.tiltify.com site-assets.tiltify.com https://assets.tiltify.com 1
base-uri 'none'; frame-ancestors 'none'; object-src 'none' 1
font-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.intercomcdn.com https://d5wfroyti11sa.cloudfront.net https://*.inlinemanual.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.inlinemanual.com https://d5wfroyti11sa.cloudfront.net; img-src 'self' 'unsafe-inline' blob: data: *.babelway.net *.tradeshift.com https://*.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com https://js.intercomcdn.com https://static.intercomassets.com https://*.inlinemanual.com https://q.stripe.com https://cdn1.iconfinder.com https://*.google-analytics.com https://*.analytics.google.com https://d5wfroyti11sa.cloudfront.net;default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.babelway.net *.tradeshift.com esb3.tradeshiftchina.cn *.taulia.com https://*.pendo.io https://*.googletagmanager.com https://*.inlinemanual.com https://*.hotjar.com https://*.hotjar.io  wss://ws.hotjar.com wss://*.hotjar.io https://*.intercom.io https://*.intercomcdn.com wss://*.intercom.io https://*.google-analytics.com https://*.analytics.google.com https://d5wfroyti11sa.cloudfront.net;frame-ancestors 'self' *.tradeshift.com *.ts.sv ; frame-src 'self' *.tradeshift.com *.googletagmanager.com *.pendo.com *.pendo.io *.hotjar.com *.hotjar.io *.youtube.com *.vimeo.com *.stripe.com; 1
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' https://c.disquscdn.com https://disqus.com/ https://78e90748.flowpaper.com/; child-src 'self' https://www.google.com/ https://disqus.com/ https://www.youtube.com/ https://www.podbean.com/ https://www.facebook.com/ https://platform.twitter.com/ https://submit.jotform.com/ https://submit.jotform.us/ https://*.partnerbookingkit.com/ https://cdn.ingo.me; connect-src 'self' http://sentry.utdev.com/ https://links.services.disqus.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://polo.feathr.co/ https://bam.nr-data.net/ https://www.googletagmanager.com/ https://*.partnerbookingkit.com/ https://submit.jotform.com/ https://ausa.careerwebsite.com/ https://cdn.ingo.me https://app.ingo.me https://78e90748.flowpaper.com/ https://px.ads.linkedin.com/wa/ https://analytics.google.com; font-src 'self' https:; frame-src 'self' https://ausa-a.akamaihd.net/ https://submit.jotform.com/ https://*.jotform.com/ https://www.youtube.com/ https://disqus.com/ https://www.facebook.com/ https://www.podbean.com/ https://info.ausa.org/ https://www.google.com/ https://calendar.google.com/ https://accounts.google.com/ https://*.google.com/ https://submit.jotform.us/ https://www.arcgis.com/ https://cdn.ingo.me https://11098073.fls.doubleclick.net https://static.addtoany.com/ https://78e90748.flowpaper.com/ARMYOct2021GreenBook/ https://www.dvidshub.net https://player.vimeo.com/ https://glac-ausa.forms-db.com/ https://bid.g.doubleclick.net/ https://fast.wistia.net/ https://www.dvidshub.net/ https://newassets.hcaptcha.com/ https://platform.twitter.com/ https://*.flowpaper.com https://ausa.force.com/ https://td.doubleclick.net/ https://my.matterport.com/; img-src 'self' https: data:; media-src 'self' https:; object-src 'self'; script-src 'self' 'unsafe-eval' https://form.jotform.com/* https://form.jotform.com/ https://code.jquery.com/ https://secure.polldaddy.com/ https://www.googletagmanager.com/ https://cdn.jotfor.ms/ https://www.google-analytics.com/ https://snap.licdn.com/ https://*.partnerbookingkit.com/ https://jotform.com/ https://*.jotform.com/ https://ausaorg.disqus.com https://*.disquscdn.com https://disqus.com https://c.disquscdn.com https://g.adspeed.net https://cdn.ingo.me https://js-agent.newrelic.com https://connect.facebook.net https://secure.quantserve.com https://www.vbt.io https://cdn.feathr.co https://a.smtrk.net/ https://polo.feathr.co https://78e90748.flowpaper.com/ https://preprod-ausa.utstaging.com addtocalendar.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://polyfill.io https://static.addtoany.com https://unpkg.com https://use.fontawesome.com https://ws.sharethis.com mdbootstrap.com platform.twitter.com stackpath.bootstrapcdn.com; script-src-elem * 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.typekit.net https://tagmanager.google.com https://cdn.jotfor.ms/ https://*.partnerbookingkit.com/ https://cdn.ingo.me https://78e90748.flowpaper.com/ addtocalendar.com fonts.googleapis.com https://use.typekit.net mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-elem * 'unsafe-inline'; worker-src 'self' https://www.google.com/ https://disqus.com/ https://www.youtube.com/ https://www.podbean.com/ https://www.facebook.com/ https://platform.twitter.com/ https://submit.jotform.com/ https://submit.jotform.us/ https://www.googletagmanager.com/ https://cdn.ingo.me; frame-ancestors 'self' 1
frame-ancestors 'self' https://www.usafencing.org https://together.escrime-fle.lu https://riyadh2024.org 1
frame-ancestors 'self' https://get.succeed.net; 1
frame-ancestors 'self' https://*.un.org; 1
frame-ancestors 'self' http://thomsonreuterstax.lookbookhq.com https://thomsonreuterstax.lookbookhq.com http://thomsonreuterstaxprofessionals.lookbookhq.com https://thomsonreuterstaxprofessionals.lookbookhq.com 1
default-src 'self' blob: data: properties: analytics.thangs.com https://storage.googleapis.com/thangs-thumbnails/production/ *.doubleclick.net www.gstatic.com *.googleapis.com js.stripe.com *.paypal.com https://www.facebook.com/tr/ connect.facebook.net https://storage.googleapis.com/gcp-and-physna.appspot.com/ https://storage.googleapis.com/prod-comparison-cache-files/ https://storage.googleapis.com/production-thangs-public/ https://storage.googleapis.com/thangs-pubic/ thangs-thumbs-dot-gcp-and-physna.uc.r.appspot.com ; img-src 'self' blob: data: https://storage.googleapis.com/thangs-thumbnails/production/ thangs-thumbs-dot-gcp-and-physna.uc.r.appspot.com us-central1-gcp-and-physna.cloudfunctions.net https://storage.googleapis.com/gcp-and-physna.appspot.com/ https://storage.googleapis.com/production-thangs-public/ https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/ play-lh.googleusercontent.com fonts.gstatic.com translate.google.com translate.googleapis.com www.gstatic.com www.google.com www.paypalobjects.com *.paypal.com cdn.thingiverse.com i.ytimg.com; script-src 'sha256-qAujL7/T1IK4b1EZvI/B/Xe1szjttC/vsCrEKZ6CodQ=' 'self' blob: 'unsafe-eval' connect.facebook.net js.stripe.com www.recaptcha.net https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://appleid.cdn-apple.com/appleauth/ *.paypal.com www.paypalobjects.com 'sha256-f5g6BkxJ1yWIe/gRp3R+jf8SkUVo9bSekseH2x1cB+k=' analytics.thangs.com; style-src 'self' 'unsafe-inline' www.gstatic.com data:; font-src 'self' data: fonts.gstatic.com; frame-src 'self' thangs-thumbs-dot-gcp-and-physna.uc.r.appspot.com www.facebook.com www.recaptcha.net storage.googleapis.com js.stripe.com www.youtube.com docs.google.com accounts.google.com *.paypal.com www.paypalobjects.com www.instagram.com; manifest-src 'self'; object-src 'none'; report-uri https://thangs.com/api/csp-report 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.filmcompanion.in;block-all-mixed-content; 1
img-src https: object-src data: 'unsafe-eval' 1
frame-ancestors 'self' *.ci360.sas.com; 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval' ;frame-ancestors 'self' https://manager.agilitycms.com *.scotiabank.com https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com https://1.b406929acabac9b095f124c81bdfcf57f.com https://1.c81358859121583b7adf2ace89cb39f44.com;script-src 'self' 'unsafe-eval' 'unsafe-inline'  googletagmanager.com facebook.net google-analytics.com *.googleapis.com licdn.com cloudflare.com Youtube.com Azureedge.net Doubleclick.net Clicktale.net Demdex.net Amazon-adsystem.com c.amazon-adsystem.com https://connect.facebook.net https://p.adsymptotic.com https://static.hotjar.com https://www.google-analytics.com cdnssl.clicktale.net https://script.hotjar.com jquery.com agilitycms.com *.msecnd.net aspnetcdn.com  assets.adobedtm.com  www.googletagmanager.com scotiabankfiles.azureedge.net snap.licdn.com  *.google.com  *.google.com.mx  *.google.ca  *.gstatic.com  *.pages09.net  *.scotiabank.com  *.contentsquare.net  *.contentsquare.com  *.we-stats.com  googleoptimize.com  cdn.polyfill.io  *.openstreetmap.org www.scotiabank.com.mx;worker-src blob: 'self';img-src 'self' *.clicktale.net  *.agilitycms.com  *.azureedge.net  *.google.com  googletagmanager.com facebook.net google-analytics.com *.googleapis.com licdn.com cloudflare.com Youtube.com Azureedge.net Doubleclick.net Clicktale.net Demdex.net Amazon-adsystem.com Hotjar.com jquery.com agilitycms.com *.msecnd.net aspnetcdn.com  assets.adobedtm.com  cm.everesttech.net  somniture.scotiabank.com  dpm.demdex.net  www.google-analytics.com  www.facebook.com  https://www.google.com.br  https://px.ads.linkedin.com  stats.g.doubleclick.net  https://p.adsymptotic.com   *.google.com   *.google.com.mx   *.google.ca   *.gstatic.com   *.pages09.net   *.scotiabank.com   *.contentsquare.net   *.contentsquare.com   googleoptimize.com   cdn.polyfill.io   *.openstreetmap.org  www.scotiabank.com.mx;connect-src 'self' https: wss: 'unsafe-inline' 'unsafe-eval'  googletagmanager.com facebook.net google-analytics.com *.googleapis.com licdn.com cloudflare.com Youtube.com Azureedge.net Doubleclick.net Clicktale.net Demdex.net Amazon-adsystem.com Hotjar.com jquery.com agilitycms.com *.msecnd.net aspnetcdn.com  *.google.com  *.google.com.mx  *.google.ca  *.gstatic.com  *.pages09.net  *.scotiabank.com  *.contentsquare.net  *.contentsquare.com  googleoptimize.com  cdn.polyfill.io  *.openstreetmap.org www.scotiabank.com.mx; 1
default-src 'none'; img-src image.gsmpunt.nl https://image.gsmpunt.nl https://assets.gsmpunt.nl https://www.gsmpunt.nl https://bat.bing.com https://www.google-analytics.com https://www.google.com https://www.google.nl https://img.youtube.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.awin1.com https://www.zenaps.com http://www.googleadservices.com https://www.googleadservices.com https://*.clarity.ms https://*.googlesyndication.com data:;style-src https://assets.gsmpunt.nl  https://www.gsmpunt.nl 'unsafe-inline';script-src https://assets.gsmpunt.nl  https://www.gsmpunt.nl http://www.googletagmanager.com http://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com https://www.youtube.com https://s.ytimg.com https://www.google.com https://www.google.nl https://www.dwin1.com https://www.zenaps.com https://the.sciencebehindecommerce.com https://www.google.com/recaptcha https://www.gstatic.com https://www.clarity.ms https://wjs.wurflcloud.com https://downloads-global.3cx.com https://ct.beslist.nl 'unsafe-inline';media-src https://image.gsmpunt.nl https://assets.gsmpunt.nl;frame-src https://www.gsmpunt.nl https://www.youtube.com https://player.vimeo.com https://www.zenaps.com https://the.sciencebehindecommerce.com https://www.google.com https://bid.g.doubleclick.net https://www.gstatic.com; connect-src https://www.gsmpunt.nl https://api.gsmpunt.nl https://*.google-analytics.com https://ampcid.google.com https://ampcid.google.nl stats.g.doubleclick.net https://the.sciencebehindecommerce.com http://www.google.com https://www.google.com https://*.analytics.google.com www.google.nl https://*.clarity.ms https://google.com https://*.bing.com https://wjs.wurflcloud.com https://gsmpunt.fluxcloud.eu:5001 wss://gsmpunt.fluxcloud.eu:5001 https://ct.beslist.nl https://googleads.g.doubleclick.net https://*.googlesyndication.com;font-src https://www.gsmpunt.nl https://assets.gsmpunt.nl;object-src data:;manifest-src https://assets.gsmpunt.nl; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob: android-webview-video-poster:; frame-ancestors 'self'; 1
report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-r+tZsgfgmIgAg4AyPU5b' 'nonce-rn6RkCONm3B4L1af9g18' 1
frame-src 'self' https://tpc.googlesyndication.com https://td.doubleclick.net https://vars.hotjar.com https://www.facebook.com; frame-ancestors 'self'; report-uri https://support.mett.nl/api/csp/RecordReport; 1
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' *.voith.com;img-src 'self' data: *.voith.com johannes.voith.com image-store.slidesharecdn.com scontent.cdninstagram.com maps.googleapis.com *.gstatic.com serve.albacross.com track.hubspot.com forms.hsforms.com *.linkedin.com new-collect.albacross.com perf.hsforms.com *.media.brightcove.com players.brightcove.net *.boltdns.net *.akamaihd.net metrics.brightcove.com scontent-frt3-1.cdninstagram.com cf-images.us-east-1.prod.boltdns.net logs1412.xiti.com new-collect.albacross.com px.ads.linkedin.com www.googletagmanager.com secure.torn6back.com prod.smassets.net prod3-assets.sprinklr.com thumb.sprinklr.com prod3-sprcdn-assets.sprinklr.com prod3-media-proxy.sprinklr.com img.youtube.com d15nmabv5huvcn.cloudfront.net exceptions.hs-embed-reporting.com d2euiryrvxi8z1.cloudfront.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.voith.com widget.surveymonkey.com maps.googleapis.com players.brightcove.net scontent.cdninstagram.com tag.aticdn.net js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hsforms.net forms.hsforms.com serve.albacross.com consent.cookiebot.com www.google.com www.googletagmanager.com www.gstatic.com consentcdn.cookiebot.com vjs.zencdn.net secure.rate8deny.com ajax.googleapis.com gallery-prod3.sprinklr.com players.brightcove.net vjs.zencdn.net platform.twitter.com snap.licdn.com;script-src-elem 'self' 'unsafe-inline' consent.cookiebot.com widget.surveymonkey.com consentcdn.cookiebot.com tag.aticdn.net www.googletagmanager.com www.google.com www.gstatic.com snap.licdn.com players.brightcove.net js.hs-scripts.com js.hs-banner.com js.hscollectedforms.net js.hsleadflows.net js.hs-analytics.net *.hsforms.net *.hsforms.com serve.albacross.com vjs.zencdn.net code.jquery.com secure.rate8deny.com ajax.googleapis.com gallery-prod3.sprinklr.com platform.twitter.com maps.googleapis.com static.voith.com;media-src 'self' 'unsafe-inline' blob: data: prod3-media-proxy.sprinklr.com *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.voith.com;prefetch-src 'self' *.boltdns.net;style-src 'self' 'unsafe-inline' *.voith.com fonts.googleapis.com gallery-prod3.sprinklr.com players.brightcove.net www.googletagmanager.com;font-src 'self' 'unsafe-inline' data: *.voith.com vjs.zencdn.net fonts.googleapis.com gallery-prod3.sprinklr.com fonts.gstatic.com ;frame-src 'self' data: consentcdn.cookiebot.com www.google.com forms.hsforms.com resource.voith.com www.yumpu.com players.brightcove.net forms.hubspot.com js.hsforms.net;connect-src 'self' search.voith.com searchprev.voith.com consentcdn.cookiebot.com forms.hubspot.com forms.hsforms.com static.voith.com new-collect.albacross.com bcbolt446c5271-a.akamaihd.net manifest.prod.boltdns.net logs1412.xiti.com api.hsforms.com resource.voith.com gallery-prod3.sprinklr.com prod3-external-share-api.sprinklr.com johannes.voith.com players.brightcove.net edge.api.brightcove.com *.brightcove.com maps.googleapis.com js.hs-banner.com idx.liadm.com videoproxy.voith.com px.ads.linkedin.com edge.api.brightcove.com;worker-src 'self' 'unsafe-inline' blob: data:  *.voith.com;object-src 'none'; 1
default-src 'none'; frame-ancestors 'self' mbconnectline.com *.mbconnectline.com simply-connect.me *.simply-connect.me simply-connect2.me *.simply-connect2.me; form-action 'self' mbconnectline.com *.mbconnectline.com; base-uri 'self' mbconnectline.com *.mbconnectline.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' mbconnectline.com *.mbconnectline.com *.googleapis.com *.gstatic.com *.cloudflare.com; style-src 'unsafe-inline' 'self' mbconnectline.com *.mbconnectline.com *.googleapis.com *.gstatic.com *.cloudflare.com; font-src 'self' data: mbconnectline.com *.mbconnectline.com *.googleapis.com *.gstatic.com *.cloudflare.com; img-src 'self' data: blob: mbconnectline.com *.mbconnectline.com *.googleapis.com *.gstatic.com *.cloudflare.com; object-src 'self' mbconnectline.com *.mbconnectline.com; prefetch-src 'self' mbconnectline.com *.mbconnectline.com; media-src *; frame-src *; manifest-src *; worker-src *; connect-src *; 1
default-src 'self';connect-src 'self' *.habbo.com https://hcaptcha.com https://*.hcaptcha.com cookie-cdn.cookiepro.com privacyportal.cookiepro.com cookies.onetrust.mgr.consensu.org geolocation.onetrust.com www.facebook.com https://accounts.google.com/gsi/ *.google-analytics.com www.googletagmanager.com csi.gstatic.com habboo-a.akamaihd.net d29usylhdk1xyu.cloudfront.net;img-src 'self' data: *.habbo.com cookie-cdn.cookiepro.com habbo-stories-content.s3.amazonaws.com www.facebook.com *.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com habboo-a.akamaihd.net images.habbogroup.com docj27ko03fnu.cloudfront.net d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com cdn.rpxnow.com pay.openbucks.com trck.spoteffects.net;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.habbo.com https://appleid.cdn-apple.com https://hcaptcha.com https://*.hcaptcha.com cookie-cdn.cookiepro.com connect.facebook.net https://accounts.google.com/gsi/client *.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com apis.google.com rpxnow.com d29usylhdk1xyu.cloudfront.net trck.spoteffects.net;style-src 'self' 'unsafe-inline' *.habbo.com https://hcaptcha.com https://*.hcaptcha.com www.gstatic.com fonts.googleapis.com d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com;child-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.habbo.com *.facebook.com www.google.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com torox.io;frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.habbo.com *.facebook.com www.google.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com torox.io;font-src 'self' fonts.gstatic.com habboo-a.akamaihd.net *.habbo.com data:;frame-ancestors 'self' *.idcgames.com www.funnygames.fi www.funnygames.es www.funnygames.nl www.funnygames.fr www.funnygames.it www.funnygames.us www.funnygames.eu www.funnygames.biz www.funnygames.com.br www.funnygames.org *.gamesxl.com keygames.com www.games.co.za www.bgames.com starbie.co.uk nyckelspel.se www.games.co.uk www.a10.com www.gry.pl www.spela.se www.gamesgames.com www.ourgames.ru www.permainan.co.id www.games.co.id www.agame.com www.flashgames.ru www.mousebreaker.com kizi.com yepi.com www.integrations.partner.spilgames.com www.teens-integrations.partner.spilgames.com www.youdagames.com www.elkspel.nl www.spele.nl www.spele.be www.spelletjesoverzicht.nl *.orangegames.com hyvesgames.nl spele.nl www.spelletjes.nl www.spel.nl *.giochixl.it www.1001giochi.it minigioco.it www.gioco.it www.giochi.it *.jeuxdelajungle.fr www.1001games.fr jouerjouer.com spele.be www.jeux.fr www.jeu.fr oyun.mynet.com gamecell.com www.gamecell.com oyungemisi.com www.oyunskor.com *.1001pelit.com pelaaleikkia.com www.isladejuegos.es clavejuegos.com www.juegos.com *.1001spiele.de www.jetztspielen.ws www.jetztspielen.de www.spielaffe.de *.spielspiele.de spielspiele.de www.spielen.com *.1001jogos.pt jogojogar.com www.ojogos.com.br;form-action 'self' https://login.habbo.com https://help.habbo.com https://help.habbo.de https://help.habbo.es https://help.habbo.fi https://help.habbo.fr https://help.habbo.it https://help.habbo.nl https://help.habbo.com.br https://help.habbo.com.tr habbohelpbr.zendesk.com habbohelpen.zendesk.com habbohelpde.zendesk.com habbohelpes.zendesk.com habbohelpfi.zendesk.com habbohelpfr.zendesk.com habbohelpit.zendesk.com habbohelpnl.zendesk.com habbohelptr.zendesk.com;upgrade-insecure-requests ;report-uri /csp/report 1
default-src 'self' policy.cookiereports.com www.youtube-nocookie.com data: 'unsafe-eval';         style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com;         img-src 'self' policy.cookiereports.com *.google-analytics.com *.googletagmanager.com data: ;         connect-src 'self' policy.cookiereports.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com;         script-src 'self' ajax.googleapis.com www.google.com www.gstatic.com policy.cookiereports.com *.googletagmanager.com 'unsafe-inline'             'unsafe-eval' *.cloudfront.net *.youtube.com www.google-analytics.com data: blob:;         font-src 'self' fonts.googleapis.com fonts.gstatic.com *.cloudfront.net data: 'unsafe-eval'; 1
font-src fonts.gstatic.com use.typekit.net https://apretailer.com.br *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.adyen.com *.us1.gigya.com *.openpay.mx *.openpay.co *.mercadolibre.com *.opencontrol.mx *.kaptcha.com *.openpay.pe *.paynet.com.mx www.google-analytics.com unpkg.com googleads.g.doubleclick.net commerce.adobedtm.com magento-recs-sdk.adobe.net www.googleadservices.com www.gstatic.com *.google.com *.google.com.br *.criteo.com *.doubleclick.net *.cloudfront.net *.nr-data.net *.enviou.com.br *.facebook.com *.facebook.net *.newrelic.com http://receiver.posclick.dinamize.com *.gigya-api.com *.panini.com.br https://apretailer.com.br c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com *.us1.gigya.com 'self' data: 'unsafe-inline' data: *.postimg.cc *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.openpay.mx unpkg.com commerce.adobedtm.com magento-recs-sdk.adobe.net www.gstatic.com *.google.com *.google.com.br *.panini.canto.global https://panini.canto.global *.cloudfront.net *.doubleclick.net *.g.doubleclick.net *.ivitrack.com *.bidswitch.net *.criteo.com *.nr-data.net *.enviou.com.br *.facebook.com *.facebook.net *.newrelic.com http://receiver.posclick.dinamize.com *.gigya-api.com *.panini.com.br https://www.gravatar.com *.googleusercontent.com https://apretailer.com.br www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com *.us1.gigya.com s7.addthis.com *.mlstatic.com *.mercadopago.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ unpkg.com www.gstatic.com *.google.com *.google.com.br *.vendavalida.com.br *.zdassets.com *.criteo.com *.enviou.com.br *.cloudfront.net *.facebook.com *.facebook.net http://receiver.posclick.dinamize.com *.gigya-api.com *.panini.com.br https://apretailer.com.br js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com 'unsafe-inline' data: https://apretailer.com.br unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.adyen.com *.openpay.mx *.openpay.co ekr.zdassets.com/ *.mercadopago.com *.mercadolibre.com *.openpay.pe unpkg.com googleads.g.doubleclick.net commerce.adobedtm.com magento-recs-sdk.adobe.net www.gstatic.com *.google.com *.google.com.br *.criteo.com *.vendavalida.com.br *.zendesk.com *.doubleclick.net *.us1.gigya.com *.cloudfront.net *.enviou.com.br *.facebook.com *.facebook.net http://receiver.posclick.dinamize.com *.gigya-api.com *.panini.com.br https://apretailer.com.br api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src bam.nr-data.net googleads.g.doubleclick.net csm.us5.us.criteo.net commerce.adobedc.net https://apretailer.com.br *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'none'; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; script-src 'self' blob: https://stackpath.bootstrapcdn.com https://ajax.googleapis.com https://pro.fontawesome.com https://code.jquery.com https://cdnjs.cloudflare.com https://c0.froala.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net; object-src 'none'; upgrade-insecure-requests 1
frame-ancestors https://andrews.hu 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: blob:; child-src https: blob:; object-src 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ampproject.org https://pixel.adsafeprotected.com https://static.adsafeprotected.com https://ad.doubleclick.net https://cse.google.com http://cse.google.com http://maps.google.com https://maps.google.com http://maps.googleapis.com https://maps.googleapis.com https://www.google.com https://www.googleapis.com https://apis.google.com https://www.google-analytics.com https://ajax.googleapis.com https://pagead2.googlesyndication.com www.googletagservices.com https://adservice.google.com https://adservice.google.fr https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.gstatic.com https://code.jquery.com http://assets.pinterest.com https://assets.pinterest.com http://log.pinterest.com https://connect.facebook.net http://bs.serving-sys.com http://ds.serving-sys.com http://logv5.xiti.com https://az124611.vo.msecnd.net https://az551914.vo.msecnd.net http://analytics-eu.clickdimensions.com https://www.googletagmanager.com 1
frame-ancestors 'self' https://www.indacomagister.ro https://indacomagister.ro 1
frame-ancestors 'self' https://admin.euronics.hu 1
script-src 'self' 'unsafe-eval' https://js.fintoc.com/v1/ https://api.fintoc.com/v1/  https://wlscripts.recorrido.cl https://www.googleoptimize.com  https://www.google-analytics.com https://www.recaptcha.net 'unsafe-eval' 'unsafe-inline' https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googleadservices.com https://www.gstatic.com https://diffuser-cdn.app-us1.com  https://cdn.recorrido-new.cl https://www.recaptcha.net https://*.googletagmanager.com  https://tagmanager.google.com/ https://*.google.com https://prism.app-us1.com https://cdn.recorrido.cl https://trackcmp.net https://js-agent.newrelic.com https://bam.nr-data.net https://wlscripts.recorrido.cl https://www.googleoptimize.com https://tracking.krip.cl/bciplus/script.js frame-src 'unsafe-inline' 'unsafe-eval' 'self' https://wlscripts.recorrido.cl https://www.googleoptimize.com https://tracking.krip.cl/bciplus/script.js https://api.fintoc.com/v1/ https://js.fintoc.com/v1/ https://a.bstatic.com/static/affiliate_base/js/search_extension.js; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mistaua.com https://*.google.com *.google.com https://*.google.com.ua *.google.com.ua *.gstatic.com *.facebook.net *.instagram.com *.googleapis.com *.googlesyndication.com  https://*.googlesyndication.com *.googletagservices.com https://*.googletagservices.com *.doubleclick.net https://*.googleadservices.com  https://*.doubleclick.net https://*.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.ampproject.org https://polyfill.io/ wikimapia.org https://*.jsdelivr.net cdn.api.twitter.com oss.maxcdn.com; style-src  'self' 'unsafe-inline' *.google.com *.googleapis.com; frame-src 'self' *.doubleclick.net https://*.googlesyndication.com *.googletagservices.com *.google.com *.google.com.ua *.facebook.com *.instagram.com *.youtube.com https://*.doubleclick.net https://*.g.doubleclick.net wikimapia.org *.openstreetmap.org *.adsensecustomsearchads.com; 1
frame-ancestors https://www.medplusindia.com; 1
upgrade-insecure-requests; frame-ancestors zuozhe.qimao.com 1
frame-ancestors *.fidelityhouse.eu *.fidelityhouse.it 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-R043NE40YXJ3RjhMSnlGRktJQUtHVFhRR09sTHdqSkxTbVhhbTFyRUNxUT06S0lTcldPMmVqQmhGU25rSGJyQjhYVmU5UzR3ZTlFSi9mRC9qOG5HVmI5Yz0=' gp.gov.ao blob:;style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://*.tile.openstreetmap.org;font-src 'self' data:;connect-src 'self' gp.gov.ao blob: stun.nextcloud.com:443;media-src 'self' blob:;frame-src gp.gov.ao doc.gov.ao ms-word: 'self' data:;child-src blob: 'self';frame-ancestors 'self' gp.gov.ao doc.gov.ao ms-word:;worker-src blob: 'self';form-action 'self' 1
default-src 'self' *.zeptonow.com; style-src 'self' 'unsafe-inline' *.zeptonow.com https://fonts.gstatic.com https://cdn.zeptonow.com fonts.googleapis.com https://uploads-ssl.webflow.com https://www.googletagmanager.com https://selfserveapp.kapturecrm.com; font-src 'self' data: https://fonts.gstatic.com https://cdn.zeptonow.com https://fonts.googleapis.com https://uploads-ssl.webflow.com https://selfserveapp.kapturecrm.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.zeptonow.com *.nr-data.net https://maps.googleapis.com https://js-agent.newrelic.com https://www.google-analytics.com https://www.googletagmanager.com https://selfserveapp.kapturecrm.com https://public.releases.juspay.in https://uploads-ssl.webflow.com https://cdn.mxpnl.com www.artfut.com; style-src-elem 'self' 'unsafe-inline' *.zeptonow.com https://global-uploads.webflow.com fonts.googleapis.com https://www.googletagmanager.com https://selfserveapp.kapturecrm.com https://uploads-ssl.webflow.com; script-src-elem 'self' 'unsafe-inline' *.zeptonow.com https://connect.facebook.net https://googleads.g.doubleclick.net https://global-uploads.webflow.com https://d3e54v103j8qbb.cloudfront.net https://ajax.googleapis.com https://js-agent.newrelic.com *.nr-data.net https://public.releases.juspay.in https://www.google-analytics.com https://www.googletagmanager.com https://selfserveapp.kapturecrm.com https://maps.googleapis.com https://uploads-ssl.webflow.com https://cdn.mxpnl.com www.artfut.com http://cdn.mxpnl.com https://web-sdk-cdn.singular.net; frame-src 'self' https://public.releases.juspay.in https://td.doubleclick.net/ cdn.zeptonow.com *.zeptonow.com; img-src 'self' data: blob:  *.zeptonow.com https://www.facebook.com https://ik.imagekit.io https://zepto-onlinesales-assets.s3.amazonaws.com https://zepto-onlinesales-assets.s3.ap-south-1.amazonaws.com https://prod-zepto-public-assets.s3.ap-south-1.amazonaws.com https://global-uploads.webflow.com https://www.google-analytics.com https://www.google.com https://www.google.co.in https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://selfserveapp.kapturecrm.com https://uploads-ssl.webflow.com ad.admitad.com 2bsps2nef.de z.asbmit.com lenkmio.com pafutos.com; connect-src 'self' *; 1
default-src * data: 'unsafe-eval' 'unsafe-inline' blob:  js.zi-scripts.com presidioexplores.com information.presidio.com cdn.userway.org js.zi-scripts.com www.youtube-nocookie.com  www.googleadservices.com pagead2.googlesyndication.com  bigcloud.presidio.com:443 csa.presidio.com:443 region1.analytics.google.com open.spotifycdn.com region1.google-analytics.com *.cookieyes.com spaceman.presidio.com uccftp.presidio.com gitblit.presidio.com kit.fontawesome.com okr.presidio.com spaceman.presidio.com:443 cdn2.hubspot.net js.hs-analytics.net forms.hsforms.com forms.hubspot.com cpuser.presidio.com:443 js.hs-banner.com d2o0yh38wy20at.cloudfront.net play.hubspotvideo.com cms.presidio.com login.ms.presidio.com cpuser.presidio.com px4.ads.linkedin.com codaglobal.wpengine.com content.hotjar.io csa.presidio.com *.cloudfront.net in.hotjar.com blog.arkphire.com wss://*.hotjar.com *.hotjar.io *.hotjar.com ws19.hotjar.com uccftp.presidio.com:443 pass.presidio.com okr.presidio.com okr.presidio.com:443 cyber.presidio.com spamq.presidio.com tpass.presidio.com www.presidio.com:443 tpass.presidio.com:443 bigcloud.presidio.com pass.presidio.com:443 portal.presidio.com *.brighttalk.com gitblit.presidio.com www.coda.global js.hsadspixel.net pro.fontawesome.com use.fontawesome.com *.arkphire.com *.presidio.com login.ms.presidio.com wordpress.coda.global dev-okr.presidio.com dev-okr.presidio.com:443 dev-okr.presidio.com www.arkphire.com *.hubspot.com *.hubspotusercontent10.net js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hs-banner.net *.hsforms.net *.hsforms.com static.hsappstatic.net js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com *.vidyard.com cdnjs.cloudflare.com unpkg.com cta-service-cms2.hubspot.com no-cache.hubspot.com ak5.picdn.net forms.hsforms.com fonts.googleapis.com fonts.gstatic.com ipapi.co geoip.cookieyes.com coda.global www.google.com www.google.co.in analytics.google.com www.youtube.com t.co www.google-analytics.com analytics.twitter.com cs.lf-discover.com tr.lfeeder.com px.ads.linkedin.com ws15.hotjar.com vars.hotjar.com wss.hotjar.com vc.hotjar.io ws9.hotjar.com www.google.ie stats.g.doubleclick.net region1.analytics.google.com cdn.linkedin.oribi.io px.ads.linkedin; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.zi-scripts.com cdn.jsdelivr.net presidioexplores.com yoast.com cdn.jsdelivr.net cdn.userway.org www.googleadservices.com js.zi-scripts.com  *.cookieyes.com bigcloud.presidio.com spamq.presidio.com  portal.presidio.com  gitblit.presidio.com csa.presidio.com cdn.jsdelivr.net js.hscta.net kit.fontawesome.com www.youtube.com *.usemessages.com *.hs-scripts.com js.hscollectedforms.net unpkg.com *.hubspotusercontent20.net *.hubspot.com *.hsforms.com js.hsleadflows.net cdn2.hubspot.net js.hs-banner.net d2o0yh38wy20at.cloudfront.net cdn2.hubspot.net www.arkphire.com blog.arkphire.com unpkg.com platform.twitter.com platform.linkedin.com static.hsappstatic.net script.hotjar.com ajax.googleapis.com www.gstatic.com www.google.com cdnjs.cloudflare.com googleads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com connect.facebook.net js.hs-banner.com js.hsadspixel.net js.hs-analytics.net www.brighttalk.com app.hubspot.com js.hsleadflows.net www.arkphire.com unpkg.com no-cache.hubspot.com ak5.picdn.net forms.hsforms.com use.fontawesome.com pro.fontawesome.com cta-service-cms2.hubspot.com fonts.googleapis.com sc.lfeeder.com fonts.gstatic.com www.google.co.in analytics.google.com static.hotjar.com static.ads-twitter.com snap.licdn.com analytics.twitter.com ws15.hotjar.com vc.hotjar.io; connect-src 'self' 'unsafe-inline' cdn.jsdelivr.net presidioexplores.com pagead2.googlesyndication.com ws.zoominfo.com js.zi-scripts.com cdn77.api.userway.org cdn.userway.org api.userway.org api.nelioabtesting.com px.ads.linkedin.com www.googleadservices.com *.cookieyes.com *.google.com region1.analytics.google.com ipapi.co www.googleadservices.com  www.youtube-nocookie.com csa.presidio.com d2o0yh38wy20at.cloudfront.net *.hubapi.com *.hubspot.com www.facebook.com hubspot-forms-static-embed.s3.amazonaws.com js.hs-banner.com cdn.linkedin.oribi.io blog.arkphire.com cdn2.hubspot.net wss://*.hotjar.com content.hotjar.io *.hotjar.com *.hotjar.io codaglobal.wpengine.com forms.hubspot.com cta-service-cms2.hubspot.com www.google.com stats.g.doubleclick.net *.cloudfront.net www.youtube.com connect.facebook.net www.gstatic.com csmetrics.hotjar.com cdnjs.cloudflare.com api.hubapi.com ajax.googleapis.com www.arkphire.com www.googletagmanager.com in.hotjar.com my.yoast.com googleads.g.doubleclick.net www.google-analytics.com analytics.google.com cs.lf-discover.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net presidioexplores.com js.zi-scripts.com cdn.userway.org spamq.presidio.com csa.presidio.com cdn2.hubspot.net static.hsappstatic.net www.arkphire.com *.hubspot.com *.hubspotusercontent10.net js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hsadspixel.net js.hs-banner.net *.hsforms.net clearpathdev.wpengine.com *.hsforms.com js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com *.vidyard.com cdnjs.cloudflare.com unpkg.com no-cache.hubspot.com ak5.picdn.net cta-service-cms2.hubspot.com forms.hsforms.com fonts.googleapis.com *.arkphire.com use.fontawesome.com js.hsleadflows.net pro.fontawesome.com app.hubspot.com d2o0yh38wy20at.cloudfront.net; img-src 'self' 'unsafe-inline'  blob: data:  'unsafe-eval' js.zi-scripts.com cdn.userway.org px4.ads.linkedin.com googleads.g.doubleclick.net www.google.com syndication.twitter.com forms.hsforms.com www.googletagmanager.com forms-na1.hsforms.com blog.arkphire.com www.facebook.com cdn2.hubspot.net www.arkphire.com ak5.picdn.net no-cache.hubspot.com 1954099.fs1.hubspotusercontent-na1.net perf.hsforms.com perf-na1.hsforms.com track.hubspot.com secure.gravatar.com px.ads.linkedin.com t.co analytics.twitter.com www.google.co.in; frame-src 'self' presidiochronicles.com information.presidio.com democontent.codex-themes.com  presidioexplores.com js.zi-scripts.com cdn.userway.org td.doubleclick.net trello.com px.ads.linkedin.com googleads.g.doubleclick.net www.brighttalk.com blog.arkphire.com youtube.com www.youtube-nocookie.com open.spotifycdn.com www.youtube.com portal.presidio.com csa.presidio.com open.spotify.com cdn2.hubspot.net d2o0yh38wy20at.cloudfront.net *.hubspot.com *.hsforms.com forms.hsforms.com www.facebook.com platform.twitter.com www.google.com  blog.arkphire.com play.hubspotvideo.com spaceman.presidio.com lyncdiscover.presidio.com *.presidio.com; font-src 'self' data: cdn.jsdelivr.net presidioexplores.com cdn.userway.org blog.arkphire.com www.arkphire.com csa.presidio.com  cpuser.presidio.com js.zi-scripts.com tpass.presidio.com dev-okr.presidio.com gitblit.presidio.com spamq.presidio.com pass.presidio.com cdnjs.cloudflare.com clearpathdev.wpengine.com fonts.gstatic.com use.fontawesome.com cdn2.hubspot.net script.hotjar.com pro.fontawesome.com; worker-src blob:; child-src blob: gap:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://maps.google.com/ https://maps.googleapis.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com/; frame-src https://www.youtube.com/ https://www.youtube-nocookie.com/ https://maps.google.com/  https://www.google.com/maps/ https://www.google.com/recaptcha/; connect-src 'self' https://hrms.dxn2u.com:8888/; img-src 'self' data: 1
frame-ancestors 'self' *.kaiza.la file://* 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com http://www.google-analytics.com; img-src 'self' https://ssl.google-analytics.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://docs.google.com http://duenquiry.digitaluniversity.ac https://www.google.com; connect-src 'self'; object-src 'self'; frame-ancestors 'self' http://duenquiry.digitaluniversity.ac; 1
frame-ancestors https://*.menora.co.il https://*.menoramivt.co.il 1
default-src 'self'; img-src 'self' data: www.veranstaltungsticket-bahn.de *.usercentrics.eu uniklinik-freiburg.concludis.de karriere.uniklinik-freiburg.de www.uniklinik-freiburg.de i.ytimg.com www.google.com www.google.de www.google-analytics.com www.gstatic.com www.googletagmanager.com biom131.imbi.uni-freiburg.de letscast.fm *.letscast.fm open.spotify.com; style-src 'self' 'unsafe-inline' uniklinik-freiburg.concludis.de maxcdn.bootstrapcdn.com letscast.fm *.letscast.fm open.spotify.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: download.digiaccess.org ausschreibungen.landbw.de www.youtube.com s.ytimg.com *.usercentrics.eu *.google.com *.googletagmanager.com *.google-analytics.com analyzer.amedick-sommer.de uniklinik-freiburg.concludis.de platform.twitter.com connect.facebook.net anreiseservice.specials-bahn.de letscast.fm *.letscast.fm open.spotify.com; frame-ancestors 'self'; connect-src 'self' api.digiaccess.org *.usercentrics.eu *.google-analytics.com noembed.com stats.g.doubleclick.net adservice.google.com uniklinik-freiburg.concludis.de karriere.uniklinik-freiburg.de biom131.imbi.uni-freiburg.de letscast.fm *.letscast.fm open.spotify.com; font-src 'self' data: uniklinik-freiburg.concludis.de maxcdn.bootstrapcdn.com letscast.fm *.letscast.fm open.spotify.com; media-src 'self' letscast.fm *.letscast.fm open.spotify.com; frame-src 'self' www.jove.com maps.google.de www.google.com www.youtube-nocookie.com www.youtube.com ansb.uniklinik-freiburg.de karriere.uniklinik-freiburg.de www.betterplace-widget.org forschdb.verwaltung.uni-freiburg.de www.facebook.com platform.twitter.com syndication.twitter.com www.devisubox.com paygate.novalnet.de biom131.imbi.uni-freiburg.de letscast.fm *.letscast.fm open.spotify.com; object-src 'none'; 1
frame-ancestors 'self' 'trifork.com' 'gotocon.com' 'trifork.dk'; 1
default-src 'none'; script-src 'self' 'unsafe-eval' data: blob: *.betterhealth.vic.gov.au dhhs.vic.gov.au content.dhhs.vic.gov.au *.content.dhhs.vic.gov.au cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com cdn.monsido.com connect.facebook.net *.cloudfront.net *.youtube.com ytimg.com *.ytimg.com usercheck.vgso.vic.gov.au *.readspeaker.com *.health.vic.gov.au *.healthdirect.org.au ajax.googleapis.com *.marker.io *.crazyegg.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com maps.googleapis.com; style-src 'self' 'unsafe-inline' dhhs.vic.gov.au content.dhhs.vic.gov.au *.content.dhhs.vic.gov.au fonts.googleapis.com tagmanager.google.com *.readspeaker.com drwgdblqzrfiz.cloudfront.net https://optimize.google.com https://fonts.googleapis.com cdn.monsido.com; img-src 'self' *.amazee.io *.analytics.google.com *.betterhealth.vic.gov.au *.content.dhhs.vic.gov.au *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.marker.io community-stg.dh-23.1.today.design community.lifeprogram.org.au content.dhhs.vic.gov.au data: dhhs.vic.gov.au drwgdblqzrfiz.cloudfront.net https://optimize.google.com https://www.google-analytics.com https://www.googletagmanager.com tracking.monsido.com www.google.ad www.google.ae www.google.al www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cat www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.af www.google.com.ag www.google.com.ai www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.ki www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.ms www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.nr www.google.nu www.google.pl www.google.pn www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.st www.google.td www.google.tg www.google.tl www.google.tm www.google.tn www.google.to www.google.tt www.google.vg www.google.vu www.google.ws www.hon.ch www2.health.vic.gov.au maps.googleapis.com maps.gstatic.com; font-src 'self' data: dhhs.vic.gov.au content.dhhs.vic.gov.au *.content.dhhs.vic.gov.au fonts.gstatic.com *.readspeaker.com *.marker.io https://fonts.gstatic.com; frame-src 'self' dhhs.vic.gov.au content.dhhs.vic.gov.au *.content.dhhs.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.vic.gov.au *.healthdirect.org.au dhhs.carto.com *.doubleclick.net *.marker.io https://optimize.google.com *.arcgis.com; manifest-src 'self'; connect-src 'self' *.analytics.google.com *.arcgis.com *.content.dhhs.vic.gov.au *.crazyegg.com *.doubleclick.net *.google-analytics.com *.hotjar.com *.hotjar.io *.marker.io *.readspeaker.com *.sdp.vic.gov.au analytics.google.com api.ipify.org content.dhhs.vic.gov.au dhhs.au.auth0.com dhhs.vic.gov.au drwgdblqzrfiz.cloudfront.net lifeprogram.au.auth0.com wss://*.hotjar.com maps.googleapis.com; 1
frame-ancestors 'self' lookbook.roveconcepts.com opheliabed.com 1
frame-ancestors 'self' tau2904.com *.tau2904.com *.ttbbank.com *.ttbdirect.com *.9fftech.com https://*.9fftech.com https://*.tau2904.com  https://*.ttbdirect.com https://*.ttbbank.com dev-web-tmbwowoneapp.azurewebsites.net stg-web-tmbwowoneapp.azurewebsites.net https://dev-web-tmbwowoneapp.azurewebsites.net https://stg-web-tmbwowoneapp.azurewebsites.net cms.ttbbank.local cms-uat.ttbbank.local cms-uat2.ttbbank.local 1
default-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com; script-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com 'unsafe-inline' 'unsafe-eval' https://*.ada.support https://*.bing.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googletagmanager.com https://www.gstatic.com https://*.launchdarkly.com https://optimize.google.com https://www.googleoptimize.com https://js-agent.newrelic.com https://bam.nr-data.net https://static.ads-twitter.com https://analytics.twitter.com https://connect.facebook.net https://cdn.pdst.fm https://tracker.adreadyclick.com https://www.googleadservices.com https://cdn.pbbl.co https://websdk.appsflyer.com https://banner.appsflyer.com https://www.youtube.com https://creatives-cdn.appsflyer.com https://googleads.g.doubleclick.net https://www.google.com https://dend6g4sigg57.cloudfront.net https://5mky5td3g9.execute-api.us-east-1.amazonaws.com https://8jq0hovjeg.execute-api.us-east-1.amazonaws.com https://cdn.jsdelivr.net https://pixel.mathtag.com https://collector-20545.tvsquared.com https://*.google.com/; style-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://optimize.google.com https://cdn.jsdelivr.net https://banner.appsflyer.com https://creatives-cdn.appsflyer.com; frame-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com https://*.ada.support https://www.facebook.com https://cdn.pbbl.co https://bid.g.doubleclick.net https://optimize.google.com https://www.youtube.com https://dend6g4sigg57.cloudfront.net https://5mky5td3g9.execute-api.us-east-1.amazonaws.com https://8jq0hovjeg.execute-api.us-east-1.amazonaws.com https://pixel.mathtag.com https://collector-20545.tvsquared.com; connect-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com https://*.ada.support https://stats.g.doubleclick.net https://www.google-analytics.com https://*.bing.com https://bam.nr-data.net https://www.facebook.com https://pixelconnector.adready.com https://tracker.adreadyclick.com https://us-central1-adaptive-growth.cloudfunctions.net https://8jq0hovjeg.execute-api.us-east-1.amazonaws.com wss://*.connect.us-east-1.amazonaws.com https://5mky5td3g9.execute-api.us-east-1.amazonaws.com https://participant.connect.us-east-1.amazonaws.com https://wa.onelink.me https://wa.appsflyer.com https://banner.appsflyer.com https://creatives-cdn.appsflyer.com https://*.google.com/; img-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com https://secure.gravatar.com https://m1.com data: https://m1.com https://*.bing.com https://s3.amazonaws.com https://www.google-analytics.com https://www.googleanalytics.com https://www.google.com https://www.googletagmanager.com https://optimize.google.com https://trkn.us https://t.co https://www.facebook.com https://secure.adnxs.com https://pixel.pointmediatracker.com https://cnv.event.prod.bidr.io https://px0.pbbl.co https://aa.agkn.com https://analytics.twitter.com https://pixel.mathtag.com https://collector-20545.tvsquared.com https://banner.appsflyer.com https://creatives-cdn.appsflyer.com https://cdnappicons.appsflyer.com https://impressions.onelink.me https://*.google.com/; font-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com https://fonts.googleapis.com https://fonts.gstatic.com data: https://www.googletagmanager.com https://optimize.google.com https://cdn.appsflyer.com; object-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com; media-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com; 1
default-src 'self' https://*.expireddomains.net; style-src 'self' 'unsafe-inline' https://*.expireddomains.net; script-src 'self' 'unsafe-inline' https://*.expireddomains.net; object-src 'none'; base-uri 'none'; 1
default-src 'self'; img-src 'self' data:; style-src 'self'; frame-src 'self'; object-src 'none'; base-uri 'none'; form-action 'self'; frame-ancestors 'none' 1
default-src 'self';base-uri 'self';frame-ancestors 'self' https://*.epic.com https://*.geisinger.edu https://*.geisinger.org https://*.mycarecompass.edu https://*.mycarecompass.org https://*.mygeisinger.org https://geisinger.org https://www.geisinger.org;upgrade-insecure-requests;frame-src https://* 'self' epichttp: https://*.geisinger.edu;script-src https://mychart.mycarecompass.org 'self' 'unsafe-eval' 'unsafe-inline' https://*.geisinger.edu https://*.geisinger.org https://*.google.com https://*.googleapis.com https://*.gyantts.com https://*.jquery.com https://*.mycarecompass.org https://*.virtualearth.net https://ajax.microsoft.com https://mycarecompass.org https://twemoji.maxcdn.com https://unpkg.com https://www.gstatic.com;img-src https://* 'self' blob: data:;connect-src 'self' https://*.amazonaws.com https://*.gyantts.com wss://web.production.gyantts.com wss://web2.dev.gyantts.com wss://web2.production.gyantts.com;style-src https://mychart.mycarecompass.org 'self' 'unsafe-inline' https://*.geisinger.edu https://*.geisinger.org https://*.gyantts.com https://*.mycarecompass.org https://mycarecompass.org https://s3.amazonaws.com;worker-src 'self' blob:;child-src 'self' blob:;font-src 'self' https://*.gyantts.com https://s3.amazonaws.com;form-action 'self';media-src https://* 'self' blob:; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com https://mc.yandex.ru *.licdn.com https://browser.sentry-cdn.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.5.0/js/swiper.min.js https://cdn.jsdelivr.net/npm/swiper@10/swiper-bundle.min.js https://googleads.g.doubleclick.net/ https://api-maps.yandex.ru/ https://yastatic.net/ https://core-renderer-tiles.maps.yandex.net https://ashotb2b.pbx.mts.am/callback.js?uid=3822cf6b-fe65-4d68-980d-fe4b344ba376 'self' cdn.ampproject.org web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.5.0/css/swiper.min.css 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://*.linkedin.com https://mc.yandex.ru https://static.mts.ru/ https://www.google.am https://www.google.com https://api-maps.yandex.ru/ https://core-renderer-tiles.maps.yandex.net/ https://yandex.com/ 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src view.joomag.com viewer.joomag.com https://maps.google.com/ https://www.google.com/ https://www.youtube.com/ https://mc.yandex.ru/ https://td.doubleclick.net/ 'self' web-chat.nativechat.com; connect-src data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com https://cdn.linkedin.oribi.io https://mc.yandex.ru https://mc.yandex.md https://px.ads.linkedin.com/wa/ https://analytics.google.com/ 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://viewer.joomag.com/ https://view.joomag.com/ https://maps.google.com/ https://www.google.com/ 'self' web-chat.nativechat.com 1
default-src 'self' *.vidyard.com *.onetrust.com *.visualwebsiteoptimizer.com *.vwo.com;                     frame-ancestors 'self';                     form-action *;                     object-src 'none';                     base-uri 'none';                     style-src * 'unsafe-inline';                     script-src * 'unsafe-inline' 'unsafe-eval';                     img-src * 'unsafe-inline' 'unsafe-eval' data: blob:;                     connect-src *;                     worker-src * blob:;                     frame-src *;                     font-src * data:;                     media-src *; 1
default-src 'self' 'unsafe-inline' ; style-src 'self' 'unsafe-inline' ; style-src-elem 'self' 'unsafe-inline'   embed.typeform.com fonts.googleapis.com www.googletagmanager.com widget.docsbot.ai; font-src 'self' fonts.gstatic.com data:; img-src 'self' www.googletagmanager.com https://*.googleusercontent.com ipfs.subsocial.network *.astar.network *.medium.com www.google-analytics.com region1.google-analytics.com polkadot.js.org data:; script-src-elem 'self'  'unsafe-inline' embed.typeform.com widget.docsbot.ai  www.googletagmanager.com www.google-analytics.com; connect-src 'self' docs.astar.network squid.subsquid.io docsbot.ai api.docsbot.ai wss://api.docsbot.ai www.google-analytics.com region1.google-analytics.com *.astar.network; frame-src  'self' form.typeform.com embed.typeform.com  www.googletagmanager.com https://*.googletagmanager.com cdn.forms-content.sg-form.com; 1
default-src 'self' www.reuters.tv https://tagmanager.google.com https://optimize.google.com https://app.cux.io https://*.doubleclick.net https://www.google-analytics.com *.consentmanager.net data:; font-src 'self' https://themes.googleusercontent.com/ fonts.googleapis.com https://fonts.gstatic.com fonts.gstatic.com themes.googleusercontent.com https://www.googletagmanager.com infostrefa.tv www.google.com data:; style-src 'self' 'unsafe-inline' https://www.google.com https://tagmanager.google.com www.googleapis.com https://optimize.google.com https://fonts.googleapis.com https://www.googletagmanager.com; img-src 'self' data: https://panda.leadmax.pl https://*.fls.doubleclick.net https://*.doubleclick.net https://www.facebook.com https://content-ci360.pzu.pl https://*.googleapis.com tl.tradetracker.net https://www.falcometric.com https://www.gstatic.com www.google.com sigmabismedia.pl https://www.google.com *.inistrack.net https://harvic.go2cloud.org https://go.perfo.ovh https://cityadstrack.com https://marketing.tr.netsalesmedia.pl https://mrtg.emailpartners.net https://clients1.google.com https://www.bankier.pl https://sigmamedia.eu https://adserwer.afilo.pl *.gstatic.com https://www.davinci.tools https://conversionlabs.net.pl https://netad.go2cloud.org https://track.rtracking.pl https://ade.googlesyndication.com https://content.pzu.pl https://ssl.gstatic.com https://cherryads.go2cloud.org https://www.twitter.com https://app.revhunter.tech www.s.c.lnkd.licdn.com https://s0.2mdn.net https://delivery.clickonometrics.pl https://solutions4ad.com https://wvx2j.bemobtracks.com https://tracking.zuwi.pl *.consentmanager.net https://googleads.g.doubleclick.net https://bedigital.go2cloud.org https://js.trustisto.com https://smartmailings.go2cloud.org https://p2media.go2cloud.org https://tbl.tradedoubler.com https://track.zuwi.dev https://connect.facebook.net www.linkedin.com *.bing.com https://adepto.go2cloud.org http://media-pzu-marketing.ipresso.pl *.ggpht.com https://www.google.pl https://welovedata.go2cloud.org https://go.they.pl https://www.googletagmanager.com https://api.trustisto.com https://www.google-analytics.com https://in.pzu.pl https://track.leadmax.pl; frame-src 'self' https://player.vimeo.com https://devfmg.pl https://optimize.google.com https://ent.activeforms.com https://*.fls.doubleclick.net https://*.doubleclick.net https://www.facebook.com https://oferta.pekao24.pl http://komunikacyjne.pzu.pl https://tpc.googlesyndication.com https://admin-solum.pzu.pl *.googleadservices.com https://emeryturappk.pzu.pl https://*.youtube.com https://dobradruzyna.pl https://www.google.com https://bid.g.doubleclick.net https://drogadozdrowiazpzu.pl https://sigmamedia.eu https://oferta.pzu.pl https://reuters.tv https://forms.pzu.pl https://infostrefa.tv https://www.pzuzdrowie.pl https://dom.pzu.pl https://cmspzu24.pzu.pl https://wojazer.pzu.pl https://ljsp.lwcdn.com https://moje.pzu.pl https://pzuiflota.pl *.consentmanager.net https://media-pzu-marketing.ipresso.pl https://firma.pzu.pl https://komunikacyjne.pzu.pl https://poststickersapps.com https://ubezpieczenia.pzu.pl reuters.tv https://secure.pzuci.pl https://pzu.chat.getzowie.com https://agencjahagen.pl https://af-solum.pzu.pl *.bing.com https://www.reuters.tv https://af-solum-uat.pzu.pl https://ac.pzu.pl https://*.chatbotize.com http://pzu24.pzu.pl https://*.direct.chatbotize.com https://blog.pzu.pl; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://optimize.google.com https://*.doubleclick.net https://www.facebook.com api-performace.pzu.pl https://www.ssl.gstatic.com https://*.googleapis.com https://drogadozdrowia.dev.focusmedia.pl https://delivery-ci360.pzu.pl https://track.adform.net *.googleadservices.com www.google.com https://*.youtube.com https://www.fbstatic-a.akamaihd.net https://www.google.com https://drogadozdrowiazpzu.pl www.cdn.api.twitter.com *.gstatic.com https://www.googleapis.com www.platform.linkedin.com https://forms.pzu.pl *.googleoptimize.com https://*.googletagservices.com https://media-epoint.ipresso.pl https://cdn.adt387.com https://www.googleadservices.com https://dc.cux.io https://www.oauth.googleusercontent.com *.consentmanager.net https://maps.googleapis.com https://media-pzu-marketing.ipresso.pl https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://perun.ipresso.pl https://ubezpieczenia.pzu.pl https://js.trustisto.com https://execution-ci360.pzu.pl https://adform.net https://connect.facebook.net https://tagmanager.google.com https://s.ytimg.com www.linkedin.com *.bing.com https://*.googlesyndication.com https://*.chatbotize.com https://adform.com https://maps.gstatic.com https://*.direct.chatbotize.com https://www.googletagmanager.com https://www.google-analytics.com www.platform.twitter.com https://www.apis.google.com https://track.adtraction.com; object-src 'self' https://*.doubleclick.net *.consentmanager.net https://maps.googleapis.com *.googleadservices.com *.bing.com; connect-src 'self' wss://*.track.cux.io https://*.doubleclick.net https://www.facebook.com *.consentmanager.net https://maps.googleapis.com https://afiliacjaapi.pzu.pl fcm.googleapis.com media-pzu-marketing.ipresso.pl porozmawiaj.video.pzu.pl https://delivery-ci360.pzu.pl tfimam-test.pzu.pl media-epoint.ipresso.pl https://www.pracuj.pl *.googleadservices.com https://js.trustisto.com https://waw.chat.getzowie.com https://execution-ci360.pzu.pl https://dobradruzyna.pl https://www.google.com https://connect.facebook.net https://analytics.google.com perun.ipresso.pl https://region1.google-analytics.com https://*.chatbotize.com https://www.google.pl https://*.direct.chatbotize.com https://api.trustisto.com https://www.google-analytics.com tfimam.pzu.pl *.google.com https://media-epoint.ipresso.pl; frame-ancestors 'self' https://cmspzu24.pzu.pl https://moje.pzu.pl https://ppk.pzu.pl https://af-solum-uat.pzu.pl http://pzu24.pzu.pl https://forms.pzu.pl https://admin-solum.pzu.pl https://blog.pzu.pl https://app.cux.io https://www.pzuzdrowie.pl https://emeryturappk.pzu.pl https://ta.inpzu.pl https://*.ci360.sas.com;  1
frame-src blob: https://*.fortimailcloud.com/ https://www.youtube.com/embed/AaYyLm5aqIs 1
default-src 'self' ka-p.fontawesome.com kit.fontawesome.com *.crazyegg.com blob:;script-src 'self' *.googleapis.com *.crazyegg.com *.g.doubleclick.net *.doubleclick.net *.googletagmanager.com googletagmanager.com tagmanager.google.com *.google-analytics.com ajax.googleapis.com *.googleadservices.com *.unpkg.com *.youtube.com ajax.aspnetcdn.com cdnjs.cloudflare.com static.cloudflareinsights.com cdn.jsdelivr.net kit.fontawesome.com *.google.com *.gstatic.com stackpath.bootstrapcdn.com static.cloudflareinsights.com nam10.safelinks.protection.outlook.com static.ads-twitter.com connect.facebook.net assets.adobedtm.com blob: 'unsafe-eval' 'unsafe-inline';style-src 'self' *.crazyegg.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.linearicons.com use.fontawesome.com stackpath.bootstrapcdn.com googletagmanager.com tagmanager.google.com 'unsafe-inline';connect-src 'self' *.crazyegg.com *.google.com *.googleapis.com *.gstatic.com ka-p.fontawesome.com kit.fontawesome.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com;font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com cdn.linearicons.com ka-p.fontawesome.com kit.fontawesome.com stackpath.bootstrapcdn.com *.googleapis.com *.gstatic.com;img-src 'self' data: via.placeholder.com c95b3b5eb79e.o3n.io *.crazyegg.com *.google.co.uk *.google.com google.com *.googleapis.com *.gstatic.com *.facebook.com *.google-analytics.com *.googletagmanager.com googletagmanager.com *.analytics.google.com *.g.doubleclick.net ad.doubleclick.net ade.googlesyndication.com;frame-ancestors 'self' cms.bechtel.com impact.bechtel.com bechtel-impact-report.lgndtech.dev *.crazyegg.com;frame-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com player.vimeo.com *.facebook.com rmk-map.jobs2web.com *.podbean.com bid.g.doubleclick.net *.doubleclick.net 1
frame-ancestors 'self' https://theanglo.mx 1
default-src 'unsafe-inline'  'unsafe-eval' 'self' zz.ha.cn *.sdoodo.com info.sdoodo.com art.shangdu.com  shangdu.com *.shangdu.com thangdu.com *.thangdu.com *.shangdu.net *.baidu.com *.qq.com *.weibo.com *.huliang.com *.shangdu.pro *.online.cn  *.zz.ha.cn *.entshangdu.com 1
script-src 'unsafe-inline' 'self' ajax.googleapis.com apis.google.com cdnjs.cloudflare.com; object-src 'self' 1
font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com *.typekit.net; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bancocajasocial.com.seg.js https://www.google.com https://www.googleadservices.com https://*.googletagmanager.com https://tagmanager.google.com https://static.ads-twitter.com https://connect.facebook.net https://cdnjs.cloudflare.com https://analytics.tiktok.com https://static.hotjar.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://stg.bancocajasocial.co https://stg.bancocajasocial.co.seg.js https://bancocajasocial.co https://*.adobeaemcloud.com https://*.google.com https://*.googleapis.com https://assets.adobedtm.com https://documentservices.adobe.com https://www.facebook.com https://t.co https://analytics.twitter.com https://apps.mypurecloud.com https://apps.mypurecloud.com/genesys-bootstrap/genesys.min.js https://apps.mypurecloud.com/widgets/9.0/cxbus.min.js https://www.googletagmanager.com https://googleads.g.doubleclick.net https://stg.bancocajasocial.co/content/dam/bcs/documentos/widgetsconfig.js https://platform.twitter.com https://cdn.twitter.com https://script.hotjar.com https://bcs.data.adobedc.net https://fundaciongruposocialbcs1089975p.112.2o7.net https://*.youtube.com; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.cdnfonts.com https://cdnjs.cloudflare.com https://apps.mypurecloud.com https://fonts.googleapis.com; img-src 'self' http://ads.tiktok.com http://analytics-ipv6.tiktokw.us http://analytics.tiktok.com http://analytics.twitter.com https://ads-api.twitter.com http://ads-twitter.com https://google.com https://googleads.g.doubleclick.net https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://googletagmanager.com https://stg.bancocajasocial.co https://bancocajasocial.co https://*.adobeaemcloud.com https://*.adobedc.net https://*.google.com https://*.googleapis.com https://*.google.com.co https://*.gstatic.com https://*.ytimg.com https://*.youtube.com https://t.co https://analytics.twitter.com https://www.facebook.com https://www.google.com https://www.gstatic.com https://dev.day.com https://www.googletagmanager.com https://cm.everesttech.net https://fundaciongruposocialbcs1089975p.112.2o7.net https://dpm.demdex.net data:; font-src 'self' https://fonts.cdnfonts.com https://fonts.googleapis.com https://fonts.gstatic.com https://apps.mypurecloud.com data:; connect-src 'self' wss://ws.hotjar.com https://stats.g.doubleclick.net https://analytics.google.com/g/collect https://analytics.google.com http://ads.tiktok.com http://analytics-ipv6.tiktokw.us http://analytics.tiktok.com http://analytics.twitter.com https://ads-api.twitter.com http://ads-twitter.com https://*.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://content.hotjar.io https://stg.bancocajasocial.co https://bancocajasocial.co https://*.googleapis.com https://*.adobeaemcloud.com https://www.facebook.com https://analytics.tiktok.com https://dpm.demdex.net https://www.facebook.com/tr/ https://api.ipify.org https://apps.mypurecloud.com https://api-cdn.mypurecloud.com wss://webmessaging.mypurecloud.com https://metrics.hotjar.io https://api.mypurecloud.com https://bam.nr-data.net https://cm.everesttech.net https://bcs.data.adobedc.net https://www.googletagmanager.com https://fundaciongruposocialbcs1089975p.112.2o7.net https://vc.hotjar.io https://*.adobe.com https://*.youtube.com; frame-src 'self' bytedance: sslocal: https://platform.twitter.com https://simuladores.bancocajasocial.net https://apps.mypurecloud.com https://www.google.com https://fundaciongruposocial.demdex.net https://stg.bancocajasocial.co https://bancocajasocial.co https://*.adobeaemcloud.com https://*.adobe.com https://*.youtube.com https://td.doubleclick.net https://www.googletagmanager.com https://widget.spreaker.com; frame-ancestors 'self' https://stg.bancocajasocial.co https://bancocajasocial.co; upgrade-insecure-requests; object-src 'none'; 1
frame-ancestors 'self' games.netzero.net games.juno.com http://services.iplay.com https://services.iplay.com http://client.iplay.com https://client.iplay.com 1
default-src 'self'; connect-src * data:; font-src * data:; frame-src *; img-src * data: blob:; media-src *; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; child-src 'self' https://www.youtube.com https://s.ytimg.com  https://cms.apthai.com https://mw-cms.apthai.com https://www.apthai.com  https://i.ytimg.com; style-src * 'unsafe-inline'; form-action *; 1
default-src 'self' *.ctfassets.net blob:; connect-src *; font-src 'self' 'unsafe-inline' gstatic.com *.gstatic.com data: cloudfront.net *.cloudfront.net *.wistia.com; form-action 'self' *; frame-ancestors 'self'; frame-src *; img-src 'self' 'unsafe-inline' * data: capterra.com *.capterra.com; manifest-src 'self'; media-src * blob:; object-src 'none'; script-src-elem 'self' *.sentry-cdn.com demio.com *.demio.com *.hotjar.com *.hsadspixel.net *.calendly.com calendly.com *.hs-analytics.net hs-analytics.net *.hscollectedforms.net hscollectedforms.net *.hs-banner.com hs-banner.com *.hsforms.net hsforms.net *.hsappstatic.net hsappstatic.net *.hs-scripts.com hs-scripts.com *.vimeocdn.com *.instagram.com instagram.com cloudfront.net *.cloudfront.net ctfassets.net *.ctfassets.net googletagmanager.com *.googletagmanager.com googleadservices.com *.googleadservices.com google-analytics.com *.google-analytics.com bing.com *.bing.com cookielaw.org *.cookielaw.org licdn.com *.licdn.com ads-twitter.com *.ads-twitter.com analytics.twitter.com platform.twitter.com mouseflow.com *.mouseflow.com facebook.net *.facebook.net onetrust.com *.onetrust.com doubleclick.net outfunnel.com *.outfunnel.com *.doubleclick.net *.optimizely.com *.clarity.ms *.netlify.app netlify-cdp-loader.netlify.app *.mountain.com *.wistia.com iframely.net *.iframely.net 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' demio.com *.demio.com *.hotjar.com *.hsadspixel.net *.calendly.com calendly.com *.hs-analytics.net hs-analytics.net *.hscollectedforms.net hscollectedforms.net *.hs-banner.com hs-banner.com *.hsforms.net hsforms.net *.hsappstatic.net hsappstatic.net *.hs-scripts.com hs-scripts.com *.vimeocdn.com ctfassets.net *.ctfassets.net googletagmanager.com *.googletagmanager.com *.googleadservices.com https://www.google-analytics.com/analytics.js bing.com *.bing.com licdn.com *.licdn.com cookielaw.org *.cookielaw.org ads-twitter.com *.ads-twitter.com analytics.twitter.com platform.twitter.com mouseflow.com *.mouseflow.com facebook.net *.facebook.net onetrust.com *.onetrust.com doubleclick.net googleads.g.doubleclick.net *.optimizely.com outfunnel.com *.outfunnel.com *.clarity.ms *.wistia.com iframely.net *.iframely.net; style-src 'unsafe-inline' demio.com *.demio.com googleapis.com *.googleapis.com *.ctfassets.net *.netlify.app netlify-cdp-loader.netlify.app featuregates.org *.featuregates.org statsigapi.net *.statsigapi.net; worker-src 'self' 1
default-src *.toyotabharat.com *.facebook.com *.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.google.com googleads.g.doubleclick.net tags.bkrtx.com *.googleapis.com *.google.co.in *.bluekai.com stats.g.doubleclick.net cdnjs.cloudflare.com *.razorpay.com cdn.jsdelivr.net collectcdn.com *.collect.chat collect.chat *.fontawesome.com *.youtube.com *.youtube-nocookie.com *.cloudfront.net *.gstatic.com *.toyotafinance.co.in *.api.useinsider.com *.useinsider.com *.jquery.com 'unsafe-inline' 'unsafe-eval' data: blob:;frame-ancestors 'self' https://*.saas.talismaonline.com https://chat.toyotabharat.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.aspnetcdn.com *.vimeocdn.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com https://hcaptcha.com *.surveymonkey.com *.googleoptimize.com *.cookieboot.com *.vimeo.com *.facebook.net *.bing.com 'unsafe-inline' 'unsafe-eval'; style-src data: 'self' *.googleapis.com *.sonichealthcare.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'; connect-src data: 'self' *.googleapis.com *.google-analytics.com https://stats.g.doubleclick.net *.google.com; font-src 'self' data: *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.google-analytics.com *.gstatic.com *.googleapis.com *.amazonaws.com *.o3n.io *.google.com *.google.com.au *.googletagmanager.com *.bing.com *.facebook.com *.linkedin.com *.sonichealthcare.com 'unsafe-inline'; frame-src 'self' *.google.com *.youtube.com https://www.zeemaps.com *.surveymonkey.com *.hcaptcha.com *.vimeo.com *.facebook.com https://omny.fm/ https://clinpathcareers.com/; object-src 'none'; 1
default-src *; style-src 'self' https://* 'unsafe-inline' http://* 'unsafe-inline'; script-src 'self' https://* 'unsafe-inline' http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://* data:; child-src * tez: gpay: phonepe: paytm: paytmmp: bhim: upi: credpay:; 1
default-src * 'self' data: 'unsafe-inline'; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.vo.msecnd.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com cdnjs.cloudflare.com code.jquery.com *.facebook.net *.instagram.com analytics.tiktok.com *.abtasty.com secure.quantserve.com rules.quantcount.com quantcast.mgr.consensu.org cmp.quantcast.com cmp.inmobi.com *.trustpilot.com *.googleadservices.com komito.net bat.bing.com *.clarity.ms googleads.g.doubleclick.net *.google-analytics.com static.ads-twitter.com analytics.twitter.com *.adalyser.com use.fontawesome.com snap.licdn.com px.ads.linkedin.com *.playbuzz.com *.ex.co *.infinity-tracking.net *.infinity-tracking.com p.teads.tv go.affec.tv *.permutive.com *.adnxs.com *.monitor.azure.com *.applicationinsights.io *.vo.msecnd.net *.ingest.sentry.io *.pinimg.com *.pinterest.com *.youtube.com *.ytimg.com *.liveperson.net *.lpsnmedia.net widgets-eu.reputation.com ir.tools.investis.com *.eventbrite.co.uk emac-direct.service-plan.co.uk *.jaguarlandrover.com cdn.worldpay.com *.netdirector.auto *.netdirector.co.uk s3.amazonaws.com *.list-manage.com *.research-tree.com *.evanshalshaw.com *.stratstone.com *.carstore.com intranet.local *.pendragonplc.com *.pendragonvehiclemanagement.co.uk; frame-src * 'self' data: 'unsafe-inline' *.fls.doubleclick.net *.abtasty.com *.pinterest.com ir.tools.investis.com *.evanshalshaw.com *.stratstone.com *.carstore.com; object-src 'none'; font-src 'self' blob: data: *.abtasty.com *.gstatic.com *.googleapis.com *.netdirector.auto; img-src * 'self' data: blob: pplc-p-001.sitecorecontenthub.cloud *.abtasty.com; child-src * 'self' pplc-p-001.sitecorecontenthub.cloud; connect-src * 'self' data: *.abtasty.com *.ingest.sentry.io *.pinterest.com *.mixpanel.com pplc-p-001.sitecorecontenthub.cloud; worker-src data: blob:; upgrade-insecure-requests; block-all-mixed-content; 1
object-src 'none'; base-uri 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn-cookieyes.com *.cookieyes.com cookieyes.com *.hackerone.com hackerone.com *.gstatic.com *.google.com maps.googleapis.com *.adroll.com *.consensu.org *.hscollectedforms.net *.hsleadflows.net *.hs-banner.com *.licdn.com www.googleoptimize.com www.linkedin.com connect.facebook.net s.adroll.com ml314.com js.hs-scripts.com script.hotjar.com static.hotjar.com js.hs-analytics.net player.vimeo.com www.googletagmanager.com dev.visualwebsiteoptimizer.com sjs.bizographics.com www.google-analytics.com px.ads.linkedin.com djtflbt20bdde.cloudfront.net ajax.googleapis.com *.hsforms.com *.hsforms.net ssl.google-analytics.com *.doubleclick.net *.bing.com; style-src 'self' 'unsafe-inline' https: djtflbt20bdde.cloudfront.net fonts.googleapis.com js.hsforms.net; img-src 'self' data: https: media.nominet.uk maps.googleapis.com track.hubspot.com stats.g.doubleclick.net www.gravatar.com dev.visualwebsiteoptimizer.com www.google-analytics.com www.googletagmanager.com js.hsforms.net; font-src 'self' data: https: fonts.gstatic.com; connect-src 'self' https: wss: www.gov.uk yoast.com *.hotjar.com js.hsforms.net; media-src 'self' https: media.nominet.uk; object-src 'self' *.cloudfront.net js.hsforms.net; frame-src 'self' https: www.youtube.com player.vimeo.com djtflbt20bdde.cloudfront.net vars.hotjar.com *.hackerone.com hackerone.com js.hsforms.net; frame-ancestors 'self' *.hackerone.com hackerone.com js.hsforms.net; form-action 'self' *.theukdomain.uk theukdomain.uk forms.hsforms.com *.facebook.com js.hsforms.net; base-uri 'self' *.helpscout.net js.hsforms.net 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.addtoany.com *.adsrvr.org *.thevoterguide.org *.typekit.net *.rockthevote.com s3.amazonaws.com vote411-dev.s3.amazonaws.com vote411-release.s3.amazonaws.com vote411-stage.s3.amazonaws.com vote411-prod.s3.amazonaws.com ads.undertone.com *.hotjar.com *.cloudflare.com cdn.jsdelivr.net sc-static.net *.snapchat.com; object-src 'self' 'unsafe-eval' *.rockthevote.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.typekit.net *.thevoterguide.org *.addtoany.com *.amazonaws.com; img-src 'self' data: *.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google.com *.facebook.com *.addtoany.com *.typekit.net vote411-dev.s3.amazonaws.com vote411-release.s3.amazonaws.com vote411-stage.s3.amazonaws.com vote411-prod.s3.amazonaws.com *.doubleclick.net i.ytimg.com ads.undertone.com evt.undertone.com *.hotjar.com *.thevoterguide.org *.snapchat.com *.t.co; frame-src 'self' *.vote411.org *.rockthevote.com *.google.com *.googlevideo.com *.googleapis.com *.addtoany.com insight.adsrvr.org match.adsrvr.org lwv.thevoterguide.org www.facebook.com *.hotjar.com *.youtube.com *.youtu.be *.ytimg.com *.youtubeeducation.com *.smsinfo.io *.doubleclick.net *.snapchat.com; frame-ancestors *.rockthevote.com; child-src *.rockthevote.com s3.amazonaws.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.typekit.net *.hotjar.com; connect-src 'self' *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com adservice.google.com *.facebook.com *.hotjar.com *.hotjar.io *.thevoterguide.org *.snapchat.com stats.g.doubleclick.net performance.typekit.net wss://ws6.hotjar.com wss://ws.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' https://www.facebook.com/ https://marketing.space.net/ www.space.net https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://marketing.space.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.space.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://connect.facebook.net/ https://marketing.space.net/ https://*.vimeocdn.com/ https://*.google-analytics.com https://*.googletagmanager.com; form-action 'self' https://www.facebook.com/ *.space.net/; worker-src 'none'; frame-src 'self' www.space.net/ www.youtube.com/ www.youtube-nocookie.com/ https://www.google.com/recaptcha/ https://www.facebook.com/ https://marketing.space.net/; img-src 'self' https://www.facebook.com/ https://marketing.space.net/ www.space.net/ data: https://*.google-analytics.com https://*.googletagmanager.com; object-src 'none'; font-src 'self'; 1
default-src * data: 'unsafe-eval' 'unsafe-inline'; media-src * blob: ; worker-src * blob: ; img-src * blob: data: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://applepay.cdn-apple.com https://pay.google.com https://static.cloudflareinsights.com https://static.hotjar.com https://script.hotjar.com https://cdnjs.cloudflare.com amp.cloudflare.com https://ajax.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://ladadate.fr https://ladadate.es; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://amp.cloudflare.com; base-uri 'self'; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; connect-src https: wss: blob:; img-src https: data: blob:; media-src https: blob:; worker-src blob: https:; font-src https: data:; base-uri 'none'; frame-ancestors 'none'; 1
default-src 'self'; script-src *.maps.yandex.net  *.yandex.ru 'self' https://tcinet.ru 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src 'self' https://tcinet.ru 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; frame-src  'self'  'unsafe-inline' 'unsafe-eval'; connect-src *.yandex.ru  *.1c-bitrix.ru 'self' 1
frame-ancestors 'self' https://sites.ncleg.gov 1
frame-ancestors 'self' *.cbssports.com *.sportsline.com popculture.com comicbook.com 247sports.com *.247sports.com *.maxpreps.com *.ampproject.org; default-src https: blob: wss: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; media-src https: blob: data:; img-src https: blob: data: android-webview: android-webview-video-poster:; object-src 'none'; block-all-mixed-content; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: data: blob: https:;  img-src 'self'  *.nui.media *.hr.com data: blob: https:; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.cloudflare.com *.s3.amazonaws.com *.bootstrapcdn.com *.jquery.com *.s3.wasabisys.com *.fontawesome.com *.hr.com *.datatables.net *.sharethis.com *.jqueryscript.net *.materialdesignicons.com *.jsdelivr.net *.calendly.com *.google.com onesignal.com *.surveygizmo.com *.nextthought.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hr.com *.wistia.com *.wistia.net *.sharethis.com *.googletagmanager.com *.facebook.net *.googlesyndication.com *.s3.amazonaws.com *.google-analytics.com *.aspnetcdn.com *.nui.media unpkg.com *.livechatinc.com *.google.ca *.googleadservices.com *.feathr.co *.licdn.com *.google.com *.hotjar.com *.hotjar.io *.cloudflare.com *.g.doubleclick.net *.adroll.com *.services.siteforum.com *.twitter.com *.amazon-adsystem.com *.googleapis.com *.bootstrapcdn.com *.stripe.com *.jquery.com *.jsdelivr.net ml314.com *.ml314.com github.com ipinfo.io *.s3.wasabisys.com *.osano.com *.onesignal.com onesignal.com *.cloudfront.net *.rumbletalk.com rumbletalk.com *.linkedin.com *.calendly.com *.adsafeprotected.com *.doubleclick.net *.github.io *.google.co.in *.gstatic.com *.datatables.net *.nextthought.com *.youtube.com youtube.com survey.alchemer.com *.surveygizmo.com challenges.cloudflare.com *.rawgit.com blob:; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.sharethis.com *.g.doubleclick.net *.facebook.com *.hotjar.com *.hotjar.io *.livechatinc.com *.googlesyndication.com *.google.com *.stripe.com *.youtube.com youtube.com *.youtube-nocookie.com *.wistia.com *.wistia.net *.twitter.com *.googleapis.com *.hr.com hr.com *.swooptalent.com *.rumbletalk.net calendly.com *.adsafeprotected.com *.doubleclick.net *.alchemer.com *.nextthought.com *.nui.media *.s3.wasabisys.com *.issuu.com *.visier.com *.app.visier.com secure.livechatinc.com challenges.cloudflare.com; frame-ancestors 'self' *.nextthought.com *.hr.com *.thoughtindustries.com *.visier.com *.app.visier.com; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.csub.edu; font-src 'self' data: https:; img-src * data: blob: 'unsafe-inline' 1
base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; worker-src blob:; child-src blob:; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.telecable.es *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.1.136; style-src 'self' https: 'unsafe-inline'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.telecable.es *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.1.136; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.telecable.es *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.1.136; font-src 'self' data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.telecable.es *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.1.136; connect-src 'self'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.telecable.es *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.1.136; frame-src 'self' data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.telecable.es *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.1.136; frame-ancestors 'self'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.telecable.es *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.1.136; object-src data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.telecable.es *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.1.136 1
frame-ancestors 'self' http://www.genau-lotto.de http://genau-lotto.dei https://*.etracker.com 1
frame-ancestors https://hd.co.th/ https://www.honestdocs.co/ 'self' 1
frame-ancestors 'self' https://*.tenniswarehouse-europe.com https://*.tennis-warehouse.com https://*.runningwarehouse.com https://*.runningwarehouse.eu https://www.runningwarehouse.de https://www.runningwarehouse.it https://www.runningwarehouse.es https://www.runningwarehouse.fr; 1
default-src 'self' https://trustseal.enamad.ir/ https://www.sinainsurance.com/ https://sinainsurance.com/; script-src 'unsafe-inline' 'self' 'unsafe-eval' https://www.sinainsurance.com/ https://sinainsurance.com/ https://www.google-analytics.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js ; img-src data: blob 'self' 'unsafe-inline' https://www.sinainsurance.com/ https://sinainsurance.com/ https://trustseal.enamad.ir/  http://www.google-analytics.com/ ; style-src 'self' 'unsafe-inline';media-src 'self' 'unsafe-inline' https://trustseal.enamad.ir/ https://www.sinainsurance.com/ https://sinainsurance.com ;  1
frame-src *.stripe.network www.recaptcha.net *.trustarc.com *.criteo.com *.criteo.net *.kmail-lists.com *.shopstylecollective.com app.collectivevoiceqa.com app.collectivevoice.com collectivevoice.com shopstylecollective.com *.googlesyndication.com *.sdiapi.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline'; img-src www.ojrq.net *.tiktok.com *.google.com *.teads.tv cdnjs.cloudflare.com *.criteo.com *.criteo.net *.klaviyo.com *.cloudfront.net track.securedvisit.com match.adsrvr.org tracking.avantlink.com *.bazaarvoice.com insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com p.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com www.googletagmanager.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline'; script-src cdnjs.cloudflare.com *.amazon-adsystem.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com pixel.byspotify.com *.teads.tv *.kervinteractive.com *.tiktok.com *.yottaa.net *.yottaa.com *.klaviyo.com safevisit.online *.criteo.com *.criteo.net *.impactcdn.com *.shopstylecollective.com app.collectivevoiceqa.com app.collectivevoice.com collectivevoice.com shopstylecollective.com *.rkdms.com lsdm.co track.securedvisit.com *.googlesyndication.com *.bazaarvoice.com ssl.avmws.com cdn.avmws.com analytics-static.ugc.bazaarvoice.com apps.bazaarvoice.com www.google.com c.disquscdn.com cdn.kustomerapp.com googleads.g.doubleclick.net unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com *.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ 'self' 'unsafe-inline' 'unsafe-eval'; worker-src 'self' 'unsafe-inline' 'unsafe-eval' hydroflask.com/p/2/2; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=EYrr1GpwoyXVuS0NNKYeTbAozQnOBhRTWL6woZx2nCw-1721955682-1.0.1.1-AaR6tFTdyv244a89mLOZ2QfajeHx7RrnHgxO.Zv2TN1awqoDD_20T0X8Jhe7buvcWsjKimvoIIsLOUl2kabRmf3KvYadVcB_1mcygoSszN1zPrH.WhII.wWLrb54zQRnNcro4Rm5e21ksbFsaw4KNzU9napYH2WH_Eg6kWOwoyBddoucXWxrOVOdlc_XhqcMk2Ur8sCLOOstlFKaHbl1lg; report-to cf-hgfjtsftspjzxybx 1
frame-ancestors 'self' https://search1.kracie.co.jp https://kamposhop.kracie.co.jp; 1
upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://googleads.g.doubleclick.net/ https://js.zi-scripts.com/ https://app.jazz.co/ https://embed.lpcontent.net/ https://atomicdata-stage.kube.atomic.lcl/ https://ajax.googleapis.com/ https://static.formstack.com/ https://tags.clickagy.com/ https://atomicdata.formstack.com/ https://www.gstatic.com/ https://www.google.com/ https://www.googletagmanager.com/ https://code.visitor-track.com/ https://ws.zoominfo.com/ https://snap.licdn.com/ https://ml314.com/ https://www.clarity.ms/ https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ ; img-src 'self' data: https://3cx01.atomicdata.com:5001/ https://app.jazz.co/ https://www.atomicdata.com/ https://c.bing.com/ https://c.clarity.ms/ https://images.squarespace-cdn.com/ https://id.rlcdn.com/ https://atomicdata.formstack.com/ https://sync.crwdcntrl.net/ https://d.agkn.com/ https://aa.agkn.com/ https://cm.g.doubleclick.net/ https://idsync.rlcdn.com/ https://us-u.openx.net/ https://pixel-sync.sitescout.com/ https://dpm.demdex.net/ https://stags.bluekai.com/ https://aorta.clickagy.com/ https://px.ads.linkedin.com/ https://secure.gravatar.com/ https://www.google.com/ https://p.adsymptotic.com/ https://www.google-analytics.com/ https://www.googletagmanager.com; font-src 'self' data: https://cdnjs.cloudflare.com/ https://static.formstack.com/ https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' wss: https://google.com/ https://js.zi-scripts.com https://3cx01.atomicdata.com:5001/ https://code.visitor-track.com/ https://api.leadpages.io/ https://*.clarity.ms/ https://hemsync.clickagy.com/ https://aorta.clickagy.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://ws.zoominfo.com/ https://atomicdata.formstack.com/ https://cdn.linkedin.oribi.io/ https://c.clarity.ms/ https://a.clarity.ms/ https://px.ads.linkedin.com/ ; media-src 'self' data: ; object-src 'self'; child-src 'self'; frame-src 'self' https://td.doubleclick.net/ https://atomicdata.lpages.co/ https://www.wordfence.com/ https://www.google.com/ https://apply.atomicdata.com/ https://www.youtube.com/ https://www.gstatic.com/ https://atomicdata.formstack.com/ https://cdn.linkedin.oribi.io/; worker-src 'self' blob: ; frame-ancestors 'self'; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; worker-src blob: 'self'; frame-ancestors 'self'; 1
frame-ancestors 'self' https://hca.dev.tayoris.jp https://hca-fix.dev.tayoris.jp https://hca-dev.dev.tayoris.jp https://hca.stg.tayoris.jp https://hca-fix.stg.tayoris.jp https://hca-dev.stg.tayoris.jp https://hca.tayoris.jp; 1
frame-ancestors 'self' https://*.movavi.de https://*.movavi.com https://*.movavi.ru https://*.pdfchef.com https://*.screencapture.com https://*.movavivideosuite.com https://*.gecata.com https://*.movavi.id https://movavi.id https://*.videoconverter.com https://*.fastreel.com http://webvisor.com https://portal1.comm100.io; report-uri https://o474997.ingest.sentry.io/api/5798828/security/?sentry_key=ac906e87ddd941c9b53b79979268ec17; report-to csp-endpoint 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: * 1
script-src 'self' 'nonce-125626452' 'unsafe-eval' 'report-sample'; report-uri /csp-submit.php 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' tt.omtrdc.net *.akstat.io akstat.io *.go-mpulse.net go-mpulse.net *.amazonaws.com amazonaws.com s3-eu-west-1.amazonaws.com *.bing.com bing.com *.btttag.com btttag.com c212.net cloudflare.com *.decibelinsight.net wss://collection.decibelinsight.net decibelinsight.net g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.facebook.com *.facebook.net facebook.com facebook.net *.fanplayr.com fanplayr.com *.gigya.com gigya.com *.google.com *.google.de *.google.it *.googlesyndication.com *.gstatic.com *.youtube-nocookie.com google.co.uk google.com google.de google.it googlesyndication.com gstatic.com youtube-nocookie.com googleadservices.com *.googleapis.com googleapis.com *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.jaguar.com jaguar.co.uk jaguar.com *.build.landrover *.jaguarlandrover.com *.landrover.com *.landrover.de *.landrover.it *.pds.jaguarlandrover.com build.landrover jaguarlandrover.com landrover.co.uk landrover.com landrover.de landrover.it pds.jaguarlandrover.com ads.linkedin.com linkedin.com linkedin.oribi.io licdn.com *.lpsnmedia.net lpsnmedia.net *.liadm.com liadm.com *.liveperson.net idp.liveperson.net liveperson.net msg.liveperson.net msghist.liveperson.net v.liveperson.net a.run.app *.netdirector.auto netdirector.auto *.a.run.app *.ads.linkedin.com *.akamaihd.net *.b-cdn.net *.c212.net *.cloudflare.com *.config.landrover.com *.configureconnect.com *.decibel.com *.fls.doubleclick.net *.google.co.uk *.googleadservices.com *.jaguar.co.uk *.jaguarlandroverclassic.com *.jlr-dev.com *.kampyle.com *.landrover.co.uk *.landroverusa.com *.licdn.com *.linkedin.com *.linkedin.oribi.io *.medallia.eu *.netdirector.co.uk *.omtrdc.net *.onetrust.com *.pinimg.com *.pinterest.com *.psyma.com *.sc-static.net *.scene7.com *.securedvisit.com *.sfmc-content.com *.snapchat.com *.sophus3.com *.stripe.com *.sv.rkdms.com *.userlike.com *.web.app *.woosmap.com *.yahoo.co.jp akamaihd.net cdn.cookielaw.org collector-37690.tvsquared.com config.landrover.com cookie-cdn.cookiepro.com d34r8q7sht0t9k.cloudfront.net decibel.com jlr-360--ngcrm.sandbox.my.site.com jlr-360.my.salesforce.com landroverusa.com ldti.syndication.kbb.com leasinglandrover.de pixel.tapad.com psyma.com sophus3.com syndication.kbb.com userlike.com web.app www.leasinglandrover.de pinimg.com pinterest.com podscribe.com securedvisit.com *.serving-sys.com serving-sys.com sc-static.net snapchat.com stripe.com *.tiktok.com tiktok.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.ads-twitter.com ads-twitter.com *.t.co t.co sv.rkdms.com *.vee24.com vee24.com woosmap.com *.yimg.jp yahoo.co.jp yimg.jp *.youtube.com *.ytimg.com youtube.com ytimg.com *.podscribe.com jlr-360--ngcrm.sandbox.my.salesforce-scrt.com wss://lo.msg.liveperson.net data: blob:; 1
default-src 'self' https://www.youtube.com/ https://my.wel-co.me/; script-src 'self' 'unsafe-eval' https://use.fontawesome.com/ https://www.googletagmanager.com https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ *.google-analytics.com *.analytics.google.com https://www.googleoptimize.com https://www.recaptcha.net/recaptcha/api.js *.8x8.com https://www.gstatic.com https://www.google.com/recaptcha/api.js https://api.mapbox.com https://cdn.siteimprove.net *.cloudflareinsights.com https://cb.8x8.com https://vcc-eu10b.8x8.com d10lpsik1i8c69.cloudfront.net *.facebook.net *.clarity.ms https://v4in1-si.click4assistance.co.uk blob: https://vcc-eu6.8x8.com/ v4in1-ti.click4assistance.co.uk djtflbt20bdde.cloudfront.net *.clarity.ms https://unpkg.com/tippy.js@5.2.1/dist/tippy-bundle.iife.min.js https://unpkg.com/tippy.js@6.2.6/dist/tippy-bundle.umd.min.js https://tools.luckyorange.com/ 'unsafe-inline' *.luckyorange.com/ https://cdn.usefathom.com/script.js *.govmetric.com dev.visualwebsiteoptimizer.com *.google.com unpkg.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ https://api.mapbox.com *.jsdelivr.net d10lpsik1i8c69.cloudfront.net use.fontawesome.com *.luckyorange.com *.myfonts.net *.govmetric.com *.google.com; img-src 'self' data: 'unsafe-inline' data: https://cdn.jsdelivr.net *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.co.uk https://www.google.com https://www.google.es https://api.mapbox.com http://*.openstreetmap.org *.google.ie https://vcc-eu10b.8x8.com/ *.8x8.com *.facebook.com d10lpsik1i8c69.cloudfront.net https://c.clarity.ms/ https://c.bing.com/ https://vcc-eu6.8x8.com/ connect.facebook.net https://v4in1-si.click4assistance.co.uk https://pbs.twimg.com/ https://www.google.com.br/ads/ga-audiences *.luckyorange.com *.govmetric.com dev.visualwebsiteoptimizer.com *.google.com *.gstatic.com; media-src 'self' d10lpsik1i8c69.cloudfront.net; frame-src 'self' https://www.google.com/ https://www.youtube.com/ https://my2.siteimprove.com/ https://vcc-eu10b.8x8.com https://vcc-eu6.8x8.com/ https://vcc-eu6.cb.8x8.com/ https://v4in1-ti.click4assistance.co.uk/ *.8x8.com https://pbs.twimg.com/ https://app.powerbi.com https://my.wel-co.me/ https://app.wel-co.me *.govmetric.com *.google.com https://contentassistant.eu.siteimprove.com https://map.footways.london; child-src 'self' https://my.wel-co.me/ blob:; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com use.fontawesome.com s3.amazonaws.com *.googleapis.com; connect-src 'self' *.google-analytics.com *.analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://my2.siteimprove.com https://id.siteimprove.com https://cb.8x8.com/socket.io/ wss://cb.8x8.com/socket.io/ *.8x8.com *.clarity.ms *.luckyorange.net *.visitors.live visitors.live wss://in.visitors.live/ wss://visitors.live/ *.luckyorange.com api-js.mixpanel.com wss://realtime.luckyorange.com/mqtt *.googleapis.com/ https://endpoint-app.cognigy.ai https://region1.google-analytics.com *.govmetric.com dev.visualwebsiteoptimizer.com https://contentassistant.eu.siteimprove.com; report-uri /report-csp-violation 1
frame-ancestors 'self' http://webvisor.com http://turbo.az http://*.turbo.az http://tap.az http://*.tap.az turbo.az *.turbo.az tap.az *.tap.az 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: *; style-src 'self' 'unsafe-inline' *; font-src 'self' 'unsafe-inline' *; worker-src 'self' * blob:; frame-src *; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://*.campingandcaravanningclub.co.uk; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://analytics.filen.io/js/plausible.js; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.filen.io; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; media-src 'self' 'unsafe-inline' *;img-src 'self' blob: data: *; style-src 'self' 'unsafe-inline' *; font-src 'self' *; frame-src 'self' *; connect-src 'self' *; object-src 'none' 1
script-src 'self' https://miplanilla.zendesk.com https://api.smooch.io http://tags.crwdcntrl.net https://tags.crwdcntrl.net http://stats.g.doubleclick.net https://assets.calendly.com https://calendly.com https://static.zdassets.com https://connect.facebook.net https://www.googletagmanager.com https://www.facebook.com https://pixel.mathtag.com https://www.google.com https://cse.google.com https://www.gstatic.com https://google.com https://code.jquery.com https://twitter.com https://www.miplanilla.com https://connect.microsoft.com https://ssl.google-analytics.com http://www.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net https://seal.verisign.com https://bcp.crwdcntrl.net https://i.imgur.com https://secure.miplanilla.com http://i.imgur.com http://localhost https://www.clarity.ms 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://assets.calendly.com https://www.google.com https://www.miplanilla.com https://secure.miplanilla.com 'unsafe-inline' 1
frame-ancestors 'self' https://www.myrepublic.co.id 1
base-uri 'none'; child-src blob: *; connect-src 'self' https://maps.sgcdn.cz https://*.google-analytics.com https://*.googleapis.com/ wss://www.zlavomat.sk https://www.facebook.com https://connect.facebook.net https://*.g.doubleclick.net https://google.com https://*.google.com https://*.google.cz https://*.google.sk https://*.googlesyndication.com https://*.googleadservices.com https://measurement-api.criteo.com https://sslwidget.criteo.com https://directline.botframework.com wss://directline.botframework.com/ blob:; default-src 'self'; font-src 'self' data: https://themes.googleusercontent.com https://*.gstatic.com; form-action 'self' https://www.facebook.com https://connect.facebook.net https://pay.google.com; frame-ancestors 'self'; frame-src 'self' *; img-src blob: data: *; manifest-src 'self'; media-src 'self' data:; object-src 'none'; script-src 'nonce-MzZkNjdlOGExOGM1NDc0YzliZmI2YTRiYjgwOTlkNGY=' 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' 'strict-dynamic' https:; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://www.googletagmanager.com https://www.gstatic.com; worker-src 'self' blob:; report-uri /csplog 1
frame-ancestors 'self' tomshardware.fr www.tomshardware.fr tomsguide.fr www.tomsguide.fr cms.galaxiemedia.fr amp.tomsguide.fr amp.tomshardware.fr cdn.tomsguide.fr cdn.tomshardware.fr presence-pc.fr www.presence-pc.fr presence-pc.com www.presence-pc.com telecharger.tomsguide.fr telecharger.tomshardware.fr; 1
style-src 'self' 'unsafe-inline' *.gov *.com; 1
default-src 'self' https://prod-web.ltfs.com https://prod-app.ltfs.com/;  script-src http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://ltfs.allincall.in https://ltfs.allincall.in/chat/get-bot-image  https://maps.googleapis.com/ *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com  http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com unpkg.com/@frontify/ *.cloudinary.com 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.frontify.com *.cloudinary.com; font-src 'self' * fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' *  data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.frontify.com *.cloudinary.com; media-src 'self' data: blob: *.frontify.com *.cloudinary.com;child-src 'self' https://www.google.com https://maps.google.com  https://content.dionglobal.in https://cx.camsonline.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com https://maps.googleapis.com data: blob:;  frame-src 'self' *; 1
default-src data: blob: 'unsafe-inline' 'unsafe-eval' 'self' https://*.cdsreg.com https://uat.assets.turnoutnow.com https://*.elfsight.co https://*.elfsight.com https://clientcdn.pushengage.com https://*.smartlook.com https://cdn.heapanalytics.com https://cdn-cookieyes.com https://*.cookieyes.com https://*.azure.com https://unpkg.com https://ecom.myadlm.org https://api.qrserver.com https://*.iris.informa.com https://*.taboola.com https://*.atlassian.com https://*.unlayer.com https://*.fontawesome.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://pi.pardot.com https://*.cfmediaview.com https://cdn.bttrack.com https://xpressreg.net https://*.xpressreg.net https://xpressleadpro.com https://*.xpressleadpro.com https://xpressleadpro.net https://*.xpressleadpro.net https://xpresspaymentservice.com https://*.xpresspaymentservice.com https://exhibitoremails.com https://*.exhibitoremails.com https://cdsdatasense.Com https://*.cdsdatasense.Com https://*.adroll.com https://*.ingo.me https://ingo.me https://*.facebook.net https://*.facebook.com https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.ads-twitter.com https://*.google.com https://*.twitter.com https://*.googleadservices.com https://*.feathr.co https://ads.yahoo.com https://*.adsrvr.org https://*.cloudfront.net https://s3.amazonaws.com https://*.s3.amazonaws.com https://*.onpeak.com https://assets.adobedtm.com https://*.googletagmanager.com https://*.melissadata.net https://*.acs.org https://js.hs-scripts.com https://js.hsforms.net https://js.hsleadflows.net https://js.hs-analytics.net https://forms.hubspot.com https://*.marketo.net https://*.gstatic.com https://app.webreg.me https://px.ads.linkedin.com https://*.linkedin.com https://pixel-a.basis.net https://*.bing.com https://*.dpmsrv.com https://*.marinsm.com https://*.omeda.com https://*.googletagservices.com https://*.googlesyndication.com https://*.hubapi.com https://*.olark.com https://*.appcues.com wss://*.appcues.net https://*.aimtell.com https://*.hotelmapdms.com https://hotelmap.com https://*.hotelmap.com https://*.stackadapt.com https://ip-api.com https://script.crazyegg.com https://gloriousbeef.com wss://in.visitors.live https://invt.io https://snap.licdn.com https://*.pmmimediagroup.com https://*.twimg.com https://cdn.syndication.twimg.com https://ib.adnxs.com https://*.youtube.com https://*.eventnx.com https://*.tiqcdn.com https://*.tealiumiq.com https://*.demdex.net https://nationalassociationofrealtors.d1.sc.omtrdc.net https://*.llnwd.net https://*.walkme.com https://*.powerbi.com/ https://*.choozle.com https://*.spiceworks.com https://*.ensighten.com https://*.adsrvr.org https://*.adroll.com https://*.aimtell.com https://us-u.openx.net https://idsync.rlcdn.com https://eb2.3lift.com https://*.adroll.mgr.consensu.org https://*.hotjar.com https://*.perfectaudience.com https://*.prfct.co https://*.aimtell.io https://*.hs-banner.com https://*.hsadspixel.net https://*.outbrain.com https://*.campaigntracker.io https://*.cloudflare.com https://*.mkt941.com https://trc.taboola.com https://*.pubmatic.com https://*.rubiconproject.com https://*.quantserve.com https://*.refersion.com https://*.b2clogin.com https://*.gleanin.com https://*.rlets.com https://*.unlayer.com https://*.hscollectedforms.net https://komito.net https://*.vfairs.com https://*.sitescout.com https://*.pixel.ad https://i.snoball.it https://widget.freshworks.com https://cdn.linkedin.oribi.io https://*.quantcount.com https://s.pinimg.com https://ct.pinterest.com https://api.snoball.it https://*.42chat.com https://*.segment.com https://api.segment.io https://s3.divcom.com https://*.mktoresp.com https://divcom.tt.omtrdc.net https://*.freshdesk.com https://analytics.tiktok.com; img-src * data: blob:; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.outlooktraveller.com;block-all-mixed-content; 1
frame-ancestors 'self' https://dev-web.almashhad.tv/ 1
script-src 'self' 'nonce-rOw9gSdyZ8Qica4nj9/6BA==' https://connect.facebook.net/ https://www.facebook.net/ https://www.facebook.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com/ https://www.googletagmanager.com/ https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://www.redditstatic.com/ https://alb.reddit.com/;frame-src 'self' https://www.google.com/recaptcha/ https://bid.g.doubleclick.net https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://www.redditstatic.com/ https://alb.reddit.com/;connect-src 'self' https://api.negate.io/api/user/login https://api.negate.io/api/user/signup https://www.facebook.com/ https://www.facebook.net/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://google.com/ https://www.google.com/ https://alb.reddit.com/ https://*.g.doubleclick.net https://*.google.com https://www.redditstatic.com/;img-src 'self' https://*.google-analytics.com https://connect.facebook.net https://www.facebook.net https://www.facebook.com/ https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net https://www.google.com https://www.redditstatic.com/ https://alb.reddit.com/;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
worker-src 'self' blob: *.io *.com *.net *.org; connect-src 'unsafe-inline' *.io *.com *.net *.org; style-src 'unsafe-inline' *.io *.com *.net *.org; script-src 'nonce-ati-scripts' 'unsafe-eval' 'unsafe-hashes'; frame-src 'self' https://azeu.demdex.net https://c.sandbox.paypal.com *.visualwebsiteoptimizer.com app.vwo.com apps.joinsherpa.io map.joinsherpa.io www.sandbox.paypal.com www.paypal.com checkout.paypal.com www.paypal.com static.sojern.com content-us-9.content-cms.com www.youtube.com widget.trustpilot.com www.google.com www.pages02.net td.doubleclick.net  ct.pinterest.com; frame-ancestors 'self' www.pages02.net; object-src 'none'; base-uri 'self'; script-src-elem 'self' 'unsafe-inline' www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org www.google.com/recaptcha assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net bat.bing.com resources.xg4ken.com b-code.liadm.com sc.pages02.net  cdn.pdst.fm s.pinimg.com onemarketingazeu.sc.omtrdc.net znbnnujuydj7on7eh-aga.siteintercept.qualtrics.com beacon.sojern.com onemarketingazeu.sc.omtrdc.net siteintercept.qualtrics.com content.allianzpartnerservices.com widget.trustpilot.com static.sojern.com js.braintreegateway.com services.xg4ken.com www.googleadservices.com ct.pinterest.com www.paypal.com c.paypal.com s.go-mpulse.net azcontent.us sdk.joinsherpa.io www.azpmktgtracker.com tracker.mnixdata.com www.pages02.net www.facebook.com events.xg4ken.com 27.xg4ken.com www.pages02.net www.paypalobjects.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com pixel.sojern.com sojern.lightning.force.com; 1
frame-ancestors 'self' https://*.popsell.com 1
frame-ancestors 'self' https://digi.hu https://salesweb.digi.hu; object-src 'self'; 1
default-src 'self'; frame-ancestors 'self' https://*.socialstyrelsen.se https://kunskapsguiden.se https://kollpasoc.se https://csdsamverkan.se; frame-src 'self' https://web103.reachmee.com https://datawrapper.dwcdn.net https://www.googletagmanager.com https://player.vimeo.com https://www.youtube.com https://play.mediaflowpro.com https://player.buster.se https://api.screen9.com https://storage.googleapis.com https://survey-collector-5ob63ubxcq-lz.a.run.app https://merkleoutfox.weeblysite.com https://cdn.merklesurvey.com https://*.google-analytics.com https://qcdn.screen9.com; media-src 'self' blob: https://*.socialstyrelsen.se https://*.speechstream.net; script-src 'self' 'unsafe-inline' https://*.socialstyrelsen.se https://web103.reachmee.com https://datawrapper.dwcdn.net https://plus.browsealoud.com https://www.browsealoud.com https://*.speechstream.net https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://*.vimeocdn.com https://player.vimeo.com https://player.buster.se https://du5hbgn2lcfpf.cloudfront.net https://sl.p.jwpcdn.com https://storage.googleapis.com https://survey-collector-5ob63ubxcq-lz.a.run.app https://merkleoutfox.weeblysite.com https://cdn.merklesurvey.com https://*.google-analytics.com https://qcdn.screen9.com; style-src 'self' 'unsafe-inline' https://*.socialstyrelsen.se https://web103.reachmee.com https://plus.browsealoud.com https://www.youtube.com https://*.vimeocdn.com https://storage.googleapis.com https://survey-collector-5ob63ubxcq-lz.a.run.app https://merkleoutfox.weeblysite.com https://cdn.merklesurvey.com https://*.google-analytics.com https://qcdn.screen9.com; img-src 'self' data: https://*.socialstyrelsen.se https://web103.reachmee.com https://plus.browsealoud.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.youtube.com https://i.ytimg.com https://yt3.ggpht.com https://*.vimeocdn.com https://du5hbgn2lcfpf.cloudfront.net https://du5hbgn2lcfpf.cloudfront.net https://prd.jwpltx.com https://storage.googleapis.com https://survey-collector-5ob63ubxcq-lz.a.run.app https://merkleoutfox.weeblysite.com https://cdn.merklesurvey.com https://*.google-analytics.com https://qcdn.screen9.com; font-src 'self' https://*.socialstyrelsen.se https://fonts.gstatic.com; connect-src 'self' https://*.socialstyrelsen.se https://plus.browsealoud.com https://www.browsealoud.com https://*.speechstream.net https://stats.g.doubleclick.net https://www.youtube.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://*.googlevideo.com https://static.doubleclick.net https://116vod-adaptive.akamaized.net https://*.vimeocdn.com https://vimeo.com https://player.buster.se https://du5hbgn2lcfpf.cloudfront.net https://storage.googleapis.com https://survey-collector-5ob63ubxcq-lz.a.run.app https://merkleoutfox.weeblysite.com https://cdn.merklesurvey.com https://*.google-analytics.com https://*.analytics.google.com https://qcdn.screen9.com; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-74Nt7kMYaRmXWsXV/5falA=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
frame-ancestors https://*.aswo.com 1
script-src * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; worker-src blob:; 1
default-src 'self' https://static.meblobranie.pl https://analityka.meblobranie.pl https://*.bing.com https://*.clarity.ms *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://tagmanager.google.com https://fonts.gstatic.com https://fonts.googleapis.com *.google.com https://www.google.pl https://www.google-analytics.com https://www.facebook.com *.doubleclick.net https://www.youtube.com https://cdn.ampproject.org *.hotjar.com *.hotjar.io wss://ws5.hotjar.com wss://*.hotjar.com *.opineo.pl https://consent.cookie-script.com https://cz.im9.cz https://*.trustedshops.com  https://*.freshchat.com https://src.fwusercontent.com https://*.livechatinc.com https://*.user.com wss://*.user.com https://api.luigisbox.com https://live.luigisbox.com https://app.luigisbox.com https://linter.luigisbox.com https://pagead2.googlesyndication.com; style-src 'self' https://fonts.gstatic.com https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com https://optimize.google.com  https://*.freshchat.com https://cdn.luigisbox.com 'unsafe-inline'; img-src data: https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analityka.meblobranie.pl https://*.bing.com https://*.clarity.ms https://www.googletagmanager.com https://tagmanager.google.com https://optimize.google.com https://www.optimize.google.com https://www.googleoptimize.com https://apis.google.com *.doubleclick.net https://www.google-analytics.com https://www.google.pl https://www.googleadservices.com https://connect.facebook.net https://www.facebook.com *.hotjar.com https://pixel.wp.pl https://cdn.ampproject.org https://ssl.ceneo.pl https://www.wiarygodneopinie.pl https://www.google.com https://c.imedia.cz https://c.seznam.cz https://cdn.cookie-script.com https://cz.im9.cz https://*.trustedshops.com https://fw-cdn.com https://*.freshchat.com https://*.livechatinc.com https://*.user.com wss://*.user.com https://scripts.luigisbox.com https://cdn.luigisbox.com 1
frame-ancestors *.k-rauta.fi; 1
default-src 'self'; img-src https: 'self' data: https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; script-src 'sha256-D+sXnRwsXcLLoOEH40si5tGB86DBVYONPjpvIV3X5MU=' 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google-analytics.com *.googlesyndication.com www.google.com static.hotjar.com script.hotjar.com c.imedia.cz connect.facebook.net cdn.jsdelivr.net plausible.io; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.goout.net www.googletagmanager.com www.googleadservices.com *.googlesyndication.com googleads.g.doubleclick.net www.google-analytics.com www.google.com static.hotjar.com script.hotjar.com c.imedia.cz c.seznam.cz connect.facebook.net *.facebook.com plausible.io blob: maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' *.goout.net fonts.googleapis.com; font-src https://fonts.gstatic.com data: 'self' fonts.gstatic.com static.goout.net; media-src 'self' https://storage.googleapis.com; connect-src 'self' gcf.goout.net https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: gooutnet-functions.global.ssl.fastly.net *.google.com *.google-analytics.com stats.g.doubleclick.net *.googlesyndication.com googleads.g.doubleclick.net in.hotjar.com *.facebook.com connect.facebook.net plausible.io; object-src 'none'; frame-src vars.hotjar.com *.facebook.com connect.facebook.net *.imedia.cz goout.global.ssl.fastly.net *.google.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de hrevent3hls.akamaized.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com piwik.itzbund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; object-src 'self' multimedia.gsb.bund.de; media-src 'self' blob: 'self' hrevent3hls.akamaized.net piwik.itzbund.de *.youtube-nocookie.com multimedia.gsb.bund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; frame-src 'self' player.vimeo.com *.youtube-nocookie.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi media.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; img-src 'self' data: piwik.itzbund.de securel.longtailvideo.com *.youtube-nocookie.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev *.cdninstagram.com; frame-ancestors 'self'; worker-src 'self' blob:; 1
frame-ancestors https://*.jds.fr; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; worker-src blob:; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/nearby-team 1
img-src 'self' https://*.902.gr https://*.twitter.com https://*.ytimg.com https://*.twimg.com https://*.google.gr https://*.google.com data: https://www.google-analytics.com https://www.googletagmanager.com; object-src 'none'; 1
default-src 'none'; script-src https://*.rbi-umbrella.com; media-src data: blob: https://*.rbi-umbrella.com; ; img-src data: blob: https://*.rbi-umbrella.com; font-src data: https://*.rbi-umbrella.com; frame-src * blob:; style-src 'unsafe-inline' data: https://*.rbi-umbrella.com; report-uri https://xhr-eu-west-2-02900067-view.rbi-umbrella.com/safeview-client-logger/csp-violation; connect-src wss://*.rbi-umbrella.com http://* https://* 1
default-src 'self' https://partner.repo.srddbcp.com.pe https://strg.tlcbcp.com https://authserver.viabcp.com https://apisux.ntlc.tlcbcp.com https://bcpr42sh.staticmon.com https://ntlc-ma.azureedge.net https://ntlc-ma3.azureedge.net https://ntlc-static.azureedge.net https://ntlc-static3.azureedge.net https://blobeu2ntlcp01.blob.core.windows.net https://staceu2ntlcfrntp02.blob.core.windows.net https://bf48682ovb.bf.dynatrace.com https://partner.repo.srecbcp.com.pe https://prod.fcvebcp.com.pe; script-src 'self' 'unsafe-eval' https://unruffled-shannon-1a7413.netlify.com https://unruffled-shannon-1a7413.netlify.app https://ntlc-ma.azureedge.net https://ntlc-ma3.azureedge.net https://ntlc-static.azureedge.net https://ntlc-static3.azureedge.net https://blobeu2ntlcp01.blob.core.windows.net https://staceu2ntlcfrntp02.blob.core.windows.net https://detectca.easysol.net https://js-cdn.dynatrace.com https://partner.repo.srecbcp.com.pe; img-src 'self' https://ntlc-ma.azureedge.net https://ntlc-ma3.azureedge.net https://ntlc-static.azureedge.net https://ntlc-static3.azureedge.net https://blobeu2ntlcp01.blob.core.windows.net https://staceu2ntlcfrntp02.blob.core.windows.net https://partner.repo.srecbcp.com.pe https://detectca.easysol.net data:; style-src 'self' 'unsafe-inline'; font-src 'self' https://ntlc-ma.azureedge.net https://ntlc-ma3.azureedge.net https://ntlc-static.azureedge.net https://ntlc-static3.azureedge.net https://blobeu2ntlcp01.blob.core.windows.net https://staceu2ntlcfrntp02.blob.core.windows.net data:;  object-src 'none'; script-src-elem 'self' https://unruffled-shannon-1a7413.netlify.com https://unruffled-shannon-1a7413.netlify.app https://ntlc-ma.azureedge.net https://ntlc-ma3.azureedge.net https://ntlc-static.azureedge.net https://ntlc-static3.azureedge.net https://blobeu2ntlcp01.blob.core.windows.net https://staceu2ntlcfrntp02.blob.core.windows.net https://partner.repo.srecbcp.com.pe; 1
default-src 'self' www.aptiv.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com *.facebook.net *.facebook.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cookie-cdn.cookiepro.com www.googletagmanager.com www.youtube.com www.googleadservices.com googleads.g.doubleclick.net snap.licdn.com px.ads.linkedin.com *.vimeo.com cdnjs.cloudflare.com cdn.jsdelivr.net *.marketo.com *.mktoutil.com *.aptiv.com *.demandbase.com *.company-target.com *.angularjs.org *.vimeocdn.com *.hawksearch.net *.uptime.com *.cookielaw.org *.onetrust.com *.plausible.io plausible.io *.ceros.com *.matomo.cloud 'self' 'unsafe-inline' js.hs-scripts.com js.hs-analytics.net cdn.ampproject.org assets.adoberesources.net *.adobe.com internet-na.aptiv.com internet-cloud.aptiv.com internet-cloud.aptiv.com:6082 'unsafe-eval' https://cdn.insight.sitefinity.com https://aptiv.containers.piwik.pro https://aptiv.piwik.pro/ppms.php https://dec.azureedge.net web-chat.nativechat.com js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com www.aptiv.com cookie-cdn.cookiepro.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.marketo.com *.aptiv.com *.hawksearch.net 'self' 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://*.typekit.net web-chat.nativechat.com; img-src *.gstatic.com *.googleapis.com platform.tumblr.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: www.aptiv.com aptiv.com *.google-analytics.com *.google.pl *.facebook.com *.facebook.net *.fbcdn.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com www.google.com googletagmanager.com px.ads.linkedin.com p.adsymptotic.com connect.facebook.com connect.facebook.net i.vimeocdn.com aptivtest.azurewebsites.net match.prod.bidr.io *.company-target.com id.rlcdn.com productdata.aptiv.com downloads.aptiv.com *.mouser.com *.doubleclick.net *.cookielaw.org *.ceros.com asset-prod1a-euw.productmarketingcloud.com 'self' https://dec.azureedge.net track.hubspot.com asset.productmarketingcloud.com https://assets.adoberesources.net https://lh3.googleusercontent.com *.googlesyndication.com *.googletagmanager.com *.google.de google.de google.ie aptivdotcomuseastblob-fbc8ewh2bbfpbhgu.z01.azurefd.net *.linkedin.com https://cdn.insight.sitefinity.com web-chat.nativechat.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: www.aptiv.com maxcdn.bootstrapcdn.com *.typekit.net; form-action *.aptiv.com *.azurewebsites.net *.facebook.com *.facebook.net *.azurefd.net 'self' login.microsoftonline.com; connect-src accounts.google.com *.mktoresp.com *.google-analytics.com www.facebook.com *.marketo.com *.mktoutil.com *.aptiv.com *.g.doubleclick.net blob://* blob: *.company-target.com *.hawksearch.net *.hawksearch.com *.uptime.com *.cookielaw.org *.onetrust.com *.plausible.io plausible.io *.facebook.com *.facebook.net *.matomo.cloud 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.adobe.io wss://*.adobe.io *.google.com *.googlesyndication.com tag-logger.demandbase.com https://aptiv.piwik.pro/ppms.php forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: www.aptiv.com www1.aptiv.com downloads.aptiv.com *.vimeo.com aptivdotcomuseastblob-fbc8ewh2bbfpbhgu.z01.azurefd.net *.akamaized.net; child-src apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com player.vimeo.com 8239591.fls.doubleclick.net *.doubleclick.net *.fliphtml5.com *.google.com blob://* blob: *.aptiv.com *.plausible.io plausible.io 'self' internet-na.aptiv.com internet-cloud.aptiv.com *.company-target.com documentcloud.adobe.com storage.net-fs.com platform.twitter.com/ syndication.twitter.com/ www.youtube.com/ w.soundcloud.com/ *.vimeo.com forms.hsforms.com web-chat.nativechat.com; frame-src 'self' apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com player.vimeo.com 8239591.fls.doubleclick.net *.doubleclick.net *.fliphtml5.com *.google.com blob://* blob: *.aptiv.com *.plausible.io plausible.io internet-na.aptiv.com internet-cloud.aptiv.com *.company-target.com documentcloud.adobe.com storage.net-fs.com platform.twitter.com/ syndication.twitter.com/ www.youtube.com/ w.soundcloud.com/ *.vimeo.com forms.hsforms.com web-chat.nativechat.com 1
worker-src 'self' blob:; script-src 'strict-dynamic' 'unsafe-eval' 'nonce-B75FXAsCmEE3VBJGd5fXLQ=='; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' https://*.michelin.com 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' https://vavel.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://platform.twitter.com https://www.vavel.com; img-src https: data: https://*.twimg.com; style-src https: 'unsafe-inline'; 1
base-uri 'self'; frame-ancestors 'self'; object-src 'none'; worker-src 'self' blob:; child-src blob:; script-src 'self' 'strict-dynamic' 'unsafe-inline' https: 'nonce-QFM433v4GWagjKn2zFUZCR03eIYWuvmHEzar9/y7V6U='; img-src 'self' data: blob: *.watchfinder.co.uk *.googletagmanager.com *.ometria.com *.contentsquare.net *.ytimg.com *.adyen.com *.google.com *.gstatic.com *.postcodeanywhere.co.uk *.tvsquared.com *.doubleclick.net *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.net *.adform.net *.omnitagjs.com *.casalemedia.com *.criteo.com id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.sharethrough.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.demdex.net *.krxd.net *.dmxleo.com *.youtube.com *.facebook.com *.stackadapt.com *.adalyser.com *.google.co.uk *.facebook.net; connect-src https:; frame-src *.youtube.com *.google.com *.optimizely.com *.affirm.com *.livechatinc.com *.criteo.com *.doubleclick.net *.facebook.com *.trustpilot.com 1
default-src 'self' enza.fun *.enza.fun;script-src 'self' 'strict-dynamic' enza.fun *.enza.fun www.googletagmanager.com *.google-analytics.com www.youtube.com *.twitter.com *.twimg.com cdn.cookielaw.org 'nonce-cdba04242571f1d7c2c1526c310efcdd';connect-src 'self' enza.fun *.enza.fun wss://*.enza.fun https://s3.ap-northeast-1.amazonaws.com/image.enza.fun sentry.io www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net cdn.cookielaw.org;style-src 'self' enza.fun *.enza.fun www.googletagmanager.com fonts.googleapis.com *.twitter.com *.twimg.com cdn.cookielaw.org 'nonce-f1b929b99ab5f49295c40ec7ab803381';style-src-attr 'unsafe-inline';img-src 'self' data: blob: enza.fun *.enza.fun www.googletagmanager.com *.gstatic.com www.google-analytics.com *.twitter.com *.twimg.com cdn.cookielaw.org i.ytimg.com;font-src 'self' data: enza.fun *.enza.fun fonts.gstatic.com;base-uri 'none';frame-src 'self' www.youtube.com www.youtube-nocookie.com playervspf.channel.or.jp *.twitter.com;frame-ancestors 'self' *.enza.fun;report-uri https://o126865.ingest.sentry.io/api/6090357/security/?sentry_key=72dd0c1600ad4cbf844296391bb68898;form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
img-src 'self' *.foodwatch.org googleads.g.doubleclick.net www.google.com www.google.de *.fundraisingbox.com *.ytimg.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.foodwatch.org *.foodwatch.nl www.googleadservices.com googleads.g.doubleclick.net *.googletagmanager.com *.fundraisingbox.com *.eventjet.at *.klantsite.net *.doubleclick.net *.procurios.site *.youtube.com https://www.youtube.com blob:; frame-src 'self' *.foodwatch.org *.foodwatch.nl *.google.com *.fundraisingbox.com *.eventjet.at *.klantsite.net *.doubleclick.net *.procurios.site *.youtube.com https://www.youtube.com https://www.youtube-nocookie.com; connect-src 'self' *.foodwatch.org *.foodwatch.nl *.fundraisingbox.com *.eventjet.at *.klantsite.net *.doubleclick.net *.procurios.site data: blob:; font-src 'self'; style-src 'self' 'unsafe-inline'; worker-src blob:; form-action 'self'; object-src 'none'; frame-ancestors 'self' localhost *.foodwatch.org; 1
default-src blob: https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 1
frame-src 'none'; 1
script-src 'unsafe-eval' 'unsafe-inline' 'self' *.anglingdirect.co.uk anglingdirect.co.uk cdncache-a.akamaihd.net translate.googleapis.com www.google.com www.gstatic.com expressentry.melissadata.net s.ytimg.com www.youtube.com register.feefo.com api.feefo.com polyfill.io pcls1.craftyclicks.co.uk translate.google.com translate.googleapis.com maps.googleapis.com tpc.googlesyndication.com *.mention-me.com js.stripe.com static-eu.payments-amazon.com js-agent.newrelic.com scripts.sirv.com bam.eu01.nr-data.net www.googletagmanager.com googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net assets.zendesk.com static.zdassets.com platform.twitter.com www.googleadservices.com *.cloudmaestro.com *.klaviyo.com widget-mediator.zopim.com feed.mikle.com js.sentry-cdn.com static.zdassets.com translate-pa.googleapis.com assets.adobedtm.com bat.bing.com js.braintreegateway.com *.paypal.com www.dwin1.com *.paypalobjects.com www.zenaps.com x.klarnacdn.net optimize.google.com google-analytics.com tagmanager.google.com cdn.attn.tv pbf-live-magento.pbffinancecalculator.info lantern.roeyecdn.com s3.tradingview.com cdn.noibu.com/collect.js cdn.noibu.com; report-uri /.webscale/csp-report 1
frame-ancestors https://www.servizioelettriconazionale.it https://login.servizioelettriconazionale.it 1
frame-ancestors https://fashion.ovh/ https://parisfashionshops.com/ https://*.parisfashionshops.com/; 1
frame-ancestors 'self' *.opusarte.com *.naxosmusiclibrary.com; 1
default-src 'self' d1ez3fk0r6xpnu.cloudfront.net dvjtinn32k9x6.cloudfront.net d1yefj7ma5ctfd.cloudfront.net d1ixo36kppfedg.cloudfront.net images.glowroad.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' d1ez3fk0r6xpnu.cloudfront.net dvjtinn32k9x6.cloudfront.net www.google.com www.gstatic.com static.clevertap.com checkout.razorpay.com storage.googleapis.com www.google-analytics.com www.googletagmanager.com www.google-analytics.com d2r1yp2w7bby2u.cloudfront.net wzrkt.com; img-src 'self' data: d35m20fiakq0qn.cloudfront.net d1yefj7ma5ctfd.cloudfront.net images.glowroad.com d1ixo36kppfedg.cloudfront.net lqp-imgs.s3.ap-south-1.amazonaws.com www.google-analytics.com www.google.com www.google.co.in; style-src 'self' 'unsafe-inline' d1ez3fk0r6xpnu.cloudfront.net dvjtinn32k9x6.cloudfront.net cdnjs.cloudflare.com fonts.googleapis.com; font-src 'self' cdnjs.cloudflare.com d1yefj7ma5ctfd.cloudfront.net fonts.gstatic.com; frame-src 'self' www.google.com api.razorpay.com; connect-src 'self' cognito-identity.ap-south-1.amazonaws.com sts.ap-south-1.amazonaws.com dataplane.rum.ap-south-1.amazonaws.com unagi-eu.amazon.com www.google-analytics.com analytics.google.com glowroad.com lumberjack.razorpay.com stats.g.doubleclick.net firebase.googleapis.com firebaseinstallations.googleapis.com 172.31.66.55 o256629.ingest.sentry.io www.googletagmanager.com myshopprime.com affiliate-service-updated.ap-south-1.elasticbeanstalk.com; 1
frame-ancestors 'self' *.realescort.fi *.realescort.eu *.realescort.se *.realescort.dk; img-src 'self' data: *.realescort.fi *.realescort.eu *.realescort.se *.realescort.dk storage.googleapis.com maps.googleapis.com maps.gstatic.com 1
frame-ancestors 'self' https://support.turbovpn.com https://admin.turbovpn.com 1
script-src 'self' crossmark-cdn.crossref.org scholar.google.com d1bxh8uas1mnw7.cloudfront.net cdn.scite.ai cdn.jsdelivr.net connect.liblynx.com unpkg.com cdn.foxycart.com test-boneandjoint-org-uk.foxycart.com boneandjoint-org-uk.foxycart.com api.altmetric.com js.stripe.com cdnjs.cloudflare.com tpc.googlesyndication.com securepubads.g.doubleclick.net pagead2.googlesyndication.com www.googletagservices.com www.googletagmanager.com challenges.cloudflare.com 'nonce-06hgpmPinZuTmgmxDtlkhYEOzPNpYpl+Qmrgf8Kf7Yg='; object-src 'self'; block-all-mixed-content; img-src 'self' data: s3.eu-west-2.amazonaws.com crossmark-cdn.crossref.org cdn.scite.ai badges.altmetric.com connect.liblynx.com tpc.googlesyndication.com googleads.g.doubleclick.net pagead2.googlesyndication.com www.google.com; form-action 'self'; font-src 'self' fonts.gstatic.com cdn.scite.ai; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com d1bxh8uas1mnw7.cloudfront.net cdn.foxycart.com crossmark-cdn.crossref.org; base-uri 'self'; frame-ancestors 'self' 1
default-src 'self' *.kba.de; base-uri 'self' *.kba.de; style-src 'self' 'unsafe-inline' *.kba.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kba.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' *.kba.de multimedia.gsb.bund.de; media-src 'self' *.kba.de multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de; frame-src *.kba.de *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.kba.de *.google.com *.gstatic.com *.youtube.com; frame-ancestors 'self'; 1
base-uri 'self';default-src 'self' https://*.stripe.com https://*.bootstrapcdn.com https://fonts.googleapis.com https://*.google-analytics.com blob:;font-src 'self' https: data:;img-src 'self' https://*.downloadhelper.net https://*.google-analytics.com data:;script-src 'self' 'unsafe-inline' https://*.cloudflare.com https://*.stripe.com https://cdnjs.cloudflare.com https://js.stripe.com https://www.google-analytics.com blob:;frame-src 'self' https://*.stripe.com;object-src 'none';style-src 'self' https: 'unsafe-inline' https://*.bootstrapcdn.com;upgrade-insecure-requests 1
frame-ancestors 'self' https://*.cashconverters.es https://www.pccomponentes.com; 1
default-src https://*.f-list.net; frame-src https://www.google.com/recaptcha/; script-src https://*.f-list.net https://ajax.googleapis.com https://www.google.com https://www.google-analytics.com https://ads.dragonfru.it https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://plausible.dragonfru.it https://static.cloudflareinsights.com 'unsafe-inline' 'unsafe-eval'; img-src data: https://*.f-list.net https://www.google.com https://www.google-analytics.com https://ads.dragonfru.it; style-src https://*.f-list.net 'unsafe-inline'; connect-src https://*.f-list.net https://ads.dragonfru.it https://plausible.dragonfru.it https://www.google-analytics.com wss://chat.f-list.net:9799 ws://chat.f-list.net:9722 wss://chat.f-list.net:8799 ws://chat.f-list.net:8722 wss://chat.f-list.net; frame-ancestors 'none'; 1
frame-ancestors https://wealthport.cir2.com https://rc.wealthmsi.com; connect-src * 'unsafe-inline'; 1
default-src 'self'; font-src 'self' fonts.gstatic.com; frame-ancestors 'self'; img-src 'self' source.unsplash.com images.unsplash.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline' www.google.com www.gstatic.com; worker-src blob:; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=hbp_IHyOCLsWuex26NR4K6Sqd75F3rkhVb3yhxfH&env=production; 1
default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/;font-src 'self' https://fonts.gstatic.com/;img-src 'self' data: https://www.google-analytics.com/ https://www.googletagmanager.com/ https://stats.g.doubleclick.net/ https://file.go.gov.sg/;script-src 'self' https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://www.googletagmanager.com/ https://*.browser-intake-datadoghq.com/ https://www.datadoghq-browser-agent.com/;worker-src blob:;connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://*.browser-intake-datadoghq.com/ o372043.ingest.sentry.io o372043.ingest.sentry.io;frame-ancestors 'self';report-uri https://o372043.ingest.sentry.io/api/5193500/security/?sentry_key=a76d61749b824d8fa8ad84eee7ecc882;upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' data: *.openair.com *.openair1.com https://bat.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.openair.com consent.truste.com consent.trustarc.com ssl.google-analytics.com *.google-analytics.com bat.bing.com https://dpm.demdex.net https://oracle.sc.omtrdc.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.openair.com consent.truste.com consent.trustarc.com ssl.google-analytics.com *.google-analytics.com bat.bing.com https://dpm.demdex.net https://oracle.sc.omtrdc.net; img-src 'self' *.openair.com *.trustarc.com ssl.google-analytics.com https://bat.bing.com *.google-analytics.com https://netsuite.d1.sc.omtrdc.net https://cm.everesttech.net https://dpm.demdex.net https://oracle.sc.omtrdc.net http://oracle.sc.omtrdc.net; frame-src *.trustarc.com https://oracle.demdex.net http://fast.oracle.demdex.net https://dpm.demdex.net https://netsuiteinc.demdex.net/ https://oracle.sc.omtrdc.net; frame-ancestors 'none'; connect-src 'self' https://dpm.demdex.net https://oracle.sc.omtrdc.net 1
form-action 'self'; frame-ancestors 'self' *.grandlyon.com; img-src 'self' unpkg.com *.grandlyon.com *.meteo-lyon.net *.data.grandlyon.com *.googleapis.com *.gstatic.com *.ytimg.com *.facebook.com t.co data:; script-src 'self' blob: https: 'unsafe-inline' 'unsafe-eval' www.grandlyon.com 'self' *.data.grandlyon.com unpkg.com *.youtube.com play.google.com *.googleapis.com *.addthis.com *.moatads.com *.doubleclick.net *.ytimg.com *.onlymoov.com *.facebook.com *.twitter.com *.facebook.net use.typekit.net 1
style-src 'self' 'unsafe-inline' https://static.formstack.com https://www.formstack.com/admin/ https://admin.formstack.com/ https://mychart.phs.org/ https://oauth.formstackservices.com/ https://fonts.googleapis.com/;font-src 'self' https://static.formstack.com https://fonts.gstatic.com data:;object-src 'none';base-uri 'self';form-action 'self' https://www.formstack.com https://prescoverage.phs.org https://presbyterian.formstack.com https://www.phs.org;frame-ancestors 'self' https://mychart.phs.org/ 1
connect-src *; default-src 'self'; font-src 'self' https://fonts.gstatic.com https://sc-fonts.s3.amazonaws.com data:; frame-src *; img-src * data:; media-src * blob:; object-src *; script-src 'self' 'unsafe-inline' *.williamsf1.com *.stage-williamsf1.com analytics-sm.com *.adobedtm.com *.privacymanager.io *.ampproject.org *.auth0.com *.cookielaw.org *.tvsquared.com *.facebook.net *.doubleclick.net *.adsrvr.org *.doubleclick.net *.cardinalcommerce.com *.google.com *.googleapis.com *.googlesyndication.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googletagservices.com *.ada.support *.twitter.com vercel.live *.cloudflare.com *.instagram.com *.redditstatic.com *.gstatic.com *.chargebee.com *.bing.com *.showclix.com *.securemytix.com *.stripe.com *.tiktok.com; style-src * 'unsafe-inline'; worker-src blob:; 1
frame-ancestors 'self' https://manage.ogj.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors 'self' https://secure-dev.firstmidwest.com https://secure-test.firstmidwest.com https://secure-accp.firstmidwest.com https://secure.firstmidwest.com https://secure-dev.oldnational.com https://secure-test.oldnational.com https://secure-accp.oldnational.com https://secure.oldnational.com https://secure-dev.thehsaauthority.com https://secure-test.thehsaauthority.com https://secure-accp.thehsaauthority.com https://secure.thehsaauthority.com https://onlinebanking.oldnational.com https://secure-uat.firstmidwest.com 1
default-src 'self' profiauto.pl profiauto.de profiauto.co.at; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.profiauto.pl profiauto.pl profiauto.de profiauto.co.at  *.cookie-script.com ssl.silnet.pl www.googletagmanager.com www.google-analytics.com www.googleadservices.com *.doubleclick.net *.google.com *.gstatic.com *.facebook.com *.facebook.net *.onesignal.com onesignal.com *.googleapis.com cdnjs.cloudflare.com cdn.ampproject.org cdn.datatables.net; style-src 'self' 'unsafe-inline' profiauto.pl profiauto.de profiauto.co.at fonts.googleapis.com ssl.silnet.pl onesignal.com cdnjs.cloudflare.com *.tagmanager.google.com tagmanager.google.com motoflota.pl cdn.datatables.net *.bootstrapcdn.com; img-src 'self' data: *.ggpht.com *.profiauto.pl profiauto.pl profiauto.de profiauto.co.at silnet.pl ssl.silnet.pl cdn.datatables.net *.doubleclick.net www.google-analytics.com *.google.com *.google.pl *.facebook.com *.gstatic.com *.googleapis.com cdnjs.cloudflare.com *.openstreetmap.org *.gravatar.com motoflota.pl; media-src 'self' profiauto.pl profiauto.de profiauto.co.at; font-src 'self' profiauto.pl profiauto.de profiauto.co.at fonts.gstatic.com *.bootstrapcdn.com; frame-src 'self' profiauto.pl profiauto.de profiauto.co.at *.google.com google.com *.facebook.com onesignal.com *.youtube.com linkedin.com *.linkedin.com kalkulator.raty.aliorbank.pl; connect-src 'self' *.googleapis.com googleapis.com *.profiauto.pl profiauto.pl profiauto.de profiauto.co.at onesignal.com *.google-analytics.com *.doubleclick.net *.google.com *.google.pl *.facebook.com 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://cdn.cookielaw.org https://ajax.googleapis.com https://maps.googleapis.com https://www.youtube.com https://player.vimeo.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.rubensteintech.com https://analytics.rubyapps.dev.ruby.app https://analytics.rubyapps.io https://kit.fontawesome.com https://cc.cdn.civiccomputing.com https://pd.sharethis.com https://aptivio.azure-api.net https://www.influ2.com https://use.typekit.net https://ml314.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://static.cloudflareinsights.com https://play.libsyn.com/ https://www.youvisit.com/ https://cms.analytics.yahoo.com/ https://protect-eu.mimecast.com/ ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com https://hello.myfonts.net https://use.typekit.net https://p.typekit.net ; connect-src 'self' data: https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com https://vimeo.com https://noembed.com https://stats.g.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com https://cdn.plyr.io https://www.google-analytics.com/ https://analytics.rubensteintech.com https://analytics.rubyapps.dev.ruby.app https://analytics.rubyapps.io https://ka-f.fontawesome.com https://apikeys.civiccomputing.com https://t.influ2.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://static.cloudflareinsights.com ; font-src 'self' data: https://fonts.gstatic.com https://ka-f.fontawesome.com https://use.typekit.net ; img-src 'self' data: blob: https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com https://i.vimeocdn.com https://i.ytimg.com https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://use.typekit.net https://p.typekit.net https://akingump.vuturevx.com https://pd.sharethis.com https://via.placeholder.com https://aptivio.azure-api.net https://ps.eyeota.net https://sync.crwdcntrl.net https://match.adsrvr.org https://idsync.rlcdn.com https://dpm.demdex.net https://ml314.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://tags.bluekai.com/ https://ib.adnxs.com/ https://loadus.exelator.com/ https://trck.youvisit.com/ ; frame-src 'self' mailto: blob: https://cdnapisec.kaltura.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://play.libsyn.com/ https://www.youvisit.com/ https://cms.analytics.yahoo.com/ https://stories.rostrum.agency/ ; worker-src 'self' blob: ; media-src 'self' data: https://vimeo.com https://www.youtube.com https://cdn.plyr.io ; frame-ancestors 'self' ; object-src 'self' ; 1
default-src 'self'; style-src 'self' 'unsafe-inline'      https://fonts.googleapis.com/      https://cdn.jsdelivr.net/     https://hr.ease.com/     *.googletagmanager.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval'     https://cdn.jsdelivr.net/      https://www.googletagmanager.com/    https://player.vimeo.com/   https://hr.ease.com/     https://munchkin.marketo.net/     https://snap.licdn.com/     https://www.google-analytics.com/     https://cdn.bizible.com/     https://widget.intercom.io/     https://js.intercomcdn.com/     https://cdnjs.cloudflare.com/     https://yoast.com/     https://*.googleapis.com      https://*.gstatic.com      *.google.com      https://*.ggpht.com      *.googleusercontent.com     https://beacon-v2.helpscout.net/     https://www.youtube.com/     https://cdn.metadata.io/     https://connect.facebook.net/;  img-src 'self'     data:     https://wpengine.com/     https://library.elementor.com     https://px.ads.linkedin.com/     https://cdn.bizible.com/     https://www.google-analytics.com/     https://p.adsymptotic.com/     https://www.google.com/ads/     https://easemarketing.wpengine.com/     https://easedevelop.wpengine.com     https://secure.gravatar.com/     https://api.wpmet.com/     https://dify.wpengine.com/     https://cdn.bizibly.com/     https://player.vimeo.com/    https://px4.ads.linkedin.com/     https://yoa.st/     https://yoast.com/     *.intercomcdn.com     *.intercomassets.com     *.facebook.com     *.w.org/     *.gstatic.com     *.googleapis.com      *.ggpht.com; font-src 'self'     data:     https://www.ease.com      https://fonts.googleapis.com/      https://fonts.gstatic.com/      https://cdn.jsdelivr.net/     *.intercomcdn.com; connect-src 'self'     data:     https://www.google-analytics.com     https://stats.g.doubleclick.net/     https://627-plv-209.mktoresp.com/     https://api-iam.intercom.io/     https://my.wpengine.com/     https://yoast.com/     https://my.yoast.com/     wss://nexus-websocket-a.intercom.io/     https://*.googleapis.com      *.google.com      https://*.gstatic.com     https://d3hb14vkzrxvla.cloudfront.net/     https://cdn.linkedin.oribi.io/     https://platformapi.metadata.io/;  frame-src 'self'     https://hr.ease.com/     https://platform.twitter.com/     https://syndication.twitter.com/     https://www.youtube-nocookie.com/    https://player.vimeo.com/  https://www.youtube.com/     https://www.facebook.com/     *.google.com; prefetch-src 'self'    https://player.vimeo.com/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com www.youtube.com *.doubleclick.net maps.googleapis.com form.lidl.com *.lidl *.lidl.com *.lidl.net lidl.media01.eu bat.bing.com analytics.google.com *.clarity.ms *.google-analytics.com *.googletagmanager.com https://tagmanager.google.com https://connect.facebook.net cdn.cookielaw.org *.cookiebot.com https://www.google.com https://www.gstatic.com snap.licdn.com unternehmen.lidl.de corporate.lidl.co.uk corporate.lidl.ie corporate.lidl-ni.co.uk corporate.lidl.ro corporate.lidl.bg podjetje.lidl.si institucional.lidl.pt kompanija.lidl.rs corporate.lidl.fi tvrtka.lidl.hr kimjestesmy.lidl.pl imone.lidl.lt corporate.lidl.at empresa.lidl.es spolocnost.lidl.sk spolecnost.lidl.cz corporate.lidl.fr corporate.lidl.it om.lidl.se om.lidl.dk vallalat.lidl.hu corporate.lidl-hellas.gr corporate.lidl.nl mediacenter.lidl.com corporate.lidl.com.mt corporate.lidl.ch corporate.lidl.be corporate.lidl.lu corporate.lidl.com.cy info.lidl corporate.lidl.lv corporate.lidl.ee walls.io; img-src 'self' data: *.object.storage.eu01.onstackit.cloud maps.googleapis.com *.amazonaws.com *.google-analytics.com *.doubleclick.net  cdn.cookielaw.org form.lidl.com cm.everesttech.net *.demdex.net *.lidl *.lidl.com *.lidl.net *.bing.com *.clarity.ms px.ads.linkedin.com https://s-static.ak.facebook.com *.gstatic.com google.de www.google.com www.googletagmanager.com www.facebook.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.lidl form.lidl.com tagmanager.google.com; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com form.lidl.com *.lidl.com; frame-src 'self' https: 'unsafe-inline' www.youtube.com form.lidl.com https://www.facebook.com https://s-static.ak.facebook.com *.google-analytics.com *.googletagmanager.com *.youtube-nocookie.com *.cookiebot.com https://www.google.com https://recaptcha.google.com unternehmen.lidl.de corporate.lidl.co.uk corporate.lidl.ie corporate.lidl-ni.co.uk corporate.lidl.ro corporate.lidl.bg podjetje.lidl.si institucional.lidl.pt kompanija.lidl.rs corporate.lidl.fi tvrtka.lidl.hr kimjestesmy.lidl.pl imone.lidl.lt corporate.lidl.at empresa.lidl.es spolocnost.lidl.sk spolecnost.lidl.cz corporate.lidl.fr corporate.lidl.it om.lidl.se om.lidl.dk vallalat.lidl.hu corporate.lidl-hellas.gr corporate.lidl.nl mediacenter.lidl.com corporate.lidl.com.mt corporate.lidl.ch corporate.lidl.be corporate.lidl.lu corporate.lidl.com.cy info.lidl corporate.lidl.lv corporate.lidl.ee my.walls.io; connect-src 'self' www.google.com *.google-analytics.com stats.g.doubleclick.net cdn.cookielaw.org *.onetrust.com *.demdex.net *.cookiebot.com *.clarity.ms form.lidl.com *.lidl.com *.lidl.net lidl.media01.eu unternehmen.lidl.de corporate.lidl.co.uk corporate.lidl.ie corporate.lidl-ni.co.uk corporate.lidl.ro corporate.lidl.bg podjetje.lidl.si institucional.lidl.pt kompanija.lidl.rs corporate.lidl.fi tvrtka.lidl.hr kimjestesmy.lidl.pl imone.lidl.lt corporate.lidl.at empresa.lidl.es spolocnost.lidl.sk spolecnost.lidl.cz corporate.lidl.fr corporate.lidl.it om.lidl.se om.lidl.dk vallalat.lidl.hu corporate.lidl-hellas.gr corporate.lidl.nl mediacenter.lidl.com corporate.lidl.com.mt corporate.lidl.ch corporate.lidl.be corporate.lidl.lu corporate.lidl.com.cy info.lidl corporate.lidl.lv corporate.lidl.ee; frame-ancestors 'self' *.googletagmanager.com form.lidl.com *.lidl.com *.lidl.net *.google-analytics.com unternehmen.lidl.de corporate.lidl.co.uk corporate.lidl.ie corporate.lidl-ni.co.uk corporate.lidl.ro corporate.lidl.bg podjetje.lidl.si institucional.lidl.pt kompanija.lidl.rs corporate.lidl.fi tvrtka.lidl.hr kimjestesmy.lidl.pl imone.lidl.lt corporate.lidl.at empresa.lidl.es spolocnost.lidl.sk spolecnost.lidl.cz corporate.lidl.fr corporate.lidl.it om.lidl.se om.lidl.dk vallalat.lidl.hu corporate.lidl-hellas.gr corporate.lidl.nl mediacenter.lidl.com corporate.lidl.com.mt corporate.lidl.ch corporate.lidl.be corporate.lidl.lu corporate.lidl.com.cy info.lidl corporate.lidl.lv corporate.lidl.ee; 1
base-uri 'self'; default-src https://www.dnshome.de; font-src 'self' data: https:; form-action 'self'; frame-ancestors 'none'; frame-src 'self'; img-src 'self' https://www.paypalobjects.com; script-src 'self' 'unsafe-inline'; style-src 'self'; 1
frame-ancestors 'self' *.tombola.co.uk *.tombola.com *.tombolaarcade.co.uk https://app.optimizely.com; 1
default-src https: 'self' 'unsafe-eval' 'unsafe-inline' 'self' *.futurumtest.nl *.futurumshop.nl *.google-analytics.com *.google.com *.googletagmanager.com *.googleoptimize.com; object-src 'unsafe-eval' 'unsafe-inline' *; img-src data: 'unsafe-eval' 'unsafe-inline' *; font-src data: 'unsafe-eval' 'unsafe-inline' *; 1
default-src 'self';              script-src 'self' 'unsafe-eval' 'unsafe-inline';              script-src-elem 'self' 'unsafe-inline' https://statuspal.io https://www.googletagmanager.com https://consent.cookiebot.com https://connect.facebook.net https://bat.bing.com https://googleads.g.doubleclick.net https://widget.intercom.io https://static.hotjar.com https://js.intercomcdn.com https://vercel.live https://cdn.redoc.ly https://script.hotjar.com;              connect-src 'self' https://statuspal.io https://www.google.com https://analytics.google.com https://googleads.g.doubleclick.net https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://metrics.hotjar.io https://vercel.live wss://ws-us3.pusher.com https://pagead2.googlesyndication.com https://www.google-analytics.com wss://ws.hotjar.com https://content.hotjar.io https://vc.hotjar.io https://stats.g.doubleclick.net;              style-src 'self' 'unsafe-inline';              style-src-elem 'self' 'unsafe-inline' https://vercel.live https://fonts.googleapis.com;              img-src 'self' blob: data: https://www.gravatar.com https://bat.bing.com https://www.google.com https://www.facebook.com https://vercel.com https://www.googletagmanager.com https://cdn.redoc.ly https://static.intercomassets.com https://js.intercomcdn.com https://statuspal.io;              font-src 'self' data: https://fonts.gstatic.com https://fonts.intercomcdn.com https://vercel.live;              object-src 'none';              frame-src 'self' https://consentcdn.cookiebot.com https://vercel.live;              worker-src 'self' blob:;              base-uri 'self';              form-action 'self';              frame-ancestors 'none';              upgrade-insecure-requests; 1
frame-ancestors 'self'; worker-src 'self' blob: ; report-uri https://report-to.kiewit.io/report; report-to reporttokiewitio; 1
default-src 'self'  *.google.com *.google-analytics.com *.youtube.com *.plyr.io *.visualstudio.com *.googleapis.com *.doubleclick.net cdn.cookielaw.org geolocation.onetrust.com analytics.tiktok.com *.oribi.io; font-src *; script-src 'self'  'strict-dynamic' 'unsafe-inline'  'unsafe-hashes' *.googleapis.com az416426.vo.msecnd.net snap.licdn.com *.googletagmanager.com s3.amazonaws.com *.google.com *.gstatic.com googleads.g.doubleclick.net *.google-analytics.com *.googleadservices.com cdn.cookielaw.org geolocation.onetrust.com 'nonce-32c4d8f2-53d2-4450-8400-af59deec9cc8'; style-src *  'unsafe-inline' cdn.cookielaw.org geolocation.onetrust.com; img-src 'self' data: *.episerver.net *.google.com *.google-analytics.com *.youtube.com *.plyr.io *.visualstudio.com *.googleapis.com *.doubleclick.net  *.gstatic.com *.mdhv.io *.linkedin.com *.googletagmanager.com *.prnewswire.com c212.net *.mathtag.com *.adsymptotic.com *.cloudfront.net *.vimeocdn.com  cdn.cookielaw.org geolocation.onetrust.com analytics.tiktok.com; frame-src 'self' td.doubleclick.net youtube.com www.youtube.com moncur.freshdesk.com www.google.com player.vimeo.com *.bugherd.com cdn.cookielaw.org geolocation.onetrust.com dana.mediaroom.com; frame-ancestors 'self' ; object-src 'self'; base-uri 'self' ;  form-action 'self' *.salesforce.com;  media-src *.dana.com *.episerver.net cdn.cookielaw.org geolocation.onetrust.com; connect-src 'self' px.ads.linkedin.com 1
default-src * https://*.santagostino.it; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src 'self' data: https://*; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bs.serving-sys.ru https://cdn.adhigh.net https://ds.serving-sys.ru https://x01.aidata.io https://tube.buzzoola.com https://cdn.afp.ai https://cdn.videonow.ru https://content.adriver.ru https://cache.betweendigital.com https://ssl.google-analytics.com https://adservice.google.lv https://cdn.ampproject.org https://partner.googleadservices.com https://www.googletagmanager.com *.adledge.com https://adservice.google.ru https://www.googletagservices.com *.mathtag.com uk-ads.openx.net pixel.adsafeprotected.com *.googleapis.com *.google.com connect.ok.ru *.gstatic.com *.googlesyndication.com vk.com *.mail.ru *.yandex.net *.yandex.ru yandex.st yastatic.net banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru www.google-analytics.com https://www.google-analytics.com top-fwz1.mail.ru; object-src 'self' *.googlesyndication.com *.gstatic.com; style-src 'self' 'unsafe-inline' https://tube.buzzoola.com yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net *.google.com fonts.googleapis.com; font-src 'self' 'unsafe-inline' data: https://tube.buzzoola.com an.yandex.ru yastatic.net yastat.net fonts.gstatic.com; img-src 'self' data:  https://vma.mts.ru https://code.giraff.io https://www.googletagmanager.com https://sync.dsp.solta.io https://eye.vihub.ru https://x01.aidata.io https://pixel.konnektu.ru https://*.rtb.mts.ru https://impression.appsflyer.com https://trk.mail.ru https://tube.buzzoola.com https://bs.serving-sys.ru https://clk.streamgo.ru https://nr.bidderstack.com https://*.adhigh.net https://dsa-ee.hybrid.ai https://vast-bidder-eu-05.b.otm-r.com https://wcm-ru.frontend.weborama.fr https://*.sape.ru https://x.bidswitch.net https://adx.com.ru https://ups.analytics.yahoo.com https://code.directadvert.ru https://sync.dmp.otm-r.com https://lbs-ru1.ads.betweendigital.com https://tag.rutarget.ru https://ads.betweendigital.com https://cdn.rutarget.ru https://creative.rutarget.ru https://ssl.google-analytics.com *.yandex.net *.yandex.ru *.adfox.ru yastat.net https://an.yandex.ru *.acxiom-online.com *.specificclick.net track.e-contenta.com uk-ads.openx.net *.exe.bid recreativ.ru *.uuidksinc.net www.tns-counter.ru dumedia.ad.admitad.com ad.dumedia.ru rtb.rtcdn.ru imrk.net sync.madnet.ru *.adriver.ru track.recreativ.ru *.cubo.ru *.googleapis.com *.google.com counter.yadro.ru *.googlesyndication.com *.doubleclick.net vk.com yastatic.net www.google-analytics.com https://www.google-analytics.com; frame-src 'self' https://ds.serving-sys.ru https://js.ad-score.com https://tube.buzzoola.com https://tpc.googlesyndication.com awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net *.adriver.ru *.openx.net imrk.net *.google.com connect.mail.ru *.doubleclick.net vk.com *.vk.com connect.ok.ru; media-src 'self' https://ds.serving-sys.ru https://api-ui.gonet-ads.com https://cdn.afp.ai https://r.cdn.adspend.space https://content.hybrid.ai https://storage.vihub.ru https://*.adriver.ru https://buzzoola.kinescopecdn.net https://cdn.streamgo.ru https://cdn.adhigh.net https://cdn.otm-r.com https://cdn.rutarget.ru *.yandex.net strm.yandex.ru *.strm.yandex.ru yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net https://umedia.exe.bid data:; connect-src 'self' https://ads.betweendigital.com https://x01.aidata.io https://cdn.afp.ai https://render.adspend.space https://exchange.buzzoola.com https://xmt.mts.ru https://video.new-programmatic.com https://vast.vihub.ru https://clk.streamgo.ru https://*.ad-score.com https://bs.serving-sys.ru https://wcm-ru.frontend.weborama.fr https://*.adhigh.net https://ad.adriver.ru https://*.sape.ru https://lbs-ru1.ads.betweendigital.com https://creative.rutarget.ru https://csp.yandex.net https://an.yandex.ru *.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru *.adfox.ru yastat.net yandex.ru https://www.google-analytics.com https://pagead2.googlesyndication.com *.gstatic.com 1
default-src * 'self' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com/* https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com *.nestle.co.uk *.mikmak.ai *.swaven.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; object-src *; style-src * 'self' 'unsafe-inline' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; img-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; media-src *; frame-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; frame-ancestors * 'self' ; child-src * blob:; font-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; connect-src * 'self' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ 1
default-src 'self' 'unsafe-inline'; script-src 'unsafe-eval' 'unsafe-inline' data: *.applanga.com *.globallinkstrings.com *.intercomcdn.com *.intercom.io code.jquery.com ajax.googleapis.com cdnjs.cloudflare.com blob:; form-action 'self'; object-src 'none'; connect-src 'self' data: wss: sentry.io *.intercom.io *.intercom.com *.intercomcdn.com *.applanga.com *.globallinkstrings.com; img-src 'self' data: *.applanga.com *.globallinkstrings.com applanga-dev-thumbnails.s3-website.eu-central-1.amazonaws.com s3.eu-central-1.amazonaws.com applanga-prod-thumbnails.s3-website.eu-central-1.amazonaws.com *.execute-api.eu-central-1.amazonaws.com static.intercomassets.com *.intercomcdn.com; font-src fonts.intercomcdn.com *.applanga.com *.globallinkstrings.com; media-src *.applanga.com *.intercomcdn.com ; upgrade-insecure-requests; frame-src youtube.com https://www.youtube.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://* data: blob: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-ancestors 'self' *.ci360.sas.com; 1
frame-ancestors 'self' *.shift4shop.com *.3dcart.com *.3dcart.net *.3dc.local *.3dcart.co.uk *.3dcart.ca app.cyfe.com 1
default-src 'none'; child-src https://cryptpad.fr; worker-src 'self'; media-src blob:; style-src 'unsafe-inline' 'self' https://cryptpad.fr; script-src 'self' resource: https://cryptpad.fr; connect-src 'self' https://cryptpad.fr blob: wss://api.cryptpad.fr https://files.cryptpad.fr https://accounts.cryptpad.fr https://sandbox.cryptpad.info https://api.cryptpad.fr; font-src 'self' data: https://cryptpad.fr; img-src 'self' data: blob: https://cryptpad.fr; frame-src 'self' https://sandbox.cryptpad.info blob:; frame-ancestors 'self' https: vector: 1
frame-ancestors 'self'; report-uri https://www.recetasnestle.com.mx/report-uri/enforce 1
frame-ancestors 'self' *.americangreetings.com *.bluemountain.com *.jacquielawson.com *.justwink.com *.agpre.net *.imgag.com carltoncards.ca *.papyrusonline.com *.facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com *.contentstack.com papyrus-develop.go-vip.net papyrus-preprod.go-vip.net papyrus.go-vip.net 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' https: data:; font-src 'self' https: data:; 1
frame-ancestors https://app.cux.io 1
default-src 'self' https://assets.getmyboat.com; connect-src 'self' https://assets.getmyboat.com assets.getmyboat.com wss://www.getmyboat.com gtm.getmyboat.com o33203.ingest.sentry.io www.google-analytics.com stats.g.doubleclick.net https://*.google.com https://*.google.ca https://*.google.co.in https://*.google.co.uk https://*.google.com.mx https://*.google.de https://*.google.com.au https://*.google.it https://*.google.nl https://*.google.com.tr https://*.google.com.ph https://*.google.es https://*.google.gr https://*.google.hr https://*.google.fr https://*.google.com.pr https://*.google.pt https://*.google.co.il https://*.google.com.cy https://*.google.ie https://*.google.ae https://*.google.ch https://*.google.co.id https://*.google.co.za https://*.google.se https://*.google.com.sg https://*.google.bs https://*.google.com.co https://*.google.be https://*.google.pl https://*.googleapis.com https://*.gstatic.com translate.googleapis.com getmyboat-user-images1.imgix.net getmyboat-user-images2.imgix.net graph.facebook.com www.facebook.com api.mapbox.com *.tiles.mapbox.com events.mapbox.com getmyboat-uploads-temp-prod.s3.us-east-1.amazonaws.com getmyboat-uploads-processed.s3.us-east-1.amazonaws.com ct.pinterest.com *.clarity.ms *.bing.com *.zdassets.com *.zendesk.com *.amazon-adsystem.com *.paa-reporting-advertising.amazon; script-src 'self' 'nonce-n0RUQSZucskKMYhMymwZ7A' www.getmyboat.com https://assets.getmyboat.com gtm.getmyboat.com www.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com www.gstatic.com https://*.googleapis.com translate.googleapis.com connect.facebook.net s.pinimg.com *.clarity.ms *.bing.com *.zdassets.com *.ensighten.com *.amazon-adsystem.com *.adsrvr.org; style-src 'self' 'unsafe-inline' https://assets.getmyboat.com https://fonts.googleapis.com translate.googleapis.com; img-src 'self' data: https://assets.getmyboat.com assets.getmyboat.com cms-media.getmyboat.com www.google-analytics.com stats.g.doubleclick.net www.gstatic.com www.googletagmanager.com googleads.g.doubleclick.net https://*.google.com https://*.google.ca https://*.google.co.in https://*.google.co.uk https://*.google.com.mx https://*.google.de https://*.google.com.au https://*.google.it https://*.google.nl https://*.google.com.tr https://*.google.com.ph https://*.google.es https://*.google.gr https://*.google.hr https://*.google.fr https://*.google.com.pr https://*.google.pt https://*.google.co.il https://*.google.com.cy https://*.google.ie https://*.google.ae https://*.google.ch https://*.google.co.id https://*.google.co.za https://*.google.se https://*.google.com.sg https://*.google.bs https://*.google.com.co https://*.google.be https://*.google.pl https://*.googleapis.com https://*.gstatic.com translate.googleapis.com getmyboat-user-images1.imgix.net getmyboat-user-images2.imgix.net www.facebook.com web.facebook.com blob: api.mapbox.com getmyboat-uploads-processed.s3.amazonaws.com getmyboat-uploads-processed.s3.us-east-1.amazonaws.com ct.pinterest.com *.clarity.ms c.bing.com *.bing.com arttrk.com; font-src 'self' https://assets.getmyboat.com data: https://fonts.gstatic.com; worker-src 'self' https://assets.getmyboat.com blob:; child-src 'self' https://assets.getmyboat.com graph.facebook.com blob:; frame-src 'self' https://assets.getmyboat.com bid.g.doubleclick.net tpc.googlesyndication.com www.google.com https://www.youtube.com/ *.facebook.com ct.pinterest.com *.amazon-adsystem.com *.adsrvr.org d1eoo1tco6rr5e.cloudfront.net; base-uri 'none'; object-src 'none'; block-all-mixed-content; frame-ancestors 'self'; 1
default-src 'nonce-c962b8986d1d0c3845fc400419a99504' 'self' *.trendin.com *.pantaloons.com imagescdn.pantaloons.com *.yellowmessenger.com *.paytm *.gstatic.com data:; img-src * 'self' https://*.akstat.io blob: data:;script-src 'self' *.pantaloons.com *.unpkg.com static.ads-twitter.com in1.clevertap-prod.com https://*.go-mpulse.net trc.taboola.com rtb-global.com webtrafficsource.com i.l-dsp.inmobicdn.net *.yellowmessenger.com *.yellow.ai cdn.taboola.com go-mpulse.net sc-static.net sdk.rsut.io securegw-stage.paytm.in *.paytm.com *.paytm.in *.amazonaws.com *.wizrocket.com *.criteo.com *.criteo.net *.googleapis.com *.resu.io sdk.resu.io cdnjs.cloudflare.com *.adobedtm.com *.gstatic.com *.primeai3.in *.primeai4.in *.primeai6.co.uk *.primeai1.org *.jquery.com *.facebook.net *.google.com *.googleapis.com *.cloudfront.net *.hotjar.com *.contentsquare.net *.google-analytics.com *.bing.com *.streamoid.com *.googleadservices.com *.trendin.com imagescdn.pantaloons.com *.google.com *.googletagmanager.com *.usersnap.com *.clevertap.com router.paytm.in stage-router.paytm.in securegw-stage.paytm.in *.paytm.com *.paytm.in *.amazonaws.com *.wizrocket.com *.criteo.com *.criteo.net *.googleapis.com *.resu.io sdk.resu.io cdnjs.cloudflare.com *.adobedtm.com *.gstatic.com *.primeai3.in *.primeai4.in *.primeai6.co.uk *.primeai1.org *.jquery.com *.facebook.net *.google.com *.googleapis.com *.cloudfront.net *.hotjar.com *.contentsquare.net *.google-analytics.com *.bing.com *.streamoid.com *.googleadservices.com *.adobedtm.com *.wzrkt.com 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.crazyegg.com 'self' *.licdn.com; connect-src 'self' *.adobedtm.com *.contentsquare.net *.abfrl.in *.yellow.ai *.yellowmessenger.com wss://cloud.yellow.ai *.pantaloons.com *.primeai3.in *.primeai4.in *.primeai6.co.uk *.primeai1.org imagescdn.pantaloons.com widget.usersnap.com *.paytm.in wss://stage-router.paytm.in wss://router.paytm.in wss://securegw-stage.paytm.in wss://securegw.paytm.in wss://securegw-stage.paytm.in wss://securegw.paytm.in *.taboola.com wss://websoc.resu.io http://abfrl.com/ *.google.com *.google.co.in *.criteo.com rtb-global.com webtrafficsource.com https://*.akstat.io https://*.go-mpulse.net cdn.taboola.com *.adobedc.net in1.wzrkt.com apis.google.com *.googletagmanager.com imagescdn.pantaloons.com  *.trendin.com assets.trendin.com assets.abfrlcdn.com use.typekit.net *.gstatic.com *.facebook.com bat.bing.com *.hotjar.io geolocation-db.com *.hotjar.com *.googleapis.com *.primeai3.in *.primeai4.in *.primeai6.co.uk *.primeai1.org *.richrelevance.com *.amazonaws.com *.wizrocket.com adityabirlafashion.sc.omtrdc.net *.google-analytics.com     *.doubleclick.net *.demdex.net *.adobeaemcloud.com nodeserver.sdk.streamoid.com *.elastic-cloud.com *.crazyegg.com sdk.resu.io cdnjs.cloudflare.com *.clickpost.in *.linkedin.com; style-src 'self' 'unsafe-inline'   *.pantaloons.com *.paytm.in *.trendin.com *.yellowmessenger.com *.primeai3.in *.primeai4.in *.primeai6.co.uk *.primeai1.org *.streamoid.com *.googleapis.com nodeserver.sdk.streamoid.com *.typekit.net; media-src 'self' 'unsafe-eval' 'unsafe-inline' *.pantaloons.com imagescdn.pantaloons.com *.adobeaemcloud.com *.typekit.net   *.trendin.com  *.elastic-cloud.com *.scene7.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.paytm.in *.google.com *.go2cloud.org afftracer.g2afse.com static.criteo.net *.amazon-adsystem.com *.criteo.com *.amazonaws.com *.wizrocket.com *.facebook.com accounts.google.com *.doubleclick.net *.demdex.net *.hotjar.com   *.trendin.com *.youtube.com; child-src *.googleapis.com; worker-src localhost:3000 blob: *.pantaloons.com; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://jmmb.us18.list-manage.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.jotfor.ms https://form.jotform.com https://trackcmp.net https://prism.app-us1.com https://www.google-analytics.com https://diffuser-cdn.app-us1.com https://jmmb.fluidaibot.com https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://js.hsforms.net https://maps.googleapis.com https://unpkg.com https://static.addtoany.com https://cdn.jsdelivr.net https://maps.googleapis.com/maps/api/js https://s7.addthis.com/js/300/addthis_widget.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.youtube.com https://www.gstatic.com https://www.googletagmanager.com https://connect.facebook.net https://jmmb.activehosted.com; style-src 'report-sample' 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.gstatic.com https://cdn-images.mailchimp.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.bunny.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://analytics.google.com https://dev-hellofuture.jmmb.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com.ua https://www.facebook.com; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://fonts.bunny.net; frame-src 'self' https://forms.hsforms.com https://online.anyflip.com https://form.jotform.com https://www.yumpu.com/ https://docs.google.com/ https://jmmbrd.wufoo.com https://jmmb.fluidaibot.com https://www.jmmb.com https://calculator.jmmb.com https://www.youtube.com https://app.hubspot.com https://static.addtoany.com https://td.doubleclick.net https://www.google.com https://www.facebook.com; frame-ancestors 'self' https://do.jmmb.com/; img-src 'self' data: https://jmmb.fluidaibot.com https://certificaciones.uaf.gob.do https://i.ytimg.com https://www.googletagmanager.com https://khms0.googleapis.com https://khms1.googleapis.com https://forms.hsforms.com https://forms-na1.hsforms.com https://maps.gstatic.com https://maps.googleapis.com https://do.jmmb.com https://jm.jmmb.com https://jmmb.com https://tt.jmmb.com https://www.google-analytics.com https://www.google.com https://www.jmmb.com https://content.app-us1.com; manifest-src 'self'; media-src 'self' https://jmmb.fluidaibot.com; report-uri https://65f98387bc57ae1120bf7cba.endpoint.csper.io/?v=5; worker-src 'none'; 1
default-src 'self' boxbox.club; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net *.facebook.com www.facebook.com *.googletagmanager.com vercel.live; child-src 'self' connect.facebook.net *.facebook.com www.facebook.com; style-src 'self' 'unsafe-inline'; img-src * blob: data:; media-src 'self'; connect-src *; font-src 'self'; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://www.google-analytics.com https://consent.cookiebot.com/uc.js https://connect.facebook.net https://secure.quantserve.com https://rules.quantcount.com/ https://destinilocators.com *.typekit.net unpkg.com *.googletagmanager.com *.fontawesome.com *.googleapis.com *.cloudflare.com *.juicer.io https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'report-sample' 'self' 'unsafe-inline' *.typekit.net unpkg.com *.fontawesome.com *.googleapis.com cdnjs.cloudflare.com *.juicer.io; object-src 'none'; base-uri 'self'; connect-src 'self'  https://www.google-analytics.com https://consentcdn.cookiebot.com/consentconfig/97be9b59-acbb-4b48-8cb3-7ea98bfbab50/settings.json *.juicer.io *.fontawesome.com; font-src 'self' data: static.juicer.io *.fontawesome.com *.typekit.net *.gstatic.com; frame-src 'self' data: https://destinilocators.com https://consent.cookiebot.com https://consentcdn.cookiebot.com/; img-src 'self' data: https://pixel.quantserve.com https://www.facebook.com https://www.juicer.io https://assets.juicer.io https://s.w.org https://juicer.io https://consent.cookiebot.com https://imgsct.cookiebot.com; manifest-src 'self'; media-src 'self'; report-uri https://63fcef7d3e361dd413cfe988.endpoint.csper.io/?v=0; worker-src 'self'; 1
default-src 'self' https: 'unsafe-inline'; font-src 'self' https: data: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.googleapis.com; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' data:; connect-src 'self' https: *.googleapis.com; img-src 'self' https: data:; style-src 'self' https: 'unsafe-inline'; frame-ancestors 'self' https://www.youtube.com; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.pstatic.net wcs.naver.net rum.beusable.net script.beusable.net *.beusably.net www.googletagmanager.com;object-src 'self' xv-ncloud.pstatic.net portal.gcdn.ntruss.com ncloud-portal-cdn-dev.gcdn.ntruss.com *.ncloud.com *.gov-ncloud.com *.fin-ncloud.com;media-src 'self' *.ncloud.com xv-ncloud.pstatic.net portal.gcdn.ntruss.com ncloud-portal-cdn-dev.gcdn.ntruss.com blob:;style-src 'self' 'unsafe-inline' *.beusably.net www.googletagmanager.com fonts.googleapis.com;img-src 'self' data: ssl.pstatic.net *.ncloud.com xv-ncloud.pstatic.net portal.gcdn.ntruss.com ncloud-portal-cdn-dev.gcdn.ntruss.com ncloud-cs.static.naver.com i.ytimg.com *.apigw.ntruss.com wcs.naver.com www.googletagmanager.com fonts.gstatic.com;frame-src 'self' nid.naver.com *.ncloud.com *.gov-ncloud.com *.fin-ncloud.com www.youtube.com xv-ncloud.pstatic.net portal.gcdn.ntruss.com ncloud-portal-cdn-dev.gcdn.ntruss.com;connect-src 'self' *.ncloud.com *.gov-ncloud.com *.fin-ncloud.com xv-ncloud.pstatic.net portal.gcdn.ntruss.com ncloud-portal-cdn-dev.gcdn.ntruss.com *.naver.com blob: *.google.com wss://rum.beusable.net *.beusably.net ba.beusable.net www.google-analytics.com;font-src 'self' data: ssl.pstatic.net fonts.gstatic.com 1
child-src 'self' 3speak.tv emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com;connect-src https://images.hive.blog 'self' hive.blog https://api.hive.blog api.blocktrades.us https://anyx.io https://api.openhive.network https://hivesigner.com https://hived.hive-engine.com https://api.followbtcnews.com https://rpc.esteem.app https://api.pharesim.me https://hive.roelandp.nl https://hived.privex.io https://hive.3speak.online https://rpc.ausbit.dev https://api.hivekings.com https://hivebuzz.me https://peakd.com https://api.deathwing.me https://api.ha.deathwing.me *.ibytedtos.com wss://hive-auth.arcange.eu https://hiveposh.com/api/ https://openhive.chat https://herpc.dtools.dev;default-src 'self' img.3speakcontent.online emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com;font-src data: fonts.gstatic.com cdn.embedly.com;frame-ancestors 'none';frame-src 'self' https:;img-src * data:;object-src 'none';script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com www.reddit.com cdn.embedly.com github.githubassets.com *.tiktokcdn.com *.ttwstatic.com;report-uri /api/v1/csp_violation 1
script-src 'unsafe-eval' 'strict-dynamic' 'nonce-f0txKR9e3DQN0rpfRZr5vfpbhdk=' 'nonce-0LBOqnn7cFGv8yg5G35FG+2lKPc=' ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic 1
frame-ancestors 'self' *.portaldocidadaosurdo.pt edponline.edp.pt cliente.edp.pt *.edponline.edp.pt *.cliente.edp.pt m01.ofertas.edp.pt ofertas.edp.pt; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.byside.com *.s1.byside.com *.googleadservices.com *.googleads.g.doubleclick.net *.google.com *.hotjar.com *.google-analytics.com *.youtube.com *.facebook.net *.ytimg.com grmtech.net *.cloudfront.net *.adnxs.com *.mookie1.com *.serving-sys.com c-share.herokuapp.com *.googleapis.com *.cloudflare.com *.captcha.com *.doubleclick.net *.google.com *.google.pt *.botframework.com *.edp.pt *.clientscape.com *.facebook.com *.googletagmanager.com *.licdn.com *.linkedin.com nebula-cdn.kampyle.com *.kampyle.com *.smrk.io *.gstatic.com *.cookiepro.com *.onetrust.com cookiepro.blob.core.windows.net code.jquery.com edpptblob.blob.core.windows.net unpkg.com cdn.cookielaw.org *.googlesyndication.com *.googleoptimize.com *.weglot.com *.visualwebsiteoptimizer.com *.vwo.com *.datadoghq-browser-agent.com cdn.gbqofs.com 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; font-src https: data: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://*.toyota.com.tr https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
frame-ancestors 'self' *.uob.com.sg *.uobgroup.com *.uobgroup.com.sg http://uob.eltropy.com https://uob.eltropy.com http://findahomeloan.co https://www.edgeprop.sg https://sleek.sg 1
frame-ancestors 'self' https://digizone.sacombank.local https://digizone.sacombank.com 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' mykid.no www.gstatic.com maps.googleapis.com backstage.mykid.no; img-src * blob: data:; style-src 'self' 'unsafe-inline' fonts.gstatic.com www.gstatic.com fonts.googleapis.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com data:; form-action 'self'; report-uri https://hosting.guru/csp-report/report.php 1
frame-ancestors https://console.pixelbin.io 1
frame-ancestors 'self' https://builtwith.com; upgrade-insecure-requests 1
default-src 'self' data: https://*.flashcourier.com.br https://fonts.gstatic.com https://cdn.atendimen.to https://*.google.com https://*.google.com.br https://*.youtube.com https://*.gstatic.com https://viacep.com.br https://*.openstreetmap.org https://*.googleapis.com; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; object-src 'self'; img-src * data:; 1
default-src 'self' fs.betunit.com;style-src 'self' fs.betunit.com fonts.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com embed.tawk.to 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval';script-src 'self' *.googletagmanager.com *.gstatic.com *.google.com tvbetframe7.com tvbetframe24.com *.facebook.com *.facebook.net *.onesignal.com www.google-analytics.com google-analytics.com static.hotjar.com embed.tawk.to script.hotjar.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval';connect-src 'self' *.habeshabets.com wss://cgo-live.habeshabets.com/connection/websocket amazingames.pw *.amazingames.pw abcdabra.com *.abcdabra.com nrgaming.games *.nrgaming.games *.energaming.systems *.betunit.com betunit.com *.doubleclick.net www.google-analytics.com google-analytics.com live5.betunit.com *.tawk.to wss://*.tawk.to ws://*.tawk.to ws://turbo.energaming.systems:4444 wss://turbo.energaming.systems:4444 turbo.energaming.systems ws://transport.energaming.systems:4444 wss://transport.energaming.systems:4444 wss://live.habeshabets.com:4445 live.habeshabets.com transport.energaming.systems chukuatano.co.tz *.chukuatano.co.tz;frame-src 'self' *.atlas-v.com playbetman.com *.playbetman.com *.amazingames.pw amazingames.pw abcdabra.com *.abcdabra.com nrgaming.games *.nrgaming.games *.google.com vars.hotjar.com *.energaming.systems *.betunit.com betunit.com *.slotegrator.com *.cloudfront.net *.gamerouter.pw *.mrslotty.com *.xpressgaming.net *.xpress-ix.com *.macawgaming.com *.game-program.com chukuatano.co.tz *.chukuatano.co.tz;font-src 'self' fonts.googleapis.com fonts.gstatic.com use.fontawesome.com embed.tawk.to;img-src * 'self' *.tawk.link *.energaming.systems *.betunit.com betunit.com *.facebook.com *.tawk.to *.google-analytics.com google-analytics.com  *.slotegrator.com *.cloudfront.net *.gamerouter.pw *.mrslotty.com *.xpressgaming.net *.xpress-ix.com *.macawgaming.com *.game-program.com chukuatano.co.tz *.chukuatano.co.tz cdn.jsdelivr.net amazingames.pw *.amazingames.pw abcdabra.com *.abcdabra.com nrgaming.games *.nrgaming.games 1
frame-ancestors 'self' *.carsaver.com 1
img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval';worker-src blob:; 1
base-uri 'self';connect-src 'self' *.doubleclick.net *.google-analytics.com analytics.google.com *.bugsnag.com *.pusherapp.com *.bugherd.com *.pusher.com *.fontawesome.com;default-src 'self';font-src 'self' data: *.typekit.net *.gstatic.com *.bugherd.com *.cloudfront.net *.cdnfonts.com *.fontawesome.com;frame-ancestors 'self';frame-src 'self' *.youtube.com *.vimeo.com;img-src 'self' data: *.google-analytics.com *.vimeocdn.com *.googletagmanager.com *.cloudfront.net;media-src 'self';object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.bugherd.com *.cloudfront.net *.fontawesome.com *.jsdelivr.net;style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com *.bugherd.com *.cloudfront.net *.cdnfonts.com *.jsdelivr.net *.cloudflare.com;worker-src 'none'; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.googletagmanager.com https://cdn-prod.securiti.ai https://tagmanager.google.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com data: *.google.com *.googleusercontent.com https://cdn-prod.securiti.ai https://www.facebook.com/ https://bat.bing.com https://tr.snapchat.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://www.google.com *.ctfassets.net https://appboy-images.com https://braze-images.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://maps.gstatic.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com *.google.com https://*.ggpht.com *.googleusercontent.com https://safetechpageencryptionvar.chasepaymentech.com https://safetechpageencryption.chasepaymentech.com https://cdn-prod.securiti.ai https://sc-static.net https://connect.facebook.net https://analytics.tiktok.com https://tr-shadow.snapchat.com http://bat.bing.com https://bat.bing.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://tr.snapchat.com https://cdn.riskid.security https://knowledgetags.yextpages.net https://sdk.iad-03.braze.com https://js.appboycdn.com https://csp-reporting.cloudflare.com https://challenges.cloudflare.com; frame-src *.google.com https://tr-shadow.snapchat.com https://tr.snapchat.com https://bid.g.doubleclick.net https://challenges.cloudflare.com https://privacy-central.securiti.ai; connect-src 'self' https://*.googleapis.com https://*.google-analytics.com *.google.com https://*.gstatic.com https://cdn-prod.securiti.ai https://app.securiti.ai https://rum.browser-intake-datadoghq.com data: blob: https://tr-shadow.snapchat.com https://analytics.tiktok.com https://tr.snapchat.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://collect.riskid.security https://*.launchdarkly.com https://sdk.iad-03.braze.com; font-src https://fonts.gstatic.com 'self' data:; form-action 'self'; frame-ancestors true 1
script-src 'self' platform.twitter.com syndication.twitter.com www.google.com www.gstatic.com  'unsafe-inline'; img-src 'self' data: syndication.twitter.com mt1.google.com www.google.at c.tile.openstreetmap.org b.tile.openstreetmap.org a.tile.openstreetmap.org; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com https://kit.fontawesome.com https://www.googletagmanager.com https://www.googleadservices.com https://snap.licdn.com https://static.hotjar.com https://bat.bing.com https://static.oktopost.com https://siteimproveanalytics.com https://googleads.g.doubleclick.net https://info.battelle.org *.hotjar.com https://okt.to https://rw1.marchex.io https://cdn.lightwidget.com https://d.clarity.ms/s/0.6.31/clarity.js https://f.clarity.ms/s/0.6.31/clarity.js https://g.clarity.ms/s/0.6.31/clarity.js https://h.clarity.ms/s/0.6.31/clarity.js https://www.clarity.ms/eus2/s/0.6.31/clarity.js https://ipmeta.io/plugin.js https://i.clarity.ms/s/0.6.31/clarity.js http://static.oktopost.com/ http://siteimproveanalytics.com/ http://www.googletagmanager.com/ http://info.battelle.org/ http://rw1.marchex.io/ https://cdn.jsdelivr.net/ https://*.cloudflare.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cloud.typography.com https://www.battelle.org/ https://info.battelle.org/ http://info.battelle.org/ 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com *.analytics.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://c.clarity.ms *.bing.com *.eloqua.com track.hubspot.com https://battelle-dev.idevdesign.net https://inside.battelle.org https://insidebattelle-dev.idevdesign.net *.linkedin.com https://bat.bing.com *.siteimproveanalytics.io https://googleads.g.doubleclick.net https://www.google.com https://px.marchex.io https://p.adsymptotic.com *.battelle.org https://ib.adnxs.com https://secure.adnxs.com http://px.marchex.io/ https://www.googletagmanager.com/ https://battelle-redesign-dev.idevdesign.net/ 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://ka-p.fontawesome.com; frame-src https://www.google.com https://*.hotjar.com *.facebook.com *.battelle.org *.doubleclick.net https://battelle.org https://player.vimeo.com https://lightwidget.com https://cdn.lightwidget.com https://www.youtube.com https://*.spotify.com https://*.xcdsystem.com 'self' web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com https://tracking-dev.americaneagle.com https://tracking-test.americaneagle.com https://searchapi-dev.americaneagle.com https://searchapi-test.americaneagle.com *.mktoresp.com *.google-analytics.com *.analytics.google.com https://ka-p.fontawesome.com *.doubleclick.net *.hotjar.com *.bing.com https://api.ipstack.com https://ipmeta.io https://bat.bing.com https://b.clarity.ms https://d.clarity.ms https://h.clarity.ms https://f.clarity.ms https://www.clarity.ms https://info.battelle.org https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://cdn.linkedin.oribi.io/ http://info.battelle.org/ https://info.battelle.org/ https://pagead2.googlesyndication.com/ https://analytics.google.com/ https://metrics.hotjar.io/ https://px.ads.linkedin.com/ 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://info.battelle.org/ https://vars.hotjar.com 'self' web-chat.nativechat.com 1
frame-ancestors 'self' https://*.watchmegrow.com https://*.localwatchmegrow.com 1
font-src *.fontawesome.com https://fonts.gstatic.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.doubleclick.net https://*.googlesyndication.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://s.zkcdn.net/Advertisers/* https://s.zkcdn.net *.zkcdn.net https://ad.doubleclick.net https://pagead2.googlesyndication.com https://www.max.com.gt data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.googlesyndication.com https://*.hotjar.com https://analytics.tiktok.com https://*.s3.amazonaws.com https://cnstrc.com https://*.cnstrc.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://s.zkcdn.net/Advertisers/* https://s.zkcdn.net *.zkcdn.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://s.zkcdn.net *.zkcdn.net/* *.adzerk.net https://*.adzerk.net/* https://stats.g.doubleclick.net https://analytics.tiktok.com https://pagead2.googlesyndication.com https://vm3jxl0ue9.execute-api.us-east-1.amazonaws.com https://*.hotjar.io wss://ws.hotjar.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://s.zkcdn.net *.zkcdn.net *.adzerk.net https://*.adzerk.net/* 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://s.zkcdn.net *.zkcdn.net/* *.adzerk.net https://*.adzerk.net/* 'self' 'unsafe-inline'; 1
default-src 'unsafe-inline' 'unsafe-eval' https://*.vrr.de/ https://www.cookiebot.com/; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://www.google.com https://www.youtube.com https://w.soundcloud.com https://sc-static.net https://www.gstatic.com https://*.facebook.net https://www.facebook.com https://*.snapchat.com https://*.mouseflow.com https://*.hotjar.com https://*.vrr.de  https://*.flockler.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.cookiebot.com/ https://smck-chat-msg.labs.sabio.de/ https://chatnrw-production-messaging-webchat.patty-awseuc1.swops.cloud; font-src 'self' https://fonts.gstatic.com data:; style-src 'unsafe-inline' 'self' https://*.vrr.de/ https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://*.vrr.de https://*.facebook.net https://www.facebook.com https://*.snapchat.com https://*.mouseflow.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.google-analytics.com https://*.flockler.app https://chatnrw-api-production-messaging.patty-awseuc1.swops.cloud https://chatnrw-production-messaging-webmain.patty-awseuc1.swops.cloud https://consentcdn.cookiebot.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com; frame-src 'self' blob: https://*.vrr.de https://www.youtube.com/ https://www.youtube-nocookie.com/ https://www.google.com/ https://www.facebook.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.snapchat.com https://*.vrr.de https://chatnrw-production-messaging-webchat.patty-awseuc1.swops.cloud https://consentcdn.cookiebot.com https://umap.openstreetmap.de https://w.soundcloud.com/; img-src 'self' data: https: https://*.cdninstagram.com https://*.vrr.de https://*.facebook.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://i.ytimg.com https://media.licdn.com https://*.xx.fbcdn.net https://*.flockler.com https://img.youtube.com; object-src 'self' blob: https://*.vrr.de; worker-src 'self' blob: 1
frame-ancestors 'self' http://app.reskyt.com/ ; 1
default-src 'self'; img-src 'self'; script-src 'self'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com 1
default-src 'none'; child-src 'self' blob: https://*.formswift.com; connect-src 'self' https://*.formswift.com https://rs.fullstory.com https://edge.fullstory.com https://api-js.mixpanel.com https://bam-cell.nr-data.net https://bat.bing.com https://cdn.optimizely.com https://logx.optimizely.com/v1/events https://o138645.ingest.sentry.io https://translate.googleapis.com https://www.google-analytics.com https://*.google-analytics.com https://www.google.com https://*.google.com https://google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://*.dropbox.com/log/ux_analytics https://cfl.dropboxstatic.com https://*.s3.amazonaws.com wss://loc-next.formswift.com/_next/webpack-hmr; font-src 'self' data: https://*.formswift.com https://fonts.gstatic.com; frame-src 'self' blob: https://*.formswift.com https://js.chargify.com https://accounts.google.com https://www.dropbox.com https://consent.dropbox.com https://snapengage.dropbox.com https://td.doubleclick.net; img-src https://* blob: data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.formswift.com https://js.chargify.com https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://accounts.google.com/gsi/client https://www.googleadservices.com https://www.google-analytics.com https://www.dropbox.com https://cfl.dropboxstatic.com https://www.dropbox.com/pithos/privacy_consent https://www.dropbox.com/pithos/ux_analytics https://d3pkntwtp2ukl5.cloudfront.net https://d1igp3oop3iho5.cloudfront.net https://cdn.mxpnl.com https://js-agent.newrelic.com/nr-spa-1194.min.js https://bam-cell.nr-data.net https://bat.bing.com/bat.js https://edge.fullstory.com; style-src 'self' 'unsafe-inline' https://*.formswift.com https://fonts.googleapis.com https://accounts.google.com/gsi/style https://www.googletagmanager.com/debug/badge.css https://www.gstatic.com; worker-src 'self' blob: https://*.formswift.com; report-uri https://api.formswift.com/csp-report; 1
frame-ancestors 'self' https://clientuat.zinghr.com/ *.clarity.ms https://zingnext.zinghr.com/ https://portal.zinghr.com/ https://www.youtube.com/ https://www.google.com/ https://freegeoip.app/ *.zoom.us wss://*.zoom.us;     script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.jsdelivr.net *.googlesyndication.com *.clarity.ms *.fontawesome.com *.allincall.in *.datatables.net *.bootstrapcdn.com *.mxradon.com *.quora.com *.googleadservices.com *.yellowmessenger.com *.cloudflare.com https://snap.licdn.com/ https://www.googletagmanager.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://web-in21.mxradon.com *.outbrain.com https://www.google-analytics.com/analytics.js https://snap.licdn.com/li.lms-analytics/insight.min.js *.taboola.com *.bing.com https://amplify.outbrain.com/cp/obtp.js https://web-in21.mxradon.com/t/Tracker.js *.facebook.net https://googleads.g.doubleclick.net http://widgets.in.webengage.com/js/webengage-min-v-6.0.js https://cdn.jsdelivr.net/npm/bootstrap@4.0.0/dist/js/bootstrap.min.js https://poonawalla-fincorp-uat.allincall.in/static/EasyChatApp/js/easychat-crypto.js https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.2.0/owl.carousel.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js https://widgets.in.webengage.com/js/webengage-min-v-6.0.js https://poonawalla-fincorp-uat.allincall.in/files/deploy/embed_chatbot_1.js https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/select2.min.js https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js *.jquery.com *.googleapis.com;     style-src 'self' 'unsafe-inline' *.fontawesome.com *.allincall.in *.datatables.net *.bootstrapcdn.com *.cloudflare.com *.jquery.com https://poonawalla-fincorp-uat.allincall.in/static/EasyChatApp/css/embed.css https://poonawalla-fincorp-uat.allincall.in/static/EasyChatApp/css/animate.css https://poonawalla-fincorp-uat.allincall.in/static/EasyChatApp/css/theme4_embed.css https://poonawalla-fincorp-uat.allincall.in/static/EasyChatApp/css/themes_popup.css https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css *.jsdelivr.net *.googleapis.com;     font-src 'self' *.fontawesome.com *.jsdelivr.net *.bootstrapcdn.com https://fonts.gstatic.com/ *.yellowmessenger.com *.cloudflare.com *.googleapis.com;     frame-src 'self' *.google.com *.youtube.com https://inzzc2ab3671.in.webengage.co https://td.doubleclick.net *.googlesyndication.com *.allincall.in *.facebook.com https://zingnext.zinghr.com;     connect-src 'self' *.google-analytics.com *.google.com *.yellowmessenger.com *.taboola.com *.clarity.ms *.allincall.in *.outbrain.com https://px.ads.linkedin.com https://px.ads.linkedin.com/wa/ https://bat.bing.com https://cdn.linkedin.oribi.io https://stats.g.doubleclick.net https://analytics.google.com https://q.quora.com/ https://www.google.co.in *.googlesyndication.com wss://app.yellowmessenger.com https://poonawalla-fincorp-uat.allincall.in/chat/get-bot-image/ *.facebook.com;     object-src 'none';     media-src 'self' *.yellowmessenger.com https://q.quora.com;     img-src 'self' data: *.facebook.com *.datatables.net *.jquery.com *.clarity.ms *.bing.com *.googlesyndication.com *.page-source.com *.google-analytics.com https://googleads.g.doubleclick.net *.payu.in *.allincall.in *.ads.linkedin.com *.googletagmanager.com *.yellowmessenger.com *.google.com https://px.ads.linkedin.com https://bat.bing.com https://q.quora.com/ https://www.google.co.in;     base-uri 'self';     default-src 'self'; 1
style-src 'self' https://fonts.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/gtag/ https://region1.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://bilet.kolejeslaskie.com/ https://bilet.kolejeslaskie.com/BiletParametry https://bilet.intercity.pl/przekierowanie.jsp https://gtr.intercity.pl/przekierowanie.jsp https://www.youtube.com/embed/ https://youtube.com/embed/ 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com; object-src 'none'; frame-ancestors 'none'; img-src 'self' https://region1.google-analytics.com https://region1.analytics.google.com https://region1.googletagmanager.com https://region1.g.doubleclick.net https://region1.google.com data: blob:; connect-src 'self' https://region1.google-analytics.com https://region1.analytics.google.com https://region1.googletagmanager.com https://region1.g.doubleclick.net https://region1.google.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-downloads; base-uri 'self'; default-src 'self'; reflected-xss block; report-uri https://portalpasazera.pl/Awaria/CspReport; plugin-types 'none'; form-action https://portalpasazera.pl https://bilkom.pl https://bilet.intercity.pl https://bilet.wielkopolskiebilety.pl https://bilety.polregio.pl https://bilet.kolejeslaskie.com https://bilety.mazowieckie.com.pl https://regiojet.pl https://regiojet.com https://regiojet.ua https://kolejedolnoslaskie.pl https://www.wkd.com.pl https://bilet.intercity.pl/przekierowanie.jsp https://gtr.intercity.pl/przekierowanie.jsp; 1
frame-ancestors 'self' chrome-extension://hfdhpmpfpcnbboppkkkblilhbloejijj 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://firebaselogging-pa.googleapis.com https://firestore.googleapis.com https://code.jquery.com https://az416426.vo.msecnd.net https://www.google.com https://www.googletagmanager.com https://dl.episerver.net https://www.google-analytics.com https://www.youtube.com https://www.youtube-nocookie.com https://s.ytimg.com https://www.gstatic.com https://stats.g.doubleclick.net https://login.microsoftonline.com https://maps.googleapis.com https://www.googleadservices.com https://tagmanager.google.com https://*.siteimproveanalytics.com https://*.siteimprove.com https://*.siteimprove.net https://*.siteimproveanalytics.io https://siteimproveanalytics.com https://siteimprove.com https://siteimprove.net https://siteimproveanalytics.io https://cookie-cdn.cookiepro.com https://collector-6959.tvsquared.com https://connect.facebook.net https://secure.adnxs.com https://static.ads-twitter.com https://analytics.twitter.com https://www.muchloved.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://googleads.g.doubleclick.net https://storage.googleapis.com https://*.snapengage.com https://*.hotjar.com https://bat.bing.com https://*.azureedge.net wss://*.noibu.com https://*.noibu.com https://*.analytics.google.com;style-src 'self' 'unsafe-inline' https://cloud.typography.com https://www.sja.org.uk https://dl.episerver.net https://fonts.googleapis.com https://tagmanager.google.com http://www.googletagmanager.com https://www.muchloved.com https://cdnjs.cloudflare.com https://cdn.fonts.net https://*.hotjar.com https://*.svc.dynamics.com;img-src 'self' https://redeye.sja.org.uk https://az416426.vo.msecnd.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://www.youtube-nocookie.com https://*.ytimg.com https://www.gstatic.com https://stats.g.doubleclick.net https://dl.episerver.net https://scontent.cdninstagram.com https://login.microsoftonline.com https://img.youtube.com https://maps.googleapis.com https://maps.gstatic.com https://ssl.gstatic.com https://*.siteimproveanalytics.com https://*.siteimprove.com https://*.siteimprove.net https://*.siteimproveanalytics.io https://siteimproveanalytics.com https://siteimprove.com https://siteimprove.net https://siteimproveanalytics.io https://cookie-cdn.cookiepro.com https://collector-6959.tvsquared.com https://www.facebook.com https://t.co https://*.muchloved.com https://www.ml-dev.com https://*.snapengage.com https://www.google.co.uk https://storage.googleapis.com https://*.hotjar.com https://bat.bing.com https://*.svc.dynamics.com unsafe-inline data:;media-src 'self' https://*.snapengage.com;frame-src 'self' https://www.google.com https://commerce.sja.redweb.network https://sjacommercedevmaster.redweb.network https://ade1-mgrstja01mstrn249finte.dxcloud.episerver.net https://mgrstja01mstrn249finte.dxcloud.episerver.net https://mgrstja01mstrn249fprep.dxcloud.episerver.net https://mgrstja01mstrn249fprod.dxcloud.episerver.net https://login.microsoftonline.com https://www.youtube.com https://www.youtube-nocookie.com https://servedby.flashtalking.com https://www.facebook.com https://www.muchloved.com https://*.siteimprove.com https://widget.trustpilot.com https://googleads.g.doubleclick.net https://*.hotjar.com https://*.svc.dynamics.com;font-src 'self' https://fonts.gstatic.com https://cloud.typography.com https://fonts.googleapis.com https://*.hotjar.com data:;connect-src 'self' https://dc.services.visualstudio.com https://cookie-cdn.cookiepro.com https://privacyportal.cookiepro.com https://www.google-analytics.com https://stats.g.doubleclick.net https://my2.siteimprove.com https://id.siteimprove.com https://*.snapengage.com wss://*.firebaseio.com wss://firebasedatabase.app wss://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://*.google-analytics.com https://*.svc.dynamics.com wss://*.noibu.com https://*.noibu.com https://*.analytics.google.com;report-uri /WebResource.axd?cspReport=true 1
frame-ancestors 'self' https://manage.fleetowner.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors 'self' https://*.t-mobile.pl; frame-src 'self' https://*.t-mobile.pl https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.youtube.com https://www.youtube-nocookie.com https://*.creativecdn.com https://*.criteo.com https://*.criteo.net https://*.doubleclick.net https://*.facebook.com https://*.googlesyndication.com https://*.medallia.eu https://*.revhunter.tech; 1
frame-ancestors 'self' *.strumentimusicali.net; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gcloud.belgium.be *.socialsecurity.be https://matomo.bosa.be;style-src 'self' 'unsafe-inline' *.googleapis.com *.bootstrapcdn.com *.fontawesome.com *.gcloud.belgium.be;img-src 'self' data: *.sfpd.fgov.be *.socialsecurity.be *.mypension.be; 1
default-src 'self';script-src 'self' https://www.googletagmanager.com https://pagead2.googlesyndication.com https://connect.facebook.net https://api-js.mixpanel.com https://stackpath.bootstrapcdn.com https://www.google-analytics.com https://okcredit.com https://web.okcredit.in https://web.staging.okcredit.in https://code.jquery.com https://js-agent.newrelic.com https://bam.nr-data.net https://connect.facebook.net https://l.getsitecontrol.com https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com https://kenwheeler.github.io https://www.youtube.com https://www.youtube-nocookie.com 'unsafe-inline';script-src-attr 'unsafe-inline';worker-src 'self' data: blob:;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://themes.googleusercontent.com;connect-src data: 'self' https://api-js.mixpanel.com https://bam.nr-data.net https://okcredit.com https://web.okcredit.in https://web.staging.okcredit.in https://l.getsitecontrol.com https://www.google-analytics.com https://stats.g.doubleclick.net https://boards-api.greenhouse.io;img-src 'self' https://storage.googleapis.com https://www.google.com https://www.google.co.in data: https://okcredit-blog-images-prod.storage.googleapis.com;media-src 'self' https://storage.googleapis.com;font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com;base-uri 'self';frame-src 'self' https://storage.googleapis.com https://td.doubleclick.net https://www.youtube.com;object-src https://www.youtube.com;form-action 'self';frame-ancestors 'self';upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.omtrdc.net *.contentsquare.net *.yextevents.com *.sitescdn.com *.sitescdn.net *.keyxel.com *.amplifoninternal.com *.fonts.gstatic.com *.everesttech.net; 	script-src-elem 'self' 'unsafe-inline' *.omtrdc.net *.contentsquare.net *.sitescdn.net *.yextevents.com *.sitescdn.com *.adnxs.net *.taboola.com *.gstatic.com *.qualtrics.com *.criteo.com *.criteo.net *.google.com *.aiaibot.com *.clarity.ms *.doubleclick.net *.logbor.com *.realytics.net *.metaffiliation.com *.realytics.io *.googleadservices.com *.pinterest.com *.pinimg.com *.iadvize.com *.zemanta.com *.adroll.com *.adform.net *.bing.com *.monsido.com *.tiktok.com *.outbrain.com *.hotjar.com *.adalyser.com *.responsetap.com *.exelator.com *.trustpilot.com *.adnxs.com *.crwdcntrl.net *.teads.tv *.googleapis.com *.facebook.net *.google-analytics.com maps.googleapis.com *.amplifon.com *.lpsnmedia.net *.tvsquared.com *.everestjs.net *.liveperson.net *.rfihub.net *.cookielaw.org *.adobedtm.com *.googletagmanager.com *.youtube.com; 	style-src 'self' 'unsafe-inline' 'unsafe-hashes' *.yextevents.com *.sitescdn.com *.sitescdn.net fonts.googleapis.com *.amplifon.com maps.googleapis.com; 	script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' *.omtrdc.net *.contentsquare.net *.keyxel.com *.adnxs.net *.exelator.com maps.googleapis.com; 	frame-src 'self' *.amplifon.com *.omtrdc.net *.contentsquare.net *.yextevents.com *.sitescdn.com *.sitescdn.net *.keyxel.com *.google.com *.criteo.net *.criteo.com *.youtube-nocookie.com *.hbfstech.net *.pinterest.com *.adroll.com *.trustpilot.com *.crwdcntrl.net *.teads.tv maps.googleapis.com *.rfihub.com *.lpsnmedia.net *.doubleclick.net *.demdex.net; 	font-src *.gstatic.com *.amplifon.com maps.googleapis.com; 	img-src 'self' data: * *.omtrdc.net *.contentsquare.net *.yextevents.com *.sitescdn.com *.sitescdn.net *.keyxel.com *.adnxs.net *.everesttech.net *.gstatic.com *.tvsquared.com *.googleusercontent.com *.facebook.com *.cookielaw.org *.ibb.co *.doubleclick.net ; 	connect-src 'self' *.omtrdc.net *.contentsquare.net *.yextevents.com *.sitescdn.com *.sitescdn.net *.keyxel.com *.hotjar.com *.hotjar.io *.adnxs.net *.taboola.com *.googlesyndication.com *.qualtrics.com *.criteo.com *.pangle-ads.com *.bing.com *.aiaibot.com *.clarity.ms *.realytics.io *.metaffiliation.com *.pinterest.com *.iadvize.com *.nielsen.com *.responsetap.com *.tiktok.com *.outbrain.com *.tiktok.com *.exelator.com *.teads.tv *.googleapis.com *.analytics.google.com *.google.com *.doubleclick.net *.googleusercontent.com maps.googleapis.com *.amplifon.com *.amplifoninternal.com *.everesttech.net *.google-analytics.com *.onetrust.com *.cookielaw.org *.demdex.net *.omtrdc.net; 	worker-src blob: *.amplifon.com *.googleapis.com maps.googleapis.com; 1
default-src 'none'; script-src 'report-sample' 'self' http: https: wss: blob: 'unsafe-eval' wasm-unsafe-eval 'nonce-3zxBfJJFOFP5atroNTJPfguvW8lWLBjfK6l23uGj0FQ='; connect-src blob: data: 'self' https://analytics.finna.fi https://*.tv.funet.fi; style-src * 'unsafe-inline'; img-src * data: blob:; media-src * blob:; font-src * data:; base-uri 'self'; manifest-src 'self'; child-src blob:; frame-src https://player.vimeo.com https://www.youtube.com https://players.icareus.com https://www.youtube-nocookie.com; 1
frame-ancestors 'self'; block-all-mixed-content; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self' *.recaptcha.net recaptcha.net https://www.google.com/recaptcha/ https://recaptcha.google.com www.googletagmanager.com; base-uri 'self'; form-action 'self'; report-uri https://www.intaspharma.com/report; 1
frame-ancestors 'self'; base-uri 'self'; form-action teufel.de zed.teufel.de support.teufel.de retoure.teufel.de blog.teufel.de www.terminland.de www.saferpay.com test.saferpay.com payments.amazon.de *.amazon.de row.ups.com checkout.sandbox.getalma.eu checkout.getalma.eu service.teufel.de *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.contentsquare.net *.contentsquare.com teufelaudio.at teufel.ch teufelaudio.fr teufelaudio.nl teufelaudio.be teufelaudio.es teufelaudio.it cz.teufelaudio.com dk.teufelaudio.com ee.teufelaudio.com fi.teufelaudio.com gb.teufelaudio.com gr.teufelaudio.com hr.teufelaudio.com hu.teufelaudio.com ie.teufelaudio.com li.teufelaudio.com lt.teufelaudio.com lu.teufelaudio.com lv.teufelaudio.com no.teufelaudio.com pt.teufelaudio.com se.teufelaudio.com si.teufelaudio.com sk.teufelaudio.com teufelaudio.pl us.teufelaudio.com 'self' 1
default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-05545825c899f5ec' 'unsafe-inline' blob: https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://*.gstatic.com https://*.facebook.net https://*.facebook.com; object-src 'none'; base-uri 'none'; style-src 'self' 'unsafe-inline' https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://*.gstatic.com https://*.facebook.net https://*.facebook.com; img-src 'self' data: https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://*.gstatic.com https://*.facebook.net https://*.facebook.com; media-src 'self' https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://*.gstatic.com https://*.facebook.net https://*.facebook.com; font-src 'self' data: https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://*.gstatic.com https://*.facebook.net https://*.facebook.com; connect-src 'self' https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://*.gstatic.com https://*.facebook.net https://*.facebook.com 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval';                img-src * blob: data:;                frame-src https: 'self';               style-src https: 'self' 'unsafe-inline';                font-src https: 'self' data:;                connect-src https: 'self' 1
default-src 'self';                     script-src 'self' 'unsafe-inline' 'unsafe-eval'                         filesystem:                             https://www.synetiq.co.uk                             https://synetiq.co.uk                             https://maps.googleapis.com/maps/api/                             widget.trustpilot.com/                             https://uk.trustpilot.com/                             https://www.google.com/                             https://www.gstatic.com/recaptcha/releases/                             https://www.googletagmanager.com/                             https://connect.facebook.net/                             https://static.hotjar.com/                             https://static.zdassets.com/                             https://www.google-analytics.com/                             https://googleads.g.doubleclick.net/                             https://www.paypal.com/                             https://www.googleadservices.com/                             https://ajax.googleapis.com/                             https://script.hotjar.com/                             https://s3.amazonaws.com/downloads.mailchimp.com/                             https://synetiq.us3.list-manage.com/                             https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.6-rc.0/js/select2.min.js                     ;                     style-src 'self' 'unsafe-inline' 'unsafe-eval'                         filesystem:                             https://www.synetiq.co.uk                             https://synetiq.co.uk                             fonts.gstatic.com                             fonts.googleapis.com                             https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.6-rc.0/css/select2.min.css                     ;                     img-src * data:;                     connect-src 'self' 'unsafe-inline' 'unsafe-eval'                         filesystem:                         https://www.synetiq.co.uk                         https://synetiq.co.uk                         https://www.synetiq-dev.co.uk/wp-admin/admin-ajax.php                         https://www.synetiq.co.uk/wp-admin/admin-ajax.php                         https://www.synetiq-dev.co.uk/wp-json/                         https://www.synetiq.co.uk/wp-json/                         https://www.google-analytics.com/                         https://stats.g.doubleclick.net/                         https://ekr.zdassets.com/                         https://synetiq.zendesk.com/                         wss://widget-mediator.zopim.com/                         https://region1.analytics.google.com/                         https://www.sandbox.paypal.com/                         https://www.paypal.com/                         https://www.facebook.com/                         https://vc.hotjar.io/sessions/                     ;                     font-src 'self' data:                         filesystem:                             https://script.hotjar.com/                             https://www.synetiq.co.uk                             https://synetiq.co.uk                             fonts.gstatic.com                             fonts.googleapis.com                     ;                     frame-ancestors 'self';                     frame-src 'self'                         filesystem:                             https://www.synetiq.co.uk                             https://synetiq.co.uk                             https://www.youtube.com/                             https://www.instagram.com/                             https://www.facebook.com/                             https://www.linkedin.com/                             https://www.google.com/                             https://www.sandbox.paypal.com/                             https://www.paypal.com/                             https://widget.trustpilot.com/                             https://td.doubleclick.net/                     ;                     media-src 'self'                         filesystem:                             https://www.synetiq.co.uk                             https://synetiq.co.uk                             https://static.zdassets.com                     ;                  1
frame-ancestors 'self' http://www.magnumicecream.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 1
connect-src 'self' *.6sc.co *.6sense.com *.hs-banner.com aorta.clickagy.com api.hsforms.com api.hubapi.com app.clearbit.com cdn.linkedin.oribi.io conversions-config.reddit.com hemsync.clickagy.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://analytics.google.com https://home.stellarite.io material-site.cdn.prismic.io opps-api.getwarmly.com pixel-config.reddit.com px.ads.linkedin.com ws.zoominfo.com www.redditstatic.com;default-src 'self';font-src 'self' fonts.gstatic.com;frame-src 'self' hemsync.clickagy.com https://recaptcha.google.com/recaptcha/ https://td.doubleclick.net https://www.google.com/recaptcha/ material-site.prismic.io open.spotify.com www.vimeo.com www.youtube.com;img-src 'self' *.6sc.co alb.reddit.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com images.prismic.io material-site.cdn.prismic.io/material-site/ prismic-io.s3.amazonaws.com/material-site/ px.ads.linkedin.com px4.ads.linkedin.com ssl.gstatic.com track.hubspot.com www.linkedin.com;media-src 'self' material-site.cdn.prismic.io;script-src 'nonce-HfFCBeg3kP3vCJSB4NXU' 'self' 'strict-dynamic' *.6sc.co *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net 6sense.com cdnjs.cloudflare.com https://*.googletagmanager.com https://www.google.com https://www.google.com/recaptcha/ https://www.googleadservices.com https://www.gstatic.com/recaptcha/ js.zi-scripts.com prismic.io px.ads.linkedin.com snap.licdn.com static.cdn.prismic.io tag.clearbitscripts.com tags.clickagy.com unpkg.com ws.zoominfo.com www.redditstatic.com x.clearbitjs.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
default-src 'self' data: blob: *.userlocal.jp *.tigmedia.jp tigmedia.jp wss://ntjp.mieru-ca.com *.yahoo.co.jp *.google.com *.typekit.net use.fontawesome.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net www.facebook.com youtube.com youtu.be www.youtube.com *.line.me ads.witter.com static.ads-twitter.com d.line-scdn.net s.yimg.jp *.criteo.net criteo-sync.teads.tv s.yjtag.jp www.googleadservices.com s.adroll.com d.adroll.mgr.consensu.org *.criteo.com *.mieru-ca.com d.line-cdn.net cdn.jsdelivr.net connect.facebook.net *.rakuten.com tk.jrs5.com *.google.co.jp consent.linksynergy.com x.bidswitch.net ib.adnxs.com partner.mediawallahscript.com *.adscale.de r.casalemedia.com ad.360yield.com contextual.media.net exchange.mediavine.com sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com sync-t1.taboola.com eb2.3lift.com *.yahoo.com ad.as.amanad.adtdp.com ads.stickyadstv.com idsync.rlcdn.com cs.adingo.jp adx.dable.io t.co analytics.twitter.com *.socdm.com ad.yieldlab.net beacon.krxd.net tags.bluekai.com *.bing.com idsync.admixer.co.kr s.ad.smaato.net ade.clmbtech.com sync-criteo.ads.yieldmo.com 1f2e7.v.fwmrm.net *.a-den.jp *.aeonshop.com aeonshop.com fontawesome.com e1.emxdgt.com trc.taboola.com match.adsrvr.org *.nakanohito.jp nakanohito.jp sp-trk.com sync.aralego.com *.clarity.ms secure.adnxs.com cdn.aralego.net match.prod.bidr.io im-apps.net *.im-apps.net *.hellouniweb.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.tigmedia.jp tigmedia.jp tig-contents.com *.yahoo.co.jp *.google.com *.typekit.net use.fontawesome.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net www.facebook.com youtube.com youtu.be www.youtube.com *.line.me ads.twitter.com static.ads-twitter.com d.line-scdn.net s.yimg.jp *.criteo.net criteo-sync.teads.tv s.yjtag.jp www.googleadservices.com s.adroll.com d.adroll.mgr.consensu.org *.criteo.com *.mieru-ca.com d.line-cdn.net cdn.jsdelivr.net connect.facebook.net *.rakuten.com tk.jrs5.com *.google.co.jp consent.linksynergy.com x.bidswitch.net ib.adnxs.com partner.mediawallahscript.com *.adscale.de r.casalemedia.com ad.360yield.com contextual.media.net exchange.mediavine.com sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com sync-t1.taboola.com eb2.3lift.com ups.analytics.yahoo.com ad.as.amanad.adtdp.com ads.stickyadstv.com idsync.rlcdn.com cs.adingo.jp adx.dable.io t.co analytics.twitter.com *.socdm.com ad.yieldlab.net beacon.krxd.net tags.bluekai.com c.bing.com idsync.admixer.co.kr s.ad.smaato.net ade.clmbtech.com sync-criteo.ads.yieldmo.com 1f2e7.v.fwmrm.net *.a-den.jp *.aeonshop.com aeonshop.com fontawesome.com cs.nakanohito.jp sp-trk.com bat.bing.com www.clarity.ms *.im-apps.net im-apps.net *.hellouniweb.com; style-src 'self' 'unsafe-inline' *.nakanohito.jp *.yahoo.co.jp *.google.com *.typekit.net use.fontawesome.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net www.facebook.com youtube.com youtu.be www.youtube.com *.line.me ads.twitter.com static.ads-twitter.com d.line-scdn.net s.yimg.jp *.criteo.net criteo-sync.teads.tv s.yjtag.jp www.googleadservices.com s.adroll.com d.adroll.mgr.consensu.org *.criteo.com *.mieru-ca.com d.line-cdn.net cdn.jsdelivr.net connect.facebook.net *.rakuten.com tk.jrs5.com *.google.co.jp consent.linksynergy.com x.bidswitch.net ib.adnxs.com partner.mediawallahscript.com *.adscale.de r.casalemedia.com ad.360yield.com contextual.media.net exchange.mediavine.com sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com sync-t1.taboola.com eb2.3lift.com ups.analytics.yahoo.com ad.as.amanad.adtdp.com ads.stickyadstv.com idsync.rlcdn.com cs.adingo.jp adx.dable.io t.co analytics.twitter.com *.socdm.com ad.yieldlab.net beacon.krxd.net tags.bluekai.com c.bing.com idsync.admixer.co.kr s.ad.smaato.net ade.clmbtech.com sync-criteo.ads.yieldmo.com 1f2e7.v.fwmrm.net *.a-den.jp *.aeonshop.com aeonshop.com fontawesome.com fonts.googleapis.com *.hellouniweb.com 1
frame-ancestors 'self' https://*.deuter.com https://*.gonso.de https://*.maier-sports.com https://*.ortovox.com https://*.arrabiata.de; 1
default-src 'self' 'unsafe-inline' www.google-analytics.com code.jquery.com *.disqus.com disqus.com *.bootstrapcdn.com *.disquscdn.com www.gravatar.com   https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.karlaporter.com *.shanx.com *.amitavac.com *.googleapis.com  *.googletagmanager.com  platform.twitter.com shanx.matomo.com    *.amazonaws.com   apis.google.com ssl.google-analytics.com connect.facebook.net https:; img-src 'self' *.karlaporter.com *.iconj.com  cdn-images.mailchimp.com  *.shanx.com *.amitavac.com ssl.google-analytics.com s-static.ak.facebook.com i.imgur.com imgur.com  data:  https:; style-src 'self' 'unsafe-inline' *.shanx.com  cdn-images.mailchimp.com  *.karlaporter.com *.amitavac.com *.ionicframework.com  use.typekit.net  fonts.adobe.com  fonts.googleapis.com fonts.gstatic.com https:; font-src 'self' *.shanx.com   use.typekit.net  *.ionicframework.com netdna.bootstrapcdn.com themes.googleusercontent.com fonts.gstatic.com data:; object-src  https:; media-src  'self'  https:; frame-ancestors 'self'; frame-src 'self' https:;  1
object-src 'self'; frame-ancestors 'self'; report-uri https://www.examenblad.nl/report-uri/enforce 1
font-src *.klarnacdn.net *.ionicframework.com *.giosgusercontent.com https://giosg-chat-public-eu.s3.amazonaws.com *.piwik.pro *.containers.piwik.pro https://www.gstatic.com https://fonts.gstatic.com *.yliopistonapteekki.fi *.ya.fi data: 'self' 'unsafe-inline'; form-action *.yliopistonapteekki.fi 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.klarna.com fi1.frosmo.com *.fi1.frosmo.com https://d2oarllo6tn86.cloudfront.net *.giosg.com *.giosgcobrowse.com *.giosgusercontent.com *.piwik.pro *.containers.piwik.pro consentcdn.cookiebot.com https://www.google.com maps.googleapis.com *.sttinfo.fi videobot.com *.yliopistonapteekki.fi 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net https://images.ctfassets.net fi1.frosmo.com *.fi1.frosmo.com https://d2oarllo6tn86.cloudfront.net https://giosg-chat-public-eu.s3.amazonaws.com *.giosg.com *.giosgcobrowse.com *.giosgusercontent.com *.piwik.pro *.containers.piwik.pro imgsct.cookiebot.com https://www.googletagmanager.com https://www.google-analytics.com *.ya.lamia.tech *.ya.fi *.yliopistonapteekki.fi secure.adnxs.com siirto.siitepoly.fi *.cloudflarestream.com data: 'self' 'unsafe-inline'; script-src s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.klarna.com *.klarnacdn.net *.klarnaservices.com https://unpkg.com fi1.frosmo.com *.fi1.frosmo.com https://d2oarllo6tn86.cloudfront.net *.giosg.com *.giosgcobrowse.com *.giosgusercontent.com *.piwik.pro *.containers.piwik.pro consent.cookiebot.com consentcdn.cookiebot.com https://www.google.com https://www.gstatic.com www.custobar.com https://www.googletagmanager.com https://www.google-analytics.com *.sttinfo.fi *.ya.lamia.tech *.ya.fi *.yliopistonapteekki.fi ajax.cloudflare.com videobot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.klarnacdn.net fi1.frosmo.com *.fi1.frosmo.com https://d2oarllo6tn86.cloudfront.net *.ionicframework.com *.giosg.com *.giosgcobrowse.com *.giosgusercontent.com *.piwik.pro *.containers.piwik.pro https://fonts.googleapis.com *.yliopistonapteekki.fi 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://api.contentful.com fi1.frosmo.com *.fi1.frosmo.com https://d2oarllo6tn86.cloudfront.net *.giosg.com *.giosgcobrowse.com *.giosgusercontent.com wss://*.giosgcobrowse.com *.piwik.pro *.containers.piwik.pro consentcdn.cookiebot.com ws://127.0.0.1:9502 api.custobar.com https://www.google-analytics.com *.talentadore.com *.ya.fi wss://b2c-staging.ya.fi wss://b2c-test.ya.fi wss://b2c-prod.ya.lamia.tech wss://b2c-stg.ya.lamia.tech wss://b2c-dev.ya.lamia.tech wss://www.yliopistonapteekki.fi *.videobot.com *.cloudflarestream.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src fi1.frosmo.com *.fi1.frosmo.com https://d2oarllo6tn86.cloudfront.net *.giosg.com *.giosgusercontent.com *.giosgcobrowse.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; default-src 'self' https://*.google-analytics.com https://*.googletagmanager.com; frame-ancestors 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'report-sample' 'unsafe-inline' https://*.apple.com https://google.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com; object-src 'self' https://*.googlesyndication.com https://*.e-transactions.fr; frame-src https://* https://*.e-transactions.fr https://player.reetags.com; child-src 'self' blob: https://*.doubleclick.net https://google.com https://*.google.com https://*.google.fr https://*.googlesyndication.com https://*.googletagmanager.com https://*.youtube.com; img-src 'self' data: blob: https://*; font-src 'self' data: https://github.com https://fonts.gstatic.com https://use.typekit.net; connect-src 'self' about: https://hub.pharma-gdd.com https://api.stripe.com https://*.adyen.com wss://*.firebaseio.com https://*.doubleclick.net https://*.googleapis.com https://*.googleadservices.com https://*.googletagmanager.com https://*.googletagservices.com https://*.google-analytics.com https://*.gstatic.com https://google.com https://*.google.com https://*.googlesyndication.com https://www.facebook.com https://connect.facebook.net https://spay.samsung.com https://*.e-transactions.fr https://*.amazonaws.com https://*.caast.tv https://*.mux.com wss://*.caast.tv https://*.axept.io; manifest-src 'self'; form-action https://*; media-src 'self' blob: https://*.mux.com; worker-src 'self' blob:; report-uri https://www.pharma-gdd.com/cspreport; 1
default-src 'self';media-src 'self' blob: data: *.onnetwork.tv;worker-src 'self' blob: data: *.sadeczanin.info;script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.googleapis.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com https://weatherwidget.io *.weatherwidget.io *.google.com *.g.doubleclick.net *.instagram.com *.googlesyndication.com *.twitter.com  *.openxcdn.net *.4dex.io *.criteo.net tags.crwdcntrl.net *.creativecdn.com cdn.id5-sync.com cdn.prod.uidapi.com *.onnetwork.tv *.googleapis.com *.jsdelivr.net *.facebook.net *.2mdn.net *.google-analytics.com *.optad360.io *.script.ac *.ampproject.org; img-src 'self' https: data: blob: http://api.sadeczanin.info; style-src 'self' 'unsafe-inline' www.fonts.googleapis.com *.googleapis.com *.onnetwork.tv; font-src 'self' data:  *.fonts.googleapis.com *.onnetwork.tv *.gstatic.com; frame-src 'self' https://weatherwidget.io *.weatherwidget.io https://instagram.com *.instagram.com https://twitframe.com *.twitframe.com *.twitter.com *.facebook.com *.googlesyndication.com *.google.com *.g.doubleclick.net *.googleadservices.com *.youtube.com *.youtu.be https://youtube.com https://youtu.be https://zrzutka.pl *.zrzutka.pl *.criteo.com *.onnetwork.tv *.googleapis.com *.aztv.pl *.casalemedia.com *.openx.net *.quantumdex.io *.adxbid.info *.openx.net *.quantumdex.io https://adxbid.info *.adxbid.info https://onetag-sys.com *.onetag-sys.com *.openx.net *.smartadserver.com *.wp.pl *.rubiconproject.com *.pubmatic.com *.a-mo.net *.indexww.com *.adnxs.com *.3lift.com; connect-src 'self' *.google-analytics.com *.sadeczanin.info pagead2.googlesyndication.com *.google.com *.g.doubleclick.net *.gstatic.com bcp.crwdcntrl.net id5-sync.com *.criteo.com *.criteo.net *.onnetwork.tv *.jsdelivr.net *.openx.net *.adnxs.com *.quantumdex.io *.wp.pl *.rubiconproject.com https://dnacdn.net *.dnacdn.net *.onetag-sys.com https://onetag-sys.com *.a-mo.net *.casalemedia.com *.pubmatic.com *.smartadserver.com *.adform.net *.creativecdn.com *.vidoomy.com *.4dex.io *.adxpremium.services *.adsrvr.org ; 1
default-src * 'unsafe-eval' 'unsafe-inline'; connect-src * blob:; font-src * data:; img-src * blob: data:; object-src 'none' 1
img-src 'self' data:; default-src 'self' 'unsafe-inline' 1
default-src https: 'self' 'unsafe-inline'; img-src 'self'; child-src 'none' 1
default-src 'unsafe-eval' 'unsafe-inline' 'self' ; font-src 'unsafe-eval' 'unsafe-inline' 'self' fonts.gstatic.com use.typekit.net styles.assets-landingi.com geowidget.easypack24.net; style-src 'unsafe-eval' 'unsafe-inline' 'self' fonts.googleapis.com use.typekit.net p.typekit.net amazonaws.com geowidget.easypack24.net; script-src 'unsafe-eval' 'unsafe-inline' 'self' www.googletagmanager.com www.google-analytics.com connect.facebook.net stats.g.doubleclick.net maps.google.com maps.googleapis.com s.ytimg.com region1.analytics.google.com analytics.google.com geowidget.easypack24.net www.clarity.ms clarity.ms googleads.g.doubleclick.net *.clarity.ms region1.google-analytics.com; connect-src 'unsafe-eval' 'unsafe-inline' 'self' www.google-analytics.com analytics.google.com region1.analytics.google.com stats.g.doubleclick.net www.google.pl www.facebook.com maps.googleapis.com region1.analytics.google.com analytics.google.com api-pl-points.easypack24.net osm.inpost.pl clarity.ms *.clarity.ms pagead2.googlesyndication.com region1.google-analytics.com www.google.com googleads.g.doubleclick.net; frame-src 'unsafe-eval' 'unsafe-inline' 'self' www.facebook.com www.youtube.com td.doubleclick.net parcelshop.dhl.pl; img-src * 'self' data: https:; object-src 'unsafe-eval' 'unsafe-inline' 'self' data: 1
default-src * data: 'unsafe-inline' 'unsafe-eval' blob:;media-src * blob:;img-src * data: 'unsafe-inline' blob:;font-src * data: 'unsafe-inline'; frame-ancestors *.amway.in 1
frame-ancestors 'self' https://my.audinate.com https://my7.stage.audinate.com 1
frame-ancestors 'self' commander.weatherops.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com                                           https://www.googletagmanager.com https://apis.google.com https://www.google.com https://www.gstatic.com https://cse.google.com/ https://maps.googleapis.com https://maps.gstatic.com                                         https://maps.googleapis.com/maps/api/* https://connect.facebook.net/es_ES/sdk.js 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://*;                                           style-src 'self' https://* 'unsafe-inline'; object-src 'self'; base-uri 'none'; connect-src *; frame-ancestors https://www.bancounion.com.bo/ https://bancounion.com.bo/                                           https://www.segip.gob.bo/ https://kioscovirtual.bancounion.com.bo/ https://wserv-kio.bancounion.com.bo/ https://wservlb03.bancounion.com.bo/ https://wservlb03/UniPortalQRCalidad/                                  https://portalbusa-desarrollo.azurewebsites.net/ https://portalbusa-portalbusacalidad.azurewebsites.net/ ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; img-src 'self' data: * 1
default-src 'self' chat-t.bmf.gv.at chat-q.bmf.gv.at chat.bmf.gv.at; script-src 'self' service.bmf.gv.at bksuche.brz.gv.at chat-t.bmf.gv.at chat-q.bmf.gv.at chat.bmf.gv.at static.etracker.com www.etracker.de code.etracker.com 'unsafe-eval' 'unsafe-inline'; img-src data: 'self' www.etracker.de; connect-src 'self' www.etracker.de bksuche.brz.gv.at wss://chat-t.bmf.gv.at wss://chat-q.bmf.gv.at wss://chat.bmf.gv.at; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; child-src 'self'; frame-src *; form-action 'self'; font-src 'self' chat-t.bmf.gv.at chat-q.bmf.gv.at chat.bmf.gv.at data:; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'none' ; img-src 'self' data: https://blob.userflow.com https://cdn.userflow.com https://js.userflow.com https://storage.googleapis.com/studio1-prod-blob/ * ; connect-src 'self' https://browser-intake-datadoghq.eu https://rum.browser-intake-datadoghq.eu https://logs.browser-intake-datadoghq.eu https://session-replay.browser-intake-datadoghq.eu https://api.analytics.pigment.app https://cdn.analytics.pigment.app https://auth.pigment.app https://staging-login.pigment.app wss://pigment.app wss://e.userflow.com https://cdn.userflow.com https://e.userflow.com https://js.userflow.com https://inapp.planhat.com https://analytics.planhat.com https://rs.fullstory.com wss://rs.fullstory.com https://edge.fullstory.com https://global.oktacdn.com https://api.segment.io https://cdn.segment.com https://api.maptiler.com ; script-src 'self' cdn.analytics.pigment.app edge.fullstory.com rs.fullstory.com js.userflow.com cdn.userflow.com app.planhat.com cdn.announcekit.app cdn.segment.com ; frame-src announcekit.co auth.pigment.app staging-login.pigment.app ; style-src 'self' 'unsafe-inline' js.userflow.com cdn.userflow.com fonts.googleapis.com cdn.announcekit.co ; worker-src blob: ; font-src 'self' fonts.gstatic.com data: ; manifest-src 'self' ; object-src 'none' ; media-src https://blob.userflow.com https://cdn.userflow.com https://storage.googleapis.com/studio1-prod-blob/ ; frame-ancestors https://pigment7-dev-ed.develop.lightning.force.com/ https://pigment7-dev-ed--c.develop.vf.force.com/; base-uri 'self' ; form-action https://announcekit.co ; report-uri https://pigment.uriports.com/reports/report ; report-to enforce ; 1
default-src 'self' *.nonstopbonus.com *.getsitecontrol.com *.getsitectrl.com *.youtube.com *.datamother.com *.firebaseio.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com ajax.googleapis.com *.getsitecontrol.com *.getsitectrl.com;connect-src 'self' *.getsitecontrol.com *.getsitectrl.com *.googletagmanager.com *.google-analytics.com *.firebaseio.com *.doubleclick.net  wss: datamother.com;img-src 'self' data: *.google-analytics.com *.getsitecontrol.com *.getsitectrl.com;style-src 'unsafe-inline' 'self';base-uri 'self';form-action 'self';font-src data: 'self' *.getsitecontrol.com *.getsitectrl.com 1
frame-ancestors 'self' kumu.io embed.kumu.io 1
default-src 'self'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.usefathom.com anytype1.matomo.cloud i.ytimg.com *.githubusercontent.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.usefathom.com anytype1.matomo.cloud www.youtube.com; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self' *.youtube.com; object-src 'self'; connect-src 'self' cdn.usefathom.com anytype1.matomo.cloud noembed.com contributors.any.coop; 1
default-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://mycliplister.com  https://*.mycliplister.com  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://consumer-app.ftrace.com  https://grillnchillquiz.desgsr.com  https://lidl-aktivacije.com.hr  https://lidlslider.desgsr.com  https://lidl.level.hr  https://lidl.level.hr  data:  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://consumer-app.ftrace.com  https://grillnchillquiz.desgsr.com  https://lidl-aktivacije.com.hr  https://lidlslider.desgsr.com  https://lidl.level.hr  https://lidl.level.hr; img-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.mycliplister.com  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.googleadservices.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.creativecdn.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://c1.adform.net  https://ce.lijit.com  https://criteo-partners.tremorhub.com  https://*.teads.tv  https://dpm.demdex.net  https://e1.emxdgt.com  https://eb2.3lift.com  https://exchange.mediavine.com  https://hb.yahoo.net  https://id5-sync.com  https://jadserve.postrelease.com  https://matching.ivitrack.com  https://pixel.rubiconproject.com  https://*.casalemedia.com  https://sync-criteo.ads.yieldmo.com  https://sync.1rx.io  https://rt.udmserve.net  https://ssc-cms.33across.com  https://ads.yieldmo.com  https://s.seedtag.com  https://sync.go.sonobi.com  https://fast.nexx360.io  https://*.upe.schwarz  'unsafe-inline'  https://*.adyen.com  data:; object-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'; script-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 1
frame-ancestors 'self' *.pamukkale.com.tr paksoyturizm.com biletly.com www.eglengez.com www.mornot.com ekokupon.com 1
frame-ancestors *.ringpublishing.com; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.egeszsegkalauz.hu::PROD_23_7_1 1
frame-ancestors 'none'; report-uri https://o4506392674369536.ingest.us.sentry.io/api/4506392712839168/security/?sentry_key=fe55ea323ae335290af1e72d72b4fb22 1
img-src 'self' *.trade.tt  data: https://account.trade.tt https://ttw-assets.trade.tt/; style-src 'self' blob: 'unsafe-inline' *.trade.tt https://account.trade.tt https://ttw-assets.trade.tt/; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.trade.tt https://account.trade.tt https://ttw-assets.trade.tt/; 1
default-src 'self' https://data.brreg.no https://www.personvernbloggen.no https://dl.episerver.net https://www.youtube.com https://www.dreambroker.com https://dreambroker.com data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src http://chart.googleapis.com https: data:; font-src 'self' data:; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://*.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com https://gum.criteo.com https://*.awin1.com https://*.attn.tv https://ams.creativecdn.com https://fledge.eu.criteo.com https://*.odicci.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://privacyportal-eu.onetrust.com https://tr.snapchat.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://analytics.tiktok.com https://storyboard.storystream.ai https://content.storystream.ai wss://*.liveperson.net https://cdn-ukwest.onetrust.com https://ams.creativecdn.com https://*.attn.tv https://events.attentivemobile.com https://www.google.co.uk https://*.criteo.com https://*.criteo.net https://track.webgains.com https://api.webgains.io https://*.allbeauty.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://heapanalytics.com https://*.odicci.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://script.hotjar.com https://heapanalytics.com https://campaign.odicci.com; form-action 'self' https://www.facebook.com https://m.allbeauty.com https://checkout.allbeauty.com https://www.allbeauty.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-video.akamaized.net; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://*.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://*.googlesyndication.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://*.twitter.com https://geolocation.onetrust.com https://apps.storystream.ai https://analytics.tiktok.com https://static.criteo.net https://*.criteo.com https://cdn-ukwest.onetrust.com https://tags.creativecdn.com https://*.awin1.com https://cdn.attn.tv https://track.webgains.com https://analytics.webgains.io https://*.allbeauty.com https://static.hotjar.com https://script.hotjar.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.odicci.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net https://static.hotjar.com https://script.hotjar.com https://heapanalytics.com https://campaign.odicci.com https://maxcdn.bootstrapcdn.com; report-to report-endpoint 1
default-src https: data: blob: filesystem: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://www.endesaclientes.com https://syndication.teleborsa.it https://accounts-coll.enel.com:9443 https://assets.adobedtm.com http://52.144.89.133 https://enel.taleo.net https://reg.enel.it https://aemproddmz.enel.com https://endesa.cogitodesk.com https://www.energiaxxi.com 1
default-src 'none'; connect-src 'self' https://dropsearn.fra1.cdn.digitaloceanspaces.com https://mc.yandex.ru; script-src 'self' https://dropsearn.fra1.cdn.digitaloceanspaces.com https://mc.yandex.ru https://yastatic.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://dropsearn.fra1.cdn.digitaloceanspaces.com https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://dropsearn.fra1.cdn.digitaloceanspaces.com https://fonts.gstatic.com data:; img-src 'self' https://dropsearn.fra1.cdn.digitaloceanspaces.com https://dropscapital.fra1.cdn.digitaloceanspaces.com https://static.images.dropstab.com https://mc.yandex.ru; child-src 'self' blob: https://mc.yandex.ru; frame-src 'self' blob: https://mc.yandex.ru; manifest-src 'self' https://dropsearn.fra1.cdn.digitaloceanspaces.com; 1
default-src 'self' blob: data: https://*.ams.at https://*.silktide.com https://assets.adobedtm.com https://*.wien.gv.at https://tile.openstreetmap.org https://workplace.mapexplorer.com https://*.youtube.com https://*.112.2o7.net https://*.prescreenapp.io https://*.geobonus.at https://www.youtube-nocookie.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.ytimg.com https://*.gstatic.com https://*.googlevideo.com 'unsafe-eval' 'unsafe-inline' 1
frame-ancestors 'self' *.labrujula24.com; 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io *.contentful.com bid.g.doubleclick.net *.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net https://*.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net *.contentful.com 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com images.ctfassets.net https://cdn.jsdelivr.net https://unpkg.com/@rive-app/canvas@2.10.1/rive.wasm *.litix.io https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com https://*.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' 'sha256-cc60iDuEUKTNkKYpz2vlEgGOssRRzDfo9rv0YBux2ak=' https://app.getreprise.com *.litix.io *.contentful.com https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com 'strict-dynamic' 'nonce-YmM4YmZmNjMtODRiYy00OWYxLWEwZTEtMDllNjAyZWZjZDQ4'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
default-src 'self' https://*.go4schools.com https://www.hyperspheric.com http://www.go4schools.com http://www.hyperspheric.com; connect-src 'self' data: https://*.go4schools.com https://www.go4schools.com https://www.gstatic.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://unpkg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk  https://translate.googleapis.com; img-src 'self' data: blob: https://go4schools.com https://*.vimeocdn.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://fonts.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/ https://*.googletagmanager.com https://*.google-analytics.com https://unpkg.com https://cdnjs.cloudflare.com https://code.jquery.com https://stackpath.bootstrapcdn.com https://www.gstatic.com; script-src-elem 'self' 'unsafe-inline' https://*.go4schools.com https://www.gstatic.com https://www.google.com https://stackpath.bootstrapcdn.com https://code.jquery.com https://cdnjs.cloudflare.com https://unpkg.com https://*.googletagmanager.com https://ssl.google-analytics.com;  font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; object-src 'none' ; frame-src 'self' https://www.google.com https://player.vimeo.com; worker-src https://*.go4schools.com blob:; report-to csp-endpoint; 1
frame-ancestors 'self' https://edicola.naviga.it/ 1
default-src 'self';style-src 'self' https://*.blob.core.windows.net https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline' ;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://*.blob.core.windows.net ;img-src 'self' https://ssl.gstatic.com https://www.gstatic.com https://*.blob.core.windows.net https://*.google-analytics.com data: 'self' ;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.blob.core.windows.net https://cdn.botframework.com/botframework-webchat/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.botframework.com/ https://*.vo.msecnd.net/ https://tagmanager.google.com/ ;frame-src https://webchat.botframework.com/ https://www.youtube.com/ https://www.google.com ;media-src 'self' https://www.youtube.com/ https://*.blob.core.windows.net ;connect-src 'self' wss://directline.botframework.com/v3/  https://directline.botframework.com/v3/ https://dc.services.visualstudio.com/v2/track https://*.google-analytics.com https://base.mygovid.ie 1
frame-ancestors 'self' meltwaternews.com 1
frame-ancestors 'self'; report-to csp-endpoint; report-uri https://www.norfolk.gov.uk/csp-reports; 1
default-src 'none'; worker-src 'self' blob: *.e-construction.gov.ua www.googletagmanager.com www.google-analytics.com; base-uri 'self' *.e-construction.gov.ua; connect-src 'self' www.google-analytics.com basemaps.cartocdn.com; media-src 'self' *.e-construction.gov.ua; script-src 'self' 'unsafe-eval' 'nonce-filter_address' 'nonce-filter_address_no_issue' 'nonce-analytics_tabs' 'nonce-atu_city_filter' 'nonce-atu_com_filter' 'nonce-atu_ray_filter' 'nonce-atu_region_filter' 'nonce-bud_pass_switcher' 'nonce-bud_passports_filter' 'nonce-building_oblect_finished_datasets' 'nonce-build_objects_filter' 'nonce-calculator' 'nonce-certified_persons_filter' 'nonce-dabi_history_public_card_for_print_plan' 'nonce-dataset_search' 'nonce-document_filter' 'nonce-document_detail_class' 'nonce-edesb_organizations_filter' 'nonce-edesb_project_organizations_filter' 'nonce-ep_efficiency_org_filter' 'nonce-ep_efficiency_specialist_filter' 'nonce-laws_filter' 'nonce-map_warning' 'nonce-mbd_discuss_filter' 'nonce-mist_bud_cr_filter' 'nonce-no_issue_bp_register_filter' 'nonce-no_issue_myo_register_filter' 'nonce-no_myo_filter' 'nonce-org_address_set_filter' 'nonce-organizations_filter' 'nonce-permits_doc_modal' 'nonce-permits_doc_bud_modal' 'nonce-permits_doc_dec_dataset' 'nonce-permits_doc_new_filter' 'nonce-permits_doc_pre_filter' 'nonce-pmap_regions_filter' 'nonce-proj_acts_filter' 'nonce-proj_exp_filter' 'nonce-proj_exp_doc_filter' 'nonce-proj_inv_filter' 'nonce-search_in_registers_frm' 'nonce-shp_geojson_convector' 'nonce-tech_inventory_filter' 'nonce-template_offset' 'nonce-tip_dov_filter' 'nonce-urban_planning_filter' 'nonce-ecabinet_load_more_script' 'nonce-ecabinet_load_more_script_second' 'nonce-ecabinet_load_more_script_third' 'nonce-proj_exp_doc_review' 'nonce-ecabinet_tree_modal_script' 'nonce-geojson_editor' 'nonce-login_style_second' 'nonce-map_current_pos_script' 'nonce-search_widget_script' 'nonce-menu_toc_script' 'nonce-template_lang_script' 'nonce-header_search_script' 'nonce-laws_detail_script' 'nonce-laws_detail_script1' 'nonce-google_analitics_script' 'nonce-api_key_script' 'nonce-352acdc8af3009870977ebaf4aac50c5e124bb09' 'nonce-N8Mevg2OhQUcJY9mosxQd2jq4U5EUmCaKQNafFBV1g9jJN2Si4' 'sha256-Kl/DrZ+eaObeZi3j5DZh4ejkR98JKe/GTA8Ge+LZxFU=' 'sha256-5IToqa+8U5/8+A3LHSZeOsMUXFtXla0jmUQ93yk8PRQ=' 'sha256-FG/3pekIR/pWqykCSxjhxjzlC3WWpfh2c/gZMoT/MYQ=' 'sha256-9RlXPBRlXf39LE/cNy11BohKli7Jmr6e4ncRFR9Zb4o=' 'sha256-cPcWwJVZELrX4e/1JLnxmOqCoJW/vq1O4m3eUFMxmOE=' www.gstatic.com static.addtoany.com ssl.google-analytics.com www.google-analytics.com google-analytics.com www.googletagmanager.com maps.googleapis.com; img-src 'self' data: e-construction.gov.ua tile.osm.org data.gki.com.ua ssl.google-analytics.com www.google-analytics.com google-analytics.com www.googletagmanager.com tile.openstreetmap.org.ua basemaps.cartocdn.com tms3.visicom.ua; style-src 'self' 'unsafe-hashes' 'nonce-dabi_history_public_card_for_print_style' 'nonce-template_style' 'nonce-copy_geojson_editor_style' 'nonce-ecabinet_load_more_style' 'nonce-ecabinet_load_more_style_second' 'nonce-ecabinet_load_more_style_first' 'nonce-ecabinet_tree_modal_style' 'nonce-home_search_style' 'nonce-login_style' 'nonce-a_oblect_style' 'nonce-map_bp_style' 'nonce-map_community_style' 'nonce-map_current_pos_style' 'nonce-map_myo_style' 'nonce-projdoc_style' 'nonce-map_uservices_style' 'nonce-menu_toc_style' 'nonce-vue_map_community_style' 'nonce-vue_map_style' 'nonce-closed_faq_style' 'nonce-proj_exp_style' 'nonce-proj_exp_detail_style' 'nonce-352acdc8af3009870977ebaf4aac50c5e124bb09' 'nonce-2fs32n33726c7f26c' 'nonce-sdjfgj32j23gf4h23' 'nonce-2fs32n333434j2hh726c7f26c' 'nonce-404_style' 'sha256-CA/eh4+2R0J7cEQ14gBMtx834RIOjzMUqCM+evtrkp4=' 'sha256-yOjJRnXSmSZ9EuZBUixfAISiyDZHhpIbojIntU2b2HE=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-BHcAINizTmZ6uiW0KZAhwsNP828o87NMquXLJcZu/9s=' 'sha256-/WDo2o0b2cFO1WpkB/DGGrhTRRqG6w6In5xgC/pQGKE=' 'sha256-a5movgEyT3G7s5xtQEAzdh/UOzoT//9NXWZEPQTbVS0=' 'sha256-1TaxV2g5DuZ1dosJuqJH5BDqWxUomZv/zs+u5xpgf9E=' 'sha256-Ne7PPoMRWtUeyrgxzeR14e4YIa52zkeYCm/kHcjzUGI=' 'sha256-QAXEJjaPkTF4stiAp9/bgQRfgIgCFe66yIIEly5yh1Y=' 'sha256-zI0Hz6x/WT9Qvn2EDu9Q0rgL0GCfLkZTHwbh1oVhPfQ=' 'sha256-Vbn15w4L0ziLN1OuYURjOvVoz+/tJHBgkxW8f900FuA=' 'sha256-Vy1P/hUxRpKgSV5FflS+XcRFLVYTfcRXkjKr3CiKba8=' 'sha256-Sv4HqjGQDBURYnqJQSlHLYWZlygMzDHbmPBnm1PwUEQ=' 'sha256-O6469kva/kKTgm0dt+LXcbCDdslkrSRtLDaPOJdixOk=' 'sha256-BUIfshRxsI+erxcBWb/F/8oH1xh7s8fZ99PDNuDf/Y0=' 'sha256-g4cKa0bUR4GuY4secF4m7WkLMBmtzIBUVkV8zyX4Rps=' 'sha256-dtebT8SAv2d34Twd7Oo2StmqrLode7cmB2I/h/C/Dfs=' 'sha256-hqU8ETFvD/kgGiEHBZBkaMtX/+MD4nvmRuNlEuBQaTw=' 'sha256-aNMFBK0eDj+JpY3t55l7i0bDyFTT/KSFx0txvwa65fg=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-lv2ugyS/pJDeW3mTLfmPCCaZn+OlhcmX+a7j5KmnlDE=' 'sha256-xFUklDGy5c+Hfa37UKwBqtrGkGn5OHVkY3+nMJJ3mJ4=' 'sha256-6qWPYxX1Sj/O1GPUnpyDLDXoLNwMDbAIW6Wox/cQido=' 'sha256-0NE3+BxbuBFP00uzcRBLWFrEW8F6k+hYdT2ynLKnltc=' 'sha256-ZQolXPxK9qyfnv24GYrIojZGt1ZRLMgGMcX9nnzbVWU=' 'sha256-Ao7yVLvXjxiiTmtL/qhbem7aqLz0f52vXaH53mQCpWw=' 'sha256-8oz7jiza7f4jMm8YTo1oAw5AtmGEMFvkNgni5pP8hag=' 'sha256-3sNQ0HibEtLsq4ePo2BrvwdcUQT7iH4c+pINTbMMWE4=' 'sha256-tCGlcnzdzlbSnhr0u9HR4ROCA7sKRLWVOr72FVEUeb8=' 'sha256-waCk+iFULOJwfSI545MgnNpshHu8kSCbTmeNukWzy6c=' 'sha256-lOpTkV3NOxe1nwtxxwXnmGPd7uzF13vyD52DmrXuq6M=' 'sha256-NL/gI6kmYeUNDxsMgoJZkfwqurTegYmvQF9Xafqq9sg=' 'sha256-ZM4rNkrkBlwbOt/AH5l1PJ43Kq4CkD/8d1L5CfYydQw=' 'sha256-64mcSQVXen0ozr47xSkKV1HYsyhyGdqiyaDRzn1HIW4=' 'sha256-kv5tIGzYbczh//M02PlcZlQkubLuoZCyHyR5Fp8mwSk=' 'sha256-wvMwIdt7JPBqB2Bv/eTt1BGJLFKcP5JlXAAB2fb05wA=' 'sha256-X7xLlX3nd3lalFQobZsLZ+66Ai2aXW3Kn4hUJyKWbP4=' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-7rEqSAuuB6CE8tSDj++HkI9QqisBgGTO8poo8RB/bfE=' 'sha256-9FYWSXQd3MPp0zSh79BXTOdGcwhQHNoxpPE20yO73FM=' 'sha256-Qodt554xS9Gx6sN/HHlafqpqG3/Wy8f788gNZpvQu7Q=' 'sha256-cv/v8CwDjgce+Dsn5LMp7zQ8jWkG4R7INAYCGTfBjAA=' 'sha256-tEh95PoZznvQefR7eKQGNAbo//wTGpgfkFulPssZ4S0=' 'sha256-S05kt8AAF17zus0k1BO6ai8usOyVrrERaYkBqojjals=' 'sha256-iahLe306jTH/itxOUKAfLP+0iyj2EROk94j9MW02c/s=' 'sha256-zsgHL3ixdz2Loo5gzcowTVl0TE6kVkRAapvKsYui1D4=' 'sha256-uJr7zn7tetr8XIwLOOkntlji58xdgju5p1fWyXdB0eg=' 'sha256-VLNxemPQZnm+SsnDVzHGiqDkHd3cg63OhqbExFt6TPY=' 'sha256-Mvsp77heuEPm7zRATyUk/qLvOCN0lwgUfh8tzx/2ync=' 'sha256-NRArJEWkWsjxBHdcDFWi1iHeqOtzKecz/CloQLINn+I=' 'sha256-bi3HFJcNBVK3MlXqtiDB8bWYMYX6AY25GWNTWZklWXo=' 'sha256-t6oewASd7J1vBg5mQtX4hl8bg8FeegYFM3scKLIhYUc=' 'sha256-6N/cRf1zW49gXGNmd17wjPWzPJqcZ3SFPWOz0H4EsD0=' 'sha256-/VFP+3CtCcwd46K5614fqBO1WFi9gjYxhhPJXTNrtbo=' 'sha256-r8zR3S6YuWY5tpo2Y0PvZHW5fa+SKLNon9zbEWb5UPA=' 'sha256-LS/ZIFPAT9KPjCk5V0901KS9g3GwfjISwuOm9Xd6sKk=' 'sha256-zwtzM0cpnQxIf4/Xo2LtVL85QToSk75IfJ/DXNdK7I0=' 'sha256-aFVi6tos71jdh1FJx9LGkPrQVYCJ9Bi9PWGNmT/7HlA=' 'sha256-7EsAMeREkK79Fehg/J9i/q7z6dg+QmqvSytxvn9RgjY=' 'sha256-RJ+X9gZ6rsPhL8OuqgaZWEfo9f83e/IiuxuBmmLJEms=' 'sha256-QW838BRHmLWcW/ASair65JeA39JNH9F6vSuEK4SyBRQ=' 'sha256-BUID6RRVMvlGnTpJmAqLKmQZaCVXGpxZMHJgnm2mbgE=' 'sha256-MSQpaJI4vfCHF5bBMX33hGcCUFhSsaBqjKtudiM49ps=' 'sha256-4F1KMwFOf3Et5hAZD+Yk3BSQQ/OJ9DPE6ScJTFG9iac=' 'sha256-EZozIp/+S0vPfvzjYv0agKnLI5vmORzjRw4aB5IAwo4=' 'sha256-jTCk2U08h+jEgJ5tb50DvFskHM9w0RBajCZh/dCOtT8=' 'sha256-obO/xhU2t7ZZH7P26m0bPWC23wrR8kTwph7nhyZz1t4=' 'sha256-2ay5vfrvvA5Tfe6dWFNXuRAIcu0kz6uh142frtaHGLY=' 'sha256-SA336N/KoprMLrUYmwhYWjgZpEYoULq9NqulkSwhYkk=' 'sha256-EQkjfZa6n3J6+A31GwJfddN3QU2MeFKvQIkY5Qlsva0=' 'sha256-iImG8aqHGMls34tI20aLtnhbNgFWeAhr1D2Vm32gVb4=' 'sha256-1S8WVw6R2dH6qS1wJlDJWOa22gxjXnwr9QjAXCZPZXg=' 'sha256-7HXcdY9H2bQnpmz4b6nuxTYNGxvVnDRldlMVWeA9ASs=' 'sha256-GsozRkFSkbjFeWahQt6MuWOfxwKORfrSsNrEywLvxoM=' 'sha256-otlizGgBEWD2S1Py/SjiGVvY+BVKbJKMu+BGuh8o0ME=' 'sha256-jzFIqF+VF0harY99vYrMmN4Pz3A+OqArLYmq1aNdqEk=' 'sha256-nq+1B7dOyJg4qp/ma23Dn9oHa1tX8x9OJaXslFSRvQ0=' 'sha256-67ciRBaCxEXt9AMGRr+vqjGkuQnWvvnoU+Y3io+VeGI=' 'sha256-jQ9u91YFPZBd7bKdKw9s+hwoLqy+S8mA/gVZW+hLN0o=' 'sha256-s+V1/4RrRHYk+0kgCj+BhycNEAMKtQOkpgWbtpOFF+4=' 'sha256-usSpS3+7ySNud2iiRZXZ4GdALvL78mYxtDxObBQxiuA=' 'sha256-5Uxm7sD6Jm5sVTWVvP2s9f44A51xlyYPewzw18W5ZRo=' 'sha256-atuwmgxh67oM7HAIkmCg622N7QrmqwaI9s71irnOw+M=' 'sha256-bjpf7bCjmxpqghWqn5WcmxrAZSO0JOkXl7dt0w4UxXo=' 'sha256-tD+kNwP5HDbvr8CujN01zwvylevh7tS5aiUdRD0fziU=' 'sha256-6vf9tWh6avQS6qe7AVhJQjnEJM+co/oChB4SCtvu26Y=' 'sha256-lkyamzsYq8nzTP0C7C9jNd5UIZjh4v3aH+NMSGbNtrk=' 'sha256-jejXO9qbyc5AKv5KcGMun0c6qnYknKjmNjnt7WFj4JU=' 'sha256-j2CulhlGbCPaFhGFbP0TgsXD2/rFFSyQlvA/My6tmAM=' 'sha256-PdgY5vpLWvvOCFqllMVyMtCjMUo4vXKsp43yHvba/HA=' 'sha256-i9J8suaCQYYEjdPbll3YMlviomTVub6PYKT4MZ68LDs=' 'sha256-X272OVS8TuIDtw7u/I9LqDNKrX+xEWx18TfSln23bs8=' 'sha256-oPUkOIY4+sl+NgmrMj6ev6q2I7McT6gQcISkfDG/0+I=' 'sha256-LmUek/DXniEp0sO9Ls38LPXGQWRAeAU/oQrphcFIN/Y=' 'sha256-uxdE0Tyz/lcO/87i1lhK4TuIA25zXS5vF7lnRKc9a0c=' 'sha256-vFWe/UzydyE2DbB0b3hT/c/bA5lR2onI26DILWnMHFU=' 'sha256-lNUOFbJi5PWnkPKL0bwnri3rMbKLx6RVmH3cTe9gwl0=' 'sha256-84d8dkIHbqp/37STvPHSxC8tHbaqmLItkk44phwDNfA=' 'sha256-UmvAmKMBAaLc0o1E+17zunrZ1Jlci3QG4Z1NBAKWlvk=' 'sha256-Gpg5O08Ew7SHHXJOPCJ2psbpEAcJXu/rNu7bKmWC3jA=' 'sha256-FbVwPkSYdqAEY20K6LYcjOlIWxlhcycOlXyN4SyWV3Y=' 'sha256-45zWoas0SCmtASt1xT6MCfi9w4zcKq27UkS2m3npgdM=' 'sha256-wMDeU1Aev3B1Y+lV2XG5A/YJRhxBZ61eXYJE6OXC7aE=' 'sha256-Q2IE/aWsGoG+fIbXLBvzXjOBmblLaprMIzLaFSS/aIA=' 'sha256-P5y6bXK69Lg5Lxl4ygiMejWJUOFER9fgWHIOvzSE93E=' 'sha256-KpSV7LuPYEu58+3u9LJr9v5Drm0uIKEv0h3u/+NVNm8=' 'sha256-1dnXzIOC+JMYHYNb8BO6+oslVC0zOUmvxcc1QFVHQLY=' 'sha256-NlLSTFDRnfQWxtM2Ze+aOJpmKyMsi30AYasxTvGRDPY=' 'sha256-XmITJ5zkb3nPeUmgLE8GGGeZ5nuiIO3yS6uUL7Yh7lU=' 'sha256-t28Sto2NWNUPLZW3emYDlB8lolJx/pt/uzdeZk+/Vw4=' 'sha256-m4edcspsiUL06wtd7wnpJiHBPa8/mhZYca65wvp55XQ=' www.gstatic.com fonts.googleapis.com; form-action 'self'; font-src 'self' fonts.gstatic.com; frame-src 'self' eu.iit.com.ua static.addtoany.com youtube.com www.youtube.com; frame-ancestors 'self'; object-src 'self' 1
frame-ancestors 'self' rockwellautomation.com rockwellautomation.com.cn *.rockwellautomation.com *.rockwellautomation.com.cn *.rockwellautomation.adobecqms.net ra.pisrc.net rabot.pisrc.net localhost localhost:*; 1
default-src 'self' chat.searchengines.guru d.searchengines.guru; script-src 'self' content.mql5.com search.searchengines.guru d.searchengines.guru 'unsafe-inline'; style-src d.searchengines.guru 'unsafe-inline'; img-src 'self' content.mql5.com chat.searchengines.guru d.searchengines.guru blob: data:; media-src 'self' chat.searchengines.guru; font-src 'self' d.searchengines.guru; connect-src 'self' content.mql5.com https://chat.searchengines.guru wss://chat.searchengines.guru; frame-src 'self' d.searchengines.guru content.mql5.com www.youtube.com; frame-ancestors 'self'; object-src 'self' blob:; 1
default-src 'self' data: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.qwantjunior.com qwantjunior.com *.qwant.com qwant.com;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: *.qwantjunior.com qwantjunior.com *.qwant.plive *.qwant.com;style-src 'self' 'unsafe-inline' data: *.qwantjunior.com *.qwantjunior.com qwantjunior.com;object-src 'self';connect-src 'self' *.qobuz.com *.apple.com *.qwantjunior.com qwantjunior.com *.qwant.com qwant.com *.qwant.plive qwant.plive extras.qwantjunior.com;img-src blob: 'self' www.qwant.com s1.qwant.com s2.qwant.com s.qwant.com f.qwant.com s1.qwant.plive s2.qwant.plive s.qwant.plive f.qwant.plive s.qwantjunior.com s1.qwantjunior.com s2.qwantjunior.com  data: s-lite.qwantjunior.com www.qwantjunior.com;frame-ancestors *.qwantjunior.com *.qwant.com *.qwantjunior.com lmqt.fyi;form-action 'self';font-src 'self';worker-src blob: 'self' www.youtube-nocookie.com www.youtube.com;frame-src viewer.dood3d.com *.vid.web.acsta.net player.twitch.tv player.vimeo.com www.dailymotion.com players-cdn.vidmizer.com players-cdn-v2.vidmizer.com *.qwantjunior.com *.qwant.com *.qwantjunior.com www.youtube-nocookie.com *.tvlocale.fr *.smartrezo.com *.femmesetcitoyennete.fr *.jeunesreporterssansfrontieres.fr *.medias-francophones.com *.trendy-community.fr *.tvcitoyenne.com *.veitech.com *.localetv.eu player.myvideoplace.tv net.geo.opera.com geo.captcha-delivery.com;media-src blob: *.qwantjunior.com *.qwant.com *.apple.com *.qobuz.com *.vid.web.acsta.net;base-uri 'self';block-all-mixed-content 1
default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads 1
default-src https://*.ctfassets.net 'self' blob:; connect-src 'self' * https: 'unsafe-inline'; font-src https://fonts.googleapis.com 'self' https://fonts.gstatic.com; frame-src https://feed.pghub.io/ https://*.ctfassets.net https://*.qualtrics.com 'self' https://*.tapad.com https://*.facebook.com https://*.google.com https://www.youtube.com https://www.youtube-nocookie.com https://dentalcare.corbusmediasolutions.com https://*.adsrvr.org; img-src https://*.ctfassets.net 'self' data: https://www.googletagmanager.com https://*.google-analytics.com https://pixel.tapad.com https://*.qualtrics.com https://*.cookielaw.org https://*.facebook.com https://*.abtasty.com; media-src https://*.ctfassets.net 'self'; script-src https://cdn.segment.com https://js-cdn.dynatrace.com https://www.youtube.com https://www.youtube-nocookie.com https://*.qualtrics.com https://*.abtasty.com 'self' 'unsafe-inline' 'unsafe-eval' https://*.moatads.com https://pghub.io https://*.siteintercept.qualtrics.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.tapad.com https://*.crazyegg.com https://*.simpli.fi https://*.adsrvr.org https://*.cookielaw.org https://*.facebook.net api.ipify.org; style-src https://fonts.googleapis.com 'self' 'unsafe-inline'; worker-src 'self' blob:; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.stg.audian.com https://*.audian.com https://*.typekit.com https://*.typekit.net https://www.google.com/recaptcha/ https://*.googletagmanager.com https://*.googleapis.com https://*.tawk.to https://tawk.link https://fonts.gstatic.com https://www.gstatic.com https://*.stg.audian.com:8443 https://*.statuspage.io https://cdn.jsdelivr.net https://www.google-analytics.com https://maps.google.com wss://*.tawk.to;frame-ancestors 'self' audian.com *.audian.com teams.microsoft.com *.teams.microsoft.com teams.cloud.microsoft;report-uri https://sentry.audian.com:49443/api/18/security/?sentry_key=612819db7da642ecabae6c0db8dd5a3e&sentry_environment=production 1
default-src 'self' localhost:* ws://localhost:*              *.openstreetmap.org   a.tile.openstreetmap.org  *.tile.openstreetmap.org  framework-gb.cdn.gob.mx *.framework-gb.cdn.gob.mx      www.youtube.com *.www.youtube.com              www.loterianacional.gob.mx               www.pronosticos.gob.mx               www.lotenal.gob.mx               www.google.com *.www.google.com               stackpath.bootstrapcdn.com *.stackpath.bootstrapcdn.com               w3.org *.w3.org               www.googletagmanager.com *.www.googletagmanager.com               www.google-analytics.com *.www.google-analytics.com      documentservices.adobe.com *.documentservices.adobe.com      viewlicense.adobe.io *.viewlicense.adobe.io               unpkg.com *.unpkg.com;                            object-src 'self' localhost:* ws://localhost:*;font-src 'self'               fonts.gstatic.com *.fonts.gstatic.com               framework-gb.cdn.gob.mx *.framework-gb.cdn.gob.mx               kit-pro.fontawesome.com *.kit-pro.fontawesome.com      data:               localhost:* ws://localhost:*;              style-src 'self' 'unsafe-inline'               www.googletagmanager.com               framework-gb.cdn.gob.mx *.framework-gb.cdn.gob.mx               stackpath.bootstrapcdn.com *.stackpath.bootstrapcdn.com               kit-pro.fontawesome.com *.kit-pro.fontawesome.com               unpkg.com *.unpkg.com               localhost:* ws://localhost:*;              media-src *;              img-src 'self' 'unsafe-inline' *.openstreetmap.org   a.tile.openstreetmap.org  *.tile.openstreetmap.org * data:;              script-src 'self' 'unsafe-inline'               framework-gb.cdn.gob.mx *.framework-gb.cdn.gob.mx               www.googletagmanager.com *.www.googletagmanager.com               www.google.com *.www.google.com               www.gstatic.com *.www.gstatic.com      documentservices.adobe.com *.documentservices.adobe.com               unpkg.com *.unpkg.com               localhost:* ws://localhost:*;              frame-ancestors 'self' www.google.com localhost:*;               1
frame-ancestors 'self' ai.nb.no tools.nb.no; 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de www.juris.de; script-src 'self'  'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de www.juris.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.juris.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de www.juris.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de www.juris.de; frame-src https://www.juris.de/ *.google.com *.gstatic.com *.youtube.com *.vimeo.com; frame-ancestors https://www.juris.de/ 'self'; 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googleapis.com fonts.gstatic.com discgolfmetrix.com dgmtrx.com connect.facebook.net graph.facebook.com facebook.com *.mapbox.com vk.com api.pinterest.com paypalobjects.com *.paypalobjects.com *.paypal.com *.paytrail.com *.jquery.com *.jquerycdn.com *.highcharts.com *.dgmtrx.com:5999 discgolfmetrix.com:5999 *.api.here.com npmcdn.com metrix.live *.metrix.live *.gstatic.com gstatic.com; img-src * data: blob: 'unsafe-inline'; connect-src *; frame-src 'self' *.google.com *.facebook.com; 1
frame-ancestors https://app.storyblok.com/ https://web.ruttl.com/ https://www.wingsforlifeworldrun.com 1
frame-ancestors 'self' http://www.philips.com.tr *.philips.com *.philips.com.tr https://philipsigtdpv.com 1
frame-ancestors https://dev-ganaelelantra10.hyundai.com.mx https://stg-ganaelelantra10.hyundai.com.mx https://ganaelelantra10.hyundai.com.mx 1
frame-ancestors 'self' https://content.scaledagile.com https://scaledagile.pathfactory.com https://upmchs.sharepoint.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com v4.ai.ingka.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com translate-pa.googleapis.com www.youtube-nocookie.com www.youtube.com www.paypal.com blob: data: wss://web-api.ikea.com https://storage.googleapis.com/learnwithikeavideos/ unicorn-rainbow-flower.edgecompute.app ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com ikeausacustomersupport.my.salesforce.com *.afterpay.com *.ingka.dev seal.digicert.com *.taskrabbit.com pro.ip-api.com api.everythinglocation.com bpi.briteverify.com *.adform.net insight.adsrvr.org js.adsrvr.org *.bing.com *.doubleclick.net *.facebook.com *.facebook.net www.googleadservices.com *.googlesyndication.com *.jivox.com cdn.pdst.fm *.pinterest.com s.pinimg.com api.pinpiaa.com survey.survicate.com surveys-static.survicate.com analytics.tiktok.com trkn.us *.yimg.com p.placed.com *.pulseinsights.com www.redditstatic.com pixel-config.reddit.com *.cookielaw.org *.onetrust.com *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com wss://mpsnare.iesnare.com maps.googleapis.com fonts.googleapis.com www.googleapis.com *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/ *.breadpayments.com *.kmsmep.com kmsmep.s3.amazonaws.com *.comenity.net sasadseus2fmcprd02.blob.core.windows.net assets.adobedtm.com alliancefrictionless.112.2o7.net api.alldata.net api.prod.checklist.usdh.ikea.net; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
frame-ancestors 'self' *.mapfre.com *.mapfre.es *.mapfretecuidamos *.digitalhealth.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://mc.yandex.ru https://www.googletagmanager.com https://talkdriver.ru https://support.smsc.ru https://support.smsc.kz https://sup.smsc.ua https://plugins.stripo.email blob: 1
default-src 'self';script-src 'self' 'nonce-g2gH1Z5HsMlObJ8Y7t0bO98X' 'strict-dynamic';object-src 'none';style-src 'self' 'unsafe-inline' *.google.com https://fonts.googleapis.com/css popupmaker.com;img-src 'self' data: blog.emakina.com i.vimeocdn.com script.hotjar.com facebook.com www.googletagmanager.com https://connect.facebook.net https://px.ads.linkedin.com www.google-analytics.com cdn.cookielaw.org cdn.uc.assets.prezly.com;media-src 'self';frame-src 'self' *.google.com *.vimeo.com *.youtube.com godot.emakina.com;font-src 'self' https://fonts.googleapis.com/css https://fonts.gstatic.com data:;connect-src 'self' *.onetrust.com geolocation.onetrust.com vimeo.com popupmaker.com cdn.cookielaw.org px.ads.linkedin.com www.google-analytics.com collector.leadinfo.net content.hotjar.io *.google-analytics.com api.leadinfo.com *.hotjar.io ws.hotjar.com wss://ws.hotjar.com;base-uri 'self';child-src 'none';form-action 'self';frame-ancestors 'self' emakinaagency-admin-develop.azurewebsites.net emakinaagency-admin.azurewebsites.net emakinaagency-admin-staging.azurewebsites.net emakinaagency-admin-testing.azurewebsites.net;worker-src 'none' 1
font-src *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.bootstrapcdn.com *.flixcar.com *.flixfacts.com https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com *.firaonlive.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com credomatic.compassmerchantsolutions.com https://www.tiendamonge.com/nps-check-out-tlv-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-cr https://www.tiendamonge.com/nps-entrega-tienda-en-linea-el-salvador https://www.tiendamonge.com/nps-entrega-tienda-en-linea-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-honduras https://www.tiendamonge.com/nps-entrega-tienda-en-linea-ni https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta-monge-pay https://www.tiendamonge.com/nps-monge-pay-desembolso-cash https://www.tiendamonge.com/nps-monge-pay-liveness https://www.tiendamonge.com/nps-monge-pay-pago-a-tarjeta-monge https://www.tiendamonge.com/nps-monge-pay-pago-operaciones https://www.tiendamonge.com/nps-monge-pay-registro https://www.tiendamonge.com/nps-service-desk-ti-costa-rica https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com *.firaonlive.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.youtube.com *.vimeo.com mongepay.com conway.ddev.site https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com *.firaonlive.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.googletagmanager.com/ https://adobedtm.com assets.adobedtm.com dpm.demdex.net *.googleapis.com *.googletagmanager.com *.facebook.com *.google-analytics.com *.googleadservices.com *.facebook.net grupomongegrupomongedev.112.2o7.net grupomonge.tt.omtrdc.net *.demdex.net *.doubleclick.net bam-cell.nr-data.net smetrics.tiendamonge.com smetrics.elgallomasgallo.com.gt smetrics.elgallomasgallo.com.hn smetrics.prado.com.sv smetrics.elgallomasgallo.com.ni https://www.facebook.com https://www.google.com *.flixcar.com *.flixfacts.com *.cnetcontent.com *.vimeo.com https://widgetapp.ocularsolution.com *.getblue.io *.flipsnack.com https://heyzine.com https://promogallonic.com https://front-notrack.indexado.production.pmbox.cloud https://fichashppervasive.blob.core.windows.net https://www.tiendamonge.com/nps-check-out-tlv-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-cr https://www.tiendamonge.com/nps-entrega-tienda-en-linea-el-salvador https://www.tiendamonge.com/nps-entrega-tienda-en-linea-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-honduras https://www.tiendamonge.com/nps-entrega-tienda-en-linea-ni https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta-monge-pay https://www.tiendamonge.com/nps-monge-pay-desembolso-cash https://www.tiendamonge.com/nps-monge-pay-liveness https://www.tiendamonge.com/nps-monge-pay-pago-a-tarjeta-monge https://www.tiendamonge.com/nps-monge-pay-pago-operaciones https://www.tiendamonge.com/nps-monge-pay-registro https://www.tiendamonge.com/nps-service-desk-ti-costa-rica https://notrack.indexado.pmbox.cloud https://emersya.com https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://sandbox.migopayments.com/ https://web.migopayments.com/ https://online.fliphtml5.com/ https://analytics.tiktok.com *.firaonlive.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.cloudflare.com widget.ocularsolution.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.connect.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.paypal.com *.flixcar.com *.flixfacts.com *.flix360.com *.flix360.io *.syndigo.com *.syndigo.cloud googleads.g.doubleclick.net https://www.google.com https://www.google.com.co https://www.tiendamonge.com https://www.elgallomasgallo.com.ni https://www.prado.com.sv https://www.elgallomasgallo.com.hn https://www.elgallomasgallo.com.gt https://www.verdugotienda.com *.teads.tv *.scene7.com https://fichashppervasive.blob.core.windows.net https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://gmgdocumentos.blob.core.windows.net/ https://gmgecommerceprd.blob.core.windows.net/ https://analytics.tiktok.com *.firaonlive.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com polyfill.io *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://adobedtm.com fast.amc.demdex.net dpm.demdex.net *.googletagmanager.com *.facebook.com *.google.com *.google-analytics.com *.googleadservices.com *.facebook.net grupomongegrupomongedev.112.2o7.net grupomonge.tt.omtrdc.net *.demdex.net *.doubleclick.net bam-cell.nr-data.net smetrics.tiendamonge.com smetrics.elgallomasgallo.com.gt smetrics.elgallomasgallo.com.hn smetrics.prado.com.sv smetrics.elgallomasgallo.com.ni 'unsafe-inline' widget.ocularsolution.com cdn.cs.1worldsync.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.connect.facebook.net *.gstatic.com *.paypal.com *.bootstrapcdn.com *.flixcar.com *.flixfacts.com *.flix360.com *.flix360.io *.pingdom.net *.woorank.com *.cnetcontent.com *.youtube.com *.syndigo.com *.syndigo.cloud https://event.getblue.io *.getblue.io https://p.teads.tv https://smetrics.verdugotienda.com https://rocio.ocularsolution.com https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com *.firaonlive.com www.serfinsacheckout.com testcheckout.redserfinsa.com:8087 bdpdev.redserfinsa.com:8088 assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com widget.ocularsolution.com *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.flixcar.com *.flixfacts.com rocio.ocularsolution.com https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com *.firaonlive.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.flixcar.com widget.ocularsolution.com *.flixfacts.com *.flix360.com *.flix360.io *.syndigo.com *.syndigo.cloud https://emersya.com https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://gmgdocumentos.blob.core.windows.net/ https://gmgecommerceprd.blob.core.windows.net/ https://analytics.tiktok.com *.firaonlive.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://adobedtm.com assets.adobedtm.com *.adobe.com fast.amc.demdex.net *.googleapis.com *.googletagmanager.com *.facebook.com *.google-analytics.com *.googleadservices.com *.facebook.net grupomongegrupomongedev.112.2o7.net grupomonge.tt.omtrdc.net *.demdex.net *.doubleclick.net bam-cell.nr-data.net smetrics.tiendamonge.com smetrics.elgallomasgallo.com.gt smetrics.elgallomasgallo.com.hn smetrics.prado.com.sv smetrics.elgallomasgallo.com.ni wss://tm.filter:1502/ api.ocularsolution.com xml.ssreviewsportal.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.google.com *.paypal.com *.pingdom.net *.woorank.com *.cnetcontent.com *.youtube.com *.vimeo.com *.syndigo.com *.syndigo.cloud product-feature-service.production.alquimio.cloud api.repositorio.production.alquimio.cloud orchestrator.production.aks.alquimio.cloud *.teads.tv https://ocular-prod.api.rocio.ai *.ocularsolution.com *.flixcar.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://sandbox.migopayments.com/ https://web.migopayments.com/ https://analytics.tiktok.com *.firaonlive.com www.serfinsacheckout.com testcheckout.redserfinsa.com:8087 bdpdev.redserfinsa.com:8088 api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.tealiumiq.com;  script-src 'self' 'nonce-NDI2OWMxZDUtY2U0Ny00MDUzLThkZmEtNGY4YjQxYmE2M2Qy' 'unsafe-inline'  'unsafe-eval' https://tags.tiqcdn.com *.cloudfront.net *.youtube.com https://static.cloudflareinsights.com  https://connect.facebook.net https://frefi.sv.rkdms.com  *.freedomdebtrelief.com  *.tealiumiq.com  https://tags.freedomdebtrelief.com https://www.googletagmanager.com *.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://track.securedvisit.com https://sv.freedomdebtrelief.com *.ctfassets.net *.bbb.org *.youtube.com *.ytimg.com; font-src 'self'; frame-src 'self' m.lndg.page *.votervoice.net e.infogram.com *.instagram.com  *.youtube.com *.gstatic.com https://www.google.com; media-src 'self' *.youtube.com;object-src 'self' blob: data:;worker-src 'self' blob:; frame-ancestors 'self';connect-src 'self' https://session-replay.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://www.google-analytics.com https://analytics.google.com https://collect.tealiumiq.com noembed.com *.ffngcp.com 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' challenges.cloudflare.com lacare.wpengine.com *.gstatic.com use.fontawesome.com cdnjs.cloudflare.com translate.google.com translate-pa.googleapis.com *.googleapis.com *.jsdelivr.net *.youtube-nocookie.com; object-src 'self' ; style-src 'self' 'unsafe-inline' *.gstatic.com lacare.wpengine.com use.fontawesome.com *.jsdelivr.net *.googleapis.com cdnjs.cloudflare.com ; img-src 'self' 'unsafe-inline' data: www.google.com img.youtube.com translate.google.com *.gstatic.com translate.googleapis.com *.youtube-nocookie.com maps.googleapis.com *.lacare.org; media-src 'self' *.lacare.org; frame-src 'self' *.lacare.org wakanda.prod.acquia-sites.com challenges.cloudflare.com *.navitus.com *.youtube-nocookie.com  external.lacare.org www.auntbertha.com; frame-ancestors 'self' *.lacare.org; child-src 'self' ; font-src 'self' *.gstatic.com use.fontawesome.com lacare.wpengine.com; connect-src 'self' maps.googleapis.com lacare.wpengine.com translate.googleapis.com translate-pa.googleapis.com  ; upgrade-insecure-requests 1
object-src 'none'; base-uri 'none'; script-src 'nonce-43a461dba63edd6f9aced951ad4f73e6' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; 1
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.jiffymarketing.com https://pennzoil400.pixelhublive.com/; 1
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: wss: https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.google.com https://*.twitter.com https://*.instagram.com https://*.facebook.com https://consenthub.org cdn.baycloud.com scanner.baycloud.com baycloud.com fonts.googleapis.com consenthub.org fonts.gstatic.com www.googletagmanager.com www.google-analytics.com region1.google-analytics.com stats.g.doubleclick.net unpkg.com ga.jspm.io cdn.jsdelivr.net challenges.cloudflare.com www.google.com cdnjs.cloudflare.com platform.twitter.com syndication.twitter.com static.zdassets.com p13.zdassets.com theme.zdassets.com blindsidenetworks.zendesk.com secure.gravatar.com www.gstatic.com player.vimeo.com *.analytics.google.com *.google-analytics.com *.youtube.com *.youtube-nocookie.com *.recaptcha.net *.addthis.com *.addthisedge.com *.adnxs.com *.ads.linkedin.com *.adsrvr.org *.ads-twitter.com *.akamaihd.net *.akstat.io *.amazon.adsystem.com *.amazon-adsystem.com *.baycloud.com *.bazaarvoice.com *.boldapps.net *.caselemedia.com *.chartbeat.com *.chartbeat.net *.cloudfront.net *.demdex.net *.doubleclick.net *.doubleverify.com *.eyeota.net *.facebook.com *.facebook.net *.fls.doubleclick.net *.fontawesome.com *.g.doubleclick.net *.ggpht.com *.gigya.com *.gigya-ext.com *.go-mpulse.net *.google.co.uk *.google.com *.google.de *.google.nl *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googlevideo.com *.gstatic.com *.klaviyo.com *.linkedin.com *.liveperson.net *.lpsnmedia.net *.marketo.com *.mktoresp.com *.moatads.com *.myfonts.net *.navdmp.com *.nr-data.net *.omtrdc.net *.openx.net *.oracleinfinity.io *.paypal.com *.paypalobjects.com *.pinterest.com *.pubmatic.com *.quora.com *.rawgit.com *.rfihub.com *.rubiconproject.com *.safeframe.googlesyndication.com *.sc-static.net *.shopify.com *.shopifycdn.com *.shopifysvc.com *.snapchat.com *.socialshopwave.com *.spotxchange.com *.stripe.com *.tubemogul.com *.twimg.com *.twitter.com *.typekit.com *.typekit.net *.typography.com *.unpkg.com *.wp.com *.yotpo.com *.ytimg.com *.zdassets.com *.zendesk.com *.zeotap.com ad.doubleclick.net adservice.google.com agkn.com ajax.aspnetcdn.com amp.azure.net api.addressy.com api.hubapi.com assets.adobedtm.com az417220.vo.msecnd.net bam.nr-data.net c0.wp.com caselemedia.com cdn.buttercms.com cdn.cookielaw.org cdn.datatables.net cdn.lightwidget.com cdn.polyfill.io cdn.syndication.twimg.com cdn-images.mailchimp.com checkout.paypal.com code.jquery.com consenthub.blob.core.windows.net cookiescannerblazorservice.service.signalr.net fast.fonts.net forms.hsforms.com forms.hubspot.com i.ytimg.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.hsforms.net js.hs-scripts.com js-agent.newrelic.com lonrtp1.marketo.com maps.googleapis.com maps.gstatic.com *.bootstrapcdn.com munchkin.marketo.net paypal.com pbs.twimg.com pixel.wp.com polyfill.io privacybridge.com s2.adform.net s3.amazonaws.com securepubads.g.doubleclick.net shopifyorderlimits.s3.amazonaws.net snap.licdn.com static.doubleclick.net stats.wp.com sync.search.spotxchange.com t.co tr.snapchat.com track.adform.net track.hubspot.com www.googletagservices.com www.recaptcha.net *.vimeo.com *.vimeocdn.com *.sharethis.com testtesttesttest hcaptcha.com *.wikimedia.org ARRAAffinitySameSite region1.analytics.google.com ajax.googleapis.com jnn-pa.googleapis.com ssl.google-analytics.com use.fontawesome.com *.wisepops.com wisepops.net f.vimeocdn.com app.prommt.com www.brownbin.ie api.autoaddress.ie i.vimeocdn.com *.transistor.fm *.autoaddress.ie cdn.mouseflow.com m.stripe.network cdn.shopify.com geolocation-recommendations.shopifyapps.com *.hcaptcha.com duckduckgo.com monorail-edge.shopifysvc.com *.b2clogin.com streetviewpixels-pa.googleapis.com maps.google.ie vod-progressive.akamaized.net rising-sons-brewery.tablepath.com tablepath.blob.core.windows.net *.jotform.com *.jotfor.ms *.hotjar.com *.onetrust.com *.cookielaw.org *.adobe.io *.ip-api.com *.civiccomputing.com api.hubspot.com app.hubspot.com *.hubspot.com static.hsappstatic.net *.gofundme.com cookiebot.com *.cookiebot.com *.stripecdn.com *.hsforms.com *.gravatar.com go.irish-advantage.com prepareforbrexit.com privacyportal-eu.onetrust.com settings.luckyorange.net wp;; script-src 'self' https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.google.com https://*.twitter.com https://*.instagram.com https://*.facebook.com https://consenthub.org https://*.baycloud.com https://*.googletagmanager.com https://*.youtube.com https://*.youtube-nocookie.com https://cdnjs.cloudflare.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.google.com https://*.twitter.com https://*.instagram.com https://*.facebook.com https://consenthub.org https://*.baycloud.com 'unsafe-inline'; font-src 'self' https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.google.com https://*.twitter.com https://*.instagram.com https://*.facebook.com https://consenthub.org https://*.baycloud.com data:; img-src 'self' https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.google.com https://*.twitter.com https://*.instagram.com https://*.facebook.com https://consenthub.org https://*.baycloud.com https://i.ytimg.com https://s.w.orgm https://ps.w.org data:; object-src 'none'; frame-src 'self' https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.google.com https://*.twitter.com https://*.instagram.com https://*.facebook.com https://consenthub.org https://*.baycloud.com https://td.doubleclick.net https://*.youtube.com https://*.youtube-nocookie.com data:; connect-src 'self' https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.google.com https://*.twitter.com https://*.instagram.com https://*.facebook.com https://consenthub.org; worker-src 'self' blob:; frame-ancestors 'self' ; 1
default-src 'none'; script-src 'self' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data: secure.gravatar.com apnorc.org www.googletagmanager.com ps.w.org s.w.org ts.w.org; font-src 'self' data: fonts.gstatic.com; connect-src 'self' yoast.com www.google-analytics.com cdn.jsdelivr.net; media-src 'self'; object-src 'self'; child-src 'self' blob:; frame-src 'self' www.youtube.com static.contextall.com; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' 1
connect-src 'self' blob: data: *.redditstatic.com http://localhost:16788 https://*.adnxs.com https://*.ads.linkedin.com https://*.adsrvr.org https://*.aptrinsic.com https://*.basis.net https://*.bausch.com https://*.bing.com https://*.bluecava.com https://*.bootstrapcdn.com/ https://*.bunny.net/ https://*.businesswire.com/ https://*.clarity.ms https://*.cloudflare.com/ https://*.collect.igodigital.com https://*.consensu.org https://*.consentmanager.net https://*.consumerism.pressganey.com https://*.contextweb.com https://*.delivery.consentmanager.net https://*.doctor.com/ https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.fontawesome.com/ https://*.fonts.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.co.in https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gotolstoy.com/ https://*.gstatic.com https://*.investis.com https://*.litix.io https://*.mapbox.com https://*.marinsm.com https://*.mgr.consensu.org https://*.mookie1.com https://*.paradox.ai/ https://*.pinimg.com https://*.pinterest.com https://*.pricespider.com/ https://*.prnewswire.com/ https://*.reddit.com https://*.redditstatic.com https://*.rubiconproject.com https://*.services.visualstudio.com https://*.serving-sys.com https://*.snapchat.com https://*.tiktok.com/ https://*.tools.investis.com https://*.typekit.net https://*.wistia.com https://*.wistia.net https://analytics.google.com https://api.tiles.mapbox.com/ https://cdn.fonts.net https://cdn.pricespider.com https://google.com https://sc-static.net https://unpkg.com/ wss://localhost:44399 wss://wtbstream.pricespider.com/; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.redditstatic.com http://fast.wistia.com/ http://localhost:16788 https://*.activehosted.com/ https://*.adnxs.com https://*.ads.linkedin.com https://*.adsrvr.org https://*.akamaihd.net https://*.app-us1.com/ https://*.basis.net https://*.bausch.com https://*.bing.com https://*.bluecava.com https://*.bootstrapcdn.com https://*.bootstrapcdn.com/ https://*.bunny.net/ https://*.businesswire.com/ https://*.clarity.ms https://*.cloudflare.com/ https://*.cloudfront.net https://*.collect.igodigital.com https://*.consensu.org https://*.consentmanager.net https://*.contextweb.com https://*.deepintent.com/ https://*.delivery.consentmanager.net https://*.doctor.com/ https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.fingertipformulary.com/ https://*.fontawesome.com/ https://*.fonts.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.co.in https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gotolstoy.com/ https://*.graph.bluecava.com https://*.gstatic.com https://*.investis.com https://*.jquery.com/ https://*.jsdelivr.net/ https://*.lassomarketing.io/ https://*.lhmos.com https://*.licdn.com https://*.linkedin.com https://*.litix.io https://*.lumifyrewards.com https://*.marinsm.com https://*.marketo.net https://*.mathtag.com/ https://*.mgr.consensu.org https://*.mookie1.com https://*.paradox.ai/ https://*.pinimg.com https://*.pinterest.com https://*.pmsrv.co/ https://*.pricespider.com/ https://*.prnewswire.com/ https://*.rubiconproject.com https://*.salesforce-sites.com https://*.salesforceliveagent.com https://*.services.visualstudio.com https://*.sharethis.com/ https://*.snapchat.com https://*.tiktok.com/ https://*.tools.investis.com https://*.turn.com https://*.twitter.com/ https://*.typekit.net https://*.wistia.com https://*.wistia.net https://analytics.google.com https://api.tiles.mapbox.com/ https://bauschsurgical.bl-ppd.com/ https://bauschvisioncare.secure.force.com https://c212.net/ https://connect.facebook.net https://google.com https://js.adsrvr.org https://miebo-ecp-bl-ppd.com/ https://ocuvite.bl-inte.com/ https://sc-static.net https://static.ads-twitter.com/ https://t.co/ https://tags.spider-mails.com/ https://thrtle.com https://unpkg.com/ https://www.bauschsurgical.com/ wss://localhost:44399 wss://wtbstream.pricespider.com/; font-src 'self' data: http://localhost:16788 https://*.adnxs.com https://*.bausch.com https://*.bootstrapcdn.com https://*.bunny.net/ https://*.cloudflare.com/ https://*.cloudfront.net https://*.consentmanager.net https://*.delivery.consentmanager.net https://*.doctor.com/ https://*.facebook.com https://*.facebook.net https://*.fontawesome.com/ https://*.fonts.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gotolstoy.com/ https://*.gstatic.com https://*.jsdelivr.net/ https://*.litix.io https://*.marinsm.com https://*.mookie1.com https://*.pricespider.com/ https://*.tiktok.com/ https://*.typekit.net https://*.wistia.com https://*.wistia.net https://cdn.fonts.net https://cdn.pricespider.com https://www.bauschsurgical.com/; form-action 'self' https://*.bausch.com https://*.consentmanager.net https://*.delivery.consentmanager.net https://*.doctor.com/ https://*.facebook.com; frame-ancestors 'self' https://*.consentmanager.net https://*.delivery.consentmanager.net https://*.lumifyrewards.com; frame-src 'self' *.redditstatic.com http://*.fls.doubleclick.net https://*.adsrvr.org https://*.basis.net https://*.bausch.com https://*.consensu.org https://*.consentmanager.net https://*.delivery.consentmanager.net https://*.doctor.com/ https://*.doubleclick.net https://*.facebook.com https://*.fingertipformulary.com/ https://*.fonts.net https://*.google.com https://*.google.ie https://*.gotolstoy.com https://*.gotolstoy.com/ https://*.gstatic.com https://*.lumifyrewards.com https://*.mapbox.com https://*.marinsm.com https://*.mgr.consensu.org https://*.mookie1.com https://*.pinterest.com https://*.pricespider.com/ https://*.sightmatters.com/ https://*.sitescout.com https://*.snapchat.com https://*.wistia.net https://*.youtube.com https://analytics.google.com https://cdn.pricespider.com https://irxcm.com; img-src 'self' blob: data: *.redditstatic.com http://localhost:16788 https://*.adentifi.com https://*.adnxs.com https://*.ads.linkedin.com https://*.adsrvr.org https://*.akamaihd.net https://*.app-us1.com/ https://*.basis.net https://*.bausch.com https://*.bing.com https://*.bl-inte.com https://*.bluecava.com https://*.businesswire.com/ https://*.clarity.ms https://*.cloudflare.com/ https://*.cloudfront.net https://*.collect.igodigital.com https://*.consentmanager.net https://*.contextweb.com https://*.deepintent.com/ https://*.delivery.consentmanager.net https://*.doctor.com/ https://*.doubleclick.net https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.co.in https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gotolstoy.com/ https://*.graph.bluecava.com https://*.gstatic.com https://*.linkedin.com https://*.litix.io https://*.marinsm.com https://*.mathtag.com/ https://*.mookie1.com https://*.pinimg.com https://*.pinterest.com https://*.placeholder.com https://*.pricespider.com/ https://*.prnewswire.com/ https://*.reddit.com https://*.rubiconproject.com https://*.salesforce-sites.com https://*.sharethis.com/ https://*.sitescout.com https://*.snapchat.com https://*.tiktok.com/ https://*.turn.com https://*.twitter.com/ https://*.wistia.com https://*.wistia.net https://*.ytimg.com https://bauschsurgical.bl-ppd.com/ https://bauschvisioncare.secure.force.com https://c212.net/ https://cdn.fonts.net https://cdn.pricespider.com https://eyetube.net https://google.com https://miebo-ecp-bl-ppd.com/ https://sc-static.net https://t.co/ https://thrtle.com https://unpkg.com/ https://www.bauschsurgical.com/ https://www.google.lu; media-src 'self' blob: https://*.ads.linkedin.com https://*.bausch.com https://*.consentmanager.net https://*.gotolstoy.com/ https://*.gstatic.com https://*.litix.io https://*.marinsm.com https://*.mookie1.com https://*.wistia.com https://*.wistia.net; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.redditstatic.com http://fast.wistia.com/ http://localhost:16788 https://*.activehosted.com/ https://*.adnxs.com https://*.ads.linkedin.com https://*.adsrvr.org https://*.app-us1.com/ https://*.aptrinsic.com https://*.bausch.com https://*.bing.com https://*.bootstrapcdn.com/ https://*.bunny.net/ https://*.clarity.ms https://*.cloudflare.com/ https://*.cloudfront.net https://*.collect.igodigital.com https://*.consentmanager.net https://*.contextweb.com https://*.delivery.consentmanager.net https://*.doctor.com https://*.doctor.com/ https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.fontawesome.com/ https://*.fonts.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gotolstoy.com https://*.gotolstoy.com/ https://*.gstatic.com https://*.jquery.com/ https://*.jsdelivr.net/ https://*.la3-c2-ia2.salesforceliveagent.com https://*.lassomarketing.io https://*.lassomarketing.io/ https://*.lhmos.com https://*.licdn.com https://*.linkedin.com https://*.litix.io https://*.lumifyrewards.com https://*.mapbox.com https://*.marinsm.com https://*.marketo.net https://*.monitor.azure.com https://*.mookie1.com https://*.pinimg.com https://*.pinterest.com https://*.pmsrv.co https://*.pmsrv.co/ https://*.pricespider.com https://*.pricespider.com/ https://*.prod.uidapi.com https://*.redditstatic.com https://*.salesforceliveagent.com https://*.serving-sys.com https://*.sharethis.com/ https://*.snapchat.com https://*.tiktok.com/ https://*.wistia.com https://*.wistia.net https://*.youtube.com https://api.tiles.mapbox.com/ https://cdn.pricespider.com https://connect.facebook.net https://irxcm.com https://js.adsrvr.org https://sc-static.net https://static.ads-twitter.com/ https://tags.spider-mails.com/ https://unpkg.com/ https://www.bauschsurgical.com/ ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.redditstatic.com http://localhost:16788 https://*.adnxs.com https://*.ads.linkedin.com https://*.adsrvr.org https://*.bausch.com https://*.bootstrapcdn.com/ https://*.bunny.net/ https://*.cloudflare.com/ https://*.consentmanager.net https://*.delivery.consentmanager.net https://*.doctor.com https://*.doctor.com/ https://*.facebook.com https://*.facebook.net https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gotolstoy.com https://*.gotolstoy.com/ https://*.gstatic.com https://*.jquery.com/ https://*.jsdelivr.net/ https://*.la3-c2-ia2.salesforceliveagent.com https://*.litix.io https://*.mapbox.com https://*.marinsm.com https://*.monitor.azure.com https://*.mookie1.com https://*.pricespider.com https://*.pricespider.com/ https://*.redditstatic.com https://*.wistia.com https://*.wistia.net https://api.tiles.mapbox.com/ https://cdn.pricespider.com https://static.ads-twitter.com/ https://tags.spider-mails.com/ ; style-src-attr 'self' 'unsafe-inline' https://*.adnxs.com https://*.ads.linkedin.com https://*.bausch.com https://*.consentmanager.net https://*.delivery.consentmanager.net https://*.doctor.com https://*.facebook.com https://*.facebook.net https://*.gstatic.com https://*.mapbox.com https://*.wistia.com ; style-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.redditstatic.com http://localhost:16788 https://*.adnxs.com https://*.ads.linkedin.com https://*.aptrinsic.com https://*.bausch.com https://*.bootstrapcdn.com/ https://*.bunny.net/ https://*.cloudflare.com/ https://*.cloudfront.net https://*.consentmanager.net https://*.delivery.consentmanager.net https://*.doctor.com https://*.doctor.com/ https://*.facebook.com https://*.facebook.net https://*.fontawesome.com/ https://*.fonts.net https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gotolstoy.com https://*.gotolstoy.com/ https://*.gstatic.com https://*.jquery.com/ https://*.jsdelivr.net/ https://*.litix.io https://*.mapbox.com https://*.marinsm.com https://*.mookie1.com https://*.pinterest.com https://*.pricespider.com/ https://*.tiktok.com/ https://*.typekit.net https://*.wistia.com https://*.wistia.net https://api.tiles.mapbox.com/ https://cdn.fonts.net https://cdn.pricespider.com https://fonts.bunny.net https://unpkg.com/ https://www.bauschsurgical.com/ ; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.redditstatic.com http://localhost:16788 https://*.adnxs.com https://*.ads.linkedin.com https://*.bausch.com https://*.bootstrapcdn.com/ https://*.bunny.net/ https://*.cloudflare.com/ https://*.consentmanager.net https://*.delivery.consentmanager.net https://*.doctor.com https://*.doctor.com/ https://*.facebook.com https://*.facebook.net https://*.fonts.net https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gotolstoy.com https://*.gotolstoy.com/ https://*.gstatic.com https://*.jquery.com/ https://*.jsdelivr.net/ https://*.litix.io https://*.mapbox.com https://*.marinsm.com https://*.mookie1.com https://*.pricespider.com https://*.pricespider.com/ https://*.wistia.com https://*.wistia.net https://api.tiles.mapbox.com/ https://cdn.fonts.net https://cdn.pricespider.com https://fonts.bunny.net ; script-src-attr 'unsafe-inline' http://localhost:16788 https://*.ads.linkedin.com https://*.bausch.com https://*.consentmanager.net https://*.delivery.consentmanager.net https://*.doctor.com https://*.facebook.net https://*.gstatic.com https://*.mapbox.com https://*.wistia.com ; navigate-to https://*.consentmanager.net https://*.delivery.consentmanager.net; base-uri https://*.collect.igodigital.com https://*.consentmanager.net https://*.g.doubleclick.net https://*.gotolstoy.com; worker-src blob: https://*.consentmanager.net https://api.tiles.mapbox.com/ https://ocuvite.bl-inte.com/; object-src https://*.bausch.com https://*.litix.io https://*.marinsm.com https://*.mookie1.com https://*.wistia.net https://www.vyzultahcp.com; upgrade-insecure-requests;report-to stott-security-endpoint;report-uri https://www.bausch.com/stott.security.optimizely/api/cspreporting/reporturiviolation/; 1
default-src 'self' blob:; font-src 'self' data: https://*.typekit.net https://*.bugherd.com https://*.cloudfront.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com ;img-src 'self' data: blob: https://*.cdninstagram.com https://ps.w.org https://s.w.org https://*.hormel.com https://secure.gravatar.com https://res.cloudinary.com https://*.salsify.com https://bugherd-attachments.s3.amazonaws.com https://www.google.com https://*.iriworldwide.com https://*.bugherd.com https://www.googletagmanager.com https://*.cloudfront.net https://*.powerreviews.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.pricespider.com https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://*.bing.com https://*.cloudfront.net https://*.sharethis.com https://www.facebook.com https://*.pinterest.com https://*.iriworldwide.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://s0.wp.com https://*.force.com https://hormel.my.salesforce-sites.com https://hormel.my.salesforce.com https://code.jquery.com https://*.bugherd.com https://*.cloudfront.net https://*.powerreviews.com https://static.hotjar.com https://*.facebook.net https://*.salesforceliveagent.com https://service.force.com https://mpsnare.iesnare.com https://*.jsdelivr.net https://www.googleadservices.com https://*.amazonaws.com https://www.google-analytics.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.pricespider.com https://*.google.com https://*.googleapis.com https://*.google.com https://*.hormel.com https://*.hormelfoods.com https://www.googletagmanager.com https://ws.sharethis.com ;style-src 'self' 'unsafe-inline' https://s0.wp.com https://*.force.com https://hormel.my.salesforce-sites.com https://*.typekit.net https://*.bugherd.com https://service.force.com https://*.hormel.com https://*.jsdelivr.net https://*.hormelfoods.com https://*.cloudfront.net https://*.powerreviews.com https://*.googleapis.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.pricespider.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com ;connect-src 'self' wss://ws-mt1.pusher.com https://sockjs.pusher.com https://yoast.com https://hormel.my.salesforce-sites.com https://*.bugherd.com https://*.bugsnag.com https://*.amazonaws.com https://cdnjs.cloudflare.com https://*.pricespider.com https://*.iriworldwide.com wss://ws.pusherapp.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com wss://*.pricespider.com https://productlocator.iriworldwide.com https://*.powerreviews.com https://www.facebook.com https://*.doubleclick.net https://www.google-analytics.com https://*.pusher.com https://*.sharethis.com https://*.pinterest.com https://www.googletagmanager.com ;frame-src 'self' https://widgets.wp.com https://service.force.com https://*.google.com https://*.bugherd.com https://www.youtube.com https://*.pinterest.com https://www.facebook.com https://*.doubleclick.net 1
connect-src 'self' px.ads.linkedin.com consent-pref.trustarc.com consent.trustarc.com consent-reporting.trustarc.com p.typekit.net region1.analytics.google.com analytics.google.com maxcdn.bootstrapcdn.com use.typekit.net cdn.linkedin.oribi.io translate.googleapis.com play.vidyard.com stats.g.doubleclick.net 573-jlc-716.mktoresp.com 677-qfu-507.mktoresp.com 677-qfu-507.mktoutil.com www.google-analytics.com region1.google-analytics.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat www.googletagmanager.com www.greatamericaninsurancegroup.com www.gstatic.com www.linkedin.com; font-src 'self' data: consent.trustarc.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com use.typekit.net www.greatamericaninsurancegroup.com; form-action 'self'; frame-ancestors 'self'; default-src 'self' play.vidyard.com; frame-src 'self' consent-pref.trustarc.com td.doubleclick.net fast.wistia.net podcasters.spotify.com www.linkedin.com www.googletagmanager.com www.facebook.com anchor.fm app-ab02.marketo.com platform.twitter.com play.vidyard.com specialty.gaig.com www.google.com www.youtube.com www.surveymonkey.com www.google-analytics.com region1.google-analytics.com; img-src 'self' consent-pref.trustarc.com consent.trustarc.com consent.truste.com app-ab02.marketo.com region1.analytics.google.com www.google.co.ao analytics.google.com stats.g.doubleclick.net gaigauthor.gaig.com a.b0e8.com data: blob: a1.b0e8.com specialty.gaig.com www.linkedin.com www.gstatic.com translate.google.com ssl.google-analytics.com syndication.twitter.com fonts.gstatic.com px.ads.linkedin.com region1.google-analytics.com px4.ads.linkedin.com p.typekit.net play.vidyard.com www.google-analytics.com www.google.com www.googletagmanager.com www.policysweet.com www.greatamericaninsurancegroup.com cdn.vidyard.com i.ytimg.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.caigo.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat; script-src-elem 'self' code.jquery.com consent.trustarc.com bam.nr-data.net fast.wistia.net cdn.b0e8.com apis.google.com js-agent.newrelic.com widget.surveymonkey.com snap.licdn.com ssl.google-analytics.com connect.facebook.net ajax.googleapis.com app-ab02.marketo.com munchkin.marketo.net platform.twitter.com play.vidyard.com specialty.gaig.com use.typekit.net www.google-analytics.com region1.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com 'unsafe-inline' www.youtube.com; style-src-elem 'self' data: p.typekit.net use.typekit.net www.gstatic.com app-ab02.marketo.com fonts.googleapis.com maxcdn.bootstrapcdn.com specialty.gaig.com 'unsafe-inline'; script-src-attr 'unsafe-inline'; script-src 'unsafe-eval' 'unsafe-inline' 'self' widget.surveymonkey.com specialty.gaig.com fast.wistia.net bam.nr-data.net ajax.googleapis.com platform.twitter.com region1.google-analytics.com www.google-analytics.com www.gstatic.com snap.licdn.com cdn.b0e8.com www.google.com js-agent.newrelic.com connect.facebook.net app-ab02.marketo.com www.googletagmanager.com use.typekit.net munchkin.marketo.net play.vidyard.com; style-src-attr 'unsafe-inline' www.greatamericaninsurancegroup.com; style-src 'self' 'unsafe-inline' specialty.gaig.com app-ab02.marketo.com fonts.googleapis.com maxcdn.bootstrapcdn.com p.typekit.net use.typekit.net www.gstatic.com; object-src 'self'; media-src 'self' data: ssl.gstatic.com; child-src 'self' app-ab02.marketo.com play.vidyard.com www.google.com www.googletagmanager.com www.youtube.com; upgrade-insecure-requests; report-uri https://greatamericaninsurancegroup.report-uri.com/r/t/csp/enforce 1
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://sentry.io/api/1240897/security/?sentry_key=45ab2f21040d4b1c99847f5325d7c5d7 1
default-src https: http: ws: wss: data: 'self' 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' *.academieminerva.nl academieminerva.nl 1
default-src 'self';script-src 'self' 'nonce-w+npNV6XRUCA/xVcKF3MBvd8' http://stats.g.doubleclick.net https://fonts.googleapis.com https://www.linkedin.com https://www.facebook.com https://www.twitter.com https://*.googletagmanager.com https://*.google-analytics.com https://az416426.vo.msecnd.net https://ajax.aspnetcdn.com https://clientearth.azureedge.net https://files.clientearth.org https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ 'sha256-8ClMIq+X/pDDGtAAnpW99nxXnETPZFt73afLWMCUlSM=' 'sha256-ZjzVKhDN7wuRUPfNj0MSySSHkXWbsqzCz/avLfRGPlc=' 'sha256-M/casqsfWX1uO3ssgElz/yHQT1ICNBbgaJ7XkAD9IQc=' 'sha256-QIeXZnbBLXX3afVSNHMJNJcFAntPmT0IYPU75YpYodA=' 'sha256-Rqdy+sJCcP3qtS3tdKFbHuWV9NE9PGTItW4GSpRKN+M=' 'sha256-h4dbFGpqrsesdJh57CwCRrY2NzNmumVrfCFD6o++/4Q=' 'sha256-tz9SvugUA9YSInyGXolT1MO04pfWtYwUf1pdMF8s+NU=' 'sha256-cLVy/FNNxR52VnqgqaMOJwPor9p7Qa06Br1BiM3eboA=' 'sha256-BX/gLDkQ1xmZ2BnyH6yvQYHLMrpTSQGBXAul08fcGnY=' 'sha256-1ngK37eIux2ifjhtXRyPqzZZrL6wofUI0d2G9tt15dE=' https://lazyferret.com/lazyferret-scripts/1.min.js 'sha256-HRVFWWnPEydYDGzYpso70ArXt6ldXnPHHGZeN4j9YtA=' 'sha256-8I6OFNP3OM/Ae90qApFM8JnBKJlawXLqnU4Y112MxSw=' https://connect.facebook.net https://static.hotjar.com https://snap.licdn.com https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js 'sha256-832bMznOm6qWg0EdeOEmbTuLOWdeKLvyfqnqi/Aj/hs=' https://widget.proca.app;object-src 'self';style-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://translate.googleapis.com https://clientearth.azureedge.net https://files.clientearth.org 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-w9CEzYhmvsTRzpOeD9qySBu+9qJ+adxh8W15E9GYwNE=' 'sha256-ZD0chCyBaNHl+4UwQHJIHGoYhKwMeyCXGgJTKW5/67E=' 'sha256-ICa0DhwZQJsOd/Rn0N8H6FdQ71GfNL+op2zhAQ+Y4mM=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-vZ6DERRW5CRT9PyrEI3g/oL9A6roiJHBAZEOgSnyvwY=' 'sha256-KWxDqbniGgEelO8aphwG50lBIjYfvbDELI46O1ZBC1o=' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-1PxuDsPyGK6n+LZsMv0gG4lMX3i3XigG6h0CzPIjwrE=' 'sha256-b3IrgBVvuKx/Q3tmAi79fnf6AFClibrz/0S5x1ghdGU=';img-src 'self' https://use.typekit.net https://screenmediaclientearth.blob.core.windows.net https://clientearth.azureedge.net https://www.gstatic.com https://files.clientearth.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk data:;frame-src 'self' https://www.youtube.com https://vars.hotjar.com https://player.vimeo.com https://www.google.com https://www.riddle.com https://act.clientearth.org https://app.livestorm.co;font-src 'self' https://use.typekit.net https://fonts.gstatic.com;connect-src 'self' https://dc.services.visualstudio.com https://clientearth-stage.azurewebsites.net https://dev-clientearth.azure-api.net https://clientearth.azure-api.net https://api.clientearth.org https://apikeys.civiccomputing.com https://clapi.civiccomputing.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk;base-uri 'self';form-action 'self' https://donate.clientearth.org;upgrade-insecure-requests 1
default-src 'self' data: mc.yandex.ru yandex.st googleads.g.doubleclick.net www.google-analytics.com analytics.google.com stats.g.doubleclick.net *.livetex.ru *.livetex.me facebook.com facebook.net vkontakte.ru twitter.com www.google.com *.yandex.ru *.yandex.by *.yandex.com *.yandex.com.tr webvisor.com *.webvisor.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com:* youtube.com:* www.google-analytics.com *.gstatic.com:* *.googleapis.com *.google.com mc.yandex.ru yandex.st yastatic.net *.googleadservices.com *.googletagmanager.com googleads.g.doubleclick.net *.livetex.ru *.livetex.me vk.com facebook.com *.facebook.net vkontakte.ru *.twitter.com www.google.com *.yandex.ru abt.s3.yandex.net; style-src 'self' 'unsafe-inline' mc.yandex.ru:* *.googleapis.com *.gstatic.com:* *.fontawesome.com; img-src 'self' data: blob: mc.yandex.ru:* yastatic.net *.googleapis.com *.gstatic.com:* *.google-analytics.com *.google.ru i.ytimg.com *.livetex.ru *.livetex.me vk.com profholod.com profholod.co.uk; font-src 'self' *.gstatic.com:* *.livetex.ru *.livetex.me *.fontawesome.com;frame-src 'self' www.youtube.com:* *.yandex.ru *.yandex.by *.yandex.com *.yandex.com.tr webvisor.com *.webvisor.com yandex.ru dzen.ru *.livetex.ru *.livetex.me *.google.com;connect-src 'self' *.yandex.ru *.google.com *.google-analytics.com *.livetex.ru *.livetex.me *.doubleclick.net; 1
default-src 'self'; font-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: data: gap:; style-src 'self' 'unsafe-inline' https://www.gstatic.com/charts/ https://cdn.jsdelivr.net/npm/daterangepicker/ https://live.primis.tech/ https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/; object-src 'none'; base-uri 'self'; connect-src 'self' https:; frame-src 'self' https:; img-src 'self' https: data:; manifest-src 'self'; media-src 'self' https: blob:; worker-src 'none'; form-action 'self' https: https://newsletter.thestreamable.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com 'unsafe-inline' *.netcore.co.in 'unsafe-inline' *.google-analytics.com 'unsafe-inline' *.tawk.to 'unsafe-inline' *.netcoresmartech.com 'unsafe-inline' *.jsdelivr.net 'unsafe-inline' *.moengage.com 'unsafe-inline' *.facebook.net 1
default-src 'self' data: blob: *.gstatic.com *.google.com *.google-analytics.com *.nr-data.net *.sentry.io *.facebook.com *.facebook.net *.bing.com *.arcot.com *.ondemand.com *.fontawesome.com *.auth0.com *.creditmutuel.fr *.bioz.com *.vwr.com *.doubleclick.net *.avantorsciences.com *.nusil.com *.googletagmanager.com *.linkedin.com *.twitter.com *.vwrsurveys.com *.adsymptotic.com *.paymetric.com *.mktoresp.com *.wardsci.com *.sargentwelch.com *.boreal.com *.sargentwelch.ca *.twimg.com *.vwr-cmd.com *.mt.com *.moji-moji.com *.youtube.com youtube.com *.gotowebinar.com *.vwr-cmd2.com *.surveymonkey.com *.instantservice.com *.zencdn.net *.cdntwrk.com www.google.co.in *.hotjar.com *.hotjar.io ahpp.adflex.co.uk ahpp2.adflex.co.uk authentication.cardinalcommerce.com *.pinterest.com *.kickfire.com *.rumiview.com *.vimeo.com *.chatlayer.ai *.sinch.com *.ably-realtime.com *.ably.io *.salesforce.com *.prnewswire.com nebnextvwr.neb.com projects.spielcreative.com projects.ivorystudio.net *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net *.pantheonsite.io; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.facebook.com *.facebook.net *.bing.com *.avantorsciences.com *.arcot.com *.auth0.com *.ondemand.com *.fontawesome.com *.creditmutuel.fr *.bioz.com *.vwr.com *.googleapis.com *.mktoresp.com *.twitter.com *.twimg.com *.zencdn.net *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.auth0.com *.google-analytics.com *.facebook.com *.facebook.net *.bing.com *.arcot.com *.auth0.com *.ondemand.com *.fontawesome.com *.creditmutuel.fr *.bioz.com *.sinch.com *.ably-realtime.com *.ably.io *.chatlayer.ai *.sentry.io *.salesforceliveagent.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.vwr.com *.licdn.com *.cloudflareinsights.com *.vwrsurveys.com *.marinsm.com *.paymetric.com *.google.com *.cloudflare.com *.pardot.com *.doubleclick.net *.googleadservices.com *.facebook.net *.wardsci.com *.verisign.com *.linkedin.com *.twitter.com *.googleapis.com *.sargentwelch.com *.sargentwelch.ca *.marketo.net *.twimg.com *.vwr-cmd.com *.mt.com *.moji-moji.com *.youtube.com youtube.com *.gotowebinar.com *.vwr-cmd2.com *.surveymonkey.com *.instantservice.com *.zencdn.net *.cdntwrk.com www.google.co.in *.hotjar.com *.hotjar.io *.pinimg.com *.avantorsciences.com *.kickfire.com *.rumiview.com *.jquery.com *.prnewswire.com *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net; 1
default-src * data: 'unsafe-inline' 'unsafe-eval' https: 1
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' https: data:;object-src 'none';script-src 'self' https://*.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://*.googlesyndication.com https://ssl.gstatic.com https://ssl.google-analytics.com https://ajax.googleapis.com https://doubleclick.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.midtrans.com https://cdn.jsdelivr.net https://cdn.jsdelivr.net/gh/khanifikhsanudin/ https://raw.githubusercontent.com https://cdn.statically.io https://cdn.topupgim.com https://bundle.run https://cdn.ckeditor.com https://*.instagram.com 'unsafe-inline';script-src-attr 'self' 'unsafe-inline';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' https://*.google-analytics.com https://*.google.com https://*.google.co.id https://*.googlesyndication.com https://doubleclick.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.instagram.com;frame-src 'self' https://*.google.com https://*.googlesyndication.com https://doubleclick.net https://*.doubleclick.net https://*.youtube.com https://*.facebook.com https://*.facebook.net https://*.instagram.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://deliver.kontent.ai https://assets-eu-01.kc-usercontent.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://*.ytimg.com https://*.googleapis.com https://*.google.com https://*.vimeo.com https://*.facebook.net https://*.siteimprove.com https://*.siteimprove.net https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io https://siag.form.cloud https://fonts.gstatic.com  https://cdn.knightlab.com https://siagsap4pab.prod.apimanagement.eu20.hana.ondemand.com https://api.demo-integrations.services.siag.it https://api-integrations.services.siag.it https://sis.prod.apimanagement.eu20.hana.ondemand.com https://redas.services.siag.it https://civis.bz.it https://static.provinz.bz.it https://www.openstreetmap.org https://www.iubenda.com https://cdn.iubenda.com https://consent.iubenda.com https://hits-i.iubenda.com https://cs.iubenda.com/; base-uri 'self'; frame-ancestors 'self' https://*.kontent.ai/; 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-JCgx0NDz9rcXcC05Fj/cWoPQzPXA1V' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com *.fanplayr.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.hotjar.com *.doubleclick.net pixel.mathtag.com www.facebook.com api.retargetly.com forms.office.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com p.typekit.net validator.swagger.io https://www.magezon.com maps.googleapis.com maps.gstatic.com www.facebook.com *.google.com *.google.com.mx sp.analytics.yahoo.com googleads.g.doubleclick.net www.googletagmanager.com *.coca-colaentuhogar.com pixel.mathtag.com lb.data-dynamic.net *.barilliance.net *.barilliance.com *.fanplayr.com d38nbbai6u794i.cloudfront.net *.coca-cola.com.gt *.coca-cola.com.pa gt-coca.test pa-coca.test collect.fanplayr.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.google.com *.maze.co maps.googleapis.com googleapis.com ajax.googleapis.com *.gstatic.com connect.facebook.net js-agent.newrelic.com bam.nr-data.net www.googleoptimize.com *.doubleclick.net *.hotjar.com pixel.mathtag.com api.retargetly.com *.barilliance.net *.barilliance.com p.teads.tv 'unsafe-inline' s3.amazonaws.com/fanplayr *.fanplayr.com d38nbbai6u794i.cloudfront.net *.tiktok.com forms.office.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com 'unsafe-inline' *.fanplayr.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com p13n-mr.adobe.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobedc.net *.demdex.net *.adobe.io performance.typekit.net *.sentry.io maps.googleapis.com googleapis.com 8lioi8nl48.execute-api.us-west-2.amazonaws.com pyhdy1j3zh.execute-api.us-west-2.amazonaws.com www.facebook.com bam.nr-data.net gamma-latam-us-west-2-api-config.s3.amazonaws.com prod-latam-us-west-2-api-config.s3-us-west-2.amazonaws.com *.google.com *.doubleclick.net *.coca-colaentuhogar.com adobedc.demdex.net *.barilliance.net *.barilliance.com *.hotjar.com *.hotjar.io d38nbbai6u794i.cloudfront.net *.fanplayr.com wss://ws.hotjar.com *.tiktok.com forms.office.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.fanplayr.com *.barilliance.net *.barilliance.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.sancta-domenica.hr sancta-domenica.hr *.sancta-domenica.ba sancta-domenica.ba *.samsungshop.hr samsungshop.hr *.bigbang.ba bigbang.ba; 1
default-src 'self' 'unsafe-inline' https: data:; base-uri 'self'; 1
default-src 'self'; media-src 'self' *.responsivevoice.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.responsivevoice.org *.googleapis.com *.google.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.jsdelivr.net *.fontawesome.com *.wistia.com *.questionpro.com; connect-src 'self' *.hotjar.com  *.hotjar.io *.fontawesome.com *.responsivevoice.org *.google-analytics.com *.doubleclick.net *.google.com *.questionpro.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.fontawesome.com ; img-src 'self' data:  *.openstreetmap.org placehold.it *.w.org *.google-analytics.com *.doubleclick.net *.google.com *.google.cl *.googletagmanager.com *.questionpro.com; style-src 'self' 'unsafe-inline' *.questionpro.com  fonts.googleapis.com *.fontawesome.com; frame-src 'self' *.doubleclick.net  miro.com *.trencentral.cl *.youtube.com *.google.com *.questionpro.com; frame-ancestors 'self'; 1
default-src * data:; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 1
default-src 'self' https://static.zdassets.com https://web-cdn.gamban.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://web-cdn.gamban.com https://use.typekit.net https://*.google-analytics.com https://*.googletagmanager.com https://apis.google.com https://accounts.google.com/gsi/client https://connect.facebook.net https://static.zdassets.com https://v2.zopim.com https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://*.paypal.com https://js.stripe.com https://maps.googleapis.com https://songbird.cardinalcommerce.com; style-src 'self' 'unsafe-inline' https://web-cdn.gamban.com https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com; img-src 'self' data: https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://web-cdn.gamban.com https://www.facebook.com https://p.typekit.net https://v2assets.zopim.io https://static.zdassets.com https://*.google-analytics.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://v2.zopim.com https://gamban.zendesk.com https://assets.braintreegateway.com https://checkout.paypal.com https://www.paypalobjects.com; child-src 'self' https://assets.braintreegateway.com https://*.paypal.com; frame-src 'self' https://accounts.google.com https://bid.g.doubleclick.net https://staticxx.facebook.com https://www.youtube-nocookie.com https://www.youtube.com https://www.recaptcha.net/recaptcha/ https://player.vimeo.com/ https://accounts.google.com/gsi https://assets.braintreegateway.com https://*.paypal.com https://*.cardinalcommerce.com https://js.stripe.com https://hooks.stripe.com; connect-src 'self' https://web-cdn.gamban.com https://id.zopim.com https://*.google-analytics.com https://ekr.zdassets.com https://gamban.zendesk.com wss://gamban.zendesk.com wss://*.zopim.com https://api.pwnedpasswords.com https://www.facebook.com https://sentry.gamban.com https://stats.g.doubleclick.net https://accounts.google.com/gsi https://accounts.google.com/gsi/status https://*.analytics.google.com https://*.braintree-api.com https://*.cardinalcommerce.com https://api.stripe.com https://maps.googleapis.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com; font-src 'self' data: https://web-cdn.gamban.com https://fonts.gstatic.com https://use.typekit.net https://v2.zopim.com; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' idtechex.bamboohr.com platform.twitter.com www.googleadservices.com *.idtechex.com cdn.idtechex.com oss.maxcdn.com ie7-js.googlecode.com https://googleads.g.doubleclick.net  https://cdn.syndication.twimg.com *.google.com *.gstatic.com *.googleapis.com *.translate.goog assets.chaport.com app.chaport.com ws.zoominfo.com *.linkedin.com *.licdn.com 1
default-src 'self' https://*.netdna-ssl.com; script-src 'unsafe-inline' 'unsafe-eval' http:; style-src 'unsafe-inline' http:; img-src http: data:; font-src http: data:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' www.gravatar.com img.youtube.com pbs.twimg.com *.vimeocdn.com data: blob: s3-eu-west-1.amazonaws.com *.google-analytics.com www.googletagmanager.com optimize.google.com *.readspeaker.com maps.google.com maps.gstatic.com *.googleapis.com *.ggpht.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com www.googletagmanager.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com maps.googleapis.com *.readspeaker.com maps.google.com www.conceptcrafters.nl; connect-src 'self' *.google-analytics.com *.readspeaker.com maps.googleapis.com vimeo.com; style-src 'self' optimize.google.com fonts.googleapis.com 'unsafe-inline' *.readspeaker.com; font-src 'self' fonts.gstatic.com *.readspeaker.com data:; frame-src 'self' optimize.google.com *.readspeaker.com *.zorgkaartnederland.nl www.youtube-nocookie.com www.youtube.com player.vimeo.com; 1
frame-ancestors http://docplanner-front-test.docplanner.com https://docplanner-front-test.docplanner.com *.doctoralia.cl doctoraliaone-cl2-candidate.azurewebsites.net 1
default-src 'self' www.google.com; img-src 'self' data: * www.googletagmanager.com; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' storage.googleapis.com https://www.googletagmanager.com www.google.com www.gstatic.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com; object-src 'none'; frame-src https://www.youtube.com https://youtube.com https://www.google.com 1
default-src data: 'self' https://www.youtube.com/ https://matomo.dkrz.de https://mms.dkrz.de; img-src data: 'self' https://wdcc-status.dkrz.de/  https://matomo.dkrz.de  https://mms.dkrz.de/; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://matomo.dkrz.de; connect-src 'self' https://matomo.dkrz.de; frame-ancestors 'self' 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; font-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; 1
script-src 'self' https://www.youtube.com https://piwik.itzbund.de; base-uri 'none'; object-src 'none'; 1
frame-ancestors 'self' https://www.koneko-breeder.com; 1
frame-ancestors chrome-extension://epanfjkfahimkgomnigadpkobaefekcd moz-extension://* extension://kcehefigmoclkdfbkfdmclpcnpkcmmec chrome-extension://kcehefigmoclkdfbkfdmclpcnpkcmmec chrome-extension://aoiapjnkkimandkmllpbbfibbjemajbe chrome-extension://dfaleoajblhimpndjfbbkjcmljpjlfag chrome-extension://ppkofofimalnamcjdggombidedepiank chrome-extension://minegaflpmhpgcljobidelncnbninamh chrome-extension://mlggofnbkhmpmlaljfhbalkhlpijbloa chrome-extension://epanfjkfahimkgomnigadpkobaefekcd chrome-extension://eeailkpdijpamdldjjgdlpfanjiaedhh chrome-extension://ncbdopfjdekodallgdaigpinkpgddbak chrome-extension://cmfieleahpabhdppbjfmjbhhglaehehb chrome-extension://cagfaclfinjmbofdnojnioiojelknjok chrome-extension://enjlhglffhjmbcdlhineoaaeblmcekmp 1
default-src 'self'; img-src 'self' *.allfunds.com https://*.allfunds.com https://*.googleapis.com https://*.gstatic.com https://purecatamphetamine.github.io https://cms-front.s3.eu-west-1.amazonaws.com https://www.google-analytics.com https://storage.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://linkedin.com https://*.linkedin.com  https://cloudfunctions.net https://*.cloudfunctions.net https://*.amplitude.com https://amplitude.com https://amplitude.com https://akamaihd.net https://*.akamaihd.net https://akstat.io https://*.akstat.io https://snap.licdn.com https://googletagmanager.com https://*.googletagmanager.com 'self' data:;; media-src 'self' *.allfunds.com https://*.allfunds.com https://*.googleapis.com https://*.gstatic.com https://purecatamphetamine.github.io https://cms-front.s3.eu-west-1.amazonaws.com https://linkedin.com https://*.linkedin.com https://*.amplitude.com https://amplitude.com https://amplitude.com https://app.allfunds.com/docs/cms/header_web_5d4b57c95f.mp4 'self' data:;; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.google.com/recaptcha/api.js https://*.googleapis.com https://*.recaptcha.net https://recaptcha.net https://www.gstatic.com https://purecatamphetamine.github.io https://cms-front.s3.eu-west-1.amazonaws.com https://apis.google.com https://www.google-analytics.com https://player.vimeo.com/api/player.js https://cdn.jsdelivr.net/npm/css-vars-ponyfill@2 https://cdn.plyr.io/3.6.8/plyr.polyfilled.js https://*.go-mpulse.net https://linkedin.com https://*.linkedin.com https://cloudfunctions.net https://*.cloudfunctions.net https://*.amplitude.com https://amplitude.com https://akamaihd.net https://*.akamaihd.net https://akstat.io https://*.akstat.io https://snap.licdn.com https://googletagmanager.com https://*.googletagmanager.com https://clarity.ms https://*.clarity.ms; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://cloudfunctions.net https://*.cloudfunctions.net https://snap.licdn.com; font-src 'self' https://*.gstatic.com https://cloudfunctions.net https://*.cloudfunctions.net https://snap.licdn.com; connect-src 'self' https://europe-west1-afb-connect.cloudfunctions.net/registerUserContact https://allfunds.com https://*.googleapis.com https://purecatamphetamine.github.io https://cms-front.s3.eu-west-1.amazonaws.com https://md8jnn29kj.execute-api.eu-west-1.amazonaws.com https://www.google-analytics.com https://stats.g.doubleclick.net https://app.allfunds.com https://nextportfolio.allfunds.com https://telemetrics.allfunds.com https://dashboard.allfunds.com https://telemetrics-widgets.allfunds.dev wss://app.allfunds.com https://cdn.plyr.io https://region1.google-analytics.com https://region1.analytics.google.com https://*.go-mpulse.net https://linkedin.com https://*.linkedin.com https://cloudfunctions.net https://*.cloudfunctions.net https://*.amplitude.com https://amplitude.com https://amplitude.com https://akamaihd.net https://*.akamaihd.net https://akstat.io https://*.akstat.io https://snap.licdn.com https://googletagmanager.com https://*.googletagmanager.com https://clarity.ms https://*.clarity.ms; frame-src 'self' https://www.google.com https://purecatamphetamine.github.io https://cms-front.s3.eu-west-1.amazonaws.com https://intranet.allfunds.com https://app.allfunds.com https://*.recaptcha.net https://recaptcha.net https://nextportfolio.allfunds.com https://telemetrics.allfunds.com https://dashboard.allfunds.com https://telemetrics-widgets.allfunds.dev https://player.vimeo.com https://linkedin.com https://*.linkedin.com https://cloudfunctions.net https://*.cloudfunctions.net https://*.amplitude.com https://amplitude.com https://amplitude.com https://akamaihd.net https://*.akamaihd.net https://akstat.io https://*.akstat.io https://snap.licdn.com https://googletagmanager.com https://*.googletagmanager.com https://myconnect.allfunds.com https://myconnect.allfunds.dev; object-src 'none'; 1
style-src 'self' 'unsafe-inline'; img-src 'self' blob: data:; font-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; connect-src 'self' https://*.webpubsub.azure.com wss://*.webpubsub.azure.com 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://s.pinimg.com https://connect.facebook.net https://analytics.tiktok.com https://cdn.cookielaw.org https://platform.twitter.com https://bat.bing.com https://www.clarity.ms https://googleads.g.doubleclick.net https://snap.licdn.com https://www.googleadservices.com https://static.hotjar.com https://www.redditstatic.com https://script.hotjar.com https://siteimproveanalytics.com https://static.ads-twitter.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google.com https://www.gstatic.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://www.muchloved.com https://ajax.googleapis.com https://ads.nextdoor.com https://ct.pinterest.com https://cdn.jsdelivr.net https://cdn.preferencecentre.co.uk https://cdnjs.cloudflare.com https://customer.cludo.com https://donate.parkinsons.org.uk https://embed.typeform.com https://maps.googleapis.com https://polyfill-fastly.io https://secure.callhandling.co.uk https://unpkg.com www.youtube.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com https://www.muchloved.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://customer.cludo.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
frame-ancestors https://northernlight.com/; block-all-mixed-content; default-src 'self' https://assets.adobedtm.com/ https://*.hsforms.com/ https://*.hsforms.net/; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://assets.adobedtm.com/ https://ajax.googleapis.com/ https://www.gstatic.com/ https://www.google.com/ https://www.google-analytics.com/ https://snap.licdn.com/ https://js.hscollectedforms.net/ https://js.hsadspixel.net/ https://js.hs-banner.com/ https://js.hs-analytics.net/ https://forms.hsforms.com/ https://www.opgoogletagmanager.com/ https://js.hsforms.net/ http://js.hsforms.net/ https://js.hs-scripts.com/ http://js.hs-scripts.com/ https://twin-iq.kickfire.com/twin.js https://www.rumiview.com/containers/02635780-3014-4177-887d-5e8b28ecd0db.js https://tag.simpli.fi/sifitag/ce1510f0-5196-013b-a8e2-0cc47abd0334; style-src 'self' 'report-sample' 'unsafe-inline' https://assets.adobedtm.com/ https://code.jquery.com/ https://use.fontawesome.com/ https://fonts.googleapis.com/; object-src 'none'; frame-src https://assets.adobedtm.com/ https://northernlight.com/ https://app.hubspot.com/ https://sc.lfeeder.com/ https://forms.hsforms.com/ https://www.youtube.com/ http://northernlight.bamboohr.com/ js.hsforms.net www.google.com https://12340500.fls.doubleclick.net; child-src 'none'; img-src 'self' data: https://assets.adobedtm.com/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://tagassistant.google.com/ https://forms.hubspot.com/ https://www.linkedin.com/ https://p.adsymptotic.com/ https://analytics.google.com https://www.google-analytics.com/ www.google.com px.ads.linkedin.com forms.hsforms.com perf.hsforms.com track.hubspot.com https://px.ads.linkedin.com; font-src 'self' data: https://assets.adobedtm.com/ https://use.fontawesome.com/ https://fonts.gstatic.com/; connect-src https://assets.adobedtm.com/ https://yoast.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://forms.hsforms.com/ www.google-analytics.com api.hubapi.com stats.g.doubleclick.net forms.hubspot.com https://northernlight.com/ http://northernlight.com/; manifest-src https://northernlight.com/ https://cdn.linkedin.com/; base-uri 'self'; form-action https://forms.hsforms.com/ https://northernlight.com/; prefetch-src 'none'; worker-src https://northernlight.com/; 1
default-src 'self'; script-src 'self'; connect-src 'self'; style-src 'self'; object-src 'none'; frame-ancestors 'none'; frame-src 'none'; form-action 'self'; manifest-src 'self'; img-src 'self' blob: data: https://furrycdn.org https://ext.furrycdn.org; media-src 'self' blob: data: https://furrycdn.org https://ext.furrycdn.org 1
default-src 'self' https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval';   frame-src https://www.aparat.com/ 'self';   style-src 'self' 'unsafe-inline';   img-src 'self' https://www.ilireg.ir/logoenamad.png https://trustseal.enamad.ir https://logo.samandehi.ir https://www.google-analytics.com data:;   script-src-elem 'self' https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://pudhari.news;block-all-mixed-content; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' cdn.ndemiccreations.com https://*.google-analytics.com https://*.googleapis.com https://ajax.googleapis.com https://www.google.com/ https://www.gstatic.com/ https://connect.facebook.net/; style-src * 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; font-src https:; frame-src 'self' *.youtube.com youtube.com https://www.google.com/; img-src https: data: http://cdn.ndemiccreations.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri https://www.ndemiccreations.com/csp-report.php 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.se https://www.myheritage.se  'nonce-963123ec101a0a108a53d5e4622c73ea' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.se;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
default-src 'self'; frame-src 'self' *.readspeaker.com/ ; style-src 'self' *.readspeaker.com/ 'unsafe-inline'; style-src-elem 'self' *.readspeaker.com/ ; font-src 'self' data: ; connect-src 'self' data: https://www.piwik.bayern.de/piwik/ https://websuche-regierung-ext.bayern.de/ *.readspeaker.com/ https://www.bycs.de/medien/global/produktion.json https://www.bycs-vp.de/medien/global/vorproduktion.json https://www.bycs-int.de/medien/global/integration.json ; img-src 'self' https://www.piwik.bayern.de/piwik/ https://websuche-regierung-ext.bayern.de/ *.readspeaker.com/; script-src 'self' https://www.piwik.bayern.de/piwik/ https://websuche-regierung-ext.bayern.de/ *.readspeaker.com/ 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com data:;img-src * data: blob:; font-src 'self' fonts.gstatic.com  data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net vk.com api-maps.yandex.ru bitrix.info www.google-analytics.com mc.yandex.ru maps.googleapis.com www.googletagmanager.com yastatic.net; form-action 'self';frame-src 'self';media-src 'self';connect-src 'self' bitrix.info mc.yandex.ru www.google-analytics.com stats.g.doubleclick.net 1
block-all-mixed-content; report-uri https://lodash.report-uri.io/r/default/csp/enforce; default-src 'none'; child-src 'self' data: ms-appx-web: ghbtns.com runkit.com *.runkit-embed.com runkit-embed.com platform.twitter.com; img-src 'self' data: *.2mdn.net *.adsafeprotected.com ad.atdmt.com *.buysellads.com *.buysellads.net *.c3tag.com *.carbonads.net *.convertro.com ad.doubleclick.net www.google-analytics.com www.launchbit.com launchbit.com assets.servedby-buysellads.com *.serving-sys.com; font-src 'self' data: fonts.gstatic.com cdn.jsdelivr.net; frame-src 'self' data: ms-appx-web: ghbtns.com runkit.com *.runkit-embed.com runkit-embed.com platform.twitter.com; manifest-src 'self'; script-src 'self' *.carbonads.com srv.carbonads.net adn.fusionads.net www.google-analytics.com www.googletagmanager.com cdn.jsdelivr.net embed.runkit.com; style-src 'self' cdn.jsdelivr.net; connect-src lodash.report-uri.com lodash.report-uri.io 'self' ms-appx-web: ghbtns.com runkit.com *.runkit-embed.com runkit-embed.com platform.twitter.com *.2mdn.net *.adsafeprotected.com ad.atdmt.com *.buysellads.com *.buysellads.net *.c3tag.com *.carbonads.net *.convertro.com ad.doubleclick.net www.google-analytics.com www.launchbit.com launchbit.com assets.servedby-buysellads.com *.serving-sys.com fonts.gstatic.com cdn.jsdelivr.net *.carbonads.com srv.carbonads.net adn.fusionads.net www.googletagmanager.com embed.runkit.com; 1
frame-ancestors 'self' https://*.rio.cloud/ ; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://baraag.net; img-src 'self' https: data: blob: https://baraag.net; style-src 'self' https://baraag.net 'nonce-spp+l+XAJhKdExse/kghRQ=='; media-src 'self' https: data: https://baraag.net; frame-src 'self' https:; manifest-src 'self' https://baraag.net; form-action 'self'; child-src 'self' blob: https://baraag.net; worker-src 'self' blob: https://baraag.net; connect-src 'self' data: blob: https://baraag.net https://media.baraag.net wss://baraag.net; script-src 'self' https://baraag.net 'wasm-unsafe-eval' 1
base-uri * 'unsafe-inline';child-src * 'unsafe-inline';connect-src * 'unsafe-inline';default-src * 'unsafe-inline';font-src * data: 'unsafe-inline';form-action * 'unsafe-inline';frame-ancestors 'self' http://127.0.0.1;frame-src * 'unsafe-inline';img-src * data: 'unsafe-inline';manifest-src * 'unsafe-inline';media-src * data: 'unsafe-inline';object-src * data: 'unsafe-inline';script-src * data: 'unsafe-inline' 'unsafe-eval' 'nonce-FxKiSfuGQuKIfLs1OVWkOlvtqqEw6TCw';script-src-attr * data: 'unsafe-inline' 'unsafe-eval';script-src-elem * data: 'unsafe-inline' 'unsafe-eval';style-src * data: 'unsafe-inline' 'nonce-FxKiSfuGQuKIfLs1OVWkOlvtqqEw6TCw';style-src-attr * data: 'unsafe-inline';style-src-elem * data: 'unsafe-inline';worker-src * 1
worker-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; 1
default-src 'self' *.picmir.pw; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.picmir.pw *.st02.net *.yandex.com *.yandex.net *.yandex.ru http://*.yandex.ru yastatic.net yandex.ru https://hcaptcha.com https://*.hcaptcha.com www.google.com www.gstatic.com blob:; img-src 'self' data: *.picmir.pw counter.yadro.ru *.st02.net *.yandex.com *.yandex.net *.yandex.ru http://*.yandex.ru yastatic.net yastat.net www.tns-counter.ru; style-src 'self' 'unsafe-inline' yastatic.net https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data:; frame-src 'self' tools.runetki.com *.yandex.com https://hcaptcha.com https://*.hcaptcha.com www.google.com; connect-src 'self' *.picmir.pw *.yandex.com *.yandex.ru http://*.yandex.ru https://hcaptcha.com https://*.hcaptcha.com; object-src 'self'; 1
frame-ancestors 'none'; form-action 'self' https://www.paypal.com https://www.facebook.com https://accounts.google.com; 1
default-src 'self'; img-src 'self' data: https://services.geo.zg.ch/tc/wmts/1.0.0/zg.ortsplan_leicht_plus/default/zg/ https://i.ytimg.com/vi/; script-src 'self' https://matomo.zug.ch/js/ https://player.vimeo.com/api/ https://www.youtube.com/iframe_api/ https://www.youtube.com/s/player/ 'sha256-i55oiL2h7Ksz7g0aFk5Q+LtLTc85GmfXLj7jQnK9Ch4='; connect-src 'self' https://matomo.zug.ch; frame-src 'self' *.zg.ch *.zug.ch zg.ch https://zg.prospective.ch/ scnem.com https://player.vimeo.com/video/ youtube.com www.youtube.com; font-src 'self' https://edge-assets.wirewax.com https://fonts.gstatic.com https://player.vimeo.com data:; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval' ;frame-ancestors 'self' https://manager.agilitycms.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval'  t.contentsquare.net   app.contentsquare.com   t.clicktale.net  contentsquare.com *.contentsquare.net *.googletagmanager.com www.google-analytics.com 8157301.fls.doubleclick.net googleads.g.doubleclick.net cdnssl.clicktale.net dpm.demdex.net cdn.agilitycms.com scotiabankfiles.azureedge.net *.winperu.pe  *.googleapis.com  *.scotiabank.com.pe assets.adobedtm.com dpm.demdex.net www.googleadservices.com www.google.com.pe *.google.com *.adobedtm.com www.facebook.com use.fontawesome.com ing-district.clicktale.net dc.services.visualstudio.com cx.atdmt.com connect.facebook.net c.clicktale.net t.clicktale.net clicktale.net az416426.vo.msecnd.net adservice.google.com 8157301.fls.doubleclick.net www.gstatic.com stats.g.doubleclick.net ogs.google.com *.jquery.com datatrustcatalogobucket.s3.us-east-2.amazonaws.com datatrustperu.com scotiabank.tt.omtrdc.net  *.scotiabank.com  snap.licdn.com  px.ads.linkedin.com  p.adsymptotic.com  52.18.162.157  52.17.161.123  activitymap.adobe.com  www.tiktok.com/es  ads.tiktok.com/i18n/login  displayvideo.google.com  analytics.tiktok.com  bat.bing.com  bing.com www.scotiabank.com.pe;worker-src blob:;img-src 'self' *.clicktale.net  *.agilitycms.com  *.azureedge.net  *.google.com.pe  *.google.ca  *.google.com  *.adobedtm.com  https://www.google-analytics.com   *.facebook.com   *.scotiabank.com   *.winperu.pe   *.googleapis.com   datatrustcatalogobucket.s3.us-east-2.amazonaws.com   datatrustperu.com   snap.licdn.com   px.ads.linkedin.com   p.adsymptotic.com   52.18.162.157   52.17.161.123   activitymap.adobe.com   googleads.g.doubleclick.net   *.contentsquare.net  www.tiktok.com/es  ads.tiktok.com/i18n/login  displayvideo.google.com  analytics.tiktok.com  bat.bing.com  bing.com ;connect-src 'self' https: wss: 'unsafe-inline' 'unsafe-eval' *.clicktale.net contentsquare.com *.contentsquare.net www.googletagmanager.com www.google-analytics.com 8157301.fls.doubleclick.net googleads.g.doubleclick.net cdnssl.clicktale.net dpm.demdex.net cdn.agilitycms.com scotiabankfiles.azureedge.net *.winperu.pe  *.googleapis.com  *.scotiabank.com.pe assets.adobedtm.com dpm.demdex.net www.googleadservices.com www.google.com.pe *.google.com *.adobedtm.com www.facebook.com use.fontawesome.com ing-district.clicktale.net dc.services.visualstudio.com cx.atdmt.com connect.facebook.net c.clicktale.net t.clicktale.net clicktale.net az416426.vo.msecnd.net adservice.google.com 8157301.fls.doubleclick.net www.gstatic.com stats.g.doubleclick.net ogs.google.com scotiabank.tt.omtrdc.net datatrustcatalogobucket.s3.us-east-2.amazonaws.com   datatrustperu.com  *.scotiabank.com snap.licdn.com  px.ads.linkedin.com  p.adsymptotic.com 52.18.162.157  52.17.161.123  activitymap.adobe.com  www.tiktok.com/es  ads.tiktok.com/i18n/login  displayvideo.google.com  analytics.tiktok.com  bat.bing.com  bing.com ; 1
default-src 'self' data: ws: blob: wss: https://*.launchdarkly.com https://*.cloudfront.net https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://bam-cell.nr-data.net/ https://bam.nr-data.net/* https://api-iam.intercom.io/ https://www.edcast.me/ https://d.la2-c1cs-ord.salesforceliveagent.com/ https://*.agora.io https://*.agora.io:*/ https://*.agoraio.cn https://*.edcast.io/ https://*.edcast.com/ http://*.soc.edcast.com/ https://api-europe-edcast.io/ https://cdn.filestackcontent.com/ https://*.guideme.io/ https://*.hotjar.com/ https://*.hotjar.io/ https://*.api.osano.com/ https://*.myguide.org/ https://*.s3.amazonaws.com/ https://s3.amazonaws.com/ https://*.s3.us-east-1.amazonaws.com/ https://*.s3-us-east-1.amazonaws.com/ https://*.filestackapi.com/ https://*.company-target.com/ https://*.6sc.co/ https://*.adnxs.com/ https://www.facebook.com https://*.googleapis.com/ https://www.edcastcloud.com/ https://*.clearbit.com/ https://services.edcast.ai/ https://hlg.tokbox.com/ https://*.opentok.com/ https://api.go1.co/ https://api.unsplash.com/ https://cdn.linkedin.oribi.io/partner/ https://api2.amplitude.com/2/ https://*.csod.com/ https://*.oracle.com/;script-src 'self' blob: data: ws: wss: 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com/ https://bam-cell.nr-data.net/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://snap.licdn.com/li.lms-analytics/ https://editor.unlayer.com/ https://widget.intercom.io/ https://js.intercomcdn.com https://*.guideme.io/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/ https://d2r1yp2w7bby2u.cloudfront.net/js/ https://d1iwkfmdo6oqxx.cloudfront.net/organizations/ https://wzrkt.com/ https://*.salesforceliveagent.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://*.clearbitjs.com/ https://*.clearbit.com/ https://*.company-target.com/ https://tag.demandbase.com/ https://*.6sc.co https://*.google.com/ https://cdn.jsdelivr.net/ https://*.my.salesforce.com/ https://embedding.workato.com/r/ https://*.filestackapi.com/ https://*.osano.com/ https://*.hotjar.com/ https://www.youtube.com/ https://*.googleapis.com/ https://christus.okta.com/ https://tag.clearbitscripts.com/ https://cdn.walkme.com/ https://gateway.zscalerthree.net http://*.edcast.com/ https://*.edcast.com/ https://els-jbs-prod-cdn.jbs.elsevierhealth.com/ https://www.pagespeed-mod.com/ https://*.ckeditor.com/ https://ckeditor.iframe.ly/ https://bam.nr-data.net/ https://*.oracle.com/ https://*.clevertap-prod.com;style-src 'self' blob: data: ws: wss: 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com/ https://*.guideme.io/ https://*.my.salesforce.com/ https://service.force.com/ https://static.filestackapi.com/ https://*.ckeditor.com/ https://www.googletagmanager.com/ https://*.bootstrapcdn.com/ https://*.edcast.com/ https://lm.facebook.com/ https://*.oracle.com/;font-src 'self' blob: data: ws: wss: https://fonts.gstatic.com/s/ https://*.s3.amazonaws.com/fonts/ https://static3.avast.com/ https://*.guideme.io/ https://use.typekit.net/ https://*.edcast.com/ https://*.oracle.com/;img-src 'self' data: blob: https: http: about: android-webview-video-poster:;media-src blob: https: http:;frame-src 'self' atlassian-companion: data: blob: https:;report-uri /api/v2/csp_reports 1
default-src 'self' 'unsafe-eval' http: https: data: blob: 'unsafe-inline'; connect-src 'self' ws: wss: http: https: data: 1
script-src 'self' racing.hkjc.com ssl.p.jwpcdn.com blob: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; object-src 'none' 1
default-src 'none'; frame-ancestors 'none'; script-src 'self' https://*.appcues.com https://*.appcues.net cdn.segment.com; worker-src 'self' https://*.appcues.com https://*.appcues.net cdn.segment.com blob:; connect-src 'self' api.segment.io cdn.segment.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com editor.ne16.com data: blob:; frame-src 'self' https://*.appcues.com; style-src 'self' https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com 'unsafe-inline'; img-src 'self' https://*.appcues.com https://*.appcues.net res.cloudinary.com cdn.jsdelivr.net blob: data: *; font-src 'self' fonts.gstatic.com data:; report-uri /Analytics/api/Error/Csp; 1
default-src 'none'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' blob: data: *.nol-is.de; connect-src 'self' *.nol-is.de 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; manifest-src 'self'; child-src 'self' blob:; worker-src 'self' blob:; report-uri https://report.nol-is.de; report-to default 1
frame-ancestors https://omgshop.gl https://omgomg.cat https://omgomg.click 1
frame-ancestors https://app.reskyt.com https://app.deporvillage.pt 1
frame-ancestors https://*.valueline.com 1
frame-ancestors d.pr 1
frame-ancestors 'self' http://www.1001giochi.it 1
frame-ancestors 'self' http://www.isladejuegos.com 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; block-all-mixed-content; connect-src 'self' *.mokivezi.lt *.soundestlink.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.google.lt *.google.com *.cookiebot.com *.g.doubleclick.net *.googletagmanager.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.googlesyndication.com *.criteo.com *.tawk.to wss://*.tawk.to klix.blob.core.windows.net *.klix.app; font-src 'self' *.googleapis.com *.soundestlink.com *.gstatic.com *.hotjar.com *.tawk.to; frame-src 'self' *.mokivezi.lt *.sblizingas.lt *.google.com *.facebook.com *.twitter.com *.publitas.com *.hotjar.com placehold.jp omniform1.com *.cookiebot.com *.criteo.com *.youtube.com; img-src 'self' *.mokivezi.lt data: *.google-analytics.com *.analytics.google.com *.google.lt *.google.com *.google.de *.google.pl *.adform.net *.criteo.com *.criteo.net *.cookiebot.com *.hotjar.com *.g.doubleclick.net *.facebook.com *.googletagmanager.com *.soundestlink.com *.pinterest.com placehold.jp tinypic.host omnisnippet1.com *.ytimg.com tawk.link *.tawk.to *.jsdelivr.net blob: klix.blob.core.windows.net; script-src 'self' *.mokivezi.lt 'unsafe-hashes' 'strict-dynamic' 'sha256-8lDeP0UDwCO6/RhblgeH/ctdBzjVpJxrXizsnIk3cEQ=' *.google.com *.facebook.net *.twitter.com *.pinterest.com *.googleapis.com *.soundestlink.com *.adform.net *.criteo.net omnisrc.com omnisnippet1.com *.publitas.com *.googletagmanager.com *.hotjar.com *.omnisend.com *.tawk.to 'nonce-YShNxC9P15p+ZO1AYE9rYA=='; style-src 'self' 'unsafe-inline' *.soundestlink.com *.googleapis.com *.cloudflare.com *.hotjar.com *.tawk.to; upgrade-insecure-requests 1
img-src 'self' data: https://www.facebook.com https://analytics.twitter.com https://*.linkedin.com https://*.google.com/ https://*.cleartax-cdn.com https://img.youtube.com https://cleartax-media.s3.amazonaws.com https://www.google.co.in https://assets.clear.in https://www.googletagmanager.com https://sumome.com https://*.website-files.com https://*.cloudfront.net https://*.jquery.com https://*.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.redditstatic.com https://sc-static.net https://static.ads-twitter.com https://connect.facebook.net https://cdnjs.cloudflare.com https://js.hs-banner.com https://js.hsadspixel.net https://js.usemessages.com https://www.google-analytics.com https://www.googletagmanager.com https://doubleclick.net https://*.doubleclick.net https://snap.licdn.com https://www.youtube-nocookie.com https://sumo.com https://*.sumo.com https://*.livechatinc.com https://*.hs-scripts.com https://*.hs-analytics.net https://go.pardot.com https://*.cleartax-cdn.com https://*.clarity.ms https://*.google.com https://*.gstatic.com https://*.sumome.com https://code.jquery.com https://*.cloudfront.net https://*.googleapis.com https://www.googleadservices.com https://*.website-files.com https://*.webflow.io https://cleartax.mynexthire.com; style-src 'self' 'unsafe-inline' https://*.google.com https://*.cleartax-cdn.com https://*.googleapis.com https://*.clarity.ms https://*.gstatic.com https://*.website-files.com https://*.jquery.com; default-src 'self' 'unsafe-inline' https://*.google.com/ https://www.incometax.gov.in https://go.arena.im https://assets1.cleartax-cdn.com https://www.googletagmanager.com https://www.redditmedia.com https://assets.cleartax-cdn.com https://*.gstatic.com https://www.google-analytics.com https://js-agent.newrelic.com https://api.portal.peppercontent.in https://cleartax.in https://*.cleartax.in https://vc.hotjar.io https://*.cleartax.co https://*.cleartax.com https://cleartax.com https://www.youtube.com https://i.tryinteract.com https://cleartax-media.s3.amazonaws.com https://*.cloudfront.net https://web.archive.org https://img.youtube.com https://*.googleusercontent.com https://v.24liveblog.com https://sentry.io https://px.ads.linkedin.com https://doubleclick.net https://*.doubleclick.net https://platform.twitter.com https://cdn.jsdelivr.net https://browser.sentry-cdn.com/ https://i.ytimg.com https://code.jquery.com https://*.googleapis.com https://www.google.co.in https://*.clarity.ms https://sumome.com https://*.sumome.com https://clear.in https://*.clear.in https://www.w3schools.com https://cdnjs.cloudflare.com http://localhost:80 https://*.website-files.com https://cleartax.mynexthire.com https://sumo.com https://*.sumo.com https://*.livechatinc.com https://*.hs-scripts.com https://www.youtube-nocookie.com https://*.hubapi.com https://*.hubspot.com https://*.webflow.io; font-src 'self' data: https://*.cleartax-cdn.com https://*.gstatic.com https://*.website-files.com https://*.webflow.com 1
frame-ancestors 'self' https://yobingo-statices.casinomodule.com/ https://www.yobingo.es/ https://www.yocasino.es/ https://www.enracha.es/ https://gateway.mobbeel.com/ https://mobbeel.com https://*.mobbeel.com 1
frame-ancestors indigitall.com api.indigitall.com eu2.device-api.indigitall.com inapp-api.indigitall.com inbox-api.indigitall.com device-api.indigitall.com actualizar.movistar.com.sv activar.movistar.com.sv bitcoin.movistar.com.sv contenido.movistar.com.sv dashdboard.movistar.com.sv emojisivar.movistar.com.sv esim.movistar.com.sv kb.movistar.com.sv lte.movistar.com.sv moviclub.movistar.com.sv sinsaldo.movistar.com.sv movistar.com.sv roaming.movistar.com.sv tienda.movistar.com.sv blog.movistar.com.sv intranet.tafs-corp.com wordpress.com jetpack.com jetpack.wordpress.com; 1
frame-ancestors 'self' https://reviewtrackers.app.workramp.com https://inmoment.app.workramp.com https://academy.reviewtrackers.net 1
frame-ancestors 'self' https://marchedufilm.online 1
report-to endpoint-csp; default-src 'self' report-sample; script-src 'self' https://secureform.luxsci.com https://www.snapengage.com https://storage.googleapis.com https://spellcheck.luxsci.com https://www.gstatic.com https://www.googleadservices.com https://*.getbee.io https://*.googletagmanager.com https://d3nojzhs96djbd.cloudfront.net/static/js/ink_signatures_v3.js 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' data: blob:; object-src 'none'; base-uri 'self'; connect-src 'self' https://spellcheck.luxsci.com https://apikeys.civiccomputing.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://clapi.civiccomputing.com https://www.snapengage.com; font-src * data:; frame-src 'self' https://*.getbee.io https://*.duosecurity.com https://player.vimeo.com; img-src data: *; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
frame-ancestors 'self' https://*.time4learning.com 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; child-src *  data: blob: 'unsafe-inline' ; frame-ancestors : *  data: blob: ; worker-src: * 1
frame-ancestors 'self' https://bsf-autoservicio-videocall-prod.web.app/ 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' base-uri multimaxstore.com www.multimaxstore.com; 1
frame-ancestors 'self'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; form-action www.epay.bg/ secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-src ams.creativecdn.com/ td.doubleclick.net/ fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com/ *.weltpixel.com 'self' 'unsafe-inline'; connect-src www.google-analytics.com stats.g.doubleclick.net/j/ ping.contactpigeon.com/bi/ ams.creativecdn.com/ googleads.g.doubleclick.net/ q.clarity.ms/ region1.analytics.google.com/ region1.google-analytics.com/ p.clarity.ms/ www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.apptrian.com www.facebook.com *.ingest.sentry.io dpm.demdex.net www.google.com www.gstatic.com get.geojs.io https://maps.googleapis.com/ https://a.clarity.ms/ amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com facebook.com connect.facebook.net graph.facebook.com https://*.ingest.sentry.io http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com releva.ai localhost https://www.google-analytics.com 'self' 'unsafe-inline'; script-src connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com ping.contactpigeon.com/bi/js/ ajax.cloudflare.com/cdn-cgi/scripts/ tags.creativecdn.com/ static.cloudflareinsights.com/ bat.bing.com/ www.clarity.ms assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com www.facebook.com graph.facebook.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.alothemes.com *.magepow.com *.google.com/ releva.ai https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: www.google.bg/pagead/ www.google.com/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.bg/ads/ga-audiences www.google.com/ads/ga-audiences ping.contactpigeon.com/bi/ bat.bing.com f.creativecdn.com/ googleads.g.doubleclick.net/ storage.googleapis.com/releva-assets-prod/ assets.unlayer.com/ sync.1rx.io/usersync/ ce.lijit.com/ https://storage.googleapis.com/releva-assets-prod/ https://pixel.rubiconproject.com/ https://sync.teads.tv/ https://dsum-sec.casalemedia.com/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com *.alothemes.com *.magepow.com *.gstatic.com data: 'self' 'unsafe-inline'; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; style-src maxcdn.bootstrapcdn.com fonts.googleapis.com ping.contactpigeon.com/bi/ *.adobe.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com *.alothemes.com *.magepow.com releva.ai tagmanager.google.com 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amnetgroup.com.tw cdn.jsdelivr.net *.doubleclick.net *.treasuredata.com *.babylonjs.com *.johnniewalker.com *.diageohorizon.com *.diageoapi.com *.diageoagegate.com *.diageopersonalisationstudio.com *.diageoplatform.com *.diageo.com *.gstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.tagmanager.google.com *.googleapis.com *.youtube.com *.doubleclick.net *.google.com *.bing.com *.googleadservices.com *.facebook.net *.facebook.com *.navdmp.com *.ytimg.com *.cloudflare.com *.shortlyst.com *.mapbox.com *.evbuc.com *.gravatar.com *.amazonaws.com *.bootstrapcdn.com *.demdex.net *.pinimg.com *.vimeo.com *.umbraco.org *.amnetgroup.com.tw *.yimg.com *.yahoo.com *.adsrvr.org *.onetrust.com *.ads-twitter.com *.clarity.ms *.twitter.com *.vtinfo.com *.universe.com *.google.co.uk *.queue-it.net *.myshopify.com *.shopify.com *.twitter.com t.co *.cloudfunctions.net *.eum-appdynamics.com *.appdynamics.com *.twimg.com *.anyguide.com *.anyroad.com where-to-buy.co *.liveres.co.uk app.yellowmessenger.com cdn.yellowmessenger.com cloud.yellow.ai bookings-stg02 *.secure.johnniewalker.com cdn.segment.com cdn.evgnet.com cdn.evergage.com diageogb.germany-2.evergage.com *.quantummetric.com data: blob:;font-src 'self' data: *.yellowmessenger.com fonts.gstatic.com *.bootstrapcdn.com cdnjs.cloudflare.com 1
default-src blob: 'self' 'unsafe-eval' 'unsafe-inline' coinpaprika.com *.coinpaprika.com static.coinpaprika.com *.static.coinpaprika.com clevernt.com *.clevernt.com disqus.com *.disqus.com reddit.com *.reddit.com google.com *.google.com google.pl *.google.pl google.nl *.google.nl googleadservices.com *.googleadservices.com highcharts.com *.highcharts.com sentry.io *.sentry.io firebase.com *.firebase.com googleapis.com *.googleapis.com s0.2mdn.net *.s0.2mdn.net cloudflareinsights.com *.cloudflareinsights.com commerce.coinbase.com *.commerce.coinbase.com firebaseio.com *.firebaseio.com www.googletagmanager.com www.google-analytics.com www.gstatic.com *.doubleclick.net widget.aricdn.com *.disquscdn.com *.youtube.com *.twitter.com clickoutnetwork.care *.redditmedia.com *.redditstatic.com player.vimeo.com files.sonnyt.com *.twimg.com *.facebook.net *.facebook.com *.hotjar.com *.hotjar.io coinzillatag.com request-global.czilladx.com cdn.jsdelivr.net unpkg.com cdnjs.cloudflare.com highcharts.github.io api.getresponse.com vk.com ssl.gstatic.com *.ibb.co *.storyblok.com ibb.co one.devpaprika.com instant.page *.googlesyndication.com *.googletagservices.com *.twitter.com *.czilladx.com s.surveyplanet.com *.intotheblock.com buy.moonpay.io sell.moonpay.io api.moonpay.io *.media.net s.mnet-ad.net api.changelly.com restcountries.eu api.ramp.network app.ramp.network cdn.coinzilla.io bw-coinpaprika.aricdn.com *.cointraffic.io jscloud.net ajax.cloudflare.com reddit.com billing.devpaprika billing.coinpaprika api.coinpaprika *.tile.openstreetmap.org nominatim.openstreetmap.org platform.twitter.com corsproxy.io *.vuukle.com get.geojs.io s.flocdn.com *.clarity.ms *.cleverwebserver.com letsexchange.io *.adx.ws csi.gstatic.com data: portfolio.coinpaprika.com wss://stream-frontend.coinpaprika.com/ticks wss://realtime-frontend.coinpaprika.com/ws https://realtime-frontend.coinpaprika.com/ws wss://s-usc1a-nss-2027.firebaseio.com;object-src 'none';font-src 'self' static.coinpaprika.com fonts.gstatic.com fonts.googleapis.com data:;frame-src *; 1
child-src 'none'; 1
base-uri 'none'; object-src 'none'; script-src 'nonce-tJhxzBQ5jlTKOqEOdLHm6Qv-EoNPJgMgXj6BJbxt5ka3gXAEbhQMGJsgIP-Ye1gu' 'strict-dynamic' https: 'unsafe-inline' 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: blob: *.ostrovok.ru ostrovok.ru *.worldota.net *.zenhotels.com zenhotels.com *.paypal.com *.braintree-api.com  *.googlesyndication.com pay.google.com *.amplitude.com *.privetmir.ru adservice.google.co.uk *.hotjar.com *.clicktripz.com *.intercom.io *.intercomcdn.com ads.adfox.ru ad.mail.ru inv-nets.admixer.net yastatic.net *.yandex.ru yandex.ru *.adfox.yandex.ru api-cis.exponea.com ps.eyeota.net *.pixfuture.com pixfuture.com api.payota.net weborama.fr tns-counter.ru static.ads-twitter.com analytics.twitter.com tags.bkrtx.com t.skyscnr.com *.adtech.advertising.com *.casalemedia.com *.openx.net openx.net adriver.ru *.adriver.ru *.contextweb.com contextweb.com *.betweendigital.com betweendigital.com *.ssp.otm-r.com *.otm-r.com otm-r.com vc.hotjar.io secde.trivago.com unpkg.com *.smartadserver.com smartadserver.com *.rubiconproject.com rubiconproject.com www.adservice.google.pl www.googletraveladservices.com www.tripadvisor.com cdnjs.cloudflare.com www.kayak.com www.clicktripz.com www.youtube.com s3-eu-west-1.amazonaws.com travel.mediaalpha.com grkigi.com notify.bugsnag.com 3kxrt0l29e.execute-api.us-east-1.amazonaws.com fonts.gstatic.com adhigh.net *.adhigh.net *.doubleclick.net doubleclick.net *.adlooxtracking.com *.adnxs.com adnxs.com 2mdn.net *.2mdn.net doubleverify.com *.doubleverify.com *.pubmatic.com pubmatic.com ostrovokru003.webim.ru  ostrovokru006.webim.ru ostrovokru007.webim.ru *.webim.ru tagmanager.google.com www.tamgrt.com cdn.branch.io app.link api.branch.io api2.branch.io www.googleadservices.com www.adservice.google.pl sslwidget.criteo.com static.criteo.net vk.com connect.facebook.net www.facebook.com top-fwz1.mail.ru www.hometogo.com secure.wego.com static.tacdn.com static.clicktripz.com pixel.sojern.com ads.travelaudience.com stags.bluekai.com accounts.google.com tms-st.cdn.ngenix.net hit.acstat.com c.riskified.com beacon.riskified.com cdn.siftscience.com d3c3cq33003psk.cloudfront.net enc1wnyb87.execute-api.us-east-1.amazonaws.com www.awin.com *.google-analytics.com *.analytics.google.com analytics.google.com www.googletagmanager.com mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz tag.yieldoptimizer.com st.dynamicyield.com static.dynamicyield.com *.criteo.com *.intentmedia.net px.dynamicyield.com opentag-stats.qubit.com 6ytvy2ekla.execute-api.us-east-1.amazonaws.com fonts.googleapis.com maps.googleapis.com www.google.com www.googletagservices.com adservice.google.com www.adservice.google.pl  c.triptech.ai s.clickiocdn.com *.googlesyndication.com cdn.ampproject.org clickiocdn.com adservice.google.ru csi.gstatic.com *.braintreegateway.com tag.crsspxl.com aa.agkn.com blip.bizrate.com c1.adform.net ce.lijit.com cms.analytics.yahoo.com d.turn.com dmp.truoptik.com dpm.demdex.net e.dlx.addthis.com ib.adnxs.com idsync.rlcdn.com io.narrative.io match.adsrvr.org partner.mediawallahscript.com pm.w55c.net pxl.connexity.net sync.crwdcntrl.net sync.mathtag.com tags.bluekai.com js.adara.com sdk.adara.com jsres.adara.com  pay.yandex.ru thrtle.com js.stripe.com api.stripe.com ux-etg.surveysparrow.com assets.surveysparrow.com widget.surveysparrow.com bat.bing.com www.clarity.ms p.clarity.ms onelinksmartscript.appsflyer.com mfa.self-veri.com mfa-widget-app.riskified.com; frame-src 'self' https://centinelapistag.cardinalcommerce.com *.ostrovok.ru *.privetmir.ru privetmir.ru yastatic.net mc.yandex.ru mc.yandex.com *.worldota.net *.zenhotels.com www.youtube.com googleads.g.doubleclick.net *.googlesyndication.com tracking.bonusway.com checkout.paypal.com *.paypal.com pay.google.com static.criteo.net pay.yandex.ru gum.criteo.com dis.eu.criteo.com *.openx.net openx.net *.contextweb.com contextweb.com *.adnxs.com adnxs.com *.pubmatic.com pubmatic.com adhigh.net doubleclick.net www.google.com www.adservice.google.pl *.intentmedia.net d1jaw4ep1lbbt9.cloudfront.net www.tamgrt.com *.ssp.otm-r.com *.otm-r.com otm-r.com vc.hotjar.io clickioadvd.com *.pixfuture.com pixfuture.com www.googletagservices.com www.facebook.com web.facebook.com tpc.googlesyndication.com vars.hotjar.com *.betweendigital.com vk.com staticxx.facebook.com bid.g.doubleclick.net tag.crsspxl.com accounts.google.com  *.bluekai.com *.mail.ru ru.surveymonkey.com www.surveymonkey.com js.stripe.com *.doubleclick.net ux-etg.surveysparrow.com widget.surveysparrow.com *.questionpro.com; frame-ancestors 'self' metrika.yandex.ru metrica.yandex.com  *.webvisor.com webvisor.com awards.ratingruneta.ru; img-src * data:; report-uri /hc/csp 1
frame-ancestors https://*.gupshup.io/ https://*.superlemon.xyz 1
upgrade-insecure-requests; script-src 'self' https://code.jquery.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.youtube.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://intercept.inmoment.com.au https://intercept-client.inmoment.com.au https://csc.inmoment.com https://challenges.cloudflare.com https://ap9.salesforce.com https://*.lightning.force.com https://*.secure.force.com https://*.salesforceliveagent.com https://*.google.com https://*.cybersource.com https://*.mapbox.com https://*.tiles.mapbox.com https://cdn.loop11.com https://*.readspeaker.com https://www.bugherd.com https://*.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.nr-data.net https://*.segment.com https://d2iiunr5ws5ch1.cloudfront.net https://h.online-metrix.net https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net/ https://optimize.google.com https://service.force.com https://probe-t4v.my.salesforce-sites.com; child-src blob: https://*.vic.gov.au https://*.cybersource.com https://*.readspeaker.com https://*.youtube.com https://youtube.com https://h.online-metrix.net https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net ; img-src 'self' * data: blob: https://*.cybersource.com https://*.google-analytics.com https://optimize.google.com ; style-src 'self' 'unsafe-inline' https://probe-t4v.my.salesforce-sites.com https://*.secure.force.com https://service.force.com https://optimize.google.com https://fonts.googleapis.com *.readspeaker.com https://d6tizftlrpuof.cloudfront.net; font-src 'self' data: https://fonts.gstatic.com https://d6tizftlrpuof.cloudfront.net; frame-src feedback.inmoment.com.au https://challenges.cloudflare.com https://ap9.salesforce.com https://service.force.com https://app.powerbi.com 'self' https://optimize.google.com https://h.online-metrix.net https://*.cybersource.com *.readspeaker.com https://*.youtube.com https://youtube.com https://d6tizftlrpuof.cloudfront.net; 1
frame-src https://portal.exoscale.com/ https://push.getbeamer.com/ https://app.getbeamer.com/ https://changelog.exoscale.com/ 1
default-src 'self' 'unsafe-eval' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self' https://www.4dpredict.org https://www.4dpredict.com https://www.4dresult.me; 1
default-src 'self'; img-src 'self' data: * public.surveyplanet.com *.cloudinary.com; script-src 'self' 'unsafe-inline' public.surveyplanet.com www.googletagmanager.com www.google-analytics.com; style-src 'self' 'unsafe-inline' public.surveyplanet.com fonts.googleapis.com; font-src 'self' public.surveyplanet.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.surveyplanet.com *.sentry.io *.googletagmanager.com *.google-analytics.com *.doubleclick.net; child-src 'self' *.surveyplanet.com *.spstage.us; manifest-src public.surveyplanet.com; object-src 'none'; 1
frame-ancestors https://bccondos.net https://www.gradschoolmatch.com/; 1
default-src 'none';      connect-src https://plausible.io/api/event https://cdn.prod.website-files.com/5efbe6918a9cfd65bb1608f9/ ;   font-src data: https://assets.website-files.com/5efbe6918a9cfd65bb1608f9/ ;      img-src data: https://cdn.prod.website-files.com/5efbe6918a9cfd65bb1608f9/ ;    script-src https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js https://d3e54v103j8qbb.cloudfront.net/js/ https://cdn.prod.website-files.com/5efbe6918a9cfd65bb1608f9/js/ https://plausible.io/js/script.js ;     style-src https://cdn.prod.website-files.com/5efbe6918a9cfd65bb1608f9/css/ https://assets.upguard.com 1
base-uri 'self'; script-src 'nonce-/m2RC9uO23xkuoOaf48yt/bI78Q=' 'unsafe-eval' 'strict-dynamic'; object-src 'none'; 1
style-src 'self' fonts.googleapis.com 'unsafe-inline'; connect-src *.google-analytics.com 'self'; img-src 'self' cdn.redoc.ly data:; script-src 'self' www.google.com www.googletagmanager.com www.gstatic.com cdn.redoc.ly 'unsafe-inline'; worker-src 'self' blob:; frame-src 'self' www.google.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com; default-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: filesystem: https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com 1
default-src 'self';style-src 'self' 'unsafe-eval' 'unsafe-inline' *.usercentrics.eu www.dachser.com translate.googleapis.com;object-src 'self';base-uri 'self';font-src 'self' data: fonts.gstatic.com github.com player.podigee-cdn.net pouch-global-font-assets.s3.eu-central-1.amazonaws.com static3.avast.com;frame-src 'self' dachser-warehouse.atrivio.net app.usercentrics.eu veronline.me players.brightcove.net player.podigee-cdn.net players.brightcove.net dachser-warehousekapazitaeten.atrivio.net;img-src 'self' data: *.usercentrics.eu *.dachser.ch cf-images.eu-west-1.prod.boltdns.net metrics.brightcove.com app.usercentrics.eu www.dachser.com www.gstatic.com translate.google.com www.etracker.de images.podigee-cdn.net www.dachser.com.tr www.etracker.de www.facebook.com;manifest-src 'self';media-src blob: 'self';worker-src blob: ;connect-src mailto: 'self' www.dachser.com maps.googleapis.com bcboltbde696aa-a.akamaihd.net manifest.prod.boltdns.net edge.api.brightcove.com *.usercentrics.eu www.etracker.de dachser-locations.atrivio.net www.google-analytics.com www.googletagmanager.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' code.etracker.com app.usercentrics.eu edge.api.brightcove.com vjs.zencdn.net api.signalize.com players.brightcove.net maps.googleapis.com www.dachser.com 3001.scriptcdn.net s3-us-west-2.amazonaws.com s3.amazonaws.com www.google-analytics.com www.googletagmanager.com www.pagespeed-mod.com 2508t.dsp7c.com connect.facebook.net maps.googleapis.com www.dachser.com www.etracker.de https://code.etracker.com/t.js https://dmr-notification.atrivio.net/js/main.js https://maps.googleapis.com/maps/api/js https://static.etracker.com/code/e.js https://www.etracker.de/cntcc;script-src-attr 'self' 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com edge.api.brightcove.com vjs.zencdn.net api.signalize.com players.brightcove.net app.usercentrics.eu cdn.podigee.com player.podigee-cdn.net maps.googleapis.com najiwu.xeyutezepo.com www.dachser.com dmr-notification.atrivio.net static.etracker.com www.etracker.de data1.pamurt.com bopati.xuyobidexe-vipopucec.com code.etracker.com data1.scopich.com images.podigee-cdn.net www.dachser.com.tr www.etracker.de www.facebook.com www.gstatic.com;style-src-attr 'self' 'unsafe-inline';style-src-elem 'self' 'unsafe-inline' player.podigee-cdn.net www.dachser.com cdn.podigee.com; report-uri https://atrivio.report-uri.com/r/d/csp/reportOnly https://atrivio.report-uri.com/r/d/csp/wizard; 1
frame-ancestors 'self' *.kinobox.cz 1
base-uri 'self'; child-src 'self' https: http: data: blob:; connect-src 'self' https: http://localhost:* wss: data: blob:; default-src 'none'; font-src 'self' https: http://localhost:* http://themes.googleusercontent.com data:; form-action 'self'; frame-ancestors 'self' https://app.eu.pendo.io; frame-src 'self' https: http: data: blob:; img-src 'self' https: http: data: blob:; media-src 'self' https: data:; script-src 'self' https: http://localhost:* blob: 'unsafe-inline' 'unsafe-eval' 'report-sample'; style-src 'self' https: http: data: 'unsafe-inline' 'report-sample'; worker-src 'self' blob:; report-uri https://linnworks17.report-uri.com/r/d/csp/enforce 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src https://* data:; connect-src *; media-src * blob:; worker-src * blob:; frame-ancestors www.artsonia.com admin.artsonia.com www.artsonialite.com 1
default-src 'self'; 	img-src data: blob: android-webview-video-poster: *; 	style-src 'unsafe-inline' *; 	font-src data: chrome-extension: moz-extension: safari-extension: 'self' fonts.gstatic.com cdnjs.cloudflare.com use.fontawesome.com; 	child-src 'self' www.googletagmanager.com www.youtube.com; 	connect-src wss: 'self' *.liveact.cri-mw.jp stats.g.doubleclick.net *.google-analytics.com analytics.google.com www.google.co.jp www.googletagmanager.com; 	script-src 'unsafe-inline' 'unsafe-eval' 'self' *.liveact.cri-mw.jp *.google-analytics.com www.googletagmanager.com jaysalvat.github.io code.jquery.com cdn.jsdelivr.net; 	report-uri https://e-cgift.net/reporturi.php 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.addtoany.com/ http://clients1.google.com/complete/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://www.google.com  https://*.fontawesome.com https://*.customsearch.ai https://*.googletagmanager.com https://tagmanager.google.com https://*.uxtweak.com https://www.clarity.ms/tag/9u8kzuuuo8 https://*.teams.cdn.office.net https://*.botframework.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.addtoany.com/ https://*.windows.net https://tagmanager.google.com https://*.hotjar.com; img-src 'self' blob: https://www.google-analytics.com data: https://www.google.com/recaptcha/ http://www.ecb.int/ http://www.ecb.europa.eu/ https://*.windows.net https://*.gstatic.com https://stats.g.doubleclick.net https://*.hotjar.com; frame-src 'self' https://www.google.com/recaptcha/ https://static.addtoany.com/ https://www.youtube-nocookie.com/ https://maps.google.be/maps/ https://www.google.com/maps/ https://mapsengine.google.com/ https://ui.customsearch.ai/ https://sdk.companywebcast.com/ https://portal.dataviz.ecb.europa.eu/ https://*.uxtweak.com https://www.slideshare.net https://*.microsoft.com/ https://player.cnbc.com; font-src 'self' https://fonts.gstatic.com https://*.hotjar.com; connect-src 'self' ws: https://*.customsearch.ai https://*.google-analytics.com https://*.uxtweak.com https://*.api.powerplatform.com *.botframework.com https://*.hotjar.io wss://*.hotjar.com; report-uri /en/admin/config/system/seckit/csp-report 1
object-src 'none'; default-src * 'unsafe-inline' blob: data:; img-src * 'self' data: https:; media-src * 'unsafe-inline' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; font-src * data: 1
upgrade-insecure-requests; base-uri 'self'; font-src tlweblibs.translink.ca; form-action 'self' *.translink.ca; frame-ancestors *.translink.ca *.compasscard.ca; manifest-src 'self'; media-src 'none'; object-src 'none'; worker-src 'self' tlweblibs.translink.ca; 1
upgrade-insecure-requests; block-all-mixed-content; default-src 'self' https://*.valiant.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.valiant.ch https://valiant.reader.epaper.guru https://io.fusedeck.net https://connect.facebook.net https://snap.licdn.com https://www.youtube.com https://*.googletagmanager.com https://www.google.com https://www.google.ch https://www.google.fr https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googleanalytics.com https://www.googleadservices.com https://tagmanager.google.com https://maps.googleapis.com https://www.googleoptimize.com https://optimize.google.com https://www.gstatic.com https://*.teads.tv https://*.teads.com; style-src 'self' 'unsafe-inline' https://wwwsec.valiant.ch https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com; font-src 'self' data: https://wwwsec.valiant.ch https://fonts.gstatic.com; img-src 'self' data: blob: https://wwwsec.valiant.ch https://io.fusedeck.net https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com https://nrcm.s3.amazonaws.com https://*.googletagmanager.com https://*.google-analytics.com https://www.google.ch https://www.google.fr https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://maps.gstatic.com https://5472548.fls.doubleclick.net https://10785982.fls.doubleclick.net https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://maps.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://analytics.google.com https://www.googletagmanager.com https://optimize.google.com https://*.teads.tv https://*.teads.com; frame-ancestors 'self' https://*.valiant.ch; frame-src 'self' https://*.valiant.ch https://valiant.mxm.ch https://valiant.reader.epaper.guru https://evoja-etools.sinso.ch https://app.newsroom.co https://www.kununu.com https://www.agentselly.ch https://www.facebook.com https://www.youtube.com https://bid.g.doubleclick.net https://5472548.fls.doubleclick.net https://10785982.fls.doubleclick.net https://optimize.google.com https://www.google.com/recaptcha/ https://live.brame-gamification.com; connect-src 'self' https://*.valiant.ch wss://io.fusedeck.net https://webservice.cybwell.ch https://www.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com https://maps.google.com https://maps.googleapis.com https://cdn.linkedin.oribi.io https://*.teads.tv https://*.teads.com; base-uri 'self'; object-src 'self'; media-src 'self' data:; child-src 'none'; worker-src 'self'; manifest-src 'self'; prefetch-src 'self'; form-action 'self' https://www.facebook.com/tr/; navigate-to 'self'; 1
default-src 'self' https://stats.antarctica.gov.au https://cdn.plyr.io; object-src 'none'; script-src 'self' https://stats.antarctica.gov.au 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://*.typekit.net; font-src 'self' https://*.typekit.net; img-src 'self' https://*.antarctica.gov.au https://*.aad.gov.au data: blob:; media-src 'self' https://*.antarctica.gov.au https://*.aad.gov.au; frame-ancestors 'self'; report-uri https://images.antarctica.gov.au/csp.php 1
frame-ancestors 'self' https://*.ableteams.com https://*.mypeoplenet.com https://*.bullhornstaffing.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.me.com.br *.pusher.com static.userguiding.com static.olark.com fast.conpass.io ajax.aspnetcdn.com static.hotjar.com script.hotjar.com cdn.jsdelivr.net cdn.polyfill.io *.zdassets.com ekr.zendesk.com *.zopim.com zendesk-eu.my.sentry.io unpkg.com unpkg.com/intro.js/intro.js cdnjs.cloudflare.com ssl.google-analytics.com www.google-analytics.com www.recaptcha.net/recaptcha/ www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ *.googleapis.com www.googletagmanager.com knrpc.olark.com js.stripe.com api.smooch.io; upgrade-insecure-requests; always; 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://token.paygent.co.jp https://use.typekit.net https://www.googletagmanager.com https://*.sentry.io https://player.live-video.net https://app.unleash-hosted.com http://*.mieru-ca.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://fonts.googleapis.com; img-src * data:; media-src 'self' blob: https://*.live-video.net https://pococha-livestreaming.cdn-dena.com https://*.live-streaming.tech https://pococha-livestreaming-for-ivs-rts-production.s3.us-west-2.amazonaws.com https://pococha.cdn-dena.com https://use.typekit.net; font-src 'self' data: https://use.typekit.net https://fonts.gstatic.com; child-src blob: https://www.youtube.com; connect-src 'self' blob: https://api.pococha.com/ https://*.live-video.net https://pococha-livestreaming.cdn-dena.com https://*.live-streaming.tech https://pococha-livestreaming-for-ivs-rts-production.s3.us-west-2.amazonaws.com wss://*.pococha.com:443 https://www.google-analytics.com https://stats.g.doubleclick.net https://token.paygent.co.jp https://use.typekit.net https://p.typekit.net https://primer.typekit.net https://pokota-questionnaire-answer-files-production.s3.ap-northeast-1.amazonaws.com https://*.sentry.io https://globalsiteanalytics.com/resource/resource.png https://globalsiteanalytics.com/service/hdim https://app.unleash-hosted.com wss://*.mieru-ca.com https://sentry.pococha.com/ 1
frame-ancestors 'self' funio.com; upgrade-insecure-requests; 1
default-src 'self' https:; script-src 'self' 'nonce-MzIyNTMzYzYtYjZhYi00ZmM5LWI5MGMtYjA4M2Y3MjY4MzE2' 'strict-dynamic' https: http: 'unsafe-inline' ; script-src-elem 'self' https://www.googletagmanager.com 'unsafe-inline'; style-src 'self' 'nonce-MzIyNTMzYzYtYjZhYi00ZmM5LWI5MGMtYjA4M2Y3MjY4MzE2'; style-src-attr 'self' 'unsafe-inline'; img-src 'self' https://raw.githubusercontent.com blob: data:; font-src 'self' https://fonts.gstatic.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests; 1
frame-ancestors https://ads.tiktok.com 1
frame-ancestors 'self' https://daytondailynews.newspapers.com https://journal-news.newspapers.com https://springfieldnewssun.newspapers.com https://www.legacy.com https://epaper.springfieldnewssun.com https://editions.journal-news.com 1
default-src * data: blob: ; script-src * 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none' ; 1
default-src 'self' 'unsafe-inline' blob: data: 'unsafe-eval' *.littleforest.co.uk https://s2.adform.net/ https://www.google-analytics.com/ https://res.cloudinary.com wss://lo.msg.liveperson.net *.everesttech.net *.google.com *.google.it *.vodafone.al *.google.al *.liveperson.com *.lpsnmedia.net  *.liveperson.net *.kampyle.com  *.youtube.com *.googleapis.com https://www.facebook.com  https://connect.facebook.net https://fonts.gstatic.com  https://fonts.googleapis.com https://vodafonealbania.tt.omtrdc.net https://c1.adform.net/ *.vodafone.al vodafone.al *.akstat.io https://c.go-mpulse.net https://dpm.demdex.net https://maps.googleapis.com https://maps.gstatic.com https://s.ytimg.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://tags.tiqcdn.com https://track.adform.net https://vodafonealbania.d2.sc.omtrdc.net https://vodafonealbania.demdex.net https://www.google.com https://www.google.gr https://www.youtube.com *.vodafone.com *.msg.liveperson.com lo.msg.liveperson.com *.msg.liveperson.net lo.msg.liveperson.net https://www.googletagmanager.com *.googletagmanager.com https://embed.binkies3d.com binkiesproductionweu.servicebus.windows.net binkiescontentnode.blob.core.windows.net az589851.vo.msecnd.net https://cdn.cookielaw.org/ https://tags.tiqcdn.com/ apps.euw2.pure.cloud; 1
default-src 'self' polyfill.io *.gstatic.com static.hotjar.com maps.googleapis.com use.fontawesome.com www.google.com www.googletagmanager.com fonts.googleapis.com 'unsafe-inline' 1
frame-ancestors 'self' https://addons.prestashop.com/; 1
base-uri 'self'; script-src 'nonce-kgyxTu1dSc2i8FjzjPUmoc4fRic=' 'unsafe-eval' 'strict-dynamic'; object-src 'none'; 1
default-src 'none';; child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net;; form-action https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://messenger-apps.intercom.io/ https://*.statuspage.io/ https://litmus.com/;; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://litmus.com/inline/ https://static.ws.apsis.one/ https://static.ws.apsisbeta.one/ https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://static.intercomassets.com/;; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/;; font-src 'self' https://fonts.gstatic.com/ https://js.intercomcdn.com https://fonts.intercomcdn.com data;; media-src https://js.intercomcdn.com;; connect-src https://s3.eu-west-1.amazonaws.com/ https://s3.ap-southeast-1.amazonaws.com/ graph.facebook.com wss://*.amazonaws.com/ wss://*.apsis.cloud/ wss://*.apsisbeta.one/ wss://*.apsis.one/ https://apsis.cloud/ https://*.apsis.cloud/ https://*.fe-stage.apsis.cloud/ https://*.apsisbeta.one/ https://*.apsis.one/ https://*.auth0.com/ https://apsis.jumpstory.com/ https://graph.microsoft.com/v1.0/organization https://globaldisco.crm.dynamics.com/api/discovery/v1.0/Instances https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://apsis.com/;; frame-src https://apsis.com/ https://player.vimeo.com/ https://apccdn.apsis1.com/ https://*.auth0.com/ https://*.apsis.cloud/ https://*.apsisbeta.one/ https://*.apsis.one/ https://litmus.com/ https://intercom-sheets.com/;; frame-ancestors 'self'; img-src 'self' * blob: data: https://js.intercomcdn.com https://static.intercomassets.com/ https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io/ https://*.statuspage.io/ https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com; 1
frame-ancestors *.cadremploi.fr *.fcms.io 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' enews.mortonarb.org *.pardot.com *.gstatic.com *.google.com *.facebook.net *.googleapis.com *.googletagmanager.com doublethedonation.com *.google-analytics.com *.jquery.com *.adsrvr.org *.googleadservices.com *.doubleclick.net; worker-src 'self' blob:; connect-src 'self' *.gstatic.com *.google-analytics.com *.googleapis.com translate.googleapis.com *.google.com doublethedonation.com *.doubleclick.net *.googlesyndication.com; style-src 'self' 'unsafe-inline' *.googleapis.com doublethedonation.com; media-src 'self' data: player.vimeo.com; frame-src 'self' *.facebook.com *.google.com player.vimeo.com *.adsrvr.org *.doubleclick.net  *.mortonarb.org; font-src 'self' data: *.gstatic.com doublethedonation.com; img-src 'self' https: data: *.picsum.photos picsum.photos *.gstatic.com *.vimeocdn.com *.gravatar.com; 1
frame-ancestors 'self' *; default-src 'self' data: wss: mc.yandex.ru mc.yandex.com fpnpmcdn.net cdnwbstts.com *.hcaptcha.com *.fptls.com *.cdnwbstts.com *.fpjs.io *.fpapi.io *.youtube.com finana.io fokusdoom.ru pay.finana.io *.google-analytics.com *.google.com.ua *.gstatic.com *.googletagmanager.com *.google.com *.jivosite.com freekassa.ru freekassa.com *.freekassa.ru *.freekassa.com *.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; object-src 'none'; script-src 'self' blob: mc.yandex.ru mc.yandex.com fpnpmcdn.net fokusdoom.ru hcaptcha.com *.google-analytics.com *.google.com.ua *.gstatic.com *.googletagmanager.com *.google.com *.jivosite.com *.freekassa.ru *.freekassa.com *.googleapis.com *.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.jivosite.com *.google.com.ua *.freekassa.ru *.freekassa.com; font-src 'self' data: *.gstatic.com 'unsafe-inline'; style-src-elem 'self' data: *.jivosite.com *.googleapis.com *.freekassa.ru *.freekassa.com 'unsafe-inline'; base-uri 'none'; form-action 'self' *; style-src 'self' *.googleapis.com *.freekassa.ru *.freekassa.com *.googletagmanager.com *.jivosite.com 'unsafe-inline' ; style-src-attr 'self' *.googleapis.com *.freekassa.ru *.freekassa.com freekassa.ru freekassa.com 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' jsdelivr.net cdn.jsdelivr.net *.licdn.com *.spotify.com *.usercentrics.eu unpkg.com *.googleapis.com googletagmanager.com www.googletagmanager.com fonts.googleapis.com *.gstatic.com cdn.amcharts.com www.google-analytics.com *.doubleclick.net *.google.pl *.google.com  *.youtube.com anchor.fm stackpath.bootstrapcdn.com use.fontawesome.com app.powerbi.com powerbi.com consent.cookiebot.com *.google-analytics.com consentcdn.cookiebot.com concor.cbase.biz *.salesforce.com data: 1
font-src *.googleapis.com *.gstatic.com fonts.gstatic.com *.klarnacdn.net *.fontawesome.com data: fonts.googleapis.com *.hotjar.com *.zopim.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.alphaecommerce.gr *.cardlink.gr *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.youtube.com *.youtube-nocookie.com *.google.com *.google.gr *.doubleclick.net *.facebook.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.klarna.com *.weltpixel.com *.cookiebot.com *.facebook.com *.facebook.net *.addtoany.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.googleapis.com *.gstatic.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.facebook.com *.cookiefirst.com *.cookielaw.org *.windows.net *.google.com *.google.gr *.contactpigeon.com *.klarnaservices.com *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.net *.adform.net *.omnitagjs.com *.casalemedia.com *.criteo.com *.id5-sync.com id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.sharethrough.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.1rx.io *.targeting.unrulymedia.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.avada.io *.alphaecommerce.gr *.cardlink.gr *.cookiebot.com cdn.simpler.so sdk.local.simpler.so https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com *.tiktok.com *.facebook.com *.addtoany.com *.cookielaw.org *.google.com *.cookiefirst.com *.doubleclick.net *.paypal.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com *.contactpigeon.com *.linkwi.se js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.onecode.gr blob: *.google.gr *.cloudflareinsights.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com *.klarnacdn.net *.fontawesome.com tagmanager.google.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.cookiefirst.com *.contactpigeon.com assets.braintreegateway.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src *.youtube.com *.youtube-nocookie.com *.google.com *.google.gr *.doubleclick.net *.facebook.net 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://get.geojs.io *.avada.io *.cookiebot.com button.simpler.so button.staging.simpler.so analytics.simpler.so analytics.staging.simpler.so button.local.simpler.so *.facebook.net *.tiktok.com *.facebook.com *.cookielaw.org *.doubleclick.net *.google.com *.criteo.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.datatrics.com *.cookiefirst.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com *.contactpigeon.com *.youtube.com *.google.gr *.youtube-nocookie.com *.analytics.google.com *.googletagmanager.com *.googlesyndication.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob:; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
default-src 'self';font-src 'self' data: *.googleapis.com *.gstatic.com;img-src 'self' data: www.google-analytics.com *.youtube.com i.ytimg.com *.google.com *.google.fi *.lfeeder.com *.leadfeeder.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.vo.msecnd.net *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com www.googletagmanager.com *.youtube.com *.clickdimensions.com *.lfeeder.com *.leadfeeder.com http://*.google.com *.hotjar.com https://www.googletagmanager.com https://player.vimeo.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com dl.episerver.net *.google.com;frame-src 'self' *.youtube.com https://web.nordpoolgroup.com *.google.com https://analytics-eu.clickdimensions.com *.hotjar.com https://player.vimeo.com;frame-ancestors 'self';media-src 'self' *.youtube.com *.google.com https://player.vimeo.com;connect-src 'self' *.google-analytics.com *.youtube.com *.google.com *.doubleclick.net dc.services.visualstudio.com *.hotjar.com *.hotjar.io;object-src 'none';child-src 'self';upgrade-insecure-requests;block-all-mixed-content; 1
default-src https: http: wss: ; script-src https: 'self' 'unsafe-inline' js.hs-scripts.com js.hs-analytics.net cdnjs.cloudflare.com *.adopto.eu adopto.eu www.adopto.eu *.googleapis.com *.facebook.net *.facebook.com www.google.com www.google-analytics.com; object-src 'self' https: data: adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net; style-src * https: 'unsafe-inline'; img-src 'self' https: data: cdnjs.cloudflare.com adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net *.gstatic.com *.googleapis.com *.facebook.com s3.amazonaws.com stats.g.doubleclick.net; child-src 'self' *.talentlyft.com app.livestorm.co platform.twitter.com static.addtoany.com *.nosiva.com *.facebook.com *.youtube.com *.us11.list-manage.com forms.hubspot.com js.hs-scripts.com js.hs-analytics.net player.vimeo.com; font-src * https: data:; 1
frame-ancestors 'none'; default-src 'self' static.zdassets.com viabtc.zendesk.com *.zendesk.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net www.youtube-nocookie.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.zdassets.com res.wx.qq.com viabtc.zendesk.com www.google-analytics.com stats.g.doubleclick.net api.geetest.com api.geevisit.com monitor.geetest.com static.geetest.com static.geevisit.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com; style-src 'unsafe-inline' at.alicdn.com viabtc.zendesk.com static.geetest.com static.geevisit.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com; img-src i.ytimg.com www.google-analytics.com www.google.com *.aliyuncs.com *.alicdn.com viabtcconfig.oss-cn-shenzhen.aliyuncs.com viapoolconfig.oss-cn-hongkong.aliyuncs.com data: stats.g.doubleclick.net static.geetest.com static.geevisit.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com; font-src 'unsafe-inline' at.alicdn.com data: *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com; connect-src viabtc.zendesk.com *.zendesk.com viabtc-help.zendesk.com *.zdassets.com https://widget-mediator.zopim.com https://p.extfun.com wss://widget-mediator.zopim.com www.google-analytics.com stats.g.doubleclick.net *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com; frame-src www.bilibili.com player.bilibili.com player.vimeo.com *.viabtc.com *.jumio.com www.youtube.com www.youtube-nocookie.com www.ixigua.com v.qq.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googleapis.com analytics.skroutz.gr vivapayments.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com *.doubleclick.net connect.facebook.net *.contactpigeon.com collection.e-satisfaction.com cdn.e-satisfaction.com *.adman.gr trustmark.gr *.cookiebot.com *.klarnaservices.com *.klarna.com 1
default-src 'self' https://comments.newpipe.net; object-src 'none'; img-src 'self' https://f-droid.org; block-all-mixed-content; style-src 'self' https://comments.newpipe.net 'unsafe-inline'; frame-src 'self' https://media.assassinate-you.net 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-rizcrvKT7VLQt538mPjalg=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src * self data: tel: mailto: blob: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval';frame-ancestors 'self' https://rocket.qualitylogoproducts.com/; 1
default-src 'self' data: https: blob: ;       frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.geogebra.org/ https://oidc.tanet.edu.tw/ https://sso.cloud.edu.tw/ https://learning.cloud.edu.tw https://www.youtube.com/ https://accounts.google.com https://docs.google.com https://www.google.com;       frame-ancestors 'self' https://www.geogebra.org/ https://oidc.tanet.edu.tw/ https://sso.cloud.edu.tw/ https://learning.cloud.edu.tw ;       connect-src 'self' data: wss: https://adl.edu.tw/ https://0.peerjs.com https://elsanow.io https://*.elsanow.io https://*.gradingly.com https://gradingly.com https://www.imatheq.com/ https://region1.google-analytics.com https://analytics.google.com https://region1.analytics.google.com https://stats.g.doubleclick.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://api.geogebra.org/ https://www.geogebra.org/ https://media.video.cloud.edu.tw https://translate-service.scratch.mit.edu https://synthesis-service.scratch.mit.edu https://heroj7.tn.edu.tw/ https://directline.botframework.com/ https://pt.ntcu.edu.tw:5000/;       script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.imatheq.com/ https://www.youtube.com/ https://stats.g.doubleclick.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://bam.nr-data.net/ https://js-agent.newrelic.com/ https://vjs.zencdn.net/ https://api.geogebra.org/ https://stackpath.bootstrapcdn.com https://www.geogebra.org/ https://cdn.mathjax.org/ https://apis.google.com https://www.google-analytics.com https://unpkg.com https://www.googletagmanager.com https://code.jquery.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://cdn.datatables.net https://ajax.googleapis.com;       script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: http://www.imatheq.com/ https://www.imatheq.com/ https://www.youtube.com/ https://stats.g.doubleclick.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://cdn.jsdelivr.net/ https://cdn.geogebra.org/ https://vjs.zencdn.net/ https://stackpath.bootstrapcdn.com/ https://www.geogebra.org/ https://cdn.mathjax.org/ https://apis.google.com/ https://unpkg.com/ https://maxcdn.bootstrapcdn.com/ https://cdn.datatables.net/ https://api.geogebra.org/ https://ajax.googleapis.com/ https://www.youtube.com/ https://cdn.botframework.com/botframework-webchat/latest/webchat.js;       style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com/ https://www.imatheq.com/ https://www.geogebra.org/ https://vjs.zencdn.net/ https://stackpath.bootstrapcdn.com http://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://code.jquery.com https://cdnjs.cloudflare.com https://cdn.datatables.net https://cdn.jsdelivr.net/;       font-src 'self' data: https: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com;       img-src 'self' data: https: blob: https://region1.google-analytics.com https://region1.analytics.google.com;       object-src 'self' data: https: blob: ;       media-src 'self' data: https: blob: https://adl.edu.tw/ http://adl.edu.tw/;       report-uri ADLAPI/v1/csp_violation; 1
default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google.com 1
upgrade-insecure-requests;    default-src 'self';    form-action         'self'         https://www.mollie.com;    base-uri 'self';    img-src         'self'         allcaps-production.s3.eu-west-3.amazonaws.com         allcaps-staging.s3.eu-west-3.amazonaws.com         *.gstatic.com         *.googleapis.com         *.google-analytics.com         cdn.mollie.com         data:;    object-src        'none' ;    script-src        https:         'unsafe-inline'         'unsafe-eval'         googletagmanager.com;    script-src-elem         *         https:         'self'         'unsafe-inline';    style-src         https:         'unsafe-inline';    font-src        https:        data:;    worker-src 'self';    frame-ancestors 'self';    child-src 'self';    manifest-src 'self';    frame-src        'self'        *.google.com        *.youtube-nocookie.com;    connect-src         'self'         *.googleapis.com         *.google-analytics.com; 1
mepmawebsite.s3.ap-south-1.amazonaws.com; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' 1
object-src 'none'; frame-ancestors 'self'; report-uri http://www.securite-routiere.gouv.fr/report-uri/enforce 1
upgrade-insecure-requests; report-uri https://csp.atbaux.com/csp-error;  default-src 'none'; connect-src 'self' https: https://tr.snapchat.com https://www.atb.com/ https://www.facebook.com https://ajax.googleapis.com https://forms.hsforms.com/emailcheck/v1/ https://ct.pinterest.com/md/ https://web-atbva-uat.k8s-prod-na.finn.ai/api/v1/finn-chat/ https://web-atbva-prod.k8s-prod-na.finn.ai/api/v1/finn-chat/ https://web-atbva-uat.k8s-prod-na.finn.ai/ https://web-atbva-prod.k8s-prod-na.finn.ai/ https://msg-atbva-uat.k8s-prod-na.finn.ai/subscriptions/finnChat/ https://msg-atbva-prod.k8s-prod-na.finn.ai/subscriptions/finnChat/ wss://msg-atbva-uat.k8s-prod-na.finn.ai/ wss://msg-atbva-prod.k8s-prod-na.finn.ai/ https://msg-atbva-prod.k8s-prod-na.finn.ai/ https://cdn.siteimprove.net https://superscribe.atbaux.com https://api.genesyscloud.com https://www.google-analytics.com/ https://dc.services.visualstudio.com/v2/track https://siteintercept.qualtrics.com https://atb.postclickmarketing.com https://interactive.atb.com https://vimeo.com https://rates.atbaux.com/ https://tags.srv.stackadapt.com/ https://ct.pinterest.com/user/ https://q.quora.com/ https://stats.g.doubleclick.net https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://bat.bing.com https://analytics.google.com https://eu.srv.stackadapt.com https://www.google.ca/ads/ga-audiences https://www.google.com/pagead/landing https://s.yimg.com https://maps.googleapis.com https://api.hubapi.com wss://pubsub.salemove.com https://*.salemove.com wss://kluster.salemove.com https://*.glia.com; base-uri 'none'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; form-action https://www.facebook.com https://tr.snapchat.com https://forms.hsforms.com https://tr.snapchat.com/p https://tr.snapchat.com/cm/i https://feedback.atb.com; frame-ancestors 'none'; style-src 'self' 'unsafe-inline' https://tags.srv.stackadapt.com https://cloud.typography.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://web-atbva-uat.k8s-prod-na.finn.ai/webchat/static/styles/styles.css https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://optimize.google.com/optimize/editor/css/css.css https://*.salemove.com; script-src 'self' https: https://zn5hxoymepfxxwpmj-atbfeedback.siteintercept.qualtrics.com https://cdn.optimizely.com/js/26567580009.js 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://www.googleanalytics.com https://optimize.google.com https://www.googleoptimize.com https://zn5hxoymepfxxwpmj-atbfeedback.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/enterprise.js https://www.googletagmanager.com/ https://www.google-analytics.com https://tagmanager.google.com https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://maps.googleapis.com/maps/api/js https://adservice.google.com/ https://adservice.google.com/* https://www.google.com/ads/ga-audiences https://js.hs-scripts.com/4764334.js https://js.hsforms.net/forms/v2.js https://forms.hsforms.com/ https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/ https://znbd9nr9vkcjqslin-atbfeedback.siteintercept.qualtrics.com https://dl.episerver.net/13.2.4/epi-util/find.js https://js.hs-analytics.net/analytics/1563383400000/4764334.js https://www.workable.com/api/accounts/377831 https://www.workable.com/assets/embed.js https://extend.vimeocdn.com/ga/10780070.js https://zn5hxoymepfxxwpmj-atbfeedback.siteintercept.qualtrics.com/WRSiteInterceptEngine/ https://code.jquery.com/jquery-3.4.1.min.js https://sc-static.net/ https://static.ads-twitter.com/uwt.js https://analytics.twitter.com/i/ https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/ https://www.youtube.com/s/player/* https://cdn.jsdelivr.net/npm/vue@2.6.10/dist/vue.runtime.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://s.pinimg.com/ct/core.js https://s.pinimg.com/ct/lib/ https://a.quora.com/qevents.js https://tags.srv.stackadapt.com/events.js https://east.srv.stackadapt.com/events.js https://uw.srv.stackadapt.com/events.js https://eu.srv.stackadapt.com/events.js https://platform.twitter.com/oct.js https://static.ads-twitter.com/oct.js https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/ https://secure.quantserve.com/quant.js https://edge.quantserve.com/quant.js https://js.hs-banner.com https://apply.workable.com https://www.google.com/ads/ga-audiences* https://s.mitaa.io/dtag.min.js https://ionfiles.scribblecdn.net/scripts/ionizer-1.2.min.js http://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js https://web-atbva-uat.k8s-prod-na.finn.ai/webchat/static/ https://js.hs-banner.com/4764334.js https://bat.bing.com https://clarity.microsoft.com https://9897839.fls.doubleclick.net https://web-atbva-uat.k8s-prod-na.finn.ai/webchat/static/bundle.js https://web-atbva-uat.k8s-prod-na.finn.ai/webchat/static/config.js  https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js https://siteimproveanalytics.com/js/siteanalyze_77682.js https://siteimproveanalytics.com/ 'sha256-AoNQZpaRmemSTxMy9xcqXX5VLwI6IMPYugO7bFHOW+U=' 'sha256-VazP97ZCwtekAsvgPBSUwPFKdrwD3unUfSGVYrahUqU=' 'sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=' 'sha256-27gTObPp0STAt+fV8fwrG9pRwkVFaEg7ZHzBv6L0yto=' 'sha256-2bKthQiZc2RXXJ2zuNdQgergsosNJNO0j0pY5/AMUKE=' 'sha256-3ZrSyKXyfCBhxmUPydg8a9mgpCxBzKb9p2d6IFRh3+Q=' 'sha256-kiNksdOX+M4g0/nMTqaTImuB/PHpOdvlQF6VaBmvnoE=' 'sha256-fmBnciP22+IeufKiwett0ScrQcvXA2ltLjO5AkOn/eQ=' 'sha256-GxB2ppK+t1dQ/6WHfZRc7UJL/ct7a59qHKzBE/c1SzE=' 'sha256-kN2TxtGds1lhWybMfEoIXWeS4x4Enya8DiiyBAbeyHs=' 'sha256-olgZwKESUKBk5MwFwAYxCIamu4KAcRjk5VqnZxOlat0=' 'sha256-rXnvrupdVgmIsBg96vSU/gV2uQjZSH3AKma5y9FlGaU='  'nonce-83at3wVtSRA1SlF9DqcTkW/SUqvTEBwPqM3N3jUEyAM='; img-src 'self' data: * https://optimize.google.com https://www.google-analytics.com https://www.googletagmanager.com; media-src https://*.salemove.com; frame-src https://*.atb.com https://td.doubleclick.net https://www.facebook.com https://tr6.snapchat.com https://www.pinterest.com https://tr.snapchat.com https://verify.auth.atb.com/ https://verify-uat.auth-dev.atb.com/ https://www.googletagmanager.com https://va.atb.com/ https://virtual-assist-prod.atb.com/ https://virtual-assist-uat.atb.com/ https://web-atbva-prod.k8s-prod-na.finn.ai/ https://bank-api-gateway-atbva-prod.k8s-prod-na.finn.ai https://bank-api-gateway-atbva-prod.k8s-prod-na.finn.ai/ https://identity-prod.auth-dev.atb.com/ https://identity.auth.atb.com/ https://web-atbva-uat.k8s-prod-na.finn.ai/ https://bank-api-gateway-atbva-uat.k8s-prod-na.finn.ai https://bank-api-gateway-atbva-uat.k8s-prod-na.finn.ai/ https://identity-uat.auth-dev.atb.com/ https://8389598.fls.doubleclick.net/ https://www.google.com https://stats.g.doubleclick.net/ https://siteintercept.qualtrics.com/ https://feedback.atb.com/ https://www.youtube.com/ https://player.vimeo.com/ https://atb.postclickmarketing.com/ https://interactive.atb.com/ https://forms.hsforms.com/ https://tr.snapchat.com/ https://www.atbonline.com/ https://app.hubspot.com/ https://9897839.fls.doubleclick.net https://bid.g.doubleclick.net/ https://10829704.fls.doubleclick.net/ https://finn-demo-assets.finn.ai/ https://personal.atb.com/ https://www.pinterest.ca/ https://ct.pinterest.com/ https://optimize.google.com/ https://a26567580009.cdn.optimizely.com; manifest-src 'self'; child-src 'none'; object-src 'self'; 1
font-src 'self' themes.googleusercontent.com *.gstatic.com; frame-src 'self' https://accounts.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' accounts.google.com apis.google.com *.googleanalytics.com *.google-analytics.com https://*.googletagmanager.com cdn.jsdelivr.net api.observablehq.com d3js.org unpkg.com bundle.run; style-src 'self' 'unsafe-inline' fonts.googleapis.com; object-src 'none'; default-src 'self' *.gstatic.com; img-src 'self' data: https: *.google-analytics.com; connect-src 'self' static.observableusercontent.com cdn.jsdelivr.net constituteproject.org gist.githubusercontent.com raw.githubusercontent.com fonts.googleapis.com https://*.google-analytics.com; report-uri /csp 1
default-src 'self' https://www.sportpursuit.com; connect-src 'self' https://www.sportpursuit.com https://m.sportpursuit.com https://raven.sportpursuit.com https://api.sportpursuit.com https://*.elev.io https://*.amazon.com https://*.amazon.co.uk https://capture.trackjs.com https://*.facebook.com https://*.facebook.net https://*.doubleclick.net https://*.google.com https://*.postcodeanywhere.co.uk https://*.iubenda.com https://*.dixa.io wss://*.dixa.io https://cdn.polyfill.io https://sentry.io https://trustbadge.api.etrusted.com https://shops-si.trustedshops.com https://*.taboola.com https://bat.bing.com https://in.requestmetrics.com https://*.addressy.com https://*.scarabresearch.com https://*.googlesyndication.com https://*.logbor.com https://cdn.jsdelivr.net/gh/TimeOne-Group/isdk@latest/dist/isdk.min.js https://tracking.publicidees.com https://binel.hunkal.com https://*.creativecdn.com https://*.time1.me https://*.lacmp.net https://analytics.optimalpeople.fr https://analytics.tiktok.com https://*.imgstatics.com https://*.gsitrix.com; font-src 'self' https://images1.sportpursuit.info https://images2.sportpursuit.info https://images3.sportpursuit.info https://images4.sportpursuit.info https://*.elev.io https://fonts.gstatic.com https://widgets.trustedshops.com https://*.dixa.io; frame-src https://*.amazon.co.uk https://*.elev.io https://*.amazon.com https://*.payments-amazon.com https://www.googletagmanager.com https://staticxx.facebook.com https://www.facebook.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com https://widget.trustpilot.com https://player.vimeo.com https://*.doubleclick.net https://*.dcmn.io https://*.googlesyndication.com https://*.iubenda.com https://iubenda.mgr.consensu.org/ https://accounts.google.com https://*.publicidees.com https://ams.creativecdn.com https://ad.ad-srv.net/ https://*.redintelligence.net/ https://*.tradedoubler.com; media-src 'self' https://images1.sportpursuit.info https://images2.sportpursuit.info https://images3.sportpursuit.info https://images4.sportpursuit.info https://*.dixa.io/; form-action https://www.sportpursuit.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://trc.taboola.com https://*.amazon.co.uk https://*.amazon.de https://*.amazon.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' https://m.sportpursuit.com https://*.scarabresearch.com https://s.ytimg.com https://www.youtube.com/ https://cdn.elev.io https://googleads.g.doubleclick.net https://www.google.com/pagead/conversion_async.js https://www.googleadservices.com https://*.payments-amazon.com https://*.amazon.com https://www.googletagmanager.com https://connect.facebook.net https://www.sc.pages05.net https://platform.twitter.com https://widget.trustpilot.com https://*.dcmn.io https://*.googlesyndication.com https://*.googleapis.com https://apis.google.com https://*.postcodeanywhere.co.uk https://tagmanager.google.com https://*.iubenda.com https://bat.bing.com https://*.dixa.io https://cdn.polyfill.io https://sentry.io https://widgets.trustedshops.com https://cdn.taboola.com https://trc.taboola.com https://app.storyblok.com https://accounts.google.com data: https://*.logbor.com https://cdn.jsdelivr.net/gh/TimeOne-Group/isdk@latest/dist/isdk.min.js https://tracking.publicidees.com https://binel.hunkal.com https://*.creativecdn.com https://*.time1.me https://analytics.optimalpeople.fr https://pixel.adensemble.com https://s.retargeted.co https://cdn.mndtrk.com https://*.stylight.net https://*.lacmp.net https://*.tradedoubler.com https://analytics.tiktok.com https://*.gsitrix.com; style-src 'self' 'unsafe-inline' https://*.payments-amazon.com https://fonts.googleapis.com https://*.postcodeanywhere.co.uk https://tagmanager.google.com https://*.iubenda.com https://widgets.trustedshops.com https://accounts.google.com https://accounts.google.com; object-src 'none'; upgrade-insecure-requests; 1
frame-ancestors 'self' *.axonify.com *.marketo.com *.seismic.com; report-uri https://axonify.com/csp-report; report-to default; base-uri 'self'; form-action 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.axonify.com *.marketo.com *.seismic.com *.googletagmanager.com *.google.com *.mutinycdn.com *.vidyard.com *.googleapis.com *.gstatic.com *.jsdelivr.net *.licdn.com *.unpkg.com *.cookielaw.org *.bizible.com *.listenlayer.com *.hotjar.com *.facebook.net *.marketo.net *.6sc.co *.clearbitscripts.com *.addthis.com *.g2crowd.com *.uxsniff.com unpkg.com *.doubleclick.net *.chilipiper.com *.rezync.com; 1
frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline'; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com www.googletagmanager.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline'; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm www.google.com c.disquscdn.com cdn.kustomerapp.com googleads.g.doubleclick.net unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval'; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=IqNcHqknuUr9kdiizfiPenkqEtQoTbg8PAVpzR99oNc-1721957683-1.0.1.1-TI9SkMxUNn0JNFA5poBF6ylTNtjDvFlxmjr40oJN_g6E1e2TCeB0MZuWb4tvjdnRzwMID5udySPp7HhYEyTSh77vjqCykQUYuHdhpMqZoDF07aZltfGMXJoRc3ktuyn2sz_cQ4vUcmI3a_h1M2l5PnXgOmQejL98i8XAHFiiSlzfdeYRlhIHsaCgi0P7nIW9p86qGCs31xzwGn33QUhQ0w; report-to cf-knnpudvekbybnxjm 1
default-src 'self' data: blob: https://medchatapp.com https://*.medchatapp.com https://app.framerstatic.com https://framerusercontent.com https://events.framer.com https://fonts.gstatic.com https://unpkg.com https://snap.licdn.com https://public.rive.app https://*.linkedin.com https://cdn.jsdelivr.net https://rive.app 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://*.page9awry.com https://downloads-global.3cx.com https://cdn.3cx.com https://cdnjs.cloudflare.com https://*.google.com https://www.google-analytics.com https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js https://*.facebook.com https://connect.facebook.net https://*.tawk.to https://*.googleapis.com https://s7.addthis.com/js/300/addthis_widget.js https://*.hiss3lark.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://*.hotjar.com https://www.googletagmanager.com https://*.addthis.com https://*.addthisedge.com https://*.moatads.com; style-src 'report-sample' 'self' 'unsafe-inline' https://*.page9awry.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://*.tawk.to; object-src 'none'; base-uri 'self'; connect-src 'self' wss://ws.hotjar.com px.ads.linkedin.com https://*.page9awry.com wss://nm-14550.3cx.co.uk https://*.google-analytics.com https://region1.analytics.google.com https://cdn.linkedin.oribi.io https://idx.liadm.com https://*.3cx.co.uk https://*.tawk.to wss://*.tawk.to https://*.addthis.com https://*.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://*.tawk.to; frame-src 'self' https://*.doubleclick.net https://www.google.com https://accounts.google.com https://*.hotjar.com https://*.tawk.to https://*.facebook.com https://www.gstatic.com https://*.addthis.com https://*.addthisedge.com https://*.moatads.com https://player.vimeo.com; img-src 'self' data: https://*.page9awry.com https://maps.googleapis.com https://*.google.co.uk https://*.googletagmanager.com https://*.google.com https://www.google-analytics.com https://*.adsymptotic.com https://*.doubleclick.net https://maps.gstatic.com https://*.linkedin.com https://www.facebook.com https://*.tawk.to https://cdn.jsdelivr.net https://tawk.link https://nm-14550.3cx.co.uk https://csi.gstatic.com/; manifest-src 'self'; media-src 'self' data:; report-uri https://5ed675c79f297888ec226770.endpoint.csper.io/; worker-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' media-library.cloudinary.com www.googletagmanager.com cdn.plyr.io www.youtube.com js-agent.newrelic.com d1tl6qsiknvnsu.cloudfront.net d1c3g0ihb82aph.cloudfront.net code.jquery.com *.liveperson.net *.lpsnmedia.net platform-api.sharethis.com buttons-config.sharethis.com cdn.jsdelivr.net www.google.com/recaptcha/api.js www.gstatic.com js.adsrvr.org connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net googletagmanager.com tagmanager.com; img-src 'self' data: res.cloudinary.com i.ytimg.com cdn.jsdelivr.net i.vimeocdn.com ad.doubleclick.net 'self' d1tl6qsiknvnsu.cloudfront.net d1c3g0ihb82aph.cloudfront.net lpcdn.lpsnmedia.net platform-cdn.sharethis.com l.sharethis.com www.facebook.com www.google.com www.google.co.uk *.googletagmanager.com googletagmanager.com *.gstatic.com connect.facebook.net; frame-src 'self' w.soundcloud.com www.googletagmanager.com cloudinary.com console.cloudinary.com www.youtube.com www.youtube-nocookie.com *.liveperson.net *.lpsnmedia.net player.vimeo.com www.google.com *.doubleclick.net *.adsrvr.org newyorkphilharmonic.wufoo.com; style-src 'unsafe-inline' 'self' d1tl6qsiknvnsu.cloudfront.net d1c3g0ihb82aph.cloudfront.net cdn.plyr.io cdn.jsdelivr.net googletagmanager.com tagmanager.google.com fonts.googleapis.com; font-src 'self' d1tl6qsiknvnsu.cloudfront.net d1c3g0ihb82aph.cloudfront.net fonts.gstatic.com data:; media-src 'self' res.cloudinary.com lpcdn.lpsnmedia.net; connect-src 'self' https://d1c3g0ihb82aph.cloudfront.net/Prod/ https://my.nyphil.org/en/ noembed.com cdn.plyr.io bam.nr-data.net 4glbp5u2t8.execute-api.us-east-1.amazonaws.com api.swiftype.com l.sharethis.com analytics.tiktok.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net adservice.google.com; 1
frame-ancestors 'self' https://studio.fancentro.com https://agency.fancentro.com https://agency-new.fancentro.com http://localhost:* 1
default-src 'self' data: ;         script-src 'self' data: 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net ajax.googleapis.com js.hs-scripts.com js.hsleadflows.net js.hs-analytics.net *.google-analytics.com *.googletagmanager.com sjs.bizographics.com js.driftt.com bat.bing.com connect.facebook.net web-analytics.engagio.com *.salesloft.com  *.adroll.com *.cloudfront.net maps.googleapis.com d.adroll.mgr.consensu.org https://optimize.google.com *.licdn.com *.fullstory.com fullstory.com js.hs-banner.com https://tagmanager.google.com *.demandbase.com *.intercom.io *.intercomcdn.com https://play.vidyard.com https://www.googleadservices.com https://googleads.g.doubleclick.net *.hsforms.net https://*.usercentrics.eu *.6sc.co *.6sense.com https://scripts.simpleanalyticscdn.com https://js.qualified.com *.mouseflow.com;         img-src * 'self' data: *.hubspot.com *.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com *.salesloft.com *.linkedin.com *.google.com *.facebook.com *.adroll.com *.adsymptotic.com bat.bing.com pixel.advertising.com dsum-sec.casalemedia.com pixel.rubiconproject.com sync.outbrain.com simage2.pubmatic.com trc.taboola.com eb2.3lift.com ads.yahoo.com ib.adnxs.com x.bidswitch.net cm.g.doubleclick.net idsync.rlcdn.com us-u.openx.net ups.analytics.yahoo.com dpm.demdex.net s.amazon-adsystem.com pm.w55c.net ups.analytics.yahoo.com pippio.com sync.mathtag.com tags.rd.linksynergy.com match.adsrvr.org usermatch.krxd.net tags.bluekai.com *.intercom.io *.intercomcdn.com *.intercomassets.com https://*.usercentrics.eu *.6sc.co *.6sense.com https://queue.simpleanalyticscdn.com https://simpleanalyticsbadges.com *.mouseflow.com;         connect-src * 'self' data: *.hubspot.com https://optimize.google.com *.intercom.io *.intercomcdn.com *.intercomusercontent.com https://*.usercentrics.eu *.6sc.co *.6sense.com https://queue.simpleanalyticscdn.com https://*.qualified.com wss://*.qualified.com *.mouseflow.com;         frame-src 'self' data: player.vimeo.com js.driftt.com learn.qualia.com www.youtube.com qualia.daily.co https://optimize.google.com https://cdn2.hubspot.net https://play.vidyard.com *.hsforms.com https://*.qualified.com *.mouseflow.com;         style-src 'self' data: 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net ajax.googleapis.com fonts.googleapis.com https://optimize.google.com https://tagmanager.google.com https://*.qualified.com;         font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://optimize.google.com *.intercomcdn.com *.mouseflow.com;         media-src 'self' data: www.qualia.com js.driftt.com *.intercomcdn.com *.hubspotusercontent00.net mediastream: https://*.qualified.com;         manifest-src 'self' data: *.google.com;         prefetch-src 'self' data: https://play.vidyard.com;         child-src 'self' data: https://*.qualified.com *.mouseflow.com;         object-src 'none';         upgrade-insecure-requests 1
connect-src 'self' content.layershift.com maps.googleapis.com vercel.live stats.layershift.com sentry-new.tidio.co socket.tidio.co api-v2.tidio.co https: wss:;      script-src 'self' content.layershift.com js.stripe.com maps.googleapis.com vercel.live stats.layershift.com code.tidio.co widget-v4.tidiochat.com 'unsafe-inline' 'unsafe-eval';      style-src 'self' fonts.googleapis.com https: 'unsafe-inline';      img-src content.layershift.com static.layershift.com maps.gstatic.com cdnjs.cloudflare.com data: https: 'self' data:;      font-src 'self' content.layershift.com static.layershift.com fonts.gstatic.com https: data:;      object-src 'none';      base-uri 'self' https://stats.layershift.com;      form-action 'self';      frame-ancestors https://stats.layershift.com;      block-all-mixed-content;      upgrade-insecure-requests; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NTdkZDliNTY1NDI2NDMwM2JiMGNmZjRkYzg4ZTlkZDA=' https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.nvwa.nl; font-src 'self' https://statistiek.rijksoverheid.nl; object-src 'none'; connect-src https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.nvwa.nl; img-src 'self' data: https://d3oiud1b8fohdw.cloudfront.net https://statistiek.rijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.toegankelijkheidsverklaring.nl; media-src 'self' https://*.rovid.nl https://*.rijksoverheidsvideo.nl; form-action 'self' https://export.highcharts.com https://*.contenttoolsrijksoverheid.nl https://*.nvwa.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
child-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.invitationhomes.com; default-src 'self' *.contentful.com 'unsafe-inline' 'unsafe-eval' *.invitationhomes.com; frame-src 'self' https://rs.gwallet.com https://seal-dallas.bbb.org https://www.youtube.com/ *.quantummetric.com *.invitationhomes.com; connect-src 'self' https://*.onetrust.com https://*.cookielaw.org https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://stats.g.doubleclick.net *.contentful.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com *.datadoghq.com https://*.clarity.ms https://*.ctfassets.net https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.permutive.com *.qualtrics.com https://*.serving-sys.com https://*.stackadapt.com *.quantummetric.com *.invitationhomes.com; font-src 'self' https://*.gstatic.com *.invitationhomes.com; img-src 'self' https: https://*.google.com https://*.google-analytics.com https://*.ctfassets.net https://*.kameleoon.com https://*.kameleoon.eu *.invitationhomes.com; manifest-src 'self' *.invitationhomes.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.onetrust.com https://*.cookielaw.org https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.adnxs.com https://*.clarity.ms https://www.datadoghq-browser-agent.com https://action.dstillery.com https://*.facebook.net https://map.go.affec.tv https://*.kameleoon.com https://*.kameleoon.eu https://action.media6degrees.com https://cdn.permutive.com *.qualtrics.com https://*.quantummetric.com https://*.serving-sys.com https://tags.srv.stackadapt.com *.stackadapt.com *.invitationhomes.com 'nonce-K+n5SA9llitwpgfqtfmG6Q=='; script-src-elem 'self' https://*.onetrust.com https://*.cookielaw.org https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.adnxs.com https://*.affec.tv https://*.clarity.ms *.contentful.com https://*.facebook.net https://*.gstatic.com https://*.kameleoon.com https://*.kameleoon.eu https://*.qualtrics.com https://*.quantummetric.com https://*.serving-sys.com *.stackadapt.com 'unsafe-inline' 'unsafe-eval' *.invitationhomes.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://*.stackadapt.com *.invitationhomes.com 1
default-src 'self' data: https://*.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s6.searchcdn.com https://*.surveymonkey.com https://js.arcgis.com https://*.addtoany.com https://kit.fontawesome.com/ https://*.googleapis.com https://www.googletagmanager.com http://riversideca.gov https://*.google.com https://vimeo.com https://*.facebook.com  http://*.googleapis.com http://*.google-analytics.com https://*.google-analytics.com https://m.addthisedge.com https://addsearch.com https://*.twitter.com https://www.youtube.com http://vjs.zencdn.net https://*.curator.io http://*.curator.io https://fresnel.vimeocdn.com http://*.google.com https://m.addthis.com http://m.addthis.com https://*.twitter.com https://cdnjs.cloudflare.com https://code.jquery.com https://f.vimeocdn.com http://*.riversideca.gov https://*.legistar.com https://cdn.syndication.twimg.com https://*.govdelivery.com https://*.granicusideas.com https://api-public.addthis.com https://*.granicus.com https://static.doubleclick.net https://vjs.zencdn.net https://player.vimeo.com https://*.riversideca.gov https://www.gstatic.com https://s7.addthis.com https://c4b-integration.com https://*.g.doubleclick.net  https://www.recaptcha.net https://js-agent.newrelic.com https://uploads.mycusthelp.com; connect-src 'self' https://www2.hdlcompanies.com http://*.arcgisonline.com https://*.arcgisonline.com https://c4b-integration.com https://*.arcgis.com https://www.google-analytics.com  https://graph.facebook.com https://*.govdelivery.com https://*.twitter.com https://query.yahooapis.com https://googleads.g.doubleclick.net https://api-public.addthis.com https://fresnel.vimeocdn.com https://*.granicus.com https://*.googleapis.com https://api.curator.io; img-src 'self' data: https://*.gstatic.com https://*.surveymonkey.com https://*.arcgisonline.com https://*.arcgis.com https://*.addsearch.com https://c4b-integration.com http://*.riversidepublicutilities.com https://*.facebook.com https://riversideca.legistar.com https://*.xx.fbcdn.net https://*.googleapis.com https://www.google-analytics.com https://*.google.com https://*.cloudfront.net  https://stats.g.doubleclick.net https://*.granicus.com https://i.ytimg.com https://*.riversideca.gov https://ssl.google-analytics.com https://*.cdninstagram.com https://riversideca.gov https://external.xx.fbcdn.net https://i.vimeocdn.com https://curator-assets.b-cdn.net https://pbs.twimg.com https://www.riversideca.gov https://scontent.xx.fbcdn.net http://s7.addthis.com; style-src 'self' 'unsafe-inline' *.arcgis.com https://www.google.com https://*.cloudfront.net https://*.bootstrapcdn.com https://*.googleapis.com https://*.riversideca.gov https://app.addsearch.com http://*.riversideca.gov https://www.youtube.com https://f.vimeocdn.com https://c4b-integration.com http://vjs.zencdn.net https://riversideca.legistar.com https://riversideca.granicus.com https://*.gstatic.com https://platform.twitter.com https://cdn.curator.io https://vjs.zencdn.net https://cdnjs.cloudflare.com http://ajax.googleapis.com; font-src 'self' https://*.bootstrapcdn.com  http://*.arcgis.com http://*.riversideca.gov https://*.riversideca.gov https://fonts.gstatic.com http://vjs.zencdn.net https://c4b-integration.com http://fonts.gstatic.com https://cdn.curator.io https://cdnjs.cloudflare.com; frame-src 'self' https://*.flipbook.thesaucecs.com https://*.powerbigov.us https://prezi.com https://*.office365.com https://*.tableau.com https://sketchfab.com https://www.eventbrite.com https://cad.chp.ca.gov/ https://*.s3.amazonaws.com https://www.youtube.com https://*.google.com/ https://*.riversideca.gov https://*.vimeo.com https://*.twitter.com https://s7.addthis.com https://*.govdelivery.com https://*.arcgis.com https://*.clarity-aip.com https://riversideca.legistar.com https://www.google-analytics.com https://*.twitter.com https://www.recaptcha.net https://*.granicus.com https://riversideca.mycusthelp.com; frame-ancestors 'self' https://www.riversideca.gov https://riversideca.gov; object-src 'self' https://www.riversideca.gov https://riversideca.gov 1
default-src * data: 'unsafe-inline' 'unsafe-eval'; connect-src * javascript: data: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline' 1
default-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.tradelens.com https://platform.tradelens.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://js.adsrvr.org https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net *.mpstat.us *.akstat.io https://*.igodigital.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.cookieinformation.com https://www.datadoghq-browser-agent.com/datadog-rum-eu.js https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://*.contentsquare.com https://www.datadoghq-browser-agent.com/datadog-rum.js https://screencapture.kampyle.com https://screencapture-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://snap.licdn.com https://px.ads.linkedin.com https://connect.facebook.net https://www.facebook.com https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com https://*.decibelinsight.net https://*.decibel.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com https://*.razorpay.com; img-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://insight.adsrvr.org https://match.adsrvr.org https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://fo-api.omnitagjs.com https://*.akstat.io https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://screencaptue-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com https://*.salesforce.com https://*.force.com https://maersk.my.salesforce-sites.com; object-src 'self' ; style-src 'self' 'unsafe-inline' https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com https://*.bing.com https://*.virtualearth.net https://resources.digital-cloud.medallia.eu https://screencaptue-cdn.kampyle.com https://nebula-cdn.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com; frame-src https://*.maersk.com https://*.maersk.com.cn https://insight.adsrvr.org https://match.adsrvr.org https://*.maersk.io https://*.maerskline.com https://*.apmoller.net http://emanage.maerskline.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://*.cookieinformation.com https://*.youku.com/ https://*.force.com/  https://*.salesforce.com https://app.powerbi.com http://my.maerskline.com https://*.doubleclick.net https://reporting.damco.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com https://*.razorpay.com; font-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com; connect-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.tradelens.com https://platform.tradelens.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com https://*.decibelinsight.net https://*.decibel.com wss://*.decibelinsight.net https://maersk.my.salesforce-scrt.com https://chatbot-test-app.herokuapp.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com wss://proxy2.scm.maersk.com https://*.razorpay.com; worker-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.tradelens.com https://platform.tradelens.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com blob:; 1
frame-ancestors signaviogtmplatform.my.salesforce.com signavio.force.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://federicoc-seyfarth-a40.udev1a.net https://w.soundcloud.com https://qa-seyfarth-a40.udev1a.net https://christianp-seyfarth-a40.udev1a.net https://seyfarth.usablenet.com https://a40.usablenet.com https://www.seyfarth.com https://seyfarth.usablenet.com https://cdn.cookielaw.org https://a40.usablenet.com https://ajax.googleapis.com https://maps.googleapis.com https://forms.hsforms.com https://js.hsforms.net https://www.youtube.com https://player.vimeo.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://www.googletagmanager.com https://www.google-analytics.com https://analytics.rubensteintech.com https://kit.fontawesome.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ ; style-src 'self' 'unsafe-inline' https://federicoc-seyfarth-a40.udev1a.net https://qa-seyfarth-a40.udev1a.net https://christianp-seyfarth-a40.udev1a.net https://seyfarth.usablenet.com https://a40.usablenet.com https://www.seyfarth.com https://fonts.googleapis.com https://hello.myfonts.net https://use.typekit.net https://p.typekit.net ; connect-src 'self' https://seyfarth.usablenet.com https://a40.usablenet.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://vimeo.com https://noembed.com https://stats.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://maps.gstatic.com https://maps.googleapis.com https://cdn.plyr.io https://www.google-analytics.com/ https://forms.hubspot.com https://analytics.rubensteintech.com https://ka-f.fontawesome.com https://analytics.google.com https://google-analytics.com https://*.analytics.google.com https://*.google-analytics.com ; font-src 'self' data: https://www.seyfarth.com https://fonts.gstatic.com https://ka-f.fontawesome.com https://use.typekit.net/ ; img-src 'self' data: blob: https://cdn.cookielaw.org https://www.seyfarth.com https://i.vimeocdn.com https://i.ytimg.com https://f.hubspotusercontent30.net https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://track.hubspot.com https://www.google-analytics.com https://forms.hsforms.com https://analytics.google.com https://google-analytics.com https://*.analytics.google.com https://*.google-analytics.com ; frame-src 'self' mailto: blob: https://w.soundcloud.com https://a40.usablenet.com https://mail.google.com/ https://cdn.yoshki.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://www.podbean.com https://app.powerbi.com https://www.google.com ; worker-src 'self' blob: ; media-src 'self' data: https://vimeo.com https://www.youtube.com ; frame-ancestors 'self' ; object-src 'self' ; 1
frame-ancestors sellerboard.com 1
upgrade-insecure-requests; frame-ancestors 'self' blaetterkatalog.musicstore.de 1
frame-ancestors 'self' www.dus.net 1
script-src 'self' blob: dcpages.bcbsil.com *.mpeasylink.com *.omtrdc.net *.convertlanguage.com *.walkme.com *.jquery.com *.marinsm.com *.tvsquared.com *.clarity.ms *.steelhousemedia.com *.stackadapt.com  'sha256-p52KTUqLKEO+lUT2C0LF7wGsWnAArVHRzL9NaO1rg9A=' 'sha256-rJU5cYcRBqmpRKTL9LNlYrhsVlkqUjjZUvh23ucekhQ=' 'sha256-6QS2yyfz+2+43w4jrOXP7KFFVm8+ONq0ovu3bDEWCfs=' 'sha256-kHVD1AqZVWiiKD4I9uDTBxGfSqZPtex0Wmdj8Og61EU=' 'sha256-hooWFE7aSaLYrr/fevukwfG9E9Eng/LMmeLcpg8Qifg=' 'sha256-9mEewbxXH3GGgvq+NICCUxNbfSccVK2A9VXNEN9R0WY=' 'sha256-hFc5XZOHVUzaMKmVJE029XrtqScJkFKYalqVph7I3t4=' 'sha256-iQOOSlcwZimnsSMD8hYdm5G2O6xNN5FJIG2xBIZEeus=' 'sha256-Rqz5HBTdDZqvx9tFQtMxkOrL6I7oKHMPUmejT+2LMw8=' 'sha256-0rnAJ6vApAwYvkwKRItvYvJBuC2Tc6FUGnpWWGKm0s0=' 'sha256-E3D70tU+C9GFn1aNG7ja3BGmXO6SUTBfXNPkiks6YKM=' 'sha256-WiBrp8n6qzXaR53OMuij2Wqky+WBAZHWS4m9u+Y6Vgs=' 'sha256-Bwbsdql2wuxPBfreVcjv4IcQRIm2tK54E/ZtuKmHmLI=' 'sha256-+QoWUsMtJAiKNrS9ddu7252XOoLq26XVwk4TdboDGM0=' 'sha256-EFemVE1/2VPlNZdptBdgN2GjWc7noj81GGGv0MwOyJY=' 'sha256-K83smGC12/mOrMV+5hXYSc0TQHjFQM6XX+Zdj9pBbas=' 'sha256-Fx0LrAqaK0HfpKOTd5jtbUe4X89Fz86oesjqSQUn8Y8=' 'sha256-L+CdrbB/3MWzakKjyzoy8w1eIqDVGrsftnkvJdo4gIc=' 'sha256-ud+TXSHWwW6/Ltq5qioGqWeGcQMxHWR5TiMnvYBaUEk=' 'sha256-BaFk7RP58iF1BkZHdqeujuDXXLld9PS1LiKm9MnnQ2A=' 'sha256-oRdVJzqGJc9xIgrN9giweGhI+uJQxUjkla++Xx19V+M=' 'sha256-P+6dUXh0AE0IknMkVtquEOaJZkrTTlUwjdLsSHSwG90=' 'sha256-3BUC2uqkLtf11hujvyMEl1NTcrpXaw9M/nxK0qpugE4=' 'sha256-ThHZXYAEciBA4PPtRsuwrM4rS6A27cEeDZfKFgMjOHs=' 'sha256-Fx0LrAqaK0HfpKOTd5jtbUe4X89Fz86oesjqSQUn8Y8=' 'sha256-1jH1jUGW8+/nnNLV4s1f8jHlAtMsBv985QVausqXm5s=' 'sha256-XpDQ/sKD1Q35z6yrfuUgNaqcpCpmaF6wIFXhd6+xJLo=' 'sha256-Y1FaManeoAv2rvhfch00iF9FeWmPQ4xhefvAaCacOOY=' 'sha256-39xatTpd5FpCS4XEP4t1a9EhvY/OmWxChEfjA6mbhtU=' 'sha256-Vx+zs5/RWUox1W4EFLbRMatbTZLk9zcmPTLW+yk3Lm0=' 'sha256-ud+TXSHWwW6/Ltq5qioGqWeGcQMxHWR5TiMnvYBaUEk=' 'sha256-IbsFdXn34z8gdSvhFRticCzSskEX+HVwrX++LVY7bIw=' 'sha256-N63VR5czWRUyi4yTEGyoam6orM200eR4SB/ndd2vCSE=' 'sha256-h1BXcWieM0hfS3GVpaXzPev+V7bbo0VQKstgeMXvP04=' 'sha256-nyYhGb/ogFCXA+jjhnQPaWmEGq7zMi7is/Og/WHHu1U=' 'sha256-MW7xYbbWUIy+vpnrRUsAKgafurRDpmEtw8ibUiTK9kg=' 'sha256-5fsNGF2R9ioLIErxzZqlt7Q+qLwWOmVWJp0buVkNkRY=' 'sha256-PYtocK3DFaOHMHXcTLPhO1P5IEXMf8cf6Yyf1u0USFQ=' 'sha256-nwxOa/AwuXKhEnQfF8z3U9AQyig3d1tfIX6QLS1c7/U=' 'sha256-GtVr9Zuz9aTjQAj54p9HhTNTu36Dn7NyQh3d7xMZg4k=' 'sha256-prCWgxIMGDrHbwdw5mT2MeFWJJGImVIKxAV7gJOpQ0w=' 'sha256-tU2s1s4syE7gpagiZ/DMk2OM7ZcxzIYUDAn0ZWZZvcw=' 'sha256-IohmHrNbNfYp1N8eOkosBSzsog22PSpNMgxp+rP0ba0=' 'sha256-gdUVY3rNP3d8mugxATRy94Oef9TvyvQv4LByypmpoQM=' 'sha256-Oc0DJ+pN/Q9MEzC3WsStCthU0JXK5IxeTD/NO180ggI=' 'sha256-3R5kPMMUS7lCbC94I1yEP6/LrPcCxCpJkMghRm5vc+M=' 'sha256-TfsnO13RGWJOuqMSQ71jj+6N2s997hJAghDCvf9s9dM=' 'sha256-xri8zZKOW+5jts4GRTZuQGosPS+dSTQJr5bebWtNr90=' 'sha256-zOJVpbdSYuV1KeKh04uYsnYyneK7qLzkfYDw9h6+0KM=' 'sha256-0Cmn/CPjE7iLtaGEpZ3gIbyK7+T2PCg6t/q0GQ8aurU=' 'sha256-+F7WJt5j0JAyOvITKopxkUbW3zrhfgO/64YUDWNfWV4=' 'sha256-V5fb1zKsLvfOQE+Tz3abD2NIZPMKdQKrZG6116lj62Y=' 'sha256-/R+9/01InyDhaLq1zYqbjyPav2dunvCCN1mHJxx026U=' 'sha256-023g/MYKiNi2UHZqb0fjW4jU0C9zmvXY7ylFFTbQLAs=' 'sha256-9w+aFd0ogU/pVs/M0q0ixKcQLrt524ABSMma2ixZRmA=' 'sha256-uvQd362cMOZMihRdpHDQkkQG005hI1hAULGe/1hrq7A=' 'sha256-RLZndXh1nmE1wrQG6kjO6AGpiyGJTN5t/otHymIj8UA=' 'sha256-ttmSnfQfAQQQiV28ls0mnFkkr+dl0cSWZO+7qlgQV7w=' 'sha256-518pk5SuTHe1wO+qPfs05CALGxGj8b7R9joTeyF3MMg=' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' 'sha256-L7o0i6k/eCHpzpAOuzB6a1giNh7z/X1k47PJmiYdvQU=' 'sha256-W825fE/Hvb52tM7pjSsTCCUHd4OrQn8WZWlv5mkMvH0=' 'sha256-NG/T81UpQPy235gzOlx+p+kYar53BP0KuYmoJ/3cmQ4=' 'sha256-+9nvnUjMPgpsCHqUyccwQCWltJdUnhcoDgKmekMe5r4=' 'sha256-JlKI/jgeMVC9UAc3axGPML/PCKwu8dAnBRUHncXK+cQ=' 'sha256-JlKI/jgeMVC9UAc3axGPML/PCKwu8dAnBRUHncXK+cQ=' 'sha256-kEyA013BpTyUc1nqTJ2W65dz6zCi7DlCTj7xA/MPKm8=' 'sha256-PujGZsFstVNnK7qoVuZjCFKHTUf1KgZQB3e1+nfLypE=' 'sha256-1hphP5UeIPLrdHl0caK+RBjjIf/Nf+NOjngIRgKJNvg=' 'sha256-5opYFwUS510Rvfv27i9fgH/77B6yGcd39Qc2XGu3Sk4=' 'sha256-ZsiO6M6SIFEhZrPiwh4Vky40a3LRcSYYWmT8kYCo+c8=' 'sha256-12Oe5dMRtAenv78D9ewvG6kpwvsYQwe0SEAFh4E3by4=' 'sha256-pKXjbNTq8JR4j0soyNfLkYJiSSsP6kqo5DRo9q4cDXE=' 'sha256-JV3lxBYaKBxEcW9cv7bpM9YrLNCSO2x+5hI319J5VH4=' 'sha256-s1BV33CoxJjYzvmpCjN3WTwdPhNhnco3NW1k5J/YA3o=' 'sha256-7JcAvVdE2sCnsRNg9sUUpEVPc2NLH+qJYzoCeD2nHss=' 'sha256-ehPVrgdV2GwJCE7DAMSg8aCgaSH3TZmA66nZZv8XrTg=' 'sha256-ooG2PlUfrfqVyDZV30w0BK5FwqPKhiPhrYEc3z3R3ow=' 'sha256-5nRGMOmqCmDqDhW/cRGfA1gF0jaDt730ej6AJpe2m9g=' 'sha256-7bwnNunfhUOLCxywkp0xlObo3iqPpAfiCr6IN5IeXCA=' 'sha256-0Pvth24NB2HpvezgdvpJMgDYWi91zp9XQc0lnwVD76I=' 'sha256-VL0W/0a7GGeMu92Qz6/kju/TfhubARqd6hobZ5vR8HM=' 'sha256-G38Y5gB6x7PXV8puXKlJ1t7rV5fLuVPEDLHAb64SY20=' cdn.walkme.com  *.bcbsil.com *.bcbstx.com *.marketo.net *.hcsc.net contentz.mkt922.com healthcareservicecorporation.sc.omtrdc.net resources.digital-cloud-west.medallia.com dx.steelhousemedia.com cdn.decibelinsight.net *.facebook.net *.googleadservices.com bat.bing.com *.googletagmanager.com nexus.ensighten.com *.google-analytics.com js-cdn.dynatrace.com assets.adobedtm.com googleads.g.doubleclick.net gateway.foresee.com dx.steelhousemedia.com *.kampyle.com *.medallia.com *.brightcove.net *.brightcove.com, frame-src 'self' dcpages.bcbsil.com *.mpeasylink.com *.bcbstx.com *.facebook.com hcsc.demdex.net *.brightcove.net *.youtube.com resources.digital-cloud-west.medallia.com healthcareservicecorporation.sc.omtrdc.net *.kampyle.com *.medallia.com *.brightcove.com *.doubleclick.net, frame-ancestors 'self' 1
frame-ancestors https://*.bancoripley.cl https://*.ripley.cl https://*.mouseflow.com 1
default-src 'self';   script-src 'self' 'unsafe-inline' 'unsafe-eval' static.edgeme.sh o13q17nm5qpb.www.filtersfast.com *.brandlock.io static.cloudflareinsights.com ajax.cloudflare.com apis.google.com accounts.google.com svc.webspellchecker.net www.gstatic.com *.ordergroove.com xiecomm.paymetric.com *.paypal.com device.maxmind.com *.googletagmanager.com *.googleadservices.com www.googleadservices.com *.google-analytics.com track.securedvisit.com bat.bing.com filtersfast.resultspage.com *.hawksearch.com d1igp3oop3iho5.cloudfront.net d2yyd1h5u9mauk.cloudfront.net d308xqin24oh7.cloudfront.net connect.facebook.net www.google.com vms.boldchat.com vmss.boldchat.com dev.visualwebsiteoptimizer.com *.convertexperiments.com *.boldchat.com googleads.g.doubleclick.net cdn.attn.tv widget.trustpilot.com b.sli-spark.com www.sc.pages03.net seal.verisign.com www.paypalobjects.com filtersfast.nanorep.co assets.resultspage.com *.fontawesome.com ssl.google-analytics.com d2bp4uhmdjbnf1.cloudfront.net www.googlecommerce.com expressentry.melissadata.net tpc.googlesyndication.com www.dwin1.com *.clarity.ms forms.soundestlink.com cdn.jsdelivr.net google.com static.hotjar.com script.hotjar.com tag.wknd.ai *.bounceexchange.com tracking.voltagesearch.com shop.pe *.shop.pe *.addshoppers.com d3rr3d0n31t48m.cloudfront.net addshoppers.s3.amazonaws.com *.traversedlp.com *.voltn.com wt.rqtrk.eu d2mjzob2nc713b.cloudfront.net tr2.smarterhq.io s.pinimg.com ct.pinterest.com *.signifyd.com;   script-src-elem 'self' 'unsafe-inline' static.edgeme.sh o13q17nm5qpb.www.filtersfast.com *.webspellchecker.net *.brandlock.io static.cloudflareinsights.com ajax.cloudflare.com cdnjs.cloudflare.com apis.google.com accounts.google.com www.gstatic.com svc.webspellchecker.net *.ordergroove.com xiecomm.paymetric.com *.paypal.com device.maxmind.com *.googletagmanager.com *.googleadservices.com www.googleadservices.com *.google-analytics.com track.securedvisit.com bat.bing.com filtersfast.resultspage.com *.hawksearch.com d2yyd1h5u9mauk.cloudfront.net d1igp3oop3iho5.cloudfront.net d308xqin24oh7.cloudfront.net connect.facebook.net www.google.com vms.boldchat.com vmss.boldchat.com dev.visualwebsiteoptimizer.com *.convertexperiments.com *.boldchat.com googleads.g.doubleclick.net cdn.attn.tv widget.trustpilot.com b.sli-spark.com www.sc.pages03.net seal.verisign.com www.paypalobjects.com filtersfast.nanorep.co assets.resultspage.com *.fontawesome.com ssl.google-analytics.com d2bp4uhmdjbnf1.cloudfront.net www.googlecommerce.com expressentry.melissadata.net tpc.googlesyndication.com code.jquery.com www.paypal.com www.dwin1.com *.clarity.ms forms.soundestlink.com cdn.jsdelivr.net google.com static.hotjar.com script.hotjar.com tag.wknd.ai *.bounceexchange.com tracking.voltagesearch.com shop.pe *.shop.pe d3rr3d0n31t48m.cloudfront.net addshoppers.s3.amazonaws.com *.traversedlp.com *.voltn.com wt.rqtrk.eu d2mjzob2nc713b.cloudfront.net tr2.smarterhq.io s.pinimg.com ct.pinterest.com *.signifyd.com;   style-src 'self' 'unsafe-inline' use.typekit.net assets.resultspage.com filtersfast.resultspage.com *.hawksearch.com p.typekit.net fonts.googleapis.com accounts.google.com svc.webspellchecker.net *.ordergroove.com code.jquery.com *.fontawesome.com cdn.jsdelivr.net *.bounceexchange.com *.googletagmanager.com;   style-src-elem 'self' 'unsafe-inline' use.typekit.net svc.webspellchecker.net assets.resultspage.com filtersfast.resultspage.com *.hawksearch.com p.typekit.net fonts.googleapis.com accounts.google.com *.ordergroove.com code.jquery.com *.fontawesome.com cdn.jsdelivr.net *.bounceexchange.com *.googletagmanager.com;   img-src 'self' https://* *.brandlock.io clientinstalls.s3.amazonaws.com s3.amazonaws.com bat.bing.com *.visualwebsiteoptimizer.com www.google.com track.securedvisit.com jumbe.zaius.com www.facebook.com events.attentivemobile.com *.google-analytics.com *.analytics.google.com 4584051c57da007007c6-68efb418da7bd7ec341101e06a5cd8ed.ssl.cf1.rackcdn.com *.ordergroove.com www.filtersfast.com www.shareasale.com b.sli-spark.com googleads.g.doubleclick.net *.googletagmanager.com i.ytimg.com www.pages03.net *.paypal.com filtersfast.resultspage.com *.hawksearch.com assets.resultspage.com *.cdnwidget.com pippio.com data: *.bouncex.net shopper.shop.pe i.liadm.com storage.googleapis.com *.signifyd.com;   font-src 'self' use.typekit.net filtersfast.resultspage.com *.hawksearch.com *.boldchat.com fonts.gstatic.com svc.webspellchecker.net data: *.fontawesome.com script.hotjar.com *.bounceexchange.com;   connect-src 'self' *.edgeme.sh static.edgeme.sh danv01ao0kdr2.cloudfront.net *.brandlock.io *.bounceexchange.com visitor-services.nanorep.com device.maxmind.com *.webspellchecker.net *.boldchat.com websocket.bold360.com wss://websocket.bold360.com filtersfast.nanorep.co *.ordergroove.com *.paypal.com www.facebook.com connect.facebook.net accounts.google.com us-central1-ti-181018.cloudfunctions.net us-central1-tixray.cloudfunctions.net vms.boldchat.com ka-f.fontawesome.com visitor-services.boldchat.com *.google-analytics.com *.visualwebsiteoptimizer.com *.attn.tv *.attentivemobile.com filtersfast.resultspage.com *.hawksearch.com stats.g.doubleclick.net bat.bing.com d-ipv6.mmapiws.com d-ipv4.mmapiws.com *.cdnbasket.net ids.cdnwidget.com pd.cdnwidget.com d1sli6mdgqv6ph.cloudfront.net https://www.google.com adservice.google.com spay.samsung.com *.analytics.google.com analytics.google.com *.typekit.net fonts.gstatic.com 4584051c57da007007c6-68efb418da7bd7ec341101e06a5cd8ed.ssl.cf1.rackcdn.com o13q17nm5qpb.www.filtersfast.com *.clarity.ms forms.soundestlink.com s3.amazonaws.com in.hotjar.com wss://*.hotjar.com *.hotjar.io script.hotjar.com static.hotjar.com google.com *.bouncex.net pagead2.googlesyndication.com shop.pe *.shop.pe d2bp4uhmdjbnf1.cloudfront.net d3rr3d0n31t48m.cloudfront.net addshoppers.s3.amazonaws.com shopper.shop.pe manage.safeopt.com www.googleadservices.com *.googletagmanager.com tag.wknd.ai d1igp3oop3iho5.cloudfront.net d2mjzob2nc713b.cloudfront.net ct.pinterest.com tr2.smarterhq.io *.signifyd.com;   frame-src 'self' danv01ao0kdr2.cloudfront.net d2bp4uhmdjbnf1.cloudfront.net *.webspellchecker.net *.brandlock.io www.youtube-nocookie.com accounts.google.com api.boldchat.com www.google.com *.paypal.com *.ordergroove.com xiecomm.paymetric.com filtersfast.attn.tv creatives.attn.tv widget.trustpilot.com www.facebook.com bid.g.doubleclick.net www.youtube.com forms.monday.com www.paypalobjects.com support.filtersfast.com tpc.googlesyndication.com *.bounceexchange.com td.doubleclick.net nytrng.com static.edgeme.sh ct.pinterest.com;   worker-src 'self' blob:; frame-ancestors 'self' *.ordergroove.com xiecomm.paymetric.com;   object-src 'none';   base-uri 'self';   upgrade-insecure-requests;   form-action 'self' www.facebook.com *.webspellchecker.net 1
frame-ancestors 'self' *.senecacollege.ca *.senecapolytechnic.ca; 1
frame-ancestors 'self' https://*.compressor.io 1
object-src *; base-uri 'self'; 1
default-src 'self'; font-src data: https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud; script-src 'self' https://*.bazaarvoice.com https://*.mm.dm.hu https://app.usercentrics.eu https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.dm.hu https://tags.tiqcdn.com https://www.dm.hu; worker-src 'self' blob:; connect-src  'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.dm.hu https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://coupon-aktionen.dm.de https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omc.dm.hu https://product-based-recos.services.dmtech.com https://products.dm.de https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://signin.dm.hu https://sos-prod.availability.services.dmtech.com https://staedtetour.dm-fb2.de https://storage.googleapis.com/gift-card-builder-emergency-disabled-bucket/ https://cartnext.services.dmtech.com https://products.dm.de https://shopping-list-prod.services.dmtech.com; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud; form-action 'self' https://*.bazaarvoice.com https://checkout.dm.hu https://giftcard-checkout.dm.hu/api/checkout https://signin.dm.hu; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.dm.hu https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://composer.apps.nonprod.gcp.dmtech.cloud https://content-preview.apps.prod.gcp.dmtech.cloud https://d2pqvatijh75rn.cloudfront.net https://d3s22jwy77sx9i.cloudfront.net https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.apps.nonprod.gcp.dmtech.cloud https://*.apps.prod.gcp.dmtech.cloud https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42007 https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.dm.hu https://*.lxprod.ka.de.dm-drogeriemarkt.com https://app.datadoghq.eu https://studio.dm-drogeriemarkt.com; frame-src 'self' https://*.bazaarvoice.com https://*.dm.hu https://*.services.dmtech.com https://app.usercentrics.eu https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://player.podigee-cdn.net https://sandbox.om.dm.de https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.dm.hu https://*.services.dmtech.com https://events.mapbox.com; child-src 'self' blob:; manifest-src 'self'; report-uri /__csp-reports__; upgrade-insecure-requests; 1
frame-src 'self' https://*.contentful.com https://*.youtube.com https://*.facebook.com https://*.tiktok.com https://*.instagram.com https://instagram.com https://*.podcasts.apple.com https://app.netlify.com; style-src 'self' 'unsafe-inline' https://lf16-tiktok-web.ttwstatic.com; frame-ancestors 'self' https://app.contentful.com; report-to https://sweat-public-web-staging.netlify.app/.netlify/functions/__csp-violations 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://selectra.info/report-uri/enforce 1
script-src 'report-sample' 'self'; worker-src 'report-sample' 'self' blob:; style-src 'report-sample' 'self' 'unsafe-inline' 1
default-src 'self' https://register.zammad.com https://zammad.matomo.cloud https://support.zammad.com wss://support.zammad.com; script-src 'self' 'unsafe-inline' https://register.zammad.com https://support.zammad.com https://zammad.matomo.cloud https://cdn.livestorm.co; img-src 'self' https://cdnjs.cloudflare.com https://zammad.matomo.cloud data:; style-src 'self' 'unsafe-inline' data: https://support.zammad.com https://cdn.livestorm.co https://fonts.googleapis.com; base-uri 'self';form-action 'self' https://support.zammad.com; font-src 'self' https://fonts.gstatic.com; frame-src https://app.livestorm.co 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: js-frame: blob: wss: rtrt.me *.rtrt.me *.youtube.com *.googleapis.com *.google.com *.youtube-nocookie.com *.gstatic.com *.ytimg.com *.vimeo.com livestream.com *.livestream.com *.twitter.com *.twimg.com *.facebook.com *.facebook.net *.api.here.com *.hereapi.com *.mapbox.com *.stripe.com https://localhost:* https://127.0.0.1:* 1
font-src fonts.gstatic.com use.typekit.net data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net viewer.byondxr.com cdn.livechatinc.com mediacdn.espssl.com use.fontawesome.com 'self' data: https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com pal-test.adyen.com www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.pinterest.com https://ghirardelli.slgnt.us 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.adyen.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.ehappify.com www.xtento.com *.vimeo.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com offer.slgnt.us vars.hotjar.com *.pepperjamnetwork.com services.listrak.com *.serverdata.net *.livechatinc.com *.lindtusa.com *.russellstover.com *.ghirardelli.com *.weltpixel.com static.ogmystyle.com static2.ogmystyle.com www.mystyleplatform.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://ghirardelli.slgnt.us https://www.paypalobjects.com https://lindtusa.rlvs.co.uk https://optmize.google.com https://www.google.com/ https://ct.pinterest.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.cloudfront.net *.amazonaws.com www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net viewer.byondxr.com s3.us-west-2.amazonaws.com showroom-media.byondxr.com media-optimization-service.byondxr.com *.byondxr.com api.official-deals.co.uk api.official-coupons.com *.adsymptotic.com cdn.livechat-files.com cp.official-coupons.com cookie-cdn.cookiepro.com cp.official-deals.co.uk site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com mediacdn.espssl.com *.clarity.ms *.bing.com *.serverdata.net lindtna.test *.lindtna.test *.livechatinc.com mageside.com *.listrakbi.com www.mystyleplatform.com static.mystyleplatform.com static2.mystyleplatform.com static2.ogmystyle.com mystyleplatform.s3.us-west-2.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com 'self' data: https://www.upsellit.com https://mediacdn.espssl.com/2824/Shared/Modal/chocolate.png https://www.linkedin.com https://*.linkedin.com/ https://px.ads.linkedin.com *.googleadservices.com *.russellstover.com https://www.google-anaytics.com https://www.googletagmanager.com https://optimize.google.com https://bam.nr-data.net *.bazaarvoice.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com *.googleapis.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com www.xtento.com cdn.xtento.com *.pcapredict.com lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.ratepay.com *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com byondxr-viewer.byondxr.com web-apps.byondxr.com www.clarity.ms bat.bing.com *.b2c.com bt.fraud0.com container.pepperjam.com www.googleoptimize.com *.hotjar.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com acsbapp.com cdn.noibu.com www.youtube.com *.upsellit.com *.livechatinc.com *.serverdata.net *.tiktok.com *.listrakbi.com *.listrak.com *.mczbf.com mystyleplatform.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com d203yb14zlmxwn.cloudfront.net cdnjs.cloudflare.com cdn.jsdelivr.net use.fontawesome.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.google.com *.gstatic.com https://www.youtube.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com 'unsafe-inline' https://optimize.google.com 'unsafe-inline' https://www.lindt-spruengli.com/* https://www.lindt-spruengli.com/media/target/VAPI.min.js https://www.lindt-spruengli.com/media/target/at.js https://click2cart.com https://ghirardelli.mycontactcenter.net/ https://pop1-apps.mycontactcenter.net/ https://form.jotform.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com *.amazonaws.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com cloud.typography.com *.serverdata.net *.myfonts.net *.russellstover.com *.listrakbi.com *.listrak.com use.fontawesome.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com unsafe-inline assets.braintreegateway.com tagmanager.google.com *.gstatic.com https://cloud.typography.com 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline' 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.serverdata.net *.livechatinc.com *.listrakbi.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.adyen.com *.googleapis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv *.byondxr.com api.byondxr.com s3.us-west-2.amazonaws.com www.sjwoe.com input.noibu.com wss://input.noibu.com/pv_part in.hotjar.com www.facebook.com *.b2c.com bt.fraud0.com *.revlifter.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us s.pinimg.com snap.licdn.com *.acsbapp.com cdn.noibu.com https://maps.googleapis.com *.clarity.ms *.facebook.com *.serverdata.net *.livechatinc.com api.addressy.com *.listrakbi.com *.mczbf.com *.tiktok.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com t.elasticsuite.io *.google-analytics.com https://cdn.linkedin.oribi.io https://vc.hotjar.io *.ghirardelli.com *.hotjar.io *.bing.com ws.hotjar.com wss://ws.hotjar.com sc-api.click2cart.com https://geolocation.onetrust.com https://bat.bing.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.byondxr.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; base-uri 'self';  manifest-src 'self'; style-src 'self' 'unsafe-inline' https://cdn.openjur.net; script-src 'self' 'nonce-cd599bdfc358cb72b81a578913df0ebb' https://cdn.openjur.net; font-src https://cdn.openjur.net; img-src 'self' https://cdn.openjur.net https://maps.openjur.net; object-src 'self'; connect-src 'self'; 1
frame-ancestors 'self' *.thebluebook.com *.oneteam.build *.construction.com *.dodgedev.com *.dodgeqa.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-fd87bb4028dade4476370212f14c71e9'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
object-src 'self' data: blob: https://*.atende.net https://*.ipm.com.br https://*.nfs-e.net https://seal.digicert.com; block-all-mixed-content; form-action 'self' *.nfs-e.net https://*.ipm.com.br https://*.atende.net https://*.acesso.gov.br; frame-ancestors 'self' https://*.nfs-e.net https://*.ipm.com.br https://*.atende.net https://portalservicos.jucisrs.rs.gov.br; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.collect.igodigital.com *.quora.com *.aa.agkn.com *.accessibilityserver.org *.ad.ipredictive.com *.ads.samba.tv *.ads.stickyadstv.com *.aim-tag.hcn.health https://alcon.widen.net *.okta.com *.alcon-visualisation-frontend.netlify.app *.tremorhub.com *.outbrain.com *.ap.lijit.com *.api.cb7ya-novartisp2-p1-public.model-t.cc.commerce.ondemand.com *.ceros.com *.mapbox.com *.app-alcon-uks-prod.azurewebsites.net *.ara.paa-reporting-advertising.amazon *.assets.pinterest.com *.krxd.net *.serving-sys.com *.c.clarity.ms *.adform.net *.capi.connatix.com *.cdn.intake-lr.com https://cdn.polyfill.io *.ceros-creative-services.s3.amazonaws.com *.cert-xiecomm.paymetric.com *.widencdn.net *.alcon.com *.cloudpages.mc-content.com *.teads.tv *.yahoo.com *.contextual.media.net *.cookie-matching.mediarithmics.com *.crb.kargo.com *.cs.admanmedia.com *.d26b395fwzu5fz.cloudfront.net *.dailies.com *.dotomi.com *.dpm.demdex.net *.ds408e.blob.core.windows.net *.casalemedia.com *.eb2.3lift.com *.ustudio.com *.exchange-match.mediaplex.com *.gstatic.com *.acsitefactory.com *.hb.yahoo.net *.i.ytimg.com *.idsync.live.streamtheworld.com *.idsync.rlcdn.com *.pubmatic.com *.adsrvr.org *.ustudiopages.com *.lciapi.ninthdecimal.com *.loadus.exelator.com *.match.360yield.com *.match.deepintent.com *.match.sharethrough.com *.bootstrapcdn.com *.mc.exacttarget.com *.p1.zemanta.com *.pi.ispot.tv *.pixel.mediaiqdigital.com *.rubiconproject.com *.pixel.zprk.io *.ps.eyeota.net *.public-prod-dspcookiematching.dmxleo.com *.res.cloudinary.com *.rtb-csync.smartadserver.com *.s.ad.smaato.net *.s.yimg.com *.sb.scorecardresearch.com *.secure.assets.tumblr.com *.signinwidget.prod.axon.alconcloud.com *.sync.1rx.io *.sync.bfmio.com *.sync.rfp.fout.jp *.sync.taboola.com *.sync-amazon.ads.yieldmo.com *.t.myvisualiq.net *.tags.bluekai.com *.thrtle.com *.uipglob.semasio.net *.us.ck-ie.com *.us-east.ads.audio.thisisdax.com *.usersync.samplicio.us *.us-u.openx.net *.vf.r3f.technology *.www.fuelcdn.com *.www.imdb.com *.www.medtargetsystem.com *.www.mylenslovequiz.com *.www.youtube.com *.x.bidswitch.net *.yt3.ggpht.com *.googleadservices.com *.mookie1.com *.linkedin.com *.myalcon.com *.lndo.site *.tealiumiq.com *.doubleclick.net *.quantummetric.com *.cookielaw.org *.onetrust.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.unpkg.com *.force.com *.pricespider.com *.userway.org *.tiktok.com *.google.com *.googleapis.com https://tags.tiqcdn.com *.newrelic.com https://bam.nr-data.net *.cloudflare.com *.global.oktacdn.com *.oktacdn.com https://static.addtoany.com view.ceros.com *.fontawesome.com *.cdn.jsdelivr.net code.jquery.com *.salesforceliveagent.com *.logicmonitor.com *.salesforce.com static.lightning.force.com *.snap.licdn.com *.bing.com https://bam-cell.nr-data.net *.g10696554090.co *.contextweb.com *.amazon-adsystem.com https://alcon2018ipo.q4web.com https://api.mmitnetwork.com *.marketingcloudapis.com *.adnxs.com *.trc.lhmos.com https://cdn01.basis.net https://pollenapps.com blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.alcon.com https://cdnjs.cloudflare.com s3-us-west-2.amazonaws.com alcon.my.salesforce.com *.gstatic.com https://xml.alcon.com *.googleapis.com https://cdn.cookielaw.org https://static.addtoany.com https://www.googletagmanager.com *.newrelic.com *.onetrust.com https://bam-cell.nr-data.net https://unpkg.com https://cdn.honey.io service.force.com; img-src 'self' data: *; frame-src 'self' *.mylenslovequiz.com *.adsrvr.org *.pricespider.com *.adsystem.com *.onetrust.com *.addtoany.com *.alcon.com *.ustudio.com https://view.ceros.com https://cdn.quantummetric.com *.doubleclick.net https://aim-tag.hcn.health https://www.medtargetsystem.com https://di.rlcdn.com https://pixel-sync.sitescout.com https://www.surveygizmo.eu/ https://pollenapps.com/ https://alcon.widen.net https://q-identity.myalcon.com https://meetmarlo.com https://alcon-napa.secure.force.com https://q-id.myalcon.com alconbase.alconacsf.acsitefactory.com cloud.email.alcon.com service.force.com; child-src alconbase.alconacsf.acsitefactory.com cloud.email.alcon.com https://api.tiles.mapbox.com https://cdn.pricespider.com blob:; font-src 'self' data: https://fonts.gstatic.com https://t-azmaps.azurelbs.com https://www.slant.co *.onetrust.com *.alcon.com cdnjs.cloudflare.com themes.googleusercontent.com *.github.com https://cdn.pricespider.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://api.tiles.mapbox.com https://trc.lhmos.com https://global.oktacdn.com *.onetrust.com https://unpkg.com https://code.jquery.com *.google-analytics.com https://view.ceros.com *.pricespider.com *.addtoany.com *.jsdelivr.net https://c.amazon-adsystem.com *.cloudflare.com *.quantummetric.com *.tiqcdn.com *.newrelic.com *.doubleclick.net *.cookielaw.org *.googletagmanager.com *.licdn.com *.fontawesome.com https://cdn01.basis.net *.mookie1.com https://aim-tag.hcn.health https://match.deepintent.com *.adsrvr.org *.tiktok.com https://bh.contextweb.com *.facebook.net https://g10696554090.co *.googleadservices.com https://www.clarity.ms https://cdn.polyfill.io https://maps.googleapis.com https://accessibilityserver.org https://cdn.userway.org https://bat.bing.com/  https://bh.contextweb.com https://cdn.quantummetric.com https://analytics.tiktok.com https://c.amazon-adsystem.com *.force.com *.salesforceliveagent.com *.salesforce.com *.myalcon.com blob:; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://api.tiles.mapbox.com *.onetrust.com *.pricespider.com https://unpkg.com https://cdn.honey.io *.alcon.com https://cdnjs.cloudflare.com *.googleapis.com *.amazonaws.com *.force.com customerservice.myalcon.com 1
frame-ancestors 'self' https://localhost:44369 https://www.cornwall.gov.uk https://test2.cornwall.gov.uk https://app-rnd-euw-ccwebsite.azurewebsites.net https://wa-npd-euw-ccwebsite-master.npd-publishing.cc.cornwallonline.net https://wa-npd-euw-ccwebsite-frontend.npd-publishing.cc.cornwallonline.net/ https://wa-prd-euw-ccwebsite-master.publishing.cc.cornwallonline.net https://wa-prd-euw-ccwebsite-frontend.publishing.cc.cornwallonline.net https://train-contact-centre.crm4.dynamics.com https://test-contact-centre.crm4.dynamics.com https://contact-centre.crm4.dynamics.com https://portal-gb.one.network; 1
script-src 'unsafe-inline' 'unsafe-eval' https: blob:;object-src  https://*.albert.cz https://d1ammsvb8n71kb.cloudfront.net; base-uri https://tau.collect.igodigital.com/; upgrade-insecure-requests; frame-ancestors https://*.albert.cz https://*.svc.albert.cz https://d1ammsvb8n71kb.cloudfront.net; 1
default-src 'self' https://*.convertkit.com/ https://*.sumome.com https://sumome.com https://*.clarity.ms/ https://*.solutions  https://*.googletagmanager.com wss://*.hotjar.com https://*.googleapis.com https://*.g.doubleclick.net https://api.hubspot.com https://*.hubspot.com https://*.google.com https://sumo.com https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io; font-src 'self' data: https://fonts.cdnfonts.com https://*.cloudflare.com https://www.tiny.cloud https://*.hotjar.com https://netdna.bootstrapcdn.com https://www.google-analytics.com https://fonts.gstatic.com https://themes.googleusercontent.com https://*.wp.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.sheetjs.com https://*.convertkit.com/ https://*.sumome.com https://www.clarity.ms http://feather.aviary.com https://i.ytimg.com https://www.youtube.com https://optimize.google.com https://sc.lfeeder.com https://*.googleoptimize.com https://*.solutions  https://unpkg.com https://cdn.ckeditor.com  https://mc.us18.list-manage.com https://*.mailchimp.com https://chimpstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.netix.net https://*.hotjar.com https://js.hs-scripts.com https://*.hsleadflows.net https://www.gstatic.com https://js.hs-banner.com https://js.hs-analytics.net https://js.usemessages.com https://js.hscollectedforms.net https://www.reddit.com https://*.facebook.com https://*.pinterest.com https://reddit.com https://api.bufferapp.com https://graph.facebook.com https://www.google.bg https://snap.licdn.com https://load.sumo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://tagmanager.google.com https://*.jquery.com https://*.cloudfront.net https://connect.facebook.net https://www.googletagmanager.com https://*.hotjar.com https://maps.googleapis.com https://www.google-analytics.com https://www.googleanalytics.com https://*.wp.com https://cdnjs.cloudflare.com https://public-api.wordpress.com https://*.gravatar.com; style-src 'self' https://optimize.google.com https://fonts.googleapis.com https://fonts.cdnfonts.com https://cdn.ckeditor.com https://*.mailchimp.com https://*.jsdelivr.net https://netdna.bootstrapcdn.com https://tagmanager.google.com https://www.tiny.cloud https://www.tinymce.com https://*.cloudfront.net https://secure.gravatar.com https://cdnjs.cloudflare.com https://*.gravatar.com 'unsafe-inline' https://www.google-analytics.com https://fonts.googleapis.com; img-src 'self' blob: data: https://*.filekitcdn.com https://*.bing.com https://*.clarity.ms/ https://*.sumome.com https://sumome.com https://optimize.google.com https://tr.lfeeder.com https://*.netix.net https://cdn.ckeditor.com https://mcusercontent.com  https://*.cloudflare.com https://*.hubspotusercontent00.net https://*.hsforms.com https://*.hubspot.com https://*.sumo.com https://*.linkedin.com https://www.google.com https://lh3.googleusercontent.com https://www.googletagmanager.com https://www.google.bg https://www.facebook.com https://www.facebook.com https://*.cloudflare.com https://source.unsplash.com https://secure.gravatar.com https://images.unsplash.com https://*.doubleclick.net https://*.hotjar.com https://maps.googleapis.com https://*.gstatic.com https://www.google-analytics.com; frame-src 'self' https://td.doubleclick.net https://lg.netix.net http://lg.netix.net https://www.google.com https://optimize.google.com https://*.netix.net https://*.hotjar.com https://www.youtube.com https://*.hubspot.com https://secure.gravatar.com https://www.google-analytics.com; object-src 'self' 1
frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://apis.google.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/api2/; 1
img-src 'self' *.commercecloud.salesforce.com data: *.doubleclick.net *.google.se *.google.com *.collect.igodigital.com ct.pinterest.com ib.adnxs.com images.ctfassets.net *.images.ctfassets.net p.yotpo.com zoundindustries--int.sandbox.my.site.com zoundindustries.my.salesforce.com support.adidasheadphones.com yotpo-editor-production.s3.amazonaws.com marshallheadphones-development.improove.tv *.gstatic.com *.analytics.google.com *.google-analytics.com www.google.com maps.googleapis.com maps.google.com cookie-cdn.cookiepro.com *.staging-marshall.com *.marshall.com i.ytimg.com i.vimeocdn.com *.facebook.com www.mczbf.com *.hotjar.com idsync.rlcdn.com ade.googlesyndication.com;media-src assets.ctfassets.net *.assets.ctfassets.net *.akamaized.net player.vimeo.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' 'self' blob: storage.googleapis.com www.googletagmanager.com action.dstillery.com s.pinimg.com connect.facebook.net acdn.adnxs.com static.hotjar.com 100016846.collect.igodigital.com js.adsrvr.org analytics.tiktok.com www.google-analytics.com cookie-cdn.cookiepro.com action.media6degrees.com *.pingdom.net api.cquotient.com staticw2.yotpo.com widgetsrepository.yotpo.com cdn-widgetsrepository.yotpo.com maps.googleapis.com player.vimeo.com *.youtube.com/ *.youtube-nocookie.com/ *.my.salesforce.com service.force.com *.salesforceliveagent.com *.my.site.com static.lightning.force.com www.google.com www.gstatic.com support.adidasheadphones.com zoundindustries--int.sandbox.my.site.com connect.facebook.net www.mczbf.com *.hotjar.com;style-src 'self' 'unsafe-inline' https: staticw2.yotpo.com *.hotjar.com;connect-src 'self' api.cquotient.com *.doubleclick.net *.analytics.google.com analytics.google.com *.google-analytics.com www.google-analytics.com analytics.tiktok.com ct.pinterest.com *.pingdom.net preview.contentful.com cdn.contentful.com staticw2.yotpo.com api.yotpo.com maps.googleapis.com cookie-cdn.cookiepro.com privacyportal.cookiepro.com geolocation.onetrust.com webto.salesforce.com test.salesforce.com *.my.site.com support.adidasheadphones.com vimeo.com/ *.googlesyndication.com www.google.com server-side-tagging-iglp74couq-uc.a.run.app/ zoundindustries--int.sandbox.my.site.com *.hotjar.com *.hotjar.io connect.facebook.net *.facebook.com www.mczbf.com wss://*.hotjar.com;frame-src 'self' *.doubleclick.net insight.adsrvr.org ct.pinterest.com/ player.vimeo.com/ *.youtube.com/ *.youtube-nocookie.com/ *.spotify.com/ *.my.salesforce.com www.google.com *.facebook.com zoundindustries--int.sandbox.my.site.com;frame-ancestors *.contentful.com;upgrade-insecure-requests;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';script-src-attr 'none' 1
default-src 'self' tel: mailto: https://pcmap-dub.netlify.app; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.googletagmanager.com *.quantserve.com *.quantcount.com https://src-daa.webpu.sh tagmanager.google.com *.addthis.com *.addthisedge.com player.vimeo.com sjs.bizographics.com/insight.min.js snap.licdn.com *.onetrust.com external.airport.ai z.moatads.com https://www.youtube.com *.distribusion.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.myfonts.net tagmanager.google.com external.airport.ai *.distribusion.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: external.airport.ai *.distribusion.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.quantserve.com stats.g.doubleclick.net *.google.com *.google.ie px.ads.linkedin.com *.xtremepush.com cx.atdmt.com *.onetrust.com *.googleusercontent.com external.airport.ai *.doubleclick.net *.googletagmanager.com *.linkedin.com; media-src 'self' data: blob:; frame-src 'self' tel: mailto: external.airport.ai https://pcmap-dub.netlify.app https://player.vimeo.com https://www.youtube.com https://afdac.daa.ie *.doubleclick.net afdac.dublinairport.com journeyplanner.transportforireland.ie *.wherewefly.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com https://afdac.daa.ie/ dub.innosked.com *.addthis.com https://complaints-eu.emsbk.com/ external.airport.ai app.sli.do https://pcmap-dub.netlify.app blob:; connect-src 'self' blob: accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://www.facebook.com/tr/ *.xtremepush.com *.onetrust.com stats.g.doubleclick.net external.airport.ai app.sli.do *.google-analytics.com cdn.linkedin.oribi.io *.googletagmanager.com *.linkedin.com *.google.com https://googleads.g.doubleclick.net *.sentry.io *.distribusion.com https://api2.amplitude.com; 1
frame-ancestors 'self' https://narasi.tv; object-src 'none'; upgrade-insecure-requests 1
frame-ancestors self https://signup.buildbox.com http://login-redirect.buildbox.com https://www.surveymonkey.com/r/K3GMYZC https://www.surveymonkey.com/r/QRNB36V https://www.surveymonkey.com 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; style-src * 'unsafe-inline' blob: data:; img-src * blob: data:; font-src * data:; connect-src *; media-src * blob:; object-src *; child-src * blob:; frame-src *; worker-src * blob:; base-uri *; form-action *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.adobedtm.com:443 https://cdnjs.cloudflare.com:443; font-src 'self' https://fonts.gstatic.com:443 https://cdnjs.cloudflare.com:443; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com:443 https://cdnjs.cloudflare.com:443; connect-src 'self' https://dpm.demdex.net:443; frame-src 'self' https://newsquestdigital.demdex.net:443; img-src 'self' https://dpm.demdex.net:443 https://prime-magazine.co.uk:443/assets/images/PrimeLogoOnWhite.jpg https://www.living-magazines.co.uk:443/assets/images/logo.png https://newsquestdigitalmedia.d2.sc.omtrdc.net:443 https://*:443/resources/images/sitelogo 1
default-src *.nic.ch *.nic.li *.switch.ch; style-src 'unsafe-inline' *.nic.ch *.nic.li *.switch.ch; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.nic.ch *.nic.li *.switch.ch; img-src data: *.nic.ch *.nic.li *.switch.ch; object-src 'none'; form-action 'self' *.nic.ch *.nic.li *.switch.ch *.eduid.ch export.highcharts.com; font-src data: *.nic.ch *.nic.li *.switch.ch; frame-ancestors *.nic.ch *.nic.li *.switch.ch; frame-src * 1
default-src 'none'; report-uri /next-external/log/csp/violations; report-to csp-violations; connect-src 'self' wss://www.nordnet.fi https://www.googletagmanager.com https://analytics.nordnet.fi https://cdn.prod.nntech.io https://files.nordnet.fi https://api.prod.nntech.io https://api.test.nntech.io https://experimentation.public.prod.nntech.io https://nordnet.humany.net https://www.google.com https://storage.googleapis.com https://www.recaptcha.net; font-src 'self' https://cdn.prod.nntech.io https://files.nordnet.fi https://nordnet.humany.net; frame-src https://10961666.fls.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://w.soundcloud.com https://embed.acast.com https://link.tink.com https://www.tv2.no https://checkout.trustly.com https://www.recaptcha.net https://t.email.nordnet.fi; img-src 'self' https://www.googletagmanager.com https://analytics.nordnet.fi https://cdn.prod.nntech.io https://files.nordnet.fi data: blob: https://shareville-static.s3.amazonaws.com https://shareville-media.s3.amazonaws.com https://nordnet.humany.net https://humany.blob.core.windows.net https://cdn.tink.se https://images.ctfassets.net https://i.vimeocdn.com https://img.youtube.com https://www.recaptcha.net https://www.gstatic.com https://blogi.nordnet.fi; manifest-src 'self'; media-src https://cdn.prod.nntech.io https://files.nordnet.fi https://videos.ctfassets.net; object-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-2923dc31-0116-4411-83ee-3f64f67f308d' https://analytics.nordnet.fi https://cdn.prod.nntech.io https://files.nordnet.fi https://www.gstatic.com https://www.recaptcha.net; script-src-attr 'none'; style-src 'unsafe-inline' 'self' https://cdn.prod.nntech.io https://files.nordnet.fi https://nordnet.humany.net https://www.gstatic.com; worker-src 'none'; base-uri 'none'; form-action 'self' https://www.shareville.se https://pvu.nets.no https://pvu.avtalegiro.no https://online.alandsbanken.fi https://verkkopankki.danskebank.fi https://verkkomaksu.handelsbanken.fi https://epmt.nordea.fi https://identify.nordea.com https://verkkomaksu.poppankki.fi https://verkkomaksu.saastopankki.fi https://online.s-pankki.fi https://auth.aktia.fi; frame-ancestors https://app.contentful.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.seebestnews.info https://push.seebestnews.info https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://push.seebestnews.info https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz https://push.seebestnews.info ; 1
default-src 'self' 'unsafe-inline' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; img-src 'self' 'unsafe-inline' https: data:; 1
frame-ancestors 'self' *.aejuice.com aejuice.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.googleapis.com https://www.dwin1.com https://*.veinteractive.com https://www.googleadservices.com https://www.zenaps.com https://machinemart.122.2o7.net https://www.youtube.com https://s.ytimg.com https://b.sli-spark.com https://*.criteo.com https://*.google.com https://www.googletagmanager.com https://connect.facebook.net https://www.gstatic.com https://platform.twitter.com https://assets.pinterest.com https://log.pinterest.com https://vimeo.com https://*.dekopay.com https://*.g.doubleclick.net https://*.livechatinc.com https://*.securetrading.net https://*.cardinalcommerce.com https://widget.trustpilot.com https://*.adalyser.com https://lantern.roeyecdn.com https://dccf75d8gej24.cloudfront.net; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://maxcdn.bootstrapcdn.com; img-src 'self' data: https://img.youtube.com https://dccf75d8gej24.cloudfront.net https://csi.gstatic.com https://www.googletagmanager.com https://*.googleapis.com https://maps.gstatic.com https://machinemart.122.2o7.net https://*.veinteractive.com https://www.awin1.com https://e.machinemart.co.uk https://www.zenaps.com https://*.google-analytics.com https://*.analytics.google.com https://b.sli-spark.com https://*.g.doubleclick.net https://www.google.com https://www.google.co.uk https://www.google.ie https://*.gstatic.com https://*.pinterest.com https://s-passets.pinimg.com https://www.facebook.com https://syndication.twitter.com https://i.vimeocdn.com https://a.volvelle.tech https://go.flx1.com https://*.livechatinc.com https://dis.criteo.com https://gum.criteo.com https://pixel.tapad.com https://ads.yahoo.com https://ups.analytics.yahoo.com https://public-prod-dspcookiematching.dmxleo.com https://s.ad.smaato.net https://gum.criteo.com https://sync-criteo.ads.yieldmo.com https://exchange.mediavine.com https://jadserve.postrelease.com https://ads.stickyadstv.com https://visitor.omnitagjs.com https://criteo-sync.teads.tv https://match.sharethrough.com https://contextual.media.net https://x.bidswitch.net https://id5-sync.com https://ad.360yield.com https://sync-t1.taboola.com https://r.casalemedia.com https://simage2.pubmatic.com https://secure.adnxs.com https://eb2.3lift.com https://sync.outbrain.com https://pixel.rubiconproject.com https://c.bing.com https://criteo-partners.tremorhub.com https://i.liadm.com https://e1.emxdgt.com https://sp.analytics.yahoo.com https://beacon.krxd.net https://tags.bluekai.com https://i6.liadm.com https://cdn.stickyadstv.com https://s.thebrighttag.com https://ib.adnxs.com https://rtb-csync.smartadserver.com https://cm.adform.net https://matching.ivitrack.com https://ad.yieldlab.net https://dpm.demdex.net https://ad.doubleclick.net https://adservice.google.com https://*.adalyser.com  https://sync.1rx.io https://sync.targeting.unrulymedia.com https://c1.adform.net https://lantern.roeye.com; font-src 'self' https://cdn.livechatinc.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https://4894704.fls.doubleclick.net https://4735852.fls.doubleclick.net https://*.doubleclick.net https://fledge.eu.criteo.com https://www.googletagmanager.com https://www.googleadservices.com https://*.g.doubleclick.net https://*.google.com https://www.google.co.uk https://f.chtah.com https://ebm.cheetahmail.com https://www.youtube.com https://*.veinteractive.com https://dis.eu.criteo.com https://gum.criteo.com https://s-static.ak.facebook.com https://staticxx.facebook.com https://www.facebook.com https://platform.twitter.com https://assets.pinterest.com https://player.vimeo.com https://syndication.twitter.com https://*.livechatinc.com https://*.securetrading.net https://*.cardinalcommerce.com https://widget.trustpilot.com; connect-src 'self' https://adservice.google.com https://*.veinteractive.com https://vimeo.com https://www.gravatar.com https://*.google-analytics.com https://*.analytics.google.com https://google.com https://pagead2.googlesyndication.com https://measurement-api.criteo.com https://stats.g.doubleclick.net https://log.pinterest.com https://api.livechatinc.com https://maps.googleapis.com https://*.ingest.sentry.io https://*.cardinalcommerce.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com; media-src 'self' https://cdn.livechatinc.com; 1
child-src  www.paypalobjects.com blob: data:; connect-src  brecksredo.cv3admin.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com  *.clarity.ms content.discovercard.com *.searchspring.io *.searchspring.net src.apis.discover.com cdn.acsbapp.com events.attentivemobile.com brecks.attn.tv *.powerreviews.com *.pixlee.com *.sharethis.com brecks-ca.attn.tv events.attentivemobile.com s.yimg.com *.crazyegg.com www.brecks.com *.google.com app.leadsrx.com assets-www.facebook.com sslwidget.criteo.com maps.googleapis.com *.criteo.com *.crazyegg.com app.leadsrx.com *.google.com gardensalive.force.com *.pingdom.net www.facebook.com *.acsbapp.com acsbapp.com web1.acsbapp.com www.googletagmanager.com gaorder.gardensalive.com *.pixlee.co geoip-js.com www.facebook.com *.bizrate.com bcp.crwdcntrl.net brecksredo.cv3admin.com 2mdtgz.a.searchspring.io google.com gardensalive.my.site.com api.cloudinary.com *.omnichannelengagementhub.com pagead2.googlesyndication.com online.flippingbook.com *.flippingbook.com gardensalive.attn.tv ct.pinterest.com *.cookieyes.com https://cdn-cookieyes.com; default-src  h2.commercev3.net/cdn.brecks.com/ cdn.brecks.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com blob: data:; font-src  brecksredo.cv3admin.com h2.commercev3.net/cdn.brecks.com/ cdn.brecks.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data: acsbapp.com www.brecks.com; form-action  www.facebook.com www.paypal.com checkout.sezzle.com www.brecks.com *.salesforce.com brecksredo.cv3admin.com; frame-src  *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com content.discovercard.com h.online-metrix.net src.mastercard.com secure.checkout.visa.com srcdcf.americanexpress.com gum.criteo.com *.sharethis.com lpcdn.lpsnmedia.net photos.pixlee.co ct.pinterest.com creatives.attn.tv static.criteo.net service.force.com tpc.googlesyndication.com secure.trust-provider.com www.googletagmanager.com *.pixlee.com catalog.brecks.com gardensalive.my.salesforce.com gumi.criteo.com t.pepperjamnetwork.com optimize.google.com *.azureedge.net fledge.us.criteo.com *.flippingbook.com https://cdn-cookieyes.com; frame-ancestors  www.brecks.com https://springhillsandbox.myshopify.com https://bits-us.myshopify.com/; img-src  h2.commercev3.net/cdn.brecks.com/ cdn.brecks.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ s3.amazonaws.com *.doubleclick.net *.bing.com *.paypal.com *.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com  2ol9uikbcyevqtdg2z3tej7kpah7xfzeg5wsi7qv4dd33981a058e384sac.d.aa.online-metrix.net x.bidswitch.net matching.ivitrack.com i.liadm.com idsync.rlcdn.com sync-criteo.ads.yieldmo.com ad.tpmn.co.kr tapestry.tapad.com trends.revcontent.com jadserve.postrelease.com gum.criteo.com visitor.omnitagjs.com tg.socdm.com ad.yieldlab.net ups.analytics.yahoo.com eb2.3lift.com criteo-sync.teads.tv sync-t1.taboola.com exchange.mediavine.com simage2.pubmatic.com pixel.rubiconproject.com contextual.media.net rtb-csync.smartadserver.com match.sharethrough.com ade.clmbtech.com sync.outbrain.com content.discovercard.com www.pages08.net ads.avocet.io brecksredo.cv3admin.com assets.secure.checkout.visa.com d3cgm8py10hi0z.cloudfront.net *.powerreviews.com ib.adnxs.com partner.mediawallahscript.com ad.360yield.com r.casalemedia.com criteo-partners.tremorhub.com s.ad.smaato.net assets.pixlee.com *.searchspring.io brecksca.cv3admin.com sp.analytics.yahoo.com www.brecks.com *.online-metrix.net secure.trust-provider.com *.clarity.ms res.cloudinary.com brecks.attn.tv *.google.com *.sharethis.com assets.pxlecdn.com *.gstatic.com ads.avct.cloud id.rlcdn.com sync.search.spotxchange.com ws.rqtrk.eu *.criteo.com tags.bluekai.com dpm.demdex.net aa.agkn.com *.acsbapp.com dsum.casalemedia.com www.google.co.in events.attentivemobile.com *.searchspring.net h2.commercev3.net sync.aralego.com cs.adingo.jp adx.dable.io adgen.socdm.com *.bizrate.com www.google.com blog.brecks.com brecks.com *.flippingbook.com *.cloudfront.net https://cdn-cookieyes.com; script-src  h2.commercev3.net/cdn.brecks.com/ cdn.brecks.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ content.discovercard.com h.online-metrix.net *.searchspring.net *.clarity.ms src.mastercard.com webapp.src.discover.com secure.checkout.visa.com www.aexp-static.com cdn.attn.tv s.pinimg.com static.criteo.net tag.measured.com dynamic.criteo.com container.pepperjam.com www.google.com brecksredo.cv3admin.com ajax.aspnetcdn.com js.maxmind.com acsbapp.com api.universalcookie.com assets.secure.checkout.visa.com sslwidget.criteo.com *.criteo.com *.salesforceliveagent.com www.sc.pages08.net va.v.liveperson.net mpsnare.iesnare.com assets.pixlee.com *.sharethis.com  lpcdn.lpsnmedia.net assets.pxlecdn.com accdn.lpsnmedia.net lptag.liveperson.net www.googleoptimize.com brecksca.cv3admin.com ajax.aspnetcdn.com cdn.attn.tv www.clarity.ms api.universalcookie.com s.yimg.com www.googleoptimize.com garecommend.gardensalive.com www.google.com  service.force.com *.crazyegg.com secure.trust-provider.com dnn506yrbagrg.cloudfront.net css3-mediaqueries-js.googlecode.com app.leadsrx.com tpc.googlesyndication.com *.pingdom.net gardensalive.force.com gardensalive.my.salesforce.com static.lightning.force.com maps.googleapis.com view.publitas.com widget.us.criteo.com www.google.co.in *.bizrate.com secure.comodo.net optimize.google.com google-analytics.com gardensalive.my.site.com cdnjs.cloudflare.com *.searchspring.io s3.amazonaws.com *.cnnx.link *.azureedge.net ct.pinterest.com online.flippingbook.com *.cloudfront.net *.pcapredict.com secure.comodo.com https://cdn-cookieyes.com; script-src-elem  h2.commercev3.net/cdn.brecks.com/ cdn.brecks.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ content.discovercard.com h.online-metrix.net *.searchspring.net *.clarity.ms src.mastercard.com webapp.src.discover.com secure.checkout.visa.com www.aexp-static.com cdn.attn.tv s.pinimg.com static.criteo.net tag.measured.com dynamic.criteo.com container.pepperjam.com www.google.com brecksredo.cv3admin.com ajax.aspnetcdn.com js.maxmind.com acsbapp.com api.universalcookie.com assets.secure.checkout.visa.com sslwidget.criteo.com *.criteo.com *.salesforceliveagent.com www.sc.pages08.net va.v.liveperson.net mpsnare.iesnare.com assets.pixlee.com *.sharethis.com  lpcdn.lpsnmedia.net assets.pxlecdn.com accdn.lpsnmedia.net lptag.liveperson.net www.googleoptimize.com brecksca.cv3admin.com ajax.aspnetcdn.com cdn.attn.tv www.clarity.ms api.universalcookie.com s.yimg.com www.googleoptimize.com garecommend.gardensalive.com www.google.com  service.force.com *.crazyegg.com secure.trust-provider.com dnn506yrbagrg.cloudfront.net css3-mediaqueries-js.googlecode.com app.leadsrx.com tpc.googlesyndication.com *.pingdom.net gardensalive.force.com gardensalive.my.salesforce.com static.lightning.force.com maps.googleapis.com view.publitas.com widget.us.criteo.com www.google.co.in *.bizrate.com secure.comodo.net optimize.google.com google-analytics.com gardensalive.my.site.com cdnjs.cloudflare.com *.searchspring.io s3.amazonaws.com *.cnnx.link *.azureedge.net ct.pinterest.com online.flippingbook.com *.cloudfront.net *.pcapredict.com secure.comodo.com https://cdn-cookieyes.com; style-src  h2.commercev3.net/cdn.brecks.com/ cdn.brecks.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com  cdn.searchspring.net brecksredo.cv3admin.com ajax.googleapis.com *.sharethis.com brecksca.cv3admin.com  service.force.com gardensalive.force.com gardensalive.my.salesforce.com *.bizrate.com www.googletagmanager.com *.bizrate.com optimize.google.com gardensalive.my.site.com s3.amazonaws.com *.azureedge.net https://cdn-cookieyes.com; style-src-elem  h2.commercev3.net/cdn.brecks.com/ cdn.brecks.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com  cdn.searchspring.net brecksredo.cv3admin.com ajax.googleapis.com *.sharethis.com brecksca.cv3admin.com  service.force.com gardensalive.force.com gardensalive.my.salesforce.com *.bizrate.com www.googletagmanager.com *.bizrate.com optimize.google.com gardensalive.my.site.com s3.amazonaws.com *.azureedge.net https://cdn-cookieyes.com; style-src-attr  'unsafe-inline'; media-src  brecksredo.cv3admin.com h2.commercev3.net/cdn.brecks.com/ cdn.brecks.com www.bing.com www.brecks.com *.acsbapp.com acsbapp.com; 1
default-src 'self' *.uqu.edu.sa *.google.com *.googleapis.com *.google-analytics.com *.gstatic.com *.youtube.com *.twitter.com 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' *.uqu.edu.sa *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.twimg.com *.flagcounter.com data: blob: https: 1
default-src 'self';style-src 'sha256-bRIC1UNpYqqAzgwcakOLqIg004Qdvc0Lbp76JnSAcWc=' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline'      *.sub2tech.com       *.googleoptimize.com       googleoptimize.com       *.fanplayr.com       *.cloudfront.net        *.tealiumiq.com         *.consentric.io       *.facebook.net        *.bing.com       *.google-analytics.com        sc-static.net       paperplaneslive.com       *.usabilla.com       klick2contact.com        *.reciteme.com       *.visualwebsiteoptimizer.com         *.googletagmanager.com       *.googleapis.com       *.syndication.twimg.com       *.google.com       *.gstatic.com       *.twitter.com       *.tiqcdn.com       *.pcapredict.com       *.jsdelivr.net       *.consentric.io       *.postcodeanywhere.co.uk       *.cloudflare.com       sc-static.net        *.ex.co       *.imrworldwide.com       *.googleadservices.com       *.doubleclick.net       *.tdbtrk.com       *.eckoh.uk       *.truste.com       *.trustarc.com       *.zpbt.uk       *.instagram.com       *.ttwstatic.com       *.tiktok.com       *.klick2contact.com                  *.clarity.ms       *.redditstatic.com       *.nextdoor.com      *.ads-twitter.com       js.adsrvr.org ;              style-src 'self' 'unsafe-inline'         klick2contact.com       *.cloudfront.net       *.googleoptimize.com       googleoptimize.com       *.reciteme.com       *.consentric.io       *.eckoh.uk       *.bing.com       *.sub2tech.com       *.cloudflare.com       *.bootstrapcdn.com       *.googleapis.com       *.twitter.com       klick2contact.com       *.google.com       *.truste.com       *.trustarc.com       *.postcodeanywhere.co.uk       *.zpbt.uk       *.instagram.com       *.ttwstatic.com       *.tiktok.com        *.fanplayr.com       *.redditstatic.com       *.googletagmanager.com       *.nextdoor.com      *.ads-twitter.com         font-src 'self'            *.cloudfront.net       *.reciteme.com       *.bootstrapcdn.com       *.googleoptimize.com       googleoptimize.com       *.google.com       *.bing.com       *.gstatic.com       klick2contact.com       *.sub2tech.com       *.cloudflare.com       *.googleapis.com       *.twitter.com       *.truste.com        *.trustarc.com       *.zpbt.uk       *.instagram.com       *.ttwstatic.com       *.tiktok.com        *.fanplayr.com       *.redditstatic.com       *.googletagmanager.com       *.nextdoor.com      *.ads-twitter.com ;             object-src 'none' 1
default-src 'self'; base-uri 'self'; connect-src 'self' https://*.cludo.com https://*.google-analytics.com wss://*.surreycc.gov.uk; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com; form-action 'self' https://*.surreycc.gov.uk; frame-ancestors 'self'; img-src 'self' data: https://customer.cludo.com https://*.google-analytics.com https://*.googleapis.com https://*.siteimprove.com https://465884.global.siteimproveanalytics.io https://*.surreycc.gov.uk; media-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://customer.cludo.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://siteimproveanalytics.com https://*.surreycc.gov.uk https://prodstaticresources.blob.core.windows.net; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://customer.cludo.com https://fonts.googleapis.com https://*.googletagmanager.com https://cdn.jsdelivr.net https://*.surreycc.gov.uk https://prodstaticresources.blob.core.windows.net; report-uri https://surrey.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.millerslab.com 1
default-src 'self' auth.spectrumtoolbox.com guard.spectrumtoolbox.com collector.pi.spectrum.net collector.pi-charter.net;script-src 'self' 'unsafe-inline';img-src 'self' data:;style-src 'self' 'unsafe-inline';frame-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
frame-ancestors 'self' *.muse.ai 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.digital.nuance.com mkt-api.tatrabanka.sk www.googletagmanager.com *.luigisbox.com www.google-analytics.com *.google.com *.facebook.net track.adform.net *.hotjar.com googleads.g.doubleclick.net *.youtube.com www.gstatic.com websdk.appsflyer.com t.leady.com www.googleadservices.com s2.adform.net *.cloudfront.net *.raiffeisen.sk *.googleapis.com *.cdnjs.cloudflare.com *.jsdelivr.net *.jquery.com *.tatrabanka.sk *.zscaler.net *.mouseflow.com 1
frame-ancestors 'self' *.a-trust.at *.handy-signatur.at a-trust.at handy-signatur.at *.a-trust.de a-trust.de *.a-trust-tse.de a-trust-tse.de; 1
frame-ancestors 'none'; upgrade-insecure-requests ; report-uri https://sentry.services.dkms.org/api/6/security/?sentry_key=5746df48c2bc47349567ad881277c754; default-src 'self' https:; style-src 'self' 'unsafe-inline' *.googleapis.com *.piwik.pro; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dkmscdn.net *.piwik.pro *.googleapis.com https://app.addsearch.com https://connect.facebook.net https://www.facebook.com/signals/iwl.js https://www.googletagmanager.com https://googleads.g.doubleclick.net https://apis.google.com https://www.google.com/pagead/ https://www.google.de/pagead/ https://www.googleadservices.com https://pagead2.googlesyndication.com; connect-src 'self' *.kc-usercontent.com *.addsearch.com https://d20vwa69zln1wj.cloudfront.net *.piwik.pro *.googleapis.com *.ingest.sentry.io https://sentry.services.dkms.org https://graph.facebook.com https://www.facebook.com/tr www.google.com https://www.google.com https://google.com https://adservice.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com *.dkms.de; img-src 'self' data: *.dkmscdn.net https://d20vwa69zln1wj.cloudfront.net *.kc-usercontent.com *.piwik.pro *.gstatic.com *.googleapis.com *.ytimg.com https://www.facebook.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://adservice.google.com/pagead/ https://www.googleadservices.com https://www.googletagmanager.com https://www.google.com/pagead/ https://www.google.de/pagead/ https://www.google.co.in/pagead/ https://www.google.pl/pagead/ https://www.google.co.uk/pagead/ https://www.google.co.za/pagead/ https://www.google.cl/pagead/; font-src 'self' data: *.gstatic.com *.piwik.pro; frame-src 'self' *.dkmscdn.net *.youtube-nocookie.com *.piwik.pro https://player.vimeo.com https://e.issuu.com https://open.spotify.com https://www.facebook.com https://td.doubleclick.net; object-src 'none'; form-action 'self' https://www.facebook.com/tr; 1
frame-ancestors *.nyrabets.com *.nyra.com *.belmontstakes.com *.cfdv.net http://*.cfdv.net *.localhost http://*.localhost *.cloudflare.com 'self'; report-uri https://www.nyrabets.com/CSP/LogCSPViolation.ashx 1
upgrade-insecure-requests; default-src https 1
script-src 'self' https://chat.seznam.cz https://*.hit.gemius.pl https://www.stream.cz/static/embed/ https://h.seznam.cz https://c.imedia.cz; report-uri /cspreport; 1
frame-ancestors 'self' https://empresarial.bbva.mx; 1
default-src * 'unsafe-inline' data: blob: ipfs:; frame-ancestors 'self' https://gnosis-safe.io https://dev.gnosis-safe.io https://app.safe.global https://platform.apps.ledger.com https://dapp-browser.apps.ledger.com filesystem:; 1
default-src 'self' data:      https://*.gobank.com      https://*.typekit.net      https://*.typekit.com      https://*.vimeo.com      https://vimeo.com      https://secure.greendot.com      http://*.trustarc.com               https://*.trustarc.com      http://*.truste.com              https://*.truste.com      https://*.doubleclick.net                     http://*.googleadservices.com m                     https://*.googleadservices.com m               https://*.google-analytics.com                     http://*.google-analytics.com                http://*.googletagmanager.co                   https://*.googletagmanager.com       https://*.go2bankonline.com;        img-src 'self' data:      https://*.google-analytics.com      https://*.doubleclick.net      https://*.typekit.net      https://*.gobank.com      https://ds.reson8.com      https://*.go2bankonline.com      http://*.trustarc.com                https://*.trustarc.com      http://*.truste.com              https://*.truste.com               http://*.googletagmanager.com               https://*.googletagmanager.com      https://secure.greendot.com;       child-src 'self'      https://*.google.com      https://*.cdn-gdc.com      http://*.trustarc.com               https://*.trustarc.com      http://*.truste.com              https://*.truste.com               http://*.googletagmanager.com               https://*.googletagmanager.com      https://player.vimeo.com;       style-src 'self' 'unsafe-inline' 'unsafe-eval'      https://*.gobank.com      https://*.typekit.com      https://*.go2bankonline.com      http://*.trustarc.com               https://*.trustarc.com      http://*.truste.com              https://*.truste.com               http://*.googletagmanager.com               https://*.googletagmanager.com      https://*.typekit.net;       script-src 'self' 'unsafe-inline' 'unsafe-eval'      https://*.gobank.com      https://*.typekit.com      https://*.typekit.net      http://*.trustarc.com               https://*.trustarc.com      http://*.truste.com              https://*.truste.com               http://*.googletagmanager.com               https://*.googletagmanager.com      https://*.google-analytics.com      https://*.googleapis.com      https://*.googleadservices.com      https://*.tt.omtrdc.net      https://*.vimeo.com      https://secure.greendot.com      https://*.go2bankonline.com      https://websdk.ujet.co;       font-src 'self' data:               http://*.trustarc.com               https://*.trustarc.com      http://*.truste.com              https://*.truste.com      https://*.typekit.com      https://*.typekit.net;       frame-src               http://*.trustarc.com               https://*.trustarc.com      http://*.truste.com              https://*.truste.com      https://websdk.ujet.co;                 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://scan.coverity.com;font-src 'self' data:;connect-src 'self';media-src 'self' data: blob:;frame-ancestors 'self';worker-src 'self' blob:;form-action 'self' 1
default-src 'unsafe-inline' 'unsafe-eval' file: data: blob: filesystem: wss: * 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.kdo.de; style-src 'self' *.kdo.de 'unsafe-inline'; connect-src 'self' *.kdo.de; img-src 'self' *.kdo.de *.openstreetmap.org data:; worker-src blob:; 1
default-src https: 'self' *.motive.co; img-src https: 'self' data: *.motive.co; style-src https: 'self' 'unsafe-inline' *.motive.co; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.motive.co 1
default-src 'self' https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-inline' data: https://bat.bing.com https://analytics.tiktok.com https://paywithmybank.com https://www.redditstatic.com https://stats.g.doubleclick.net https://az620379.vo.msecnd.net https://cdn.taboola.com https://browser.sentry-cdn.com https://*.highcharts.com https://code.jquery.com https://ajax.aspnetcdn.com https://www.google.com https://www.gstatic.com https://disqus.com predictit.disqus.com https://c.disquscdn.com www.googletagmanager.com https://platform.twitter.com https://cdn.syndication.twimg.com https://*.firebaseio.com https://www.googleadservices.com https://www.google-analytics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://tagmanager.google.com https://www.youtube.com https://s.ytimg.com https://browser.sentry-cdn.com https://*.optimove.net https://gateway.optimove.events; style-src 'self' 'unsafe-inline' https://az620379.vo.msecnd.net https://fonts.googleapis.com https://c.disquscdn.com https://platform.twitter.com https://ton.twimg.com https://tagmanager.google.com; font-src 'self' data: https://az620379.vo.msecnd.net https://fonts.gstatic.com https://tagmanager.google.com; img-src 'self' 'unsafe-eval' data: https://*; connect-src 'self' https://analytics.tiktok.com https://stats.g.doubleclick.net wss://*.firebaseio.com https://*.services.disqus.com wss://*.predictit.org https://hub.predictit.org https://fcm.googleapis.com https://www.google-analytics.com https://www.facebook.com https://sentry.io https://*.optimove.net https://gateway.optimove.events; frame-src 'self' https://paywithmybank.com https://embed.podcasts.apple.com https://news.predictit.org https://*.libsyn.com https://*.firebaseio.com https://disqus.com https://*.twitter.com https://bid.g.doubleclick.net https://predictit.freshdesk.com https://analysis.predictit.org https://www.youtube.com https://www.google.com https://*.soundcloud.com https://widgets.itunes.apple.com https://www.facebook.com; frame-ancestors 'self'; media-src https://aristotle.com; 1
default-src 'self'; media-src 'self' *.widen.net; img-src 'self' *.transinfo.com.au *.widen.net *.widencdn.net *.google.com *.google-analytics.com jnn-pa.googleapis.com fonts.googleapis.com maps.googleapis.com *.gstatic.com *.googletagmanager.com *.hotjar.com *.tableau.com data: *.clarity.ms *.niceincontact.com; connect-src 'self' *.azure.com *.google.com maps.googleapis.com *.transinfo.com.au *.translink.com.au *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.mapbox.com *.nr-data.net *.clarity.ms *.niceincontact.com wss://*.niceincontact.com; frame-src 'self' *.transinfo.com.au *.hotjar.com youtube.com *.youtube.com *.tableau.com *.office.com *.microsoftonline.com *.qld.gov.au *.niceincontact.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googletagmanager.com jnn-pa.googleapis.com fonts.googleapis.com maps.googleapis.com *.google-analytics.com *.cloudflare.com *.transinfo.com.au *.azure.com *.hotjar.com *.tableau.com *.mapbox.com *.gstatic.com *.qld.gov.au *.newrelic.com *.nr-data.net *.clarity.ms *.niceincontact.com unpkg.com/web-vitals/dist/web-vitals.iife.js; style-src 'self' 'unsafe-inline' jnn-pa.googleapis.com fonts.googleapis.com maps.googleapis.com maxcdn.bootstrapcdn.com *.transinfo.com.au *.hotjar.com hotjar.com *.cloudflare.com *.mapbox.com *.gstatic.com *.clarity.ms *.qld.gov.au *.newrelic.com *.nr-data.net *.niceincontact.com; font-src 'self' 'unsafe-inline' jnn-pa.googleapis.com fonts.googleapis.com maps.googleapis.com maxcdn.bootstrapcdn.com *.transinfo.com.au *.hotjar.com hotjar.com *.cloudflare.com *.mapbox.com *.gstatic.com *.niceincontact.com data: *.niceincontact.com; frame-ancestors 'self' *.transinfo.com.au fonts.gstatic.com maxcdn.bootstrapcdn.com *.hotjar.com *.cloudflare.com; object-src none; child-src blob:; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://player.vimeo.com https://isitetv.com https://ln-rules.rewardstyle.com https://wb.messengerpeople.com https://*.recaptcha.net https://vars.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://www.shoplooks.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://beacon.rum.dynapis.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://*.contentsquare.net https://*.criteo.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.hqhair.com https://m.hqhair.com https://checkout.hqhair.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://*.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://dyn-beacon.akamaized.net https://ln-rules.rewardstyle.com https://*.recaptcha.net https://*.akamaihd.net https://*.sciencebehindecommerce.com https://www.gstatic.cn https://*.shoplooks.com https://slooks.top https://slooks.me https://static.hotjar.com https://script.hotjar.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://dns-shop.kz https://*.dns-shop.kz https://*.dns-shop.ru https://chat.dns-shop.kz:8080 https://cdn.retailrocket.ru https://*.retailrocket.net https://*.retailrocket.ru https://*.yadro.ru https://webvisor.com https://bs.yandex.ru https://yandex.ru https://mc.yandex.ru https://metrika.yandex.ru https://yastatic.net https://*.yandex.st https://yandex.st https://awaps.yandex.ru https://reviewthree.com/ https://widget.cloudpayments.ru/  https://*.maps.yandex.net https://google-analytics.com https://analytics.tiktok.com https://*.google-analytics.com https://googleadservices.com https://*.googleadservices.com https://*.google.ru https://google.ru https://*.google.com https://google.com https://google.ie https://*.google.ie  https://gstatic.com https://*.gstatic.com https://www.googletagmanager.com/ https://www.youtube.com/ https://youtube.com/ https://content.24ttl.stream  https://doubleclick.net https://*.ok.ru https://ok.ru https://*.mail.ru https://mail.ru https://vk.com https://*.vk.me https://*.mycdn.me https://mycdn.me https://begun.ru https://*.begun.ru https://vsegda-da.com https://newrelic.com https://*.newrelic.com https://bam.nr-data.net https://static.criteo.net https://sslwidget.criteo.com/ https://dis.eu.criteo.com/dis/ https://eu-sonar.sociomantic.com/  https://logo.flixfacts.co.uk/ https://media.flixsyndication.net/ https://*.flix360.com/ https://assets.delvenetworks.com/ https://s.delvenetworks.com/ https://dev-origin.flixsyndication.net/ https://d2m3ikv8mpgiy8.cloudfront.net/ https://d3nkfb7815bs43.cloudfront.net/ https://d15mv1adrb1s6e.cloudfront.net/ https://www.lg.com/ https://*.webcollage.net https://content.syndigo.com  https://ams.creativecdn.com/ https://i.s-microsoft.com/ https://cdn.ampproject.org/ https://s7.addthis.com/ https://m.addthisedge.com/ https://m.addthis.com/ https://bot.aimylogic.com/ https://fonts.googleapis.com https://cdn.diginetica.net/ https://tracking.diginetica.net/ https://connect.facebook.net/ https://zingaya.com/widget/ https://d1bvayotk7lhk7.cloudfront.net https://creativecdn.com/  https://ssl.p.jwpcdn.com/ intent://arvr.google.com https://*.doubleclick.net https://api-maps.yandex.ru https://maps.yandex.net  https://assets-jpcust.jwpsrv.com/ https://www.youtube.ru/ https://youtube.ru/ https://s.ytimg.com/ https://*.go-mpulse.net/ https://gum.criteo.com/ https://media.flixfacts.com/ https://media.flixcar.com https://content.jwplatform.com/ https://media.pointandplace.com/ https://player.pointandplace.com/  https://suggest-maps.yandex.ru https://*.flix360.io/ https://api-abtesting.flix360.io/  https://cart-service.sc-k8s.dns-shop.kz/ http://cart-service.kz-k8s.dns-shop.kz/ https://cart-service.dns-shop.kz/ ; img-src 'self' data: https:; font-src 'self' data: https:; media-src blob: https://media.flixcar.com/ https://*.webcollage.net/ https://content.24ttl.stream/; connect-src 'self' https://*.dns-shop.kz https://*.dns-shop.ru https://*.retailrocket.net https://*.retailrocket.ru https://ohio8.vchecks.me https://hls-jp.jwpsrv.com/ https://content.jwplatform.com/ https://mc.yandex.ru/ https://www.google-analytics.com/ https://*.mtproxy.yandex.net/ https://bam.nr-data.net https://api.retailrocket.net https://api.retailrocket.ru https://content.syndigo.com/ https://google-analytics.bi.owox.com/ https://api-maps.yandex.ru/ https://content.24ttl.stream/  https://stats.g.doubleclick.net/ https://www.google.com/ads/ https://m.addthis.com/live/red_lojson/ https://s7.addthis.com/l10n/ https://top-fwz1.mail.ru/ https://bot.aimylogic.com/restapi/ wss://chat.dns-shop.ru https://chat.dns-shop.ru https://e-shop.homecredit.ru https://media.pointandplace.com/ https://media.flixcar.com/ https://autocomplete.diginetica.net/ https://www.facebook.com/tr/  https://firebaseinstallations.googleapis.com/ https://fcmregistrations.googleapis.com/ https://api-abtesting.flix360.io/  http://cart-service.sc-k8s.dns-shop.kz/ https://cart-service.dns-shop.kz/ https://app-terminal-future.dns-shop.kz/ https://suggest-maps.yandex.ru ; frame-src 'self' intent: https://e-shop.homecredit.ru https://*.fls.doubleclick.net/ https://club.dns-shop.ru https://eu-sonar.sociomantic.com/ https://reviewthree.com/ https://media.flixfacts.com/ https://media.flixcar.com/ https://d3nkfb7815bs43.cloudfront.net/ https://gstatic.com https://www.google.com https://optimize.google.com https://ftp.dexp.club/ https://widget.cloudpayments.ru/ https://content.24ttl.stream/  https://www.facebook.com/ intent://arvr.google.com https://d15mv1adrb1s6e.cloudfront.net/ https://media.pointandplace.com/ https://media.flixcar.com/ https://media.flixfacts.com/ https://media.flixsyndication.net/ https://*.flix360.com/ https://ftp.dns-shop.ru/ https://www.youtube.com https://api-maps.yandex.ru/ https://d3np41mctoibfu.cloudfront.net/ https://content.jwplatform.com https://assets-jpcust.jwpsrv.com/ https://ssl.p.jwpcdn.com/ https://d2m3ikv8mpgiy8.cloudfront.net/ https://player.pointandplace.com/  https://t.pointandplace.com/  https://t.flix360.com/ https://Syndication.flix360.com/ https://*.flix360.io/ https://api-abtesting.flix360.io/; worker-src blob: https://dns-shop.ru https://*.dns-shop.ru 1
default-src 'self' 'unsafe-inline'; connect-src analytics.google.com www.google-analytics.com stats.g.doubleclick.net 'self'; script-src 'unsafe-inline' *.googletagmanager.com *.google-analytics.com stats.g.doubleclick.net 'self'; img-src *.google-analytics.com www.google.com www.google.co.jp 'self' 1
default-src 'self' exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com client-registry.mutinycdn.com api-v2.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk go.pardot.com ws.zoominfo.com ingesteer.services-prod.nsvcs.net js.chilipiper.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com client-registry.mutinycdn.com api-v2.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk go.pardot.com ws.zoominfo.com ingesteer.services-prod.nsvcs.net js.chilipiper.com; worker-src 'self' blob: exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com client-registry.mutinycdn.com api-v2.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk go.pardot.com ws.zoominfo.com ingesteer.services-prod.nsvcs.net js.chilipiper.com; img-src 'self' exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com client-registry.mutinycdn.com api-v2.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk go.pardot.com ws.zoominfo.com ingesteer.services-prod.nsvcs.net js.chilipiper.com data: blob:; font-src 'self' a.storyblok.com maxcdn.bootstrapcdn.com data:; media-src 'self' exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com client-registry.mutinycdn.com api-v2.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk go.pardot.com ws.zoominfo.com ingesteer.services-prod.nsvcs.net js.chilipiper.com data:; object-src 'none'; frame-ancestors 'self' exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com client-registry.mutinycdn.com api-v2.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk go.pardot.com ws.zoominfo.com ingesteer.services-prod.nsvcs.net js.chilipiper.com; connect-src 'self' https://www.gstatic.com/ exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com client-registry.mutinycdn.com api-v2.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk go.pardot.com ws.zoominfo.com ingesteer.services-prod.nsvcs.net js.chilipiper.com blob: data:; child-src 'self' blob: exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com client-registry.mutinycdn.com api-v2.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk go.pardot.com ws.zoominfo.com ingesteer.services-prod.nsvcs.net js.chilipiper.com; style-src 'self' 'unsafe-inline' data: blob: exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com client-registry.mutinycdn.com api-v2.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk go.pardot.com ws.zoominfo.com ingesteer.services-prod.nsvcs.net js.chilipiper.com; 1
frame-ancestors http://gobrowser.com/ http://gologin.com/ 1
frame-ancestors https://*.holman.com 1
default-src 'self' 'unsafe-inline' https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://cdn.wootric.com https://*.meili.travel blob:; frame-src *; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://*.google.com https://*.googleapis.com https://*.meili.travel; img-src 'self' 'unsafe-inline' data: https://googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleusercontent.com https://www.ehotel.de https://cdn.jsdelivr.net https://*.meili.travel https://images.hertz.com data:; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com https://eligibility.wootric.com/ https://wootric-eligibility.herokuapp.com https://production.wootric.com https://*.meili.travel https://featuregates.org https://statsigapi.net https://browser-intake-datadoghq.eu https://events.statsigapi.net data: blob:; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://*.meili.travel data:; worker-src blob:; 1
script-src 'unsafe-eval' blob: 'self' 'nonce-TscPiAq2jgmgIlv0iTHg' youtube.com 'unsafe-inline'; default-src 'self' data: blob: https://upload.wikimedia.org https://commons.wikimedia.org *.wikimedia.org wikimedia.org *.youtube.com *.poewiki.net https://www.youtube-nocookie.com https://i.ytimg.com; style-src 'self' data: blob: https://upload.wikimedia.org https://commons.wikimedia.org *.wikimedia.org wikimedia.org *.youtube.com *.poewiki.net https://www.youtube-nocookie.com https://i.ytimg.com 'unsafe-inline'; object-src 'none'; report-uri /api.php?action=cspreport&format=json 1
frame-ancestors 'self' https://*.ezlynx.com* https://*.appliedsystems.com* https://*.ivans.com* https://*.agentinsure.com* 1
default-src 'self'; img-src *; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 1
object-src 'self'; frame-ancestors 'self' http://*.publicissapient.com https://*.publicissapient.com www.publicissapient.fr publicissapient.fr sites-us.lumapps.com vox.publicissapient.com; 1
default-src *; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'  1
frame-ancestors http://specialtyfood-cms.ae-admin.com http://www.specialtyfood.com 1
'' 1
default-src 'self' *; img-src * 'self' data: https: blob:; worker-src 'self' blob:; child-src blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflareinsights.com *.googletagmanager.com *.onetrust.com *.cookielaw.org *.clarity.ms; style-src 'self' 'unsafe-inline' *; font-src 'self' * data:; frame-src *; 1
default-src 'self'; script-src 'self' 'nonce-8byVGyLe3rUcikTl74DD5kfMQCkhJZWwqofX3x8tKbM=' www.google-analytics.com https://maps.googleapis.com https://ssl.google-analytics.com https://use.typekit.net https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://use.typekit.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://maps.googleapis.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; frame-src 'self' https://www.google.com https://www.youtube.com; img-src 'self' data: https://www.mastec.com https://c212.net https://i.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://p.typekit.net https://ssl.google-analytics.com www.google-analytics.com;  manifest-src 'self'; media-src 'self'; worker-src 'none'; form-action 'self'; 1
default-src 'self' 'unsafe-inline' blob:; img-src data: blob: * analytics.tiktok.com; font-src 'self' data: fonts.gstatic.com fast.wistia.com maxcdn.bootstrapcdn.com; media-src 'self' blob: data: *.wistia.net embedwistia-a.akamaihd.net *.wistia.com *.zdassets.com *.cloudinary.com; style-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com fonts.googleapis.com *.twitter.com *.twimg.com tagmanager.google.com *.googletagmanager.com hello.myfonts.net; frame-src 'self' bytedance: sslocal: app.vwo.com *.visualwebsiteoptimizer.com certificates.easy-lms.com *.doubleclick.net www.facebook.com *.wistia.com *.wistia.net widget.reviews.co.uk *.twitter.com *.addthis.com embedwistia-a.akamaihd.net www.youtube.com www.youtube-nocookie.com www.google.com widget.trustpilot.com *.googletagmanager.com widget-prime.rafflecopter.com *.appointedd.com *.onlineexambuilder.com app.netlify.com *.player.vimeo.com *.vimeo.com; object-src 'self' embedwistia-a.akamaihd.net; connect-src 'self' data: wss: *.visualwebsiteoptimizer.com app.vwo.com analytics.tiktok.com *.clarity.ms *.litix.io *.reviews.co.uk *.wistia.com *.wistia.net *.facebook.com *.addthis.com *.freeagent.com *.fre.ag analytics.google.com *.google-analytics.com api.rollbar.com *.doubleclick.net embedwistia-a.akamaihd.net www.google.com *.adroll.com www.google.co.uk widget.trustpilot.com geoip-js.com geoip-js.maxmind.com geoip.maxmind.com *.crazyegg.com adservice.google.com *.cookielaw.org *.onetrust.com *.zdassets.com *.zendesk.com *.zopim.com bat.bing.com api.cloudinary.com cdn.linkedin.oribi.io *.analytics.google.com *.googlesyndication.com *.player.vimeo.com *.vimeo.com px.ads.linkedin.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.visualwebsiteoptimizer.com app.vwo.com analytics.tiktok.com *.freeagent.com *.fre.ag *.googleapis.com analytics.google.com *.google-analytics.com *.doubleclick.net *.googleadservices.com *.adroll.com *.cloudfront.net *.facebook.net *.twitter.com script.crazyegg.com *.reviews.co.uk *.addthis.com *.addthisedge.com *.twimg.com www.googletagmanager.com *.tfaforms.com s3.amazonaws.com/trk.cetrk.com/ *.wistia.com *.wistia.net www.gstatic.com www.google.com *.workable.com px.ads.linkedin.com static.ads-twitter.com snap.licdn.com widget.reviews.co.uk cdn.ampproject.org www.linkedin.com pro.ip-api.com bat.bing.com widget.trustpilot.com tagmanager.google.com tinymce.cachefly.net js.maxmind.com z.moatads.com widget-prime.rafflecopter.com www.dwin1.com cdnjs.cloudflare.com/ajax/libs/rollbar.js/ optanon.blob.core.windows.net code.jquery.com *.onetrust.com *.cookielaw.org cdnjs.cloudflare.com *.bizographics.com www.clarity.ms geoip-js.com cdn.rollbar.com *.appointedd.com s3-eu-west-1.amazonaws.com *.zdassets.com *.zopim.com *.zendesk.com netlify-cdp-loader.netlify.app; frame-ancestors 'self' https://support.freeagent.com; report-uri https://freeagent.report-uri.com/r/d/csp/enforce; worker-src 'self' blob:; 1
default-src 'self' https://*.demdex.net https://*.omtrdc.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.quest.com https://*.oneidentity.com https://*.syslog-ng.com https://syslog-ng.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://dpm.demdex.net https://questsoftware.sc.omtrdc.net https://questdsgsupport.112.2o7.net https://*.hotjar.com https://*.hotjar.io https://googleads.g.doubleclick.net https://tagmanager.google.com https://js.hs-scripts.com https://js.hsleadflows.net https://js.hs-analytics.net https://js.usemessages.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com; img-src 'self' https://*.spotlightessentials.com https://*.spotlightcloud.io https://*.kacecloud.com https://cm.everesttech.net https://*.demdex.net https://*.omtrdc.net https://*.112.2o7.net https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com/pagead/ https://www.gstatic.com https://ssl.gstatic.com https://googleads.g.doubleclick.net https://track.hubspot.com https://forms.hubspot.com data:;font-src 'self' https://fonts.gstatic.com data:; frame-src https://*.hotjar.com https://*.hotjar.io https://questsoftware.demdex.net; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://dpm.demdex.net https://questsoftware.sc.omtrdc.net https://forms.hubspot.com https://api.hubspot.com https://api.hsforms.com https://www.google-analytics.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; img-src 'self' https://tests.services.druide https://services-tests-tmp.druide.com https://services.druide.com https://www.gravatar.com https://*.googleusercontent.com  https://googleusercontent.com https://*.fbcdn.net https://fbcdn.net https://*.fbsbx.com https://fbsbx.com data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'none'; frame-ancestors 'none'; connect-src 'self' wss://cumulix.app/correcteur/corrigerWS2; object-src 'none'; child-src 'none'; media-src 'self'; manifest-src 'self'; worker-src 'none'; form-action 'none'; upgrade-insecure-requests;report-to 'csp-reports';report-uri /__rapport_csp__ 1
default-src 'self' https://www.google.com https://yoomoney.ru; script-src 'self' https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://mc.yandex.ru 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.google.com https://www.gstatic.com https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; upgrade-insecure-requests; 1
default-src 'self'; manifest-src 'self'; img-src https: data: blob:; prefetch-src https:; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; worker-src https: 'self' 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline'; form-action 'none'; object-src 'none'; base-uri 'none'; connect-src 'self' https: wss:; frame-src https: 'self'; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests; font-src  https: http: data: blob:; media-src https: 1
frame-ancestors 'self' https://*.listreports.com https://listreports.com https://*.mbshighway.com 1
frame-ancestors 'self' https://cgp.cgscholar.com/ 1
worker-src blob:; script-src 'self' blob: assets.adobedtm.com www.allegion.com 718-rfd-040.mktoweb.com script.crazyegg.com sc-static.net ads.nextdoor.com www.googleadservices.com ct.pinterest.com cdn.cookielaw.org www.gstatic.com s.ytimg.com stats.g.doubleclick.net googleads.g.doubleclick.net connect.facebook.net cdn.pdst.fm www.redditstatic.com analytics.tiktok.com s.pinimg.com up.pixel.ad  www.google.com www.googletagmanager.com www.google-analytics.com privacyportal-cdn.onetrust.com www.calendarwiz.com sdk.inbenta.io cdn.inbenta.io api.inbenta.io snap.licdn.com static.hotjar.com script.hotjar.com hackerone.com developerportal.blob.core.windows.net by2.uservoice.com metrics.allegion.com cdn.pricespider.com apps.bazaarvoice.com kit.fontawesome.com lp.allegion.com www.instagram.com instagram.com data: wss: pricespider.com *.pricespider.com mapbox.com *.mapbox.com https://cdnjs.cloudflare.com/ajax/libs/socket.io/2.3.0/socket.io.slim.js https://cdnjs.cloudflare.com/ajax/libs/handlebars.js/3.0.3/handlebars.runtime.min.js https://cdnjs.cloudflare.com/ajax/libs/handlebars.js/3.0.3/handlebars.min.js 'unsafe-eval' 'unsafe-inline' 1
default-src 'self' blob: www.google-analytics.com marketing.cov.com go.cov.com view.ceros.com cdn.jsdelivr.net *.cookiepro.com static.cloud.coveo.com staticdev.cloud.coveo.com www.gstatic.com fonts.gstatic.com *.fontawesome.com *.brightcove.net platform.cloud.coveo.com www.google.com *.brightcove.com *.cloudfront.net *.boltdns.net *.akamaihd.net *.onetrust.com *.pardot.com *.yoshki.com data:;style-src 'self' 'unsafe-inline' static.cloud.coveo.com marketing.cov.com go.cov.com fonts.googleapis.com *.fontawesome.com stackpath.bootstrapcdn.com www.google.com cdn.jsdelivr.net www.gstatic.com *.brightcove.com *.brightcove.net *.cloudfront.net *.boltdns.net *.akamaihd.net *.onetrust.com *.yoshki.com *.pardot.com cdn.matomo.cloud *.matomo.cloud;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: marketing.cov.com go.cov.com siteimproveanalytics.com creative-services.ceros.com view.ceros.com www.googletagmanager.com code.jquery.com www.google-analytics.com fonts.googleapis.com static.cloud.coveo.com cdn.jsdelivr.net fonts.gstatic.com cdnjs.cloudflare.com *.cookiepro.com *.fontawesome.com www.google.com stackpath.bootstrapcdn.com www.gstatic.com *.onetrust.com *.pardot.com *.boltdns.net *.brightcove.com *.brightcove.net *.cloudfront.net *.yoshki.com *.akamaihd.net *.matomo.cloud ;img-src 'self' go.cov.com code.jquery.com www.google-analytics.com fonts.googleapis.com static.cloud.coveo.com cdn.jsdelivr.net fonts.gstatic.com cdnjs.cloudflare.com *.cookiepro.com *.fontawesome.com stackpath.bootstrapcdn.com marketing.cov.com www.googletagmanager.com www.google.com cov.vuture.net www.gstatic.com *.pardot.com *.brightcove.com *.boltdns.net *.brightcove.net *.cloudfront.net *.akamaihd.net *.yoshki.com data: *.matomo.cloud; 1
frame-src 'self' https://www.facebook.com https://vars.hotjar.com https://ls.hit.gemius.pl; frame-ancestors 'self' https://*.irozhlas.cz https://*.rozhlas.cz http://aplikace.rozhlas.cz https://www.facebook.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.libsyn.com *.facebook.net *.facebook.com *.fbcdn.net *.tableau.com app.icontact.com *.gstatic.com *.twitter.com *.ws.frb.org *.frswebservices.org *.bostonfed.org bostonfed *.federalreserve.org *.google-analytics.com *.googleapis.com cdn.syndication.twimg.com *.brightcove.net *.brightcove.com *.ytimg.com *.googletagmanager.com *.google-analytics.com *.taleo.net *.google.com *.highcharts.com; style-src 'self' 'unsafe-inline' *.youtube.com *.libsyn.com *.facebook.net *.facebook.com *.fbcdn.net *.tableau.com app.icontact.com *.twitter.com *.ws.frb.org *.frswebservices.org *.bostonfed.org bostonfed *.googleapis.com *.taleo.net *.google.com *.highcharts.com; img-src * data:; media-src * data:; connect-src 'self' *.google-analytics.com; font-src 'self' *.facebook.net *.facebook.com *.fbcdn.net *.tableau.com app.icontact.com *.twitter.com *.ws.frb.org *.frswebservices.org *.bostonfed.org bostonfed *.gstatic.com *.taleo.net *.google.com data:; frame-src 'self' *.libsyn.com *.facebook.net *.facebook.com *.fbcdn.net *.tableau.com app.icontact.com *.twitter.com *.youtube.com *.brightcove.net *.brightcove.com *.ws.frb.org *.frswebservices.org *.bostonfed.org *.taleo.net *.google.com data:; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.broadcastnow.co.uk https://eme.abacusemedia.com; 1
default-src 'self'; connect-src 'self' *.siteimprove.com https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://www.google-analytics.com https://www.googletagmanager.com https://search.service.vportal.ee/v1/search/vm https://search.service.vportal.ee/v1/globalsearch/total https://form.service.vportal.ee/v1/ https://search.service.vportal.ee/v1/events/vm https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.rocket.chat https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://www.youtube.com/watch https://xgis.maaamet.ee; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com https://www.googletagmanager.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors 'self'; upgrade-insecure-requests 1
frame-ancestors 'self' api.sheetmusicdirect.com *.arrangeme.com arrangeme.com 1
img-src 'self' data: *.mintos.com *.google-analytics.com https://i.imgur.com https://s3.eu-central-1.amazonaws.com/test-mintos-public-files/ https://s3.eu-central-1.amazonaws.com/mintos-prod-public-files/ *.googletagmanager.com *.google.com *.google.lv cdn.cookielaw.org *.onetrust.com https://accounts.zendesk.com https://cdn.kevin.eu/banks/images/ https://mintos.zendesk.com/; script-src 'self' 'self' 'unsafe-eval' 'unsafe-inline' *.mintos.com *.google.com *.google-analytics.com *.googletagmanager.com https://www.gstatic.com https://www.googleadservices.com *.doubleclick.net *.indicative.com *.hotjar.com *.sumo.com *.licdn.com *.facebook.net *.redditstatic.com *.bing.com *.zohopublic.eu https://assets.mintos.com/webapp/ assets.zendesk.com *.chatcreate.com static.zdassets.com cdn.cookielaw.org *.onetrust.com https://api.smooch.io https://cdn.mxpnl.com; frame-ancestors *.mintos.com; object-src 'none' 1
default-src 'self' data: *.lifelabs.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' lifelabs.azureedge.net *.lifelabs.com *.googleapis.com *.googletagmanager.com *.googletagservices.com *.googleadservices.com *.tagmanager.google.com *.google-analytics.com *.google.com/recaptcha/ adservice.google.ca adservice.google.com *.g.doubleclick.net *.gstatic.com *.netcheckin.com *.inmoment.com *.msecnd.net *.pardot.com unpkg.com *.jsdelivr.net *.googlesyndication.com rum-static.pingdom.net *.facebook.net bat.bing.com; style-src 'self' 'unsafe-inline' lifelabs.azureedge.net *.lifelabs.com *.googleapis.com *.googletagmanager.com *.tagmanager.google.com *.google-analytics.com *.g.doubleclick.net *.inmoment.com *.jsdelivr.net *.bootstrapcdn.com *.typekit.net; img-src 'self' data: lifelabs.azureedge.net *.googlesyndication.com *.google-analytics.com *.facebook.com bat.bing.com; font-src 'self' data: lifelabs.azureedge.net *.typekit.net fonts.gstatic.com; connect-src 'self' *.visualstudio.com *.googleapis.com *.google-analytics.com *.g.doubleclick.net *.googlesyndication.com *.googleadservices.com adservice.google.ca adservice.google.com *.pingdom.net; media-src 'self' lifelabs.azureedge.net; object-src 'none'; frame-src 'self' *.lifelabs.com lifelabs.azureedge.net *.google.com tpc.googlesyndication.com *.youtube.com *.netcheckin.com *.pardot.com *.g.doubleclick.net; frame-ancestors 'self'; upgrade-insecure-requests; 1
default-src 'self' https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.cloudfront.net https://*.vattenfall.nl https://*.vattenfall.com https://*.azure-api.net/; base-uri 'self' https://*.demdex.net https://*.cloudfront.net https://*.svtrd.com https://*.vattenfall.com https://*.google-analytics.com; form-action 'self'  https://*.demdex.net https://*.cloudfront.net https://*.svtrd.com https://*.vattenfall.com https://*.google-analytics.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss://*.stt.speech.microsoft.com https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://nominatim.openstreetmap.org https://*.linkedin.com https://*.demdex.net https://*.pa-cd.com/ https://*.azure-api.net/ https://*.vattenfall.com https://*.googleapis.com https://*.blob.core.windows.net https://*.services.visualstudio.com https://*.adoberesources.net https://*.googlesyndication.com https://*.cloudfront.net https://*.idomoo.com https://*.queue-it.net https://*.mopinion.com https://*.piwikpro.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.googleadservices.com https://*.cdn-0.d41.co https://*.w9shetvlr6.d41.co https://*.vattenfall.nl https://tdn.r42tag.com https://*.relay42.com https://w.usabilla.com https://api.usabilla.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://dl.episerver.net https://www.youtube.com https://az416426.vo.msecnd.net https://opt.objecttiveportal.com https://web.telemetric.dk https://vattenfalltesting.24sessions.com https://connect.facebook.net https://img06.en25.com r2eu01.visualwebsiteoptimizer.com https://t.svtrd.com https://businessspecificapimanglobal.azure-api.ne https://*.doubleclick.net https://googleads.g.doubleclick.net https://cep-api.vattenfall.com https://*.googleadservices.com https://*.bing.com https://*.lt45.net https://snap.licdn.com https://*.visualwebsiteoptimizer.com https://*.google.com https://*.google.co.uk https://pingvp.com https://*.pingvp.com https://*.clarity.ms; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.adoberesources.net https://*.googlesyndication.com https://*.cloudfront.net https://*.idomoo.com https://*.queue-it.net https://*.mopinion.com https://*.piwikpro.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.googleadservices.com https://*.cdn-0.d41.co https://*.w9shetvlr6.d41.co https://*.vattenfall.nl https://tdn.r42tag.com https://admin.relay42.com https://w.usabilla.com https://api.usabilla.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://dl.episerver.net https://www.youtube.com https://az416426.vo.msecnd.net https://opt.objecttiveportal.com https://web.telemetric.dk https://vattenfalltesting.24sessions.com https://connect.facebook.net https://img06.en25.com r2eu01.visualwebsiteoptimizer.com https://dc.services.visualstudio.com https://*.svtrd.com https://businessspecificapimanglobal.azure-api.ne https://*.doubleclick.net https://googleads.g.doubleclick.net https://cep-api.vattenfall.com https://td.doubleclick.net https://googleadservices.com https://*.bing.com https://*.lt45.net https://snap.licdn.com https://*.visualwebsiteoptimizer.com https://*.google.com https://*.google.co.uk https://pingvp.com https://*.pingvp.com https://*.clarity.ms; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.googlesyndication.com https://datawrapper.dwcdn.net https://*.dwcdn.net https://*.bbvms.com https://*.idomoo.com https://*.zonatlas.nl https://*.spotify.com https://*.cloudfront.net https://*.queue-it.net https://*.vattenfall.nl https://tdn.r42tag.com https://admin.relay42.com https://w.usabilla.com https://api.usabilla.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://dl.episerver.net https://www.youtube.com https://az416426.vo.msecnd.net https://opt.objecttiveportal.com https://web.telemetric.dk https://vattenfalltesting.24sessions.com https://connect.facebook.net https://img06.en25.com https://r2eu01.visualwebsiteoptimizer.com https://dc.services.visualstudio.com https://*.svtrd.com https://businessspecificapimanglobal.azure-api.ne https://googleads.g.doubleclick.net https://cep-api.vattenfall.com https://td.doubleclick.net https://*.doubleclick.net https://googleadservices.com https://*.cdn-0.d41.co https://*.w9shetvlr6.d41.co https://*.bing.com https://*.lt45.net https://snap.licdn.com https://*.visualwebsiteoptimizer.com https://*.google.com https://*.google.co.uk https://pingvp.com https://*.pingvp.com; media-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.googlesyndication.com https://*.bing.com https://*.idomoo.com https://*.queue-it.net https://*.vattenfall.nl https://tdn.r42tag.com https://admin.relay42.com https://w.usabilla.com https://api.usabilla.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://dl.episerver.net https://*.youtube.com https://az416426.vo.msecnd.net https://opt.objecttiveportal.com https://web.telemetric.dk https://vattenfalltesting.24sessions.com https://connect.facebook.net https://img06.en25.com https://r2eu01.visualwebsiteoptimizer.com https://dc.services.visualstudio.com https://t.svtrd.com https://businessspecificapimanglobal.azure-api.ne https://googleads.g.doubleclick.net https://cep-api.vattenfall.com https://td.doubleclick.net https://googleadservices.com https://*.cdn-0.d41.co https://*.w9shetvlr6.d41.co https://*.bing.com https://*.lt45.net https://snap.licdn.com https://*.visualwebsiteoptimizer.com https://*.google.nl https://*.google.com https://*.google.co.uk https://pingvp.com https://*.pingvp.com; style-src 'self' 'unsafe-inline' https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.googlesyndication.com https://*.vattenfall.nl https://*.idomoo.com https://*.cloudfront.net https://opt.objecttiveportal.com https://web.telemetric.dk https://vattenfalltesting.24sessions.com https://connect.facebook.net https://img06.en25.com https://r2eu01.visualwebsiteoptimizer.com https://dc.services.visualstudio.com https://t.svtrd.com https://businessspecificapimanglobal.azure-api.ne https://googleads.g.doubleclick.net https://cep-api.vattenfall.com https://td.doubleclick.net https://googleadservices.com https://*.cdn-0.d41.co https://*.w9shetvlr6.d41.co https://*.bing.com https://*.lt45.net https://snap.licdn.com https://*.googleapis.com https://*.gstatic.com https://dl.episerver.net https://pingvp.com https://*.pingvp.com; img-src 'self' https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.googlesyndication.com https://*.vattenfall.nl https://*.google.nl https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io https://*.googletagmanager.com https://*.linkedin.com https://tdn.r42tag.com https://admin.relay42.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://*.piwikpro.com https://*.facebook.com https://*.clarity.ms https://*.bing.com https://*.svtrd.com https://*.cloudfront.net https://w.usabilla.com https://opt.objecttiveportal.com https://web.telemetric.dk https://vattenfalltesting.24sessions.com https://connect.facebook.net https://img06.en25.com r2eu01.visualwebsiteoptimizer.com https://dc.services.visualstudio.com https://t.svtrd.com https://businessspecificapimanglobal.azure-api.ne https://googleads.g.doubleclick.net https://cep-api.vattenfall.com https://td.doubleclick.net https://googleadservices.com https://*.cdn-0.d41.co https://*.w9shetvlr6.d41.co https://*.bing.com https://*.lt45.net https://snap.licdn.com https://*.visualwebsiteoptimizer.com https://*.google.com https://*.google.co.uk https://*.googleapis.com https://*.gstatic.com https://dl.episerver.net https://pingvp.com https://*.pingvp.com https://*.openstreetmap.org data:; font-src 'self' https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.googlesyndication.com https://*.vattenfall.nl https://*.googleapis.com https://*.gstatic.com https://dl.episerver.net https://pingvp.com https://*.pingvp.com data:; frame-ancestors 'self' https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.vattenfall.nl https://pingvp.com https://*.pingvp.com; worker-src 'self' data: https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.googlesyndication.com https://*.vattenfall.nl https://*.visualwebsiteoptimizer.com https://dl.episerver.net blob:; block-all-mixed-content 1
upgrade-insecure-requests; frame-ancestors https: 'self' *.signs.com *.digitalroom.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com; 1
script-src *.cloudflare.com *.cookielaw.org *.segment.com *.ipify.org *.moatads.com *.sharethis.com *.platform-api.sharethis.com *.snapchat.com *.paypalobjects.com *.ajax.googleapis.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.google.com *.crazyegg.com *.bigcommerce.com *.facebook.net *.googleapis.com *.jquery.com *.adsrvr.org *.braintreegateway.com *.youtube.com *.entrust.net *.pinimg.com *.ads-twitter.com *.twitter.com *.googleapis.com *.cloudfront.net *.privy.com *.amazonaws.com *.addrexx10.com *.mikmak.tv *.iesnare.com *.bazaarvoice.com *.dynatrace.com *.paypal.com *.pepperjam.com *.rpxnow.com *.lightboxcdn.com *.azurewebsites.net https://sc-static.net/scevent.min.js https://www.terracycle.com/en-US/sdk.js https://unpkg.com/aos@next/dist/aos.js https://js.agkn.com/prod/v0/tag.js https://aa.agkn.com/adscores/ https://googleads.g.doubleclick.net/ https://www.gstatic.com/recaptcha/ https://cdn.polyfill.io/v3/polyfill.min.js https://b-code.liadm.com/a-05m5.min.js https://www.tp88trk.com/scripts/sdk/everflow.js https://www.paypalobjects.com/api/checkout.min.js https://cdn-stg.tapad.app/js/pandg-sdk.js https://pghub.io/js/pandg-sdk.js https://rpxnow.com/js/lib/arcsmile-us/engage.js 'self' 'unsafe-eval' 'unsafe-inline' 1
default-src https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://*.qualtrics.com https://*.crazyegg.com https://*.cybersource.com https://beta.cyd3v0u8ig-oldcastle1-p1-public.model-t.cc.commerce.ondemand.com https://*.googleoptimize.com https://*.clarity.ms https://*.bing.com https://*.dynamicyield.com https://cdn.jsdelivr.net https://js.appboycdn.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.4.6/js/swiper.js;img-src 'self' data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.google-analytics.com https://*.opentext.com https://*.qualtrics.com https://beta.cyd3v0u8ig-oldcastle1-p1-public.model-t.cc.commerce.ondemand.com https://*.clarity.ms https://*.bing.com; font-src 'self' https://*.gstatic.com data:; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.googleoptimize.com https://*.clarity.ms https://cdn.jsdelivr.net/npm/instantsearch.css@8.1.0/themes/reset-min.css https://cdn.jsdelivr.net/npm/instantsearch.css@8.1.0/themes/satellite-min.css https://cdn.jsdelivr.net/npm/@algolia/autocomplete-theme-classic;worker-src blob:connect-src https://*.algolia.net https://*.algolianet.com https://*.algolia.io; 1
default-src * blob: filesystem: about: ws: wss: data: 'unsafe-inline' 'unsafe-eval' https://ix.sysoons.com; script-src * http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample'; object-src 'none';connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: ; base-uri 'none'; upgrade-insecure-requests; report-to default 1
img-src 'self' 'unsafe-inline' *.cdn.contentful.com *.commercecloud.salesforce.com cdn-fsly.yottaa.net cdn.dynamicyield.com carters.com *.carters.com oshkosh.com *.oshkosh.com skiphop.com *.skiphop.com *.bazaarvoice.com *.adobedtm.com *.adobedtm.com *.bing.com *.teads.tv *.analytics.yahoo.com *.micpn.com *.doubleclick.net *.google.com *.facebook.com *.loggly.com *.everesttech.net *.demdex.net *.demandware.net *.clarity.ms *.googletagmanager.com *.googleapis.com *.gstatic.com *.googleusercontent.com live.rezync.com cdn.cookielaw.org *.liadm.com cdn.userway.org ad.ipredictive.com nova.collect.igodigital.com x.bidswitch.net ib.adnxs.com partner.mediawallahscript.com r.casalemedia.com ad.360yield.com contextual.media.net sync.outbrain.com pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com sync-t1.taboola.com eb2.3lift.com tg.socdm.com visitor.omnitagjs.com *.criteo.com matching.ivitrack.com exchange.mediavine.com jadserve.postrelease.com simage2.pubmatic.com trends.revcontent.com s.ad.smaato.net tapestry.tapad.com criteo-partners.tremorhub.com i3.ytimg.com *.ctfassets.net *.cdn.contentful.com *.curalate.com *.branch.io *.bluekai.com *.rqtrk.eu ads.stickyadstv.com secure.adnxs.com app.collectivevoice.com *.dotomi.com ade.clmbtech.com sync-criteo.ads.yieldmo.com e1.emxdgt.com aa.agkn.com pixel.tapad.com *.babylist.com *.qualtrics.com *.quantummetric.com *.attentivemobile.com *.attn.tv data:;media-src 'self' *.ctfassets.net edge.curalate.com *.attentivemobile.com *.attn.tv;script-src 'self' 'unsafe-inline' 'unsafe-eval' storage.googleapis.com *.bazaarvoice.com *.yottaa.net quantum-carters.js *.carters.com *.oshkosh.com *.skiphop.com static.criteo.com *.curalate.com *.px-cloud.net *.px-cdn.net *.dynamicyield.com app.collectivevoice.com *.qualtrics.com *.fbot.me *.babylist.com *.attn.tv *.attentivemobile.com *.ipredictive.com *.amazon-adsystem.com www.lightboxcdn.com;script-src-elem  'self' 'unsafe-inline' 'unsafe-eval' storage.googleapis.com *.bazaarvoice.com *.adobedtm.com *.google-analytics.com *.facebook.net *.bing.com *.googletagmanager.com *.teads.tv *.turn.com *.merklesearch.com *.attn.tv *.impactradius-event.com *.yimg.com *.micpn.com *.quantummetric.com *.letslinc.com *.branch.io *.smg.com *.userway.org *.quantserve.com *.clarity.ms *.googleadservices.com app.link *.doubleclick.net *.igodigital.com *.undefined.com *.datadoghq-browser-agent.com cdn.dynamicyield.com *.rezync.com *.boomtrain.com *.liadm.com *.googleapis.com *.yottaa.net cdn.cookielaw.org *.yottaa.net *.criteo.com analytics.tiktok.com *.demandware.com *.dy-api.com dy-api.com *.curalate.com *.px-cloud.net *.px-cdn.net *.amazon-adsystem.com *.carters.com *.oshkosh.com *.skiphop.com login-ds.dotomi.com *.pinimg.com *.krxd.com *.rlcdn.com *.dotomi.com app.collectivevoice.com *.googlesyndication.com *.dynamicyield.com *.fbot.me *.qualtrics.com *.babylist.com *.attentivemobile.com *.ipredictive.com *.amazon-adsystem.com *.bc0a.com www.lightboxcdn.com;form-action 'self' www.facebook.com *.qualtrics.com;frame-src 'self' youtube.com *.youtube.com *.doubleclick.net *.adobedtm.co *.letslinc.com *.adobedtm.com *.demdex.net *.google.com cdn.userway.org gum.criteo.com web.carters.mobi web.uat.carters.mobi web.dev.carters.mobi s.amazon-adsystem.com static.criteo.net www.facebook.com app.collectivevoice.com *.quantummetric.com widget.fbot.me *.babylist.com *.qualtrics.com *.attn.tv *.attentivemobile.com *.amazon-adsystem.com *.ipredictive.com;style-src-elem 'self' 'unsafe-inline' cdn.dynamicyield.com fonts.googleapis.com;connect-src 'self' 'unsafe-inline' cdn.contentful.com *.api.bazaarvoice.com *.bazaarvoice.com *.algolia.net *.adobecqms.net *.adobedtm.com dpm.demdex.net *.google-analytics.com *.teads.tv *.yimg.com *.attn.tv *.attentivemobile.com *.userway.org *.clarity.ms *.branch.io *.doubleclick.net *.googletagmanager.com *.algolianet.com *.quantummetric.com *.bing.com *.carters.com *.oshkosh.com *.skiphop.com *.boomtrain.com *.googleapis.com *.google.com *.gstatic.com *.algolia.io api.smg.com *.splunkcloud.com cdn.cookielaw.org geolocation.onetrust.com qoe-1.yottaa.net *.perimeterx.net *.mobify-storefront.com feedback.smg.com *.px-cloud.com analytics.tiktok.com *.demandware.com *.dy-api.com dy-api.com *.contentful.com *.curalate.com *.px-cloud.net *.px-cdn.net *.criteo.com *.dynamicyield.com app.collectivevoice.com *.auth.marketingcloudapis.com *.rest.marketingcloudapis.com app.collectivevoice.com *.fbot.me *.qualtrics.com *.babylist.com *.amazon-adsystem.com *.ipredictive.com *.bc0a.com api.zetaglobal.net;worker-src 'self' 'unsafe-inline' blob:;upgrade-insecure-requests;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
default-src 'none'; manifest-src 'self'; connect-src 'self' https: ; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' https://fonts.googleapis.com/; img-src 'self' data: https:; media-src 'self' data:; object-src 'none'; base-uri 'none'; font-src 'self' https://fonts.gstatic.com/; form-action 'none'; frame-src 'self' https://widget.changelly.com/ https://dreamwalkers.io/ https://avanchange.com/ 1
default-src 'self' 'unsafe-inline *.cardinalcommerce.com *.hotjar.com *.xendit.co *.zdassets.com *.skrill.com *.safecharge.com *.mcpayment.net *.tipalti.com *.facebook.com *.coinbase.com *.zeusx.com *.gstatic.com *.cloudflare.com *.google.com *.aws.com  *.stripe.com  *.googleapis.com  *.checkout.com  *.line-website.com *.paypal.com *.firebaseio.com *.amazonaws.com *.transferwise.tech  *.googletagmanager.com ; img-src *  'unsafe-inline' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; frame-src *; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://techhub.social; img-src 'self' https: data: blob: https://techhub.social; style-src 'self' https://techhub.social 'nonce-LffryKP+XD3VT3+1Z9D6Ww=='; media-src 'self' https: data: https://techhub.social; frame-src 'self' https:; manifest-src 'self' https://techhub.social; form-action 'self'; child-src 'self' blob: https://techhub.social; worker-src 'self' blob: https://techhub.social; connect-src 'self' data: blob: https://techhub.social https://files.techhub.social wss://techhub.social; script-src 'self' https://techhub.social 'wasm-unsafe-eval' 1
default-src 'self'; script-src https://cdn.syndication.twimg.com https://js.stripe.com https://www.google.com/recaptcha/ https://www.google-analytics.com https://www.instagram.com https://www.google.com https://www.gstatic.com/cast/ https://adservice.google.com https://cdnjs.cloudflare.com https://www.googletagservices.com https://platform.instagram.com https://static.zdassets.com https://unpkg.com/ https://cdn.taboola.com/scripts/ 'unsafe-eval' https://js-agent.newrelic.com 'self' https://cdn.jsdelivr.net https://kit.fontawesome.com https://*.volume.com https://disqus.com https://platform.twitter.com https://www.gstatic.com/cv/ https://*.nr-data.net https://*.googlesyndication.com https://www.googletagmanager.com https://www.paypal.com www.googletagmanager.com 'unsafe-inline' https://ajax.googleapis.com https://connect.facebook.net https://www.paypalobjects.com https://volumeapps.disqus.com https://trc.taboola.com https://www.gstatic.com/recaptcha/ https://www.gstatic.com/eureka/ https://*.disquscdn.com https://cdn.taboola.com/libtrc/unip/ ;  style-src 'self' data: 'unsafe-inline' https://*.volume.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://www.googletagmanager.com https://*.disquscdn.com https://platform.twitter.com/ https://ton.twimg.com; img-src pagead2.googlesyndication.com https://volumephotovideo.s3.amazonaws.com https://public.volume.com.s3.amazonaws.com https://volumedvr.s3.amazonaws.com https://volumevideoupload.s3.amazonaws.com https://www.google-analytics.com data: abs.twimg.com https://www.google.com https://cdnjs.cloudflare.com https://v2assets.zopim.io https://www.gstatic.com https://pbs.twimg.com https://ton.twimg.com https://static.zdassets.com https://www.facebook.com 'self' https://t.paypal.com https://*.volume.com https://platform.twitter.com https://app.upstream.exchange https://cds.taboola.com https://*.nr-data.net https://*.googlesyndication.com https://www.googletagmanager.com https://www.paypal.com www.googletagmanager.com https://links.services.disqus.com https://syndication.twitter.com https://www.paypalobjects.com https://public.volume.com https://pv.volume.com blob: https://s3.wasabisys.com data: https://*.disquscdn.com https://referrer.disqus.com ;  font-src 'self' data: https://*.volume.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://*.fontawesome.com ; connect-src https://*.volume.com https://realtime.pa.highwebmedia.com https://trc.taboola.com/1374314/ https://csi.gstatic.com ws://localhost:* wss://*.zopim.com blob https://www.google-analytics.com sentry.io https://volumephotovideo.s3.amazonaws.com https://public.volume.com.s3.amazonaws.com https://volumedvr.s3.amazonaws.com https://volumevideoupload.s3.amazonaws.com https://*.nr-data.net https://*.zopim.com https://*.googlesyndication.com https://www.googletagmanager.com https://*.paypal.com https://links.services.disqus.com https://volumephotovideo.s3-accelerate.amazonaws.com https://volumevideoupload.s3-accelerate.amazonaws.com https://*.fontawesome.com https://www.paypalobjects.com https://public.volume.com https://pv.volume.com blob: https://ekr.zdassets.com wss://*.volume.com:8443 https://s3.wasabisys.com wss://volume101.zendesk.com https://volume101.zendesk.com 'self' wss://*.volume.com wss://recommend.volume.com:8443 data: ;  media-src 'self' https://*.googleapis.com https://*.volume.com mediasource: blob: data: https://public.volume.com https://pv.volume.com https://volumephotovideo.s3.amazonaws.com https://public.volume.com.s3.amazonaws.com https://volumedvr.s3.amazonaws.com https://volumevideoupload.s3.amazonaws.com https://static.zdassets.com https://s3.wasabisys.com;  object-src 'self' https://*.volume.com https://public.volume.com https://pv.volume.com https://volumephotovideo.s3.amazonaws.com https://public.volume.com.s3.amazonaws.com https://volumedvr.s3.amazonaws.com https://volumevideoupload.s3.amazonaws.com ; frame-src https://embed-standalone.spotify.com/ https://bid.g.doubleclick.net https://*.volume.com https://disqus.com https://volume.com https://js.stripe.com https://www.google.com/recaptcha/ https://www.twitter.com https://platform.twitter.com/ https://*.googlesyndication.com https://www.paypal.com https://publish.twitter.com/oembed https://w.soundcloud.com/ https://open.spotify.com/ https://syndication.twitter.com https://www.paypalobjects.com https://www.facebook.com/ 'self' https://www.instagram.com ;  child-src 'self' blob: blob ;  worker-src 'self' blob: blob ;  form-action 'self' https://*.volume.com https://volume.com https://www.paypal.com https://www.coinpayments.net https://wnu.com https://connect.stripe.com https://www.facebook.com/tr/ ;  manifest-src 'self' https://*.volume.com ; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://unpkg.com https://www.gstatic.com *.googleapis.com *.cloudflare.com https://cdn-eu.dynamicyield.com https://maxcdn.bootstrapcdn.com *.dynamicyield.com; font-src 'self' *.gstatic.com data: https://cdn-eu.dynamicyield.com  *.dynamicyield.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com https://app.proto.cx https://www.googletagmanager.com https://unpkg.com https://ecobank-prod.custhelp.com https://az416426.vo.msecnd.net https://googleads.g.doubleclick.net https://static.site24x7rum.com *.google.com *.googletagmanager.com *.google-analytics.com *.google.ru https://static.hotjar.com https://script.hotjar.com https://bid.g.doubleclick.net https://googleads.g.doubleclick.net https://az416426.vo.msecnd.net *.googleapis.com *.googleadservices.com *.gstatic.com *.cloudflare.com http://*.matchingnotes.com http://matchingnotes.com *.facebook.net *.twitter.com http://st-eu.dynamicyield.com/st http://cdn-eu.dynamicyield.com http://async-px-eu.dynamicyield.com http://r.rrzb.ru http://p.2ad.wtf/ad/base.js *.dynamicyield.com; connect-src 'self' https://fonts.gstatic.com https://secure.ecobank.com/ContentHandler.ashx https://api.proto.cx *.visualstudio.com https://www.googletagmanager.com https://insights.hotjar.com *.google-analytics.com *.googleapis.com https://stats.g.doubleclick.net https://analytics.google.com http://async-px-eu.dynamicyield.com https://adm.dynamicyield.eu http://st-eu.dynamicyield.com *.dynamicyield.com *.analytics.google.com; img-src 'self' *.cdninstagram.com *.fbcdn.net *.tile.osm.org *.gstatic.com *.googleapis.com *.google.ie *.google.com *.google.ru *.google-analytics.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.googletagmanager.com *.facebook.com *.twitter.com *.openstreetmap.org data: http://d.2ad.wtf/p.gif http://dmg.digitaltarget.ru  *.dynamicyield.com *.google.de; frame-src 'self' data: https://simple-website-rv2.eu-de.mybluemix.net/ https://app.proto.cx/ https://rafikiv5.eu-gb.mybluemix.net/ https://rafikiv2.eu-gb.mybluemix.net/ https://ice.ecobank.com/ https://player.vimeo.com/ https://bid.g.doubleclick.net/ https://www.executiveinterviews.com/ https://ecobank-prod.custhelp.com https://vars.hotjar.com https://youtu.be/ *.google.com *.youtube.com *.facebook.com *.twitter.com; 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https://cms.webhostingbuzz.com https://analytics.sleeknote.com https://www.googletagmanager.com https://www.facebook.com https://cms.worldhost.group; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' https://stablechat.mysecurecloudhost.com; upgrade-insecure-requests; 1
default-src 'none'; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: www.google-analytics.com ci.appveyor.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' www.slideshare.net www.youtube.com; child-src 'self' www.slideshare.net www.youtube.com; manifest-src 'self'; base-uri 'self'; frame-ancestors 'none' 1
default-src *.megabank.com.tw *.google-analytics.com stats.g.doubleclick.net; font-src * data:; frame-src 'self' *.megabank.com.tw bid.g.doubleclick.net https://td.doubleclick.net; img-src * data:; media-src *  data:; object-src 'none'; script-src *.google-analytics.com 'self' *.googletagmanager.com *.googleadservices.com connect.facebook.net googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval' d.line-scdn.net https://webdba.megabank.com.tw; style-src * 'unsafe-inline'; 1
default-src * data: 'unsafe-eval' 'unsafe-inline' blob: cdn.jsdelivr.net *.friendlycaptcha.eu; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-ggP72k8Il6YMo0hco4v2yQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' https://*.blogfree.net/ 1
base-uri 'none'; style-src 'self' *.cassiecloud.com *.googleapis.com 'unsafe-inline' https://cscript-cdn-use.lilly.com/templates/2/template.min.css *.lillytempo.com *.kisunla.com https://d1ltrl2zzo6l3e.cloudfront.net/public/syrenis-cookie-management-v3.css https://d1ltrl2zzo6l3e.cloudfront.net/public/syrenis-cookie-management.css https://d3gnk5748ud580.cloudfront.net/public/syrenis-cookie-management.css https://dscrutpyu4zff.cloudfront.net/public/syrenis-cookie-management.css; script-src 'unsafe-inline'  'unsafe-inline'  'self'  'unsafe-eval' *.kaltura.com/ *.cassiecloud.com *.googletagmanager.com https://google-analytics.com *.google-analytics.com *.bing.com https://connect.facebook.net https://lilly-customerconnect.secure.force.com https://customerconnect.my.salesforce-sites.com https://ispot.tv *.turn.com *.myadvocado.com *.doubleclick.net *.analytics.yahoo.com *.google.com https://facebook.com *.salesforceliveagent.com *.youtube.com *.ytimg.com *.gstatic.com *.googlevideo.com blob: http://d22xmn10vbouk4.cloudfront.net *.googleapis.com assets.adobedtm.com assets.ctfassets.net *.kisunla.com https://d.turn.com *.id.amgdgt.com https://lilly.demdex.net *.lillytempo.com https://cscript-cdn-use.lillytempo.com/loader.js https://d1ltrl2zzo6l3e.cloudfront.net/public/syrenis-cookie-management-v3.js https://d1ltrl2zzo6l3e.cloudfront.net/public/syrenis-cookie-management.js https://d3gnk5748ud580.cloudfront.net/public/syrenis-cookie-management.js https://dscrutpyu4zff.cloudfront.net/public/syrenis-cookie-management.js; object-src 'none'; frame-src *.doubleclick.net/ *.myadvocado.com/ *.lillytempo.com *.lillycares.com *.lillyoncologysupport.com *.lillyloxooncologypipeline.com *.lillydirect.com *.lrlscience.com *.syrenis.com *.taltz.com *.olumiant.com *.verzenio.com *.omvoh.com *.true.lilly *.tap.lilly *.together.lilly *.certuitad.com *.lilly.com *.enrollment.taltz.com *.enrollment.olumiant.com *.enrollment.verzenio.com *.enrollment.omvoh.com *.kisunla.com *.rlcdn.com https://lilly.demdex.net https://omny.fm 1
media-src *; img-src 'self' data: blob: filesystem: https://cdn.cookielaw.org https://c.bing.com/c.gif https://c.bing.com https://cmp.osano.com https://lh3.googleusercontent.com https://csi.gstatic.com https://www.linkedin.com https://www.youtube.com https://i.ytimg.com https://c.clarity.ms https://e.clarity.ms https://px.ads.linkedin.com https://maps.gstatic.com https://maps.googleapis.com *.amazonaws.com *.google.com http://ps.w.org http://i0.wp.com http://i1.wp.com *.gravatar.com *.googleapis.com *.gstatic.com http://www.google-analytics.com *.twitter.com *.twimg.com https://dly4mho8u118u.cloudfront.net https://stats.g.doubleclick.net https://v2.zopim.com https://dashboard.zopim.com https://imp2.ads.linkedin.com *.google.fr http://ck-wwwcorp.s3.amazonaws.com http://dly4mho8u118u.cloudfront.net https://learningwire.crossknowledge.com https://ssl.google-analytics.com https://bat.bing.com *.albacross.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.crossknowledge.com *.gstatic.com https://www.youtube.com https://*.clarity.ms https://i.clarity.ms https://h.clarity.ms https://d.clarity.ms https://f.clarity.ms https://cmp.osano.com https://use.fontawesome.com https://www.clarity.ms https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.cookielaw.org *.fontawesome.com http://s7.addthis.com *.google.com *.google.fr *.googleapis.com www.google-analytics.com *.twitter.com https://cdn.syndication.twimg.com https://code.jquery.com http://maps.google.com https://maps.googleapis.com http://maps.googleapis.com https://static.hotjar.com https://app-lon02.marketo.com https://static.ads-twitter.com https://connect.facebook.net https://munchkin.marketo.net https://www.googleadservices.com https://snap.licdn.com https://v2.zopim.com https://cdn.jsdelivr.net https://www.geoplugin.net https://js-agent.newrelic.com https://script.hotjar.com https://googleads.g.doubleclick.net https://dc.ads.linkedin.com https://px.ads.linkedin.com https://bam.nr-data.net https://www.bizographics.com https://eu-west-1.dc.ads.linkedin.com https://secure.adnxs.com https://insights.hotjar.com *.marketo.com http://d3d8qnlcu0b7xk.cloudfront.net https://d3d8qnlcu0b7xk.cloudfront.net http://static.ads-twitter.com http://munchkin.marketo.net *.googletagmanager.com https://ssl.google-analytics.com https://cdnjs.cloudflare.com https://dashboard.zopim.com https://djtflbt20bdde.cloudfront.net https://mastertag.effiliation.com https://track.effiliation.com https://www.linkedin.com https://bat.bing.com https://fb99820f32444afca60ce4a9dcf7267a.js.ubembed.com https://assets.ubembed.com https://static.zdassets.com *.albacross.com; style-src 'self' 'unsafe-inline' https://maps.googleapis.com https://fonts.googleapis.com https://cmp.osano.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.twitter.com *.google.com *.jsdelivr.net https://app-lon02.marketo.com http://app-lon02.marketo.com *.albacross.com 1
base-uri 'self';         block-all-mixed-content;         script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com improve.vzug.com *.google-analytics.com *.googleapis.com tagmanager.google.com www.youtube.com *.ytimg.com player.vimeo.com login.vzug.com *.gigya.com *.gigya-api.cn *.cn1.sapcdm.cn connect.facebook.net *.doubleclick.net platform.getbring.com *.cookiebot.com ajax.cloudflare.com static.cloudflareinsights.com hit.uptrendsdata.com *.sentry.io browser-update.org trck.spoteffects.net snap.licdn.com s.pinimg.com analytics.twitter.com static.ads-twitter.com platform.twitter.com t.contentsquare.net app.contentsquare.com hcaptcha.com *.hcaptcha.com cdn.portal-backend.prod.qualibooth.com mktdplp102cdn.azureedge.net *.usersnap.com ;         worker-src 'self' blob:;         object-src 'none'; frame-ancestors 'self'; 1
frame-ancestors 'self' https://support.vpnproxymaster.com https://admin.vpnproxymaster.com 1
frame-ancestors www.bitforex.com coin360.com 1
default-src 'self'; script-src 'self' 'sha256-hJBjfe+Z4EmpT34k36kVvmnQhnWX0eP0khLaZLW0nlE=' www.eclipse.org www.googletagmanager.com www.google-analytics.com; connect-src 'self' www.google-analytics.com; img-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline' www.eclipse.org; base-uri 'self';form-action 'self'; frame-src 'self' 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com/js/siteanalyze_6003145.js ;object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' data: https://i.ytimg.com https://lovdata.no/static/SF/sf-20211215-3636-01-01.png https://6003145.global.siteimproveanalytics.io https://szsurvey.siteimprove.com https://szsurvey-r1.siteimprove.com;frame-src https://www.youtube.com https://app.powerbi.com 'self';font-src 'self';connect-src 'self' https://pdx-col.eum-appdynamics.com https://fra-col.eum-appdynamics.com;base-uri 'self';manifest-src 'none';upgrade-insecure-requests;block-all-mixed-content;report-uri /api/mt1535/csp/report; 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://jf.x.com https://jf.twitter.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com ws://localhost:8008/v2/ipc https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com https://localhost.twitter.com:3443 https://localhost.x.com:3443; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://static.ads-twitter.com  'nonce-MmMxZjA4MDItM2JlZC00ZWM5LWFjMWItZjU5NWUyMjUxNTU0'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
script-src 'self' 'unsafe-eval' 'unsafe-inline'     px.gumgum.com    ads-engagement.presage.io    px4.ads.linkedin.com    ssg-preview.qubit.com   applepay.cdn-apple.com   pay.google.com   cdn2.gbqofs.com   stash.qubitproducts.com    tally-1.qubitproducts.com    recs.qubit.com    queries.qubit.com    datasets.qubit.com    gong-eb.qubit.com    gong-gc.qubit.com    zonk.qubit.com    lookup.qubit.com    orca.qubitproducts.com    orca-v2.qubitproducts.com    api.qubit.com    app.qubit.com    integrations.qubit.com    static.goqubit.com    daira55y1kubs.cloudfront.net *.laiye.com     d3mhw2pbijpnft.cloudfront.net    dd6zx4ibq538k.cloudfront.net    d3drxpsm374orh.cloudfront.net    d3c3cq33003psk.cloudfront.net    d22rutvoghj3db.cloudfront.net    d1m54pdnjzjnhe.cloudfront.net    d2r7uc8e08s26x.cloudfront.net    d3drxpsm374orh.cloudfront.net    messages.qubit.com     ws.sessioncam.com    console.sessioncam.com *.sojern.com  ad.doubleclick.net www.google.com  *.adsrvr.org   twitter.com     youtube.com    instagram.com     qubit.com    google.co.uk     sessioncam.com     cloudfront.net    daysoutguide.co.uk   swrap.tradedoubler.com   www.google-analytics.com    http://widget.consentric.io/public/script/initWidget.js https://widget.consentric.io/public/script/initWidget.js  https://tagmanager.google.com http://tagmanager.google.com  http://www.googletagmanager.com https://www.googletagmanager.com http://widget.consentric.io/public/init.js  https://widget.consentric.io/public/init.js https://snap.licdn.com/li.lms-analytics/insight.min.js  http://snap.licdn.com/li.lms-analytics/insight.min.js   http://services.postcodeanywhere.co.uk/js/platformcaptureplus-2.34.min.js  https://services.postcodeanywhere.co.uk/js/platformcaptureplus-2.34.min.js http://widget.sandbox.consentric.io/public/script/initWidget.js  https://widget.sandbox.consentric.io/public/script/initWidget.js  http://www.googletagmanager.com/gtm.js  https://www.googletagmanager.com/gtm.js http://widget.sandbox.consentric.io/public/init.js https://widget.sandbox.consentric.io/public/init.js  http://first11225.pcapredict.com/js/sensor.js https://first11225.pcapredict.com/js/sensor.js  http://analytics.twitter.com https://analytics.twitter.com  http://d6tizftlrpuof.cloudfront.net https://d6tizftlrpuof.cloudfront.net  http://dd6zx4ibq538k.cloudfront.net https://dd6zx4ibq538k.cloudfront.net https://wrap.tradedoubler.com http://wrap.tradedoubler.com  https://custom.yieldify.com http://custom.yieldify.com https://svht.tradedoubler.com http://svht.tradedoubler.com http://td.yieldify.com  https://td.yieldify.com http://static.ads-twitter.com https://static.ads-twitter.com https://static.goqubit.com http://static.goqubit.com  https://d2oh4tlt9mrke9.cloudfront.net http://d2oh4tlt9mrke9.cloudfront.net http://consent.trustarc.com https://consent.trustarc.com  https://www.avantiwestcoast.co.uk http://www.avantiwestcoast.co.uk  http://consent.truste.com  https://consent.truste.com     https://connect.facebook.net/      https://www.google-analytics.com/analytics.js       https://cdn.sub2tech.com/        https://sc-static.net/scevent.min.js       https://paperplaneslive.com/paperplanes/js/tracker.php       https://connect.facebook.net/en_US/fbevents.js        https://w.usabilla.com/       https://www.klick2contact.com/       https://api.usabilla.com/       https://api.reciteme.com/        https://dataservices.sub2tech.com/      https://dev.visualwebsiteoptimizer.com/       https://www.googletagmanager.com/        https://ajax.googleapis.com/     https://cdn.syndication.twimg.com/timeline/profile     https://www.google.com/      https://maps.googleapis.com/       https://www.gstatic.com/       https://platform.twitter.com/      https://tags.tiqcdn.com/     http://tags.tiqcdn.com/       http://connect.facebook.net/      http://www.google-analytics.com/analytics.js       http://cdn.sub2tech.com/        http://sc-static.net/scevent.min.js       http://paperplaneslive.com/paperplanes/js/tracker.php       http://connect.facebook.net/en_US/fbevents.js        http://w.usabilla.com/       http://www.klick2contact.com/       http://api.usabilla.com/       http://api.reciteme.com/        http://dataservices.sub2tech.com/      http://dev.visualwebsiteoptimizer.com/        http://www.googletagmanager.com/       http://ajax.googleapis.com/     http://cdn.syndication.twimg.com/timeline/profile      http://www.google.com/      http://maps.googleapis.com/      http://www.gstatic.com/       http://platform.twitter.com/    https://wctrainid.co.uk/ https://pfw-prod-ukwest-safespaceonline.azurewebsites.net/   https://translate.google.com/ https://translate.googleapis.com/  https://translate-pa.googleapis.com/ https://img-statics.com https://widget.mindsay.com https://widget.destygo.com/  https://github.com https://widget-socket.mindsay.com  https://bom.destygo.com https://widget-events.mindsay.com  https://www.mindsay.com https://unpkg.com https://bat.bing.com https://www.paypal.com  https://www.clarity.ms/  https://cdn2.gbqofs.com/ *.report.gbss.io  ad.doubleclick.net snap.licdn.com analytics.tiktok.com protect-eu.mimecast.com security-eu.mimecast.com  https://js.adsrvr.org/ https://cdn.gbqofs.com/   services.postcodeanywhere.co.uk    widget.sandbox.consentric.io    *.licdn.com   *.presage.io  ad.doubleclick.net  www.googleadservices.com   region1.analytics.google.com   tbs.tradedoubler.com    tbl.tradedoubler.com  pagead2.googlesyndication.com   adservice.google.com *.enterprisebot.co;          style-src 'self' 'unsafe-inline'  px.gumgum.com  ads-engagement.presage.io  px4.ads.linkedin.com ssg-preview.qubit.com stash.qubitproducts.com tally-1.qubitproducts.com recs.qubit.com queries.qubit.com datasets.qubit.com gong-eb.qubit.com gong-gc.qubit.com zonk.qubit.com lookup.qubit.com orca.qubitproducts.com orca-v2.qubitproducts.com api.qubit.com app.qubit.com integrations.qubit.com static.goqubit.com daira55y1kubs.cloudfront.net d3mhw2pbijpnft.cloudfront.net dd6zx4ibq538k.cloudfront.net d3drxpsm374orh.cloudfront.net d3c3cq33003psk.cloudfront.net d22rutvoghj3db.cloudfront.net d1m54pdnjzjnhe.cloudfront.net d2r7uc8e08s26x.cloudfront.net d3drxpsm374orh.cloudfront.net messages.qubit.com  ws.sessioncam.com console.sessioncam.com www.google.com twitter.com  youtube.com instagram.com  qubit.com google.co.uk  sessioncam.com  cloudfront.net daysoutguide.co.uk  http://services.postcodeanywhere.co.uk/css/platformcaptureplus-2.34.min.css  https://services.postcodeanywhere.co.uk/css/platformcaptureplus-2.34.min.css  http://api.reciteme.com/  https://api.reciteme.com/  http://ton.twimg.com   https://ton.twimg.com    https://www.klick2contact.com/       https://d6tizftlrpuof.cloudfront.net/           https://cdn.sub2tech.com/ccs/d702ab8c-94b1-4e48-9190-24faa74ef0b0/popstyle_2.css      https://cdnjs.cloudflare.com/ajax/       https://cdnjs.cloudflare.com/      https://maxcdn.bootstrapcdn.com/      https://fonts.googleapis.com/      https://platform.twitter.com/       http://www.klick2contact.com/      http://d6tizftlrpuof.cloudfront.net/            http://cdn.sub2tech.com/ccs/d702ab8c-94b1-4e48-9190-24faa74ef0b0/popstyle_2.css      http://cdnjs.cloudflare.com/ajax/       http://cdnjs.cloudflare.com/      http://maxcdn.bootstrapcdn.com/      http://fonts.googleapis.com/      http://platform.twitter.com/ https://wctrainid.co.uk/  https://pfw-prod-ukwest-safespaceonline.azurewebsites.net/   https://translate.googleapis.com/ https://www.gstatic.com/  https://translate-pa.googleapis.com/ https://img-statics.com  https://widget.mindsay.com https://widget.destygo.com/  https://github.com https://widget-socket.mindsay.com  https://bom.destygo.com https://widget-events.mindsay.com  https://www.mindsay.com  https://unpkg.com https://bat.bing.com *.enterprisebot.co;   font-src 'self'   http://fonts.yieldify-production.com/fonts/ https://fonts.yieldify-production.com/fonts/  http://fonts.yieldify-production.com/fonts/100326/7de1dc24-75ae-46d2-b25f-01adc545e226.woff   https://fonts.yieldify-production.com/fonts/100326/7de1dc24-75ae-46d2-b25f-01adc545e226.woff  http://fonts.yieldify-production.com/fonts/100326/2140db2b-ebac-46a4-8fc5-481246ed4e8a.ttf  https://fonts.yieldify-production.com/fonts/100326/2140db2b-ebac-46a4-8fc5-481246ed4e8a.ttf  http://fonts.yieldify-production.com/fonts/100326/b86d3ed2-0b2d-4f11-b17a-c556e3632f68.otf  https://fonts.yieldify-production.com/fonts/100326/b86d3ed2-0b2d-4f11-b17a-c556e3632f68.otf     https://d6tizftlrpuof.cloudfront.net/      https://api.reciteme.com/      https://maxcdn.bootstrapcdn.com       https://fonts.gstatic.com/      http://www.klick2contact.com/      http://d6tizftlrpuof.cloudfront.net/       http://api.reciteme.com/      http://cdn.sub2tech.com/ccs/d702ab8c-94b1-4e48-9190-24faa74ef0b0/popstyle_2.css       http://cdnjs.cloudflare.com/ajax/      http://cdnjs.cloudflare.com/      http://maxcdn.bootstrapcdn.com/       http://fonts.googleapis.com/      http://platform.twitter.com/ https://wctrainid.co.uk/  https://pfw-prod-ukwest-safespaceonline.azurewebsites.net/   https://translate.googleapis.com/ https://www.gstatic.com/  https://translate-pa.googleapis.com/ https://img-statics.com  https://widget.mindsay.com https://widget.destygo.com/  https://github.com https://widget-socket.mindsay.com  https://bom.destygo.com https://widget-events.mindsay.com  https://www.mindsay.com  https://unpkg.com https://bat.bing.com *.cloudfront.net    *.usabilla.com    https://fonts.googleapis.com  *.cloudflare.com   https://fonts.gstatic.com  *.reciteme.com  https://pfw-prod-ukwest-safespaceonline.azurewebsites.net/   https://maxcdn.bootstrapcdn.com/ *.enterprisebot.co;   img-src 'self' data: px.gumgum.com ads-engagement.presage.io px4.ads.linkedin.com ssg-preview.qubit.com stash.qubitproducts.com tally-1.qubitproducts.com recs.qubit.com queries.qubit.com datasets.qubit.com gong-eb.qubit.com gong-gc.qubit.com zonk.qubit.com lookup.qubit.com orca.qubitproducts.com orca-v2.qubitproducts.com api.qubit.com app.qubit.com integrations.qubit.com static.goqubit.com daira55y1kubs.cloudfront.net d3mhw2pbijpnft.cloudfront.net dd6zx4ibq538k.cloudfront.net d3drxpsm374orh.cloudfront.net d3c3cq33003psk.cloudfront.net d22rutvoghj3db.cloudfront.net d1m54pdnjzjnhe.cloudfront.net d2r7uc8e08s26x.cloudfront.net d3drxpsm374orh.cloudfront.net messages.qubit.com  ws.sessioncam.com console.sessioncam.com www.google.com twitter.com  youtube.com instagram.com  qubit.com google.co.uk  sessioncam.com  cloudfront.net daysoutguide.co.uk px.ads.linkedin.com ws.sessioncam.com www.google.com www.google.co.in www.linkedin.com p.adsymptotic.com connect.facebook.net pbs.twimg.com abs.twimg.com ton.twimg.com platform.twitter.com api.reciteme.com   www.facebook.com   http://picouat.avantiwestcoast.co.uk   https://picouat.avantiwestcoast.co.uk   http://10037031.fls.doubleclick.net   https://10037031.fls.doubleclick.net   http://9767686.fls.doubleclick.net   https://9767686.fls.doubleclick.net   https://consent.trustarc.com   http://consent.trustarc.com   https://secure.adnxs.com   http://secure.adnxs.com   https://d6tizftlrpuof.cloudfront.net   http://d6tizftlrpuof.cloudfront.net   http://www.google-analytics.com   https://www.google-analytics.com   maps.gstatic.com   maps.googleapis.com   play.google.com   linkmaker.itunes.apple.com   w.usabilla.com   t.co   assets-v2.yieldify.com   www.daysoutguide.co.uk   assets.yieldify.com   services.postcodeanywhere.co.uk   https://wctrainid.co.uk/    https://pfw-prod-ukwest-safespaceonline.azurewebsites.net/    https://www.gstatic.com/   https://img-statics.com   https://img.evbuc.com/  https://widget.mindsay.com https://widget.destygo.com/  https://github.com https://widget-socket.mindsay.com  https://bom.destygo.com https://widget-events.mindsay.com  https://www.mindsay.com  https://unpkg.com  https://images.mindsay.com http://boi.destygo.com/  https://destygo-public.s3.eu-central-1.amazonaws.com www.google.co.uk https://bat.bing.com https://analytics.twitter.com https://t.paypal.com https://ade.googlesyndication.com/  ad.doubleclick.net *.googletagmanager.com   https://d6tizftlrpuof.cloudfront.net https://*.usabilla.com   https://fonts.gstatic.com   https://translate.googleapis.com/   https://translate.google.com/    *.gumgum.com   *.linkedin.com  *.presage.io   www.google.co.in   *.doubleclick.net  http://connect.facebook.net *.enterprisebot.co *.adsrvr.org *.adnxs.com *.sojern.com *.google.com;       frame-ancestors 'self' https://africaoye.com/   https://devafest.co.uk/;   object-src 'none' 1
default-src *.ewe.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ewe.de *.googletagmanager.com *.google-analytics.com www.youtube.com consent.cookiebot.com *.intelliad.de s.ytimg.com empfehlen-admin.pso-vertrieb.de connect.facebook.net www.dwin1.com *.rfihub.com *.rfihub.net *.adform.net *.adc-srv.net *.google.de *.google.com bat.bing.com *.bing.com/bat.js *.doubleclick.net *.g.doubleclick.net *.googleadservices.com *.gstatic.com *.googleapis.com *.ad4mat.de journeyengine.production.wlp.cloud ewe-journeys.production.wlp.cloud journeyengine.staging.wlp.cloud *.ad4mat.at *.ad4mat.ch *.adsrvr.org consentcdn.cookiebot.com ad4m.at cdn.sitesearch360.com cdn.cai.tools.sap js.sitesearch360.com apps.mypurecloud.de lantern.roeyecdn.com; connect-src 'self' *.ewe.de global.sitesearch360.com *.googletagmanager.com *.google-analytics.com maps.googleapis.com stats.g.doubleclick.net ewe-ckd-faq-bot-3q50idha.sapcai.eu10.hana.ondemand.com consentcdn.cookiebot.com api.mypurecloud.de insights.sitesearch360.com api-cdn.mypurecloud.de wss://webmessaging.mypurecloud.de www.google.com/pagead/; img-src 'self' *.ewe.de images.ctfassets.net *.intelliad.de www.google-analytics.com *.amazonaws.com *.doubleclick.net *.g.doubleclick.net *.facebook.com *.adform.net ad4m.at *.ad4m.at *.smartadserver.com *.googletagmanager.com adservice.google.com *.gstatic.com ih.adscale.de a.twiago.com dmp.ad4mat.net adservice.google.de maps.googleapis.com cdn.cai.tools.sap r.adserver01.de ad11.adfarm1.adition.com secure.adnxs.com imagesrv.adition.com imgsct.cookiebot.com blob: data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com *.ewe.de cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com *.ewe.de cdnjs.cloudflare.com; frame-src ad4m.at ad4mat.net match.adsrvr.org www.facebook.com ad4mat.at widget.whappodo.com consentcdn.cookiebot.com insight.adsrvr.org youtube.com www.youtube.com journeyengine.production.wlp.cloud ewe-journeys.production.wlp.cloud journeyengine.staging.wlp.cloud apps.mypurecloud.de td.doubleclick.net *.ewe.de; media-src 'self' data.ewe.de; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://babiel.jobbase.io https://babiel.onlyfy.jobs https://*.usercentrics.eu https://www.instagram.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://fast.fonts.net; img-src 'self' data: https://www.google-analytics.com https://*.usercentrics.eu; frame-src 'self' https://babiel.jobbase.io https://babiel.onlyfy.jobs https://www.youtube-nocookie.com https://www.instagram.com https://*.usercentrics.eu; connect-src 'self' https://www.google-analytics.com https://*.usercentrics.eu 1
frame-ancestors *.inbenta.services https://www.sacem.fr 1
frame-ancestors https://*.ryobitools.eu https://*.roboyagi.com 1
upgrade-insecure-requests;block-all-mixed-content;default-src 'self' *.driftt.com;connect-src 'self' *.analytics.google.com *.doubleclick.net *.google-analytics.com *.linkedin.com *.osano.com *.salesloft.com *.topworkplaces.com *.yoast.com analytics.google.com aorta.clickagy.com api.redirect.li api.typeform.com cdn.linkedin.oribi.io edge.fullstory.com hemsync.clickagy.com https://api.stripe.com https://maps.googleapis.com rs.fullstory.com ws.zoominfo.com vimeo.com yoast.com topworkplaces.com;font-src 'self' data: *.bootstrapcdn.com *.topworkplaces.com fonts.googleapis.com fonts.gstatic.com topworkplaces.com topworkplaces.com;form-action 'self' *.calendly.com calendly.com topworkplaces.com info.energage.com player.vimeo.com www.facebook.com;frame-ancestors 'self';frame-src 'self' *.driftt.com *.adsrvr.org *.doubleclick.net *.google.com *.osano.com *.vimeo.com *.youtube.com app.essential-addons.com calendly.com form.typeform.com hemsync.clickagy.com https://hooks.stripe.com https://js.stripe.com info.energage.com www.facebook.com;img-src 'self' data: * 'unsafe-eval' 'unsafe-inline' *.addthisedge.com *.calendly.com *.calendly.com *.calendly.com *.crocoblock.com *.doubleclick.net *.doubleclick.net *.energage.com *.facebook.com *.facebook.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com www.google.com *.licdn.com *.linkedin.com *.moatads.com *.topworkplaces.com *.vimeocdn.com *.w.org calendly.com calendly.com calendly.com connect.facebook.net data: fonts.googleapis.com maxcdn.bootstrapcdn.com player.vimeo.com secure.gravatar.com topworkplaces.com;object-src 'self' info.energage.com;script-src blob: http: https: 'self' 'unsafe-inline' 'unsafe-eval' *.addthisedge.com *.calendly.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.driftt.com *.facebook.com *.fullstory.com *.google-analytics.com *.google.com *.googleadservices.com *.gstatic.com *.licdn.com *.osano.com *.pardot.com *.salesloft.com *.topworkplaces.com calendly.com connect.facebook.net embed.typeform.com https://js.stripe.com https://maps.googleapis.com info.energage.com js.adsrvr.org maxcdn.bootstrapcdn.com player.vimeo.com tag.simpli.fi topworkplaces.com www.googletagmanager.com ws.zoominfo.com tags.clickagy.com yoast.com;style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.gstatic.com *.osano.com *.topworkplaces.com embed.typeform.com fonts.googleapis.com topworkplaces.com;worker-src blob: *.osano.com self topworkplaces.com; 1
base-uri 'self'; default-src https:; object-src 'none'; frame-src 'self' *.acronis.com *.salesforceliveagent.com *.driftt.com *.visualize-roi.com *.doubleclick.net optimize.google.com platform.twitter.com syndication.twitter.com vars.hotjar.com widget.trustpilot.com www.facebook.com www.google.com www.youtube.com www.recaptcha.net *.visualwebsiteoptimizer.com app.vwo.com; frame-ancestors 'none'; font-src 'self' *.acronis.com fonts.googleapis.com fonts.gstatic.com script.hotjar.com; style-src 'unsafe-inline' 'self' *.acronis.com cdn.cookielaw.org fonts.googleapis.com optimize.google.com platform.twitter.com tagmanager.google.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; img-src 'self' data: *.acronis.com *.analytics.google.com *.clarity.ms *.facebook.com *.g.cn *.g.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.linkedin.com *.twimg.com *.ytimg.com acronis.events b.6sc.co bat.bing.com c.bing.com c212.net cdn.cookielaw.org maps.gstatic.com media.slapfive.com optimize.google.com p.adsymptotic.com pixel.mathtag.com script.hotjar.com ssl.gstatic.com syndication.twitter.com trkn.us www.gstatic.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com www.mczbf.com alb.reddit.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleapis.com *.gstatic.com; connect-src 'self' ws: *.6sc.co *.6sense.com *.workday.com *.herokuapp.com *.acronis.com *.adnxs.com *.analytics.google.com *.bing.com *.clarity.ms *.fullcircleinsights.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.mutinycdn.com *.onetrust.com *.s3.amazonaws.com *.scarabresearch.com *.schemaapp.com *.sentry.io *.visualize-roi.com *.influ2.com *.linkedin.com 929-hvv-335.mktoresp.com api.greenhouse.io cdn.cookielaw.org maps.googleapis.com cdn.linkedin.oribi.io www.mczbf.com *.visualwebsiteoptimizer.com app.vwo.com www.redditstatic.com 6sense.deian.eu *.mplat-ppcprotect.com *.reddit.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleapis.com *.gstatic.com; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-1aa80cc2ddcbddf3da880959fa61bcd2' *.acronis.com *.googletagmanager.com tagmanager.google.com *.visualize-roi.com optimize.google.com www.google-analytics.com www.googleadservices.com www.googleanalytics.com www.googleoptimize.com *.visualwebsiteoptimizer.com app.vwo.com 1
frame-ancestors 'self' https://community.scaledagile.com/ 1
default-src 'self' sustainalytics.susc4318.eas.morningstar.com https://*.hubspot.com https://*.hubspot.io https://*.hubapi.com https://*.hsforms.com https://*.hotjar.com https://*.hotjar.io https://s3.console.aws.amazon.com https://*.bizible.com *.newrelic.com https://*.nr-data.net https://*.morningstar.com https://www.morningstar.*; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' sustainalytics.susc4318.eas.morningstar.com *.google.com *.googletagmanager.com *.googleadservices.com https://snap.licdn.com/ https://syndication.twitter.com http://platform.stumbleupon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org *.msecnd.net https://*.hubspot.com https://*.hubapi.com https://*.hsforms.com https://*.hsforms.net https://*.hs-scripts.com http://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsleadflows.net https://hubspot-forms-static-embed.s3.amazonaws.com https://js.hscollectedforms.net https://*.hotjar.com https://*.hotjar.io https://js.hsadspixel.net https://js.usemessages.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://*.6sc.co https://cdn.amcharts.com https://*.bizible.com https://*.bizibly.com https://*.newrelic.com https://*.nr-data.net https://*.surveymonkey.com https://*.ytimg.com http://j.6sc.co http://cdn.bizible.com http://bat.bing.com web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' sustainalytics.susc4318.eas.morningstar.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://*.hotjar.com https://*.hotjar.io https://code.jquery.com web-chat.nativechat.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com sustainalytics.susc4318.eas.morningstar.com *.azureedge.net *.google.com *.google-analytics.com https://static.licdn.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://px.ads.linkedin.com *.eloqua.com https://*.hubspot.com track.hubspot.com https://js.hsleadflows.net https://*.hsforms.com https://*.hotjar.com https://*.hotjar.io https://*.google.com https://*.youtube.com https://*.6sc.co https://*.bizible.com https://*.bizibly.com http://b.6sc.co https://bat.bing.com web-chat.nativechat.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: sustainalytics.susc4318.eas.morningstar.com https://*.hotjar.com https://*.morningstar.com; connect-src 'self' data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com sustainalytics.susc4318.eas.morningstar.com *.google.com *.analytics.google.com https://stats.g.doubleclick.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.visualstudio.com https://*.hubspot.com https://*.hubapi.com https://api.hubapi.com https://*.hsforms.com https://*.hotjar.com wss://*.hotjar.com https://code.jquery.com *.6sc.co *.newrelic.com https://*.nr-data.net https://*.adnxs.com https://forms.hscollectedforms.net forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: *.azureedge.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com sustainalytics.susc4318.eas.morningstar.com web-chat.nativechat.com; frame-src sustainalytics.susc4318.eas.morningstar.com https://*.google.com https://*.youtube.com https://*.gotowebinar.com/ https://youtu.be https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://*.hotjar.com https://*.hotjar.io https://*.podbean.com 'self' web-chat.nativechat.com forms.hsforms.com 1
frame-ancestors 'self' *.mexc.me *.mexc.com *.mexceu.com *.mexc.kr *.mexc.co sensors.xiaoxiame.com *.365huo.xyz *.mexc.fm *.mexc.in *.mexc.us *.greentreeone.com *.gdiii.xyz *.mcaketech.com 1
base-uri 'none';child-src 'none';connect-src 'self' https://play.vidyard.com https://noembed.com/ https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://go.esko.com/ https://privacyportalde-cdn.onetrust.com/ cloudflareinsights.com https://play.goconsensus.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://auth.statik.space/ https://js.zi-scripts.com https://px.ads.linkedin.com https://ws.zoominfo.com;default-src 'self';font-src 'self' https://fonts.gstatic.com data:;form-action 'self';frame-ancestors 'self' https://esko.showpad.biz;frame-src youtube.com www.youtube.com https://play.vidyard.com https://play.goconsensus.com https://bid.g.doubleclick.net https://www.google.com/ https://js.driftt.com https://widget.drift.com;img-src 'self' https: data: blob: http://play.vidyard.com www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net https://www.google.com https://google.com;manifest-src 'self';media-src 'self' https://js.driftt.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' youtube.com www.youtube.com https://play.vidyard.com https://cdn.jsdelivr.net/ https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js static.cloudflareinsights.com https://play.goconsensus.com https://www.googletagmanager.com https://cdn.cookielaw.org https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://js.driftt.com https://widget.drift.com https://sc.lfeeder.com https://js.zi-scripts.com https://snap.licdn.com;style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com;worker-src 'self'; 1
connect-src 'self' widget.datablocks.se https://publish.ne.cision.com https://ssm.teliacompany.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-de.onetrust.com wss://collection.decibelinsight.net *.decibelinsight.net https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://www.google.com https://www.google.se https://app.lifeinside.io https://backend.lifeinside.io https://media.lifeinside.io; default-src 'self' https://www.googletagmanager.com; font-src 'self' https://cdn.voca.teliacompany.com https://fonts.gstatic.com; img-src 'self' https://images.ctfassets.net https://cdn-assets-eu.frontify.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.voca.teliacompany.com https://mb.cision.com data: https://ssm.teliacompany.com blob: https://px.ads.linkedin.com https://www.googletagmanager.com https://media.lifeinside.io; media-src 'self' https://cdn-assets-eu.frontify.com https://media.lifeinside.io; script-src 'self' 'unsafe-eval' blob: 'nonce-datablocks/widget' https://ssm.teliacompany.com https://cdn.cookielaw.org https://cdn.decibelinsight.net https://www.google.com https://www.gstatic.com https://snap.licdn.com https://stats.g.doubleclick.net https://app.lifeinside.io https://widget.lifeinside.io https://tools.euroland.com; style-src 'unsafe-inline' 'self' widget.datablocks.se https://fonts.googleapis.com; frame-src 'self' widget.datablocks.se https://telia-external.videomarketingplatform.co https://tools.eurolandir.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://telia.videosync.fi https://telia-company.videosync.fi https://ssm.teliacompany.com; object-src 'none' 1
frame-ancestors 'self' http://guidewire.pathfactory.com https://guidewire.pathfactory.com http://explore.guidewire.com https://explore.guidewire.com 1
worker-src blob:; script-src 'self' blob: assets.adobedtm.com www.allegion.com cdn.cookielaw.org lp.allegion.com www.gstatic.com s.ytimg.com www.google.com www.googletagmanager.com www.google-analytics.com privacyportal-cdn.onetrust.com www.calendarwiz.com sdk.inbenta.io cdn.inbenta.io api.inbenta.io snap.licdn.com static.hotjar.com script.hotjar.com 507-ESY-281.mktoweb.com 718-RFD-040.mktoweb.com munchkin.marketo.net hackerone.com 'unsafe-eval' 'unsafe-inline' 1
frame-ancestors 'self' *.force.com *.salesforce.com *.saleshood.com *.xactlycorp.com *.paloaltonetworks.com *.visualforce.com *.seismic.com *.skillshood.com *.salesloft.com *.dynamics.com *.instructure.com *.highspot.com *.meltwater.com *.whitedog.app *.whitedogcyber.com 1
default-src 'self' cdn.sanity.io cdn.equinor.com; style-src 'report-sample' 'self' 'unsafe-inline' https://cdn.eds.equinor.com https://platform.twitter.com https://*.twimg.com; script-src 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: https://*.googletagmanager.com https://siteimproveanalytics.com https://*.cookiebot.com https://consentcdn.cookiebot.com https://platform.twitter.com https://cdn.syndication.twimg.com/ https://www.youtube.com ; img-src 'self' data: https://cdn.eds.equinor.com https://cdn.sanity.io https://cdn.equinor.com https://*.siteimproveanalytics.io https://*.googletagmanager.com https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://i.ytimg.com https://*.cookiebot.com ; connect-src 'self' cdn.sanity.io cdn.equinor.com https://bcdn.screen9.com https://qcdn.screen9.com https://h61q9gi9.api.sanity.io https://tools.eurolandir.com https://inferred.litix.io/ https://*.algolia.net https://*.algolianet.com https://*.cookiebot.com https://eu-api.friendlycaptcha.eu ; child-src blob:; frame-src 'self' https://consentcdn.cookiebot.com https://lt.morningstar.com https://www.youtube.com https://vimeo.com https://sds-maintenance.com https://tools.eurolandir.com https://platform.twitter.com https://syndication.twitter.com https://vds.issgovernance.com https://*.plaii.no https://livestream.com https://*.castr.com https://pixel.as https://www.youtube-nocookie.com https://h61q9gi9.api.sanity.io http://localhost:3333; frame-ancestors https://studio-global-equinor-web-sites-preprod.c2.radix.equinor.com https://studio-global-equinor-web-sites-prod.c2.radix.equinor.com http://studiov3-global-development-equinor-web-sites-dev.c2.radix.equinor.com https://equinor.sanity.studio; font-src 'self' https://cdn.eds.equinor.com data:; media-src 'self' blob: https://bcdn.screen9.com https://qcdn.screen9.com https://cdn.sanity.io/ https://cdn.equinor.com/; 1
script-src 'unsafe-inline' 'unsafe-eval' https: blob:;object-src https://*.maxi.rs https://*.svc.maxi.rs https://d3el976p2k4mvu.cloudfront.net; base-uri https://tau.collect.igodigital.com/; upgrade-insecure-requests; frame-ancestors https://*.maxi.rs https://*.svc.maxi.rs https://d3el976p2k4mvu.cloudfront.net; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; font-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; connect-src https: wss: data:; img-src https: data:; style-src-elem https: blob: 'self' 'unsafe-inline'; style-src 'self' https: blob: 'unsafe-inline' 1
default-src 'self' cdn.jsdelivr.net bid.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' translate-pa.googleapis.com translate.googleapis.com translate.google.com ajax.googleapis.com maps.googleapis.com cdn.jsdelivr.net unpkg.com npmcdn.com googleads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com connect.facebook.net static.ctctcdn.com cdnjs.cloudflare.com www.google.com www.gstatic.com; connect-src 'self' translate.googleapis.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com listgrowth.ctctcdn.com maps.googleapis.com; img-src 'self' fonts.gstatic.com www.gstatic.com maps.googleapis.com maps.gstatic.com static.ctctcdn.com fakeimg.pl img.youtube.com data: cdnjs.cloudflare.com www.google.com.tw www.facebook.com www.google.com googleads.g.doubleclick.net www.google-analytics.com; style-src 'self' 'unsafe-inline' www.gstatic.com cdn.jsdelivr.net fonts.googleapis.com unpkg.com static.ctctcdn.com maxcdn.bootstrapcdn.com; font-src 'self' maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.gstatic.com; frame-src 'self' bid.g.doubleclick.net www.youtube.com www.facebook.com www.google.com; base-uri 'self'; form-action 'self' www.facebook.com; frame-ancestors 'self'; 1
default-src 'self' *.youtube.com *.mapy.cz; font-src 'self' fonts.gstatic.com data:; img-src 'self' data: *.ytimg.com *.bzcompany.cz webarchiv.cz toplist.cz; script-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net *.google-analytics.com *.googleapis.com; script-src 'self' 'unsafe-inline' *.google-analytics.com *.bzcompany.cz cdn.jsdelivr.net *.googleapis.com; style-src 'unsafe-inline' 'self' *.googleapis.com *.jsdelivr.net; connect-src 'self' *.google-analytics.com *.doubleclick.net; frame-src 'self' *.genial.ly *.mapy.cz *.youtube.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com https://digitalkyc.bulbankonline.bg; connect-src 'self' https://localhost:53952/; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; frame-ancestors 'none'; 1
object-src 'self'; frame-ancestors 'none'; upgrade-insecure-requests; base-uri 'none'; report-uri https://47327c6a613c1754bda1362d946d96dd.report-uri.com/r/t/csp/enforce; report-to csp-endpoint 1
default-src 'self' https: http:; script-src 'strict-dynamic' 'unsafe-inline' https: 'nonce-GPAnDjXoJEryLw5EmUlu3g=='; frame-src 'self' https:; frame-ancestors 'self' https:; font-src 'self' https: data: https://fonts.gstatic.com https://fonts.googleapis.com/; img-src 'self' https: data:; object-src 'none'; style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com/; base-uri 'none' 1
frame-ancestors *.johnmuirhealth.com 1
frame-ancestors 'self' *.gisher.me https://gisher.news https://gisher.org 1
default-src 'self' *; connect-src *; font-src * data:; frame-src *; img-src * data:; script-src blob: * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
font-src *.fontawesome.com fonts.googleapis.com fonts.gstatic.com cdn.livechatinc.com *.tradecentric.com *.ariba.com *.monetate.net *.typekit.net *.punchout2go.com 'self' data: *.gstatic.com *.stape.io 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cybersource.com *.tradecentric.com *.ariba.com *.t.eloqua.com tracking.barcodesinc.com *.monetate.net *.searchspring.io *.punchout2go.com 'self' data: yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.tradecentric.com *.ariba.com *.monetate.net *.punchout2go.com 'self' data: 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com secure.livechatinc.com vars.hotjar.com *.google.com *.hotjar.io *.youtube.com *.doubleclick.net *.trustpilot.com www.googletagmanager.com challenges.cloudflare.com *.tradecentric.com *.ariba.com *.jotform.com *.braintree-api.com *.braintreegateway.com *.kaptcha.com *.paypal.com *.monetate.net *.weltpixel.com *.punchout2go.com *.google.com.ua *.google.co.uk *.stape.io yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com cdn.barcodesinc.com *.bing.com *.barcodesinc.com *.shop.ocr.ca *.levata.com *.clarity.ms *.google.com www.googletagmanager.com www.google.co.in cdn.livechatinc.com *.en25.com *.powerreviews.com *.typekit.net *.gstatic.com *.googleapis.com *.googleusercontent.com *.ytimg.com *.nr-data.net *.youtube.com *.tradecentric.com *.ariba.com cdn.searchspring.net www.barcodespim.com pagesense-collect.zoho.com *.userguiding.com *.paypal.com *.cloudinary.com *.monetate.net rdcdn.com i.liadm.com aa.trkn.us p.alocdn.com *.punchout2go.com 'self' data: *.google.com.ua *.google.co.uk *.doubleclick.net *.stape.io https://redchamps.com www.xtento.com cdn.xtento.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com static.hotjar.com script.hotjar.com *.hotjar.io *.bing.com *.clarity.ms *.gstatic.com cdn.livechatinc.com api.livechatinc.com static.cloudflareinsights.com *.en25.com js-agent.newrelic.com snip.bronto.com *.nr-data.net *.barcodesinc.com *.shop.ocr.ca *.levata.com cdn.searchspring.net *.powerreviews.com *.typekit.net *.googleapis.com *.google.com *.ggpht.com *.googleusercontent.com *.noibu.com *.googleoptimize.com googleads.g.doubleclick.net cdn.pagesense.io *.trustpilot.com *.cloudflare.com challenges.cloudflare.com *.tradecentric.com *.ariba.com *.userguiding.com *.paypal.com *.monetate.net websitevisitorleads.com s3-us-west-2.amazonaws.com b-code.liadm.com data.processwebsitedata.com fe.sitedataprocessing.com *.licdn.com *.facebook.net *.thecustomproductbuilder.com *.searchspring.io *.punchout2go.com *.google.com.ua *.google.co.uk *.googletagmanager.com *.doubleclick.net *.stape.io *.avada.io https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com cdn.searchspring.net *.powerreviews.com fonts.googleapis.com *.gstatic.com *.tradecentric.com *.ariba.com *.monetate.net *.typekit.net *.punchout2go.com *.googleapis.com *.googletagmanager.com *.stape.io tagmanager.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src cdn.livechatinc.com *.monetate.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.barcodesinc.com *.shop.ocr.ca *.levata.com *.clarity.ms www.google-analytics.com in.hotjar.com www.googleadservices.com *.google.com *.nr-data.net vars.hotjar.com stats.g.doubleclick.net maw.bronto.com www.google.co.in *.livechatinc.com *.powerreviews.com ws27.hotjar.com wss://wsp17.hotjar.com wss://ws.hotjar.com *.noibu.com wss://input.noibu.com *.gstatic.com *.googleapis.com *.hotjar.io *.hotjar.com *.paypal.com *.bing.com cloudflareinsights.com *.tradecentric.com *.ariba.com pagesense-collect.zoho.com *.userguiding.com *.braintree-api.com *.braintreegateway.com *.monetate.net *.searchspring.io *.punchout2go.com *.google-analytics.com *.stape.io https://get.geojs.io *.avada.io yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src static.zohocdn.com *.monetate.net http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://s7.addthis.com https://svc.webspellchecker.net https://loader.webspellchecker.net https://www.webspellchecker.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.ckeditor.com https://platform.twitter.com https://maps.googleapis.com https://www.google-analytics.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://svc.webspellchecker.net https://loader.webspellchecker.net https://www.webspellchecker.net https://*.google.com https://*.gstatic.com https://z.moatads.com https://www.googletagmanager.com https://v1.addthisedge.com https://*.freshchat.com https://*.freshworksapi.com https://*.rtschannel.com https://chat-widget.msd0001.stateauto.com https://code.jquery.com https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com https://tags.tiqcdn.com https://ajax.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ckeditor.com https://fonts.googleapis.com https://fast.fonts.net https://maxcdn.bootstrapcdn.com https://svc.webspellchecker.net https://tagmanager.google.com https://*.freshchat.com https://*.freshworksapi.com https://*.rtschannel.com https://chat-widget.msd0001.stateauto.com https://code.jquery.com https://cdn.jsdelivr.net; img-src 'self' data: https://cdn.ckeditor.com https://www.google-analytics.com https://svc.webspellchecker.net https://loader.webspellchecker.net https://www.webspellchecker.net http://chart.apis.google.com https://maps.gstatic.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://*.freshchat.com https://chat-widget.msd0001.stateauto.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://s7.addthis.com https://svc.webspellchecker.net https://*.freshchat.com  wss://*.freshchat.com https://chat-widget.msd0001.stateauto.com https://fresh-api-dev.msd0001.stateauto.com/ https://stats.g.doubleclick.net https://maps.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true https://maps.googleapis.com/$rpc/google.internal.maps.mapsjs.v1.MapsJsInternalService/GetViewportInfo; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.freshchat.com https://chat-widget.msd0001.stateauto.com https://cdn.jsdelivr.net; frame-src 'self' https://www.youtube.com https://syndication.twitter.com https://platform.twitter.com https://s7.addthis.com https://loader.webspellchecker.net https://svc.webspellchecker.net https://www.webspellchecker.net https://*.google.com https://calendar.google.com https://accounts.google.com https://*.freshchat.com https://*.freshworksapi.com https://*.rtschannel.com https://*.widen.net https://widen.net https://www.youtube.com/ https://youtu.be; 1
frame-ancestors https://omilia.com; 1
default-src 'self'; script-src 'self' *.etracker.com *.etracker.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' *.etracker.com https://*.etracker.de; font-src 'self' data:; object-src 'self'; media-src 'self'; child-src 'self'; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; 1
upgrade-insecure-requests; block-all-mixed-content; default-src 'none'; worker-src blob:; base-uri 'self'; form-action 'self'; style-src 'self' 'unsafe-inline' js.arcgis.com use.typekit.net p.typekit.net tagmanager.google.com fonts.googleapis.com www.googletagmanager.com mfstatic.com m.mediaflow.com assets.mediaflowpro.com *.mediaflow.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.browsealoud.com plus.browsealoud.com js.arcgis.com web103.reachmee.com www.youtube.com consentcdn.cookiebot.com consent.cookiebot.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com www.youtube.com/iframe_api s.ytimg.com cdnjs.cloudflare.com code.jquery.com webbstatistik.sfv.se mfstatic.com m.mediaflow.com assets.mediaflowpro.com *.mediaflow.com code.jquery.com cdn.jsdelivr.net; font-src 'self' js.arcgis.com fonts.gstatic.com mfstatic.com m.mediaflow.com assets.mediaflowpro.com *.mediaflow.com use.typekit.net data:; img-src 'self' data: 'unsafe-inline' server.arcgisonline.com cdn.arcgis.com services.arcgisonline.com i.ytimg.com img.youtube.com ssl.gstatic.com www.google-analytics.com webbstatistik.sfv.se www.googletagmanager.com fonts.gstatic.com mfstatic.com m.mediaflow.com assets.mediaflowpro.com *.mediaflow.com www.google-analytics.com fastly.picsum.photos dummyimage.com *.cookiebot.com; connect-src 'self' blob: speech-eu.speechstream.net www.browsealoud.com plus.browsealoud.com arcgis.com static.arcgis.com basemaps.arcgis.com services.arcgisonline.com cdn.arcgis.com www.arcgis.com js.arcgis.com www.google-analytics.com consentcdn.cookiebot.com webbstatistik.sfv.se mfstatic.com m.mediaflow.com *.mediaflowpro.com *.mediaflow.com www.google-analytics.com; frame-src 'self' kartor.sfv.se consentcdn.cookiebot.com sfv.maps.arcgis.com www.youtube.com mfstatic.com m.mediaflow.com assets.mediaflowpro.com *.mediaflow.com *.mediaflowpro.com embed.pod.space web103.reachmee.com; frame-ancestors 'self'; media-src 'self' mfstatic.com m.mediaflow.com assets.mediaflowpro.com *.mediaflow.com blob: 1
script-src 'self' 18.232.28.107:9000 *.pearldiver.io *.trovo-tag.com *.facebook.net *.cookiebot.com *.salesloft.com *.g2crowd.com *.licdn.com *.chilipiper.com *.terminus.services *.terminusplatform.com *.mouseflow.com https://aacdn.nagich.com/ https://access.nagich.com/ 'unsafe-eval' *.experience.com *.socialsurvey.com https://maps.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.google.com https://www.gstatic.com https://js-agent.newrelic.com *.nr-data.net https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-hashes'; object-src 'self' *.experience.com *.socialsurvey.com; base-uri 'self' ; frame-ancestors 'self' 127.0.0.1 *.experience.com ;upgrade-insecure-requests; 1
default-src 'self' https: data:;                     style-src 'self' https: 'unsafe-inline';                     script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' https://ale-chat.datalake.systems/ https://www.yammer.com/         https://customer.al-enterprise.com https://forms.office.com https://login.microsoftonline.com/ https://persona.yammer.com/ https://players.brightcove.net/ https://platform.twitter.com/ https://syndication.twitter.com/ https://vars.hotjar.com/ https://s7.addthis.com/ https://www.google.com/;         child-src 'self' https://*.doubleclick.net/ https://ale-chat.datalake.systems/ https://www.yammer.com/ https://customer.al-enterprise.com         https://forms.office.com https://login.microsoftonline.com/ https://persona.yammer.com/ https://players.brightcove.net/ https://platform.twitter.com/ https://syndication.twitter.com/ https://vars.hotjar.com/ https://s7.addthis.com/ https://www.google.com/ https://maps.google.com/ https://www.facebook.com/ https://use.fontawesome.com/; worker-src 'self' blob:; 1
base-uri 'self'; connect-src 'self' https://api.opencagedata.com https://cdn.usefathom.com; font-src 'self'  https://assets.opencagedata.com; object-src 'none'; frame-ancestors 'none'; frame-src https://blog.opencagedata.com https://js.stripe.com https://forms.reform.app https://status.opencagedata.com https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' https://assets.opencagedata.com https://js.stripe.com https://cdn.jsdelivr.net https://unpkg.com https://embed.reform.app https://cdn.usefathom.com https://hcaptcha.com https://*.hcaptcha.com 'nonce-c03a3a903ca7fc243c46f9791ddcf21f'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net https://unpkg.com https://assets.opencagedata.com https://hcaptcha.com https://*.hcaptcha.com; worker-src blob: 1
script-src 'self' ajax.cloudflare.com 'unsafe-inline' 'unsafe-eval' static.cloudflareinsights.com cdn.usefathom.com cdn.matomo.cloud cdn.paddle.com 1.replies.io checkout.paddle.com cdn.ampproject.org public.profitwell.com static.profitwell.com js.sentry-cdn.com browser.sentry-cdn.com cdnjs.cloudflare.com 1
report-to slardar-endpoint; img-src 'self' *.bdxiguaimg.com *.bdxiguastatic.com *.toutiaoimg.com *.bytednsdoc.com *.bytexservice.com *.douyinpic.com data: *.byteacctimg.com *.toutiaostatic.com *.baidu.com *.aliyuncs.com *.gstatic.com *.itoutiaoimg.com http:; connect-src 'self' *.bytegoofy.com *.bytedance.net *.zijieapi.com *.365yg.com *.snssdk.com *.google-analytics.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.snssdk.com *.bytegoofy.com *.bytedance.net *.bdxiguastatic.com blob:; script-src 'self' 'nonce-9d59f138bebe21df2a72691e01782d72-argus' 'strict-dynamic' 'wasm-unsafe-eval' 'unsafe-eval' *.snssdk.com *.bytegoofy.com *.bytedance.net; upgrade-insecure-requests ; 1
frame-ancestors 'self' https://www.balasai.com http://xn--o1b5esay2abb.com 1
default-src 'self'; script-src 'self'; 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.as-coa.org/report-uri/enforce 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' 'unsafe-inline' ; img-src * 'self' data: ; font-src * data: blob: 'unsafe-inline'; 1
frame-ancestors 'self' https://*.forumfree.it/ 1
default-src 'self' www.dzh.com.cn ssp.gw.com.cn wss://websocket.gw.com.cn wss://gw.yundzh.com mnews.su.becbos.com mnews.dzh.com.cn dspweb.dzh.com.cn ws://gw.yundzh.com 'unsafe-inline' 'unsafe-eval' blob: data: ; 1
object-src 'none';frame-ancestors 'self';default-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.adremover.org  https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://d24n15hnbwhuhn.cloudfront.net https://*.google-analytics.com https://ajax.googleapis.com https://rum-static.pingdom.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://js.recurly.com https://*.amazon.com https://*.payments-amazon.com https://cdn.trackjs.com https://nsg.symantec.com https://www.youtube.com https://extreme-ip-lookup.com https://*.intercom.io https://*.intercomcdn.com https://*.fomo.com https://geocode.usefomo.com https://*.braintreegateway.com https://www.paypalobjects.com https://c.paypal.com https://bat.bing.com https://*.corel.com https://code.jquery.com https://cdn.cookielaw.org https://*.onetrust.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://tagmanager.google.com https://*.hotjar.com https://www.clarity.ms/ https://unpkg.com https://js.stripe.com/v3/; child-src 'self' https://*.adremover.org  https://*.google.com https://6837053.fls.doubleclick.net https://*.recurly.com https://api-cdn.amazon.com https://*.g.doubleclick.net https://*.amazon.com https://*.payments-amazon.com https://nsg.symantec.com https://*.paypal.com https://www.youtube.com https://*.braintreegateway.com https://*.kaptcha.com https://*.hotjar.com https://js.stripe.com/; img-src 'self' data: https://*.adremover.org  https://www.google.com https://www.google-analytics.com https://www.google.com.ua https://www.google.de https://*.pingdom.net https://usage.trackjs.com https://*.g.doubleclick.net https://www.googletagmanager.com https://*.gstatic.com https://d2ldlvi1yef00y.cloudfront.net https://*.ssl-images-amazon.com https://maps.googleapis.com https://nsg.symantec.com https://*.intercomassets.com https://*.intercomcdn.com https://s3-us-west-1.amazonaws.com https://s3.amazonaws.com https://assets.adremover.org https://*.braintreegateway.com https://*.paypal.com https://bat.bing.com https://cdn.cookielaw.org https://optimize.google.com https://c.clarity.ms https://*.filestackapi.com https://guarantee-cdn.com https://*.corel.com; connect-src 'self' https://*.adremover.org https://www.google.com https://api.recurly.com https://api.amplitude.com https://*.pingdom.net https://capture.trackjs.com https://payments.amazon.com https://*.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.amazon.com https://*.googlevideo.com https://*.amazonpay.com https://*.intercom.io wss://*.intercom.io https://*.fomo.com https://*.googleapis.com https://*.braintreegateway.com https://*.braintree-api.com https://bat.bing.com https://cdn.cookielaw.org https://pagead2.googlesyndication.com https://*.corel.com https://*.hotjar.com wss://*.hotjar.com https://cookies-data.onetrust.io https://*.hotjar.io https://*.onetrust.com https://*.clarity.ms https://adservice.google.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com *; upgrade-insecure-requests; report-uri https://csp.adremover.org/v1/log/wwwadremover_block_v66; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' blob: data: https://*.youtube.com https://firebase.googleapis.com https://share.keepshare.info https://static-web.jjdsn.vip https://bitkeep.page https://*.bitkeep.fun https://*.bitget.cloud https://keepshare.xyz https://gasutopia.com https://bitkeep.com https://*.facebook.net https://api.nileex.io https://keepshare.info https://*.google.com https://share.bitkeep.shop https://infragrid.v.network https://*.bitkeep.com https://ta.bitkeep.buzz:8993 https://unpkg.com https://bitkeep.io https://*.bitkeep.io https://www.google-analytics.com https://fp-constantid.bitkeep.vip https://*.bitkeep.page https://*.bjxnyj.com https://bitkeep.org https://*.bitgetstatic.com https://share.bwb.live https://*.bitkeep.vip https://*.bitget.site https://*.bitgetpro.site https://api.shasta.trongrid.io https://s3.infcrypto.com https://*.bitkeep.me https://*.jjdsn.vip https://*.mytokenpocket.vip https://sun.tronex.io https://goldshare.me https://*.bitget.com https://firebaseinstallations.googleapis.com https://www.googletagmanager.com https://*.googleapis.com https://share.bwb.site https://stats.g.doubleclick.net https://rpc-wallet.broearn.com https://api.trongrid.io https://*.bknode.vip https://cdn.bootcdn.net https://search.imtt.qq.com https://api-web.wwmxd.info https://api-web.wwmxd.site https://www.recaptcha.net https://ordinals.com https://www.gstatic.cn https://www.gstatic.com https://log.noxiaohao.com; connect-src 'self' 'report-sample' blob: data: https://*.youtube.com https://firebase.googleapis.com https://share.keepshare.info https://*.bitkeep.fun https://bitkeep.page https://*.bitget.cloud https://keepshare.xyz https://gasutopia.com https://bitkeep.com https://*.facebook.net https://api.nileex.io https://keepshare.info https://*.google.com https://share.bitkeep.shop https://infragrid.v.network https://*.bitkeep.com https://ta.bitkeep.buzz:8993 https://unpkg.com https://bitkeep.io https://*.bitkeep.io https://www.google-analytics.com https://fp-constantid.bitkeep.vip https://*.bitkeep.page https://*.bjxnyj.com https://bitkeep.org https://*.bitgetstatic.com https://share.bwb.live https://*.bitkeep.vip https://*.bitget.site https://*.bitgetpro.site https://api.shasta.trongrid.io https://s3.infcrypto.com https://*.bitkeep.me https://*.jjdsn.vip https://*.mytokenpocket.vip https://sun.tronex.io https://goldshare.me https://*.bitget.com https://firebaseinstallations.googleapis.com https://www.googletagmanager.com https://*.googleapis.com https://share.bwb.site https://stats.g.doubleclick.net https://rpc-wallet.broearn.com https://api.trongrid.io https://*.bknode.vip https://cdn.bootcdn.net https://search.imtt.qq.com https://api-web.wwmxd.info https://api-web.wwmxd.site https://ordinals.com https://www.gstatic.cn https://www.gstatic.com https://log.noxiaohao.com; frame-src 'self' 'report-sample' https://www.google.com https://www.recaptcha.net https://*.bitget.com https://static-web.jjdsn.vip; frame-ancestors 'self' https://*.bitget.com https://static-web.jjdsn.vip https://www.google.com https://www.recaptcha.net; report-uri https://64ad2bae905b5c797e632276.endpoint.csper.io?v=16; 1
default-src 'self' *.cepi.net; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.mapbox.com *.google.com *.gstatic.com; connect-src 'self' *.cepi.net *.google-analytics.com *.google.com *.google.co.uk *.mapbox.com *.doubleclick.net; img-src 'self' data: *.cepi.net *.vimeocdn.com *.vimeo.com *.gstatic.com fonts.googleapis.com *.google.co.uk; frame-src *.cepi.net *.youtube-nocookie.com *.youtube.com *.mapbox.com *.vimeo.com *.google.com *.doubleclick.net; worker-src 'self' blob:; frame-ancestors *.cepi.net cepi.net; 1
default-src * data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; upgrade-insecure-requests; 1
default-src 'self' https://consent.badoo.com; script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-3uxfwwKF5+H4ENv6d1rSNQ==' badoocdn.com *.badoocdn.com https://consent.badoo.com https://*.googletagmanager.com https://tr.snapchat.com https://tr-shadow.snapchat.com; style-src 'self' 'unsafe-inline'; connect-src 'self' *.badoo.com *.badoo.eu *.badoo.us https://consent.badoo.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://tr.snapchat.com https://tr-shadow.snapchat.com; child-src 'self'; font-src * data:; manifest-src 'self'; base-uri 'self'; frame-src * bds: bdp:; img-src * data: blob:; media-src * data: blob:; report-uri /jss/csp_report.phtml?token=badoo_homepage&env=production; upgrade-insecure-requests; 1
default-src 'self' data: blob: https://*.about.meta.com https://*.fbcdn.net;script-src 'self' data: blob: https://*.about.meta.com https://*.fbcdn.net *.facebook.com *.facebook.net 'unsafe-inline';style-src 'self' data: blob: https://*.about.meta.com https://*.fbcdn.net 'unsafe-inline' *.facebook.com;connect-src 'self' https://*.about.meta.com *.facebook.com *.fbcdn.net;font-src 'self' data: blob: https://*.about.meta.com https://*.fbcdn.net *.facebook.com static.xx.fbcdn.net https://fonts.gstatic.com;img-src 'self' data: blob: https://*.about.meta.com *.facebook.com *.fbcdn.net static.xx.fbcdn.net *.fbsbx.com;media-src 'self' data: blob: https://*.about.meta.com *.fbcdn.net;frame-src 'self' data: blob: https://*.about.meta.com https://*.fbcdn.net *.facebook.com *.meta.com *.fbsbx.com fbsbx.com metadotcom.fbthirdpartypixel.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; 1
default-src 'none'; base-uri 'none'; connect-src 'self' https:; form-action 'self'; font-src 'self' https: data:; img-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' https:; style-src 'unsafe-inline' 'self'; worker-src 'self' 'unsafe-inline' data: blob:; frame-src 'none' 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.cinestar.de *.googletagmanager.com *.googleadservices.com *.googletagservices.com *.google.com *.google.de *.gstatic.com *.google-analytics.com gdpr.mandarin-medien.de *.ioam.de *.doubleclick.net bat.bing.com *.facebook.com *.facebook.net *.googlesyndication.com gdpr.mandarin-medien.de *.spotify.com streaming.cinestar.de streaming.cinestar.sys11.stakkle.com:81 streaming1.cinestar.de streaming1.cinestar.de:81 ff-schlingel.de *.stroeerdigitalgroup.de *.doubleverify.com tracking.m6r.eu *.adagio.io *.adaptmx.com *.adbility-media.com *.addefend.com *.adform.com *.adition.com *.admanmedia.com *.adnami.io *.adnuntius.com *.adrule.net *.adtriba.com *.adup-tech.com *.advanced-store.com *.adyoulike.com *.agma-mmc.de *.amazon.com *.amobee.com *.appnexus.com *.audienceproject.com *.avantisteam.com *.bam-interactive.de *.bannernow.com *.bidswitch.com *.blis.com *.brightcom.com *.bttrads.com *.cloudtechnologies.pl *.communicationads.net *.confiant.com *.criteo.com *.dataxtrade.com *.definemedia.de *.deltaprojects.com *.doubleverify.com *.easy-media.de *.emerse.com *.emxdgt.com *.equativ.com *.exactag.com *.exitbee.com *.factor-eleven.de *.feedad.com *.flashtalking.com *.geoedge.com *.gfk.com *.glomex.com *.google.com *.gumgum.com *.hearts-science.com *.iabeurope.eu *.id5.io *.impactify.io *.improvedigital.com *.indexexchange.com *.infonline.de *.integralads.com *.invibes.com *.jaduda.com *.kayzen.io *.liquidm.com *.liveramp.de *.magnite.com *.media.net *.mediakeys.com *.microsoft.com *.mindtake.com *.mobkoi.com *.mobpro.com *.nativendo.de *.neory.com *.nielsen.com *.ogury.com *.onetag.com *.onetech.group *.online-solution.biz *.onprospects.com *.openx.com *.opinary.com *.optidigital.com *.optimise-it.de *.oracle.com *.otto.de *.outbrain.com *.permodo.com *.playhill.com *.publicismedia.de *.pubmatic.com *.purelocalmedia.de *.qualitymedianetwork.de *.readpeak.com *.reppublika.com *.ringier-advertising.ch *.roq.ad *.rtbhouse.com *.rubiconproject.com *.salesforce.com *.screenondemand.de *.seeding-alliance.de *.seedtag.com *.sharethrough.com *.showheroes.com *.smaato.com *.smartadserver.com *.smartclip.net *.smartclip.tv *.smartstream.tv *.smartyads.com *.socoto.com *.spotx.tv *.spotxchange.com *.sspx.tech *.stroeer.com *.stroeer.de *.taboola.com *.tappx.com *.target-video.com *.teads.com *.teads.tv *.telaria.com *.themediagrid.com *.thetradedesk.com *.tremorhub.com *.trg.de *.triplelift.com *.twiago.com *.uppr.rocks *.verve.com *.vi.ai *.viads.com *.vidazoo.com *.vidoomy.com *.viralize.com *.virtualminds.de *.vlyby.com *.wagawin.com *.wearemiq.com *.welect.de *.xandr.com *.yahoo.com *.yieldlab.com *.yieldlab.net *.yieldlove.com *.yoc.com *.zemanta.com onetag-sys.com *.onetag-sys.com *.adnxs.com *.ad4m.at ad4m.at *.theadex.com *.adform.net *.seadform.net *.userreport.com *.clarium.io id5-sync.com *.id5-sync.com *.eu-1-id5-sync.com *.yieldlove-ad-serving.net *.agma-analytics.de *.adnxs.com *.adscale.de *.jsdelivr.net *.adscale.de *.criteo.net *.confiant-integrations.net *.privacy-mgmt.com *.crwdcntrl.net *.ampproject.org *.googleapis.com *.truste.com *.adsafeprotected.com *.ftstatic.com *.trustarc.com *.adsrvr.org *.imrworldwide.com *.cloudflare.com *.bidr.io *.bidswitch.net *.adnxs-simple.com *.active-agent.com *.peer-39.com 2mdn.net *.2mdn.net levexis.com demdex.net *.levexis.com *.demdex.net agkn.com *.agkn.com adlightning.com *.adlightning.com *.tchibo.de tchibo.de revjet.com *.revjet.com stroeerdigital.de *.stroeerdigital.de casalemedia.com *.casalemedia.com bahn.de *.bahn.de indexww.com *.indexww.com cbe-digiden.de *.cbe-digiden.de vodafone.de *.vodafone.de *.amazonaws.com amazonaws.com exactag.com *.exactag.com b2c.com *.b2c.com stroeerdigitalmedia.de *.stroeerdigitalmedia.de; block-all-mixed-content 1
frame-ancestors http://erieweb https://erieweb https://*.agentexchange.com https://erieapps.erieinsurance.com https://*.erieinsurance.com https://gateway.zscalerthree.net https://cc-prod-gwcpprod.erie.delta4-andromeda.guidewire.net; 1
frame-ancestors 'self' https://*.floranext.com https://floranext.com; 1
script-src 'self' 'unsafe-inline' *.americancentury.com *.brightedge.com *.cludo.com *.collect.igodigital.com *.cookielaw.org *.jquery.com *.onetrust.com *.onetrust.io *.usabilla.com *.vidyard.com ajax.cloudflare.com cdn.optimizely.com fecdn.user1st.info https://activitymap.adobe.com/sc15/activitymap/ https://ajax.googleapis.com https://assets.adobedtm.com https://cdn-assets-prod.s3.amazonaws.com/js/preview2/ https://cdn3.optimizely.com/js/geo4.js https://connect.facebook.net https://d6tizftlrpuof.cloudfront.net/live/scripts/campaign-include/ https://gateway.answerscloud.com/americancentury/production/gateway.min.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://ok1static.oktacdn.com https://optimizely.s3.amazonaws.com https://snap.licdn.com https://surfly-us.com https://tags.srv.stackadapt.com https://tpc.googlesyndication.com https://www.datadoghq-browser-agent.com https://www.googleadservices.com https://www.googletagmanager.com js.idio.co pi.pardot.com ssl.google-analytics.com static.cloudflareinsights.com www3.financialtrans.com; connect-src 'self' *.americancentury.com *.bc0a.com *.brightedge.com *.browser-intake-datadoghq.com *.cludo.com *.cookielaw.org *.onetrust.com *.onetrust.io *.optimizely.com https://adservice.google.com/pagead/ https://api.iconify.design/ https://api.simplesvg.com/ https://api.unisvg.com/ https://browser-intake-datadoghq.com/* https://cdn-assets-prod.s3.amazonaws.com/js/preview2/ https://cdn.linkedin.oribi.io https://dpm.demdex.net https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://px.ads.linkedin.com/attribution_trigger* https://px.ads.linkedin.com/wa/ https://surfly-us.com https://tags.srv.stackadapt.com/ https://verify.avantisinvestors.com https://verifytest.avantisinvestors.com/api/v1/authn https://verifytest.avantisinvestors.com/api/v1/authn/recovery/password https://www.google.com/pagead/ play.vidyard.com; default-src 'self' *.americancentury.com *.avantisinvestors.com; font-src 'self' *.americancentury.com https://1.www.s81c.com/common/carbon/plex/fonts/* https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/* ok1static.oktacdn.com; frame-src *.americancentury.com *.moneyguidepro.com *.optimizely.com americancentury.demdex.net fecdn.user1st.info https://9141790.fls.doubleclick.net https://activitymap.adobe.com https://d6tizftlrpuof.cloudfront.net https://play.vidyard.com https://surfly-us.com https://td.doubleclick.net tpc.googlesyndication.com; img-src 'self' *.americancentury.com *.bc0a.com *.brightedge.com *.cloudinary.com *.cludo.com *.collect.igodigital.com *.cookielaw.org *.linkedin.com *.usabilla.com *.vidyard.com a.idio.co data: dpm.demdex.net https://ad.doubleclick.net https://cm.everesttech.net https://d6tizftlrpuof.cloudfront.net https://event.mrtnsvr.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://image6.pubmatic.com https://p.adsymptotic.com https://pixel.tapad.com https://ssl.google-analytics.com https://www.avantisinvestors.com https://www.facebook.com https://www.google.com/pagead/1p-user-list/ stats.g.doubleclick.net; prefetch-src play.vidyard.com; style-src 'self' 'unsafe-inline' *.americancentury.com *.bc0a.com *.cludo.com ajax.googleapis.com https://fonts.googleapis.com https://gateway.answerscloud.com https://gateway.foresee.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://tags.srv.stackadapt.com https://www3.financialtrans.com ok1static.oktacdn.com; worker-src *.americancentury.com blob:; 1
default-src 'self' test.example.com; script-src 'self' 'strict-dynamic' 'nonce-BxjjfWZJkcsEV7mk6dxx4W4h' 'sha256-AXE6bjbZT+qFeOJfX5jR5EOg2Z32t1DwowoorjskEbM=' *.cookiebot.com *.vimeo.com *.googleapis.com *.googleoptimize.com *.bing.com *.googletagmanager.com *.zdassets.com *.google-analytics.com *.facebook.net *.hotjar.com *.doubleclick.net *.zendesk.com *.yimg.com *.evgnet.com *.msecnd.net *.googlesyndication.com *.google.com *.gstatic.com embed.radio.co https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn-ukwest.onetrust.com; connect-src 'self' *.hotjar.com *.hotjar.io *.linkedin.com *.evergage.com *.googleapis.com *.google.com *.google.co.uk *.google-analytics.com *.doubleclick.net *.facebook.com *.onetrust.com *.zdassets.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com bat.bing.com https://*.analytics.google.com https://*.googletagmanager.com wss://ws.hotjar.com https://pagead2.googlesyndication.com https://aax-eu.amazon-adsystem.com https://s.yimg.com https://ara.paa-reporting-advertising.amazon; font-src 'self' data: *.typekit.net https://fonts.gstatic.com; frame-ancestors 'self' https://*.leshuttle.com; img-src 'self' data: *.google.co.uk *.google.com *.google.is *.google-analytics.com *.gstatic.com *.youtube.com *.vimeocdn.com *.googleapis.com *.ggpht.com *.facebook.com *.gravatar.com *.linkedin.com *.doubleclick.net *.bing.com *.eurotunnel.com placehold.co *.onetrust.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.fr https://sp.analytics.yahoo.com; report-to default; report-uri https://leshuttle.report-uri.com/r/d/csp/enforce; style-src 'self' data: 'unsafe-inline' *.fonts.net *.googleapis.com *.gstatic.com https://googletagmanager.com https://tagmanager.google.com; upgrade-insecure-requests; frame-src 'self' *.doubleclick.net *.trustpilot.com *.google.com *.vimeo.com *.youtube.com *.facebook.com embed.radio.co *.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://aax-eu.amazon-adsystem.com https://insight.adsrvr.org; media-src 'self' *.zdassets.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.spark-nga.de https://*.spark-nga-int.de https://dc.services.visualstudio.com https://*.matomo.cloud https://cdnjs.cloudflare.com https://ajax.googleapis.com; img-src 'self' https://secure.gravatar.com https://*.spark-nga.de https://*.spark-nga-int.de data: blob:; font-src 'self' https://fonts.gstatic.com data: blob:; 1
default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.join.com join.com *.hs-scripts.com *.hsforms.net *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.hubspot.com *.hsforms.com; connect-src 'self' *.taurusgroup.ch *.youtube.com *.googletagmanager.com *.google.com *.google.ch *.google-analytics.com *.gstatic.com *.doubleclick.net *.join.com join.com fonts.googleapis.com *.hs-scripts.com *.hsforms.net *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com  *.hsforms.com *.hubspot.com *.hubapi.com *.cloudflareinsights.com hubspot-forms-static-embed-eu1.s3.amazonaws.com px.ads.linkedin.com; frame-src 'self' *.youtube.com *.googletagmanager.com *.google.com *.google-analytics.com *.gstatic.com *.doubleclick.net *.join.com *.hs-scripts.com *.hsforms.net *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.hubspot.com *.hsforms.com *.hs-sites-eu1.com; img-src 'self' data: *.ytimg.com *.googletagmanager.com *.google.com *.google.ch *.google-analytics.com *.gstatic.com *.doubleclick.net *.join.com *.hs-scripts.com *.hsforms.net *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.hubspot.com *.hsforms.com *.hubspotusercontent-eu1.net px.ads.linkedin.com static.hsappstatic.net ; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com  *.join.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com snap.licdn.com *.google.com *.google.ch *.google-analytics.com *.gstatic.com  *.cloudflareinsights.com *.doubleclick.net *.join.com join.com *.hs-scripts.com *.hscta.net *.hsforms.net *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.hubspot.com *.hsforms.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net; 1
default-src 'self' data: *.ubtsupport.com *.streamline3.com *.googleapis.com *.doubleclick.net *.samsungapps.com *.ggpht.com *.google-analytics.com *.googletagmanager.com *.googleusercontent.com *.google-.com *.gstatic.com i.ytimg.com *.cloudflareinsights.com *.google.com *.vimeocdn.com ljsp.lwcdn.com cdnjs.cloudflare.com cdn.ckeditor.com *.typekit.net 'unsafe-inline' 'unsafe-eval' 1
frame-src 'self' https://cdn.embedly.com https://t.sharethis.com https://intranet.m800.com https://www.youtube.com https://bid.g.doubleclick.net https://www.google.com https://vars.hotjar.com https://forms.hsforms.com https://vars.hotjar.com https://neilpatel.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' 1
font-src 'self' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com 1
default-src https: 'self' 'unsafe-inline' data:; connect-src wss: https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; worker-src 'self' blob: https: 'unsafe-eval' 'unsafe-inline'; report-uri https://o45271.ingest.sentry.io/api/153259/security/?sentry_key=c81d5b2568894719b77b2979777f9db8; 1
default-src 'self'; child-src 'self' https://* http://* *; connect-src 'self' wss://*.zopim.com https://*.zdassets.com https://analytics.netdirector.co.uk; font-src 'self' https://assets.netdirector.co.uk http://assets.netdirector.co.uk assets.netdirector.co.uk https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.gstatic.com http://*.gstatic.com *.gstatic.com https://*.zopim.com http://*.zopim.com *.zopim.com https://use.fontawesome.com http://use.fontawesome.com use.fontawesome.com data:; frame-ancestors 'self'; frame-src 'self' https://* http://* *; img-src 'self' https://blog.gforces.co.uk http://blog.gforces.co.uk blog.gforces.co.uk https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://assets.netdirector.co.uk http://assets.netdirector.co.uk assets.netdirector.co.uk https://d3rjkbj0efme5v.cloudfront.net http://d3rjkbj0efme5v.cloudfront.net d3rjkbj0efme5v.cloudfront.net https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.gstatic.com http://*.gstatic.com *.gstatic.com https://*.google.com http://*.google.com *.google.com https://*.zopim.com http://*.zopim.com *.zopim.com https://*.zopim.io http://*.zopim.io *.zopim.io https://*.netdirector.auto http://*.netdirector.auto *.netdirector.auto data:; media-src 'self' https://*.zopim.com http://*.zopim.com *.zopim.com; script-src 'self' https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://assets.netdirector.co.uk http://assets.netdirector.co.uk assets.netdirector.co.uk https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.zopim.com http://*.zopim.com *.zopim.com https://*.zdassets.com http://*.zdassets.com *.zdassets.com https://stackpath.bootstrapcdn.com http://stackpath.bootstrapcdn.com stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com cdnjs.cloudflare.com https://code.jquery.com http://code.jquery.com code.jquery.com https://static.analytics.netdirector.auto http://static.analytics.netdirector.auto static.analytics.netdirector.auto https://*.netdirector.auto http://*.netdirector.auto *.netdirector.auto https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://unpkg.com/graphiql/ https://unpkg.com/react/ https://unpkg.com/react-dom/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://assets.netdirector.co.uk http://assets.netdirector.co.uk assets.netdirector.co.uk https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.gstatic.com http://*.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com http://stackpath.bootstrapcdn.com stackpath.bootstrapcdn.com https://use.fontawesome.com http://use.fontawesome.com use.fontawesome.com https://*.netdirector.auto http://*.netdirector.auto *.netdirector.auto https://unpkg.com/graphiql/ https://unpkg.com/react/ https://unpkg.com/react-dom/ 'unsafe-inline'; worker-src 'self' blob:; 1
default-src blob: 'self' 'unsafe-inline' ws: wss: data: 'unsafe-eval' *.gymboree.com *.childrensplace.com *.rewardstyle.com dpm.demdex.net tcp.demdex.net *.xtlo.net *.akstat.io *.akamaihd.net *.go-mpulse.net *.adobedtm.com *.google.com *.googleapis.com *.bazaarvoice.com *.getcandid.com *.candid.io *.quantummetric.com *.omniture.com *.vibescm.com *.unbxd.io *.braintreegateway.com *.braintree-api.com *.borderfree.com *.briteverify.com *.raygun.io *.gstatic.com *.theplace.com *.omtrdc.net *.paypal.com *.paypalobjects.com *.iperceptions.com *.melissadata.net *.facebook.net *.facebook.com *.stylitics.com stylitics-ampersand-production.sfo2.cdn.digitaloceanspaces.com comenity.net *.netdna-ssl.com *.comenity.net *.fiftyone.com *.omtrdc.net *.demdex.net *.channeladvisor.com *.impactradius-event.com *.googletagmanager.com *.micpn.com *.bing.com *.filepicker.io *.cloudinary.com *.cloudfront.net *.theplace.com *.netdna-ssl.com *.filepicker.io *.iesnare.com *.googleadservices.com *.steelhousemedia.com *.impactradius-event.com *.channeladvisor.com *.amazonaws.com *.kaptcha.com thechildrensplace.ay6u.net *.unbxdapi.com *.dotomi.com gymboree.fhsxpf.net sugarjade.sjv.io *.pegacloud.net *.epsilon.com *.wufoo.com match.prod.bidr.io *.adsrvr.org *.doubleclick.net *.forter.com *.monetate.net *.google-analytics.com *.wufoo.com *.mapbox.com search-dr.unbxd.io *.speedcurve.com *.afterpay.com *.us.afterpay.com *.cloudflare.com tag.wknd.ai *.bounceexchange.com events.bouncex.net *.cdnwidget.com *.cdnbasket.net *.tiktok.com *.paysecure.acculynk.net *.syteapi.com syteapi.com *.pinterest.com s.pinimg.com unpkg.com *.unpkg.com utt.impactcdn.com *.criteo.com *.criteo.net pj-place.sjv.io *.pega.digital js.appboycdn.com sdk.iad-05.braze.com *.raygun.com *.pixlee.co *.edgecastcdn.net *.turnto.com *.ytimg.com *.tcpholidaycountdown.com *.rokt.com rest.iad-05.braze.com *.cquotient.com; worker-src 'self' blob: 1
default-src 'unsafe-inline' 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.clarity.ms https://c.bing.com *.pdf *.docx; style-src 'self' 'unsafe-inline' https://*.hotjar.com/ https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; font-src 'self' https://*.hotjar.com/ https://fonts.gstatic.com data:; img-src 'self' https://ad.doubleclick.net https://*.hotjar.com https://*.googlesyndication.com https://google.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.ba https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.co.uk https://*.google.ie https://*.google.es https://*.google.com https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://www.google-analytics.com https://c.bing.com https://google.co.uk/ https://google.ie/ https://google.es/ https://public.flourish.studio/ https://www.googletagmanager.com/ https://audioboom.com/ https://pagead2.googlesyndication.com/  https://i.ytimg.com https://*.ytimg.com https://www.facebook.com/ http://www.googleadservices.com/ https://*.bing.com/ https://*.clarity.ms data:; object-src 'self'; connect-src 'self' https://*.google.ba https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.co.uk https://*.google.ie https://*.google.es https://*.google.com https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.hotjar.com/ https://*.hotjar.io/ https://www.facebook.com/ https://*.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://google.ie https://google.es https://google.co.uk wss://*.hotjar.com https://analytics.google.com/ https://uksouth-1.in.applicationinsights.azure.com/ https://*.googlesyndication.com/ https://*.gstatic.com/ https://bat.bing.com/ https://*.clarity.ms https://rcgp.org.uk/ https://rcgp.uat.grm.digital/ https://rcgp.stg.grm.digital/ https://rcgp.dev.grm.digital https://www.google-analytics.com https://plausible.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://*.g.doubleclick.net https://*.hotjar.com https://www.facebook.com/ https://tagmanager.google.com https://google.ba/ https://google.ie/ https://google.com/ https://google.co.uk/ https://*.google-analytics.com https://public.flourish.studio/ https://e.issuu.com/ https://static0.audioboom.com/ https://*.connect.facebook.net https://*.googletagmanager.com https://plausible.io/ https://connect.facebook.net/ https://bat.bing.com/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/ https://*.clarity.ms https://www.google.ba/ https://www.google.com/ https://www.google.co.uk/ https://www.google.ie/ https://www.clarity.ms/ https://www.google.es/; script-src-elem 'self' 'unsafe-inline' https://*.googlesyndication.com/ https://*.hotjar.com/ https://plausible.io/ https://public.flourish.studio/ https://www.clarity.ms/ https://js.monitor.azure.com/ https://e.issuu.com/ https://static0.audioboom.com/ https://ajax.googleapis.com/ https://*.g.doubleclick.net/ https://connect.facebook.net/ https://www.googletagmanager.com/ https://www.googletagservices.com/ https://bat.bing.com/ https://plausible.io/ https://connect.facebook.net/en_US/fbevents.js https://www.clarity.ms/ https://pagead2.googlesyndication.com/; frame-ancestors 'self' https://admin.rcgp.prod.grm.digital/ https://admin.rcgp.uat.grm.digital/ https://admin.rcgp.stg.grm.digital/ https://admin.rcgp.org.uk/ https://google.com https://rcgp.org.uk/ https://rcgp.prod.grm.digital/ https://rcgp.dev.grm.digital/ https://rcgp.uat.grm.digital/ https://rcgp.stg.grm.digital/; frame-src 'self' https://*.safeframe.googlesyndication.com/ https://*.googlesyndication.com/ https://*.g.doubleclick.net/ https://td.doubleclick.net/ https://www.googletagmanager.com/ https://flo.uri.sh/ https://public.flourish.studio/ https://www.rcgpplus.co.uk/ https://e.issuu.com/ https://embeds.audioboom.com/ https://www.youtube-nocookie.com/ https://www.google.com/ https://www.youtube.com/ https://www.facebook.com/ https://rcgp.dev.grm.digital/ https://rcgp.uat.grm.digital/ https://rcgp.stg.grm.digital/ https://rcgp.org.uk/ 1
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors * data: blob: ; 1
default-src 'self' https://*.mmhayes.com https://*.mmhcloud.com https://mmhcloud.com https://*.googleapis.com https://www.google-analytics.com; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; font-src 'self' data: ; form-action 'self' https://*.mmhcloud.com; 1
frame-ancestors 'self' www.affilorama.com 1
default-src 'self'; font-src https://fonts.gstatic.com; img-src 'self' https://play.google.com; style-src 'self' https://fonts.googleapis.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.book.fr www.youtube.com player.vimeo.com w.soundcloud.com www.google.com www.googletagmanager.com www.google-analytics.com www.gstatic.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net tpc.googlesyndication.com api.mapbox.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com api.openai.com accounts.google.com; style-src 'self' 'unsafe-inline' www.book.fr fonts.googleapis.com www.paypalobjects.com accounts.google.com; object-src 'self'; font-src 'self' www.book.fr fonts.gstatic.com; media-src 'none'; frame-ancestors 'self' www.respcheck.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.adobedtm.com *.facebook.net *.googletagmanager.com *.googleadservices.com *.twitter.com *.ads-twitter.com *.addtoany.com *.mktoweb.com *.marketo.net *.licdn.com *.doubleclick.net *.vimeocdn.com *.optmnstr.com *.vimeo.com *.bing.com *.jotform.com *.jotfor.ms *.newrelic.com *.google.com cdnjs.cloudflare.com browser.sentry-cdn.com *.nr-data.net static.hotjar.com *.hotjar.com ajax.googleapis.com  *.omappapi.com static.ads-twitter.com *.zoominfo.com *.salesloft.com *.drift.com *.driftt.com *.cookielaw.org *.onetrust.com *.clickagy.com *.zoominfo.com *.6sc.co *.g2crowd.com *.googlesyndication.com *.bizible.com *.googleadservices.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mktoweb.com *.jotfor.ms *.omappapi.com fonts.googleapis.com fonts.gstatic.com; media-src 'self' *.driftt.com; frame-src player.vimeo.com *.doubleclick.net static.addtoany.com *.mktoweb.com vars.hotjar.com rocketsoftware.demdex.net *.facebook.com *.google.com *.jotform.io *.jotform.us *.jotform.com *.youtube.com *.captivate.fm *.drift.com *.driftt.com; frame-ancestors rbc.rocketsoftware.com rbcint.rocketsoftware.com den-vm-u2bcweb.u2lab.rs.com us-east-1.content-hub.acquia.com truedx.trubiquity.de; child-src 'self'; font-src 'self' script.hotjar.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' info.rocketsoftware.com *.mktoresp.com *.omappapi.com *.omtrdc.net *.demdex.net *.google-analytics.com *.bing.com api.company-target.com *.nr-data.net *.hotjar.com *.hotjar.io *.google.com www.facebook.com *.mktoutil.com wss://*.hotjar.com *.jotform.us *.salesloft.com *.cookielaw.org *.onetrust.com *.clickagy.com *.zoominfo.com cdn.linkedin.oribi.io *.6sc.co *.6sense.com *.adnxs.com *.doubleclick.net *.googlesyndication.com *.googletagmanager.com *.linkedin.com adservice.google.com *.googleadservices.com; report-uri /report-csp-violation; upgrade-insecure-requests; form-action 'self' *.facebook.com *.jotform.us *.jotform.com; base-uri 'self' 1
default-src * 'self' data: blob: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; 1
default-src wss://sdp-chatbot.cluster02.viind.io/socket.io.multitenant/ https: data: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://multimaps360.de/ https://geoportal.augsburg.de/; img-src 'self' https://*.kunden.team23.de/ https://*.augsburg-api.de/ https://*.cartocdn.com/ https://*.augsburg.de/ https://api.mapbox.com/ https://api.service-digitale-verwaltung.de/ blob: data:; 1
base-uri 'self'; connect-src 'self' data: https://fresnel.vimeocdn.com https://www.google-analytics.com https://maps.googleapis.com; default-src 'self'; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://use.typekit.net; frame-src 'self' data: https://maps.google.com https://www.google.com https://td.doubleclick.net https://e.issuu.com https://insight.adsrvr.org https://match.adsrvr.org https://player.vimeo.com https://www.youtube.com; img-src 'self' data: https://i.vimeocdn.com https://maps.google.com https://maps.gstatic.com https://dpm.demdex.net https://secure.adnxs.com https://match.adsrvr.org https://maps.googleapis.com https://www.googletagmanager.com https://winstar-110-adswizz.attribution.adswizz.com/fire https://di.rlcdn.com https://googleads.g.doubleclick.net https://insight.adsrvr.org https://pixel.tapad.com https://www.facebook.com https://www.google.com https://secure.gravatar.com https://s3.amazonaws.com/gravityforms; manifest-src 'self'; media-src 'self' https://www.youtube.com https://youtu.be; object-src 'none'; report-uri https://667c396fd528e3ceb6b0e079.endpoint.csper.io/; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://www.youtube.com https://maps.google.com https://s7.addthis.com https://www.googletagmanager.com https://maps.googleapis.com https://tags-cdn.clarivoy.com https://connect.facebook.net https://js.adsrvr.org https://googleads.g.doubleclick.net https://in.treasuredata.com https://www.googleadservices.com https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js  https://cdn.datatables.net/v/bs4/dt-1.10.18/r-2.2.2/datatables.min.js; style-src 'report-sample' 'self' 'unsafe-inline' https://cdn-images.mailchimp.com https://fonts.googleapis.com https://p.typekit.net https://stackpath.bootstrapcdn.com https://use.fontawesome.com; worker-src blob:; 1
default-src 'self' https://*.dasreda.ru; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://an.gr-wcon.com  https://cdn.dasreda.ru https://cdn.jsdelivr.net https://m.gr-cdn-e.eu https://stmtag.ru/ https://player.vimeo.com https://*.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.s3.yandex.net https://a.deadlinefunnel.com https://api.ipify.org https://code.jivo.ru https://code-ya.jivosite.com https://cdn.rutarget.ru https://fsp.dasreda.ru https://ga.getresponse.com https://google-analytics.com https://googletagmanager.com https://mc.yandex.ru https://partners.sbermarketing.ru https://response.dasreda.ru https://stream.datago.ru https://ssl.google-analytics.com https://tagmanager.google.com https://top-fwz1.mail.ru https://us-an.gr-cdn.com https://us-wbe.gr-cdn.com https://vk.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://site.yandex.net https://yastatic.net/ https://yandex.ru https://*.yandex.ru; connect-src 'self' *.dasreda.ru *.google.com https://uaas.yandex.ru https://mc.yandex.ru https://mc.yandex.md partners.sbermarketing.ru *.g.doubleclick.net https://top-fwz1.mail.ru https://securepayments.sberbank.ru https://*.getresponse.com https://ts.getresponse.pl https://stream.datago.ru *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.youtube.com *.rutube.ru *.zen.yandex.ru vimeo.com *.jivosite.com https://*.jivo.ru *.deadlinefunnel.com https://*.tildacdn.com https://vk.com https://visor.sberbank.ru https://sve.online.sberbank.ru https://dmp.sbermarketing.ru https://dmp-profiles.sbermarketing.ru wss://uni-tracking.dasreda.ru wss://*.jivosite.com wss://*.jivo.ru; img-src 'self' https://*.dasreda.ru https://yastatic.net https://site.yandex.net https://stream.datago.ru https://code.jivo.ru *.google-analytics.com *.owox.com *.google.com *.google.ru https://vk.com https://login.vk.com https://statad.ru https://mc.yandex.ru *.vimeocdn.com *.vimeo.com www.gstatic.com/recaptcha https://prod.smassets.net https://top-fwz1.mail.ru cdn.dasreda.ru https://*.tildacdn.com *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com https://*.googleusercontent.com *.ytimg.com *.youtube.com https://www.facebook.com https://kraken.rambler.ru https://sync.rambler.ru data:; style-src 'self' 'report-sample' 'unsafe-inline' *.google.com https://*.dasreda.ru https://code.jivo.ru https://fonts.bunny.net www.googletagmanager.com https://yastatic.net; font-src 'self' https://fonts.bunny.net https://cdn.dasreda.ru/ https://site.yandex.net/; frame-ancestors 'self' *.dasreda.ru data:; form-action 'self' *.dasreda.ru; media-src 'self' https://*.dasreda.ru *.youtube.com https://*.rutube.ru https://*.zen.yandex.ru https://*.vimeo.com https://code.jivo.ru blob:; child-src 'self' blob: *.googlesyndication.com *.google.com *.doubleclick.net; object-src *.googlesyndication.com; frame-src 'self' https://forms.yandex.ru https://securecardpayment.ru https://3ds-v2-challenge.ecom-bank.ozon.ru https://3ds-v2-auth.ecom-bank.ozon.ru my.mts-link.ru static.mts-link.ru events.mts-link.ru my.webinar.ru static.webinar.ru events.webinar.ru https://tag.rutarget.ru www.googletagmanager.com bid.g.doubleclick.net *.vimeo.com vimeo.com *.youtube.com https://youtube.com www.youtube-nocookie.com https://google.com https://yandex.ru https://mc.yandex.md https://mc.yandex.ru *.recaptcha.net recaptcha.net https://www.google.com/recaptcha/ https://recaptcha.google.com https://*.surveymonkey.com https://facebook.com https://www.facebook.com https://cdn.knightlab.com https://securepayments.sberbank.ru https://3ds-ds1.mirconnect.ru https://3ds-ds2.mirconnect.ru https://3dsecure.yoomoney.ru cdn.dasreda.ru *.dasreda.ru https://*.sbrf.ru https://events.webinar.ru data: 1
default-src 'self' *.every-pay.eu; img-src 'self' blob: data: *.knygos-static.lt *.zoombook.lt *.baltotrader.lt *.cookiebot.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google-analytics.com *.googletagmanager.com *.gstatic.com *.facebook.com *.facebook.net *.fbcdn.net pipirai.imgix.net knygos-blogas.imgix.net *.gr-assets.com *.smooch.io *.clarity.ms *.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.knygos.lt *.knygos-static.lt *.cloudflareinsights.com *.cookiebot.com *.hotjar.com *.googlesyndication.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleoptimize.com *.googleadservices.com *.googleapis.com *.gstatic.com *.facebook.net *.fbcdn.net *.adform.net *.doubleclick.net *.nr-data.net *.newrelic.com *.rollbar.com *.smooch.io *.clarity.ms *.helpscout.net; style-src 'self' 'unsafe-inline' *.knygos-static.lt *.googleapis.com *.gstatic.com *.fbcdn.net cdn.smooch.io *.bootstrapcdn.com; font-src 'self' data: *.knygos-static.lt *.googleapis.com *.gstatic.com *.smooch.io; frame-src 'self' *.google.com *.youtube.com *.cookiebot.com *.facebook.com *.doubleclick.net; connect-src 'self' *.every-pay.eu *.cookiebot.com *.baltotrader.lt *.hotjar.io *.hotjar.com wss://*.hotjar.com *.google.lt *.google.com *.google.ge *.google-analytics.com *.facebook.com *.doubleclick.net *.nr-data.net wss://*.smooch.io https://*.smooch.io api.rollbar.com *.clarity.ms *.cloudfront.net *.helpscout.net; media-src 'self' balto.lt *.helpscout.net; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://apis.google.com https://assets.adobedtm.com https://www.googletagmanager.com https://static.ads-twitter.com https://cdn.cookielaw.org https://www.google-analytics.com https://refinitiv.sc.omtrdc.net https://www.everestjs.net; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net; img-src 'self' data: https://www.google-analytics.com https://www.google.com https://t.co https://analytics.twitter.com https://cdn.cookielaw.org;  frame-src * data:; worker-src 'self' blob:; font-src 'self' data: https://use.typekit.net; connect-src 'self' data: https://yoast.com https://www.google-analytics.com https://cdn.cookielaw.org https://stats.g.doubleclick.net; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src http: data:; script-src http: data: 'unsafe-inline' 'unsafe-eval'; style-src http: data: 'unsafe-inline' 'unsafe-eval'; font-src http: data: 'unsafe-inline' 'unsafe-eval'; frame-src http: data: 'unsafe-inline' 'unsafe-eval'; connect-src http: data: 'unsafe-inline' 'unsafe-eval'; object-src http: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'report-sample'; object-src 'none'; frame-ancestors www.eco-challenge.de; frame-src 'report-sample' www.google.com/maps/embed/ www.youtube-nocookie.com player.vimeo.com *.consentmanager.net; media-src 'none'; font-src 'self' data: assets.spielerplus.de cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ fonts.gstatic.com; style-src 'self' 'report-sample' 'unsafe-inline' assets.spielerplus.de cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ *.consentmanager.net/delivery/; connect-src 'self' 'report-sample' stats.g.doubleclick.net *.google-analytics.com api.spielerplus.de maps.googleapis.com o504409.ingest.sentry.io *.consentmanager.net/delivery/; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com/ajax/libs/jquery/ cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ stats.g.doubleclick.net www.googletagmanager.com www.google-analytics.com maps.googleapis.com assets.spielerplus.de *.consentmanager.net/delivery/; img-src 'self' 'report-sample' data: stats.g.doubleclick.net *.google-analytics.com maps.gstatic.com/mapfiles/ maps.googleapis.com *.ytimg.com assets.spielerplus.de www.googletagmanager.com *.consentmanager.net/delivery/; report-uri https://playerplus.report-uri.com/r/d/csp/enforce; 1
frame-ancestors 'self' *.mainz.de mz-piwik.sitepark.com *.geoportal.rlp.de *.tu-darmstadt.de 1
connect-src 'self' *.algolia.io *.algolia.net *.algolianet.com *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.sumo.com *.userway.org *.voyagetext.com *.zdassets.com *.zendesk.com *.zopim.com code.jquery.com media.sumome.com pro.ip-api.com stats.g.doubleclick.net sumo.com sumome.com vyg.mobi wss://widget-mediator.zopim.com; default-src 'self'; font-src 'self' *.facebook.com *.googleapis.com *.gstatic.com cdn-secure.luckygunner.com cdn.userway.org data: themes.googleusercontent.com; frame-src 'self' *.facebook.com *.google.com *.googleapis.com *.twitter.com *.userway.org sumo.com sumome.com twitter.com; img-src 'self' *.facebook.com *.google-analytics.com *.googleapis.com *.gstatic.com *.sumo.com *.userway.org *.zopim.io cdn-secure.luckygunner.com data: https://seal.verisign.com media.sumome.com stats.g.doubleclick.net sumo.b-cdn.net sumo.com sumome.com syndication.twitter.com twitter.com; manifest-src cdn-secure.luckygunner.com www.luckygunner.com; media-src 'self' *.facebook.com *.zdassets.com *.zopim.com; object-src 'self' *.facebook.com www.luckyreferrals.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.io *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.sumo.com *.sumome.com *.twitter.com *.userway.org *.voyagetext.com *.zdassets.com *.zopim.com assets.voyagetext.com blob: cdn-secure.luckygunner.com code.jquery.com https://cdn.jsdelivr.net/npm/algoliasearch@4/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4 stats.g.doubleclick.net sumo.b-cdn.net sumome-140a.kxcdn.com sumome.com www.luckyreferrals.com; style-src 'self' 'unsafe-inline' *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.twitter.com cdn-secure.luckygunner.com cdn.userway.org sload.sumo.com sumo.b-cdn.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' wss: *.alfabank.by *.yandex.ru *.yandex.by *.yandex.net *.vwo.com *.visualwebsiteoptimizer.com *.mail.ru https://yandex.ru https://yandex.by https://yandex.net https://mcd-sdk.playbuzz.com https://oss.maxcdn.com https://www.youtube.com https://core-renderer-tiles.maps.yandex.net https://connect.facebook.net https://embed.ex.co https://wtrfall.com https://oprosso.net https://oprosso.ru https://cdn.matomo.cloud https://code.jquery.com https://sys.datadrivenpromotion.com https://www.clarity.ms https://analytics.tiktok.com https://x01.aidata.io https://websdk.appsflyer.com https://www.googletagmanager.com https://sys.refocus.ru https://matomo.alfabank.by https://vk.com https://cdnjs.cloudflare.com https://web.webpushs.com https://bitrix.info https://yastatic.net https://dev.visualwebsiteoptimizer.com https://embed.playbuzz.com https://public.flourish.studio https://static.ex.co https://matomojs.trackify.info https://public.tableau.com; style-src 'self' 'unsafe-inline' *.yandex.ru *.yandex.by *.yandex.net *.alfabank.by *.vwo.com *.visualwebsiteoptimizer.com https://static.ex.co https://fonts.googleapis.com https://oprosso.net https://oprosso.ru https://cdn.jsdelivr.net https://web.webpushs.com https://yandex.ru https://yandex.by https://yandex.net; frame-src 'self' *.alfabank.by *.yandex.ru *.yandex.by *.yandex.net *.vwo.com *.visualwebsiteoptimizer.com *.radarpayment.online *.soundcloud.com https://yandex.ru https://yandex.by https://yandex.net https://oprosso.net https://oprosso.ru https://public.tableau.com https://www.youtube.com https://flo.uri.sh https://www.googletagmanager.com https://embed.ex.co; default-src 'self' 'unsafe-inline' wss: *.alfabank.by *.mail.ru *.yandex.ru *.yandex.by *.yandex.net *.vwo.com *.visualwebsiteoptimizer.com https://yandex.ru https://yandex.by https://yandex.net data: blob:; connect-src 'self' 'unsafe-inline' wss: *.alfabank.by *.a.run.app *.mail.ru *.yandex.ru *.yandex.by *.yandex.net *.clarity.ms *.vwo.com *.mradx.net *.visualwebsiteoptimizer.com https://www.googleadservices.com https://adservice.google.com https://r.mradx.net https://yandex.ru https://yandex.by https://yandex.net https://ads.playbuzz.com https://prd-collector-anon.playbuzz.com https://pixel.ex.co https://x01.aidata.io https://embed.playbuzz.com https://sys.datadrivenpromotion.com https://wa.onelink.me https://wa.appsflyer.com https://bitrix.info https://analytics.tiktok.com https://embed.ex.co https://prd-collector-platform.ex.co https://alfabank.by; frame-ancestors 'self'; font-src 'self' *.alfabank.by https://cdn.jsdelivr.net https://fonts.gstatic.com https://yastatic.net https://static.ex.co data:; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *; worker-src 'self' blob: *; object-src 'self' 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; style-src * 'unsafe-inline'; 1
worker-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googlecommerce.com *.googleadservices.com *.braintreegateway.com *.googleapis.com *.cloudflare.com *.planetart.com *.newrelic.com *.twitter.com *.ads-twitter.com *.facebook.net *.adroll.com *.livechatinc.com cdn.brcdn.com www.paypalobjects.com *.brsrvr.com *.nr-data.net *.pcrl.co *.picreel.com *.bing.com *.extole.com *.yimg.com *.yahoo.com *.sharethis.com *.amazonaws.com *.rubiconproject.com *.doubleclick.net *.ups-mi.net *.pinterest.com *.paypal.com *.tellapal.com *.momsaffiliate.com *.emjcd.com *.shareasale.com t.co *.locker2.com *.adxcel-ec2.com *.gstatic.com *.steelhousemedia.com www.googletagmanager.com pixel.cdnwidget.com snap.licdn.com px.ads.linkedin.com *.tvsquared.com unpkg.com d39517acq78dhc.cloudfront.net js.braintreegateway.com *.cardinalcommerce.com *.dca0.com d.adroll.mgr.consensu.org *.ccdc02.com *.openx.net *.rlcdn.com *.adnxs.com *.bidswitch.net *.3lift.com *.taboola.com *.pubmatic.com *.outbrain.com *.casalemedia.com *.advertising.com www.clickcease.com cdn.levelaccess.net *.mail.simplytoimpress.com *.mail.simplytoimpress.co.uk *.mail.canvasworld.com *.mail.photoaffections.com *.mail.mycustomcase.com *.eml.legacylane.com *.eml.parkerandpip.com *.eml.gifts.com track.cordial.io *.personalcreations.com tags.tiqcdn.com use.typekit.net dpm.demdex.net www.lightboxcdn.com t.channeladvisor.com tag.bounceexchange.com s.pinimg.com assets.bounceexchange.com api.bounceexchange.com *.cj.com a.omappapi.com analytics.tiktok.com lightboxapi.azurewebsites.net cdn.attn.tv *.afterpay.com *.mountain.com *.nextdoor.com utt.impactcdn.com *.sjv.io *.clarity.ms d.impactradius-event.com tags.crwdcntrl.net *.rokt.com cdn.cookielaw.org *.iseeme.com *.bookofus.com *.vimeo.com *.vimeocdn.com https://*.kaptcha.com *.niceincontact.com d2zm0lpns956f8.cloudfront.net websdk.appsflyer.com *.bazaarvoice.com mpsnare.iesnare.com *.appsflyer.com shop.pe mapi.gifts.com metrics.simplytoimpress.com metrics.photoaffections.com metrics.canvasworld.com metrics.mycustomcase.com metrics.simplytoimpress.co.uk metrics.parkerandpip.com metrics.legacylane.com metrics2.gifts.com cdn.gonift.com shopper.shop.pe d2mjzob2nc713b.cloudfront.net cdn.canvasworld.com;frame-ancestors 'self' https://www.canvasworld.com https://*.personalcreations.com;object-src 'self' https://www.canvasworld.com;upgrade-insecure-requests 1
default-src 'none'; style-src 'self' 'unsafe-inline'; style-src-elem 'self'; img-src 'self'; base-uri 'self'; frame-ancestors 'none'; form-action 'none' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://kolektiva.social; img-src 'self' https: data: blob: https://kolektiva.social; style-src 'self' https://kolektiva.social 'nonce-bC5LhCUs25XXXTRL3kH2AQ=='; media-src 'self' https: data: https://kolektiva.social; frame-src 'self' https:; manifest-src 'self' https://kolektiva.social; form-action 'self'; child-src 'self' blob: https://kolektiva.social; worker-src 'self' blob: https://kolektiva.social; connect-src 'self' data: blob: https://kolektiva.social https://kolektiva.social wss://kolektiva.social; script-src 'self' https://kolektiva.social 'wasm-unsafe-eval' 1
script-src 'unsafe-inline' 'unsafe-eval' blob: 'self' 'wasm-unsafe-eval' https://challenges.cloudflare.com; connect-src 'self' https://rpc.ankr.com https://crypto-exchange-logos-production.s3.us-west-2.amazonaws.com https://crypto-token-logo-proposals-production.s3.us-west-2.amazonaws.com https://static.cloudflareinsights.com https://*.g.alchemy.com https://cloudflare-eth.com https://auth.privy.io wss://relay.walletconnect.com wss://relay.walletconnect.org wss://www.walletlink.org https://*.rpc.privy.systems wss://realtime-api.defined.fi https://api-js.mixpanel.com https://rpc.blast.io https://plaus.defined.fi https://*.ingest.sentry.io https://d2gndqco47nwa6.cloudfront.net https://graph.defined.fi https://explorer-api.walletconnect.com https://api.turnkey.com https://www.googletagmanager.com; frame-src 'self' https://*.turnkey.com blob: https://auth.privy.io https://verify.walletconnect.com https://verify.walletconnect.org https://challenges.cloudflare.com; child-src https://auth.privy.io https://verify.walletconnect.com https://verify.walletconnect.org; object-src 'none'; 1
frame-ancestors www.graphicpkg.com pubwebprd.graphicpkg.com gpi.my.idaptive.app aau0618.my.idaptive.app 1
frame-ancestors 'self' https://behavior.drivenio.com https://www.supereasy.com https://www.guru99.com 1
default-src 'self' https:; style-src 'self' https: 'unsafe-inline'; font-src 'self' https: data:; img-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri https://gravie.report-uri.com/r/d/csp/enforce; 1
upgrade-insecure-requests; default-src 'self' https: blob: 'unsafe-eval' 'unsafe-inline' *.follettlearning.com follettlearning.com www.follettlearning.com cdn.brandfolder.io; object-src 'none'; img-src http: https: data:; script-src 'self' blob: 'unsafe-inline'  'unsafe-eval'  *.fontawesome.com *.github.io *.unpkg.com unpkg.com *.licdn.com *.follettlearning.com follettlearning.com www.follettlearning.com cdn.datatables.net code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://*.doubleclick.net https://*.facebook.net https://*.instagram.com https://*.fbcdn.net https://*.googletagmanager.com https://cdn.jsdelivr.net https://cdn.pushalert.co https://*.google.com https://*.nmpcdn.com *.googleadservices.com https://www.googleadservices.com https://*.google-analytics.com https://secure.quantserve.com https://certify-js.alexametrics.com https://rec.smartlook.com https://*.gstatic.com https://*.googleapis.com https://rules.quantcount.com https://*.googlesyndication.com https://*.googletagservices.com https://npmcdn.com https://*.ampproject.org https://*.gravitec.net https://*.youtube.com https://*.gravitec.media https://platform.twitter.com players.brightcove.net edge.api.brightcove.com vjs.zencdn.net manifest.prod.boltdns.net optanon.blob.core.windows.net *.follettaspen.com *.onetrust.com *.force.com *.salesforce.com *.salesforceliveagent.com follett.my.salesforce-sites.com *.pinterest.com *.writesonic.com *.botpress.cloud js-na1.hs-scripts.com js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net scripts.iconnode.com *.follettcontent.com qadev.follettcontent.com *.wistia.com *.wistia.net js.hsadspixel.net *.allbooksforallkids.com *.follett.live   *.crazyegg.com *.clickcease.com tracking.g2crowd.com; font-src http: https: data: 1
default-src * 'unsafe-inline' 'unsafe-eval' 'self' data:; script-src * 'unsafe-inline' 'self' 'unsafe-eval' blob:; object-src data: 'self'; base-uri 'self'; connect-src 'self' https://* * data: 'unsafe-inline'; img-src * data: blob: 'self' 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; child-src blob: 'self'; worker-src blob: 'self'; frame-ancestors 'self' https://*.contentful.com https://*.salesforce.com https://*.force.com https://*.segment.com https://*.algolia.io https://*.cookieinformation.com https://*.typeform.com https://*.youtube.com https://*.vimeo.com 1
font-src * data:; 1
frame-ancestors 'self' *.eagle.org; 1
default-src 'self' https://www.privatesportshop.com; connect-src 'self' https://www.privatesportshop.com https://m.sportpursuit.com https://raven.privatesportshop.com https://api.sportpursuit.com https://*.elev.io https://*.amazon.com https://*.amazon.co.uk https://capture.trackjs.com https://*.facebook.com https://*.facebook.net https://*.doubleclick.net https://*.google.com https://*.postcodeanywhere.co.uk https://*.iubenda.com https://*.dixa.io wss://*.dixa.io https://cdn.polyfill.io https://sentry.io https://trustbadge.api.etrusted.com https://shops-si.trustedshops.com https://*.taboola.com https://bat.bing.com https://in.requestmetrics.com https://*.addressy.com https://*.scarabresearch.com https://*.googlesyndication.com https://*.logbor.com https://cdn.jsdelivr.net/gh/TimeOne-Group/isdk@latest/dist/isdk.min.js https://tracking.publicidees.com https://binel.hunkal.com https://*.creativecdn.com https://*.time1.me https://*.lacmp.net https://analytics.optimalpeople.fr https://analytics.tiktok.com https://*.imgstatics.com https://*.gsitrix.com; font-src 'self' https://images1.sportpursuit.info https://images2.sportpursuit.info https://images3.sportpursuit.info https://images4.sportpursuit.info https://*.elev.io https://fonts.gstatic.com https://widgets.trustedshops.com https://*.dixa.io; frame-src https://*.amazon.co.uk https://*.elev.io https://*.amazon.com https://*.payments-amazon.com https://www.googletagmanager.com https://staticxx.facebook.com https://www.facebook.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com https://widget.trustpilot.com https://player.vimeo.com https://*.doubleclick.net https://*.dcmn.io https://*.googlesyndication.com https://*.iubenda.com https://iubenda.mgr.consensu.org/ https://accounts.google.com https://*.publicidees.com https://ams.creativecdn.com https://ad.ad-srv.net/ https://*.redintelligence.net/ https://*.tradedoubler.com; media-src 'self' https://images1.sportpursuit.info https://images2.sportpursuit.info https://images3.sportpursuit.info https://images4.sportpursuit.info https://*.dixa.io/; form-action https://www.privatesportshop.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://trc.taboola.com https://*.amazon.co.uk https://*.amazon.de https://*.amazon.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' https://m.sportpursuit.com https://*.scarabresearch.com https://s.ytimg.com https://www.youtube.com/ https://cdn.elev.io https://googleads.g.doubleclick.net https://www.google.com/pagead/conversion_async.js https://www.googleadservices.com https://*.payments-amazon.com https://*.amazon.com https://www.googletagmanager.com https://connect.facebook.net https://www.sc.pages05.net https://platform.twitter.com https://widget.trustpilot.com https://*.dcmn.io https://*.googlesyndication.com https://*.googleapis.com https://apis.google.com https://*.postcodeanywhere.co.uk https://tagmanager.google.com https://*.iubenda.com https://bat.bing.com https://*.dixa.io https://cdn.polyfill.io https://sentry.io https://widgets.trustedshops.com https://cdn.taboola.com https://trc.taboola.com https://app.storyblok.com https://accounts.google.com data: https://*.logbor.com https://cdn.jsdelivr.net/gh/TimeOne-Group/isdk@latest/dist/isdk.min.js https://tracking.publicidees.com https://binel.hunkal.com https://*.creativecdn.com https://*.time1.me https://analytics.optimalpeople.fr https://pixel.adensemble.com https://s.retargeted.co https://cdn.mndtrk.com https://*.stylight.net https://*.lacmp.net https://*.tradedoubler.com https://analytics.tiktok.com https://*.gsitrix.com; style-src 'self' 'unsafe-inline' https://*.payments-amazon.com https://fonts.googleapis.com https://*.postcodeanywhere.co.uk https://tagmanager.google.com https://*.iubenda.com https://widgets.trustedshops.com https://accounts.google.com https://accounts.google.com; object-src 'none'; upgrade-insecure-requests; 1
base-uri 'self'; default-src 'self' *.credit-agricole.it data: blob:; child-src * blob:; object-src 'self' *.credit-agricole.it; script-src 'self' *.credit-agricole.it *.awswaf.com 'unsafe-inline' 'unsafe-eval' *.cariprpcpar.it *.cariprpcpar.it *.cariprpccoll.it *.develon.com *.cookiebot.com *.acsbapp.com *.sentry.io *.newrelic.com *.nr-data.net *.google.com *.gstatic.com *.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.youtube.com connect.ekomi.de widgets.ekomi.com widgets.ekomi.com *.ekomiapps.de *.facebook.net *.mapbox.com; style-src 'self' *.credit-agricole.it d1d1pnx7stb8xh.cloudfront.net 'unsafe-inline' *.develon.com *.google.com *.googletagmanager.com *.googleapis.com widgets.ekomi.com *.ekomiapps.de *.mapbox.com; font-src 'self' *.credit-agricole.it *.gstatic.com; img-src 'self' *.credit-agricole.it d1d1pnx7stb8xh.cloudfront.net *.gstatic.com *.googletagmanager.com *.google.com *.google.it *.google-analytics.com *.g.doubleclick.net data:; frame-src 'self' *.credit-agricole.it *.cariprpcpar.it *.cariprpccoll.it *.google.com *.youtube.com *.cookiebot.com; frame-ancestors 'self' *.credit-agricole.it; connect-src 'self' *.credit-agricole.it *.sentry.io *.nr-data.net *.cookiebot.com *.google-analytics.com *.g.doubleclick.net *.acsbapp.com *.mapbox.com *.awswaf.com; script-src-elem 'self' *.awswaf.com; 1
default-src 'self' pghub.io feed.pghub.io pandg.tapad.com ; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.youtube.com https://*.bazaarvoice.com https://connect.facebook.net *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com youtu.be *.cookielaw.org *.onetrust.com *.segment.com blob: pghub.io feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com https://stats.g.doubleclick.net https://*.googletagmanager.com https://www.youtube.com https://*.bazaarvoice.com https://connect.facebook.net *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com youtu.be *.cookielaw.org *.onetrust.com *.segment.com blob: pghub.io feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://stats.g.doubleclick.net https://fonts.googleapis.com https://cdn.fonts.net https://*.bazaarvoice.com https://connect.facebook.net *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com *.segment.com blob: pghub.io feed.pghub.io pandg.tapad.com ; font-src 'self' https://fonts.gstatic.com https://stats.g.doubleclick.net https://assets.ctfassets.net https://*.bazaarvoice.com https://connect.facebook.net *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com *.segment.com data: blob: pghub.io feed.pghub.io pandg.tapad.com ; img-src 'self' https://www.googletagmanager.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://images.ctfassets.net https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://pixel.tapad.com/ https://*.bazaarvoice.com https://connect.facebook.net *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com *.segment.com data: blob: pghub.io feed.pghub.io pandg.tapad.com ; frame-src https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.youtube.com https://consumersupport.pg.com https://connect.facebook.net *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com youtu.be *.facebook.com *.segment.com blob: pghub.io feed.pghub.io pandg.tapad.com ; connect-src 'self' https://privacytermsprod.azureedge.net https://www.google-analytics.com https://api-test.pg.com https://api.pg.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.bazaarvoice.com https://api-nonprod.pgsvc.com https://api.pgsvc.com https://connect.facebook.net *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.segment.com *.segment.io *.onetrust.com pghub.io feed.pghub.io pandg.tapad.com ; 1
img-src 'self' blob: data: https://www.googletagmanager.com/ https://www.google-analytics.com/ https://s3-ap-southeast-1.amazonaws.com/agency.form.sg/ https://s3.ap-southeast-1.amazonaws.com/images.form.gov.sg https://s3.ap-southeast-1.amazonaws.com/logos.form.gov.sg * https://*.google-analytics.com https://*.googletagmanager.com;font-src 'self' data: https://fonts.gstatic.com/;script-src 'self' https://ssl.google-analytics.com/ https://www.google-analytics.com/ https://www.tagmanager.google.com/ https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/releases/ https://challenges.cloudflare.com https://js.stripe.com/v3 https://*.googletagmanager.com/gtag/ https://*.cloudflareinsights.com/ https://www.gstatic.com/charts/ https://www.gstatic.cn;connect-src 'self' https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://*.browser-intake-datadoghq.com https://s3.ap-southeast-1.amazonaws.com/attachments.form.gov.sg/ https://s3.ap-southeast-1.amazonaws.com/images.form.gov.sg https://s3.ap-southeast-1.amazonaws.com/logos.form.gov.sg https://s3.ap-southeast-1.amazonaws.com/prod.virus.scanner.quarantine https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;frame-src 'self' https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://challenges.cloudflare.com https://js.stripe.com/;style-src 'self' https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/ 'unsafe-inline' https://www.gstatic.com/charts/;worker-src 'self' blob:;frame-ancestors *;default-src 'self';base-uri 'self';form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com piwik.itzbund.de; object-src 'self' *.gsb.bund.de; media-src 'self' *.gsb.bund.de *.youtube.com; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.itzbund.de; frame-src *.google.com *.gstatic.com *.youtube.com *.itzbund.de *.vsfbsw.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' data: 'unsafe-inline'; font-src 'self' data:; img-src 'self' data:; frame-ancestors https://*.adns2.de/ https://*.hsgate.de/; report-uri https://www.hostserver.de/csp/report.php 1
script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://legalbetkz.push4site.com https://push4site.com https://us-an.gr-cdn.com/ https://check.ddos-guard.net/ https://*.ytimg.com https://static.cloudflareinsights.com http://awards.ratingruneta.ru cdn3.caltat.com https://cbzxy.com https://banners.adfox.ru/ https://yandex.ru https://*.legalcdn.org https://*.legalcdn.com https://static.legalcdn.org https://snap.licdn.com https://px.ads.linkedin.com https://web.legalcdn.org https://*.twimg.com https://platform.twitter.com https://yastatic.net https://www.googleoptimize.com https://mc.yandex.com https://*.yandex.ru https://*.me-talk.ru *.cloudflare.com https://me-talk.ru https://*.intelcdn.com https://*.playbuzz.com https://*.youtube.com http://pollservice.ru https://*.vk.com https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://*.instagram.com https://web.legalcdn.org http://ulogin.ru https://ulogin.ru https://*.gstatic.com https://*.google.com https://*.yandex.net https://*.gr-cdn.com https://*.getresponse.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.ampproject.org https://*.ampproject.net https://*.getresponse360.pl; frame-src 'self' https://*.soundcloud.com https://static.cloudflareinsights.com https://*.yandex.ru http://awards.ratingruneta.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://*.me-talk.ru https://*.instagram.com https://ulogin.ru https://*.youtube.com https://*.facebook.com https://*.twitter.com https://vimeo.com https://rutube.ru https://playbuzz.com https://connect.facebook.net https://web.legalcdn.org https://www.playbuzz.com/ https://*.gstatic.com https://*.google.com https://*.yandex.net https://*.getresponse.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; object-src 'self' https://*.legalcdn.com https://*.legalcdn.org http://awards.ratingruneta.ru https://*.youtube.com https://web.legalcdn.org https://static.legalcdn.org https://web.legalcdn.org https://*.gstatic.com https://*.google.com https://*.yandex.net https://*.getresponse.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; child-src 'self' blob: http://awards.ratingruneta.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://*.getresponse.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; worker-src 'self' blob: https://legalbetkz.push4site.com https://push4site.com https://*.gr-cdn.com https://*.getresponse.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; report-uri /csp-report/; 1
default-src 'self'; script-src 'self' blob: *.usercentrics.eu 'unsafe-eval' https://www.google-analytics.com/ 'unsafe-eval' http://www.google-analytics.com/ 'unsafe-inline' http://www.googletagmanager.com https://connect.facebook.net/ https://snap.licdn.com/ https://maps.googleapis.com https://ajax.googleapis.com/ https://www.youtube.com/ http://platform.massrelevance.com/js/massrel.js https://analytics.tiktok.com/ *.clarity.ms *.zoovu.com *.smartassistant.com https://walls.io https://static.hotjar.com https://script.hotjar.com/ https://www.googleadservices.com https://www.google.com https://events.ottobock.com https://stable.loyjoy.com https://kraken-qa.ottobock.com https://unpkg.com/web-vitals@3.5.2/dist/web-vitals.iife.js https://visualwebsiteoptimizer.com https://app.vwo.com; connect-src 'self' * https://*.ottobock.com *.algolianet.com *.algolia.net *.usercentrics.eu *.google-analytics.com https://maps.googleapis.com/ https://analytics.tiktok.com/ https://*.in.applicationinsights.azure.com/ https://assets.ctfassets.net/ https://cdn.linkedin.oribi.io/ *.google.com stats.g.doubleclick.net region1.analytics.google.com *.google-analytics.com *.clarity.ms *.zoovu.com *.smartassistant.com https://cdn.linkedin.oribi.io/ https://googleads.g.doubleclick.net/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cdn.growthbook.io/ https://*.blackthorn.io www.googleadservices.com td.doubleclick.net https://px.ads.linkedin.com/ https://api.openai.com; img-src 'self' * data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ *.zoovu.com https://kraken-qa.ottobock.com; font-src 'self' * data:; frame-src 'self' www.ottobock.de www.ottobock.com https://www.youtube.com/ http://www.youtube.com/ cloud.news.ottobockus.com ottobock-se-co-kgaa.massrel.io http://ottobock-se-co-kgaa.massrel.io https://ottobock-se-co-kgaa.massrel.io https://www.ottobock.ch https://www.ottobock.at https://ttselector.ottobock.com https://www.ottobock.it https://www.selection-guide.de/ https://www.ottobock-events.de/ https://my.walls.io/ https://cloud.info.ottobock.com/ https://events.blackthorn.io https://www.googleadservices.com https://td.doubleclick.net http://facebook.com https://events.ottobock.com https://www.google.com; frame-ancestors 'self' https://app.contentful.com https://events.ottobock.com; child-src 'self' ; media-src 'self' https://videos.ctfassets.net http://videos.ctfassets.net https://*.cep.ottobock.com; 1
script-src 'unsafe-inline' 'self' 'unsafe-eval' *.googleapis.com *.facebook.net *.union-investment.de *.usercentrics.eu *.doubleclick.net *.meininvest.de *.frontend.live *.googletagmanager.com *.podigee-cdn.net *.highcharts.com https://safemicronkk2022prod.z6.web.core.windows.net/ http://localhost:* https://fe-calculator-prod.azureedge.net https://fe-scs-aktuelles-prod.azureedge.net https://bplv.fe.union-investment.de https://internal.api.union-investment.de mktdplp102cdn.azureedge.net; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' fbk.ru *.fbk.ru grantthornton.ru *.grantthornton.ru yandex.ru *.yandex.ru yandex.net *.yandex.net yandex.com *.yandex.com yandex.md *.yandex.md yastatic.net *.yastatic.net google.com *.google.com gstatic.com *.gstatic.com fonts.googleapis.com *.fonts.googleapis.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com rambler.ru *.rambler.ru counter.yadro.ru *.counter.yadro.ru cloudflare.com *.cloudflare.com cp.unisender.com *.cp.unisender.com vk.com *.vk.com facebook.com *.facebook.com facebook.net *.facebook.net roistat.com *.roistat.com youtube.com *.youtube.com bitrix.info; img-src 'self' https: data:; form-action 'self' cp.unisender.com *.cp.unisender.com facebook.com *.facebook.com; object-src 'none'; report-uri https://www.fbk.ru/csp.php 1
frame-ancestors 'self' https://www.magentasport.de 1
default-src 'self';img-src 'self' https://* data:;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline' 1
frame-ancestors https://www.kuchenland.ru https://metrika.yandex.ru 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-9ef4858e45e6505e14964627567479d4'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
script-src  https://code.jivosite.com  'self' 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' http://claro.com.ec http://www.claro.com.ec http://m.miclaro.com.ec https://m.miclaro.com.ec http://miclaro.com.ec https://miclaro.com.ec http://www.miclaro.com.ec https://www.miclaro.com.ec https://miclaro.ec.clarodigital.net http://miclaro.ec.clarodigital.net http://miclaro.ec https://miclaro.ec https://miclaro-ec.amx-dev.amxdigital.net http://miclaro-ec.amx-dev.amxdigital.net https://amxdigital.net http://amxdigital.net https://miclaro-ec.amx-dev.amxdigital.net/ http://miclaro-ec.amx-dev.amxdigital.net/  https://scd-te-ec-livechat-01-328a.azurewebsites.net/ http://scd-te-ec-livechat-01-328a.azurewebsites.net/ https://amx-ec-ase-livechat-client-pro.azurewebsites.net http://amx-ec-ase-livechat-client-pro.azurewebsites.net https://app.urbano.com.ec/ https://app.urbano.com.ec/plugin/etracking/etracking/ https://cdn.kushkipagos.com/ https://link.claro-nbo.uplinkbusiness.com  http://link.claro-nbo.uplinkbusiness.com https://test.claro-nbo.uplinkbusiness.com http://test.claro-nbo.uplinkbusiness.com 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: wss://* http://* https://*; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com https://cdn.insight.sitefinity.com https://code.jquery.com/jquery-3.4.1.min.js https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js *.youtube.com/ https://youtube.com https://player.vimeo.com/api/player.js https://vjs.zencdn.net/7.11.4/video.min.js connect.facebook.net https://connect.facebook.net/en_US/fbevents.js platform.twitter.com https://syndication.twitter.com/ https://analytics.twitter.com/i/adsct platform.linkedin.com https://www.linkedin.com/ https://s.ytimg.com https://publish.twitter.com https://twitter.com/ https://static.ads-twitter.com/uwt.js ajax.aspnetcdn.com *.twimg.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://sopra-steria.career-inspiration.com/js/fbapppromobox.js https://snap.licdn.com/ https://sjs.bizographics.com/insight.min.js https://secure.quantserve.com/quant.js https://rules.quantcount.com/rules-p-U-rxjfyRkAJ0Y.js https://static.pathmotion.io/initjs/init.min.js https://rules.quantcount.com/rules-p-5eXwvumSeTF0n.js *.lfeeder.com *.leadfeeder.com https://pi.pardot.com/pd.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://pi.pardot.com/ https://go.soprasteria.de/ https://walls.io/js/ https://masterbot-chat-ssg-career-website-masterbot.apps.cloud.sodigital.io/ https://chatbot-widget.jobijoba.io https://ytimg.com https://siteimproveanalytics.com/js/siteanalyze_6035851.js https://npmcdn.com/imagesloaded@4.1/imagesloaded.pkgd.js https://tags.inzynk.io/cl383xbw/iztag.js https://analytics.inzynk.io/v/cl383xbw https://player.gobistories.com/index.js https://www.buzzsprout.com https://tag.aticdn.net/piano-analytics.js https://*.xiti.com https://*.ati-host.net https://*.aticdn.net https://unpkg.com https://tagmanager.google.com *.googletagmanager.com cdn1.readspeaker.com *.goldenbees.fr/ https://cdn.goldenbees.mgr.consensu.org/ https://cdnjs.cloudflare.com/ajax/libs/videojs-youtube/2.5.0/Youtube.min.js https://cdnjs.cloudflare.com/ajax/libs/xlsx/0.16.6/xlsx.full.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.9.3/Chart.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap-multiselect/0.9.15/js/bootstrap-multiselect.js https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.6.1/iframeResizer.min.js https://www2.soprasteria.no https://analytics.inzynk.io */widget/v1/sr-job-alerts.js https://widget.gobistories.com/ https://js.datadome.co/tags.js js.datadome.co https://karriere.soprasteria.de https://karriere.css.soprasteria.de https://karriere.css.soprasteria.de/post_message_receiver.js https://cdn.mouseflow.com https://survey.survicate.com https://surveys-static.survicate.com *.usercentrics.eu embed.vev.page https://js-eu1.hsforms.net/ https://js-eu1.hscollectedforms.net/ https://js-eu1.hs-scripts.com https://js-eu1.hs-banner.com/ https://js-eu1.hsadspixel.net/ https://js-eu1.hs-analytics.net/ https://js-eu1.hubspot.com/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://tagmanager.google.com/debug/css.css https://pixel.quantserve.com/pixel https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css https://cdnjs.cloudflare.com/ajax/libs/bootstrap-multiselect/0.9.15/css/bootstrap-multiselect.css https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css cdn1.readspeaker.com https://chatbot-widget.jobijoba.io https://fonts.googleapis.com https://vjs.zencdn.net/7.11.4/video-js.css https://www.googletagmanager.com/debug/badge.css https://surveys-static.survicate.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://surveys-static.survicate.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com *.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com *.eloqua.com track.hubspot.com https://dc.ads.linkedin.com/collect/ https://px.ads.linkedin.com/ https://t.co/i/adsct https://counter.adcourier.com https://stats.g.doubleclick.net/r/collect https://pixel.quantserve.com/ data: blob: *.cdninstagram.com *.lfeeder.com *.leadfeeder.com *.google.fr/ads/ *.google.com/ads/ https://cdn.recman.no/ https://i.ytimg.com/ https://cdn.jobijoba.com https://hellojaiblog.files.wordpress.com https://media.giphy.com https://s3.eu-central-1.amazonaws.com https://ytimg.com https://6035851.global.siteimproveanalytics.io/ https://conv.indeed.com/pagead/conv/5314231913872130/ https://img.youtube.com/ https://media-proxy.gobistories.co/ https://res.cloudinary.com https://ad.doubleclick.net https://analytics.twitter.com https://www.googletagmanager.com https://surveys-static.survicate.com https://assets.survicate.com *.usercentrics.eu https://www.buzzsprout.com https://forms-eu1.hsforms.com/ https://perf-eu1.hsforms.com/ https://track-eu1.hubspot.com/; media-src 'self' data: blob: https://lesjoiesducode.fr/ https://firebasestorage.googleapis.com https://s3.eu-central-1.amazonaws.com https://youtube.com https://googlevideo.com https://cdn.jobijoba.com https://www.youtube.com/ https://res.cloudinary.com; frame-src 'self' https://platform.twitter.com/ https://www.youtube.com/ https://youtu.be/ https://player.vimeo.com/ https://karriere.soprasteria.de/ https://candidate.hr-manager.net/ https://my.walls.io/ https://www.google.com/ https://sopra.symex.be/ https://charts.symex.be/ https://maps.google.com/ https://sopra-steria.career-inspiration.com/ https://youtube.com https://chatbot-webview.jobijoba.io https://app-eu.readspeaker.com/ https://app.livestorm.co/ https://masterbot-chat-ssg-career-website-masterbot.apps.cloud.sodigital.io/ https://www.buzzsprout.com https://forms.office.com/ https://app.powerbi.com/ https://subscriptions.smartrecruiters.com/ https://go.soprasteria.com/ https://smrtr.io/ https://join.smartrecruiters.com/ *.doubleclick.net https://it-economics.jobs.personio.de/ https://karriere.css.soprasteria.de https://soprasteria.jobs.personio.de/; child-src 'self' blob: *.twitter.com https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com *.facebook.com badge.stumbleupon.com https://charts.symex.be/ https://sopra.symex.be/ https://sopra-steria.career-inspiration.com/ *.google.com/ https://candidate.hr-manager.net/ https://karriere.soprasteria.de/ https://app-eu.readspeaker.com/; connect-src 'self' accounts.google.com *.sitefinity.com *.mktoresp.com https://maps.googleapis.com/ https://vimeo.com/ *.readspeaker.com https://media-eu.readspeaker.com/ https://cdn1.readspeaker.com/ https://www.digitale-exzellenz.de https://www.instagram.com *.lfeeder.com *.leadfeeder.com https://vttts-eu.readspeaker.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://chatbot-widget.jobijoba.io wss://chatbot-api.jobijoba.io https://chatbot-api.jobijoba.io https://www.linkedin.com/ *.linkedin.com https://api.gobistories.co/ https://api.gobistories.com/ https://res.cloudinary.com https://*.xiti.com https://*.pa-cd.com https://*.ati-host.net https://*.aticdn.net https://cdn.linkedin.oribi.io https://analytics.inzynk.io https://o2.mouseflow.com https://eu-api.friendlycaptcha.eu https://respondent.survicate.com *.usercentrics.eu https://forms-eu1.hsforms.com/ https://forms-eu1.hscollectedforms.net/ https://api-eu1.hubapi.com/ https://cta-eu1.hubspot.com/; 1
default-src 'self' *.travelguard.com *.travelguard.com.seg.js *.aig.com *.tokenex.com *.aiginsurance.com assets.adobedtm.com *.google.com *.googletagmanager.com *.google-analytics.com *.youtube.com *.doubleclick.net *.cloudfront.net 'unsafe-inline' 'unsafe-eval' blob: data: 1
frame-ancestors 'self' *.futuoa.com 1
frame-ancestors 'self' https://app.kontent.ai https://www.sonarsource.com; base-uri 'self'; default-src data: 'unsafe-inline' 'unsafe-eval' https:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src; child-src https: data: blob:; form-action 'self' https:; block-all-mixed-content; script-src 'nonce-DJs2KfFEKQ5q9RjqycAjkUXwG8UGIGWB' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'self' https: http:; report-uri /.netlify/functions/__csp-violations 1
script-src 'self' 'nonce-987a6b7d508adf584bb5bfeb3cc80403' www.fiduciedesjardins.com *.desjardins.com *.desjardins.ca www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net geolocation.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com desjardins-cookies-privacy.my.onetrust.com; 1
default-src 'none'; base-uri 'self' https://api.intentiq.com; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.supermoney.com https://*.googletagmanager.com https://*.quora.com https://*.pinimg.com https://bat.bing.com https://*.google-analytics.com https://*.hs-scripts.com https://*.hs-banner.com https://*.usemessages.com https://*.hscollectedforms.net https://*.clarity.ms https://*.clickcease.com https://*.taboola.com https://*.trustpilot.com https://*.hotjar.com https://*.doubleclick.net https://*.hubspot.com https://maps.googleapis.com https://*.hs-analytics.net https://*.pinterest.com https://*.lidstatic.com https://*.infogram.com https://challenges.cloudflare.com https://*.facebook.net https://*.googleadservices.com https://apis.google.com https://*.termly.io https://*.invoca.net https://*.ringrevenue.com; style-src 'self' 'unsafe-inline' https://*.supermoney.com https://*.hotjar.com https://*.gstatic.com https://*.googleapis.com; object-src 'self' https://*.supermoney.com; connect-src 'self' https://*.supermoney.com https://*.clarity.ms https://*.clickcease.com https://*.taboola.com https://*.googleapis.com https://*.hscollectedforms.net https://*.doubleclick.net https://*.posthog.com https://*.hubspot.com https://*.google.com https://*.pinterest.com https://*.google-analytics.com https://bat.bing.com *.hotjar.com *.hotjar.io https://*.clarity.ms https://*.intentiq.com https://api.intentiq.com wss://*.hotjar.com https://*.leadid.com https://*.google.com https://*.googleadservices.com https://*.quora.com; font-src * 'self' data: https: https://*.supermoney.com https://*.hotjar.com; frame-src 'self' https://*.supermoney.com https://*.pinterest.com https://*.trustpilot.com https://*.doubleclick.net https://*.hubspot.com https://*.taboola.com https://*.leadid.com https://d2m2wsoho8qq12.cloudfront.net https://*.infogram.com https://challenges.cloudflare.com https://*.go2cloud.org https://*.youtube.com https://*.googletagmanager.com https://tsdtocl.com; img-src * 'self' data: https: android-webview-video-poster https://*.supermoney.com https://*.hotjar.com; manifest-src 'self' *; media-src 'self' data: https: https://*.supermoney.com https://d2m2wsoho8qq12.cloudfront.net; form-action 'self' https://*.supermoney.com https://*.leadid.com; frame-ancestors 'self' https://*.supermoney.com https://*.hubspot.com; report-uri https://csp-report.supermoney.com; 1
frame-ancestors 'self' https://*.teemill.com teemill.com 1
frame-ancestors 'self' https://www.tatasteel.com/  https://dynamicform.tatasteel.com/  https://blog.tatasteel.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: android-webview-video-poster: oppocommunity: oppostore: webcompt: *; frame-ancestors 'self' *.oppo.com *.oppo.cn *.opposhop.cn *.wanyol.com; report-uri https://ti.oppo.com/csp/DataReport; report-to https://ti.oppo.com/csp/DataReport; 1
default-src 'self' api2.firefoxchina.cn account.firefoxchina.cn; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://a.alimama.cn g.click.taobao.com  suggestion.baidu.com www.baidu.com hm.baidu.com nssug.baidu.com  www.google-analytics.com *.googlesyndication.com static.huohu123.com ; img-src * data:; child-src 'self' *.firefoxchina.cn  *.17huohu.com; frame-src 'self' *.firefoxchina.cn  *.17huohu.com www.taobao.com entry.baidu.com; frame-ancestors 'self' *.firefoxchina.cn tongji.baidu.com about:; style-src 'self' 'unsafe-inline'; font-src 'self' data: ;  connect-src hm.baidu.com *.firefoxchina.cn ;report-uri /_/csp-reports 1
frame-ancestors 'self' cdn.adkaora.space cdn.ampproject.org *.g.doubleclick.net blob: elpopular.pe *.googleapis.com *.googlesyndication.com; 1
frame-ancestors 'self' https://nobudget.media/ 1
style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.hotjar.com; script-src 'self' 'unsafe-inline'  *.googletagmanager.com *.google-analytics.com analytics.google.com *.hotjar.com; frame-src 'self' *.youtube.com *.vimeo.com *.doubleclick.net; font-src 'self' data: *.googleapis.com *.gstatic.com *.hotjar.com; img-src 'self' data: assets.americashealthrankings.org www.google.com i.ytimg.com *.googletagmanager.com *.google-analytics.com analytics.google.com; connect-src 'self' *.googletagmanager.com *.google-analytics.com analytics.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.doubleclick.net *.sentry.io 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.toodledo.com https://*.toodledo.com https://*.cookielaw.org https://*.onetrust.com https://*.stripe.com https://*.filepicker.io http://*.filepicker.io http://*.twitter.com https://*.twitter.com https://apis.google.com https://*.googleapis.com https://maps.gstatic.com http://apis.google.com http://*.googleapis.com http://maps.gstatic.com http://www.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com http://www.googleadservices.com https://www.googleadservices.com http://*.google.com https://*.google.com http://d1h9d4exwfthxc.cloudfront.net https://www.googletagmanager.com https://www.googletagservices.com https://securepubads.g.doubleclick.net https://googleads.g.doubleclick.net http://connect.facebook.net http://assets.pinterest.com https://canny.io https://*.chargebee.com https://*.adroll.com https://www.youtube.com https://www.gstatic.com https://*.googlesyndication.com https://cdn.firstpromoter.com https://*.hubspot.com https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://js.hsleadflows.net https://*.usemessages.com https://unpkg.com https://*.profitwell.com https://*.sentry-cdn.com https://*.sentry.io https://polyfill.io https://*.chargebee.com https://*.stripe.com https://cdn.heapanalytics.com https://*.fontawesome.com; report-uri /ajax/csp_report.php; 1
default-src * https://*.google.com  https:; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src * 'self' data:; frame-ancestors 'self'; 1
default-src data: https: 'self';     script-src https: 'self' 'unsafe-inline' 'unsafe-eval';     style-src https: 'self' 'unsafe-inline';     frame-ancestors https: 'self' *.youtube.com *.prton.kisti.re.kr *.facebook.com 1
base-uri 'self';connect-src 'self' *.youtube.com albis-bot-backend-service-gj4kqfil6q-uc.a.run.app *.bugsnag.com *.vemcount.com *.vemcount.app vemcount.app ws://127.0.0.1:6001 wss://127.0.0.1:6001 https://*.s3.eu-central-1.amazonaws.com;form-action 'self' *.vemco.group;img-src 'self' data: tecbrain.com img.youtube.com www.gravatar.com *.eu-central-1.amazonaws.com *.meetsigma.io *.vemcogroup.com *.vemcount.com vemcount.com *.vemcount.app vemcount.app vem-assist-cdn.vercel.app;media-src 'self' *.eu-central-1.amazonaws.com;object-src 'none';script-src 'self' vemassist.albisai.com 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.bunny.net 1
frame-ancestors 'self' https://a.cms.omniupdate.com; default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; worker-src 'self' blob:; 1
default-src 'self' https:; script-src 'strict-dynamic' js.hsforms.net google-analytics localhost 'self' 'nonce-rAnd0m123' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline' https://js.hsforms.net/forms/embed/v2.js; img-src 'self' https: data:; font-src 'self' https: data:; object-src 'none'; base-uri https://hexaware.com/; 1
default-src 'self' 'unsafe-inline' data: blob: https://static.zpe.gov.pl https://static.epodreczniki.pl;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.zpe.gov.pl https://static.epodreczniki.pl https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' 'unsafe-inline' data: blob: https://platforma.zpe.gov.pl https://static.zpe.gov.pl https://static.epodreczniki.pl https://www.google-analytics.com https://www.googletagmanager.com;connect-src 'self' ws: https://platforma.zpe.gov.pl https://moje.zpe.gov.pl  https://static.zpe.gov.pl https://static.epodreczniki.pl https://sandbox.zpe.gov.pl https://sr-production.contentplus.io https://*.google-analytics.com;media-src 'self' data: blob: https://static.zpe.gov.pl https://static.epodreczniki.pl;worker-src 'self' data: blob: https://static.zpe.gov.pl https://static.epodreczniki.pl;frame-src * 1
frame-ancestors 'self'; // Add other policies on a new line here // And another one here 1
default-src 'self'; connect-src 'unsafe-inline' 'self' https://*.googlesyndication.com/ https://*.adnxs.com/ https://search-api.swiftype.com https://*.hotjar.com wss://*.hotjar.com/ https://*.hotjar.io https://search-api.swiftype.com https://s.swiftypecdn.com/ https://www.google-analytics.com/ https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://www.google.com/ https://consentcdn.cookiebot.com/ https://acdn.adnxs.com https://trk.adbutter.net https://*.doubleclick.net https://*.dynamics.com https://*.azureedge.net/; script-src 'unsafe-inline' 'self' https://static-cdn.summon.serialssolutions.com/ https://uha.summon.serialssolutions.com/ https://*.hotjar.com/ https://s.swiftypecdn.com https://www.google-analytics.com/ https://*.doubleclick.net/ https://analytics.google.com https://www.googletagmanager.com https://www.google.com/ https://consent.cookiebot.com https://www.gstatic.com/ https://consentcdn.cookiebot.com/ https://cdn.syndication.twimg.com/ https://acdn.adnxs.com https://trk.adbutter.net https://www.googleadservices.com/ https://connect.facebook.net/ https://mktdplp102cdn.azureedge.net/ https://twitter.com/ https://platform.twitter.com/ https://*.hotjar.com/ https://uhasseltbe.sharepoint.com/ https://view.genial.ly/ https://www.instagram.com/embed.js https://*.azureedge.net/; style-src 'self' 'unsafe-inline' https://s.swiftypecdn.com https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://uha.summon.serialssolutions.com/ https://fonts.googleapis.com https://s.swiftypecdn.com https://platform.twitter.com/ https://platform.twitter.com/; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src https://*.doubleclick.net/ https://uhasselt.qualtrics.com/ https://*.genially.com/ https://miro.com/ https://view.genial.ly/ https://www.google.com/ https://youtube-nocookie.com https://www.youtube-nocookie.com https://youtube.com https://www.youtube.com https://vimeo.com https://www.vimeo.com https://acdn.adnxs.com https://trk.adbutter.net https://www.google.com https://publish.folders.eu/ https://app.folders.eu/ https://*.uhasselt.be/ https://platform.twitter.com/ https://bibbase.org https://player.vimeo.com/ https://analytics-eu.clickdimensions.com/ https://twitter.com/ https://calendar.google.com/ https://maps.google.com https://embed.deburen.tv/ https://documentserver.uhasselt.be/ https://open.spotify.com/ https://consentcdn.cookiebot.com/ https://eea0f6dc7d1c4455b1a21b477adcb9f7.svc.dynamics.com/ https://ff9a155d5f11499fb581e542d9e7f244.svc.dynamics.com/ https://www.facebook.com/ https://docs.google.com https://*.hotjar.com/ https://syndication.twitter.com/ https://www.linkedin.com/ https://script.google.com/ https://www.instagram.com/; img-src 'self' data: https://cc.swiftype.com/ https://www.google.com/ https://www.google.be https://www.uhasselt.be/  https://www.google-analytics.com https://ib.adnxs.com https://secure.adnxs.com https://abs.twimg.com/ https://pbs.twimg.com/ https://platform.twitter.com/ https://www.facebook.com/ https://syndication.twitter.com/ https://*.doubleclick.net https://*.cookiebot.com https://*.googlesyndication.com 1
report-uri https://da29fbb48db8d300dadaf4982e8940b2.report-uri.com/r/d/csp/reportOnly;base-uri 'self';default-src 'self';form-action 'self';object-src 'self';connect-src 'self' *.mapbox.com *.google-analytics.com connect.facebook.net www.facebook.net;frame-src 'self' js.stripe.com www.loom.com www.youtube.com www.google.com;frame-ancestors 'none';worker-src 'self' blob:;media-src 'self' data:;img-src 'self' blob: data: cdn.jsdelivr.net www.gstatic.com *.googletagmanager.com www.facebook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' js.stripe.com api.mapbox.com cdn.loom.com cdnjs.cloudflare.com cdn.jsdelivr.net www.google.com www.gstatic.com fonts.googleapis.com *.google-analytics.com *.googletagmanager.com connect.facebook.net;style-src 'self' 'unsafe-inline' api.mapbox.com cdn.jsdelivr.net fonts.googleapis.com;font-src 'self' data: fonts.gstatic.com 1
frame-ancestors 'self' https://*.neteasy.pl; 1
base-uri 'self'; block-all-mixed-content ; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://*.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' data: https://sourcewhale.app https://*.sourcewhale.app https://*.ingest.sentry.io https://*.swl.is https://*.giphy.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://www.gstatic.com https://heapanalytics.com https://*.birdie.so https://*.hellozest.io https://web.delighted.com wss://ws.pusherapp.com https://delighted.com https://*.twilio.com wss://chunderw-vpc-gll.twilio.com wss://voice-js.roaming.twilio.com/signal https://*.auryc.com https://*.clarity.ms; default-src 'none'; font-src 'self' data: https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io https://*.birdie.so https://*.hellozest.io; frame-ancestors 'self' https://bullhornstaffing.com https://*.bullhornstaffing.com https://jobadder.com https://*.jobadder.com https://pipedrive.com https://*.pipedrive.com https://*.live.com https://*.sharepoint.com https://outlook.office.com https://outlook.office365.com; frame-src 'self' https://accounts.google.com https://intercom-sheets.com https://*.birdie.so https://*.hellozest.io https://*.loom.com https://*.youtube.com https://*.oaspapps.com; img-src 'self' https: data: blob:; media-src 'self' data: https://*.intercomcdn.com https://sourcewhale.app https://*.sourcewhale.app https://sourcewhale-client-data-prod.s3.amazonaws.com; object-src 'none'; script-src 'self' https://ajax.aspnetcdn.com https://browser.sentry-cdn.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://s3.amazonaws.com/intercom-sheets.com https://www.gstatic.com https://heapanalytics.com https://cdn.heapanalytics.com https://appsforoffice.microsoft.com https://app.birdie.so https://app.hellozest.io https://d2yyd1h5u9mauk.cloudfront.net https://outlook.office.com https://outlook.office365.com https://*.clarity.ms https://*.birdie.so; script-src-elem 'self' https://ajax.aspnetcdn.com https://browser.sentry-cdn.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://s3.amazonaws.com/intercom-sheets.com https://www.gstatic.com https://heapanalytics.com https://cdn.heapanalytics.com https://appsforoffice.microsoft.com https://app.birdie.so https://app.hellozest.io https://d2yyd1h5u9mauk.cloudfront.net https://*.clarity.ms https://*.birdie.so; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://heapanalytics.com https://*.birdie.so; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://heapanalytics.com https://*.birdie.so; style-src-attr 'self' 'unsafe-inline'; worker-src blob: 1
frame-ancestors 'self' https://cdw.theatro360.com; 1
frame-ancestors 'self'; base-uri 'self'; form-action 'self'; 1
frame-ancestors 'self' https://*.pospal.cn https://*.pospal.ai 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data: 'unsafe-inline'; frame-ancestors 'self' *.ecashsoftware.com *.vergentlms.com; img-src * data: 'unsafe-inline' ; frame-src *; connect-src *; child-src blob: worker-src blob:; 1
frame-ancestors https://*.kjell.com; base-uri 'self' 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.biocadless.com *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.youtube.com *.yandex.ru *.salesforce.com *.twitter.com *.usefathom.com vk.com *.dataforum.pro *.googleadservices.com yastatic.net top-fwz1.mail.ru;child-src *.biocadless.com *.google.com *.gstatic.com *.doubleclick.net *.youtube.com *.salesforce.com *.twitter.com *.dataforum.pro;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.cloudflare.com *.dataforum.pro;img-src * blob: data: *.biocadless.com *.dataforum.pro;font-src 'self' 'unsafe-eval' *.gstatic.com *.dataforum.pro;frame-src 'self' 'unsafe-inline' platform.dataforum.pro yandex.ru webvisor.com *.youtube.com *.google.com *.yandex.ru;connect-src *;media-src *; 1
frame-ancestors 'self' http://www.philips.com *.philips.com *.philips.com https://philipsigtdpv.com 1
frame-ancestors 'self' https://neo.finance.si https://www.ntk.si/ https://next.brella.io/ https://narocilnice.bhc.si 1
default-src https://*.apptio.com 'self'; script-src 'self' https://*.apptio.com https://cdn-app.pathfactory.com/ https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js https://web.cvent.com https://www.cvent-assets.com https://bat.bing.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://*.cloudfront.net/fullcircle.js https://dev.visualwebsiteoptimizer.com https://*.wistia.com https://*.wistia.net https://www.trustradius.com https://googleads.g.doubleclick.net https://*.clarity.ms https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com https://tag.demandbase.com https://tracking.intentsify.io https://www.gartner.com/reviews/public/Widget/js/widget.js https://www.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://www.google.com/pagead/conversion_async.js https://app.cdn.lookbookhq.com/libraries/overlay/overlay.js https://src.litix.io https://*.addthis.com https://*.moatads.com https://*.addthisedge.com https://cdn.shortpixel.ai https://app.vwo.com https://s.pointerpro.com https://snap.licdn.com https://www.ibm.com https://*.s81c.com https://cdn.metadata.io/site-script.js 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' blob: https://*.apptio.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdn.shortpixel.ai https://fast.wistia.com https://www.cvent-assets.com https://www.gartner.com https://www.trustradius.com https://d30ia583fbtg8i.cloudfront.net https://app.cdn.lookbookhq.com https://app.vwo.com https://cdn-app.pathfactory.com 'unsafe-inline'; object-src 'self'; base-uri 'self'; connect-src 'self' https://*.apptio.com https://*.mktoresp.com https://935-cth-469.mktoutil.com https://www.facebook.com https://apptio.widen.net https://cf-store.widencdn.net/apptio https://api.company-target.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://stats.g.doubleclick.net https://bat.bing.com https://cdn.linkedin.oribi.io https://cdn.cookielaw.org https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.wistia.com https://*.wistia.net https://*.litix.io https://geolocation.onetrust.com https://*.cloudfront.net https://*.clarity.ms https://*.hotjar.com https://*.hotjar.io https://www.trustradius.com https://jukebox.pathfactory.com https://embedwistia-a.akamaihd.net https://spcollector.pathfactory.com https://st.fullcircleinsights.com https://*.addthis.com https://www.facebook.com https://segments.company-target.com https://tag-logger.demandbase.com https://px.ads.linkedin.com; font-src 'self' data: https://fonts.gstatic.com https://*.cloudfront.net https://cdn.shortpixel.ai https://*.wistia.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com https://cdn-app.pathfactory.com https://*.gartner.com https://tag-logger.demandbase.com; frame-src 'self' https://*.apptio.com https://js.driftt.com https://web.cvent.com https://vars.hotjar.com https://www.facebook.com https://www.gartner.com https://fast.wistia.net https://fast.wistia.com https://maps.google.com https://www.google.com https://*.addthis.com https://*.doubleclick.net https://app.vwo.com https://s.pointerpro.com https://s.company-target.com https://apptio.jifflenow.com; img-src 'self' data: blob: https://*.apptio.com https://*.bing.com https://*.clarity.ms https://cdn.shortpixel.ai https://s.w.org https://*.cloudfront.net https://*.wistia.com https://*.visualwebsiteoptimizer.com https://embedwistia-a.akamaihd.net https://*.wistia.net https://id.rlcdn.com https://match.prod.bidr.io https://*.linkedin.com https://www.facebook.com https://connect.facebook.net https://*.google-analytics.com https://*.analytics.google.com https://www.google.com https://www.googletagmanager.com https://segments.company-target.com https://*.adsymptotic.com https://cdn.cookielaw.org https://reviews.static.gartner.com https://cdn.pathfactory.com https://media.trustradius.com https://*.s81c.com; manifest-src 'self'; media-src 'self' blob: data: https://*.wistia.net https://*.wistia.com https://embedwistia-a.akamaihd.net https://js.driftt.com https://episodes.castos.com; worker-src https://*.apptio.com blob: 'self'; 1
script-src https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; font-src * data: https:; img-src * data: https:; media-src * data: blob: https:; worker-src blob:; connect-src https://*.optimalworkshop.com https://*.dev-optimalworkshop.com https://*.google-analytics.com https://*.intercom.io wss://*.intercom.io https://*.fontawesome.com https://*.doubleclick.net https://*.wistia.com https://*.litix.io https://*.bing.com https://*.linkedin.oribi.io https://px.ads.linkedin.com https://*.hotjar.io https://*.bamboohr.com https://*.googlesyndication.com https://*.analytics.google.com https://*.outbrain.com https://*.googleapis.com https://*.hotjar.io https://*.facebook.com wss://*.hotjar.com https://pixel.wp.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://browser-intake-datadoghq.com https://optimalworkshop.formstack.com; style-src https://*.optimalworkshop.com https://*.dev-optimalworkshop.com https://*.google-analytics.com https://*.intercom.io wss://*.intercom.io https://*.fontawesome.com https://*.doubleclick.net https://*.wistia.com https://*.litix.io https://*.bing.com https://*.linkedin.oribi.io https://px.ads.linkedin.com https://*.hotjar.io https://*.bamboohr.com https://*.googlesyndication.com https://*.analytics.google.com https://*.outbrain.com https://*.googleapis.com https://*.hotjar.io https://*.facebook.com wss://*.hotjar.com https://pixel.wp.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://browser-intake-datadoghq.com https://optimalworkshop.formstack.com blob: https: 'unsafe-inline' 1
frame-ancestors 'self' bolognafc.it; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' ;img-src 'self' https://*.hotjar.com/ https://*.optimizely.com/ https://*.userway.org/ https://*.rakbank.ae/ https://*.google.com https://www.google.ae https://www.google.co.in https://www.google.co.uk https://www.google.com.pk https://*.googleapis.com https://*.gstatic.com/ https://*.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://*.g.doubleclick.net  https://*.googlesyndication.com https://*.welcomesoftware.com/ https://*.cmp.optimizely.com/ https://flagcdn.com/ https://i.ytimg.com/ https://*.doubleclick.net/ https://www.facebook.com https://*.vizury.com https://*.vzeesp.com https://*.cloudfront.net https://www.linkedin.com/ https://t.co/ https://analytics.twitter.com/ https://*.ads.linkedin.com/ https://*.adsymptotic.com https://*.page-source.com https://*.amazon-adsystem.com data: blob:; style-src 'self' 'unsafe-inline' https://*.hotjar.com/ https://*.optimizely.com/ https://*.googleapis.com/ https://www.youtube.com/ https://*.userway.org/ https://web-sdk-eu.aptrinsic.com/ https://*.googletagmanager.com/ ; font-src 'self' 'unsafe-inline' https://*.hotjar.com/ https://*.optimizely.com/ https://*.gstatic.com/ https://*.userway.org/ https://*.cloudfront.net/  data:; upgrade-insecure-requests; block-all-mixed-content ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com/ https://*.optimizely.com/ https://*.googletagmanager.com/ https://*.google.com/recaptcha/ https://*.gstatic.com/recaptcha/ https://*.googleapis.com/ https://*.googleadservices.com/ https://*.g.doubleclick.net/ https://snap.licdn.com/ https://*.userway.org/ https://*.euroland.com/tools/ https://web-sdk-eu.aptrinsic.com/ https://www.youtube.com/ https://*.rakbankonline.ae/ https://*.rakbank.ae/ https://sc-static.net/ https://connect.facebook.net/ https://static.ads-twitter.com/ https://c.amazon-adsystem.com/aat/amzn.js https://websdk.appsflyer.com/ https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://analytics.tiktok.com/ https://track.adform.net/ ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com/ https://*.optimizely.com/ https://*.userway.org/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://*.googletagmanager.com/ https://*.googleapis.com/ https://www.google.com/recaptcha/ https://*.google.com/ https://www.google.ae/ https://www.google.co.in/ https://www.google.co.uk/ https://www.google.com.pk/https://*.g.doubleclick.net https://*.googlesyndication.com/ https://*.g.doubleclick.net/ https://*.gstatic.com/ https://www.googleadservices.com/ https://pui.episerver.net/ https://dc.services.visualstudio.com/ https://esp-eu.aptrinsic.com/ https://*.welcomesoftware.com/ https://*.cmp.optimizely.com/ https://www.youtube.com/ https://*.rakbankonline.ae/ https://*.rakbank.ae/ https://localhost:8001/ http://localhost:8000/ https://www.facebook.com/ https://*.vizury.com/ https://*.vzeesp.com/ https://sport360.com/ https://sandbox.api.mastercard.com/ https://connect.facebook.net/ https://analytics.tiktok.com/ wss://localhost/ https://px.ads.linkedin.com/ https://capig.annalectmena.com/ https://aax-eu.amazon-adsystem.com/ https://ara.paa-reporting-advertising.amazon/ ; frame-src 'self' https://*.hotjar.com/ https://*.optimizely.com/ https://tools.euroland.com/ https://heyzine.com/flip-book/e6ecb21ea3.html https://online.fliphtml5.com/bycxr/gsbk https://tools.eurolandir.com/ https://www.youtube.com/ https://*.userway.org/ https://*.google.com/ https://*.fls.doubleclick.net/ https://*.doubleclick.net/ https://aax-eu.amazon-adsystem.com/; ;  media-src 'self' https://*.hotjar.com/ https://*.optimizely.com/ https://*.userway.org/ blob:;  worker-src 'self' blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' mathjax.rstudio.com server.arcgisonline.com unpkg.com region1.google-analytics.com youtu.be youtube.com ws.hotjar.com region1.analytics.google.com content.hotjar.io planetarysecurityinitiative.org placehold.co p.typekit.net use.typekit.net embed.kumu.io w.soundcloud.com open.spotify.com docs.google.com wss://ws14.hotjar.com syndication.twitter.com ton.twimg.com abs.twimg.com pbs.twimg.com cdn.syndication.twimg.com platform.twitter.com twitter.com surveylegend.com datawrapper.dwcdn.net dwcdn.net www.canva.com piktochart.com *.piktochart.com www.surveylegend.com www.google.com www.gstatic.com cdn.jsdelivr.net static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com vc.hotjar.io maps.gstatic.com spectator.clingendael.org www.clingendael.org maps.googleapis.com www.google.nl https://code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://fonts.gstatic.com https://static.addtoany.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://player.vimeo.com https://f.vimeocdn.com https://i.vimeocdn.com https://fresnel.vimeocdn.com data: https://www.youtube.com https://localfocuswidgets.net img-src * 'self' data: https:; 1
frame-ancestors 'self' securian.marketing.adobe.com securian.experiencecloud.adobe.com experience.adobe.com 1
frame-ancestors 'self' https://cdn.ampproject.org/v0/amp-ad-0.1.mjs 1
frame-ancestors 'self' http://contentsquare.lookbookhq.com https://contentsquare.lookbookhq.com http://contentsquare.pathfactory.com https://contentsquare.pathfactory.com https://netcommforum.liveforum.space *.contentsquare.com; 1
default-src 'unsafe-inline' 'unsafe-eval' https: data:; block-all-mixed-content; upgrade-insecure-requests 1
font-src 'self' fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' consent.cookiebot.com www.googletagmanager.com consentcdn.cookiebot.com data: www.google.com www.google-analytics.com googleads.g.doubleclick.net stats.g.doubleclick.net www.gstatic.com www.youtube.com matomo.blauer-engel.de blob: cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.civiccomputing.com https://*.googletagmanager.com https://*.youtube.com https://*.youtube-nocookie.com https://player.vimeo.com https://*.ytimg.com https://dl.episerver.net https://*.facebook.net https://*.facebook.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.g.doubleclick.net https://*.googleadservices.com https://www.recaptcha.net https://hello.myfonts.net https://widget.surveymonkey.com https://www.surveymonkey.com https://prod.smassets.net; 1
script-src 'nonce-KL3z4DG+YkjVX0K+wKy7e8nxbyw=' 'self' mijncdnpartner.nl www.googletagmanager.com www.smartsuppchat.com smartsuppcdn.com *.smartsuppcdn.com d10lpsik1i8c69.cloudfront.net; frame-ancestors 'self'; worker-src 'self' blob:; report-uri /v1/csp/reports 1
default-src 'self'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'none' 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:;  img-src 'self' data: www.google-analytics.com maps.googleapis.com maps.gstatic.com; upgrade-insecure-requests 1
default-src 'self';  script-src 'self' *.ctfassets.net *.youtube.com *.twitter.com;  child-src 'self' *.ctfassets.net *.youtube.com player.vimeo.com *.twitter.com;  style-src 'self' 'unsafe-inline' *.googleapis.com;  img-src 'self' blob: data: *.ctfassets.net *.youtube.com *.twitter.com;  media-src 'self' *.youtube.com;  connect-src *;  font-src 'self' blob: data: fonts.gstatic.com maxcdn.bootstrapcdn.com;  worker-src 'self' blob:; 1
frame-src 'self' https://www.youtube-nocookie.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.b-ite.com cs-assets.b-ite.com https://www.deutsches-ausschreibungsblatt.de cdn.jsdelivr.net code.etracker.com https://cdnjs.cloudflare.com https://rebilly.github.io platform.instagram.com platform.twitter.com www.etracker.de; style-src 'self' 'unsafe-inline' static.b-ite.com cs-assets.b-ite.com 1
frame-ancestors 'self' *.restaurantlogin.com *.gloriafood.com *.foodbooking.com *.fbgcdn.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.googletagmanager.com *.amazonaws.com *.gstatic.com www.facebook.com connect.facebook.net player.vimeo.com *.vimeocdn.com *.akamaized.net maxcdn.bootstrapcdn.com stats.g.doubleclick.net *.ggpht.com *.googleapis.com *.google-analytics.com maps.google.com *.formstack.com dl.dropbox.com *.googleadservices.com *.doubleclick.net *.google.com *.google.bg *.google.co.uk netdna.bootstrapcdn.com *.cloudflare.com edge.fullstory.com rs.fullstory.com kit-pro.fontawesome.com res.cloudinary.com *.fontawesome.com fonts.gstatic.com *.prismic.io prismic.io html2canvas.hertzen.com *.funnelytics.io *.conversationalsdevelopment.nl *.seamly-app.com ciscosm.radiuspaymentsolutions.com consent.cookiebot.com consentcdn.cookiebot.com https://ciscosm.radiuspaymentsolutions.comcdnjs.cloudflare.com cdn.jsdelivr.net *.io/js-markerclustererplus/dist/index.min.js *.ofcom.org *.ofcom.org.uk *.radiuspaymentsolutions.com *.salesforce.com *.hcaptcha.com hcaptcha.com *.convertexperiments.com https://imgsct.cookiebot.com bam.nr-data.net www.enexusrental.co.uk wss://gql.velocityfleet.com wss://sta.ging.velocityfleet.com wss://www.velocityfleet.com wss://api.seamly-app.com 1
frame-ancestors 'self' http://www.tanyapepsodent.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
default-src 'self' https:; font-src 'self' data: https:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https: ws://vts.zohopublic.com ws://ws.inspectlet.com; frame-ancestors 'self'; worker-src 'self' blob: https: 1
default-src 'self' http://* https://* ws://* wss://* data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src  * data:;connect-src * wss: 1
default-src 'self' https://files.rackspace8.diamax.com https://www.naefrontiers.org http://cms.nce.staging.r8.diamax.com http://*.nae.edu http://*.diamax.com https://*.diamax.com http://*.addthis.com https://*.addthis.com https://*.adobe.com https://livestream.com https://www.dafdirect.org http://*.twitter.com https://*.twitter.com http://*.linkedin.com http://*.google.com http://*.googleapis.com http://*.youtube.com https://*.vimeo.com https://vimeo.com https://*.ytimg.com https://*.googleapis.com http://*.typekit.net https://www.googletagmanager.com http://*.google-analytics.com https://*.google-analytics.com https://webfonts.creativecloud.com https://m.addthis.com https://*.twimg.com https://*.doubleclick.net https://*.gstatic.com http://*.gstatic.com http://*.facebook.com https://*.facebook.com https://*.hotjar.com wss://*.hotjar.com https://*.surveymonkey.com https://survey.alchemer.com https://www.surveygizmo.com https://nas.giftlegacy.com/ https://cdn.cookielaw.org https://code.jquery.com/ https://geolocation.onetrust.com/ https://s3.amazonaws.com/stream.sparkstreetdigital.com/ https://*.sparkstreetdigital.net/ https://cdn.jsdelivr.net/npm/mathjax@3/es5/  https://naegroupstorage.blob.core.windows.net/ https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com/ https://www.redditstatic.com/ https://www.naefrontiers.org/ data: 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self' https://img.youtube.com https://alb.reddit.com http://*.diamax.com  https://*.diamax.com https://*.nae.edu https://*.surveymonkey.com https://www.google-analytics.com https://*.twimg.com https://*.ytimg.com https://*.twitter.com https://*.licdn.com http://*.typekit.net https://www.dafdirect.org http://*.google-analytics.com https://*.google-analytics.com https://*.adobe.com https://app.surveygizmo.com https://appv3.sgizmo.com https://www.surveygizmo.com https://cdn.cookielaw.org data: blob:; 1
frame-ancestors 'self'; report-uri /?r=Page/content-security-policy-report/index 1
upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://paste.yunohost.org wss://silksa.co.za; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'; object-src 'none'; img-src 'self' data:; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com https://www.googleadservices.com https://s45065.pcdn.co https://*.tmpwebeng.com https://assets.adobedtm.com https://app.survale.com https://www.google-analytics.com https://apply.talentbrew.io https://cdn.cookielaw.org/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://*.talentbrew.com/ https://www.google.com https://www.googletagmanager.com/; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://s45065.pcdn.co https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.tmpwebeng.com https://assets.adobedtm.com https://app.survale.com https://apply.talentbrew.io https://cdn.jsdelivr.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://*.tmpwebeng.com https://assets.adobedtm.com https://app.survale.com https://www.google-analytics.com https://apply.talentbrew.io https://analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://px.ads.linkedin.com https://www.facebook.com; font-src 'self' data: https://s45065.pcdn.co; frame-src 'self' blob: https://go.pardot.com https://www.youtube.com https://td.doubleclick.net https://s45361.p1717.sites.pressdns.com https://app.survale.com https://3969344.fls.doubleclick.net https://go.radancy.com; img-src 'self' data: https://i.ytimg.com https://ad.doubleclick.net https://s45065.pcdn.co https://www.google-analytics.com https://analytics.twitter.com https://cdn.cookielaw.org https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://t.co https://*.talentbrew.com https://www.facebook.com https://www.google.com; manifest-src 'self'; media-src 'self' https://*.talentbrew.com; worker-src 'self' blob: ; 1
base-uri 'none'; style-src 'self' *.cassiecloud.com *.googleapis.com 'unsafe-inline' https://cscript-cdn-use.lilly.com/templates/2/template.min.css *.lillytempo.com *.kisunla.com *.verzenio.com *.verzenio.lilly.com *.lilly.com https://d1ltrl2zzo6l3e.cloudfront.net/public/syrenis-cookie-management.css https://d3gnk5748ud580.cloudfront.net/public/syrenis-cookie-management.css https://dscrutpyu4zff.cloudfront.net/public/syrenis-cookie-management.css; script-src 'nonce-nqj4MlvumhyA0XfOEZcfPA=='  'sha256-Pgx8e6+R5Pe9UobBBGMftHcaDTbx9s3ZE6XVnT4DHlg='  'sha256-jFjMzf+5os8WCWNpGblFDTpLMf0R9cygHMUcOqECW/0='  'self' 'strict-dynamic' 'unsafe-eval' *.kaltura.com/ *.cassiecloud.com *.googletagmanager.com https://google-analytics.com *.google-analytics.com *.bing.com https://connect.facebook.net https://lilly-customerconnect.secure.force.com https://customerconnect.my.salesforce-sites.com https://ispot.tv *.turn.com *.myadvocado.com *.doubleclick.net *.analytics.yahoo.com *.google.com https://facebook.com *.salesforceliveagent.com *.youtube.com *.ytimg.com *.gstatic.com *.googlevideo.com blob: http://d22xmn10vbouk4.cloudfront.net *.googleapis.com assets.adobedtm.com assets.ctfassets.net *.kisunla.com *.verzenio.com *.verzenio.lilly.com aim-tag.hcn.health *.medtargetsystem.com http://www.google-analytics.com https://d.turn.com *.id.amgdgt.com *.lilly.com https://d1ltrl2zzo6l3e.cloudfront.net/public/syrenis-cookie-management.js https://d3gnk5748ud580.cloudfront.net/public/syrenis-cookie-management.js https://dscrutpyu4zff.cloudfront.net/public/syrenis-cookie-management.js tags.tiqcdn.com pc-lilly-visitor-service-us-west-2.tealiumiq.com; object-src 'none'; frame-src *.doubleclick.net/ *.myadvocado.com/ *.lillytempo.com *.lillycares.com *.lillyoncologysupport.com *.lillyloxooncologypipeline.com *.lillydirect.com *.lrlscience.com *.syrenis.com *.taltz.com *.olumiant.com *.verzenio.com *.omvoh.com *.true.lilly *.tap.lilly *.together.lilly *.certuitad.com *.lilly.com *.enrollment.taltz.com *.enrollment.olumiant.com *.enrollment.verzenio.com *.enrollment.omvoh.com *.kisunla.com di.rlcdn.com https://10057592.fls.doubleclick.net/ *.verzenio.lilly.com aim-tag.hcn.health *.medtargetsystem.com; frame-ancestors 'self' https://oncologynationsandbox.skipta.com/ https://oncologynation.com/ https://oncologynationsandbox.skipta.com/ https://oncologynation.com/ https://clinicaloncologyforumsandbox.skipta.com/ https://oncologynationsandbox.skipta.com/ https://clinicaloncologyforum.com/ 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-OWRhMjZjZjE4M2E0NGZhZThhNTk5NGVlNjMzMTY2OTA=' https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.koninklijkhuis.nl; font-src 'self' https://statistiek.rijksoverheid.nl; object-src 'none'; connect-src https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.koninklijkhuis.nl; img-src 'self' data: https://d3oiud1b8fohdw.cloudfront.net https://statistiek.rijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.toegankelijkheidsverklaring.nl; media-src 'self' https://*.rovid.nl https://*.rijksoverheidsvideo.nl; form-action 'self' https://export.highcharts.com https://*.contenttoolsrijksoverheid.nl https://*.koninklijkhuis.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' https://graphcdn.io https://*.graphcdn.io https://*.stellate.co;  script-src 'self' https://shoutout.io https://*.stripe.com https://canny.io https://*.intercom.io https://*.intercomcdn.com https://player.vimeo.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://snap.licdn.com/ https://*.linkedin.com/ https://www.googletagmanager.com/ https://*.cookiebot.com/ https://vercel.live/ https://va.vercel-scripts.com/ https://munchkin.marketo.net/ https://learn.stellate.co http://learn.stellate.co 'nonce-xnsA3nOAhoQpKxGo7h1wQQ==' 'nonce-wg8mH/4XL+9SBJO08+iYDw==' 'sha256-eoRpynDWsQnhwmlFBPR+mMmKkc/qOONWZ8dTR+MOvpA=' 'sha256-LJCumvdHtXpk6bfrP8i7wH14BsQeFdKZCKfcxVKxqLc=' 'sha256-5ra8XUF7RddBfTHQzijn3cQGhDkM+55ZCvXd0bWv9bc=' 'unsafe-eval'; img-src 'self' data: https:; object-src 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline' https://stellate.co https://*.graphcdn.io https://*.stellate.co https://fonts.googleapis.com https://www.googletagmanager.com/ https://learn.stellate.co http://learn.stellate.co; font-src 'self' data: https://stellate.co https://*.graphcdn.io https://*.stellate.co https://*.intercomcdn.com https://fonts.gstatic.com; frame-src 'self' https://learn.stellate.co https://shoutout.io https://*.stripe.com https://*.canny.io https://canny.io https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com/ https://www.googletagmanager.com/ https://*.cookiebot.com/ https://vercel.live/ https://share-eu1.hsforms.com https://learn.stellate.co http://learn.stellate.co; connect-src 'self' https: wss:; frame-ancestors 'self'; 1
default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self' *.hubspot.com js.hs-analytics.net js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hs-banner.com js.hs-banner.net js.usemessages.com *.hsforms.net cdn2.hubspot.net *.surveymonkey.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com/  https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net/  https://snap.licdn.com https://player.vimeo.com/ https://maps.googleapis.com https://*.skedify.io https://ajax.googleapis.com https://*.pexipengage.com 'strict-dynamic' 'nonce-pIxneVuH1hDiTACtjUuxBg=='; ; connect-src 'self' *.hubspot.com api.hubapi.com js.hs-banner.com *.hsforms.com *.google-analytics.com https://forms.hscollectedforms.net https://www.google.com https://www.facebook.com/  *.linkedin.com *.g.doubleclick.net https://keeper.24sessions.com/ https://gwg2gtbjx2.execute-api.eu-central-1.amazonaws.com/ https://maps.googleapis.com https://api.skedify.io https://o323299.ingest.sentry.io https://cdn.linkedin.oribi.io https://*.pexipengage.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com static.hsappstatic.net cdn2.hubspot.net https://ajax.googleapis.com https://plugin.skedify.io https://cdn.jsdelivr.net; font-src fonts.gstatic.com cdn2.hubspot.net; img-src 'self' data: *.bankvanbreda.be *.banquevanbreda.be *.hubspot.com *.hubspotusercontent-na1.net static.hsappstatic.net *.hsforms.com https://www.facebook.com/ *.linkedin.com https://www.google-analytics.com https://www.googletagmanager.com/ https://www.google.com https://www.google.be maps.googleapis.com maps.gstatic.com; frame-src *.hubspot.com *.hsforms.com https://www.google.com https://vimeo.com/ https://player.vimeo.com/ https://bankvanbreda.24sessions.com/ https://rekentool.allyoursbe.be/ https://www.facebook.com/ https://platform.twitter.com/ https://view.genial.ly/ *.libsyn.com https://*.skedify.io https://nl.eu.surveymonkey.com/ https://open.spotify.com/ https://*.pexipengage.com; upgrade-insecure-requests; 1
default-src 'self' *.creditor.dev *.rodobens.agxsoftware.com *.salesforceliveagent.com *.pardot.com *.ytimg.com *.tesla.com.br *.b2clogin.com *.bootstrapcdn.com *.openstreetmap.org *.blogplay.com.br *.salesforce.com *.force.com *.unpkg.com *.googleadservices.com *.oraclecloudapps.com *.doubleclick.net *.googlesyndication.com *.rodobens.com.br google.com *.google.com *.google.com.br *.googleapis.com *.google-analytics.com *.googleoptimize.com *.googletagmanager.com *.youtube.com *.tiktok.com *.hsforms.com *.hsforms.net api.ipify.org *.whatsapp.com *.bing.com *.clarity.ms *.mercedes-benz.com.br *.ampproject.org *.ckeditor.com *.cookielaw.org *.evergage.com *.evgnet.com *.navdmp.com cdnm.com.br cl.s12.exct.net *.facebook.net *.facebook.com *.hotjar.io *.hotjar.com *.cloudfront.net *.gstatic.com *.onetrust.com *.herokuapp.com schema.org *.gov.br *.vimeo.com vimeo.com rodobens.us-5.evergage.com;base-uri 'self';font-src 'self' https: data:;img-src 'self' data: https: *.creditor.dev *.rodobens.agxsoftware.com *.salesforceliveagent.com *.pardot.com *.ytimg.com *.tesla.com.br *.b2clogin.com *.bootstrapcdn.com *.openstreetmap.org *.blogplay.com.br *.salesforce.com *.force.com *.unpkg.com *.googleadservices.com *.oraclecloudapps.com *.doubleclick.net *.googlesyndication.com *.rodobens.com.br google.com *.google.com *.google.com.br *.googleapis.com *.google-analytics.com *.googleoptimize.com *.googletagmanager.com *.youtube.com *.tiktok.com *.hsforms.com *.hsforms.net api.ipify.org *.whatsapp.com *.bing.com *.clarity.ms *.mercedes-benz.com.br *.ampproject.org *.ckeditor.com *.cookielaw.org *.evergage.com *.evgnet.com *.navdmp.com cdnm.com.br cl.s12.exct.net *.facebook.net *.facebook.com *.hotjar.io *.hotjar.com *.cloudfront.net *.gstatic.com *.onetrust.com *.herokuapp.com schema.org *.gov.br *.vimeo.com vimeo.com rodobens.us-5.evergage.com;style-src 'self' 'unsafe-inline' https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;worker-src 'self' rodobens.us-5.evergage.com; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com www.googletagmanager.com snap.licdn.com cookie-cdn.cookiepro.com cdn.cookielaw.org googletagmanager.com *.googleapis.com cdnjs.cloudflare.com www.google.com www.gstatic.com cdn.jsdelivr.net *.doubleclick.net *.googleadservices.com connect.facebook.net fbcdn.net polyfill.io *.kameleoon.eu *.kameleoon.com static.addtoany.com img.en25.com js-agent.newrelic.com bam.nr-data.net *.tawk.to player.vimeo.com unpkg.com; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net *.tawk.to; img-src * 'self' data: https:;; media-src 'self' *.vimeo.com vimeo.com; frame-src 'self' *.youtube.com/ *.vimeo.com/ www.google.com/ static.addtoany.com/ *.facebook.com/ web.microsoftstream.com/ *.tawk.to; child-src 'self' *.youtube.com/ *.vimeo.com/ www.google.com/ static.addtoany.com/; font-src 'self' data: *.tawk.to static.juicer.io fonts.gstatic.com; connect-src 'self' *.google-analytics.com *.googleapis.com *.google.com *.google.fr *.google.ch *.google.es *.google.it *.doubleclick.net snap.licdn.com *.cookiepro.com cdn.cookielaw.org geolocation.onetrust.com/ api.mixpanel.com facebook.com cdn.jsdelivr.net *.kameleoon.eu *.kameleoon.com *.algolia.net *.algolianet.com bam.nr-data.net *.tawk.to *.vimeo.com privacyportal-eu.onetrust.com cdn.linkedin.oribi.io *.juicer.io px.ads.linkedin.com www.googleadservices.com *.tawk.to wss://*.tawk.to; upgrade-insecure-requests 1
frame-ancestors 'self' https://site.ticketsports.com.br https://www.mapmyrun.com https://www.stay22.com 1
connect-src 438-kyk-786.mktoresp.com 438-kyk-786.mktoutil.com api.mkmediaworks.com app.wistia.com ask.hotjar.io bat.bing.com blob: c.6sc.co cdn.linkedin.oribi.io cdnjs.cloudflare.com content.hotjar.io conversions-config.reddit.com core.service.elfsight.com distillery.wistia.com embed-cloudfront.wistia.com embed-ssl.wistia.com epsilon-cloudfront.6sense.com epsilon-globalaccelerator.6sense.com epsilon.6sense.com fast.wistia.com fast.wistia.net go.reliaquest.com in.hotjar.com ipv6.6sc.co j.6sc.co metrics.hotjar.io munchkin.marketo.net 'self' adservice.google.com analytics.google.com api.amcreativemedia.com api.rankmath.com data: secure.gravatar.com static.addtoany.com widgets.wp.com ws-assets.zoominfo.com ws.zoominfo.com wss://ws.hotjar.com pipedream.wistia.com cdn.jsdelivr.net snap.licdn.com api.fbanalytics.org js.adsrvr.org pixel-config.reddit.com public-api.wordpress.com px.ads.linkedin.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com js.zi-scripts.com region1.analytics.google.com secure.adnxs.com s.ml-attr.com fg8vvsvnieiv3ej16jby.litix.io s0.wp.com scout-cdn.salesloft.com scout.salesloft.com; script-src-elem snap.licdn.com static.addtoany.com static.hotjar.com widgets.wp.com ws-assets.zoominfo.com www.buzzsprout.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com 'self' ajax.googleapis.com analytics.tiktok.com apis.google.com blob: browser.sentry-cdn.com cdnjs.cloudflare.com code.jquery.com data: fast.wistia.com fast.wistia.net go.reliaquest.com j.6sc.co js.adsrvr.org js.driftt.com js.sentry-cdn.com js.zi-scripts.com munchkin.marketo.net nexus.ensighten.com public-api.wordpress.com script.hotjar.com stats.wp.com 'unsafe-inline' cdn.jsdelivr.net scout-cdn.salesloft.com c0.wp.com s0.wp.com abm-tracking.demandscience.com bat.bing.com; script-src blob: cdnjs.cloudflare.com code.jquery.com fast.wistia.net go.reliaquest.com j.6sc.co js.driftt.com js.sentry-cdn.com munchkin.marketo.net nexus.ensighten.com scout-cdn.salesloft.com script.hotjar.com static.addtoany.com static.hotjar.com ws-assets.zoominfo.com www.buzzsprout.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com 'self' stats.wp.com cdn.jsdelivr.net snap.licdn.com 'unsafe-eval' 'unsafe-inline' www.youtube.com js.zi-scripts.com js.adsrvr.org bat.bing.com abm-tracking.demandscience.com; style-src-elem cdn.jsdelivr.net cdnjs.cloudflare.com fast.wistia.com go.reliaquest.com 'self' 'unsafe-inline' blob: fonts.googleapis.com widgets.wp.com www.googletagmanager.com www.gstatic.com c0.wp.com s0.wp.com; worker-src 'self' blob:; font-src 'self' c0.wp.com cdnjs.cloudflare.com data: fast.wistia.com fast.wistia.net script.hotjar.com themes.googleusercontent.com use.fontawesome.com fonts.googleapis.com fonts.gstatic.com at.alicdn.com chrome-extension moz-extension ms-browser-extension s0.wp.com s1.wp.com; frame-src 'self' fast.wistia.net go.reliaquest.com js.driftt.com rqweb.wistia.com static.addtoany.com wordpress.com www.buzzsprout.com www.google.com www.googletagmanager.com challenges.cloudflare.com www.youtube.com insight.adsrvr.org.x.0e6c10bb0b5bf04a010bfe60c50fd88d9534.9270fc52.id.opendns.com insight.adsrvr.org match.adsrvr.org widgets.wp.com wp.freemius.com; img-src 'self' b.6sc.co blob: cdnjs.cloudflare.com data: driftt.imgix.net embed-fastly.wistia.com embed-ssl.wistia.com fast.wistia.net fonts.gstatic.com media.giphy.com pixel.wp.com reliaquest.com secure.gravatar.com static.elfsight.com stats.g.doubleclick.net survey-images.hotjar.com www.buzzsprout.com www.google-analytics.com www.google.com www.googletagmanager.com www.linkedin.com fast.wistia.com en.wordpress.com px.ads.linkedin.com px4.ads.linkedin.com adservice.google.com secure.adnxs.com s.ml-attr.com attr.ml-api.io c0.wp.com rqstg.wpengine.com bat.bing.com c.bing.com; script-src-attr 'unsafe-inline'; style-src-attr 'unsafe-inline'; report-uri https://reliaquest.report-uri.com/r/d/csp/wizard 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob:; font-src * data:; connect-src *; frame-src *; media-src * 1
default-src https: 'unsafe-inline' 'unsafe-eval' data:;font-src 'self' data:; 1
upgrade-insecure-requests; default-src 'self' *.azure.com *.tyndale.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' gleam.io *.gleam.io *.vimeocdn.com ntvdb.com *.vimeo.com *.fbcdn.net *.googletagmanager.com *.pdfmyurl.com *.hawksearch.com *.rose-publishing.com *.hendrickson-publishers.com *.hendricksonrose.com *.navpress.com *.google-analytics.com * hsadspixel.com *.hs-banner.com *.hubspot.com *.hs-analysis.net *.youtube.com *.bc0a.com *.stamped.io *.jquery.com *.hawksearch.net *.googletagmanager.com *.livechatinc.com *.hs-scripts.com *.tyndale.com; style-src 'self' 'unsafe-inline' *.vimeocdn.com *.vimeo.com *.hawksearch.com *.azure.com *.typekit.net *.cloudflare.com *.jsdelivr.net *.b0e8.com *.b2e5.com *.rose-publishing.com *.hendrickson-publishers.com *.hendricksonrose.com *.navpress.com *.hs-scripts.com *.bootstrapcdn.com *.stamped.io *.hawksearch.net *.tyndale.com *.googleapis.com; img-src 'self' data: *.gleam.io *.vimeocdn.com pippio.com *.vimeo.com *.gr-assets.com *.stamped.io *.w.org *.pinimg.com *.sharethis.com *.jsdelivr.net tyndale.foundation *.typekit.net *.pinterest.com *.azure.com *.facebook.net *.b0e8.com *.b2e5.com *.gstatic.com *.ytimg.com *.hawksearch.com *.rose-publishing.com *.hendrickson-publishers.com *.hendricksonrose.com *.googletagmanager.com *.demdex.net *.navpress.com *.googleapis.com *.hs-scripts.com *.jquery.com *.kargo.com *.everesttech.com *.hawksearch.net *.azurewebsites.net *.pippio.com *.bidswitch.net *.doubleclick.net *.casalemedia.com *.rlcdn.com *.rubiconproject.com *.yahoo.com *.pubmatic.com *.adnxs.com *.openx.net *.placeholder.com *.google-analytics.com *.hsforms.com *.linkedin.com *.google.com *.google.co.in *.hubspot.com *.facebook.com *.adroll.com *.youtube.com placehold.it *.tyndale.com; font-src 'self' data: *.vimeo.com *.fontawesome.com *.azure.com *.jsdelivr.net *.typekit.net *.cloudflare.com *.hawksearch.com *.bootstrapcdn.com *.gstatic.com *.stamped.io *.hawksearch.net *.tyndale.com; connect-src 'self' *.vimeo.com *.sharethis.com *.googleapis.com *.fontawesome.com *.bc0a.com *.google.com *.livechatinc.com stamped.io *.stamped.io *.hsforms.com *.amazonaws.com *.azurewebsites.net *.doubleclick.net *.facebook.com *.linkedin.com *.hubapi.com *.google-analytics.com *.adroll.com *.hubspot.com *.tyndale.com; frame-src 'self' gleam.io *.gleam.io snapwidget.com vimeo.com *.addtoany.com *.vimeo.com *.riddle.com *.hsforms.com recruitingbypaycor.com *.recruitingbypaycor.com *.googletagmanager.com *.knightlab.com *.adroll.com *.google.com *.doubleclick.net *.facebook.com *.livechatinc.com youtube.com *.youtube.com *.tyndale.com; frame-ancestors 'self' gleam.io *.gleam.io; 1
base-uri 'none'; style-src 'self' *.cassiecloud.com *.googleapis.com 'unsafe-inline' https://cscript-cdn-use.lilly.com/templates/2/template.min.css *.lillytempo.com *.kisunla.com *.taltz.com *.lilly.com https://d1ltrl2zzo6l3e.cloudfront.net/public/syrenis-cookie-management.css https://d3gnk5748ud580.cloudfront.net/public/syrenis-cookie-management.css https://dscrutpyu4zff.cloudfront.net/public/syrenis-cookie-management.css; script-src 'nonce-3yuXc112ZzihhMm1JcISdQ=='  'sha256-GfLYq8uYvxDTcYI7wt9AD3t3RQCYeQ1AKkoMYdvFX9A='  'sha256-BVG9oNgMsnTkE7D/rLBATKXSD6c58pS6qeXby10t8Dg='  'self' 'strict-dynamic' 'unsafe-eval' *.kaltura.com/ *.cassiecloud.com *.googletagmanager.com https://google-analytics.com *.google-analytics.com *.bing.com https://connect.facebook.net https://lilly-customerconnect.secure.force.com https://customerconnect.my.salesforce-sites.com https://ispot.tv *.turn.com *.myadvocado.com *.doubleclick.net *.analytics.yahoo.com *.google.com https://facebook.com *.salesforceliveagent.com *.youtube.com *.ytimg.com *.gstatic.com *.googlevideo.com blob: http://d22xmn10vbouk4.cloudfront.net *.googleapis.com assets.adobedtm.com assets.ctfassets.net *.kisunla.com https://d.turn.com https://bat.bing.com https://embed.myadvocado.com https://t7454449464730821887.id.amgdgt.com https://t3015627776652353033.id.amgdgt.com *.taltz.com *.lilly.com https://d1ltrl2zzo6l3e.cloudfront.net/public/syrenis-cookie-management.js https://d3gnk5748ud580.cloudfront.net/public/syrenis-cookie-management.js https://dscrutpyu4zff.cloudfront.net/public/syrenis-cookie-management.js tags.tiqcdn.com pc-lilly-visitor-service-us-west-2.tealiumiq.com; object-src 'none'; frame-src *.doubleclick.net/ *.myadvocado.com/ *.lillytempo.com *.lillycares.com *.lillyoncologysupport.com *.lillyloxooncologypipeline.com *.lillydirect.com *.lrlscience.com *.syrenis.com *.taltz.com *.olumiant.com *.verzenio.com *.omvoh.com *.true.lilly *.tap.lilly *.together.lilly *.certuitad.com *.lilly.com *.enrollment.taltz.com *.enrollment.olumiant.com *.enrollment.verzenio.com *.enrollment.omvoh.com *.kisunla.com *.rlcdn.com 1
default-src 'self'; script-src 'self' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://www.youtube.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://js.hsforms.net https://player.vimeo.com https://static.hotjar.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hubspot.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js-na1.hs-scripts.com https://snap.licdn.com; connect-src 'self' 'unsafe-inline' https://vimeo.com https://region1.google-analytics.com https://pagead2.googlesyndication.com https://js.hs-banner.com https://api.hubapi.com https://cta-service-cms2.hubspot.com https://forms.hscollectedforms.net; img-src 'self' 'unsafe-inline' https://res.cloudinary.com https://teamtailor-production.s3.eu-west-1.amazonaws.com https://critizr-test.ams3.cdn.digitaloceanspaces.com https://assets.critizr.staging.verveagency.com https://assets.goodays.prod.verveagency.com https://images.teamtailor-cdn.com https://www.google.com https://www.google.nl https://track.hubspot.com https://perf-na1.hsforms.co https://forms.hsforms.com https://perf-na1.hsforms.com https://px.ads.linkedin.com; child-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self' https://admin.goodays.co/ https://www.youtube.com https://player.vimeo.com https://td.doubleclick.net; 1
frame-ancestors   'self'; default-src   'self'   'unsafe-inline'   'unsafe-eval'   data: blob: https:;; upgrade-insecure-requests 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io *.contentful.com bid.g.doubleclick.net *.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net https://*.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net *.contentful.com 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com images.ctfassets.net https://cdn.jsdelivr.net https://unpkg.com/@rive-app/canvas@2.10.1/rive.wasm *.litix.io https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com https://*.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' 'sha256-cc60iDuEUKTNkKYpz2vlEgGOssRRzDfo9rv0YBux2ak=' https://app.getreprise.com *.litix.io *.contentful.com https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com 'strict-dynamic' 'nonce-MDIzYTc5ZjgtYzNlYy00ODU4LWI4MmItYTY2NDgyMGQ1ZmI4'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
script-src 'strict-dynamic' 'nonce-44842bf2-7bb3-4f1f-a32e-b9b8783cab8e';object-src 'none';base-uri 'self';frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' data: *.ytimg.com http://linkumkm.id http://*.linkumkm.id *.linkumkm.id http://10.184.0.89 *.service-kjt.id 10.184.0.89 *.service-kjt.id http://10.184.0.89 *.service-kjt.id:8014 10.184.0.89 *.service-kjt.id:8014 http://10.184.0.89 *.service-kjt.id:8011 *.youtube.com *.googleapis.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com doubleclick.net *.google.com *.gstatic.com *.google-analytics.com https://www.linkumkm.id www.linkumkm.id; script-src 'self' 'unsafe-inline' wss://10.184.0.89 *.service-kjt.id:8083 10.184.0.89 *.service-kjt.id:8083 ws://10.184.0.89 *.service-kjt.id:8083 http://10.184.0.89 *.service-kjt.id:8083 https://*.jquery.com http://*.linkumkm.id *.linkumkm.id http://10.184.0.89 *.service-kjt.id 10.184.0.89 *.service-kjt.id http://10.184.0.89 *.service-kjt.id:8014 10.184.0.89 *.service-kjt.id:8014 *.youtube.com *.googleapis.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com doubleclick.net *.google.com *.gstatic.com *.google-analytics.com https://www.linkumkm.id www.linkumkm.id; style-src 'self' 'unsafe-inline' http://*.linkumkm.id *.linkumkm.id http://10.184.0.89 *.service-kjt.id 10.184.0.89 *.service-kjt.id http://10.184.0.89 *.service-kjt.id:8014 10.184.0.89 *.service-kjt.id:8014 *.youtube.com *.googleapis.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com doubleclick.net *.google.com *.gstatic.com *.google-analytics.com https://www.linkumkm.id www.linkumkm.id; font-src 'self' 'unsafe-inline' http://*.linkumkm.id *.linkumkm.id http://10.184.0.89 *.service-kjt.id 10.184.0.89 *.service-kjt.id http://10.184.0.89 *.service-kjt.id:8014 10.184.0.89 *.service-kjt.id:8014 *.youtube.com *.googleapis.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com doubleclick.net *.google.com *.gstatic.com *.google-analytics.com https://www.linkumkm.id www.linkumkm.id; connect-src 'self' 'unsafe-inline' wss://*.linkumkm.id http://*.linkumkm.id *.linkumkm.id http://10.184.0.89 *.service-kjt.id 10.184.0.89 *.service-kjt.id http://10.184.0.89 *.service-kjt.id:8014 10.184.0.89 *.service-kjt.id:8014 wss://10.184.0.89 *.service-kjt.id:8083 ws://10.184.0.89 *.service-kjt.id:8083 http://10.184.0.89 *.service-kjt.id:8083 http://10.184.0.89 *.service-kjt.id:8011 *.youtube.com *.googleapis.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com doubleclick.net *.google.com *.gstatic.com *.google-analytics.com https://www.linkumkm.id www.linkumkm.id; 1
font-src *.cloudflare.com *.twitter.com https://www.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com https://fonts.gstatic.com *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com https://www.vcs.co.za *.paygate.co.za https://pay.ozow.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com *.freshchat.com *.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.addthis.com *.pinterest.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.cdn.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.s.ytimg.com *.lightemporium.com *.usercentrics.eu *.magentocommerce.com https://*.gstatic.com https://*.google.com *.google.com *.mobicredwidget.co.za https://www.okfurniture.co.za https://ozow-live-cdn.s3.eu-west-1.amazonaws.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.google-analytics.com https://*.google.com *.twimg.com https://*.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.doubleclick.net *.cloudfront.net *.freshchat.com https://cdn.jsdelivr.net https://unpkg.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.instagram.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.getfirebug.com https://fonts.googleapis.com 'self' data: *.freshchat.com downloads.mailchimp.com https://hcaptcha.com https://*.hcaptcha.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com 'self' data: *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com *.doubleclick.net *.mobicredwidget.co.za https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google.com google.com *.googleapis.com *.addthis.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src id.paytogate.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src https: blob: *.unicaf.org; media-src https: blob: 'unsafe-inline' 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com http://*.hotjar.com:* http://*.hotjar.io http://*.inbenta.chat:* http://*.inbenta.io http://*.inbenta.com http://*.googletagmanager.com http://*.google-analytics.com http://*.google.com http://*.google.com.mx http://*.gstatic.com http://*.googleapis.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://wingify-assets.s3.amazonaws.com https://s3.amazonaws.com http://*.youtube.com http://*.facebook.com http://*.facebook.net http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://ajax.aspnetcdn.com http://claroecuador.s1gateway.com http://*.claro.com.ec http://miclaro.com.ec http://*.geodata.com.ec http://*.clarovideo.net http://*.claromusica.com https://*.hotjar.com:* https://*.hotjar.io https://*.inbenta.chat:* https://*.inbenta.io https://*.inbenta.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.google.com.mx https://*.gstatic.com https://*.googleapis.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://*.ads-twitter.com https://*.twitter.com https://t.co https://api-prod-ec.prod.clarodigital.net https://*.adform.net https://ajax.aspnetcdn.com https://claroecuador.s1gateway.com https://*.claro.com.ec https://miclaro.com.ec https://*.geodata.com.ec https://snap.licdn.com https://*.clarovideo.net https://catalogo.claro.com.ec https://api-prod-general.prod.clarodigital.net https://*.ggpht.com https://polyfill.io https://*.claromusica.com https://*.linkedin.com https://*.oribi.io https://*.clarity.ms https://*.googleadservices.com https://*.doubleclick.net https://*.google.com.ec https://*.ytimg.com https://www.youtube-nocookie.com; media-src mediastream:; worker-src 'self' blob:; 1
frame-ancestors 'self' *.gubagoo.io *.gubagoo.com 1
worker-src 'self' blob:; script-src 'strict-dynamic' 'unsafe-eval' 'nonce-MCss4tp2vUkNEOTlDrjzJQ=='; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' https://*.michelin.com 1
default-src 'none'; connect-src 'self' https://statistik.witcom.de/; frame-src 'self'; font-src 'self' data:; img-src 'self' data:; object-src 'self' https://statistik.witcom.de/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistik.witcom.de/matomo.js; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; base-uri 'self'; manifest-src 'self'; media-src 'self'; worker-src 'self'; form-action 'self' https://statistik.witcom.de/ 1
base-uri 'none';form-action 'self' *.readspeaker.com;frame-ancestors 'self' 1
frame-ancestors https://mptdmstest.mpt.com.mm/ https://my.mpt.com.mm/ https://mpt4uclp.mpt.com.mm/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.salesforceliveagent.com service.force.com *.my.salesforce.com *.google.com *.facebook.net *.facebook.com *.omtrdc.net *.youtube.com *.ytimg.com *.doubleclick.net *.googleapis.com *.bazaarvoice.com *.iesnare.com appleid.cdn-apple.com www.googletagmanager.com www.googleadservices.com activitymap.adobe.com qasfix-hofer.cs101.force.com cs101.salesforce.com https://www.googletagmanager.com/gtag/js *.bing.com https://s.pinimg.com/ct/core.js https://s.pinimg.com/ct/lib/main.2a04f3ee.js hofer.force.com hofer.secure.force.com https://cdn.polyfill.io/v2/polyfill.min.js static.lightning.force.com *.cookielaw.org *.onetrust.com s7g10.scene7.com tags.tiqcdn.com collect.tealiumiq.com; object-src 'none'; connect-src 'self' *.omtrdc.net *.demdex.net *.postcodeanywhere.co.uk *.bazaarvoice.com *.facebook.com activitymap.adobe.com sitecatalyst.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com c.la1-c1-fra.salesforceliveagent.com EU17.salesforce.com d.la1-c1-fra.salesforceliveagent.com www.zurueckzumursprung.at https://storefinder.aldi.at https://empty-fridge-widget.vercel.app https://gewinnspiel.aldi-sued.de test.storefinder.aldi.at *.googleapis.com *.cookielaw.org *.onetrust.com s7g10.scene7.com collect.tealiumiq.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.bazaarvoice.com *.googleapis.com *.omtrdc.net *.my.salesforce.com service.force.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com *.cookielaw.org *.onetrust.com s7g10.scene7.com; font-src 'self' *.gstatic.com data:; frame-src 'self' *.demdex.net *.facebook.com *.google.com *.youtube.com *.youtube-nocookie.com *.customervoice360.com *.adobe.com aldisued.marketing.adobe.com *.psa.at aldisued.experiencecloud.adobe.com web-psa-preprod.mp-testing.com rest-b2b-crt-preprod.mp-testing.com psa-card-administration.mobile-pocket.com *.bazaarvoice.com *.iesnare.com www.elettershop.de t.elettershop.de *.salesforceliveagent.com service.force.com activitymap.adobe.com *.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com *.doubleclick.net www.zurueckzumursprung.at storefinder.aldi.at https://empty-fridge-widget.vercel.app https://gewinnspiel.aldi-sued.de test.storefinder.aldi.at cs107.salesforce.com eu17.salesforce.com szorolap.aldi.hu *.questback.com; frame-ancestors 'self' https://aldisued.marketing.adobe.com https://aldisued.experiencecloud.adobe.com https://www.elettershop.de https://t.elettershop.de https://experience.adobe.com hofer-custom.staffbase.com unserhofer.hofer.at localhost:* 1
default-src 'self' *.applicationinsights.azure.com *.paypal.com *.sharethis.com https://play.google.com/billing https://www.facebook.com/pay;script-src 'self' 'unsafe-inline' https://code.jquery.com https://cdn.jsdelivr.net https://js.monitor.azure.com *.applicationinsights.azure.com *.paypal.com https://*.paypalobjects.com https://paypalobjects.com *.sharethis.com https://unpkg.com https://hcaptcha.com https://*.hcaptcha.com;script-src-attr 'unsafe-inline';img-src 'self' * data:;frame-src https://hcaptcha.com https://*.hcaptcha.com https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com;connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://www.paypal.com https://*.applicationinsights.azure.com https://play.google.com https://www.sandbox.paypal.com https://www.facebook.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline' 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-nSlvbf6PMfbxPn2ywoYfu0rah' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'none'; script-src 'self' *.skandia.se *.skandiatest.se *.youtube.com *.msse.se *.cision.com *.d1.sc.omtrdc.net *.doubleclick.net *.episerver.net vimeo.com *.vimeo.com *.qbrick.com *.sessioncam.com *.abtasty.com *.usabilla.com  *.cloudfront.net 'unsafe-inline' 'unsafe-eval' data: blob: fra-col.eum-appdynamics.com; connect-src 'self' *.skandia.se secureskandiatest.se *.skandiatest.se *.abtasty.com *.sessioncam.com vimeo.com *.vimeo.com *.qbrick.com wss://notification.qbrick.com *.ip-only.net *.jobylon.com *.cision.com api.usabilla.com fra-col.eum-appdynamics.com;style-src 'self' 'unsafe-inline' *.skandia.se *.skandiatest.se *.abtasty.com *.cloudfront.net https://dl.episerver.net;img-src 'self' blob: *.vimeocdn.com *.qbrick.com *.ip-only.net *.skandia.se *.skandiatest.se skandiabanken.d1.sc.omtrdc.net *.usabilla.com *.ytimg.com *.sessioncam.com *.hemnet.se *.boneo.se *.abtasty.com *.amazonaws.com *.cloudfront.net https://dl.episerver.net data: fra-col.eum-appdynamics.com;media-src 'self' *.youtube.com *.vimeo.com *.qbrick.com *.ip-only.net blob: *.skandiatest.se *.skandianet.org *.skandia.se; worker-src blob: *.skandiatest.se *.skandianet.org *.skandia.se;frame-src 'self' *.msse.se *.youtube.com  *.qbrick.com  *.cloudfront.net *.skandia.se;frame-ancestors 'self';font-src 'self' blob: data: *.skandia.se *.skandiatest.se *.abtasty.com *.qbrick.com *.cloudfront.net https://dl.episerver.net;manifest-src *.skandia.se *.skandiatest.se;child-src fra-col.eum-appdynamics.com; 1
report-uri https://www.lecom.com.br 1
default-src 'self'; connect-src 'self' https: wss: https://*.mktoresp.com/; script-src 'self' 'nonce-Y2ExNmFjMmMtOWZkYi00OTE1LThhMmMtZjA3OTY1ZjdjZDRj' blob: https://s3.amazonaws.com/ https://js.hubspot.com https://www.google.com/ https://insights.amcor.com www.googletagmanager.com https://apis.google.com https://snap.licdn.com 'sha256-4nxBwvGtrokGNkqD2OxOt8Y07P7caJHk00sGwjNYF5I=' 'sha256-moeMbMEwB/xA3bwE+D06ylfHApGquGOnCxzwOVolww8=' 'sha256-ZC4Ihfl+1sv3E25DQh090ITQKwffxiocyA9C1vaePKU=' 'sha256-UTj+TrObmoFuaLZv6p2mWYxHDESyK/zaHUavCXouCvE=' 'sha256-QqNGOql7Dlo2Ij9r19onchU9Ra1c4z6QMcv9MPielqw=' 'sha256-2bFCZqg7hShryCZpMPR5zAf+OS4mrusD2oExTD3WIeo=' 'sha256-wJnaEuXlpn5L1KZNPUoGker+9rMHauazCwaRW2W1Cgk=' 'sha256-AbbBgCnZmDtAJF45O21UMnyhPTGCFq7BwU9LGANWPhA=' 'sha256-ET35hd5T26bYi7UrLoRy4dMQYZlPVn2l6lM9i3c+dZY=' https://js-na1.hs-scripts.com https://script.hotjar.com/ https://www.gstatic.com/ https://netlify-rum.netlify.app/ https://share-eu1.hsforms.com/ https://cdnjs.cloudflare.com/ https://ajax.googleapis.com/ https://static.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://www.google-analytics.com/analytics.js https://js-eu1.hs-scripts.com/ https://maps.googleapis.com/ https://tools.euroland.com/ https://widget.surveymonkey.com/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://www.youtube.com/ https://www.google.com/recaptcha/api.js https://app-lon08.marketo.com/ https://js.hs-scripts.com/ https://js.hs-analytics.net/ https://js.hsleadflows.net/ https://js.hsadspixel.net/ https://js.hs-banner.com/ https://js.usemessages.com/ https://munchkin.marketo.net/ https://unpkg.com/ https://js.hsforms.net/forms/v2.js; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; media-src 'self' https: data: blob: https://videos.ctfassets.net; base-uri 'self'; object-src 'none'; frame-src 'self' https: https://*.libsyn.com/; img-src 'self' https: data: www.googletagmanager.com https://images.ctfassets.net/ blob: https://firebasestorage.googleapis.com/ https://storage.googleapis.com/; 1
frame-ancestors 'self'  wbpa.wdo.io eu.wotblitz.com na.wotblitz.com asia.wotblitz.com 1
default-src 'self'; object-src 'none'; img-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com ajax.googleapis.com www.googletagmanager.com connect.facebook.net feedback.hubapi.com *.fontawesome.com *.doubleclick.net platform.twitter.com platform.linkedin.com app.jazz.co cdnjs.cloudflare.com code.jquery.com; connect-src 'self' ftq-public-assets.s3.eu-west-1.amazonaws.com *.hs-banner.com *.hubspot.com *.hubapi.com js.hscta.net *.hscollectedforms.net *.hsforms.com *.fontawesome.com; frame-src 'self' *.hubspot.com *.hs-sites.com *.hubspot.net *.hsforms.net *.hsforms.com www.google.com www.youtube.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net play.hubspotvideo.com cdn2.hubspot.net static.hsappstatic.net *.hsforms.com *.fontawesome.com fonts.googleapis.com; frame-ancestors 'self'; font-src 'self' *.fontawesome.com *.hubspotusercontent-eu1.net fonts.gstatic.com;; upgrade-insecure-requests 1
frame-src 'self' https://bahnhof-bot.deutschebahn.com/ https://ecm-mediathek-cdn.deutschebahn.com 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com www1.justmylook.com; base-uri 'self'; object-src 'none' 1
child-src *.folksam.se mediaarkivet.nu *.msse.se automotive-maps-external.cabgroup.net embed-dot-finwire-services.appspot.com *.reachmee.com widget.trustpilot.com wds.ace.teliacompany.com www.youtube-nocookie.com app-map-app-prod.azurewebsites.net imp.nowinteract.com *.doubleclick.net *.insurely.se *.insurely.com *.cabgroup.net *.scene7.com 1
default-src 'self' youreko.com *.youreko.com youreko.localhost *.youreko.localhost www.googletagmanager.com fonts.gstatic.com fonts.googleapis.com *.google-analytics.com 'sha256-GHD04MIPiR3cqaFF+BYzwAvChqlTX5qe3wJ+FmyB3S8=' 1
default-src 'self' *.interpublic.com https://maps.gstatic.com https://maps.googleapis.com data: ;   image-src  'self' https://*.gstatic.com https://*.google-analytics.com https://*.matomo.cloud https://*.googleapis.com data: ;   script-src 'self' 'unsafe-inline' 'unsafe-eval' *.interpublic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.google.com https://*.gstatic.com https://use.fontawesome.com https://*.matomo.cloud blob: ;   connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.matomo.cloud data: blob: ;   style-src  'self' 'unsafe-inline' *.interpublic.com https://*.googleapis.com https://use.fontawesome.com;   font-src   'self' https://use.fontawesome.com https://*.gstatic.com data: ;   frame-src  'self' *.spotify.com *.youtube.com *.vimeo.com *.apple.com *.buzzsprout.com www.google.com embed.acast.com blob: ; 1
script-src 'unsafe-inline' data: blob: http: https: https://www.homeagain.com/; style-src 'self' blob: https: 'unsafe-inline' https://www.homeagain.com/; worker-src 'self' data: blob: http: https: https://www.homeagain.com/; img-src data: blob: http: https: www.googletagmanager.com; object-src 'none'; base-uri 'none'; child-src 'self' data: blob: http: https: https://www.homeagain.com/; font-src 'self' data:; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.zuora.com *.google.com *.googletagmanager.com cloud.emailca.merck-animal-health-usa.com cloud.email3.homeagain.com cl.s11.exct.net webto.salesforce.com csxd.contentsquare.net; 1
default-src 'self' blob: data: https: wss: *.aven.com; child-src https: blob: *.aven.com; img-src 'unsafe-inline' blob: data: *.aven.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: *.aven.com; style-src 'self' 'unsafe-inline' https: *.aven.com; frame-ancestors 'self'; upgrade-insecure-requests; 1
frame-src 'self' https://td.doubleclick.net/ https://8865438.fls.doubleclick.net/ https://www.youtube.com https://www.google.com *.spotify.com;     object-src 'self' ;     media-src 'self'  ;     script-src 'self' https://www.googleadservices.com/ https://www.google-analytics.com/;     script-src-elem 'self' https://www.clarity.ms/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.youtube.com/ 'unsafe-inline';     frame-ancestors 'self' ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.rubyapps.io https://ajax.googleapis.com https://reports.hrmdirect.com https://maps.googleapis.com https://forms.hsforms.com https://js.hsforms.net https://www.youtube.com https://player.vimeo.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://www.googletagmanager.com https://www.google-analytics.com https://analytics.rubensteintech.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://analytics.rubyapps.io https://reports.hrmdirect.com https://fonts.googleapis.com https://hello.myfonts.net; connect-src 'self' https://analytics.rubyapps.io https://vimeo.com https://noembed.com https://stats.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://maps.gstatic.com https://maps.googleapis.com https://cdn.plyr.io https://www.google-analytics.com/ https://forms.hubspot.com https://analytics.rubensteintech.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://privacyportal.onetrust.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://i.vimeocdn.com https://i.ytimg.com https://f.hubspotusercontent30.net https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://track.hubspot.com https://www.google-analytics.com https://forms.hsforms.com https://cdn.cookielaw.org; frame-src 'self' https://analytics.rubyapps.io https://laborlawyers.hrmdirect.com https://communication.fisherphillips.com https://communications.fisherphillips.com blob: https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://fisherphillips.powtoon.com https://www.podbean.com https://app.powerbi.com https://fisherphillips.hrmdirect.com https://reports.hrmdirect.com https://laborlawyers.hrmdirect.com; worker-src 'self' blob:; media-src 'self' data: https://vimeo.com https://www.youtube.com; frame-ancestors 'self'; object-src 'self'; 1
frame-ancestors 'self'; report-uri /csp-reports 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com db.revoffers.com sp.analytics.yahoo.com s.yimg.com insight.adsrvr.org api.privy.com www.google-analytics.com dpm.demdex.net *.userway.org app.termly.io js.driftt.com *.slack.com diamondcbd.go2cloud.org *.fls.doubleclick.net global.ib-ibi.com tags.bluekai.com pixel.tapad.com uipglob.semasio.net dsum-sec.casalemedia.com player.vimeo.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.cloudfront.net app.shop.pe *.intercomcdn.com www.facebook.com connect.facebook.com tags.herb.co collector.dmp.cnna.io *.attentionsignals.net; connect-src 'self' stats.g.doubleclick.net s.yimg.com db.revoffers.com db.trackcb.com www.google-analytics.com a.klaviyo.com fast.a.klaviyo.com static-forms.klaviyo.com telemetrics.klaviyo.com app.termly.io js.driftt.com widget.privy.com *.privy.com *.userway.org *.ipqualityscore.com *.yotpo.com *.authorize.net track.flexlinks.com vimeo.com shop.pe *.datadome.co *.intercom.io wss://*.intercom.io *.intercomcdn.com *.intercomcdn.eu *.intercomusercontent.com bam.nr-data.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://track.segmetrics.io *.cloudfront.net *.google.com api.agechecker.net https://db.trackcb.com app.shop.pe shopper.shop.pe *.mantis.marketing *.sitescout.com *.bidr.io *.crwdcntrl.net *.mantisadnetwork.com *.leadsrx.com www.facebook.com connect.facebook.com *.aggle.net *.retargeted.co tags.herb.co collector.dmp.cnna.io *.attentionsignals.net https://o1281800.ingest.sentry.io/api/6592256/store/ https://o1281800.ingest.sentry.io/api/6592256/envelope/; font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com use.fontawesome.com *.cloudfront.net *.intercomcdn.com https://*.hotjar.com https://cdn.userway.org cdn.agechecker.net *.cdnfonts.com static.klaviyo.com/; frame-src 'self' nytrng.com *.revoffers.com *.driftt.com *.userway.org *.go2cloud.org *.fls.doubleclick.net track.flexlinks.com *.vimeo.com *.googlevideo.com *.gvt1.com video.google.com *.youtu.be *.youtube.com https://*.hotjar.com app.termly.io www.facebook.com connect.facebook.com tags.herb.co collector.dmp.cnna.io dm2q9qfzyjfox.cloudfront.net *.attentionsignals.net; img-src 'self' upx.provenpixel.com telemetrics.klaviyo.com insight.adsrvr.org *.google.com *.google.pl *.google.us sp.analytics.yahoo.com www.google-analytics.com *.userway.org privymktg.com google-analytics.com dpm.demdex.net *.privy.com diamondcbd.go2cloud.org service.trafficroots.com sigma2.pubmatic.com *.adsrvr.org *.google.am *.doubleclick.net *.mantisadnetwork.com *.shareasale.com *.shareasale-analytics.com i.vimeocdn.com data: *.truoptik.com *.google.me *.adnxs.com *.bluekai.com *.ib-ibi.com *.semasio.net *.yotpo.com *.dotomi.com *.media6degrees.com https://usermatch.krxd.net https://*.hotjar.com *.cloudfront.net img.agechecker.net api.agechecker.net blob: shopper.shop.pe *.intercomcdn.com *.intercomassets.com *.intercomcdn.eu *.intercomusercontent.com *.intercom.io *.intercom-attachments-1.com *.intercom-attachments.eu *.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com *.intercomassets.eu *.mantis.marketing *.sitescout.com *.bidr.io *.crwdcntrl.net *.leadsrx.com www.facebook.com connect.facebook.com ad.ipredictive.com aggle.net cdn.aggle.net tags.herb.co collector.dmp.cnna.io dm2q9qfzyjfox.cloudfront.net *.attentionsignals.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mantisadnetwork.com upx.provenpixel.com s.yimg.com www.greenaffiliates.com db.revoffers.com *.ipqualityscore.com *.yotpo.com www.googletagmanager.com s.btstatic.com *.cloudflareinsights.com *.driftt.com *.klaviyo.com *.authorize.net s.thebrighttag.com cdn-swell-assets.yotpo.com static.klaviyo.com www.google-analytics.com static.cloudflareinsights.com *.userway.org *.termly.io *.privy.com shop.pe *.cloudfront.net *.s3.amaonaws.com *.shop.pe js.intercomcdn.com *.intercom.io https://*.hotjar.com app.shop.pe *.mantis.marketing *.sitescout.com *.bidr.io *.crwdcntrl.net *.leadsrx.com www.facebook.com connect.facebook.com tags.herb.co collector.dmp.cnna.io *.attentionsignals.net cdnjs.cloudflare.com https://applepay.cdn-apple.com https://assets.secure.checkout.visa.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://js.authorize.net https://jstest.authorize.net https://polyfill.io https://sandbox-assets.secure.checkout.visa.com https://songbird.cardinalcommerce.com https://songbirdstag.cardinalcommerce.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' static-tracking.klaviyo.com *.mantisadnetwork.com upx.provenpixel.com s.yimg.com www.greenaffiliates.com db.revoffers.com cdn-loyalty.yotpo.com www.googletagmanager.com s.btstatic.com static.cloudflareinsights.com a.klaviyo.com www.google-analytics.com cdn-swell-assets.yotpo.com s.thebrighttag.com static.klaviyo.com *.userway.org app.termly.io js.driftt.com *.privy.com shop.pe *.ipqualityscore.com *.cloudfront.net ajax.cloudflare.com *.authorize.net *.gstatic.com shareasale-analytics.com *.s3.amazonaws.com *.shop.pe *.datadome.co *.yotpo.com *.intercom.io *.intercomcdn.com *.newrelic.com bam.nr-data.net *.hotjar.com *.facebook.net sdk.trackcb.com https://tag.segmetrics.io cdn.agechecker.net app.shop.pe *.mantis.marketing *.sitescout.com *.bidr.io *.crwdcntrl.net *.leadsrx.com player.vimeo.com aggle.net cdn.aggle.net *.retargeted.co tags.herb.co collector.dmp.cnna.io dm2q9qfzyjfox.cloudfront.net *.attentionsignals.net cdnjs.cloudflare.com https://applepay.cdn-apple.com https://assets.secure.checkout.visa.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://js.authorize.net https://jstest.authorize.net https://polyfill.io https://sandbox-assets.secure.checkout.visa.com https://songbird.cardinalcommerce.com https://songbirdstag.cardinalcommerce.com https://unpkg.com https://www.google.com; style-src 'self' 'unsafe-inline' cdn-swell-assets.yotpo.com maxcdn.bootstrapcdn.com *.klaviyo.com *.privy.com *.gstatic.com *.cloudfront.net *.addshoppers.com *.userway.org https://*.hotjar.com *.cdnfonts.com tags.herb.co collector.dmp.cnna.io cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; frame-ancestors 'self' 1
base-uri 1
script-src  https://*.vzpstatic.cz https://api.mapy.cz https://www.googletagmanager.com https://js.monitor.azure.com 'report-sample' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net; style-src   https://*.vzpstatic.cz https://api.mapy.cz https://www.googletagmanager.com https://fonts.googleapis.com 'report-sample' 'unsafe-inline'	https://translate.googleapis.com https://www.gstatic.com; connect-src https://*.vzpstatic.cz https://api.mapy.cz https://www.googletagmanager.com https://*.google-analytics.com https://js.monitor.azure.com https://*.in.applicationinsights.azure.com https://www.vzp.cz 'self' https://vsrezsy.vzp.cz/ https://www.facebook.com	https://*.googleapis.com; img-src     https://*.vzpstatic.cz https://api.mapy.cz https://www.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com 'self' data: https://www.facebook.com https://connect.facebook.net	https://translate.google.com; font-src    https://*.vzpstatic.cz https://api.mapy.cz https://fonts.gstatic.com; frame-src   https://www.googletagmanager.com https://www.youtube.com https://www.google.com https://vzp.infolinky.textcom.cz https://prod.kadlecelektro.cz https://*.facebook.com https://connect.facebook.net; object-src  'none'; base-uri 'self'; frame-ancestors 'none'; upgrade-insecure-requests; report-uri https://vzpcz.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' https://bumrungrad.aflip.in https://telehealthservice.bumrungrad.com 1
default-src * 'unsafe-inline' 'unsafe-eval' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; form-action *, font-src * blob: data:; 1
frame-ancestors magazin.ms.beta.rossmann.hu magazin.microservices.rossmann.hu *.beta.rossmann.hu *.rossmann.hu *.blikk.hu 1
script-src 'unsafe-inline' 'unsafe-eval' *; object-src 'none'; base-uri 'self'; child-src 'self'; frame-src 'self' https://www.paypal.com/ https://b.sbox.stats.paypal.com/ https://www.sandbox.paypal.com/ https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://www.google.com/; frame-ancestors 'self' 1
frame-ancestors 'self' https://*.broward.edu https://*.smartsheet.com https://*.ally.ac; 1
frame-ancestors 'self' https://admin.bakerlaw.com; 1
default-src 'self' https: wss: data:; connect-src 'self' https: wss: data: *.raekdata.com *.raek.net *.cloudflare.com *.google-analytics.com *.tiktok.com *.hotjar.com *.hotjar.io *.calendly.com; style-src 'self' 'unsafe-inline' *.raekdata.com *.raek.net *.cloudflare.com *.googleapis.com *.calendly.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.raekdata.com *.raek.net *.cloudflare.com *.cloudflareinsights.com *.google.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.doubleclick.net *.facebook.com *.facebook.net *.twitter.com *.ads-twitter.com *.hotjar.com *.hotjar.io *.tiktok.com *.licdn.com *.clickcease.com *.redditstatic.com *.calendly.com; object-src 'none' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://staticcdn.aus.social; img-src 'self' data: blob: https://staticcdn.aus.social https://mediacdn.aus.social https://s3.ap-southeast-2.wasabisys.com; style-src 'self' https://staticcdn.aus.social 'nonce-copt01yz1XlMRvCEmxAiHg=='; media-src 'self' data: https://staticcdn.aus.social https://mediacdn.aus.social https://s3.ap-southeast-2.wasabisys.com; frame-src 'self' https:; manifest-src 'self' https://staticcdn.aus.social; form-action 'self'; child-src 'self' blob: https://staticcdn.aus.social; worker-src 'self' blob: https://staticcdn.aus.social; connect-src 'self' data: blob: https://staticcdn.aus.social https://mediacdn.aus.social https://s3.ap-southeast-2.wasabisys.com wss://aus.social; script-src 'self' https://staticcdn.aus.social 'wasm-unsafe-eval' 1
default-src * data: https: 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests 1
default-src * https: data: 'unsafe-inline' 'unsafe-eval' demo.akamai-cpc.com p11.techlab-cdn.com 1
frame-ancestors 'self' cooper.fastcommand.com cooperhealth.org cooperhealth.edu *.cooperhealth.org *.cooperhealth.edu 1
default-src *;img-src 'self';font-src 'self' https://fonts.gstatic.com;style-src 'self' https://fonts.googleapis.com 'unsafe-inline';script-src 'strict-dynamic' 'nonce-ShWALVa0N1Nwz+MVyOu2FsJj5gM=' https: 'unsafe-inline';frame-src https://www.google.com/recaptcha/;base-uri 'none';object-src 'none';report-to main-endpoint; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com blob: https://s1.thcdn.com https://www.awin1.com https://d2d7do8qaecbru.cloudfront.net https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://tr6.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://*.pndsn.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://smct.co https://*.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://smct.io https://*.smct.io https://tr.snapchat.com https://sgtm.ameliorate.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; form-action 'self' https://www.facebook.com https://m.ameliorate.com https://checkout.ameliorate.com https://www.ameliorate.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-media.akamaized.net https://download-video.akamaized.net https://*.ameliorate.com; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://*.twitter.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://cdn.pubnub.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://tr.snapchat.com https://sgtm.ameliorate.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' http: https: wss: turns: data: blob: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'self' https://cdn.matomo.cloud https://*.cdninstagram.com/ https://storage.elfsight.com/ https://static.elfsight.com https://apps.elfsight.com https://cdn.datatables.net/ https://widget.spreaker.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' 'unsafe-eval' https://www.gravatar.com https://*.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://cdn.datatables.net/  https://fonts.googleapis.com https://p.typekit.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://eng.matomo.cloud https://storage.elfsight.com/ https://apps.elfsight.com/ https://www.eng.it/ https://video.eng.it https://*.google-analytics.com https://*.googleapis.com; font-src 'self' data: https://use.typekit.net https://fonts.gstatic.com; frame-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://widget.spreaker.com; img-src 'self' data: https://www.google.com/recaptcha/ https://maps.googleapis.com  https://maps.gstatic.com https://*.google-analytics.com https://*.cdninstagram.com/ https://*.elfsightcdn.com/; manifest-src 'self'; media-src 'self' blob: https://video.eng.it; worker-src blob:; 1
connect-src * data: blob: 'unsafe-inline' 1
frame-ancestors 'self' https://manage.dentistryiq.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-src *.fls.doubleclick.net *.hotjar.com *.facebook.com *.hsforms.com static.addtoany.com app.hubspot.com youtu.be youtube.com www.youtube.com *.gendex.com *.adsrvr.org *.simplifeye.co embed.simplifeye.co simplifeye.co *.doubleclick.net *.dexisuniversity.ru dexisuniversity.ru *.google.com dexis.com *.googleanalytics.com *.google-analytics.com *.googleoptimize.com *.googletagmanager.com *.addtoany.com *.hsforms.net *.newrelic.com *.nr-data.net  *.cookielaw.org *.hubspot.com *.googleadservices.com *.licdn.com *.hs-scripts.com *.facebook.net *.usemessages.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hsleadflows.net *.prod.acquia-sites.com *.sociabble.com *.qualtrics.com td.doubleclick.net *.azureedge.net data:; report-uri /report-csp-violation 1
default-src blob: data: wss://*.megawin.mk:* wss://megawin.mk:* 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com/ https://youtube.com/ https://megawin.mk https://*.megawin.mk https://bat.bing.com https://region1.analytics.google.com https://region1.google-analytics.com https://www.google.mk https://www.google.com https://apis.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://maps.googleapis.com https://*.comm100.io https://*.comm100.com https://*.googletagmanager.com https://googletagmanager.com https://*.typekit.net https://typekit.net https://maps.google.com https://*.gstatic.com https://gstatic.com https://connect.facebook.net https://*.facebook.com https://facebook.com https://*.fbcdn.net https://fbcdn.net https://analytics.google.com/ https://google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net/ https://cdn.taboola.com https://trc.taboola.com https://trc-events.taboola.com https://track.adform.net/ https://s2.adform.net https://sxt.cdn.skype.com https://www.adobe.com https://lob.egcvi.com https://bshots.egcvi.com/ https://client.pragmaticplaylive.net https://eadsrv.com https://linker.bg/ https://*.live-hub.net https://de2-md.svmsrv.com/ https://*.comm100download.com/ https://*.doubleclick.net https://*.googlesyndication.com https://doubleclick.net https://googlesyndication.com ; frame-ancestors 'self' https://*.megawin.mk 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://troet.cafe; img-src 'self' https: data: blob: https://troet.cafe; style-src 'self' https://troet.cafe 'nonce-nJaF/D1PkEXCqW4YdSJ/7w=='; media-src 'self' https: data: https://troet.cafe; frame-src 'self' https:; manifest-src 'self' https://troet.cafe; form-action 'self'; child-src 'self' blob: https://troet.cafe; worker-src 'self' blob: https://troet.cafe; connect-src 'self' data: blob: https://troet.cafe https://media.troet.cafe wss://troet.cafe; script-src 'self' https://troet.cafe 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://gnosis-safe.io https://dev.gnosis-safe.io https://dapp-browser.apps.ledger.com https://ledger-live-platform-apps.vercel.app https://bsc.gnosis-safe.io https://polygon.gnosis-safe.io https://tmm.world https://dhedge.org https://app.safe.global https://*.coinshift.xyz https://connect.trezor.io https://verify.walletconnect.com https://wallet-v2.blocto.app https://1inch.cloudflareaccess.com https://buy.moonpay.com; frame-src https://challenges.cloudflare.com https://app.safe.global https://*.coinshift.xyz https://connect.trezor.io https://verify.walletconnect.com https://wallet-v2.blocto.app https://dapp-browser.apps.ledger.com https://1inch.cloudflareaccess.com https://buy.moonpay.com; 1
default-src 'self'; media-src 'self' *.blob.core.windows.net *.accentjobs.be accentjobs.be; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com slgnt.accentjobs.be houseofhr.slgnt.eu privacyportal-eu-cdn.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.googletagmanager.com *.trustpilot.com https://www.youtube.com/ maps.googleapis.com www.google-analytics.com targetemsecure.blob.core.windows.net the.itemwi.se connect.facebook.net snap.licdn.com cdn.polyfill.io api.itemwise.com www.google.com www.gstatic.com *.clarity.ms *.hotjar.com *.bing.com *.hotjar.io *.visualwebsiteoptimizer.com *.tiktok.com *.accentjobs.be houseofhr-be.blueconic.net rum.browser-intake-datadoghq.eu analytics.pangle-ads.com serve.albacross.com https://unpkg.com/@hello-customer/website-touchpoint; child-src 'self' data:; worker-src blob: 'self' accdigsignsadev01.blob.core.windows.net; style-src 'self' fonts.googleapis.com 'unsafe-inline' houseofhr.slgnt.eu privacyportal-eu-cdn.onetrust.com slgnt.accentjobs.be bcbe.accentjobs.be; font-src 'self' fonts.gstatic.com privacyportal-eu-cdn.onetrust.com fonts.googleapis.com slgnt.accentjobs.be data:; img-src 'self' data: *.ads.linkedin.com *.googletagmanager.com houseofhr.slgnt.eu maps.gstatic.com maps.googleapis.com slgnt.accentjobs.be cdn.cookielaw.org px.ads.linkedin.com www.google-analytics.com www.facebook.com *.blob.core.windows.net *.accentjobs.be *.clarity.ms *.hotjar.com *.bing.com accentjobs.be www.google.be *.visualwebsiteoptimizer.com *.tiktok.com houseofhr-be.blueconic.net; connect-src 'self' data: stats.g.doubleclick.net googleads.g.doubleclick.net wss://*.twilio.com *.twilio.com *.sentry.io *.houseofhr.com *.accentjobs.be houseofhr.slgnt.eu *.google-analytics.com https://www.gstatic.com ws://localhost:3000/_next/webpack-hmr privacyportal-eu-cdn.onetrust.com privacyportal-eu.onetrust.com cdn.cookielaw.org geolocation.onetrust.com cookie-cdn.cookiepro.com pagead2.googlesyndication.com maps.googleapis.com px.ads.linkedin.com site-azp.slgnt.eu *.blob.core.windows.net consent-api.onetrust.com *.clarity.ms *.hotjar.com *.bing.com *.hotjar.io accentjobs.be wss://*.hotjar.com *.analytics.google.com *.visualwebsiteoptimizer.com *.tiktok.com houseofhr-be.blueconic.net www.google.be www.google.com *.browser-intake-datadoghq.eu analytics.pangle-ads.com serve.albacross.com api.hellocustomer.com my.survey.hellocustomer.com; frame-src * data:; 1
frame-ancestors 'self' www.alloprof.qc.ca 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net s.yimg.com tpc.googlesyndication.com static.ads-twitter.com *.v.liveperson.net googleads.g.doubleclick.net connect.facebook.net tags.tiqcdn.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com maps.googleapis.com lpcdn.lpsnmedia.net www.google.com.my gateway.zscaler.net cdn-assets-prod.s3.amazonaws.com analytics.tiktok.com; img-src data: * blob: android-webview-video-poster: android-webview:; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.hsbc.com.my manifest.prod.boltdns.net *.siteintercept.qualtrics.com *.qualtrics.com *.brightcovecdn.com adservice.google.com www.facebook.com http://127.0.0.1:5000 http://127.0.0.1:5000/* www.google.com ad.doubleclick.net maps.googleapis.com www.googletagmanager.com analytics.google.com *.g.doubleclick.net www.google-analytics.com t.co analytics.twitter.com www.google.com.my *.demdex.net *.tt.omtrdc.net akamai.tiqcdn.com logx.optimizely.com www.hsbc.com.my rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk google.com *.dbankcloud.com *.sc.omtrdc.net www.google.lk cdn-assets-prod.s3.amazonaws.com analytics.tiktok.com *.akamaihd.net; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.googletagmanager.com www.facebook.com tpc.googlesyndication.com *.auth.hsbc.com connect.facebook.net *.demdex.net gateway.zscaler.net gateway.zscalertwo.net gateway.zscloud.net google.com 8717352.fls.doubleclick.net analytics.tiktok.com; frame-ancestors 'self' www.hsbc.com.my *.liveperson.net; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com cdn.jsdelivr.net at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net www.googletagmanager.com; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net manifest.prod.boltdns.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report; 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; style-src 'self' https:; script-src 'self' https: 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src https: 'self' 'unsafe-inline' 'unsafe-eval' * data:; 1
frame-ancestors 'self' *.smartandfinal.com *.chedrauiusa.com 1
frame-ancestors 'self' https://umc.shzxcloud.com; 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; style-src-elem * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; frame-src * 'self'; worker-src * blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://cdn.cookielaw.org; report-uri /eur/report-csp-violation 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ohai.social; img-src 'self' data: blob: https://ohai.social https://files.ohai.social; style-src 'self' https://ohai.social 'nonce-bmgLC5T731ZcnwdACXLemQ=='; media-src 'self' data: https://ohai.social https://files.ohai.social; frame-src 'self' https:; manifest-src 'self' https://ohai.social; form-action 'self'; child-src 'self' blob: https://ohai.social; worker-src 'self' blob: https://ohai.social; connect-src 'self' data: blob: https://ohai.social https://files.ohai.social wss://ohai.social; script-src 'self' https://ohai.social 'wasm-unsafe-eval' 1
style-src-attr 'self' www.profamilia.de typo3.profamilia.de 'unsafe-inline' 1
frame-ancestors 'self' http://localhost:80 https://localhost:443 http://127.0.0.1:80 https://127.0.0.1:443; 1
base-uri 'self'; connect-src 'self' https://*.synodev.com https://demo.synology.com:5001 https://*.demo.synology.com:5001 https://demo.synology.de:5001 https://*.demo.synology.de:5001 https://*.google.com https://*.google-analytics.com https://*.doubleclick.net/ https://*.googletagmanager.com https://pagead2.googlesyndication.com *.google-analytics.com *.analytics.google.com https://www.facebook.com https://graph.facebook.com https://analytics.synology.com https://bat.bing.com https://mc.yandex.ru *.mouseflow.com https://in.hotjar.com/ https://vc.hotjar.io wss://*.hotjar.com/ https://api-fra.livechatinc.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com analytics.twitter.com https://api.mapbox.com https://events.mapbox.com https://px.adhigh.net/ https://*.clarity.ms https://fw-cdn.com https://src.fwusercontent.com https://synologyc2.myfreshworks.com https://lottie.host/ https://webec.synodev.com https://webec-cn.synodev.com https://webec.synology.com https://webec.synology.cn; default-src 'self'; font-src 'self' data: https://synostatic.synology.com https://themes.googleusercontent.com https://fonts.gstatic.com *.mouseflow.com https://cdn.livechatinc.com; frame-ancestors https://tongji.baidu.com 'self' https://*.facebook.com metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr *.webvisor.com; frame-src https://www.ixigua.com/ 'self' https://*.synology.com https://cse.google.com https://www.googletagmanager.com https://*.doubleclick.net https://optimize.google.com https://*.facebook.com https://staticxx.facebook.com *.mouseflow.com https://vars.hotjar.com/ https://secure.livechatinc.com https://secure-fra.livechatinc.com https://api-fra.livechatinc.com https://px.adhigh.net/ https://youtube.com https://www.youtube.com https://player.youku.com/ https://synology.jobbase.io https://synology.onlyfy.jobs https://synoform.synology.com; img-src https://hm.baidu.com/hm.gif https://px.ads.linkedin.cn/ 'self' data: blob: https://*.synology.com https://global.download.synology.com https://cndl.synology.cn https://gallery.synology.com https://gallery.test.synology.inc https://global.synologydownload.com https://*.google-analytics.com https://*.doubleclick.net https://*.googleapis.com https://*.google.com https://*.google.de https://*.google.com.tw https://*.gstatic.com https://*.googletagmanager.com *.google-analytics.com *.analytics.google.com https://www.facebook.com https://*.bing.com https://mc.yandex.ru https://alb.reddit.com *.mouseflow.com https://secure.livechatinc.com https://secure-fra.livechatinc.com https://cdn.livechatinc.com https://api-fra.livechatinc.com https://cdn.livechat-files.com https://wcs.naver.com https://*.linkedin.com https://p.adsymptotic.com/d/px analytics.twitter.com https://t.co/ https://api.mapbox.com https://i.ytimg.com https://*.clarity.ms https://c.bing.com; media-src 'self' https://gallery.synology.com https://download.synology.com https://fileres.synology.com/ https://cdn.livechatinc.com https://api-fra.livechatinc.com; object-src 'none'; script-src https://hm.baidu.com/ https://tag.baidu.com/vcard/v.js https://tongji.baidu.com https://hmcdn.baidu.com/static/tongji/ https://ada.baidu.com/ https://*.baidu.com/ 'self' blob: 'unsafe-eval' 'nonce-ffd560d182369b08a8b3ed35cfa5ee3cc50b5b5f093ece3139181709813896c3' https://demo.synology.com https://demo.synology.de https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://cse.google.com https://clients1.google.com https://tagmanager.google.com https://www.gstatic.com https://*.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://www.gstatic.cn https://www.recaptcha.net https://*.googleapis.com https://connect.facebook.net https://bat.bing.com https://mc.yandex.ru https://www.redditstatic.com *.mouseflow.com https://static.hotjar.com https://script.hotjar.com/ https://cdn.livechatinc.com https://code.jquery.com https://secure.livechatinc.com https://secure-fra.livechatinc.com https://accounts.livechatinc.com https://api.livechatinc.com https://api-fra.livechatinc.com https://wcs.naver.net/wcslog.js https://snap.licdn.com https://www.linkedin.com/px/ https://px.ads.linkedin.com https://sjs.bizographics.com/insight.min.js https://analytics.twitter.com https://static.ads-twitter.com https://t.co/i/adsct https://api.mapbox.com https://px.adhigh.net/ https://www.youtube.com https://cdnjs.cloudflare.com https://synology.jobbase.io https://*.clarity.ms https://synology.onlyfy.jobs fw-cdn.com https://*.freshsales.io https://synologyc2.myfreshworks.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://synostatic.synodev.com https://synostatic.synology.com https://www.google.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://optimize.google.com https://cdn.livechat-files.com https://api.mapbox.com https://cdnjs.cloudflare.com https://assets.freshsales.io 1
default-src 'none'; script-src 'self' blob: *.chefsteps.com data: 'unsafe-eval' 'unsafe-inline' cdn.cookielaw.org static.cloudflareinsights.com *.hotjar.com perfalytics.com cdn.mxpnl.com assets.adobedtm.com embed.typeform.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com *.doubleclick.net ajax.googleapis.com plus.google.com apis.google.com *.newrelic.com *.cloudfront.net *.evidon.com *.segment.com *.chargebee.com *.algolianet.com *.algolia.net cdn.jsdelivr.net appleid.cdn-apple.com cdnjs.cloudflare.com cdn.embedly.com connect.facebook.net *.facebook.com *.amazon.com *.twitter.com api.pinterest.com www.youtube.com www.youtube-nocookie.com *.vimeo.com f.vimeocdn.com *.filepicker.io photorankstatics-a.akamaihd.net bam.nr-data.net cs-bloom-community-staging.herokuapp.com staging-chefsteps-catalog.herokuapp.com cs-bloom-community-production.herokuapp.com chefsteps-catalog.herokuapp.com; connect-src 'self' cdn.cookielaw.org *.chefsteps.com *.foodthinkers.com *.onetrust.com *.hotjar.com *.filepicker.io perfalytics.com api.perfalytics.com chefstep-dev.us.auth0.com cdn.mxpnl.com api-js.mixpanel.com bam.nr-data.net www.google-analytics.com *.doubleclick.net *.amazonaws.com *.facebook.com dgcollector.evidon.com c.evidon.com cdn.segment.com api.segment.io *.algolianet.com *.algolia.net cs-bloom-api-production.herokuapp.com cs-bloom-api-staging.herokuapp.com staging-chefsteps-catalog.herokuapp.com chefsteps-catalog.herokuapp.com; style-src 'self' 'unsafe-inline' embed.typeform.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com *.chargebee.com *.cloudfront.net cs-bloom-community-staging.herokuapp.com staging-chefsteps-catalog.herokuapp.com cs-bloom-community-production.herokuapp.com chefsteps-catalog.herokuapp.com; font-src 'self' data: maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com code.ionicframework.com fonts.gstatic.com fonts.gstatic.com *.cloudfront.net staging-chefsteps-catalog.herokuapp.com chefsteps-catalog.herokuapp.com; img-src 'self' data: cdn.cookielaw.org assets.breville.com breville.scene7.com s7ap1.scene7.com images.typeform.com *.chefsteps.com googleads.g.doubleclick.net stats.g.doubleclick.net *.facebook.com www.placehold.it i.ytimg.com i.imgur.com *.amazon.com *.amazonaws.com *.cloudfront.net *.evidon.com *.filepicker.io staging-chefsteps-catalog.herokuapp.com chefsteps-catalog.herokuapp.com; frame-src *.cloudfront.net form.typeform.com www.youtube.com www.youtube-nocookie.com *.vimeo.com *.twitter.com *.chargebee.com match.adsrvr.org insight.adsrvr.org bid.g.doubleclick.net *.filepicker.io forum.chefsteps.com www.chefsteps.com; media-src breville.scene7.com *.amazon.com *.amazonaws.com *.cloudfront.net; manifest-src *.cloudfront.net 1
frame-ancestors 'self' https://www.googletagmanager.com https://app.hubspot.com 1
script-src http: https: https://www.joyalukkas.in/ 'nonce-BsHYiihbR8nk7WfdEABslTjY4fBpMA313EtcQk2i81yJU' *.zohopublic.in; style-src 'self' blob: https: 'unsafe-inline' https://www.joyalukkas.in/ *.zohopublic.in; img-src data: http: https: *.zohopublic.in *.google-analytics.com *.googletagmanager.com *.analytics.google.com; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com *.zohopublic.in *.zohocdn.com; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.razorpay.com *.zohopublic.in *.doubleclick.net; 1
default-src 'self' *.greenlight.com *.gl-tech.io web.cdn.greenlight.com web.cdn.staging.greenlight.com web.cdn.dev.greenlight.com;media-src videos.ctfassets.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.greenlight.com *.gl-tech.io *.optimizely.com cdn.segment.com cdn.segment.com/v1/projects/* cdn.segment.com/analytics-next/bundles/* cdn.segment.com/next-integrations/integrations/* *.vimeo.com graph.facebook.com *.cloudfront.net *.google-analytics.com *.googletagmanager.com *.tiktok.com *.tiktokcdn-us.com *.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/ iframely.net/files/ pay.google.com *.growsumo.com connect.facebook.net maps.googleapis.com app.link sc-static.net s.yimg.com bam.nr-data.net js-agent.newrelic.com cdn.mxpnl.com sp.analytics.yahoo.com cdn.plaid.com *.fullstory.com js.adsrvr.org bat.bing.com *.criteo.com acdn.adnxs.com js.braintreegateway.com assets.braintreegateway.com paypalobjects.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com getrockerbox.com conoret.com *.hubspot.com js.hscollectedforms.net js.hsadspixel.net *.hs-scripts.com js.hs-banner.com js.hs-analytics.net forms.hsforms.com *.usemessages.com *.bc0a.com googleadservices.com outgrow.us outgrow.co dyv6f9ner1ir9.cloudfront.net *.byspotify.com *.appsflyer.com platform.instagram.com www.instagram.com instagram.com analytics.tiktok.com/* googleadservices.com/*;connect-src data: 'self' *.greenlight.com *.gl-tech.io *.greenlight.me *.auth.us-east-1.amazoncognito.com api.lever.co *.vimeo.com graph.facebook.com facebook.com *.mixpanel.com api.segment.io api.segment.io/v1/p cdn.segment.com *.nr-data.net *.optimizely.com dvqigh9b7wa32.cloudfront.net d330aiyvva2oww.cloudfront.net *.amazonaws.com microk8s.gl *.microk8s.gl *.braintreegateway.com *.braintreegateway.co *.braintree-api.com detx.test-app.link bnc.lt *.plaid.com grsm.io s.yimg.com *.logs.datadoghq.com *.browser-intake-datadoghq.com maps.googleapis.com *.fullstory.com *.analytics.google.com *.g.doubleclick.net d1lu3pmaz2ilpx.cloudfront.net *.cardinalcommerce.com adservice.google.com analytics.google.com google.com/ measurement-api.criteo.com/ *.paypal.com/ ad.doubleclick.net bat.bing.com *.hubspot.com *.hubapi.com *.bc0a.com googleadservices.com pay.google.com https://www.google.com/pay *.byspotify.com api.gotolstoy.com assets.ctfassets.net www.instagram.com instagram.com *.telemetry.vaultdcr.com *.tiktok.com;img-src 'self' data: *.greenlight.com *.gl-tech.io greenlightcard.com images.ctfassets.net videos.ctfassets.net downloads.ctfassets.net *.tiktokcdn.com *.vimeocdn.com facebook.com *.facebook.com csi.gstatic.com google-analytics.com *.google-analytics.com maps.googleapis.com googletagmanager.com *.fullstory.com jadserve.postrelease.com exchange.mediavine.com *.bidr.io *.adnxs.com *.bing.com *.analytics.yahoo.com trends.revcontent.com *.ad.smaato.net tapestry.tapad.com criteo-partners.tremorhub.com ade.clmbtech.com ad.tpmn.co.kr sync-criteo.ads.yieldmo.com idsync.rlcdn.com x.bidswitch.net *.g.doubleclick.net partner.mediawallahscript.com r.casalemedia.com ad.360yield.com contextual.media.net sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com tg.socdm.com visitor.omnitagjs.com aa.agkn.com *.criteo.com data.adxcel-ec2.com nytrng.com tags.bluekai.com pt.ispot.tv tags.w55c.net dpm.demdex.net google.com assets.braintreegateway.com *.paypal.com gstatic.com matching.ivitrack.com i.liadm.com google.kz google.es google.com.pr google.co.uk google.ru google.co.jp adservice.google.com analytics.google.com i6.liadm.com csm.va.us.criteo.net csm.da.us.criteo.net sp.analytics.yahoo.com segment.prod.bidr.io e1.emxdgt.com *.hsforms.com *.hubspot.com greenlight-stage.s3-accelerate.amazonaws.com greenlightme.s3-accelerate.amazonaws.com ads.stickyadstv.com e.dlx.addthis.com cdn.filestackcontent.com https://www.gstatic.com/instantbuy/svg/light_square_gpay.svg trkn.us videos.gotolstoy.com *.cdninstagram.com *.tiktok.com;child-src blob: assets.braintreegateway.com *.paypal.com;frame-src *;frame-ancestors none;object-src 'self' data: images.ctfassets.net videos.ctfassets.net downloads.ctfassets.net;style-src 'self' 'unsafe-inline' *.greenlight.com *.gl-tech.io *.greenlightcard.com greenlightcard.com greenlight.com cdnjs.cloudflare.com assets.braintreegateway.com dyv6f9ner1ir9.cloudfront.net fonts.googleapis.com *.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/ *.tiktokcdn-us.com;font-src 'self' data: *.greenlight.com *.gl-tech.io paypalobjects.com cdn.honey.io fonts.gstatic.com;worker-src blob:;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub6740cfe27eae28719b3b2ce1f5bc35f2&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production%2Cservice:greenlight-website-next; 1
frame-ancestors activity.meyo.one activity-cf.meyo.one 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mstdn.ca; img-src 'self' data: blob: https://mstdn.ca https://cdn.mastdn.ca; style-src 'self' https://mstdn.ca 'nonce-4SWcF8nqf2Id1BzgI24zMA=='; media-src 'self' data: https://mstdn.ca https://cdn.mastdn.ca; frame-src 'self' https:; manifest-src 'self' https://mstdn.ca; form-action 'self'; child-src 'self' blob: https://mstdn.ca; worker-src 'self' blob: https://mstdn.ca; connect-src 'self' data: blob: https://mstdn.ca https://cdn.mastdn.ca wss://api.mstdn.ca; script-src 'self' https://mstdn.ca 'wasm-unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' * blob: data:; object-src 'self' * 1
default-src 'self' * *.uhaul.com https://www.google.com;script-src 'self' *.uhaul.com cdnjs.cloudflare.com https://www.google.com/recaptcha/api.js;style-src 'self' cdnjs.cloudflare.com fonts.googleapis.com;font-src fonts.gstatic.com cdnjs.cloudflare.com;frame-ancestors 'self' *.uhaul.net 1
default-src https: data: 'unsafe-inline' 'unsafe-eval';connect-src https://*.qacloud.com.cn:443 1
default-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.hubspot.com *.hsforms.net *.hs-scripts.com *.fullstory.com https://www.youtube.com *.facebook.net *.facebook.com https://connect.facebook.net https://knapp.piwik.pro https://snap.licdn.com https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com/analytics.js https://www.gstatic.com knapp.containers.piwik.pro ; connect-src 'self' *.hubspot.com *.hsforms.net *.hsforms.com *.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://forms-eu1.hscollectedforms.net https://cta-eu1.hubspot.com https://region1.google-analytics.com https://www.google-analytics.com https://knapp.piwik.pro https://px.ads.linkedin.com ; img-src 'self' data: *.knapp.com *.hubspot.com *.hsforms.net *.hsforms.com *.hsforms.com https://www.googletagmanager.com *.google-analytics.com *.linkedin.com https://px4.ads.linkedin.com https://px.ads.linkedin.com *.facebook.com *.facebook.net https://secure.gravatar.com *.w.org ; font-src 'self' data:; frame-src 'self' *.hubspot.com *.hsforms.net *.hsforms.com *.hsforms.com https://app.hubspot.com https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com *.vimeo.com ; frame-ancestors 'self' https://*.hubspot.com ; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://ct.pinterest.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://*.snapchat.com blob: https://app.qubit.com https://*.abtasty.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://d2d7do8qaecbru.cloudfront.net; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://ct.pinterest.com https://*.google.co.jp https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://analytics.tiktok.com https://tr.snapchat.com https://*.contentsquare.net https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.myprotein.jp https://*.abtasty.com https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.jp https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com https://fonts.smct.co https://fonts.smct.io; form-action 'self' https://www.facebook.com https://www.myprotein.jp https://m.myprotein.jp https://checkout.myprotein.jp https://connect.facebook.net https://ct.pinterest.com https://tr.snapchat.com https://tr6.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://static.ads-twitter.com https://analytics.twitter.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://www.google.co.jp https://static.thgcdn.cn https://analytics.tiktok.com https://*.ibytedtos.com https://*.contentsquare.net https://app.contentsquare.com https://static.goqubit.com https://*.qubit.com blob: https://*.abtasty.com https://sc-static.net https://tr.snapchat.com https://d.line-scdn.net https://sgtm.myprotein.jp https://smct.co https://*.smct.co https://smct.io https://*.smct.io; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn https://*.abtasty.com https://*.gstatic.com https://fonts.smct.co https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; script-src http: 'unsafe-inline' 'unsafe-eval' blob:; style-src http: 'unsafe-inline'; 1
frame-ancestors 'self' https://nch-dev-healthdirect.crm6.dynamics.com https://nch-healthdirect.crm6.dynamics.com https://nch-test-healthdirect.crm6.dynamics.com https://nch-trn-healthdirect.crm6.dynamics.com 1
default-src https: wss: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://applepay.cdn-apple.com https://pay.google.com https://cdn.checkout.com https://ajax.googleapis.com https://ajax.aspnetcdn.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://js.stripe.com *.dnapayments.com *.braintreegateway.com *.paypal.com *.cardinalcommerce.com https://www.googletagmanager.com www.paypalobjects.com client-analytics.braintreegateway.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.braintreegateway.com; connect-src 'self' https://www.google.com https://google.com https://pay.google.com https://js.checkout.com https://api.stripe.com wss://ipay-prod.service.signalr.net https://ipay-prod.service.signalr.net *.braintree-api.com *.braintreegateway.com *.cardinalcommerce.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com https://*.google-analytics.com https://*.analytics.google.com https://www.google-analytics.com https://*.googletagmanager.com *.ipayimpact.co.uk; frame-src 'self' https://*; font-src 'self' data: https://applepay.cdn-apple.com https://fonts.gstatic.com; img-src https: data: blob: assets.braintreegateway.com checkout.paypal.com https://*.google-analytics.com https://*.googletagmanager.com;child-src assets.braintreegateway.com c.paypal.com;report-uri https://www.ipayimpact.co.uk/ipicashlessapi/api/ContentSecurityPolicy/Report; 1
default-src 'self' 'unsafe-inline' data: *.google.com *.my.onetrust.com *.cookielaw.org *.googleapis.com *.gstatic.com *.onetrust.com *.g.doubleclick.net *.analytics.google.com *.cloud.coveo.com *.google-analytics.com *.googletagmanager.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cookielaw.org *.cloud.coveo.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google.com *.gstatic.com *.cloudflare.com *.cloudfront.net *.stripe.com *.googleadservices.com *.googlesyndication.com snap.licdn.com *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net *.hsadspixel.net *.hubspot.com *.facebook.net;style-src 'self' 'unsafe-inline' *.cloud.coveo.com *.googleapis.com *.gstatic.com; img-src 'self' data: https:; connect-src 'self' data: https: *.google.com *.doubleclick.net *.hubapi.com *.hscollectedforms.net; font-src 'self' data: https:;frame-src 'self' *.embedly.com *.stripe.com *.doubleclick.net *.google.com *.googletagmanager.com *.youtube.com alsenvironmental.wufoo.com *.facebook.com *.vimeo.com *.hs-sites.com;object-src 'none'; form-action 'self' *.westpac.com.au *.payjunction.com *.facebook.com; report-uri https://9854a28f6d04362aa2f20b134deae7c0.report-uri.com/r/d/csp/enforce; report-to csp-endpoint 1
connect-src 'self' pagead2.googlesyndication.com region1.google-analytics.com www.google.com collect.blomsterlandet.se consentcdn.cookiebot.com consent.cookiebot.com googleads.g.doubleclick.net adservice.google.com eu.klarnaevt.com www.facebook.com/tr/ www.google-analytics.com translate.googleapis.com ct.pinterest.com https://ib.adnxs.com/pixie/up; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net t.contentsquare.net files.imbox.io/app/dist/initWidget.js apiv2.imbox.io https://files.imbox.io/widget-v2/prod/widget.js https://acdn.adnxs.com/dmp/up/pixie.js consent.cookiebot.com consentcdn.cookiebot.com https://cdnjs.cloudflare.com/ajax/libs/pdf.js/2.16.105/pdf.worker.min.js www.googletagmanager.com js.klarna.com https://s.pinimg.com/ct/core.js https://s.pinimg.com/ct/lib/ googleads.g.doubleclick.net https://ct.pinterest.com/static/ct/token_create.js; style-src 'self' 'unsafe-inline' https://unpkg.com/leaflet@1.5.1/dist/leaflet.css https://unpkg.com/leaflet-gesture-handling/dist/leaflet-gesture-handling.min.css fonts.googleapis.com/css; base-uri 'none'; frame-ancestors 'none'; img-src 'self' data: imgsct.cookiebot.com ade.googlesyndication.com region1.google-analytics.com pagead2.googlesyndication.com *.tile.openstreetmap.org www.googletagmanager.com ad.doubleclick.net googleads.g.doubleclick.net ib.adnxs.com connect.facebook.net eu.klarnaevt.com www.facebook.com adservice.google.com i.ytimg.com translate.google.com fonts.gstatic.com www.google.com www.google.se; manifest-src 'self'; media-src 'none'; object-src 'none'; font-src 'self' fonts.gstatic.com data: consentcdn.cookiebot.com fonts.googleapis.com; form-action 'self' www.facebook.com/tr/; frame-src widget.imbox.io widget-launcher.imbox.io consentcdn.cookiebot.com www.youtube-nocookie.com td.doubleclick.net 10726060.fls.doubleclick.net js.klarna.com www.facebook.com gateway.zscloud.net ct.pinterest.com; worker-src 'self' blob:; child-src 'self' blob:; default-src 'self'; report-uri https://blomsterlandet.report-uri.com/r/d/csp/enforce; report-to csp-report-to-group; 1
default-src https: wss://*.hotjar.com https://*.clarity.ms https://c.bing.com;      img-src * 'self' 'unsafe-inline' https://www.google-analytics.com https://ssl.gstatic.com/ https://googleads.g.doubleclick.net https://www.google.com/ https://cdn.cookielaw.org data: https:;      style-src 'self' 'unsafe-inline' https://www.google.com/ https://tagmanager.google.com/ https://fonts.googleapis.com/ https://3cdn.demio.com fonts.googleapis.com *.typekit.net https://cdn.cookielaw.org https://cdn.demio.com;      script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.cookielaw.org/ https://cdn.demio.com https://connect.facebook.net https://snap.licdn.com https://*.sharethis.com/ https://z.moatads.com/ https://v1.addthisedge.com/ https://m.addthis.com/ https://geolocation.onetrust.com https://www.gstatic.com/ https://cdn.matomo.cloud https://cdn.leadinfo.net https://static.hotjar.com https://script.hotjar.com https://*.youtube.com https://*.piwik.pro https://*.jsdelivr.net https://*.amplitude.com js.zi-scripts.com tags.clickagy.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net *.zi-scripts.com *.clarity.ms *.visualwebsiteoptimizer.com;      frame-ancestors 'self' https://*.youtube.com https://vimeo.com;      frame-src 'self' hemsync.clickagy.com www.google.com https://*.youtube.com https://vimeo.com https://*.vimeo.com;      1
frame-ancestors 'self' https://*.hauts-de-seine.fr/ https://*.passmalin.fr/ https://*.akstat.io/; 1
default-src 'self'; frame-ancestors 'none'; frame-src 'self' https://social.uploadcare.com/ https://calendly.com https://js.driftt.com https://www.youtube.com https://js.stripe.com https://hooks.stripe.com blob: https://renderer.gist.build https://code.gist.build https://*.wistia.net; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://helpcrunch.com https://*.wistia.com; img-src 'self' data: https://s3.amazonaws.com https://huntr-documents.s3.amazonaws.com https://huntr-app.s3.amazonaws.com https://*.clearbit.com http://*.clearbit.com https://ucarecdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://cdn.sanity.io https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://cdn.huntr.co blob: data: https://assets.calendly.com https://*.wistia.com https://imagedelivery.net https://track.customer.io https://*.visualwebsiteoptimizer.com https://*.wistia.net https://*.reddit.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://embed.helpcrunch.com https://huntr.widget.helpcrunch.com https://widget.helpcrunch.com https://code.jquery.com https://www.google-analytics.com https://snap.licdn.com http://cdn.mxpnl.com https://js.driftt.com https://assets.calendly.com https://maps.googleapis.com https://ajax.googleapis.com https://static.cloudflareinsights.com https://js.stripe.com https://clerk.huntr.co https://clerk.huntrstaging.com https://clerk.huntr-renniehaylock-hun-ljxbwh.herokuapp.com https://careerservices.purpleacademy.co https://careerservices.takeo.ai https://careers.reworktraining.org https://careersuccess.yellowtail.tech https://huntr.comptia.org https://huntr.icareersolutions.com https://jobs.312.school https://ai.jobsurge.co https://jobsearch.joinsatellite.io https://jobs.skills.tech https://jobs.rehigher.com https://talent.codeboxx.biz https://talent.codeboxx.com https://app.smarterjobhunting.com https://cl.abroadninja.in https://jobs.youareambitious.com https://huntr.thrivedx.com https://jobtracker.uvaro.com https://careersupport.masterschool.com https://purpleacademy.huntr.co https://*.clerk.accounts.dev https://*.wistia.com https://frontend-api.clerk.dev https://clerk.tracker.huntrstaging.com blob: https://www.googletagmanager.com https://assets.customer.io https://code.gist.build https://customerioforms.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://r.wdfl.co https://*.wistia.net https://www.redditstatic.com https://mixpanel-huntr-tracking-proxy-5d1de9c97531.herokuapp.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://assets.calendly.com https://code.gist.build; media-src blob: https://*.wistia.com; connect-src 'self' http://localhost:3000 https://huntr.co https://huntrstaging.com https://*.huntr.co https://mixpanel-huntr-tracking-proxy-5d1de9c97531.herokuapp.com https://sentry.io https://huntr-documents.s3.amazonaws.com https://huntr-app.s3.amazonaws.com wss://huntr.helpcrunch.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://huntr.helpcrunch.com https://api-js.mixpanel.com https://upload.uploadcare.com https://uploadcare.s3-accelerate.amazonaws.com https://px.ads.linkedin.com https://px4.ads.linkedin.com wss://ws.pusherapp.com ws://ws.pusherapp.com wss://ws.helpcrunch.com https://api.stripe.com https://clerk.huntr.co https://*.clerk.accounts.dev https://analytics.google.com https://huntr-dev.us.auth0.com https://frontend-api.clerk.dev https://clerk.tracker.huntrstaging.com https://clerk.huntrstaging.com blob: https://fonts.googleapis.com https://*.launchdarkly.com https://*.wistia.com http://*.wistia.com https://*.litix.io https://track.customer.io https://customerioforms.com https://*.api.gist.build https://*.cloud.gist.build https://*.visualwebsiteoptimizer.com https://api.getrewardful.com https://www.redditstatic.com https://*.reddit.com 1
default-src .assrt.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: secure.assrt.net d.assrt.net changyan.sohu.com changyan.itc.cn www.google-analytics.com http://bdimg.share.baidu.com d31qbv1cthcecs.cloudfront.net .statcounter.com; img-src data: blob: https: .xianliao.me http://tva3.sinaimg.cn; style-src 'unsafe-inline' https:; child-src https:; frame-src www.xianliao.me d.assrt.net; connect-src 'self' changyan.sohu.com; 1
default-src 'self' blob: yandex.com ya.ru *.ya.ru yastatic.net *.yastatic.net yastat.net yandex.net *.yandex.net yandex.ru; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-7150612261601147339756' yastatic.net yastat.net s3.mds.yandex.net static-mon.yastatic.net static-mon.yandex.net suggest-beta.s3.yandex.net yandex.com ya.ru *.ya.ru an.yandex.com mc.yandex.com social.yandex.com export.yandex.com suggest.yandex.com notifications.yandex.com bs.yandex.ru pass.yandex.com mc.webvisor.com mc.webvisor.org mc.yandex.md yandex.ru mc.yandex.ru an.yandex.ru yandex.sx static.yandex.sx social.yandex.ru an.webvisor.org clck.ru yandex-video.naydex.net storage.mds.yandex.net; style-src 'self' 'unsafe-inline' yandex.net yastatic.net yastat.net s3.mds.yandex.net static-mon.yandex.net yandex.sx static.yandex.sx yandex-video.naydex.net serp-static-testing.s3.yandex.net; img-src 'self' yastatic.net yastat.net s3.mds.yandex.net data: *.yandex.com awaps.yandex.com mc.yandex.com yabs.yandex.com avatars.yandex.net clck.yandex.com yandex.com ya.ru *.ya.ru yandex.st avatars.mds.yandex.net favicon.yandex.net static-mon.yandex.net mc.webvisor.com mc.webvisor.org mc.admetrica.ru amc.yandex.ru *.verify.yandex.ru verify.yandex.ru an.yandex.ru mc.yandex.ru *.ytimg.com *.yandex.net payment-widget.plus.yandex.ru awaps.yandex.net storage.mds.yandex.net *.weborama.fr files.messenger.yandex.net *.tns-counter.ru ad.adriver.ru ad.doubleclick.net ads.adfox.ru bs.serving-sys.com gdeby.hit.gemius.pl px.moatads.com *.dzeninfra.ru *.dzen.ru wcm.weborama-tech.ru yandex-video.naydex.net payment-widget.plus.yandex.com avatars-fast.yandex.net banners.adfox.ru content.adfox.ru ads6.adfox.ru bs.serving-sys.ru wcm.solution.weborama.fr wcm-ru.frontend.weborama.fr rgi.io track.rutarget.ru ssl.hurra.com tps.doubleverify.com pixel.adsafeprotected.com impression.appsflyer.com pixel.adlooxtracking.com pixel.adlooxtracking.ru; child-src 'self' blob: yabrowser: yandexadexchange.net st.yandexadexchange.net yastatic.net s3.mds.yandex.net awaps.yandex.com pass.yandex.com legal.yandex.com notifications.yandex.com mc.yandex.com browser.yandex.com *.yandex.net static-mon.yandex.net forms.yandex.ru mc.yandex.md ya.ru *.ya.ru yabs.yandex.com mc.yandex.ru an.yandex.ru yabs.yandex.ru yandex.com frontend.vh.yandex.ru music.yandex.ru sandbox.music.yandex.ru ott-widget.yandex.ru payment-widget.plus.yandex.ru frontend.vh.yandex.com payment-widget.plus.yandex.com; connect-src 'self' wss://webasr.yandex.net yandex.st yastatic.net s3.mds.yandex.net http://127.0.0.1:29009 http://127.0.0.1:30102 yandexmetrica.com:* yandexmetrika.com:* mail.yandex.com mc.yandex.com an.yandex.com yabs.yandex.com bug.yandex.com cloud-api.yandex.com bs.yandex.ru yandex.com ya.ru *.ya.ru sovetnik.market.yandex.com csp.yandex.net static-mon.yandex.net api.passport.yandex.com mc.webvisor.com mc.webvisor.org mc.admetrica.ru mc.yandex.md amc.yandex.ru strm.yandex.ru *.strm.yandex.ru *.strm.yandex.net verify.yandex.ru *.verify.yandex.ru jstracer.yandex.ru yandex.ru an.yandex.ru bug.yandex.ru cloud-api.yandex.ru mc.yandex.ru an.webvisor.org awaps.yandex.net frontend.vh.yandex.ru clck.ru files.messenger.yandex.net quasar.yandex.com adfox.yandex.ru ads.adfox.ru ads6.adfox.ru matchid.adfox.yandex.ru yastat.net wss://push.yandex.ru api.market.yandex.ru *.s3.dzeninfra.ru yandex-video.naydex.net blob: tps.doubleverify.com pixel.adsafeprotected.com; font-src 'self' data: yastatic.net s3.mds.yandex.net static-mon.yandex.net yandex.sx static.yandex.sx yandex-video.naydex.net; media-src 'self' an.yandex.com static-mon.yandex.net *.yandex.net strm.yandex.ru *.strm.yandex.ru an.yandex.ru strm.yandex.net *.strm.yandex.net video-preview.s3.yandex.net cdn.dzen.ru *.cdn.dzeninfra.ru *.s3.dzeninfra.ru blob: yastat.net data:; frame-ancestors 'self' webvisor.com *.webvisor.com http://webvisor.com http://*.webvisor.com; frame-src 'self' blob: yabrowser: yandexadexchange.net st.yandexadexchange.net yastatic.net s3.mds.yandex.net awaps.yandex.com pass.yandex.com legal.yandex.com notifications.yandex.com mc.yandex.com browser.yandex.com *.yandex.net static-mon.yandex.net forms.yandex.ru mc.yandex.md ya.ru *.ya.ru yabs.yandex.com mc.yandex.ru an.yandex.ru yabs.yandex.ru yandex.com frontend.vh.yandex.ru music.yandex.ru sandbox.music.yandex.ru ott-widget.yandex.ru payment-widget.plus.yandex.ru frontend.vh.yandex.com payment-widget.plus.yandex.com; report-uri https://csp.yandex.net/csp?from=video%3Adesktop%3Aforeign&project=video&reqid=1721959456985480-17150612261601147339-balancer-l7leveler-kubr-yp-vla-56-BAL&yandexuid=3011473391721959456&yandex_login= 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' data: gap: content:; img-src * data: blob: 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; font-src * data: 'unsafe-inline';media-src * data: blob: 'unsafe-inline'; object-src * 'unsafe-inline'; child-src * 'unsafe-inline'; frame-src 'self' * blob:; worker-src * blob: 'unsafe-inline'; frame-ancestors *; manifest-src * 'unsafe-inline'; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://subs.retail-week.com; 1
default-src 'self' data: *.google-analytics.com *.ipify.org; script-src 'unsafe-eval' *.languageline.com *.ipify.org *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent10.net *.hubspotusercontent-na1.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com cdn-cookieyes.com *.googleadservices.com *.facebook.net *.doubleclick.net *.licdn.com *.vimeo.com *.hotjar.com *.googletagmanager.com *.google-analytics.com *.bizible.com *.paytrace.com *.jquery.com *.salesforce-sites.com platform.twitter.com *.vimeocdn.com *.pardot.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com 'strict-dynamic' 'nonce-5nv86YiDiBLipvZ6mrOHYg=='; style-src 'unsafe-inline' *.languageline.com *.hubspotusercontent-na1.net *.hubspotusercontent10.net cdn2.hubspot.net *.googleapis.com *.google-analytics.com *.hsappstatic.net *.hotjar.com; img-src 'self' data: *.languageline.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent10.net *.hubspotusercontent-na1.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com *.hsappstatic.net *.google.com *.google.ca *.google-analytics.com ssl.gstatic.com *.linkedin.com cdn-cookieyes.com *.hs-embed-reporting.com *.hotjar.com *.googletagmanager.com *.facebook.com *.bizible.com *.bizibly.com *.vimeocdn.com *.ytimg.com marvel-b1-cdn.bc0a.com *.doubleclick.net syndication.twitter.com; font-src data: *.languageline.com *.hubspotusercontent10.net *.hubspotusercontent-na1.net *.hubspot.net cdn2.hubspot.net *.gstatic.com *.hotjar.com; connect-src *.languageline.com *.ipify.org *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.cookieyes.com *.linkedin.com cdn-cookieyes.com *.amazonaws.com *.llts.com *.hotjar.com *.hotjar.io https://ll-api-proxy.dev.brighthost.ca https://ll-api-proxy.staging.brighthost.ca *.google.com *.googleadservices.com *.google-analytics.com *.googlesyndication.com *.google.ca *.g.doubleclick.net wss://ws.hotjar.com aorta.clickagy.com hemsync.clickagy.com js.zi-scripts.com ws.zoominfo.com; media-src *.languageline.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent10.net *.hubspotusercontent-na1.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com *.hsappstatic.net; object-src 'none'; child-src *.hsforms.com; frame-src *.languageline.com lls.my.salesforce-sites.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com *.vimeo.com youtube.com www.youtube.com *.force.com *.doubleclick.net *.google.com *.pardot.com *.facebook.com *.incontact.com platform.twitter.com hemsync.clickagy.com; upgrade-insecure-requests; 1
default-src 'self' blob: yandex.com ya.ru *.ya.ru yastatic.net *.yastatic.net yastat.net yandex.net *.yandex.net yandex.ru; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-0937127667829182037123' yastatic.net yastat.net s3.mds.yandex.net static-mon.yastatic.net static-mon.yandex.net suggest-beta.s3.yandex.net yandex.com ya.ru *.ya.ru an.yandex.com mc.yandex.com social.yandex.com export.yandex.com suggest.yandex.com notifications.yandex.com bs.yandex.ru pass.yandex.com mc.webvisor.com mc.webvisor.org mc.yandex.md yandex.ru mc.yandex.ru an.yandex.ru yandex.sx static.yandex.sx social.yandex.ru an.webvisor.org clck.ru yandex-video.naydex.net storage.mds.yandex.net; style-src 'self' 'unsafe-inline' yandex.net yastatic.net yastat.net s3.mds.yandex.net static-mon.yandex.net yandex.sx static.yandex.sx yandex-video.naydex.net serp-static-testing.s3.yandex.net; img-src 'self' yastatic.net yastat.net s3.mds.yandex.net data: *.yandex.com awaps.yandex.com mc.yandex.com yabs.yandex.com avatars.yandex.net clck.yandex.com yandex.com ya.ru *.ya.ru yandex.st avatars.mds.yandex.net favicon.yandex.net static-mon.yandex.net mc.webvisor.com mc.webvisor.org mc.admetrica.ru amc.yandex.ru *.verify.yandex.ru verify.yandex.ru an.yandex.ru mc.yandex.ru *.ytimg.com *.yandex.net payment-widget.plus.yandex.ru awaps.yandex.net storage.mds.yandex.net *.weborama.fr files.messenger.yandex.net *.tns-counter.ru ad.adriver.ru ad.doubleclick.net ads.adfox.ru bs.serving-sys.com gdeby.hit.gemius.pl px.moatads.com *.dzeninfra.ru *.dzen.ru wcm.weborama-tech.ru yandex-video.naydex.net payment-widget.plus.yandex.com avatars-fast.yandex.net banners.adfox.ru content.adfox.ru ads6.adfox.ru bs.serving-sys.ru wcm.solution.weborama.fr wcm-ru.frontend.weborama.fr rgi.io track.rutarget.ru ssl.hurra.com tps.doubleverify.com pixel.adsafeprotected.com impression.appsflyer.com pixel.adlooxtracking.com pixel.adlooxtracking.ru; child-src 'self' blob: yabrowser: yandexadexchange.net st.yandexadexchange.net yastatic.net s3.mds.yandex.net awaps.yandex.com pass.yandex.com legal.yandex.com notifications.yandex.com mc.yandex.com browser.yandex.com *.yandex.net static-mon.yandex.net forms.yandex.ru mc.yandex.md ya.ru *.ya.ru yabs.yandex.com mc.yandex.ru an.yandex.ru yabs.yandex.ru yandex.com frontend.vh.yandex.ru music.yandex.ru sandbox.music.yandex.ru ott-widget.yandex.ru payment-widget.plus.yandex.ru frontend.vh.yandex.com payment-widget.plus.yandex.com; connect-src 'self' wss://webasr.yandex.net yandex.st yastatic.net s3.mds.yandex.net http://127.0.0.1:29009 http://127.0.0.1:30102 yandexmetrica.com:* yandexmetrika.com:* mail.yandex.com mc.yandex.com an.yandex.com yabs.yandex.com bug.yandex.com cloud-api.yandex.com bs.yandex.ru yandex.com ya.ru *.ya.ru sovetnik.market.yandex.com csp.yandex.net static-mon.yandex.net api.passport.yandex.com mc.webvisor.com mc.webvisor.org mc.admetrica.ru mc.yandex.md amc.yandex.ru strm.yandex.ru *.strm.yandex.ru *.strm.yandex.net verify.yandex.ru *.verify.yandex.ru jstracer.yandex.ru yandex.ru an.yandex.ru bug.yandex.ru cloud-api.yandex.ru mc.yandex.ru an.webvisor.org awaps.yandex.net frontend.vh.yandex.ru clck.ru files.messenger.yandex.net quasar.yandex.com adfox.yandex.ru ads.adfox.ru ads6.adfox.ru matchid.adfox.yandex.ru yastat.net wss://push.yandex.ru api.market.yandex.ru *.s3.dzeninfra.ru yandex-video.naydex.net blob: tps.doubleverify.com pixel.adsafeprotected.com; font-src 'self' data: yastatic.net s3.mds.yandex.net static-mon.yandex.net yandex.sx static.yandex.sx yandex-video.naydex.net; media-src 'self' an.yandex.com static-mon.yandex.net *.yandex.net strm.yandex.ru *.strm.yandex.ru an.yandex.ru strm.yandex.net *.strm.yandex.net video-preview.s3.yandex.net cdn.dzen.ru *.cdn.dzeninfra.ru *.s3.dzeninfra.ru blob: yastat.net data:; frame-ancestors 'self' webvisor.com *.webvisor.com http://webvisor.com http://*.webvisor.com; frame-src 'self' blob: yabrowser: yandexadexchange.net st.yandexadexchange.net yastatic.net s3.mds.yandex.net awaps.yandex.com pass.yandex.com legal.yandex.com notifications.yandex.com mc.yandex.com browser.yandex.com *.yandex.net static-mon.yandex.net forms.yandex.ru mc.yandex.md ya.ru *.ya.ru yabs.yandex.com mc.yandex.ru an.yandex.ru yabs.yandex.ru yandex.com frontend.vh.yandex.ru music.yandex.ru sandbox.music.yandex.ru ott-widget.yandex.ru payment-widget.plus.yandex.ru frontend.vh.yandex.com payment-widget.plus.yandex.com; report-uri https://csp.yandex.net/csp?from=video%3Adesktop%3Aforeign&project=video&reqid=1721959718560773-15093712766782918203-balancer-l7leveler-kubr-yp-sas-123-BAL&yandexuid=1829182031721959718&yandex_login= 1
img-src 'self' https://*.autobiz.in https://autobiz.in https://*.aeplcdn.com http://*.aeplcdn.com https://*.google.com https://*.google.co.in https://lh5.ggpht.com https://*.carwale.com http://*.carwale.com https://*.autobiz.in/bhrigu/pixel.gif https://*.lead2retail.in/bhrigu/pixel.gif data:;script-src 'self' https://*.autobiz.in https://autobiz.in https://*.aeplcdn.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://script.crazyegg.com https://dialer.cwsystem.in https://emergeapp6.ameyoemerge.in:8443 https://*.google.com/jsapi https://*.firebaseio.com 'unsafe-inline' 'unsafe-eval';style-src 'self' https://*.autobiz.in https://autobiz.in https://*.aeplcdn.com http://*.aeplcdn.com https://*.google.com/ads https://*.google.co.in/ads https://fonts.googleapis.com https://*.bootstrapcdn.com https://*.gstatic.com https://emergeapp6.ameyoemerge.in:8443 https://dialer.cwsystem.in https://code.jquery.com 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' https://*.autobiz.in https://*.lead2retail.in https://autobiz.in https://lead2retail.in;frame-src 'self' https://ops.autobiz.in https://*.lead2retail.in https://dialer.cwsystem.in https://agent1.cloudagent.in https://in-ccaas.ozonetel.com https://emergeapp6.ameyoemerge.in:8443 https://*.carwale.com/ https://*.bikewale.com/; 1
upgrade-insecure-requests; connect-src 'self' players.brightcove.net *.brightcove.com *.google-analytics.com *.parsely.com *.boltdns.net *.akamaihd.net *.nr-data.net maps.googleapis.com *.onetrust.com *.pardot.com *.jefferies.com *.wordpress.com; object-src 'self';script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.parsely.com *.wp.com *.brightcove.net *.jefferies.com *.brightcove.com fonts.googleapis.com fonts.gstatic.com *.googletagmanager.com *.onetrust.com static.cloudflareinsights.com secure.gravatar.com *.youtube.com static.doubleclick.net *.google.com maps.googleapis.com *.newrelic.com *.zencdn.net yoast.com *.wordpress.com; style-src 'self' 'unsafe-inline' *.parsely.com *.wp.com players.brightcove.net fonts.googleapis.com fonts.gstatic.com *.googletagmanager.com static.cloudflareinsights.com *.onetrust.com secure.gravatar.com *.youtube.com static.doubleclick.net *.google.com maps.googleapis.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.wp.com; frame-src 'self' *.youtube.com *.wp.com; base-uri 'self' 1
frame-ancestors 'self' *.gordon.edu lavidacenter.org 1
default-src 'self' blob: yandex.com ya.ru *.ya.ru yastatic.net *.yastatic.net yastat.net yandex.net *.yandex.net yandex.ru; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-1350816376168840647111' yastatic.net yastat.net s3.mds.yandex.net static-mon.yastatic.net static-mon.yandex.net suggest-beta.s3.yandex.net yandex.com ya.ru *.ya.ru an.yandex.com mc.yandex.com social.yandex.com export.yandex.com suggest.yandex.com notifications.yandex.com bs.yandex.ru pass.yandex.com mc.webvisor.com mc.webvisor.org mc.yandex.md yandex.ru mc.yandex.ru an.yandex.ru yandex.sx static.yandex.sx social.yandex.ru an.webvisor.org clck.ru yandex-video.naydex.net storage.mds.yandex.net; style-src 'self' 'unsafe-inline' yandex.net yastatic.net yastat.net s3.mds.yandex.net static-mon.yandex.net yandex.sx static.yandex.sx yandex-video.naydex.net serp-static-testing.s3.yandex.net; img-src 'self' yastatic.net yastat.net s3.mds.yandex.net data: *.yandex.com awaps.yandex.com mc.yandex.com yabs.yandex.com avatars.yandex.net clck.yandex.com yandex.com ya.ru *.ya.ru yandex.st avatars.mds.yandex.net favicon.yandex.net static-mon.yandex.net mc.webvisor.com mc.webvisor.org mc.admetrica.ru amc.yandex.ru *.verify.yandex.ru verify.yandex.ru an.yandex.ru mc.yandex.ru *.ytimg.com *.yandex.net payment-widget.plus.yandex.ru awaps.yandex.net storage.mds.yandex.net *.weborama.fr files.messenger.yandex.net *.tns-counter.ru ad.adriver.ru ad.doubleclick.net ads.adfox.ru bs.serving-sys.com gdeby.hit.gemius.pl px.moatads.com *.dzeninfra.ru *.dzen.ru wcm.weborama-tech.ru yandex-video.naydex.net payment-widget.plus.yandex.com avatars-fast.yandex.net banners.adfox.ru content.adfox.ru ads6.adfox.ru bs.serving-sys.ru wcm.solution.weborama.fr wcm-ru.frontend.weborama.fr rgi.io track.rutarget.ru ssl.hurra.com tps.doubleverify.com pixel.adsafeprotected.com impression.appsflyer.com pixel.adlooxtracking.com pixel.adlooxtracking.ru; child-src 'self' blob: yabrowser: yandexadexchange.net st.yandexadexchange.net yastatic.net s3.mds.yandex.net awaps.yandex.com pass.yandex.com legal.yandex.com notifications.yandex.com mc.yandex.com browser.yandex.com *.yandex.net static-mon.yandex.net forms.yandex.ru mc.yandex.md ya.ru *.ya.ru yabs.yandex.com mc.yandex.ru an.yandex.ru yabs.yandex.ru yandex.com frontend.vh.yandex.ru music.yandex.ru sandbox.music.yandex.ru ott-widget.yandex.ru payment-widget.plus.yandex.ru frontend.vh.yandex.com payment-widget.plus.yandex.com; connect-src 'self' wss://webasr.yandex.net yandex.st yastatic.net s3.mds.yandex.net http://127.0.0.1:29009 http://127.0.0.1:30102 yandexmetrica.com:* yandexmetrika.com:* mail.yandex.com mc.yandex.com an.yandex.com yabs.yandex.com bug.yandex.com cloud-api.yandex.com bs.yandex.ru yandex.com ya.ru *.ya.ru sovetnik.market.yandex.com csp.yandex.net static-mon.yandex.net api.passport.yandex.com mc.webvisor.com mc.webvisor.org mc.admetrica.ru mc.yandex.md amc.yandex.ru strm.yandex.ru *.strm.yandex.ru *.strm.yandex.net verify.yandex.ru *.verify.yandex.ru jstracer.yandex.ru yandex.ru an.yandex.ru bug.yandex.ru cloud-api.yandex.ru mc.yandex.ru an.webvisor.org awaps.yandex.net frontend.vh.yandex.ru clck.ru files.messenger.yandex.net quasar.yandex.com adfox.yandex.ru ads.adfox.ru ads6.adfox.ru matchid.adfox.yandex.ru yastat.net wss://push.yandex.ru api.market.yandex.ru *.s3.dzeninfra.ru yandex-video.naydex.net blob: tps.doubleverify.com pixel.adsafeprotected.com; font-src 'self' data: yastatic.net s3.mds.yandex.net static-mon.yandex.net yandex.sx static.yandex.sx yandex-video.naydex.net; media-src 'self' an.yandex.com static-mon.yandex.net *.yandex.net strm.yandex.ru *.strm.yandex.ru an.yandex.ru strm.yandex.net *.strm.yandex.net video-preview.s3.yandex.net cdn.dzen.ru *.cdn.dzeninfra.ru *.s3.dzeninfra.ru blob: yastat.net data:; frame-ancestors 'self' webvisor.com *.webvisor.com http://webvisor.com http://*.webvisor.com; frame-src 'self' blob: yabrowser: yandexadexchange.net st.yandexadexchange.net yastatic.net s3.mds.yandex.net awaps.yandex.com pass.yandex.com legal.yandex.com notifications.yandex.com mc.yandex.com browser.yandex.com *.yandex.net static-mon.yandex.net forms.yandex.ru mc.yandex.md ya.ru *.ya.ru yabs.yandex.com mc.yandex.ru an.yandex.ru yabs.yandex.ru yandex.com frontend.vh.yandex.ru music.yandex.ru sandbox.music.yandex.ru ott-widget.yandex.ru payment-widget.plus.yandex.ru frontend.vh.yandex.com payment-widget.plus.yandex.com; report-uri https://csp.yandex.net/csp?from=video%3Adesktop%3Aforeign&project=video&reqid=1721956279176604-3135081637616884064-balancer-l7leveler-kubr-yp-sas-111-BAL&yandexuid=8168840641721956279&yandex_login= 1
default-src 'self' blob: yandex.com ya.ru *.ya.ru yastatic.net *.yastatic.net yastat.net yandex.net *.yandex.net yandex.ru; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-1519594175348719057171' yastatic.net yastat.net s3.mds.yandex.net static-mon.yastatic.net static-mon.yandex.net suggest-beta.s3.yandex.net yandex.com ya.ru *.ya.ru an.yandex.com mc.yandex.com social.yandex.com export.yandex.com suggest.yandex.com notifications.yandex.com bs.yandex.ru pass.yandex.com mc.webvisor.com mc.webvisor.org mc.yandex.md yandex.ru mc.yandex.ru an.yandex.ru yandex.sx static.yandex.sx social.yandex.ru an.webvisor.org clck.ru yandex-video.naydex.net storage.mds.yandex.net; style-src 'self' 'unsafe-inline' yandex.net yastatic.net yastat.net s3.mds.yandex.net static-mon.yandex.net yandex.sx static.yandex.sx yandex-video.naydex.net serp-static-testing.s3.yandex.net; img-src 'self' yastatic.net yastat.net s3.mds.yandex.net data: *.yandex.com awaps.yandex.com mc.yandex.com yabs.yandex.com avatars.yandex.net clck.yandex.com yandex.com ya.ru *.ya.ru yandex.st avatars.mds.yandex.net favicon.yandex.net static-mon.yandex.net mc.webvisor.com mc.webvisor.org mc.admetrica.ru amc.yandex.ru *.verify.yandex.ru verify.yandex.ru an.yandex.ru mc.yandex.ru *.ytimg.com *.yandex.net payment-widget.plus.yandex.ru awaps.yandex.net storage.mds.yandex.net *.weborama.fr files.messenger.yandex.net *.tns-counter.ru ad.adriver.ru ad.doubleclick.net ads.adfox.ru bs.serving-sys.com gdeby.hit.gemius.pl px.moatads.com *.dzeninfra.ru *.dzen.ru wcm.weborama-tech.ru yandex-video.naydex.net payment-widget.plus.yandex.com avatars-fast.yandex.net banners.adfox.ru content.adfox.ru ads6.adfox.ru bs.serving-sys.ru wcm.solution.weborama.fr wcm-ru.frontend.weborama.fr rgi.io track.rutarget.ru ssl.hurra.com tps.doubleverify.com pixel.adsafeprotected.com impression.appsflyer.com pixel.adlooxtracking.com pixel.adlooxtracking.ru; child-src 'self' blob: yabrowser: yandexadexchange.net st.yandexadexchange.net yastatic.net s3.mds.yandex.net awaps.yandex.com pass.yandex.com legal.yandex.com notifications.yandex.com mc.yandex.com browser.yandex.com *.yandex.net static-mon.yandex.net forms.yandex.ru mc.yandex.md ya.ru *.ya.ru yabs.yandex.com mc.yandex.ru an.yandex.ru yabs.yandex.ru yandex.com frontend.vh.yandex.ru music.yandex.ru sandbox.music.yandex.ru ott-widget.yandex.ru payment-widget.plus.yandex.ru frontend.vh.yandex.com payment-widget.plus.yandex.com; connect-src 'self' wss://webasr.yandex.net yandex.st yastatic.net s3.mds.yandex.net http://127.0.0.1:29009 http://127.0.0.1:30102 yandexmetrica.com:* yandexmetrika.com:* mail.yandex.com mc.yandex.com an.yandex.com yabs.yandex.com bug.yandex.com cloud-api.yandex.com bs.yandex.ru yandex.com ya.ru *.ya.ru sovetnik.market.yandex.com csp.yandex.net static-mon.yandex.net api.passport.yandex.com mc.webvisor.com mc.webvisor.org mc.admetrica.ru mc.yandex.md amc.yandex.ru strm.yandex.ru *.strm.yandex.ru *.strm.yandex.net verify.yandex.ru *.verify.yandex.ru jstracer.yandex.ru yandex.ru an.yandex.ru bug.yandex.ru cloud-api.yandex.ru mc.yandex.ru an.webvisor.org awaps.yandex.net frontend.vh.yandex.ru clck.ru files.messenger.yandex.net quasar.yandex.com adfox.yandex.ru ads.adfox.ru ads6.adfox.ru matchid.adfox.yandex.ru yastat.net wss://push.yandex.ru api.market.yandex.ru *.s3.dzeninfra.ru yandex-video.naydex.net blob: tps.doubleverify.com pixel.adsafeprotected.com; font-src 'self' data: yastatic.net s3.mds.yandex.net static-mon.yandex.net yandex.sx static.yandex.sx yandex-video.naydex.net; media-src 'self' an.yandex.com static-mon.yandex.net *.yandex.net strm.yandex.ru *.strm.yandex.ru an.yandex.ru strm.yandex.net *.strm.yandex.net video-preview.s3.yandex.net cdn.dzen.ru *.cdn.dzeninfra.ru *.s3.dzeninfra.ru blob: yastat.net data:; frame-ancestors 'self' webvisor.com *.webvisor.com http://webvisor.com http://*.webvisor.com; frame-src 'self' blob: yabrowser: yandexadexchange.net st.yandexadexchange.net yastatic.net s3.mds.yandex.net awaps.yandex.com pass.yandex.com legal.yandex.com notifications.yandex.com mc.yandex.com browser.yandex.com *.yandex.net static-mon.yandex.net forms.yandex.ru mc.yandex.md ya.ru *.ya.ru yabs.yandex.com mc.yandex.ru an.yandex.ru yabs.yandex.ru yandex.com frontend.vh.yandex.ru music.yandex.ru sandbox.music.yandex.ru ott-widget.yandex.ru payment-widget.plus.yandex.ru frontend.vh.yandex.com payment-widget.plus.yandex.com; report-uri https://csp.yandex.net/csp?from=video%3Adesktop%3Aforeign&project=video&reqid=1721956340676695-14151959417534871905-balancer-l7leveler-kubr-yp-vla-171-BAL&yandexuid=8348719051721956340&yandex_login= 1
default-src 'self' 'unsafe-inline' *.altmetric.com *.powerbi.com *.cloudfront.net *.hotjar.com *.hotjar.io 'unsafe-eval' *.crick.ac.uk *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com *.vimeo.com *.vimeocdn.com *.youtube.com *.soundcloud.com *.twitter.com *.youtube.com *.twimg.com theta360.com cdn.rawgit.com raw.githubusercontent.com *.infogram.com *.facebook.com data:; ; script-src 'self' 'unsafe-inline' *.altmetric.com *.cloudfront.net *.hotjar.com *.hotjar.io 'unsafe-eval' theta360.com crick.us13.list-manage.com *.mailchimp.com *.theta360.com *.google.com *.google-analytics.com *.googleapis.com use.typekit.net *.vimeocdn.com *.vimeo.com vimeo.com *.twitter.com *.twimg.com *.youtube.com *.googletagmanager.com tagmanager.google.com cdnjs.cloudflare.com cdn.rawgit.com https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://d1bxh8uas1mnw7.cloudfront.net/assets/embed.js cdn.jsdelivr.net connect.facebook.net *.infogram.com; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net cdnjs.cloudflare.com *.google.com *.googleapis.com *.twitter.com *.mailchimp.com cdn.jsdelivr.net; font-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com *.gstatic.com; connect-src 'self' wss://ws.hotjar.com *.hotjar.com *.hotjar.io *.google-analytics.com *.doubleclick.net; report-uri /report-csp-violation 1
default-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; connect-src 'self' https: wss:; img-src 'self' https: data:; media-src 'self' https: data:; frame-src 'self' https:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://player.vimeo.com/ https://static.cdninstagram.com/; 1
base-uri https://widgets.sports.gracenote.com 'self';; default-src 'self' 'unsafe-inline' https://olympic.ca https://join.olympic.ca/ https://widgets.sports.gracenote.com https://fonts.googleapis.com/ https://s3.amazonaws.com/ https://media.giphy.com/ https://rum.browser-intake-datadoghq.com/ https://session-replay.browser-intake-datadoghq.com/ https://www.google-analytics.com/ https://googlesyndication.com https://login.dev.olympic.ca https://login.olympic.ca https://e3da9fce2445257b3acc79caad8a3144.safeframe.googlesyndication.com https://googleads.g.doubleclick.net https://p1.parsely.com https://widgets.wp.com wp.com https://secure.gravatar.com https://analytics.twitter.com https://pagead2.googlesyndication.com https://e31eb0ea329722f49f7b4a4059357bb9.safeframe.googlesyndication.com https://www.google.ca https://analytics.google.com https://www.facebook.com fonts.gstatic.com t.co https://securepubads.g.doubleclick.net https://c932f49a2d60bcc4c4746c58bdbc5adc.safeframe.googlesyndication.com https://www.google.com https://298a01bd1361fe5bcee2bcc097d7fbec.safeframe.googlesyndication.com https://700966285d19ce6c18d6d44e66a5e05f.safeframe.googlesyndication.com https://tpc.googlesyndication.com  https://9908c24150f4ec6ddf8b2ac95a72ea2c.safeframe.googlesyndication.com/ data:;; font-src 'self' data: https://join.olympic.ca/ https://fonts.gstatic.com https://olympic.ca https://widgets.sports.gracenote.com https://develop.olympic.ca/ https://s0.wp.com/;; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://join.olympic.ca/ https://widgets.sports.gracenote.com https://olympic.us2.list-manage.com/ https://cdn.siteimprove.net/ https://www.canadahelps.org/ https://js-agent.newrelic.com/nr-rum-1.250.0.min.js  https://joignez.olympique.ca/ https://js-agent.newrelic.com/ https://cdns.us1.gigya.com/ https://cdns2.gigya.com/ https://cdns3.gigya.com/ https://s3.amazonaws.com/ https://www.instagram.com/ https://www.instagram.com/embed.js https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.datadoghq-browser-agent.com/ https://cdns.gigya.com/ https://securepubads.g.doubleclick.net/ https://tradablebits.com https://cdn.parsely.com/ https://stats.wp.com/e-202401.js https://static.ads-twitter.com/  https://apis.google.com/  https://tpc.googlesyndication.com/  https://tpc.googlesyndication.com/  https://www.googletagservices.com/ https://www.googletagservices.com/ https://connect.facebook.net/  https://tpc.googlesyndication.com/sodar/sodar2.js  https://pagead2.googlesyndication.com/  https://platform.instagram.com/ https://platform.twitter.com/ https://stats.wp.com/e-202403.js https://stats.wp.com/  https://www.instagram.com/ https://www.instagram.com/embed.js https://s0.wp.com/ https://stats.wp.com/e-202403.js;; worker-src 'self' blob:;; object-src 'none';; frame-src 'self' https://wordpress.com https://widgets.scribblemaps.com https://join.olympic.ca/ https://widgets.sports.gracenote.com https://www.canadahelps.org/en/dne/4886  https://www.canadahelps.org/ https://cdns.us1.gigya.com/ https://www.instagram.com/ https://platform.twitter.com/ https://s3.amazonaws.com/ https://platform.twitter.com/widgets/widget_iframe.2f70fb173 https://81b18cca5dbd7427318fbdb1d9dbe67d.safeframe.googlesyndication.com/ *.safeframe.googlesyndication.com/ https://www.googleadservices.com/ https://www.youtube.com/ https://securepubads.g.doubleclick.net/ https://1025e065fe0c5ecd76ee7b40721dfcc2.safeframe.googlesyndication.com/  https://06b96569788a94b29f821128f69b15b4.safeframe.googlesyndication.com/ https://bfd195afecff8318f423335ee91ba1b5.safeframe.googlesyndication.com/ *.safeframe.googlesyndication.com  https://login.dev.olympic.ca/ https://join.olympic.ca/ https://tpc.googlesyndication.com/  https://www.google.com/ https://login.dev.olympic.ca/ https://join.olympic.ca/ https://www.youtube.com/ https://www.youtube.com/embed/ https://www.googleadservices.com/ https://www.googleadservices.com/ https://securepubads.g.doubleclick.net/  https://platform.twitter.com/  https://widgets.wp.com/ https://w.soundcloud.com/ https://open.spotify.com/ https://td.doubleclick.net/;; style-src 'self' 'unsafe-inline' https://widgets.sports.gracenote.com https://fonts.googleapis.com https://s0.wp.com; img-src 'self' https://olympic.ca https://images.sports.gracenote.com https://widgets.sports.gracenote.com https://test.socialannex.com/ https://socialannex.com/ https://cdns.gigya.com/ https://olympic.ca/ https://olympique.ca/ https://i.ytimg.com/ https://olympic.ca/ https://develop.olympic.ca/ https://develop.olympique.ca/ https://cdns2.gigya.com/ https://stats.g.doubleclick.net/ https://lh3.googleusercontent.com/ https://www.google.com/ https://www.google.com/ https://www.google.com/ads/measurement/l https://www.google.com/ads/measurement/ https://www.google.com/ads/ https://p1.parsely.com https://secure.gravatar.com gravatar.com https://googleads.g.doubleclick.net https://t.co https://analytics.google.com https://analytics.twitter.com https://www.facebook.com  https://tradablebits.com/  https://pixel.wp.com/  https://securepubads.g.doubleclick.net/  https://tpc.googlesyndication.com/ https://tpc.googlesyndication.com/ data: https://pagead2.googlesyndication.com  https://csi.gstatic.com/ https://www.google.ca/ https://join.olympic.ca/ https://www.google.com/ https://www.googletagmanager.com/;; connect-src 'self' https://notifier-configs.airbrake.io/ https://og2024-api.sports.gracenote.com https://widgets.sports.gracenote.com https://joignez.olympique.ca/ https://joignez.olympique.ca https://bam.nr-data.net/ https://www.google-analytics.com/ https://csi.gstatic.com/ https://joignez.olympic.ca https://joignez.olympic.ca/ https://cdns.us1.gigya.com/ https://stats.g.doubleclick.net/ https://s3.amazonaws.com/ https://p1.parsely.com/ https://p1.parsely.com/plogger/ https://login.dev.olympic.ca https://join.olympic.ca https://securepubads.g.doubleclick.net https://pagead2.googlesyndication.com https://analytics.google.com https://www.facebook.com  https://login.olympic.ca/ https://p1.parsely.com/ https://join.olympic.ca/   https://www.google.ca/ads/ga-audiences https://cdns.gigya.com https://www.google.ca/;; frame-ancestors 'self'; 1
connect-src 'self' 'unsafe-inline' *.analytics.google.com *.cookieyes.com *.doubleclick.net *.google-analytics.com *.hotjar.com *.linkedin.com cdn.linkedin.oribi.io/partner/1315644/domain/mitie.com/token content.hotjar.io csmetrics.hotjar.com forms.hscollectedforms.net/collected-forms/v1/config/json forms.hsforms.com forms.hubspot.com/lead-flows-config/v1/config/json google-analytics.com hotjar.com https://cdn-cookieyes.com https://cdn.jsdelivr.net/npm/locomotive-scroll@3.5.4/dist/locomotive-scroll.css https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick-theme.css https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.css https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css https://fonts.googleapis.com/css2 https://mitie.matomo.cloud https://pagead2.googlesyndication.com https://use.typekit.net/uid7iqz.css https://www.buzzsprout.com https://www.buzzsprout.com/api//episodes.json in.hotjar.com wss://ws.hotjar.com/api/v2/client/ws wss://wsp2.hotjar.com/api/v2/client/ws wss://wsp20.hotjar.com/api/v2/client/ws wss://wsp29.hotjar.com/api/v2/client/ws wss://wsp46.hotjar.com/api/v2/client/ws www.google-analytics.com www.google.co.uk www.google.com; default-src data: 'self' 'unsafe-eval' 'unsafe-inline' *.adsymptotic.com *.buzzsprout.com *.eurolandir.com *.google-analytics.com *.google.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.hsforms.com *.hsforms.net *.hubspot.com *.insightfulcompanyinsight.com *.jquery.com *.linkedin.com *.scoreapp.com *.turtl.co *.typekit.net *.youtube.com *.ytimg.com analytics.twitter.com api.ipify.org cdn.jsdelivr.net cdn.linkedin.oribi.io/partner/1315644/domain/mitie.com/token d22d1xpx4ztuef.cloudfront.net https://cdn-cookieyes.com https://td.doubleclick.net hubspot-forms-static-embed.s3.amazonaws.com inspire.mitie.com instant.page js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.net js.hsleadflows.net/leadflows.js px.ads.linkedin.com px4.ads.linkedin.com secure.adnxs.com secure.gravatar.com snap.licdn.com static.ads-twitter.com stats.g.doubleclick.net t.co use.typekit.net wss://wsp28.hotjar.com/api/v2/client/ws www.google.co.uk; font-src data: 'self' cdn.jsdelivr.net https://fonts.gstatic.com use.typekit.net; script-src-elem 'self' 'unsafe-inline' *.google-analytics.com *.google.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js https://app-static.turtl.co/embed/turtl.embed.v1.js https://cdn-cookieyes.com https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick-theme.css https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.css https://cdn.matomo.cloud https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css https://googleads.g.doubleclick.net https://js.hs-scripts.com/6964783.js https://js.hsforms.net/forms/embed/v2.js https://mitie.matomo.cloud https://p.typekit.net https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://static.scoreapp.com https://use.typekit.net/uid7iqz.css instant.page js.hs-analytics.net js.hscollectedforms.net/collectedforms.js js.hsforms.net/forms/v2.js js.hsleadflows.net/leadflows.js script.hotjar.com secure.insightfulcompanyinsight.com snap.licdn.com/li.lms-analytics/insight.min.js static.ads-twitter.com/uwt.js static.hotjar.com www.youtube.com/iframe_api www.youtube.com/s/player/ www.youtube.com/s/player/36754c51/www-widgetapi.vflset/www-widgetapi.js; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://code.jquery.com https://p.typekit.net https://use.typekit.net www.google.com; style-src-elem 'self' 'unsafe-inline' https://app-static.turtl.co https://app-static.turtl.co/ https://app-static.turtl.co/embed/turtl.embed.v1.js https://cdn.jsdelivr.net/npm/locomotive-scroll@3.5.4/dist/locomotive-scroll.css https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick-theme.css https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.css https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net/uid7iqz.css 1
frame-ancestors https://bni.com https://onlinexperiences.com 'self'; 1
frame-src *; frame-ancestors 'self' *.valvolineglobal.com; 1
frame-ancestors 'self' *.casinoportugal.pt *.casinodeportugal.pt *.gstatic.com *.google.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.doubleclick.net www.google.pt www.googleadservices.com applepay.cdn-apple.com *.apple.com *.casinomodule.com *.casinoportugal-static.casinomodule.com *.isoftbet.com *.prerelease-env.biz *.pragmaticplay.net *.wvdudkswnr.net *.jtmmizms.net *.redrakegaming.com *.netentcdn.com *.tomhorngames.com *.tomhorngaming.eu *.thstatic.com *.neobiz.pt *.esagaming.com *.esagaming.it *.pariplaygames.com *.darwininteractive.com *.darwingaming.com *.stage.pariplaygames.com *.cloudfront.net cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com *.betstream.betgenius.com www.score24.com *.paysafecard.com *.skrill.com *.switchpayments.com *.freshchat.com *.eu.freshchat.com *.wchat.freshchat.com *.freshmarketer.com *.cdn.freshmarketer.com *.sportcastlive.com *.betstream.betgenius.com *.sportradar.com *.hotjar.io *.hotjar.com wss://*.hotjar.io wss://*.hotjar.com wss://*.onfido.com minifootball.pt allstars.pt *.facebook.com *.facebook.net *.syngamtech.com *.tomhorngames.com *.ads.sportradar.com *.sportradarserving.com bsw.digitru.st x.bidswitch.net bswx.net data: font casino.localhost:* *.localhost.direct ssl.connextra.com ww1510.smartadserver.com *.stackify.com *.zscaler.net *.verifai.com *.hipay-tpp.com ws://wwe2.byside.com *.byside.com *.onfido.com *.ingest.sentry.io *.sync.onfido.com *.assets.onfido.com *.checkout.com; default-src 'unsafe-eval' 'unsafe-inline' 'self' *.casinoportugal.pt *.casinodeportugal.pt *.gstatic.com *.google.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.doubleclick.net www.google.pt www.googleadservices.com applepay.cdn-apple.com *.apple.com *.casinomodule.com *.casinoportugal-static.casinomodule.com *.isoftbet.com *.prerelease-env.biz *.pragmaticplay.net *.wvdudkswnr.net *.jtmmizms.net *.redrakegaming.com *.netentcdn.com *.tomhorngames.com *.tomhorngaming.eu *.thstatic.com *.neobiz.pt *.esagaming.com *.esagaming.it *.pariplaygames.com *.darwininteractive.com *.darwingaming.com *.stage.pariplaygames.com *.cloudfront.net cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com *.betstream.betgenius.com www.score24.com *.paysafecard.com *.skrill.com *.switchpayments.com *.freshchat.com *.eu.freshchat.com *.wchat.freshchat.com *.freshmarketer.com *.cdn.freshmarketer.com *.sportcastlive.com *.betstream.betgenius.com *.sportradar.com *.hotjar.io *.hotjar.com wss://*.hotjar.io wss://*.hotjar.com wss://*.onfido.com minifootball.pt allstars.pt *.facebook.com *.facebook.net *.syngamtech.com *.tomhorngames.com *.ads.sportradar.com *.sportradarserving.com bsw.digitru.st x.bidswitch.net bswx.net data: font casino.localhost:* *.localhost.direct ssl.connextra.com ww1510.smartadserver.com *.stackify.com *.zscaler.net *.verifai.com *.hipay-tpp.com ws://wwe2.byside.com *.byside.com *.onfido.com *.ingest.sentry.io *.sync.onfido.com *.assets.onfido.com *.checkout.com; object-src 'self'; img-src blob: data: 'self' *.casinoportugal.pt *.casinodeportugal.pt *.gstatic.com *.google.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.doubleclick.net www.google.pt www.googleadservices.com applepay.cdn-apple.com *.apple.com *.casinomodule.com *.casinoportugal-static.casinomodule.com *.isoftbet.com *.prerelease-env.biz *.pragmaticplay.net *.wvdudkswnr.net *.jtmmizms.net *.redrakegaming.com *.netentcdn.com *.tomhorngames.com *.tomhorngaming.eu *.thstatic.com *.neobiz.pt *.esagaming.com *.esagaming.it *.pariplaygames.com *.darwininteractive.com *.darwingaming.com *.stage.pariplaygames.com *.cloudfront.net cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com *.betstream.betgenius.com www.score24.com *.paysafecard.com *.skrill.com *.switchpayments.com *.freshchat.com *.eu.freshchat.com *.wchat.freshchat.com *.freshmarketer.com *.cdn.freshmarketer.com *.sportcastlive.com *.betstream.betgenius.com *.sportradar.com *.hotjar.io *.hotjar.com wss://*.hotjar.io wss://*.hotjar.com wss://*.onfido.com minifootball.pt allstars.pt *.facebook.com *.facebook.net *.syngamtech.com *.tomhorngames.com *.ads.sportradar.com *.sportradarserving.com bsw.digitru.st x.bidswitch.net bswx.net data: font casino.localhost:* *.localhost.direct ssl.connextra.com ww1510.smartadserver.com *.stackify.com *.zscaler.net *.verifai.com *.hipay-tpp.com ws://wwe2.byside.com *.byside.com *.onfido.com *.ingest.sentry.io *.sync.onfido.com *.assets.onfido.com *.checkout.com; worker-src blob: 'self' 1
report-to endpoint; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.salesmanago.pl *.bing.com *.facebook.net *.cookiebot.com *.doubleclick.net *.google.com *.google.pl *.saleago.com *.google-analytics.com *.googletagmanager.com *.google.com *.tim.pl *.googleadservices.com *.fact-finder.pl *.easypack24.net *.youtube.com *.pagespeed-mod.com *.doubleclick.net *.googlesyndication.com *.hotjar.com connect.facebook.net www.googleadservices.com www.googletagmanager.com app2.salesmanago.pl cdn.jsdelivr.net www.tim.pl googleads.g.doubleclick.net www.google-analytics.com consent.cookiebot.com consentcdn.cookiebot.com geowidget.inpost.pl bat.bing.com timsa.fact-finder.pl app2.salesmanago.pl translate.googleapis.com region1.google-analytics.com region1.analytics.google.com ajax.googleapis.com www.google.com www.google.pl pagead2.googlesyndication.com www.pagespeed-mod.com survey.survicate.com surveys-static.survicate.com stats.g.doubleclick.net connect.facebook.net geowidget.easypack24.net embeddable-sandbox.cdn.apollographql.com timsa.fact-finder.pl www.googletagmanager.com unpkg.com *.unpkg.com www.taboola.com *.taboola.com senuto.pl *.senuto.pl ahrefs.com *.ahrefs.com cdn.segmentify.com analytics.tiktok.com gandalf-eu.segmentify.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://visitdublin.azureedge.net https://assets-eu-01.kc-usercontent.com https://preview-assets-eu-01.kc-usercontent.com https://*.cookiebot.com http://*.convertexperiments.com https://*.convertexperiments.com https://dc.services.visualstudio.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ie https://*.google.es https://*.google.co.uk https://*.google.de https://*.google.fr https://*.google.it https://www.google.be https://*.googleapis.com https://googleapis.com https://www.googleadservices.com https://www.googleoptimize.com https://maps.gstatic.com https://fonts.gstatic.com https://www.youtube.com https://cdn-eu.clickdimensions.com https://analytics-eu.clickdimensions.com https://*.hotjar.io https://*.hotjar.com wws://*.hotjar.com/api/v2/client/ws wss://*.hotjar.com/api/v2/client/ws https://www.facebook.com https://connect.facebook.net https://player.vimeo.com https://*.clarity.ms https://c.bing.com; img-src 'self' data: blob: https://s3.amazonaws.com https://img.youtube.com https://i.ytimg.com https://visitdublin.azureedge.net https://assets-eu-01.kc-usercontent.com https://preview-assets-eu-01.kc-usercontent.com https://*.cookiebot.com http://*.convertexperiments.com https://*.convertexperiments.com https://dc.services.visualstudio.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ie https://*.google.es https://*.google.co.uk https://*.google.de https://*.google.fr https://*.google.it https://www.google.be https://*.googleapis.com https://googleapis.com https://www.googleadservices.com https://www.googleoptimize.com https://maps.gstatic.com https://fonts.gstatic.com https://www.youtube.com https://cdn-eu.clickdimensions.com https://analytics-eu.clickdimensions.com https://*.hotjar.io https://*.hotjar.com wws://*.hotjar.com/api/v2/client/ws wss://*.hotjar.com/api/v2/client/ws https://www.facebook.com https://connect.facebook.net https://player.vimeo.com https://*.clarity.ms https://c.bing.com; frame-ancestors 'none'; form-action 'self' https://analytics-eu.clickdimensions.com https://www.facebook.com; 1
default-src 'self' *.staticflickr.com *.flickr.com maps.google.com api.rollbar.com *.nr-data.net api.mapbox.com blob:; script-src 'self' cdnjs.cloudflare.com www.googletagmanager.com *.google-analytics.com js-agent.newrelic.com *.twitter.com *.twimg.com *.nr-data.net 'unsafe-eval' 'unsafe-inline' storage.googleapis.com api.mapbox.com https://*.uninfo.org blob: *.fontawesome.com datawrapper.dwcdn.net cdn.rollbar.com; style-src 'self' *.flickr.com *.staticflickr.com cdnjs.cloudflare.com fonts.googleapis.com use.fontawesome.com *.twitter.com *.twimg.com 'unsafe-inline' api.mapbox.com *.fontawesome.com static.dwcdn.net datawrapper.dwcdn.net; img-src 'self' www.un.org.vn *.un.org gallery.mailchimp.com *.staticflickr.com https: data: blob:; media-src 'self' www.un.org.vn *.un.org; frame-src 'self' maps.google.com www.google.com www.youtube-nocookie.com www.youtube.com *.vimeo.com unstats.un.org forms.office.com player.youku.com *.qq.com data.uninfo.org *.tableau.com *.un.org *.countryteam.org oembed.unct.ddev.site:8742; frame-ancestors 'self' *.un.org *.countryteam.org *.ddev.site:8742; font-src 'self' fonts.googleapis.com use.fontawesome.com fonts.gstatic.com *.twitter.com *.twimg.com *.fontawesome.com  static.dwcdn.net; connect-src 'self' *.staticflickr.com *.flickr.com maps.google.com analytics.google.com api.rollbar.com *.nr-data.net https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com *.google-analytics.com *.analytics.google.com storage.googleapis.com wss://socket.push.al https://*.undg.org https://*.uninfo.org *.fontawesome.com datawrapper.dwcdn.net stats.g.doubleclick.net; upgrade-insecure-requests 1
child-src https://*.adobedtm.com/ https://www.googletagmanager.com/ https://www.googleleadservices.com/ https://www.google-analytics.com/ https://bat.bing.com/ https://connect.facebook.net/ https://*.hotjar.com/ https://*.juspay.in/ https://*.mantra.ai/ https://*.googleapis.com/ https://*.gstatic.com/ https://*.careinsurance.com/ https://*.facebook.com https://*.gupshup.com/ https://payu.in/ https://chatbot.mantra.ai/ https://religarehealthinsurance.demdex.net/ https://milo.careinsurance.com/ https://chat.careinsurance.com/ https://script.crazyegg.com/ https://tracking.crazyegg.com/ https://agentchat.careinsurance.com/ https://*.juspay.in/pay-v3.js/ https://www.facebook.com/tr/ https://www.youtube.com/ https://pixel.everesttech.net/ https://www.everestjs.net/ https://*.crazyegg.com/ https://carehealthinsurance-assist.freshchat.com blob:; object-src *.careinsurance.com; frame-ancestors *.careinsurance.com; img-src * data: https:; 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-MUJSamV6ZkhRQm1QdWloeFUrbmhsQjBXNHcyeFVERDYreVZxL2dSYmlXOD06dVhBNkZGMkVHVmZXOUVFckVxcU4wbmhQcTBycEZYK1d0a3BGcEhJQitBND0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';form-action 'self' 1
base-uri https://www.mbank.cz; report-uri https://wwwcz.csp.mbank.pl; default-src 'none'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ad.doubleclick.net https://c.imedia.cz https://c.seznam.cz https://cdn.mbiscuit.mbank.cz https://cdn.skp.mbank.pl https://connect.facebook.net https://cz.hit.gemius.pl https://googleads.g.doubleclick.net https://i.ctnsnet.com https://ls.hit.gemius.pl https://maps.googleapis.com https://pagead2.googlesyndication.com https://r.skp.mbank.pl https://s.ytimg.com https://s2.adform.net https://script.hotjar.com https://ssl.google-analytics.com https://static.hotjar.com https://stats.g.doubleclick.net https://tagmanager.google.com https://tpc.googlesyndication.com https://track.adform.net https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.mbank.cz https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.skp.mbank.pl https://fonts.googleapis.com https://fonts.gstatic.com https://tagmanager.google.com https://www.mbank.cz; img-src 'self' data: https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.com https://bcp.crwdcntrl.net https://c.imedia.cz https://cdn.ctnsnet.com https://cdn.skp.mbank.pl https://cm.ctnsnet.com https://cm.g.doubleclick.net https://csi.gstatic.com https://cz.hit.gemius.pl https://gcm.ctnsnet.com https://googleads.g.doubleclick.net https://i.ctnsnet.com https://i.ytimg.com https://ib.adnxs.com https://inl.ctnsnet.com https://ipac.ctnsnet.com https://khms0.googleapis.com https://khms1.googleapis.com https://ls.hit.gemius.pl https://maps.googleapis.com https://maps.gstatic.com https://redirect.skp.mbank.pl https://region1.analytics.google.com https://region1.google-analytics.com https://s.ytimg.com https://s2.adform.net https://scm.ctnsnet.com https://script.hotjar.com https://secure.adnxs.com https://ssl.google-analytics.com https://ssl.gstatic.com https://stats.g.doubleclick.net https://tagmanager.google.com https://track.adform.net https://www.facebook.com https://www.google-analytics.com https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.hr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.no https://www.google.pl https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.mbank.cz https://www.mbank.sk; font-src 'self' data: https://cdn.mbiscuit.mbank.cz https://fonts.gstatic.com https://script.hotjar.com https://www.mbank.cz; connect-src 'self' https://*.hotjar.com https://ad.doubleclick.net https://adservice.google.com https://api.mbiscuit.mbank.cz https://api.skp.mbank.pl https://cm.g.doubleclick.net https://cz.hit.gemius.pl https://googleads.g.doubleclick.net https://lp.skp.mbank.pl https://ls.hit.gemius.pl https://maps.googleapis.com https://pagead2.googlesyndication.com https://r.skp.mbank.pl https://redirect.skp.mbank.pl https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://tagmanager.google.com https://tracker.skp.mbank.pl https://vc.hotjar.io https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.pl https://www.googletagmanager.com https://www.mbank.cz wss://*.hotjar.com wss://api.skp.mbank.pl wss://r.skp.mbank.pl; media-src 'self' data: https://cdn.skp.mbank.pl https://www.mbank.cz; object-src 'self' https://www.mbank.cz https://www.youtube.com; frame-src 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://c.imedia.cz https://cz.hit.gemius.pl https://ls.hit.gemius.pl https://tagmanager.google.com https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.mbank.cz https://www.youtube.com; child-src 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://cz.hit.gemius.pl https://ls.hit.gemius.pl https://tagmanager.google.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.mbank.cz https://www.youtube.com; form-action 'self' https://form.mbank.cz https://www.mbank.cz; frame-ancestors 'self' https://www.mbank.cz; 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' webforms.pipedrive.com pipedriveassets.com *.pipedriveassets.com; block-all-mixed-content; connect-src 'self' use.typekit.net p.typekit.net fonts.gstatic.com font.googleapis.com *.g.doubleclick.net www.facebook.com www.google-analytics.com *.analytics.google.com region1.analytics.google.com www.googletagmanager.com sc.lfeeder.com *.google.com *.googleadservices.com *.doubleclick.net www.google.fr plausible.io webforms.pipedrive.com pipedriveassets.com *.pipedriveassets.com www.datocms-assets.com *.rollbar.com; font-src 'self' data: cdn.scalingo.com *.googletagmanager.com use.typekit.net p.typekit.net fonts.gstatic.com font.googleapis.com; frame-ancestors 'none'; frame-src 'self' webforms.pipedrive.com pipedriveassets.com *.pipedriveassets.com td.doubleclick.net; img-src 'self' https: data: cdn.scalingo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.scalingo.com *.googletagmanager.com use.typekit.net p.typekit.net fonts.gstatic.com font.googleapis.com www.googletagmanager.com cdn.mxpnl.com connect.facebook.net www.google-analytics.com apis.google.com plausible.io sc.lfeeder.com webforms.pipedrive.com pipedriveassets.com *.pipedriveassets.com *.rollbar.com; style-src 'self' 'unsafe-inline' cdn.scalingo.com *.googletagmanager.com use.typekit.net p.typekit.net fonts.gstatic.com font.googleapis.com; upgrade-insecure-requests 1
frame-ancestors 'self' https://d1zpyrn120ijks.cloudfront.net; 1
default-src 'self' *.spim.ru spim.ru bid.g.doubleclick.net *.doubleclick.net yandex.ru yt3.ggpht.com youtube.com *.youtube.com goodmod.ru antisovetnic.ru kicksovetnik.ru *.kaspersky-labs.com *.vgtrk.com *.jivosite.com *.yandex.ru *.doubleclick.net *.googleadservices.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' antisovetnic.ru https://pay.yandex.ru/ https://mc.yandex.com cdn.rutarget.ru vk.com yandex.ru goodmod.ru  kicksovetnik.ru youtube.com *.youtube.com yt3.ggpht.com www.googletagmanager.com pickpoint.ru ajax.googleapis.com widget.bookform.ru vk.com  bid.g.doubleclick.net ssl.google-analytics.com google-analytics.com spim.ru *.spim.ru yandex.st *.criteo.net *.criteo.com *.mail.ru *.yandex.ru *.googleadservices.com www.google-analytics.com yandex.ru *.begun.ru *.jivosite.com cdn.retailrocket.ru *.doubleclick.net *.rambler.ru yastatic.net *.maps.yandex.net *.artfut.com *.mango-office.ru connect.facebook.net chimpstatic.com cdn.jsdelivr.net *.google.com *.gstatic.com; frame-src 'self' passport.yandex.ru https://mc.yandex.ru/ rutube.ru *.1tv.ru https://vk.com https://pay.yandex.ru/ https://sandbox.pay.yandex.ru/ mc.yandex.md tag.rutarget.ru widget.bookform.ru player.vgtrk.com antisovetnic.ru youtube.com yt3.ggpht.com  yandex.ru *.youtube.com yt3.ggpht.com *.criteo.com *.criteo.net yastatic.net api-maps.yandex.ru *.maps.yandex.net *.doubleclick.net www.facebook.com *.gstatic.com *.google.com vk.com code.jivosite.com; object-src 'self' blob: *; img-src 'self' blob: * https://mc.yandex.ru https://pay.yandex.ru/ spimg.ru *.spim.ru pozvonok.ru *.pozvonok.ru antisovetnic.ru yandex.ru data:; font-src 'self' *.spim.ru * data:; connect-src 'self' spim.ru *.spim.ru *.doubleclick.net https://pay.yandex.ru/ mc.yandex.com www.google-analytics.com *.mail.ru mc.yandex.md *.jivosite.com yandex.ru antisovetnic.ru https://tracking.retailrocket.net/ https://dsp.retailrocket.net/ https://mc.yandex.ru wss://*.jivosite.com/ vk.com suggestions.dadata.ru www.facebook.com analytics.google.com;  style-src 'self' *.spim.ru 'unsafe-inline' 'unsafe-eval' 'self' * 1
default-src 'self'; frame-ancestors 'self' https://www.idicore.com; frame-src 'self' https://www.idicore.com https://admin.idicore.com https://account.idicore.com https://batch-ui.idicore.com:8443; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; font-src 'self' use.typekit.net fonts.gstatic.com; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' prismic.io player.vimeo.com use.typekit.net js.hs-analytics.net *.hs-banner.com js.hs-scripts.com js.hsforms.net *.prismic.io static.zdassets.com *.google-analytics.com *.googletagmanager.com *.brightsg.com brightsg.com js.hsadspixel.net www.google.com www.gstatic.com *.doubleclick.net snap.licdn.com netlify-cdp-loader.netlify.app js.hubspot.com *.onetrust.com connect.facebook.net *.hotjar.com; style-src 'report-sample' 'self' 'unsafe-inline' use.typekit.net p.typekit.net fonts.googleapis.com; img-src 'self' prismic-io.s3.amazonaws.com p.typekit.net brightsg.cdn.prismic.io images.prismic.io *.hubspot.com *.google-analytics.com *.analytics.google.com googletagmanager.com *.hs-embed-reporting.com *.hsappstatic.net *.hsforms.com data: www.google.com www.google.co.uk *.linkedin.com *.onetrust.com www.google.co.in www.facebook.com; connect-src 'self' *.doubleclick.net vimeo.com performance.typekit.net *.zendesk.com ekr.zdassets.com js.hs-banner.com *.google-analytics.com *.analytics.google.com *.prismic.io hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.com *.hs-embed-reporting.com *.smooch.io api.hubapi.com cdn.linkedin.oribi.io cta-service-cms2.hubspot.com *.onetrust.com *.google.com wss://ws.hotjar.com *.hotjar.io *.linkedin.com *.googlesyndication.com; frame-src 'self' brightsg.prismic.io *.jotform.com *.jotformeu.com *.hsforms.com player.vimeo.com *.youtube.com www.google.com app.netlify.com 5255713.hs-sites.com td.doubleclick.net; frame-ancestors 'self' brightsg.prismic.io *.jotform.com *.jotformeu.com *.hsforms.com player.vimeo.com *.youtube.com; manifest-src 'self'; media-src 'self'; object-src 'none'; base-uri 'self'; 1
frame-ancestors 'self';frame-src 'self' forms-eu1.hsforms.com www.youtube-nocookie.com; 1
default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; base-uri 'self'; script-src: 'unsafe-eval' 'unsafe-inline' 'self' www.google-analytics.com; form-action 'self'; style-src: 'unsafe-inline' 1
img-src 'self' data: https:; font-src 'self'; frame-src 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *; worker-src 'self' 'unsafe-inline' * blob: blob:*; 1
default-src 'self' 'unsafe-inline' data: blob: https: 1
default-src 'self' data: blob: https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://*.schepp.workers.dev/; connect-src 'self' http://localhost/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://*.ingest.sentry.io/ https://*.sentry.io/ wss://*.piesocket.com wss://chii.liriliri.io https://chii.liriliri.io https://*.pingdom.net/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ https://*.izooto.com/ https://*.jwpltx.com/ https://ssl.p.jwpcdn.com/ https://t.adcell.com/ https://*.ad4m.at https://*.trafficjunky.net/ wss://knpb-media.zammad.com/ https://*.vxcdn.org/ https://*.mmapiws.com/; font-src 'self' data: http://localhost http://localhost:3000 https://*.hotjar.com/ https://fonts.gstatic.com/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/; frame-src 'self' antennapod-subscribe: castros: downcast: gpodder: icatcher: instacast: overcast: playerfm: pktc: podcastaddict: podcastguru: podcat: podkicker: rssradio: podcast: https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://cdn.izooto.com https://*.hotjar.com/ https://ad.ad-srv.net/; img-src 'self' data: blob: android-webview-video-poster: http://localhost:10001/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://via.placeholder.com/ https://source.unsplash.com/ https://images.unsplash.com/ https://*.hotjar.com/ https://*.jwpltx.com/ https://*.jwpsrv.com/ https://*.trafficjunky.net/ https://syndication.exoclick.com/ https://syndication.realsrv.com/ https://syndication.exdynsrv.com/ https://tsyndicate.com/ https://*.vxcdn.org/; manifest-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: http://localhost/ https://localhost/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://chii.liriliri.io https://cdn.jwplayer.com/ https://content.jwplatform.com/ https://ssl.p.jwpcdn.com/ https://www.gstatic.com/ https://*.sentry-cdn.com/ https://*.pingdom.net/ https://t.adcell.com/ https://www.adcell.de/ https://ad4m.at/ https://static.hotjar.com/ https://script.hotjar.com/ https://cdn.izooto.com/ https://static.trafficjunky.com/ https://*.exoclick.com/ https://device.maxmind.com/ https://knpb-media.zammad.com/; style-src 'self' 'unsafe-inline' data: http://localhost/ https://localhost/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://knpb-media.zammad.com/; media-src 'self' blob: data: https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://*.schepp.workers.dev/ https://*.vxcdn.org/; form-action 'self' https:; worker-src 'self' blob:; block-all-mixed-content; upgrade-insecure-requests; frame-ancestors 'self' https://*.ffrtz.com; child-src 'self' 1
frame-ancestors *.baunetz.de; 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline'; worker-src * 'self' data: blob: 'unsafe-inline'; img-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; 1
frame-ancestors *.payback.pl 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src 'self' https://isc.sans.edu https://www.dshield.org;; report-uri https://isc.sans.edu/cspreport.html; 1
default-src 'self' data: ;   connect-src 'self' https: wss: ;   font-src 'self' chrome-extension: data: https: ;   img-src 'self' data: blob: android-webview-video-poster: about: https: ;   frame-src 'self' https: ;   script-src 'self' 'unsafe-inline' 'unsafe-eval' about: https: ;   script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https: ;   style-src 'self' 'unsafe-inline' https: ;   style-src-elem 'self' 'unsafe-inline' https: ;   style-src-attr 'self' 'unsafe-inline' https: ;   worker-src 'self' 'unsafe-inline' https: blob: ;   frame-ancestors 'self' https://*.magnews.it https://*.magnews.com;   upgrade-insecure-requests;   block-all-mixed-content;   report-uri https://cspr-it.mag-news.it/ 1
frame-ancestors *.ibrida.io 1
frame-ancestors https://*.socialnature.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: 'self' data: 'self' https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://www.linkedin.com *.qualtrics.com *.optimizely.com *.cloudflare.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://www.google.com.au https://ajax.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net www.google.com.au/ads/ www.google-analytics.com https://analytics.google.com https://fonts.gstatic.com https://www.gstatic.com *.youtube.com *.bootstrapcdn.com *.doubleclick.net *.australianretirementtrust.com.au *.siteintercept.qualtrics.com siteintercept.qualtrics.com *.vo.msecnd.net bat.bing.com connect.facebook.net *.facebook.com static.wondaris.com dc.services.visualstudio.com snap.licdn.com *.fontawesome.com *.mouseflow.com boxcast.tv playlist.megaphone.fm viewpoint.glasslewis.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com *.sunsuper.com.au *.googleusercontent.com https://www.googleadservices.com 1
require-trusted-types-for 'script';report-uri /_/GeoEarthWebHttp/cspreport 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com https://cse.google.com cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com www.google.com https://clients1.google.com track.hubspot.com js.hsleadflows.net forms.hsforms.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://azcc.granicus.com https://edocket.azcc.gov https://efiling.azcc.gov https://outlook.office365.com forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com https://edocket.azcc.gov https://efiling.azcc.gov forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' web-chat.nativechat.com 1
frame-ancestors 'self' *.bigideasmath.com *.schoology.com *.instructure.com schoology.wcasd.net 1
default-src *;  img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;   style-src  'self' 'unsafe-inline' * 1
block-all-mixed-content; child-src blob:; connect-src 'self' https://*.scene7.com https://*.limelight.com https://*.google-analytics.com https://*.bing.com https://*.mktoresp.com https://*.doubleclick.net https://*.wisepops.com https://*.medallia.com https://*.kampyle.com https://*.msanet.com https://*.mapbox.com https://*.googlevideo.com https://*.llnw.net https://*.facebook.com https://*.cookielaw.org https://*.clarity.ms https://*.clickagy.com https://*.onetrust.com https://*.msasafety.com https://*.zoominfo.com https://*.usetiful.com https://*.mktoutil.com https://*.hotjar.io https://cdn.linkedin.oribi.io https://*.googleapis.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.rumiview.com wss://*.hotjar.com https://*.hotjar.com https://*.csp-1.com https://csp-1.picarioxpo.com https://*.tockify.com https://tockify.com https://app.getwisp.co https://*.wisepops.net https://*.qzzr.com https://*.algolianet.com https://*.algolia.net https://*.kudoboard.com https://*.curator.io https://*.pricespider.com https://cdnjs.cloudflare.com https://*.algolia.io https://wisepops.net https://*.tiles.mapbox.com wss: https://px.ads.linkedin.com https://*.niceincontact.com; default-src 'self'; font-src 'self' data: https://*.gstatic.com https://*.fontawesome.com https://*.cloudfront.net https://*.typekit.net https://*.pricespider.com https://*.niceincontact.com; frame-src 'self' https://*.msasafety.com https://*.msanet.com https://*.google.com https://*.doubleclick.net https://*.marketo.com https://*.bing.com https://*.hotjar.com https://*.medallia.com https://*.zoho.com https://*.metalocator.com https://*.youtube.com https://*.sierramonitor.com https://*.123formbuilder.com https://*.clickagy.com https://*.facebook.com http://*.msanet.com https://*.webdamdb.com https://*.force.com https://*.office.com https://*.csp-1.com https://msasafety.wufoo.com https://*.tockify.com https://tockify.com https://*.vimeo.com https://www.firegrantshelp.com https://*.qzzr.com https://*.riddle.com https://*.surveymonkey.com https://www.mybacharach.com https://*.kudoboard.com https://*.extforms.netsuite.com https://*.app.netsuite.com https://*.marketingautomation.services https://*.wisepops.com https://*.wisepops.net https://wisepops.net https://insight.adsrvr.org https://msa.webdamdb.com/ https://*.niceincontact.com; img-src data: 'self' https://*.scene7.com https://*.googletagmanager.com https://*.pricespider.com https://*.googleadservices.com https://*.linkedin.com https://*.doubleclick.net https://*.google.com https://*.bing.com https://*.facebook.com https://*.google-analytics.com https://*.cookielaw.org https://*.clarity.ms https://*.metalocator.com https://*.msasafety.com https://*.msanet.com https://*.webdamdb.com https://*.kickfire.com https://*.kampyle.com https://*.simpli.fi https://*.rumiview.com https://*.webtraxs.com https://*.analytics.google.com https://*.adroll.com https://*.g.doubleclick.net https://*.ads.linkedin.com https://*.google.ae https://*.google.ca https://*.google.cn https://*.google.de https://*.google.fr https://*.google.co.uk https://*.google.se https://*.google.ru https://*.google.com.au https://*.google.pl https://*.google.co.in https://*.google.co.za https://*.google.com.pe https://*.google.com.co https://*.google.com.ar https://*.google.nl https://*.google.it https://*.google.es https://*.google.co.th https://*.google.com.sg https://*.google.com.my https://*.google.co.jp https://*.google.co.id https://*.google.com.mx https://*.google.cl https://*.google.com.br https://*.clickagy.com https://*.msafire.com https://*.content.video.llnw.net https://*.google.ad https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.as https://*.google.at https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cm https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.iq https://*.google.is https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.csp-1.com https://csp-1.picarioxpo.com https://id.rlcdn.com https://pixel-sync.sitescout.com https://blog.sierramonitor.com https://*.wisepops.net https://dx4nr741tfc02.cloudfront.net https://wisp-production-storage.s3.amazonaws.com https://*.wisepops.com https://*.mapbox.com https://safetyio.com https://*.safetyio.com blob: https://img.delvenetworks.com https://pixel-geo.prfct.co https://blog.fieldserver.com https://curator-assets.b-cdn.net https://*.curator.io https://*.niceincontact.com/ https://dummyimage.com https://*.placeholder.com/1500x900; media-src 'self' blob: https://*.llnw.net https://*.msanet.com https://*.webdamdb.com/ https://*.curator.io https://curator-assets.b-cdn.net/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.msasafety.com https://*.scene7.com https://*.pricespider.com https://*.limelight.com https://*.marketo.com https://*.marketo.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.gstatic.com https://*.bing.com https://*.doubleclick.net https://*.hotjar.com https://*.facebook.net https://*.wisepops.com https://*.adobedtm.com https://*.licdn.com https://*.medallia.com https://*.kampyle.com https://*.kickfire.com https://*.simpli.fi https://*.google.com https://*.metalocator.com https://*.pardot.com https://*.mapbox.com https://*.sierramonitor.com https://*.zohostatic.com https://*.usersnap.com https://*.cloudfront.net https://*.youtube.com https://*.cookielaw.org https://*.clarity.ms https://*.clickagy.com https://*.123formbuilder.com https://*.zoominfo.com https://*.usetiful.com https://*.webtraxs.com https://*.adroll.com https://*.rumiview.com https://*.la5-c2-ia4.salesforceliveagent.com https://*.jquery.com https://*.force.com https://*.g.doubleclick.net https://*.csp-1.com https://*.tockify.com https://tockify.com https://*.wisepops.net https://app.getwisp.co https://*.qzzr.com https://cdn.jsdelivr.net https://koi-3QNJ3FOY90.marketingautomation.services https://curator.io https://*.curator.io https://*.marketingautomation.services https://wisepops.net https://cdnjs.cloudflare.com https://tag.perfectaudience.com https://js.adsrvr.org https://*.tiles.mapbox.com https://pixel-geo.prfct.co https://*.niceincontact.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.mapbox.com https://*.pricespider.com https://*.tiles.mapbox.com https://*.msasafety.com https://*.scene7.com https://www.usetiful.com https://*.msanet.com https://*.fontawesome.com https://*.googleapis.com https://*.typekit.net https://*.curator.io/ https://*.niceincontact.com; upgrade-insecure-requests; worker-src 'self' blob:; report-uri /.webscale/csp-report 1
base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; worker-src blob: http://localhost:8080 https://*.rz.hs-heilbronn.de https://*.hs-heilbronn.de https://hhn-web-staging.infopark.io; script-src 'self' https://*.rz.hs-heilbronn.de https://*.scrivito.com https://fiona8-backend.hs-heilbronn.de/ https://play.google.com; object-src 'none'; block-all-mixed-content; connect-src 'self' ws://localhost:8080 https://*.rz.hs-heilbronn.de http://localhost:3000 https://*.amazonaws.com https://*.scrvt.com https://*.scrivito.com https://fiona8-backend.hs-heilbronn.de https://play.google.com https://login.hs-heilbronn.de; frame-ancestors 'self' https://*.scrivito.com https://*.rz.hs-heilbronn.de 1
frame-ancestors 'self' backoffice.cmrcmm6y-boelstoph1-d1-public.model-t.cc.commerce.ondemand.com backoffice.cmrcmm6y-boelstoph1-s1-public.model-t.cc.commerce.ondemand.com backoffice.cmrcmm6y-boelstoph1-p1-public.model-t.cc.commerce.ondemand.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.b2clogin.com https://*.cmrcmm6y-boelstoph1-p1-public.model-t.cc.commerce.ondemand.com https://www.boels.com https://*.boels.com https://api.boels.com https://integratewith.boels.com https://jsapps.boels.com https://mediahub.boels.com https://prod.boels.com https://api.db-ip.com https://dc.services.visualstudio.com https://fonts.googleapis.com https://www.gstatic.com https://maps.gstatic.com https://fonts.gstatic.com https://i.ytimg.com https://recaptcha.net https://use.fontawesome.com  https://googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com https://trc.taboola.com https://*.adroll.mgr.consensu.org https://*.hotjar.io https://in.hotjar.com https://vc.hotjar.io wss://*.hotjar.com wss://wss://*.hotjar.com https://script.hotjar.com https://*.my.salesforce-sites.com https://*.my.salesforce.com https://*.salesforceliveagent.com https://*.vf.force.com https://service.force.com https://login.salesforce.com https://ads.yahoo.com https://adservice.google.com https://analytics.google.com https://openx.net  https://api.leadgenapp.io https://bam.nr-data.net https://bat.bing.com https://app.talkjs.com https://www.bing.com https://www.facebook.com https://www.google-analytics.com https://cbks0.googleapis.com https://cdn.jsdelivr.net https://connect.facebook.net https://dsum-sec.casalemedia.com https://eb2.3lift.com https://forms.leadgenapp.io https://geo0.ggpht.com https://graph.facebook.com https://ib.adnxs.com https://idsync.rlcdn.com https://ipv4.d.adroll.com https://js-agent.newrelic.com https://khms0.googleapis.com  https://khms1.googleapis.com https://lh3.ggpht.com https://www.google.be https://www.google.com https://www.google.com.ua https://www.google.de https://www.google.dk https://www.google.fr https://www.google.lu https://www.google.nl https://consent.cookiebot.com https://consentcdn.cookiebot.com https://imgsct.cookiebot.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pixel.advertising.com https://pixel.rubiconproject.com https://www.linkedin.com https://*.linkedin.com https://px.ads.linkedin.com https://px4.ads.linkedin.com  https://region1.analytics.google.com https://js.monitor.azure.com https://region1.google-analytics.com https://*.adroll.com https://static.lightning.force.com https://simage2.pubmatic.com https://snap.licdn.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.doubleclick.net https://sync.outbrain.com https://www.googleadservices.com https://www.googleoptimize.com https://www.youtube.com https://x.bidswitch.net https://static.hotjar.com https://*.popupsmart.com https://js.monitor.azure.com https://*.clarity.ms; frame-src 'self' https://consentcdn.cookiebot.com https://service.force.com https://*.boels.com https://recaptcha.net https://x.adroll.com https://td.doubleclick.net https://www.youtube.com; 1
frame-ancestors 'self' *.shhotelsandresorts.com pagesense-proxy.com pagesense.zoho.com 1
default-src * blob: data: 'unsafe-eval' 'unsafe-inline'; 1
frame-ancestors 'self' localhost:* *.cossette.digital *.quebec-cite.com feature-responsive-desktop--dqc-flux-stg.netlify.app 1
base-uri 'self'; default-src 'report-sample' 'self'; connect-src 'report-sample' 'self' data: *; font-src 'report-sample' 'self' data: *; form-action 'self' https://*.inseego.com https://*.inseego-flux.pages.dev https://*.facebook.com; frame-src 'report-sample' 'self' *; img-src 'report-sample' 'self' blob: data: *; manifest-src https://inseego.com/site.webmanifest; media-src 'self' 'report-sample' data: https://*.inseego.com https://*.inseego-flux.pages.dev https://*.tawk.to; object-src 'self' 'report-sample'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *; script-src-elem 'report-sample' 'self' 'unsafe-inline' data: *; style-src 'report-sample' 'self' 'unsafe-inline' *; report-uri https://jarvis.inseego.com/inseego-csp-report 1
default-src * 'self' 'unsafe-inline' blob: ; img-src * 'self' data: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; font-src * data: ; connect-src * ; worker-src blob: ; 1
upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'none';default-src 'self';child-src 'self';frame-src https://www.google.com  https://*.linkedin.com *.hotjar.com;script-src *.smartology.net *.hotjar.com https://www.gstatic.com https://*.google-analytics.com https://www.google.com https://*.googletagmanager.com https://kit.fontawesome.com https://*.sharethis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://connect.facebook.net https://*.smartlook.com https://*.smartlook.cloud https://*.posthog.com https://app.analyzz.com https://*.linkedin.com https://unpkg.com 'self' 'unsafe-inline' 'unsafe-eval';img-src http://www.w3.org https://www.smartology.net https://*.google-analytics.com https://secure.gravatar.com https://*.googletagmanager.com https://*.sharethis.com 'self' data:;style-src https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://buttons-config.sharethis.com 'self' 'unsafe-inline';font-src https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.fontawesome.com 'self' data:;connect-src *.hotjar.com *.hotjar.io https://stats.g.doubleclick.net https://website-api.smartology.co https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.fontawesome.com https://l.sharethis.com https://*.smartlook.com https://*.smartlook.cloud https://*.posthog.com https://app.analyzz.com https://lottie.host 'self' ws:;object-src 'self' 1
frame-ancestors 'self' https://*.foody.com.cy; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; 1
default-src 'self'; img-src 'self' data: storage.googleapis.com *.daliajobs.com; style-src 'self' 'unsafe-inline'; report-to csp-endpoint; script-src 'self' 'nonce-7y2Qhnt4x0Hp7BOa26X27A==' 1
script-src-attr 'none';base-uri 'self';font-src 'self' https: data:;style-src 'self' https: 'unsafe-inline';form-action 'self' *.facebook.com;frame-src 'self' https://htmx.org https://challenges.cloudflare.com https://www.facebook.com https://td.doubleclick.net/ https://js.stripe.com/ https://www.youtube.com https://www.youtube-nocookie.com https://accounts.google.com;object-src 'none';upgrade-insecure-requests; 1
frame-ancestors 'self' https://bold.co https://web.bold.co https://www.bold.co 1
default-src 'self'; base-uri 'self'; object-src 'none'; upgrade-insecure-requests; connect-src 'self' *.homepage-web.com; script-src 'self' 'report-sample' *.homepage-web.com 'sha256-GGBo8gBY885xYvY7bjeWuInjeYICMEc0lMmxkN3Uh2M=' 'sha256-w8Zb8pbFFyfmRVOZrgiCCcIhHaEBKhjW8uNc9iWFIIM=' https://static.cloudflareinsights.com https://api.bing.com https://www.google.com; img-src 'self' data:; style-src 'self' 'report-sample' 'unsafe-inline'; Form-action 'self'; Frame-ancestors 'none'; worker-src 'none'; report-uri https://csp.homepage-web.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.mapy.cz google.com *.imedia.cz c.seznam.cz *.doubleclick.net https://*.adform.net https://*.facebook.net https://*.googletagmanager.com https://snippet.capybara.lmc.cz https://buttons.github.io/buttons.js https://www.youtube.com https://*.vimeo.com https://*.facebook.com https://*.twitter.com https://*.instagram.com https://*.lmc.cz https://*.smartemailing.cz https://se-forms.cz https://*.polyfill.io https://*.cloudflare.com https://*.bvv.cz; style-src 'self' 'unsafe-inline' https://snippet.capybara.lmc.cz https://api.mapy.cz https://cdn.jsdelivr.net https://*.vimeo.com https://*.facebook.com https://*.facebook.net https://*.doubleclick.net https://*.twitter.com https://*.instagram.com https://*.lmc.cz https://se-forms.cz https://*.bvv.cz; font-src 'self' https://snippet.capybara.lmc.cz https://api.mapy.cz data: https://cdn.jsdelivr.net https://*.vimeo.com https://*.facebook.com https://*.twitter.com https://*.instagram.com https://*.lmc.cz https://*.bvv.cz; img-src 'self' data: *.google.com *.google.cz *.seznam.cz *.openstreetmap.org https://i.ytimg.com https://api.mapy.cz https://*.vimeo.com https://*.facebook.com https://*.twitter.com https://*.instagram.com https://*.lmc.cz https://*.bvv.cz; connect-src 'self' webtrack.bvv.cz https://api.capybara.lmc.cz *.sentry.io https://api.mapy.cz https://liveupdate.pimcore.org https://noembed.com https://cdn.plyr.io https://*.vimeo.com https://*.facebook.com https://*.twitter.com https://*.instagram.com https://*.lmc.cz https://*.smartemailing.cz https://se-forms.cz https://*.bvv.cz *.google.com *.doubleclick.net *.googlesyndication.com *.google-analytics.com *.google.cz; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://*.vimeo.com https://*.facebook.com https://*.twitter.com https://*.instagram.com https://*.lmc.cz https://*.bvv.cz; media-src 'self' data: blob: *; worker-src 'self' data: blob: *; 1
frame-ancestors self *.uhg.com *.optum.com *.uhc.com; 1
default-src 'self' wss: 'unsafe-inline' 'unsafe-eval' blob: data: *.cebroker.com *.evercheck.com *.evercheckwallet.com *.propelus.com *.pendo.io *.stripe.com *.googleapis.com *.stripe.network *.google-analytics.com *.userway.org *.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com *.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com *.pubmatic.com snap.licdn.com sync.outbrain.com *.taboola.com ads.yahoo.com ups.analytics.yahoo.com *.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net cdnjs.cloudflare.com *.amazonaws.com bam.nr-data.net *.clarity.ms analytics.google.com *.gstatic.com *.visualwebsiteoptimizer.com cdn.linkedin.oribi.io *.lr-in-prod.com *.googletagmanager.com cdn.logrocket.io cdn.lr-ingest.io cdn.lr-in.com cdn.lr-in-prod.com *.lr-ingest.io *.fontawesome.com *.bootstrapcdn.com *.google.com *.vimeo.com *.hsforms.com *.hsforms.net *.hubspot.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.usemessages.com js.hsadspixel.net js.hsleadflows.net api.hubapi.com perf-na1.hsforms.com f.vimeocdn.com; font-src 'self' *; 1
frame-ancestors 'self' *.grammarly.com 1
default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self' 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.tiles.mapbox.com https://cdnjs.cloudflare.com https://d1stxfv94hrhia.cloudfront.net https://www.lightboxcdn.com https://api.lightboxcdn.com https://www.gillettevenus.com https://pge.segmanta.com https://www.upsellit.com https://s.pinimg.com https://z.moatads.com https://c.lytics.io https://cdn.segment.com https://js-cdn.dynatrace.com https://wtbng.pricespider.com https://wtbstream.pricespider.com https://embeddedcloud.pricespider.com https://omni.pricespider.com https://locate.pricespider.com https://wtbevents.pricespider.com https://cdn.pricespider.com https://www.youtube.com https://pghub.io *.cookielaw.org *.onetrust.com *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://api.tiles.mapbox.com https://s3.lightboxcdn.com https://api.lightboxcdn.com https://www.lightboxcdn.com https://c.lytics.io https://cdn.pricespider.com fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' https://videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org https://40n23zgkic3y-a.akamaihd.net https://ct.pinterest.com https://submit.lightboxcdn.com https://submitcus.lightboxcdn.com https://s3.lightboxcdn.com https://api.lightboxcdn.com https://www.lightboxcdn.com https://c.lytics.io https://cdn.pricespider.com https://wwwassets.pricespider.com https://embeddedcloud.pricespider.com https://px.moatads.com https://www.google.com i.ytimg.com videos.ctfassets.net images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' https://s3.lightboxcdn.com fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' *.gillette.com https://videos.ctfassets.net https://pandg.tapad.com https://www.youtube.com *.adsrvr.org *.doubleclick.net *.jebbit.com consumersupport.pg.com servedby.flashtalking.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com feed.pghub.io pandg.tapad.com ; manifest-src * ; 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; font-src * data: 1
default-src https: data: 'unsafe-eval' 'unsafe-inline' 1
default-src 'self' https://*.mhh.de chrome-extension; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mhh.de https://*.youtube.com https://*.youtube-nocookie.com https://cdnjs.cloudflare.com  ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.mhh.de https://*.youtube.com https://*.youtube-nocookie.com https://mh-hannover-390466.workflowcloud.com https://cdnjs.cloudflare.com  ; script-src-attr 'self' 'unsafe-inline' https://*.mhh.de; connect-src 'self' https://*.mhh.de https://*.youtube-nocookie.com; style-src 'self' 'unsafe-inline' https://*.mhh.de; img-src 'self' data: https://*.mhh.de https://*.ytimg.com  ; frame-src 'self' https://*.mhh.de https://*.youtube-nocookie.com https://mh-hannover-390466.workflowcloud.com https://gbo-app-znc.nintex.io; child-src 'self' https://*.mhh.de https://*.youtube-nocookie.com https://mh-hannover-390466.workflowcloud.com https://gbo-app-znc.nintex.io; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; report-uri https://www.mhh.de/_mc/csp; report-to https://www.mhh.de/_mc/csp 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'strict-dynamic' 'nonce-UWkrbjZnNW5vcHU1K1g4ZDFPNXo2QmF0SzNBajRXRnlUVXRDbldrckw2OD06YzJQWGpIOE03S3pEZ1J4U2s1WWJteVhPR1NOS2pRQkJQeGtRcWh0U2FmMD0=' https://tags-eu.tiqcdn.com https://cdn.wbtrk.net https://geid.wbtrk.net 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://pix.telekom.de http://fbc.wcfbc.net https://office.magentacloud.de;font-src 'self' data: https://ebs10.telekom.de;connect-src 'self';media-src 'self';frame-src 'self' nc: https://office.magentacloud.de;frame-ancestors 'self' https://office.magentacloud.de;form-action 'self' https://office.magentacloud.de 1
frame-ancestors 'self' *.reworldmedia.com 1
connect-src 'self' https://cdn.cookielaw.org wss://app.bitgo-test.com bitgo.com openpgpkey.bitgo.com *.bitgo-test.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.stripe.com *.hsforms.com fonts.googleapis.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com *.g.doubleclick.net https://analytics.google.com https://api.hubapi.com; font-src 'self'; frame-ancestors 'self'; frame-src *.stripe.com withpersona.com *.googletagmanager.com *.google.com; img-src 'self' data: *.bitgo-test.com *.bitgo.com images.ctfassets.net *.google-analytics.com *.googletagmanager.com *.hubspot.com *.google.co.in *.google.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://t.co https://analytics.twitter.com; object-src 'none'; script-src 'self' 'unsafe-eval' https://static.ads-twitter.com 'sha256-qsFgAAzLZQLHrYQ3bnonrpDF4Fml5kkcp63LOanT7dE=' 'sha256-CJpisrWpFQietSw+px2OLW0qDQBLof4CgqM229DnGaM=' 'sha256-AUUYEhrtXKcklKBVhgJSgcfediKhjfNSqPHOfdNc2hE=' 'sha256-3dwO267MkX9pflnmWaBDWsfp0xMcdq5JMHF4/zdhJDU=' 'sha256-uGJaKjn54337RLxwXvVuJNe2Meyp4RG8YGhO2WSnHsk=' 'sha256-vEC5cTXxs3mBEQARtc/d0zIPWvBa80z4jiBAuHtJWSc=' 'sha256-yZFBBEAhVR7+Ftx72ma6BMxZ0sAlz7DrJpEQjM6yvdk=' 'sha256-wdVbrIwMAavhXh5iUvTAGGCD1ZrAcp0EKos7aBXPlU0=' 'sha256-FjU9pFs57FzGzHNuDUn7KAYgSyP1+QdQETa9PdiLvDk=' 'sha256-NX8xip537VvOmhMDXtzLgsPX/VRoNBD2kIVVj6jI7QY=' 'sha256-oPTgatj04zAXPgPaJx0nVZYX07lUzQDejSSIjHyD5Ms=' 'sha256-wDzFV7C2xx8R6xgJK3kMe3Il46cmEd14vUaZENehmSw=' 'sha256-eZC4k0iYflFa0q5NEDtLyIVt7WkrxQqJYHFmSjZfgSQ=' 'sha256-o8/B65mp14vE/VisCbscLi6ul0GpbWzTwGGaaAKZ+R4=' 'sha256-RFUWCuJ8HHZfIBqtGaY7HV9yURmuodvcW0LVth+LEcg=' 'sha256-/JheBQo8zngg+5vHRIX/QNvr1ByByfgi9QCQnAbks6c=' 'sha256-v1oYH69RcooFs6F5XhMTzHiWlftYwnuQHDxIz0suNeo=' 'sha256-Jr+UYZNi4mC3eaOrVHrSWKrnFJsbd2Z2H6kC8y1KnPc=' 'sha256-gfxaZBtLG6iJhfVf6Dp9ppzDuR7XyfVLGuHv1QCDSbw=' 'sha256-5VrVgGfPbUH5IoPb+tGodpswZad/XDHQfqHeVD0LMG4=' 'sha256-f4b7rBPvi31A16IdFzFJ0WLjQhPQTVnBawkEVn1oJ8w=' 'sha256-HOOdAB25XoL5GyreygJQ8OZ7hg5xF60xZIgtJS0rt+s=' 'sha256-NMfoNGOY8cJIkH8JBZOZ+/t2PXUfgxzx565/Lsi53pU=' 'wasm-unsafe-eval' *.googletagmanager.com *.stripe.com *.google-analytics.com *.bitgo-test.com *.hs-scripts.com *.gstatic.com *.google.com *.google.co.in *.googleadservices.com *.licdn.com *.cookielaw.org *.hs-analytics.net *.hs-banner.com https://analytics.google.com https://js.hsadspixel.net/fb.js; style-src 'self' 'unsafe-inline'; worker-src 'self' blob; 1
default-src 'self' https://fonts.gstatic.com 'unsafe-inline' 'unsafe-eval' *; script-src 'self' https://maps.googleapis.com https://www.gstatic.com https://code.jquery.com/ui/1.10.4/jquery-ui.min.js 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: https://csi.gstatic.com https://maps.gstatic.com https://maps.googleapis.com 'unsafe-inline' 'unsafe-eval' *; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *; worker-src 'self' https://www.google.com 'unsafe-inline' 'unsafe-eval' *; font-src 'self' https://fonts.gstatic.com data: 'unsafe-inline' 'unsafe-eval' *; 1
frame-ancestors 'self' https://urbanlist.preview.ceros.com https://view.ceros.com https://media.ceros.com https://assets.ceros.com https://codepen.io https://cdpn.io; 1
frame-ancestors 'self' xmatters.com *.xmatters.com xmatters-mktg.web.app xmatters-mktg.firebaseapp.com ws.zoominfo.com ws-assets.zoominfo.com *.zoominfo.com everbridge--bots.sandbox.my.site.com everbridge.lightning.force.com 1
default-src 'self' https://pte.nu https://cdn.pte.nu;script-src 'self' cdn.pte.nu 'nonce-xEcbASIJYNs1ZMDd3daz/Q==';style-src 'self' cdn.pte.nu 'unsafe-inline';img-src 'self' data: http://cdn.pte.nu https://cdn.pte.nu;connect-src 'self' https://cdn.pte.nu wss://ws.pte.nu https://ws.pte.nu https://api-test.pte.nu https://pte.nu;font-src 'self' cdn.pte.nu data:;manifest-src cdn.pte.nu;object-src 'self';media-src 'self';frame-src 'self';base-uri 'self';block-all-mixed-content;form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests 1
frame-ancestors 'self' admin.neo.bet admin.neobet.de edit.scrivito.com; 1
frame-src 'self' web.redhelper.ru www.google.com www.youtube.com; connect-src 'self' data: www.google-analytics.com mxgroup.ru new.mxgroup.ru ozprod5.mxgroup.ru www.mxgroup.ru api.mxgroup.ru api.mxgroup.ru:443 wss://api.mxgroup.ru; img-src * data:; frame-src 'self' web.redhelper.ru www.google.com www.youtube.com; script-src 'self' 'unsafe-inline' web.redhelper.ru www.google-analytics.com www.google.com www.gstatic.com api-maps.yandex.ru cdn.polyfill.io; style-src 'self' 'unsafe-inline' web.redhelper.ru; frame-ancestors 'self'; form-action 'self'; font-src 'self' data:; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self' mxgroup.ru new.mxgroup.ru ozprod5.mxgroup.ru www.mxgroup.ru mxgroup.ru; default-src 'self' 1
default-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ https://static.cloudflareinsights.com https://ajax.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://fonts.googleapis.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.google-analytics.com/; font-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ZThlZTBlZGU0MjczNGJkM2E3YzU1ZTQ2YWQ3NjA4OTQ=' https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.ssc-ict.nl; font-src 'self' https://statistiek.rijksoverheid.nl; object-src 'none'; connect-src https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.ssc-ict.nl; img-src 'self' data: https://d3oiud1b8fohdw.cloudfront.net https://statistiek.rijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.toegankelijkheidsverklaring.nl; media-src 'self' https://*.rovid.nl https://*.rijksoverheidsvideo.nl; form-action 'self' https://export.highcharts.com https://*.contenttoolsrijksoverheid.nl https://*.ssc-ict.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors 'self', object-src 'none', base-uri 'self' 1
base-uri 'self'; style-src 'self'; connect-src 'self' *.itzbund.de; script-src 'self' piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de medien.bsi.bund.de; media-src 'self' multimedia.gsb.bund.de medien.bsi.bund.de; img-src 'self' piwik.itzbund.de *.tile.openstreetmap.org; font-src 'self'; frame-ancestors 'self' *.prod.gsb.bsi.in.bund.de ; upgrade-insecure-requests; 1
default-src 'self' https://www.privatesportshop.it; connect-src 'self' https://www.privatesportshop.it https://m.sportpursuit.com https://raven.privatesportshop.it https://api.sportpursuit.com https://*.elev.io https://*.amazon.com https://*.amazon.co.uk https://capture.trackjs.com https://*.facebook.com https://*.facebook.net https://*.doubleclick.net https://*.google.com https://*.postcodeanywhere.co.uk https://*.iubenda.com https://*.dixa.io wss://*.dixa.io https://cdn.polyfill.io https://sentry.io https://trustbadge.api.etrusted.com https://shops-si.trustedshops.com https://*.taboola.com https://bat.bing.com https://in.requestmetrics.com https://*.addressy.com https://*.scarabresearch.com https://*.googlesyndication.com https://*.logbor.com https://cdn.jsdelivr.net/gh/TimeOne-Group/isdk@latest/dist/isdk.min.js https://tracking.publicidees.com https://binel.hunkal.com https://*.creativecdn.com https://*.time1.me https://*.lacmp.net https://analytics.optimalpeople.fr https://analytics.tiktok.com https://*.imgstatics.com https://*.gsitrix.com; font-src 'self' https://images1.sportpursuit.info https://images2.sportpursuit.info https://images3.sportpursuit.info https://images4.sportpursuit.info https://*.elev.io https://fonts.gstatic.com https://widgets.trustedshops.com https://*.dixa.io; frame-src https://*.amazon.co.uk https://*.elev.io https://*.amazon.com https://*.payments-amazon.com https://www.googletagmanager.com https://staticxx.facebook.com https://www.facebook.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com https://widget.trustpilot.com https://player.vimeo.com https://*.doubleclick.net https://*.dcmn.io https://*.googlesyndication.com https://*.iubenda.com https://iubenda.mgr.consensu.org/ https://accounts.google.com https://*.publicidees.com https://ams.creativecdn.com https://ad.ad-srv.net/ https://*.redintelligence.net/ https://*.tradedoubler.com; media-src 'self' https://images1.sportpursuit.info https://images2.sportpursuit.info https://images3.sportpursuit.info https://images4.sportpursuit.info https://*.dixa.io/; form-action https://www.privatesportshop.it https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://trc.taboola.com https://*.amazon.co.uk https://*.amazon.de https://*.amazon.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' https://m.sportpursuit.com https://*.scarabresearch.com https://s.ytimg.com https://www.youtube.com/ https://cdn.elev.io https://googleads.g.doubleclick.net https://www.google.com/pagead/conversion_async.js https://www.googleadservices.com https://*.payments-amazon.com https://*.amazon.com https://www.googletagmanager.com https://connect.facebook.net https://www.sc.pages05.net https://platform.twitter.com https://widget.trustpilot.com https://*.dcmn.io https://*.googlesyndication.com https://*.googleapis.com https://apis.google.com https://*.postcodeanywhere.co.uk https://tagmanager.google.com https://*.iubenda.com https://bat.bing.com https://*.dixa.io https://cdn.polyfill.io https://sentry.io https://widgets.trustedshops.com https://cdn.taboola.com https://trc.taboola.com https://app.storyblok.com https://accounts.google.com data: https://*.logbor.com https://cdn.jsdelivr.net/gh/TimeOne-Group/isdk@latest/dist/isdk.min.js https://tracking.publicidees.com https://binel.hunkal.com https://*.creativecdn.com https://*.time1.me https://analytics.optimalpeople.fr https://pixel.adensemble.com https://s.retargeted.co https://cdn.mndtrk.com https://*.stylight.net https://*.lacmp.net https://*.tradedoubler.com https://analytics.tiktok.com https://*.gsitrix.com; style-src 'self' 'unsafe-inline' https://*.payments-amazon.com https://fonts.googleapis.com https://*.postcodeanywhere.co.uk https://tagmanager.google.com https://*.iubenda.com https://widgets.trustedshops.com https://accounts.google.com https://accounts.google.com; object-src 'none'; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://cdn.onesignal.com https://onesignal.com https://www.google-analytics.com https://cdn.jsdelivr.net/npm/chart.js@3.5.0/dist/chart.min.js https://client.crisp.chat https://settings.crisp.chat; style-src 'self' 'unsafe-inline' https://onesignal.com https://client.crisp.chat; img-src 'self' blob: https://plisio.net data: https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://www.google.ru https://img.onesignal.com https://www.googletagmanager.com https://hn.inspectlet.com https://client.crisp.chat https://image.crisp.chat https://storage.crisp.chat; default-src 'self'; base-uri 'self'; connect-src 'self' wss://plisio.net https://www.google.com/recaptcha/api.js https://onesignal.com https://hn.inspectlet.com https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://client.crisp.chat; form-action 'self' https://calendly.com/plisio/plisio-call; frame-ancestors 'none'; frame-src 'self' https://www.google.com/ https://onesignal.com https://www.youtube.com https://game.crisp.chat; manifest-src 'self'; media-src 'self' https://client.crisp.chat; object-src 'self'; worker-src 'self'; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.go-mpulse.net *.akstat.io;report-to M 1
object-src 'none'; style-src * 'unsafe-inline'; script-src 'self' 'strict-dynamic' 'nonce-8SCsdxewa' https://cdn.oncehub.com/mergedjs/so.js https://dataart.my.site.com https://static.lightning.force.com https://d.la5-c1-ia4.salesforceliveagent.com https://dataart.my.salesforce.com https://js.zi-scripts.com/zi-tag.js scout-cdn.salesloft.com/sl.js https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/owl.carousel.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery.matchHeight/0.7.2/jquery.matchHeight-min.js https://cdn.jsdelivr.net/npm/popper.js@1.12.9/dist/umd/popper.min.js https://code.jquery.com/jquery-3.6.0.min.js https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/owl.carousel.min.js https://pi.pardot.com https://lp.dataart.com https://widget.clutch.co https://cdn.cookielaw.org https://www.youtube.com https://websitesapi.dataart.com https://widget.clutch.co/static/js/widget.js https://websitesapi.dataart.com https://d.clarity.ms/s/0.6.31/clarity.js https://bat.bing.com https://www.dataart.com/ https://*.clarity.ms https://www.google-analytics.com https://go.pardot.com/ https://snap.licdn.com/ https://www.google.com/pagead/conversion_async.js https://cdn.polyfill.io/v2/polyfill.js https://tagmanager.google.com/debug/debuguiApp-bundle.js https://tagmanager.google.com/debug https://optimize.google.com https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://static.ads-twitter.com/uwt.js https://static.ads-twitter.com/uwt.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com https://bat.bing.com/bat.js https://code.jquery.com/jquery-3.3.1.min.js https://connect.facebook.net/en_US/fbevents.js https://a.quora.com/qevents.js https://www.gstatic.com https://salespanel.io https://analytics.twitter.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/* https://connect.facebook.net https://js.hs-scripts.com/5318857.js https://sc.lfeeder.com/lftracker_v1_bElvO73KyQb7ZMqj.js https://script.hotjar.com/ https://www.google-analytics.com/gtm/* https://js.hs-banner.com/5318857.js https://js.hs-analytics.net https://js.usemessages.com/conversations-embed.js https://js.hsadspixel.net/fb.js https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com/gtm/js https://maps.googleapis.com/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.mouseflow.com *.googletagmanager.com *.jsdelivr.net *.recaptcha.net *.gstatic.com smtpjs.com *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com *.metricool.com cdnjs.cloudflare.com assets.zendesk.com; object-src 'self' 1
frame-ancestors 'self' *.searchlightpictures.com https://searchlight.ddev.site 1
frame-ancestors self https://*.dnzdns.com https://dnzdns.com 1
default-src 'self'; script-src 'self' https://*.tildacdn.com https://secure.leadforensics.com https://snap.licdn.com https://mc.yandex.ru https://*.google.com https://www.googletagmanager.com https://*.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://vk.com https://*.facebook.net https://www.youtube.com/iframe_api https://code-ya.jivosite.com https://code.jivo.ru 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.tildacdn.com https://*.google.com https://fonts.googleapis.com https://*.mailchimp.com https://*.typekit.net 'unsafe-inline' https://code-ya.jivosite.com https://code.jivo.ru; img-src 'self' data: https://*.tildacdn.com https://*.linkedin.com https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://vk.com https://*.vk.com https://www.facebook.com https://code-ya.jivosite.com; child-src 'self' https://forms.tildaapi.com/ https://www.youtube-nocookie.com/ https://*.google.com https://www.youtube.com https://www.facebook.com; connect-src 'self' https://*.tildacdn.com https://forms.tildaapi.com https://analytics.google.com https://*.google-analytics.com https://*.amazonaws.com https://*.doubleclick.net https://mc.yandex.ru https://ymetrica1.com wss://*.jivosite.com https://*.jivosite.com https://suggestions.dadata.ru https://idx.liadm.com; media-src 'self' https://www.youtube-nocookie.com/ https://www.youtube.com/ https://*.amazonaws.com https://code-ya.jivosite.com https://code.jivo.ru; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://matomo.subdelirium.ovh/ https://*.hcaptcha.com/; img-src 'self' data: blob: https://matomo.subdelirium.ovh/ https://media.giphy.com/ https://*.tile.openstreetmap.org/ https://*.hcaptcha.com/; object-src 'self' data: blob: https://matomo.subdelirium.ovh/ https://*.hcaptcha.com/; frame-src 'self' data: blob: https://matomo.subdelirium.ovh/ https://*.hcaptcha.com/; 1
frame-ancestors 'self' https://viewmychart.com https://*.viewmychart.com;; 1
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; script-src * blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src * data: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; child-src * blob: data: ; style-src * 'unsafe-inline'; 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com https://covideo.com https://vidmails.com; 1
default-src 'self'  https://*.learningcaregroup.com https://*.lapetite.com *.agkn.com *.datasteam.io *.dca0.com dca0.com https://*.addevent.com https://*.adroll.com https://*.bing.com https://*.doubleclick.net https://*.everestjs.net https://*.everesttech.net https://*.facebook.com https://*.foresee.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.hiconversion.com https://*.hotjar.com https://*.hotjar.io https://*.hubspot.com https://*.jquery.com https://*.learningcaregroup.com https://*.mpeasylink.com https://*.youtube.com https://www.google-analytics.com wss://*.hotjar.com https://api.segment.io https://*.demdex.net https://*.clarity.ms https://pixel.sitescout.com https://cdn.linkedin.oribi.io ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.learningcaregroup.com https://media.winnie.com https://cdn.segment.com *.dca0.com dca0.com https://*.adroll.com https://*.agkn.com https://*.bing.com https://*.cloudfront.net https://*.cluep.com https://*.convertlanguage.com https://*.datasteam.io https://*.dialogtech.com https://*.everestjs.net https://*.facebook.net https://*.foresee.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.hiconversion.com https://*.hotjar.com https://*.mpeasylink.com https://*.simpli.fi https://*.youtube.com https://addevent.com https://d.adroll.mgr.consensu.org https://googleads.g.doubleclick.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-scripts.com https://s.ytimg.com https://www.googletagmanager.com https://api.segment.io https://*.clarity.ms https://*.invocacdn.com https://*.invoca.net https://*.zoominfo.com https://*.licdn.com ;style-src 'self' 'unsafe-inline' https://*.learningcaregroup.com https://*.foresee.com https://*.googleapis.com https://*.jquery.com https://*.mpeasylink.com ;img-src 'self'  http://* https://* data: ; 1
default-src 'self' data: blob: *.conac.cn  *.gov.cn *.jiathis.com *.baidu.com *.bshare.cn *.eol.cn *.qq.com *.kaipuyun.cn *.bdimg.com *.wx.qq.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src data: 'self' https://*.kiavi.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.hsappstatic.net https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.hubspot.net https://bat.bing.com https://d.adroll.com https://f.hubspotusercontent20.net https://googleads.g.doubleclick.net https://p.adsymptotic.com https://px.ads.linkedin.com https://sp.analytics.yahoo.com https://www.facebook.com; upgrade-insecure-requests 1
frame-src * 'self'; frame-ancestors 'self' https://www.welove2023tour.fr/; 1
frame-ancestors 'self' https://www.foia.gov 1
frame-ancestors https://oxfordbusinessgroup.com https://oxfordbusinessgroup.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.googleapis.com/ https://static.addtoany.com/ https://vjs.zencdn.net/ https://player.vimeo.com/ https://secure.gravatar.com/ https://www.youtube.com/ https://*.gstatic.com/ https://*.google-analytics.com/ https://ps.w.org/ https://yoast.com https://cdn.jsdelivr.net/ https://boards.greenhouse.io/ https://www.google.com/recaptcha/ https://hackerone.com/ https://beacon-v2.helpscout.net/ https://my.yoast.com/api/ https://*.smarthub.coop/ https://cdnjs.cloudflare.com/ajax/ https://pi.pardot.com/ https://*.nisc.coop/ https://www.googletagmanager.com/ https://stats.g.doubleclick.net/ https://connect.facebook.net/ https://www.facebook.com/ 1
default-src https: 'self' 'unsafe-inline'; font-src https: data: 'self' 'unsafe-inline'; img-src https: data:; script-src https: 'self' 'unsafe-inline'; style-src https: 'self' 'unsafe-inline'; 1
default-src blob: data: https: 'unsafe-eval' 'unsafe-inline' 'self' https://*.googletagmanager.com https://challenges.cloudflare.com/ https://*.wistia.com https://www.googleadservices.com https://*.adform.net https://connect.facebook.net https://bat.bing.com https://js.adsrvr.org https://td.doubleclick.net https://*.adsrvr.org https://lvm.de *.google-analytics.com https://fonts.gstatic.com https://fonts.googleapis.com https://sc-static.net/ https://stage-p.public.lvm-prod.magnolia-platform.com/ ; connect-src data: 'self' *.doubleclick.net/ *.google-analytics.com/ *.analytics.google.com *.googletagmanager.com *.google.com *.google.de *.bing.com/ *.wistia.com *.wistia.net *.lvm.de embedwistia-a.akamaihd.net/ *.litix.io api.userlike.com chat.userlike.com www.userlike.com wss://chat.userlike.com/ wss://umd.userlike.com/ https://bankauswahl.giropay.de/ https://bankauswahl.girocheckout.de https://sentry.lvm.de https://cybercheck.lvm.de https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://d3dc1lgancj6l0.cloudfront.net/ https://tr.snapchat.com/ *.delivery.consentmanager.net https://track.adform.net/ userlike-cdn-operators.userlike.com userlike-cdn-widgets.userlike.com *.lvm-prod.magnolia-platform.com *.lvm.magnolia-platform.com https://maps.googleapis.com/ https://*.snapchat.com/ ; media-src *.lvm.de d3dc1lgancj6l0.cloudfront.net dq4irj27fs462.cloudfront.net blob: data: *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net ; frame-ancestors 'self' *.lvm.de https://*.lvm.de/ https://viewer.rooom.com ; img-src https://*.lvm.de data: blob: https://*.consentmanager.net https://*.googletagmanager.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net https://userlike-cdn-operators.userlike.com https://*.wistia.com https://*.doubleclick.net https://bat.bing.com https://www.google.com https://www.facebook.com https://www.google.de https://www.google-analytics.com https://lvm.de https://track.adform.net https://insight.adsrvr.org https://play.google.com https://fonts.gstatic.com https://d1m3qravo0uxtt.cloudfront.net https://api.mapbox.com https://*.googleapis.com/ https://maps.gstatic.com/ https://stage-p.public.lvm-prod.magnolia-platform.com/ https://*.lvm.magnolia-platform.com 1
frame-ancestors http://gobrowser.com/ http://gologin.com/ http://iphey.com/ 1
default-src 'none'; frame-ancestors https://*.shedevrum.ai https://shedevrum.ai; connect-src 'self'; script-src 'nonce-bde80bce6f39641ab9d91ac01f1125eb' 'self'; img-src 'self' 1
frame-src blob: *.vimeo.com *.turecibo.com *.turecibo.com.ar *.youtube.com *.google.com *.hotjar.com *.helphero.co ; 1
default-src 'self' *.mitel.io *.hubspot.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com maxcdn.bootstrapcdn.com code.jquery.com ajax.googleapis.com breakthru-bev.global.ssl.fastly.net; img-src 'self' *.mitel.io *.trkn.us *.hubspot.com *.hsforms.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://prd-cdn-talkdesk.talkdesk.com *.talkdeskapp.com www.google.pt breakthru-bev.global.ssl.fastly.net *.breakthrubev.com data: ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.mitel.io *.hubspot.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com/ https://talkdeskchatsdk.talkdeskapp.com/ maxcdn.bootstrapcdn.com code.jquery.com ajax.googleapis.com js.hsforms.net breakthru-bev.global.ssl.fastly.net; style-src 'self' *.mitel.io *.hubspot.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com 'unsafe-inline' https://fonts.googleapis.com  maxcdn.bootstrapcdn.com code.jquery.com ajax.googleapis.com; font-src 'self' https://fonts.gstatic.com https://talkdeskchatsdk.talkdeskapp.com data:  maxcdn.bootstrapcdn.com code.jquery.com ajax.googleapis.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net *.mitel.io *.hubspot.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com forms.hsforms.com *.amazonaws.com https://talkdeskchatsdk.talkdeskapp.com/ https://api.talkdeskapp.com/ wss://tsock.us1.twilio.com *.google-analytics.com; frame-src 'self' https://www.google.com *.mitel.io *.hubspot.com *.hsforms.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com www.youtube.com https://forms.office.com; child-src 'self' https://www.google.com ; form-action 'self' *.hsforms.com; object-src 'self' ; worker-src 'self' blob: ; base-uri 'self' ; frame-ancestors 'self' ; 1
default-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://embed.tawk.to https://va.tawk.to https://upload.tawk.to wss://*.tawk.to; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://embed.tawk.to https://va.tawk.to https://cdn.jsdelivr.net; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net; script-src-attr 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://embed.tawk.to; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data: https://www.google-analytics.com https://embed.tawk.to; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://embed.tawk.to; upgrade-insecure-requests; block-all-mixed-content; 1
base-uri 'self'; form-action 'self'; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net m.addthis.com api-public.addthis.com ajax.googleapis.com www.googletagmanager.com  api.lever.co; default-src 'self' fonts.gstatic.com www.google.com ajax.googleapis.com www.googletagmanager.com api.lever.co; frame-src www.youtube.com s7.addthis.com www.google.com; img-src 'self'  s3.amazonaws.com  mkt-prod-gsg-wordpress.s3.amazonaws.com ; script-src 'self' 'unsafe-inline' www.google-analytics.com s7.addthis.com 'unsafe-eval' z.moatads.com v1.addthisedge.com m.addthis.com api-public.addthis.com  ajax.googleapis.com www.googletagmanager.com  api.lever.co; style-src 'self' fonts.googleapis.com 'unsafe-inline' ; 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' verilife.com cdn.surfside.io siteimproveanalytics.com static.addtoany.com static.ads-twitter.com www.google.com www.gstatic.com www.googletagmanager.com tags.srv.stackadapt.com *.pharmacann.com pharmacann.com maps.googleapis.com api.iheartjane.com www.google-analytics.com; report-uri /.webscale/csp-report 1
default-src 'self';object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://code.jquery.com https://www.googletagmanager.com https://maps.googleapis.com https://qalogin-za.eu.cognizantorderservnxtgen.com https://www.google-analytics.com;style-src 'self' 'unsafe-inline' https: https://fonts.googleapis.com;font-src 'self' https: https://fonts.googleapis.com https://tools.ietf.org https://fonts.gstatic.com;connect-src 'self' 'unsafe-inline' https: https://order.kfc.co.za https://cdn.contentful.com;media-src 'self' 'unsafe-inline' https: https://videos.ctfassets.net;img-src 'self' 'unsafe-inline' data: https: https://images.ctfassets.net https://order.kfc.co.za;frame-src 'self' https://www.google.com https://about.kfc.co.au https://microapps.google.com https://pay.google.com https://checkout.paypal.com https://www.sandbox.paypal.com https://assets.braintreegateway.com https://c.sandbox.paypal.com https://dashboard.d3mand.tech https://delivery.uber.com https://jngl.ml https://backend.skedadel.co.za https://a19558781057.cdn.optimizely.com *.cdn.optimizely.com;frame-ancestors 'self' https://app.contentful.com;upgrade-insecure-requests 1
default-src 'self' *.usu.com; connect-src 'self' api-js.mixpanel.com api.hubapi.com api-eu1.hubapi.com salesviewer.org *.salesviewer.org usu.concludis.de hubspot-forms-static-embed.s3.amazonaws.com *.usu.com *.usu.de *.cookiefirst.com *.hsforms.com *.doubleclick.net *.googleapis.com *.hubspot.com *.google-analytics.com *.googlesyndication.com *.lfeeder.com *.google.com ws.zoominfo.com cdn.linkedin.oribi.io *.visitors.live *.clarity.ms px.ads.linkedin.com tracking.g2crowd.com *.g2.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' s3.amazonaws.com *.echobot.de fonts.gstatic.com usu.concludis.de *.usu.com *.usu.de *.hsforms.com *.cookiefirst.com; frame-src 'self' irpages2.equitystory.com www.gartner.com www.youtube.com www.youtube-nocookie.com *.tradingview.com *.usu.com *.usu.de *.hsforms.com *.hsforms.net *.cookiefirst.com play.workadventu.re app-eu.wrike.com *.vimeo.com vimeo.com www.google.com *.facebook.net *.facebook.com *.hs-sites-eu1.com td.doubleclick.net www.g2.com/; img-src 'self' *.hubspotusercontent-eu1.net *.echobot.de *.quora.com img.youtube.com reviews.static.gartner.com www.googletagmanager.com *.google-analytics.com usu.concludis.de *.usu.com *.usu.de *.hsforms.com *.hsforms.net *.google.com t.co *.linkedin.com *.hubspot.com *.cloudfront.net *.google.de data: *.lfeeder.com fonts.gstatic.com app-eu.wrike.com *.twitter.com vumbnail.com *.facebook.net *.facebook.com *.bing.com *.hsappstatic.net i.vimeocdn.com *.clarity.ms *.g2.com *.provenexpert.com https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' *.cloudfront.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ws.zoominfo.com use.fontawesome.com *.echobot.de *.google.com www.youtube.com js-eu1.hsadspixel.net www.gartner.com *.doubleclick.net *.googleadservices.com blob: www.googletagmanager.com *.google-analytics.com usu.concludis.de *.hsforms.net *.hsforms.com *.cloudfront.net *.usu.com *.usu.de *.cookiefirst.com *.hs-scripts.com *.ads-twitter.com *.twitter.com *.licdn.com *.hs-banner.com *.hs-analytics.net *.hsleadflows.net sc.lfeeder.com www.gstatic.com *.facebook.net *.bing.com *.hubspot.com *.clarity.ms tracking.g2crowd.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://js-eu1.hsforms.net https://unpkg.com; style-src 'self' 'unsafe-inline' data: use.fontawesome.com *.echobot.de www.gartner.com fonts.googleapis.com usu.concludis.de *.usu.com *.usu.de *.cloudfront.net *.cookiefirst.com *.hsforms.com *.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; base-uri 'self'; form-action 'self' *.usu.com *.usu.de *.hsforms.com *.hsforms.net *.facebook.net *.facebook.com *.loom.de; frame-ancestors 'self' 1
frame-ancestors 'self' https://*.lexus.eu https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'self';  script-src 'self' https://cdn.jsdelivr.net/ https://static.cloudflareinsights.com/ https://cdnjs.cloudflare.com/ https://unpkg.com/ https://cdn.tailwindcss.com/  https://code.jquery.com https://apis.google.com https://www.google.com https://www.gstatic.com https://ajax.cloudflare.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' ssl.gstatic.com https://usenet.farm https://www.coinpayments.net https://www.vipernews.com https://cdn.vipernews.com https://gravatar.com data:; style-src 'self' https://cdn.jsdelivr.net/ https://fonts.googleapis.com/ https://fonts.bunny.net/ 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com  https://fonts.bunny.net data:; frame-src 'self' https://youtube.com https://www.youtube.com https://www.google.com;; connect-src 'self' https://apis.google.com; object-src 'none' 1
frame-ancestors 'self' *.mikeholt.com; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' 1
default-src 'self' cloudflare-quic.com; script-src 'self' d10zminp1cyta8.cloudfront.net *.googletagmanager.com *.google-analytics.com *.cookiebot.com challenges.cloudflare.com cdnjs.cloudflare.com *.licdn.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hsforms.com *.hsforms.net *.hs-analytics.net; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.linkedin.com *.cookiebot.com *.hsforms.com; font-src 'self' data:; frame-src 'self' *.googletagmanager.com *.cookiebot.com challenges.cloudflare.com *.hsforms.com; object-src 'none'; connect-src 'self' career.recruitee.com *.plyr.io *.linkedin.oribi.io *.cookiebot.com *.google-analytics.com px.ads.linkedin.com *.hsforms.com *.s3.amazonaws.com; 1
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src * 'unsafe-inline' *; font-src * 'unsafe-inline'; frame-ancestors https://keckmedicine.lightning.force.com https://myuscchartpp-test.keckmedicine.org https://myuscchartpp.keckmedicine.org https://patientportal.myuscchartpp.keckmedicine.org https://keckmedicine.patientportal.us-1.healtheintent.com; 1
default-src 'self';      script-src 'self' 'unsafe-inline' 'unsafe-eval'                        *.gundam.info                        *.google-analytics.com                        *.onetrust.com                        *.min.js                        apis.google.com                        b.st-hatena.com                        static.mixi.jp                        connect.facebook.net                        platform.twitter.com                        d.line-scdn.net                        poplink-f.probo.biz                        poplink.probo.biz                        *.o2u.jp                        sync.im-apps.net                        dmp.im-apps.net                        audiencedata.im-apps.net                        www.youtube.com                        api.b-ch.com                        stats.g.doubleclick.net                        event.geniee-search.net                        cdn.webpush.jp                        api.webpush.jp                        www.gstatic.com                        analytics.google.com                        firebaseinstallations.googleapis.com                        fcmregistrations.googleapis.com                        b6.im-apps.net ;     connect-src       *.gundam.info                        *.google-analytics.com                        *.onetrust.com                        *.min.js                        apis.google.com                        b.st-hatena.com                        static.mixi.jp                        connect.facebook.net                        platform.twitter.com                        d.line-scdn.net                        poplink-f.probo.biz                        poplink.probo.biz                        *.o2u.jp                        sync.im-apps.net                        dmp.im-apps.net                        audiencedata.im-apps.net                        www.youtube.com                        api.b-ch.com                        stats.g.doubleclick.net                        event.geniee-search.net                        cdn.webpush.jp                        api.webpush.jp                        www.gstatic.com                        analytics.google.com                        firebaseinstallations.googleapis.com                        fcmregistrations.googleapis.com                        *.geniee-search.net                        b.im-apps.net                        b6.im-apps.net ;     script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'                        *.gundam.info                        *.google-analytics.com                        *.onetrust.com                        *.min.js                        apis.google.com                        b.st-hatena.com                        static.mixi.jp                        connect.facebook.net                        platform.twitter.com                        d.line-scdn.net                        poplink-f.probo.biz                        poplink.probo.biz                        *.o2u.jp                        sync.im-apps.net                        dmp.im-apps.net                        audiencedata.im-apps.net                        www.youtube.com                        api.b-ch.com                        www.googletagmanager.com                        stats.g.doubleclick.net                        event.geniee-search.net                        cdn.webpush.jp                        api.webpush.jp                        www.gstatic.com                        analytics.google.com                        firebaseinstallations.googleapis.com                        fcmregistrations.googleapis.com                        *.geniee-search.net                        b6.im-apps.net ;     img-src 'self' * data:;     style-src 'self' 'unsafe-inline'                        *.gundam.info                        poplink-f.probo.biz                        fonts.googleapis.com ;     frame-src 'self'                         platform.twitter.com                          *.youtube-nocookie.com                        www.youtube.com                         gins.mixi.jp                         b.hatena.ne.jp                         web.facebook.com                         social-plugins.line.me                         plugins.mixi.jp                         www.facebook.com                         syndication.twitter.com ;     font-src 'self'                         fonts.gstatic.com ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.fundraiseup.com doublethedonation.com *.doublethedonation.com unpkg.com *.newrelic.com *.nr-data.net nr-data.net js.stripe.com pay.google.com outrightinternational.bamboohr.com/js/embed.js https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js outrightinternational.us5.list-manage.com *.stripe.com m.stripe.network *.plaid.com *.src.mastercard.com *.checkout.visa.com pay.google.com *.paypal.com *.google.com *.analytics.google.com *.paypalobjects.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com doublethedonation.com *.doublethedonation.com *.mailchimp.com; img-src 'self' data: *.facebook.com *.fundraiseup.com doublethedonation.com *.doublethedonation.com ucarecdn.com www.gstatic.com resources.bamboohr.com www.google-analytics.com/* pay.google.com *.google.com *.paypal.com *.google-analytics.com *.paypalobjects.com; media-src 'self'; frame-src 'self' *.youtube.com *.youtu.be *.youtube-nocookie.com *.googlevideo.com *.googleapis.com *.ytimg.com *.youtubeeducation.com tgbwidget.com *.tgbwidget.com *.fundraiseup.com *.stripe.com *.plaid.com *.paypal.com pay.google.com *; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.fundraiseup.com doublethedonation.com *.doublethedonation.com *.stripe.com; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net www.google.com www.facebook.com *.fundraiseup.com fndrsp.net *.fndrsp.net doublethedonation.com *.doublethedonation.com nr-data.net fndrsp-checkout.net outrightinternational.bamboohr.com bam.nr-data.net *.fundraiseup.com *.stripe.com *.paypal.com *.plaid.com *.mastercard.com *.checkout.visa.com api.addressy.com *.google.com *.analytics.google.com google.com/pay; report-uri /report-csp-violation 1
default-src 'self'; img-src 'self' https://ht.blackhawknetwork.com https://*.onetrust.com https://cdn.cookielaw.org www.google.com *.cloudfront.net *.doubleclick.net data:; script-src 'self' https://ht.blackhawknetwork.com https://*.onetrust.com https://cdn.cookielaw.org www.gstatic.com maps.googleapis.com www.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.split.io w.usabilla.com *.cloudfront.net cdn.segment.com cdn.mxpnl.com https://static.ada.support *.ada.support 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.split.io *.cloudfront.net fonts.googleapis.com fonts.gstatic.com 'unsafe-inline'; font-src fonts.gstatic.com 'self'; object-src 'self'; connect-src 'self' https://*.onetrust.com https://cdn.cookielaw.org api.segment.io *.split.io *.rollbar.com *.mixpanel.com *.doubleclick.net *.rewardlink.io https://static.ada.support *.ada.support https://tangocard.ada.support https://previews.ada.support https://ws-mt1.pusher.com https://rollout.ada.support/tangocard/client.json https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://cookies-data.onetrust.io; frame-src www.google.com  https://www.google.com/recaptcha/ https://tangocard.ada.support https://tangocard-gr.ada.support https://*.rewardlink.io https://*.rewardlink.com d6tizftlrpuof.cloudfront.net 1
img-src * data:; font-src * data:; connect-src *; child-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com *.youtube.com https://d335luupugsy2.cloudfront.net *.googletagmanager.com *.facebook.net *.google.com *.bing.com *.goadopt.io *.google-analytics.com https://js.hs-scripts.com *.googleadservices.com *.hs-banner.com *.hscollectedforms.net *.usemessages.com *.hs-analytics.net *.hsadspixel.net data:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.wufoo.com b *.hubspot.com https://yoast.com *.googleleadservice.com *.g.doubleclick.net *.youtube.com https://d335luupugsy2.cloudfront.net *.googletagmanager.com *.hs-scripts.com *.facebook.net *.googleadservices.com *.bing.com *.goadopt.io *.google-analytics.com *.usemessages.com *.hs-analytics.net *.hscollectedforms.net *.hs-banner.com *.hsadspixel.net https://cdnjs.cloudflare.com *.clarity.ms *.hotjar.com *.licdn.com *.omappapi.com *.licdn.com *.freshworks.com *.hsforms.net *.hsleadflows.net optimize.google.com *.moengage.com *.buzzlead.com.br data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com *.googleapis.com *.omappapi.com *.freshworks.com *.mailchimp.com *.amazonaws.com 1
default-src 'self' *.nshss.org/ nshss.org/ *.gstatic.com/ *.gravatar.com/ dashboard.umbraco.com/; connect-src 'self' *.nshss.org/ nshss.org/ wss://ws.hotjar.com/ https://content.hotjar.io/ ct.pinterest.com/ analytics.tiktok.com/ analytics.google.com/ *.paypal.com/ *.bugsnag.com/ *.braintreegateway.com/ *.braintree-api.com/  *.nshss.org/ *.theoryfarm.com/ nshss-email.s3.amazonaws.com/ wss://localhost:44337/ wss://localhost:44391/ http://localhost:8080/ wss://nshss-2023-dev.azurewebsites.net/ wss://*.nshss.org/ wss://nshss.org/ *.cookiepro.com *.purechat.com https://s.pinimg.com/ct/core.js *.snapchat.com *.doubleclick.net/ www.google-analytics.com/ *.hotjar.com/ wss://ws3.hotjar.com/api/ *.googleapis.com/ *.gstatic.com/ *.gravatar.com/ dashboard.umbraco.com/  wss://*.purechat.com/ *.reddit.com/ *.redditstatic.com/ *.hotjar.io/ *.googletagmanager.com/  *.pinterest.com/ *.vimeo.com/ vimeo.com/ *.vimeocdn.com/; font-src 'self' *.nshss.org/ nshss.org/ data: fonts.googleapis.com/ maxcdn.bootstrapcdn.com/ fonts.gstatic.com/ *.gstatic.com/ *.gravatar.com/; frame-src 'self'  *.nshss.org/ nshss.org/ *.issuu.com/ ct.pinterest.com/ insight.adsrvr.org/ *.paypal.com/ *.braintreegateway.com/ www.googletagmanager.com/ www.google.com/recaptcha/ *.hotjar.com/ *.youtube.com/ *.gstatic.com/ *.gravatar.com/ *.umbraco.com/ *.vimeo.com/ *.snapchat.com/ *.doubleclick.net/; child-src *.nshss.org/ nshss.org/ www.youtube.com/ *.gravatar.com/; img-src 'self' *.nshss.org/ nshss.org/ data: blob: ct.pinterest.com/ *.vimeocdn.com www.facebook.com/ www.google-analytics.com/ www.google.com/ads/ maps.gstatic.com/mapfiles/ dev-store.nshss.org/ maps.googleapis.com/ dashboard.umbraco.org/ umbraco.tv/ *.paypal.com/ *.amazonaws.com/ *.gstatic.com/ *.gravatar.com/ dashboard.umbraco.com/ https://prod.purechatcdn.com/ https://*.wp.com/app.purechat.com/ *.adsrvr.org/ *.doubleclick.net/ *.googletagmanager.com/ *.reddit.com/; media-src 'self' *.nshss.org/ nshss.org/ *.gstatic.com/ *.gravatar.com/ dashboard.umbraco.com/ *.purechatcdn.com/; object-src 'self' *.nshss.org/ nshss.org/ *.gstatic.com/ *.gravatar.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nshss.org/ nshss.org/ d2wy8f7a9ursnm.cloudfront.net/ *.paypal.com/ *.paypalobjects.com/ *.braintreegateway.com/ *.braintreegateway.com/ *.googleapis.com/ https://s.pinimg.com/ct/core.js *.cookiepro.com/ cdn.ampproject.org/ *.redditstatic.com/ *.purechat.com/ *.purechatcdn.com/ *.snapchat.com/ *.pinimg.com/ *.youtube.com/ analytics.tiktok.com/ https://js.adsrvr.org/ https://sc-static.net/scevent.min.js www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com/ajax/libs/cropperjs/2.0.0-alpha.2/cropper.min.js www.google.com/recaptcha/ maps.googleapis.com/ marathonconsulting.atlassian.net/ www.googletagmanager.com/ www.google-analytics.com/ *.hotjar.com/ dashboard.umbraco.com/ *.facebook.net/ *.snapchat.com/ sc-static.net/ *.googleadservices.com/ *.pinterest.com/ *.vimeo.com/ vimeo.com/ *.vimeocdn.com/; style-src 'self' 'unsafe-inline' *.nshss.org/ nshss.org/ nshss-east-staging.azurewebsites.net/ nshss-southcentral-staging.azurewebsites.net/ fonts.googleapis.com/ *.braintreegateway.com/ maxcdn.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ajax/libs/cropperjs/2.0.0-alpha.2/cropper.css dashboard.umbraco.com/ *.googletagmanager.com/; 1
default-src https:; connect-src https: wss:; font-src https:; frame-src https:; img-src data: https:; object-src https:; script-src 'unsafe-eval' 'unsafe-inline' https:; style-src 'unsafe-inline' https:; 1
frame-ancestors 'self' https://*.seafight.com https://*.y8.com https://gameplanet.onet.pl/ https://www.gry.pl/ https://www.jetztspielen.de/ https://www.spielen.com/ https://www.jeux.fr/ https://www.jeu.fr/ https://www.games.co.uk/ https://www.spelletjes.nl/ https://www.spel.nl/ https://www.juegos.com/ https://www.gioco.it/ https://www.spela.se/ https://www.ourgames.ru/ https://www.gamesgames.com/ https://www.agame.com/ https://centralagier.wp.pl/ https://www.jetztspielen.ws/ https://www.1001spiele.de/ https://www.gierkionline.pl/ https://www.grajteraz.pl/ https://www.1001giochi.it/ https://www.giochixl.it/ https://www.1001hry.cz/ https://juegosjuegos.ws/ https://www.isladejuegos.com/ https://www.elkspel.nl/ https://www.spelo.se/ https://www.1001games.com/ https://www.speltuin.nl/ https://www.1001pelit.com/ https://www.1001jeux.fr/ https://www.1001games.fr/ https://www.1001spiele.at/ https://www.mmozone.com/ https://www.mmostation.com/ https://www.mmogratis.es/ https://www.gratismmo.de/ https://www.mmorpggratuits.com/ https://www.mmoitalia.it/ https://www.mmoportugal.com/ https://www.funnygames.nl/ https://www.clickjogos.com.br/ https://www.oyunkolu.com/ https://spele.nl/ https://www.dobregry.pl/ https://fotka.com/ https://www.1001games.co.uk/ https://www.1001jocuri.ro/ https://www.1001jogos.com.br/ https://www.1001jogos.pt/ https://www.igrixl.ru/ https://www.jatekokxl.hu/ https://www.juegosjuegos.ws/ https://www.paixnidiaxl.gr/ https://www.spillespill.no/ https://www.spilxl.dk/ https://www.jeux-gratuits.com/ https://www.minijuegos.com/ https://kizi.com/ https://www.browsergames.de/ https://www.isladejuegos.com/ https://www.juegosdenavegador.com/ https://www.jeuxparnavigateur.net/ https://www.jogosbrowser.com/ https://www.freemmorpglist.com/ https://www.puzzlepuzzles.de/ http://www.mmogratis.com/ https://www.sat1spiele.de/ https://www.flashgames.it/ https://www.prosiebengames.de/ https://www.spielkarussell.de/ https://www.brincar.pt/ https://www.spelle.nl/ https://www.speeleiland.nl/; 1
child-src 'self' blob:; connect-src 'self' https://www.facebook.com/tr/ https://ct.pinterest.com https://bam.nr-data.net https://www.google-analytics.com https://*.doubleclick.net https://ct.pinterest.com https://*.logrocket.io https://*.lr-ingest.io https://*.lr-in.com https://aq.flippenterprise.net https://dam.flippenterprise.net https://sfml.flippback.com https://p.flipp.com https://eu-prod.oppwa.com https://tr.snapchat.com https://*.googleapis.com https://analytics.google.com https://*.googlesyndication.com https://*.linkedin.oribi.io https://*.linkedin.com https://license.strich.io https://global.ketchcdn.com data:; default-src 'self'; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://ct.pinterest.com/ https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.doubleclick.net https://www.facebook.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com https://www.youtube-nocookie.com https://static.addtoany.com https://eu-prod.oppwa.com https://www.pinterest.com https://*.gordonnow.gfsstore.com; img-src 'self' https://www.gordonrestaurantmarket.com https://gordonrestaurantmarket.com https://gfsstore.com https://ajax.googleapis.com https://graph.facebook.com https://platform-lookaside.fbsbx.com https://*.fbsbx.com https://*.fbcdn.net https://*.gstatic.com https://www.google-analytics.com https://www.google.com https://*.googleapis.com https://*.doubleclick.net https://sgfscom.global.ssl.fastly.net https://2qhopr5c.micpn.com https://mi.gfsstore.com https://ct.pinterest.com https://www.facebook.com https://connect.facebook.net https://*.collect.igodigital.com https://i.ytimg.com https://aq.flippenterprise.net https://cdn.flippenterprise.net https://a.wishabi.com https://www.googletagmanager.com https://eu-prod.oppwa.com https://*.linkedin.com http://*.cdninstagram.com/ https://global.ketchcdn.com data:; object-src none; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://bam.nr-data.net https://*.gfsstore.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://*.gstatic.com https://*.doubleclick.net https://*.googleapis.com https://www.youtube.com https://s.ytimg.com https://static.addtoany.com https://*.gordonnow.gfsstore.com https://s.pinimg.com https://connect.facebook.net https://sc-static.net https://2qhopr5c.micpn.com https://mi.gfsstore.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://10983160.collect.igodigital.com https://aq.flippenterprise.net https://cdn.lr-in.com https://eu-prod.oppwa.com https://*.licdn.com https://tr.snapchat.com https://global.ketchcdn.com https://cdn.ketchjs.com data: blob:; style-src 'self' 'unsafe-inline' https://*.gfsstore.com https://www.gordonrestaurantmarket.com https://gordonrestaurantmarket.com https://gfsstore.com https://ajax.googleapis.com https://fonts.googleapis.com https://www.gstatic.com https://tagmanager.google.com https://aq.flippenterprise.net https://eu-prod.oppwa.com https://*.googletagmanager.com; worker-src 'self' blob:; 1
frame-ancestors 'self' file://* https://*.readpaper.com https://*.readpapers.com https://*.readpapers.cn https://*.readpaper.cn https://*.idea.edu.cn http://*.idea.edu.cn 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.heritagefund.org.uk/report-uri/enforce 1
base-uri 'self' *.clearesult.io *.clearesult.com *.azurewebsites.net; default-src 'self' data: *.clearesult.io *.clearesult.com *.azurewebsites.net *.fullstory.com *.amazonaws.com *.g.doubleclick.net *.amazonaws.com *.clearesult.io *.clearesult.com https://dc.services.visualstudio.com https://www.google-analytics.com *.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.gtranslate.net/widgets/latest/dropdown.js *.gtranslate.net https://cdn.gtranslate.net/* *.cookielaw.org *.clearesult.io *.clearesult.com *.googleapis.com *.azurewebsites.net *.vimeocdn.com *.fullstory.com *.google.com *.gstatic.com https://www.gstatic.com kit.fontawesome.com https://az416426.vo.msecnd.net *.googletagmanager.com cdn.jsdelivr.net static.cloudflareinsights.com ajax.cloudflare.com ajax.googleapis.com *.google-analytics.com https://www.datadoghq-browser-agent.com snap.licdn.com js-na1.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com www.googleadservices.com googleads.g.doubleclick.net js.hsforms.net forms.hsforms.com *.googleapis.com js.usemessages.com cdnjs.cloudflare.com https://cdn.frontify.com/* https://cdn.frontify.com/finder/frontify-finder-latest.min.js *.frontify.com/* https://www.clarity.ms; img-src * 'self' data: https: *.clearesult.io *.clearesult.com *.azurewebsites.net *.vimeocdn.com www.googletagmanager.com images.ctfassets.net *.google.com *.google-analytics.com *.sharepoint.com *.windows.net *.microsoftonline.com; font-src 'self' data: *.clearesult.io *.clearesult.com *.azurewebsites.net fonts.googleapis.com fonts.gstatic.com *.fontawesome.com; style-src 'self' 'unsafe-inline' *.clearesult-preprod.com *.clearesult-stg.com *.clearesult-qa.com *.clearesult-dev.com https://translate.googleapis.com/translate_static/css/translateelement.css https://cdnjs.cloudflare.com/ajax/libs/malihu-custom-scrollbar-plugin/3.1.5/jquery.mCustomScrollbar.min.css *.clearesult.io *.clearesult.com *.azurewebsites.net *.vimeocdn.com fonts.googleapis.com fonts.gstatic.com https://www.gstatic.com; frame-src *.clearesult-preprod.com *.clearesult-stg.com *.clearesult-qa.com *.clearesult-dev.com https://td.doubleclick.net https://www.youtube-nocookie.com *.clearesult.io *.clearesult.com *.azurewebsites.net *.hubspot.com *.google.com *.gstatic.com vimeo.com *.vimeo.com bid.g.doubleclick.net js.hsforms.net forms.hsforms.com *.youtube.com https://www.google.com; object-src 'none'; form-action 'self' *.clearesult.io *.clearesult.com *.azurewebsites.net https://cl.s10.exct.net fe3c15707564047a711172.pub.s10.sfmc-content.com *.hsforms.com; frame-ancestors *.azurewebsites.net *.clearesult.io *.clearesult.com; connect-src https://px.ads.linkedin.com/wa/ https://px.ads.linkedin.com/wa/* https://px.ads.linkedin.com/* https://px.ads.linkedin.com/wa *.px.ads.linkedin.com https://adservice.google.com/pagead https://adservice.google.com/pagead/* https://pagead2.googlesyndication.com https://forms.hscollectedforms.net *.clarity.ms/collect https://k.clarity.ms/collect *.clearesult-preprod.com *.clearesult-stg.com *.clearesult-qa.com *.clearesult-dev.com *.linkedin.oribi.io *.cookielaw.org *.onetrust.com *.clearesult.io *.clearesult.com *.azurewebsites.net *.googleapis.com *.fullstory.com *.amazonaws.com *.fontawesome.com *.google-analytics.com https://elastic.snaplogic.com *.g.doubleclick.net https://dc.services.visualstudio.com *.analytics.google.com analytics.google.com https://*.logs.datadoghq.com *.hubspot.com api.hubapi.com *.google.co.in www.google.co.in *.hsforms.com https://www.google.com *.googlesyndication.com https://csp.withgoogle.com; 1
frame-ancestors 'self' *.issgovernance.com *.strategic-i.com *.issmarketintelligence.com *.brightscope.com *.flowspring.com *.investoreconomics.com *.issliquidmetrix.com *.financial-clarity.com *.mortgage-clarity.com *.mylocaladviser.co.uk *.matrixsolutions.co.uk *.pflresearch.com *.529conference.com *.simfund.com *.fundfiling.com *.sionline.com *.annuityinsight.com *.genesysresearch.net *.fundinteltools.com *.funddiligence.com; 1
default-src 'self' 'unsafe-inline' fonts.gstatic.com fonts.googleapis.com fonts.static.com www.google-analytics.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com *.googleapis.com *.jquery.com *.onenorth.com *.oniqa.com *.onistaged.com *.amazonaws.com *.googletagmanager.com *.google-analytics.com *.google.com *.doubleclick.net *.youtube.com *.youtube-nocookie.com *.vimeo.com *.visme.co *.typekit.net *.libsyn.com *.hotjar.com responses.ballardspahr.com app.powerbi.com ; img-src * data:; font-src 'self' data: *.typekit.net; 1
default-src 'self';script-src 'self' https://www.gstatic.com https://*.linkedin.com https://www.google.com/recaptcha/enterprise.js https://www.google.com/recaptcha https://*.zendesk.com https://static.zdassets.com https://assets.production.linktr.ee https://form.typeform.com https://static.geetest.com https://snap.licdn.com https://*.hotjar.com http://gcaptcha4.geetest.com http://gcaptcha4.gsensebot.com https://analytics.twitter.com https://t.co https://connect.facebook.net http://gcaptcha4.geetest.com http://gcaptcha4.gsensebot.com https://static.ads-twitter.com http://static.ads-twitter.com https://static.ads-twitter.com http://gcaptcha4.geevisit.com http://static.geetest.com http://static.geevisit.com http://dn-staticdown.qbox.me https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval';connect-src 'self' https://*.bitdelta.com wss://*.bitdelta.com wss://*.firebaseio.com wss://*.zendesk.com https://bitdelta.zendesk.com https://ltp.linktr.ee https://ekr.zdassets.com https://*.googleapis.com https://www.gstatic.com https://*.hyperverge.co https://*.amazonaws.com https://stats.g.doubleclick.net https://vitals.vercel-insights.com/v1/vitals http://gcaptcha4.gsensebot.com https://*.hotjar.com wss://*.hotjar.com https://www.facebook.com https://*.hotjar.io https://o1100856.ingest.sentry.io https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' https://www.gstatic.com https://*.linkedin.com https://www.google.com/recaptcha/enterprise.js https://*.zendesk.com https://static.zdassets.com https://assets.production.linktr.ee https://snap.licdn.com https://unpkg.com/@dotlottie/player-component@1.0.0/dist/dotlottie-player.js https://*.amazonaws.com https://*.hotjar.com http://gcaptcha4.geevisit.com http://gcaptcha4.gsensebot.com https://static.ads-twitter.com http://static.ads-twitter.com https://analytics.twitter.com https://t.co https://connect.facebook.net https://www.google.com/recaptcha https://static.geetest.com http://static.geetest.com http://gcaptcha4.geetest.com http://static.geevisit.com/ https://www.google-analytics.com https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval';style-src 'self' http://static.geetest.com http://static.geevisit.com http://dn-staticdown.qbox.me https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' ;style-src-elem 'self' https://www.googletagmanager.com https://www.google-analytics.com http://static.geetest.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval';font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com 'unsafe-inline' 'unsafe-eval';img-src 'self' blob: https://*.bitdelta.com data: https://bitdelta.com https://*.amazonaws.com https://bitdelta.zendesk.com https://static.zdassets.com https://hv-camera-web-sg.s3-ap-southeast-1.amazonaws.com https://www.google.com https://www.google.ae http://*.cloudfront.net https://www.facebook.com https://t.co https://analytics.twitter.com http://static.geetest.com https://www.googletagmanager.com https://www.google-analytics.com http://static.geevisit.com http://dn-staticdown.qbox.me https://flagcdn.com 'unsafe-inline' 'unsafe-eval';frame-src 'self' data: https://*.twitter.com https://*.instagram.com https://www.instagram.com https://*.veriff.com https://*.veriff.me https://www.google.com https://www.typeform.com https://form.typeform.com/ https://www.facebook.com https://www.youtube.com https://*.hotjar.com https://api.sumsub.com 'unsafe-inline' 'unsafe-eval' data: https://*.onramper.com https://onramp.money https://*.onramp.money https://ezagauat.co.za/ https://*.paybis.com/ https://*.saber.money/; 1
script-src 'nonce-6Zvp0IkM2lJwnr+yKlbs3A==' 'strict-dynamic' * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; object-src 'none'; base-uri 'none'; 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/; connect-src 'self' https://oldtoons.world:8443/socket.io/ wss://oldtoons.world:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com *.appdynamics.com *.webex.com ciscosales.my.site.com *.sandbox.my.site.com 1
frame-ancestors 'self' http://www.spelo.se 1
default-src 'self';script-src 'self' https://walks-manager.ramblers.org.uk https://forms.ramblers.org.uk 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.ramblers.org.uk https://cdn.jsdelivr.net/gh/davidjbradshaw/iframe-resizer@4.2.10/js/iframeResizer.min.js https://cdn.jsdelivr.net/gh/davidjbradshaw/iframe-resizer@v4.2.10/js/iframeResizer.contentWindow.min.js https://t0.ads.astuntechnology.com https://cc.cdn.civiccomputing.com https://apikeys.civiccomputing.com/ https://connect.facebook.net https://www.facebook.com https://p.teads.tv *.google-analytics.com/ https://fonts.googleapis.com/ https://bam.nr-data.net/ https://stats.g.doubleclick.net/ https://region1.analytics.google.com/ https://www.google.co.uk/ads/ https://analytics.google.com/ https://www.google.com.eg/ads/ *.google.co.uk/ *.google.com/ https://js-agent.newrelic.com/ https://g.adspeed.net/;connect-src 'self' https://walks-manager.ramblers.org.uk https://forms.ramblers.org.uk *.teads.tv https://ramblersinternaldev.eu.auth0.com https://ramblers-saml.eu.auth0.com https://apikeys.civiccomputing.com https://www.googletagmanager.com https://www.google-analytics.com https://apikeys.civiccomputing.com https://stats.g.doubleclick.net https://region1.google-analytics.com *.google-analytics.com/ https://fonts.googleapis.com/ https://bam.nr-data.net/ https://stats.g.doubleclick.net/ https://region1.analytics.google.com/ https://www.google.co.uk/ads/ https://analytics.google.com/ https://www.google.com.eg/ads/ *.google.co.uk/ *.google.com/;style-src 'unsafe-inline' https://www.googletagmanager.com/ https://fonts.googleapis.com/;font-src 'self' data: https://fonts.googleapis.com/ https://fonts.gstatic.com/;object-src 'self';form-action 'self';base-uri 'self';manifest-src 'self';media-src 'self';img-src 'self' data: https://walks-manager.ramblers.org.uk https://forms.ramblers.org.uk *.ramblers.nomensa.xyz *.ramblers.org.uk *.teads.tv *.tile.openstreetmap.org api.os.uk *.ramblersroutes.org https://www.facebook.com *.google-analytics.com/ https://fonts.googleapis.com/ https://bam.nr-data.net/ https://stats.g.doubleclick.net/ https://region1.analytics.google.com/ https://www.google.co.uk/ads/ https://analytics.google.com/ https://www.google.com.eg/ads/ *.google.co.uk/ *.google.com/ https://g.adspeed.net/ https://www.therivergroup.co.uk/;frame-src https://walks-manager.ramblers.org.uk https://forms.ramblers.org.uk https://www.youtube.com/ https://g.adspeed.net/;child-src https://walks-manager.ramblers.org.uk https://forms.ramblers.org.uk;frame-ancestors https://walks-manager.ramblers.org.uk https://forms.ramblers.org.uk https://walks-manager.ramblers.org.uk https://forms.ramblers.org.uk 1
frame-ancestors 'self' https://www.mycme.com/ https://mycmesandbox.thoughtindustries.com https://nacesandbox.thoughtindustries.com https://www.naceonline.com/ 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-gZnivKU/KJm/+DNdyBbO0jqZcGatNrqfZgpzwPTbSlMDz2/V' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*; 1
frame-ancestors 'self' https://*.cermati.com https://*.indodana.com 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=CA&lang=en-CA&device=desktop&yrid=1mqhd1pja5v9s&partner=; 1
font-src 'self' data: yakitoriyaru.webim2.ru yastatic.net fonts.gstatic.com https://static.yakitoriya.ru; default-src 'self'; script-src mc.yandex.ru *.mc.yandex.ru mc.yandex.com *.mc.yandex.com mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz metrika.yandex.ru https://cp.pushwoosh.com https://fcm.googleapis.com https://cdn.pushwoosh.com 'self' 'unsafe-eval' https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://*.maps.yandex.net https://suggest-maps.yandex.ru yastatic.net yakitoriyaru.webim2.ru http://yakitoriyaru.webim2.ru api.mindbox.ru www.googletagmanager.com www.google.com https://static.yakitoriya.ru analytics.tiktok.com analytics.pangle-ads.com sovetnik.market.yandex.ru *.doubleclick.net https://top-fwz1.mail.ru www.google-analytics.com *.analytics.google.com analytics.google.com https://vk.com https://id.vk.com https://m.vk.com 'nonce-h07EpLg8Fxtvh/hvqCXeFQ=='; frame-src mc.yandex.ru *.mc.yandex.ru mc.yandex.com *.mc.yandex.com mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz metrika.yandex.ru 'self' https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru www.googletagmanager.com www.google.com yandex.ru *.doubleclick.net www.youtube.com https://static.yakitoriya.ru; child-src mc.yandex.ru *.mc.yandex.ru mc.yandex.com *.mc.yandex.com mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz metrika.yandex.ru 'self' https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru www.googletagmanager.com www.google.com yandex.ru *.doubleclick.net www.youtube.com https://static.yakitoriya.ru; img-src mc.yandex.ru *.mc.yandex.ru mc.yandex.com *.mc.yandex.com mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz metrika.yandex.ru 'self' blob: data: api-maps.yandex.ru https://*.maps.yandex.net favicon.yandex.net login.vk.com yakitoriyaru.webim2.ru yandex.ru *.doubleclick.net www.facebook.com www.googletagmanager.com https://top-fwz1.mail.ru play-lh.googleusercontent.com api.guru.yakitoriya.ru i.ytimg.com fonts.gstatic.com translate.google.com www.google-analytics.com *.analytics.google.com analytics.google.com www.google.ru www.google.com adservice.google.com https://static.yakitoriya.ru https://vk.com https://id.vk.com https://m.vk.com https://cp.pushwoosh.com https://fcm.googleapis.com https://cdn.pushwoosh.com; media-src 'self' yakitoriyaru.webim2.ru https://static.yakitoriya.ru; report-to /services/csp; connect-src mc.yandex.ru *.mc.yandex.ru mc.yandex.com *.mc.yandex.com mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz metrika.yandex.ru ymetrica.com ymetrica1.com ymetrica2.com 'self' https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://*.maps.yandex.net https://suggest-maps.yandex.ru yakitoriyaru.webim2.ru api.mindbox.ru personalization-web-stable.mindbox.ru https://top-fwz1.mail.ru https://translate.googleapis.com www.google.ru www.google.com adservice.google.com analytics.tiktok.com analytics.pangle-ads.com sovetnik.market.yandex.ru *.doubleclick.net https://top-fwz1.mail.ru www.google-analytics.com *.analytics.google.com analytics.google.com https://static.yakitoriya.ru https://cp.pushwoosh.com https://fcm.googleapis.com https://cdn.pushwoosh.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://static.yakitoriya.ru; worker-src 'self' blob:; script-src-elem www.gstatic.com connect.facebook.net mc.yandex.ru *.mc.yandex.ru mc.yandex.com *.mc.yandex.com mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz metrika.yandex.ru https://cp.pushwoosh.com https://fcm.googleapis.com https://cdn.pushwoosh.com 'self' 'unsafe-eval' https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://*.maps.yandex.net https://suggest-maps.yandex.ru yastatic.net yakitoriyaru.webim2.ru http://yakitoriyaru.webim2.ru api.mindbox.ru www.googletagmanager.com www.google.com https://static.yakitoriya.ru analytics.tiktok.com analytics.pangle-ads.com sovetnik.market.yandex.ru *.doubleclick.net https://top-fwz1.mail.ru www.google-analytics.com *.analytics.google.com analytics.google.com https://vk.com https://id.vk.com https://m.vk.com 'sha256-0/muNEEiSymzC0frvYzvDaq+px1mYkZN67N10OBk65w=' 'sha256-YKg6IezlbqH2UnSB2FT6WYio5ygNuGIz9TGACiE3EkE=' 'sha256-z4tcc2VrmaFD/3U/DrIdrb62a+v9ZN3kNs0HEUv3MYA=' 'sha256-Fvbmq0TvGZc/7x2betLSeSETfiORjkmKZE8cCtbJox0=' 'sha256-RgdsHj4vxjPajir1JsL6V8FPj1c2gBvXaUGqlF4LvXw=' 'sha256-vKps7aJy8A/mCg9Di3L5+CqG+7Qzo8KodRmBdfygIDg=' 'sha256-8o8iFJ6+CCwzU25O6GWUo5CShBJQ4Fq/S9/Pkg32oxM=' 'sha256-GLJ0X/p9TF5yynJr1Gy5sKNI/SGzxzHBF2QnuR1+/wY=' 'sha256-CjdWOPnqulqyTWECshRbM7Vaqvuxs6wAWP0TSQsvcIo=' 'sha256-ayNfRYNS9+Brw3suKr7T/xf2JXLhuqUiUow0IC2ERYc=' 'sha256-CjdWOPnqulqyTWECshRbM7Vaqvuxs6wAWP0TSQsvcIo=' 'sha256-2L/tFj1yFovfnD4TertAGuww56zrGsGC1JDWaqC75s0=' 'sha256-lCO/g+H4Fxt9ujoBa+Rk+LBK7efZnmPWR3P4z+0LF5s=' 'sha256-Yvyzdh5sC8QBvLPujz5m0FuKpdTSSQYdYtup4YMRgTI=' 'sha256-0fxH9mDLNv1PbV708elSsopXBg3QIkrpcYgNWYT6DmY=' 'sha256-ovjU9GA+biGol5vzsSj5aTqw9YD+2e3rKBc5T3vW3hs=' 'nonce-h07EpLg8Fxtvh/hvqCXeFQ=='; report-uri /services/csp 1
frame-ancestors http://*.ebs.co.kr https://*.ebs.co.kr ; 1
frame-ancestors 'self' https://localhost:* 1
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.es https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.es https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.es;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.es  https://smetrics.vwfs.es https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.es;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.es https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.es https://smetrics.vwfs.es https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.es http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com ;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com https://*.audi.es;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net ;            media-src https://www.youtube-nocookie.com 'self' ; 1
script-src 'self' 'unsafe-inline' www.googleadservices.com app.perceptivepanda.com js.hsforms.net script.hotjar.com jobs.lever.co res.cloudinary.com youtube.com www.youtube.com js.hs-scripts.com js.hs-banner.com js.hsadspixel.net js.hs-analytics.net js.hsleadflows.net s.adroll.com static.hotjar.com bat.bing.com www.google-analytics.com sleeknotecustomerscripts.sleeknote.com a.quora.com googletagmanager.com www.googletagmanager.com connect.facebook.net ws.zoominfo.com tag.clearbitscripts.com client-registry.mutinycdn.com d.adroll.com j.6sc.co snap.licdn.com x.clearbitjs.com; worker-src 'self' blob:; 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.starbucks.de/de/report-uri/enforce 1
default-src 'self' *.crazyegg.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.vercel.app *.onetrust.com *.cloudfront.net *.crazyegg.com jsv3.recruitics.com bat.bing.com px.ads.linkedin.com static.ads-twitter.com connect.facebook.com cse.google.com cookie-cdn.1trust.app snap.licdn.com connect.facebook.net static.ads-twitter.com cdn.cookielaw.org cookie-cdn.cookiepro.com www.redditstatic.com  tag.demandbase.com www.google-analytics.com ngc.avature.net api-engage-us.sitecorecloud.io www.googletagmanager.com www.youtube.com x.com platform.twitter.com t.co;script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.vercel.app *.onetrust.com *.cloudfront.net *.crazyegg.com jsv3.recruitics.com www.google.com bat.bing.com px.ads.linkedin.com static.ads-twitter.com connect.facebook.com cse.google.com cookie-cdn.1trust.app snap.licdn.com connect.facebook.net static.ads-twitter.com www.redditstatic.com cse.google.com www.googleadservices.com googleads.g.doubleclick.net tag.demandbase.com www.google-analytics.com cookie-cdn.1trust.app cdn.cookielaw.org cookie-cdn.cookiepro.com ngc.avature.net www.googletagmanager.com code.jquery.com www.youtube.com x.com platform.twitter.com t.co;connect-src 'self' *.vercel.app *.northropgrumman.com *.onetrust.com *.crazyegg.com stats.g.doubleclick.net www.google-analytics.com bat.bing.com px.ads.linkedin.com static.ads-twitter.com connect.facebook.com cse.google.com cookie-cdn.1trust.app snap.licdn.com connect.facebook.net static.ads-twitter.com analytics.google.com conversions-config.reddit.com www.redditstatic.com  www.googleapis.com rum.browser-intake-datadoghq.com api.company-target.com cookie-cdn.1trust.app cdn.cookielaw.org cookie-cdn.cookiepro.com pagestates-tracking.crazyegg.com assets-tracking.crazyegg.com tracking.crazyegg.com ngc.avature.net vitals.vercel-insights.com x.com platform.twitter.com t.co api-engage-us.sitecorecloud.io discover.sitecorecloud.io/;base-uri 'self';form-action 'self';font-src 'self' 'unsafe-inline' *.vercel.app *.crazyegg.com ngc.avature.net use.typekit.net fonts.gstatic.com cdn.northrupgrumman.com data:;style-src 'self' 'unsafe-eval' 'unsafe-inline' *.vercel.app *.northropgrumman.com *.onetrust.com *.crazyegg.com ngc.avature.net  www.google.com use.typekit.net p.typekit.net fonts.googleapis.com;frame-src 'self' *.vercel.app *.doubleclick.net *.agencyq.site *.northropgrumman.com *.onetrust.com *.crazyegg.com portalstospace.com login.goservicepro.com jsv3.recruitics.com ngc.avature.net s.company-target.com td.doubleclick.net jsv3.recruitics.com www.portalstospace.com www.youtube.com x.com platform.twitter.com t.co w.soundcloud.com data: blob:;img-src 'self' data: * northropgrumman-sb1.dam.aprimo.com s1.sb.previews.aprimo.com s.gravatar.com *.crazyegg.com *.wp.com/cdn.auth0.com/avatars;media-src 'self' *.vercel.app *.agencyq.site *.northropgrumman.com *.onetrust.com *.crazyegg.com ngc.avature.net x.com platform.twitter.com t.co img.youtube.com data:; 1
frame-ancestors *.mastercardconnect.com *.brighteriondev.com 1
frame-ancestors 'self'  https://*.bit2me.com https://bit2me.com/ 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com netdna.bootstrapcdn.com seaside.ns.ca www.google.com www.facebook.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net www.googletagmanager.com analytics.google.com affiliates.vubiquity.com fonts.googleapis.com www.google.ca fonts.gstatic.com fonts.googleapis.com code.jquery.com cdn.example.com cdn.jsdelivr.net www.google.com connect.facebook.net beca www.google-analytics.com www.gstatic.com stats.g.doubleclick.net; frame-src 'self' seaside.ns.ca affiliates.vubiquity.com youtube.com www.youtube.com www.google.com; img-src www.facebook.com www.google.com www.google.ca connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net 'self' seaside.ns.ca www.seaside.ns.ca  1
default-src https: data: blob: wss:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; frame-ancestors https://app.contentful.com; 1
frame-ancestors 'self' kmutoday.ch 1
upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; base-uri 'none'; form-action 'self'; manifest-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; report-uri https://vault.gostatera.com/collect/csp 1
default-src csoft.net www.csoft.net data: www.paypal.com www.paypalobjects.com www.googletagmanager.com www.google-analytics.com www.youtube.com; style-src csoft.net www.csoft.net 'unsafe-inline'; font-src csoft.net www.csoft.net data:; script-src csoft.net www.csoft.net 'unsafe-inline' blob: www.googletagmanager.com 1
default-src https: 'self'; script-src https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://dap.digitalgov.gov https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://dap.digitalgov.gov https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://unpkg.com https://fonts.googleapis.com 'self' 'unsafe-inline'; connect-src https://www.google-analytics.com https://stats.g.doubleclick.net 'self'; img-src 'self' https: data:; font-src 'self' https: data:; referrer no-referrer; disown-opener; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self'; frame-src 'self' https://facebook.com *.facebook.com https://*.youcanbook.me https://www.google.com https://www.youtube.com *.vimeo.com *.doubleclick.net https://optimize.google.com https://js.stripe.com https://challenges.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.digitrust.mgr.consensu.org http://connect.facebook.net https://connect.facebook.net http://hm.baidu.com http://www.google-analytics.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://optimize.google.com https://d2xfav0ywhr7jn.cloudfront.net https://cmp.quantcast.com https://secure.quantserve.com https://rules.quantcount.com https://maps.googleapis.com https://www.google-analytics.com/analytics.js https://stats.g.doubleclick.net/dc.js https://connect.facebook.net/en_US/sdk.js https://unpkg.com/@google/markerclustererplus@4.0.1/dist/markerclustererplus.min.js https://www.googletagmanager.com http://cdnjs.cloudflare.com/ajax/libs/require.js/2.3.6/require.min.js https://cdnjs.cloudflare.com/ajax/libs/require.js/2.3.6/require.min.js http://cdnjs.cloudflare.com/ajax/libs/jqueryui/ https://js.stripe.com https://challenges.cloudflare.com/turnstile/v0/api.js https://dist.entityclouds.com/entity.js http://cdnjs.cloudflare.com/ajax/libs/jquery/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com https://d2xfav0ywhr7jn.cloudfront.net http://cdnjs.cloudflare.com/ajax/libs/jqueryui/ https://www.googletagmanager.com; img-src 'self' data: blob: https://awardwallet.com http://hm.baidu.com https://www.facebook.com http://www.google-analytics.com https://www.google-analytics.com https://www.google.com https://optimize.google.com https://www.gstatic.com https://d2xfav0ywhr7jn.cloudfront.net https://pixel.quantserve.com https://maps.googleapis.com https://maps.gstatic.com https://developers.google.com/maps/documentation/javascript/examples/markerclusterer/m1.png https://lh3.googleusercontent.com https://s.yimg.com https://analytics.google.com https://dtwuzpz2q0bmy.cloudfront.net https://www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/jqueryui/; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com https://d2xfav0ywhr7jn.cloudfront.net; media-src 'self' 'unsafe-inline'; connect-src 'self' https://cmp.digitru.st https://vendorlist.consensu.org https://test.cmp.quantcast.com https://audit-tcfv2.cmp.quantcast.com https://www.google-analytics.com https://stats.g.doubleclick.net https://test.quantcast.mgr.consensu.org https://cmp.quantcast.com *.quantcast.mgr.consensu.org https://www.googletagmanager.com https://analytics.google.com https://maps.googleapis.com https://comet.awardwallet.com wss://comet.awardwallet.com wss://awardwallet.com wss://business.awardwallet.com https://dist.entityclouds.com/entity.php; report-uri /csp-report; 1
default-src 'self'; frame-src 'self' data: blob: fast.wistia.net www.nbcnews.com www.smart911.com www.youtube.com https://savitar.z13.web.core.windows.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ app.pendo.io *.commandcentral.com; frame-ancestors 'self' smart911.com *.smart911.com *.raveu.com *.getrave.com getrave.com *.zendesk.com app.pendo.io *.commandcentral.com; font-src 'self' data: *.gstatic.com *.commandcentral.com https://www.googletagmanager.com; connect-src 'self' blob: data: www.smart911.com smart911.com wss://*.commandcentral.com data.pendo.io pendo-static-4670844179906560.storage.googleapis.com *.doubleclick.net *.walkme.com *.twiliocdn.com wss://*.twilio.com *.twilio.com *.mapbox.com wss://smart911.com wss://www.smart911.com *.googleapis.com *.google-analytics.com *.gstatic.com *.hubspot.com *.commandcentral.com *.arcgis.com; child-src 'self' blob: data: www.smart911.com smart911.com www.nbcnews.com www.youtube.com wss://smart911.com wss://www.smart911.com; object-src 'self' 'unsafe-inline' blob: data: smart911.com; style-src 'self' 'unsafe-inline' app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4670844179906560.storage.googleapis.com *.arcgis.com *.commandcentral.com https://savitar.z13.web.core.windows.net *.googleapis.com *.walkme.com *.google-analytics.com *.gstatic.com *.hubspot.com; img-src * 'self' blob: data: app.pendo.io cdn.pendo.io data.pendo.io pendo-static-4670844179906560.storage.googleapis.com *.mapbox.com *.getrave.com *.smart911.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4670844179906560.storage.googleapis.com data.pendo.io app.pendo.io *.commandcentral.com https://savitar.z13.web.core.windows.net *.walkme.com *.twiliocdn.com *.twilio.com *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com *.hscta.net *.hubspot.com *.mapbox.com *.nbcnews.com www.sc.pages05.net *.arcgis.com https://www.googletagmanager.com 1
frame-src tcsjsbridge: https: cofile: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; base-uri 'self'; form-action 'self' https://www.paypal.com; frame-ancestors 'self'; frame-src 'self' https://*.guardedhost.com https://*.amerinoc.com https://*.amerinoc.com:2222;  img-src 'self' data: https://ssl.google-analytics.com https://www.paypalobjects.com https://*.guardedhost.com; connect-src 'self' wss://wssp.guardedhost.com; 1
default-src 'self' wss: https://*.contentful.com https://*.kampyle.com wss://*.ooklaserver.net https://*.tigocloud.net https://*.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://*.crazyegg.com; frame-src 'self' https://*.tigocloud.net https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.youtube.com https://6493920.fls.doubleclick.net https://*.kampyle.com https://*.crazyegg.com https://*.tigo.com.py https://www.reportv.com.ar https://affperformance.com; script-src 'self' blob: https://*.tigocloud.net https://*.kampyle.com https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.youtube.com https://6493920.fls.doubleclick.net https://maps.googleapis.com https://www.gstatic.com/ https://sync.smartadserver.com https://s.ytimg.com https://facebook.com/signals/iwl.js https://widget-mediator.zopim.com https://*.licdn.com 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-lfXlPY3+MCPOPb4mrw1Y961+745U3WlDQVcOXdchSQc=' https://www.clarity.ms https://eum.instana.io https://*.crazyegg.com https://*.smooch.io https://*.tigo.com.py https://tigo.us7.list-manage.com https://www.reportv.com.ar https://*.cybba.solutions https://ads.sonataplatform.com https://web.webpushs.com 'sha256-1A8HjDgNe7cjNtTiJv15pZ1EwYz0YAi34wikAj7rTT0=' 'sha256-ValAKmzJqWSnn/48JPjSCKwQn7oWnnfvE7WP2TWnEc8=' 'sha256-QTukJ+LQPS+c2lrQZRVvdXFDrA5pMKajJq0Z7s0n7EA=' 'sha256-DA6YWOSAeqA9eCcwfjG2fTstEzPHeNwIC7IL0PuXmms=' 'sha256-MAJQF7DpxHWtqt5AmZwu54Z46hcqVGB68u2fUmA5eQA=' 'sha256-SgJm+igADPuSfQBsNzn1nv7wy/13hhWIVssmFu7z9Ks=' 'sha256-RN6oOt6HrIeQiNedPCwV2khJe/B25FZ/G23KurGCSzE=' 'sha256-qRVXGNUwin+YBamqhKkags+tFExhCjZq8WMLc4g4UNo=' 'sha256-hqeE/51urOQQ20Zm9USP9ugpD0yEY8Angoq9m3Nrc7Y=' 'sha256-bg2jLQ8V/LF7EY/qXCizvKslg+MJyGPDlDZDN10Rj/Q='; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com https://*.zendesk.com; img-src 'self' data: blob: https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.tigocloud.net https://*.contentful.com https://*.kampyle.com https://static.zdassets.com https://*.googletagmanager.com https://images.ctfassets.net https://stats.g.doubleclick.net https://lh3.googleusercontent.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://maps.gstatic.com https://www.facebook.com https://analytics.twitter.com https://static.ads-twitter.com https://*.speedtestcustom.com https://*.zendesk.com https://static.zdassets.com https://maps.googleapis.com https://sync.smartadserver.com https://*.zopim.io https://svr.mic.edge.com.py https://*.kampyle.com https://c.clarity.ms https://c.bing.com https://*.crazyegg.com https://cdn.sendpulse.com https://affperformance.com https://*.cybba.solutions; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://fonts.googleapis.com https://*.zendesk.com https://*.tigocloud.net https://*.kampyle.com https://*.crazyegg.com https://cdn.sendpulse.com; connect-src * data: https://*.crazyegg.com; object-src 'none'; form-action 'self' https://www.facebook.com; base-uri 'self' https://md-scp.kampyle.com; frame-ancestors 'self' 1
frame-ancestors https://eu.beanworks.com https://*.eu.beanworks.com https://*.beandev.com https://*.beanworks.ca https://*.beandev.eu https://*.sageapa.com https://beanworks.ca https://sageapa.com 1
frame-ancestors 'self' *.ne10.uol.com.br ne10.uol.com.br *.produtos.interior.ne10.uol.com.br produtos.interior.ne10.uol.com.br *.sjcc.com.br sjcc.com.br *.blogdoadepto.pt blogdoadepto.pt *.grupojcpm.sharepoint.com grupojcpm.sharepoint.com *.multitopicos.com.br multitopicos.com.br; 1
"default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:" 1
frame-src 'self' www.gerifonds.ch https://www.gerifonds.ch platform.twitter.com e.infogram.com www.facebook.com http://www.bcv.ch https://rdir.mail.bcv.ch syndication.twitter.com www.newhome.ch infogram.com uat.logismata.ch www.digitalassessment.ch https://cflive.frp2.ovp.kaltura.com  https://td.doubleclick.net https://11903210.fls.doubleclick.net;   object-src 'self' data: blob: www.gerifonds.ch https://cflive.frp2.ovp.kaltura.com;  media-src 'self' data: blob: api.de.kaltura.com vodcdn.de.kaltura.com livecdn.de.kaltura.com api.frp2.ovp.kaltura.com cfvod.frp2.ovp.kaltura.com uat.logismata.ch www.digitalassessment.ch https://cflive.frp2.ovp.kaltura.com;  script-src-elem 'self' 'unsafe-inline' maps.googleapis.com maps.google.com googletagmanager.com api.twitter.com platform.twitter.com cdn.syndication.twimg.com assets.adobedtm.com api.de.kaltura.com connect.facebook.net snap.licdn.com *.analytics.edgekey.net e.infogram.com code.jquery.com www.newhome.ch www.gerifonds.ch www.bcv.ch api.frp2.ovp.kaltura.com  infogram.com/js/dist/embed-loader-min.js uat.logismata.ch www.digitalassessment.ch https://cflive.frp2.ovp.kaltura.com https://www.googletagmanager.com;  script-src 'self' 'unsafe-inline' blob: 'unsafe-eval' blob: api.de.kaltura.com *.analytics.edgekey.net e.infogram.com www.newhome.ch www.gerifonds.ch api.frp2.ovp.kaltura.com infogram.com/js/dist/embed-loader-min.js uat.logismata.ch www.digitalassessment.ch https://cflive.frp2.ovp.kaltura.com;  style-src 'self' 'unsafe-inline' fonts.googleapis.com translate.googleapis.com ton.twimg.com platform.twitter.com uat.logismata.ch www.digitalassessment.ch https://cflive.frp2.ovp.kaltura.com;  font-src 'self' data: fonts.gstatic.com api.de.kaltura.com vodcdn.de.kaltura.com api.frp2.ovp.kaltura.com infogram.com/js/dist/embed-loader-min.js uat.logismata.ch www.digitalassessment.ch https://cflive.frp2.ovp.kaltura.com;  img-src 'self' data: maps.google.com maps.gstatic.com pbs.twimg.com api.de.kaltura.com vodcdn.de.kaltura.com stats.bcv.ch stats.bcv.ch www.facebook.com px.ads.linkedin.com px4.ads.linkedin.com bcv.sc.omtrdc.net syndication.twitter.com cdn.amcharts.com www.bcv.ch api.frp2.ovp.kaltura.com cfvod.frp2.ovp.kaltura.com uat.logismata.ch www.digitalassessment.ch https://cflive.frp2.ovp.kaltura.com https://ad.doubleclick.net https://connect.facebook.net; 1
default-src 'self'; connect-src 'self' www.google-analytics.com cdn.plyr.io noembed.com *.google.com *.google.com.ua *.doubleclick.net *.yandex.ru *.facebook.com *.facebook.net *.usabilla.com *.accor.com *.accorhotels.com www.googletagmanager.com maps.googleapis.com staticaws.fbwebprogram.com *.accorhotels.ws www.ahstatic.com cdn.hypemarks.com *.twic.pics themes.googleusercontent.com cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.css maps.gstatic.com fonts.gstatic.com fonts.googleapis.com *.youtube.com *.vimeo.com *.googleadservices.com ipinfo.io cdn.cookielaw.org *.onetrust.com *.cookielaw.org *.ytimg.com *.atdmt.com *.contentsquare.net contentsquare.net *.contentsquare.com contentsquare.com *.dengage.com *.criteo.net *.criteo.com criteo.net criteo.com *.cloudfront.net *.sojern.com sojern.com rixoshappydays.com beacon.sojern.com *.onetrust.io onetrust.io tintup.com *.tintup.com amazonaws.com *.amazonaws.com advertising.com *.advertising.com unpkg.com *.unpkg.com sc-static.net tr.snapchat.com analytics.tiktok.com *.google.fr *.quiq-api.com *.quiq-cdn.com *.goquiq.com i.ctnsnet.com top-fwz1.mail.ru; font-src *; frame-src 'self' cdn.hypemarks.com *.accorhotels.ws *.youtube.com *.accorhotels.com *.vimeo.com *.facebook.com *.doubleclick.net *.usabilla.com *.sojern.com sojern.com *.criteo.com criteo.com *.criteo.net criteo.net *.snapchat.com *.quiq-cdn.com *.quiq-api.com i.ctnsnet.com top-fwz1.mail.ru; img-src * data:; media-src 'self' *.youtube.com *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.accorhotels.com www.googletagmanager.com maps.googleapis.com cdn.jsdelivr.net www.google-analytics.com api.keen.io platform.twitter.com static.filestackapi.com *.cloudfront.net cdn.hypemarks.com code.jquery.com www.youtube.com www.google.com vimeo.com *.google.com *.doubleclick.net *.facebook.net *.vimeo.com *.yandex.ru *.usabilla.com ipinfo.io *.sojern.com sojern.com *.googleadservices.com cdn.cookielaw.org *.onetrust.com *.cookielaw.org *.contentsquare.net contentsquare.net *.contentsquare.com contentsquare.com *.dengage.com *.criteo.net *.criteo.com criteo.net criteo.com beacon.sojern.com *.onetrust.io onetrust.io tintup.com *.tintup.com amazonaws.com *.amazonaws.com advertising.com *.advertising.com blob: unpkg.com *.unpkg.com sc-static.net tr.snapchat.com analytics.tiktok.com *.quiq-api.com *.quiq-cdn.com i.ctnsnet.com top-fwz1.mail.ru https://cdnjs.cloudflare.com https://holidaycheck.de staticaws.fbwebprogram.com; script-src-elem 'self' 'unsafe-inline' *.accorhotels.com www.googletagmanager.com maps.googleapis.com cdn.jsdelivr.net www.google-analytics.com api.keen.io platform.twitter.com static.filestackapi.com *.cloudfront.net cdn.hypemarks.com code.jquery.com www.youtube.com www.google.com vimeo.com *.google.com *.doubleclick.net *.facebook.net *.vimeo.com *.yandex.ru *.usabilla.com ipinfo.io *.sojern.com sojern.com *.googleadservices.com cdn.cookielaw.org *.onetrust.com *.cookielaw.org *.contentsquare.net contentsquare.net *.contentsquare.com contentsquare.com *.dengage.com *.criteo.net *.criteo.com criteo.net criteo.com beacon.sojern.com *.onetrust.io onetrust.io tintup.com *.tintup.com amazonaws.com *.amazonaws.com advertising.com *.advertising.com unpkg.com *.unpkg.com sc-static.net tr.snapchat.com analytics.tiktok.com *.quiq-api.com *.quiq-cdn.com i.ctnsnet.com top-fwz1.mail.ru https://cdnjs.cloudflare.com https://holidaycheck.de staticaws.fbwebprogram.com; style-src * 'unsafe-inline'; worker-src 'self' blob: 1
frame-ancestors 'self' https://www.urbaninsight.com 1
default-src https:; img-src 'self' * data:; media-src *.musclewiki.com *.jsrdn.com; script-src https: blob: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; frame-ancestors 'self' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://player.vimeo.com https://www.youtube.com https://www.zenaps.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://*.translate.naver.net https://recaptcha.net https://tr.snapchat.com https://www.shoplooks.com https://www.pinterest.com https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance https://gum.criteo.com blob: https://tr6.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://*.googleapis.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://www.shoplooks.com https://ct.pinterest.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://analytics.tiktok.com https://sgtm.mybag.com https://www.mybag.com/e2/ds/relay https://horizon-api.www.mybag.com/graphql https://*.ingest.sentry.io https://s1.thcdn.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://m.mybag.com https://checkout.mybag.com https://www.mybag.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://remote.captcha.com https://seal.digicert.com https://ssl.bing.com https://ln-rules.rewardstyle.com https://*.baidu.com https://recaptcha.net https://*.akamaihd.net https://*.sciencebehindecommerce.com https://static.shoplooks.com https://slooks.top https://slooks.me https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://s.pinimg.com https://*.contentsquare.net https://app.contentsquare.com https://static.criteo.net https://*.criteo.com https://assets.dekopay.com https://analytics.tiktok.com https://*.ibytedtos.com https://tr.snapchat.com https://sgtm.mybag.com https://s1.thcdn.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.shoplooks.com https://static.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://s1.thcdn.com; upgrade-insecure-requests; report-to report-endpoint; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://ln-rules.rewardstyle.com https://www.zenaps.com https://isitetv.com https://*.recaptcha.net https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.translate.naver.net https://tr.snapchat.com https://www.shoplooks.com https://tpc.googlesyndication.com blob: https://gum.criteo.com https://app.qubit.com https://*.abtasty.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ampcid.google.de https://analytics.tiktok.com https://tr.snapchat.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.lookfantastic.de https://*.abtasty.com https://sgtm.lookfantastic.de; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://m.lookfantastic.de https://checkout.lookfantastic.de https://www.lookfantastic.de https://www.glossybox.de https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://static.criteo.net https://*.criteo.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://*.hotjar.com https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.google.de https://google.de https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://tpc.googlesyndication.com https://analytics.tiktok.com https://*.ibytedtos.com https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com https://static.criteo.net https://*.criteo.com https://static.goqubit.com https://*.qubit.com blob: https://*.abtasty.com https://sgtm.lookfantastic.de; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com https://static.thgcdn.cn https://*.abtasty.com https://*.gstatic.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' *.facebook.com facebook.com bam.nr-data.net *.mouseflow.com *.mouseflow.com/ *.mktorest.com *.mktoresp.com *.consensu.org *.doubleclick.net *.omtrdc.net *.demdex.net youtube.com *.youtube.com marketo.com *.marketo.com *.marketo.com/ *.onetrust.com google-analytics.com *.google-analytics.com *.cytivalifesciences.com *.b2c.com *.b2c.com:* *.b2c.com/ api.fouanalytics.com google.com smetrics.cytivalifesciences.com stats.g.doubleclick.net bid.g.doubleclick.net play.vidyard.com play.vidyard.com/ anchor.fm gateway.zscalertwo.net static3.avast.com *.mktoutil.com *.google.com/ info.cytivalifesciences.com info.cytivalifesciences.com/ blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.marketo.com *.marketo.com/ info.cytivalifesciences.com info.cytivalifesciences.com/ *.kampyle.com *.medallia.eu assets.cytivalifesciences.com *.demo.app.cytiva.com *.zoovu.com assets-barracuda-runner.azureedge.net static.cloud.coveo.com/ acms-ext.pall.com acms-ext.pall.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.salesforceliveagent.com cdn.mouseflow.com *.mouseflow.com/ munchkin.marketo.net *.marketo.com *.mktorest.com assets.adobedtm.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.linkedin.com *.youtube.com s.ytimg.com *.facebook.com connect.facebook.net t.co static.ads-twitter.com analytics.twitter.com js-agent.newrelic.com dpm.demdex.net gateway.zscalertwo.net snap.licdn.com bam.nr-data.net gelifedigitalhubprod.112.2o7.net cx.atdmt.com static.cloud.coveo.com google.com googleads.g.doubleclick.net *.consensu.org *.adroll.com maps.googleapis.com *.onetrust.com *.google.com api.fouanalytics.com *.b2c.com *.b2c.com:* *.b2c.com/ smetrics.cytivalifesciences.com stats.g.doubleclick.net play.vidyard.com play.vidyard.com/ hm.baidu.com info.cytivalifesciences.com info.cytivalifesciences.com/ d22d1xpx4ztuef.cloudfront.net secure.adnxs.com secure.marx7loki.com *.jsdelivr.net blob: *.kampyle.com *.medallia.eu www.cytivalifesciences.com/ cdn.mxpnl.com d35vb5cccm4xzp.cloudfront.net/ d35vb5cccm4xzp.cloudfront.net cdn.cookielaw.org *.adsrvr.org chat.cytivalifesciences.com cdn.livechatinc.com api.livechatinc.com assets.cytivalifesciences.com *.demo.app.cytiva.com global.localizecdn.com global.localizecdn.com/ *.zoovu.com api-barracuda.zoovu.com assets-barracuda-runner.azureedge.net *.6sc.co *.6sense.com cytivatrackinglibsanbox.z33.web.core.windows.net cdn.rudderlabs.com acms-ext.pall.com acms-ext.pall.com/; img-src * data: *.kampyle.com *.medallia.eu secure.adnxs.com ib.adnxs.com *.zoovu.com assets-barracuda-runner.azureedge.net; media-src 'self' *.youtube.com cdn.livechatinc.com cdn.cytivalifesciences.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com data: *.cloud.coveo.com/ static3.avast.com *.kampyle.com *.medallia.eu cdn.livechatinc.com *.zoovu.com assets-barracuda-runner.azureedge.net; frame-src 'self' *.adobe.com *.marketo.com facebook.com *.facebook.com *.anchor.fm anchor.fm cytiva.demdex.net youtube.com *.youtube.com bid.g.doubleclick.net play.vidyard.com play.vidyard.com/ gateway.zscalertwo.net info.cytivalifesciences.com info.cytivalifesciences.com/ www.cytivalifesciences.com/ www.cytivalifesciences.com blob: *.kampyle.com *.medallia.eu www.cytivalifesciences.com/ insight.adsrvr.org match.adsrvr.org embed.podcasts.apple.com secure.livechatinc.com *.demo.app.cytiva.com open.spotify.com/ chat.cytivalifesciences.com/ cdn.cytivalifesciences.com podcasters.spotify.com *.zoovu.com td.doubleclick.net/ assets.cytivalifesciences.com; connect-src 'self' *.thunderhead.com *.facebook.com facebook.com bam.nr-data.net *.mouseflow.com *.mouseflow.com/ *.mktorest.com *.mktoresp.com *.consensu.org *.doubleclick.net *.omtrdc.net *.demdex.net youtube.com *.youtube.com marketo.com *.marketo.com *.onetrust.com google-analytics.com *.google-analytics.com *.cytivalifesciences.com *.b2c.com *.b2c.com:* *.b2c.com/ api.fouanalytics.com google.com smetrics.cytivalifesciences.com stats.g.doubleclick.net *.mktoutil.com *.google.com/ hm.baidu.com api.ipify.org c.jabmo.app acapgenertedreports-prod.s3.amazonaws.com blob: *.kampyle.com *.medallia.eu www.cytivalifesciences.com/ *.mixpanel.com cytivalifesciences.data.adobedc.cn cdn.cookielaw.org cookies-data.onetrust.io *.blob.core.windows.net idx.liadm.com directline.botframework.com wss://directline.botframework.com api.livechatinc.com cdn.linkedin.oribi.io global.localizecdn.com global.localizecdn.com/ app.localizejs.com api-barracuda.zoovu.com *.zoovu.com assets-barracuda-runner.azureedge.net *.6sc.co api.cytivalifesciences.com pagead2.googlesyndication.com api.rudderlabs.com cytiva-dataplane.rudderstack.com acms-ext.pall.com acms-ext.pall.com/ api.rudderstack.com px.ads.linkedin.com analytics-dataplane.service.cytiva.com; report-uri https://www.cytivalifesciences.com/api/csp/report 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-NTMsMywyMzEsMTcxLDIwMiwxMiwxMjQsMjIy' blob: https://cdn.discordapp.com/animations/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://checkout.paypal.com https://c.paypal.com https://kit.cash.app https://static.discord.com https://static-edge.discord.com; style-src 'self' 'unsafe-inline' https://cdn.discordapp.com https://*.hcaptcha.com https://hcaptcha.com https://kit.cash.app https://static.discord.com https://static-edge.discord.com; img-src 'self' blob: data: https://*.discordapp.net https://*.discordapp.com https://*.discord.com https://i.scdn.co https://i.ytimg.com https://i.imgur.com https://media.tenor.co https://media.tenor.com https://c.tenor.com https://*.youtube.com https://*.giphy.com https://static-cdn.jtvnw.net https://pbs.twimg.com https://assets.braintreegateway.com https://checkout.paypal.com https://c.paypal.com https://b.stats.paypal.com https://slc.stats.paypal.com https://hnd.stats.paypal.com https://api.cash.app; font-src 'self' https://fonts.gstatic.com https://cash-f.squarecdn.com https://static.discord.com https://static-edge.discord.com; connect-src 'self' https://status.discordapp.com https://status.discord.com https://support.discordapp.com https://support.discord.com https://discordapp.com https://discord.com https://discord-attachments-uploads-prd.storage.googleapis.com https://cdn.discordapp.com https://media.discordapp.net https://images-ext-1.discordapp.net https://images-ext-2.discordapp.net https://router.discordapp.net wss://*.discord.gg https://best.discord.media https://latency.discord.media wss://*.discord.media wss://dealer.spotify.com https://api.spotify.com https://music.amazon.com/embed/oembed https://*.sentry.io https://api.twitch.tv https://api.stripe.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.braintree-api.com https://www.googleapis.com https://*.algolianet.com https://*.hcaptcha.com https://hcaptcha.com https://*.algolia.net ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' blob: disclip: https://*.discordapp.net https://*.discord.com https://*.discordapp.com https://*.youtube.com https://streamable.com https://vid.me https://twitter.com https://oddshot.akamaized.net https://*.giphy.com https://i.imgur.com https://media.tenor.co https://media.tenor.com https://c.tenor.com; frame-src https://discordapp.com/domain-migration discord: https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://hooks.stripe.com https://checkout.paypal.com https://c.paypal.com https://assets.braintreegateway.com https://checkoutshopper-live.adyen.com https://kit.cash.app https://player.twitch.tv https://clips.twitch.tv/embed https://player.vimeo.com https://www.youtube.com/embed/ https://www.tiktok.com/embed/ https://music.amazon.com/embed/ https://music.amazon.co.uk/embed/ https://music.amazon.de/embed/ https://music.amazon.co.jp/embed/ https://music.amazon.es/embed/ https://music.amazon.fr/embed/ https://music.amazon.it/embed/ https://music.amazon.com.au/embed/ https://music.amazon.in/embed/ https://music.amazon.ca/embed/ https://music.amazon.com.mx/embed/ https://music.amazon.com.br/embed/ https://www.youtube.com/s/player/ https://twitter.com/i/videos/ https://www.funimation.com/player/ https://www.redditmedia.com/mediaembed/ https://open.spotify.com/embed/ https://w.soundcloud.com/player/ https://audius.co/embed/ https://*.watchanimeattheoffice.com https://sessionshare.sp-int.playstation.com/ https://session-share.playstation.com/ https://localhost:* https://*.discordsays.com https://discordappcom.cloudflareaccess.com/; child-src 'self' blob: https://assets.braintreegateway.com https://checkout.paypal.com https://c.paypal.com; prefetch-src 'self' https://cdn.discordapp.com/assets/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 1
upgrade-insecure-requests; frame-ancestors https://*.patelco.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.force.com https://*.wp.com https://*.salesforce.com; 1
frame-ancestors 'self' https://app.coderpad.io https://screen.coderpad.io 1
default-src ‘self’ 1
frame-ancestors https://www.acea.it https://*.force.com 1
default-src 'self'; script-src 'report-sample' 'self' https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js https://use.typekit.net/gil3vgx.js; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' https://use.typekit.net; frame-src 'self'; img-src 'self' https://p.typekit.net; manifest-src 'self'; media-src 'self'; report-uri https://61573697fe86c15caaed69c2.endpoint.csper.io/; worker-src 'none'; 1
default-src 'self' https://unpkg.com/ https://irxcm.com/ https://preferencecenter.pg.com/ https://privacytermsprod.azureedge.net/ https://p192909.pg.promosvcs.com/ https://td.doubleclick.net/ https://*.doubleclick.net/ https://p192909-holiday-scale2-stage.azurewebsites.net/ https://login.windows.net.rproxy.goskope.com/ https://login.windows.net.rproxy.goskope.com.rproxy.goskope.com/ https://cdn.cpnscdn.com/ https://*.ctfassets.net/ https://images.ctfassets.net/ https://www.googleadservices.com/ https://*.segmanta.com/ https://*.pggoodeveryday.com/ https://*.pgsvc.com/ https://match.adsrvr.org/ https://js.adsrvr.org/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://search-api.swiftype.com/ https://api-pge.segmanta.com/ https://res.cloudinary.com/ https://analytics.tiktok.com/ https://rpxnow.com/ https://fonts.googleapis.com/ https://d29usylhdk1xyu.cloudfront.net/ https://d1lqe9temigv1p.cloudfront.net/ https://fonts.gstatic.com/ https://www.googletagmanager.com/ https://quilt-cdn.janrain.com/ https://cdn.segment.com/ https://js-cdn.dynatrace.com/ https://pixel.tapad.com/ https://googleads.g.doubleclick.net/ https://optimize.google.com https://xxredda.s3.amazonaws.com/ https://40n23zgkic3y-a.akamaihd.net https://*.incentives.gcp.pgcloud.com https://*.crazyegg.com blob: feed.pghub.io pandg.tapad.com ; font-src 'self' https://fonts.gstatic.com/ data: feed.pghub.io pandg.tapad.com ; img-src * 'self' https://*.ctfassets.net/ https://cdn.cpnscdn.com/ https://*.incentives.gcp.pgcloud.com https://images.ctfassets.net/ blob: data: https: https://www.google.com/ https://www.google.co.in/ https://www.google-analytics.com/ https://pixel.tapad.com/ https://res.cloudinary.com/ https://analytics.tiktok.com/ https://*.ctfassets.net/ https://images.ctfassets.net/ https://cdn.cpnscdn.com/ https://*.incentives.gcp.pgcloud.com https://optimize.google.com ; script-src 'strict-dynamic' 'nonce-UCZHR29vZEV2ZXJ5ZGF5Q1NQU2VjdXJpdHk=' 'unsafe-inline' 'unsafe-eval' 'self' https://unpkg.com/ https://irxcm.com/ https://preferencecenter.pg.com/ https://privacytermsprod.azureedge.net/ https://p192909.pg.promosvcs.com/ https://p192909-holiday-scale2-stage.azurewebsites.net/ https://objects.githubusercontent.com/ https://consent-api.onetrust.com/ https://*.onetrust.com/ https://analytics.tiktok.com/ https://api.ipify.org/ https://www.instagram.com/embed.js https://z.moatads.com/ https://pghub.io/ https://www.tp88trk.com/ https://cdn.cookielaw.org/ https://*.cookielaw.org/ https://script.crazyegg.com/ https://container.pepperjam.com/ https://connect.facebook.net/ https://www.gstatic.com https://www.google.com https://c.lytics.io https://www.youtube.com https://www.youtube-nocookie.com https://procter-gamble-qa.us-dev.janraincapture.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://rpxnow.com/ https://d29usylhdk1xyu.cloudfront.net/ https://d1lqe9temigv1p.cloudfront.net/ https://cdn.segment.com/ https://js-cdn.dynatrace.com/ https://www.googleadservices.com/ https://pge.segmanta.com/ https://js.adsrvr.org/ https://googleads.g.doubleclick.net/ https://optimize.google.com https://xxredda.s3.amazonaws.com/ https://secure.addrexx10.com/ https://github.com/Cognigy/ https://endpoint-trial.cognigy.ai/ https://web-sandbox.pypestream.com/ https://web.pypestream.com/ https://app.launchdarkly.com/ https://events.launchdarkly.com/ https://40n23zgkic3y-a.akamaihd.net https://*.incentives.gcp.pgcloud.com https://*.crazyegg.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://c.lytics.io https://quilt-cdn.janrain.com/ https://fonts.googleapis.com/ https://optimize.google.com https://xxredda.s3.amazonaws.com/ https://*.incentives.gcp.pgcloud.com https://script.crazyegg.com feed.pghub.io pandg.tapad.com ; frame-src 'self' https://irxcm.com/ https://zsec.ltimindtree.com/ https://p192918-pgge-amj-rebate-stage.azurewebsites.net/ https://p192918-pgge-amj-rebate.azurewebsites.net https://zsec.ltimindtree.com/ https://*.zscaler.com/ https://preferencecenter.pg.com/ https://privacytermsprod.azureedge.net/ https://ad.doubleclick.net/ https://td.doubleclick.net/ https://*.doubleclick.net/ https://p192909.pg.promosvcs.com/ https://p192909-holiday-scale2-stage.azurewebsites.net/ https://*.azurewebsites.net/ https://pah.quotient.com/ https://web-sandbox.pypestream.com/ https://web.pypestream.com/ https://consent-api.onetrust.com/ https://*.onetrust.com/ https://api.ipify.org/ https://pg-lex.my.salesforce-sites.com/ https://*.azurewebsites.net.rproxy.goskope.com/ https://www.instagram.com/ https://pandg.tapad.com/ https://*.pepperjamnetwork.com/ https://sg.pggoodeveryday.com/ https://*.pg.promosvcs.com/ https://www.facebook.com/ https://*.fls.doubleclick.net/ https://www.coupons.com/ https://consumersupport.pg.com/ https://consumeraccessapi.smartsource.com https://gears.websaver.ca/ https://pgsurveys.segmanta.com/ https://9942807.fls.doubleclick.net/ https://www.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://stagegears.websaver.ca/ https://insight.adsrvr.org/ https://bid.g.doubleclick.net/ https://match.adsrvr.org/ https://procter-gamble-qa.us-dev.janraincapture.com/ https://gateway.zscaler.net/ https://optimize.google.com https://xxredda.s3.amazonaws.com/ https://40n23zgkic3y-a.akamaihd.net https://*.crazyegg.com https://*.incentives.gcp.pgcloud.com https://jebbit.tide.com feed.pghub.io pandg.tapad.com ; object-src 'self' feed.pghub.io pandg.tapad.com ; connect-src 'self' https://de-grafana-agent.pg.com/ https://irxcm.com/ https://region1.google-analytics.com https://dc.services.visualstudio.com/v2/track https://privacytermsprod.azureedge.net/ https://dc---services.visualstudio.com.rproxy.goskope.com.rproxy.goskope.com/ https://dc.services.visualstudio.com.rproxy.goskope.com https://ad.doubleclick.net/ https://td.doubleclick.net/ https://cdn-uat.pg-campaigns.com/ https://cdn.pg-campaigns.com/ https://events.launchdarkly.com/ https://app.launchdarkly.com/ https://web-sandbox.pypestream.com/ https://web.pypestream.com/ wss://endpoint-app.cognigy.ai/ https://endpoint-app.cognigy.ai/ https://pg-lex--dev.sandbox.file.force.com/ https://pg-lex.file.force.com/ wss://endpoint-trial.cognigy.ai/ https://objects.githubusercontent.com/ https://github.com/Cognigy/ https://endpoint-trial.cognigy.ai/ https://consent-api.onetrust.com/ https://*.onetrust.com/ https://api.ipify.org/ https://www.instagram.com/embed.js https://pgcouponnpsausuat01---blob---core.windows.net.rproxy.goskope.com.rproxy.goskope.com/ https://pgcouponcdndev.coupon.pg.com/ https://qacdn.coupon.pg.com/ https://uatcdn.coupon.pg.com/ https://cdn.coupon.pg.com/ https://gateway.zscaler.net/ https://pgcouponnpsausqa01---blob---core.windows.net.rproxy.goskope.com.rproxy.goskope.com/ https://api.contentful.com https://z.moatads.com/ https://px.moatads.com/ https://*.bf.dynatrace.com/ https://cdn.cpnscdn.com/ https://*.ctfassets.net/ https://images.ctfassets.net/ https://ups.analytics.yahoo.com/ https://trk.shophermedia.net/ https://pghub.io/ https://www.tp88trk.com/ https://*.pepperjam.com/ https://www.facebook.com/ https://connect.facebook.net/ https://*.algolianet.com/ https://*.onetrust.io/ https://*.algolia.net/ https://*.crazyegg.com https://cdn.cookielaw.org/ https://*.cookielaw.org/ https://dc---services.visualstudio.com.rproxy.goskope.com.rproxy.goskope.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://pixel.rubiconproject.com https://mediaid.pg.com/ https://insight.adsrvr.org https://www.gstatic.com https://s.amazon-adsystem.com https://c.lytics.io https://api.segment.io https://www.googleadservices.com/ https://*.segmanta.com/ https://*.pggoodeveryday.com/ https://*.pgsvc.com/ https://match.adsrvr.org/ https://js.adsrvr.org/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://search-api.swiftype.com/ https://api-pge.segmanta.com/ https://res.cloudinary.com/ https://analytics.tiktok.com/ https://rpxnow.com/ https://fonts.googleapis.com/ https://d29usylhdk1xyu.cloudfront.net/ https://d1lqe9temigv1p.cloudfront.net/ https://fonts.gstatic.com/ https://www.googletagmanager.com/ https://quilt-cdn.janrain.com/ https://cdn.segment.com/ https://js-cdn.dynatrace.com/ https://pixel.tapad.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://www.google.co.in/ https://*.janraincapture.com/ https://optimize.google.com https://xxredda.s3.amazonaws.com/ https://40n23zgkic3y-a.akamaihd.net https://*.crazyegg.com https://*.incentives.gcp.pgcloud.com https://secure.addrexx10.com/ feed.pghub.io pandg.tapad.com ; frame-ancestors 'self' https://p192918-pgge-amj-rebate-stage.azurewebsites.net/ feed.pghub.io pandg.tapad.com ; base-uri 'self' feed.pghub.io pandg.tapad.com ; 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' *.mouseflow.com https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net; child-src *; connect-src * data: 'unsafe-inline' https://settings.luckyorange.net wss://*.visitors.live https://pubsub.googleapis.com https://api.luckyorange.com; font-src * data: blob: 'unsafe-inline'; frame-ancestors *; img-src * data: blob: 'unsafe-inline' https://d10lpsik1i8c69.cloudfront.net www.googletagmanager.com; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://d10lpsik1i8c69.cloudfront.net https://www.googletagmanager.com; script-src-elem * data: blob: 'unsafe-inline' 'unsafe-eval' https://d10lpsik1i8c69.cloudfront.net https://www.googletagmanager.com; style-src * data: blob: 'unsafe-inline'; worker-src blob:; report-uri https://o70354.ingest.sentry.io/api/5454944/security/?sentry_key=f021e6378c8041db845adf2b868dd767&sentry_environment=production&zego=v5-apache 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; report-uri /report-csp-violation 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com otp.tools.investis.com *.investisdigital.com www.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com region1.analytics.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis-live.com dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com *.investisdigital.com player.vimeo.com *.investisdigital.com geoid.investisdigital.com cookiemanager.investisdigital.com *.investis.com plugins.flockler.com fl-cdn.scdn1.secure.raxcdn.com *.flockler.com www.recaptcha.net www.google-analytics.com otp.tools.investis.com page-group-v3.pid2-e1.investis.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis-live.com *.investisdigital.com fast.fonts.net geoid.investisdigital.com *.flockler.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.youtube.com player.vimeo.com http://house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' *.investis.com www.google.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com vimeo.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com *.fonts.com geoid.investisdigital.com *.jsdelivr.net; connect-src 'self' 'unsafe-inline' region1.analytics.google.com *.google-analytics.com geoid.investisdigital.com stats.g.doubleclick.net cookiemanager.investisdigital.com  https://assets.investisdigital.com; report-uri /report-csp-violation 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://beige.party; img-src 'self' https: data: blob: https://beige.party; style-src 'self' https://beige.party 'nonce-bbOahRrf7GpKCQqwoUqRbA=='; media-src 'self' https: data: https://beige.party; frame-src 'self' https:; manifest-src 'self' https://beige.party; form-action 'self'; child-src 'self' blob: https://beige.party; worker-src 'self' blob: https://beige.party; connect-src 'self' data: blob: https://beige.party https://media.beige.party wss://beige.party; script-src 'self' https://beige.party 'wasm-unsafe-eval' 1
frame-ancestors 'self' esbroadcom.lookbookhq.com mfbroadcom.lookbookhq.com; script-src 'self' data: blob: https://script.crazyegg.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://ajax.googleapis.com https://snap.licdn.com https://searchunify.com https://searchunify.broadcom.com https://tag.demandbase.com/9a4d64cf696797e4.min.js https://tag.demandbase.com https://connect.facebook.net *.adroll.com *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com *.brightcove.com *.brightcove.net https://images.sw.broadcom.com 'nonce-YmQ0NDA2OWNlNA/ZjMzOWU4YTcyNzc1OTE='; object-src 'self'; 1
upgrade-insecure-requests; includeSubDomains 1
frame-ancestors https://app.safe.global 'self' 1
frame-ancestors 'self' https://*.yahooinc.com 1
default-src 'self' 'unsafe-inline' wss://*.www.uniqa.pl https://*.google-analytics.com https://cdnc.heyzine.com/flipbook/snd/flip-ct-md.mp3 https://heyzine.com https://consentcdn.cookiebot.com/ https://fonts.googleapis.com  https://*.qualtrics.com https://maxcdn.bootstrapcdn.com https://*.youtube.com https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://www.uniqa.pl https://*.www.uniqa.pl https://*.uniqa.pl https://*.googleapis.com https://*.gstatic.com  https://www.uniqa.pl https://*.www.uniqa.pl https://*.uniqa.pl  https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://*.google.com https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.uniqa.pl https://*.www.uniqa.pl https://*.uniqa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com  https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://*.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://appserver.app.inteliwi.se/ https://fundacjauniqa.pl https://siteintercept.qualtrics.com https://www.googletagservices.com https://consentcdn.cookiebot.com https://*.siteintercept.qualtrics.com https://connect.facebook.net https://pl-axa.netmng.com https://consent.cookiebot.com https://www.googletagmanager.com https://live.rezync.com https://www.googleoptimize.com https://www.google.com https://*.googleapis.com https://*.gstatic.com https://www.uniqa.pl https://*.www.uniqa.pl https://*.uniqa.pl  https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.uniqa.pl https://*.www.uniqa.pl https://*.uniqa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com blob:; style-src 'unsafe-inline' https://fonts.googleapis.com  https://*.qualtrics.com  https://surfly.io https://maxcdn.bootstrapcdn.com https://*.google.com https://ls.hit.gemius.pl https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.uniqa.pl https://*.www.uniqa.pl https://*.uniqa.pl  https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; img-src 'self' blob: https://*.google-analytics.com https://www.googletagmanager.com https://imgsct.cookiebot.com https://moventum.com.pl https://*.youtube.com https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://www.uniqa.pl https://*.www.uniqa.pl https://*.uniqa.pl  https://*.googleapis.com https://*.gstatic.com  https://www.uniqa.pl https://*.www.uniqa.pl https://*.uniqa.pl  https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://*.google.com https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.uniqa.pl https://*.www.uniqa.pl https://*.uniqa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://*.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com https://www.uniqa.pl https://*.www.uniqa.pl https://*.uniqa.pl data:; font-src 'self' https://fonts.gstatic.com data: 1
default-src 'none'; script-src 'self' https://*.hcaptcha.com https://hcaptcha.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.hcaptcha.com https://hcaptcha.com; frame-ancestors 'self'; frame-src 'self' https://*.hcaptcha.com https://hcaptcha.com; connect-src https://*.hcaptcha.com https://hcaptcha.com; object-src 'self'; base-uri 'self'; img-src 'self'; font-src 'self' 1
default-src 'self' *.googleapis.com *.youtube.com *.instabot.io freetrial.experianaperture.io freetrial.staging.saas.edq.com *.coveo.com trial.staging.saas.qas.com trial.saas.qas.com ui.customsearch.ai 6sense.com optimize.google.com adnxs.com adobe.com *.adobedtm.com www.adsymptotic.com *.akamaihd.net b.6sc.co *.boltdns.net manifest.prod.boltdns.net *.experian.com *.brightcove.com *.brightcove.net www.crwdcntrl.net *.demdex.net *.doubleclick.net *.eloqua.com img.en25.com www.everesttech.net www.facebook.com connect.facebook.net www.google.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io ipv6.6sc.co www.jsdelivr.net www.lfeeder.com *.licdn.com *.linkedin.com www.livechat-files.com *.livechatinc.com www.ma-attr.com www.ml-api.io *.omtrdc.net *.taboola.com *.zencdn.net *.zoominfo.com; img-src 'self' data: *; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; font-src 'self' data: *; object-src 'none'; media-src * blob:; worker-src blob: 'self'; frame-ancestors 'self'; 1
base-uri 'self';default-src 'none';object-src 'none';script-src 'self' https://css.underdark.nl https://piwik.underdark.nl https://api.tiles.mapbox.com https://api.mapbox.com;style-src 'self' https://css.underdark.nl https://api.tiles.mapbox.com;form-action 'self' https://customers.underdark.nl;connect-src 'self' https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com;img-src 'self' data: blob: https://*.tiles.mapbox.com https://css.underdark.nl;font-src 'self' https://css.underdark.nl;frame-ancestors 'self' 1
default-src 'self'; script-src 'self' https://gfhgk1.rbinternational.com https://xj069kz0ag.execute-api.eu-central-1.amazonaws.com https://d1mxyhmor38cww.cloudfront.net/latest/groupcms.js https://d1mxyhmor38cww.cloudfront.net/dev/groupcms.js https://cdn.adjust.com https://cdn.cookielaw.org  https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://sc.lfeeder.com https://lftracker.leadfeeder.com 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://hcaptcha.com https://*.hcaptcha.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com https://*.googleusercontent.com blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com https://*.hcaptcha.com https://fonts.googleapis.com; connect-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-de.onetrust.com https://app.adjust.com https://*.googleapis.com https://*.google.com https://*.gstatic.com data: blob: https://px.ads.linkedin.com https://gfhgk1.rbinternational.com 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.wienerborse.at https://www.youtube.com https://td.doubleclick.net https://*.google.com 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' https://googleads.g.doubleclick.net https://www.google.com https://google.com https://www.googletagmanager.com https://cdn.cookielaw.org https://www.facebook.com https://px.ads.linkedin.com https://www.facebook.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleusercontent.com https://*.lfeeder.com https://*.leadfeeder.com data:; worker-src 'self' blob:; 1
frame-ancestors 'self' *.arenaev.com; 1
child-src blob: 'self';connect-src 'self' https://*.yimg.com https://*.aol.com https://s.yimg.com/nq/ads/mb/native/* https://edge-mcdn.secure.yahoo.com/ybar/ https://service.cmp.oath.com https://udc.yahoo.com/ https://3p-udc.yahoo.com/ https://geo.yahoo.com/ https://3p-geo.yahoo.com/ https://consent.yahoo.com/ https://ganon.yahoo.com/ https://geo.yahoo.com/ https://guce.aol.com/ https://api.taboola.com/1.2/json/taboola-usersync/user.sync https://search.aol.com/sugg/gossip/gossip-us-ura/ https://espanol.search.yahoo.com/sugg/gossip/gossip-e1-ura https://de.search.yahoo.com/sugg/gossip/gossip-de-ura https://ca.search.yahoo.com/sugg/gossip/gossip-ca-ura https://uk.search.yahoo.com/sugg/gossip/gossip-uk-ura https://qc.search.yahoo.com/sugg/gossip/gossip-ca_fr-ura https://fr.search.yahoo.com/sugg/gossip/gossip-fr-ura https://br.search.yahoo.com/sugg/gossip/gossip-br-ura https://graviton-ncp-content-gateway.media.yahoo.com/api/v1/gql/stream_view;default-src 'self';font-src https: data:;frame-src https://*.aol.com https://*.yimg.com https://fc.yahoo.com https://*.aolmail.com https://secure.bannerfarm.ace.advertising.com https://cmp.advertising.com https://opus.analytics.yahoo.com https://tsdtocl.com/ https://consent.yahoo.com/ https://guce.aol.com/ https://gpt.mail.yahoo.net/sandbox https://alpha-gpt.mail.yahoo.net/sandbox https://alpha-gam.mail.yahoosandbox.net/sandbox https://canary-gam.mail.yahoosandbox.net/sandbox https://gam.mail.yahoosandbox.net/sandbox https://connect.netscape.com/ https://guce.netscape.com/ https://www.compuserve.com/ https://guce.compuserve.com/ https://norrin.tbl.mail.yahoosandbox.net https://alpha-tbl.mail.yahoosandbox.net https://tbl.mail.yahoosandbox.net;img-src data: blob: http: https: https://ganon.yahoo.com/ https://geo.yahoo.com/;media-src blob: https://*.aol.com https://*.yimg.com;report-uri https://csp.yahoo.com/beacon/csp?src=mail-norrin;script-src 'self' https://s.yimg.com/nq/nr/ https://s.yimg.com/os/yaft/ https://s.yimg.com/ss/ https://s.yimg.com/aaq/yc/ https://s.yimg.com/aaq/vzm/ https://s.yimg.com/cx/pv/ https://s.yimg.com/nq/polyfills/ https://yep.video.yahoo.com/js/ https://s.yimg.com/rx/ https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://yep.video.yahoo.com/ https://assets.video.yahoo.net/ https://jsapi.login.aol.com/w/ https://consent.cmp.oath.com/ https://opus.analytics.yahoo.com/ https://s.yimg.com/oa/ 'sha256-lRMQ2lQozgbWLOqNJOrnclJXX6G77pQVIlF8SAI3++I=' 'sha256-xx5VFh71P/poOsh6S7wo5Hz/h6kNWHqOpIqJR04djx4=' 'unsafe-inline' 'unsafe-eval' https://udc.yahoo.com/ https://3p-udc.yahoo.com/ https://geo.yahoo.com/ https://s.yimg.com/oa/ https://s.yimg.com/uc/sf/ https://s.yimg.com/cx/acookie/ 'nonce-UBQIq5Cm21RNd40pEljcGph+X8dToXo0RRoPPQUgdcWV0vDr' ;style-src 'self' https://s.yimg.com/nq/nr/ https://s.yimg.com/rx/ https://assets.video.yahoo.net/ 'unsafe-inline';worker-src 'self';manifest-src https://s.yimg.com/nq/nr/json/ 1
default-src 'self' cms.ubank.com.au; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.appsflyer.com *.jst.ai; font-src 'self' *.86400.com.au *.wpengine.com status.ubank.com.au fonts.gstatic.com; script-src 'self' pippio.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://ajax.googleapis.com/ajax/libs/jquery/ www.googleadservices.com/pagead/ *.widgetworks.com.au *.jobadder.com www.googletagmanager.com www.google-analytics.com analytics.google.com js.adsrvr.org connect.facebook.net *.appsflyer.com *.jst.ai https://*.optimizely.com https://cdn-assets-prod.s3.amazonaws.com *.bing.com tags.tiqcdn.com *.tealiumiq.com *.glassboxdigital.io *.gbqofs.com blob: 'unsafe-inline'; frame-src 'self' *.jst.ai *.jobadder.com *.widgetworks.com.au keyfactssheet.infochoice.com.au www.google.com recaptcha.google.com insight.adsrvr.org match.adsrvr.org *.flashtalking.com youtube.com www.youtube.com; img-src 'self' data: collect.tealiumiq.com *.appsflyer.com cms.ubank.com.au https://adservice.google.com https://adservice.google.com.au www.glassdoor.com.au apps.jobadder.com www.facebook.com *.doubleclick.net www.google-analytics.com www.google.com www.google.com.au www.googletagmanager.com https://cdn.optimizely.com *.jst.ai *.bing.com; connect-src 'self' *.gbqofs.io collect.tealiumiq.com www.google.com.au/ads/ analytics.google.com *.jst.ai www.google-analytics.com cms.ubank.com.au ubank2.wpengine.com stats.g.doubleclick.net *.appsflyer.com *.algolia.net *.algolianet.com *.algolia.io https://*.optimizely.com *.console.glassboxsaas.com *.report.gbss.io; object-src 'none'; 1
frame-ancestors 'self' *.step.com; 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: lcx-embed.bambuser.com dp64mxip2za0c.cloudfront.net widget-mediator.zopim.com d3saea0ftg7bjt.cloudfront.net static.zdassets.com *.cloudmaestro.com cdn.usehero.com www.elemis.com js-agent.newrelic.com www.googletagmanager.com www.google.com bam.nr-data.net bat.bing.com container.pepperjam.com tag.rmp.rakuten.com connect.facebook.net td.yieldify.com *.listrakbi.com cdn.attn.tv rec.smartlook.com www.google-analytics.com *.criteo.net *.us.criteo.com *.eu.criteo.com ut.ra.linksynergy.com custom.yieldify.com *.googleapis.com rec.smartlook.com *.thcdn.com rum-static.pingdom.net googleads.g.doubleclick.net bat.bing.com www.recaptcha.net www.gstatic.com www.googleadservices.com www.dwin1.com userexperience.thehut.net accdn.lpsnmedia.net pay.google.com lptag.liveperson.net na-library.playground.klarnaservices.com *.bazaarvoice.com *.signifyd.com *.akamaihd.net *.criteo.com  *.socialannex.com *.iubenda.com  cdn.iubenda.com intljs.rmtag.com  maxcdn.bootstrapcdn.com tpc.googlesyndication.com widget-mediator.zopim.com *.rewardstyle.com *.braintreegateway.com us.elemis.com uk.elemis.com eu.elemis.com *.klarnaservices.com *.klarnacdn.net *.cardinalcommerce.com js.braintreegateway.com na-library.klarnaservices.com b-code.liadm.com *.iesnare.com *.vimeo.com vimeo.com *.shopstylecollective.com s.pinimg.com ct.pinterest.com *.googleoptimize.com cdn.systema.ai ut.rd.linksynergy.com analytics.tiktok.com i.loopme.me api.addressy.com www.paypalobjects.com sc-static.net *.ascendpartner.com c1.socialannex.com *.paypal.com *.btttag.com acdn.adnxs.com *.clarity.ms *.google.com *.btttag.com *.google-analytics.com *.adnxs.com sc-static.net sslwidget.criteo.com *.duel.me *.pinterest.com *.ordergroove.com *.duel.me *.xtento.com *.livescale.tv *.smartlook.com *.snapchat.com *.permutive.com *.makeupar.com *.contentsquare.net app.contentsquare.com *.onetrust.com *.abtasty.com *.klarna.com dx.mountain.com px.mountain.com gs.mountain.com static.myshlf.us api.shopmy.us static.shopmy.us cdn.debugbear.com *.bambuser.com d38xvr37kwwhcm.cloudfront.net/js/grin-sdk.js cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.3.11/iframeResizer.min.js cnstrc.com *.online-metrix.net c.amazon-adsystem.com static.fbot.me campaign.fbot.me tags.srv.stackadapt.com 1
default-src 'self' 'unsafe-inline'; img-src * 'self' data: ; font-src 'self' https://fonts.gstatic.com/ https://use.typekit.net/ https://nationscdn.azureedge.net/ https://ka-f.fontawesome.com/; connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://nationscdn.azureedge.net/ https://fonts.googleapis.com/ https://use.typekit.net/ https://kit-free.fontawesome.com/ https://stackpath.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ https://ka-f.fontawesome.com/ ; frame-src 'self' https://11619105.fls.doubleclick.net/ https://www.google.com/ https://www.youtube.com/; media-src * 'self'; style-src 'self'  'unsafe-inline'  http://seal-seflorida.bbb.org https://fonts.googleapis.com/ https://code.jquery.com/ https://use.typekit.net https://p.typekit.net https://nationscdn.azureedge.net https://kit-free.fontawesome.com/ https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com ;  object-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com/ https://stackpath.bootstrapcdn.com/ https://nationscdn.azureedge.net/ https://cdnjs.cloudflare.com/ https://kit.fontawesome.com/ https://cdn.boomcdn.com/ https://www.googletagmanager.com/ https://www.google.com/ http://seal-seflorida.bbb.org/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://snap.licdn.com/ https://connect.facebook.net/ https://www.gstatic.com/ https://bat.bing.com http://bat.bing.com https://googleads.g.doubleclick.net/ 1
frame-ancestors 'self' https://*.castlery.com https://app.storyblok.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://kit.fontawesome.com https://cdn.cookietractor.com https://cdnjs.cloudflare.com https://player.vimeo.com https://mktdplp901cdn.azureedge.net https://df6ccce237f9494aa7ae788755b0e742.svc.dynamics.com https://mktdplp102cdn.azureedge.net https://api.qr-code-generator.com https://www.google.com https://www.gstatic.com https://www.vimeo.com https://vimeo.com https://www.googletagmanager.com https://code.jquery.com https://cdn.jsdelivr.net https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://snap.licdn.com  https://stackpath.bootstrapcdn.com https://pi.pardot.com https://www2.segalco.com https://unpkg.com https://create.piktochart.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://kit.fontawesome.com https://ka-p.fontawesome.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://pro.fontawesome.com https://use.typekit.net https://cdn.jsdelivr.net https://p.typekit.net; img-src 'self' data: https://mdbcdn.b-cdn.net https://umbraco.tv https://df6ccce237f9494aa7ae788755b0e742.svc.dynamics.com https://api.qr-code-generator.com https://www.linkedin.com https://www.googletagmanager.com https://c0.piktochart.com https://create.piktochart.com https://www.gravatar.com https://i.vimeocdn.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.google-analytics.com; frame-src 'self' https://app.powerbi.com https://td.doubleclick.net https://app.smartsheet.com https://df6ccce237f9494aa7ae788755b0e742.svc.dynamics.com https://www.podbean.com https://www.google.com https://player.vimeo.com https://vars.hotjar.com; connect-src 'self' https://px.ads.linkedin.com https://analytics.google.com https://cdn.linkedin.oribi.io https://df6ccce237f9494aa7ae788755b0e742.svc.dynamics.com https://content.hotjar.io wss://wsp32.hotjar.com wss://ws32.hotjar.com https://ws32.hotjar.com https://api.qr-code-generator.com https://fonts.piktochart.com https://stats.g.doubleclick.net https://create.piktochart.com https://www.google-analytics.com https://in.hotjar.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com https://cf.piktochart.com https://pro.fontawesome.com https://use.typekit.net; media-src 'self' https://vod-progressive.akamaized.net; 1
base-uri 'none'; connect-src https://*.sentry.io/api/; default-src 'none'; font-src 'self'; form-action 'none'; frame-ancestors 'none'; img-src 'self' https://*.cyberbits.eu/; style-src 'unsafe-inline'; report-uri https://o4505555273515008.ingest.sentry.io/api/4505555281182720/security/?sentry_key=4840341ae86a4960b8d7f5f0809ce6a6 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com 1
default-src 'self' *.cdninstagram.com *.sibforms.com *.kundo.se ws: wss: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/api/player.js *.jquery.com *.google-analytics.com *.clarity.ms https://sibforms.com/forms/end-form/build/main.js  *.sendinblue.com *.googletagmanager.com  https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ http://connect.facebook.net/en_US/sdk.js *.zinzino.com/shop/cart/GetSharedCart https://cdn.prod.zinzino.com/cms/ *.kundo.se https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://code.jquery.com https://maxcdn.bootstrapcdn.com https://www.facebook.com *.episerver.net *.bing.com *.virtualearth.net *.ne.cision.com *.sproutvideo.com *.trustpilot.com; style-src 'self' 'unsafe-inline' *.sproutvideo.com https://static-chat.kundo.se/static/ https://chat.kundo.se *.jquery.com https://sibforms.com/forms/end-form/build/sib-styles.css https://cdn.prod.zinzino.com https://fonts.googleapis.com *.episerver.net *.bing.com https://maxcdn.bootstrapcdn.com; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdn.prod.zinzino.com *.sibforms.com data:; connect-src 'self' https://chat.kundo.se/ https://sentry.kundo.se/api/ wss://ws-eu.pusher.com/app/ https://*.pusher.com/ https://kundo.se/attachment/upload/ https://static.kundo.se/static/ *.google-analytics.com *.onetrust.com *.sibforms.com *.sendinblue.com https://cdn.cookielaw.org/scripttemplates/ https://geolocation.onetrust.com/cookieconsentpub/ https://cdn.cookielaw.org/consent/ *.kundo.se https://dc.services.visualstudio.com ws: wss: *.bing.com *.virtualearth.net *.ne.cision.com; img-src 'self' data: http: https: https://kundo.se https://static.kundo.se https://chat.kundo.se; child-src 'self' https://socialwalls.taggbox.com/ https://player.vimeo.com/ https://vimeo.com/ https://www.vimeo.com/ https://app.sli.do/ https://zinzinowebcdn.azureedge.net/ *.clevercast.com https://vimeo.com/live-chat/783628332 *.cdninstagram.com *.kundo.se https://www.youtube.com https://api.screen9.com/ https://videos.sproutvideo.com *.sproutvideo.com *.trustpilot.com https://widgets.sociablekit.com *.sibforms.com; 1
default-src * blob:;script-src 'self' 'unsafe-inline'  'unsafe-eval'  changba.com *.changba.com *.changbaimg.com *.cdn.changbaimg.com *.bootcss.com *.bokecc.com *.qbox.me *.google-analytics.com *.qq.com *.alipay.com *.alibaba.com *.aliyun.com  *.alicdn.com hm.baidu.com *.cnzz.com *.cnzz.cn *.irs01.com  irs01.com zz.bdstatic.com *.zhanzhang.baidu.com s.url.cn cdn.jsdelivr.net unpkg.com blob:;style-src * 'unsafe-inline';frame-src 'self' changba.com *.changba.com changba://* https://*.qq.com webcompt: https://* yy://*;img-src 'self' data: blob: *;media-src 'self' data: blob: *;font-src 'self' data: * 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api-na.geetest.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://csi.gstatic.com https://kit.fontawesome.com https://maps.googleapis.com https://oss.maxcdn.com https://rum-static.pingdom.net https://sealserver.trustwave.com https://ssl.comodoca.com https://stackpath.bootstrapcdn.com https://static.geetest.com https://translate.google.com/ https://translate.googleapis.com https://www.bing.com/translator/api/translate https://www.google.com https://www.google.com/recaptcha/ https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://accept.authorize.net/payment/payment https://verify.authorize.net:443 https://snap.licdn.com https://px.ads.linkedin.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://csi.gstatic.com https://fonts.googleapis.com https://maps.googleapis.com https://oss.maxcdn.com https://sealserver.trustwave.com https://ssl.comodoca.com https://static.geetest.com https://translate.googleapis.com https://www.google-analytics.com https://accept.authorize.net/payment/payment; img-src 'self' data: https://www.google-analytics.com https://www.google.com/ads/ga-audiences https://ads.yahoo.com https://cdnjs.cloudflare.com https://csi.gstatic.com https://insight.adsrvr.org https://maps.googleapis.com https://maps.gstatic.com/ https://oss.maxcdn.com https://sealserver.trustwave.com https://ssl.comodoca.com https://static.geetest.com https://translate.google.com https://translate.googleapis.com https://www.facebook.com https://www.google.com/images/ https://www.google-analytics.com https://www.gstatic.com https://www.paypalobjects.com https://x.bidswitch.net https://accept.authorize.net/payment/payment https://verify.authorize.net/ https://ssl.comodoca.com/ https://px.ads.linkedin.com https://www.googletagmanager.com; frame-src 'self' https://www.google.com/recaptcha/ https://payflowlink.paypal.com/ https://www.facebook.com https://accept.authorize.net/payment/payment; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://ka-f.fontawesome.com; connect-src 'self' 'unsafe-inline' https://ka-f.fontawesome.com https://rum-collector-2.pingdom.net https://stats.g.doubleclick.net/j/collect https://translate.googleapis.com https://www.bing.com/translator/api/translate https://www.google-analytics.com https://accept.authorize.net/payment/payment https://cdn.linkedin.oribi.io https://px.ads.linkedin.com/wa/ https://www.googletagmanager.com https://px.ads.linkedin.com; frame-ancestors 'self' *.nursys.com *.authorize.net 1
frame-ancestors 'self' closeup.staedelmuseum.de stcu-frontend.netlify.app 1
frame-ancestors self https://plm.somalabs.com.br 1
frame-ancestors 'self' *.luxair.lu *.luxairtours.lu 1
object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/ https://translate.google.com *.googleapis.com https://www.googletagmanager.com https://static.addtoany.com/ https://www.gstatic.com/ https://fonts.googleapis.com https://translate-pa.googleapis.com/ https://e.infogram.com/ *.jobadder.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.jsdelivr.com https://www.gstatic.com https://fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; report-uri https://www.app.com.au/report-uri/enforce 1
default-src 'self' https://*.mixpanel.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://ekr.zendesk.com wss://mixpanelsupport.zendesk.com https://mixpanel.com https://*.mixpanel.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.trychameleon.com https://*.hotjar.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://cdn.rollbar.com https://js.stripe.com https://*.zdassets.com https://*.zopim.com https://assets.zendesk.com https://www.youtube.com/embed/ https://connect.facebook.net https://apis.google.com https://accounts.google.com 'unsafe-eval' https://*.6sc.co https://static.addtoany.com https://*.adroll.com https://*.bing.com https://cdn.bizible.com https://*.clarity.ms https://cdnjs.cloudflare.com d2wy8f7a9ursnm.cloudfront.net https://*.doubleclick.net https://www.dwin1.com https://*.google.com https://*.google-analytics.com https://*.googlesyndication.com https://www.googletagmanager.com https://*.gstatic.cn https://*.gstatic.com https://*.g2crowd.com https://snap.licdn.com https://*.marketo.com https://*.marketo.net https://mixpanel.com https://*.mixpanel.com https://*.mutinycdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.net https://*.recaptcha.net https://www.redditstatic.com/ads/ https://*.singular.net https://*.ads-twitter.com https://mxpnlcms.wpengine.com https://*.youtube.com https://*.zoominfo.com; connect-src 'self' blob: data: https://*.trychameleon.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.mixpanel.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://api.rollbar.com https://api.sprig.com https://*.zdassets.com https://mixpanelsupport.zendesk.com https://*.zopim.com wss://*.zopim.com https://storage.googleapis.com https://*.facebook.com https://*.6sc.co https://*.adnxs.com https://*.bing.com https://*.bugsnag.com https://*.clarity.ms https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://*.googlesyndication.com https://*.g2crowd.com https://*.linkedin.com https://mixpanel.com https://*.mixpanel.com https://*.mktoresp.com https://*.mutinyhq.com https://*.mutinyhq.io https://*.mutinycdn.com https://cdn.linkedin.oribi.io https://*.reddit.com https://www.redditstatic.com/ads/ https://*.singular.net https://mxpnlcms.wpengine.com https://*.zoominfo.com; img-src 'self' blob: data: https://*.chmln-cdn.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://*.zdassets.com https://*.zopim.com https://v2uploads.zopim.io https://*.facebook.com https://*.gravatar.com https://*.wp.com https://*.3lift.com https://*.33across.com https://*.6sc.co https://*.adnxs.com https://*.adroll.com https://*.bidswitch.net https://*.bing.com https://cdn.bizible.com https://cdn.bizibly.com https://*.bugsnag.com https://*.casalemedia.com https://*.clarity.ms https://*.crwdcntrl.net https://*.doubleclick.net https://*.exelator.com https://*.google-analytics.com https://*.googlesyndication.com https://www.googletagmanager.com https://*.googleusercontent.com https://*.imrworldwide.com https://*.linkedin.com https://mixpanel.com https://*.mixpanel.com https://*.mutinycdn.com https://*.openx.net https://sync.outbrain.com https://*.pubmatic.com https://*.reddit.com https://idsync.rlcdn.com https://pixel.rubiconproject.com https://pixel.sitescout.com/ https://sync.taboola.com https://*.turn.com/ https://t.co/ https://analytics.twitter.com https://beacon.walmart.com https://*.wpengine.com https://mxpnlcms.wpengine.com https://mxpnlcms.wpenginepowered.com https://*.analytics.yahoo.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; style-src 'self' 'unsafe-inline' https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://*.google.com https://*.marketo.com https://mixpanel.com https://*.mixpanel.com https://hello.myfonts.net; font-src 'self' data: https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://mixpanel.com https://*.mixpanel.com; frame-src 'self' https://js.stripe.com https://www.loom.com/embed/ https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://*.facebook.com https://accounts.google.com https://static.addtoany.com https://*.bing.com https://*.doubleclick.net https://*.google.com https://*.marketo.com https://mixpanel.com https://*.mixpanel.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://recaptcha.net https://*.recaptcha.net; worker-src 'self' blob:; 1
default-src 'none'; script-src 'self' https://www.leopoldina.org/fileadmin/templates/js/etracker/disableCookies.js https://www.leopoldina.org/fileadmin/templates/js/etracker/etrackerpage.js https://www.leopoldina.org/fileadmin/templates/js/jquery/jquery-1.8.3.min.js https://www.leopoldina.org/fileadmin/templates/js/jquery/jquery.ui.core.js https://www.leopoldina.org/fileadmin/templates/js/jquery/jquery.ui.effects.core.js https://www.leopoldina.org/fileadmin/templates/js/jquery/jquery.ui.widget.js https://www.leopoldina.org/fileadmin/templates/js/jquery/jquery.ui.datepicker.js https://www.leopoldina.org/fileadmin/templates/js/jquery/jquery.fancybox-1.3.4.js https://www.leopoldina.org/fileadmin/templates/js/jquery/jquery.hoverIntent.minified.js https://www.leopoldina.org/fileadmin/templates/js/jquery/jquery.ui.slide.js https://www.leopoldina.org/typo3conf/ext/femanager/Resources/Public/JavaScript/Femanager.min.js https://www.leopoldina.org/typo3conf/ext/femanager/Resources/Public/JavaScript/Validation.min.js https://www.leopoldina.org/typo3conf/ext/powermail/Resources/Public/JavaScript/Powermail/Form.min.js https://www.leopoldina.org/typo3conf/ext/powermail/Resources/Public/JavaScript/Powermail/Tabs.min.js https://www.leopoldina.org/typo3conf/ext/powermail/Resources/Public/JavaScript/Libraries/parsley.min.js https://www.leopoldina.org/typo3conf/ext/powermail/Resources/Public/JavaScript/Libraries/jquery.datetimepicker.min.js https://www.leopoldina.org/typo3conf/ext/leoevents/Resources/Public/JavaScript/AutoComplete.js https://www.leopoldina.org/typo3conf/ext/rsmleosolr/Resources/Public/JavaScript/suggest_controller.js https://www.leopoldina.org/fileadmin/templates/js/main.js https://www.leopoldina.org/fileadmin/templates/js/plyr.min.js https://www.leopoldina.org/fileadmin/templates/js/select.js https://www.leopoldina.org/fileadmin/templates/js/swipesensejs.js https://www.leopoldina.org/fileadmin/templates/js/cookies/functions.js https://www.leopoldina.org/fileadmin/templates/js/cookies/js.cookie.min.js https://static.etracker.com https://www.etracker.de https://code.etracker.com https://www.leopoldina.org/typo3conf/ext/tt_address/Resources/Public/JavaScript/leaflet-core-1.4.0.js https://www.leopoldina.org/typo3conf/ext/tt_address/Resources/Public/JavaScript/Frontend/Leaflet.js https://www.leopoldina.org/typo3conf/ext/tt_address/Resources/Public/JavaScript/Frontend/GoogleMaps.js https://www.leopoldina.org/typo3conf/ext/tt_address/Resources/Public/JavaScript/LeafletBackend.js https://www.leopoldina.org/typo3conf/ext/rsmleosolr/Resources/Public/JavaScript/facet_daterange_controller.js https://www.leopoldina.org/typo3conf/ext/sr_freecap/Resources/Public/JavaScript/freeCap.js https://www.leopoldina.org/typo3conf/ext/paste_reference/Resources/Public/JavaScript/PasteReferenceDragDrop.js https://www.leopoldina.org/typo3conf/ext/paste_reference/Resources/Public/JavaScript/ContextMenuActions.js https://www.leopoldina.org/typo3conf/ext/paste_reference/Resources/Public/JavaScript/PasteReferenceOnReady.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/Chart.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/FormModal.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/suggest_controller.js https://www.leopoldina.org/fileadmin/templates/js/suggest_controller.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/facet_daterange_controller.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/SearchStatistics.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/search_controller.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/JQuery/jquery.min.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/JQuery/ui-i18n/jquery.ui.datepicker-nl.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/JQuery/ui-i18n/jquery.ui.datepicker-de.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/JQuery/ui-i18n/jquery.ui.datepicker-fr.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/JQuery/jquery.autocomplete.min.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/JQuery/jquery.URI.min.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/JQuery/jquery-ui.min.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/JQuery/URI.min.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/facet_options_controller.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/facet_numericrange_controller.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/Bootstrap/npm.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/Bootstrap/bootstrap.min.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/Bootstrap/bootstrap.js https://www.leopoldina.org/typo3conf/ext/leoperson/Resources/Public/JavaScript/AutoComplete.js https://maps.google.com https://maps.googleapis.com 'sha256-VnKcPF0SXI7vrqHHFBxL8Nu265d7FOcxnIR7UZMsmik=' 'sha256-EetSc5juzrKThnoUU8TiYNxEMQsUf2qgvd796Y1752c=' 'sha256-5PW87MEdKmJraglxwIr/bMIhXd1wO1jpkK43BfgKYp4=' 'sha256-eNrWMNNA2u2tgugMoaRfWUL9X/EPD9IJ2xYbLdh72z0=' 'sha256-ME31pCqq/7wD00eg3taCEaVmPN7dtAUOaf06Pql0t0Y=' 'sha256-Y/TZkhs0X7DJKF84rNRqe/Ln+I0RfOETL4P7oazR0fs=' 'sha256-0hFLJdsRf/fTQI9pvqO/Sqpiz5otuAGPlptTo/iBYfY=' 'sha256-Wpv58zCqWBy5cNtpCGlDuSxfM68Jt9nw9JX/ApU0zHo=' 'sha256-iNVTx2rrCEFZZqiFpJEIFSHSUdyLcOYpttdxVMnWA20=' 'sha256-NQ4ECg+FMl6LSSoGmYFqKfu5QQjDDE5stg7LGR4QyTM=' 'sha256-jobAp9Jo2TTOCKsgeKT2tK4Ne8fiz90iAA2Of8WdsIo='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.leopoldina.org https://maps.gstatic.com https://*.googleapis.com data:; font-src https://www.leopoldina.org https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://www.etracker.de https://consentcdn.cookiebot.com https://platform.twitter.com https://www.youtube-nocookie.com https://player.vimeo.com https://play.google.com https://www.youtube.com https://maps.googleapis.com; report-uri /typo3conf/ext/csp/csp_report.php 1
default-src 'self'; connect-src *; font-src * data: blob:; media-src 'self' data: *.contentstack.io; frame-src *.livechatinc.com *.acuvue.ru *.platformsh.site coupons.valassis.eu *.qualtrics.com *.eprize.net *.optimizely.com *.doubleclick.net *.acuvue.com my.walls.io www.google.com www.youtube.com; img-src * data: blob:; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.facebook.net static.cloudflareinsights.com *.onetrust.com apps.mypurecloud.com cdn.cookielaw.org js-agent.newrelic.com www.google-analytics.com *.optimizely.com *.googletagmanager.com *.pulseinsights.com www.gstatic.com walls.io www.google.com maps.googleapis.com www.youtube.com code.jquery.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.livechatinc.com *.qualtrics.com *.googletagmanager.com *.googleadservices.com *.clarity.ms *.walkme.com *.facebook.net static.cloudflareinsights.com *.onetrust.com *.pulseinsights.com apps.mypurecloud.com cdn.cookielaw.org js-agent.newrelic.com maps.googleapis.com walls.io www.google.com www.gstatic.com www.youtube.com *.optimizely.com *.google-analytics.com; style-src 'self' 'unsafe-inline' apps.mypurecloud.com *.onetrust.com *.googleapis.com www.gstatic.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *.walkme.com *.onetrust.com apps.mypurecloud.com fonts.googleapis.com www.gstatic.com; report-to endpoint-1; report-uri https://api.acuvue.com/vis/v1/csp-reports; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-M5ZdefngTinuMpIPI/a7hA=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.reiwa.net *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org s7.addthis.com securepubads.g.doubleclick.net m.addthis.com z.moatads.com *.safeframe.googlesyndication.com adservice.google.com https://assets.pinterest.com https://edge.addthis.com https://cdn.plyr.io *.leadplusdev.com.au *.leadplus.com.au player.vimeo.com reiapplynow.com.au reiwa.reiapplynow.com.au *.reiformslive.com.au *.agentaccount.com *.npgcdn.net/lec.js *.bootstrapcdn.com adservice.google.com.au *.2mdn.net *.googletagservices.com *.googlesyndication.com *.rubiconproject.com https://cdn.evgnet.com www.googletagmanager.com www.googleoptimize.com script.crazyegg.com www.googleadservices.com secure-ds.serving-sys.com bs.serving-sys.com s.yimg.com googleads.g.doubleclick.net rtb.loopa.net.au *.cloudflareinsights.com https://reiwa.australia-3.evergage.com *.jsdelivr.net *.hotjar.com *.dotmetrics.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://cdn.plyr.io reiapplynow.com.au reiwa.reiapplynow.com.au *.reiformslive.com.au *.agentaccount.com *.leadplus.com.au *.leadplusdev.com.au *.bootstrapcdn.com https://reiwa.australia-3.evergage.com *.jsdelivr.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com reiapplynow.com.au reiwa.reiapplynow.com.au *.reiformslive.com.au netdna.bootstrapcdn.com data: *.reiwa.net; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://www.addthis.com https://log.pinterest.com https://reiwa.com.au *.reiwa.net reiapplynow.com.au reiwa.reiapplynow.com.au *.reiformslive.com.au *.npgcdn.net *.swagger.io *.leadplusdev.com.au *.leadplus.com.au *.agentaccount.com *.corelogic.asia reiwastorprimg.blob.core.windows.net reiwastortestimg.blob.core.windows.net googleads4.g.doubleclick.net *.moatads.com *.googlesyndication.com *.rubiconproject.com *.google.com *.google.com.au sp.analytics.yahoo.com *.reiwa.com.au *.googletagmanager.com reiwastordvcommon.blob.core.windows.net reiwastorprcommon.blob.core.windows.net *.ratemyagent.com.au *.doubleclick.net *.dotmetrics.net; media-src 'self' data: blob: *.captur3d.io *.matterport.com realestateinmotion.com.au *.ipropertyexpress.com; child-src 'self' *.reiwa.net *.reiwa.com.au https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.visionabacus.net edge.addthis.com https://assets.pinterest.com https://*.addthis.com https://www.google.com my.matterport.com *.captur3d.io https://vtc.virtualtourscreator.com.au https://fb.watch https://3dtours.aperture22.com.au https://bestvirtualtours.co https://tour.virtual-inspection.com https://kuula.co https://app.pirsee.com https://360tours.propertydigital.com.au reiapplynow.com.au reiwa.reiapplynow.com.au *.reiformslive.com.au *.safeframe.googlesyndication.com *.2mdn.net *.googlesyndication.com *.fls.doubleclick.net bid.g.doubleclick.net *.safeframe.usercontent.goog console.googletagservices.com cdn.diakrit.com app.inspectrealestate.com.au openhouse.littlehinges.com.au matterport.com *.open2view.com.au *.openn.com.au anz.openn.com realestateinmotion.com.au roundme.com tour.vieweet.com *.diakrit.com *.realestateinmotion.com.au *.au.open2view.com *.cloudpano.com https://reiwa.australia-3.evergage.com *.ipropertyexpress.com *.doubleclick.net *.dotmetrics.net; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com securepubads.g.doubleclick.net https://noembed.com https://cdn.plyr.io https://pagead2.googlesyndication.com https://maps.googleapis.com *.leadplusdev.com.au *.leadplus.com.au *.agentaccount.com wss://10.100.41.76:21021 *.g.doubleclick.net analytics.google.com lm.serving-sys.com secure-ds.serving-sys.com s.yimg.com www.google.com.au www.google.com *.evergage.com *.facebook.com *.addthis.com https://reiwa.australia-3.evergage.com *.hotjar.io wss://ws.hotjar.com *.dotmetrics.net; 1
default-src 'self' *.intelli.host;script-src 'self' use.fontawesome.com www.google.com www.googletagmanager.com *.intelli.host www.gstatic.com 'unsafe-inline';font-src 'self' fonts.gstatic.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';media-src 'self' *.intelli.host; frame-src 'self' *.intelli.host www.google.com; 1
default-src 'none'; style-src https://tunnelblick.net https://www.tunnelblick.net; img-src https://tunnelblick.net https://www.tunnelblick.net; 1
frame-ancestors 'self' https://www.devfmx.wpengine.com 1
frame-ancestors 'self' https://portalpasazerawidget.plk-sa.pl/; default-src 'unsafe-inline'  https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://plk-sa.pl https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl ; script-src 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.gstatic.com https://platform.twitter.com https://pixel.fasttony.es https://connect.facebook.net https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google.com https://*.googleapis.com https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://plk-sa.pl https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl  data:; style-src 'unsafe-inline' https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://plk-sa.pl https://*.google-analytics.com  https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.facebook.com https://portalpasazera.pl  data:; img-src 'self' https://i.ytimg.com https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://plk-sa.pl https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl  data: 1
upgrade-insecure-requests; default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 1
default-src 'self' p11.techlab-cdn.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdw.com *.cdwg.com *.richrelevance.com *.qualtrics.com *.optimizely.com *.hotjar.com *.needle.com *.demandbase.com *.appspot.com *.facebook.net *.googleadservices.com *.doubleclick.net *.google-analytics.com *.bing.com *.googleapis.com analytics.po.st po.st *.cnetcontent.com *.cnetcontentsolutions.com *.akamaihd.net *.google.com *.twitter.com *.justuno.com *.netapp.com *.demdex.net *.d41.co *.cxense.com *.ads-twitter.com pactsafe.io *.webcollage.net *.ziftsolutions.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com *.ytimg.com t.sellpoints.com a.sellpoint.net *.flixfacts.com *.youtube.com *.flixcar.com *.flix360.com *.easy2.com *.go-mpulse.net *.linkedin.com *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.bluecore.com p.adsymptotic.com *.adsrvr.org *.dotomi.com blob: *.flixsyndication.net data.g2.com *.g2crowd.com *.adobe.com *.hotjar.io *.spexlive.net *.gstatic.com *.leadsrx.com *.turnto.com *.licdn.com *.hs-scripts.com *.ispot.tv *.youvisit.com *.vmwarepartnerdemandcenter.com *.hsleadflows.net *.hs-banner.com *.hsforms.net *.hubapi.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.hs-analytics.net js.usemessages.com *.hscollectedforms.net *.redditstatic.com *.reddit.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeo.com *.hp.com *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.launchdarkly.com *.onetrust.com *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.w55c.net *.pdst.fm *.botframework.com *.pactsafe.io *.peerspot.com *.sketchfab.com p11.techlab-cdn.com;style-src 'self' 'unsafe-inline' *.cdw.com *.cdwg.com *.needle.com *.googleapis.com *.cnetcontent.com *.justuno.com *.webcollage.net *.ziftsolutions.com t.sellpoints.com a.sellpoint.net *.flixcar.com *.easy2.com *.amazonaws.com *.twitter.com *.cloudfront.net blob: *.typekit.net *.adobe.com *.spexlive.net *.turnto.com *.syndigo.com *.syndigo.cloud *.scene7.com *.etilize.com *.1worldsync.com *.spexaccess.net *.sketchfab.com;img-src 'self' *.cdw.com *.cdwg.com *.qualtrics.com *.optimizely.com *.needle.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.bing.com *.cnetcontent.com *.cnetcontentsolutions.com *.akamaihd.net *.google.com *.justuno.com *.netapp.com *.demdex.net *.cxense.com *.webcollage.net *.ziftsolutions.com *.googletagmanager.com *.googletagservices.com *.ytimg.com t.sellpoints.com a.sellpoint.net *.flixfacts.com *.youtube.com *.flixcar.com *.flix360.com *.easy2.com *.amazonaws.com *.twitter.com *.linkedin.com *.company-target.com *.facebook.com *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.adobecqms.net *.turn.com *.everesttech.net *.adnxs.com ads.yahoo.com *.bluecore.com *.prod.bidr.io cdn.optimizely.com *.twitter.com p.adsymptotic.com *.adsrvr.org data: *.dotomi.com *.flixsyndication.net *.adobe.com *.sc.omtrdc.net *.spexlive.net *.windows.net *.edgecastcdn.net *.licdn.com *.ispot.tv *.youvisit.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.mediaiqdigital.com *.redditstatic.com *.reddit.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeocdn.com *.mintigo.com *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.w55c.net *.pactsafe.io *.peerspot.com *.sketchfab.com;frame-src 'self' *.cdw.com *.cdwg.com *.qualtrics.com *.hotjar.com *.needle.com *.doubleclick.net *.cnetcontent.com *.cnetcontentsolutions.com *.google.com *.twitter.com *.justuno.com *.demdex.net *.cxense.com *.webcollage.net *.ziftsolutions.com *.googletagmanager.com *.googletagservices.com a.sellpoint.net *.youtube.com *.flixcar.com *.easy2.com *.facebook.com *.rlcdn.com *.cloudfront.net rs.gwallet.com *.cdwemail.com www.emjcd.com *.dotomi.com *.kingston.com *.flixsyndication.net *.adobe.com *.hotjar.io *.spexlive.net *.exct.net *.youvisit.com *.vmwarepartnerdemandcenter.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeo.com *.hp.com chromeos-selector-cdw-prod.web.app *.etilize.com *.1worldsync.com *.spexaccess.net *.onetrust.com *.criteo.com *.criteo.net *.se.com *.sketchfab.com;font-src * data:;connect-src 'self' *.cdw.com *.cdwg.com *.richrelevance.com *.qualtrics.com *.optimizely.com *.hotjar.com *.needle.com *.demandbase.com *.appspot.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.bing.com *.googleapis.com *.cnetcontent.com *.akamaihd.net *.google.com *.justuno.com *.netapp.com *.demdex.net *.d41.co *.cxense.com *.webcollage.net *.googletagmanager.com *.googletagservices.com t.sellpoints.com a.sellpoint.net *.go-mpulse.net *.twitter.com *.company-target.com *.facebook.com *.cdnwidget.com *.cloudfront.net *.bluecore.com p.adsymptotic.com wss://*.hotjar.com p.po.st *.cdnbasket.net *.akstat.io data.g2.com *.g2crowd.com *.adobe.com *.hotjar.io *.spexlive.net *.leadsrx.com *.turnto.com *.ispot.tv *.hubapi.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.scene7.com *.addressy.com *.etilize.com *.1worldsync.com *.quantserve.com *.spexaccess.net *.launchdarkly.com *.onetrust.com *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.w55c.net *.pdst.fm *.botframework.com wss://*.botframework.com *.pactsafe.io *.sketchfab.com p11.techlab-cdn.com;object-src 'self' a.sellpoint.net *.scene7.com;media-src 'self' *.cdw.com *.cnetcontent.com *.webcollage.net *.flixfacts.com *.youtube.com blob: *.flixsyndication.net *.spexlive.net *.youvisit.com *.syndigo.com *.syndigo.cloud *.tiqcdn.com *.scene7.com *.etilize.com *.1worldsync.com *.spexaccess.net *.sketchfab.com;worker-src 'self' *.needle.com *.cloudfront.net blob:; 1
default-src 'self' https://*.mimo.com.br; img-src 'self' https://*.mimo.com.br * data: blob: https:; media-src 'self' https://*.mimo.com.br * data: blob: https:; worker-src 'self' https://*.mimo.com.br blob:; frame-src 'self' https://*.mimo.com.br https://*.google.com https://*.firebaseio.com https://*.firebaseapp.com https://td.doubleclick.net; script-src 'self' https://*.mimo.com.br 'unsafe-eval' 'unsafe-inline' https://*.google.com https://*.gstatic.com https://*.firebaseio.com data: https://receiver.posclick.dinamize.com https://*.googletagmanager.com https://*.google-analytics.com https://static.hotjar.com https://googleads.g.doubleclick.net https://snap.licdn.com https://connect.facebook.net; connect-src 'self' https://*.mimo.com.br data: wss://*.firebaseio.com https://*.live-video.net https://*.googleapis.com https://mimo-start-images.s3-accelerate.amazonaws.com https://b2b-prod-mimo.s3.us-east-2.amazonaws.com https://b2b-hml-mimo.s3.us-east-2.amazonaws.com https://b2b-dsv-mimo.s3.us-east-2.amazonaws.com https://analytics.google.com https://*.google-analytics.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://receiver.posclick.dinamize.com https://receiver.emkt.dinamize.com; font-src 'self' data: https://*.mimo.com.br https://fonts.googleapis.com https://fonts.gstatic.com https://mimo-fonts.s3.us-east-2.amazonaws.com https://*.s3.us-east-2.amazonaws.com https://s3-us-east-2.amazonaws.com; style-src 'self' https://*.mimo.com.br 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://mimo-fonts.s3.us-east-2.amazonaws.com; 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/; connect-src 'self' https://upload.cx:8443/socket.io/ wss://upload.cx:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' https://www.local.ch 1
font-src 'self' data: *.mangafuna.xyz *.mangafunb.fun *.yzcdn.cn *.alicdn.com; frame-src 'self' *.doubleclick.net *.mangafuna.xyz *.mangafunb.fun; script-src 'self' *.mangafuna.xyz *.mangafunb.fun *.googletagmanager.com *.bootcdn.net *.google-analytics.com 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.google-analytics.com *.doubleclick.net *.mangacopy.com *.copymanga.tv *.mangafuna.xyz *.mangafunb.fun; default-src 'self' *.mangacopy.com *.copymanga.tv; style-src 'self' *.mangafuna.xyz *.mangafunb.fun *.alicdn.com 'unsafe-hashes' 'unsafe-inline'; img-src 'self' data: blob: *.mangafuna.xyz *.mangafunb.fun *.trafficjunky.net *.exoclick.com 1
default-src 'none'; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-src https://www.facebook.com https://www.youtube.com https://archivos.ujat.mx https://biblioweb.ujat.mx https://publicaciones.ujat.mx https://cp.usastreams.com; img-src 'self' http://archivos.ujat.mx https://archivos.ujat.mx; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src https://archivos.ujat.mx; frame-ancestors 'none'; base-uri 'none'; media-src https://archivos.ujat.mx; 1
default-src 'self' *.jmark.com *.cloudfront.net *.amazonaws.com *.imgix.net *.typekit.net *.sentry-cdn.com *.marker.io *.termly.io *.cloudflare.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.usemessages.com *.linkedin.com *.licdn.com *.gstatic.com *.google.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.youtube.com *.ytimg.com *.zoominfo.com *.oribi.io *.bing.com; img-src 'self' data: *.jmark.com *.cloudfront.net *.amazonaws.com *.imgix.net *.typekit.net *.sentry-cdn.com *.marker.io *.termly.io *.cloudflare.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.usemessages.com *.linkedin.com *.licdn.com *.gstatic.com *.google.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.youtube.com *.ytimg.com *.zoominfo.com *.oribi.io *.bing.com; media-src 'self' *.jmark.com *.cloudfront.net *.amazonaws.com *.imgix.net *.typekit.net *.sentry-cdn.com *.marker.io *.termly.io *.cloudflare.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.usemessages.com *.linkedin.com *.licdn.com *.gstatic.com *.google.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.youtube.com *.ytimg.com *.zoominfo.com *.oribi.io *.bing.com; font-src 'self' *.jmark.com *.cloudfront.net *.amazonaws.com *.imgix.net *.typekit.net *.sentry-cdn.com *.marker.io *.termly.io *.cloudflare.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.usemessages.com *.linkedin.com *.licdn.com *.gstatic.com *.google.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.youtube.com *.ytimg.com *.zoominfo.com *.oribi.io *.bing.com; style-src 'self' 'unsafe-inline' *.jmark.com *.cloudfront.net *.amazonaws.com *.imgix.net *.typekit.net *.sentry-cdn.com *.marker.io *.termly.io *.cloudflare.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.usemessages.com *.linkedin.com *.licdn.com *.gstatic.com *.google.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.youtube.com *.ytimg.com *.zoominfo.com *.oribi.io *.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jmark.com *.cloudfront.net *.amazonaws.com *.imgix.net *.typekit.net *.sentry-cdn.com *.marker.io *.termly.io *.cloudflare.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.usemessages.com *.linkedin.com *.licdn.com *.gstatic.com *.google.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.youtube.com *.ytimg.com *.zoominfo.com *.oribi.io *.bing.com; connect-src 'self' *.jmark.com *.cloudfront.net *.amazonaws.com *.imgix.net *.typekit.net *.sentry-cdn.com *.marker.io *.termly.io *.cloudflare.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.usemessages.com *.linkedin.com *.licdn.com *.gstatic.com *.google.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.youtube.com *.ytimg.com *.zoominfo.com *.oribi.io *.bing.com; frame-src 'self' *.jmark.com *.cloudfront.net *.amazonaws.com *.imgix.net *.typekit.net *.sentry-cdn.com *.marker.io *.termly.io *.cloudflare.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.usemessages.com *.linkedin.com *.licdn.com *.gstatic.com *.google.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.youtube.com *.ytimg.com *.zoominfo.com *.oribi.io *.bing.com; 1
default-src https://dl.dropboxusercontent.com https://dl.dropbox.com https://podcastpusher.com/ https://prod-aaudxp-cms-001-app.azurewebsites.net 'self' https://aau-search-web-prod.azurewebsites.net/ https://stats.g.doubleclick.net/ https://fast.fonts.net/ https://*.linkedin.com/ https://www.facebook.com/ https://*.snapchat.com/ https://*.google.com https://cx.atdmt.com/ https://player.vimeo.com/ https://*.youtube.com/ https://www.youtube-nocookie.com/ https://*.twitter.com/ https://www.survey-xact.dk/ https://login.microsoftonline.com/ https://forms.office.com/ https://fonts.gstatic.com/ https://*.app.cookieinformation.com ; frame-ancestors 'none'; font-src 'self' data: fonts.gstatic.com; script-src https://www.clarity.ms https://cdn.scratcher.io/ https://universe-static.elfsightcdn.com https://tr.snapchat.com/ https://app.readpeak.com https://sc-static.net https://snap.licdn.com https://*.google.com/ https://www.google.com/cse/ 'self' 'unsafe-inline' https://maps.googleapis.com https://*.elfsight.com https://www.googletagmanager.com/ https://fast.fonts.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://apis.google.com/ https://*.twitter.com/ https://consent.app.cookieinformation.com/ https://*.youtube.com/ https://www.youtube-nocookie.com https://panopto.aau.dk https://player.vimeo.com https://youtube.com https://policy.app.cookieinformation.com/; connect-src https://e.clarity.ms https://dr.dk https://cors-proxy.utils.elfsightcdn.com https://www.aaudxp-plantwolearn.aau.dk https://*.licdn.com https://www.aaudxp-data.aau.dk https://www.aaudxp-crm.aau.dk https://www.aaudxp-vbn.aau.dk/ https://sgtm.aau.dk https://px.ads.linkedin.com https://www.google.com/ https://googleads.g.doubleclick.net/ https://*.snapchat.com/ https://cdn.linkedin.oribi.io/ https://region1.analytics.google.com/ https://podcastpusher.com/ 'self' https://maps.googleapis.com https://*.elfsight.com https://*.google-analytics.com  https://policy.app.cookieinformation.com/ https://consent.app.cookieinformation.com/api/consent ; img-src https://aau.plan2learn.dkdownload.ashx/ https://gallery-api.plan2learn.dk https://static.elfsight.com https://linkedin.com https://licdn.com https://www.aaudxp-media.aau.dk/ https://www.googletagmanager.com https://www.google-analytics.com/ https://phosphor.ivanenko.workers.dev/ https://sync.taboola.com/ https://cm.g.doubleclick.net/ https://ib.adnxs.com/ https://px.ads.linkedin.com/ https://app.readpeak.com/ https://www.google.dk https://ad.doubleclick.net https://*.gstatic.com/ https://dl.dropboxusercontent.com https://dl.dropbox.com http://*.google.com https://pbs.twimg.com/ https://media.licdn.com https://www.facebook.com/ https://vbn.aau.dk/ 'self' data: image/* https://i.vimeocdn.com https://i.ytimg.com https://img.youtube.com https://www.resources.aau.dk/ https://maps.gstatic.com https://maps.googleapis.com https://phosphor.utils.elfsightcdn.com https://prodaaudxpcms001st.blob.core.windows.net https://prod-aaudxp-cms-001-app.azurewebsites.net/; frame-src https://www.youtube.com/ https://create.plandisc.com/ https://www.moodle.aau.dk/ https://my.matterport.com https://login.microsoftonline.com/ https://tours.360company.dk/ https://tr.snapchat.com/ https://td.doubleclick.net/ https://1387381.fls.doubleclick.net/ https://open.spotify.com/ https://cse.google.com/ https://videoidfinder.vercel.app/ https://serviceinfo.dk/ https://eu.libraryh3lp.com/ https://alma-services-1.aub.aau.dk/ https://www.facebook.com/ https://www.survey-xact.dk/ 'self' *.svc.dynamics.com https://forms.office.com https://kuula.co/ https://policy.app.cookieinformation.com https://www.youtube-nocookie.com https://panopto.aau.dk https://player.vimeo.com; style-src  https://www.google.com/cse/ 'self' 'unsafe-inline' https://fonts.googleapis.com ; base-uri 'self'; form-action https://www.facebook.com/ 'self'; 1
frame-ancestors 'self' https://flock.com/; upgrade-insecure-requests 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-iUa2s/iPzVTLiowxwFsAo7z5a7VWdczu9AbAeWdvWdlN3Nj/' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' lob.de *.lehmanns.de *.lehmanns.ch lehmannspro.de lehmannsbib.de *.socialnet.de; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.lehmanns.de *.lehmanns.ch *.googleapis.com *.google-analytics.com *.vr-pay-ecommerce.de vr-pay-ecommerce.de oppwa.com widgets.trustedshops.com 1
frame-ancestors 'self' https://manage.militaryaerospace.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-yByKGlPVeBmYWWMYAWvs_A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp 1
default-src http: https: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' https://www-buickgmcanzures-com-mx.wpsegment15.proj.wpx.gm.com https://www.buickgmcanzures.com.mx https://www.chevroletjilotepec.com.mx https://www.chevroletamericasmotors.com.mx https://www.chevroletsanjuandelrio.com.mx https://www.chevroletcalidadsanjeronimo.com.mx https://www-chevroletamericasmotors-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletsanjuandelrio-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletcalidadsanjeronimo-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletconstituyentes-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletamericasmotors-com-mx.wpsegment15.prd1.wpx.gm.com https://www-chevroletsanjuandelrio-com-mx.wpsegment15.prd1.wpx.gm.com https://www-chevroletcalidadsanjeronimo-com-mx.wpsegment15.prd1.wpx.gm.com https://www-chevroletconstituyentes-com-mx.wpsegment15.prd1.wpx.gm.com https://z1.le.liveperson.net https://www-chevroletherrerazac-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletherrerazac-com-mx.wpsegment15.prd2.wpx.gm.com https://www.chevroletherrerazac.com.mx https://www-chevroletcentrohistorico-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletcentrohistorico-com-mx.wpsegment15.prd2.wpx.gm.com https://www.chevroletcentrohistorico.com.mx https://www-chevroletconstituyentes-com-mx.wpsegment15.prd1.wpx.gm.com https://www-chevroletconstituyentes-com-mx.wpsegment15.proj.wpx.gm.com https://www.chevroletconstituyentes.com.mx http://www.chevroletcentrohistorico.com https://www.chevrolet.com.co https://www.chevroletsf.com.co  https://www-chevrolet-com-co.prd1a.wpx.gm.com/plan-siempre-chevrolet https://www-buickgmccadillacloscabos-com-mx.proj.wpx.gm.com/ https://www-buickgmccadillacloscabos-com-mx.prd1.wpx.gm.com/ https://www.buickgmccadillacloscabos.com.mx/ https://www-chevroleteltreboluniversidad-com-mx.proj.wpx.gm.com/ https://www-chevroleteltreboluniversidad-com-mx.prd1.wpx.gm.com/ https://www.chevroleteltreboluniversidad.com.mx/ https://www-buickgmccuautla-com-mx.proj.wpx.gm.com/ https://www-buickgmccuautla-com-mx.prd1.wpx.gm.com/ https://www.buickgmccuautla.com.mx/; 1
default-src https:; frame-src https: blob:; connect-src https: blob:; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data:; img-src https: data:; object-src 'none'; media-src https: blob:; base-uri 'self' https://ihan.matomo.cloud https://datataloudentiekartta.fi https://elamantapatesti.sitra.fi https://lifestyletest.sitra.fi https://livsstilstest.sitra.fi; form-action 'self' https://sitra.creamailer.fi https://datataloudentiekartta.fi https://elamantapatesti.sitra.fi https://lifestyletest.sitra.fi https://livsstilstest.sitra.fi; frame-ancestors 'self' *.howspace.com; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://foapi.we-online.com https://coco.we-online.com https://enquiry.we-online.com https://www.googletagmanager.com https://html5-player.libsyn.com; font-src 'self' data: https://netdna.bootstrapcdn.com https://userlike-cdn-umm.b-cdn.net https://*.cloudfront.net; frame-ancestors https://redexpert.we-online.com/ https://cmsprod.we-group.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com/li.lms-analytics/insight.min.js https://hit.uptrendsdata.com https://redexpert.we-online.de https://userlike-cdn-umm.b-cdn.net https://*.cloudfront.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://redexpert.we-online.com https://coco.we-online.com https://www.youtube.com/s/player/ https://www.youtube.com/iframe_api https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://s.go-mpulse.net https://*.lfeeder.com; frame-src https://www.iqdfrequencyproducts.com https://redexpert.we-online.com https://careers.flatchr.io https://enquiry.we-online.com https://mit.we-online.com https://www.youtube.com https://www.facebook.com https://coco.we-online.com https://html5-player.libsyn.com https://*.go-mpulse.net; connect-src 'self' https://*.akamaihd.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://cdn.linkedin.oribi.io/partner/208516/domain/we-online.com/token https://hit.uptrendsdata.com https://region1.analytics.google.com https://userlike-cdn-umm.b-cdn.net https://www.facebook.com https://*.cloudfront.net wss://umd.userlike.com https://www.userlike.com https://api.userlike.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://stats.g.doubleclick.net https://redexpert.we-online.de/api/geoIp/ https://region1.google-analytics.com/ https://foapi.we-online.com https://coco.we-online.com https://api.we-online.com/svc/geoIp/ https://api.friendlycaptcha.com https://www.google-analytics.com https://s.go-mpulse.net https://c.go-mpulse.net https://px.ads.linkedin.com https://*.akstat.io blob: ; img-src 'self' data: base64 https://px.ads.linkedin.com https://www.google.de https://userlike-cdn-operators.userlike.com https://www.digikey.se https://www.digikey.de https://www.digikey.com https://region1.google-analytics.com https://redexpert.we-online.de https://redexpert.we-online.com https://www.powerelement.com https://userlike-store-media-files.s3.amazonaws.com https://userlike-cdn-operators.s3-eu-west-1.amazonaws.com https://i.ytimg.com https://we-online.com https://www.we-online.com https://coco.we-online.com https://www.kununu.com https://www.facebook.com https://www.instagram.com https://www.tiktok.com https://www.xing.com https://www.linkedin.com https://www.google-analytics.com https://www.googletagmanager.com https://*.lfeeder.com; style-src 'self' 'unsafe-inline' https://coco.we-online.com https://html5-player.libsyn.com; base-uri 'self'; form-action 'self' https://www.we-online.de https://mail.we-online.com https://www.facebook.com/tr/; worker-src 'self' blob: https://www.we-online.com; 1
frame-ancestors 'self' https://support.phorest.com/ https://phorest1547654878.zendesk.com/ https://phorest.zendesk.com/ https://www.salonownersummit.com/host 1
report-uri /cgi-bin/csp; default-src 'self' pagead2.googlesyndication.com securepubads.g.doubleclick.net; connect-src 'self' pagead2.googlesyndication.com googleads.g.doubleclick.net csi.gstatic.com *.google-analytics.com maps.googleapis.com *.paypalobjects.com *.paypal.com; font-src 'self' data: fonts.gstatic.com *.avast.com; frame-src 'self' *.radio-locator.com *.g.doubleclick.net *.googlesyndication.com *.google.com *.paypalobjects.com *.paypal.com; img-src 'self' data: *.google-analytics.com *.googleapis.com *.gstatic.com *.googlesyndication.com googleads.g.doubleclick.net *.googletagmanager.com *.paypalobjects.com *.paypal.com; manifest-src 'none'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' googleads.g.doubleclick.net *.googlesyndication.com maps.googleapis.com adservice.google.com adservice.google.ca adservice.google.com.mx adservice.google.de adservice.google.co.uk adservice.google.co.nz adservice.google.no adservice.google.ua adservice.google.it adservice.google.pr adservice.google.il adservice.google.za adservice.google.be adservice.google.fr *.googletagmanager.com *.googletagservices.com *.googleadservices.com *.google-analytics.com *.ampproject.org *.paypalobjects.com *.paypal.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com maps.googleapis.com *.googlesyndication.com; worker-src 'none'; form-action 'self'; frame-ancestors *.radio-locator.com; 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.alicdn.com *.baidu.com *.bdimg.com google.com *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com *.googletagmanager.com  www.googleadservices.com pagead2.googlesyndication.com *.amap.com *.qq.com res.wx.qq.com *.weibo.cn *.pstatp.com *.toutiao.com *.bcebos.com *.bdstatic.com *.doubleclick.net *.g.doubleclick.net *.qlogo.cn cdn-weixin-001.oss-cn-beijing.aliyuncs.com wsu.t3315.com cdnjs.cloudflare.com dvt.zoosnet.net en.yutong.com:* men.yutong.com:* opiwik.yutong.com:* 1
base-uri 'none'; connect-src 'none'; font-src 'none'; form-action 'self' https://www.isfdb.org https://www.google.com; frame-src 'none'; frame-ancestors 'none'; img-src http: https:; manifest-src 'none'; media-src 'none'; object-src 'none'; script-src 'self' https://www.isfdb.org; style-src 'self' https://www.isfdb.org; worker-src 'none'; 1
default-src 'none'; object-src 'none'; script-src 'self' *.humaninterest.com *.visualwebsiteoptimizer.com *.clarity.ms app.vwo.com www.google-analytics.com https://cdn.segment.com https://humaninterest.com https://js.chilipiper.com https://googleads.g.doubleclick.net/pagead/ https://www.googletagmanager.com https://www.google.com/pagead/ https://www.googleadservices.com/pagead/ https://tpc.googlesyndication.com https://pagead2.googlesyndication.com/pagead/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com https://bat.bing.com https://connect.facebook.net https://secure.perk0mean.com https://player.vimeo.com/api/player.js https://static.hotjar.com https://script.hotjar.com https://*.hubspot.com https://*.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hsleadflows.net https://js.hs-scripts.com https://js.hsadspixel.net https://js.usemessages.com; connect-src 'self' *.humaninterest.com *.humaninterest.com.test *.chilipiper.com *.visualwebsiteoptimizer.com *.clarity.ms *.hotjar.com *.hotjar.io app.vwo.com www.google-analytics.com https://humaninterest.com https://api.segment.io https://cdn.segment.com https://api.rollbar.com https://stats.g.doubleclick.net https://bat.bing.com https://adservice.google.com/pagead/ https://www.google.com/pagead/ https://*.googlesyndication.com/pagead/ https://pagead2.googlesyndication.com/pagead/ https://analytics.google.com https://graphql.contentful.com/content/v1/spaces/tj9jxg7kaxby https://assets.ctfassets.net/tj9jxg7kaxby/ https://browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://logs.browser-intake-datadoghq.com https://vimeo.com/api/ wss://*.hotjar.com https://*.hubspot.com https://*.hubapi.com https://www.facebook.com/tr/ https://cdn.linkedin.oribi.io/partner/41889/domain/humaninterest.com/token https://px.ads.linkedin.com; img-src 'self' data data: *.humaninterest.com *.chilipiper.com *.visualwebsiteoptimizer.com *.clarity.ms chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com script.hotjar.com www.google-analytics.com https://humaninterest.com https://hi-contentful.imgix.net https://human-interest-uploads.imgix.net https://humaninterest.imgix.net https://secure.gravatar.com https://px.ads.linkedin.com https://bat.bing.com https://c.bing.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://p.adsymptotic.com https://www.linkedin.com https://px4.ads.linkedin.com https://cx.atdmt.com https://googleads.g.doubleclick.net https://dev.visualwebsiteoptimizer.com https://i.vimeocdn.com/video/ https://images.ctfassets.net/tj9jxg7kaxby/ https://www.hotjar.com/images/ https://*.hubspot.com https://*.hsforms.com https://static.hsappstatic.net; style-src 'self' 'unsafe-inline' *.chilipiper.com *.visualwebsiteoptimizer.com app.vwo.com; font-src 'self' data: script.hotjar.com; media-src https://videos.ctfassets.net/tj9jxg7kaxby/; frame-src 'self' *.google.com *.chilipiper.com *.visualwebsiteoptimizer.com app.vwo.com vars.hotjar.com https://youtube.com https://player.vimeo.com https://bid.g.doubleclick.net https://td.doubleclick.net https://datawrapper.dwcdn.net https://businesscom.go2cloud.org https://www.g2.com/categories/401-k/ https://www.g2.com/products/human-interest-401-k/ https://app.hubspot.com https://*.hs-sites.com; manifest-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://arcwood.com 1
frame-ancestors 'self' http://*.intranet http://*.uolinc.com https://*.intranet https://*.uolinc.com https://www.uol.com.br; 1
frame-ancestors 'self' *.bhinnekalocal.com *.bhinneka.com *.bmdstatic.com 1
default-src 'self'; script-src 'self' 'nonce-590ccf3c-7e87-4b18-8ce8-c62a0284be00' www.googletagmanager.com https://*.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://tagmanager.google.com https://www.linkedin.com https://platform.twitter.com/ https://www.youtube.com https://prismic.io https://cookie-cdn.cookiepro.com https://www.onelink-edge.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://static.cdn.prismic.io https://geolocation.onetrust.com https://vitals.vercel-insights.com https://www.googleadservices.com 'sha256-XcxZTIrdL2Z+QnjoqtWcIeAzm/cuioLtkIflc5aq00M=' 'sha256-mjAPvJKRBATPwtDkDe1t+tw2mbmVjgXVfYImJfeAdz8=' 'sha256-nBCckS8/MlhVjGpI0ALuZfbZ9li+SBFBkK6IXVSXB/o=' 'sha256-j6uJgkKMhniv+VOHqKAnMhERagD+HgqaFbeiQQ45WXM='; font-src 'self' https://fonts.gstatic.com data: https://fonts.googleapis.com; style-src 'self' https://fonts.googleapis.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com 'unsafe-inline'; connect-src 'self' www.googletagmanager.com https://www.googleadservices.com https://tagmanager.google.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://www.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://privacyportal.cookiepro.com https://cookie-cdn.cookiepro.com https://www.linkedin.com https://www.onelink-edge.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://api.operator.worldcoin.org https://vitals.vercel-insights.com https://vault.pactsafe.io https://secure.ethicspoint.com https://geolocation.onetrust.com https://metrics.worldcoin.org; img-src 'self' blob: data: www.googletagmanager.com https://www.google.com https://tagmanager.google.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google-analytics.com https://worldcoin-company-website.cdn.prismic.io https://www.linkedin.com https://media.licdn.com https://i.ytimg.com https://images.prismic.io https://world-id-assets.com https://prismic-io.s3.amazonaws.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com; media-src 'self' blob: data: https://platform.twitter.com/ https://www.linkedin.com https://media.licdn.com https://worldcoin-company-website.cdn.prismic.io https://images.prismic.io https://prismic-io.s3.amazonaws.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com; frame-src 'self' https://platform.twitter.com/ https://www.youtube.com https://maps.googleapis.com https://worldcoin-company-website.prismic.io https://data.worldcoin.org https://td.doubleclick.net 1
frame-ancestors 'self' https://*.jeromes.com 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' ; img-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; style-src * data: blob: 'unsafe-inline' ; connect-src * data: blob: 'unsafe-inline' ; object-src 'none'; frame-src * data: blob: ; frame-ancestors 'self' https://www.rememberingalife.com data:; 1
frame-ancestors 'none'; default-src * 'unsafe-inline' 'unsafe-eval' blob: *.mojeek.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com/v3/; img-src 'self' data: *.mojeek.com; object-src 'none'; base-uri 'self'; form-action 'self' https://checkout.stripe.com 1
default-src 'self' fsk.ru *.frabbit.ru; font-src 'self' fsk.ru *.frabbit.ru data: fonts.gstatic.com; connect-src 'self' fsk.ru *.frabbit.ru *.google-analytics.com mc.yandex.ru uaas.yandex.ru my.smartis.bi *.comagic.ru wss://server.comagic.ru wss://leadgen-prod-webchat.uiscom.ru core.smartcallback.ru crm.smartcallback.ru wss://smartcallback.ru:27500 www.googletagmanager.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com pixel.konnektu.ru *.datadrivenpromotion.com ad.adriver.ru leadgen-prod-api.uiscom.ru stats.g.doubleclick.net sjsmartcontent.org sync.bumlam.com sync.sniperlog.ru top-fwz1.mail.ru vk.com adservice.google.com iclicks.io adreturn.ru mc.yandex.md ad.doubleclick.net fpf.hybrid.ai mc.yandex.com www.google.com api-maps.yandex.ru wss://link.v2.flomni.com *.flomni.com; frame-src 'self' fsk.ru *.frabbit.ru www.youtube.com *.vimeo.com tour.virtualland.ru https://make.dvizh.io/ server.comagic.ru www.googletagmanager.com td.doubleclick.net *.fls.doubleclick.net content.adriver.ru static.bumlam.com adreturn.ru iclicks.io *.rtb.beeline.ru mc.yandex.ru widget.ipoteka.fast-system.ru visualhotels.com virtualland.ru biganto.com panopano.site vhsystem.ru kuula.co widget.planoplan.com sync.1dmp.io static.user-red.com synce.user-red.com sm.rtb.mts.ru *.top100.ru *.rambler.ru *.rutarget.ru; child-src 'self' fsk.ru *.frabbit.ru www.youtube.com *.vimeo.com server.comagic.ru www.googletagmanager.com td.doubleclick.net *.fls.doubleclick.net static.bumlam.com adreturn.ru iclicks.io *.rtb.beeline.ru mc.yandex.ru visualhotels.com virtualland.ru biganto.com panopano.site vhsystem.ru; script-src 'self' 'self' fsk.ru *.frabbit.ru 'unsafe-inline' 'unsafe-eval' eval 'report-sample' server.comagic.ru *.google-analytics.com abt.s3.yandex.net *.yandex.ru *.yandex.net *.yandex.com yastatic.net www.google.com www.googleoptimize.com *.otm-r.com tags.soloway.ru *.datadrivenpromotion.com *.hybrid.ai *.rtb.com.ru emd.hybrid.ai *.adriver.ru sync.bumlam.com cdn.jsdelivr.net fastly.jsdelivr.net app.comagic.ru smartcallback.ru core.smartcallback.ru www.googletagmanager.com widget.ipoteka.fast-system.ru sjsmartcontent.org altopd.com ajax.googleapis.com googleads.g.doubleclick.net static.terratraf.io top-fwz1.mail.ru matcher.upravel.com pixel-storage.konnektu.ru www.gstatic.com x01.aidata.io app.blinger.io www.googleadservices.com iclicks.io adreturn.ru www.google-analytics.com www.youtube.com www.google.com fp.hybrid.ai vk.com creatives.afp.ai sm.rtb.mts.ru *.top100.ru *.rambler.ru telegram.org/js/telegram-web-app.js *.rutarget.ru i.v2.flomni.com uc-flow-v2-prod-file-server-minio-api.uis.st; img-src 'self' fsk.ru *.frabbit.ru https: data: cdn.fsk.ru; style-src 'self' fsk.ru *.frabbit.ru 'unsafe-inline' 'report-sample' core.smartcallback.ru app.comagic.ru i.v2.flomni.com fonts.googleapis.com; media-src 'self' fsk.ru *.frabbit.ru *.fsk.ru fsk-uploads.hb.bizmrg.com fsk-uploads.hb.ru-msk.vkcs.cloud *.v2.flomni.com; frame-ancestors 'self' https://fsk.ru *.fsk.ru *.frabbit.ru https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://webvisor.com flagman.art3d.dev *.webvisor.com *.yandex.ru https://web.telegram.org; object-src 'none'; base-uri 'self' fsk.ru *.frabbit.ru i.v2.flomni.com 1
font-src https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.klarnacdn.net https://*.stape.io https://*.bing.com *.mfor.eu *.lasportiva.com *.typekit.net *.cloudfront.net *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com https://pal-test.adyen.com https://pal-live.adyen.com https://test.adyen.com https://live.adyen.com https://www.facebook.com https://*.stape.io https://*.bing.com *.mfor.eu *.lasportiva.com *.typekit.net *.cloudfront.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com https://www.youtube.com https://*.google.com https://vars.hotjar.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://pal-test.adyen.com https://pal-live.adyen.com https://player.vimeo.com https://sketchfab.com https://360.covisionlab.com https://workspace.showin3d.com https://open.spotify.com https://widget.spreaker.com https://www.facebook.com https://*.playground.klarnaservices.com https://*.klarnaservices.com https://*.criteo.net https://*.criteo.com https://*.stape.io https://*.bing.com *.mfor.eu https://www.paypalobjects.com/ https://*.doubleclick.net *.lasportiva.com *.typekit.net *.cloudfront.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://widget.zoorate.com https://*.feedaty.com https://assets.livestory.io https://*.doubleclick.net https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://maps.gstatic.com https://mediacdn.livestory.io https://www.facebook.com https://connect.facebook.net https://www.googletagmanager.com *.google.com *.google.it *.cdninstagram.com *.fna.fbcdn.net 'self' data: https://*.criteo.net https://*.criteo.com https://criteo-sync.teads.tv https://*.yahoo.com https://*.taboola.com https://*.outbrain.com https://*.pubmatic.com https://*.adnxs.com https://*.smaato.net https://*.smartadserver.com https://*.360yield.com https://*.media.net https://*.3lift.com https://id5-sync.com https://*.advertising.com https://*.rubiconproject.com https://*.tapad.com https://*.rambler.ru https://*.casalemedia.com https://*.stickyadstv.com https://*.mediawallahscript.com https://*.mgid.com https://*.bing.com https://*.addthis.com https://*.adform.net https://*.bidswitch.net https://*.rlcdn.com https://*.tpmn.co.kr https://*.kargo.com https://*.yandex.ru https://*.adtdp.com https://*.revcontent.com https://*.sharethrough.com https://*.liadm.com https://*.postrelease.com https://*.omnitagjs.com https://*.ivitrack.com https://*.dmxleo.com https://*.yieldmo.com https://*.openx.net https://*.crobox.io https://*.crobox.com https://*.mediavine.com https://*.tremorhub.com https://*.krxd.net https://*.yieldlab.net https://*.thebrighttag.com https://*.stape.io *.mfor.eu *.clarity.ms *.lasportiva.com *.typekit.net *.cloudfront.net *.openstreetmap.org https://maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cdn.doofinder.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://f.vimeocdn.com www.vimeo.com *.vimeocdn.com https://*.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://checkoutshopper-live.adyen.com https://*.feedaty.com mediastorage.livestory.io https://assets.livestory.io https://widget.zoorate.com https://maps.google.com https://maps.googleapis.com *.google.com https://www.gstatic.com https://www.googletagmanager.com https://static.hotjar.com https://connect.facebook.net https://*.doubleclick.net https://script.hotjar.com https://js-agent.newrelic.com *.nr-data.net https://payments-eu.amazon.com https://www.googleapis.com https://cdn.doofinder.com https://cdn.cookie-script.com https://*.playground.klarnaservices.com https://*.klarnaservices.com https://*.criteo.net https://*.criteo.com https://*.mag-news.it https://*.mailmta.com *.lasportiva.com https://*.crobox.io https://*.crobox.com https://*.clarity.ms https://*.stape.io https://*.bing.com *.mfor.eu *.typekit.net *.cloudfront.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.doofinder.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com *.cloudflare.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://widget.zoorate.com https://assets.livestory.io https://*.feedaty.com https://www.gstatic.com https://*.klarnacdn.net https://*.crobox.io https://*.crobox.com https://*.stape.io https://*.bing.com *.mfor.eu *.lasportiva.com *.typekit.net *.cloudfront.net https://static.klaviyo.com *.fontawesome.com *.doofinder.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com mediastorage.livestory.io mediacdn.livestory.io https://*.crobox.io https://*.crobox.com https://*.stape.io https://*.bing.com *.mfor.eu *.lasportiva.com *.typekit.net *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com mediastorage.livestory.io https://assets.livestory.io https://api.livestory.io https://*.feedaty.com *.nr-data.net https://vc.hotjar.io https://*.doubleclick.net https://*.google-analytics.com https://in.hotjar.com https://eu1-search.doofinder.com https://consent.cookie-script.com https://www.facebook.com https://*.playground.klarnaservices.com https://*.klarnaservices.com https://*.paypal.com https://*.criteo.net https://*.criteo.com https://*.mag-news.it https://*.mailmta.com *.lasportiva.com https://maps.googleapis.com https://*.analytics.google.com https://*.crobox.io https://*.crobox.com https://*.clarity.ms https://*.stape.io https://*.bing.com https://*.google.com *.mfor.eu *.typekit.net *.cloudfront.net *.openstreetmap.org https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.doofinder.com wss://*.doofinder.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
img-src * data: blob:; script-src 'self' 'unsafe-eval' https://api.mapbox.com https://api.tiles.mapbox.com https://cdn.firebase.com https://embed.typeform.com https://npmcdn.com https://www.gstatic.com widget.trustpilot.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem * 'unsafe-inline'; style-src *; style-src-attr 'unsafe-inline'; style-src-elem * 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ipay.ua https://*.hotjar.com https://google.com https://*.google.com https://*.jivosite.com https://*.facebook.net https://*.google-analytics.com https://*.googleapis.com https://stackpath.bootstrapcdn.com https://code.jquery.com https://cp.skibble.com.ua https://appleid.cdn-apple.com https://www.googleadservices.com https://cdnjs.cloubflare.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net wss://*.jivosite.com https://disqus.com https://c.disquscdn.com https://ipayblog.disqus.com https://www.gstatic.com https://www.googletagmanager.com https://cdn.gravitec.net http://www.googleadservices.com https://cdnjs.cloudflare.com https://client.crisp.chat; style-src 'self' 'unsafe-inline' https://*.ipay.ua https://*.jivosite.com  https://google.com https://*.google.com https://*.bootstrapcdn.com https://cp.skibble.com.ua https://c.disquscdn.com http://fonts.googleapis.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://client.crisp.chat; connect-src 'self' wss://*.ipay.ua wss://ws.hotjar.com https://*.hotjar.io https://*.jivosite.com https://*.facebook.com  https://google.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://api.skibble.com.ua https://cdnjs.cloubflare.com https://stats.g.doubleclick.net https://sentry.gravitec.net https://links.services.disqus.com wss://*.jivosite.com https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat; media-src 'self' https://*.jivosite.com; img-src 'self' 'unsafe-inline' data: https://*.jivosite.com https://*.facebook.com  https://google.com https://*.google.com https://*.google-analytics.com https://*.gstatic.com https://cp.skibble.com.ua https://metal-figure-243008.uc.r.appspot.com https://metal-figure-243008.appspot.com https://yapomoga.com https://certs.advantio.com https://*.office.udc.ua https://*.ipay.ua https://cdn.viglink.com https://c.disquscdn.com https://referrer.disqus.com https://www.google.com.ua https://stats.g.doubleclick.net https://client.crisp.chat https://image.crisp.chat; font-src 'self' 'unsafe-inline' data: https://maxcdn.bootstrapcdn.com https://tagmanager.google.com http://fonts.gstatic.com https://cdnjs.cloudflare.com https://netdna.bootstrapcdn.com https://fonts.gstatic.com https://client.crisp.chat; object-src 'self'; frame-ancestors 'self' https://www.radabank.com.ua; frame-src 'self' https://*.jivosite.com https://*.facebook.com https://google.com https://*.google.com https://bid.g.doubleclick.net https://kabanchik.ua https://yapomoga.com https://disqus.com https://www.youtube.com; 1
frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self'; 1
frame-ancestors 'self' https://virtual-tours.msccruises.com/ 1
default-src 'self' data:;frame-src 'self' service.mtcaptcha.com service2.mtcaptcha.com www.effo.gov.hk youtube.com www.youtube.com *.1823.gov.hk;script-src 'nonce-66a2f7e7c9be9' 'unsafe-inline';img-src 'self' www.googletagmanager.com api.hkmapservice.gov.hk *.1823.gov.hk data:;style-src 'self' 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com service.mtcaptcha.com service2.mtcaptcha.com *.1823.gov.hk;object-src 'none';connect-src 'self' geodata.gov.hk www.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com analytics.google.com;base-uri 'self';upgrade-insecure-requests; 1
default-src 'none'; connect-src 'self' https://adminforge.de https://piwik.adminforge.de; img-src 'self' data: https://community.adminforge.de https://piwik.adminforge.de; script-src 'self' 'unsafe-inline' https://piwik.adminforge.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:; base-uri 'none'; frame-ancestors 'self' https://my.adminforge.de; form-action 'self'; block-all-mixed-content 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pay.google.com/ https://*.google.com https://tagmanager.google.com https://*.google.com.ua *.googleapis.com *.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://static.zohocdn.com/zohosecurity/ blob: data: https://*.hotjar.com https://snap.licdn.com/li.lms-analytics/ https://js.zohocdn.com https://salesiq.zoho.com https://js.zohostatic.com https://browser.sentry-cdn.com https://customer.smartsender.eu/js/client/ https://cdnjs.cloudflare.com/ajax/libs/ https://analytics.twitter.com/ https://static.ads-twitter.com/ https://app.satismeter.com https://app.satismeter.com.doubleclick.net https://connect.facebook.net https://www.facebook.com https://*.bing.com https://*.plerdy.com https://*.fondy.eu; style-src data: blob: 'unsafe-inline' 'self' https://*.hotjar.com https://pay.google.com/ https://*.gogletagmanager.com/ https://css.zohocdn.com https://css.zohostatic.com https://files.zohopublic.com https://*.jquery.com https://*.fondy.eu; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://pay.google.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.eu https://www.google-analytics.com https://*.linkedin.com/ https://callback.ringostat.com/ https://analytics.ringostat.com/ https://analytics.ringostat.net/ https://callback.ringostat.net/ https://salesiq.zoho.com https://salesiq.zohopublic.com https://stats.g.doubleclick.net https://*.plerdy.com https://connect.facebook.net https://app.satismeter.com https://*.fondy.eu; frame-ancestors 'self' fondy.eu; font-src 'self' https://*.hotjar.com https://fonts.gstatic.com https://css.zohocdn.com/salesiq/styles/fonts/ https://css.zohocdn.com/webfonts/; 1
default-src 'self' 'unsafe-inline' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.yandex.ru yandex.ru yandex.net *.yandex.net yandex.com *.yandex.com yandex.md *.yandex.md yastatic.net *.yastatic.net vk.com *.vk.com jivo.ru *.jivo.ru jivo.com *.jivo.com jivosite.com *.jivosite.com clarity.ms *.clarity.ms dashamail.com *.dashamail.com calltouch.ru *.calltouch.ru app.cmd-online.ru balancer.voximplant.com ;style-src 'self' 'unsafe-inline' *.jivo.ru app.cmd-online.ru cdn.materialdesignicons.com cdn.jsdelivr.net ;connect-src 'self' 'unsafe-inline' wss: *.yandex.ru yandex.ru yandex.net *.yandex.net yandex.com *.yandex.com yandex.md *.yandex.md yastatic.net *.yastatic.net vk.com *.vk.com jivo.ru *.jivo.ru jivo.com *.jivo.com jivosite.com *.jivosite.com clarity.ms *.clarity.ms dashamail.com *.dashamail.com calltouch.ru *.calltouch.ru app.cmd-online.ru balancer.voximplant.com auth.db-nica.ru file.db-nica.ru db-nica.ru ;img-src * data: ;frame-ancestors 'self' ;frame-src 'self' *.youtube.com youtube.com *.yandex.ru yandex.ru yandex.net *.yandex.net yandex.com *.yandex.com yandex.md *.yandex.md yastatic.net *.yastatic.net app.cmd-online.ru;media-src * ;object-src 'none' ; base-uri 'self' ;form-action 'self' ;font-src * ; 1
default-src * 'unsafe-eval' 'unsafe-inline'; frame-ancestors listings.hibu.com *.yext.com hibu.optimizelocation.com hibu.my.salesforce.com dashboard.hibu.com www.facebook.com m.facebook.com; img-src * 'unsafe-eval' 'unsafe-inline' data:; script-src * 'unsafe-eval' 'unsafe-inline' 1
frame-ancestors 'self' https://aderantonline.force.com; 1
default-src 'self' 'unsafe-inline' *; img-src * 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' * 1
default-src cartus.com *.cartus.com; script-src 'unsafe-inline' 'unsafe-eval' cartus.com *.cartus.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.qumucloud.com *.trustarc.com *.googletagmanager.com *.typekit.net *.licdn.com googleads.g.doubleclick.net connect.facebook.net *.stackadapt.com *.pardot.com www.buzzsprout.com; style-src 'unsafe-inline' cartus.com *.cartus.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.qumucloud.com *.typekit.net *.licdn.com googleads.g.doubleclick.net connect.facebook.net *.stackadapt.com *.pardot.com www.buzzsprout.com; img-src data: blob: https: cartus.com *.cartus.com *.googleapis.com *.google-analytics.com *.googleadservices.com; frame-src data: blob: https: *.cartus.com *.qumucloud.com; font-src cartus.com *.gstatic.com *.cartus.com *.trustarc.com; connect-src cartus.com *.cartus.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.qumucloud.com *.gstatic.com *.typekit.net *.licdn.com googleads.g.doubleclick.net connect.facebook.net *.stackadapt.com *.pardot.com www.buzzsprout.com https: wss: 1
default-src https://*.big4.com.au; connect-src 'self' data: https: *.abtasty.com *.contentsquare.net; child-src 'self' https: blob:; font-src 'self' data: https:; frame-ancestors 'self' https://*.big4.com.au; frame-src  'self' https:; form-action 'self' https:; img-src 'self' data: https: blob: *.contentsquare.net; worker-src 'self' blob:; script-src 'self' 'nonce-aWcgL/j4XG7sAed4S+2SpVwJXExtw9cVuI3K5GfOZyg=' 'unsafe-eval' 'unsafe-inline' blob: 'sha256-/Tw1CUQaZj3yH2nxl9nyJFaYjrC1H/uoKb/GW4m9Cgg=' 'sha256-EGS9/79G+CXf0CN6ZS7Xb4A/InuKBTviYprKiSZx7fA=' 'sha256-cahM5LQiEzhDcHGZ7yG1S1TWdr0byoGzldv+3LkvdLM=' 'sha256-23dIBWuiV8/JZym0MK7/PmmYtK6PE7Fn20zO0X07SSY=' 'sha256-xfJWcN5UtRSbcf79ZAj033cOP//lohtNhtfXQez74hE=' 'sha256-ijmyaessuydjYbuosqDvQbpQOB+bjJoBtGaMdPgm8yA=' 'sha256-jWM8eqlKZuf+3gQmMRBYV6E95+gxgfS4XzVWwBLxKVs=' 'sha256-lmLfMaEfKezGVg8XluJHRv+5gggh45kbO5jPi66ibXE=' t.contentsquare.net app.contentsquare.com *.abtasty.com *.omappapi.com *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.doubleclick.net *.google.com analytics.tiktok.com atlas.microsoft.com bat.bing.com connect.facebook.net fxctag.com graph.facebook.com googleads.g.doubleclick.net google-analytics.com googletagmanager.com js.facebook.com js.adsrvr.org kit.fontawesome.com hat.thepointyspritesclub.com core.thepointyspritesclub.com r.bing.com static.zipmoney.com.au static.zip.co securepubads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com use.fontawesome.com unpkg.com www.gstatic.com www.google-analytics.com www.google.com www.googletagmanager.com js.monitor.azure.com trx-cdn.zip.co www.clarity.ms js.stripe.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https:; report-uri /api/csp/ReportCSP 1
base-uri https://*.attn.tv 'self'; default-src 'self' ws://* 'self' 'nonce-58592e884b85b723caeebac0b9fed3eb' https://cdn.shopify.com https://shopify.com; frame-ancestors 'none'; style-src 'self' 'unsafe-inline' https://*.attn.tv https://*.evolv.ai https://*.shopify.com https://*.typekit.net https://fonts.googleapis.com 'self' 'unsafe-inline' https://cdn.shopify.com; connect-src 'self' https://*.adnxs.com https://*.afterpay.com https://*.algolia.io https://*.algolia.net https://*.algolianet.com https://*.attn.tv https://*.cloudfront.net https://*.doubleclick.net https://*.fbot.me https://*.evolv.ai https://*.gladly.com https://*.gladly.qa https://*.gladly.chat https://*.googleapis.com https://*.gstatic.com https://*.klaviyo.com https://*.liadm.com https://*.lr-in-prod.com https://*.ltmsphrcl.net https://*.nr-data.net https://*.shopifysvc.com https://*.telemetry.vaultdcr.com https://*.yofi.ai https://analytics.tiktok.com https://api.fullcontact.com https://bat.bing.com https://bcp.crwdcntrl.net https://boards-api.greenhouse.io https://cdn.cookielaw.org https://conversions-config.reddit.com https://cookie-cdn.cookiepro.com https://ct.pinterest.com https://events.attentivemobile.com https://geolocation.onetrust.com https://lux.speedcurve.com https://hits.getelevar.com https://mgln.ai https://measurement-api.criteo.com https://r.ingest-lr.com https://s.yimg.com https://simonsignal.com https://tecovas.sjv.io https://us-central1-adaptive-growth.cloudfunctions.net https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.redditstatic.com ws://localhost:8002 ws://*.gladly.chat wss://*.gladly.chat https://*.apicdn.sanity.io https://*.juniphq.com https://*.taboola.com https://*.reddit.com https://*.spotify.com 'self' https://monorail-edge.shopifysvc.com; img-src 'self' data: http://localhost:* https://*.adnxs.com https://*.bing.com https://*.cloudfront.net https://*.criteo.com https://*.dashhudson.com https://*.evolv.ai https://*.googleapis.com https://*.gstatic.com https://*.liadm.com https://*.mgln.ai https://*.pubmatic.com https://*.sanity.io https://*.shopify.com https://aa.agkn.com https://ad.360yield.com https://ad.tpmn.co.kr https://ad.tpmn.io https://ade.clmbtech.com https://ads.stickyadstv.com https://alb.reddit.com https://api.intentiq.com https://b1sync.zemanta.com https://bh.contextweb.com https://c1.adform.net https://cdn.aralego.net https://cdn.cookielaw.org https://cm.g.doubleclick.net https://contextual.media.net https://criteo-partners.tremorhub.com https://criteo-sync.teads.tv https://ct.pinterest.com https://d.turn.com https://dpm.demdex.net https://data.adxcel-ec2.com https://e.dlx.addthis.com https://eb2.3lift.com https://e1.emxdgt.com https://ei.rlcdn.com https://exchange.mediavine.com https://googleads.g.doubleclick.net https://hb.yahoo.net https://he.lijit.com https://image8.pubmatic.com https://jadserve.postrelease.com https://live.rezync.com https://loadus.exelator.com https://login.dotomi.com https://logs-01.loggly.com https://lux.speedcurve.com https://match.adsrvr.org https://match.prod.bidr.io https://match.sharethrough.com https://mgln.ai https://mid.rkdms.com https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com https://p.adsymptotic.com https://p.alcmpn.com https://partner.mediawallahscript.com https://pippio.com https://pixel.rubiconproject.com https://pixel.tapad.com https://pixel-sync.sitescout.com https://pr-bh.ybp.yahoo.com https://public-prod-dspcookiematching.dmxleo.com https://r.casalemedia.com https://rtb-csync.smartadserver.com https://s.ad.smaato.net https://s.thebrighttag.com https://scripts.juniphq.com https://segment.prod.bidr.io https://simage2.pubmatic.com https://site-assets.afterpay.com https://sp.analytics.yahoo.com https://stags.bluekai.com https://sync.aralego.com https://sync.crwdcntrl.net https://sync.graph.bluecava.com https://sync.mathtag.com https://sync.sharethis.com https://sync.srv.stackadapt.com https://sync-criteo.ads.yieldmo.com https://tags.bluekai.com https://tapestry.tapad.com https://thrtle.com https://token.rubiconproject.com https://tr.snapchat.com https://trkn.us https://trends.revcontent.com https://um.simpli.fi https://visitor.omnitagjs.com https://ws.rqtrk.eu https://www.facebook.com https://www.google-analytics.com https://www.google.com https://x.bidswitch.net https://x.dlx.addthis.com https://*.yofi.ai https://*.heapanalytics.com https://heapanalytics.com; media-src 'self' https://*.shopify.com https://cdn.dashhudson.com; font-src 'self' data: https://*.typekit.net https://fonts.gstatic.com https://static.klaviyo.com; worker-src 'self' blob: http://localhost:3000; script-src-elem 'self' 'unsafe-inline' http://*.criteo.net http://*.klaviyo.com http://acdn.adnxs.com http://b-code.liadm.com http://bat.bing.com http://localhost:* http://static.simonsignal.com https://*.adroll.com https://*.attn.tv https://*.cloudfront.net https://*.criteo.com https://*.doubleclick.net https://*.evolv.ai https://*.fbot.me https://*.googleadservices.com https://*.googleapis.com https://*.klaviyo.com https://*.lr-in-prod.com https://*.newrelic.com https://*.shopify.com https://*.shopmy.us https://analytics.tiktok.com https://cdn.attn.tv https://cdn.cookielaw.org https://cdn.gladly.com https://cdn.gladly.qa https://cdn.ingest-lr.com https://cdn.mgln.ai https://cdn.pdst.fm https://cdn.speedcurve.com https://cdnjs.cloudflare.com https://connect.facebook.net https://cookie-cdn.cookiepro.com https://ct.pinterest.com https://js.adsrvr.org https://js.afterpay.com https://js.cnnx.link https://s.pinimg.com https://s.yimg.com https://scripts.juniphq.com https://shopify-gtm-suite.getelevar.com https://static.fbot.me https://tags.crwdcntrl.net https://tags.fullcontact.com https://unpkg.com https://utt.impactcdn.com https://www.google-analytics.com https://www.googletagmanager.com https://www.redditstatic.com https://cdn.jsdelivr.net/npm/add-to-calendar-button@2 https://*.yofi.ai https://*.apicdn.sanity.io https://*.heapanalytics.com https://*.taboola.com https://*.reddit.com https://*.fullcontact.com; frame-src http://*.criteo.net http://localhost:* https://*.criteo.com https://*.fbot.me/ https://app.viralsweep.com https://creatives.attn.tv https://ct.pinterest.com https://insight.adsrvr.org https://*.spotify.com https://player.vimeo.com https://td.doubleclick.net https://tecovas.attn.tv 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' * data:; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; connect-src 'self' *; frame-src 'self' *; frame-ancestors 'self' *; font-src 'self' data: *; worker-src 'self' blob: data:; 1
child-src  www.paypalobjects.com   https://www.lehmans.com/LtkWebPush/ServiceWorker.js; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles lehmans.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com  *.searchspring.io *.sezzle.com *.comm100.io s.yimg.com *.yotpo.com *.quora.com *.yottaa.net *.google.com www.googletagmanager.com  ascendpartner.com *.ascendpartner.com *.udev1a.net content.hotjar.io *.hotjar.com cdn.cookielaw.org geolocation.onetrust.com udev1a.net *.parcellab.com *.pinterest.com ssl.kaptcha.com *.yottaa.com; default-src 'self' s3.amazonaws.com/cdn.lehmans.com/ cdn.commercev3.net/cdn.lehmans.com/ cdn.lehmans.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com *.pinterest.com; font-src 'self' lehmans.commercev3.com s3.amazonaws.com/cdn.lehmans.com/ cdn.commercev3.net/cdn.lehmans.com/ cdn.lehmans.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data: *.yotpo.com *.comm100.com www.paypalobjects.com mediacdn.espssl.com; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com link.lehmans.com https://link.lehmans.com/q/RsJKyjQ9D7Mz6kSz-xnjYta9dzKSKAnwPi; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com www.youtube.com *.listrak.com www.googletagmanager.com *.time.ly vars.hotjar.com *.criteo.com *.criteo.net lehmans.forms-db.com   https://res.cloudinary.com *.pinterest.com  fs27.formsite.com *.vimeo.com tst.kaptcha.com ssl.kaptcha.com *.sezzle.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn.lehmans.com/ cdn.commercev3.net/cdn.lehmans.com/ cdn.lehmans.com ssl.google-analytics.com *.google.com *.pinterest.com *.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com *.quora.com *.lehmans.com *.yotpo.com sp.analytics.yahoo.com *.sezzle.com *.yottaa.net *.searchspring.io mediacdn.espssl.com pippio.com *.comm100.io  i.ytimg.com *.comm100.io cdn.commercev3.net/cdn.lehmans.com *.bing.com *.gstatic.com *.yahoo.com d3cgm8py10hi0z.cloudfront.net *.wp.com *.lehmans.com ascendpartner.com *.ascendpartner.com  *.udev1a.net cdn.cookielaw.org udev1a.net cdn.lehmans.com s3.amazonaws.com/cdn.lehmans.com/ *.parcellab.com cdn.cookielaw.org  contextual.media.net  res.cloudinary.com/ *.listrak.com www.google.co.in asset.cloudinary.com *.gleam.io *.yottaa.com; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.lehmans.com/ cdn.commercev3.net/cdn.lehmans.com/ cdn.lehmans.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com *.searchspring.net *.listrak.com *.yotpo.com www.intellisuggest.com api.ipstack.com widget.sezzle.com vue.comm100.com a.quora.com s.yimg.com sealserver.trustkeeper.net container.pepperjam.com code.murdoog.com a40.usablenet.com  www.intellisuggest.com *.yottaa.net www.youtube.com lehmans.usablenet.com *.comm100.com www.google-analytics.com *.facebook.net *.time.ly *.facebook.net *.googleapis.com www.intellisuggest.com *.hotjar.com cdnjs.cloudflare.com *.udev1a.net ascendpartner.com *.ascendpartner.com  ga-lehmans-a40.udev1a.net *.criteo.com *.criteo.net cdn.cookielaw.org assets.forms-db.com *.parcellab.com cdn.cookielaw.org *.pinterest.com  fs27.formsite.com *.amazonaws.com  *.gleamjs.io *.gleam.io *.yottaa.com; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.lehmans.com/ cdn.commercev3.net/cdn.lehmans.com/ cdn.lehmans.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com *.searchspring.net *.listrak.com *.yotpo.com www.intellisuggest.com api.ipstack.com widget.sezzle.com vue.comm100.com a.quora.com s.yimg.com sealserver.trustkeeper.net container.pepperjam.com code.murdoog.com a40.usablenet.com  www.intellisuggest.com *.yottaa.net www.youtube.com lehmans.usablenet.com *.comm100.com www.google-analytics.com *.facebook.net *.time.ly *.facebook.net *.googleapis.com www.intellisuggest.com *.hotjar.com cdnjs.cloudflare.com *.udev1a.net ascendpartner.com *.ascendpartner.com  ga-lehmans-a40.udev1a.net *.criteo.com *.criteo.net cdn.cookielaw.org assets.forms-db.com *.parcellab.com cdn.cookielaw.org *.pinterest.com  fs27.formsite.com *.amazonaws.com  *.gleamjs.io *.gleam.io *.yottaa.com; style-src 'self' s3.amazonaws.com/cdn.lehmans.com/ cdn.commercev3.net/cdn.lehmans.com/ cdn.lehmans.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn.searchspring.net *.yotpo.com *.sezzle.com *.yottaa.net lehmans.usablenet.com www.paypalobjects.com mediacdn.espssl.com  *.udev1a.net  ascendpartner.com *.ascendpartner.com  fonts.cdnfonts.com/css/satoshi *.parcellab.com *.pinterest.com *.listrak.com fonts.googleapis.com *.typekit.net *.yottaa.com; style-src-elem 'self' s3.amazonaws.com/cdn.lehmans.com/ cdn.commercev3.net/cdn.lehmans.com/ cdn.lehmans.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn.searchspring.net *.yotpo.com *.sezzle.com *.yottaa.net lehmans.usablenet.com www.paypalobjects.com mediacdn.espssl.com  *.udev1a.net  ascendpartner.com *.ascendpartner.com  fonts.cdnfonts.com/css/satoshi *.parcellab.com *.pinterest.com *.listrak.com fonts.googleapis.com *.typekit.net *.yottaa.com; style-src-attr  'unsafe-inline'; media-src 'self' lehmans.commercev3.com s3.amazonaws.com/cdn.lehmans.com/ cdn.commercev3.net/cdn.lehmans.com/ cdn.lehmans.com www.bing.com; 1
frame-ancestors self https://www.fcso.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' rosmorport.ru *.rosmorport.ru rosmorport.com *.rosmorport.com fonts.gstatic.com cdn.jsdelivr.net yandex.ru ymetrica1.com yandexmetrica.com google.com *.google.com google.ru *.google.ru  *.kaspersky-labs.com kaspersky-labs.com *.yandex.ru yandex.net *.yandex.net yandex.com *.yandex.com yandex.md *.yandex.md yastatic.net *.yastatic.net google.com fonts.googleapis.com *.fonts.googleapis.com vk.com *.vk.com  youtube.com *.youtube.com *.youtube-nocookie.com youtube-nocookie.com bitrix.info rutube.ru *.rutube.ru 1tv.ru *.1tv.ru smotrim.ru *.smotrim.ru vgtrk.com *.vgtrk.com; img-src 'self' https: data:; form-action 'self'; object-src 'none'; report-uri https://www.rosmorport.ru/csp.php 1
default-src 'self' *.ayvens.com *.leaseplan.com *.leaseplandigital.com *.leaseplan.io; script-src 'unsafe-inline' https: 'nonce-uQagS7dHgKLr+OW5tgGdPA==' 'strict-dynamic'; connect-src 'self' *.ayvens.com cdn.cookielaw.org geolocation.onetrust.com browser-intake-datadoghq.eu *.browser-intake-datadoghq.eu *.leaseplan.com t-log.sgmarkets.com cdn.imagin.studio px.ads.linkedin.com *.google-analytics.com bat.bing.com *.clarity.ms *.hotjar.com *.hotjar.io consent-api.onetrust.com *.doubleclick.net privacyportal-de.onetrust.com www.facebook.com; worker-src 'self'; style-src 'self' 'unsafe-inline' *.leaseplancdn.com cdn.cookielaw.org; img-src 'self' data: *.ayvens.com *.leaseplan.com *.leaseplandigital.com www.leaseplanbrand.com cdn.cookielaw.org cdn.imagin.studio idt9rpjm7d.execute-api.eu-west-1.amazonaws.com www.googletagmanager.com *.ads.linkedin.com www.facebook.com www.googleadservices.com adservice.google.com www.google.com/pagead/ *.doubleclick.net bat.bing.com *.clarity.ms *.bing.com; media-src 'self' *.ayvens.com www.ayvensbrand.com *.leaseplan.com *.leaseplandigital.com www.leaseplanbrand.com; font-src 'self' *.leaseplancdn.com script.hotjar.com; frame-src 'self' *.ayvens.com *.leaseplan.com www.ayvensbrand.com player.vimeo.com www.youtube.com www.youtube-nocookie.com map.openchargemap.io; object-src 'none'; base-uri 'none'; 1
*.repassa.com.br 1
default-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://m.v12finance.com https://*.sope360.com 1
default-src 'self' blob: https://dyinglightgame.com https://*.dyinglightgame.com https://techland.pl https://*.techland.pl https://techland.net https://*.techland.net https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com; script-src 'self' https://techland.net https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://static.ads-twitter.com https://analytics.twitter.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://s.ytimg.com/yts/jsbin/ https://www.redditstatic.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://platform.twitter.com/widgets.js https://platform.twitter.com/widgets/ https://platform.twitter.com/js/ 'nonce-80a7sgbdfg' 'nonce-a098bfgaf' 'nonce-9a8sdbgfvb' 'nonce-981bdfhda' 'sha256-5EJ/AVN7tkeRkeM1cpSLQfWrFAcc4l5hcn6hn3tgc60='; style-src 'self' 'unsafe-inline' https://techland.net https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net/p.css; font-src 'self' 'unsafe-inline' https://techland.net https://fonts.gstatic.com https://use.typekit.net; img-src 'self' data: http://*.limbo.techland.pl/ https://*.techland.pl https://techland.net https://*.techland.net https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com https://dyinglightgame.com https://*.dyinglightgame.com https://*.facebook.com https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com/ads/ https://www.google.com/ads/ga-audiences/ https://www.google.pl/ads/ga-audiences/ https://www.google.com/pagead/1p-user-list/918877113/ https://www.google.pl/pagead/1p-user-list/918877113/ https://region1.google-analytics.com https://region1.analytics.google.com https://t.co/i/adsct https://i.ytimg.com https://alb.reddit.com/; frame-src 'self' http://*.limbo.techland.pl/ https://*.limbo.techland.pl/ https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com https://*.facebook.com https://*.hotjar.com https://www.youtube.com/embed/ https://player.twitch.tv/ https://accounts.google.com https://consentcdn.cookiebot.com/ https://consentcdn.cookiebot.com/sdk https://platform.twitter.com/ https://platform.twitter.com/widgets/; frame-ancestors 'self'; connect-src 'self' https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com wss://testy.limbo.techland.pl:9509 https://consentcdn.cookiebot.com/consentconfig/ https://region1.google-analytics.com https://region1.analytics.google.com; style-src-elem 'self' 'unsafe-inline' https://techland.net https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net/p.css; script-src-elem 'self' https://techland.net https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://static.ads-twitter.com https://analytics.twitter.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://s.ytimg.com/yts/jsbin/ https://www.redditstatic.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://platform.twitter.com/widgets.js https://platform.twitter.com/widgets/ https://platform.twitter.com/js/ 'nonce-80a7sgbdfg' 'nonce-a098bfgaf' 'nonce-9a8sdbgfvb' 'nonce-981bdfhda' 'sha256-5EJ/AVN7tkeRkeM1cpSLQfWrFAcc4l5hcn6hn3tgc60=' 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' app.usercentrics.eu privacy-proxy.usercentrics.eu assets.adobedtm.com edge.adobedc.net ecotelcommunication.chat.digital.ringcentral.com avcheck.ecotel.de bat.bing.com www.clarity.ms; style-src 'self' 'unsafe-inline' avcheck.ecotel.de; img-src 'self' data: app.usercentrics.eu uct.service.usercentrics.eu bat.bing.com; font-src 'self' data: avcheck.ecotel.de; connect-src 'self' aggregator.service.usercentrics.eu privacy-proxy.usercentrics.eu api.usercentrics.eu consent-api.service.consent.usercentrics.eu charts3.equitystory.com edge.adobedc.net api.friendlycaptcha.com avcheck.ecotel.de a.clarity.ms; media-src 'self'; object-src 'self'; child-src 'self'; frame-src 'self' www.youtube.com www.youtube-nocookie.com ecotelcommunication.chat.digital.ringcentral.com; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' order.ecotel.de; base-uri 'none'; manifest-src 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-ilLfSQ4d_wQHUDLhGwEwOA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp 1
default-src data: *; script-src data: 'unsafe-inline' 'unsafe-eval' *; style-src data: 'unsafe-inline' * 1
default-src 'self' *.cityba.se *.thecitybase.com; base-uri 'none'; connect-src 'self' *.graphcms.com *.algolia.net *.google-analytics.com screendoor.dobt.co hcaptcha.com *.hcaptcha.com *.demandjump.com *.google.com *.googleapis.com *.algolianet.com *.trongrid.io tracking.monsido.com; font-src 'self' data: *.gstatic.com; frame-ancestors 'self'; frame-src 'self' insight.adsrvr.org hcaptcha.com *.hcaptcha.com *.youtube.com *.doubleclick.net *.securly.com *.k12.in.us maps.indy.gov app.powerbigov.us match.adsrvr.org www.facebook.com indianapolis.granicus.com *.googletagmanager.com *.google.com google.com tracking.monsido.com; img-src 'self' * data:; media-src 'self' * data:; object-src 'none'; script-src 'nonce-BqTkyMCIbGE_1jNtNVJQTdiaYj8nfUOU3P4eMHV7Jxs' 'strict-dynamic'; style-src 'self' 'unsafe-inline' *.googleapis.com *.cloudfront.net unpkg.com *.gstatic.com hcaptcha.com *.hcaptcha.com; report-uri https://callback-service.prod.cityba.se/csp; 1
frame-ancestors none; object-src https://cloud.faithlife.net https://cloud.mail.logos.com; base-uri https://optimize.google.com; block-all-mixed-content 1
connect-src *.yandex.ru mc.yandex.com mc.webvisor.com mc.webvisor.org 'self' mc.yandex.ru mc.yandex.md chatcenter.ftc.ru chatcenter-test.ftc.ru *.kvartplata.ru www.google.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' chatcenter.ftc.ru chatcenter-test.ftc.ru www.google.com www.google-analytics.com www.googletagmanager.com mc.yandex.ru www.gstatic.com *.yandex.ru mc.webvisor.com mc.webvisor.org mc.yandex.com yastatic.net; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' chatcenter.ftc.ru chatcenter-test.ftc.ru www.google.com www.google-analytics.com www.googletagmanager.com mc.yandex.ru www.gstatic.com *.yandex.ru mc.webvisor.com mc.webvisor.org mc.yandex.com yastatic.net; style-src 'self' 'unsafe-inline'; font-src 'self' chatcenter.ftc.ru chatcenter-test.ftc.ru data:; img-src 'self' data: chatcenter.ftc.ru chatcenter-test.ftc.ru www.google.com www.google.ru www.google-analytics.com www.googletagmanager.com mc.yandex.ru; object-src 'none'; report-uri https://www.kvartplata.ru/api/v1/cspReports; 1
default-src 'self' *.cloudflarestream.com *.videodelivery.net;  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://use.typekit.net/ https://p.typekit.net/;  font-src 'self' https://fonts.gstatic.com/ https://use.typekit.net/ data:;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.hytale.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ http://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://s.ytimg.com/ https://www.googletagmanager.com/gtag/ https://www.google-analytics.com/ https://embed.videodelivery.net/embed/;  media-src 'self' https://videodelivery.net/ blob:;  connect-src 'self' https://analytics.hytale.com/ https://videodelivery.net/ https://stats.videodelivery.net/ https://sentry.hytale.com/ https://boards-api.greenhouse.io/;  worker-src 'self' blob:;  frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/ *.cloudflarestream.com *.videodelivery.net;  img-src 'self' https://cdn.hytale.com/ https://analytics.hytale.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://videodelivery.net/ https://stats.videodelivery.net/ https://cloudflarestream.com/ https://i3.ytimg.com/ data:;  block-all-mixed-content; 1
default-src 'self' 'unsafe-inline';  style-src 'self' 'unsafe-inline' https://*.recaptcha.net https://*.twitter.com *.bing.com https://*.fonts.net https://*.bazaarvoice.com https://*.sprinklr.com; script-src 'self' 'unsafe-inline'  'unsafe-eval' https://storage.cloud.kargo.com https://*.recaptcha.net  https://*.twimg.com https://*.bing.com https://*.gstatic.com https://*.google.com https://*.everesttech.net https://*.dotomi.com https://*.iovation.com  https://*.bridgestonetire.com https://*.iesnare.com https://*.akamaihd.net https://*.bazaarvoice.com https://*.jquery.com  https://*.twitter.com https://*.ads-twitter.com https://*.virtualearth.net https://assets.adobedtm.com https://*.bing.com https://*.googletagmanager.com https://pixel.everesttech.net https://*.pinimg.com https://*.googleadservices.com https://*.google-analytics.com https://*.iperceptions.com https://*.everestjs.net https://www.youtube.com https://*.firestonecompleteautocare.com https://*.tiresplus.com https://*.wheelworks.net https://*.hibdontire.com https://*.hotjar.com https://*.facebook.net https://*.ytimg.com https://*.netmng.com https://*.doubleclick.net https://*.sprinklr.com; connect-src *; frame-src 'self' https://*.recaptcha.net https://*.twitter.com https://*.google.com https://*.pinterest.com https://www.youtube.com https://*.doubleclick.net https://*.iperceptions.com https://*.facebook.com https://*.hotjar.com https://*.demdex.net https://*.bazaarvoice.com https://*.sprinklr.com; img-src * data: blob:;  media-src 'self' https://*.iesnare.com https://*.sprinklr.com; font-src 'self' https://*.bazaarvoice.com https://*.fonts.net https://*.sprinklr.com data: 1
worker-src blob:; object-src *;script-src * 'unsafe-inline' 'unsafe-eval' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://ct.pinterest.com https://hal9000.redintelligence.net https://*.recaptcha.net https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.pinterest.com blob: https://*.abtasty.com https://app.qubit.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://d2d7do8qaecbru.cloudfront.net; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://ct.pinterest.com https://*.google.it https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.abtasty.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.myprotein.it https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.it https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com https://fonts.smct.co https://fonts.smct.io; form-action 'self' https://www.facebook.com https://www.myprotein.it https://m.myprotein.it https://checkout.myprotein.it https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com blob: https://*.abtasty.com https://static.goqubit.com https://*.qubit.com https://sgtm.myprotein.it https://smct.co https://*.smct.co https://smct.io https://*.smct.io; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn https://*.abtasty.com https://*.gstatic.com https://fonts.smct.co https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval'  https://secure.advisorsaccessbypaychex.com/ https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://www.ftwilliam.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.polyfill.io/ https://embedwistia-a.akamaihd.net/ https://*.litix.io/ https://www.google-analytics.com/ https://fonts.gstatic.com https://www.googletagmanager.com https://fonts.googleapis.com https://col.eum-appdynamics.com https://cdn.appdynamics.com https://www.google-analytics.com https://code.jquery.com https://*.wistia.com https://*.wistia.net https://stats.g.doubleclick.net; img-src 'self' blob: data: https://*.wistia.com/ https://secure.advisorsaccessbypaychex.com/ https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com  https://*.wistia.net https://embedwistia-a.akamaihd.net https://eplan-images-helpcenter.s3.us-east-2.amazonaws.com/ https://www.google-analytics.com/ 1
base-uri 'self';  connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://ca-sgtmwebsite-windesheimnl-prod-001.azurewebsites.net https://sgtm.windesheim.nl https://sgtm.windesheim.com https://sgtm.werkenbijwindesheim.nl https://sgtm.mediacentrumwindesheim.nl https://cdn.linkedin.oribi.io/ https://windesheim.piwik.pro https://region1.google-analytics.com https://region1.analytics.google.com https://dev.visualwebsiteoptimizer.com https://www.google.nl https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com;  default-src 'self';   font-src 'self' https://fonts.gstatic.com https://script.hotjar.com;  frame-src 'self' https://6963312.fls.doubleclick.net https://www.google.com https://tr.snapchat.com https://www.youtube.com;  img-src 'self' https://static.hotjar.com https://6005633.global.siteimproveanalytics.io https://script.hotjar.com https://*.ads.linkedin.com https://*.fls.doubleclick.net data: https://ssl.gstatic.com/ https://i.ytimg.com https://connect.facebook.net https://www.facebook.com www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.google.nl https://www.google-analytics.com https://img.youtube.com https://www.windesheim.nl https://www.toegankelijkheidsverklaring.nl  https://dev.visualwebsiteoptimizer.com https://px.ads.linkedin.com https://windesheim.piwik.pro/ https://www.linkedin.com/px https://region1.analytics.google.com;  manifest-src 'self';  media-src 'self';  object-src 'none';  worker-src 'none';  script-src 'unsafe-eval' 'report-sample' 'self'  'sha256-SaTeMZGJLL8eEcyiSK1jpQNE0ZXRfqMTeA5M0NyhBJs='  'sha256-Zr64z4XmOOxzqmqscOSlwjdDvvo0eOJHaqwtQmqyw3Q='  'sha256-XpuEs/vn1RCF60rpqmFib6xDEg7BFPrTNJhn/u3259w='  'sha256-etsosRIfTi8P2KGPu99SK82gl0NEkJz74J9afExHQTY='  'sha256-EocJZWyqnmNNQQqmaNI9ZwiLLtor6TYavhNl/X3U2nI='  'sha256-1trlTQIDWaN99/I9AL7FnMeGUUIqMWEhQCrPqAriX0Q='  'sha256-RRo07OvcOKfA0Q3RnHrPcj9Yg1/myhTLc8FChH8idFA='  'sha256-2ggKq0Dls8tOHMXCrr+Fojru0gYpIU8iIkZIXDghQeU='  'sha256-Ox13a/HSVtlAlCErZpYGpuaIXT58T5VBq25pK1TlrwM='  'sha256-HU3zrDUMM3a2aGo816nhjIVQtsoD/LQBaKGWpJOLBWs='  'sha256-WwKGSl3/9cCHJK7szFaTGi6ZrONSA3XQHoaSQgznUmI='  'sha256-TFJA5kwdTQUfAstX5aMf6bemacHCGknPoSGTVZPkJ5w='  'sha256-nTUzZnk1dL20m8C4MUFZTXkIcD7UoB0jX5x8QAvKz5w='  'sha256-5gM7yOWKTQdw5gFQ8hw8z/kmzIXPMpda+okGAW6j8O8='  'sha256-SvLgADqEePEV9RNxBrRQXSBJafFHcVNG7cPzHz6h9eA='  'sha256-NUrCkABCD47sBF0+OC6Dml6jiTLpoSjELJeiKFL02/o='  'sha256-roM7iYPrI06Hql3oUJCw00Lt9ggzswTZGTCOgwE1JXc='  'sha256-IzWYhZ+CxG1MZbJubd6o2ouOrP7xgURPDihcOA8WRYU='  'sha256-uVXjH+eKWGiz7OjzjOtOm9cbVNR1RmzNHJ6S0Z+4fuk='  'sha256-3ZXMPnkKK/VVCHFc7dkVZ0FoZszMHYOoEiQtkTozf7k='  'sha256-EvF6mJxVt/FuPvolPFGrtR3eVvkpNlPLSuT3VodVGwI='  'sha256-xh2xInZdgjOVNqgQcLk1YvHPwog8K9QkDeGsb1obk2k='  'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c='  'sha256-NZEEDCwn6a6mk/e6Q3QHYZINTpS/93iZYnLXh4iZ2Dw='  'sha256-P2SWGCKMvXQfK6jq0ngY52y09zbfez/SF8+1Po6IbfY='  'sha256-e+dISbf2ioRmcZVylVbqUkCd3hLH4eSxkDNphHzUx5o='  'sha256-kozy8ql5HYzGVaVsfvJ6DOFd10m28EwCUoMQ9Y50jVI='  'sha256-F6St3BzaU28oFtygxItpV50oYY3M8qYje4RyBgKWrog='  'sha256-t7Gviq2elqGqzAW3eY/e70qboQ6CYXwtxp8gMj5yYCI='  'sha256-AuNKPU/6No+Js5nye818pdtxbwrkqMYPHffUkjTO2VQ='  'sha256-UJRwpQ/LbdnoA03RwGzMl4T8PJMZy3cIlo/qKwTmx1c='    https://siteimproveanalytics.com/js/siteanalyze_6005633.js https://static.hotjar.com https://script.hotjar.com  https://windesheim.piwik.pro https://i.ytimg.com https://s.ytimg.com https://ads.creative-serving.com/pixel https://analytics-eu.clickdimensions.com/ts.js https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/AW-990090314/ https://sc-static.net/scevent.min.js https://static2.creative-serving.com/pixel.js https://track.adform.net/serving/scripts/trackpoint/async/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion_async.js https://www.google.com/pagead/conversion_async.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://tagmanager.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/debug/bootstrap https://static2.creative-serving.com https://analytics-eu.clickdimensions.com https://connect.facebook.net https://s2.adform.net https://track.adform.net https://windesheim.piwik.pro/ppms.js https://www.google.com/recaptcha/api.js https://www.gstatic.com https://dev.visualwebsiteoptimizer.com/;  style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com/ https://static.hotjar.com https://script.hotjar.com https://siteimproveanalytics.com/js/siteanalyze_6005633.js; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' yandex.ru *.yandex.ru *.yandex.net *.yandex.com *.yandex.md yastatic.net *.yastatic.net cdnjs.cloudflare.com *.googlesyndication.com code.jquery.com cdn.ckeditor.com https://adservice.google.ru https://adservice.google.com https://*.googleadservices.com https://www.googletagservices.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://code.highcharts.com https://wg4.price.ru *.wi-fi.ru *.terratraf.com; font-src 'self' data: yandex.ru *.yandex.ru *.yandex.net *.yandex.com *.yandex.md yastatic.net *.yastatic.net cdnjs.cloudflare.com https://fonts.gstatic.com https://wg4.price.ru; style-src 'self' 'unsafe-inline' yandex.ru *.yandex.ru *.yandex.net *.yandex.com *.yandex.md yastatic.net *.yastatic.net cdnjs.cloudflare.com https://cdn.datatables.net cdn.ckeditor.com; img-src 'self' data: yandex.ru *.yandex.ru *.yandex.net *.yandex.com *.yandex.md yastatic.net *.yastatic.net https://*.googlesyndication.com https://mzimg.com https://www.google-analytics.com https://stats.g.doubleclick.net cdn.ckeditor.com www.gstatic.com https://ad.doubleclick.net https://tns-counter.ru https://mc.admetrica.ru https://www.googletagmanager.com https://ad.adriver.ru http://static.price.ru https://wg4.price.ru *.wi-fi.ru *.ytimg.com *.ggpht.com https://wcm.weborama-tech.ru https://pixel.adlooxtracking.ru; connect-src 'self' yandex.ru *.yandex.ru *.yandex.net *.yandex.com *.yandex.md yastatic.net *.yastatic.net https://*.googlesyndication.com https://*.google-analytics.com https://stats.g.doubleclick.net https://csi.gstatic.com https://price.ru https://wg4.price.ru *.wi-fi.ru static.terratraf.com https://pretarg.adhigh.net *.terratraf.com; object-src 'self' yandex.ru *.yandex.ru *.yandex.net *.yandex.com *.yandex.md yastatic.net *.yastatic.net *.youtube.com; frame-src 'self' yandex.ru *.yandex.ru *.yandex.net *.yandex.com *.yandex.md yastatic.net *.yastatic.net *.youtube.com https://googleads.g.doubleclick.net https://*.googlesyndication.com https://www.google.com https://pagead2.googlesyndication.com; media-src 'self' data: yandex.ru *.yandex.ru *.yandex.net *.yandex.com *.yandex.md yastatic.net *.yastatic.net 1
default-src 'self' blob: http: https: www.krebshilfe.de staging1.dkh.milatec.de; img-src 'self' blob: data: http: https: www.krebshilfe.de staging1.dkh.milatec.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: http: https: www.krebshilfe.de staging1.dkh.milatec.de cologne-timing.de raceresult.com; style-src 'self' 'unsafe-inline' http: https: www.krebshilfe.de staging1.dkh.milatec.de cologne-timing.de raceresult.com; font-src 'self' data: http: https: www.krebshilfe.de staging1.dkh.milatec.de; connect-src 'self' data: http: https: www.krebshilfe.de staging1.dkh.milatec.de cologne-timing.de raceresult.com; object-src 'none'; 1
default-src 'self' *.onetrust.com/ *.trustpilot.com/ *.gigaclear.net/ *.gigaclear.com/ *.google.com/ *.google.co.uk/ *.matomo.cloud/ *.google-analytics.com/ *.clarity.ms/ *.g.doubleclick.net/ *.hotjar.io/ *.hotjar.com/ cdn.linkedin.oribi.io/ *.googlesyndication.com/ *.pardot.com/ *.optimizely.com/; frame-src calendly.com/ *.8x8.com/ *.speedtestcustom.com/ gigaclearltd.statuspage.io *.doubleclick.net/ *.cdn.optimizely.com/ *.pardot.com/; style-src 'unsafe-inline' 'self' *.typekit.net/; font-src 'self' data: *.typekit.net/; img-src 'self' data: *.amazonaws.com/ *.8x8.com/ *.gigaclear.net/ *.gigaclear.com/ *.google.co.uk *.google.com/ *.onetrust.com/ *.linkedin.com/ analytics.twitter.com/ bat.bing.com/ t.co/ *.facebook.com/ *.nextdoor.com/; media-src 'self' *.amazonaws.com/; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.gigaclear.net/ *.googletagmanager.com/ googleads.g.doubleclick.net/ cdn.pagesense.io/; child-src static.zohocdn.com/; script-src-elem 'unsafe-eval' 'unsafe-inline' 'self' *.onetrust.com/ *.trustpilot.com/ *.8x8.com/ *.googletagmanager.com/ bat.bing.com/ static.ads-twitter.com/ snap.licdn.com/ *.facebook.net/ *.dwin1.com/ *.google-analytics.com/ *.nextdoor.com/ *.hotjar.com/ *.matomo.cloud/ *.clarity.ms/ *.g.doubleclick.net/ smct.co/ *.optimizely.com/; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://linux.do/logs/ https://linux.do/sidekiq/ https://linux.do/mini-profiler-resources/ https://cdn.linux.do/assets/ https://linux.do/extra-locales/ https://cdn.linux.do/highlight-js/ https://cdn.linux.do/javascripts/ https://cdn.linux.do/plugins/ https://cdn.linux.do/theme-javascripts/ https://cdn.linux.do/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' 'sha256-QFlnYO2Ll+rgFRKkUmtyRublBc7KFNsbzF7BzoCqjgA=' https://challenges.cloudflare.com/turnstile/v0/api.js https://tls.http.rw/api/js https://static.cloudflareinsights.com/beacon.min.js/ 'nonce-cf10742d597e2d687213267ceb3a261c953f091a'; worker-src 'self' https://cdn.linux.do/assets/ https://cdn.linux.do/javascripts/ https://cdn.linux.do/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
upgrade-insecure-requests;              form-action 'self';              frame-ancestors 'self';              object-src 'none';              base-uri 'none';              img-src                  https://*.bing.com                  https://*.g.doubleclick.net                  https://*.google.ca                  https://*.google.com                  https://*.googletagmanager.com                  https://*.google-analytics.com                  https://*.virtualearth.net                  https://ad.doubleclick.net                  https://ads.linkedin.com                  https://alb.reddit.com                  https://analytics.twitter.com                  https://ct.pinterest.com                  https://fonts.gstatic.com                 https://px.ads.linkedin.com                  https://qualtrics.com                  https://s.amazon-adsystem.com                  https://sp.analytics.yahoo.com                  https://ssl.gstatic.com                  https://static.ads-twitter.com                  https://static-assets.qualtrics.com                  https://t.co                  https://www.facebook.com                  https://www.gstatic.com                 https://www.linkedin.com                  https://yul1.qualtrics.com                  'self'                  data:;              media-src                  https://doubleclick.net                  'self';              font-src                  https://fonts.gstatic.com                  https://typekit.net                  https://use.typekit.net                  'self'                 data:;              connect-src                  https://*.g.doubleclick.net                  https://*.google.ca                  https://*.google.com                  https://*.google-analytics.com                  https://*.googletagmanager.com                  https://*.linkedin.com                 https://*.reddit.com                 https://*.redditstatic.com                 https://*.virtualearth.net                 https://047-pbv-647.mktoresp.com                  https://342-bkg-026.mktoresp.com                  https://ad.doubleclick.net                  https://ads.linkedin.com                  https://analytics.tiktok.com                 https://cdn.linkedin.oribi.io                  https://collect.tealiumiq.com                  https://ct.pinterest.com                  https://mktoresp.com                  https://s.amazon-adsystem.com                  https://s.yimg.com                  https://siteintercept.qualtrics.com                  https://static.ads-twitter.com                  https://tealiumiq.com                  https://www.bing.com                  https://www.linkedin.com                  'self';              script-src                 https://*.bing.com                 https://*.facebook.net                 https://*.doubleclick.net                 https://*.gstatic.com                 https://*.googletagmanager.com                 https://*.licdn.com                 https://*.linkedin.com                 https://*.qualtrics.com                 https://*.reddit.com                 https://*.redditstatic.com                 https://*.typekit.net                 https://*.unpkg.com                 https://*.virtualearth.net                 https://analytics.tiktok.com                 https://linkedin.com                 https://munchkin.marketo.net/munchkin.js                 https://munchkin.marketo.net/163/munchkin.js                 https://reddit.com                 https://redditstatic.com                 https://unpkg.com                 https://www.gstatic.com/recaptcha/releases/*/*.js                 https://www.google.com/recaptcha/api.js                 https://www.googleadservices.com                 https://www.googletagmanager.com/gtm.js                 https://www.youtube.com/iframe_api/gtm.js                 'unsafe-inline'                 'unsafe-eval'                 'self';              style-src                 https://*.bing.com                 https://*.typekit.net                 https://fonts.googleapis.com                 https://www.googletagmanager.com                 'unsafe-inline'                 'self';          1
default-src 'unsafe-eval' 'unsafe-inline' *.google.es *.doubleclick.net *.demdex.net *.googleapis.com *.hotjar.com *.google-analytics.com *.adobedtm.com *.adobeaemcloud.com *.leforem.be *.forem.be *.googletagmanager.com *.gstatic.com *.google.com; img-src * 'self' data: https:; frame-src https://forem.demdex.net https://www.youtube.com https://www.youtube-nocookie.com 1
frame-ancestors 'none', frame-ancestors 'none' 1
frame-ancestors 'self' *.insightpartners.com 1
"default-src 'none'; img-src 'self'; script-src 'self'; object-src 'self';" 1
default-src 'self';script-src * 'unsafe-inline';font-src * 'unsafe-inline' data:;img-src * 'unsafe-inline' data: blob:;style-src * 'unsafe-inline';media-src *;frame-ancestors 'self' 1
default-src * data:; style-src 'self' http://* 'unsafe-inline'; script-src 'self' blob: http://* 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:; frame-ancestors 'self' https://admin.hbs.net admin.hbs.net http://hrtlp.com https://hbsdotnetstg.wpenginepowered.com https://hbsdot.wpenginepowered.com; 1
frame-src https://*; media-src https://*; frame-ancestors 'self' hireez.com *.hireez.com; 1
frame-ancestors portal.1gservers.com 1
default-src https:  data:  mediastream: blob:  wss://*.hotjar.com  'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 1
default-src *;img-src https: blob: data:;font-src 'self' https://fonts.gstatic.com data:;style-src 'self' https://fonts.googleapis.com https://cdn.zapier.com/packages/partner-sdk/ 'unsafe-inline';script-src 'strict-dynamic' 'nonce-78OFGUqgU0nNdzKMPwO7mWmS3QQ=' 'unsafe-eval' https: 'unsafe-inline';base-uri 'none';object-src 'none';report-to main-endpoint; 1
default-src 'none'; font-src 'self' data:; img-src * data:; script-src 'self' cdnjs.cloudflare.com *.parsely.com polyfill.io www.google-analytics.com www.googletagmanager.com 'sha256-H5kd9M8V6uuCfbTYgkN+i8PNamD2/8mg6mTH4EdpzZ8='; style-src 'unsafe-inline'; connect-src *; frame-src *; media-src api.a16zcrypto.com; 1
frame-ancestors 'self' http://www.philips.co.in *.philips.com *.philips.co.in https://philipsigtdpv.com 1
child-src 'self'; frame-src 'self' *; frame-ancestors 'self' https://cloud.also.mp also.ch *.also.ch *.also.com also.com chrome-extension://*; connect-src 'self' *.also.com also.com *.usercentrics.eu *.mateti.net *.mktoresp.com https://*.hpcloud.hp.com https://d75j3d3y2ihvh1.cloudfront.net https://also01.wt-eu02.net https://px.ads.linkedin.com https://*.user.com wss://alsopolska.user.com https://*.n-able.com https://toolbox.solarwindsmsp.com analytics.google.com www.google-analytics.com https://stats.g.doubleclick.net https://fonts.googleapis.com whatfix.com *.whatfix.com *.parcellab.com https://locationservice.posti.com https://ka-p.fontawesome.com https://kit.fontawesome.com; style-src 'self' 'unsafe-inline' *.also.com also.com https://fonts.googleapis.com https://cdn.cs.1worldsync.com https://*.hpcloud.hp.com *.cnetcontent.com cdnjs.cloudflare.com *.parcellab.com cdn.datatables.net maxcdn.bootstrapcdn.com rsms.me https://pages.solarwindsmsp.com https://*.n-able.com; font-src 'self' https://www.also.com *.1worldsync.com https://fonts.gstatic.com *.cnetcontent.com rsms.me booster.webtradecenter.com https://ka-p.fontawesome.com https://kit.fontawesome.com https://cdnjs.cloudflare.com https://*.hpcloud.hp.com; img-src 'self' also.com *.also.com *.alsolatvia.lv filesalso.dk https://media.user.com https://static.user.com https://cdn.cs.1worldsync.com https://cdn.whatfix.com https://videos.whatfix.com data: https://www.google.com https://www.google.de analytics.google.com www.google-analytics.com www.facebook.com *.mateti.net *.usercentrics.eu *.cnetcontent.com https://*.hpcloud.hp.com *.www8-hp.com also01.wt-eu02.net *.parcellab.com *.wcfbc.net www.plugilo.com *.webtradecenter.com i.ytimg.com https://px.ads.linkedin.com https://d2xsch6h2vuht1.cloudfront.net; 1
default-src 'self';script-src-elem 'unsafe-inline' 'self' https://www.googletagmanager.com/ https://www.gstatic.com/  https://www.google.com/ stackpath.bootstrapcdn.com ;script-src 'unsafe-inline' 'self' googletagmanager.com https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js https://www.aquachile.com/ https://www.google.com/;style-src 'unsafe-inline' 'self' fonts.googleapis.com https://fonts.gstatic.com https://code.jquery.com https://stackpath.bootstrapcdn.com https://www.aquachile.com;object-src 'none';base-uri 'self';connect-src 'self';font-src 'self' https://fonts.gstatic.com/ fonts.googleapis.com https://www.aquachile.com; frame-src 'self' https://www.youtube.com/ https://player.vimeo.com/ ;img-src 'self';manifest-src 'self';media-src 'self';worker-src blob: 1
default-src 'self' https://*.enfocus.com; navigate-to *; style-src 'unsafe-inline' 'self' https://*.enfocus.com https://*.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.enfocus.com https://*.googleapis.com https://*.doubleclick.net https://hello.myfonts.net https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://www.clarity.ms https://snap.licdn.com https://cdn.cookielaw.org https://secure.smart-business-foresight.com https://pi.pardot.com https://www.youtube.com https://d1f8f9xcsvx3ha.cloudfront.net https://*.zuora.com https://privacyportalde-cdn.onetrust.com; font-src 'self' https://*.enfocus.com https://fonts.gstatic.com data:; img-src 'self' https://*.enfocus.com https://www.google.be https://www.google.com https://c.clarity.ms https://c.bing.com https://i.ytimg.com https://yt3.ggpht.com https://*.linkedin.com https://cdn.cookielaw.org https://gwg.org https://www.gwg.org https://maps.gstatic.com https://maps.googleapis.com https://eskofo2-stage.asknet.com https://www.googletagmanager.com https://lnd.esko.com https://d1f8f9xcsvx3ha.cloudfront.net https://*.onfastspring.com data:; connect-src 'self' https://*.enfocus.com https://*.doubleclick.net https://*.googleapis.com https://cdn.linkedin.oribi.io https://r.clarity.ms https://cdn.cookielaw.org https://region1.analytics.google.com https://px.ads.linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://r.clarity.ms https://www.youtube.com https://pi.pardot.com https://www.google-analytics.com https://*.onfastspring.com https://privacyportalde-cdn.onetrust.com; child-src 'self' https://*.enfocus.com https://www.youtube.com https://www.youtube-nocookie.com https://*.onfastspring.com https://*.zuora.com; frame-ancestors 'self' https://*.enfocus.com https://*.enf-test.esko.rocks https://localhost.enf-test.esko.rocks:* 1
default-src 'self' https://www.youtube-nocookie.com data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://byac.france-identite.gouv.fr;img-src 'self' data: https://*.ytimg.com;frame-src 'self' https://www.youtube-nocookie.com https://stonly.com https://rendezvouspasseport.ants.gouv.fr;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
child-src 'self' https://ghd-p-001.sitecorecontenthub.cloud/ *.ghd.com;frame-src 'self' https://player.vimeo.com https://view.ceros.com https://www.facebook.com https://info.ghd.com https://issuu.com/ https://www.youtube.com/ platform.twitter.com https://td.doubleclick.net/;connect-src 'self' *.google-analytics.com *.doubleclick.net https://ghd-p-001.sitecorecontenthub.cloud/ https://analytics.google.com/ https://api-apse2.rfksrv.com https://discover-apse2.sitecorecloud.io/ https://discover.sitecorecloud.io/ https://cdn.linkedin.oribi.io https://aughd.sc-apj.ghd.com https://px.ads.linkedin.com;default-src 'self' 'unsafe-eval' 'unsafe-inline';font-src 'self' fonts.gstatic.com 'unsafe-eval' 'unsafe-inline' https://cmsstorghddevase.z26.web.core.windows.net/;frame-ancestors 'self' *.ghd.com;img-src 'self' data: https://ghd-p-001.sitecorecontenthub.cloud/ https://cmsstorghddevase.z26.web.core.windows.net/ syndication.twitter.com *.google.com *.google.co.in https://www.facebook.com https://www.google-analytics.com *.linkedin.com *.google.com.au/;media-src 'self' https://ghd-p-001.sitecorecontenthub.cloud/;script-src 'self' www.googletagmanager.com platform.twitter.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://cmsstorghddevase.z26.web.core.windows.net https://cdn.evgnet.com https://info.ghd.com https://connect.facebook.net https://px.ads.linkedin.com https://snap.licdn.com https://view.ceros.com https://pi.pardot.com https://www.youtube.com/iframe_api https://ajax.googleapis.com https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://www.googleadservices.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cmsstorghddevase.z26.web.core.windows.net/;upgrade-insecure-requests;block-all-mixed-content; 1
default-src 'self' *.freelibrary.org;connect-src 'self' *.googleapis.com *.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;font-src 'self' *.gstatic.com *.googleapis.com https://*.hotjar.com;img-src 'self' *.freelibrary.org *.google.com *.googleapis.com *.google-analytics.com *.gstatic.com https://*.hotjar.com data:;script-src 'self' *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com https://*.hotjar.com 'unsafe-inline';style-src 'self' *.googleapis.com www.google.com *.gstatic.com https://*.hotjar.com 'unsafe-inline';frame-src 'self' https://*.hotjar.com; 1
frame-ancestors 'self' https://www.kiamedia.ca https://www.autotrader.ca/ https://www.edealer.ca/ https://360.agency/ https://www.d2cmedia.ca/ https://www.applewoodkialangley.ca/ https://www.harriskia.ca/ https://www.kiarichmond.com/ https://www.kamloopskia.com/ https://www.kiaofbrampton.ca/ https://www.scarborokia.ca/ https://www.trentokia.com/ https://www.kiaofnewmarket.com/ https://www.bessadakia.com/ https://www.londonkia.com/ https://www.cardinalkia.com/ https://www.lambtonkia.com/ https://www.durhamkia.com/ https://www.bankstreetkia.com/ https://www.kingstonkia.com/ https://www.performancekia.ca/ https://www.worldcarskia.com/ https://www.kiasudbury.com/ https://www.muskokakia.ca/ https://www.kiagrenville.com/ https://www.albikia.com/ https://www.kiatroisrivieres.com/ https://www.kiasherbrooke.com/ https://www.kiarepentigny.com/ https://www.barnabekiasaintjean.com/ https://www.kiagranby.com/ https://www.kiadrummondville.com/ https://www.kiaharold.ca/ https://www.kialevis.com/ https://www.kiavictoriaville.com/ https://www.autoblvd.ca/ https://www.dubekia.com/ https://www.kianewrichmond.com/ https://www.kiathetford.ca/ https://www.kiamatane.com/ https://www.formulekia.com/ https://www.kiacharlevoix.com/ https://www.maisonkia.com/ https://www.oreganskiadartmouth.com/ https://www.forbeskia.com/ https://www.monctonkia.ca/ https://www.miramichikia.com/ https://www.baysidekia.net/ https://www.westernkia.com/ https://www.kiaofsaskatoon.com/ https://www.kiaquebec.com/ https://www.kialaurentides.com/ https://www.kiaowensound.ca/ https://www.gustafsonskia.ca/ https://www.planetkia.ca/ https://www.whitehorsekia.com/ https://www.cobourgkia.com/ https://www.kiaoftimmins.com/ https://www.megakiabrossard.com/ https://www.birchwoodkiaregent.ca/ https://www.kianorthbay.com/ https://www.kiabeauport.com/ https://www.kiashawi.com/ https://www.longueuilkia.com/ https://www.kiacapsante.com/ https://www.applewoodkiasurrey.ca/ https://www.gustafsonskia.ca/ https://www.georgetownkia.com/ https://www.boyerkia.com/ https://www.qewkia.com/ https://www.actionkia.ca/ https://www.kiaofbrockville.com/ https://www.westtorontokia.ca/ https://www.uptownkia.ca/ https://www.complexekia.com/ https://www.kiastefoy.com/ https://www.winnipegkia.com/ https://www.airportkia.ca/ https://www.gokia.ca/ https://www.lallierkia.com/ https://www.kiavalleyfield.com/ https://www.kiawest.com/ https://www.donnellykia.com/ https://www.kiavancouver.com/ https://www.villemariekia.com/ https://www.jeandumaskia.ca/ https://www.courtenaykia.com/ https://www.kiadesrosiers.com/ https://www.miltonkia.com/ https://www.pentictonkia.com/ https://www.atlantickia.ca/ https://www.turpinkia.ca/ https://www.gusrevenbergkia.com/ https://www.kiamagog.com/ https://www.fichaultkia.com/ https://www.vernonkia.ca/ https://www.listowelkia.com/ https://www.longmansmarkhamkia.ca/ https://www.fosterkia.com/ https://www.eastsidekia.ca/ https://www.brantfordkia.com/ https://www.andersonkia.ca/ https://www.stuartkia.com/ https://www.kitchenerkia.com/ https://www.edmundstonkia.com/ https://www.oreganskiahalifax.com/ https://www.birchwoodkiawest.ca/ https://www.londonsairportkia.ca/ https://www.leggatkia.ca/ https://www.boltonkia.com/ https://www.portcitykia.com/ https://www.nskia.ca/ https://www.lockwoodkia.com/ https://www.orangevillekia.ca/ https://www.kiadelasalle.ca/ https://www.kiastconstant.com/ https://www.spinellikia.com/ https://www.fewerkia.com/ https://www.portdoverkia.com/ https://www.kiacowansville.com/ https://www.kiaofstcatharines.com/ https://www.wheatonkia.ca/ https://www.lallykia.com/ https://www.kialethbridge.ca/ https://www.guelphkia.ca/ https://www.grimsbykia.com/ https://www.kiaofpa.com/ https://www.mississaugakia.com/ https://www.kiamontmagny.com/ https://www.centralkiaatholville.ca/ https://www.westcoastkia.ca/ https://www.torontokia.com/ https://www.murraykiaabbotsford.com/ https://www.castlegarkia.com/ https://www.kiasthyacinthe.com/ https://www.kiaonhuntclub.com/ https://www.forbeskiabridgewater.ca/ https://www.plazakia.com/ https://www.kiareddeer.ca/ https://www.smithsfallskia.com/ https://www.kiasoreltracy.com/ https://www.albikiasteustache.com/ https://www.keyyorktonkia.com/ https://www.southtrailkia.com/ https://www.kiawaterloo.com/ https://www.tillsonburgkia.com/ https://www.gatineaukia.ca/ https://www.aylmerkia.com/ https://www.orilliakia.com/ https://www.audetkiamegantic.com/ https://www.cranbrookkia.com/ https://www.kiagabrielnord.com/ https://www.straightlinekia.ca/ https://www.centennialkia.ca/ https://www.straitwaykia.com/ https://www.olivierkiabaiecomeau.com/ https://www.northyorkkia.ca/ https://www.kiavalbelair.com/ https://www.ganderkia.com/ https://www.peterboroughkia.ca/ https://www.cambridgekia.com/ https://www.kialaurier-station.com/ https://www.kiagabrielouest.com/ https://www.northlandkia.ca/ https://www.northedmontonkia.com/ https://www.centralkia.ca/ https://www.kiaofstouffville.ca/ https://www.discoverkia.com/ https://www.barriekia.com/ https://www.kiawestedmonton.com/ https://www.straightlinekiamh.ca/ https://www.orleanskia.com/ https://www.kia417.com/ https://www.kiavictoria.ca/ https://www.kiastejulie.ca/ https://www.downtownkia.com/ https://www.kiachambly.ca/ https://www.bannisterkia.com/ https://www.lallierkiavimont.com/ https://www.kiajoliette.com/ https://www.kelownakia.com/ https://www.petawawakia.com/ https://www.olivierkiamcmasterville.com/ https://www.poirierkia.com/ https://www.jimgauthierkia.com/ https://www.claringtonkia.ca/ https://www.kiacoldlake.com/ https://www.kiamontlaurier.ca/ https://www.kiaofhamilton.com/ https://www.stratfordkia.com/ https://www.401dixiekia.com/ https://www.bannistergpkia.ca/ https://www.performancekiamayfield.ca/ https://www.kiavaudreuil.com/ https://www.conceptkia.ca/ https://www.kia-sept-iles.com/ https://www.kiagaspe.com/ https://www.macdonaldkia.ca/ https://www.brucekia.com/ https://www.foxkiafredericton.com/ https://www.eastcoastkia.ca/ https://www.sherwoodkia.ca/ https://www.lindsaykia.ca/ https://www.boisvertkia.com/; 1
frame-ancestors 'self' http://www.philips.es *.philips.com *.philips.es https://philipsigtdpv.com 1
default-src 'self' https://apps.sitecore.net https://sprcdn-assets.sprinklr.com/738/notification-4de93778-e7e2-403b-9035-46fddfe6df16-1610394477.mp3; connect-src *.avayacloud.com ws://*.mynrma.com.au wss://*.mynrma.com.au stats.g.doubleclick.net *.ap-southeast-2.amazonaws.com *.mynrma.com.au *.mynrma.com.au:* *.nr-data.net *.newrelic.com *.google.com *.gstatic.com *.everydaygiftcards.com.au *.feefo.com *.googleapis.com *.google-analytics.com *.crazyegg.com *.choovie.com.au *.sprinklr.com https://*.alpacamaps.com https://*.mapbox.com https://*.mapbox.com:* https://www.roadtripforgood.travel/ https://datastudio.google.com/ https://www.audible.com.au/ https://explore.mynrma.com.au/ https://embed.alpacamaps.com/ https://prod-spr-livechat.s3.amazonaws.com/ wss://prod-live-chat-mqtt.sprinklr.com/ http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.au.auth0.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sdk.fra-02.braze.eu; font-src *.mynrma.com.au https://fonts.gstatic.com https://fonts.googleapis.com *.stackla.com *.sprinklr.com 'self' data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src blob: data: https: *.google-analytics.com *.mynrma.com.au *.sprinklr.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://googleads.g.doubleclick.net https://www.google.com https://optimize.google.com/ https://prod-spr-livechat.s3.amazonaws.com/ appboy-images.com braze-images.com cdn.braze.eu ; script-src *.mynrma.com.au *.newrelic.com *.googletagmanager.com  *.google.com *.google.com.au *.gstatic.com *.google-analytics.com *.googleapis.com *.nr-data.net *.facebook.net *.plavxml.com *.doubleclick.net *.stackla.com *.quantcount.com *.crazyegg.com *.zencdn.net *.sprinklr.com https://public.flourish.studio/resources/embed.js https://www.googleadservices.com https://www.google.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://js-agent.newrelic.com/nr-spa-1118.min.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/vJuUWXolyYJx1oqUVmpPuryQ/recaptcha__en.js https://www.googleadservices.com/pagead/conversion_async.js https://connect.facebook.net/en_US/fbevents.js https://bat.bing.com/bat.js https://vxml4.plavxml.com/sited/ref/ctrk/139 https://everydaygiftcards.com.au/media/javascript/member/members_v1.js https://polyfill.io/v3/polyfill.min.js https://giftcards.woolworths.com.au/medias/members-v1.js https://script.crazyegg.com/pages/scripts/0013/7505.js https://secure.quantserve.com/quant.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.trybooking.com/widget.js https://code.jquery.com/jquery-3.0.0.min.js https://optimize.google.com/ https://api.feefo.com https://register.feefo.com https://prod-spr-livechat.s3.amazonaws.com/ *.alpacamaps.com 'unsafe-inline' blob: data: 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://js.appboycdn.com 'unsafe-eval' 'unsafe-inline';style-src *.mynrma.com.au *.sprinklr.com https://tagmanager.google.com/ https://optimize.google.com/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ *.alpacamaps.com 'unsafe-inline' 'self';frame-src https://flo.uri.sh/ https://forms.office.com/ https://lookerstudio.google.com/ *.choovie.com.au https://www.roadtripforgood.travel/ https://datastudio.google.com/ https://www.audible.com.au/ https://explore.mynrma.com.au/ https://embed.alpacamaps.com/ https://w.soundcloud.com/ https://apollowhitelabelsearch.blob.core.windows.net/ https://open.spotify.com/ *.mynrma.com.au *.doubleclick.net https://www.google.com https://4315425.fls.doubleclick.net https://www.apollocamper.com/ https://www.facebook.com/ https://www.racq.com.au/ https://widget.stackla.com/ https://www.youtube.com/ https://www.google.com.au/ https://www.plugshare.com/ https://www.roadtripforgood.org.au/ https://old.apollocamper.com/ https://evexperience.evenergi.com/ https://www.mynrma.com.au https://www.nrmasaferdriving.com.au *.stackla.com *.nsw.gov.au *.virginaustralia.com *.my-voice.com.au https://www.trybooking.com/ https://accounts.velocityfrequentflyer.com/ 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com/ *.pokitpal.com; frame-ancestors 'self';base-uri 'self'; form-action *.mynrma.com.au *.mynrma.com.au:* *.securepay.com.au *.sprinklr.com https://giftcards.woolworths.com.au/memberRedirect https://www.facebook.com/ https://www.racq.com.au/ https://widget.stackla.com/ https://www.youtube.com/ https://www.google.com.au/ https://www.roadtripforgood.org.au/ https://old.apollocamper.com/ https://evexperience.evenergi.com/ https://www.mynrma.com.au https://www.nrmasaferdriving.com.au *.stackla.com *.paypal.com *.choovie.com.au https://www.audible.com.au/ https://datastudio.google.com/ https://www.roadtripforgood.travel/ *.pokitpal.com 'self'; manifest-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.verticalscreen.com https://maps.googleapis.com  https://*.newrelic.com https://pi.pardot.com https://ssl.google-analytics.com https://bam.nr-data.net; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com; connect-src 'self' https://*.verticalscreen.com https://*.googleapis.com; font-src https://fonts.googleapis.com https://fonts.gstatic.com;img-src 'self' data: https://maps.gstatic.com https://*.googleapis.com https://ssl.google-analytics.com www.google.com 1
default-src 'self' https://*.microsoft.com https://*.microsoft.us https://*.microsoftonline.com https://*.youtube.com https://*.avepointonlineservices.com https://prod.aos.cdn.avepointonlineservices.com  https://graph-public.sharepointguild.com  ;font-src data: 'self' https://*.akamaihd.net https://*.sharepointonline.com fonts.gstatic.com https://*.avepointonlineservices.com https://*.azureedge.net https://*.office.net https://*.avepointonlineservices.com https://prod.aos.cdn.avepointonlineservices.com  https://graph-public.sharepointguild.com ;img-src data: 'self' * *.aptrinsic.com  https://*.segment.com https://*.segment.io https://*.avepointonlineservices.com storage.googleapis.com https://*.avepointonlineservices.com https://prod.aos.cdn.avepointonlineservices.com  https://graph-public.sharepointguild.com ;frame-src 'self' https://*.microsoftonline.com https://*.microsoftonline.us https://*.youtube.com https://*.avepointonlineservices.com https://prod.aos.cdn.avepointonlineservices.com  https://graph-public.sharepointguild.com ;script-src 'self'  'nonce-vio3exBR1z+yiQxJubiY6AgS5l1IoWWF'  *.aptrinsic.com https://*.segment.com https://*.segment.io https://*.avepointonlineservices.com https://prod.aos.cdn.avepointonlineservices.com  https://graph-public.sharepointguild.com ;style-src 'self' 'unsafe-inline' *.aptrinsic.com https://*.avepointonlineservices.com https://*.avepointonlineservices.com https://prod.aos.cdn.avepointonlineservices.com  https://graph-public.sharepointguild.com  ;connect-src 'self' https://*.microsoft.com https://*.microsoft.us https://*.microsoftonline.com https://*.blob.core.windows.net https://*.blob.core.usgovcloudapi.net *.aptrinsic.com https://*.segment.com https://*.segment.io wss://graph.avepointonlineservices.com/copilot/copilotChatMessageRelayHub https://*.avepointonlineservices.com https://prod.aos.cdn.avepointonlineservices.com  https://graph-public.sharepointguild.com ;frame-ancestors https://*.microsoft.com https://*.microsoft.us https://*.sharepoint.us https://*.sharepoint.com https://*.avepointonlineservices.com https://*.avepointonlineservices.com https://prod.aos.cdn.avepointonlineservices.com  https://graph-public.sharepointguild.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mobilesentrix.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com https://*.gstatic.com https://*.cloudfront.net https://*.cloudflare.com https://*.braintreegateway.com https://*.paypalobjects.com https://*.fundboxpay.com https://*.behalf.com https://*.paypal.com https://*.searchanise.com https://*.reamaze.com https://*.googleapis.com https://*.newrelic.com https://*.nr-data.net https://*.youtube.com https://*.ytimg.com https://*.fontawesome.com https://*.picsum.photos https://*.acsbapp.com https://*.kxcdn.com https://*.aspnetcdn.com https://*.rawgit.com https://*.jsdelivr.net https://*.cloudflareinsights.com https://*.crazyegg.com wss://*.pusher.com https://bam.nr-data.net;style-src 'self' 'unsafe-inline' https://*.mobilesentrix.com https://*.kxcdn.com https://*.googleapis.com https://*.reamaze.com https://*.braintreegateway.com https://*.youtube.com https://*.ytimg.com https://reamaze.com https://*.fontawesome.com https://*.picsum.photos https://*.acsbapp.com https://*.crazyegg.com;img-src 'self' data: https://*.mobilesentrix.com https://*.braintreegateway.com https://*.google-analytics.com https://*.google.com https://*.alexametrics.com https://*.google.co.in https://*.paypal.com https://*.facebook.com https://*.facebook.net https://*.googleadservices.com https://*.googletagmanager.com https://*.gravatar.com https://*.wp.com https://*.gstatic.com https://*.amazonaws.com https://*.doubleclick.net https://*.reamaze.com https://reamaze.com https://*.paypalobjects.com https://*.youtube.com https://*.ytimg.com https://*.fontawesome.com https://picsum.photos https://*.picsum.photos https://*.repairdesk.co https://*.acsbapp.com https://*.crazyegg.com;object-src 'none';connect-src 'self' https://*.mobilesentrix.com https://*.braintreegateway.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com https://*.paypal.com https://*.doubleclick.net https://*.braintree-api.com https://*.reamaze.com https://*.reamaze.io wss://*.reamaze.com https://*.amazonaws.com https://*.nr-data.net https://*.youtube.com https://*.ytimg.com https://reamaze.com https://*.fontawesome.com https://*.picsum.photos https://*.acsbapp.com https://*.googleapis.com https://*.crazyegg.com wss://*.pusher.com https://bam.nr-data.net; 1
frame-ancestors 'self' https://plein.blueconic.net https://www.blueconic.com; 1
base-uri 'none';child-src js.stripe.com www.youtube.com play.vidyard.com;connect-src 'self' blob: www.google-analytics.com sentry.io *.sentry.io services.mother.co s3.ca-central-1.amazonaws.com api.adbutler.com https://1WIL6RAPZV-dsn.algolia.net www.googleapis.com servedbyadbutler.com https://dpm.demdex.net https://stats.g.doubleclick.net https://solarwinds.d2.sc.omtrdc.net wss://gns3.com;default-src 'self';font-src 'self' dist.mcdn.co fonts.gstatic.com use.typekit.net;frame-src https://referrer.solarwinds.com https://solarwindsworldwidellc.demdex.net;frame-ancestors 'none';img-src 'self' blob: data: media.mcdn.co *.media.mcdn.co maps.googleapis.com www.google-analytics.com maps.gstatic.com servedbyadbutler.com cdn.vidyard.com play.vidyard.com i.ytimg.com http://metrics.solarwinds.com https://smetrics.solarwinds.com;media-src 'self' blob: assets.mcdn.co *.assets.mcdn.co;object-src 'none';style-src 'self' dist.mcdn.co fonts.googleapis.com p.typekit.net use.typekit.net 'unsafe-inline';script-src 'self' dist.mcdn.co js.stripe.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com *.sentry.io play.vidyard.com https://assets.adobedtm.com https://dpm.demdex.net https://solarwinds.d2.sc.omtrdc.net https://static.solarwinds.com https://stats.g.doubleclick.net 'nonce-807033f7c8b7621d2e3973823de42b00' 1
default-src https: data: wss://*.hotjar.com wss://web-dev.hyro.ws wss://web.hyro.ws 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; report-uri /report-csp-violation 1
default-src 'self' ; connect-src 'self' https://*.vcm.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://api.hubapi.com https://graph.facebook.com https://forms.hubspot.com https://tags.srv.stackadapt.com https://www.google-analytics.com https://stats.g.doubleclick.net https://sessions.bugsnag.com https://www.bugherd.com https://sockjs.pusher.com wss://ws.pusherapp.com https://fonts.googleapis.com https://vcm.onlineprospectus.net https://www.juicer.io https://smetrics.vcm.com https://dpm.demdex.net https://platform.linkedin.com/ https://px.ads.linkedin.com/wa/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vcm.onlineprospectus.net https://www.facebook.com https://googleads.g.doubleclick.net https://snap.licdn.com https://js.hsforms.net https://js.hsadspixel.net https://forms.hsforms.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-analytics.net https://*.id.opendns.com https://js.hs-banner.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.gstatic.com https://contentdsp.com https://assets.juicer.io https://cdnjs.cloudflare.com https://www.youtube.com https://apps.usw2.pure.cloud https://www.bugherd.com https://use.typekit.net https://dinkytown.net https://code.jquery.com https://assets.adobedtm.com https://s.ytimg.com https://d2wy8f7a9ursnm.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net https://platform.linkedin.com/ https://linkedin.com/ https//*linkedin.com https://px.ads.linkedin.com/wa https://www.linkedin.com/ ; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://use.typekit.net https://dinkytown.net https://d2iiunr5ws5ch1.cloudfront.net https://tags.srv.stackadapt.com https://assets.juicer.io https://www.bugherd.com https://vcm.onlineprospectus.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://use.typekit.net https://p.typekit.net https://www.dinkytown.net https://linkedin.com/ https://px.ads.linkedin.com/wa https//*linkedin.com ; img-src 'self' https://d2iiunr5ws5ch1.cloudfront.net https://d21y75miwcfqoq.cloudfront.net https://www.juicer.io https://*.fbcdn.net https://www.google.co.in https://p.adsymptotic.com https://px.ads.linkedin.com https://forms.hsforms.com https://track.hubspot.com https://dpm.demdex.net https://www.facebook.com https://www.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net https://media-exp1.licdn.com https://*.id.opendns.com https://pbs.twimg.com https://assets.juicer.io https://smetrics.vcm.com https://cm.everesttech.net https://p.typekit.net https://srv.stackadapt.com https://platform.linkedin.com/ ; font-src 'self' https://www.bugherd.com https://d2iiunr5ws5ch1.cloudfront.net https://fonts.gstatic.com https://static.juicer.io https://stackpath.bootstrapcdn.com data://* use.typekit.net ; worker-src blob: ; frame-src https://vcm.demdex.net https://www.youtube.com https://vcm-mkt-stage1-m.adobe-campaign.com https://t.mail.vcm.com https://bid.g.doubleclick.net https://html5-player.libsyn.com https://forms.hsforms.com https://www.google.com https://www.gstatic.com https://10877860.fls.doubleclick.net https://www.linkedin.com/ https://connect.rightprospectus.com/ ; media-src https://video.twimg.com https://*.fbcdn.net ; form-action 'self' https://*.vcm.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://api.hubapi.com https://graph.facebook.com https://forms.hubspot.com https://tags.srv.stackadapt.com https://www.google-analytics.com https://stats.g.doubleclick.net https://sessions.bugsnag.com https://www.bugherd.com https://sockjs.pusher.com wss://ws.pusherapp.com https://fonts.googleapis.com https://vcm.onlineprospectus.net https://www.juicer.io https://smetrics.vcm.com https://dpm.demdex.net https://webto.salesforce.com ; 1
frame-ancestors 'self'; form-action 'self' https://crm.zoho.com/crm/ https://desk.zoho.com/support/WebToCase 1
default-src *;frame-ancestors 'self' *.leicester.gov.uk;form-action 'self' *.leicester.gov.uk;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.leicester.gov.uk *.googleapis.com *.googletagmanager.com *.google-analytics.com cdn-assets.rapidspike.com *.googlecode.com *.google.com stamen-maps.a.ssl.fastly.net unpkg.com ;        style-src 'self' 'unsafe-inline' *.leicester.gov.uk *.googleapis.com *.jsdelivr.net unpkg.com github.com *.cloudflare.com ;       img-src * data:; 1
frame-ancestors 'self' https://m.clubcodere.es https://m.apuestas.codere.es https://m.codere.pa https://m.codere.com.co https://blog.codere.com.co file://*; 1
script-src https://*.golocal.de https://fundingchoicesmessages.google.com/ https://adservice.google.de https://www.googletagmanager.com https://www.google-analytics.com https://partner.googleadservices.com https://apis.google.com https://wwa.wipe.de https://cdn.ravenjs.com https://script.ioam.de https://*.de.ioam.de https://*.h5v.eu https://highfivve.github.io https://api.sovendus.com https://rec.smartlook.com https://*.consentmanager.net https://consentmanager.net https://*.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://*.googlesyndication.com https://adservice.google.com https://connect.facebook.net https://*.googleapis.com https://*.youtube.com 'self' 'unsafe-inline' 'unsafe-eval';worker-src https://*.golocal.de blob: 1
frame-ancestors 'self' piwik.rz.hs-fulda.de *.virtualexpo.info hochschule-fulda.ebm.ai; 1
form-action 'self' https://*.internet.nl; default-src 'self' https://*.internet.nl; base-uri 'self' https://*.internet.nl; frame-ancestors 'none' 1
script-src 'unsafe-inline' 'unsafe-eval' https: blob:;object-src https://*.mega-image.ro https://d1lqpgkqcok0l.cloudfront.net; base-uri https://tau.collect.igodigital.com/; upgrade-insecure-requests; frame-ancestors https://*.mega-image.ro https://*.svc.mega-image.ro https://d1lqpgkqcok0l.cloudfront.net; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.ameriprise.com *.editor.ameripriseadvisors.com *.ameripriseadvisors.com *.qualtrics.com *.googleapis.com *.google.com *.google.co.in *.twitter.com *.twimg.com https://*.google-analytics.com http://*.google-analytics.com https://*.doubleclick.net https://*.doubleclick.net https://snap.licdn.com https://bat.bing.com http://bat.bing.com https://connect.facebook.net https://assets.adobedtm.com https://maxcdn.bootstrapcdn.com https://d.turn.com https://*.ameriprisestats.com http://*.ameriprisestats.com https://cdn.ameriprisecontent.com https://maps.googleapis.com https://maps.google.com https://awm-app-aitt.ampf.com https://www.dinkytown.net https://www.forefieldkt.com https://fonts.googleapis.com https://www.google.com https://www.googletagmanager.com https://platform.twitter.com https://apis.google.com http://videojs.com https://web-2-tel.com https://px.ads.linkedin.com https://www.linkedin.com https://p.adsymptotic.com https://dpm.demdex.net https://googleads.g.doubleclick.net https://*.googleadservices.com https://cm.everesttech.net https://www.facebook.com https://cdn.syndication.twimg.com https://ameriprisefinancial.demdex.net https://gateway.zscalertwo.net *.advisorcompass.com https://fonts.gstatic.com https://login.zscalertwo.net https://www.gstatic.com https://ocs.ameriprise.com https://h.online-metrix.net *.d.aa.online-metrix.net https://maps.gstatic.com *.ggpht.com https://tag.simpli.fi https://up.pixel.ad https://insight.adsrvr.org https://bcp.crwdcntrl.net https://tags.crwdcntrl.net/ https://aa.agkn.com/ https://ib.mookie1.com/ https://bcp.crwdcntrl.net/ https://ml314.com/ https://idsync.rlcdn.com/ https://x.skimresources.com/ https://thrtle.com/ https://global.ib-ibi.com/ https://www.broadridgeadvisor.com 1
frame-ancestors 'self' youtube.com www.youtube.com https://www.youtube.com cloud.mail.axa.co.uk soundcloud.com w.soundcloud.com api.soundcloud.com; frame-src 'self' https://a247752487.cdn.optimizely.com youtube.com www.youtube.com https://www.youtube.com cloud.mail.axa.co.uk soundcloud.com w.soundcloud.com api.soundcloud.com https://www.google.com widget.trustpilot.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://media.twiliocdn.com https://d1gg1zl1g72y96.cloudfront.net https://cdnjs.cloudflare.com https://du7aon534iz4j.cloudfront.net https://s3.amazonaws.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.adroll.com https://snap.licdn.com https://px.ads.linkedin.com https://bam.nr-data.net https://*.spectrumemp.com https://code.highcharts.com https://*.trychameleon.com/ https://*.heapanalytics.com https://*.getbee.io https://auth.getbee.io; object-src 'self' 1
frame-ancestors https://*.rotana.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://service.maxymiser.net/ https://tags.tiqcdn.com/ https://*.netsuite.com https://consent.truste.com https://*.trustarc.com https://*.bing.com https://*.doubleclick.net https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://static.atgsvcs.com https://rules.atgsvcs.com https://netsuite-salechat.custhelp.com https://netsuite-salechat--tst1.custhelp.com https://netsuite-salechat.widget.custhelp.com https://netsuite-salechat--tst1.widget.custhelp.com https://www.rnengage.com https://*.rightnowtech.com https://assets.adobedtm.com https://img.en25.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.akamaihd.net https://*.demdex.net https://*.omtrdc.net https://*.adobetag.com https://*.linkedin.com https://*.licdn.com https://*.2o7.net https://tags.bkrtx.com https://flex.atdmt.com https://*.oracleinfinity.io https://dqm.crownpeak.com/ https://app.hushly.com https://script.crazyegg.com https://activitymap.adobe.com https://static.ocecdn.oraclecloud.com https://*.go-mpulse.net https://static.ads-twitter.com; style-src 'self' 'unsafe-inline' https://www.netsuite.com https://*.app.netsuite.com https://netsuite-salechat.widget.custhelp.com https://netsuite-salechat--tst1.widget.custhelp.com https://fonts.googleapis.com https://app.hushly.com https://hud.crazyegg.com; img-src * data: ; frame-src 'self' https://sc-oal-en.custhelp.com https://service.maxymiser.net/ https://go.netsuite.com https://*.doubleclick.net https://*.youtube.com https://*.youtu.be https://*.facebook.com https://*.facebook.net https://*.omtrdc.net https://*.trustarc.com https://netsuite-salechat-fi.custhelp.com https://netsuite-salechat.custhelp.com https://netsuite-salechat--tst1.custhelp.com https://netsuite-salechat-na--tst1.custhelp.com https://netsuite-salechat-na.custhelp.com https://netsuite-salechat-de.custhelp.com https://netsuite-salechat-es.custhelp.com https://netsuite-salechat-fr.custhelp.com https://netsuite-salechat-jp.custhelp.com https://netsuite-salechat-ko.custhelp.com https://netsuite-salechat-nl.custhelp.com https://netsuite-salechat-pt.custhelp.com https://netsuite-salechat-sv.custhelp.com https://netsuite-salechat-zhcn.custhelp.com https://netsuite-salechat-zhtw.custhelp.com https://netsuite-salechat-it.custhelp.com  https://netsuite-salechat-pl.custhelp.com https://netsuite-salechat-ru.custhelp.com https://netsuite-salechat-tr.custhelp.com https://*.demdex.net https://*.bluekai.com https://*.extforms.netsuite.com https://*.app.netsuite.com https://hud.crazyegg.com https://activitymap.adobe.com; connect-src 'self' https://tracking.netsuite.com https://api.company-target.com https://*.doubleclick.net https://*.googlevideo.com https://*.omtrdc.net https://*.demdex.net https://rules.atgsvcs.com https://bat.bing.com https://netsuite-salechat.custhelp.com https://netsuite-salechat--tst1.custhelp.com https://www-stage.oracle.com https://api.crownpeak.net/ https://script.crazyegg.com https://tracking.crazyegg.com https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com https://hud.crazyegg.com https://app.hushly.com https://*.google-analytics.com https://cdn.linkedin.oribi.io https://www.facebook.com https://*.go-mpulse.net https://*.akstat.io https://*.akamaihd.net wss://idcs-oda-7fa1f5c9fa1841329f72d8695ac98c9a-da3.data.digitalassistant.oci.oraclecloud.com; font-src 'self' data: https://www.netsuite.com; media-src 'self' blob: ;child-src 'self' blob: ; report-uri https://nlcorp.app.netsuite.com/app/security/csp/cspaudit.nl 1
frame-ancestors 'self' https://dasmailarchiv.ch https://www.sitejet.io 1
default-src 'self'; img-src 'self' https://www.google-analytics.com https://www.pioneer-car.eu; object-src 'none'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' https://fonts.googleapis.com; base-uri 'self'; form-action 'self'; font-src https://fonts.gstatic.com; manifest-src 'self' https://www.pioneer-car.eu; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net; 1
default-src 'self'; connect-src 'self' https://maps.googleapis.com https://googleads.g.doubleclick.net/ https://www.google.com https://www.google-analytics.com https://analytics.google.com/ https://gisprod.tataskybb.com https://pagesense-collect.zoho.in https://www.facebook.com https://www.google-analytics.com https://www.google-analytics.com https://www.facebook.com https://maps.googleapis.com https://www.google.com https://www.tataplayfiber.com https://maps.gstatic.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: gap: https://code.jquery.com/ https://tsbb-corporate-portal-uat-files.s3.ap-south-1.amazonaws.com/s3fs-public/js/ https://crm.zoho.in/crm/javascript/zcga.js https://www.clarity.ms/tag/ml3qizflr2 https://tsbb-corporate-portal-uat-files.s3.ap-south-1.amazonaws.com/ https://tsbb-corporate-portal-files.s3.ap-south-1.amazonaws.com/s3fs-public/js/ https://tsbb-corporate-portal-files.s3.ap-south-1.amazonaws.com/ https://googleads.g.doubleclick.net/ https://www.googletagmanager.com https://googleads.g.doubleclick.net/ https://static.zohocdn.com/pagesense/ https://static.zohocdn.com/ https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://public.releases.juspay.in/hyper-sdk-web/HyperServices.js https://public.releases.juspay.in/ https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js https://connect.facebook.net https://cdn-in.pagesense.io https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://static.zohocdn.com/pagesense/tracking https://www.google-analytics.com https://www.facebook.com https://maps.googleapis.com https://www.tataplayfiber.com https://www.gstatic.com/recaptcha/releases/joHA60MeME-PNviL59xVH9zs/recaptcha__en.js https://www.google.com https://maps.gstatic.com; img-src 'self' data: https://tsbb-corporate-portal-files.s3.ap-south-1.amazonaws.com https://tsbb-corporate-portal-uat-files.s3.ap-south-1.amazonaws.com/ https://www.google.co.in/pagead/1p-user-list/10796352102/ https://www.google.co.in/pagead/1p-user-list/10796352102/*  https://www.google.co.in/ads/ga-audiences/* https://www.google-analytics.com https://maps.googleapis.com https://www.facebook.com/tr http://tsbb-dev-billing-bucket.s3.amazonaws.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://maps.googleapis.com https://www.tataplayfiber.com https://maps.gstatic.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://tsbb-corporate-portal-files.s3.ap-south-1.amazonaws.com/ https://tsbb-corporate-portal-uat-files.s3.ap-south-1.amazonaws.com/ https://www.tataplayfiber.com/themes/custom/tsb/css/bootstrap.css https://static.zohocdn.com/ https://fonts.googleapis.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://maps.googleapis.com https://www.tataplayfiber.com https://maps.gstatic.com ; font-src 'self' data: https://s3.ap-south-1.amazonaws.com https://fonts.gstatic.com https://www.google-analytics.com https://www.facebook.com https://maps.googleapis.com https://www.tataplayfiber.com https://maps.gstatic.com ; frame-src 'self' bytedance: https://td.doubleclick.net/ https://static.addtoany.com/ https://payments.juspay.in/ https://sandbox.assets.juspay.in/ https://www.facebook.com/ https://cdn-in.pagesense.io/ https://public.releases.juspay.in/ https://www.google-analytics.com https://www.facebook.com https://www.google.com https://maps.googleapis.com https://www.tataplayfiber.com https://maps.gstatic.com ; object-src 'self' https://www.google-analytics.com https://www.facebook.com https://maps.googleapis.com https://www.tataplayfiber.com https://maps.gstatic.com https://www.google.com ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.24-7ru.news https://push.24-7ru.news https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://push.24-7ru.news https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz https://push.24-7ru.news ; 1
frame-ancestors 'self' *.vergic.com practice.acceptcare.com 1
frame-ancestors 'self' *.stockedge.com; 1
base-uri 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3-us-west-2.amazonaws.com/b2bjsstore/b/L9NMMZHMQENW/reb2b.js.gz *.chilipiper.com js.zi-scripts.com ws-assets.zoominfo.com ws.zoominfo.com https://translate.googleapis.com https://js.partnerstack.com/v1/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js *.google.com *.googleoptimize.com https://cdn.jsdelivr.net/npm/intl-tel-input@18.1.1/build/js/intlTelInput.min.js https://cdn.jsdelivr.net/npm/intl-tel-input@18.1.1/build/js/utils.js *.gstatic.com 1gbg1hfkyvry.statuspage.io *.profitwell.com *.wpengine.com *.ketchcdn.com *.ketchjs.com *.datadoghq-browser-agent.com *.sentry-cdn.com *.redditstatic.com s.pinimg.com ct.pinterest.com *.pinimg.com https://1gbg1hfkyvry.statuspage.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com  https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://js.stripe.com https://checkout.stripe.com https://ajax.googleapis.com  https://*.quora.com https://ajax.googleapis.com *.uniqode.com https://storage.googleapis.com https://static.uniqode.com https://static.uniqode.com dna8twue3dlxq.cloudfront.net cdn.auth0.com *.privy.com static.ads-twitter.com *.twitter.com snap.licdn.com *.bing.com  *.clarity.ms *.quora.com connect.facebook.net www.facebook.com *.typeform.com z.moatads.com cdnjs.cloudflare.com *.wistia.com src.litix.io *.wistia.net *.calendly.com *.salesloft.com *.zoominfo.com https://getrockerbox.com https://*.getrockerbox.com https://*.uniqode.com cdn.taboola.com trc.taboola.com  ;child-src 'self' data: blob: https: *.profitwell.com www.youtube.com *.wistia.com  *.privy.com  *.calendly.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com  https://fast.wistia.net https://*.hotjar.com https://*.hotjar.io https://bid.g.doubleclick.net https://js.stripe.com https://hooks.stripe.com https://checkout.stripe.com;form-action  https://www.uniqode.com https://intercom.help https://api-iam.intercom.io https://www.facebook.com/tr/ *.pinterest.com *.profitwell.com *.sentry-cdn.com;frame-ancestors  'self';style-src 'self' 'unsafe-inline' *.uniqode.com https://www.gstatic.com *.wpengine.com https://cdn.jsdelivr.net/npm/intl-tel-input@18.1.1/build/css/intlTelInput.css https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/assets/owl.carousel.min.css storage.googleapis.com  *.privy.com s.pinimg.com ct.pinterest.com fonts.googleapis.com *.calendly.com tagmanager.google.com *.google.com fast.wistia.com *.profitwell.com;img-src * 'self' data: blob: https:;font-src 'self' data: blob: https:  https://*.wistia.com fonts.gstatic.com storage.googleapis.com static.uniqode.com static.uniqode.com optimize.google.com https://js.intercomcdn.com https://fonts.intercomcdn.com *.profitwell.com;media-src 'self' data: blob: https: *.youtube.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net https://js.intercomcdn.com *.profitwell.com; object-src 'none' 1
default-src https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none' 1
frame-ancestors 'self' https://wood.showpad.biz https://www.wood.showpad.biz https://www.wood.showpad.com https://wood.showpad.com 1
base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; child-src blob:; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob:  *.ads-twitter.com *.adsymptotic.com *.adyen.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.bizographics.com *.boomtrain.com *.byside.com wss://*.byside.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inbenta.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io llamamegratis.es *.masmovil.com *.netmng.com *.onetrust.com *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.useinsider.com *.tiktok.com *.twitter.com t.co *.youtube.com *.youtube-nocookie.com *.zetaglobal.net; style-src 'self' https: 'unsafe-inline'  *.ads-twitter.com *.adsymptotic.com *.adyen.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.bizographics.com *.boomtrain.com *.byside.com wss://*.byside.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inbenta.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io llamamegratis.es *.masmovil.com *.netmng.com *.onetrust.com *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.useinsider.com *.tiktok.com *.twitter.com t.co *.youtube.com *.youtube-nocookie.com *.zetaglobal.net; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data:  *.ads-twitter.com *.adsymptotic.com *.adyen.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.bizographics.com *.boomtrain.com *.byside.com wss://*.byside.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inbenta.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io llamamegratis.es *.masmovil.com *.netmng.com *.onetrust.com *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.useinsider.com *.tiktok.com *.twitter.com t.co *.youtube.com *.youtube-nocookie.com *.zetaglobal.net; font-src 'self' data:  *.ads-twitter.com *.adsymptotic.com *.adyen.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.bizographics.com *.boomtrain.com *.byside.com wss://*.byside.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inbenta.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io llamamegratis.es *.masmovil.com *.netmng.com *.onetrust.com *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.useinsider.com *.tiktok.com *.twitter.com t.co *.youtube.com *.youtube-nocookie.com *.zetaglobal.net; connect-src 'self'  *.ads-twitter.com *.adsymptotic.com *.adyen.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.bizographics.com *.boomtrain.com *.byside.com wss://*.byside.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inbenta.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io llamamegratis.es *.masmovil.com *.netmng.com *.onetrust.com *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.useinsider.com *.tiktok.com *.twitter.com t.co *.youtube.com *.youtube-nocookie.com *.zetaglobal.net; frame-src 'self' data:  *.ads-twitter.com *.adsymptotic.com *.adyen.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.bizographics.com *.boomtrain.com *.byside.com wss://*.byside.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inbenta.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io llamamegratis.es *.masmovil.com *.netmng.com *.onetrust.com *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.useinsider.com *.tiktok.com *.twitter.com t.co *.youtube.com *.youtube-nocookie.com *.zetaglobal.net; frame-ancestors 'self'  *.ads-twitter.com *.adsymptotic.com *.adyen.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.bizographics.com *.boomtrain.com *.byside.com wss://*.byside.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inbenta.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io llamamegratis.es *.masmovil.com *.netmng.com *.onetrust.com *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.useinsider.com *.tiktok.com *.twitter.com t.co *.youtube.com *.youtube-nocookie.com *.zetaglobal.net; object-src data:  *.ads-twitter.com *.adsymptotic.com *.adyen.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.bizographics.com *.boomtrain.com *.byside.com wss://*.byside.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inbenta.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io llamamegratis.es *.masmovil.com *.netmng.com *.onetrust.com *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.useinsider.com *.tiktok.com *.twitter.com t.co *.youtube.com *.youtube-nocookie.com *.zetaglobal.net; media-src 'self' data:  *.ads-twitter.com *.adsymptotic.com *.adyen.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.bizographics.com *.boomtrain.com *.byside.com wss://*.byside.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inbenta.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io llamamegratis.es *.masmovil.com *.netmng.com *.onetrust.com *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.useinsider.com *.tiktok.com *.twitter.com t.co *.youtube.com *.youtube-nocookie.com *.zetaglobal.net; worker-src 'self' data: blob:  *.ads-twitter.com *.adsymptotic.com *.adyen.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.bizographics.com *.boomtrain.com *.byside.com wss://*.byside.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inbenta.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io llamamegratis.es *.masmovil.com *.netmng.com *.onetrust.com *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.useinsider.com *.tiktok.com *.twitter.com t.co *.youtube.com *.youtube-nocookie.com *.zetaglobal.net 1
default-src 'unsafe-inline' 'self' *.doubleclick.net *.tawk.to *.meta.com *.youtube.com *.facebook.com connect.facebook.net *.tiktok.com; font-src 'unsafe-inline' 'self' *.gstatic.com *.fontawesome.com *.tawk.to; img-src 'unsafe-inline' 'self' blob: data: *.netgsm.com.tr *.facebook.com *.meta.com *.tiktok.com *.google-analytics.com *.google.com *.google.com *.google.com.tr *.doubleclick.net * data:; script-src 'unsafe-inline' 'self' *.googletagmanager.com connect.facebook.net *.meta.com *.tiktok.com *.youtube.com *.googleadservices.com *.google-analytics.com *.google.com *.doubleclick.net *.jquery.com *.fontawesome.com *.pstmn.io *.google.com *.google.com.tr *.tawk.to *.jsdelivr.net *.cookiebot.com *.licdn.com *.gstatic.com *.clarity.ms googleads.g.doubleclick.net *.facebook.com *.tiktok.com; style-src 'unsafe-inline' 'self' *.googleapis.com *.fontawesome.com *.tawk.to *.youtube.com; frame-src 'unsafe-inline' 'self' *.facebook.com *.tiktok.com *.meta.com *.google.com *.doubleclick.net *.cookiebot.com *.youtube.com; connect-src 'unsafe-inline' 'self' *.doubleclick.net *.facebook.com *.tiktok.com *.meta.com *.youtube.com *.tawk.to wss://*.tawk.to *.cookiebot.com *.linkedin.oribi.io *.google-analytics.com *.google.com *.clarity.ms connect.facebook.net googleads.g.doubleclick.net; 1
default-src 'self'; script-src-elem 'self' https://cdn.usefathom.com; script-src 'self' https://cdn.usefathom.com; child-src 'self' https://hooktube.com https://www.hooktube.com https://youtube.com https://www.youtube.com https://youtu.be https://gfycat.com https://streamja.com https://streamable.com https://vimeo.com https://vine.co https://instaud.io https://player.vimeo.com; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; connect-src 'self' https://cdn.usefathom.com wss://ovarit.com ws://ovarit.com 1
default-src https://www.google.com *.google.com www.googletagmanager.com *.googletagmanager.com *.youtube.com *.googlesyndication.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagservices.com *.gstatic.com 'self'; img-src 'self' data: http://*.gravatar.com/ *.google.com *.youtube.com *.googlesyndication.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagservices.com; style-src 'self' https://fonts.googleapis.com https://*.securiti.ai 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com data:; script-src https://www.google.com www.googletagmanager.com *.googletagmanager.com https://www.gstatic.com *.google.com *.youtube.com *.googlesyndication.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagservices.com *.gstatic.com 'self' https://ajax.googleapis.com https://*.securiti.ai 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https://ajax.googleapis.com https://*.securiti.ai *.google.com *.youtube.com *.googlesyndication.com *.googleapis.com https://www.google.com www.googletagmanager.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagservices.com *.gstatic.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sains.com.my https://*.cloudfront.net https://*.gstatic.com https://*.google.com data: application:; frame-ancestors 'self' https://*.sains.com.my https://*.cloudfront.net;  1
frame-ancestors 'self' https://*.twitch.tv https://*.youtube.com https://*.twitter.com https://facebook.com; 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' c.lytics.io quilt-cdn.janrain.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googletagmanager.com cdn.cookielaw.org connect.facebook.net cdn.segment.com pghub.io c.lytics.io pge.segmanta.com *.cloudfront.net rpxnow.com procter-gamble.eu.janraincapture.com procter-gamble.eu.janrainsso.com procter-gamble.eu-dev.janraincapture.com procter-gamble.eu-dev.janrainsso.com feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; frame-src 'self' feed.pghub.io consumersupport.pg.com s.mujsvet-pg.cz procter-gamble.eu.janrainsso.com procter-gamble.eu.janraincapture.com www.facebook.com procter-gamble.eu-dev.janraincapture.com procter-gamble.eu-dev.janrainsso.com pandg.tapad.com ; img-src 'self' data: images.ctfassets.net cdn.cookielaw.org pixel.tapad.com www.facebook.com c.lytics.io www.googletagmanager.com *.cloudfront.net *.amazon-adsystem.com feed.pghub.io pandg.tapad.com ; connect-src 'self' cdn.cookielaw.org match.adsrvr.org *.google-analytics.com cdn.segment.com www.facebook.com api.segment.io graphql.contentful.com *.algolia.net *.algolianet.com api-pge.segmanta.com api.pgsvc.com api-test.pg.com geolocation-db.com api.pg.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src 'self' 'unsafe-inline' *.passwordping.com *.googleapis.com *.gstatic.com *.twimg.com *.twitter.com *.gravatar.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.google.com cdn.rawgit.com jsfiddle.net *.hsforms.net *.hs-scripts.com *.hsforms.com *.hs-analytics.net *.hubspot.com cdn.jsdelivr.net *.youtube.com *.hubapi.com codepen.io *.enzoic.com *.enzoicdev.com *.enzoic.net script.crazyegg.com *.hscollectedforms.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.passwordping.com *.rawgit.com *.googleapis.com *.gstatic.com *.twimg.com *.twitter.com *.gravatar.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.google.com *.hsforms.net *.hs-scripts.com *.hsforms.com *.hs-analytics.net *.hubspot.com *.youtube.com *.hsadspixel.net *.hs-banner.com *.hubapi.com *.licdn.com *.enzoic.com *.enzoicdev.com *.googletagmanager.com js.usemessages.com cpwebassets.codepen.io cdn.jsdelivr.net getsmartacre.github.io script.crazyegg.com *.hscollectedforms.net; img-src 'self' data: *.passwordping.com *.googleapis.com *.gstatic.com *.twimg.com *.twitter.com *.gravatar.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.google.com cdn.rawgit.com jsfiddle.net *.hsforms.net *.hs-scripts.com *.hsforms.com *.hs-analytics.net *.hubspot.com s.w.org *.youtube.com *.ads.linkedin.com www.linkedin.com *.adsymptotic.com *.enzoic.com *.enzoicdev.com www.googletagmanager.com *.ytimg.com; font-src 'self' data: *.gstatic.com *.enzoic.com; child-src *.enzoic.net *.youtube.com console.enzoic.com *.hsforms.com codepen.io cdpn.io; frame-src *.google.com *.youtube.com forms.hsforms.com codepen.io; 1
default-src 'self' *.tawk.to wss: http: https: data: blob: 'unsafe-inline' 1
default-src 'self' *.paniniamerica.net *.goupshot.com https://analytics.google.com https://*.cardinalcommerce.com https://events.goupshot.com:3000 https://*.googleapis.com https://*.facebook.net https://cdns.us1.gigya.com https://*.kaptcha.com https://r2.trackedweb.net https://*.braintree-api.com https://*.braintreegateway.com https://www.paypal.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.onfido.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com wss://sync.onfido.com; img-src 'self' https://media.goupshot.com https://translate.google.com https://www.gstatic.com https://*.paniniamerica.net https://quickchart.io blob: data: https://www.google.com https://www.facebook.com https://*.paypal.com https://*.googleapis.com; script-src https: 'unsafe-inline' https://cdn.goupshot.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://api.goupshot.com https://cdns.us1.gigya.com; style-src https 'unsafe-inline' https://nft.paniniamerica.net https://www.paniniamerica.net https://translate.googleapis.com https://cdn.goupshot.com https://fonts.googleapis.com https://assets.braintreegateway.com https://assets.onfido.com; frame-src * 'self' mailto: https://www.google.com https://www.youtube.com https://cdns.us1.gigya.com https://bid.g.doubleclick.net https://assets.braintreegateway.com https://*.kaptcha.com https://*.paypal.com https://*.cardinalcommerce.com https://blog.paniniamerica.net; font-src 'self' https://fonts.gstatic.com https://cdn.goupshot.com 1
upgrade-insecure-requests  ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com *.mapbox.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com cdn.cookielaw.org connect.facebook.net pghub.io *.pricespider.com mpsnare.iesnare.com cdnjs.cloudflare.com *.mapbox.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net feed.pghub.io pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' feed.pghub.io consumersupport.pg.com pandg.tapad.com ; img-src 'self' data: images.ctfassets.net cdn.cookielaw.org pixel.tapad.com www.facebook.com *.pricespider.com *.contentful.com feed.pghub.io pandg.tapad.com ; connect-src 'self' *.google-analytics.com cdn.cookielaw.org *.pricespider.com *.mapbox.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src 'self' *.lusini.com *.lusini.dev https://*.wistia.com https://*.wistia.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.lusini.com *.lusini.dev *.netlify.app https://connect.facebook.net https://www.googletagmanager.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net 'unsafe-inline' https://bat.bing.com https://*.wistia.com https://*.wistia.net https://src.litix.io *.awin1.com https://www.dwin1.com *.zenaps.com the.sciencebehindecommerce.com *.cookielaw.org; frame-src 'self' *.lusini.dev *.netlify.app *.lusini.com http://*.lusini.dev http://*.lusini.com https://www.facebook.com/ https://bid.g.doubleclick.net https://td.doubleclick.net https://fast.wistia.com https://fast.wistia.net *.awin1.com *.zenaps.com; connect-src 'self' *.lusini.dev *.lusini.com *.netlify.app *.algolia.net *.algolianet.com *.contentful.com 8nesac7we0.execute-api.eu-central-1.amazonaws.com https://www.facebook.com/tr/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://*.google.at https://*.google.ch https://*.google.es https://*.google.fr https://*.google.hr https://*.google.it https://*.google.nl https://*.google.pt https://*.google.se https://*.google.no https://*.google.be https://*.google.dk https://www.google-analytics.com *.googlesyndication.com https://bat.bing.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://the.sciencebehindecommerce.com https://*.wepowerconnections.com sslwidget.criteo.com *.onetrust.com *.cookielaw.org https://*.dy-api.eu *.getform.io getform.io https://insights.algolia.io https://*.browser-intake-datadoghq.eu; img-src 'self' *.lusini.com *.lusini.dev *.cloudinary.com/lusini/ https://www.facebook.com/tr/ https://connect.facebook.net www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://*.google.at https://*.google.ch https://*.google.es https://*.google.fr https://*.google.hr https://*.google.it https://*.google.nl https://*.google.pt https://*.google.se https://*.google.no https://*.google.be https://*.google.dk https://www.google-analytics.com https://www.google.com https://bat.bing.com 'self' data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net *.awin1.com *.zenaps.com sslwidget.criteo.com dq4irj27fs462.cloudfront.net *.cookielaw.org; media-src 'self' blob: data: *.cloudinary.com/lusini/ 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; style-src 'self' 'unsafe-inline' blob: https://fast.wistia.com; font-src 'self' data: https://*.wistia.com; object-src 'none'; frame-ancestors 'self' *.lusini.com *.lusini.dev *.netlify.app *.contentful.com; child-src 'self' blob:; worker-src 'self' blob: 'self' blob: blob:; 1
report-uri https://corpweb-origin.authentic8.com/report-uri/enforce 1
default-src 'self' *;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data: *;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
frame-ancestors https://*.betdaq.com 1
default-src 'self'; media-src 'self' 'unsafe-inline' https://chat.fortifi.io/ https://bat.bing.com/ https://player.vimeo.com/ https://vod-progressive.akamaized.net/; img-src 'self' 'unsafe-inline' https://i.ytimg.com/ https://chat.fortifi.io/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://bat.bing.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.facebook.com/ https://connect.facebook.net/ data: https://storage.googleapis.com/ https://haveibeenpwned.com/ https://resources.totalav.com/ https://assets.totalav.com/ https://logs-01.loggly.com/ https://www.mczbf.com/ https://stats.pcprotect.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://chat.fortifi.io/; font-src 'self' https://fonts.gstatic.com https://chat.fortifi.io/; script-src 'self' 'unsafe-inline' https://stats.pcprotect.com https://googletagmanager.com/ https://googleadservices.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://widget.trustpilot.com/ https://chat.fortifi.io/ https://cfgchat.fortifi.io/ https://www.facebook.com/ https://connect.facebook.net/ https://url.pcprotect.com http://url.pcprotect.com/px/init/fortifi.js https://www.gstatic.com/ https://utt.impactcdn.com/ https://www.mczbf.com/; worker-src 'self' blob; frame-src 'self' blob: https://chat.fortifi.io/ https://player.vimeo.com https://www.youtube.com/ https://www.facebook.com/ https://widget.trustpilot.com/ https://vod-progressive.akamaized.net/ https://my.pcprotect.com https://www.google.com/; connect-src 'self' https://my.pcprotect.com https://ajax.pcprotect.com https://login.pcprotect.com https://signup.pcprotect.com https://my.pcprotect.com https://bat.bing.com/ wss://chat.fortifi.io/ https://stats.pcprotect.com https://www.mczbf.com/; frame-ancestors 'self' 1
default-src  'self' *.cntaiping.com *.baidu.com *.map.baidu.com *.bdimg.com hq.sinajs.cn res.wx.qq.com pv.sohu.com 'unsafe-inline' 'unsafe-eval' blob: data: ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: ; worker-src 'self' blob: ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; frame-ancestors 'self'; 1
object-src 'self'; 1
default-src 'self'; font-src 'self' fonts.gstatic.com; style-src 'self' fonts.googleapis.com; script-src 'self' 'unsafe-inline'; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none' 1
frame-ancestors 'self' localhost:* supermetrics.sanity.studio 1
upgrade-insecure-requests; frame-ancestors 'self' *.reforma.com *.elnorte.com *.mural.com.mx *.gruporeforma.com *.agenciareforma.com *.avisosdeocasion.com *.elviernesnocuesta.com aristeguinoticias.com *.ezproxy.iteso.mx *.udemproxy.elogim.com creative-preview-an.com ib.adnxs-simple.com mediation.adnxs.com http://intraneteditora http://intranetreforma http://intranetmural http://operacionesinternet *.grupo.reforma.com; 1
script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob: https://neoom.matomo.cloud/matomo.js 1
default-src *; img-src * data: http: https: ; script-src * 'unsafe-inline' 'unsafe-eval' http: https: *.dynamicyield.com; style-src * 'unsafe-inline' http: https: ; font-src *; frame-src * http: https: *.dynamicyield.com; frame-ancestors *; form-action * http: https: ; media-src * http: https: ; connect-src * http: https: ;base-uri  *; 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://ivul-zcmp.maillist-manage.eu https://help74.creativevirtual.com/; script-src-elem 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://ivul-zcmp.maillist-manage.eu https://cdn.jsdelivr.net/ https://sc-static.net/ https://help74.creativevirtual.com/; script-src-attr 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://ivul-zcmp.maillist-manage.eu https://help74.creativevirtual.com/; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://help74.creativevirtual.com/ https://fonts.googleapis.com/; img-src 'self' data: https://stratus.campaign-image.eu https://ivul-zcmp.maillist-manage.eu https://campaigns.zoho.eu https://campaigns.zoho.com https://secure.gravatar.com https://accounts.zoho.eu https://help74.creativevirtual.com/; font-src 'self' data: https://cdn.jsdelivr.net https://sc-static.net https://help74.creativevirtual.com/ https://fonts.gstatic.com/; connect-src 'self' https://ivul-zcmp.maillist-manage.eu https://api.wpcodebox.com https://help74.creativevirtual.com/ https://quark.api.v-person.ai/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://js.driftt.com https://widget.drift.com https://ajax.googleapis.com https://maps.googleapis.com https://optimize.google.com https://www.youtube.com https://cdnjs.cloudflare.com https://www.google.com https://tagmanager.google.com https://www.googleoptimize.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://partner.googleadservices.com https://adservice.google.com https://adservice.google.ca https://tpc.googlesyndication.com https://cookie-cdn.cookiepro.com https://hubspot.clearbit.com https://forms.hsforms.com https://client-registry.mutinycdn.com https://js.hs-scripts.com https://js.hsforms.net https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://client.mutinycdn.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://bat.bing.com https://static.hotjar.com https://tag.clearbitscripts.com https://j.6sc.co https://www.clickcease.com https://metadata-static-files.sfo2.cdn.digitaloceanspaces.com https://script.hotjar.com https://reveal.clearbit.com https://x.clearbitjs.com https://snap.licdn.com https://tag.demandbase.com https://tribl.io https://hackerone.com https://www.clarity.ms https://k.clarity.ms https://js.chilipiper.com/marketing.js https://tracking.g2crowd.com https://*.prod.mplat-ppcprotect.com https://*.lunio.ai https://serve.nrich.ai https://tag.nrich.ai https://tag.unifyintent.com https://cdn.dreamdata.cloud; 1
frame-ancestors 'self' https://*.youtube.com 1
frame-ancestors 'self' https://www.truckworks.de https://special.mercedes-benz-trucks.com 1
default-src 'self' ; img-src  *.flix360.com *.flixcar.com *.flixfacts.com *.yahoo.net *.klaviyo.com *.adroll.com *.consensu.org *.casalemedia.com *.3lift.com *.doubleclick.net *.adsymptotic.com *.linkedin.com *.advertising.com *.rubiconproject.com *.pubmatic.com *.licdn.com *.outbrain.com *.taboola.com *.yahoo.com *.yahoo.com www.facebook.com *.facebook.net *.rlcdn.com *.adnxs.com *.bidswitch.net *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.googletagmanager.com *.google-analytics.com *.rewardstyle.com *.scaletrk.com *.stylight.net *.everesttech.net *.mookie1.com *.w55c.net *.aralego.net *.bidr.io *.octillion.tv *.mouseflow.com *.adsrvr.org *.lijit.com *.emxdgt.com *.bing.com *.google.com *.google.bg *.salesforce.com *.zenaps.com zenaps.com fenwick.com *.fenwick.com *.admixer.co.kr *.nate.com *.meba.kr *.ad-stir.com *.dable.io *.socdm.com *.adingo.jp *.criteo.net *.linksynergy.com *.thebrighttag.com *.dmxleo.com id5-sync.com *.id5-sync.com *.clarity.ms *.dmxleo.com *.revcontent.com *.adtdp.com *.igodigital.com *.mediawallahscript.com *.kargo.com *.tpmn.co.kr *.smadex.com *.sundaysky.com *.sc-trc.com *.fwmrm.net *.adotmob.com *.sitescout.com *.clmbtech.com *.smartclip.net *.ants.vn *.microad.jp *.demdex.net *.yandex.ru *.openx.net *.addthis.com *.mgid.com *.turn.com *.mediavine.com *.ivitrack.com *.twiago.com *.stickyadstv.com *.postrelease.com *.liadm.com *.yieldmo.com *.e-planning.net *.rlcdn.com *.aralego.com *.krxd.net *.bluekai.com *.rambler.ru *.tremorhub.com *.sharethrough.com *.criteo.com *.omnitagjs.com *.mail.ru *.yieldlab.net *.adnxs.com *.doubleclick.net *.outbrain.com *.rubiconproject.com *.casalemedia.com *.taboola.com *.smartadserver.com *.teads.tv *.yahoo.com *.pubmatic.com *.3lift.com *.adscale.de *.media.net *.smaato.net *.360yield.com *.bidswitch.net *.tapad.com *.adform.net *.advertising.com *.bing.com *.paypal.com *.paypalobjects.com stats.g.doubleclick.net 'self' data: edge.disstg.commercecloud.salesforce.com www.google-analytics.com um.simpli.fi www.instagram.com www.googletagmanager.com services.postcodeanywhere.co.uk pixel.mathtag.com aa.agkn.com cx.atdmt.com www.facebook.com *.pbbl.co *.optimove.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googleapis.com *.google.com *.adyen.com t1.stormiq.com i1.adis.ws *.cdn.media.amplience.net cdn.media.amplience.net cdn.cookielaw.org *.bazaarvoice.com ; child-src *.mouseflow.com 'self' blob: ; style-src *.flixcar.com 'unsafe-inline' 'self' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com fenwickuk.my.salesforce-sites.com *.my.salesforce-sites.com *.salesforce-sites.com *.googletagmanager.com googletagmanager.com *.klarnacdn.net *.force.com *.adyen.com *.adyen.com tagmanager.google.com foursixty.com cdn.jsdelivr.net fonts.googleapis.com services.postcodeanywhere.co.uk *.bazaarvoice.com fast.fonts.net service.force.com ; script-src *.flixfacts.com *.flix360.io *.flix360.com *.flixcar.com https://www.botify.com *.pw.adn.cloud *.newrelic.com *.klaviyo.com *.ratepay.com *.adroll.com *.consensu.org *.casalemedia.com *.3lift.com *.doubleclick.net *.adsymptotic.com *.linkedin.com *.advertising.com *.rubiconproject.com *.pubmatic.com *.licdn.com *.outbrain.com *.taboola.com *.yahoo.com *.yahoo.com www.facebook.com *.facebook.net *.rlcdn.com *.adnxs.com *.bidswitch.net *.visualwebsiteoptimizer.com app.vwo.com *.klarna.com *.googletagmanager.com fenwickuk.my.salesforce-sites.com *.my.salesforce-sites.com *.salesforce-sites.com *.rewardstyle.com *.scaletrk.com *.salesforceliveagent.com *.polyfill.io *.mouseflow.com www.opentable.co.uk *.resy.com *.criteo.net *.igodigital.com *.igodigital.com *.force.com zenaps.com *.zenaps.com *.sciencebehindecommerce.com *.rakuten.com *.dwin1.com *.clarity.ms *.igodigital.com *.klarnaservices.com *.id5-sync.com id5-sync.com *.criteo.com *.criteo.net *.bing.com *.paypal.com *.paypalobjects.com static.trackedweb.net *.trackedlink.net *.gstatic.com static.zdassets.com *.trustpilot.com tagmanager.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.facebook.net *.cquotient.com services.postcodeanywhere.co.uk cdn.cookielaw.org service.force.com fenwickuk.my.salesforce.com *.cloudfront.net 'unsafe-inline' 'self' cdn.cquotient.com www.googletagmanager.com googleads.g.doubleclick.net *.pcapredict.com maps.googleapis.com services.postcodeanywhere.co.uk www.google-analytics.com p.cquotient.com static.hotjar.com www.googleadservices.com *.bazaarvoice.com *.salesforceliveagent.com geolocation.onetrust.com 'unsafe-eval' *.adyen.com *.advancedcommerce.services *.stylight.net ; font-src data: *.mouseflow.com *.flixfacts.com *.flixcar.com *.klarnacdn.net 'self' fonts.gstatic.com googleads.g.doubleclick.net ; frame-src *.flixcar.com app.vwo.com *.visualwebsiteoptimizer.com *.klarna.com fenwickuk.my.salesforce-sites.com *.my.salesforce-sites.com *.salesforce-sites.com *.rewardstyle.com *.scaletrk.com *.cloudfront.net *.mouseflow.com *.issuu.com *.appointedd.com www.opentable.co.uk *.resy.com *.adyen.com *.doubleclick.net www.opentable.co.uk *.resy.com 'unsafe-eval' *.doubleclick.net *.megaphone.fm *.spotify.com *.zenaps.com zenaps.com *.criteo.net *.criteo.com www.sandbox.paypal.com www.paypal.com www.paypalobjects.com service.force.com 'self' *.google.com widget.trustpilot.com *.youtube.com *.vimeo.com www.facebook.com *.klarnaservices.com *.stylight.net ; connect-src *.pw.adn.cloud *.flixcar.com *.adroll.com *.visualwebsiteoptimizer.com app.vwo.com *.nr-data.net *.klaviyo.com *.klarna.com www.google.com google.com *.googletagmanager.com *.analytics.google.com *.google.com *.rewardstyle.com *.scaletrk.com *.sciencebehindecommerce.com *.mouseflow.com *.google-analytics.com *.appspot.com *.foundit.com *.bazaarvoice.com *.force.com *.googleapis.com *.clarity.ms *.klarnaservices.com *.bing.com wss://ws.salecycle.com *.adyen.com *.criteo.com *.paypal.com *.paypalobjects.com widget.trustpilot.com wss://widget-mediator.zopim.com *.trackedweb.net ekr.zdassets.com *.klarnaevt.com stats.g.doubleclick.net www.facebook.com *.pinterest.com *.klarnauserservices.com *.optimove.events www.google-analytics.com *.hotjar.com *.optimove.net *.hotjar.io 'self' api.cquotient.com services.postcodeanywhere.co.uk cdn.cookielaw.org *.onetrust.com *.advancedcommerce.services ; media-src *.flixcar.com cdn.static.amplience.net *.amplience.net 'self' *.rewardstyle.com *.scaletrk.com static.zdassets.com *.akamaized.net player.vimeo.com *.stylight.net ; form-action *.americanexpress.com *.icicibank.com *.playground.klarna.com *.klarna.com www.facebook.com *.google.com *.paypal.com *.paypalobjects.com 'self' *.adyen.com *.bazaarvoice.com ; worker-src 'self' blob: ; upgrade-insecure-requests 1
default-src https://*.ilive.cn https://*.lenovo.com.cn https://*.ifeng.com https://wbd.kuwo.cn https://*.bdxiguaimg.com https://hm.baidu.com data: 'unsafe-inline' 'unsafe-eval'; 1
default-src blob: wss: chat.blue.net https://fiber.nctc.com/embed/36.js bnccp.ad.bluegrassnetwork.com BNCCP.ad.bluegrassnetwork.com *.nctc.com fiber.nctc.com/embed/36.js *.socket.io *.bbb.org *.cloudflare.com in.visitors.live *.visitors.live *.gracenote.com fiber.nctc.com https://cdn.crowdfiber.io/jquery/3.3.1/jquery-ui.css *.cdn.js *.jsdelivr.net *.commentportal.com commentportal.com *.google.com bootstrapcdn.com  googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com data: *.googletagmanager.com https://cdn.crowdfiber.io/jquery/3.3.1/jquery.min.js https://cdn.crowdfiber.io/jquery/3.3.1/jquery-ui.min.js luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net *.nwwsd.org facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.facebook.net *.smeco.coop electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' billing.nwwsd.org elfsight.com icua.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co *.cooperative.com *.google-analytics.com gmpg.org cloudfront.net *.ctctcdn.com *.marketingautomation.services *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com *.azgt.coop; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms *.googletagmanager.com *.google-analytics.com cc.cdn.civiccomputing.com; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline'; img-src 'self' *.googleapis.com *.google.com *.gstatic.com *.googleusercontent.com *.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' www.youtube.com; connect-src 'self' https://*.clarity.ms https://stats.g.doubleclick.net https://*.google-analytics.com https://*.civiccomputing.com; upgrade-insecure-requests 1
default-src * data: 'self' 'unsafe-inline';img-src * data:;style-src-elem 'self' 'unsafe-inline' https://cdn.cookielaw.org https://pr-cb-bot.azurewebsites.net https://fonts.googleapis.com https://optanon.blob.core.windows.net;script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.google-analytics.com https://connect.facebook.net https://cdn.cookielaw.org https://code.jquery.com/ https://cdnjs.cloudflare.com https://geolocation.onetrust.com https://maps.googleapis.com https://ajax.googleapis.com https://pr-cb-bot.azurewebsites.net/CAchat/botchat.js https://pr-cb-bot.azurewebsites.net/CAchat/main/main.prod.js https://www.google.com/recaptcha/api.js https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/www-widgetapi-vflE2z392/www-widgetapi.js https://www.gstatic.com/recaptcha/api2/v1563777128698/recaptcha__pt.js https://platform-api.sharethis.com/js/sharethis.js;frame-src https://www.youtube.com  https://youtu.be/ https://www.facebook.com https://www.googletagmanager.com https://www.google.com/ https://vars.hotjar.com https://platform-api.sharethis.com https://c.sharethis.mgr.consensu.org/ https://eur02.safelinks.protection.outlook.com/ https://cdn.flipsnack.com/ https://heyzine.com/ https://online.fliphtml5.com/ https://player.flipsnack.com; 1
style-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.googleapis.com https://*.googletagmanager.com *.tinymce.com *.tiny.cloud; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://polyfill-fastly.io/v3/polyfill.min.js https://*.azure.com https://*.brightcove.net https://vjs.zencdn.net https://siteimproveanalytics.com https://embed.acuityscheduling.com/js/embed.js https://*.hotjar.com https://*.cookieinformation.com https://code.highcharts.com/ *.tinymce.com *.tiny.cloud; img-src 'self' data: blob: https://*.brightcovecdn.com https://*.brightcove.com https://*.prod.boltdns.net https://*.siteimproveanalytics.io https://*.hotjar.com *.tinymce.com *.tiny.cloud play.google.com; font-src 'self' data: https://*.hotjar.com *.tinymce.com *.tiny.cloud; frame-ancestors 'self'; frame-src 'self' https://cg.optimizely.com/ https://*.google.com/ https://norgesbank.aventia.no/ https://app.acuityscheduling.com/ https://*.cookieinformation.com https://*.hotjar.com https://vimeo.com/; connect-src 'self' https://data.at.nbtest.no https://data.norges-bank.no https://dc.services.visualstudio.com https://*.brightcove.com https://*.prod.boltdns.net https://*.brightcovecdn.com https://*.cookieinformation.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.tinymce.com *.tiny.cloud blob:; worker-src blob:; 1
default-src 'self' https://play.vidyard.com *.vidyard.com *.segment.com data: https://www.google-analytics.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ https://widget.sndcdn.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://analytics.google.com *.googletagmanager.com *.sndcdn.com https://js-agent.newrelic.com *.newrelic.com https://bam.nr-data.net *.nr-data.net *.googleadservices.com *.tags.bkrtx.com *.tags.bluekai.com https://static.opentok.com *.opentok.com https://browseranalytic.com *.browseranalytic.com https://js.hsforms.net *.hsforms.net https://scp.kampyle.com *.kampyle.com https://tpbancolombia.teleperformance.co *.teleperformance.co https://stati.in *.stati.in blob: https://play.vidyard.com *.vidyard.com https://static.zdassets.com https://clousc.com *.clousc.com https://static.hsappstatic.net *.hsappstatic.net https://forms.hsforms.com *.hsforms.com *.zdassets.com https://plinksoporte.zendesk.com *.zendesk.com https://d10lpsik1i8c69.cloudfront.net https://app.hubspot.com *.hubspot.com https://a.omappapi.com *.omappapi.com https://js.hs-scripts.com *.hs-scripts.com *.cloudfront.net https://people.wsuite.com *.wsuite.com https://js.hs-analytics.net *.hs-analytics.net https://widget-mediator.zopim.com *.zopim.com https://js.hs-banner.com *.hs-banner.com https://ajax.googleapis.com *.googleapis.com https://static.browseranalytic.com https://player.vimeo.com *.vimeo.com *.connect.facebook.net *.facebook.net https://polyfill.io *.polyfill.io https://library-sdb.apps.bancolombia.com *.bancolombia.com https://f.vimeocdn.com *.vimeocdn.com https://syndication.twitter.com *.twitter.com https://cdn.syndication.twimg.com *.twimg.com *.facebook.com *.script.hotjar.com https://asistencia.webv2.allus.com.co https://cdn.todo1.com *.todo1.com *.allus.com.co *.vars.hotjar.com *.t.co *.gstatic.com *.analytics.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv https://code.jquery.com *.jquery.com *.px.ads.linkedin.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.hotjar.com https://tags.bkrtx.com https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.grupobancolombia.com https://lptag.liveperson.net https://maps.googleapis.com *.google.com *.cdn.dynamicyield.com *.st.dynamicyield.com *.rcom.dynamicyield.com https://cdn.dynamicyield.com https://st.dynamicyield.com https://rcom.dynamicyield.com https://unpkg.com https://accdn.lpsnmedia.net https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://www.sc.pages03.net https://www.youtube.com *.youtube.com https://resources.digital-cloud-west.medallia.com https://cdn.jsdelivr.net *.cdn.jsdelivr.net https://galatea-dev.apps.ambientesbc.com *.ambientesbc.com https://widget.spreaker.com/ *.spreaker.com *.segment.com;img-src 'self' https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ data: https://a.tribalfusion.com *.tribalfusion.com https://dpm.demdex.net *.demdex.net *.cloudfront.net *.px.ads.linkedin.com *.linkedin.com *.facebook.com https://secure.gravatar.com *.gravatar.com https://pf-emoji-service--cdn.us-east-1.prod.public.atl-paas.net *.atl-paas.net https://vop.sundaysky.com *.sundaysky.com https://odr.mookie1.com *.mookie1.com https://monstat.com *.monstat.com https://pxl.jivox.com *.jivox.com https://cdn2.hubspot.net https://i.stack.imgur.com *.imgur.com https://widget.sndcdn.com *.sndcdn.com https://i1.sndcdn.com https://a.omappapi.com *.omappapi.com *.hubspot.net https://upload.wikimedia.org *.wikimedia.org https://f.hubspotusercontent20.net https://play.vidyard.com *.vidyard.com *.hubspotusercontent20.net https://track.hubspot.com https://i1.wp.com *.wp.com https://theme.zdassets.com *.zdassets.com *.hubspot.com https://soporte.plink.com.co *.plink.com.co https://cx.atdmt.com *.atdmt.com https://i.ytimg.com https://b1sync.zemanta.com *.zemanta.com https://sync.crwdcntrl.net *.crwdcntrl.net https://www.googletagmanager.com *.googletagmanager.com https://platform.twitter.com *.twitter.com https://abs.twimg.com *.ytimg.com https://i.vimeocdn.com *.vimeocdn.com https://xrbcqpor01.bancolombia.com:10039 *.bancolombia.com https://maps.googleapis.com *.googleapis.com https://yt3.ggpht.com *.ggpht.com https://connect.facebook.net *.facebook.net https://asistencia.webv2.allus.com.co *.allus.com.co https://www.google-analytics.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co https://p.adsymptotic.com *.cdn.dynamicyield.com *.dynamicyield.com *.grupobancolombia.com https://tags.bluekai.com *.pages03.net *.maps.gstatic.com https://maps.gstatic.com *.gstatic.com https://resources.digital-cloud-west.medallia.com https://sync.teads.tv *.teads.tv https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net region1.google-analytics.com region1.analytics.google.com *.analytics.google.com https://cdn.segment.com https://segment.com https://*.segment.com https://api.segment.io/;media-src 'self' https://widget.spreaker.com/ *.spreaker.com https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ *.googleadservices.com *.grupobancolombia.com *.cloudfront.net https://static.zdassets.com *.zdassets.com https://www.youtube.com https://asistencia.webv2.allus.com.co *.allus.com.co *.youtube.com blob: data:;frame-src 'self' https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ https://widget.spreaker.com/ *.spreaker.com *.googleadservices.com https://bcapi.apichefcompany.com *.cloudfront.net *.apichefcompany.com *.google-analytics.com *.facebook.com https://w.soundcloud.com *.soundcloud.com https://series1.cma.com.br *.cma.com.br https://bancolombia.olb.todo1.com *.todo1.com https://tpbancolombia.teleperformance.co *.teleperformance.co https://extractosinternet.bancolombia.com *.bancolombia.com https://forms.hsforms.com *.hsforms.com https://play.vidyard.com *.vidyard.com https://platform.twitter.com *.twitter.com https://vars.hotjar.com https://player.vimeo.com *.vimeo.com https://resources.digital-cloud-west.medallia.com *.medallia.com https://asistencia.webv2.allus.com.co *.allus.com.co https://stags.bluekai.com https://api.skaduks.com https://bid.g.doubleclick.net https://td.doubleclick.net/ *.grupobancolombia.com https://www.google.com *.google.com https://www.google-analytics.com https://cdn.dynamicyield.com *.dynamicyield.com https://lpcdn.lpsnmedia.net https://www.youtube.com *.youtube.com https://9811311.fls.doubleclick.net https://webapp1.allus.com.co https://vc.hotjar.io https://cdn.segment.com https://segment.com https://*.segment.com https://api.segment.io/;style-src 'self' 'unsafe-inline' https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ https://asistencia.webv2.allus.com.co https://cdnjs.cloudflare.com *.cloudflare.com https://library-sdb.apps.bancolombia.com *.bancolombia.com https://assets.kampyle.com *.kampyle.com https://cdn2.hubspot.net *.hubspot.net https://galatea-dev.apps.ambientesbc.com *.ambientesbc.com https://cdn.jsdelivr.net *.jsdelivr.net https://assets.vidyard.com *.vidyard.com https://static.zdassets.com *.zdassets.com *.webv2.allus.com.co https://www.gstatic.com *.gstatic.com https://f.vimeocdn.com *.vimeocdn.com https://platform.twitter.com *.twitter.com https://www.grupobancolombia.com https://use.fontawesome.com *.fontawesome.com *.grupobancolombia.com https://nominatim.openstreetmap.org https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com https://unpkg.com *.segment.com;connect-src 'self' https://api.analiticamercadeo.com:* https://widget.spreaker.com/ *.spreaker.com https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ https://bam.nr-data.net *.nr-data.net *.stats.g.doubleclick.net *.cloudfront.net https://fresnel.vimeocdn.com *.vimeocdn.com data: https://player-telemetry.vimeo.com *.vimeo.com https://api-widget.soundcloud.com *.soundcloud.com *.bancolombia.com https://api.us.apiconnect.ibmcloud.com *.ibmcloud.com https://jsonip.com *.jsonip.com https://resources.digital-cloud-west.medallia.com *.medallia.com https://inveco-services.qdata.io *.qdata.io https://identify.hotjar.com https://wave.sndcdn.com *.sndcdn.com https://api.ipify.org *.ipify.org *.hotjar.com https://alivionofinancieros.isobarapi.com *.isobarapi.com https://130vod-adaptive.akamaized.net *.akamaized.net https://c.browseranalytic.com https://forms.hsforms.com *.hsforms.com https://tpbancolombia.teleperformance.co *.teleperformance.co https://raw.vidyard.com *.vidyard.com wss://tpbancolombia.teleperformance.co https://ekr.zdassets.com https://api-k8-cer.plink.com.co https://api.plink.com.co *.plink.com.co https://api.omappapi.com *.omappapi.com *.zdassets.com wss://widget-mediator.zopim.com *.zopim.com https://plinksoporte.zendesk.com *.zendesk.com https://settings.luckyorange.net *.luckyorange.net https://digital.sanchobbdoapp.com https://www.calculadoralaboral.co *.calculadoralaboral.co *.sanchobbdoapp.com *.browseranalytic.com https://strfeedrt01.cma.com.br *.cma.com.br https://syndication.twitter.com *.twitter.com https://stats.g.doubleclick.net https://bcapi.apichefcompany.com *.apichefcompany.com https://bid.g.doubleclick.net *.googlevideo.com https://api.skaduks.com https://nominatim.openstreetmap.org *.cdn.dynamicyield.com *.dynamicyield.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.st.dynamicyield.com *.rcom.dynamicyield.com https://cdn.dynamicyield.com https://st.dynamicyield.com https://rcom.dynamicyield.com https://www.facebook.com https://cdn.jsdelivr.net *.jsdelivr.net *.facebook.com https://lpcdn.lpsnmedia.net https://firestore.googleapis.com https://www.youtube.com *.youtube.com https://9811311.fls.doubleclick.net https://webapp1.allus.com.co https://yt3.ggpht.com *.yt3.ggpht.com https://i.ytimg.com *.i.ytimg.com *.googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.grupobancolombia.com https://vc.hotjar.io region1.google-analytics.com region1.analytics.google.com *.analytics.google.com https://analytics.google.com *.googletagmanager.com *.g.doubleclick.net https://cdn.segment.com https://segment.com https://*.segment.com https://api.segment.io/;font-src 'self' data: https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ https://www.grupobancolombia.com *.grupobancolombia.com *.cloudfront.net https://cdnjs.cloudflare.com *.cloudflare.com https://static.zdassets.com *.zdassets.com https://assets.kampyle.com *.kampyle.com https://fonts.gstatic.com *.gstatic.com https://library-sdb.apps.bancolombia.com *.bancolombia.com https://galatea-dev.apps.ambientesbc.com *.ambientesbc.com; 1
default-src 'self' static.dnsbelgium.be; media-src 'self' www.youtube.com youtu.be vimeo.com player.vimeo.com static.dnsbelgium.be; script-src 'self' cookie.wieni.be www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com 'sha256-n0qo0a+uNS3EBowOxlDJeqRRacNxVgew48Omj0IYROY=' api.usersnap.com resources.usersnap.com widget.usersnap.com cdn.usersnap.com 'sha256-3UZnJiUmLKDbXEjPsm9EHc0R7InC5uAtj5O1u68mBzM=' 'sha256-9JLcNkvDbyx27cZsDQUfhAXctCUn8uKZhZo7K5s+cZY=' 'sha256-4YMvBqS3vvUrtHeUMQvHMMjdLUOlOHQOgs5s+Wxepkk=' consent.cookiebot.com consentcdn.cookiebot.com connect.facebook.net www.youtube.com s.ytimg.com static.dnsbelgium.be snap.licdn.com www.toll-net.be/h5p/wp-content/plugins/h5p/h5p-php-library/js/h5p-resizer.js https://cdn.matomo.cloud/dnsbelgium.matomo.cloud/matomo.js s.pointerpro.com survey.dnsbelgium.be pagead2.googlesyndication.com 'sha256-7b0CKEQkvadz7B/pYgEMs74upd57DoxBlXRIWY8pdRg=' 'sha256-XlGJBFdn9wZ3QRSQmE5hz2h94YBoRCV09VOA9PNwEc4=' 'sha256-7jDSgL9/dTEn7w83QbKH2DxAZSXWTe5+pNgp0l6xaGI=' 'sha256-cyhAnyf/da35tv9DMBPcWxiXKF8KRetd7+NRa8ylykg=' 'sha256-A3Dbl/cByN6GbFswAlXt66hMeUW5GNI1G4g6LzsRv0o=' 'sha256-0RBExtvEZO5CsGJ2YygQGmydb+opVDaeBuMtzkrktFw='; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com cookie.wieni.be tagmanager.google.com use.fontawesome.com; img-src wmimages.dnsbelgium.be 'self' data: www.google-analytics.com ssl.gstatic.com www.gstatic.com cdn.usernap.com www.countryflags.io static.dnsbelgium.be www.facebook.com i.ytimg.com   *.ads.linkedin.com imgsct.cookiebot.com; font-src 'self' data: use.fontawesome.com fonts.gstatic.com; frame-src 'self' www.google.com maps.google.com www.youtube.com player.vimeo.com notfound-static.fwebservices.be *.youtube-nocookie.com consentcdn.cookiebot.com calendar.google.com accounts.google.com *.medialaancdn.be www.facebook.com www.toll-net.be s.pointerpro.com https://flo.uri.sh/ survey.dnsbelgium.be datawrapper.dwcdn.net; connect-src 'self' cookie.wieni.be www.google-analytics.com widget.usersnap.com 'sha256-4YMvBqS3vvUrtHeUMQvHMMjdLUOlOHQOgs5s+Wxepkk=' consent.cookiebot.com consentcdn.cookiebot.com api.dnsbelgium.be webwhois.nic.vlaanderen webwhois.nic.brussels cdn.linkedin.oribi.io dnsbelgium.matomo.cloud pagead2.googlesyndication.com; worker-src 'self'; object-src 'self' 1
default-src 'self'; connect-src 'self' *.siteimprove.com https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://www.google-analytics.com https://www.googletagmanager.com https://search.service.vportal.ee/v1/search/valitsus https://search.service.vportal.ee/v1/globalsearch/total https://form.service.vportal.ee/v1/ https://search.service.vportal.ee/v1/events/valitsus https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.rocket.chat https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://kriis.prelive.vportal.ee/show_node_paragraph/1324/a030c120-99a5-4cfb-92b4-a66516390772 https://app.powerbi.com/view https://app.powerbi.com/reportEmbed https://xgis.maaamet.ee; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com https://www.valitsus.ee https://valitsus.ee https://www.googletagmanager.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src 'self' *.google-analytics.com *.analytics.google.com media.cinkciarz.pl; connect-src 'self' g2.cinkciarz.pl *.google-analytics.com *.analytics.google.com *.livesession.io *.cinkciarz.pl *.doubleclick.net *.google.com *.googlesyndication.com matomo.cinkciarz.pl; font-src 'self' fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' *.google-analytics.com *.analytics.google.com optimize.google.com fonts.googleapis.com; script-src 'self' 'unsafe-eval' cinkciarz.pl conotoxia.com www.googletagmanager.com *.google-analytics.com *.analytics.google.com www.googleanalytics.com www.googleoptimize.com www.google.com optimize.google.com stats.g.doubleclick.net *.youtube.com player.vimeo.com www.gstatic.com *.livesession.io *.cinkciarz.pl *.doubleclick.net www.googleadservices.com matomo.cinkciarz.pl; frame-src 'self' 'unsafe-inline' optimize.google.com *.youtube.com player.vimeo.com *.spotify.com *.spotify.net www.google.com *.doubleclick.net; frame-ancestors 'self' *.spotify.com *.spotify.net; img-src 'self' media.cinkciarz.pl www.googletagmanager.com *.google-analytics.com *.analytics.google.com optimize.google.com *.g.doubleclick.net cinkciarz.pl conotoxia.com data: www.google.pl www.google.com matomo.cinkciarz.pl; 1
default-src 'self' mittwald.de *.mittwald.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net www.redditstatic.com *.signalize.com *.etracker.com *.etracker.de *.hotjar.com pretix.eu px.ads.linkedin.com snap.licdn.com *.googletagmanager.com *.adform.net mittwald.de *.mittwald.de; style-src 'self' 'unsafe-inline' *.hotjar.com pretix.eu; img-src 'self' data: userlike-cdn-operators.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-web.b-cdn.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com alb.reddit.com *.hotjar.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.de *.adform.net px.ads.linkedin.com mittwald.de *.mittwald.de; font-src 'self' data: userlike-cdn-umm.b-cdn.net fonts.gstatic.com *.hotjar.com mittwald.de *.mittwald.de; connect-src 'self' wss://umd.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com umd.userlike.com api.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com www.redditstatic.com *.signalize.com *.etracker.de *.hotjar.com *.hotjar.io wss://*.hotjar.com pretix.eu px.ads.linkedin.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.de *.adform.net pixel-config.reddit.com mittwald.de *.mittwald.de blob:; media-src 'self' userlike-cdn-umm.b-cdn.net userlike-store-media-files.s3.amazonaws.com www.userlike.com mittwald.de *.mittwald.de blob:; child-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net mittwald.de *.mittwald.de blob:; frame-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net *.youtube.com www.youtube-nocookie.com player.vimeo.com *.adform.net pretix.eu mittwald.de *.mittwald.de; frame-ancestors 'self' https://*.etracker.com; 1
default-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com/maps/; object-src 'none';  font-src 'self' 'unsafe-inline' https://fonts.gstatic.com; frame-src 'self' https://www.google.com https://gateway.zscaler.net/; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; upgrade-insecure-requests; script-src-elem 'self' 'unsafe-inline' https://gateway.zscaler.net/ https://googletagmanager.com/; 1
frame-ancestors 'self' https://webapp.trendemon.com https://engage.audiocodes.com 1
frame-ancestors 'self' https://*.braintreegateway.com https://musthaveideas.co.uk https://*.musthaveideas.co.uk https://app.dashmaster2k.com; 1
object-src 'none'; base-uri 'self'; font-src 'self' fonts.gstatic.com fonts.googleapis.com js.intercomcdn.com fonts.intercomcdn.com https://*.hotjar.com; frame-ancestors 'self'; manifest-src 'self'; worker-src 'none'; report-to default; 1
frame-src 'self' https://www.google.com; frame-ancestors 'self' https://www.google.com https://www.jooraccess.com; object-src 'none'; 1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: data: blob:; object-src 'none'; child-src https: blob:; frame-src https: data: 1
default-src 'self'; script-src 'self' https://gtm.beterbed.nl https://www.google.com/recaptcha/ https://*.gstatic.com https://www.googletagmanager.com/gtag/ https://*.googleapis.com https://cdn-4.convertexperiments.com https://cdn.mouseflow.com https://bat.bing.com; connect-src 'self' https://gtm.beterbed.nl https://maps.googleapis.com https://*.convertexperiments.com https://*.mouseflow.com; img-src 'self' https://www.google.com/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://bat.bing.com; frame-src 'self' https://chat.beterbed.nl/ https://www.google.com; frame-ancestors 'none'; 1
default-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; frame-ancestors *; style-src * 'unsafe-inline'; report-uri /csp/reporting/add 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.go-mpulse.net https://*.dynamicyield.com https://www.googletagmanager.com https://d16fk4ms6rqz1v.cloudfront.net https://cdn.merklesearch.com https://cdn.pbbl.co https://s.pinimg.com https://bat.bing.com https://assistjs.skimresources.com https://connect.facebook.net https://*.twitter.com https://cdn.groupbycloud.com https://www.google-analytics.com https://tags.tiqcdn.com https://www.googleadservices.com https://static.ads-twitter.com https://js-agent.newrelic.com https://*.afterpay.com https://bam.nr-data.net https://y8ui6jzp.micpn.com https://*.datasteam.io https://ci-mpsnare.iovation.com https://tpc.googlesyndication.com https://*.salesforceliveagent.com https://static.site24x7rum.com https://*.paypal.com https://*.apple.com https://www.gstatic.com https://*.akamaihd.net https://www.myregistry.com https://s3.amazonaws.com https://app.curalate.com https://*.clearpay.co.uk https://js.appboycdn.com https://maxcdn.bootstrapcdn.com https://fast.fonts.net https://*.googleapis.com https://p.dlx.addthis.com https://px0.pbbl.co https://*.google.com https://images.contentful.com https://images.ctfassets.net https://*.criteo.com https://h.nexac.com https://*.dc-storm.com https://consent.jrs5.com https://consent.mediaforge.com https://consent.nxtck.com https://*.groupbycloud.com https://*.linksynergy.com https://www.polyvore.com https://*.bazaarvoice.com https://data.photorank.me https://www.ssense.com https://*.akstat.io https://www.google.co.uk https://*.perimeterx.net https://rtb-csync.smartadserver.com https://ads.yahoo.com https://pixel.rubiconproject.com https://*.gstatic.com https://www.google.ca https://www.google.de https://*.rkdms.com https://idsync.rlcdn.com https://www.google.fr https://www.google.es https://www.google.com.au https://www.google.co.jp https://www.google.nl https://x.bidswitch.net https://www.google.it https://*.agkn.com https://pixel.advertising.com https://www.google.com.mx https://www.google.ie https://www.google.com.ar https://www.google.co.nz https://sync.outbrain.com https://secure.adnxs.com https://sp.analytics.yahoo.com https://www.google.co.in https://*.rewardstyle.com https://r.casalemedia.com https://*.ra.linksynergy.com https://cx.atdmt.com https://pixel.tapad.com https://use.fontawesome.com https://fonts.gstatic.com https://cdn.dynamicyield.com https://*.fls.doubleclick.net https://dis.us.criteo.com https://c.go-mpulse.net https://dev.appboy.com https://www.facebook.com https://*.bluecore.com https://*.api.bazaarvoice.com https://dis.eu.criteo.com https://videos.contentful.com https://www.youtube.com https://videos.ctfassets.net https://*.g.doubleclick.net https://gum.criteo.com https://api.bazaarvoice.com https://static.criteo.net https://www.shopstylecollective.com https://www.shopstylecollective.co.uk https://player.vimeo.com https://core.conversant.mgr.consensu.org https://www.babylist.com https://*.scene7.com https://gmurphy2018.wufoo.com https://*.stg-sessionm.com https://*.sessionm.com https://*.dotomi.com https://mpsnare.iesnare.com https://*.adsymptotic.com https://*.attentivemobile.com https://*.attn.tv https://*.attentivemobile.com https://cdn.honey.io https://open.spotify.com https://*.myunidays.com https://*.murdoog.com https://g.3gl.net https://r.3gl.net.cn https://r.3gl.net https://*.tealiumiq.com https://trustbadge.api.etrusted.com https://*.salesforce.com https://*.px-cloud.net https://sdk.iad-01.braze.com https://idsync.rlcdn.com https://*.force.com https://trail.grin.co https://d38xvr37kwwhcm.cloudfront.net https://downloads.contentful.com https://data.adxcel-ec2.com https://cf.adxcel.com https://*.8x8.com/ https://*.btttag.com https://cloudflare.com/cdn-cgi/trace https://cdn.cookielaw.org https://track.securedvisit.com/ https://*.tiktok.com https://business.topbuzz.com https://business-sg.topbuzz.com https://*.tiktokcdn.com https://*.ibytedtos.com https://s0.ipstatp.com bytedance: https://*.evergage.com https://*.krxd.net https://connect.studentbeans.com/v4/anthropologie/uk https://*.urbndata.com https://*.urbanairship.com https://www.cloudflare.com/cdn-cgi/trace https://aswpapius.com https://*.pinterest.com https://*.steelhousemedia.com https://*.bambuser.com https://aswpsdkus.com/ https://*.qualtrics.com https://*.truefitcorp.com https://*.clarity.ms https://*.bing.com https://tag.rmp.rakuten.com https://*.rmtag.com https://*.salesforce-sites.com https://*.stylitics.com https://*.sentry.io https://*.ingest.sentry.io https://sentry.io https://*.stripe.com  https://dashhudson.com  https://*.dashhudson.com https://likeshop.me https://*.onetrust.com https://*.doubleclick.net https://*.crazyegg.com https://*.mczbf.com https://*.likeshop.me blob: https://*.google-analytics.com https://static.shopterrain.com https://api.shopterrain.com https://static-tr.local.urbn.engineering https://api-tr.local.urbn.engineering https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.px-cdn.net https://*.pxchk.net https://*.px-client.net https://www.google.com https://google.com https://staging2-api.shopterrain.com; img-src 'self' * data:; frame-ancestors 'self'; 1
frame-ancestors self https://content.tennet.eu *.platform.sh *.platformsh.site 1
default-src https: ptapp:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: 'self' data:; media-src https: 'self' blob:; font-src https: 'self' data:; connect-src https: 'self' wss:; frame-ancestors 'self' 1
frame-ancestors 'self' https://store.accuristech.com 1
default-src 'self' data: blob: www.googleadservices.com https: wss: fonts.googleapis.com fonts.gstatic.com webfiles2.nfp.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com bat.bing.com *.cookie-script.com cookie-script.com cdn.jsdelivr.net code.jquery.com ka-p.fontawesome.com kit.fontawesome.com pi.pardot.com scout-cdn.salesloft.com snap.licdn.com www.soundcloud.com soundcloud.com w.soundcloud.com i.vimeocdn.com i.ytimg.com go.nfp.com player.vimeo.com www.vimeo.com vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com analytics.google.com *.crazyegg.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googleadservices.com *.niceincontact.com home-m32.niceincontact.com ws.zoominfo.com fonts.googleapis.com fonts.gstatic.com webfiles2.nfp.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com bat.bing.com *.cookie-script.com cookie-script.com cdn.jsdelivr.net code.jquery.com ka-p.fontawesome.com kit.fontawesome.com pi.pardot.com scout-cdn.salesloft.com snap.licdn.com www.soundcloud.com soundcloud.com w.soundcloud.com i.vimeocdn.com i.ytimg.com go.nfp.com player.vimeo.com www.vimeo.com vimeo.com youtube.com www.youtube.com connect.facebook.net *.doubleclick.net doubleclick.net script.crazyegg.com *.tctm.co tctm.co *.crazyegg.com *.providesupport.com;style-src 'self' 'unsafe-inline' www.googleadservices.com fonts.googleapis.com fonts.gstatic.com webfiles2.nfp.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com bat.bing.com *.cookie-script.com cookie-script.com cdn.jsdelivr.net code.jquery.com ka-p.fontawesome.com kit.fontawesome.com pi.pardot.com scout-cdn.salesloft.com snap.licdn.com www.soundcloud.com soundcloud.com w.soundcloud.com i.vimeocdn.com i.ytimg.com go.nfp.com player.vimeo.com www.vimeo.com vimeo.com youtube.com www.youtube.com *.crazyegg.com;frame-ancestors 'self' cdn.flipsnack.com webfiles2.nfp.com www.googleadservices.com www.google.com www.gstatic.com maps.googleapis.com cdn.cookie-script.com cookie-script.com pi.pardot.com www.soundcloud.com soundcloud.com w.soundcloud.com i.vimeocdn.com i.ytimg.com go.nfp.com player.vimeo.com www.vimeo.com vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com *.crazyegg.com 1
frame-ancestors https: 'self'; font-src https: data:;  img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'   https://*.leecountync.gov/ https://*.revize.com https://*.ipcamlive.com https://leecountync.granicus.com https://leecountync.seamlessdocs.com https://cdn.userway.org https://*.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com   https://cdn.jsdelivr.net https://code.jquery.com https://partner.googleadservices.com https://*.gstatic.com; style-src * 'unsafe-inline' 1
frame-ancestors 'self' https://*.toyota.pl https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'self' blob: trk.techtarget.com *.crazyegg.com; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.evergage.com *.us-6.evergage.com *.evgnet.com yoast.com *.zi-scripts.com *.techtarget.com pi.pardot.com underscorejs.org *.crazyegg.com *.googleapis.com *.typekit.net *.marketo.com https://www.buzzsprout.com *.segment.com *.google.com tg.a3.ag *.gstatic.com https://maxcdn.bootstrapcdn.com https://fast.wistia.com *.digitalriver.com https://g.fastcdn.co *.instapage.com https://cdn.instapagemetrics.com *.clarity.ms *.twitter.com https://app-sj03.marketo.com https://cdn.jsdelivr.net *.onetrust.com https://cdn.cookielaw.org https://services.xg4ken.com https://www.googleadservices.com https://hm.baidu.com https://app-sjqe.marketo.com https://cdn.bizible.com *.6sc.co https://resources.xg4ken.com/js/ https://static.ads-twitter.com https://snap.licdn.com *.adsrvr.org https://info.digitalriver.com https://js.driftt.com https://bat.bing.com https://www.googletagmanager.com https://stg01dr.wpengine.com https://cdnjs.cloudflare.com https://info.digitalriver.com https://bat.bing.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://info.digitalriver.com https://kit.fontawesome.com *.marketo.net https://player.vimeo.com https://polyfill.io https://service.maxymiser.net https://siteintercept.qualtrics.com https://stackpath.bootstrapcdn.com https://www.google-analytics.com https://www.googletagmanager.com https://znefytqjw9qlvvmen-digitalriver.siteintercept.qualtrics.com *.googlesyndication.com googletagmanager.com *.doubleclick.net; style-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.evergage.com *.us-6.evergage.com *.evgnet.com *.crazyegg.com *.fontawesome.com *.fastcdn.co https://maxcdn.bootstrapcdn.com https://cdn.bootcdn.net/ajax/libs/font-awesome/ *.googleapis.com *.gstatic.com *.google.com *.clarity.ms https://www.googletagmanager.com *.marketo.com https://kit.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://fonts.googleapis.com https://info.digitalriver.com https://p.typekit.net https://use.typekit.net; base-uri 'self' *.clarity.ms; connect-src 'self' *.evergage.com *.us-6.evergage.com *.evgnet.com *.yoast.com yoast.com adservice.google.com translate-pa.googleapis.com *.6sense.com *.zi-scripts.com *.zoominfo.com *.techtarget.com translate.googleapis.com cdn.linkedin.oribi.io *.crazyegg.com *.fastcdn.co https://embedwistia-a.akamaihd.net *.segment.com *.segment.io https://fg8vvsvnieiv3ej16jby.litix.io *.wistia.com *.google-analytics.com *.digitalriver.com *.google.com *.baidu.com *.mktoutil.com *.facebook.com *.onetrust.com *.instapage.com *.facebook.net *.instapagemetrics.com https://service.maxymiser.net *.clarity.ms https://my.wpengine.com https://cdn.cookielaw.org https://www.digitalriver.com https://digitalriver.com *.6sc.co *.adnxs.com *.doubleclick.net https://348-quy-258.mktoresp.com https://bat.bing.com https://ka-f.fontawesome.com https://siteintercept.qualtrics.com https://stats.g.doubleclick.net https://www.google-analytics.com www.googletagmanager.com https://px.ads.linkedin.com https://px4.ads.linkedin.com; font-src 'self' data: https://storage.googleapis.com/instapage-app-assets/ *.evergage.com *.us-6.evergage.com *.evgnet.com *.fontawesome.com cdnjs.cloudflare.com https://fonts.gstatic.com https://ka-f.fontawesome.com https://use.typekit.net; frame-src 'self' app.getreprise.com www.google.com https://www.buzzsprout.com *.crazyegg.com *.adsrvr.org https://www.googletagmanager.com *.maxymiser.net bid.g.doubleclick.net *.doubleclick.net https://www.facebook.com *.vimeo.com https://vimeo.com https://info.digitalriver.com *.googlesyndication.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.evergage.com *.us-6.evergage.com *.evgnet.com www.facebook.com translate.googleapis.com *.digitalriver.com *.crazyegg.com cdn.redoc.ly *.typekit.net *.pubmatic.com *.bilinmedia.net https://embedwistia-a.akamaihd.net https://fast.wistia.com *.marketo.com https://insight.adsrvr.org *.vimeocdn.com *.yahoo.com *.doubleclick.net https://anthill.instapage.com https://v.fastcdn.co https://api.url2png.com https://beta.url2png.com https://wpengine.com *.privacysandbox.googleadservices.com *.googleadservices.com https://dify.wpengine.com https://www.solwininfotech.com https://cdn.cookielaw.org https://5015.xg4ken.com https://googleads.g.doubleclick.net *.facebook.net *.adsrvr.org https://ct.capterra.com https://service.maxymiser.net https://hm.baidu.com https://www.gstatic.com https://p.adsymptotic.com https://image.s12.sfmc-content.com https://px4.ads.linkedin.com *.linkedin.com https://cdn.bizibly.com https://c.bing.com https://bat.bing.com https://cdn.bizible.com https://tracking.g2crowd.com *.6sc.co *.clarity.ms https://px.ads.linkedin.com *.adnxs.com https://secure.gravatar.com https://t.co https://www.digitalriver.com https://www.facebook.com *.google-analytics.com https://www.googletagmanager.com *.twitter.com *.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; manifest-src 'self'; media-src 'self' *.buzzsprout.com player.vimeo.com *.evergage.com *.us-6.evergage.com *.evgnet.com blob:; worker-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' blob: ; report-uri https://o976938.ingest.sentry.io/api/6303438/security/?sentry_key=881bd14b64ce489fbfc8f32e85c8a880 1
default-src 'self'; style-src 'self' 'unsafe-inline' cssversicherung.scene7.com fonts.googleapis.com translate.googleapis.com *.mopinion.com; style-src-elem 'self' 'unsafe-inline' cssversicherung.scene7.com fonts.googleapis.com translate.googleapis.com *.mopinion.com; img-src 'self' data: *.css.ch *.pinterest.com s0.2mdn.net bat.bing.com *.mopinion.com www.facebook.com connect.facebook.net preview3.assetsadobe.com s7g10.scene7.com cssversicherung.scene7.com cm.everesttech.net dpm.demdex.net *.googlesyndication.com *.gstatic.com maps.googleapis.com *.googleadservices.com www.googletagmanager.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.google.com *.google.ch *.google.de *.google.at *.google.it *.google.fr *.google.li; font-src 'self' data: *.gstatic.com *.mopinion.com; object-src 'self' data: blob:; media-src 'self' data: blob: s7mbrstream-g1.scene7.com cssversicherung.scene7.com; worker-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.css.ch analytics.tiktok.com brame-static.s3.amazonaws.com translate.google.com translate.googleapis.com s.pinimg.com *.pinterest.com *.gstatic.com *.mopinion.com api.microsofttranslator.com bat.bing.com css-chat.smoope.net www.google.ch www.google.com www.google.de www.google.at www.google.it www.google.fr www.google.li *.googlesyndication.com *.datatrans.com pci-proxy.com sandbox.pci-proxy.com *.doubleclick.net www.googletagservices.com *.cookiebot.com *.googleadservices.com *.google-analytics.com *.analytics.google.com cssversicherung.scene7.com connect.facebook.net cdn.tt.omtrdc.net d2qmp7jjpd79k7.cloudfront.net maps.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com assets.adobedtm.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: *.css.ch analytics.tiktok.com brame-static.s3.amazonaws.com translate.google.com translate.googleapis.com s.pinimg.com *.pinterest.com *.gstatic.com *.mopinion.com api.microsofttranslator.com bat.bing.com css-chat.smoope.net www.google.ch www.google.com www.google.de www.google.at www.google.it www.google.fr www.google.li *.googlesyndication.com *.datatrans.com pci-proxy.com sandbox.pci-proxy.com *.doubleclick.net www.googletagservices.com *.cookiebot.com *.googleadservices.com *.google-analytics.com *.analytics.google.com cssversicherung.scene7.com connect.facebook.net cdn.tt.omtrdc.net d2qmp7jjpd79k7.cloudfront.net maps.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com assets.adobedtm.com; connect-src 'self' wss://*.css.ch *.css.ch analytics.tiktok.com maps.googleapis.com *.cookiebot.com *.pinterest.com api.weatherapi.com *.mopinion.com www.facebook.com www.bing.com bat.bing.com *.googlesyndication.com css-api.smoope.net *.google.com *.doubleclick.net *.google-analytics.com *.analytics.google.com s7mbrstream-g1.scene7.com cssversicherung.scene7.com cssversicherung.tt.omtrdc.net dpm.demdex.net; frame-src 'self' *.css.ch analytics.tiktok.com live.brame-gamification.com *.pinterest.ch *.pinterest.com *.google.com *.googlesyndication.com *.doubleclick.net cap.attempts.securecode.com *.datatrans.com sandbox.pci-proxy.com acs.swisscard.ch *.cookiebot.com www.youtube.com assets.adobedtm.com csskranken-versicherungag.demdex.net 3dsec.cardcenter.ch *.mopinion.com css-chat.smoope.net www.facebook.com; frame-ancestors 'self' *.css.ch csskranken-versicherungag.experiencecloud.adobe.com; form-action 'self' *.datatrans.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://cssversicherung.report-uri.com/r/d/csp/enforce; report-to csp-endpoint 1
frame-ancestors 'self' https://portal.fibe.in/ https://webapp.fibe.in/; 1
base-uri 'self'; font-src 'self' data: https://*.pentest-tools.com https://vercel.live https://fonts.gstatic.com https://script.hotjar.com https://assets.vercel.com self; form-action 'self' https://*.pentest-tools.com; frame-ancestors 'self' https://*.pentest-tools.com https://*.vercel.app https://pentesttools.onfastspring.com https://*.cloudfront.net; img-src 'self' https: data: https://*.pentest-tools.com https://pentesttools.onfastspring.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://*.analytics.google.com https://*.google.com https://ssl.gstatic.com https://www.gstatic.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://google.com https://static.hotjar.com https://script.hotjar.com https://*.onfastspring.com self cdn-cookieyes.com; object-src none; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https://*.pentest-tools.com https://*.googletagmanager.com https://vercel.live/fonts https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://static.hotjar.com https://script.hotjar.com https://*.onfastspring.com self unsafe-inline; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pentest-tools.com https://bat.bing.com https://*.impactcdn.com https://pentest-tools.pxf.io https://cdn.jsdelivr.net/npm/workbox-cdn@5.1.4/workbox/workbox-sw.js https://cdn.jsdelivr.net/npm/workbox-cdn@5.1.4/workbox/workbox-core.prod.js https://cdn.jsdelivr.net/npm/workbox-cdn@5.1.4/workbox/workbox-precaching.prod.js https://cdn.jsdelivr.net/npm/workbox-cdn@5.1.4/workbox/workbox-strategies.prod.js https://cdn.jsdelivr.net/npm/workbox-cdn@5.1.4/workbox/workbox-routing.prod.js https://www.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.adservice.google.com https://adservice.google.com https://tagmanager.google.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com https://vercel.live https://cdn.vercel-insights.com https://va.vercel-scripts.com https://*.sentry.com https://*.sentry-cdn.com https://*.onfastspring.com https://*.cloudfront.net https://*.hs-scripts.com https://js.hubspotfeedback.com/feedbackweb-new.js https://js.hubspot.com https://*.usemessages.com https://*.hs-analytics.net https://*.hscollectedforms.net https://*.hs-banner.com https://*.usefathom.com self cdn-cookieyes.com unsafe-inline; upgrade-insecure-requests; default-src 'self' https://*.pentest-tools.com self; worker-src 'self' blob:; connect-src 'self' ws: wss: https://*.pentest-tools.com https://bat.bing.com https://*.impactcdn.com https://pentest-tools.pxf.io https://content.pentest-tools.com https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://googleadservices.com https://*.googleadservices.com https://www.google.co.in https://www.google.co.id https://www.google.com https://analytics.google.com https://adservice.google.com https://*.google.com https://google.com https://www.google.id https://www.google.com.br https://www.google.co.uk https://www.google.ca https://www.google.com.au https://www.google.ro https://*.analytics.google.com https://*.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://vitals.vercel-insights.com https://vitals.vercel-analytics.com https://vercel.live https://*.sentry.io https://*.onfastspring.com https://js.hs-banner.com https://*.hubspot.com https://api.hsforms.com https://*.hscollectedforms.net https://*.usefathom.com self *.cookieyes.com cdn-cookieyes.com; frame-src 'self' https://*.pentest-tools.com https://*.googletagmanager.com https://*.optimize.google.com https://*.youtube.com https://*.youtube-nocookie.com https://*.simplecast.com https://td.doubleclick.net https://vars.hotjar.com https://vercel.live https://*.onfastspring.com https://*.hubspot.com https://*.linkedin.com; report-uri https://o1040042.ingest.sentry.io/api/6008920/security/?sentry_key=ea284f2b974341f888d14e98a637f6e0&sentry_environment=production; 1
default-src 'self'; connect-src 'self' *.siteimprove.com https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://www.google-analytics.com https://www.googletagmanager.com https://ruuter.buerokratt.emta.ee https://buerokratt.emta.ee/widget_bundle.js https://search.service.vportal.ee/v1/search/emta https://search.service.vportal.ee/v1/globalsearch/total https://form.service.vportal.ee/v1/ https://search.service.vportal.ee/v1/events/emta https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.rocket.chat https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://youtu.be/CgSBQTqbPu0 https://xgis.maaamet.ee; img-src 'self' data: *.emta.ee https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com https://www.googletagmanager.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://emta.static.live.vportal.ee/ cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://buerokratt.emta.ee https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://buerokratt.emta.ee https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com https://ruuter.buerokratt.emta.ee https://buerokratt.emta.ee/widget_bundle.js; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors 'self'; upgrade-insecure-requests 1
frame-ancestors 'self' https://online.gtefinancial.org; 1
frame-ancestors 'self' *.kameleoon.com *.kameleoon.eu ; 1
default-src 'self' https://stageux.disa.com https://fonts.gstatic.com https://www.sertifi.com https://player.vimeo.com https://raw.githubusercontent.com; script-src blob: 'self' https://*.disa.com https://playerserver.walkme.com https://cdn-us.clickdimensions.com https://documentcloud.adobe.com https://az124611.vo.msecnd.net https://webchat.helpshift.com https://ajax.googleapis.com https://internal.disa.com https://classic.disa.com https://www.sertifi.com https://auth.disa.com https://cdn.walkme.com https://cdn.appdynamics.com https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googletagmanager.com https://assets.ubembed.com https://b8e062dad79f42778be52e4fcfe85389.js.ubembed.com https://analytics.clickdimensions.com https://pi.pardot.com https://*.6sc.co https://*.osano.com https://one.disa.com https://disa.formstack.com https://*.formstack.com 'unsafe-inline' 'unsafe-eval' ; connect-src 'self' https://viewlicense.adobe.io https://internal.disa.com https://disaworks.disa.com https://*.walkme.com https://stageauth.disa.com https://col.eum-appdynamics.com https://www.google-analytics.com https://stats.g.doubleclick.net https://b8e062dad79f42778be52e4fcfe85389.events.ubembed.com https://internal.disa.com https://classic.disa.com https://www.sertifi.com https://auth.disa.com https://analytics.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://raw.githubusercontent.com https://*.6sc.co https://*.6sense.com https://tattle.api.osano.com https://one.disa.com https://*.formstack.com; style-src 'self' https://stageux.disa.com https://cdn-us.clickdimensions.com https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com https://*.formstack.com data: ; frame-src 'self' https://cdn.appdynamics.com https://documentcloud.adobe.com https://player.vimeo.com https://docs.google.com https://www.youtube.com https://*.webchat.helpshift.com https://webchat.helpshift.com https://b8e062dad79f42778be52e4fcfe85389.pages.ubembed.com https://auth.disa.com https://*.disa.com https://www.sertifi.com https://cdn.walkme.com https://www.google.com https://maps.google.com https://*.meet.ps https://icims-2.wistia.com; frame-ancestors https://www.sertifi.com https://docs.google.com https://*.disa.com https://stageauth.disa.com https://stageux.disa.com https://icims-2.wistia.com; form-action 'self' https://one.disa.com https://webto.salesforce.com analytics.clickdimensions.com https://*.formstack.com; img-src https://ec.walkme.com https://www.google-analytics.com https://*.cloudfront.net https://www.google.com https://www.sertifi.com https://online.swagger.io https://validator.swagger.io https://cdn-us.clickdimensions.com/ https://*.googletagmanager.com https://*.6sc.co https://one.disa.com https://pi.pardot.com https://*.formstack.com 'self' data: 1
default-src 'self' *.itisnot.art *.myconnxion.com *.connxusdemo.com *.paypalobjects.com *.google.com *.gstatic.com *.paypal.com cdnjs.cloudflare.com *.twitter.com *.syndication.twimg.com *.pubnub.com *.typekit.net *.googleapis.com *.amazonaws.com *.walkme.com *.cloudfront.net *.googletagmanager.com *.google-analytics.com; style-src 'unsafe-inline' 'self' *.itisnot.art *.myconnxion.com *.connxusdemo.com *.amazonaws.com *.typekit.net *.googleapis.com *.gstatic.com; font-src 'self' data: *.typekit.net *.gstatic.com; worker-src 'self' blob:; img-src 'self' *.ggpht.com *.itisnot.art *.myconnxion.com *.connxusdemo.com *.paypalobjects.com *.google.com *.gstatic.com *.paypal.com cdnjs.cloudflare.com *.twitter.com *.syndication.twimg.com *.pubnub.com *.typekit.net *.googleapis.com *.amazonaws.com *.walkme.com *.cloudfront.net *.google-analytics.com data:; 1
base-uri 'self'; default-src https:; object-src 'none'; frame-src 'self' *.acronis.com *.salesforceliveagent.com *.driftt.com *.visualize-roi.com *.doubleclick.net optimize.google.com platform.twitter.com syndication.twitter.com vars.hotjar.com widget.trustpilot.com www.facebook.com www.google.com www.youtube.com www.recaptcha.net *.visualwebsiteoptimizer.com app.vwo.com; frame-ancestors 'none'; font-src 'self' *.acronis.com fonts.googleapis.com fonts.gstatic.com script.hotjar.com; style-src 'unsafe-inline' 'self' *.acronis.com cdn.cookielaw.org fonts.googleapis.com optimize.google.com platform.twitter.com tagmanager.google.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; img-src 'self' data: *.acronis.com *.analytics.google.com *.clarity.ms *.facebook.com *.g.cn *.g.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.linkedin.com *.twimg.com *.ytimg.com acronis.events b.6sc.co bat.bing.com c.bing.com c212.net cdn.cookielaw.org maps.gstatic.com media.slapfive.com optimize.google.com p.adsymptotic.com pixel.mathtag.com script.hotjar.com ssl.gstatic.com syndication.twitter.com trkn.us www.gstatic.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com www.mczbf.com alb.reddit.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleapis.com *.gstatic.com; connect-src 'self' ws: *.6sc.co *.6sense.com *.workday.com *.herokuapp.com *.acronis.com *.adnxs.com *.analytics.google.com *.bing.com *.clarity.ms *.fullcircleinsights.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.mutinycdn.com *.onetrust.com *.s3.amazonaws.com *.scarabresearch.com *.schemaapp.com *.sentry.io *.visualize-roi.com *.influ2.com *.linkedin.com 929-hvv-335.mktoresp.com api.greenhouse.io cdn.cookielaw.org maps.googleapis.com cdn.linkedin.oribi.io www.mczbf.com *.visualwebsiteoptimizer.com app.vwo.com www.redditstatic.com 6sense.deian.eu *.mplat-ppcprotect.com *.reddit.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleapis.com *.gstatic.com; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-dd56acc6330714ce92232e5aae0da0b1' *.acronis.com *.googletagmanager.com tagmanager.google.com *.visualize-roi.com optimize.google.com www.google-analytics.com www.googleadservices.com www.googleanalytics.com www.googleoptimize.com *.visualwebsiteoptimizer.com app.vwo.com 1
default-src 'self'; base-uri 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' https:; script-src-attr 'none'; script-src-elem 'report-sample' 'unsafe-inline' 'unsafe-eval' https: about: widget-mediator.zopim.com; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com *.bowtie.com.hk *.website-files.com *.cloudfront.net optimize.google.com tagmanager.google.com www.googletagmanager.com www.gstatic.com; img-src 'self' data: https:; connect-src 'self' *.webflow.com gtm.bowtie.com.hk assets.bowtie.com.hk *.website-files.com cobrowse.io *.cobrowse.io wss://*.cobrowse.io ekr.zendesk.com *.zdassets.com bowtieinsurance.zendesk.com wss://widget-mediator.zopim.com widget-mediator.zopim.com api.thereviewsplace.com web.delighted.com api.sprig.com api.userleap.com *.my.sentry.io sentry.io *.mixpanel.com cdn.mxpnl.com www.facebook.com capig.bowtie.hk *.google-analytics.com www.googletagmanager.com www.google.com www.google.com.hk adservice.google.com analytics.google.com *.analytics.google.com *.doubleclick.net *.googlesyndication.com bat.bing.com *.linkedin.com cdn.linkedin.oribi.io s.yimg.com *.taboola.com; font-src 'self' data: fonts.gstatic.com *.bowtie.com.hk *.website-files.com *.webflow.com *.cloudfront.net; form-action 'self' www.facebook.com; frame-src 'self' *.bowtie.com.hk *.website-files.com cobrowse.io *.cobrowse.io webflow.com optimize.google.com www.google.com www.googletagmanager.com *.googlesyndication.com *.doubleclick.net *.g.doubleclick.net *.fls.doubleclick.net *.facebook.com mozbar.moz.com www.youtube.com bowtieinsurance.typeform.com calendar.google.com cdn.taboola.com; media-src 'self' ssl.gstatic.com static.zdassets.com; frame-ancestors 'self'; child-src www.facebook.com; object-src 'none'; upgrade-insecure-requests; report-uri https://report-uri.bowtie.com.hk 1
base-uri 'self'; form-action 'self'; manifest-src 'self' 1
img-src 'self' data: *.3c-d.de *.experian.de experianacademy.com *.openstreetmap.org *.osm.org; style-src 'self' *.3c-d.de *.experian.de experianacademy.com 'unsafe-inline'; script-src 'self' *.3c-d.de *.experian.de experianacademy.com 'unsafe-inline' 'unsafe-eval'; worker-src 'self'; frame-ancestors 'self' *.3c-d.de *.experian.de experianacademy.com; frame-src 'self' *.3c-d.de *.experian.de experianacademy.com; object-src 'self'; connect-src 'self' *.3c-d.de *.experian.de experianacademy.com wss://*.3c-d.de; form-action 'self' *.3cd.ads *.3c-d.de *.microsoftonline.com; 1
frame-ancestors 'self' https://*.examus.net https://*.student.examus.net https://*.openedu.ru https://*.hse.ru/ always 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://pay.google.com https://www.shoplooks.com https://tr.snapchat.com blob: https://gum.criteo.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://ds-aksb-a.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.bing.com https://*.parcellab.com https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://*.contentsquare.net https://*.criteo.com https://sgtm.lookfantastic.ca; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://*.lookfantastic.ca https://tr.snapchat.com https://www.glossybox.co.uk https://www.glossybox.se https://www.glossybox.com https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.dk; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://*.recaptcha.net https://*.microsofttranslator.com https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://sc-static.net https://static.thgcdn.cn https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com https://static.criteo.net https://*.criteo.com https://*.googlesyndication.com https://sgtm.lookfantastic.ca; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
connect-src 'self' ju8frr4cbn5mco96qqapt28pb.litix.io a.clarity.ms accounts.google.com analytics.google.com api.feefo.com api.gemporia.com ask.hotjar.io bat.bing.com cdn.plyr.io collect.feefo.com content.hotjar.io ct.pinterest.com d.clarity.ms data: dev.visualwebsiteoptimizer.com f.clarity.ms g.clarity.ms h.clarity.ms in.hotjar.com j.clarity.ms l.clarity.ms la1.gemporia.com lo2-1.gemporia.com localhost:49506 m.clarity.ms mention-me.com metrics.hotjar.io p.clarity.ms properties q.clarity.ms r.clarity.ms region1.analytics.google.com region1.google-analytics.com s.clarity.ms service.gstatic-cache.com socket.gemporia.com stats.g.doubleclick.net surveystats.hotjar.io t.clarity.ms tag.mention-me.com translate-pa.googleapis.com translate.googleapis.com u.clarity.ms v.clarity.ms vc.hotjar.io vz-5bf89687-e95.b-cdn.net vz-5c1621ca-3a9.b-cdn.net w.clarity.ms wss wss://socket.gemporia.com wss://ws.hotjar.com www.clarity.ms www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.az www.google.be www.google.bg www.google.by www.google.ca www.google.ch www.google.co.cr www.google.co.id www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.ve www.google.co.za www.google.co.zm www.google.com.au www.google.com.bd www.google.com.bo www.google.com.bz www.google.com.co www.google.com.cy www.google.com.eg www.google.com.et www.google.com.gh www.google.com.hk www.google.com.jm www.google.com.kw www.google.com.lb www.google.com.mm www.google.com.mx www.google.com.my www.google.com.ng www.google.com.np www.google.com.ph www.google.com.pk www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.vn www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gg www.google.gr www.google.hr www.google.hu www.google.ie www.google.im www.google.it www.google.je www.google.lk www.google.lt www.google.lu www.google.lv www.google.mg www.google.mk www.google.mu www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.tt www.googletagmanager.com x.clarity.ms y.clarity.ms z.clarity.ms www.google.mn b.clarity.ms e.clarity.ms i.clarity.ms k.clarity.ms n.clarity.ms o.clarity.ms; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' accounts.google.com ajax.aspnetcdn.com ajax.cloudflare.com amber.rocks.tv api.feefo.com api.instagram.com apis.google.com appleid.cdn-apple.com bat.bing.com connect.facebook.net ct.pinterest.com data: dev.visualwebsiteoptimizer.com googleads.g.doubleclick.net localhost:49506 register.feefo.com rialto-gms.s3.amazonaws.com s.pinimg.com script.hotjar.com static.hotjar.com static.mention-me.com tag.mention-me.com www.clarity.ms www.google.com www.googletagmanager.com www.gstatic.com js.reignitehq.com; script-src 'self' 'unsafe-eval' accounts.google.com ajax.aspnetcdn.com ajax.cloudflare.com api.feefo.com api.instagram.com appleid.cdn-apple.com bat.bing.com blob: connect.facebook.net ct.pinterest.com dev.visualwebsiteoptimizer.com googleads.g.doubleclick.net register.feefo.com s.pinimg.com script.hotjar.com self static.hotjar.com static.mention-me.com tag.mention-me.com wasm-eval www.clarity.ms www.google.com www.googletagmanager.com www.gstatic.com js.reignitehq.com; worker-src 'self' blob:; report-uri https://e9c2e2d6c1e84744ff4fbfa9bc0ad1d3.report-uri.com/r/t/csp/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.boxever.com https://public.tableau.com https://*.cloudfront.net https://*.bound360.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.getsmartcontent.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://cdn.linkedin.oribi.io https://*.litix.io https://*.pardot.com https://*.questionpro.com https://*.rfihub.com https://*.rfihub.net https://*.sitecorecontenthub.cloud https://*.vizientinc.com https://*.wistia.com https://*.wistia.net https://ad.ipredictive.com https://ajax.googleapis.com https://analytics.twitter.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cnv.event.prod.bidr.io https://code.jquery.com https://connect.facebook.net https://*.sitecorecloud.io https://match.adsrvr.org https://maxcdn.bootstrapcdn.com https://snap.licdn.com https://static.ads-twitter.com https://cm.vizient.localhost https://t.co https://tracking.intentsify.io https://vhatv.vha.com https://vitals.vercel-insights.com https://www.cvent.com https://www.ethosce.com https://www.facebook.com https://www.google.ca https://www.google.com https://*.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://www.thinglink.com https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://tag.demandbase.com https://api.company-target.com https://company.target.com https://rlcdn.com https://id.rlcdn.com https://scripts.demandbase.com https://segments.company-target.com https://tag-logger.demandbase.com https://www.juicer.io https://assets.juicer.io https://static.juicer.io https://media.licdn.com https://s.company-target.com; media-src 'self' data: blob: https://*.sitecorecloud.io https://*.sitecorecontenthub.cloud embedwistia-a.akamaihd.net *.wistia.net *.wistia.com; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.crazyegg.com *.iesnare.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com blob: feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://*.googletagmanager.com *.crazyegg.com *.iesnare.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://cdn.fonts.net *.crazyegg.com *.iesnare.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com blob: feed.pghub.io pandg.tapad.com ; font-src 'self' https://fonts.gstatic.com https://assets.ctfassets.net *.crazyegg.com *.iesnare.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com data: blob: feed.pghub.io pandg.tapad.com ; img-src 'self' https://www.googletagmanager.com https://ssl.gstatic.com https://images.ctfassets.net https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://pixel.tapad.com/ *.crazyegg.com *.iesnare.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com data: blob: data: feed.pghub.io pandg.tapad.com ; frame-src https://www.googletagmanager.com https://consumersupport.pg.com *.crazyegg.com *.iesnare.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com data: blob: feed.pghub.io pandg.tapad.com ; connect-src 'self' https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.crazyegg.com *.iesnare.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com data: blob: feed.pghub.io pandg.tapad.com ; 1
base-uri 'self' https:; block-all-mixed-content; child-src 'self' https:; connect-src 'self' blob: https: wss:; font-src 'self' data: https:; form-action 'self' https:; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' blob: data: https:; media-src 'self' https:; object-src 'self' https:; prefetch-src 'self' https:; report-to csp_default; report-uri https://o956100.ingest.sentry.io/api/5979820/security/?sentry_key=3365bf3db95341e8b0c888222a947b0e; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; worker-src 'self' https: 1
frame-ancestors 'self' accounts.login.idm.telekom.com; 1
default-src 'self' https://*.paysign.com https://*.aws.paysign.com https://*.paysign.net https://zip.getziptastic.com https://www.googletagmanager.com; img-src * data:; script-src 'self' 'sha256-4qHwYstA/HMoqYktYjfAnyNPmBqLeAqunX99JaEvimc=' https://www.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://www.google-analytics.com; frame-src https://www.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://copayassets-test.aws.paysign.com/ https://s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.paysign.com https://*.aws.paysign.com https://*.paysign.net; font-src 'self' https://fonts.gstatic.com; connect-src https://*.paysign.com https://*.3pea.net https://*.aws.paysign.com https://*.paysign.net https://*.s3.us-east-1.amazonaws.com/ https://zip.getziptastic.com https://www.googletagmanager.com https://maps.googleapis.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/; manifest-src 'self' https://maps.googleapis.com/ https://www.google-analytics.com/; 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; connect-src 'self' *.suntransfers.com cdn.polyfill.io www.googletagmanager.com www.google-analytics.com www.googleadservices.com *.google.com *.google.es *.g.doubleclick.net *.googleapis.com *.algolia.net *.algolianet.com *.visualwebsiteoptimizer.com *.hotjar.com *.hotjar.io *.bing.com d2oh4tlt9mrke9.cloudfront.net *.zendesk.com *.zopim.com *.zdassets.com ws://*.zopim.com wss://*.zopim.com *.abtasty.com *.criteo.com *.criteo.net *.facebook.com *.facebook.net *.trustpilot.com *.sessioncam.com ws://*.sessioncam.com wss://*.sessioncam.com *.firebaseio.com ws://*.firebaseio.com wss://*.firebaseio.com *.addonpayments.com ws://*.addonpayments.com wss://*.addonpayments.com *.paypal.com ws://*.paypal.com wss://*.paypal.com *.redsys.es ws://*.redsys.es wss://*.redsys.es *.ada.support ws://*.ada.support wss://*.ada.support *.clarity.ms *.google-analytics.com *.adyen.com *.googlesyndication.com *.glassboxdigital.io *.gbqofs.com *.report.gbss.io *.gbqofs.io *.optimizely.com sentry.io ws://sentry.io wss://sentry.io *.sibforms.com *.nr-data.net *.onetrust.com *.cookielaw.org ; frame-ancestors 'self' *.suntransfers.com *.addonpayments.com *.paypal.com *.redsys.es *.adyen.com *.sibforms.com *.optimizely.com; object-src 'self' *.suntransfers.com *.addonpayments.com *.paypal.com *.redsys.es *.adyen.com *.sibforms.com *.optimizely.com; 1
default-src 'self' static.financialsense.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.financialsense.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com static.ctctcdn.com; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.financialsense.com blob: *.giphy.com; frame-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.financialsense.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.financialsense.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com *.ckeditor.com *.ctctcdn.com *.constantcontact.com 1
default-src 'self' *.livejournal.com *.livejournal.net *.dsp-rambler.ru *.google.com google.com *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru *.tiktok.com tiktok.com *.youtube.com youtube.com; script-src 'self' *.livejournal.com *.livejournal.net *.adfox.ru ad.mail.ru api.giphy.com bs.serving-sys.ru cdn.ampproject.org cdn.jsdelivr.net cdnjs.smi2.ru content.adriver.ru *.criteo.com *.criteo.net cstatic.weborama.fr data00.adlooxtracking.com data.24smi.net *.doubleclick.net *.dropbox.com dsp-rambler.ru *.dsp-rambler.ru *.exelator.com *.facebook.com vk.com *.facebook.net gist.github.com googleads.g.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com google.com *.google.ru *.googlesyndication.com *.googletagmanager.com googletagmanager.com *.googletagservices.com *.gstatic.com *.instagram.com j.adlooxtracking.ru js.mamydirect.com jsn.24smi.net *.lj.ru mc.yandex.com mc.yandex.ru *.newrelic.com *.nr-data.net *.ok.ru openstat.net pingback.giphy.com *.pingdom.com *.pingdom.net *.pinterest.com *.plista.com privacy-cs.mail.ru *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru rb.infox.sg r.mradx.net *.rnet.plus *.rubiconproject.com r.webturn.ru *.scorecardresearch.com sdk.canva.com *.services.livejournal.com smi2.ru ssl.p.jwpcdn.com static.smi2cdn.ru static.smi2.net static.weborama.fr static.xx.fbcdn.net stat.media telegram.org tiktokcdn-us.com *.tiktok.com tiktok.com tns-counter.ru *.top100.ru top-fwz1.mail.ru tpc.googlesyndication.com *.ttwstatic.com twemoji.maxcdn.com *.twimg.com *.twitter.com *.videos.livejournal.com *.vk.com wcm-ru.frontend.weborama.fr weborama.fr *.webturn.ru *.yahooapis.com *.yandex.ru yandex.ru yastatic.net ymetrica.com *.youtube.com youtube.com z.moatads.com 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: 'unsafe-inline'; img-src blob: http: https: data:; frame-src http: https:; font-src http: https: data:; connect-src 'self' *.livejournal.com *.livejournal.net ad.mail.ru *.ad-tech.ru api.giphy.com bs.serving-sys.ru cdn.ampproject.org *.criteo.com csi.gstatic.com data00.adlooxtracking.com dsp-rambler.ru *.dsp-rambler.ru *.eaglecdn.com *.g.doubleclick.net googleads.g.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com google.com *.googletagmanager.com googletagmanager.com graph.facebook.com gstatic.com *.lj.ru lj.stat.eagleplatform.com mc.yandex.by mc.yandex.com mc.yandex.md mc.yandex.ru pingback.giphy.com *.pingdom.net privacy-cs.mail.ru *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru rb.infox.sg *.rnet.plus *.services.livejournal.com *.ssp.rambler.ru ssp.rambler.ru static-mon.yandex.net static.xx.fbcdn.net stat.media stats.g.doubleclick.net smi2.net smi2.ru *.tiktok.com tiktok.com top-fwz1.mail.ru *.twitter.com *.webturn.ru webvisor.org wss://www.livejournal.com yandexmetrica.com yandexmetrica.com:29010 yandexmetrica.com:30103 *.yandex.ru yandex.ru yastatic.net ymetrica1.com ymetrica.com *.youtube.com youtube.com; report-uri https://www.livejournal.com/csp_reports; report-to livejournal; media-src http: https: data: storage.mds.yandex.net; worker-src 'self' blob:; object-src 'self' blob: *.livejournal.net youtube.com *.youtube.com; child-src 'self' blob:; 1
frame-ancestors https://www.rldatix.com/ https://rldatix.com/ https://cms.rldatix.com/ 1
frame-ancestors 'self' https://nabd.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com b.scorecardresearch.com po.st *.po.st www.googletagmanager.com www.google-analytics.com *.google.com google.com *.googleapis.com googleapis.com assets.adobedtm.com *.youtube.com s.ytimg.com *.tt.omtrdc.net code.highcharts.com www.thinglink.com cdn.thinglink.me https://cdn.livefyre.com *.demdex.net *.clicktale.net *.liveperson.com *.liveperson.net *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn *.lprnd.net liveperson.com liveperson.net lpsnmedia.net iveengage.net liveengage.com liveper.sn lprnd.net cdn.cookielaw.org *.coutts.com connect.facebook.net snap.licdn.com https://www.googleadservices.com https://googleads.g.doubleclick.net player.vimeo.com t.contentsquare.net app.contentsquare.com https://rbs.tt.omtrdc.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-eu.onetrust.com https://assets.adobedtm.com https://liveperson.net https://*.liveperson.net; object-src 'self' https://440.coutts.com; worker-src blob:; upgrade-insecure-requests; frame-ancestors 'self' https://440.coutts.com; 1
frame-ancestors 'self' *.mapfre.com *.mapfre.es assistencia.bbseguros.com.br *.mapfre.com.do *.mapfre.com.br *.mapfre.com.mx *.mapfre.com.co *.mapfre.com.sv *.mapfre.com.gt *.mapfre.com.ec *.mapfre.com.hn *.mapfre.com.ni *.mapfre.com.py *.mapfre.com.oe *.mapfre.com.uy *.mapfre.com.ar *.mapfre.com.cl *.mapfre.com.pa; 1
font-src 'self' https://*.freenet.de; img-src * data:; frame-ancestors 'self'; object-src 'self'; base-uri 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' iongroup.wpengine.com * www.googletagmanager.com maps.googleapis.com www.google.com ajax.googleapis.com en25.com google-analytics.com analytics.google.com www.google-analytics.com; 1
default-src 'self' https://sketchfab.com https://communityregister.elekta.com https://play.vidyard.com https://static.elekta.com; font-src 'self'; img-src 'self' https://stats.elekta.com https://play.vidyard.com https://cdn.vidyard.com https://api.mapbox.com https://googletagmanager.com; script-src 'self' 'unsafe-eval' https://stats.elekta.com https://cdn.pardot.com https://pi.pardot.com https://success.elekta.com https://play.vidyard.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://api.mapbox.com https://success.elekta.com https://stats.elekta.com https://*.algolianet.com https://*.algolia.net https://play.vidyard.com https://ir.elekta.com/latest-news/ https://ko5zn8xqvb.execute-api.eu-central-1.amazonaws.com/Prod/ https://googletagmanager.com https://*.google-analytics.com 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com *.twimg.com platform.linkedin.com snap.licdn.com *.google-analytics.com tagmanager.google.com www.googletagmanager.com www.youtube.com/iframe_api syndication.twitter.com/ s.ytimg.com publish.twitter.com *.linkedin.com platform.stumbleupon.com/1/widgets.js dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com code.jquery.com maxcdn.bootstrapcdn.com *.hawksearch.com *.hawksearch.net widget.surveymonkey.com e.infogr.am e.infogram.com *.hotjar.com ajax.cloudflare.com js.hsforms.net 'self' cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com tagmanager.google.com www.googletagmanager.com dec.azureedge.net maxcdn.bootstrapcdn.com *.hawksearch.com *.hawksearch.net widget.surveymonkey.com e.infogr.am e.infogram.com *.hotjar.com 'self' web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: sjs.bizographics.com px4.ads.linkedin.com p.adsymptotic.com dev-pws.pcaobus.org pcaob-dev.idevdesign.net qa-pws.pcaobus.org pcaob-staging.idevdesign.net pcaobus.org pcaob-cms-live.ae-admin.com *.google-analytics.com tagmanager.google.com www.googletagmanager.com delicious.com px.ads.linkedin.com *.linkedin.com syndication.twitter.com static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png dec.azureedge.net dec.sitefinity.com *.eloqua.com track.hubspot.com widget.surveymonkey.com e.infogr.am e.infogram.com *.hotjar.com *.hsforms.com 'self' web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.hotjar.com; frame-src *.hsforms.com www.google.com https://www.youtube.com https://e.infogram.com/ https://www.youtube-nocookie.com/ https://www.google.com/ 'self' web-chat.nativechat.com; connect-src 'self' accounts.google.com gw.linkedin.oribi.io cdn.linkedin.oribi.io www.google.com tagmanager.google.com www.googletagmanager.com *.google-analytics.com dec.sitefinity.com *.mktoresp.com *.hawksearch.net *.hawksearch.com widget.surveymonkey.com e.infogr.am e.infogram.com *.hotjar.com hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.com; media-src 'self' data: blob:; child-src apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com platform.twitter.com/ syndication.twitter.com/ www.youtube.com/ www.youtube-nocookie.com/ player.vimeo.com/ w.soundcloud.com/ www.google.com widget.surveymonkey.com e.infogr.am e.infogram.com *.hotjar.com 'self' web-chat.nativechat.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; form-action https://* ; img-src * data: blob: 'unsafe-inline' 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' * ; style-src 'unsafe-inline' * ; img-src * data: * ; media-src * ; connect-src * ; frame-src 'self' * ; font-src 'self' data: * ; 1
default-src broadband.gopeoples.net *.gopeoples.net *.wistia.net *.zopim.io *.zapier.com blob: wss: *.zendesk.com *.zdassets.com *.cloudflare.com *.google.com bootstrapcdn.com  googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com *.crowdfiber.io data: *.googletagmanager.com luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net *.nwwsd.org facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.facebook.net *.smeco.coop electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' billing.nwwsd.org elfsight.com icua.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co *.cooperative.com *.google-analytics.com gmpg.org cloudfront.net *.ctctcdn.com *.marketingautomation.services *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com *.azgt.coop; 1
upgrade-insecure-requests; frame-ancestors 'self';object-src data: 'unsafe-eval'; default-src 'self' *.glance.net *.humanamilitary.com *.day.com *.everesttech.net *.g.doubleclick.net *.doubleclick.net *.day.com *.mpeasylink.com *.cloud.coveo.com *.orghipaa.coveo.com  *.analytics.orghipaa.coveo.com *.foresee.com *.humana.com *.ensighten.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.gigya.com *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net  *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.requirejs.org *.cacmedicalcenters.com *.4see.mobi *.longtailvideo.com *.foreseeresults.com *.facebook.com *.bing.com *.doubleclick.net *.xg4ken.com *.licdn.com *.twitter.com *.360yield.com *.casalemedia.com *.kargo.com *.bidswitch.net *.ad-stir.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.everesttech.net *.everestjs.net *.demdex.net *.amazon-adsystem.com *.googletagmanager.com *.deepintent.com *.gumgum.com *.teads.tv *.3lift.com *.ads-twitter.com *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com;style-src 'self' 'unsafe-Inline' *.glance.net *.cloud.coveo.com *.foresee.com *.humana.com *.ensighten.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.gigya.com *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net  *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.requirejs.org *.cacmedicalcenters.com *.4see.mobi *.longtailvideo.com *.foreseeresults.com *.facebook.com *.bing.com *.doubleclick.net *.xg4ken.com *.licdn.com *.twitter.com *.360yield.com *.casalemedia.com *.kargo.com *.bidswitch.net *.ad-stir.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.everesttech.net *.everestjs.net *.demdex.net *.amazon-adsystem.com *.googletagmanager.com *.deepintent.com *.gumgum.com *.teads.tv *.3lift.com *.ads-twitter.com *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.glance.net *.cloud.coveo.com *.foresee.com *.humana.com *.ensighten.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.gigya.com *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net  *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.requirejs.org *.cacmedicalcenters.com *.4see.mobi *.longtailvideo.com *.foreseeresults.com *.facebook.com *.bing.com *.doubleclick.net *.xg4ken.com *.licdn.com *.twitter.com *.360yield.com *.casalemedia.com *.kargo.com *.bidswitch.net *.ad-stir.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.everesttech.net *.everestjs.net *.demdex.net *.amazon-adsystem.com *.googletagmanager.com *.deepintent.com *.gumgum.com *.teads.tv *.3lift.com *.ads-twitter.com *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com;img-src 'self' *.glance.net *.humanamilitary.com *.foresee.com *.humana.com *.ensighten.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.gigya.com *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net  *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.requirejs.org *.cacmedicalcenters.com *.4see.mobi *.longtailvideo.com *.foreseeresults.com *.facebook.com *.bing.com *.doubleclick.net *.xg4ken.com *.licdn.com *.twitter.com *.360yield.com *.casalemedia.com *.kargo.com *.bidswitch.net *.ad-stir.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.everesttech.net *.everestjs.net *.demdex.net *.amazon-adsystem.com *.googletagmanager.com *.deepintent.com *.gumgum.com *.teads.tv *.3lift.com *.ads-twitter.com *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com;font-src 'self' data: *.foresee.com *.humana.com *.ensighten.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.gigya.com *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net  *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.requirejs.org *.cacmedicalcenters.com *.4see.mobi *.longtailvideo.com *.foreseeresults.com *.facebook.com *.bing.com *.doubleclick.net *.xg4ken.com *.licdn.com *.twitter.com *.360yield.com *.casalemedia.com *.kargo.com *.bidswitch.net *.ad-stir.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.everesttech.net *.everestjs.net *.demdex.net *.amazon-adsystem.com *.googletagmanager.com *.deepintent.com *.gumgum.com *.teads.tv *.3lift.com *.ads-twitter.com *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content;frame-ancestors 'self' https://afkgaming.quintype.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.hotjar.com https://in.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleapis.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://*.hubspot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com *.analytics.google.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com *.hubspot.com; media-src 'self' data: blob:; frame-src 'self' https://interactive-img.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://*.mktoresp.com https://*.google-analytics.com https://*.analytics.google.com https://*.gstatic.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.hscollectedforms.net https://*.googletagmanager.com; 1
base-uri 'self'; font-src 'self' data:; media-src 'self'; connect-src 'self'; object-src 'self'; form-action 'self' *.izzysoft.de *.qumran.org; frame-ancestors 'self' *.izzysoft.de *.qumran.org; block-all-mixed-content; script-src 'self'; 1
default-src 'self' https://www.maprocuration.gouv.fr https://www.maprocuration.gouv.fr https://fsi.maprocuration.gouv.fr https://mairie.maprocuration.gouv.fr https://fsi.maprocuration.gouv.fr;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' https://voxusagers.numerique.gouv.fr https://logs4.xiti.com https://haqt.maprocuration.gouv.fr;object-src 'none';script-src 'self' 'unsafe-eval' https://haqt.maprocuration.gouv.fr;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self'; script-src-elem dev.pango-cloud.com stage.pango-cloud.com www.pango-cloud.com pango-cloud.com www.pango-cloud.com developer.aura.com www.google.com www.gstatic.com *.google.com *.netlify.app *.google-analytics.com cdn.jsdelivr.net *.firebaseio.com; style-src 'self' 'unsafe-inline' https:; frame-src 'unsafe-eval' https://*; connect-src 'self' https://* ws: data:; img-src https://* data:; worker-src 'self' blob:; font-src 'self' cdn.jsdelivr.net; 1
img-src * data:; child-src * blob:;  frame-src *;  default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: about:  oddsmonkey.com *.oddsmonkey.com theoddsmatcher.co.uk *.theoddsmatcher.co.uk safeurl.co.uk *.safeurl.co.uk dotnetpages.co.uk  *.jquery.com cdn.datatables.net *.bootstrapcdn.com  api.optmnstr.com  secure.adnxs.com  google.com *.google.com google-analytics.com *.google-analytics.com gstatic.com *.gstatic.com cgstatic.info *.cgstatic.info googleapis.com *.googleapis.com http://fonts.googleapis.com stats.g.doubleclick.net googleadservices.com *.googleadservices.com googletagmanager.com *.googletagmanager.com  clicky.com *.clicky.com getclicky.com *.getclicky.com  truconversion.com *.truconversion.com wss://io.truconversion.com:8080  use.fontawesome.com  *.facebook.net *.facebook.com  *.hubspot.com adroll.com *.adroll.com  api.usemessages.com js.hsleadflows.net js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.net js.hsforms.net  *.wistia.com *.wistia.net *.24liveblog.com litix.io *.litix.io *.akamaihd.net  vimeo.com *.vimeo.com  calendly.com *.calendly.com  reviews.co.uk *.reviews.co.uk  bat.bing.com  twitter.com *.twitter.com ads-twitter.com *.ads-twitter.com  content.betfair.com  cloudflare.com *.cloudflare.com xx.xcetkbl.com  hpp.realexpayments.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.cloudfront.net  *.addthis.com *.addthisedge.com  optinmonster.com *.optinmonster.com optnmnstr.com *.optnmnstr.com optnmstr.com *.optnmstr.com optmstr.com *.optmstr.com  gleam.io *.gleam.io  *.visualwebsiteoptimizer.com  woobox.com *.woobox.com  atsc.activetrail.com a.mstrlytcs.com  nikkomsgchannel http://nikkomsgchannel https://nikkomsgchannel https://nikkomsgchannel/e http://nikkomsgchannel/e adblockers.opera-mini.net  sibautomation.com  s.sib.im in-automate.sendinblue.com  rec1.visualwebsiteoptimizer.com rec2.visualwebsiteoptimizer.com rec3.visualwebsiteoptimizer.com rec4.visualwebsiteoptimizer.com heatmap.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com  chatlio.com *.chatlio.com js.pusher.com wss://ws.pusherapp.com  ubembed.com *.ubembed.com  cdn.pushcrew.com *.pushcrew.com pushcrew.com pushalert.co *.pushalert.co push.pushalert.co  request.pushalert.co cdn.pushalert.co test87.pushalert.co api.pushalert.co  fullstory.com *.fullstory.com  cdn.ampproject.org  az416426.vo.msecnd.net dc.services.visualstudio.com  events.genndi.com  cdn.jsdelivr.net nitrocdn.com acdn.adnxs.com js.adsrvr.org ajax.cloudflare.com assets.reviews.io *.reviews.io *.amazonaws.com omappapi.com *.omappapi.com *.trustpilot.com *.zdassets.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com cdn.amplitude.com *.amplitude.com amplitude.com; report-uri https://oddsmonkey.report-uri.io/r/default/csp/enforce 1
img-src 'self' data: 'unsafe-inline' https://prodoctorov.ru https://protabletky.ru https://medotvet.me https://*.google-analytics.com *.google-analytics.com yastatic.net https://yastatic.net *.yandex.ru https://*.yandex.ru https://yandex.ru *.yandex.net https://*.yandex.net yandex.st https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz *.google.com  https://*.google.com  *.googleapis.com https://*.googleapis.com *.googlesyndication.com https://*.gstatic.com *.gstatic.com vk.com https://*.vk.com *.youtube.com *.twitter.com https://*.twitter.com *.googlezip.net https://*.ggpht.com https://www.googletagmanager.com https://*.facebook.com https://*.google.ru https://*.mail.ru seal.websecurity.norton.com www.honcode.ch https://prodoctorov.ru blob:; connect-src 'self' wss://prodoctorov.ru wss://medotvet.me *.yandex.ru *.google-analytics.com https://*.yandex.ru https://yandex.ru https://mc.yandex.com https://mc.yandex.md ajax.googleapis.com https://analytics.google.com https://region1.analytics.google.com https://www.google.ru https://translate.googleapis.com yandex.st https://yandex.st yastatic.net https://fcm.googleapis.com https://stats.g.doubleclick.net https://sentry.medrating.org https://sentry.prodoctorov.com https://*.facebook.com https://prodoctorov.ru https://rate.prodoctorov.ru https://rate-metrics.prodoctorov.ru https://app.medtochka.ru wss://app.medtochka.ru https://r.prodoctorov.ru https://ymetrica1.com/; media-src 'self' *.yandex.net yandex.st yastatic.net *.yandex.ru blob:; font-src 'self' https://*.gstatic.com *.gstatic.com data: https://yastatic.net chrome-extension; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://prodoctorov.ru *.google.com https://www.google.com https://*.google-analytics.com *.google-analytics.com *.googlesyndication.com https://*.googlesyndication.com *.googleapis.com https://*.googleapis.com www.google.com https://*.gstatic.com https://*.yandex.net https://yandex.ru https://*.yandex.ru *.yandex.ru *.gstatic.com https://clck.yandex.ru *.twitter.com https://*.twitter.com yandex.st https://yandex.st https://connect.ok.ru vk.com https://www.youtube.com https://s.ytimg.com https://www.googletagmanager.com https://googletagmanager.com https://yastatic.net yastatic.net https://connect.facebook.net seal.websecurity.norton.com dunsregistered.dnb.com https://yookassa.ru https://*.yoomoney.ru; style-src 'self' 'unsafe-inline' https://prodoctorov.ru https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com yastatic.net yandex.st https://tagmanager.google.com https://app.medlock.ru; object-src 'self' *.googlesyndication.com https://*.googlesyndication.com; frame-src *; report-uri https://prodoctorov.ru/cspreport/ 1
frame-ancestors 'self'; report-uri https://logs.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub293163a918901030b79492fe1ab424cf&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=site%3Adatad0g.com 1
script-src healthy.spartanburgregional.com 'self' 'unsafe-inline' 'unsafe-eval' *.newrelic.com https://www.googletagmanager.com app.ecwid.com siteimproveanalytics.com translate.google.com *.cloudfront.net https://builder.lift.acquia.com ecomm.events translate.googleapis.com https://www.discoverhealth.org https://translate-pa.googleapis.com js.adsrvr.org scripts.cip.healthgrades.com connect.facebook.net https://www.google-analytics.com https://discoverhealth.org bam.nr-data.net maps.googleapis.com www.google.com www.gstatic.com www.youtube.com *.epichosted.com https://www.googleadservices.com *.cloudflare.com *.jsdelivr.net bam.nr-data.net *.fontawesome.com solutions.invocacdn.com script-app.mercuryhealthcare.com widgets.mindbodyonline.com assets.healcode.com brandedweb.mindbodyonline.com https://srhs-cp.srhs.com https://app.truelook.cloud *.loyalhealth.com *.calendly.com *.azure.com https://calendly.com *.monsido.com *.piwik.pro; frame-src 'self' adfs.srhs.com  www.youtube.com youtube.com *.adsrvr.org www.google.com *.webdamdb.com *.acquiadam.com *.flipsnack.com *.epichosted.com https://www.hapyak.com https://embed.mindstamp.io  srhs-cp.srhs.com *.facebook.com https://app.truelook.cloud https://www.mealpro.net mealpro.net *.calendly.com *.azure.com https://calendly.com; child-src 'self' adfs.srhs.com  www.youtube.com youtube.com *.adsrvr.org www.google.com *.webdamdb.com *.acquiadam.com *.flipsnack.com  *.epichosted.com https://www.hapyak.com  https://embed.mindstamp.io https://app.truelook.cloud *.calendly.com *.azure.com https://calendly.com *.piwik.pro; connect-src 'self' https://www.discoverhealth.org https://sessions.bugsnag.com *.lift.acquia.com  app.ecwid.com/ ecomm.events https://www.google-analytics.com/ bam.nr-data.net stats.g.doubleclick.net maps.googleapis.com api.clockwisemd.com www.facebook.com *.webdamdb.com translate.googleapis.com *.fontawesome.com adfs.srhs.com https://analytics.google.com https://widgets.mindbodyonline.com  https://srhs-cp.srhs.com  https://us.perz-api.cloudservices.acquia.io *.truelook.cloud ws: *.loyalhealth.com *.calendly.com *.azure.com https://calendly.com *.monsido.com *.piwik.pro www.youtube.com 1
img-src 'self' data: https://px.ads.linkedin.com/ https://px4.ads.linkedin.com/ https://px.ads.linkedin.com/ https://www.facebook.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://staticbvdev.am4.com.br/ https://staticbvhmg.am4.com.br/ https://staticbv.am4.com.br/ https://staticbv.bvirtual.com.br/; style-src 'self' https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://use.fontawesome.com/ https://cdn.jsdelivr.net/ https://fonts.googleapis.com/ 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.hotjar.com/ https://static.hotjar.com/ https://unpkg.com https://js.hsforms.net https://forms.hsforms.com https://connect.facebook.net/ https://snap.licdn.com/ https://cdn.jsdelivr.net/ https://www.google-analytics.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com/ https://d335luupugsy2.cloudfront.net/ https://cdnjs.cloudflare.com/ https://ajax.googleapis.com/; 1
upgrade-insecure-requests ; default-src 'self' https: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: ; connect-src 'self' https: ; style-src 'self' 'unsafe-inline' https: ; img-src 'self' https: data: blob: ; media-src 'self' https: blob: mediastream: ; font-src 'self' https: ; object-src 'none' ; manifest-src 'self' ; frame-src 'self' https: ; child-src 'self' https: blob: ; worker-src 'self' https: blob: ; report-uri https://api.weer.nl/v1/csp/reports ; frame-ancestors 'none' 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.analytics.google.com https://*.bazaarvoice.com https://*.braintree-api.com https://*.braintreegateway.com https://*.btttag.com https://*.criteo.com https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.kampyle.com https://*.medallia.com https://*.paypal.com https://bat.bing.com https://www.bing.com https://*.sheerid.com https://*.truefitcorp.com https://adservice.google.com https://analytics.google.com https://api-env.cartfulsolutions.com https://api.cartfulsolutions.com https://apis.google.com https://assets.adobedtm.com https://careers.lululemon.com https://cdn.cquotient.com https://cdn.honey.io https://cdn.jsdelivr.net https://cdn.quantummetric.com https://ingest.quantummetric.com https://cdn.treasuredata.com https://cdnjs.cloudflare.com https://cfjump.lululemon.co.nz https://challenges.cloudflare.com https://cm.g.doubleclick.net https://cm.teads.tv https://connect.facebook.net https://ct.pinterest.com https://d38d4ysphgm9dz.cloudfront.net https://dpm.demdex.net https://e.cquotient.com https://embed.cartfulsolutions.com https://external.quantummetric.com https://fledge.teads.tv https://fonts.googleapis.com https://globalstaticassets.lululemon.com https://google.com https://googleads.g.doubleclick.net https://images.lululemon.com https://ln-rules.rewardstyle.com https://lululemon.quiq-api.com https://lululemonathleticacanadainc.demdex.net https://lululemoninternational-app.quantummetric.com https://lululemoninternational.quantummetric.com https://lululemonusa.tt.omtrdc.net https://maps.googleapis.com https://mpsnare.iesnare.com https://o4503962274299904.ingest.sentry.io https://p.cquotient.com https://p.teads.tv https://pay.google.com https://r.cquotient.com https://s.pinimg.com https://s7mbrstream.scene7.com https://sc-static.net https://smetrics.lululemon.co.nz https://sslwidget.criteo.com https://static.cloudflareinsights.com https://static.criteo.com https://static.criteo.net https://stats.g.doubleclick.net https://t.cfjump.com https://t.teads.tv https://tez.google.com https://tokyo.in.treasuredata.com https://tpc.googlesyndication.com https://tr.snapchat.com https://translate.google.com https://wf.cartfulsolutions.com https://widget.as.criteo.com https://www.cloudflare.com https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.lululemon.co.nz https://www.lululemon.co.uk https://www.paypalobjects.com https://*.browser-intake-datadoghq.com https://www.datadoghq-browser-agent.com https://tags.srv.stackadapt.com https://acdn.adnxs.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com https://ingesteu.quantummetric.com https://shop.lululemon.com https://consentag.eu https://ctnsnet.com https://ipac.ctnsnet.com https://cdn.ctnsnet.com https://i.ctnsnet.com https://embed-env.cartfulsolutions.com https://analytics.tiktok.com https://tr6.snapchat.com https://ib.adnxs.com wss://lululemoninternational.quantummetric.com wss://mpsnare.iesnare.com; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; img-src * 'self' data: https:; font-src * 'self' data: https:; block-all-mixed-content; 1
default-src 'self' https://edocperso.fr https://app.edocperso.fr; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stonly.com; connect-src 'self' https://edocperso.fr https://app.edocperso.fr https://stonly.com https://api.stonly.com ; img-src 'self' data:; style-src 'self' 'unsafe-inline' data: https: fonts.googleapis.com; font-src 'self' data: https: fonts.googleapis.com; frame-src 'self' edocperso.fr app.edocperso.fr https://s.stonly.com https://edocperso.stonly.com https://stonly.com; 1
img-src 'self' https: data:; 1
frame-ancestors *.ansarada.com https://go.ansarada.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' *.onetrust.com www.doctify.com *.googleapis.com cdnjs.cloudflare.com ajax.cloudflare.com *.infinity-tracking.com *.doubleclick.net *.infinity-tracking.net www.google.com www.gstatic.com www.cqc.org.uk unpkg.com https://*.googletagmanager.com *.google-analytics.com *.crazyegg.com bat.bing.com https://*.vimeo.com https://pi.pardot.com https://www2.priorygroup.com https://cookie-cdn.cookiepro.com; style-src 'self' 'unsafe-inline' www.doctify.com cdnjs.cloudflare.com www.cqc.org.uk *.googleapis.com *.crazyegg.com; img-src 'self' data: *.doctify.com *.onetrust.com *.ytimg.com cdnjs.cloudflare.com www.cqc.org.uk maps.googleapis.com maps.gstatic.com *.googleapis.com www.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://ad.doubleclick.net bat.bing.com *.crazyegg.com https://*.vimeocdn.com https://cookie-cdn.cookiepro.com; font-src 'self' *.doctify.com cdnjs.cloudflare.com fonts.gstatic.com; connect-src 'self' *.onetrust.com www.doctify.com *.infinity-tracking.com *.infinity-tracking.net maps.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com bat.bing.com *.crazyegg.com https://*.cookiepro.com; child-src blob:; frame-src 'self' *.youtube.com *.doubleclick.net vimeo.com player.vimeo.com www.google.com www.youtube-nocookie.com *.crazyegg.com; worker-src blob:; manifest-src 'self' 1
frame-ancestors 'self' https://*.medline.com 1
upgrade-insecure-requests, frame-ancestors 'self' 1
frame-ancestors 'self' https://inforia.jp.sharp 1
base-uri 'self'; default-src 'self'; connect-src 'self' https: wss:; font-src 'self' data: https:; img-src 'self' data: blob: about: https:; frame-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' about: https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https:;  style-src 'self' 'unsafe-inline' https:; style-src-elem 'self' 'unsafe-inline' https:; worker-src 'self' 'unsafe-inline' https:; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' localhost:51352 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report; 1
frame-ancestors https://wpp-wdcee.wirecard.com 1
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self' https://uui-alaska.com/ https://*.uui-alaska.com/ https://unicom-alaska.com/ https://*.unicom-alaska.com/; form-action 'self'; object-src 'none'; 1
default-src 'none' ; form-action 'self' https://*.edulinkone.com ; media-src 'self' https://*.edulinkone.com blob:; base-uri 'self' ; child-src 'self' ; connect-src 'self' https://*.edulinkone.com https://fcm.googleapis.com wss://*.twilio.com; script-src 'self' https://www.gstatic.com https://apis.google.com ; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'self'; frame-src https://accounts.google.com; manifest-src 'self' ; frame-ancestors 'none'; upgrade-insecure-requests; 1
frame-ancestors self https://campus.masterd.es https://www.itmasterd.es https://formacion.masterd.es https://cms2.masterd.es https://intranet.masterd.es https://aplicaciones.masterd.es https://www.cambiamostuvida.es https://somos.masterd.es https://www.estudioaudiovisualmasterd.es https://www.mdigital.es https://www.escuelaventasmasterd.es https://www.ventajasmasterd.es; 1
frame-src 'self' https://www.recaptcha.net/ https://*.youtube.com; frame-ancestors 'self' https://*.krka.si https://*.ezdravje.com https://*.edit.krkawp https://*.final.krkawp; object-src 'none'; 1
frame-ancestors 'self' *.agechecker.net mybigcommerce.com *.mybigcommerce.com shopify.com *.shopify.com myshopify.com *.myshopify.com 1
frame-ancestors 'self' https://*.sonepar.coremedia.cloud/; 1
upgrade-insecure-requests; default-src 'self'; font-src 'self' https://fonts.gstatic.com http: data:; img-src 'self' http: https://secure.gravatar.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com www.googletagmanager.com data:; script-src 'self' 'nonce-8bafa7e81b' *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gtm.js *.jquery.com 'unsafe-eval' *.youtube.com *.jquery.com *.cookiepro.com; connect-src https://www.google-analytics.com 'self' https://*.googleapis.com *.google.com https://*.gstatic.com *.doubleclick.net *.cookiepro.com https://geolocation.onetrust.com www.googletagmanager.com data: blob:; frame-src *.google.com *.youtube.com https://app.eddy.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.googleapis.com; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-ee40f73b404d4580aa22fea6343cac3a'  https://assets.adobedtm.com https://cdn.cookielaw.org https://d6tizftlrpuof.cloudfront.net https://maps.googleapis.com https://swa.blgwonen.nl https://w.usabilla.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://api.usabilla.com https://tagmanager.google.com https://connect.facebook.net https://translate.google.com; connect-src 'self' https://cdn.cookielaw.org https://dpm.demdex.net https://maps.googleapis.com https://privacyportal-de.onetrust.com https://snsbank.tt.omtrdc.net https://stats.g.doubleclick.net https://swa.blgwonen.nl https://www.google-analytics.com https://api.usabilla.com https://geolocation.onetrust.com https://www.google.com https://adservice.google.com https://www.googletagmanager.com https://upload.snsbank.nl https://snsbank.sc.omtrdc.net https://devolksbank.my.onetrust.eu https://devolksbank-privacy.my.onetrust.eu; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://d6tizftlrpuof.cloudfront.net https://snsbank.demdex.net https://www.youtube.com https://projects.ivorystudio.net https://gateway.zscloud.net https://m.youtube.com; img-src 'self' data: https://googleads.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://px.ads.linkedin.com https://usabilla-themes.s3-eu-west-1.amazonaws.com https://w.usabilla.com https://www.facebook.com https://www.googletagmanager.com https://www.google.com https://www.google.nl https://d6tizftlrpuof.cloudfront.net https://i.ytimg.com https://lh3.ggpht.com https://khms0.googleapis.com https://khms1.googleapis.com https://streetviewpixels-pa.googleapis.com https://bat.bing.com https://cdn.cookielaw.org https://www.gstatic.com https://ssl.gstatic.com https://swa.blgwonen.nl https://px4.ads.linkedin.com https://www.linkedin.com https://translate.google.com https://www.google.co.uk https://secure.adnxs.com https://devolksbank.my.onetrust.eu; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://w.usabilla.com https://d6tizftlrpuof.cloudfront.net https://tagmanager.google.com https://www.googletagmanager.com; object-src 'self'; base-uri 'self' https://d6tizftlrpuof.cloudfront.net; report-uri /web/reportreceiver; 1
block-all-mixed-content; frame-ancestors 'self' https://search.google.com https://www.google.com https://untilgone-com.cdn.ampproject.org; upgrade-insecure-requests 1
frame-ancestors 'self' localhost:* aaalifefield.lightning.force.com aaalifefield.my.salesforce.com aaalifefield--c.vf.force.com aaalifefield--full.sandbox.my.salesforce.com aaalife--agentone.vf.force.com aaalifeinsurance--agentone.vf.force.com *.salesforce.com *.lightning.force.com *.google-analytics.com *.analytics.google.com *.aaalife.com app.optimizely.com *.onelogin.com *.aaalifedesk.com *.ipipeline.com  aaalife.my.salesforce.com aaalifeinsurance.lightning.force.com *.visual.force.com; report-uri https://wwwaaalife.report-uri.com/r/t/csp/enforce 1
default-src 'none'; script-src 'self' 'unsafe-inline' *.intercomcdn.com *.intercom.io fpnpmcdn.net; connect-src 'self' *.intercom.io *.intercomcdn.com *.intercomassets.com ws: *.criteriacorp.com *.configcat.com *.ondemandassessment.com; img-src data: *; media-src *; font-src *; style-src 'self' 'unsafe-inline' fonts.googleapis.com;  base-uri 'self'; form-action 'self'; manifest-src 'self'; frame-ancestors 'self' *.hiringplatform.com *.hiringplatform.ca *.hiringplatformeu.com *.hiringplatformau.com *.hiringplatform.co.uk *.vidcruiterdev.com *.vidcruiterstage.com *.myvideointerviewau.com *.myvideointerview.co.uk *.myvideointerview.co *.myvideointerview.ca app.curately.ai resume.accuick.com app.cxninja.com careers.curately.ai https://*.fountain.com; frame-src *.bing.com bing.com https://www.bing.com; 1
default-src 'self' *.bundesbots.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.bund.de; connect-src 'self' *.itzbund.de  kira.bundesbots.de wss://kira.bundesbots.de *.bund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.instagram.com *.bundesbots.de *.bund.de platform.twitter.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de http://multimedia.gsb.bund.de *.youtube.com http://www.youtube.com *.itzbund.de *.cdninstagram.com *.bund.de; frame-src *.google.com *.gstatic.com *.youtube.com 'self' *.cdninstagram.com *.instagram.com *.twitter.com; img-src 'self' data: *.itzbund.de *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org pss.wsv.de *.cdninstagram.com *.instagram.com *.twimg.com *.bund.de *.bundesbots.de https://twemoji.maxcdn.com https://pbs.twimg.com https://cdn.jsdelivr.net https://www.kununu.com https://assets.kununu.com; frame-ancestors 'self'; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; object-src 'none'; 1
default-src 'self'; frame-src 'self' blob: data:; font-src 'self'; object-src 'none';img-src 'self' data: blob: https://internal.watchdox.net:8443/api https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ ; media-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src  'unsafe-inline' 'self'; connect-src 'self' https://internal.watchdox.net:3000; worker-src data: blob:; 1
default-src 'none' ;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ ;object-src 'none' ;style-src 'self' 'unsafe-inline' https://api.xs2a.com ;img-src 'self' https://api.xs2a.com data: ;media-src 'none' ;frame-src 'self' https://www.google.com/recaptcha/ ;font-src 'self' ;connect-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.helena.care; img-src blob: 'self' data: *.helena.care; style-src 'self' 'unsafe-inline'; font-src 'self' data: ; frame-src *.vimeo.com blob: 'self'; connect-src 'self' blob: wss: ws: *.helena.care *.opentok.com *.tokbox.com *.hereapi.com; object-src 'self' blob: 1
frame-ancestors https://cue.mediahuis.cue.cloud 1
default-src 'self' *.bookmyforex.com *.fontawesome.com *.angularjs.org *.cloudflare.com *.googleapis.com rawgit.com facebook.com googletagmanager.com razorpay.com *.razorpay.com *.linkedin.com *.google.com *.botstrapcdn.com *.bootstrapcdn.com *.jsdelivr.net *.jquery.com *.getmdl.io cashfree.com *.googleusercontent.com *.chartjs.org *.maxcdn.com *.angular.org *.facebook.com *.applemediaservices.com *.typekit.net *.ccavenue.com *.mangodata.co.in unpkg.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.facebook.com *.cashfree.com *.sokrati.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.tawk.to tawk.to *.licdn.com *.facebook.net googleadservices.com *.googleadservices.com *.bing.com youtube.com *.youtube.com *.recaptcha.net *.linkedin.oribi.io data: gap: ws: blob: ssl.gstatic.com; img-src * data: blob: ; frame-ancestors www.paxcredit.com www.tripmoney.com dialer.bookmyforex.com; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' *.chartjs.org; object-src 'self' storage.googleapis.com data: blob:; 1
frame-ancestors https://*.activtrades.com https://*.activtrades.co.uk https://*.activtrades.eu https://*.activtrades.com.br 1
frame-ancestors https://app.clonable.net 'self'; 1
frame-ancestors 'self' uloop.com *.uloop.com collegeparentcentral.com www.collegeparentcentral.com; 1
connect-src 'self'; form-action 'self'; frame-ancestors 'none';� 1
frame-ancestors 'self' hubspot.com youtube.com 1
default-src 'self' www.mio.se static.mio.host eventproxy.mio.se data: login.mio.se www.mcdn.net insights.mio.se *.puzzel.com cert.tryggehandel.net api.hitta.se *.imbox.io fonts.gstatic.com *.googleapis.com browser.sentry-cdn.com *.youtube.com i.ytimg.com sentry.io mio.mynewsdesk.com images.prismic.io prismic-io.s3.amazonaws.com via.placeholder.com i.imgur.com mioblobstoragetest.blob.core.windows.net *.getflowbox.com *.fbcdn.net *.cloudfront.net *.atdmt.com *.adnxs.com *.google.se *.google.com *.facebook.com 9211931.fls.doubleclick.net connect.facebook.net *.hotjar.com hotjar.io *.hotjar.io *.adform.net *.google-analytics.com www.gstatic.com www.googletagmanager.com stats.g.doubleclick.net t.myvisitors.se *.triggerbee.com *.ourinsights.se *.googlesyndication.com *.googleoptimize.com *.lemonpi.io *.bing.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.mio.se static.mio.host eventproxy.mio.se data: login.mio.se www.mcdn.net insights.mio.se *.puzzel.com cert.tryggehandel.net api.hitta.se *.imbox.io fonts.gstatic.com *.googleapis.com browser.sentry-cdn.com *.youtube.com i.ytimg.com sentry.io mio.mynewsdesk.com images.prismic.io prismic-io.s3.amazonaws.com via.placeholder.com i.imgur.com mioblobstoragetest.blob.core.windows.net *.getflowbox.com *.fbcdn.net *.cloudfront.net *.atdmt.com *.adnxs.com *.google.se *.google.com *.facebook.com 9211931.fls.doubleclick.net connect.facebook.net *.hotjar.com hotjar.io *.hotjar.io *.adform.net *.google-analytics.com www.gstatic.com www.googletagmanager.com stats.g.doubleclick.net t.myvisitors.se *.triggerbee.com *.ourinsights.se *.googlesyndication.com *.googleoptimize.com *.lemonpi.io *.bing.com;style-src 'self' 'unsafe-inline' www.mio.se static.mio.host eventproxy.mio.se data: login.mio.se www.mcdn.net insights.mio.se *.puzzel.com cert.tryggehandel.net api.hitta.se *.imbox.io fonts.gstatic.com *.googleapis.com browser.sentry-cdn.com *.youtube.com i.ytimg.com sentry.io mio.mynewsdesk.com images.prismic.io prismic-io.s3.amazonaws.com via.placeholder.com i.imgur.com mioblobstoragetest.blob.core.windows.net *.getflowbox.com *.fbcdn.net *.cloudfront.net *.atdmt.com *.adnxs.com *.google.se *.google.com *.facebook.com 9211931.fls.doubleclick.net connect.facebook.net *.hotjar.com hotjar.io *.hotjar.io *.adform.net *.google-analytics.com www.gstatic.com www.googletagmanager.com stats.g.doubleclick.net t.myvisitors.se *.triggerbee.com *.ourinsights.se *.googlesyndication.com *.googleoptimize.com *.lemonpi.io *.bing.com 1
frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'report-sample' https://m.youtube.com https://www.youtube.com;style-src 'self' 'report-sample' 'unsafe-inline';object-src 'none';frame-src 'self' *.youtube.com www.youtube-nocookie.com;child-src 'self' www.youtube.com;img-src 'self' data: *.ytimg.com *.youtube.com *.froala.com;font-src 'self';connect-src 'self';manifest-src 'self';base-uri 'self';form-action 'self';media-src 'self';worker-src 'self' 1
frame-ancestors 'self' https://beta.timescard.com https://hdfcbank.timescard.com *.timescard.com 1
frame-ancestors 'self' https://manage.buildings.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
upgrade-insecure-requests; frame-ancestors 'self' https://luxe.digital 1
* data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline' 'self'; * data: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample'; * data: blob: 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self'; none; self; * data: blob: 'unsafe-inline' 'self'; * data: blob: 'unsafe-inline' 'self'; * data: blob: self; * data: blob: 'unsafe-inline'; * data: blob: 'unsafe-inline' 'self'; self; self; https://6512fbc708615f75764fb2da.endpoint.csper.io/?v=0; none 1
default-src 'self'; script-src 'self' 'sha256-dgu3n+AUmAeeFlNJ9PYC9rtl6HJ/hfrZoyNPRcQxLuM=' www.googletagmanager.com www.google-analytics.com ajax.googleapis.com www.youtube.com www.instagram.com  platform.instagram.com oc-cdn-public.azureedge.net connect.facebook.net platform.twitter.com; style-src 'self' oc-cdn-public.azureedge.net fonts.cdnfonts.com; style-src-attr 'unsafe-inline'; font-src 'self' fonts.cdnfonts.com data:; connect-src 'self' www.google-analytics.com vitals.vercel-insights.com graph.facebook.com res.cloudinary.com assets.metrolinx.com; img-src 'self' res.cloudinary.com assets.metrolinx.com d3t3ozftmdmh3i.cloudfront.net i.ytimg.com data:; media-src 'self' anchor.fm d3ctxlq1ktw2nl.cloudfront.net blob:; frame-src www.youtube.com www.instagram.com oc-cdn-public.azureedge.net www.linkedin.com www.facebook.com platform.twitter.com outlook.office365.com app.sli.do; frame-ancestors 'self'; form-action 'self' 1
default-src 'self' https://www.londonzoo.org https://cms.londonzoo.org; object-src 'none'; base-uri 'self'; style-src 'self' https://www.londonzoo.org https://cms.londonzoo.org 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://tagmanager.google.com https://www.googletagmanager.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com https://www.tripadvisor.co.uk https://static.tacdn.com ; font-src 'self' https://www.londonzoo.org https://cms.londonzoo.org data: https://p.typekit.net https://use.typekit.net https://fonts.gstatic.com https://fonts.googleapis.com https://script.hotjar.com https://static.tacdn.com ; script-src 'self' https://www.londonzoo.org https://cms.londonzoo.org 'nonce-48324476454e6831464e786a6f363849' 'sha256-ZnhAS6LXLZWmpPSEDrVRkNeIsVEIsRredGkFx2WiKec=' 'sha256-iW4WnuBtxrtQK6YASZph6rx6yZZMg0U77OLIlEZvlDA=' 'sha256-48TuDkUabuH2v1zRqgyqecgn+HRkc9gfpOVMELfgzQI=' 'sha256-U96gVTGDtlmnaK204EbaOTNyZRKvfBiWyuolgJwd8CI=' 'sha256-2L/tFj1yFovfnD4TertAGuww56zrGsGC1JDWaqC75s0=' 'sha256-9HOlWcnxwIXUmTPdnAhre+W8Z0FDeSQmn4+a1GXnQSA=' 'sha256-dKGt8dCuqKR/hwtTSFNbDeXeYUxOjtop6H2SYqoIGvc=' 'sha256-y6gO+OYD2TDPY9r3GtOTvnCs5/oE/O7PmNL2zaGYeJQ=' 'sha256-Jg7eYnts8zlTEJyHuCysngL/qIiJiSEFfkFvZJOMRGY=' https://cdn.jsdelivr.net https://connect.facebook.net https://cookie-cdn.cookiepro.com https://r1.dotdigital-pages.com https://r1-t.trackedlink.net/_dmpt.js https://s.yimg.com/wi/ytc.js https://static.hotjar.com https://script.hotjar.com https://analytics.twitter.com https://static.ads-twitter.com/uwt.js https://www.dwin1.com/15333.js https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://www.youtube.com https://www.youtube-nocookie.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://campaign.zsl.org https://reclaimhub.com https://www.tripadvisor.co.uk https://www.tripadvisor.com https://static.tacdn.com https://www.jscache.com https://analytics.tiktok.com https://static.trackedweb.net https://www.googletagmanager.com https://lantern.roeyecdn.com https://go.affec.tv https://cdn.cookielaw.org https://secure.adnxs.com ; connect-src 'self' https://www.londonzoo.org https://cms.londonzoo.org https://cookie-cdn.cookiepro.com https://s.yimg.com https://stats.g.doubleclick.net https://*.google.co.uk https://*.google.com https://*.google-analytics.com https://geolocation.onetrust.com https://privacyportal.cookiepro.com https://*.analytics.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com/tr/ https://campaign.zsl.org https://analytics.tiktok.com https://px.ads.linkedin.com ; frame-src 'self' https://www.londonzoo.org https://cms.londonzoo.org data: https://*.fls.doubleclick.net https://vars.hotjar.com https://www.facebook.com https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://r1.dotdigital-pages.com https://www.arcgis.com https://html5-player.libsyn.com https://campaign.zsl.org https://www.google.com https://bid.g.doubleclick.net https://td.doubleclick.net https://reclaimhub.com https://zsl-london-zoo-timeline.octophindev.com https://cdn.knightlab.com https://my.matterport.com https://hhakkinen.shinyapps.io ; frame-ancestors 'self' https://www.londonzoo.org https://cms.londonzoo.org https://cms.zsl.org https://www.zsl.org https://cms.londonzoo.org https://www.londonzoo.org https://cms.whipsnadezoo.org https://www.whipsnadezoo.org https://campaign.zsl.org ; img-src 'self' https://www.londonzoo.org https://cms.londonzoo.org data: https://analytics.twitter.com https://cookie-cdn.cookiepro.com https://sp.analytics.yahoo.com https://t.co https://www.facebook.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.uk https://www.google.be https://campaign.zsl.org https://static.hotjar.com https://script.hotjar.com https://i.ytimg.com https://*.fls.doubleclick.net https://ad.doubleclick.net https://*.googlesyndication.com https://www.tripadvisor.co.uk https://px.ads.linkedin.com https://adservice.google.com https://lantern.roeye.com https://map.go.affec.tv ; upgrade-insecure-requests; 1
default-src 'self' *.devontechnologies.com *.paddle.com; img-src *; script-src 'self' 'unsafe-inline' api.devontechnologies.com analytics.devontechnologies.com *.paddle.com *.firstpromoter.com; frame-src player.vimeo.com *.paddle.com; style-src 'self' 'unsafe-inline' cdn.paddle.com; connect-src 'self' api.devontechnologies.com analytics.devontechnologies.com *.firstpromoter.com; child-src 'self' *.paddle.com 1
frame-ancestors 'self' https://messaging.arrt.org https://apps.arrt.org https://stdata.arrt.org 1
default-src 'self' *; script-src 'self' 'nonce-devdocs' https://www.google-analytics.com https://secure.gaug.es https://*.jquery.com; font-src 'none'; style-src 'self' 'unsafe-inline' *; img-src 'self' * data:; 1
frame-ancestors 'self' clientportal.vertafore.com; 1
default-src 'self'; font-src data: https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud; script-src 'self' https://*.bazaarvoice.com https://*.mm.mojadm.sk https://app.usercentrics.eu https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.mojadm.sk https://tags.tiqcdn.com https://www.mojadm.sk; worker-src 'self' blob:; connect-src  'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.mojadm.sk https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://coupon-aktionen.dm.de https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omc.mojadm.sk https://product-based-recos.services.dmtech.com https://products.dm.de https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://signin.mojadm.sk https://sos-prod.availability.services.dmtech.com https://staedtetour.dm-fb2.de https://storage.googleapis.com/gift-card-builder-emergency-disabled-bucket/ https://cartnext.services.dmtech.com https://products.dm.de https://shopping-list-prod.services.dmtech.com; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud; form-action 'self' https://*.bazaarvoice.com https://checkout.mojadm.sk https://giftcard-checkout.mojadm.sk/api/checkout https://signin.mojadm.sk; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.mojadm.sk https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://composer.apps.nonprod.gcp.dmtech.cloud https://content-preview.apps.prod.gcp.dmtech.cloud https://d2pqvatijh75rn.cloudfront.net https://d3s22jwy77sx9i.cloudfront.net https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.apps.nonprod.gcp.dmtech.cloud https://*.apps.prod.gcp.dmtech.cloud https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42007 https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.lxprod.ka.de.dm-drogeriemarkt.com https://*.mojadm.sk https://app.datadoghq.eu https://studio.dm-drogeriemarkt.com; frame-src 'self' https://*.bazaarvoice.com https://*.mojadm.sk https://*.services.dmtech.com https://app.usercentrics.eu https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://player.podigee-cdn.net https://sandbox.om.dm.de https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.mojadm.sk https://*.services.dmtech.com https://events.mapbox.com; child-src 'self' blob:; manifest-src 'self'; report-uri /__csp-reports__; upgrade-insecure-requests; 1
default-src 'self' *.cdc-habitat.fr cdc-habitat.fr *.aticdn.net *.google.com *.google.fr *.googleapis.com *.mgtmod01.com *.magnetis.io *.modulecall.fr sc-static.net *.facebook.net *.snapchat.com *.doubleclick.net *.gstatic.com *.alentoor.fr *.googletagmanager.com *.immodvisor.com *.xiti.com *.calendoc.com *.facil-iti.app *.facil-iti.com *.doyoudreamup.com *.cookiebot.com youtu.be *.youtube.com *.infobat3d-data02.com livetour.istaging.com *.ricoh360.com *.insidemaps.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' *.cdc-habitat.fr cdc-habitat.fr unpkg.com *.alentoor.fr *.facil-iti.app *.facil-iti.com sc-static.net *.facebook.net *.snapchat.com *.doyoudreamup.com *.immodvisor.com *.aticdn.net *.aticdn.net *.doubleclick.net *.google.com *.google.fr *.googleapis.com  *.googletagmanager.com *.mgtmod01.com *.magnetis.io *.modulecall.fr *.cookiebot.com youtu.be *.youtube.com;style-src 'self' 'unsafe-inline' *.cdc-habitat.fr  cdc-habitat.fr *.aticdn.net *.immodvisor.com unpkg.com *.googleapis.com ;img-src 'self' data: *;worker-src blob: 1
script-src 'sha256-1jAmyYXcRq6zFldLe/GCgIDJBiOONdXjTLgEFMDnDSM=' 'nonce-DZMZttqrEIACG-T42bQHGg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/mapsplatform_google_com; base-uri 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.24l7-news.com https://push.24l7-news.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://push.24l7-news.com https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz https://push.24l7-news.com ; 1
default-src 'none'; base-uri 'self'; frame-src 'self' www.facebook.com platform.twitter.com googleads.g.doubleclick.net *.google.com *.google.gr; connect-src 'self' https://get-vpn.site *:888; font-src 'self' data: https://get-vpn.site; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: *.google.com *.google.gr https://get-vpn.site trustzoneurl.com trustzonepost.xyz stats.g.doubleclick.net www.google-analytics.com *.twitter.com *.basemaps.cartocdn.com; manifest-src 'self' https://get-vpn.site; style-src 'self' 'unsafe-inline' https://get-vpn.site; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://get-vpn.site trustzoneurl.com platform.twitter.com connect.facebook.net  *.google-analytics.com *.twimg.com; report-uri https://trust.zone/_csp_log 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://backoffice.lawren.io https://analytics.rubyapps.io https://code.jquery.com https://web.lawren.io https://cdn.cookielaw.org https://ajax.googleapis.com https://maps.googleapis.com https://forms.hsforms.com https://js.hsforms.net https://www.youtube.com https://player.vimeo.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://www.googletagmanager.com https://www.google-analytics.com https://analytics.rubensteintech.com https://kit.fontawesome.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com https://hello.myfonts.net; connect-src 'self' https://backoffice.lawren.io https://cdn.cookielaw.org https://analytics.rubyapps.io https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com https://vimeo.com https://noembed.com https://stats.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://maps.gstatic.com https://maps.googleapis.com https://cdn.plyr.io https://www.google-analytics.com/ https://forms.hubspot.com https://analytics.rubensteintech.com https://ka-f.fontawesome.com; font-src 'self' data: https://fonts.gstatic.com https://ka-f.fontawesome.com; img-src 'self' https://cdn.cookielaw.org https://analytics.rubyapps.io https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com data: blob: https://i.vimeocdn.com https://i.ytimg.com https://f.hubspotusercontent30.net https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://track.hubspot.com https://www.google-analytics.com https://forms.hsforms.com; frame-src 'self' mailto: https://web.lawren.io https://mail.google.com/ https://apps.fliplet.com https://analytics.rubyapps.io https://web.lawren.io/webBot.js https://us-apps.fliplet.com https://cdn.yoshki.com https://communications.crowell.com blob: https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://www.podbean.com https://app.powerbi.com; worker-src 'self' blob:; media-src 'self' data: https://vimeo.com https://www.youtube.com https://cdn.plyr.io; frame-ancestors 'self'; object-src 'self'; 1
default-src 'self'; frame-ancestors 'self' *.kontent.ai *.hosted.positive.co.uk *.raymarine.com; frame-src 'self' data: https: *.cookiebot.com; img-src 'self' data: https: *.googletagmanager.com *.cloudfront.net; media-src 'self' data: https: *.googletagmanager.com *.canto.global; script-src 'self' 'unsafe-inline' data: https: *.googletagmanager.com *.amazonaws.com *.canto.global; font-src 'self' data: https: *.gstatic.com; style-src 'self' 'unsafe-inline' data: https: *.googleapis.com; connect-src data: https: *.googleapis.com *.hsforms.com *.hs-scripts.com; worker-src 'self' blob: *.raymarine.com; 1
frame-ancestors 'self' team.live fr.team.live es.team.live ru.team.live de.team.live pl.team.live ar.team.live tr.team.live; 1
script-src *.rmunify.com www.google-analytics.com  'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://*.facebook.com 1
default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self' data:; img-src 'self' data:; worker-src 'none'; block-all-mixed-content; 1
default-src https://* blob: data: 'unsafe-inline' 'unsafe-eval'; font-src data: https://*.metrotransit.org https://use.typekit.net https://js.arcgis.com https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; style-src 'unsafe-inline' https://*.metrotransit.org https://*.typekit.net https://translate.googleapis.com https://js.arcgis.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://www.gstatic.com; base-uri 'none'; 1
default-src *; style-src 'self' 'unsafe-inline' https://esse.riafy.in https://fonts.googleapis.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://uat.esse.riafy.in https://unpkg.com https://cdn.jsdelivr.net https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://www.youtube.com https://www.googletagmanager.com https://fonts.googleapis.com https://www.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://esse.riafy.in https://cdn.socket.io https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://uat.esse.riafy.in https://ajax.googleapis.com; frame-src 'self' 'unsafe-inline' blob: https://tawk.to https://s.tradingview.com https://www.facebook.com https://www.youtube.com https://esse.riafy.in https://td.doubleclick.net; media-src 'self' blob:; img-src 'self' 'unsafe-inline' data: https://www.facebook.com https://esse.riafy.in https://www.google.co.in https://fonts.gstatic.com https://www.googletagmanager.com 1
frame-src https://eclerx.com/  https://forms.hsforms.com/  https://js.hsforms.net/forms/embed/ https://insight.adsrvr.org/ https://player.bcast.fm/ https://player.vimeo.com/ https://www.youtube.com/ https://www.google.com/; script-src   'unsafe-eval' 'unsafe-inline'   https://js.hs-scripts.com/ https://js.hscollectedforms.net/ https://js.hs-banner.com/v2/2399470/ https://js.hs-analytics.net/analytics/  https://js.hsadspixel.net/ https://js.hubspot.com/ https://js.hsleadflows.net/ https://js.zi-scripts.com/ https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ https://forms.hubspot.com/lead-flows-config/v1/config/ https://js.zi-scripts.com/unified/v1/master/  https://js.zi-scripts.com/unified/v1/master/ https://js.hs-analytics.net/analytics/1721924400000/ https://connect.facebook.net/en_US/ https://js.zi-scripts.com/unified/v1/master/ https://connect.facebook.net/signals/config/ https://connect.facebook.net/en_US/ https://js.hsleadflows.net/ https://js.hscollectedforms.net/ https://js.hs-banner.com/v2/2399470/ https://js.hsadspixel.net/ https://js.hubspot.com/ https://js.hs-analytics.net/analytics/ https://js.hs-scripts.com/ https://js.hsforms.net/forms/ https://js.adsrvr.org/ https://tags.clickagy.com/ https://region1.google-analytics.com/g/  https://ws.zoominfo.com/pixel/     https://extend.vimeocdn.com/ga/   https://img.en25.com/  https://extend.vimeocdn.com/  https://eclerx.com/  https://www.gstatic.com/ https://www.google.com/  https://www.google-analytics.com/ https://www.googletagmanager.com/; default-src https://eclerx.com/; connect-src https://forms.hscollectedforms.net/ https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ https://js.zi-scripts.com/unified/v1/master/ https://forms.hubspot.com/lead-flows-config/v1/config/ https://pagead2.googlesyndication.com/pagead/ https://forms.hubspot.com/lead-flows-config/v1/config/ https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ https://forms.hscollectedforms.net/collected-forms/v1/config/  https://cta-service-cms2.hubspot.com/web-interactives/  https://region1.google-analytics.com/g/ https://forms.hsforms.com/emailcheck/v1/ https://forms.hsforms.com/embed/v3/form/ https://aorta.clickagy.com/ https://hemsync.clickagy.com/external/ https://s1023994345.t.eloqua.com/e/ https://ws.zoominfo.com/pixel/ https://eclerx.com/ https://www.google-analytics.com/;  font-src data: https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://eclerx.com/; img-src https://eclerx.com/ data: https: https://eclerx.com/ https://www.w3.org/2000/svg/; style-src https://eclerx.com/ https://fonts.googleapis.com/ 'unsafe-inline'; base-uri 'none'; object-src 'none'; 1
default-src 'self' https://www.youtube.com; script-src 'self' 'unsafe-inline' https://analytics.synthetix.io https://*.mailerlite.com https://cdn.sanity.io https://www.youtube.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.mailerlite.com; img-src 'self' data: https://raw.githubusercontent.com https://*.mailerlite.com https://cdn.sanity.io; font-src 'self' https://fonts.synthetix.io https://fonts.gstatic.com https://*.mailerlite.com; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; connect-src 'self' https://*.mailerlite.com https://cloudflare-eth.com https://api.etherscan.io https://*.infura.io https://*.alchemyapi.io https://synths.snx.eth.link https://analytics.synthetix.io https://cdn.sanity.io https://*.algolia.net https://*.algolianet.com https://hooks.zapier.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.googletagmanager.com *.facebook.net 1
default-src 'self'; manifest-src https://login.lightspeedsystems.app https://*.lightspeedsystems.app; connect-src 'self' https://*.lightspeedsystems.app privacyportal.onetrust.com cdn.cookielaw.org; img-src * data:; font-src *; script-src 'self' https://*.lightspeedsystems.app cdn.cookielaw.org 'sha256-FbapCBdaEEJ54X8nIOMSi6CTIisMeuHh+lD/sbIQRBk='; style-src * 'unsafe-inline'; object-src 'none'; frame-ancestors 'none';report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub7a1ace3b9b2216f100f901d2a62706f2&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env%3Aproduction 1
script-src 'self' 'unsafe-inline' ph.white.market ajax.cloudflare.com static.cloudflareinsights.com www.paypal.com googleads.g.doubleclick.net static.ads-twitter.com analytics.tiktok.com www.google.com www.clarity.ms connect.facebook.net script.hotjar.com static.hotjar.com widget.trustpilot.com widget.mercuryo.io www.google-analytics.com www.googletagmanager.com www.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; media-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'self' https://widget.mercuryo.io; worker-src 'self' 1
default-src 'self' *.wistia.com *.vimeocdn.com wss://*.foresee.com *.verint-cdn.com *.vovici.com *.thebigknow.com *.vimeo.com *.humananeighborhoodcenter.com *.everesttech.net *.everestjs.net *.demdex.net *.foresee.com *.humana.com *.ensighten.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.requirejs.org *.4see.mobi *.foreseeresults.com *.bing.com *.doubleclick.net *.facebook.com *.twitter.com *.cookielaw.org;style-src 'self' 'unsafe-inline' *.vimeocdn.com *.wistia.com wss://*.foresee.com *.verint-cdn.com *.vovici.com *.thebigknow.com *.vimeo.com *.humananeighborhoodcenter.com *.everesttech.net *.everestjs.net *.demdex.net *.foresee.com *.humana.com *.ensighten.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.requirejs.org *.cookielaw.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeocdn.com *.wistia.com wss://*.foresee.com *.verint-cdn.com *.vovici.com *.thebigknow.com *.vimeo.com *.humananeighborhoodcenter.com *.everesttech.net *.everestjs.net *.demdex.net *.foresee.com *.humana.com *.ensighten.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.cookielaw.org;img-src 'self' *.vimeocdn.com *.wistia.com wss://*.foresee.com *.verint-cdn.com *.vovici.com *.thebigknow.com *.vimeo.com *.humananeighborhoodcenter.com *.everesttech.net *.everestjs.net *.demdex.net *.foresee.com *.humana.com *.ensighten.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.requirejs.org data: *.cloudinary.com *.cookielaw.org;object-src 'self' *.go365.com;media-src 'self' *.go365.com *.wistia.com blob:;frame-ancestors 'self' *.go365.com *.humana.com; 1
default-src 'self'; style-src 'self' * 'unsafe-inline'; media-src *; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; img-src * data:; connect-src *; frame-src *; font-src * data:; manifest-src *; worker-src *; 1
default-src *; style-src * 'unsafe-inline'; worker-src 'self' blob: ; script-src * 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' http://dsctouch.beazer.com http://dsctablet.beazer.com http://*.beazer.net; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.zdassets.com assets.zendesk.com www.clarity.ms snap.licdn.com bat.bing.com consentcdn.cookiebot.com consent.cookiebot.com static.trackedweb.net secure.data-insight365.com www.google.com www.gstatic.com widget-mediator.zopim.com ajax.cloudflare.com e-ukas.com platform.instagram.com www.instagram.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: bat.bing.com www.google.co.uk imgsct.cookiebot.com px.ads.linkedin.com *.clarity.ms secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' ukas1334.zendesk.com ekr.zdassets.com consentcdn.cookiebot.com r1.trackedweb.net region1.google-analytics.com region1.analytics.google.com bam.nr-data.net *.clarity.ms px.ads.linkedin.com www.google.com bat.bing.com adservice.google.com wss://widget-mediator.zopim.com webto.salesforce.com e-ukas.com https://my.yoast.com *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com; font-src 'self' data: data: fonts.gstatic.com fonts.googleapis.com; media-src 'self' static.zdassets.com; frame-src 'self' consentcdn.cookiebot.com www.google.com e-ukas.com www.instagram.com *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' consentcdn.cookiebot.com www.google.com e-ukas.com *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; form-action 'self' webto.salesforce.com e-ukas.com; upgrade-insecure-requests; report-uri https://www.ukas.com?gdsih-csp-report; 1
connect-src 'self' https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://dpm.demdex.net *.tt.omtrdc.net https://lasteventf-tm.everesttech.net https://display.ipaper.io https://cdn.ipaper.io app.responseiq.com static.responseiq.com storage.googleapis.com https://vimeo.com *.starkgroup.dk https://*.stark.dk https://dawa.aws.dk policy.app.cookieinformation.com consent.app.cookieinformation.com dpm.demdex.net https://stark-test.criipto.id/ api.relewise.com https://webshop.dk.ecom.stark.group https://squid-api.tjek.com https://api.etilbudsavis.dk https://events.service.shopgun.com/sync https://wolf-api.tjek.com/sync https://*.wistia.com https://*.litix.io/ https://*.akamaihd.net https://psaecomendpoints.blob.core.windows.net/  https://*.viamap-gms.net/ https://s2.adform.net/ https://*.viamap.net/ https://submit.jotformeu.com/server.php https://eu-submit.jotform.com/server.php https://www.stark.vg.outline.dk/umbraco/api/icarus/configuration https://adobedc.demdex.net/  https://edge.adobedc.net/  https://bumblebee-api.tjek.com/api/v2/generate_publication_section_incito https://*.aviou.io https://*.relewise.com;default-src 'self' blob: https://stark.mapinfo.viamap-gms.net/ https://adobedc.demdex.net/ https://*.aviou.io ;font-src 'self' data: app.responseiq.com static.responseiq.com storage.googleapis.com https://d3qnoxvhi29qvt.cloudfront.net https://*.gstatic.com/ https://*.aviou.io;frame-ancestors 'self' https://service.ariba.com/ https://s1-eu.ariba.com/;frame-src 'self' https://www.youtube.com https://s.ytimg.com https://i.ytimg.com https://www.youtube-nocookie.com * ;img-src 'self' *.starkgroup.dk https://*.stark.dk * data: http://www.w3.org/2000/svg *.doubleclick.net https://www.google.com ;media-src 'self' https://www.youtube.com https://s.ytimg.com https://i.ytimg.com https://www.youtube-nocookie.com blob: https://*.wistia.net https://*.cloudfront.net data: https://*.akamaihd.net http://*.googleapis.com https://*.aviou.io;script-src 'self' www.googletagmanager.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://s.ytimg.com https://i.ytimg.com https://www.youtube-nocookie.com https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://assets.adobedtm.com https://www.everestjs.net/static/le/last-event-tag-latest.min.js https://static.criteo.net/js/ld/ld.js https://sslwidget.criteo.com mypresswire.com *.starkgroup.dk https://*.stark.dk *.tt.omtrdc.net https://www.googleadservices.com https://www.google.com https://display.ipaper.io https://cdn.ipaper.io https://*.scratcher.io policy.app.cookieinformation.com consent.app.cookieinformation.com app.responseiq.com static.responseiq.com storage.googleapis.com  https://d21oefkcnoen8i.cloudfront.net https://code.jquery.com/jquery-3.4.1.min.js https://d3qnoxvhi29qvt.cloudfront.net https://*.wistia.com blob: https://*.wistia.net https://*.akamaihd.net https://via.ritzau.dk/embedded/prs_embedded.js https://via.ritzau.dk/embedded/iframeResizer.min.js https://*.ritzau.dk blob:  https://*.viamap-gms.net/  https://*.outline.dk https://outline.dk/scripts/iframeResizer.min.js https://*.facebook.net/ https://s2.adform.net/ https://form.jotform.com/jsform/212241750019344 https://browser.sentry-cdn.com/5.12.1/bundle.min.js https://cdn01.jotfor.ms/static/prototype.forms.js https://cdn02.jotfor.ms/static/jotform.forms.js https://cdn.jotfor.ms/s/umd/5470ace351f/for-cardform-js.js https://www.jotform.com/ownerView.php https://cdn.jotfor.ms/js/formTranslation.v2.js https://track.adform.net https://cdn01.jotfor.ms/s/umd/c39932cd62a/for-cardform-js.js https://adobedc.demdex.net/  https://d21oefkcnoen8i.cloudfront.net/sgn-sdk-4.x.x.min.js https://*.aviou.io ;style-src 'self' 'unsafe-inline' *.tt.omtrdc.net app.responseiq.com static.responseiq.com storage.googleapis.com policy.app.cookieinformation.com consent.app.cookieinformation.com https://d21oefkcnoen8i.cloudfront.net  https://*.viamap-gms.net/ https://unpkg.com/maplibre-gl@2.1.9/dist/maplibre-gl.css https://cdn.jotfor.ms/stylebuilder/default.css https://cdn.jotfor.ms/stylebuilder/212241750019344.css https://cdn.jotfor.ms/wizards/languageWizard/custom-dropdown/css/lang-dd.css https://fonts.googleapis.com/css https://cdn.jotfor.ms/stylebuilder/212241750019344/style.css https://*.aviou.io; 1
font-src *.commerce-connector.com *.hotjar.com *.hotjar.io static.criteo.net *.fontawesome.com https://geowidget.easypack24.net *.googleapis.com *.gstatic.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com https://seo.mageplaza.com sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.google.com *.hotjar.com *.hotjar.io https://optimize.google.com *.cookiebot.com *.criteo.com *.criteo.net *.doubleclick.net *.facebook.com sketchfab.com *.coveto.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.youtube.com *.google.com/ pay.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.commerce-connector.com *.commerce-connector.de s3.eu-central-1.amazonaws.com *.erecruiter.pl *.google.pl *.snrcdn.net *.hotjar.com *.hotjar.io https://optimize.google.com *.cookiebot.com *.googletagmanager.com *.google-analytics.com *.criteo.com *.criteo.net *.amica.pl amica.pl *.gramagd.pl gramagd.pl *.fagorelectrodomestico.es *.fagor-electrodomestico.cz *.fagorelectrodomestico.pt *.taboola.com *.facebook.com *.doubleclick.net https://ssl.gstatic.com https://fonts.gstatic.com https://trafficscanner.pl www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.magezon.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.googleapis.com *.gstatic.com *.google.com static.przelewy24.pl www.gstatic.com gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.commerce-connector.com *.erecruiter.pl *.gstatic.com *.googleapis.com *.przelewy24.pl *.snrcdn.net *.snrbox.com https://snr-sdk.amica.pl *.newrelic.com https://bam.nr-data.net *.google.com/recaptcha/ *.hotjar.com *.hotjar.io https://optimize.google.com *.cookiebot.com https://*.criteo.com https://static.criteo.net *.doubleclick.net https://snr-api.amica.pl https://api-marketing.amica.pl https://marketing.amica.pl *.facebook.net *.taboola.com https://tagmanager.google.com *.googletagmanager.com *.clarity.ms *.amica3d.pl https://trafficscanner.pl blob: *.coveto.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.youtube.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.google.com/ *.avada.io sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.commerce-connector.com *.erecruiter.pl *.gstatic.com *.googleapis.com *.przelewy24.pl *.snrcdn.net *.snrbox.com *.newrelic.com https://bam.nr-data.net https://optimize.google.com *.cookiebot.com *.amica.pl https://tagmanager.google.com *.googletagmanager.com *.fontawesome.com https://geowidget.easypack24.net fonts.googleapis.com 'self' 'unsafe-inline'; object-src *.cookiebot.com 'self' 'unsafe-inline'; media-src *.adobe.com *.amica.pl static.criteo.net amica.pl file.fagorelectrodomestico.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.erecruiter.pl *.gstatic.com *.adobe.com *.googleapis.com *.przelewy24.pl *.snrcdn.net *.snrbox.com *.newrelic.com https://bam.nr-data.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.cookiebot.com *.criteo.com *.criteo.net *.commerce-connector.com *.doubleclick.net https://snr-api.amica.pl https://api-marketing.amica.pl https://marketing.amica.pl *.taboola.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.clarity.ms *.amica3d.pl *.googlesyndication.com https://trafficscanner.pl wss://trafficscanner.pl *.google.com *.valuemedia.pl www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn.plyr.io noembed.com *.easypack24.net *.inpost.pl *.openstreetmap.org https://get.geojs.io *.avada.io sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com 'self' 'unsafe-inline'; child-src *.criteo.com *.criteo.net http: https: blob: 'self' 'unsafe-inline'; default-src *.cookiebot.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' kviku.ru kviku.helpdeskeddy.com 1
default-src 'self'; font-src 'self' *.kaltura.com cdnjs.cloudflare.com data: fonts.gstatic.com vjs.zencdn.net *.hotjar.com;img-src 'self' data: *.google-analytics.com *.g.doubleclick.net maps.gstatic.com maps.googleapis.com *.twitter.com *.twimg.com *.youtube.com *.kaltura.com *.linkedin.com *.6sc.co *.facebook.com *.eloqua.com *.verisk.com *.albacross.com metrics.brightcove.com *.air-worldwide.com www.google.com verisk.d1.sc.omtrdc.net t.co p.adsymptotic.com cm.everesttech.net dpm.demdex.net cf-images.us-east-1.prod.boltdns.net veriskisonetprod.112.2o7.net i.ytimg.com www.googletagmanager.com www.greatplacetowork.com cdn.cookielaw.org api.mapbox.com f1.media.brightcove.com udc-neb.kampyle.com *.maplecroft.com ajax.googleapis.com public.tableau.com www.google.co.uk nebula-cdn.kampyle.com w3.poweradvocate.com https://optimize.google.com www.gstatic.com https://jumbe.zaius.com https://6016449.global.siteimproveanalytics.io/heat.aspx https://6016449.global.siteimproveanalytics.io/image.aspx https://uploads.commoninja.com  *.optimizely.com *.udc-neb.kampyle.com;object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.twitter.com www.google-analytics.com *.googleapis.com *.google.com www.gstatic.com *.cookielaw.org *.googletagmanager.com assets.adobedtm.com *.twimg.com kaltura.com *.cloudflare.com dl.episerver.net *.facebook.net fonts.googleapis.com players.brightcove.net az416426.vo.msecnd.net *.xactware.com *.kaltura.com *.licdn.com *.albacross.com *.oktopost.com *.6sc.co *.ads-twitter.com *.cave9tape.com okt.to geolocation.onetrust.com script.crazyegg.com www.googleadservices.com vjs.zencdn.net img.en25.com s1065293013.t.eloqua.com googleads.g.doubleclick.net *.salesforceliveagent.com *.linkedin.com nebula-cdn.kampyle.com unpkg.com cdn.mouseflow.com public.flourish.studio *.hotjar.com pi.pardot.com *.maplecroft.com www.buzzsprout.com public.tableau.com ionfiles.scribblecdn.net readymag.com js.hsforms.net *.hsforms.com *.youtube.com snap.licdn.com player.vimeo.com api-ssl.bitly.com nebula-cdn.kampyle.com  screencapture.kampyle.com/screenApi/load/0d9bccf0-07c5-4694-abf9-9f4bcf1d1ec2.js screencapture-cdn.kampyle.com www.googleanalytics.com www.googleoptimize.com https://optimize.google.com https://secure.leadforensics.com/  https://activitymap.adobe.com https://cdn-app.continual.ly/ https://cdn.commoninja.com/sdk/latest/commonninja.js https://cdn.calconic.com *.fraudblocker.com https://d1igp3oop3iho5.cloudfront.net https://siteimproveanalytics.com/js/siteanalyze_6016449.js https://code.jquery.com/jquery-3.3.1.min.js https://cdn.addevent.com/libs/atc/1.6.1/atc.min.js *.cdn.commoninja.com *.commoninja.com *.cdn.commoninja.com/wr/static https://code.jquery.com/jquery-3.6.3.min.js https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/css/font-awesome.min.css https://cdn.optimizely.com/js/22793102135.js https://cdn-assets-prod.s3.amazonaws.com/js/preview2/22793102135.js  *.optimizely.com https://tags.srv.stackadapt.com https://js.monitor.azure.com *.herbgreencolumn.com https://qvdt3feo.com/events.j;style-src 'self' 'unsafe-inline' *.googleapis.com dl.episerver.net *.twitter.com *.twimg.com cdnjs.cloudflare.com *.verisk.com unpkg.com https://optimize.google.com https://cdn.jsdelivr.net/npm/bootstrap@4.0.0/dist/css/bootstrap.min.css https://app.continual.ly/ https://cdn-app.continual.ly https://tags.srv.stackadapt.com;frame-src 'self' platform.twitter.com www.google.com *.twitter.com *.youtube.com *.surveygizmo.com insuranceservicesofficeinc.demdex.net *.facebook.com bid.g.doubleclick.net *.hotjar.com *.pardot.com www.buzzsprout.com public.tableau.com verisk.postclickmarketing.com *.brightcove.net *.acast.com embed.readymag.com s1120.t.eloqua.com flo.uri.sh go.maplecroft.com player.vimeo.com go.maplecroft.com nebula-cdn.kampyle.com https://optimize.google.com https://cdnapisec.kaltura.com/ https://www.youtube-nocookie.com/ https://www.insurancejournal.tv/ https://www.bloomberg.com/ https://activitymap.adobe.com https://app.powerbi.com https://lifedemo.shinyapps.io/ https://survey.alchemer.com/ https://app.continual.ly/ https://www.commoninja.com/ https://calendar.google.com/ https://accounts.google.com/ https://a22793102135.cdn.optimizely.com/ https://capture.navattic.com/  https://td.doubleclick.net/ https://datawrapper.dwcdn.net;media-src 'self' *.kaltura.com blob: *.air-worldwide.com http://manifest.prod.boltdns.net https://manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net;connect-src 'self' *.kaltura.com www.google-analytics.com *.brightcove.com dc.services.visualstudio.com dpm.demdex.net epsilon.6sense.com cdn.cookielaw.org stats.g.doubleclick.net https://c.6sc.co/ https://secure.adnxs.com/getuidj *.albacross.com http://manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.crazyegg.com www.googleapis.com veriskisonetprod.112.2o7.net verisk.d1.sc.omtrdc.net privacyportal.onetrust.com *.hotjar.com vc.hotjar.io ws: *.hotjar.com hubspot-forms-static-embed.s3.amazonaws.com https://otc.xactware.com/XactwareLms/certificationListing.xml nebula-cdn.kampyle.com  https://go.maplecroft.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://opreq.observepoint.com/ https://cdn-app.continual.ly https://app.continual.ly/ https://wss-pr.continual.ly:6001 https://www.commoninja.com https://app.calconic.com https://statistics-dot-calconic-app.appspot.com/api/stats/push https://cdn.linkedin.oribi.io/partner/1669474/domain/verisk.com/token https://cdn.linkedin.oribi.io/partner/384036/domain/maplecroft.com/token https://cdn.commoninja.com/api/v1/embed/e594afb2-85be-48ad-9c87-8296dafe748f *.optimizely.com *.hotjar.io *.linkedin.oribi.io  *.google.com https://maps.googleapis.com/ https://srv.stackadapt.com https://tags.srv.stackadapt.com *.googlesyndication.com https://px.ads.linkedin.com; child-src 'self' *.kaltura.com blob: *.air-worldwide.com insuranceservicesofficeinc.demdex.net *.surveygizmo.com; 1
manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content;, report-uri https://sentry.diemayrei.de/api/9/security/?sentry_key=ee7352f1fa3f42b59178fe6bcb4855f7;, frame-ancestors 'self'; 1
frame-ancestors 'self' *.zendesk.com *.zdusercontent.com;default-src 'self';script-src 'self' 'report-sample' 'unsafe-eval' *.youse.io *.youse.com.br *.yousetech.io *.zendesk.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.adnxs-simple.com https://*.adnxs.com https://*.google.com https://*.criteo.com https://*.targeting.voxus.com.br https://analytics.tiktok.com https://bat.bing.com https://connect.facebook.net https://cdn.privacytools.com.br https://dev.visualwebsiteoptimizer.com https://dynamic.criteo.com https://googleads.g.doubleclick.net https://graph.facebook.com https://googletagmanager.com https://js.facebook.com https://r.bing.com https://script.hotjar.com https://static.hotjar.com https://static.criteo.net https://sslwidget.criteo.com https://tag.yieldoptimizer.com https://tagmanager.google.com https://targeting.voxus.com.br https://www.googletagmanager.com https://websdk.appsflyer.com *.onelink.me *.loggly.com *.smooch.io *.adyen.com *.googleapis.com *.google-analytics.com *.pingdom.net *.yimg.com https://tag.rmp.rakuten.com/121815.ct.js *.ads-twitter.com *.twitter.com;script-src-elem 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' *.voxus.com.br *.loggly.com *.tiktok.com *.youse.io *.youse.com.br *.yousetech.io *.zendesk.com *.visualwebsiteoptimizer.com *.privacytools.com.br *.appsflyer.com *.criteo.com *.g.doubleclick.net *.smooch.io *.datadoghq-browser-agent.com *.adyen.com *.googleapis.com *.ipdata.co *.hotjar.com *.gstatic.com https://h.online-metrix.net *.zdassets.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.googleadservices.com https://rum-static.pingdom.net/pa-5bcf7f397e84eb0016000313.js *.bing.com https://s.yimg.com/wi/ytc.js https://tag.rmp.rakuten.com/121815.ct.js *.ads-twitter.com;style-src 'self' 'report-sample' 'unsafe-inline' *.google.com *.bing.com cdn.privacytools.com.br www.googletagmanager.com;object-src 'self' https://h.online-metrix.net *.googlesyndication.com;frame-src 'self' data: *.criteo.com *.criteo.net *.adnxs.com *.facebook.com *.google.com *.doubleclick.net *.googlesyndication.com connect.facebook.net sdx.microsoft.com targeting.voxus.tv vars.hotjar.com www.googletagmanager.com;child-src 'self' data: blob: *.criteo.com *.criteo.net *.adnxs.com *.facebook.com *.google.com *.doubleclick.net *.googlesyndication.com connect.facebook.net www.googletagmanager.com;img-src 'self' data: *.criteo.net *.criteo.com *.adnxs.com *.adnxs-simple.com *.yieldoptimizer.com *.facebook.com *.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.google.com *.doubleclick.net *.googlesyndication.com *.google.com.mx *.google.co.uk *.google.com.br *.google.co.in *.google.de *.google.com.tr *.google.co.il *.google.ca *.google.ro *.google.nl *.google.fr *.google.es *.google.ie *.google.com.pr *.google.it *.google.com.au *.google.com.ec *.google.com.ph *.google.com.sg *.google.com.pk *.google.at *.google.no *.google.cl *.google.co.kr *.google.se *.google.co.jp *.google.com.pe *.google.com.my *.google.co.th *.google.co.za *.google.com.ua *.google.sk *.google.com.ng *.google.pl *.google.be *.google.fi *.google.ae *.google.com.co *.google.co.id *.google.co.ve *.google.com.hk *.google.com.eg *.google.com.uy *.google.com.ar *.google.ch *.google.ru *.google.co.ke *.google.pt *.google.mu *.google.com.sa *.google.com.vn *.google.com.tw *.google.gr *.google.com.bd *.google.dk *.google.com.py *.google.ee *.google.co.nz *.google.co.ma *.google.cz *.google.lk *.google.bg *.google.rs *.google.com.do *.google.hu *.google.iq *.google.co.cr *.google.al *.google.jo *.google.hr *.google.com.pa *.google.com.cy *.google.com.gh *.google.lt *.google.kz *.google.com.np *.google.by *.google.dz *.google.com.sv *.google.hn *.google.com.kw *.google.com.et *.google.mk *.google.ge *.google.cn *.google.com.jm *.google.si *.google.co.ug *.google.lv *.google.md *.google.co.mz *.google.lu *.google.am dev.visualwebsiteoptimizer.com s.amazon-adsystem.com script.hotjar.com www.googleadservices.com www.datocms-assets.com www.googletagmanager.com *;font-src 'self' data: script.hotjar.com static.criteo.net;connect-src 'self' *.criteo.com *.google.com.br *.visualwebsiteoptimizer.com *.criteo.net *.hotjar.com *.hotjar.io *.adnxs.com *.adnxs-simple.com *.google.com *.facebook.com *.bing.com *.doubleclick.net *.googlesyndication.com analytics.tiktok.com api.ipify.org connect.facebook.net cdn.privacytools.com.br feature-toggle.yousetech.io targeting.voxus.com.br www.googletagservices.com wa.appsflyer.com www.googletagmanager.com *.onelink.me wss://ws.hotjar.com *.loggly.com;manifest-src 'self';base-uri 'self' *.adnxs.com;form-action 'self' *.facebook.com *.google.com connect.facebook.net *.youse.io *.youse.com.br;media-src 'self' *.adnxs.com *.adnxs-simple.com dai.google.com static.criteo.net;worker-src 'self' blob: www.google.com www.youse.com.br; 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com *.tatesbakeshop.com *.bootstrapcdn.com *.fonts.googleapis.com *.cloudapi.de *.fonts.gstatic.com *.cloudflare.com *.jquery.com *.onetrust.com *.googleoptimize.com *.cdninstagram.com *.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.authorize.net *.tatesbakeshop.com *.qualtrics.com *.facebook.com *.clarity.ms *.googleoptimize.com 'self' data: 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.authorize.net *.tatesbakeshop.com *.qualtrics.com *.facebook.com *.clarity.ms *.optimize.google.com *.googleoptimize.com 'self' data: 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.authorize.net *.tatesbakeshop.com *.addthis.com *.qualtrics.com *.google.com *.demdex.net *.facebook.com *.jotform.com *.cloudapi.de *.clarity.ms *.optimize.google.com *.cloudflare.com *.jquery.com *.onetrust.com 'self' data: *.googleoptimize.com *.cdninstagram.com destinilocators.com www.xtento.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.tatesbakeshop.com *.doubleclick.net *.bing.com *.listrakbi.com *.convergetrack.com *.qualtrics.com *.edgecastcdn.net *.orientaltrading.com *.rfksrv.com *.googletagmanager.com *.amazonaws.com *.google.com *.google.co.in *.magentocommerce.com *.facebook.com *.espssl.com *.pinterest.com *.optimize.google.com *.clarity.ms *.cloudflare.com *.jquery.com *.onetrust.com *.googleoptimize.com *.cdninstagram.com *.cloudfront.net *.shareasale.com *.cookielaw.org www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.fontawesome.com *.googleapis.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.authorize.net sandbox-assets.secure.checkout.visa.com *.privy.com *.tatesbakeshop.com *.addthis.com *.doubleclick.com *.convergetrack.com *.bing.com *.cardinalcommerce.com *.ccdc02.com *.orientaltrading.com *.paypalobjects.com *.ytimg.com vimeo.com *.braintreegateway.com *.signifyd.com *.moatads.com *.addthisedge.com *.listrakbi.com *.facebook.com *.facebook.net *.listrak.com *.google.com google.com *.googletagmanager.com *.pinimg.com *.cloudapi.de *.clarity.ms *.optimize.google.com *.cloudflare.com *.jquery.com *.onetrust.com 'self' unsafe-inline: *.googleoptimize.com *.cdninstagram.com *.dwin1.com *.cookielaw.org www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.tatesbakeshop.com *.bootstrapcdn.com *.listrakbi.com *.cloudapi.de *.optimize.google.com *.clarity.ms *.cloudflare.com *.jquery.com *.onetrust.com *.googleoptimize.com *.cdninstagram.com *.klaviyo.com *.cookielaw.org *.fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.authorize.net *.tatesbakeshop.com *.doubleclick.net *.google-analytics.com *.addthis.com *.cloudapi.de *.cloudflare.com *.jquery.com *.onetrust.com *.pinterest.com *.clarity.ms *.googleoptimize.com *.listrakbi.com *.facebook.com *.cdninstagram.com *.bing.com *.klaviyo.com *.privy.com *.datadome.co *.cookielaw.org 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' http://www.philips.pl *.philips.com *.philips.pl https://philipsigtdpv.com 1
media-src 'self' data: mpsnare.iesnare.com; script-src 'self' script.js *.checkout.com *.cloudflare.com *.disqus.com *.disquscdn.com *.google.com *.sumo.com *.trustpilot.com *.zdassets.com *.zopim.com *.iubenda.com ajax.googleapis.com stackpath.bootstrapcdn.com www.google-analytics.com googleads.g.doubleclick.net www.googleadservices.com www.googletagmanager.com connect.facebook.net static.affilae.com tpc.googlesyndication.com sibautomation.com 'unsafe-eval' 'unsafe-inline' *.googleapis.com bat.bing.com cdn.jsdelivr.net code.jquery.com maxcdn.bootstrapcdn.com unpkg.com lb.affilae.com www.compado-tracking.com stats.g.doubleclick.net a.quora.com *.clarity.ms *.ubembed.com libs.hipay.com mpsnare.iesnare.com www.dwin1.com www.awin1.com the.sciencebehindecommerce.com; style-src 'self' *.disquscdn.com ajax.googleapis.com fonts.googleapis.com 'unsafe-inline' static.snoweb.fr static.snoweb.io unpkg.com cdn.jsdelivr.net libs.hipay.com; img-src 'self' *.sumo.com *.trustpilot.com *.iubenda.com images-static.trustpilot.com static.weenect.com sumo.com *.googleapis.com www.google-analytics.com weenect.s3.eu-west-3.amazonaws.com d128mjo55rz53e.cloudfront.net www.gravatar.com v2.zopim.com v2assets.zopim.io data: stats.g.doubleclick.net www.facebook.com www.google.com www.google.fr www.googletagmanager.com googleads.g.doubleclick.net *.gstatic.com *.bing.com static.snoweb.fr static.snoweb.io cx.atdmt.com *.disqus.com *.disquscdn.com *.clarity.ms cdn.jsdelivr.net www.awin1.com; font-src 'self' fonts.googleapis.com v2.zopim.com fonts.gstatic.com data: blob:; frame-src 'self' *.checkout.com *.vimeo.com *.youtube.com disqus.com *.iubenda.com www.facebook.com lb.affilae.com www.compado-tracking.com sibautomation.com *.ubembed.com libs.hipay.com www.awin1.com; default-src 'self' https://maps.googleapis.com *.checkout.com *.disqus.com *.disquscdn.com *.sumo.com *.zopim.com *.iubenda.com disqus.com ekr.zdassets.com google.com www.google.com googleads.g.doubleclick.net sumo.com wss://widget-mediator.zopim.com *.wagtail.io weenect.zendesk.com www.facebook.com sibautomation.com *.google-analytics.com stats.g.doubleclick.net in-automate.sendinblue.com https://oms.salesupply.com:52222 *.clarity.ms *.bing.com static.weenect.com *.ubembed.com ipapi.co mpsnare.iesnare.com wss://mpsnare.iesnare.com *.hipay.com the.sciencebehindecommerce.com 1
default-src 'none'; frame-ancestors 'self'; connect-src https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.medicalobjects.com/ https://maps.googleapis.com/maps/api/mapsjs/ https://createsend.com/ https://secure.geonames.org/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.google.com/ https://www.gstatic.com/ https://www.google-analytics.com/; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/font-awesome/; font-src 'self' data: https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/font-awesome/; img-src 'self' data: https://www.google.com/ads/ https://www.google-analytics.com/ https://www.google.com.au/ads/ https://www.medical-objects.com.au/ https://i.ytimg.com/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/; style-src 'self' 'unsafe-inline'; frame-src https://www.google.com/ https://www.youtube.com/; script-src-elem 'self' 'unsafe-inline' https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://www.googletagmanager.com/gtag/ https://www.google.com/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://js.createsend1.com/javascript/copypastesubscribeformlogic.js https://medical-objects.createsend.com/; worker-src blob:; 1
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 1
script-src 'nonce-cSHhIw8jj+8DRz/SQLrgDyqlZqwy4/nCrOJSxUBrxPplaayW5eWsv7ck/U3YhIBXOJ2VA/5+99sGQJ6wxXI/sw==' 'strict-dynamic' 'wasm-unsafe-eval'; object-src 'none'; base-uri 'none' 1
base-uri 'self'; default-src 'self'; child-src 'self' https://*.auth0.com https://*.dfh.dev https://*.designsforhealth.com https://*.designsforhealth.ca https://www.buzzsprout.com https://*.hotjar.com https://*.hotjar.io https://static.dfh.dev https://www.googletagmanager.com; connect-src 'self' https://testflex.cybersource.com https://flex.cybersource.com https://646i2f8h.apicdn.sanity.io https://646i2f8h.api.sanity.io https://*.dfh.dev https://*.auth0.com https://*.designsforhealth.com https://*.designsforhealth.ca https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://api.hubapi.com https://forms.hubspot.com https://api.hubspot.com https://*.sentry.io https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; font-src 'self' data: https://*.hotjar.com https://*.hotjar.io; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: https://cdn.sanity.io https://*.dfh.dev https://images.designsforhealth.com https://*.hotjar.com https://*.hotjar.io https://forms.hsforms.com https://track.hubspot.com https://maps.gstatic.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com https://google.com; media-src 'self' data:; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://*.hotjar.com https://*.hotjar.io https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hscollectedforms.net https://browser.sentry-cdn.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline'; report-uri https://o795780.ingest.sentry.io/api/5801897/security/?sentry_key=a6cbbf3456244fd1a6353ab9fc71ae04 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; img-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; connect-src *; font-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; media-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; report-uri *; child-src *; form-action *; frame-ancestors *; object-src *; frame-src *; worker-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream: blob:; manifest-src *; navigate-to *; base-uri *; upgrade-insecure-requests 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://js.appetize.io https://appetize.io https://fonts.googleapis.com https://fonts.gstatic.com/ https://*.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.stripe.com https://cdnjs.cloudflare.com https://*.widget.cluster.groovehq.com https://cdn.segment.com https://clarity.ms https://cdn2.hubspot.net https://*.hs-analytics.net https://*.hs-scripts.com https://*.hsforms.net https://*.hsforms.com https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hs-banner.com https://*.hsadspixel.net https://*.hubspotfeedback.com https://feedback.hubapi.com https://*.usemessages.com https://player.vimeo.com https://snap.licdn.com https://snid.snitcher.com https://*.posthog.com; connect-src *; img-src 'self' data: https://site.appetize.io https://appetizeio-static.s3.amazonaws.com https://s3.amazonaws.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com/ https://www.google.ca https://*.google-analytics.com https://www.googletagmanager.com https://*.stripe.com https://c.clarity.ms https://track.hubspot.com https://*.hsforms.com https://c.bing.com https://i.vimeocdn.com https://px.ads.linkedin.com https://www.linkedin.com 1
manifest-src https://cdn.appfollow.io https://appfollow.io https://q.quora.com https://px.ads.linkedin.com https://track.hubspot.com https://www.google-analytics.com https://www.facebook.com/ https://www.google.com https://googleads.g.doubleclick.net; media-src https://cdn.appfollow.io https://appfollow.io https://q.quora.com https://px.ads.linkedin.com https://track.hubspot.com https://www.google-analytics.com https://www.facebook.com/ https://www.google.com https://googleads.g.doubleclick.net; upgrade-insecure-requests 1
frame-ancestors 'self' https://manage.ecmweb.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
: default-src 'self'; 1
default-src * 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://az416426.vo.msecnd.net https://atqaeastsqldiags.blob.core.windows.net https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://app.tpastream.com https://info.alegeus.com https://d.adroll.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://auth.beta.wealthcareadmin.com/adfs/ls/ https://auth.wealthcareadmin.com/adfs/ls/ https://ise.stg.fsastore.com https://ise.fsastore.com https://atdeveastsqldiags.blob.core.windows.net https://cdn.fsastore.com https://widget.criteo.com https://mcrd20011.brandmovers.co/saml2/alegeus/metadata/ https://mcrd20011-staging.brandmovers.co/saml2/alegeus/metadata/ https://alg-investment-portal-app-b-001.azurewebsites.net https://alg-investment-portal-app-q-001.azurewebsites.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alg-claims-portal-app-q-001.azurewebsites.net https://alg-claims-portal-app-b-001.azurewebsites.net https://alg-claims-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net; style-src * 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://az416426.vo.msecnd.net https://atqaeastsqldiags.blob.core.windows.net https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://app.tpastream.com https://info.alegeus.com https://d.adroll.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://auth.beta.wealthcareadmin.com/adfs/ls/ https://auth.wealthcareadmin.com/adfs/ls/ https://ise.stg.fsastore.com https://ise.fsastore.com https://atdeveastsqldiags.blob.core.windows.net https://cdn.fsastore.com https://widget.criteo.com https://mcrd20011.brandmovers.co/saml2/alegeus/metadata/ https://mcrd20011-staging.brandmovers.co/saml2/alegeus/metadata/ https://alg-investment-portal-app-b-001.azurewebsites.net https://alg-investment-portal-app-q-001.azurewebsites.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alg-claims-portal-app-q-001.azurewebsites.net https://alg-claims-portal-app-b-001.azurewebsites.net https://alg-claims-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net; img-src * 'self' data:; font-src * 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://az416426.vo.msecnd.net https://atqaeastsqldiags.blob.core.windows.net https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://app.tpastream.com https://info.alegeus.com https://d.adroll.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://auth.beta.wealthcareadmin.com/adfs/ls/ https://auth.wealthcareadmin.com/adfs/ls/ https://ise.stg.fsastore.com https://ise.fsastore.com https://atdeveastsqldiags.blob.core.windows.net https://cdn.fsastore.com https://widget.criteo.com https://mcrd20011.brandmovers.co/saml2/alegeus/metadata/ https://mcrd20011-staging.brandmovers.co/saml2/alegeus/metadata/ https://alg-investment-portal-app-b-001.azurewebsites.net https://alg-investment-portal-app-q-001.azurewebsites.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alg-claims-portal-app-q-001.azurewebsites.net https://alg-claims-portal-app-b-001.azurewebsites.net https://alg-claims-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net; media-src * 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://az416426.vo.msecnd.net https://atqaeastsqldiags.blob.core.windows.net https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://app.tpastream.com https://info.alegeus.com https://d.adroll.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://auth.beta.wealthcareadmin.com/adfs/ls/ https://auth.wealthcareadmin.com/adfs/ls/ https://ise.stg.fsastore.com https://ise.fsastore.com https://atdeveastsqldiags.blob.core.windows.net https://cdn.fsastore.com https://widget.criteo.com https://mcrd20011.brandmovers.co/saml2/alegeus/metadata/ https://mcrd20011-staging.brandmovers.co/saml2/alegeus/metadata/ https://alg-investment-portal-app-b-001.azurewebsites.net https://alg-investment-portal-app-q-001.azurewebsites.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alg-claims-portal-app-q-001.azurewebsites.net https://alg-claims-portal-app-b-001.azurewebsites.net https://alg-claims-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net; base-uri 'self'; frame-ancestors * 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://az416426.vo.msecnd.net https://atqaeastsqldiags.blob.core.windows.net https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://app.tpastream.com https://info.alegeus.com https://d.adroll.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://auth.beta.wealthcareadmin.com/adfs/ls/ https://auth.wealthcareadmin.com/adfs/ls/ https://ise.stg.fsastore.com https://ise.fsastore.com https://atdeveastsqldiags.blob.core.windows.net https://cdn.fsastore.com https://widget.criteo.com https://mcrd20011.brandmovers.co/saml2/alegeus/metadata/ https://mcrd20011-staging.brandmovers.co/saml2/alegeus/metadata/ https://alg-investment-portal-app-b-001.azurewebsites.net https://alg-investment-portal-app-q-001.azurewebsites.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alg-claims-portal-app-q-001.azurewebsites.net https://alg-claims-portal-app-b-001.azurewebsites.net https://alg-claims-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net; upgrade-insecure-requests; object-src * 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://az416426.vo.msecnd.net https://atqaeastsqldiags.blob.core.windows.net https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://app.tpastream.com https://info.alegeus.com https://d.adroll.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://auth.beta.wealthcareadmin.com/adfs/ls/ https://auth.wealthcareadmin.com/adfs/ls/ https://ise.stg.fsastore.com https://ise.fsastore.com https://atdeveastsqldiags.blob.core.windows.net https://cdn.fsastore.com https://widget.criteo.com https://mcrd20011.brandmovers.co/saml2/alegeus/metadata/ https://mcrd20011-staging.brandmovers.co/saml2/alegeus/metadata/ https://alg-investment-portal-app-b-001.azurewebsites.net https://alg-investment-portal-app-q-001.azurewebsites.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alg-claims-portal-app-q-001.azurewebsites.net https://alg-claims-portal-app-b-001.azurewebsites.net https://alg-claims-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net; connect-src * 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://az416426.vo.msecnd.net https://atqaeastsqldiags.blob.core.windows.net https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://app.tpastream.com https://info.alegeus.com https://d.adroll.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://auth.beta.wealthcareadmin.com/adfs/ls/ https://auth.wealthcareadmin.com/adfs/ls/ https://ise.stg.fsastore.com https://ise.fsastore.com https://atdeveastsqldiags.blob.core.windows.net https://cdn.fsastore.com https://widget.criteo.com https://mcrd20011.brandmovers.co/saml2/alegeus/metadata/ https://mcrd20011-staging.brandmovers.co/saml2/alegeus/metadata/ https://alg-investment-portal-app-b-001.azurewebsites.net https://alg-investment-portal-app-q-001.azurewebsites.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alg-claims-portal-app-q-001.azurewebsites.net https://alg-claims-portal-app-b-001.azurewebsites.net https://alg-claims-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net; report-uri * /info/cspreport; form-action * 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://az416426.vo.msecnd.net https://atqaeastsqldiags.blob.core.windows.net https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://app.tpastream.com https://info.alegeus.com https://d.adroll.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://auth.beta.wealthcareadmin.com/adfs/ls/ https://auth.wealthcareadmin.com/adfs/ls/ https://ise.stg.fsastore.com https://ise.fsastore.com https://atdeveastsqldiags.blob.core.windows.net https://cdn.fsastore.com https://widget.criteo.com https://mcrd20011.brandmovers.co/saml2/alegeus/metadata/ https://mcrd20011-staging.brandmovers.co/saml2/alegeus/metadata/ https://alg-investment-portal-app-b-001.azurewebsites.net https://alg-investment-portal-app-q-001.azurewebsites.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alg-claims-portal-app-q-001.azurewebsites.net https://alg-claims-portal-app-b-001.azurewebsites.net https://alg-claims-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net; frame-src * 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://az416426.vo.msecnd.net https://atqaeastsqldiags.blob.core.windows.net https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://app.tpastream.com https://info.alegeus.com https://d.adroll.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://auth.beta.wealthcareadmin.com/adfs/ls/ https://auth.wealthcareadmin.com/adfs/ls/ https://ise.stg.fsastore.com https://ise.fsastore.com https://atdeveastsqldiags.blob.core.windows.net https://cdn.fsastore.com https://widget.criteo.com https://mcrd20011.brandmovers.co/saml2/alegeus/metadata/ https://mcrd20011-staging.brandmovers.co/saml2/alegeus/metadata/ https://alg-investment-portal-app-b-001.azurewebsites.net https://alg-investment-portal-app-q-001.azurewebsites.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alg-claims-portal-app-q-001.azurewebsites.net https://alg-claims-portal-app-b-001.azurewebsites.net https://alg-claims-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.petlink.net *.adyen.com  https://www.googleadservices.com https://www.google-analytics.com https://maps.google.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://in.hotjar.com https://connect.facebook.net https://beacon-v2.helpscout.net https://www.google.com https://www.gstatic.com https://www.youtube.com https://static.doubleclick.net https://maps.googleapis.com https://f.vimeocdn.com https://fastgull.io 1
frame-ancestors 'self' https://app.contentful.com; worker-src blob:; default-src 'self' gap: ws: 'unsafe-inline' 'unsafe-eval' data: api.country.is vercel.live vercel.app *.vercel.live *.vercel.app safevisit.online contentful.com *.contentful.com *.googleapis.com *.youtube.com *.paypal.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.com.ph *.google.ca *.google.ie *.google.co.in *.facebook.com *.amazonaws.com *.cloudfront.net *.googletagservices.com pay.google.com *.s3.amazonaws.com google.com *.sitkagear.com js.narvar.com cdn.searchspring.net js.klarna.com manifest.webmanifest cdn.tailwindcss.com cdn.cookielaw.org api.yotpo.com cdn-widgetsrepository.yotpo.com *.yotpo.com *.searchspring.io *.bigcommerce.com *.locally.com *.ctfassets.net *.onetrust.com *.criteo.com *.avmws.com *.safevisit.online *.gtm-msr.appspot *.dynamic.criteo.com *.facebook.net *.klaviyo.com *.zdassets.com *.browser-intake-datadoghq *.vercel-insights.com *.csper.io klarnaservices.com *.klarnaservices.com *.datadoghq-browser-agent.com datadoghq-browser-agent.com *.browser-intake-datadoghq.com browser-intake-datadoghq.com *.gstatic.com *.bing.com *.typekit.net *.doubleclick.ne *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.aralego.com criteo-sync.teads.tv *.3lift.com *.yahoo.net *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.stickyadstv.com *.360yield.com *.rlcdn.com *.outbrain.com *.pubmatic.com *.smaato.net *.clmbtech.com *.yieldmo.com *.klarnacdn.net vercel.com assets.vercel.com googleads.g.doubleclick.net *.dotomi.com he.lijit.com envoydev.co track.securedvisit.com bh.contextweb.com stats.g.doubleclick.net public-prod-dspcookiematching.dmxleo.com match.adsrvr.org *.zendesk.com *.zopim.com widget-mediator.zopim.com trends.revcontent.com match.sharethrough.com tapestry.tapad.com criteo-partners.tremorhub.com ad.tpmn.co.kr e1.emxdgt.com cm.g.doubleclick.net partner.mediawallahscript.com visitor.omnitagjs.com i.liadm.com exchange.mediavine.com 1f2e7.v.fwmrm.net tags.bluekai.com dpm.demdex.net ws-us3.pusher.co eu.klarnaevt.com sockjs-us3.pusher.com ws-us3.pusher.com aa.agkn.com jadserve.postrelease.com ad.tpmn.io match.prod.bidr.io i6.liadm.com sync.crwdcntrl.net *.sv.rkdms.com *.simpli.fi *.dlx.addthis.com ws.rqtrk.eu *.youtube-nocookie.com *.klarnaevt.com *.cloudflare.com *.datadome.co *.hotjar.com *.hotjar.io *.narvar.com aorta.clickagy.com *.abtasty.com *.narvar.qa *.gorewear.com *.dev.sitka.stage-codal.net *.sitka.stage-codal.net *.stage-codal.net www.sandbox.paypal.com cdn.sand.us.zip.co *.stagesitkagear.com localhost:* 1
default-src 'self' *.relay42.com *.doubleclick.net googletagmanager.com *.googlesyndication.com *.googleadservices.com *.linkedin.com;script-src 'self' 'unsafe-eval' *.achmea.nl *.facebook.net *.google.com *.googlesyndication.com *.linkedin.com *.r42tag.com *.relay42.com cdn.harvest.graindata.com https://www.googleoptimize.com https://www.googletagmanager.com maps.googleapis.com www.google-analytics.com  www.youtube.com ssl.synovite-scripts.com www.gstatic.com snap.licdn.com *.doubleclick.net *.googleadservices.com rekentools.webbridge.nl googletagmanager.com;script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.achmea.nl *.facebook.net *.google.com *.googlesyndication.com *.linkedin.com *.r42tag.com *.relay42.com cdn.harvest.graindata.com https://www.googleoptimize.com https://www.googletagmanager.com maps.googleapis.com www.google-analytics.com  www.youtube.com ssl.synovite-scripts.com www.gstatic.com snap.licdn.com *.doubleclick.net *.googleadservices.com rekentools.webbridge.nl googletagmanager.com player.vimeo.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline' *.achmea.nl *.facebook.net *.google.com *.googlesyndication.com *.linkedin.com *.r42tag.com *.relay42.com cdn.harvest.graindata.com https://www.googleoptimize.com https://www.googletagmanager.com maps.googleapis.com www.google-analytics.com  www.youtube.com ssl.synovite-scripts.com www.gstatic.com snap.licdn.com *.doubleclick.net *.googleadservices.com rekentools.webbridge.nl googletagmanager.com;style-src 'self' 'unsafe-eval' fonts.googleapis.com www.google.com optimize.google.com gstatic.com *.r42tag.com *.relay42.com;style-src-elem 'self' 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com www.google.com optimize.google.com gstatic.com *.r42tag.com *.relay42.com;style-src-attr 'self' 'unsafe-eval' 'unsafe-inline';img-src 'self' data: *.achmea.nl *.contentsquare.net *.googlesyndication.com *.r42tag.com *.relay42.com https://www.googletagmanager.com maps.googleapis.com maps.gstatic.com optimize.google.com region1.analytics.google.com region1.google-analytics.com www.advieskeuze.nl www.facebook.com www.google-analytics.com www.google.com www.google.nl www.googleapis.com www.googletagmanager.com https://i.ytimg.com *.w3.org *.vimeocdn.com px.ads.linkedin.com px4.ads.linkedin.com google.be translate.google.com fonts.gstatic.com googleads.g.doubleclick.net rekentools.webbridge.nl zilverenkruis.nl;font-src 'self' data: fonts.gstatic.com;connect-src 'self' analytics.cloud.coveo.com *.achmea.nl *.facebook.net *.googlesyndication.com api.advieskeuze.nl controle.achmea.consentmonitor.nl https://*.in.applicationinsights.azure.com maps.googleapis.com r.contentsquare.net region1.analytics.google.com region1.google-analytics.com  www.google-analytics.com *.google.com *.doubleclick.net translate.googleapis.com vimeo.com px.ads.linkedin.com *.linkedin.com *.org.coveo.com;media-src 'self' *.youtube-nocookie.com player.vimeo.com www.youtube.com;object-src 'self' https://td.doubleclick.net/;child-src 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com optimize.google.com www.google.com player.vimeo.com t.svtrd.com td.doubleclick.net rekentools.webbridge.nl www.youtube.com https://td.doubleclick.net/ https://tpc.googlesyndication.com/;frame-src 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com player.quadia.net td.doubleclick.net rekentools.webbridge.nl https://www.youtube.com/ *.googlesyndication.com player.vimeo.com t.svtrd.com vimeo.com;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com player.quadia.net td.doubleclick.net rekentools.webbridge.nl https://www.youtube.com/ *.googlesyndication.com;form-action * 'self' t.svtrd.com *.achmea.nl;manifest-src 'self';report-uri https://achmea.ams.report-uri.com/r/t/csp/enforce; 1
default-src * data: blob: 'self'; connect-src https: data: blob: 'self' https://*.azureedge.net https://*.avepoint.com https://*.google.com https://853-gwt-606.mktoresp.com https://api.segment.io https://stats.g.doubleclick.net wss://*.hotjar.com wss://*.bing.com *.aptrinsic.com *.zoominfo.com *.visualwebsiteoptimizer.com app.vwo.com; font-src data: blob: 'self' https://*.azureedge.net https://*.avepoint.com https://fonts.gstatic.com https://fonts.googleapis.com https://use.fontawesome.com https://*.hotjar.com https://cdn.jsdelivr.net; frame-src data: blob: 'self' https://*.azureedge.net https://*.avepoint.com https://*.eventbrite.com https://*.google.com https://*.bing.com https://*.clarity.ms https://*.doubleclick.net https://www.googletagmanager.com https://tpc.googlesyndication.com https://lpcdn.lpsnmedia.net https://vars.hotjar.com https://*.osano.com https://boards.greenhouse.io https://www.facebook.com https://www.youtube.com https://pixel.mathtag.com https://c.sharethis.mgr.consensu.org https://sdx.microsoft.com https://*.sharethis.com https://*.twitter.com https://*.linkedin.com https://recaptcha.net https://*.recaptcha.net https://www.avepoint.com.cn https://*.clickagy.com https://avepoint.widget.insent.ai https://*.eventbrite.com https://*.buzzsprout.com https://*.marker.io app.vwo.com *.visualwebsiteoptimizer.com; img-src https: data: blob: 'self' https://*.azureedge.net https://*.avepoint.com *.aptrinsic.com https://*.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com; media-src 'self' https://*.azureedge.net https://*.avepoint.com https://lpcdn.lpsnmedia.net https://maps.gstatic.com https://*.googleapis.com https://*.twitter.com; script-src 'self' blob: data: 'unsafe-eval' 'unsafe-inline' https://pagead2.googlesyndication.com https://*.azureedge.net https://*.avepoint.com https://*.eventbrite.com https://sessionize.com https://*.clickagy.com https://*.6sc.co https://accdn.lpsnmedia.net https://*.bing.com https://*.clarity.ms https://c212.net https://cdn.c212.net https://cdn.segment.com https://*.osano.com https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://*.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://tpc.googlesyndication.com https://ajax.googleapis.com https://*.idio.co https://lpcdn.lpsnmedia.net https://x.clearbitjs.com https://tag.clearbitscripts.com https://marketo.clearbit.com https://ml314.com https://munchkin.marketo.net https://*.hotjar.com https://snap.licdn.com https://*.zoominfo.com https://js.zi-scripts.com https://www.googletagmanager.com https://www.gstatic.com https://www.gstatic.cn https://www.redditstatic.com https://*.greenhouse.io https://s3.amazonaws.com https://cdn.jsdelivr.net https://ajax.aspnetcdn.com https://www.youtube.com https://maps.googleapis.com https://*.sharethis.com https://pixel.mathtag.com https://s.yimg.jp https://static.ads-twitter.com https://*.twitter.com https://a.omappapi.com https://*.yahoo.co.jp https://visualsponline.azurewebsites.net https://cdnjs.cloudflare.com https://recaptcha.net https://*.recaptcha.net *.aptrinsic.com https://*.admatrix.jp https://*.taboola.com https://avepoint.us3.list-manage.com https://avepoint.widget.insent.ai https://insentdev.widget.insent.ai https://prod.impartner.live https://packages.prmcdn.io https://*.eventbrite.com https://*.buzzsprout.com https://*.marker.io *.visualwebsiteoptimizer.com app.vwo.com; style-src 'self' 'unsafe-inline' https://*.azureedge.net https://*.avepoint.com https://sessionize.blob.core.windows.net https://sessionize.com https://tagmanager.google.com https://*.googleapis.com https://*.greenhouse.io https://static-exp1.licdn.com https://cdn-images.mailchimp.com https://use.fontawesome.com https://cdn.jsdelivr.net https://*.osano.com https://*.bing.com https://*.clarity.ms https://cdnjs.cloudflare.com *.aptrinsic.com https://www.googletagmanager.com https://optimize.google.com https://packages.prmcdn.io *.visualwebsiteoptimizer.com app.vwo.com; object-src 'self' data: 'unsafe-eval'; worker-src 'self' blob: https://*.azureedge.net https://*.avepoint.com https://*.osano.com https://*.recaptcha.net;  frame-ancestors 'self' https://*.azureedge.net https://*.avepoint.com https://*.maivenpoint.com https://www.avepoint.com.cn https://www.avepointonlineservices.com https://apwebapptest.azurewebsites.net https://maiven.sharepointguild.com https://*.dealhub.io; 1
frame-ancestors https://app.kuda.com https://kudaglobal-test.azurewebsites.net https://kudaglobal-staging.azurewebsites.net http://localhost:9126 1
script-src 'self' https://*.google.com https://*.gstatic.com https://seal.entrust.net 1
media-src * blob:; worker-src * data: blob:; default-src https: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com *.teeitup.com *.golfid.io data: blob; connect-src https: wss:; script-src https: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com; style-src https: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline'; img-src https: blob: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com s3.amazonaws.com https://www.google-analytics.com https://optimize.google.com; font-src https: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com https://fonts.gstatic.com; frame-src https: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com *.teeitup.com *.golfid.io https://optimize.google.com; frame-ancestors 'self' *.onlinereservationsystems.com; 1
default-src 'self' 'nonce-Y0qHml60MayEmtXpO+ipdA==' https://public.mijnpensioenoverzicht.nl https://cdn.mijnpensioenoverzicht.nl https://sprmpovideostorprod.blob.core.windows.net https://cdn.matomo.cloud https://mijnpensioenoverzicht.matomo.cloud *.mopinion.com; frame-src 'none'; frame-ancestors 'none'; img-src 'self' data: https://public.mijnpensioenoverzicht.nl https://cdn.mijnpensioenoverzicht.nl https://sprmpovideostorprod.blob.core.windows.net https://cdn.matomo.cloud https://mijnpensioenoverzicht.matomo.cloud *.mopinion.com; script-src 'self' 'nonce-Y0qHml60MayEmtXpO+ipdA==' https://public.mijnpensioenoverzicht.nl https://cdn.mijnpensioenoverzicht.nl https://sprmpovideostorprod.blob.core.windows.net https://cdn.matomo.cloud https://mijnpensioenoverzicht.matomo.cloud *.mopinion.com; script-src-elem 'self' 'nonce-Y0qHml60MayEmtXpO+ipdA==' https://public.mijnpensioenoverzicht.nl https://cdn.mijnpensioenoverzicht.nl https://sprmpovideostorprod.blob.core.windows.net https://cdn.matomo.cloud https://mijnpensioenoverzicht.matomo.cloud *.mopinion.com; style-src 'self' 'nonce-Y0qHml60MayEmtXpO+ipdA==' https://public.mijnpensioenoverzicht.nl https://cdn.mijnpensioenoverzicht.nl https://sprmpovideostorprod.blob.core.windows.net https://cdn.matomo.cloud https://mijnpensioenoverzicht.matomo.cloud *.mopinion.com; style-src-elem 'self' 'nonce-Y0qHml60MayEmtXpO+ipdA==' https://public.mijnpensioenoverzicht.nl https://cdn.mijnpensioenoverzicht.nl https://sprmpovideostorprod.blob.core.windows.net https://cdn.matomo.cloud https://mijnpensioenoverzicht.matomo.cloud *.mopinion.com; worker-src 'none'; block-all-mixed-content; 1
default-src * data:; script-src https: http://suzukicycles.local http://www.youtube.com 'unsafe-inline' 'unsafe-eval'; style-src https: http://suzukicycles.local 'unsafe-inline' 1
default-src * data: 'unsafe-inline'; img-src * data: blob:; script-src * 'unsafe-eval' 'unsafe-inline' blob:; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://campaigns.sertifi.com https://js.zi-scripts.com https://widget.surveymonkey.com https://ajax.googleapis.com https://anjt6a9l0k.execute-api.us-west-1.amazonaws.com https://app.jazz.co https://cdn.dreamdata.cloud https://cdn.jsdelivr.net https://connect.facebook.net https://diffuser-cdn.app-us1.com https://dyv6f9ner1ir9.cloudfront.net https://embed.typeform.com https://front.optimonk.com https://googleads.g.doubleclick.net https://gs-cdn.optimonk.com https://js.intercomcdn.com https://kit.fontawesome.com https://l0w6hlar9j.execute-api.us-west-1.amazonaws.com https://onsite.optimonk.com https://player.vimeo.com https://prism.app-us1.com https://script.hotjar.com https://sertifi.activehosted.com https://snap.licdn.com https://static.cloudflareinsights.com https://static.hotjar.com https://trackcmp.net https://widget.intercom.io https://www.googleadservices.com https://www.googletagmanager.com https://www.redditstatic.com; style-src 'report-sample' 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://embed.typeform.com https://fonts.bunny.net https://fonts.googleapis.com https://l0w6hlar9j.execute-api.us-west-1.amazonaws.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://ws.zoominfo.com https://js.zi-scripts.com https://api-iam.intercom.io https://api.typeform.com https://cdn-account.optimonk.com https://cdn.dreamdata.cloud https://content.hotjar.io https://front.optimonk.com https://jfapiprod.optimonk.com https://metrics.hotjar.io https://pixel-config.reddit.com https://ka-p.fontawesome.com https://kit.fontawesome.com https://pixel-config.reddit.com https://px.ads.linkedin.com https://www.google-analytics.com https://www.redditstatic.com wss://nexus-websocket-a.intercom.io wss://ws.hotjar.com; font-src 'self' https://fonts.bunny.net https://fonts.gstatic.com https://fonts.intercomcdn.com https://ka-p.fontawesome.com; frame-src 'self' https://www.tfaforms.com https://www.surveymonkey.com https://sertifi818.outgrow.us https://form.typeform.com https://player.vimeo.com https://td.doubleclick.net https://www.youtube.com; img-src 'self' https://testsertifiumbstorage.blob.core.windows.net https://prodsertifiumbstorage.blob.core.windows.net https://prod.smassets.net https://alb.reddit.com https://app.jazz.co https://googleads.g.doubleclick.net https://i.vimeocdn.com https://i.ytimg.com https://js.intercomcdn.com https://px.ads.linkedin.com https://static.intercomassets.com https://ucarecdn.com https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://corp.sertifi.com https://js.intercomcdn.com; worker-src 'none'; 1
frame-ancestors 'self' *.spreadex.com/ 1
default-src 'self' *.twl-kom.de 'unsafe-inline' 'unsafe-eval' data: https: blob: 1
default-src 'self' https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://checkmyfile.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://checkmyfile.zendesk.com wss://*.zopim.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.zendesk.com https://www.clarity.ms https://cdn-cookieyes.com https://alb.reddit.com https://tags.srv.stackadapt.com https://www.facebook.com https://connect.facebook.net https://googleads.g.doubleclick.net https://widget-mediator.zopim.com https://static.zdassets.com https://use.typekit.net https://widget.trustpilot.com https://tp.widget.bootstrap https://seal.digicert.com https://www.googletagmanager.com https://cc-cdn.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://bat.bing.com https://collector-2009.tvsquared.com https://collector-11974.tvsquared.com https://static.tapfiliate.com https://c5.adalyser.com https://log.checkmyfile.com https://www.googleadservices.com https://www.redditstatic.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; img-src 'self' https://checkmyfile.zendesk.com data: https://static.zdassets.com https://*.clarity.ms https://cdn-cookieyes.com https://alb.reddit.com https://tags.srv.stackadapt.com https://www.facebook.com https://connect.facebook.net https://v2assets.zopim.io https://region1.google-analytics.com https://region1.analytics.google.com https://cdn.checkmyfile.com https://checkmyfile.s3-eu-west-1.amazonaws.com https://checkmyfile.s3.amazonaws.com https://seal.digicert.com https://p.typekit.net https://api.mapbox.com https://*.tile.openstreetmap.org https://cracdn.s3-eu-west-1.amazonaws.com https://collector-2009.tvsquared.com https://collector-11974.tvsquared.com https://bat.bing.com https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://c5.adalyser.com https://i.ytimg.com https://log.checkmyfile.com https://*.online-metrix.net https://googleads.g.doubleclick.net https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://alb.reddit.com https://tags.srv.stackadapt.com https://www.facebook.com https://connect.facebook.net https://fonts.googleapis.com https://cc-cdn.com; frame-src https:; connect-src 'self' wss://*.zendesk.com https://*.clarity.ms https://www.redditstatic.com https://conversions-config.reddit.com https://cdn-cookieyes.com https://log.cookieyes.com/ https://directory.cookieyes.com https://tags.srv.stackadapt.com wss://widget-mediator.zopim.com https://checkmyfile.zendesk.com https://ekr.zdassets.com https://static.zdassets.com https://region1.google-analytics.com https://region1.analytics.google.com https://api.craftyclicks.co.uk https://data.police.uk https://www.google-analytics.com https://stats.g.doubleclick.net https://frstre.com https://log.checkmyfile.com ws://127.0.0.1:* https://tapi.tapfiliate.com; frame-ancestors https://*.creditreporting.co.uk https://*.checkmyfile.com; worker-src blob:; media-src 'self' https://static.zdassets.com; 1
'img-src' 'blob' 'default-src' 'self' 'unsafe-inline' 'unsafe-eval' 'blob' blob: http://blog-cms.weddingz.in https://stats.g.doubleclick.net https://securesentry.oyorooms.io https://code.getmdl.io https://assets.pinterest.com https://graph.facebook.com *.s3.amazonaws.com https://api.instagram.com https://api.pinterest.com https://connect.facebook.net *.cloudfront.net https://ds-aksb-a.akamaihd.net *.googleapis.com *.gstatic.com *.criteo.com *.criteo.net https://www.facebook.com https://www.google-analytics.com https://www.google.co.in https://www.google.com https://www.googletagmanager.com https://www.googleadservices.com https://m.weddingz.in https://media.weddingz.in https://js-agent.newrelic.com https://assets.oyoroomscdn.com https://maxcdn.bootstrapcdn.com https://weddingz.in https://www.youtube.com https://tagmanager.google.com *.instagram.com https://instagram *.tile.openstreetmap.org 1
frame-ancestors 'self' https://eluq.fa.us2.oraclecloud.com:443 1
default-src * data: 'unsafe-inline'; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com *.cookielaw.org https://polyfill.io *.addthis.com *.moatads.com *.addthisedge.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://pi.pardot.com https://go.btireland.com https://snap.licdn.com https://dec.azureedge.net; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com *.typekit.net; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com web-chat.nativechat.com https://img.youtube.com/ *.cookielaw.org https://alb.reddit.com/ https://px.ads.linkedin.com/ https://www.google.com https://www.google.es https://www.google.ie https://px4.ads.linkedin.com https://cdn.insight.sitefinity.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net; frame-src 'self' go.btireland.com s7.addthis.com www.google.com *.youtube.com web-chat.nativechat.com; connect-src 'self' accounts.google.com *.gstatic.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.cookielaw.org *.addthis.com *.btireland.com *.doubleclick.net *.onetrust.com *.linkedin.orbi.io *.oribi.io *.analytics.google.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com web-chat.nativechat.com *.addthis.com; form-action 'self' go.btireland.com 1
frame-ancestors https://*.tbank.ru https://*.tinkoff.ru 1
frame-ancestors 'self' *.resulticks.com 1
frame-ancestors https://offers.monlix.com https://freecash.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self'; connect-src 'self'; form-action 'self'; base-uri 'self'; manifest-src 'self' 1
frame-ancestors 'self' https://*.b2clogin.com https://www.lenscrafters.com https://*.lenscrafters.com https://*.lenscrafters.ca https://*.pearlevision.ca https://*.pearlevision.com https://*.examappts.com https://www.targetoptical.com  https://*.luxottica.com https://*.essilorluxottica.com; 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.omtrdc.net *.hsbc.com.cn *.utag *.recaptcha.net *.amap.com *.brightcove.net *.gstatic.cn vjs.zencdn.net players.brightcove.net; img-src 'self' blob: *.hsbc.com.hk *.eum-appdynamics.com *.google.com.hk *.google.com *.google.co.in *.doubleclick.net *.googleapis.com *.facebook.com data: *.gstatic.com *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.demdex.net *.omtrdc.net *.hsbc.com.cn *.boltdns.net *.brightcovecdn.com *.brightcove.com http://127.0.0.1:5000 manifest.prod.boltdns.net *.akamaihd.net brightcove.hs.llnwd.net players.brightcove.net edge.api.brightcove.com vdata.amap.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.recaptcha.net players.brightcove.net; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk *.gstatic.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com; object-src 'self'; upgrade-insecure-requests ; media-src *.boltdns.net *.brightcovecdn.com *.brightcove.com blob: *.akamaihd.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.cf.brightcove.com; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.google-analytics.com *.googletagmanager.com www.gstatic.com siteimproveanalytics.com snap.licdn.com *.googleapis.com https://cdnjs.cloudflare.com https://www.buzzsprout.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://maxcdn.bootstrapcdn.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://maxcdn.bootstrapcdn.com; img-src 'self' data: *.google-analytics.com 29268.global.siteimproveanalytics.io p.adsymptotic.com px.ads.linkedin.com; frame-src 'self' *.google.com *.youtube.com *.vimeo.com https://www.buzzsprout.com; connect-src 'self' *.google-analytics.com analytics.google.com *.doubleclick.net cdn.linkedin.oribi.io; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self' https://*.alixpartners.com;script-src 'self' 'unsafe-inline' https://*.alixpartners.com https://cdn.cookielaw.org https://app-script.monsido.com/v2/monsido-script.js https://heatmaps.monsido.com/v1/heatmaps.js https://clientweb.passle.net/v1/RemoteHostingBundle https://cdn.iframe.ly/embed.js https://boards.greenhouse.io https://api.reciteme.com/asset/js https://reciteme.com/gtm-script.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://public.flourish.studio https://flo.uri.sh https://*.shorthandstories.com https://*.shorthand.com https://tag.demandbase.com https://*.youtube.com https://player.vimeo.com https://d3js.org https://*.ceros.com https://*.facebook.com https://connect.facebook.net https://*.linkedin.com https://*.licdn.com https://ajax.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://*.pardot.com https://*.leadforensics.com https://bat.bing.com/bat.js https://bat.bing.com/p/action/56288996.js https://www.gstatic.com/wcm/loader.js https://www.gstatic.com/call-tracking/call-tracking_9.js https://webeo-web-content.s3-eu-west-1.amazonaws.com/scripts/core.webeo.js;style-src 'self' 'unsafe-inline' https://*.alixpartners.com https://api.reciteme.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com;object-src 'none';base-uri 'self';connect-src 'self' https://*.alixpartners.com https://cdn.cookielaw.org https://heatmaps.monsido.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://www.passle.net https://*.reciteme.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.googleadservices.com/pagead/conversion/728558447/wcm https://www.google.co.uk/pagead/attribution/wcm https://tag-logger.demandbase.com https://api.company-target.com https://segments.company-target.com https://*.ceros.com https://px.ads.linkedin.com https://px.ads.linkedin.com/wa https://px.ads.linkedin.com/attribution_trigger https://*.googleapis.co *.google.com https://*.gstatic.com data: blob: https://bat.bing.com/actionp/0 https://ldynamicspublicapi.leadforensics.com;font-src 'self' data: https://*.alixpartners.com https://api.reciteme.com https://fonts.gstatic.com https://fonts.googleapis.com;frame-src 'self' https://*.alixpartners.com https://clientapi.passle.net https://cdn.iframe.ly https://boards.greenhouse.io https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://bid.g.doubleclick.net https://td.doubleclick.net https://public.flourish.studio https://flo.uri.sh https://*.shorthandstories.com https://*.shorthand.com https://www.podbean.com https://alixpartners.podigee.io https://embed.podigee.com https://player.podigee-cdn.net https://mgpstudiostest.podigee.io https://s.company-target.com https://alixpartners.vuture.net https://www.youtube.com/embed/ https://player.vimeo.com https://*.ceros.com https://webcasts.weforum.org *.google.com https://*.pardot.com https://*.leadforensics.com;img-src 'self' https://*.alixpartners.com https://cdn.cookielaw.org https://tracking.monsido.com https://*.cloudinary.com https://files.passle.net https://images.passle.net https://passle-net.s3.amazonaws.com https://api.reciteme.com www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://www.google.co.uk https://i.ytimg.com/ https://i.vimeocdn.com https://id.rlcdn.com https://*.ceros.com https://*.facebook.com https://*.linkedin.com https://*.licdn.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: https://*.pardot.com https://*.leadforensics.com https://bat.bing.com/action/0;form-action 'self' https://*.alixpartners.com https://boards.greenhouse.io https://*.vuture.net;manifest-src 'self';media-src 'self' https://*.alixpartners.com https://*.cloudinary.com https://api.reciteme.com;worker-src blob:; 1
base-uri 'self'; frame-ancestors 'none'; font-src 'self' data: https://*; img-src 'self' data: https://*;object-src 'none'; script-src 'strict-dynamic' 'self' 'nonce-6b2aac24-c44a-4669-a3af-12a0dde1199f' https://*; upgrade-insecure-requests; block-all-mixed-content; 1
default-src https:; img-src https: data:; object-src 'none'; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; base-uri 'self'; form-action 'self'; worker-src blob: https:; frame-ancestors 'self' 1
default-src 'self' https:; object-src 'self'; font-src 'self' data: https:; img-src 'self' https: data:; script-src 'self' blob: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net viewer.byondxr.com cdn.livechatinc.com mediacdn.espssl.com use.fontawesome.com 'self' data: https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com pal-test.adyen.com www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.adyen.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.ehappify.com www.xtento.com *.vimeo.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com offer.slgnt.us vars.hotjar.com *.pepperjamnetwork.com services.listrak.com *.serverdata.net *.livechatinc.com *.lindtusa.com *.russellstover.com *.ghirardelli.com *.weltpixel.com static.ogmystyle.com static2.ogmystyle.com www.mystyleplatform.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://www.paypalobjects.com https://lindtusa.rlvs.co.uk https://ghirardelli.slgnt.us https://byondxr-viewer.byondxr.com/launcher/1.0.58/package/index.js tinyurl.com/LINDT-LAUNCHER https://optmize.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.cloudfront.net *.amazonaws.com www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net viewer.byondxr.com s3.us-west-2.amazonaws.com showroom-media.byondxr.com media-optimization-service.byondxr.com *.byondxr.com api.official-deals.co.uk api.official-coupons.com *.adsymptotic.com cdn.livechat-files.com cp.official-coupons.com cookie-cdn.cookiepro.com cp.official-deals.co.uk site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com mediacdn.espssl.com *.clarity.ms *.bing.com *.serverdata.net lindtna.test *.lindtna.test *.livechatinc.com mageside.com *.listrakbi.com www.mystyleplatform.com static.mystyleplatform.com static2.mystyleplatform.com static2.ogmystyle.com mystyleplatform.s3.us-west-2.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com 'self' data: https://mediacdn.espssl.com/2824/Shared/Modal/chocolate.png https://www.linkedin.com https://*.linkedin.com/ https://px.ads.linkedin.com https://mcstaging.russellstover.com https://mcstaging.lindtusa.com https://mcstaging.ghirardelli.com https://mcprod.lindtusa.com *.googleadservices.com *.yieldify.com https://www.google-anaytics.com https://www.googletagmanager.com https://optimize.google.com https://cdn.livechat-static.com *.bazaarvoice.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com *.googleapis.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com www.xtento.com cdn.xtento.com *.pcapredict.com lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.ratepay.com *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com byondxr-viewer.byondxr.com web-apps.byondxr.com www.clarity.ms bat.bing.com *.b2c.com bt.fraud0.com container.pepperjam.com www.googleoptimize.com *.hotjar.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com acsbapp.com cdn.noibu.com www.youtube.com *.upsellit.com *.livechatinc.com *.serverdata.net *.tiktok.com *.listrakbi.com *.listrak.com *.mczbf.com mystyleplatform.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com d203yb14zlmxwn.cloudfront.net cdnjs.cloudflare.com cdn.jsdelivr.net use.fontawesome.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.google.com *.gstatic.com https://www.youtube.com https://acsbapp.com/apps/app/dist/js/app.js https://cdn.noibu.com/collect.js https://byondxr-viewer.byondxr.com/launcher/1.0.58/package/index.js tinyurl.com/LINDT-LAUNCHER *.yieldify.com *.fraud0.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com 'unsafe-inline' https://optimize.google.com 'unsafe-inline' https://cdn.attn.tv https://www.lindt-spruengli.com/* https://www.lindt-spruengli.com/media/target/VAPI.min.js https://www.lindt-spruengli.com/media/target/at.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com *.amazonaws.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com cloud.typography.com *.serverdata.net *.myfonts.net *.russellstover.com *.listrakbi.com *.listrak.com use.fontawesome.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com unsafe-inline assets.braintreegateway.com tagmanager.google.com *.gstatic.com https://cloud.typography.com https://byondxr-viewer.byondxr.com/launcher/1.0.58/package/index.js 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline' cookie-cdn.cookiepro.com https://cookie-cdn.cookiepro.com https://cdn.cookiepro.com/scripttemplates/*/assets 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.serverdata.net *.livechatinc.com *.listrakbi.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.adyen.com *.googleapis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv *.byondxr.com api.byondxr.com s3.us-west-2.amazonaws.com www.sjwoe.com input.noibu.com wss://input.noibu.com/pv_part in.hotjar.com www.facebook.com *.b2c.com bt.fraud0.com *.revlifter.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us s.pinimg.com snap.licdn.com *.acsbapp.com cdn.noibu.com https://maps.googleapis.com *.clarity.ms *.facebook.com *.serverdata.net *.livechatinc.com api.addressy.com *.listrakbi.com *.mczbf.com *.tiktok.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com t.elasticsuite.io *.google-analytics.com https://vc.hotjar.io https://cdn.linkedin.oribi.io https://byondxr-viewer.byondxr.com/launcher/1.0.58/package/index.js *.fraud0.com *.lindtusa.com *.yieldify.com https://content.hotjar.io wss://ws.hotjar.com https://metrics.hotjar.io https://lindt-us.attn.tv https://events.attentivemobile.com lindt.attn.tv cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://bat.bing.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.byondxr.com *.googleapis.com https://viewer.byondxr.com https://web-apps.byondxr.com https://app.byondxr.com https://byondxr-viewer.byondxr.com https://app.byondvr.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'nonce-1ZuHpnZ6ykKhmVh3c0P7/g==' 'self' 'unsafe-inline' 'unsafe-eval' https://*.askallegiance.com https://html5shiv.googlecode.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://widgets.omnilert.net 1
default-src 'self' 'unsafe-eval' ws:; frame-src 'self' https://quote-request.mymsc.com/ https://notifications.mymsc.com https://identityserver.msc.com https://mscciam.b2clogin.com https://ddp-portal-prod.mymsc.com/ https://mvp-portal-prod.mymsc.com/ *.googleadservices.com  *.googletagmanager.com  *.googletagservices.com  *.googlesyndication.com  *.google-analytics.com  *.googleapis.com  *.ggpht.com  *.google.com  *.google.co.uk  *.gstatic.com  *.doubleclick.net *.hotjar.com csxd.contentsquare.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' t.contentsquare.net app.contentsquare.com; script-src-elem 'self' blob: 'unsafe-inline' https://t.contentsquare.net https://app.contentsquare.com https://www.clarity.ms https://www.googletagmanager.com  https://js.monitor.azure.com https://go.microsoft.com  https://www.google-analytics.com  https://s.go-mpulse.net https://s.yimg.jp https://dev.virtualearth.net https://t.ssl.ak.dynamic.tiles.virtualearth.net https://notifications.mymsc.com https://cdn.cookielaw.org https://services.mymsc.com https://www.clarity.ms  *.googleadservices.com  *.googletagmanager.com  *.googletagservices.com  *.googlesyndication.com  *.google-analytics.com  *.googleapis.com  *.ggpht.com  *.google.com  *.google.co.uk  *.gstatic.com  *.doubleclick.net *.bing.com *.hotjar.com; img-src * 'self' data: https: content: *.contentsquare.net;  style-src * 'self' 'unsafe-inline';  media-src * blob:;  object-src 'self'; worker-src 'self' blob: data:; font-src 'self' https: data:;   connect-src 'self' https:  https://notifications.mymsc.com wss: *.contentsquare.net; child-src blob:;  frame-ancestors 'self';  base-uri 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.books24x7.com *.skillport.com *.skillsoft.com *.twitter.com skillsoft.d2cdn.net blob: data: res:                                                   ;style-src 'self' 'unsafe-inline' *.books24x7.com *.skillport.com *.skillsoft.com *.twitter.com *.fonts.googleapis.com                                                   ;media-src  'self' *.books24x7.com *.skillport.com *.skillsoft.com *.itpolecat.com blob:                                                   ;frame-src 'self' *.books24x7.com *.skillport.com *.skillsoft.com *.twitter.com data:                                                   ;connect-src 'self' *.books24x7.com *.skillport.com *.skillsoft.com data: *.twitter.com skillsoft.d2cdn.net 1
upgrade-insecure-requests; base-uri 'none'; object-src 'none'; img-src data: https:; frame-src https:; style-src 'self' 'unsafe-inline'; script-src 'self' 'nonce-vM5DXc4hwBzTH-8FEsaA___GbFQ'; default-src 'self'; frame-ancestors 'self' 1
frame-ancestors 'self' http://hs.bx-smart-kiosk.com http://local-hfsol.hanssem.com:3010 https://pj-hfsol.hanssem.com https://dev-hfsol.hanssem.com https://qa-hfsol.hanssem.com https://stg-hfsol.hanssem.com https://hfsol.hanssem.com 1
frame-ancestors 'self' *.freshthyme.com 1
frame-src 'self' *.facebook.com *.owneriq.net *.marchex.io *.doubleclick.net *.googletagmanager.com *.youtube.com *.midas.com *.bazaarvoice.com *.comenity.net *.google.com *.jotform.com *.jotform.io *.stripe.com *.tealiumiq.com wsv3cdn.audioeye.com ct.pinterest.com *.optimizely.com *.adsrvr.org *.cloudflare.com m.me *.rfihub.com intent:; frame-ancestors 'self' *.facebook.com  *.owneriq.net *.marchex.io *.doubleclick.net *.googletagmanager.com *.youtube.com  *.midas.com *.bazaarvoice.com  *.comenity.net *.google.com *.jotform.com *.jotform.io *.stripe.com *.tealiumiq.com wsv3cdn.audioeye.com ct.pinterest.com *.optimizely.com *.adsrvr.org *.cloudflare.com m.me *.rfihub.com intent: 1
img-src *; frame-ancestors 'self' *.cayuse.com http://cayuse.lookbookhq.com https://cayuse.lookbookhq.com http://cayuse.pathfactory.com https://cayuse.pathfactory.com  1
frame-ancestors *.embroiderydesigns.com; 1
default-src https://fonts.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://cdn.bnamed.net https://www.bnamed.net https://www.googletagmanager.com/ https://www.google-analytics.com/ www.google.com connect.facebook.net www.facebook.com ws://www.bnamed.net wss://www.bnamed.net 'self';script-src 'nonce-OTk1Nzg2MDQyNTQ3Njgy' 'sha256-uQyoKR3lBoDKU5iLg9zKfBYNrpUw6f/mybOTAsyvaZI=' 'sha256-Sr+FfLApO55KEHUmp1pCdAfP+DIUvDvWeljNRs5Ts4k=' 'sha256-Sr+FfLApO55KEHUmp1pCdAfP+DIUvDvWeljNRs5Ts4k=' https://tagmanager.google.com https://cdn.bnamed.net https://www.bnamed.net https://www.googletagmanager.com/ https://www.google-analytics.com/ www.google.com connect.facebook.net www.facebook.com www.gstatic.com ws://www.bnamed.net wss://www.bnamed.net 'self'; style-src https://tagmanager.google.com https://fonts.googleapis.com https://cdn.bnamed.net https://www.bnamed.net 'self' 'unsafe-inline'; object-src 'none';report-uri /reportURI 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-OGY5NWEzMzU3OWFlNDkzZDljZmQ5MGY4NzhmOTJhM2U=' https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.cultureelerfgoed.nl; font-src 'self' https://statistiek.rijksoverheid.nl; object-src 'none'; connect-src https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.cultureelerfgoed.nl; img-src 'self' data: https://d3oiud1b8fohdw.cloudfront.net https://statistiek.rijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.toegankelijkheidsverklaring.nl; media-src 'self' https://*.rovid.nl https://*.rijksoverheidsvideo.nl; form-action 'self' https://export.highcharts.com https://*.contenttoolsrijksoverheid.nl https://*.cultureelerfgoed.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
base-uri 'self';connect-src 'self' wss: *.oribi.com *.adnxs.com *.google.com *.bing.com *.visualwebsiteoptimizer.com *.metarouter.io *.6sc.co *.addthis.com *.clarity.ms *.doubleclick.net *.stackadapt.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.oribi.io *.popupsmart.com *.sharethis.com *.intercom.io wss://*.intercom.io *.intercomcdn.com *.intercomcdn.eu *.intercomusercontent.com;default-src 'self';font-src 'self' data: fonts.gstatic.com *.intercomcdn.com;frame-src 'self' *.twitter.com *.surveymonkey.com *.doubleclick.net *.learninga-z.com *.vimeo.com *.addthis.com *.facebook.com *.youtube.com *.wistia.net *.google.com *.getreprise.com *.intercom-sheets.com *.intercom-reporting.com;img-src 'self' blob: data: *.adsymptotic.com *.trinity.one *.vimeocdn.com *.pinterest.com *.twitter.com *.6sc.co *.bing.com *.visualwebsiteoptimizer.com *.linkedin.com *.googleapis.com *.facebook.com *.google-analytics.com *.google.com *.googletagmanager.com www.foundationsa-z.com *.popupsmart.com *.sharethis.com *.clarity.ms *.intercomcdn.com *.intercomcdn.eu *.intercomassets.com *.intercomassets.eu *.intercomusercontent.com *.intercom.io *.intercom-attachments-1.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com *.intercom-attachments.eu *.intercom-attachments.com;media-src 'self' *.intercomcdn.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.popupsmart.com *.twitter.com *.pinterest.com *.surveymonkey.com *.googleapis.com *.bing.com *.metarouter.io *.facebook.net *.visualwebsiteoptimizer.com *.learninga-z.com *.vimeocdn.com *.doubleclick.net *.6sc.co *.addthis.com snap.licdn.com *.stackadapt.com *.addthisedge.com *.clarity.ms *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.moatads.com qvdt3feo.com *.sharethis.com *.intercom.io *.intercomcdn.com *.convertexperiments.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.stackadapt.com *.popupsmart.com;worker-src blob: *.intercom-sheets.com *.intercom-reporting.com *.youtube.com *.vimeo.com *.wistia.net; 1
frame-ancestors https://tongji.baidu.com 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io *.contentful.com bid.g.doubleclick.net *.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net https://*.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net *.contentful.com 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com images.ctfassets.net https://cdn.jsdelivr.net https://unpkg.com/@rive-app/canvas@2.10.1/rive.wasm *.litix.io https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com https://*.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' 'sha256-cc60iDuEUKTNkKYpz2vlEgGOssRRzDfo9rv0YBux2ak=' https://app.getreprise.com *.litix.io *.contentful.com https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com 'strict-dynamic' 'nonce-MjhjN2E1NTMtNDExNC00OTg3LTg1OGQtMWYzMTE5ZTU4OWM5'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.octapharma.com https://app.storyblok.com; 1
unsafe-inline; 1
default-src *; script-src * 'unsafe-eval' 'unsafe-inline' data: 'self'; style-src * 'unsafe-inline' 'self'; img-src * data:; font-src * data:; connect-src *; object-src *; frame-ancestors 'self' https://*.crawford.com https://crawford.com https://*.crawco.com https://crawco.com https://*.crawfordandcompany.com https://crawfordandcompany.com https://*.onelink-translations.com; style-src-attr 'unsafe-inline'; style-src-elem * 'unsafe-inline'; script-src-elem * 'unsafe-inline'; report-uri https://bc18f182517eba201a0bfbb26a2a463a.report-uri.com/r/d/csp/wizard 1
default-src 'self' cdn.jsdelivr.net jsdelivr.net c.disquscdn.com disqus.com; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' disqus.com c.disquscdn.com https://*.clarity.ms https://c.bing.com highwaysagency.disqus.com emea3.recruitmentplatform.com s.ytimg.com www.youtube.com maps.googleapis.com unpkg.com apis.google.com www.google-analytics.com widgets.flickr.com wsstatic.govmetric.com www.gstatic.com cdn.syndication.twimg.com platform.twitter.com embedr.flickr.com www.google.com www.googletagmanager.com wsstatic.servmetric.com ajax.aspnetcdn.com cc.cdn.civiccomputing.com cdnjs.cloudflare.com code.jquery.com connect.facebook.net hitcounter.govmetric.com cdn.jsdelivr.net jsdelivr.net websurveys2.govmetric.com websurveys2.servmetric.com www.browsealoud.com; style-src 'unsafe-inline' 'report-sample' 'self' cdn.jsdelivr.net jsdelivr.net c.disquscdn.com emea3.recruitmentplatform.com fonts.googleapis.com fonts.gstatic.com www.googletagmanager.com unpkg.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com ton.twimg.com platform.twitter.com p.typekit.net use.typekit.net websurveys2.govmetric.com websurveys2.servmetric.com; object-src 'none'; base-uri 'self'; connect-src 'self' noembed.com https://*.clarity.ms https://c.bing.com region1.google-analytics.com maps.googleapis.com clapi.civiccomputing.com hitcounter.govmetric.com stats.g.doubleclick.net www.google-analytics.com emea3.recruitmentplatform.com plusqa.browsealoud.com www.browsealoud.com speech.speechstream.net embedr.flickr.com apikeys.civiccomputing.com plus.browsealoud.com; font-src 'self' emea3.recruitmentplatform.com fonts.gstatic.com cdnjs.cloudflare.com use.typekit.net; frame-src 'self' podcasters.spotify.com web.powerva.microsoft.com anchor.fm app.powerbi.com content.googleapis.com www.arcgis.com *.arcgis.com arcgis.com disqus.com websurveys2.govmetric.com w.soundcloud.com www.google.com syndication.twitter.com platform.twitter.com www.facebook.com www.youtube.com; img-src data: 'self' *.youtube.com img.youtube.com fonts.gstatic.com c.disquscdn.com referrer.disqus.com www.googletagmanager.com emea3.recruitmentplatform.com maps.gstatic.com maps.googleapis.com websurveys2.servmetric.com www.browsealoud.com stats.g.doubleclick.net abs.twimg.com www.google-analytics.com ton.twimg.com pbs.twimg.com platform.twitter.com syndication.twitter.com live.staticflickr.com i.ytimg.com websurveys2.govmetric.com; manifest-src 'self'; media-src 'self' blob: ; worker-src 'none'; 1
frame-ancestors 'self' chimpstatic.com *.us9.list-manage.com *.us21.list-manage.com lets.shop cdn.arcgis.com *.mailchimp.com fastfinch.co analytics.tiktok.com *.zespri.us18.list-manage.com shop.basketful.co bid.g.doubleclick.net *.js.arcgis.com js.arcgis.com optimize.google.com *.onetrust.com *.juicer.io destinilocators.com *.destinilocators.com api.destinilocators.com, img-src 'self' chimpstatic.com *.bing.com mcusercontent.com *.lets.shop *.cdn.arcgis.com lets.shop cdn.arcgis.com *.us9.list-manage.com analytics.tiktok.com *.us21.list-manage.com *.zespri.us18.list-manage.com *.mailchimp.com fastfinch.co images.basketful.co *.js.arcgis.com js.arcgis.com destinilocators.com *.destinilocators.com api.destinilocators.com *.juicer.io shop.basketful.co insight.adsrvr.org us-gmtdmp.mookie1.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.co.in www.google-analytics.com optimize.google.com *.onetrust.com googleads.g.doubleclick.net www.google.com www.google.be www.kwpsurveys.com *.cdninstagram.com  *.typesquare.com t.teads.tv ct.pinterest.com ad.ipredictive.com www.facebook.com consumer.krxd.net apps.jobadder.com www.zespri.eu zespri.com.isgoingto.be cm.teads.tv www.google.co.id images.ctfassets.net cdnjs.cloudflare.com *.destinilocators.com bat.bing.com *.ytimg.com *.zemanta.com *.clarity.ms data:, form-action 'self' chimpstatic.com *.facebook.com *.us9.list-manage.com *.us21.list-manage.com lets.shop cdn.arcgis.com *.mailchimp.com analytics.tiktok.com *.zespri.us18.list-manage.com fastfinch.co *.juicer.io *.js.arcgis.com js.arcgis.com destinilocators.com *.destinilocators.com api.destinilocators.com, font-src 'self' chimpstatic.com *.us9.list-manage.com *.us21.list-manage.com *.mailchimp.com *.lets.shop *.cdn.arcgis.com lets.shop analytics.tiktok.com cdn.arcgis.com fastfinch.co *.zespri.us18.list-manage.com shop.basketful.co *.js.arcgis.com js.arcgis.com *.juicer.io destinilocators.com *.destinilocators.com api.destinilocators.com ka-f.fontawesome.com fonts.gstatic.com use.fontawesome.com *.typesquare.com www.zespri.eu fonts.gstatic.com zespri.com.isgoingto.be *.destinilocators.com *.onetrust.com destinilocators.com data:, object-src 'self' chimpstatic.com *.us9.list-manage.com *.us21.list-manage.com *.mailchimp.com fastfinch.co *.zespri.us18.list-manage.com analytics.tiktok.com lets.shop cdn.arcgis.com *.juicer.io *.js.arcgis.com js.arcgis.com destinilocators.com *.destinilocators.com api.destinilocators.com, style-src 'self' 'unsafe-inline' chimpstatic.com *.us9.list-manage.com *.us21.list-manage.com *.lets.shop *.cdn.arcgis.com lets.shop analytics.tiktok.com cdn.arcgis.com *.mailchimp.com *.zespri.us18.list-manage.com fastfinch.co *.js.arcgis.com js.arcgis.com destinilocators.com *.destinilocators.com api.destinilocators.com shop.basketful.co unpkg.com tagmanager.google.com fonts.googleapis.com www.zespri.eu zespri.com.isgoingto.be use.fontawesome.com *.destinilocators.com destinilocators.com bat.bing.com optimize.google.com *.onetrust.com fonts.googleapis.com *.juicer.io, script-src 'self' 'unsafe-inline' 'unsafe-eval' chimpstatic.com *.us9.list-manage.com *.us21.list-manage.com *.lets.shop *.cdn.arcgis.com analytics.tiktok.com lets.shop cdn.arcgis.com *.zespri.us18.list-manage.com *.mailchimp.com *.js.arcgis.com js.arcgis.com fastfinch.co *.juicer.io js.adsrvr.org cdn-akamai.mookie1.com insight.adsrvr.org us-gmtdmp.mookie1.com widget.taggbox.com kit.fontawesome.com unpkg.com  shop.basketful.co cdn.jsdelivr.net typesquare.com cdn.krxd.net www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.google.co.in www.googleadservices.com www.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com *.onetrust.com www.kwpsurveys.com p.teads.tv *.cdninstagram.com www.facebook.com connect.facebook.net s.pinimg.com t.teads.tv ct.pinterest.com beacon.krxd.net consumer.krxd.net apps.jobadder.com ajax.googleapis.com www.zespri.eu zespri.com.isgoingto.be cm.teads.tv www.google.co.id recaptcha.net destinilocators.com *.destinilocators.com api.destinilocators.com stackpath.bootstrapcdn.com *.arcgis.com fonts.gstatic.com www.gstatic.com lets.shop destini.co s3.amazonaws.com use.fontawesome.com pw.qpleshq.com us-central1-zespri-2020.cloudfunctions.net www.shareasungold.zespristore.com irxcm.com api2.autopilothq.com googleads.g.doubleclick.net bat.bing.com rec.smartlook.com *.clarity.ms *.youtube.com blob: 1
default-src 'self' ; style-src 'unsafe-inline' 'self' fonts.googleapis.com; frame-ancestors 'self' https://*.rtr.at; font-src 'self' fonts.gstatic.com; img-src 'self' https://*.rtr.at data: https://*.ytimg.com https://piwik.rtr.at; media-src 'self' https://*.rtr.at; worker-src blob: 'self'; frame-src data: blob: https://*.rtr.at https://egov.rtr.gv.at https://127.0.0.1:* https://eid.oesterreich.gv.at https://player.vimeo.com https://www.youtube-nocookie.com https://www.youtube.com https://app.23degrees.io https://chat.rtcnow.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.23degrees.io https://piwik.rtr.at https://info.rtr.at https://cdn.jsdelivr.net; connect-src 'self' https://info.rtr.at https://info.rtr.at https://api.friendlycaptcha.com https://eu-api.friendlycaptcha.eu 1
frame-ancestors 'self' kiosk.bluegreenowner.com 1
default-src 'none'; script-src 'nonce-Mjk5NzE3MTg1MCwyMTUwMzI0OTQ2' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https://*.readspeaker.com https://fonts.googleapis.com https://tags.srv.stackadapt.com https://cdn.jsdelivr.net https://*.taggbox.com https://*.tagbox.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://*.paa-reporting-advertising.amazon https://*.amazon-adsystem.com https://*.taggbox.com https://*.googlesyndication.com https://www.facebook.com/tr/ https://analytics.umassglobal.edu https://trk.prod.allstardirectories.com https://privacyportal-eu.onetrust.com https://app.optimalworkshop.com https://maps.googleapis.com https://*.clarity.ms/collect https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.umassglobal.edu/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://analytics.google.com https://bat.bing.com https://cdn.cookielaw.org https://k.clarity.ms https://ka-f.fontawesome.com https://obs.segreencolumn.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://tags.srv.stackadapt.com https://www.google-analytics.com https://www.google.com https://www.googleapis.com; font-src 'self' https://*.ivy.ai https://*.tagbox.com https://cdn.jsdelivr.net https://fonts.gstatic.com https://ka-f.fontawesome.com; frame-src 'self' https://*.42chat.com/ https://*.ivy.ai https://*.amazon-adsystem.com https://www.qzzr.com https://www.riddle.com https://platform.twitter.com https://www.google.com https://www.youtube.com https://js.driftt.com https://*.fls.doubleclick.net https://td.doubleclick.net https://www.facebook.com https://www.google.com; img-src 'self' https://ad.ipredictive.com https://*.yextevents.com https://*.licdn.com https://ui-avatars.com https://*.taggbox.com https://*.tagbox.com https://*.ytimg.com https://cdn.cookielaw.org https://*.googlesyndication.com https://*.ivy-cdn.com https://realtimeanalytics.yext.com https://matching.platform.ue.co https://www.linkedin.com https://px4.ads.linkedin.com https://obs.segreencolumn.com https://c.bing.com/c.gif https://c.clarity.ms/c.gif https://googleads.g.doubleclick.net https://www.google.com https://google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.global.siteimproveanalytics.io https://ad.doubleclick.net https://bat.bing.com https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://tags.srv.stackadapt.com https://umg-gtm-monitor-2lilwpfr.uc.gateway.dev https://www.facebook.com https://*.google.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat data:; manifest-src 'self'; media-src 'self' 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.complianceweek.com; 1
default-src 'self' mark43.com www.mark43.com bugcrowd.com assets.bugcrowdusercontent.com stats.g.doubleclick.net track.hubspot.com perf.hsforms.com forms-na1.hsforms.com gstatic.com www.gstatic.com api.hubapi.com forms.hubspot.com hubspot.com js.hs-banner.com js.hscollectedforms.net js.hsadspixel.net js.hs-analytics.net api.livechatinc.com secure.livechatinc.com google.com www.google.com google.ro www.google.ro www.google-analytics.com google-analytics.com googletagmanager.com www.googletagmanager.com googleads.g.doubleclick.net js.hs-scripts.com cdn.livechatinc.com boards.greenhouse.io boards-api.greenhouse.io hubspot-forms-static-embed.s3.amazonaws.com forms.hsforms.com js.hsforms.net devmatroid.wpengine.com devmatroid.wpengine.com cdnjs.cloudflare.com unpkg.com secure.gravatar.com fonts.googleapis.com fonts.gstatic.com browser.sentry-cdn.com app.hubspot.com huemor.rocks www.google.com.ph www.google.com forms.hscollectedforms.net  static.hsappstatic.net www.youtube.com analytics.google.com  *.vimeo.com *.osano.com consent.api.osano.com tattle.api.osano.com cmp.osano.com disclosure.api.osano.com 'unsafe-inline' 'unsafe-eval' data: blob: ; frame-ancestors 'self'; 1
img-src *.ead.br data: 'self'; object-src 'self'; script-src 'self'  'report-sample'  'unsafe-inline'  'unsafe-eval' https://cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js static.cloudflareinsights.com https://www.google.com/recaptcha/api.js www.gstatic.com static.cloudflareinsights.com https://static.zenvia.com/embed/js/zenvia-chat.min.js 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://forum.kicad.info/logs/ https://forum.kicad.info/sidekiq/ https://forum.kicad.info/mini-profiler-resources/ https://forum.kicad.info/assets/ https://forum.kicad.info/brotli_asset/ https://forum.kicad.info/extra-locales/ https://forum.kicad.info/highlight-js/ https://forum.kicad.info/javascripts/ https://forum.kicad.info/plugins/ https://forum.kicad.info/theme-javascripts/ https://forum.kicad.info/svg-sprite/ https://www.google-analytics.com/analytics.js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0='; worker-src 'self' https://forum.kicad.info/assets/ https://forum.kicad.info/brotli_asset/ https://forum.kicad.info/javascripts/ https://forum.kicad.info/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
font-src *.googleapis.com https://www.gstatic.com *.fontawesome.com https://fonts.gstatic.com https://live.icecat.biz https://locator.uberall.com data: https://googletagmanager.com https://tagmanager.google.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://interface.mailcampaigns.nl/ https://www.mollie.com/ https://bancontact.girogate.be/ 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com https://view.publitas.com https://www.kiyoh.com http://www.kiyoh.com https://www.google.com https://dashboard.trustprofile.com/ https://trafic-career.talent-soft.com/ https://trafic.talent-soft.com/ http://www.trafic.com/ http://trafic.com/ https://s3-eu-west-1.amazonaws.com/ https://td.doubleclick.net https://google-analytics.com https://objects.icecat.biz/ *.trustpilot.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com http://amcglobal.sc.omtrdc.net/ dpm.demdex.net http://cm.everesttech.net/ *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com https://*.amazonaws.com https://*.mapbox.com https://*.uberall.com blob: https://td.doubleclick.net https://a5.behance.net/ http://admin.fun.be/ http://www.fun.be/ http://fun.be/ https://admin.fun.be/ https://www.fun.be/ https://fun.be/ http://www.trafic.com/ http://trafic.com/ https://www.trafic.com/ https://trafic.com/ http://www.zwembadstore.be/ http://zwembadstore.be/ https://www.zwembadstore.be/ https://zwembadstore.be/ http://www.tuinhuisstore.be/ http://tuinhuisstore.be/ https://www.tuinhuisstore.be/ https://tuinhuisstore.be/ https://magentoadmin.trafic.com http://pimadmin.trafic.com/ https://pimadmin.trafic.com/ http://catalogmedia.trafic.com/ https://catalogmedia.trafic.com/ http://admin.fun.docker/ http://www.fun.docker/ http://fun.docker/ https://admin.fun.docker/ https://www.fun.docker/ https://fun.docker/ http://www.trafic.docker/ http://trafic.docker/ https://www.trafic.docker/ https://trafic.docker/ http://www.zwembadstore.docker/ http://zwembadstore.docker/ https://www.zwembadstore.docker/ https://zwembadstore.docker/ http://www.tuinhuisstore.docker/ http://tuinhuisstore.docker/ https://www.tuinhuisstore.docker/ https://tuinhuisstore.docker/ http://admin.fun.test/ http://www.fun.test/ http://fun.test/ https://admin.fun.test/ https://www.fun.test/ https://fun.test/ http://www.trafic.test/ http://trafic.test/ https://www.trafic.test/ https://trafic.test/ http://www.zwembadstore.test/ http://zwembadstore.test/ https://www.zwembadstore.test/ https://zwembadstore.test/ http://www.tuinhuisstore.test/ http://tuinhuisstore.test/ https://www.tuinhuisstore.test/ https://tuinhuisstore.test/ maps.gstatic.com maps.googleapis.com https://www.google.be/ https://funtrafic.imgix.net/ http://funtrafic.imgix.net/ https://lqip-funtrafic.imgix.net/ http://lqip-funtrafic.imgix.net/ https://story.icecat.biz https://funtrafic-large.imgix.net/media/ https://funtrafic-thumb.imgix.net/media/ https://pdpthumb-funtrafic.imgix.net https://pdplarge-funtrafic.imgix.net https://pdpfull-funtrafic.imgix.net https://content.fun.be https://adservice.google.com https://region1.analytics.google.com https://googletagmanager.com https://tagmanager.google.com https://bat.bing.com  https://pagead2.googlesyndication.com https://google-analytics.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com https://www.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com https://locator.uberall.com https://*.mapbox.com https://view.publitas.com https://www.google.com/recaptcha/ maps.googleapis.com https://live.icecat.biz https://pet.icecat.biz https://icecat.biz/stats/scripts/track-story2.js https://bat.bing.com  https://js-agent.newrelic.com https://googletagmanager.com https://tagmanager.google.com https://td.doubleclick.net https://google-analytics.com *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.googleapis.com https://*.icecat.biz blob: https://googletagmanager.com https://tagmanager.google.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://dpm.demdex.net/ https://icecat.biz https://pet.icecat.biz https://locator.uberall.com https://*.mapbox.com https://live.icecat.biz https://magentoadmin.trafic.docker https://adservice.google.com https://region1.analytics.google.com https://www.google.com https://www.google.be https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://td.doubleclick.net https://google-analytics.com  https://pagead2.googlesyndication.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri http://admin.fun.be/ http://www.fun.be/ http://fun.be/ https://admin.fun.be/ https://www.fun.be/ https://fun.be/ http://admin.fun.docker/ http://www.fun.docker/ http://fun.docker/ https://admin.fun.docker/ https://www.fun.docker/ https://fun.docker/ http://admin.fun.test/ http://www.fun.test/ http://fun.test/ https://admin.fun.test/ https://www.fun.test/ https://fun.test/ http://magentoadmin.trafic.com/ 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https:; default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: 1
default-src 'none'; script-src 'self' *.2o7.net *.omtrdc.net *.techem.com *.scene7.com *.cookiebot.com *.marketo.net *.adition.com *.google.com assets.adobedtm.com connect.facebook.net snap.licdn.com *.google-analytics.com googleads.g.doubleclick.net www.googletagmanager.com www.googleadservices.com https://*.demdex.net https://*.youtube.com https://*.marketo.com https://cm.everesttech.net https://static.widget.trengo.eu https://stats.pusher.com https://assets.sitescdn.net https://assets.eu.sitescdn.net https://answers-embed.techem.de.pagescdn.com https://answers-embed.techem.de.eu.pagescdn.com https://widget.trustpilot.com https://cdn.mouseflow.com https://bat.bing.com https://documentservices.adobe.com https://acrobatservices.adobe.com https://api.staging.pso-empfehlen.dev https://api.pso-empfehlen.net https://techem-empfehlen.de https://www.techem-empfehlen.de https://pso-empfehlen.staging.pso-vertrieb.de https://empfehlen-admin.pso-vertrieb.de https://*.etracker.com https://*.etracker.de blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.2o7.net *.omtrdc.net *.scene7.com *.techem.com https://*.marketo.com https://www.gstatic.com https://assets.sitescdn.net https://assets.eu.sitescdn.net; font-src 'self' *.2o7.net *.omtrdc.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data:; img-src 'self' *.2o7.net *.omtrdc.net blob: data: https: *.adspirit.de; frame-src  'self' *.2o7.net *.omtrdc.net *.cookiebot.com *.techem.com *.youtube.com *.yextpages.net *.marketo.com *.facebook.com https://*.demdex.net bid.g.doubleclick.net techem.prospective.de answers-embed.techem.de.pagescdn.com answers-embed.techem.de.eu.pagescdn.com https://widget.trustpilot.com https://documentservices.adobe.com https://acrobatservices.adobe.com blob:; manifest-src 'self'; connect-src 'self' *.2o7.net *.omtrdc.net *.techem.com *.scene7.com *.google.com *.facebook.com *.pusher.com *.friendlycaptcha.com *.mktoutil.com googleads.g.doubleclick.net https://cm.everesttech.net https://assets.adobedtm.com https://*.demdex.net https://*.mktoresp.com https://*.cookiebot.com https://*.trengo.eu https://*.amazonaws.com https://*.westeurope.logic.azure.com https://*.yext.com https://answers.yext-pixel.com https://cdn.linkedin.oribi.io https://o2.mouseflow.com https://px.ads.linkedin.com https://analytics.techem.de https://www.eu.yextevents.com https://prod-cdn.eu.yextapis.com https://viewlicense.adobe.io/viewsdklicense/jwt https://*.etracker.de https://techem-empfehlen.de https://www.techem-empfehlen.de; media-src 'self' https://static.widget.trengo.eu https://*.scene7.com blob:; frame-ancestors 'self' https://techem.events.rooom.com https://www.rooom.com https://*.etracker.com *.edge.agora.io:6443 *.edge.agora.io:9591 *.edge.agora.io:9593 *.edge.sd-rtn.com:6443 *.edge.sd-rtn.com:9591 *.edge.sd-rtn.com:9593 webcollector-rtm.agora.io:6443 webcollector-rtm.agora.io:9591 webcollector-rtm.agora.io:9593 ; 1
frame-ancestors 'self' *.nike.com.cn *.nikecloud.com.cn 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ams-stage.itchotels.com https://www.googletagmanager.com https://connect.facebook.net *.triptease.io https://script.hotjar.com https://static.hotjar.com https://assets.adobedtm.com https://www.google.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.gstatic.com https://dynamic.criteo.com https://itclimited.sc.omtrdc.net https://sslwidget.criteo.com https://www.youtube.com https://www.jscache.com https://www.tripadvisor.com https://www.tripadvisor.in https://static.tacdn.com; frame-ancestors 'self' https://www.itchotels.com 1
default-src 'self' *.autofactpro.com *.autofact.cl *.autofact.mx *.autofact.pe *.autofact.com.co *.googleapis.com *.ingest.sentry.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' d3js.org d2yyd1h5u9mauk.cloudfront.net *.hotjar.com bat.bing.com www.googleoptimize.com optimize.google.com analytics.google.com user-event-tracker.crazyegg.com browser.sentry-cdn.com optimize.google.com analytics.google.com apis.google.com script.crazyegg.com cdn.ampproject.org *.pagoefectivo.pe pagoefectivo.pe *.sii.cl tagmanager.google.com *.autofactpro.com *.autofact.cl www.google.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net ajax.googleapis.com www.gstatic.com www.youtube.com www.youtube-nocookie.com s.ytimg.com connect.facebook.net *.bootstrapcdn.com *.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net cdn.optimizely.com cdn.carbonads.com dnn506yrbagrg.cloudfront.net static.zdassets.com *.culqi.com blob: embed.typeform.com *.sibautomation.com sibautomation.com *.ingest.sentry.io analytics.tiktok.com; connect-src 'self' *.delighted.com *.hotjar.com:* *.hotjar.io:* wss://*.hotjar.com sentry.io *.google.cl 54.242.242.218 *.ampproject.org *.ampproject.net *.autofactpro.com *.autofact.com *.autofact.cl *.autofact.com.co *.autofact.com.mx *.autofact.pe *.autofact.cr *.autofact.com.ar *.g.doubleclick.net cdn.ampproject.org www.googletagmanager.com stats.g.doubleclick.net connect.facebook.net ekr.zdassets.com autofact.zendesk.com plugin.autentia.mb:7777 *.googleapis.com *.ytimg.com *.google.com *.bootstrapcdn.com thrk5e664g.execute-api.us-east-1.amazonaws.com wpoxlbs3w6.execute-api.us-east-1.amazonaws.com *.google-analytics.com ofbern64r9.execute-api.us-east-1.amazonaws.com *.api.retail.autofact.com dnn506yrbagrg.cloudfront.net m21ndjph2i.execute-api.us-east-1.amazonaws.com q6x8glddsl.execute-api.us-east-1.amazonaws.com www.googleadservices.com *.bing.com *.fontawesome.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.facebook.net *.doubleclick.net *.sendinblue.com 7ep5bxwwl6.execute-api.us-east-1.amazonaws.com *.brevo.com *.ingest.sentry.io transferencia-api-contract-creator-service.retail.qa.autofact.app transferencia-api-contract-creator-service.retail.production.autofact.app transferencia-api-contract-creator-service.retail.staging.autofact.app analytics.tiktok.com; img-src 'self' script.hotjar.com bat.bing.com cdnjs.cloudflare.com img.youtube.com csi.gstatic.com *.gstatic.com *.autofactpro.com *.autofactpro.cl *.autofact.cl *.autofact.qa www.google.com www.google.cl www.googleadservices.com www.googletagmanager.com img.youtube.com i.ytimg.com stats.g.doubleclick.net www.facebook.com disqus.com *.disquscdn.com *.g.doubleclick.net https://static.retail.autofact.cl www.google-analytics.com data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' d3js.org optimize.google.com analytics.google.com tagmanager.google.com *.autofactpro.com fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net cdn.optimizely.com cdn.carbonads.com; font-src 'self' *.autofactpro.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com:* *.bootstrapcdn.com *.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net data: ; frame-ancestors 'self' *.autofactpro.com facebook.com; frame-src 'self' docs.google.com stage-autopress-buckets.s3.us-west-1.amazonaws.com *.hotjar.com *.autofact.cl form.typeform.com accounts.google.com optimize.google.com analytics.google.com *.ampproject.net pagoefectivo.pe *.pagoefectivo.pe *.sii.cl *.autofactpro.com www.google.com www.youtube.com www.youtube-nocookie.com www.facebook.com web.facebook.com staticxx.facebook.com bid.g.doubleclick.net *.culqi.com *.sibautomation.com sibautomation.com *.ingest.sentry.io *.doubleclick.net; object-src 'self' *.autofactpro.com *.autofact.cl; 1
frame-ancestors https://visitnj.org https://ewrt1.parasyst.net; report-uri /report-csp-violation 1
default-src 'self'; base-uri 'none'; connect-src 'self' https://api.github.com https://*.amplitude.com https://*.api.sanity.io https://getform.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://vimeo.com https://js.zi-scripts.com https://ws.zoominfo.com https://cdn.sanity.io/files/3ugk85nk/ https://api.cr-relay.com/ https://google.com/pagead/ https://google.com/ccm/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://pixel-config.reddit.com https://www.redditstatic.com/ads/ https://conversions-config.reddit.com https://px.ads.linkedin.com/ https://aplo-evnt.com; font-src 'self' data: https://fonts.gstatic.com; frame-ancestors 'none'; frame-src https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://player.vimeo.com https://calendly.com https://demo.arcade.software/ https://www.youtube.com/; img-src 'self' data: https://cdn.cookielaw.org https://cdn.sanity.io/images/3ugk85nk/ https://cdn.sanity.io/files/3ugk85nk/ https://*.google-analytics.com https://*.googletagmanager.com https://assets.calendly.com https://px.ads.linkedin.com/ https://alb.reddit.com https://t.co/ https://analytics.twitter.com/; manifest-src 'self'; media-src 'self' https://cdn.sanity.io/images/3ugk85nk/ https://cdn.sanity.io/files/3ugk85nk/; object-src 'none'; script-src 'none'; script-src-elem 'self' blob: https://www.prefect.io/ https://prefect.io/ 'unsafe-inline' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.addevent.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://cdn.cr-relay.com/ https://commonroom.io/ https://cdn.cookielaw.org/ https://www.redditstatic.com/ads/ https://snap.licdn.com/li.lms-analytics/ https://static.ads-twitter.com/ https://assets.apollo.io/ https://www.youtube.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; child-src 'none'; worker-src 'none' 1
default-src 'self' https://logrhythm.com https://disqus.com https://*.6sc.co https://*.vidyard.com https://*.6sense.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://play.vidyard.com https://api.mida.so https://secure.adnxs.com https://epsilon-cloudfront.6sense.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://epsilon-globalaccelerator.6sense.com https://*.6sense.com https://google.com https://cdn.linkedin.oribi.io https://www.google.com https://px.ads.linkedin.com https://js.zi-scripts.com https://*.privacymanager.io https://epsilon.6sense.com https://*.6sc.co https://analytics.google.com https://*.googlesyndication.com https://ws.zoominfo.com https://bat.bing.com https://spcollector.pathfactory.com https://adservice.google.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://cdn-app.pathfactory.com https://*.fontawesome.com https://www.gartner.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://openfpcdn.io https://cdn.mida.so https://js.zi-scripts.com https://ws-assets.zoominfo.com https://*.trustarc.com https://launchpad.privacymanager.io https://*.widget.insent.ai https://launchpad-wrapper.privacymanager.io https://jobs.jobvite.com https://play.vidyard.com https://yoast.com https://ws.zoominfo.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://cdn-app.pathfactory.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://demostack.app https://*.trustarc.com https://*.doubleclick.net https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://forms.office.com https://jobs.jobvite.com https://play.vidyard.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.logrhythm.com; 1
connect-src https://vk.com https://*.vk.com https://*.jaicp.com https://*.google-analytics.com https://google-analytics.com https://*.google.com https://*.yandex.ru 'self'; child-src 'self' blob: https://*.yandex.ru; font-src https://*.digma.ru https://static.lc-group.ru https://fonts.gstatic.com 'self' ; form-action https://*.jaicp.com 'self'; frame-ancestors https://*.webvisor.com https://webvisor.com http://*.webvisor.com http://webvisor.com 'self'; frame-src https://*.jaicp.com blob: https://*.googletagmanager.com https://*.google.com https://*.yandex.ru https://*.youtube.com 'self' https://*.merlion.ru; img-src https://i.ytimg.com https://vk.com https://*.vk.com https://*.jaicp.com https://*.digma.ru https://static.lc-group.ru https://google-analytics.com https://*.google.com https://*.yandex.ru https://*.youtube.com https://*.merlion.com 'self' data: https://*.yandex.net *.yandex.ru *.yastatic.net *.merlion.ru *.google-analytics.com blob: https://*.yandex.ru; media-src https://*.digma.ru https://static.lc-group.ru 'self'; object-src https://*.digma.ru https://static.lc-group.ru 'self'; script-src https://vk.com https://*.vk.com https://*.digma.ru https://static.lc-group.ru https://*.googletagmanager.com https://google-analytics.com https://*.google.com https://google.com https://*.gstatic.com https://*.yandex.ru https://yastatic.net https://*.youtube.com https://s.ytimg.com 'self' *.yandex.ru *.yandex.net *.yastatic.net *.google-analytics.com https://*.jaicp.com 'unsafe-eval'; style-src https://*.jaicp.com https://*.digma.ru https://static.lc-group.ru https://*.google.com 'self' https://fonts.googleapis.com 'unsafe-inline'; default-src 'none'; 1
object-src *; plugin-types application/pdf; script-src * 'unsafe-inline' 'unsafe-eval' data: 1
base-uri 'none'; object-src 'none'; script-src 'nonce-d5SZFleu07mmKvBVB5bqFmr1dz0xUv0gjDaIDMfNlJjJMl5SdgCI81Dsq79_wOUF' 'strict-dynamic' https: 'unsafe-inline' 'self' 1
base-uri 'self'; script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/ 'nonce-SPDDdZCui9FoN2ZXYNUbTw=='; frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io events.launchdarkly.com app.launchdarkly.com fd-config.us-east-1.prod.public.atl-paas.net fd-config-bifrost.prod-east.frontend.public.atl-paas.net micros--prod-west--bitbucketci-file-service--files.s3.us-west-1.amazonaws.com micros--prod-east--bitbucketci-file-service--files.s3.amazonaws.com micros--stg-west--bitbucketci-file-service--files.s3.us-west-1.amazonaws.com micros--stg-east--bitbucketci-file-service--files.s3.amazonaws.com micros--ddev-west--bitbucketci-file-service--files.s3.ap-southeast-2.amazonaws.com bqlf8qjztdtr.statuspage.io https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/; object-src 'none'; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website 1
default-src 'none'; base-uri 'self'; connect-src 'self' *.google-analytics.com *.googleapis.com stats.g.doubleclick.net; font-src 'self' data: *.fontawesome.com *.google.com *.googleapis.com *.gstatic.com *.linkedin.com *.twitter.com; form-action 'self' *.linkedin.com *.twitter.com *.facebook.com *.google.com https://wpengine.blogvault.net; frame-ancestors 'self'; frame-src 'self' *.doxim.com *.linkedin.com *.twitter.com *.google.com *.elegantthemes.com *.youtube.com *.facebook.com; img-src 'self' data: *.striata.com *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.google.co.za *.googleapis.com *.gstatic.com *.google-analytics.com *.gravatar.com *.linkedin.com *.twitter.com *.twimg.com *.jquery.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' reader.striata.com *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.googleapis.com *.gstatic.com *.licdn.com *.linkedin.com *.twitter.com *.twimg.com *.getclicky.com *.google-analytics.com *.googletagmanager.com *.jquery.com *.jqueryui.com *.jsdelivr.net; style-src 'self' 'unsafe-inline' reader.striata.com *.fontawesome.com *.google.com *.googleapis.com *.linkedin.com *.twitter.com *.twimg.com *.jquery.com; 1
frame-ancestors 'self' *.wrike.com 1
default-src 'self' data: blob: *.octopus.com.hk *.octopuscards.com *.octopusrewards.com.hk *.online-octopus.com *.octopus-cards.com *.oepay.octopus-cards.com *.comm.octopus.com.hk *.youtube.com *.google.com *.google.com.hk *.gstatic.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.googleadservices.com ade.googlesyndication.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net www.facebook.com connect.facebook.net 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' https://*.felgenoutlet.de 1
frame-ancestors https://*.wafdbank.com 1
frame-ancestors 'self' https://www.immobilier-danger.com https://www.lelynx.fr https://www.ouest-france.fr https://www.pap.fr https://www.century21.fr https://www.orpi.com https://www.lavieimmo.com https://www.aide-sociale.fr https://www.banques-en-ligne.fr https://www.lefinanceur.fr https://www.financierement.fr https://www.leazing.fr https://www.assurementcourtier.fr https://www.assurementfinance.fr https://www.lemagdelimmobilier.com https://www.finna.fr https://www.explorimmoneuf.com https://www.capital.fr https://www.jechange.fr https://www.combien-emprunter.com https://proprietes.lefigaro.fr https://www.assurementfinance.fr https://www.aufilducredit.fr https://www.aide-sociale.fr https://maxiassur.fr https://www.credit-moins-cher.fr https://www.forumconstruire.com https://www.immonot.com https://mon-credit.co https://www.comparateurbanque.com https://www.lepretmalin.com https://www.onfaitconstruire.fr https://www.autocadre.com https://www.choisir.com https://www.simulationdecredit.fr https://www.pretargent.fr http://simulationcreditimmobilier.fr https://www.mon-credit-maison.fr https://www.terrain-construction.com https://www.empruntis-montpellier.com; base-uri 'self'; default-src https: blob:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; worker-src https://www.empruntis.com/ blob:; object-src 'none'; 1
img-src 'self' *.google-analytics.com *.googletagmanager.com *.enamad.ir *.raychat.io *.map.ir *.mapbox.com  data: blob: 1
script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/main_light_binary.js https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/feedback/js/ghelp/ https://youtube.googleapis.com https://youtube.com https://s.ytimg.com https://www.youtube.googleapis.com https://static.corp.google.com;report-uri /_/MeetingsUi/cspreport/allowlist 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com https://maps.googleapis.com http://www.googleadservices.com https://live.adyen.com/hpp/js/; 1
frame-ancestors 'self' truetour.app visitingmedia.com 360.visitingmedia.com my.matterport.com annualmeeting.amssm.org thinkific.com visit-baltimore.thinkific.com tourismacademy.baltimore.org baltimore.tourismacademy.org 1
frame-ancestors 'self' feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com feed.pghub.io pandg.tapad.com ; 1
connect-src https://www.aquaray.com https://*.purechat.com wss://*.purechat.com https://developers.google.com https://ipinfo.io https://matomo.aquaray.com 1
img-src 'self' blob: data: https: *.rentberry.com;style-src 'self' 'unsafe-inline' https: *.rentberry.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.rentberry.com;base-uri 'self'; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: fonts.gstatic.com; img-src * data: blob: 'unsafe-inline'; connect-src http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com https: https://ecs.us1.twilio.com wss://endpoint.twilio.com wss://sdkgw.us1.twilio.com wss://global.vss.twilio.com wss://*.amazonaws.com; media-src 'self' https://user-attachments-0-prod-us-east-2-135996661431.s3.us-east-2.amazonaws.com https://user-attachments-0-prod-us-west-1-135996661431.s3.us-west-1.amazonaws.com mediastream:; 1
default-src 'self'  *.mathem.se spc.oda.com;img-src 'self' *.mathem.se spc.oda.com  blob: data: bilder.kolonial.no cdn.sanity.io i.vimeocdn.com translate.googleapis.com api.mapbox.com ct.pinterest.com log.pinterest.com www.facebook.com connect.facebook.net *.google-analytics.com www.google.no *.google.com *.g.doubleclick.net 11208031.fls.doubleclick.net ad.doubleclick.net pagead2.googlesyndication.com ade.googlesyndication.com *.ads.linkedin.com www.linked.com www.google.de www.google.fi www.google.no www.google.se *.googletagmanager.com oda.com storage.googleapis.com *.snapchat.com bat.bing.com analytics.pangle-ads.com log.adtraction.fail checkoutshopper-live.adyen.com;style-src 'unsafe-inline' 'self' *.mathem.se spc.oda.com translate.googleapis.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.mathem.se spc.oda.com   js.sentry-cdn.com browser.sentry-cdn.com messenger.dixa.io widget.trustpilot.com connect.facebook.net s.pinimg.com ct.pinterest.com www.google.com *.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com *.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com snap.licdn.com sc-static.net *.snapchat.com bat.bing.com analytics.tiktok.com gtm.adt313.net tagmanager.google.com polyfill-fastly.io;connect-src 'self' *.mathem.se spc.oda.com   *.sentry.io 1teetjp9.apicdn.sanity.io 1teetjp9.api.sanity.io cdn.sanity.io translate.googleapis.com messenger.dixa.io messenger-edge.dixa.io www.facebook.com ct.pinterest.com *.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com www.google.de www.google.fi www.google.no pagead2.googlesyndication.com ad.doubleclick.net *.g.doubleclick.net cdn.linkedin.oribi.io px.ads.linkedin.com *.snapchat.com bat.bing.com analytics.tiktok.com analytics.pangle-ads.com bat.bing.com log.adtraction.fail gtm-sst-se.mathem.se checkoutshopper-live.adyen.com;frame-src acs.3dsecure.no player.vimeo.com www.youtube.com messenger.dixa.io widget.trustpilot.com ct.pinterest.com www.facebook.com *.g.doubleclick.net *.fls.doubleclick.net td.doubleclick.net tpc.googlesyndication.com *.snapchat.com checkoutshopper-live.adyen.com;font-src 'self' *.mathem.se spc.oda.com;base-uri 'none';object-src 'none'; 1
frame-ancestors *.office-partner.de 1
frame-ancestors self https://beyondthedestination.com; 1
default-src 'self';script-src 'self' 'nonce-r/zw7uCTdonfDTT4LhGIb24D' 'strict-dynamic';object-src 'none';style-src 'self' 'unsafe-inline' *.google.com https://fonts.googleapis.com/css popupmaker.com;img-src 'self' data: blog.emakina.com i.vimeocdn.com script.hotjar.com facebook.com www.googletagmanager.com https://connect.facebook.net https://px.ads.linkedin.com www.google-analytics.com cdn.cookielaw.org cdn.uc.assets.prezly.com;media-src 'self';frame-src 'self' *.google.com *.vimeo.com *.youtube.com godot.emakina.com;font-src 'self' https://fonts.googleapis.com/css https://fonts.gstatic.com data:;connect-src 'self' *.onetrust.com geolocation.onetrust.com vimeo.com popupmaker.com cdn.cookielaw.org px.ads.linkedin.com www.google-analytics.com collector.leadinfo.net content.hotjar.io *.google-analytics.com api.leadinfo.com *.hotjar.io ws.hotjar.com wss://ws.hotjar.com;base-uri 'self';child-src 'none';form-action 'self';frame-ancestors 'self' emakinaagency-admin-develop.azurewebsites.net emakinaagency-admin.azurewebsites.net emakinaagency-admin-staging.azurewebsites.net emakinaagency-admin-testing.azurewebsites.net;worker-src 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.bernabei.it *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.freeprivacypolicy.com *.iubenda.com chimpstatic.com *.scalapay.com *.facebook.net *.facebook.com *.clickcease.com *.googletagmanager.com *.bing.com *.webgains.io *.zendesk.com *.zdassets.com *.zopim.com *.stripe.com *.clarity.ms *.kk-resources.com *.iubenda.com *.trovaprezzi.it *.twitter.com *.googleadservices.com *.kelkoogroup.net d5l1pnk7dv8vr.cloudfront.net *.hotjar.com *.freshworks.com *.freshchat.com *.smooch.io *.addtoany.com; img-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.bernabei.it *.google.com *.google.it *.gstatic.com *.googleapis.com *.google-analytics.com *.freeprivacypolicy.com *.scalapay.com *.facebook.net *.facebook.com *.clickcease.com *.googletagmanager.com *.bing.com *.webgains.io *.zendesk.com *.zdassets.com *.doubleclick.net *.kelkoogroup.net d5l1pnk7dv8vr.cloudfront.net; media-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.bernabei.it; connect-src 'self' *.bernabei.it *.google-analytics.com *.googleapis.com *.google.com *.iubenda.com *.clarity.ms *.zendesk.com *.zdassets.com *.doubleclick.net *.zopim.com *.webgains.io d5l1pnk7dv8vr.cloudfront.net *.hotjar.com *.freshworks.com *.freshdesk.com *.smooch.io *.sentry.io *.kelkoogroup.net wss://*.hotjar.com wss://*.zopim.com wss://*.smooch.io; 1
default-src 'self' *.gstatic.com 'unsafe-inline'; img-src 'self' www.gstatic.com *.recaptcha.net; script-src *.googletagmanager.com *.gstatic.com *.recaptcha.net *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; frame-src *.recaptcha.net 'self'; 1
frame-ancestors https://*.trueaccord.com https://flex.twilio.com 1
frame-ancestors https://smart-bdash.com/ 1
frame-ancestors 'none'; connect-src 'self' *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.crazyegg.com *.google-analytics.com *.google.com https://stats.g.doubleclick.net/j/collect *.doubleclick.net *.liadm.com; default-src 'self' *.google-analytics.com *.googletagmanager.com  *.crazyegg.com https://*.clarity.ms https://c.bing.com 'unsafe-inline'; font-src 'self' 'unsafe-inline' fonts.gstatic.com data: 'unsafe-eval'; frame-src 'self'  *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com  *.crazyegg.com *.google.com  *.flipsnack.com *.libsyn.com *.audioboom.com *.soundcloud.com *.brightcove.net/; img-src 'self' 'unsafe-inline' js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com  *.crazyegg.com *.gravatar.com *.google-analytics.com https://www.google.com/ads/ga-audiences  *.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.doubleclick.net *.trustcommerce.com 'unsafe-eval' data: ; object-src 'none'; script-src 'self' 'unsafe-inline' *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com  *.crazyegg.com *.workable.com 'unsafe-eval' *.google.com *.google-analytics.com tagmanager.google.com *.googletagmanager.com stats.g.doubleclick.net  *.gstatic.com *.doubleclick.net *.smartcloudinsight.com *.googleadservices.com *.cloudfront.net; style-src 'self' cdn2.hubspot.net *.crazyegg.com 'unsafe-inline' tagmanager.google.com fonts.googleapis.com; worker-src 'self' blob:; 1
frame-ancestors 'self' mylvhn.org my.lvhn.org; upgrade-insecure-requests 1
frame-ancestors *.originlab.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' secure.pay1.de api.deepl.com api-free.deepl.com t.adcell.com www.dwin1.com www.zenaps.com https://www.awin1.com containertags.belboon.de containertags.belboon.com https://*.r.akipam.com https://*.r.jakuli.com https://*.r.lafamo.com https://*.r.niwepa.com https://*.r.powuta.com tr.fatmedia.io as.ad4m.at ad4m.at https://*.adform.net bsmartdata.com fatmedia.io ad.ad-srv.net lekkerads.nl marvellousmachine.net https://*.gsitrix.com mediards.com https://*.mediards.com pikkasrv.com ad.ad-srv.net https://*.redintelligence.net https://*.adform.net https://*.redintelligence.net https://*.gsitrix.com https://*.adc-srv.net https://*.ad-srv.net https://*.mediards.com a.twiago.com ad.doubleclick.net ad.yieldlab.net ad13.adfarm1.adition.com ad4m.at adscale.de apptracker.stream bsmartdata.com dsum-sec.casalemedia.com https://*.fatmedia.io lekkerads.nl marvellousmachine.net pikkasrv.com r.adserver01.de r.adserver01.de r.df-srv.de rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com trc.taboola.com tr.mediards.de https://s.marvellousmachine.net https://trk.cytelligence.io/ https://sdk-set1.com/ bat.bing.com sync.targeting.unrulymedia.com sync.1rx.io static.criteo.net sslwidget.criteo.com dynamic.criteo.com connect.facebook.net www.facebook.com cm.g.doubleclick.net adservice.google.com googleads.g.doubleclick.net www.googleadservices.com www.googletagmanager.com https://*.google-analytics.com s.pinimg.com ct.pinterest.com api.sovendus.com *.adsrvr.org widgets.trustedshops.com integrations.etrusted.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.9.3/Chart.min.js https://cdnjs.cloudflare.com/ajax/libs/chartjs-plugin-annotation/0.5.7/chartjs-plugin-annotation.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js https://youtube.com https://www.youtube.com; connect-src 'self' https://eu1-search.doofinder.com api.deepl.com api-free.deepl.com pro.ip-api.com t.adcell.com https://www.wepowerconnections.com https://tr.fatmedia.io bat.bing.com measurement-api.criteo.com www.econda-monitor.de stats.g.doubleclick.net https://www.google.de/ads/ https://*.google-analytics.com https://region1.analytics.google.com ct.pinterest.com https://www.pinterest.com https://*.sovendus.com api.trustbadge.etrusted.com trustbadge.api.etrusted.com api.trustedshops.com logging.trustbadge.com integrations.etrusted.com https://shops-si.trustedshops.com https://*.hotjar.com https://vc.hotjar.io https://content.hotjar.io https://events.hotjar.io https://surveystats.hotjar.io wss://*.hotjar.com; style-src 'self' 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com 'unsafe-inline'; img-src 'self' data: i.ytimg.com kraeuterhaus-nocookie.de www.kraeuterhaus-nocookie.de https://t.adcell.com https://www.awin1.com https://img.youtube.com https://ads.yieldmo.com https://sync.1rx.io https://as.ad4m.at https://ih.adscale.de https://dsum-sec.casalemedia.com https://a.twiago.com https://sync.targeting.unrulymedia.com bat.bing.com gum.criteo.com x.bidswitch.net ib.adnxs.com contextual.media.net pixel.rubiconproject.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com hb.yahoo.net cm.adform.net visitor.omnitagjs.com r.casalemedia.com id5-sync.com ad.360yield.com matching.ivitrack.com exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com match.sharethrough.com criteo-partners.tremorhub.com ad.yieldlab.net sync-criteo.ads.yieldmo.com e1.emxdgt.com c1.adform.net dpm.demdex.net dis.criteo.com www.facebook.com https://connect.facebook.net www.google.com www.google.de https://*.g.doubleclick.net adservice.google.com cm.g.doubleclick.net https://server.seadform.net www.googletagmanager.com https://public-prod-dspcookiematching.dmxleo.com ct.pinterest.com widgets.trustedshops.com https://static.hotjar.com https://script.hotjar.com i.ytimg.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' mailto: secure.pay1.de www.youtube-nocookie.com https://t.adcell.com www.zenaps.com https://www.awin1.com hal9000.redintelligence.net pixel.bsmartdata.com ads.lekkerads.nl ad.ad-srv.net s.marvellousmachine.net https://containertags.belboon.com https://analytics.bestofluck.io https://roxxtraxx.de https://ad4m.at https://c1.adform.net gum.criteo.com fledge.eu.criteo.com connect.facebook.net www.facebook.com https://*.fls.doubleclick.net https://td.doubleclick.net/ ct.pinterest.com https://*.sovendus.com https://www.sovendus-connect.com https://vars.hotjar.com https://youtube.com https://www.youtube.com; media-src 'self'; base-uri 'self'; form-action 'self' www.facebook.com; upgrade-insecure-requests; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://maps.google.com https://ssl.google-analytics.com https://fonts.gstatic.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://code.jquery.com https://cdnjs.cloudflare.com https://code.highcharts.com https://ajax.googleapis.com https://cdn.datatables.net https://kit.fontawesome.com https://ka-f.fontawesome.com https://ka-p.fontawesome.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.vibemate.com  *.lovense.com *.lovense-api.com https://googletagmanager.com data: https:; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; 1
base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; child-src blob:; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob:  *.amazon-adsystem.com *.analytics.google.com *.bing.com *.boomtrain.com *.clarity.ms *.cloudflare.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inflcr.co *.krxd.com *.krxd.net *.logalty.com *.logalty.es *.masmovil.com *.netmng.com *.onetrust.com *.outbrain.com *.pepeenergy.com *.pepephone.com *.pinimg.com *.pinterest.com *.pinterest.es *.plande.es *.quantummetric.com *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.useinsider.com *.yahoo.com *.yimg.com *.zetaglobal.net euhosted.live.rezync.com js.go2sdk.com wss://*.hotjar.com *.byspotify.com *.spotify.com; style-src 'self' https: 'unsafe-inline'  *.amazon-adsystem.com *.analytics.google.com *.bing.com *.boomtrain.com *.clarity.ms *.cloudflare.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inflcr.co *.krxd.com *.krxd.net *.logalty.com *.logalty.es *.masmovil.com *.netmng.com *.onetrust.com *.outbrain.com *.pepeenergy.com *.pepephone.com *.pinimg.com *.pinterest.com *.pinterest.es *.plande.es *.quantummetric.com *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.useinsider.com *.yahoo.com *.yimg.com *.zetaglobal.net euhosted.live.rezync.com js.go2sdk.com wss://*.hotjar.com *.byspotify.com *.spotify.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data:  *.amazon-adsystem.com *.analytics.google.com *.bing.com *.boomtrain.com *.clarity.ms *.cloudflare.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inflcr.co *.krxd.com *.krxd.net *.logalty.com *.logalty.es *.masmovil.com *.netmng.com *.onetrust.com *.outbrain.com *.pepeenergy.com *.pepephone.com *.pinimg.com *.pinterest.com *.pinterest.es *.plande.es *.quantummetric.com *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.useinsider.com *.yahoo.com *.yimg.com *.zetaglobal.net euhosted.live.rezync.com js.go2sdk.com wss://*.hotjar.com *.byspotify.com *.spotify.com; font-src 'self' data:  *.amazon-adsystem.com *.analytics.google.com *.bing.com *.boomtrain.com *.clarity.ms *.cloudflare.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inflcr.co *.krxd.com *.krxd.net *.logalty.com *.logalty.es *.masmovil.com *.netmng.com *.onetrust.com *.outbrain.com *.pepeenergy.com *.pepephone.com *.pinimg.com *.pinterest.com *.pinterest.es *.plande.es *.quantummetric.com *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.useinsider.com *.yahoo.com *.yimg.com *.zetaglobal.net euhosted.live.rezync.com js.go2sdk.com wss://*.hotjar.com *.byspotify.com *.spotify.com; connect-src 'self'  *.amazon-adsystem.com *.analytics.google.com *.bing.com *.boomtrain.com *.clarity.ms *.cloudflare.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inflcr.co *.krxd.com *.krxd.net *.logalty.com *.logalty.es *.masmovil.com *.netmng.com *.onetrust.com *.outbrain.com *.pepeenergy.com *.pepephone.com *.pinimg.com *.pinterest.com *.pinterest.es *.plande.es *.quantummetric.com *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.useinsider.com *.yahoo.com *.yimg.com *.zetaglobal.net euhosted.live.rezync.com js.go2sdk.com wss://*.hotjar.com *.byspotify.com *.spotify.com; frame-src 'self' data:  *.amazon-adsystem.com *.analytics.google.com *.bing.com *.boomtrain.com *.clarity.ms *.cloudflare.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inflcr.co *.krxd.com *.krxd.net *.logalty.com *.logalty.es *.masmovil.com *.netmng.com *.onetrust.com *.outbrain.com *.pepeenergy.com *.pepephone.com *.pinimg.com *.pinterest.com *.pinterest.es *.plande.es *.quantummetric.com *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.useinsider.com *.yahoo.com *.yimg.com *.zetaglobal.net euhosted.live.rezync.com js.go2sdk.com wss://*.hotjar.com *.byspotify.com *.spotify.com; frame-ancestors 'self'  *.amazon-adsystem.com *.analytics.google.com *.bing.com *.boomtrain.com *.clarity.ms *.cloudflare.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inflcr.co *.krxd.com *.krxd.net *.logalty.com *.logalty.es *.masmovil.com *.netmng.com *.onetrust.com *.outbrain.com *.pepeenergy.com *.pepephone.com *.pinimg.com *.pinterest.com *.pinterest.es *.plande.es *.quantummetric.com *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.useinsider.com *.yahoo.com *.yimg.com *.zetaglobal.net euhosted.live.rezync.com js.go2sdk.com wss://*.hotjar.com *.byspotify.com *.spotify.com; object-src data:  *.amazon-adsystem.com *.analytics.google.com *.bing.com *.boomtrain.com *.clarity.ms *.cloudflare.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inflcr.co *.krxd.com *.krxd.net *.logalty.com *.logalty.es *.masmovil.com *.netmng.com *.onetrust.com *.outbrain.com *.pepeenergy.com *.pepephone.com *.pinimg.com *.pinterest.com *.pinterest.es *.plande.es *.quantummetric.com *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.useinsider.com *.yahoo.com *.yimg.com *.zetaglobal.net euhosted.live.rezync.com js.go2sdk.com wss://*.hotjar.com *.byspotify.com *.spotify.com; media-src 'self' data:  *.amazon-adsystem.com *.analytics.google.com *.bing.com *.boomtrain.com *.clarity.ms *.cloudflare.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inflcr.co *.krxd.com *.krxd.net *.logalty.com *.logalty.es *.masmovil.com *.netmng.com *.onetrust.com *.outbrain.com *.pepeenergy.com *.pepephone.com *.pinimg.com *.pinterest.com *.pinterest.es *.plande.es *.quantummetric.com *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.useinsider.com *.yahoo.com *.yimg.com *.zetaglobal.net euhosted.live.rezync.com js.go2sdk.com wss://*.hotjar.com *.byspotify.com *.spotify.com; worker-src 'self' data: blob:  *.amazon-adsystem.com *.analytics.google.com *.bing.com *.boomtrain.com *.clarity.ms *.cloudflare.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inflcr.co *.krxd.com *.krxd.net *.logalty.com *.logalty.es *.masmovil.com *.netmng.com *.onetrust.com *.outbrain.com *.pepeenergy.com *.pepephone.com *.pinimg.com *.pinterest.com *.pinterest.es *.plande.es *.quantummetric.com *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.useinsider.com *.yahoo.com *.yimg.com *.zetaglobal.net euhosted.live.rezync.com js.go2sdk.com wss://*.hotjar.com *.byspotify.com *.spotify.com 1
frame-ancestors 'self' lifeat.com *.lifeat.com lifeat.app *.lifeat.app *.vercel.app vercel.app; 1
frame-ancestors 'self' *.brin.go.id 1
report-uri https://dev.apicodo.de/csp/report/ 1
default-src 'none'; font-src data: https://fonts.gstatic.com https://*.pixton.com https://*.hotjar.com; img-src data: https://*.pixton.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.google.ca https://fonts.gstatic.com https://track.hubspot.com https://static.hsappstatic.net https://f.hubspotusercontent40.net https://*.hubapi.com https://*.hubspotusercontent-na1.net https://*.hsforms.com https://www.ssa.gov https://i.ytimg.com https://dna8twue3dlxq.cloudfront.net https://www.facebook.com https://*.hotjar.com; script-src 'unsafe-inline' 'unsafe-eval' https://*.pixton.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.stripe.com https://*.facebook.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hs-banner.com https://*.hscollectedforms.net https://*.hs-analytics.net https://*.hsappstatic.net https://*.hubspot.com https://*.hubspot.net https://*.hubspotfeedback.com https://js.hsleadflows.net https://*.jquery.com https://*.usemessages.com https://cdn.jsdelivr.net https://code.getmdl.io https://platform.linkedin.com https://platform.twitter.com https://www.ssa.gov https://*.youtube.com https://d10lpsik1i8c69.cloudfront.net https://unpkg.com https://vjs.zencdn.net https://cdnjs.cloudflare.com https://*.logr-ingest.com https://*.hotjar.com; style-src 'unsafe-eval' 'unsafe-inline' https://*.pixton.com https://*.googleapis.com https://cdn.jsdelivr.net https://*.hsappstatic.net https://*.hubspot.net https://*.hubspotfeedback.com https://code.getmdl.io https://www.ssa.gov https://www.googletagmanager.com https://unpkg.com https://vjs.zencdn.net https://cdnjs.cloudflare.com https://*.hotjar.com; frame-src blob: https://*.pixton.com https://*.stripe.com https://*.hubspot.com https://*.hsforms.com https://*.youtube.com https://*.typeform.com https://*.hubspotvideo.com https://docs.google.com https://*.translate.goog https://*.twitter.com; connect-src data: blob: https://*.pixton.com wss://*.pixton.com https://*.stripe.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://sentry.io https://*.sumologic.com https://*.cloudfront.net https://*.google.com https://fonts.gstatic.com https://*.hubspot.com https://*.hubapi.com https://*.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hscollectedforms.net https://*.typeform.com https://*.facebook.com https://*.logr-ingest.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; media-src data: blob: https://*.pixton.com https://8929196.fs1.hubspotusercontent-na1.net https://*.mote.com; object-src https://*.pixton.com; frame-ancestors https://*.pixton.com:* https://*.pixton.com; worker-src blob:; base-uri 'self'; form-action 'self' https://*.hsforms.com; upgrade-insecure-requests 1
default-src 'none'; media-src 'self'; object-src 'self'; connect-src 'self' www.knf.gov.pl *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/api2/ https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api  https://www.youtube.com/s/player/ https://www.google-analytics.com/ga.js https://ssl.google-analytics.com/ga.js https://maps.googleapis.com/ https://platform.twitter.com/ cdn.syndication.twimg.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ platform.twitter.com/css/ https://ton.twimg.com/tfw/css/; font-src 'self' data: https://fonts.googleapis.com/ https://fonts.gstatic.com/; img-src 'self' data: https://www.knf.gov.pl/ https://ssl.google-analytics.com/ https://csi.gstatic.com/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/maps/ https://syndication.twitter.com/ https://abs.twimg.com/ https://pbs.twimg.com/ https://platform.twitter.com/css/ https://ton.twimg.com/tfw/css/ https://ton.twimg.com/tfw/assets/; frame-src 'self' https://www.google.com/recaptcha/api2/ https://www.youtube.com/embed/ https://www.youtube.com/s/player/ https://syndication.twitter.com/ https://platform.twitter.com/; child-src 'self' https://www.google.com/recaptcha/api2/ https://www.youtube.com/embed/ https://www.youtube.com/s/player/ https://syndication.twitter.com/ https://platform.twitter.com/;  1
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' www.therochestercornexchange.co.uk rochester-21st.s1.umbraco.io www.medwayadulteducation.co.uk; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.facebook.net *.mxpnl.com *.cloudflare.com https://rawcdn.githack.com/RickStrahl/jquery-resizable/master/dist/jquery-resizable.min.js editorapassos.videotecaead.com.br static.cloudflareinsights.com https://assets.pagar.me/checkout/1.1.0/checkout.js *.pagar.me https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js *.youtube.com *.chat24.io salesiq.zoho.com d2mpatx37cqexb.cloudfront.net https://chat.auto.brnaturall.com.br/packs/js/sdk.js https://www.clarity.ms/tag/7fkg0lo7wa static.hotjar.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.cloudflare.com editorapassos.videotecaead.com.br livechat.chat24.io static.cloudflareinsights.com;worker-src blob: 'self' 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: maxcdn.bootstrapcdn.com fonts.gstatic.com embed-fastly.wistia.com blob: fast.wistia.com data: gap: mychart.northmemorial.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.com *.addtoany.com static.ads-twitter.com *.bing.com d10lpsik1i8c69.cloudfront.net *.youtube.com *.resonate.com *.adsrvr.org sc-static.net analytics.tiktok.com *.fls.doubleclick.net px.ads.linkedin.com connect.facebook.net t.co ds.reson8.com www.google.com analytics.twitter.com js-agent.newrelic.com tr.snapchat.com *.nr-data.net *.snapchat.com *.googleadservices.com googleads.g.doubleclick.net snap.licdn.com www.google-analytics.com bbox.blackbaudhosting.com s0.2mdn.net tbcdn.talentbrew.com tbcdn.staging.talentbrew.com fast.wistia.com js.stripe.com mychart.northmemorial.com www.gstatic.com dc.ads.linkedin.com sjs.bizographics.com px4.ads.linkedin.com s.pinimg.com careers.static.pageuppeople.com sky.blackbaudcdn.net cdn.jsdelivr.net *.clarity.ms ct.pinterest.com engage.newmode.net c.shpg.org blog.apps.npr.org host.nxt.blackbaud.com settings.luckyorange.net *.azureedge.net *.dynamics.com google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net maps.googleapis.com maps.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: cloud.typography.com maxcdn.bootstrapcdn.com ajax.googleapis.com tbcdn.talentbrew.com fonts.googleapis.com bbox.blackbaudhosting.com mychart.northmemorial.com code.jquery.com sky.blackbaudcdn.net cdn.jsdelivr.net 'unsafe-inline' maps.googleapis.com maps.google.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: px.ads.linkedin.com www.facebook.com t.co www.google.com bat.bing.com p.adsymptotic.com northmemorial.com connect.facebook.net fast.wistia.com maps.googleapis.com maps.gstatic.com *.wistia.com bbox.blackbaudhosting.com www.linkedin.com dev-north-memorial-health.pantheonsite.io test-north-memorial-health.pantheonsite.io embedwistia-a.akamaihd.net analytics.twitter.com s.w.org px4.ads.linkedin.com dc.ads.linkedin.com sjs.bizographics.com ct.pinterest.com sky.blackbaudcdn.net img.youtube.com ad.doubleclick.net *.clarity.ms *.bing.com *.placeholder.com secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com *.googleapis.com maps.google.com www.gstatic.com *.ggpht.com i.ytimg.com www.googletagmanager.com; connect-src 'self' bat.bing.com ds.reson8.com stats.g.doubleclick.net www.facebook.com analytics.tiktok.com tr.snapchat.com *.nr-data.net yoast.com maps.googleapis.com *.wistia.com fg8vvsvnieiv3ej16jby.litix.io www.google.com adservice.google.com embedwistia-a.akamaihd.net ct.pinterest.com cdn.linkedin.oribi.io assets10.lottiefiles.com analytics.pangle-ads.com px.ads.linkedin.com tr6.snapchat.com *.clarity.ms *.wistia.net sky.blackbaudcdn.net settings.luckyorange.net *.azureedge.net *.dynamics.com www.google-analytics.com ampcid.google.com analytics.google.com about: maps.google.com www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com maxcdn.bootstrapcdn.com data:; media-src * embedwistia-a.akamaihd.net blob:; frame-src 'self' *.doubleclick.net *.adsrvr.org *.snapchat.com static.addtoany.com www.facebook.com northmemorial.wufoo.com bbox.blackbaudhosting.com *.stripe.com mychart.northmemorial.com javamatch.matchinggifts.com sc-static.net www.google.com mychart-north-memorial-health.pantheonsite.io ct.pinterest.com sky.blackbaudcdn.net host.nxt.blackbaud.com *.youtube-nocookie.com blob: northmemorial.com engage.newmode.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' blob: data: gap: www.youtube.com www.googletagmanager.com; frame-ancestors * https://mychart-north-memorial-health.pantheonsite.io https://mychart.northmemorial.com mychart.northmemorial.com; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' https://*.mnogosna.team https://metrika.yandex.ru 1
default-src 'self'; child-src data: blob:; connect-src 'self' *.aticdn.net *.cdnbasket.net *.cookiebot.com *.googleapis.com *.hotjar.com *.hotjar.io *.onconnect-coach.3slab.fr *.payline.com *.suez.com *.xiti.com apisimulator.toutsurmoneau.test bam.eu01.nr-data.net bam.nr-data.net data.gouv.nc ids.cdnwidget.com payline.com smartsolution-onconnectcoach.azureedge.net smartsolution-smartcoach.azureedge.net stats.g.doubleclick.net ws.livingactor.com apisimulator.toutsurmoneau.test data.gouv.nc *.aticdn.net *.xiti.com stats.g.doubleclick.net *.cookiebot.com *.googleapis.com *.suez.com wss://*.hotjar.com; font-src 'self' data: *.hotjar.com *.payline.com *.suez.com fonts.gstatic.com maxcdn.bootstrapcdn.com payline.com smartsolution-onconnectcoach.azureedge.net *.suez.com; form-action * com.suez.tsme.dev: com.suez.tsme.app:; frame-src data: blob: *.payline.com payline.com *.satisfactory.fr www.google.com *.youtube-nocookie.com *.youtube.com opendata.hauts-de-seine.fr *.cookiebot.com *.suez.com; img-src 'self' data: blob: *.cdnwidget.com *.cloudfront.net *.cookiebot.com *.hotjar.com *.payline.com *.suez.com *.youtube-nocookie.com *.youtube.com api.cabestan.com cdn1.iconfinder.com cloudfront.net maps.googleapis.com maps.gstatic.com payline.com smartsolution-onconnectcoach.azureedge.net www.googletagmanager.com *.suez.com *.cookiebot.com; media-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ati-host.net *.aticdn.net *.atinternet-solutions.com *.atinternet.com *.atinternet.io *.bootstrapcdn.com *.capadresse.com *.capadresse.com:2814 *.cdnwidget.com *.cloudfront.net *.cookiebot.com *.google.com *.google.com/maps *.hotjar.com *.js-agent.newrelic.com *.newrelic.com *.onconnect-coach.3slab.fr *.payline.com *.piano.io *.suez.com *.xiti.com ajax.cloudflare.com api.cabestan.com apisimulator.toutsurmoneau.test bam.nr-data.net capadresse.apisimulator.toutsurmoneau.test capadresse.apisimulator.toutsurmoneau.test:6090 code.jquery.com maps.googleapis.com payline.com smartsolution-smartcoach.azureedge.net suez-eau-france.dimelochat.com ws.livingactor.com www.googletagmanager.com www.gstatic.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.cloudfront.net *.googleapis.com *.hotjar.com *.payline.com *.suez.com fonts.googleapis.com payline.com smartsolution-smartcoach.azureedge.net www.gstatic.com *.googleapis.com *.suez.com; worker-src blob: 1
default-src 'self' *.tullverket.se www.youtube.com www.google.com surfly.com platform.twitter.com; script-src 'self' *.tullverket.se www.google.com chat.smartcall.cc surfly.com www.gstatic.com platform.twitter.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' webstats.tullverket.se chat.smartcall.cc surfly.com; img-src 'self' *.reachmee.com; style-src 'self' platform.twitter.com chat.smartcall.cc surfly.com 'unsafe-inline'; base-uri 'self'; font-src 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com v4.ai.ingka.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com translate-pa.googleapis.com www.youtube-nocookie.com www.youtube.com www.paypal.com blob: data: wss://web-api.ikea.com https://storage.googleapis.com/learnwithikeavideos/ unicorn-rainbow-flower.edgecompute.app ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com api.o-c.io lf.o-c.io *.ikea.de *.ikea-lsp.de ikeaplanningcalendar.inwebs.com *.parcellab.com *.taskrabbit.com *.adform.net insight.adsrvr.org js.adsrvr.org *.bing.com *.doubleclick.net googleads.g.doubleclick.net *.facebook.com *.facebook.net www.googleadservices.com *.googlesyndication.com *.google.de www.google.de *.pinterest.com s.pinimg.com *.realperson.de wss://*.realperson.de d.ratepay.com *.cookielaw.org *.onetrust.com *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com maps.googleapis.com fonts.googleapis.com www.googleapis.com *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com d.lemonpi.io *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com *.ikea.de; object-src 'self'; report-uri https://csp.ikea.com 1
default-src 'self' https://*.cryptohopper.com wss://*.cryptohopper.com https://*.cryptohopper.tech https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.gstatic.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.googletagmanager.com https://*.googleoptimize.com https://optimize.google.com https://tagmanager.google.com https://i.ytimg.com https://cdn.segment.com https://api.segment.io https://*.freshchat.com https://hcaptcha.com https://*.hcaptcha.com https://youtube.com https://www.youtube.com https://noembed.com https://cdn.plyr.io https://bat.bing.com wss://api.appcues.net https://*.appcues.com https://*.appcues.net https://*.cloudflareinsights.com https://*.analytics.google.com https://*.intercom.io https://*.intercomcdn.com wss://nexus-websocket-a.intercom.io; img-src 'self' data: https://*.cryptohopper.com https://res.cloudinary.com/ https://*.hotjar.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.ytimg.com https://bat.bing.com https://www.google.com https://*.google.nl https://*.intercomcdn.com https://*.intercomassets.com; style-src 'self' 'unsafe-inline' https://*.cryptohopper.com https://fonts.googleapis.com https://*.freshchat.com https://fast.appcues.com https://*.google.com; font-src 'self' data: https://*.cryptohopper.com https://*.gstatic.com https://*.hotjar.com https://*.intercomcdn.com; object-src 'none'; form-action 'none'; report-uri /api/report/csp; 1
frame-ancestors 'self' https://mycourses.w3schools.com https://pathfinder.w3schools.com; 1
frame-ancestors 'self' *.shutterfly.com:* *.tinyprints.com:*; 1
report-uri /post/report/csp; report-to csp-endpoint; object-src 'none'; default-src 'self'; script-src 'self' 'unsafe-inline' https://posten.boost.ai/chatPanel/ https://siteimproveanalytics.com/js/siteanalyze_6015663.js; style-src 'self' 'unsafe-inline'; img-src 'self' blob: https://6015663.global.siteimproveanalytics.io https://csi.gstatic.com:443 https://*.amazonaws.com:443 https://posten.boost.ai/img/ data:; font-src 'self'; connect-src 'self' https://script.google.com https://script.googleusercontent.com https://posten.boost.ai/api/ https://postentest.boost.ai/api/ https://kbkxsqvvqxsn.statuspage.io/api/ https://status.digipost.no; frame-src 'self' blob: https://www.posten.no https://www.youtube-nocookie.com:443; child-src 'self' blob: https://www.posten.no https://www.youtube-nocookie.com:443; frame-ancestors 'self'; form-action 'self'; block-all-mixed-content 1
default-src 'self' data: about: *.reddit.com *.redditstatic.com playlist.megaphone.fm *.podbean.com alb.reddit.com cdn.linkedin.oribi.io *.pingdom.net *.bing.com *.clarity.ms *.sitescout.com *.blob.core.windows.net t.co *.libsyn.com *.googleapis.com *.google.ca *.adsymptotic.com *.onetrust.com *.addthis.com *.doubleclick.net *.linkedin.com cm.everesttech.net allegis.demdex.net stats.g.doubleclick.net bam.nr-data.net *.google.com dpm.demdex.net bat.bing.com cdn.cookielaw.org p.typekit.net *.teksystems.com *.facebook.com *.facebook.net *.google-analytics.com *.googlesyndication.com *.gstatic.com *.sharethis.com *.twitter.com *.youtube.com ajax.aspnetcdn.com ajax.googleapis.com cdnjs.cloudflare.com cdnjs.com code.jquery.com maxcdn.bootstrapcdn.com platform.linkedin.com unpkg.com *.googletagmanager.com *.analytics.google.com *.vimeo.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.onetrust.com unpkg.com use.fontawesome.com fonts.googleapis.com use.typekit.net p.typekit.net; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.onetrust.com use.typekit.net fonts.googleapis.com fonts.gstatic.com; object-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.redditstatic.com *.pingdom.net *.cloudfront.net *.clarity.ms *.pixel.ad *.blob.core.windows.net *.twitter.com *.moatads.com *.addthisedge.com *.addthis.com *.doubleclick.net *.onetrust.com *.gstatic.com *.google.com js-agent.newrelic.com use.typekit.net *.amcharts.com cdn.jsdelivr.net unpkg.com *.googletagmanager.com *.google-analytics.com snap.licdn.com *.googleadservices.com static.ads-twitter.com *.youtube.com connect.facebook.net bat.bing.com cdnjs.cloudflare.com cdn.cookielaw.org assets.adobedtm.com maps.googleapis.com googleads.g.doubleclick.net bam.nr-data.net *.analytics.google.com *.hotjar.com *.vimeo.com; 1
frame-ancestors 'self' *.carrierenterprise.com *.carrierenterprise.ca *.punchout2go.com *.tradecentric.com *.buyerquest.net docs.google.com; 1
default-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'; child-src 'self'; object-src blob: 'report-sample'; connect-src 'self' blob: https://www.paypal.com https://www.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://csi.gstatic.com https://*.googletagmanager.com https://analytics.google.com https://*.analytics.google.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google.com.br https://www.google.cl https://www.google.com.py https://www.google.fr https://www.google.com.mx https://www.google.com.bd https://www.google.com.co https://www.google.com.pe https://www.google.nl https://www.google.es https://www.google.com.gt https://www.google.com.uy https://www.google.com.pr https://www.google.com.sg https://www.google.es https://www.google.com.co https://www.google.at https://www.google.ca https://www.google.pl https://www.google.cl https://www.google.es https://www.google.com.ec https://www.google.co.ve https://www.google.jo https://www.google.hu https://www.google.com.ar https://www.google.com.qa https://www.google.com.co https://www.google.it https://www.google.hr https://www.google.co.il https://www.google.co.uk https://www.google.com.mm https://www.google.com.jm https://www.google.pt/ https://www.google.com.pk https://www.google.ca https://www.google.tt https://www.google.ie/ https://www.google.com.mx https://www.google.no https://www.google.com.au https://www.google.fi https://www.google.rs https://www.google.co.th https://www.google.de https://www.google.cz https://www.google.co.in https://www.google.co.nz https://www.google.co.za https://www.google.com.ua/ https://www.google.com.pk https://www.google.co.id https://www.google.com.ar https://www.google.az https://www.google.cl https://www.google.fr https://www.google.ru https://www.google.com.do https://www.google.com.ng https://www.google.co.jp https://www.google.co.zw https://www.google.ch https://www.google.es https://www.google.co.za https://www.google.com.tr https://www.google.co.ke https://www.google.com.sa https://www.google.pt/ https://www.google.dz https://www.google.be https://www.google.com.ph https://www.google.com.my https://www.google.co.id https://www.google.co.ma https://www.google.de https://www.google.com.kw https://www.google.gy https://www.google.hn https://www.google.com.hk https://www.google.co.ao https://www.google.com.eg https://www.google.co.ke https://www.google.co.cr https://www.google.co.tw; media-src blob: 'report-sample'; img-src 'self' blob: data: https://t.paypal.com https://www.paypalobjects.com https://region1.analytics.google.com https://*.analytics.google.com https://www.google-analytics.com https://*.googleusercontent.com https://*.googlesyndication.com https://*.googletagmanager.com https://region1.analytics.google.com https://www.google.cz https://www.google.com.my https://www.google.co.in https://www.google.com.uy https://www.google.com.ar https://www.google.co.uk https://www.google.pt https://www.google.com.co https://www.google.co.ma https://www.google.bs https://www.google.de https://www.google.cl https://www.google.com.pe https://www.google.it https://www.google.fr https://www.google.com.mx https://www.google.ca https://www.google.bs https://www.google.es https://www.google.com.kw https://www.google.com.ec https://www.google.nl https://www.google.co.ke https://www.google.gr https://www.google.com.vn https://www.google.co.il https://www.google.com.mt https://www.google.com.pk https://www.google.com.jm https://www.google.dk https://www.google.com.bd https://www.google.com.ng https://www.google.hu https://www.google.ie https://www.google.cz https://www.google.pl https://www.google.ae https://www.google.com.hk https://www.google.co.id https://www.google.at https://www.google.com.br https://www.google.com.sa https://www.google.ru https://www.google.co.ve https://www.google.com.ec https://www.google.com.py https://www.google.co.za https://www.google.com.sv https://www.google.ro https://www.google.ch https://www.google.no https://www.google.sn https://www.google.hr https://www.google.com.pr https://www.google.com.ph https://www.google.com.eg https://www.google.se https://www.google.ge https://www.google.com.lb https://www.google.com.ua https://www.google.com.pa https://www.google.be https://www.google.co.nz https://www.google.co.zm https://www.google.com.sg https://www.google.com.gt https://www.google.com.br https://www.google.com.fj https://www.google.com.bo https://www.google.sk https://www.google.com.ni https://www.google.dz https://www.google.com.do https://www.google.rw https://www.google.as https://www.google.com.om https://www.google.co.jp https://www.google.rw https://www.google.md https://www.google.co.th https://www.google.jo/ https://www.google.com.gt/ https://www.google.fi https://www.google.co.tz https://www.google.bg https://www.google.co.kr https://www.google.rs https://www.google.com.au https://www.google.de https://www.google.iq https://www.google.az https://www.google.co.cr https://www.google.com.mm https://www.google.com.ly https://www.google.mw https://www.google.com.qa https://www.google.be https://www.google.hn https://www.google.com.pg/ https://www.google.bf https://www.google.com.tw https://www.google.ws https://www.google.tn https://www.google.com.tr https://www.google.com.np https://www.google.ci/ https://www.google.com.gh https://www.google.ht; script-src 'self' 'report-sample' https://*.googletagmanager.com https://*.google-analytics.com https://ssl.google-analytics.com/ https://apis.google.com https://*.googlesyndication.com https://*.googleadservices.com https://*.googletagservices.com https://cdn.ampproject.org https://www.paypal.com https://www.paypalobjects.com 'sha256-b+mf6EIMFYxuAIdk6/2IF09zTUsJrlW6qZaw4opG6QU=' https://adservice.google.com https://adservice.google.com.br https://adservice.google.com.mx https://adservice.google.com.co https://adservice.google.com.ar https://adservice.google.com.pe https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.tr https://adservice.google.com.pk https://adservice.google.com.sa https://adservice.google.com.ec https://adservice.google.com.ph https://adservice.google.com.bo https://adservice.google.com.gt https://adservice.google.com.tr https://adservice.google.com.ng https://adservice.google.com.ua https://adservice.google.com.my https://adservice.google.com.gt https://adservice.google.com.eg https://adservice.google.com.bh  https://adservice.google.co.uk https://adservice.google.co.in https://adservice.google.co.nz https://adservice.google.co.kr https://adservice.google.co.id https://adservice.google.co.ve https://adservice.google.co.il https://adservice.google.co.jp https://adservice.google.co.ke https://adservice.google.co.za https://adservice.google.co.ve  https://adservice.google.pl https://adservice.google.it https://adservice.google.es https://adservice.google.pt https://adservice.google.ca https://adservice.google.ru https://adservice.google.fr https://adservice.google.cl https://adservice.google.sk https://adservice.google.cz https://adservice.google.se https://adservice.google.gr https://adservice.google.ie https://adservice.google.hn https://adservice.google.ae https://adservice.google.cl https://adservice.google.hu https://adservice.google.de https://adservice.google.iq https://adservice.google.si https://adservice.google.rs https://adservice.google.nl https://adservice.google.py https://adservice.google.tn https://adservice.google.hu https://adservice.google.at https://adservice.google.fi https://adservice.google.rw https://adservice.google.co.th https://adservice.google.co.tz https://adservice.google.com.sg https://adservice.google.com.np https://adservice.google.com.vn https://adservice.google.com.kh https://adservice.google.com.bd https://adservice.google.com.fj https://adservice.google.be https://adservice.google.ro https://adservice.google.dk https://adservice.google.kz https://adservice.google.ch https://adservice.google.lt https://adservice.google.no https://adservice.google.bg https://adservice.google.lv https://adservice.google.com.tw https://adservice.google.lb https://adservice.google.com.bz https://adservice.google.com.py https://adservice.google.com.kw https://adservice.google.com.uy https://adservice.google.com.jm https://adservice.google.com.qa https://adservice.google.com.lb https://adservice.google.com.pr https://adservice.google.com.sv  https://adservice.google.com.cy https://adservice.google.com.hk https://adservice.google.com.et https://adservice.google.com.pa https://adservice.google.co.zm https://adservice.google.co.cr https://adservice.google.co.zw https://adservice.google.co.uz https://adservice.google.co.ug https://adservice.google.tt https://adservice.google.dz https://adservice.google.mu https://adservice.google.cm https://adservice.google.ht https://adservice.google.ee https://adservice.google.bt https://adservice.google.az https://adservice.google.hr https://adservice.google.is https://adservice.google.ad https://adservice.google.lk https://adservice.google.al https://adservice.google.lu https://adservice.google.mw https://adservice.google.ci https://adservice.google.co.mz https://adservice.google.com.mm https://adservice.google.com.na https://adservice.google.com.af https://adservice.google.bj https://adservice.google.bs https://adservice.google.co.ao https://adservice.google.co.bw https://adservice.google.co.vi https://adservice.google.com.ag https://adservice.google.com.bn https://adservice.google.com.cu https://adservice.google.com.gh https://adservice.google.com.ni https://adservice.google.com.pg https://adservice.google.fm https://adservice.google.la https://adservice.google.mn https://adservice.google.sn https://adservice.google.sr https://adservice.google.tl https://adservice.google.ws https://adservice.google.jo; style-src 'self' https://*.googletagservices.com https://fonts.googleapis.com 'unsafe-inline' 'report-sample'; font-src 'self' data: 'report-sample' https://fonts.gstatic.com https://use.typekit.net; frame-src blob: https://accounts.google.com https://*.doubleclick.net https://*.googlesyndication.com https://docs.google.com https://drive.google.com https://www.google.com https://www.paypal.com https://www.paypalobjects.com; report-uri https://zipextractorapp.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' https://jobcloud.ch https://*.jobcloud.ch https://jobs.ch https://*.jobs.ch https://jobup.ch https://*.jobup.ch https://*.jobscout24.ch https://impieghi.ch https://*.impieghi.ch; object-src 'self'; font-src 'self' https://*.hotjar.com https://fonts.gstatic.com https://fonts.intercomcdn.com data:; img-src https: blob: data:; connect-src 'self' c.jobscout24.ch https://adservice.google.com https://www.googleadservices.com https://*.g.doubleclick.net *.tealiumiq.com *.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.google-analytics.com *.analytics.google.com analytics.google.com www.googletagmanager.com www.google.ch www.google.com https://*.google.com https://google.com www.google.de www.google.fr www.google.it www.google.at wss://*.intercom.io https://*.intercom.io https://*.eu.intercom.io https://*.eu.intercom.com https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.intercomusercontent.com *.jobs.ch *.lokalise.com https://www.facebook.com/tr/ https://ingest.webvitalize.io/ snap.licdn.com/li.lms-analytics/ dynamic.criteo.com/js/ld/ secure.leadforensics.com/js/ secure.data-insight365.com/Track/ idx.liadm.com/idex/ https://bat.bing.com *.clarity.ms/collect *.creativecdn.com measurement-api.criteo.com https://translate.googleapis.com; frame-src 'self' https://*.hotjar.com *.jobs.ch tpc.googlesyndication.com *.google.com landbot.io *.alisearch.ch *.criteo.com *.doubleclick.net https://maps.google.de https://www.facebook.com/ https://www.googletagmanager.com https://www.youtube.com https://www.youtube.com https://www.vimeo.com https://player.vimeo.com https://widget.eu.criteo.com *.creativecdn.com; style-src 'self' 'unsafe-inline' https://*.hotjar.com https://fonts.googleapis.com; script-src 'nonce-0GwCV8HbmgAPW49waG2/B6QXWFmRGrt0hJ+7a2P+lWI=' 'self' 'sha256-4xaBeTeGhaTJUTflU97MvimdBrAPDQ8nIcRN627uhqQ=' 'sha256-/OiXyoYdO/5145tKU2HLrF7SBc8dlsEEMhUef8yBBP0=' 'sha256-zl6W6Kb3WQbCwq/2GhFpSTTmTKL0WJPu7xBa2A1gxrU=' https://visitor-service-eu-central-1.tealiumiq.com https://visitor-service.tealiumiq.com *.tealiumiq.com *.tiqcdn.com *.criteo.net *.hotjar.com https://www.googletagmanager.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.appcast.io https://www.googleadservices.com/pagead/ https://googleads.g.doubleclick.net https://www.google.com https://www.google.ch https://www.google.de https://www.google.fr https://api.microsofttranslator.com https://sslwidget.criteo.com https://tpc.googlesyndication.com *.gstatic.com *.intercom.io *.intercomcdn.com *.landbot.io c.jobscout24.ch https://524003370.collect.igodigital.com lokalise.co lokalise.com *.lokalise.com https://connect.facebook.net https://package.webvitalize.io/ snap.licdn.com/li.lms-analytics/ dynamic.criteo.com/js/ld/ secure.leadforensics.com/js/ secure.data-insight365.com/Track/ idx.liadm.com/idex/ https://*.hotjar.com https://bat.bing.com/ https://www.clarity.ms/ tags.creativecdn.com 'sha256-/OiXyoYdO/5145tKU2HLrF7SBc8dlsEEMhUef8yBBP0=' 'sha256-EhZylS+VkNAyZeNbVSY9oQZpK1Eu/148ksMpqd2IWJY=' 'sha256-KaIKxRygrKWFF9Qry6CqCrzyop6GuujvlA3kB2l/5PQ=' 'sha256-nw/zJx5hSauRwXfx3uVnLtTcUmT0OWIOivhvxNn3DCs=' 'sha256-nw/zJx5hSauRwXfx3uVnLtTcUmT0OWIOivhvxNn3DCs=' 'sha256-rfxMjpKvHZ5q7a0ZIT4Dzs87I4/diEeTs4ujyYs2u3g=' 'sha256-ziBMm/iX6dmVGECRsbk6tynf1XeLf3Okehr5YmdujKM='; report-uri https://o348636.ingest.sentry.io/api/5513946/security/?sentry_key=98e5add7cc8144b7a8bf44f69c20cb42; report-to csp-endpoint;  1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' 1
frame-ancestors https://cms.talent-pool.com 1
default-src https: data:; style-src 'self' 'unsafe-inline' https:; object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' https: data:; frame-src *; frame-ancestors 'self'; base-uri 'self'; form-action * 1
frame-ancestors 'self' blob: https://*.gurobi.com; child-src SAMEORIGIN gurobi-dev.flywheelsites.com *.gurobi.com; default-src 'self' gurobi-dev.flywheelsites.com *.gurobi.com 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com data: cdn.plyr.io i.ytimg.com andreasmb.github.io api.lever.co vimeo.com i.vimeocdn.com cdn.linkedin.oribi.io www.google-analytics.com analytics.demandjump.com secure.adnxs.com c.6sc.co ipv6.6sc.co cdn.linkedin.oribi.io *.google-analytics.com analytics.demandjump.com secure.adnxs.com *.6sc.co *.linkedin.com *.adroll.com *.google.com *.facebook.com ipv4.d.adroll.com px.ads.linkedin.com *.6sc.co *.doubleclick.net *.googletagmanager.com a1.b0e8.com cdn.bizible.com cdn.bizibly.com *.hotjar.com *.hotjar.io ws.hotjar.com 181-zys-005.mktoresp.com pagead2.googlesyndication.com *.6sense.com *.marketo.com; frame-src 'self' https://*.gurobi.com *.marketo.com *.youtube.com *.vimeo.com *.google.com *.brighttalk.com *.hotjar.com static.addtoany.com whova.com calendly.com *.facebook.com *.hsforms.net *.hsforms.com *.statuspage.io 181-zys-005.mktoresp.com td.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gurobi.com *.google.com *.gstatic.com *.google-analytics.com ajax.googleapis.com munchkin.marketo.net *.marketo.com *.googleoptimize.com *.googletagmanager.com *.googleadservices.com cdn.jsdelivr.net *.hotjar.com *.hotjar.io googleads.g.doubleclick.net snap.licdn.com connect.facebook.net static.addtoany.com bat.bing.com *.adroll.com player.vimeo.com *.brighttalk.com *.bc0a.com *.b0e8.com *.6sc.co *.demandjump.com whova.com d1keuthy5s86c8.cloudfront.net *.calendly.com *.hsforms.net *.hsforms.com cdnjs.cloudflare.com *.youtube.com cdn.bizible.com cdn.bizibly.com 181-zys-005.mktoresp.com *.6sense.com; 1
base-uri 'self'; font-src 'self' data: https:; form-action *; frame-ancestors 'self' https://*.e-spirit.hosting; img-src 'self' data: https:; object-src 'none'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; upgrade-insecure-requests; default-src 'self'; media-src 'self' https:; script-src-elem 'self' 'unsafe-inline' https:; connect-src 'self' https:; frame-src 'self' https:; 1
frame-ancestors 'self' localhost fo.ru editor.fo.ru yep.com fosite.ru localhost:3000 172.16.55.208:3000 localhost:9222 betaeditor.fo.ru metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com fo.vin editor.fo.vin; 1
upgrade-insecure-requests; object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.facebook.com https://*.facebook.net https://*.montepiedad.com.mx https://*.botlers.io https://*.newrelic.com https://unpkg.com https://*.zeptojs.com https://*.jsdelivr.net https://*.datatables.net https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://assets4.lottiefiles.com https://www.google-analytics.com https://www.yumpu.com https://*.analytics.google.com https://*.youtube.com/ https://analytics.google.com https://ad.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://afiliacion.net https://prs.arkeero.net https://leadgenios.net https://www.rtb123.com https://*.hotjar.com https://inboxlabs.go2cloud.org https://*.google.com.mx https://*.hotjar.io https://*.teads.tv https://ojo7.ltroute.com https://*.abtasty.com/ https://*.amazonaws.com/ https://zeptojs.com/zepto.min.js https://*.doubleclick.net/ wss://ws.hotjar.com/ https://go2perseo.com https://affperformance.com/ https://ad.soicos.com; 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' platform.twitter.com www.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.twimg.com app.lassocrm.com *.googletagmanager.com *.cloudfront.net dl.episerver.net *.livechatinc.com *.google-analytics.com *.luckyorange.net bat.bing.com *.vo.msecnd.net *.cookielaw.org geolocation.onetrust.com *.addthis.com player.vimeo.com *.addthisedge.com *.moatads.com cdn.datatables.net cdnjs.cloudflare.com *.stripe.com *.typekit.net *.chatservice.co *.bankingbridge.com *.jquery.com *.youtube.com *.googleadservices.com *.doubleclick.net *.fontawesome.com *.clarity.ms *.luckyorange.com *.facebook.net https://pageimprove.io towntag.co https://js.monitor.azure.com *.hotjar.com *.marchex.io *.xg4ken.com *.zondavirtual.com *.simpli.fi *.syncfusion.com *.jsdelivr.net https://*.ggpht.com *.googleusercontent.com *.zaius.com *.fullstory.com https://gtm.centurycommunities.com *.ipify.org; style-src 'self' 'unsafe-inline' fonts.googleapis.com dl.episerver.net *.twitter.com *.twimg.com *.cloudfront.net maxcdn.bootstrapcdn.com cdn.datatables.net *.stripe.com *.typekit.net *.chatservice.co *.cloudflare.com *.jquery.com *.fontawesome.com *.jsdelivr.net *.luckyorange.com *.myfonts.net *.syncfusion.com; img-src 'self' data: www.google-analytics.com *.g.doubleclick.net *.gstatic.com *.googleapis.com *.twitter.com *.twimg.com *.youtube.com app.lassocrm.com *.cloudfront.net bat.bing.com *.google.com *.eliant.com *.stripe.com *.vimeocdn.com *.jquery.com *.googletagmanager.com *.vimeocdn.com *.clarity.ms *.bing.com *.facebook.com *.luckyorange.com *.livechatinc.com *.livechat-files.com *.livechat-static.com *.centurycommunities.com ttag.io *.rlcdn.com *.cookielaw.org *.agkn.com *.xg4ken.com *.googleusercontent.com *.zaius.com *.inspirehomeloans.com *.parkwaytitleco.com *.ihlinsurance.com *.livecentury.com example.com; connect-src 'self' *.google-analytics.com *.luckyorange.net *.visitors.live dc.services.visualstudio.com stats.g.doubleclick.net cdn.cookielaw.org *.googleapis.com in.visitors.live visitors.live ws: wss: api.livechatinc.com *.stripe.com *.episerver.net *.chatservice.co *.addthis.com *.bankingbridge.com *.onetrust.com *.bing.com *.vimeo.com *.luckyorange.com *.amazonaws.com *.mixpanel.com *.clarity.ms https://public-auth-dot-lucky-orange.appspot-preview.com *.facebook.com https://pageimprove.io *.hotjar.com *.google.com *.hotjar.io *.zondavirtual.com *.googlesyndication.com *.gstatic.com *.fullstory.com ipinfo.io https://gtm.centurycommunities.com; font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com *.typekit.net cdnjs.cloudflare.com *.amazonaws.com *.fontawesome.com *.googleapis.com *.livechatinc.com *.cloudfront.net *.jsdelivr.net; object-src 'none'; ; media-src 'self' *.cloudfront.net *.stripe.com *.livechatinc.com *.chatservice.co *.gstatic.com; frame-src platform.twitter.com *.google.com *.twitter.com *.youtube.com player.vimeo.com *.centurycommunities.com *.dxcloud.episerver.net *.livechatinc.com *.addthis.com *.stripe.com *.facebook.com *.matterport.com *.googletagmanager.com *.chatservice.co *.bankingbridge.com *.modsy.com *.doubleclick.net centurycommunities.jotform.com forms.centurycommunities.com *.my.matterport.com *.youtu.be https://youtu.be *.avochato.com *.zillow.com *.inspirehomeloans.com https://gtm.centurycommunities.com; frame-ancestors * 'self' *.modsy.com *.youtube.com https://youtu.be; worker-src * data: blob: wss: 'unsafe-eval' 'unsafe-inline' *.visitors.live *.stripe.com; 1
default-src https: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com data:; object-src 'none'; frame-ancestors 'none'; img-src data: https: 1
default-src https:; font-src * data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://www.clarity.ms https://www.googletagmanager.com https://snap.licdn.com https://connect.facebook.net https://*.hotjar.com https://*.cloudflare.com https://www.youtube.com https://www.googletagmanager.com https://analytics.tiktok.com https://bat.bing.com https://*.zoomengage.com https://static.zdassets.com https://connect.facebook.net https://*.cloudfront.net https://*.taboola.com https://googleads.g.doubleclick.net https://js.hsforms.net https://js.usemessages.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hsleadflows.net https://www.google-analytics.com https://js.hubspot.com https://static.addtoany.com https://cdn.enable.co.il https://cdn.livechatinc.com https://api.livechatinc.com https://www.gstatic.com https://www.google.com https://www.tiktok.com https://www.instagram.com https://www.coffeeripples.com https://lf16-tiktok-web.tiktokcdn-us.com https://assets.pinterest.com https://www.googleadservices.com https://www.drinkripples.com https://js.hs-scripts.com https://sf16-website-login.neutral.ttwstatic.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://www.coffeeripples.com https://sf16-website-login.neutral.ttwstatic.com; media-src * blob: data:; img-src * blob: data:; connect-src *; object-src *; 1
frame-ancestors 'self' https://bob.santanderbank.com https://shdwbob.santanderbank.com https://www.santanderbank.com https://rolb.santanderbank.com https://shdwrolb.santanderbank.com https://einsteincrm.sov.gs.corp https://shdweinsteincrm.sov.gs.corp http://bkoffice.sov.gs.corp https://networkofsavings.aaa.biz http://shdwbkoffice.sov.gs.corp; 1
upgrade-insecure-requests;block-all-mixed-content;default-src 'self' *.driftt.com;connect-src 'self' *.analytics.google.com *.doubleclick.net *.energage.com *.google-analytics.com *.googleapis.com *.hotjar.com *.linkedin.com *.salesloft.com *.yoast.com analytics.google.com api.typeform.com aorta.clickagy.com browser-intake-us3-datadoghq.com cdn.linkedin.oribi.io edge.fullstory.com geoip.cookieyes.com hemsync.clickagy.com ipapi.co *.osano.com rs.fullstory.com ws.zoominfo.com yoast.com;font-src 'self' data: *.bootstrapcdn.com *.energage.com fonts.googleapis.com fonts.gstatic.com;form-action 'self' *.calendly.com calendly.com go.pardot.com info.energage.com player.vimeo.com www.facebook.com;frame-ancestors 'self';frame-src 'self' *.adsrvr.org *.doubleclick.net *.driftt.com *.energage.com *.google.com *.greenhouse.io *.hotjar.com *.osano.com *.vimeo.com *.youtube.com app.essential-addons.com form.typeform.com hemsync.clickagy.com static.addtoany.com www.facebook.com www.g2.com;img-src 'self' data: * 'unsafe-eval' 'unsafe-inline' *.addthisedge.com *.calendly.com *.calendly.com *.calendly.com *.crocoblock.com *.doubleclick.net *.doubleclick.net *.energage.com *.facebook.com *.facebook.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.licdn.com *.linkedin.com *.moatads.com *.topworkplaces.com *.vimeocdn.com *.w.org calendly.com connect.facebook.net energage.com fonts.googleapis.com http://*.topworkplaces.com http://topworkplaces.com http://topworkplaces.com https://*.topworkplaces.com https://topworkplaces.com maxcdn.bootstrapcdn.com player.vimeo.com secure.gravatar.com topworkplaces.com www.google.com;object-src 'self' info.energage.com;script-src blob: http: https: 'self' 'unsafe-inline' 'unsafe-eval' *.addthisedge.com *.calendly.com *.cloudflare.com *.cloudfront.net *.datadoghq-browser-agent.com *.doubleclick.net *.driftt.com *.energage.com *.facebook.com *.fullstory.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.greenhouse.io *.gstatic.com *.hotjar.com *.licdn.com *.osano.com *.pardot.com *.salesloft.com ajax.googleapis.com calendly.com cdn.calltrk.com connect.facebook.net info.energage.com js.adsrvr.org maxcdn.bootstrapcdn.com platform.twitter.com player.vimeo.com static.addtoany.com tag.simpli.fi tags.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.googletagmanager.com;style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.cloudflare.com *.energage.com *.gstatic.com *.osano.com embed.typeform.com fonts.googleapis.com yoast.com;worker-src blob: *.osano.com *.energage.com; 1
frame-ancestors 'self' http://www.hellmanns.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://app.cartwire.co/CW_API 1
frame-ancestors 'self' https://online.hdisigorta.com.tr/; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hsforms.net https://www.clarity.ms *.bing.com *.callrail.com *.doubleclick.net *.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hs-scripts.com https://js.hs-analytics.net/ https://js.hs-banner.com/ https://js.hscollectedforms.net/ https://js.hs-scripts.com/ https://js.hsleadflows.net/ https://js.usemessages.com/ https://js.hsadspixel.net/ *.hubspot.com *.infusionsoft.app *.infusionsoft.com https://iptrack.io https://cdn.jsdelivr.net https://snap.licdn.com *.termly.io https://unpkg.com *.youtube.com *.vimeo.com *.whoisvisiting.com https://dynamicedgeinc.b-cdn.net; connect-src 'self' *.hsforms.com *.hubspot.com *.hscollectedforms.net https://hubspot-forms-static-embed.s3.amazonaws.com *.hubapi.com *.bing.com *.clarity.ms *.googlesyndication.com *.linkedin.com analytics.google.com cdn.linkedin.oribi.io *.callrail.com *.doubleclick.net *.google-analytics.com *.termly.io https://yoast.com *.wp-html-mail.com; img-src 'self' *.hsforms.com *.hubspot.com *.hsappstatic.net https://p.adsymptotic.com/ https://c.clarity.ms/ *.bing.com *.fbcdn.net *.facebook.com *.google.com *.google-analytics.com *.googletagmanager.com *.gravatar.com *.infusionsoft.app *.linkedin.com *.thememylogin.com *.w.org *.whoisvisiting.com *.wp-html-mail.com https://rlv.zcache.com https://dynamicedgeinc.b-cdn.net https://i.ytimg.com https://googleads.g.doubleclick.net data:; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.googleapis.com https://dynamicedgeinc.b-cdn.net; base-uri 'self'; form-action 'self' https://analytics.wponlinesupport.com https://www.facebook.com https://forms.hsforms.com *.infusionsoft.com *.infusionsoft.app *.salesforce.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.gstatic.com https://dynamicedgeinc.b-cdn.net data:; frame-src 'self' https://forms.hsforms.com *.doubleclick.net *.facebook.com *.google.com *.hsappstatic.net *.hubspot.com *.infusionsoft.app *.termly.io *.vimeo.com *.youtube.com *.youtube-nocookie.com; 1
base-uri 'self'; default-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.projuris.com.br https://cdn.jsdelivr.net https://www.google.com https://www.googletagmanager.com https://connect.facebook.net https://www.googleadservices.com https://px.ads.linkedin.com https://cdn.jotfor.ms https://form.jotform.com https://cdn.neurologic.com.br https://app.leadster.com.br https://www.clickcease.com https://*.cloudflare.com https://*.google-analytics.com https://*.cloudfront.net https://fonts.googleapis.com https://www.googletagmanager.com https://code.jquery.com https://visualwebsiteoptimizer.com https://app.vwo.com; img-src 'self' blob: data: https://cdn-s3.callpage.io https://*.omappapi.com https://i.ytimg.com https://wp.stories.google https://www.gstatic.com https://eye.rd.services https://*.ads.linkedin.com https://bat.bing.com https://www.google.com.br https://www.facebook.com https://lipis.github.io https://*.projuris.com.br https://secure.gravatar.com https://ps.w.org https://app.leadster.com.br https://cdn.neurologic.com.br https://storage.googleapis.com https://www.google.com https://*.cloudflare.com https://*.cloudfront.net https://*.google-analytics.com https://forms.hsforms.com https://track.hubspot.com https://www.linkedin.com https://*.hsforms.com https://*.googletagmanager.com https://*.doubleclick.net https://*.googleadservices.com https://analytics.twitter.com https://t.co https://blog.sajadv.com.br/ https://c.clarity.ms/ https://c.bing.com/ https://cdn.positus.global/ https://cta-service-cms2.hubspot.com/ https://static.hubspot.com/ https://static.hsappstatic.net/ https://dev.visualwebsiteoptimizer.com/ https://visualwebsiteoptimizer.com https://chart.googleapis.com https://app.vwo.com https://no-cache.hubspot.com; style-src 'self' https://cdn.ampproject.org https://cdn-widget.callpage.io https://*.omappapi.com https://optimize.google.com https://stackpath.bootstrapcdn.com https://*.cloudflare.com https://*.projuris.com.br https://maxcdn.bootstrapcdn.com https://cdn.positus.global https://k3v2w4q6.stackpathcdn.com 'unsafe-inline' https://fonts.googleapis.com https://visualwebsiteoptimizer.com https://app.vwo.com; font-src 'self' data: https://cdnjs.cloudflare.com https://*.omappapi.com https://use.typekit.net https://*.projuris.com.br https://fonts.googleapis.com https://fonts.gstatic.com https://themes.googleusercontent.com https://maxcdn.bootstrapcdn.com https://js.hs-banner.com/; frame-src 'self' https://app.getdemo.com.br https://www.youtube-nocookie.com https://anchor.fm https://open.spotify.com https://vars.hotjar.com https://app.vooozer.com https://bid.g.doubleclick.net https://submit.jotform.com https://form.jotform.com https://go.vooozer.com https://*.soundcloud.com https://*.projuris.com.br https://www.youtube.com https://www.facebook.com https://s-static.ak.facebook.com https://*.google.com https://forms.hsforms.com https://app.hubspot.com/ https://podcasters.spotify.com https://sajadv.chat.blip.ai/ https://td.doubleclick.net/ https://22474960.hs-sites.com/ https://app.vwo.com https://visualwebsiteoptimizer.com; frame-ancestors 'self' https://*.projuris.com.br; connect-src 'self' https://www.google.com.br https://*.callpage.io https://*.omappapi.com https://cdnjs.cloudflare.com https://us-central1-amp-error-reporting.cloudfunctions.net https://cdn.ampproject.org https://gyruss.rdops.systems wss://*.hotjar.com https://demo.theme.co https://*.hotjar.io https://*.hotjar.com https://bat.bing.com https://monitor.clickcease.com https://www.facebook.com https://app.leadster.com.br https://app.neurologic.com.br https://stats.g.doubleclick.net https://*.google-analytics.com https://*.rdstation.com.br https://cdn.linkedin.oribi.io https://api.hubapi.com https://forms.hubspot.com https://api.hubapi.com https://forms.hsforms.com https://*.clarity.ms https://*.hscollectedforms.net https://www.googletagmanager.com https://ampcid.google.com https://ampcid.google.com.br https://js.hs-banner.com https://api.hubspot.com https://my.yoast.com/ https://analytics.google.com/ https://cta-service-cms2.hubspot.com/ https://pagead2.googlesyndication.com/ https://qeryz.com/ https://px.ads.linkedin.com/ https://dev.visualwebsiteoptimizer.com/ https://visualwebsiteoptimizer.com https://app.vwo.com; object-src 'none'; media-src 'self' https://cdn-widget.callpage.io https://*.projuris.com.br; worker-src 'self' blob: https://*.projuris.com.br; script-src-elem 'self' 'unsafe-inline' data: https://www.gstatic.com https://cdn-widget.callpage.io https://*.omappapi.com https://cdn.ampproject.org https://www.youtube.com https://w.soundcloud.com https://panel.safetymails.com https://www.googleoptimize.com https://*.hotjar.com https://*.google.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googleadservices.com https://cdn.neurologic.com.br  https://connect.facebook.net https://*.cloudfront.net https://cdn.jsdelivr.net https://px.ads.linkedin.com https://cdn.jotfor.ms https://form.jotform.com https://app.leadster.com.br https://www.clickcease.com https://*.cloudflare.com https://*.google-analytics.com https://fonts.googleapis.com https://*.projuris.com.br https://js.hs-scripts.com https://snap.licdn.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hs-banner.com https://forms.hubspot.com https://forms.hsforms.com https://api.hubapi.com https://js.hs-analytics.net https://js.hsforms.net https://*.clarity.ms https://js.usemessages.com https://unpkg.com/blip-chat-widget https://yoast.com/ https://js.hubspot.com/ https://js.hsleadflows.net/ https://assets.qeryz.net/ https://code.jquery.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://visualwebsiteoptimizer.com 1
upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://internetcomputer.matomo.cloud https://cdn.matomo.cloud https://widget.kapa.ai https://www.google.com https://www.gstatic.com;connect-src 'self' https://*.ic0.app https://ic0.app https://icp0.io https://*.icp0.io https://internetcomputer.matomo.cloud https://cdn.matomo.cloud ic-api.internetcomputer.org icrc-api.internetcomputer.org mxzaz-hqaaa-aaaar-qaada-cai.raw.ic0.app https://data.jsdelivr.com https://cdn.jsdelivr.net https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app;img-src 'self' data: https:;style-src * 'unsafe-inline';style-src-elem * 'unsafe-inline';font-src * data:;object-src 'none';base-uri 'self';frame-src https://motoko.agorapp.dev https://www.google.com https://internetcomputer.matomo.cloud https://www.youtube.com;frame-ancestors https://internetcomputer.matomo.cloud;form-action 'self' https://dfinity.us16.list-manage.com https://internetcomputer.org;upgrade-insecure-requests; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://accounts.google.com https://apikeys.civiccomputing.com https://cc.cdn.civiccomputing.com https://cdnjs.cloudflare.com https://connect.facebook.net https://optimize.google.com https://snap.licdn.com https://www.civicuk.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.googletagmanager.com; object-src 'self'; frame-ancestors 'self'; child-src https://s2.chorus-mk.thirdlight.com/ https://tools.eurolandir.com/ https://www.linkedin.com/ https://www.petrofac.com/ https://www.youtube.com/; frame-src https://www.google.com/ https://s2.chorus-mk.thirdlight.com/ https://s3.chorus-mk.thirdlight.com/ https://s4.chorus-mk.thirdlight.com/ https://www.buzzsprout.com/ https://open.spotify.com/ https://tools.eurolandir.com/ https://www.linkedin.com/ https://www.petrofac.com/ https://www.youtube.com/ www.googletagmanager.com https://optimize.google.com; img-src 'self' storage.googleapis.com https://p.adsymptotic.com https://www.gstatic.com https://dc.ads.linkedin.com https://px.ads.linkedin.com https://www.facebook.com https://optimize.google.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; 1
default-src 'self'; script-src 'self' https://tag.perfmaker.net/ https://data.perfmaker.net/ https://csplite.com https://tpc.googlesyndication.com https://js.adsrvr.org https://secure.adnxs.com http://89.185.38.89:6080 https://the.sciencebehindecommerce.com https://zenaps.com https://www.awin1.com https://www.dwin1.com https://wepowerconnections.com https://api.mapbox.com https://tracking.publicidees.com https://u.logbor.com https://unpkg.com https://use.fontawesome.com https://cdn.tagcommander.com https://cdn.jsdelivr.net https://cdn.cookielaw.org https://connect.facebook.net https://www.googletagmanager.com https://tag.aticdn.net https://widget.trustpilot.com https://googleads.g.doubleclick.net https://www.googleadservices.com blob: 'unsafe-inline'; connect-src 'self' https://tag.perfmaker.net/ https://data.perfmaker.net/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://pagead2.googlesyndication.com https://collect.commander1.com https://www.google.com https://adservice.google.com https://zeta.fulli.com https://events-phoenix.commander1.com https://www.wepowerconnections.com https://the.sciencebehindecommerce.com https://ecplus-bo-api.aprr.fr https://cdn.cookielaw.org https://geolocation.onetrust.com https://logs1412.xiti.com https://privacyportal-eu.onetrust.com https://www.facebook.com https://google.com; img-src 'self' https://www.the.sciencebehindecommerce.com https://www.zenaps.com https://www.awin1.com https://www.dwin1.com https://www.wepowerconnections.com https://www.googletagmanager.com https://ecplus-bo-api.aprr.fr https://*.unsplash.com https://cdn.cookielaw.org https://manager.tagcommander.com https://www.facebook.com https://*.tile.openstreetmap.org https://www.google.com https://www.google.fr https://www.googleadservices.com https://googleads.g.doubleclick.net data:; frame-src 'self' https://tag.perfmaker.net/ https://data.perfmaker.net/ https://td.doubleclick.net https://www.youtube.com https://widget.trustpilot.com https://publicatorbrands.qualifioapp.com https://insight.adsrvr.org https://13299567.fls.doubleclick.net https://www.awin1.com https://tracking.publicidees.com https://www.google.com https://fi.aprr.fr https://fi.aprr.fr/ https://fonts.gstatic.com https://route.kiwhipass.fr https://www.facebook.com; style-src 'self' https://tag.perfmaker.net/ https://data.perfmaker.net/ https://api.mapbox.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://logs1412.xiti.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com 1
frame-ancestors 'self' *.gomarquis.com *.zagclients.net 1
frame-ancestors 'self' https://www.zoetispetcare.com/ https://z-virtualbooth.com/ https://www.z-virtualbooth.com/ https://z-virtualbooth.com/nav-panels/2022-aaep/aaep/aaep.html/ https://service.force.com/ https://zoetis-us.secure.force.com/ https://touchpointeca.my.salesforce-sites.com/ https://service.force.com/embeddedservice/5.0/esw.min.css https://zoetis-us.secure.force.com/zoey/resource/ChatStyle https://zoetis-us.secure.force.com/zoey/embeddedService/sidebarApp.app https://www.z-virtualbooth.com/nav/dx/index.html 1
default-src 'self';frame-ancestors 'self';object-src 'none' ;child-src 'self' https://cloud.typography.com;frame-src 'self' https://athora.recruitee.com https://consentcdn.cookiebot.com https://vivat3.recruitee.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com;connect-src 'self' https://dc.services.visualstudio.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://consentcdn.cookiebot.com https://*.applicationinsights.azure.com;font-src 'self' data: data: https://fonts.gstatic.com;img-src 'self' data: data: https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.gstatic.com https://i.ytimg.com https://imgsct.cookiebot.com https://ssl.gstatic.com https://www.gstatic.com;script-src 'self' 'strict-dynamic' 'nonce-LSr1MDw8NRhTcVtxnSGlqFcC' data: data: https://*.googletagmanager.com https://az416426.vo.msecnd.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.google-analytics.com https://www.youtube.com https://*.monitor.azure.com;style-src 'unsafe-inline' https://cloud.typography.com https://fonts.googleapis.com https://tagmanager.google.com https://www.athora.nl https://www.googletagmanager.com; 1
default-src 'self'; img-src 'self' data: data.pendo.io cdn.pendo.io pendo-static-6212581127946240.storage.googleapis.com app.pendo.io; style-src 'self' 'unsafe-inline' pendo-io-static.storage.googleapis.com pendo-static-6212581127946240.storage.googleapis.com app.pendo.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.pendo.io pendo-io-static.storage.googleapis.com pendo-static-6212581127946240.storage.googleapis.com data.pendo.io app.pendo.io cdnjs.cloudflare.com js-agent.newrelic.com; connect-src 'self' bam.nr-data.net data.pendo.io pendo-static-6212581127946240.storage.googleapis.com app.pendo.io; frame-src 'self' app.pendo.io *.uniteustraining.com *.uniteus.io *.rma.healthcare; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline';connect-src 'self' ws:;img-src 'self' data: 1
connect-src 'self' https://brave.com; default-src 'none'; font-src 'self' data:; frame-ancestors 'self'; frame-src 'self' https://player.vimeo.com; img-src 'self' data: https://analytics.basicattentiontoken.org; script-src 'self' https://analytics.basicattentiontoken.org; style-src 'self' 'unsafe-inline' 1
upgrade-insecure-requests; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https: ; style-src 'report-sample' 'self' 'unsafe-inline' *; style-src-elem 'report-sample' 'self' 'unsafe-inline' *; base-uri 'self' *; connect-src 'self' * ; font-src 'self' * ; frame-src 'self' * ; img-src 'self' blob: data: * ; manifest-src 'self'; media-src 'self' *; worker-src *; 1
default-src 'self';report-uri https://sentry.ladderlife.com/api/5/security/?sentry_key=256f94429c2e43ef8fadcb036d4c7e92 ;manifest-src https://ddw3p1oh0ex89.cloudfront.net;script-src https://*.adroll.com https://*.facebook.net https://sdk.twilio.com https://cdn.humanapi.co/ https://ekr.zendesk.com 'sha256-c7M5EaJ4WdOCgAf4VR5PNAIx8Tfot/Q3Nsu8lkLFXlU=' https://static.zdassets.com https://cdn.jsdelivr.net/fingerprintjs2/1.5.1/fingerprint2.min.js 'sha256-28pWGDRYnND+KcXkQSsC8a7TlpIi4HPpfQ4OvqTUNY8=' https://*.zopim.com 'sha256-ZKu42s6NuuaVSSaKshRcJFOs1ctAeLMINp2+/JEaBWM=' https://*.linkedin.com/ https://ddw3p1oh0ex89.cloudfront.net https://*.adnxs.com/ https://www.googletagmanager.com https://*.twitter.com https://app.getsentry.com https://*.g.doubleclick.net https://maps.googleapis.com https://*.plaid.com wss://ladderlife.zendesk.com https://cdn.pbbl.co https://*.googlesyndication.com https://ads.nextdoor.com/public/pixel/ndp.js https://collector-9169.us.tvsquared.com/tv2track.js 'sha256-+9xfK56z1o8LjCn+r6aZvibnWQ4slrvpI04piONRQ5U=' 'sha256-I4sssOimP4aqQ3guQTL1/GuKKN/qcNxjkHE09MYMLQA=' https://www.google-analytics.com/analytics.js https://*.bizographics.com/ https://*.newrelic.com https://ekr.zdassets.com https://bam.nr-data.net https://www.google.com https://qp.delty.io/q1/HdwFxDxD.js https://zendesk-eu.my.sentry.io https://cdn.cookielaw.org/scripttemplates/ wss://api.smooch.io 'sha256-Od08hzv9y6Vx8fH7Kz8bVZJpiAMT3DkJyoEjYXh4t50=' 'sha256-EhImtpQrxfrzkUueM3popkaGrI5KZmBuHLwfmTZTphA=' https://*.bing.com 'sha256-lpUhVVDo2EzRH5vTU08BulB+rpSke0YpGJ6ZmllJNys=' https://api.smooch.io https://qp.delty.io/q1/t/client.min.js https://media.smooch.io https://static.ads-twitter.com/uwt.js https://*.licdn.com/ 'sha256-a9K368kgMI7sk9t0Bk3PLOztxYxCDfIYzxgb6aA1dEg=' https://ladderlife.zendesk.com wss://voice-js.roaming.twilio.com 'sha256-LROnOwSP0gZe2prEj+944RV8WJ3wSYUdpLr1amrGxFE=' https://*.googleadservices.com https://*.stripe.com https://eventgw.*.twilio.com;child-src https://*.fls.doubleclick.net/ https://www.ladderlife.com https://*.choicescreening.com https://*.facebook.com https://www.youtube.com https://*.twitter.com https://*.g.doubleclick.net https://*.plaid.com https://track.adform.net https://*.googlesyndication.com https://www.emjcd.com https://connect.facebook.net https://hapi-connect.humanapi.co https://*.stripe.com;frame-src https://*.fls.doubleclick.net/ https://www.ladderlife.com https://*.choicescreening.com https://*.facebook.com https://www.youtube.com https://*.twitter.com https://*.g.doubleclick.net https://*.plaid.com https://track.adform.net https://*.googlesyndication.com https://www.emjcd.com https://connect.facebook.net https://hapi-connect.humanapi.co https://*.stripe.com;style-src https://ddw3p1oh0ex89.cloudfront.net https://fonts.googleapis.com 'unsafe-inline';media-src https://static.zdassets.com https://*.zopim.com https://ddw3p1oh0ex89.cloudfront.net;img-src https://static.zdassets.com https://ddw3p1oh0ex89.cloudfront.net https: data: blob: https://accounts.zendesk.com https://*.zdusercontent.com https://media.smooch.io https://ladderlife.zendesk.com 'self';font-src https://*.zopim.com https://ddw3p1oh0ex89.cloudfront.net data: https://fonts.gstatic.com;connect-src https://www.google-analytics.com/ https://ekr.zendesk.com https://adservice.google.com https://eng.trkcnv.com/postBack https://*.zopim.com https://ddw3p1oh0ex89.cloudfront.net https://api.segment.io https://*.twitter.com https://maps.googleapis.com https://*.google.com https://www.facebook.com wss://ladderlife.zendesk.com https://stats.g.doubleclick.net/ https://*.googlesyndication.com https://ekr.zdassets.com https://cdn.cookielaw.org/ https://bam.nr-data.net https://www.google.com https://geolocation.onetrust.com/ https://*.bing.com https://stripe.com https://sentry.ladderlife.com wss://*.zopim.com https://ladderlife.zendesk.com https://fonts.googleapis.com https://out.stashinvest.com/event https://*.stripe.com 'self' https://privacyportal.onetrust.com/;frame-ancestors https://banking.radiusbank.com/ https://*.lendingclub.com/; 1
font-src 'self' https://fonts.wpcdn.pl data:; media-src 'self' https://hmbk.wpcdn.pl; object-src 'none' 1
default-src 'self' 'unsafe-inline' eonsn.ro; 1
default-src 'unsafe-inline' https://www.youtube.com/ https://cmp.osano.com https://consent.api.osano.com/ https://tattle.api.osano.com https://mosaicco.com https://www.mosaicco.com https://admin.mosaicco.com  https://cdn.jsdelivr.net https://s.tradingview.com/ https://www.tradingview-widget.com/ https://s3.tradingview.com/external-embedding/embed-widget-single-quote.js https://www.googletagmanager.com/gtag/js https://unpkg.com/aos@next/dist/aos.js https://www.google-analytics.com/; object-src 'unsafe-inline' https://cmp.osano.com https://consent.api.osano.com/ https://tattle.api.osano.com https://mosaicco.com https://www.mosaicco.com https://admin.mosaicco.com  https://cdn.jsdelivr.net https://s.tradingview.com/ https://s3.tradingview.com/external-embedding/embed-widget-single-quote.js https://www.googletagmanager.com/gtag/js https://unpkg.com/aos@next/dist/aos.js https://www.google-analytics.com/;  script-src blob: 'unsafe-inline' 'unsafe-eval' https://cmp.osano.com https://consent.api.osano.com/ https://tattle.api.osano.com https://mosaicco.com https://www.mosaicco.com https://admin.mosaicco.com  https://cdn.jsdelivr.net https://s.tradingview.com/ https://s3.tradingview.com/external-embedding/embed-widget-single-quote.js https://www.googletagmanager.com/gtag/js https://unpkg.com/aos@next/dist/aos.js https://www.google-analytics.com/; img-src data: https://* 1
default-src 'self' https://experience.instilled.com https://www.facebook.com https://w.soundcloud.com http://www.ltgplc.com https://go.ltgplc.com https://go.openlms.net https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://go.pardot.com https://js.driftt.com https://cdn4.mxpnl.com https://vars.hotjar.com https://optimize.google.com;script-src-elem 'self' 'unsafe-inline' https://connect.facebook.net https://cdn.inspectlet.com https://s.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com https://w.soundcloud.com https://go.openlms.net https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com https://player.vimeo.com https://js.driftt.com https://snap.licdn.com https://cdn4.mxpnl.com https://static.hotjar.com https://script.hotjar.com https://optimize.google.com https://lltrck.com https://www.clarity.ms https://www.googleoptimize.com https://pi.pardot.com https://www.clickcease.com https://monitor.clickcease.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://zippyfrog.co https://*.cheekybranding.com https://ob.esnbranding.com https://obs.esnbranding.com https://*.visualwebsiteoptimizer.com https://app.vwo.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com https://s.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com https://cdn.inspectlet.com https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://go.openlms.net https://go.ltgplc.com https://player.vimeo.com https://js.driftt.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://pi.pardot.com https://www.clickcease.com https://monitor.clickcease.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.cheekybranding.com https://ob.esnbranding.com https://obs.esnbranding.com https://*.visualwebsiteoptimizer.com https://app.vwo.com;font-src 'self' data: https://fonts.gstatic.com https://optimize.google.com;style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://optimize.google.com https://*.visualwebsiteoptimizer.com https://app.vwo.com;img-src 'self' data: https://www.googletagmanager.com https://t.co https://cdn.sanity.io https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com https://optimize.google.com https://www.googletagmanager.com https://lltrck.com https://p.adsymptotic.com https://px4.ads.linkedin.com https://c.clarity.ms *.google-analytics.com *.analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.cheekybranding.com https://obs.esnbranding.com https://*.visualwebsiteoptimizer.com https://chart.googleapis.com https://app.vwo.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat;media-src 'self' data: https://cdn.sanity.io https://js.driftt.com;connect-src 'self' https://nosafynr.api.sanity.io https://s.ytimg.com wss://ws.inspectlet.com https://cdn.inspectlet.com/ https://www.googleadservices.com https://sjs.bizographics.com https://static.ads-twitter.com https://go.openlms.net https://use.typekit.net/ https://www.google-analytics.com https://stats.g.doubleclick.net https://hn.inspectlet.com https://cdn.sanity.io https://vimeo.com https://js.driftt.com http://*.mixpanel.com http://cdn.mixpanel.com https://*.mixpanel.com https://cdn.mixpanel.com https://api-js.mixpanel.com https://in.hotjar.com wss://ws18.hotjar.com https://ws18.hotjar.com www.googleapis.com https://*.algolianet.com https://*.algolia.net https://ws25.hotjar.com/ https://cdn.segment.com wss://ws11.hotjar.com https://ws11.hotjar.com https://e.clarity.ms wss://ws41.hotjar.com https://ws41.hotjar.com https://region1.google-analytics.com *.google-analytics.com *.analytics.google.com  https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://monitor.clickcease.com https://www.clickcease.com https://*.google.com https://analytics.google.com https://cdn.linkedin.oribi.io https://*.cheekybranding.com https://px.ads.linkedin.com https://ob.esnbranding.com https://obs.esnbranding.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com;prefetch-src 'self' https://go.openlms.net https://www.googletagmanager.com https://www.google-analytics.com;frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://js.driftt.com https://go.ltgplc.com  https://go.openlms.net https://vars.hotjar.com https://weareclasstech.wistia.com https://optimize.google.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://app.vwo.com 1
frame-ancestors 'self' https://orise.orau.gov https://npp.orau.org https://*.orau.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.readwhere.app *.readwhere.com *.cloudflare.com  *.bootstrapcdn.com  *.googletagmanager.com *.gstatic.com *.facebook.net *.twitter.com googleads.g.doubleclick.net *.doubleclick.net *.rwadx.com *.google.com *.google.co.in *.facebook.com *.epapr.in static.xx.fbcdn.net scontent.fdel72-1.fna.fbcdn.net *.google-analytics.com use.fontawesome.com *.pinterest.com *.jquery.com *.cloudfront.net *.googleapis.com data: sb.scorecardresearch.com *.googlesyndication.com 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors * data: blob: ; 1
default-src 'none'; block-all-mixed-content; upgrade-insecure-requests; base-uri 'self'; connect-src 'self' *.hotjar.com *.analytics.google.com *.mktoresp.com *.snapchat.com *.pinterest.com *.facebook.com adservice.google.com *.kampyle.com amp-error-reporting.appspot.com *.sentry.io *.adobedtm.com *.essent.nl *.innogynederland.nl *.google-analytics.com sentry.io *.demdex.net bat.bing.com *.nr-data.net essent.tt.omtrdc.net *.contentsquare.net *.iadvize.com wss://*.iadvize.com *.membergetmember.co www.google.com/pagead/ *.doubleclick.net *.amazonaws.com *.qualtrics.com api.presspage.com; font-src 'self' *.essent.nl *.innogynederland.nl fonts.gstatic.com *.iadvize.com *.presspage.com; form-action 'self' tr.snapchat.com/cm/i tr.snapchat.com/p www.facebook.com/tr/ *.qualtrics.com *.online-huisscan.nl; frame-src *.facebook.com *.kampyle.com tr.snapchat.com *.essent.nl www.youtube-nocookie.com www.youtube.com *.doubleclick.net *.demdex.net *.iadvize.com *.pinterest.com bid.g.dblclick.net *.zonatlas.nl *.tetraeder.com  www.google.com *.qualtrics.com; frame-ancestors 'self'; img-src 'self' data: blob: *.s3.eu-central-1.amazonaws.com analytics.twitter.com www.googletagmanager.com *.googleadservices.com www.google.at www.google.no www.google.co.id www.google.pl www.google.pt www.google.gr www.google.it www.google.com.tr www.google.co.uk www.google.se www.google.be www.google.com www.google.de www.google.nl www.google.es www.google.fr t.co dpm.demdex.net cm.everesttech.net www.google.fr www.google.es www.google.nl www.google.de www.google.ie cx.atdmt.com *.kampyle.com searchrys.com bat.bing.com www.facebook.com *.essent.nl *.innogynederland.nl *.google-analytics.com *.analytics.google.com www.google.com *.doubleclick.net www.googletagmanager.com px.ads.linkedin.com/collect www.linkedin.com/px/ www.gstatic.com/images/branding lt45.net ds1.nl *.iadvize.com ct.pinterest.com *.contentsquare.net *.qualtrics.com *.presspage.com; object-src 'self' *.essent.nl *.innogynederland.nl; script-src 'unsafe-inline' bat.bing.com s.pinimg.com *.googleadservices.com *.doubleclick.net www.google.com snap.licdn.com searchrys.com *.kampyle.com assets.adobedtm.com www.essent.nl *.essent.nl cdn.ampproject.org *.innogynederland.nl www.google-analytics.com www.googletagmanager.com *.facebook.net *.ads-twitter.com *.iadvize.com *.contentsquare.net *.contentsquare.com *.membergetmember.co www.gstatic.com *.qualtrics.com *.presspage.com; style-src 'self' *.essent.nl *.innogynederland.nl fonts.googleapis.com *.iadvize.com *.contentsquare.net *.presspage.com 'unsafe-inline'; child-src blob:; worker-src blob:; 1
frame-ancestors 'self' https://orau.org https://www.orau.org https://npp.orau.org https://*.orau.net 1
default-src 'self' ; img-src https://*.paynimo.com 'self'; script-src https://*.paynimo.com https://*.jquery.com 'self' 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: filesystem:; style-src https://*.paynimo.com 'self' data: chrome-extension-resource: 'unsafe-inline'; img-src https://*.paynimo.com 'self' data: chrome-extension-resource:; frame-src https://*.paynimo.com 'self' data: chrome-extension-resource:; font-src https://*.paynimo.com 'self' data: chrome-extension-resource:; media-src https://*.paynimo.com * data: blob: filesystem:; 1
script-src 'self' https://js.hubspot.com/ https://static.cloudflareinsights.com/ https://www.gstatic.com/recaptcha/releases/ *.googleadservices.com *.googleapis.com *.typekit.net *.bootstrapcdn.com *.google-analytics.com *.informz.net static.zdassets.com pod-27.zendesk.com *.trustarc.com *.feathr.co *.livechatinc.com *.zdassets.com *.googletagmanager.com *.pardot.com *.licdn.com *.ads-twitter.com *.twitter.com *.hotjar.com *.facebook.net *.hs-scripts.com *.youtube.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.doubleclick.net *.addthis.com *.google.com *.googlesyndication.com code.jquery.com players.brightcove.net *.moatads.com *.addthisedge.com *.googletagservices.com afp.informz.net googletagservices.com s7.addthis.com tableau.com *.hsforms.net https://js.usemessages.com/conversations-embed.js 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://forms.hsforms.com/ https://app.keysurvey.com/f/41660076/3f4c/ https://financeandaccountantcareers.com/ https://www.mfamonitor.com/ https://consent-pref.trustarc.com/ https://www.keysurvey.com public.tableau.com consent.trustarc.com *.doubleclick.net *.hotjar.com *.addthis.com *.youtube.com *.hapyak.com blueprint.freeman.com *.ceros.com players.brightcove.net *.safeframe.googlesyndication.com *.googlesyndication.com *.google.com *.libsyn.com https://videos.insightpath.io/ https://app.hubspot.com/ https://www.opinionstage.com/; object-src 'self' 1
default-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://mycliplister.com  https://*.mycliplister.com  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  data:  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://sicherheitsdatenblatt.lidl.at; img-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.mycliplister.com  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.googleadservices.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.creativecdn.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://c1.adform.net  https://ce.lijit.com  https://criteo-partners.tremorhub.com  https://*.teads.tv  https://dpm.demdex.net  https://e1.emxdgt.com  https://eb2.3lift.com  https://exchange.mediavine.com  https://hb.yahoo.net  https://id5-sync.com  https://jadserve.postrelease.com  https://matching.ivitrack.com  https://pixel.rubiconproject.com  https://*.casalemedia.com  https://sync-criteo.ads.yieldmo.com  https://sync.1rx.io  https://rt.udmserve.net  https://ssc-cms.33across.com  https://ads.yieldmo.com  https://s.seedtag.com  https://sync.go.sonobi.com  https://fast.nexx360.io  https://*.upe.schwarz  'unsafe-inline'  https://*.adyen.com  data:; object-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'; script-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.segment.com https://unpkg.com https://*.onfido.com https://sentry.io https://*.livechatinc.com https://*.safecharge.com https://*.betty.ca https://*.facebook.net https://*.hotjar.com https://*.adform.net https://*.smartico.ai https://www.googletagmanager.com https://*.criteo.com https://*.criteo.net;connect-src * 'self' data: blob: https://*.onfido.com wss://*.onfido.com https://sentry.io https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.bg https://*.analytics.google.bg https://*.google-analytics.ca https://*.analytics.google.ca https://*.smartico.ai;img-src 'self' data: blob: *.betty.ca https://*.cloudfront.net https://*.amazonaws.com https://flagcdn.com/ https://*.onfido.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.bg https://*.analytics.google.bg https://*.google-analytics.ca https://*.analytics.google.ca https://*.safecharge.com https://*.facebook.com https://*.seadform.net https://*.smartico.ai https://*.criteo.com;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.onfido.com https://*.safecharge.com https://*.smartico.ai;base-uri 'self';form-action 'self';font-src 'self' data: 'unsafe-inline' https://*.gstatic.com https://*.livechatinc.com;frame-src * 'self' data: blob: 'unsafe-inline' https://*.criteo.com https://*.criteo.net;frame-ancestors 'self' *.betty.ca betty.ca;media-src * blob: https://*.onfido.com;manifest-src *;worker-src * blob:;object-src * 'self' blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; object-src 'none'; style-src 'self' 'unsafe-inline' https:; img-src https: data: blob:; frame-src unit4.com *.unit4.com *.adsrvr.org vars.hotjar.com *.driftt.com *.drift.com *.reactful.com unit4.valuestoryapp.com player.vimeo.com vimeo.com www.googletagmanager.com m.youtube.com *.opendns.com gateway.zscloud.net mozbar.moz.com notify.bluecoat.com internetbaik.telkomsel.com *.6sense.com youtube.com www.youtube.com; child-src unit4.com *.unit4.com *.adsrvr.org vars.hotjar.com *.driftt.com *.drift.com *.reactful.com unit4.valuestoryapp.com player.vimeo.com vimeo.com www.googletagmanager.com m.youtube.com *.opendns.com gateway.zscloud.net mozbar.moz.com notify.bluecoat.com internetbaik.telkomsel.com *.6sense.com youtube.com www.youtube.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' https://google.com https://googletagmanager.com https://b.yjtag.jp https://youtube.com 1
default-src 'none'; script-src 'self' 'unsafe-eval' https://community.cryptomator.org/ https://js.stripe.com/ https://*.paddle.com/ https://www.google.com/ https://www.gstatic.com/; style-src 'self' 'unsafe-inline' https://*.paddle.com/; img-src 'self' data: https://static.cryptomator.org/ https://i.ytimg.com/ https://*.paddle.com/ https://paddle.s3.amazonaws.com/; connect-src 'self' https://api.cryptomator.org/ https://store.cryptomator.org/; font-src 'self'; media-src https://static.cryptomator.org/; frame-src https://community.cryptomator.org/ https://www.youtube-nocookie.com/ https://js.stripe.com/ https://*.paddle.com/ https://www.google.com/; base-uri 'self'; form-action 'self' https://www.paypal.com/ https://www.coinpayments.net/; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com; style-src 'self' 'unsafe-inline' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com https://fonts.googleapis.com https://*.hotjar.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.klarnaservices.com https://*.klarnacdn.net https://static.garmincdn.com/support-chat-widget/chatWidget-v1.3.1.js https://product-gallery.cloudinary.com https://res.cloudinary.com https://*.pinimg.com https://*.linksynergy.com https://*.googlesyndication.com 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://ajax.googleapis.com https://static.garmincdn.com https://www.google.com https://cdn.appdynamics.com https://www.gstatic.com https://prefmgr-cookie.truste-svc.net https://tags.tiqcdn.com https://*.tealiumiq.com https://deploytealium.com https://analytics.google.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.cloudflare.com https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://static.cloudflareinsights.com *.hotjar.com *.hotjar.io https://www.googletagmanager.com https://optimize.google.com https://*.googleapis.com https://cse.google.com https://www.youtube.com  https://static.ads-twitter.com https://s.yimg.jp https://cdn.taboola.com https://trc.taboola.com https://d.line-scdn.net https://cdn.smartnews-ads.com https://*.yahoo.co.jp https://c.amazon-adsystem.com; connect-src 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com https://*.googleapis.com https://csp.withgoogle.com https://analytics-api-s.cloudinary.com https://pagead2.googlesyndication.com https://*.algolia.net https://*.algolianet.com https://pips.taboola.com https://cds.taboola.com https://trc-events.taboola.com https://www.facebook.com https://am.yahoo.co.jp https://psb.taboola.com https://s.amazon-adsystem.com https://ara.paa-reporting-advertising.amazon; font-src 'self' data: *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com; img-src https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://i.ytimg.com 'self' data: *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://www.google.co.uk https://prefmgr-cookie.truste-svc.net https://res.cloudinary.com https://*.hotjar.com https://www.google.com.tw https://tr.line.me https://www.facebook.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://t.co https://analytics.twitter.com https://*.smartnews-ads.com https://*.yahoo.co.jp; frame-src https://www.youtube.com https://*.doubleclick.net *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://vars.hotjar.com https://prefmgr-cookie.truste-svc.net https://my.tealiumiq.com https://www.youtube-nocookie.com https://gum.criteo.com https://static.criteo.net https://www.facebook.com https://cse.google.com https://web.facebook.com https://tsdtocl.com https://s.amazon-adsystem.com; object-src 'none'; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ga.dorcel.com contentnotif.dorcel.com www.dorcelclub.com www.account-dorcel.com cdnjs.cloudflare.com track.dorcelcash.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com bat.bing.com www.clarity.ms *.streaming.in2ip.nl; style-src 'self' 'unsafe-inline' ga.dorcel.com *.streaming.in2ip.nl; img-src 'self' data: https: blob:; media-src 'self' data: *.streaming.in2ip.nl blob:; font-src 'self' data: ga.dorcel.com fonts.gstatic.com *.streaming.in2ip.nl; frame-src 'self' contentnotif.dorcel.com *.netverify.com www.dorcelclub.com msurvey.orange.com as.sexad.net www.account-dorcel.com www.google.com; connect-src 'self' region1.google-analytics.com region1.analytics.google.com analytics.google.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.clarity.ms *.streaming.in2ip.nl; form-action 'self' https: http://*.streaming.in2ip.nl; worker-src blob:; 1
default-src 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; connect-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://api.mypurecloud.com.au wss://carrier-pigeon.mypurecloud.com.au wss://streaming.mypurecloud.com.au stats.g.doubleclick.net subscriptions.smartrecruiters.com https://*.clarity.ms https://c.bing.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; font-src *; frame-src 'self' apps.afca.org.au hcm613.peoplestreme.net www.google.com www.youtube.com docs.google.com service02.afca.org.au hcm616.peoplestreme.net subscriptions.smartrecruiters.com https://player.vimeo.com; img-src * data:; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' www.google-analytics.com cdn.rawgit.com https://ssl.google-analytics.com https://api.mypurecloud.com.au wss://carrier-pigeon.mypurecloud.com.au www.googletagmanager.com subscriptions.smartrecruiters.com https://static.hotjar.com https://script.hotjar.com cdnjs.cloudflare.com https://apps.mypurecloud.com.au https://cdn.jsdelivr.net https://cdnjs.cloudflare.com mdbootstrap.com stackpath.bootstrapcdn.com; script-src-elem 'self' 'unsafe-inline' www.google-analytics.com cdn.rawgit.com www.googletagmanager.com subscriptions.smartrecruiters.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.clarity.ms https://c.bing.com cdnjs.cloudflare.com https://apps.mypurecloud.com.au https://cdn.jsdelivr.net https://cdnjs.cloudflare.com mdbootstrap.com stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com subscriptions.smartrecruiters.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com maxcdn.bootstrapcdn.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; frame-ancestors 'self' stagingsecure.afca.org.au secure.afca.org.au my.afca.org.au member.afca.org.au 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.youtube.com https://s.ytimg.com https://web103.reachmee.com https://www.vizzit.se https://tag.vizzit.se https://cdn.vizzit.se https://soundcloud.com/ https://connect.soundcloud.com/sdk/ https://i.ytimg.com https://cdn.screen9.com/; style-src 'self' 'unsafe-inline' https://soundcloud.com/ https://w.soundcloud.com/ ;  frame-src 'self' https://fi.se https://*.fi.se/ https://www.vizzit.se https://tag.vizzit.se https://cdn.vizzit.se https://web103.reachmee.com  https://www.youtube.com https://i.ytimg.com https://soundcloud.com/ https://w.soundcloud.com/ https://api.screen9.com/ https://screen9.com/ https://quickchannel.com/ https://www.quickchannel.com/ ;  img-src 'self' data: https://i.ytimg.com https://bcdn.screen9.com https://qcdn.screen9.com; connect-src 'self' https://www.googleapis.com https://soundcloud.com/ https://connect.soundcloud.com/sdk/ https://rest.screen9.com/ ;  form-action 'self' https://publish.ne.cision.com/Subscription/Subscribe ;  base-uri 'self' ;  frame-ancestors 'self' ; upgrade-insecure-requests ; object-src 'self'  1
frame-ancestors 'self' globalgatewaye4.firstdata.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' cpb.nl https://ajax.googleapis.com/ https://etalage.argumentenfabriek.nl/; frame-src 'self' https://cpbit.shinyapps.io/ https://www.youtube.com/ https://player.vimeo.com/ https://indd.adobe.com/; 1
frame-ancestors resource.ecisolutions.com ecisoftwaresolutions.pathfactory.com 'self' 1
frame-ancestors 'self' *.mapfre.com *.mapfre.es *.mapfre.com.do *.mapfre.com.br *.mapfre.com.mx *.mapfre.com.co *.mapfre.com.sv *.mapfre.com.gt *.mapfre.com.ec *.mapfre.com.hn *.mapfre.com.ni *.mapfre.com.py *.mapfre.com.oe *.mapfre.com.uy *.mapfre.com.ar *.mapfre.com.cl *.mapfre.com.pa *.mapfreinsurance.com *.mapfre.com.tr *.mapfre.cr; 1
frame-ancestors 'self' visitamiapp.com www.visitamiapp.com; 1
frame-ancestors 'self' www2.suresupport.com; 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src	'self' 'unsafe-inline' *; img-src 'self' data: *;font-src 'self' data: *; report-uri https://ee33uafj.uriports.com/reports/enforce; report-to default 1
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' https: 'unsafe-eval' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://smct.co https://www.awin1.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com blob: https://*.smct.co https://smct.io https://*.smct.io https://tr6.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://smct.co https://ipl.smct.co https://ipb.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://*.contentsquare.net https://*.smct.co https://smct.io https://*.smct.io https://tr.snapchat.com https://sgtm.mioskincare.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com; form-action 'self' https://www.facebook.com https://www.mioskincare.com https://m.mioskincare.com https://checkout.mioskincare.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://ln-rules.rewardstyle.com https://*.sciencebehindecommerce.com https://*.recaptcha.net https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://tr.snapchat.com https://sgtm.mioskincare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://fonts.smct.co https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' ecamm.com *.ecamm.com intercom-sheets.com ; 1
frame-ancestors 'self' https://nginx-sonova-d8-develop.ch.amazee.io https://www.sonova.com https://relaunch.sonova.com https://jobs.nzz.ch https://management.jobs.nzz.ch ; report-uri /report-csp-violation 1
frame-src 'self' www.youtube.com widget.stapico.ru widget.instagramm.ru api-maps.yandex.ru docs.google.com/ 1
frame-ancestors 'self' https://www.espacemembre.macsf.fr/ 1
frame-ancestors https://*.guide-piscine.fr; 1
base-uri 'self'; connect-src 'self' https: wss:; default-src 'none'; img-src 'self' https://*.gleap.io https: data: blob:; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-src 'self' https://*.gleap.io https://player.vimeo.com https://td.doubleclick.net https://*.sandbox.dat https://*.datatrans.com https://*.paypal.com https://*.cloudflare.com https://*.payrexx.com https://hooks.stripe.com; frame-ancestors 'self'; manifest-src 'self'; object-src 'none'; script-src 'self' https://*.gleap.io https://*.googletagmanager.com https://*.google-analytics.com https://*.trstplse.com https://*.cloudflare.com https://*.googleapis.com https://*.doubleclick.net https://*.datatrans.com https://*.paypal.com https://*.gstatic.com https://*.crowdswap.org https://*.cloudflare.com https://*.payrexx.com https://*.hotjar.com https://*.facebook.net 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com *.autotorino.it https://fonts.gstatic.com *.typekit.net *.nimbata.com *.livechatinc.com https://www.clarity.ms *.clarity.ms *.optinmonster.com *.omappapi.com *.jotform.com *.jotfor.ms *.sentry-cdn.com *.jotformeu.com acsbapp.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com cloudinary.com *.cloudinary.com *.yotpo.com *.autotorino.it https://0merchantacsstag.cardinalcommerce.com *.livechatinc.com *.jotform.com *.jotfor.ms *.sentry-cdn.com *.jotformeu.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ cloudinary.com *.cloudinary.com cdnjs.cloudflare.com *.google.com *.yotpo.com *.autotorino.it https://assets.braintreegateway.com https://c.paypal.com https://tst.kaptcha.com https://geostag.cardinalcommerce.com https://bid.g.doubleclick.net https://0merchantacsstag.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://checkout.paypal.com https://www.google.com *.cookiebot.com https://player.vimeo.com *.videoask.com *.typeform.com *.nimbata.com *.livechatinc.com *.jotform.com *.jotfor.ms *.sentry-cdn.com *.jotformeu.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.criteo.com youtube.com *.doubleclick.net *.criteo.net *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com cloudinary.com *.cloudinary.com *.yotpo.com *.autotorino.it https://www.google.it https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://b.stats.paypal.com https://c.paypal.com https://dub.stats.paypal.com blob: *.nimbata.com https://www.clarity.ms *.clarity.ms *.optinmonster.com *.omappapi.com *.livechatinc.com *.jotform.com *.jotfor.ms *.sentry-cdn.com *.jotformeu.com https://img.youtube.com https://www.facebook.com https://www.youtube.com https://www.bat.bing.com *.google.com *.googleapis.com *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.bing.com *.outbrain.com *.bidswitch.net *.doubleclick.net *.adnxs.com *.casalemedia.com *.360yield.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.com *.emxdgt.com *.adform.net *.omnitagjs.com *.criteo.com id5-sync.com *.ivitrack.com *.mediavine.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.pubmatic.com *.krxd.net *.thebrighttag.com *.allibo.com *.acsbapp.com *.zuko.io acsbapp.com *.shopify.com *.shopifycdn.com *.postrelease.com *.evergage.com *.cookiebot.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cloudinary.com *.cloudinary.com cdnjs.cloudflare.com https://www.youtube.com *.yotpo.com *.autotorino.it https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.googletagmanager.com https://www.googleoptimize.com https://googleads.g.doubleclick.net *.google-analytics.com https://c.paypal.com https://www.clarity.ms *.clarity.ms *.omappapi.com *.optinmonster.com *.cloudflareinsights.com https://songbirdstag.cardinalcommerce.com https://joblink.allibo.com https://connect.facebook.net https://bat.bing.com *.jquery.com *.cookiebot.com *.criteo.net *.criteo.com *.typeform.com *.microsoft.com *.livechat.com *.fontawesome.com *.nimbata.com *.livechatinc.com *.jotform.com *.jotfor.ms *.sentry-cdn.com *.jotformeu.com *.google.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.outbrain.com *.allibo.com *.acsbapp.com acsbapp.com *.mousestats.com *.jotform.io *.zuko.io *.unpkg.com unpkg.com *.shopifycdn.com *.googlesyndication.com *.evgnet.com *.evergage.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cloudinary.com *.cloudinary.com *.yotpo.com *.googleapis.com *.autotorino.it https://fonts.googleapis.com https://www.googletagmanager.com https://www.gstatic.com *.typekit.net https://joblink.allibo.com *.typeform.com *.fontawesome.com *.nimbata.com *.livechatinc.com https://www.clarity.ms *.clarity.ms *.optinmonster.com *.omappapi.com *.jotform.com *.jotfor.ms *.sentry-cdn.com *.jotformeu.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.evergage.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.evergage.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com cloudinary.com *.cloudinary.com *.yotpo.com *.autotorino.it https://payments.sandbox.braintree-api.com https://api.sandbox.braintreegateway.com https://origin-analytics-sand.sandbox.braintree-api.com *.google-analytics.com *.googlesyndication.com *.cookiebot.com https://centinelapistag.cardinalcommerce.com *.amazonaws.com https://writer.cardinalcommerce.com https://www.sandbox.paypal.com https://vimeo.com https://www.youtube.com https://www.clarity.ms *.clarity.ms *.optinmonster.com *.omappapi.com https://joblink.allibo.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net *.nimbata.com *.livechatinc.com *.jotform.com *.jotfor.ms *.sentry-cdn.com *.jotformeu.com *.google.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com cloudflareinsights.com *.criteo.com *.google.it *.bing.com *.acsbapp.com *.mousestats.com *.zuko.io acsbapp.com *.shopifysvc.com *.myshopify.com *.evergage.com *.typeform.com autotorino.my.salesforce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://zont-online.ru http://microline.ru 1
frame-ancestors 'self' *.10bet.co.za *.topbet.co.za *.playingops.com *.gggaming.bet *.vegasbets.co.za gggaming.bet vegasbets.co.za mbet.co.za firstbet.co.za *.mbet.co.za *.abetting.co betjets.co.za lulabet.co.za *.betjets.co.za *.lulabet.co.za *.firstbet.co.za *.tabonline.co.za *.gbets.co.za 10bet.co.tz *.10bet.co.tz *.playingops.com *.betway.co.za *.mp4racing.com *.tsretail.co.za *.turfsport.co.za *.payu.co.za *.mojabet.co.ke *.gbets.co.ls *.regularbet.com *.4racing.com localhost localhost:8100 localhost:8080 *.tab4racing.com tab4racing.com www.tab4racing.com play.tabonline.co.za efx.deod.tv az-4r-accountregister4racing.azurewebsites.net mashonaland.tab.co.za m.4racing.com web.4racing.com bet.4racing.com uat.betway.co.za qa.betway.co.za betway.co.za test.mojabet.co.ke mojabet.co.ke; block-all-mixed-content;  object-src 'none'; base-uri 'self'; 1
frame-ancestors 'self' newapp.etracker.com; 1
style-src 'self' 'unsafe-inline' https://privacyportal-cdn.onetrust.com https://cdn03.jotfor.ms https://cdn02.jotfor.ms https://cdn01.jotfor.ms https://pages.fragomen.com http://pages.fragomen.com https://www.fragomen.com https://cdn.ckeditor.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://app-ab33.marketo.com data:; img-src 'self' https://cdn.cookielaw.org https://cdn.jotfor.ms https://i.vimeocdn.com https://analytics.rubyapps.io https://events.jotform.com https://cdnjs.cloudflare.com https://www.jotform.com https://pages.fragomen.com https://storage.googleapis.com https://www.fragomen.com https://cdn.ckeditor.com https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://i.ytimg.com https://tr.lfeeder.com https://player.flipsnack.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://xapis.onelink-edge.com https://privacyportal-cdn.onetrust.com https://view.ceros.com https://analytics.rubyapps.io https://cdn.jotfor.ms https://cdn.jotfor.ms https://cdn01.jotfor.ms https://cdn03.jotfor.ms https://cdn02.jotfor.ms https://cdn01.jotfor.ms https://form.jotform.com https://www.googletagmanager.com http://munchkin.marketo.net https://geolocation.onetrust.com https://player.vimeo.com https://cdn.cookielaw.org https://www.youtube.com https://www.fragomen.com http://pages.fragomen.com https://pages.fragomen.com https://cdn.ckeditor.com https://www.gstatic.com https://www.google.com https://www.amcharts.com https://maps.googleapis.com https://static.addtoany.com https://www.buzzsprout.com https://app-ab33.marketo.com https://munchkin.marketo.net https://cdnjs.cloudflare.com https://code.jquery.com https://secure.leadforensics.com https://connect.facebook.net https://www.google-analytics.com https://sc.lfeeder.com https://siteimproveanalytics.com https://zingtree.com; connect-src 'self' https://xapis.onelink-edge.com https://privacyportal-cdn.onetrust.com https://analytics.rubyapps.io http://130-cki-333.mktoresp.com https://fragomen-privacyrequests.my.onetrust.com https://maps.googleapis.com https://cdn.cookielaw.org https://cdn.plyr.io https://noembed.com https://130-cki-333.mktoresp.com https://connect.facebook.net https://tr.lfeeder.com https://www.google-analytics.com https://www.fragomen.dev.ruby.app https://stats.g.doubleclick.net; frame-src 'self' https://xapis.onelink-edge.com https://view.ceros.com https://analytics.rubyapps.io https://cwa.mindpeer.com https://submit.jotform.com/ https://cdn.flipsnack.com https://form.jotform.com/ https://pages.fragomen.com http://pages.fragomen.com https://player.vimeo.com https://www.bloomberg.com/ https://www.buzzsprout.com https://www.youtube.com https://www.google.com https://app-ab33.marketo.com https://static.addtoany.com https://cdn.yoshki.com https://zingtree.com https://player.flipsnack.com; font-src 'self' https://cdn.jotfor.ms https://fonts.gstatic.com https://maps.googleapis.com https://player.flipsnack.com https://privacyportal-uk.onetrust.com https://privacyportal-cdn.onetrust.com/5f6c6a33-148d-4e8c-a636-34f51eea6d11/privacy-notices/6ac6769d-b16d-4e5e-8656-21c382a722d0.json https://privacyportal-cdn.onetrust.com/ 1
frame-ancestors api.chamberlain.com:443 hybris.chamberlain.com:443 arqadm.chamberlain.com:443 adm.myq.com:443 adm.chamberlain.com:443 adm.liftmaster.com:443 arq.chamberlain.com:443 www.myq.com:443 www.chamberlain.com:443 www.liftmaster.com:443 1
script-src 'nonce-+LzYs7RMoIaZ+zaCwsmEa+RYkJWL' 'unsafe-eval' 'strict-dynamic'; object-src 'none'; base-uri 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: d.lernsax.de; report-uri /security-report.php 1
default-src 'self'; img-src 'self' data: https://www.gstatic.com https://www.google.com https://translate.googleapis.com https://s3.amazonaws.com https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://go.nuvancehealth.org https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://www.googletagmanager.com https://cdn-images.kyruus.com https://kyruus-app-static.kyruus.com https://img.youtube.com https://www.facebook.com https://connect.facebook.net https://translate.google.com https://ww2.matchinggifts.com https://*.google-analytics.com https://*.analytics.google.com https://aedviewer.pulsepoint.org https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://translate-pa.googleapis.com https://app.dafwidget.com https://ww2.matchinggifts.com https://www.matchinggifts.com/ https://www.googletagmanager.com https://www.google-analytics.com https://translate.googleapis.com https://translate.google.com https://ajax.googleapis.com https://code.jquery.com https://ajax.microsoft.com https://unpkg.com https://web.production.gyantts.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://go.nuvancehealth.org https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://www.google.com https://www.gstatic.com https://cdn.calltrk.com https://connect.facebook.net https://www.youtube.com https://www.googleadservices.com https://js.eruptr.io https://widget.thegivingblock.com https://js.calltrk.com https://www.nuvancehealth.org; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://translate.googleapis.com https://web.production.gyantts.com https://cdnjs.cloudflare.com https://go.nuvancehealth.org https://bbox.blackbaudhosting.com https://app.dafwidget.com https://payments.blackbaud.com https://cdn.kyruus.com https://www.gstatic.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://web.production.gyantts.com https://widget.thegivingblock.com https://aedviewer.pulsepoint.org https://cdn.kyruus.com; frame-src 'self' 'unsafe-eval' https://ww2.matchinggifts.com https://www.matchinggifts.com https://javamatch.matchinggifts.com https://causes.benevity.org https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://host.nxt.blackbaud.com https://go.nuvancehealth.org https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://intakeforms.sequencehealth.com https://www.facebook.com https://ww2.matchinggifts.com https://www.matchinggifts.com https://javamatch.matchinggifts.com https://causes.benevity.org https://widget.thegivingblock.com https://aedviewer.pulsepoint.org; media-src 'self' data: https://www.youtube.com https://translate.googleapis.com; connect-src 'self' https://www.google-analytics.com https://web.production.gyantts.com wss://web.production.gyantts.com https://s3.amazonaws.com https://go.nuvancehealth.org https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://maps.googleapis.com https://translate.googleapis.com https://translate-pa.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.eruptr.io https://js.calltrk.com https://www.nuvancehealth.org; object-src https://www.matchinggifts.com; upgrade-insecure-requests; 1
base-uri 'self' https://hcaptcha.com https://*.hcaptcha.com; child-src https://*.craigslist.org; connect-src https://*.craigslist.org https://hcaptcha.com https://*.hcaptcha.com; font-src data:; form-action https://*.craigslist.org; frame-ancestors 'self'; frame-src https://*.craigslist.org https://craigslist.org https://hcaptcha.com https://*.hcaptcha.com; media-src data:; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https://*.craigslist.org https://hcaptcha.com https://*.hcaptcha.com; style-src 'unsafe-inline' https://*.craigslist.org https://hcaptcha.com https://*.hcaptcha.com 1
image-src 'self'; 1
frame-ancestors 'self' https://www.casamentos.pt https://comunidade.casamentos.pt https://landing.casamentos.pt 1
default-src 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net ws://socket.spacehey.com wss://socket.spacehey.com; script-src 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net tibushlabs.de; style-src 'unsafe-inline' 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net; img-src data: 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net tibushlabs.de; frame-src https:; connect-src https: ws://socket.spacehey.com wss://socket.spacehey.com; form-action https:; object-src 'none'; 1
frame-ancestors 'self' http://buildertrend.pathfactory.com https://buildertrend.pathfactory.com http://explore.buildertrend.com https://explore.buildertrend.com http://explore.cbusa.us https://explore.cbusa.us https://learn.buildertrend.net *.buildertrend.com *.buildertrendsystems.com 1
frame-ancestors https://adminv3.luxauto.lu http://www.lessentiel.lu https://www.lessentiel.lu http://www.garage-pauly.lu https://www.garage-pauly.lu http://www.gti.lu http://automobiles-cr.lu http://www.automobiles-cr.lu https://www.garagethielen.lu http://www.reiserbann.lu https://www.reiserbann.lu https://www.smartcenter.lu https://www.marval.lu https://www.garagecastermans.lu http://www.schneiders.lu https://www.serviceautomobile.lu https://www.pirsch.lu https://www.grand-garage-mondercange.lu http://www.diegrenzgaenger.lu https://www.diegrenzgaenger.lu http://www.lesfrontaliers.lu https://www.lesfrontaliers.lu https://colle.lu https://actions-autodis.lu; 1
default-src 'self';connect-src 'self' https: *.camunda.io *.mixpanel.com *.osano.com cloudflareinsights.com *.appcues.net wss://api.appcues.net tour.camunda.io;script-src 'self' js.chargebee.com/v2/chargebee.js *.chargebee.com *.osano.com tour.camunda.io *.camunda.io ajax.cloudflare.com static.cloudflareinsights.com pactsafe.io *.pactsafe.io d3l1mqnl5xpsuc.cloudfront.net;style-src 'self' 'unsafe-inline' https: *.googleapis.com *.chargebee.com;img-src 'self' data: camunda.com https://cb-invoice-logos-prod.s3.us-east-1.amazonaws.com validator.swagger.io camundahelp.wpengine.com res.cloudinary.com;font-src 'self' data: https://fonts.gstatic.com https://fonts.camunda.io;frame-ancestors;frame-src 'self' https: *.chargebee.com;child-src;worker-src 'self' blob:;base-uri 'self';form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
script-src 'nonce-7774654207fb4b43a9e3951efb0424ab' 'strict-dynamic'; default-src 'self'; object-src 'none';frame-ancestors 'none'; frame-src https://mainfreight.topdesk.net https://www.mainfreight.topdesk.net https://vimeo.com https://www.youtube.com https://www.google.com https://vars.hotjar.com https://hemsync.clickagy.com https://www.facebook.com https://player.vimeo.com; form-action 'self' https://www.facebook.com/tr/; upgrade-insecure-requests; font-src 'self'  data: https: fonts.gstatic.com https://*.hotjar.com; style-src 'self' https: fonts.googleapis.com 'unsafe-inline' https://*.hotjar.com 'unsafe-inline'; base-uri 'self'; img-src https: https://*.hotjar.com data: www.gstatic.com; connect-src 'self' https: wss://directline.botframework.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; 1
default-src 'self' cdn.360-value.com/ *.melissadata.net *.360-value.com; script-src 'self' cdn.360-value.com/ *.melissadata.net *.360-value.com *.google.com *.googleapis.com *.bing.com *.virtualearth.net *.kampyle.com 'unsafe-inline' 'unsafe-eval'; frame-src cdn.360-value.com/ *.melissadata.net *.360-value.com *.kampyle.com; style-src 'self' cdn.360-value.com/ *.melissadata.net *.360-value.com *.google.com *.googleapis.com *.bing.com 'unsafe-inline'; img-src 'self' cdn.360-value.com/ *.melissadata.net *.360-value.com *.google.com *.googleapis.com *.gstatic.com *.ggpht.com *.propmix.io *.bing.com *.virtualearth.net *.iso.com http://www.airmapserver.com:8080 https://www.airmapserver.com:8080 *.kampyle.com data:; font-src 'self' cdn.360-value.com/ *.melissadata.net *.360-value.com *.google.com *.googleapis.com *.gstatic.com data:; connect-src 'self' cdn.360-value.com/ *.melissadata.net *.360-value.com *.googleapis.com *.gstatic.com *.bing.com *.virtualearth.net *.kampyle.com *.cybersource.com; report-uri https://360-value.com/apps/iv/rest/cspReport; frame-ancestors * http: https: 1
upgrade-insecure-requests; default-src blob: https: data: 'unsafe-inline' 'unsafe-eval'; connect-src wss: https: blob: 'self' https://*.brizy.io; object-src 'self' 1
default-src 'self'; script-src 'self' https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://d31qbv1cthcecs.cloudfront.net/atrk.js https://script.crazyegg.com/pages/scripts/0058/5877.js https://www.google-analytics.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css https://cdn.gtranslate.net https://translate.google.com/ https://*.googleapis.com/ https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.ampproject.org https://*.onesignal.com https://onesignal.com https://www.googletagmanager.com https://cdn.gtranslate.net https://apis.google.com/js/api.js https://connect.facebook.net/en_US/sdk.js https://*.googleapis.com https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css https://cdn.gtranslate.net https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2 https://translate.google.com/ https://maxcdn.bootstrapcdn.com https://*.googleapis.com https://www.gstatic.com'  'unsafe-inline'; img-src 'self' data: http: https: *.y-axis.com https://www.y-axis.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://cdn.gtranslate.net/ https://cdn.iconscout.com/ https://*.onesignal.com https://d2hpxyoi44i7uq.cloudfront.net https://www.y-axis.com https://cdn.gtranslate.net; connect-src 'self' https://www.googletagmanager.com/ https://d2hpxyoi44i7uq.cloudfront.net *.y-axis.com https://analytics.google.com/ https://pagead2.googlesyndication.com/ https://analytics.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css https://translate.google.com/ https://cdn.gtranslate.net https://us-central1-amp-error-reporting.cloudfunctions.net https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151601 https://cdn.gtranslate.net/widgets/latest/popup.js https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://cdn.onesignal.com/sdks/OneSignalSDK.js https://www.google.com/recaptcha/ https://apis.google.com/ https://cdn.ampproject.org/ https://www.googletagmanager.com/gtm.js?id=GTM-K5PBP9K https://cdn.gtranslate.net/widgets/latest/dwf.js https://onesignal.com https://www.gstatic.com/ https://*.googleapis.com https://api.y-axis.com https://www.y-axis.com; font-src 'self' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/ https://maxcdn.bootstrapcdn.com https://*.googleapis.com; frame-src 'self' https://td.doubleclick.net/ https://www.facebook.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://www.google.com/ https://accounts.google.com/; worker-src blob: https://www.y-axis.com/sw.js https://www.y-axis.com/js/push/onesignal/ https://www.y-axis.com/OneSignalSDKWorker.js 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none'; object-src 'none'; 1
script-src https://*.mydrreddys.com https://*.mydrreddys.com:8443 polyfill.io *.google-analytics.com *.google.com *.gstatic.com https://*.yellowmessenger.com https://*.webengage.com https://*.webengage.co https://*.microsoftstream.com https://*.cloudfront.net https://raw.githubusercontent.com https://www.googletagmanager.com https://*.amazonaws.com https://*.securiti.ai blob: 'self' 'unsafe-inline' 'unsafe-eval'; object-src https://*.mydrreddys.com https://*.mydrreddys.com:8443 'self'; 1
frame-ancestors 'self' http://testbaba.virtualcms.it 1
default-src 'none'; connect-src https: blob: wss: data: media.twiliocdn.com api.my-care-plan.com my-care-plan.com pro.my-care-plan.com; script-src 'self' 'unsafe-eval' 'nonce-5dfcd2fba49c0f09' *.twiliocdn.com youtube.com www.youtube.com maps.googleapis.com cdn.jsdelivr.net acsbapp.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: pro.my-care-plan.com my-care-plan.com www.my-care-plan.com api.my-care-plan.com *.s3.amazonaws.com maps.googleapis.com maps.gstatic.com www.my-care-plan.com *.acsbapp.com; frame-src 'self' www.youtube.com pro-landing.my-care-plan.com pro.my-care-plan.com care-manager-plugin.my-care-plan.com; frame-ancestors 'none'; form-action 'none'; font-src 'self' fonts.gstatic.com acsbapp.com; object-src 'self'; base-uri 'self'; worker-src blob:; 1
default-src 'self';script-src 'self' 'unsafe-inline' data: https://js.hsforms.net https://player.vimeo.com https://www.vimeo.com https://f.vimeocdn.com googleads.g.doubleclick.net www.googleadservices.com https://www.gstatic.com https://www.google.com/recaptcha/api.js *.cookiebot.com maps.googleapis.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com https://*.list-manage.com https://downloads.mailchimp.com https://chimpstatic.com https://gtm-tljzgsk-njczm.uc.r.appspot.com https://metrics.priva.com https://snap.licdn.com https://bat.bing.com https://connect.facebook.net https://www.clarity.ms https://*.hotjar.com/ https://*.hotjar.io/ *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com;style-src 'self' 'unsafe-inline' tagmanager.google.com https://cdn-images.mailchimp.com https://fonts.googleapis.com downloads.mailchimp.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com;img-src 'self' blob: data: *.privacysandbox.googleadservices.com *.vimeocdn.com *.vimeo.com www.google.nl www.google.com googleads.g.doubleclick.net region1.google-analytics.com region1.analytics.google.com www.googletagmanager.com *.mailchimp.com *.list-manage.com https://www.google-analytics.com https://*.ads.linkedin.com/ https://bat.bing.com/action/ https://www.linkedin.com https://www.facebook.com https://www.google.be https://www.clarity.ms https://imgsct.cookiebot.com https://*.hotjar.com https://*.hotjar.io *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.hsforms.com;media-src 'self' blob:;frame-src 'self' *.cookiebot.com *.vimeo.com vimeo.com youtube.com https://www.youtube.com https://www.youtube-nocookie.com https://privacdn.blob.core.windows.net/prd-productwizard/simple_version.html https://www.google.com https://privacdn.blob.core.windows.net https://forms.hsforms.com https://cdn.flipsnack.com https://td.doubleclick.net https://*.hotjar.com/ https://*.hotjar.io *.visualwebsiteoptimizer.com *.teamgantt.com/ app.vwo.com;font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com/ https://*.hotjar.io;connect-src 'self' https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://forms.hsforms.com vimeo.com https://*.ads.linkedin.com/ https://maps.googleapis.com https://consentcdn.cookiebot.com www.google.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com https://gtm-tljzgsk-njczm.uc.r.appspot.com https://metrics.priva.com https://e.clarity.ms https://*.hotjar.com/ https://*.hotjar.io wss://*.hotjar.com wss://*.hotjar.io *.visualwebsiteoptimizer.com app.vwo.com https://cdn.linkedin.oribi.io/partner/3828489/domain/priva.com/token;base-uri 'self';child-src 'self' blob:;form-action 'self' *.hsforms.com;frame-ancestors 'self';worker-src 'self' blob:;upgrade-insecure-requests;block-all-mixed-content 1
default-src 'self'; frame-src https:; img-src https://nightstand.zikinf.com 'self' data: https:; object-src 'none'; script-src 'nonce-gIgxDXErD5KJ5AZbKL2thL17y/0=' 'self';base-uri 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; worker-src 'self'; form-action 'self'; report-uri https://nightstand.zikinf.com/i/csp.php?uid=T2sm8lzQFOI&key=BJrm4PowLkc 1
default-src 'none';          script-src 'self' 'unsafe-inline' 'unsafe-eval' cform.loyalhealth.com guide.loyalhealth.com www.google-analytics.com use.typekit.net cdn.kyruus.com static.addtoany.com www.googletagmanager.com siteimproveanalytics.com cdn.levelaccess.net maps.googleapis.com cdn.siteimprove.net www.youtube.com *.corp.saint-lukes.org healthcare.healthrecordwizard.com cdn.virtuoussoftware.com unpkg.com www.google.com js.hcaptcha.com js.stripe.com cdn.plaid.com www.gstatic.com recruitingbypaycor.com developer.livehelpnow.net cdn.polyfill.io;          connect-src 'self' wss://api.loyalhealth.com wss://guide.loyalhealth.com api.loyalhealth.com sentryio.loyalhealth.com guide.loyalhealth.com *.saintlukeskc.org www.google-analytics.com stats.g.doubleclick.net api.levelaccess.net maps.googleapis.com my2.siteimprove.com id.siteimprove.com healthcare.healthrecordwizard.com tpx.virtuoussoftware.com forms.virtuoussoftware.com donateapi.givevirtuous.org wss://*.livehelpnow.net *.livehelpnow.net;          img-src 'self' data: guideassets.blob.core.windows.net kloggyr-service.kyruus.com *.saintlukeskc.org p.typekit.net www.google-analytics.com 66669.global.siteimproveanalytics.io www.google.com maps.gstatic.com maps.googleapis.com api.kramesstaywell.com healthcare.healthrecordwizard.com i.ytimg.com www.livehelpnow.net developer.livehelpnow.net;          style-src 'self' 'unsafe-inline' cloud.typography.com fonts.googleapis.com use.typekit.net cdn.kyruus.com static.addtoany.com www.googletagmanager.com www.saintlukeskc.org *.corp.saint-lukes.org cdn.virtuoussoftware.com cdnjs.cloudflare.com developer.livehelpnow.net;          base-uri 'self';          form-action 'self' saintlukeskc.org *.saintlukeskc.org *;          font-src 'self' 'unsafe-inline' data: fonts.gstatic.com cdn.kyruus.com use.typekit.net fonts.googleapis.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com cdn.livehelpnow.net;          frame-src 'self' * static.addtoany.com www.youtube.com *.google.com *.corp.saint-lukes.org healthcare.healthrecordwizard.com js.stripe.com donateapi.givevirtuous.org recruitingbypaycor.com embed.ricoh360.com embed.ricohtours.com;          frame-ancestors 'self' *.saint-lukes.org;          media-src 'self' guidecdn.loyalhealth.com http://staywell.http.internapcdn.net; 1
default-src 'self'; script-src 'unsafe-inline' *; font-src *; style-src 'unsafe-inline'  *; img-src 'self' data: *; connect-src 'self' *; frame-src * 1
frame-ancestors 'self' www.dbresearch.com www.dbresearch.de *.zoom.us *.db.com *.db.com:* localhost:* localhost *research-db-a2.wsodqa.com; 1
default-src 'self' ajax.googleapis.com code.jquery.com www.googletagmanager.com www.youtube.com fonts.googleapis.com;  font-src 'self' fonts.gstatic.com; script-src 'self' ajax.googleapis.com code.jquery.com www.googletagmanager.com www.youtube.com 'sha256-TSHJdrewuAaYe3Td3BmmZzmWBauNsfLc3VuVK9zayzA=' 'sha256-mjdgHR9aXy+6OwAGlNS/XgNcYG1Uhd2U4pl8vi7+XCY=' 'sha256-xJqrQIwtnysUoiC7tVDUVKultWRyUhJNB4/72KBQmag=' ; object-src 'self'; form-action 'none'; report-to /csp-violation-report-endpoint/ 1
frame-ancestors 'self' https://admin.earlygame.com earlygame.com; 1
base-uri 'self'; default-src 'self'; script-src 'nonce-ZjU5YzYyOWUtNWM2ZS00MmFjLWEzMmUtNDIzYTI4ODE0ZjY1' 'self' https://connect.facebook.net https://gateway.zscaler.net 'sha256-o8MsT+ybfaDcjwBFA3ry6ORJMj8ZubWycesh6WKQJhU=' 'sha256-+S6pgEqdb8TFlYZOjIV5ocKPJ3kFRAXQi8TUN7+xpmQ=' https://recaptcha.net https://www.google-analytics.com https://ssl.google-analytics.com https://maps.googleapis.com/maps/api/ 'sha256-islgbgq+YlN6XMfIX8L9NlMWSOOO3qorYzkxBcxLUTI=' 'sha256-FyhF119vYBjexIV5MJoh7n99U/CGrzJZghVkL/z0TB0=' 'sha256-UcKneRapMcuCJzIVhysuxYBI1ywOAC8n1SUytvNAKXE=' 'sha256-bjutey+CqpCYK+tiaVkhk+cex4n3KsfIjMR7/kz/d/k=' 'sha256-a5L9kw5QLIWBCliPy4U99GDxrjb+wzX5Y1tonMFFNss='; style-src 'nonce-ZjU5YzYyOWUtNWM2ZS00MmFjLWEzMmUtNDIzYTI4ODE0ZjY1' 'self' https://fonts.googleapis.com https://aioapps-qa.hkbn.net 'sha256-QTTeE5LBaII+tJ6ngkLeeEoGNof3Nvqqfhh/RE1rZg4=' 'sha256-RCMj/9VQhfHisi3lTuQ2jwck71n1i0dOVzxbSJoaU6U=' 'sha256-uBwO5wj060MA3ZtGq06LqGvy2kcdrcexynL25MmhSiY='; object-src 'none'; img-src 'self' https://www.facebook.com https://www.google.com.hk https://www.google.com https://*.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://img.youtube.com data: maps.gstatic.com *.googleapis.com *.ggpht.com https://www.hkbnes.net; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'self' https://*.doubleclick.net https://recaptcha.net https://www.youtube.com www.youtube.com; font-src 'self' https://fonts.gstatic.com; child-src https://www.youtube.com/ https://s.ytimg.com; 1
font-src acsbapp.com *.acsbapp.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.kaptcha.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.google.com *.gstatic.com cdn.flipsnack.com acsbapp.com accounts.accessibe.com magentosignup.dotdigital.com *.dotdigital.com *.demdex.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ acsbapp.com *.acsbapp.com *.kaptcha.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.sandbox.braintreegateway.com *.google.com *.gstatic.com *.noibu.com *.facebook.net *.doubleclick.net *.ads-twitter.com *.redditstatic.com *.magento.com *.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.braintreegateway.com *.google.com *.google.ca *.gstatic.com www.googletagmanager.com acsbapp.com *.acsbapp.com assets.braintreegateway.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com payments.sandbox.braintree-api.com *.braintree-api.com *.kaptcha.com origin-analytics-sand.sandbox.braintree-api.com stats.g.doubleclick.net acsbapp.com *.acsbapp.com *.sandbox.braintreegateway.com *.sandbox.paypal.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.google.com *.google.ca *.gstatic.com *.noibu.com wss://input.noibu.com *.reddit.com *.redditstatic.com *.demdex.net *.omtrdc.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src *.braintreegateway.com *.paypal.com *.paypalobjects.com *.google.com *.gstatic.com assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.noibu.com *.acsbapp.com *.facebook.net *.doubleclick.net *.twitter.com *.ads-twitter.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 4fansites.de *.4fansites.de *.google.de *.google.com *.cdn.ampproject.org 1
default-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; script-src https: blob: 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; frame-src https: blob: 'self' www.google.com www.gstatic.com; object-src blob:; font-src buddy.net *.buddy.net fonts.gstatic.com data: blob:; connect-src buddy.net *.buddy.net *.buddy.net:2052 *.buddy.net:2053 *.google-analytics.com *.heap-api.com heap-api.com *.nr-data.net *.newrelic.com onesignal.com *.onesignal.com *.openstreetmap.org *.zendesk.com *.zdassets.com blob: wss: ws:; img-src https: data: blob:; 1
default-src 'self'; script-src 'self' embraer.com cdn.ckeditor.com rec.smartlook.com snap.licdn.com www.googletagmanager.com www.youtube.com code.jquery.com kendo.cdn.telerik.com adservice.google.com static.hotjar.com script.hotjar.com doubleclick.net consent.cookiefirst.com cdnjs.cloudflare.com zn3efmsp28lzusdan-embraer.siteintercept.qualtrics.com tracker.sqreemtech.com d10lpsik1i8c69.cloudfront.net googleads.g.doubleclick.net pi.pardot.com www2.embraerexecutivejets.com connect.facebook.net siteintercept.qualtrics.com maps.googleapis.com d8ejoa1fys2rk.cloudfront.net www.google-analytics.com cdn.jsdelivr.net static.elfsight.com s.yimg.com analytics.twitter.com 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src 'self' cdn.ckeditor.com fonts.googleapis.com cdnjs.cloudflare.com consent.cookiefirst.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com; object-src 'none'; media-src defense.embraer.com embraerx.embraer.com embraer.bynder.com d3cy9zhslanhfa.cloudfront.net 1
default-src 'self' https://public-uploads.stileapp.com https://uploads.stileapp.com https://executable-script-uploads.stileapp.com https://www01.stileapp.com https://www02.stileapp.com https://www03.stileapp.com https://prod-slb.au.s522.net:1943 https://preprod-slb.au.s522.net:1943 blob:; media-src 'self' https://stileapp.com blob: https://public-uploads.stileapp.com https://uploads.stileapp.com https://executable-script-uploads.stileapp.com https://www01.stileapp.com https://www02.stileapp.com https://www03.stileapp.com https://abcmedia.akamaized.net/ https://mediacore-live-production.akamaized.net/; script-src 'self' https://vimeo.com s.ytimg.com www.youtube.com https://player.vimeo.com 'unsafe-inline' 'unsafe-eval' https://public-uploads.stileapp.com https://uploads.stileapp.com https://executable-script-uploads.stileapp.com https://www01.stileapp.com https://www02.stileapp.com https://www03.stileapp.com https://js.live.net https://static.zdassets.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; worker-src 'self' https://stileapp.com https://prod-slb.au.s522.net:1943 https://preprod-slb.au.s522.net:1943 blob:; style-src 'self' 'unsafe-inline' https://public-uploads.stileapp.com https://uploads.stileapp.com https://executable-script-uploads.stileapp.com https://www01.stileapp.com https://www02.stileapp.com https://www03.stileapp.com https://fonts.googleapis.com; img-src 'self' data: blob: i.ytimg.com i.vimeocdn.com https://www.abc.net.au https://live-production.wcms.abc-cdn.net.au https://public-uploads.stileapp.com https://uploads.stileapp.com https://executable-script-uploads.stileapp.com https://www01.stileapp.com https://www02.stileapp.com https://www03.stileapp.com https://p.sfx.ms help.stileapp.com https://static1.squarespace.com https://*.stileapp.com; frame-src 'self' https://stileapp.com www.youtube.com vimeo.com player.vimeo.com https://online.clickview.com.au https://online.clickview.co.uk https://online.clickview.co.nz https://www.clickview.net https://primary.clickview.net https://auth.clickviewapp.com https://public-uploads.stileapp.com https://uploads.stileapp.com https://executable-script-uploads.stileapp.com https://www01.stileapp.com https://www02.stileapp.com https://www03.stileapp.com iframesandbox.stileapp.com https://onedrive.live.com https://fast.wistia.com https://fast.wistia.net https://makecode.microbit.org https://desmos.com https://geogebra.org https://www.geogebra.org https://stileeducationapp.cloud.looker.com; connect-src 'self' data: blob: vimeo.com gdata.youtube.com https://public-uploads.stileapp.com https://uploads.stileapp.com https://executable-script-uploads.stileapp.com https://www01.stileapp.com https://www02.stileapp.com https://www03.stileapp.com https://ekr.zdassets.com https://help.stileapp.com https://stileapp.zendesk.com https://stile-testing.zendesk.com https://prod-slb.au.s522.net:1943 https://preprod-slb.au.s522.net:1943 https://prod-slb.au.s522.net:1943 https://graph.microsoft.com https://login.microsoftonline.com https://api.onedrive.com https://stileapp.com; font-src 'self' data: about: https://public-uploads.stileapp.com https://uploads.stileapp.com https://executable-script-uploads.stileapp.com https://www01.stileapp.com https://www02.stileapp.com https://www03.stileapp.com https://fonts.gstatic.com; frame-ancestors 'self' https://*.instructure.com https://*.schoology.com https://my.padua.qld.edu.au https://canvas.education.tas.gov.au https://canvas.au.oneschoolglobal.com https://canvas.parra.catholic.edu.au https://learning.xavier.vic.edu.au/ https://canvas.waverley.nsw.edu.au https://canvas.kings.edu.au https://learn.sasc.nsw.edu.au https://*.prerender.io https://*.desmos.com https://*.geogebra.org https://lti.schoolbox.cloud https://deeds.cgs.vic.edu.au; 1
default-src data: blob: *;script-src blob: data: 'self' 'unsafe-eval' 'unsafe-inline' *.facebook.com *.facebook.net *.fbcdn.net;style-src data: blob: 'unsafe-inline' *;connect-src blob: data: 'self' *.facebook.com *.fbcdn.net *.facebook.net *.metaenterprise.com wss://*.facebook.com:* wss://*.facebookenterprise.com:* wss://*.metaenterprise.com:* wss://edge-chat.facebook.com gateway.metaenterprise.com gateway.facebookenterprise.com rupload.metaenterprise.com rupload.facebookenterprise.com;block-all-mixed-content;upgrade-insecure-requests; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval';connect-src https://*.qalink.cn:443 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.monsido.com monsido.com *.twitter.com *.ads-twitter.com *.facebook.net *.cookieeyes.com *.amcharts.com *.googleapis.com *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.radial.com t.co *.linkedin.com *.pardot.com pardot.com *.adsymptotic.com *.facebook.com *.licdn.com fonts.googleapis.com http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.monsido.com monsido.com *.twitter.com *.ads-twitter.com *.facebook.net *.cookieeyes.com *.amcharts.com *.googleapis.com *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.radial.com t.co *.linkedin.com *.pardot.com pardot.com *.adsymptotic.com *.facebook.com *.licdn.com fonts.googleapis.com http: https:; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.monsido.com monsido.com *.twitter.com *.ads-twitter.com *.facebook.net *.cookieeyes.com *.amcharts.com *.googleapis.com *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.radial.com t.co *.linkedin.com *.pardot.com pardot.com *.adsymptotic.com *.facebook.com *.licdn.com fonts.googleapis.com http: https:; img-src 'self'  'unsafe-inline' 'unsafe-eval' youtube.com vimeo.com *.youtube.com *.vimeo.com data: *.monsido.com monsido.com *.twitter.com *.ads-twitter.com *.facebook.net *.cookieeyes.com *.amcharts.com *.googleapis.com *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.radial.com t.co *.linkedin.com *.pardot.com pardot.com *.adsymptotic.com *.facebook.com *.licdn.com fonts.googleapis.com http: https:; font-src 'self' 'unsafe-inline' *.monsido.com monsido.com *.twitter.com *.ads-twitter.com *.facebook.net *.cookieeyes.com *.amcharts.com *.googleapis.com *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.radial.com t.co *.linkedin.com *.pardot.com pardot.com *.adsymptotic.com *.facebook.com *.licdn.com fonts.googleapis.com http: https: data:; media-src 'self' 'unsafe-inline' youtube.com vimeo.com *.youtube.com *.vimeo.com data: *.monsido.com monsido.com *.twitter.com *.ads-twitter.com *.facebook.net *.cookieeyes.com *.amcharts.com *.googleapis.com *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.radial.com t.co *.linkedin.com *.pardot.com pardot.com *.adsymptotic.com *.facebook.com *.licdn.com fonts.googleapis.com http: https:; object-src 'none'; base-uri 'none'; frame-src 'self' 'unsafe-inline' youtube.com vimeo.com *.youtube.com *.vimeo.com data: *.monsido.com monsido.com *.twitter.com *.ads-twitter.com *.facebook.net *.cookieeyes.com *.amcharts.com *.googleapis.com *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.radial.com t.co *.linkedin.com *.pardot.com pardot.com *.adsymptotic.com *.facebook.com *.licdn.com fonts.googleapis.com http: https:; form-action 'self' 'unsafe-inline' https:; frame-ancestors 'self' *.monsido.com monsido.com *.twitter.com *.ads-twitter.com *.facebook.net *.cookieeyes.com *.amcharts.com *.googleapis.com *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.radial.com t.co *.linkedin.com *.pardot.com pardot.com *.adsymptotic.com *.facebook.com *.licdn.com fonts.googleapis.com http: https:; 1
default-src 'self'; img-src 'self' https://syndication.twitter.com https://secure.gravatar.com https://cdn.cookielaw.org https://www.google-analytics.com https://www.googletagmanager.com data:; script-src 'self' 'unsafe-inline' https://www.omnicomgroup.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js https://www.omnicomgroup.com https://platform.twitter.com https://www.google-analytics.com https://static.addtoany.com https://code.jquery.com https://cdn.cookielaw.org https://www.googletagmanager.com https://omnicom-privacy-cdn.my.onetrust.com; connect-src 'self' https://investor.omnicomgroup.com https://omnicom.q4web.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.google-analytics.com https://omnicom-privacy-cdn.my.onetrust.com https://omnicom-privacy.my.onetrust.com; style-src 'self' 'unsafe-inline' https://omnicom-privacy-cdn.my.onetrust.com; frame-src 'self' https://static.addtoany.com https://platform.twitter.com https://syndication.twitter.com https://player.vimeo.com youtube.com www.youtube.com; font-src 'self' https://omnicom-privacy-cdn.my.onetrust.com data:; worker-src 'self' https://www.omnicomgroup.com blob:; 1
frame-ancestors 'self' https://*.pt-x.com http://localhost:9999 https://*.emandates.co.uk 1
default-src 'self' 'unsafe-inline' td.doubleclick.net *.ncell.com.np *.ncell.axiata.com ; style-src 'self' *.ncell.com.np *.ncell.axiata.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com 'unsafe-eval' 'unsafe-inline'; img-src data: 'self'  *.openstreetmap.org www.google.com www.google.com.np *.ncell.com.np www.google-analytics.com googleads.g.doubleclick.net *.ncell.axiata.com www.facebook.com maps.gstatic.com maps.googleapis.com; connect-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com cdn.polyfill.io www.google-analytics.com www.googleadservices.com www.googletagmanager.com connect.facebook.net *.ncell.axiata.com *.ncell.com.np www.google.com; form-action 'self' *.ncell.axiata.com *.ncell.com.np ; frame-ancestors 'self' *.ncell.axiata.com *.ncell.com.np ; font-src 'self' cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fonts.gstatic.com  1
frame-ancestors 'self' http://www.philips.ru *.philips.com *.philips.ru https://philipsigtdpv.com 1
default-src 'self' bucket.carmodel.com www.google.com www.gstatic.com widgets.trustedshops.com *.media-amazon.com *.amazon.com *.payments-amazon.com js.stripe.com *.iubenda.com *.google-analytics.com *.googletagmanager.com api.trustedshops.com shops-si.trustedshops.com api.trustbadge.etrusted.com trustbadge.api.etrusted.com logging.trustbadge.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com *.payments-amazon.com widgets.trustedshops.com cdnjs.cloudflare.com *.googleapis.com polyfill.io js.stripe.com *.iubenda.com *.googletagmanager.com *.jquery.com; style-src 'self' 'unsafe-inline' *.iubenda.com cdnjs.cloudflare.com; 1
frame-src *; default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' e.foxglove.dev boards.greenhouse.io static.hsappstatic.net client.crisp.chat snap.licdn.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' client.crisp.chat; img-src 'self' data: assets.foxglove.dev i.ytimg.com px.ads.linkedin.com image.crisp.chat; font-src 'self' client.crisp.chat; connect-src 'self' e.foxglove.dev api.hsforms.com boards-api.greenhouse.io *.ingest.sentry.io https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat px.ads.linkedin.com; media-src 'self' assets.foxglove.dev; frame-src 'self' www.youtube.com boards.greenhouse.io www.linkedin.com meetings.hubspot.com; worker-src 'self' blob:; 1
font-src 'self' https://webfonts.14v.de; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests; object-src 'none'; worker-src 'self'; media-src 'self'; connect-src 'self' https://piwik.14v.de; manifest-src 'self'; prefetch-src 'none'; img-src 'self' data: *.w3.org; frame-src 'self'; child-src 'self'; style-src 'self' 'unsafe-inline'; block-all-mixed-content; script-src 'self' https://piwik.14v.de 'unsafe-inline'; report-uri /impressum/; 1
frame-ancestors 'self' https://*.hs-offenburg.de localhost 127.0.0.1 141.79.10.40 1
frame-src 'self' blob: https://mc.yandex.ru https://api.ucalc.pro https://www.youtube.com https://sitewalker.croc.ru https://forms.tildaapi.com https://stat.tildacdn.com/ https://*.google.com/ script-src 'self' https://www.facebook.com/ https://connect.facebook.net 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.upshot.ai *.google.com www.facebook.com google.com www.google.co.in www.google-analytics.com syndication.twitter.com events.goupshot.com fonts.gstatic.com *.doubleclick.net; script-src data: 'unsafe-inline' 'unsafe-eval' *.upshot.ai cdn.popt.in www.googletagmanager.com *.googleapis.com www.google-analytics.com *.google.com tracker.metricool.com cdnjs.cloudflare.com cdn.goupshot.com snap.licdn.com googleads.g.doubleclick.net *.linkedin.com *.gstatic.com www.youtube.com platform.twitter.com connect.facebook.net; style-src data: 'unsafe-inline' *.upshot.ai fonts.googleapis.com snap.licdn.com www.gstatic.com www.youtube.com; img-src data: *.upshot.ai lh3.googleusercontent.com work.fife.usercontent.google.com images.surferseo.art media.goupshot.com keepthescore.com cdn.upshot.ai lh5.googleusercontent.com lh4.googleusercontent.com lh6.googleusercontent.com *.googleusercontent.com www.googletagmanager.com google.com syndication.twitter.com px4.ads.linkedin.com lh7-us.googleusercontent.com www.google-analytics.com www.google.com www.google.co.in px.ads.linkedin.com maps.googleapis.com tracker.metricool.com *.amazonaws.com s3.amazonaws.com ssl.gstatic.com *.gstatic.com www.youtube.com static.xx.fbcdn.net; font-src data: *.upshot.ai fonts.gstatic.com fonts.googleapis.com; connect-src *.upshot.ai *.google.com google.com www.google-analytics.com display.popt.in api.goupshot.com stats.g.doubleclick.net px.ads.linkedin.com *.linkedin.com maps.gstatic.com static.xx.fbcdn.net; media-src *.upshot.ai www.google.co.in maps.googleapis.com www.google.com tracker.metricool.com *.amazonaws.com *.gstatic.com; frame-src *.upshot.ai www.google.com www.linkedin.com accounts.google.com platform.twitter.com www.youtube.com www.facebook.com td.doubleclick.net; 1
default-src 'self'; frame-src http: https: *.google.com;img-src 'self' data: http: https: *.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: *.googletagmanager.com; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com;connect-src 'self' data: http: https: *.google-analytics.com; 1
default-src 'none'; script-src 'self' 'unsafe-inline' *.fontawesome.com *.jquery.com *.twitter.com cdn.syndication.twimg.com *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.jsdelivr.net *.cqg.com *.amazonaws.com *.zdassets.com *.zopim.com *.ckeditor.com *.wistia.com api.smooch.io *.googletagmanager.com *.recaptcha.net wasm-eval; object-src 'self'; style-src 'self' 'unsafe-inline' *.twitter.com *.jsdelivr.net *.mailchimp.com *.twimg.com *.googleapis.com *.ckeditor.com *.gstatic.com *.zendesk.com *.googletagmanager.com; img-src 'self' *.google.com *.google-analytics.com *.googletagmanager.com *.twitter.com *.twimg.com data: *.zopim.io *.gstatic.com *.googleapis.com *.ckeditor.com *.wistia.com embedwistia-a.akamaihd.net api.smooch.io *.zendesk.com; media-src 'self' *.zdassets.com blob: data; frame-src 'self' *.twitter.com *.youtube.com *.google.com *.cqg.com *.recaptcha.net *.googletagmanager.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' embedwistia-a.akamaihd.net *.github.com *.gstatic.com data:; connect-src wss: 'self' www.google.co.in region1.analytics.google.com *.google.com *.google-analytics.com stats.g.doubleclick.net *.cqg.com *.zdassets.com *.zendesk.com widget-mediator.zopim.com  *.wistia.com *.litix.io embedwistia-a.akamaihd.net api.smooch.io; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.klaxoon.com https://teams.microsoft.com https://*.teams.microsoft.com https://*.skype.com https://meet.google.com 1
frame-ancestors 'none'; always; 1
frame-ancestors 'self' https://www.nexterainfrastructuresolutions.com https://www.eastwesttietransmission.com https://www.palms-insurance.com https://www.gridliancewest.com https://www.floridacitygas.com https://www.horizonwesttransmission.com https://www.drivegreenlane.com https://www.nexteraenergytransmission.com https://www.nexteraenergy.com https://www.nexteraenergyresources.com https://www.nexteraenergycanada.com https://www.nexteraanalytics.com https://www.nexterawater.com https://www.distributedwater.com https://www.neetny.com https://www.empirestateline.com https://www.lonestartransmission.com https://www.transbaycable.com https://www.gridliance.com https://www.floridarenewablepartners.com https://www.palms-insurance.com https://www.nexteraenergyservices.com https://www.energycurriculum.com https://www.poweringflorida.com https://www.NexteraMitigationBanks.com https://www.35mules.com; 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src * https://lla-cms-prod.directus.app; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' https://cwc.kcenter.usu.com; frame-src * https://nebula-cdn.kampyle.com https://libertyglobal.kampyle.com https://optimize.google.com  https://www.youtube.com https://www.google.com https://www.facebook.com https://www.google-analytics.com https://www.googleanalytics.com https://openspeedtest.com https://www2.discoverflow.co https://www.discoverflow.co https://discoverflow.co https://analytics.discoverflow.co; form-action *; worker-src * blob:; 1
frame-ancestors 'self' https://adaptecca.es https://www.mapama.gob.es https://www.mapa.gob.es *.adobecqms.net https://www.miteco.gob.es 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdnjs.cloudflare.com/ https://www.youtube.com/ https://cdn.jsdelivr.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://app-script.monsido.com/ https://cdn-apac.onetrust.com/ https://u.heatmap.it/ https://cdn.yellowmessenger.com/ https://www.google.com/ https://www.gstatic.com/ https://static.elfsight.com/platform/platform.js https://www.petronas.com/608242b4-6b3e-4aff-8979-014519414d0c https://app-script.monsido.com/ https://static.elfsight.com/ https://api.swiftype.com/ https://geotargetly-api-1.com/ https://g10498469755.co/ https://code.jquery.com/ ; object-src 'none'; upgrade-insecure-requests 1
frame-ancestors *.customs.gov.az 1
default-src 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://*.tableau.com https://forms.hscollectedforms.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com https://s0.wp.com data:; frame-src 'self' https://*.cookieyes.com https://www.google.com https://*.youtube.com https://dub01.online.tableau.com https://*.tableau.com https://forms.hsforms.com https://widgets.wp.com; img-src 'self' https://*.oversightboard.com *.oversightboard.com https://oversightboard.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://pixel.wp.com https://cdn-cookieyes.com https://*.cookieyes.com https://*.tableau.com https://track.hubspot.com https://secure.gravatar.com https://*.hsforms.com blob: data:; object-src; script-src 'self' https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://*.google-analytics.com https://stats.wp.com https://js.hs-analytics.net https://js-na1.hs-scripts.com https://js.hscollectedforms.net https://js.hsforms.net https://js.hs-banner.com https://*.tableau.com https://dub01.online.tableau.com https://s0.wp.com 'unsafe-inline'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://s0.wp.com 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://maps.googleapis.com https://*.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://walls.io https://*.walls.io https://api.swiftype.com https://*.google.com https://*.youtube.com https://*.onetrust.com https://static.cloudflareinsights.com https://*.lkw-walter.com https://www.gstatic.com https://*.bing.com https://*.hotjar.com https://*.smartsuppchat.com https://*.smartsuppcdn.com https://unpkg.com https://*.cloudflare.com ; style-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.smartsuppcdn.com ; frame-src 'self' https://*.youtube.com https://*.google.com https://walls.io https://*.walls.io https://*.youtube-nocookie.com https://*.cloudflare.com ; font-src 'self' data: https://*.hotjar.com ; form-action 'self'  ; connect-src 'self' https://cdn.cookielaw.org https://maps.googleapis.com https://*.onetrust.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.lkw-walter.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.bing.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.smartsuppchat.com https://*.smartsuppcdn.com wss://*.smartsupp.com https://ipmeta.io https://*.cloudflare.com ; img-src 'self' https: data: https://*.hotjar.com ; object-src 'none'; upgrade-insecure-requests 1
object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; base-uri 'self' 'unsafe-inline'; frame-ancestors douglas.bg *.meetanshi.com *.facebook.com https://www.facebook.com 'self'; child-src vars.hotjar.com/ gum.criteo.com/ web.facebook.com/ http: https: blob: 'self' 'unsafe-inline'; default-src s-eu-1.pushpushgo.com/ www.googletagmanager.com/ chimpstatic.com/ static.criteo.net/ connect.facebook.net/ 'self' 'unsafe-inline' 'unsafe-eval'; worker-src s-eu-1.pushpushgo.com fonts.gstatic.com static-a.pushpushgo.com tools.ietf.org/ tools.ietf.org/html/ tools.ietf.org/html/rfc3492 tools.ietf.org/html/rfc3986 api.pushpushgo.com cdn.pushpushgo.com douglas.bg adm1n.douglas.bg; form-action ipg.icard.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.net https://plumrocket.com tttd.douglas.bg 'self' 'unsafe-inline'; frame-src www.youtube.com/ www.google.com/ vars.hotjar.com youtube.com gum.criteo.com ws16.hotjar.com static-a.pushpushgo.com tools.ietf.org/ tools.ietf.org/html/ tools.ietf.org/html/rfc3492 tools.ietf.org/html/rfc3986 api.pushpushgo.com cdn.pushpushgo.com game-clarins.com www.game-clarins.com/ game-clarins.com/ smilemakerscollection.com/ smilemakers.typeform.com/ widget-v4.boxnow.bg/ test-iframe.mokka.bg/ iframe.mokka.bg/ https://test-iframe.mokka.bg/ https://test-iframe.mokka.bg test-iframe.mokka.bg mokka.bg/ lockerplugin.sameday.ro/ lockerplugin.sameday.ro td.doubleclick.net https://www.googletagmanager.com/ns.html https://bid.g.doubleclick.net fledge.eu.criteo.com/ www.awin1.com fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ *.meetanshi.com *.facebook.net *.facebook.com https://plumrocket.com *.weltpixel.com 'self' 'unsafe-inline'; script-src connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com ajax.cloudflare.com/cdn-cgi/scripts/ chimpstatic.com/mcjs-connected/js/users/8cac95b959a479510dfb49d21/b03d81b3e426b908f06470560.js www.google.com/recaptcha/ www.googletagmanager.com s-eu-1.pushpushgo.com/ s-eu-1.pushpushgo.com/js/60b489888ad745ed8b51a212.js www.gstatic.com/ static.hotjar.com/ script.hotjar.com ipg.icard.com douglas.bg static.criteo.net sslwidget.criteo.com gum.criteo.com dynamic.criteo.com static-a.pushpushgo.com tools.ietf.org/ tools.ietf.org/html/ tools.ietf.org/html/rfc3492 tools.ietf.org/html/rfc3986 api.pushpushgo.com/ cdn.pushpushgo.com/ assets.arukereso.com/aku.min.js pushpushgo.com/ widget-cdn.boxnow.bg/map-widget/client/v4.js widget-cdn.boxnow.bg/ cdn.sameday.ro/locker-plugin/lockerpluginsdk.js www.youtube.com *.google.com https://*.ggpht.com *.googleusercontent.com https://*.googleapis.com https://static.hotjar.com https://script.hotjar.com https://googleads.g.doubleclick.net https://www.google.com/ads/user-list https://www.google.XYX/ads/user-list https://bid.g.doubleclick.net https://www.googleadservices.com https://tagmanager.google.com/ https://www.dwin1.com https://www.dwin.com https://www.awin.com https://www.awin1.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.googleapis.com *.gstatic.com *.avada.io *.google.com/ *.meetanshi.com *.facebook.net *.facebook.com *.tiqcdn.com *.tealiumiq.com tttd.douglas.bg app.usercentrics.eu *.usercentrics.eu https://www.googletagmanager.com tagmanager.google.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src maxcdn.bootstrapcdn.com fonts.googleapis.com cdn.sameday.ro/locker-plugin/lockerpluginsdk.css https://static.hotjar.com https://script.hotjar.com *.adobe.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com https://fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com https://script.hotjar.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; img-src data: www.google.bg/pagead/ www.google.com/pagead/ www.facebook.com/tr/ www.facebook.com/privacy_sandbox/ maps.googleapis.com www.google.bg/ads/ga-audiences www.google.com/ads/ga-audiences www.magecomp.com meetanshi.com amasty.com douglas.bg adm1n.douglas.bg script.hotjar.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com simage2.pubmatic.com/ ad.sxp.smartclip.net/ criteo-partners.tremorhub.com/ a.twiago.com/ sp.analytics.yahoo.com/ ads.yahoo.com/ ib.adnxs.com/ secure.adnxs.com/ x.bidswitch.net/ cm.g.doubleclick.net/ visitor.omnitagjs.com/ r.casalemedia.com/ widgets.magentocommerce.com ad.360yield.com/ gum.criteo.com/ dis.criteo.com/ adm1n.douglas.bg/ contextual.media.net/ exchange.mediavine.com/ idsync.rlcdn.com magezon.com magecomp.com sync.outbrain.com/ pixel.rubiconproject.com/ s.ad.smaato.net/ match.sharethrough.com/ rtb-csync.smartadserver.com/ sync-t1.taboola.com/ criteo-sync.teads.tv ups.analytics.yahoo.com/ ad.yieldlab.net sync-criteo.ads.yieldmo.com beacon.krxd.net/ eb2.3lift.com/ bemedio.com/ pazaruvaj.com/ www.pazaruvaj.com/ ad.doubleclick.net https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com *.ftcdn.net *.behance.net i.ytimg.com validator.swagger.io https://www.magezon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.meetanshi.com *.tealiumiq.com tttd.douglas.bg tccd.douglas.bg *.usercentrics.eu *.gstatic.com data: 'self' 'unsafe-inline'; connect-src www.google-analytics.com stats.g.doubleclick.net analytics.google.com in.hotjar.com in.hotjar.com/ ws16.hotjar.com ipg.icard.com region1.analytics.google.com hotjar.com s-eu-1.pushpushgo.com fonts.gstatic.com static-a.pushpushgo.com tools.ietf.org/ tools.ietf.org/html/ tools.ietf.org/html/rfc3492 tools.ietf.org/html/rfc3986 api.pushpushgo.com cdn.pushpushgo.com douglas.bg socialplugin.facebook.net ingest.sentry.io ws28.hotjar.com/ ws28.hotjar.com/api/v2/sites/1344309/recordings/content wss://ws28.hotjar.com/api/v2/client/ws assets.arukereso.com pazaruvaj.com arukereso.hu maps.googleapis.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://googleads.g.doubleclick.net https://measurement-api.criteo.com www.facebook.com/plugins/ web.facebook.com/plugins/ https://www.dwin1.com https://www.dwin.com https://www.awin.com https://www.awin1.com awin1.com https://www.youtube.com/ vc.hotjar.io dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.ingest.sentry.io http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.meetanshi.com *.tealiumiq.com tttd.douglas.bg tccd.douglas.bg api.usercentrics.eu graphql.usercentrics.eu *.usercentrics.eu https://www.google-analytics.com 'self' 'unsafe-inline'; 1
default-src 'none'; base-uri 'none'; connect-src 'self' https://cdn.hoyailog.com http://*:8787 http://*:8787/hoyabus20 http://*:8787/iloglist wss://*:*/TracerService https://*:80/api/logClientError; font-src 'self' https://cdn.hoyailog.com data:; form-action 'self' https://hoyailog.com; frame-src 'self'; frame-ancestors 'self'; img-src 'self' https://hoyanet.net https://cdn.hoyailog.com data:; manifest-src 'self' https://cdn.hoyailog.com; object-src 'self'; report-uri https://hoyailog.com/api/reportCspViolation; script-src 'report-sample' 'self' https://cdn.hoyailog.com 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' https://cdn.hoyailog.com 'unsafe-inline'; 1
frame-ancestors 'self' ia.ca *.ia.ca *.inalco.com *.ia.iafg.net *.iteslive.tv iplayerbridge://* 1
default-src 'none'; script-src 'self' https://analytics.monetra.com https://www.google.com https://www.gstatic.com; connect-src https://9872520550193828.hostedstatus.com/1.0/status/6148993c877ce705383f1463 'self'; img-src 'self' https://analytics.monetra.com data:; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'self'; frame-src https://www.google.com 1
default-src 'none' ; base-uri 'self' ; child-src *.cloudflarestream.com insights.hinshawlaw.com platform.twitter.com player.vimeo.com view.ceros.com www.google.com www.iheart.com www.youtube.com ; connect-src 'self' *.cloudflarestream.com *.parmonic.ai *.parmonic.com https://amplilyimagecap.azureedge.net https://awapi.blob.core.windows.net https://go.parmonic.com https://subtitles.blob.core.windows.net https://videodelivery.net parmonic.com stats.g.doubleclick.net www.google-analytics.com ; font-src 'self' data: fonts.gstatic.com www.hinshawlaw.com ; form-action 'self' ; frame-ancestors https://hinshaw.pathfactory.com *.cloudflarestream.com ; img-src blob: data: * *.parmonic.ai https://parmonic.com https://amplilyimagecap.azureedge.net ; media-src blob: *.cloudflarestream.com *.parmonic.ai https://amplilyimagecap.azureedge.net https://parmonic.com https://subtitles.blob.core.windows.net https://videodelivery.net ; object-src 'self' www.hinshawlaw.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudflarestream.com *.parmonic.ai *.parmonic.com hosting.simplemaps.com https://awjs.blob.core.windows.net https://view.ceros.com/ www.google-analytics.com www.googletagmanager.com www.hinshawlaw.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com ; 1
report-to csp-endpoint; report-uri https://mon.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&revision=3596f720-5608-459f-b89b-19f3caa901de&scene=1; upgrade-insecure-requests  1
frame-src 'self' www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ www.googletagmanager.com *.doubleclick.net vars.hotjar.com www.youtube.com www.booking.com air-miles.leadfamly.com app.talkjs.com *.visualwebsiteoptimizer.com app.vwo.com air-miles.campaign.playable.com; style-src 'self' 'unsafe-inline' https://loyaltygateway.com/rewards/ fonts.googleapis.com cdn.talkjs.com *.visualwebsiteoptimizer.com app.vwo.com air-miles.campaign.playable.com s3.amazonaws.com www.gstatic.com; font-src 'self' https://loyaltygateway.com/rewards/ script.hotjar.com fonts.gstatic.com air-miles.campaign.playable.com; img-src 'self' *.airmiles.nl *.airmilesshop.nl *.jibecompany.com media.umbraco.io www.googletagmanager.com www.google-analytics.com www.google.com www.google.nl *.googlesyndication.com *.doubleclick.net s3-eu-west-1.amazonaws.com cdn.talkjs.com script.hotjar.com www.facebook.com cook.shortest-route.com *.visualwebsiteoptimizer.com app.vwo.com files.cdn.leadfamly.com chart.googleapis.com wingify-assets.s3.amazonaws.com *.gstatic.com translate.googleapis.com translate.google.com data:; connect-src 'self' *.airmiles.nl *.umbraco.io *.blob.core.windows.net *.google-analytics.com *.g.doubleclick.net www.google.com adservice.google.com *.googlesyndication.com translate-pa.googleapis.com translate.googleapis.com app.talkjs.com wss://app.talkjs.com wss://api.talkjs.com capture.trackjs.com *.visualwebsiteoptimizer.com app.vwo.com air-miles.campaign.playable.com *.api.leadfamly.com *.ingest.sentry.io *.hotjar.com *.hotjar.io wss://*.hotjar.com *.applicationinsights.azure.com https://loyaltygateway.com/rewards/ https://api.airmiles.nl; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' 'sha256-vhJfKuHOm03RDa2OlUlpAe0ja1Qh+wpUuxHN9/pOeqU=' 'sha256-pfdTiE2ndaigZaUZmx7hF5zcumb9LW2Bzn/a7/jEg7Q=' *.airmiles.nl www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com translate.google.com *.g.doubleclick.net *.adform.net *.visualwebsiteoptimizer.com app.vwo.com air-miles.campaign.playable.com *.hotjar.com connect.facebook.net https://loyaltygateway.com/rewards/ 'nonce-090e0558-701e-0074-04fa-de66d3000000'; frame-ancestors 'self' www.shell.nl; worker-src blob: 1
frame-ancestors 'self' eternalhost.net *.eternalhost.net 1
default-src 'self';        connect-src 'self' https://translate.googleapis.com/ https://pagead2.googlesyndication.com/ https://www.google-analytics.com/ https://app.powerbi.com https://yoast.com;        script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s0.wp.com/ http://stats.wp.com/ http://widgets.wp.com/ https://translate.google.com/ https://translate.googleapis.com/ https://translate-pa.googleapis.com/ https://partner.googleadservices.com/ https://tpc.googlesyndication.com/ https://secure.gravatar.com/ https://pagead2.googlesyndication.com/ https://connect.facebook.net/ http://www.googletagmanager.com/ https://findahelpline.com/ https://www.gstatic.com/;        frame-src 'self'  https://www.youtube.com/ https://www.google.com/ https://tpc.googlesyndication.com/ https://googleads.g.doubleclick.net/ https://app.powerbi.com;        style-src 'self' 'unsafe-inline' https://s0.wp.com/ https://widgets.wp.com/ https://www.gstatic.com/ http://*.gravatar.com/ https://fonts.googleapis.com/ ;        font-src 'self' data: https://s0.wp.com/ https://s1.wp.com/ https://fonts.gstatic.com/ ;        img-src 'self' data: https://i0.wp.com/ http://pixel.wp.com/ http://en.wordpress.com/ https://fonts.gstatic.com/ https://www.gstatic.com/ http://suicidology.org/ https://www.googletagmanager.com/ https://www.facebook.com/ https://pagead2.googlesyndication.com/ http://*.gravatar.com/ ;        worker-src 'self' blob:; 1
connect-src 'self' wss://ws.hotjar.com wss://nexus-websocket-a.intercom.io 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://*.cloudflare.com https://px.ads.linkedin.com https://*.ads.linkedin.com https://*.googletagmanager.com https://*.google.com https://*.facebook.net https://www.google-analytics.com https://www.googleoptimize.com https://*.clickagy.com https://use.fontawesome.com https://fonts.googleapis.com https://*.hubspot.com https://*.hsforms.net https://*.licdn.com https://www.googleadservices.com https://*.clearbitjs.com https://*.zoominfo.com https://*.g2crowd.com https://*.hsforms.com https://*.chilipiper.com https://*.amazonaws.com https://content.hotjar.io https://api.cr-relay.com https://*.hotjar.io https://*.facebook.com https://*.doubleclick.net https://*.hs-analytics.net https://*.hs-scripts.com https://googleads.g.doubleclick.net https://js.hs-analytics.net https://*.hsleadflows.net https://*.hsadspixel.net/ https://*.hs-banner.com https://*.hubapi.com https://boards.greenhouse.io https://player.vimeo.com https://*.vimeo.com https://*.lfeeder.com https://*.youtube.com https://cdn.linkedin.oribi.io https://pro.ip-api.com https://*.ip-api.com https://aplo-evnt.com https://*.apollo.io https://*.factors.ai https://*.clearbit.com https://*.clearbitscripts.com https://*.clarity.ms https://airtable.com https://js.hscta.net https://*.nexus-websocket-a.intercom.io https://*.6sense.com https://*.intercomcdn.com https://*.6sc.co https://*.intercom.io https://no-cache.hubspot.com https://epsilon.6sense.com https://*.hubspot.com https://*.hs-sites.com https://*.greenhouse.io https://*.dreamdata.cloud data:;img-src * 'self' data: https: 1
default-src 'self'; media-src 'self' tagmanager.google.com *.skydio.com stream.mux.com *.mux.com *.omappapi.com blob:; object-src 'none'; style-src 'self' 'unsafe-inline' *.mutinycdn.com tagmanager.google.com www.googletagmanager.com fonts.googleapis.com *.cloudfront.net *.skydio.com *.omappapi.com; form-action 'self' *.skydio.com *.facebook.com; font-src 'self' *.cloudflare.com fonts.gstatic.com *.cloudfront.net data:; img-src 'self' *.mutinycdn.com *.mutinyhq.io *.cloudfront.net analytics.twitter.com t.co *.omappapi.com *.skydio.com *.mux.com *.google.com www.google.co.uk *.clarity.ms cdn.sanity.io *.linkedin.com p.adsymptotic.com *.google-analytics.com www.googletagmanager.com *.reddit.com *.doubleclick.net *.bing.com *.facebook.com *.bizible.com *.cookielaw.org *.bizibly.com okt.to data:; connect-src 'self' *.mutinyhq.com *.mutinyhq.io *.mutinycdn.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 *.skydio.com *.zi-scripts.com *.mktoutil.com track-v3.funnelytics.io *.linkedin.com ingesteer.services-prod.nsvcs.net *.litix.io *.omappapi.com https://analytics.google.com *.google.com *.mux.com production--skydio.netlify.app *.fbot.me *.clarity.ms cdn.cookielaw.org *.mktoresp.com www.google-analytics.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.cloud.es.io *.onetrust.com *.zoominfo.com *.cookielaw.org *.bizibly.com *.bizible.com *.oribi.io *.bing.com conversions-config.reddit.com www.redditstatic.com; child-src 'self' www.google.com boards.greenhouse.io *.youtube.com *.facebook.com *.skydio.com https://sketchfab.com *.kuula.co kuula.co blob:; base-uri 'self'; script-src 'nonce-EKcmVZtzz7K1CaNSK8tCuxJiweg91Bgt' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'self' https: http:; report-uri /.netlify/functions/__csp-violations 1
default-src https: data: wss: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' *.yextevents.com *.contentsquare.net *.sitescdn.com *.sitescdn.net *.keyxel.com *.tiktok.com *.trackads.eu *.teads.tv *.adnxs.com *.arkeero.net *.google-analytics.com *.adgoaffiliation-int.com *.adgoaffiliation.com *.entregarapida.es *.hotjar.com *cookielaw.org *.googlesyndication.com gaes.es www.gaes.es https://fonts.googleapis.com;     script-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' *.contentsquare.net *.sitescdn.com *.keyxel.com *.sitescdn.net *.yextevents.com *.tiktok.com *.trackads.eu *.teads.tv *.adnxs.com *.arkeero.net *.outbrain.com *.google-analytics.com *.adgoaffiliation-int.com *.adgoaffiliation.com *.entregarapida.es *.hotjar.com *.cookielaw.org *.googlesyndication.com *.youtube-nocookie.com *.youtube.com *.omtrdc.net gaes.es www.gaes.es https://*.iadvize.com wss://*.iadvize.com https://fonts.googleapis.com fonts.googleapis.com assets.adobedtm.com fonts.gstatic.com dpm.demdex.net www.googletagmanager.com www.google-analytics.com halc.iadvize.com maps.googleapis.com www.everestjs.net amplifon.demdex.net cm.everesttech.net amplifongroup.tt.omtrdc.net lasteventf-tm.everesttech.net connect.facebook.net 8076233.fls.doubleclick.net stats.g.doubleclick.net aa.agkn.com idsync.rlcdn.com dp2.33across.com cm.g.doubleclick.net ps.eyeota.net fei.pro-market.net smetrics.gaes.es www.google.com www.google.it ads.scorecardresearch.com aorta.clickagy.com adservice.google.com www.facebook.com sync.crwdcntrl.net api.iadvize.com sync-tm.everesttech.net i.ibb.co pixel.rubiconproject.com p1.zemanta.com px.sunmedia.tv cdn.taboola.com secure.quantserve.com s.yimg.com dsum-sec.casalemedia.com ib.adnxs.com us-u.openx.net image2.pubmatic.com sync.search.spotxchange.com data.audiens.com pixel.onaudience.com spl.zeotap.com rules.quantcount.com secure.adnxs.com amplify.outbrain.com www.googleadservices.com ad.doubleclick.net tr.outbrain.com googleads.g.doubleclick.net pixel.quantserve.com trc.taboola.com sp.analytics.yahoo.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com maps.gstatic.com emea.api.amplifoninternal.com mobileb2c.amplifon.com trc-events.taboola.com www.gstatic.com ajax.googleapis.com consent.cookiebot.com bat.bing.com consentcdn.cookiebot.com 8805222.fls.doubleclick.net *.fontawesome.com;     style-src-elem 'self' 'unsafe-inline' 'unsafe-hashes' *.contentsquare.net *.youtube-nocookie.com *.youtube.com gaes.es www.gaes.es https://*.iadvize.com wss://*.iadvize.com https://fonts.googleapis.com fonts.googleapis.com assets.adobedtm.com fonts.gstatic.com dpm.demdex.net www.googletagmanager.com www.google-analytics.com halc.iadvize.com maps.googleapis.com www.everestjs.net amplifon.demdex.net cm.everesttech.net amplifongroup.tt.omtrdc.net lasteventf-tm.everesttech.net connect.facebook.net 8076233.fls.doubleclick.net stats.g.doubleclick.net aa.agkn.com idsync.rlcdn.com dp2.33across.com cm.g.doubleclick.net ps.eyeota.net fei.pro-market.net smetrics.gaes.es www.google.com www.google.it ads.scorecardresearch.com aorta.clickagy.com adservice.google.com www.facebook.com sync.crwdcntrl.net api.iadvize.com sync-tm.everesttech.net i.ibb.co pixel.rubiconproject.com p1.zemanta.com px.sunmedia.tv cdn.taboola.com secure.quantserve.com s.yimg.com dsum-sec.casalemedia.com ib.adnxs.com us-u.openx.net image2.pubmatic.com sync.search.spotxchange.com data.audiens.com pixel.onaudience.com spl.zeotap.com rules.quantcount.com secure.adnxs.com amplify.outbrain.com www.googleadservices.com ad.doubleclick.net tr.outbrain.com googleads.g.doubleclick.net pixel.quantserve.com trc.taboola.com sp.analytics.yahoo.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com maps.gstatic.com emea.api.amplifoninternal.com mobileb2c.amplifon.com trc-events.taboola.com www.gstatic.com ajax.googleapis.com consent.cookiebot.com bat.bing.com consentcdn.cookiebot.com 8805222.fls.doubleclick.net;     style-src 'self' 'unsafe-inline' 'unsafe-hashes' gaes.es www.gaes.es https://*.iadvize.com wss://*.iadvize.com https://fonts.googleapis.com fonts.googleapis.com assets.adobedtm.com fonts.gstatic.com dpm.demdex.net www.googletagmanager.com www.google-analytics.com halc.iadvize.com maps.googleapis.com www.everestjs.net amplifon.demdex.net cm.everesttech.net amplifongroup.tt.omtrdc.net lasteventf-tm.everesttech.net connect.facebook.net 8076233.fls.doubleclick.net stats.g.doubleclick.net aa.agkn.com idsync.rlcdn.com dp2.33across.com cm.g.doubleclick.net ps.eyeota.net fei.pro-market.net smetrics.gaes.es www.google.com www.google.it ads.scorecardresearch.com aorta.clickagy.com adservice.google.com www.facebook.com sync.crwdcntrl.net api.iadvize.com sync-tm.everesttech.net i.ibb.co pixel.rubiconproject.com p1.zemanta.com px.sunmedia.tv cdn.taboola.com secure.quantserve.com s.yimg.com dsum-sec.casalemedia.com ib.adnxs.com us-u.openx.net image2.pubmatic.com sync.search.spotxchange.com data.audiens.com pixel.onaudience.com spl.zeotap.com rules.quantcount.com secure.adnxs.com amplify.outbrain.com www.googleadservices.com ad.doubleclick.net tr.outbrain.com googleads.g.doubleclick.net pixel.quantserve.com trc.taboola.com sp.analytics.yahoo.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com maps.gstatic.com emea.api.amplifoninternal.com mobileb2c.amplifon.com trc-events.taboola.com www.gstatic.com ajax.googleapis.com consent.cookiebot.com bat.bing.com consentcdn.cookiebot.com 8805222.fls.doubleclick.net;     img-src 'self' data: *.contentsquare.net *.yextevents.com *.sitescdn.com *.sitescdn.net *.keyxel.com *.tiktok.com *.trackads.eu *.teads.tv *.adnxs.com *.arkeero.net *.google-analytics.com *.adgoaffiliation-int.com *.adgoaffiliation.com *.entregarapida.es *.hotjar.com *.cookielaw.org *.googlesyndication.com lh3.googleusercontent.com *.youtube-nocookie.com *.youtube.com *.efike.co *.kleup.com *.trksis.com gaes.es www.gaes.es https://*.iadvize.com wss://*.iadvize.com https://fonts.googleapis.com fonts.googleapis.com assets.adobedtm.com fonts.gstatic.com dpm.demdex.net www.googletagmanager.com www.google-analytics.com halc.iadvize.com maps.googleapis.com www.everestjs.net amplifon.demdex.net cm.everesttech.net amplifongroup.tt.omtrdc.net lasteventf-tm.everesttech.net connect.facebook.net 8076233.fls.doubleclick.net stats.g.doubleclick.net aa.agkn.com idsync.rlcdn.com dp2.33across.com cm.g.doubleclick.net ps.eyeota.net fei.pro-market.net smetrics.gaes.es www.google.com www.google.it ads.scorecardresearch.com aorta.clickagy.com adservice.google.com www.facebook.com sync.crwdcntrl.net api.iadvize.com sync-tm.everesttech.net i.ibb.co pixel.rubiconproject.com p1.zemanta.com px.sunmedia.tv cdn.taboola.com secure.quantserve.com s.yimg.com dsum-sec.casalemedia.com ib.adnxs.com us-u.openx.net image2.pubmatic.com sync.search.spotxchange.com data.audiens.com pixel.onaudience.com spl.zeotap.com rules.quantcount.com secure.adnxs.com amplify.outbrain.com www.googleadservices.com ad.doubleclick.net tr.outbrain.com googleads.g.doubleclick.net pixel.quantserve.com trc.taboola.com sp.analytics.yahoo.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com maps.gstatic.com emea.api.amplifoninternal.com mobileb2c.amplifon.com trc-events.taboola.com www.gstatic.com ajax.googleapis.com consent.cookiebot.com bat.bing.com consentcdn.cookiebot.com 8805222.fls.doubleclick.net;     connect-src 'self' *.contentsquare.net *.yextevents.com *.sitescdn.com *.sitescdn.net *.keyxel.com *.tiktok.com *.trackads.eu *.teads.tv *.adnxs.com *.arkeero.net *.google-analytics.com *.hotjar.com *.google.com *.adgoaffiliation-int.com *.adgoaffiliation.com *.onetrust.com *.entregarapida.es *.hotjar.com *.cookielaw.org *.googlesyndication.com *.youtube-nocookie.com *.youtube.com *.adobedc.net *.demdex.net *.hotjar.io *.amplifoninternal.com gaes.es www.gaes.es https://*.iadvize.com wss://*.iadvize.com wss://*.twilio.com https://fonts.googleapis.com fonts.googleapis.com assets.adobedtm.com fonts.gstatic.com dpm.demdex.net www.googletagmanager.com www.google-analytics.com halc.iadvize.com maps.googleapis.com www.everestjs.net amplifon.demdex.net cm.everesttech.net amplifongroup.tt.omtrdc.net lasteventf-tm.everesttech.net connect.facebook.net 8076233.fls.doubleclick.net stats.g.doubleclick.net aa.agkn.com idsync.rlcdn.com dp2.33across.com cm.g.doubleclick.net ps.eyeota.net fei.pro-market.net smetrics.gaes.es www.google.com www.google.it ads.scorecardresearch.com aorta.clickagy.com adservice.google.com www.facebook.com sync.crwdcntrl.net api.iadvize.com sync-tm.everesttech.net i.ibb.co pixel.rubiconproject.com p1.zemanta.com px.sunmedia.tv cdn.taboola.com secure.quantserve.com s.yimg.com dsum-sec.casalemedia.com ib.adnxs.com us-u.openx.net image2.pubmatic.com sync.search.spotxchange.com data.audiens.com pixel.onaudience.com spl.zeotap.com rules.quantcount.com secure.adnxs.com amplify.outbrain.com www.googleadservices.com ad.doubleclick.net tr.outbrain.com googleads.g.doubleclick.net pixel.quantserve.com trc.taboola.com sp.analytics.yahoo.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com maps.gstatic.com emea.api.amplifoninternal.com mobileb2c.amplifon.com trc-events.taboola.com www.gstatic.com ajax.googleapis.com consent.cookiebot.com bat.bing.com consentcdn.cookiebot.com 8805222.fls.doubleclick.net *.fontawesome.com;     font-src 'self' data: *.youtube-nocookie.com *.alt120.com *.youtube.com gaes.es www.gaes.es https://*.iadvize.com wss://*.iadvize.com https://fonts.googleapis.com fonts.googleapis.com assets.adobedtm.com fonts.gstatic.com dpm.demdex.net www.googletagmanager.com www.google-analytics.com halc.iadvize.com maps.googleapis.com www.everestjs.net amplifon.demdex.net cm.everesttech.net amplifongroup.tt.omtrdc.net lasteventf-tm.everesttech.net connect.facebook.net 8076233.fls.doubleclick.net stats.g.doubleclick.net aa.agkn.com idsync.rlcdn.com dp2.33across.com cm.g.doubleclick.net ps.eyeota.net fei.pro-market.net smetrics.gaes.es www.google.com www.google.it ads.scorecardresearch.com aorta.clickagy.com adservice.google.com www.facebook.com sync.crwdcntrl.net api.iadvize.com sync-tm.everesttech.net i.ibb.co pixel.rubiconproject.com p1.zemanta.com px.sunmedia.tv cdn.taboola.com secure.quantserve.com s.yimg.com dsum-sec.casalemedia.com ib.adnxs.com us-u.openx.net image2.pubmatic.com sync.search.spotxchange.com data.audiens.com pixel.onaudience.com spl.zeotap.com rules.quantcount.com secure.adnxs.com amplify.outbrain.com www.googleadservices.com ad.doubleclick.net tr.outbrain.com googleads.g.doubleclick.net pixel.quantserve.com trc.taboola.com sp.analytics.yahoo.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com maps.gstatic.com emea.api.amplifoninternal.com mobileb2c.amplifon.com trc-events.taboola.com www.gstatic.com ajax.googleapis.com consent.cookiebot.com bat.bing.com consentcdn.cookiebot.com 8805222.fls.doubleclick.net;     frame-src 'self' *.contentsquare.net *.yextevents.com *.sitescdn.com *.sitescdn.net *.keyxel.com *.tiktok.com *.trackads.eu *.teads.tv *.adnxs.com *.arkeero.net *.google-analytics.com *.doubleclick.net *.adgoaffiliation-int.com *.adgoaffiliation.com *.entregarapida.es *.hotjar.com *.cookielaw.org *.googlesyndication.com *.youtube-nocookie.com youtube.com *.youtube.com gaes.es www.gaes.es https://*.iadvize.com wss://*.iadvize.com https://fonts.googleapis.com fonts.googleapis.com assets.adobedtm.com fonts.gstatic.com dpm.demdex.net www.googletagmanager.com www.google-analytics.com halc.iadvize.com maps.googleapis.com www.everestjs.net amplifon.demdex.net cm.everesttech.net amplifongroup.tt.omtrdc.net lasteventf-tm.everesttech.net connect.facebook.net 8076233.fls.doubleclick.net stats.g.doubleclick.net aa.agkn.com idsync.rlcdn.com dp2.33across.com cm.g.doubleclick.net ps.eyeota.net fei.pro-market.net smetrics.gaes.es www.google.com www.google.it ads.scorecardresearch.com aorta.clickagy.com adservice.google.com www.facebook.com sync.crwdcntrl.net api.iadvize.com sync-tm.everesttech.net i.ibb.co pixel.rubiconproject.com p1.zemanta.com px.sunmedia.tv cdn.taboola.com secure.quantserve.com s.yimg.com dsum-sec.casalemedia.com ib.adnxs.com us-u.openx.net image2.pubmatic.com sync.search.spotxchange.com data.audiens.com pixel.onaudience.com spl.zeotap.com rules.quantcount.com secure.adnxs.com amplify.outbrain.com www.googleadservices.com ad.doubleclick.net tr.outbrain.com googleads.g.doubleclick.net pixel.quantserve.com trc.taboola.com sp.analytics.yahoo.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com maps.gstatic.com emea.api.amplifoninternal.com mobileb2c.amplifon.com trc-events.taboola.com www.gstatic.com ajax.googleapis.com consent.cookiebot.com bat.bing.com consentcdn.cookiebot.com 8805222.fls.doubleclick.net;     worker-src 'self' *.googleapis.com *.youtube-nocookie.com *.youtube.com gaes.es www.gaes.es https://*.iadvize.com wss://*.iadvize.com https://fonts.googleapis.com fonts.googleapis.com assets.adobedtm.com fonts.gstatic.com dpm.demdex.net www.googletagmanager.com www.google-analytics.com halc.iadvize.com maps.googleapis.com www.everestjs.net amplifon.demdex.net cm.everesttech.net amplifongroup.tt.omtrdc.net lasteventf-tm.everesttech.net connect.facebook.net 8076233.fls.doubleclick.net stats.g.doubleclick.net aa.agkn.com idsync.rlcdn.com dp2.33across.com cm.g.doubleclick.net ps.eyeota.net fei.pro-market.net smetrics.gaes.es www.google.com www.google.it ads.scorecardresearch.com aorta.clickagy.com adservice.google.com www.facebook.com sync.crwdcntrl.net api.iadvize.com sync-tm.everesttech.net i.ibb.co pixel.rubiconproject.com p1.zemanta.com px.sunmedia.tv cdn.taboola.com secure.quantserve.com s.yimg.com dsum-sec.casalemedia.com ib.adnxs.com us-u.openx.net image2.pubmatic.com sync.search.spotxchange.com data.audiens.com pixel.onaudience.com spl.zeotap.com rules.quantcount.com secure.adnxs.com amplify.outbrain.com www.googleadservices.com ad.doubleclick.net tr.outbrain.com googleads.g.doubleclick.net pixel.quantserve.com trc.taboola.com sp.analytics.yahoo.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com maps.gstatic.com emea.api.amplifoninternal.com mobileb2c.amplifon.com trc-events.taboola.com www.gstatic.com ajax.googleapis.com consent.cookiebot.com bat.bing.com consentcdn.cookiebot.com 8805222.fls.doubleclick.net; 1
frame-ancestors 'self' https://manage.masstransitmag.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors 'self' *.doubleclick.net *.yape.tech *.yapetienda.com.pe *.yape.com.pe; form-action 'self' *.facebook.com *.qualtrics.com; default-src 'self' data: blob: *.dynatrace.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.teads.tv *.tiktok.com *.cookiebot.com *.smooch.io https://zendesk-eu.my.sentry.io *.khoros.com *.hotjar.com *.office.net https://www.google-analytics.com *.office.com *.botframework.com *.youtube.com *.google.com https://www.googletagmanager.com https://www.googleanalytics.com *.google.com https://connect.facebook.net https://www.google.com *.easysol.net *.googleapis.com *.dynatrace.com https://www.gstatic.com *.conoret.com https://conoret.com https://static.ada.support *.zdassets.com *.zendesk.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.smooch.io https://zendesk-eu.my.sentry.io *.tiktok.com *.facebook.net *.teads.tv *.ada.support *.zdassets.com *.zendesk.com *.doubleclick.net https://www.googletagmanager.com *.cookiebot.com https://www.google-analytics.com *.hotjar.com *.google.com https://www.googleadservices.com *.qualtrics.com https://unruffled-shannon-1a7413.netlify.app https://widget.ultimate.ai; img-src 'self' data: blob: *.teads.tv *.smooch.io https://zendesk-eu.my.sentry.io *.googleapis.com *.khoros.com *.doubleclick.net https://www.datocms-assets.com *.google.com *.googlesyndication.com https://www.google-analytics.com https://www.google.com *.google-analytics.com *.analytics.google.com *.facebook.com *.easysol.net https://www.gstatic.com *.googleapis.com *.gstatic.com *.doubleclick.net https://www.googletagmanager.com *.cookiebot.com *.googleadservices.com *.gstatic.com *.doubleclick.net https://www.googleadservices.com https://staceu2yapefrntd10.blob.core.windows.net https://staceu2yapefrntc10.blob.core.windows.net https://staceu2yapefrntp10.blob.core.windows.net http://www.googletagmanager.com https://www.google.com.pe *.yandex.net *.ytimg.com *.qualtrics.com *.zdassets.com *.zendesk.com https://www.gravatar.com; style-src 'self' 'unsafe-inline' *.khoros.com https://www.gstatic.com *.googleapis.com *.google.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.google.com https://www.googletagmanager.com/.*; font-src 'self' data: *.khoros.com *.azureedge.net *.gstatic.com; child-src *.office.com https://www.google.com *.googleapis.com; object-src 'self' blob https://noop.style; connect-src 'self' *.smooch.io https://zendesk-eu.my.sentry.io *.teads.tv *.tiktok.com *.cookiebot.com wss://*.zendesk.com wss://*.hotjar.com wss://api.smooch.io *.smooch.io https://zendesk-eu.my.sentry.io *.lcloud.com *.khoros.com *.hotjar.com *.hotjar.io *.google-analytics.com *.analytics.google.com https://www.facebook.com *.botframework.com https://www.youtube.com wss://directline.botframework.com https://www.google-analytics.com *.doubleclick.net *.botframework.com https://www.googletagmanager.com *.space https://*.ada.support *.zdassets.com *.zendesk.com https://www.google.com *.google.com *.qualtrics.com https://bcpr42sh.staticmon.com https://eu2.device-api.indigitall.com https://www.datocms-assets.com https://featuregates.org *.statsigapi.net; worker-src *.yape.com.pe www.yape.com.pe; frame-src 'self' https://www.facebook.com *.teads.tv *.cookiebot.com *.hotjar.com *.doubleclick.net https://bit.ly js2ios: * *.youtube.com *.office.com *.google.com http://google.com *.tiktok.com *.facebook.net yapepro.b2clogin.com; 1
default-src blob: data: 'self' *.rubicon.com *.w3.org http://*.gravatar.com https://*.jsdelivr.net *.jquery.com *.bootstrapcdn.com *.stackadapt.com *.pardot.com *.cookielaw.org *.onetrust.com *.zoominfo.com *.pantheonsite.io *.newrelic.com https://js.zi-scripts.com *.doubleclick.net *.linkedin.com *.clarity.ms https://unpkg.com *.bidr.io *.rlcdn.com *.company-target.com *.google.com *.google.com.np *.adsymptotic.com *.oribi.io *.nr-data.net *.googletagmanager.com *.akamaized.net https://download-video.akamaized.net https://vod-progressive.akamaized.net *.youtube.com *.vimeo.com *.facebook.net *.facebook.com *.cloudfront.net *.googleapis.com *.demandbase.com *.pusher.com *.bugsnag.com *.gstatic.com *.incontact.com *.bing.com *.licdn.com *.google-analytics.com *.googleadservices.com *.clickcease.com *.bugherd.com 'unsafe-inline' 'unsafe-eval';frame-ancestors 'none';form-action 'self' *.rubicon.com *.facebook.com; 1
img-src 'self' https://*.trkkn.com data: https://maps.gstatic.com/ https://maps.googleapis.com/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://gtms.trakken.de/ https://fonts.gstatic.com/;default-src 'self' http://localhost:3000/ https://*.trkkn.com/ https://maps.googleapis.com/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://gtms.trakken.de/;font-src 'self' https://*.trkkn.com data: https://fonts.gstatic.com/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://gtms.trakken.de/ https://fonts.gstatic.com/;form-action 'self';frame-ancestors 'self';object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.trkkn.com https://maps.googleapis.com/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://gtms.trakken.de/;script-src-attr 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://gtms.trakken.de/ https://fonts.gstatic.com/;upgrade-insecure-requests;base-uri 'self' 1
child-src blob: 'self';connect-src 'self' https://*.yimg.com https://*.yahoo.com https://s.yimg.com/nq/ads/mb/native/* https://service.cmp.oath.com https://www.yahoo.com/p.gif https://smetrics.att.com/id https://dpm.demdex.net/id https://video-api.yql.yahoo.com/ https://edgecast-vod.yahoo.net/ https://*.vpg.cdn.yimg.com/ https://media.zenfs.com/ https://assets.video.yahoo.net/ https://ads.adaptv.advertising.com/ https://video.adaptv.advertising.com/ https://consent.yahoo.com/ https://ganon.yahoo.com/ https://geo.yahoo.com/ https://guce.yahoo.com/ https://api.taboola.com/1.2/json/taboola-usersync/user.sync https://gpt.mail.yahoo.net/ https://alpha-gpt.mail.yahoo.net/ https://alpha-gam.mail.yahoosandbox.net/ https://canary-gam.mail.yahoosandbox.net/ https://gam.mail.yahoosandbox.net/;default-src 'self';font-src https: data:;frame-src https://*.yahoo.com https://*.yimg.com https://*.ymail.com https://secure.bannerfarm.ace.advertising.com https://cmp.advertising.com https://assets.video.yahoo.net/ https://opus.analytics.yahoo.com https://tsdtocl.com/ https://consent.yahoo.com/ https://guce.yahoo.com/ https://pfs.yahoo.com https://gpt.mail.yahoo.net/sandbox https://alpha-gpt.mail.yahoo.net/sandbox https://alpha-gam.mail.yahoosandbox.net/sandbox https://canary-gam.mail.yahoosandbox.net/sandbox https://gam.mail.yahoosandbox.net/sandbox https://norrin.tbl.mail.yahoosandbox.net https://alpha-tbl.mail.yahoosandbox.net https://tbl.mail.yahoosandbox.net;img-src data: blob: http: https: https://ganon.yahoo.com/ https://geo.yahoo.com/;media-src blob: https://*.yahoo.com https://*.yimg.com;report-uri https://csp.yahoo.com/beacon/csp?src=mail-norrin;script-src 'self' https://s.yimg.com/nq/nr/ https://s.yimg.com/os/yaft/ https://s.yimg.com/ss/ https://s.yimg.com/aaq/yc/ https://s.yimg.com/ds/scripts/ https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://s.yimg.com/aaq/vzm/ https://s.yimg.com/cx/pv/ https://s.yimg.com/nq/polyfills/ https://yep.video.yahoo.com/ https://s.yimg.com/rx/ https://assets.video.yahoo.net/ https://jsapi.login.yahoo.com/w/ https://s.aolcdn.com/membership/omp-static/omp-widgets/ https://qa.checkout.yahoo.com/widget/ https://checkout.yahoo.com/widget/ https://s.yimg.com/cv/apiv2/partner-portals/att/adobe_analytics/ https://consent.cmp.oath.com/ https://opus.analytics.yahoo.com/ https://s.yimg.com/oa/ https://s.yimg.com/uc/sf/ https://s.yimg.com/cx/acookie/ 'sha256-lRMQ2lQozgbWLOqNJOrnclJXX6G77pQVIlF8SAI3++I=' 'sha256-xx5VFh71P/poOsh6S7wo5Hz/h6kNWHqOpIqJR04djx4=' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://s.yimg.com/oa/ 'nonce-o4gP2UPOD9XGYRcloExEH21QU+vLJ2NrdTM9NiX/YYx3PMZf' ;style-src 'self' https://s.yimg.com/nq/nr/ https://assets.video.yahoo.net/ 'unsafe-inline';worker-src 'self' blob:;manifest-src https://s.yimg.com/nq/nr/json/ 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com *.hipay.com static.cdn.prismic.io prismic.io https://html2canvas.hertzen.com/dist/html2canvas.min.js www.paypalobjects.com *.paypal.com youtube.com vimeo.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/0c356943/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com https://i.ytimg.com/vi/ http://platform.instagram.com/en_US/embeds.js https://www.instagram.com/embed.js https://graph.facebook.com/v11.0/instagram_oembed https://player.vimeo.com/api/player.js https://player.vimeo.com/ js.stripe.com http://www.googletagmanager.com https://www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com https://yt.zone-secure.net http://www.gstatic.com https://*.attraqt.io https://*.facebook.net/ https://*.teads.tv/ https://*.smartlook.com/ https://*.hotjar.com/ https://*.doubleclick.net https://*.mathtag.com https://*.tiktok.com/ https://*.ttwstatic.com *.attraqt.io *.getflowbox.com *.flbx.io *.woosmap.com *.imagino.com;frame-src 'self' maps.googleapis.com https://player.vimeo.com/ youtube.com www.youtube.com https://www.youtube.com https://i.ytimg.com/vi/ *.prismic.io js.stripe.com www.paypalobjects.com *.paypal.com www.youtube-nocookie.com https://*.doubleclick.net https://*.facebook.net/ https://*.facebook.com/ https://*.hotjar.com/ https://*.mathtag.com https://*.tiktok.com/ *.getflowbox.com *.flbx.io;style-src 'self' 'unsafe-inline' https://i.icomoon.io https://fonts.googleapis.com https://*.ttwstatic.com/ *.woosmap.com;img-src 'self' data: stagingctk.centrakor.com maps.googleapis.com maps.gstatic.com https://www.referenseo.com/ https://i.ytimg.com/vi/ https://storage.sbg.cloud.ovh.net https://centrakor.cdn.prismic.io/ https://i.picsum.photos/ https://i.vimeocdn.com/ maps.googleapis.com maps.gstatic.com *.openstreetmap.org www.paypalobjects.com *.paypal.com storage.gra.cloud.ovh.net *.google.com *.doubleclick.net *.google.fr http://www.google-analytics.com https://www.google-analytics.com https://www.centrakor.com/ https://*.teads.tv/ https://*.facebook.com/ https://*.facebook.net/ https://*.mathtag.com https://images.prismic.io/centrakor/ https://*.s3.rbx.io.cloud.ovh.net https://d2rfa446ja7yzb.cloudfront.net/ *.getflowbox.com *.flbx.io *.woosmap.com;font-src 'self' data: fonts.googleapis.com https://i.icomoon.io https://fonts.gstatic.com *.woosmap.com;connect-src 'self' maps.googleapis.com https://noembed.com https://graph.facebook.com/v11.0/instagram_oembed https://graph.facebook.com/v11.0/instagram_oembed/ https://graph.instagram.com/ https://vimeo.com/api/ www.paypalobjects.com *.paypal.com *.analytics.google.com *.doubleclick.net https://www.google-analytics.com https://*.teads.tv/ https://*.facebook.net/ https://*.googleadservices.com *.google.fr https://*.facebook.com/ https://*.smartlook.com/ https://*.smartlook.cloud/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ *.attraqt.io *.getflowbox.com *.flbx.io https://fr.adminzone-secure.net/ *.woosmap.com *.imagino.com;base-uri 'self';media-src 'self' data: *.flbx.io;report-uri /csp/report;worker-src 'self' *.woosmap.com self blob: 1
default-src 'self' 'unsafe-inline' d2mkdgs306yypx.cloudfront.net cdn.cookielaw.org unpkg.com *.wistia.com;    object-src 'self' fonts.googleapis.com cdn.cookielaw.org fonts.googleapis.com www.google-analytics.com unpkg.com www.w3.org;   base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wistia.com *.wistia.net src.litix.io embed-cloudfront.wistia.com fast.wistia.net fast.wistia.com www.gstatic.com media.skyworksinc.com ajax.googleapis.com app.bowencraggs.com cdn.chatbot.com cdn.cookielaw.org cdn.jsdelivr.net cdnjs.cloudflare.com d2mkdgs306yypx.cloudfront.net kit.fontawesome.com unpkg.com www.google-analytics.com www.googletagmanager.com www.google.com cdn.oribi.io bam.nr-data.net stats.g.doubleclick.net;    connect-src 'unsafe-inline' 'self' *.algolia.net fg8vvsvnieiv3ej16jby.litix.io *.litix.io *.wistia.com distillery.wistia.com embedwistia-a.akamaihd.net embed-cloudfront.wistia.com fast.wistia.net fast.wistia.com pipedream.wistia.com analytics.google.com cdnjs.cloudflare.com cdn.chatbot.com cdn.cookielaw.org geolocation.onetrust.com ka-f.fontawesome.com privacyportal.onetrust.com bam.nr-data.net www.google-analytics.com stats.g.doubleclick.net app.bowencraggs.com rmk-map.jobs2web.com fonts.googleapis.com www.google.com;   img-src 'unsafe-inline' 'self' *.wistia.com *.wistia.net embedwistia-a.akamaihd.net embed-ssl.wistia.com embed-cloudfront.wistia.com  fast.wistia.net app.bowencraggs.com cdn.cookielaw.org d2mkdgs306yypx.cloudfront.net www.google-analytics.com fonts.googleapis.com www.google.com www.w3.org www.googletagmanager.com i.ytimg.com data:; style-src 'unsafe-inline' 'self' 'unsafe-eval' fast.wistia.com unpkg.com fonts.googleapis.com cdn.cookielaw.org cdn.jsdelivr.net;   font-src 'unsafe-inline' 'self' data: fonts.gstatic.com *.wistia.com fast.wistia.net ka-f.fontawesome.com fonts.googleapis.com;   media-src 'unsafe-inline' 'self' data: blob: filesystem: *.wistia.com *.wistia.net embedwistia-a.akamaihd.net embed-cloudfront.wistia.com embed-ssl.wistia.com distillery.wistia.com cdn.cookielaw.org d2mkdgs306yypx.cloudfront.net app.bowencraggs.com www.google.com www.googletagmanager.com www.gstatic.com www.google-analytics.com media.skyworksinc.com i.ytimg.com ; frame-src fast.wistia.com fast.wistia.net cdn.chatbot.com www.youtube.com www.google.com www.gstatic.com  media.skyworksinc.com 'self'; manifest-src 'self';   worker-src 'none';   style-src-elem 'self' 'unsafe-inline' fast.wistia.com unpkg.com cdn.jsdelivr.net fonts.googleapis.com; frame-ancestors 'self' cdn.chatbot.com www.youtube.com www.google.com www.gstatic.com media.skyworksinc.com; 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline' https:;img-src 'self'  data: https:;script-src 'self' https: 'unsafe-inline' 'unsafe-eval';frame-src 'self' https:;script-src-attr *;connect-src 'self' https: data:;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';upgrade-insecure-requests 1
frame-ancestors 'self' https://app.agilitycms.com https://*.publishwithagility.com:*; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'wasm-unsafe-eval' https://cdn.jsdelivr.net/npm/; connect-src https://api.friendlycaptcha.com/; worker-src blob:; child-src blob:; frame-ancestors 'none'; img-src 'self' data:; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com http://flex.msn.com http://www.googleadservices.com https://seal.digicert.com https://seal.verisign.com https://www.google.com https://www.googleadservices.com https://app-ab16.marketo.com https://www.gstatic.com https://www.googletagmanager.com https://s.go-mpulse.net https://googleads.g.doubleclick.net; connect-src 'self' 'unsafe-inline' http://localhost:9002 https://magtek.acipayonline.com:9002 *.google-analytics.com https://stats.g.doubleclick.net; img-src 'self' 'unsafe-inline' https://stats.g.doubleclick.net https://www.officialpayments.com https://www.google.com https://ad.doubleclick.net https://googleads.g.doubleclick.net https://privacy-policy.truste.com https://seal.digicert.com *.google-analytics.com https://app-ab16.marketo.com; frame-src 'self' 'unsafe-inline' https://www.google.com https://app-ab16.marketo.com; style-src 'self' 'unsafe-inline' https://app-ab16.marketo.com; object-src 'self' *.google-analytics.com; report-uri https://acipayonline.com/CSPFailuresHandler; frame-ancestors 'self' https://sa.peralta.edu 1
default-src 'self';connect-src 'self' https://avidbots.bamboohr.com *.clarity.ms https://adservice.google.com https://scout.salesloft.com https://google.com *.force.com https://analytics.google.com https://ws.zoominfo.com https://stats.g.doubleclick.net https://js.zi-scripts.com https://www.google-analytics.com https://ws-assets.zoominfo.com;script-src 'self' 'unsafe-inline' blob: https://avidbots.bamboohr.com https://www.clarity.ms https://ws-assets.zoominfo.com *.avidbots.com *.salesforceliveagent.com https://js.zi-scripts.com *.google.com https://www.google-analytics.com *.pardot.com https://googleads.g.doubleclick.net https://js.chilipiper.com https://scout-cdn.salesloft.com https://ws.zoominfo.com *.force.com *.salesforce.com *.vimeocdn.com *.linkedin.com https://analytics.google.comm.au https://www.instagram.com https://connect.facebook.net https://www.googleoptimize.com https://player.vimeo.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://unpkg.com https://code.jquery.com https://maps.googleapis.com https://cdn.jsdelivr.net;object-src 'none';style-src * 'unsafe-inline';style-src-elem * 'unsafe-inline';img-src * data:;frame-src *;font-src * data:;base-uri 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: panah.bimebazar.com unpkg.com sanhabinq.centinsur.ir *.google-analytics.com *.googleapis.com *.google.com  gstatic.com www.gstatic.com connect.facebook.net facebook.com bimebazar.com cdn.bimebazar.com cdn.landin.ir trustseal.enamad.ir ajax.cloudflare.com www.googletagmanager.com analytics.google.com stats.g.doubleclick.net bimebazar.arvanvod.com www.googleadservices.com s1.mediaad.org mediacdn.mediaad.org *.g.doubleclick.net *.hotjar.com *.yektanet.com api.mediaad.org *.tawk.to maxcdn.bootstrapcdn.com driver.snappbimeh.ir app.snappbimeh.ir *.najva.com logo.samandehi.ir balad.ir stackpath.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com *.goftino.com wss://*.goftino.com *.webengage.com *.webengage.co s3.amazonaws.com *.webengagepush.com *.clarity.ms bimebazar.biz *.bimebazar.biz bimebazar.landin.ir *.neshan.org services.bmbzr.ir *.aparat.com *.heapanalytics.com heapanalytics.com *.adtodate.net *.doubleclick.net *.mxpnl.com *.mixpanel.com *.visualwebsiteoptimizer.com *.vwo.com *.bimebazar.com cdn.jsdelivr.net monitoring.bmbzr.ir panah.bmbzr.ir *.bmbzr.ir credit-scoring.bimebazar.com 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-IkQumLoIvsCE2uvM33l8aRopE' https://discuss.eroscripts.com/logs/ https://discuss.eroscripts.com/sidekiq/ https://discuss.eroscripts.com/mini-profiler-resources/ https://discourse-s3-cdn.eroscripts.com/uploads/assets/ https://discuss.eroscripts.com/extra-locales/ https://discourse-cdn.eroscripts.com/highlight-js/ https://discourse-cdn.eroscripts.com/javascripts/ https://discourse-cdn.eroscripts.com/plugins/ https://discourse-cdn.eroscripts.com/theme-javascripts/ https://discourse-cdn.eroscripts.com/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://unpkg.com; worker-src 'self' https://discourse-s3-cdn.eroscripts.com/uploads/assets/ https://discourse-cdn.eroscripts.com/javascripts/ https://discourse-cdn.eroscripts.com/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ajax.googleapis.com https://cdnjs.cloudflare.com *.facebook.net *.twitter.com *.twimg.com https://cdn.chatbot.com https://content.govdelivery.com/ https://cdn.livechatinc.com/ https://api.livechatinc.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com *.twimg.com cdnjs.cloudflare.com https://content.govdelivery.com/; connect-src 'self' https://maps.googleapis.com https://kdorapi.kdor.org https://cdn.chatbot.com/widget/5c7029abb3a91872edc36639/settings.json https://api.livechatinc.com; font-src 'self' https://fonts.gstatic.com https://cdn.livechatinc.com data:; img-src 'self' www.google-analytics.com maps.google.com *.twimg.com *.twitter.com data: https://content.govdelivery.com/; frame-src 'self' *.youtube.com *.facebook.com *.twitter.com https://cdn.chatbot.com https://secure.livechatinc.com/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.grandfrais.com *.humansourcing.com *.diagtest.com *.google.fr *.google.com *.facebook.net *.googletagmanager.com *.jquery.com *.jsdelivr.net *.dialogfeed.com *.cloudflare.com *.youtube.com *.googleapis.com *.gstatic.com *.google-analytics.com *.facebook.com *.fbcdn.net unpkg.com *.openstreetmap.org *.mailjet.com *.360tracking.fr *.lm-tracking.com *.googleadservices.com *.bootstrapcdn.com *.matomo.cloud *.doubleclick.net https://kx1.co https://static.kx1.co http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.ytimg.com  *.youtube-nocookie.com *.github.com cdn.datatables.net noel-grand-frais.lp-mediapost.fr blob: *.grandfrais.com 1
default-src 'report-sample' 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://nibit.report-uri.com/r/t/csp/enforce; 1
frame-ancestors dashboard.supermama.me dash-test.supermama.me 1
default-src 'self' 'unsafe-inline' data: *.usercentrics.eu *.google-analytics.com *.ytimg.com apobank.empathy-portal.de www.googletagmanager.com www.google.com/pagead/ eu-api.friendlycaptcha.eu googleads.g.doubleclick.net/pagead/ bat.bing.com player.podigee-cdn.net *.uberall.com uberall.com *.googleapis.com *.gstatic.com *.amazonaws.com/uberall-downloads-prod/ *.apobank.de *.netigate.se apobank.piwik.pro apobank.containers.piwik.pro; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn.jsdelivr.net player.podigee-cdn.net *.usercentrics.eu *.googletagmanager.com apobank.empathy-portal.de bat.bing.com *.uberall.com uberall.com www.google.com/pagead/ www.google.de/pagead maps.google.com *.googleapis.com *.apobank.de apobank.containers.piwik.pro; child-src 'self' blob: www.dnvs.de dnvs.de www.youtube-nocookie.com www.youtube.com standorte.vr.de fww.biz gisweb.vwd.com www.googletagmanager.com *.emailsys2a.net player.podigee-cdn.net *.usercentrics.eu ohws.prospective.ch *.apobank.de *.netigate.se; 1
worker-src blob:; media-src * blob:; script-src-attr 'unsafe-inline'; default-src  'self' http: 'unsafe-inline'; img-src 'unsafe-inline' http: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'               *.hs-scripts.com               *.hs-analytics.net              *.doubleclick.net                *.azureedge.net               *.azurewebsites.net              *.typekit.net               *.cookielaw.org              *.google-analytics.com              *.googletagmanager.com              *.googleadservices.com              *.g.doubleclick.net              *.gstatic.com              *.search.windows.net              *.hs-banner.com              *.textkernel.com              *.ads.linkedin.com              *.hsadspixel.net              *.hubapi.com              *.hubspot.com              *.licdn.com              *.azure.net               *.facebook.net              *.facebook.com              *.pardot.com               *.kforce.com               *.googleapis.com               *.google.com               *.dropbox.com               *.ceros.com              *.ytimg.com              *.ggpht.com              *.cloudfront.net              *.cloudflare.com              *.youtube.com              *.linkedin.com              *.monster.com               *.twitter.com               *.indeed.com              *.apply.indeed.com              http://www.google-analytics.com/analytics.js               https://snap.licdn.com/li.lms-analytics/insight.min.js               https://cdn.cookielaw.org/scripttemplates/otSDKStub.js               https://use.typekit.net/ukt6xtu.js              https://cdn.cookielaw.org/scripttemplates/6.12.0/otBannerSdk.js              http://view.ceros.com/scroll-proxy.min.js              https://www.gstatic.com/charts/loader.js              https://www.gstatic.com/charts/loader.js              http://localhost:3000/3eab5490-eadc-43d5-87bc-2657aae153dd              http://localhost:3000/0867403a-379c-4b62-a8df-69e3ad545b27              http://localhost:3000/1aaeb673-3786-4d80-849e-76ae71249686              http://localhost:3000/048650c0-1d10-426d-8e6d-e235201124d3              https://stage2.kforce.com/64ec2d2d-acc2-4834-866a-ff3384224de9              https://stage2.kforce.com/abb93004-e801-4692-a182-a51d27a9bc33              https://staging.textkernel.com/match/js/tkwidget.js              https://apply.indeed.com/indeedapply/env              https://login.monster.com/awm/en_US/awm.js              https://apis.google.com/js/api.js              https://apis.google.com/js/client.js              https://kforceuploadstage.azurewebsites.net/signalr/hubs              https://d3fw5vlhllyvee.cloudfront.net/indeedapply/s/6637e31/indeedapply-compiled.js               https://www.googletagmanager.com/              https://js.hsadspixel.net/fb.js              https://js.hs-analytics.net/              https://js.hs-banner.com/v2/20553560/banner.js              https://www.youtube.com/              http://www.googleadservices.com/;                             1
default-src 'none'; script-src-elem 'self' 'nonce-393d5288-0ab2-4036-84e8ee400d0fc2c1' vialtopartners.com *.vialtopartners.com cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal.onetrust.com geolocation.onetrust.com ajax.googleapis.com cdn.yoshki.com *.google-analytics.com ajax.googleapis.com www.gstatic.com *.googletagmanager.com tagmanager.google.com www.google.com snap.licdn.com *.evgnet.com 'unsafe-eval' 'unsafe-inline' *.evergage.com vialtopartners.us-7.evergage.com https://vialto.wpengine.com 'sha256-3/mNUpqF9X/gMYE+bOG6g8d6I32wdYdWwWuAk90mPCM=' 'sha256-mci9FRjRn34gzdmf2PjWF2dtHlzIKOupZDY7/ALscz0='; script-src 'self' 'nonce-393d5288-0ab2-4036-84e8ee400d0fc2c1' vialtopartners.com *.vialtopartners.com cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal.onetrust.com geolocation.onetrust.com ajax.googleapis.com cdn.yoshki.com *.google-analytics.com ajax.googleapis.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com *.googletagmanager.com tagmanager.google.com www.google.com snap.licdn.com *.algolia.net *.evgnet.com 'unsafe-eval' 'unsafe-inline' *.evergage.com vialtopartners.us-7.evergage.com https://vialto.wpengine.com 'sha256-3/mNUpqF9X/gMYE+bOG6g8d6I32wdYdWwWuAk90mPCM=' 'sha256-mci9FRjRn34gzdmf2PjWF2dtHlzIKOupZDY7/ALscz0='; connect-src 'self' vialtopartners.com *.vialtopartners.com cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal.onetrust.com geolocation.onetrust.com ajax.googleapis.com cdn.yoshki.com *.google-analytics.com ajax.googleapis.com www.gstatic.com *.googletagmanager.com tagmanager.google.com *.analytics.google.com *.google.com *.oribi.io *.g.doubleclick.net *.algolia.net *.evgnet.com *.evergage.com *.ads.linkedin.com vialtopartners.us-7.evergage.com https://vialto.wpengine.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal.onetrust.com geolocation.onetrust.com https://vialto.wpengine.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com *.vialtopartners.com https://vialto.wpengine.com; img-src 'self' *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com googleads.g.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.google.com cdn.cookielaw.org *.ads.linkedin.com *.adsymptotic.com *.windows.net *.vialtopartners.com *.linkedin.com https: data: *.evergage.com 'unsafe-eval' 'unsafe-inline' *.evergage.com https://vialto.wpengine.com; media-src 'self' *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com cdn.cookielaw.org *.ads.linkedin.com *.adsymptotic.com *.windows.net *.vialtopartners.com *.youtube.com *.vimeo.com https://vialto.wpengine.com; frame-src 'self' cdn.yoshki.com *.doubleclick.net *.google.com *.podbean.com *.vimeo.com https://vialto.wpengine.com 1
frame-ancestors 'self' https://m-redbus-id.cdn.ampproject.org https://www.google.com https://www.google.co.id https://m.redbus.id https://seocms.redbus.com; default-src 'self' https://c.riskified.com wss://*.firebaseio.com wss://rbpub.redbus.com h.online-metrix.net https://s3.rdbuz.com https://*.doubleclick.net https://graph.facebook.com  https://*.redbus.in  https://*.redbus.com https://*.googleapis.com https://www.google-analytics.com http://www.googletagmanager.com https://*.google.com https://*.google.co.in https://*.facebook.net http://www.googleadservices.com https://www.facebook.com https://recorder.sessionstack.com https://o2.mouseflow.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.branch.io cdn.moengage.com https://beacon.riskified.com https://tags.tiqcdn.com http://cdn-akamai.mookie1.com https://*.firebaseio.com https://h.online-metrix.net https://*.twitter.com  https://static.ads-twitter.com https://*.googletagservices.com https://bam.nr-data.net https://*.doubleclick.net https://maxcdn.bootstrapcdn.com https://*.google.com https://cdn.jsdelivr.net https://sslwidget.criteo.com https://static.criteo.net https://cdn.mouseflow.com https://bat.bing.com https://maps.googleapis.com http://sg-pl.vizury.com https://cdnjs.cloudflare.com http://www.redbus.in https://www.redbus.in https://adservice.google.co.in https://ssl.google-analytics.com https://connect.facebook.net http://pagead2.googlesyndication.com http://www.google-analytics.com https://cdn.sessionstack.com http://www.googletagmanager.com http://connect.facebook.net https://*.googleadservices.com https://*.rdbuz.com https://*.redbus.in https://www.gstatic.com http://*.rdbuz.com; img-src 'self' data: blob: niubizqr.pagoefectivo.pe img.riskified.com moe-email-campaigns.s3.amazonaws.com image.moengage.com web-elb *.online-metrix.net *.goibibo.com barcode-latam.s3.amazonaws.com t.co www.googletagmanager.com *.doubleclick.net tpc.googlesyndication.com maps.gstatic.com maps.googleapis.com rb-plus.s3.ap-southeast-1.amazonaws.com s3-ap-southeast-1.amazonaws.com *.s3-ap-southeast-1.amazonaws.com h.online-metrix.net bat.bing.com www.google.co.in  origin-st.redbus.in www.redbus.in www.redbus.in *.google.com www.google-analytics.com  https://ssl.google-analytics.com https://*.facebook.com https://*.rdbuz.com https://st.redbus.in  http://*.rdbuz.com http://st.redbus.in https://api.midtrans.com https://www.glassdoor.co.in; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://*.google.com https://cdnjs.cloudflare.com https://www.w3schools.com http://fonts.googleapis.com https://fonts.googleapis.com https://*.rdbuz.com https://st.redbus.in  http://*.rdbuz.com http://st.redbus.in; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.gstatic.com http://*.rdbuz.com http://st.redbus.in https://fonts.gstatic.com https://*.rdbuz.com https://st.redbus.in; frame-src 'self' st.redbus.in payment.pagoefectivo.pe *.firebaseapp.com *.firebaseio.com  www.surveymonkey.com *.google.com isb.au1.qualtrics.com www.googletagservices.com *.redbus.com h.online-metrix.net checkout.payulatam.com *.doubleclick.net in-tags.vizury.com sg-pl.vizury.com *.facebook.com www.youtube.com dis.as.criteo.com; object-src 'self'; connect-src 'self' wss://rbpub.redbus.com s3-ap-southeast-1.amazonaws.com *.moengage.com analytics.google.com o2.mouseflow.com *.redbus.com *.doubleclick.net *.riskified.com www.google-analytics.com graph.facebook.com accounts.google.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.xyz; img-src 'self' https: data: blob: https://mastodon.xyz; style-src 'self' https://mastodon.xyz 'nonce-BZaIUGr9y+7d/Tu4voCh+Q=='; media-src 'self' https: data: https://mastodon.xyz; frame-src 'self' https:; manifest-src 'self' https://mastodon.xyz; form-action 'self'; child-src 'self' blob: https://mastodon.xyz; worker-src 'self' blob: https://mastodon.xyz; connect-src 'self' data: blob: https://mastodon.xyz https://6-28.mastodon.xyz wss://mastodon.xyz; script-src 'self' https://mastodon.xyz 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps-api-v3/  https://maps.googleapis.com/maps-api-v3/ https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/ www.google-analytics.com/ www.google-analytics.com/g/ https://maps.googleapis.com/maps-api-v3/ https://maps.googleapis.com/maps/ https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps-api-v3/api/js/53/14/onion.js https://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo https://www.gstatic.com/recaptcha/releases/ https://cdnjs.cloudflare.com/ajax/libs/proj4js/2.3.6/proj4-src.js https://www.googletagmanager.com/ https://www.googletagmanager.com/gtag/ https://maps.googleapis.com/maps-api-v3/api/js/53/14/common.js connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net/ *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com *.typekit.net/ kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.dmz.local/  https://stats.g.doubleclick.net/g/ *.nwe.northwesternenergy.com http://mesonet.agron.iastate.edu/cache/tile.py/1.0.0/ https://mesonet.agron.iastate.edu/ https://*.google-analytics.com https://*.googletagmanager.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com; media-src 'self' data: blob:; child-src 'self' https://experience.arcgis.com/experience/ https://flimp.live  https://app.powerbi.com/ https://platform.twitter.com/ https://www.google.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com  https://stats.g.doubleclick.net/g/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com *.googleapis.com *.gstatic.com; object-src; 1
default-src 'self' https://www.debtdomain.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://region1.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://www.gstatic.com https://cdn.cookielaw.org https://*.onetrust.com/ https://www.debtdomain.com/ https://*.fontawesome.com data: blob:; object-src 'none'; font-src 'self' https://fonts.gstatic.com https://*.fontawesome.com https://www.debtdomain.com data:; style-src 'self' 'unsafe-inline' www.gstatic.com https://www.debtdomain.com; img-src 'self' data: blob: https://www.google-analytics.com https://region1.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://cdn.ihs.com  https://cdn.cookielaw.org https://www.gstatic.com https://www.debtdomain.com; frame-src 'self'  https://www.debtdomain.com mailto: tel: https://www.google.com blob:; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.fontawesome.com https://cdn.cookielaw.org https://*.onetrust.com https://www.debtdomain.com; manifest-src 'self' https://www.debtdomain.com; media-src https://www.debtdomain.com; report-uri https://l9ehqpseg2.execute-api.eu-central-1.amazonaws.com/dd-prod-fra-csp-reporting_stage/default; report-to csp-default-report-group; 1
default-src 'self' data: https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; img-src data: https: 'unsafe-inline' 'unsafe-eval'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'none'; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com yomma.services cms.sqat.eu *.openstreetmap.org *.itzbund.de; frame-ancestors 'self'; font-src 'self' data:; 1
Content-Security-Policy-Report-Only: default-src * 'self' 'unsafe-inline'; report-uri https://sentry.verticalaxion.com/api/9/security/?sentry_key=ec0f5a73238643ff974202212042355d 1
img-src 'self' *.mylo.id https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com assets.hearstapps.com https://cdnjs.cloudflare.com/ajax/libs/flag-icon-css/ data: *.resin.com *.hearstmags.id;default-src 'self' *.mylo.id https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com *.resin.com *.hearstmags.id;script-src 'self' https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';frame-ancestors 'self' *.resin.com *.mylo.id *.hearstmags.id;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
upgrade-insecure-requests; block-all-mixed-content; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: russellinvestments.com *.russellinvestments.com russellinvestments.com.au *.russellinvestments.com.au russellinvestmentsb2c.b2clogin.com russellinvestmentsb2cuat.b2clogin.com russellinvestmentsb2cdev.b2clogin.com spoppe-b.azureedge.net mapbuilder-local mapbuilder-dev mapbuilder-qa mapbuilder-sit mapbuilder-uat cookies.engage.russellinvestments.com bigmarker.com *.bigmarker.com *.b0e8.com cdn.linkedin.oribi.io *.ceros.com api.ipify.org docraptor.com *.linkedin.com *.marketo.net *.mktoresp.com *.coveo.com fast.fonts.net fonts.googleapis.com fonts.gstatic.com *.hivecloud.net hivetracking.azurewebsites.net *.glassboxdigital.io *.glassboxcdn.com *.gbqofs.com www.google.com/jsapi www.gstatic.com/charts/ *.google-analytics.com *.googletagmanager.com www.google.com/ads/ ajax.googleapis.com/ajax/libs/angularjs/ ajax.googleapis.com/ajax/libs/jquery/ cdnjs.cloudflare.com d81mfvml8p5ml.cloudfront.net dn1i8v75r669j.cloudfront.net dkpklk99llpj0.cloudfront.net *.buzzsprout.com code.highcharts.com img.en25.com marvel-b1-cdn.bc0a.com marvel-b2-cdn.bc0a.com marvel-processor.bc0a.com *.aas.com.au *.clickdimensions.com *.msecnd.net omny.fm *.powerapps.com *.powerbi.com https://*.qualtrics.com *.sharepointonline.com siteimproveanalytics.com *.siteimproveanalytics.io https://snap.licdn.com *.fls.doubleclick.net stats.g.doubleclick.net vimeo.com *.vimeo.com *.windows.net *.youtube.com; 1
frame-ancestors 'self' https://secure.ubicentrex.net 1
img-src 'self' data: https://verhuuroffice.nl https://*.clarity.ms https://c.bing.com https://maps2.nbo.nl https://ikwilhuren.nu https://bi-mvgm2.eye-move.nl https://bi-hcf.eye-move.nl https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://www.googletagmanager.com https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.googleapis.com https://*.google.com https://*.google.nl https://*.gstatic.com https://*.stape.digital https://*.stape.io https://www.google.com https://www.google.com.ar https://www.google.at https://www.google.com.au https://www.google.az https://www.google.be https://www.google.com.br https://www.google.ch https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.co.in https://www.google.it https://www.google.nl https://www.google.co.nz https://www.google.pl https://www.google.se https://www.google.to https://www.google.com.tw https://www.google.com.ua https://www.google.co.uk https://www.google.co.ma https://www.google.ae https://www.google.sr https://www.google.me https://www.google.ro ;object-src 'none' ;default-src 'self' data: blob: https://*.analytics.google.com https://analytics.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://analytics.google.com https://*.google.com https://*.google.nl https://maps2.nbo.nl https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://td.doubleclick.net https://*.typekit.net https://service.pdok.nl https://*.clarity.ms https://cdn.cookiecode.nl https://api.cookiecode.nl https://*.stape.digital https://*.stape.io https://www.youtube.com https://youtu.be https://www.youtube-nocookie.com https://www.google.com https://www.google.com.ar https://www.google.at https://www.google.com.au https://www.google.az https://www.google.be https://www.google.com.br https://www.google.ch https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.co.in https://www.google.it https://www.google.nl https://www.google.co.nz https://www.google.pl https://www.google.se https://www.google.to https://www.google.com.tw https://www.google.com.ua https://www.google.co.uk https://www.google.co.ma https://www.google.ae https://www.google.sr https://www.google.me https://www.google.ro 'unsafe-inline' 'unsafe-eval' ; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.hotjar.com 'self' data: *.subdued.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.subdued.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.hotjar.com *.facebook.com *.cookiebot.com *.subdued.com *.pinterest.com *.salesmanago.pl *.klarna.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.sendcloud.sc *.jsdelivr.net *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.googleapis.com *.gstatic.com *.googleadservices.com *.google-analytics.com *.google.com *.googletagmanager.com *.google.de *.google.it *.visualwebsiteoptimizer.com *.facebook.com *.pinterest.com *.subdued.com *.klarnacdn.net *.jmango360.com *.klarna.com *.klarnaevt.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.com *.facebook.net *.tiktok.com *.zdassets.com *.hotjar.com *.visualwebsiteoptimizer.com *.newrelic.com *.pinimg.com *.doubleclick.net *.cookiebot.com *.googlesyndication.com *.nr-data.net *.subdued.com *.klarnaservices.com *.googleoptimize.com *.klarna.com *.klarnacdn.net *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.stripe.com klarna.com *.klarnaevt.com *.link.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sendcloud.sc *.jsdelivr.net *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.subdued.com *.klarnacdn.net unsafe-inline assets.braintreegateway.com *.sendcloud.sc *.jsdelivr.net *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.googleapis.com *.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.tiktok.com *.pinterest.com *.google-analytics.com *.googlesyndication.com *.cookiebot.com *.nr-data.net *.subdued.com *.klarnaevt.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.link.com *.klarnaservices.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' platform.twitter.com d.line-scdn.net www.googletagmanager.com www.google-analytics.com connect.facebook.net https://ajax.googleapis.com https://cdn.syndication.twimg.com https://code.jquery.com https://cdn.jsdelivr.net https://www.youtube.com https://analytics.tiktok.com https://www.line-website.com; frame-src 'self' platform.twitter.com social-plugins.line.me staticxx.facebook.com www.facebook.com https://*.google.com https://www.youtube.com https://syndication.twitter.com https://www.tiktok.com; style-src 'self' fonts.googleapis.com https://platform.twitter.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://cdn.jsdelivr.net 'unsafe-inline'; img-src 'self' data: platform.twitter.com https://www.google.com https://www.google.co.jp syndication.twitter.com https://pbs.twimg.com https://abs.twimg.com www.google-analytics.com 7premium.jp https://*.amazonaws.com http://*.amazonaws.com https://image.prd-gen.dam.7andi-gdpf.com https://ssl.google-analytics.com data: https://s3.us-west-2.amazonaws.com blob: 7premium.jp; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; connect-src 'self' https://image.prd-gen.dam.7andi-gdpf.com https://*.amazonaws.com https://www.google-analytics.com https://*.cloudfront.net https://stats.g.doubleclick.net https://analytics.google.com https://analytics.tiktok.com; 1
default-src 'self' *.redact.dev redact.dev testimonial.to *.testimonial.to https://*.clarity.ms https://c.bing.com; script-src 'self' *.redact.dev redact.dev 'unsafe-inline' https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com static.ads-twitter.com testimonial.to *.testimonial.to testimonial.to *.testimonial.to www.paypalobjects.com paypal.com *.paypal.com bat.bing.com https://*.clarity.ms https://c.bing.com 'unsafe-eval'; style-src 'self' *.redact.dev 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com; font-src 'self' *.redact.dev redact.dev https://fonts.gstatic.com data:; connect-src 'self' *.redact.dev redact.dev https://*.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://adservice.google.com *.wdfl.co *.getrewardful.com *.twitter.com *.ads-twitter.com www.paypalobjects.com paypal.com *.paypal.com https://*.clarity.ms https://c.bing.com; img-src 'self' *.redact.dev redact.dev data: www.googletagmanager.com https://*.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://*.doubleclick.net https://*.g.doubleclick.net https://www.google.com *.t.co t.co *.ads-twitter.com *.twitter.com www.paypalobjects.com checkout.paypal.com *.paypal.com bat.bing.com https://*.clarity.ms https://c.bing.com; object-src 'self'; frame-src https://*.doubleclick.net https://*.g.doubleclick.net https://embed-v2.testimonial.to *.cardinalcommerce.com paypal.com *.paypal.com www.youtube.com; 1
default-src 'self'; script-src-elem * 'self' 'unsafe-inline' https://www.googletagmanager.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com www.googleadservices.com www.google.com https://googleads.g.doubleclick.net googleads.g.doubleclick.net https://tagmanager.google.com https://www.google-analytics.com; img-src 'self' data: https://images.ctfassets.net https://www.google.com.ar/ads/ga-audiences https://www.googletagmanager.com https://*.openstreetmap.org https://*.doubleclick.net/ https://www.facebook.com https://*.hotjar.com https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.mx https://*.google.com.pa https://*.google.com.ni https://*.google.co.cr https://*.google.com.do https://*.google.com.sv https://*.google.com.gt https://*.google.com.hn https://googleads.g.doubleclick.net https://www.google.com https://google.com googleads.g.doubleclick.net www.google.com google.com https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://www.google.com.mx https://x.bidswitch.net https://pixel.tapad.com https://image2.pubmatic.com https://sync.crwdcntrl.net https://us-u.openx.net https://s.ad.smaato.net https://dpm.demdex.net https://sync.admanmedia.com https://sync.1rx.io https://match.adsrvr.org https://rtb-csync.smartadserver.com https://aa.agkn.com https://sync.cootlogix.com https://fei.pro-market.net https://secure.adnxs.com https://onetag-sys.com https://ssl.gstatic.com https://www.gstatic.com https://ums.acuityplatform.com https://s.amazon-adsystem.com https://bam.nr-data.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com; font-src 'self' https://fonts.gstatic.com https://*.hotjar.com http://db.onlinewebfonts.com https://fonts.gstatic.com data:; frame-src 'self' https://*.cloudfront.net https://skyvideo.custhelp.com https://*.sky.com.mx https://*.doubleclick.net https://bid.g.doubleclick.net bid.g.doubleclick.net https://*.fls.doubleclick.net https://s.amazon-adsystem.com https://bam.nr-data.net https://www.facebook.com https://www.google.com/ https://*.publicidadmarcas.com; connect-src 'self' https://qamisky.sky.com.mx:8443 https://miespaciosky.sky.com.mx:8443 data: https://maps.googleapis.com https://analytics.google.com https://analytics.tiktok.com https://*.sky.com.mx https://assets.ctfassets.net https://*.doubleclick.net https://www.google.com wss://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.mx https://*.google.com.pa https://*.google.com.ni https://*.google.co.cr https://*.google.com.do https://*.google.com.sv https://*.google.com.gt https://*.google.com.hn https://script.crazyegg.com https://s.amazon-adsystem.com https://bam.nr-data.net https://www.facebook.com; media-src 'self' https://videos.ctfassets.net https://*.youtube.com; worker-src 'self' blob: 1
frame-ancestors 'self' https://www.deal4loans.com  https://www.zeebiz.com/ *.wishfin.com; 1
frame-ancestors 'self' https://ersties.net https://ersties.de https://en.ersties.com https://ersties.ch https://en.ersties.ch https://ersties.com 1
default-src 'self' https://nia.identitaobcana.cz; upgrade-insecure-requests; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data: https://nia.identitaobcana.cz matomoas.westeurope.cloudapp.azure.com; connect-src 'self' https://www.identitaobcana.cz matomoas.westeurope.cloudapp.azure.com; frame-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' data:;  script-src 'self' portal.gov.cz *.portal.gov.cz https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ matomoas.westeurope.cloudapp.azure.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' blob: * 1
default-src 'self' p11.techlab-cdn.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdw.com *.cdw.ca *.richrelevance.com *.qualtrics.com *.optimizely.com *.hotjar.com *.needle.com *.appspot.com *.facebook.net *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.cnetcontent.com *.cnetcontentsolutions.com *.akamaihd.net *.google.com *.justuno.com *.netapp.com *.demdex.net *.d41.co *.cxense.com pactsafe.io *.webcollage.net *.ziftsolutions.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com *.ytimg.com t.sellpoints.com a.sellpoint.net *.flixfacts.com *.youtube.com *.flixcar.com *.flix360.com *.easy2.com *.go-mpulse.net *.linkedin.com *.cloudfront.net *.bluecore.com *.adsrvr.org blob: data.g2.com *.g2crowd.com *.hotjar.io *.spexlive.net *.gstatic.com *.leadsrx.com *.turnto.com *.licdn.com *.hs-scripts.com *.vmwarepartnerdemandcenter.com *.hsleadflows.net *.hs-banner.com *.hsforms.net *.hsadspixel.net *.hubapi.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com accessibilityserver.org *.userway.org *.tiqcdn.com *.tealiumiq.com *.adroll.com *.hs-analytics.net js.usemessages.com *.hscollectedforms.net *.redditstatic.com *.reddit.com *.scene7.com *.vidyard.com *.vimeo.com *.hp.com *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.launchdarkly.com *.onetrust.com *.oribi.io *.cookielaw.org *.linkedin.com *.w55c.net *.pdst.fm *.stackadapt.com *.pactsafe.io *.sketchfab.com p11.techlab-cdn.com;style-src 'self' 'unsafe-inline' *.cdw.com *.cdw.ca *.needle.com *.googleapis.com *.cnetcontent.com *.justuno.com *.webcollage.net *.ziftsolutions.com t.sellpoints.com a.sellpoint.net *.flixcar.com *.easy2.com *.amazonaws.com *.cloudfront.net blob: *.typekit.net *.spexlive.net *.turnto.com *.syndigo.com *.syndigo.cloud *.scene7.com *.etilize.com *.1worldsync.com *.spexaccess.net *.stackadapt.com *.sketchfab.com;img-src 'self' *.cdw.com *.cdw.ca *.qualtrics.com *.optimizely.com *.needle.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.cnetcontent.com *.cnetcontentsolutions.com *.akamaihd.net *.google.com *.justuno.com *.netapp.com *.demdex.net *.cxense.com *.webcollage.net *.ziftsolutions.com *.googletagmanager.com *.googletagservices.com *.ytimg.com t.sellpoints.com a.sellpoint.net *.flixfacts.com *.youtube.com *.flixcar.com *.flix360.com *.easy2.com *.amazonaws.com *.linkedin.com *.facebook.com *.cloudfront.net *.adobecqms.net *.everesttech.net *.bluecore.com cdn.optimizely.com *.adsrvr.org data: *.spexlive.net *.windows.net *.edgecastcdn.net *.licdn.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot.com *.userway.org *.tiqcdn.com *.tealiumiq.com *.adroll.com *.mediaiqdigital.com *.redditstatic.com *.reddit.com *.scene7.com *.vidyard.com *.vimeocdn.com *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.oribi.io *.cookielaw.org *.linkedin.com *.w55c.net *.stackadapt.com *.pactsafe.io *.sketchfab.com;frame-src 'self' *.cdw.com *.cdw.ca *.qualtrics.com *.hotjar.com *.needle.com *.doubleclick.net *.cnetcontent.com *.cnetcontentsolutions.com *.google.com *.justuno.com *.demdex.net *.cxense.com *.webcollage.net *.ziftsolutions.com *.googletagmanager.com *.googletagservices.com a.sellpoint.net *.youtube.com *.flixcar.com *.easy2.com *.facebook.com *.cloudfront.net *.cdwemail.com *.kingston.com *.hotjar.io *.spexlive.net *.swcontentsyndication.com *.exacttarget.com *.exct.net *.simplecast.com *.vmwarepartnerdemandcenter.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.userway.org *.scene7.com *.vidyard.com *.vimeo.com *.hp.com *.etilize.com *.1worldsync.com *.spexaccess.net *.onetrust.com *.sketchfab.com;font-src * data:;connect-src 'self' *.cdw.com *.cdw.ca *.richrelevance.com *.qualtrics.com *.optimizely.com *.hotjar.com *.needle.com *.appspot.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.cnetcontent.com *.akamaihd.net *.google.com *.justuno.com *.netapp.com *.demdex.net *.d41.co *.cxense.com *.webcollage.net *.googletagmanager.com *.googletagservices.com t.sellpoints.com a.sellpoint.net *.go-mpulse.net *.facebook.com *.cloudfront.net *.bluecore.com wss://*.hotjar.com *.akstat.io data.g2.com *.g2crowd.com *.hotjar.io *.spexlive.net *.leadsrx.com *.turnto.com *.hubapi.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com accessibilityserver.org *.userway.org *.tiqcdn.com *.tealiumiq.com *.adroll.com *.scene7.com *.addressy.com *.etilize.com *.1worldsync.com *.quantserve.com *.spexaccess.net *.launchdarkly.com *.onetrust.com *.oribi.io *.cookielaw.org *.w55c.net *.pdst.fm *.stackadapt.com *.pactsafe.io *.sketchfab.com p11.techlab-cdn.com;object-src 'self' a.sellpoint.net *.scene7.com;media-src 'self' *.cdw.com *.cnetcontent.com *.webcollage.net *.flixfacts.com *.youtube.com blob: *.spexlive.net *.syndigo.com *.syndigo.cloud *.userway.org *.tiqcdn.com *.scene7.com *.etilize.com *.1worldsync.com *.spexaccess.net *.sketchfab.com;worker-src 'self' *.needle.com *.cloudfront.net blob:; 1
worker-src 'self' blob:; script-src 'strict-dynamic' 'unsafe-eval' 'nonce-8+IUF/Tnw6KTDdtGljt4QQ=='; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' https://*.michelin.com 1
frame-ancestors https://*.royalcasino.dk 1
frame-ancestors 'self' https://pgmall.co.id https://pgmall.co.th https://staging.pgmall.my https://staging.pgmall.co.id https://staging.pgmall.co.th 1
frame-ancestors 'self' https:; default-src 'self' https://static.badgr.io; media-src *; object-src 'none'; style-src www.gstatic.com *.googleapis.com 'unsafe-inline' *.eesysoft.com 'self' ; script-src www.gstatic.com translate.google.com *.googleapis.com *.eesysoft.com 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' 'self'  *.datadoghq-browser-agent.com 'nonce-PZS1MakqBwvN3YzJmaKRvLfC4j6As0E2' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'unsafe-hashes'; font-src *.eesysoft.com 'self'; img-src * data:; connect-src * data:; frame-src 'self' *; worker-src 'self'  blob:; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub5a8d1fc4dd08905a0a05de7b26890b12&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env%3Abadgr.com%2Cservice%3Acredentials-rum%2Cversion%3Av24.07.24133515-main.16053; report-to browser-intake-datadoghq; 1
frame-ancestors 'self' https://www.blinds.com https://blinds.homedepot.com https://custom.homedepot.com https://www.homedepot.ca https://www.blinds.ca https://www.americanblinds.com https://www.justblinds.com 1
{"default-src":"self","report_to":"default","include_subdomains":true} 1
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 1
frame-ancestors 'self' https://*.bidorbuy.co.za https://*.bobshop.co.za https://*.bob.co.za https://*.qa.bobshop.co.za; 1
default-src 'self' https: http: data: blob: *.doofinder.com *.klarna.com prestashop.webkul.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: *.doofinder.com *.klarna.com prestashop.webkul.com *.klarnaevt.com *.klarnacdn.net js.klarna.com; connect-src 'self' https: wss: *.doofinder.com *.klarna.com prestashop.webkul.com *.klarnaevt.com *.klarnacdn.net api.klarna.com; style-src 'self' 'unsafe-inline' https: http: prestashop.webkul.com *.klarnacdn.net; img-src 'self' data: https: http: prestashop.webkul.com *.klarna.com *.klarnacdn.net; font-src 'self' data: https: http: prestashop.webkul.com *.klarnacdn.net; frame-src 'self' https: http: *.klarna.com prestashop.webkul.com klarna.com; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' *.tiktok.com *.ttwstatic.com *.cloudflare.com *.google.com cdn.datatables.net maps.googleapis.com www.gstatic.com cdn.jsdelivr.net www.youtube.com *.kapturecrm.com *.adjetter.com mrdiy.aichat.site www.googletagmanager.com connect.facebook.net static.cloudflareinsights.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ttwstatic.com cdn.datatables.net *.cloudflare.com fonts.googleapis.com unpkg.com *.kapturecrm.com *.adjetter.com mrdiy.aichat.site 'unsafe-inline'; img-src 'self' * data:; font-src 'self' data: fonts.gstatic.com *.kapturecrm.com www.gozayaan.com mrdiy.aichat.site; connect-src 'self' *.kapdesk.com wss: maps.googleapis.com *.facebook.com *.kapturecrm.com *.adjetter.com socialplugin.facebook.net; media-src 'self'; frame-src 'self' *.tiktok.com *.facebook.com *.google.com plugins.flockler.com mrdiy.listedcompany.com *.youtube.com *.vimeo.com; object-src 'none'; base-uri 'self'; 1
default-src 'none'; script-src 'self' piwik.bildung-rp.de https://static.b-ite.com https://cs-assets.b-ite.com https://karriere.pl.bildung-rp.de/ 'unsafe-inline' https://maps.rlp.de; connect-src 'self' https://maps.rlp.de https://piwik.bildung-rp.de https://jobs.b-ite.com; img-src 'self' data: https://sgx.geodatenzentrum.de; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self' http://*.bildung.rlp.de/ https://secure2.bildung-rp.de; frame-src 'self' https://www.youtube-nocookie.com/ https://w.soundcloud.com https://rp.db-schulkinowochen.de https://player.vimeo.com; font-src 'self'; manifest-src 'self' 1
frame-ancestors https://*.veygo.com https://*.preprod-veygo.com 1
script-src 'self' *.atl-paas.net *.atlassian.net *.jira.com *.jira-dev.com *.statuspage.io 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com; object-src 'none' 1
default-src 'none'; script-src 'self' 'sha256-8utW+kKzeUlJv3uhUjjdPCEamVpNjhk4CpTE1oe3icY=' https://app.intercom.io https://widget.intercom.io https://*.intercomcdn.com https://plausible.io https://static.cloudflareinsights.com https://*.cloudflareaccess.com https://js.stripe.com; connect-src *; style-src 'self' 'unsafe-inline' https://*.cloudflareaccess.com https://fonts.googleapis.com; img-src data: blob: https://*.hoa-express.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://*.googleapis.com https://*.gstatic.com https://*.google.com; font-src 'self' data: https://*.hoa-express.com https://js.intercomcdn.com https://fonts.intercomcdn.com https://fonts.gstatic.com; child-src 'self' blob: https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.stripe.com; media-src 'self' https://js.intercomcdn.com; manifest-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://messenger-apps.intercom.io https://f4g8z0njphjx.statuspage.io; report-uri https://sparksuite.report-uri.com/r/d/csp/enforce; report-to csp-endpoint; 1
default-src 'self' 'unsafe-inline' www.google-analytics.com *.googleadservices.com *.google-analytics.com *.analytics.google.com *.google.com *.google.ch www.googletagmanager.com *.googletagmanager.com googleads.g.doubleclick.net stats.g.doubleclick.net hello.myfonts.net *.jobcloud.ch *.jobs.ch *.jobup.ch *.stellen.ch *.impieghi.ch *.ingjobs.ch *.ictcareer.ch *.jobs4sales.ch *.financejobs.ch *.medtalents.ch *.jobwinner.ch *.alpha.ch *.topjobs.ch *.jobscout24.ch *.disqus.com *.disquscdn.com disqus.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.google-analytics.com *.analytics.google.com *.google.com www.googletagmanager.com tpc.googlesyndication.com *.googletagmanager.com cdnjs.cloudflare.com js-agent.newrelic.com ajax.googleapis.com *.googleadservices.com cdn.jsdelivr.net bam.nr-data.net *.disqus.com *.disquscdn.com; frame-src tpc.googlesyndication.com; media-src 'self' 'unsafe-inline' data:; font-src 'self' 'unsafe-inline' data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' strict-dynamic https://js.hcaptcha.com; object-src 'none'; base-uri 'self'; child-src 'self' https://newassets.hcaptcha.com; style-src 'self' 'unsafe-inline'; media-src 'self'; font-src 'self'; img-src 'self' https://i.imgur.com data:; 1
default-src *; style-src * 'unsafe-inline';script-src * 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' www.bso.at; 1
default-src 'self' www.googletagmanager.com *.google-analytics.com static.dvinci-easy.com player.vimeo.com jobs.phoenixgroup.eu; form-action 'self'; frame-ancestors 'self'; font-src 'self' data: fonts.gstatic.com static.dvinci-easy.com; img-src 'self' data: *.cookiebot.com *.vimeocdn.com https://raw.githubusercontent.com/gmaps-marker-clusterer/gmaps-marker-clusterer/master/images/m1.png googleapis.com *.gstatic.com translate.google.com www.googletagmanager.com *.google-analytics.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hcaptcha.com hcaptcha.com *.cookiebot.com static.dvinci-easy.com *.google-analytics.com googleapis.com www.googletagmanager.com *.googleapis.com; style-src 'self' 'unsafe-inline' googleapis.com *.googleapis.com static.dvinci-easy.com; manifest-src 'self'; connect-src 'self' googleapis.com *.googleapis.com *.hcaptcha.com *.cookiebot.com *.google-analytics.com static.dvinci-easy.com jobs.phoenixgroup.eu; frame-src 'self' *.hcaptcha.com blomann-design.1kcloud.com www.googletagmanager.com player.vimeo.com *.cookiebot.com 1
default-src 'self' https:; base-uri 'self'; img-src data: https:; font-src data: https:; media-src 'self' data: https: youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: googletagmanager.com embed.tawk.to app.usercentrics.eu privacy-proxy.usercentrics.eu; script-src-elem 'self' 'unsafe-inline' https:; connect-src 'self' https: wss:; style-src 'self' 'unsafe-inline' https:; frame-ancestors 'self'; child-src 'self' https: *; worker-src blob:; frame-src 'self' https: * 1
frame-ancestors https://*.etracker.com/ https://*.etracker.de https://*.zscalertwo.net/ https://dematic.my.salesforce.com https://kiongroup--chrisdev.sandbox.my.salesforce.com/ https://newapp.etracker.com/ https://tz.kiongroup.net https://zscalertwo.net/; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://wchat.freshchat.com; font-src 'self' data: https://*.gstatic.com; img-src 'self' data: https://cmsaccom.computicket.com https://content.computicket.com https://*.computicket.com https://www.google-analytics.com https://*.google.co.in https://*.gstatic.com https://*.googleapis.com https://*.google.com https://img.icons8.com; frame-src https://*.freshchat.com https://*.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline'	https://*.google.com https://www.googletagmanager.com	https://www.google-analytics.com https://*.freshchat.com https://*.googleapis.com; connect-src 'self' wss://*.computicket.com/ https://*.google.com https://*.computicket.com https://www.google-analytics.com https://maps.googleapis.com/ https://*.doubleclick.net; 1
frame-ancestors 'self' secure.onpointcu.com; 1
default-src 'unsafe-inline' *.amh.com *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com *.facebook.com *.typekit.net *.umbraco.io *.vimeo.com *.vimeocdn.com *.azureedge.net *.applicationinsights.azure.com *.launchdarkly.com *.crazyegg.com *.doubleclick.net *.boxcloud.com *.stripe.com *.plaid.com *.youtube.com *.insidemaps.com data: blob:;frame-ancestors *.amh.com *.dynamics.com; script-src 'unsafe-inline' *.amh.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.facebook.net *.launchdarkly.com *.stripe.com *.plaid.com *.levelaccess.net *.crazyegg.com 1
script-src 'self' 'unsafe-inline' *.facebook.net *.cookiebot.com *.googletagmanager.com *.google-analytics.com *.licdn.com *.yimg.com *.zoominfo.com *.marketo.com *.stackadapt.com *.hotjar.com; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.stackadapt.com; img-src 'self' data: *.linkedin.com *.yahoo.com *.facebook.com *.google.com *.google.com.au *.nuix.com *.googletagmanager.com *.stackadapt.com; frame-ancestors 'self'; report-uri /report-csp-violation 1
default-src 'self' ; frame-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.flexiloans.com http://accounts.digitallocker.gov.in https://accounts.digitallocker.gov.in https://adcanopus.go2cloud.org https://adcentmediapvtltd649.o18.click https://admattic.gotrackier.com https://affnads.gotrackier.com https://ak.gotrackier.com https://altiventechnologiespvtltd10106723.o18.click https://api-js.mixpanel.com https://api.digitallocker.gov.in https://apis.sharechat.com https://aqugencloud.com https://blog.idfy.com https://capture.kyc.idfy.com https://cdn.taboola.com https://cdn.invitereferrals.com https://cdn.jsdelivr.net https://cdn.mxpnl.com https://secure.adnxs.com https://*.taboola.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://cupshup10120398.o18.click https://*.cloudfront.net https://demandesk.adzflyer.com https://digital26.gotrackier.com https://ext.digio.in https://ext.digio.in:444 https://googleads.g.doubleclick.net https://hv-camera-web-sg.s3-ap-southeast-1.amazonaws.com https://img1.digitallocker.gov.in https://indiadotcom.gotrackier.com https://ipapi.co https://jsonip.com https://logicmiles.o18.click https://mify.gotrackier.com https://optimidea.go2cloud.org https://pentagrid-ag-scan-controller.local:1337 https://performance.gotrackier.com https://pips.taboola.com https://routesmedia.o18.click https://rum-http-intake.logs.datadoghq.com https://s3.ap-south-1.amazonaws.com https://sb-ssl.google.com https://sc-events-sdk.sharechat.com https://script.hotjar.com https://spectrum.gotrackier.com https://static.hotjar.com https://stats.g.doubleclick.net https://td.doubleclick.net https://tracking.adcanopus.com https://tracking.icubeswire.co https://tracking.salesleaf.com https://trc-events.taboola.com https://trc.taboola.com https://trk.mrndigital.in https://trk.opiclepxl.com https://vars.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.co.in https://www.google.com https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://www.intellectadz.com https://www.ref-r.com https://wzrkt.com ; script-src-elem 'self' 'unsafe-inline' https://*.flexiloans.com http://accounts.digitallocker.gov.in https://accounts.digitallocker.gov.in https://adcanopus.go2cloud.org https://adcentmediapvtltd649.o18.click https://admattic.gotrackier.com https://affnads.gotrackier.com https://ak.gotrackier.com https://altiventechnologiespvtltd10106723.o18.click https://api-js.mixpanel.com https://api.digitallocker.gov.in https://apis.sharechat.com https://aqugencloud.com https://blog.idfy.com https://capture.kyc.idfy.com https://cdn.taboola.com https://cdn.invitereferrals.com https://cdn.jsdelivr.net https://cdn.mxpnl.com https://cdn.mxpnl https://*.taboola.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://cupshup10120398.o18.click https://*.cloudfront.net https://demandesk.adzflyer.com https://digital26.gotrackier.com https://ext.digio.in https://ext.digio.in:444 https://googleads.g.doubleclick.net https://hv-camera-web-sg.s3-ap-southeast-1.amazonaws.com https://img1.digitallocker.gov.in https://indiadotcom.gotrackier.com https://ipapi.co https://jsonip.com https://logicmiles.o18.click https://mify.gotrackier.com https://optimidea.go2cloud.org https://pentagrid-ag-scan-controller.local:1337 https://performance.gotrackier.com https://pips.taboola.com https://routesmedia.o18.click https://rum-http-intake.logs.datadoghq.com https://s3.ap-south-1.amazonaws.com https://sb-ssl.google.com https://sc-events-sdk.sharechat.com https://script.hotjar.com https://spectrum.gotrackier.com https://static.hotjar.com https://stats.g.doubleclick.net https://td.doubleclick.net https://tracking.adcanopus.com https://tracking.icubeswire.co https://tracking.salesleaf.com https://trc-events.taboola.com https://trc.taboola.com https://trk.mrndigital.in https://trk.opiclepxl.com https://vars.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.co.in https://www.google.com https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://www.intellectadz.com https://www.ref-r.com https://wzrkt.com https://ka-f.fontawesome.com https://unpkg.com https://smtpjs.com; style-src 'self' *.typekit.net fonts.googleapis.com cdn.invitereferrals.com 'unsafe-inline'; font-src 'self' *.typekit.net fonts.googleapis.com fonts.gstatic.com ka-f.fontawesome.com; img-src 'self' data: blob: *; worker-src 'self' https://*.flexiloans.com blob:; connect-src *; 1
frame-ancestors 'self' http://iportal.purs.local; 1
connect-src 'self' core.tuerchen.com tuerchen.app *.etracker.de *.etracker.com *.usercentrics.eu *.novomind.com *.ekomiapps.de *.google.com *.googlesyndication.com *.google-analytics.com *.doubleclick.net *.trbo.com *.quantserve.com *.hansemerkur-vertriebsportal.de *.hansemerkur.de *.fitrockr.com; default-src 'self'; font-src 'self' data:  *.novomind.com font.gstatic.com; frame-ancestors 'self' *.hanse-merkur.de newapp.etracker.com localhost *.hokify.de www.dwin1.com; frame-src 'self' blob: hansemerkur.happymo.re *.usercentrics.eu youtube.com *.youtube.com *.youtube-nocookie.com *.novomind.com *.kasko.io *.kaskocloud.com *.google.com *.trbo.com *.facebook.com *.pantumdetect.com *.awin1.com *.hansemerkur-video.de *.hanse-merkur.de *.ad-srv.net *.mein-hmrv.de *.criteo.com www.public-hansemerkur.de; img-src 'self' data: tuerchen.app core.tuerchen.com *.hmrv.de *.hansemerkur.de tile.geofabrik.de *.etracker.de *.etracker.com *.gstatic.com *.google-analytics.com *.novomind.com *.bing.com *.doubleclick.net *.usercentrics.eu *.google.com *.google.de *.trbo.com ekomi-ui.s3.amazonaws.com www.facebook.com *.quantcount.com *.quantserve.com lantern.roeye.com *.hansemerkur-vertriebsportal.de *.hansemerkur.de *.tradedoubler.com *.googletagmanager.com; media-src 'self' *.hansemerkur-video.de *.youtube.com; object-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' tuerchen.app www.happymo.re *.etracker.de *.etracker.com *.googletagmanager.com www.dwin1.com *.usercentrics.eu *.novomind.com *.bing.com *.google.com *.google-analytics.com *.kasko.io *.kaskojs.com *.ekomiapps.de *.doubleclick.net *.googleadservices.com *.trbo.com connect.facebook.net *.hanse-merkur.de *.quantserve.com *.quantcount.com lantern.roeyecdn.com *.signalize.com *.tradedoubler.com *.criteo.com *.fitrockr.com; style-src 'self'  'unsafe-inline' tuerchen.app www.etracker.de fonts.googleapis.com tagmanager.google.com *.googletagmanager.com *.novomind.com *.ekomiapps.de 1
default-src 'self' https:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; connect-src 'self' https: wss:; worker-src 'self' blob: https: 1
frame-ancestors 'self' https://www.bookingbuddy.com https://www.shermanscruise.com 1
default-src http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval' data: https: service-content.lumion.com services.lumion3d.net lumion.com s.ytimg.com www.youtube.com www.youtube-nocookie.com kit.fontawesome.com kit-free.fontaw.com ajax.googleapis.com fonts.googleapis.com use.typekit.net p.typekit.net use.fontawesome.com t.co ipapi.co www.google-analytics.com www.googleadservices.com connect.facebook.net static.ads-twitter.com analytics.twitter.com platform.twitter.com cdn.syndication.twimg.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com vc.hotjar.io www.google.com www.facebook.com fonts.gstatic.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.googletagmanager.com static.cloudflareinsights.com ajax.cloudflare.com https://*.sheerid.com platform.twitter.com; frame-ancestors 'self' https://*.storyblok.com/; frame-src https://meetings-eu1.hubspot.com/ https://app-eu1.hubspot.com/ https://portal.productboard.com https://*.hsforms.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://11264468.fls.doubleclick.net/ https://td.doubleclick.net/ download.lumion.com https://*.sheerid.com view.mylumion.com www.youtube.com www.youtube-nocookie.com platform.twitter.com vars.hotjar.com www.facebook.com syndication.twitter.com player.vimeo.com; object-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.perfectaudience.com *.typekit.net *.smushcdn.com https://us-u.openx.net *.yahoo.com *.addthis.com *.twitter.com *.rlcdn.com *.clickagy.com https://tags.clickagy.com *.google.com *.cloudflare.com *.googleapis.com *.gstatic.com data: *.marketingautomation.services https://ws.zoominfo.com https://secure.gravatar.com https://aorta.clickagy.com https://tag.perfectaudience.com/ https://pixel-geo.prfct.co/ https://secure.adnxs.com/ https://rsms.me/ https://boards-api.greenhouse.io https://w.soundcloud.com https://pixel.rubiconproject.com https://cm.g.doubleclick.net https://pixel.prfct.co/; 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data:; font-src 'self' https: data:; connect-src 'self' https: wss:; frame-src 'self' https:; media-src 'self' https: blob:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'self'; 1
frame-ancestors https://mng.gdtv.cn/ http://test-mp-gdtv.itouchtv.cn/ 1
frame-ancestors 'self' https://www.callawayconnect.com/; 1
frame-ancestors 'self' mopinion.com app.mopinion.com 1
frame-ancestors 'self' https://www.gobio.com *.gobio.com *.gobio.com 1
default-src 'self' 'unsafe-inline' *.neighborhoods.com *.55places.com accounts.google.com fonts.googleapis.com *.gstatic.com www.googletagmanager.com www.google-analytics.com analytics.google.com googleads.g.doubleclick.net stats.g.doubleclick.net apis.google.com www.google.com script.google.com script.googleusercontent.com connect.facebook.net www.facebook.com *.yelpcdn.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com/ *.cloudflare.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net *.hubspot.com api.hubapi.com bat.bing.com api.greenhouse.io td.doubleclick.net *.mapbox.com data: blob:;frame-ancestors 'self' 1
default-src 'self' https: data: blob:; connect-src 'self' https: wss: data: blob:; font-src 'self' https: data:; img-src 'self' https: data: blob:; object-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' 'self' blob:; style-src 'self' https: 'unsafe-inline'; worker-src blob: 1
default-src https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://piwik.fsf.org 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 1
frame-ancestors 'self' *.monday.com/ https://iframetester.com/ 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; frame-ancestors https://www.babyboom.pl https://*.safeframe.googlesyndication.com ; font-src * data: blob: 'unsafe-inline' 1
default-src 'self' blob: studwork.ru *.cloudfront.net *.a.trbcdn.net *.studwork.ru mc.yandex.ru mc.yandex.com *.googletagmanager.com analytics.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: d2wy8f7a9ursnm.cloudfront.net cdnjs.cloudflare.com connect.facebook.net vk.com *.playbuzz.com yastatic.net studwork.ru *.studwork.ru ajax.googleapis.com www.google-analytics.com *.google.com *.gstatic.com *.yandex.ru *.yandex.com *.chatra.io www.googletagmanager.com www.instagram.com; style-src 'self' *.cloudflare.com studwork.ru *.studwork.ru *.googleapis.com *.google.com *.chatra.io 'unsafe-inline'; img-src 'self' data: blob: *.cloudfront.net *.a.trbcdn.net c5mdnuiqw2.a.trbcdn.net vk.com *.facebook.com img.playbuzz.com *.algebra24.ru studwork.ru studwork.obs.ru-moscow-1.hc.sbercloud.ru s3-studwork-pd01.s3pd01.sbercloud.ru studwork.storage.yandexcloud.net storage.yandexcloud.net *.studwork.ru *.google.com *.google.ru www.google-analytics.com *.yandex.ru *.yandex.com *.yandex.net *.gstatic.com *.doubleclick.net *.chatra.io www.googletagmanager.com *.fbcdn.net *.cdninstagram.com; font-src 'self' *.cloudflare.com *.studwork.ru *.gstatic.com *.a.trbcdn.net data: *.yandex.ru; connect-src 'self' ws: wss: *.playbuzz.com studwork.ru *.studwork.ru *.yandex.ru *.yandex.com *.chatra.io *.bugsnag.com *.googleapis.com *.google.com *.google.ru *.google-analytics.com stats.g.doubleclick.net; frame-src 'self' blob: www.youtube.com www.instagram.com studwork.obs.ru-moscow-1.hc.sbercloud.ru s3-studwork-pd01.s3pd01.sbercloud.ru c5mdnuiqw2.a.trbcdn.net h20x37ek96.a.trbcdn.net studwork.storage.yandexcloud.net storage.yandexcloud.net d1uw69x4c2zrim.cloudfront.net d1he4a7838so59.cloudfront.net yastatic.net *.studwork.ru *.chatra.io *.google.com *.facebook.com w.soundcloud.com view.officeapps.live.com mc.yandex.ru mc.yandex.com td.doubleclick.net; worker-src 'self' data: *.studwork.ru; media-src 'self' data: *.yandex.ru *.yandex.net d1he4a7838so59.cloudfront.net c5mdnuiqw2.a.trbcdn.net *.obs.ru-moscow-1.hc.sbercloud.ru 1
base-uri 'self';default-src 'self' https://*.crazyegg.com;form-action 'self' https://www.facebook.com;img-src 'self' blob: data: https:;media-src 'self' https://cdn.tenantcloud.net https://tenantcloud.s3.us-west-2.amazonaws.com/ https://*.purechatcdn.com;object-src 'none';frame-src https://www.google.com https://www.facebook.com https://accounts.google.com https://*.doubleclick.net https://www.youtube.com https://anchor.fm https://podcasters.spotify.com https://tenantcloud.typeform.com https://form.typeform.com https://player.vimeo.com;script-src 'self' 'unsafe-inline' https://cdn.tenantcloud.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://google-analytics.com https://*.googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com https://accounts.google.com https://*.facebook.net https://*.crazyegg.com https://*.purechat.com https://*.purechatcdn.com https://embed.typeform.com https://secure.quantserve.com/quant.js https://rules.quantcount.com/rules-p-qGKfkSMRakkcP.js https://scripts.claspo.io https://cdn.claspo.io https://app.convertful.com https://traffic.deny.network;connect-src 'self' https://cdn.tenantcloud.net https://*.google-analytics.com https://google-analytics.com https://*.googleadservices.com https://*.google.com https://stats.g.doubleclick.net https://*.facebook.com https://*.crazyegg.com https://*.purechat.com https://*.sentry.io https://app.convertful.com https://script.claspo.io https://ipapi.co https://traffic.winterhoff.io;style-src 'self' 'unsafe-inline' https://cdn.tenantcloud.net https://*.typekit.net https://cdn.jsdelivr.net/npm/remixicon@2.5.0/fonts/remixicon.css https://cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.css https://embed.typeform.com https://www.googletagmanager.com https://fonts.googleapis.com;font-src data: https://cdn.tenantcloud.net https://*.typekit.net https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com;child-src blob: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://social.coop; img-src 'self' https: data: blob: https://social.coop; style-src 'self' https://social.coop 'nonce-wxaPi4SAu/PHTlRDFcP/vg=='; media-src 'self' https: data: https://social.coop; frame-src 'self' https:; manifest-src 'self' https://social.coop; form-action 'self'; child-src 'self' blob: https://social.coop; worker-src 'self' blob: https://social.coop; connect-src 'self' data: blob: https://social.coop https://social-coop-media.ams3.cdn.digitaloceanspaces.com wss://social.coop; script-src 'self' https://social.coop 'wasm-unsafe-eval' 1
base-uri 'self' 'unsafe-inline' 'unsafe-eval'  https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.trustedshops.co.uk/buyerrating/info_X93D475E1BF679F083C0D1582454C3483.html https://www.trustedshops.es/evaluacion/info_X20DF4B0194522AAB4B67F1BD773A7534.html https://hooks.slack.com/services/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 https://umap.openstreetmap.fr/ https://fonts.googleapis.com https://mypudo.pickup-services.com/mypudo/mypudo.asmx https://api.trustedshops.com/rest/restricted/v2/shops https://733-cee-728.mktorest.com https://www.fna-cartegrise.fr/euro4x4parts.asp https: www.google-analytics.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/ga.js https://va.tawk.to/v1/session/start https://embed.tawk.to/ https://www.tawk.to/; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; img-src 'self' 'unsafe-inline' 'unsafe-eval' data:  https:; media-src 'self' 'unsafe-inline' 'unsafe-eval' https:; object-src 'self'; font-src 'self' https://embed.tawk.to/ data: fonts.gstatic.com; 1
default-src https: data: wss://*.hotjar.com wss://*.crazyegg.com *.crazyegg.com wss://*.zohopublic.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests;media-src blob: data: https:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com fonts.gstatic.com dayohvjefwkyk.cloudfront.net cdnjs.cloudflare.com connect.facebook.net lovado.net:3000 wss://lovado.net:3000 piwik.micropayment.de *.stripe.com code.jquery.com maxcdn.bootstrapcdn.com www.facebook.com compliesfolonest.com pactickyvilsents.com www.gstatic.com cdn.rawgit.com www.google.com cdn.jsdelivr.net; img-src 'self' data: dayohvjefwkyk.cloudfront.net cdn.jsdelivr.net code.jquery.com; 1
default-src 'self';font-src 'self' fonts.gstatic.com cdn.kustomerapp.com;frame-ancestors 'none';upgrade-insecure-requests;style-src 'self' 'unsafe-inline' fonts.googleapis.com;img-src 'self' blob: data: res.cloudinary.com *.loungebuddy.com *.evidon.com *.apple-mapkit.com stripe.com *.stripe.com *.kustomerhostedcontent.com *.kustomerapp.com www.gravatar.com maps.googleapis.com *.americanexpress.com *.aexp-static.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.au https://*.google.co.uk https://*.google.fr https://*.google.de https://*.google.com.mx;object-src 'self' data: blob:;connect-src 'self' api.amplitude.com stripe.com *.stripe.com *.evidon.com loungebuddy.api.kustomerapp.com rum-http-intake.logs.datadoghq.com *.pndsn.com maps.googleapis.com *.americanexpress.com *.aexp-static.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.au https://*.google.co.uk https://*.google.fr https://*.google.de https://*.google.com.mx *.apple-mapkit.com stripe.com *.stripe.com *.evidon.com cdn.amplitude.com cdn.kustomerapp.com cdn.polyfill.io *.datadoghq.com www.datadoghq-browser-agent.com *.americanexpress.com *.aexp-static.com maps.googleapis.com https://*.googletagmanager.com;worker-src blob:;script-src 'self' 'sha384-vYYnQ3LPdp/RkQjoKBTGSq0X5F73gXU3G2QopHaIfna0Ct1JRWzwrmEz115NzOta' *.apple-mapkit.com stripe.com *.stripe.com *.evidon.com cdn.amplitude.com cdn.kustomerapp.com cdn.polyfill.io *.datadoghq.com www.datadoghq-browser-agent.com *.americanexpress.com *.aexp-static.com maps.googleapis.com https://*.googletagmanager.com;script-src-elem 'self' *.apple-mapkit.com stripe.com *.stripe.com *.evidon.com cdn.amplitude.com cdn.kustomerapp.com cdn.polyfill.io *.datadoghq.com www.datadoghq-browser-agent.com *.americanexpress.com *.aexp-static.com maps.googleapis.com https://*.googletagmanager.com 'sha384-vYYnQ3LPdp/RkQjoKBTGSq0X5F73gXU3G2QopHaIfna0Ct1JRWzwrmEz115NzOta' 'nonce-WZ/Gntd4gG/pNxfluclGhg==';frame-src *.stripe.com *.loungebuddy.com *.loungebuddy.com.au *.loungebuddy.co.uk *.loungebuddy.de *.loungebuddy.fr *.loungebuddy.mx; 1
frame-ancestors "self" https://*.belvo.com:*; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.salesforceliveagent.com service.force.com *.my.salesforce.com *.google.com *.facebook.net *.facebook.com *.omtrdc.net *.youtube.com *.ytimg.com *.doubleclick.net *.googleapis.com *.bazaarvoice.com *.iesnare.com appleid.cdn-apple.com www.googletagmanager.com www.googleadservices.com activitymap.adobe.com qasfix-hofer.cs101.force.com cs101.salesforce.com https://www.googletagmanager.com/gtag/js *.bing.com https://s.pinimg.com/ct/core.js https://s.pinimg.com/ct/lib/main.2a04f3ee.js hofer.force.com hofer.secure.force.com https://cdn.polyfill.io/v2/polyfill.min.js static.lightning.force.com *.cookielaw.org *.onetrust.com s7g10.scene7.com tags.tiqcdn.com collect.tealiumiq.com *.my.salesforce-sites.com int-crm--c.vf.force.com; object-src 'none'; connect-src 'self' *.omtrdc.net *.demdex.net *.postcodeanywhere.co.uk *.bazaarvoice.com *.facebook.com activitymap.adobe.com sitecatalyst.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com c.la1-c1-fra.salesforceliveagent.com EU17.salesforce.com d.la1-c1-fra.salesforceliveagent.com www.zurueckzumursprung.at https://storefinder.aldi.at https://empty-fridge-widget.vercel.app https://gewinnspiel.aldi-sued.de test.storefinder.aldi.at *.googleapis.com *.cookielaw.org *.onetrust.com s7g10.scene7.com collect.tealiumiq.com *.doubleclick.net *.my.salesforce.com *.my.salesforce-sites.com *.salesforceliveagent.com int-crm--c.vf.force.com; style-src 'self' 'unsafe-inline' *.bazaarvoice.com *.googleapis.com *.omtrdc.net *.my.salesforce.com service.force.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com *.cookielaw.org *.onetrust.com s7g10.scene7.com *.my.salesforce-sites.com *.salesforceliveagent.com int-crm--c.vf.force.com; font-src 'self' *.gstatic.com data:; frame-src 'self' *.demdex.net *.facebook.com *.google.com *.youtube.com *.youtube-nocookie.com *.customervoice360.com *.adobe.com aldisued.marketing.adobe.com *.psa.at aldisued.experiencecloud.adobe.com web-psa-preprod.mp-testing.com rest-b2b-crt-preprod.mp-testing.com psa-card-administration.mobile-pocket.com *.bazaarvoice.com *.iesnare.com www.elettershop.de t.elettershop.de *.salesforceliveagent.com service.force.com activitymap.adobe.com *.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com *.doubleclick.net www.zurueckzumursprung.at storefinder.aldi.at https://empty-fridge-widget.vercel.app https://gewinnspiel.aldi-sued.de test.storefinder.aldi.at cs107.salesforce.com eu17.salesforce.com volantino.aldi.it *.questback.com *.my.salesforce.com *.my.salesforce-sites.com int-crm--c.vf.force.com; frame-ancestors 'self' https://aldisued.marketing.adobe.com https://aldisued.experiencecloud.adobe.com https://www.elettershop.de https://t.elettershop.de https://experience.adobe.com hofer-custom.staffbase.com unserhofer.hofer.at localhost:* 1
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; worker-src 'self' blob:; object-src 'self'; frame-src 'self' https://www.youtube-nocookie.com https://umap.openstreetmap.fr https://plugins.flockler.com https://www.podcaster.de; 1
child-src blob: 'self';connect-src 'self' https://*.yimg.com https://*.yahoo.com https://s.yimg.com/nq/ads/mb/native/* https://service.cmp.oath.com https://www.yahoo.com/p.gif https://smetrics.att.com/id https://dpm.demdex.net/id https://video-api.yql.yahoo.com/ https://edgecast-vod.yahoo.net/ https://*.vpg.cdn.yimg.com/ https://media.zenfs.com/ https://assets.video.yahoo.net/ https://ads.adaptv.advertising.com/ https://video.adaptv.advertising.com/ https://consent.yahoo.com/ https://ganon.yahoo.com/ https://geo.yahoo.com/ https://guce.yahoo.com/ https://api.taboola.com/1.2/json/taboola-usersync/user.sync https://gpt.mail.yahoo.net/ https://alpha-gpt.mail.yahoo.net/ https://alpha-gam.mail.yahoosandbox.net/ https://canary-gam.mail.yahoosandbox.net/ https://gam.mail.yahoosandbox.net/;default-src 'self';font-src https: data:;frame-src https://*.yahoo.com https://*.yimg.com https://*.ymail.com https://secure.bannerfarm.ace.advertising.com https://cmp.advertising.com https://assets.video.yahoo.net/ https://opus.analytics.yahoo.com https://tsdtocl.com/ https://consent.yahoo.com/ https://guce.yahoo.com/ https://pfs.yahoo.com https://gpt.mail.yahoo.net/sandbox https://alpha-gpt.mail.yahoo.net/sandbox https://alpha-gam.mail.yahoosandbox.net/sandbox https://canary-gam.mail.yahoosandbox.net/sandbox https://gam.mail.yahoosandbox.net/sandbox https://norrin.tbl.mail.yahoosandbox.net https://alpha-tbl.mail.yahoosandbox.net https://tbl.mail.yahoosandbox.net;img-src data: blob: http: https: https://ganon.yahoo.com/ https://geo.yahoo.com/;media-src blob: https://*.yahoo.com https://*.yimg.com;report-uri https://csp.yahoo.com/beacon/csp?src=mail-norrin;script-src 'self' https://s.yimg.com/nq/nr/ https://s.yimg.com/os/yaft/ https://s.yimg.com/ss/ https://s.yimg.com/aaq/yc/ https://s.yimg.com/ds/scripts/ https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://s.yimg.com/aaq/vzm/ https://s.yimg.com/cx/pv/ https://s.yimg.com/nq/polyfills/ https://yep.video.yahoo.com/ https://s.yimg.com/rx/ https://assets.video.yahoo.net/ https://jsapi.login.yahoo.com/w/ https://s.aolcdn.com/membership/omp-static/omp-widgets/ https://qa.checkout.yahoo.com/widget/ https://checkout.yahoo.com/widget/ https://s.yimg.com/cv/apiv2/partner-portals/att/adobe_analytics/ https://consent.cmp.oath.com/ https://opus.analytics.yahoo.com/ https://s.yimg.com/oa/ https://s.yimg.com/uc/sf/ https://s.yimg.com/cx/acookie/ 'sha256-lRMQ2lQozgbWLOqNJOrnclJXX6G77pQVIlF8SAI3++I=' 'sha256-xx5VFh71P/poOsh6S7wo5Hz/h6kNWHqOpIqJR04djx4=' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://s.yimg.com/oa/ 'nonce-rqMEGGznL9trySwP7pZJE/I1+kxrC2G2Ck2zmH1evZdxu/0S' ;style-src 'self' https://s.yimg.com/nq/nr/ https://assets.video.yahoo.net/ 'unsafe-inline';worker-src 'self' blob:;manifest-src https://s.yimg.com/nq/nr/json/ 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.editorasaraiva.com.br cdn.jsdelivr.net *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com vlibras.gov.br *.jt.jus.br blob:; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.jt.jus.br; 1
frame-ancestors https://app.reskyt.com https://app.deporvillage.de 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://*.zenaps.com https://*.criteo.com https://static.criteo.net https://wb.messengerpeople.com https://tpc.googlesyndication.com https://ct.pinterest.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob: https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://d2d7do8qaecbru.cloudfront.net; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://ct.pinterest.com https://*.google.co.in https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.co.in https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://*.parcellab.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn https://fonts.smct.co https://fonts.smct.io https://fonts.gstatic.com; form-action 'self' https://www.facebook.com https://www.myprotein.co.in https://m.myprotein.co.in https://checkout.myprotein.co.in https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.hotjar.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myprotein.co.in https://smct.co https://*.smct.co https://smct.io https://*.smct.io; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn https://fonts.smct.co https://fonts.smct.io https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://d2i34c80a0ftze.cloudfront.net *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://d2i34c80a0ftze.cloudfront.net data: blob: https://play.vidyard.com https://*.cloudfront.net https://1e5e001cac52428daa2d7f8bcde3aac0.js.ubembed.com https://*.js.ubembed.com https://*.ssl.cf2.rackcdn.com https://connect.facebook.net https://snap.licdn.com https://scout-cdn.salesloft.com https://tag.demandbase.com https://metadata-static-files.sfo2.cdn.digitaloceanspaces.com https://assets.ubembed.com https://js.driftt.com https://go.league.com https://js.adsrvr.org https://pi.pardot.com https://static.hotjar.com https://script.hotjar.com unsafe-eval unsafe-inline *.visualwebsiteoptimizer.com app.vwo.com https://assets.contently.com/insights/insights.js https://s.ytimg.com/yts/jsbin/www-widgetapi-vflT-xPmY/www-widgetapi.js https://track.contently.com/track https://assets.contently.com https://go.league.com/ https://eywkvsmxggi.exactdn.com https://e3r429ujnza.exactdn.com https://e6qf6tqme5e.exactdn.com platform.instagram.com www.instagram.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://d2i34c80a0ftze.cloudfront.net https://static.hotjar.com https://script.hotjar.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com unsafe-inline https://e3r429ujnza.exactdn.com https://cdn.cookielaw.org https://eywkvsmxggi.exactdn.com https://go.league.com https://e6qf6tqme5e.exactdn.com *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://d2i34c80a0ftze.cloudfront.net *.vidyard.com https://eywkvsmxggi.exactdn.com https://match.prod.bidr.io https://id.rlcdn.com https://px.ads.linkedin.com https://segments.company-target.com https://p.adsymptotic.com https://www.facebook.com https://static.hotjar.com https://script.hotjar.com https://px4.ads.linkedin.com https://www.google.ca/ads/ga-audiences https://e3r429ujnza.exactdn.com *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com wingify-assets.s3.amazonaws.com *.exactdn.com https://e6qf6tqme5e.exactdn.com https://*.ithemes.com https://cdn.cookielaw.org https://go.league.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://cdn.cookielaw.org https://d2i34c80a0ftze.cloudfront.net blob: https://play.vidyard.com https://geolocation.onetrust.com https://api.company-target.com https://in.hotjar.com https://*.onetrust.com https://scout.salesloft.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com/tr/ https://*.oribi.io *.visualwebsiteoptimizer.com app.vwo.com https://track.contently.com/track https://yoast.com *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com; font-src 'self' data: https://d2i34c80a0ftze.cloudfront.net https://script.hotjar.com https://cdn.cookielaw.org https://eywkvsmxggi.exactdn.com https://e3r429ujnza.exactdn.com https://go.league.com https://e6qf6tqme5e.exactdn.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' https://d2i34c80a0ftze.cloudfront.net data: blob: https://play.vidyard.com; media-src 'self' https://d2i34c80a0ftze.cloudfront.net https://play.vidyard.com https://e3r429ujnza.exactdn.com/ https://e6qf6tqme5e.exactdn.com https://cdn.cookielaw.org https://eywkvsmxggi.exactdn.com https://e3r429ujnza.exactdn.com https://go.league.com; frame-src 'self' https://go.league.com https://d2i34c80a0ftze.cloudfront.net data: blob: https://play.vidyard.com https://vars.hotjar.com https://js.driftt.com https://insight.adsrvr.org https://www.facebook.com https://match.adsrvr.org app.vwo.com *.visualwebsiteoptimizer.com https://assets.contently.com/ https://www.youtube-nocookie.com https://go.league.com/ www.instagram.com *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; worker-src 'self' blob:; 1
child-src https://share.intercom.io   https://intercom-sheets.com https://www.youtube-nocookie.com  https://www.youtube.com   https://player.vimeo.com   https://fast.wistia.net blob:; connect-src 'self' www.facebook.com dev.visualwebsiteoptimizer.com *.wisepops.com *.googlesyndication.com *.typekit.net  https://appupdate.intoithost.be https://client.localmiddleware.be:20202  https://api.intercom.io   https://api-iam.intercom.io   https://api-ping.intercom.io   https://nexus-websocket-a.intercom.io   https://nexus-websocket-b.intercom.io   https://nexus-long-poller-a.intercom.io   https://nexus-long-poller-b.intercom.io   wss://nexus-websocket-a.intercom.io   wss://nexus-websocket-b.intercom.io   https://uploads.intercomcdn.com   https://uploads.intercomusercontent.com   https://app.getsentry.com *.google-analytics.com cdn.cookielaw.org https://s.yimg.com *.analytics.google.com *.dela-env.net dela-real-time-ui-events-prd.azurewebsites.net customer-portal-ui-gateway.prd.dela-env.net dela-signalr-customer-portal-prd.service.signalr.net wss://dela-signalr-customer-portal-prd.service.signalr.net www.googleapis.com https://www.ingedachten.be https://www.dansnospensees.be stats.g.doubleclick.net  https://privacyportal-eu.onetrust.com *.google.com https://googleads.g.doubleclick.net delabe-api-addressservice-prd.azurewebsites.net delabe-api-premiumcalculation-prd.azurewebsites.net https://tpc.googlesyndication.com *.googleapis.com *.gsitrix.com webtrafficsource.com geolocation.onetrust.com middleware.diossupdate.com middleware-update-test.dioss.io https://hcaptcha.com https://*.hcaptcha.com api.cludo.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com api-iam.eu.intercom.io wss://nexus-europe-websocket.intercom.io activity.wisepops.com popup.wisepops.com tracking.wisepops.com app.getwisp.co wisepops.net a.clarity.ms bat.bing.com r.clarity.ms https://*.clarity.ms *.kameleoon.io *.kameleoon.com *.kameleoon.eu tr.outbrain.com; default-src 'self' https://*.kameleoon.com https://jpc9r4857m.kameleoon.eu https://*.kameleoon.io;; font-src 'self' sp-bootstrap.global.ssl.fastly.net apikeys.civiccomputing.com fonts.gstatic.com use.typekit.com https://js.intercomcdn.com data: *.dela-env.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.intercomcdn.com; frame-ancestors 'self' https://*.kameleoon.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com *.doubleclick.net *.facebook.com *.vimeo.com *.spotify.com *.cvwarehouse.com www.google.com appupdate.intoithost.be  https://optimize.google.com app.livestorm.co cdn.cookielaw.org drive.google.com embed.webinargeek.com vimeo.com tpc.googlesyndication.com *.fls.doubleclick.net *.mathtag.com https://hcaptcha.com https://*.hcaptcha.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.soundcloud.com https://intercom-sheets.com https://*.tradedoubler.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io; img-src 'self' data: dev.visualwebsiteoptimizer.com stats.g.doubleclick.net *.facebook.com *.google-analytics.com i.ytimg.com maps.gstatic.com maps.googleapis.com csi.gstatic.com googleads.g.doubleclick.net *.google.com *.typekit.net *.wisepops.com *.qualys.com http://www.euroflorist.be *.google.it *.googleapis.com *.gstatic.com *.tradetracker.net *.googleadservices.com *.mediahuis.be secure.adnxs.com *.atemda.com *.tradedoubler.com *.google.com.tr *.google.be http://tracking.lqm.io *.metaffiliation.com https://pubads.g.doubleclick.net https://js.intercomcdn.com   https://static.intercomassets.com   https://downloads.intercomcdn.com   https://uploads.intercomusercontent.com   https://gifs.intercomcdn.com  https://www.google.nl www.googletagmanager.com https://lt45.net https://www.lt45.net https://optimize.google.com cdn.cookielaw.org *.dela-env.net *.google.kz  https://www.ingedachten.be https://www.dansnospensees.be atelierfleur.be sp.analytics.yahoo.com p1.zemanta.com tr.outbrain.com igdstorageprd.blob.core.windows.net customer.cludo.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.analytics.google.com downloads.intercomcdn.eu https://bat.bing.com cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net c.clarity.ms https://c.bing.com https://c.clarity.ms *.kameleoon.io *.kameleoon.com *.kameleoon.eu https://static.intercomassets.eu; media-src 'self' data: https://js.intercomcdn.com *.kameleoon.io *.kameleoon.com *.kameleoon.eu; object-src 'self' drive.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.dela.be dev.visualwebsiteoptimizer.com www.dela.be dev.visualwebsiteoptimizer.com www.youtube-nocookie.com www.youtube.com s.ytimg.com www.google.com www.google-analytics.com *.facebook.com *.facebook.net apikeys.civiccomputing.com www.googletagmanager.com  ajax.googleapis.com *.adhese.com ajax.aspnetcdn.com use.typekit.com www.googleadservices.com *.wisepops.com *.cvwarehouse.com *.google.com secure.adnxs.com maps.googleapis.com http://api.cvwarehouse.com *.lqm.io  www.gstatic.com  https://app.intercom.io   https://widget.intercom.io https://intercom-sheets.com https://js.intercomcdn.com https://googleads.g.doubleclick.net cdn.cookielaw.org s.yimg.com sp.analytics.yahoo.com *.dela-env.net *.moatads.com info.dela.be http://info.dela.be https://geolocation.onetrust.com amplify.outbrain.com tpc.googlesyndication.com tr.outbrain.com cdn.jsdelivr.net *.metaffiliation.com *.bsmartdata.com *.gsitrix.com *.adserverboost.com webtrafficsource.com *.mathtag.com https://hcaptcha.com https://*.hcaptcha.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io cdnjs.cloudflare.com https://bat.bing.com cdn.wisepops.com loader.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net www.youtube-nocookie.com www.youtube.com s.ytimg.com www.google.com www.google-analytics.com *.facebook.com *.facebook.net apikeys.civiccomputing.com www.googletagmanager.com  ajax.googleapis.com *.adhese.com ajax.aspnetcdn.com use.typekit.com www.googleadservices.com *.wisepops.com *.cvwarehouse.com *.google.com secure.adnxs.com maps.googleapis.com http://api.cvwarehouse.com *.lqm.io  www.gstatic.com  https://app.intercom.io   https://widget.intercom.io https://intercom-sheets.com https://js.intercomcdn.com https://googleads.g.doubleclick.net cdn.cookielaw.org s.yimg.com sp.analytics.yahoo.com *.dela-env.net *.moatads.com info.dela.be http://info.dela.be https://geolocation.onetrust.com amplify.outbrain.com tpc.googlesyndication.com tr.outbrain.com cdn.jsdelivr.net *.metaffiliation.com *.bsmartdata.com *.gsitrix.com *.adserverboost.com webtrafficsource.com *.mathtag.com https://hcaptcha.com https://*.hcaptcha.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io cdnjs.cloudflare.com https://bat.bing.com www.googleoptimize.com https://*.clarity.ms jpc9r4857m.kameleoon.eu *.kameleoon.com *.kameleoon.io *.kameleoon.eu https://dela.emsecure.net https://*.outbrain.com https://*.tradedoubler.com; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.dela-env.net customer.cludo.com https://hcaptcha.com https://*.hcaptcha.com https://*.hotjar.com *.kameleoon.io *.kameleoon.com *.kameleoon.eu; 1
frame-ancestors 'self' https://*.creditguard.co.il 1
default-src 'self' blob:; connect-src 'self' flixtor.st wss://www.blockonomics.co www.blockonomics.co; font-src cdnjs.cloudflare.com ssl.p.jwpcdn.com; media-src *.jwplayer.com 'self' blob:; object-src *.youtube.com; frame-src *.youtube.com www.google.com challenges.cloudflare.com; frame-ancestors 'none'; child-src 'self' *.youtube.com blob:; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' img.xcdn.to image.tmdb.org flixtor.st images.weserv.nl wsrv.nl cdnjs.cloudflare.com www.blockonomics.co data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' stackpath.bootstrapcdn.com cdn.jsdelivr.net ssl.p.jwpcdn.com *.cloudflare.com *.gstatic.com flixtor.st blob:; 1
frame-ancestors https://*.candlescience.com 1
object-src 'self' http: https: data: blob: 'unsafe-inline' 1
default-src *.ethicspoint.com *.ethicspoint.eu *.navexone.eu *.navexglobal.eu *.policytech.eu ethicspoint.eu 'self' 'unsafe-eval' 'unsafe-inline' *.navexglobal.com app.pendo.io cdn.pendo.io data.pendo.io app.eu.pendo.io cdn.eu.pendo.io data.eu.pendo.io pendo-static-5068799715311616.storage.googleapis.com pendo-static-5176557049217024.storage.googleapis.com pendo-static-5938830502264832.storage.googleapis.com pendo-eu-static-5068799715311616.storage.googleapis.com pendo-eu-static-5176557049217024.storage.googleapis.com pendo-eu-static-5938830502264832.storage.googleapis.com; connect-src *.ethicspoint.com *.ethicspoint.eu *.navexone.eu *.navexglobal.eu *.policytech.eu ethicspoint.eu 'self' 'unsafe-eval' 'unsafe-inline' wss: *.navexglobal.com navex-be-dev.zoominsoftware.io navex-be-prod.zoominsoftware.io *.truste.com *.newrelic.com *.nr-data.net app.pendo.io data.pendo.io api.feedback.us.pendo.io app.eu.pendo.io data.eu.pendo.io api.feedback.eu.pendo.io pendo-static-5068799715311616.storage.googleapis.com pendo-static-5176557049217024.storage.googleapis.com pendo-static-5938830502264832.storage.googleapis.com pendo-eu-static-5068799715311616.storage.googleapis.com pendo-eu-static-5176557049217024.storage.googleapis.com pendo-eu-static-5938830502264832.storage.googleapis.com app.launchdarkly.com events.launchdarkly.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ethicspoint.com *.ethicspoint.eu *.navexone.eu *.navexglobal.eu *.policytech.eu ethicspoint.eu cdn.jsdelivr.net iph.zoominsoftware.io www.googletagmanager.com www.google-analytics.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5068799715311616.storage.googleapis.com pendo-static-5176557049217024.storage.googleapis.com pendo-static-5938830502264832.storage.googleapis.com app.eu.pendo.io cdn.eu.pendo.io pendo-eu-static-5068799715311616.storage.googleapis.com pendo-eu-static-5176557049217024.storage.googleapis.com pendo-eu-static-5938830502264832.storage.googleapis.com *.truste.com *.newrelic.com *.nr-data.net ajax.googleapis.com data: *.ethicspoint.com *.ethicspoint.eu *.navexone.eu *.navexglobal.eu *.policytech.eu ethicspoint.eu app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5068799715311616.storage.googleapis.com pendo-static-5176557049217024.storage.googleapis.com pendo-static-5938830502264832.storage.googleapis.com app.eu.pendo.io cdn.eu.pendo.io pendo-eu-static-5068799715311616.storage.googleapis.com pendo-eu-static-5176557049217024.storage.googleapis.com pendo-eu-static-5938830502264832.storage.googleapis.com *.truste.com *.navexglobal.com ; img-src 'self' data: *.ethicspoint.com *.ethicspoint.eu *.navexone.eu *.navexglobal.eu *.policytech.eu ethicspoint.eu cdn.pendo.io app.pendo.io data.pendo.io cdn.eu.pendo.io app.eu.pendo.io data.eu.pendo.io pendo-static-5068799715311616.storage.googleapis.com pendo-static-5176557049217024.storage.googleapis.com pendo-static-5938830502264832.storage.googleapis.com *.truste.com *.navexglobal.com pendo-eu-static-5068799715311616.storage.googleapis.com pendo-eu-static-5176557049217024.storage.googleapis.com pendo-eu-static-5938830502264832.storage.googleapis.com 0jjym5j2w4.execute-api.us-east-1.amazonaws.com navex-be-dev.zoominsoftware.io navex-be-prod.zoominsoftware.io; frame-src *.ethicspoint.com *.ethicspoint.eu *.navexone.eu *.navexglobal.eu *.policytech.eu ethicspoint.eu app.pendo.io portal.feedback.us.pendo.io app.eu.pendo.io portal.feedback.eu.pendo.io player.vimeo.com 'self' 'unsafe-eval' *.navexglobal.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com app.pendo.io cdn.pendo.io app.eu.pendo.io cdn.eu.pendo.io pendo-static-5068799715311616.storage.googleapis.com pendo-static-5176557049217024.storage.googleapis.com pendo-static-5938830502264832.storage.googleapis.com pendo-eu-static-5068799715311616.storage.googleapis.com pendo-eu-static-5176557049217024.storage.googleapis.com pendo-eu-static-5938830502264832.storage.googleapis.com fonts.googleapis.com *.ethicspoint.com *.typekit.net cloud.typography.com; font-src 'self' fonts.gstatic.com ajax.googleapis.com *.typekit.net fonts.gstatic.com; frame-ancestors 'self' app.pendo.io app.eu.pendo.io *.ethicspoint.eu; 1
default-src 'none'; connect-src 'self' https://px.ads.linkedin.com https://analytics.google.com https://l.evidon.com https://bam.nr-data.net https://maps.googleapis.com https://www.google-analytics.com; font-src https://fonts.gstatic.com; form-action 'self'; frame-src https://www.facebook.com https://www.youtube.com https://www.instagram.com https://platform.twitter.com https://player.vimeo.com https://www.linkedin.com 'self' https://papr.navcanada.ca; media-src 'self' https://papr.navcanada.ca; img-src 'self' https://www.linkedin.com https://px.ads.linkedin.com https://cdn.cluepixel.com data: https://www.facebook.com https://i.vimeocdn.com https://c.evidon.com https://l.evidon.com https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://snap.licdn.com https://www.instagram.com https://platform.twitter.com https://bam.nr-data.net https://c.evidon.com https://code.jquery.com https://connect.facebook.net https://js-agent.newrelic.com https://maps.googleapis.com https://searchg2-assets.crownpeak.net/crownpeak.searchg2-1.0.2.min.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com https://vimeo.com https://www.vimeo.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' circl.lu www.circl.lu www.gstatic.com pandora.circl.lu cra.circl.lu; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: circl.lu www.circl.lu www.gstatic.com pandora.circl.lu cra.circl.lu; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://ln-rules.rewardstyle.com https://www.zenaps.com https://*.recaptcha.net https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://isitetv.com https://*.translate.naver.net https://tr.snapchat.com https://www.shoplooks.com https://tpc.googlesyndication.com blob: https://app.qubit.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ampcid.google.es https://analytics.tiktok.com https://tr.snapchat.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.lookfantastic.es https://sgtm.lookfantastic.es; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://m.lookfantastic.es https://checkout.lookfantastic.es https://www.lookfantastic.es https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://google.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://*.hotjar.com https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://cdn.parcellab.com https://static.thgcdn.cn https://tpc.googlesyndication.com https://analytics.tiktok.com https://*.ibytedtos.com https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com https://static.goqubit.com https://*.qubit.com https://sgtm.lookfantastic.es; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.twitter.com https://*.sumsub.com https://*.cloudflareinsights.com;script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.sumsub.com;img-src 'self' data: blob: https://objects-eu.idanalyzer.com https://*.google-analytics.com https://*.googletagmanager.com https://*.twitter.com https://*.nonkyc.io https://*.sumsub.com;connect-src 'self' https://*.google-analytics.com https://*.sumsub.com wss://*.nonkyc.io wss://nonkyc.io https://*.nonkyc.io;frame-src 'self' https://*.twitter.com https://*.sumsub.com https://*.cloudflare.com;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-MjA4LDI5LDEzMiwxMjIsMjUwLDEzMCwxNDgsMTQ0' blob: https://cdn.discordapp.com/animations/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://checkout.paypal.com https://c.paypal.com https://kit.cash.app https://static.discord.com https://static-edge.discord.com; style-src 'self' 'unsafe-inline' https://cdn.discordapp.com https://*.hcaptcha.com https://hcaptcha.com https://kit.cash.app https://static.discord.com https://static-edge.discord.com; img-src 'self' blob: data: https://*.discordapp.net https://*.discordapp.com https://*.discord.com https://i.scdn.co https://i.ytimg.com https://i.imgur.com https://media.tenor.co https://media.tenor.com https://c.tenor.com https://*.youtube.com https://*.giphy.com https://static-cdn.jtvnw.net https://pbs.twimg.com https://assets.braintreegateway.com https://checkout.paypal.com https://c.paypal.com https://b.stats.paypal.com https://slc.stats.paypal.com https://hnd.stats.paypal.com https://api.cash.app; font-src 'self' https://fonts.gstatic.com https://cash-f.squarecdn.com https://static.discord.com https://static-edge.discord.com; connect-src 'self' https://status.discordapp.com https://status.discord.com https://support.discordapp.com https://support.discord.com https://discordapp.com https://discord.com https://discord-attachments-uploads-prd.storage.googleapis.com https://cdn.discordapp.com https://media.discordapp.net https://images-ext-1.discordapp.net https://images-ext-2.discordapp.net https://router.discordapp.net wss://*.discord.gg https://best.discord.media https://latency.discord.media wss://*.discord.media wss://dealer.spotify.com https://api.spotify.com https://music.amazon.com/embed/oembed https://*.sentry.io https://api.twitch.tv https://api.stripe.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.braintree-api.com https://www.googleapis.com https://*.algolianet.com https://*.hcaptcha.com https://hcaptcha.com https://*.algolia.net ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' blob: disclip: https://*.discordapp.net https://*.discord.com https://*.discordapp.com https://*.youtube.com https://streamable.com https://vid.me https://twitter.com https://oddshot.akamaized.net https://*.giphy.com https://i.imgur.com https://media.tenor.co https://media.tenor.com https://c.tenor.com; frame-src https://discordapp.com/domain-migration discord: https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://hooks.stripe.com https://checkout.paypal.com https://c.paypal.com https://assets.braintreegateway.com https://checkoutshopper-live.adyen.com https://kit.cash.app https://player.twitch.tv https://clips.twitch.tv/embed https://player.vimeo.com https://www.youtube.com/embed/ https://www.tiktok.com/embed/ https://music.amazon.com/embed/ https://music.amazon.co.uk/embed/ https://music.amazon.de/embed/ https://music.amazon.co.jp/embed/ https://music.amazon.es/embed/ https://music.amazon.fr/embed/ https://music.amazon.it/embed/ https://music.amazon.com.au/embed/ https://music.amazon.in/embed/ https://music.amazon.ca/embed/ https://music.amazon.com.mx/embed/ https://music.amazon.com.br/embed/ https://www.youtube.com/s/player/ https://twitter.com/i/videos/ https://www.funimation.com/player/ https://www.redditmedia.com/mediaembed/ https://open.spotify.com/embed/ https://w.soundcloud.com/player/ https://audius.co/embed/ https://*.watchanimeattheoffice.com https://sessionshare.sp-int.playstation.com/ https://session-share.playstation.com/ https://localhost:* https://*.discordsays.com https://discordappcom.cloudflareaccess.com/; child-src 'self' blob: https://assets.braintreegateway.com https://checkout.paypal.com https://c.paypal.com; prefetch-src 'self' https://cdn.discordapp.com/assets/; 1
frame-ancestors 'self'; base-uri 'none'; object-src 'none'; form-action 'self' https://www.facebook.com/; style-src 'self' 'unsafe-inline' https://f.hubspotusercontent-eu1.net/ https://www.gstatic.com/ https://d10lpsik1i8c69.cloudfront.net/ https://www.youtube.com/ https://static.hsappstatic.net/; script-src 'self' 'unsafe-inline' https://f.hubspotusercontent-eu1.net/ https://www.googletagmanager.com/ https://cdn.joblogic.com/ https://static.hsappstatic.net/ https://www.google-analytics.com/ https://pagead2.googlesyndication.com/ https://secure.agile-company-247.com/ https://cdn1.hubspotusercontent-eu1.net/ https://js-eu1.hs-scripts.com/ https://d10lpsik1i8c69.cloudfront.net/ https://analytics.tiktok.com/ https://js-eu1.hscollectedforms.net/ https://js-eu1.hs-banner.com/ https://js-eu1.hubspot.com/ https://js-eu1.hs-analytics.net/ https://js-eu1.hsadspixel.net/ https://widget.intercom.io/ https://js.intercomcdn.com/ https://snap.licdn.com/ https://connect.facebook.net/ https://bat.bing.com/ https://client.prod.mplat-ppcprotect.com/ https://wisepops.net/ https://tpc.googlesyndication.com/ https://www.clarity.ms/ https://googleads.g.doubleclick.net/ https://www.youtube.com/ https://static.doubleclick.net/ https://www.google.com/ https://www.gstatic.com/ https://px.ads.linkedin.com/ https://app-eu1.hubspot.com/ https://td.doubleclick.net/ data: blob:; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wistia.com *.hotjar.com *.linkedin.com *.cloudfront.net www.googleadservices.com www.googletagmanager.com www.google-analytics.com cdn.callrail.com *.helpscout.net *.atlassian.net *.marketo.net *.aciworldwide.com *.vimeo.com vimeo.com *.vimeocdn.com cdn.cookielaw.org geolocation.onetrust.com connect.facebook.net static.ads-twitter.com analytics.twitter.com bat.bing.com static.oktopost.com snap.licdn.com siteimproveanalytics.com *.6sc.co script.crazyegg.com *.doubleclick.net okt.to cdn.siteimprove.net *.omappapi.com platform.twitter.com *.twimg.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net secure.harm6stop.com js.callrail.com *.zoominfo.com unpkg.com *.unpkg.com *.crazyegg.com *.userback.io tag.demandbase.com js.hsadspixel.net;style-src 'self' 'unsafe-inline' *.myfonts.net *.atlassian.net *.marketo.net fonts.googleapis.com *.aciworldwide.com platform.twitter.com www.googletagmanager.com *.omappapi.com *.crazyegg.com *.typekit.net *.userback.io;img-src 'self' data: *.gravatar.com embedwistia-a.akamaihd.net *.wistia.com wp-rocket.me www.google-analytics.com www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com www.google.com *.wpengine.com *.w.org *.aciworldwide.com *.awscloud.com *.vimeo.com *.vimeocdn.com t.co *.linkedin.com *.6sc.co *.siteimproveanalytics.io bat.bing.com www.facebook.com *.adsymptotic.com *.omappapi.com *.twimg.com platform.twitter.com syndication.twitter.com *.truste.com track.hubspot.com forms.hsforms.com okt.to qr-code.ithemes.com *.twitter.com cdn.cookielaw.org *.crazyegg.com id.rlcdn.com *.company-target.com placekitten.com;frame-src *.flipsnack.com *.crazyegg.com *.aciworldwide.com player.vimeo.com *.libsyn.com *.cloudfront.net *.company-target.com *.doubleclick.net;worker-src 'self' blob:;object-src 'none'; 1
frame-ancestors 'self' booksy.com semilac.strix.app; 1
connect-src 'self' *.doubleclick.net google.com *.google.ca *.google.com *.google.mx *.google.fr *.google.ml *.google.tm *.google.ae *.google.gr *.google.ch *.google.dz *.google.nl *.google.ch *.google.be *.google.es *.google.it *.google.rs *.google.hn *.google.cn *.google.sk *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googleapis.com *.bing.com *.youtube.com *.ytimg.com *.facebook.net *.facebook.com *.facebook.ca *.metrilo.com *.pinterest.com *.twitter.com *.hotjar.com *.hotjar.io *.paypalobjects.com *.paypal.com *.vimeo.com *.google.co.uk *.google.co.nz *.google.co.jp *.google.co.ve *.google.co.in *.google.co.za *.google.co.id *.google.com.ar *.google.com.za *.google.com.tw *.google.com.ph *.google.com.bd *.google.com.om *.google.com.mx *.google.com.bh *.google.com.ml *.google.com.qa *.google.com.pe *.google.com.ua *.google.com.au *.google.com.tr *.google.com.sg *.spotify.com *.myregistry.com *.poolsuppliescanada.ca *.jrtoycanada.ca *.braintreegateway.com *.braintree-api.com *.kaptcha.com *.postescanada-canadapost.ca *.paybright.com paybright.com *.nofraud.com *.mmapiws.com *.zendesk.com *.zopim.com *.zdassets.com static.zdassets.com *.clarity.ms *.newrelic.com *.nr-data.net wss://widget-mediator.zopim.com *.blackbaudhosting.com *.attn.tv *.attentivemobile.com *.afterpay.com *.amplitude.com *.clearbitjs.com *.polyfill.io *.pinimg.com cdn-cookieyes.com *.cookieyes.com *.sezzle.com sandbox.checkout.sezzle.com *.cdnfonts.com *.cybersource.com *.smooch.io *.online-metrix.net *.walmartimages.com http://127.0.0.1:9100 *.splitit.com;default-src 'self';frame-ancestors 'self';frame-src 'self' *.doubleclick.net google.com *.google.ca *.google.com *.google.mx *.google.fr *.google.ml *.google.tm *.google.ae *.google.gr *.google.ch *.google.dz *.google.nl *.google.ch *.google.be *.google.es *.google.it *.google.rs *.google.hn *.google.cn *.google.sk *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googleapis.com *.bing.com *.youtube.com *.ytimg.com *.facebook.net *.facebook.com *.facebook.ca *.metrilo.com *.pinterest.com *.twitter.com *.hotjar.com *.hotjar.io *.paypalobjects.com *.paypal.com *.vimeo.com *.google.co.uk *.google.co.nz *.google.co.jp *.google.co.ve *.google.co.in *.google.co.za *.google.co.id *.google.com.ar *.google.com.za *.google.com.tw *.google.com.ph *.google.com.bd *.google.com.om *.google.com.mx *.google.com.bh *.google.com.ml *.google.com.qa *.google.com.pe *.google.com.ua *.google.com.au *.google.com.tr *.google.com.sg *.spotify.com *.myregistry.com *.poolsuppliescanada.ca *.jrtoycanada.ca *.braintreegateway.com *.braintree-api.com *.kaptcha.com *.postescanada-canadapost.ca *.paybright.com paybright.com *.nofraud.com *.mmapiws.com *.zendesk.com *.zopim.com *.zdassets.com static.zdassets.com *.clarity.ms *.newrelic.com *.nr-data.net wss://widget-mediator.zopim.com *.blackbaudhosting.com *.attn.tv *.attentivemobile.com *.afterpay.com *.amplitude.com *.clearbitjs.com *.polyfill.io *.pinimg.com cdn-cookieyes.com *.cookieyes.com *.sezzle.com sandbox.checkout.sezzle.com *.cdnfonts.com *.cybersource.com *.smooch.io *.online-metrix.net *.walmartimages.com http://127.0.0.1:9100 *.splitit.com;object-src 'self'; media-src 'self' *.doubleclick.net google.com *.google.ca *.google.com *.google.mx *.google.fr *.google.ml *.google.tm *.google.ae *.google.gr *.google.ch *.google.dz *.google.nl *.google.ch *.google.be *.google.es *.google.it *.google.rs *.google.hn *.google.cn *.google.sk *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googleapis.com *.bing.com *.youtube.com *.ytimg.com *.facebook.net *.facebook.com *.facebook.ca *.metrilo.com *.pinterest.com *.twitter.com *.hotjar.com *.hotjar.io *.paypalobjects.com *.paypal.com *.vimeo.com *.google.co.uk *.google.co.nz *.google.co.jp *.google.co.ve *.google.co.in *.google.co.za *.google.co.id *.google.com.ar *.google.com.za *.google.com.tw *.google.com.ph *.google.com.bd *.google.com.om *.google.com.mx *.google.com.bh *.google.com.ml *.google.com.qa *.google.com.pe *.google.com.ua *.google.com.au *.google.com.tr *.google.com.sg *.spotify.com *.myregistry.com *.poolsuppliescanada.ca *.jrtoycanada.ca *.braintreegateway.com *.braintree-api.com *.kaptcha.com *.postescanada-canadapost.ca *.paybright.com paybright.com *.nofraud.com *.mmapiws.com *.zendesk.com *.zopim.com *.zdassets.com static.zdassets.com *.clarity.ms *.newrelic.com *.nr-data.net wss://widget-mediator.zopim.com *.blackbaudhosting.com *.attn.tv *.attentivemobile.com *.afterpay.com *.amplitude.com *.clearbitjs.com *.polyfill.io *.pinimg.com cdn-cookieyes.com *.cookieyes.com *.sezzle.com sandbox.checkout.sezzle.com *.cdnfonts.com *.cybersource.com *.smooch.io *.online-metrix.net *.walmartimages.com http://127.0.0.1:9100 *.splitit.com;img-src * data: blob: 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net google.com *.google.ca *.google.com *.google.mx *.google.fr *.google.ml *.google.tm *.google.ae *.google.gr *.google.ch *.google.dz *.google.nl *.google.ch *.google.be *.google.es *.google.it *.google.rs *.google.hn *.google.cn *.google.sk *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googleapis.com *.bing.com *.youtube.com *.ytimg.com *.facebook.net *.facebook.com *.facebook.ca *.metrilo.com *.pinterest.com *.twitter.com *.hotjar.com *.hotjar.io *.paypalobjects.com *.paypal.com *.vimeo.com *.google.co.uk *.google.co.nz *.google.co.jp *.google.co.ve *.google.co.in *.google.co.za *.google.co.id *.google.com.ar *.google.com.za *.google.com.tw *.google.com.ph *.google.com.bd *.google.com.om *.google.com.mx *.google.com.bh *.google.com.ml *.google.com.qa *.google.com.pe *.google.com.ua *.google.com.au *.google.com.tr *.google.com.sg *.spotify.com *.myregistry.com *.poolsuppliescanada.ca *.jrtoycanada.ca *.braintreegateway.com *.braintree-api.com *.kaptcha.com *.postescanada-canadapost.ca *.paybright.com paybright.com *.nofraud.com *.mmapiws.com *.zendesk.com *.zopim.com *.zdassets.com static.zdassets.com *.clarity.ms *.newrelic.com *.nr-data.net wss://widget-mediator.zopim.com *.blackbaudhosting.com *.attn.tv *.attentivemobile.com *.afterpay.com *.amplitude.com *.clearbitjs.com *.polyfill.io *.pinimg.com cdn-cookieyes.com *.cookieyes.com *.sezzle.com sandbox.checkout.sezzle.com *.cdnfonts.com *.cybersource.com *.smooch.io *.online-metrix.net *.walmartimages.com http://127.0.0.1:9100 *.splitit.com blob:;style-src 'self' 'unsafe-inline' *.doubleclick.net google.com *.google.ca *.google.com *.google.mx *.google.fr *.google.ml *.google.tm *.google.ae *.google.gr *.google.ch *.google.dz *.google.nl *.google.ch *.google.be *.google.es *.google.it *.google.rs *.google.hn *.google.cn *.google.sk *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googleapis.com *.bing.com *.youtube.com *.ytimg.com *.facebook.net *.facebook.com *.facebook.ca *.metrilo.com *.pinterest.com *.twitter.com *.hotjar.com *.hotjar.io *.paypalobjects.com *.paypal.com *.vimeo.com *.google.co.uk *.google.co.nz *.google.co.jp *.google.co.ve *.google.co.in *.google.co.za *.google.co.id *.google.com.ar *.google.com.za *.google.com.tw *.google.com.ph *.google.com.bd *.google.com.om *.google.com.mx *.google.com.bh *.google.com.ml *.google.com.qa *.google.com.pe *.google.com.ua *.google.com.au *.google.com.tr *.google.com.sg *.spotify.com *.myregistry.com *.poolsuppliescanada.ca *.jrtoycanada.ca *.braintreegateway.com *.braintree-api.com *.kaptcha.com *.postescanada-canadapost.ca *.paybright.com paybright.com *.nofraud.com *.mmapiws.com *.zendesk.com *.zopim.com *.zdassets.com static.zdassets.com *.clarity.ms *.newrelic.com *.nr-data.net wss://widget-mediator.zopim.com *.blackbaudhosting.com *.attn.tv *.attentivemobile.com *.afterpay.com *.amplitude.com *.clearbitjs.com *.polyfill.io *.pinimg.com cdn-cookieyes.com *.cookieyes.com *.sezzle.com sandbox.checkout.sezzle.com *.cdnfonts.com *.cybersource.com *.smooch.io *.online-metrix.net *.walmartimages.com http://127.0.0.1:9100 *.splitit.com blob:;font-src 'self' *.doubleclick.net google.com *.google.ca *.google.com *.google.mx *.google.fr *.google.ml *.google.tm *.google.ae *.google.gr *.google.ch *.google.dz *.google.nl *.google.ch *.google.be *.google.es *.google.it *.google.rs *.google.hn *.google.cn *.google.sk *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googleapis.com *.bing.com *.youtube.com *.ytimg.com *.facebook.net *.facebook.com *.facebook.ca *.metrilo.com *.pinterest.com *.twitter.com *.hotjar.com *.hotjar.io *.paypalobjects.com *.paypal.com *.vimeo.com *.google.co.uk *.google.co.nz *.google.co.jp *.google.co.ve *.google.co.in *.google.co.za *.google.co.id *.google.com.ar *.google.com.za *.google.com.tw *.google.com.ph *.google.com.bd *.google.com.om *.google.com.mx *.google.com.bh *.google.com.ml *.google.com.qa *.google.com.pe *.google.com.ua *.google.com.au *.google.com.tr *.google.com.sg *.spotify.com *.myregistry.com *.poolsuppliescanada.ca *.jrtoycanada.ca *.braintreegateway.com *.braintree-api.com *.kaptcha.com *.postescanada-canadapost.ca *.paybright.com paybright.com *.nofraud.com *.mmapiws.com *.zendesk.com *.zopim.com *.zdassets.com static.zdassets.com *.clarity.ms *.newrelic.com *.nr-data.net wss://widget-mediator.zopim.com *.blackbaudhosting.com *.attn.tv *.attentivemobile.com *.afterpay.com *.amplitude.com *.clearbitjs.com *.polyfill.io *.pinimg.com cdn-cookieyes.com *.cookieyes.com *.sezzle.com sandbox.checkout.sezzle.com *.cdnfonts.com *.cybersource.com *.smooch.io *.online-metrix.net *.walmartimages.com http://127.0.0.1:9100 *.splitit.com data:; 1
base-uri 'self'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://use.fontawesome.com; form-action 'self' search.google.com *.facebook.com connect.facebook.net; frame-ancestors 'self' firstvet.com *.firstvet.com; img-src * data:; object-src 'none'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com translate.googleapis.com https://optimize.google.com https://*.googletagmanager.com https://use.fontawesome.com; upgrade-insecure-requests; child-src 'self' blob: *.facebook.com connect.facebook.net; connect-src 'self' https://se.api.shop.firstvet.com https://uk.api.shop.firstvet.com https://local.dev.shop.firstvet.com:7777 http://127.0.0.1:8080 wss://127.0.0.1:24679/_nuxt/ ws://firstvet.com:24678 wss://firstvet.com:24678 http://firstvet.com:24678 https://firstvet.com:24678 connect.facebook.net *.facebook.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleoptimize.com https://*.g.doubleclick.net https://*.google.com https://*.google.se https://*.google.co.uk https://pagead2.googlesyndication.com *.klarnaevt.com *.firstvet.com *.sentry.io app.getsentry.com *.shop.firstvet.com *.firstvet.com *.bing.com wss://*.bing.com track.adtraction.com api.adtraction.net *.clarity.ms https://api.stripe.com https://consentcdn.cookiebot.com *.shop.firstvet.com:8888 *.funktionstjanster.se https://sdk.fra-02.braze.eu; default-src 'self'; frame-src 'self' *.facebook.com connect.facebook.net *.klarna.com *.klarnaevt.com https://*.facebook.com https://*.googleoptimize.com https://js.stripe.com https://hooks.stripe.com https://bid.g.doubleclick.net https://td.doubleclick.net sdx.microsoft.com https://consentcdn.cookiebot.com https://www.youtube-nocookie.com https://www.youtube.com youtube.com https://optimize.google.com/; script-src 'self' 'unsafe-inline' https://se.api.shop.firstvet.com https://uk.api.shop.firstvet.com https://local.dev.shop.firstvet.com:7777 https://*.googletagmanager.com https://tagmanager.google.com https://*.googleoptimize.com https://optimize.google.com https://*.analytics.google.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://translate.google.com *.klarna.com *.klarnaevt.com *.sentry.io *.sentry-cdn.com connect.facebook.net shop.firstvet.com *.shop.firstvet.com firstvet.com *.firstvet.com *.bing.com https://js.stripe.com valuesportal.com *.valuesportal.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://code.jquery.com; worker-src 'self' blob: 1
frame-ancestors 'self' http://webvisor.com ardes.bg *.ardes.bg 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' https://mvp.professional.works 1
frame-ancestors 'self' https://*.gls.de; default-src 'self'; style-src 'self' 'unsafe-inline' cdn.eye-able.com; script-src 'self' 'unsafe-inline' *.gls.de cdn.eye-able.com 'wasm-unsafe-eval'; img-src 'self' *.gls.de cdn.eye-able.com data: https://i.vimeocdn.com https://rtc.maptoolkit.net; font-src 'self' data:; connect-src 'self' *.gls.de https://api.friendlycaptcha.com/api/v1/puzzle; object-src 'self'; base-uri 'none'; frame-src 'self' *.glsbank.de *.gls.de *.gls-bank.de https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com https://vimeocdn.com https://vr-international.vr-bankenportal.de; form-action 'self'; worker-src blob:; child-src blob:; 1
upgrade-insecure-requests; frame-ancestors https: 'self' *.48hourprint.com *.digitalroom.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com; 1
default-src 'self'; font-src data: 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline'; img-src data: blob: 'self'; frame-ancestors 'self'; frame-src 'self' https:; script-src 'self' 'unsafe-eval'; upgrade-insecure-requests; connect-src 'self' https:; object-src 'none'; base-uri 'self'; 1
frame-ancestors 'self'; default-src 'self' 'unsafe-eval' 'unsafe-inline' cv.accesstra.de  accesstra.de adservice.google.com.sg adservice.google.com.tw *.safeframe.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com www.google.com.tw csi.gstatic.com pagead2.googlesyndication.com securepubads.g.doubleclick.net www.googletagmanager.com tagmanager.google.com fonts.googleapis.com ssl.gstatic.com www.gstatic.com fonts.gstatic.com www.google-analytics.com analytics.google.com ssl.google-analytics.com www.googleadservices.com www.google.com googleads.g.doubleclick.net bid.g.doubleclick.net securepubads.g.doubleclick.net maps.gstatic.com *.googleapis.com *.ggpht.com idealanalyticsapi.dbs.com vc.hotjar.io https://qmslivechat.dbs.com cdn.appdynamics.com http://cdn.appdynamics.com https://safe1.dbswiso.prd https://safe2.dbswiso.prd cug-www.posb.com.sg www.orangeteeproperties.com storage.googleapis.com v1.addthisedge.com v1.addthis.com ampcid.google.com adservice.google.com ad.doubleclick.net ampcid.google.com.sg amp-error-reporting.appspot.com cdn.ampproject.org ssl.gstatic.com i.travelapi.com http://www.tripadvisor.com marketplace.dbs.com.sg marketplace-pilot.dbs.com.sg avp.blob.core.windows.net marketplace-pilot.dbs.com in.hotjar.com prod2-content-care-community-cdn.sprinklr.com script.hotjar.com vars.hotjar.com http://www.outbrain.com static.hotjar.com pixel.tapad.com res.cloudinary.com sc4.omniture.com authorize.omniture.com authorize.omniture.com sitecatalyst.omniture.com marketplace.dbs.com tagmanager.google.com wss://chatbanking.dbs.com gllt.morningstar.com img.tepcdn.com wss://qmslivechat.dbs.com platform-lookaside.fbsbx.com http://chart.googleapis.com http://tags.crwdcntrl.net http://bs.serving-sys.com cdn.jsdelivr.net http://www.dbs.com.sg prod2-content.sprinklr.com prod2-care-community-cdn.sprinklr.com *.akstat.io directline.botframework.com www.dbs.com.sg qmslivechat.dbs.com cdnjs.cloudflare.com www.gstatic.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.google.com certify.alexametrics.com www.dbs.com.sg www.youtube.com www.linkedin.com www.google.com.sg bcp.crwdcntrl.net www.dbs.com www.googleapis.com ajax.googleapis.com maps.gstatic.com fonts.googleapis.com property.atomic-marketplace.com www.facebook.com dc.ads.linkedin.com chatbanking.dbs.com bat.bing.com tr.outbrain.com snap.licdn.com chart.googleapis.com assets.adobedtm.com dbs.tt.omtrdc.net somniture.dbs.com.sg dpm.demdex.net dbs.demdex.net www.posb.com.sg farm-sg.plista.com amplifypixel.outbrain.com js.adsrvr.org s.go-mpulse.net c.go-mpulse.net maxcdn.bootstrapcdn.com sjs.bizographics.com tags.crwdcntrl.net code.jquery.com tpt.mysocialpixel.com www.dbs.com.sg use.fontawesome.com ds-aksb-a.akamaihd.net googleads.g.doubleclick.net px.ads.linkedin.com bs.serving-sys.com secure-ds.serving-sys.com ssl.google-analytics.com connect.facebook.net chatbanking-uat.dbs.com qmslivechat.dbs.com i.ytimg.com scrbizim.xyz insight.adsrvr.org www.google.co.in cx.atdmt.com *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.demdex.net secure.marketinghub.hp.com m.addthisedge.com m.addthis.com s7.addthis.com graph.facebook.com api-public.addthis.com atomic-marketplace.com i.i-sgcm.com s3-ap-southeast-1.amazonaws.com by.essl.optimost.com secure.marketinghub.opentext.com chatbanking-sit.dbs.com stats.g.doubleclick.net maps.googleapis.com amplify.outbrain.com fonts.gstatic.com prod2-sprcdn-assets.sprinklr.com prod2-sprcdn.sprinklr.com lookaside.facebook.com www.sprinklr.com api-01.ubx.ibmmarketingcloud.com s7.addthis.com dbs.demdex.net platform.twitter.com d31qbv1cthcecs.cloudfront.net bid.g.doubleclick.net cdn-akamai.mookie1.com tags.tiqcdn.com wss://directline.botframework.com directline.com *.akamaihd.net *.fls.doubleclick.net wss://directline.botframework.com collect-ap-northeast-1.tealiumiq.com collect-ap-northeast-2.tealiumiq.com collect-ap-northeast-3.tealiumiq.com collect.tealiumiq.com visitor-service-ap-northeast-1.tealiumiq.com visitor-service-ap-northeast-2.tealiumiq.com visitor-service-ap-northeast-3.tealiumiq.com  visitor-service.tealiumiq.com api.tealiumiq.com tealiumtags.dbs.com.sg directline.botframework.com directline.com blob: data:; style-src 'self' 'unsafe-inline' tagmanager.google.com prod2-care-community-cdn.sprinklr.com chatbanking.dbs.com qmslivechat.dbs.com wss://directline.botframework.com fonts.googleapis.com graph.facebook.com maxcdn.bootstrapcdn.com directline.botframework.com www.dbs.com.sg directline.com chatbanking.dbs.com; 1
default-src 'self' *.auditboard.com *.doubleclick.net *.google.com *.googlesyndication.com *.greenhouse.io *.marketo.com *.vidyard.com *.wistia.com www.facebook.com www.youtube.com; child-src 'self' blob: *.addthis.com *.auditboard.com *.auditboard.com.pagescdn.com *.auditboardmarketing.com.pagescdn.com *.google.com *.greenhouse.io *.marketo.com *.ps-bizzabo.com *.qualified.com *.wistia.com 961-zqv-184.mktoweb.com auditboard.atlassian.net bid.g.doubleclick.net events.bizzabo.com js.driftt.com play.vidyard.com secure.livechatinc.com tpc.googlesyndication.com www.facebook.com www.googletagmanager.com www.visualize-roi.com www.youtube.com; connect-src 'self' 'unsafe-inline' https: wss://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.addthis.com *.addthisedge.com *.cloudfront.net *.google-analytics.com *.googleapis.com *.marketo.com *.marketo.net *.ubembed.com *.wistia.com cdn.livechatinc.com optimize.google.com www.googleanalytics.com www.googleoptimize.com www.googletagmanager.com www.youtube.com; frame-ancestors 'self'; font-src 'self' 'unsafe-inline' data: *.eventscloud.com *.gstatic.com; img-src 'self' 'unsafe-inline' https: data: optimize.google.com www.google-analytics.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https: *.qualified.com; media-src 'self' data: blob: mediastream: *.livechatinc.com *.qualified.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net js.driftt.com; object-src 'self' embed-fastly.wistia.com embedwistia-a.akamaihd.net auditboardinc.wpengine.com 1
frame-ancestors ragingbull.com app.ragingbull.com dev.ragingbull.com 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none'; 1
default-src 'self'; style-src 'self'; script-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; 1
default-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://www.instagram.com https://platform.instagram.com https://js.callrail.com https://cdn.callrail.com https://googleads.g.doubleclick.net https://connect.facebook.net https://snap.licdn.com https://cdn.cookielaw.org https://www.googletagmanager.com https://bam.nr-data.net https://www.google-analytics.com https://js-agent.newrelic.com https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com https://unpkg.com https://*.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/OverlappingMarkerSpiderfier/1.0.3/oms.min.js  https://cdnjs.cloudflare.com/ajax/libs/js-marker-clusterer/1.0.0/markerclusterer_compiled.js https://player.vimeo.com/api/player.js https://polyfill.io/v3/polyfill.min.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js; style-src 'self' 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://cdn.linkedin.oribi.io https://*.callrail.com https://analytics.google.com https://related-requests.my.onetrust.com https://pagead2.googlesyndication.com https://bam.nr-data.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cdn.cookielaw.org https://cdn.plyr.io https://maps.googleapis.com https://stats.g.doubleclick.net https://vimeo.com https://www.google-analytics.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location ; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com; frame-src 'self' https://online.fliphtml5.com https://td.doubleclick.net https://vars.hotjar.com https://player.vimeo.com https://www.instagram.com; img-src 'self' about: data: https://cdn.cookielaw.org https://*; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
frame-ancestors 'self' *.swissquote.com *.swissquote.ch 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-Y9RE3M3Qqw3GNDodWj8Qrw=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
object-src 'none'; script-src 'nonce-6KdLY9ppvw1ON1GPDbjPhA==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'none'; report-uri https://o463592.ingest.sentry.io/api/5471479/security/?sentry_key=ab531d6dca0d488898493ccc9706f202&sentry_environment=prod 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fbevents.js *.facebook.net *.cookiebot.com *.cookiebox.ro *.gstatic.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.google.com *.google.ro *.googleadservices.com *.doubleclick.net *.youtube.com *.vimeo.com *.ytimg.com *.cloudflare.com; object-src 'self' ; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookiebot.com *.cookiebox.ro *.gstatic.com *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.fontawesome.com *.cloudflare.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com *.cookiebot.com *.cookiebox.ro *.gstatic.com *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.cloudflare.com *.facebook.com *.facebook.net; media-src 'self'; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookiebot.com *.cookiebox.ro *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.facebook.com *.facebook.net; child-src 'self'; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.gts.ro *.googletagmanager.com *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.facebook.com *.fontawesome.com; font-src 'self' *.fontawesome.com *.cloudflare.com; 1
default-src 'self';img-src 'self' data: https://blog.cfbenchmarks.com https://static.ghost.org https://images.unsplash.com https://cm.g.doubleclick.net https://sync.crwdcntrl.net https://*.google-analytics.com https://*.googletagmanager.com https://www.google-analytics.com https://forms.hsforms.com https://track.hubspot.com https://px.ads.linkedin.com https://www.linkedin.com https://aorta.clickagy.com https://pixel-sync.sitescout.com https://aa.agkn.com https://d.agkn.com https://idsync.rlcdn.com https://us-u.openx.net;media-src 'self' https://content-cfbenchmarks.s3.amazonaws.com;style-src 'self' 'unsafe-inline';script-src 'self' www.youtube.com https://ws.zoominfo.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com http://js.hs-scripts.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://snap.licdn.com https://tags.clickagy.com 'sha256-QwSiu6zsgPogzpkG+RVdosZFMyiGt6UKJYNMgqPrrLw=' ;frame-src www.youtube.com *.vimeo.com https://www.google.com;frame-ancestors 'self';connect-src 'self' wss://cfbenchmarks.com wss://*.cfbenchmarks.com https://cfbenchmarks.com https://*.cfbenchmarks.com cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google-analytics.com https://forms.hubspot.com https://api.hubapi.com https://forms.hscollectedforms.net https://aorta.clickagy.com https://hemsync.clickagy.com 1
default-src https: data: blob: ws: wss: mailto: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors https://jbnuu.uz; 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.privy.com *.ryzeo.com *.signifyd.com *.doitcenter.com.pa *.yotpo.com accounts.livechatinc.com acsbapp.com analytics.tiktok.com api.livechatinc.com bam.nr-data.net bat.bing.com cdn-widgetsrepository.yotpo.com cdn.livechatinc.com cdn.statstrk01.com cdn.userway.org cdnapisec.kaltura.com cdns.brsrvr.com chimpstatic.com connect.facebook.net ct.pinterest.com googleads.g.doubleclick.net js-agent.newrelic.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hs-scripts.com js-eu1.hscollectedforms.net js-eu1.usemessages.com maps.googleapis.com na-library.klarnaservices.com na-library.playground.klarnaservices.com s.pinimg.com secure.livechatinc.com static.hsappstatic.net static.trackedweb.net staticw2.yotpo.com www.clarity.ms www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com d1cocw0250tpxv.cloudfront.net connect.nosto.com static.klaviyo.com static-tracking.klaviyo.com cdn.jsdelivr.net pwaprod.doitcenter.com.pa www.paypal.com seguimiento.doitcenter.com.pa fonts.gstatic.com fonts.googleapis.com testingw78j8loor3-2.algolianet.com testingw78j8loor3-1.algolianet.com thumbs.nosto.com testingw78j8loor3-dsn.algolia.net use.typekit.net p.yotpo.com a.klaviyo.com static.hotjar.com script.hotjar.com hotjar.com widget01.modernretail.com view.publitas.com scripts.publitas.com secure.nmi.com mstat.acestream.net www.paypalobjects.com conoret.com www.pagespeed-mod.com ssl.google-analytics.com nosto.stackla.com; report-uri /.webscale/csp-report 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdnjs.cloudflare.com *.googletagmanager.com snap.licdn.com https://collector-29429.us.tvsquared.com *.collector-29429.us.tvsquared.com *.googleads.g.doubleclick.net *.tvsquared.com *.doubleclick.net *.adsrvr.org 'self' cdn.ampproject.org web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com data: *.googleads.g.doubleclick.net 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.tvsquared.com *.linkedin.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src accounts.google.com *.google-analytics.com *.gstatic.com *.mktoresp.com *.linkedin.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.adsrvr.org 'self' web-chat.nativechat.com 1
connect-src *.echidnaonline.com.au https://maps.googleapis.com https://maps.gstatic.com; base-uri *.echidnaonline.com.au; form-action *.echidnaonline.com.au 1
font-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 1
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline'; font-src * data:; frame-ancestors *.brgeneral.org; 1
default-src https: 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com/gtm.js; object-src 'none'; connect-src https: 'self' 'unsafe-eval' 'unsafe-inline' wss://*.iot.eu-west-1.amazonaws.com wss://*.hotjar.com wss://www.yougov.chat wss://www.yougov.chat; font-src 'self' https: 'unsafe-eval' 'unsafe-inline' data: https://themes.googleusercontent.com; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn-ukwest.onetrust.com https://static.hotjar.com https://connect.facebook.net https://app.storyblok.com https://sc-static.net https://cdn.keywee.co https://tr.snapchat.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://www.google.com.de https://www.google.com.pl https://www.google.com.es https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://cdn.yougov.chat https://*.yougov.chat https://script.hotjar.com; frame-ancestors 'self' https://*.yougov.chat https://app.storyblok.com http://account.yougov.com https://account.yougov.com http://*.yougov.net https://*.yougov.net; report-uri https://o198417.ingest.sentry.io/api/5594314/security/?sentry_key=f6766c04be5e496fa1fbd7ee7f3ded56&sentry_environment=production&sentry_release=undefined; 1
frame-ancestors https://methstreams.com https://cdn.tryandrew.shop https://nbastreamswatch.com https://watchnbastreams.com https://crackstreams.ws https://the.crackstreams.ws https://reddit.watchnbastreams.com https://mlb.trybarry.shop https://olympicstreams.ru 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.google.com https://apis.google.com https://www.gstatic.com https://connect.facebook.net https://www.googletagmanager.com https://ssl.google-analytics.com https://www.youtube.com https://youtube.com https://s.ytimg.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://consent.cookiebot.com https://*.googlesyndication.com https://tagmanager.google.com https://consentcdn.cookiebot.com https://www.googletagservices.com; connect-src 'self' https://*.googlesyndication.com https://stats.g.doubleclick.net https://*.google-analytics.com https://consentcdn.cookiebot.com https://*.analytics.google.com; font-src 'self' https://fonts.gstatic.com; frame-src https://consentcdn.cookiebot.com/ https://*.doubleclick.net/ 'self' https://youtube.com https://staticxx.facebook.com https://www.google.com https://*.facebook.com https://www.youtube.com https://accounts.google.com/; style-src 'self' https://fonts.googleapis.com https://tagmanager.google.com 'unsafe-inline'; object-src 'self'; media-src 'self'; img-src 'self' https://i.ytimg.com https://s0.2mdn.net https://ad.doubleclick.net http://kuchnialidla.pl https://ssl.google-analytics.com https://*.g.doubleclick.net  https://www.facebook.com https://*.akamaihd.net https://*.fbcdn.net https://www.google-analytics.com https://www.google.com https://www.google.pl https://platform-lookaside.fbsbx.com https://*.doubleclick.net/ https://*.gstatic.com https://*.cookiebot.com data: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://* https://*;style-src 'self' 'unsafe-inline' https://*;img-src 'self' data: https://*;frame-src 'self' *.youtube.com *.google.com;frame-ancestors 'self' *.yandex.net http://webvisor.com https://webvisor.com *.webvisor.com;object-src 'none';base-uri 'none';connect-src 'self' https://static.zdassets.com https://ekr.zdassets.com https://icard.zendesk.com https://*.zopim.com wss://icard.zendesk.com wss://*.zopim.com http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com *.yandex.ru https://*.facebook.com https://*.googleapis.com https://*.google.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://*.google-analytics.com; 1
frame-ancestors 'self' *.azurewebsites.net *.bromcomcloud.com *.bromcomvle.com 1
frame-ancestors 'unsafe-inline' 'unsafe-eval' * default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ; 1
script-src *.bancfirst.tv *.cloudflare.com *.youtube.com *.googletagmanager.com *.sharethis.com *.basis.net *.wave2.io *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.bancfirst.bank *.googleapis.com 'unsafe-inline' ; object-src 'none';  frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem *.bancfirst.bank *.youtube.com *.cloudflare.com *.google.com *.googletagmanager.com *.gstatic.com *.sharethis.com *.google-analytics.com 'unsafe-inline' *.wave2.io *.wave2locator.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ffclub.ru yastatic.net yandex.ru metrika.yandex.ru *.googleapis.com *.gstatic.com www.google-analytics.com www.google.com *.googlesyndication.com googleads.g.doubleclick.net adservice.google.com adservice.google.si adservice.google.ru *.googletagservices.com *.googleadservices.com translate.google.com cdnjs.cloudflare.com cdn.jsdelivr.net st.yandexadexchange.net an.yandex.ru mc.yandex.ru mc.yandex.ua mc.yandex.md mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.com googletagmanager.com *.googletagmanager.com *.google-analytics.com http://www.youtube.com https://www.youtube.com coub.com dl.metabar.ru top-fwz1.mail.ru counter.rambler.ru st.top100.ru kraken.rambler.ru player.vimeo.com rutube.ru; img-src 'self' *.ffclub.ru kraken.rambler.ru yastatic.net *.verify.yandex.ru an.yandex.ru mc.yandex.ru amc.yandex.ru *.yandex.net ad.doubleclick.net *.gstatic.com *.googleapis.com *.google-analytics.com *.googlesyndication.com translate.google.com counter.yadro.ru img.youtube.com i.ytimg.com coubsecure-s.akamaihd.net top-fwz1.mail.ru i.vimeocdn.com counter.rambler.ru data:; font-src 'self' *.ffclub.ru yastatic.net chrome-extension: data: *.gstatic.com; 1
frame-ancestors 'self' https://*.princesscasino.ro https://bingo-sw360.pragmaticplay.net 1
frame-ancestors 'self' https://www.hs-fresenius.de https://www.hs-fresenius.com 1
frame-ancestors 'self' https://*.sprxcms.com https://*.tiarccms.co.uk https://*.sparxvr.com; 1
default-src 'self'; frame-ancestors 'none'; frame-src 'none'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.lantmateriet.se http://*.lantmateriet.se https://wds.callguide.telia.com https://via.tt.se http://*.readspeaker.com blob: https://unpkg.com; img-src 'self' https://*.lantmateriet.se https://*.lm.se/ http://*.readspeaker.com https://js.arcgis.com/ https://via.tt.se/ https://recruit.visma.com https://matomo.lantmateriet.se https://*.episerver.net data: https://wds.ace.teliacompany.com https://www.gstatic.com https://translate.googleapis.com; frame-src 'self' mailto: http://*.lm.se https://via.tt.se https://*.lantmateriet.se https://wds.ace.teliacompany.com/ http://app-eu.readspeaker.com/ https://*.youtube.com https://*.screen9.com https://*.quickchannel.com http://lantmateriverket.mynewsdesk.com/; child-src 'self' blob: http://*.lm.se https://*.lantmateriet.se blob: https://wds.ace.teliacompany.com/ https://*.youtube.com https://*.quickchannel.com; 1
base-uri 'none'; default-src 'self' data: https: wss: 'unsafe-inline' blob:; style-src 'self' data: https: wss: 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com https://trck.maingau-energie.de https://ad4m.at https://*.ad4mat.net https://*.adserver01.de https://*.adc-serv.net https://*.df-srv.de https://*.adition.com https://*.ad4mat.de https://*.doubleclick.net https://*.adscale.de https://*.twiago.com https://*.casalemedia.com https://*.adfarm1.adition.com https://*.adform.net https://*.adnxs.com https://*.taboola.com https://*.kupona.de https://*.smartadserver.com https://*.pubmatic.com https://*.yieldlab.net https://*.ad-srv.net https://opt.kuponacdn.de https://*.adsrvr.org https://*.criteo.com https://*.doubleclick.net https://*.adform.net https://embed-cdn.surveyhero.com https://www.umfrageonline.com/ s3.amazonaws.com; script-src 'self' blob: https://api.scrivito.com https://assets.scrivito.com https://widget.intercom.io https://alomessageprod.maingau-tec.de https://alomessagetest.maingau-tec.de https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://d3dc1lgancj6l0.cloudfront.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://connect.facebook.net https://www.facebook.com https://bat.bing.com https://amplify.outbrain.com https://s.pinimg.com https://ct.pinterest.com https://services.maingau-energie.de https://cdn2.spatialbuzz.com https://netzwerk.uppr.de https://www.googleoptimize.com https://optimize.google.com https://googleads.g.doubleclick.net https://www.google.com https://www.youtube.com https://tr.outbrain.com https://wave.outbrain.com/ https://trck.maingau-energie.de https://maps.googleapis.com https://maps.google.com https://ad4m.at https://snap.licdn.com https://*.ad4mat.net https://*.adserver01.de https://*.adc-serv.net https://*.df-srv.de https://*.adition.com https://*.ad4mat.de https://*.doubleclick.net https://*.adscale.de https://*.twiago.com https://*.casalemedia.com https://*.adfarm1.adition.com https://*.adform.net https://*.adnxs.com https://*.taboola.com https://*.kupona.de https://*.smartadserver.com https://*.pubmatic.com https://*.yieldlab.net https://*.ad-srv.net https://opt.kuponacdn.de https://*.adsrvr.org https://*.criteo.com https://*.doubleclick.net https://*.adform.net https://retrack-kupona.kuponacdn.de https://*.clarity.ms https://*.ad-serv.net 'unsafe-inline' 'unsafe-eval' https://embed-cdn.surveyhero.com https://www.umfrageonline.com/ https://cdn.mouseflow.com https://analytics.tiktok.com; font-src data: 'self'; frame-src 'self' https://www.google.com https://optimize.google.com https://bid.g.doubleclick.net https://alomessageprod.maingau-tec.de https://alomessagetest.maingau-tec.de https://www.pinterest.com https://trck.maingau-energie.de https://www.pinterest.de https://www.facebook.com https://maps.google.com https://maps.googleapis.com https://cdn2.spatialbuzz.com https://ad4m.at https://*.ad4mat.net https://*.adserver01.de https://*.adc-serv.net https://*.df-srv.de https://*.adition.com https://*.ad4mat.de https://*.doubleclick.net https://*.adscale.de https://*.twiago.com https://*.casalemedia.com https://*.adfarm1.adition.com https://*.adform.net https://*.adnxs.com https://*.taboola.com https://*.kupona.de https://*.smartadserver.com https://*.pubmatic.com https://*.yieldlab.net https://*.ad-srv.net https://opt.kuponacdn.de https://*.adsrvr.org https://*.criteo.com https://*.doubleclick.net https://*.adform.net https://retrack-kupona.kuponacdn.de https://*.clarity.ms https://www.youtube-nocookie.com https://www.umfrageonline.com/ d3pvid4i674wea.cloudfront.net; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com 1
frame-ancestors https://*.shortlyst.com https://*.shopalyst.com https://shop-id-clear.com https://shop-id-clear.com/; 1
frame-ancestors 'self' https://hertfordshire.gov.uk https://*.hertfordshire.gov.uk https://su-uk-d365-bps-hcccsc-p.crm11.dynamics.com https://su-secu-azu-d365-bps-hcccsc-d.crm11.dynamics.com https://su-uk-d365-bps-hcccsc-t.crm11.dynamics.com https://su-uk-d365-bps-hcccsc-u.crm11.dynamics.com https://su-uk-d365-bps-hcccsc-l.crm11.dynamics.com https://su-uk-d365-bps-hcccsc-p.crm11.dynamics.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://www.zenaps.com https://player.vimeo.com https://isitetv.com https://ln-rules.rewardstyle.com https://e.issuu.com https://*.recaptcha.net https://tr.snapchat.com https://*.translate.naver.net https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://www.shoplooks.com blob: https://app.qubit.com https://*.abtasty.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://services.postcodeanywhere.co.uk https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net  https://*.hotjar.com https://*.parcellab.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.lookfantastic.ie https://*.abtasty.com https://sgtm.lookfantastic.ie; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://*.lookfantastic.com https://checkout.lookfantastic.ie https://www.glossybox.co.uk https://www.glossybox.se https://www.glossybox.com https://connect.facebook.net https://*.snapchat.com https://www.lookfantastic.com.sg https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.dk https://www.lookfantastic.cn; frame-ancestors 'self' https://live.lookfantastic.ie; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://*.google-analytics.com https://*.google.com https://google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://remote.captcha.com https://*.akamaihd.net https://ssl.bing.com https://ln-rules.rewardstyle.com https://*.baidu.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://sc-static.net https://*.shoplooks.com https://slooks.top https://slooks.me https://*.translate.naver.net https://*.microsofttranslator.com https://*.hotjar.com https://*.attn.tv https://*.trustpilot.com https://*.bing.com https://*.doubleclick.net https://s.pinimg.com https://static.ads-twitter.com https://*.google.co.uk https://google.co.uk https://lantern.roeyecdn.com https://lantern.roeye.com https://analytics.tiktok.com https://*.ibytedtos.com https://static.thgcdn.cn https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com https://static.goqubit.com https://*.qubit.com blob: https://*.abtasty.com https://sgtm.lookfantastic.ie; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://static.thgcdn.cn https://cdn.parcellab.com https://*.abtasty.com https://*.gstatic.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss: blob:; img-src 'self' https: data:; frame-ancestors 'self' 1
script-src www.anuvu.com *.equisolve.net qmod.quotemedia.com www.google.com fonts.googleapis.com fonts.gstatic.com google-analytics.com www.google-analytics.com googletagmanager.com www.gstatic.com browser-update.org s3.amazonaws.com mailchimp.com documentcloud.adobe.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com d1io3yog0oux5.cloudfront.net; font-src www.anuvu.com *.equisolve.net qmod.quotemedia.com www.google.com fonts.googleapis.com fonts.gstatic.com google-analytics.com www.google-analytics.com googletagmanager.com www.gstatic.com browser-update.org s3.amazonaws.com mailchimp.com documentcloud.adobe.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com d1io3yog0oux5.cloudfront.net 1
default-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://app.storyblok.com; object-src 'none'; img-src  * 'unsafe-inline' 'unsafe-eval' data:; report-uri https://1tt00t50.uriports.com/reports/enforce; report-to default 1
frame-ancestors 'self' http://empleo.trovit.com.mx; script-src 'unsafe-inline' 'unsafe-eval' blob: https://*.openreplay.com https://*.sentry-cdn.com https://*.talenteca.com https://api.hubspot.com https://accounts.google.com https://analytics.trovit.com https://connect.facebook.net https://googleads.g.doubleclick.net https://partner.googleadservices.com https://platform.twitter.com https://static.ads-twitter.com https://script.crazyegg.com https://secure.avangate.com https://tpc.googlesyndication.com https://www.googleadservices.com https://www.googletagmanager.com https://js-na1.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.usemessages.com https://cdn.ampproject.org; worker-src 'self' blob: 1
upgrade-insecure-requests; frame-ancestors https: 'self' *.nextdayflyers.com *.digitalroom.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com; 1
img-src 'self' data: images.ctfassets.net *.google-analytics.com *.ytimg.com *.tapad.com *.googletagmanager.com *.fls.doubleclick.net *.doubleclick.net *.facebook.com *.lytics.io *.akamaihd.net *.amazon-adsystem.com *.moatads.com *.cookielaw.org *.bazaarvoice.com *.amazonaws.com *.youtube.com *.haircode.com *.google.com *.google.ca click2cart.co *.agkn.com *.snapchat.com *.agkn.com *.pricespider.com consumersupport.pg.com *.mapbox.com cdn.pricespider.com embeddedcloud.pricespider.com omni.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com tr.snapchat.com *.onetrust.com feed.pghub.io ; font-src 'self' data: *.haircode.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.agkn.com *.pricespider.com feed.pghub.io pandg.tapad.com ; media-src 'self' *.cloudinary.com *.ctfassets.net *.onetrust.com feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.lytics.io *.bazaarvoice.com *.amazonaws.com *.haircode.com *.googleapis.com maxcdn.bootstrapcdn.com *.pricespider.com *.mapbox.com cdn.pricespider.com embeddedcloud.pricespider.com omni.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com tr.snapchat.com *.onetrust.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.cloudflare.com *.google.com *.google-analytics.com *.googletagmanager.com *.moatads.com *.cookielaw.org *.crazyegg.com pghub.io *.facebook.net *.segment.com *.lytics.io *.bazaarvoice.com *.amazonaws.com *.haircode.com click2cart.co *.iesnare.com *.pricespider.com consumersupport.pg.com sc-static.net *.mapbox.com *.onetrust.io cdn.pricespider.com embeddedcloud.pricespider.com omni.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com tr.snapchat.com *.onetrust.com feed.pghub.io pandg.tapad.com ; connect-src 'self' https://privacytermsprod.azureedge.net kardia-nonprod.azure-api.net kardia.azure-api.net *.crazyegg.com *.google-analytics.com *.doubleclick.net *.cookielaw.org api.segment.io *.adsrvr.org *.pg.com *.bazaarvoice.com *.smartcommerce.co click2cart.co *.haircode.com *.snapchat.com *.pricespider.com wss://wtbstream.pricespider.com consumersupport.pg.com *.mapbox.com *.onetrust.io cdn.pricespider.com embeddedcloud.pricespider.com omni.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com tr.snapchat.com *.onetrust.com feed.pghub.io pandg.tapad.com ; default-src 'self' *.googletagmanager.com *.fls.doubleclick.net *.tapad.com *.facebook.com *.bazaarvoice.com click2cart.co pgconsumersupport.secure.force.com *.youtube.com *.snapchat.com pg-lex.my.salesforce-sites.com consumersupport.pg.com cdn.pricespider.com embeddedcloud.pricespider.com omni.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com tr.snapchat.com *.onetrust.com feed.pghub.io ; frame-src 'self' consumersupport.pg.com *.youtube.com *.doubleclick.net tr.snapchat.com feed.pghub.io pandg.tapad.com ; 1
connect-src 'self' https://app.swedbank.se https://search.swedbank.se https://track.adform.net https://unpkg.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://swedbankab.d3.sc.omtrdc.net https://*.swedbank.net https://dpm.demdex.net https://dpm.swedbank.se https://dpu.swedbank.se https://agent.nina-nuance.com/ https://www.swedbank.com/sv https://swedbank.com/sv https://www.swedbank.com https://swedbank.com https://www.swedbank.se https://swedbank.se https://agent-locator.nina-nuance.com https://agent-fp.nina-nuance.com https://www.swedbank.dfs.investis.com https://swedbank.dfs.investis.com https://blikund.swedbank.se 1
default-src 'self'; script-src 'self' 'unsafe-inline' js.sentry-cdn.com *.sentry-cdn.com *.6sc.co *.bing.com cdnjs.cloudflare.com/ajax/libs/d3/3.5.5/d3.min.js chimpstatic.com *.chimpstatic.com code.jquery.com connect.facebook.net *.6sc.co *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.hscollectedforms.net *.hsforms.net scout-cdn.salesloft.com script.hotjar.com snap.licdn.com static.addtoany.com static.hotjar.com *.zoominfo.com www.conversionruler.com www.google.com www.googletagmanager.com  www.gstatic.com https://www.googleadservices.com *.zoominfo.com *.wistia.net *.wistia.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.6sc.co *.zoominfo.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.sentry.io scout.salesloft.com *.salesloft.com analytics.google.com  hubapi.com  *.bing.com  *.hscollectedforms.net  *.hsforms.com *.hotjar.com  *.6sc.co  *.linkedin.com  zoominfo.com *.hubspot.com  *.hubapi.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.zoominfo.com *.doubleclick.net *.wistia.net *.wistia.com; font-src 'self' data:  fonts.gstatic.com; frame-src 'self' *.hsforms.net *.hsforms.com go.paperlessparts.com  rfq.digital-quote.com  static.addtoany.com  www.facebook.com  www.google.com  www.youtube.com *.wistia.net *.wistia.com; img-src 'self' data:  *.6sc.co  *.bing.com *.hsforms.com  paperlessparts.com  *.linkedin.com  *.gravatar.com  *.hubspot.com  wsrv.nl  www.facebook.com  www.googletagmanager.com *.capterra.com *.doubleclick.net https://www.google.com *.zoominfo.com; manifest-src 'self'; media-src 'self'; worker-src blob:; 1
default-src 'self';base-uri 'self';form-action 'self' www.facebook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com maps.googleapis.com www.storemapper.co storemapper-herokuapp-com.global.ssl.fastly.net app.storyblok.com assets.findify.io undefined.kameleoon.eu chantsupport.zendesk.com static.zdassets.com widget-mediator.zopim.com ajax.googleapis.com https://cdn.cookielaw.org https://acsbapp.com https://cdn.jsdelivr.net/npm/hls.js@1.1.4/dist/hls.min.js analytics.tiktok.com bat.bing.com cdn.noibu.com connect.facebook.net googleads.g.doubleclick.net s.pinimg.com s3.target2sell.com static.target2sell.com t.contentsquare.net c.contentsquare.net intljs.rmtag.com ut.rd.linksynergy.com static.klaviyo.com static-tracking.klaviyo.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ec.js  blob:;object-src 'self' data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com googletagmanager.com tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://tagmanager.google.com/css/css.css;img-src 'self' www.googletagmanager.com www.facebook.com www.google-analytics.com www.google.com www.google.fr image.crisp.chat a.storyblok.com maps.gstatic.com maps.googleapis.com cdn11.bigcommerce.com storemapper-herokuapp-com.global.ssl.fastly.net us.chantelle.com s3.amazonaws.com cl-media-pattern-factory.s3-eu-west-1.amazonaws.com static.kameleoon.com fonts.gstatic.com ct.pinterest.com bat.bing.com www.google.com.pk media.chantelle.cloud imagedelivery.net https://customer-undefined.cloudflarestream.com/ idsync.rlcdn.com analytics.tiktok.com connect.facebook.net consent.linksynergy.com cdn.cookielaw.org data:;media-src 'self' a.storyblok.com https://customer-undefined.cloudflarestream.com/ data: blob:;font-src 'self' fonts.googleapis.com fonts.gstatic.com acsbapp.com data:;connect-src 'self' maps.googleapis.com chantelleus.centraqa.com www.storemapper.co api.keen.io api.storyblok.com chantelle-sandbox.mybigcommerce.com checkout.us.staging.chantelle.cloud https://api.bigcommerce.com reco.target2sell.com undefined-dsn.algolia.net undefined.kameleoon.eu eu-api-visit.kameleoon.eu eu-api-tracker.kameleoon.eu static.kameleoon.com old.kameleoon.com api.kameleoon.com data.kameleoon.io api.openweathermap.org browser-intake-datadoghq.eu rum.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.eu session-replay.browser-intake-datadoghq.eu/ chantsupport.zendesk.com ekr.zdassets.com wss://widget-mediator.zopim.com chantelle.com sst.chantelle.com sst2.chantelle.com chantelle.us cloudflarestream.com https://customer-undefined.cloudflarestream.com/ https://region1.analytics.google.com https://cdn.cookielaw.org https://privacyportal-fr.onetrust.com https://acsbapp.com https://cdn.acsbapp.com https://process.acsbapp.com https://api-v3.findify.io https://geolocation.onetrust.com api.target2sell.com analytics.tiktok.com bat.bing.com ct.pinterest.com www.google.com www.google-analytics.com region1.google-analytics.com serv-api.target2sell.com stats.g.doubleclick.net wss://input.noibu.com/pv_part;frame-src https://www.youtube.com/ https://player.vimeo.com/ https://www.facebook.com/ https://ct.pinterest.com/;frame-ancestors app.storyblok.com vercel.app; 1
frame-src 'self' *.facebook.com *.fbcdn.net *.helpscout.net themes.googleusercontent.com *.twitter.com accounts.google.com www.google.com ssl.gstatic.com; frame-ancestors *.transcribeme.com 1
default-src 'unsafe-inline' 'unsafe-eval' self *.toytoy.ir ajax.aspnetcdn.com *.sendpulse.com *.pegah.tech *.mediaad.org cdnjs.cloudflare.com *.kxcdn.com trustseal.enamad.ir *.eNamad.ir www.google-analytics.com *.googletagmanager.com *.yektanet.com *.clarity.ms *.googleapis.com *.amazonaws.com www.searchanise.com *.doubleclick.net *.yandex.ru yastatic.net *.mediaad.org *.sendpulse.com *.webpushs.com *.yandex.net *.google.com *.gstatic.com searchserverapi.com https://searchserverapi.com *.twitter.com *.amplitude.com; img-src 'unsafe-inline' *.amazonaws.com c.bing.com *.sendpulse.com *.toytoy.ir trustseal.enamad.ir *.google.com *.google.nl *.clarity.ms *.gstatic.com data: www.google-analytics.com *.sendpulse.com *.googletagmanager.com *.yandex.ru yastatic.net *.amazonaws.com *.yandex.net *.cart-services.com https://searchserverapi.com; frame-src *.pegah.tech *.mediaad.org *.toytoy.ir toytoy.ir *.yektanet.com *.sendpulse.com *.clarity.ms *.aparat.com *.google.com trustseal.enamad.ir *.gstatic.com https://searchserverapi.com; font-src 'unsafe-inline' self *.googleusercontent.com *.searchanise.com *.sendpulse.com *.toytoy.ir *.google.com data: *.cart-services.com *.gstatic.com https://searchserverapi.com;connect-src self *.toytoy.ir *.pegah.tech *.mediaad.org ajax.aspnetcdn.com *.sendpulse.com cdnjs.cloudflare.com *.kxcdn.com trustseal.enamad.ir *.eNamad.ir www.google-analytics.com *.googletagmanager.com *.yektanet.com *.clarity.ms *.googleapis.com *.amazonaws.com www.searchanise.com *.doubleclick.net *.yandex.ru yastatic.net *.sendpulse.com *.webpushs.com *.yandex.net *.google.com *.cart-services.com *.gstatic.com https://pushdata.sendpulse.com:4434 https://searchserverapi.com *.amplitude.com 1
default-src 'self';script-src 'self' www.google-analytics.com 'nonce-9HFERBCEq2w/hn1nY8H+QFqjS+WVkPvf5PkBpf4jBr0=';style-src * 'self' 'unsafe-inline';connect-src 'self' www.google-analytics.com stats.g.doubleclick.net;font-src * 'self' data:;img-src * 'self' data: data: blob:;media-src * 'self' blob:;frame-ancestors 'none';frame-src https://www.youtube.com/;base-uri 'self' 1
default-srd 'self'; 1
upgrade-insecure-requests; connect-src * data: blob: 'unsafe-inline'; frame-ancestors https://firstsportz.com https://*.firstsportz.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.salesmanago.pl https://www.googletagmanager.com *.criteo.com https://www.youtube.com https://alerabat.go2cloud.org/ *.trustedshops.com cdn.tmtarget.com/ cdn.trackmytarget.com https://s.pinimg.com https://connect.facebook.net https://bat.bing.com https://analytics.tiktok.com https://googleads.g.doubleclick.net *.zonka.co https://*.hotjar.com https://www.clarity.ms https://*.pinterest.com; style-src 'self' blob: https: 'unsafe-inline' https://backend-m2.focusgarden.pl; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self' blob: *.zonka.co; worker-src 'self' blob: *.zonka.co; font-src 'self' fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/webfonts/ data: ; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com https://start.paypo.pl/ *.eraty.pl *.santanderconsumer.pl *.doubleclick.net *.paypo.pl *.pinterest.com *.criteo.com *.salesmanago.pl *.hotjar.com https://alerabat.go2cloud.org/ *.trustedshops.com *.credit-agricole.pl *.zonka.co; 1
frame-ancestors 'self'; default-src 'none'; script-src 'self' 'unsafe-inline' https://consentcdn.cookiebot.com https://consent.cookiebot.com https://*.google-analytics.com https://www.google.com https://*.googletagmanager.com https://*.gstatic.com https://googleads.g.doubleclick.net https://connect.facebook.net https://*.googleadservices.com; connect-src 'self' https://consentcdn.cookiebot.com https://consent.cookiebot.com https://pagead2.googlesyndication.com https://*.google-analytics.com https://stats.g.doubleclick.net https://region1.analytics.google.com https://googleads.g.doubleclick.net https://www.google.com; img-src 'self' data: blob: https://www.google.ro https://www.google.com https://imgsct.cookiebot.com https://*.gstatic.com https://sources-fgo.s3.eu-central-1.amazonaws.com https://sources-fgo-test.s3.eu-central-1.amazonaws.com https://fgo-ext-docs.s3.eu-central-1.amazonaws.com https://sources.fgo.ro https://s3.eu-central-1.amazonaws.com https://www.facebook.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; base-uri 'self'; form-action 'self' https://accounts.google.com https://login.microsoftonline.com https://logincert.anaf.ro https://www.facebook.com; font-src 'self' data: https://*.gstatic.com; frame-src 'self' https://consentcdn.cookiebot.com https://www.youtube.com https://www.google.com https://fgo-docs.s3.eu-central-1.amazonaws.com https://td.doubleclick.net https://www.facebook.com 1
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; font-src 'self' *; frame-ancestors 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' notifly.tech https://*.notifly.tech https://*.cloudfront.net https://connect.facebook.net https://www.googletagmanager.com https://*.iamport.kr https://*.kakaocdn.net; style-src 'self' 'unsafe-inline' https://*.notifly.tech https://fonts.googleapis.com; img-src 'self' data: notifly.tech https://*.notifly.tech https://www.facebook.com https://developers.kakao.com https://www.svgrepo.com; connect-src 'self' notifly.tech https://*.notifly.tech https://www.google-analytics.com https://*.stepby.co https://www.googletagmanager.com https://*.amazonaws.com https://*.iamport.kr https://*.tosspayments.com; font-src 'self' https://fonts.gstatic.com; object-src 'none'; frame-src 'self' https://*.notifly.tech https://*.iamport.kr; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests 1
frame-ancestors 'self' cms.golfadvisor.com cms.golfpass.com  *.golfpass.com *.golfgenius.com golfgenius.com  ggstest.com ggstest2.com 1
frame-ancestors 'self' www.signal-iduna.de www.signal-iduna-agentur.de onlineberatung.signal-iduna.de pdc.signal-iduna.de avusweb.system.local avusonline.signal-iduna.de test.reisekranken.signal-iduna.de reisekranken.signal-iduna.de 1
frame-ancestors 'self'  compass.fti-group.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: icp-api-stg-bgttajodjq-uc.a.run.app api.ipify.org *.googleapis.com *.omnize.com.br *.tealeaf.ibmcloud.com c6auto.com.br tealeaf.ibmcloud.com certiface.com.br *.oktacdn.com *.okta.com *.accenture.com *.google-analytics.com google-analytics.com *.stats.g.doubleclick.net stats.g.doubleclick.net *.googletagmanager.com googletagmanager.com *.optimize.google.com optimize.google.com *.hotjar.com:* *.hotjar.io *.hotjar.com; script-src * 'unsafe-inline' 'unsafe-eval' icp-api-stg-bgttajodjq-uc.a.run.app *.googleapis.com *.omnize.com.br *.tealeaf.ibmcloud.com tealeaf.ibmcloud.com *.hotjar.com:* *.hotjar.io *.hotjar.com; img-src * data: blob: ; style-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *; font-src 'self' 'unsafe-eval' * blob: data:; child-src * blob: data:; media-src * blob: data:; connect-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: icp-api-stg-bgttajodjq-uc.a.run.app api.ipify.org *.googleapis.com *.omnize.com.br *.tealeaf.ibmcloud.com tealeaf.ibmcloud.com c6auto.com.br certiface.com.br *.oktacdn.com *.okta.com *.google-analytics.com google-analytics.com *.stats.g.doubleclick.net stats.g.doubleclick.net *.googletagmanager.com googletagmanager.com *.optimize.google.com optimize.google.com *.hotjar.com:* *.hotjar.io *.hotjar.com; upgrade-insecure-requests; block-all-mixed-content; 1
upgrade-insecure-requests; frame-ancestors 'self'; base-uri 'self' https://dietpi.com/matomo/index.php https://dietpi.com/grafana/; default-src 'none'; object-src 'none'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com; worker-src 'self' blob:; frame-src 'self'; manifest-src 'self'; connect-src 'self' https://api.github.com 1
https: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' * data: 'unsafe-inline'  'unsafe-eval'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' wss://*.hotjar.com *.hotjar.com *.hotjar.io data: blob: calendly.com *.calendly.com  *.comeet.co *.youtube.com *.hubapi.com *.hubspot.com *.hs-analytics.net *.hsadspixel.net *.hsforms.net *.usemessages.com *.hs-banner.com *.hsforms.com *.hs-scripts.com *.cookielaw.org *.cloudflare.com *.googleadservices.com *.googletagmanager.com google.com *.google.com *.outgrow.us *.google-analytics.com *.ads-twitter.com *.licdn.com *.hotjar.com *.trinitymedia.ai *.techtarget.com *.amazonaws.com *.onetrust.com *.linkedin.com *.doubleclick.net *.trendemon.com *.twitter.com t.co trinitymedia.ai static.addtoany.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; 1
frame-ancestors 'self' https://manage.offshore-mag.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self';     script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com cdn-ukwest.onetrust.com footer.diageohorizon.com va.vercel-scripts.com vercel.live https://*.googletagmanager.com https://*.google-analytics.com static.ads-twitter.com rules.quantcount.com pixel.quantcount.com insight.adsrvr.org/ *.facebook.com https://connect.facebook.net https://secure.quantserve.com https://d.turn.com https://js.adsrvr.org js.monitor.azure.com api.mapbox.com www.google.com www.gstatic.com diageoagegate.diageoplatform.com www.googletagmanager.com cdnjs.cloudflare.com cdn.treasuredata.com web.diageoagegate.com www.youtube.com cdn.evgnet.com *.in.treasuredata.com *.smirnoff.com www.diageoagegate.com code.jquery.com cdn.debugbear.com;     style-src 'self' 'unsafe-inline' https://*.googleapis.com cdn.fonts.net cdn.channelsight.com api.mapbox.com vercel.live footer.diageohorizon.com;     img-src 'self' blob: data: https://*.googleapis.com maps.gstatic.com https://cscoreproweustor.blob.core.windows.net images.ctfassets.net t.co analytics.twitter.com www.google.co.uk https://*.google.com *.google.de *.google.ie https://*.g.doubleclick.net https://*.googletagmanager.com https://*.google-analytics.com *.analytics.google.com i.vimeocdn.com cdn.channelsight.com cdn-ukwest.onetrust.com vercel.com *.facebook.com pixel.quantserve.com insight.adsrvr.org/ *.cloudfunctions.net www.google-analytics.com ad.doubleclick.net www.drinkiq.com www.diageoagegate.com media.diageocms.com media.diageodam.com media-diageocms.diageoplatform.com;     media-src 'self' assets.ctfassets.net videos.ctfassets.net player.vimeo.com vod-progressive.akamaized.net download-video.akamaized.net;     connect-src 'self' s3.eu-west-1.amazonaws.com https://*.googleapis.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google-analytics.com *.analytics.google.com *.facebook.com images.ctfassets.net api.channelsight.com *.algolianet.com *.algolia.net api.mapbox.com cdn-ukwest.onetrust.com geolocation.onetrust.com privacyportal-uk.onet vercel.live dc.services.visualstudio.com *.google-analytics.com privacyportal-uk.onetrust.com events.mapbox.com *.evergage.com www.google.com *.doubleclick.net footer.diageohorizon.com *.debugbear.com;     font-src 'self' data: cdn.channelsight.com fonts.gstatic.com;     worker-src blob:;     object-src 'self' blob: cdn.channelsight.com api.mapbox.com;     base-uri 'self';     form-action 'self' *.r2sndr.com;     frame-src vercel.live match.adsrvr.org insight.adsrvr.org where-to-buy.co google.com *.google.com *.doubleclick.net;     frame-ancestors 'none';     block-all-mixed-content;     upgrade-insecure-requests; 1
object-src 'none'; script-src 'self' 'unsafe-inline' localhost:12719 *.cloudfront.net *.google.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.gstatic.com *.facebook.net *.googlecommerce.com *.moatads.com *.paypal.com *.postcodeanywhere.co.uk *.stripe.com *.ampproject.org *.afterpay.com *.sagepay.com *.elavon.com *.vimeo.com chimpstatic.com sibautomation.com *.dekopay.com *.payments-amazon.com *.klaviyo.com *.clarity.ms 1
default-src 'self' *.go.com * data:; script-src 'self' *.go.com *.wdpromedia.com 'unsafe-inline' 'unsafe-eval' *.demdex.net *.adobedtm.com *.facebook.net *.googletagmanager.com *.scorecardresearch.com *.licdn.com *.google-analytics.com *.yimg.com *.bing.com *.linkedin.com *.yahoo.com *.disney.com *.akamaihd.net *.omtrdc.net *.twitter.com *.ads-twitter.com *.bkrtx.com *.bluekai.com *.youtube.com *.ytimg.com *.googleadservices.com *.resonate.com *.reson8.com *.instagram.com *.cookielaw.org js.adsrvr.org; style-src 'self' 'unsafe-inline' *.wdpromedia.com *.go.com *.disney.com; img-src 'self' *.go.com *.wdpromedia.com * data: *.disney.com; connect-src 'self' *.go.com *.google-analytics.com *.disney.com * data:; font-src 'self' *.go.com *.disney.com * data:; frame-src 'self' *.go.com *.adsrvr.org *.disney.com * data:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://framapiaf.org https://framasoft.org; img-src 'self' https: data: blob: https://framapiaf.org https://stats.framasoft.org https://framasoft.org https://framaclic.org; style-src 'self' https://framapiaf.org https://framasoft.org 'nonce-3Mdr7IrlkLPrfJCp3X9rGg=='; media-src 'self' https: data: https://framapiaf.org; frame-src 'self' https:; manifest-src 'self' https://framapiaf.org; form-action 'self'; child-src 'self' blob: https://framapiaf.org; worker-src 'self' blob: https://framapiaf.org; connect-src 'self' data: blob: https://framapiaf.org https://stockage.framapiaf.org wss://framapiaf.org https://framasoft.org; script-src 'self' https://framapiaf.org 'wasm-unsafe-eval' https://framasoft.org 1
frame-ancestors 'self' https://app.safe.global https://holesky-safe.protofire.io; 1
frame-src https://www.google.com;script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://analytics.tiktok.com https://snap.licdn.com https://cdn.jsdelivr.net https://*.usabilla.com https://*.cdn.apollographql.com https://cdn.cookielaw.org https://maps.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://sgtm.allinclusive-collection.com https://hydehotels.com https://top-fwz1.mail.ru https://*.sojern.com https://ad.doubleclick.net https://*.newrelic.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.cdn.apollographql.com https://maps.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://hydehotels.com https://top-fwz1.mail.ru https://*.sojern.com https://ad.doubleclick.net;img-src https: data: 'self' 'unsafe-inline';default-src 'self' 'unsafe-inline' data: https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net https://www.googletagmanager.com https://sgtm.allinclusive-collection.com https://*.cookielaw.org https://*.onetrust.com https://*.googleapis.com https://*.gstatic.com https://*.analytics.google.com https://www.google-analytics.com https://images.ctfassets.net https://*.imgix.net https://hydehotels.com https://top-fwz1.mail.ru https://*.sojern.com https://ad.doubleclick.net https://bam.nr-data.net;object-src 'none' 1
default-src 'self' https://*.cargoclix.com; worker-src *.cargoclix.com; script-src 'self' *.gstatic.com *.google.com *.cargoclix.com *.leadlab.click *.googleapis.com *.youtube.com *.googletagmanager.com *.addtoany.com cdn.boldreports.com cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.cargoclix.com fonts.googleapis.com cdn.boldreports.com cdnjs.cloudflare.com ajax.googleapis.com 'unsafe-inline';img-src 'self' *.googleapis.com *.gstatic.com *.gravatar.com *.cargoclix.com data:; connect-src 'self' *.google-analytics.com https://*.cargoclix.com https://maps.googleapis.com https://*.leadlab.click ; font-src 'self' https://*.cargoclix.com fonts.gstatic.com data:; object-src 'none'; media-src https://*.cargoclix.com/* 'self'; form-action 'self' https://*.cargoclix.com https://ccx2 http://ccx2 https://*.safe-checkin.com; frame-ancestors 'self' https://*.cargoclix.com; frame-src https://*.youtube.com https://static.addtoany.com *.google.com; img-src * 'self' data: https:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' acuris.wpengine.com * www.googletagmanager.com www.google.com ajax.googleapis.com en25.com  google-analytics.com analytics.google.com www.google-analytics.com; 1
base-uri 'self'; child-src 'self' data: *.google.com *.google.com.vn *.youtube.com *.youtu.be; connect-src 'self' *.google-analytics.com *.tiktok.com *.tawk.to wss://*.tawk.to *.google.com *.doubleclick.net; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net *.gstatic.com *.tawk.to; form-action 'self'; frame-src 'self' data: *.google.com *.google.com.vn *.youtube.com *.youtu.be youtu.be *.doubleclick.net; img-src 'self' data: *.google.com *.google.com.vn *.googletagmanager.com *.tawk.to cdn.jsdelivr.net hostingviet.vn *.hostingviet.vn *.hostingviet.com.vn tawk.link *.amazonaws.com *.ytimg.com; object-src 'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.google.com.vn *.googleapis.com *.fbcdn.net *.facebook.com *.googletagmanager.com *.tiktok.com *.doubleclick.net *.tawk.to cdn.jsdelivr.net 'nonce-6c339bd2bf0a642f0ccc1cb9'; style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com *.facebook.net *.googleapis.com *.tawk.to cdn.jsdelivr.net; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.map.naver.com https://dapi.kakao.com http://dapi.kakao.com https://*.kakaocdn.net http://*.daumcdn.net https://*.daumcdn.net https://*.kakao.com http://*.kakao.com https://www.youtube.com http://*.daumcdn.net http://*.google.com https://*.google.com http://*.googleapis.com https://*.googleapis.com https://*.koreatech.ac.kr; style-src 'self' 'unsafe-inline' http://*.daumcdn.net https://unpkg.com/ https://fonts.googleapis.com https://*.googleapis.com http://*.googleapis.com https://*.gstatic.com; img-src 'self' https://ssl.gstatic.com https://www.gstatic.com https://www.kogl.or.kr https://i.ytimg.com https://*.kakao.com http://*.kakao.com http://*.daumcdn.net https://*.daumcdn.net https://chart.apis.google.com http://*.naver.net https://*.naver.net data: https://*.pstatic.net http://*.pstatic.net https://*.koreatech.ac.kr http://fonts.gstatic.com https://fonts.gstatic.com http://*.google.com https://*.google.com http://*.googleapis.com https://*.googleapis.com https://webzine.koreatech.ac.kr http://webzine.koreatech.ac.kr https://*.cdninstagram.com https://static.xx.fbcdn.net https://satreci.recruiter.co.kr https://img.etnews.com https://api.qrserver.com; font-src 'self' data: https://unpkg.com/ https://fonts.googleapis.com https://fonts.gstatic.com/; connect-src 'self' https://nelo2-col.navercorp.com http://translate.googleapis.com https://translate.googleapis.com https://webfilter.koreatech.ac.kr https://*.koreatech.ac.kr; frame-src 'self' http://127.0.0.1 https://*.map.naver.com https://www.youtube.com http://postcode.map.daum.net https://postcode.map.daum.net https://player.vimeo.com/video/640195938 https://webfilter.koreatech.ac.kr https://*.koreatech.ac.kr; frame-ancestors 'self' http://127.0.0.1 https://*.map.naver.com https://www.youtube.com http://postcode.map.daum.net https://postcode.map.daum.net https://player.vimeo.com/video/640195938 https://webfilter.koreatech.ac.kr https://*.koreatech.ac.kr; script-src-elem 'unsafe-inline' 'self' https://dapi.kakao.com http://dapi.kakao.com https://*.map.naver.com https://*.map.naver.net http://*.map.naver.net http://*.map.naver.com https://*.pstatic.net http://*.pstatic.net http://*.daumcdn.net http://*.google.com https://*.google.com http://*.googleapis.com https://*.googleapis.com https://*.koreatech.ac.kr; 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https://cms.hostmds.com https://analytics.sleeknote.com https://www.googletagmanager.com https://www.facebook.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' https://stablechat.mysecurecloudhost.com; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-IFxDjOXFgAq37D93M2I1Jisuj7MZrPZb' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1
frame-ancestors 'none'; report-uri https://redacted.ch/csp_report.php 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; report-uri https://revalize.report-uri.com/r/t/csp/enforce 1
default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.aspnetcdn.com *.googleapis.com *.pendo.io *.gstatic.com *.jquery.com *.googlecode.com *.google-analytics.com *.doubleclick.net *.useriq.com *.costar.com *.virtualpremise.com:* *.us.costar.local localhost:* *.csgpimgs.com  *.matterport.com data: https:; 1
base-uri 'self';default-src 'self' blob:;font-src 'self' *.naf.no res.cloudinary.com script.hotjar.com fonts.gstatic.com data:;media-src 'self' *.naf.no res.cloudinary.com blob:;form-action 'self' qa-extra2-core.qa.gneis.io qa-circlekid-core.qa.gneis.io id.circlekeurope.com extra.circlekeurope.com mtf.pvu.avtalegiro.no;frame-src app.vwo.com https://*.visualwebsiteoptimizer.com omny.fm https://*.youtube.com youtube.com stage.id.naf.no id.naf.no embed.acast.com 6680107.fls.doubleclick.net web106.reachmee.com https://*.hotjar.com dntcl.qualaroo.com datawrapper.dwcdn.net consentcdn.cookiebot.com checkout.vipps.no consent.cookiebot.com google.com https://*.google.com google.no https://*.google.no tpc.googlesyndication.com tourstart.org d1omrgmvhbogxk.cloudfront.net td.doubleclick.net secure.viewer.zmags.com;child-src omny.fm https://*.youtube.com youtube.com stage.id.naf.no id.naf.no embed.acast.com 6680107.fls.doubleclick.net web106.reachmee.com vars.hotjar.com static.hotjar.com dntcl.qualaroo.com datawrapper.dwcdn.net consentcdn.cookiebot.com consent.cookiebot.com google.com;style-src 'self' *.naf.no 'unsafe-inline' 'report-sample' https://*.visualwebsiteoptimizer.com s3.amazonaws.com app.vwo.com cdn.pushcrew.com fonts.googleapis.com optimize.google.com translate.googleapis.com https://*.hotjar.com www.googletagmanager.com;img-src 'self' *.naf.no *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com chart.googleapis.com cdn.sanity.io sgtm.naf.no google.ie *.google.ie script.hotjar.com ade.googlesyndication.com data: www.naf.no res.cloudinary.com bildata.ofv.no *.google.com *.google.no *.google.dk *.google.es *.google.se *.google.de *.google.fi *.google.lv *.google.co.th *.google.pl *.google.com.tr *.google.co.uk *.google.co.nz *.google.lk *.google.co.id *.google.pt *.google.ch *.google.be *.googletagmanager.com www.googletagmanager.com *.googleapis.com pagead2.googlesyndication.com 6054118.global.siteimproveanalytics.io www.facebook.com marketing.naf.no *.clarity.ms c.clarity.ms bat.bing.com c.bing.com ad.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net *.gstatic.com img.youtube.com www.googleadservices.com www.analytics-debugger.com imgsct.cookiebot.com *.kjoretoydata.no kjoretoydata.no https://s3.amazonaws.com https://cl.qualaroo.com;script-src 'strict-dynamic' 'self' *.naf.no 'unsafe-inline' *.naf.no *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com consent.cookiebot.com consentcdn.cookiebot.com *.sgtm.naf.no sgtm.naf.no 'nonce-o2KPz3sakxoHKBYuIpbBAg==' script.hotjar.com euwa.puzzel.com connect.facebook.net maps.googleapis.com 'report-sample';script-src-attr 'self' 'unsafe-inline' consent.cookiebot.com m.facebook.com 'report-sample';object-src 'none';connect-src 'self' *.naf.no *.visualwebsiteoptimizer.com app.vwo.com *.ent.northeurope.azure.elastic-cloud.com *.puzzel.com google.com google.ie *.google.ie googleads.g.doubleclick.net *.google.com *.cookiebot.com *.hotjar.io *.hotjar.com *.mouseflow.com vc.hotjar.io pagead2.googlesyndication.com wss://sr-naf-ch-dev.service.signalr.net wss://sr-naf-ch-test.service.signalr.net wss://sr-naf-ch-prod.service.signalr.net sr-naf-ch-dev.service.signalr.net sr-naf-ch-test.service.signalr.net sr-naf-ch-prod.service.signalr.net wss://sigr-nafch-dev.service.signalr.net wss://sigr-nafch-test.service.signalr.net wss://sigr-nafch-prod.service.signalr.net sigr-nafch-dev.service.signalr.net sigr-nafch-test.service.signalr.net sigr-nafch-prod.service.signalr.net res.cloudinary.com in.hotjar.com stats.g.doubleclick.net stage.id.naf.no id.naf.no dev-api2.naf.no test-api2.naf.no api2.naf.no dc.services.visualstudio.com *.sgtm.naf.no sgtm.naf.no api.billan.nordea.no bat.bing.com *.clarity.ms www.clarity.ms wss://*.hotjar.com maps.googleapis.com www.gstatic.com naf.matomo.cloud video-analytics-api.cloudinary.com ws.geonorge.no/ region1.google-analytics.com analytics-api-s.cloudinary.com dev-api2.naf.no test-api2.naf.no api2.naf.no;frame-ancestors https://*.naf.no https://dev.cms.naf.no https://test.cms.naf.no https://cms.naf.no;upgrade-insecure-requests;worker-src 'self' blob:;manifest-src 'self' 1
default-src 'none'; script-src 'self' https://plausible.io 'sha256-/6SBPqW+GW+//4nlXX6Y1nR9dWlh0gsQJ6KK71djH6A='; style-src 'self' 'unsafe-inline'; img-src 'self' https://*.digitalpurchaseorder.com https://*.digitalpurchaseorder.de; font-src 'self' https://*.digitalpurchaseorder.com https://fonts.gstatic.com data:; connect-src 'self' https://*.digitalpurchaseorder.com; media-src 'self' https://*.digitalpurchaseorder.com https://*.digitalpurchaseorder.de; manifest-src 'self'; object-src 'none'; prefetch-src 'self' https://*.digitalpurchaseorder.com; child-src 'self' https://*.digitalpurchaseorder.com; worker-src 'self'; frame-ancestors 'self' https://*.digitalpurchaseorder.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' 1
frame-ancestors 'self' https://*.vistasocial.com https://vistasocial.com 1
frame-ancestors *.bremerhaven.de *.eye-able.com; upgrade-insecure-requests 1
upgrade-insecure-requests; default-src blob: data: 'self' 'unsafe-inline' *.cvs.com *.caremark.com:11091 *.cvshealth.com *.kampyle.com *.launchdarkly.com *.medallia.com *.foresee.com *.go-mpulse.net *.akstat.io *.monetate.net *.foreseeresults.com *.secure.checkout.visa.com *.google-analytics.com *.googletagservices.com *.px-cloud.net dev.virtualearth.net *.px-cdn.net *.pxchk.net *.braintreegateway.com *.paypal.com *.demdex.net *.criteo.com *.tiqcdn.com *.cookielaw.org *.onetrust.com *.quantummetric.com *.braintree-api.com *.cloudflare.com *.criteo.net request.eprotect.vantivcnp.com secondary.eprotect.vantivcnp.com request.eprotect.vantivprelive.com *.visa.com *.groupbycloud.com *.bing.com cdn.cpnscdn.com *.fls.doubleclick.net *.wishabi.com *.flippenterprise.net fonts.gstatic.com *.flippback.com *.flipp.com *.wishabi.ca *.google.com *.gstatic.com cdn.binaryfountain.com *.wistia.com *.wistia.net *.adobedtm.com *.adoberesources.net *.adobedc.net *.tt.omtrdc.net h.online-metrix.net; script-src blob: data: 'self' 'unsafe-inline' 'unsafe-eval' *.cvs.com *.cookielaw.org *.onetrust.com *.cvshealth.com *.go-mpulse.net *.kampyle.com *.medallia.com *.appdynamics.com *.googleapis.com *.braintreegateway.com *.googleadservices.com *.google-analytics.com *.googletagservices.com *.googletagmanager.com *.akstat.io *.monetate.net *.foresee.com *.foreseeresults.com code.jquery.com *.g.doubleclick.net *.virtualearth.net *.paypalobjects.com *.rlcdn.com *.secure.checkout.visa.com *.paypal.com *.mastercard.com *.discover.com *.aexp-static.com *.quantummetric.com *.demdex.net *.criteo.com *.tiqcdn.com *.akstat.io *.americanexpress.com cdn.polyfill.io *.cloudflare.com *.px-cloud.net www.hlserve.com cdn.groupbycloud.com *.criteo.net *.bluecore.com *.px-cdn.net *.pxchk.net *.aexp-static.com *.visa.com request.eprotect.vantivcnp.com secondary.eprotect.vantivcnp.com request.eprotect.vantivprelive.com *.appspot.com *.bing.com *.cvscaremark.com cdn.cpnscdn.com *.fls.doubleclick.net *.wishabi.com *.flippenterprise.net fonts.gstatic.com *.flippback.com *.flipp.com *.wishabi.ca *.google.com *.gstatic.com *.brsrvr.com cdn.binaryfountain.com *.wistia.com *.discovercard.com *.adobedtm.com *.adoberesources.net *.adobedc.net *.facebook.com *.facebook.net *.oracleinfinity.io *.appdynamics.com *.eum-appdynamics.com *.launchdarkly.com h.online-metrix.net; connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.cvs.com *.cookielaw.org *.onetrust.com *.cvshealth.com *.kampyle.com *.medallia.com *.caremark.com:11091 *.virtualearth.net *.launchdarkly.com *.groupbycloud.com request.eprotect.vantivcnp.com secondary.eprotect.vantivcnp.com request.eprotect.vantivprelive.com *.adobeaemcloud.com *.google-analytics.com *.bluecore.com *.foreseeresults.com *.4seeresults.com *.quantummetric.com *.px-cloud.net *.px-cdn.net *.pxchk.net *.criteo.net *.secure.checkout.visa.com *.akstat.io *.go-mpulse.net *.paypal.com *.foresee.com *.mastercard.com *.braintreegateway.com *.visa.com *.braintree-api.com *.rlcdn.com *.go-mpulse.net *.criteo.com *.akamaihd.net *.demdex.net *.bing.com cdn.cpnscdn.com *.fls.doubleclick.net *.wishabi.com *.flippenterprise.net fonts.gstatic.com *.flippback.com *.flipp.com *.wishabi.ca *.google.com *.gstatic.com *.wistia.com *.googleapis.com *.discover.com *.discovercard.com *.adobedtm.com *.adoberesources.net *.adobedc.net *.eum-appdynamics.com *.tt.omtrdc.net *.launchdarkly.com h.online-metrix.net; frame-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.kampyle.com *.medallia.com *.appdynamics.com request.eprotect.vantivcnp.com request.eprotect.vantivprelive.com *.secure.checkout.visa.com *.braintreegateway.com *.criteo.com *.cookielaw.org *.onetrust.com *.paypal.com cj.dotomi.com *.mastercard.com di.rlcdn.com www.emjcd.com *.americanexpress.com *.visa.com cvs.demdex.net cdn.cpnscdn.com *.fls.doubleclick.net *.g.doubleclick.net *.wishabi.com *.flippenterprise.net fonts.gstatic.com *.flippback.com *.flipp.com *.wishabi.ca *.google.com *.gstatic.com *.youtube.com youtube.com *.wistia.com *.discover.com *.discovercard.com *.launchdarkly.com *.quantummetric.com h.online-metrix.net; img-src blob: data: 'self' data: *.cvs.com *.kampyle.com *.medallia.com cm.everesttech.net *.cvshealth.com *.akstat.io *.visa.com *.rlcdn.com *.secure.checkout.visa.com *.hlserve.com *.foreseeresults.com *.4see.mobi *.foresee.com www.google.com *.demdex.net *.monetate.net *.criteo.com *.criteo.net *.paypal.com *.bluecore.com *.virtualearth.net *.doubleclick.net *.bing.com cdn.cpnscdn.com *.fls.doubleclick.net *.wishabi.com *.flippenterprise.net fonts.gstatic.com *.googleapis.com *.googleadservices.com *.flippback.com *.flipp.com *.wishabi.ca *.gstatic.com *.ctfassets.net *.scene7.com *.clip.pdn.coupons.com *.origin-cdn.pdn.coupons.com *.brsrvr.com *.wistia.com *.cookielaw.org *.onetrust.com *.discovercard.com *.facebook.com *.facebook.net *.oracleinfinity.io *.eum-appdynamics.com *.launchdarkly.com h.online-metrix.net; object-src thm.visa.com 1
default-src https:; img-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 1
script-src 'self' 'unsafe-eval' https://www.google-analytics.com https://www.google.com https://ajax.aspnetcdn.com http://munchkin.marketo.net https://cdn.jsdelivr.net http://cdn.bizible.com https://www.gstatic.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://pages.altisource.com https://cdnjs.cloudflare.com https://use.fontawesome.com 'unsafe-inline'; object-src 'self' 1
default-src *;img-src 'self';font-src 'self' https://fonts.gstatic.com;style-src 'self' https://fonts.googleapis.com 'unsafe-inline';script-src 'strict-dynamic' 'nonce-1U9YFNlAIDzS3OXN4XAWipSuML4=' https: 'unsafe-inline';frame-src https://www.google.com/recaptcha/;base-uri 'none';object-src 'none';report-to main-endpoint; 1
default-src data: https:; script-src data: https: 'unsafe-eval' 'unsafe-inline'; style-src data: https: 'unsafe-inline'; report-uri /report/content-security-policy 1
default-src ws: 'self' data: blob: 'unsafe-inline' 'unsafe-eval' eventcinemas.co.nz *.eventcinemas.co.nz *.americanexpress.com *.android.com *.braintree-api.com *.braintreegateway.com *.braze.com *.byspotify.com *.cardinalcommerce.com *.cloudflare.com *.cloudflareaccess.com *.cloudfront.net *.doubleclick.net *.eventcinemas.co.nz *.eventcinemas.com.au *.facebook.com *.fontawesome.com *.google-analytics.com *.google.co.nz *.google.com *.google.com.au *.googleadservices.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.imdb.com *.instagram.com *.kaptcha.com *.movio.co *.mycardsecure.com *.parlourlane.com *.paypal.com *.paypalobjects.com *.quantcount.com *.quantserve.com *.rialto.co.nz *.rokt.com *.rsa3dsauth.co.uk *.rydges.com *.shift72.com *.spotify.com *.stripe.com *.tiktok.com *.typekit.net *.unpkg.com *.vimeo.com *.wp.com *.wufoo.com *.wufoo.eu *.youtube.com adservice.google.de adservice.google.fr americanexpress.com analytics.pangle-ads.com analytics.tiktok.com android.com attestation.android.com bam.nr-data.net braze.com cardinalcommerce.com cdn.honey.io cloudflare.hcaptcha.com cloudfront.net code.jquery.com connect.facebook.net dggwxdl5oqubl.cloudfront.net eventcinemas.com.au fontawesome.com google.com googletagmanager.com i.ytimg.com instagram.com js-agent.newrelic.com js.appboycdn.com kg668dbov0.execute-api.us-east-1.amazonaws.com mycardsecure.com parlourlane.com participant.connect.ap-southeast-2.amazonaws.com paypal.com rsa3dsauth.co.uk secure7.arcot.com securepubads.g.doubleclick.net sharepointonline.com shift72.com spotify.com stripe.com tiktok.com typekit.net unpkg.com vimeo.com wp.com www.aexp-static.com www.googletagmanager.com www.googletagservices.com www.moonlight.com.au www.surveymonkey.com; frame-src *; object-src 'none'; img-src 'self' https: data: blob:;  upgrade-insecure-requests; report-uri https://evtgroup.report-uri.com/r/t/csp/enforce 1
default-src 'self' *.kicad.org;img-src * data:;font-src 'self' fonts.gstatic.com *.kicad.org;style-src 'self' 'unsafe-inline' *.kicad.org fonts.googleapis.com;media-src 'self' *.youtube.com player.vimeo.com *.kicad.org;object-src 'self' *.youtube.com *.kicad.org;script-src 'self' 'unsafe-inline' *.kicad.org static.cloudflareinsights.com ajax.cloudflare.com;frame-src 'self' *.kicad.org *.youtube.com *.dl.osdn.jp osdn.net *.osdn.net *.rwth-aachen.de *.nchc.org.tw mirrors.gigenet.com mirrors.xtom.com mirrors.dotsrc.org mirrors.tuna.tsinghua.edu.cn mirrors.xtom.com.hk mirrors.bfsu.edu.cn mirror.liquidtelecom.com ftp.acc.umu.se osdn.mirror.constant.com mirror.math.princeton.edu plug-mirror.rcac.purdue.edu openbsd.c3sl.ufpr.br ftp.iij.ad.jp ftp.jaist.ac.jp ftp.onet.pl mirror.sjtu.edu.cn mirrors.nju.edu.cn player.vimeo.com mailto: 1
frame-ancestors 'self' https://www.coursera.support 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src data: https:; 1
default-src https: wss: blob: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' 1
frame-ancestors 'self' https://*.winho.com.tw https://www.945d.tw; upgrade-insecure-requests 1
frame-ancestors 'self' cws-preprod.east-west.dk selvbetjening.rejsekort.dk cws-tsta.east-west.dk cws-buc.east-west.dk cws-tstc.east-west.dk 1
default-src 'self'; img-src 'self'; connect-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.fontawesome.com use.fontawesome.com https://unpkg.com/ *.wistia.com *.wistia.net *.stripe.com *.adroll.com script.crazyegg.com googleads.g.doubleclick.net *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com www.google-analytics.com snap.licdn.com ws.zoominfo.com *.ifebp.org 'unsafe-inline' 'unsafe-eval' https://cdn.insight.sitefinity.com https://dec.azureedge.net; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.fontawesome.com use.fontawesome.com https://unpkg.com/ *.wistia.com 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com placeimg.com picsum.photos *.picsum.photos *.wistia.net *.wistia.com i0.wp.com i2.wp.com *.analytics.google.com *.google-analytics.com *.adroll.com stats.g.doubleclick.net *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com www.google.com *.congress.gov *.linkedin.com *.doubleclick.net https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com use.fontawesome.com *.wistia.com *.wistia.net; frame-src 'self' https://www.youtube.com *.soundcloud.com *.smartsheet.com *.google.com *.stripe.com *.fast.wistia.com *.ifebp.org *.vimeo.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.fontawesome.com https://blog.ifebp.org *.wistia.com *.wistia.net analytics.google.com *.google-analytics.com https://cebs.ifebp.org stats.g.doubleclick.net *.crazyegg.com *.linkedin.com *.adroll.com *.ifebp.org https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://www.youtube.com *.fast.wistia.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob:; plugin-types 'self' 1
style-src 'self' 1
default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; connect-src https: 'self' yoast.com *.google.com *.mktoresp.com; img-src https: data: 'self' *.gravatar.com; style-src https: 'unsafe-eval' 'unsafe-inline' 'self' http: fonts.googleapis.com; worker-src blob: https: 'self' 'unsafe-inline' 'unsafe-eval'; font-src https: data: 'self' http: fonts.googleapis.com; media-src blob: 'self' *.cloudfront.net; upgrade-insecure-requests; 1
frame-ancestors 'self' https://dlinz.sharepoint.com; 1
child-src blob: www.google.com *.readyplayer.me https://rpm-model-viewer-proto.vercel.app youtube.com *.youtube.com www.youtube.com https://accounts.google.com/ https://www.googletagmanager.com *.cookiebot.com www.recaptcha.net hiberworld.com *.hiberworld.com;connect-src http://hiberworld.com *.hiberworld.com ws://*.hiberworld.com *.hiberworld.com wss://*.hiberworld.com *.hiberworld.com blob: rum.browser-intake-datadoghq.eu readyplayerme.github.io *.cookiebot.com *.dive.games cdn.hibervr.com *.digitaloceanspaces.com *.googlesyndication.com *.readyplayer.me www.google-analytics.com googleads.g.doubleclick.net *.analytics.google.com www.google.com stats.g.doubleclick.net *.google.com readyplayerme-assets.s3.amazonaws.com unpkg.com *.alchemyapi.io *.alchemy.com cloudflare-eth.com wss://www.walletlink.org/rpc wss://*.walletconnect.org wss://*.walletconnect.com https://hiber-cdn.s3.eu-west-1.amazonaws.com;font-src hiberworld.com *.hiberworld.com;img-src data: blob: cdn.hibervr.com *.amazonaws.com *.readyplayer.me files.stripe.com *.googlesyndication.com https://rpm-model-viewer-proto.vercel.app consent.cookiebot.com hiberworld.com *.hiberworld.com www.google-analytics.com imgsct.cookiebot.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat img.youtube.com i.ytimg.com images.ctfassets.net cdn.jsdelivr.net;media-src data: cdn.hibervr.com;manifest-src hiberworld.com *.hiberworld.com;object-src ;worker-src blob: hiberworld.com *.hiberworld.com;script-src 'strict-dynamic' 'nonce-f94c98b2-3a28-45b9-b492-1656e828bc4e' https: http: 'wasm-unsafe-eval';style-src cdn.hibervr.com 'unsafe-inline' hiberworld.com *.hiberworld.com;frame-src js.stripe.com codesandbox.io vars.hotjar.com blob: www.google.com *.readyplayer.me *.googlesyndication.com https://rpm-model-viewer-proto.vercel.app youtube.com *.youtube.com www.youtube.com https://accounts.google.com/ *.cookiebot.com https://hiber.hiberworld.com http://dao.dev.hiberdev.net https://dao-pr.hiberworld.com https://dao-pr.dev.hiberdev.net https://dao.dev.hiberdev.net https://dao-pr.stage.hiberdev.net https://dao.stage.hiberdev.net www.recaptcha.net hiberworld.com *.hiberworld.com *.doubleclick.net https://*.walletconnect.com https://hzztj79qp1.execute-api.eu-west-1.amazonaws.com https://2f6393hice.execute-api.eu-west-1.amazonaws.com;base-uri 'self' 1
frame-src *; frame-ancestors https://*.lesmillsondemand.com 1
frame-ancestors 'self' https://*.gosocket.net http://*.gosocket.net; 1
default-src 'self'; base-uri 'self'; connect-src 'self' https: blob: https://api.segment.io https://cdn.segment.com https://in.eu2.segmentapis.com https://events.eu1.segmentapis.com; child-src 'self' https://js.stripe.com https://hooks.stripe.com https://app.netlify.com https://td.doubleclick.net https://demo.arcade.software https://*.youtube.com https://www.google.com https://feedback-pa.clients6.google.com https://pennylane.chilipiper.com https://js.chilipiper.com https://www.facebook.com; font-src 'self' http: https: data: blob: https://*.fontawesome.com; frame-src 'self' https://js.stripe.com https://hooks.stripe.com https://app.netlify.com https://td.doubleclick.net https://demo.arcade.software https://*.youtube.com https://www.google.com https://feedback-pa.clients6.google.com https://pennylane.chilipiper.com https://js.chilipiper.com https://www.facebook.com; frame-ancestors 'self'; img-src 'self' https: blob: data: https://ct.capterra.com https://images.ctfassets.net; media-src 'self' data: https://videos.ctfassets.net; object-src 'none'; script-src 'nonce-v39bHWjXJcRU3Y8voBaFcXouASBMqFad' 'strict-dynamic' 'unsafe-inline' 'self' https: http: 'self' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: http: https://cdn.segment.com https://js.stripe.com https://hooks.stripe.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/tom-select/dist/css/tom-select.css https://fonts.googleapis.com https://*.gstatic.com https://*.fontawesome.com; style-src-elem 'self' data: 'unsafe-inline' https://cdn.jsdelivr.net/npm/tom-select/dist/css/tom-select.css https://fonts.googleapis.com https://*.gstatic.com https://*.fontawesome.com; worker-src 'self' blob:; report-uri https://pennylane.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self' *.hubspot.com js.hs-analytics.net js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hs-banner.com js.hs-banner.net js.usemessages.com *.hsforms.net cdn2.hubspot.net https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com/  https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net/ https://snap.licdn.com 'strict-dynamic' 'nonce-IaBZ7ZF2EYEE+kfOVHL24w=='; connect-src 'self' *.hubspot.com api.hubapi.com js.hs-banner.com *.hsforms.com *.google-analytics.com https://www.google.com https://www.facebook.com/ *.g.doubleclick.net https://cdn.linkedin.oribi.io; style-src 'self' 'unsafe-inline' static.hsappstatic.net fonts.googleapis.com cdn2.hubspot.net https://ajax.googleapis.com; font-src fonts.gstatic.com cdn2.hubspot.net; img-src 'self' data: *.hubspot.com static.hsappstatic.net *.hsforms.com https://www.facebook.com/ *.linkedin.com https://www.google.com https://www.google.be https://www.google-analytics.com https://www.googletagmanager.com/; frame-src *.hubspot.com *.hsforms.com https://www.google.com https://www.youtube.com/ https://www.facebook.com/ https://platform.twitter.com/; prefetch-src 'self' static.hsappstatic.net; upgrade-insecure-requests; 1
frame-ancestors 'self' https://app.yampi.com.br https://app-internal.yampi.com.br https://app-lec.yampi.com.br 1
default-src 'self'; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' https: www.google-analytics.com https: *.googleapis.com https: www.googletagmanager.com https: *.google.com https: *.gstatic.com https: *.cloudfront.net https: *.youtube.com  https: *.ytimg.com https: *.usercentrics.eu; style-src https: 'self' 'unsafe-inline' https: *.cloudfront.net; img-src data: 'self' https: *.grawe.at https: *.cloudfront.net https: *.cdninstagram.com https: *.youtube.com; frame-src 'self' http: *.grawe.hu *.grawe.bg https: *.google.com https: *.youtube.com; connect-src 'self' https: *.grawe.at; font-src 'self' data: *.cloudfront.net *.gstatic.com *.grawe.at *.usercentrics.eu; media-src 'self' https: *.grawe.at https: *.cloudfront.net https: *.cdninstagram.com 1
frame-ancestors 'self' grn-www.freedomboatclub.com; 1
script-src-elem 'self' 'unsafe-inline' blob: https://app.unbounce.com https://connect.facebook.net https://challenges.cloudflare.com https://assets.ubembed.com https://googleads.g.doubleclick.net https://cdn.speedcurve.com https://0703bba5fd6e4570b6f5bf97c4aac4ba.js.ubembed.com https://cdn.cookielaw.org https://www.google-analytics.com https://www.googletagmanager.com; img-src 'self' https://uploads.zirveyazilim.net https://cdn.cookielaw.org https://www.google.com.tr https://www.google.com https://www.facebook.com https://www.google-analytics.com data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.stripe.com https://hcaptcha.com https://*.hcaptcha.com; object-src 'self'; media-src https://files.xeovo.com; frame-ancestors 'self' 1
frame-ancestors 'self' t.co twitter.com;frame-src 'self' *.idio.episerver.net *.cdn.optimizely.com https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu https://go.valtech.com https://td.doubleclick.net https://w.soundcloud.com https://www.google.com https://www.linkedin.com https://player.vimeo.com https://www.facebook.com https://videos.internal.valtech.com https://videos.valtech.com https://www.youtube.com;block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.6sc.co https://*.ep-mimecast.ads-twitter.com https://*.doubleclick.net https://*.idio.episerver.net https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.marketo.com https://*.optimizely.com https://*.vo.msecnd.net https://ajax.cloudflare.com https://analytics.newscred.com https://analytics.twitter.com https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu https://connect.facebook.net https://content.linkedin.com https://cdn.siteimprove.net https://cdn.syndication.twimg.com https://dl.episerver.net https://en.twitter.com https://f.vimeocdn.com https://googleads.g.doubleclick.net https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://go.valtech.com https://js.facebook.com https://munchkin.marketo.net https://optimizely.s3.amazonaws.com https://platform.linkedin.com https://platform.twitter.com https://player.vimeo.com https://static.ads-twitter.com https://static.cloudflareinsights.com https://ssl.google-analytics.com https://snap.licdn.com https://static-exp1.licdn.com https://siteimproveanalytics.com https://tagmanager.google.com https://tag.valtech.com https://t.co https://unpkg.com https://videos.valtech.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.linkedin.com https://www.vimeo.com https://www.youtube.com;style-src 'self' 'report-sample' 'unsafe-inline' *.marketo.net *.marketo.com *.licdn.com *.google.com dl.episerver.net go.valtech.com platform.twitter.com ton.twimg.com www.googletagmanager.com;object-src *.googlesyndication.com;child-src 'self' blob: *.vimeo.com *.googlesyndication.com *.google.com *.facebook.com *.doubleclick.net connect.facebook.net platform.twitter.com vimeo.com www.googletagmanager.com;base-uri 'self';form-action 'self' *.twitter.com *.google.com *.facebook.com connect.facebook.net;worker-src 'self' blob: www.google.com; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com cdnjs.cloudflare.com *.eloqua.com *.en25.com *.google.com *.hsforms.net *.timevaluecalculators.com hello.myfonts.net https://*.hsforms.com https://*.hsleadflows.net https://*.hubspot.com https://dec.azureedge.net/ https://www.youtube.com/iframe_api munchkin.marketo.net www.googletagmanager.com cdn.userway.org https://*.hotjar.com https://usrwy.com/widget.js https://js.hs-banner.com/3599095.js https://player.vimeo.com/api/player.js https://tags.srv.stackadapt.com/events.js https://js.hscollectedforms.net/collectedforms.js cdnjs.cloudflare.com/ajax/libs/angular-filter/0.5.17/angular-filter.min.js siteimproveanalytics.com/js/siteanalyze_82285.js https://amplify.review-alerts.com/ https://bat.bing.com/bat.js https://bat.bing.com/p/action/56355930.js https://bat.bing.com/ https://api.userway.org https://up.pixel.ad https://www.sitescout.com https://llxp.additionfi.com https://googleads.g.doubleclick.net https://js.hs-banner.com https://js.adsrvr.org https://cdn.userway.org https://analytics.tiktok.com https://cunexus-dmz.additionfi.com/ https://collector-29671.us.tvsquared.com/ https://js.hscta.net 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.timevaluecalculators.com https://tags.srv.stackadapt.com/sa.css *.additionfi.com https://insight.adsrvr.org https://cdn.userway.org/ 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.timevaluecalculators.com *.google.com *.google-analytics.com https://*.hubspot.com https://*.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com pages.mycfe.com pages.additionfi.com cdn.userway.org/ https://rqfi3tmw.cdn.imgeng.in https://82285.global.siteimproveanalytics.io/image.aspx https://82285.global.siteimproveanalytics.io/heat.aspx https://rtx-source-icons.s3.amazonaws.com/logos/google.png https://rtx-source-icons.s3.amazonaws.com/logos/facebook.png images.additionfi.com *.lemonadelxp.com *.additionfi.com https://bat.bing.com https://www.googletagmanager.com https://pixel.sitescout.com/ https://collector-29671.us.tvsquared.com/ 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net track.hubspot.com js.hsleadflows.net forms.hsforms.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://cdn.userway.org; frame-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://*.doubleclick.net https://*.hsforms.com https://app.hubspot.com https://vars.hotjar.com/ cdn.userway.org/ https://forms.hubspot.com/ https://form.jotform.com/ https://insight.adsrvr.org https://pixel.sitescout.com https://match.adsrvr.org https://cunexus-dmz.additionfi.com/ 'self' forms.hsforms.com web-chat.nativechat.com; connect-src accounts.google.com *.google-analytics.com *.mktoresp.com https://*.hubspot.com https://*.hsforms.com https://maps.googleapis.com https://api.userway.org/api/tunings/1fJAlvpd8l in.hotjar.com vc.hotjar.io wss://ws2.hotjar.com/ wss://ws6.hotjar.com/api/v1/client/ws https://tags.srv.stackadapt.com/saq_pxl https://tags.srv.stackadapt.com/js_tracking https://tags.srv.stackadapt.com/sa.jpeg https://www.google-analytics.com/j/collect https://stats.g.doubleclick.net/j/collect https://amplify.review-alerts.com/public/api/analytics https://amplify.review-alerts.com/public/api/testimonials https://api.ipify.org/ https://api.userway.org https://amplify.review-alerts.com *.additionfi.com https://analytics.tiktok.com https://cdn.userway.org https://www.google-analytics.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: https://pages.additionfi.com/; child-src 'self' web-chat.nativechat.com; object-src 'self' 1
default-src * 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.operabase.net *.operabase.com *.google.com *.google-analytics.com *.googleadservices.com *.ssl.google-analytics.com *.googletagmanager.com *.tagmanager.google.com maps.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com *.chargebee.com *.hsforms.net *.hsforms.com *.hscollectedforms.net *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.usemessages.com *.facebook.net *.cookiebot.com *.appcues.com *.appcues.net *.hsappstatic.net *.newrelic.com *.licdn.com *.segment.com *.stripe.com *.gstatic.com *.lokalise.com *.marker.io *.youtube.com googleads.g.doubleclick.net polyfill.io *.soundcloud.com *.facebook.com *.vimeo.com *.wistia.com *.wistia.net *.mixcloud.com *.dailymotion.com fonts.googleapis.com appleid.cdn-apple.com *.googlesyndication.com fpnpmcdn.net;style-src-elem * 'unsafe-inline';font-src * 'unsafe-inline' data:;img-src * 'unsafe-inline' data: blob:;media-src * 'unsafe-inline' data: blob:;object-src 'none';style-src * 'unsafe-inline';connect-src * 'unsafe-inline';worker-src 'self' blob: 1
script-src 'self' *.amnhealthcare.com dl.episerver.net maps.googleapis.com www.youtube.com unpkg.com script.crazyegg.com *.cloudfront.net *.cookielaw.org d10lpsik1i8c69.cloudfront.net secure.quantserve.com api.amnhealthcare.io bat.bing.com app.leadsrx.com *.americanmobile.com rules.quantcount.com *.pardot.com js.adsrvr.org snap.licdn.com dev.visualwebsiteoptimizer.com www.google.com assets.adobedtm.com www.googletagmanager.com www.gstatic.com twin-iq.kickfire.com www.rumiview.com *.amnhealthcare.com www.medtargetsystem.com match.deepintent.com trc.lhmos.com newton.newtonsoftware.com recruitingbypaycor.com apply.indeed.com cdn.botframework.com ajax.googleapis.com connect.facebook.net static.ads-twitter.com ssl.luckyorange.com analytics.click2apply.net adservice.google.com www.googleadservices.com googleads.g.doubleclick.net s.pinimg.com analytics.tiktok.com tag.demandbase.com  'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: 'unsafe-inline'; worker-src 'self' blob:; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' *.cinema.com.hk http://www2.lb-swireproperties.com *.apple.com placehold.it remote.captcha.com *.tekcent.com *.google.com *.maps.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.facebook.com *.facebook.net *.akamaihd.net *.fbcdn.net *.google-analytics.com *.pinterest.com *.twitter.com *.youtube.com  *.twitch.com *.themiddlehousehotel.com cdnjs.cloudflare.com api.userinfo.io *.google.com *.sinaimg.cn *.doubleclick.net *.typekit.net data: *.cdninstagram.com *.typography.com browser-update.org *.swireproperties.com *.linkedin.com www.irasia.com *.addthis.com *.addthisedge.com aspen.refineryclub.com *.msecnd.net *.corporateshowcase.com *.windows.net maps.gstatic.cn jsonip.com *.google.cn freegeoip.net *.gstatic.com stackpath.bootstrapcdn.com code.jquery.com placehold.it code.createjs.com *.tekcent.com *.azure.net *.addthisedge.com *.msecnd.net *.baidu.com *.windows.net http://*.sinaimg.cn https://j02.optimix.asia https://s3-ap-southeast-1.amazonaws.com http://swireproperties.blob.core.windows.net https://e02.optimix.asia https://www.tripadvisor.com https://www.jscache.com https://www.tripadvisor.com https://en.tripadvisor.com.hk https://www.jscache.com files.chinafy.com *.tekcent.com https://static.tacdn.com https://p.travelsmarter.net https://tag.yieldoptimizer.com https://pixel.sojern.com https://ib.adnxs.com http://spl.blob.core.windows.net *.map.bdimg.com j02.optimix.asia e02.optimix.asia tag.adaraanalytics.com dsum-sec.casalemedia.com us-u.openx.net sd.turn.com pixel.advertising.com ad.yieldlab.net i.liadm.com idsync.rlcdn.com tag.yieldoptimizer.com tapestry.tapad.com ib.adnxs.com pixel.rubiconproject.com dsum.casalemedia.com rtb.gumgum.com www.google.com.vn dpm.demdex.net beacon.krxd.net *.triptease.io  addtocalendar.com *.tripadvisor.co.uk *.tripadvisor.com *.tripadvisor.com.hk theta360.com http://api.sharerails.com s3.amazonaws.com https://sdn.sitecore.net http://api.map.baidu.com api.stathat.com z.moatads.com *.sharerails.com *.hotjar.com *.hotjar.io api.ipstack.com s3.amazonaws.com www.pacificplace.com.hk *.cloudfront.net blob: z.moatads.com *.sharerails.com *.hotjar.com *.hotjar.ioapi.ipstack.com s3.amazonaws.com www.pacificplace.com.hk *.cloudfront.net *.adsrvr.org *.google.com.hk *.moatads.com *.bidswitch.net *.pubmatic.com *.yahoo.com js-agent.newrelic.com bam.eu01.nr-data.net https://bam.eu01.nr-data.net https://js-agent.newrelic.com *.newrelic.com *.nr-data.net *.cp2-idd.129b09a9628041de96fa.eastasia.aksapp.io http://cp2-idd.129b09a9628041de96fa.eastasia.aksapp.io https://cp2-idd.129b09a9628041de96fa.eastasia.aksapp.io *.cityplaza.com *.elfsightcdn.com *.elfsight.com https://uat-hk1crm.pacificplace.com.hk https://e.issuu.com/ http://www.pacificplace.com.hk https://www.pacificplace.com.hk https://above.pacificplace.com.hk https://cdn.mouseflow.com *.geo0.ggpht.com https://geo0.ggpht.com *.ggpht.com *.sharethis.com; 1
frame-ancestors 'self' https://anhqv.es https://lqsa.es https://*.lqsa.es https://comunidadmontepinar.es https://*.jonilar.com 1
default-src 'none'; img-src 'self' https://amazonwebservices.d2.sc.omtrdc.net https://cm.everesttech.net https://dpm.demdex.net https://aws.demdex.net https://a0.awsstatic.com/ https://*.mrc-sunrise.marketing.aws.dev data:; script-src 'self' 'unsafe-inline' https://a0.awsstatic.com/ https://d2c.aws.amazon.com/ https://*.mrc-sunrise.marketing.aws.dev ; font-src 'self' data:; media-src 'self' https://*.mrc-sunrise.marketing.aws.dev; style-src 'unsafe-inline' https://a0.awsstatic.com/s_code/js/3.0/awshome_s_code.js 'self'; object-src 'none'; frame-src 'self' https://aws.demdex.net https://dpm.demdex.net data:; connect-src 'self' https://amazonwebservices.d2.sc.omtrdc.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://*.shortbread.aws.dev https://cm.everesttech.net https://vs.aws.amazon.com https://spot-bid-advisor.s3.amazonaws.com/spot-advisor-data.json https://aws.demdex.net https://dpm.demdex.net https://d1qsjq9pzbk1k6.cloudfront.net https://b0.p.awsstatic.com https://d2i2o7lgog0p0i.cloudfront.net/Prod/LogReactUIErrors https://hlwafrg42d.execute-api.us-east-1.amazonaws.com/prod/ https://aws.amazon.com https://csml-prc-prod.us-west-2.api.aws/prc/csml/logging https://dzzn6wbl7e9ou.cloudfront.net/ https://d3knqfixx3sbls.cloudfront.net/ https://dnd5zrqcec4or.cloudfront.net/Prod/v2/saveAs https://7bena91p37.execute-api.us-west-2.amazonaws.com/Prod/v1/graphql https://console.aws.amazon.com/aperture/feedback/render https://*.aperture-public-api.feedback.console.aws.dev https://d3pv0p0lgn4sbz.cloudfront.net https://d1cec4jo95y6k9.cloudfront.net https://d2c.aws.amazon.com/ https://d37oee5zp73e2j.cloudfront.net https://*.mrc-sunrise.marketing.aws.dev wss://*.transport.connect.us-east-1.amazonaws.com https://drm74kn5i7.execute-api.us-west-2.amazonaws.com/prod/pec/monitoring/logging ; 1
default-src 'self' blob: https: https://curriculums.everfi.net https://courses.everfi.net https://admin.homeroom.everfi.net https://everfi-curriculums.s3.amazonaws.com https://d1vyejqi0lnyjd.cloudfront.net https://help.everfi.com https://everfi.com; font-src 'self' blob: https: data:; img-src 'self' blob: https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' blob: https: 'unsafe-inline'; connect-src 'self' blob: https: https://curriculums.everfi.net https://courses.everfi.net https://admin.homeroom.everfi.net data.pendo.io; worker-src 'self' blob: https: 1
default-src 'self' 'unsafe-inline' https://analytics.google.com https://yoast.com https://www.youtube.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://cdnjs.cloudflare.com https://ajax.googleapis.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://use.fontawesome.com data:; img-src 'self' 'unsafe-inline' https://scontent-maa2-1.cdninstagram.com https://shop.ttkprestige.com https://ttkprestige.com https://www.google.co.in https://secure.gravatar.com https://www.googletagmanager.com https://scontent.cdninstagram.com https://i.ytimg.com data:; 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-1194f5e793ee40458041052b5c6bdeb6' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://*.amplitude.com ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io https://*.amplitude.com;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
default-src https://kredobank.com.ua; base-uri 'none'; connect-src https://kredobank.com.ua maps.googleapis.com online.kredobank.com.ua data: https: mailto:; font-src https://kredobank.com.ua data: https: http:; form-action https://kredobank.com.ua; frame-ancestors https://kredobank.com.ua; frame-src https://kredobank.com.ua www.youtube.com www.portmone.com.ua px.adhigh.net online.kredobank.com.ua; img-src https://kredobank.com.ua maps.google.com maps.gstatic.com online.kredobank.com.ua data: http: https:; manifest-src https://kredobank.com.ua; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://kredobank.com.ua ajax.googleapis.com maxcdn.bootstrapcdn.com maps.googleapis.com maps.google.com cdnjs.cloudflare.com portmone.com.ua online.kredobank.com.ua https:; style-src 'self' 'unsafe-inline' 'report-sample' https://kredobank.com.ua fonts.googleapis.com online.kredobank.com.ua https:; worker-src 'none' 1
default-src blob: data: mediastream: filesystem: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *; 1
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.nect.com *.nect.app; 1
frame-ancestors * 'self'; default-src * 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline'; object-src * 'self'; frame-src * 'self'; child-src * 'self' blob:; img-src * 'self' data: blob:; font-src * 'self' data:; connect-src * 'self'; manifest-src * 'self'; base-uri 'self'; form-action * 'self'; media-src * 'self'; worker-src * 'self' blob:; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 1
frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com https://va.ecitizen.gov.sg https://poly-webchat.vica.gov.sg https://unbound.syndetics.com https://ltfl.librarything.com https://widget.happyfoxchat.com https://assets.wogaa.sg https://www.googletagmanager.com https://*.wogaa.sg https://*.elfsight.com https://buttons-config.sharethis.com https://app-script.monsido.com/v2/monsido-script.js https://t.sharethis.com https://storageaccountoccupa5c7.blob.core.windows.net/chatbotfiles/pops.js https://platform-api.sharethis.com/panorama.js https://webchat.vica.gov.sg/static/js/chat.js 'self' cdn.ampproject.org web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://va.ecitizen.gov.sg https://poly-webchat.vica.gov.sg https://ltfl.librarything.com https://www.librarything.com https://assets.wogaa.sg/ https://webchat.vica.gov.sg/static/css/chat.css 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://img.youtube.com https://via.placeholder.com https://va.ecitizen.gov.sg https://pics.cdn.librarything.com https://image.librarything.com https://www.google.com.sg https://www.google.com https://*.vica.gov.sg https://phosphor.utils.elfsightcdn.com https://platform-cdn.sharethis.com/ https://tracking.monsido.com/ https://www.np.edu.sg/ 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://va.ecitizen.gov.sg https://assets.wogaa.sg/fonts; frame-src blob: *.np.edu.sg *.youtube.com *.google.com https://www.np.edu.sg http://www.youtube.com/ https://jointpoly-prd.mybluemix.net/ https://www-np-edu-sg-admin.cwp.sg/ www-np-new-edu-sg-admin.cwp.sg/ https://theta360.com/ https://ltfl.librarything.com/ https://widget.happyfoxchat.com/ https://jointpoly-prd-app.12j3temcrbtf.us-south.codeengine.appdomain.cloud/ https://t.sharethis.com/ https://vimeo.com/ https://storageaccountoccupa5c7.blob.core.windows.net/ https://www.google.com https://www.onemap.gov.sg/ 'self' web-chat.nativechat.com; connect-src data: accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com *.youtube.com *.google.com http://www.youtube.com/ https://va.ecitizen.gov.sg https://bucket-vica.vica.gov.sg https://chat.vica.gov.sg https://jointpoly-prd.mybluemix.net wss://chat.vica.gov.sg/socket.io/ https://happyfoxchat.com https://stats.g.doubleclick.net https://snowplow-web.wogaa.sg/ https://*.wogaa.sg https://*.elfsight.com https://l.sharethis.com https://region1.google-analytics.com https://region1.analytics.google.com https://data.stbuttons.click/ 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.google.com *.youtube.com *.google.com http://www.youtube.com/ 'self' web-chat.nativechat.com; frame-ancestors 'self' blob: *.np.edu.sg https://www.np.edu.sg https://www-np-edu-sg-admin.cwp.sg/ https://jointpoly-prd.mybluemix.net/ https://jointpoly-prd-app.12j3temcrbtf.us-south.codeengine.appdomain.cloud/ https://www.google.com 1
default-src 'self' payward.okta.com id.payward.com *.oktacdn.com; connect-src 'self' payward.okta.com payward-admin.okta.com id.payward.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com payward.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' payward.okta.com id.payward.com *.oktacdn.com; style-src 'unsafe-inline' 'self' payward.okta.com id.payward.com *.oktacdn.com; frame-src 'self' payward.okta.com payward-admin.okta.com id.payward.com login.okta.com *.vidyard.com com-okta-authenticator:; img-src 'self' payward.okta.com id.payward.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' payward.okta.com id.payward.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.nl; img-src 'self' https: data: blob: https://mastodon.nl; style-src 'self' https://mastodon.nl 'nonce-tqt2ajx97pdWJcZBFJkobg=='; media-src 'self' https: data: https://mastodon.nl; frame-src 'self' https:; manifest-src 'self' https://mastodon.nl; form-action 'self'; child-src 'self' blob: https://mastodon.nl; worker-src 'self' blob: https://mastodon.nl; connect-src 'self' data: blob: https://mastodon.nl https://mastodon.nl wss://mastodon.nl; script-src 'self' https://mastodon.nl 'wasm-unsafe-eval' 1
frame-ancestors 'self' *.elavonpaymentgateway.com  1
default-src 'self' data: blob: ws: *.g2.com *.canddi.io *.canddi.com *.crisp.chat www.google-analytics.com *.analytics.google.com pixel.pvd.to stats.g.doubleclick.net vgkgl5kmed.execute-api.eu-west-1.amazonaws.com *.wistia.net *.wistia.com *.litix.io embedwistia-a.akamaihd.net *.googleapis.com i1u4nzw206.execute-api.eu-west-1.amazonaws.com; img-src 'self' data: *.g2.com s.canddi.io pixel.pvd.to px.ads.linkedin.com www.google-analytics.com www.facebook.com www.google.com www.google.co.uk image.crisp.chat www.googletagmanager.com *.wistia.com embedwistia-a.akamaihd.net googleads.g.doubleclick.net *.googleadservices.com *.contentengine.net *.linkedin.com *.canddi.com *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' blob: *.canddi.com www.googletagmanager.com cdn.canddi.io s.canddi.io www.google-analytics.com www.googleadservices.com snap.licdn.com connect.facebook.net js.pvd.to googleads.g.doubleclick.net www.linkedin.com px.ads.linkedin.com *.crisp.chat www.googleoptimize.com *.wistia.com *.stripe.com *.google.com *.gstatic.com *.capterra.com *.calendly.com *.g2crowd.com; style-src 'self' 'unsafe-inline' *.crisp.chat; frame-src 'self' *.canddi.com www.facebook.com *.wistia.net *.stripe.com *.google.com *.calendy.com calendly.com *.g2.com *.youtube.com *.googleapis.com; font-src 'self' data: fonts.gstatic.com *.crisp.chat; frame-ancestors 'self' *.canddi.local *.canddi.com www.canddi.download www.canddi.download.local www.canddi.link www.canddi.link.local 1
frame-ancestors 'self' https://newaccount.wsfsbank.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' youtube.com *.youtube.com *.googletagmanager.com unpkg.com *.onetrust.com *.licdn.com *.google-analytics.com *.cloudflare.com *.marketingautomation.services *.list-manage.com *.pardot.com *.hs-scripts.com *.googleadservices.com *.hs-analytics.net *.hs-banner.com *.hubspot.com *.hsadspixel.net *.hsforms.net *.oktopost.com *.hscollectedforms.net *.hsleadflows.net okt.to *.tawk.to *.jsdelivr.net *.facebook.net *.newrelic.com *.nr-data.net; object-src 'self' *.youtube.com *.youtu.be *.vimeo.com; style-src 'self' 'unsafe-inline' https: ; img-src 'self' blob: data: https:; media-src 'self' *.youtube.com *.youtu.be *.vimeo.com; frame-src 'self' *.youtube.com *.youtu.be *.vimeo.com *.marketingautomation.services *.list-manage.com *.pardot.com *.hs-sites.com mailchi.mp *.youtube-nocookie.com youtube-nocookie.com logicalis *.logicalis www1.logicalis.de *.libsyn.com *.hsforms.com *.my.site.com; frame-ancestors same 'self'; child-src 'self' *.youtube.com *.youtu.be *.vimeo.com *.marketingautomation.services *.list-manage.com *.pardot.com *.hs-sites.com mailchi.mp *.youtube-nocookie.com youtube-nocookie.com logicalis *.logicalis www1.logicalis.de; font-src 'self' https:; connect-src 'self' blob: data: https: wss://*.tawk.to https://o15468.ingest.sentry.io/api/4503891524780032/store/ https://o15468.ingest.sentry.io/api/4503891524780032/envelope/; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' data: 'unsafe-hashes' sha256-8mtE2lezrJT4S67cW4pWVhz/pwoK7b8USlyAQAIxkMk= sha256-rwMOiOeVICH7/Cjy5SkreID3OOi5HTrit357k22hUDQ= *.manodaktaras.lt *.manodaktaras.local *.googlesyndication.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.lt *.ampproject.org *.googleapis.com omnisnippet1.com *.gemius.pl *.soundestlink.com *.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.quickblox.com wss://chat.quickblox.com:5291 *.facebook.net *.facebook.com *.google-analytics.com *.jsdelivr.net *.sentry-cdn.com *.ingest.sentry.io *.cookielaw.org *.onetrust.com *.onetrust.io *.youtube.com media.twiliocdn.com *.twilio.com wss://*.twilio.com optanon.blob.core.windows.net klinikoms.manodaktaras.lt klinikoms.manodaktaras.local:8890; block-all-mixed-content; report-uri /nelmio/csp/report 1
default-src 'none'; script-src 'self' blob: 'nonce-o85jp6hSHDelE9tnEphVqA==' 'unsafe-inline' 'unsafe-eval' mc.yandex.ru yandex.st yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.yandex-team.ru aflt.market.yandex.ru www.youtube.com *.vimeo.com s.ytimg.com lpc.s3.mdst.yandex.net abt.s3.yandex.net chat.s3.yandex.net *.api-maps.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yandex.com *.yandex.com ya.ru *.ya.ru; style-src 'self' 'unsafe-inline' 'unsafe-eval' yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.s3.yandex.net lpc.s3.mdst.yandex.net yandex.st banners.adfox.ru content.adfox.ru *.ya.ru; font-src 'self' data: yandex.ru an.yandex.ru *.s3.yandex.net yastatic.net yastat.net *.yandex.ru *.ya.ru; img-src * 'self' blob: data: android-webview-video-poster: *.yandex.net *.s3.yandex.net yastatic.net http://lpc.s3.mds.yandex.net http://yastatic.net mc.admetrica.ru avatars-fast.yandex.net favicon.yandex.net *.verify.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net avatars.mds.yandex.net *.yandex.ru *.ya.ru; frame-src 'self' data: yabrowser: turbopages.org *.turbopages.org yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.yandex-team.ru *.video.yandex.ru *.market.yandex.ru www.youtube.com *.vimeo.com embed.megogo.net coub.com awaps.yandex.net yandexadexchange.net *.yandexadexchange.net banners.adfox.ru meyou.ru broadcast.comdi.com datalens.yandex partner.market.yandex.ru go.yandex yango.com yandexteam-my.sharepoint.com *.bookmate.ru bookmate.ru yandex.com yandex.com.tr yandex.com.am yandex.com.ge yandex.md yandex.by yandex.kz yandex.uz yandex.rs *.yandex.com *.yandex.com.tr *.yandex.com.am *.yandex.com.ge *.yandex.md *.yandex.by *.yandex.kz *.yandex.uz *.yandex.rs ya.ru *.ya.ru; media-src * 'self' data: blob: *.video.yandex.ru *.storage.yandex.net *.s3.yandex.net *.cdn.yandex.net yastatic.net *.yandex.net *.strm.yandex.ru yandex.st banners.adfox.ru content.adfox.ru yastat.net yandex.ru *.yandex.ru ya.ru *.ya.ru; connect-src 'self' blob: yandexmetrica.com:* mc.admetrica.ru yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.yandex-team.ru yandex.st milab.s3.yandex.net *.k50.ru *.k50dev.ru openkitchen.media auto.ru yango.com ads.adfox.ru ads6.adfox.ru ya.ru *.ya.ru dev.introvert.bz; form-action https://*; worker-src blob: yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.yandex-team.ru; object-src yastatic.net; report-uri https://csp.yandex.net/csp?from=lp-constructor&project=lp-constructor&yandex_login=undefined&yandexuid=684395431721956838; child-src 'self'; frame-ancestors 'self' webvisor.com http://webvisor.com *.mtproxy.yandex.net www.kinopoisk.ru *.yandex-team.ru n.maps.yandex.ru yandex.ru yandex.com yandex.com.tr yandex.com.am yandex.com.ge yandex.md yandex.by yandex.kz yandex.uz yandex.net yandex.rs *.yandex.ru *.yandex.ru:* *.yandex.com:* *.yandex.com.tr:* *.yandex.com.am *.yandex.com.ge *.yandex.md *.yandex.by *.yandex.kz *.yandex.uz *.yandex.net *.yandex.rs ya.ru *.ya.ru; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.geotab.com *.google.com *.google.ca *.googleapis.com *.recaptcha.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.incontact.com *.salesforce.com  *.buzzsprout.com *.visualwebsiteoptimizer.com *.vidyard.com *.twitter.com *.ads-twitter.com https://www.youtube.com https://script.crazyegg.com https://googleads.g.doubleclick.net https://514004470.collect.igodigital.com/collect.js https://connect.facebook.net https://snap.licdn.com https://cmp.osano.com https://bugcrowd.com https://*.bugcrowdusercontent.com *.linkedin.com blob: https://s.saleswingsapp.com/ https://cdn.c212.net/ https://c212.net https://pixel.mathtag.com/ *.zoominfo.com *.clickagy.com *.6sc.co https://client-registry.mutinycdn.com/ https://js.zi-scripts.com https://bat.bing.com https://www.clarity.ms https://js.adsrvr.org; font-src 'self' 'unsafe-eval' 'unsafe-inline' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.typekit.net *.zoominfo.com data:; style-src 'self' 'unsafe-inline' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.typekit.net; img-src * data:; connect-src *; object-src *; frame-src 'self' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.youtube.com *.facebook.com *.salesforce.com https://home-c19.incontact.com *.doubleclick.net https://www.buzzsprout.com https://attendee.gotowebinar.com https://register.gotowebinar.com *.vidyard.com https://www.youtube.com https://cmp.osano.com https://www.recaptcha.net https://bugcrowd.com *.linkedin.com https://calendly.com/ https://www.youtube-nocookie.com https://pixel.mathtag.com/ https://insight.adsrvr.org/; media-src 'self' *.googleapis.com webtest2.geotab.com webtest3.geotab.com; frame-ancestors 'self' *.geotab.com https://geotab.my.salesforce.com; 1
frame-ancestors  *.pseg.com *.salesforce.com *.salesforceliveagent.com *.force.com *.psegliny.com; default-src https: data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' https://connect.veson.com https://imosx.com 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.konverto.eu/ https://konvertoinbound.activehosted.com https://connect.facebook.net *.google-analytics.com https://www.analytics.konverto.eu/* www.googletagmanager.com https://ssl.google-analytics.com https://my.konverto.eu https://cdn1.onboard.org https://www.gstatic.com https://www.google.com;font-src 'self' fonts.gstatic.com;style-src 'unsafe-inline' https://unpkg.com fonts.googleapis.com hello.myfonts.net https://my.konverto.eu 'self';img-src 'self' data: *.facebook.com/ *.google-analytics.com/ *.google.com/ *.google.it/ https://stats.g.doubleclick.net/ https://i.ytimg.com/;frame-src player.vimeo.com www.youtube.com www.youtube-nocookie.com www.google.com konverto.onboard.org;connect-src 'self' https://analytics.konverto.eu/ *.doubleclick.net *.google-analytics.com/ wss://rol.vip.rolvoice.it/ https://my.konverto.eu https://cdn1.onboard.org/ https://country.api.rollive.it/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://*.google.com https://cdnjs.cloudflare.com https://goo.gl https://line.naver.jp https://s.ytimg.com https://twitter.com https://*.google-analytics.com https://www.googletagmanager.com https://widget.gleamjs.io https://stats.g.doubleclick.net; 1
default-src 'self'; connect-src 'self' https://region1.analytics.google.com https://*.fromdoppler.com https://logs-01.loggly.com https://ct.pinterest.com https://bam.nr-data.net https://analytics.tiktok.com https://metrics.hotjar.io https://ekr.zdassets.com wss://widget-mediator.zopim.com https://agarcia.zendesk.com https://widget.us.criteo.com https://measurement-api.criteo.com https://stats.g.doubleclick.net https://*.analytics.google.com https://*.googletagmanager.com https://analytics.pangle-ads.com https://*.google-analytics.com https://*.pinterest.com https://sandbox-api.openpay.mx https://*.facebook.com https://vc.hotjar.io https://*.fromdoppler.com https://commerce.adobedc.net https://*.cuidadoconelperro.com.mx https://hanstaging.cuidadoconelperro.com.mx https://api.openpay.mx https://*.openpay.mx https://*.amazonaws.com ws:; font-src self data: http://localhost:3000 https://*.cuidadoconelperro.com.mx https://cuidadoconelperro.com.mx https://*.ccp.hanzo.es; frame-src https://gum.criteo.com https://ct.pinterest.com https://fledge.us.criteo.com https://sandbox-api.openpay.mx/ https://api.openpay.mx/ https://*.openpay.mx/ https://*.youtube.com/ https://www.youtube.com/; img-src 'self' https://*.facebook.com https://googleads.g.doubleclick.net http://localhost:3000 https://cuidadoconelperro.com.mx https://*.cuidadoconelperro.com.mx https://*.ccp.hanzo.es https://media.prod-cms.cuidadoconelperro.com.mx https://*.google.es https://*.google.com https://hanstaging.cuidadoconelperro.com.mx https://*.googletagmanager.com https://*.google-analytics.com https://id5-sync.com https://cm.g.doubleclick.net https://public-prod-dspcookiematching.dmxleo.com https://x.bidswitch.net https://sync-t1.taboola.com https://sync.1rx.io https://ib.adnxs.com https://rtb-csync.smartadserver.com https://visitor.omnitagjs.com https://r.casalemedia.com https://gum.criteo.com https://ad.360yield.com https://matching.ivitrack.com https://contextual.media.net https://exchange.mediavine.com https://jadserve.postrelease.com https://sync.outbrain.com https://simage2.pubmatic.com https://pixel.rubiconproject.com https://match.sharethrough.com https://criteo-sync.teads.tv https://criteo-partners.tremorhub.com https://eb2.3lift.com https://ad.yieldlab.net https://dpm.demdex.net https://dis.criteo.com https://sync.targeting.unrulymedia.com https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://*.adform.net https://*.youtube.com/ https://ads.yieldmo.com/ https://*.googleadservices.com data:; script-src 'self' 'unsafe-eval' cdn.cookielaw.org 'unsafe-inline' https://js.openpay.mx https://*.googletagmanager.com https://s.pinimg.com https://connect.facebook.net https://hub.fromdoppler.com https://dynamic.criteo.com https://analytics.tiktok.com https://static.hotjar.com https://*.googleadservices.com https://js-agent.newrelic.com https://static.zdassets.com https://cdnjs.cloudflare.com https://ct.pinterest.com https://sslwidget.criteo.com https://widget-mediator.zopim.com https://widget.us.criteo.com https://script.hotjar.com https://static.criteo.net; style-src 'self' 'unsafe-inline'; object-src 'none'; form-action 'none'; base-uri 'self'; frame-ancestors 'none'; worker-src 'none'; upgrade-insecure-requests; 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self' *.db.de; img-src 'self' data: st.iceportal.de; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; default-src 'self' deutschebahn.com *.db.de *.iceportal.de ws://localhost:*; frame-src 'self' https://studio-ecm-eu.apps.dbcs-madrid.comp.db.de https://*.bahn.de https://*.deutschebahn.com; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' deutschebahn.com assets.adobedtm.com 1
frame-ancestors 'self' https://*.nfb.ca https://*.onf.ca *.nfb.ca *.onf.ca; script-src 'self' 'unsafe-inline' https://*.nfb.ca https://*.onf.ca https://player.vimeo.com https://maps.googleapis.com https://dkyhanv6paotz.cloudfront.net connect.facebook.net https://graph.facebook.com https://*.googletagmanager.com https://tagmanager.google.com *.google-analytics.com https://apis.google.com/js/platform.js www.gstatic.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.c212.net/ https://c212.net/ https://pixel.mathtag.com/sync/js https://*.adnxs.com/ https://*.adsrvr.org/ https://www.redditstatic.com/ads/ *.nfb.ca *.onf.ca; img-src 'self' https://*.onf.ca https://*.nfb.ca https://www.facebook.com https://*.google-analytics.com  https://*.analytics.google.com  https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca *.gstatic.com data: https://interactive-cms.s3.amazonaws.com https://*.gravatar.com https://dkyhanv6paotz.cloudfront.net https://dcly21uuqtecw.cloudfront.net https://d3acx5b8mnvbua.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com/ads https://www.google.com/ads/ga-audiences https://www.google.com/pagead/ https://www.google.ca/ads https://www.google.ca/ads/ga-audiences https://www.google.ca/pagead/ https://pixel.mathtag.com/misc/img https://pixel.mathtag.com/comp/img https://*.adnxs.com/ https://*.adsrvr.org/ https://*.reddit.com/ *.nfb.ca *.onf.ca; worker-src 'self' *.onf.ca *.nfb.ca blob: *.nfb.ca *.onf.ca; connect-src 'self' https://*.nfb.ca https://*.onf.ca https://dcly21uuqtecw.cloudfront.net https://d3acx5b8mnvbua.cloudfront.net https://d2vapbn8acl33j.cloudfront.net https://dkyhanv6paotz.cloudfront.net https://*.google-analytics.com  https://*.analytics.google.com  https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://c212.net https://thumbor-interactive-cms.s3.ca-central-1.amazonaws.com https://www.facebook.com https://sentry.nfb.ca:9443 https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://www.redditstatic.com/ads/ https://*.reddit.com/ *.nfb.ca *.onf.ca; frame-src 'self' https://*.nfb.ca https://*.onf.ca https://*.google.com https://bid.g.doubleclick.net https://www.gstatic.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://www.facebook.com https://pixel.mathtag.com/ https://d2v44bgsxxwb3t.cloudfront.net https://td.doubleclick.net https://*.adnxs.com/ https://*.adsrvr.org/ *.nfb.ca *.onf.ca; media-src 'self' https://*.onf.ca https://*.nfb.ca https://dkyhanv6paotz.cloudfront.net https://d2vapbn8acl33j.cloudfront.net https://dcly21uuqtecw.cloudfront.net https://d3acx5b8mnvbua.cloudfront.net blob: *.nfb.ca *.onf.ca; style-src 'self' 'unsafe-inline' https://*.nfb.ca https://*.onf.ca https://dkyhanv6paotz.cloudfront.net hello.myfonts.net https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com *.nfb.ca *.onf.ca; font-src 'self' https://*.onf.ca https://*.nfb.ca fonts.gstatic.com data: https://dkyhanv6paotz.cloudfront.net *.nfb.ca *.onf.ca; manifest-src 'self' https://*.nfb.ca https://*.onf.ca https://dkyhanv6paotz.cloudfront.net *.nfb.ca *.onf.ca; default-src 'self' https://*.nfb.ca https://*.onf.ca *.nfb.ca *.onf.ca 'nonce-eAzzTJ+Wf8e3nzq1OYfYKQ=='; object-src 'self' https://*.nfb.ca https://*.onf.ca *.nfb.ca *.onf.ca 1
script-src 'report-sample' 'self' 'nonce-fe71979a950b7db3939d1e10231a3a49'  https://api.mapbox.com/mapbox-gl-js/plugins/mapbox-gl-rtl-text/ https://cdn.matomo.cloud/voloocpter.matomo.cloud/ https://player.vimeo.com/api/player.js https://www.youtube.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js;base-uri 'self';connect-src 'self' https://api.mapbox.com https://events.mapbox.com https://flagsmith-api.volocloud.org https://vimeo.com https://voloocpter.matomo.cloud https://px.ads.linkedin.com/wa/;default-src 'self';font-src 'self' data:;frame-src 'self' https://player.vimeo.com https://www.youtube-nocookie.com https://www.youtube.com;img-src 'self' data: https://cdn.volocopter.com https://px.ads.linkedin.com/collect https://px4.ads.linkedin.com/collect;manifest-src 'self';media-src 'self' https://cdn.volocopter.com;object-src 'none';style-src 'report-sample' 'self' 'unsafe-inline';worker-src blob:; 1
frame-ancestors 'self' https://apply.deltacommunitycu.com https://experience.adobe.com 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; manifest-src https://*.afw.com; 1
frame-ancestors 'self' https://*.kicker.de https://*.kicker-tippspiel.de https://*.kicker-vereinsheim.de 1
script-src bettercloud.com *.bettercloud.com *.googleapis.com/  *.gravatar.com googleads.g.doubleclick.net/ www.google-analytics.com/ *.hotjar.com/ js.hsadspixel.net/ js.hscollectedforms.net/ js.hs-analytics.net/ js.hs-banner.com/ www.googletagmanager.com/ cdnjs.cloudflare.com/ use.fontawesome.com fonts.googleapis.com/ browser.sentry-cdn.com/ *.sentry-cdn.com js.hs-scripts.com/ https://js.hsforms.net/ fonts.googleapis.com/ cdn.nitropack.io nitropack.io cdn-iokbh.nitrocdn.com *.chat.api.drift.com *.api.drift.com js.driftt.com api.company-target.com client-registry.mutinycdn.com www.redditstatic.com *.marketo.com *.marketo.net trk.techtarget.com acsbapp.com tag.demandbase.com bat.bing.com cdn.cookielaw.org cdn.bizible.com snap.licdn.com s.adroll.com connect.facebook.net d.adroll.com *.d.adroll.com *.cloudfront.net *.jquery.com *.calendly.com *.unbounce.com boards.greenhouse.io fast.wistia.net *.youtube.com *.twitter.com *.ceros.com api.ceros.com *.wistia.com 'unsafe-inline' 'unsafe-eval' data: blob:; 1
default-src 'self'  https://*.useinsider.com https://*.api.useinsider.com wss://*.useinsider.com *.api.useinsider.com *.useinsider.com  standardbankna.api.useinsider.com  syndication.twitter.com  web.facebook.com platform.twitter.com  www.facebook.com https://cdn.evgnet.com https://cdn.evergage.com https://standardbank.germany-2.evergage.com https://www.google.com   https://stream.tribeca.vidavee.com https://stbg.stanbic.co.ug https://stbg.stanbicbank.co.bw https://stbg.stanbicbank.com.gh https://stbg.stanbicbank.co.zm https://stbg.standardbank.co.sz https://stbg.standardbank.co.mw https://stbg.standardbank.mu https://stbg.standardbank.com.na https://stbg.stanbicbank.com.ci* https://stbg.sbgsecurities.co.ke https://stbg.standardbank.cd   *.tt.omtrdc.net  https://www.google.com  https://platform.blits.ai https://blitsproduction.z6.web.core.windows.net https://directline.botframework.com wss://directline.botframework.com stbg.standardbank.co.za stbg.standardbank.com  https://tribeca.vidavee.com https://img.youtube.com http://business.twitter.com https://analytics.twitter.com http://ad.doubleclick.net cdn.cookielaw.org *.onetrust.com http://*.fls.doubleclick.net https://googleads.g.doubleclick.net http://pixel.facebook.com https://www.facebook.com/tr/ http://dc.ads.linkedin.com https://px.ads.linkedin.com https://client.demdex.net https://dpm.demdex.net/ https://cdn.krxd.net/ https://beacon.krxd.net http://bs.serving-sys.com https://googleads.g.doubleclick.net https://assets.adobedtm.com https://cdnjs.cloudflare.com https://maps.lightstoneproperty.co.za http://maps.lightstoneproperty.co.za http://*.tt.omtrdc.net http://dpm.demdex.net https://maps.googleapis.com https://www.gstatic.com https://maps.googleapis.com http://fast.standardbank.demdex.net http://accstandardbank.d1.sc.omtrdc.net https://bid.g.doubleclick.net/xbbe/pixel http://8448999.fls.doubleclick.net https://cdn.krxd.net https://bs.serving-sys.com/Serving https://secure-ds.serving-sys.com https://standardbank.demdex.net https://www.youtube.com/ https://*.map2.ssl.hwcdn.net; font-src 'self' https://cdn.evgnet.com https://cdn.evergage.com https://standardbank.germany-2.evergage.com  https://stream.tribeca.vidavee.com https://stbg.standardbank.mu https://stbg.stanbicbank.com.ci* https://stbg.sbgsecurities.co.ke https://stbg.standardbank.cd  https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://cdn.evgnet.com https://cdn.evergage.com https://standardbank.germany-2.evergage.com https://stbg.stanbic.co.ug https://stream.tribeca.vidavee.com  https://stbg.stanbicbank.co.bw  https://stbg.stanbicbank.com.gh  https://stbg.stanbicbank.co.zm https://stbg.standardbank.co.sz  https://stbg.standardbank.co.mw https://stbg.standardbank.com.na https://stbg.standardbank.mu https://stbg.sbgsecurities.co.ke https://stbg.stanbicbank.com.ci* https://stbg.standardbank.cd  stbg.standardbank.co.za stbg.standardbank.com https://blitsproduction.blob.core.windows.net https://platform.blits.ai https://blitsproduction.z6.web.core.windows.net https://directline.botframework.com wss://directline.botframework.com stbg.standardbank.co.za stbg.standardbank.com https://tribeca.vidavee.com https://img.youtube.com cdn.cookielaw.org https://www.homeloans1.standardbank.co.za https://googleads.g.doubleclick.net https://www.homeloans1.standardbank.co.za https://geo0.ggpht.com https://geo1.ggpht.com https://geo2.ggpht.com https://geo3.ggpht.com https://khms1.googleapis.com https://khms0.googleapis.com https://geo0.ggpht.com https://cbks0.googleapis.com https://maps.googleapis.com https://maps.gstatic.com http://accstandardbank.d1.sc.omtrdc.net https://www.google.com https://www.google.co.za http://cm.everesttech.net https://beacon.krxd.net https://jslog.krxd.net https://standardbank.demdex.net https://dpm.demdex.net http://*.tt.omtrdc.net https://*.map2.ssl.hwcdn.net https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.useinsider.com *.api.useinsider.com standardbankna.api.useinsider.com  platform.twitter.com https://cdn.evgnet.com https://cdn.evergage.com https://standardbank.germany-2.evergage.com  https://www.google.com  https://stream.tribeca.vidavee.com https://stbg.standardbank.mu https://stbg.stanbicbank.com.ci* https://stbg.sbgsecurities.co.ke https://stbg.standardbank.cd  https://www.google.com   https://platform.blits.ai https://blitsproduction.z6.web.core.windows.net https://directline.botframework.com wss://directline.botframework.com https://tribeca.vidavee.com https://img.youtube.com cdn.cookielaw.org *.onetrust.com https://connect.facebook.net https://code.jquery.com https://assets.adobedtm.com https://googleads.g.doubleclick.net https://www.gstatic.com https://maps.googleapis.com http://assets.adobedtm.com https://secure-ds.serving-sys.com http://cdn.krxd.net http://www.googleadservices.com http://www.googletagmanager.com https://consumer.krxd.net https://googleads.g.doubleclick.net https://beacon.krxd.net https://tribeca.vidavee.com http://*.tt.omtrdc.net  https://geo0.ggpht.com https://*.map2.ssl.hwcdn.net; style-src 'unsafe-inline' 'self'  *.useinsider.com *.api.useinsider.com https://cdn.evgnet.com https://cdn.evergage.com https://standardbank.germany-2.evergage.com  https://stbg.stanbicbank.com.ci* stbg.standardbank.co.za stbg.standardbank.com https://tribeca.vidavee.com https://img.youtube.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com https://*.map2.ssl.hwcdn.net; frame-ancestors 'self' https://stbg.stanbicbank.com.ci* *.useinsider.com *.api.useinsider.com; 1
frame-ancestors 'self' *.elluciancloud.com; 1
default-src 'self' https://*.googlesyndication.com;                     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googlesyndication.com https://adservice.google.co.jp https://www.googleadservices.com https://www.googletagservices.com https://platform.twitter.com https://analytics.twitter.com https://static.ads-twitter.com https://cdn.syndication.twimg.com https://www.youtube.com https://*.g.doubleclick.net https://*.yahoo.co.jp https://*.yimg.jp https://sitest.jp https://*.i-mobile.co.jp https://cdn.ampproject.org https://*.brightcove.com https://*.brightcove.co.jp https://*.outbrain.com https://connect.facebook.net https://www.dreammail.jp https://cdn.smartnews-ads.com https://*.ladsp.com;                     style-src 'unsafe-inline' https:;                     img-src https: data:;                     font-src https: data:;                     connect-src 'self' https://*.google-analytics.com https://csi.gstatic.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.i-mobile.co.jp https://pixel.tapad.com https://*.gmossp-sp.jp https://analytics.google.com;                     child-src 'self' https://www.youtube.com https://*.googlesyndication.com https://*.g.doubleclick.net https://*.twitter.com https://*.i-mobile.co.jp https://players.brightcove.net https://player.vimeo.com https://www.facebook.com https://www.google.com https://*.ladsp.com; 1
script-src 'sha256-sAgicWCnsbIp6ul9iuU24gGFPIubXa+8iitY4tJ+G+w=' 'self' 'self' 'unsafe-eval' 'sha256-3s5VloH7i39xFofOBn1nDoUjwJCylJWDOnGTVSzBBt8=' 'sha256-QQRtH/KktmOhUezPU77POMn57wj9tdpH25knVd47QqU=' 'sha256-1e5RR2OpHhuX2h0Bat19DsNTmqbo4M3T1pqfeTXCHaA=' https://c.bing.com https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://*.googleadservices.com https://googleads.g.doubleclick.net http://*.geetest.com https://*.geetest.com http://*.geevisit.com https://*.geevisit.com https://*.zdassets.com https://*.zopim.com https://*.qbox.me https://static.sensorsdata.cn https://*.newrelic.com http://*.ads-twitter.com https://*.ads-twitter.com https://*.legendtrading.com https://cdn.plaid.com https://*.zendesk.com https://www.bitmart.com https://*.cloudflare.com/ https://mc.yandex.ru https://*.adroll.com https://*.facebook.net http://*.facebook.net https://staticpro.bitmart.com https://*.smooch.io https://*.googleapis.com https://*.checkout.com https://*.appsflyer.com https://web.bitmart.site https://www.gstatic.com; worker-src blob: https://www.bitmart.com; frame-ancestors 'self' https://*.hotjar.com/ https://*.zdassets.com https://www.trustpilot.com https://web.bitmart.site https://static.sensorsdata.cn 1
frame-ancestors 'self' https://*.emarsys.net 1
frame-ancestors 'self' *.diil.ee 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://analyze.site.sa https://www.google.com/recaptcha/  https://google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://maps.gstatic.com/; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://analyze.site.sa/; object-src https://google.com/ 'self'; img-src 'self' * data:; font-src 'self' https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ data:; worker-src blob: 1
connect-src 'self' data: az589851.vo.msecnd.net embed.binkies3d.com binkiesproductionweu.servicebus.windows.net *.snapchat.com maps.googleapis.com wss://collection.decibelinsight.net wss://bots.alphablues.com *.livechatinc.com *.getsitecontrol.com *.cookiebot.com *.decibelinsight.net *.alphablues.com *.tiktok.com *.exponea.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.google.lt *.google.ee *.google.lv *.google.co.uk *.google.se pildyk.lt *.pildyk.lt *.usabilla.com *.doubleclick.net google.com *.every-pay.com *.sebgroup.com;      script-src 'self' binkiesteaserstorage.blob.core.windows.net az589851.vo.msecnd.net embed.binkies3d.com binkiescontentnode.blob.core.windows.net  *.livechatinc.com *.googlesyndication.com *.decibelinsight.net *.alphablues.com *.cookiebot.com *.googleadservices.com *.google-analytics.com *.facebook.net *.usabilla.com *.exponea.com *.googletagmanager.com *.pushpushgo.com *.getsitecontrol.com *.adform.net *.sc-static.net sc-static.net *.jquery.com *.doubleclick.net payment.ecommerce.sebgroup.com 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com *.cloudflare.com *.youtube.com *.ytimg.com pildyk.lt *.pildyk.lt *.tiktok.com *.ipstatp.com *.ibytedtos.com *.google.com *.googleapis.com pay.google.com;      style-src 'self' 'unsafe-inline' az589851.vo.msecnd.net binkiescontentnode.blob.core.windows.net embed.binkies3d.com *.alphablues.com *.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.cloudfront.net *.google.com pildyk.lt;      img-src 'self' data: blob: az589851.vo.msecnd.net binkiesdevnode.blob.core.windows.net  binkiescontentnode.blob.core.windows.net 'unsafe-inline' tele2.lt *.livechat-files.com maps.googleapis.com *.livechat-static.com *.alphablues.com *.amazonaws.com *.pildyk.lt *.google-analytics.com *.facebook.com *.facebook.net *.cloudfront.net *.google.com *.google.lt *.google.ee *.google.lv *.google.co.uk *.google.se *.doubleclick.net *.pushpushgo.com *.getsitecontrol.com *.usabilla.com *.gstatic.com pildyk.lt *.pildyk.lt cdn.tele2.lt; worker-src 'self' blob: 1
default-src data: blob: *.fbcdn.net;script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.facebook.com *.fbunconnectedgame.com *.fbcdn.net;style-src data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com *.fbunconnectedgame.com;connect-src blob: 'self' *.fbunconnectedgame.com *.fbcdn.net attachment.fbsbx.com ws://localhost:* *.fbsbx.com;font-src data: *.fbcdn.net;img-src data: blob: *.facebook.com *.fbunconnectedgame.com *.fbcdn.net;frame-src 'self' blob: *.fbunconnectedgame.com/;require-trusted-types-for 'script'; 1
frame-ancestors 'self' https://*.ciftm9oqyc-doveriebr1-p1-public.model-t.cc.commerce.ondemand.com 1
games.yourlifechoices.com.au 1
default-src 'self' 'unsafe-inline' sc-static.net 'unsafe-eval' data: *.crazyegg.com *.smartlook.com *.smartlook.cloud *.stackadapt.com *.absolu.ca unpkg.com *.jsdelivr.net *.sentry-cdn.com *.sentry.io *.ravenjs.com *.realexpayments.com *.arcot.com *.adnxs.com *.w3.org *.snapchat.com *.spotify.com *.jobillico.com *.tecnic.ca *.youtube.com *.youtu.be *.vimeo.com *.google.ca *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com *.googleadservices.com *.facebook.com *.facebook.net *.hpjcc.com *.bootstrapcdn.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://app.securiti.ai https://cdn-prod.securiti.ai https://www.googletagmanager.com/debug/badge.css; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://cdn-prod.securiti.ai https://cdnjs.cloudflare.com/ajax/libs/fingerprintjs2/2.1.0/fingerprint2.js; img-src 'self' https://www.google-analytics.com https://app.securiti.ai data: https:; connect-src 'self' https://www.google-analytics.com https://cdn-prod.securiti.ai https://app.securiti.ai; font-src 'self' https://fonts.gstatic.com https://cdn-prod.securiti.ai https://app.securiti.ai; frame-src 'self' https://www.youtube.com https://cdn-prod.securiti.ai https://app.securiti.ai https://www.google.com/ https://chatgptprestadores.orizon.com.br; frame-ancestors 'none'; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://ct.pinterest.com https://cdn.segment.com https://www.youtube.com https://googleads.g.doubleclick.net *.crazyegg.com api.ipify.org *.cookielaw.org *.onetrust.com cdn.pricespider.com connect.facebook.net s.pinimg.com *.google-analytics.com *.googletagmanager.com pghub.io z.moatads.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' https://downloads.ctfassets.net https://assets.ctfassets.net https://videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org https://img.youtube.com https://i.ytimg.com videos.ctfassets.net images.ctfassets.net match.adsrvr.org ct.pinterest.com pixel.tapad.com px.moatads.com *.akamaihd.net *.google.hr *.google-analytics.com www.facebook.com *.googletagmanager.com *.google.com feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * script.crazyegg.com:* *.crazyegg.com ; frame-src 'self' https://td.doubleclick.net https://videos.ctfassets.net https://www.youtube-nocookie.com https://www.youtube.com pandg.tapad.com ct.pinterest.com www.facebook.com feed.pghub.io ; manifest-src * ; 1
upgrade-insecure-requests;style-src 'self' 'nonce-lgNFOTtUDR1SGio';font-src 'self';script-src 'self' 'nonce-lgNFOTtUDR1SGio' ;connect-src 'self' https://froth.zone wss://froth.zone  https://cdn.froth.zone https://proxy.froth.zone;media-src 'self' https://cdn.froth.zone https://proxy.froth.zone;img-src 'self' data: blob: https://cdn.froth.zone https://proxy.froth.zone;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self'; 1
frame-ancestors https://*.ti.com https://*.ti.com.cn https://*.tij.co.jp; 1
font-src 'self' fonts.googleapis.com fonts.gstatic.com *.tawk.to fonts.soundestlink.com www.kaina24.lt;style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com embed.tawk.to static.hotjar.com undefined fonts.soundestlink.com;style-src-elem 'unsafe-inline' www.gstatic.com embed.tawk.to fonts.googleapis.com fonts.soundestlink.com www.gstatic.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookiebot.com *.google-analytics.com *.googleapis.com *.google.com *.google.lt *.googleadservices.com *.googlesyndication.com *.facebook.net *.bing.com *.criteo.com *.cloudflare.com *.tawk.to *.hotjar.com omnisnippet1.com *.omnisendlink.com *.cloudflare.com *.doubleclick.net static.cloudflareinsights.com *.clarity.ms;script-src-elem 'self' 'unsafe-inline' cdn.datatables.net static.cloudflareinsights.com *.clarity.ms *.omnisend.com *.googletagmanager.com *.cookiebot.com *.google-analytics.com *.googleapis.com *.google.com *.google.lt *.googleadservices.com *.googlesyndication.com *.facebook.net *.bing.com *.criteo.com *.cloudflare.com *.tawk.to *.hotjar.com omnisnippet1.com *.omnisendlink.com *.cloudflare.com *.doubleclick.net www.youtube.com forms.soundestlink.com pagead2.googlesyndication.com;connect-src 'self' https://api.camelia.lt wss://*.tawk.to wss://ws.hotjar.com sentry.nordcode.io *.tawk.to *.hotjar.com *.hotjar.io *.soundestlink.com *.google-analytics.com *.doubleclick.net *.google.com *.cookiebot.com *.criteo.com *.bing.com *.googlesyndication.com *.clarity.ms *.facebook.com adservice.google.com ws.hotjar.com graph.facebook.com www.googleadservices.com www.google.com www.google.lt wt.omnisendlink.com pagead2.googlesyndication.com;frame-src 'self' *.cookiebot.com *.tawk.to *.doubleclick.net *.criteo.com *.criteo.net *.youtube.com *.yumpu.com accounts.google.com;img-src 'self' data: https://api.camelia.lt undefined https://images.camelia.lt *.klix.app *.cookiebot.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com *.googletagmanager.com *.google.com *.google.lt *.cloudflare.com *.tawk.to tawk.link *.hotjar.com *.soundestlink.com *.googleapis.com *.gstatic.com *.facebook.com *.youtube.com *.doubleclick.net *.google.com *.google.lt *.dmxleo.com *.hotjar.com *.omnisendlink.com *.bing.com *.adform.net *.criteo.com *.clarity.ms *.demdex.net x.bidswitch.net ib.adnxs.com rtb-csync.smartadserver.com sync-t1.taboola.com visitor.omnitagjs.com r.casalemedia.com ad.360yield.com matching.ivitrack.com contextual.media.net exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com match.sharethrough.com criteo-sync.teads.tv criteo-partners.tremorhub.com eb2.3lift.com ad.yieldlab.net sync-criteo.ads.yieldmo.com e1.emxdgt.com googleads.g.doubleclick.net omnisnippet1.com csm.fr3.eu.criteo.net id5-sync.com ade.googlesyndication.com;default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.tawk.to https://api.camelia.lt undefined https://images.camelia.lt;report-uri https://api.camelia.lt/csp/report 1
default-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://www.google.com https://maps.googleapis.com https://www.googletagmanager.com https://www.gstatic.com https://platform.twitter.com https://static.addtoany.com https://*.effectivemeasure.net https://*.soundcloud.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; connect-src 'self' https://analytics.google.com https://www.googletagmanager.com https://www.googletagservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.soundcloud.com https://*.effectivemeasure.net https://*.sndcdn.com ; img-src 'self' 'unsafe-inline' data: https://analytics.google.com https://*.google-analytics.com https://www.google.co.za https://www.google.com https://stats.g.doubleclick.net https://*.openstreetmap.org https://*.dzcdn.net https://*.sndcdn.com https://*.ytimg.com https://*.effectivemeasure.net ; font-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.gstatic.com https://themes.googleusercontent.com data: ; media-src 'self' data: https://*.soundcloud.com https://*.dzcdn.net https://*.sndcdn.com ; worker-src 'self' https://www.google.com data: ; frame-src 'self' https://platform.twitter.com https://www.google.com https://www.youtube.com https://static.addtoany.com ; manifest-src 'self'  1
frame-ancestors 'self' cdn.adkaora.space adkaora.space cdn.ampproject.org *.g.doubleclick.net blob: libero.pe *.googleapis.com *.googlesyndication.com; 1
frame-ancestors 'self' https://www.eojogodobicho.com; 1
frame-ancestors 'self' http://www.juegosjuegos.ws 1
font-src *.kekale.fi *.accolade.fi maxcdn.bootstrapcdn.com *.gstatic.com js.klevu.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.google.fi *.google.ro *.facebook.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.amazonaws.com *.houston-analytics.com *.cookieinformation.com *.wisepops.com *.adform.net *.sizebay.technology *.amplifyapp.com *.pingdom.net *.klevu.com *.ksearchnet.com 'self' data: data: 'self' 'unsafe-inline'; form-action *.paytrail.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.twitter.com https://www.facebook.com *.klarna.com *.klarnaevt.com *.criteo.net *.criteo.com *.amazonaws.com *.cookieinformation.com *.wisepops.com *.adform.net *.sizebay.technology *.amplifyapp.com *.pinterest.com *.pingdom.net *.feedbackly.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.kekale.fi *.accolade.fi *.paytrail.com *.placeholder.com *.zopim.com *.zopim.io *.klevu.com *.ctfassets.net *.facebook.com https://stats.g.doubleclick.net *.google.com *.google.co.in *.google.fi *.google.ro *.connect.facebook.net *.segmentify.com *.klarna.com *.klarnaevt.com *.smaato.net *.doubleclick.net *.360yield.com *.adnxs.com *.rubiconproject.com *.yahoo.com *.yahoo.net *.smartadserver.com *.pubmatic.com *.outbrain.com *.casalemedia.com *.adform.com *.adform.net *.openx.net *.advertising.com *.ivitrack.com *.omnitagjs.com *.twiago.com *.3lift.com *.taboola.com *.adscale.de *.teads.tv *.media.net *.bidswitch.net *.yieldlab.net *.criteo.com *.1rx.io *.unrulymedia.com *.houston-analytics.com *.cookieinformation.com *.sizebay.technology *.amplifyapp.com *.google-analytics.com *.analytics.google.com *.clarity.ms *.pinterest.com *.bing.com *.pingdom.net *.sharethrough.com *.emxdgt.com https://id5-sync.com *.mediavine.com *.tremorhub.com *.yieldmo.com *.demdex.net *.krxd.net *.thebrighttag.com *.seadform.net *.postrelease.com *.omappapi.com *.ksearchnet.com 'self' data: data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.kekale.fi *.accolade.fi *.google.com *.gstatic.com *.ccdc02.com *.zdassets.com *.klevu.com *.zopim.com *.googletagmanager.com *.facebook.net *.segmentify.com *.custobar.com adtr.io *.criteo.net *.criteo.com *.googleapis.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.analytics.google.com *.bootstrapcdn.com *.klarna.com *.klarnaevt.com *.doubleclick.net *.amazonaws.com *.houston-analytics.com *.cookieinformation.com *.wisepops.com *.adform.net *.sizebay.technology *.amplifyapp.com *.clarity.ms *.pinimg.com *.pinterest.com *.bing.com *.sgmntfy.com *.pingdom.net *.feedbackly.com *.omappapi.com *.tiktok.com *.ksearchnet.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.kekale.fi *.accolade.fi maxcdn.bootstrapcdn.com fonts.gstatic.com js.klevu.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.google.fi *.google.ro *.facebook.com *.segmentify.com *.klarna.com *.klarnaevt.com *.cookieinformation.com *.wisepops.com *.adform.net *.sizebay.technology *.amplifyapp.com *.google-analytics.com *.analytics.google.com *.pingdom.net *.omappapi.com *.klevu.com *.ksearchnet.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.kekale.fi *.accolade.fi *.authorize.net *.zdassets.com *.zendesk.com *.zopim.com wss://*.zopim.com *.google.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.doubleclick.net *.ksearchnet.com *.segmentify.com *.klarna.com *.klarnaevt.com *.criteo.net *.criteo.com *.custobar.com *.facebook.com *.amazonaws.com *.houston-analytics.com *.cookieinformation.com *.wisepops.com *.adform.net *.sizebay.technology *.amplifyapp.com *.clarity.ms *.pinterest.com *.bing.com *.pingdom.net *.sharethrough.com *.emxdgt.com https://id5-sync.com *.mediavine.com *.tremorhub.com *.yieldmo.com *.demdex.net *.krxd.net *.thebrighttag.com *.omappapi.com *.feedbackly.com *.tiktok.com *.klevu.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://www.min-breeder.com; 1
block-all-mixed-content; frame-ancestors *.lojavirus.com.br 1
default-src 'self' https:; style-src 'self' https: 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://www.googletagmanager.com https://use.fontawesome.com *.karte.io; font-src 'self' data: https: https://fonts.gstatic.com *.karte.io; img-src 'self' data: https: https://*.s3.ap-northeast-1.amazonaws.com https://cdn.flowplayer.org https://cdn.flowplayer.com https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' data: https: blob: https://cdn.flowplayer.org https://cdn.flowplayer.com; connect-src 'self' https://sentry.io https://cdn.flowplayer.com https://pmi.flowplayer.com https://www.google-analytics.com https://www.googletagmanager.com https://analytics.google.com https://stats.g.doubleclick.net https://bam.nr-data.net https://unifa-photo-uploaded.s3-ap-northeast-1.amazonaws.com https://unifa-fr-photo-uploaded.s3.ap-northeast-1.amazonaws.com https://unifa-photo.s3.ap-northeast-1.amazonaws.com https://lookmee.kpn1.asp.lgwan.jp https://yubinbango.github.io *.karte.io; frame-src https://docs.google.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-OjZsl16PFTVTDSrv1PVDlQ=='; object-src 'none'; worker-src blob:; base-uri 'none' 1
font-src fonts.gstatic.com maxcdn.bootstrapcdn.com data: *.bootstrapcdn.com *.zopim.com applepay.cdn-apple.com *.gstatic.com *.flixcar.com media.flixfacts.com media.flixfacts.co.uk cdn.smooch.io *.haptikapi.com *.evergage.com cdn.evgnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.doubleclick.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.googletagmanager.com esqa.moneris.com www3.moneris.com pay.google.com *.paysafe.com *.online-metrix.net *.signifyd.com *.facebook.com *.moneris.com *.circularhub.com *.flyertown.ca ct.pinterest.com *.google.ca *.doubleclick.net salsify-ecdn.com *.flixcar.com *.evergage.com cdn.evgnet.com form.typeform.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com imgs.signifyd.com maps.googleapis.com blob: *.facebook.com *.meublesrd.com *.clarity.ms *.bing.com *.zopim.com *.zopim.io *.zdassets.com *.zendesk.com *.amazonaws.com *.flippenterprise.net *.wishabi.com *.wishabi.net *.placeholder.com px.ads.linkedin.com ct.pinterest.com googletagmanager.com *.googletagmanager.com *.google-analytics.com *.google.ca *.doubleclick.net sdk.privacy-center.org event.syndigo.cloud content.syndigo.com *.flixcar.com *.flix360.com *.flixfacts.com *.flixfacts.co.uk *.flixsyndication.net *.flix360.io *.jwplatform.com *.jwpsrv.com *.jwpcdn.com *.cloudfront.net *.pointandplace.com cdn.jwplayer.com haptikus-haptikappimg.haptikapi.com haptikappimg.haptikapi.com toolassets.haptikapi.com cdn.smooch.io img.youtube.com vumbnail.com ts.vimeo.com.s3.amazonaws.com *.evergage.com cdn.evgnet.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com *.googletagmanager.com esqa.moneris.com www3.moneris.com applepay.cdn-apple.com pay.google.com cdn-scripts.signifyd.com imgs.signifyd.com maps.googleapis.com developers.google.com *.paysafe.com *.trackedweb.net *.facebook.net secure.adnxs.com *.cobrowse.io *.zdassets.com *.zopim.com *.clarity.ms bam-cell.nr-data.net bam.nr-data.net *.bing.com *.smooch.io *.circularhub.com *.flippenterprise.net blob: snap.licdn.com *.adobedtm.com *.authorize.net *.jsdelivr.net h64.online-metrix.net ct.pinterest.com *.pinimg.com *.google.ca *.doubleclick.net *.googlesyndication.com *.tiktok.com sdk.privacy-center.org salsify-ecdn.com content.syndigo.com *.flixfacts.com *.flixcar.com *.flixfacts.co.uk *.flixsyndication.net *.flix360.com *.jwplatform.com *.jwpsrv.com *.jwpcdn.com *.cloudfront.net *.flix360.io *.pointandplace.com *.haptikapi.com *.vimeo.com *.evergage.com cdn.evgnet.com cloud.mkt.meublesrd.com unpkg.com embed.typeform.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com *.meublesrd.com www.meublesrd.com *.flippenterprise.net *.googleapis.com tagmanager.google.com *.flixcar.com *.smooch.io *.haptikapi.com *.evergage.com cdn.evgnet.com embed.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.doubleclick.net *.google.com *.google.ca blob: *.flixcar.com *.flix360.com *.flixfacts.com *.flixfacts.co.uk *.flixsyndication.net *.flix360.io *.jwplatform.com *.jwpsrv.com *.jwpcdn.com *.cloudfront.net *.pointandplace.com cdn.smooch.io *.evergage.com cdn.evgnet.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.bolt.com *.googleapis.com *.gstatic.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.signifyd.com *.signifyd.com:11103 *.zopim.com *.zdassets.com *.zendesk.com *.paysafe.com *.facebook.net *.facebook.com *.clarity.ms *.trackedweb.net *.cobrowse.io *.bing.com *.smooch.io wss://widget-mediator.zopim.com *.chatid.com wss://api.cobrowse.io wss://api.smooch.io bam-cell.nr-data.net bam.nr-data.net sentry.io *.flippenterprise.net *.flippback.com *.flipp.com *.algolia.io cdn.linkedin.oribi.io *.ads.linkedin.com www.pinterest.com ct.pinterest.com *.doubleclick.net *.google.ca *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net google.com/pay gtm-serverside-tagging-387114.nn.r.appspot.com *.googlesyndication.com *.tiktok.com analytics.pangle-ads.com api.privacy-center.org salsify-ecdn.com *.internal.salsify.com content.syndigo.com *.flixfacts.com *.flixcar.com *.flixfacts.co.uk *.flixsyndication.net *.flix360.com *.flix360.io *.jwplatform.com *.jwpsrv.com *.jwpcdn.com *.cloudfront.net *.pointandplace.com *.haptikapi.com *.hellohaptik.com wss://*.hellohaptik.com wss://*.haptik.me *.vimeocdn.com *.evergage.com cdn.evgnet.com cloud.mkt.meublesrd.com api.typeform.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
connect-src 'self' ownerclan.com stats.g.doubleclick.net adservice.google.com www.google.com www.google.co.kr www.googletagmanager.com cloudflareinsights.com www.google-analytics.com wcs.naver.com analytics.google.com kapi.kakao.com kauth.kakao.com;font-src 'self' data: use.fontawesome.com fonts.gstatic.com;frame-src 'self' td.doubleclick.net www.google.com bid.g.doubleclick.net www.youtube.com googleads.g.doubleclick.net www.allthegate.com m.youtube.com player.vimeo.com serviceapi.nmv.naver.com www.allra.co.kr pairingpayments.com;img-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google.com www.gstatic.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net tpc.googlesyndication.com ssl.google-analytics.com cdn.jsdelivr.net static.cloudflareinsights.com cdnjs.cloudflare.com ajax.cloudflare.com wcs.naver.net static.nid.naver.com openapi.naver.com ownerclan.com *.ownerclan.com ssl.daum.net t1.daum.net t1.daumcdn.net t1.kakaocdn.net ssl.daumcdn.net s1.daumcdn.net dapi.kakao.com code.jquery.com unpkg.com connect.facebook.com connect.facebook.net cdn.megadata.co.kr www.allthegate.com pairingpayments.com;style-src 'self' cdnjs.cloudflare.com 'unsafe-inline' unpkg.com fonts.googleapis.com use.fontawesome.com ownerclan.com *.ownerclan.com cdn.jsdelivr.net;object-src none;upgrade-insecure-requests;report-uri /csp-report/; 1
base-uri 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com *.hotjar.com www.googleadservices.com connect.facebook.net *.embluemail.com *.elfsight.com api.us1.exponea.com *.g.doubleclick.net partners.go2aluna.co cdn.dsspn.com *.lista10.dev *.siftscience.com *.qualtrics.com snap.licdn.com *.linkedin.com www.youtube.com *.payzen.lat; style-src 'self' 'unsafe-inline' *.payzen.lat *.googleapis.com; object-src 'none'; form-action 'self' *.logisticapp.co *.logisticappweb.com www.facebook.com *.qualtrics.com *.payzen.lat; font-src 'self' data: *.hotjar.com *.gstatic.com; connect-src 'self' wss://ws27.hotjar.com *.auth.us-east-1.amazoncognito.com *.soatmundial.com.co analytics.google.com *.g.doubleclick.net *.kushkipagos.com *.logs.datadoghq.com browser-intake-datadoghq.com *.browser-intake-datadoghq.com api.us1.exponea.com www.google-analytics.com *.elfsight.com *.hotjar.com *.hotjar.io connect.facebook.net www.googleadservices.com *.lista10.dev i.ytimg.com www.google.com www.google.com.co google.com adservice.google.com *.qualtrics.com snap.licdn.com *.linkedin.com *.payzen.lat; img-src 'self' data: images.ctfassets.net  www.googleadservices.com  www.google.com www.google.com.co google.com www.google-analytics.com www.googletagmanager.com www.facebook.com i.ytimg.com *.hotjar.com *.g.doubleclick.net *.embluemail.com  *.qualtrics.com *.payzen.lat *.elfsight.com *.elfsightcdn.com snap.licdn.com *.linkedin.com elfsight.com; frame-src 'self' www.youtube.com *.hotjar.com www.facebook.com *.g.doubleclick.net *.qualtrics.com *.payzen.lat; prefetch-src 'self' www.google-analytics.com www.googletagmanager.com api.us1.exponea.com connect.facebook.net *.hotjar.com www.googleadservices.com *.g.doubleclick.net *.embluemail.com *.elfsight.com; worker-src 'self' blob:; frame-ancestors 'none'; 1
default-src 'self' 'unsafe-inline' data: blob: 'unsafe-eval' *.suizoargentina.com.ar *.suizoargentina.com suizoargentina.com *.google.com *.googleapis.com fonts.googleapis.com *.gstatic.com *.farmaonline.com cdn.gtranslate.net *.mapbox.com chat-rueda.firebaseio.com *.firebaseio.com s-usc1c-nss-265.firebaseio.com *.bootstrapcdn.com caba33.suizoargentina.com.ar *.youtube.com *.log-in.com.ar *.w3.org *.vtexcommercestable.com.br *.myvtex.com *.vteximg.com.br *.vtex.com unpkg.com *.cloudflare.com cdn.jsdelivr.net chat.suizoargentina.com *.google-analytics.com *.googletagmanager.com code.jquery.com ajax.googleapis.com connect.facebook.net *.facebook.com *.g.doubleclick.net *.gravatar.com *.suizoargentina.com/webchat chat.suizoargentina.com/webchat/ https://suizoargentina.com/ 10.5.0.33 https://10.0.29.29; img-src 'self' 'unsafe-inline' data: blob: 'unsafe-eval' *.mapbox.com  http://suizoargentina.com https://suizoargentina.com https://suizoargentina.com/ caba33.suizoargentina.com.ar https://10.0.29.29 *.suizoargentina.com.ar *.suizoargentina.com *.exposuizo.com.ar *.google.com *.googleapis.com fonts.googleapis.com *.gstatic.com *.farmaonline.com cdn.gtranslate.net *.bootstrapcdn.com *.youtube.com *.log-in.com.ar chat-rueda.firebaseio.com *.firebaseio.com *.w3.org s-usc1c-nss-265.firebaseio.com *.vtexcommercestable.com.br *.myvtex.com *.vteximg.com.br *.vtex.com unpkg.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com  connect.facebook.net *.facebook.com *.g.doubleclick.net secure.gravatar.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: hcaptcha.com *.hcaptcha.com www.google.com www.etracker.de *.gstatic.com code.etracker.com *.cadooz.com; frame-ancestors 'self' *.cadooz.com ;  1
frame-ancestors https://zub.ru 1
default-src blob: data: wss://*.win2.ro:* wss://win2.ro:* 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com/ https://youtube.com/ https://win2.ro https://*.win2.ro https://bat.bing.com https://region1.analytics.google.com https://region1.google-analytics.com https://www.google.bg https://www.google.com https://apis.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://maps.googleapis.com https://*.comm100.io https://*.comm100.com https://*.comm100vue.com https://*.googletagmanager.com https://googletagmanager.com https://*.typekit.net https://typekit.net https://maps.google.com https://*.gstatic.com https://gstatic.com https://connect.facebook.net https://*.facebook.com https://facebook.com https://*.fbcdn.net https://fbcdn.net https://analytics.google.com/ https://google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net/ https://cdn.taboola.com https://trc.taboola.com https://trc-events.taboola.com https://track.adform.net/ https://s2.adform.net https://sxt.cdn.skype.com https://www.adobe.com https://lob.egcvi.com https://bshots.egcvi.com/ https://client.pragmaticplaylive.net https://eadsrv.com https://linker.bg/ https://*.live-hub.net https://de2-md.svmsrv.com/ https://*.comm100download.com/ https://*.doubleclick.net https://*.googlesyndication.com https://doubleclick.net https://googlesyndication.com ; frame-ancestors 'self' https://*.win2.ro 1
default-src 'self' www: fonts.googleapis.com fonts.gstatic.com js.mtnpaygw.mtnnigeria.net/mtn/v2 sdk.mtnpay.mtnnigeria.net pay.mtn.ng sdk.mtnpaygw.mtnnigeria.net test-gateway.mastercard.com mtn-ui.mtnpaygw.mtnnigeria.net https://mtf.gateway.mastercard.com https://cpg.mtnpay.mtnnigeria.net test-gateway.mastercard.com js.mtnpaygw.mtnnigeria.net js-proxy.mtnpaygw.mtnnigeria.net customui.mtnpaygw.mtnnigeria.net mtn-nga.dimelochat.com mtn-nga.ws.dimelo.com mtn-nga.messaging.dimelo.com js.mtnpay.mtnnigeria.net ui.mtnpay.mtnnigeria.net maps.googleapis.com data: vincentcabrera.fr www.google-analytics.com www.mymtn.com.ng mtnng-prod.voiceweb.eu mtnng-test.voiceweb.eu eum.mtnnigeria.net cdn.appdynamics.com mtnnigeria-astra.sandsiv.com cpg-api.mtnpay.mtnnigeria.net/v2 https://pay.mtn.ng/ https://sdk.mtnpaygw.mtnnigeria.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' mtn-nga.dimelochat.com js.mtnpaygw.mtnnigeria.net/mtn/v2 sdk.mtnpay.mtnnigeria.net sdk.mtnpaygw.mtnnigeria.net https://mtf.gateway.mastercard.com test-gateway.mastercard.com https://cpg.mtnpay.mtnnigeria.net mtn-ui.mtnpaygw.mtnnigeria.net js.mtnpaygw.mtnnigeria.net mtn-nga.ws.dimelo.com js-proxy.mtnpaygw.mtnnigeria.net customui.mtnpaygw.mtnnigeria.net mtn-nga.messaging.dimelo.com js.mtnpay.mtnnigeria.net maps.googleapis.com ui.mtnpay.mtnnigeria.net www.mymtn.com.ng mtnng-test.voiceweb.eu mtnng-prod.voiceweb.eu eum.mtnnigeria.net cdn.appdynamics.com mtnnigeria-astra.sandsiv.com js.mtnpay.mtnnigeria.net/mtn/v2 cpg-api.mtnpay.mtnnigeria.net/v2 pay.mtn.ng https://pay.mtn.ng https://sdk.mtnpaygw.mtnnigeria.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' https:; font-src 'self' https: data:; img-src 'self' https: data: http: vincentcabrera.fr www.google-analytics.com; connect-src 'self' ws: wss: blob: https: http: mtn-nga.dimelochat.com mtnng-prod.voiceweb.eu sdk.mtnpay.mtnnigeria.net sdk.mtnpaygw.mtnnigeria.net https://mtf.gateway.mastercard.com https://cpg.mtnpay.mtnnigeria.net https://sdk.mtnpaygw.mtnnigeria.net test-gateway.mastercard.com mtn-nga.messaging.dimelo.com www.google-analytics.com mtnng-test.voiceweb.eu eum.mtnnigeria.net cdn.appdynamics.com mtnnigeria-astra.sandsiv.com js.mtnpay.mtnnigeria.net/mtn/v2 cpg-api.mtnpay.mtnnigeria.net/v2 pay.mtn.ng https://pay.mtn.ng https://pay.mtn.ng; frame-ancestors 'self' https://mtf.gateway.mastercard.com/ https://cpg.mtnpay.mtnnigeria.net/ sdk.mtnpay.mtnnigeria.net sdk.mtnpaygw.mtnnigeria.net https://sdk.mtnpaygw.mtnnigeria.net 1
form-action *.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.fls.doubleclick.net *.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.omtrdc.net *.twitter.com covers.odilo.io *.ads-twitter.com *.facebook.com *.facebook.net cdn.cookielaw.org www.googletagmanager.com online.bancosantander.es a.omappapi.com *.googleapis.com extend.vimeocdn.com www.google-analytics.com t.co adservice.google.com *.linkedin.com region1.google-analytics.com sso.santanderopenacademy.com *.santanderopenacademy.com *.universia.net fonts.gstatic.com in-automate.sendinblue.com z.omappapi.com api.omappapi.com snap.licdn.com images.findawayworld.com *.tiktok.com privacyportal-de.onetrust.com sibautomation.com use.typekit.net pro-becas-images-s3.s3.eu-west-1.amazonaws.com santander-privacy.my.onetrust.com; frame-ancestors 'self' sso.santanderopenacademy.com *.santanderopenacademy.com; connect-src 'self' cdn.equalweb.com *.universia.net pro-becas-images-s3.s3.eu-west-1.amazonaws.com www.linkedin.com script.hotjar.com img.youtube.com px4.ads.linkedin.com t.co surveystats.hotjar.io analytics.twitter.com www.google.es mboxedge37.tt.omtrdc.net santanderuniversidad.tt.omtrdc.net www.googletagservices.com www.google.ie www.facebook.com cdn.cookielaw.org googleads.g.doubleclick.net stats.g.doubleclick.net www.google.com pagead2.googlesyndication.com region1.analytics.google.com region1.google-analytics.com vc.hotjar.io metrics.hotjar.io wss://ws.hotjar.com ws.hotjar.com content.hotjar.io www.google-analytics.com px.ads.linkedin.com analytics.tiktok.com *.pangle-ads.com *.omappapi.com *.vimeo.com sso.santanderopenacademy.com *.santanderopenacademy.com santander-privacy.my.onetrust.com; font-src 'self' script.hotjar.com fonts.gstatic.com data:; frame-src 'self' www.youtube.com www.google.com *.doubleclick.net track.adform.net www.facebook.com *.universia.net sso.santanderopenacademy.com *.santanderopenacademy.com *.vimeo.com; img-src 'self' data: su-commons-documents.s3.eu-west-1.amazonaws.com pro-becas-images-s3.s3.eu-west-1.amazonaws.com i.ytimg.com non-productive-alfred-s3.s3.eu-west-1.amazonaws.com *.universia.net img.youtube.com cdn.cookielaw.org www.facebook.com fonts.gstatic.com www.google.ie www.google.com www.google.es www.googletagmanager.com www.google-analytics.com px.ads.linkedin.com px4.ads.linkedin.com t.co analytics.twitter.com covers.odilo.io images.findawayworld.com *.doubleclick.net *.odilotk.es; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com cdn.jsdelivr.net cdn.equalweb.com code.jquery.com track.adform.net s2.adform.net www.googletagservices.com cdn.cookielaw.org googleads.g.doubleclick.net connect.facebook.net static.hotjar.com metrics.hotjar.io script.hotjar.com www.googletagmanager.com www.google-analytics.com snap.licdn.com static.ads-twitter.com analytics.tiktok.com *.googleapis.com pro-becas-images-s3.s3.eu-west-1.amazonaws.com *.gstatic.com *.omappapi.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com www.googletagmanager.com fonts.googleapis.com *.omappapi.com; worker-src *.universia.net 1
default-src 'self'; style-src https: 'unsafe-inline'; style-src-elem https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: data: wss:; font-src https:; frame-src https:; img-src https: data: 'self'; worker-src blob: https:; media-src blob: https: 1
default-src 'self' data: *.crazyegg.com https://*.wistia.com https://*.wistia.net; object-src 'self'; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://dmbqekwh0sti7.cloudfront.net; connect-src 'self' https://bam.eu01.nr-data.net https://www.google.com https://region1.analytics.google.com https://region1.google-analytics.com https://www.google-analytics.com https://*.wistia.com http://*.wistia.net https://*.litix.io https://embedwistia-a.akamaihd.net https://gtm.knab.nl *.inbenta.io https://squeezely.tech https://px.ads.linkedin.com https://analytics.google.com https://login.knab.nl https://api.knab.nl https://stats.g.doubleclick.net https://knab.blueconic.net https://quadia.webtvframework.com https://www.google.com/ads/user-lists/ https://d6tizftlrpuof.cloudfront.net *.usabilla.com *.crazyegg.com https://*.googlesyndication.com/ https://googleads.g.doubleclick.net/ https://alicia.claims/claim https://knab.convertcalculator.com/ https://www.convertcalculator.com *.visualwebsiteoptimizer.com app.vwo.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net *.inbenta.io https://knab-bank.inbenta.com https://fonts.gstatic.com https://fonts.googleapis.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com; child-src 'self' https://*.cobrowse.liveperson.net https://lpcdn.lpsnmedia.net https://quadia.webtvframework.com https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://staticxx.facebook.com/ https://rekentools.webbridge.nl/knab/; frame-ancestors 'self' https://app.kontent.ai; frame-src 'self' https://fast.wistia.com https://fast.wistia.net https://c4558d2c-9151-47e4-8455-49f631e6ae8f.tools.hypotheekbond.nl https://9e2e95db-b935-415c-8fb2-f23739546df8.tools.hypotheekbond.nl https://0494e8eb-d931-45dd-97b5-bb0ea11173c7.tools.hypotheekbond.nl https://2542d88d-caf9-45d4-9dcd-284252299c69.tools.hypotheekbond.nl https://f127717f-90ce-4d8f-8233-9b58dcff3c35.tools.hypotheekbond.nl https://7671787d-04a4-4650-843a-46e1ead3f65b.tools.hypotheekbond.nl https://4f9c5a52-0292-48e4-ba90-bcae710655ed.tools.hypotheekbond.nl https://www.advieskeuze.nl https://forms.hsforms.com https://*.knab.nl https://*.cobrowse.liveperson.net https://server.lon.liveperson.net https://lpcdn.lpsnmedia.net https://quadia.webtvframework.com https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://staticxx.facebook.com/ https://rekentools.webbridge.nl/knab/ https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://50c0e59c-e230-4d87-8d90-8069eb4d9516.tools.hypotheekbond.nl/looptijdrente https://www.sharepeople.nl/knab-rekentool https://knab.alicia.insure/insurance-calculator https://knab-calculator.alicia.insure/insurance-calculator https://outlook.office365.com https://alicia.claims/claim https://knab.convertcalculator.com/ https://www.convertcalculator.com https://form-eu.123formbuilder.com *.visualwebsiteoptimizer.com app.vwo.com; img-src 'self' data: https://preview-assets-eu-01.kc-usercontent.com https://assets-eu-01.kc-usercontent.com https://embedwistia-a.akamaihd.net https://*.wistia.com https://*.wistia.net https://gtm.knab.nl https://squeezely.tech https://px.ads.linkedin.com https://t.squeezely.tech https://searchrys.com https://jwpltx.com https://rid.webtvframework.com https://content.knab.nl https://knab-bank.inbenta.com https://www.googletagmanager.com https://lpcdn.lpsnmedia.net https://ssl.google-analytics.com https://www.google.com https://www.google.nl https://static.proto.io/ https://www.google-analytics.com https://www.facebook.com https://t.co https://googleads.g.doubleclick.net https://www.googleadservices.com https://secure.adnxs.com https://ib.adnxs.com https://www.facebook.com/tr/ *.twitter.com https://static-or00.inbenta.com https://www.at19.net https://stats.g.doubleclick.net https://d6tizftlrpuof.cloudfront.net https://*.usabilla.com https://t.co/i *.crazyegg.com https://imagedelivery.net *.visualwebsiteoptimizer.com app.vwo.com chart.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://js-agent.newrelic.com https://bam.eu01.nr-data.net https://*.wistia.com https://*.wistia.net https://src.litix.io *.inbenta.io https://script.crazyegg.com/pages/scripts/0087/6285.js https://squeezely.tech https://t.squeezely.tech https://searchrys.com https://js.hs-scripts.com https://www.advieskeus.nl https://cdn.blueconic.net https://knab.blueconic.net https://ssl.p.jwpcdn.com https://player.quadia.net https://forms.hsforms.com https://js.hsforms.net https://static.proto.io/api/widget-embed.js https://content.knab.nl https://lpcdn.lpsnmedia.net https://d6tizftlrpuof.cloudfront.net https://www.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com *.usabilla.com https://accdn.lpsnmedia.net https://chat.inbenta.com https://knab-bank.inbenta.com https://lo.v.liveperson.net https://lptag.liveperson.net https://server.lon.liveperson.net https://www.google-analytics.com https://connect.facebook.net https://www.googletagmanager.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://platform.twitter.com https://static.ads-twitter.com https://analytics.twitter.com https://apis.google.com *.crazyegg.com trk.cetrk.com s3.amazonaws.com/trk.cetrk.com/ https://www.googleoptimize.com/ https://scripts.convertcalculator.com https://www.convertcalculator.com/ https://app.convertcalculator.co *.visualwebsiteoptimizer.com app.vwo.com; style-src 'self' 'unsafe-inline' https://fast.wistia.com *.inbenta.io https://player.quadia.net https://content.knab.nl https://fonts.googleapis.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://*.inbenta.com *.visualwebsiteoptimizer.com app.vwo.com; worker-src 'self' blob: ; upgrade-insecure-requests; block-all-mixed-content; base-uri https://www.knab.nl https://d6tizftlrpuof.cloudfront.net; 1
default-src 'self';base-uri 'self';upgrade-insecure-requests;connect-src 'self' webapi.vontobel.com vta.vontobel.com vcd.vontobel.com vimeo.com *.cloudfront.net *.usabilla.com cloud.mail.vontobel.com legalterms.vontobel.com stats.g.doubleclick.net px.ads.linkedin.com region1.analytics.google.com *.ceros.com;font-src 'self' legalterms.vontobel.com;frame-src blob: player.vimeo.com *.cloudfront.net *.usabilla.com cloud.mail.vontobel.com legalterms.vontobel.com irs.tools.investis.com deepcontent.github.io *.fls.doubleclick.net *.g.doubleclick.net t.co analytics.twitter.com *.ceros.com;frame-ancestors 'none';img-src 'self' data: blob: vta.vontobel.com vcd.vontobel.com img.vontobel.com res.cloudinary.com *.vimeocdn.com vontobel-cloudbased-streaming.s3.amazonaws.com *.cloudfront.net *.usabilla.com cloud.mail.vontobel.com legalterms.vontobel.com deepcontent.github.io *.google.com *.gstatic.com www.google.ch www.googletagmanager.com *.analytics.google.com *.fls.doubleclick.net *.g.doubleclick.net okt.to t.co analytics.twitter.com static.ads-twitter.com www.facebook.com connect.facebook.net px.ads.linkedin.com snap.licdn.com *.ceros.com;media-src 'self' data: blob: img.vontobel.com res.cloudinary.com vontobel-cloudbased-streaming.s3.amazonaws.com *.vimeocdn.com *.ceros.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net vtd.vontobel.com *.vimeocdn.com player.vimeo.com *.cloudfront.net *.usabilla.com cloud.mail.vontobel.com legalterms.vontobel.com deepcontent.github.io *.google.com www.google.ch www.googletagmanager.com *.analytics.google.com *.fls.doubleclick.net *.g.doubleclick.net okt.to t.co analytics.twitter.com static.ads-twitter.com www.facebook.com connect.facebook.net px.ads.linkedin.com snap.licdn.com *.ceros.com ajax.googleapis.com;style-src 'self' 'unsafe-inline' *.vimeocdn.com player.vimeo.com *.cloudfront.net *.usabilla.com cloud.mail.vontobel.com legalterms.vontobel.com www.google.com *.ceros.com; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://widgets.twimg.com https://platform.twitter.com https://connect.facebook.net https://connect.facebook.com https://ssl.google-analytics.com http://www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam.nr-data.net https://use.typekit.com https://manualuploads.s3.amazonaws.com https://oss.maxcdn.com https://apis.google.com https://scontent.xx.fbcdn.net https://facebook.com https://www.facebook.com https://js.stripe.com data:;style-src 'self' 'unsafe-inline' https://twibbon.blob.core.windows.net https://manualuploads.s3.amazonaws.com https://netdna.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com;img-src 'self' https://www.facebook.com https://staticxx.facebook.com https://scontent.xx.fbcdn.net https://static.xx.fbcdn.net https://graph.facebook.com https://web.facebook.com https://syndication.twitter.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.gstatic.com https://ssl.gstatic.com https://manualuploads.s3.amazonaws.com https://twibbon.s3.amazonaws.com http://twibbon.s3.amazonaws.com https://coverjunction.s3.amazonaws.com http://coverjunction.s3.amazonaws.com https://twibbon.blob.core.windows.net https://stormideaseu.blob.core.windows.net https://p.typekit.net https://stats.g.doubleclick.net https://*.facebook.com http://*.facebook.com http://*.akamaihd.net https://*.akamaihd.net http://*.fbcdn.net https://*.fbcdn.net https://*.xx.fbcdn.net http://*.xx.fbcdn.net http://*.twimg.com https://*.twimg.com data:;frame-src 'self' https://www.facebook.com http://www.facebook.com https://m.facebook.com http://m.facebook.com https://staticxx.facebook.com http://staticxx.facebook.com https://*.facebook.com http://*.facebook.com https://www.youtube.com https://accounts.google.com https://platform.twitter.com http://platform.twitter.com https://apis.google.com https://js.stripe.com data:;font-src 'self' https://use.typekit.com https://fonts.gstatic.com data;connect-src 'self' https://performance.typekit.net https://www.facebook.com https://www.google-analytics.com https://region1.google-analytics.com;frame-ancestors 'none';report-uri /WebResource.axd?cspReport=true 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.it https://www.myheritage.it  'nonce-e539003241acdae1950ad65c8570607c' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.it;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
default-src 'self' data: localhost:* *.episerver.net *.readspeaker.com *.arcgisonline.nl *.arcgisonline.com js.arcgis.com *.arcgis.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.prorail.nl *.spoordata.nl *.werkenbijprorail.nl *.youtube-nocookie.com www.google.nl www.googletagmanager.com tagmanager.google.com px.ads.linkedin.com www.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.recaptcha.net *.cookiebot.com connect.facebook.net www.facebook.com snap.licdn.com 'unsafe-inline' 'unsafe-eval'; connect-src https: ws: wss:; 1
frame-ancestors https://app.smartsheet.com http://www.casamples.com https://www.casamples.com https://www.curriculumassociates.com https://stateoflearning.curriculumassociates.com https://horizon.dev-web01.curriculumassociates.com https://horizon.stg.curriculumassociates.com https://horizon.prd.curriculumassociates.com https://horizon.curriculum-associates.local.dev/  'self'; 1
font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com https://cdn.siteblindado.com https://api.siteblindado.com https://cdnjs.cloudflare.com https://www.google.com *.k-analytix.com *.google.com.br *.konduto.com *.doubleclick.net *.hotjar.com wss://ws.hotjar.com *.hotjar.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.k-analytix.com *.google.com.br *.konduto.com *.doubleclick.net *.hotjar.com wss://ws.hotjar.com *.hotjar.io 'self' 'unsafe-inline'; frame-ancestors *.bolt.com https://h.online-metrix.net unsafe-inline *.k-analytix.com *.google.com.br *.konduto.com *.doubleclick.net *.hotjar.com wss://ws.hotjar.com *.hotjar.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://h.online-metrix.net *.cardinalcommerce.com unsafe-inline https://www.google.com https://www.googletagmanager.com https://cdn.siteblindado.com https://api.siteblindado.com *.k-analytix.com *.google.com.br *.konduto.com *.doubleclick.net *.hotjar.com wss://ws.hotjar.com *.hotjar.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://h.online-metrix.net *.d.aa.online-metrix.net https://fonts.gstatic.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://staticfiles.yviews.com.br https://service.yourviews.com.br https://yv-misc.s3.amazonaws.com https://www.google.com https://cdn.awsli.com.br/ https://cdn.siteblindado.com https://api.siteblindado.com https://seal.siteblindado.com *.k-analytix.com *.google.com.br *.konduto.com *.doubleclick.net *.hotjar.com wss://ws.hotjar.com *.hotjar.io data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://h.online-metrix.net *.cardinalcommerce.com https://i.konduto.com https://cdn.siteblindado.com https://api.siteblindado.com https://www.google.com https://www.gstatic.com https://cdn.awsli.com.br https://www.paypal.com https://www.sandbox.paypal.com https://www.paypalobjects.com https://commerce.adobedtm.com https://js-agent.newrelic.com/ *.k-analytix.com *.google.com.br *.konduto.com *.doubleclick.net *.hotjar.com wss://ws.hotjar.com *.hotjar.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.googleapis.com *.k-analytix.com *.google.com.br *.konduto.com *.doubleclick.net *.hotjar.com wss://ws.hotjar.com *.hotjar.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.k-analytix.com *.google.com.br *.konduto.com *.doubleclick.net *.hotjar.com wss://ws.hotjar.com *.hotjar.io 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.k-analytix.com *.google.com.br *.konduto.com *.doubleclick.net *.hotjar.com wss://ws.hotjar.com *.hotjar.io 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com http://dpm.demdex.net https://h.online-metrix.net https://mpisandbox.braspag.com.br/v2/3ds/validate https://writer.cardinalcommerce.com/stag/log https://mpisandbox.braspag.com.br/v2/3ds/enroll https://centinelapistag.cardinalcommerce.com/V1/Order/JWT/Continue *.amazonaws.com *.braspag.com.br https://viacep.com.br https://api.siteblindado.com https://seal.siteblindado.com https://commerce.adobedc.net https://commerce.adobedtm.com https://www.google.com https://www.gstatic.com https://www.paypal.com https://www.sandbox.paypal.com https://www.paypalobjects.com *.k-analytix.com *.google.com.br *.konduto.com *.doubleclick.net *.hotjar.com wss://ws.hotjar.com *.hotjar.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.k-analytix.com *.google.com.br *.konduto.com *.doubleclick.net *.hotjar.com wss://ws.hotjar.com *.hotjar.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.nr-data.net https://*.intellimizeditor.com https://intellimizeditor.com https://cdn.intellimize.co https://ajax.googleapis.com https://ajax.cloudflare.com https://analytics.twitter.com https://api.intellimize.co https://app-abk.marketo.com https://audience.nrich.ai https://bat.bing.com https://boards.greenhouse.io https://cdn.ampproject.org https://cdn.cookielaw.org https://cdn.onesignal.com https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://js.chilipiper.com https://maps.googleapis.com https://munchkin.marketo.net https://onesignal.com https://player.vimeo.com https://s.yimg.com https://sc.lfeeder.com https://script.crazyegg.com https://script.hotjar.com https://secure.esignlive.com https://secure.onespan.com https://serve.nrich.ai https://ssl.google-analytics.com https://snap.licdn.com https://static.ads-twitter.com https://static.cloudflareinsights.com https://static.hotjar.com https://tag.demandbase.com https://tag.nrich.ai https://tpc.googlesyndication.com https://translate.google.com https://tribl.io https://www.clarity.ms https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://d41.co https://*.d41.co https://embed.ustudio.com https://asana-user-private-us-east-1.s3.us-east-1.amazonaws.com https://id.rlcdn.com https://scout-cdn.salesloft.com https://tracking.g2crowd.com https://j.6sc.co https://view.ceros.com https://app.leandata.com https://js.driftt.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://optimize.google.com https://www.googleoptimize.com/ https://extend.vimeocdn.com https://code.highcharts.com https://cdn.bizible.com https://www.vimeo.com https://vimeo.com https://cdn.jsdelivr.net https://rc-sc.js.driftt.com https://site-concierge.driftt.com; style-src 'self' 'report-sample' 'unsafe-inline' https://app-abk.marketo.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://js.chilipiper.com/ https://onesignal.com https://secure.onespan.com https://tag.demandbase.com https://translate.googleapis.com https://tribl.io https://use.fontawesome.com https://cdn.jsdelivr.net https://optimize.google.com https://www.googletagmanager.com https://www.gstatic.com; form-action 'self'; base-uri 'self'; object-src 'none'; connect-src 'self' https://*.clarity.ms https://*.company-target.com https://*.nr-data.net https://308-zmt-742.mktoresp.com https://308-zmt-742.mktoutil.com https://adservice.google.com https://analytics.google.com https://api.chilipiper.com https://api.intellimize.co https://audience.nrich.ai https://bat.bing.com https://cdn.cookielaw.org https://in.hotjar.com https://log.intellimize.co https://maps.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://s.yimg.com https://secure.onespan.com https://serve.nrich.ai https://stats.g.doubleclick.net https://tag.nrich.ai https://tracking.chilipiper.com https://translate.googleapis.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://cdn.linkedin.oribi.io https://www.facebook.com https://www.google-analytics.com https://app.leandata.com https://js.zi-scripts.com https://ws.zoominfo.com https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.by https://www.google.bs https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.cz https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.cg https://www.google.com.co https://www.google.com.cy https://www.google.com.cu https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kh https://www.google.com.jm https://www.google.com.kw https://www.google.com.lb https://www.google.com.li https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.nl https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.com https://www.google.cu https://www.google.de https://www.google.dk https://www.google.dl https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fl https://www.google.fr https://www.google.ge https://www.google.gm https://www.google.gr https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.la https://www.google.lk https://www.google.li https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rw https://www.google.rs https://www.google.ru https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.vu https://www.google.zm https://www.googletagmanager.com https://cs.lf-discover.com https://*.d41.co https://d41.co https://se-services.intellimize.co https://*.salesloft.com https://*.6sc.co https://www.google.co.ls https://www.google.bi https://www.google.com.af https://www.google.tt https://www.google.ws https://www.google.st https://www.google.gg https://www.google.im https://secure.adnxs.com/ https://js.driftt.com https://www.googletagmanager.com https://content.hotjar.io https://metrics.hotjar.io https://epsilon.6sense.com https://px.ads.linkedin.com https://*.6sense.com https://rc-sc.js.driftt.com https://site-concierge.driftt.com https://tracking.g2crowd.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src https://*.esignlive.com/ https://*.onespan.com https://api.intellimize.co https://app.intellimize.co https://*.intellimizeio.com https://onespan.chilipiper.com https://apps.chilipiper.com https://app-abk.marketo.com https://bid.g.doubleclick.net https://boards.greenhouse.io https://player.vimeo.com https://sandbox.esignlive.com https://secure.onespan.com https://test.api.intellimize.co https://tpc.googlesyndication.com https://tribl.io https://vars.hotjar.com https://vimeo.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://*.youtube.com https://youtube.com https://*.prod.acquia-sites.com https://embed.ustudio.com/ https://view.ceros.com/ https://app.leandata.com https://js.driftt.com https://optimize.google.com https://webikeo.fr/ https://td.doubleclick.net/ http://stg.onespan.com/ http://www.onespan.com/ https://rc-sc.driftt.com https://rc-sc.js.driftt.com https://site-concierge.driftt.com; img-src 'self' data: blob: *; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri https://ea04e958cc13a15d0bbc4cbc506ff315.report-uri.com/r/d/csp/enforce; 1
default-src 'self'; style-src 'self'; script-src 'self'; 1
child-src 'self' https://dash.bounceexchange.com https://assets.bounceexchange.com https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://ln-rules.rewardstyle.com https://www.shoplooks.com https://www.recaptcha.net https://recaptcha.net https://vars.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://tr.snapchat.com https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance https://www.pinterest.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://d2d7do8qaecbru.cloudfront.net blob:; connect-src 'self' https://sgtm.biossance.com https://*.cdnbasket.net https://*.cdnwidget.com https://events.bouncex.net https://coupons.bounceexchange.com https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.liveperson.net wss://*.liveperson.net  https://services.postcodeanywhere.co.uk https://*.googleapis.com https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.baidu.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://ct.pinterest.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://analytics.tiktok.com wss://*.liveperson.net https://www.allsole.com/e2/ds/relay https://horizon-api.www.allsole.com/graphql https://*.ingest.sentry.io https://s1.thcdn.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://*.listrakbi.com https://*.listrak.com; font-src 'self' data: https://cdn.listrakbi.com https://assets.bounceexchange.com https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io; form-action 'self' https://dev.bounceexchange.com https://api.bounceexchange.com https://www.facebook.com https://m.allsole.com https://checkout.allsole.com https://www.allsole.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' https://sgtm.biossance.com https://dev.bounceexchange.com https://tag.wknd.ai https://api.bounceexchange.com https://assets.bounceexchange.com https://tag.bounceexchange.com https://dash.bounceexchange.com https://cdn.parcellab.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.parcellab.com https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://*.criteo.com https://static.criteo.net https://*.baidu.com https://remote.captcha.com https://ssl.bing.com https://*.akamaihd.net https://ln-rules.rewardstyle.com https://www.recaptcha.net https://recaptcha.net https://*.sciencebehindecommerce.com https://*.shoplooks.com https://slooks.top https://slooks.me https://static.hotjar.com https://script.hotjar.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://s.pinimg.com https://*.contentsquare.net https://app.contentsquare.com https://assets.dekopay.com https://analytics.tiktok.com https://*.ibytedtos.com https://s1.thcdn.com https://*.listrakbi.com https://*.listrak.com; style-src 'self' 'unsafe-inline' https://cdn.listrakbi.com https://assets.bounceexchange.com https://www.allsole.com https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.shoplooks.com https://static.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://s1.thcdn.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint; frame-src https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://d2d7do8qaecbru.cloudfront.net https://www.google.com https://recaptcha.google.com https://*.lpsnmedia.net https://*.liveperson.net; 1
base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com https://www.upsellit.com https://dx.mountain.com https://px.mountain.com https://cdn.mxpnl.com https://connect.facebook.net https://sleeknotecustomerscripts.sleeknote.com https://sleeknotestaticcontent.sleeknote.com https://s.ntv.io https://jadserve.postrelease.com https://code.jquery.com https://netdna.bootstrapcdn.com https://shareasaleanalytics.com https://d3js.org https://js.braintreegateway.com https://netdna.bootstrapcdn.com https://cdn.optimizely.com https://cdn.optimizely.com https://cdn.walkme.com https://platform.twitter.com https://cdn.pdst.fm https://utt.impactcdn.com https://static.criteo.net https://edge.fullstory.com https://www.recaptcha.net https://js.hs-scripts.com https://static.criteo.net https://utt.impactcdn.com https://sslwidget.criteo.com https://sslwidget.criteo.com https://www.gstatic.com https://js.hs-analytics.net https://js.hsleadflows.net https://js.usemessages.com https://js.hs-banner.com https://js.hubspotfeedback.com https://js.hsadspixel.net https://gs.mountain.com/gs https://match.sharethrough.com https://maps.googleapis.com https://www.google.com https://sdk.postscript.io https://insidetracker3e41a.referralrock.com https://youtube.com https://www.youtube.com https://www.redditstatic.com https://api.gorgias.work https://storage.googleapis.com https://us-east1-898b.gorgias.chat https://assets.gorgias.chat https://config.gorgias.io https://config.gorgias.chat https://*.upsellit.com https://cdn.entail-insights.com https://static.hotjar.com https://script.hotjar.com https://static.ads-twitter.com https://a.quora.com https://cdn.amplitude.com https://widget.surveymonkey.com https://api.surveymonkey.com https://surveymonkey.com https://*.upsellit.com https://ajax.googleapis.com https://cdn.iframe.ly https://widget.trustpilot.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com; upgrade-insecure-requests; frame-ancestors 'self' https://builder.io 1
default-src matomo.gab.com app.valmarmerchant.com apitest.authorize.net api2.authorize.net jstest.authorize.net js.authorize.net challenges.cloudflare.com 'self';script-src cdn.gab.ai matomo.gab.com apitest.authorize.net api2.authorize.net app.valmarmerchant.com jstest.authorize.net js.authorize.net challenges.cloudflare.com 'self' 'unsafe-inline';style-src cdn.gab.ai app.valmarmerchant.com apitest.authorize.net api2.authorize.net jstest.authorize.net js.authorize.net 'self' 'unsafe-inline';img-src 'self' data: cdn.gab.ai;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://one.sitrion.com; img-src * data:; 1
frame-ancestors 'self'; default-src 'self' https://*.tagvenue.com https://*.wp.com; connect-src * data: blob: 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' https://*.tagvenue.com https://connect.facebook.net https://*.googleapis.com https://www.google-analytics.com https://*.google.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google.com https://cdnjs.cloudflare.com https://*.hotjar.com https://ssl.gstatic.com https://*.wp.com https://*.twitter.com https://tagmanager.google.com https://assets.calendly.com https://sibautomation.com blob: https://*.jivosite.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://sjs.bizographics.com https://snap.licdn.com data: https://*.olark.com https://js.stripe.com https://cdn.popt.in https://googleads.g.doubleclick.net https://www.gstatic.com https://cdn.rollbar.com https://www.instagram.com https://cdn.mxpnl.com https://cdn.jsdelivr.net https://cdn.amplitude.com; img-src data: blob: https:; frame-src 'self' https://accounts.google.com https://staticxx.facebook.com https://*.hotjar.com https://www.googletagmanager.com https://www.youtube.com https://optimize.google.com https://*.wp.com https://*.twitter.com https://maps.google.com https://calendly.com https://sibautomation.com https://www.google.com https://bid.g.doubleclick.net https://www.facebook.com https://*.olark.com https://player.vimeo.com https://js.stripe.com https://googleads.g.doubleclick.net data: https://mozbar.moz.com https://td.doubleclick.net https://www.instagram.com; style-src 'unsafe-inline' https://*.tagvenue.com https://ssl.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://optimize.google.com https://tagmanager.google.com https://fonts.googleapis.com https://assets.calendly.com https://*.wp.com https://*.olark.com https://cdn.popt.in https://cdnjs.cloudflare.com https://use.fontawesome.com https://accounts.google.com https://www.gstatic.com https://www.googletagmanager.com; font-src * data: blob: 'unsafe-inline' moz-extension; media-src 'self' https://static.olark.com https://*.jivosite.com; report-uri /logging/csp-violation 1
worker-src 'self' blob:; frame-ancestors https://app.kontent.ai; object-src 'none'; frame-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.trustpilot.com *.mopinion.com *.classiceigenhuis.blob.core.windows.net https://maps.googleapis.com https://hcaptcha.com https://www.youtube.com/iframe_api https://live.steam.eu.com/client/ https://js.hcaptcha.com https://contractscan.eigenhuis.jstack.eu https://ct.pinterest.com https://eigenhuis.jotform.com https://*.facebook.net https://*.pinimg.com https://*.pingdom.net https://*.adform.net https://*.hotjar.com https://*.procit.com https://*.obi4wan.com https://*.cookiebot.com https://*.visualwebsiteoptimizer.com https://*.expoints.nl https://*.eigenhuis.nl https://veh-contractapi.web.app https://*.kontent.ai https://*.googletagmanager.com https://*.google-analytics.com https://www.google.com https://www.googleadservices.com https://flask.nextdoor.com https://ads.nextdoor-test.com https://ads.nextdoor.com/ https://classic.eigenhuis.nl https://twitter.com/ https://x.com https://static.ads-twitter.com https://instagram.com https://www.youtube.com *.gifty.nl https://js.stripe.com https://wozconsultants.nl https://wozspecialisten.nl https://mollie.com https://app.vwo.com https://*.advieswidgets.nl https://*.art19.com/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.cookielaw.org https://www.google.com https://www.gstatic.com https://d.shutto-translation.com https://js.hsforms.net https://code.jquery.com https://polyfill.io https://cdn.jsdelivr.net https://www.google-analytics.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsleadflows.net https://js.hubspot.com https://js.usemessages.com https://js.hs-banner.com https://js-na1.hs-scripts.com https://unpkg.com https://www.youtube.com https://player.vimeo.com https://ajax.googleapis.com; connect-src 'self' https://b.shutto-translation.com https://forms.hsforms.com https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.analytics.google.com https://api.hubspot.com https://cta-service-cm2.hubspot.com https://forms.hubspot.com https://cta-service-cms2.hubspot.com https://privacyportal.onetrust.com https://region1.google-analytics.com https://www.google.com; style-src 'self' 'unsafe-inline' https://cdn.cookielaw.org https://fonts.googleapis.com https://d.shutto-translation.com; frame-src 'self' mailto: https://player.vimeo.com https://www.google.com https://td.doubleclick.net https://www.youtube.com https://wwwapps.grassvalley.com https://grassvalley.applytojob.com https://maps.google.com https://forms.hsforms.com; img-src 'self' data: https://gvumbracomedia.blob.core.windows.net https://forms-na1.hsforms.com https://www.google.co.uk https://www.google.com https://perf-na1.hsforms.com https://track.hubspot.com https://i3.ytimg.com https://www.googletagmanager.com https://no-cache.hubspot.com https://i.ytimg.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; report-uri https://3chillies.report-uri.com/r/d/csp/enforce; 1
block-all-mixed-content;frame-ancestors *.gmx.net gmx.net adimg.uimserv.net advideo.uimserv.net www.united-internet-media.de 1
frame-ancestors *; upgrade-insecure-requests 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de osm.louis.de https://*.googleapis.com https://*.gstatic.com https://*.googleadservices.com https://www.googletagmanager.com https://tagmanager.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://td.doubleclick.net https://tpc.googlesyndication.com https://bat.r.msn.com https://bat.bing.com https://content.cptrack.de https://sale.cptrack.de https://widgets.trustedshops.com https://s.kk-resources.com https://s.kelkoogroup.net https://containertags.belboon.de https://j01l4h3n.com https://s2.adform.net https://track.adform.net https://*.google.com *.paypal.com *.quantummetric.com https://*.sentry.io x9t5he7.r.louis.at;style-src 'self' 'unsafe-inline' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googletagmanager.com https://fonts.googleapis.com https://tagmanager.google.com;font-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://fonts.gstatic.com;img-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://bat.r.msn.com https://bat.bing.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.ytimg.com https://*.google.com https://*.google.com.vn https://widgets.trustedshops.com https://www.trustedshops.com https://widgets.trustedshops.fr https://www.trustedshops.fr https://widgets.trustedshops.co.uk https://www.trustedshops.co.uk https://widgets.trustedshops.de https://www.trustedshops.de https://t.paypal.com https://www.google.de https://www.google.at https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.cz https://www.google.com.tr https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.it https://www.google.lu https://www.google.nl https://www.google.pl https://www.google.ro https://www.google.rs https://www.google.se https://www.google.si https://www.google.sk https://www.paypalobjects.com;frame-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googleadservices.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.vimeo.com/ *.paypal.com https://*.google.com https://*.quantummetric.com https://td.doubleclick.net x9t5he7.r.louis.at;frame-ancestors 'self';worker-src blob:;child-src blob:;report-uri /csp-violation-report; 1
default-src 'self'; frame-ancestors 'self'; frame-src 'self' https://tablebuilder.singstat.gov.sg/ https://cse.google.com/   forms.cwp.gov.sg *.youtube.com ws.sharethis.com wogaa.demdex.net fast.wogaa.demdex.net *.powerbi.com www.google.com *.sitecore.net *.sitecore.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com https://partner.googleadservices.com/ http://cse.google.com/   http://clients1.google.com/ https://cse.google.com/ https://*.vica.gov.sg/ https://test-gpc-1.sg.va.sabio.cloud/ www.google-analytics.com assets.adobedtm.com *.dcube.cloud *.wogaa.sg *.demdex.net wogadobeanalytics.sc.omtrdc.net va.ecitizen.gov.sg *.sharethis.com *.gstatic.com www.google.com; style-src 'self' 'unsafe-inline' https://www.google.com/ https://*.vica.gov.sg va.ecitizen.gov.sg *.sharethis.com *.gstatic.com assets.dcube.cloud assets.wogaa.sg fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.rawgit.com; img-src 'self'  https://www.googleapis.com/     *.google.com  *.gstatic.com           *.gov.sg https://*.vica.gov.sg/ https://bucket-common.vica.gov.sg/ https://www-singstat-gov-sg.cwp-stg.sg/  https://www-singstat-gov-sg.cwp.sg/ https://test-gpc-1.sg.va.sabio.cloud/ www.google-analytics.com wogadobeanalytics.sc.omtrdc.net cm.everesttech.net dpm.demdex.net va.ecitizen.gov.sg *.sharethis.com data:; font-src data: 'self' https://*.vica.gov.sg/ *.amazonaws.com va.ecitizen.gov.sg *.gstatic.com assets.dcube.cloud assets.wogaa.sg maxcdn.bootstrapcdn.com fonts.gstatic.com; connect-src 'self' 'unsafe-inline' https://csp.withgoogle.com/  wss://*.vica.gov.sg *.gov.sg https://*.vica.gov.sg/ https://test-gpc-1.sg.va.sabio.cloud/ www.google-analytics.com dpm.demdex.net wogadobeanalytics.sc.omtrdc.net *.gstatic.com *.dcube.cloud *.wogaa.sg va.ecitizen.gov.sg *.sharethis.com; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=AU&lang=en-AU&device=desktop&yrid=4droc8dja5tsd&partner=; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://plugin.monotote.com https://*.smct.co https://smct.co https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tpc.googlesyndication.com https://tr.snapchat.com https://www.shoplooks.com https://s1.thcdn.com https://www.awin1.com https://d2d7do8qaecbru.cloudfront.net https://www.pinterest.com blob: https://smct.io https://*.smct.io; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ct.pinterest.com https://smct.co https://*.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://privacyportal-eu.onetrust.com https://analytics.tiktok.com https://*.contentsquare.net https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://upload.uploadcare.com https://598nyfqkt7.execute-api.eu-west-1.amazonaws.com https://smct.io https://*.smct.io https://sgtm.glossybox.de; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.glossybox.de https://m.glossybox.de https://checkout.glossybox.de https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://plugin.monotote.com https://static.ads-twitter.com https://*.twitter.com https://*.recaptcha.net https://*.akamaihd.net https://*.sciencebehindecommerce.com https://smct.co https://*.smct.co https://*.tribalfusion.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://tpc.googlesyndication.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.google.de https://google.de https://*.shoplooks.com https://slooks.top https://slooks.me https://s.pinimg.com https://geolocation.onetrust.com https://analytics.tiktok.com https://*.ibytedtos.com https://*.contentsquare.net https://app.contentsquare.com https://ucarecdn.com https://apps.storystream.ai https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://sgtm.glossybox.de; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' https://cm.creativecdn.com https://rt.udmserve.net https://ib.adnxs.com https://www.youtube.com https://adservice.google.com https://ams.creativecdn.com https://px.ads.linkedin.com https://tags.creativecdn.com https://*.doubleclick.net http://trc.taboola.com https://snap.licdn.com https://www.facebook.com https://connect.facebook.net https://*.pushpushgo.com https://*.cookiebot.com https://stats.g.doubleclick.net https://vc.hotjar.io https://www.google.com https://script.hotjar.com https://www.google.pl https://region1.analytics.google.com https://static.hotjar.com https://googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://*.google-analytics.com data: blob: 1
frame-ancestors https://metrika.yandex.ru http://webvisor.com https://cherkizovo-group.com/ https://www.cherkizovo-group.com  http://awards.ratingruneta.ru https://awards.ratingruneta.ru 1
default-src 'self' shopmoment.com *.shopmoment.com https://vercel.live https://vercel.com *.vercel.app *.sanity.io;    connect-src 'self' *.algolia.net *.algolianet.com *.algolia.io *.myshopify.com *.mux.com *.logsnag.com *.sentry.io *.pinterest.com *.klaviyo.com *.hotjar.com *.tiktok.com *.cloudfront.net *.getelevar.com https://api-cdn.yotpo.com moment.attn.tv https://beaconapi.helpscout.net https://chatapi.helpscout.net https://www.google-analytics.com https://www.google.com https://adservice.google.com https://stats.g.doubleclick.net https://ad.doubleclick.net https://inferred.litix.io https://application.rise-ai.com shopmoment.com *.shopmoment.com https://vercel.live https://vercel.com *.vercel.app *.sanity.io;    script-src 'self' 'unsafe-eval' 'unsafe-inline' *.yotpo.com *.ads-twitter.com *.facebook.net *.bing.com *.impactradius-event.com *.wknd.ai *.bounceexchange.com *.klaviyo.com *.hotjar.com *.getelevar.com https://cdn.logsnag.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://google.com https://apis.google.com https://www.youtube.com https://inferred.litix.io https://beacon-v2.helpscout.net https://str.rise-ai.com https://analytics.tiktok.com shopmoment.com *.shopmoment.com https://vercel.live https://vercel.com *.vercel.app *.sanity.io;    style-src 'self' 'unsafe-inline' *.klaviyo.com *.yotpo.com *.typekit.net https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://beacon-v2.helpscout.net shopmoment.com *.shopmoment.com https://vercel.live https://vercel.com *.vercel.app *.sanity.io;    img-src 'self' *.mux.com *.bounceexchange.com *.gravatar.com *.yotpo.com *.bing.com *.cloudfront.net https://www.google.com https://analytics.twitter.com https://t.co https://www.facebook.com https://assets.rise-ai.com https://monitoring.getelevar.com blob: data: shopmoment.com *.shopmoment.com https://vercel.live https://vercel.com *.vercel.app *.sanity.io;    media-src 'self' *.mux.com https://beacon-v2.helpscout.net blob: data: shopmoment.com *.shopmoment.com https://vercel.live https://vercel.com *.vercel.app *.sanity.io;    object-src 'self' https://beacon-v2.helpscout.net shopmoment.com *.shopmoment.com https://vercel.live https://vercel.com *.vercel.app *.sanity.io;    font-src 'self' *.yotpo.com https://use.typekit.net https://fonts.gstatic.com https://beacon-v2.helpscout.net shopmoment.com *.shopmoment.com https://vercel.live https://vercel.com *.vercel.app *.sanity.io;    form-action 'self';    frame-ancestors 'self' studio.shopmoment.com studio-staging.shopmoment.com;    frame-src 'self' *.youtube.com *.youtu.be *.googlevideo.com *.ytimg.com https://td.doubleclick.net https://bid.g.doubleclick.net https://beacon-v2.helpscout.net https://str.rise-ai.com shopmoment.com *.shopmoment.com https://vercel.live https://vercel.com *.vercel.app *.sanity.io;    upgrade-insecure-requests;    manifest-src 'self';    worker-src 'self' blob: shopmoment.com *.shopmoment.com https://vercel.live https://vercel.com *.vercel.app *.sanity.io; 1
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self'; 1
default-src 'self' 'unsafe-inline' data: *.1stcentralinsurance.com *.analytics-egain.com *.youtube-nocookie.com *.2o7.net *.adobedtm.com *.bootstrapcdn.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.egain.cloud *.facebook.com *.facebook.net *.feefo.com *.fontawesome.com *.frontify.com *.github.io *.google.co.uk *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.instagram.com *.klick2contact.com *.omguk.com *.opendns.com *.optimizely.com *.sessioncam.com *.trustpilot.com *.twitter.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.cookielaw.org *.gbqofs.com *.gbss.io *.onetrust.com; data:; frame-ancestors 'self' *.1stcentralinsurance.com; worker-src 'self' blob:; 1
default-src * 'unsafe-inline' 'unsafe-eval' data:; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' https://a.cms.omniupdate.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.agrarpiacter.hu https://agrarpiacter.hu https://*.agroforum.hu https://agroforum.hu https://*.cookiebot.com https://*.inmobi.com https://*.amazonaws.com https://*.doubleclick.net https://*.dwcdn.net https://*.list-manage.com https://*.mailchimp.com https://chimpstatic.com https://*.onesignal.com https://onesignal.com https://*.gemius.pl https://*.hotjar.com https://*.facebook.net https://platform.twitter.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://*.googlesyndication.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.gstatic.com https://www.google.hu https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.agrarpiacter.hu https://agrarpiacter.hu https://*.agroforum.hu https://agroforum.hu https://*.cookiebot.com https://*.inmobi.com https://*.amazonaws.com https://*.doubleclick.net https://*.dwcdn.net https://*.list-manage.com https://*.mailchimp.com https://chimpstatic.com https://*.onesignal.com https://onesignal.com https://*.gemius.pl https://*.hotjar.com https://platform.twitter.com https://*.google.com https://*.googlesyndication.com https://*.google-analytics.com https://*.analytics.google.com https://fonts.googleapis.com https://*.gstatic.com; img-src * data:; font-src 'self' data: https://*.hotjar.com https://fonts.googleapis.com https://*.gstatic.com; frame-src https://*.agrarpiacter.hu https://agrarpiacter.hu https://*.agroforum.hu https://agroforum.hu https://*.cookiebot.com https://*.inmobi.com https://*.amazonaws.com https://*.doubleclick.net https://*.dwcdn.net https://*.list-manage.com https://*.mailchimp.com https://chimpstatic.com https://*.onesignal.com https://onesignal.com https://*.gemius.pl https://*.hotjar.com https://platform.twitter.com https://syndication.twitter.com https://*.facebook.com https://*.google.com https://*.youtube.com https://*.googleadservices.com https://*.googlesyndication.com https://*.google-analytics.com https://*.analytics.google.com; connect-src 'self' https://*.agrarpiacter.hu https://agrarpiacter.hu https://*.agroforum.hu https://agroforum.hu https://*.cookiebot.com https://*.inmobi.com https://*.amazonaws.com https://*.doubleclick.net https://*.dwcdn.net https://*.list-manage.com https://*.mailchimp.com https://chimpstatic.com https://*.gemius.pl https://*.hotjar.com https://*.hotjar.io https://onesignal.com https://*.onesignal.com https://*.google.com https://*.googlesyndication.com https://*.google-analytics.com https://*.analytics.google.com; 1
upgrade-insecure-requests; frame-ancestors 'none'; default-src 'self'; script-src 'nonce-982e7552ba' 'strict-dynamic' 'unsafe-inline' https: http:; object-src 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline' www.google.com *.googleapis.com; img-src 'self' www.google.de www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com *.doubleclick.net; media-src 'self'; frame-src 'self' www.google.com *.gstatic.com www.googletagmanager.com *.doubleclick.net consent-cdn.swmh.de; font-src 'self' *.gstatic.com www.google.com *.googleapis.com; connect-src 'self' www.google-analytics.com *.doubleclick.net consent-cdn.swmh.de 1
default-src * 'unsafe-eval' 'unsafe-inline' blob: data: ; frame-src *; frame-ancestors 'self' https://*.googleapis.com https://wcistage.gunsandammo.com https://*.wcistage.gunsandammo.com https://*.gunsandammo.com http://*.gunsandammo.com https://*.androidplatform.net https://*.twixlmedia.com/ http://*.twixlmedia.com https://us.content.twixlmedia.com https://*.akamaized.net http://*.akamaized.net https://*.osgnetworks.tv file://* filesystem:; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src * 'self' data:; connect-src https://*.azurewebsites.net https://*.hawksoft-dev.cloud https://hawksoft-dev.cloud https://*.hawksoft-qa.cloud https://hawksoft-qa.cloud https://*.hawksoft-po.cloud https://hawksoft-po.cloud https://*.hawksoft.live https://hawksoft.live https://*.hawksoft.app https://hawksoft.app; frame-src https://*.hawksoft-dev.cloud https://hawksoft-dev.cloud https://*.hawksoft-qa.cloud https://hawksoft-qa.cloud https://*.hawksoft-po.cloud https://hawksoft-po.cloud https://*.hawksoft.live https://hawksoft.live https://*.hawksoft.app https://hawksoft.app; frame-ancestors https://*.hawksoft-dev.cloud https://hawksoft-dev.cloud https://*.hawksoft-qa.cloud https://hawksoft-qa.cloud https://*.hawksoft-po.cloud https://hawksoft-po.cloud https://*.hawksoft.live https://hawksoft.live https://*.hawksoft.app https://hawksoft.app 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.redhat.com *.redhatstatic.com *.intercomcdn.com *.intercom.io *.qualtrics.com *.mountain.com *.trkn.us *.company-target.com analytics.twitter.com assets.adobedtm.com bam.nr-data.net connect.facebook.net consent.trustarc.com googleads.g.doubleclick.net hm.baidu.com img.en25.com in.ml314.com js.driftt.com ml314.com pixel.mintigo.com px.ads.linkedin.com s.ytimg.com s1795.t.eloqua.com script.hotjar.com scripts.demandbase.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.googleadservices.com www.googletagmanager.com www.youtube.com secure.eloqua.com dpm.demdex.net api.demandbase.com autocomplete.demandbase.com tag.demandbase.com platform.twitter.com bat.bing.com j.6sc.co epsilon.6sense.com pubads.g.doubleclick.net https://static.redhat.com https://www.dev.redhat.com https://www.preprod.redhat.com https://www.redhat.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.redhat.com *.redhatstatic.com *.intercomcdn.com *.intercom.io *.qualtrics.com *.mountain.com *.trkn.us *.company-target.com analytics.twitter.com assets.adobedtm.com bam.nr-data.net connect.facebook.net consent.trustarc.com googleads.g.doubleclick.net hm.baidu.com img.en25.com in.ml314.com js.driftt.com ml314.com pixel.mintigo.com px.ads.linkedin.com s.ytimg.com s1795.t.eloqua.com script.hotjar.com scripts.demandbase.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.googleadservices.com www.googletagmanager.com www.youtube.com secure.eloqua.com dpm.demdex.net api.demandbase.com autocomplete.demandbase.com tag.demandbase.com platform.twitter.com bat.bing.com j.6sc.co epsilon.6sense.com pubads.g.doubleclick.net https://static.redhat.com https://www.dev.redhat.com https://www.preprod.redhat.com https://www.redhat.com; style-src 'self' 'unsafe-inline' *.redhat.com fonts.googleapis.com js.driftt.com autocomplete.demandbase.com https://static.redhat.com https://www.redhat.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' tracks.redhat.com; report-uri https://o425042.ingest.sentry.io/api/5370002/security/?sentry_key=676ea2c2d4a147c2834066d24c04a9e4&sentry_environment=prod 1
frame-ancestors 'self' https://*.getinge.com:*; 1
default-src 'self' *.chuo-bus.co.jp *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.ricoh.com *.visualstudio.com *.fontawesome.com; img-src 'self' https://* *.chuo-bus.co.jp; script-src 'self' 'unsafe-eval' *.chuo-bus.co.jp *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.ricoh.com *.msecnd.net *.visualstudio.com 'nonce-eLcZ95cYmujoqXkZhLVW9w=='; style-src 'self' 'unsafe-inline' *.chuo-bus.co.jp *.ricoh.com *.fontawesome.com; frame-src 'self' *.chuo-bus.co.jp; font-src *.fontawesome.com; 1
default-src 'none'; block-all-mixed-content; connect-src 'self' *.abtasty.com *.googlesyndication.com *.hellowork.com *.nr-data.net *.regionsjob.com *.twitter.com bat.bing.com cdn.jsdelivr.net/gh/magma-app/magma-widget@latest/src/widget-v3.min.js googleads.g.doubleclick.net vimeo.com www.google.com; font-src 'self' fonts.cdnfonts.com/s/14903/ *.abtasty.com; frame-ancestors 'self'; frame-src 'self' *.abtasty.com *.francetv.fr *.instagram.com *.linkedin.com *.magma.app *.podcasts.apple.com *.slideshare.net *.soundcloud.com *.tiktok.com *.ttwstatic.com *.twitter.com *.vimeo.com *.vimeocdn.com *.youtube-nocookie.com *.youtube.br *.youtube.com td.doubleclick.net; img-src 'self' data: *.abtasty.com *.facebook.com *.hellowork.com *.osm.org *.twitter.com diplomeo-static.com bat.bing.com local:// https://i.hellowork.com *.tile.openstreetmap.fr; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.abtasty.com *.aticdn.net *.dev-hellowork.com *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hellowork.com *.regionsjob.com *.tiktok.com *.ttwstatic.com *.twitter.com bat.bing.com js-agent.newrelic.com www.googleadservices.com; style-src 'self' 'unsafe-inline' *.abtasty.com *.hellowork.com *.ttwstatic.com fonts.cdnfonts.com/css/sofia-pro 1
frame-src 'self' bazaarvoice.com *.bazaarvoice.com https://www.terminland.de *.datev-bot.de *.datev.de *.datev.com *.iesnare.com *.cookielaw.org *.salesviewer.org *.salesviewer.com 1
default-src 'self' *.crazyegg.com wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval' https: data: *.reactful.com blob: ; object-src 'none'; 1
frame-ancestors https://tataepp.stagingshop.com 1
default-src 'self' *.stackadapt.com *.ifgza3.net *.ojrq.net *.tapad.com *.loggly.com *.rlcdn.com *.impactradius-event.com *.teads.tv *.passage.ai wss://tars-prod.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.transunion.com *.transunion.co.za *.vols7feed.com *.addthis.co *.amazon-adsystem.com *.youtube.com *.doubleclick.net *.company-target.com *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.adsrvr.org dmtry.com *.dmtry.com *.quantserve.com *.bluekai.com *.facebook.com *.demandbase.com doubleclick.net *.trustev.com *.yahoo.com *.atedra.com *.twitter.com *.bing.com crwdcntrl.net c.rstg.io cdn.nextinsure.com *.jquery.com cloudfront.net *.googleapis.com *.adnxs.com *.rlcdn.com investis.com adsrvr.org sharethrough.com adroll.com yimg.com amazonaws.com *.fastclick.net secure.leadback.advertising.com google-analytics.com *.ads-twitter.com *.openx.net *.zencdn.net googleadservices.com gstatic.com bidswitch.net *.media6degrees.com googletagmanager.com *.siteintercept.qualtrics.com *.qualtrics.com; script-src 'self' *.adobedtm.com *.handtalk.me *.googleanalytics.com optimize.google.com *.liveperson.net *.leadsrx.com https://sc-static.net *.lpsnmedia.net https://siteimproveanalytics.com *.kore.ai *.b0e8.com *.bc0a.com *.stackadapt.com *.thebrighttag.com *.btstatic.com *.hifiona.com *.impactradius-event.com *.teads.tv *.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.dotomi.com *.transunion.com *.transunion.co.za *.mxpnl.com *.vols7feed.com *.addthis.com *.googletagmanager.com *.optimizely.com *.pingdom.com *.cloudflare.com *.googleadservices.com *.youtube.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.g.3gl.net *.eloqua.com *.crwdcntrl.net *.googleapis.com *.investis.com *.amazonaws.com *.cloudfront.net *.nextinsure.com *.lendingtree.com *.mediaplex.com *.demandbase.com *.jquery.com *.gstatic.com *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.yimg.com *.ytimg.com *.quora.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net *.linkedin.com *.adsprotection.com *.brightcove.com *.hotjar.com *.adroll.com *.brightcove.net *.en25.com *.adsrvr.org *.abmr.net *.mathtag.com t2.rstg.io px.ads.linkedin.com vjs.zencdn.net *.twitter.com iad-login.dotomi.com snap.licdn.com sp.analytics.yahoo.com unpkg.com *.myfonts.net *.en25.com *.addthisedge.com *.zencdn.com *.s3.amazonaws.com cdn.ampproject.org *.company-target.com *.media6degrees.com *.ads-twitter.com cdn.mxpnl.com *.bizographics.com *.pingdom.net *.mbww.com *.entrust.net *.trustev.com *.mathtag.com *.googlesyndication.com *.google.com *.outbrain.com o1.qnsr.com *.facebook.net cas.cluep.com *.quizgnome.com *.siteintercept.qualtrics.com *.qualtrics.com *.pulseinsights.com blob: 'unsafe-eval' 'unsafe-inline'; child-src transunion.demdex.net *.handtalk.me *.liveperson.net *.snapchat.com *.lpsnmedia.net *.evenfinancial.com *.transunion.com *.transunion.co.za blob: *.crwdcntrl.net *.hifiona.com *.cdn.optimizely.com *.addthis.com *.doubleclick.net *.lendingtree.com *.youtube.com *.hotjar.com *.mediaplex.com *.optimizely.com *.brightcove.net s.amazon-adsystem.com *.trustev.com *.mathtag.com *.qnsr.com *.facebook.com *.siteintercept.qualtrics.com *.qualtrics.com; connect-src 'self' px.ads.linkedin.com analytics.google.com *.tt.omtrdc.net dpm.demdex.net *.handtalk.me wss://va.msg.liveperson.net wss://lo.msg.liveperson.net *.google-analytics.com *.leadsrx.com *.bc0a.com *.nextinsure.com *.googleapis.com *.g.doubleclick.net *.kore.ai wss://rtm.kore.ai *.stackadapt.com *.ifgza3.net *.passage.ai wss://tars-prod.passage.ai *.taboola.com *.transunion.com *.transunion.co.za *.mixpanel.com *.optimizely.com *.youtube.com *.brightcovecdn.com *.pingdom.net *.brightcove.com manifest.prod.boltdns.net airbrake.io *.company-target.com r.3gl.net s7.addthis.com *.herokuapp.com unity.cadreon.com app.trustev.com *.hotjar.com wss://*.hotjar.com *.siteintercept.qualtrics.com *.qualtrics.com 'unsafe-eval'; media-src 'self' *.lpsnmedia.net *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.transunion.com *.transunion.co.za blob: f1.media.brightcove.com; img-src * *.googletagmanager.com blob: *.google-analytics.com optimize.google.com *.ifgza3.net *.ojrq.net *.tapad.com *.loggly.com *.rlcdn.com data:; font-src data: *.adobeaemcloud.com fonts.gstatic.com *.transunion.com *.transunion.co.za *.nextinsure.com *.gstatic.com *.company-target.com edge.api.brightcove.com r.3gl.net *.addthis.com *.herokuapp.com *.quora.com; frame-src * optimize.google.com; style-src * optimize.google.com fonts.googleapis.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors *.transunion.com *.transunion.co.za; 1
frame-ancestors 'self'; 1
"default-src *" 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: maxcdn.bootstrapcdn.com *.typekit.net *.livehelpnow.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * service.ariba.com *.pcahomeschoolhub.com *.ops-online.com *.viedu.org *.vistaordering.org 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com service.ariba.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * service.ariba.com photos.pixlee.co 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com hawksearch.net *.hawksearch.net *.rainbowresource.com rrc-temp.cldev.io images.salsify.com/ res.cloudinary.com *.livehelpnow.net https://redchamps.com wac.edgecastcdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.turnto.com acsbapp.com *.livehelpnow.net *.polyfill.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.typekit.net *.turnto.com *.livehelpnow.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.turnto.com *.acsbapp.com https://searchapi-dev.hawksearch.net https://searchapi-test.hawksearch.net https://essearchapi-na.hawksearch.com https://tracking-dev.hawksearch.net https://tracking-test.hawksearch.net https://tracking-na.hawksearch.com https://recs-dev.hawksearch.net https://recs-test.hawksearch.net https://recs-na.hawksearch.com *.livehelpnow.net wss://app.livehelpnow.net/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://*.hotjar.com https://*.segment.io https://*.google.com https://*.google.com.bh https://*.stc.com.bh https://www.googletagmanager.com https://*.segment.com https://*.sparkcentral.com http://*.twitter.com https://www.google-analytics.com http://*.doubleclick.net https://*.smooch.io https://*.facebook.net https://*.facebook.com https://*.appdynamics.com https://*.eum-appdynamics.com https://*.ads-twitter.com https://www.gstatic.com https://www.googleadservices.com https://sc-static.net https://*.tiktok.com https://*.getresponse.com https://creativecdn.com https://t.co https://*.snapchat.com https://*.adsrvr.org https://ups.analytics.yahoo.com https://us-an.gr-cdn.com https://m.gr-cdn-e.com https://*.omnitagjs.com https://*.gr-cdn.com https://*.gr-cdn-e.com https://*.hotjar.io https://*.gstatic.com wss://*.hotjar.com https://connect.facebook.net https://www.gravatar.com wss://*.smooch.io https://*.googleapis.com https://*.rubiconproject.com https://www.youtube.com https://*.googlesyndication.com https://polyfill.io https://*.cloudfront.net https://*.youtube.com https://*.doubleclick.net https://*.linkedin.com  http://*.youtube.com https://*.adsymptotic.com https://*.bidswitch.net https://service.moic.gov.bh https://*.amazonaws.com https://*.tribalfusion.com https://*.cloudflareinsights.com https://*.yahoo.com https://ads.stickyadstv.com https://*.adjust.com https://*.adjust.net.in https://*.adjust.world https://*.adnxs.com data: 'unsafe-inline' blob: 'unsafe-eval' 1
frame-ancestors 'self' https://www.glance.net 1
frame-ancestors 'self' https://p.anypromo.com https://p.anypromo.com:8443 1
report-uri ; 1
frame-ancestors 'self' https://www.weddingwire.ca https://community.weddingwire.ca https://landing.weddingwire.ca 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.yuresk.ru; img-src 'self' blob: *.yuresk.ru; 1
base-uri 'self'; default-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https:; style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: http: https:; connect-src 'self' * ws: wss: blob:; worker-src 'self' * data: blob:; font-src 'self' * data: blob:; frame-src 'self' * data: blob: about: mailto: mstrapp: dossier:; img-src 'self' * data: blob: about:; media-src 'self' * data: blob: rtsp: rtmp:; child-src 'self' * data: blob:; 1
font-src *.cloudflare.com *.twitter.com https://www.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com https://fonts.gstatic.com *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com https://www.vcs.co.za *.paygate.co.za https://pay.ozow.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com *.freshchat.com *.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.addthis.com *.pinterest.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.cdn.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.s.ytimg.com *.lightemporium.com *.usercentrics.eu *.magentocommerce.com https://*.gstatic.com https://*.google.com *.google.com *.mobicredwidget.co.za https://www.okfurniture.co.za https://ozow-live-cdn.s3.eu-west-1.amazonaws.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com chimpstatic.com https://houseandhome.co.za *.cloudflare.com *.twitter.com *.google-analytics.com https://*.google.com *.twimg.com https://*.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.doubleclick.net *.cloudfront.net *.freshchat.com https://cdn.jsdelivr.net https://unpkg.com downloads.mailchimp.com *.list-manage.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.instagram.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.getfirebug.com https://fonts.googleapis.com 'self' data: *.freshchat.com downloads.mailchimp.com https://hcaptcha.com https://*.hcaptcha.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com 'self' data: *.cardinalcommerce.com *.graph.instagram.com https://graph.instagram.com *.google-analytics.com *.doubleclick.net *.mobicredwidget.co.za https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google.com google.com *.googleapis.com *.addthis.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src id.paytogate.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://*.clearygottlieb.com https://*.truste.com https://*.nr-data.net https://*.siteimproveanalytics.io https://*.newrelic.com https://*.google-analytics.com https://*.trustarc.com https://*.doubleclick.net https://*.vimeo.com https://*.youtube-nocookie.com https://*.youtube.com; script-src 'nonce-i4QBQe4lRAYbnxZTOjkrTIZRiOfhWqpKUeWnVisKw8I=' 'unsafe-eval' 'self' https://*.clearygottlieb.com https://*.jquery.com https://*.googletagmanager.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.newrelic.com https://*.google-analytics.com https://*.trustarc.com https://*.nr-data.net https://snap.licdn.com; connect-src 'self' https://px.ads.linkedin.com https://consent-reporting.trustarc.com https://consent.trustarc.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bam-cell.nr-data.net ; style-src 'unsafe-inline' 'self' https://*.clearygottlieb.com; font-src 'self' https://*.trustarc.com data:; img-src 'self' https://*.clearygottlieb.com https://*.googletagmanager.com https://*.google.com https://*.google.co.uk https://*.google.com.ec https://*.truste.com https://*.siteimproveanalytics.io https://*.google-analytics.com https://*.trustarc.com https://px.ads.linkedin.com data:; media-src https://*.clearygottlieb.com https://*.vimeo.com https://*.akamaized.net data:; child-src https://*.clearygottlieb.com https://*.vimeo.com; frame-src https://*.clearygottlieb.com https://*.googletagmanager.com https://*.trustarc.com https://*.vimeo.com; base-uri 'self'; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self'; img-src 'self' data: https://ecltrtstoragedev.blob.core.windows.net https://www.google.com https://www.google.cl; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost https://jspm.dev/npm:uuid@9.0.1 https://jspm.dev/uuid https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://edenred.omnitok.com https://storage.googleapis.com https://www.gstatic.com; font-src 'self' https://cdn.jsdelivr.net data: https://fonts.gstatic.com; frame-src 'self' https://www.facebook.com https://web.facebook.com https://servicios-certificacion.edenred.cl https://certificacion.edenred.cl https://servicios.edenred.cl https://www.youtube.com https://edenred.omnitok.com https://app.powerbi.com; connect-src 'self' https://registrojunaebcertificacion.edenred.cl https://registro.becaticketjunaeb.cl https://edenred.omnitok.com https://stats.g.doubleclick.net https://www.google-analytics.com; 1
object-src 'none';default-src 'none';connect-src https://www.wefact.nl https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net *.cookiebot.com *.facebook.com *.facebook.net *.licdn.com *.linkedin.com https://maps.googleapis.com *.clarity.ms https://c.bing.com;frame-src https://www.youtube.com https://bid.g.doubleclick.net https://td.doubleclick.net *.cookiebot.com *.facebook.com *.facebook.net *.linkedin.com https://outlook.office365.com;frame-ancestors 'self';img-src https://www.wefact.nl data: *.ytimg.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.nl https://www.google.be *.cookiebot.com *.facebook.com *.facebook.net *.fbcdn.net *.licdn.com *.linkedin.com https://maps.gstatic.com https://maps.googleapis.com *.clarity.ms https://c.bing.com www.mollie.com;script-src https://www.wefact.nl https://www.youtube.com *.ytimg.com 'sha256-CrAe1a0TFvLsCsBw0E5Ky5SvrwDd3Kn8oyr5ns4gIUc=' https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net *.cookiebot.com *.facebook.com *.facebook.net *.licdn.com *.linkedin.com https://developers.google.com https://maps.googleapis.com *.clarity.ms https://c.bing.com 'sha256-HqEywe2Mupyc3mWoKoXnTO5AVzVUi7YpNaBHAq+y0U0=';style-src https://www.wefact.nl 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com *.licdn.com *.typekit.net;font-src 'self' data: https://fonts.gstatic.com data: *.typekit.net;child-src *.facebook.com *.facebook.net;manifest-src https://www.wefact.nl 1
default-src 'self' *.instagram.com *.twitter.com *.google.com *.google.fr *.youtube.com *.addtoany.com *.douane *.douane.gouv.fr botify-chat-douane-pro.apps.innershift.sodigital.io *.doubleclick.net; script-src 'self' cdn.jsdelivr.net www.googletagmanager.com cdn02.jotfor.ms cdn.jotfor.ms cdn03.jotfor.ms form.jotform.com/jsform/ static.addtoany.com/menu/ botify-chat-douane-pro.apps.innershift.sodigital.io widgets.flickr.com embedr.flickr.com 'sha256-m5/MdH9UDuGh4NYRNojfYeGK0kh+8g7XLqu+kJFLKe4=' 'sha256-SZ9HUHvc4HjF0RnizBcEjtSRucklPR+EyCJmv82yDvE=' 'sha256-aCvRIQ79zbEtvxwsqDbuavE4Sa35jGPLpcm4Y1yIUA0=' 'sha256-cCETlTnFe4oVc3iBrpHJ+mMfiW0J6VfUSQiZOA22/6o=' 'sha256-e41hangRwS/GROqGdnMLg/+eiC1CBtiRDsmDdBV0RUM=' 'sha256-8GOuxY1n6x7nutr1sn43R3wbBFvqziONnQzIvEXAsRU=' 'sha256-qOjyyc7YXOy1u5qyJF9ck+xogVlGHmBhwhYVB0com9A=' 'sha256-d/5JgEXtWfNaSDSMOALKykJIRHvej0L+DlSnB5/a8rs=' 'sha256-bmAqrDKXlWYvee7wrmVHmfzKcFytigou+jhMOYvxw9w=' 'sha256-j6M2xA9I+y0hcxGQvpuoGQ1XPpUcWN/3ORbD6BLAVow=' 'sha256-U9Limcj++LS83qwNFqxme6uPFdXdnGH6Gi8alLG4JiE=' 'sha256-TtWZJYo9CsnFDflsnKpvMQupYp0SWPUJhncXRWhqHgY=' 'sha256-100fHJspvS0ZijqxsqS4hurifOLdUxpd2tMfSBn1XH0=' 'sha256-cfaeVZJOpk1j8f4ly80LXr+HGT/E6mgoghuDZx0q924=' 'sha256-bmAqrDKXlWYvee7wrmVHmfzKcFytigou+jhMOYvxw9w=' 'sha256-j6M2xA9I+y0hcxGQvpuoGQ1XPpUcWN/3ORbD6BLAVow=' 'sha256-V2tvY10YG/TXtJm63+W5nlRtSkJ5td8/uIQQZLlbu6c=' 'sha256-TtWZJYo9CsnFDflsnKpvMQupYp0SWPUJhncXRWhqHgY=' 'sha256-Al+exsNIvnXn4iFhn29bIGRZneB4Up4tAP+8OSB6yxo=' 'sha256-bmAqrDKXlWYvee7wrmVHmfzKcFytigou+jhMOYvxw9w=' 'sha256-j6M2xA9I+y0hcxGQvpuoGQ1XPpUcWN/3ORbD6BLAVow=' 'sha256-H4wjGXRfQQu9M8qRRW2Vao6X5tuOvQEnT7/CWNzsnek=' www.google-analytics.com tag.aticdn.net 'sha256-mgcPTyg0OxxTSWtBRdjsuDqBUmW8LBC0DRAJy2xxwcs=' 'sha256-txaYk/SQjmOOjMy1CEUu9+I8jLVUbAi0qAZDIo3+FcI=' 'sha256-Dcl964X0ANqLoGKOdoPoHuJpivfAQA0N7qAF3+TP2IA=' 'sha256-A0JErdck7Pfwum9nGo3uKlyH5rmjOGbf4iuO7tFU52I=' 'sha256-KSn/LAgP5W/qEHFJTQjPLxz7CCbWcT7YDDpNxpIT2Y4=' 'sha256-JP9JQbMtDnTDUpNMgXTQ+xRmkasPlpa2iEL9XuC7UZQ=' 'sha256-4/NCsRJWvA0XBXV8vavPKqs2HJaeUNbvta7Viuh7eqA=' 'sha256-FtYsUvWc8P3ioiumrC3OOD+0DlSMO1iMMXP+2jDhISE=' 'sha256-JG8QLDK/RDFXAbY0Ia5qRK14dndTwmigb2GL/N0ZJlU=' 'sha256-rqJ+AGiVGOz36SQPebLfcij+80/Xsp1b4D+JTgjIWPE=' 'sha256-NQfc27RODJMCUmaqjMwdfn4W0gAOlXht1ZZm3Yldg8E=' 'sha256-TQcpAoA8eOTZSGOat18Gn/lT5yIuwMySfUDnJbxi+7M=' 'sha256-vaySO1LbWYbPZ02fSyw5tZRohKzednGDhYxpwRs/Qx8=' 'sha256-i26xgYx160lPv8Wzrhh5pENF63MDn2Li7R7yFbJge54=' 'sha256-G4MR8JaHMS6PLKTh21d4FZO6m41H22L9U1P+sVA/nSY=' 'sha256-G4MR8JaHMS6PLKTh21d4FZO6m41H22L9U1P+sVA/nSY=' 'sha256-gsuBoPtTgP2ddlnZP0jIn+z/0KnujsVh4qmyWVcdARc=' 'sha256-CsKrQpqLJ8JVnODB1fCcmzC/wfITHnf2MjJq2ksowUA=' 'sha256-GSg74Z2Tx/wrVQhd+v98rjtvUR+Bi5ruKYLT40L+GjQ=' 'sha256-e3OsTH0KIUdK3veWO2CJ9QDxFNgZ4fTPuRsN5mkj7yU=' 'sha256-sKGpsjGdAxaSTCLE0wH0e4jb8z3vEWJviA3TDTOoK0U=' 'sha256-7TKSX9mLOfam46WWxZrs305ZZEjSItRUYr/zBHLSLtU=' 'sha256-Gy1ZxEWqfNvixZqlM5jkOHAvmGUVYT6aT8rexxRiTbs=' 'sha256-pzby6R7MKT2lSDM/0rwVJx8yL0Lz1RsWoHNEWrjj8gg=' 'sha256-E3G00T0WP+mLEmkJrgSgjl5McP/dl+H5oY0H8iTlWfY=' 'sha256-ACs5+KOw75v3urFQEsB5e7tzTSIP51LOzupNLQWm2b8=' 'sha256-LgToB2yMrE8BspIZ6p3N9nUPIzDbTM97aY17oqrIR9U=' 'sha256-qk0Hmo9/cxEqai55ffLQkI3cgV1fQ0nSXi34hHogh28=' 'sha256-+dNeLqVYyofJ9nb8vqykH3ogFv4+xExC0UAwnAha1Lg=' 'sha256-+dNeLqVYyofJ9nb8vqykH3ogFv4+xExC0UAwnAha1Lg=' 'sha256-3pcGaASNGby1cNgqx1F90bEdP/eka7rwqLnDMrSc2W8=' 'sha256-nOBF4KWp+BO3m4hp+qDdssw096IE+711vrOBey/wHis=' 'sha256-akvcq1s6tco2WU/SfWysNDH4k3xZndlOAMEnWX/KKLc=' 'sha256-41nYrrLLjCe2UoSxpzLpWYi6iUSb7xTdDHU0btSSDEU=' 'sha256-41nYrrLLjCe2UoSxpzLpWYi6iUSb7xTdDHU0btSSDEU=' 'sha256-Fw5/q/HhKqXZqKjD76iItfGJdF5A689w/3m1U2DdJWk=' 'sha256-Z+ojFAw8yoYUvzCyOgSQZoFI7U6AC7Pp95KHXQFMXn4='; object-src 'self'; style-src 'self' 'unsafe-inline' *.twitter.com *.jotfor.ms *.jotfor.com botify-chat-douane-pro.apps.innershift.sodigital.io; img-src 'self' *.fbcdn.net *.cdninstagram.com syndication.twitter.com *.twimg.com platform.twitter.com *.jotform.com *.jotfor.ms *.staticflickr.com data: *.google-analytics.com *.xiti.com botify-chat-douane-pro.apps.innershift.sodigital.io; media-src 'self' *.cdninstagram.com *.twimg.com; frame-ancestors *.douane.gouv.fr *.douane ec.europa.eu cdaweb:7007 10.119.3.5; font-src 'self'; connect-src  'self' api.flickr.com *.instagram.com *.flickr.com botify-chat-douane-pro.apps.innershift.sodigital.io wss://botify-chat-douane-pro.apps.innershift.sodigital.io www.google-analytics.com; report-uri /report-csp-violation 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.cookielaw.org *pghub.io pghub.io www.youtube.com *.iesnare.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *pghub.io *.pghub.io consumersupport.pg.com www.youtube-nocookie.com pandg.tapad.com ; img-src 'self' data: *.ctfassets.net *.tapad.com *.cookielaw.org feed.pghub.io ; connect-src 'self' *.cookielaw.org *.algolia.net *.algolianet.com *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com googletagmanager.com *.google.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google-analytics.com *.gstatic.com *.googleadservices.com *.googleapis.com www.google.com.au www.google.co.id cdn-ukwest.onetrust.com cdn.linkedin.oribi.io syndication.twitter.com snap.licdn.com connect.facebook.net cdn.jsdelivr.net cdnjs.cloudflare.com platform.twitter.com *.ads.linkedin.com px.ads.linkedin.com px4.ads.linkedin.com www.linkedin.com www.facebook.com dc.services.visualstudio.com vimeo.com player.vimeo.com *.youtube.com img.youtube.com www.youtube.com *.searchstax.com static.hotjar.com *.managedcloud.sitecore.com datawrapper.dwcdn.net *.buzzsprout.com *.yoshki.com geolocation.onetrust.com cdn.jifo.co td.doubleclick.net *.google.rs unpkg.com; upgrade-insecure-requests; 1
frame-ancestors https://admin.shopify.com 'self'; 1
base-uri 'none'; default-src 'self' data: https: wss: *.crazyegg.com; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com https://maps.googleapis.com https://www.recaptcha.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/ https://www.dealer-fp-usa.com/ https://play.webvideocore.net/ *.crazyegg.com https://www.googletagmanager.com *.hotjar.com; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com 1
default-src 'none'; img-src 'self' https: data: https://www.google-analytics.com/collect https://www.googletagmanager.com https://www.google.com *.hsl.org.br; manifest-src 'self' https: *.hsl.org.br; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: https://www.google-analytics.com https://www.google-analytics.com/j/collect https://www.google.com https://www.gstatic.com https://www.googletagmanager.com *.hsl.org.br; style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com *.hsl.org.br; font-src 'self' https: https://fonts.googleapis.com https://fonts.gstatic.com *.hsl.org.br; frame-src 'self' https: https://www.google.com *.hsl.org.br; connect-src 'self' https: wss: *.execute-api.us-east-1.amazonaws.com https://stats.g.doubleclick.net https://www.google-analytics.com *.hsl.org.br; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; media-src https://videos.ctfassets.net feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 1
worker-src 'none'; 1
default-src 'self' https://racecenter.letour.fr https://emeaclientportal.datacenter.hello.global.ntt https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://s1329636.t.eloqua.com https://www.google.com.br https://www.google.com.hk https://www.google.com.sg https://www.google.co.in https://www.google.co.nz https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.com.pa https://www.google.nl https://www.google.co.jp https://*.fls.doubleclick.net  https://prodau-cdn.azureedge.net https://prodeu-cdn.azureedge.net https://www.google.com https://resources.digital-cloud.medallia.eu https://*.licdn.com https://s7.addthis.com https://vars.hotjar.com/ https://connect.facebook.net/ https://www.facebook.com/ *.crazyegg.com https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com/vi_webp/PfZzvGGRaOM/mqdefault.webp; img-src 'self' blob: data: https://*.emtana.com:* https://emeaclientportal.datacenter.hello.global.ntt/servlet/servlet.ImageServer?id=0151i000000vC0y&oid=00D58000000H2jR https://portal.webolytics.com/ https://admin.bound360.com/images/logos/bound-logo-full.png https://cdn.bizible.com https://cdn.bizibly.com https://px4.ads.linkedin.com https://ad.doubleclick.net https://www.google.be https://pbs.twimg.com https://*.analytics.google.com https://*.google.com https://*.brightfunnel.com https://q.quora.com https://alb.reddit.com https://www.marketing-town.com https://assets.getsmartcontent.com https://www.google.co.in https://www.google.com.hk https://www.google.com.sg https://www.google.co.nz https://www.google.co.jp https://www.google.com.br https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.nl https://di3c8wks3odob.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com https://www.google.de https://www.google.it https://pixel.tapad.com https://decibel-49-adswizz.attribution.adswizz.com https://www.google.co.uk https://attribution.decibelads.com https://reverseads.matomo.cloud https://tracking.connect.services.global.ntt https://fonts.gstatic.com https://cdn.cookielaw.org https://analytics.twitter.com https://analytics.google.com https://*.terminus.services https://match.adsrvr.org https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://resources.digital-cloud.medallia.eu https://j.mrpdata.net https://857338121.privacysandbox.googleadservices.com https://720787047.privacysandbox.googleadservices.com https://apt.techtarget.com https://620993155.privacysandbox.googleadservices.com https://p.adsymptotic.com/ *.crazyegg.com https://tracking.hello.global.ntt/ https://www.google.co.za https://*.kampyle.com https://vars.hotjar.com https://pubads.g.doubleclick.net https://script.hotjar.com http://script.hotjar.com www.googletagmanager.com https://www.google.com https://www.google.com.pa https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://prodeu-cdn.azureedge.net https://prodau-cdn.azureedge.net https://t.co/ https://px.ads.linkedin.com/ https://connect.facebook.net/ https://www.facebook.com/ https://www.linkedin.com/ https://s2190102.t.eloqua.com/ https://storage.googleapis.com/ https://*.akstat.io; style-src 'unsafe-inline' 'unsafe-eval' 'self' *.crazyegg.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/tiny-slider.css https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com; font-src 'self' https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://fonts.gstatic.com data: http://script.hotjar.com https://script.hotjar.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors https://cm.euprod.services.global.ntt https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://vars.hotjar.com https://bid.g.doubleclick.net https://*.crazyegg.com; script-src 'nonce-NjMzMDkxMjZub25jZS1yYW5kb20='  'unsafe-inline' 'unsafe-eval' 'self' blob: https://*.emtana.com:* https://emeaclientportal.datacenter.hello.global.ntt https://*.adobe.io https://*.go-mpulse.net https://portal.webolytics.com https://cdn.bizible.com https://secure.intelligentdata52.com https://a.quora.com https://unpkg.com/web-vitals@3.0.0/dist/web-vitals.attribution.iife.js https://*.brightfunnel.com https://*.analytics.google.com https://*.google.com https://www.redditstatic.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.js https://maps.googleapis.com https://www.google.co.in https://www.google.co.nz https://www.google.com.pa https://www.google.de https://www.google.it https://cdn.matomo.cloud https://s.getsmartcontent.com https://cdn.getsmartcontent.com https://attribution.decibelads.com https://tracking.connect.services.global.ntt https://snippet.ramblechat.com https://munchkin.brightfunnel.com https://*.terminus.services https://analytics.google.com https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://www.gstatic.com https://trk.techtarget.com https://visitor.reactful.com https://*.crazyegg.com https://script.crazyegg.com https://connect.facebook.net/ https://cdn.cookielaw.org/ https://secure.east2pony.com/ https://protect-eu.mimecast.com/ https://www.google.co.za/ https://*.addthisedge.com https://z.moatads.com https://*.addthis.com https://script.hotjar.com http://script.hotjar.com http://static.hotjar.com https://static.hotjar.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://analytics.twitter.com https://static.ads-twitter.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com https://img03.en25.com https://script.crazyegg.com https://www.youtube.com www.googleadservices.com https://pubads.g.doubleclick.net https://snap.licdn.com https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/min/tiny-slider.js https://geolocation.onetrust.com https://vidassets.terminus.services  https://acrobatservices.adobe.com; connect-src 'self' https://*.t.eloqua.com https://*.adobe.io https://*.go-mpulse.net https://portal.webolytics.com https://px.ads.linkedin.com https://*.brightfunnel.com https://*.analytics.google.com https://*.google.com https://ibc-flow.techtarget.com https://cdn.linkedin.oribi.io https://udc-neb.kampyle.com https://www.google.com.pa https://s.getsmartcontent.com https://chat-messaging.terminus.services https://www.gstatic.com https://maps.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/mapConfigs https://reverseads.matomo.cloud wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com https://chat-visitor-info.terminus.services https://iotas.terminus.services https://chat-team-management.terminus.services https://di3c8wks3odob.cloudfront.net https://realtime.ramblechat.com https://idx.liadm.com/ https://geolocation.onetrust.com/ https://api.brightfunnel.com https://analytics.google.com https://*.leady.com/ https://tracking.reactful.com https://resources.digital-cloud.medallia.eu https://visitor.reactful.com *.crazyegg.com https://www.facebook.com/ https://connect.facebook.net/ https://cdn.cookielaw.org/ https://stats.g.doubleclick.net/ https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://script.crazyegg.com/* https://api-public.addthis.com https://*.addthis.com https://privacyportal-de.onetrust.com/ https://*.akstat.io https://*.akamaihd.net https://acrobatservices.adobe.com; object-src blob: ; frame-src https://racecenter.letour.fr https://block.opendns.com https://td.doubleclick.net https://ssp2.gin.ntt.net https://www.google.com.pa https://10155546.fls.doubleclick.net https://resources.digital-cloud.medallia.eu https://extraordinary-platypus-f5e0bb.netlify.app https://nttbdttour.netlify.app/ https://cm.euprod.services.global.ntt https://www.youtube.com https://www.google.com https://youtu.be https://acrobatservices.adobe.com 1
report-to 'self' ; child-src 'self' ; connect-src 'self' *.getnitropack.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.cloudfront.net * *.hscollectedforms.net  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' ; font-src 'self' data: fonts.gstatic.com *.bootstrapcdn.com *.typekit.net cdn.jsdelivr.net *.gstatic.com snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com *.cloudfront.net  *.gstatic.com *.bootstrapcdn.com ; form-action 'self' ; frame-src 'self' swiftcdn6.global.ssl.fastly.net px4.ads.linkedin.com blob: player.vimeo.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net www.google.com snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com *.cloudfront.net  *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self' px4.ads.linkedin.com swiftcdn6.global.ssl.fastly.net www.linkedin.com data: *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ts.w.org s.w.org ps.w.org cdn.usefathom.com snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com *.cloudfront.net *.hsforms.com *.hubspot.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self'  s.w.org; object-src 'self' ; script-src 'self'  'unsafe-inline'  'unsafe-eval' vsplayer.global.ssl.fastly.net *.googleadservices.com blob: *.nitrocdn.com cdn.usefathom.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com *.cloudfront.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline'  'unsafe-eval' vsplayer.global.ssl.fastly.net *.googleadservices.com blob: *.nitrocdn.com cdn.usefathom.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com *.cloudfront.net *.hs-scripts.com  *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self'  'unsafe-inline' ; style-src 'self'  'unsafe-inline' blob: *.nitrocdn.com fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.typekit.net snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com *.cloudfront.net  *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline' blob: *.nitrocdn.com fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.typekit.net snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com *.cloudfront.net  *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline' ; worker-src 'self'  blob:;  upgrade-insecure-requests; 1
default-src 'self' *.episerver.net *.jquery.com *.soundcloud.com *.podbean.com player.vimeo.com *.youtube.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com *.flippingbook.com; frame-ancestors 'self' *.vhb.com; script-src 'self' http://localhost:* http://localhost:51381 http://localhost:50093 http://localhost:55256 http://localhost:52756 http://localhost api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' ws://localhost:49369 http://localhost:* ws://localhost:* ws://localhost:52756 http://localhost:50093 http://localhost:51381 ws://localhost:51381 ws://localhost:50093  http://localhost:52756 ws://localhost:55256 http://localhost:55256 http://localhost:49369 api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src  * data: blob: 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com;base-uri 'self'; form-action 'self'; 1
default-src 'self'; script-src 'self' *.energiewechsel.de *.bmwi.db-n.com cdnjs.cloudflare.com *.twimg.com *.twitter.com api.energielabel-erklaert.de static.etracker.com code.etracker.com www.etracker.de www.energie-effizienz-experten.de customers.lmis.de 'unsafe-eval' 'unsafe-inline' *.jwpcdn.com *.jquery.com eww-bmwi.init-ag.de raa.bmwi.de; connect-src 'self' *.bmwi.db-n.com *.streamfarm.net *.deutschland-machts-effizient.de *.energiewechsel.de *.etracker.de eww-bmwi.init-ag.de raa.bmwi.de; img-src * data:; style-src 'self' *.twimg.com *.twitter.com api.energielabel-erklaert.de 'unsafe-inline' *.jwpcdn.com; font-src 'self' *.jwpcdn.com data:; frame-src *.twitter.com *.deutschland-machts-effizient.de *.energiewechsel.de *.energielabel-erklaert.de *.energie-effizienz-experten.de customers.lmis.de:443 advisor.co2online.de; media-src 'self' *.streamfarm.net; frame-ancestors 'self'  *.kfw.de *.bafa.de *.bmwsb.bund.de; object-src 'self'; 1
frame-ancestors 'self' egp-resources.enelgreenpower.com egp.webdraft.co.it resources.enelgreenpower.com resources-dev.enelint.global 1
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.typekit.net *.episerver.net zefzhat.appspot.com www.googletagmanager.com *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io *.google-analytics.com analytics.google.com code.jquery.com az416426.vo.msecnd.net dc.services.visualstudio.com netdna.bootstrapcdn.com pi.pardot.com syndication.twitter.com sjs.bizographics.com connect.facebook.net stats.livezhat.com *.ads.linkedin.com www.linkedin.com s.ytimg.com *.googleapis.com googleapis.com api.siteattention.com www.googleadservices.com cdn.syndication.twimg.com flockler.com embed-cdn.flockler.com static.flockler.com fl-cdn.scdn1.secure.raxcdn.com cdn.datatables.net *.licdn.com www.youtube.com gateway.zscloud.net viewer.blipstar.com static.handpickedcherries.com maxcdn.bootstrapcdn.com rules.quantcount.com secure.quantserve.com apps.myzef.com tools.eurolandir.com webcc.sonera.fi stackpath.bootstrapcdn.com cdn.datatables.net cdnjs.cloudflare.com api.ipify.org munchkin.marketo.net googleads.g.doubleclick.net eu1.snoobi.com ethn.io siteimproveanalytics.com www.google.com www.gstatic.com *.giosgusercontent.com optimize.google.com *.lfeeder.com *.leadfeeder.com code.createjs.com www.gstatic.com *.vimeo.com go.upmspecialtypapers.com upm.leadfamly.com hm.baidu.com *.giosg.com t.lianacem.com static.ws.apsis.one static.ws-apac.apsis.one s3.amazonaws.com/beacon.pmmimediagroup.com/ static.ads-twitter.com js.monitor.azure.com ccchat-fi.telia.ee analytics.google.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; font-src 'self' data: *.typekit.net storage.googleapis.com netdna.bootstrapcdn.com i.s-microsoft.com upmapi.portal.azure-api.net *.hotjar.com *.hotjar.io css.zohostatic.com cdnjs.cloudflare.com use.fontawesome.com *.giosg.com *.giosgusercontent.com googleapis.com ccchat-fi.telia.ee *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; img-src 'self' data: blob: about: *.typekit.net livezhat.zef.fi *.hotjar.com *.hotjar.io *.google-analytics.com *.analytics.google.com www.upmbiofore.fi pbs.twimg.com secure.adnxs.com www.upmbiofore.com *.g.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net *.google.com *.google.co.uk *.google.fi *.google.dk *.google.de *.google.at *.google.pl *.google.ru *.google.se www.google.com www.google.co.uk www.google.fi www.google.dk www.google.de www.google.at www.google.pl www.google.ru www.google.se *.googleapis.com googleapis.com maps.gstatic.com www.gstatic.com www.facebook.com static.flockler.com flockler.com hm.baidu.com img.youtube.com cdn.datatables.net s3.amazonaws.com www.googletagmanager.com *.googletagmanager.com ssl.gstatic.com hugin.info graph.facebook.com scontent.xx.fbcdn.net pixel.quantserve.com i.ytimg.com *.episerver.net cdn2.siteattention.com  amplifypixel.outbrain.com *.ads.linkedin.com ad.doubleclick.net adservice.google.com.hk www.linkedin.com 6049499.global.siteimproveanalytics.io assets.upm.com eu1.snoobi.com ml-eu.globenewswire.com mb.cision.com gateway.zscloud.net *.lfeeder.com *.leadfeeder.com go.upmspecialtypapers.com p.adsymptotic.com upm.leadfamly.com *.fbcdn.net *.flockler.com scontent.cdninstagram.com *.giosgusercontent.com *.giosg.com analytics.twitter.com t.co ccchat-fi.telia.ee *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; connect-src 'self' *.hotjar.com *.hotjar.io www.upmbiofore.com dc.services.visualstudio.com api.siteattention.com *.google.com *.google.co.uk *.google.fi *.google.dk *.google.de *.google.at *.google.pl *.google.ru *.google.se *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net stats.g.doubleclick.net upm-prod.taiste.fi translate.googleapis.com hm.baidu.com api.mapbox.com a.tiles.mapbox.com b.tiles.mapbox.com wss://*.hotjar.com restdev.siteattention.com *.mktoresp.com events.mapbox.com *.facebook.com *.typekit.net *.giosgusercontent.com *.giosg.com prospector.pmmimediagroup.com audience.ws.apsis.one t.lianacem.com googleapis.com maps.googleapis.com cdn.linkedin.oribi.io analytics.twitter.com wss://ccchat-fi.telia.ee ccchat-fi.telia.ee wss://www.upm.com t.lianacem.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; style-src 'self' 'unsafe-inline' livezhat.zef.fi netdna.bootstrapcdn.com static.flockler.com googleapis.com maxcdn.bootstrapcdn.com translate.googleapis.com cdnjs.cloudflare.com *.episerver.net tagmanager.google.com use.fontawesome.com stackpath.bootstrapcdn.com cdn.datatables.net optimize.google.com *.giosg.com *.giosgusercontent.com ccchat-fi.telia.ee *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; frame-src 'self' data: *.doubleclick.net www.facebook.com connect.facebook.net www.google.com go.pardot.com www.youtube.com *.hotjar.com *.hotjar.io www.ciuvo.com www.googletagmanager.com tagmanager.google.com viewer.blipstar.com apps.myzef.com gamma.euroland.com tools.euroland.com tagmanager.google.com pr.globenewswire.com *.youku.com *.vimeo.com *.metsasoppi.com *.arbonaut.com optimize.google.com ethn.io web.microsoftstream.com *.giosgusercontent.com *.giosg.com go.upmspecialtypapers.com open.spotify.com upm.leadfamly.com form.apsis.one player.simplecast.com v.qq.com selectscience.net googleapis.com tools.eurolandir.com w.soundcloud.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; frame-ancestors 'self' *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; media-src 'self' *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; upgrade-insecure-requests; report-uri https://upmcms.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' kcm.org *.kcm.org govictory.com govictorystage.wpengine.com *.govictory.com emic.org *.emic.org skadev.wpengine.com *.superkidacademy.com inthevision.wpengine.com inthevisiondev.wpengine.com inthevisionstg.wpengine.com *.insidethevision.org *.terricopelandpearsons.com *.revivalradiotv.com 1
frame-ancestors https://*.x-cart.com 1
default-src 'self' blob: *.videoglaz.ru data: ws: wss: https: http: 'unsafe-inline' yandex.ru mc.yandex.ru yastatic.net 'unsafe-eval' *.comagic.ru *.reenter.ru *.mneniya.pro *.gravatar.com *.retailrocket.ru *.retailrocket.net *.wp.com *.google-analytics.com *.googleapis.com reformal.ru *.reformal.ru *.googleadservices.com *.gstatic.com *.callbackhunter.com *.jquery.com *.yadro.ru www.youtube.com *.youtube.com *.wep.wf server.comagic.ru 1
base-uri 'none'; object-src 'none'; img-src data: blob: 'self' https://fundingchoicesmessages.google.com https://www.gstatic.com https://pagead2.googlesyndication.com; script-src 'nonce-SnKMzAxDDpcRyPnP' https://www.google.com 'self' https://www.googletagmanager.com https://fundingchoicesmessages.google.com https://pagead2.googlesyndication.com https://partner.googleadservices.com https://adservice.google.com https://tpc.googlesyndication.com;worker-src blob: 'self' 'report-sample'; report-uri /neo/dsn/report/; report-to default 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://wandering.shop; img-src 'self' https: data: blob: https://wandering.shop; style-src 'self' https://wandering.shop 'nonce-yIOl+FQ3sNs/VAmLbqsxLw=='; media-src 'self' https: data: https://wandering.shop; frame-src 'self' https:; manifest-src 'self' https://wandering.shop; form-action 'self'; child-src 'self' blob: https://wandering.shop; worker-src 'self' blob: https://wandering.shop; connect-src 'self' data: blob: https://wandering.shop https://stockroom.wandering.shop wss://wandering.shop; script-src 'self' https://wandering.shop 'wasm-unsafe-eval' 1
default-src 'self' https: http: 'unsafe-inline' 'unsafe-eval' data: blob: 1
base-uri 'self'; default-src 'self' https://account.evidos.com/; connect-src 'self' wss://portal.signhost.com/ https://tattle.api.osano.com/ https://consent.api.osano.com/ https://*.intercom.io/ wss://*.intercom.io/ https://uploads.intercomcdn.com/ https://uploads.intercomusercontent.com/ https://px.ads.linkedin.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://region1.google-analytics.com https://hooks.zapier.com/; script-src 'self' https://account.evidos.com/ https://cmp.osano.com/  https://www.googletagmanager.com/ https://cdn.jsdelivr.net/ https://d3js.org/ https://*.intercom.io/ https://js.intercomcdn.com/ https://snap.licdn.com/ https://www.google.com/; script-src-elem 'self' https://account.evidos.com/ https://cmp.osano.com/  https://www.googletagmanager.com/ https://*.intercom.io/ https://js.intercomcdn.com/ https://snap.licdn.com/ https://www.google.com/; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' data: https://fonts.gstatic.com/ https://*.intercomcdn.com/; media-src 'self' https://js.intercomcdn.com/; img-src 'self' data: https://*.intercomcdn.com/ https://static.intercomassets.com/ https://uploads.intercomusercontent.com/ https://messenger-apps.intercom.io/ https://px.ads.linkedin.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://www.google.nl/; frame-ancestors 'self'; frame-src https://cmp.osano.com/; form-action 'self' https://account.evidos.com/; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://chatbotsmagazine.com https://*.chatbotsmagazine.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
frame-ancestors 'self' https://*.canyons.edu; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-sclotusinnline' linkhay.com vscc-hosting.mediacdn.vn static.trunkpkg.com *.mediacdn.vn *.cnnd.vn eshop-api.todo.vn eshop.bizfly.vn static.sourcetobin.com platform.twitter.com connect.facebook.net cdn.syndication.twimg.com *.sohatv.vn *.admicro.vn contineljs.com *.contineljs.com *.genmonet.com genmonet.com cdnstoremedia.com *.cdnstoremedia.com amcdn.com *.amcdn.com nanda.vn *.nanda.vn *.lotuscdn.vn *.lotus.vn static.amcdn.vn deqik.com imasdk.googleapis.com; child-src 'self' lotus.vn *.lotus.vn *.mediacdn.vn *.cnnd.vn linkhay.com *.sohatv.vn sport5.vn sport5.cnnd.vn blob: *.admicro.vn *.youtube.com *.facebook.com *.twitter.com twitter.com *.youtu.be www.instagram.com instagram.com contineljs.com *.contineljs.com genmonet.com *.genmonet.com cdnstoremedia.com *.cdnstoremedia.com amcdn.com *.amcdn.com nanda.vn *.nanda.vn; form-action 'self' *.cnnd.vn wechoice.vn  *.wechoice.vn syndication.twitter.com platform.twitter.com lotus.local challenge.lotus.vn challengedev.todo.vn; object-src 'self'; media-src 'self' blob: *.lotuscdn.vn kenh14cdn.com *.sohatv.vn; 1
default-src * 'unsafe-inline' 'unsafe-eval';frame-ancestors *; 1
img-src * data:; object-src 'self' https://www.emurom.net; media-src https://www.emurom.net; connect-src 'self' *; script-src 'self' blob: www.googletagmanager.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval' coolerpassagesshed.com haymowsrakily.com cowardsagrias.com gn.metallcorrupt.com 1
default-src 'self';    script-src 'self' 'unsafe-eval' 'unsafe-inline';    style-src 'self' 'unsafe-inline';    img-src 'self' blob: data: img.shields.io flagcdn.com;    font-src 'self' fonts.gstatic.com;    object-src 'none';    base-uri 'self';    form-action 'self';    frame-ancestors 'none';    upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 1
connect-src bat.bing.com *.clarity.ms c.bing.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com https: *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn.linkedin.oribi.io px.ads.linkedin.com 'self' data: media.goskills.com http://127.0.0.1:10000 app.goskills.com wss://*.goskills.com; img-src bat.bing.com https: static.hotjar.com px.ads.linkedin.com www.linkedin.com 'self' blob: data: http://127.0.0.1:10000 media.goskills.com *.goskills.com; script-src bat.bing.com *.clarity.ms c.bing.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com www.google.com www.gstatic.com www.recaptcha.net *.hotjar.com 'sha256-1s6ntw2wH8AlwYEIPJuF1P/HFjSf8Zme5/QPCMQGypk=' 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' snap.licdn.com 'nonce-0cd606380c6645e880ef5fb901a0fe9e' 'strict-dynamic' 'unsafe-inline' 'report-sample' http://127.0.0.1:10000 *.goskills.com *.freshchat.com fw-cdn.com; style-src 'sha256-/Q4se7FLGCaPFRdiDgb/uQcgnY12w7eKaV8TA9b4SEc=' 'self' 'unsafe-inline' *.goskills.com *.freshchat.com; frame-src www.google.com recaptcha.google.com www.recaptcha.net *.hotjar.com 'self' *.freshchat.com; font-src *.hotjar.com; base-uri 'self'; default-src 'none'; form-action 'self'; frame-ancestors 'none'; manifest-src 'self' *.goskills.com; media-src 'self' blob: data: media.goskills.com *.goskills.com; object-src 'none'; worker-src 'self' blob: http://127.0.0.1:10000; report-uri https://goskills.report-uri.com/r/d/csp/reportOnly 1
default-src https:; frame-ancestors 'self'; img-src https: data:; script-src 'self' *.intercom.io *.intercomcdn.com *.cloudflare.com *.googleapis.com *.calendly.com *.googletagmanager.com *.google-analytics.com *.autopilothq.com *.googleoptimize.com *.hotjar.com *.google.com *.gstatic.com *.facebook.net *.twitter.com *.amazonaws.com axigen.us9.list-manage.com 'unsafe-inline' 'unsafe-eval' none; style-src https: 'unsafe-inline'; connect-src https: wss://*.intercom.io wss://*.hotjar.com; form-action https:; object-src 'none';  font-src https: data: 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.no https://www.myheritage.no  'nonce-d2cd64e232d9aa83031116b87978b8cc' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.no;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
default-src 'self'; connect-src 'self' https://www.dmp.corebridgefinancial.com https://site2.corebridgefinancial.com https://www.corebridgefinancial.com  https://safg2022ipo.q4web.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://crbg-privacy.my.onetrust.com https://dpm.demdex.net https://safgtechnologies.tt.omtrdc.net https://cdn.linkedin.oribi.io https://report.corebridge.gbqofs.io https://px.ads.linkedin.com https://assets.adobedtm.com https://safgtechnologies.demdex.net https://cdn2.gbqofs.com https://connect.facebook.net https://snap.licdn.com https://assets.corebridgefinancial.com https://live.cloud.api.corebridgefinancial.com https://uat.cloud.api.corebridgefinancial.com https://my.valic.com https://edge.api.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://metrics.brightcove.com https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://safgtechnologiescbf.112.2o7.net https://cm.everesttech.net https://pdfgen.dmp.corebridgefinancial.com https://pdfgen-prod.dmp.corebridgefinancial.com https://americangenerallife.us-5.evergage.com https://fonts.googleapis.com https://fonts.gstatic.com https://corebridgefinancial.onlineprospectus.net https://reporting.mobular.net https://apis.sundaysky.com https://safgtechnologiescbfdev.112.2o7.net  https://streams-edge.web.sundaysky.com https://www.facebook.com; script-src https://www.dmp.corebridgefinancial.com https://site2.corebridgefinancial.com https://www.corebridgefinancial.com https://safg2022ipo.q4web.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://crbg-privacy.my.onetrust.com https://dpm.demdex.net https://safgtechnologies.tt.omtrdc.net https://cdn.linkedin.oribi.io https://report.corebridge.gbqofs.io https://assets.adobedtm.com https://cdn.evgnet.com https://cdn2.gbqofs.com https://px.ads.linkedin.com https://report.corebridge.gbqofs.io https://safgtechnologies.demdex.net https://connect.facebook.net https://snap.licdn.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://assets.corebridgefinancial.com https://cdn.gbqofs.com https://players.brightcove.net https://assets.map.brightcove.com https://map.brightcove.com https://platform.twitter.com https://aig.onlineprospectus.net https://corebridgefinancial.onlineprospectus.net https://valic.onlineprospectus.net https://play.sundaysky.com 'unsafe-inline' 'unsafe-eval' blob:; style-src https://www.dmp.corebridgefinancial.com https://site2.corebridgefinancial.com https://www.corebridgefinancial.com   https://safg2022ipo.q4web.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://crbg-privacy.my.onetrust.com https://dpm.demdex.net https://safgtechnologies.tt.omtrdc.net https://cdn.linkedin.oribi.io https://report.corebridge.gbqofs.io https://assets.adobedtm.com https://cdn.evgnet.com https://cdn2.gbqofs.com https://px.ads.linkedin.com https://report.corebridge.gbqofs.io https://safgtechnologies.demdex.net https://connect.facebook.net https://snap.licdn.com https://assets.corebridgefinancial.com https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'none'; upgrade-insecure-requests; object-src 'none'; frame-src 'self' https://safgtechnologies.demdex.net https://www.google.com https://platform.twitter.com https://players.brightcove.net; img-src 'self' https://www.dmp.corebridgefinancial.com https://site2.corebridgefinancial.com https://www.corebridgefinancial.com  https://cdn.cookielaw.org https://px.ads.linkedin.com https://safgtechnologiescbf.112.2o7.net https://cm.everesttech.net https://dpm.demdex.net https://safgtechnologiesdev1cbf.112.2o7.net https://www.linkedin.com https://www.facebook.com https://assets.corebridgefinancial.com https://metrics.brightcove.com https://map.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://hdr.sundaysky.com https://d21o24qxwf7uku.cloudfront.net https://play.sundaysky.com https://safgtechnologiescbfdev.112.2o7.net data:; media-src 'self' https://www.dmp.corebridgefinancial.com https://site2.corebridgefinancial.com https://www.corebridgefinancial.com https://bcbolt446c5271-a.akamaihd.net https://streams-edge.web.sundaysky.com blob:; font-src 'self' https://fonts.gstatic.com data:; 1
default-src 'self' *.customuse.com; script-src 'self' *.customuse.com appleid.cdn-apple.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://analytics.tiktok.com/ https://cf-st.sc-cdn.net/ blob: 'wasm-unsafe-eval' https://js.stripe.com/v3/pricing-table.js https://connect.facebook.net 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' *.customuse.com 'unsafe-inline'; font-src 'self' *.customuse.com customuse-public.s3.eu-central-1.amazonaws.com customuse-public-dev.s3.eu-central-1.amazonaws.com customuse-public-rc.s3.eu-central-1.amazonaws.com data:; img-src 'self' data: blob: *.customuse.com ouch-cdn2.icons8.com ab3c23e75d928be2f890.ucr.io customuse-public.s3.eu-central-1.amazonaws.com customuse-public-dev.s3.eu-central-1.amazonaws.com customuse-public-rc.s3.eu-central-1.amazonaws.com ucarecdn.com images.ctfassets.net https://images.unsplash.com https://www.facebook.com/tr https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/; connect-src 'self' blob: *.customuse.com wss://*.customuse.com customuse-public.s3.eu-central-1.amazonaws.com ab3c23e75d928be2f890.ucr.io https://ucarecdn.com/6d971abd-125e-4b6e-9ee9-6932f73a3fa6/environment.hdr https://*.snapar.com/ https://*.snapchat.com/ https://cf-st.sc-cdn.net/ https://bolt-gcdn.sc-cdn.net https://analytics.tiktok.com *.browser-intake-datadoghq.eu; base-uri 'self' *.customuse.com; form-action 'self' *.customuse.com; frame-src 'self' *.customuse.com form.typeform.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://js.stripe.com/ https://www.youtube.com/ *.tipalti.com; frame-ancestors 'self' *.customuse.com form.typeform.com https://app.contentful.com; 1
script-src *.yotpo.com *.bigcommerce.com *.mybigcommerce.com *.googleadservices.com *.facebook.net *.bazaarvoice.com *.fonts.net *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.zendesk.com *.zdassets.com *.cloudfront.net *.google.com *.gstatic.com *.lightboxcdn.com *.iesnare.com *.braintreegateway.com *.paypal.com *.ordergroove.com *.afterpay.com *.attn.tv *.attentivemobile.com *.doubleclick.net *.mathtag.com *.salesforce-sites.com *.tapad.com *.tiktok.com *.snapchat.com *.s3.amazonaws.com *.addrexx10.com *.crazyegg.com *.segment.com sc-static.net *.pinimg.com *.adsrvr.org *.lytics.io *.dynatrace.com *.tapad.com *.azurewebsites.net *.moatads.com *.ipify.org *.rpxnow.com *.kaptcha.com rpxnow.com *.paypalobjects.com *.googlesyndication.com *.pinterest.com *.mczbf.com *.emjcd.com pghub.io *.abtasty.com cdn11.bigcommerce.com 'self' 'unsafe-eval' 'unsafe-inline' blob: ;object-src 'none'; frame-ancestors 'self' ; 1
default-src 'self' https://jquery.com/; connect-src https://stats.g.doubleclick.net/ https://analytics.google.com/ https://www.google-analytics.com/ https://www-int0.nowcom.com/ https://www.nowcom.com/; script-src https://www.googletagmanager.com/ https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www-int0.nowcom.com/ https://www.nowcom.com/ 'unsafe-inline' 'unsafe-eval'; img-src 'self' blob: data: https://secure.gravatar.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://nowcomportal.blob.core.windows.net/; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com/; frame-src 'self' https://www.google.com/ https://nowcomportal.blob.core.windows.net/; object-src 'none' 1
frame-ancestors 'self' https://booking.loganair.co.uk; 1
connect-src *; 1
default-src * 'self' data: *.typekit.net *.vimeo.com *.siteimproveanalytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.fontawesome.com *.typekit.net siteimproveanalytics.com *.wp.com https://www.googletagmanager.com https://cdn.cookielaw.org https://polyfill.io https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' http: https: https://tagmanager.google.com fonts.googleapis.com; img-src 'self' data: http: https: *.gravatar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://cdn.cookielaw.org https://*.algolia.net https://*.algolianet.com https://*.algolia.io; frame-ancestors 'self' 1
frame-ancestors 'self' website.simpleshow.com teams.microsoft.com *.teams.microsoft.com teams.cloud.microsoft.com *.teams.cloud.microsoft.com *.skype.com sim-teams-webapp-prod.azurewebsites.net; upgrade-insecure-requests; object-src 'none' 1
frame-ancestors https://*.belmontstakes.com https://belmontstakes.com https://*.thorograph.com https://thorograph.com https://*.nyra.com https://nyra.com https://*.nyrabets.com 'self' https://nyrabets.com https://*.gbetest.com https://gbetest.com https://*.dev07-broker0201.com https://dev07-broker0201.com https://*.dev07-gbeb2c.com https://dev07-gbeb2c.com https://*.test02-nyrabets.com https://test02-nyrabets.com https://*.gbe.global https://gbe.global; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com/v1/script.debug.js https://va.vercel-scripts.com/v1/speed-insights/script.debug.js https://connectors.walletconnect.org https://cdn.jsdelivr.net wss://*.walletconnect.org 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' blob: data: gap: https://explorer-api.walletconnect.com https://static.okx.com https://app.ethena.fi https://walletconnect.org https://walletconnect.com https://secure.walletconnect.com https://secure.walletconnect.org https://tokens-data.1inch.io https://tokens.1inch.io https://ipfs.io; object-src 'self' data:; font-src 'self' https://fonts.gstatic.com data:; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-src 'self' https://verify.walletconnect.com https://verify.walletconnect.org https://secure.walletconnect.com https://secure.walletconnect.org https://connect.walletconnect.org; frame-ancestors 'self' https://verify.walletconnect.com; connect-src *; upgrade-insecure-requests; 1
frame-ancestors 'self' shoparena.pl *.shoparena.pl shoper.pl *.shoper.pl shopify.com *.shopify.com; 1
frame-ancestors https://tour.doka.com 'self' 1
font-src 'self' https://*.googleapis.com/  *.bootstrapcdn.com *.gstatic.com *.fontawesome.com *.jsdelivr.net  ; 1
frame-ancestors 'self' *.en-vols.com;object-src 'none';base-uri 'none'; 1
default-src 'none'; script-src 'self' 'sha256-0hRhHmaDBhoSH8qvbpP1Afm6ojhgB02ALT5xBcxrnaI='; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; font-src *; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src-elem * 'unsafe-inline' 'unsafe-eval' data: blob:; 1
default-src *.sanuk.com data: 'unsafe-eval' 'unsafe-inline' blob: ws: dms.deckers.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com via.placeholder.com *.deckers.layer0-perma.link *.cquotient.com d.emails.teva.com email.ugg.com email.hoka.com email.koolaburra.com email.sanuk.com email.teva.com *.emails.teva.com blog.ugg.com events.hoka.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp blog.uggaustralia.com www.teva-eu.com scripts.deckers.com rum.ingress.edgio.net *.g.doubleclick.net edgeshoppingstatic.azureedge.net s.retargeted.co *.joinhoney.com d3nocrch4qti4v.cloudfront.net df45ay5pw60dy.cloudfront.net cx.atdmt.com cdn.optimizely.com *.bglobale.com *.formstack.com *.deckers.coremedia.cloud rum-http-intake.logs.datadoghq.com www.datadoghq-browser-agent.com rum.ingress.layer0.co rum.layer0.co *.pingdom.net *.pitneybowes.com pippio.com hosted.where2getit.com res.cloudinary.com splashthat.eu *.klarnacdn.net *.klarnaservices.com *.klarna.com dfp.bouncex.net *.bounceexchange.com *.medallia.eu *.kampyle.com cdn.pdst.fm sink.pdst.fm us-central1-adaptive-growth.cloudfunctions.net *.contentsquare.net *.contentsquare.com *.dynamicyield.com *.dy-api.com *.forter.com pay.google.com *.cdn4.forter.com *.linksynergy.com *.paypal.com *.cloud.coveo.com *.amazon-adsystem.com cartera-cdn.freetls.fastly.net *.abtasty.com guarantee-cdn.com static-fe.payments-amazon.com ad.as.amanad.adtdp.com ad.caprofitx.adtdp.com ad.yieldlab.net ade.clmbtech.com *.socdm.com adx.dable.io au.ants.vn c.bing.com cm-exchange.toast.com cm.mgid.com r.casalemedia.com contextual.media.net criteo-sync.teads.tv cs.adingo.jp point.widget.rakuten.co.jp *.rakuten.co.jp static.rakuten.com *.yimg.jp *.yahoo.co.jp ads.yahoo.com deckers.candypop.jp cs.gssprt.jp eb2.3lift.com *.sharethrough.com rapid-cdn.yottaa.com pixel.advertising.com pixel.tapad.com *.ac.bcon.ecdns.net *.smartadserver.com secure.adnxs.com simage2.pubmatic.com *.criteo.net *.criteo.com sync.outbrain.com us-u.openx.net duuytoqss3gu4.cloudfront.net *.osano.com x.bidswitch.net visitor.omnitagjs.com d.line-scdn.net *.ads.yieldmo.com tr.line.me *.taboola.com *.ad-stir.com tk.jrs5.com *.adsrvr.org cdn.smartnews-ads.com payments-fe.amazon.com m.media-amazon.com chimpstatic.com static.hotjar.com content.hotjar.com t.cfjump.com chipstatic.com cdn.unidays.world api.myunidays.com *.veinteractive.com *.pixlee.com *.pixlee.co *.pxlecdn.com *.cartfulsolutions.com *.global-e.com *.powerreviews.com *.truefitcorp.com *.terracycle.com www.truefit.com *.typekit.net widgets.trustedshops.com *.etrusted.com idsync.rlcdn.com *.zenaps.com cnstrc.com *.strut.fit *.rewardstyle.com *.motionpoint.com s-cs.send.microad.jp *.smaato.net *.e-planning.net *.zemanta.com *.artlabs.ai *.onetrust.com *.stylitics.com *.g.doubleclick.net *.kampyle.com *.fls.doubleclick.net *.doubleclick.net adservice.google.com *.googleadservices.com adservice.google.com www.googletagmanager.com ampcid.google.com *.googlesyndication.com api.amplitude.com translate.googleapis.com apis.google.com www.google-analytics.com ssl.google-analytics.com maps.googleapis.com www.google.ca www.google.com translate.google.com fonts.googleapis.com api.cognitive.microsofttranslator.com browser.translate.yandex.net jjfblogammkiefalfpafidabbnamoknm bmnlcjabgnpnenekpadlanbbkooimhnj chhjbpecpncaggjpdakmflnfcopglcmi bfkjochdalcdahjnliojhpldoogkbglc pfldcnnaiaiaogmpfdjjpdkpnigplfca ajax.googleapis.com *.gstatic.com s.w.org *.ediemidnightzombies.com www.gravatar.com *.attn.tv events.attentivemobile.com *.afterpay.com www.instagram.com *.analytics.yahoo.com alb.reddit.com www.redditstatic.com *.hotjar.com *.artlabs.ai downloads.mailchimp.com *.au.hoka.com hokacustomercare.zendesk.com hokanzcustomercare.zendesk.com accentgroupsupport.zendesk.com *.wistia.com *.litix.io embedwistia-a.akamaihd.net *.bouncexchange.com events.bouncex.net www.facebook.com connect.facebook.net *.zdassets.com *.zopim.com widget-mediator.zopim.com *.list-manage.com *.us14.list-manage.com *.us-1.gladly.chat *.cdn.gladly.com *.gladly.com tnt8r4ypmtr.live.verygoodproxy.com vgs-collect-keeper.apps.verygood.systems cdn.studentbeans.com *.90d.io *.smooch.io www.clarity.ms gladly-production.sinter-collect.com tracead.com www.dwin1.com *.zenaps.com *.adyen.com *.addthis.com *.addthisedge.com *.moatads.com intljs.rmtag.com *.likeshop.me cdn.cookielaw.org www.gstatic.com fonts.gstatic.com sc-static.net bat.bing.com www.bing.com cdn.yottaa.com qoe-1.yottaa.net *.tealiumiq.com *.sitelabweb.com cdn.quadpay.com csp-reporting.cloudflare.com d38d4ysphgm9dz.cloudfront.net d35u1vg1q28b3w.cloudfront.net d2o5idwacg3gyw.cloudfront.net d6tizftlrpuof.cloudfront.net d38d4ysphgm9dz.cloudfront.net nsg.symantec.com px.owneriq.net tags.w55c.net mc.yandex.ru mc.yandex.com mc.yandex.kz yandex.net api.pinpiaa.com omwbh6dj4a.execute-api.ap-southeast-2.amazonaws.com cmp.osano.com *.usabilla.com *.newgistics.com mpsnare.iesnare.com *.cdnwidget.com *.cdnbasket.net resources.digital-cloud.medallia.eu t.co platform.twitter.com static.ads-twitter.com analytics.twitter.com tag.rmp.rakuten.com point.widget.rakuten.co.jp analytics.tiktok.com cdn.loom.com *.usw2.cordial.com hokaoneone.locally.com tr.snapchat.com tr6.snapchat.com google.com www.awin1.com hm.baidu.com *.parcellab.com analytics.convertlanguage.com *.verygoodvault.com ugg.review.eprize.com ugg.promo.eprize.com www.paypalobjects.com www.youtube.com *.brightcove.com *.pinterest.com s.pinimg.com *.cheqzone.com i.ytimg.com cdn.jsdelivr.net call.chatra.io services.sheerid.com cdn.honey.io i.honey-images.com cdn.joinhoney.com cdn.ivaws.com *.capitaloneshopping.com *.locally.com s7.addthis.com *.dashhudson.com likeshop.me trial-eum-clientnsv4-s.akamaihd.net tags.tiqcdn.com code.jquery.com maxcdn.bootstrapcdn.com strutagiocdn.blob.core.windows.net frame.hub-box.com *.datadome.co *.captcha-delivery.com sandbox.frame.hub-box.com analytics.google.com *.analytics.google.com *.google-analytics.com ampcid.google.co.in ampcid.google.co.jp ampcid.google.com.ph ampcid.google.com.pk ampcid.google.cz ampcid.google.dk ampcid.google.ee ampcid.google.es ampcid.google.fr ampcid.google.ge ampcid.google.hu ampcid.google.ht ampcid.google.kz ampcid.google.lt ampcid.google.mn ampcid.google.nl ampcid.google.no ampcid.google.pl ampcid.google.bs ampcid.google.by ampcid.google.ca ampcid.google.cl ampcid.google.co.il ampcid.google.co.kr ampcid.google.co.nz ampcid.google.co.ve ampcid.google.co.za ampcid.google.co.zw ampcid.google.com.au ampcid.google.com.ec ampcid.google.com.jm ampcid.google.com.mx ampcid.google.com.pr ampcid.google.com.sg ampcid.google.com.tr ampcid.google.com.ua ampcid.google.de ampcid.google.gr ampcid.google.ie ampcid.google.it ampcid.google.mv ampcid.google.ru ampcid.google.ro ampcid.google.se ampcid.google.pt ampcid.google.hr ampcid.google.at ampcid.google.az ampcid.google.be ampcid.google.bg ampcid.google.ch ampcid.google.co.id ampcid.google.co.ma ampcid.google.co.th ampcid.google.com.ar ampcid.google.com.br ampcid.google.com.bz ampcid.google.com.co ampcid.google.com.cy ampcid.google.com.do ampcid.google.com.gt ampcid.google.com.hk ampcid.google.com.mt ampcid.google.com.ng ampcid.google.com.ni ampcid.google.com.pe ampcid.google.com.py ampcid.google.com.sa ampcid.google.com.tj ampcid.google.com.tw ampcid.google.com.uy ampcid.google.dm ampcid.google.dz ampcid.google.fi ampcid.google.hn ampcid.google.lu ampcid.google.lv ampcid.google.ps ampcid.google.rs ampcid.google.si ampcid.google.sk ampcid.google.cn ampcid.google.co.id ampcid.google.co.th ampcid.google.co.hk ampcid.google.co.pe ampcid.google.co.tw ampcid.google.co.uy ampcid.google.tn ampcid.google.ae ampcid.google.lk ampcid.google.com.bh ampcid.google.com.vn www.google.al www.google.at www.google.am www.google.az www.google.ba www.google.be www.google.bg www.google.by www.google.ch www.google.fi www.google.ie www.google.ps www.google.tt www.google.co.bz www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.ma www.google.com.au www.google.com.co www.google.com.do www.google.com.gh www.google.com.gt www.google.com.lb www.google.com.mx www.google.com.ng www.google.com.om www.google.com.ph www.google.com.pr www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.tr www.google.com.ua www.google.com.py www.google.co.ke www.google.co.th www.google.lk www.google.tn www.google.bf www.google.co.nz www.google.co.uk www.google.is www.google.im www.google.cz www.google.de www.google.ee www.google.es www.google.fr www.google.ge www.google.gr www.google.hr www.google.ht www.google.hu www.google.ie www.google.it www.google.lt www.google.md www.google.me www.google.mk www.google.mt www.google.no www.google.nl www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.ae www.google.bs www.google.cl www.google.co.cr www.google.co.ve www.google.co.vi www.google.co.za www.google.com.ec www.google.com.hk www.google.com.jm www.google.com.kw www.google.com.pa www.google.com.sg www.google.mv www.google.co.id www.google.com.my www.google.com.pk www.google.com.vn www.google.dk www.google.mn www.google.kz www.google.vg www.google.hn www.google.com.eg www.google.ad www.google.je www.google.co.bw www.google.com.ar www.google.com.bd www.google.com.bo www.google.com.br www.google.com.cy www.google.com.pe www.google.com.sv www.google.com.uy www.google.com.qa www.google.dz www.google.iq www.google.jo www.google.sk www.google.si www.google.nl www.google.lv www.google.lu www.google.lv www.google.kg www.google.dm www.google.co.uz www.google.sr www.google.je www.google.gg www.google.com.qa www.google.mt www.google.com.bn www.google.com.bh www.google.co.uz www.google.cn www.google.tn www.google.mg www.google.com.ai www.google.li www.google.as www.google.dj www.google.com.mt www.google.ga www.google.sn www.google.com.gi www.google.mu www.google.gy; font-src *.sanuk.com *.demandware.net *.commercecloud.salesforce.com *.truefitcorp.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp use.typekit.net *.osano.com *.klarnacdn.net *.cdn.gladly.com *.gladly.com *.deckers.coremedia.cloud cdn.dynamicyield.com fonts.googleapis.com cdn.loom.com *.captcha-delivery.com *.global-e.com cdn.honey.io likeshop.me script.hotjar.com cdn.joinhoney.com fonts.gstatic.com use.fontawesome.com cdn.ivaws.com *.strut.fit *.deckers.layer0-perma.link data: *.wistia.com static.formstack.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com *.medallia.eu *.kampyle.com; style-src *.sanuk.com *.deckers.coremedia.cloud *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.demandware.net *.veinteractive.com *.bounceexchange.com cdn.dynamicyield.com *.klarnacdn.net ui.powerreviews.com *.osano.com web-assets.stylitics.com use.fontawesome.com ui.powerreviews.com cdn.honey.io cdn.joinhoney.com js.verygoodvault.com *.global-e.com *.truefitcorp.com *.deckers.layer0-perma.link www.truefit.com cdn.90d.io *.cdn.gladly.com *.gladly.com *.typekit.net www.karmanow.com *.parcellab.com *.formstack.com translate.googleapis.com d3nocrch4qti4v.cloudfront.net d6tizftlrpuof.cloudfront.net cdn.ivaws.com www.paypalobjects.com *.pxlcdn.com fonts.googleapis.com *.adyen.com *.medallia.eu *.kampyle.com downloads.mailchimp.com *.datadome.co *.captcha-delivery.com data: 'unsafe-inline'; form-action *.sanuk.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.eu payments.amazon.co.jp www.amazon.co.jp *.demandware.net *.snapchat.com www.facebook.com *.adyen.com email.teva.com email.ugg.com email.hoka.com email.sanuk.com email.koolaburra.com *.securev2.global-e.com *.secure5.arcot.com *.securesuite.co.uk *.3ds.borica.bg *.acs1.icicibank.com *.sps-system.com centinelapi.cardinalcommerce.com accentgroup.formstack.com *.captcha-delivery.com; worker-src *.sanuk.com blob: *.osano.com *.captcha-delivery.com; child-src *.sanuk.com *.demandware.net *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.commercecloud.salesforce.com *.snapchat.com guarantee-cdn.com v3.rest-ar.com *.osano.com *.doubleclick.net vars.hotjar.com www.awin1.com *.afterpay.com px.owneriq.net pal-test.adyen.com *.americanexpress.com *.facebook.com *.pixlee.co *.zenaps.com *.bounceexchange.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com www.paypal.com ln-rules.rewardstyle.com nsg.symantec.com *.pinterest.com track.usw2.cordial.com *.global-e.com wkxppshj-qx.global.ssl.fastly.net checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.sandbox.paypal.com *.ediemidnightzombies.com *.studentbeans.com *.myunidays.com point.widget.rakuten.co.jp *.bglobale.com www.google.com *.amazon-adsystem.com *.truefitcorp.com *.locally.com *.strut.fit www.pubxtags.com tracead.com photos.pixlee.com *.splashthat.eu hosted.where2getit.com sketchfab.com *.criteo.com *.criteo.net www.youtube.com *.verygoodvault.com pay.google.com www.terracycle.com sandbox.frame.hub-box.com frame.hub-box.com ugg.promo.eprize.com ugg.review.eprize.com d.emails.teva.com creatives.attn.tv cdn.attn.tv *.artlabs.ai app.collectivevoice.com *.medallia.eu *.kampyle.com *.captcha-delivery.com; report-uri https://www.sanuk.com/_/csp-reports 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://dice.camp; img-src 'self' https: data: blob: https://dice.camp; style-src 'self' https://dice.camp 'nonce-FFtYXEHO7CbZi/aEidKL5A=='; media-src 'self' https: data: https://dice.camp; frame-src 'self' https:; manifest-src 'self' https://dice.camp; form-action 'self'; child-src 'self' blob: https://dice.camp; worker-src 'self' blob: https://dice.camp; connect-src 'self' data: blob: https://dice.camp https://cdn.masto.host wss://dice.camp; script-src 'self' https://dice.camp 'wasm-unsafe-eval' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' android-webview-video-poster: *.sky.com *.bskyb.com *.skyassets.com *.awin1.com *.clicktale.net *.contentsquare.net *.contentsquare.com *.demdex.net *.doubleclick.net *.googlesyndication.com *.google.com *.google.co.uk *.google.ie *.google-analytics.com *.lpsnmedia.net *.liveperson.net *.lucidcx.com skycustomer.likewizesupport.com sky.likewizesupport.com *.optimizely.com *.qualtrics.com *.snapchat.com *.tvsquared.com *.intercom.io *.intercomcdn.com *.kampyle.com *.medallia.eu *.paa-reporting-advertising.amazon *.yimg.com *.yext-pixel.com *.stripe.com *.taggstar.com aax-eu.amazon-adsystem.com acdn.adnxs.com analytics.twitter.com analytics.tiktok.com answers2-embed.sky.com.pagescdn.com assets.sitescdn.net assets.adobedtm.com bat.bing.com britishskybroadcasti.tt.omtrdc.net cdn-assets-prod.s3.amazonaws.com cdn.co-buying.com cdn.privacy-mgmt.com cdn.spatialbuzz.com cdn.tt.omtrdc.net cdnjs.cloudflare.com connect.facebook.net content.zeotap.com c.amazon-adsystem.com dmp.vfwmrm.net edge.adobedc.net ib.adnxs.com js.smct.co js.smct.io js-cdn.dynatrace.com maps.googleapis.com platform.twitter.com rules.quantcount.com s0.2mdn.net s.pinimg.com sc-static.net secure.quantserve.com secure.adnxs.com servedby.flashtalking.com smct.co smct.io static.ads-twitter.com t.promotionx.io the.sciencebehindecommerce.com track.uniqodo.com unpkg.com www.dwin1.com www.zenaps.com www.facebook.com www.googletagmanager.com www.googleadservices.com www.gstatic.com www.uqd.io yahoo.com; style-src 'self' 'unsafe-inline' *.sky.com *.skyassets.com s0.2mdn.net www.gstatic.com *.liveperson.net www.facebook.com *.doubleclick.net assets.adobedtm.com *.lpsnmedia.net *.clicktale.net *.contentsquare.net *.googlesyndication.com sky.lucidcx.com skycustomer.likewizesupport.com sky.likewizesupport.com fonts.googleapis.com assets.sitescdn.net *.kampyle.com *.medallia.eu; font-src 'self' data: *.sky.com fonts.gstatic.com *.skyassets.com use.typekit.net *.google.com *.google.co.uk *.google.ie sky.lucidcx.com skycustomer.likewizesupport.com sky.likewizesupport.com *.snapchat.com www.pinterest.com fonts.smct.co fonts.smct.io fonts.gstatic.com *.intercomcdn.com *.kampyle.com *.medallia.eu; img-src 'self' data: android-webview-video-poster: *.sky.com *.doubleclick.net *.skyassets.com bat.bing.com *.clicktale.net *.optimizely.com *.tvsquared.com *.demdex.net *.online-metrix.net *.qualtrics.com t.co tracking.audio.thisisdax.com www.facebook.com *.google-analytics.com *.google.com *.google.co.uk *.google.ie *.atdmt.com *.cloudfront.net live.staticflickr.com tags.w55c.net www.googletagmanager.com *.contentstack.io *.lpsnmedia.net s0.2mdn.net www.zenaps.com connect.facebook.net engagement.uniqodo.com *.liveperson.net www.gstatic.com www.awin1.com analytics.twitter.com cdn.spatialbuzz.com assets.adobedtm.com cdn.privacy-mgmt.com *.googlesyndication.com *.contentsquare.net www.googleadservices.com servedby.flashtalking.com *.lucidcx.com skycustomer.likewizesupport.com sky.likewizesupport.com uniqodo.s3-eu-west-1.amazonaws.com production-image-placeholder.herokuapp.com pixel.quantserve.com *.sky 8th.io sc-static.net acdn.adnxs.com s.pinimg.com ib.adnxs.com match.adsrvr.org pm.w55c.net dmp.v.fwmrm.net ct.pinterest.com *.snapchat.com www.pinterest.com secure.adnxs.com events.smct.co *.yahoo.com *.gumgum.com smct.co cdn.smct.co smct.io cdn.smct.io px.smct.co px.smct.io ep.smct.co ep.smct.io maps.gstatic.com maps.googleapis.com *.mktgcdn.com *.yext-pixel.com aax-eu.amazon-adsystem.com a.promotionx.io cm.g.doubleclick.net cms.quantserve.com mwzeom.zeotap.com c.amazon-adsystem.com analytics.tiktok.com *.intercomassets.eu *.intercomassets.com *.intercom.io *.intercomcdn.eu *.intercomcdn.com *.kampyle.com *.medallia.eu; connect-src 'self' blob: android-webview-video-poster: *.sky.com a.promotionx.io aax-eu.amazon-adsystem.com acdn.adnxs.com analytics.tiktok.com api.amplitude.com api.amplitude.com api.iperceptions.com api.taggstar.com assets.adobedtm.com awk.epgsky.com bat.bing.com britishskybroadcasti.tt.omtrdc.net c.amazon-adsystem.com cdn-assets-prod.s3.amazonaws.com cdn.privacy-mgmt.com cdn.spatialbuzz.com cdn.taggstar.com cfg.smct.co cfg.smct.io connect.facebook.net cognito-identity.eu-west-1.amazonaws.com ct.pinterest.com dmp.v.fwmrm.net edge.adobedc.net engagement.uniqodo.com ep.smct.co ep.smct.io firehose.eu-west-1.amazonaws.com help-search-api-stage.herokuapp.com https://google.com ib.adnxs.com insights.uniqodo.com ipb.smct.co ipb.smct.io ipl.smct.co ipl.smct.io js.smct.co js.smct.io justo.uniqodo.com *.yext.com maps.googleapis.com match.adsrvr.org mwzeom.zeotap.com paa-reporting-advertising.amazon pm.w55c.net poc.idscan.cloud prod.idscan.cloud prod-my-photo-api.herokuapp.com production-retriever.herokuapp.com qa.taggstar.com s0.2mdn.net s.pinimg.com sc-static.net secure.adnxs.com smct.co smct.io spl.zeotap.com t.promotionx.io track.uniqodo.com the.sciencebehindecommerce.com vip.timezonedb.com wss://*.liveperson.net wss://*.sky.com www.facebook.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.pinterest.com www.pinterest.co.uk www.zenaps.com *.akstat.io *.assistant.watson.appdomain.cloud *.bf.dynatrace.com *.bskyb.com *.clicktale.net *.contentsquare.net *.contentstack.io *.demdex.net *.doubleclick.net *.google.com *.google.co.uk *.google.ie *.googlesyndication.com *.google-analytics.com *.liveperson.net *.lpsnmedia.net *.lucidcx.com skycustomer.likewizesupport.com sky.likewizesupport.com *.optimizely.com *.qualtrics.com *.skyassets.com *.snapchat.com *.taggstar.com *.tvsquared.com *.wepowerconnections.com *.yext-pixel.com *.yimg.com *.intercom.io *.intercomcdn.com *.intercomcdn.eu *.intercomusercontent.com *.paa-reporting-advertising.amazon *.yextapis.com *.kampyle.com *.medallia.eu; frame-src 'self' blob: *.sky.com *.bskyb.com *.skyassets.com *.doubleclick.net *.optimizely.com *.demdex.net *.online-metrix.net *.lpsnmedia.net *.qualtrics.com www.facebook.com cdn.privacy-mgmt.com universal.iperceptions.com *.google.com *.google.co.uk *.google.ie *.clicktale.net s0.2mdn.net www.zenaps.com connect.facebook.net *.liveperson.net analytics.twitter.com cdn.spatialbuzz.com assets.adobedtm.com *.googlesyndication.com *.google-analytics.com *.contentsquare.net www.googleadservices.com sky.lucidcx.com skycustomer.likewizesupport.com sky.likewizesupport.com live.tvgenius.net servedby.flashtalking.com players.brightcove.net sc-static.net acdn.adnxs.com s.pinimg.com ib.adnxs.com match.adsrvr.org pm.w55c.net dmp.v.fwmrm.net *.snapchat.com ct.pinterest.com www.pinterest.com secure.adnxs.com www.pinterest.co.uk smct.co smct.io ls.smct.co ls.smct.io d2d7do8qaecbru.cloudfront.net w.etadirect.com aax-eu.amazon-adsystem.com *.stripe.com answers2-embed.sky.com.pagescdn.com www.awin1.com c.amazon-adsystem.com *.kampyle.com *.medallia.eu paa-reporting-advertising.amazon *.paa-reporting-advertising.amazon; frame-ancestors 'self'; worker-src 'self' blob: *.sky.com *.skyassets.com assets.adobedtm.com *.liveperson.net; child-src 'self' blob: *.intercom-sheets.com; media-src 'self' data: *.sky.com *.skyassets.com *.contentstack.io *.lpsnmedia.net *.doubleclick.net *.google.com *.google.co.uk *.google.ie *.clicktale.net *.liveperson.net www.facebook.com bat.bing.com *.demdex.net assets.adobedtm.com *.google-analytics.com *.contentsquare.net *.googlesyndication.com *.intercomcdn.com; object-src 'self' *.sky.com; form-action *.intercom.io *.intercom.help; report-uri /csp-reports 1
frame-ancestors 'self' *.edumoov.com *.educartable.com *.kidiquest.com; 1
frame-ancestors 'self' https://*.j2t.com https://j2t.com https://*.j2t.exchange https://j2t.exchange https://*.just2trade.cn https://just2trade.cn https://webvisor.com https://*.webvisor.com http://webvisor.com http://*.webvisor.com https://metrika.yandex.ru https://metrica.yandex.com https://metrika.yandex.by https://metrica.yandex.com.tr 1
frame-ancestors 'self' http://buga23.magenta-magenta.de/; 1
default-src 'self' https://nomos-elibrary.de https://*.nomos-elibrary.de https://consentcdn.cookiebot.com https://google.com https://*.google.com https://gstatic.com https://*.gstatic.com https://vgwort.de https://*.vgwort.de https://vimeo.com https://*.vimeo.com https://vimeocdn.com https://*.vimeocdn.com https://hotjar.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.de; img-src 'self' https://nomos-elibrary.de https://*.nomos-elibrary.de 'nonce-MXaWK8hi9J8KercPeKpt' data: https://gstatic.com https://*.gstatic.com https://vgwort.de https://*.vgwort.de https://vimeocdn.com https://*.vimeocdn.com https://*.hotjar.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.de; frame-ancestors 'self' https://nomos-elibrary.de https://*.nomos-elibrary.de https://www.googletagmanager.com; script-src 'strict-dynamic' 'nonce-XJws4trzRuQ9Pf1zYXDk'; frame-src 'self' blob: https://nomos-elibrary.de https://*.nomos-elibrary.de 'nonce-Ayz4o3bEbgENHfgMrjGW' https://consentcdn.cookiebot.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://player.vimeo.com/video/; style-src 'self' 'unsafe-inline' https://nomos-elibrary.de https://*.nomos-elibrary.de https://consentcdn.cookiebot.com; base-uri 'self'; object-src 'none' 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob:; media-src *; object-src *; child-src blob:; worker-src blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
frame-ancestors https://passport.tutorabc.com https://www.tutorabc.com https://omsorder.tutorabc.com https://consultant.tutorabc.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: ; frame-src 'self' *.cloudflarestream.com *.vimeo.com 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' data:; style-src * 'unsafe-inline' data:; 1
script-src  'self'  'unsafe-inline'   'unsafe-eval'  *.etstur.com  *.otelpuan.com  *.googletagmanager.com  *.hotjar.com  *.facebook.net  *.googleapis.com  *.google-analytics.com  *.googleadservices.com  *.doubleclick.net  *.gstatic.com  *.cloudfront.net  *.cloudflare.com  analytics.tiktok.com  static.cloudflareinsights.com  otelpuan.com  *.efilli.com  otelpuan.webinstats.com  appleid.cdn-apple.com  *.google.com  *.google.com.tr  ;  object-src data: 'unsafe-eval' otelpuan.com *.otelpuan.com ; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mstdn.party; img-src 'self' https: data: blob: https://mstdn.party; style-src 'self' https://mstdn.party 'nonce-OzvaSOPYtdWYzkaVTIPqDQ=='; media-src 'self' https: data: https://mstdn.party; frame-src 'self' https:; manifest-src 'self' https://mstdn.party; form-action 'self'; child-src 'self' blob: https://mstdn.party; worker-src 'self' blob: https://mstdn.party; connect-src 'self' data: blob: https://mstdn.party https://files.mstdn.party wss://mstdn.party; script-src 'self' https://mstdn.party 'wasm-unsafe-eval' 1
default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; object-src 'self'; 1
frame-ancestors 'self' *.straumann.com *.nuvoimplants.com *.teethtoday.com *.straumanngroup.com portfolio.neodent.com  1
default-src blob: 'self' region1.google-analytics.com region1.analytics.google.com *.analytics.google.com *.google-analytics.com analytics.google.com www.google-analytics.com www.youtube.com https://*.googleapis.com https://stats.g.doubleclick.net; child-src blob: 'self' https://www.facebook.com/ www.youtube.com player.vimeo.com www.google.com https://*.googleapis.com;       script-src http://localhost:* 'self' 'unsafe-inline' 'unsafe-eval'  https://code.jquery.com/ https://cdnjs.cloudflare.com/ajax/libs/gsap/ *.clarity.ms *.trustpilot.com connect.facebook.net dash.serviceform.com https://googleads.g.doubleclick.net/pagead/ https://www.googleadservices.com/pagead/ privatelease.services-int.athlon.com occasions.services-int.athlon.com privatelease.services.athlon.com occasions.services.athlon.com s.ytimg.com region1.google-analytics.com region1.analytics.google.com *.analytics.google.com analytics.google.com www.google-analytics.com www.google.com www.gstatic.com www.youtube.com www.perplex.nl ajax.aspnetcdn.com player.vimeo.com www.googletagmanager.com *.en25.com https://*.googleapis.com https://maps.google.com https://secure.half1hell.com https://snap.licdn.com *.piwik.pro open.spotify.com embed-cdn.spotifycdn.com;       style-src http://localhost:* 'self' 'unsafe-inline' fonts.googleapis.com occasions.services-int.athlon.com privatelease.services-int.athlon.com occasions.services.athlon.com privatelease.services.athlon.com https://www.googletagmanager.com/;  img-src 'self' https://cm-athloncom.athlon.corp http://localhost:* data: *.bing.com *.clarity.ms https://lt45.net/ https://www.lt45.net/t/ *.google.com *.linkedin.com https://www.linkedin.com/ https://www.athloncarlease.com/ https://www.google.com/ads/ https://www.google.nl/ads/ https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/ https://px4.ads.linkedin.com/ https://www.googletagmanager.com/ https://www.google.com/pagead services.perplex.eu region1.google-analytics.com region1.analytics.google.com *.analytics.google.com analytics.google.com www.google-analytics.com *.athlon.com *.athlon.nl *.imagin.studio www.perplex.nl *.eloqua.com http://tracking.athlon.com https://px.ads.linkedin.com https://www.google.com/ads https://rental.athlon.com https://acc-rentalathloncom.perplex.eu https://*.googleapis.com https://*.gstatic.com https://*.perplex.eu https://www.google.de/ads/ https://www.google.es/ads/ https://www.google.es/ads/ga-audiences https://www.google.es/pagead/1p-user-list/ https://www.google.nl/pagead/1p-user-list/ https://www.google.de/pagead/1p-user-list/ https://www.google.fr/pagead/1p-user-list/ https://www.google.it/pagead/1p-user-list/ https://www.google.pt/pagead/1p-user-list/ https://www.google.be/pagead/1p-user-list/ https://www.google.uk/pagead/1p-user-list/ https://www.google.pl/pagead/1p-user-list/ https://www.google.lu/pagead/1p-user-list/ https://www.google.se/pagead/1p-user-list/ p.adsymptotic.com ad.doubleclick.net;       connect-src ws://localhost:* 'self' *.clarity.ms *.doubleclick.net https://*.googleapis.com https://gsp10-ssl.ls.apple.com *.serviceform.com *.athlon.com privatelease.services.athlon.com privatelease.services-int.athlon.com occasions.services-int.athlon.com occasions.services.athlon.com *.google.com region1.google-analytics.com region1.analytics.google.com *.analytics.google.com analytics.google.com www.google-analytics.com www.athlon.nl www.athloncarlease.com *.oribi.io *.piwik.pro *.googlesyndication.com *.linkedin.com;       font-src 'self' http://localhost:* data: fonts.gstatic.com *.amazonaws.com; form-action 'self' https://www.facebook.com/tr/ secure.ogone.com;       frame-src *.trustpilot.com *.doubleclick.net https://www.facebook.com/ *.perplex.eu *.athlon.com https://www.google.com/ https://www.youtube.com/ https://player.vimeo.com/ open.spotify.com https://athlon-production.discover.chargetrip.com/; frame-ancestors *.perplex.eu *.athlon.com; 1
frame-ancestors www.lebourvil.fr; 1
default-src https: data: blob: 'unsafe-inline'; object-src 'self'; script-src  'self' https://cdn.tiny.cloud/ https://static.zdassets.com/ https://*.meruscase.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://cdn.syndication.twimg.com/ https://merus-assets.s3.amazonaws.com/ https://*.facebook.net/ https://*.googleapis.com/ https://*.aspnetcdn.com/ https://*.microsoft.com https://maxcdn.bootstrapcdn.com/ https://*.youtube.com/ https://s.ytimg.com/ https://js.recurly.com/ https://cdn.wootric.com/ https://static.headnotepayments.com/ https://static.zdassets.com/ https://snap.licdn.com/ https://unpkg.com/ 'unsafe-eval' 'unsafe-inline' https://code.jquery.com/ https://forms.hubspot.com/ https://forms.hsforms.com/ https://js.hs-analytics.net/ https://js.hs-scripts.com/ https://api.usemessages.com/ https://js.usemessages.com/ https://js.hsforms.net/ https://js.hsleadflows.net/; style-src 'self' 'unsafe-inline' https: 1
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com 1
default-src * data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' blob:; connect-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; img-src * data: 'unsafe-inline'; font-src * data: 'unsafe-inline'; frame-ancestors 'self'; 1
base-uri 'self'; connect-src 'self' https: edge.fullstory.com rs.fullstory.com cdn.cookielaw.org geolocation.onetrust.com *.google-analytics.com www.googleadservices.com; default-src 'self'; font-src 'self' data: reachfinancial.my.site.com reachfinancial.my.salesforce-sites.com static.reach.com fonts.googleapis.com fonts.gstatic.com; form-action 'self'; frame-ancestors 'self' *.reach.com; frame-src 'self' reachfinancial.my.site.com reachfinancial.my.salesforce-sites.com boards.greenhouse.io www.googletagmanager.com www.google.com td.doubleclick.net widget.trustpilot.com; img-src 'self' data: reachfinancial.my.site.com reachfinancial.my.salesforce-sites.com reachfinancial.lightning.force.com sflo.reach.com static.reach.com www.google.com www.google.ca www.google-analytics.com googleads.g.doubleclick.net rs.fullstory.com www.googletagmanager.com www.nationaldebtrelief.com player.idomoo.com; media-src v.idomoo.com; object-src 'none'; report-uri https://o4504759309500416.ingest.sentry.io/api/4504759314284544/security/?sentry_key=efc49940164f49629b76ca34542e4687&sentry_environment=prod; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: reachfinancial.my.site.com reachfinancial.my.salesforce-sites.com reachfinancial.my.salesforce.com reachfinancial.lightning.force.com static.lightning.force.com sflo.reach.com ssc.reach.com cdn.cookielaw.org rs.fullstory.com edge.fullstory.com widget.trustpilot.com geolocation.onetrust.com boards.greenhouse.io player.idomoo.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com reachfinancial.my.site.com reachfinancial.my.salesforce-sites.com sflo.reach.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' analytics.cdmon.com widget.scrads.com connect.facebook.net bat.bing.com static.ads-twitter.com static.hotjar.com *.googletagmanager.com *.doubleclick.net; style-src 'self' 'unsafe-inline' widget.scrads.com *.doubleclick.net; object-src 'none'; base-uri 'self'; connect-src 'self' analytics.cdmon.com widget.scrads.com *.facebook.com bat.bing.com; frame-src 'self' widget.scrads.com *.facebook.com *.youtube.com *.youtube-nocookie.com *.doubleclick.net; img-src 'self' data: hostwordpress.es *.hostwordpress.es widget.scrads.com analytics.twitter.com t.co *.facebook.com google.com google.es *.ytimg.com bat.bing.com *.google.com *.google.es; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
'script-src' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.iubenda.com *.google-analytics.com *.hotjar.com snap.licdn.com static.cloud.coveo.com www.clarity.ms www.gstatic.com www.recaptcha.net *.googletagmanager.com ajax.cloudflare.com static.cloudflareinsights.com kit.fontawesome.com cdn.jsdelivr.net www.youtube.com www.youtube-nocookie.com ka-p.fontawesome.com bat.bing.com siteintercept.qualtrics.com maps.googleapis.com play.google.com *.coveo.com *.azure.com *.qualtrics.com *.applicationinsights.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.fontawesome.com static.cloud.coveo.com www.gstatic.com *.coveo.com cdn.iubenda.com www.googletagmanager.com;img-src 'self' data: blob: fpoimg.com *.google-analytics.com *.g.doubleclick.net *.google.com c.bing.com c.clarity.ms *.googletagmanager.com px.ads.linkedin.com www.google.com bat.bing.com static.cloud.coveo.com maps.googleapis.com maps.gstatic.com *.coveo.com *.gstatic.com *.linkedin.com *.qualtrics.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com *.fontawesome.com static.cloud.coveo.com staticdev.cloud.coveo.com *.coveo.com; connect-src 'self' wss: *.iubenda.com *.google-analytics.com *.g.doubleclick.net *.google.com stats.g.doubleclick.net siteintercept.qualtrics.com cloudflareinsights.com ka-p.fontawesome.com kit.fontawesome.com maps.googleapis.com *.coveo.com *.azure.com *.linkedin.com *.clarity.ms *.hotjar.com *.hotjar.io; media-src 'self' data: blob:; object-src 'none'; child-src 'self' www.recaptcha.net s7.addthis.com; frame-src 'self' www.youtube.com www.youtube-nocookie.com *.iubenda.com play.google.com *.coveo.com flowpaper.com *.flowpaper.com hbfuller.qualtrics.com 1
script-src 'self' 'unsafe-inline' https://spi.uz/ https://www.gstatic.com https://www.google.com https://api-maps.yandex.ru https://yandex.st https://cdn.jsdelivr.net https://fonts.googleapis.com https://yastatic.net https://yandex.ru/ https://www.gstatic.com https://www.google.com https://api-maps.yandex.ruhttps://core-renderer-tiles.maps.yandex.net; style-src 'self' https://cdn.jsdelivr.net 'unsafe-inline' https://fonts.googleapis.com; default-src 'self'; object-src 'none'; frame-src 'self' https://www.google.com https://chat.spi.uz https://yandex.ru/; connect-src 'self' https://itk.spi.uz; img-src 'self' data: https://api-maps.yandex.ru https://spi.uz/ https://core-renderer-tiles.maps.yandex.net https://yandex.ru/; frame-ancestors 'self' https://chat.spi.uz; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net data: 1
frame-ancestors 'self' http://www.1001pelit.com 1
object-src 'none';base-uri 'self';script-src 'nonce-Hc7xd36szfKG4mACbhlD7A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self';  img-src 'self' data: 1
base-uri 'self'; child-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html https://*.qq.com/ https://turing.captcha.qcloud.com https://*.geetest.com https://*.zuora.com/apps/PublicHostedPageLite.do https://jihulab.com/admin/ https://jihulab.com/assets/ https://jihulab.com/-/speedscope/index.html https://jihulab.com/-/sandbox/ https://customers.jihulab.com/ 'self' https://jihulab.com/assets/ blob: data:; connect-src 'self' https://jihulab.com wss://jihulab.com https://sentry.gitlab.net https://customers.gitlab.cn https://customers.jihulab.com https://*.qq.com/ https://*.gitlab.cn https://cdn.cookielaw.org https://*.onetrust.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net; default-src 'self'; font-src 'self'; form-action 'self' https: http:; frame-ancestors 'self'; frame-src 'self' https://www.recaptcha.net/ https://customers.gitlab.cn https://customers.jihulab.com https://*.qq.com https://*.captcha.qcloud.com https://*.captcha.gtimg.com; img-src * data: blob: *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net; manifest-src 'self'; media-src 'self' data: blob: http: https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.recaptcha.net/ https://*.qq.com/ https://cdn-go.cn/aegis/aegis-sdk/ https://*.captcha.qcloud.com https://*.captcha.gtimg.com https://*.google-analytics.com https://*.gitlab.cn https://cdn.cookielaw.org https://*.onetrust.com https://cdn.bizible.com/scripts/bizible.js *.googletagmanager.com 'nonce-XVqOZbIgy27j9Gas4wPOyg=='; style-src 'self' 'unsafe-inline'; worker-src https://jihulab.com blob: data: 1
script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'report-sample'; style-src * 'unsafe-inline'; frame-ancestors *; report-uri https://www.merton.gov.uk/report-uri/enforce 1
default-src 'self' *.my-shopify.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google-analytics.com *.ssl.google-analytics.com *.js-agent.newrelic.com *.cdnjs.cloudflare.com *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com https://*.googletagmanager.com https://www.google-analytics.com/ https://ssl.google-analytics.com *.gbqofs.io *.gbqofs.com *.cloudfront.net *.usabilla.com https://cdnjs.cloudflare.com https://cdn.cookielaw.org https://connect.facebook.net https://js-agent.newrelic.com https://cdns.us1.gigya.com https://cdns.gigya.com/ *.googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://cdn.az.ciam.nestle.com *.google.com https://www.recaptcha.net https://www.gstatic.com https://cdn.adimo.co/scripts/lightboxv2.min.js https://cdn.jsdelivr.net/npm/@popperjs/core@2.11.5/dist/umd/popper.min.js; object-src *; style-src 'self' 'unsafe-inline' *.cloudfront.net https://cdnjs.cloudflare.com k *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com 'self' 'unsafe-inline' https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://fonts.googleapis.com *.pricespider.com *.mapbox.com http://cdnjs.cloudflare.com/ *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; img-src 'self' data: *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.analytics.google.com *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.google.co.in https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://ad.doubleclick.net https://www.facebook.com https://cdn.cookielaw.org https://d6tizftlrpuof.cloudfront.net https://cdns.us1.gigya.com https://live-71951-food-maggi-in.pantheonsite.io:* https://images.aws.nestle.recipes/; media-src *; frame-src * 'self' d6tizftlrpuof.cloudfront.net *.usabilla.com ; frame-ancestors 'self' ; child-src 'self' *.pricespider.com *.mapbox.com cdnjs.cloudflare.com; font-src * 'self' *.cloudfront.net *.usabilla.com fonts.googleapis.com *.pricespider.com *.mapbox.com cdnjs.cloudflare.com ; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google www.google-analytics.com *.google-analytics.com *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com cdn.cookielaw.org:* https://cdn.cookielaw.org/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://cdn.cookielaw.org/logos/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://collect.analyze.ly https://cdns.us1.gigya.com https://login.maggi.in https://bam.nr-data.net *.gbqofs.io login.live-71951-food-maggi-in.pantheonsite.io *.live-71951-food-maggi-in.pantheonsite.io 1
frame-ancestors 'self' https://www.educastream.com https://enseignement-a-distance.educastream.com https://educastream.dev https://po-george.educastream.dev http://test-prepmyfuture.herokuapp.com/ https://*.1to1progress.com https://1to1.educastream.com/ https://lms.educastream.com https://*.7speaking.com lms-1to1.educastream.com https://*.educastream.com 1
connect-src adobedc.demdex.net edge.adobedc.net *.amazonaws.com *.doubleclick.net *.googleapis.com *.kyruus.com 'self' *.visualstudio.com wss:; default-src blob: data: https: 'self'; frame-src *.agkn.com *.doubleclick.net *.google.com mdlink.ucsfmedicalcenter.org ucsfmychart.ucsfmedicalcenter.org testmyc.ucsfmedicalcenter.org 'self' *.sitecore.net *.vimeo.com *.youtube.com; script-src *.adobedtm.com *.answerscloud.com *.azurewebsites.net *.calltrk.com *.clicktale.net *.cloudflare.com *.cloudflareinsights.com *.doubleclick.net *.evaliahealth.com *.facebook.net *.foresee.com *.google.com *.googleadservices.com *.googleapis.com *.gstatic.com *.invoca.net *.invocacdn.com *.jsdelivr.net *.msecnd.net *.radiomd.com 'self' *.skyword.com *.tealiumiq.com *.tiqcdn.com *.twitter.com datalayer.ucsfhealth.org 'unsafe-eval' 'unsafe-inline' *.vimeo.com *.vimeocdn.com *.visto1.net; style-src *.fonts.net *.googleapis.com 'self' 'unsafe-inline'; worker-src blob:; 1
frame-ancestors localhost localhost:3000 http://localhost:3000 bx.verstov.info verstov.info www.verstov.info 1
default-src 'self' *.presscommtech.com *.googlesyndication.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com https://cdn.ckeditor.com http://www.w3.org/2000/svg https://cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: * *.amazon-adsystem.com *.2mdn.net *.doubleclick.net *.google-analytics.com clickio.mgr.consensu.org *.googletagmanager.com https://pagead2.googlesyndication.com ajax.aspnetcdn.com https://www.gstatic.com https://www.google.com https://cdn.ckeditor.com https://momentjs.com https://cdnjs.cloudflare.com https://s10.histats.com https://s4.histats.com; style-src 'self' 'unsafe-inline' data: * securepubads.g.doubleclick.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://cdn.ckeditor.com https://rsms.me; font-src 'self' 'unsafe-inline' data: * securepubads.g.doubleclick.net *.googlesyndication.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://rsms.me https://fonts.googleapis.com; img-src 'self' 'unsafe-inline' data: * google.com securepubads.g.doubleclick.net doubleclick.net 2mdn.net *.googlesyndication.com clickiocdn.com *.ytimg.com https://pagead2.googlesyndication.com http://localhost:3011 https://graphics.gestionaleauto.com https://canavesetoday.it *.fbcdn.net *.quotidianocanavese.it https://cdnjs.cloudflare.com http://localhost:3131 https://images.unsplash.com https://cdn.ckeditor.com https://tailwindui.com https://www.quotidianocanavese.it https://www.torinosud.it https://www.quotidianovenaria.it https://api.trecentodieci.it; connect-src 'self' 'unsafe-inline' data: * *.2mdn.net *.doubleclick.net *.rubiconproject.com *.360yield.com securepubads.g.doubleclick.net https://stats.g.doubleclick.net *.google-analytics.com clickio.mgr.consensu.org *.clickiocdn.com canavesetoday.it pagead2.googlesyndication.com csi.gstatic.com *.googleapis.com api.telegram.org https://api.trecentodieci.it https://*.facebook.com http://localhost:3131; frame-src 'self' 'unsafe-inline' * *.amazon-adsystem.com *.2mdn.net *.doubleclick.net *.rubiconproject.com *.googlesyndication.com youtu.be *.youtu.be *.youtube.com googleads.g.doubleclick.net tpc.googlesyndication.com *.google.com; worker-src 'self'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: * *.amazon-adsystem.com *.2mdn.net *.doubleclick.net cdn.ampproject.org securepubads.g.doubleclick.net www.googletagservices.com s.clickiocdn.com clickiocdn.com https://www.google-analytics.com clickio.mgr.consensu.org *.youtube.com https://adservice.google.it *.googletagmanager.com https://pagead2.googlesyndication.com ajax.aspnetcdn.com https://www.gstatic.com https://www.google.com https://cdn.ckeditor.com https://momentjs.com https://cdnjs.cloudflare.com https://s10.histats.com https://s4.histats.com *.googleadservices.com https://tpc.googlesyndication.com https://adservice.google.com; 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net *.appcues.com; img-src * data:; frame-src 'self' *.stripe.com *.knowde.dev *.knowde.com *.knowde-demo.com *.doubleclick.net;frame-ancestors 'self' *.knowde.dev *.knowde.com *.knowde-demo.com *.builder.io; object-src 'none'; base-uri 'self'; connect-src * ws:; font-src *; manifest-src 'self'; media-src 'self'; 1
default-src 'none'; base-uri 'self'; connect-src 'self' 'unsafe-eval' https://d3oam8dvxlog8e.cloudfront.net https://a.tiles.mapbox.com https://abenityinc.freshworks.com https://analytics.google.com https://api.abenity.com https://api.mapbox.com https://app.wistia.com https://bam.nr-data.net https://bam-cell.nr-data.net https://bat.bing.com https://cdn.linkedin.oribi.io https://distillery.wistia.com https://distillery.wistia.net https://embed-cloudfront.wistia.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://events.mapbox.com https://fast.wistia.com https://fast.wistia.net https://fg8vvsvnieiv3ej16jby.litix.io https://www.googletagmanager.com https://pipedream.wistia.com https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://src.fwusercontent.com https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' https://d3oam8dvxlog8e.cloudfront.net https://cloud.typography.com https://fast.wistia.com https://fast.wistia.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://storage.googleapis.com https://use.fontawesome.com data:; form-action https:; frame-ancestors 'self'; frame-src 'self' https://abenityinc.freshdesk.com https://accounts.google.com https://calendly.com https://docs.google.com https://fast.wistia.com https://fast.wistia.net https://platform.twitter.com https://td.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.youtube.com; img-src 'self' https://d3oam8dvxlog8e.cloudfront.net https://assets.abenity.com https://a.tiles.mapbox.com https://abenity.s3.amazonaws.com https://abs.twimg.com https://analytics.google.com https://api.mapbox.com https://b.tiles.mapbox.com https://bam.nr-data.net https://bam-cell.nr-data.net https://bat.bing.com https://chart.apis.google.com https://d300tb5wusuhi2.cloudfront.net https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://fonts.gstatic.com https://fast.wistia.com https://fast.wistia.net https://i.ytimg.com https://img.youtube.com https://p.adsymptotic.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://s3.amazonaws.com https://static.accessdevelopment.com https://stats.g.doubleclick.net https://syndication.twitter.com https://trk.crozdesk.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.linkedin.com data:; manifest-src 'self'; media-src 'self' https://d3oam8dvxlog8e.cloudfront.net https://embed-cloudfront.wistia.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://fast.wistia.com blob: data:; object-src 'self' https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com; script-src 'self' 'unsafe-inline' https://d3oam8dvxlog8e.cloudfront.net https://abenity.ontraport.com https://api.mapbox.com https://app.wistia.com https://assets.calendly.com https://bam.nr-data.net https://bam-cell.nr-data.net https://bat.bing.com https://cdn.walkme.com https://distillery.wistia.com https://fast.wistia.com https://fast.wistia.net https://fw-cdn.com https://www.googletagmanager.com https://js-agent.newrelic.com https://optassets.ontraport.com https://platform.twitter.com https://s3.amazonaws.com https://snap.licdn.com https://ssl.google-analytics.com https://trk.crozdesk.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://d3oam8dvxlog8e.cloudfront.net https://abenity.s3.amazonaws.com https://api.mapbox.com https://cloud.typography.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://s3.amazonaws.com https://use.fontawesome.com;worker-src 'self' blob:; report-uri https://api.abenity.com/public/csp-logger.json; 1
default-src 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.youtube.com youtube.com *.google-analytics.com fonts.gstatic.com fonts.googleapis.com transportgzm.pl account.transportgzm.pl webchat.transportgzm.pl data: 1
frame-src 'self' policy.app.cookieinformation.com www.provector.dk html5-player.libsyn.com deltag.cancer.dk td.doubleclick.net; default-src 'self' tag.cancer.dk fonts.gstatic.com fonts.googleapis.com/ *.sleeknote.com dawa.aws.dk www.provector.dk region1.google-analytics.com policy.app.cookieinformation.com dc.services.visualstudio.com/v2/track consent.app.cookieinformation.com/api/ www.google.com googleads.g.doubleclick.net; img-src 'self' data: www.facebook.com/tr/ www.facebook.com/privacy_sandbox/pixel/ *.sleeknote.com coi-prod.azureedge.net analytics.sleeknote.com stpbcdonationkb.blob.core.windows.net mediebibliotek.cancer.dk data: googleads.g.doubleclick.net www.google.dk www.google.com; style-src 'self' 'unsafe-inline' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googleadservices.com connect.facebook.net sleeknotestaticcontent.sleeknote.com sleeknotecustomerscripts.sleeknote.com www.googletagmanager.com policy.app.cookieinformation.com js.monitor.azure.com files.cdn.leadfamly.com; frame-ancestors 'self'; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com www.tjk-njk.com *.exoclick.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.milfmovs.com/csp-reports; report-to csp-endpoint 1
default-src *; img-src * data:; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; img-src 'self' https://via.placeholder.com data: https://www.googletagmanager.com https://www.google-analytics.com https://secure.gravatar.com; font-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.comeet.co https://www.google.com/recaptcha/ https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://www.comeet.com; object-src 'none'; connect-src 'self' https://www.google-analytics.com; worker-src 'self' blob:; frame-src 'self' https://www.comeet.co https://www.google.com https://youtube.com https://www.youtube.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.situsamc.com *.pantheonsite.io *.vimeo.com fonts.gstatic.com *.googletagmanager.com *.google-analytics.com *.jsdelivr.net *.googleapis.com *.trustarc.com *.licdn.com *.hs-scripts.com *.marketo.net *.marketo.com *.hs-analytics.net *.hs-banner.com *.newrelic.com *.nr-data.net *.linkedin.com *.google.com *.hsforms.com *.hubspot.com *.doubleclick.net *.hsadspixel.net *.hscollectedforms.net *.mktoresp.com *.hubapi.com *.ceros.com *.sharethis.com *.oribi.io *.soundcloud.com *.coveo.com *.canva.com *.zohopublic.com *.typeform.com *.zi-scripts.com *.mouseflow.com *.zoominfo.com; frame-ancestors none 'self'; font-src 'self' data: *.gstatic.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' data: blob: https://*.msgr.com https://*.fbcdn.net;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; 1
frame-ancestors 'self' https://altibbi.com 1
font-src *.googleapis.com *.gstatic.com https://static.micuentaweb.pe/static/ *.cloudflare.com *.typekit.net *.trustedshops.com *.fontawesome.com fonts.gstatic.com *.twitter.com *.bootstrapcdn.com https://css.zohocdn.com https://secure.micuentaweb.pe h.online-metrix.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://secure.micuentaweb.pe/vads-payment/ https://api.micuentaweb.pe/api-payment/ https://static.micuentaweb.pe/static/ *.twitter.com https://www.facebook.com https://secure.micuentaweb.pe h.online-metrix.net https://livetracking.simpliroute.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.instagram.com www.google.com https://secure.micuentaweb.pe/vads-payment/ https://static.micuentaweb.pe/static/ youtu.be *.vimeo.com *.addthis.com *.google.com/ *.twitter.com *.google.com https://www.facebook.com https://secure.micuentaweb.pe h.online-metrix.net *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com *.cdninstagram.com https://www.magezon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://secure.micuentaweb.pe/static/latest/images/type-carte/ https://static.micuentaweb.pe/static/ https://secure.micuentaweb.pe/vads-payment/ *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.usercentrics.eu blob: *.googleadservices.com *.google-analytics.com *.twitter.com https://www.facebook.com https://css.zohocdn.com https://salesiq.zohopublic.com https://secure.micuentaweb.pe h.online-metrix.net *.d.aa.online-metrix.net https://www.google.com.pe img.openpay.mx *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com apis.google.com *.gstatic.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://api.micuentaweb.pe/api-payment/ https://static.micuentaweb.pe/static/ *.cloudflare.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.trustedshops.com *.usercentrics.eu *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com *.twitter.com googletagmanager.com *.fontawesome.com m.addthis.com z.moatads.com https://connect.facebook.net widgets.pinterest.com download.zohopublic.com vts.zohopublic.com salesiq.zoho.com js.zohostatic.com css.zohostatic.com wms.zohopublic.com media.zohostatic.com dyjgaef5vuq51.cloudfront.net dtzpfzv31buvf.cloudfront.net js.zohocdn.com css.zohocdn.com img.zohostatic.com fonts.zohostatic.com https://secure.micuentaweb.pe h.online-metrix.net https://static.cloudflareinsights.com *.hotjar.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://static.klaviyo.com https://static.micuentaweb.pe/static/ *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com *.twitter.com *.gstatic.com *.bootstrapcdn.com use.fontawesome.com *.google-analytics.com https://accounts.google.com/gsi/style https://css.zohocdn.com https://secure.micuentaweb.pe h.online-metrix.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://secure.micuentaweb.pe/vads-payment/ https://api.micuentaweb.pe/api-payment/ *.cloudflare.com ekr.zdassets.com/ *.twitter.com https://connect.facebook.net https://www.facebook.com https://salesiq.zoho.com wss://vts.zohopublic.com https://salesiq.zohopublic.com https://secure.micuentaweb.pe h.online-metrix.net wss://ws.hotjar.com https://content.hotjar.io https://stats.g.doubleclick.net *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.micuentaweb.pe/vads-payment/ https://api.micuentaweb.pe/api-payment/ https://static.micuentaweb.pe/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' http://www.jatekokxl.hu 1
default-src  'self' https://*.dcube.cloud/ ;  script-src  'self'  'sha256-nWKjNpDy9BIIH8p69UATrM+dYfeHm3RCw7s03nOoDC0=' # Script for GTM tag blob:  https://assets.dcube.cloud  https://*.wogaa.sg  https://assets.adobedtm.com  https://www.google-analytics.com  https://cdnjs.cloudflare.com  https://va.ecitizen.gov.sg  https://*.cloudfront.net  https://printjs-4de6.kxcdn.com  https://unpkg.com  https://unpkg.com/web-vitals https://wogadobeanalytics.sc.omtrdc.net  https://connect.facebook.net  https://graph.facebook.com  https://facebook.com  https://www.facebook.com  https://*.googletagmanager.com https://*.licdn.com  https://webchat.vica.gov.sg  https://vica.gov.sg https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://www.instagram.com https://script.wiz.gov.sg/widget.js https://script-staging.wiz.gov.sg/widget.js wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://cdn.jsdelivr.net/npm/algoliasearch@4.20.0/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4.60.0/dist/instantsearch.production.min.js ;  object-src  'self' ;  style-src  'self'  'unsafe-inline' https://fonts.googleapis.com/  https://*.cloudfront.net  https://va.ecitizen.gov.sg  https://*.wogaa.sg  https://cdnjs.cloudflare.com  https://datagovsg.github.io  https://webchat.vica.gov.sg  https://vica.gov.sg https://unpkg.com https://script.wiz.gov.sg/widget.css https://script-staging.wiz.gov.sg/widget.css https://assets.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://cdn.jsdelivr.net/npm/instantsearch.css@7/themes/satellite-min.css ;  img-src  * ;  media-src  * ;  frame-src  https://form.gov.sg/  https://wogaa.demdex.net/  https://*.youtube.com  https://*.youtube-nocookie.com  https://*.vimeo.com  https://vimeo.com https://www.google.com  https://checkfirst.gov.sg  https://www.checkfirst.gov.sg  https://docs.google.com  https://nlb.ap.panopto.com https://www.google.com/recaptcha/ https://accounts.google.com https://www.gstatic.com/recaptcha/ https://data.gov.sg https://*.data.gov.sg https://calendar.google.com https://datastudio.google.com https://lookerstudio.google.com https://*.fls.doubleclick.net https://www.facebook.com https://m.facebook.com/ https://www.instagram.com https://api.id.gov.sg/ ;  frame-ancestors  'none' ;  font-src  *  data: ;  connect-src  'self'  https://dpm.demdex.net  https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com  https://stats.g.doubleclick.net  https://*.wogaa.sg  https://va.ecitizen.gov.sg  https://ifaqs.flexanswer.com  https://*.cloudfront.net  https://fonts.googleapis.com  https://cdnjs.cloudflare.com  https://wogadobeanalytics.sc.omtrdc.net  https://data.gov.sg  https://api-production.data.gov.sg https://api.isomer.gov.sg https://webchat.vica.gov.sg https://chat.vica.gov.sg https://vica.gov.sg https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com wss://chat.vica.gov.sg https://api-vica-ana.vica.gov.sg/api/v1/response-ratings https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://ask.gov.sg https://staging.ask.gov.sg wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://authmiddleware.ap.sabio.cloud https://1v7dzgzjkk-*.algolianet.com/ ; 1
base-uri 'self';frame-ancestors 'self';frame-src *;object-src 'none'; 1
default-src 'self' *.google.at *.google.de *.google.es *.google.ch *.google.com; img-src 'self' *.google.at *.google.de *.google.es *.google.ch *.google.com *.table.media table.media d3e54v103j8qbb.cloudfront.net www.googletagmanager.com imgsct.cookiebot.com cdn.prod.website-files.com webflow-files-prod.global.ssl.fastly.net data:; script-src 'self' 'unsafe-inline' *.google.at *.google.de *.google.es *.google.ch *.google.com cdn.mouseflow.com consentcdn.cookiebot.com www.googletagmanager.com consent.cookiebot.com googleads.g.doubleclick.net ajax.googleapis.com d3e54v103j8qbb.cloudfront.net static.hotjar.com script.hotjar.com pi.pardot.com my.table.media cdn.prod.website-files.com cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.prod.website-files.com; object-src 'none'; font-src 'self' 'unsafe-inline' fonts.gstatic.com uploads-ssl.webflow.com data:; frame-ancestors 'none'; frame-src embed.acast.com consentcdn.cookiebot.com my.table.media tablemedia.jobs.personio.de td.doubleclick.net; connect-src 'self' *.google.at *.google.de *.google.es *.google.ch *.google.com consentcdn.cookiebot.com *.google-analytics.com googleads.g.doubleclick.net o2.mouseflow.com 1
default-src 'none'; script-src 'unsafe-inline'; style-src 'unsafe-inline'; report-uri //moneybird.com/csp_report 1
default-src 'self' *.atlantic.fr *.algolianet.com *.algolia.net *.google-analytics.com *.googlesyndication.com *.google.com *.cookiebot.com *.doubleclick.net *.groupe-atlantic.com *.kameleoon.eu *.kameleoon.com *.kameleoon.io  *.soyooz.com *.mixpanel.com *.instagram.com *.cdninstagram.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.pinterest.com app.helo-activation.fr *.facebook.com *.inbenta.io calendly.com *.calendly.com *.inbenta.service *.inbenta.services *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com; base-uri 'self' *.atlantic.fr; block-all-mixed-content; font-src 'self' data: *.soyooz.com *.atlantic.fr *.kameleoon.eu *.kameleoon.com *.kameleoon.io fonts.gstatic.com *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com; frame-ancestors 'self' *.atlantic.fr; frame-src 'self' *.atlantic.fr  *.youtube.com  *.vimeo.com  *.atlantic.fr  *.cookiebot.com  *.doubleclick.net  *.vectary.com  *.instagram.com *.facebook.com *.cdninstagram.com  *.pinterest.com calendly.com *.calendly.com *.kameleoon.eu *.kameleoon.io *.kameleoon.com *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com *.youtube-nocookie.com; img-src 'self' data: *.atlantic.fr *.youtube.com *.ytimg.com *.vimeo.com *.google-analytics.com *.groupe-atlantic.com *.googletagmanager.com *.doubleclick.net *.google.fr *.google.com *.soyooz.com *.cdninstagram.com picsum.photos placekitten.com *.picsum.photos *.placeholder.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.facebook.com *.pinterest.com *.inbenta.com  *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.calendly.com  *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.inbenta.io *.bazaarvoice.com *.cache.ephoto.fr *.cookiebot.com; media-src 'self' *.atlantic.fr *.vimeo.com *.youtube.com *.instagram.com *.cdninstagram.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site; object-src 'none'; script-src 'self' blob: *.youtube.com  *.atlantic.fr 'unsafe-inline' 'unsafe-eval' *.kameleoon.eu *.kameleoon.com *.kameleoon.io  *.pinterest.com *.googletagmanager.com  *.groupe-atlantic.com  *.cookiebot.com  *.contentsquare.net *.contentsquare.com  *.contentsquare.fr  *.google-analytics.com  *.soyooz.com  *.mxpnl.com  code.jquery.com cdn.jsdelivr.net *.googleapis.com *.cloudflare.com  googleads.g.doubleclick.net  *.facebook.net  *.tradelab.fr  *.pinimg.com *.inbenta.services *.inbenta.io calendly.com *.calendly.com *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com *.iesnare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://fonts.gstatic.com  *.soyooz.com  *.atlantic.fr  *.kameleoon.eu *.kameleoon.com *.cloudflare.com unpkg.com *.calendly.com *.kameleoon.io cdn.jsdelivr.net *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com 1
default-src 'self' *.yay.space; style-src 'self' 'unsafe-inline'; img-src * data: blob: *.yay.space; script-src 'self' 'unsafe-eval' https://www.google.com https://js-agent.newrelic.com https://platform.twitter.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://bam-cell.nr-data.net https://*.stripe.com 'nonce-N41Y0/pzGPXnzMJGebg5kg=='; frame-src 'self' https://platform.twitter.com https://www.google.com https://www.youtube.com https://*.stripe.com; media-src 'self' *.yay.space https://yay-space-stg.s3.amazonaws.com; connect-src 'self' *.googleapis.com *.yay.space https://analytics.google.com https://www.facebook.com https://bam-cell.nr-data.net https://webcollector-rtm.agora.io:* https://*.stripe.com https://cdn.growthbook.io wss://*.yay.space *.sd-rtn.com:* https://stats.g.doubleclick.net *.agora.io:* wss://*.agora.io:* wss://*.sd-rtn.com:*    https://idcardcheck.com https://yay-space.s3.us-west-002.backblazeb2.com https://yay-space.s3.ap-northeast-1.amazonaws.com https://cdn.yay.space  data:; worker-src 'self' blob: 1
script-src 'self' 'unsafe-inline' 'nonce-MTkyZDVhMDZiYzA3OTg4OTliYTQ5NTNhMWYwYTFiYTg=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self' 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=HK&lang=zh-Hant-HK&device=desktop&yrid=450vcdtja5tfb&partner=; 1
child-src 'self' https://www.youtube.com https://www.google.com https://*.google.fr; frame-ancestors 'self'; frame-src https://drouot.slgnt.eu https://www.youtube.com https://www.google.com https://*.google.fr 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com http://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://*.doubleclick.net https://*.oswald.ai  https://www.googleadservices.com https://snap.licdn.com https://connect.facebook.net https://*.mobiscroll.com https://cdn.jsdelivr.net https://unpkg.com https://datacapture.dropsolid.com https://sc-static.net https://www.google.com https://www.gstatic.com https://*.unibuddy.co/ https://firebaseinstallations.googleapis.com https://cookie-cdn.cookiepro.com/ https://cdn1.fbri.co; object-src 'self'; img-src 'self' https://*.gstatic.com https://*.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.google.com https://*.facebook.com data: https://www.makeitfly.group https://www.google.be https://px.ads.linkedin.com https://cdn.jsdelivr.net https://www.linkedin.com https://*.snapchat.com *.google-analytics.com *.analytics.google.com https://cookie-cdn.cookiepro.com/; media-src 'self'; frame-src 'self' https://*.hotjar.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://*.oswald.ai https://kuula.co/ https://*.vimeo.com https://*.doubleclick.net https://*.snapchat.com https://unibuddy.co/ https://*.odisee.be https://services.libis.be/ https://firebaseinstallations.googleapis.com https://*.unibuddy.co/ https://maps.google.com https://cdnapisec.kaltura.com https://e.issuu.com https://return.flexmail.eu https://open.spotify.com/; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com data: https://pro.fontawesome.com https://*.cloudflare.com; connect-src 'self' https://*.oswald.ai https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfunctions.net *.google-analytics.com *.analytics.google.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://cookie-cdn.cookiepro.com/ 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu *.join.com join.com *.clickup.com clickup.com;style-src 'self' 'unsafe-inline' *.usercentrics.eu *.join.com join.com;style-src-elem 'self' 'unsafe-inline'  *.usercentrics.eu *.join.com join.com blob: data:;font-src 'self' 'unsafe-inline'  *.usercentrics.eu *.join.com join.com blob: data:;connect-src 'self' 'unsafe-inline' *.usercentrics.eu *.join.com join.com;img-src 'self' 'unsafe-inline' *.usercentrics.eu *.join.com join.com data: secure.gravatar.com;frame-src 'self' *.usercentrics.eu *.join.com join.com forms.clickup.com; 1
frame-src 'self' https://cheidemann.bannerview.com https://hcaptcha.com https://*.hcaptcha.com https://www.youtube.com https://www.google.com https://platform.twitter.com https://www.twitter.com 1
frame-ancestors 'self' https://rallye-lecture.fr https://matheros.fr https://monecole.fr https://motoufo.fr; 1
frame-ancestors 'self' https://www.escanav.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://hackers.town; img-src 'self' data: blob: https://hackers.town; style-src 'self' https://hackers.town 'nonce-/buZKkYULI58Z04iLUAhDw=='; media-src 'self' data: https://hackers.town; frame-src 'self' https:; manifest-src 'self' https://hackers.town; form-action 'self'; child-src 'self' blob: https://hackers.town; worker-src 'self' blob: https://hackers.town; connect-src 'self' data: blob: https://hackers.town wss://hackers.town; script-src 'self' https://hackers.town 'wasm-unsafe-eval' 1
default-src * blob: 'unsafe-inline' 'unsafe-eval';img-src * 'self' blob: data: https:; font-src * 'self' data: blob: 1
frame-src delivery2.widgetworks.com.au www.youtube.com; 1
upgrade-insecure-requests; frame-ancestors 'self' www.newamericanfunding.com thebrokernetwork.com www.thebrokernetwork.com qa.thebrokernetwork.com staging.thebrokernetwork.com uat.thebrokernetwork.com https://patch.com https://mortgage.patch.com; default-src 'unsafe-eval' 'unsafe-inline' data: https:; script-src 'unsafe-eval' 'unsafe-inline' data: https: blob:; style-src 'unsafe-inline' data: https:; img-src data: https:  blob:; font-src data: https:; connect-src https: blob:; media-src data: https: blob:; object-src https:; frame-src data: https:; child-src data: https: blob:; form-action https:; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://smct.co https://www.awin1.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com https://d2d7do8qaecbru.cloudfront.net blob: https://tr6.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://smct.co https://ipl.smct.co https://ipb.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://*.akamaihd.net https://services.postcodeanywhere.co.uk https://translate.yandex.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://analytics.tiktok.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://tr.snapchat.com https://*.contentsquare.net https://*.smct.co https://smct.io https://*.smct.io https://sgtm.growgorgeous.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.growgorgeous.com https://checkout.growgorgeous.com https://m.growgorgeous.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://ln-rules.rewardstyle.com https://ssl.bing.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://analytics.tiktok.com https://*.ibytedtos.com https://apps.storystream.ai http://platform.twitter.com https://*.contentsquare.net https://app.contentsquare.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://tr.snapchat.com https://sgtm.growgorgeous.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://fonts.smct.co https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.pendo.io; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' *.site24x7rum.com *.google-analytics.com *.googletagmanager.com ajax.googleapis.com *.uservoice.com *.tableau.com *.tableauusercontent.com *.stripe.com *.datatables.net *.ecovadis-survey.com *.hotjar.com *.storage.googleapis.com *.pendo.io;style-src 'report-sample' 'self' 'unsafe-inline' blob: fonts.googleapis.com *.datatables.net *.jsdelivr.net  *.storage.googleapis.com *.pendo.io; frame-src 'self' *.googletagmanager.com *.online.tableau.com *.stripe.com https://pendo-eu-extensions.storage.googleapis.com/ *.hotjar.com/ *.pendo.io https://portal.productboard.com/ https://recognition.ecovadis.com/;connect-src 'self' col.site24x7rum.com *.ecovadis-survey.com *.ecovadis-itlab.com *.google-analytics.com com sentry.io *.visualstudio.com https://data.eu.pendo.io/ *.blob.core.windows.net *.g.doubleclick.net *.hotjar.com wss://*.hotjar.io wss://*.hotjar.com *.pendo.io *.storage.googleapis.com *.service.signalr.net wss://*.service.signalr.net *.hotjar.io;img-src 'self' blob: data: *.google-analytics.com *.stripe.com https://data.eu.pendo.io *.storage.googleapis.com *.slgnt.eu https://ecovadis.slgnt.eu *.google.com *.google.pl *.storage.googleapis.com *.pendo.io *.ecovadis-survey.com * ; manifest-src 'self' *.ecovadis-survey.com; media-src 'self'; worker-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors *.pendo.io; child-src *.pendo.io; font-src 'self' data: fonts.gstatic.com; 1
connect-src https://*.go-mpulse.net https://*.akstat.io 'self' cdn.cookielaw.org *.onetrust.com www.google-analytics.com *.addthis.com *.go-mpulse.net *.akstat.io *.akamaihd.net; font-src 'self' 'unsafe-inline' fonts.gstatic.com; frame-src *.iasplus.com *.videomarketingplatform.co butoembed.twentythree.net video.ranguinc.com *.youtube.com *.buto.tv *.google.com *.addthis.com *.facebook.com; img-src https://*.akstat.io 'self' data: data www2.deloitte.com deloitte.122.2o7.net www.google-analytics.com; script-src https://*.go-mpulse.net 'self' *.onetrust.com cdn.cookielaw.org 'unsafe-eval' 'unsafe-inline' data: www.gstatic.com *.go-mpulse.net *.akamaihd.net *.google.com assets.adobedtm.com *.facebook.net *.addthis.com *.addthisedge.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; object-src 'none'; base-uri 'self'; 1
frame-ancestors 'self' https://www.cvonline.lt https://www.cvmarket.lv https://www.cvkeskus.ee https://www.cvmarket.lt https://www.cv.lt https://www.visidarbi.lv; 1
default-src 'self' https://cdn.plaid.com https://static.zdassets.com https://ekr.zdassets.com https://riverfinancial.zendesk.com wss://riverfinancial.zendesk.com wss://*.zopim.com; connect-src 'self' https://sentry.io/api/ https://ekr.zdassets.com https://riverfinancial.zendesk.com https://api.hsforms.com wss://*.zopim.com https://*.zopim.com wss://river.com https://www.google-analytics.com https://*.analytics.google.com https://*.google.com https://stats.g.doubleclick.net https://production.plaid.com https://o1382860.ingest.sentry.io/api/ https://ads-twitter.com https://static.ads-twitter.com/ ads-api.twitter.com analytics.twitter.com; script-src 'self' 'nonce-P1rJBPQ25ujUUcb_BdMChC9MfO_YMV4-t2_Xb9VLyWw'  https://river.com/ https://static.zdassets.com https://cdn.plaid.com https://cdn.sift.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://static.ads-twitter.com/ https://connect.facebook.net/; img-src 'self' https://river.com https://data.river.com https://v2assets.zopim.io https://static.zdassets.com https://v2uploads.zopim.io https://hexagon-analytics.com https://www.google-analytics.com https://*.analytics.google.com https://blog.river.com https://www.google.com https://googleads.g.doubleclick.net https://ads-twitter.com https://static.ads-twitter.com/ ads-api.twitter.com analytics.twitter.com https://t.co/1/i/adsct https://www.facebook.com/ data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; object-src 'none'; frame-src 'self' https://www.youtube.com https://cdn.plaid.com https://connect.trezor.io https://www.google.com/recaptcha/ https://demo.docusign.net https://account-d.docusign.com https://bid.g.doubleclick.net; base-uri 'none' 1
script-src 'unsafe-eval' blob: 'self' 'unsafe-inline'; default-src 'self' data: blob: https://media.starcitizen.tools https://api.flickr.com; style-src 'self' data: blob: https://media.starcitizen.tools https://api.flickr.com 'unsafe-inline'; object-src 'none'; report-uri /api.php?action=cspreport&format=json 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; connect-src https: wss: 1
default-src 'self'; script-src 'self' https://stats.wp.com https://cdn.hu-manity.co/hu-display.min.js https://cdn.hu-manity.co/hu-banner.min.js https://maps.google.com https://maps.googleapis.com/ https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__en.js https://www.googletagmanager.com https://s0.wp.com https://www.google.com/ https://www.youtube.com https://yoast.com https://www.gstatic.com https://carf.adobeconnect.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://s0.wp.com https://ajax.googleapis.com https://carf.adobeconnect.com 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://designer-api.hu-manity.co https://cdn.plyr.io https://public-api.expertfile.com https://maps.googleapis.com https://carf.adobeconnect.com https://www.google-analytics.com https://transactional-api.hu.manity.co; font-src 'self' data: https://fonts.gstatic.com https://s0.wp.com; frame-src 'self' https://www.google.com https://widgets.wp.com https://maps.google.com https://www.youtube-nocookie.com https://carf.adobeconnect.com https://public-api.expertfile.com; img-src https: data:; manifest-src 'self' https://carf.adobeconnect.com; media-src https: data:; worker-src blob:; 1
style-src 'self' fonts.googleapis.com www.google-analytics.com www.googletagmanager.com connect.facebook.net 'unsafe-inline' 'unsafe-eval'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; media-src *; img-src * data: blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://one.binalyze.com;connect-src *;worker-src blob: data: 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' https://one.binalyze.com https://fonts.gstatic.com;frame-src 'self' https://one.binalyze.com https://cdn.binalyze.com;media-src 'self' https://storage.googleapis.com/studio1-prod-blob/ https://one.binalyze.com;style-src 'self' 'unsafe-inline' https: https://one.binalyze.com https://js.userflow.com;img-src 'self' data: https://js.userflow.com https://one.binalyze.com https://storage.googleapis.com/studio1-prod-blob/;default-src 'self';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none' 1
default-src *; img-src https: data:; script-src 'self' 'unsafe-inline' s.yimg.jp www.gstatic.com *.jsdelivr.net *.paypalobjects.com *.ads-twitter.com  *.doubleclick.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.jennifersoft.com *.cloudflare.com *.cloudflareinsights.com *.googleapis.com *.paypal.com *.google.com *.bootpay.co.kr *.stripe.com; style-src 'self' 'unsafe-inline' *.gstatic.com *.googleapis.com; font-src 'self' data: *.gstatic.com; frame-src 'self' www.google.com *.doubleclick.net *.googletagmanager.com  *.stripe.com *.bootpay.co.kr *.paypal.com youtube.com *.youtube.com *.paypalobjects.com; worker-src blob:; 1
default-src 'none';      style-src 'self' 'unsafe-inline' https://fast.wistia.net https://fast.wistia.com https://go.actonegroup.com/ http://go.actonegroup.com https://go.appleone.com https://cloud.typography.com https://www.appleone.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.datatables.net https://hello.myfonts.net https://pro.fontawesome.com https://cdn.jsdelivr.net https://use.typekit.net https://p.typekit.net https://cdnjs.cloudflare.com https://www.youtube.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://cdn.cookielaw.org/ https://code.jquery.com/;      script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fast.wistia.net https://fast.wistia.com https://go.actonegroup.com/ https://snap.licdn.com/ http://go.actonegroup.com https://www.appleone.com/ http://munchkin.marketo.net https://munchkin.marketo.net/ https://go.appleone.com https://static.cloudflareinsights.com https://cdn.jsdelivr.net https://use.fontawesome.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://munchkin.marketo.net https://www.youtube.com https://s.ytimg.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://code.jquery.com https://cdn.datatables.net https://connect.facebook.net https://ajax.googleapis.com https://www.dropbox.com https://apis.google.com https://unpkg.com https://maps.googleapis.com https://www.googleapis.com https://www.google.com https://www.gstatic.com https://plugins.eventable.com/ *.addthis.com *.addthisedge.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://kit.fontawesome.com/ https://accounts.google.com/;        img-src 'self' https://embed-ssl.wistia.com https://fast.wistia.com https://fast.wistia.net https://px.ads.linkedin.com/ http://go.actonegroup.com https://www.appleone.com/ https://stats.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.facebook.com https://cdn.datatables.net https://track.ziprecruiter.com https://www.youtube.com https://maps.gstatic.com https://maps.googleapis.com data: https://add.eventable.com/ https://plugins.eventable.com/ https://cdn.cookielaw.org/ https://code.jquery.com/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/;      font-src 'self' https://fast.wistia.net https://www.appleone.com/ https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://pro.fontawesome.com https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com https://cdn.cookielaw.org/ https://ka-f.fontawesome.com/;      connect-src 'self' https://a14uiqyx84-dsn.algolia.net https://fg8vvsvnieiv3ej16jby.litix.io/ https://distillery.wistia.com https://embed-cloudfront.wistia.com https://fast.wistia.net https://pipedream.wistia.com https://fast.wistia.com http://815-tmy-864.mktoresp.com http://jobs.brettspencer.us https://stage.actonescale.com https://actonescale.com/ https://815-tmy-864.mktoresp.com https://www.facebook.com https://www.youtube.com https://www.googleapis.com https://cdn.cookielaw.org/ https://www.google-analytics.com https://stats.g.doubleclick.net https://ka-f.fontawesome.com/ https://appleone.com https://analytics.google.com/;      frame-src 'self' https://fast.wistia.net https://fast.wistia.com https://go.actonegroup.com/ http://go.actonegroup.com https://go.appleone.com/ https://appleone.com https://www.sertifi.com/allin1/ https://sandbox.sertifi.net/allin1/ https://wotcintgsvc.maxinc.com https://s7.addthis.com https://www.youtube.com https://Ain1.sharepoint.com https://accounts.google.com/ https://docs.google.com/ https://www.google.com/recaptcha/ https://add.eventable.com/ https://wotc.maximus.com https://wotcdemo.maximus.com https://www.facebook.com/ https://web.microsoftstream.com/ https://integration-talentcentral.us.shl.com/ https://talentcentral.us.shl.com/ data:;      frame-ancestors 'self'; object-src 'self' data:; form-action 'self' https://www.facebook.com; base-uri 'none';      media-src 'self' blob: https://gamma.aiotest.com https://www.appleone.com/ https://gamma.aiotest.com https://embed-ssl.wistia.com  https://www.youtube.com 1
default-src 'none'; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google.com https://*.analyticspodium.com https://*.calltrk.com https://*.callrail.com https://*.brandcdn.com https://*.podium.com https://*.cloudflare.com https://*.jquery.com https://*.bootstrapcdn.com https://*.pagescdn.com https://*.optimizely.com https://*.amazonaws.com https://*.adobedtm.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.facebook.net https://*.googleadservices.com https://*.sitescdn.net https://*.livechatinc.com https://*.demdex.net https://*.addthis.com https://*.addthisedge.com https://*.pinterest.com https://*.en25.com https://*.datadoghq-browser-agent.com https://optimize.google.com https://*.rlets.com https://*.reachlocallivechat.com https://reachlocallivechat.com about://*.reachlocallivechat.com https://*.cloudfront.net https://*.cloudflareinsights.com https://*.broadly.com https://web-2-tel.com https://*.hotjar.com https://*.btttag.com https://*.bing.com https://*.doubleclick.net https://*.thinkingchat.com https://*.here.com https://*.stackadapt.com https://*.simpli.fi https://*.pinimg.com https://*.yimg.com https://*.adroll.com https://*.adsrvr.org https://*.scorpion.co https://*.stripe.com https://*.twilio.com wss://*.twilio.com https://www.mrhandyman.com blob: https://*.convertexperiments.com https://*.cloudfunctions.net https://*.rlcdn.net https://*.mountain.com https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai https://*.yellow.ai https://*.yellowmessenger.com https://*.web-2-tel.com https://*.bidclips.com https://*.graph.facebook.com https://*.facebook.com https://*.gstatic.com https://*.tvsquared.com/ https://*.phluant.com https://*.srv.stackadapt.com https://*.leadconnectorhq.com https://*.msgsndr.com https://adservice.google.com https://*.milestoneinternet.com  https://*.contractorcommerce.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.typekit.net https://*.jquery.com https://*.sitescdn.net https://optimize.google.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.stackadapt.com https://*.scorpion.co https://*.twilio.com https://www.mrhandyman.com blob: https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai https://*.leadconnectorhq.com https://*.msgsndr.com https://*.milestoneinternet.com; object-src 'none'; connect-src https://*.analyticspodium.com https://*.calltrk.com https://*.callrail.com https://*.cloudflare.com https://*.brandcdn.com https://*.podium.com https://*.nblyprod.com https://*.googleapis.com https://*.pagescdn.com https://*.demdex.net https://*.livechatinc.com https://*.neighborly.com https://*.crownpeak.net https://*.addthis.com https://*.yext.com https://*.b2clogin.com https://*.dwyergroup.com https://*.broadly.com https://*.amazonaws.com https://*.google-analytics.com https://*.facebook.net  https://*.gannettdigital.com https://*.browser-intake-datadoghq.com https://optimize.google.com https://*.reachlocalservices.com https://*.rlets.com https://reachlocallivechat.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.hotjar.io/ wss://reachlocallivechat.com https://*.web-2-tel.com wss://*.hotjar.com https://*.simpli.fi https://*.here.com https://*.hereapi.com https://*.stackadapt.com https://*.yimg.com https://*.pinterest.com https://*.adroll.com https://*.scorpion.co https://*.btttag.com https://*.twilio.com wss://*.twilio.com https://*.doubleclick.net https://www.mrhandyman.com https://*.bing.com blob: https://*.cloudfunctions.net https://*.rlcdn.net https://*.convertexperiments.com https://44.238.122.172 https://100.20.58.101 https://35.85.84.151 https://44.228.85.26 https://34.215.155.61 https://35.160.46.251 https://52.71.121.170 https://18.210.229.244 https://44.212.189.233 https://3.212.39.155 https://52.22.50.55 https://54.156.2.105 https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai https://*.yellow.ai https://*.yellowmessenger.com https://*.localiq.com https://*.facebook.com https://*.bidclips.com https://*.gstatic.com https://*.tvsquared.com/ https://*.leadconnectorhq.com https://*.msgsndr.com https://adservice.google.com https://*.milestoneinternet.com https://browser-intake-datadoghq.com https://*.contractorcommerce.com; font-src https://*.cloudflare.com https://*.nblyprod.com https://*.typekit.net https://*.gstatic.com https://*.googleapis.com https://optimize.google.com https://reachlocallivechat.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.scorpion.co https://*.twilio.com https://www.mrhandyman.com blob: https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai https://*.milestoneinternet.com; frame-src https://*.google.com https://*.cloudfront.net https://*.cloudflare.com https://*.rlets.com https://*.youtube.com https://*.livechatinc.com https://*.demdex.net/ https://*.addthis.com https://*.pagescdn.com https://*.amazonaws.com https://*.b2clogin.com https://optimize.google.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.doubleclick.net https://*.adsrvr.org https://*.pinterest.com https://*.stripe.com https://*.twilio.com https://www.mrhandyman.com https://*.broadly.com blob: https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai https://*.web-2-tel.com https://*.tryinteract.com https://*.facebook.com https://*.bidclips.com https://*.milestoneinternet.com; media-src https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai https://*.milestoneinternet.com; worker-src https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai https://*.milestoneinternet.com blob: 1
frame-ancestors 'self' https://www.around.team; 1
script-src 'nonce-lqgrOO9mzmfECB49xG+uOA==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=qi7yR82aKimsBCs2dmYcCSGg7X3Nd8nw0L9YOe_HRbzpKahN-AYpETPFsxM57fsdLtLf&policy_id=9&user_id=&request_id=c3fdfaf1-ad0b-4915-9b08-4dee8d65106d; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
frame-ancestors 'self' *.classcreator.com *.classconnection.com *.facebook.net *.facebook.com 1
font-src *.augustinusbader.com 'unsafe-inline' data: static.formstack.com/forms/fonts *.klevu.com https://js.intercomcdn.com/fonts/ fonts.intercomcdn.com fast.wistia.com *.yotpo.com *.googleapis.com *.gstatic.com *.fontawesome.com common-fonts.abtasty.com augustinusbader.formstack.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.augustinusbader.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com www.secure22gw.ro *.yotpo.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://3dsecure.slsp.sk https://www.rsa3dsauth.co.uk https://3dsec.cardcenter.ch https://api-iam.intercom.io https://paiement2.secure.lcl.fr https://safekey-2.americanexpress.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.augustinusbader.com platform.twitter.com *.wlp-acs.com/ *.paypal.com tst.kaptcha.com *.cardinalcommerce.com *.checkout.paypal.com *.fls.doubleclick.net/ https://ct.pinterest.com *.hotjar.com https://augustinusbader.attn.tv https://augustinusbader-au.attn.tv *.mention-me.com https://mention-me.com/ https://js.zenlocator.com https://augustinusbader-gb.attn.tv https://augustinusbader-us.attn.tv https://tpc.googlesyndication.com https://creatives.attn.tv c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.yotpo.com consentcdn.cookiebot.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com augustinusbader.sjv.io augustinusbader.pxf.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.augustinusbader.com *.facebook.net www.facebook.com *.webgains.io *.ometria.com *.coview.com *.stats.g.doubleclick.net/ *.paypal.com/ *.klarnacdn.net/ *.wistia.com/ js.klevu.com services.postcodeanywhere.co.uk https://shareasale.com/ https://bat.bing.com/action/ *.contentsquare.net *.intercomassets.com https://www.google.com/ads/ga-audiences https://www.google.com/pagead/ https://www.google.fr/ads/ga-audiences https://q.quora.com/_/ad/ https://ib.adnxs.com/pixie https://www.googletagmanager.com/ https://ct.pinterest.com https://log.pinterest.com https://track.sweetanalytics.com https://insight.adsrvr.org https://match.adsrvr.org *.google.co.uk *.google.com *.google.fr *.google.au *.google.co https://shipup-assets-prod.s3-eu-west-1.amazonaws.com https://a.omappapi.com https://bam.nr-data.net https://px.steelhousemedia.com https://beacon.krxd.net https://usermatch.krxd.net https://events.attentivemobile.com https://pixel.quantserve.com assets.braintreegateway.com downloads.intercomcdn.com js.intercomcdn.com https://s3-us-west-2.amazonaws.com/s.cdpn.io/346994/ https://static.afterpay.com https://site-assets.afterpay.com/ https://images.unsplash.com *.yotpo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com c.paypal.com checkout.paypal.com *.paypal.com connect.facebook.net graph.facebook.com business.facebook.com www.google.ie https://www.google.co.in/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://www.google.be/ads/ga-audiences https://www.google.de/ads/ga-audiences https://www.google.it/ https://www.google.si/ https://www.google.at/ads/ga-audiences https://www.google.im/ads/ga-audiences https://www.google.com.sg/ads/ga-audiences https://www.google.com.cy/ads/ga-audiences https://www.google.sk/ads/ga-audiences https://www.google.hu/ads/ga-audienceS https://www.google.ro/ https://www.google.es/ads/ga-audience https://zenlocator-prod-assets.s3.amazonaws.com/ blob: shipup-assets-prod.s3.eu-west-1.amazonaws.com embedwistia-a.akamaihd.net www.google.ae www.google.com.au www.google.dk uploads.commoninja.com website-assets.commoninja.com editor-assets.abtasty.com media.augustinusbader.com imgsct.cookiebot.com teddytor.abtasty.com widgets-images.abtasty.com augustinusbader.sjv.io www.ojrq.net logs-01.loggly.com assets-manager.abtasty.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googletagmanager.com/ *.augustinusbader.com *.braintreegateway.com *.facebook.net www.facebook.com *.webgains.io *.twitter.com *.ometria.com *.coview.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.paypal.com songbirdstag.cardinalcommerce.com https://augustinusbader.formstack.com https://static.formstack.com/forms/js track.webgains.com https://w-it.m-t.io https://bam.nr-data.net *.klarnacdn.net/ *.wistia.com/ js.klevu.com ascre11111.pcapredict.com services.postcodeanywhere.co.uk https://consentcdn.cookiebot.com *.doubleclick.net/ *.pingdom.net/ *.opmnstr.com/ *.contentsquare.net/ *.nr-data.net/ *.intercom.io/ https://api.ipify.org/ https://a.omappapi.com/app/js/ https://js.intercomcdn.com/ https://www.googleoptimize.com/optimize.js https://d2hrivdxn8ekm8.cloudfront.net/tag-manager static.hotjar.com https://analytics.tiktok.com https://script.hotjar.com https://s.pinimg.com https://scripts.postie.com https://bat.bing.com https://px.mountain.com https://track.sweetanalytics.com https://tag.mention-me.com https://static.mention-me.com https://cdn.attn.tv https://cdn.shipup.co https://dx.mountain.com https://gs.mountain.com https://square.site https://sdk-static.loyaltylion.net https://sdk.loyaltylion.net *.quantcount.com *.quantserve.com https://d2hrivdxn8ekm8.cloudfront.net/ https://cdn.attn.tv/growth-tag-assets/client-configs/augustinusbader.attn.tv.js https://cdn.jsdelivr.net/jquery/latest/jquery.min.js https://cdn.jsdelivr.net/momentjs/latest/moment.min.js https://cdn.jsdelivr.net/npm/daterangepicker/daterangepicker.min.js https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.yotpo.com consent.cookiebot.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com connect.facebook.net graph.facebook.com business.facebook.com https://staging.static.ordergroove.com https://static.ordergroove.com https://tpc.googlesyndication.com/ https://res.cloudinary.com/dthskrjhy/video/upload/v1545324364/ASR/* js.zenlocator.com https://squareup.com/ insight.adsrvr.org js.adsrvr.org static.formstack.com www.ascendpartner.com cdn.commoninja.com www.google.com try.abtasty.com teddytor.abtasty.com app.contentsquare.com *.mountain.com utt.impactcdn.com ct.pinterest.com qa-assistant.abtasty.com unsafe-inline augustinusbader.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.augustinusbader.com static.formstack.com/forms/css js.klevu.com services.postcodeanywhere.co.uk https://cdn.shipup.co https://a.omappapi.com https://sdk.loyaltylion.net https://acdn.adnxs.com assets.braintreegateway.com https://cdn.jsdelivr.net/npm/daterangepicker/daterangepicker.css static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.yotpo.com *.googleapis.com *.fontawesome.com optimize.google.com/optimize/ cdn.commoninja.com ga-assistant.abtasty.com teddytor.abtasty.com common-fonts.abtasty.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.augustinusbader.com https://augustinusbader.com/ https://fast.wistia.com https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com https://pp-ab.com blob: https://embed-cloudfront.wistia.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.augustinusbader.com *.coview.com *.braintree-api.com *.execute-api.us-east-1.amazonaws.com *.braintreegateway.com *.cardinalcommerce.com api.webgains.io track.webgains.com https://bam.nr-data.net *.paypal.com/ *.klarnaevt.com/ *.wistia.com/ services.postcodeanywhere.co.uk *.contentsquare.net/ *.omappapi.com/ *.pingdom.net/ *.nr-data.net/ https://www.facebook.com/ *.intercom.io/ https://bat.bing.com/actionp/ https://www.google-analytics.com/ *.doubleclick.net wss://nexus-websocket-a.intercom.io/ https://uscs24.ksearchnet.com/ https://stats.ksearchnet.com/ *.hotjar.com https://analytics.tiktok.com https://ct.pinterest.com https://track.sweetanalytics.com https://events.attentivemobile.com https://t.getletterpress.com *.ometria.com https://api.shipup.co https://api.zenlocator.com https://augustinusbader.attn.tv https://augustinusbader-gb.attn.tv https://augustinusbader-au.attn.tv https://augustinusbader-us.attn.tv https://api.maptiler.com https://sdk.loyaltylion.net https://platform.loyaltylion.com *.mention-me.com https://mention-me.com/ https://fg8vvsvnieiv3ej16jby.litix.io/ https://consentcdn.cookiebot.com https://www.googleoptimize.com/optimize.js https://d1lu3pmaz2ilpx.cloudfront.net https://pixel.quantcount.com https://www.google.fr/ads/ga-audiences wss://ws6.hotjar.com/api/v2/ *.cloudfront.net https://pp-ab.com https://api.addressy.com https://aa.agkn.com/adscores/ https://analytics.tiktok.com/api/v2/ wss://*.hotjar.com/api/v2/client/ws https://embedwistia-a.akamaihd.net/ https://braintree-sample-merchant.herokuapp.com/client_token https://region1.google-analytics.com/ static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com https://api.addressy.com/Capture/Interactive/Find/v1.10/json3.ws *.yotpo.com consentcdn.cookiebot.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ksearchnet.com https://static.ordergroove.com/@ordergroove/i18n-data/latest/i18n_country_data.json https://staging.v2.ordergroove.com https://api.ordergroove.com https://staging.restapi.ordergroove.com https://restapi.ordergroove.com https://18.210.229.244/ https://3.212.39.155/ https://44.212.189.233/ https://52.22.50.55/ https://52.71.121.170/ https://54.156.2.105/ insight.adsrvr.org www.google.co.uk www.commoninja.com cdn.commoninja.com content.hotjar.io *.analytics.google.com metrics.hotjar.io www.google.com ariane.abtasty.com dcinfos-cache.abtasty.com widgets.abtasty.com try.abtasty.com api-data-connector.abtasty.com vc.hotjar.io 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 *.google-analytics.com portal.afterpay.com pagead2.googlesyndication.com api2.abtasty.com augustinusbader.sjv.io augustinusbader.pxf.io api-assets-manager.abtasty.com widgets-images.abtasty.com augustinusbader.formstack.com 'self' 'unsafe-inline'; child-src https://augustinusbader.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://27e0e6696e4dace4c468033f9a2cf9de.report-uri.com/r/d/csp/enforce; report-to report-endpoint; 1
default-src ‘none’; script-src ‘self’; connect-src ‘self’; img-src ‘self’; style-src ‘self’; frame-ancestors ‘self’; form-action ‘self’; 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://wds.ace.teliacompany.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://wds.ace.teliacompany.com https://www.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com https://www.googleadservices.com https://connect.facebook.net https://extend.vimeocdn.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://www.google.com https://www.facebook.com https://geolocation.onetrust.com https://noembed.com https://www.youtube.com https://www.vimeo.com https://player.vimeo.com https://platform.instagram.com https://www.instagram.com https://static.ads-twitter.com https://webanalytics.digiaiiris.com https://analytics.twitter.com https://analytics.twitter.com/i/adsct https://static.hotjar.com https://script.hotjar.com https://*.hs-scripts.com https://*.hsforms.com https://*.hsforms.net https://*.hs-banner.com https://*.hsadspixel.net https://*.hs-analytics.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hubspot.com https://*.hubspot.net https://play.hubspotvideo.com https://hubspotfeedback.com https://*.hubapi.com https://*.usemessages.com https://static.hsappstatic.net https://*.hs-sites.com https://no-cache.hubspot.com https://js.hscta.net https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://*.hs-sites-eu1.com/; font-src 'self' 'unsafe-inline' * https://wds.ace.teliacompany.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' 'unsafe-inline' * data:; connect-src 'self' 'unsafe-inline' * https://wds.ace.teliacompany.com; frame-src 'self' 'unsafe-inline' https://wds.ace.teliacompany.com https://player.vimeo.com/ https://www.facebook.com/ https://www.googletagmanager.com/ https://www.youtube-nocookie.com/ https://www.youtube.com https://www.instagram.com https://vars.hotjar.com https://td.doubleclick.net/ https://*.hubspot.com https://*.hubspot.net https://*.hs-sites.com https://play.hubspotvideo.com https://*.hsforms.net https://*.hsforms.com https://*.hs-sites-eu1.com/ 1
default-src https: data: 'self' *.rpsgroup.com; frame-src 'self' dashboards.webreality.co.uk https://*.doubleclick.net https://*.google.com *.vimeo.com *.hsforms.com https://*.livestorm.co *.hubspot.com *.alchemer.eu *.youtube.com *.bcast.fm *.rpsgroup.com rpspd.maps.arcgis.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.google-analytics.com *.googletagmanager.com *.fonts.net *.createsend1.com google.com *.google.com *.googleapis.com gstatic.com *.gstatic.com cdn.3cx.com *.vimeo.com *.marker.io *.onetrust.com *.hotjar.com *.luckyorange.com *.licdn.com *.hubspot.com *.hscollectedforms.net *.hsadspixel.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.usemessages.com *.doubleclick.net *.stackadapt.com *.juicer.io *.rpsgroup.com cdn-cookieyes.com px.ads.linkedin.com *.tidio.co *.tidiochat.com; img-src 'self' data: https: *.google-analytics.com google-analytics.com google-analytics.com *.umbraco.org gravatar.com *.gravatar.com gstatic.com *.gstatic.com i1.wp.com *.rpsgroup.com *.tidiochat.com; style-src 'self' 'unsafe-inline' *.fonts.net *.cloudfront.net *.typekit.net *.googleapis.com fonts.googleapis.com *.luckyorange.com *.juicer.io *.stackadapt.com *.rpsgroup.com *.tidiochat.com; frame-ancestors 'self' consultationspace.com www.rpsgroup.com rps.wrcdn.net toneofvoice.rpsgroup.com *.rpsgroup.com; connect-src 'self' *.analytics.google.com analytics.google.com *.doubleclick.net https://*.cookiescan.com https://*.google-analytics.com *.marker.io *.onetrust.com *.googlesyndication.com *.luckyorange.com *.hubapi.com *.hubspot.com *.hscollectedforms.net *.visitors.live/ajax *.linkedin.oribi.io *.googleapis.com *.stackadapt.com *.hsforms.com *.amazonaws.com *.juicer.io wss: *.hotjar.io *.rpsgroup.com px.ads.linkedin.com *.cookieyes.com cdn-cookieyes.com *.google.com *.tidiochat.com; font-src 'self' d3e85ikkjrhqme.cloudfront.net *.typekit.net *.gstatic.com *.googleapis.com *.juicer.io *.rpsgroup.com *.tidiochat.com; 1
default-src *.gosemofiber.com *.cloudflare.com *.crowdfiber.com *.powerfulreveal.com *.youtube.com *.powerfulreveal.com *.semoelectric.coop *.cdn.js *.jsdelivr.net *.commentportal.com commentportal.com *.google.com bootstrapcdn.com  googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com *.crowdfiber.io data: *.googletagmanager.com luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net *.nwwsd.org facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.facebook.net *.smeco.coop electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' billing.nwwsd.org elfsight.com icua.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co *.cooperative.com *.google-analytics.com gmpg.org cloudfront.net *.ctctcdn.com *.marketingautomation.services *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com *.azgt.coop; 1
frame-ancestors 'self' https://*.paperflite.com https://*.cleverstory.io https://*.iotbusiness-platform.com 1
frame-ancestors 'self' *.etracker.com *.mainova.de *.abtasty.com; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-63a1b3dc4ca60f9b59b0fabed5ced14d'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.secure-exchange.de/piwik/ youtube.com https://www.youtube.com/ https://secure.mobile.trotto.performgroup.com; 1
default-src 'self' https://liberty-bank-demos.com/ forms.hsforms.com web-chat.nativechat.com https://lbhomeloans.liberty-bank.com/ https://api.glia.com/; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.salemove.com *.glia.com snap.licdn.com *.bugherd.com https://tags.srv.stackadapt.com/events.js https://ads-engagement.presage.io/ https://static.woopra.com/js/ https://www.woopra.com/track/ *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.typekit.net *.salemove.com https://tags.srv.stackadapt.com/ https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.unsplash.com *.ads.linkedin.com https://www.google.com bugherd-attachments.s3.amazonaws.com 363-003-libertybankrebuild.azurewebsites.net https://b.videoamp.com/ https://tags.srv.stackadapt.com/ *.doubleclick.net https://ads-engagement.presage.io https://trkn.us/ *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net; frame-src 'self' https://liberty-bank-demos.com/ forms.hsforms.com web-chat.nativechat.com https://www.google.com/ sidebar.bugherd.com https://www.dayforcehcm.com/CandidatePortal/en-US/lbank https://us231.dayforcehcm.com/CandidatePortal/en-US/lbank https://www.youtube.com https://files.connellypartners.com/ http://liberty-bank-demos.com/ https://www.dayforcehcm.com https://*.dayforcehcm.com/ *.doubleclick.net; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://api.glia.com/visitor_config https://analytics.google.com *.salemove.com *.googleapis.com stats.g.doubleclick.net cdn.linkedin.oribi.io wss://pubsub.salemove.com https://tags.srv.stackadapt.com/ https://www.woopra.com/track/push/ *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: staticcdn.co.nz www.youtube.com *.vimeo.com *.captivate.fm *.google-analytics.com *.googletagmanager.com www.google.com www.gstatic.com *.googleapis.com; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.googleapis.com; img-src 'self' data: staticcdn.co.nz shielded.co.nz i.ytimg.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' data: *.googleapis.com *.gstatic.com; frame-src 'self' staticcdn.co.nz www.youtube.com *.vimeo.com *.captivate.fm *.spotify.com www.google.com; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1
default-src 'self' http: https: ws: wss: 'unsafe-inline' 'unsafe-eval' data:; child-src 'self' blob: https:; img-src 'self' blob: data: https:; worker-src 'self' blob: https: 1
default-src http: https: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data:; object-src 'none'; frame-ancestors 'self'; 1
frame-ancestors http://docplanner-front-test.docplanner.com https://docplanner-front-test.docplanner.com *.doctoralia.pe doctoraliaone-pe2-candidate.azurewebsites.net 1
default-src 'self' *; font-src *;img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' * 1
default-src 'self' emergentconnect.com rapidrad.com totalcloudpacs.com *.rapidrad.com *.totalcloudpacs.com *.googleapis.com *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com google.com www.google.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com media.twiliocdn.com cdn.statuspage.io cdn.jsdelivr.net code.jquery.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com cdn.jsdelivr.net; img-src 'self' data: *.cloudfront.net *.googleapis.com *.rapidrad.com *.totalcloudpacs.com *.gstatic.com *.rackcdn.com; font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com; frame-src 'self' emergentconnect.com rapidrad.com totalcloudpacs.com *.rapidrad.com *.totalcloudpacs.com *.googleapis.com www.google.com 1
default-src 'self' https: blob:; script-src 'unsafe-inline' 'unsafe-eval' https://my.logically.com; style-src 'unsafe-inline' https://my.logically.com; img-src data: https://my.logically.com; frame-ancestors 'self' 1
frame-ancestors 'self' labflow.com *.labflow.com labflow.ca *.labflow.ca *.instructure.com blackboard.com *.blackboard.com  ; 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.ciis.edu/report-uri/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' idembn.bienes.cl *.cargafacil.cl *.bancochile.cl *.bancointernacional.cl *.internacional.cl *.scotiabank.cl *.scotiabankchile.cl *.bci.cl *.bice.cl *.hsbc.cl *.santander.cl *.itau.cl *.bancosecurity.cl *.bancofalabella.cl *.db.com *.bancoripley.cl *.rabobank.cl *.rabobank.com *.bancoconsorcio.cl *.bancoestado.cl *.bancoedwards.cl *.tbanc.cl *.bancocondell.cl *.santandermovil.cl *.transbank.cl *.puntototalredtransaccional.cl movired.cl *.mbip.cl *.placeholder.com *.instagram.com *.twitter.com *.google.com *.googletagmanager.com *.google-analytics.com *.youtube.com *.spotify.com *.spotifycdn.com *.userway.org *.ytimg.com *.doubleclick.net *.openstreetmap.org *.googleapis.com *.gstatic.com *.fontawesome.com *.metro.cl *.cloudfront.net data: ; report-uri https://www.metro.cl 1
frame-ancestors 'self' https://www.tiendasmass.com.pe https://tiendasmass.com.pe; 1
frame-ancestors 'self' blank;object-src 'self' blank; 1
frame-ancestors 'self' https://nurture.solarwinds.com/ https://solarwinds.pathfactory.com/ https://orangematter.solarwinds.com/ https://thwack.solarwinds.com/ https://www.solarwinds.com/ https://try.solarwinds.com/ 1
report-uri https://ent-csp-report2.azurewebsites.net ; default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://*.yahoo.co.jp https://s.yimg.jp https://code.createjs.com https://cdn.rawgit.com/ics-creative/ParticleJS/ https://static.criteo.net https://www.googletagmanager.com https://code.jquery.com https://cdn.jsdelivr.net/particles.js/ https://tpc.googlesyndication.com https://trusted-web-seal.cybertrust.ne.jp/seal/ https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://*.criteo.com https://t.contentsquare.net/ app.contentsquare.com ; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome-animation/ https://cdnjs.cloudflare.com/ajax/libs/animate.css https://unpkg.com/swiper@7/ https://*.googleapis.com https://code.jquery.com ; font-src 'self' data: https://use.fontawesome.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://fonts.gstatic.com ; img-src * data: ; connect-src 'self' https://*.google-analytics.com https://*.googlesyndication.com https://*.googleapis.com https://*.criteo.com https://*.yahoo.co.jp *.contentsquare.net ; frame-src 'self' https://bid.g.doubleclick.net https://www.youtube.com https://static.criteo.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com https://widgets.itunes.apple.com https://tools.applemediaservices.com https://*.criteo.com https://*.google.com csxd.harlequin-library.jp csxd.hqcomic.jp ; child-src 'self' blob: ; 1
script-src 'self' cdn.prod.website-files.com ssl.google-analytics.com www.pagespeed-mod.com www.googleadservices.com cdnjs.cloudflare.com unpkg.com code.jquery.com dmogdx0jrul3u.cloudfront.net ws.zoominfo.com ws-assets.zoominfo.com static.opentok.com cdn.finsweet.com assets.website-files.com js.stripe.com js.hsforms.net d3e54v103j8qbb.cloudfront.net ajax.googleapis.com connect.facebook.net dev.visualwebsiteoptimizer.com www.google-analytics.com www.googletagmanager.com cdn.calibermind.com js.hs-scripts.com bat.bing.com snap.licdn.com googleads.g.doubleclick.net www.googleoptimize.com cdn.popupsmart.com cdn.usefathom.com cdn-cookieyes.com px.airpr.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net finsweet-cmslib-scripter.s3.us-east-2.amazonaws.com assets-global.website-files.com cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com j.6sc.co px.ads.linkedin.com vidassets.terminus.services www.facebook.com tag.clearbitscripts.com 'unsafe-inline' 'unsafe-eval' 'report-sample'; object-src asset.mavenclinic.com asset.mvnctl.net asset.qa1.mvnapp.net asset.qa2.mvnapp.net asset.staging.mvnapp.net; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub98c828d344e4e597329d4c9c232ee109&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production; 1
default-src 'self' *.google.com *.google.com.co https://*.instana.io/ https://eum-coral-saas.instana.io/ https://eum.instana.io/eum.min.js *.doubleclick.net *.google-analytics.com *.jquery.com *.youtube.com *.emtelco.co *.tuya.com.co *.bootstrapcdn.com *.datatables.net *.cloudfront.net *.fontawesome.com static2.creative-serving.com https://widget02.wolkvox.com/ *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.hotjar.com *.hotjar.io *.cloudflare.com *.qualtrics.com *.facebook.com *.facebook.net jsonip.com *.doubleclick.net 'unsafe-eval' 'unsafe-inline' *.jsdelivr.net *.eltiempo.co *.ltroute.com *.logo.wine *.googleadservices.com *.bkrtx.com adserv.mobi *.loganmedia.mobi *.bluekai.com *.go2aluna.co ikiwi.co *.pure.cloud wss://streaming.cac1.pure.cloud data: blob: mediastream: https://www.tuya.com.co;; frame-ancestors *.exito.com *.carulla.com *.puntoscolombia.com *.maxymiser.com;; report-uri /report-csp-violation 1
script-src 'nonce-41ACDC9' 'strict-dynamic' 'self' https://www.google.com https://www.gstatic.com; frame-src 'self' https://www.google.com https://www.gstatic.com; object-src 'none'; img-src *; base-uri 'none'; 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-STFQUEdSaEF1MTlxcGY1VnFlR3lBaUJZTWRWeDd6bWpuU1ovejNDU3pPRT06Y1Nxc0lGMHExVzBJNXFnRTNidmJMVU1iSHJRNmxrL3RxaE5VK2ozbW9xQT0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://yahor.of.by;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self' nc: https://yahor.of.by;frame-ancestors 'self' https://yahor.of.by;form-action 'self' https://yahor.of.by 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com *.tiktok.com sc-static.net *.sc-static.net *.licdn.com *.facebook.net *.snapchat.com https://analytics.tiktok.com https://sc-static.net https://snap.licdn.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'self'; base-uri 'self'; connect-src 'self' https://privacyportal.cookiepro.com https://cookie-cdn.cookiepro.com https://journeyplanner.transportforireland.ie https://maps.googleapis.com *.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com *.linkedin.oribi.io *.tiktok.com *.linkedin.oribi.io *.tiktok.com *.snapchat.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://journeyplanner-production.transportforireland.ie https://wavregisterprod.nationaltransport.ie https://wavregisterpreprod.nationaltransport.ie https://complimentscomplaintsprod.nationaltransport.ie https://complimentscomplaintspreprod.nationaltransport.ie https://publicregisterprod.nationaltransport.ie https://publicregisterpreprod.nationaltransport.ie https://publicregister.nationaltransport.ie https://wavregister.nationaltransport.ie https://complimentscomplaints.nationaltransport.ie https://journeyplanner.transportforireland.ie https://www.google.com https://www.journeyplanner.transportforireland.ie https://www.youtube.com https://youtube.com https://youtube-nocookie.com https://www.youtube-nocookie.com *.snapchat.com; img-src 'self' data: https://ps.w.org https://www.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com https://secure.gravatar.com https://www.google-analytics.com *.linkedin.com https://www.facebook.com; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
default-src 'self'; frame-ancestors 'none'; report-uri https://mnot.report-uri.com/r/d/csp/enforce 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google-analytics.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.gstatic.com https://munchkin.marketo.net https://maps.googleapis.com https://cdn.jsdelivr.net https://connect.facebook.net https://googleads.g.doubleclick.net https://*.onetrust.com https://livechat.jncb.com https://jncb.fluidaibot.com https://*.jncb.com https://cdn.amplitude.com https://*.instana.io/ 1
default-src 'self' https://login.microsoftonline.com; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://zonmw.containers.piwik.pro https://zonmw.piwik.pro https://svc.webspellchecker.net https://static.userback.io https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/ https://platform.twitter.com/ https://static.mailplus.nl https://m15.mailplus.nl https://www.google.com https://www.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://static.userback.io https://cdnjs.cloudflare.com https://zonmw.piwik.pro https://fonts.googleapis.com https://fonts.gstatic.com https://static.mailplus.nl; img-src 'self' data: https://www.gstatic.com https://fonts.gstatic.com https://syndication.twitter.com/ https://zonmw.piwik.pro https://static.userback.io https://cdnjs.cloudflare.com https://fonts.googleapis.co https://maps.googleapis.com https://www.rovid.nl; media-src 'self' data: https://www.rovid.nl; frame-src 'self' data: https://*.tronit.nl/ https://platform.twitter.com/ https://www.linkedin.com/ https://www.google.com/; frame-ancestors *; child-src 'self'; font-src 'self' data: https://www.google.com/recaptcha/ https://fonts.googleapis.com/ https://fonts.gstatic.com https://static.userback.io; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; frame-ancestors 'none'; object-src 'none'; form-action 'self'; script-src 'self'; connect-src 'self'; img-src * 'self'; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests; report-uri https://meta.shaunc.com/report-uri/csp 1
block-all-mixed-content; frame-ancestors 'self' https://maps.usacarry.com 1
default-src 'self' syscoin.dev *.syscoin.org www.google.com *.google.com *.twitter.com www.youtube.com *.youtube.com *.yahoo.com *.linkedin.com *.google-analytics.com *.yimg.com stats.g.doubleclick.net *.googletagmanager.com *.iubenda.com *.hotjar.io *.lfeeder.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.twitter.com *.yimg.com *.cloudflareinsights.com chimpstatic.com https://www.googletagmanager.com *.googletagmanager.com googletagmanager.com *.google-analytics.com *.google.com www.google.com www.gstatic.com *.gstatic.com *.licdn.com *.lfeeder.com *.iubenda.com *.cloudfront.net *.cloudflare.com *.hotjar.com;style-src 'self' 'unsafe-inline' *.googleapis.com;font-src 'self' 'unsafe-inline' *.gstatic.com data: 1
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * blob: data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src * 1
default-src https: 'unsafe-inline' 'unsafe-eval' data:; font-src 'self' data: https:; worker-src 'self' https: blob:; 1
default-src 'none';
 connect-src 'self' https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://analytics.google.com/ https://www.google-analytics.com https://mc.yandex.ru/ https://analytics.tiktok.com/ https://armrbk.kazincombank.kz:30500/ https://backend.bankrbk.kz/ https://mc.yandex.ru/clmap/62000707 https://mc.yandex.ru/watch/62000707 https://mc.yandex.ru/webvisor/62000707 https://sentry.ibecsystems.kz/api/41/store/ https://stats.g.doubleclick.net/j/collect https://www.facebook.com/tr/ https://www.google-analytics.com/j/collect;
 frame-src 'self' https://payment.processinggmbh.ch https://www.google.com https://www.youtube.com https://3ds.bankrbk.kz:8443/ https://3dsecure2.halykbank.kz/ https://3ds.kaspi.kz/;
 img-src 'self' data: https://www.google-analytics.com/ https://backend-test.bankrbk.kz https://api-maps.yandex.ru https://backend.bankrbk.kz https://core-renderer-tiles.maps.yandex.net https://mc.yandex.ru https://www.facebook.com https://www.google.com https://www.google.kz;
 media-src 'self' https://backend.bankrbk.kz;
 script-src 'self' 'unsafe-inline' https://analytics.tiktok.com https://www.gstatic.com/recaptcha/ https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://www.google.com/recaptcha/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://api-maps.yandex.ru/ https://core-renderer-tiles.maps.yandex.net https://mc.yandex.ru/ https://www.googletagmanager.com/ https://yastatic.net/;
 font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com;
 style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; 1
default-src 'unsafe-inline' 'unsafe-eval' museumofthebible.org museumofthebible.cdn.prismic.io info.museumofthebible.org login.museumofthebible.org www.museumofthebible.org phpstack-448274-1403762.cloudwaysapps.com player.vimeo.com api.vimeo.com www.youtube.com museumofthebible.prismic.io www.google-analytics.com analytics.google.com adservice.google.com 8092262.fls.doubleclick.net stats.g.doubleclick.net static.doubleclick.net td.doubleclick.net googleads.g.doubleclick.net bid.g.doubleclick.net prismic.io wroom.io code.jquery.com googleapis.com ajax.googleapis.com recruitingbypaycor.com www.google.com cdnjs.cloudflare.com static.cdn.prismic.io static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com vc.hotjar.io wss://ws9.hotjar.com cs.yieldoptimizer.com tag.yieldoptimizer.com pixel.mathtag.com 11007.iceuc.com iceim01.iceuc.com s7.addthis.com m.addthis.com www.cognitoforms.com static.cognitoforms.com api.idonate.com embed.idonate.com widget.spreaker.com a36748.actonsoftware.com connect.facebook.net www.facebook.com my.matterport.com s3.us-east-1.amazonaws.com pixel.sitescout.com cdn.linkedin.oribi.io bat.bing.com static.addtoany.com; script-src-elem 'unsafe-inline' data: www.cognitoforms.com www.google.com www.gstatic.com embed.idonate.com z.moatads.com v1.addthisedge.com www.google-analytics.com static.hotjar.com script.hotjar.com wss://ws9.hotjar.com www.googleadservices.com bat.bing.com 8092262.fls.doubleclick.net stats.g.doubleclick.net static.doubleclick.net googleads.g.doubleclick.net s.adroll.com info.museumofthebible.org www.museumofthebible.org prismic.io wroom.io www.googletagmanager.com unpkg.com static.cognitoforms.com html2canvas.hertzen.com s.ytimg.com d.adroll.com player.vimeo.com api.vimeo.com www.youtube.com snap.licdn.com static.ads-twitter.com analytics.twitter.com d.adroll.mgr.consensu.org connect.facebook.net cdnjs.cloudflare.com phpstack-448274-1403762.cloudwaysapps.com static.cdn.prismic.io 11007.iceuc.com iceim01.iceuc.com s7.addthis.com m.addthis.com code.jquery.com googleapis.com ajax.googleapis.com recruitingbypaycor.com static.addtoany.com; font-src data: *; frame-ancestors 'self' my.matterport.com static.cdn.prismic.io 11007.iceuc.com; img-src 'unsafe-inline' data: *; style-src 'unsafe-inline' *; style-src-elem 'unsafe-inline' *; 1
upgrade-insecure-requests; script-src * 'unsafe-inline' 'unsafe-eval' blob:; object-src *; frame-ancestors 'self' www.vliz.be vliz.be www.lifewatch.be lifewatch.be; 1
script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; worker-src 'self' blob: https: ; 1
frame-ancestors https://*.jabraenhance.com https://*.paypal.com 1
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 1
default-src 'none'; connect-src https://*.cbmalta.com; font-src 'self'; frame-src 'self'; img-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src https://*.cbmalta.com/program/resources/dummy.pdf; report-uri https://tecnalis.report-uri.com/r/d/csp/enforce/ 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; frame-src https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data:; connect-src https://hcaptcha.com https://*.hcaptcha.com https://o1026979.ingest.sentry.io/; report-uri https://o1026979.ingest.sentry.io/api/5996803/security/?sentry_key=e8c418276d2e4ea7af6b35e151b190bb&sentry_environment=production 1
frame-ancestors 'self' absencetracker.com *.absencetracker.com ; 1
frame-ancestors 'self' *.nscc.ca:*; 1
base-uri 'self';connect-src 'self' https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://consentcdn.cookiebot.com https://consent.cookiebot.com https://content.hotjar.io https://px.ads.linkedin.com https://collector.leadinfo.net https://api.leadinfo.com wss://ws.hotjar.com;default-src 'self';font-src 'self' data: https://doe.nl;form-action 'self';frame-ancestors 'self' *.cito.nl *.doe.nl;frame-src 'self' *.vimeo.com *.youtube.com *.google.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://formulieren.cito.nl https://www2.cito.nl https://www.google.com/recaptcha https://recaptcha.google.com/recaptcha https://issuu.com https://www.cito.nl https://td.doubleclick.net;img-src 'self' data: *.ytimg.com https://www.google.com https://www.google.nl https://www.googletagmanager.com https://www.google-analytics.com https://px.ads.linkedin.com https://www.facebook.com https://imgsct.cookiebot.com https://consentcdn.cookiebot.com;manifest-src 'self';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://www.google.com/recaptcha/ https://cdn.leadinfo.net https://www.gstatic.com/recaptcha/;style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' http://info.barchart.com 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/ https://radio.onlyencodes.cc; connect-src 'self' https://onlyencodes.cc:8443/socket.io/ wss://onlyencodes.cc:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
frame-ancestors 'self'; frame-src 'self' https://*.draw.io https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://embed.diagrams.net; script-src http: https: 'nonce-3qXtIG4RuMfwCJ3ZFxElBaE8' 'strict-dynamic'; object-src 'self'; base-uri 'self' 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.googleapis.com https://*.cloudfront.net  https://*.cloudflare.com https://*.youtube.com https://*.xy.finance; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.cloudfront.net https://*.googleapis.com https://*.thundercore.com https://*.cloudflare.com https://*.youtube.com https://*.google-analytics.com https://*.googletagmanager.com; style-src * data: 'unsafe-inline'; font-src 'self' data: https://*.gstatic.com; connect-src https://*.thundercore.com https://prod-official-backend.platform.dev.tt-eng.com https://*.google-analytics.com https://stats.g.doubleclick.net; manifest-src 'self' 'unsafe-inline'; object-src 'none'; img-src * data: 'unsafe-inline';frame-src 'self' data: https://*.youtube.com https://*.xy.finance; frame-ancestors 'none'; base-uri 'none'; form-action 'none'; report-uri https://www.thundercore.com 1
default-src 'self'; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data: blob:; child-src 'self' https: blob:; connect-src 'self' *.paypal.com *.svc.dynamics.com *.dynamics.com *.w3.org *.getgo.com *.bizzabo.com *.pheedloop.com *.bugsnag.com *.microsoft.com https://unpkg.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net google.com *.google.com *.geolocation.onetrust.com *.onetrust.com *.linkedin.oribi.io *.oribi.io *.adroll.com *.clickdimensions.com *.cookielaw.org *.cloudflare.com *.facebook.net *.facebook.com *.googleapis.com *.typekit.net *.gstatic.com *.doubleclick.net *.twimg.com *.linkedin.com *.crazyegg.com *.licdn.com *.twitter.com *.google-analytics.com *.google.co.in *.googleadservices.com *.googletagmanager.com *.gstatic.com https://ml314.com *.company-target.com *.demandbase.com *.6sc.co; script-src  'unsafe-inline' 'self'  *.azureedge.net *.bizzabo.com *.pheedloop.com *.bugsnag.com *.paypal.com *.w3.org *.getgo.com https://unpkg.com  https://cxppusa1formui01cdnsa01-endpoint.azureedge.net *.vimeo.com *.microsoft.com *.msecnd.net *.svc.dynamics.com *.dynamics.com *.brightcove.net *.cloudfront.net *.googletagmanager.com *.fontawesome.com *.wistia.com *.nprapps.org google.com *.google.com *.adroll.com *.ads-twitter.com *.clickdimensions.com *.cookielaw.org *.cloudflare.com *.facebook.net *.googleapis.com *.typekit.net *.gstatic.com *.doubleclick.net *.twimg.com *.linkedin.com *.crazyegg.com *.licdn.com *.twitter.com *.google-analytics.com *.google.co.in *.googleadservices.com *.googletagmanager.com *.gstatic.com https://ml314.com *.buzzsprout.com *.blubrry.com *.company-target.com *.demandbase.com *.6sc.co *.simpli.fi; style-src 'self' https: 'unsafe-inline' *.svc.dynamics.com *.dynamics.com *.paypal.com https://organizer.bizzabo.com https://site.pheedloop.com https://sessions.bugsnag.com https://unpkg.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://ml314.com *.blubrry.com;  worker-src  'self' blob:; frame-ancestors 'self' *.dynamics.com *.azureedge.net *.microsoft.com; 1
default-src 'self' *; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' 'unsafe-hashes' *; script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https://fast.vidalytics.com blob: data:; frame-src 'self' *; 1
default-src 'self' 'unsafe-eval' data: *.gstatic.com *.google-analytics.com *.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.visualwebsiteoptimizer.com *.gstatic.com bat.bing.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: *.gravatar.com bat.bing.com; font-src 'self' data: https:; connect-src 'self' *.datadoghq.com *.linkedin.com *.eventconnect.io *.bamboohr.com *.ada.support *.yoast.com *.facebook.com *.google.com *.google-analytics.com *.yoast.com wss://*.hotjar.com *.hotjar.io *.hotjar.com *.hubspot.com *.hubapi.com *.hsforms.com wss://ws22.hotjar.com/api/v2/client/ws stats.g.doubleclick.net https://cdnjs.cloudflare.com *.hotjar.com; media-src 'self' https:; object-src 'self'; frame-src 'self' *.doubleclick.net *.youtube.com *.jotform.com *.eventconnect.io *.ada.support xd.adobe.com/ www.google.com www.googletagmanager.com connect.facebook.net www.facebook.com bid.g.doubleclick.net *.hotjar.com *.hsforms.com; frame-ancestors 'self' about: *.eventconnect.io *.ada.support; form-action 'self' *.facebook.com *.hsforms.com; 1
default-src 'self' 'unsafe-inline' https: data: blob: https://www.googletagmanager.com https://ajax.googleapis.com https://connect.facebook.net https://cdnjs.cloudflare.com https://www.google.com https://analytics.clickdimensions.com https://www.gstatic.com https://www.youtube.com https://px.ads.linkedin.com https://secure.gravatar.com https://analytics.google.com https://terracon.maps.arcgis.com https://www.facebook.com https://www.linkedin.com https://googleads.g.doubleclick.net https://td.doubleclick.net https://unpkg.com https://snap.licdn.com https://mktdplp102cdn.azureedge.net https://99ea8d574a7e4e278673630c45a03e9d.svc.dynamics.com https://ajax.aspnetcdn.com https://fonts.googleapis.com https://unpkg.com https://fonts.gstatic.com https://fonts.gstatic.com https://fonts.googleapis.com 1
upgrade-insecure-requests  ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com *.mapbox.com *.lytics.io js.jebbit.com blob: feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org script.crazyegg.com js.jebbit.com js.adsrvr.org connect.facebook.net z.moatads.com cdn.segment.com pghub.io www.youtube.com *.lytics.io *.bazaarvoice.com *.pricespider.com cdnjs.cloudflare.com *.mapbox.com *.iesnare.com feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' insight.adsrvr.org *.doubleclick.net feed.pghub.io www.facebook.com consumersupport.pg.com pgnagain.jebbit.com jebbit.ilovegain.com www.youtube.com pandg.tapad.com ; img-src 'self' data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com pixel.tapad.com *.doubleclick.net www.facebook.com *.lytics.io *.akamaihd.net *.moatads.com *.pricespider.com *.bazaarvoice.com i.ytimg.com cdn.cookielaw.org feed.pghub.io pandg.tapad.com ; connect-src 'self' *.google-analytics.com *.cookielaw.org *.jebbit.com *.doubleclick.net *.crazyegg.com *.adsrvr.org *.segment.com *.segment.io *.bazaarvoice.com *.pricespider.com *.mapbox.com geolocation-db.com *.algolia.net *.algolianet.com wss: feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
worker-src 'self' blob:; block-all-mixed-content; font-src fonts.gstatic.com *.amazonaws.com cdn.axminstertools.com cdn.honey.io *.bglobale.com *.global-e.com use.fontawesome.com maxcdn.bootstrapcdn.com cdn.userway.org *.yotpo.com *.googleapis.com *.gstatic.com blog.axminstertools.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypalobjects.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn-ukwest.onetrust.com *.authorize.net *.paypal.com *.algolianet.com *.algolia.net *.apple-mapkit.com cdn.axminstertools.com bat.bing.com www.clarity.ms static.cloudflareinsights.com *.doubleclick.net suite22.emarsys.net connect.facebook.net wchat.freshchat.com apis.google.com ssl.google-analytics.com tpc.googlesyndication.com www.google.com/pagead/ tagmanager.google.com *.googletagmanager.com *.hotjar.com js-agent.newrelic.com *.scarabresearch.com *.sentry-cdn.com widget.trustpilot.com *.twitter.com *.ads-twitter.com www.youtube.com *.online-metrix.net *.afterpay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://angus.finance-calculator.co.uk *.bglobale.com *.global-e.com *.yotpo.com swellrewards.com *.swellrewards.com widget.freshworks.com m2epro.freshdesk.com cdn.userway.org testflex.cybersource.com flex.cybersource.com pay.google.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com prismic.io static.cdn.prismic.io html2canvas.hertzen.com blogcdn.axminstertools.com stats.wp.com talk.hyvor.com cdnapisec.kaltura.com blog.axminstertools.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; manifest-src cdn.axminstertools.com 'self'; base-uri 'self' 'unsafe-inline'; report-uri https://o321468.ingest.sentry.io/api/1815626/security/?sentry_key=4be58bfe3e5a4d6590b3f5022cda615a; report-to report-endpoint; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://kit.fontawesome.com/5f78583775.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.2.2/js/bootstrap.bundle.min.js https://cdnjs.cloudflare.com/ajax/libs/is-in-viewport/3.0.4/isInViewport.min.js https://cdnjs.cloudflare.com/ajax/libs/autosize.js/5.0.1/autosize.min.js https://cdnjs.cloudflare.com/ajax/libs/sharer.js/0.5.1/sharer.min.js https://email.efex.com.au/resources/sharing/embed.js https://unpkg.com/@lottiefiles/lottie-player@1.6.0/dist/lottie-player.js https://www.googletagmanager.com/gtag/js https://unpkg.com/@lottiefiles/lottie-interactivity@1.6.2/dist/lottie-interactivity.min.js https://vimeo.com/api/oembed.json https://f.vimeocdn.com/p/4.25.13/js/player.module.js https://f.vimeocdn.com/p/4.25.13/js/vendor.module.js https://f.vimeocdn.com/js_opt/modules/utils/vuid.min.js https://f.vimeocdn.com/js_opt/modules/utils/vuid.min.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/cast/sdk/libs/sender/1.0/cast_framework.js https://www.gstatic.com/eureka/clank/117/cast_sender.js https://f.vimeocdn.com/p/4.25.13/js/player.module.js https://f.vimeocdn.com/p/4.25.13/js/vendor.module.js https://f.vimeocdn.com/js_opt/modules/utils/vuid.min.js https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/cast/sdk/libs/sender/1.0/cast_framework.js  https://www.gstatic.com/eureka/clank/117/cast_sender.js https://email.efex.com.au/assets/scripts/LandingPagesEmbedded1_2 https://email.efex.com.au/Resources/LandingPagesEmbedded/localised/strings.js https://www.googletagmanager.com/gtm.js https://unpkg.com/@lottiefiles/lottie-interactivity@latest/dist/lottie-interactivity.min.js https://www.vimeo.com/api/oembed.json https://maps.googleapis.com; style-src 'report-sample' 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://fonts.googleapis.com https://kit.fontawesome.com/5f78583775.js; object-src 'none'; base-uri 'self'; connect-src 'self' https://ka-p.fontawesome.com https://kit-uploads.fontawesome.com https://www.google-analytics.com https://maps.googleapis.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; frame-src 'self' https://email.efex.com.au https://player.vimeo.com https://r1.dotdigital-pages.com; img-src data: 'self' https://www.googletagmanager.com https://maps.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://i.vimeocdn.com https://lh3.ggpht.com https://lh3.ggpht.com https://i.vimeocdn.com/video/1568323917-4ccc690ec25da531eae5861e5c1a7b7c5b2d65f5ae8f2ac91fc18315e4d8471c-d; manifest-src 'self'; media-src 'self'; worker-src 'none'; form-action 'self'; 1
img-src *.linkedin.com *.zopim.io queue-it.com *.giphy.com https://*.codecogs.com https://*.hubspot.com script.hotjar.com *.fs1.hubspotusercontent-na1.net https://forms.hsforms.com/ https://forms-na1.hsforms.com/ https://www.hotjar.com/ https://googleads.g.doubleclick.net/ 'self' data:; font-src 'self' fonts.googleapis.com cdnjs.cloudflare.com fonts.gstatic.com script.hotjar.com ; default-src 'self' *.aspnetcdn.com cdnjs.cloudflare.com *.googletagmanager.com *.hotjar.com *.convertexperiments.com snap.licdn.com *.zdassets.com queue-itchat.zendesk.com youtube.com fonts.gstatic.com fonts.googleapis.com wss://widget-mediator.zopim.com www.youtube.com wss://*.hotjar.com/api/v2/client/ws *.hotjar.io *.hs-scripts.com *.infogram.com *.youtube-nocookie.com *.vimeo.com *.popt.in https://www.google-analytics.com unpkg.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.hs-analytics.net https://js.usemessages.com https://api.hubspot.com https://forms.hubspot.com https://track.hubspot.com https://app.hubspot.com https://assets.queue-it.net https://js.hsleadflows.net/leadflows.js cdn.cookietractor.com https://js.hsforms.net/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://td.doubleclick.net/ https://forms.hsforms.com/ https://forms-na1.hsforms.com/ https://www.googleadservices.com/ https://forms-na1.hsforms.com/ https://px.ads.linkedin.com/ https://region1.google-analytics.com https://googleads.g.doubleclick.net/ https://www.google.com/ https://scripts.teamtailor-cdn.com https://js.hs-analytics.net/ https://app.cookietractor.com/ https://adservice.google.com/ cdn.jsdelivr.net https://code.jquery.com https://static.queue-it.net https://queueitcom.queue-it.net/ 'unsafe-inline' 'unsafe-eval'; 1
base-uri 'none' ;frame-ancestors 'self' https://www.easy-prace.cz https://www.zivotopisy.cz https://www.personalniagentury.cz ;default-src 'unsafe-inline' 'self' data: ;style-src 'unsafe-inline' 'self' https://www.easy-prace.cz https://www.zivotopisy.cz https://www.personalniagentury.cz https://fonts.googleapis.com ;font-src 'self' data: https://fonts.gstatic.com ;connect-src 'self' https://www.easy-prace.cz https://www.zivotopisy.cz https://pdf.zivotopisy.cz https://www.personalniagentury.cz https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.googleadservices.com https://adservice.google.com https://stats.g.doubleclick.net https://www.google.com https://maps.googleapis.com https://www.youtube.com/ https://h.seznam.cz ;script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://www.easy-prace.cz https://www.zivotopisy.cz https://www.personalniagentury.cz https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://*.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://www.seznam.cz https://c.seznam.cz ;img-src 'self' data: https://www.easy-prace.cz https://www.zivotopisy.cz https://www.personalniagentury.cz https://www.google.com https://www.google.cz https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com https://c.seznam.cz https://*.youtube.com https://i.ytimg.com https://conv.indeed.com https://*.tile.osm.org ;frame-src https://www.easy-prace.cz https://www.zivotopisy.cz https://pdf.zivotopisy.cz https://www.personalniagentury.cz https://*.youtube.com https://www.google.com https://docs.google.com https://td.doubleclick.net ;object-src 'none' ;upgrade-insecure-requests ;report-uri https://www.easy-prace.cz/report_content_security_policy ;report-to csp 1
default-src 'none';script-src 'unsafe-inline' 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://maps.googleapis.com https://az416426.vo.msecnd.net/scripts/ https://www.google-analytics.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/;connect-src 'self' https://stats.g.doubleclick.net/ https://maps.googleapis.com/ https://dc.services.visualstudio.com/ https://www.google-analytics.com/j/collect;font-src 'self' https://fonts.gstatic.com/s/;img-src 'self' blob: data: https://www.google.com/ https://www.google.com.au/ https://maps.googleapis.com/maps/ https://maps.gstatic.com/mapfiles/ https://img.youtube.com; child-src https://www.youtube.com https://www.google.com/ 1
script-src 'self' blob: 'nonce-f1b8a4caa7824d2a8c9a7362f748864f' www2.silkhorseclub.jp chat1-63b.chatdealer.jp www.google-analytics.com ssl.google-analytics.com vjs.zencdn.net players.brightcove.net; img-src 'self' blob: data: www2.silkhorseclub.jp null www.google-analytics.com ssl.google-analytics.com img.youtube.com i.ytimg.com *.prod.boltdns.net metrics.brightcove.com; connect-src 'self' www2.silkhorseclub.jp chat1-63b.chatdealer.jp www.google-analytics.com ssl.google-analytics.com *.prod.boltdns.net edge.api.brightcove.com *.akamaihd.net; 1
script-src 'unsafe-eval' 'self' wss://*.zopim.com *.adnxs.com *.youtube-nocookie.com  *.cloudfront.net  *.hays.com.au *.recaptcha.net tag.benchplatform.com  *.serving-sys.com *.iron0walk.com *.botrecruiter.com  *.infogram.com *.adnxs.com *.optimalworkshop.com  *.accesstrade.net *.ads-twitter.com  *.audioboom.com  secure-ds.serving-sys.com  soundcloud.com *.licdn.com *.doubleclick.net *.googleadservices.com acsbapp.com *.criteo.net  *.criteo.com  *.outbrain.com *.taboola.com web-material3.yokogawa view.ceros.com *.quantcount.com *.quantserve.com *.addthis.com *.adscience.nl *.quantserve.com *.quantcount.com *.akamaized.net *.bit.ly *.crazyegg.com *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.graph.instagram.com *.gstatic.com *.hays.co.uk *.hays.com *.hotjar.* *.hotjar.com *.igodigital.com *.instagram.fbom5-1.fna.fbcdn.net *.linkedin.com *.nccgroup-webperf.com *.onrecruit.net *.optimizely.com *.slideshare.net *.soundcloud.com *.surveymonkey.com *.tealiumiq.com *.tiqcdn.com *.twimg.com *.twitter.com *.typography.com *.vimeo.com *.youku.com *.youtube.com *.zdassets.com *.zopim.com *.zopim.io accessibe.com acsbap.com consent.trustarc.com consent-pref.trustarc.com consent-st.trustarc.com font-src https://v.qq.com prefmgr-cookie.truste-svc.ne 'self' 'unsafe-inline'; v.qq.com data:;worker-src 'unsafe-eval' 'self' cdn.jsdelivr.net blob: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://bark.lgbt; img-src 'self' data: blob: https://bark.lgbt https://media.bark.lgbt; style-src 'self' https://bark.lgbt 'nonce-cbbqxJG0vEMe2mDpnvRLoA=='; media-src 'self' data: https://bark.lgbt https://media.bark.lgbt; frame-src 'self' https:; manifest-src 'self' https://bark.lgbt; form-action 'self'; child-src 'self' blob: https://bark.lgbt; worker-src 'self' blob: https://bark.lgbt; connect-src 'self' data: blob: https://bark.lgbt https://media.bark.lgbt wss://bark.lgbt; script-src 'self' https://bark.lgbt 'wasm-unsafe-eval' 1
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; connect-src https:; 1
object-src 'self'; media-src 'self'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: web13.secureinternetbank.com *.facebook.com www.google.dz www.google.lu recaptcha.net www.google.kz *.onlinebanktours.com www.google.com.mt www.google.bj www.google.com.pe www.google.je cloudflare.com service.gstatic-cache.com www.google.com.bn www.google.com.ly errors.adobeaemcloud.com www.google.cn www.google.bs www.google.cm www.google.sc solicitudes.1firstbank.com www.firstbankteayuda.com google.com 1firstbank.com *.googlesyndication.com www.google.co.in www.google.com.ng www.google-analytics.com www.google.mg adservice.google.com.pr www.google.cv www.google.tg *.siteimproveanalytics.com www.google.ba cdn.jsdelivr.net www.google.lv www.google.co.ma ytimg.com google-analytics.com *.doubleclick.net digitalbanking.1firstbank.com www.google.com.hk www.google.co.jp www.google.com.qa adobedtm.com www.google.com.np adservice.google.com 1firstbank.io www.google.ee *.demdex.net www.google.com.bo www.google.co.il www.google.se www.google.com.uy www.google.bt www.google.jo www.google.it maxcdn.bootstrapcdn.com www.google.pt www.google.is googleapis.com ganalytics-data.1firstbank.com www.google.co.vi www.google.ps googleadservices.com www.google.com.gh *.facebook.net m.youtube.com www.google.com.kw www.google.com.mm www.google.com.vc google-admin.corp.google.com fbsbx.com www.google.com.pg www.google.nl www.google.co.id www.google.vg www.google.co.mz www.google.co.tz www.google.pl hipotecas.1firstbank.com *.siteimprove.com www.google.dk api.userway.org www.google.az www.google.com.tr *.userway.org www.google.ge www.google.fi youtube.com *.fbcdn.net *.recaptcha.net cdn77.api.qa.userway.dev www.google.sn www.google.gm www.1firstbank.com www.google.fr cdn.userway.org apis.google.com www.google.com.fj mobilemonkey.com region1.analytics.google.com youtube-nocookie.com www.google.hr www.google.com.cy *.googleadservices.com m.me www.google.com.bd www.google.com.ai *.gstatic.com www.google.co.uk api.mobilemonkey.com www.google.com.ar drive.google.com facebook.net www.google.co.ao www.google.co.th *.omtrdc.net www.google.ne firstbankbeyond.com www.google.co.kr www.google.co.zm *.everesttech.net www.google.com.sg www.google.com.eg www.google.ms ssl.google-analytics.com www.google.ch www.google.im siteimproveanalytics.io www.google.com.kh www.google.dm www.google.com.jm www.google.com.br *.adobedtm.com assets.adobedtm.com www.google.com.pr www.youtube.com omtrdc.net www.google.com.sl www.google.gg analytics.google.com www.google.co.ve www.google.com.pa google.com.co *.ganalytics-data.1firstbank.com www.google.tl www.google.com.af www.google.ca www.google.bf www.google.cz googletagmanager.com *.google-analytics.com www.google.be doubleclick.net www.google.ru www.google.ie *.ibosscloud.com *.appspot.com www.google.no www.google.tt www.google.com.my *.youtube.com *.googleapis.com www.google.com.gt www.google.ci www.gstatic.cn use.fontawesome.com fonts.gstatic.com *.siteimproveanalytics.io www.google.as www.google.md *.ytimg.com www.google.li www.google.si *.2o7.net digitalone.firstbank.local static.mobilemonkey.com *.googleusercontent.com demdex.net 6253864.global.siteimproveanalytics.io www.google.com everesttech.net www.googletagmanager.com www.google.com.ag www.google.tm www.google.sr *.fbsbx.com cdn77.api.userway.org www.google.bg www.google.rw www.google.al facebook.com *.mobilemonkey.com cdnjs.cloudflare.com www.google.com.sv siteimproveanalytics.com www.google.mu www.google.com.pk www.google.de translate.google.com *.adobe.com www.google.com.co www.google.at www.google.ht www.google.gy *.google.com gstatic.com www.google.ro www.google.ad www.recaptcha.net www.google.com.sa www.google.com.au www.google.es www.google.mn www.google.tn onlinebanktours.com www.google.am www.google.gr lh3.ggpht.com www.google.com.do www.google.com.py www.google.co.za rewardsfirstbank.com www.google.mv www.google.co.nz www.google.la www.google.com.gi www.google.co.uz www.google.com.ni *.cloudflare.com www.google.com.bh www.google.hu i.ytimg.com comercial.1firstbank.com appspot.com www.google.com.om localizador.1firstbank.com www.google.com.ph www.google.com.tw *.googletagmanager.com www.google.co.ug applications.1firstbank.com www.google.lt pro.fontawesome.com www.google.cd www.google.com.ua www.google.hn www.google.com.na www.google.co.cr www.google.co.bw www.google.com.cu www.google.com.bz www.google.mw www.google.co.ke www.google.com.et www.google.cl www.google.kg www.google.iq www.gstatic.com userway.org *.1firstbank.com www.google.ga www.google.com.ec www.google.lk www.google.sk *.youtube-nocookie.com www.google.com.vn www.google.com.mx www.google.ae; frame-ancestors 'self' appspot.com *.adobe.com cloudflare.com 1firstbank.com author-p64062-e536422.adobeaemcloud.com onlinebanktours.com solicitudes.1firstbank.com ganalytics-data.1firstbank.com ytimg.com facebook.com userway.org www.google.com demdex.net everesttech.net youtube-nocookie.com google-analytics.com google.com applications.1firstbank.com my2.siteimprove.com google.com.co digitalone.1firstbank.local youtube.com googleadservices.com  1
default-src 'self' *.sentry.io *.zoominfo.com *.facebook.com *.ctfassets.net *.algolia.net *.contentful.com *.vercel-insights.com *.google.com *.google-analytics.com *.cookielaw.org *.intercom.io *.onetrust.io *.onetrust.com *.clickagy.com wss://nexus-websocket-a.intercom.io *.mktoresp.com cdn.linkedin.oribi.io *.linkedin.com qf23dtaqm7-2.algolianet.com qf23dtaqm7-3.algolianet.com qf23dtaqm7-1.algolianet.com ekr.zdassets.com coalition1659361680.zendesk.com wss://widget-mediator.zopim.com api.control.stg.binaryedge.io api.control.dev.binaryedge.io api.control.coalitioninc.com api.control.dev.binaryedge.io api.control.demo.binaryedge.io api.control.stg.binaryedge.io coalition.zendesk.com rum.browser-intake-datadoghq.com *.auryc.com *.chilipiper.com *.coalitioninc.com maps.googleapis.com blob:; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *.sentry.io fonts.googleapis.com use.fontawesome.com unpkg.com info.coalitioninc.com heapanalytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com app.vwo.com *.sentry.io *.googleoptimize.com *.heapanalytics.com heapanalytics.com *.google-analytics.com *.googletagmanager.com *.cookielaw.org *.googleadservices.com *.facebook.net *.zoominfo.com *.ads-twitter.com *.licdn.com *.clearbitjs.com *.intercom.io *.clickagy.com *.intercomcdn.com *.doubleclick.net *.google.com *.gstatic.com prism.app-us1.com munchkin.marketo.net info.coalitioninc.com *.mktoresp.com static.zdassets.com widget-mediator.zopim.com *.chilipiper.com maps.googleapis.com *.auryc.com *.apollo.io aplo-evnt.com; font-src 'self' *.sentry.io fonts.gstatic.com use.fontawesome.com data: *.intercomcdn.com heapanalytics.com *.auryc.com; frame-src 'self' app.vwo.com *.visualwebsiteoptimizer.com *.youtube.com *.clickagy.com *.doubleclick.net intercom-sheets.com *.google.com info.coalitioninc.com videos.ctfassets.net videos.contentful.com vimeo.com player.vimeo.com *.chilipiper.com; connect-src 'self' *.visualwebsiteoptimizer.com app.vwo.com *.auryc.com heapanalytics.com *.google-analytics.com *.vercel.app *.algolia.net qf23dtaqm7-2.algolianet.com qf23dtaqm7-3.algolianet.com qf23dtaqm7-1.algolianet.com *.cookielaw.org ekr.zdassets.com *.zoominfo.com cdn.linkedin.oribi.io *.linkedin.com *.mktoresp.com *.onetrust.io *.onetrust.com coalition.zendesk.com widget-mediator.zopim.com wss://widget-mediator.zopim.com api.control.coalitioninc.com api.control.dev.binaryedge.io api.control.demo.binaryedge.io api.control.stg.binaryedge.io *.chilipiper.com *.sentry.io maps.googleapis.com *.coalitioninc.com aplo-evnt.com cdn.rive.app */@rive-app/canvas@2.18.0/rive.wasm; img-src 'self' *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com * data:; media-src * data:; object-src 'none'; worker-src 'self' blob:; frame-ancestors 'self' https://app.contentful.com 1
default-src 'self'; connect-src https: wss: data: blob:; font-src https: data:; frame-src https: mailto:; img-src blob: https: data:; media-src https:; object-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; worker-src 'self' blob:; 1
frame-ancestors 'self' infopoint.asadventuregroup.com infopoint-tst.asadventuregroup.com infopoint-acc.asadventuregroup.com 1
default-src 'self'; connect-src 'self' https://px.ads.linkedin.com https://ws.zoominfo.com https://*.vimeocdn.com https://*.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://*.g.doubleclick.net https://cdn.cookielaw.org; form-action 'self' https://broker.gotoassist.com/; font-src 'self' https://maxcdn.bootstrapcdn.com https://*.gstatic.com data:; frame-src 'self' https://player.vimeo.com https://analytics.clickdimensions.com/ https://www.googletagmanager.com; img-src 'self' https://*.vimeocdn.com https://cdn.cookielaw.org bat.bing.com *.linkedin.com https://www.google.com https://*.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://*.clickdimensions.com https://analytics.clickdimensions.com https://cdn.cookielaw.org snap.licdn.com bat.bing.com connect.facebook.net ws.zoominfo.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com 1
frame-ancestors 'self' https://*.machines4u.com.au; 1
frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src  'self' cdn.tailwindcss.com 'nonce-cDlUEW1znxHIFeFkRipQygKEwM0sj65I83TwdaNI'  'report-sample' https://googletagmanager.com https://tagmanager.google.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' 'report-sample' fonts.googleapis.com fonts.gstatic.com tagmanager.google.com www.googletagmanager.com; object-src  'none'; frame-src  'self' www.googletagmanager.com; child-src  'self' www.googletagmanager.com; img-src  'self' data:; font-src  'self' fonts.googleapis.com fonts.gstatic.com www.googletagmanager.com; connect-src  'self' www.googletagmanager.com *.google-analytics.com; manifest-src  'self'; base-uri  'self'; form-action  'self'; media-src  'self'; worker-src  'self' 1
frame-ancestors 'self' *.prudential.com; img-src * data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.pgim.com *.jennison.com *.pgimquantitativesolutions.com *.pgimwadhwani.com *.aws.prudential.com cdn.pficdn.com *.ipify.org *.pruvpcaws074.prudential.com *.scene7.com video.limelight.com assets.video.limelight.com *.llnw.net nexus.ensighten.com cdn.cookielaw.org service.maxymiser.net *.ceros.com *.highcharts.com *.everviz.com *.onetrust.com *.adobedtm.com placeimg.com *.demandbase.com *.mouseflow.com *.company-target.com *.bluekai.com *.doubleclick.net *.adsrvr.org *.google.com *.google.co.uk *.google.co.in *.google.de *.google.it *.google.fr *.google.es *.google.co.jp *.google.ca www.googletagmanager.com www.google-analytics.com www.googleadservices.com analytics.twitter.com static.ads-twitter.com t.co *.company-target.com bat.bing.com *.en25.com *.adsymptotic.com pixel.mathtag.com *.sc.omtrdc.net *.tt.omtrdc.net *.eloqua.com snap.licdn.com tags.bkrtx.com *.linkedin.com *.demdex.net pgim.piwik.pro pgim.containers.piwik.pro *.chartblocks.com cdnjs.cloudflare.com *.cloudfront.net *.micpn.com *.pub.sfmc-content.com *.prudential.com *.exacttarget.com match.prod.bidr.io id.rlcdn.com www.ssa.gov wave.webaim.org cm.everesttech.net cdn.linkedin.oribi.io *.clarity.ms *.bing.com prudentialglobalqa.112.2o7.net prudentialusprod.112.2o7.net *.googlesyndication.com *.adobedc.net 1
child-src 'self' blob:; connect-src * blob: data: * skd://drmtoday; img-src 'self' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com cdn.appsflyer.com; object-src 'self' data: * *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' blob: *.dplayer.pro *.2mdn.net static.ads-twitter.com weathergroup.activehosted.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org *.app-us1.com *.appsflyer.com app.link *.beachfront.com *.branch.io *.cloudfront.net *.combotag.com *.cookielaw.org *.onetrust.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com *.freewheel.tv adservice.google.com tagmanager.google.com *.google.com *.google-analytics.com *.google.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gravatar.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.lkqd.net *.moatads.com *.rhythmone.com *.rubiconproject.com *.scorecardresearch.com *.segment.com *.serving-sys.com *.spotx.tv *.spotxcdn.com *.spotxchange.com *.springserve.com *.telaria.com trackcmp.net *.tremorhub.com analytics.twitter.com *.unrulymedia.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'unsafe-inline' blob: 'self' fonts.googleapis.com  *.gstatic.com tagmanager.google.com *.innovid.com *.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.fbsbx.com *.google.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gumgum.com *.imrworldwide.com *.pubmatic.com *.serving-sys.com *.google.com 1
frame-ancestors 'self' https://jionews.com https://jionewsdev1.jio.ril.com https://jionews.pie.news https://stgjionews.pie.news https://devjionews.pie.news 1
default-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https:; media-src https:; frame-src https:; manifest-src 'self'; connect-src https: ws:; worker-src blob:; form-action 'self' https:; 1
frame-ancestors *.snowsoftware.com; object-src 'none'; 1
script-src 'self' *.googleapis.com *.fontawesome.com *.cloudflare.com *.msecnd.net *.google.com *.force.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.force.com  1
base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.pdx-1.pipedriveassets.com cdn.segment.com *.pipedrive.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com snippet.growsumo.com cdn.cookielaw.org geolocation.onetrust.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com connect.facebook.net *.hotjar.com *.outbrain.com www.redditstatic.com www.youtube.com play.vidyard.com *.doubleclick.net *.taboola.com app.livestorm.co www.googleadservices.com static.ads-twitter.com https://*.browser-intake-datadoghq.com www-cms.pipedriveassets.com bat.bing.com *.quora.com js.grsm.io analytics.tiktok.com c.amazon-adsystem.com vitals.vercel-insights.com a.omappapi.com googleadservices.com tpc.googlesyndication.com analytics.twitter.com; style-src 'self' 'unsafe-inline' cdn.pdx-1.pipedriveassets.com fonts.googleapis.com www.googletagmanager.com www-cms.pipedriveassets.com a.omappapi.com; frame-src cdn.pdx-1.pipedriveassets.com *.cdn.optimizely.com *.cdn-pci.optimizely.com www.facebook.com www.youtube.com www.youtube-nocookie.com www.google.com play.vidyard.com *.doubleclick.net app.livestorm.co tpc.googlesyndication.com airtable.com webforms.pipedrive.com s.amazon-adsystem.com *.hotjar.com; img-src 'self' data: https://*; object-src 'none'; worker-src 'self' blob:;; report-uri https://www.pipedrive.com/api/csp-reports 1
frame-src 'self' https://www.google.com https://player.vimeo.com; 1
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline'; font-src * data:; frame-ancestors *.ouhealth.com 1
default-src 'self' https://bat.bing.com https://www.googleadservices.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com unpkg.com/@frontify/ *.cloudinary.com https://cds-sdkcfg.onlineaccess1.com/common.js https://www.googletagmanager.com/ https://s7.addthis.com/js/300/addthis_widget.js https://cdn.jsdelivr.net/ https://bat.bing.com/ https://i.simpli.fi/ https://up.pixel.ad/assets/up.js https://siteimproveanalytics.com/js/ https://cdn.levelaccess.net/accessjs/ https://static.srcspot.com/libs/perl.js https://*.g.doubleclick.net/ https://*.hotjar.com/ https://*.cloudflareinsights.com/ https://*.cloudflare.com/ rlforms.referlive.com https://tag.simpli.fi/ https://*.adobeconnect.com https://www.googleadservices.com https://www.comparably.com/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com https://use.fontawesome.com/ https://cdn.jsdelivr.net/ rlforms.referlive.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://use.fontawesome.com/ https://script.hotjar.com; img-src 'self' *.gstatic.com *.googleapis.com https://script.hotjar.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.frontify.com *.cloudinary.com https://bat.bing.com/ https://*.global.siteimproveanalytics.io/ https://www.google.com/ https://pixel.sitescout.com/ https://*.clarity.ms/ https://www.firstmerchants.com/ https://*.cloudfront.net/ rlforms.referlive.com https://simpli.fi/ https://doubleclick.net  https://googleads.g.doubleclick.net https://cm.g.doubleclick.net; media-src 'self' data: blob: *.frontify.com *.cloudinary.com https://*.adobeconnect.com https://script.hotjar.com; frame-src 'self' https://*.doubleclick.net/ https://pixel.sitescout.com/ https://calculators.fintactix.com/ https://www.youtube.com/ https://player.vimeo.com/ https://*.adobeconnect.com https://pixel-sync.sitescout.com https://www.comparably.com/; frame-ancestors 'self'; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com blob:; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.frontify.com *.cloudinary.com https://*.googleapis.com/ https://api.addsearch.com/ https://*.google.com/ https://*.g.doubleclick.net/ *.hotjar.com/ *.hotjar.io/ wss://ws.hotjar.com/ https://www.clarity.ms/ https://*.clarity.ms/ https://api.levelaccess.net/ https://*.firstmerchants.com:* wss://*.firstmerchants.com:* rlforms.referlive.com https://www.googleadservices.com https://bat.bing.com; 1
default-src 'self' maxcdn.bootstrapcdn.com use.typekit.net p.typekit.net *.localhost; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.pardot.com *.gstatic.com landing.daikinapplied.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.typekit.net *.fontawesome.com *.wistia.com *.bootstrapcdn.com *.cloudflare.com *.googletagmanager.com *.googleadservices.com *.g.doubleclick.net *.bing.com *.licdn.com *.stackadapt.com *.google.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.srv.stackadapt.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net *.fontawesome.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.wistia.com *.akamaihd.net dotcom.blob.core.windows.net *.g.doubleclick.net *.google.com *.bing.com *.linkedin.com *.adsymptotic.com; media-src 'self' data: blob: *.wistia.com dotcom.blob.core.windows.net *.akamaihd.net; frame-src 'self' *.doubleclick.net *.daikinapplied.com daikinapplied.secure.force.com *.google.com *.twitter.com *.four51.com *.salesforce-sites.com; frame-ancestors 'self' *.google.com *.daikinapplied.com *.localhost; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.daikinapplied.com daikinapplied.secure.force.com *.google.com blob:; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.googleadservices.com *.mktoresp.com *.wistia.com *.litix.io *.akamaihd.net *.stackadapt.com *.google.com *.doubleclick.net *.google-analytics.com *.fontawesome.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.vwo.com https://www.googletagmanager.com/debug/* https://region1.google-analytics.com https://dev.visualwebsiteoptimizer.com https://td.doubleclick.net https://googleads.g.doubleclick.net https://googleads.g.doubleclick.net/* https://adservice.google.com https://www.googleadservices.com https://capig.bhd.com.do https://*.analytics.google.com https://analytics.google.com https://tagmanager.google.com/ https://us-central1-bhd-global.cloudfunctions.net https://api.sendgrid.com https://eg320nrx9b.execute-api.us-east-1.amazonaws.com https://static.bhd.com.do https://backend.bhd.com.do https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com https://fonts.googleapis.com https://search.bhd.com.do https://connect.facebook.net https://stats.g.doubleclick.net; img-src 'self' data: https://static.bhd.com.do https://www.googletagmanager.com https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://connect.facebook.net https://www.facebook.com https://*.google.com https://*.google.ae https://*.google.com.ag https://*.google.com.ar https://*.google.as https://*.google.com.bd https://*.google.be https://*.google.com.bo https://*.google.com.br https://*.google.by https://*.google.ca https://*.google.cf https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.de https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.es https://*.google.com.et https://*.google.fr https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gr https://*.google.com.gt https://*.google.hn https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.co.in https://*.google.je https://*.google.co.jp https://*.google.com.kh https://*.google.ki https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.co.ma https://*.google.mg https://*.google.com.mm https://*.google.mn https://*.google.com.mx https://*.google.com.ni https://*.google.nl https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.com.pa https://*.google.com.pe https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.com.sb https://*.google.sh https://*.google.sn https://*.google.sm https://*.google.st https://*.google.co.th https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.com.ua https://*.google.co.uk https://*.google.com.uy https://*.google.com.vc https://*.google.co.ve https://*.google.com.vn https://*.google.vu https://*.google.co.za https://*.google.cat https://dev.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com/ https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://www.google-analytics.com https://maps.gstatic.com https://fonts.googleapis.com https://connect.facebook.net; font-src 'self' data: https://fonts.gstatic.com; media-src https://static.bhd.com.do; manifest-src 'self'; worker-src 'self' blob:; 1
frame-ancestors 'self' https://training.lynxbroker.de 1
img-src * data:; frame-src 'self' 'unsafe-inline' 'unsafe-eval' ieeetv.ieee.org www.youtube.com www.google.com cse.google.com parts.stockweather.co.jp img.ak.impact-ad.jp 13455741.fls.doubleclick.net penta.a.one.impact-ad.jp www.googletagmanager.com www.google-analytics.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com use.fontawesome.com www.google.com ohcn3u14.user.webaccel.jp; script-src 'self' 'unsafe-inline' 'unsafe-eval' platform.twitter.com www.googletagmanager.com www.google-analytics.com code.jquery.com www.youtube.com ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js www.google.com cse.google.com clients1.google.com ohcn3u14.user.webaccel.jp yubinbango.github.io www.gstatic.com cdn-au.onetrust.com img.ak.impact-ad.jp 13455741.fls.doubleclick.net penta.a.one.impact-ad.jp blob: static.ads-twitter.com 1
script-src 'self' d2vnm3phybsw2q.cloudfront.net https://www.google-analytics.com https://sdk.us.heap-api.com https://cdn.us.heap-api.com 'unsafe-inline' 'unsafe-eval' t.contentsquare.net contentsquare.com; child-src blob:; worker-src blob:; img-src *.contentsquare.net www.dareboost.com d2vnm3phybsw2q.cloudfront.net https://www.google-analytics.com data:; connect-src *.contentsquare.net www.dareboost.com d2vnm3phybsw2q.cloudfront.net https://www.google-analytics.com https://c.us.heap-api.com; base-uri 'self'; object-src 'none'; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.janraincapture.com https://rpxnow.com https://www.googleadservices.com https://api.tiles.mapbox.com https://cdnjs.cloudflare.com *.cloudfront.net https://www.lightboxcdn.com https://api.lightboxcdn.com https://pge.segmanta.com https://www.upsellit.com https://s.pinimg.com https://z.moatads.com https://c.lytics.io https://cdn.segment.com https://js-cdn.dynatrace.com https://wtbng.pricespider.com https://wtbstream.pricespider.com https://embeddedcloud.pricespider.com https://omni.pricespider.com https://locate.pricespider.com https://wtbevents.pricespider.com https://cdn.pricespider.com https://www.youtube.com https://pghub.io *.cookielaw.org *.onetrust.com *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://quilt-cdn.janrain.com https://api.tiles.mapbox.com https://s3.lightboxcdn.com https://api.lightboxcdn.com https://www.lightboxcdn.com https://c.lytics.io https://cdn.pricespider.com fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' https://videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' https://img.youtube.com/ https://ad.doubleclick.net/ *.cookielaw.org *.cloudfront.net https://googleads.g.doubleclick.net https://www.google.hr https://www.google.co.in https://insight.adsrvr.org https://40n23zgkic3y-a.akamaihd.net https://ct.pinterest.com https://submit.lightboxcdn.com https://submitcus.lightboxcdn.com https://s3.lightboxcdn.com https://api.lightboxcdn.com https://www.lightboxcdn.com https://c.lytics.io https://cdn.pricespider.com https://wwwassets.pricespider.com https://embeddedcloud.pricespider.com https://px.moatads.com https://www.google.com i.ytimg.com videos.ctfassets.net images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' https://s3.lightboxcdn.com fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' *.janraincapture.com https://videos.ctfassets.net https://pandg.tapad.com https://www.youtube.com https://www.youtube-nocookie.com *.adsrvr.org *.doubleclick.net *.jebbit.com consumersupport.pg.com servedby.flashtalking.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com feed.pghub.io pandg.tapad.com ; manifest-src * ; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; frame-ancestors 'self'; 1
child-src 'self' blob: https://connect.facebook.net https://www.youtube.com sumo.com load.sumo.com fancy.com slashdot.org; connect-src 'self' https://rs.fullstory.com https://sentry.io https://api.mixpanel.com https://www.facebook.com sumome.com sumo.com load.sumo.com *.google.com www.google-analytics.com *.google-analytics.com stats.g.doubleclick.net www.google.com ws: wss: a.mstrlytcs.com *.visualwebsiteoptimizer.com app.vwo.com *.mixpanel.com *.ingest.sentry.io https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com; default-src 'none'; font-src 'self' fonts.gstatic.com *.vwo.com; frame-src 'self' *.youtube.com *.vwo.com *.visualwebsiteoptimizer.com player.vimeo.com www.google.com; img-src 'self' data: https://p.praymorenovenas.com sumo.b-cdn.net sumo.com load.sumo.com load.sumome.com www.google-analytics.com www.facebook.com www.diigo.com www.houzz.com praymoreretreat.org slashdot.org *.visualwebsiteoptimizer.com *.vwo.com https://rs.fullstory.com; script-src blob: data: 'self' 'unsafe-inline' https://edge.fullstory.com https://ajax.cloudflare.com load.sumome.com load.sumo.com sumo.b-cdn.net https://api.bufferapp.com *.facebook.com https://www.linkedin.com widgets.pinterest.com buttons.reddit.com www.reddit.com https://reddit.com www.yummly.com www.googletagmanager.com www.google-analytics.com connect.facebook.net www.soup.io images.slashdot.org www.houzz.com www.diigo.com ajax.googleapis.com *.mxpnl.com *.visualwebsiteoptimizer.com 'unsafe-eval' app.vwo.com d5phz18u4wuww.cloudfront.netdev.visualwebsiteoptimizer.com player.vimeo.com www.google.com www.gstatic.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com; style-src 'self' 'unsafe-inline' cdn.quilljs.com sumo.b-cdn.net load.sumo.com fonts.googleapis.com www.houzz.com *.vwo.com; worker-src 'self' blob: 1
default-src 'self' data: *.theconstructionindex.co.uk amp.analytics-debugger.com *.google-analytics.com *.analytics.google.com *.googleapis.com *.google.com *.google.co.uk *.google.ie *.google.no *.google.es *.google.dk *.google.gr *.google.je *.google.im *.google.in *.google.nl *.google.ae *.google.it *.google.com.au *.google.com.hk *.google.co.za *.google.co.il *.google.be *.google.ch *.google.ca *.google.se *.google.de *.google.fr *.youtube.com *.youtu.be *.youtube-nocookie.com *.googletagmanager.com *.ampproject.net *.ampproject.org *.googlesyndication.com *.google-analytics.com *.vimeo.com *.wistia.net cdnjs.cloudflare.com *.gstatic.com *.g.doubleclick.net *.googlevideo.com *.hotjar.com *.hotjar.io pushpad.xyz cdn.plyr.io *.audioboom.com audioboom.com api.spreaker.com *.cloudfront.net *.theabcdn.com *.chtbl.com t.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.google.co.uk *.google.ie *.google.no *.google.es *.google.dk *.google.gr *.google.je *.google.im *.google.in *.google.nl *.google.ae *.google.it *.google.com.au *.google.com.hk *.google.co.za *.google.co.il *.google.be *.google.ch *.google.ca *.google.se *.google.de *.google.fr *.theconstructionindex.co.uk *.tcindex.co.uk *.ampproject.org *.ampproject.net *.google-analytics.com *.g.doubleclick.net *.googleadservices.com *.googletagmanager.com *.googleapis.com *.googletagservices.com *.googlesyndication.com *.gstatic.com *.googlevideo.com *.youtube.com *.ytimg.com cdn.jsdelivr.net cdnjs.cloudflare.com *.hotjar.com pushpad.xyz code.jquery.com *.facebook.com *.facebook.net; img-src 'self' data: *.google.com *.google.co.uk *.google.ie *.google.no *.google.es *.google.dk *.google.gr *.google.je *.google.im *.google.in *.google.nl *.google.ae *.google.it *.google.com.au *.google.com.hk *.google.co.za *.google.co.il *.google.be *.google.ch *.google.ca *.google.se *.google.de *.google.fr *.theconstructionindex.co.uk *.tcihost.co.uk *.tcitrader.co.uk *.tcindex.co.uk *.googletagmanager.com *.googletagmanager.com cdnjs.cloudflare.com *.googlesyndication.com *.googleadservices.com *.youtube.com *.ytimg.com *.googlevideo.com *.placeholder.com *.googleapis.com *.gstatic.com *.google-analytics.com *.twimg.com code.jquery.com pushpad.xyz audioboom.com *.theabcdn.com *.facebook.com *.facebook.net; style-src 'self' 'unsafe-inline' data: *.google.com *.google.co.uk *.google.ie *.google.no *.google.es *.google.dk *.google.gr *.google.je *.google.im *.google.in *.google.nl *.google.ae *.google.it *.google.com.au *.google.com.hk *.google.co.za *.google.co.il *.google.be *.google.ch *.google.ca *.google.se *.google.de *.google.fr *.gstatic.com *.googleapis.com cdn.jsdelivr.net code.jquery.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.theconstructionindex.co.uk; worker-src 'self' blob:; font-src 'self' *.gstatic.com; 1
default-src * data: blob: ; script-src * 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'unsafe-inline' data: ; frame-ancestors 'self' 1
default-src https: 'unsafe-inline' data: 'unsafe-eval' ; 1
default-src 'self' data: http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://conf.isc.ac https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://www.aparat.com https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; img-src 'self' blob: data: https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://ws5.goftino.com wss://cdn.goftino.com https://api.userway.org https://cdn.userway.org; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org https://edu.sapiba.ir https://www.aparat.com; frame-ancestors 'self' https://trustseal.enamad.ir; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-AXI-SCRIPT-1472472' 'strict-dynamic'; style-src 'self' 'unsafe-inline' 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-TGNPRDhaRStubGtCeFc4OFlUSVJlZ2JlV1k5OU5RQlFwUnllem8vSGhicz06WklTM2hQeE1waTFIZ0FoUEZWUWhRemUwTThrS1hGWml5R1R4Z0w2UnNkOD0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';form-action 'self' 1
default-src 'self' https: http:; font-src 'self' https: data:; object-src 'self' https: http:; form-action 'self' https: http:; img-src 'self' http: https: blob: data:; child-src 'self' blob: https: https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; frame-src 'unsafe-eval' 'unsafe-inline' https: http: https://js.stripe.com https://hooks.stripe.com; script-src 'self' 'unsafe-inline' blob: 'unsafe-eval' https: http: ajax.cloudflare.com https://canny.io/sdk.js https://api.duosecurity.com; style-src 'self' https: 'unsafe-inline' blob:; connect-src 'self' https: http: data: http://localhost:3035 ws://localhost:3035 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com 'unsafe-eval' https://analytics.rubensteintech.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.gstatic.com https://www.youtube.com https://s.ytimg.com https://player.vimeo.com https://siteimproveanalytics.com/; style-src 'self' 'unsafe-inline' https://maps.googleapis.com https://www.google.com https://cloud.typography.com https://fonts.googleapis.com https://fast.fonts.net; connect-src 'self' https://analytics.google.com https://google-analytics.com https://*.analytics.google.com https://*.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://cdn.plyr.io https://vimeo.com; font-src 'self' https://maps.gstatic.com https://fast.fonts.net https://fonts.gstatic.com https://use.typekit.net data:; img-src 'self' https://analytics.google.com https://google-analytics.com https://*.analytics.google.com https://*.google-analytics.com https://www.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://img.youtube.com https://i.vimeocdn.com https://*.global.siteimproveanalytics.io data:; object-src 'self'; frame-src 'self' https://play.libsyn.com/ https://embed.acast.com/ https://personal-jurisdiction-podcast.simplecast.com/ https://player.simplecast.com/ https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; frame-ancestors 'self' http://home.cravath.com https://home.cravath.com https://www.mymeetingroom.com http://www.mymeetingroom.com; 1
frame-ancestors 'self'; report-uri https://www.justice.gouv.fr/report-uri/enforce 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://embed.typeform.com/embed.js https://cc.cdn.civiccomputing.com/ https://www.google-analytics.com/ https://tools.eurolandir.com/ https://cdn.videosync.fi/ https://www.googleadservices.com/ https://snap.licdn.com/ https://komito.net/ https://googleads.g.doubleclick.net/ https://3xscreen.videosync.fi/ https://crh.qumucloud.com/ https://*.googletagmanager.com;  font-src 'self' data: https://fonts.googleapis.com/ https://fonts.gstatic.com/ http://cdn.qumucloud.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.qumucloud.com/ https://crh.qumucloud.com/; frame-ancestors 'self' https://aodocs.altirnao.com/ https://ao-docs-staging.appspot.com/ https://form.typeform.com; connect-src 'self'  https://apikeys.civiccomputing.com/ https://our.umbraco.com/  cdn.qumucloud.com stats.g.doubleclick.net clapi.civiccomputing.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com  https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;frame-src 'self' https://aodocs.altirnao.com/ https://ao-docs-staging.appspot.com/ https://form.typeform.com/ https://tools.eurolandir.com/ https://www.thewaterfront.com/ https://gamma.euroland.com/ https://fast.wistia.net/ https://view.vzaar.com/ https://player.vimeo.com/ https://www.youtube.com/ https://crh.qumucloud.com; img-src 'self' data: *.googleapis.com/ https://px.ads.linkedin.com/ https://www.google.com/ https://accounts.google.com/ https://dashboard.umbraco.org/ https://www.google-analytics.com/ https://p.adsymptotic.com/ https://accounts.youtube.com/ https://www.google.co.uk/ https://accounts.google.co.uk/ https://www.google.rs/ https://cdn.qumucloud.com/ https://crh.qumucloud.com/ https://www.googletagmanager.com/ https://www.google.ie/ https://emperor.works/   https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com   https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; 1
connect-src 'self' https://*.optimizely.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://livechat.lge-ku.com wss://livechat.lge-ku.com; img-src 'self' https://*.optimizely.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://s.ytimg.com https://webintercept.bellomyonline.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js-agent.newrelic.com/ https://bam.nr-data.net https://cdn.rawgit.com https://www.youtube.com https://connect.facebook.net https://js.adsrvr.org/ https://*.optimizely.com https://cdn.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com https://youtube.com www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://s.ytimg.com https://webintercept.bellomyonline.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js-agent.newrelic.com/ https://bam.nr-data.net https://cdn.rawgit.com https://www.youtube.com https://connect.facebook.net https://js.adsrvr.org/ https://*.optimizely.com https://cdn.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com https://youtube.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://s.ytimg.com https://webintercept.bellomyonline.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.adsrvr.org/ https://cdnjs.cloudflare.com; style-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://s.ytimg.com https://webintercept.bellomyonline.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://kit-pro.fontawesome.com https://js.adsrvr.org/ https://cdn.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://cdnjs.cloudflare.com; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests 1
frame-ancestors https://*.backline-health.com; 1
default-src 'self' 'unsafe-inline' *.datasteam.io tracking.ebusinessconsulting.it *.yextevents.com *.sitescdn.net *.sitescdn.com *.googlesyndication.com ; 	connect-src 'self' *.datasteam.io tracking.ebusinessconsulting.it *.yextevents.com *.sitescdn.net *.sitescdn.com *.outbrain.com www.google.com *.onetrust.com *.bing.com *.googlesyndication.com *.demdex.net *.tvpixel.com *.amplifoninternal.com https://*.adroll.com http://*.adroll.com https://us-u.openx.net http://us-u.openx.net https://idsync.rlcdn.com http://idsync.rlcdn.com https://ib.adnxs.com http://ib.adnxs.com https://x.bidswitch.net http://x.bidswitch.net https://ads.yahoo.com http://ads.yahoo.com https://eb2.3lift.com http://eb2.3lift.com https://trc.taboola.com http://trc.taboola.com https://simage2.pubmatic.com https://simage2.pubmatic.com http://simage2.pubmatic.com http://simage2.pubmatic.com https://sync.outbrain.com https://sync.outbrain.com http://sync.outbrain.com http://sync.outbrain.com https://pixel.rubiconproject.com https://pixel.rubiconproject.com http://pixel.rubiconproject.com http://pixel.rubiconproject.com https://dsum-sec.casalemedia.com https://dsum-sec.casalemedia.com http://dsum-sec.casalemedia.com http://dsum-sec.casalemedia.com https://pixel.advertising.com https://pixel.advertising.com http://pixel.advertising.com http://pixel.advertising.com *.omtrdc.net *.doubleclick.net *.tribalfusion.com *.pinterest.it *.postimg.cc *.ibb.co *.teads.tv *.googleadservices.com *.addevent.com *.adform.net *.everesttech.net *.smetrics.amplifon.com *.everestjs.net cm.teads.tv ct.pinterest.com smetrics.miracle-ear.com amplifongroup.tt.omtrdc.net maps.googleapis.com www.youtube-nocookie.com www.google-analytics.com stats.g.doubleclick.net amplifon.d3.sc.omtrdc.net dpm.demdex.net in.hotjar.com lasteventf-tm.everesttech.net vc.hotjar.io trc-events.taboola.com pips.taboola.com cds.taboola.com *.linkedin.oribi.io cdn.cookielaw.org; 	script-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' *.datasteam.io tracking.ebusinessconsulting.it *.yextevents.com *.sitescdn.net *.sitescdn.com unpkg.com *.licdn.com *.googlesyndication.com *.adsrvr.org *.clarity.ms *.hrzn-nxt.com *.tvpixel.com *.rlets.com *.typixel.com *.adroll.com *.openx.net *.rlcdn.com *.adnxs.com *.bidswitch.net *.yahoo.com *.3lift.com *.taboola.com *.pubmatic.com *.outbrain.com *.rubiconproject.com *.casalemedia.com *.advertising.com *.jsdelivr.net *.adroll.com *.doubleclick.net *.tribalfusion.com *.pinterest.it *.postimg.cc *.ibb.co *.teads.tv *.googleadservices.com *.addevent.com *.adform.net *.everesttech.net *.smetrics.amplifon.com *.everestjs.net smetrics.miracle-ear.com js-tag.zemanta.com ads.nextdoor.com bat.bing.com connect.facebook.net www.google-analytics.com assets.adobedtm.com maps.googleapis.com solutions.invocacdn.com pnapi.invoca.net www.google.com www.youtube.com www.gstatic.com www.googletagmanager.com s.pinimg.com p.teads.tv tag.simpli.fi i.simpli.fi static.hotjar.com script.hotjar.com www.everestjs.net www.youtube-nocookie.com amplify.outbrain.com tr.outbrain.com www.googleadservices.com cdn.taboola.com amplifon.d3.sc.omtrdc.net googleads.g.doubleclick.net trc.taboola.com cdn.cookielaw.org; 	style-src 'self' 'unsafe-hashes' 'unsafe-inline' *.jsdelivr.net fonts.googleapis.com www.youtube-nocookie.com; 	img-src 'self' *.datasteam.io tracking.ebusinessconsulting.it *.yextevents.com *.sitescdn.net *.sitescdn.com *.1rx.io *.smaato.net *.googlesyndication.com *.adsrvr.org *.hrzn-nxt.com *.videoamp.com *.mdhv.io *.adxcel-ec2.com *.adroll.com *.openx.net *.rlcdn.com *.adnxs.com *.bidswitch.net *.yahoo.com *.3lift.com *.taboola.com *.pubmatic.com *.outbrain.com *.rubiconproject.com *.casalemedia.com *.advertising.com *.doubleclick.net *.tribalfusion.com *.googleadservices.com *.postimg.cc *.ibb.co p1.zemanta.com flask.nextdoor.com cm.teads.tv www.google.hu l.teads.tv t.teads.tv ct.pinterest.com bat.bing.com www.facebook.com www.google-analytics.com www.google.com www.google.it maps.gstatic.com maps.googleapis.com cm.everesttech.net amplifon.d3.sc.omtrdc.net i.ytimg.com dev.day.com tr.outbrain.com googleads.g.doubleclick.net www.youtube-nocookie.com lh3.googleusercontent.com dpm.demdex.net cds.taboola.com trc.taboola.com connect.facebook.net um.simpli.fi www.googleadservices.com cm.g.doubleclick.net simplifi.partners.tremorhub.com pixel.tapad.com aa.agkn.com sync.intentiq.com loadm.exelator.com sync.bfmio.com stags.bluekai.com bcp.crwdcntrl.net ce.lijit.com idsync.rlcdn.com sync.search.spotxchange.com ib.adnxs.com pixel.rubiconproject.com us-u.openx.net fei.pro-market.net 8462007.fls.doubleclick.net d.agkn.com *.linkedin.com cdn.cookielaw.org data:; 	frame-src 'self' *.datasteam.io tracking.ebusinessconsulting.it *.yextevents.com *.sitescdn.net *.sitescdn.com *.googlesyndication.com *.pinterest.com *.adsrvr.org *.doubleclick.net *.pinterest.it *.postimg.cc *.ibb.co *.teads.tv *.googleadservices.com *.addevent.com *.adform.net *.everesttech.net *.smetrics.amplifon.com *.everestjs.net www.pinterest.com amplifon.demdex.net www.youtube-nocookie.com www.google.com vars.hotjar.com www.facebook.com 8462007.fls.doubleclick.net bid.g.doubleclick.net cdn.cookielaw.org; 	font-src 'self' fonts.gstatic.com fonts.googleapis.com; 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://admin.arbfile.org; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://distillery.wistia.com https://embed-ssl.wistia.com https://fast.wistia.com https://fast.wistia.net https://polyfill-fastly.io https://cdn.jsdelivr.net https://subrogation.connectedcommunity.org https://p.typekit.net https://use.typekit.net https://workforcenow.adp.com https://www.arbfile.org https://www.dfs.ny.gov https://www.google-analytics.com https://www.googletagmanager.com https://www.research.net https://embed-cloudfront.wistia.com https://pipedream.wistia.com https://fonts.googleapis.com https://fg8vvsvnieiv3ej16jby.litix.io https://communications.arbfile.org data: blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.efilli.com *.googletagmanager.com *.google-analytics.com;  frame-src 'self' *.google.com 1
frame-ancestors 'self'; base-uri 'self'; form-action assets.koempf24.de gpc-sys.pay1.de pixi.koempf24.de ratenkauf.easycredit.de threedssvc.pay1.de www.mollie.com www.paypal.com www.sofort.com www.koempf24.de backoffice.koempf24.de 'self' https://threedssvc.pay1.de https://gpc-sys.pay1.de https://www.paypal.com https://www.sofort.com https://ratenkauf.easycredit.de https://seu2.cleverreach.com https://*.mollie.com https://*.mollie.nl https://pay.twint.ch https://r2.girogate.de https://www.paydirekt.de/ https://pay.klarna.com/eu/hpp/payments/* 1
img-src 'self' data: *.bar24.by ip24.by *.intex-press.by *.gravatar.com a.disquscdn.com wpsitesync.com favicon.yandex.net ps.w.org lh3.googleusercontent.com avatars.mds.yandex.net w.bookcdn.com storage.mds.yandex.net informer.yandex.ru counter.yadro.ru www.google-analytics.com *.googlesyndication.com *.google.com google.by www.gstatic.com s.w.org www.w3.org thumb.cloud.mail.ru *.datacloudmail.ru *.visicom.ua *.tile.openstreetmap.org makinacorpus.github.io; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.workbooks.com/ https://www.youtube.com/ https://*.googleadservices.com https://*.google.com https://*.hotjar.com https://workbooks.com https://www.workbooks.com https://*.livechatinc.com data: https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.calendly.com https://s.ytimg.com https://maps.googleapis.com https://maps.google.com https://*.liveperson.net https://*.lpsnmedia.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://load.sumome.com https://cdn.optimizely.com https://js.hs-analytics.net https://connect.facebook.net https://js.hsforms.net https://forms.hubspot.com https://js.hs-scripts.com https://communigator.co.uk https://*.communigator.co.uk https://*.gatorleads.co.uk https://t.wowanalytics.co.uk https://cgtforms.com https://sumome-140a.kxcdn.com https://api.bufferapp.com https://graph.facebook.com https://api.facebook.com https://www.linkedin.com https://widgets.pinterest.com https://buttons.reddit.com https://api.hubapi.com https://api.survicate.com https://*.adroll.com https://snap.licdn.com https://*.linkedin.com https://zapier.com https://api.usemessages.com https://www.bizographics.com https://sumo.b-cdn.net https://workbooks.bamboohr.com https://workbooks-dev.workbooks.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://wb.workbooks.com https://sjs.bizographics.com https://js.navattic.com https://capture.navattic.com https://storage.googleapis.com https://uaadcodedsp.rontar.com https://app-static.turtl.co https://js.stripe.com; object-src 'self' 1
default-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: https://www.centaris.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: 1
default-src *; worker-src * blob: data:; script-src * 'unsafe-inline' 'unsafe-eval'; object-src * blob: data:; font-src *; img-src * blob: data:; form-action *; frame-ancestors *; upgrade-insecure-requests; style-src * 'unsafe-inline'; manifest-src * data:; 1
default-src 'self'; block-all-mixed-content; form-action 'self'; base-uri 'none'; object-src 'none'; worker-src 'none'; font-src 'self' use.typekit.net fonts.gstatic.com; img-src 'self' www.facebook.com data: www.google-analytics.com www.googletagmanager.com; script-src 'self' 'unsafe-inline' connect.facebook.net www.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.typekit.net p.typekit.net; frame-ancestors 'self'; child-src corpreports.bcmea.com; frame-src corpreports.bcmea.com www.youtube.com; connect-src www.facebook.com www.google-analytics.com www.bcmea.com www.bcmaritime.com stats.g.doubleclick.net; report-uri https://qgnz1x2w.uriports.com/reports/report; report-to default 1
default-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://www.google.com/pagead/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.youtube.com/ https://*.ytimg.com; worker-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://www.google.com/pagead/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.youtube.com/ https://*.ytimg.com blob:; script-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://www.google.com/pagead/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.youtube.com/ https://*.ytimg.com 'unsafe-inline'; style-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://www.google.com/pagead/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.youtube.com/ https://*.ytimg.com 'unsafe-inline'; img-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://www.google.com/pagead/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.youtube.com/ https://*.ytimg.com data:; frame-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://www.google.com/pagead/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.youtube.com/ https://*.ytimg.com https://*.youtube.com https://*.serverpilot-phpversions.info; font-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://www.google.com/pagead/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.youtube.com/ https://*.ytimg.com data:; connect-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://www.google.com/pagead/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.youtube.com/ https://*.ytimg.com https://*.algolia.net https://*.algolianet.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://use.fontawesome.com https://fonts.googleapis.com https://www.google.com https://maps.googleapis.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hubspotfeedback.com https://js.hsleadflows.net https://js.hscaptcha.com https://js.hsforms.net https://js.hssocials.net https://secure.smart-enterprise-acumen.com https://unpkg.com https://js-eu1.hs-scripts.com https://js-eu1.hsleadflows.net https://js-eu1.hs-analytics.net https://js-eu1.hscollectedforms.net https://js-eu1.usemessages.com https://js-eu1.hs-banner.com *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hs-scripts.com *.hubspotfeedback.com *.hscollectedforms.net *.hsleadflows.net *.hsforms.net cdn-cookieyes.com https://assets.calendly.com https://sc.lfeeder.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://use.typekit.net https://unpkg.com https://p.typekit.net *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net *.akixi.com 'unsafe-inline'; img-src 'self' data: https://www.google-analytics.com https://ssl.google-analytics.com https://js.hs-scripts.com https://cdn.jsdelivr.net https://secure.gravatar.com https://www.google.com https://www.google.co.uk https://forms-eu1.hsforms.com https://track-eu1.hubspot.com https://d2iiunr5ws5ch1.cloudfront.net js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hsforms.net https://forms.hsforms.com cdn-cookieyes.com https://tr.lfeeder.com; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://use.typekit.net data:; connect-src 'self' https://www.google-analytics.com https://api.hubapi.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net wss://ws-mt1.pusher.com https://forms-eu1.hsforms.com *.cookieyes.com cdn-cookieyes.com; frame-src 'self' https://www.google.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://www.hubspot.com *.hs-sites.com *.hubspot.com play.hubspotvideo.com *.akixi.com *.hsforms.net *.hsforms.com https://calendly.com; object-src 'none'; base-uri 'self'; form-action 'self' https://forms-eu1.hsforms.com; upgrade-insecure-requests; worker-src 'self' blob:; child-src *.hsforms.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com fonts.googleapis.com maps.gstatic.com maps.googleapis.com media.ziraatkatilim.com.tr zkustats.ziraatkatilim.com.tr images.tapu.com ziraatkatilim.intengo.com ziraatkatilim.propturk.com www.youtube.com youtube.com i.ytimg.com data: https://cdn.jsdelivr.net/npm/es6-promise@4/dist/es6-promise.min.js https://cdn.jsdelivr.net/npm/es6-promise@4/dist/es6-promise.auto.min.js; 1
default-src *;img-src 'self';font-src 'self' https://fonts.gstatic.com;style-src 'self' https://fonts.googleapis.com 'unsafe-inline';script-src 'strict-dynamic' 'nonce-q0ue2rQOsAoFyMxgtFhiBqJS+64=' https: 'unsafe-inline';frame-src https://www.google.com/recaptcha/;base-uri 'none';object-src 'none';report-to main-endpoint; 1
frame-ancestors 'self' https://www.vayda.online https://*.wix.com https://www.surpriz.in https://sciative.com https://viaje.ai https://brioanalytics.ai 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.google.com:* https://ajax.googleapis.com:* https://call.chatra.io/chatra.js https://maps.googleapis.com:* https://seal-nebraska.bbb.org/logo/blue-valley-technologies-17381.js https://stats.g.doubleclick.net/dc.js https://www.googletagmanager.com:* https://assets.juicer.io:* https://www.juicer.io:* https://www.google-analytics.com:* https://stats.g.doubleclick.net:* https://www.googleadservices.com:* https://feedback.happy-or-not.com:* https://dk98ddgl0znzm.cloudfront.net:* https://emma-content-aggregates-prd.s3.amazonaws.com:*; object-src 'self' ; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://fonts.googleapis.com:* https://seal-blue.bbb.org; img-src * 'self' https://maps.gstatic.com https://stats.g.doubleclick.net:*; media-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; frame-src 'self' https://chat.chatra.io:* https://www.youtube.com:* https://player.vimeo.com:*; frame-ancestors 'self'; child-src 'self'; font-src 'self' * https://fonts.gstatic.com:*; connect-src 'self' https://maps.googleapis.com:* https://analytics.google.com:* https://www.google-analytics.com:* https://www.juicer.io:* https://graph.facebook.com:* https://www.googletagmanager.com:* https://stats.g.doubleclick.net:* https://feedback-api.happy-or-not.com:* https://feedback.happy-or-not.com:* https://api.mixpanel.com:*; report-uri /report-csp-violation 1
form-action 'self' https://coworkingresources.org https://*.coworkingresources.org https://www.facebook.com https://getkisi.com https://*.getkisi.com https://production-b3jhdbaf6q-uk.a.run.app https://staging-b3jhdbaf6q-uk.a.run.app https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://api.na.chilipiper.com/marketing/getkisi https://a.clickcertain.com https://a.omappapi.com https://a.optmnstr.com https://w.appzi.io/ https://a.quora.com https://a.remarketstats.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://connect.facebook.net https://www.chatbase.co/ https://www.chatbase.co/embed.min.js https://d.adroll.com https://d.adroll.mgr.consensu.org https://googleads.g.doubleclick.net https://idsync.rlcdn.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.na.chilipiper.com/marketing.js https://js.usemessages.com https://production-b3jhdbaf6q-uk.a.run.app https://staging-b3jhdbaf6q-uk.a.run.app https://netlify-cdp-loader.netlify.app https://s.adroll.com https://ssl.google-analytics.com https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://tagmanager.google.com https://use.typekit.net https://optimize.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://www.googleoptimize.com https://static.ads-twitter.com https://static.ads-twitter.com/uwt.js https://www.redditstatic.com https://www.youtube.com https://*.smartlook.cloud https://*.smartlook.com https://*.hsforms.net https://*.hsforms.com https://*.hubspot.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.typekit.net/* *.clearbit.com *.clearbitscripts.com *.clearbitjs.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://www.br.de https://www.youtube.com https://vimeo.com/; 1
default-src 'self' https://*.aws.root-me.org:* https://dns.google https://*.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' ; img-src * 'self' data: ; font-src 'self' ; media-src * 'self' ; object-src 'self'; form-action 'self' https://secure.payzen.eu https://www.paypal.com; frame-ancestors 'none' ; frame-src http://* https://*:* 1
frame-ancestors 'self' *.winfuture.de; 1
default-src 'self'; connect-src 'self' https://analytics.wozhost.ch https://static.woz.ch https://staticwozch-4f11.kxcdn.com; font-src 'self' https://static.woz.ch https://staticwozch-4f11.kxcdn.com; img-src 'self' data: https://creatives.woz.ch https://creativeswozch-4f11.kxcdn.com https://static.woz.ch https://staticwozch-4f11.kxcdn.com https://media-4f11.kxcdn.com; manifest-src 'self' https://static.woz.ch https://staticwozch-4f11.kxcdn.com; media-src 'self' https://media-4f11.kxcdn.com https://creatives.woz.ch https://creativeswozch-4f11.kxcdn.com; object-src 'none'; script-src 'self' https://analytics.wozhost.ch https://static.woz.ch https://staticwozch-4f11.kxcdn.com; script-src-attr 'self'; style-src 'self' https://static.woz.ch https://staticwozch-4f11.kxcdn.com; style-src-attr 'self'; frame-ancestors 'self' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com/ https://www.paypal.com/ https://www.paypalobjects.com/ https://*.stripe.com/ https://*.googletagmanager.com/; style-src 'self' 'unsafe-inline'; connect-src 'self' https://*.stripe.com/ https://www.paypal.com/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://*.googletagmanager.com/ https://sentry.feelingsurf.fr/; img-src 'self' data: https://*.stripe.com/ https://syndication.twitter.com/ https://*.paypal.com/ https://*.paypalobjects.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/; font-src data:; frame-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.paypal.com/ https://www.paypalobjects.com/ https://*.stripe.com/; frame-ancestors 'none'; media-src 'self'; manifest-src 'self'; worker-src blob:; report-uri https://sentry.feelingsurf.fr/api/5/security/?sentry_key=43ec3ee807854e269d65d5f81c639e51&sentry_environment=prod 1
default-src 'self' maps.googleapis.com; script-src 'self' blob: https://*.clearid.io https://maps.googleapis.com https://*.getbeamer.com https://*.cloudflareinsights.com; img-src 'self' https: blob: data:; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://*.getbeamer.com; font-src 'self' https: data:; connect-src 'self' https://*.googleapis.com https://js.monitor.azure.com *.in.applicationinsights.azure.com https://*.launchdarkly.com https://*.clearid.io https://*.blob.core.windows.net wss://*.clearid.io https://*.getbeamer.com https://cloudflareinsights.com https://localhost:9000; frame-ancestors 'self'; frame-src 'self' https://sts.clearid.io https://*.blob.core.windows.net https://*.getbeamer.com; 1
default-src https:; font-src * data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://*.hsforms.net https://*.googleapis.com https://analytics.influenceandco.com https://connect.facebook.net https://tag.demandbase.com https://*.cookiebot.com https://*.googletagmanager.com https://www.google-analytics.com https://static.hotjar.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://cdn.taboola.com https://connect.facebook.net https://tag.demandbase.com https://bat.bing.com https://analytics.influenceandco.com https://script.hotjar.com https://googleads.g.doubleclick.net https://play.vidyard.com https://trc.taboola.com https://www.clarity.ms https://app-ab22.marketo.com https://s.company-target.com https://boards.greenhouse.io https://dev.visualwebsiteoptimizer.com https://js.qualified.com https://www.youtube.com https://view-su2.highspot.com https://*.googleadservices.com https://j.6sc.co https://*.google.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://app-ab22.marketo.com https://*.googletagmanager.com; media-src * blob: data:; img-src * blob: data:; connect-src *; object-src *; frame-ancestors 'self' https://*.augury.com https://augury.com https://*.salesforce.com https://*.force.com https://www.youtube.com https://*.company-target.com https://dev.visualwebsiteoptimizer.com; report-uri https://www.augury.com/wp-content/plugins/airfleet-security/report-handler.php; report-to csp-endpoint; 1
frame-ancestors 'self' *.ssnc.cloud learningcenter.wealthmsi.com learningcenter-uat.wealthmsi.com betaretirement.financialtrans.com retirement.financialtrans.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://social.lol; img-src 'self' https: data: blob: https://social.lol; style-src 'self' https://social.lol 'nonce-eRRkP5Bh17+A6aapbaZiLQ=='; media-src 'self' https: data: https://social.lol; frame-src 'self' https:; manifest-src 'self' https://social.lol; form-action 'self'; child-src 'self' blob: https://social.lol; worker-src 'self' blob: https://social.lol; connect-src 'self' data: blob: https://social.lol https://media.social.lol wss://social.lol; script-src 'self' https://social.lol 'wasm-unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https:; img-src 'self' https: data: blob: https:; style-src 'self' https: 'nonce-H925Zs7WwPFj0G/IqtrUgQ=='; media-src 'self' https: data: https:; frame-src 'self' https:; manifest-src 'self' https:; form-action 'self'; connect-src 'self' data: blob: https: https: wss://ai.wiki; script-src 'self' https: 'wasm-unsafe-eval'; child-src 'self' blob: https:; worker-src 'self' blob: https: 1
default-src 'none'; base-uri 'self'; connect-src api.funcaptcha.com api.arkoselabs.com github-api.arkoselabs.com; form-action 'none'; frame-ancestors github.com *.github.com *.githubapp.com www-staging.npm.red www-sandbox.npm.red www.npmjs.com www-production.npmjs.com githubuniverse.com; frame-src api.funcaptcha.com api.arkoselabs.com github-api.arkoselabs.com; script-src api.funcaptcha.com api.arkoselabs.com cdn.arkoselabs.com github-api.arkoselabs.com 'unsafe-eval' github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests 1
base-uri *.pizzaranch.com; form-action 'self' *.pizzaranch.com; frame-ancestors 'self' *.pizzaranch.com pizzaranch.sharepoint.com; upgrade-insecure-requests 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: 'self'; frame-ancestors * data: blob: filesystem: 'self'; frame-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: 'self' web-chat.nativechat.com; form-action * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: 'self'; script-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: 'self' web-chat.nativechat.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net; style-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: 'self'; img-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; media-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: 'self'; child-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: 'self' web-chat.nativechat.com; connect-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; object-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: 'self' 1
https: data: wss: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' *.jjkeller.com *.gstatic.com *.mypurecloud.com; script-src 'self' tagmanager.google.com www.googletagmanager.com www.google-analytics.com learn.vubiz.com ajax.googleapis.com 'unsafe-inline' 'unsafe-eval' *.mypureconnect.com *.mypurecloud.com *.pureconnect.com *.jjkeller.com *.cloudfront.net *.us.cscp.hosted-inin.com cloud.scorm.com; frame-src 'self' *; style-src 'self' cdnjs.cloudflare.com tagmanager.google.com learn.vubiz.com fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' cdnjs.cloudflare.com *.gstatic.com data:; img-src 'self' jjk-tod-dev.s3.us-east-2.amazonaws.com jjk-tod-qas.s3.us-east-2.amazonaws.com jjk-tod-prod.s3.us-east-2.amazonaws.com jjk-training-mc.s3.us-east-2.amazonaws.com jjk-training-mc-qas.s3.us-east-2.amazonaws.com jjk-training-mc-prod.s3.us-east-2.amazonaws.com student-center-dev.s3.us-east-2.amazonaws.com student-center-prod.s3.us-east-2.amazonaws.com *.gstatic.com www.googletagmanager.com www.google-analytics.com data: www.jjkellertraining.com *.us.cscp.hosted-inin.com *.jjkeller.com; media-src 'self' data:; connect-src 'self' wss: cloud.scorm.com www.google-analytics.com metrics.articulate.com elearning.heart.org *.mypurecloud.com *.us.cscp.hosted-inin.com *.jjkeller.com 1
frame-ancestors 'self' https://*.paperflite.com 1
script-src 'self' 'unsafe-inline' connect.facebook.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com googleads.g.doubleclick.net www.google.com *.upmenu.com static.cdn-upm.com cdn.upmenu.com unpkg.com www.gstatic.com cs.cdn-upm.com 1
base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://cdn.cookielaw.org https://widget.trustpilot.com https://assets.adobedtm.com https://activitymap.adobe.com https://consorsfinanzgermany.d3.sc.omtrdc.net https://consorsfinanzgermany.tt.omtrdc.net https://consorsfinanzgermany.demdex.net/ https://connect.facebook.net https://www.google.com/pagead/conversion_async.js https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleadservices.com https://googleads.g.doubleclick.net https://doubleclick.net https://*.outbrain.com https://outbrain.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://fat.financeads.net/fpc.js https://*.adnxs.com http://cdn.tt.omt.rdc.net https://*.adsrvr.org https://*.taboola.com https://*.adup-tech.com https://bat.bing.com https://consorsfinanzgermany.experiencecloud.adobe.com https://*.tsdtocl.com https://*.sc-static.net https://sc-static.net https://tr.snapchat.com; frame-src 'self' https://activitymap.adobe.com https://consorsfinanzgermany.d3.sc.omtrdc.net https://consorsfinanzgermany.tt.omtrdc.net https://consorsfinanzgermany.demdex.net/ https://cdn.cookielaw.org https://85.215.217.53 https://webform.consorsfinanz.de https://webform2.consorsfinanz.de https://webform.staging.consorsfinanz.de https://webform2.staging.consorsfinanz.de https://www-tus.consorsfinanz.de https://www-tus.consorsfinanz.at https://googleadservices.com https://googleads.g.doubleclick.net https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://td.doubleclick.net/ https://*.adsrvr.org https://*.taboola.com https://*.adup-tech.com http://cdn.tt.omt.rdc.net https://consorsfinanzgermany.experiencecloud.adobe.com https://tr.snapchat.com; frame-ancestors 'self' https: https://cdn.cookielaw.org https://*.scrivito.com https://85.215.217.53 https://webform.consorsfinanz.de https://webform2.consorsfinanz.de https://webform.staging.consorsfinanz.de https://webform2.staging.consorsfinanz.de https://www-tus.consorsfinanz.de https://www-tus.consorsfinanz.at http://cdn.tt.omt.rdc.net https://consorsfinanzgermany.experiencecloud.adobe.com; object-src 'none'; block-all-mixed-content 1
frame-ancestors https://cms.aitworldwide.com https://cms.prod.aitworldwide.com https://aitworldwide.com https://www.aitworldwide.com https://prod.aitworldwide.com 1
frame-ancestors backupassist.com *.backupassist.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' app.hubspot.com cdn-3.convertexperiments.com cdnjs.cloudflare.com connect.facebook.net cta-service-cms2.hubspot.com js.hsforms.net js.hs-analytics.net js.hs-banner.com js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com platform.twitter.com play.vidyard.com run.pstmn.io script.crazyegg.com script.hotjar.com static.hotjar.com static.hsappstatic.net use.typekit.net www.googletagmanager.com www.google-analytics.com www.hubspot.com 'strict-dynamic' 'nonce-qilU9s97Z05moMw67/E8+g=='; report-uri https://send.hsbrowserreports.com/csp/report; upgrade-insecure-requests; 1
default-src 'unsafe-eval' 'unsafe-inline' 'self'         kit.fontawesome.com ka-f.fontawesome.com images.dmca.com         hpp.worldpay.com secure-test.worldpay.com secure.worldpay.com payments.worldpay.com payments-test.worldpay.com         www.google.com www.gstatic.com fonts.googleapis.com maps.googleapis.com stats.g.doubleclick.net *.googletagmanager.com *.google-analytics.com         api-fra.livechatinc.com api.livechatinc.com cdn.livechatinc.com secure-fra.livechatinc.com cdn.livechat-files.com         O40XY98UF2-1.algolianet.com O40XY98UF2-2.algolianet.com O40XY98UF2-3.algolianet.com O40XY98UF2-dsn.algolianet.com O40XY98UF2-dsn.algolia.net         www.1account.net         cdn.ckeditor.com         ajax.cloudflare.com www.youtube.com static.cloudflareinsights.com         a.omappapi.com z.omappapi.com api.omappapi.com          platform-api.sharethis.com buttons-config.sharethis.com l.sharethis.com count-server.sharethis.com         api.feefo.com collect.feefo.com register.feefo.com;         img-src 'self' data: via.placeholder.com         cdn.ckeditor.com cfs3.ecigarettedirect.co.uk images.dmca.com register.feefo.com api.feefo.com cdn.livechatinc.com         ws.sharethis.com platform-cdn.sharethis.com         a.omappapi.com         cdn.livechat-files.com         maps.googleapis.com maps.gstatic.com *.googletagmanager.com *.google-analytics.com;         font-src 'self' data: fonts.googleapis.com fonts.gstatic.com         ka-f.fontawesome.com kit.fontawesome.com         cdn.livechatinc.com;         frame-ancestors 'self' collect.feefo.com register.feefo.com; 1
default-src 'self' https://matomo.synlab-marketing.com https://www.synlab.com/ https://use.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com/ https://stats.g.doubleclick.net/ https://*.facebook.com/; script-src 'self' https://matomo.synlab-marketing.com 'sha256-r5je7hlS6vyt90cLbpmA5o8QTHC7LhQGGJXxqg6+r2I=' 'sha256-zeNQ1Zsk8yHM3YPZhjtQ10LFOYF/UyhG7n8KGQDUE7U=' 'sha256-iHGJ5i19ziUeF9T3Z4KT5OUJs2a+FcCTVll4uo0hzWI=' 'sha256-fGAFE7YNiW7o7PNXVpUESj76E7DIYbgpjCgIQiTUmF8=' 'sha256-rHpgAvGsiQLilQkVPRJ/DGBZohLZxppVBE3D539zsdA=' https://www.synlab.com/ https://*.googleapis.com https://*.googletagmanager.com/ https://*.google-analytics.com/ https://*.facebook.net/ https://*.facebook.com/ 'sha256-2CcTOHY0w7BAZd0H1xlbqMu/+T6nLhT2rOJ9hvUajX0='; style-src 'self' 'unsafe-hashes' 'sha256-7Wj4JppQPW/r0fhp+Y3lFnfwMGJjSJYaErRdXi/jGxw=' 'sha256-/YPxL8kyJOj2/X8QP372WIRfmvP0ukn3Y9uorNfBlg4=' 'sha256-6bAmZw5NoapXsCMb8nR8TOoU5N4WobdGHgfO6im6Ibo=' 'sha256-l1MXT3Lj+kzdyYz5VDg4IS4ZiSkYYPCwkhE4RTU/0TU=' 'sha256-8yfMSgFE3vbFvSMH52gPFezOBLTzl0szKJsFqVflEwM=' 'sha256-p/yolVJFERfwoUU+/BUCh8ueh3QpaF9uoPUDxTDLZlI=' 'sha256-dv2YtGCzeXCwGLqmGO4iMQiinLtyXEeEIgLcO2/gMHM=' 'sha256-dQu69vV3k5DKZw7zr8oBI/m9c/tQYG5f4kDvZV8bRkQ=' 'sha256-j9B9TCrVq3J0OB8ZmMnWdoB0cw43CPUj5keMgcQbcp8=' 'sha256-eCS/X9yxhlxNZVnwtcaTXCpj3moNU8VuOrqCfG4u05Y=' 'sha256-fUYjb6FZ1HGXIKRPGyYij+AKWCvDK/bD1X6RLC2AMcY=' 'sha256-1RhTVNV226i7DtvbMmk0UTy7ZNzJno8BNLgqxsEa2iI=' 'sha256-29mP3ltal9o37f9f0ChL6wsieCWLkDxoc/0UMZDhn1I=' 'sha256-DVKhS4QVqLnrpxgSw5gXVc089+Nq26cmwFU42+2SciM=' 'sha256-t6oewASd7J1vBg5mQtX4hl8bg8FeegYFM3scKLIhYUc=' 'sha256-7n3w1WvBIX5/yAxyE54NMK/kn9Wu3mFqCZZuJKewa+0=' 'sha256-iZBkg8QqVnJqKPRaZ0F/Lmf+Sba4scpQnfV3BWqfZdU=' 'sha256-cfe6XJ9nBeMa9cVFk8RJOvohSHa0kXkswZ8bXcyXlek=' 'sha256-iZBkg8QqVnJqKPRaZ0F/Lmf+Sba4scpQnfV3BWqfZdU=' 'sha256-Nk8KtQMHmZuVPF9MVPqk7DOGn6Iw1GsUa4cHOfONkBM=' 'sha256-4CwVlqQ9qCw9KI8AvXsO491oywovWlzKYq1o+8lp2AI=' 'sha256-WjonaVOEtizU3vLAmuevT+CtoBlnKHwksL81tuzv01Q=' 'sha256-QdLQa2lR62UYBIDVR4eRJvQo38d0V3FLq3EWbzL+3tA=' 'sha256-Hshn/7sDHhnSWjtmXN56a7vsjTP85dBsKhmBvcNu7Pw=' 'sha256-Qu5Jsh3qeAggHiXvX4t38EnV9Eo7JH2Ufn1VyU76M5E=' 'sha256-IHYEEcz2zouuNie2UfVPmMayvHLu1f8TEOXbdC0d65M=' 'sha256-vM1pHzRz3SlLcELhTfJ1Uu2kcDXcTxkjatuINsWoKvg=' 'sha256-S0i7CV28VOeE2yrWmPhaekV9FEpURaySsOifZOfZRvc=' 'sha256-eCMSLmwMM593EN39ayl0v/R87f8zI2SF6VnvZ1E9OMY=' 'sha256-iEw58h2QI8rjnaAX+BK1QM/TZrIBAUqaM0fYytwNHyM=' 'sha256-QOk3bbcXqzSRAvAd/esDNnd5NYH1aHdqiItMy+lmpB4=' 'sha256-JgYaiIzMTyOZunPiyMdd9BH6OSuXh5THxFukz4dcw9Q=' 'sha256-iZ5/ashNo7LJqXT63NMp4eXND2zSLDSyP1aVIpf69p0=' 'sha256-rqYIwpnS/WTJw3ZRiuwdfcsCt5JLafFNMm7NH/xGBnY=' 'sha256-mncQY6KemswXwu9IiIj8Fh9Y76Oe3x7D+8/8a7YziTw=' 'sha256-EobM8+pIeKD7oAzJWaMk6U3mTvRlWJavbqBLVZiFzgY=' 'sha256-IHYEEcz2zouuNie2UfVPmMayvHLu1f8TEOXbdC0d65M=' 'sha256-vM1pHzRz3SlLcELhTfJ1Uu2kcDXcTxkjatuINsWoKvg=' 'sha256-IHYEEcz2zouuNie2UfVPmMayvHLu1f8TEOXbdC0d65M=' 'sha256-vM1pHzRz3SlLcELhTfJ1Uu2kcDXcTxkjatuINsWoKvg=' 'sha256-JP+hxKQICZEbzo6h3i9xLSqDUxzcgpQ6mCw7elbjnKY=' 'sha256-VkqkfIdfbaZ+TyThlbBjQEo47dKrcqyoeHSctr+xOJs=' 'sha256-EjJxE0ZqmXKLnOjr5qiAzpTg3H3srYXM/dmq7qQYm0s=' 'sha256-KwEXuGChqdS1cLyDbubGQHqVjxe7HopmS9bnD744cZw=' 'sha256-3vxnamzLSKvoBJnXapp/aDIXopiGMSxc3gWIVvUCDxc=' 'sha256-+DnIzrCZ9qwS1QZQHDMiDCbNJugiNEYv9xF8NU8x7SY=' 'sha256-+iWgNE7W97XyJjJPGwKmVwOJ3S4Bd3n44X1ymC58EXQ=' 'sha256-PNsPul0zQFUiYu9XLVKzTdD5Cz5ghp1MT4H5/zAeI3Q=' 'sha256-42TFc49ICgM+GPeqISXzBXZ2PDlwMWDC1XsFenbNtBw=' 'sha256-g1+M02rsvlWQa9CjaRfEaZvT//NG7UhCKe8br+KXuF8=' 'sha256-j69g0Z+HAbHBMIzQNFis9uADYR6LPo2LYlSo6DI4wy0=' 'sha256-zZp8BI/LRCsExnI71KZA79vRfTQ/33qQr5GcSWAOwto=' 'sha256-/VVOq+Ws/EiUxf2CU6tsqsHdOWqBgHSgwBPqCTjYD3U=' 'sha256-cH1+lg4dJr7FMyPRntBLER2hcaREO8zDwh5wmjRu4EQ=' 'sha256-mmA4m52ZWPKWAzDvKQbF7Qhx9VHCZ2pcEdC0f9Xn/Po=' 'sha256-rrQkbm37X1AG8PmFQNMMX+LNWtUkMdvebm36oKudMqw=' 'sha256-cwZgAPm2CTAW2GLDlL0o2J5isI4Gr0wno+xO/MvtT3s=' 'sha256-NRUu/h5FvsW0EtcXyGoEWTX/6AmytL8cBcaTg8cdgow=' 'sha256-NRUu/h5FvsW0EtcXyGoEWTX/6AmytL8cBcaTg8cdgow=' 'sha256-GO+Rub2zgLP5HvKnsDm/sK3ve082uyhBucCs69bJ+IA=' 'sha256-B5wMOBSOkyqWkP7iTi5SIetH19+kkCbr2R28LZOn+/A=' 'sha256-5TmCSWsRHHKtNC4AgS23KS5Z9SBqma0xikI6H6iJ1/Y=' 'sha256-mjUy7dFc9gDb60NcMaH4/R0NQGqCh192/PlG/UkLyOI=' 'sha256-TFLTI+w0uUup2LDF0gEqZWwwg1byLFxTq5eVTCu590g=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-AU8djuQNT7YwO243PFZb17drIUllRws2/hufH7ouI3g=' 'sha256-0EZqoz+oBhx7gF4nvY2bSqoGyy4zLjNF+SDQXGp/ZrY=' 'sha256-5TmCSWsRHHKtNC4AgS23KS5Z9SBqma0xikI6H6iJ1/Y=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-vR4fmFKEX364Has8BxtybrqqK+zKZg3Gcw1OgfxlNaE=' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-0EZqoz+oBhx7gF4nvY2bSqoGyy4zLjNF+SDQXGp/ZrY=' https://www.synlab.com/ https://*.googleapis.com; frame-src 'self' https://vimeo.com/ https://*.vimeo.com/ https://*.facebook.com/ https://*.equitystory.com/ https://irpages2.eqs.com/; img-src 'self' data: https://www.synlab.com/ https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.google.de/ https://*.google.com/ https://*.google-analytics.com/ https://*.facebook.com/ https://*.googletagmanager.com/; frame-ancestors 'self' https://www.synlab.com; 1
frame-ancestors 'self' *.azurewebsites.net *.mychildatschool.com 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self' https://www.formstack.com; frame-ancestors 'self'; img-src 'self' data: https://res.cloudinary.com https://images.contentstack.io https://cdn.userway.org https://api.mapbox.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://celeb-lb-prod.danskebank.com https://consent.cookiebot.com https://s2.adform.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://snap.licdn.com https://www.linkedin.com https://px.ads.linkedin.com https://imasdk.googleapis.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://android.com https://windowsphone.com *.qbrick.com *.dna.ip-only.net *.112.2o7.net *.danskebank.dk *.danskebank.se https://danid.dk *.facebook.com *.facebook.net https://facebook.net https://*.facebook.net https://twitter.com *.omtrdc.net https://dpm.demdex.net https://static.licdn.com https://w3.org https://fbcdn.net https://cloud-emea.analytics-egain.com https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com *.qualtrics.com *.googlesyndication.com; object-src 'self' video.qbrick.com; frame-src 'self' https://td.doubleclick.net https://9856684.fls.doubleclick.net https://authorize.omniture.com https://sitecatalyst.omniture.com *.demdex.net https://priips.danskebank.com https://android.com https://windowsphone.com video.qbrick.com *.112.2o7.net *.danskebank.dk *.danskebank.se https://danid.dk *.facebook.com *.facebook.net https://facebook.net https://*.facebook.net https://twitter.com *.omtrdc.net https://static.licdn.com https://w3.org https://fbcdn.net https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com *.qualtrics.com bankid://* https://cloud-emea.analytics-egain.com https://logon.danskenet.com; 1
frame-ancestors https://*.bclc.com 'self' 1
upgrade-insecure-requests; base-uri 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js.hs-scripts.com/3274755.js www.clarity.ms cta-service-cms2.hubspot.com js.hubspot.com connect.facebook.net js.hscta.net js.jotform.com *.jotfor.ms links.services.disqus.com https://ats.rlcdn.com/ats.js c.disquscdn.com blogsdsd.disqus.com maps.googleapis.com www.google.com www.gstatic.com ajax.cloudflare.com cdnjs.cloudflare.com player.vimeo.com static.hsappstatic.net connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com js.usemessages.com js.hsleadflows.net js.hs-analytics.net js.hsadspixel.net js.hs-banner.com js.hscollectedforms.net js.hs-scripts.com snap.licdn.com www.google-analytics.com forms.hsforms.com www.googletagmanager.com static.datasciencedojo.com js.hsforms.net datasciencedojo.com *.datasciencedojo.com js.stripe.com form.jotform.com datasciencedojo.sharepoint.com https://www.facebook.com https://www.youtube.com https://dojobinder.datasciencedojo.com https://app.hubspot.com/events-visualizer.js; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors https://snapsheetvice.com https://www.rvezy.com https://*.openly.com https://loggerhead.insurance https://*.unqork.io https://*.ourbranch.com 1
default-src 'self' www.gravatar.com player.vimeo.com *.vimeocdn.com packages.umbraco.org our.umbraco.org;script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.bugherd.com *.pusher.com;connect-src 'self' *.cognitoforms.com *.amazonaws.com  *.linkedin.com *.visualstudio.com stats.g.doubleclick.net *.google-analytics.com consentcdn.cookiebot.com *.pusher.com sessions.bugsnag.com; img-src 'self' data: *.linkedin.com *.cookiebot.com *.lfeeder.com www.gravatar.com www.googletagmanager.com umbraco.tv www.google-analytics.com fakeimg.pl dashboard.umbraco.com tracking.monsido.com d2iiunr5ws5ch1.cloudfront.net bugherd-attachments.s3.amazonaws.com *.bugherd.com;font-src 'self' *.cognitoforms.com fonts.googleapis.com data: fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.cognitoforms.com fonts.googleapis.com;form-action 'self' *.flutter.com *.ddlnk.net;frame-src 'self' vimeo.com player.vimeo.com *.youtube.com ir.design-portfolio.co.uk *.q4web.com platform.twitter.com consentcdn.cookiebot.com;media-src 'self' player.vimeo.com vod-progressive.akamaized.net download-video.akamaized.net; 1
frame-ancestors https://*.gencallar.com.tr https://*.inveon.info; 1
default-src 'none'; connect-src 'self'; script-src 'self' 'unsafe-inline'; img-src 'self' data: 22h.s3.nl-ams.scw.cloud; font-src 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-src www.youtube.com; base-uri 'self'; form-action 'self'  1
frame-ancestors 'self' iseaint.net; 1
frame-ancestors 'self' X-Frame-Options: sameorigin; base-uri 'self'; 1
script-src 'self' assets.adobedtm.com www.youtube.com https://googleads.g.doubleclick.net https://www.googletagmanager.com/ 'unsafe-inline' 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'nonce-ULOkFye0Hdgz+DEUhsoOwA=='; img-src 'self' https://espmstorage.blob.core.windows.net/espm/; object-src 'none'; base-uri 'self' 1
script-src 'self'  'unsafe-inline' *.omtrdc.net assets.adobedtm.com *.demdex.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self' 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ *.demdex.net;connect-src 'self' ws: *.demdex.net *.omtrdc.net;child-src 'self' *.demdex.net www.google.com;worker-src 'self' blob:;img-src 'self' data: *.omtrdc.net https://op-developer-cms.op-content.fi https://opcms.op-content.fi;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self'; img-src 'self' https://*.awin1.com https://*.zenaps.com https://*.bing.com data: https://cookie-cdn.cookiepro.com https://cxsurvey.foresee.com https://gateway.foresee.com https://s.foresee.com https://static.foresee.com https: https://*.google-analytics.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://attachuk.imi.chat https://*.magnolia-cloud.com https://cdn.optimizely.com https://ads-api.twitter.com https://ads-twitter.com https://analytics.twitter.com https://ucm-eu.verint-cdn.com https://survey.efmfeedback.com; script-src 'self' 'unsafe-eval' https://www.dwin1.com/ https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://*.bing.com https://*.btttag.com https://btttag.com https://cookie-cdn.cookiepro.com https://connect.facebook.net https://*.fontawesome.com/ 'unsafe-inline' https://analytics.foresee.com https://brain.foresee.com https://cxsurvey.foresee.com https://device.4seeresults.com https://gateway.foresee.com https://record.foresee.com https://survey.answerscloud.com https://survey.foreseeresults.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://ajax.googleapis.com https://attachuk.imi.chat https://widget-api.imi.chat https://script.infinity-tracking.com https://*.magnolia-cloud.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://s.pinimg.com/ https://*.quantummetric.com https://trc.taboola.com/ https://cdn.taboola.com/ https://widget.trustpilot.com https://static.ads-twitter.com/ https://ucm-eu.verint-cdn.com; frame-src 'self' https://prod.respondselfserve.com https://*.awin1.com https://*.zenaps.com https://bid.g.doubleclick.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.googletagmanager.com https://td.doubleclick.net/ https://attachuk.imi.chat https://a659861340.cdn.optimizely.com https://a659861340.cdn-pci.optimizely.com https://ct.pinterest.com/ https://*.quantummetric.com https://dgscottishpower.tmtx.co.uk https://widget.trustpilot.com https://youtube.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cxsurvey.foresee.com https://gateway.foresee.com https://tagmanager.google.com https://fonts.googleapis.com https://*.googletagmanager.com https://attachuk.imi.chat https://*.magnolia-cloud.com https://ucm-eu.verint-cdn.com; font-src 'self' https://*.fontawesome.com https://cxsurvey.foresee.com https://gateway.foresee.com https://fonts.gstatic.com data: https://attachuk.imi.chat https://ucm-eu.verint-cdn.com; connect-src 'self' https://*.athome.domesticandgeneral.com https://www.dwin1.com https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://*.bing.com https://*.btttag.com https://btttag.com https://cookie-cdn.cookiepro.com https://privacyportal.cookiepro.com https://geolocation.onetrust.com https://*.fontawesome.com/ https://analytics.foresee.com https://brain.foresee.com https://cxsurvey.foresee.com https://device.4seeresults.com https://gateway.foresee.com https://record.foresee.com https://survey.answerscloud.com https://survey.foreseeresults.com wss://hoover.foresee.com https://hoover.foresee.com https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://rtm.imiconnect.io https://attachuk.imi.chat https://widget-api.imi.chat https://*.infinity-tracking.com https://ict.infinity-tracking.net https://*.lightstep.com https://api.addressy.com https://*.magnolia-cloud.com https://gmail.us13.list-manage.com/subscribe/post https://logx.optimizely.com https://*.optimizely.com https://ct.pinterest.com/ https://*.quantummetric.com https://*.taboola.com/ https://ucm-eu.verint-cdn.com https://survey.efmfeedback.com; object-src 'none'; worker-src blob:; child-src blob:; frame-ancestors https://*.magnolia-cloud.com; 1
default-src 'self'; connect-src 'self' https://stats.g.doubleclick.net https://analytics.google.com https://maps.googleapis.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com/; frame-src 'self' https://www.youtube.com/; img-src 'self' https://www.google-analytics.com https://maps.gstatic.com https://i.ytimg.com/vi_webp/kt7RdwfZ2dg/mqdefault.webp https://*.global.siteimproveanalytics.io https://maps.gstatic.com/mapfiles https://maps.googleapis.com/maps/ data:; media-src 'self'; object-src 'self'; script-src 'self' https://maps.googleapis.com/ https://maps.googleapis.com/maps-api-v3/api/js/ http://www.timevaluecalculators.com https://www.youtube.com https://www.google-analytics.com https://stats.g.doubleclick.net/ ajax.googleapis.com www.googletagmanager.com siteimproveanalytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://www.timevaluecalculators.com/timevaluecalculators/Includes/Calculators_DefaultStyles.css; 1
default-src 'self' *.katacoda.com learning.oreilly.com; img-src *; style-src 'self' 'unsafe-inline' *.katacoda.com *.oreilly.com cdn.oreillystatic.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' *.katacoda.com cdn.trackjs.com openfpcdn.io www.google-analytics.com www.googletagmanager.com; connect-src 'self' wss://*.katacoda.com *.katacoda.com *.launchdarkly.com *.trackjs.com www.google-analytics.com stats.g.doubleclick.net; font-src 'self' *.katacoda.com *.oreilly.com cdn.oreillystatic.com fonts.googleapis.com fonts.gstatic.com; object-src 'none'; frame-ancestors 'self' *.katacoda.com learning.oreilly.com 1
script-src 'self' blob: dcpages.bcbsil.com *.mpeasylink.com *.omtrdc.net *.bcbsmt.com *.convertlanguage.com *.walkme.com *.jquery.com *.brightcove.com *.marinsm.com *.clarity.ms *.steelhousemedia.com *.stackadapt.com 'sha256-TaExF0h6PbVzApp77ShCLHlksDwCQRq4atYoaCsC9I8=' 'sha256-Rqz5HBTdDZqvx9tFQtMxkOrL6I7oKHMPUmejT+2LMw8=' 'sha256-0rnAJ6vApAwYvkwKRItvYvJBuC2Tc6FUGnpWWGKm0s0=' 'sha256-E3D70tU+C9GFn1aNG7ja3BGmXO6SUTBfXNPkiks6YKM=' 'sha256-WiBrp8n6qzXaR53OMuij2Wqky+WBAZHWS4m9u+Y6Vgs=' 'sha256-Bwbsdql2wuxPBfreVcjv4IcQRIm2tK54E/ZtuKmHmLI=' 'sha256-+QoWUsMtJAiKNrS9ddu7252XOoLq26XVwk4TdboDGM0=' 'sha256-EFemVE1/2VPlNZdptBdgN2GjWc7noj81GGGv0MwOyJY=' 'sha256-K83smGC12/mOrMV+5hXYSc0TQHjFQM6XX+Zdj9pBbas=' 'sha256-Fx0LrAqaK0HfpKOTd5jtbUe4X89Fz86oesjqSQUn8Y8=' 'sha256-L+CdrbB/3MWzakKjyzoy8w1eIqDVGrsftnkvJdo4gIc=' 'sha256-ud+TXSHWwW6/Ltq5qioGqWeGcQMxHWR5TiMnvYBaUEk=' 'sha256-BaFk7RP58iF1BkZHdqeujuDXXLld9PS1LiKm9MnnQ2A=' 'sha256-3BUC2uqkLtf11hujvyMEl1NTcrpXaw9M/nxK0qpugE4=' 'sha256-wdeGPZ1HJ+lMQiVfS4znvmAO3Fmlc1V4FXPoN7598Kk=' 'sha256-ThHZXYAEciBA4PPtRsuwrM4rS6A27cEeDZfKFgMjOHs=' 'sha256-Fx0LrAqaK0HfpKOTd5jtbUe4X89Fz86oesjqSQUn8Y8=' 'sha256-XpDQ/sKD1Q35z6yrfuUgNaqcpCpmaF6wIFXhd6+xJLo=' 'sha256-1jH1jUGW8+/nnNLV4s1f8jHlAtMsBv985QVausqXm5s=' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' 'sha256-SwyKbZ54VAT7TGzBcl3GoAg00lZI99A0vLQ3BHuFvUY=' 'sha256-518pk5SuTHe1wO+qPfs05CALGxGj8b7R9joTeyF3MMg=' 'sha256-N63VR5czWRUyi4yTEGyoam6orM200eR4SB/ndd2vCSE=' 'sha256-h1BXcWieM0hfS3GVpaXzPev+V7bbo0VQKstgeMXvP04=' 'sha256-nyYhGb/ogFCXA+jjhnQPaWmEGq7zMi7is/Og/WHHu1U=' 'sha256-MW7xYbbWUIy+vpnrRUsAKgafurRDpmEtw8ibUiTK9kg=' 'sha256-nwxOa/AwuXKhEnQfF8z3U9AQyig3d1tfIX6QLS1c7/U=' 'sha256-PYtocK3DFaOHMHXcTLPhO1P5IEXMf8cf6Yyf1u0USFQ=' 'sha256-prCWgxIMGDrHbwdw5mT2MeFWJJGImVIKxAV7gJOpQ0w=' 'sha256-tU2s1s4syE7gpagiZ/DMk2OM7ZcxzIYUDAn0ZWZZvcw=' 'sha256-IohmHrNbNfYp1N8eOkosBSzsog22PSpNMgxp+rP0ba0=' 'sha256-gdUVY3rNP3d8mugxATRy94Oef9TvyvQv4LByypmpoQM=' 'sha256-Oc0DJ+pN/Q9MEzC3WsStCthU0JXK5IxeTD/NO180ggI=' 'sha256-3R5kPMMUS7lCbC94I1yEP6/LrPcCxCpJkMghRm5vc+M=' 'sha256-TfsnO13RGWJOuqMSQ71jj+6N2s997hJAghDCvf9s9dM=' 'sha256-xri8zZKOW+5jts4GRTZuQGosPS+dSTQJr5bebWtNr90=' 'sha256-zOJVpbdSYuV1KeKh04uYsnYyneK7qLzkfYDw9h6+0KM=' 'sha256-0Cmn/CPjE7iLtaGEpZ3gIbyK7+T2PCg6t/q0GQ8aurU=' 'sha256-+F7WJt5j0JAyOvITKopxkUbW3zrhfgO/64YUDWNfWV4=' 'sha256-V5fb1zKsLvfOQE+Tz3abD2NIZPMKdQKrZG6116lj62Y=' 'sha256-/R+9/01InyDhaLq1zYqbjyPav2dunvCCN1mHJxx026U=' 'sha256-023g/MYKiNi2UHZqb0fjW4jU0C9zmvXY7ylFFTbQLAs=' 'sha256-9w+aFd0ogU/pVs/M0q0ixKcQLrt524ABSMma2ixZRmA=' 'sha256-uvQd362cMOZMihRdpHDQkkQG005hI1hAULGe/1hrq7A=' 'sha256-RLZndXh1nmE1wrQG6kjO6AGpiyGJTN5t/otHymIj8UA=' 'sha256-ttmSnfQfAQQQiV28ls0mnFkkr+dl0cSWZO+7qlgQV7w=' 'sha256-JV3lxBYaKBxEcW9cv7bpM9YrLNCSO2x+5hI319J5VH4=' 'sha256-s1BV33CoxJjYzvmpCjN3WTwdPhNhnco3NW1k5J/YA3o=' 'sha256-7JcAvVdE2sCnsRNg9sUUpEVPc2NLH+qJYzoCeD2nHss=' 'sha256-ehPVrgdV2GwJCE7DAMSg8aCgaSH3TZmA66nZZv8XrTg=' 'sha256-ooG2PlUfrfqVyDZV30w0BK5FwqPKhiPhrYEc3z3R3ow=' 'sha256-5nRGMOmqCmDqDhW/cRGfA1gF0jaDt730ej6AJpe2m9g=' 'sha256-7bwnNunfhUOLCxywkp0xlObo3iqPpAfiCr6IN5IeXCA=' 'sha256-0Pvth24NB2HpvezgdvpJMgDYWi91zp9XQc0lnwVD76I=' 'sha256-VL0W/0a7GGeMu92Qz6/kju/TfhubARqd6hobZ5vR8HM=' 'sha256-G38Y5gB6x7PXV8puXKlJ1t7rV5fLuVPEDLHAb64SY20=' cdn.walkme.com  *.bcbsil.com *.bcbstx.com *.marketo.net *.hcsc.net contentz.mkt922.com healthcareservicecorporation.sc.omtrdc.net resources.digital-cloud-west.medallia.com dx.steelhousemedia.com cdn.decibelinsight.net *.facebook.net *.googleadservices.com bat.bing.com *.googletagmanager.com nexus.ensighten.com *.google-analytics.com js-cdn.dynatrace.com assets.adobedtm.com googleads.g.doubleclick.net gateway.foresee.com dx.steelhousemedia.com *.kampyle.com *.medallia.com, frame-src 'self' dcpages.bcbsil.com *.mpeasylink.com *.bcbsmt.com hcsc.demdex.net *.brightcove.net *.youtube.com resources.digital-cloud-west.medallia.com healthcareservicecorporation.sc.omtrdc.net *.kampyle.com *.medallia.com *.doubleclick.net, frame-ancestors 'self' 1
frame-ancestors 'self'; default-src 'self'; script-src 'report-sample' 'self' https://matomo.go-springtime.com/piwik.js 'unsafe-inline'; style-src 'report-sample' 'self' https://fonts.googleapis.com 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://jobs.go-springtime.com https://matomo.go-springtime.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self'; img-src 'self' data:; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src 'unsafe-inline' 'self' *.webscale.support https://www.podbean.com https://*.youtube.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.crownpeak.net https://*.imgix.net https://siteimproveanalytics.com https://*.siteimproveanalytics.io https://*.googletagmanager.com https://*.onetrust.com https://*.cookielaw.org https://*.google-analytics.com https://stats.g.doubleclick.net https://*.google.com https://player.vimeo.com; frame-src https://cdn.yoshki.com/ https://www.podbean.com https://*.cookiepro.com https://*.youtube.com https://player.vimeo.com; 1
default-src *.alua.com *.alua.dev *.cloudflarestream.com *.videodelivery.net; img-src 'self' data: *.alua.com alua.com *.alua.dev *.unsplash.com *.cloudinary.com app.statuscake.com *.google-analytics.com *.facebook.com www.googletagmanager.com *.googleusercontent.com; script-src 'unsafe-eval' 'self' *.facebook.net *.google-analytics.com *.cloudflare.com *.alua.com *.google.com *.gstatic.com *.googletagmanager.com cdn.rollbar.com cdn.jsdelivr.net cdn.rawgit.com 'unsafe-inline'; font-src 'self' 'unsafe-inline' data: *.gstatic.com cdn.jsdelivr.net; base-uri 'self'; form-action 'self' *.alua.com alua.com *.facebook.com; style-src 'self' 'unsafe-inline' *.googleapis.com cdn.rawgit.com data: cdn.jsdelivr.net cdnjs.cloudflare.com; connect-src 'self' *.google-analytics.com *.google.com *.doubleclick.net *.facebook.com *.alua.com *.alua.dev *.slack.com cdn.jsdelivr.net api.rollbar.com api.github.com; frame-ancestors 'none'; frame-src *.google.com *.facebook.com 'self'; media-src *.cloudinary.com app.statuscake.com *.alua.com alua.com *.alua.dev *.cloudflarestream.com *.videodelivery.net 1
default-src 'self' api.celebrationcinema.com api2.celebrationcinema.com *.google-analytics.com 127.0.0.1 google-analytics.com *.braintreegateway.com *.braintree-api.com *.tiktok.com *.doubleclick.net *.facebook.net https://celebrationcinema.com https://themidtowngr https://123gr https://studioparkgr celebrationcinema.com *.celebrationcinema.com https://barcodeapi.org; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.googletagmanager.com *.tagmanager.google.com *.google.com *.tiktok.com *.doubleclick.net *.adroll.com *.surveymonkey.com https://celebrationcinema.com https://themidtowngr https://123gr https://studioparkgr recruitingbypaycor.com *.recruitingbypaycor.com 'self' web-chat.nativechat.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.googletagmanager.com *.tagmanager.google.com *.google.com https://celebrationcinema.com https://themidtowngr https://123gr https://studioparkgr 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.dec.sitefinity.com *.doubleclick.net *.google.com *.adsrvr.org *.demdex.net *.bluekai.com *.rubiconproject.com *.yahoo.com api.celebrationcinema.com 127.0.0.1 http://127.0.0.1 https://127.0.0.1 https://bystudioc-stage.azurewebsites.net https://bystudioc-sync-auto.azurewebsites.net https://celebrationcinema.com * https://barcodeapi.org 'self' web-chat.nativechat.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src *.helpscoutdocs.com *.braintreegateway.com *.youtube.com *.spotify.com *.google.com *.surveymonkey.com recruitingbypaycor.com *.recruitingbypaycor.com 'self' web-chat.nativechat.com forms.hsforms.com; connect-src *.google.com *.mktoresp.com *.braintree-api.com/ *.braintreegateway.com/ *.tiktok.com *.google-analytics.com *.doubleclick.net d.adroll.com api.celebrationcinema.com *.googleapis.com maps.googleapis.com celebrationcinema.com *.celebrationcinema.com 'self' forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com open.spotify.com/ https://moviecelebrationapi.peachdigital.com *.braintree-api.com/ *.braintreegateway.com/ *.helpscoutdocs.com 'self' web-chat.nativechat.com 1
default-src 'self' blob: https://api2.amplitude.com https://*.zopim.com *.gentu.com.au *.force.com https://geniesolutions--uatfull.sandbox.my.salesforce.com https://magentus.my.salesforce.com https://help.geniesolutions.com.au https://c.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com wss://*.zopim.com wss://*.smooch.com https://js.intercomcdn.com *.magentus.com; connect-src 'self' *.smooch.io wss://*.smooch.io https://api2.amplitude.com *.force.com https://geniesolutions--uatfull.sandbox.my.salesforce.com https://magentus.my.salesforce.com https://help.geniesolutions.com.au https://c.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com wss://*.zopim.com *.gentu.com.au https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io  https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com wss://ws-api.production.genie-platform-production.com/websocket https://support.geniesolutions.com.au https://api.production.genie-platform-production.com https://production-template-public-images.s3.ap-southeast-2.amazonaws.com https://*.browser-intake-datadoghq.com https://*.geniesolutions.cloud *.magentus.com; font-src 'self' data: https://fonts.gstatic.com *.gentu.com.au https://gentu-production-assets.s3-ap-southeast-2.amazonaws.com https://js.intercomcdn.com https://fonts.intercomcdn.com *.magentus.com; frame-src 'self' https://app.powerbi.com/ *.force.com https://geniesolutions--uatfull.sandbox.my.salesforce.com https://magentus.my.salesforce.com https://help.geniesolutions.com.au https://c.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://www.youtube.com blob: https://*.geniesolutions.cloud *.magentus.com; img-src 'self' https://support.geniesolutions.com.au https://gentu-production-assets.s3-ap-southeast-2.amazonaws.com data: blob: https://v2assets.zopim.io http://production-template-public-images.s3.amazonaws.com https://*.gentu.com.au https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://*.magentus.com; script-src 'self' blob: *.smooch.io https://app.powerbi.com *.force.com https://geniesolutions--uatfull.sandbox.my.salesforce.com https://magentus.my.salesforce.com https://help.geniesolutions.com.au https://c.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com *.gentu.com.au https://gentu-production-assets.s3-ap-southeast-2.amazonaws.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com *.magentus.com 'sha256-4ahLko5vU/CyrnVEylFrEST+snqnQGVDj3Bn7HsRCMw=' 'nonce-gn2sTnEVjkgdL1wvblVfuIoS3rbpuS4+3Xr+wLhJcco=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.gentu.com.au *.force.com https://geniesolutions--uatfull.sandbox.my.salesforce.com https://magentus.my.salesforce.com https://help.geniesolutions.com.au https://gentu-production-assets.s3-ap-southeast-2.amazonaws.com blob: *.magentus.com 1
connect-src 'self' *.algolia.io *.algolia.net *.algolianet.com *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.sentry.io *.userway.org *.voyagetext.com *.zdassets.com *.zendesk.com *.zopim.com code.jquery.com pro.ip-api.com sentry.io stats.g.doubleclick.net vyg.mobi wss://widget-mediator.zopim.com; default-src 'self'; font-src 'self' *.facebook.com *.googleapis.com *.gstatic.com cdn.userway.org data: static-cdn.ammunitiontogo.com themes.googleusercontent.com; frame-src 'self' *.facebook.com *.google.com *.googleapis.com *.userway.org; img-src 'self' *.facebook.com *.google-analytics.com *.googleapis.com *.gstatic.com *.userway.org *.zopim.io data: pubads.g.doubleclick.net static-cdn.ammunitiontogo.com stats.g.doubleclick.net; manifest-src static-cdn.ammunitiontogo.com www.ammunitiontogo.com; media-src 'self' *.facebook.com *.zdassets.com *.zopim.com; object-src 'self' *.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.io *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.userway.org *.voyagetext.com *.zdassets.com *.zopim.com assets.voyagetext.com blob: browser.sentry-cdn.com cdn.ravenjs.com code.jquery.com https://cdn.jsdelivr.net/npm/algoliasearch@4/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4 static-cdn.ammunitiontogo.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' *.facebook.com *.google.com *.googleapis.com *.gstatic.com cdn.userway.org static-cdn.ammunitiontogo.com 1
upgrade-insecure-requests; default-src 'self' *.myinwebo.com ult-inwebo.com; img-src 'self' *.myinwebo.com data:; style-src 'unsafe-inline' 'self' *.myinwebo.com ult-inwebo.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.myinwebo.com ult-inwebo.com https://code.jquery.com; 1
frame-ancestors https://*.trend.at https://*.vgn.at; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.testkontur.ru kontur.ru *.kontur.ru http://*.kontur.ru wss://ntf.kontur.ru *.skbkontur.ru *.kontur-ca.ru *.kontur-extern.ru *.diadoc.ru *.kontur.host kontur.tools *.a-practic.ru *.atlasnw.ru *.infotrust.ru *.parc.ru https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://metrika.yandex.ru https://yastatic.net *.globalsign.com *.burgaz.ru *.gazprom-hr.transfer *.cryptopro.ru *.tinkoff.ru *.tbank.ru *.tcsbank.ru https://clientcd.kontur:3443 lh3.googleusercontent.com; img-src 'self' data: *.testkontur.ru kontur.ru *.kontur.ru http://*.kontur.ru wss://ntf.kontur.ru *.skbkontur.ru *.kontur-ca.ru *.kontur-extern.ru *.diadoc.ru *.kontur.host kontur.tools *.a-practic.ru *.atlasnw.ru *.infotrust.ru *.parc.ru https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://metrika.yandex.ru https://yastatic.net *.globalsign.com *.burgaz.ru *.gazprom-hr.transfer *.cryptopro.ru *.tinkoff.ru *.tbank.ru *.tcsbank.ru; report-uri https://frontreport-relay.kontur.host/csp/ 1
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' *.guildmortgage.com *.google-analytics.com *.visualwebsiteoptimizer.com app.vwo.com *.tvsquared.com *.googleoptimize.com *.gstatic.com *.cloudflareinsights.com *.w.org *.google.com *.youtube.com *.yoast.com *.vimeo.com *.doubleclick.net *.worldchangers.reviews *.guildgiving.org wingify-assets.s3.amazonaws.com s3.amazonaws.com chart.googleapis.com *.cloudfront.net *.googletagmanager.com www.gstatic.com *.cherrycreekcolorado.com *.artisanhomeloans.com *.pentrustmortgage.com *.viewmortgage.com *.bellcohomeloans.com *.betterbuiltmortgage.com *.loansbyjohnny.com *.beauknowsmortgages.com *.smartmortgage.com; 1
default-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline' 'unsafe-eval';script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 1
default-src 'self' widget.trustpilot.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://web-sdk.smartlook.com/ https://api.uxsniff.com/cdn/js/uxsnf_track.js https://teddytor.abtasty.com/ https://player.vimeo.com/api/ x.clearbitjs.com reveal.clearbit.com wwww.trustpilot.com widget.trustpilot.com js.na.chilipiper.com www.googleadservices.com tag.clearbitscripts.com bat.bing.com unpkg.com www.googleoptimize.com static.ads-twitter.com snap.licdn.com js.partnerstack.com prismic.io widget.trustpilot.com connect.facebook.net googleads.g.doubleclick.net js.intercomcdn.com js.hsleadflows.net widget.intercom.io client.axept.io static.axept.io serve.albacross.com www.google-analytics.com js.hs-analytics.net try.abtasty.com b.sf-syn.com js.hsadspixel.net js.hs-banner.com js.hscollectedforms.net www.googletagmanager.com capterra.com sourceforge.net static.cdn.prismic.io js.hs-scripts.com analytics.google.com https://web-sdk.smartlook.com/recorder.js https://www.google.com/recaptcha/ https://www.google.com/recaptcha/api https://www.gstatic.com/recaptcha/ https://stats.beta.gouv.fr/matomo.js https://stats.beta.gouv.fr/* https://stats.beta.gouv.fr/plugins/HeatmapSessionRecording/ https://impactco2.fr/scripts/detection.js blob: *.abtasty.com *.googleapis.com; child-src 'self'; connect-src *; frame-ancestors 'self' localhost:9999 localhost:3000; style-src 'self' 'unsafe-inline' teddytor.abtasty.com common-fonts.abtasty.com https://teddytor.abtasty.com/ https://common-fonts.abtasty.com/; img-src 'self' data: https: greenly.cdn.prismic.io images.prismic.io prismic-io.s3.amazonaws.com assets.capterra.com; font-src 'self' fonts.intercomcdn.com common-fonts.abtasty.com; media-src 'self' greenly.cdn.prismic.io js.intercomcdn.com; frame-src 'self' https://greenly.cdn.prismic.io/ https://lottie.host/ https://drive.google.com/ https://player.vimeo.com/video/ https://player.vimeo.com player.vimeo.com player.vimeo.com/ www.youtube.com youtube.com www.facebook.com wwww.trustpilot.com widget.trustpilot.com greenly.prismic.io td.doubleclick.net https://greenly.na.chilipiper.com/ https://www.google.com/recaptcha/ https://www.google.com/recaptcha/api https://recaptcha.google.com/recaptcha/ https://app.storylane.io/ 1
frame-ancestors 'self' https://rbi.experiencecloud.adobe.com https://fullstory.com https://edge.fullstory.com rs.fullstory.com https://test.salesforce.com https://login.salesforce.com https://unity--trinitydev.my.salesforce.com https://unity--trinitydev.sandbox.my.salesforce.com *.lookbookhq.com *.pathfactory.com *.adobedtm.com https://rbi.demdex.net *.cirium.com 1
style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
default-src 'self' data: blob: *.ifs.com *.justgiving.com *.searchstax.com *.twitter.com *.ads-twitter.com *.facebook.net https://*.onetrust.com https://*.sonobi.com https://*.spotxchange.com https://*.addthis.com https://*.socdm.com https://*.fout.jp https://*.stickyadstv.com https://*.adtdp.com *.litix.io *.demandbase.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.google-analytics.com www.googletagmanager.com *.googleadservices.com *.googleoptimize.com *.googleapis.com *.gstatic.com *.cloudflare.com *.leadforensics.com linkedin.oribi.io *.oribi.io *.t.co *.google.lk *.smartrecruiters.com *.mathtag.com *.doubleclick.net pixel.tapad.com *.marketo.com *.marketo.net *.linkedin.com *.krxd.net p.adsymptotic.com *.comparesoft.com tracking.g2crowd.com tr.apsislead.com static.oktopost.com tags.bkrtx.com snap.licdn.com *.rlcdn.com *.hotjar.com *.hotjar.io *.yahoo.com https://*.openx.net https://*.casalemedia.com https://*.bidswitch.net *.vendemore.com careers-p2energysolutions.icims.com https://*.adingo.jp *.clarity.ms www.facebook.com *.okt.to okt.to *.bluekai.com dpm.demdex.net *.company-target.com *.mktoresp.com *.bidr.io ads.stickyadstv.co *.google.com/ads/ *.liadm.com sync.navdmp.com *.zoominfo.com *.bing.com *.navdmp.com sync.crwdcntrl.net *.rubiconproject.com dpm.demdex.net *.company-target.com *.mktoresp.com *.bidr.io ads.stickyadstv.co *.google.com/ads/ *.liadm.com siteimproveanalytics.com sync.navdmp.com *.zoominfo.com *.bing.com *.navdmp.com sync.crwdcntrl.net *.rubiconproject.com aa.agkn.com y.one.impact-ad.jp wss://*.hotjar.com https://*.adnxs.com https://*.pubmatic.com https://*.adsrvr.org https://*.adform.net https://*.shinobi.jp https://*.smaato.net https://*.semasio.net *.akstat.io *.akamaihd.net *.go-mpulse.net *.adsrvr.org marketing.ultimo.com *.mplat-ppcprotect.com *.o11.tech *.sentry-cdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.company-target.com *.marketo.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' fast.wistia.com info.ifs.com; frame-src 'self' *.smartrecruiters.com *.o11.tech *.adsrvr.org marketing.ultimo.com *.company-target.com *.marketo.com careers-p2energysolutions.icims.com www.facebook.com info.ifs.com *.wistia.net *.hotjar.com *.bluekai.com *.doubleclick.net *.wistia.com; 1
default-src 'self' data:;script-src 'self' 'unsafe-eval' https: 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data: blob:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';worker-src blob:;upgrade-insecure-requests 1
script-src 'unsafe-inline' 'self' 'unsafe-eval' analytics.tiktok.com https://fonts.googleapis.com https://js.hsforms.net https://forms.hsforms.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://bat.bing.com https://www.googleadservices.com https://connect.facebook.net https://static.ads-twitter.com https://snap.licdn.com https://js.hs-scripts.com https://a.quora.com https://googleads.g.doubleclick.net https://js.hs-analytics.net https://px.ads.linkedin.com https://tagmanager.google.com https://static.hotjar.com https://www.google-analytics.com https://analytics.twitter.com https://script.hotjar.com https://sc-static.net https://www.linkedin.com https://platform.twitter.com https://secure-ds.serving-sys.com https://optimize.google.com https://cdn.segment.com https://tags.srv.stackadapt.com https://js.hsadspixel.net https://js.hsleadflows.net https://js.hs-banner.com  https://boards.greenhouse.io https://boards-cdn.greenhouse.io https://s3-cdn.greenhouse.io https://boards-api.greenhouse.io https://tag.simpli.fi https://i.simpli.fi https://munchkin.marketo.net https://go.yourbind.com  https://cdn.wisepops.com https://*.marketo.com https://www.yourbind.com https://staging-yourbind.netlify.app https://www.surest.com https://staging-surest.netlify.app https://acdn.adnxs.com https://*.on24.com https://assets.adoberesources.net https://documentcloud.adobe.com https://*.typekit.net *.adobe.io wss://*.adobe.io https://assets.adoberesources.net https://lh3.googleusercontent.com https://documentcloud.adobe.com js.zi-scripts.com tags.clickagy.com *.pixel.ad *.basis.net *.sitescout.com https://www.hlx.live https://rum.hlx.page/ https://www.aem.live https://rum.aem.page/ https://britehr.app https://www.facebook.com https://s.pinimg.com/ct/core.js https://ct.pinterest.com https://s.pinimg.com/ct/lib/main.cb6ceab7.js https://player.vimeo.com/api/player.js; frame-ancestors 'self' http://localhost:8000 https://surest-calculator-embed.vercel.app https://www.figma.com https://britehr.app; 1
script-src 'unsafe-eval' 'self' wss://*.zopim.com wss://*.hotjar.com *.api.friendlycaptcha.com *.jobsplice.com  *.eu-api.friendlycaptcha.eu  secure-ds.serving-sys.com *.goldenbees.fr *.botrecruiter.com *.evergage.com *.youtube-nocookie.com  *.evgnet.com  secure.adnxs.com  *.criteo.net *.addthisedge.com *.ads-twitter.com  *.infogram.com *.adnxs.com *.optimalworkshop.com   *.audioboom.com  secure-ds.serving-sys.com  secure.adnxs.com  *.acsbapp.com  acsbap.com *.appcast.io *.bizographics.com *.bootstrapcdn.com *.bootstrapcdn.com *.browser-update.org *.cloudflare.com *.cloudfront.net *.cloudinary.com *.criteo.com *.eggplant.cloud *.fontawesome.com *.google.co.uk *.google.ie *.googleadservices.com *.indeed.com *.ionicframework.com *.jquery.com *.jsdelivr.net *.moatads.com *.npmcdn.com *.plyr.io *.recaptcha.net *.scorecardresearch.com *.serving-sys.com *.sndcdn.com *.unpkg.com *.vimeocdn.com *.ytimg.com *.zencdn.net *.zendesk.com *.hays.ie *.moatads.com *.sndcdn.com  *.d3fw5vlhllyvee.cloudfront.net *.criteo.com  vc.hotjar.io *.addthis.com *.outbrain.com *.licdn.com *.doubleclick.net acsbapp.com *.accesstrade.net *.googleadservices.com consent-or.trustarc.com *.taboola.com web-material3.yokogawa view.ceros.com *.quantcount.com *.quantserve.com *.adscience.nl *.akamaized.net *.bit.ly *.crazyegg.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.graph.instagram.com *.gstatic.com *.hays.co.uk *.hays.com *.hotjar.com *.igodigital.com *.instagram.fbom5-1.fna.fbcdn.net *.linkedin.com *.nccgroup-webperf.com *.onrecruit.net *.optimizely.com *.slideshare.net *.soundcloud.com *.surveymonkey.com *.tealiumiq.com *.tiqcdn.com *.twimg.com *.twitter.com *.typography.com *.vimeo.com secure.imaginative-trade7.com  *.yahooapis.com  *.youtube.com *.zdassets.com *.zopim.com *.zopim.io accessibe.com acsbap.com consent.trustarc.com consent-pref.trustarc.com consent-st.trustarc.com prefmgr-cookie.truste-svc.net 'self' 'unsafe-inline' hm.baidu.com data:;worker-src 'unsafe-eval' 'self' cdn.jsdelivr.net blob: 1
frame-ancestors 'self';block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' platform.twitter.com static.cloudflareinsights.com cdnjs.cloudflare.com *.cdn.cookielaw.org connect.facebook.net cdn.jsdelivr.net *.cdn.civiccomputing.com googletagmanager.com buttons-config.sharethis.com platform-api.sharethis.com m.youtube.com tagmanager.google.com www.google.com maps.google.com www.googletagmanager.com www.gstatic.com www.youtube.com www.google-analytics.com maps.googleapis.com childrenscomm.shinyapps.io www.smartsurvey.co.uk data:; style-src 'self' 'unsafe-inline' cco.cloudflareaccess.com maxcdn.bootstrapcdn.com use.typekit.net p.typekit.net cdnjs.cloudflare.com cdn.jsdelivr.net tagmanager.google.com www.googletagmanager.com fonts.googleapis.com; object-src 'none'; child-src 'self' *.twitter.com childrenscommissioner.github.io *.soundcloud.com *.facebook.com connect.facebook.net www.google.com www.googletagmanager.com www.youtube.com childrenscomm.shinyapps.io www.smartsurvey.co.uk blob:; base-uri 'self'; img-src 'self' s188p01webfilesupload.blob.core.windows.net s188d01webfilesupload.blob.core.windows.net s188t01webfilesupload.blob.core.windows.net assets.childrenscommissioner.gov.uk test-assets.childrenscommissioner.gov.uk dev-assets.childrenscommissioner.gov.uk www.infotex.uk www.google-analytics.com www.googletagmanager.com maps.gstatic.com www.facebook.com maps.googleapis.com pbs.twimg.com data: platform-cdn.sharethis.com; 1
frame-ancestors 'self'; default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://code.jquery.com/jquery-3.1.0.min.js https://code.jquery.com/ui/1.12.1/jquery-ui.js https://ajax.googleapis.com/ajax/libs/angularjs/1.3.20/angular.min.js https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.3.20/angular-messages.min.js https://code.angularjs.org/1.3.0/angular-sanitize.js https://www.googletagmanager.com https://www.google-analytics.com https://view.ceros.com/scroll-proxy.min.js https://platform-api.sharethis.com https://t.sharethis.com https://script.crazyegg.com https://buttons-config.sharethis.com https://sdn.sitecore.net https://twitter.com http://twitter.com https://x.com https://twitter.com/intent/tweet https://maps.google.com https://www.google.com; connect-src https://btlaw.com https://assets-tracking.crazyegg.com https://tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://www.google-analytics.com https://script.crazyegg.com https://l.sharethis.com https://twitter.com https://x.com https://www.facebook.com https://twitter.com/intent/tweet; img-src 'self' data: https://images.passle.net https://l.sharethis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/daterangepicker/daterangepicker.css; frame-src https://maps.google.com https://view.ceros.com https://www.google.com https://www.youtube.com https://twitter.com https://t.sharethis.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com; form-action 'self'; base-uri 'none'; object-src 'none'; worker-src https://script.crazyegg.com data: 'unsafe-eval' 'unsafe-inline' blob:; upgrade-insecure-requests; block-all-mixed-content; report-uri /api/cspreport; 1
img-src *.cokesbury.com *.clarity.ms *.ytimg.com *.bounceexchange.com *.google-analytics.com *.s3.amazonaws.com *.goacoustic.com *.visualwebsiteoptimizer.com *.voltagesearch.com *.bing.com *.contentsquare.net *.google.com *.pages08.net *.facebook.com *.bouncex.net *.doubleclick.net 'self' blob: data: ;frame-ancestors 'self'; upgrade-insecure-requests; font-src *.cokesbury.com fonts.gstatic.com *.bounceexchange.com data:; default-src 'unsafe-inline' 'unsafe-eval' *.surveymonkey.com *.clarity.ms *.livechatinc.com *.google.com *.bounceexchange.com *.bing.com *.doubleclick.net *.contentsquare.net *.contentsquare.com *.turnto.com *.cokesbury.com *.facebook.net *.pepperjam.com *.visualwebsiteoptimizer.com *.bouncex.net *.googleapis.com *.gstatic.com *.myfonts.net *.addthis.com *.livechatinc.com *.voltagesearch.com *.addthisedge.com *.facebook.com *.google-analytics.com *.sc.pages08.net *.pages08.net *.moatads.com *.nice-incontact.com *.raygun.io *.paypal.com *.googleadservices.com *.pbbl.co *.agkn.com polyfill.io *.youtube.com *.vimeo.com *.cloudfront.net *.hoststreamsell.com hoststreamsell.com hoststreamsell-pics.s3.amazonaws.com *.connectedfaith.com *.e2ma.net *.streamlock.net *.ytimg.com *.pepperjamnetwork.com *.edgecastcdn.net *.goacoustic.com acoustic.co *.googletagmanager.com s3.amazonaws.com blob: moz-extension: resource:  1
child-src 'self' * ;connect-src 'self' acsbapp.com *.acsbapp.com *.google.com *.gstatic.com *.googleapis.com *.cookielaw.org * ;default-src 'self' * 'unsafe-inline' 'unsafe-eval' ;font-src 'self' fonts.gstatic.com *.googleapis.com * data:;frame-src 'self' *.google.com *.matterport.com *.sightmap.com sightmap.com * MailTo ;img-src 'self' *.gstatic.com *.googleapis.com *.photoshelter.com *.rentcafe.com * data:;media-src 'self' *.funnelleasing.com *.nestio.com * *.wistia.com *.vimeo.com *.youtube.com data: blob:;script-src 'self' www.googletagmanager.com fonts.gstatic.com *.googleapis.com *.google-analytics.com code.jquery.com script.crazyegg.com 'unsafe-inline' 'unsafe-eval' acsbapp.com *.acsbapp.com *.google.com *.cookielaw.org *.gstatic.com *.funnelleasing.com *.nestio.com *.newrelic.com *.sightmap.com sightmap.com * ;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.funnelleasing.com *.nestio.com * ;worker-src 'self' * blob:; 1
block-all-mixed-content; report-uri https://tfyre.co.za/wp-json/wpcsp/v1/route/LogPolicyViolation?_wpnonce=ae5f7f9adb 1
frame-ancestors 'self' https://*.edenireland.ie; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://js-agent.newrelic.com https://www.google-analytics.com;        style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net/;        font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://use.typekit.net https://p.typekit.net/;   worker-src 'self' 'unsafe-inline' blob:;  child-src 'self' 'unsafe-inline' blob: gap:; img-src 'self' 'unsafe-inline'  data: blob: https://www.google-analytics.com http://bytemgdd.com https://stats.g.doubleclick.net https://a.impactradius-go.com https://www.google.com;    connect-src 'self' 'unsafe-inline'  data: blob: https://www.google-analytics.com 1
frame-ancestors 'self' https://requests.routesonline.com 1
default-src 'none';child-src 'self' https://*.andanet.com https://*.andameds.com https://*.andanet.com:8443 https://*.andameds.com:8443 https://youtube.com https://*.hotjar.com https://*.hotjar.io https://cdn.appdynamics.com https://*.kore.ai wss://*.kore.ai https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com wss://*.salesforce-sites.com data: blob:;connect-src 'self' https://*.andanet.com https://*.andameds.com https://*.andanet.com:8443 https://*.andameds.com:8443 https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io https://col.eum-appdynamics.com https://*.google-analytics.com https://content.jwplatform.com https://*.jwpcdn.com https://*.jwpsrv.com https://*.doubleclick.net https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://cdn.appdynamics.com https://col.eum-appdynamics.com https://content.jwplatform.com https://*.jwpcdn.com https://*.jwpsrv.com https://jwpsrv-vh.akamaihd.net https://vc.hotjar.io https://stats.g.doubleclick.net https://*.vimeo.com https://*.vimeocdn.com https://*.facebook.com https://*.facebook.net https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.adsymptotic.com https://*.formstack.com https://*.kore.ai wss://*.kore.ai https://*.salesforce-sites.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.force.com wss://*.salesforce-sites.com https://analytics.google.com https://apis.google.com https://*.cookielaw.org;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.andanet.com https://*.andameds.com https://*.andanet.com:8443 https://*.andameds.com:8443 https://code.jquery.com https://maxcdn.bootstrapcdn.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.google.com https://*.gstatic.com https://*.doubleclick.net https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://cdn.appdynamics.com https://col.eum-appdynamics.com https://content.jwplatform.com https://*.jwpcdn.com https://*.jwpsrv.com https://jwpltx.com https://*.mailchimp.com https://*.linkedin.com https://*.linkedin.oribi.io https://chimpstatic.com https://*.mailchimp.com https://*.vimeo.com https://*.vimeocdn.com https://*.licdn.com https://*.adsymptotic.com https://*.facebook.com https://*.facebook.net https://*.formstack.com https://*.kore.ai wss://*.kore.ai https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com https://analytics.google.com https://apis.google.com https://*.cookielaw.org;img-src 'self' data: https://*.andanet.com https://*.andameds.com https://*.andanet.com:8443 https://*.andameds.com:8443 https://*.google-analytics.com https://www.google.com https://*.gstatic.com https://*.adnxs.com https://placehold.it https://*.hotjar.com https://*.hotjar.io http://via.placeholder.com https://col.eum-appdynamics.com https://content.jwplatform.com https://*.jwpcdn.com https://*.jwpsrv.com https://jwpltx.com https://*.mailchimp.com https://*.doubleclick.net https://*.linkedin.com https://*.linkedin.oribi.io https://openbadges.blob.core.windows.net https://*.vimeo.com https://*.vimeocdn.com https://*.adsymptotic.com https://*.facebook.com https://*.facebook.net https://*.formstack.com https://*.kore.ai https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com https://analytics.google.com https://*.cookielaw.org https://www.googleadservices.com https://www.googletagmanager.com;media-src 'self' blob: data:;style-src 'self' 'unsafe-inline' https://*.andanet.com https://*.andanet.com:8443 https://*.andameds.com:8443 https://*.andameds.com https://*.googleapis.com https://*.gstatic.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://*.mailchimp.com https://*.formstack.com https://*.kore.ai https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com https://*.apis.google.com;font-src 'self' data: https://*.andanet.com https://*.andameds.com https://*.andanet.com:8443 https://*.andameds.com:8443 https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.mailchimp.com;frame-src 'self' https://*.andanet.com https://*.andameds.com https://*.andanet.com:8443 https://*.andameds.com:8443 https://*.cybersource.com https://*.google.com https://*.hotjar.com https://*.hotjar.io https://content.jwplatform.com https://*.jwpcdn.com https://*.jwpsrv.com https://col.eum-appdynamics.com https://*.mailchimp.com https://*.doubleclick.net https://*.vimeo.com https://*.vimeocdn.com https://anda.formstack.com https://*.kore.ai wss://*.kore.ai https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com 1
default-src 'self' https://*.wcaworld.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://maps.googleapis.com https://calculator.pledge.io; font-src 'self' data: https://*.typekit.net https://*.gstatic.com; img-src 'self' data: https://*.wcaworld.com https://www.googletagmanager.com https://*.googleapis.com https://mcusercontent.com https://gallery.mailchimp.com https://*.gstatic.com; connect-src 'self' https://*.wcaworld.com https://www.google-analytics.com https://maps.googleapis.com; object-src 'self' data: blob: https://*.wcaworld.com; frame-src 'self' blob: https://*.wcaworld.com https://calculator.pledge.io https://www.youtube.com 1
default-src data: * 'unsafe-inline' 'self' 1
frame-ancestors 'self' http://www.close-up.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com v4.ai.ingka.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com translate-pa.googleapis.com www.youtube-nocookie.com www.youtube.com www.paypal.com blob: data: wss://web-api.ikea.com https://storage.googleapis.com/learnwithikeavideos/ unicorn-rainbow-flower.edgecompute.app ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com *.afterpay.com trackjs.com authentication.cardinalcommerce.com ppipe.net api.everythinglocation.com *.ikea-canada.ca *.taskrabbit.com *.adform.net js.adsrvr.org insight.adsrvr.org x.bidswitch.net *.bing.com cdn.curalate.com edge.curalate.com *.doubleclick.net googleads.g.doubleclick.net *.facebook.com *.facebook.net www.googleadservices.com *.googlesyndication.com *.google.ca *.pinterest.com s.pinimg.com api.pinpiaa.com *.pubmatic.com analytics.yahoo.com sp.analytics.yahoo.com *.teads.tv analytics.tiktok.com s.yimg.com *.flippenterprise.net *.cookielaw.org *.onetrust.com *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/ maps.googleapis.com fonts.googleapis.com www.googleapis.com *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com rules.quantcount.com secure.quantserve.com pixel.quantcount.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
script-src 'unsafe-eval' 'unsafe-inline' 'self' *.xiaoeknow.com *.xiaoe-tech.com *.xeknow.com *.baidu.com *.qq.com *.jsdelivr.net assets.giocdn.com *.myqcloud.com ssl.captcha.qq.com captcha.gtimg.com turing.captcha.gtimg.com turing.captcha.qcloud.com api.kuaidi100.com *.kuaidi100.com ;child-src 'unsafe-inline' 'self' *.xiaoeknow.com *.xiaoe-tech.com *.xeknow.com *.baidu.com *.qq.com *.jsdelivr.net assets.giocdn.com *.myqcloud.com api.kuaidi100.com *.kuaidi100.com shijiazhuang.hzyqtang.com turing.captcha.gtimg.com diy.bjsmbf.com *.xet.tech *.youku.com hangzhou.hzyqtang.com wuhan.hzyqtang.com qingdao.hzyqtang.com *.bilibili.com nanjing.hzyqtang.com guangzhou.hzyqtang.com beijing.hzyqtang.com turing.captcha.qcloud.com *.captcha.qq.com app8pb6pdz06734.hnhongxinglin.com shanghai.hzyqtang.com wechatapppro-1252524126.cos.ap-shanghai.myqcloud.com blob: chengdu.hzyqtang.com xian.hzyqtang.com tianjin.hzyqtang.com webcompt: app.powerbi.cn wvjbscheme: appjt4vifid1753.hnhongxinglin.com app7pjn4bvw7185.hnhongxinglin.com apppxwal76r6187.hnhongxinglin.com 1
frame-ancestors 'self' *.intergrall.com.br *.uranet.com.br; 1
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://partssource.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' *.surescripts.com; report-uri https://surescripts.com/report-uri/enforce 1
frame-ancestors 'self' https://immowelt.de https://immonet.de https://www.immowelt.de https://www.immonet.de https://www.dev.immonet.de/customer/lichtblick/ https://dev.immowelt.de/customer/lichtblick/; 1
frame-ancestors 'self' *.gdms.cloud; 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://selectra.es/report-uri/enforce 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://todon.eu; img-src 'self' https: data: blob: https://todon.eu; style-src 'self' https://todon.eu 'nonce-hEph0l4VYibruXpgxS8WZw=='; media-src 'self' https: data: https://todon.eu; frame-src 'self' https:; manifest-src 'self' https://todon.eu; form-action 'self'; child-src 'self' blob: https://todon.eu; worker-src 'self' blob: https://todon.eu; connect-src 'self' data: blob: https://todon.eu https://todon.eu wss://todon.eu; script-src 'self' https://todon.eu 'wasm-unsafe-eval' 1
img-src 'self' https: data:;script-src * 'unsafe-inline' blob:;worker-src * blob:;frame-src *;connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://cdn.ampproject.org https://svibeacon.onezapp.com https://*.yaksgame.com https://*.google.com;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
base-uri 'self' *.portfoliorecovery.com;              connect-src 'self' *.portfoliorecovery.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://surveystats.hotjar.io https://content.pra1.opentext.cloud https://content-preview.pra1.opentext.cloud https://content.pra1-test.opentext.cloud https://content.pra1-dev.opentext.cloud https://ui-authoring.pra1-test.opentext.cloud https://cdn.cookielaw.org https://origin.marketinghub.opentext.com https://www.google-analytics.com https://www.analytics.google.com/g/ https://analytics.google.com/g/ https://stats.g.doubleclick.net/ https://privacyportal.onetrust.com/request/v1/consentreceipts;               default-src 'self' *.portfoliorecovery.com;              font-src 'self' *.portfoliorecovery.com https://fonts.gstatic.com https://script.hotjar.com;     form-action 'self';              frame-src 'self' *.portfoliorecovery.com https://portfoliorecovery.egain.cloud/ https://www.surveymonkey.com/ https://player.vimeo.com/ https://www.marketinghub.opentext.com https://www.google.com/ https://vars.hotjar.com https://bid.g.doubleclick.net https://*.cybersource.com/;              frame-ancestors 'self' *.portfoliorecovery.com;              img-src 'self' *.portfoliorecovery.com *.google-analytics.com *.googletagmanager.com https://content.pra1.opentext.cloud https://content-preview.pra1.opentext.cloud https://content.pra1-test.opentext.cloud https://content.pra1-dev.opentext.cloud https://cdn-assets-cloud.frontify.com https://cdn.optimizely.com https://content.pra1.opentext.cloud https://ui-authoring.pra1-test.opentext.cloud https://content.pra1-dev.opentext.cloud https://origin.marketinghub.opentext.com https://www.marketinghub.opentext.com https://tags.w55c.net https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://aa.agkn.com https://prod.smassets.net/assets/responseweb/responseweb/ https://i.vimeocdn.com/video/861062727-ac8d5e060a589bdcc041d00f17d6a15bf8d2ba63372b02cf1c7eeb4f4e6d59d3-d_640 https://cdn.cookielaw.org https://analytics.convertlanguage.com https://static.hotjar.com https://script.hotjar.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://bat.bing.com/ https://c.bing.com/ https://i.vimeocdn.com/video/ data:;     script-src 'self' 'unsafe-inline' *.portfoliorecovery.com *.googletagmanager.com https://bat.bing.com/bat.js https://cdn.cookielaw.org/scripttemplates/ https://cloud-us.analytics-egain.com https://www.marketinghub.opentext.com https://secure.marketinghub.opentext.com https://www.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/html2canvas/1.4.1/html2canvas.min.js https://widget.surveymonkey.com https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.js https://www.google.com https://www.gstatic.com https://analytics.convertlanguage.com/mpwat.js https://googleads.g.doubleclick.net https://bat.bing.com https://static.hotjar.com https://script.hotjar.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://code.jquery.com https://maxcdn.bootstrapcdn.com https://player.vimeo.com/api/player.js https://*.cybersource.com/;     style-src 'self' 'unsafe-inline' *.portfoliorecovery.com https://portfoliorecovery.egain.cloud/system/templates/chat/prava/css/iframe-style.css https://portfoliorecovery.egain.cloud/system/templates/chat/prava_dev/css/iframe-style.css https://fonts.googleapis.com https://www.marketinghub.opentext.com https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://static.hotjar.com https://script.hotjar.com; 1
default-src 'self' data:     *     blob:     data:     ;  img-src 'self' data:     *     blob:     data:     ;  frame-src 'self'     *     ;  style-src 'self' 'unsafe-inline'     *     blob:     data:     ;  style-src-elem 'self' 'unsafe-inline'     *     blob:     data:     ;  font-src 'self' data:     *     blob:     data:     ;   script-src 'self' 'unsafe-inline' 'unsafe-eval'     *     blob:     data:     ;  script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'     *     blob:     data:     ;  connect-src     *     blob:     data:     ; 1
default-src 'self' 'unsafe-inline' data: img.sct.eu1.usercentrics.eu *.cookiebot.eu *.vesseltracker.com *.adler-schiffe.de *.faehre.de *.faehre2.de faehre2.de *.hoch2.dev *.ytimg.com *.youtube-nocookie.com *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.eu *.vesseltracker.com *.adler-schiffe.de *.faehre.de *.faehre2.de faehre2.de; 1
frame-ancestors 'none'; report-uri https://log.sso-portal.ca-central-1.amazonaws.com/log 1
default-src 'self' *.aiges.de aiges.de;                 script-src   'self' 'unsafe-inline' aiges.de *.aiges.de;                 style-src    'self' 'unsafe-inline' aiges.de *.aiges.de;                 font-src 'self' data: aiges.de *.aiges.de;                 media-src 'self' data: *.aiges.de aiges.de; 		object-src 'none'; 1
frame-src ops-cb.namabank.com.vn ops-static.namabank.com.vn ; 1
base-uri 'none';connect-src 'self'  *.oresund.io dc.services.visualstudio.com *.cookieinformation.com *.doubleclick.net 'unsafe-inline' *.googlesyndication.com *.google.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.convertexperiments.com data.wgp.se *.adnxs.com;font-src 'self' *.hotjar.com https://fonts.gstatic.com data;form-action 'self';frame-ancestors 'none';img-src 'self' self data: *.tt.se *.ritzau.dk *.ctfassets.net *.gstatic.com www.googletagmanager.com https://googletagmanager.com *.googlesyndication.com *.adnxs.com www.facebook.com *.google.com www.google.dk www.google.se *.hotjar.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12824419.fls.doubleclick.net;manifest-src 'self';media-src 'self' self data: *.ctfassets.net;object-src 'none';script-src 'self' *.reepay.com *.gstatic.com www.googletagmanager.com googletagmanager.com https://tagmanager.google.com 'unsafe-inline' 'unsafe-eval' *.cookieinformation.com *.google.com *.adnxs.com *.facebook.net *.googlesyndication.com www.googleadservices.com *.hotjar.com *.convertexperiments.com *.powerplatform.com;style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com *.hotjar.com;worker-src 'self'; 1
script-src 'self' https://optimize.google.com/optimize/editor/js/js.js https://optimize.google.com https://assets.ctfassets.net *.adalyser.com/adalyser.js *.amplify.outbrain.com *.trustpilot.com *.zdassets.com *.outbrain.com/ *.googletagmanager.com *.google-analytics.com *.googleadservices.com https://www.youtube.com https://player.vimeo.com https://connect.facebook.net http://platform.twitter.com https://a.quora.com https://websdk.appsflyer.com *.hotjar.com *.analytics.twitter.com http://cdn.mxpnl.com http://bat.bing.com/bat.js https://googleads.g.doubleclick.net https://script.hotjar.com *.ads-twitter.com http://widgets.getsitecontrol.com https://analytics.twitter.com https://tyviso.com/rewards-page/ cdn.pushcrew.com 'unsafe-inline' 'unsafe-eval'; object-src none 1
default-src https: blob:; connect-src 'self' https: wss: data: blob: track-eu.customer.io eu.customerioforms.com *.api.gist.build *.cloud.gist.build; font-src https: data: fonts.googleapis.com; frame-src https: renderer.gist.build code.gist.build; frame-ancestors 'self' binolla.com; img-src 'self' https: blob: data: track-eu.customer.io; media-src https: blob:; object-src https:; script-src 'self' binolla.com google.com www.google.com gstatic.com www.gstatic.com connect.facebook.net www.googletagmanager.com https://cdn.logrocket.io https://cdn.lr-ingest.com https://cdn.ingest-lr.com https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://fpnpmcdn.net https://static.cloudflareinsights.com assets.customer.io code.gist.build eu.customerioforms.com 'unsafe-inline' 'unsafe-eval'; style-src code.gist.build 'unsafe-inline' https:; script-src-elem 'self' binolla.com google.com www.google.com gstatic.com www.gstatic.com connect.facebook.net www.googletagmanager.com https://cdn.logrocket.io https://cdn.lr-ingest.com https://cdn.ingest-lr.com https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://fpnpmcdn.net https://static.cloudflareinsights.com assets.customer.io code.gist.build eu.customerioforms.com 'unsafe-inline' 'unsafe-eval'; worker-src 'self' binolla.com cdn.lr-ingest.com customer.io 'unsafe-inline' 'unsafe-eval' data: blob:; 1
frame-ancestors 'self' digi.secure.force.com https://app.storyblok.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; 1
frame-ancestors 'self' *.sprintecommerce.com *.venditan.com *.venditan.io *.vc-staging.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://toot.cat; img-src 'self' data: blob: https://toot.cat https://pool.jortage.com/tootcat/ https://blob.jortage.com; style-src 'self' https://toot.cat 'nonce-JVr2y0rpLkYiZiw1zFka7g=='; media-src 'self' data: https://toot.cat https://pool.jortage.com/tootcat/ https://blob.jortage.com; frame-src 'self' https:; manifest-src 'self' https://toot.cat; form-action 'self'; child-src 'self' blob: https://toot.cat; worker-src 'self' blob: https://toot.cat; connect-src 'self' data: blob: https://toot.cat https://pool.jortage.com/tootcat/ https://blob.jortage.com wss://toot.cat; script-src 'self' https://toot.cat 'wasm-unsafe-eval' 1
script-src  'self' https: 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes'; object-src 'none' 1
frame-ancestors 'self' *.conte.it; 1
frame-ancestors https://pi-ogp.coi.gov.pl; child-src https://pi-ogp.coi.gov.pl; 1
default-src * 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' 'strict-dynamic' data: blob:; connect-src *; font-src 'self' *.swaven.com *.static-swaven.com https://static.tacdn.com/css2/webfonts/TripAdvisor/; frame-src *; img-src * data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src-elem * 'unsafe-inline' data: blob:; style-src * 'unsafe-inline' 'unsafe-eval' data: blob:; style-src-elem * 'unsafe-inline' data: blob:; frame-ancestors * 1
default-src 'self' data: https: ; img-src 'self' data: https: *.gravatar.com *.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.pardot.com go.ascenderhcm.com *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net *.facebook.net snap.licdn.com *.hotjar.com *.crazyegg.com *.fontawesome.com *.addthis.com ct.capterra.com *.cookielaw.org bat.bing.com *.clarity.ms ajax.aspnetcdn.com *.jquery.com cdnjs.cloudflare.com marketingops.ceridian.ca 818-kgd-727.mktoweb.com   *.addthisedge.com  *.moatads.com go.ceridian.com go.dayforce.com;style-src 'self' 'unsafe-inline' https: fonts.googleapis.com; font-src 'self' data: https: fonts.googleapis.com themes.googleusercontent.com; connect-src 'self' data: https: go.ascenderhcm.com *.pardot.com 818-kgd-727.mktoweb.com go.ceridian.com go.dayforce.com marketingops.ceridian.ca https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com; frame-src 'self' *.ascenderhcm.com *.pardot.com 818-kgd-727.mktoweb.com go.ceridian.com go.dayforce.com *.facebook.com *.facebook.net marketingops.ceridian.ca *.youtube.com *.hotjar.com *.doubleclick.net *.addthis.com *.zscalertwo.net *.addthisedge.com  *.moatads.com 1
frame-ancestors 'self' wacoal-america.com:* *.wacoal-america.com:* *.scene7.com *.bazaarvoice.com *.wacoal-america.com www.wacoal-america.com *.doubleclick.net *.google.com *.klaviyo.com *.visualwebsiteoptimizer.com *.cloudfront.net amazonaws.com *.segment.com fw-cdn.com *.segment.io *.freshchat.com *.fwusercontent.com *.sizer.me acsbap.com *.acsbapp.com acsbapp.com *.ipify.org *.dwin1.com *.narrativ.com *.five9.com *.facebook.net *.mountain.com *.adsrvr.org *.rcrsv.io *.flashtalking.com data: *.facebook.com *.goodwaygroup.com *.komen.org *.eum-appdynamics.com *.taboola.com;         frame-src 'self' wacoal-america.com:* *.wacoal-america.com:* *.scene7.com *.bazaarvoice.com *.wacoal-america.com www.wacoal-america.com *.doubleclick.net *.google.com *.klaviyo.com *.visualwebsiteoptimizer.com *.cloudfront.net amazonaws.com *.segment.com fw-cdn.com *.segment.io *.freshchat.com *.fwusercontent.com *.sizer.me acsbap.com *.acsbapp.com acsbapp.com *.ipify.org *.dwin1.com *.narrativ.com *.five9.com *.facebook.net *.mountain.com *.adsrvr.org *.rcrsv.io *.flashtalking.com data: *.facebook.com *.goodwaygroup.com *.komen.org *.eum-appdynamics.com *.taboola.com;         default-src 'self' wacoal-america.com:* *.wacoal-america.com:* *.scene7.com *.bazaarvoice.com *.wacoal-america.com www.wacoal-america.com *.doubleclick.net *.google.com *.klaviyo.com *.visualwebsiteoptimizer.com *.cloudfront.net amazonaws.com *.segment.com fw-cdn.com *.segment.io *.freshchat.com *.fwusercontent.com *.sizer.me acsbap.com *.acsbapp.com acsbapp.com *.ipify.org *.dwin1.com *.narrativ.com *.five9.com *.facebook.net *.mountain.com *.adsrvr.org *.rcrsv.io *.flashtalking.com data: *.facebook.com *.goodwaygroup.com *.komen.org *.eum-appdynamics.com *.taboola.com;         child-src 'self' wacoal-america.com:* *.wacoal-america.com:* *.scene7.com *.bazaarvoice.com *.wacoal-america.com www.wacoal-america.com *.doubleclick.net *.google.com *.klaviyo.com *.visualwebsiteoptimizer.com *.cloudfront.net amazonaws.com *.segment.com fw-cdn.com *.segment.io *.freshchat.com *.fwusercontent.com *.sizer.me acsbap.com *.acsbapp.com acsbapp.com *.ipify.org *.dwin1.com *.narrativ.com *.five9.com *.facebook.net *.mountain.com *.adsrvr.org *.rcrsv.io *.flashtalking.com data: *.facebook.com *.goodwaygroup.com *.komen.org *.eum-appdynamics.com *.taboola.com;         script-src 'self' wacoal-america.com:* *.wacoal-america.com:* *.googleapis.com *.googletagmanager.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.scene7.com *.bazaarvoice.com *.wacoal-america.com www.wacoal-america.com *.doubleclick.net *.google.com *.klaviyo.com *.visualwebsiteoptimizer.com *.cloudfront.net amazonaws.com *.segment.com fw-cdn.com *.segment.io *.freshchat.com *.fwusercontent.com *.sizer.me acsbap.com *.acsbapp.com acsbapp.com *.ipify.org *.dwin1.com *.narrativ.com *.five9.com *.facebook.net *.mountain.com *.adsrvr.org *.rcrsv.io *.flashtalking.com data: *.facebook.com *.goodwaygroup.com *.komen.org *.eum-appdynamics.com *.taboola.com;         connect-src 'self' wacoal-america.com:* *.wacoal-america.com:* *.googleapis.com *.googletagmanager.com *.google-analytics.com *.scene7.com *.bazaarvoice.com *.wacoal-america.com www.wacoal-america.com *.doubleclick.net *.google.com *.klaviyo.com *.visualwebsiteoptimizer.com *.cloudfront.net amazonaws.com *.segment.com fw-cdn.com *.segment.io *.freshchat.com *.fwusercontent.com *.sizer.me acsbap.com *.acsbapp.com acsbapp.com *.ipify.org *.dwin1.com *.narrativ.com *.five9.com *.facebook.net *.mountain.com *.adsrvr.org *.rcrsv.io *.flashtalking.com data: *.facebook.com *.goodwaygroup.com *.komen.org *.eum-appdynamics.com *.taboola.com;         style-src 'self' wacoal-america.com:* *.wacoal-america.com:* *.googleapis.com *.googletagmanager.com 'unsafe-inline' *.scene7.com *.bazaarvoice.com *.wacoal-america.com www.wacoal-america.com *.doubleclick.net *.google.com *.klaviyo.com *.visualwebsiteoptimizer.com *.cloudfront.net amazonaws.com *.segment.com fw-cdn.com *.segment.io *.freshchat.com *.fwusercontent.com *.sizer.me acsbap.com *.acsbapp.com acsbapp.com *.ipify.org *.dwin1.com *.narrativ.com *.five9.com *.facebook.net *.mountain.com *.adsrvr.org *.rcrsv.io *.flashtalking.com data: *.facebook.com *.goodwaygroup.com *.komen.org *.eum-appdynamics.com *.taboola.com;         font-src 'self' wacoal-america.com:* *.wacoal-america.com:* *.gstatic.com *.scene7.com *.bazaarvoice.com *.wacoal-america.com www.wacoal-america.com *.doubleclick.net *.google.com *.klaviyo.com *.visualwebsiteoptimizer.com *.cloudfront.net amazonaws.com *.segment.com fw-cdn.com *.segment.io *.freshchat.com *.fwusercontent.com *.sizer.me acsbap.com *.acsbapp.com acsbapp.com *.ipify.org *.dwin1.com *.narrativ.com *.five9.com *.facebook.net *.mountain.com *.adsrvr.org *.rcrsv.io *.flashtalking.com data: *.facebook.com *.goodwaygroup.com *.komen.org *.eum-appdynamics.com *.taboola.com;         img-src 'self' wacoal-america.com:* *.wacoal-america.com:* *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com data: *.scene7.com *.bazaarvoice.com *.wacoal-america.com www.wacoal-america.com *.doubleclick.net *.google.com *.klaviyo.com *.visualwebsiteoptimizer.com *.cloudfront.net amazonaws.com *.segment.com fw-cdn.com *.segment.io *.freshchat.com *.fwusercontent.com *.sizer.me acsbap.com *.acsbapp.com acsbapp.com *.ipify.org *.dwin1.com *.narrativ.com *.five9.com *.facebook.net *.mountain.com *.adsrvr.org *.rcrsv.io *.flashtalking.com data: *.facebook.com *.goodwaygroup.com *.komen.org *.eum-appdynamics.com *.taboola.com; media-src 'self' blob: wacoal-america.com:* *.wacoal-america.com *.scene7.com; 1
frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self'; form-action not-configured-host www.kosmos.de payment.unzer.com www.sofort.com sbx-payment.heidelpay.com youtu.be youtube.com www.youtube.com komoot.de www.komoot.de www.yumpu.com play.google.com franz-zwerschina.itch.io fragkosmos.zendesk.com apps.apple.com  kosmos-prod.netformic.cloud noctis-spiele.de cms.kosmos.de 'self' 1
upgrade-insecure-requests; frame-ancestors 'self' analytics.google.com analytics.webtrends.com secure.minorhotels.com *.anantara.com *.anantara.com.cn *.avanihotels.com *.avanihotels.com.cn *.naladhu.com *.oakshotels.com *.niyama.com world.nh-hotels.com *.naladhu.com.cn *.niyama.com.cn *.nhhotels.com.cn *.telerain.com:* 1
default-src 'self'; img-src 'self' data: https://app.h3z.jp/ https://media.h3z.jp/ https://log-ana.h3z.jp/ https://ul.h3z.jp/ https://hm-nrm.h3z.jp/ https://thumb.h3z.jp/ https://basercms.net/img/ https://www.abuseipdb.com/contributor/ https://embed.twentyuno.net/qr/ https://codoc.jp/; style-src 'self' 'unsafe-inline' https://app.h3z.jp/ https://media.h3z.jp/  https://codoc.jp/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.h3z.jp/ https://media.h3z.jp/ https://log-ana.h3z.jp/ https://webfont.fontplus.jp/ https://challenges.cloudflare.com/ https://static.cloudflareinsights.com/ https://codoc.jp/; font-src 'self' https://media.h3z.jp/ https://webfont.fontplus.jp/ https://s3-ap-northeast-1.amazonaws.com/fp-bf/; child-src 'self' https://app.h3z.jp/ https://counter.h3z.jp/ https://knowledge.h3z.jp/ https://webfont.fontplus.jp/ https://challenges.cloudflare.com/ https://embed.music.apple.com/; connect-src 'self' https://log-ana.h3z.jp/ https://webfont.fontplus.jp/ https://cloudflareinsights.com/ https://embed.twentyuno.net/invoice  https://codoc.jp/; 1
default-src 'self' www.google.com chat.chatra.io www.facebook.com www.google-analytics.com stats.g.doubleclick.net api.mailbluster.com www.youtube.com static.addtoany.com; connect-src 'self' t.firstpromoter.com cdn.linkedin.oribi.io *.linkedin.com www.facebook.com api.mailbluster.com www.google-analytics.com analytics.google.com  *.cookieyes.com cdn-cookieyes.com stats.g.doubleclick.net yoast.com; font-src 'self' fonts.gstatic.com data:; img-src * 'self' data:; script-src 'unsafe-inline' 'self' 'unsafe-eval' cdn.firstpromoter.com snap.licdn.com www.google.com www.gstatic.com cdnjs.cloudflare.com connect.facebook.net call.chatra.io www.google-analytics.com cdn-cookieyes.com www.googletagmanager.com b.sf-syn.com assets.capterra.com static.addtoany.com emailoctopus.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' static.addtoany.com fonts.googleapis.com www.gstatic.com emailoctopus.com; object-src 'none'; frame-ancestors 'self'; form-action 'self' www.facebook.com; frame-src 'self' td.doubleclick.net chat.chatra.io www.youtube.com www.google.com; worker-src blob: 'self' 1
default-src 'self' *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.google.com *.facebook.com *.facebook.net *.bing.com *.clarity.ms *.doubleclick.net *.wistia.com js.intercomcdn.com; style-src 'self' 'unsafe-inline'; connect-src 'self' wss: *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.google.com *.wistia.com *.facebook.com *.facebook.net *.bing.com *.clarity.ms *.doubleclick.net *.intercom.io *.hsappstatic.net *.hubspot.com *.paperlesspipeline.com; img-src 'self' data: *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.bing.com *.wistia.com *.clarity.ms *.hsappstatic.net *.hubspot.com; script-src 'self' 'unsafe-inline' www.facebook.com connect.facebook.net www.google.com stats.g *.doubleclick.net *.wistia.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com widget.intercom.io js.intercomcdn.com api-iam.intercom.io *.paperlesspipeline.com bat.bing.com *.clarity.ms *.hsappstatic.net *.hubspot.com; frame-src 'self' *.hsappstatic.net *.hubspot.com *.facebook.com *.doubleclick.net *.wistia.com; 1
frame-ancestors 'self' app.pendo.io https://datamma.guides.nelnet.com  *.home-c73.niceincontact.com home-c73.niceincontact.com:* 1
frame-ancestors 'self' *.shortlyst.com *.baileys.com; 1
default-src 'self';script-src 'nonce-f130d25b-1340-4fd7-8d2f-ea9cdc9ff842' 'strict-dynamic' https://*.google.com https://*.google.com.au https://*.google-analytics.com https://*.split.io https://pagead2.googlesyndication.com https://*.awswaf.com https://*.brainfi.sh https://assets.customer.io https://code.gist.build https://eu.customerioforms.com https://www.googleadservices.com https://googleads.g.doubleclick.net;style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://www.googletagmanager.com/ https://fonts.googleapis.com/ *.freshchat.com https://code.gist.build;img-src 'self' data: https://res.cloudinary.com/madpaws/image/ http://mtc.qantas.com/ https://smtc.qantas.com/ https://pagead2.googlesyndication.com https://fonts.gstatic.com/s/i/ https://www.googletagmanager.com/ https://api.mapbox.com/ https://unpkg.com/ https://track-eu.customer.io https://*.google.com https://*.google.com.au https://bat.bing.com;font-src 'self' https://script.hotjar.com https://fonts.gstatic.com/;connect-src 'self' https://o53414.ingest.sentry.io/api/5833079/ https://cdn.segment.com/v1/projects/ https://api.segment.io/v1/ https://in.au1.segmentapis.com/v1/ https://staging-api.madpaws.com.au/api/v1/ https://test-api.madpaws.com.au/api/v1/ https://api.madpaws.com.au/api/v1/ https://api-js.mixpanel.com/track/ http://dpm.demdex.net/ http://qantasairways.tt.omtrdc.net/m2/ https://bam.nr-data.net/ https://api.trafficguard.ai/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com https://*.google.com.au https://*.google-analytics.com https://pagead2.googlesyndication.com https://*.awswaf.com https://*.split.io https://*.brainfi.sh https://track-eu.customer.io https://eu.customerioforms.com` https://*.api.gist.build https://*.cloud.gist.build https://bat.bing.com;base-uri 'self';frame-ancestors 'none';frame-src *.freshchat.com https://qantas.demdex.net/ http://fast.qantas.demdex.net/ https://accounts.google.com/ https://www.google.com https://renderer.gist.build https://code.gist.build https://bid.g.doubleclick.net https://td.doubleclick.net 1
frame-ancestors https://vpai.pxb7.com 1
default-src 'none'; base-uri 'self'; form-action 'none'; img-src 'self' data:; script-src 'self' 'unsafe-eval' 'sha256-XzTveO0B6IM8YRqAkdroV+PrFE4zaHt0A4z5uQ9CwzI='; style-src 'self' 'unsafe-inline'; font-src 'self'; worker-src 'self'; object-src 'self'; media-src 'self'; frame-ancestors 'none'; manifest-src 'self'; connect-src 'self' * 1
script-src data: blob: 'unsafe-inline' 'unsafe-eval' *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytecdn.cn *.snssdk.com *.qq.com *.ulikecam.com *.jsdelivr.net *.bytedance.net *.bytednsdoc.com *.bytescm.com *.bytegoofy.com *.yhgfb-cn-static.com *.ibytedapm.com;report-uri https://i.snssdk.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=ulike_activity 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' fonts.googleapis.com *.spencerfane.com pi.pardot.com; script-src-elem 'self' 'unsafe-inline' fonts.googleapis.com *.spencerfane.com pi.pardot.com; script-src-attr 'self' fonts.googleapis.com *.spencerfane.com pi.pardot.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: secure.gravatar.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com 1
object-src 'none'; script-src 'self' 'unsafe-inline' snap.licdn.com public.tableau.com googletagmanager.com google-analytics.com linkedin.com *.linkedin.com *.hsforms.net *.hsforms.com cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://*.hs-scripts.com http://*.hs-scripts.com https://*.mouseflow.com https://*.googleoptimize.com https://*.hsadspixel.net https://*.hs-analytics.net/* https://*.hsleadflows.net https://*.hs-abanner.com https://*.hs-analytics.net https://js.hs-banner.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/ https://www.gstatic.com https://www.googleadservices.com https://tpc.googlesyndication.com web.cvent.com dev.visualwebsiteoptimizer.com https://js.hubspot.com/ https://cdn.jsdelivr.net; worker-src 'self' blob:; frame-ancestors 'self' snap.licdn.com public.tableau.com googletagmanager.com/* google-analytics.com linkedin.com *.linkedin.com *.hsforms.net *.hsforms.com cdnjs.cloudflare.com; report-uri https://www.chartis.com/report-uri/enforce 1
default-src 'none'; base-uri 'self'; form-action 'self'; img-src https: data:; font-src https: data:; script-src 'self' https://*.archieven.nl https://*.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://cdnjs.cloudflare.com https://vjs.zencdn.net https://unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; frame-src 'self' mailto: https:; media-src 'self' https:; connect-src 'self' https://*.archieven.nl https://*.google-analytics.com https://maps.googleapis.com; frame-ancestors 'self' https://*.archieven.nl https://www.lwl-medienzentrum.de https://www.erfgoedkloosterleven.nl http://archieven.groningermuseum.nl/; 1
default-src 'self' https://ssl.google-analytics.com/ https://www.google.com/analytics/ https://marketingplatform.google.com/about/analytics/ https://counter.yadro.ru/; font-src 'self' https://maxcdn.bootstrapcdn.com/ https://fonts.gstatic.com/; img-src 'self' https://mc.yandex.ru/clmap/ https://www.reklama-online.ru/ https://r-o.ru/ https://mc.yandex.ru/webvisor/15606835 https://s.r-o.ru/ data: https://*.userapi.com https://top-fwz1.mail.ru/tracker https://core-renderer-tiles.maps.yandex.net/ https://web.icq.com/whitepages/online https://status.icq.com/ https://api-maps.yandex.ru/ https://top-fwz1.mail.ru/counter https://counter.yadro.ru/hit https://ssl.google-analytics.com/ https://code-ya.jivosite.com/images/ https://code.jivo.ru/images/ https://mc.yandex.ru/metrika/ https://www.sostav.ru/images/ https://adindex.ru/ https://vk.com/emoji/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ajax/libs/iconify/ https://top-fwz1.mail.ru/js/ https://suggest-maps.yandex.ru/suggest-geo https://mc.yandex.ru/watch/ https://widget.flamp.ru/loader.js https://api.iconify.design/ https://code.iconify.design/ https://yastatic.net/ https://core-renderer-tiles.maps.yandex.net/tiles https://api-maps.yandex.ru/ https://mc.yandex.ru/metrika/tag.js https://top-fwz1.mail.ru/js/code.js https://ssl.google-analytics.com/ga.js https://code-ya.jivosite.com/ https://code.jivo.ru/; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ https://cdn.jsdelivr.net/gh/yegor256/tacit@gh-pages/tacit-css-1.7.1.min.css https://fonts.googleapis.com/ https://code-ya.jivosite.com/css/ https://code.jivo.ru/; connect-src 'self' https://api.simplesvg.com/ https://ssl.google-analytics.com/ https://api.iconify.design/ https://api.unisvg.com/ wss://*.jivo.ru/ https://*.jivo.ru/ wss://*.jivosite.com/cometcn https://mc.yandex.ru/ https://mc.yandex.md/ https://top-fwz1.mail.ru/counter https://top-fwz1.mail.ru/tracker https://*.jivosite.com; media-src https://code-ya.jivosite.com/sounds/ https://code.jivo.ru/sounds/; frame-src https://yandex.ru/ https://www.youtube.com/ https://widget.flamp.ru/ https://api-maps.yandex.ru/ 1
block-all-mixed-content; font-src 'self' fonts.gstatic.com www.wuv.de fonts.gstatic.com data:; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' addsearch.com cdn.ampproject.org open.scdn.co connect.facebook.net *.usercentrics.eu *.g.doubleclick.net *.getsitecontrol.com *.google.de *.google.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.instagram.com *.ioam.de *.opinary.com *.stry.tl *.twimg.com *.twitter.com *.wuv.de *.youtube.com *.ytimg.com *.tiktok.com *.tiktokcdn.com *.ibytedtos.com *.pinterest.com *.research.appinio.com *.ttwstatic.com *.adition.com *.scorecardresearch.com *.searchcdn.com *.teads.tv s0.2mdn.net *.wuv.de gdpr-tcfv2.sp-prod.net widget.perfectmarket.com *.flashtalking.com *.criteo.com *.adform.net *.vidible.tv *.doubleverify.com *.doubleclick.net bs.serving-sys.com static.aivdesk.com secure-ds.serving-sys.com ad.lkqd.net *.cloudflare.com *.adsafeprotected.com *.maximus.mobkoi.com *.celtra.com *.moatads.com sf16-scmcdn-sg.ibytedtos.com tags.crwdcntrl.net  *.vimeocdn.com; style-src 'self' 'unsafe-inline' *.addsearch.com fast.fonts.net *.googleapis.com *.stry.tl *.twitter.com *.wuv.de *.tiktok.com *.tiktokcdn.com *.ttwstatic.com *.cloudfront.net tagmanager.google.com *.wuv.de s1.adform.net static.aivdesk.com; worker-src blob: *.wuv.de 1
default-src 'none'; connect-src 'self' api.passwordpurgatory.com bloghelpers.troyhunt.com links.services.disqus.com syndication.twitter.com troyhunt.ghost.io *.google-analytics.com *.privacymanager.io; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src www.linkedin.com disqus.com c.disquscdn.com www.youtube.com player.vimeo.com twitter.com platform.twitter.com syndication.twitter.com omny.fm pastebin.com www.google.com; img-src 'self' c.disquscdn.com referrer.disqus.com syndication.twitter.com platform.twitter.com www.gravatar.com *.twimg.com data:; script-src 'self' passwordpurgatory.com c.disquscdn.com disqus.com troyhunt.disqus.com cdnjs.cloudflare.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com gist.github.com/troyhunt/ cdn.jsdelivr.net/ghost/ www.googletagmanager.com *.privacymanager.io www.google.com www.gstatic.com static.cloudflareinsights.com 'sha256-26FfYB0WAsKHsnA92jxqaHCDCNo7MV3NrLe1wgLwuI4=' 'sha256-4JqPqO/eQLWuWw1AE7dCvI9hPwiBcw0gy7uoLqS0ncg='; style-src 'self' 'unsafe-inline' c.disquscdn.com cdnjs.cloudflare.com platform.twitter.com ton.twimg.com assets-cdn.github.com github.githubassets.com fonts.googleapis.com; form-action *.twitter.com; media-src 'self'; prefetch-src 'self' c.disquscdn.com disqus.com; frame-ancestors 'self' troyhunt.ghost.io; upgrade-insecure-requests; report-uri https://troyhunt.report-uri.com/r/d/csp/enforce 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://static.criteo.net https://*.criteo.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://*.contentsquare.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.mygeekbox.de https://m.mygeekbox.de https://checkout.mygeekbox.de https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://www.csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.google.de https://google.de https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
connect-src 'self' https://maps.googleapis.com; default-src 'self'; font-src 'self' data:  https://use.fontawesome.com  https://fonts.gstatic.com  ; frame-src 'self' https://www.google.com  https://www.youtube.com  ; img-src 'self' data: https://secure.gravatar.com  https://wordpress.slimcd.com  https://s.w.org   ; script-src script-src 'self' 'unsafe-inline' data:  https://use.fontawesome.com  https://maps.google.com  https://www.google.com  https://www.gstatic.com  'unsafe-eval' ; script-src-elem script-src-elem 'self' 'unsafe-inline' https://use.fontawesome.com  https://maps.google.com  https://www.google.com  https://www.gstatic.com  ; style-src style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://use.fontawesome.com  ; style-src-elem style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com  https://use.fontawesome.com  ; 1
default-src 'none'; connect-src https://whatcomeducationalcreditunion.formstack.com *.googleapis.com *.herokuapp.com *.segment.com *.segment.io *.clarity.ms *.google.com *.doubleclick.net *.callrail.com vimeo.com *.qualtrics.com http://*.wecu.com *.google-analytics.com *.wecu.com *.silvercloudinc.com cdn.plyr.io *.siteimprove.net *.siteimprove.com *.stackadapt.com poshdevelopment.com api.poshdevelopment.com *.poshdevelopment.com 'self'; font-src data: *.signalintent.com *.formstack.com *.qualtrics.com fonts.gstatic.com 'self'; frame-src 'self' https://swivelpay.com *.swivelpay.com *.oaspapps.com *.baconpay.com *.poshdevelopment.com  *.five9.com *.doubleclick.net *.vimeo.com *.qualtrics.com google.com *.google.com *.wecu.com *.podbean.com *.fraudmap.net *.fraudmap-uat.net 'self' *.youtube.com *.duosecurity.com *.silvercloudinc.com *.mortgagewebcenter.com *.siteimprove.net *.siteimprove.com *.wecu-dev.com *.appdemostore.com; img-src data: *.printable.com *.amazonaws.com *.clarity.ms *.mantl.com *.simpli.fi *.stackadapt.com *.five9.com google.com *.google.com *.vimeocdn.com *.qualtrics.com *.gstatic.com *.siteimproveanalytics.io *.silvercloudinc.com facebook.com *.facebook.com *.googleusercontent.com *.youtube.com *.ytimg.com *.w.org http://*.wecu.com *.wecu.com *.googleapis.com *.mdhv.io *.ggpht.com maps.gstatic.com 'self' *.formstack.com *.doubleclick.net *.google-analytics.com; media-src 'self' *.qualtrics.com youtube.com; object-src *.qualtrics.com 'self'; script-src 'unsafe-eval' 'unsafe-inline' *.signalintent.com *.jsdelivr.net *.clarity.ms *.segment.com *.poshdevelopment.com api.poshdevelopment.com poshdevelopment.com *.mantl.com *.ipify.org *.stackadapt.com *.oaspapps.com *.microsoft.com *.baconpay.com *.doubleclick.net *.mymarketingreports.com *.five9.com *.callrail.com *.googleadservices.com *.vimeo.com tagmanager.google.com siteimproveanalytics.com *.msecnd.net *.qualtrics.com *.facebook.net *.googletagmanager.com *.aspnetcdn.com *.wecu.com *.youtube.com *.cloudflare.com *.cloudflare.net *.googleapis.com *.fraudmap-uat.net *.fraudmap.net *.siteimprove.net *.simpli.fi *.siteimprove.net maps.googleapis.com s.ytimg.com 'self' *.formstack.com *.bugherd.com *.google-analytics.com *.silvercloudinc.com dni.trumeasure.com connect.facebook.net google.com *.google.com gstatic.com *.gstatic.com bat.bing.com; style-src  *.wecu.com *.stackadapt.com *.googletagmanager.com *.five9.com *.qualtrics.com *.callrail.com *.googleadservices.com tagmanager.google.com *.silvercloudinc.com *.googleapis.com 'unsafe-inline' 'self' *.formstack.com *.cloudflare.net/* *.cloudfront.net *.cloudfront.com *.appdemostore.com *.poshdevelopment.com api.poshdevelopment.com poshdevelopment.com cdn.mantl.com mantl.com *.signalintent.com *.jsdelivr.net *.segment.com *.fonts.gstatic.com *.fonts.googleapis.com *.googleapis.com *.maps.googleapis.com *.whatcomeducationalcreditunion.formstack.com 1
default-src 'self'; style-src 'self'; script-src 'self' 1
default-src 'self' https://webcache-eu.datareporter.eu; script-src 'self' 'nonce-MGgT1ErC7ISjv70YSqCqtz3cHWIDGQenV33l_2U2vYwTkBC0_faJjw' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://webcache-eu.datareporter.eu https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleusercontent.com https://sybos.ooelfv.at https://*.zamg.at https://*.unwetterzentrale.de https://*.uwz.at https://*.ooe.gv.at; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://pegelalarm.at https://*.ooe.gv.at; style-src-elem 'self' 'nonce-MGgT1ErC7ISjv70YSqCqtz3cHWIDGQenV33l_2U2vYwTkBC0_faJjw' https://webcache-eu.datareporter.eu https://fonts.googleapis.com 'report-sample'; connect-src 'self' https://swarmcrawler.datareporter.eu https://*.google-analytics.com https://maps.googleapis.com https://proxy.cld.cyber.house; script-src-elem 'self' 'nonce-MGgT1ErC7ISjv70YSqCqtz3cHWIDGQenV33l_2U2vYwTkBC0_faJjw' https://webcache-eu.datareporter.eu https://www.googletagmanager.com https://maps.googleapis.com 'report-sample'; font-src 'self' https://webcache-eu.datareporter.eu https://fonts.gstatic.com data:; frame-ancestors https://connected.rosenbauer.com 'self'; report-uri https://www.ooelfv.at/@http-reporting?csp=report&requestTime=1721957046061539 1
frame-ancestors 'self' *.wilcom.com 1
style-src https://www.paypal.com/ https://www.paypalobjects.com/ https://*.dev.paypalinc.com/ https://*.ctfassets.net/ 'unsafe-inline' 'self' https://*.s-xoom.com/ https://google.com/; base-uri 'self'; script-src https://www.paypalobjects.com/ https://*.dev.paypalinc.com/ 'nonce-90f2b1fa3d494d2dcd2140d13e17d636' 'self' https://*.googleadservices.com/ https://*.gstatic.com/ https://*.s-xoom.com/ https://*.segment.com/ https://www.googletagmanager.com/ https://*.online-metrix.net/ https://connect.facebook.net/ https://*.google-analytics.com/ https://*.cardinalcommerce.com/ https://*.mxpnl.com/ https://*.google.com/ https://bat.bing.com/ https://*.ctfassets.net/ https://iesnare.com/ https://*.braintreegateway.com/ https://*.googleapis.com/ https://*.doubleclick.net/ https://*.paypal.com/ 'unsafe-eval' https://www.recaptcha.net/ https://*.yodlee.com/ https://cdn.amplitude.com/ https://js-agent.newrelic.com/ https://bam-cell.nr-data.net/ https://www.datadoghq-browser-agent.com/;  form-action * paypal://remittance/link-paypal-account https://*.xoom.com/ https://*.paypal.com/; frame-src *; img-src 'self' data: https:; connect-src https://*.xoom.com/ 'self' https://*.google-analytics.com/ https://*.mixpanel.com/ https://*.cardinalcommerce.com/ https://*.google.com/ https://*.cloudfront.net/ https://*.braintreegateway.com/ https://*.googleapis.com/ wss://*.xoom.com/ https://*.doubleclick.net/ https://www.facebook.com/ https://*.segment.io/ https://*.segment.com/ https://*.paypal.com/ https://*.s-xoom.com/ https://*.online-metrix.net/ https://*.braintree-api.com/ https://www.paypalobjects.com/ https://*.preview.dev.paypalinc.com/ https://browser-intake-datadoghq.com/;  worker-src 'self'; object-src https://*.cardinalcommerce.com/ https://*.online-metrix.net/; media-src https://ssl.gstatic.com/; frame-ancestors https://*.salesforce.com/ https://*.paypal.com/ 'self'; font-src https://www.paypalobjects.com/ https://*.dev.paypalinc.com/ https://fonts.gstatic.com/ https://*.s3.amazonaws.com/ 'self' https://*.s-xoom.com/ https://fonts.googleapis.com/ data:; 1
frame-ancestors 'self' *.fontstand.com; 1
default-src 'none'; object-src 'none'; base-uri 'self'; worker-src 'none'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' tagmanager.google.com www.googleanalytics.com www.googleoptimize.com optimize.google.com static.ads-twitter.com www.youtube.com apis.google.com beacon-v2.helpscout.net cdn.cookielaw.org cdn.segment.com connect.facebook.net geoip-js.com js.stripe.com geoip-js.com script.hotjar.com snap.licdn.com static.hotjar.com www.googletagmanager.com cdn.ably.com cdn.builder.io cdn.branch.io app.link *.google-analytics.com fablecdn.net *.fablecdn.net unpkg.com analytics.tiktok.com www.redditstatic.com; style-src 'unsafe-inline' 'self' cdn.jsdelivr.net tagmanager.google.com www.googletagmanager.com fonts.googleapis.com optimize.google.com fablecdn.net *.fablecdn.net; connect-src 'self' wss: www.facebook.com api.staging.fable.co api.fable.co geolocation.onetrust.com geoip-js.com api.segment.io cdn.segment.com cdn.cookielaw.org graphql.contentful.com identitytoolkit.googleapis.com *.ingest.sentry.io securetoken.googleapis.com *.google-analytics.com *.hotjar.io https://*.hotjar.com wss://*.hotjar.com d3hb14vkzrxvla.cloudfront.net rest.ably.io internet-up.ably-realtime.com cdn.builder.io api2.branch.io *.doubleclick.net cdn.linkedin.oribi.io px.ads.linkedin.com us-central1-fable-backend.cloudfunctions.net wss://realtime.ably.io/* assets.ctfassets.net the-vale-dot-fable-recommender-api.uc.r.appspot.com multivac-dot-fable-recommender-api.uc.r.appspot.com multivac-testing-dot-fable-recommender-api.uc.r.appspot.com fablecdn.net *.fablecdn.net www.redditstatic.com conversions-config.reddit.com analytics.tiktok.com; font-src 'self' fonts.gstatic.com fablecdn.net *.fablecdn.net; frame-src 'self' optimize.google.com www.youtube.com fable-backend.firebaseapp.com js.stripe.com vars.hotjar.com www.facebook.com https://quiz.tryinteract.com; img-src 'self' https: data:; media-src 'self' cdn.fable.co cdn.builder.io fablecdn.net *.fablecdn.net; form-action 'self' www.facebook.com; manifest-src 'self' fablecdn.net *.fablecdn.net; report-uri https://us-central1-fable-backend.cloudfunctions.net/cspRateLimiter; 1
frame-ancestors 'self' https://lbhill1-dev.gosshosted.com https://activehousing.co.uk https://lbhill1-prp.gov.uk https://lbhill1-tst.gosshosted.com; report-to csp-endpoint; report-uri https://www.hillingdon.gov.uk/csp-reports; 1
frame-ancestors 'self' https://*.drfuhrman.com; report-uri /csp-report.ashx 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' *.lytics.io feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com cdn.cookielaw.org connect.facebook.net cdn.segment.com pghub.io *.lytics.io feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' *.ctfassets.net feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' consumersupport.pg.com *.doubleclick.net www.youtube-nocookie.com *.jebbit.com feed.pghub.io pandg.tapad.com ; img-src 'self' data: *.ctfassets.net www.google.cz *.tapad.com *.doubleclick.net www.facebook.com *.lytics.io cdn.cookielaw.org feed.pghub.io ; connect-src 'self' *.segment.com *.segment.io cdn.cookielaw.org *.adsrvr.org region1.analytics.google.com *.doubleclick.net *.algolia.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src 'self'; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' data: https://connect.facebook.net/ https://www.facebook.com/ https://region1.google-analytics.com/ https://www.youtube.com/ https://region1.analytics.google.com/ https://ajax.cloudflare.com/ https://api.ipify.org/ https://ipapi.co/ https://privacy-proxy.usercentrics.eu/ https://privacy-proxy-server.usercentrics.eu/ https://googleads.g.doubleclick.net/ https://uct.service.usercentrics.eu/ https://consent-api.service.consent.usercentrics.eu/ https://app.usercentrics.eu/ https://privacy-proxy.usercentrics.eu/latest/uc-block.bundle.js https://www.youtube.com/api/stats/atr https://www.youtube.com/iframe_api https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://region1.analytics.google.com/ https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://www.gstatic.com/ https://www.googleadservices.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://www.youtube.com/s/player/704f0391/www-widgetapi.vflset/www-widgetapi.js https://play.google.com/log https://www.youtube.com/youtubei/v1/log_event https://snap.licdn.com/li.lms-analytics/insight.min.js https://tragwerksplanung.rib-software.com/ https://static.elfsight.com/platform/platform.js https://universe-static.elfsightcdn.com/ ; style-src 'unsafe-inline' 'report-sample' 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' data: https://www.facebook.com/ https://connect.facebook.net/ https://aggregator.service.usercentrics.eu/ https://px.ads.linkedin.com/ https://region1.google-analytics.com/ https://ipapi.co/ https://googleads.g.doubleclick.net/ https://region1.analytics.google.com/ https://core.service.elfsight.com/ https://ipapi.co/ https://ipapi.co/49.43.97.126/json/ https://api.ipify.org/ https://ipapi.co/49.43.97.0/json/ https://graphql.usercentrics.eu/graphql https://privacy-proxy.usercentrics.eu https://consent-api.service.consent.usercentrics.eu/ https://app.usercentrics.eu/ https://privacy-proxy.usercentrics.eu/ https://uct.service.usercentrics.eu/ https://privacy-proxy-server.usercentrics.eu/latest/uc-block.bundle.js https://www.youtube.com/api/stats/atr https://www.youtube.com/iframe_api https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://www.gstatic.com/ https://www.googleadservices.com/ htt ps://code.jquery.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://api.usercentrics.eu/ https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com https://play.google.com/log https://www.youtube.com/youtubei/v1/log_event https://snap.licdn.com/li.lms-analytics/insight.min.js https://tragwerksplanung.rib-software.com/; font-src 'self' data: https://fonts.gstatic.com https://www.youtube.com/s/player/704f0391/www-widgetapi.vflset/www-widgetapi.js; frame-src 'self' data: https://api.ipify.org/ https://td.doubleclick.net/ https://www.byggeweb.dk/ https://app.usercentrics.eu/ https://region1.analytics.google.com/ https://go.rib-software.com/ https://tragwerksplanung.rib-software.com/ https://www.rib-tragwerksplanung.com/ https://player.vimeo.com/ https://bid.g.doubleclick.net/ https://www.google.com https://www.youtube.com https://go.dach.data.rib-software.com/; img-src 'self' data: https://www.facebook.com/ https://connect.facebook.net/ https://analytics.google.com/ https://i.ytimg.com/ https://px4.ads.linkedin.com/ https://www.google.de/ads/ga-audiences https://secure.gravatar.com/ https://region1.analytics.google.com/ https://googleads.g.doubleclick.net/ https://uct.service.usercentrics.eu/ https://www.google.co.in/ads/ga-audiences https://app.usercentrics.eu/ https://privacy-proxy-server.usercentrics.eu/ https://api.iconify.design/ https://googleads.g.doubleclick.net/ https://i.vimeocdn.com/ https://www.linkedin.com/ https://px.ads.linkedin.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; report-uri https://65f14453bc57ae1120bf6fd9.endpoint.csper.io/?v=1; 1
default-src 'self' *.crazyegg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cloudinary.com *.cloudinary.com www.googletagmanager.com www.google-analytics.com *.google.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net stackpath.bootstrapcdn.com app-ab12.marketo.com snap.licdn.com connect.facebook.net munchkin.marketo.net consent.cookiebot.com vidassets.terminus.services googleads.g.doubleclick.net radar.cedexis.com www.googleadservices.com maps.googleapis.com *.fastcdn.co *.instapage.com *.instapagemetrics.com *.redditstatic.com *.gstatic.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com *.6sc.co ml314.com tags.srv.stackadapt.com *.convertexperiments.com *.infinigrow.com cdn.debugbear.com; script-src-elem 'self' 'unsafe-inline' cloudinary.com *.cloudinary.com code.jquery.com cdn.jsdelivr.net stackpath.bootstrapcdn.com www.googletagmanager.com www.google-analytics.com *.google.com cdn.omniconvert.com unpkg.com app-ab12.marketo.com snap.licdn.com connect.facebook.net munchkin.marketo.net consent.cookiebot.com vidassets.terminus.services googleads.g.doubleclick.net radar.cedexis.com www.googleadservices.com maps.googleapis.com *.fastcdn.co *.instapage.com *.instapagemetrics.com *.redditstatic.com *.gstatic.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com ml314.com *.6sc.co bat.bing.com static.ads-twitter.com www.clarity.ms tags.srv.stackadapt.com app.omniconvert.com web.omniconvert.com *.convertexperiments.com *.infinigrow.com ddzuuyx7zj81k.cloudfront.net dss6ntp5q2r0o.cloudfront.net cdnjs.cloudflare.com cdn.debugbear.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net unpkg.com app-ab12.marketo.com *.google.com *.cloudinary.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com tags.srv.stackadapt.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net unpkg.com app-ab12.marketo.com *.google.com *.cloudinary.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com tags.srv.stackadapt.com; img-src 'self' data: cloudinary.com *.cloudinary.com *.google.com www.google-analytics.com secure.gravatar.com match.adsrvr.org wec-assets.terminus.services wec-assets-api.terminus.services px.ads.linkedin.com *.google.ca *.facebook.com benchmark.1e100cdn.net *.cedexis-test.com cedexis.pc.cdn.bitgravity.com ptcfc.com ubiquity.cedexis.us-east-1.prod.endpoints.ubiquity.aws.a2z.com media-akam.licdn.com *.citrix-itm-test.com ubiquity.cedexis.eu-west-1.prod.endpoints.ubiquity.aws.a2z.com direct.cedexis.us-east-1.prod.endpoints.ubiquity.aws.a2z.com a-cedexis.msedge.net 20059b.ha.azioncdn.net *.cedexis.fastlylb.net test.cedexis.gamma.endpoints.ubiquity.aws.a2z.com *.cdnvideo.ru essl-cdxs.edgekey.net direct.cedexis.ap-northeast-1.prod.endpoints.ubiquity.aws.a2z.com *.endpoints.ubiquity.aws.a2z.com level3ssl.optimicdn.com img-cedexis.mncdn.com cedexis-ssl.cdn.warpcache.net linkedin.com *.adsymptotic.com *.google.com www.googleapis.com *.gstatic.com maps.googleapis.com *.citrix.com cldmo.mo.cloudinary.net www.googletagmanager.com *.fastcdn.co *.instapage.com px4.ads.linkedin.com alb.reddit.com *.crazyegg.com *.mozilla.org *.imagecon.com script.mocky.com b.6sc.co bat.bing.com t.co analytics.twitter.com *.clarity.ms *.convertexperiments.com *.bing.com; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com use.typekit.net bat.bing.com t.co analytics.twitter.com *.wp.com; connect-src 'self' cloudinary.com *.cloudinary.com www.google-analytics.com *.doubleclick.net api.lever.co *.mktoresp.com *.init.cedexis-radar.net *.cedexis.com *.facebook.com a-cedexis.msedge.net *.cedexis.fastlylb.net *.netlify.app *.instapage.com *.instapagemetrics.com *.crazyegg.com script.mocky.com mocky.com *.google.com secure.adnxs.com c.6sc.co ipv6.6sc.co *.clarity.ms bat.bing.com tags.srv.stackadapt.com app.omniconvert.com *.convertexperiments.com *.linkedin.com *.cookiebot.com *.infinigrow.com data.debugbear.com; media-src 'self' cloudinary.com *.cloudinary.com blob:; worker-src 'self' blob:; frame-src stackblitz.com *.productboard.com *.google.com jobs.lever.co app-ab12.marketo.com business.facebook.com consentcdn.cookiebot.com *.facebook.com *.cedexis-test.com cedexis.pc.cdn.bitgravity.com *.citrix-itm-test.com 20059b.ha.azioncdn.net essl-cdxs.edgekey.net *.cloudinary.com bid.g.doubleclick.net *.twitter.com cloudinary.com *.youtube.com *.driftt.com *.crazyegg.com *.wp.com; object-src 'none' 1
default-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://mycliplister.com  https://*.mycliplister.com  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://sponsoring-dk.de  https://lokalekammerater-dk.de  https://lidl-danmark-ks.campaign.playable.com  https://lidl-danmark-ks.leadfamly.com  data:  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://ws.fk.dk  https://*.adyen.com  https://sponsoring-dk.de  https://lokalekammerater-dk.de  https://lidl-danmark-ks.campaign.playable.com  https://lidl-danmark-ks.leadfamly.com; img-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.mycliplister.com  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.googleadservices.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.creativecdn.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://c1.adform.net  https://ce.lijit.com  https://criteo-partners.tremorhub.com  https://*.teads.tv  https://dpm.demdex.net  https://e1.emxdgt.com  https://eb2.3lift.com  https://exchange.mediavine.com  https://hb.yahoo.net  https://id5-sync.com  https://jadserve.postrelease.com  https://matching.ivitrack.com  https://pixel.rubiconproject.com  https://*.casalemedia.com  https://sync-criteo.ads.yieldmo.com  https://sync.1rx.io  https://rt.udmserve.net  https://ssc-cms.33across.com  https://ads.yieldmo.com  https://s.seedtag.com  https://sync.go.sonobi.com  https://fast.nexx360.io  https://*.upe.schwarz  'unsafe-inline'  https://*.adyen.com  data:; object-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'; script-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.googleadservices.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.os.uk *.silktide.com *.cloudflare.com *.jsdelivr.net unpkg.com *.googleapis.com *.google.com siteimproveanalytics.com www.googletagmanager.com www.google-analytics.com cdn.siteimprove.net *.recruitmentplatform.com wbb-chat-plugin.webuildbots.ai *.gstatic.com *.livechatinc.com *.somerset.gov.uk *.euw2.pure.cloud *.astuntechnology.com uicdn.toast.com; style-src 'self' 'unsafe-inline' *.os.uk *.cloudflare.com *.jsdelivr.net unpkg.com *.googleapis.com *.google.com use.fontawesome.com wbb-chat-plugin.webuildbots.ai *.gstatic.com *.livechatinc.com *.somerset.gov.uk *.euw2.pure.cloud *.astuntechnology.com uicdn.toast.com; media-src 'self' *.somerset.gov.uk *.euw2.pure.cloud; frame-ancestors *.euw2.pure.cloud; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.googleadservices.com *.hotjar.com *.klaviyo.com  *.termageddon.com *.hsappstatic.net *.vimeo.com connect.facebook.net *.fontawesome.com www.google-analytics.com *.clarity.ms snap.licdn.com cdn4.mxpnl.com *.g.doubleclick.net www.googletagmanager.com js.hsforms.net s7.addthis.com boards.greenhouse.io www.googleoptimize.com static.addtoany.com *.tiqcdn.com cdn.jsdelivr.net js.hs-scripts.com www.google.com *.cdnma.com www.gstatic.com js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net *.apollo.io; style-src 'self' 'unsafe-inline' *.termageddon.com *.klaviyo.com *.fontawesome.com *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; img-src 'self' data: s.w.org ps.w.org px4.ads.linkedin.com cdn.jsdelivr.net *.gstatic.com *.fontawesome.com *.clarity.ms *.gravatar.com www.glassdoor.com *.hubspot.com *.hsforms.com *.doubleclick.net www.google.com px.ads.linkedin.com www.facebook.com *.bing.com www.google-analytics.com www.googletagmanager.com; font-src 'self' data: cdn.jsdelivr.net *.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com *.hubspot.com *.vimeo.com *.hsforms.com www.facebook.com td.doubleclick.net www.google.com static.addtoany.com; connect-src 'self' aplo-evnt.com *.hotjar.com wss://ws.hotjar.com *.hotjar.io  *.ads.linkedin.com *.klaviyo.com *.termageddon.com collect.tealiumiq.com forms.hscollectedforms.net www.google-analytics.com *.doubleclick.net *.clarity.ms pagead2.googlesyndication.com *.google.com api-js.mixpanel.com forms.hsforms.com *.amazonaws.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.authorize.net *.ckeditor.com *.geonetric.com *.google.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.usablenet.com *.loyalhealth.com *.newrelic.com *.adsrvr.org *.in.applicationinsights.azure.com; report-uri /report-csp-violation 1
default-src * 'unsafe-eval' 'unsafe-inline' blob: data: ; frame-src *; frame-ancestors 'self' https://*.googleapis.com https://*.gameandfishmag.com http://*.gameandfishmag.com https://*.androidplatform.net https://*.twixlmedia.com/ http://*.twixlmedia.com https://us.content.twixlmedia.com https://*.akamaized.net http://*.akamaized.net https://*.osgnetworks.tv file://* filesystem:; 1
default-src https: 'self' data: http://devwebservices.loyals.nl; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline'; report-uri /csp-reports 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'nonce-YLmjGDM8ILcWD74p8xb3nw=='; style-src 'self' https: 'nonce-YLmjGDM8ILcWD74p8xb3nw==' 1
frame-ancestors 'self' *.mathworks.com feedads.baidu.com *.mwcloudtest.com mathworks--uat.sandbox.my.site.com mathworks--dev2.sandbox.my.site.com mathworks--dev1.sandbox.my.site.com mathworks--test3.sandbox.my.site.com mathworks--mangesha.sandbox.my.site.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vline.com.au https://*.vline.com.au https://connect.facebook.net https://platform.twitter.com https://maps.googleapis.com https://*.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://google-analytics.com https://*.google-analytics.com https://www.googletagmanager.com https://crazyegg.com https://*.crazyegg.com https://youtube.com https://*.youtube.com https://cdn.jsdelivr.net https://i.ytimg.com https://hotjar.com https://*.hotjar.com https://vline.secure.whispir.com https://secure.quantserve.com https://rules.quantcount.com https://code.jquery.com https://www.google.com; form-action 'self' https://vline.com.au https://*.vline.com.au https://createsend.com https://*.facebook.net https://*.twitter.com; 1
frame-ancestors 'self' *.northcarolina.edu; 1
default-src * 'unsafe-eval' 'unsafe-inline' 'unsafe-dynamic' data: filesystem: about: blob: ws: wss 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.analytics.google.com https://*.awin1.com https://*.bazaarvoice.com https://*.braintree-api.com https://*.braintreegateway.com https://*.btttag.com https://*.criteo.com https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.kampyle.com https://*.medallia.com https://*.paypal.com https://*.truefitcorp.com https://*.wepowerconnections.com https://*.zenaps.com https://adservice.google.com https://analytics.google.com https://apis.google.com https://assets.adobedtm.com https://bat.bing.com https://careers.lululemon.com https://cdn.cookielaw.org https://cdn.cquotient.com https://cdn.honey.io https://cdn.quantummetric.com https://ingest.quantummetric.com https://cdnjs.cloudflare.com https://challenges.cloudflare.com https://cm.g.doubleclick.net https://connect.facebook.net https://ct.pinterest.com https://d38xvr37kwwhcm.cloudfront.net https://dpm.demdex.net https://e.cquotient.com https://external.quantummetric.com https://fonts.googleapis.com https://geolocation.onetrust.com https://globalstaticassets.lululemon.com https://google.com https://googleads.g.doubleclick.net https://images.lululemon.com https://intljs.rmtag.com https://ln-rules.rewardstyle.com https://lululemon.quiq-api.com https://lululemonathleticacanadainc.demdex.net https://lululemoninternational-app.quantummetric.com https://lululemoninternational.quantummetric.com https://lululemonusa.tt.omtrdc.net https://maps.googleapis.com https://mpsnare.iesnare.com https://p.cquotient.com https://pay.google.com https://privacyportal.onetrust.com https://r.cquotient.com https://s.pinimg.com https://s7mbrstream.scene7.com https://sc-static.net https://scripts.agilone.com https://smetrics.lululemon.es https://sslwidget.criteo.com https://static.cloudflareinsights.com https://static.criteo.com https://static.criteo.net https://stats.g.doubleclick.net https://tag.rmp.rakuten.com https://tez.google.com https://the.sciencebehindecommerce.com https://tpc.googlesyndication.com https://tr.snapchat.com https://translate.google.com https://v2.waitwhile.com https://widget.as.criteo.com https://www.bing.com https://www.cloudflare.com https://www.dwin1.com https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.lululemon.co.uk https://www.lululemon.es https://www.paypalobjects.com https://*.browser-intake-datadoghq.com https://www.datadoghq-browser-agent.com https://analytics.tiktok.com https://tr6.snapchat.com https://lantern.roeyecdn.com https://pagead2.googlesyndication.com https://sc-static.net https://tr-shadow.snapchat.com https://pixel.tapad.com https://ingesteu.quantummetric.com https://shop.lululemon.com wss://lululemoninternational.quantummetric.com wss://mpsnare.iesnare.com; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; img-src * 'self' data: https:; font-src * 'self' data: https:; block-all-mixed-content; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.nz; img-src 'self' https: data: blob: https://mastodon.nz; style-src 'self' https://mastodon.nz 'nonce-Xq3C6p4wGvUmCJI4PqpCOw=='; media-src 'self' https: data: https://mastodon.nz; frame-src 'self' https:; manifest-src 'self' https://mastodon.nz; form-action 'self'; child-src 'self' blob: https://mastodon.nz; worker-src 'self' blob: https://mastodon.nz; connect-src 'self' data: blob: https://mastodon.nz https://mastodon.nz wss://mastodon.nz; script-src 'self' https://mastodon.nz 'wasm-unsafe-eval' 1
frame-ancestors 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval'   https://w53.net.espci.fr/ https://stats.espci.fr/ https://espci.fr/;  style-src 'self' 'unsafe-inline' https://www.espci.fr/   https://w53.net.espci.fr/ https://espci.fr/;  img-src 'self' blob: https://www.espci.fr/ https://espci.fr/   https://w53.net.espci.fr/ https://stats.espci.fr/    https://i.ytimg.com https://espci.fr/;  font-src 'self';  connect-src 'self' https://stats.espci.fr/ https://vip.espci.fr/ https://vip2.espci.fr/;  prefetch-src 'self';  media-src 'self';  object-src 'self' https://haltools.archives-ouvertes.fr/;  plugin-types application/pdf text/html;  frame-src 'self' https://v.calameo.com/ https://www.canal-u.tv/  https://www.dailymotion.com/ https://www.scoop.it/ https://www.youtube.com/  https://player.vimeo.com/ https://openstreetmap.org/ https://moodle.espci.fr/  https://www.openstreetmap.org/ https://openlayers.org/ https://widgets.figshare.com/;  default-src 'self' 1
default-src https: blob: data: ws: wss: 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; frame-ancestors 'self'; base-uri 'self'; 1
frame-ancestors 'self' https://*.fdj.fr; 1
frame-ancestors 'self' https://*.bild.de http://*.bild.de https://*.meinestadt.de http://*.meinestadt.de https://*.schoener-wohnen.de http://*.schoener-wohnen.de https://*.stern.de http://*.stern.de https://*.handelsblatt.com http://*.handelsblatt.com https://*.spiegel.de http://*.spiegel.de https://*.sueddeutsche.de http://*.sueddeutsche.de https://*.tagesspiegel.de http://*.tagesspiegel.de https://*.wiwo.de http://*.wiwo.de https://*.homeday.de http://*.homeday.de https://*.homeday.dev http://*.homeday.dev https://localhost:* http://localhost:*; 1
upgrade-insecure-requests; frame-ancestors https:; 1
default-src 'self' http: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.addthisedge.com *.moatads.com *.addthis.com *.marketo.com munchkin.marketo.net *.strtrade.com *.jquery.com *.googleapis.com *.googleadservices.com *.googletagmanager.com *.google.com *.gstatic.com *.google-analytics.com connect.facebook.net *.doubleclick.net *.cloudflare.com *.libsyn.com; style-src 'self' 'unsafe-inline' *.google.com *.marketo.com *.libsyn.com *.strtrade.com *.googleapis.com *.cloudflare.com;font-src 'self' data: 'unsafe-inline' *.gstatic.com; img-src 'self' * data: *.googletagmanager.com; frame-src 'self' *.addthis.com *.marketo.com *.libsyn.com *.strtrade.com *.facebook.com *.doubleclick.net *.vimeo.com *.youtube.com *.cookiebot.com *.gstatic.com *.google.com; form-action 'self'; base-uri 'self'; connect-src 'self' *.addthis.com *.marketo.com *.mktoresp.com *.libsyn.com *.sentry.io *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.googleapis.com; frame-ancestors 'self'; object-src 'self' 1
default-src 'self'; font-src 'self' fonts.gstatic.com; media-src 'self' *.consumerfinance.gov; img-src 'self' *.consumerfinance.gov www.ecfr.gov s3.amazonaws.com img.youtube.com *.google-analytics.com *.googletagmanager.com optimize.google.com api.mapbox.com *.tiles.mapbox.com blob: data: www.gravatar.com *.qualtrics.com *.mouseflow.com i.ytimg.com; frame-src 'self' *.consumerfinance.gov *.googletagmanager.com *.google-analytics.com *.googleoptimize.com optimize.google.com www.youtube.com *.qualtrics.com mailto:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.consumerfinance.gov dap.digitalgov.gov *.googleanalytics.com *.google-analytics.com *.googletagmanager.com *.googleoptimize.com optimize.google.com api.mapbox.com js-agent.newrelic.com bam.nr-data.net gov-bam.nr-data.net *.youtube.com *.ytimg.com *.mouseflow.com *.geo.census.gov about: www.federalregister.gov *.qualtrics.com; connect-src 'self' *.consumerfinance.gov *.google-analytics.com *.googleoptimize.com *.tiles.mapbox.com api.mapbox.com bam.nr-data.net gov-bam.nr-data.net s3.amazonaws.com public.govdelivery.com n2.mouseflow.com *.qualtrics.com raw.githubusercontent.com; style-src 'self' 'unsafe-inline' *.consumerfinance.gov *.googletagmanager.com optimize.google.com fonts.googleapis.com api.mapbox.com 1
base-uri 'self'; connect-src 'self' *.g2crowd.com *.mutinyhq.com *.mutinyhq.io *.mutinycdn.com https://*.clearbit.com https://*.algolianet.com https://*.algolia.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.6sc.co https://*.chilipiper.com https://*.mktoresp.com https://*.contextly.com https://*.context.ly https://*.adnxs.com https://*.6sense.com https://app.calconic.com https://bat.bing.com *.cookieyes.com cdn-cookieyes.com  https://ipv6.6sc.co https://*.doubleclick.net *.marketlinc.com https://ws.zoominfo.com https://*.salesloft.com https://ws-assets.zoominfo.com https://js.zi-scripts.com https://www.google-analytics.com *.googlesyndication.com *.linkedin.com *.google.com https://google.com; default-src 'self'; font-src 'self' https://*.google.com https://fonts.gstatic.com https://*.hotjar.com *.context.ly https://*.wp.com https://*.mutinycdn.com; frame-src 'self' https://*.google.com https://*.recruiterbox.com https://*.chilipiper.com https://*.vimeo.com https://get.chronus.com https://js.driftt.com https://widget.drift.com https://bid.g.doubleclick.net https://*.doubleclick.net https://*.youtube-nocookie.com https://*.youtube.com; frame-ancestors 'self' https://app.mutinyhq.com; img-src 'self' data: *.mutinycdn.com *.mutinyhq.io https://*.gstatic.com *.twitter.com *.context.ly *.gravatar.com https://*.chilipiper.com https://*.vimeocdn.com https://ps.w.org/ https://*.hotjar.com https://*.linkedin.com cdn-cookieyes.com https://b.6sc.co https://bat.bing.com https://cdn.bizibly.com https://cdn.bizible.com https://cdn.chronus.com https://get.chronus.com https://px.ads.linkedin.com https://*.recruiterbox.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://js.driftt.com; object-src 'none'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://1d5ef9e9369608f625a8-878b10192d4a956595449977ade9187d.ssl.cf2.rackcdn.com/ctk.js https://*.algolianet.com https://*.vimeo.com https://*.gstatic.com https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js https://*.clearbitscripts.com https://*.clearbitjs.com  https://*.context.ly https://*.chilipiper.com https://bat.bing.com cdn-cookieyes.com https://cdn.bizible.com https://cdn.calconic.com *.marketlinc.com *.mutinycdn.com https://*.salesloft.com https://get.chronus.com https://googleads.g.doubleclick.net https://j.6sc.co https://*.adnxs.com https://js.driftt.com https://widget.drift.com https://munchkin.marketo.net https://*.hotjar.com https://snap.licdn.com https://tracking.g2crowd.com https://*.recruiterbox.com https://ws.zoominfo.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com; style-src 'report-sample' 'unsafe-inline' 'self' https://*.googletagmanager.com https://fonts.googleapis.com https://*.hotjar.com https://get.chronus.com https://*.recruiterbox.com; worker-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://cc.cdn.civiccomputing.com https://assets.buzzsprout.com https://www.buzzsprout.com https://maps.googleapis.com https://maps.google.com https://www.google.com https://analytics.rubensteintech.com https://www.google-analytics.com https://use.typekit.net https://p.typekit.net https://www.googletagmanager.com https://maps.gstatic.com https://www.gstatic.com https://snap.licdn.com https://www.linkedin.com https://static.ads-twitter.com https://px.ads.linkedin.com https://analytics.twitter.com https://platform.twitter.com https://connect.facebook.net https://www.facebook.com https://www.youtube.com https://s.ytimg.com https://cdn.plyr.io https://cse.google.com https://siteimproveanalytics.com https://player.vimeo.com https://ssl.p.jwpcdn.com https://s7.addthis.com ; frame-src https://www.buzzsprout.com https://www.facebook.com https://platform.twitter.com https://www.youtube.com https://cdn.plyr.io https://t.co https://cdn.yoshki.com https://player.vimeo.com 'self' https://*.google.com; connect-src 'self' https://apikeys.civiccomputing.com https://analytics.twitter.com https://cdn.plyr.io https://cse.google.com https://maps.googleapis.com https://vimeo.com https://analytics.google.com https://google-analytics.com https://*.analytics.google.com https://*.google-analytics.com https://www.facebook.com/tr/ https://cdn.linkedin.oribi.io https://analytics.rubensteintech.com https://clapi.civiccomputing.com https://stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maps.googleapis.com https://www.google.com https://cloud.typography.com https://use.typekit.net https://hello.myfonts.net https://platform.twitter.com https://assets.buzzsprout.com https://ssl.p.jwpcdn.com ; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://use.typekit.net https://p.typekit.net https://ssl.p.jwpcdn.com data: ; img-src 'self' https://maps.googleapis.com https://maps.gstatic.com https://assets.buzzsprout.com https://www.buzzsprout.com https://www.google-analytics.com https://analytics.google.com https://google-analytics.com https://*.analytics.google.com https://*.google-analytics.com https://*.siteimproveanalytics.io https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://p.typekit.net https://t.co https://analytics.twitter.com data:; form-action 'self' https://www.facebook.com; child-src https://www.facebook.com https://staticxx.facebook.com https://platform.twitter.com; object-src 'none'; 1
default-src 'self' data: webcommon.easyweddings.com.au player.vimeo.com td.doubleclick.net js.stripe.com www.google.com player-widget.mixcloud.com w.soundcloud.com my.matterport.com cdn.landbot.io fonts.gstatic.com easyweddings-framework-v5.s3.amazonaws.com prod-easyweddings-framework-v6.s3.amazonaws.com pro.fontawesome.com cdnjs.cloudflare.com v5-cdn.easyweddings.com v6-cdn.easyweddings.com bid.g.doubleclick.net *.facebook.com www.youtube.com youtu.be *.vimeo.com wistia.com fonts.gstatic.com static.helloumi.com *.firebaseio.com webcommon.easyweddings.com.au;connect-src 'self' google.com analytics.google.com *.facebook.net *.googletagmanager.com https://*.sendbird.com wss://*.sendbird.com *.cookiefirst.com pagead2.googlesyndication.com stripe.com bam.nr-data.net api.hubapi.com www.google.com forms.hscollectedforms.net graph.facebook.com n2.mouseflow.com api.easyweddings.com.au webapi.easyweddings.com.au maps.googleapis.com *.facebook.com stats.g.doubleclick.net www.google-analytics.com api.hubspot.com forms.hubspot.com bid.g.doubleclick.net *.landbot.io *.firebaseio.com wss://*.firebaseio.com *.googleapis.com; style-src 'self' 'unsafe-inline' blob: webcommon.easyweddings.com.au code.jquery.com cdn.landbot.io pro.fontawesome.com cdnjs.cloudflare.com v5-cdn.easyweddings.com v6-cdn.easyweddings.com fonts.googleapis.com *.cookiefirst.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: script.hotjar.com static.hotjar.com consent.cookiefirst.com bam.nr-data.net js-agent.newrelic.com js.hsadspixel.net js.stripe.com servedbyadbutler.com www.gstatic.com cdn.mouseflow.com ajax.googleapis.com cdnjs.cloudflare.com maps.googleapis.com connect.facebook.net v5-cdn.easyweddings.com v6-cdn.easyweddings.com googleads.g.doubleclick.net www.googletagmanager.com www.googleadservices.com js.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com js.usemessages.com www.google-analytics.com www.googletagmanager.com cdn.landbot.io *.firebaseio.com www.google.com;img-src 'self' data: blob: https://*.amazonaws.com https://*.sendbird.com hotelmedia.s3.amazonaws.com assets-destwed.easyweddings.com contentdw.easyweddings.com *.cookiefirst.com i.vimeocdn.com supplier-images.s3.amazonaws.com www.googletagmanager.com forms.hscollectedforms.net servedbyadbutler.com assets.easyweddings.com.au v4-cdn-consolidation.easyweddings.com.au prod-ew-image-global-v2.s3.amazonaws.com maps.gstatic.com easyweddings-framework-v4.s3.amazonaws.com googleads.g.doubleclick.net maps.googleapis.com easyweddings-framework-v5.s3.amazonaws.com prod-easyweddings-framework-v6.s3.amazonaws.com images-cdn.easyweddings.com.au ew-image-global.s3.amazonaws.com images.easyweddings.com.au easyweddings-framework.s3.amazonaws.com v5-cdn.easyweddings.com v6-cdn.easyweddings.com forms.hsforms.com www.google-analytics.com www.google.com www.google.com.au track.hubspot.com storage.googleapis.com wedding-website-images.s3.amazonaws.com assets.easyweddings.com *.facebook.com cdn.hotelplanner.com; 1
default-src 'self' https: data: wss://api.smooch.io/faye ; script-src 'self' http://*.googletagmanager.com http://static.klaviyo.com 'unsafe-eval' 'unsafe-inline' blob: https:; child-src lume.com https://mywallet.deals/ https://enrollnow.vip/ https://join.mywallet.deals/ https://pixel.sitescout.com https://www.googletagmanager.com https://servedby.flashtalking.com https://www.youtube.com https://lmsmsg1.com https://itslme.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https:; font-src 'self' https://*.typekit.net data: https: ; img-src 'self' https://images.dutchie.com https://s3-us-west-2.amazonaws.com https://images.contentstack.io https://ad.ipredictive.com https://clickserv.sitescout.com https://maps.gstatic.com/ https://www.google-analytics.com https://www.googletagmanager.com/ https://pixel.sitescout.com https://i.ytimg.com/ https://raw.githubusercontent.com https://t.co https://analytics.twitter.com https://lumehelp.zendesk.com https://p23.zdusercontent.com https://media.smooch.io/ data:; 1
frame-ancestors https://builder.io 1
object-src 'self'; block-all-mixed-content; frame-ancestors 'self' secpoint.com *.secpoint.com; 1
upgrade-insecure-requests; default-src 'self' https: data: 'unsafe-inline' 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.ubembed.com https://px.ads.linkedin.com https://inlinemanual.com *.inlinemanual.com *.px.ads.linkedin.com *.googleadservices.com *.calendly.com *.clickcease.com *.jsdelivr.net *.ub-analytics.com *.jquery.com *.clarity.ms *.googlesyndication.com *.debounce.io *.unbounce.com *.d1wbjksx0xxdn3.cloudfront.net *.cloudfront.net *.interactivecalculator.com *.doubleclick.net *.oribi.io *.linkedin.com *.intercomcdn.com *.intercom.io *.zoominfo.com *.vimeocdn.com *.licdn.com *.bing.com *.googleoptimize.com *.google-analytics.com *.googletagmanager.com *.fontawesome.com *.googleoptimize.com *.googleapis.com https://apis.google.com/js/api.js *.google.com *.gstatic.com *.wpenginepowered.com; connect-src 'self' https://*.ubembed.com *.clickcease.com *.ub-analytics.com *.linkedin.com *.clarity.ms *.celayix.com *.cloudfront.net *.googlesyndication.com *.intercom.io *.interactivecalculator.com *.debounce.io *.oribi.io *.wpengine.com *.google-analytics.com *.bing.com *.zoominfo.com *.google.ca *.fontawesome.com *.doubleclick.net *.amazonaws.com *.googleapis.com *.wpenginepowered.com https://google.com *.google.com *.gstatic.com wss://*.intercom.io wss://*.wpengine.com; frame-src 'self' data: https://*.ubembed.com https://intercom-sheets.com *.doubleclick.net https://calendly.com *.calendly.com *.youtube.com *.googlesyndication.com *.microsoft.com *.vimeo.com *.google.com; img-src 'self' https://px.ads.linkedin.com *.vimeocdn.com *.webflow.com *.doubleclick.net *.unbounce.com *.intercomassets.com *.intercomcdn.com *.clarity.ms *.gravatar.com *.windows.net *.linkedin.com *.googlesyndication.com *.google-analytics.com *.cloudfront.net *.debounce.io *.intercom.io *.bing.com *.googletagmanager.com *.smushcdn.com *.wpenginepowered.com data: *.googleapis.com *.gstatic.com *.google.com *.google.ca *.amazonaws.com data:; media-src 'self' data: *.intercomcdn.com; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.fontawesome.com *.googlesyndication.com *.unbounce.com *.ub-assets.com *.googletagmanager.com *.wpenginepowered.com https://fonts.googleapis.com blob:; font-src 'self' *.googlesyndication.com *.wpenginepowered.com *.intercomcdn.com *.ub-assets.com *.fontawesome.com https://fonts.gstatic.com data:; 1
upgrade-insecure-requests; base-uri 'self' https://wa.vinnova.se https://vinnova.matomo.cloud/ https://cdn.matomo.cloud; default-src 'self' https://www.youtube.com/; font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ https://wa.vinnova.se/plugins/Morpheus/fonts/ data: https://vinnova.matomo.cloud/plugins/Morpheus/fonts/ https://vinnova.matomo.cloud/plugins/AbTesting/libs/abtestingicons/fonts/abtestingicons.woff%0a script.hotjar.com/; style-src 'self' https://fonts.googleapis.com/ https://dl.episerver.net/13.4.4.1/ https://wa.vinnova.se/plugins/Overlay/client/client.css https://wa.vinnova.se/index.php 'unsafe-inline' https://vinnova.matomo.cloud/index.php; img-src 'self' https://www.google-analytics.com/collect https://www.google.com/ads/ga-audiences https://www.google.se/ads/ga-audiences https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/maps/ https://img.youtube.com https://dl.episerver.net/13.4.4.1/ https://wa.vinnova.se https://i.vimeocdn.com/ data: https://vinnova.matomo.cloud/plugins/ survey-images.hotjar.com/surveys/logo/; script-src 'self' 'nonce-vvF+haM2tRW7RdbpSIkaEBl6azqM55B6wTd65+OF7iY=' https://maps.googleapis.com/ https://www.googletagmanager.com/ https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/ https://www.google-analytics.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ajax/libs/vanilla-lazyload/10.3.5/ https://dl.episerver.net/ http://cdn.datatables.net/ http://bartaz.github.io/ https://5p4rk13.com/ https://wa.vinnova.se/ https://wa.vinnova.se/ 'unsafe-inline' https://forms.apsisforms.com/ http://s3-eu-west-1.amazonaws.com/apsis-forms-published-settings-one/js/ *.apsisforms.com 'sha256-nxs4O/FRaYOijnK20DUrGLaf/7y3FWnuh4bwy5veH0E=' 'sha256-YuZ4FYOvNbGLtFSF2K1TCvG1I+qJVuVNEq8hZ/c6hvU=' http://platform.twitter.com/ https://polyfill.io/v3/polyfill.min.js https://static.entryscape.com https://vinnova.entryscape.net https://bam.nr-data.net https://js-agent.newrelic.com 'unsafe-eval' https://static.rekai.se/bd0a3abb.js 'self' https://vinnova.matomo.cloud https://cdn.matomo.cloud/ https://cdn.matomo.cloud/ 'unsafe-inline' static.hotjar.com script.hotjar.com vc.hotjar.io ws1.hotjar.com; frame-src 'self' https://www.youtube.com/ https://wa.vinnova.se https://player.vimeo.com/ https://vimeo.com/ https://html5-player.libsyn.com/ 'self' https://vars.hotjar.com/; child-src 'self' ; connect-src 'self' https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://www.google-analytics.com/j/collect https://stats.g.doubleclick.net/j/collect https://maps.googleapis.com/maps/api/geocode/ *.analytics.google.com/ https://wa.vinnova.se/matomo.php https://bam.nr-data.net https://vimeo.com/ https://www.livsmedelsverket.se/ https://jpi-urbaneurope.eu/ https://www.regeringen.se/ https://www.forskasverige.se/ https://ec.europa.eu/ https://www.eurekanetwork.org/ https://view.officeapps.live.com/ https://www.technopolis-group.com/ https://www.business-sweden.com/ http://www.diva-portal.org/ https://reglab.se/ https://cdn.sei.org/ https://pub.norden.org/ https://blogg.vinnova.se/ http://ratio.se/ https://www.kth.se/ https://nps.edu/ http://www.vaxtbaseratsverige.se/ https://view.rekai.se/view https://view.rekai.se/view/event https://predict.rekai.se/predict https://vinnova.matomo.cloud/ https://cdn.matomo.cloud/matomo.php surveystats.hotjar.io content.hotjar.io ask.hotjar.io in.hotjar.com wss://*.hotjar.com https://*.hotjar.com vc.hotjar.io/sessions/* metrics.hotjar.io; frame-ancestors 'self' https://wa.vinnova.se 'self' https://cdn.matomo.cloud; form-action 'self' ; object-src 'self' ; manifest-src 'self' ; media-src 'self' ; worker-src 'self' ; report-uri https://www.vinnova.se/cspreport 1
child-src 'self' https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.convertiv.com https://*.hotjar.com https://*.sitescout.com https://cataniaoils.com; connect-src 'self' 'unsafe-inline' https://*.akamaihd.net https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.company-target.com https://*.convertiv.com https://*.cookiebot.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.getelevar.com https://*.google-analytics.com https://*.google.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.klaviyo.com https://*.linkedin.com https://*.litix.io https://*.mktoresp.com https://*.mktoutil.com https://*.omappapi.com https://*.optimizely.com https://*.shopify.com https://*.wistia.com https://*.youtube.com https://cataniaoils.com https://cdn.linkedin.oribi.io https://maps.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com self wss://*.hotjar.com; default-src 'self' 'unsafe-inline' https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.convertiv.com https://*.getelevar.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.klaviyo.com https://*.shopify.com https://cataniaoils.com self; font-src 'self' data: https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.convertiv.com https://*.gstatic.com https://cataniaoils.com https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.convertiv.com https://*.cookiebot.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.hotjar.com/ https://*.instagram.com https://*.issuu.com https://*.klaviyo.com https://*.marketo.com https://*.shopify.com https://*.sitescout.com https://*.vimeo.com https://*.wistia.com/ https://*.youtube.com https://cataniaoils.com https://s-static.ak.facebook.com https://tagmanager.google.com; img-src 'self' data: https://*.adentifi.com https://*.adnxs.com https://*.adroll.com https://*.adsymptotic.com https://*.agkn.com https://*.akamaihd.net https://*.bidr.io https://*.bidswitch.net https://*.cardlytics.com https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.company-target.com https://*.convertiv.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.hr https://*.gravatar.com https://*.gstatic.com https://*.instagram.com https://*.klaviyo.com https://*.linkedin.com https://*.openx.net https://*.owneriq.net https://*.predictiveresponse.net https://*.reson8.com https://*.rlcdn.com https://*.shopify.com https://*.sitescout.com https://*.wistia.com https://*.wordpress.com https://*.wp.com https://*.yahoo.com https://*.youtube.com https://amps-production.imgix.net https://cataniaoils.com https://googleads.g.doubleclick.net https://img.youtube.com https://maps.googleapis.com https://storage.pardot.com https://www.googletagmanager.com self; media-src 'self' blob: data: file: https://*.akamaihd.net https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.convertiv.com https://*.wistia.com/ https://cataniaoils.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adnxs.com/ https://*.adroll.com https://*.ads-twitter.com https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.convertiv.com https://*.cookiebot.com https://*.crazyegg.com https://*.demandbase.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.getelevar.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.instagram.com https://*.jsdelivr.net https://*.klaviyo.com https://*.licdn.com https://*.marketo.com https://*.marketo.net https://*.optmnstr.com https://*.pardot.com https://*.pixel.ad https://*.predictiveresponse.net https://*.shopify.com https://*.twitter.com https://*.vimeo.com https://*.wistia.com https://cataniaoils.com https://connect.facebook.net https://tagmanager.google.com https://unpkg.com https://wistia.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com self; style-src 'self' 'unsafe-inline' https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.convertiv.com https://*.doubleclick.net https://*.facebook.com https://*.getelevar.com https://*.google-analytics.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gravatar.com https://*.jsdelivr.net https://*.klaviyo.com https://*.marketo.com https://*.shopify.com https://cataniaoils.com https://tagmanager.google.com self; worker-src 'self' blob: data: file: filesystem: https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.convertiv.com https://cataniaoils.com 1
object-src 'none'; base-uri 'none'; frame-ancestors 'self'; 1
default-src * data:; font-src * data:;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; frame-ancestors 'self' https://prenuvo.com 1
script-src 'self' 'unsafe-inline' browser-update.org platform.twitter.com https://*.googletagmanager.com www.google-analytics.com rum-static.pingdom.net https://tagmanager.google.com/debug assets.zendesk.com static.zdassets.com ekr.zdassets.com browser.sentry-cdn.com sentry.cloud.gov.au; object-src 'none'; frame-ancestors 'self'; worker-src 'self' blob: 1
default-src https://*.peacocktv.com; form-action https://*.force.com https://*.my.salesforce.com https://*.salesforce-sites.com https://tr.snapchat.com; font-src 'self' data: https://*.peacocktv.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.peacocktv.com https://core.spreedly.com https://browser.sentry-cdn.com https://*.salesforceliveagent.com https://*.force.com https://*.my.salesforce.com https://*.salesforce-sites.com https://*.optimizely.com https://nbcstreaming.sc.omtrdc.net https://connect.facebook.net https://static.ads-twitter.com https://analytics.twitter.com https://assets.adobedtm.com https://js.createsend1.com https://www.googletagmanager.com https://nbcuss.demdex.net https://jssdkcdns.mparticle.com https://www.google.com https://googleads.g.doubleclick.net https://platform.twitter.com https://www.googleadservices.com https://www.google-analytics.com https://t.contentsquare.net https://s.pinimg.com https://sc-static.net https://www.redditstatic.com https://analytics.tiktok.com https://pixelb.randi.adswizz.com https://imp.i305175.net https://www.ojrq.net https://logs-01.loggly.com https://peacock.sjv.io https://s0.ipstatp.com https://d.impactradius-event.com https://bid.g.doubleclick.net https://wsdk.rokt.com https://apps.rokt.com https://js.adsrvr.org https://insight.adsrvr.org https://cdn.cookielaw.org https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://bat.bing.com https://*.onetrust.com https://s.yimg.com https://sp.analytics.yahoo.com https://s.amazon-adsystem.com https://c.amazon-adsystem.com https://apps.rokt.com https://p.teads.tv https://a.teads.tv https://s8t.teads.tv https://tr.snapchat.com https://www.paypal.com https://www.clarity.ms https://ct.pinterest.com https://*.qualtrics.com https://client.px-cloud.net; connect-src 'self' localhost:* ws://localhost:* https://*.campaign.adobe.com https://*.peacocktv.com https://core.spreedly.com https://*.force.com https://*.salesforce.com https://*.my.salesforce.com https://*.salesforce-sites.com https://graph.facebook.com https://nbcuss.demdex.net https://identity.mparticle.com https://jssdks.mparticle.com https://createsend.com https://www.createsend.com https://www.facebook.com https://*.ott.sky.com https://sas-apm-prod.telemetry.nbcuott.com https://0d15692193ba43a8a9384fed500b3a1d.apm.us-east-1.aws.cloud.es.io https://sdk.iad-03.appboy.com https://sdk.iad-03.braze.com https://*.contentsquare.net https://*.optimizely.com https://ct.pinterest.com https://nbcstreaming.sc.omtrdc.net https://analytics.tiktok.com https://cdn.cookielaw.org https://*.onetrust.com https://bat.bing.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://tr.snapchat.com https://www.google-analytics.com https://imp.i305175.net https://analytics.twitter.com https://dpm.demdex.net https://ad.doubleclick.net https://s.yimg.com https://sp.analytics.yahoo.com https://s.amazon-adsystem.com https://c.amazon-adsystem.com https://t.teads.tv https://cm.teads.tv https://*.paypal.com https://api.ipify.org https://www.redditstatic.com https://analytics.pangle-ads.com https://*.analytics.google.com https://stats.g.doubleclick.net https://tr6.snapchat.com https://*.clarity.ms https://*.qualtrics.com https://collector-pxj0mh4met.px-cloud.net https://collector-pxj0mh4met.px-cdn.net https://b.px-cdn.net; img-src 'self' data: localhost:* https://peacocktv.com https://*.peacocktv.com https://t.co https://www.facebook.com https://nbcstreaming.sc.omtrdc.net https://www.google.com https://www.google.co.uk https://us-gmtdmp.mookie1.com https://www.google-analytics.com https://*.contentsquare.net https://stats.g.doubleclick.net https://s.pinimg.com https://sc-static.net https://www.redditstatic.com https://analytics.tiktok.com https://pixelb.randi.adswizz.com https://imp.i305175.net https://www.ojrq.net https://logs-01.loggly.com https://peacock.sjv.io https://d.agkn.com https://s0.ipstatp.com https://alb.reddit.com https://ct.pinterest.com https://business.topbuzz.com https://bid.g.doubleclick.net https://wsdk.rokt.com https://apps.rokt.com https://js.adsrvr.org https://insight.adsrvr.org https://cdn.cookielaw.org https://bat.bing.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://*.onetrust.com https://analytics.twitter.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://s.yimg.com https://sp.analytics.yahoo.com https://roost.nbcuni.com https://s.amazon-adsystem.com https://c.amazon-adsystem.com https://t.teads.tv https://cm.teads.tv https://a.teads.tv https://s8t.teads.tv https://www.paypalobjects.com https://*.scene7.com https://ad.doubleclick.net https://cm.everesttech.net https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.peacocktv.com https://*.force.com https://*.salesforce-sites.com https://*.my.salesforce.com https://cdn.cookielaw.org https://*.onetrust.com; media-src 'self' data: blob: localhost:* https://peacocktv.com https://*.peacocktv.com https://roost.nbcuni.com; frame-src https://core.spreedly.com https://*.peacocktv.com https://nbcuss.demdex.net https://*.force.com https://*.my.salesforce.com https://*.salesforce-sites.com https://tr.snapchat.com https://*.fls.doubleclick.net https://td.doubleclick.net https://imp.i305175.net https://bid.g.doubleclick.net https://wsdk.rokt.com https://apps.rokt.com https://js.adsrvr.org https://insight.adsrvr.org https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://peacockprincess22.creativezing.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://tr6.snapchat.com https://pinterest.com http://ct.pinterest.com https://match.adsrvr.org https://s.amazon-adsystem.com https://apps.rokt.com https://p.teads.tv https://a.teads.tv https://www.youtube.com https://*.paypal.com https://*.optimizely.com https://*.qualtrics.com https://open.spotify.com; block-all-mixed-content; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://api.mazemap.com https://www.google-analytics.com https://tags.tiqcdn.com https://visitor-service-ap-southeast-2.tealiumiq.com blob: 1
frame-ancestors 'self' socalcustaging.orb.alkamitech.com my.cusocal.org; 1
default-src 'self';  script-src 'self' 'unsafe-eval' 'unsafe-inline';  style-src 'self' 'unsafe-inline';  img-src 'self' blob: data:;  font-src 'self';  object-src 'none';  base-uri 'self';  form-action 'self';  frame-src https://buy.neocrypto.net https://*.neocrypto.net https://*.checkout.com;  frame-ancestors 'none';  upgrade-insecure-requests; 1
default-src https: data: wss://*.hotjar.com wss://*.intercom.io; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; 1
connect-src https://*.fcl.cloud wss://*.fcl.cloud https://*.flightcentre.com.au https://*.flightcentre.co.nz https://*.flightcentre.co.za https://*.flightcentre.ca https://*.flightcentre.co.uk https://*.fclmedia.com https://fcl-sydney-geo-7.ent.ap-southeast-2.aws.found.io https://*.launchdarkly.com https://*.optimizely.com *.nr-data.net https://*.fullstory.com https://*.google-analytics.com https://*.google.com https://*.google.com.au https://*.google.ca https://*.google.co.nz https://*.google.co.za https://*.google.co.uk https://*.evergage.com https://analytics.tiktok.com https://analytics.pangle-ads.com https://*.pinterest.com https://*.linkedin.com https://*.outbrain.com https://*.g.doubleclick.net https://wisepops.net https://*.wisepops.com https://*.feefo.com https://cdn.cookielaw.org https://developer.livehelpnow.net https://*.snapchat.com https://www.facebook.com https://bat.bing.com https://*.onetrust.com https://flightcentre.r-cubed.co.uk https://adservice.google.com https://www.google.com https://analytics.google.com https://www.googleadservices.com https://*.browser-intake-datadoghq.com https://*.criteo.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.com.au:*; font-src https: blob: data:; img-src https: blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.fcl.cloud https://*.flightcentre.com.au https://*.flightcentre.co.nz https://*.flightcentre.co.za https://*.flightcentre.ca https://*.flightcentre.co.uk https://www.googletagmanager.com https://*.google-analytics.com https://*.fullstory.com https://vxml4.plavxml.com https://*.nr-data.net https://*.usabilla.com http://*.usabilla.com https://*.newrelic.com https://d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com https://cdn.optimizely.com https://*.outbrain.com https://analytics.tiktok.com https://bat.bing.com https://cdn.abrankings.com https://connect.facebook.net https://edge.fullstory.com https://loader.wisepops.com https://wisepops.net https://s.pinimg.com https://snap.licdn.com https://googleads.g.doubleclick.net https://accounts.google.com https://*.pinterest.com https://*.evergage.com https://js.adsrvr.org https://static.criteo.net https://flightcentre-webchat.gotbot.co.za https://7226714.collect.igodigital.com https://cdn.pdst.fm https://*.hotjar.com https://tr.snapchat.com https://*.feefo.com https://koi-3qn5erhpry.marketingautomation.services https://cdn.jsdelivr.net https://*.stackla.com https://cdn.cookielaw.org https://sc-static.net https://developer.livehelpnow.net https://cdn.evgnet.com https://maps.googleapis.com https://sdk.joinsherpa.io https://cdn.wisepops.com https://*.quantserve.com https://*.livechatinc.com https://flightcentre.r-cubed.co.uk https://rules.quantcount.com https://*.criteo.com https://code.jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://register.feefo.com https://cdn.cookielaw.org; frame-ancestors 'self'; report-uri /api/csp_report; 1
report-uri /v1/csplog; block-all-mixed-content 1
default-src 'none'; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.calltrk.com https://*.callrail.com https://*.cloudflare.com https://*.jquery.com https://*.bootstrapcdn.com https://*.pagescdn.com https://*.optimizely.com https://*.amazonaws.com https://*.adobedtm.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.facebook.net https://*.googleadservices.com https://*.sitescdn.net https://*.livechatinc.com https://*.demdex.net https://*.addthis.com https://*.addthisedge.com https://*.pinterest.com https://*.en25.com https://*.datadoghq-browser-agent.com https://optimize.google.com https://*.rlets.com https://*.reachlocallivechat.com https://reachlocallivechat.com about://*.reachlocallivechat.com https://*.cloudfront.net https://*.cloudflareinsights.com https://*.broadly.com https://web-2-tel.com https://*.hotjar.com https://*.btttag.com https://*.bing.com https://*.doubleclick.net https://*.thinkingchat.com https://*.trendmicro.com http://*.trendmicro.com https://*.simpli.fi https://*.adsrvr.org https://*.yimg.com https://*.mypostcardmania.com https://*.adroll.com https://*.convertexperiments.com https://*.cloudfunctions.net https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai blob: https://*.web-2-tel.com https://*.graph.facebook.com https://*.facebook.com https://*.phluant.com https://*.stackadapt.com https://*.hereapi.com https://adservice.google.com https://*.here.com https://*.leadconnectorhq.com https://*.localiq.com https://*.milestoneinternet.com https://*.contractorcommerce.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.typekit.net https://*.jquery.com https://*.sitescdn.net https://optimize.google.com https://*.optimizely.com https://*.mrappliance.com https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai https://*.yellowmessenger.com https://*.jsdelivr.net https://*.leadconnectorhq.com https://*.milestoneinternet.com; object-src 'none'; connect-src https://*.calltrk.com https://*.callrail.com https://*.cloudflare.com https://*.googleapis.com https://*.pagescdn.com https://*.demdex.net https://*.livechatinc.com https://*.neighborly.com https://*.crownpeak.net https://*.addthis.com https://*.yext.com https://*.b2clogin.com https://*.dwyergroup.com https://*.broadly.com https://*.amazonaws.com https://*.google-analytics.com https://*.facebook.net  https://*.gannettdigital.com https://*.browser-intake-datadoghq.com https://optimize.google.com https://*.reachlocalservices.com https://*.rlets.com https://reachlocallivechat.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.hotjar.io/ wss://reachlocallivechat.com https://*.web-2-tel.com wss://*.hotjar.com https://*.simpli.fi https://*.nblyprod.com https://*.yimg.com https://*.mrappliance.com https://*.btttag.com https://*.doubleclick.net https://*.adroll.com https://*.convertexperiments.com https://*.cloudfunctions.net https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai blob: https://*.hereapi.com https://adservice.google.com https://*.leadconnectorhq.com https://*.milestoneinternet.com https://browser-intake-datadoghq.com https://*.facebook.com https://*.localiq.com https://*.stackadapt.com https://*.contractorcommerce.com; font-src https://*.cloudflare.com https://*.typekit.net https://*.gstatic.com https://*.googleapis.com https://optimize.google.com https://reachlocallivechat.com https://*.optimizely.com https://*.nblyprod.com https://*.mrappliance.com https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai https://*.jsdelivr.net https://*.leadconnectorhq.com https://*.milestoneinternet.com; frame-src https://*.cloudflare.com https://*.youtube.com https://*.livechatinc.com https://*.demdex.net/ https://*.addthis.com https://*.pagescdn.com https://*.amazonaws.com https://*.b2clogin.com https://optimize.google.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.adsrvr.org https://*.rlets.com https://*.broadly.com https://*.mrappliance.com https://*.facebook.com https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai https://*.web-2-tel.com https://*.leadconnectorhq.com https://*.milestoneinternet.com; media-src https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai https://*.leadconnectorhq.com https://*.milestoneinternet.com; worker-src https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai https://*.milestoneinternet.com blob: 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com/ https://foryou.redbeemedia.com/ https://pi.pardot.com/ https://www.google.com/ https://www.google-analytics.com/ https://unpkg.com/ https://code.jquery.com/ https://www.googletagmanager.com/ https://consent.cookiebot.com/ https://www.redbeemedia.com/ https://redbeemedia.com/ https://consentcdn.cookiebot.com 1
default-src 'self' https://*.aoshearman.com https://*.gedikeraksoy.com https://*.vercel-scripts.com https://*.sitecorecloud.io https://cdn.plyr.io https://*.onetrust.com/ https://px.ads.linkedin.com https://*.passle.net https://*.ytimg.com  https://*.youtube.com https://googleads.g.doubleclick.net/ https://*.siteimproveanalytics.io https://*.cloudflare.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.aoshearman.com https://*.gedikeraksoy.com https://*.vercel-scripts.com https://*.sitecorecloud.io https://cdn.plyr.io https://*.onetrust.com/ https://px.ads.linkedin.com https://*.passle.net https://*.ytimg.com  https://*.youtube.com https://googleads.g.doubleclick.net/ https://*.siteimproveanalytics.io https://feaasstatic.blob.core.windows.net/ https://siteimproveanalytics.com/ https://snap.licdn.com/ https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.allenovery.com flo.uri.sh https://*.ceros.com/ https://cdn.yoshki.com/;style-src 'self' 'unsafe-inline' https://*.aoshearman.com https://*.gedikeraksoy.com https://*.vercel-scripts.com https://*.sitecorecloud.io https://cdn.plyr.io https://*.onetrust.com/ https://px.ads.linkedin.com https://*.passle.net https://*.ytimg.com  https://*.youtube.com https://googleads.g.doubleclick.net/ https://*.siteimproveanalytics.io https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com;img-src 'self' blob: data: https://*.aoshearman.com https://*.gedikeraksoy.com https://*.vercel-scripts.com https://*.sitecorecloud.io https://cdn.plyr.io https://*.onetrust.com/ https://px.ads.linkedin.com https://*.passle.net https://*.ytimg.com  https://*.youtube.com https://googleads.g.doubleclick.net/ https://*.siteimproveanalytics.io https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com;font-src 'self' https://*.aoshearman.com https://*.gedikeraksoy.com https://*.vercel-scripts.com https://*.sitecorecloud.io https://cdn.plyr.io https://*.onetrust.com/ https://px.ads.linkedin.com https://*.cloudflare.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com;connect-src 'self' https://*.aoshearman.com https://*.gedikeraksoy.com https://*.vercel-scripts.com https://*.sitecorecloud.io https://cdn.plyr.io https://*.onetrust.com/ https://px.ads.linkedin.com https://noembed.com https://*.cloudflare.com https://www.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com;object-src 'none';base-uri 'self';form-action 'self';frame-src 'self' https://*.aoshearman.com https://*.gedikeraksoy.com https://*.allenovery.com flo.uri.sh https://*.ceros.com/ https://cdn.yoshki.com/ https://youtube.com https://www.youtube.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com;block-all-mixed-content;upgrade-insecure-requests; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-ibdsAttCv4e7K2RilNdo8w' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://cdn.consentmanager.net https://football.sportmail.ru *.google.ru *.google.com *.googlesyndication.com *.yandex.ru blob:;  script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adlooxtracking.ru *.adsafeprotected.com *.serving-sys.com *.serving-sys.ru *.weborama.fr *.weborama-tech.ru https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://*.consentmanager.net https://gum.criteo.com https://football.sportmail.ru *.googletagmanager.com connect.facebook.net *.google.ru *.google.com *.googlesyndication.com yandex.ru;  worker-src blob: 'self';  connect-src * wss: blob: data:;  font-src * data: blob:; frame-src * blob: 'self';  img-src * data: blob: about:;  media-src * data: blob:;  object-src *;  report-uri /csp/report; 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' blob: self localhost:* ws://localhost:* wss://rtm.kore.ai wss://ws.hotjar.com *.agkn.com *.adp.com *.adsrvr.org *.adxcel-ec2.com *.ads-twitter.com *.azurewebsites.net *.azure-api.net *.bing.com *.callrail.com *.cloudflare.com *.cloudfunctions.net *.contextweb.com *.ctfassets.net *.demdex.net *.doubleclick.net *.exelator.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.googleadservices.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inspiresleep.com *.ispot.tv *.kore.ai *.krxd.net *.mookie1.com *.osano.com *.pdst.fm *.pinimg.com *.pinterest.com *.quora.com *.reddit.com *.redditstatic.com *.rlcdn.com *.snapengage.com *.spotxchange.com *.stackadapt.com *.tapad.com *.tiktok.com *.twitter.com *.videoamp.com *.vimeo.com *.vimeocdn.com *.visualwebsiteoptimizer.com *.w55c.net *.youtube.com *.ytimg.com *.yahoo.com https://dlnwzkim0wron.cloudfront.net https://inspire-medpro-refresh-s150-10e71bef23e5.herokuapp.com https://inspire-refresh-dev-playground-2d8c36e60063.herokuapp.com https://inspire-refresh-medpro-preview-10150d06c9be.herokuapp.com https://inspire-refresh-s150-12807a1d1efb.herokuapp.com https://inspire-refresh-www-preview-7d8233390685.herokuapp.com https://inspiresleep.com https://t.co https://trkn.us https://vimeo.com http://cdn-4.convertexperiments.com/js/10047477-10048671.js https://app.contentful.com; script-src-elem 'unsafe-eval' 'unsafe-inline' self localhost:* ws://localhost:* wss://rtm.kore.ai wss://ws.hotjar.com *.agkn.com *.adp.com *.adsrvr.org *.adxcel-ec2.com *.ads-twitter.com *.azurewebsites.net *.azure-api.net *.bing.com *.callrail.com *.cloudflare.com *.cloudfunctions.net *.contextweb.com *.ctfassets.net *.demdex.net *.doubleclick.net *.exelator.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.googleadservices.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inspiresleep.com *.ispot.tv *.kore.ai *.krxd.net *.mookie1.com *.osano.com *.pdst.fm *.pinimg.com *.pinterest.com *.quora.com *.reddit.com *.redditstatic.com *.rlcdn.com *.snapengage.com *.spotxchange.com *.stackadapt.com *.tapad.com *.tiktok.com *.twitter.com *.videoamp.com *.vimeo.com *.vimeocdn.com *.visualwebsiteoptimizer.com *.w55c.net *.youtube.com *.ytimg.com *.yahoo.com https://dlnwzkim0wron.cloudfront.net https://inspire-medpro-refresh-s150-10e71bef23e5.herokuapp.com https://inspire-refresh-dev-playground-2d8c36e60063.herokuapp.com https://inspire-refresh-medpro-preview-10150d06c9be.herokuapp.com https://inspire-refresh-s150-12807a1d1efb.herokuapp.com https://inspire-refresh-www-preview-7d8233390685.herokuapp.com https://inspiresleep.com https://t.co https://trkn.us https://vimeo.com http://cdn-4.convertexperiments.com/js/10047477-10048671.js https://app.contentful.com; style-src 'unsafe-inline' self localhost:* ws://localhost:* wss://rtm.kore.ai wss://ws.hotjar.com *.agkn.com *.adp.com *.adsrvr.org *.adxcel-ec2.com *.ads-twitter.com *.azurewebsites.net *.azure-api.net *.bing.com *.callrail.com *.cloudflare.com *.cloudfunctions.net *.contextweb.com *.ctfassets.net *.demdex.net *.doubleclick.net *.exelator.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.googleadservices.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inspiresleep.com *.ispot.tv *.kore.ai *.krxd.net *.mookie1.com *.osano.com *.pdst.fm *.pinimg.com *.pinterest.com *.quora.com *.reddit.com *.redditstatic.com *.rlcdn.com *.snapengage.com *.spotxchange.com *.stackadapt.com *.tapad.com *.tiktok.com *.twitter.com *.videoamp.com *.vimeo.com *.vimeocdn.com *.visualwebsiteoptimizer.com *.w55c.net *.youtube.com *.ytimg.com *.yahoo.com https://dlnwzkim0wron.cloudfront.net https://inspire-medpro-refresh-s150-10e71bef23e5.herokuapp.com https://inspire-refresh-dev-playground-2d8c36e60063.herokuapp.com https://inspire-refresh-medpro-preview-10150d06c9be.herokuapp.com https://inspire-refresh-s150-12807a1d1efb.herokuapp.com https://inspire-refresh-www-preview-7d8233390685.herokuapp.com https://inspiresleep.com https://t.co https://trkn.us https://vimeo.com http://cdn-4.convertexperiments.com/js/10047477-10048671.js https://app.contentful.com; img-src 'self' blob: data: self localhost:* ws://localhost:* wss://rtm.kore.ai wss://ws.hotjar.com *.agkn.com *.adp.com *.adsrvr.org *.adxcel-ec2.com *.ads-twitter.com *.azurewebsites.net *.azure-api.net *.bing.com *.callrail.com *.cloudflare.com *.cloudfunctions.net *.contextweb.com *.ctfassets.net *.demdex.net *.doubleclick.net *.exelator.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.googleadservices.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inspiresleep.com *.ispot.tv *.kore.ai *.krxd.net *.mookie1.com *.osano.com *.pdst.fm *.pinimg.com *.pinterest.com *.quora.com *.reddit.com *.redditstatic.com *.rlcdn.com *.snapengage.com *.spotxchange.com *.stackadapt.com *.tapad.com *.tiktok.com *.twitter.com *.videoamp.com *.vimeo.com *.vimeocdn.com *.visualwebsiteoptimizer.com *.w55c.net *.youtube.com *.ytimg.com *.yahoo.com https://dlnwzkim0wron.cloudfront.net https://inspire-medpro-refresh-s150-10e71bef23e5.herokuapp.com https://inspire-refresh-dev-playground-2d8c36e60063.herokuapp.com https://inspire-refresh-medpro-preview-10150d06c9be.herokuapp.com https://inspire-refresh-s150-12807a1d1efb.herokuapp.com https://inspire-refresh-www-preview-7d8233390685.herokuapp.com https://inspiresleep.com https://t.co https://trkn.us https://vimeo.com http://cdn-4.convertexperiments.com/js/10047477-10048671.js https://app.contentful.com; media-src 'self' blob: data: self localhost:* ws://localhost:* wss://rtm.kore.ai wss://ws.hotjar.com *.agkn.com *.adp.com *.adsrvr.org *.adxcel-ec2.com *.ads-twitter.com *.azurewebsites.net *.azure-api.net *.bing.com *.callrail.com *.cloudflare.com *.cloudfunctions.net *.contextweb.com *.ctfassets.net *.demdex.net *.doubleclick.net *.exelator.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.googleadservices.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inspiresleep.com *.ispot.tv *.kore.ai *.krxd.net *.mookie1.com *.osano.com *.pdst.fm *.pinimg.com *.pinterest.com *.quora.com *.reddit.com *.redditstatic.com *.rlcdn.com *.snapengage.com *.spotxchange.com *.stackadapt.com *.tapad.com *.tiktok.com *.twitter.com *.videoamp.com *.vimeo.com *.vimeocdn.com *.visualwebsiteoptimizer.com *.w55c.net *.youtube.com *.ytimg.com *.yahoo.com https://dlnwzkim0wron.cloudfront.net https://inspire-medpro-refresh-s150-10e71bef23e5.herokuapp.com https://inspire-refresh-dev-playground-2d8c36e60063.herokuapp.com https://inspire-refresh-medpro-preview-10150d06c9be.herokuapp.com https://inspire-refresh-s150-12807a1d1efb.herokuapp.com https://inspire-refresh-www-preview-7d8233390685.herokuapp.com https://inspiresleep.com https://t.co https://trkn.us https://vimeo.com http://cdn-4.convertexperiments.com/js/10047477-10048671.js https://app.contentful.com; font-src self localhost:* ws://localhost:* wss://rtm.kore.ai wss://ws.hotjar.com *.agkn.com *.adp.com *.adsrvr.org *.adxcel-ec2.com *.ads-twitter.com *.azurewebsites.net *.azure-api.net *.bing.com *.callrail.com *.cloudflare.com *.cloudfunctions.net *.contextweb.com *.ctfassets.net *.demdex.net *.doubleclick.net *.exelator.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.googleadservices.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inspiresleep.com *.ispot.tv *.kore.ai *.krxd.net *.mookie1.com *.osano.com *.pdst.fm *.pinimg.com *.pinterest.com *.quora.com *.reddit.com *.redditstatic.com *.rlcdn.com *.snapengage.com *.spotxchange.com *.stackadapt.com *.tapad.com *.tiktok.com *.twitter.com *.videoamp.com *.vimeo.com *.vimeocdn.com *.visualwebsiteoptimizer.com *.w55c.net *.youtube.com *.ytimg.com *.yahoo.com https://dlnwzkim0wron.cloudfront.net https://inspire-medpro-refresh-s150-10e71bef23e5.herokuapp.com https://inspire-refresh-dev-playground-2d8c36e60063.herokuapp.com https://inspire-refresh-medpro-preview-10150d06c9be.herokuapp.com https://inspire-refresh-s150-12807a1d1efb.herokuapp.com https://inspire-refresh-www-preview-7d8233390685.herokuapp.com https://inspiresleep.com https://t.co https://trkn.us https://vimeo.com http://cdn-4.convertexperiments.com/js/10047477-10048671.js https://app.contentful.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://app.contentful.com; frame-src self localhost:* ws://localhost:* wss://rtm.kore.ai wss://ws.hotjar.com *.agkn.com *.adp.com *.adsrvr.org *.adxcel-ec2.com *.ads-twitter.com *.azurewebsites.net *.azure-api.net *.bing.com *.callrail.com *.cloudflare.com *.cloudfunctions.net *.contextweb.com *.ctfassets.net *.demdex.net *.doubleclick.net *.exelator.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.googleadservices.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inspiresleep.com *.ispot.tv *.kore.ai *.krxd.net *.mookie1.com *.osano.com *.pdst.fm *.pinimg.com *.pinterest.com *.quora.com *.reddit.com *.redditstatic.com *.rlcdn.com *.snapengage.com *.spotxchange.com *.stackadapt.com *.tapad.com *.tiktok.com *.twitter.com *.videoamp.com *.vimeo.com *.vimeocdn.com *.visualwebsiteoptimizer.com *.w55c.net *.youtube.com *.ytimg.com *.yahoo.com https://dlnwzkim0wron.cloudfront.net https://inspire-medpro-refresh-s150-10e71bef23e5.herokuapp.com https://inspire-refresh-dev-playground-2d8c36e60063.herokuapp.com https://inspire-refresh-medpro-preview-10150d06c9be.herokuapp.com https://inspire-refresh-s150-12807a1d1efb.herokuapp.com https://inspire-refresh-www-preview-7d8233390685.herokuapp.com https://inspiresleep.com https://t.co https://trkn.us https://vimeo.com http://cdn-4.convertexperiments.com/js/10047477-10048671.js https://app.contentful.com; connect-src self localhost:* ws://localhost:* wss://rtm.kore.ai wss://ws.hotjar.com *.agkn.com *.adp.com *.adsrvr.org *.adxcel-ec2.com *.ads-twitter.com *.azurewebsites.net *.azure-api.net *.bing.com *.callrail.com *.cloudflare.com *.cloudfunctions.net *.contextweb.com *.ctfassets.net *.demdex.net *.doubleclick.net *.exelator.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.googleadservices.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inspiresleep.com *.ispot.tv *.kore.ai *.krxd.net *.mookie1.com *.osano.com *.pdst.fm *.pinimg.com *.pinterest.com *.quora.com *.reddit.com *.redditstatic.com *.rlcdn.com *.snapengage.com *.spotxchange.com *.stackadapt.com *.tapad.com *.tiktok.com *.twitter.com *.videoamp.com *.vimeo.com *.vimeocdn.com *.visualwebsiteoptimizer.com *.w55c.net *.youtube.com *.ytimg.com *.yahoo.com https://dlnwzkim0wron.cloudfront.net https://inspire-medpro-refresh-s150-10e71bef23e5.herokuapp.com https://inspire-refresh-dev-playground-2d8c36e60063.herokuapp.com https://inspire-refresh-medpro-preview-10150d06c9be.herokuapp.com https://inspire-refresh-s150-12807a1d1efb.herokuapp.com https://inspire-refresh-www-preview-7d8233390685.herokuapp.com https://inspiresleep.com https://t.co https://trkn.us https://vimeo.com http://cdn-4.convertexperiments.com/js/10047477-10048671.js https://app.contentful.com; block-all-mixed-content; upgrade-insecure-requests; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.au; img-src 'self' https: data: blob: https://mastodon.au; style-src 'self' https://mastodon.au 'nonce-G7uBROoQhGS0cHSAmOXfLQ=='; media-src 'self' https: data: https://mastodon.au; frame-src 'self' https:; manifest-src 'self' https://mastodon.au; form-action 'self'; child-src 'self' blob: https://mastodon.au; worker-src 'self' blob: https://mastodon.au; connect-src 'self' data: blob: https://mastodon.au https://mastodon.au wss://stream.mastodon.au; script-src 'self' https://mastodon.au 'wasm-unsafe-eval' 1
font-src fonts.gstatic.com use.typekit.net * *.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * cl.s51.exct.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com * https://js.digitalriverws.com *.adyen.com *.google.com/ instafeed.pixlee.co photos.pixlee.co *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com p.typekit.net validator.swagger.io * https://www.magezon.com https://ui1.img.digitalrivercontent.net *.adyen.com maps.googleapis.com maps.gstatic.com *.pxlecdn.com *.pixlee.com *.cdninstagram.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.googletagmanager.com * https://js.digitalriverws.com *.adyen.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.com/ *.marketo.com *.pxlecdn.com *.pixlee.co *.pixlee.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com * *.fontawesome.com https://js.digitalriverws.com *.marketo.com assets.pixlee.com *.addthis.com *.moatads.com *.addthisedge.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobedc.net *.demdex.net *.adobe.io performance.typekit.net *.sentry.io * https://getolympus.registria.com *.adyen.com https://maps.googleapis.com bam.nr-data.net *.marketo.com *.addthis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://report-to-api.raygun.com/reports?apikey=DzufkMvfyVLTrPSJBRAIpg; report-to report-endpoint; 1
frame-ancestors self *.scribendi.com *.scribendi.ai 1
media-src yastatic.net;connect-src *.strm.yandex.net mc.yandex.com yandex.eu yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru mc.yandex.eu;img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru yandex.eu 'self' yastatic.net data: mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.eu mc.yandex.ru favicon.yandex.net avatars.mds.yandex.net;script-src 'nonce-qqGHTGMs4yzTR3Y9uhZBLg==' mc.yandex.com yastatic.net yandex.eu mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.yandex.eu;child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net mc.yandex.ru mc.yandex.md mc.yandex.eu yandex.eu *.ya.ru *.yandex.ru ya.ru yandex.ru;style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.eu&showid=1721956159841611-9293458400345210204-balancer-l7leveler-kubr-yp-klg-281-BAL&h=stable-portal-mordago-199.vla.yp-c.yandex.net&yandexuid=3452102041721956159&&version=2024-07-24-611&adb=0;default-src 'self' yastatic.net yastat.net;font-src yastatic.net 1
upgrade-insecure-requests; default-src 'self' data: *.facebook.com *.google.com *.gstatic.com *.googleapis.com *.googleusercontent.com *.exoweb.ca *.rapide.net; object-src 'none'; script-src 'self' 'unsafe-inline' ; script-src-elem 'self' 'unsafe-inline' *.google.com *.gstatic.com *.facebook.net *.googleapis.com *.exoweb.ca *.rapide.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.exoweb.ca *.rapide.net; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.exoweb.ca *.rapide.net; child-src 'self' ; font-src 'self' *.gstatic.com ; frame-src 'self' *.google.com *.facebook.com ; frame-ancestors 'none' ; block-all-mixed-content ; 1
default-src 'self'; img-src 'self' blob: data: https://vercel.live/ https://vercel.com https://sockjs-mt1.pusher.com/ https://vercel.fides-cdn.ethyca.com/ https://hebbkx1anhila5yf.public.blob.vercel-storage.com/; script-src 'self' 'unsafe-inline' https://vercel.live/ https://vercel.com https://vercel.fides-cdn.ethyca.com/ https://va.vercel-scripts.com/v1/ https://js.stripe.com/; style-src 'self' 'unsafe-inline' https://vercel.live/ https://vercel.fides-cdn.ethyca.com/ https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com https://vercel.live https://assets.vercel.com data:; connect-src 'self' https://vercel.live/ https://vercel.com https://*.pusher.com/ wss://*.pusher.com/ https://fides-vercel.us.fides.ethyca.com/api/v1/ https://cdn-api.ethyca.com/location; frame-src 'self' https://generated.vusercontent.net/ https://vercel.live/ https://vercel.com https://vercel.fides-cdn.ethyca.com/ https://js.stripe.com/; frame-ancestors 'self'; report-uri /api/csp-report; 1
frame-ancestors 'self' https://portal.ukbonn.de https://portal-test.ukbonn.de; 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://shop.bzga.de/ https://service.bzga.de/ https://www.etracker.de/ https://static.etracker.com/ https://code.etracker.com/; img-src 'self' https://shop.bzga.de/ data: https://piwik.bzga.de https://service.bzga.de https://www.etracker.de https://static.etracker.com https://code.etracker.com; script-src 'self' 'unsafe-inline' https://piwik.bzga.de https://service.bzga.de https://www.etracker.de https://static.etracker.com https://code.etracker.com 1
default-src 'self' *.bossa.pl www.google.com; script-src 'self' 'unsafe-eval' *.bossa.pl www.salesmanago.pl *.salesmanago.pl www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.google-analytics.com www.gstatic.com maps.googleapis.com www.google.com unpkg.com www.clarity.ms 'unsafe-inline' *.startquestion.com; style-src 'self' *.bossa.pl www.gstatic.com fonts.googleapis.com 'unsafe-inline' unpkg.com/tippy.js@6.3.7/dist/tippy.css; img-src 'self' blob: bossa.pl *.bossa.pl bossafx.pl *.bossafx.pl *.salesmanago.pl www.googletagmanager.com *.google-analytics.com  stats.g.doubleclick.net maps.googleapis.com google.com *.google.com google.pl *.google.pl google.fi *.google.fi google.dk *.google.dk google.de *.google.de google.nl *.google.nl google.ch *.google.ch google.se *.google.se google.ie *.google.ie google.co.uk *.google.co.uk www.gstatic.com maps.gstatic.com 'unsafe-inline' 'unsafe-eval' data: img.youtube.com *.ytimg.com *.clarity.ms c.bing.com khms0.googleapis.com khms1.googleapis.com; media-src 'self' *.bossa.pl 'unsafe-inline'; frame-src 'self' blob: datajournalism.pap.pl www.google.com *.salesmanago.pl www.youtube.com td.doubleclick.net www.googletagmanager.com; font-src 'self' *.bossa.pl themes.googleusercontent.com fonts.googleapis.com fonts.gstatic.com 'unsafe-inline' data:; connect-src ws://websocket.bossa.pl wss://websocket.bossa.pl http://websocket.bossa.pl https://websocket.bossa.pl 'self' *.bossa.pl *.bossafx.pl bossafx.pl *.salesmanago.pl *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net maps.googleapis.com *.google.com *.google.pl *.clarity.ms *.saleago.com *.startquestion.com; report-uri /report-csp-violation 1
frame-ancestors 'self' https://digitalsignage.brillux.de 1
frame-ancestors 'self' https://*.leads.staging.homeflow.co.uk https://leads.staging.homeflow.co.uk https://*.homeflow.co.uk/ https://admin.content.homeflow.co.uk/ https://projects.zoho.eu/ 1
frame-ancestors 'self' https://*.davidclulow.com https://*.luxottica.com https://*.essilorluxottica.com; 1
frame-ancestors 'self' http://porrtogo.staffbase.com https://porrtogo.staffbase.com http://staffbase.com capacitor://porrtogo.staffbase.com capacitor://staffbase.com localhost:* 1
frame-ancestors 'self';        block-all-mixed-content;        default-src 'self';        script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://use.fontawesome.com https://ajax.googleapis.com https://cdn.datatables.net https://cdn.iubenda.com https://d3e54v103j8qbb.cloudfront.net https://google-analytics.com https://m.youtube.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://synlab.milklab.it https://ssl.google-analytics.com https://stackpath.bootstrapcdn.com https://unpkg.com https://www.youtube.com https://www.google-analytics.com https://www.gstatic.com https://www.google.com https://www.iubenda.com https://www.googletagmanager.com *.iubenda.com 'unsafe-eval';        style-src 'self' 'report-sample' 'unsafe-inline' use.fontawesome.com *.bootstrapcdn.com ajax.googleapis.com cdn.iubenda.com cdn.datatables.net fonts.googleapis.com unpkg.com *.iubenda.com;        object-src 'none';        frame-src 'self' *.youtube.com www.youtube-nocookie.com www.google.com *.iubenda.com;        child-src 'self' www.youtube.com;        img-src 'self' data: blob: *.google-analytics.com *.google.com *.ytimg.com *.youtube.com ajax.googleapis.com fonts.gstatic.com unpkg.com cdn.datatables.net *.iubenda.com;        font-src 'self' data: *.bootstrapcdn.com fonts.googleapis.com use.fontawesome.com fonts.gstatic.com unpkg.com;        connect-src 'self' use.fontawesome.com *.google.com *.iubenda.com ajax.googleapis.com fonts.gstatic.com fonts.googleapis.com stats.g.doubleclick.net www.google-analytics.com;        manifest-src 'self';        base-uri 'self';        form-action 'self';        media-src 'self';        prefetch-src 'self';        worker-src 'self'; 1
default-src 'self'; connect-src https: wss:; font-src 'self' https://fonts.gstatic.com; frame-src https:; img-src https: data:; media-src https: blob:; worker-src blob:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; form-action https:; report-uri https://csp-reports.globalweb.aws.assaabloy.com/reports; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  * 1
font-src *.fontawesome.com https://fonts.gstatic.com http://fonts.gstatic.com https://assets.sendinblue.com https://assets.brevo.com https://cdnjs.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://*.e-transactions.fr https://*.paypal.fr https://*.paypal.com https://*.monetico-services.com https://*.facebook.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com *.stripe.com stripe.com 'self'; frame-src https://amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.meetanshi.com https://cl.avis-verifies.com http://amc.demdex.net https://sibautomation.com https://www.facebook.com https://www.googletagmanager.com https://forms.office.com https://*.sibforms.com https://*.typeform.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.meetanshi.com https://meetanshi.com/media/logo.png https://*.cloudflare.com https://www.google.com.sg https://maps.googleapis.com https://maps.google.com http://maps.google.com https://maps.gstatic.com https://cl.avis-verifies.com https://*.openstreetmap.org https://black.bird.eu http://black.bird.eu https://bat.bing.com https://*.facebook.com https://*.google.fr https://*.google.com https://*.google-analytics.google.com https://www.googletagmanager.com https://burda-fr.mage.ovh https://*.sibforms.com https://img.mailinblue.com https://*.burdastyle.fr https://*.burdastyle.com https://*.abo-online.fr https://*.burdastyle.es https://*.burdastyle.pt https://*.burdastyle.uk https://*.burdastyle.nl https://*.faitmain-magazine.fr www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.meetanshi.com https://www.google.com.sg https://googleads.g.doubleclick.net https://maps.googleapis.com https://cl.avis-verifies.com https://www.googletagmanager.com http://www.googletagmanager.com https://sibautomation.com https://connect.facebook.net https://bat.bing.com https://s3.amazonaws.com https://*.youtube.com https://downloads.mailchimp.com http://downloads.mailchimp.com https://*.sibforms.com https://sibforms.com/ https://static.cloudflareinsights.com https://www.clarity.ms/  https://js-agent.newrelic.com https://*.typeform.com https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com https://*.sibforms.com https://sibforms.com/ https://*.typeform.com https://cdnjs.cloudflare.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ *.meetanshi.com https://stats.g.doubleclick.net https://maps.googleapis.com https://in-automate.sendinblue.com https://in-automate.brevo.com https://*.brevo.com https://*.analytics.google.com/ https://analytics.google.com/ https://*.google-analytics.com https://*.facebook.com/ https://*.sibforms.com/ https://bam.eu01.nr-data.net/ https://*.typeform.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://samsungfood.kinsta.cloud 1
default-src 'self' *.readspeaker.com data: https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; base-uri 'self'; connect-src 'self' *.readspeaker.com *.itzbund.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net wss://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net wss://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de wss://formularbot-fms.bzst.de; style-src 'self' 'unsafe-inline' *.readspeaker.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com https://formularbot-viola.bzst.de https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-fms.bzst.de https://formularbot-viola.bzst.de https://viola-bzst-fms.azr.juacvoe.net https://viola-bzst.azr.juacvoe.net https://viola.bundesbots.de 'sha256-fvt1zDnRVAuASIt4MdBmzTSLXs4mdTCa5fg9wNopnC0=' 'sha256-B9AMHvfU16Nc6sndzogCV/VH/SXmKESowGb6dBud/RA=';object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' *.bzst.de multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; frame-src  *.readspeaker.com https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de https://bzst.lucom.com https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; upgrade-insecure-requests; frame-ancestors 'self' *.preview.bzst.intranet.bund.de; 1
upgrade-insecure-requests; img-src 'self' data: https://secure.gravatar.com  https://www.google.co.uk  https://www.google-analytics.com  https://www.google.com.np  https://www.google.com.qa  https://stats.g.doubleclick.net  https://region1.analytics.google.com  https://www.googletagmanager.com  https://www.google.fr  https://i.vimeocdn.com  https://analytics.google.com  https://www.google.ie  https://www.google.at  https://www.google.co.in  https://www.google.ru  https://www.google.fi  https://www.google.de  https://www.google.nl  https://www.google.com.ph  https://www.google.com.br  https://www.google.com.mx  https://www.google.ca  https://www.google.mn  https://www.digitalbarriers.com  https://www.google.com.au  https://www.google.com.sg  https://www.google.it  https://www.google.ro  https://www.google.com.pk  https://www.google.co.id  https://www.google.co.jp  https://www.google.com.ng  https://www.google.be  https://hm.baidu.com  https://www.google.com.my  https://www.google.ae  https://www.google.co.za  https://www.google.tn  https://www.google.lu  https://www.google.es  https://www.google.com.tw  https://www.google.dk  https://www.google.cz  https://www.google.se  https://www.google.pl  https://www.google.com.eg  https://www.google.no  https://www.google.li  https://www.google.co.ug  https://www.google.bg  https://cdn.honey.io  https://www.google.lt  https://www.google.com.ua  https://www.google.com.bn  https://www.google.co.ma  https://www.google.by  https://www.google.hu  https://www.google.co.il  https://www.google.com.co  https://www.google.hn  https://www.google.com.sa  https://www.google.com.mt  https://www.google.com.tr  https://www.google.jo  blob:  https://www.google.com.hk  https://www.google.com.vn  https://www.google.co.kr  https://www.google.gr  https://www.google.hr  https://pos.baidu.com  https://www.google.ch  https://www.google.co.ke  https://www.google.co.nz  https://www.google.sk  https://www.google.al  https://digitalbarriers.com  https://www.google.az  https://www.google.com.ar  https://www.google.com.gh  https://www.google.ps  https://www.google.co.th  https://www.google.je  https://www.google.com.bd  https://www.google.me  https://www.google.pt  https://www.google.com.pa  https://www.google.dz  https://www.google.lk  https://csi.gstatic.com  https://www.google.com.jm  https://www.google.com.bz  https://www.google.mk  https://www.google.lv  https://www.google.cn  https://translate.google.com  ; default-src 'self'; script-src 'self' 'unsafe-inline' data:  https://www.google.com  https://www.googletagmanager.com  https://cdnjs.cloudflare.com  https://www.google-analytics.com  https://www.gstatic.com  https://unpkg.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://utq.vvipquan.com  https://code.jquery.com  https://connect.facebook.net  https://www.pagespeed-mod.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://digitalbarriers.com  https://apis.google.com  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://www.google.com  https://www.googletagmanager.com  https://cdnjs.cloudflare.com  https://www.google-analytics.com  https://www.gstatic.com  https://unpkg.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://utq.vvipquan.com  https://code.jquery.com  https://connect.facebook.net  https://www.pagespeed-mod.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://digitalbarriers.com  https://apis.google.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://cdn.honey.io  https://digitalbarriers.com  https://gc.kis.v2.scr.kaspersky-labs.com ; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://cdn.honey.io  https://digitalbarriers.com  https://gc.kis.v2.scr.kaspersky-labs.com ; connect-src 'self' https://lottie.host  https://www.google-analytics.com  https://region1.analytics.google.com  https://stats.g.doubleclick.net  https://www.google.co.uk  https://analytics.google.com  https://www.google.com.np  https://yoast.com  https://www.google.ie  https://www.google.de  https://www.google.com.sg  https://www.google.it  https://www.google.com.pk  https://www.google.co.id  https://www.google.ca  https://hm.baidu.com  https://www.google.com.ph  https://www.google.co.jp  https://www.google.com.my  https://www.google.lu  https://www.google.nl  https://www.google.co.in  https://www.google.com.au  https://www.google.dk  https://www.google.co.za  https://www.google.com.tw  https://www.google.fr  https://www.google.cz  https://www.google.se  https://www.google.tn  https://www.google.co.ug  https://www.google.com.eg  https://www.google.com.br  https://www.googletagmanager.com  https://www.google.com.co  https://www.google.ae  https://www.google.hn  https://www.google.com.sa  https://www.google.com.qa  https://www.google.co.ma  https://www.google.com.hk  https://www.google.com.mx  https://www.google.es  https://www.google.bg  https://www.google.co.ke  https://www.google.co.il  data:  https://www.google.com.ng  https://www.google.com.gh  https://www.google.at  https://www.google.com.vn  https://www.google.com.tr  https://www.google.ro  https://www.google.be  https://www.google.co.nz  https://www.google.com.ua  https://www.google.pt  https://www.google.com.ar  https://www.google.sk  https://www.google.lk  https://www.google.hr  https://www.google.lt  https://www.google.mk  https://www.google.je  https://translate.googleapis.com;  frame-src 'self' https://player.vimeo.com  https://td.doubleclick.net  https://www.google.com  https://www.googletagmanager.com  http://153.11.216.220  https://www.youtube.com  https://static.contextall.com  https://mozbar.moz.com  http://25.19.243.209  https://feedback-pa.clients6.google.com  http://25.19.243.80;  media-src 'self' data:  https://digitalbarriers.com;  font-src 'self' https://fonts.gstatic.com  data:  https://www.slant.co  https://digitalbarriers.com;  manifest-src 'self' https://digitalbarriers.com;  worker-src 'self' blob:; 1
default-src 'none'; base-uri 'self'; manifest-src 'self'; connect-src 'self' https://youtube.com/ https://svanalytics.piwik.pro https://svanalytics.containers.piwik.pro https://*.readspeaker.com https://i14.inviewer.se https://*.sandviken.se https://*.mediaflow.com https://mfstatic.com https://*.rekai.se https://skattekollen.se https://stats.mediaflowpro.com https://uistats.sitevision.se; font-src 'self' data: https://mfstatic.com https://static.mediaflowpro.com; form-action 'self' https://m1.analytics.sitevision-cloud.se https://*.sandviken.se; frame-src 'self' https://*.sandviken.se https://youtube.com/ https://vgs-gis.maps.arcgis.com https://api.screen9.com https://exportservice.actorsmartbook.se https://m1.analytics.sitevision-cloud.se https://marketplace.sitevision.se https://mpi.mashie.com https://play.mediaflow.com https://sandviken.ondemand.formpipe.com https://w.soundcloud.com https://www.linkedin.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://recruit.visma.com/ https://assets.mediaflowpro.com https://im14.inviewer.se https://images.citybreakcdn.com https://img.youtube.com https://*.sandviken.se https://media.objektvision.se https://mfstatic.com https://skattekollen.se https://static.mediaflowpro.com; media-src 'self' blob: https://*.mediaflow.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.sandviken.se https://svanalytics.containers.piwik.pro https://cdn-eu.readspeaker.com https://code.jquery.com https://i14.inviewer.se https://m1.analytics.sitevision-cloud.se https://mfstatic.com https://platform.linkedin.com https://skattekollen.se https://static.mediaflowpro.com https://static.rekai.se https://uistats.sitevision.se  https://www.gstatic.com https://www.linkedin.com; style-src 'self' 'unsafe-inline' https://cdn-eu.readspeaker.com https://*.sandviken.se https://mfstatic.com https://skattekollen.se https://static.mediaflowpro.com https://www.gstatic.com 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://rum-static.pingdom.net/ https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://app.qweb.nl https://*.google-analytics.com https://*.pingdom.net; font-src 'self' https://fonts.gstatic.com; frame-src 'self'; frame-ancestors 'self' https://*.qweb.nl https://*.qweb.net; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; form-action 'self' https://app.qweb.nl 1
default-src 'self' https://matomo.com https://*.matomo.cloud https://hotjar.com https://*.hotjar.com https://google.com https://*.google.com https://paypal.com https://*.paypal.com https://paypalobjects.com https://*.paypalobjects.com https://paytrail.com https://*.paytrail.com https://fontawesome.com https://*.fontawesome.com https://youtube.com https://*.youtube.com; img-src 'self' data: https:; font-src 'self' https://fonts.gstatic.com data: https://*.crisp.chat https://crisp.chat http://cdnjs.cloudflare.com https://*.cdnjs.cloudflare.com https://cloudflare.com  https://*.checkout.fi https://checkout.fi  https://*.matomo.cloud https://matomo.cloud  https://*.paytrail.com https://paytrail.com  https://fontawesome.com https://*.fontawesome.com; style-src 'self' 'unsafe-inline' https:; frame-ancestors 'self'; object-src 'none';  connect-src 'self' https://matomo.cloud https://*.matomo.cloud https://google-analytics.com https://*.google-analytics.com https://google.com https://*.google.com https://doubleclick.com https://*.doubleclick.net https://facebook.com https://*.facebook.com https://facebook.net https://*.facebook.net https://crisp.chat https://*.crisp.chat wss://crisp.chat wss://*.crisp.chat wss://www.shellit.org wss://*.shellit.org https://www.cookiehub.net https://*.cookiehub.net https://hotjar.io https://*.hotjar.io https://www.paypalobjects.com  https://*.paypalobjects.com https://www.paypal.com  https://*.paypal.com https://fontawesome.com  https://*.fontawesome.com https://hotjar.com https://*.hotjar.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://google.com https://*.google.com https://*.matomo.cloud https://matomo.cloud https://*.doubleclick.net https://doubleclick.net https://*.facebook.com https://facebook.com https://*.facebook.net https://facebook.net https://cdnjs.cloudflare.com https://googletagmanager.com https://*.googletagmanager.com https://cookiehub.net https://*.cookiehub.net https://google-analytics.com https://*.google-analytics.com https://gstatic.com https://*.gstatic.com https://hotjar.com https://*.hotjar.com https://crisp.chat https://*.crisp.chat https://www.googleadservices.com https://*.googleadservices.com https://www.paypalobjects.com  https://*.paypalobjects.com https://www.paypal.com  https://*.paypal.com https://www.paytrail.com  https://*.paytrail.com https://fontawesome.com  https://*.fontawesome.com https://tagmanager.google.com; 1
frame-ancestors 'self' https://analytics.interworks.com https://blackstone.tableau.com https://bx.com http://events1.social27.com https://events1.social27.com https://interworks.co.uk http://s27-events-ui-staging.azurewebsites.net https://s27-events-ui-staging.azurewebsites.net https://tableau.interworks.co.uk https://interworks.com; upgrade-insecure-requests 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/gh/alpinejs/alpine@v2.8.2/dist/alpine.min.js https://code.jquery.com/jquery-3.2.1.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.7.1/Chart.min.js; block-all-mixed-content; upgrade-insecure-requests 1
upgrade-insecure-requests  ;           worker-src 'self' blob: feed.pghub.io pandg.tapad.com ;            style-src 'self' 'unsafe-inline' *.lytics.io cdn.pricespider.com api.tiles.mapbox.com *.jebbit.com blob: feed.pghub.io pandg.tapad.com ;           media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ;            manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ;           script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com *.pricespider.com cdn.cookielaw.org script.crazyegg.com *.jebbit.com pghub.io cdn.segment.com *.moatads.com *.lytics.io *.bazaarvoice.com cdnjs.cloudflare.com api.tiles.mapbox.com mpsnare.iesnare.com feed.pghub.io pandg.tapad.com www.bouncefresh.com;           font-src 'self' cdn.pricespider.com data: feed.pghub.io pandg.tapad.com www.bouncefresh.com;           frame-ancestors 'none' feed.pghub.io pandg.tapad.com ;           frame-src 'self' feed.pghub.io consumersupport.pg.com jebbit.bouncefresh.com *.doubleclick.net pandg.tapad.com ;           img-src 'self' data: images.ctfassets.net pixel.tapad.com *.lytics.io *.moatads.com *.akamaihd.net *.pricespider.com cdn.cookielaw.org *.bazaarvoice.com www.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.doubleclick.net feed.pghub.io pandg.tapad.com ;           connect-src 'self' *.google-analytics.com cdn.cookielaw.org stats.g.doubleclick.net script.crazyegg.com external-api.jebbit.com match.adsrvr.org cdn.segment.com api.segment.io *.algolianet.com *.algolia.net *.bazaarvoice.com *.pricespider.com *.mapbox.com geolocation-db.com wss: feed.pghub.io pandg.tapad.com ;           base-uri 'none' feed.pghub.io pandg.tapad.com ;           default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src 'self' *.cookielaw.org *.onetrust.com feed.pghub.io pandg.tapad.com ; media-src https://videos.ctfassets.net feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 1
frame-ancestors 'self' gather.town *.kopano.io *.kopano.com; 1
frame-ancestors self https://*.chaosgroup.com https://*.chaos.com https://secure.avangate.com https://secure.2checkout.com 1
default-src 'self';script-src 'self' 'nonce-zBh8msh1qs0pxazkWZkW6k7QB'; style-src 'self' 'nonce-zBh8msh1qs0pxazkWZkW6k7QB'; object-src 'none';base-uri 'self';img-src 'self' https:;connect-src 'self' https://pagure.io:8088;frame-src https://docs.pagure.org;frame-ancestors https://pagure.io; 1
script-src 'self'; script-src-elem 'self' 'unsafe-eval' 'nonce-Rs6T16HFRoS7tngt3HPD8xPN' 'sha256-8mhHF+WQFPbrFtZT3ILREQrpLHL4TVrQNQk6GdnEigE=' ssl.google-analytics.com platform.twitter.com cdn.syndication.twimg.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com thoughtleadershipmphasis.disqus.com www.linkedin.com graph.facebook.com c.disquscdn.com disqus.com munchkin.marketo.net https://assets.adobedtm.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com https://analytics.twitter.com https://static.ads-twitter.com/uwt.js https://pbs.twimg.com/media https://cdn.cookie-script.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://beacon.crigloo.com/js/container_KAfRm6si.js; object-src 'none'; base-uri 'none'; frame-src www.youtube.com platform.twitter.com syndication.twitter.com disqus.com www2.mphasis.com www.mphasis.com *.demdex.net *.doubleclick.net; 1
default-src 'self' 'unsafe-inline';connect-src https://api.growingio.com; font-src 'self' data:;script-src 'self' 'unsafe-inline' https://assets.giocdn.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.googleapis.com *.chargefinder.com *.gstatic.com *.googletagservices.com *.google.com *.googlesyndication.com *.ampproject.org *.doubleclick.net *.openxcdn.net 1
default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests; 1
frame-ancestors 'self' *.mastercard.com *.gatwickparking.co.uk 1
frame-ancestors 'self', script-src 'self' 'unsafe-inline' 'unsafe-eval' https://acsbap.com https://googleads.g.doubleclick.net https://c.neodatagroup.com https://acsbapp.com https://analytics.ferrero.com https://maps.googleapis.com  https://s.go-mpulse.net https://privacyportal-eu.onetrust.com https://www.google-analytics.com https://connect.facebook.net https://cdn.cookielaw.org https://www.gstatic.com https://code.jquery.com https://www.googletagmanager.com https://www.google.com https://www.kinder.com https://www.nutella.com https://www.tictac.com https://www.ferrerorocher.com https://cdnjs.cloudflare.com https://static.addtoany.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.globalcms-fe.ferrero.com https://www-globalcms-fe-ferrero-com-2024.ipaasferrero.com 1
default-src 'self' googleads.g.doubleclick.net; connect-src 'self' www.slalom.com *.yextevents.com segments.company-target.com tag-logger.demandbase.com api.company-target.com unpkg.com cdn.jsdelivr.net prod-cdn.us.yextapis.com js.zi-scripts.com api.schedule.zoominfo.com ws.zoominfo.com ws-assets.zoominfo.com fast.wistia.net *.hotjar.com *.hotjar.io px.ads.linkedin.com cdn.cookielaw.org fast.wistia.com pipedream.wistia.com embedwistia-a.akamaihd.net content.hotjar.io wss://ws43.hotjar.com wss://ws43.hotjar.io embed-fastly.wistia.com distillery.wistia.com www.facebook.com *.google-analytics.com stats.g.doubleclick.net privacyportal.onetrust.com cdn.linkedin.oribi.io vc.hotjar.io wss://*.hotjar.com wss://*.hotjar.io geolocation.onetrust.com cdn.acsbapp.com wss://ws35.hotjar.com wss://ws35.hotjar.io analytics.google.com ws.zoominfo.com www.google.co.uk *.analytics.google.com www.google.ca www.google.com.co ws13.hotjar.com ws13.hotjar.io login.microsoftonline.com graph.microsoft.com twodegrees1.sharepoint.com www.google.com.mx www.google.com.br www.google.com.au www.google.co.jp www.google.co.in embed-ssl.wistia.com www.google.ie www.google.com.sa www.google.com.pk www.google.es www.google.com.cy www.google.de www.google.be app.wistia.com www.google.co.nz www.google.fr www.google.ae www.google.com.ng www.google.com.sg www.google.com.ph embed-cloudfront.wistia.com *.googletagmanager.com dpm.demdex.net *.g.doubleclick.net *.google.com pagead2.googlesyndication.com slalom.tt.omtrdc.net smetrics.slalom.com prev.slalom.com adobedc.demdex.net fg8vvsvnieiv3ej16jby.litix.io; font-src 'self' data: fast.wistia.com script.hotjar.com fonts.gstatic.com themes.googleusercontent.com at.alicdn.com github.com www.slant.co www.slalom.com; frame-src 'self' s.company-target.com www.google.com go.slalom.com view.ceros.com static.hotjar.com vars.hotjar.com vars.hotjar.io www.facebook.com www.youtube.com pixel.sitescout.com td.doubleclick.net tpc.googlesyndication.com login.microsoftonline.com www.podbean.com *.fls.doubleclick.net mozbar.moz.com fast.wistia.net vimeo.com www.slalom.com big.g.doubleclick.net slalom.demdex.net; img-src 'self' segments.company-target.com id.rlcdn.com s7d9.scene7.com embed-ssl.wistia.com fast.wistia.com data: cdn.cookielaw.org *.google-analytics.com www.facebook.com *.linkedin.com *.googletagmanager.com googleads.g.doubleclick.net *.google.com img.youtube.com s.ml-attr.com pixel.sitescout.com secure.adnxs.com attr.ml-api.io www.google.co.uk *.doubleclick.net px.ads.linkedin.com www.google.ca www.google.com.ng www.google.com.pk twodegrees1.sharepoint.com login.microsoftonline.com www.google.com.au www.google.com.br www.google.co.jp www.google.ie www.google.co.in embed-fastly.wistia.com embedwistia-a.akamaihd.net www.google.mu www.gstatic.com www.google.de www.google.it www.google.dk www.google.com.tr www.google.co.ke www.google.com.co www.google.com.qa www.google.es www.google.com.cy www.google.ae www.google.fr www.google.co.il www.google.com.ec www.google.com.mx www.google.ee www.google.be translate.google.com www.google.com.sg www.google.co.za www.google.ch www.google.com.ph www.slalom.com www.google.co.nz i.vimeocdn.com slalomdotcomdev.112.2o7.net ssl.gstatic.com *.analytics.google.com *.g.doubleclick.net www.google.com www.google.nl dev.day.com cm.everesttech.net dpm.demdex.net prev.slalom.com; media-src 'self' blob: data: embedwistia-a.akamaihd.net embed-fastly.wistia.com embed-ssl.wistia.com ade.googlesyndication.com fast.wistia.com embed-cloudfront.wistia.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' schedule.zoominfo.com ws-assets.zoominfo.com js.zi-scripts.com www.gstatic.com static.cloudflareinsights.com cdn.cookielaw.org *.googletagmanager.com www.googleoptimize.com www.google-analytics.com static.hotjar.com googleads.g.doubleclick.net snap.licdn.com connect.facebook.net ws.zoominfo.com up.pixel.ad script.hotjar.com www.google.com www.google.kz embedwistia-a.akamaihd.net embed-fastly.wistia.com labs.ceros.com assets.adobedtm.com pi.pardot.com tagmanager.google.com www.googleadservices.com fast.wistia.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' blob: js.sentry-cdn.com tag.demandbase.com ws-assets.zoominfo.com js.zi-scripts.com unpkg.com www.gstatic.com activitymap.adobe.com cdn.cookielaw.org www.googletagmanager.com static.hotjar.com www.google-analytics.com pi.pardot.com *.googlesyndication.com connect.facebook.net script.hotjar.com snap.licdn.com view.ceros.com www.googleadservices.com googleads.g.doubleclick.net js-agent.newrelic.com acsbapp.com bam.nr-data.net static.cloudflareinsights.com up.pixel.ad www.googleoptimize.com ws.zoominfo.com fast.wistia.com app.wistia.com ssl.google-analytics.com go.slalom.com www.google.com player.invintus.com gc.kis.v2.scr.kaspersky-labs.com fast.wistia.net me.kis.v2.scr.kaspersky-labs.com labs.ceros.com sdk.ceros.com ajax.cloudflare.com assets.adobedtm.com prod.slalom.com.seg.js; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; style-src-elem 'self' 'unsafe-inline' data: www.googletagmanager.com fonts.googleapis.com; worker-src 'self' blob:; frame-ancestors 'self' www.slalom.com; report-uri https://www.slalom.com/report-uri/enforce; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.voya.com https://mybetterworld.es https://*.mybetterworld.es; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; base-uri 'none'; 1
base-uri 'self'; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net arriva-api.test.perplex.eu webapi-arrivanl.acc.perplex.eu arriva-api.prod.perplex.eu webapi.arriva.nl wss://cxcomlive-webconvwa-weu.azurewebsites.net www.clarity.ms *.clarity.ms https://c.bing.com google-analytics.com https://*.google-analytics.com https://*.doubleclick.net *.snapchat.com; default-src 'self'; font-src 'self' data: https://aurora.cmtelecom.com https://fonts.gstatic.com https://www.cm.com; form-action 'self' *.buckaroo.nl *.chipbizz.com *.ovshop.nl *.facebook.com; frame-ancestors 'self'; frame-src 'self' data: *.youtube.com *.vimeo.com *.google.com *.doubleclick.net *.facebook.com *.snapchat.com; img-src 'self' data: *.arriva.nl arriva.nl *.perplex.eu *.google-analytics.com i.vimeocdn.com www.google.com www.google.nl *.windows.net alert-web-info.arriva.nl alert-web-info-acc.arriva.nl www.facebook.com *.cm.com www.clarity.ms *.clarity.ms https://c.bing.com https://*.ytimg.com https://*.doubleclick.net *.facebook.com *.snapchat.com; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.facebook.com www.clarity.ms *.clarity.ms https://c.bing.com *.elitechnology.com https://*.digitalcx.com https://*.scribit.pro https://sc-static.net *.snapchat.com https://www.googleadservices.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://play-lh.googleusercontent.com https://is1-ssl.mzstatic.com https://cdn-api.weglot.com  https://googleads.g.doubleclick.net https://www.googleadservices.com https://analytics.google.com https://analytics.google.com https://ttcu.locatorsearch.net https://*.vimeo.com https://*.pure.cloud https://*.paypalobjects.com https://*.giveworx.com https://www.datadoghq-browser-agent.com https://ttcu.com https://*.ttcu.com https://*.pinterest.com https://t.co https://analytics.twitter.com https://ajax.cloudflare.com https://*.qualtrics.com https://marketing.ttcu.com https://s.pinimg.com/ https://static.ads-twitter.com https://*.cloudflareinsights.com https://*.addthis.com https://*.issuu.com https://*.lk-cs.com https://ttcu.locatorsearch.com https://cdn.weglot.com https://c.bing.com https://api.shelf.io https://*.adsrvr.org https://*.clarity.ms https://*.schemaapp.com https://*.addthisedge.com wss://*.hotjar.com https://s3.amazonaws.com https://*.youtube-nocookie.com https://*.formstack.com https://*.googletagmanager.com https://netdna.bootstrapcdn.com https://platform.twitter.com https://*.ytimg.com https://*.typekit.net https://*.youtube.com https://www.google.com https://www.facebook.com https://www.gstatic.com https://connect.facebook.net https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://maps.googleapis.com https://maps.gstatic.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://ajax.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.lk-cs.com https://lkcsunix.com; frame-ancestors 'self' https://www.youtube.com https://*.vimeo.com *.eltropyvideobanking.com *.financialtown.com; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 1
default-src 'self'; script-src 'self' https://platform.twitter.com/widgets.js https://cloud.typography.com/7948038/7854212/css/fonts.css https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com https://cbbb.wufoo.com https://www.calendarwiz.com https://cdn.plot.ly https://players.brightcove.net https://analytics.brightcove.net https://kit.fontawesome.com  https://s0.2mdn.net https://adservice.google.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.googletagmanager.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ js.hs-scripts.com js.hsforms.net/ js.hs-analytics.net *.en25.com cdn.ampproject.org cbbb.realmagnet.land http://bbbprograms.org/Sitefinity/Authenticate/OpenID/assets/app.FormPostResponse.js https://tagmanager.google.com https://cdn.rlets.com https://bbbnp-bbbp-stf-use1-01.s3.amazonaws.com https://assets.bbbprograms.org/ https://cdn.plot.ly/usa_110m.json https://cdn.plot.ly/plotly-latest.min.js:61 *.crazyegg.com https://stats.g.doubleclick.net/j/collect https://api.hubapi.com/hs-script-loader-public/v1/config/pixel/json https://js.hsforms.net/forms/v2.js https://js.hs-banner.com/8712603.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.paypalobjects.com/ https://googleads.g.doubleclick.net/ https://js.hsadspixel.net/fb.js https://snap.licdn.com/; style-src https://cloud.typography.com/7948038/7854212/css/fonts.css https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com https://www.calendarwiz.com https://cbbb.wufoo.com https://players.brightcove.net 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com http://bbbprograms.org https://assets.bbbprograms.org; font-src 'self' https://cloud.typography.com/ https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com http://www.calendarwiz.com https://players.brightcove.net fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://ka-f.fontawesome.com/releases/v5.15.4/webfonts/ https://bbbprograms.org/ https://assets.bbbprograms.org; img-src *.s3.amazonaws.com https://www.calendarwiz.com https://cloud.typography.com/7948038/7854212/css/fonts.css https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com https://secure-cf-c.ooyala.com http://cf.c.ooyala.com https://players.brightcove.net 'self' *.gstatic.com *.googleapis.com *.google-analytics.com www.google.com clients1.google.com platform.tumblr.com *.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.coms https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://d3w4wo0n3briz3.cloudfront.net/ https://assets.bbbprograms.org/ https://track.hubspot.com/ https://px.ads.linkedin.com/ https://t.co/ https://analytics.twitter.com/ https://perf.hsforms.com/ https://p.adsymptotic.com/ https://px4.ads.linkedin.com/ https://analytics.google.com/; media-src http://cf.c.ooyala.com 'self' data: blob:; form-action 'self' https://cbbb.wufoo.com https://bbbprograms.org https://forms.hsforms.com/ https://js.hsforms.net/ https://desk.zoho.com/support/WebToCase; child-src https://www.google.com https://auto.bbbnp.org/ https://caru.bbbnp.org https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com https://cbbb.wufoo.com https://players.brightcove.net http://imasdk.googleapis.com/ http://l.ooyala.com/ 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com https://privacyseals.bbbprograms.org/ web.facebook.com badge.stumbleupon.com https://js.hsforms.net/forms-next/shell-recaptcha https://applications.bbbprograms.org https://forms.hsforms.com/submissions/ https://bbbprograms.org blob: *.adobe.com/ https://assets.bbbprograms.org https://privacyinitiatives.bbbprograms.org https://privacyinitiatives.bbbnp.org; connect-src *.google-analytics.com https://cloud.typography.com/7948038/7854212/css/fonts.css https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com https://cbbb.wufoo.com https://players.brightcove.net https://licensing.bitmovin.com https://metrics-api.librato.com 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://stats.g.doubleclick.net/ https://js.hs-banner.com/cookie-banner-public/v1/domain-collection https://ka-f.fontawesome.com/ https://forms.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/prod/8712603/aafc1d80-12f1-408c-8344-a1ec382e57db.json.gz https://script.crazyegg.com/ https://tracking.crazyegg.com/ https://pagestates-tracking.crazyegg.com/healthcheck https://assets-tracking.crazyegg.com/healthcheck https://hubspot-forms-static-embed.s3.amazonaws.com/prod/8712603/86a3b92f-d714-41db-b093-1a560633c100.json.gz https://js.hs-banner.com/cookie-banner-public/v1/activity/view https://pagestates-tracking.crazyegg.com/ https://analytics.google.com/ https://assets.bbbprograms.org https://cdn.linkedin.oribi.io/ https://api.hubapi.com/hs-script-loader-public/; 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.userway.org static.klaviyo.com *.zopim.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.creativememories.com https://www.facebook.com https://payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.creativememories.com https://cdn.zinrelo.com https://static.zdassets.com https://v2.zopim.com https://ekr.zdassets.com https://zendesk.com https://zendesk-staging.com https://rollbar-eu.zendesk.com https://payflowlink.paypal.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.creativememories.com https://app.zinrelo.com https://mc-hub-designer-sto-use.azureedge.net https://designer.mediacliphub.com https://cdn.zinrelo.com https://static.zdassets.com https://v2.zopim.com https://ekr.zdassets.com https://zendesk.com https://zendesk-staging.com https://rollbar-eu.zendesk.com https://www.google.com https://www.facebook.com https://www.youtube.com https://payflowlink.paypal.com *.userway.org *.osano.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io *.creativememories.com *.creativememoriesau.com *.creativememories.ca https://seal-minnesota.bbb.org https://dgjcoqnzn763b.cloudfront.net https://www.creativememories.com https://d3k81ch9hvuctc.cloudfront.net https://www.facebook.com https://www.google.com https://render.mediacliphub.com *.cloudfront.net *.searchspring.net *.searchspring.io https://cdnjs.cloudflare.com https://v2assets.zopim.io *.userway.org creativememories.zendesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com *.zopim.com *.zopim.io maps.googleapis.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net cdn.ampproject.org raw.githubusercontent.com *.creativememories.com *.creativememoriesau.com *.creativememories.ca https://cdn.zinrelo.com https://static.cloudflareinsights.com https://assets.zendesk.com https://static.zdassets.com https://google.com https://www.google.com https://d395yjvh5spyzw.cloudfront.net https://js-agent.newrelic.com https://bam.nr-data.net https://app.zinrelo.com https://api.mediacliphub.com https://static.mediacliphub.com https://ajax.cloudflare.com https://connect.facebook.net *.searchspring.io *.klaviyo.com dc.services.visualstudio.com *.gstatic.com cdn.userway.org api.userway.org *.userway.org *.osano.com https://unpkg.com/flickity@2/dist/flickity.pkgd.min.js https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.zopim.com *.zdassets.com https://cdn.searchspring.net/intellisuggest/is.min.js ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com unpkg.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.creativememories.com https://static.klaviyo.com *.userway.org maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.creativememories.com https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io cdn.ampproject.org *.creativememories.com https://bam.nr-data.net https://creativememories.zendesk.com https://ekr.zdassets.com https://a.klaviyo.com https://static-forms.klaviyo.com wss://widget-mediator.zopim.com https://telemetrics.klaviyo.com https://app.zinrelo.com https://api.mediacliphub.com https://geo-cdn.creativememoriesau.com https://geo-cdn.creativememories.ca https://geo-cdn.creativememories.com https://stats.g.doubleclick.net *.searchspring.io *.facebook.com dc.services.visualstudio.com https://www.xtento.com ekr.zendesk.com api.userway.org *.userway.org *.osano.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.zdassets.com *.zopim.com widget-mediator.zopim.com https://beacon.searchspring.io/beacon *.google-analytics.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.creativememories.com https://static.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-src 'self' *.google.com *.quora.com snapwidget.com *.consensu.org *.sharethis.com *.doubleclick.net *.greenhouse.io *.payoneer.com *.trustpilot.com *.oraclecloud.com *.driftt.com *.ubembed.com *.youtube.com *.github.io *.userway.org v.qq.com *.adpartner.pro *.facebook.com *.chilipiper.com *.teamme.io *.adsrvr.org *.googlesyndication.com *.scrmtech.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'  *.googletagmanager.com *.cookielaw.org *.convertexperiments.com *.marketo.net *.googleadservices.com *.bing.com *.licdn.com *.facebook.net *.taboola.com *.yimg.jp *.yahoo.co.jp *.doubleclick.net *.sharethis.com *.consensu.org snapwidget.com *.onetrust.com *.greenhouse.io *.payoneer.com *.mouseflow.com *.salesloft.com *.trendemon.com *.trustpilot.com *.ubembed.com *.google.com *.dynatrace.com *.oraclecloud.com *.baidu.com *.driftt.com *.youtube.com *.daumcdn.net unpkg.com *.yandex.ru *.cloudflare.com *.strattic.com *.6sc.co *.jsdelivr.net *.bootstrapcdn.com *.twitter.com *.ads-twitter.com *.highcharts.com *.github.io *.qualtrics.com *.microsoft.com  *.userway.org *.tiktok.com *.googleoptimize.com accessibilityserver.org *.adnxs.com *.pdst.fm *.fullstory.com *.redditstatic.com *.cheqzone.com *.clarity.ms *.line-scdn.net redditstatic.s3.amazonaws.com wcs.naver.net *.googlesyndication.com *.google-analytics.com *.adpartner.pro *.line-cdn.net *.line-scdn.net *.chilipiper.com *.teamme.io *.quora.com *.adsrvr.org *.amplitude.com ssgtm-sbyzlt5hyq-ey.a.run.app *.trackjs.com; 1
frame-ancestors 'self' https://meetings.hubspot.com https://fast.wistia.net https://www.google.com https://www.youtube.com 1
frame-ancestors 'self' https://drive.google.com https://accounts.google.com 1
default-src 'self' data: *.waiverforever.com *.waiverforever.cn *.herokuapp.com; font-src 'self' data: *.waiverforever.com *.waiverforever.cn *.herokuapp.com *.gstatic.com *.googleapis.com; script-src 'self' data: *.waiverforever.com *.waiverforever.cn *.herokuapp.com 'unsafe-inline' 'unsafe-eval' *.calendly.com *.gstatic.com *.googletagmanager.com *.googleadservices.com *.google.com *.google-analytics.com *.doubleclick.net *.zdassets.com *.hotjar.com *.stripe.com *.cloudflare.com *.ctctcdn.com *.vimeocdn.com *.facebook.net cdn.jsdelivr.com *.cookiebot.com; child-src 'self' data: *.waiverforever.com *.waiverforever.cn *.herokuapp.com *.amazonaws.com *.cloudfront.net *.vimeo.com *.doubleclick.net code.jquery.com; style-src 'self' data: *.waiverforever.com *.waiverforever.cn *.herokuapp.com 'unsafe-inline' *.cloudflare.com *.ctctcdn.com *.googleapis.com; img-src 'self' data: *.waiverforever.com *.waiverforever.cn *.herokuapp.com *.g2.com *.google.com *.googletagmanager.com *.facebook.com *.google-analytics.com s3.amazonaws.com imgsct.cookiebot.com; connect-src *; frame-src 'self' data: *.waiverforever.com *.waiverforever.cn *.herokuapp.com calendly.com *.calendly.com *.vimeo.com *.google.com *.doubleclick.net *.hotjar.com consentcdn.cookiebot.com 1
frame-ancestors 'self' https://s.salecycle.com https://vodafoneromania.demdex.net https://vars.hotjar.com https://c1.adform.net 1
frame-ancestors 'self' *.vendhq.com *.retail.lightspeed.app; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=puba63db3f96a1d5bb789394101974def5f&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdnjs.cloudflare.com https://acsbapp.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://polyfill.io https://unpkg.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://js-agent.newrelic.com https://www.google.com https://www.gstatic.com https://player.vimeo.com https://*.vimeocdn.com https://connect.facebook.net https://platform.twitter.com https://www.youtube.com https://*.upgrade.guide https://translate.google.com https://*.googleapis.com https://svc.webspellchecker.net https://touchstoneenergy.com https://cdn.questline.com https://weatherwidget.io https://cdn.gtranslate.net https://www.powr.io https://c03.apogee.net; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://code.cdn.mozilla.net https://code.ionicframework.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.googleapis.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://use.typekit.net https://p.typekit.net https://www.gstatic.com https://svc.webspellchecker.net https://cdn.questline.com https://unpkg.com; img-src 'self' data: https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://syndication.twitter.com https://cdn.app.cfigroup.com/ https://images.applicant-tracking.com https://*.gstatic.com https://cdn.questline.com https://www.touchstoneenergy.com https://translate.googleapis.com https://translate.google.com https://cdn.gtranslate.net https://www.cooperative.com https://i.vimeocdn.com https://i.ytimg.com https://jelly.mdhv.io https://jelly-v6.mdhv.io https://h5p.org https://cdn.jsdelivr.net; media-src 'self' data:; frame-src 'self' https://*.smarthub.coop https://player.vimeo.com https://www.youtube.com https://outlook.office365.com https://ws-na.amazon-adsystem.com https://www.google.com https://express.adobe.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://www.youtube-nocookie.com https://hosted.where2getit.com https://*.upgrade.guide https://docs.google.com https://www.touchstoneenergy.com https://weatherwidget.io https://www.powr.io https://online.fliphtml5.com https://c03.apogee.net https://e.issuu.com https://issuu.com https://podcasters.spotify.com; frame-ancestors 'self' https://*.smarthub.coop; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://use.typekit.net https://acsbapp.com https://cdn.jsdelivr.net https://svc.webspellchecker.net https://cdnjs.cloudflare.com; connect-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com https://use.typekit.net https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bam.nr-data.net https://*.acsbapp.com https://acsbapp.com https://*.googleapis.com https://svc.webspellchecker.net https://www.powr.io; upgrade-insecure-requests 1
max-age=31536000 1
frame-ancestors 'self' https://*.etracker.com https://*.etracker.de https://*.zohopublic.eu; 1
https: blob: data: wss: 'unsafe-inline' 'unsafe-eval' 1
upgrade-insecure-requests;script-src 'self' 'wasm-unsafe-eval';connect-src 'self' blob: https://linfan.moe wss://linfan.moe https:;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self'; 1
child-src 'self' blob: https://www.bilibili.com https://tongji.baidu.com https://passport.jlc.com https://www.youtube.com https://player.bilibili.com; frame-ancestors 'self' https://tongji.baidu.com https://passport.jlc.com https://www.youtube.com https://player.bilibili.com https://www.bilibili.com 1
frame-ancestors 'self' app.bankid.no; 1
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob: https:; connect-src 'self' https://cdn.jsdelivr.net https://js.monitor.azure.com https://www.googletagmanager.com https://www.google-analytics.com https://kit.fontawesome.com https://blobsoccerbibleprod.blob.core.windows.net https://connect.facebook.net https://www.facebook.com https://www.instagram.com https://www.x.com https://www.twitter.com https://open.spotify.com https://w.soundcloud.com https://az416426.vo.msecnd.net wss://*.hotjar.com blob: data: https:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://geolocation.onetrust.com https://knowledgetags.yextpages.net https://visionsfcu.org https://www.visionsfcu.org *.docusign.net use.fontawesome.com siteimproveanalytics.com *.google-analytics.com seal.websecurity.norton.com *.siteimprove.com *.googleapis.com *.gstatic.com *.btstatic.com *.onelink-translations.com *.visionsfcu.org *.googleadservices.com snap.licdn.com *.facebook.net *.g.doubleclick.net *.mathtag.com *.googletagmanager.com *.adnxs.com web.baconpay.com *.fcc.gov https://geocoding.geo.census.gov/ *.w3.org *.google.com *.documatix.com origin.xtlo.net *.xtlo.net *.extole.io *.stickleyonsecurity.com *.votervoice.net referrerals.visionsfcu.org *.cloudsponge.com cloudsponge.com customer.jrni.com visionsfcu.jrni.com https://player.vimeo.com/video/ https://player.vimeo.com/api/player.js https://cds-sdkcfg.onlineaccess1.com www.youtube.com *.thebrighttag.com facebook.com *.facebook.com insight.adsrvr.org cdnjs.cloudflare.com visionsfcu.cudlautosmart.com *.infogram.com *.salemove.com *.glia.com https://*.fls.doubleclick.net https://www.youtube.com/ https://expert.visionsfcu.org/ https://ads.o142.com https://files.marcomcentral.app.pti.com https://cdn.jsdelivr.net https://unpkg.com https://polyfill-fastly.io https://esus-visionsfcu.onelink-translations.com; connect-src 'self' *.visionsfcu.org https://visionsfcu.org https://www.visionsfcu.org https://cdn.cookielaw.org https://geolocation.onetrust.com *.onetrust.com https://www.google-analytics.com *.googleapis.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net https://stats.g.doubleclick.net/ *.cloudsponge.com wss://*.salemove.com https://*.salemove.com *.kadince.com https://bam.nr-data.net https://bam-cell.nr-data.net https://*.xtlo.net https://thefontzone.com https://px.ads.linkedin.com/ cdn.cookielaw.org wt.dm00.com https://pagead2.googlesyndication.com/ data: https://www.googletagmanager.com; font-src 'self' *.cloudsponge.com use.fontawesome.com http://fonts.gstatic.com *.xtlo.net https://fonts.gstatic.com https://files.marcomcentral.app.pti.com data:; frame-src 'self' https://*.bloomfire.com https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://s.amazon-adsystem.com/ https://expert.visionsfcu.org/ https://customer.jrni.com/ https://*.visionsfcu.org *.docusign.net use.fontawesome.com siteimproveanalytics.com *.google-analytics.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ seal.websecurity.norton.com *.siteimprove.com *.googleapis.com *.gstatic.com *.btstatic.com *.onelink-translations.com *.visionsfcu.org *.googleadservices.com snap.licdn.com *.facebook.net *.g.doubleclick.net https://td.doubleclick.net *.mathtag.com *.googletagmanager.com *.adnxs.com web.baconpay.com *.fcc.gov https://geocoding.geo.census.gov/ *.w3.org *.google.com *.documatix.com origin.xtlo.net *.xtlo.net *.extole.io *.stickleyonsecurity.com *.votervoice.net referrerals.visionsfcu.org *.cloudsponge.com cloudsponge.com customer.jrni.com visionsfcu.jrni.com https://player.vimeo.com/video/ https://player.vimeo.com/api/player.js https://cds-sdkcfg.onlineaccess1.com www.youtube.com *.thebrighttag.com facebook.com *.facebook.com insight.adsrvr.org cdnjs.cloudflare.com visionsfcu.cudlautosmart.com *.infogram.com *.salemove.com https://www.youtube.com/ https://www.youtube-nocookie.com https://ads.o142.com; img-src * data:; object-src 'self' https://*.bloomfire.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://origin.extole.io https://referrals.visionsfcu.org https://*.xtlo.net *.googletagmanager.com *.google-analytics.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com/ https://www.googleadservices.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com https://wt.dm00.com/ https://siteimproveanalytics.com cdn.cookielaw.org *.onetrust.com *.simpli.fi blob: cds-sdkcfg.onlineaccess1.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.votervoice.net maps.googleapis.com; frame-ancestors 'self' https://visionsfcu.org https://digital.visionsfcu.org http://dev-01.q2developer.com; report-uri https://visionsfcu.org/report-uri/enforce 1
default-src 'self' http://www.cmbwinglungbank.com http://cmf https://www.cmbwinglungbank.com http://ac.cmbwinglungbank.com https://ac.cmbwinglungbank.com https://www.cmbwinglungsec.com http://www.cmbwinglungsec.com http://www.winglungbank.com https://www.winglungbank.com http://ac.winglungbank.com https://ac.winglungbank.com https://www.winglungsec.com https://www.winglungfutures.com http://www.winglungsec.com http://www.winglungfutures.com fc10.etwealth.com http://cmblive.hlslive.zh.cmbchina.com https://demo02.etwealth.com http://demo02.etwealth.com https://m2.cmbwinglungbank.com *.cmbchina.com https://cms.aqumon.com https://push.cmbwinglungbank.com;style-src 'self' 'unsafe-inline';img-src 'self' data:;font-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://api.map.baidu.com; frame-ancestors 'self' fc10.etwealth.com http://cmblive.hlslive.zh.cmbchina.com https://hkwallet.moneydata.hk *.winglungbank.com *.cmbwinglungbank.com *.cmbwinglungsec.com *.winglungsec.com *.cmbchina.com https://cms.aqumon.com; 1
frame-ancestors 'self' *.quicksight.aws.amazon.com outlook.office365.com outlook.office.com; frame-src 'self' a15928870500.cdn.optimizely.com d168ry9k9aor0i.cloudfront.net *.stripe.com *.sagepay.com *.bws.birst.com *.facebook.com *.pendo.io *.quicksight.aws.amazon.com; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://wtbng.pricespider.com https://wtbstream.pricespider.com https://embeddedcloud.pricespider.com https://omni.pricespider.com https://locate.pricespider.com https://wtbevents.pricespider.com https://cdn.pricespider.com https://api.ipify.org https://c.lytics.io https://cdn.segment.com https://z.moatads.com *.cloudfront.net *.agkn.org api.tiles.mapbox.com pghub.io *.cookielaw.org *.onetrust.com *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://cdn.pricespider.com https://c.lytics.io api.tiles.mapbox.com fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' assets.ctfassets.net videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org https://cdn.pricespider.com https://wwwassets.pricespider.com https://embeddedcloud.pricespider.com https://c.lytics.io https://www.google.com https://www.google.hr i.ytimg.com images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' https://pandg.tapad.com www.youtube.com https://www.youtube-nocookie.com feed.pghub.io *.adsrvr.org *.doubleclick.net *.jebbit.com consumersupport.pg.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com pandg.tapad.com ; manifest-src * ; 1
frame-ancestors 'self' uptimerobot.com; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors pacleasetrialorg--simplus.sandbox.my.site.com paccar-na--sit.sandbox.my.site.com paccar-na.my.site.com kenworth.com 1
base-uri 'self'; default-src 'self'; script-src 'nonce-kGQeTDqVbHmhIJgnMYWDXg=='  'unsafe-eval' 'strict-dynamic'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob:; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src 'none'; 1
frame-ancestors www.homecredit.cz www.homecredit.sk *.ci360.sas.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.homecredit.cz www.homecredit.sk www.youtube.com *.doubleclick.net cdn.siteone.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.homecredit.cz www.homecredit.sk execution-360.homecredit.cz www.googleadservices.com *.googleadservices.com www.googletagmanager.com cdn.cookielaw.org *.bing.com www.youtube.com *.seznam.cz *.smartlook.com *.googleadservices.com *.googleadservices.net *.doubleclick.net *.facebook.net cdn.siteone.io pagead2.googlesyndication.com delivery-360.homecredit.cz; connect-src 'self' execution-360.homecredit.cz *.onetrust.com cdn.cookielaw.org sentry.siteone.cz *.google-analytics.com *.bing.com *.smartlook.cloud *.facebook.net *.googlesyndication.com *.siteone.io delivery-360.homecredit.cz; img-src 'self' data: www.homecredit.cz www.homecredit.sk content-360.homecredit.cz *.siteone.io *.siteone.cz cdn.cookielaw.org *.bing.com *.seznam.cz *.googlesyndication.com www.google.com www.google.cz www.facebook.com googleads.g.doubleclick.net  *.ytimg.com; 1
report-uri https://forum-5.americanexpress.com/_/report/security/csp-violation; block-all-mixed-content; default-src 'nonce-ab05bf2bdfde6d6b6a41c50987720028' 'self' *.aexp.com *.americanexpress.com wss://*.americanexpress.com *.aexp-static.com stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net events.bouncex.net; script-src 'nonce-ab05bf2bdfde6d6b6a41c50987720028' 'nonce-0d9a2d55-6408-4b6e-b677-3f926df76d8c' 'self' *.aexp.com *.americanexpress.com *.aexp-static.com c.evidon.com assets.adobedtm.com nexus.ensighten.com aexp.demdex.net *.bounceexchange.com analytics.newscred.com www.youtube.com s.ytimg.com *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn; img-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com data: c.evidon.com m.exactag.com/ai.aspx events.bouncex.net pixel.newscred.com jadserve.postrelease.com p.adsymptotic.com dc.ads.linkedin.com px.ads.linkedin.com px4.ads.linkedin.com www.linkedin.com/px/ www.facebook.com aax-eu.amazon-adsystem.com s.amazon-adsystem.com alb.reddit.com sp.analytics.yahoo.com analytics.twitter.com t.co ad4.adfarm1.adition.com ad2.adfarm1.adition.com imagesrv.adition.com *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn adservice.google.com ad.doubleclick.net googleads.g.doubleclick.net ping.pdst.fm amex.sv.rkdms.com pixel.quantserve.com img.youtube.com; style-src 'unsafe-inline' *.aexp.com *.aexp-static.com *.americanexpress.com *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn; connect-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com c.evidon.com l.evidon.com optoutapi.evidon.com aexp.demdex.net dpm.demdex.net stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net wss://*.liveperson.net; manifest-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com; worker-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com; frame-ancestors none; frame-src aexp.demdex.net www.youtube.com *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn; media-src 'self' blob: https: *.aexp.com *.americanexpress.com 1
default-src 'self'; img-src 'self' wss://*.caas4prd.worldline-solutions.com *.bing.com *.seadform.net *.caas4prd.worldline-solutions.com bit.ly *.blob.core.windows.net callexcellcdn.blob.core.windows.net *.googletagmanager.com *.tiktok.com *.googletagmanager *.doubleclick.net *.facebook.com www.googleadservices.com *.googleadservices.com *.googleadservices.net *.google.be *.google.fr *.google.it *.google.es *.google.si *.google.sk *.google.cz *.google.lt *.google.lv *.google.ee *.google.tr *.google.gr *.google.co.uk *.google.hr *.google.hu *.google.nl *.google.pl *.google.ch *.google.de *.google.lu *.google.at *.google.co.in *.google.bg *.google.am *.google.com *.g.doubleclick.net *.vimeocdn.com *.vimeo.com dpm.demdex.net dev.day.com cm.everesttech.net worldline.sc.omtrdc.net worldlinesa.tt.omtrdc.net cdn.cookielaw.org www.gstatic.com *.linkedin.com *.adsymptotic.com *.scene7.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' wss://*.caas4prd.worldline-solutions.com *.caas4prd.worldline-solutions.com *.zdassets.com *.blob.core.windows.net *.callexcellcdn.blob.core.windows.net *.hs-banner.com *.hscollectedforms.net *.hsadspixel.net *.hs-analytics.net *.hs-scripts.com *.salesfeed.com *.zendesk.com cdnjs.cloudflare.com https://google.com *.doubleclick.net *.facebook.com *.g.doubleclick.net track.adform.net *.facebook.net assets.adobedtm.com cdn.cookielaw.org snap.licdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.cloudflare.com cdn.jsdelivr.net www.youtube.com ssl.p.jwpcdn.com assets-jpcust.jwpsrv.com *.cloudflare.com cdn.cookielaw.org files.cdn.leadfamly.com *.ytimg.com *.youtube.com *.jwpsrv.com *.jwpcdn.com *.hs-banner.com *.hscollectedforms.net *.hsadspixel.net *.hs-analytics.net *.hs-scripts.com *.salesfeed.com *.doubleclick.net *.pardot.com *.hotjar.io *.hotjar.com *.gstatic.com *.google.com *.worldline.com ajax.googleapis.com maps.googleapis.com maxcdn.bootstrapcdn.com *.scene7.com; style-src 'self' 'unsafe-inline' *.worldline.com wss://*.caas4prd.worldline-solutions.com *.beanstream.com *.caas4prd.worldline-solutions.com *.worldline-solutions.com *.blob.core.windows.net *.fontawesome.com *.lytics.io https://google.com *.fontawesome.com fonts.google.com optimize.google.com play.google.com *.cloudflare.com ssl.p.jwpcdn.com *.googleapis.com *.caas4noprd.worldline-solutions.com *.cloudflare.com *.jwpcdn.com worldline.com maxcdn.bootstrapcdn.com *.scene7.com; connect-src 'self' 'unsafe-inline' wss://*.caas4prd.worldline-solutions.com *.friendlycaptcha.com *.mktoresp.com *.caas4prd.worldline-solutions.com callexcellcdn.blob.core.windows.net *.linkedin.com worldlinesa.tt.omtrdc.net *.zendesk.com wss://*.zopim.com *.hubspot.com *.hubapi.com *.zdassets.com *.cognigy.ai wss://*.cognigy.ai *.zendesk.com https://google.com *.tiktok.com *.googlesyndication.com *.doubleclick.net *.facebook.com www.googleadservices.com *.googleadservices.net *.googleadservices.com *.google.com *.google.be *.google.fr *.google.it *.google.es *.google.si *.google.sk *.google.cz *.google.lt *.google.lv *.google.ee *.google.tr *.google.gr *.google.co.uk *.google.hr *.google.hu *.google.nl *.google.pl *.google.ch *.google.de *.google.lu *.google.at *.google.co.in *.google.bg *.google.am *.g.doubleclick.net six.enterprisebot.co *.fontawesome *.hotjar.io *.spotify.com *.apple.com wss://*.caas4noprd.worldline-solutions.com *.worldline-solutions.com *.scene7.com worldlinesa.demdex.net dpm.demdex.net cdn.cookielaw.org privacyportal-eu.onetrust.com *.tt.omtrdc.net *.omtrdc.net wss://*.hotjar.com wss://ws4.hotjar.com geolocation.onetrust.com maps.googleapis.com *.blob.core.windows.net optanon.blob.core.windows.net cookies-data.onetrust.io vc.hotjar.io maps.googleapis.com ws21.hotjar.com *.doubleclick.net *.hotjar.com cdn.linkedin.oribi.io; base-uri 'self'; frame-src 'self' 'unsafe-inline' *.adform.net *.mktoresp.com *.beanstream.com *.zendesk.com *.zdassets.com www.actito.be *.doubleclick.net *.g.doubleclick.net *.spotify.com *.apple.com anchor.fm *.typeform.com *.doubleclick.net business.ingenico.com form.typeform.com files.cdn.leadfamly.com worldline.leadfamly.com *.brighttalk.com *.youtube.com *.hotjar.com *.worldline.com *.equensworldline.com *.google.com worldlinesa.demdex.net https://recaptcha.google.com/recaptcha/; object-src 'none'; font-src *; script-src-elem 'unsafe-inline' *; media-src 'self' data: blob: *.zdassets.com *.scene7.com; worker-src blob:; child-src blob:; frame-ancestors 'self' https://frontend-v2.ocularium.be; 1
default-src https: wss: data: 'self' 'unsafe-eval' 'unsafe-inline' blob: www.chorki.com https://appcmsprod.viewlift.com/;font-src https: data: 'self' code.ionicframework.com;img-src https: data: blob: ;media-src https: blob: ;worker-src https: blob:; 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' source-expression; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: youtube.com www.youtube.com; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
frame-ancestors 'self' https://my.accessportals.com https://my2.accessportals.com  ;     default-src 'self' mailto: tel: data: blob: *.accessportals.com https://optanon.blob.core.windows.net         https://productionmn.blob.core.windows.net         https://cdn.cookielaw.org https://geolocation.onetrust.com         https://www.google-analytics.com https://www.googletagmanager.com         https://fonts.googleapis.com https://fonts.gstatic.com         https://production.plaid.com https://cdn.plaid.com https://analytics.plaid.com         https://www.eaccountservices.com         https://privacyportal.onetrust.com/ https://privacyportal-cdn.onetrust.com/         https://cdn.appdynamics.com https://pdx-col.eum-appdynamics.com;     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.accessportals.com         https://cdn.cookielaw.org https://geolocation.onetrust.com         https://privacyportal.onetrust.com/ https://privacyportal-cdn.onetrust.com/         https://www.google-analytics.com https://www.googletagmanager.com         https://optanon.blob.core.windows.net https://production.plaid.com         https://cdn.plaid.com https://analytics.plaid.com https://cdn.appdynamics.com;     style-src 'self' 'unsafe-inline' https://*.accessportals.com https://optanon.blob.core.windows.net         https://privacyportal.onetrust.com/ https://privacyportal-cdn.onetrust.com/ https://fonts.googleapis.com;     img-src 'self' data: https:; 1
frame-src *.gmscolor.com startspectro: startscale: *.userzoom.com *.walkme.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fastly.boarshead.com *.typekit.net ajax.googleapis.com *.addthis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.bugherd.com *.facebook.net *.facebook.com www.google-analytics.com *.chartbeat.com *.pinterest.com *.youtube.com *.serving-sys.com *.ytimg.com a248.e.akamai.net dnn506yrbagrg.cloudfront.net *.addthisedge.com *.twitter.com *.newrelic.com cdn.ampproject.org *.google.com *.nr-data.net hosted.where2stageit.com *.omnivirt.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://edge.marker.io https://marker.io *.pinimg.com *.chicoryapp.com chicoryapp.com *.quantserve.com *.quantcount.com *.cookielaw.org *.onetrust.com *.blob.core.windows.net *.moatads.com cdnjs.cloudflare.com https://cdn.tiny.cloud *.ensighten.com *.adsrvr.org *.pdst.fm *.spotify.com *.spotifycdn.com https://analytics.tiktok.com *.addtoany.com *.gstatic.com; font-src 'self' data: *.typekit.net *.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://marker.io https://edge.marker.io *.onetrust.com https://fastly.boarshead.com; style-src 'self' 'unsafe-inline' https://fastly.boarshead.com tagmanager.google.com fonts.googleapis.com *.myfonts.net *.onetrust.com *.typography.com https://cdn.tiny.cloud *.typekit.net *.googletagmanager.com; img-src 'self' blob: data: https://fastly.boarshead.com *.typekit.net www.google-analytics.com *.facebook.com *.chartbeat.net *.ytimg.com img.youtube.com *.adsrvr.org *.pinterest.com *.doubleclick.net *.gstatic.com *.google.com loadm.exelator.com ib.adnxs.com odr.mookie1.com tags.rd.linksynergy.com image2.pubmatic.com i.liadm.com io.narrative.io dmp.truoptik.com e.nexac.com match.sharethrough.com pixel.advertising.com pixel.tapad.com ads.scorecardresearch.com x.bidswitch.net adadvisor.net t.mookie1.com *.boarshead.com boarshead.com load77.exelator.com *.cdninstagram.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://media.marker.io https://marker.io https://edge.marker.io *.mathtag.com *.quantserve.com *.cookielaw.org *.twitter.com https://sp.tinymce.com/ *.docker.localhost/ https://www.googletagmanager.com; connect-src 'self' performance.typekit.net *.facebook.com *.addthis.com www.googletagmanager.com *.boarshead.com *.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://api.marker.io https://ssr.marker.io https://*.pinterest.com chicoryapp.com *.chicoryapp.com *.cookielaw.org *.blob.core.windows.net *.onetrust.com *.doubleclick.net *.nr-data.net *.cloudfunctions.net https://adservice.google.com https://www.google.com *.sentry.io https://analytics.tiktok.com; frame-src 'self' *.youtube.com *.addthis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.google.com locations.boarshead.com *.omnivirt.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://marker.io/ *.chicoryapp.com chicoryapp.com https://app.marker.io https://ct.pinterest.com https://*.adsrvr.org https://*.spotify.com; child-src https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://marker.io; media-src 'self' *.vimeo.com download-video.akamaized.net gcs-vimeo.akamaized.net *.vimeocdn.com *.omnivirt.com *.youtube.com vod-progressive.akamaized.net https://media.marker.io https://marker.io https://marker.io https://edge.marker.io; form-action *; report-uri https://boarshead.endpoint.csper.io; 1
default-src 'self' 'unsafe-inline' https://vimeo.com https://cdn.plyr.io/3.5.10/plyr.svg https://noembed.com https://consentcdn.cookiebot.com https://px.ads.linkedin.com https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://imgsct.cookiebot.com http://www.w3.org; script-src 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://www.youtube.com https://player.vimeo.com https://f.vimeocdn.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fast.fonts.net https://cdn.jsdelivr.net; font-src 'self' https://fast.fonts.net; frame-src 'self' https://consentcdn.cookiebot.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com; img-src 'self' data: http://www.w3.org https://imgsct.cookiebot.com https://px.ads.linkedin.com https://i.ytimg.com https://i.vimeocdn.com https://www.google-analytics.com; object-src 'self' 1
frame-ancestors 'self' https://images.puppyfinder.com https://members.puppyfinder.com; 1
default-src 'self' https://*.vica.gov.sg va.ecitizen.gov.sg ifaqs.flexanswer.com www.google-analytics.com s3-us-west-2.amazonaws.com https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://*.wogaa.sg https://*.demdex.net/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/@govtechsg/sgds-masthead/dist/sgds-masthead/sgds-masthead.css https://*.vica.gov.sg va.ecitizen.gov.sg https://assets.wogaa.sg/fonts/; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://cdn.jsdelivr.net/npm/@govtechsg/sgds-masthead/dist/sgds-masthead/ https://*.vica.gov.sg va.ecitizen.gov.sg ifaqs.flexanswer.com www.adobetag.com www.google-analytics.com/analytics.js https://*.wogaa.sg https://assets.adobedtm.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; object-src 'self'; img-src 'self' data: https://bucket-common.vica.gov.sg/unified_webchat_image_feedback.png https://*.vica.gov.sg https://evvomedia.pc.cdn.bitgravity.com/ https://evvomedia.pc-s.cdn.bitgravity.com/ https://jwpltx.com https://dpm.demdex.net/ va.ecitizen.gov.sg www.google-analytics.com https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/; frame-src 'self' https://v2.evvochannel.tv/ wogaa.demdex.net fast.wogaa.demdex.net dpm.demdex.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; connect-src 'self' https://evvomedia.pc-s.cdn.bitgravity.com/ va.ecitizen.gov.sg https://*.wogaa.sg https://dpm.demdex.net/ https://www.google-analytics.com www.google-analytics.com ws: https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com https://*.vica.gov.sg wss://chat.vica.gov.sg; font-src 'self' data: https://assets.wogaa.sg/fonts/ s3-us-west-2.amazonaws.com va.ecitizen.gov.sg; frame-ancestors 'none'; 1
frame-ancestors 'self' https://app.truffle.vip https://www.youtube.com 1
Header set Content-Security-Policy "default-src 'self' https://www.google.com/ads/ https://s7.addthis.com/ https://api-public.addthis.com/ https://www.youtube-nocookie.com/ https://jnn-pa.googleapis.com/ https://play.google.com/ https://stats.g.doubleclick.net/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://use.fontawesome.com/ https://www.youtube-nocookie.com/; img-src 'self' https://jbs.i-maxpr.com/ data: https://www.google-analytics.com/ https://www.facebook.com/ https://www.google.com.br/ https://i.ytimg.com/ https://yt3.ggpht.com/; connect-src 'self' https://cdn.cookielaw.org/ https://s7.addthis.com/ https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data:application/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://use.fontawesome.com/; connect-src 'self' https://cdn.cookielaw.org/ https://s7.addthis.com/; media-src 'self' https://s7.addthis.com/; object-src 'self'; child-src 'self'; frame-src 'self' https://www.youtube.com; worker-src 'self'; form-action 'self'; base-uri 'self'; frame-ancestors 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rec.smartlook.com https://www.google-analytics.com https://cdn.cookielaw.org/ https://fonts.googleapis.com/ https://s7.addthis.com/ https://www.googletagmanager.com/ https://z.moatads.com/ https://www.google-analytics.com/ https://v1.addthisedge.com/ https://m.addthis.com/ https://www.youtube-nocookie.com/ https://www.google.com/ https://www.gstatic.com/ https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://rec.smartlook.com/recorder.js https://s7.addthis.com/js/300/addthis_widget.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js;" 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' http: https: data: blob: 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://cdn-apac.onetrust.com https://static.hotjar.com https://script.hotjar.com https://maps.googleapis.com ; 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-src 'self' *; img-src 'self' data: *; style-src 'self' 'unsafe-inline' *;base-uri 'self' *;form-action 'self' *; font-src * data:; 1
default-src 'self'; script-src 'self' 'nonce-b2cf702e-af29-4617-852c-a4a1c5385e56'; object-src 'self'; style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.gstatic.com 1
default-src 'self' https://www.google-analytics.com https://www.googletagmanager.com 'nonce-v3kau38zbagv2vpm' https://*.mta.info https://*.mylirr.org https://*.mapbox.com https://*.sentry.io data: blob:; style-src 'self' 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://*.pharmacyregulation.org http://www.reciteme.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.unpkg.com uat-assets.pharmacyregulation.org https://*.googletagmanager.com https://*.google-analytics.com https://cc.cdn.civiccomputing.com https://svc.webspellchecker.net js-agent.newrelic.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com/@popperjs/core@2.11.6/dist/umd/popper.js https://unpkg.com/tippy.js@6.3.7/dist/tippy.umd.js https://www.googletagmanager.com https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js https://cdn.jsdelivr.net/gh/RobinHerbots/Inputmask@5.0.8/dist/jquery.inputmask.min.js https://api.reciteme.com/asset/js https://cdn.jsdelivr.net/npm/toastify-js https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/mode/yaml/yaml.js https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/codemirror.js https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/addon/display/placeholder.js https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/addon/runmode/runmode.js https://cdn.jsdelivr.net/gh/cferdinandi/tabby@12.0.3/dist/js/tabby.min.js https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/js/select2.min.js https://*.facebook.com https://*.facebook.net https://www.pagespeed-mod.com/v1/taas https://*.google-analytics.com; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' data: https://*.pharmacyregulation.org http://*.reciteme.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.unpkg.com uat-assets.pharmacyregulation.org https://*.googletagmanager.com https://*.google-analytics.com https://cc.cdn.civiccomputing.com https://svc.webspellchecker.net js-agent.newrelic.com https://*.googleapis.com http://maxcdn.bootstrapcdn.com https://unpkg.com/tippy.js@6.3.7/dist/tippy.css; img-src 'self' data: *.s3.eu-west-2.amazonaws.com https://*.pharmacyregulation.org https://cdn.jsdelivr.net http://www.reciteme.com https://api.reciteme.com https://www.youtube.com https://*.google-analytics.com https://*.googletagmanager.com d3mhed0dfgjnch.cloudfront.net https://fonts.gstatic.com; media-src  'self' data: *.s3.eu-west-2.amazonaws.com http://www.reciteme.com https://www.youtube.com; form-action  'self'; frame-src  'self' https://www.youtube.com https://www.googletagmanager.com https://www.facebook.com; frame-ancestors  'self'; child-src  'self'; font-src 'self' data: https://*.pharmacyregulation.org https://maps.googleapis.com maxcdn.bootstrapcdn.com https://maps.gstatic.com http://www.reciteme.com https://api.reciteme.com https://svc.webspellchecker.net https://fonts.gstatic.com; connect-src  'self' http://www.reciteme.com https://stats.reciteme.com https://api.reciteme.com https://*.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://cc.cdn.civiccomputing.com https://apikeys.civiccomputing.com https://svc.webspellchecker.net https://bam.eu01.nr-data.net https://clapi.civiccomputing.com https://o15468.ingest.sentry.io/api/4505318583435264/envelope/; base-uri self; report-uri /report-csp-violation 1
default-src 'none'; style-src https://cdn.stitchfiddle.com 'unsafe-inline' https://fonts.googleapis.com/; font-src https://cdn.stitchfiddle.com data: https://fonts.googleapis.com/ https://fonts.gstatic.com/ data:; img-src https://www.stitchfiddle.com https://cdn.stitchfiddle.com data: blob:; script-src www.stitchfiddle.com 'nonce-0Z4jg82SRZHLf1Ir' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; worker-src www.stitchfiddle.com; child-src www.stitchfiddle.com; connect-src https://www.stitchfiddle.com; frame-src www.stitchfiddle.com https://www.google.com/recaptcha/; object-src www.stitchfiddle.com; base-uri 'none';  report-uri https://www.stitchfiddle.com/ajax/log/csp; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src https:; style-src * 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 1
default-src 'self' *.google.com https://twitter.com *.twitter.com *.twimg.com *.youtube.com *.facebook.com *.redditmedia.com *.reddit.com *.embedly.com *.embed.ly *.vimeo.com *.instagram.com *.soundcloud.com https://gfycat.com *.dailymotion.com https://coub.com *.deviantart.com *.twitch.tv; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com https://mtgjson.com *.google.com *.google-analytics.com *.googletagmanager.com *.twitter.com *.twimg.com *.redditmedia.com *.embedly.com *.embed.ly *.instagram.com *.facebook.com *.facebook.net *.ttvnw.net *.twitch.tv *.krxd.net *.quantserve.com; style-src 'self' 'unsafe-inline' *.google.com https://fonts.google.com *.googleapis.com *.twitter.com *.embedly.com *.embed.ly; img-src * data:; connect-src 'self' *.reddit.com; font-src 'self' https://fonts.gstatic.com https://fonts.google.com *.googleapis.com; object-src 'none'; media-src 'self'; form-action 'self' *.twitter.com *.google.com *.vk.com *.facebook.com *.yandex.ru; frame-ancestors 'self'; 1
default-src 'self'; img-src 'self' https://quickchart.io https://files.catbox.moe; media-src 'self' https://files.catbox.moe; style-src 'self' 'unsafe-inline'; script-src https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; frame-src https://www.google.com; 1
frame-ancestors 'self' *.everwisecu.com *.zagclients.net 1
upgrade-insecure-requests; block-all-mixed-content; default-src 'self'; connect-src 'self' www.google-analytics.com consentcdn.cookiebot.com *.wistia.com *.sharethis.com wss://localhost:* *.b2clogin.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.fontawesome.com data: *.wistia.com; object-src 'none'; img-src 'self' * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' consentcdn.cookiebot.com ajax.googleapis.com ajax.aspnetcdn.com consent.cookiebot.com www.recaptcha.net www.googletagmanager.com *.wistia.com code.jquery.com www.google-analytics.com www.gstatic.com *.wistia.net *.sharethis.com 'report-sample'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.fontawesome.com; media-src 'self' blob: assets.maxlinear.com; frame-ancestors 'self' *.maxlinear.com; base-uri 'self'; frame-src 'self' consentcdn.cookiebot.com www.recaptcha.net *.wistia.net *.wistia.com www.google.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.dimora.jp https://*.dimora.jp http://*.google-analytics.com/ https://*.google-analytics.com https://*.google.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://b91.yahoo.co.jp https://linkmaker.itunes.apple.com https://tools.applemediaservices.com https://apple-resources.s3.amazonaws.com https://play.google.com https://*.mul-pay.jp https://fonts.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.google.co.jp https://1b3bng8fp1.execute-api.ap-northeast-1.amazonaws.com; img-src 'self' data: https://*.google-analytics.com/ https://*.twitter.com https://stats.g.doubleclick.net https://linkmaker.itunes.apple.com https://tools.applemediaservices.com https://apple-resources.s3.amazonaws.com https://play.google.com https://b91.yahoo.co.jp; 1
style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://tagmanager.google.com/debug/css.css https://p.typekit.net/p.css https://www.southerncross.co.nz https://mc-fec8b19f-c7fd-4e56-8bfe-1850-cdn-endpoint.azureedge.net;base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://easyclaim.southerncross.co.nz https://my.southerncross.co.nz https://advisers.southerncross.co.nz https://providers.southerncross.co.nz https://workscheme.southerncross.co.nz https://identity.southerncross.co.nz https://join.southerncross.co.nz; block-all-mixed-content; 1
default-src * https://thinkcreatedo.com; script-src * 'unsafe-inline' 'unsafe-eval' https://thinkcreatedo.com blob:; style-src * 'unsafe-inline' https://thinkcreatedo.com; img-src * data: https://thinkcreatedo.com; font-src * data: https://thinkcreatedo.com; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://pay.paymentiq.io/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com www.google.com www.gstatic.com www.googletagmanager.com www.youtube.com www.tagassistant.google.com www.google-analytics.com *.mypurecloud.ie siteimproveanalytics.com apps.mypurecloud.com static.ads-twitter.com connect.facebook.net snap.licdn.com rawgit.com code.jquery.com seairetrofitpbiembeddedprd.azurewebsites.net public.tableau.com static.hotjar.com script.hotjar.com wurfl.io *.cognitoforms.com www.cognitoforms.com/f/seamless.js static.cognitoforms.com cdn.jsdelivr.net code.highcharts.com cdnjs.cloudflare.com *.texthelp.com *.browsealoud.com; frame-ancestors 'self' https://www.seai.ie https://uat.seai.ie https://seaidev.prod.acquia-sites.com https://seaistage.prod.acquia-sites.com https://seaiprod.prod.acquia-sites.com; 1
frame-ancestors 'none'; default-src 'self' *.zendesk.com assets.digitalclimatestrike.net *.digitalclimatestrike.net *.vimeo.com *.youtube.com *.instagram.com *.parcelpoint.com.au *.staging.parcelpoint.com.au *.googleapis.com *.gstatic.com *.cdninstagram.com *.zopim.com wss://widget-mediator.zopim.com www.facebook.com *.zdassets.com data:; script-src 'self' *.zendesk.com *.instagram.com *.googleapis.com *.gstatic.com *.googletagmanager.com connect.facebook.net *.licdn.com *.cdninstagram.com *.zopim.com wss://widget-mediator.zopim.com *.zdassets.com *.parcelpoint.com.au *.staging.parcelpoint.com.au *.digitalclimatestrike.net px.ads.linkedin.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.zendesk.com *.instagram.com *.parcelpoint.com.au *.staging.parcelpoint.com.au *.googleapis.com *.gstatic.com *.cdninstagram.com *.zopim.com wss://widget-mediator.zopim.com *.zdassets.com *.digitalclimatestrike.net 'unsafe-inline' data: 1
object-src 'none'; script-src 'self' 'unsafe-inline' addtocalendar.com https://api.mapbox.com https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com https://www.tintup.com unpkg.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://apps.elfsight.com https://static.elfsight.com https://www.youtube.com https://storage.elfsight.com https://apis.google.com https://www.googletagmanager.com https://universe-static.elfsightcdn.com addtocalendar.com https://api.mapbox.com https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com https://www.tintup.com unpkg.com; style-src 'self' 'unsafe-inline' https://p.typekit.net addtocalendar.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.typekit.net unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://idrc-crdi.ca/en/report-uri/enforce 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-ivv8he1w12bRjq4E5HqFPQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.youtube.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.com *.googletagmanager.com *.doubleclick.net *.rmmportal.com *.rmmconsole.com *.rmmdashboard.com *.opti-tune.com *.optitune.us s3.us-west-000.backblazeb2.com blob: *.mapbox.com 1
img-src 'self' data: *.insurance188.com brace.video.qq.com *.ebay.com *.salesforce.com *.ebay.cn myun-hw-s3.myun.tv *.myun.tv static.mudu.tv www.google-analytics.com *.salesforce.com *.force.com btrace.video.qq.com vm.gtimg.cn vpic.video.qq.com *.force.com rcgi.video.qq.com isdspeed.qq.com; 1
default-src https: 'self' 'unsafe-eval' 'unsafe-inline' https://*.onetrust.com/ https://*.cookielaw.org/ https://cdn.linkedin.oribi.io https://secure.scan6show.com/ https://secure.diet3dart.com/ https://*.addtoany.com  https://*.ads-twitter.com https://*.adsymptotic.com  https://*.advancedcustomfields.com https://*.akamaihd.net https://*.altmetric.com https://*.baidu.com https://*.bizographics.com https://*.bootstrapcdn.com https://*.buzzsprout.com https://*.canva.com https://*.cloudflare.com https://*.cloudflareinsights.com https://*.cloudfront.net https://*.cnzz.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.fontawesome.com https://*.formstack.com https://*.fullstory.com https://*.github.io https://*.google-analytics.com https://*.google.be https://*.google.co.uk https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googleoptimize.com https://*.googletagmanager.com  https://*.googleusercontent.com https://*.gravatar.com https://*.gravityforms.com  https://*.gravityforms.local https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.imagify.io https://*.jquery.com https://*.jsdelivr.net https://*.licdn.com https://*.linkedin.com https://*.netdna-ssl.com https://*.newrelic.com https://*.pardot.com https://*.paypalobjects.com https://*.ravenjs.com https://*.sharethis.com https://*.soundcloud.com  https://*.tablepress.org https://*.tandf.co.uk https://*.tandfonline.com  https://*.taylorandfrancis.com https://*.thinglink.com https://*.twimg.com https://*.twitter.com https://*.typekit.net https://*.vimeo.com https://*.w.org https://*.wistia.com https://*.wp.com https://*.wpengine.co.uk https://*.wpengine.com https://*.wpengineapi.com https://*.wpmudev.org https://*.yoast.com https://*.youku.com https://*.youtube.com https://*.yumpu.com https://abc123-wpengine.netdna-ssl.com https://bam.eu01.nr-data.net https://cnzz.mmstat.com https://i.ytimg.com https://imagify.io https://placehold.it https://t.co https://tandfapi.co.uk https://web-player.art19.com https://wpengine.com https://wpmudev.com https://yoast.com; font-src https: 'self' data: ; img-src * 'self' data: blob: ; worker-src https: 'self' blob: ; 1
frame-ancestors www.helixstudios.com www.spankthishookups.com www.spankthis.com 1
frame-ancestors 'self' *.arcgis.com *.nve.no; 1
frame-ancestors 'self' bildungsportal.sachsen.de; 1
script-src 'unsafe-eval' 'unsafe-inline' https://cardholderbenefitsonline.com cdnjs.cloudflare.com cdn.ckeditor.com *.google-analytics.com *.googletagmanager.com/ *.visammg.com; frame-src https://cardholderbenefitsonline.com/ *.visammg.com 1
connect-src 'self' data: accounts.google.com https://bl.listrakbi.com https://analytics.google.com/g/collect https://www.paypal.com/ https://stats.g.doubleclick.net/j/collect https://art-to-frames.pxf.io https://apay-us.amazon.com  https://www.arttoframe.com https://ajax.googleapis.com https://popup.wisepops.com https://s3.amazonaws.com https://s.yimg.com https://in.hotjar.com https://t.mplxtms.com https://ct.pinterest.com https://vc.hotjar.io https://www.googleapis.com https://firebasestorage.googleapis.com https://www.google-analytics.com https://secure-cdn.mplxtms.com wss://ws7.hotjar.com/api/v1/client/ws https://payments-sandbox.amazon.com https://apay-us.amazon.com/cs/uedata https://stats.g.doubleclick.net wss://ws4.hotjar.com https://www.paypal.com/sdk/js https://www.paypalobjects.com/upstream/assets/messaging/modal/ramp-experiment-ssr.json https://www.paypal.com/xoplatform/logger/api/logger https://www.paypal.com/credit-presentment/log https://www.sandbox.paypal.com/xoplatform/logger/api/logger https://www.sandbox.paypal.com/credit-presentment/log https://www.hotjar.com https://sucuri.net https://sucuri.com https://securetoken.googleapis.com https://console.firebase.google.com/ https://www.facebook.com/tr/ https://www.facebook.com https://*.firebaseio.com https://www.firebase.com https://cdn.firebase.com https://waf.sucuri.net/ wss://arttoframes-5c941.firebaseio.com/.ws wss://s-usc1c-nss-248.firebaseio.com/.ws https://arttoframe.go2cloud.org https://fonts.googleapis.com https://fonts.gstatic.com https://utt.impactcdn.com https://www.ojrq.net https://logs-01.loggly.com https://bat.bing.com/actionp https://maps.googleapis.com https://*.google-analytics.com https://payments.amazon.com https://payments.amazon.com/merchantAccount https://www.google-analytics.com/j/collect https://art-to-frames.pxf.io/ https://analytics.tiktok.com https://*.analytics.google.com https://*.googletagmanager.com  https://payments.sandbox.braintree-api.com/graphql https://api.sandbox.braintreegateway.com/merchants https://logs.convertexperiments.com/log https://origin-analytics-sand.sandbox.braintree-api.com/ https://10041527.metrics.convertexperiments.com https://payments.braintree-api.com/graphql https://api.braintreegateway.com/merchants https://client-analytics.braintreegateway.com https://*.clarity.ms/collect https://*.snapchat.com/ https://*.googlesyndication.com https://content.hotjar.io wss://ws.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.firebaseio.com wss://s-usc1b-nss-2133.firebaseio.com https://api.retention.com https://*.retention.com https://cdnjs.cloudflare.com https://*.listrak.com https://s.pinimg.com/;script-src 'self'  'nonce-MNKUza6xAs179QnJuUi8LA==' https://*.googletagmanager.com https://script.hotjar.com https://sc-static.net/ https://www.paypal.com https://chimpstatic.com https://www.paypalobjects.com/ https://connect.facebook.net/en_US/fbevents.js https://www.google-analytics.com https://ssl.google-analytics.com https://*.clarity.ms/collect https://www.google.co.in https://bat.bing.com https://*.google.co.in; script-src-elem 'nonce-MNKUza6xAs179QnJuUi8LA==' 'self'  https://www.paypal.com/tagmanager/pptm.js https://script.hotjar.com  https://bat.bing.com/p/action/4069255.js https://script.hotjar.com/modules.6fa394eeadbec946a34a.js https://*.clarity.ms https://www.paypalobjects.com/muse/muse.js https://connect.facebook.net https://ssl.google-analytics.com https://intljs.rmtag.com/114877.ct.js https://d1igp3oop3iho5.cloudfront.net https://analytics.tiktok.com https://utt.impactcdn.com https://cdn.listrakbi.com/scripts/script.js https://dev.visualwebsiteoptimizer.com https://ut.rd.linksynergy.com https://*.listrakbi.com/ https://www.googlecommerce.com/trustedstores/api/js https://www.google.com https://apis.google.com/js/api.js https://www.googletagmanager.com/gtm.js https://script.hotjar.com/modules.710fa773759992ae5199.js https://script.hotjar.com/modules.4aa8d748500a28f64f6e.js https://analytics.tiktok.com https://play.google.com/log https://apis.google.com https://googleads.g.doubleclick.net https://tr.snapchat.com https://*.snapchat.com https://static.addtoany.com https://www.googleadservices.com https://code.jquery.com https://www.paypalobjects.com/api/checkout.min.js https://static-na.payments-amazon.com/v2/login.js https://cdnjs.cloudflare.com https://*.firebaseio.com wss://s-usc1b-nss-2133.firebaseio.com https://*.gstatic.com https://ajax.googleapis.com/ajax/libs/dojo/1.9.1/dojo/dojo.js https://*.listrak.com https://s.pinimg.com/ https://s3-us-west-2.amazonaws.com/ https://ct.pinterest.com https://cdn.jsdelivr.net/npm/bootstrap@5.3.1/dist/js/bootstrap.bundle.min.js 'sha256-oZu8Xog49u/EO1SNHmdyVwX0QMPAOgKlWl+CJpa1Q2g=' 'sha256-BmFlTockZ3KWrXeIoJa8obWKM8KS3OBo6Z/6SnXjCoI=' 'sha256-dzHVd8XfpfOOm/gt7a5RF0yd3U09RmjuqdHlHWzhPWY=' 'sha256-Xu9Qne3PenOWsOtsVVSgaJkix9LWAKe6IhuV+Nr7hRs=' 'sha256-DBJk4uzYpowCwYgIXMqiYHl6MhDFpPd8JqzVk3rmaeg=' 'sha256-ZqOfblcRr1058a3n4el+Wb2KWIBFit/qqITX8qfAuQ8=' 'sha256-Yjvnrb2UGjaVPuP1nGf+IwlE8pAnhe5XB3Mj0TEunHc=' 'sha256-KyHKeGl+rzMPreSbrpE1XFoYLUn37DKDFX5xsqHhhSo=' 'sha256-Pv2ASG8xBDmr0G9EqvoLNiSIUwAC5y6kHQkvc8YJsew=' 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' 'sha256-BmFlTockZ3KWrXeIoJa8obWKM8KS3OBo6Z/6SnXjCoI=' 'sha256-dzHVd8XfpfOOm/gt7a5RF0yd3U09RmjuqdHlHWzhPWY=' 'sha256-tBsLFpGbnCUGj7AajeVbeAVEG4o5pIppOxgsBwhDYEg=' 'sha256-ycb63UfIqnM8QbnvviRjmP524XG7anBQXIUufuKx+pg=' 'sha256-Ka39uj4Q4cJaOl+KsdMW58FfdUezaJaOBCHhsDmlcJg=' 'sha256-DOd/iZ7zncVc3zqJCDlyPbCgb0c1G+JDmMj2bbCBhIg=' 'sha256-fXWBsNXcg0sIyUY9jkKdqrowSqgixcEMvuATY9Freb4=' 'sha256-5y27efbOi+bZhe+lhdnlGJtBYR80JRgtxJOVzSAOyJY=' 'sha256-5y27efbOi+bZhe+lhdnlGJtBYR80JRgtxJOVzSAOyJY=' 'sha256-0PIVEAfqlfRPEKHdmkiKja6syanZzu+jvovvHM7qE1M=' 'sha256-fhNbpCL03C8kzCyNOSRZFHOe0F0FVAXfNgmAMSxentc=' 'sha256-gTrZuuv2IOQMsb/CDSCuv2tAwl7QYWupgSgX41djDh0=' 'sha256-TTzuy9a3cgO0kwK7Y6/omk8F9SLVN7pWpxXMNZbx1/Y=' 'sha256-cWB6LeQeTPFHH9QCg8VrP0sPJfqqdgDupHwitbxysNo=' 'sha256-Rh5r8kIWlfIHzIMhOy2iFQYWO0IPO/m5zbqyLFo1VSE='; 1
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://bam.nr-data.net https://maps.googleapis.com https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com data:; frame-src 'self'; img-src 'self' https://*.wlrk.com *.wlrk.com https://wlrk.com https://*.googletagmanager.com https://*.google-analytics.com https://maps.googleapis.com https://*.gstatic.com https://secure.gravatar.com blob: data:; object-src; script-src 'self' https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://maps.googleapis.com https://bam.nr-data.net https://js-agent.newrelic.com 'unsafe-inline'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'none'; frame-src 'unsafe-inline' 'unsafe-eval' data: *; font-src 'self' https://*.googleapis.com https://fonts.gstatic.com https://portal-fl.smbsecurecloud.net http://*.livehelpnow.net; style-src 'unsafe-inline' 'self' https://*.googleapis.com https://portal-fl.smbsecurecloud.net http://rtm.carrierzone.com http://rte.carrierzone.com http://rte.megawebservers.com https://assets.braintreegateway.com https://rte.megawebservers.eu http://*.livehelpnow.net; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://www.paypalobjects.com https://www.paypal.com https://portal-fl.smbsecurecloud.net http://rtm-to.smbsecurecloud.net https://oss.maxcdn.com http://js.braintreegateway.com https://*.qualtrics.com http://rtm.carrierzone.com http://rte.carrierzone.com http://rte.megawebservers.com https://rte.megawebservers.eu https://cdn.cookielaw.org https://*.googleapis.com https://cdn.appdynamics.com http://*.livehelpnow.net https://c.paypal.com; connect-src 'self' https://www.paypal.com https://www.paypalobjects.com https://*.googleapis.com https://www.google-analytics.com https://portal-fl.smbsecurecloud.net https://siteintercept.qualtrics.com http://rtm-to.smbsecurecloud.net http://rtm.carrierzone.com http://rte.carrierzone.com http://rte.megawebservers.com https://*.braintreegateway.com https://origin-analytics-sand.sandbox.braintree-api.com https://rte.megawebservers.eu https://*.braintree-api.com https://cdn.cookielaw.org https://*.g.doubleclick.net https://pdx-col.eum-appdynamics.com http://*.livehelpnow.net wss://app.livehelpnow.net https://c.paypal.com; img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://google-analytics.g.doubleclick.net https://www.paypal.com https://www.paypalobjects.com https://portal-fl.smbsecurecloud.net http://remotedesktops.websiteos.com http://rtm.carrierzone.com http://rte.carrierzone.com http://rte.megawebservers.com https://portal.mktgsuite.deluxe.com https://*.qualtrics.com https://rte.megawebservers.eu https://cdn.cookielaw.org http://*.livehelpnow.net https://c.paypal.com https://c6.paypal.com https://b.stats.paypal.com 1
default-src 'none'; script-src 'self' https://www.facebook.com/ https://bat.bing.com/ https://connect.facebook.net https://extreme-ip-lookup.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.google-analytics.com https://snap.licdn.com/ https://cdn.leadinfo.net/ https://conversation24.com/ https://app.conversation24.com https://assets.calendly.com/ https://dev05.cobrowser.io/sdk/wa_button_loader.js https://dev05.cobrowser.io/sdk/dist/plugins/js/wa_button.1674645124782.js https://dev17.cobrowser.io/sdk/loader.js https://dev17.cobrowser.io/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://app.conversation24.com/ https://conversation24.com/ https://conversation24.de/ https://conversation24.fr/ https://conversation24.es/ https://conversation24.nl/ https://dev05.cobrowser.io/sdk/dist/plugins/styles/wa_button.1674645124782.css https://dev17.cobrowser.io/ 'sha256-+aLPRy1XVSz3J4TB/q2GPhf14Z2bpiro19WK4oQJeKg=' 'sha256-0MC35p+eS0qvYUz6lHA9LnfYiLiKhfTOglWIPjH5D8w=' 'sha256-L5DLWp2f/RbEn4+58sBv8v0AoWr/Jg5gF4/EEwtZtdY=' 'sha256-mSJIAeFnfqW/UWDO6UhZjEKXhhUtWUjOztT2lQiSADw=' 'sha256-ArOAFpVzuBU52wB0c4fOm7cuyzDB99J9GCn7NKnVqDE=' 'sha256-0EZqoz+oBhx7gF4nvY2bSqoGyy4zLjNF+SDQXGp/ZrY=' 'sha256-5/uu3/QMWiAr/Uk2RgWRMr2U82Rkn004WlaazXlovWc=' 'sha256-NE3gBSsVG0IdyINKOXv7oHDjOD1hoJpOCZQDS8LzvUc=' 'sha256-bi4kO7E36RGgl61YkoTf4e7SSnesiZE6/sKSg4iImoM=' 'sha256-qWwxsTFcdIcN78qmlVvZfPMlQLLiEk7put1pv87RdRQ=' 'sha256-HX/B75MwKRbIl4TQKl7JLqOmDPeEoBWsb0uN0hWRBzU=' 'sha256-Lu0LehYNBw1yJpdpBf902Ya9ewUuTp/nWDhb96TB9zY=' 'unsafe-inline'; img-src data: 'self' https://www.facebook.com/ https://bat.bing.com/ https://app.conversation24.com/ https://px.ads.linkedin.com/ https://www.google-analytics.com/ https://www.google.de/ https://www.google.nl/ https://www.google.com/ https://www.google.co.uk/ https://www.google.fr/ https://www.google.es/ https://www.googletagmanager.com/ https://conversation24.com/ https://c24-production-public-files-20210824142345471300000001.s3.eu-central-1.amazonaws.com/ https://c24-production-app-avatar-logos-20211026212813624000000001.s3.eu-central-1.amazonaws.com/ https://googleads.g.doubleclick.net/ https://dev17.cobrowser.io/ https://c24-testing-public-files.s3.eu-central-1.amazonaws.com https://scontent-frx5-1.xx.fbcdn.net *.fbcdn.net *.cdn.whatsapp.net ; font-src data: 'self' https://fonts.gstatic.com/ https://app.conversation24.com/ https://assets.calendly.com/ https://dev05.cobrowser.io/sdk/dist/plugins/fonts/wa-icon-font.woff2 https://dev05.cobrowser.io/sdk/dist/plugins/fonts/wa-icon-font.woff https://dev17.cobrowser.io/ ; media-src 'self' https://app.conversation24.com/ https://dev17.cobrowser.io/ ; connect-src 'self' https://www.google-analytics.com/ https://analytics.google.com/ https://stats.g.doubleclick.net/ https://collector.leadinfo.net/ https://api.leadinfo.com/ https://app.conversation24.com/ https://extreme-ip-lookup.com/ https://dev17.cobrowser.io/ https://px.ads.linkedin.com/ wss://app.conversation24.com/ wss://dev17.cobrowser.io/ ; frame-src https://www.facebook.com/ https://www.google.com/ https://conversation24.com/ https://conversation24.de/ https://conversation24.fr/ https://conversation24.es/ https://conversation24.nl/ https://www.youtube.com/ https://calendly.com/ https://dev17.cobrowser.io/ https://td.doubleclick.net/ ; 1
default-src 'none';base-uri 'self';form-action 'self' https://crm.pawfinity.com;media-src 'self' https://d2fxuh9ok6cv3f.cloudfront.net;connect-src 'self' https://www.google-analytics.com;script-src 'nonce-MTYyNDIwMjAwMTU0NjcyMA' 'strict-dynamic' 'self' https://d2fxuh9ok6cv3f.cloudfront.net https://www.google-analytics.com;style-src 'self' 'unsafe-inline' https://d2fxuh9ok6cv3f.cloudfront.net ;img-src 'self' data: https://d2fxuh9ok6cv3f.cloudfront.net;font-src 'self' https://d2fxuh9ok6cv3f.cloudfront.net;object-src 'none';manifest-src 'self' https://d2fxuh9ok6cv3f.cloudfront.net https://www.pawfinity.com;frame-ancestors 'self' https://*.pawfinity.com;frame-src 'self' https://*.pawfinity.com https://www.youtube.com https://www.google.com https://calendly.com; 1
frame-ancestors 'self' www.stoke.gov.uk fostering.stoke.gov.uk shapestokesfuture.co.uk commercial.stoke.gov.uk activestoke.co.uk stokeontrenttogether.org.uk teamstoke.com team.stoke.gov.uk beta.stoke.gov.uk localoffer.stoke.gov.uk sendiass-stoke.co.uk recruitment.stoke.gov.uk fortiorhomes.co.uk stanleyhead.org.uk familyhub.stoke.gov.uk sendcohub.stoke.gov.uk sot100.org.uk; 1
default-src 'self' https://*.clarity.ms https://c.bing.com https://www.google.com/ 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com *.googletagmanager.com https://www.gstatic.com/ https://www.google.com/ *.google.co.nz https://js.adsrvr.org https://ws3.hotjar.com/ https://api.connectme.gen3ventures.com/ https://vc.hotjar.io/ https://connect.facebook.net/ https://script.hotjar.com/ https://www.google-analytics.com/ https://www.vbt.io/ https://static.hotjar.com/ https://www.googleadservices.com/ https://www.googleoptimize.com/ https://js.hs-scripts.com/ https://js.hs-banner.com https://js.hs-analytics.net/ https://maps.googleapis.com/ https://connect.facebook.net/en_US/fbevents.js https://js.hsforms.net/forms/v2.js https://maps.googleapis.com/maps-api-v3/api/js/49/10/common.js https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js https://r1-t.trackedlink.net/_dmpt.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://trackit.ktxlytics.io/ktxevents.v1.js https://www.googletagmanager.com/gtag/js *.bing.com https://vxml4.plavxml.com https://*.clarity.ms https://*.connectme.gen3ventures.com https://insight.adsrvr.org https://snap.licdn.com/ https://dx.mountain.com/ https://px.mountain.com/ https://www.youtube.com/ https://drive.google.com/ https://*.google.com/ https://gs.mountain.com/ https://static.zdassets.com/ https://widget.reviewability.com/ https://cdn.raygun.io/ *.elfsight.com https://showcase.shareasale.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://kendo.cdn.telerik.com https://pro.fontawesome.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://*.connectme.gen3ventures.com https://insight.adsrvr.org https://www.google.com/ https://widget.reviewability.com/ https://showcase.shareasale.com; font-src 'self' data: https://pro.fontawesome.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; img-src 'self' data: *.allied.com https://www.linkedin.com/ https://img.icons8.com/ https://c2.ktxlytics.io/ https://www.google.com/ *.google.co.nz *.googletagmanager.com https://www.facebook.com/ https://track.hubspot.com/ https://googleads.g.doubleclick.net/ https://p.adsymptotic.com/ https://www.google-analytics.com/ https://px.ads.linkedin.com/ https://maps.googleapis.com/ https://sirvaeastus2tstsa2.blob.core.windows.net https://avlnavlblob.blob.core.windows.net https://corporate.allied.com https://ib.adnxs.com https://maps.gstatic.com *.bing.com https://*.g.doubleclick.net https://vxml4.plavxml.com https://*.clarity.ms https://*.fls.doubleclick.net https://*.netdna-ssl.com https://*.connectme.gen3ventures.com https://insight.adsrvr.org https://forms-na1.hsforms.com/ https://forms.hsforms.com/ https://widget.reviewability.com/ *.googleusercontent.com https://www.boxengine.com https://showcase.shareasale.com; media-src 'self'; frame-src 'self' https://js.stripe.com https://hooks.stripe.com https://www.google.com/ *.google.co.nz match.adsrvr.org https://www.youtube.com/ https://www.facebook.com/ https://vars.hotjar.com/ https://*.fls.doubleclick.net https://insight.adsrvr.org https://www.google.com https://forms.hsforms.com; connect-src * data: blob: filesystem: https://api.stripe.com https://maps.googleapis.com; object-src 'none' report-uri https://62e02773e7a4e344fdd76f60.endpoint.csper.io/?v=1; 1
frame-ancestors 'none';; upgrade-insecure-requests 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://jsd-widget.atlassian.com https://cdn.matomo.cloud https://boards-api.greenhouse.io;connect-src 'self' https://jsd-widget.atlassian.com https://api-private.atlassian.com https://icp0.io https://*.icp0.io https://internetcomputer.matomo.cloud https://cdn.matomo.cloud https://boards-api.greenhouse.io https://api.github.com;img-src 'self' data: https://images.ctfassets.net https://i.ytimg.com;style-src * 'unsafe-inline';style-src-elem * 'unsafe-inline';font-src * data:;object-src 'none';base-uri 'self' https://jsd-widget.atlassian.com;frame-ancestors 'none';form-action 'self' https://dfinity.us16.list-manage.com https://internetcomputer.org;upgrade-insecure-requests;frame-src https://bugcrowd.com https://www.youtube.com; 1
upgrade-insecure-requests; default-src 'self'; connect-src 'self' *.linkedin.com *.google.com *.cloudfront.net analytics.videomyjob.com *.googlesyndication.com *.websitecarbon.com *.onetrust.com *.userway.org https://cdn.linkedin.oribi.io https://api.websitecarbon.com *.cookielaw.org https://stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com ; font-src 'self' data: *.userway.org https://fonts.gstatic.com; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudfront.net https://static.cloudflareinsights.com *.websitecarbon.com *.userway.org https://googleads.g.doubleclick.net https://snap.licdn.com https://connect.facebook.net https://static.ads-twitter.com https://app.bowencraggs.com *.cookielaw.org https://unpkg.com *.addevent.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google.com https://www.gstatic.com  ; style-src 'self' 'unsafe-inline' *.userway.org *.haleon.com https://cloud.typography.com https://fonts.googleapis.com; img-src 'self' *.googlesyndication.com data: *.doubleclick.net *.linkedin.com *.userway.org https://a-cf65.ch-static.com https://*.cdninstagram.com https://i.ytimg.com https://analytics.twitter.com https://www.facebook.com https://t.co https://px.ads.linkedin.com https://cdn.cookielaw.org *.addevent.com https://maps.googleapis.com https://maps.gstatic.com https://www.google.com https://www.google.co.uk https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com; child-src 'self' https://www.google.com ; frame-src 'self' https://*.soundcloud.com *.cloudfront.net *.doubleclick.net https://www.googletagmanager.com/ *.investis.com https://www.connectidfeed.com *.userway.org https://www.linkedin.com https://www.facebook.com https://player.vimeo.com *.eurolandir.com *.euroland.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com 1
base-uri 'self'; object-src 'none'; script-src 'self' 'report-sample'    'nonce-e1a85c4eee' 'nonce-daca87dff0' 'nonce-e4db0a1e44' 'nonce-1eb2c4e3ed' 'nonce-e41a8a7cae' 'nonce-225a84779b' 'nonce-e4db0a1e44' 'nonce-e4db0a1e44' 'nonce-4aa579268d' 'nonce-03d626924d' 'nonce-e1a85c4eee' 'nonce-3a6522dc67' 'nonce-179443b8a8' 'nonce-58f5de0836' 'nonce-54fd6ed9fe' 'nonce-b99fac5656' 'nonce-b257409b9f' 'nonce-7a1484fc99' 'nonce-3e304b6ddb' 'nonce-250f897216' 'nonce-2d91218c0d' 'nonce-2e668cbeea' 'nonce-01e1300530' 'nonce-c194675c61' 'nonce-ab87bd62dd' 'nonce-68225e4d03' 'nonce-0259b8ff02' 'nonce-771a5b4c25' 'nonce-022c1e98de' 'nonce-cc77362502' 'nonce-ad713d4960' 'nonce-03d626924d' 'nonce-03d626924d' 'nonce-936b301bfd' 'nonce-9a4e376e06' 'nonce-2d727249b5' 'nonce-c3d4bca845' 'nonce-a898ee7c97' 'nonce-13c1aa96b4' 'nonce-13c1aa96b4' 'nonce-13c1aa96b4'     https://www.googletagmanager.com/ https://tracker.metricool.com/app/resources/be.js https://t3078dff3.emailsys1a.net/form/ https://cdnjs.cloudflare.com/ajax/libs/punycode/ https://cdn02.jotfor.ms/static/ https://cdn03.jotfor.ms/static/ https://form.jotformeu.com/jsform/ https://jobs.jobvite.com https://cdn.jsdelivr.net/npm/@splidejs/ https://connect.facebook.net/en_US/; form-action 'self'      ; frame-ancestors 'self'; report-uri https://64bdae064f8049a8e8accbc0.endpoint.csper.io/?v=11; 1
font-src *.fontawesome.com *.schott-music.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com sibforms.com *.brevo.com *.gstatic.com 'self' data: https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.schott-music.com apiuat.test.intelligent-payments.com turnkeyuat.test.myriadpayments.com apiuat.test.myriadpayments.com apiuat.test.boipapaymentgateway.com api.intelligent-payments.com turnkey.intelligent-payments.com api.myriadpayments.com turnkey.myriadpayments.com api.boipapaymentgateway.com apiuat.test.evopaymentgateway.com api.evopaymentgateway.com *.myriadpayments.com *.evopayments.eu *.intelligent-payments.com *.hotjar.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com *.schott-music.com *.usercentrics.eu *.google.com *.gstatic.com *.spotifycdn.com *.spotify.com e.issuu.com issuu.com apiuat.test.intelligent-payments.com turnkeyuat.test.myriadpayments.com apiuat.test.myriadpayments.com apiuat.test.boipapaymentgateway.com api.intelligent-payments.com turnkey.intelligent-payments.com api.myriadpayments.com turnkey.myriadpayments.com api.boipapaymentgateway.com apiuat.test.evopaymentgateway.com api.evopaymentgateway.com *.myriadpayments.com *.evopayments.eu *.intelligent-payments.com googleads.g.doubleclick.net *.googletagmanager.com *.hotjar.com sibforms.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com https://www.magezon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com *.schott-music.com blob: *.usercentrics.eu schott-staging.s3.eu-central-1.amazonaws.com schott-production.s3.eu-central-1.amazonaws.com *.googleapis.com *.gstatic.com *.google.de www.magecomp.com integrations.etrusted.com *.isu.pub *.newsletter2go.com *.trustedshops.com *.googletagmanager.com apiuat.test.intelligent-payments.com turnkeyuat.test.myriadpayments.com apiuat.test.myriadpayments.com apiuat.test.boipapaymentgateway.com api.intelligent-payments.com turnkey.intelligent-payments.com api.myriadpayments.com turnkey.myriadpayments.com api.boipapaymentgateway.com apiuat.test.evopaymentgateway.com api.evopaymentgateway.com *.myriadpayments.com *.evopayments.eu *.intelligent-payments.com *.hotjar.com 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.youtube.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com *.schott-music.com *.googletagmanager.com *.google-analytics.com *.usercentrics.eu *.gstatic.com *.googleapis.com cdnjs.cloudflare.com ipinfo.io *.isu.pub *.newsletter2go.com *.spotifycdn.com *.trustedshops.com *.youtube-nocookie.com *.spotify.com apiuat.test.intelligent-payments.com turnkeyuat.test.myriadpayments.com apiuat.test.myriadpayments.com apiuat.test.boipapaymentgateway.com api.intelligent-payments.com turnkey.intelligent-payments.com api.myriadpayments.com turnkey.myriadpayments.com api.boipapaymentgateway.com apiuat.test.evopaymentgateway.com api.evopaymentgateway.com *.myriadpayments.com *.evopayments.eu *.intelligent-payments.com *.hotjar.com sibforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com *.fontawesome.com *.schott-music.com fonts.googleapis.com fonts.gstatic.com integrations.etrusted.com *.isu.pub *.spotifycdn.com *.youtube-nocookie.com *.spotify.com apiuat.test.intelligent-payments.com turnkeyuat.test.myriadpayments.com apiuat.test.myriadpayments.com apiuat.test.boipapaymentgateway.com api.intelligent-payments.com turnkey.intelligent-payments.com api.myriadpayments.com turnkey.myriadpayments.com api.boipapaymentgateway.com apiuat.test.evopaymentgateway.com api.evopaymentgateway.com *.myriadpayments.com *.evopayments.eu *.intelligent-payments.com *.hotjar.com sibforms.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src *.schott-music.com 'self' 'unsafe-inline'; media-src *.adobe.com *.schott-music.com schott-production.s3.eu-central-1.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.schott-music.com *.google-analytics.com *.usercentrics.eu *.doubleclick.net *.googleapis.com *.newsletter2go.com *.google.com apiuat.test.intelligent-payments.com turnkeyuat.test.myriadpayments.com apiuat.test.myriadpayments.com apiuat.test.boipapaymentgateway.com api.intelligent-payments.com turnkey.intelligent-payments.com api.myriadpayments.com turnkey.myriadpayments.com api.boipapaymentgateway.com apiuat.test.evopaymentgateway.com api.evopaymentgateway.com *.myriadpayments.com *.evopayments.eu *.intelligent-payments.com static-eu.payments-amazon.com *.hotjar.com sibforms.com *.sibforms.com t.elasticsuite.io *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.schott-music.com/de/csp/report/; report-to report-endpoint; 1
default-src *;img-src 'self';font-src 'self' https://fonts.gstatic.com;style-src 'self' https://fonts.googleapis.com 'unsafe-inline';script-src 'strict-dynamic' 'nonce-TwCCVzi+oZx0/+pvFf4fgSTGeOE=' https: 'unsafe-inline';frame-src https://www.google.com/recaptcha/;base-uri 'none';object-src 'none';report-to main-endpoint; 1
frame-ancestors map.mchs.gov.by mchs.gov.by 1
default-src 'self' mailto: https://www.google.com/recaptcha/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://e.infogram.com/js/dist/embed-loader-min.js https://dyv6f9ner1ir9.cloudfront.net/assets/js/nloader.js https://widget.surveymonkey.com https://e.infogram.com/js/dist/embed.js https://code.jquery.com/ https://iframely.shorthand.com https://embed.shorthand.com https://gowling-wlg.shorthandstories.com https://*.clarity.ms https://platform-api.sharethis.com https://buttons-config.sharethis.com https://count-server.sharethis.com https://edge.addthis.com/ https://optimize.google.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com http://localhost:50029 https://z.moatads.com/addthismoatframe568911941483/moatframe.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://maps.googleapis.com https://ajax.googleapis.com http://ajax.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com stats.g.doubleclick.net https://angular-ui.github.io https://sjs.bizographics.com https://snap.licdn.com https://px.ads.linkedin.com https://siteimproveanalytics.com/ https://policy.cookiereports.com/ https://connect.facebook.net https://*.twitter.com https://www.googleadservices.com/pagead/conversion_async.js https://v1.addthisedge.com https://v1.addthis.com https://extend.vimeocdn.com https://googleads.g.doubleclick.net https://cdn.syndication.twimg.com https://*.youtube.com https://s.ytimg.com https://c.bing.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.typekit.net/ https://gowling-wlg.shorthandstories.com https://optimize.google.com https://fonts.googleapis.com https://tagmanager.google.com https://cdnjs.cloudflare.com https://*.twitter.com; img-src 'self' https://brandconnect.gowlingwlg.com https://platform-cdn.sharethis.com https://prod.smassets.net https://gowlingprodblobstorage.blob.core.windows.net https://harpn.s3-eu-west-2.amazonaws.com/gowlingwlg/ https://*.shorthand.com https://gowling-wlg.shorthandstories.com/ https://www.googletagmanager.com https://gowlingwlg.com *.google.com https://www.google.co.uk http://*.twimg.com https://*.twimg.com https://www.google.ca/ https://*.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://maps.gstatic.com https://csi.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://us2.siteimprove.com stats.g.doubleclick.net https://loupedin.blog data: https://*.twitter.com https://www.facebook.com https://px.ads.linkedin.com https://61281065.global.siteimproveanalytics.io https://p.adsymptotic.com https://stats.g.doubleclick.net https://www.linkedin.com https://i.ytimg.com; font-src 'self' https://*.typekit.net https://gowling-wlg.shorthandstories.com https://fonts.gstatic.com https://cdnjs.cloudflare.com data:; connect-src 'self' https://views.unsplash.com https://cdn.linkedin.oribi.io/ https://*.shorthand.com https://*.clarity.ms https://gowling-wlg.shorthandstories.com http://localhost:50029 https://l.sharethis.com https://datasphere-sbsvc.sharethis.com https://*.addthis.com https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net; report-uri /WebResource.axd?cspReport=true https://m.addthis.com; frame-src 'self' https://gowling-wlg.shorthandstories.com https://www.facebook.com https://gowlingwlg884.outgrow.us/ https://www.surveymonkey.com https://e.infogram.com/ https://iframely.shorthand.com/ https://marketing.uk.gowlingwlg.com/ https://*.spotify.com https://*.libsyn.com https://mozbar.moz.com/ https://edge.addthis.com/ https://optimize.google.com s7.addthis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.media-server.com https://*.slideshare.net https://*.vuturevx.com https://*.gowlingwlg.com https://cdn.yoshki.com/ https://w.soundcloud.com/ https://html5-player.libsyn.com https://player.vimeo.com https://*.twitter.com https://twitter.com https://www.google.com; media-src 'self' https://*.gowlingwlg.com http://*.libsyn.com https://gowling-wlg.shorthandstories.com 1
default-src 'self' https://*.fs1.hubspotusercontent-na1.net https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hsadspixel.net https://*.hs-analytics.net https://js.hscta.net https://*.hubspot.com https://static.hsappstatic.net https://*.usemessages.com https://*.hs-banner.com https://*.hubspot.net https://*.venngo.com https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hubspotfeedback.com https://feedback.hubapi.com; connect-src *; img-src *; frame-src *; style-src * 'unsafe-inline'; object-src 'none';; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.patee.ru https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com; 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: blob: data: blob; 1
default-src 'self' auriga.com *.google.com *.google.ru *.gstatic.com *.googleapis.com *.youtube-nocookie.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' auriga.com *.google.com *.google.ru *.gstatic.com *.googleapis.com *.pingdom.net *.hotjar.com *.hotjar.io snap.licdn.com *.snitcher.com *.googleadservices.com *.googletagmanager.com tag.manager.google.com *.google-analytics.com *.vk.com https://vk.com *.facebook.net *.facebook.com stats.g.doubleclick.net googleads.g.doubleclick.net *.youtube-nocookie.com *.yastatic.net https://yastatic.net *.yandex.net; script-src-elem 'self' *.zoominfo.com *.yandex.ru *.yandex.com *.clickagy.com 'unsafe-inline' auriga.com *.google.com *.google.ru https://www.google.com *.gstatic.com *.googleapis.com *.pingdom.net *.hotjar.com *.hotjar.io snap.licdn.com *.snitcher.com *.googleadservices.com *.googletagmanager.com tag.manager.google.com *.google-analytics.com *.vk.com https://vk.com *.linkedin.com *.facebook.net *.facebook.com googleads.g.doubleclick.net stats.g.doubleclick.net *.youtube-nocookie.com *.yastatic.net https://yastatic.net *.yandex.net; style-src 'self' 'unsafe-inline' auriga.com *.google.com *.google.ru *.gstatic.com *.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com; img-src 'self' data: *; media-src 'self' auriga.com *.google.com *.google.ru *.youtube.com; frame-src 'self' auriga.com *.youtube.com *.yandex.ru *.hotjar.com *.facebook.com *.webvisor.com https://www.facebook.com *.google.com *.gstatic.com *.youtube-nocookie.com cvonline.lt www.cvonline.lt; font-src 'self' data: auriga.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com; connect-src 'self' auriga.com *.snitcher.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.pingdom.net *.google-analytics.com *.googletagmanager.com tag.manager.google.com stats.g.doubleclick.net *.facebook.com *.facebook.net *.yandex.ru *.yandex.com *.yastatic.net *.yandex.net; 1
script-src-elem 'self' 'nonce-jfzHSHv5_CWYFh-LfIq-5AsBfZmO13HwNjxJ0EBDguMZYkNwCDXpQw' https://bauen.osnabrueck.de https://bildet.osnabrueck.de https://demokratisch.osnabrueck.de https://digital.osnabrueck.de https://entwickelt.osnabrueck.de https://erleben.osnabrueck.de https://familienbuendnis.osnabrueck.de https://friedensstadt.osnabrueck.de https://informiert.osnabrueck.de https://mobil.osnabrueck.de https://nachhaltig.osnabrueck.de https://staerkt.osnabrueck.de https://www.osnabrueck.de https://piwik.osnabrueck.de https://static.b-ite.com/jobs-api/ https://cs-assets.b-ite.com/stadt-osnabrueck/jobs-api/ https://www.google.com/recaptcha/api.js 'report-sample'; img-src 'self' data: https://bauen.osnabrueck.de https://bildet.osnabrueck.de https://demokratisch.osnabrueck.de https://digital.osnabrueck.de https://entwickelt.osnabrueck.de https://erleben.osnabrueck.de https://familienbuendnis.osnabrueck.de https://friedensstadt.osnabrueck.de https://informiert.osnabrueck.de https://mobil.osnabrueck.de https://nachhaltig.osnabrueck.de https://staerkt.osnabrueck.de https://www.osnabrueck.de https://img.ecmaps.de/remote/.jpg https://www.lagerhalle-osnabrueck.de/content/wp-content/uploads/ https://*.tile.openstreetmap.de/tiles/ https://piwik.osnabrueck.de; frame-src 'self' https://bauen.osnabrueck.de https://bildet.osnabrueck.de https://demokratisch.osnabrueck.de https://digital.osnabrueck.de https://entwickelt.osnabrueck.de https://erleben.osnabrueck.de https://familienbuendnis.osnabrueck.de https://friedensstadt.osnabrueck.de https://informiert.osnabrueck.de https://mobil.osnabrueck.de https://nachhaltig.osnabrueck.de https://staerkt.osnabrueck.de https://www.osnabrueck.de https://start.video-stream-hosting.de https://*.youtube.com https://*.youtube-nocookie.com https://geo.osnabrueck.de https://www.kartevonmorgen.org/m/main https://www.google.com/recaptcha/; connect-src 'self' https://bauen.osnabrueck.de https://bildet.osnabrueck.de https://demokratisch.osnabrueck.de https://digital.osnabrueck.de https://entwickelt.osnabrueck.de https://erleben.osnabrueck.de https://familienbuendnis.osnabrueck.de https://friedensstadt.osnabrueck.de https://informiert.osnabrueck.de https://mobil.osnabrueck.de https://nachhaltig.osnabrueck.de https://staerkt.osnabrueck.de https://www.osnabrueck.de https://piwik.osnabrueck.de https://jobs.b-ite.com/adsapi/jobads; font-src 'self' data: https://bauen.osnabrueck.de https://bildet.osnabrueck.de https://demokratisch.osnabrueck.de https://digital.osnabrueck.de https://entwickelt.osnabrueck.de https://erleben.osnabrueck.de https://familienbuendnis.osnabrueck.de https://friedensstadt.osnabrueck.de https://informiert.osnabrueck.de https://mobil.osnabrueck.de https://nachhaltig.osnabrueck.de https://staerkt.osnabrueck.de https://www.osnabrueck.de; default-src 'self' https://bauen.osnabrueck.de https://bildet.osnabrueck.de https://demokratisch.osnabrueck.de https://digital.osnabrueck.de https://entwickelt.osnabrueck.de https://erleben.osnabrueck.de https://familienbuendnis.osnabrueck.de https://friedensstadt.osnabrueck.de https://informiert.osnabrueck.de https://mobil.osnabrueck.de https://nachhaltig.osnabrueck.de https://staerkt.osnabrueck.de https://www.osnabrueck.de; script-src 'self' 'nonce-jfzHSHv5_CWYFh-LfIq-5AsBfZmO13HwNjxJ0EBDguMZYkNwCDXpQw' 'unsafe-eval' https://bauen.osnabrueck.de https://bildet.osnabrueck.de https://demokratisch.osnabrueck.de https://digital.osnabrueck.de https://entwickelt.osnabrueck.de https://erleben.osnabrueck.de https://familienbuendnis.osnabrueck.de https://friedensstadt.osnabrueck.de https://informiert.osnabrueck.de https://mobil.osnabrueck.de https://nachhaltig.osnabrueck.de https://staerkt.osnabrueck.de https://www.osnabrueck.de https://piwik.osnabrueck.de https://static.conword.io 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; base-uri 'self'; form-action 'self' https://bauen.osnabrueck.de https://bildet.osnabrueck.de https://demokratisch.osnabrueck.de https://digital.osnabrueck.de https://entwickelt.osnabrueck.de https://erleben.osnabrueck.de https://familienbuendnis.osnabrueck.de https://friedensstadt.osnabrueck.de https://informiert.osnabrueck.de https://mobil.osnabrueck.de https://nachhaltig.osnabrueck.de https://staerkt.osnabrueck.de https://www.osnabrueck.de https://seu2.cleverreach.com/f/; media-src 'self' data: https://bauen.osnabrueck.de https://bildet.osnabrueck.de https://demokratisch.osnabrueck.de https://digital.osnabrueck.de https://entwickelt.osnabrueck.de https://erleben.osnabrueck.de https://familienbuendnis.osnabrueck.de https://friedensstadt.osnabrueck.de https://informiert.osnabrueck.de https://mobil.osnabrueck.de https://nachhaltig.osnabrueck.de https://staerkt.osnabrueck.de https://www.osnabrueck.de; object-src 'none'; style-src 'self' 'unsafe-inline' https://bauen.osnabrueck.de https://bildet.osnabrueck.de https://demokratisch.osnabrueck.de https://digital.osnabrueck.de https://entwickelt.osnabrueck.de https://erleben.osnabrueck.de https://familienbuendnis.osnabrueck.de https://friedensstadt.osnabrueck.de https://informiert.osnabrueck.de https://mobil.osnabrueck.de https://nachhaltig.osnabrueck.de https://staerkt.osnabrueck.de https://www.osnabrueck.de 'report-sample'; report-uri https://www.osnabrueck.de/de/@http-reporting?csp=report&requestTime=1721961646017300 1
frame-ancestors 'self' https://*.etracker.com www.myosram.com qa.myosram.com 1
script-src 'self' https://consentcdn.cookiebot.com https://consent.cookiebot.com https://otp.tools.investis.com/ *.readspeaker.com https://www.gstatic.com www.googletagmanager.com www.google.com https://ajax.googleapis.com https://irs.tools.investis.com https://gateway.zscloud.net https://securityscorecard.com 'sha256-GzosFwwIuI8oOHza/LmmGnT3JO3Rp5fSKrHCxIsDcfE=' 'sha256-8DLGhwYnf9e8xuX3qC8n5i4x6ly4IvoBK3bbMRjMNls=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-CvBctyHRSMAHbdjTIWG7gNxhWCpiWR0Nh7JQ4GysdEs=' 'sha256-ZtGMbidxGE8ow9KAxeDeOrURLx9/klWiQT8TRtYlFPk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-eRL2UhxNQgoqc2+2OTHzTl+yu1g77AbiPYGcSbgYDnA=' 'sha256-C1Pf+HGdqYhNbk3ZUU7RgB9MBCkeTN4hVu79+hBJdHA=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-EIuzrdjR0GVU8TPpX+5fZ7/50FRYo5gAn26M++5tzGw=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-HgqgJozO4Efcq1BJcpQXbqOLOsP8on5J0F/QwTlWGkQ=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; default-src 'self' blob:; img-src 'self' data: https://consentcdn.cookiebot.com https://consent.cookiebot.com www.google.pt www.google.com dashboard.umbraco.com *.readspeaker.com https://gateway.zscloud.net https://securityscorecard.com; font-src 'self' data: fonts.gstatic.com *.readspeaker.com www.googletagmanager.com https://gateway.zscloud.net; frame-src 'self' https://consentcdn.cookiebot.com https://consent.cookiebot.com https://otp.tools.investis.com *.readspeaker.com www.google.com  https://recaptcha.google.com https://irs.tools.investis.com youtube.com www.youtube.com https://gateway.zscloud.net https://securityscorecard.com; connect-src 'self' 'unsafe-inline' https://consentcdn.cookiebot.com https://consent.cookiebot.com https://otp.tools.investis.com https://irs.tools.investis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net www.google.com *.readspeaker.com https://gateway.zscloud.net https://securityscorecard.com; style-src 'self' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com *.readspeaker.com 'unsafe-inline' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://alive.bar; img-src 'self' https: data: blob: https://alive.bar; style-src 'self' https://alive.bar 'nonce-qcnVe4RfKExSqVrQ5iHeyQ=='; media-src 'self' https: data: https://alive.bar; frame-src 'self' https:; manifest-src 'self' https://alive.bar; form-action 'self'; child-src 'self' blob: https://alive.bar; worker-src 'self' blob: https://alive.bar; connect-src 'self' data: blob: https://alive.bar https://bucket.alive.bar wss://alive.bar; script-src 'self' https://alive.bar 'wasm-unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.rawgit.com https://cdn.iframe.ly https://connect.facebook.net https://performance.councilplatform.com https://cdn.syndication.twimg.com https://translate-pa.googleapis.com/ https://*.govmetric.com https://script.hotjar.com https://static.hotjar.com https://www.googletagmanager.com https://content.govdelivery.com https://*.servmetric.com https://if-cdn.com https://*.olark.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://player.vimeo.com https://www.clarity.ms https://widget.wheredoivote.co.uk/wdiv.js https://rl.recyclenow.com https://ads.counciladvertising.net/code/audienceplacement/media/public https://s3.eu-west-2.amazonaws.com/counciladvertising.net/v3/scripts/cbc446b48e5695eed5a144c5d380b1c5.js https://s3.eu-west-2.amazonaws.com/counciladvertising.net/v3/scripts/31b48b08def6ee28404f472664ac92fb.js https://s3.eu-west-2.amazonaws.com/counciladvertising.net/v3/scripts/c5a6a85be8829f81daa649c3e4ecf1ac.js https://secure.quantserve.com/quant.js https://bat.bing.com/bat.js https://bat.bing.com/p/action/355025638.js cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://platform.twitter.com https://translate.google.com https://translate.googleapis.com https://unpkg.com https://performance.councilplatform.com/; style-src 'self' 'unsafe-inline' https://performance.councilplatform.com https://cdn.syndication.twimg.com https://platform.twitter.com https://ton.twimg.com https://*.govmetric.com https://fonts.googleapis.com https://*.olark.com https://*.servmetric.com https://rl.recyclenow.com https://www.gstatic.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://translate.googleapis.com https://unpkg.com https://use.fontawesome.com; frame-ancestors 'self' https://performance.councilplatform.com; report-uri https://www.plymouth.gov.uk/report-uri/enforce 1
script-src 'strict-dynamic' 'unsafe-eval' https://allianzworldwidepartners.com https://snap.licdn.com https://cdn.cookielaw.org https://www.allianzworldwidepartners.com https://content.allianzpartnerservices.com https://uat.allianzworldwidepartners.com https://connect.facebook.net https://assets.adobedtm.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://www.google-analytics.com; object-src 'none'; base-uri 'self'; worker-src 'self'; script-src-elem 'self' 'unsafe-inline' https://dev.dx79ppbsvm3xi.amplifyapp.com https://snap.licdn.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://assets.adobedtm.com https://connect.facebook.net https://uat.allianzworldwidepartners.com https://qa.allianzworldwidepartners.com https://www.allianzworldwidepartners.com https://content.allianzpartnerservices.com https://cdn.cookielaw.org https://allianzworldwidepartners.com; 1
connect-src sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ suggest-maps.yandex.ru *.google-analytics.com *.datamind.ru *.cdn-tinkoff.ru www.google.com analytics.google.com www.google.ru www.facebook.com connect.facebook.net google-analytics.bi.owox.com vk.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr px.adhigh.net eye.targetads.io ad.adriver.ru top-fwz1.mail.ru dss.hybrid.ai tag.rutarget.ru tms.dmp.wi-fi.ru ads.adlook.me dmg.digitaltarget.ru dsum-sec.casalemedia.com id.uma.media prodmp.ru track-us.bidease.com ads.betweendigital.com a.utraff.com rtb.viadata.store reichelcormier.bid x01.aidata.io ssp.bidvol.com cs.gssprt.jp ssp.adriver.ru secure.adnxs.com exchange.buzzoola.com cs-0.moevideo.biz sync.republer.com redirect.frontend.weborama.fr sync.dmp.otm-r.com sync.mediatoday.iae.one an.yandex.ru sync.1dmp.io cm.lentainform.com mitdmp.whiteboxdigital.ru acint.net sync.viadata.store sync.adkernel.com sync.videonow.ru code.moviead55.ru api.imotech.video widget-api.uxfeedback.ru pixel.gooroo.works 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru wss://*.tinkoff.ru wss://*.tcsbank.ru wss://*.tbank.ru https://www.googleapis.com/ https://event.centraluniversity.ru www.tbank.ru acdn.tinkoff.ru cfg.tinkoff.ru hrsites-api-vacancies.tbank.ru meetup.tbank.ru hrsites-api-talents.tinkoff.ru www.tinkoff.ru www.cdn-tinkoff.ru imgproxy.cdn-tinkoff.ru fallback.cdn-tinkoff.ru; script-src sync.datamind.ru www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr yastatic.net mc.webvisor.com mc.webvisor.org 'self' 'unsafe-eval' 'unsafe-inline' *.tbank-online.com tbank.ru *.tbank.ru blob: https://tinkoff.ru https://tbank.ru https://www.tinkoff.ru https://www.tbank.ru https://www.youtube.com https://youtu.be https://event.centraluniversity.ru; img-src *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com connect.facebook.net ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.privacysandbox.googleadservices.com *.cdn-tinkoff.ru *.tinkoff.ru p.formobil.net rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru dp.tinkoffinsurance.ru *.fls.doubleclick.net tms.dmp.wi-fi.ru cdn3.caltat.com sonar.semantiqo.com www.cdn-tinkoff.ru ad.adriver.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr eye.targetads.io tag.rutarget.ru top-fwz1.mail.ru dss.hybrid.ai track-us.bidease.com tech.rtb.mts.ru sync.gonet-ads.com ad.new-programmatic.com mssg.su rap.skcrtxr.com cdn3.uxfeedback.ru widget.uxfeedback.ru  cdn.uxfeedback.ru sm.rtb.mts.ru exchange.buzzoola.com dmp.one sync.bumlam.com wf-ru-frontend.weborama-tech.ru 'self' data: *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru https://tinkoff.ru https://tbank.ru https://www.tinkoff.ru https://www.tbank.ru https://i.ytimg.com/ http://img.youtube.com https://*.cdn-tinkoff.ru/ https://youtu.be px.ads.linkedin.com https://imgproxy.cdn-tinkoff.ru https://imgproxy.cdn-tbank.ru https://event.centraluniversity.ru; frame-src *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.cdn-tinkoff.ru *.fls.doubleclick.net www.cdn-tinkoff.ru mc.yandex.ru yastatic.net mc.webvisor.org metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com 'self' blob: data: *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru https://www.youtube.com/ https://youtu.be https://event.centraluniversity.ru; font-src *.cdn-tinkoff.ru 'self' *.tbank-online.com tbank.ru *.tbank.ru *.tinkoff.ru data:; report-uri https://www.tinkoff.ru/api/front/log/csp-error; default-src 'self' *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru *.tinkoff.ru data:; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://*.googletagmanager.com https://snap.licdn.com https://code.jquery.com/ui/ *.purechat.com *.purechatcdn.com *.vzaar.com *.jobtarget.com cookie-cdn.cookiepro.com *.fastly.net *.vo.msecnd.net cisi.h5p.com *.osano.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' data: blob: https:; media-src 'self' data: blob: https://*.vzaar.com *.purechatcdn.com; child-src 'self' blob: https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://*.googletagmanager.com https://*.google.com https://*.vzaar.com https://*.doubleclick.net https://*.dacast.com https://dacastmmd.mmdlive.lldns.net https://*.cbox.ws https://*.ustream.tv https://*.pxp-solutions.net app.powerbi.com cdn.knightlab.com *.fastly.net api.test.kalixa.com *.fusiontelecom.co  cisi.h5p.com flo.uri.sh mint.evolveauthoring.com ons.gov.uk; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://telize-v1.p.rapidapi.com/geoip *.purechat.com wss://*.purechat.com https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com cookie-cdn.cookiepro.com geolocation.onetrust.com *.visualstudio.com api.dictionaryapi.dev *.osano.com; object-src 'none'; 1
default-src 'self' http://www.malaysiaairports.com.my; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.printfriendly.com cdn.printfriendly.com static.addtoany.com ds-4047.kxcdn.com www.google-analytics.com cdn.jsdelivr.net unpkg.com www.google.com *.rawgit.com *.gstatic.com *.googleapis.com static.addtoany.com polyfill.io key-cdn.printfriendly.com www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.googleapis.com; img-src 'self' data: s.yimg.com cdn.printfriendly.com www.google-analytics.com www.google-analytics.com.sg stats.g.doubleclick.net www.google.com www.google.com.sg www.google.com.my www.gstatic.com; media-src 'self'; frame-src 'self' data: static.addtoany.com www.google.com www.youtube.com https://cdn.knightlab.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self'  stats.g.doubleclick.net www.google-analytics.com analytics.google.com unpkg.com www.google.com.my; report-uri /report-csp-violation 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-8c7f9eeec49b778c28afbe43bfd46be9'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://layer8.space; img-src 'self' https: data: blob: https://layer8.space; style-src 'self' https://layer8.space 'nonce-KSsE09oJ9yiVIj5ivAxKSA=='; media-src 'self' https: data: https://layer8.space; frame-src 'self' https:; manifest-src 'self' https://layer8.space; form-action 'self'; child-src 'self' blob: https://layer8.space; worker-src 'self' blob: https://layer8.space; connect-src 'self' data: blob: https://layer8.space https://files.layer8.space wss://layer8.space; script-src 'self' https://layer8.space 'wasm-unsafe-eval' 1
default-src 'self' data: gap: content:; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com *; child-src 'self' www.facebook.com accounts.google.com blob: gap:; frame-src 'self' accounts.google.com facebook.com www.facebook.com form.typeform.com www.youtube-nocookie.com https://optimize.google.com https://td.doubleclick.net/; connect-src 'self' data: conversion.allthetopbananas.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com https://analytics.google.com/ wa.appsflyer.com api2.branch.io stats.g.doubleclick.net wa.onelink.me api-js.mixpanel.com optimize.google.com maps.googleapis.com facebook.com *.gstatic.com www.facebook.com graph.facebook.com accounts.google.com *.clarity.ms *.sonicjobs.net *.analytics.google.com *.google.co.uk *.sonic-local.com *.sonic-dev.net; img-src 'self' data: joblookup.com click.appcast.io i.ytimg.com p.nexxt.com www.facebook.com track.ziprecruiter.com www.google.com *.google.it www.talent.com https://www.google-analytics.com https://www.googletagmanager.com maps.googleapis.com *.gstatic.com lh3.googleusercontent.com *.sonicjobs.net blob: data: *.amazonaws.com https://optimize.google.com https://c.clarity.ms/c.gif https://c.bing.com/c.gif *.google.co.uk *.facebook.com *.sonic-local.com *.sonic-dev.net; font-src 'self' https://fonts.gstatic.com fonts.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com connect.facebook.net tagmanager.google.com click.appcast.io *.gstatic.com api2.branch.io facebook.com accounts.google.com appleid.cdn-apple.com googleusercontent.com play.google.com mixpanel.com fonts.googleapis.com websdk.appsflyer.com app.link maps.googleapis.com https://optimize.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.clarity.ms/ *.analytics.google.com; frame-ancestors * 1
frame-ancestors 'self' https://prod.bikinivillage.com ; 1
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.espoo.fi *.wdr.io; base-uri 'self'; object-src 'self'; connect-src wss: https:; worker-src blob:; child-src blob:; frame-src https: 1
frame-ancestors 'self' https://manage.vehicleservicepros.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: assets.adobedtm.com bbva.d3.sc.omtrdc.net dpm.demdex.net *.googleapis.com fonts.gstatic.com addtocalendar.com youtube.com www.youtube.com www.youtube-nocookie.com cdn.cookielaw.org cdn-od.world-television.com od.world-television.com cdn-streamstudio-ondemand.world-television.com cdn-wowzacoder-node11.world-television.com cdn-wowzacoder-node12.world-television.com cdn-wowzacoder-node13.world-television.com cdn-wowzacoder-node14.world-television.com cdn-wowza.world-television.com cdn-wowza2.world-television.com cdn-wowza4.world-television.com cdn-wowza5.world-television.com cdn-wowza-zur-cn.worldtelevision.cn cdn-wowza2-zur-cn.worldtelevision.cn streamstudio.world-television.com streamstudio-static.world-television.com streamstudio-static-cloudflare cdn-streamstudio-china.worldtelevision.cn cdn-streamstudio.world-television.com gaia.world-television.com stats.world-television.com d3l7jhiu2gy1zw.cloudfront.net d3rheyut2722wp.cloudfront.net d2u0sqszc4zqzn.cloudfront.net d13g3vp355w9vi.cloudfront.net d3nodaywjsh67y.cloudfront.net d1wgay39cved2v.cloudfront.net d2wha8clrw9yga.cloudfront.net www.fbbva.es www.redleonardo.es www.premiosfronterasdelconocimiento.es www.multiverso-fbbva.es www.contrapunto-fbbva.es www.biophilia-fbbva.es www.frontiersofknowledgeawards-fbbva.es ec2-34-251-159-89.eu-west-1.compute.amazonaws.com www.fbbva.es edicion-j93xtwf5.openweb.bbva revision-j93xtwf5.openweb.bbva j93xtwf5.openweb.bbva code.jquery.com *.watchity.com pruebasserviciosinfobbva.gnoss.com serviciosdms.gnoss.com bbvafundacion2018.112.2o7.net bbvafundacionlaunch2020dev.112.2o7.net urlmaker.overon.es code.highcharts.com books.google.com cdn.jsdelivr.net cdnjs.cloudflare.com privacyportal-eu.onetrust.com *.fontawesome.com cdn.plot.ly urlmaker-efe-develop.overon.es; 1
default-src 'self' ; worker-src 'self'  data: blob:; report-uri https://eagerly.nl/reports/report.php; img-src 'self' * data:; media-src 'self' https://www.googletagmanager.com http://humortv.vara.nl https://w.soundcloud.com https://www.mixcloud.com https://player.vimeo.com https://www.youtube.com https://player.bnnvara.nl http://www.theguitarconnection.nl https://*.spotify.com https://ilost.co https://*.vpro.nl https://anchor.fm https://www.cognitoforms.com https://vimeo.com https://www.facebook.com https://vars.hotjar.com https://td.doubleclick.net https://m.facebook.com https://*.google.com https://td.doubleclick.net https://m.facebook.com https://*.google.com https://*.spotify.com https://ilost.co https://*.vpro.nl https://anchor.fm https://www.cognitoforms.com https://vimeo.com https://www.facebook.com https://vars.hotjar.com blob: data:; connect-src 'self' https://cdn.onesignal.com https://*.facebook.net https://*.googleapis.com https://www.google.de https://*.google.com.mx https://*.google.it https://*.doubleclick.net https://*.google.be https://*.google.nl https://*.google.com https://*.nr-data.net https://*.google-analytics.com https://*.ip-api.com https://*.fullsession.io https://www.tivolivredenburg.nl https://*.hotjar.com https://*.googletagmanager.com wss://*.hotjar.com https://*.hotjar.io https://yoast.com https://www.facebook.com https://embedr.flickr.com https://stats.g.doubleclick.net https://analytics.tiktok.com https://*.google-analytics.com; frame-src 'self' https://www.googletagmanager.com http://humortv.vara.nl https://w.soundcloud.com https://www.mixcloud.com https://player.vimeo.com https://www.youtube.com https://player.bnnvara.nl http://www.theguitarconnection.nl https://*.spotify.com https://ilost.co https://*.vpro.nl https://anchor.fm https://www.cognitoforms.com https://vimeo.com https://www.facebook.com https://vars.hotjar.com https://td.doubleclick.net https://m.facebook.com https://*.google.com https://td.doubleclick.net https://m.facebook.com https://*.google.com https://*.spotify.com https://ilost.co https://*.vpro.nl https://anchor.fm https://www.cognitoforms.com https://vimeo.com https://www.facebook.com https://vars.hotjar.com; child-src 'self' https://www.googletagmanager.com http://humortv.vara.nl https://w.soundcloud.com https://www.mixcloud.com https://player.vimeo.com https://www.youtube.com https://player.bnnvara.nl http://www.theguitarconnection.nl https://*.spotify.com https://ilost.co https://*.vpro.nl https://anchor.fm https://www.cognitoforms.com https://vimeo.com https://www.facebook.com https://vars.hotjar.com https://td.doubleclick.net https://m.facebook.com https://*.google.com https://td.doubleclick.net https://m.facebook.com https://*.google.com https://*.spotify.com https://ilost.co https://*.vpro.nl https://anchor.fm https://www.cognitoforms.com https://vimeo.com https://www.facebook.com https://vars.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cloudflareinsights.com https://*.onesignal.com https://*.facebook.net https://*.google.com https://*.newrelic.com https://*.twitter.com https://*.vimeocdn.com https://*.fullsession.io https://www.tivolivredenburg.nl https://*.youtube.com https://*.vimeo.com https://*.googleapis.com https://ilost.co https://*.tiktok.com https://*.webhare.com https://*.hotjar.com https://*.google-analytics.com https://*.googletagmanager.com https://www.cognitoforms.com https://api.w3-edge.com https://widgets.flickr.com https://embedr.flickr.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.googletagmanager.com https://*.tivolivredenburg.nl; font-src 'self' https://fonts.googleapis.com https://www.facebook.com https://fonts.gstatic.com https://www.facebook.com https://fonts.gstatic.com data:; form-action 'self' https://*.my.salesforce-sites.com https://tivolivredenburg.crmplatform.nl https://www.facebook.com https://*.my.salesforce-sites.com https://tivolivredenburg.crmplatform.nl https://www.facebook.com; frame-ancestors 'self' ; 1
default-src 'self'; script-src 'self' dienste.kvb.de *.kv-safenet.de player.vimeo.com www.youtube.com player.podigee-cdn.net 'nonce-462b66b443461faded' 'nonce-27f78ef6da60d08492' 'nonce-7f1e6ff95103dd9fc7'; style-src 'self' 'unsafe-inline'; img-src 'self'; frame-src https://www.youtube.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/ https://player.podigee-cdn.net/; font-src 'self'; connect-src 'self' dienste.kvb.de *.kv-safenet.de; report-uri https://7dx7gcb3.uriports.com/reports/enforce; report-to https://7dx7gcb3.uriports.com/reports/enforce 1
default-src 'self' *.edfinancial.com *.studentaid.gov; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.powerplatform.com https://home-c72.niceincontact.com/inContact/ChatClient/js/embed.min.js https://cdn.botframework.com/botframework-webchat/latest/webchat.js https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js https://www.googletagmanager.com https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://connect.facebook.net/en_US/sdk.js https://cookieinfoscript.com/js/cookieinfo.min.js https://www.google.com/recaptcha/api.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases/ https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js https://kit.fontawesome.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; object-src 'none'; base-uri 'self'; connect-src 'self' wss://unitedstates.directline.botframework.com https://unitedstates.directline.botframework.com *.powerplatform.com https://powerva.microsoft.com/api/botmanagement/v1/directline/directlinetoken https://directline.botframework.com/v3/directline/ wss://directline.botframework.com/v3/directline/conversations/ https://www.google-analytics.com https://ka-f.fontawesome.com https://ka-p.fontawesome.com https://kit.fontawesome.com; font-src 'self' https://ka-f.fontawesome.com https://ka-p.fontawesome.com https://fonts.gstatic.com/; frame-src 'self' https://home-c72.niceincontact.com/ https://*.opendns.com/ https://www.facebook.com https://www.google.com/ https://www.youtube.com; img-src 'self' data: https://edfinancial.studentaid.gov https://www.google-analytics.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; form-action 'self'; upgrade-insecure-requests; 1
default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval';  frame-ancestors 'self' https://login.appeon.com;  1
frame-ancestors 'self' uwcsea-portal.edu.sg uwcsea-qa.teamieapp.com app.happeo.com staffhub.uwcsea.edu.sg uwcsealearning.theteamie.com; 1
frame-ancestors 'self' https://www.sfopera.com/ 1
default-src 'self' mailto: tel: *.aia.com *.philamlife.com *.aia.com.ph *.google.com *.aia-dfs.originally.us *.gstatic.com *.twitter.com *.linkedin.com *.zscalertwo.net blob: *.recaptcha.net recaptcha.net https://www.googleapis.com/ https://maps.googleapis.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://recaptcha.google.com *.facebook.com *.youtube.com *.adobedtm.com *.google-analytics.com https://s.go-mpulse.net http://phdcwdlapp030:8280 https://mypageappuat.philamlife.com https://mypageapp.philamlife.com *.cdnjs.cloudflare.com; worker-src 'self' 'unsafe-inline' blob: *.aia.com.ph; style-src 'self' 'unsafe-inline' *.aia.com.ph *.unpkg.com https://unpkg.com *.google.com https://aia-dfs.originally.us https://s7ap1.scene7.com https://*.zscalertwo.net https://www.googleapis.com/ https://maps.googleapis.com https://fonts.googleapis.com *.lemnisk.co https://fonts.font.im 'self' 'unsafe-inline'; img-src 'self' data: blob: *.aia.com *.philamlife.com *.aia.com.ph *.adnxs.com *.google.com https://adservice.google.com https://smetrics.aia.com https://connect.facebook.net  https://img.icons8.com *.aia-dfs.originally.us *.baidu.com *.moz.com *.gstatic.com *.twitter.com *.linkedin.com *.facebook.com *.youtube.com *.adobedtm.com *.google-analytics.com *.lemnisk.co *.contentsquare.net https://maps.gstatic.com https://www.googleapis.com/ https://maps.googleapis.com *.google.com https://*.zscalertwo.net https://s7ap1.scene7.com https://dpm.demdex.net https://ad.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com.my https://www.googletagmanager.com https://connect.facebook.net https://px.ads.linkedin.com *.yellowmessenger.com 'self' data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.lemnisk.co https://js-cdn.dynatrace.com https://s.go-mpulse.net https://gateway.zscalertwo.net https://t.contentsquare.net https://cdn8.lemnisk.co https://ib.adnxs.com https://cdn12.lemnisk.co https://www.gstatic.com https://cdn.yellowmessenger.com https://acdn.adnxs.com https://cdn25.lemnisk.co https://app.yellowmessenger.com https://www.gstatic.com https://www.google.com https://assets.adobedtm.com https://analytics.tiktok.com https://adservice.google.com https://connect.facebook.net https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.aia.com *.philamlife.com *.aia.com.ph *.adnxs.com *.unpkg.com https://unpkg.com *.google.com *.aia-dfs.originally.us *.gstatic.com *.twitter.com *.linkedin.com *.zscalertwo.net blob: *.recaptcha.net recaptcha.net https://analytics.tiktok.com *.cloudflare.com https://dpm.demdex.net *.lemnisk.co *.dynatrace.com *.contentsquare.net https://www.googleapis.com/ https://maps.googleapis.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://recaptcha.google.com *.facebook.com *.youtube.com *.adobedtm.com *.google-analytics.com https://s.go-mpulse.net http://phdcwdlapp030:8280 https://mypageappuat.philamlife.com https://mypageapp.philamlife.com https://s7ap1.scene7.com https://*.zscalertwo.net https://assets.adobedtm.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com.my https://www.googletagmanager.com https://connect.facebook.net *.yellowmessenger.com 'self' 'unsafe-eval' *.aia.com.ph *.google.com *.gstatic.com 'unsafe-inline'; connect-src 'self' properties:  *.aia.com *.philamlife.com *.aia.com.ph *.google.com *.aia-dfs.originally.us https://api.video-adblock.com https://infragrid.v.network https://overbridgenet.com https://www.google.com https://adservice.google.com https://connect.facebook.net https://www.googletagmanager.com *.ucweb.com *.vzeesp.com *.dbankcloud.com *.googleapis.com *.dbankcloud.cn *.moz.com *.akamaihd.net https://analytics.tiktok.com wss://uat.apigw.philamlife.com/ph/myaia/utility/v1-uat/ws wss://myaia.apigw.philamlife.com/ph/myaia/utility/v1/ws *.gstatic.com *.twitter.com *.linkedin.com *.zscalertwo.net blob: *.recaptcha.net recaptcha.net https://c.go-mpulse.net/ *.akstat.io *.bf.dynatrace.com *.demdex.net *.contentsquare.net *.lemnisk.co https://www.googleapis.com/ https://maps.googleapis.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://recaptcha.google.com *.facebook.com *.youtube.com *.adobedtm.com *.google-analytics.com https://s.go-mpulse.net http://phdcwdlapp030:8280 https://mypageappuat.philamlife.com https://mypageapp.philamlife.com https://s7mbrstream-ap1.scene7.com https://s7ap1.scene7.com https://stats.g.doubleclick.net *.aia.com.ph https://adobedc.demdex.net https://edge.adobedc.net *.yellowmessenger.com wss://app.yellowmessenger.com/message/; frame-src 'self' mailto: tel: https://adservice.google.com https://www.googletagmanager.com https://connect.facebook.net *.google.com https://aia.okta.com https://aia.kerberos.okta.com/ https://myaia.apigw.philamlife.com https://s7mbrstream-ap1.scene7.com https://s7ap1.scene7.com https://bid.g.doubleclick.net https://td.doubleclick.net/ https://www.bancnetonline.com/ *.moz.com https://testpti.payserv.net/ https://ptiapps.paynamics.net/ https://8034780.fls.doubleclick.net/ https://aiagroup.demdex.net *.aia.com.ph https://www.youtube.com https://app.yellowmessenger.com; font-src * data: moz-extension:; media-src 'self' data: blob: *.google.com *.aia.com *.scene7.com *.yellowmessenger.com; object-src 'none'; frame-ancestors https://myaia.apigw.philamlife.com https://*.aia.com.ph; 1
default-src 'self' *.teckids.org; img-src 'self' data: *.teckids.org; media-src 'self' *.teckids.org; object-src 'self' *.teckids.org; frame-src 'self' *.teckids.org; form-action 'self' *.teckids.org 1
default-src 'self';img-src 'self' data: *.usercentrics.eu *.visualwebsiteoptimizer.com *.ctfassets.net *.s-cloud.fi *.flockler.com pbs.twimg.com *.cloudfront.net https://custom.livezhat.fi/ *.googletagmanager.com *.google-analytics.com;media-src 'self' *.ctfassets.net;object-src 'self' *.usercentrics.eu;style-src 'self' 'unsafe-inline' *.flockler.com https://custom.livezhat.fi/elisa_blue/elisachat.css;script-src 'self' *.usercentrics.eu 'unsafe-eval' 'unsafe-inline' *.visualwebsiteoptimizer.com *.googletagmanager.com *.google-analytics.com *.flockler.com https://unpkg.com/axios/dist/axios.min.js https://zefzhat-eu.appspot.com/code/sok/ https://storage.googleapis.com/livezhat/lz_extra/ ;script-src-attr 'unsafe-inline';connect-src 'self' *.usercentrics.eu *.contentful.com *.s-cloud.fi *.flockler.com *.addsearch.com *.google-analytics.com https://sok-form-api.elisadesk.com https://stats.livezhat.com/track/e/ https://zefzhat-eu.appspot.com/ChatServlet;font-src 'self' data: https://browser-consent-front.coco.s-cloud.fi https://storage.googleapis.com/livezhat/;frame-src 'self' *.usercentrics.eu *.youtube.com *.infogram.com https://sok-form-api.elisadesk.com https://s-ryhma.fi;frame-ancestors 'self' https://app.contentful.com https://s-ryhma.fi;form-action 'self' https://sok-form-api.elisadesk.com https://s-ryhma.fi;base-uri 'self';upgrade-insecure-requests 1
style-src 'self' 'unsafe-inline' cdn.pricespider.com api.tiles.mapbox.com *.bazaarvoice.com feed.pghub.io pandg.tapad.com;                     script-src 'self' 'unsafe-inline' 'unsafe-eval' pghub.io *.pricespider.com www.googletagmanager.com *.google-analytics.com cdn.cookielaw.org *.doubleclick.net cdnjs.cloudflare.com *.mapbox.com www.youtube.com *.bazaarvoice.com feed.pghub.io pandg.tapad.com;                     worker-src 'self' blob: feed.pghub.io pandg.tapad.com;                     manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com;                     font-src 'self' assets.ctfassets.net feed.pghub.io pandg.tapad.com;                     frame-ancestors 'none' feed.pghub.io pandg.tapad.com;                     frame-src 'self' *.doubleclick.net feed.pghub.io consumersupport.pg.com *.jebbit.com pandg.tapad.com www.youtube-nocookie.com;                     img-src 'self' blob: images.ctfassets.net pixel.tapad.com cdn.cookielaw.org *.pricespider.com *.bazaarvoice.com *.ytimg.com *.google-analytics.com www.googletagmanager.com *.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat data: api.tiles.mapbox.com feed.pghub.io pandg.tapad.com;                     connect-src 'self' cdn.cookielaw.org *.pricespider.com *.analytics.google.com *.google-analytics.com *.algolia.net *.algolianet.com *.mapbox.com mw-ar-recom-prod.pgapi.io mw-ar-recom-dev.pgapi.io *.bazaarvoice.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat wss: feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com                     default-src 'none' feed.pghub.io pandg.tapad.com; 1
base-uri 'self'; object-src 'none'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://secure.gravatar.com; media-src 'self'; 1
default-src https:; script-src 'self' cdn.cookielaw.org 'unsafe-inline' 'unsafe-eval' global.oktacdn.com aperiogroup.bamboohr.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com pi.pardot.com; style-src 'self' 'unsafe-inline' global.oktacdn.com; object-src 'self' 1
default-src 'self' https://*.dcube.cloud/ https://*.wogaa.sg; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://cdn.jsdelivr.net/npm/sgds-govtech@1.3.22/js/sgds.js blob: https://*.dcube.cloud https://*.wogaa.sg https://*.ap.sabio.cloud https://*.google.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.jsdelivr.net/npm/sgds-govtech@1.3.22/css/sgds.css https://assets.dcube.cloud/ https://assets.wogaa.sg/ https://*.ap.sabio.cloud *.wogaa.sg *.cloudflare.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://*.google-analytics.com https://*.ap.sabio.cloud https://*.google.com *.cwp2.sg img.youtube.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://cdn.jsdelivr.net/npm/sgds-govtech@1.3.22/fonts/sgds-icons.ttf https://cdn.jsdelivr.net/npm/sgds-govtech@1.3.22/fonts/sgds-icons.woff https://assets.dcube.cloud/fonts/ https://assets.wogaa.sg/fonts/ *.mindef.gov.sg *.cloudflare.com *.bootstrapcdn.com; frame-src *.cwp2.sg https://www.instagram.com https://www.youtube.com https://www.facebook.com *.adventr.io www.youtube-nocookie.com/ https://widgets.espx.cloud/ form.gov.sg 'self' web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.dcube.cloud https://*.wogaa.sg https://*.ap.sabio.cloud https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
frame-ancestors 'self' https://irishparcels.ie https://*.irishparcels.ie https://niparcels.com https://*.niparcels.com 1
fintest.cmbchina.cn fintest.cmburl.cn tcexam.cmbchina.cn 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'report-sample' https://www.googletagmanager.com https://www.google-analytics.com https://storage.googleapis.com https://api.xrpscan.com; img-src 'self' data: 'report-sample' https://www.gstatic.com https://www.gravatar.com; style-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; frame-src 'self'; object-src 'none'; worker-src 'self'; connect-src 'self' https://api.xrpscan.com wss://api.xrpscan.com https://ws.xrpscan.com wss://ws.xrpscan.com https://www.google-analytics.com https://www.googletagmanager.com; report-uri https://report-uri.xrpscan.workers.dev/r/d/csp/enforce 1
default-src 'self' gocomet.com *.gocomet.com;    script-src 'self' gocomet.com *.gocomet.com 'unsafe-eval' 'unsafe-inline' cdn.mxpnl.com wchat.freshchat.com www.googletagmanager.com static.hotjar.com js-agent.newrelic.com www.gartner.com/reviews/ cdnjs.cloudflare.com/ajax/libs/dompurify/ gocomet.keka.com js.hs-scripts.com js.hsforms.net js.hs-banner.com js.hsadspixel.net js.hs-analytics.net;    style-src 'self' gocomet.com *.gocomet.com 'unsafe-inline' *.typekit.net use.fontawesome.com wchat.freshchat.com cdn.kekastatic.net fonts.googleapis.com www.gartner.com/reviews/;    img-src 'self' blob: data: gocomet.com *.gocomet.com i0.wp.com img.youtube.com reviews.static.gartner.com/public/Widget/img/ www.google.co.in/ads/ assets.calendly.com track.hubspot.com forms-na1.hsforms.com cdn.kekastatic.net;    font-src 'self' data: gocomet.com *.gocomet.com use.typekit.net cdn.kekastatic.net fonts.gstatic.com;    object-src 'self' data: gocomet.com *.gocomet.com;    base-uri 'self' gocomet.com *.gocomet.com;    form-action 'self' gocomet.com *.gocomet.com forms.hsforms.com;		frame-src 'self' gocomet.com *.gocomet.com wchat.freshchat.com *.webpush.freshchat.com www.youtube.com www.gartner.com calendly.com forms.hsforms.com;    frame-ancestors 'self' gocomet.com *.gocomet.com;		connect-src 'self' gocomet.com *.gocomet.com api-js.mixpanel.com api.hsforms.com bam.nr-data.net metrics.hotjar.io analytics.google.com www.google-analytics.com stats.g.doubleclick.net api-bdc.net ipinfo.io forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com api.hubapi.com gocomet.keka.com; 1
frame-ancestors 'self'; object-src 'none'; script-src *; 1
block-all-mixed-content; frame-ancestors *.cisco.com *.devnetcloud.com; frame-src cdn.iframe.ly *.twitter.com *.devnetcloud.com *.cisco.com www.google.com docs.google.com td.doubleclick.net www.youtube.com youtube.com www.youtube-nocookie.com katakoda.com asciinema.org d1nmyq4gcgsfi5.cloudfront.net www.brighttalk.com d18pbjdlirx2zi.cloudfront.net *.brightcove.net *.mktoweb.com; report-uri https://qoeujrgmve.execute-api.ap-northeast-1.amazonaws.com/prod/report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: instant.page blob: *.clarity.ms *.jsdelivr.net *.googletagmanager.com *.netlify.app *.googleapis.com *.gstatic.com *.google-analytics.com *.bing.com *.bugsnag.com *.ytimg.com *.youtube.com *.indebted.co *.netlify.com *.nsvcs.net *.cloudflare.com *.navattic.com *.plyr.io noembed.com wss://*.twilio.com *.make.com *.zapier.com *.clearbitscripts.com *.licdn.com *.oribi.io *.linkedin.com *.visualwebsiteoptimizer.com paperform.co *.paperform.co https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.clearbitjs.com pageimprove.io *.clearbit.com *.frontapp.com *.ably-realtime.com wss://front-us-realtime.ably.io *.browser-intake-datadoghq.com *.cookiebot.com unpkg.com *.jsdelivr.net *.google.com *.hockeystack.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.fontawesome.com www.google-analytics.com ajax.googleapis.com data:; img-src 'self' data:; frame-ancestors 'self' 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; img-src https: data:; style-src https: 'unsafe-inline'; 1
base-uri 'none'; object-src 'none'; script-src https://www.elektronauts.com/logs/ https://www.elektronauts.com/sidekiq/ https://www.elektronauts.com/mini-profiler-resources/ https://www.elektronauts.com/assets/ https://www.elektronauts.com/brotli_asset/ https://www.elektronauts.com/extra-locales/ https://www.elektronauts.com/highlight-js/ https://www.elektronauts.com/javascripts/ https://www.elektronauts.com/plugins/ https://www.elektronauts.com/theme-javascripts/ https://www.elektronauts.com/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js; worker-src 'self' https://www.elektronauts.com/assets/ https://www.elektronauts.com/brotli_asset/ https://www.elektronauts.com/javascripts/ https://www.elektronauts.com/plugins/ 1
default-src 'self' https://backend.sbermed.ai https://*.youtube.com https://sber.pro https://yt3.ggpht.com https://*.ytimg.com https://smartcaptcha.yandexcloud.net https://mddc.ai https://mddc.ru https://www.sbermed.ai https://www.mddc.ru https://www.mddc.ai https://sbermed.ai https://mc.yandex.ru https://yandex.ru 'unsafe-inline' data: w3.org/svg 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://mastodon.de 'wasm-unsafe-eval'; font-src 'self' https://mastodon.de; img-src 'self' data: blob: https://mastodon.de https://media.mastodon.de; style-src 'self' https://mastodon.de 'nonce-yohsrmzykiYqmYgXLnGtGw=='; media-src 'self' data: https://mastodon.de https://media.mastodon.de; frame-src 'self' https:; child-src 'self' blob: https://mastodon.de; worker-src 'self' blob: https://mastodon.de; connect-src 'self' blob: data: wss://mastodon.de https://mastodon.de https://media.mastodon.de; manifest-src 'self' https://mastodon.de; form-action 'self' 1
frame-src 'self' data: *.ubcmain.com *.ubc.com www.google.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://noc.social; img-src 'self' https: data: blob: https://noc.social; style-src 'self' https://noc.social 'nonce-3Y7xoGGtY0lbbATrDTZuqw=='; media-src 'self' https: data: https://noc.social; frame-src 'self' https:; manifest-src 'self' https://noc.social; form-action 'self'; connect-src 'self' data: blob: https://noc.social https://noc.social wss://noc.social; script-src 'self' https://noc.social 'wasm-unsafe-eval'; child-src 'self' blob: https://noc.social; worker-src 'self' blob: https://noc.social 1
default-src * data: blob: 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; style-src * data: blob: 'unsafe-inline'; 1
block-all-mixed-content; frame-ancestors 'self'; object-src 'none'; base-uri 'self' 1
base-uri 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.state.ak.us https://*.alaska.gov https://cse.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://partner.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.state.ak.us https://*.alaska.gov https://www.google.com; frame-ancestors 'self'; form-action 'self' https: https://*.state.ak.us https://*.alaska.gov; img-src 'self' https://*.state.ak.us https://*.alaska.gov https://www.google-analytics.com https://www.googleapis.com https://www.google.com https://clients1.google.com https://encrypted-tbn0.gstatic.com https://encrypted-tbn1.gstatic.com 1
default-src 'self' s3.amazonaws.com *.cloudfront.net;script-src 'self' 'sha256-MEqsWw4L5QzF380SC+pTw2wLRt42vH4kcCUppXN6Jj8=' 'sha256-nn7xyWt0iOoApHS6M3QGmlxng3dJl8RDhanTm4VQ2Gw=' 'sha256-QRG2yuLMzUepsusPMWCn6iHNlDjRMu4M584n3AgjehA=' 'sha256-FbwUPQrzMJ3N+PstLOrlt/b3Z7JBjbStJS+ZBXKSwvQ=' 'sha256-5kMb497w7ItxXRHeDONhgk1HOjOqzAVeP4/0KPiMW0Y=' 'sha256-CkcQF9E1VaUc8PmRLydCUXuX0A2ity3K7680rxe0bCw=' 'sha256-M0tacFDDmYwDqJ7WRMkBtaZR+w4d0LdOtWJa10xDeto=' 'sha256-T70FZ0UyEuoKs0UnGL2vBLTispK5neReN/jZI9d7tn4=' 'sha256-awNL0f/C2HgGtKj9gI2cAQQN4f/u4VaohngSi6Al32E=' 'sha256-f/Wxw0bvXBGjahCGDXAd51Ru25QmJHj4ThWrt1rT3ms=' 'sha256-eW/Rx3Qwt5F9QQfVe+IkPiPZP6bvWt0Nw3yraSkO7LE=' 'sha256-eW/Rx3Qwt5F9QQfVe+IkPiPZP6bvWt0Nw3yraSkO7LE=' 'sha256-0LO0kXmpQO72hOamvAnEicu68YkZE2I859Vs3zvz+ZY=' 'sha256-h2aMADaDlsTa8RGjoVpEsw0tCBZnz4IzXc8aJgv99dQ=' 'sha256-kYSEyOlTJDS9gqg2ZYmCdfYueO03Gc90G/NBiv0x0sc=' 'sha256-LxesHHuIwZnSokFMELntS7KrU9t14huAjLEDgcn8PCw=' 'sha256-ezfOFlruIClX6gfdXFg89InyxVChoN+iT6kYWZE/Sx8=' 'sha256-IWOToQcbJyvXc6dWgqD4+yaZiOHZmrMQiRBEXmlrNYw=' 'unsafe-eval' appleid.cdn-apple.com browser.sentry-cdn.com *.sentry.io sentry.io app.intercom.io widget.intercom.io js.intercomcdn.com cdn.pubnub.com checkout.stripe.com q.stripe.com js.stripe.com js-agent.newrelic.com bam.nr-data.net js.hs-banner.com js.hs-scripts.com js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net js.hsforms.net forms.hsforms.com connect.facebook.net *.googletagmanager.com analytics.google.com www.google-analytics.com www.googleadservices.com www.google.com www.gstatic.com *.g.doubleclick.net apis.google.com use.typekit.net static.hotjar.com script.hotjar.com *.hscollectedforms.net analytics.tiktok.com *.licdn.com *.linkedin.oribi.io 'nonce-CyzCzBKb';style-src 'self' 'unsafe-inline' fonts.googleapis.com use.fontawesome.com stackpath.bootstrapcdn.com static.hotjar.com script.hotjar.com;font-src 'self' data: fonts.gstatic.com js.intercomcdn.com fonts.intercomcdn.com use.fontawesome.com stackpath.bootstrapcdn.com use.typekit.net script.hotjar.com;img-src 'self' blob: data: track.hubspot.com forms.hubspot.com cdn2.hubspot.net *.hsforms.com js.intercomcdn.com static.intercomassets.com downloads.intercomcdn.com gifs.intercomcdn.com video-messages.intercomcdn.com messenger-apps.intercom.io *.intercom-attachments-1.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com *.cloudflare.com www.facebook.com *.googletagmanager.com www.google-analytics.com *.g.doubleclick.net www.google.com www.google.com.vn www.google.co.in *.s3.amazonaws.com s3.amazonaws.com *.cloudfront.net *.hotjar.com i.ytimg.com yt3.ggpht.com p.typekit.net *.linkedin.com;frame-src js.stripe.com q.stripe.com checkout.stripe.com *.instagram.com *.googletagmanager.com *.g.doubleclick.net www.facebook.com forms.hubspot.com forms.hsforms.com www.google.com accounts.google.com *.youtube.com https://youtu.be/ player.vimeo.com fast.wistia.net intercom-sheets.com intercom-reporting.com *.cloudfront.net vars.hotjar.com td.doubleclick.net bridge-tracker-pdf.s3.amazonaws.com bridge-tracker-staging-pdf.s3.amazonaws.com;connect-src 'self' api.hubapi.com ipinfo.io *.s3.amazonaws.com bam.nr-data.net forms.hubspot.com *.hscollectedforms.net forms.hsforms.com *.pndsn.com *.sentry.io sentry.io *.googletagmanager.com www.google-analytics.com analytics.google.com *.g.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com api-ping.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io api-iam.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com pagead2.googlesyndication.com analytics.tiktok.com licdn.com *.linkedin.oribi.io px.ads.linkedin.com;media-src 'self' blob: *.cloudfront.net *.s3.amazonaws.com s3.amazonaws.com js.intercomcdn.com *.youtube.com;worker-src blob: 1
script-src https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'self' 'unsafe-inline' *.aapm.org  https://www.googletagmanager.com https://www.google-analytics.com https://*.sharethis.com https://servedbyadbutler.com https://*.fontawesome.com https://docs.aapm.org https://platform-api.sharethis.com https://buttons-config.sharethis.com *.gstatic.com *.google.com player.vimeo.com; style-src https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' 'unsafe-inline' 'unsafe-inline' *.aapm.org  https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com  https://*.fontawesome.com; img-src https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' data: 'self'  *.aapm.org https://servedbyadbutler.com  https://www.googletagmanager.com  'self' data:  *.aapm.org  https://platform-cdn.sharethis.com; connect-src https://*.insight.sitefinity.com https://*.dec.sitefinity.com 'self' 'self' *.aapm.org wss://*.aapm.org https://www.googletagmanager.com https://www.google-analytics.com  https://*.sharethis.com  https://servedbyadbutler.com https://*.fontawesome.com  https://aapmstage.ent.us-east-1.aws.found.io https://aapmprod.ent.us-east-1.aws.found.io; default-src 'self' 'self' *.aapm.org *.gstatic.com *.google.com; font-src  'self' data:  *.aapm.org  https://use.typekit.net https://fonts.gstatic.com  https://*.fontawesome.com ; frame-src  *.aapm.org youtube.com www.youtube.com player.vimeo.com *.google.com 1
frame-ancestors 'self' *.amboss.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.biexcellence.com  *.fontawesome.com *.googleapis.com https://www.google.de/maps *.emailsys1a.net *.etracker.com *.etracker.de cdn.biexcellence.com www.google.com www.gstatic.com cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.biexcellence.com cdn.jsdelivr.net; img-src 'self' data: cdn.biexcellence.com *.fontawesome.com c.emailsys1a.net cdn.biexcellence.com cdn.jsdelivr.net *.tile.openstreetmap.org; font-src 'self' data: *.fontawesome.com cdn.biexcellence.com; media-src 'self'; object-src 'none'; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeo.com https://www.google.com/ https://t21dcdde4.emailsys1a.net/ www.google.com; frame-ancestors 'self'; connect-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.biexcellence.com maja.ai *.fontawesome.com *.google-analytics.com cdn.biexcellence.com nominatim.openstreetmap.org 1
frame-ancestors 'self' *.towerfcu.org 1
default-src * 'unsafe-inline' 'unsafe-eval'; worker-src blob:; frame-ancestors 'self' *.svc.wolf.eu ; child-src 'self' *.svc.wolf.eu ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 1
default-src 'none'; child-src https://player.vimeo.com http://player.vimeo.com player.vimeo.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.facebook.com http://www.facebook.com www.facebook.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://www.google.com https://www.google.co.uk https://stage-tmp-search.clients.uk.funnelback.com http://stage-tmp-search.clients.uk.funnelback.com stage-tmp-search.clients.uk.funnelback.com https://search.sainsburys.jobs http://search.sainsburys.jobs search.sainsburys.jobs https://stats.g.doubleclick.net http://stats.g.doubleclick.net stats.g.doubleclick.net https://yoast.com http://yoast.com yoast.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.onetrust.com http://*.onetrust.com *.onetrust.com 'unsafe-inline'; font-src 'self' https://use.typekit.net http://use.typekit.net use.typekit.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-inline' data: https:; frame-ancestors 'none'; frame-src https://player.vimeo.com http://player.vimeo.com player.vimeo.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.facebook.com http://www.facebook.com www.facebook.com https://td.doubleclick.net; img-src 'self' https://s3-eu-west-2.amazonaws.com http://s3-eu-west-2.amazonaws.com s3-eu-west-2.amazonaws.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.uk data: https:; object-src 'none'; script-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.googleadservices.com https://www.google.com https://www.google.co.uk https://googleads.g.doubleclick.net https://stage-tmp-search.clients.uk.funnelback.com http://stage-tmp-search.clients.uk.funnelback.com stage-tmp-search.clients.uk.funnelback.com https://search.sainsburys.jobs http://search.sainsburys.jobs search.sainsburys.jobs https://maps.googleapis.com http://maps.googleapis.com maps.googleapis.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://sjs.bizographics.com http://sjs.bizographics.com sjs.bizographics.com https://*.onetrust.com http://*.onetrust.com *.onetrust.com https://snap.licdn.com http://snap.licdn.com snap.licdn.com https://connect.facebook.net http://connect.facebook.net connect.facebook.net https://code.jquery.com http://code.jquery.com code.jquery.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' https://f.vimeocdn.com http://f.vimeocdn.com f.vimeocdn.com https://use.typekit.net http://use.typekit.net use.typekit.net https://p.typekit.net http://p.typekit.net p.typekit.net 'unsafe-inline'; worker-src 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-inline' 'unsafe-eval' 1
script-src-elem 'self' 'unsafe-inline' https://js.monitor.azure.com https://js.cdn.applicationinsights.io https://js0.cdn.applicationinsights.io https://js0.cdn.monitor.azure.com https://js2.cdn.applicationinsights.io https://js2.cdn.monitor.azure.com https://az416426.vo.msecnd.net https://cdn.jobgether.com https://cdn.jsdelivr.net https://cdn.growthbook.io https://ka-p.fontawesome.com https://app.ablecdp.com https://kit.fontawesome.com https://ajax.googleapis.com https://track.jobgether.com https://client.crisp.chat https://api.mapbox.com https://www.googletagmanager.com https://connect.facebook.net https://googleads.g.doubleclick.net https://app.ablecdp.com https://d3no41yaodisss.cloudfront.net https://geo.cookie-script.com; worker-src https://api.mapbox.com https://jobgether.com blob: https://jobgether.com/~partytown/partytown-sw.js https://www.googletagmanager.com/gtm.js https://connect.facebook.net/en_US/fbevents.js; 1
object-src 'none'; script-src 'nonce-62cc8b21505d4864bb6dc56a39895f13' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' cdn.botframework.com https: http:; base-uri 'none'; 1
default-src data: blob: *; script-src 'self' 'unsafe-inline' blob: data: keram-market.ru *.keram-market.ru keram-market.ru:* *.keram-market.ru:* cdn.keram-market.ru 'unsafe-eval' cdnjs.cloudflare.com cdn.jsdelivr.net *.fbcdn.net *.facebook.net *.twitter.com mc.yandex.ru api-maps.yandex.ru suggest-maps.yandex.ru *.yandex.net yastatic.net webvisor.com *.webvisor.com google-analytics.com *.google-analytics.com *.googletagmanager.com *.google.com 127.0.0.1:* icasa.ru *.icasa.ru; connect-src 'self' 'unsafe-inline' mc.yandex.ru google-analytics.com *.google-analytics.com https://stats.g.doubleclick.net keram-market.ru:* *.keram-market.ru:* wss://keram-market.ru:* wss://*.keram-market.ru:*; style-src data: blob: 'unsafe-inline' *; font-src 'self' 'unsafe-inline' blob: data: keram-market.ru *.keram-market.ru keram-market.ru:* *.keram-market.ru:* cdn.keram-market.ru 127.0.0.1:* fonts.gstatic.com icasa.ru *.icasa.ru; 1
default-src 'self'  https://www.google.com/recaptcha/api2/ https://www.google.com/ http://www.google.com/ http://www.youtube.com/ https://www.youtube.com/ http://www.google-analytics.com https://www.google-analytics.com http://www.gstatic.com https://www.gstatic.com http://fonts.gstatic.com/ https://www.dafontfree.net/ https://fonts.gstatic.com/ http://www.googleapis.com https://www.googleapis.com http://mojoactiveerrorreporting.firebaseio.com https://mojoactiveerrorreporting.firebaseio.com https://use.typekit.net https://stats.g.doubleclick.net http://s7.addthis.com https://s7.addthis.com https://v1.addthisedge.com https://api-public.addthis.com https://insight.adsrvr.org https://m.addthis.com https://api.userway.org https://cdn.userway.org https://maps.google.com https://maps.googleapis.com https://content.adacado.com https://bid.g.doubleclick.net https://bbox.blackbaudhosting.com http://www.googleadservices.com https://www.googleadservices.com https://vimeo.com https://player.vimeo.com https://api.mojoactive.dev wss://api.mojoactive.dev/ https://site-report.mojoactive.dev/ https://www.datadoghq-browser-agent.com https://rum.browser-intake-us5-datadoghq.com https://session-replay.browser-intake-us5-datadoghq.com https://www.bugherd.com/ https://*.cloudfront.net/ https://sessions.bugsnag.com/ wss://ws.pusherapp.com https://purgecss.mojoactive.dev/api/scss https://purgecss.mojoactive.dev/api/mc-purge https://cdn77.api.userway.org/ https://www.phhealthcare.org https://api.phhealthcare.org/ https://api-phhealthcare.mojoactive.dev/ http://localhost:40572/ https://www.phhealthcare.org/ https://purgecss.mojoactive.dev/ https://cdn.jsdelivr.net/ http://*.facebook.com/ https://*.facebook.com/ http://*.facebook.net/ https://*.facebook.net/  https://www.phhealthcare.org https://api.phhealthcare.org/ https://api-phhealthcare.mojoactive.dev/ http://localhost:40572/ https://www.phhealthcare.org/ https://purgecss.mojoactive.dev/ https://cdn.jsdelivr.net/; script-src 'self'  https://www.google.com/recaptcha/ http://www.gstatic.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/charts/ https://www.google.com/ http://www.google.com/ http://www.youtube.com/ https://www.youtube.com/ http://www.google-analytics.com https://www.google-analytics.com http://s.ytimg.com https://s.ytimg.com http://resources.mojoactive.com https://resources.mojoactive.com https://use.typekit.net https://api-public.addthis.com http://s7.addthis.com https://s7.addthis.com https://m.addthis.com https://z.moatads.com https://v1.addthisedge.com http://www.googletagmanager.com https://www.googletagmanager.com https://js.adsrvr.org https://insight.adsrvr.org https://cdn.userway.org http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://content.adacado.com https://cdn01.basis.net https://ad.adacado.com https://maps.googleapis.com https://bbox.blackbaudhosting.com http://www.googleadservices.com https://www.googleadservices.com https://ajax.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.googleapis.com https://player.vimeo.com https://www.vimeo.com https://vimeo.com https://www.datadoghq-browser-agent.com https://www.bugherd.com/ https://*.cloudfront.net/ https://sessions.bugsnag.com/ wss://ws.pusherapp.com https://www.gstatic.com/  https://www.phhealthcare.org https://api.phhealthcare.org/ https://api-phhealthcare.mojoactive.dev/ http://localhost:40572/ https://www.phhealthcare.org/ https://purgecss.mojoactive.dev/ https://cdn.jsdelivr.net/ http://*.facebook.com/ https://*.facebook.com/ http://*.facebook.net/ https://*.facebook.net/  https://www.phhealthcare.org https://api.phhealthcare.org/ https://api-phhealthcare.mojoactive.dev/ http://localhost:40572/ https://www.phhealthcare.org/ https://purgecss.mojoactive.dev/ https://cdn.jsdelivr.net/ 'unsafe-eval' 'unsafe-inline'; style-src 'self'  http://fonts.googleapis.com/ https://fonts.googleapis.com/ https://www.dafontfree.net/ https://www.google.com/ http://www.google.com/ http://www.gstatic.com/ https://www.gstatic.com/ https://bbox.blackbaudhosting.com https://resources.mojoactive.com https://www.datadoghq-browser-agent.com https://cdn.userway.org https://cdn.jsdelivr.net/ https://*.cloudfront.net/  https://www.phhealthcare.org https://api.phhealthcare.org/ https://api-phhealthcare.mojoactive.dev/ http://localhost:40572/ https://www.phhealthcare.org/ https://purgecss.mojoactive.dev/ https://cdn.jsdelivr.net/ 'unsafe-inline'; object-src 'self';img-src 'self'  http://www.google-analytics.com https://www.google-analytics.com https://www.google.com/ http://www.google.com/ https://p.typekit.net https://www.googletagmanager.com https://cdn.userway.org https://maps.gstatic.com https://maps.googleapis.com https://bbox.blackbaudhosting.com http://insight.adsrvr.org https://ups.analytics.yahoo.com https://*.doubleclick.net https://x.bidswitch.net https://segment.prod.bidr.io https://resources.mojoactive.com https://i.vimeocdn.com https://www.datadoghq-browser-agent.com https://cdn.userway.org https://*.cloudfront.net/  https://www.phhealthcare.org https://api.phhealthcare.org/ https://api-phhealthcare.mojoactive.dev/ http://localhost:40572/ https://www.phhealthcare.org/ https://purgecss.mojoactive.dev/ https://cdn.jsdelivr.net/ http://*.facebook.com/ https://*.facebook.com/ http://*.facebook.net/ https://*.facebook.net/  https://www.phhealthcare.org https://api.phhealthcare.org/ https://api-phhealthcare.mojoactive.dev/ http://localhost:40572/ https://www.phhealthcare.org/ https://purgecss.mojoactive.dev/ https://cdn.jsdelivr.net/ blob: data:; worker-src blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' https://www.google.ca/ads/ *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://scout-cdn.salesloft.com https://bat.bing.com https://static.ads-twitter.com https://snap.licdn.com https://js.hs-scripts.com https://s0.wp.com https://static.hsappstatic.net https://bam.nr-data.net https://js.hsadspixel.net https://js.hs-analytics.net https://js.usemessages.com https://js.hs-banner.com https://js.hsleadflows.net https://connect.facebook.net https://js-agent.newrelic.com https://js.hsforms.net https://www.google.com https://jobs.jobvite.com https://www.gstatic.com https://stats.wp.com https://s2.wp.com https://*.duosecurity.com https://widgets.wp.com https://*.wp.com https://js.adsrvr.org https://js.hscollectedforms.net https://*.hscollectedforms.net https://*.addtoany.com https://*.sf-syn.com https://googleads.g.doubleclick.net https://9171557.fls.doubleclick.net https://*.doubleclick.net https://c.sf-syn.com https://script.hotjar.com https://insight.adsrvr.org/ https://*.adsrvr.org/ https://*.ads.linkedin.com https://js.hubspot.com/ https://static.hotjar.com/ wss://ws.hotjar.com/ gw.linkedin.oribi.io dc.ads.linkedin.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://s0.wp.com https://*.wp.com *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://www.spok.com https://pixel.wp.com https://px.ads.linkedin.com https://bat.bing.com https://t.co https://analytics.twitter.com https://track.hubspot.com https://www.facebook.com https://p.adsymptotic.com https://test-spok-gov.pantheonsite.io https://dev-spok-gov.pantheonsite.io https://live-spok-gov.pantheonsite.io https://perf.hsforms.com https://s2.wp.com https://i0.wp.com https://*.wp.com https://forms.hsforms.com https://*.hsforms.com https://forms-na1.hsforms.com https://*.addtoany.com https://googleads.g.doubleclick.net https://9171557.fls.doubleclick.net https://*.doubleclick.net https://c.sf-syn.com https://script.hotjar.com https://insight.adsrvr.org/ https://*.adsrvr.org/ https://www.google.ca/ads/* https://*.ads.linkedin.com https://cta-services-cms2.hubspot.com/ https://static.hotjar.com https://cta-service-cms2.hubspot.com/ dc.ads.linkedin.com sjs.bizographics.com https://www.google.ca/ads https://static.hubspot.com/ https://static.hsappstatic.net/ https://www.google.ca/ads/ga-audiences https://no-cache.hubspot.com/cta/default/5896911/interactive-166858174111.png https://no-cache.hubspot.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://bam.nr-data.net https://api.hubapi.com https://forms.hubspot.com https://api.hubspot.com https://js-agent.newrelic.com https://js.hs-banner.com https://cdn.linkedin.oribi.io https://scout.salesloft.com https://bat.bing.com https://www.facebook.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://yoast.com https://*.wp.com https://*.hsforms.com https://*.hscollectedforms.net https://js.hscollectedforms.net https://*.addtoany.com https://c.sf-syn.com https://script.hotjar.com https://insight.adsrvr.org/ https://*.adsrvr.org/ https://px.ads.linkedin.com/wa/ https://px.ads.linkedin.com/ https://cta-service-cms2.hubspot.com/ wss://ws.hotjar.com/ https://content.hotjar.io/ px4.ads.linkedin.com gw.linkedin.oribi.io dc.ads.linkedin.com *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com; font-src 'self' data: https://s0.wp.com data: fonts.gstatic.com fonts.googleapis.com; frame-src 'self' https://widgets.wp.com https://static.hsappstatic.net https://insight.adsrvr.org https://www.facebook.com https://match.adsrvr.org/ https://jobs.jobvite.com https://www.google.com https://js.hsforms.net https://*.duosecurity.com https://app.hubspot.com https://forms.hsforms.com https://*.hsforms.com https://js.hscollectedforms.net/collectedforms.js https://js.hscollectedforms.net https://*.hscollectedforms.net https://*.addtoany.com https://*.sf-syn.com https://googleads.g.doubleclick.net https://9171557.fls.doubleclick.net https://*.doubleclick.net https://c.sf-syn.com https://script.hotjar.com https://insight.adsrvr.org/ https://*.adsrvr.org/ https://*.hs-sites.com/ *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://www.spok.com?gdsih-csp-report; 1
default-src 'self' cdn.trkkn.com tools.trkkn.com spl.martini.com *.prod.bacardi.digital *.dev.bacardi.digital *.bacardilimited.com *.martini.com d2z05otmbim3z8.cloudfront.net walkinto.in www.google.com www.googletagmanager.com stats.g.doubleclick.net www.instagram.com instagram.com www.martiniracingciclismo.com www.youtube.com *.snapchat.com player.vimeo.com store.terrazza.martini.com responsibledrinking.eu www.facebook.com *.adimo.co *.adsrvr.org rfi.martini-casa-terrazza.com www.tripadvisor.co.uk contact.visitcasamartini.com www.lamaisonwellness.com www.museoauto.it 5337729.fls.doubleclick.net asystem-library.s3.amazonaws.com d.agkn.com grandhotelsitea.it www.museoauto.com my.hornblower.com pay.google.com; connect-src 'self' *.facebook.com www.facebook.com spl.martini.com *.prod.bacardi.digital *.dev.bacardi.digital maps.googleapis.com region1.google-analytics.com *.google-analytics.com *.onetrust.com *.liquidcheckout.com www.googletagmanager.com stats.g.doubleclick.net www.google-analytics.com bacardilimited.channelsight.com d3hnlaz0mzjpz0.cloudfront.net *.teads.tv *.snapchat.com *.pinterest.com *.usersnap.com https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com www.google.com googleads.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.trkkn.com tools.trkkn.com spl.martini.com www.googletagmanager.com d3hnlaz0mzjpz0.cloudfront.net player.vimeo.com *.prod.bacardi.digital *.dev.bacardi.digital *.onetrust.com *.instagram.com *.google-analytics.com www.google.com www.gstatic.com maps.googleapis.com www.youtube.com *.teads.tv *.snapchat.com sc-static.net *.twitter.com *.ads-twitter.com s.pinimg.com cdn.adimo.co connect.facebook.net js.adsrvr.org maxcdn.bootstrapcdn.com d29mknc5251yuj.cloudfront.net asystem-library.s3.amazonaws.com platform.vine.co fast.fonts.net *.usersnap.com cdn.jsdelivr.net my.hornblower.com pay.google.com; style-src 'self' 'unsafe-inline' fast.fonts.net fonts.googleapis.com *.prod.bacardi.digital *.dev.bacardi.digital store-locator-frontend-prod.prod.bacardi.digital cloud.typography.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; img-src * 'self' http://images.salsify.com/ images.salsify.com data: http://* https://* blob:; font-src 'self' data: https://* 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://1e9.community/logs/ https://1e9.community/sidekiq/ https://1e9.community/mini-profiler-resources/ https://1e9.community/assets/ https://1e9.community/brotli_asset/ https://1e9.community/extra-locales/ https://1e9.community/highlight-js/ https://1e9.community/javascripts/ https://1e9.community/plugins/ https://1e9.community/theme-javascripts/ https://1e9.community/svg-sprite/ 'sha256-HZxBMVZe6P3MvHDZlFai9cUmLH+qwX6BNT3qTwNPATg=' https://unpkg.com https://cdn.landbot.io/landbot-3/landbot-3.0.0.js https://plausible.io/js/plausible.hash.js https://widget.flowxo.com https://cdn.flipboard.com https://www.youtube.com https://xing.com https://1e9.community https://static.landbot.io https: https://chats.landbot.io 'unsafe-eval'  https://api.stripe.com https://q.stripe.com; worker-src 'self' https://1e9.community/assets/ https://1e9.community/brotli_asset/ https://1e9.community/javascripts/ https://1e9.community/plugins/; frame-ancestors 'self' https://1e9-community.ghost.io; manifest-src 'self' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-hk4JJGD4is/znuSYVtJeZq+FVj5rCepMjOAVXt8YsxLl4eA+' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self';img-src 'self' https://cdn.dnsimple.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.recaptcha.net/recaptcha/api.js https://c0.pubmine.com https://s.pubmine.com https://criteo.com https://*.criteo.com https://criteo.net https://*.criteo.net https://*.vexowi.com https://vexowi.com https://c.amazon-adsystem.com https://*.3lift.com https://3lift.com https://z.moatads.com https://*.moatads.com https://*.smartadserver.com https://app.link https://*.sascdn.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://www.googletagservices.com/ https://cdn.parsely.com https://a.teads.tv/analytics/tag.js https://assets.tumblr.com https://ads.pubmatic.com https://cdn.jsdelivr.net https://*.privacymanager.io https://*.rlcdn.com https://assets.tumblr.com/pop/ 'nonce-MjZlY2QxNzg3ZmJhY2Y4ZGViMWM2ODJmMGMwMzVhMmI='; report-uri /svc/cspreports; object-src 'none'; worker-src blob: 'self'; base-uri 'self' 1
frame-ancestors 'self' https://www.cpay.com.mk 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://static.cloudflareinsights.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://unpkg.com https://cdn.jsdelivr.net https://www.googletagmanager.com *.google-analytics.com https://*.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://*.doubleclick.net dev.visualwebsiteoptimizer.com *.leadfamly.com https://*.pinterest.com https://connect.facebook.net https://*.adform.net https://*.adnxs.com *.hotjar.com *.hotjar.io *.pinimg.com *.mailplus.nl https://*.gstatic.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://pipeline.operaballet.nl https://blokks.co https://themes.blokks.cloud https://*.clarity.ms https://widget.slinger.to https://*.omniconvert.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com cdn.jsdelivr.net https://tagmanager.google.com https://fonts.googleapis.com dev.visualwebsiteoptimizer.com https://*.leadfamly.com *.mailplus.nl https://www.operaforwardfestival.nl https://operaforwardfestival.nl https://*.operaballet.nl themes.blokks.cloud https://widget.slinger.to https://*.typekit.net; img-src 'self' data: i.vimeocdn.com https://*.operaballet.nl i.ytimg.com cdn.jsdelivr.net *.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.doubleclick.net *.google.com *.google.nl https://*.pinimg.com https://*.pinterest.com https://*.facebook.com https://*.seadform.net https://dev.visualwebsiteoptimizer.com https://*.leadfamly.com https://img.youtube.com/vi/ *.clarity.ms  https://c.bing.com uploads.blokks.cloud; media-src 'self' player.vimeo.com vod-progressive.akamaized.net download-video.akamaized.net https://*.pinimg.com; frame-src 'self' https://www.lessonup.com https://www.youtube.com https://www.youtube-nocookie.com https://consentcdn.cookiebot.com *.google-analytics.com https://www.googletagmanager.com https://m16.mailplus.nl https://*.doubleclick.net https://assets.pinterest.com  https://www.facebook.com https://*.adform.net https://*.hotjar.com https://c.spotler.com https://c.spotler.io  https://www.arte.tv https://*.google.com https://viewer.pdf-online.nl/ https://w.soundcloud.com/ https://open.spotify.com/ https://player.vimeo.com/ https://*.leadfamly.com https://*.operaballet.nl https://wdgt.slinger.to; child-src 'self'; font-src 'self' https://*.leadfamly.com https://fonts.gstatic.com https://themes.blokks.cloud https://use.typekit.net; connect-src 'self' https://sentry.netvlies.nl *.google-analytics.com https://www.google.com/pagead/landing https://pagead2.googlesyndication.com *.leadfamly.com https://*.doubleclick.net https://*.hotjar.com https://*.pinterest.com https://consentcdn.cookiebot.com https://blokks.co https://*.operaballet.nl *.clarity.ms https://*.omniconvert.com; report-uri /report-csp-violation 1
upgrade-insecure-requests' 1
frame-ancestors 'self' my.bonify.de www.bonify.de pages.bonify.de sso.bonify.de 1
default-src 'self' https://mw-ar-recom-prod.pgapi.io/ *.cookielaw.org *.onetrust.com feed.pghub.io pandg.tapad.com ; media-src https://videos.ctfassets.net feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 1
default-src 'self'; script-src 'self' cdnjs.cloudflare.com static.cloudflareinsights.com analytics.nodecraft.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: nodecraft.com; child-src 'none'; font-src 'self' fonts.gstatic.com; connect-src 'self' api.nodecdn.net analytics.nodecraft.com; prefetch-src 'none'; object-src 'none'; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; 1
default-src 'none';object-src 'self';form-action 'self' https://openstreetmap.opportunity-projects.de; base-uri 'self'; connect-src 'self' https://stats.opportunity.de; img-src 'self' https://*.opportunity.de https://openstreetmap.opportunity-projects.de; frame-src 'self' *.opportunity.de; script-src 'self' 'unsafe-inline' *.opportunity.de; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-ancestors 'self'; 1
default-src 'self'; object-src 'self'; img-src * data:; font-src 'self' fonts.gstatic.com; connect-src 'self' www.googleadservices.com api.chatling.ai chatling.ai u.clarity.ms www.youtube.com api.typeform.com cta-service-cms2.hubspot.com s.clarity.ms w.clarity.ms o.clarity.ms z.clarity.ms px.ads.linkedin.com pagead2.googlesyndication.com cdn.linkedin.oribi.io region1.analytics.google.com analytics.google.com forms.hscollectedforms.net q.clarity.ms x.clarity.ms r.clarity.ms service.google.com adservice.google.com www.facebook.com hubspot-forms-static-embed.s3.amazonaws.com forms.hsforms.com js.hs-banner.com call.corefy.com region1.google-analytics.com api.hubspot.com api.hubapi.com forms.hubspot.com m.clarity.ms e.clarity.ms i.clarity.ms b.clarity.ms d.clarity.ms h.clarity.ms l.clarity.ms a.clarity.ms n.clarity.ms www.google-analytics.com stats.g.doubleclick.net; style-src 'unsafe-inline' 'self' embed.typeform.com fonts.googleapis.com www.gstatic.com; frame-src 'self' embed.chatling.ai form.typeform.com paycore-5818496.hs-sites.com call.corefy.com td.doubleclick.net forms.hsforms.com app.hubspot.com bid.g.doubleclick.net www.google.com www.facebook.com e.infogram.com www.youtube.com; frame-ancestors 'self' form.typeform.com; script-src 'unsafe-inline' 'self' a.quora.com chatling.ai embed.typeform.com js.hubspot.com snap.licdn.com static.hsappstatic.net js.hsforms.net js.usemessages.com googleads.g.doubleclick.net www.googleadservices.com js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net js.hsadspixel.net js.hs-scripts.com www.clarity.ms l.clarity.ms chart.googleapis.com ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com connect.facebook.net 1
frame-ancestors 'self' https://manage.hpac.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors 'self' https://www.aussie-dev.com.au https://www.aussie-stg.com.au https://www.aussie-preprod.com.au 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com https://*.siteimprove.net 'unsafe-inline' 'unsafe-eval' *.msecnd.net *.google.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.ads-twitter.com *.callrail.com *.licdn.com https://siteimproveanalytics.com *.bing.com *.hotjar.com *.doubleclick.net *.livehelpnow.net https://www.youtube.com/iframe_api *.azureedge.net https://w.soundcloud.com *.twitter.com *.rdoequipment.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.polyfill.io https://*.criteo.com https://static.criteo.net https://tags.srv.stackadapt.com https://qvdt3feo.com https://www.clarity.ms https://js.adsrvr.org/up_loader.1.1.0.js https://assets.sitescdn.net/ytag/ytag.min.js https://analytics.tiktok.com/i18n/pixel/events.js https://cdn.sheetjs.com/xlsx-0.20.1/package/dist/xlsx.full.min.js 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' *.azureedge.net *.livehelpnow.net *.rdoequipment.com https://tags.srv.stackadapt.com https://*.googletagmanager.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; img-src *.gstatic.com *.googleapis.com data: blob: marketing.rdoequipment.com https://i.ytimg.com https://www.googletagmanager.com *.doubleclick.net https://urldefense.proofpoint.com *.google.bg *.google-analytics.com *.fbcdn.net *.facebook.com *.hotjar.com *.cdninstagram.com *.azurewebsites.net *.blob.core.windows.net *.bigcommerce.com *.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://i.vimeocdn.com *.adentifi.com *.linkedin.com https://t.co https://*.twitter.com *.bing.com *.siteimproveanalytics.io *.google.com *.livehelpnow.net https://fmgaggi.com https://p.adsymptotic.com *.hawksearch.net https://*.criteo.com https://manage.hawksearch.com https://cdn.cookielaw.org https://*.clarity.ms https://place-hold.it https://*.dynamics.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.azureedge.net *.hotjar.com *.livehelpnow.net; connect-src https://*.siteimprove.com https://dc.services.visualstudio.com *.livehelpnow.net https://maps.googleapis.com https://*.americaneagle.com *.google-analytics.com https://*.google.com *.doubleclick.net *.callrail.com wss://app.livehelpnow.net https://mydealer.rdoequipment.com/cdkhe/login *.bing.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.rdoequipment.com https://cdn.cookielaw.org https://*.onetrust.com https://vimeo.com https://*.criteo.com https://tags.srv.stackadapt.com https://*.clarity.ms https://cdn.linkedin.oribi.io https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://*.dynamics.com https://*.googlesyndication.com https://*.facebook.com https://*.linkedin.com https://*.azureedge.net 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://developer.livehelpnow.net *.cdninstagram.com; child-src 'self' https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ https://*.siteimprove.com *.rdoequipment.com *.azureedge.net *.doubleclick.net *.google.com https://youtube.com *.facebook.com *.hotjar.com https://*.criteo.com https://*.deere.com https://insight.adsrvr.org https://*.dynamics.com https://*.adsrvr.org https://www.arcgis.com 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' https://online.gamingcampus.fr https://online.guardia.school https://player.gamingcampus.fr https://player.guardia.school data: blob:; 1
frame-ancestors 'self' https://clientpoint.net https://*.clientpoint.net; 1
default-src 'self' www.youtube-nocookie.com dskam.bg dskbank.bg dskpremium.bg dskmobile.bg dskdom.bg dsktranssecurity.bg dskrodina.bg; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js cdnjs.cloudflare.com consent.cookiebot.eu consentcdn.cookiebot.eu https://consentcdn.cookiebot.eu/ https://secure.adnxs.com *.doubleclick.net www.googleadservices.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js http://eadsrv.com/js/px.js https://snap.licdn.com/li.lms-analytics/insight.min.js www.youtube.com www.googletagmanager.com https://bat.bing.com http://dskbank.webim.chat https://dskbank.webim.chat http://tchatbot.dskbank.bg https://tchatbot.dskbank.bg http://chatbot.dskbank.bg https://chatbot.dskbank.bg *.hotjar.com www.redditstatic.com https://static.addtoany.com dskam.bg dskbank.bg dskpremium.bg dskmobile.bg dskdom.bg dsktranssecurity.bg dskrodina.bg https://uat.dskbank.bg https://snap.licdn.com https://bg.search.etargetnet.com https://unpkg.com https://www.clarity.ms https://bg.hit.gemius.pl https://maxcdn.bootstrapcdn.com/ consent.cookiebot.com consentcdn.cookiebot.com https://consentcdn.cookiebot.com/ 'self' js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com dskam.bg dskbank.bg dskpremium.bg dskmobile.bg dskdom.bg dsktranssecurity.bg dskrodina.bg https://cdn.jsdelivr.net 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://www.google.bg https://www.google.com *.youtube.com *.doubleclick.net *.linkedin.com dskbank.bg eadsrv.com secure.adnxs.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com dskam.bg https://bat.bing.com http://dskbank.webim.chat https://dskbank.webim.chat http://tchatbot.dskbank.bg https://tchatbot.dskbank.bg http://chatbot.dskbank.bg https://chatbot.dskbank.bg https://alb.reddit.com https://stats.addtoany.com *.googlesyndication.com dskpremium.bg dskmobile.bg dskdom.bg dsktranssecurity.bg dskrodina.bg www.googletagmanager.com https://ib.adnxs.com 'self' track.hubspot.com js.hsleadflows.net forms.hsforms.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.google-analytics.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: http://dskbank.webim.chat https://chatbot.dskbank.bg; frame-ancestors 'self'; connect-src accounts.google.com *.google-analytics.com https://isic.bg/api/v1/dsk/discounts *.mktoresp.com www.google-analytics.com stats.g.doubleclick.net https://consentcdn.cookiebot.com http://dskbank.webim.chat https://dskbank.webim.chat http://maps.googleapis.com https://maps.googleapis.com http://tchatbot.dskbank.bg https://tchatbot.dskbank.bg http://chatbot.dskbank.bg https://chatbot.dskbank.bg https://consentcdn.cookiebot.eu *.hotjar.com https://stats.addtoany.com *.googlesyndication.com wss://ws28.hotjar.com *.google.com https://googleads.g.doubleclick.net https://cdn.linkedin.oribi.io https://uat.dskbank.bg https://*.hotjar.io wss://ws.hotjar.com 'self' forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src consentcdn.cookiebot.com https://www.youtube-nocookie.com/ www.google.com https://consentcdn.cookiebot.eu *.hotjar.com *.doubleclick.net https://static.addtoany.com wss://ws28.hotjar.com 'self' web-chat.nativechat.com; frame-src https://www.youtube-nocookie.com/ https://consentcdn.cookiebot.eu/ https://www.facebook.com/ https://12090499.fls.doubleclick.net/ https://www.google.com/ https://www.youtube.com/ https://td.doubleclick.net https://bg.hit.gemius.pl www.google.com 'self' forms.hsforms.com web-chat.nativechat.com 1
object-src 'none'; script-src 'self' https://*.rmbl.ws https://ads.pubmatic.com https://polyfill.io https://js.ad-score.com https://*.revcontent.com https://hcaptcha.com https://*.hcaptcha.com https://*.cloudflare.com https://*.twitter.com https://*.twimg.com https://*.googleapis.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://ads.scored.co 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://www.staging6.oldstreetsolutions.com https://staging6.oldstreetsolutions.com 1
default-src 'self' *.nrw.de;    script-src  'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de map.nrw *.google.com *.youtube.com oembed.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net *.tools.lehrer-werden.nrw;    style-src   'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net;    font-src data: *;    img-src  data: *;    frame-ancestors 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com oembed.com *.youtu.be ytchannelembed.com *.tools.lehrer-werden.nrw;    worker-src  'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de *.vimeo.com *.vimeocdn.com;    frame-src   'self' *.nrw.de map.nrw *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be oembed.com ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de *.tools.lehrer-werden.nrw *.vimeo.com *.vimeocdn.com;    object-src  'self';    connect-src 'self' *.nrw.de svc.webspellchecker.net;    media-src *; upgrade-insecure-requests; 1
frame-src 'self' *.ph-freiburg.de www.thinglink.com www.bookcreator.com learningapps.org www.youtube-nocookie.com videoportal.uni-freiburg.de videoportal.vm.uni-freiburg.de; 1
default-src 'self' *.associatedasset.com *.aamresales.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.clickdimensions.com *.doubleclick.net *.hotjar.com *.hotjar.io *.vimeocdn.com *.vimeo.com *.youtube.com *.msecnd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.associatedasset.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.clickdimensions.com *.hotjar.com *.hotjar.io *.vimeocdn.com *.msecnd.net; style-src 'self' 'unsafe-inline' *.msecnd.net; connect-src 'self' *.associatedasset.com wss://*.associatedasset.com *.google.com *.google-analytics.com *.googleadservices.com *.clickdimensions.com *.doubleclick.net *.hotjar.com *.hotjar.io; frame-ancestors 'self' 1
default-src 'none'; script-src 'self' 'nonce-9cf4e795060aee29ab6723ef23939656' https://*.lendingpoint.com https://cdn.mouseflow.com https://www.googletagmanager.com https://www.googleadservices.com https://sentry.io https://cdn.heapanalytics.com https://optimize.google.com https://www.google-analytics.com https://*.googleapis.com https://www.gstatic.com https://www.googleoptimize.com https://widget.trustpilot.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google.com https://bat.bing.com https://rs.fullstory.com https://edge.fullstory.com https://cdn.evgnet.com; style-src 'self' 'unsafe-inline' https://*.lendingpoint.com https://optimize.google.com https://*.googleapis.com; img-src 'self' data: https://*.lendingpoint.com https://www.google-analytics.com https://heapanalytics.com https://optimize.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.facebook.com/tr https://www.facebook.com/tr/ https://www.google.com https://bat.bing.com https://d21y75miwcfqoq.cloudfront.net; font-src 'self' data: https://*.lendingpoint.com fonts.gstatic.com; connect-src 'self' data: https://*.lendingpoint.com https://*.ingest.sentry.io https://analytics.google.com https://www.google-analytics.com https://sentry.io https://n2.mouseflow.com https://*.googleapis.com https://io.lendingpoint.com https://rum-collector-2.pingdom.net https://stats.g.doubleclick.net https://rs.fullstory.com https://edge.fullstory.com https://lendingpoint.us-5.evergage.com; media-src 'self' https://*.lendingpoint.com; object-src 'self' https://*.lendingpoint.com; child-src 'self' https://*.lendingpoint.com; frame-src 'self' https://*.lendingpoint.com https://optimize.google.com https://widget.trustpilot.com https://player.vimeo.com https://www.facebook.com https://bid.g.doubleclick.net https://www.google.com; worker-src 'self' https://*.lendingpoint.com; frame-ancestors 'self' *.lendingpoint.com;; form-action 'self' https://*.lendingpoint.com https://www.facebook.com/tr https://www.facebook.com/tr/; manifest-src 'self' https://*.lendingpoint.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; 1
frame-ancestors 'self';report-uri https://o53358.ingest.sentry.io/api/1372210/security/?sentry_key=d50570b24e9b4697bf0f914701f911f9 1
default-src 'self' blob:; script-src 'self' 'unsafe-inline' maps.googleapis.com *.googletagmanager.com *.google-analytics.com blob: *.azureedge.net  cdn.cookielaw.org blob: *.azureedge.net *.dynamics; img-src 'self' data: res.cloudinary.com maps.googleapis.com maps.gstatic.com *.emtekaws.com www.google-analytics.com cdn.cookielaw.org; font-src 'self' fonts.googleapis.com fonts.gstatic.com; connect-src 'self' app.glitchtip.com *.sentry.io *.googleapis.com www.google-analytics.com cdn.cookielaw.org data:  *.dynamics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; media-src 'self' *.cloudinary.com ; frame-src 'self'  *.dynamics.com; frame-ancestors 'self' 1
script-src 'self' 'unsafe-inline' https://unpkg.com https://code.jquery.com https://instagram.com https://www.instagram.com https://www.google.com https://www.gstatic.com https://platform.instagram.com https://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com https://snap.licdn.com https://connect.facebook.net https://widget.intercom.io https://js.intercomcdn.com https://blog.hoolah.co https://c0.wp.com https://static.ada.support; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://blog.hoolah.co 1
default-src 'self' 'unsafe-inline' *.ics.com; img-src 'self' *.ics.com https://www.google.com/ads/ https://px.ads.linkedin.com/ https://*.ads.linkedin.com https://www.linkedin.com/px/ https://www.google.com/pagead/ https://p.adsymptotic.com/d/px/ https://t.paypal.com/ https://lh4.googleusercontent.com https://forms.hsforms.com/ https://perf.hsforms.com/embed/ https://track.hubspot.com/ https://i.vimeocdn.com/video/ https://www.google-analytics.com/ https://forms.hubspot.com https://googleads.g.doubleclick.net/pagead/ https://forms-na1.hsforms.com/embed/v3/ https://www.googletagmanager.com/ https://fonts.gstatic.com/s/i/googlematerialicons/ https://bat.bing.com https://perf-na1.hsforms.com/embed/ https://cta-service-cms2.hubspot.com/ https://static.hubspot.com/img/ https://static.hsappstatic.net/ data:; font-src 'self' *.ics.com https://themes.googleusercontent.com/static/fonts/ https://fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' *.ics.com *.doubleclick.net *.googleadservices.com *.googletagmanager.com *.linkedin.com *.licdn.com *.google-analytics.com static.addtoany.com *.paypal.com https://js.hs-scripts.com/ https://js.hsforms.net/forms/embed/v2.js https://js.hscollectedforms.net/ https://js.hs-analytics.net/ https://js.hsadspixel.net/ https://js.hs-banner.com/ https://player.vimeo.com/api/player.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.hsforms.net/forms/v2.js https://forms.hsforms.com/embed/ https://js.usemessages.com/conversations-embed.js https://www.paypalobjects.com/ https://mtag.microsoft.com/tags/ https://tpc.googlesyndication.com/sodar/ https://bat.bing.com/ https://js.hubspot.com/web-interactives-embed.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/debug/; frame-src 'self' *.ics.com *.addtoany.com *.linkedin.com *.paypal.com https://*.doubleclick.net/ https://www.slideshare.net/ https://player.vimeo.com/ https://www.google.com/ https://www.youtube.com/ https://js.hsforms.net/ https://forms.hsforms.com/ https://app.hubspot.com/ https://www.paypalobjects.com/ https://open.spotify.com/ https://tpc.googlesyndication.com/ https://share.transistor.fm/ https://bostonux-21001159.hs-sites.com/ https://player.simplecast.com/; connect-src 'self' *.google-analytics.com https://pagead2.googlesyndication.com stats.g.doubleclick.net *.addtoany.com *.paypal.com https://api.hubapi.com/hs-script-loader-public/ https://forms.hubspot.com/collected-forms/ https://forms.hscollectedforms.net/collected-forms/ https://hubspot-forms-static-embed.s3.amazonaws.com/prod/ https://forms.hsforms.com/emailcheck/ https://api.hubspot.com/ https://forms.hsforms.com/embed/v3/form/21001159/ https://analytics.google.com/ https://cdn.linkedin.oribi.io/partner/76168/ https://cta-service-cms2.hubspot.com/ https://px.ads.linkedin.com/; media-src 'self'; object-src 'none'; frame-ancestors 'none'; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.sentinelassam.com;block-all-mixed-content; 1
upgrade-insecure-requests; script-src 'strict-dynamic' 'nonce-FMt4hcYXQA9NAQszSMnf9Q=='; 1
default-src 'self' https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://cmp.osano.com;connect-src 'self' https://cdn.linkedin.oribi.io https://pagead2.googlesyndication.com https://analytics.google.com https://z.omappapi.com https://a.omappapi.com https://api.omappapi.com https://pi.pdfjs.express https://auth.pdfjs.express https://mwmnianj8f.execute-api.us-east-1.amazonaws.com https://viewlicense.adobe.io https://api.icims.com https://tattle.api.osano.com https://consent.api.osano.com https://disclosure.api.osano.com https://www.ibex.co https://wavezero.ibex.co https://www.google-analytics.com https://scout.salesloft.com https://stats.g.doubleclick.net https://266-qtu-342.mktoresp.com https://266-qtu-342.mktoutil.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://go.ibex.co https://cmp.osano.com https://munchkin.marketo.net https://266-qtu-342.marketo.net https://266-qtu-342.mktoresp.com https://266-qtu-342.mktoutil.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://scout-cdn.salesloft.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com blob:; script-src-elem 'self' 'unsafe-inline' https://use.typekit.net https://a.omwpapi.com https://a.omappapi.com https://documentcloud.adobe.com https://ws.zoominfo.com https://cmp.osano.com https://go.ibex.co https://munchkin.marketo.net https://266-qtu-342.marketo.net https://266-qtu-342.mktoresp.com https://266-qtu-342.mktoutil.com https://www.youtube.com https://www.google.com https://www.googletagmanager.com https://cdn.ampproject.org https://connect.facebook.net https://snap.licdn.com https://scout-cdn.salesloft.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://mid.collect.igodigital.com https://www.gstatic.com; img-src 'self' https://*.omappapi.com https://px4.ads.linkedin.com https://www.googletagmanager.com https://p.adsymptotic.com https://www.linkedin.com https://secure.gravatar.com https://www.google.com.qa https://na-sj29.marketo.com https://www.google-analytics.com https://wavezero.ibex.co https://www.google.com https://www.google.com.pk https://www.facebook.com https://px.ads.linkedin.com data:; style-src 'self' 'unsafe-inline' https://a.omappapi.com https://fonts.googleapis.com https://go.ibex.co; font-src 'self' https://fonts.gstatic.com https://use.typekit.net https://themes.googleusercontent.com data:; frame-src 'self' https://td.doubleclick.net https://documentcloud.adobe.com https://w.soundcloud.com https://www.youtube.com https://go.ibex.co https://www.google.com https://www.facebook.com https://s-static.ak.facebook.com https://bid.g.doubleclick.net; object-src 'none'; media-src 'self';frame-ancestors 'self' 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' i0.wp.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' berrythompson.innocraft.cloud *.tradedoubler.com api.smooch.io *.hotjar.com *.onetrust.com www.google-analytics.com bat.bing.com googleads.g.doubleclick.net *.contentsquare.net unpkg.com www.tag4arm.com connect.facebook.net logx.optimizely.com *.mention-me.com tag.mention-me.com cdn-pci.optimizely.com dxcdkie9wax5t.cloudfront.net analytics.freespee.com widget.trustpilot.com www.googletagmanager.com static.zdassets.com v2.zopim.com ajax.googleapis.com cdnjs.cloudflare.com cdn.datatables.net script.infinity-tracking.com *.infinity-tracking.com ict.infinity-tracking.net; font-src data: 'self' *.hotjar.com fonts.gstatic.com; img-src data: blob: 'self' static.zdassets.com *.googlesyndication.com ad.doubleclick.net *.hotjar.com s.w.org ps.w.org *.onetrust.com *.google.lk *.google.co.uk staysure.zendesk.com staysureavanti.zendesk.com *.contentsquare.net www.facebook.com bat.bing.com www.google.com  www.google-analytics.com www.googletagmanager.com www.google.ie d1iztds5glgmc8.cloudfront.net *.gravatar.com 0.gravatar.com www.w3.org *.wp.com c.bing.com script.infinity-tracking.com *.infinity-tracking.com ict.infinity-tracking.net; connect-src 'self' berrythompson.innocraft.cloud wss://api.smooch.io *.googlesyndication.com googleads.g.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com bat.bing.com *.google.com *.onetrust.com *.optimizely.com bat.bing.com analytics.google.com staysureavanti.zendesk.com www.facebook.com *.contentsquare.net www.tag4arm.com tag.mention-me.com widget-mediator.zopim.com ekr.zdassets.com wss://widget-mediator.zopim.com logx.optimizely.com stats.g.doubleclick.net region1.analytics.google.com www.google.ie script.infinity-tracking.com *.infinity-tracking.com ict.infinity-tracking.net; worker-src 'self' blob: data: 1
default-src * data:; frame-src 'self' *.cerberusapp.com *.doubleclick.net *.stripe.com *.google.com *.googlesyndication.com *.youtube.com; script-src 'self' https://*.cerberusapp.com http://*.cerberusapp.com *.google-analytics.com *.googlesyndication.com *.googleapis.com *.gstatic.com *.google.com *.doubleclick.net *.akamaihd.net *.googletagmanager.com *.googleadservices.com *.stripe.com ajax.cloudflare.com static.cloudflareinsights.com data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; connect-src https://*.cerberusapp.com http://*.cerberusapp.com https://*.google.com https://*.google-analytics.com https://*.gstatic.com https://*.googlesyndication.com wss://*.cerberusapp.com:* https://*.googleapis.com https://*.stripe.com https://*.doubleclick.net cloudflareinsights.com 1
default-src 'self' scribit-pro-hosting.storage.googleapis.com; child-src 'self' *.youtube.com https://gemeente-haarlem.vmwareidentity.eu blob: *.youtube-nocookie.com *.vimeo.com; connect-src 'self' scribit-pro-hosting.storage.googleapis.com api.scribit.pro *.siteimprove.com *.haarlem.nl *.openstreetmap.org; font-src 'self' data: *.googleusercontent.com *.haarlem.nl; frame-src 'self' *.youtube.com https://gemeente-haarlem.vmwareidentity.eu https://kaart.haarlem.nl https://open.spotify.com https://api.soundcloud.com https://*.issuu.com/ *.youtube-nocookie.com *.vimeo.com *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io page.report; img-src 'self' data: https://www.toegankelijkheidsverklaring.nl i.ytimg.com *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.haarlem.nl *.openstreetmap.org; object-src 'none'; script-src 'self' scribit-pro-hosting.storage.googleapis.com *.scribit.pro www.youtube.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com https://cdn.siteimprove.net/cms/overlay-latest.js *.haarlem.nl 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-hashes' *.haarlem.nl 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self' https://zandvoort.nl 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' chrome-extension https: wss:; img-src https: data: blob:; object-src 'none'; frame-ancestors *.zurich.ch *.autosense.ch  'self'; worker-src blob:; 1
default-src 'self' https://*.dormakabagroup.com blob: ; prefetch-src 'self' https://*.dormakabagroup.com ; frame-src 'self' https://*.dormakabagroup.com https://*.dormakaba.com https://*.equitystory.com https://cdn.iframe.ly https://*.vimeo.com https://*.vimeocdn.com https://irs.tools.investis.com https://*.jotformeu.com https://*.jotform.com https://*.pardot.com https://www.youtube.com https://*.storelocatorwidgets.com https://web.inxmail.com https://fbweb.cypheme.com; frame-ancestors 'self' https://*.dormakabagroup.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.dormakabagroup.com https://www.googletagmanager.com https://*.equitystory.com https://*.google-analytics.com https://*.eqs.com https://maps.googleapis.com https://ajax.googleapis.com https://cdn.cookielaw.org https://*.hotjar.com https://*.storelocatorwidgets.com ; object-src 'none' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.eqs.com https://*.storelocatorwidgets.com ; img-src 'self' data: blob: https://*.dormakabagroup.com https://*.dormakaba.com https://*.ctfassets.net https://*.eqs.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht https://www.google-analytics.com https://fonts.gstatic.com https://cdn.cookielaw.org https://*.storelocatorwidgets.com; media-src 'self' https://*.ctfassets.net data: blob: ; font-src 'self' https://fonts.dormakaba.com https://fonts.gstatic.com https://*.storelocatorwidgets.com data: ; connect-src 'self' https://*.dormakabagroup.com https://*.contentful.com https://*.algolia.net https://*.algolianet.com https://*.equitystory.com https://*.cms-eqs.com https://*.storelocatorwidgets.com https://cdn.cookielaw.org https://*.google-analytics.com https://maps.googleapis.com https://*.onetrust.com https://analytics.google.com https://*.doubleclick.net https://*.eqs.com ; worker-src 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; manifest-src 'self' ; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com www.tjk-njk.com *.exoclick.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://porno.dreammovies.com/csp-reports; report-to csp-endpoint 1
frame-ancestors self https://community.pregnancy.org https://optum.marketing.adobe.com *.uhg.com *.optum.com *.uhc.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://mc.yandex.ru  https://www.google.com https://www.googletagmanager.com  https://ssl.google-analytics.com  https://connect.facebook.net https://www.google-analytics.com/analytics.js https://api-maps.yandex.ru https://yastatic.net https://core-renderer-tiles.maps.yandex.net; img-src 'self' data: image/svg+xml https://cdn.plyr.io https://ssl.google-analytics.com https://s-static.ak.facebook.com https://mc.yandex.ru/metrika/advert.gif https://www.facebook.com https://www.google-analytics.com https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net https://vsrobotics.ru; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; media-src 'self' https://vsrobotics.ru; font-src 'self' https://themes.googleusercontent.com; frame-src https://www.google.com https://www.facebook.com https://s-static.ak.facebook.com; object-src 'none'; connect-src 'self' https://mc.yandex.ru https://www.google-analytics.com 1
frame-ancestors 'self' *.tdsecurities.com *.tdbank.ca *.tdbank.com *.td.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.2o7.net b.6sc.co c.6sc.co j.6sc.co secure.adnxs.com *.adobe.com assets.adobedtm.com *.adsrvr.org static.ads-twitter.com p.adsymptotic.com *.advancedfundsolutions.com *.akafms.net *.akamaihd.net ingestion-upload-production.s3.amazonaws.com/ platform.asset.tv *.atlcap.com *.bcovlive.io *.bcvp0rtal.com match.prod.bidr.io bat.bing.com tags.bluekai.com *.boltdns.net *.brightcove.com *.brightcove.net *.brightcovecdn.com *.calvert.com *.morganstanley.com *.ms.com *.msim.com morganstanley.prospectus-express.com cdn.polyfill.io/v2/polyfill.sj cdnjs.cloudflare.com *.cloudfront.net api.company-target.com segments.company-target.com *.custombeta.com *.demandbase.com *.demdex.net dev-drwebsite www.dianomi.com *.doubleclick.net *.eatonvance.at *.eatonvance.ch *.eatonvance.co.kr *.eatonvance.co.uk *.eatonvance.com *.eatonvance.com.au *.eatonvance.de *.eatonvance.dk *.eatonvance.fi *.eatonvance.ie *.eatonvance.jp *.eatonvance.nl *.eatonvance.no *.eatonvance.se *.eatonvance.sg proxy-bedford.eatonvance.com:8443 *.eatonvancecounsel.com eatonvanceinvestment.tt *.eatonvancerealestate.com *.analytics.edgekey.net ejohn.org cm.everesttech.net *.evmanagement.com *.evwateroak.com xbrl.fasb.org servedby.flashtalking.com fluidproject.org *.fml-x.com fml-x.com *.gallerysites.net gateway.zscalertwo.net getbootstrap.com www.giftcalcs.com www.google.com www.googleadservices.com www.google-analytics.com *.googleapis.com www.googletagmanager.com fonts.gstatic.com www.gstatic.com vds.issgovernance.com weblogs.java.net www.joostdevalk.nl code.jquery.com static.knowledgevision.com www.kryogenix.org snap.licdn.com *.linkedin.com brightcove.hs.llnwd.net brightcove.vo.llnwd.net *.morningstar.com hello.myfonts.net js-agent.newrelic.com *.nextshares.com bam.nr-data.net javascript.nwbox.com *.omtrdc.net onlinexperiences.com *.parametricportfolio.com pi.pardot.com cdn.polyfill.io www.riddle.com id.rlcdn.com xbrl.sec.gov seekingalpha.com t.sf14g.com www.storygize.net t.co analytics.twitter.com platform.twitter.com cloud.typography.com ww.math.ubc.ca *.uscharitablegifttrust.org *.uslegacyincometrusts.org bcove.video www.w3.org xbrl.org youtube.com vjs.zencdn.net *.byspotify.com *.dynatrace.com *.evidon.com blob: data: 1
frame-ancestors 'self' *.tombolaarcade.co.uk *.tombola.com https://app.optimizely.com; 1
default-src 'self'; img-src blob: data: https:; media-src https:; style-src 'unsafe-inline' https:; script-src 'nonce-D2wDYJGZB9Jxa7G2' 'self' *.googletagmanager.com *.intercom.io *.intercomcdn.com *.umami.is; worker-src 'self' blob:; child-src 'self' blob:; connect-src 'self' *.google-analytics.com *.intercom.io *.intercomcdn.com *.sentry.io wss://*.intercom.io user-image-assets-prod-us-west-2.s3.us-west-2.amazonaws.com user-image-assets-prod-us-east-2.s3.us-east-2.amazonaws.com user-image-assets-dev-us-west-2.s3.us-west-2.amazonaws.com user-image-assets-dev-us-east-2.s3.us-east-2.amazonaws.com *.umami.dev; font-src * 1
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; 1
script-src 'self' blob: dcpages.bcbsil.com *.mpeasylink.com *.omtrdc.net *.convertlanguage.com *.clarity.ms *.bcbsok.com *.walkme.com *.jquery.com *.brightcove.com *.tvsquared.com *.marinsm.com *.steelhousemedia.com *.clarity.ms *.stackadapt.com  'sha256-Rqz5HBTdDZqvx9tFQtMxkOrL6I7oKHMPUmejT+2LMw8=' 'sha256-0rnAJ6vApAwYvkwKRItvYvJBuC2Tc6FUGnpWWGKm0s0=' 'sha256-E3D70tU+C9GFn1aNG7ja3BGmXO6SUTBfXNPkiks6YKM=' 'sha256-WiBrp8n6qzXaR53OMuij2Wqky+WBAZHWS4m9u+Y6Vgs=' 'sha256-Bwbsdql2wuxPBfreVcjv4IcQRIm2tK54E/ZtuKmHmLI=' 'sha256-+QoWUsMtJAiKNrS9ddu7252XOoLq26XVwk4TdboDGM0=' 'sha256-EFemVE1/2VPlNZdptBdgN2GjWc7noj81GGGv0MwOyJY=' 'sha256-K83smGC12/mOrMV+5hXYSc0TQHjFQM6XX+Zdj9pBbas=' 'sha256-Fx0LrAqaK0HfpKOTd5jtbUe4X89Fz86oesjqSQUn8Y8=' 'sha256-L+CdrbB/3MWzakKjyzoy8w1eIqDVGrsftnkvJdo4gIc=' 'sha256-ud+TXSHWwW6/Ltq5qioGqWeGcQMxHWR5TiMnvYBaUEk=' 'sha256-BaFk7RP58iF1BkZHdqeujuDXXLld9PS1LiKm9MnnQ2A=' 'sha256-3BUC2uqkLtf11hujvyMEl1NTcrpXaw9M/nxK0qpugE4=' 'sha256-ThHZXYAEciBA4PPtRsuwrM4rS6A27cEeDZfKFgMjOHs=' 'sha256-Fx0LrAqaK0HfpKOTd5jtbUe4X89Fz86oesjqSQUn8Y8=' 'sha256-1jH1jUGW8+/nnNLV4s1f8jHlAtMsBv985QVausqXm5s=' 'sha256-XpDQ/sKD1Q35z6yrfuUgNaqcpCpmaF6wIFXhd6+xJLo=' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' 'sha256-oRdVJzqGJc9xIgrN9giweGhI+uJQxUjkla++Xx19V+M=' 'sha256-P+6dUXh0AE0IknMkVtquEOaJZkrTTlUwjdLsSHSwG90=' 'sha256-Mme3KA7+pA4UbGH5JkgUQSYvf/zd5Ub+KaJs0uRu8ZU=' 'sha256-518pk5SuTHe1wO+qPfs05CALGxGj8b7R9joTeyF3MMg=' 'sha256-N63VR5czWRUyi4yTEGyoam6orM200eR4SB/ndd2vCSE=' 'sha256-h1BXcWieM0hfS3GVpaXzPev+V7bbo0VQKstgeMXvP04=' 'sha256-nyYhGb/ogFCXA+jjhnQPaWmEGq7zMi7is/Og/WHHu1U=' 'sha256-MW7xYbbWUIy+vpnrRUsAKgafurRDpmEtw8ibUiTK9kg=' 'sha256-1hphP5UeIPLrdHl0caK+RBjjIf/Nf+NOjngIRgKJNvg=' 'sha256-5fsNGF2R9ioLIErxzZqlt7Q+qLwWOmVWJp0buVkNkRY=' 'sha256-PYtocK3DFaOHMHXcTLPhO1P5IEXMf8cf6Yyf1u0USFQ=' 'sha256-JlKI/jgeMVC9UAc3axGPML/PCKwu8dAnBRUHncXK+cQ=' 'sha256-nwxOa/AwuXKhEnQfF8z3U9AQyig3d1tfIX6QLS1c7/U=' 'sha256-GtVr9Zuz9aTjQAj54p9HhTNTu36Dn7NyQh3d7xMZg4k=' 'sha256-prCWgxIMGDrHbwdw5mT2MeFWJJGImVIKxAV7gJOpQ0w=' 'sha256-tU2s1s4syE7gpagiZ/DMk2OM7ZcxzIYUDAn0ZWZZvcw=' 'sha256-IohmHrNbNfYp1N8eOkosBSzsog22PSpNMgxp+rP0ba0=' 'sha256-gdUVY3rNP3d8mugxATRy94Oef9TvyvQv4LByypmpoQM=' 'sha256-Oc0DJ+pN/Q9MEzC3WsStCthU0JXK5IxeTD/NO180ggI=' 'sha256-3R5kPMMUS7lCbC94I1yEP6/LrPcCxCpJkMghRm5vc+M=' 'sha256-TfsnO13RGWJOuqMSQ71jj+6N2s997hJAghDCvf9s9dM=' 'sha256-xri8zZKOW+5jts4GRTZuQGosPS+dSTQJr5bebWtNr90=' 'sha256-zOJVpbdSYuV1KeKh04uYsnYyneK7qLzkfYDw9h6+0KM=' 'sha256-0Cmn/CPjE7iLtaGEpZ3gIbyK7+T2PCg6t/q0GQ8aurU=' 'sha256-+F7WJt5j0JAyOvITKopxkUbW3zrhfgO/64YUDWNfWV4=' 'sha256-V5fb1zKsLvfOQE+Tz3abD2NIZPMKdQKrZG6116lj62Y=' 'sha256-/R+9/01InyDhaLq1zYqbjyPav2dunvCCN1mHJxx026U=' 'sha256-023g/MYKiNi2UHZqb0fjW4jU0C9zmvXY7ylFFTbQLAs=' 'sha256-9w+aFd0ogU/pVs/M0q0ixKcQLrt524ABSMma2ixZRmA=' 'sha256-uvQd362cMOZMihRdpHDQkkQG005hI1hAULGe/1hrq7A=' 'sha256-RLZndXh1nmE1wrQG6kjO6AGpiyGJTN5t/otHymIj8UA=' 'sha256-ttmSnfQfAQQQiV28ls0mnFkkr+dl0cSWZO+7qlgQV7w=' 'sha256-JV3lxBYaKBxEcW9cv7bpM9YrLNCSO2x+5hI319J5VH4=' 'sha256-s1BV33CoxJjYzvmpCjN3WTwdPhNhnco3NW1k5J/YA3o=' 'sha256-7JcAvVdE2sCnsRNg9sUUpEVPc2NLH+qJYzoCeD2nHss=' 'sha256-ehPVrgdV2GwJCE7DAMSg8aCgaSH3TZmA66nZZv8XrTg=' 'sha256-ooG2PlUfrfqVyDZV30w0BK5FwqPKhiPhrYEc3z3R3ow=' 'sha256-5nRGMOmqCmDqDhW/cRGfA1gF0jaDt730ej6AJpe2m9g=' 'sha256-7bwnNunfhUOLCxywkp0xlObo3iqPpAfiCr6IN5IeXCA=' 'sha256-0Pvth24NB2HpvezgdvpJMgDYWi91zp9XQc0lnwVD76I=' 'sha256-VL0W/0a7GGeMu92Qz6/kju/TfhubARqd6hobZ5vR8HM=' 'sha256-G38Y5gB6x7PXV8puXKlJ1t7rV5fLuVPEDLHAb64SY20=' cdn.walkme.com  *.bcbsil.com *.bcbstx.com *.marketo.net *.hcsc.net contentz.mkt922.com healthcareservicecorporation.sc.omtrdc.net resources.digital-cloud-west.medallia.com dx.steelhousemedia.com cdn.decibelinsight.net *.facebook.net *.googleadservices.com bat.bing.com *.googletagmanager.com nexus.ensighten.com *.google-analytics.com js-cdn.dynatrace.com assets.adobedtm.com googleads.g.doubleclick.net gateway.foresee.com dx.steelhousemedia.com *.kampyle.com *.medallia.com, frame-src 'self' dcpages.bcbsil.com *.mpeasylink.com *.bcbsok.com hcsc.demdex.net players.brightcove.net *.youtube.com resources.digital-cloud-west.medallia.com healthcareservicecorporation.sc.omtrdc.net *.kampyle.com *.medallia.com *.doubleclick.net, frame-ancestors 'self' 1
default-src 'self' data: *.kashanu.ac.ir http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org https://cdn77.api.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://conf.isc.ac https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com https://widget-react.raychat.io; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org https://widget-react.raychat.io; img-src 'self' blob: data: https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://ws5.goftino.com wss://cdn.goftino.com https://api.userway.org https://cdn.userway.org https://cdn77.api.userway.org https://widget-service.raychat.io wss://ws10.goftino.com; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org https://edu.sapiba.ir; frame-ancestors 'self' https://trustseal.enamad.ir; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://clients1.google.com https://apis.google.com https://www.gstatic.com www.google.com http://cse.google.com https://cse.google.com http://cdn.jsdelivr.net http://c.la1-c1-syd.salesforceliveagent.com http://d.la1-c1-syd.salesforceliveagent.com https://d.la1-c1-syd.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com http://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://cdn.mathjax.org http://cdn.mathjax.org https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://www.google-analytics.com https://partner.googleadservices.com blob: https://api.mapbox.com https://c.la1-c1-syd.salesforceliveagent.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com jspreadsheet.js; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://clients1.google.com https://apis.google.com https://www.gstatic.com www.google.com http://cse.google.com https://cse.google.com http://cdn.jsdelivr.net http://c.la1-c1-syd.salesforceliveagent.com http://d.la1-c1-syd.salesforceliveagent.com https://d.la1-c1-syd.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com http://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://cdn.mathjax.org http://cdn.mathjax.org https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://www.google-analytics.com https://partner.googleadservices.com blob: https://api.mapbox.com https://c.la1-c1-syd.salesforceliveagent.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com jspreadsheet.js; style-src 'self' 'unsafe-inline' https://www.google.com http://cse.google.com https://cse.google.com https://www.googletagmanager.com https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com jspreadsheet.css; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.abcb.gov.au/report-uri/enforce 1
default-src 'self' policy.cookiereports.com www.youtube-nocookie.com data: 'unsafe-eval';         style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com;         img-src 'self' policy.cookiereports.com *.google-analytics.com *.googletagmanager.com data: ;         connect-src 'self' policy.cookiereports.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com;         script-src 'self' ajax.googleapis.com www.google.com www.gstatic.com policy.cookiereports.com www.bugherd.com *.googletagmanager.com 'unsafe-inline'             'unsafe-eval' *.cloudfront.net *.youtube.com www.google-analytics.com;         font-src 'self' fonts.googleapis.com fonts.gstatic.com *.cloudfront.net www.bugherd.com data: 'unsafe-eval'; 1
default-src 'none'; connect-src 'self' https://region1.google-analytics.com https://analytics.google.com https://*.googlesyndication.com; font-src 'self' https://use.typekit.net; frame-src 'self' https://apps.watershed.co.uk https://www.youtube.com https://www.google.com/maps/; img-src 'self' https://apps.watershed.co.uk www.googletagmanager.com https://img.youtube.com data:; script-src 'self' https://www.googletagmanager.com; script-src-elem 'self' https://*.googlesyndication.com https://www.googletagmanager.com 'unsafe-hashes' 'sha256-Ifde1ouNzCnx1cWIgzBRPGzCx9yebj06xTB7Cq8ro0E='; style-src 'self' https://p.typekit.net https://use.typekit.net; base-uri 'none'; frame-ancestors 'self'; upgrade-insecure-requests 1
frame-ancestors 'self' *.onbase.com *.hyland.com *.communitylive.com *.sharebase.com https://profiles.onbase.com https://hyland.highspot.com https://view-su2.highspot.com; 1
default-src 'self' https://kleio-public.spgroup-prod.magnolia-platform.com blob: data:; base-uri 'self' https://kleio-public.spgroup-prod.magnolia-platform.com; form-action 'self' https://kleio-public.spgroup-prod.magnolia-platform.com; frame-ancestors 'self' https://kleio-public.spgroup-prod.magnolia-platform.com; object-src 'self' https://kleio-public.spgroup-prod.magnolia-platform.com; img-src * 'self' data: https://kleio-public.spgroup-prod.magnolia-platform.com; font-src 'self' data: https://kleio-public.spgroup-prod.magnolia-platform.com; style-src 'self' 'unsafe-inline' https://kleio-public.spgroup-prod.magnolia-platform.com; connect-src 'self' data: *.google-analytics.com *.doubleclick.net https://api.mapbox.com https://events.mapbox.com https://rum.browser-intake-datadoghq.com https://caspersky-api.tkg-qa.spdigital.io https://caspersky-api.tkg.spdigital.io https://ifaqs.flexanswer.com https://analytics.google.com https://cdn.linkedin.oribi.io https://public.api.sandbox.spdigital.sg https://console-flex-api.ap.sabio.cloud https://console.apac.sabio.cloud https://crapi-proxy.tkg.spdigital.io/k2 https://kleio-public.spgroup-prod.magnolia-platform.com; media-src 'self' https://www.spgroup.com.sg https://view.vzaar.com https://kleio-public.spgroup-prod.magnolia-platform.com; frame-src 'self' https://www.google.com https://bid.g.doubleclick.net https://www.googletagmanager.com https://iframe.dacast.com https://prod-nplayer.dacast.com https://www.youtube.com https://view.vzaar.com https://kleio-public.spgroup-prod.magnolia-platform.com; script-src 'self' 'unsafe-inline' blob: data: 'unsafe-eval' https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://connect.facebook.net https://snap.licdn.com https://kleio-public.spgroup-prod.magnolia-platform.com; 1
base-uri 'self' feed.pghub.io pandg.tapad.com ; font-src 'self' https: data: feed.pghub.io pandg.tapad.com ; frame-src 'self' https://feed.pghub.io https://www.youtube.com https://consumersupport.pg.com https://*.doubleclick.net https://ct.pinterest.com https://tr.snapchat.com https://*.janraincapture.com https://*.olayskinadvisor.com https://skinadvisor.olay.de https://skinadvisor.olay.nl https://skinadvisor.olay.es https://*.google.com www.google-analytics.com https://*.pricespider.com feed.pghub.io pandg.tapad.com ; img-src 'self' data: https://cdn.cookielaw.org https://*.mapbox.com https://*.bazaarvoice.com https://www.google.com https://www.google.pl https://www.google.es https://www.google.ch https://www.google.de https://www.google.nl https://www.google.co.uk https://skinadvisor.olay.de https://skinadvisor.olay.nl https://skinadvisor.olay.es https://ct.pinterest.com https://tr.snapchat.com https://googleads.g.doubleclick.net https://*.janraincapture.com https://*.olayskinadvisor.com images.ctfassets.net pixel.tapad.com www.googletagmanager.com www.google-analytics.com https://*.pricespider.com https://www.mapbox.com https://cdn.rpxnow.com https://c.lytics.io https://www.facebook.com https://*.amazon-adsystem.com https://*.facebook.net/ feed.pghub.io pandg.tapad.com ; object-src 'none' feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://*.pricespider.com https://*.mapbox.com https://script.crazyegg.com https://quilt-cdn.janrain.com https://c.lytics.io feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.facebook.net/ https://*.iesnare.com/ https://*.bazaarvoice.com https://*.segment.com https://*.mapbox.com https://*.pricespider.com https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://code.jquery.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.criteo.com https://static.criteo.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.pinimg.com https://ct.pinterest.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://js.adsrvr.org https://d.impactradius-event.com https://static.ads-twitter.com https://analytics.twitter.com https://pghub.io https://analytics.tiktok.com https://*.ibytedtos.com https://*.contentsquare.net https://app.contentsquare.com https://rpxnow.com https://*.janraincapture.com https://*.olayskinadvisor.com https://skinadvisor.olay.de https://skinadvisor.olay.nl https://skinadvisor.olay.es https://script.crazyegg.com https://widget-cdn.rpxnow.com https://*.cloudfront.net https://c.lytics.io https://*.olay.co.uk feed.pghub.io pandg.tapad.com ; upgrade-insecure-requests  ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; 1
default-src 'self'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com https://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.com https://resources.digital-cloud-west.medallia.com; form-action 'self'; frame-ancestors 'self'; frame-src *.doubleclick.net https://12633760.fls.doubleclick.net/ https://tpc.googlesyndication.com/ https://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.com https://resources.digital-cloud-west.medallia.com; img-src 'self' data: *.doubleclick.net https://cdn.cookielaw.org https://images.ctfassets.net https://images.static.jeniusbank.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.com https://resources.digital-cloud-west.medallia.com https://udc-neb.kampyle.com/; manifest-src 'none'; media-src 'self'; object-src 'none'; script-src 'self' https://cdn.cookielaw.org https://cdn.signalfx.com/o11y-gdi-rum/v0.11.4/splunk-otel-web.js https://www.googletagmanager.com https://www.google-analytics.com/ https://www.googleadservices.com https://www.google.com https://tpc.googlesyndication.com/ https://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.com https://resources.digital-cloud-west.medallia.com https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://d472-187-us-east-1.api.decibel.com 'sha256-r8iciXVgb8d/+JUYhGz0TIZi4KPILLjO8imO7DcHKSc=' 'sha256-Y7lHzw0IA1IYWYMyLQOajRYgKGlIcigWyf8YCFDfk3o=' 'sha256-WSeYF72hTK2UNno/qww5r38uWEINBOE+F0fQLVQ8PgQ=' 'sha256-GUYVhMy7Qscv4Yc5vY8Bht08+tfZLbXej9JTKSkKvTI=' 'sha256-BbilzDoLVNgFD2NHE34gjkdHYvtXr2fBCE2fgpmPY2U=' 'sha256-OpeStdBjcZw43vuN4z6FGMq1qVg5+XoW59Skb6+HNFw='; script-src-attr 'none'; connect-src 'self' https://cdn.cookielaw.org https://assets.static.jeniusbank.com https://geolocation.onetrust.com https://www.google-analytics.com https://rum-ingest.us0.signalfx.com/v1/rum https://adservice.google.com/ https://www.google.com/ https://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.com https://resources.digital-cloud-west.medallia.com https://ubt-lb.digital-cloud.medallia.com https://udc-neb.kampyle.com https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://d472-187-us-east-1.api.decibel.com; style-src 'self' 'unsafe-inline' https://cdn.cookielaw.org https://fonts.googleapis.com https://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.com https://resources.digital-cloud-west.medallia.com; upgrade-insecure-requests ; worker-src blob: wss://collection.decibelinsight.net https://cdn.decibelinsight.net 1
default-src 'self' https://www.googletagmanager.com/gtag/js https://cdnjs.cloudflare.com https://www.youtube.com https://soft.specialcraftbox.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/gtag/js https://cdnjs.cloudflare.com https://www.youtube.com https://soft.specialcraftbox.com https://paul.simplebotz.com/livechat/rocketchat-livechat.min.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; img-src 'self' data: https://secure.gravatar.com https://s.w.org/images http://www.w3.org https://ps.w.org; font-src 'self' data: https://fonts.gstatic.com ; media-src 'self'; frame-ancestors 'self'; object-src https://workspace.prudential.ug; frame-src https://*.prudential.ug https://prudential.ug https://www.youtube.com https://maps.google.com https://www.google.com https://paul.simplebotz.com; worker-src blob:https://prudential.ug; base-uri 'self'; upgrade-insecure-requests 1
base-uri 'self'; default-src 'self' https:; img-src 'self' https: data:; object-src 'self'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss:; font-src 'self' https: data: 1
default-src *; script-src 'unsafe-inline' 'unsafe-eval'  https://*.anico.com https://*.americannational.com https://*.googleapis.com http://otf.msn.com https://*.lifeannuitydi.com  https://www.googletagmanager.com https://*.airkit.com https://*.airkitapps.com https://tagmanager.google.com https://www.google-analytics.com https://americannational.com https://*.assistant.watson.appdomain.cloud https://www.gstatic.com https://www.google.com https://*.inmoment.com https://unpkg.com https://*.vtimg.com https://*.ytimg.com  http://*.angularjs.org https://*.youtube.com  https://*.dnanico1.aniconet.com https://*.anicoweb.com; style-src * 'unsafe-inline' ; img-src * data: ; child-src * data: blob: filesystem: ; 1
base-uri 'self'; connect-src 'self' https://vimeo.com; default-src 'self'; font-src 'self' data:; form-action 'self'; frame-ancestors 'self'; frame-src *; img-src 'self' blob: data: https://i.vimeocdn.com; media-src 'self' blob: data:; report-uri https://9wrj4y01.uriports.com/reports/enforce; script-src 'self' 'unsafe-inline' https://player.vimeo.com; style-src 'self' 'unsafe-inline'; worker-src 'self' blob: 1
frame-ancestors 'self' https://cms.feq.ca 1
object-src 'none'; script-src 'nonce-c278bc64-d42c-45ee-89b0-be28f3ccc7a6' 'self' 'unsafe-inline' blob: bnc: data: https://*.saasexch.cc https://*.saasexch.co https://*.saasexch.com https://*.wistia.com https://*.wistia.net https://accounts.binance.com https://accounts.google.com https://accounts.google.com/gsi/client https://api.smartling.com https://apis.google.com/js/api:client.js https://appleid.cdn-apple.com https://bat.bing.com https://bin.bnbstatic.com https://cdn.cookielaw.org https://euob.segreencolumn.com https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://log.bntrace.com https://maps.googleapis.com https://obseu.segreencolumn.com https://optimize.google.com https://privacyportal-bn.my.onetrust.com https://public-1306379396.file.myqcloud.com https://public.bnbstatic.com https://src.litix.io https://static-file-1306379396.file.myqcloud.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com; img-src 'self' blob: data: https://*.saasexch.cc https://*.saasexch.co https://*.saasexch.com https://*.wistia.com https://*.wistia.net https://accounts.google.com https://analytics.twitter.com https://api.smartling.com https://bat.bing.com https://bin.bnbstatic.com https://cdn.cookielaw.org https://embedwistia-a.akamaihd.net https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://obseu.segreencolumn.com https://optimize.google.com https://privacyportal-bn.my.onetrust.com https://public-1259603563.file.myqcloud.com https://public-1306379396.file.myqcloud.com https://public.bnbstatic.com https://public.nftstatic.com https://sensors.binance.cloud https://static-file-1259603563.file.myqcloud.com https://static-file-1306379396.file.myqcloud.com https://t.co https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com; base-uri 'self'; default-src 'self' https://*.saasexch.cc https://*.saasexch.co https://*.saasexch.com https://*.wistia.com https://*.wistia.net https://bin.bnbstatic.com https://public-1306379396.file.myqcloud.com https://public.bnbstatic.com https://static-file-1306379396.file.myqcloud.com; connect-src 'self' *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws https://*.agora.io:* https://*.binance.com https://*.edge.agora.io:* https://*.edge.sd-rtn.com:* https://*.litix.io https://*.s3-accelerate.amazonaws.com https://*.saasexch.cc https://*.saasexch.co https://*.saasexch.com https://*.sd-rtn.com:* https://*.sentry.io https://*.wistia.com https://accounts.google.com https://analytics.google.com https://api.saasexch.com https://api.saasexch.com/bapi/themis/api/ https://api.smartling.com https://bat.bing.com https://bin.bnbstatic.com https://cdn.cookielaw.org https://data-collect.toolsfdg.net https://embedwistia-a.akamaihd.net https://fcmregistrations.googleapis.com https://firebaseinstallations.googleapis.com https://frontend-m.binance.cloud https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://log.bntrace.com https://logan-log.binance.gg https://obseu.segreencolumn.com https://privacyportal-bn.my.onetrust.com https://public-1306379396.file.myqcloud.com https://public.bnbstatic.com https://report.binance.gg https://sensors.binance.cloud https://static-file-1306379396.file.myqcloud.com https://stats.g.doubleclick.net https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com wss://*.agora.io:* wss://*.binance.com wss://*.edge.agora.io:* wss://*.edge.sd-rtn.com:* wss://*.sd-rtn.com:* wss://*.yshyqxx.com wss://bstream.binance.com:9443 wss://bstream.yshyqxx.com:443 wss://chat-wss.yshyqxx.com wss://festream.saasexch.cc:* wss://festream.saasexch.co:* wss://festream.saasexch.com:* wss://festream.saasexch.io:* wss://haodesk.binance.im wss://margin-stream.binance.com:443 wss://margin-stream.yshyqxx.com:443 wss://nbstream.binance.com wss://nbstream.yshyqxx.com wss://nbstream.yshyqxx.com:443 wss://stream.binance.com wss://stream.yshyqxx.com:443; font-src 'self' data: https://*.saasexch.cc https://*.saasexch.co https://*.saasexch.com https://*.wistia.com https://accounts.google.com https://api.smartling.com https://at.alicdn.com https://bin.bnbstatic.com https://fonts.gstatic.com https://public-1306379396.file.myqcloud.com https://public.bnbstatic.com https://static-file-1306379396.file.myqcloud.com; frame-src 'self' bnc: https://*.saasexch.cc https://*.saasexch.co https://*.saasexch.com https://accounts.google.com https://accounts.google.com/ https://api.smartling.com https://bid.g.doubleclick.net https://fast.wistia.com https://fast.wistia.net https://optimize.google.com https://www.google.com; media-src 'self' blob: https://*.saasexch.cc https://*.saasexch.co https://*.saasexch.com https://*.wistia.com https://*.wistia.net https://accounts.google.com https://api.smartling.com https://bin.bnbstatic.com https://binance.com https://embedwistia-a.akamaihd.net https://fast.wistia.net https://public-1306379396.file.myqcloud.com https://public.bnbstatic.com https://static-file-1306379396.file.myqcloud.com https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com; style-src 'self' 'unsafe-inline' blob: https://*.saasexch.cc https://*.saasexch.co https://*.saasexch.com https://accounts.google.com https://api.smartling.com https://bin.bnbstatic.com https://fast.wistia.com https://fonts.googleapis.com https://optimize.google.com https://public-1306379396.file.myqcloud.com https://public.bnbstatic.com https://static-file-1306379396.file.myqcloud.com; report-to csp-endpoint; report-uri https://api.saasexch.com/bapi/fe/pda/v1/csp?app=template-ui 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://*.eqads.com https://*.msecnd.net https://*.cookielaw.org https://*.cloudflare.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.crazyegg.com https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.doubleclick.net https://*.vimeo.com https://*.secure.payconex.net; worker-src * blob:; img-src * blob: data:; 1
report-uri https://consolehipay.report-uri.com/r/d/csp/enforce; default-src 'self' *.google-analytics.com *.creditsafe.com *.zdassets.com *.hotjar.com *.google.com *.screeb.app 'unsafe-inline' https://*.screeb.app wss://*.screeb.app blob:; script-src https://*.axept.io 'self' *.hotjar.com *.zdassets.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.hipay.com *.paypal.com *.static.axept.io 'sha256-Tzsl1EqoO9KsY3ZLwZ/PCkw3WnjUwoiMZoQUR6wG6mw=' 'sha256-qSMb0PEZNwPU889A1H8zPbT23/AN6efiLRLewxFcFJM=' 'sha256-0p21hmif1TiEP5IE/r3ri1cHw0RQzMKFQuK6Y8+MSxM=' 'sha256-IONGq3q3SUbZcvFq3OWEvLOn+6YXROnGyxqJaXZ5XqM=' 'sha256-PxE0YueUDOLIQZbUB7uIBmSR+rm9AoT37euB/1UuZ00=' 'sha256-rXRPabzczAqe8l4W5Ls96YFLaXicsCVoXls4kw5cYm0=' 'sha256-4K+enDkiwcZwt+5aUSZia7wZmCr0fOEHjwJgkiI84dw=' https://*.zopim.com *.screeb.app 'sha256-tdBlVQuc2G3oahpbyjaUmy+NEJSNdDZy9L1FSw3rVi0=' 'sha256-FcbWubQGGFMAS71F3Xg9hDM0pfF+/idbYePgIS4oecc=' 'sha256-keffV0quDMAbyeX1/4YLUZgq6qTZq4xbHwc4fvVpGws=' 'sha256-8qEA6898bCZsncsjm0Dk2KjV2WK+2+8Aks3WfqWmUWY=' 'sha256-Dzik/WB+gJBcz9UYbbFUYFlTaU4qb0rrolNQQCQBQLU=' 'sha256-t19EsRsyX2bh0qql+yUUtI62N0Lx4bXF/EmD3xAx6B8='; style-src 'self' 'unsafe-inline' maxcdn.icons8.com fonts.googleapis.com *.hotjar.com libs.hipay.com *.screeb.app wss://*.screeb.app; font-src 'self' maxcdn.icons8.com fonts.gstatic.com *.hotjar.com *.screeb.app 'unsafe-inline' https://*.screeb.app wss://*.screeb.app blob:; connect-src 'self' https://client.axept.io https://api.axept.io https://user-api-dot-pi-prod-user-management-api.ew.r.appspot.com https://*.axeptio.eu *.zendesk.com *.zdassets.com user.hipay.com *.hipay.com *.hipay.org *.hipaytech.com *.google-analytics.com wss://*.zopim.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.screeb.app wss://*.screeb.app *.run.app; img-src 'self' *.amcharts.com *.google-analytics.com *.zendesk.com *.hotjar.com images.weserv.nl *.hipay.com data: storage.googleapis.com *.screeb.app *.paypalobjects.com twemoji.maxcdn.com https://axeptio.imgix.net https://favicons.axept.io https://*.gstatic.com; frame-src https://authentication.hipay.com; frame-ancestors 'none' 1
child-src 'self' coapi.myoffice.team auth.myoffice.team cdn.myoffice.team links.myoffice.team sentry-co-prod.myoffice.ru; connect-src 'self' coapi.myoffice.team auth.myoffice.team cdn.myoffice.team links.myoffice.team sentry-co-prod.myoffice.ru wss://coapi.myoffice.team data:; default-src 'none'; font-src 'self' data: cdn.myoffice.team; frame-ancestors auth.myoffice.team cdn.myoffice.team docs.myoffice.team files.myoffice.team links.myoffice.team im.ncloudtech.ru mail.myoffice.team; frame-src 'self' blob: coapi.myoffice.team auth.myoffice.team cdn.myoffice.team links.myoffice.team sentry-co-prod.myoffice.ru im.ncloudtech.ru; img-src 'self' data: blob: coapi.myoffice.team auth.myoffice.team cdn.myoffice.team links.myoffice.team sentry-co-prod.myoffice.ru; media-src 'self' blob: coapi.myoffice.team auth.myoffice.team cdn.myoffice.team links.myoffice.team sentry-co-prod.myoffice.ru; object-src 'self' blob: coapi.myoffice.team; report-uri https://coapi.myoffice.team/csp-report; script-src 'self' 'unsafe-eval' cdn.myoffice.team; style-src 'self' 'unsafe-inline' cdn.myoffice.team 1
frame-ancestors 'self' ida-akdb.coyocloud.com *.akdb.de *.akdb.net *.gkds.bayern *.gkds.de *.bay-innovationsstiftung.de *.innovationsstiftung.bayern www.akdb-kommunalforum.de 1
default-src 'none'; font-src 'self' *.omq.de userlike-cdn-umm.b-cdn.net data:; frame-src 'self' *.verimi.de *.omq.de app.getcontrast.io data:; img-src 'self' *.verimi.de *.omq.de *.userlike.com data:; manifest-src 'self'; media-src 'self' *.verimi.de data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.verimi.de *.omq.de *.matomo.cloud userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.verimi.de *.omq.de data:; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.verimi.de *.omq.de data:; connect-src 'self' *.omq.de *.matomo.cloud userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net *.userlike.com wss://umd.userlike.com; form-action 'self' *.salesforce.com; base-uri 'none'; frame-ancestors 'self'; 1
base-uri 'self'; font-src 'self' data: https://fonts.gstatic.com d17ocfn2f5o4rl.cloudfront.net d1g7hi6xjvmqyj.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: about: d17ocfn2f5o4rl.cloudfront.net d1g7hi6xjvmqyj.cloudfront.net ajax.googleapis.com cdnjs.cloudflare.com www.google.com www.gstatic.com www.googletagmanager.com *.google-analytics.com snap.licdn.com *.ads-twitter.com *.youtube.com *.facebook.net *.facebook.com *.doubleclick.net *.clarity.ms load.sumo.com load.sumome.com ws.zoominfo.com *.hsforms.net js.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com *.hubspot.com sc.lfeeder.com *.visualwebsiteoptimizer.com; style-src 'self' 'unsafe-inline' d17ocfn2f5o4rl.cloudfront.net d1g7hi6xjvmqyj.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com www.gstatic.com; img-src data: https:; object-src 'none'; form-action 'self' https://www.facebook.com https://forms.hsforms.com; frame-ancestors 'self'; default-src blob: 'self' d17ocfn2f5o4rl.cloudfront.net d1g7hi6xjvmqyj.cloudfront.net *.doubleclick.net *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.googlesyndication.com www.google-analytics.com analytics.google.com *.hscollectedforms.net *.clarity.ms www.youtube.com www.google.com sumo.com sumome.com *.oribi.io *.zoominfo.com yoast.com *.linkedin.com *.hubspot.com *.visualwebsiteoptimizer.com 1
default-src 'self' www.google-analytics.com; script-src 'self' *.beyondwords.io:* play.vidyard.com pi.pardot.com static.addtoany.com www.googletagmanager.com cookie-script.com ajax.googleapis.com pixel.mathtag.com www.google-analytics.com vidassets.terminus.services  snap.licdn.com tribl.io www.googleadservices.com up.pixel.ad  go.northhighland.com googleads.g.doubleclick.net view.ceros.com 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com static.hotjar.com js-agent.newrelic.com script.hotjar.com bam-cell.nr-data.net online.flippingbook.com d33i2vgywgme2s.cloudfront.net player.vimeo.com youtube.com www.youtube.com/iframe_api *.googletagmanager.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com use.fontawesome.com; img-src 'self' data:  pixel.sitescout.com wec-assets.terminus.services pixel.mathtag.com www.google.com match.adsrvr.org wec-assets-api.terminus.services www.google.co.in www.google-analytics.com p.adsymptotic.com www.google.com p.adsymptotic.com play.vidyard.com cdn.vidyard.com online.flippingbook.com d17lvj5xn8sco6.cloudfront.net insight.adsrvr.org *.linkedin.com cm.g.doubleclick.net pixel.rubiconproject.com *.yahoo.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com; media-src 'self' d22tbkdovk5ea2.cloudfront.net:* blob:; frame-src 'self'  view.ceros.com www.youtube.com www.googletagmanager.com go.northhighland.com pixel.sitescout.com pixel.mathtag.com static.addtoany.com bid.g.doubleclick.net play.vidyard.com vars.hotjar.com online.flippingbook.com player.vimeo.com; font-src 'self'  themes.googleusercontent.com use.fontawesome.com; connect-src 'self'  *.beyondwords.io:* d22tbkdovk5ea2.cloudfront.net:* stats.g.doubleclick.net www.google-analytics.com consent.cookie-script.com bam-cell.nr-data.net in.hotjar.com ws26.hotjar.com wss://ws26.hotjar.com online.flippingbook.com fbo-b.flippingbook.com ws28.hotjar.com wss://ws28.hotjar.com player.vimeo.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com ; report-uri /report-csp-violation 1
default-src 'self';frame-src 'self' *.flexi.cz *.koop.cz koop.infolinky.textcom.cz www.youtube.com player.vimeo.com recaptcha.net www.gstatic.com proassist.globalassistance.cz c1.adform.net/ *.google.com *.targito.com td.doubleclick.net mhubm.measurementhub.cz;connect-src 'self' wss://kc-aibotp.vig.cz kc-aibotp.vig.cz *.blob.core.windows.net api.mapy.cz *.koop.cz *.google-analytics.com stats.g.doubleclick.net *.google.com stats.g.doubleclick.net googleads.g.doubleclick.net *.taboola.com trc-events.taboola.com *.clarity.ms p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io sjs.bizographics.com *.googlesyndication.com *.targito.com *.ads.linkedin.com googleadservices.com mhubm.measurementhub.cz;base-uri 'none';object-src 'self' *.koop.cz mhubm.measurementhub.cz;frame-ancestors 'self' *.koop.cz *.flexi.cz;img-src 'self' data: *.googletagmanager.com *.google-analytics.com storage.googleapis.com stats.g.doubleclick.net mapserver.mapy.cz kc-aibotp.vig.cz *.google.com c.seznam.cz api.mapy.cz *.google.cz i.cerebroad.com recaptcha.net i.vimeocdn.com i.ytimg.com c.imedia.cz *.bing.com *.koop.cz www.facebook.com googleads.g.doubleclick.net public.wecoma.eu *.jsdelivr.net *.clarity.ms p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io sjs.bizographics.com https://get.yourpass.eu/ *.giphy.com *.ads.linkedin.com linkedin.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com storage.googleapis.com stats.g.doubleclick.net *.gstatic.com recaptcha.net api.mapy.cz kc-aibotp.vig.cz cdn.cerebroad.com i.cerebroad.com c.imedia.cz s2.adform.net track.adform.net *.googleadservices.com tags.crwdcntrl.net googleads.g.doubleclick.net c.seznam.cz *.koop.cz *.blob.core.windows.net api.instarea.com connect.facebook.net ajax.googleapis.com *.jsdelivr.net *.taboola.com cdn.taboola.com *.clarity.ms p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io sjs.bizographics.com *.google.com *.bing.com *.targito.com assets.strossle.com snap.licdn.com mhubm.measurementhub.cz;font-src 'self' api.mapy.cz *.googleapis.com *.gstatic.com;style-src 'self' 'unsafe-inline' api.mapy.cz *.googleapis.com *.jsdelivr.net *.google.com *.googletagmanager.com 1
default-src 'self'; script-src 'self' chariz.com cdnjs.cloudflare.com plausible.io; style-src 'self' 'unsafe-inline' chariz.com cdnjs.cloudflare.com; img-src 'self' data: blob: chariz.com activitypub.chariz.com *.chariz.cloud; font-src 'self' chariz.com cdnjs.cloudflare.com; connect-src 'self' api.chariz.com pkg.chariz.com wss://pkg.chariz.com chariz.nyc3.digitaloceanspaces.com *.ingest.sentry.io plausible.io; media-src 'self' data: chariz.com activitypub.chariz.com cdn.chariz.cloud; child-src www.youtube-nocookie.com; frame-ancestors cydia.saurik.com; upgrade-insecure-requests; block-all-mixed-content; disown-opener 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.googleapis.com *.bootstrapcdn.com *.amazonaws.com *.facebook.com *.facebook.net *.linximpulse.net *.chaordicsystems.com *.fonts.googleapis.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://seo.mageplaza.com *.twitter.com *.facebook.com *.linximpulse.net *.chaordicsystems.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com/ *.twitter.com *.google.com *.addthis.com *.hotjar.com *.doubleclick.net *.freshchat.com *.facebook.net *.lomadee.com *.linximpulse.net *.chaordicsystems.com *.weltpixel.com *.pinterest.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.amazonaws.com *.mundipagg.com *.google.com.br *.clarity.ms *.facebook.net *.event.syndigo.cloud *.siteblindado.com *.akamaihd.net *.bing.com *.pagar.me *.ebitempresa.com.br *.ebit.com.br *.lomadee.com *.linximpulse.net *.chaordicsystems.com cdn.mundipagg.com api.pagar.me *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ http://viacep.com.br *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com *.moatads.com *.addthisedge.com *.googleapis.com widgets.pinterest.com *.amazonaws.com *.lomadee.com *.hotjar.com *.doubleclick.net *.facebook.net *.freshchat.com *.clarity.ms d335luupugsy2.cloudfront.net *.content.syndigo.com *.pagar.me *.ebitempresa.com.br *.ebit.com.br *.siteblindado.com *.navdmp.com *.tramontina.com *.linximpulse.net *.chaordicsystems.com *.pinterest.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.bootstrapcdn.com *.amazonaws.com *.freshchat.com *.facebook.com *.facebook.net *.reclameaqui.com.br *.ebit.com.br *.ebitempresa.com.br *.pagar.me *.linximpulse.net *.chaordicsystems.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.bolt.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.cloudflare.com *.twitter.com *.paypal.com *.amazonaws.com *.reclameaqui.com.br *.google-analytics.com *.graph.instagram.com *.hotjar.com *.clarity.ms *.rdstation.com.br *.facebook.net *.moatads.com *.siteblindado.com *.rdops.systems *.azurewebsites.net *.linximpulse.net *.chaordicsystems.com api.mundipagg.com api.pagar.me *.googleapis.com *.addthis.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net mc.yandex.ru; style-src 'self' 'unsafe-inline'; object-src 'none'; font-src 'self' data:; 1
default-src * 'unsafe-inline' 'unsafe-eval' data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline' data:; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 1
default-src 'none'; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; worker-src 'self' https: blob:; connect-src 'self' https: itms-appss://apps.apple.com; child-src 'self' blob:; media-src 'self' https: blob:; frame-src 'self' https:; script-src 'self' https: 'unsafe-inline'; frame-ancestors 'self' app.contentful.com; style-src 'self' https: 'unsafe-inline' 1
object-src 'none';default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval';report-uri;worker-src 'self' blob: 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/; connect-src 'self' https://cinematik.net:8443/socket.io/ wss://cinematik.net:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://static.hotjar.com https://vars.hotjar.com https://script.hotjar.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://www.gstatic.com http://ajax.googleapis.com https://connect.facebook.net https://snap.licdn.com 1
default-src 'self'  'unsafe-inline' 'unsafe-eval' *.qtsdatacenters.com;              child-src 'self'  *.adobe.com *.vimeo.com *.gtsdatacenters.com;     frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.youtube.com *.youtu.be *.qtsdatacenters.com *.vimeo.com *.company-target.com *.driftt.com td.doubleclick.net;             connect-src 'self' *.company-target.com *.google.com *.googleapis.com *.crazyegg.com *.doubleclick.net *.google-analytics.com tag-logger.demandbase.com px.ads.linkedin.com/wa/ www.facebook.com/tr ibc-flow.techtarget.com/;              font-src 'self' data: *.gstatic.com *.typekit.net;              img-src * data:;              manifest-src 'self';              media-src 'self' *.bc0a.com *.azure.com;              object-src 'self';              script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.vimeocdn.com *.pardot.com *.qtsdatacenters.com *.polyfill.io *.google.com *.googleapis.com *.jsdelivr.net *.gstatic.com *.marchex.io *.bc0a.com *.b0e8.com *.googletagmanager.com *.driftt.com *.doubleclick.net *.crazyegg.com *.google-analytics.com *.demandbase.com snap.licdn.com/li.lms-analytics/insight.min.js ws.zoominfo.com/pixel/ trk.techtarget.com connect.facebook.net/;              style-src 'self' 'unsafe-inline' 'unsafe-eval' *.typekit.net *.googleapis.com *.typekit.net *.gstatic.com; 1
frame-ancestors internaltools.com.br *.internaltools.com.br *.itau itau.com.br *.itau.com.br *.engage.app.br *.itau.engage.app.br 1
default-src 'self' *.uni-jena.de *.dosis-jena.de https://www.uniklinikum-jena.de https://www.youtube.com https://dr-flex.de https://www.db-thueringen.de https://www.yumpu.com https://www.google.com https://vimeo.com https://player.vimeo.com https://*.mana-hr.net https://ukj.mana-jobs.de; img-src 'self' https://www.uniklinikum-jena.de www.krz.uni-jena.de *.dosis-jena.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.uniklinikum-jena.de www.krz.uni-jena.de https://*.mana-hr.net; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none' 1
frame-ancestors 'self' http://*.di.dk; 1
default-src 'self' 'unsafe-inline'; frame-src https://nextcloud.nlnet.nl; 1
default-src 'self' https:; img-src 'self' https: data:; media-src 'self' https: data:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; script-src 'self' 'unsafe-inline' https://cdn.asf-prod.vwapps.run/feature-apps https: 'unsafe-eval'; script-src-elem 'self' https: 'unsafe-inline'; frame-ancestors https://volkswagen-admin.porsche-holding.com; 1
default-src 'self'; base-uri 'self'; media-src 'self'; object-src 'none'; manifest-src 'self' dmjgpsfuea8g9.cloudfront.net; style-src 'self' 'unsafe-inline' d2ki9p0maxewxg.cloudfront.net dmjgpsfuea8g9.cloudfront.net *.psplugin.com static.telenor.se embed.binkies3d.com binkiescontentnode.blob.core.windows.net az589851.vo.msecnd.net; font-src 'self' *.psplugin.com data: static.telenor.se; img-src 'self' blob: data: *.adyen.com sstats.telenor.se bat.bing.com cdn.cookielaw.org *.psplugin.com *.qualtrics.com images.ctfassets.net static.telenor.se www.facebook.com www.google.com www.google.se www.googletagmanager.com mb.cision.com *.doubleclick.net *.scene7.com az589851.vo.msecnd.net binkiescontentnode.blob.core.windows.net binkiesdevnode.blob.core.windows.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' activitymap.adobe.com pay.google.com sstats.telenor.se www.googleadservices.com *.doubleclick.net az589851.vo.msecnd.net content.vergic.com embed.binkies3d.com binkiescontentnode.blob.core.windows.net binkiesteaserstorage.blob.core.windows.net bat.bing.com client.rum.us-east-1.amazonaws.com account.psplugin.com assets.adobedtm.com cdn.adt348.net cdn.cookielaw.org cdn.mouseflow.com connect.facebook.net d2ki9p0maxewxg.cloudfront.net dmjgpsfuea8g9.cloudfront.net sc-static.net *.psplugin.com siteintercept.qualtrics.com image-s static.telenor.se *.snapchat.com www.googletagmanager.com www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/releases/ www.youtube.com *.siteintercept.qualtrics.com; frame-src 'self' pay.google.com *.adyen.com www.smartify.se *.doubleclick.net *.snapchat.com www.google.com *.qualtrics.com; connect-src 'self' *.adyen.com *.doubleclick.net aff.telenor.se log.adtraction.fail binkiesproductionweu.servicebus.windows.net embed.binkies3d.com az589851.vo.msecnd.net *.mouseflow.com bat.bing.com sts.eu-north-1.amazonaws.com cognito-identity.eu-north-1.amazonaws.com dataplane.rum.eu-north-1.amazonaws.com cdn.cookielaw.org sstats.telenor.se dpm.demdex.net *.onetrust.com *.qualtrics.com telenor.psplugin.com *.snapchat.com tsab.tt.omtrdc.net wss://telenor.psplugin.com *.google-analytics.com google.com *.google.com; frame-ancestors 'self' app.contentful.com *.psplugin.com; form-action telenorse.eu.qualtrics.com; worker-src blob:; 1
default-src * data: ;script-src 'self' 'unsafe-eval' 'unsafe-inline' platform.twitter.com syndication.twitter.com https://www.vimeo.com https://tagmanager.google.com https://*.cloudflare.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://js-agent.newrelic.com https://www.gstatic.com https://www.googleadservices.com https://www.google.com https://www.googleoptimize.com https://polyfill.io https://js.adsrvr.org https://*.siteimprove.net https://siteimproveanalytics.com https://connect.facebook.net https://snap.licdn.com https://www.fullstory.com https://fullstory.com https://googleads.g.doubleclick.net https://*.newrelic.com https://*.adsymptotic.com https://*.nr-data.net https://*.googleapis.com https://*.analytics.google.com https://analytics.google.com https://tags.srv.stackadapt.com https://*.stackadapt.com; style-src 'self' 'unsafe-inline' https://cloud.typenetwork.com https://*.cloudflare.com https://*.bootstrapcdn.com https://tagmanager.google.com https://fonts.googleapis.com https://*.typekit.net https://tags.srv.stackadapt.com https://*.stackadapt.com; font-src 'self' data: https://*.typekit.net https://fonts.gstatic.com https://*.bootstrapcdn.com; connect-src 'self'  https://tagmanager.google.com https://analytics.google.com https://*.energytrust.org https://*.ipstack.com https://*.google-analytics.com https://*.analytics.google.com https://*.linkedin.com https://*.googletagmanager.com https://www.google-analytics.com https://*.doubleclick.net https://*.nr-data.net https://*.pantheonsite.io https://*.energytrust.org  https://*.googleapis.com https://tags.srv.stackadapt.com https://*.stackadapt.com; frame-src 'self' platform.twitter.com https://*.doubleclick.net https://match.adsrvr.org https://insight.adsrvr.org https://www.facebook.com https://*.youtube.com https://player.vimeo.com https://youtu.be https://*.google.com https://*.orgchartnow.com 1
script-src 'self' 'unsafe-inline' data: about: *.typekit.net *.gravatar.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.instagram.com; style-src 'self' 'unsafe-inline' *.typekit.net *.instagram.com; img-src 'self' data: *.typekit.net *.google.com *.google-analytics.com *.googleapis.com *.instagram.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://tmspk.net; img-src 'self' https: data: blob: https://tmspk.net; style-src 'self' https://tmspk.net 'nonce-N1u82ECMoy/K1hP1zyampg=='; media-src 'self' https: data: https://tmspk.net; frame-src 'self' https:; manifest-src 'self' https://tmspk.net; form-action 'self'; child-src 'self' blob: https://tmspk.net; worker-src 'self' blob: https://tmspk.net; connect-src 'self' data: blob: https://tmspk.net https://files.example.com wss://tmspk.net; script-src 'self' https://tmspk.net 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com wss://*.zopim.com http://*.hotjar.com:* http://*.hotjar.io http://*.googletagmanager.com http://*.google-analytics.com http://*.gstatic.com http://*.googleapis.com http://*.youtube.com https://www.youtube-nocookie.com http://*.facebook.com http://*.facebook.net http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://*.aspnetcdn.com http://*.clarovideo.net http://*.claromusica.com http://*.planesclaro.cr http://planesclaro.cr http://*.claro.cr http://www.claro.com.co https://*.hotjar.com:* https://*.hotjar.io https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://*.kampyle.com https://tags.bkrtx.com https://stags.bluekai.com https://programarcita.claro.cr/ https://*.medallia.com https://*.ads-twitter.com https://*.twitter.com https://t.co https://*.doubleclick.net https://*.adform.net https://*.aspnetcdn.com https://*.clarovideo.net https://digitasgt.com https://*.claromusica.com https://*.planesclaro.cr https://planesclaro.cr https://www.google.com https://api-prod-cr.prod.clarodigital.net https://api-prod-general.prod.clarodigital.net https://*.claro.cr https://*.clarity.ms https://*.userway.org https://universalplus.com https://*.teads.tv https://*.tiktok.com https://*.googleadservices.com https://www.claro.com.co; media-src mediastream:; 1
default-src 'self'; img-src * 'unsafe-inline' data:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline'; script-src * 'unsafe-inline'; frame-src * 'unsafe-inline'; connect-src * 'unsafe-inline' 1
frame-ancestors 'self' https://ortambo-airport.com https://kingshakaairport.info/ https://la-airport.com/ https://capetown-internationalairport.co.za/ 1
default-src  'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com ; connect-src 'self' api.marker.io ssr.marker.io api.datatables.net s3.eu-west-1.amazonaws.com; frame-src  'self' app.marker.io www.google.com/recaptcha/ https://app.powerbi.com ; script-src  'self' 'unsafe-inline' 'unsafe-eval' www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.datatables.net https://nightly.datatables.net https://assettrack.cx https://ajax.googleapis.com https://code.jquery.com https://code.iconify.design https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://edge.marker.io https://api.marker.io https://openfpcdn.io/fingerprintjs/ https://app.powerbi.com https://debug.datatables.net https://api.datatables.net https://unpkg.com/leaflet/dist/leaflet.js ; style-src  'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.datatables.net https://nightly.datatables.net https://assettrack.cx https://ajax.googleapis.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://debug.datatables.net https://api.datatables.net https://unpkg.com/leaflet/dist/leaflet.css ; img-src  'self' data: blob https://media.marker.io https://app.marker.io https://edge.marker.io https://ajax.googleapis.com https://unpkg.com/leaflet@1.9.4/dist/images/marker-icon.png https://unpkg.com/leaflet@1.9.4/dist/images/marker-shadow.png https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org ; 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com unpkg.com; font-src 'self' fonts.gstatic.com; script-src 'self' 'unsafe-inline' www.google.com ajax.googleapis.com maps.googleapis.com cdnjs.cloudflare.com www.gstatic.com; connect-src 'self' *.poolstation.net *.idegis.net api.worldweatheronline.com maps.googleapis.com maps.gstatic.com; img-src 'self' *.poolstation.net *.idegis.net maps.googleapis.com maps.gstatic.com data:; frame-src www.google.com 1
script-src https://*.goyellow.de https://*.google.com https://*.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://*.wipe.de https://*.meinungsmeister.de https://*.ioam.de https://*.consensu.org https://*.consentmanager.net https://*.googlesyndication.com https://*.googleadservices.com https://adservice.google.de 'self' 'unsafe-inline'; frame-ancestors https://*.goyellow.de https://*.gyl2it.de https://*.meinungsmeister.de 'self'; connect-src https://*.goyellow.de https://*.googlesyndication.com https://*.google-analytics.com https://*.googleapis.com https://*.doubleclick.net https://*.ioam.de https://*.meinungsmeister.de https://*.consensu.org https://*.consentmanager.net 'self'; img-src https://*.google.de https://*.google-analytics.com https://*.google.com https://*.wipe.de https://*.consensu.org https://*.consentmanager.net https://*.meinungsmeister.de https://*.googlesyndication.com https://*.golocal.de https://*.meinungsmeister.de 'self'; style-src https://*.consensu.org https://*.consentmanager.net https://*.meinungsmeister.de 'unsafe-inline' 'self'; font-src https://*.meinungsmeister.de 'self' 1
default-src 'self';                      img-src * data:;                      script-src 'self' 'unsafe-eval' 'unsafe-inline'                                                 fonts.gstatic.com *.googleapis.com apis.google.com googleads.g.doubleclick.net/pagead/id static.doubleclick.net www.googletagmanager.com *.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/                         *.nelsonmullins.com cdn-cookieyes.com *.cookieyes.com s.swiftypecdn.com siteimproveanalytics.com api.podcache.net *.amazonaws.com educationcounsel.us11.list-manage.com;                      frame-src sites-nelsonmullins.vuture.net www.youtube.com www.youtube-nocookie.com                          www.google.com/maps/ lookerstudio.google.com content.googleapis.com www.google.com/recaptcha/ recaptcha.google.com/recaptcha/                         connect.nelsonmullins.com e.issuu.com redcircle.com player.vimeo.com;                      font-src 'self' fonts.gstatic.com s.swiftypecdn.com;                      style-src 'self' 'unsafe-inline' fonts.googleapis.com s.swiftypecdn.com *.mailchimp.com;                      connect-src 'self' *.cookieyes.com cdn-cookieyes.com s.swiftypecdn.com www.google-analytics.com; 1
frame-ancestors 'self' http://lseg.com http://www.lseg.com http://www.mtsmarkets.com http://mtsmarkets.com https://www.unavista.com https://www.unavista.londonstockexchange.com https://lseg.com https://www.lseg.com https://www.mtsmarkets.com https://mtsmarkets.com http://refinitiv.lookbookhq.com https://refinitiv.lookbookhq.com http://resourcehub.refinitiv.com https://resourcehub.refinitiv.com http://www.refinitiv.com https://www.refinitiv.com http://refinitiv.pathfactory.com https://refinitiv.pathfactory.com 1
frame-ancestors 'self' *.greenriver.edu https://greenriver.instructure.com; 1
frame-ancestors 'self' sketchfab.com 1
base-uri 'none'; default-src 'self' https: wss:; font-src 'self' cdn.shopify.com data: fonts.gstatic.com; frame-ancestors 'none'; img-src 'self' blob: data: *.shopify.com *.myshopify.io *.fbcdn.net *.cdninstagram.com *.giphy.com *.shopifycloud.com *.shopifyapps.com *.shopify.io shopifyinbox.com ping-api-production.s3.us-west-2.amazonaws.com ping-api-staging.s3.us-west-2.amazonaws.com apple-business-chat-commerce-production.s3.us-west-2.amazonaws.com apple-business-chat-commerce-staging.s3.us-west-2.amazonaws.com www.gravatar.com storage.googleapis.com platform-lookaside.fbsbx.com cdn.fbsbx.com graph.facebook.com lookaside.fbsbx.com placekitten.com is3-ssl.mzstatic.com; media-src 'self' blob: data: *.shopify.com *.myshopify.io *.fbcdn.net *.cdninstagram.com *.giphy.com *.shopifycloud.com *.shopifyapps.com *.shopify.io shopifyinbox.com ping-api-production.s3.us-west-2.amazonaws.com ping-api-staging.s3.us-west-2.amazonaws.com apple-business-chat-commerce-production.s3.us-west-2.amazonaws.com apple-business-chat-commerce-staging.s3.us-west-2.amazonaws.com www.gravatar.com storage.googleapis.com platform-lookaside.fbsbx.com cdn.fbsbx.com graph.facebook.com lookaside.fbsbx.com placekitten.com is3-ssl.mzstatic.com; object-src 'none'; script-src 'self' cdn.shopify.com argus.shopifycloud.com https://www.googletagmanager.com/ https://accounts.shopify.com/ d2wy8f7a9ursnm.cloudfront.net/; style-src 'self' 'unsafe-inline' cdn.shopify.com fonts.googleapis.com; upgrade-insecure-requests 1
frame-ancestors 'self' *.purpledshub.com 1
frame-ancestors https://*.murrayscheese.com/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org *.onetrust.com code.etracker.com ajax.googleapis.com maps.google.com maps.googleapis.com *.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' cdn.cookielaw.org fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.onetrust.com cdn.cookielaw.org pagead2.googlesyndication.com *.g.doubleclick.net *.google-analytics.com *.google.com; font-src 'self' fonts.gstatic.com; frame-src 'self'; img-src 'self' data: www.etracker.de cdn.cookielaw.org maps.google.com maps.googleapis.com maps.gstatic.com *.google-analytics.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
frame-ancestors 'self' https://www.johnsoncontrols.com 1
default-src 'self' *.typeform.com; script-src 'self' 'unsafe-inline' *.sharethis.com *.ravenjs.com *.cloudflare.com *.facebook.net *.paypoint.com *.pardot.com *.hotjar.com *.licdn.com *.google-analytics.com *.googletagmanager.com *.typeform.com *.typeform.com; style-src 'self' 'unsafe-inline' *.cloudflare.com *.typeform.com *.googleapis.com; connect-src 'self' *.oribi.io *.sharethis.com *.doubleclick.net *.google-analytics.com *.typeform.com; font-src 'self' *.cloudflare.com *.typeform.com *.gstatic.com; frame-src 'self' *.facebook.com youtube.com *.youtube.com *.typeform.com *.azurewebsites.net *.paypoint.com citcom.co.uk heyzine.com; img-src 'self' data: *.sharethis.com *.paypoint.com *.cloudflare.com *.paypoint.com *.amazonaws.com *.linkedin.com *.facebook.com *.google.co.uk *.google.com *.googletagmanager.com *.osm.org *.openstreetmap.org *.typeform.com dummyimage.com; 1
default-src https://img.youtube.com/ 'self' 'unsafe-eval'; frame-src 'self' https://www.youtube-nocookie.com/ https://pr.globenewswire.com/ https://www.globenewswire.com/ https://dreambroker.com/ https://cws.huginonline.com/ https://inpublic.globenewswire.com/ https://www.google.com/ https://www.youtube.com/ https://tools.euroland.com https://tools.eurolandir.com *.tools.euroland.com *.vo.msecnd.net https://gamma.euroland.com https://*.hotjar.com https://*.hotjar.io; script-src 'self' https://thinkcircle.mailpv.net https://cookie-cdn.cookiepro.com https://snap.licdn.com/ http://code.jquery.com https://tools.euroland.com https://gamma.euroland.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://www.googletagmanager.com https://tagmanager.google.com https://dl.episerver.net https://www.youtube.com/ https://dreambroker.com/ https://static.doubleclick.net https://siteimproveanalytics.com https://maps.googleapis.com https://bam.eu01.nr-data.net https://sjs.bizographics.com/ https://tagging-server.sst.huhtamaki.com https://googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://dl.episerver.net https://www.googletagmanager.com 'unsafe-inline'; img-src * data:; media-src 'self' https://dreambroker.com/ https://www.youtube.com/; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' ws: https://*.hotjar.com https://*.hotjar.io https://thinkcircle.mailpv.net https://cookie-cdn.cookiepro.com https://www.google-analytics.com https://bam.eu01.nr-data.net https://www.salesviewer.com/ https://salesviewer.org/ https://tagging-server.sst.huhtamaki.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://maps.googleapis.com 1
base-uri 'self';img-src https:;object-src 'none';upgrade-insecure-requests; 1
frame-ancestors 'self' *.klueber.com.cn *.thinglink.com fcsgroup.sharepoint.com https://klueber.matomo.cloud; 1
default-src * 'unsafe-inline'; script-src 'self' blob: *.stamped.io *.afterpay.com *.booktopia.com.au *.boldchat.com *.cdn4.forter.com *.connect.fluentretail.com *.freshchat.com *.forter.com:* *.hotjar.com *.masterpass.com *.productreview.com.au *.secure-afterpay.com.au secure.checkout.visa.com *.secure.checkout.visa.com *.visualwebsiteoptimizer.com ajax.googleapis.com apis.google.com app.vwo.com assets.citrusad.net bam.nr-data.net bat.bing.com books.google.com books.google.com.au cdn.scarabresearch.com connect.facebook.net d.impactradius-event.com dev.visualwebsiteoptimizer.com google.com.au googleads.g.doubleclick.net jp-tags.mediaforge.com jp-tags.rd.linksynergy.com js-agent.newrelic.com maps.google.com maps.googleapis.com masterpass.com mpsnare.iesnare.com platform.twitter.com sslwidget.criteo.com widget.criteo.com stat.DealTime.com *.useinsider.com static.criteo.net stats.g.doubleclick.net thm.visa.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com *.perimeterx.net *.px-cloud.net *.px-cdn.net *.freshbots.ai *.surveymonkey.com *.auspost.com.au *.pusher.com static.scarabresearch.com *.aexp-static.com *.mastercard.com accounts.google.com cdn.taboola.com trc.taboola.com bam-cell.nr-data.net hosted.mastersoftgroup.com d1rb7rv5sh7h7d.cloudfront.net d3qivnuh60nyva.cloudfront.net location-finder-v2.apac-prod.doddle.tech *.freshworksapi.com cdn.attn.tv tags.creativecdn.com analytics.tiktok.com www.redditstatic.com 'unsafe-inline' 'unsafe-eval'; img-src data: blob: *;frame-src 'self' blob: https://kbget1-a.akamaihd.net/ *; style-src-elem 'unsafe-inline' 'self' blob: *.kbget1-a.akamaihd.net/ *;font-src 'unsafe-inline' 'self' data: blob: *.kbget1-a.akamaihd.net/ * 1
frame-ancestors 'self' *.mailmeteor.com 1
connect-src 'self' *.marketo.com *.marketo.net *.mktoresp.com *.onetrust.com *.adobedtm.com *.demdex.net *.googleapis.com *.doubleclick.net *.googletagmanager.com *.google.com *.googleadservices.com *.bnymellon.com *.pershing.com *.hcaptcha.com *.gstatic.com *.facebook.com *.facebook.net *.pinterest.com *.linkedin.oribi.io *.linkedin.com px.ads.linkedin.com *.twitter.com cookie-cdn.cookiepro.com *.cookielaw.org *.userway.org *.licdn.com bnymellon.tt.omtrdc.net *.everesttech.net api.company-target.com *.iconfinder.com *.vidyard.com *.adobecqms.net *.brighttalk.com *.tools.investis.com *.adobe.com *.qualtrics.com *.tt.omtrdc.net *.turtl.co; frame-src *.vidyard.com *.hcaptcha.com *.bnymellon.com *.demdex.net *.userway.org *.adobecqms.net *.brighttalk.com *.facebook.net *.facebook.com *.tools.investis.com *.doubleclick.net *.qualtrics.com *.turtl.co *.adobe.com *.ads.linkedin.com; object-src 'none'; 1
default-src 'self';    script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn-ukwest.onetrust.com footer.diageohorizon.com va.vercel-scripts.com https://vercel.live https://rules.quantcount.com https://pixel.quantcount.com https://insight.adsrvr.org/ https://www.facebook.com https://connect.facebook.net https://secure.quantserve.com https://d.turn.com https://js.adsrvr.org js.monitor.azure.com api.mapbox.com www.google.com www.gstatic.com diageoagegate.diageoplatform.com www.googletagmanager.com cdnjs.cloudflare.com cdn.treasuredata.com web.diageoagegate.com www.youtube.com cdn.evgnet.com www.google-analytics.com *.in.treasuredata.com *.bulleit.com www.diageoagegate.com code.jquery.com app.anyroad.com where-to-buy.co integrations.anyroad.com *.shortlyst.com cdn.debugbear.com;    style-src 'self' 'unsafe-inline' api.mapbox.com https://vercel.live footer.diageohorizon.com;    img-src 'self' blob: data: images.ctfassets.net i.vimeocdn.com cdn-ukwest.onetrust.com vercel.com www.facebook.com pixel.quantserve.com insight.adsrvr.org/ *.cloudfunctions.net www.google-analytics.com ad.doubleclick.net www.drinkiq.com www.diageoagegate.com media.diageocms.com media.diageodam.com media-diageocms.diageoplatform.com www.googletagmanager.com;    media-src 'self' assets.ctfassets.net videos.ctfassets.net player.vimeo.com vod-progressive.akamaized.net download-video.akamaized.net;    connect-src 'self' images.ctfassets.net api.mapbox.com cdn-ukwest.onetrust.com geolocation.onetrust.com privacyportal-uk.onet vercel.live dc.services.visualstudio.com *.google-analytics.com privacyportal-uk.onetrust.com events.mapbox.com *.evergage.com www.google.com *.doubleclick.net footer.diageohorizon.com *.shortlyst.com *.debugbear.com;    font-src 'self' data: fonts.gstatic.com;    worker-src blob:;    object-src 'self' blob: api.mapbox.com;    base-uri 'self';    form-action 'self' *.r2sndr.com;    frame-src vercel.live insight.adsrvr.org/ app.anyroad.com where-to-buy.co integrations.anyroad.com google.com www.google.com *.doubleclick.net *.shortlyst.com;    frame-ancestors 'none';    block-all-mixed-content;    upgrade-insecure-requests; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.googletagmanager.com cdn.cookielaw.org feed.4wnet.com *.googleadservices.com googleads.g.doubleclick.net *.youtube.com code.jquery.com developers.google.com www.clarity.ms *.clarity.ms https://cdn.jsdelivr.net/npm/bootstrap@4.1.3/dist/js/bootstrap.bundle.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://bat.bing.com/bat.js *.containers.piwik.pro https://sace.intervieweb.it https://bat.bing.com/p/action/25001665.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://foq.youreurope.europa.eu/widget/sdg-foq-widget.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://static.hotjar.com https://script.hotjar.com https://unpkg.com/@googlemaps/markerclusterer/dist/index.min.js 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org *.eloqua.com *.en25.com web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com feed.4wnet.com cdn.cookielaw.org/consent/ https://cdn.jsdelivr.net/npm/bootstrap@4.1.3/dist/css/bootstrap.min.css 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.dec.sitefinity.com feed.4wnet.com cdn.cookielaw.org *.google.com *.google.it *.sace.it *.sacesimest.it *.simest.it *.sacebt.it *.sacefct.it *.sacesrv.it *.isace.it SCRMIPSSS01.isace.it https://img.youtube.com/ googleads.g.doubleclick.net *.clarity.ms *.bing.com https://px.ads.linkedin.com/collect ad.doubleclick.net https://region1.google-analytics.com ade.googlesyndication.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src https://feed.4wnet.com https://cdn.cookielaw.org/consent/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com 9331851.fls.doubleclick.net https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://syndication.twitter.com/ *.sace.it *.sacesimest.it *.simest.it *.sacebt.it *.sacefct.it *.sacesrv.it *.isace.it SCRMIPSSS01.isace.it *.treedom.net https://8232243.fls.doubleclick.net/ https://td.doubleclick.net/ https://sace.intervieweb.it/ http://www.google.com/recaptcha/api2/anchor http://www.google.com/recaptcha/api/fallback 'self' web-chat.nativechat.com forms.hsforms.com; connect-src accounts.google.com *.mktoresp.com https://cdn.cookielaw.org/consent/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com privacyportal-de.onetrust.com maps.googleapis.com stats.g.doubleclick.net *.clarity.ms https://cdn.linkedin.oribi.io/partner/1654324/domain/sacesimest.it/token *.piwik.pro https://bat.bing.com/actionp/0 https://cdn.linkedin.oribi.io/partner/1654324/domain/sace.it/token ad.doubleclick.net https://px.ads.linkedin.com/wa/ wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://region1.google-analytics.com pagead2.googlesyndication.com https://pagead2.googlesyndication.com/pagead/landing https://pagead2.googlesyndication.com/pagead/buyside_topics/set 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.googletagmanager.com https://feed.4wnet.com https://cdn.cookielaw.org/consent/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com 'self' web-chat.nativechat.com; form-action cdn.cookielaw.org code.jquery.com *.sace.it *.sacesimest.it *.simest.it *.sacebt.it *.sacefct.it *.sacesrv.it *.isace.it SCRMIPSSS01.isace.it *.twitter.com *.fls.doubleclick.net 'self'; frame-ancestors https://cdn.cookielaw.org/consent/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com *.sace.it *.sacesimest.it *.simest.it *.sacebt.it *.sacefct.it *.sacesrv.it *.isace.it SCRMIPSSS01.isace.it 'self'; object-src feed.4wnet.com https://cdn.cookielaw.org/consent/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com 'self' 1
connect-src https: wss: 1
default-src 'self' 'unsafe-eval' 'sha256-7BOCP5jvGrFUG0g44SduNYOYwbe9vdG+EdWQC6z0cJQ='; img-src 'self' https: *.google-analytics.com; worker-src 'self' blob:; child-src 'self' blob:; style-src 'self' 'unsafe-inline'; script-src 'sha256-DeJk6rrX7aW9snTgFgN8u96N9CGIsPeOdW26lZtHblM=' 'self' 'self' 'sha256-7BOCP5jvGrFUG0g44SduNYOYwbe9vdG+EdWQC6z0cJQ=' *.homebank.kz *.google-analytics.com *.zendesk.com *.zdassets.com; connect-src 'self' ws://gfx.kz *.google-analytics.com *.zendesk.com *.zdassets.com; form-action 'self'; frame-ancestors *.homebank.kz; frame-src 'self' *.homebank.kz; object-src 'none'; base-uri 1
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; prefetch-src 'self'; upgrade-insecure-requests; block-all-mixed-content 1
connect-src 'self' * https://sdk.iad-05.braze.com;default-src 'self';font-src 'self' fonts.gstatic.com;frame-ancestors 'self';frame-src 'self' *.bluekai.com *.vimeo.com *.youtube.com public-assets-cdn.terrywhitechemmart.com.au service.maxymiser.net terrywhitechemmart.prismic.io twcmportal.powerappsportals.com covid-vaccine.healthdirect.gov.au form.typeform.com terrywhite-chemmart-external.applynow.net.au www.audika.com.au;img-src 'self' data: bat.bing.com cdn.mcauto-images-production.sendgrid.net cdn.terrywhitechemmart.com.au images.prismic.io maps.googleapis.com maps.gstatic.com prismic-io.s3.amazonaws.com service.maxymiser.net www.facebook.com www.google.com www.google.com.au www.google-analytics.com www.googletagmanager.com *.clarity.ms appboy-images.com braze-images.com cdn.braze.eu twcmdigitalpublicassets.blob.core.windows.net;media-src 'self' terrywhitechemmart.cdn.prismic.io;object-src 'none';script-src 'self' blob: *.us.oraprod-mmproxy.com bat.bing.com cb-us.maxymiser.com.au connect.facebook.net maps.googleapis.com nexuspublications.com.au prismic.io secure.ewaypayments.com script.crazyegg.com static.cdn.prismic.io service.maxymiser.net ssl.google-analytics.com static.cloudflareinsights.com tags.bkrtx.com www.google-analytics.com www.googletagmanager.com 'unsafe-inline' *.maxymiser.com *.maxymiser.net *.oraprod-mmproxy.com *.clarity.ms extend.vimeocdn.com;style-src 'self' fonts.googleapis.com service.maxymiser.net 'unsafe-inline' 1
default-src *.groupepdi.com *.net-fs.com *.onetrust.com *.cookielaw.org alumacraft.com *.alumacraft.com *.manitoupontoonboats.com *.wufoo.com unpkg.com *.yandex.ru my.matterport.com airtable.com ds-aksb-a.akamaihd.net monkeys-fist-for-brp.com *.myfeelback.com mfb.li mailchi.mp *.cdninstagram.com *.stackla.com fareharbor.com *.peek.com *.salecycle.com story.brplynx.com *.cloudfront.net mpembed.com *.googleadservices.com *.slideshare.net *.hotjar.com *.typekit.net *.bootstrapcdn.com *.salesforce.com *.omtrdc.net service.force.com *.adobedtm.com *.google.ca *.gstatic.com *.azurewebsites.net *.lightboxcdn.com *.salesforceliveagent.com *.force.com *.moatads.com *.youtube.com *.addthisedge.com *.addthis.com *.cloudflare.com *.doubleclick.net *.brp.com *.facebook.net *.azureedge.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.demdex.net *.day.com *.everesttech.net *.scene7.com *.amazon-adsystem.com *.facebook.com *.googleusercontent.com *.lightboxapi.com *.womenofonroadgroups.com *.canamonroadcommunity.com canamonroadcommunity.com *.learntoride3wheel.com *.limelightplatformevents.com *.valuemytradein.com *.zencdn.net *.zlthunder.net cdn.knightlab.com *.mdex.net *.sea-doo.com *.ski-doo.com *.brpdigital.net tags.tiqcdn.com brp--c.documentforce.com collect.tealiumiq.com *.teads.tv brp.my.salesforce-sites.com cdn.jsdelivr.net stconsumercaseapip01.blob.core.windows.net arttrk.com *.yimg.com www.filepicker.io *.unchartedsociety.com *.qualtrics.com sp.analytics.yahoo.com *.adsrvr.org alb.reddit.com *.googlesyndication.com *.attribution.adswizz.com *.contentsquare.net data.adxcel-ec2.com s.pinimg.com yulvr.ca www.redditstatic.com  ct.pinterest.com 'unsafe-inline' 'unsafe-eval' blob: data: 'self'; 1
default-src 'self' d4trk9u7h7k98.cloudfront.net *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' contentnotif.dorcel.com d4trk9u7h7k98.cloudfront.net assets.dorcel.com xadmin.dorcelclub.com www.dorcelclub.com embedsocial.com www.dorcel.com dorcel-com-preprod.s3.eu-west-3.amazonaws.com dev.www.dorcel.com staging.www.dorcel.com widget.gleamjs.io *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt www.google-analytics.com ssl.google-analytics.com static.axept.io client.axept.io stats.g.doubleclick.net ajax.googleapis.com maps.google.com maps.gstatic.com maps.googleapis.com translate.googleapis.com translate.google.com www.googletagmanager.com www.clarity.ms ga.dorcel.com www.account-dorcel.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' d4trk9u7h7k98.cloudfront.net assets.dorcel.com www.dorcelclub.com embedsocial.com www.dorcel.com dorcel-com-preprod.s3.eu-west-3.amazonaws.com dev.www.dorcel.com staging.www.dorcel.com *.vimeocdn.com fonts.googleapis.com maps.googleapis.com translate.googleapis.com ga.dorcel.com cdnjs.cloudflare.com; img-src 'self' data: https: blob:; media-src 'self' data: assets.dorcel.com www.dorcelclub.com embedsocial.com www.dorcel.com dorcel-com-preprod.s3.eu-west-3.amazonaws.com dev.www.dorcel.com staging.www.dorcel.com; font-src 'self' data: d4trk9u7h7k98.cloudfront.net assets.dorcel.com www.dorcelclub.com embedsocial.com www.dorcel.com dorcel-com-preprod.s3.eu-west-3.amazonaws.com dev.www.dorcel.com staging.www.dorcel.com fonts.gstatic.com ga.dorcel.com cdnjs.cloudflare.com; frame-src 'self' contentnotif.dorcel.com d4trk9u7h7k98.cloudfront.net assets.dorcel.com embedsocial.com xadmin.dorcelclub.com www.dorcelclub.com www.w3-edge.com gleam.io *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net www.youtube.com; child-src 'self' d4trk9u7h7k98.cloudfront.net *.vimeo.com *.vimeocdn.com www.youtube.com dev.www.dorcel.com staging.www.dorcel.com; worker-src 'self'; connect-src 'self' *.google-analytics.com *.vimeo.com api.axept.io *.googlesyndication.com static.axept.io client.axept.io www.dorcel.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com translate.googleapis.com *.clarity.ms; form-action 'self' https:; object-src *; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'     adsrvr.org *.adsrvr.org    adventurervsales.com *.adventurervsales.com     amazonaws.com *.amazonaws.com    arrkannrv.com *.arrkannrv.com    asrvm.com *.asrvm.com    auryc.com *.auryc.com     automanager.com *.automanager.com automanager.blob.core.windows.net    authorize.net *.authorize.net     calendly.com *.calendly.com     callersiq.com *.callersiq.com    cdl.impel.io    cdn.spincar.com    cdninstagram.com *.cdninstagram.com    cdn1.traderonline.com    chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay-var.com     chasepaymentechhostedpay.com *.chasepaymentechhostedpay.com    cliffjonesrv.com *.cliffjonesrv.com    cloudflare.com *.cloudflare.com    collier-rv-photos.s3.amazonaws.com    coloradorvcenter.com *.coloradorvcenter.com     content.homenetiol.com    crowleyauto.com *.crowleyauto.com    ddrv.com *.ddrv.com    dealer-cdn.com *.dealer-cdn.com     dealerspike.com *.dealerspike.com     digital.thisisride.com    dlrwebservice.com *.dlrwebservice.com    dms.rvimg.com    doubleclick.net *.doubleclick.net     dynamicweb.com *.dynamicweb.com    emfluence.com *.emfluence.com cdn.emailer.emfluence.com     facebook.com *.facebook.com connect.facebook.net    formstack.com *.formstack.com winnebago.formstack.com    foursixty.com *.foursixty.com    funtimecampers.com *.funtimecampers.com     gerzenys-rv-world-photos.s3.amazonaws.com    google.com *.google.com     gstatic.com *.gstatic.com     googleapis.com *.googleapis.com      googleadservices.com *.googleadservices.com     googletagmanager.com *.googletagmanager.com     google-analytics.com *.google-analytics.com     gorollick.com *.gorollick.com    greatalaskanholidays.com *.greatalaskanholidays.com    ik.imagekit.io    inboundapi.com *.inboundapi.com    inboundgeo.com *.inboundgeo.com    interactcp.com *.interactcp.com     images.unitsinventory.com    jquery.com *.jquery.com code.jquery.com     lamesarv.com *.lamesarv.com     level5marketing.com *.level5marketing.com     linkedin.com *.linkedin.com    licdn.com *.licdn.com snap.licdn.com     lmrvwebsite.blob.core.windows.net     mantellirv.com *.mantellirv.com    matterport.com *.matterport.com my.matterport.com    microsoftonline-p.com *.microsoftonline-p.com    minardsleisureworld.com *.minardsleisureworld.com    moixrvsupercenter.com *.moixrvsupercenter.com    netsourcemedia.com *.netsourcemedia.com    nhtsa.gov *.nhtsa.gov api.nhtsa.gov    nirvc.com *.nirvc.com     netdna-ssl.com *.netdna-ssl.com    northtrailrv.com *.northtrailrv.com     office.com *.office.com    owascorv.com *.owascorv.com    pictures.dealer.com    pixelmotiondemo.com *.pixelmotiondemo.com    polyfill.io *.polyfill.io     poulsborv.com *.poulsborv.com    reliablerv.com *.reliablerv.com    rexandsonsrvs.com *.rexandsonsrvs.com    rnrrv.com *.rnrrv.com     rv-inventory.s3.amazonaws.com    rollick.io *.rollick.io    roysrv.com *.roysrv.com     rvhotlinecanada.com *.rvhotlinecanada.com    rvonedata.com *.rvonedata.com    rvtrader.com *.rvtrader.com    rvwsplatform.com *.rvwsplatform.com    s3.us-east-2.amazonaws.com    secureoffersites.com *.secureoffersites.com    secureservercdn.net    stlrv.net *.stlrv.net     transwest.com *.transwest.com    trianglerv.com *.trianglerv.com    r.turn.com     van.life *.van.life    vimeo.com *.vimeo.com    voyagerrv.ca *.voyagerrv.ca     warp10admin-storage85050-dev.s3.amazonaws.com    ws.aimbase.com    wsqa.aimbase.com     www.gatesvillerv.com    youtube.com *.youtube.com    youtube-nocookie.com *.youtube-nocookie.com     i3.ytimg.com    *.cwsplatform.com    automanagerprodcdn.azureedge.net    www.shaferrv.com    tdrvehicles2.azureedge.net    portal.waynereaves.net    cdn.impel.io       blob: data:; 1
frame-ancestors 'self' https://www.goenterit.com/ https://weticketit.com/ https://www.weticketit.com/ https://js.stripe.com/; form-action 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com *.googletagmanager.com 'unsafe-eval' https://www.google.com *.google.com https://www.gstatic.com *.gstatic.com https://www.google-analytics.com *.google-analytics.com https://maps.googleapis.com *.googleapis.com https://snap.licdn.com *.licdn.com https://www.facebook.com *.facebook.com https://px.ads.linkedin.com *.linkedin.com https://connect.facebook.net *.facebook.net https://www.google-analytics.com *.google-analytics.com https://www.googleadservices.com *.googleadservices.com https://googleads.g.doubleclick.net *.g.doubleclick.net https://snap.licdn.com *.licdn.com https://code.angularjs.org *.angularjs.org https://cdnjs.cloudflare.com *.cloudflare.com https://static.doubleclick.net *.doubleclick.net https://kit.fontawesome.com *.fontawesome.com https://script.hotjar.com *.hotjar.com https://static.hotjar.com *.hotjar.com https://hotjar.com *.hotjar.com https://hotjar.io *.hotjar.io https://unpkg.com *.unpkg.com https://renderer-assets.typeform.com *.typeform.com https://cdn.rudderlabs.com *.rudderlabs.com https://api.banistmodev.com *.banistmodev.com https://api.banistmolabs.com *.banistmolabs.com https://*.banistmo.com *.banistmo.com https://static.ads-twitter.com *.ads-twitter.com https://code.jquery.com *.jquery.com https://ads01.groovinads.com *.groovinads.com https://www.groovinads.com *.groovinads.com https://td.doubleclick.net/ *.doubleclik.net https://www.googleadservices.com *.googleadservices.com data:; img-src 'self' data: https://www.google.com.pa *.google.com.pa https://www.google.com.co *.google.com.co https://www.google-analytics.com *.google-analytics.com https://www.google.com *.google.com https://maps.googleapis.com *.maps.googleapis.com https://*.banistmo.com *.banistmo.com https://www.googletagmanager.com *.googletagmanager.com https://www.gstatic.com *.gstatic.com https://p.adsymptotic.com *.adsymptotic.com https://px.ads.linkedin.com *.linkedin.com https://www.facebook.com *.facebook.com https://connect.facebook.net *.facebook.net https://cdnjs.cloudflare.com *.cloudflare.com https://yt3.ggpht.com *.ggpht.com https://i.ytimg.com *.ytimg.com https://googleads.g.doubleclick.net *.g.doubleclick.net http://*.bancolombia.com:10039 *.bancolombia.com:10039 https://*.banistmo.com:10039 *.banistmo.com:10039 https://hotjar.com *.hotjar.com https://hotjar.io *.hotjar.io https://public-assets.typeform.com *.typeform.com https://api.banistmodev.com *.banistmodev.com https://api.banistmolabs.com *.banistmolabs.com https://ads01.groovinads.com *.groovinads.com https://www.groovinads.com *.groovinads.com https://td.doubleclick.net/ *.doubleclik.net https://www.googleadservices.com *.googleadservices.com; media-src 'self' blob: data:; frame-src 'self' https://www.google.com *.google.com https://www.youtube.com *.youtube.com https://tpbanistmo.teleperformance.co *.teleperformance.co https://www.facebook.com *.facebook.com https://vars.hotjar.com *.hotjar.com https://hotjar.com *.hotjar.com https://hotjar.io *.hotjar.io https://bid.g.doubleclick.net *.g.doubleclick.net https://fundacionbancolombia.typeform.com *.typeform.com https://api.banistmodev.com *.banistmodev.com https://api.banistmolabs.com *.banistmolabs.com https://*.banistmo.com *.banistmo.com https://www.googletagmanager.com *.googletagmanager.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com *.gstatic.com https://maxcdn.bootstrapcdn.com *.bootstrapcdn.com https://fonts.googleapis.com *.googleapis.com https://*.banistmo.com *.banistmo.com https://cdnjs.cloudflare.com *.cdnjs.cloudflare.com https://api.banistmodev.com *.banistmodev.com https://api.banistmolabs.com *.banistmolabs.com https://www.googletagmanager.com *.googletagmanager.com; connect-src 'self' https://www.google-analytics.com *.google-analytics.com https://www.googletagmanager.com *.googletagmanager.com https://stats.g.doubleclick.net *.doubleclick.net https://maps.googleapis.com *.googleapis.com https://googleads.g.doubleclick.net *.g.doubleclick.net https://ka-f.fontawesome.com *.fontawesome.com *.googlevideo.com https://www.grupobancolombia.com *.grupobancolombia.com https://www.facebook.com *.facebook.com https://in.hotjar.com *.hotjar.com https://hotjar.com *.hotjar.com https://hotjar.io *.hotjar.io wss://*.hotjar.com *.hotjar.com https://rudderstack.cdp.prod.data.typeform.com *.typeform.com https://api.banistmodev.com *.banistmodev.com https://api.banistmolabs.com *.banistmolabs.com https://*.banistmo.com *.banistmo.com https://cdn.linkedin.oribi.io *.linkedin.oribi.io https://analytics.google.com *.google.com; font-src 'self' data: https://fonts.gstatic.com *.gstatic.com https://cdnjs.cloudflare.com *.cloudflare.com https://maxcdn.bootstrapcdn.com *.bootstrapcdn.com https://ka-f.fontawesome.com *.fontawesome.com https://hotjar.com *.hotjar.com https://hotjar.io *.hotjar.io https://api.banistmodev.com *.banistmodev.com https://api.banistmolabs.com *.banistmolabs.com https://*.banistmo.com *.banistmo.com; 1
default-src 'self' *.checkngo.com *.xact.com *.alliedcash.com *.pocket360.com *.mouseflow.com; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com *.tfaforms.net *.krxd.net *.quantcount.com *.googletagmanager.com *.quantserve.com *.fontawesome.com *.bootstrapcdn.com *.googleanalytics.com maps.google.com optimize.google.com tagmanager.google.com *.googleadservices.com *.googleoptimize.com *.doubleclick.net https://www.youtube.com/iframe_api https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.msecnd.net *.hotjar.com tag.brandcdn.com adservices.brandcdn.com widget.trustpilot.com *.siteimproveanalytics.com *.mouseflow.com *.pinimg.com https://siteimproveanalytics.com *.eloqua.com *.en25.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.tfaforms.net *.fontawesome.com *.bootstrapcdn.com optimize.google.com tagmanager.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.myfonts.net *.mouseflow.com *.siteimproveanalytics.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.tfaforms.net pre-usermatch.targeting.unrulymedia.com e1.emxdgt.com beacon.krxd.net x.bidswitch.net pixel.advertising.com *.quantserve.com www.google.com dynl.mktgcdn.com maps.google.com optimize.google.com *.azureedge.net *.googletagmanager.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com adservices.brandcdn.com insight.adsrvr.org match.adsrvr.org *.doubleclick.net sync.search.spotxchange.com https://*.ggpht.com *.mouseflow.com *.google-analytics.com *.adswizz.com *.pinterest.com *.tapad.com *.tremorhub.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com *.bootstrapcdn.com *.mouseflow.com; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.youtube.com *.trustpilot.com *.google.com *.mouseflow.com; connect-src 'self' data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.doubleclick.net analytics.google.com *.pinterest.com *.contextine.com *.googletagmanager.com *.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.visualstudio.com https://ipinfo.io/ip https://icanhazip.com https://api.ipify.org *.mouseflow.com; media-src 'self' data: blob: *.azureedge.net; child-src 'self' *.checkngo.com *.alliedcash.com cdn.krxd.net *.hotjar.com www.googletagmanager.com *.doubleclick.net adservices.brandcdn.com insight.adsrvr.org *.mouseflow.com *.trustpilot.com *.pinterest.com *.google.com; object-src 'self' 1
frame-ancestors 'self' https://apg.experiencecloud.adobe.com https://experience.adobe.com 1
default-src 'none'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; upgrade-insecure-requests; base-uri 'none'; object-src 'none'; worker-src 'none'; child-src 'none'; frame-src 'none'; connect-src 'self'; form-action 'self'; 1
frame-ancestors 'self' *.capex.com capex.com development.capex.com *.capexstagging.com capexstagging.com; 1
frame-src 'self' *.mucem.org rooting.arenametrix.fr *.youtube.com *.facebook.com *.soundcloud.com* *.fbcdn.net *.sndcdn.com *.ausha.co *.notoryou.com https://mpembed.com/show/?m=kLFY43iYwS6&mpu=1027 *.soundcloud.com *.instagram.com *.play.acast.com embed.acast.com https://www.calameo.com https://v.calameo.com* *v.calameo.com https://v.calameo.com/?bkcode=002358376aa33755a8a80&mode=mini 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.google.com *.lineforbusiness.com *.tiktok.com *.line.biz *.googleadservices.com *.doubleclick.net *.twitter.com *.linkedin.com *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com unpkg.com/@frontify/ *.cloudinary.com web-sdk.smartlook.com www.googletagmanager.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com analytics.tiktok.com amp.azure.net; style-src 'self' 'unsafe-inline' *.google.com *.lineforbusiness.com *.tiktok.com *.line.biz *.googleadservices.com *.doubleclick.net *.twitter.com *.linkedin.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com www.googletagmanager.com optimize.google.com fonts.googleapis.com amp.azure.net; font-src 'self' fonts.gstatic.com amp.azure.net kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.googlesyndication.com googleads.g.doubleclick.net *.clarity.ms media.innovestx.co.th media.newscbs-uat.devcloud.scb *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.frontify.com *.cloudinary.com www.google-analytics.com www.googletagmanager.com optimize.google.com license.theoplayer.com www.google.co.th amp.azure.net www.innovestx.co.th; media-src 'self' data: blob: *.frontify.com *.cloudinary.com web-writer.sg.smartlook.cloud manager.eu.smartlook.cloud assets-proxy.smartlook.cloud media.newscbs-uat.devcloud.scb *.media.azure.net; frame-src 'self' *.google.com *.lineforbusiness.com *.tiktok.com *.line.biz *.googleadservices.com *.doubleclick.net *.twitter.com *.linkedin.com www.google.com www.youtube.com optimize.google.com www.facebook.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com blob:; connect-src 'self' data: accounts.google.com *.googlesyndication.com googleads.g.doubleclick.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.clarity.ms *.google.com *.lineforbusiness.com *.tiktok.com *.line.biz *.googleadservices.com *.doubleclick.net *.twitter.com *.linkedin.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.frontify.com *.cloudinary.com manager.eu.smartlook.cloud web-writer.sg.smartlook.cloud assets-proxy.smartlook.cloud https://api-digitalassets-stage.scbs.com:8443 analytics.tiktok.com analytics.google.com stats.g.doubleclick.net validate.theoplayer.com license.theoplayer.com *.media.azure.net; 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; worker-src blob: ; child-src * blob: ; img-src * data: blob: ; connect-src * https://*.netlify.app https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://widgets.swaven.com;, upgrade-insecure-requests; 1
base-uri 'self';child-src *.hsforms.com;connect-src 'self' *.incident.io https: *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.uk stats.g.doubleclick.net googleads.g.doubleclick.net *.segment.com *.segment.io *.linkedin.com cdn.linkedin.oribi.io *.iubenda.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.clearbit.com wss://ws.qualified.com *.qualified.com conversions-config.reddit.com www.redditstatic.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com https://*.greenhouse.io https://*.api.sanity.io wss://*.api.sanity.io https://*.vanta.com https://*.chilipiper.com vitals.vercel-insights.com website-kealti90p-incident-io-team.vercel.app;default-src 'self';font-src 'self' https: data: fonts.gstatic.com;form-action 'self' *.hsforms.com;frame-ancestors 'self' https://incident.sanity.studio;frame-src https: *.googletagmanager.com *.twitter.com *.iubenda.com app.qualified.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com https://incident.navattic.com https://capture.navattic.com;img-src 'self' blob: data: https: *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.uk *.googleusercontent.com stats.g.doubleclick.net *.linkedin.com *.iubenda.com *.clearbitjs.com *.clearbit.com *.qualified.com alb.reddit.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://cdn.sanity.io https://*.chilipiper.com;manifest-src 'self';media-src 'self' https: data: blob:;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: api.twitter.com platform.twitter.com;style-src 'self' 'unsafe-inline' *.iubenda.com *.hubspotusercontent00.net cdn2.hubspot.net;worker-src 'self';report-uri https://o494704.ingest.sentry.io/api/4505307188232192/security/?sentry_key=e6127d8d2f894a18918f2018108426e9;report-to https://o494704.ingest.sentry.io/api/4505307188232192/security/?sentry_key=e6127d8d2f894a18918f2018108426e9; 1
default-src 'self' blob: house-fastly-signed-eu-west-1-prod.brightcovecdn.com manifest.prod.boltdns.net *//manifest.prod.boltdns.net *.cookielaw.org cdn.cookielaw.org *.analytics.google.com *.google.com *.google-analytics.com *.googletagmanager.com googleapis.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com www.google-analytics.com fonts.googleapis.com fonts.gstatic.com arg.investis.com www.youtube.com staticcontents.investisdigital.com staticcontents.investis.com stats.g.doubleclick.net vjs.zencdn.net sc.lfeeder.com *.execute-api.eu-west-1.amazonaws.com ; img-src 'self' 'unsafe-inline' * data: www.w3.org manifest.prod.boltdns.net players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com arg.tools.investis.com snap.licdn.com staticcontents.investisdigital.com staticcontents.investis.com; frame-src 'self' atkinsrealis.com http://www.atkinsrealis.com/ *.atkinsrealis.com ir.connectidfeed.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.flockler.com *.doubleclick.net *.doubleclick.net players.brightcove.net www.google.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com www.youtube.com staticcontents.investisdigital.com staticcontents.investis.com bcove.video cloud.3dissue.com lavalab-montreal.netlify.app ; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net staticzone.idigitalcontents.com flockler.com *.investisdigital.com *.flockler.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com fonts.googleapis.com fonts.gstatic.com staticcontents.investisdigital.com staticcontents.investis.com ; font-src 'self' 'unsafe-inline' * data: vjs.zencdn.net fonts.googleapis.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.analytics.google.com *.google.com *.google-analytics.com preview-experiences.brightcove.net connect.facebook.net staticzone.idigitalcontents.com manifest.prod.boltdns.net 'unsafe-eval' blob: *.investisdigital.com *.jquery.com flockler.com *.flockler.com arg.investisdigital.net www.google.com www.gstatic.com maps.google.com maps.googleapis.com googleapis.com *.googleapis.com *.cookielaw.org cdn.cookielaw.org *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com fonts.googleapis.com fonts.gstatic.com www.google-analytics.com arg.investis.com arg.tools.investis.com snap.licdn.com www.youtube.com staticcontents.investisdigital.com staticcontents.investis.com vjs.zencdn.net secure.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com sc.lfeeder.com *.execute-api.eu-west-1.amazonaws.com ;connect-src 'self' *.linkedin.com region1.google-analytics.com staticzone.idigitalcontents.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com *.hs.llnwd.net *.google.com cdn.linkedin.oribi.io *.analytics.google.com *.google-analytics.com *.google.com *.investisdigital.com *.investis.com *.linkedin.oribi.io arg.tools.investis.com manifest.prod.boltdns.net maps.google.com gallery-metrics.api.brightcove.com flockler.com *.flockler.com privacyportal-de.onetrust.com *.cookielaw.org cdn.cookielaw.org www.googleadservices.com www.google-analytics.com maps.googleapis.com googleapis.com *.googleapis.com players.brightcove.net edge.api.brightcove.com f1.media.brightcove.com stats.g.doubleclick.net secure.brightcove.com f1.cf.brightcove.com *.execute-api.eu-west-1.amazonaws.com manifest.prod.boltdns.net;base-uri 'self'; form-action 'self' 1
style-src 'self' 'unsafe-inline' 'unsafe-inline' www2.triodos.com; img-src 'self' p-pan.triodos.com api.triodos.com maps.triodos.com www2.triodos.com video.triodos.com ad.doubleclick.net adservice.google.com adservice.google.co.uk adservice.google.nl adservice.google.be adservice.google.es adservice.google.de www.facebook.com data: android-webview-video-poster:; font-src 'self' data:; script-src 'self' 'nonce-7116c3ce-11b3-4ca4-a266-0a9353e39b2a' t-pan.triodos.com p-pan.triodos.com www2.triodos.com video.triodos.com chat.triodos.com; frame-src https://www.youtube.com https://www.youtube-nocookie.com; child-src https://www.youtube.com https://www.youtube-nocookie.com; connect-src 'self' p-pan.triodos.com t-pan.triodos.com chat.triodos.com video.triodos.com licensing.bitmovin.com; media-src 'self' blob: video.triodos.com; default-src 'self'; 1
font-src 'self' data:; img-src 'self' data:; default-src 'unsafe-inline' script-src 'unsafe-eval' https://employwise2.s3.ap-south-1.amazonaws.com https://*.myemploywise.com  https://new.myemploywise.com https://myemploywise.com https://www.smiles.in https://www.chipsoft.in http://www.myemploywise.com https://ssl.google-analytics.com https://beacon.errorception.com https://d36mpcpuzc4ztk.cloudfront.net https://www.google.com https://ps3.pubnub.com https://chat.freshdesk.com https://ps1.pubnub.com https://ps16.pubnub.com https://pubnub.com https://ps19.pubnub.com https://ps5.pubnub.com https://ps12.pubnub.com https://ps18.pubnub.com https://ps17.pubnub.com https://ps2.pubnub.com https://ajax.googleapis.com https://ps13.pubnub.com https://ps8.pubnub.com https://col.site24x7rum.com https://static.site24x7rum.com https://js.braintreegateway.com/v1/braintree.js http://www.adobe.com https://www.myemploywise.com:3000 https://maxcdn.bootstrapcdn.com/font-awesome/2.0/font/ http://code.angularjs.org/1.2.1/angular-animate.js https://cdn.tiny.cloud https://sp.tinymce.com https://www.gstatic.com https://balkangraph.com/export https://ind-balkangraph.azurewebsites.net/api/OrgChartJS https://au-e-balkangraph.azurewebsites.net/api/OrgChartJS https://au-se-balkangraph.azurewebsites.net/api/OrgChartJS https://brs-balkangraph.azurewebsites.net/api/OrgChartJS https://ca-balkangraph.azurewebsites.net/api/OrgChartJS https://ca-e-balkangraph.azurewebsites.net/api/OrgChartJS https://easia-balkangraph.azurewebsites.net/api/OrgChartJS https://eus-2-balkangraph.azurewebsites.net/api/OrgChartJS https://eus-balkangraph.azurewebsites.net/api/OrgChartJS https://wus-balkangraph.azurewebsites.net/api/OrgChartJS https://w-us-2-balkangraph.azurewebsites.net/api/OrgChartJS https://w-ind-balkangraph.azurewebsites.net/api/OrgChartJS https://w-eu-balkangraph.azurewebsites.net/api/OrgChartJS https://w-c-us-balkangraph.azurewebsites.net/api/OrgChartJS https://us-s-c-balkangraph.azurewebsites.net/api/OrgChartJS https://us-n-c-balkangraph.azurewebsites.net/api/OrgChartJS https://us-balkangraph.azurewebsites.net/api/OrgChartJS https://uk-w-balkangraph.azurewebsites.net/api/OrgChartJS https://uk-s-balkangraph.azurewebsites.net/api/OrgChartJS https://s-ind-balkangraph.azurewebsites.net/api/OrgChartJS https://se-asia-balkangraph.azurewebsites.net/api/OrgChartJS https://n-eu-balkangraph.azurewebsites.net/api/OrgChartJS https://kr-balkangraph.azurewebsites.net/api/OrgChartJS https://jp-w-balkangraph.azurewebsites.net/api/OrgChartJS https://jp-e-balkangraph.azurewebsites.net/api/OrgChartJS https://fr-balkangraph.azurewebsites.net/api/OrgChartJS https://balkangraph.com/export/v3 https://unpkg.com/ https://internal.employwise.app/ https://ifsc.razorpay.com/ 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://masto.es; img-src 'self' https: data: blob: https://masto.es; style-src 'self' https://masto.es 'nonce-b1hDa/mXDVA9mM/SRTsPPA=='; media-src 'self' https: data: https://masto.es; frame-src 'self' https:; manifest-src 'self' https://masto.es; form-action 'self'; child-src 'self' blob: https://masto.es; worker-src 'self' blob: https://masto.es; connect-src 'self' data: blob: https://masto.es https://media.masto.es wss://masto.es; script-src 'self' https://masto.es 'wasm-unsafe-eval' 1
default-src 'self' https://cdn.consentmanager.mgr.consensu.org https://www.google-analytics.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://www.google-analytics.com https://www.googletagmanager.com https://cdn.curator.io https://static.etracker.com https://www.etracker.de https://code.etracker.com https://*.delivery.consentmanager.net https://cdn.consentmanager.net;style-src 'self' 'unsafe-inline' https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://fonts.googleapis.com https://cdn.curator.io https://www.youtube.com;img-src 'self' data:  https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://curator-assets.b-cdn.net https://pbs.twimg.com https://media-exp1.licdn.com https://*.fbcdn.net https://yt3.ggpht.com https://i.ytimg.com *.google.ae/ads/ *.google.al/ads/ *.google.am/ads/ *.google.at/ads/ *.google.ba/ads/ *.google.be/ads/ *.google.bg/ads/ *.google.bj/ads/ *.google.by/ads/ *.google.ca/ads/ *.google.cd/ads/ *.google.ch/ads/ *.google.cl/ads/ *.google.cn/ads/ *.google.co.id/ads/ *.google.co.il/ads/ *.google.co.in/ads/ *.google.co.jp/ads/ *.google.co.kr/ads/ *.google.co.ma/ads/ *.google.co.nz/ads/ *.google.co.th/ads/ *.google.co.uk/ads/ *.google.co.uz/ads/ *.google.co.za/ads/ *.google.com.au/ads/ *.google.com.bd/ads/ *.google.com.br/ads/ *.google.com.co/ads/ *.google.com.cy/ads/ *.google.com.ec/ads/ *.google.com.eg/ads/ *.google.com.hk/ads/ *.google.com.jm/ads/ *.google.com.lb/ads/ *.google.com.mx/ads/ *.google.com.my/ads/ *.google.com.ng/ads/ *.google.com.np/ads/ *.google.com.ph/ads/ *.google.com.pk/ads/ *.google.com.qa/ads/ *.google.com.sa/ads/ *.google.com.sg/ads/ *.google.com.tr/ads/ *.google.com.tw/ads/ *.google.com.ua/ads/ *.google.com.uy/ads/ *.google.com.vn/ads/ *.google.com/ads/ *.google.cz/ads/ *.google.de/ads/ *.google.dk/ads/ *.google.dz/ads/ *.google.es/ads/ *.google.fi/ads/ *.google.fr/ads/ *.google.gr/ads/ *.google.gy/ads/ *.google.hr/ads/ *.google.hu/ads/ *.google.ie/ads/ *.google.it/ads/ *.google.jo/ads/ *.google.li/ads/ *.google.lt/ads/ *.google.lu/ads/ *.google.lv/ads/ *.google.md/ads/ *.google.mk/ads/ *.google.mu/ads/ *.google.nl/ads/ *.google.no/ads/ *.google.pl/ads/ *.google.pt/ads/ *.google.ro/ads/ *.google.rs/ads/ *.google.ru/ads/ *.google.se/ads/ *.google.si/ads/ *.google.sk/ads/ *.google.tn/ads/ https://*.delivery.consentmanager.net;font-src 'self' https://fonts.gstatic.com https://cdn.curator.io  data:;connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com *.cloudfront.net  https://api.curator.io https://www.etracker.de https://consentmanager.mgr.consensu.org https://*.delivery.consentmanager.net;frame-src https://register.gotowebinar.com  https://www.movingimage24.com https://videomanager.movingimage24.com https://irs.tools.investis.com https://e.video-cdn.net https://vimeo.com https://webcast2.promeas.com/ https://player.vimeo.com/ https://www.brn-ag.de/ https://soziale-anwendung.de/ https://www.youtube.com/embed/ https://www.youtube-nocookie.com/;media-src 'self' blob: https://curator-assets.b-cdn.net *.cloudfront.net/jenoptik/ https://video.twimg.com;worker-src blob:;report-uri https://jeno.report-uri.com/r/d/csp/enforce 1
default-src 'self'; frame-ancestors *.localize.com *.localizejs.com *.localizecdn.com; connect-src 'self' saltosystem-cvs-prod.appspot.com cms.saltosystems.com pardot.saltosystems.com cdn.cookielaw.org *.linkedin.com *.localize.com *.localizecdn.com *.localizejs.com *.hotjar.com *.google-analytics.com stats.g.doubleclick.net ws25.hotjar.com analytics.google.com *.analytics.google.com *.google.com geolocation-db.com *.oribi.io *.onetrust.com *.visualwebsiteoptimizer.com app.vwo.com *.clarity.ms *.doubleclick.net *.hotjar.io *.googlesyndication.com; font-src 'self' data: *.googleapis.com fonts.gstatic.com; worker-src 'self' blob:; img-src 'self' data: *.localizecdn.com *.google-analytics.com *.google.com *.google.es *.linkedin.com *.onetrust.com *.facebook.com googleads.g.doubleclick.net *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com *.clarity.ms *.googletagmanager.com *.storychief.com *.bing.com *.storyblok.com app.vwo.com; script-src 'self' 'unsafe-inline' global.localizecdn.com cdn.cookielaw.org *.onetrust.com connect.facebook.net stats.g.doubleclick.net googleads.g.doubleclick.net pi.pardot.com pardot.saltosystems.com *.hotjar.com *.licdn.com *.google-analytics.com *.google.com *.google.es *.gstatic.com *.googleadservices.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com *.clarity.ms; style-src 'self' 'unsafe-inline' *.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com; frame-src 'self' cms.saltosystems.com pardot.saltosystems.com vars.hotjar.com *.google.com *.localizecdn.com *.youtube.com *.facebook.com *.twitter.com app.vwo.com *.visualwebsiteoptimizer.com *.doubleclick.net 1
script-src 'strict-dynamic' 'nonce-c5238cfe83fe86eff44c6981d5eff6a6' 'unsafe-eval' 'unsafe-inline' http: https: s.kk-resources.com web-sdk.smartlook.com www.googleadservices.com im9.cz supportbox.cz *.seznam.cz *.zbozi.cz *.xzone.cz;img-src 'self' api.paylibo.com xzone.cz csfd.cz *.seznam.cz *.zbozi.cz blob: data: tracking.smartemailing.cz *.twisto.cz i.ibb.co *.xzone.cz *.xzone.sk *.xzone.hu *.xzone.de *.xzone.at *.gamlery.pl *.xzone.pl *.ceneo.pl *.gamlery.cz *.gameexpres.sk *.csfd.cz *.google-analytics.com *.google.com *.google.cz *.google.sk *.google.hu *.google.pl *.google.de *.google.at *.google.co.uk googleads.g.doubleclick.net *.googletagmanager.com *.googleadservices.com stats.g.doubleclick.net www.facebook.com connect.facebook.net cdnjs.cloudflare.com steamcdn-a.akamaihd.net static.muve.cz ssl.heureka.cz *.heureka.cz *.heureka.sk *.estores.cz *.filmexpres.cz *.dvdexpres.sk *.gameexpress.hu *.seznam.cz *.cdninstagram.com *.supportbox.cz *.arukereso.hu *.steamstatic.com s.kelkoogroup.net;frame-ancestors g;object-src 'none';base-uri 'none';form-action 'self' *.facebook.com *.csob.cz moja.tatrabanka.sk *.gopay.com *.gopay.cz *.homecredit.cz *.hccs.cz *.paypal.com;report-to csp-endpoint 1
default-src 'self' 'unsafe-inline' data: https://updown.io https://*.updown.io https://www.paypalobjects.com https://cdn.headwayapp.co http://headway-widget.net; font-src 'self' https: data: 1
default-src 'self'; script-src 'self' 'nonce-NzAzMWVkYWYtNWUxZC00ZDFhLWIzMGMtZDRhNjM4N2YyY2M4' https://*.go-mpulse.net 'strict-dynamic' https: http: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.407etr.com maps.googleapis.com www.google-analytics.com https://*.my.salesforce-sites.com https://*.split.io images.ctfassets.net browser-intake-datadoghq.com https://*.go-mpulse.net https://*.akstat.io data:; style-src 'self' service.force.com fonts.googleapis.com https://*.my.salesforce-sites.com 'unsafe-inline'; img-src 'self' maps.gstatic.com maps.googleapis.com images.ctfassets.net i.ytimg.com https://*.documentforce.com https://*.akstat.io blob: data:; font-src 'self' fonts.gstatic.com data:; object-src 'none'; base-uri 'self'; frame-src 'self' service.force.com www.youtube.com www.google.com; form-action 'self'; frame-ancestors app.contentful.com; upgrade-insecure-requests; 1
object-src 'self';script-src * 'unsafe-eval' 'unsafe-inline' data: blob:; 1
default-src 'self' *.dkv.com *.ergo.de *.ergo.com; script-src 'self' *.dkv.com *.ergo.de *.ergo.com *.cloudfirst.digital *.google.com *.googlesyndication.com www.gstatic.com maps.googleapis.com www.youtube.com *.vimeo.com *.fullstory.com *.onetrust.com cdn.cookielaw.org assets.adobedtm.com cdn.jsdelivr.net *.cnd-motionmedia.de *.facebook.net *.outbrain.com *.taboola.com *.googletagmanager.com www.googleadservices.com *.intelliad.de *.adform.net *.bing.com *.spoteffects.net *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.dkv.com *.ergo.de *.ergo.com fonts.googleapis.com *.gstatic.com cdn.jsdelivr.net 'unsafe-inline'; img-src data: 'self' *.udg.de *.dkv.com *.ergo.de *.ergo.com *.cloudfirst.digital cdn.cookielaw.org maps.googleapis.com maps.gstatic.com i.vimeocdn.com i.ytimg.com portal.apocdn.net ergoag.d3.sc.omtrdc.net *.fullstory.com *.demdex.net cm.everesttech.net www.facebook.com *.outbrain.com *.taboola.com *.googlesyndication.com *.doubleclick.net bat.bing.com trck.spoteffects.net *.google.com www.google.de www.google.at www.google.ch www.google.be www.google.cz www.google.af www.google.bg www.google.by *.googletagmanager.com *.intelliad.de contactapi.static.fyi *.financeads.net *.ergocarbon.com; font-src data: 'self' *.dkv.com *.ergo.de *.ergo.com *.cloudfirst.digital fonts.gstatic.com; form-action 'self'; object-src 'self'; connect-src 'self' *.dkv.com *.ergo.de *.ergo.com *.cloudfirst.digital cdn.cookielaw.org *.onetrust.com maps.googleapis.com vimeo.com *.vimeo.com *.fullstory.com bat.bing.com *.demdex.net ergode.tt.omtrdc.net ergoag.d3.sc.omtrdc.net *.google.com amplify.outbrain.com tr.outbrain.com www.googleadservices.com *.googlesyndication.com *.doubleclick.net *.taboola.com *.intelliad.de *.adobedc.net; frame-src 'self' *.dkv.com *.ergo.de *.ergo.com www.google.com www.youtube.com *.vimeo.com *.demdex.net *.doubleclick.net *.taboola.com; frame-ancestors 'self'; base-uri 'self'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: *.fck.de 1
frame-ancestors dev-sonnentor2022.elements.zone www.sonnentor.com *.emarsys.net; 1
base-uri 'self';default-src 'none';script-src 'nonce-OhevTkC9Qr' 'unsafe-inline';style-src 'nonce-OhevTkC9Qr' *.3ps.team *.assemblytoolbox.com assemblytoolbox.com fonts.googleapis.com fonts.gstatic.com www.gstatic.com charts.mongodb.com *.microsoftonline.com;img-src *.3ps.team *.assemblytoolbox.com assemblytoolbox.com maps.gstatic.com *.googleapis.com maps.google.com *.ggpht.com charts.mongodb.com data: blob: *.microsoftonline.com s3.amazonaws.com *.s3.amazonaws.com;font-src *.3ps.team *.assemblytoolbox.com assemblytoolbox.com fonts.googleapis.com fonts.gstatic.com data: *.microsoftonline.com;connect-src *.3ps.team *.assemblytoolbox.com assemblytoolbox.com wss://*.assemblytoolbox.com wss://*.pusher.com wss://*.3ps.team maps.googleapis.com maps.google.com *.pusher.com expressentry.melissadata.net wss://*.chime.aws *.chime.aws *.microsoftonline.com;worker-src *.3ps.team *.assemblytoolbox.com assemblytoolbox.com blob: *.microsoftonline.com;object-src *.3ps.app *.3ps.team *.assemblytoolbox.com assemblytoolbox.com *.microsoftonline.com;media-src *.3ps.team *.assemblytoolbox.com *.microsoftonline.com assemblytoolbox.com;frame-src *.3ps.team *.assemblytoolbox.com assemblytoolbox.com charts.mongodb.com *.microsoftonline.com;form-action 'self' https: *.servicechannel.com;frame-ancestors 'self'; 1
default-src https://app.powerbi.com https://static.mailplus.nl/ https://*.printfriendly.com/ https://*.magzmaker.com/ https://*.twitter.com/ https://*.googlesyndication.com/ https://*.googleapis.com/ 'self' 'unsafe-inline'; font-src https://cdnapisec.kaltura.com/ https://*.gstatic.com/ 'self'; child-src  'self'; connect-src https://app.powerbi.com https://zendesk-eu.my.sentry.io/ https://medischcontact.zendesk.com/ https://ekr.zdassets.com/ https://artsportaal.nl/ https://*.artsportaal.nl/ https://vod.nucleusvideo.astrazeneca.com/ https://cdnapisec.kaltura.com/ https://analytics.kaltura.com/ https://stats.kaltura.com/ https://*.omappapi.com/ wss://*.hotjar.com/ https://pagead2.googlesyndication.com/ https://api.omappapi.com/ https://*.printfriendly.com/  wss://ws1.hotjar.com/ https://*.google-analytics.com/ https://9292.nl/ https://*.hotjar.io/ https://*.hotjar.com/ https://*.opmnstr.com/ https://*.doubleclick.net/ https://csi.gstatic.com/ wss://pod-28.zendesk.com/ https://*.zdassets.com/ https://medischcontact.zendesk.com/ https://cmtt.nl/ 'self'; frame-src https://app.powerbi.com https://knmg.zevenmijls.nl/ https://www.mysitemapgenerator.com/ https://feed.surfing-waves.com/ https://public.tableau.com/ https://mcads.nl/ https://omny.fm https://docs.google.com/ https://quadia.webtvframework.com/ http://quadia.webtvframework.com/ https://share.transistor.fm/ https://www.bbc.com/ https://dms.licdn.com/ https://*.linkedin.com/ https://*.googlesyndication.com/ https://crossmedia.mediasite.com/ https://*.crossmediaplatform.nl/ https://widgets.bnr.nl/ https://quadia.webtvframework.com/ https://*.printfriendly.com/ https://knmg.mediafiler.net/ https://player.vimeo.com/ https://*.magzmaker.com/ https://*.twitter.com/ https://twitter.com/ https://www.facebook.com/ https://player.bnnvara.nl/ https://*.soundcloud.com/ https://vgt.medischcontact.nl/ https://*.googlesyndication.com/ https://*.formdesk.com/ https://9292.nl/ https://www.google.com/ https://webforms.aboportal.nl/ https://open.spotify.com/ https://www.youtube-nocookie.com/ https://youtu.be/ https://*.youtube.com/ https://*.hotjar.com/ 'self'; frame-ancestors  'self'; img-src https://artsportaal.nl/ https://*.artsportaal.nl/ https://*.bbci.co.uk/ https://cfvod.kaltura.com/ https://www.facebook.com/ https://*.mailplus.nl/ https://*.printfriendly.com/ https://*.googleusercontent.com/ https://*.twimg.com/ https://*.twitter.com/ http://www.knmg.nl/ http://www-knmg.gxcloud.net http://www.medischcontact.nl/ http://www-medischcontact.gxcloud.net/ https://picsum.photos/ http://placehold.it/ https://unsplash.it/ https://*.google-analytics.com/ https://*.googlesyndication.com/ https://*.doubleclick.net/ https://*.google.com/ https://medischcontact.zendesk.com/ https://*.zdassets.com/ https://cmtt.nl/ 'self' data:; media-src https://cdnapisec.kaltura.com/ blob: 'self'; object-src  'self'; script-src https://9292.nl/ 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; style-src https://artsportaal.nl/ https://*.artsportaal.nl/ https://*.printfriendly.com https://fonts.googleapis.com 'self' 'unsafe-inline';  worker-src  'self' blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' data: https://www.clarity.ms/ https://connect.facebook.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.net/ https://www.google-analytics.com https://js-agent.newrelic.com https://bam.nr-data.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://www.clarity.ms/ https://restcountries.eu/rest/ https://www.google-analytics.com https://bam.nr-data.net; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.google.com/recaptcha/ https://recaptcha.net/  https://www.youtube.com; img-src 'self' data: blob: https:; media-src https://cdn.mysalemarketplace.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/api/player.js; img-src 'self' data: *.ytimg.com *.vimeocdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; frame-src youtube.com www.youtube.com *.vimeo.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://ajax.googleapis.com https://rum-static.pingdom.net https://cdnjs.cloudflare.com https://fast.wistia.com https://pi.pardot.com https://translate.google.com http://translate.google.com https://translate.googleapis.com https://www.google-analytics.com https://bpasblog.disqus.com https://challenges.cloudflare.com https://www.dinkytown.net; style-src 'self' https://fast.wistia.net https://bpas.com 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com http://translate.google.com https://www.dinkytown.net; default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; object-src 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://cyberplace.social; img-src 'self' https: data: blob: https://cyberplace.social; style-src 'self' https://cyberplace.social 'nonce-t7ZY0KJmF4Ue7UgoGHD+5w=='; media-src 'self' https: data: https://cyberplace.social; frame-src 'self' https:; manifest-src 'self' https://cyberplace.social; form-action 'self'; child-src 'self' blob: https://cyberplace.social; worker-src 'self' blob: https://cyberplace.social; connect-src 'self' data: blob: https://cyberplace.social https://cyberplace.social wss://cyberplace.social; script-src 'self' https://cyberplace.social 'wasm-unsafe-eval' 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.janraincapture.com https://rpxnow.com https://www.googleadservices.com https://api.tiles.mapbox.com https://cdnjs.cloudflare.com *.cloudfront.net https://www.lightboxcdn.com https://api.lightboxcdn.com https://pge.segmanta.com https://www.upsellit.com https://s.pinimg.com https://z.moatads.com https://c.lytics.io https://cdn.segment.com https://js-cdn.dynatrace.com https://wtbng.pricespider.com https://wtbstream.pricespider.com https://embeddedcloud.pricespider.com https://omni.pricespider.com https://locate.pricespider.com https://wtbevents.pricespider.com https://cdn.pricespider.com https://www.youtube.com https://pghub.io *.cookielaw.org *.onetrust.com *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://quilt-cdn.janrain.com https://api.tiles.mapbox.com https://s3.lightboxcdn.com https://api.lightboxcdn.com https://www.lightboxcdn.com https://c.lytics.io https://cdn.pricespider.com fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' https://videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org *.cloudfront.net https://googleads.g.doubleclick.net https://www.google.hr https://www.google.co.in https://insight.adsrvr.org https://40n23zgkic3y-a.akamaihd.net https://ct.pinterest.com https://submit.lightboxcdn.com https://submitcus.lightboxcdn.com https://s3.lightboxcdn.com https://api.lightboxcdn.com https://www.lightboxcdn.com https://c.lytics.io https://cdn.pricespider.com https://wwwassets.pricespider.com https://embeddedcloud.pricespider.com https://px.moatads.com https://www.google.com i.ytimg.com videos.ctfassets.net images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' https://s3.lightboxcdn.com fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' *.janraincapture.com https://videos.ctfassets.net https://pandg.tapad.com https://www.youtube.com https://www.youtube-nocookie.com *.adsrvr.org *.doubleclick.net *.jebbit.com consumersupport.pg.com servedby.flashtalking.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com feed.pghub.io pandg.tapad.com ; manifest-src * ; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://pony.social; img-src 'self' data: blob: https://pony.social https://cdn.pony.social; style-src 'self' https://pony.social 'nonce-Ki1eZhnlQQFTJa6A3kTwmg=='; media-src 'self' data: https://pony.social https://cdn.pony.social; frame-src 'self' https:; manifest-src 'self' https://pony.social; form-action 'self'; child-src 'self' blob: https://pony.social; worker-src 'self' blob: https://pony.social; connect-src 'self' data: blob: https://pony.social https://cdn.pony.social wss://pony.social; script-src 'self' https://pony.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://*.daiken.jp https://*.daiken.co.jp; 1
default-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ssl.google-analytics.com https://www.gstatic.com http://maps.google.com https://maps.googleapis.com https://*.googletagmanager.com;connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://*.googletagmanager.com;img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.doctolib.de https://maps.googleapis.com https://www.google-analytics.com https://*.google-analytics.com https://maps.gstatic.com https://*.googletagmanager.com;frame-src https://www.youtube-nocookie.com;frame-ancestors 'self';form-action 'self';base-uri 'self'; 1
default-src 'self' blob: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.consentmanager.net https://www.googletagmanager.com https://secure.quantserve.com/ https://www.google-analytics.com/ https://*.usabilla.com/ https://platform.twitter.com https://*.vattenfall.se https://rules.quantcount.com/ https://www.gstatic.com https://www.youtube.com https://connect.facebook.net https://bat.bing.com https://platform.twitter.com/ https://rules.quantcount.com/ https://*.snapchat.com/ https://dev.visualwebsiteoptimizer.com https://www.google.com https://*; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: *.consentmanager.net https://www.googletagmanager.com https://secure.quantserve.com/ https://www.google-analytics.com/ https://app.readpeak.com/* https://connect.facebook.net/ https://platform.twitter.com/* https://www.youtube.com/ https://*.vattenfall.se/ https://bat.bing.com/ https://dev.visualwebsiteoptimizer.com/ https://www.gstatic.com/ https://www.google.com/ https://ecpacc-gwe.vattenfall.se/ https://*.usabilla.com/ https://rules.quantcount.com/ https://*; img-src 'self' data: blob: *.consentmanager.net *.vattenfall.se https://www.facebook.com https://analytics.twitter.com/ https://sync.taboola.com https://*.visualwebsiteoptimizer.com/ https://bat.bing.com/ https://www.linkedin.com/ https://cm.g.doubleclick.net/ https://*.visualwebsiteoptimizer.com/ https://app.readpeak.com https://www.google.com/ https://www.google.se/ https://www.google-analytics.com/* https://*.linkedin.com/ https://www.google-analytics.com https://*.pinterest.com/ https://pixel.quantserve.com/ https://*.usabilla.com/ https://platform.twitter.com/* https://www.googletagmanager.com/ https://*.snapchat.com/ https://www.gstatic.com/ https://t.co/ https://prreqcroab.icu/ https://*; style-src 'self' 'unsafe-inline' 'strict-dynamic' data: https://*; style-src-elem 'self' https://*.vattenfall.se/ 'unsafe-inline' 'unsafe-eval' data: https://fonts.googleapis.com https://elements.vattenfall.se https://ecp-gwe.vattenfall.se/ https://*; font-src 'self' data: https://*.vattenfall.nl https://vfsalesstorageprd.blob.core.windows.net/ https://*.vattenfall.se/ https://fonts.gstatic.com/ https://incharge.azureedge.net/ data: https://*; connect-src 'self' wss://*.vattenfall.se/ data: blob: properties https://*.google-analytics.com/ https://*.doubleclick.net https://dev.visualwebsiteoptimizer.com/* https://*.visualwebsiteoptimizer.com/ https://dc.services.visualstudio.com/* https://bat.bing.com/* https://*.vattenfall.se/ https://*.visualwebsiteoptimizer.com/* https://pixel.quantcount.com/ https://*.visualstudio.com/ https://*.pinterest.com/ https://bat.bing.com/ https://www.facebook.com/ https://app.readpeak.com/ https://adservice.google.com/ https://cdn.linkedin.oribi.io/ https://www.google.com/ https://businessspecificapimanglobal.azure-api.net/ https://tr.snapchat.com https://*; frame-src 'self' https://*.doubleclick.net https://*.snapchat.com https://*.pinterest.com https://www.youtube.com https://www.facebook.com https://* anwebconsole; worker-src blob:; object-src 'none';report-uri https://selfserviceapi.www.vattenfall.se/api/csp-report/report-uri?key=fib963d74f; 1
default-src 'self' https://racecenter.letour.fr https://emeaclientportal.datacenter.hello.global.ntt https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://s1329636.t.eloqua.com https://www.google.com.br https://www.google.com.hk https://www.google.com.sg https://www.google.co.in https://www.google.co.nz https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.com.pa https://www.google.nl https://www.google.co.jp https://*.fls.doubleclick.net  https://prodau-cdn.azureedge.net https://prodeu-cdn.azureedge.net https://www.google.com https://resources.digital-cloud.medallia.eu https://*.licdn.com https://s7.addthis.com https://vars.hotjar.com/ https://connect.facebook.net/ https://www.facebook.com/ *.crazyegg.com https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com/vi_webp/PfZzvGGRaOM/mqdefault.webp; img-src 'self' blob: data: https://*.emtana.com:* https://emeaclientportal.datacenter.hello.global.ntt/servlet/servlet.ImageServer?id=0151i000000vC0y&oid=00D58000000H2jR https://portal.webolytics.com/ https://admin.bound360.com/images/logos/bound-logo-full.png https://cdn.bizible.com https://cdn.bizibly.com https://px4.ads.linkedin.com https://ad.doubleclick.net https://www.google.be https://pbs.twimg.com https://*.analytics.google.com https://*.google.com https://*.brightfunnel.com https://q.quora.com https://alb.reddit.com https://www.marketing-town.com https://assets.getsmartcontent.com https://www.google.co.in https://www.google.com.hk https://www.google.com.sg https://www.google.co.nz https://www.google.co.jp https://www.google.com.br https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.nl https://di3c8wks3odob.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com https://www.google.de https://www.google.it https://pixel.tapad.com https://decibel-49-adswizz.attribution.adswizz.com https://www.google.co.uk https://attribution.decibelads.com https://reverseads.matomo.cloud https://tracking.connect.services.global.ntt https://fonts.gstatic.com https://cdn.cookielaw.org https://analytics.twitter.com https://analytics.google.com https://*.terminus.services https://match.adsrvr.org https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://resources.digital-cloud.medallia.eu https://j.mrpdata.net https://857338121.privacysandbox.googleadservices.com https://720787047.privacysandbox.googleadservices.com https://apt.techtarget.com https://620993155.privacysandbox.googleadservices.com https://p.adsymptotic.com/ *.crazyegg.com https://tracking.hello.global.ntt/ https://www.google.co.za https://*.kampyle.com https://vars.hotjar.com https://pubads.g.doubleclick.net https://script.hotjar.com http://script.hotjar.com www.googletagmanager.com https://www.google.com https://www.google.com.pa https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://prodeu-cdn.azureedge.net https://prodau-cdn.azureedge.net https://t.co/ https://px.ads.linkedin.com/ https://connect.facebook.net/ https://www.facebook.com/ https://www.linkedin.com/ https://s2190102.t.eloqua.com/ https://storage.googleapis.com/ https://*.akstat.io; style-src 'unsafe-inline' 'unsafe-eval' 'self' *.crazyegg.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/tiny-slider.css https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com; font-src 'self' https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://fonts.gstatic.com data: http://script.hotjar.com https://script.hotjar.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors https://cm.euprod.services.global.ntt https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://vars.hotjar.com https://bid.g.doubleclick.net https://*.crazyegg.com; script-src 'nonce-MzMzMzkwMThub25jZS1yYW5kb20='  'unsafe-inline' 'unsafe-eval' 'self' blob: https://*.emtana.com:* https://emeaclientportal.datacenter.hello.global.ntt https://*.adobe.io https://*.go-mpulse.net https://portal.webolytics.com https://cdn.bizible.com https://secure.intelligentdata52.com https://a.quora.com https://unpkg.com/web-vitals@3.0.0/dist/web-vitals.attribution.iife.js https://*.brightfunnel.com https://*.analytics.google.com https://*.google.com https://www.redditstatic.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.js https://maps.googleapis.com https://www.google.co.in https://www.google.co.nz https://www.google.com.pa https://www.google.de https://www.google.it https://cdn.matomo.cloud https://s.getsmartcontent.com https://cdn.getsmartcontent.com https://attribution.decibelads.com https://tracking.connect.services.global.ntt https://snippet.ramblechat.com https://munchkin.brightfunnel.com https://*.terminus.services https://analytics.google.com https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://www.gstatic.com https://trk.techtarget.com https://visitor.reactful.com https://*.crazyegg.com https://script.crazyegg.com https://connect.facebook.net/ https://cdn.cookielaw.org/ https://secure.east2pony.com/ https://protect-eu.mimecast.com/ https://www.google.co.za/ https://*.addthisedge.com https://z.moatads.com https://*.addthis.com https://script.hotjar.com http://script.hotjar.com http://static.hotjar.com https://static.hotjar.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://analytics.twitter.com https://static.ads-twitter.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com https://img03.en25.com https://script.crazyegg.com https://www.youtube.com www.googleadservices.com https://pubads.g.doubleclick.net https://snap.licdn.com https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/min/tiny-slider.js https://geolocation.onetrust.com https://vidassets.terminus.services  https://acrobatservices.adobe.com; connect-src 'self' https://*.t.eloqua.com https://*.adobe.io https://*.go-mpulse.net https://portal.webolytics.com https://px.ads.linkedin.com https://*.brightfunnel.com https://*.analytics.google.com https://*.google.com https://ibc-flow.techtarget.com https://cdn.linkedin.oribi.io https://udc-neb.kampyle.com https://www.google.com.pa https://s.getsmartcontent.com https://chat-messaging.terminus.services https://www.gstatic.com https://maps.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/mapConfigs https://reverseads.matomo.cloud wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com https://chat-visitor-info.terminus.services https://iotas.terminus.services https://chat-team-management.terminus.services https://di3c8wks3odob.cloudfront.net https://realtime.ramblechat.com https://idx.liadm.com/ https://geolocation.onetrust.com/ https://api.brightfunnel.com https://analytics.google.com https://*.leady.com/ https://tracking.reactful.com https://resources.digital-cloud.medallia.eu https://visitor.reactful.com *.crazyegg.com https://www.facebook.com/ https://connect.facebook.net/ https://cdn.cookielaw.org/ https://stats.g.doubleclick.net/ https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://script.crazyegg.com/* https://api-public.addthis.com https://*.addthis.com https://privacyportal-de.onetrust.com/ https://*.akstat.io https://*.akamaihd.net https://acrobatservices.adobe.com; object-src blob: ; frame-src https://racecenter.letour.fr https://block.opendns.com https://td.doubleclick.net https://ssp2.gin.ntt.net https://www.google.com.pa https://10155546.fls.doubleclick.net https://resources.digital-cloud.medallia.eu https://extraordinary-platypus-f5e0bb.netlify.app https://nttbdttour.netlify.app/ https://cm.euprod.services.global.ntt https://www.youtube.com https://www.google.com https://youtu.be https://acrobatservices.adobe.com 1
frame-ancestors 'self' https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net http://webvisor.com https://metrika.yandex.ru; 1
default-src 'self' data: https://dc.services.visualstudio.com/v2/track; script-src 'self' 'unsafe-inline' cdnjs.cloudflare.com dl.episerver.net https://www.google.com https://www.gstatic.com *.msecnd.net/ *.matomo.cloud *.plausible.io *.googletagmanager.com *.siteimproveanalytics.com https://siteimproveanalytics.com/js/  https://cdn.siteimprove.net *.arcgis.is https://storymaps.arcgis.com/stories/ https://js.monitor.azure.com/scripts/ *.optimizely.com https://app.powerbi.com *.skyra.no https://cdn.jsdelivr.net/npm/ https://policy.app.cookieinformation.com; style-src 'self' 'unsafe-hashes' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.jsdelivr.net/npm/ https://www.googletagmanager.com/debug/badge.css; img-src 'self' blob: data: *.openstreetmap.org https://services.geodataonline.no/ https://lovdata.no *.siteimproveanalytics.io/ *.miljodirektoratet.no https://p-tursti-cdne.azureedge.net/ https://t-tursti-cdne.azureedge.net/ https://www.googletagmanager.com https://nasjonaleturiststier.no https://storymaps.arcgis.com; connect-src * 'self' blob: my2.siteimprove.com id.siteimprove.com pui.episerver.net *.visualstudio.com *.plausible.io *.miljodirektoratet.matomo.cloud *.miljodirektoratet.no *.vannportalen.no *.optimizely.com  https://app.powerbi.com *.skyra.no *.arcg.is *.experience.arcgis.com/ https://www.miljodirektoratet.no/ https://consent.app.cookieinformation.com/api/consent https://policy.app.cookieinformation.com/*; font-src 'self' fonts.gstatic.com hello.myfonts.net *.cloudfront.net; object-src 'none'; ; media-src 'none'; ; frame-src 'self' *.miljodirektoratet.no https://www.youtube-nocookie.com/ https://www.google.com https://app.powerbi.com/ https://storymaps.arcgis.com https://play.libsyn.com *.libsyn.com *.experience.arcgis.com/ *.arcg.is https://arcg.is/ https://experience.arcgis.com/ https://kart.barentswatch.no/ https://miljoatlas.miljodirektoratet.no *.video.qbrick.com  https://player.vimeo.com/video/ https://policy.app.cookieinformation.com/ https://kart.renthav.no ; child-src 'self' ; form-action 'self' ; frame-ancestors 'self' https://www.miljodirektoratet.no/ https://dsa.no/ https://dsa.no/ https://storymaps.arcgis.com; base-uri 'self' ; 1
style-src 'self' https://*.empreintedigitale.fr 'unsafe-inline' *.jquery.com *.js 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.yandex.ru http://*.youtube.com; report-uri https://myklad.org/csp-report.php 1
default-src 'self' www.google-analytics.com analytics.google.com www.google.md stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; frame-src 'self' www.google.com www.youtube.com www.facebook.com 1
object-src 'none'; frame-ancestors 'self'; form-action 'self' ddlnk.net kie-14655.azurewebsites.net kie-14655.design-portfolio.info edit.kie-14655.design-portfolio.info kier.co.uk login.microsoftonline.com; base-uri 'self'; upgrade-insecure-requests; block-all-mixed-content 1
default-src https: 'self' *.mcmurrayhatchery.com www.youtube.com api.instagram.com; script-src https: 'self' *.mcmurrayhatchery.com www.youtube.com api.instagram.com 'unsafe-inline' *.google-analytics.com platform.twitter.com cdn.syndication.twimg.com mcmurrayhatchery.refersion.com; style-src https: 'self' *.mcmurrayhatchery.com www.youtube.com api.instagram.com 'unsafe-inline' ton.twimg.com platform.twitter.com fonts.googleapis.com; font-src https: 'self' *.mcmurrayhatchery.com www.youtube.com api.instagram.com fonts.gstatic.com fonts.googleapis.com; img-src https: 'self' *.mcmurrayhatchery.com www.youtube.com api.instagram.com blob: data: *.google-analytics.com *.gstatic.com *.googletagmanager.com *.twitter.com *.twimg.com *.cloudfront.net scontent.cdninstagram.com www.paypal.com; frame-ancestors 'none'; 1
frame-ancestors 'self' *.bluemod.me *.bluemod.us credithuman-cms-stage-k13-2022.azurewebsites.net credithuman-cms-prod-k13-2022.azurewebsites.net; 1
default-src 'self'; script-src 'self; img-src 'self'; object-src 'none'; font-src 'self'; frame-ancestors 'none' https: 1
frame-ancestors 'self' *.pucv.cl; 1
frame-ancestors 'self' 'reborns.com' 'bearpile.com'; 1
default-src 'none'; img-src 'self'; script-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' blob:; media-src 'self' 1
font-src *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.googleapis.com *.gstatic.com *.postimg.org store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.facebook.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googleapis.com *.google.com *.gstatic.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://static.klaviyo.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.doubleclick.net *.googleapis.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src https: wss: data:; font-src 'self' https: data:; img-src 'self' data: blob: https: 1
default-src 'self' 'unsafe-inline' assets.risk.net assets.insurancehound.co.uk assets.waterstechnology.com assets.risklibrary.net assets.centralbanking.com assets.postonline.co.uk assets.incinsight.com assets.insuranceage.co.uk assets.euinsurancetech.com assets.fx-markets.com assets.risktech-forum.com assets.infopro-insight.com assets.chartis-research.com content.jwplatform.com videos-cloudfront-usp.jwpsrv.com securepubads.g.doubleclick.net blob:; connect-src *; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com assets.risk.net assets.insurancehound.co.uk assets.waterstechnology.com assets.risklibrary.net assets.centralbanking.com assets.postonline.co.uk assets.incinsight.com assets.insuranceage.co.uk assets.euinsurancetech.com assets.fx-markets.com assets.risktech-forum.com assets.infopro-insight.com assets.chartis-research.com; frame-src *; img-src * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.risk.net assets.insurancehound.co.uk assets.waterstechnology.com assets.risklibrary.net assets.centralbanking.com assets.postonline.co.uk assets.incinsight.com assets.insuranceage.co.uk assets.euinsurancetech.com assets.fx-markets.com assets.risktech-forum.com assets.infopro-insight.com assets.chartis-research.com blob: cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com https://assets.infopro-insight.com https://cdn.jsdelivr.net https://cdn.mathjax.org https://cdnjs.cloudflare.com https://code.highcharts.com https://code.jquery.com https://js.hsforms.net https://polyfill-fastly.io https://polyfill.io https://unpkg.com https://www.google.com platform.instagram.com platform.twitter.com unpkg.com; script-src-elem * 'unsafe-inline'; style-src 'self' 'unsafe-inline' assets.risk.net assets.insurancehound.co.uk assets.waterstechnology.com assets.risklibrary.net assets.centralbanking.com assets.postonline.co.uk assets.incinsight.com assets.insuranceage.co.uk assets.euinsurancetech.com assets.fx-markets.com assets.risktech-forum.com assets.infopro-insight.com assets.chartis-research.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; form-action *; frame-ancestors 'self'; report-uri https://www.centralbanking.com/report-uri/enforce 1
object-src 'none'; img-src data: http: https: cdn-cookieyes.com; script-src http: https: *.structube.com 'self' blob: 'unsafe-inline' *.paypal.com *.moneris.com *.signifyd.com 'unsafe-eval' *.googleapis.com *.gstatic.com *.ggpht.com *.googleusercontent.com *.google.com *.facebook.com *.youtube.com *.youtube-nocookie.com *.doubleclick.net *.getcandid.com *.filepicker.io content-getcandid.netdna-ssl.com *.attn.tv *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.g.doubleclick.net s.pinimg.com bam.nr-data.net cdn-cookieyes.com; style-src 'self' blob: https: 'unsafe-inline' *.structube.com *.typekit.net fonts.googleapis.com; base-uri 'none'; font-src 'self' fonts.gstatic.com *.typekit.net maxcdn.bootstrapcdn.com data:; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.paypal.com *.moneris.com *.google.com *.facebook.com *.youtube-nocookie.com *.doubleclick.net *.g.doubleclick.net *.getcandid.com *.filepicker.io *.signifyd.com view.publitas.com *.virtuo-reality.com acs-server.ps.msignia.com *.structube.com *.pinterest.com s.pinimg.com *.hotjar.com *.ada.support 360.ecom2vr.com *.attn.tv h.online-metrix.net *.paypalobjects.com *.hotjar.io *.pay.google.com *.affirm.ca *.cdn-apple.com; child-src 'self'; frame-ancestors 'self' www.virtuo-reality.com 360.ecom2vr.com; connect-src 'self' data: blob: *.attentivemobile.com *.attn.tv *.getcandid.com *.filepicker.io *.ada.support *.googleapis.com *.gstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ca collector.structube.com *.pinterest.com bam.nr-data.net *.facebook.com cdn.linkedin.oribi.io *.bing.com *.adroll.com *.hotjar.com *.paypal.com wss://*.hotjar.com *.hotjar.io *.affirm.ca *.cookieyes.com cdn-cookieyes.com https://google.com/pay; 1
default-src 'self' data: 'unsafe-inline' *.powerbi.com *.jsdelivr.net *.chargebee.c om *.cloudflare.com *.googleapis.com;; script-src https: 'self' 'unsafe-inline' blob: 'unsafe-eval' fast.wistia.com *.unpkg.com *.powerbi.com *.chargebee.com *.onetrust.com *.googletagmanager.com *.chargebeestatic.com *.cloudfront.net *.amazonaws.com *.gstatic.com *.google.com *.google-analytics.com *.youtube-nocookie.com *.bing.com *.googleleadservices.com *.fast.wistia.net;; object-src 'self'; style-src 'self' data: 'unsafe-inline' *.powerbi.com *.chargebee.com *.jsdelivr.net *.cloudflare.com *.googleapis.com; img-src * data: *.dataguidance.com *.amazonaws.com *.onetrust.com ;; media-src 'self'; frame-src 'self' *.vimeo.com static.addtoany.com *.googletagmanager.com *.chargebee.com *.chargebeestatic.com *.cloudfront.net *.greenhouse.io *.google.com *.powerbi.com *.gstatic.com *.cloudflare.com *.cookielaw.org;; frame-ancestors 'self'; child-src 'self'; font-src https: 'self' data: *.googletagmanager.com fonts.google.com *.googleapis.com *.gstatic.com;; connect-src 'self' data: * cdn.cookielaw.org ;; report-uri /report-csp-violation 1
font-src https: data:; 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; img-src * data: 'unsafe-eval' *.actian.com *.wpengine.com; connect-src *; font-src * data:; media-src * 'unsafe-inline'; frame-ancestors *.actian.com; frame-src *; object-src * data: 'unsafe-eval' 1
default-src https://*.ctfassets.net 'self' blob: feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://tagmanager.google.com https://pghub.io https://*.cookielaw.org https://*.bazaarvoice.com https://*.smartcommerce.co https://*.click2cart.com https://*.algolianet.com https://*.rpxnow.com https://rpxnow.com https://*.segment.com https://*.janrain.com https://*.cloudfront.net https://script.crazyegg.com https://*.facebook.net https://www.facebook.com https://z.moatads.com https://*.adsrvr.org https://pixel.tapad.com https://c.lytics.io https://s.amazon-adsystem.com https://*.pricespider.com https://*.segment.io https://*.click2cart.co https://*.lightboxcdn.com https://*.janraincapture.com https://*.iesnare.com https://*.segmanta.com https://s3.us-west-2.amazonaws.com https://*.google.com/recaptcha/ https://*.google.com https://*.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src 'self' * https: 'unsafe-inline' https://*.click2cart.com https://*.google.com https://*.gstatic.com ; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://*.bootstrapcdn.com https://*.click2cart.com https://c.lytics.io https://*.janrain.com https://*.lightboxcdn.com https://display.ugc.bazaarvoice.com https://*.bazaarvoice.com https://*.segmanta.com https://s3.us-west-2.amazonaws.com https://*.google.com https://*.gstatic.com feed.pghub.io pandg.tapad.com ; media-src https://videos.ctfassets.net data: https://*.google.com https://*.gstatic.com feed.pghub.io pandg.tapad.com ; img-src 'self' https://www.googletagmanager.com https://www.facebook.com https://c.lytics.io https://s.amazon-adsystem.com https://*.lightboxcdn.com https://click2cart.co https://*.click2cart.com https://click2cart.com https://ssl.gstatic.com https://*.amazonaws.com https://*.bazaarvoice.com https://images.ctfassets.net data: https://pixel.tapad.com https://*.alwaysdiscreet.com https://*.cloudfront.net https://www.google.com https://www.google.co.in https://www.google-analytics.com https://*.segmanta.com https://login.windows.net https://*.cookielaw.org https://*.google.com https://*.gstatic.com feed.pghub.io pandg.tapad.com ; font-src https://fonts.gstatic.com data: http://fast.fonts.net https://assets.ctfassets.net https://*.click2cart.com https://*.bootstrapcdn.com https://fonts.googleapis.com https://*.alwaysdiscreet.com https://*.segmanta.com https://*.google.com https://*.gstatic.com feed.pghub.io pandg.tapad.com ; frame-src 'self' https://consumersupport.pg.com https://*.adsrvr.org https://www.facebook.com https://display.ugc.bazaarvoice.com https://stg.api.bazaarvoice.com https://*.api.bazaarvoice.com https://*.bazaarvoice.com https://*.janraincapture.com https://*.segmanta.com https://*.google.com https://*.gstatic.com https://www.youtube-nocookie.com feed.pghub.io pandg.tapad.com ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; 1
object-src 'none'; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.twitter.com *.youtube.com *.vimeo.com *.pagespeed-mod.com *.googletagmanager.com *.gstatic.com *.sharethis.com *.gleap.io *.cloudflare.com *.hotjar.com; img-src 'self' 'unsafe-inline' data: wcirb.com dev-54ta5gq-zy4q7lto4eli2.us.platformsh.site stg-2liatqq-zy4q7lto4eli2.us.platformsh.site *.wcirb.com *.us.platformsh.site  *.facebook.com *.google-analytics.com *.amazonaws.com *.googleapis.com *.addthis.com *.twitter.com *.youtube.com *.vimeo.com *.pagespeed-mod.com *.googletagmanager.com *.sharethis.com *.google.com *.google.com *.google.jo *.gleap.io *.googletagmanager.com *.hotjar.com *.vimeocdn.com; media-src 'self' 'unsafe-inline' *.google.com  *.google-analytics.com *.googleapis.com *.twitter.com *.youtube.com *.vimeo.com *.pagespeed-mod.com *.googletagmanager.com *.gstatic.com *.sharethis.com *.gleap.io *.hotjar.com data: wcirb.com dev-54ta5gq-zy4q7lto4eli2.us.platformsh.site stg-2liatqq-zy4q7lto4eli2.us.platformsh.site *.wcirb.com *.us.platformsh.site  *.facebook.com *.google-analytics.com *.amazonaws.com *.googleapis.com *.addthis.com *.twitter.com *.youtube.com *.vimeo.com *.pagespeed-mod.com *.googletagmanager.com *.sharethis.com *.google.com *.google.com *.gleap.io *.googletagmanager.com; frame-src 'self' 'unsafe-inline' web.wcirb.com *.wcirb.com *.addthis.com *.google.com *.jquery.com *.google-analytics.com *.googleapis.com *.twitter.com *.youtube.com *.facebook.com facebook.com *.youtube.com *.vimeo.com *.pagespeed-mod.com *.googletagmanager.com *.sharethis.com *.gleap.io *.clickdimensions.com *.hotjar.com *.canva.com *.doubleclick.net; frame-ancestors 'self' *.addthis.com *.google.com *.jquery.com *.google-analytics.com *.googleapis.com *.twitter.com *.youtube.com *.facebook.com facebook.com *.youtube.com *.vimeo.com *.pagespeed-mod.com *.googletagmanager.com *.sharethis.com *.gleap.io *.clickdimensions.com *.hotjar.com *.canva.com; child-src 'self' 'unsafe-inline' web.wcirb.com *.wcirb.com *.addthis.com *.google.com *.jquery.com *.google-analytics.com *.googleapis.com *.twitter.com *.youtube.com *.facebook.com facebook.com *.youtube.com *.vimeo.com *.pagespeed-mod.com *.googletagmanager.com *.sharethis.com *.gleap.io *.clickdimensions.com *.hotjar.com *.canva.com *.doubleclick.net; font-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.twitter.com *.youtube.com *.vimeo.com *.pagespeed-mod.com *.googletagmanager.com data *.sharethis.com *.google.com *.gleap.io *.hotjar.com; report-uri /report-csp-violation 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-kbElFPEPp0DUA0vt71FQew=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src https: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src https: data:; 1
default-src 'self' googleads.g.doubleclick.net www.clarity.ms analytics.google.com studiodesigner.my.site.com studiodesigner.my.salesforce-scrt.com; script-src 'self' 'unsafe-inline' assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com www.youtube.com player.vimeo.com fast.wistia.com static.cloudflareinsights.com www.googletagmanager.com https://www.google.com/recaptcha https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://tagmanager.google.com https://*.pinimg.com https://*.pinterest.com https://*.studiodesigner.com https://*.adsrvr.org https://*.clickagy.com https://*.crazyegg.com https://*.zoominfo.com https://*.facebook.net https://*.bing.com https://*.greenhouse.io https://*.calendly.com https://*.zoom.us https://mystudiomedia.wpenginepowered.com/ googleads.g.doubleclick.net www.clarity.ms https://studiodesigner.my.site.com https://studiodesigner.my.salesforce-scrt.com; style-src 'self' 'unsafe-inline' assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com/ https://*.greenhouse.io https://*.calendly.com https://*.zoom.us https://mystudiomedia.wpenginepowered.com/ https://studiodesigner.my.site.com https://studiodesigner.my.salesforce-scrt.com; img-src 'self' 'unsafe-inline' assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com i.ytimg.com 2.gravatar.com secure.gravatar.com i.vimeocdn.com fast.wistia.com data: https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com/ https://www.google.pl https://*.bing.com https://www.facebook.com https://*.clickagy.com https://*.crwdcntrl.net https://*.agkn.com https://*.rlcdn.com https://*.openx.net https://*.sitescout.com https://*.demdex.net https://*.greenhouse.io https://*.doubleclick.net https://*.calendly.com https://*.zoom.us https://mystudiomedia.wpenginepowered.com/ *.clarity.ms www.google.com.vn https://studiodesigner.my.site.com https://studiodesigner.my.salesforce-scrt.com; font-src 'self' data: https://fonts.gstatic.com data: https://mystudiomedia.wpenginepowered.com/; connect-src 'self' vimeo.com pipedream.wistia.com fast.wistia.com distillery.wistia.com embed-cloudfront.wistia.com assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.clickagy.com https://*.crazyegg.com https://*.pinterest.com https://*.doubleclick.net https://www.google.pl https://*.zoominfo.com https://*.bing.com https://*.greenhouse.io https://calendly.com https://*.zoom.us https://mystudiomedia.wpenginepowered.com/ analytics.google.com *.clarity.ms https://studiodesigner.my.site.com https://studiodesigner.my.salesforce-scrt.com; child-src 'self' www.youtube.com player.vimeo.com https://www.google.com https://bid.g.doubleclick.net https://ct.pinterest.com https://insight.adsrvr.org https://*.greenhouse.io https://*.clickagy.com https://www.facebook.com https://calendly.com https://*.zoom.us https://mystudiomedia.wpenginepowered.com/ blob: td.doubleclick.net https://studiodesigner.my.site.com https://studiodesigner.my.salesforce-scrt.com *.adsrvr.org; media-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://webstatistics.apps.cssf.lu/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' https://webstatistics.apps.cssf.lu/ https://*.tile.openstreetmap.org data: ; style-src 'self' 'unsafe-inline'; frame-src https://player.vimeo.com/ https://www.google.com/recaptcha/ https://*.soundcloud.com; connect-src 'self' https://webstatistics.apps.cssf.lu/; font-src 'self' data:; frame-ancestors 'self'; 1
frame-ancestors 'self' https://*.daytonastate.edu https://*.omniupdate.com http://*.omniupdate.com 1
default-src 'self' cityseeker.com data: *.fbcdn.net *.tapayments.com *.viator.com *.tamg.cloud *.accdab.net *.cdn-net.com *.cloudflare.com *.wcities.com *.fbsbx.com *.itstourvideo.tv *.doubleclick.net *.vimeo.com *.youtube.com *.what3words.com *.googletagmanager.com *.google.co.in *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.cityseeker.com *.apple-mapkit.com *.apple.com *.hereapi.com *.googleapis.com *.here.com *.pinterest.com *.cloudfront.net *.rackcdn.com *.resy.com *.twitter.com *.facebook.net *.facebook.com *.googletagmanager.com *.gstatic.com *.googleusercontent.com *.google.com blob: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; frame-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-src 'self' *; 1
default-src https: data:; img-src https: data:; style-src https: 'unsafe-inline'; style-src-elem https: 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline' 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src * https://lla-cms-prod.directus.app; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' https://cwc.kcenter.usu.com https://wss.mnc790.mcc313.pub.3gppnetwork.org:10076; frame-src * https://nebula-cdn.kampyle.com https://libertyglobal.kampyle.com https://optimize.google.com  https://www.youtube.com https://www.google.com https://www.facebook.com https://www.google-analytics.com https://www.googleanalytics.com https://openspeedtest.com https://libertypr.com https://www.libertypr.com https://analytics.libertypr.com; form-action *; worker-src * blob:; 1
script-src blob: 'self' 'unsafe-inline' 'unsafe-eval'  *  https: data data: safari-extension:; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: * https: data: gsa: *.factorydirectcraft.com *; style-src 'self' 'unsafe-inline' *; frame-ancestors https://*.facebook.com 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ruhr.social; img-src 'self' https: data: blob: https://ruhr.social; style-src 'self' https://ruhr.social 'nonce-xBENGTZct/kdUgNDAmG1sw=='; media-src 'self' https: data: https://ruhr.social; frame-src 'self' https:; manifest-src 'self' https://ruhr.social; form-action 'self'; child-src 'self' blob: https://ruhr.social; worker-src 'self' blob: https://ruhr.social; connect-src 'self' data: blob: https://ruhr.social https://media.ruhr.social wss://ruhr.social; script-src 'self' https://ruhr.social 'wasm-unsafe-eval' 1
default-src 'self'; connect-src 'self' 'unsafe-inline' https: wss:; font-src 'self' 'unsafe-inline' https: data:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; worker-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:; img-src 'self' data: https:; frame-src 'self' https:; 1
default-src 'self' data: gap: content: blob: ws: wss: xuntong: v9bridge: cloudhub: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: blob: *; frame-ancestors 'self' *.ik3cloud.com *.kdcloud.com *.kingdee.com *.yunzhijia.com *.piaozone.com 1
frame-ancestors 'self' https://*.gameup.ir http://*.gameup.ir https://gameup.ir http://gameup.ir 1
frame-ancestors 'self' *.ariba.com; 1
frame-ancestors 'self' *.stedi.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.cloudflare.com https://widget-cdn.boxnow.gr https://static.addtoany.com/ https://trc.taboola.com/ https://cdn.taboola.com/ *.cloudflareinsights.com https://scripts.bestprice.gr https://static.cloudflareinsights.com https://tpc.googlesyndication.com https://analytics.tiktok.com  https://www.appocalypsis.com https://sc-static.net https://tr.snapchat.com https://v2.zopim.com *.ubembed.com *.skroutz.gr https://skroutza.skroutz.gr *.zdassets.com/ *.hotjar.com https://apis.google.com https://www.gstatic.com https://z.moatads.com https://s7.addthis.com https://m.addthis.com https://analytics.skroutz.gr https://skroutza.skroutz.gr https://360.bestprice.gr https://www.bestprice.gr https://www.glami.gr https://region1.google-analytics.com https://cdn.stat-track.com/ https://assets.citrusad.net https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://script.crazyegg.com https://go.linkwi.se https://trustmark.gr https://www.youtube.com https://script.crazyegg.com https://insurance.e-satisfaction.gr; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://use.typekit.net/lgl0exs.css https://p.typekit.net https://cdn.jsdelivr.net https://fonts.googleapis.com; object-src 'self'; img-src 'self' data: https://www.maxstores.gr  https://maxstores.staginglh.com https://local.maxstores.gr https://maxstores.test.devlh.com https://maxstores.gr https://fonts.gstatic.com https://www.googletagmanager.com https://www.appocalypsis.com *.appocalypsis.com *.cdninstagram.com *.skroutza.skroutz.gr *.youtube.com https://i.ytimg.com https://www.glami.gr  https://skroutza.skroutz.gr https://www.facebook.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.google.gr https://www.google.com.tr https://trustmark.gr; font-src 'self' data: *.typekit.net https://fonts.gstatic.com; connect-src 'self' https://psb.taboola.com https://googleads.g.doubleclick.net https://trc-events.taboola.com/ https://tr6.snapchat.com/ https://analytics.tiktok.com https://pagead2.googlesyndication.com https://tr.snapchat.com *.analytics.google.com wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com wss://ws8.hotjar.com wss://ws9.hotjar.com wss://ws10.hotjar.com wss://ws11.hotjar.com wss://ws12.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com wss://ws15.hotjar.com wss://ws16.hotjar.com wss://ws17.hotjar.com wss://ws18.hotjar.com wss://ws19.hotjar.com wss://ws20.hotjar.com wss://ws21.hotjar.com wss://ws22.hotjar.com wss://ws23.hotjar.com wss://ws24.hotjar.com wss://ws25.hotjar.com wss://ws26.hotjar.com wss://ws27.hotjar.com wss://ws28.hotjar.com wss://ws29.hotjar.com wss://ws30.hotjar.com wss://ws31.hotjar.com wss://ws32.hotjar.com wss://ws33.hotjar.com wss://ws34.hotjar.com wss://ws35.hotjar.com wss://ws36.hotjar.com wss://ws37.hotjar.com wss://ws38.hotjar.com wss://ws39.hotjar.com wss://ws40.hotjar.com wss://ws41.hotjar.com wss://ws42.hotjar.com wss://ws43.hotjar.com wss://ws44.hotjar.com wss://ws45.hotjar.com wss://ws46.hotjar.com wss://ws47.hotjar.com wss://ws48.hotjar.com wss://ws49.hotjar.com wss://ws50.hotjar.com wss://ws51.hotjar.com wss://ws52.hotjar.com wss://ws53.hotjar.com wss://ws54.hotjar.com wss://ws55.hotjar.com wss://ws56.hotjar.com wss://ws57.hotjar.com wss://ws58.hotjar.com wss://ws59.hotjar.com wss://ws60.hotjar.com wss://ws61.hotjar.com wss://ws62.hotjar.com wss://ws63.hotjar.com wss://ws64.hotjar.com wss://ws65.hotjar.com wss://ws66.hotjar.com wss://ws67.hotjar.com wss://ws68.hotjar.com wss://ws69.hotjar.com wss://ws70.hotjar.com wss://ws71.hotjar.com wss://ws72.hotjar.com wss://ws73.hotjar.com wss://ws74.hotjar.com wss://ws75.hotjar.com wss://ws76.hotjar.com wss://ws77.hotjar.com wss://ws78.hotjar.com wss://ws79.hotjar.com wss://ws80.hotjar.com wss://ws81.hotjar.com wss://ws82.hotjar.com wss://ws83.hotjar.com wss://ws84.hotjar.com wss://ws85.hotjar.com wss://ws86.hotjar.com wss://ws87.hotjar.com wss://ws88.hotjar.com wss://ws89.hotjar.com wss://ws90.hotjar.com wss://ws91.hotjar.com wss://ws92.hotjar.com wss://ws93.hotjar.com wss://ws94.hotjar.com wss://ws95.hotjar.com wss://ws96.hotjar.com wss://ws97.hotjar.com wss://ws98.hotjar.com wss://ws99.hotjar.com *.hotjar.io  *.hotjar.com *.zdassets.com https://www.youtube.com https://www.bestprice.gr https://s7.addthis.com https://m.addthis.com https://forms.m-pages.com https://t.stat-track.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com *.google.com; frame-src *; media-src 'self' 1
default-src 'self' *.b-cdn.net *.s3.amazonaws.com curatorio.s3.amazonaws.com *.twimg.com *.streamlock.net streamlock.net *.issuu.com *.wiley.tools; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.smsu.edu bot.ivy.ai tr.snapchat.com *.technolutions.net *.monsido.com *.curator.io curator.io *.cludo.com cludo.com *.wowza.com *.kaltura.com *.googletagmanager.com *.google-analytics.com google.com *.google.com https://www.google.com *.googleadservices.com googleadservices.com *.googleapis.com *.facebook.net *.facebook.com *.youtube.com *.youtu.be *.twitter.com *.twimg.com *.libcal.com *.tagul.com *.issuu.com *.libapps.com cdn.yoshki.com yoshki.com *.doubleclick.net youvisit.com *.youvisit.com *.wordart.com live.clive.cloud sc-static.net freya.embed.edu.help freya.distro.edu.help *.wiley.tools *.edu.help; style-src 'self' 'unsafe-inline' *.smsu.edu *.curator.io curator.io *.cludo.com cludo.com *.kaltura.com *.googletagmanager.com *.google-analytics.com *.google.com https://www.google.com *.googleapis.com *.facebook.net *.facebook.com *.youtube.com *.youtu.be *.twitter.com *.twimg.com *.libcal.com libcal.com *.technolutions.net *.edu.help; frame-src 'self' *.podbean.com podbean.com bot.ivy.ai *.tableagent.com tableagent.com *.snapchat.com *.soundcloud.com *.streamlock.net streamlock.net *.studio1.smsu.edu studio1.smsu.edu kaltura.com *.kaltura.com *.youtube.com *.youtu.be *.candidcareer.com *.askadmissions.net *.facebook.com *.governmentjobs.com *.google.com *.issuu.com libraryh3lp.com *.libraryh3lp.com *.libcal.com libcal.com studio1tv.ddns.net cdn.yoshki.com yoshki.com credly.com *.credly.com *.googleadservices.com googleadservices.com twitter.com *.twitter.com youvisit.com *.youvisit.com *.doubleclick.net sc-static.net; child-src 'self' kaltura.com *.kaltura.com *.youtube.com *.youtu.be *.candidcareer.com *.askadmissions.net *.facebook.com *.governmentjobs.com *.googlecom *.issuu.com libraryh3lp.com *.libraryh3lp.com *.libcal.com studio1tv.ddns.net cdn.yoshki.com yoshki.com *.googleadservices.com googleadservices.com twitter.com *.twitter.com youvisit.com *.youvisit.com;object-src 'self'; img-src * data:; connect-src 'self' *.smsu.edu content.edu.help *.googlesyndication.com smsu.libcal.com *.snapchat.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.clive.cloud *.cludo.com cludo.com *.streamlock.net streamlock.net google.com *.google.com twitter.com *.twitter.com *.facebook.com facebook.com *.curator.io curator.io *.wiley.tools *.edu.help; font-src 'self' fonts.gstatic.com bot.ivy.ai *.curator.io curator.io data: ; frame-ancestors 'self' *.facebook.com *.libcal.com libcal.com *.qualtrics.com qualtrics.com; 1
frame-ancestors 'self' https://www.leedonline.com https://leedonline-api.usgbc.org 1
frame-ancestors https://*.kneipp.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://breeze.town; img-src 'self' https: data: blob: https://breeze.town; style-src 'self' https://breeze.town 'nonce-Rfn2/fpDAnKHygr1zTuEuA=='; media-src 'self' https: data: https://breeze.town; frame-src 'self' https:; manifest-src 'self' https://breeze.town; connect-src 'self' data: blob: https://breeze.town https://truevault01.breezetech.solutions:9000/minio/breezetown wss://breeze.town; script-src 'self' https://breeze.town; child-src 'self' blob: https://breeze.town; worker-src 'self' blob: https://breeze.town 1
frame-ancestors secure.livechatinc.com www.youtube.com www.google.com widget.clym-sdk.net 'self'; frame-src analytics.clickdimensions.com *.doubleclick.net *.dynamics.com secure.livechatinc.com www.youtube.com www.google.com widget.clym-sdk.net 'self'; 1
connect-src 'self' *.zagrio.com *.google-analytics.com *.clarity.ms; font-src 'self' *.zagrio.com *.googleapis.com *.gstatic.com; frame-src 'self' *.youtube.com *.vimeo.com *.spotify.com *.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zagrio.com *.clarity.ms *.google-analytics.com *.cloudflareinsights.com *.googletagmanager.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zagrio.com *.googleapis.com; frame-ancestors 'self'; img-src 'self' data: https:; manifest-src 'self'; media-src 'self'; object-src 'self'; worker-src 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com *.google.com *.googleapis.com *.gstatic.com www.google.ca *.doubleclick.net cdn.jsdelivr.net static.olark.com connect.facebook.net static.itrac.it *.itracmediav4.com snap.licdn.com *.clarity.ms *.tctm.co acuityplatform.com *.linkedin.com www.facebook.com x.clarity.ms pixel.tapad.com pixel.advertising.com x.bidswitch.net *.olark.com *.analytics.yahoo.com match.adsrvr.org match.sharethrough.com *.bing.com www.youtube.com *.itmems.com *.bambora.com *.addthis.com cdn.linkedin.oribi.io *.srv.stackadapt.com qvdt3feo.com; img-src * data:; object-src 'self'; font-src 'self' static.olark.com fonts.gstatic.com data:; frame-ancestors https://www.google.com https://static.olark.com https://www.bayshore.ca; base-uri 'self' 1
default-src https: https://*.landstar.com; script-src 'unsafe-inline' 'unsafe-eval' https: https://*.landstar.com; style-src 'unsafe-inline' https:; img-src https: data:; font-src https: data: 1
frame-ancestors 'self' us.hivebrite.com 1
frame-ancestors www.hawk.de piwik.hawk.de 1
frame-ancestors 'self' https://analytics.forum-media.com https://desk.forum-verlag.com https://www.desk.forum-verlag.com; 1
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeo.com *.googleapis.com *.hs-scripts.com js.hs-banner.com js.hs-analytics.net static.cloudflareinsights.com cdn.unibuddy.co *.zmags.com *.crazyegg.com cdn.lightwidget.com *.addtoany.com static.zdassets.com *.googletagmanager.com *.google-analytics.com snap.licdn.com  *.linkedin.com *.google.com *.gstatic.com code.jquery.com *.newrelic.com cdn.ckeditor.com js.hsforms.net static.addtoany.com forms.hsforms.com svc.webspellchecker.net www.clarity.ms js.hsadspixel.net connect.facebook.net ajax.cloudflare.com https://js.usemessages.com/conversations-embed.js *.tiktok.com www.youtube.com bam.nr-data.net api.smooch.io; object-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.googleapis.com static.addtoany.com cdn.ckeditor.com svc.webspellchecker.net; img-src * data:; media-src *; frame-src 'self' *.vimeo.com *.youtube.com lightwidget.com static.addtoany.com *.google.com cdn.lightwidget.com js.hsforms.net player.simplecast.com forms.hsforms.com ucsappointments.youcanbook.me banepay.aus.edu forms.aus.edu www.podbean.com my.matterport.com app.hubspot.com; frame-ancestors 'self'; child-src 'self' 'unsafe-inline'; font-src *; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' *.analytics.google.com *.google.com *.google-analytics.com *.amazonaws.com; img-src 'self' 'unsafe-inline' * data: www.w3.org;frame-src 'self' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net staticcontents.investis.com vars.hotjar.com in.hotjar.com *.fls.doubleclick.net www.youtube.com www.google.com irs.tools.investis.com otp.tools.investis.com ir.tools.investis.com players.brightcove.net *.webvideocore.net *.smartrecruiters.com *.investis.com cdgwebsites.com *.doubleclick.net;style-src 'self' 'unsafe-inline' 'unsafe-eval' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net staticcontents.investis.com tagmanager.google.com viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com cdnjs.cloudflare.com *.idigitalcontents.com fast.fonts.net *.webvideocore.net *.smartrecruiters.com *.investis.com *.onetrust.com;font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com tagmanager.google.com *.idigitalcontents.com *.webvideocore.net *.smartrecruiters.com *.investis.com *.onetrust.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.analytics.google.com *.google.com *.google-analytics.com *.amazonaws.com staticcontents.investis.com cdn.cookielaw.org viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com *.googletagmanager.com *.google-analytics.com cdn.cookielaw.org connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com edge.api.brightcove.com *.googleapis.com tagmanager.google.com stats.g.doubleclick.net *.investisdigital.com googleads.g.doubleclick.net googleadservices.com cdn.jsdelivr.net cdnjs.cloudflare.com facebook.com www.gstatic.com pi.pardot.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com www.youtube.com *.vimeo.com *.webvideocore.net *.smartrecruiters.com *.investis.com *.jsdelivr.com *.jsdelivr.net *.go-mpulse.net *.googleadservices.com *.onetrust.com;media-src 'self' *.brightcove.com *.brightcovecdn.com *.investis.com;connect-src 'self' *.analytics.google.com *.google.com *.google-analytics.com *.facebook.net *.facebook.com region1.google-analytics.com cdn.cookielaw.org viz.tools.investis.com *.investisdigital.com edge.api.brightcove.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net *.googleapis.com *.investis.com *.jsdelivr.com *.jsdelivr.net *.go-mpulse.net *.akstat.io *.akamaihd.net *.onetrust.com;base-uri 'none'; form-action 'self'; 1
default-src 'self' data: https://bitrix.info:* https://*.bitrix.info:* https://*.bitrix24.ru:* https://mc.yandex.ru:* https://mc.yandex.md:* https://*.maps.yandex.net https://api-maps.yandex.ru https://yastatic.net:* https://yandexcloud.net:* https://*.yandexcloud.net:* https://music.yandex.ru:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://*.gstatic.com:* https://*.googleapis.com:* https://*.googletagmanager.com:* https://stats.g.doubleclick.net:* https://analytics.google.com:* https://www.google.ru:* https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api2/ *.google-analytics.com *.analytics.google.com https://www.google.com/ads/ga-audiences:* https://*.youtube.com:* https://gazprombank.investments:* https://vk.com:* https://*.facebook.net:* https://*.facebook.com:* https://facecast.net:* https://ad.adriver.ru:* https://content.adriver.ru:* https://top-fwz1.mail.ru:* https://st.top100.ru:* https://*.adhigh.net:* https://newton.investments:*;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bitrix.info:* https://*.bitrix.info:* https://*.bitrix24.ru:* https://mc.yandex.ru:* https://mc.yandex.md:* https://*.maps.yandex.net https://api-maps.yandex.ru https://yastatic.net:* https://yandexcloud.net:* https://*.yandexcloud.net:* https://music.yandex.ru:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://*.gstatic.com:* https://*.googleapis.com:* https://*.googletagmanager.com:* https://stats.g.doubleclick.net:* https://analytics.google.com:* https://www.google.ru:* https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api2/ *.google-analytics.com *.analytics.google.com https://www.google.com/ads/ga-audiences:* https://*.youtube.com:* https://gazprombank.investments:* https://vk.com:* https://*.facebook.net:* https://*.facebook.com:* https://facecast.net:* https://ad.adriver.ru:* https://content.adriver.ru:* https://top-fwz1.mail.ru:* https://st.top100.ru:* https://*.adhigh.net:* https://newton.investments:* ;style-src 'self' 'unsafe-inline'  https://bitrix.info:* https://*.bitrix.info:* https://*.bitrix24.ru:* https://mc.yandex.ru:* https://mc.yandex.md:* https://*.maps.yandex.net https://api-maps.yandex.ru https://yastatic.net:* https://yandexcloud.net:* https://*.yandexcloud.net:* https://music.yandex.ru:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://*.gstatic.com:* https://*.googleapis.com:* https://*.googletagmanager.com:* https://stats.g.doubleclick.net:* https://analytics.google.com:* https://www.google.ru:* https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api2/ *.google-analytics.com *.analytics.google.com https://www.google.com/ads/ga-audiences:* https://*.youtube.com:* https://gazprombank.investments:* https://vk.com:* https://*.facebook.net:* https://*.facebook.com:* https://facecast.net:* https://ad.adriver.ru:* https://content.adriver.ru:* https://top-fwz1.mail.ru:* https://st.top100.ru:* https://*.adhigh.net:* https://newton.investments:* ;img-src 'self' blob: data: https://bitrix.info:* https://*.bitrix.info:* https://*.bitrix24.ru:* https://mc.yandex.ru:* https://mc.yandex.md:* https://*.maps.yandex.net https://api-maps.yandex.ru https://yastatic.net:* https://yandexcloud.net:* https://*.yandexcloud.net:* https://music.yandex.ru:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://*.gstatic.com:* https://*.googleapis.com:* https://*.googletagmanager.com:* https://stats.g.doubleclick.net:* https://analytics.google.com:* https://www.google.ru:* https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api2/ *.google-analytics.com *.analytics.google.com https://www.google.com/ads/ga-audiences:* https://*.youtube.com:* https://gazprombank.investments:* https://vk.com:* https://*.facebook.net:* https://*.facebook.com:* https://facecast.net:* https://ad.adriver.ru:* https://content.adriver.ru:* https://top-fwz1.mail.ru:* https://st.top100.ru:* https://*.adhigh.net:* https://newton.investments:*;font-src 'self' data: https://bitrix.info:* https://*.bitrix.info:* https://*.bitrix24.ru:* https://mc.yandex.ru:* https://mc.yandex.md:* https://*.maps.yandex.net https://api-maps.yandex.ru https://yastatic.net:* https://yandexcloud.net:* https://*.yandexcloud.net:* https://music.yandex.ru:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://*.gstatic.com:* https://*.googleapis.com:* https://*.googletagmanager.com:* https://stats.g.doubleclick.net:* https://analytics.google.com:* https://www.google.ru:* https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api2/ *.google-analytics.com *.analytics.google.com https://www.google.com/ads/ga-audiences:* https://*.youtube.com:* https://gazprombank.investments:* https://vk.com:* https://*.facebook.net:* https://*.facebook.com:* https://facecast.net:* https://ad.adriver.ru:* https://content.adriver.ru:* https://top-fwz1.mail.ru:* https://st.top100.ru:* https://*.adhigh.net:* https://newton.investments:*; 1
default-src 'self' *.solidifi.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jobvite.com ipinfo.io *.solidifi.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.addthis.com *.addthisedge.com *.pardot.com https://static.cloudflareinsights.com/beacon.min.js *.moatads.com acsbapp.com https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317 static.addtoany.com; style-src 'self' 'unsafe-inline' *.solidifi.com https://hello.myfonts.net/count/4a0ff9; object-src 'none'; connect-src 'self' *.solidifi.com *.google-analytics.com *.addthis.com https://stats.g.doubleclick.net *.acsbapp.com acsbapp.com analytics.google.com; font-src 'self' *.acsbapp.com acsbapp.com data:; media-src 'self' *.dropbox.com *.dropboxusercontent.com *.solidifi.com *.acsbapp.com; img-src 'self' data: *.solidifi.com *.google-analytics.com *.gstatic.com *.googleapis.com *.google.com *.ggpht.com https://www.google.ca *.acsbapp.com https://acsbapp.com; frame-src 'self' player.vimeo.com *.jobvite.com *.addthis.com acsbapp.com accounts.accessibe.com https://static.addtoany.com; frame-ancestors 'self' *.solidifi.com; upgrade-insecure-requests; form-action 'self' *.solidifi.com; report-uri https://solidifi.report-uri.com/r/d/csp/enforce 1
default-src 'self' https://*.wistia.com https://*.wistia.net;       child-src blob:;       script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app-sj31.marketo.com/ https://www.juicer.io/ http://go.craneware.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://cc.cdn.civiccomputing.com/ https://region1.google-analytics.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://tools.eurolandir.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://player.vimeo.com/api/player.js http://tools.euroland.com/tools/common/eurolandiframeautoheight/eurolandtoolsintegrationobject.js https://assets.calendly.com/;       media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net;       font-src 'self' data: https://fast.wistia.net/ https://static.juicer.io/fonts/ https://*.wistia.com https://fonts.googleapis.com/ https://fonts.gstatic.com/ ;       style-src 'self' 'unsafe-inline' blob: https://app-sj31.marketo.com/ https://www.juicer.io/ http://go.craneware.com https://fast.wistia.com https://fonts.googleapis.com/ https://assets.calendly.com/;       connect-src 'self' https://analytics.google.com/ https://fast.wistia.net/ http://craneware.emperordev.com/ https://*.litix.io https://region1.analytics.google.com https://region1.google-analytics.com/ https://*.wistia.com https://embedwistia-a.akamaihd.net https://clapi.civiccomputing.com/ https://apikeys.civiccomputing.com/ https://our.umbraco.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://maps.googleapis.com/ ;       frame-src 'self' data: https://x.com/ https://twitter.com/ https://www.linkedin.com/ https://www.facebook.com/ https://craneware.my.salesforce-sites.com/ https://craneware.secure.force.com/ https://www.juicer.io/ http://go.craneware.com https://fast.wistia.com https://fast.wistia.net https://craneware.wistia.com/ https://tools.eurolandir.com/ https://fast.wistia.net/ https://player.vimeo.com/ https://www.youtube.com/ https://www.google.com/ https://calendly.com/;       img-src 'self' data: https://www.google.rs/ https://media.licdn.com/dms/ http://go.craneware.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://www.google.com/ https://dashboard.umbraco.org/ https://www.google-analytics.com/ https://public.craneware.com/ https://www.googletagmanager.com/ https://assets.calendly.com/;      frame-ancestors 'self' https://www.linkedin.com/;       worker-src 'self' blob: 1
default-src 'self' https://*.lpsnmedia.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.ipify.org *.googleapis.com *.gstatic.com  *.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://horizonbank-507817.workflowcloud.com/ https://apply5.lumessetalentlink.com/ https://cdn-ui.lumessetalentlink.com/ https://code.jquery.com/ https://www.youtube.com/ https://*.liveperson.net/ https://*.lpsnmedia.net/ http://s7.addthis.com/ https://lpcdn.lpsnmedia.net/ https://va.v.liveperson.net/ https://www.youtube.com/ https://syndication.twitter.com/ https://s.ytimg.com/ https://publish.twitter.com/ https://z.moatads.com/ https://v1.addthisedge.com/ https://m.addthis.com/ https://www.googletagmanager.com/ https://api-public.addthis.com/ https://cds-sdkcfg.onlineaccess1.com/ www.googleadservices.com *.bing.com http://siteimproveanalytics.com googleads.g.doubleclick.net *.googleadservices.com  *.doubleclick.net *.bing.com js.adsrvr.org *.adsrvr.org https://*.ggpht.com *.googleusercontent.com blob: https://emea3.recruitmentplatform.com/ *.edgepilot.com https://cucalc.org/ choozle.com .ensighten.com .adsrv.org cs.choozle.com nexus.ensighten.com match.adsrvr; style-src 'self' 'unsafe-inline' www.googletagmanager.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://apply5.lumessetalentlink.com/ https://cdn-ui.lumessetalentlink.com/  https://fonts.googleapis.com https://emea5-foc.lumessetalentlink.com/ https://emea3.recruitmentplatform.com/ https://cucalc.org/ https://*.lpsnmedia.net https://*.liveperson.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://apply5.lumessetalentlink.com/ https://cdn-ui.lumessetalentlink.com/ https://fonts.gstatic.com https://emea3.recruitmentplatform.com/; img-src 'self' ups.analytics.yahoo.com https://data.adxcel-ec2.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com maps.google.com platform.tumblr.com www.redditstatic.com www.linkedin.com https://static.licdn.com/ https://dec.azureedge.net https://www.horizonbank.com/ *.insight.sitefinity.com *.dec.sitefinity.com https://*.lpsnmedia.net/ *.google.com/ *.googletagmanager.com bat.bing.com *.siteimproveanalytics.io googleads.g.doubleclick.net divisiond-82-adswizz.attribution.adswizz.com www.googleadservices.com insight.adsrvr.org *.fls.doubleclick.net  *.adsrvr.org *.adswizz.com horizonbank.com  *.doubleclick.net *.googleadservices.com *.googletagmanager.com *.bing.com *.doubleclick.net; media-src 'self' data: blob: https://*.lpsnmedia.net/ *.googleusercontent.com; frame-src 'self' *.adsrvr.org *.lpsnmedia.net https://www.youtube.com/ https://youtu.be/ https://horizonbank-507817.workflowcloud.com/ https://gbo-app-znc.nintex.io/ https://*.liveperson.net/ https://*.google.com/ https://*.lpsnmedia.net; child-src 'self' data: blob: https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://horizonbank-507817.workflowcloud.com/ https://gbo-app-znc.nintex.io/ maps.google.com www.google.com https://*.lpsnmedia.net/ https://s7.addthis.com/ https://*.liveperson.net bid.g.doubleclick.net *.fls.doubleclick.net  *.doubleclick.net; connect-src 'self' analytics.google.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com bankonline.horizonbank.com https://apply5.lumessetalentlink.com/ https://emea5-foc.lumessetalentlink.com/ wss://va.msg.liveperson.net/ https://*.liveperson.net https://www.google-analytics.com/ https://stats.g.doubleclick.net/ bat.bing.com *.addthis.com https://*.googleapis.com *.google.com https://*.gstatic.com https://*.lpsnmedia.net wss://*.liveperson.net data: blob:; 1
frame-ancestors 'self' https://royalcopenhagen.nordicmediaplay.dk 1
default-src 'self' https://medieninhalte.edeka/; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.friendlycaptcha.com/ *.awswaf.com; worker-src 'self' blob:; child-src 'self' blob:; connect-src https://api.friendlycaptcha.com/ https://dev.login.edeka/ https://test.login.edeka/ https://login.edeka/ *.awswaf.com; 1
frame-ancestors 'self' *.doubleclick.net *.mathtag.com *.paymentexpress.com *.facebook.com *.dataweavers.io staticcdn.co.nz *.youtube.com *.trustpower.co.nz *.windcave.com *.inside-graph.com; frame-src 'self' *.doubleclick.net *.mathtag.com *.paymentexpress.com *.facebook.com *.dataweavers.io staticcdn.co.nz *.youtube.com *.trustpower.co.nz *.windcave.com *.inside-graph.com; 1
frame-ancestors 'self' https://businessdesk.co.nz https://*.businessdesk.co.nz https://nzme.co.nz https://*.nzme.co.nz https://nzherald.co.nz https://*.nzherald.co.nz 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com client.crisp.chat; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com client.crisp.chat; script-src 'self' 'unsafe-inline' 'unsafe-eval' client.crisp.chat app.pipe.co https://stats.pipe.co/ app.sgwidget.com; frame-src 'self' customer-j1xcshlu429cayr4.cloudflarestream.com; connect-src 'self' app.pipe.co https://stats.pipe.co/ wss://client.relay.crisp.chat client.crisp.chat storage.crisp.chat yoast.com; img-src 'self' data: image.crisp.chat client.crisp.chat storage.crisp.chat secure.gravatar.com; worker-src 'self' blob:; media-src 'self' storage.crisp.chat; 1
default-src 'self' ; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.systra.com *.google.com *.hotjar.com *.gstatic.com *.googletagmanager.com *.google-analytics.com js.hs-scripts.com js.hsforms.net js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net https://cdn.userway.org https://snap.licdn.com https://chimpstatic.com https://www.clarity.ms; style-src 'self' 'unsafe-inline' *.youtube.com ; form-action 'self' places-dsn.algolia.net *.algolianet.com *.hsforms.com https://login.microsoftonline.com https://career2.successfactors.eu ; img-src 'self' track.hubspot.com *.hsforms.com maps.wikimedia.org *.systra.com *.google-analytics.com secure.gravatar.com s.w.org data: https://tile.openstreetmap.org *.basemaps.cartocdn.com ; font-src 'self' data:;frame-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.hsforms.com ; connect-src 'self' *.systra.com *.google-analytics.com forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com forms.hscollectedforms.net; 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; connect-src * 'self' *.firebaseapp.com wss://*.firebaseio.com * 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https:; frame-ancestors 'self'; 1
img-src rosneft-azs.ru 'self' *.yandex.ru *.maps.yandex.net blob: data:; media-src rosneft-azs.ru; connect-src rosneft-azs.ru *.yandex.ru; font-src rosneft-azs.ru data:; default-src rosneft-azs.ru 'self' *.vk.com vk.com; script-src rosneft-azs.ru 'unsafe-inline' 'unsafe-eval' 'self' yastatic.net *.maps.yandex.net *.yandex.ru api-maps.yandex.ru *.vk.com vk.com; style-src rosneft-azs.ru 'unsafe-inline' 'self'; frame-ancestors rosneft-azs.ru 'self' *.vk.com vk.com; frame-src rosneft-azs.ru 'self' *.vk.com vk.com *.yandex.ru; base-uri rosneft-azs.ru 'self'; object-src 'none'; 1
default-src https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https: data: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://roamresearch.com https://*.roamresearch.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.segmint.net *.insureio.com *.siteimproveanalytics.io siteimproveanalytics.com googletagmanager.com *.googletagmanager.com googleapis.com *.googleapis.com google-analytics.com *.google-analytics.com adservice.google.com *.googleadservices.com *.google.com *.gstatic.com *.doubleclick.net wesbanco.learnbanzai.com teachbanzai.com *.banzai.org banzai.org bat.bing.com *.facebook.net *.facebook.com *.adsymptotic.com linkedin.com *.linkedin.com snap.licdn.com *.youtube.com cdn.jsdelivr.net *.tiktok.com; child-src *.segmint.net *.insureio.com *.doubleclick.net *.fundsxpress.com *.google.com wesbanco.locatorsearch.com youtu.be youtube.com *.youtube.com player.vimeo.com player-telemetry.vimeo.com *.vimeocdn.com vimeo.com cdn.jsdelivr.net demos.wesbanco.com webchat.wesbanco.com *.mortgagewebcenter.com *.locatorsearch.net; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com wss://*.zopim.com http://*.hotjar.com:* http://*.hotjar.io http://*.googletagmanager.com http://*.google-analytics.com http://*.gstatic.com http://*.googleapis.com http://*.youtube.com http://*.facebook.com http://*.facebook.net http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://*.clarovideo.net http://*.claromusica.com http://*.adsrvr.org http://*.claropr.com https://*.hotjar.com:* https://*.hotjar.io https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://*.ads-twitter.com https://*.twitter.com https://t.co https://www.google.com https://*.doubleclick.net https://*.adform.net https://*.clarovideo.net https://*.claromusica.com https://*.adsrvr.org https://*.claropr.com https://fonts.gstatic.com https://empresas.claropr.com https://mt0.google.com https://mt1.google.com https://mt2.google.com https://mt3.google.com https://*.userway.org https://api-prod-pr.prod.clarodigital.net https://api-prod-general.prod.clarodigital.net https://code.jquery.com https://cdnjs.cloudflare.com https://*.caspio.com https://*.clarity.ms https://www.google.com.mx; media-src mediastream:; 1
frame-ancestors *.hss.com *.hsstraining.com 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' *.pricespider.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: unpkg.com *.googletagmanager.com *.google-analytics.com *.pricespider.com pghub.io *.doubleclick.net *.facebook.net *.youtube.com *.bazaarvoice.com cdnjs.cloudflare.com feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; frame-src 'self' *.tapad.com *.doubleclick.net *.facebook.com *.youtube.com consumersupport.pg.com feed.pghub.io ; img-src 'self' data: images.ctfassets.net *.ctfassets.net *.tapad.com *.facebook.com *.ytimg.com *.pricespider.com *.bazaarvoice.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io ; connect-src 'self' *.doubleclick.net *.google-analytics.com *.bazaarvoice.com *.ctfassets.net *.pricespider.com blob: *.contentful.com privacytermsprod.azureedge.net feed.pghub.io pandg.tapad.com ; media-src *.ctfassets.net feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default.src 'self'; 1
script-src 'self' td.doubleclick.net googleads.g.doubleclick.net adsrvr.org js.adsrvr.org maps.googleapis.com cdn.prod.website-files.com cdn.prod.website-files.com assets-global.website-files.com twitter.github.io translate.google.com d3e54v103j8qbb.cloudfront.net translate.googleapis.com www.googletagmanager.com zc-zoomcare-com-v5.s3-us-west-2.amazonaws.com cdn.jsdelivr.net *.adroll.com bat.bing.com connect.facebook.net a.quora.com ads.nextdoor.com tags.srv.stackadapt.com translate-pa.googleapis.com scripts.postie.com *.redditstatic.com *.reddit.com collector-22363.us.tvsquared.com collector-34521.us.tvsquared.com/tv2track.js analytics.tiktok.com cdn.bc0a.com ajax.googleapis.com *.google-analytics.com cdnjs.cloudflare.com d2p22nex8covni.cloudfront.net *.b0e8.com static.zdassets.com 'unsafe-eval' 'unsafe-inline'; object-src 'none'; base-uri 'self'; frame-src td.doubleclick.net insight.adsrvr.org *.mendvip.com *.google.com cdn.embedly.com okta-prod.zoomcare.com *.solvhealth.com 1
worker-src blob:; script-src 'self' blob: assets.adobedtm.com www.allegion.com code.metalocator.com kryptonite.inbenta.com maps.googleapis.com connect.facebook.net cdn.cookielaw.org www.gstatic.com s.ytimg.com www.google.com www.googletagmanager.com www.google-analytics.com privacyportal-cdn.onetrust.com www.calendarwiz.com sdk.inbenta.io cdn.inbenta.io api.inbenta.io snap.licdn.com static.hotjar.com script.hotjar.com hackerone.com developerportal.blob.core.windows.net by2.uservoice.com metrics.allegion.com 'unsafe-eval' 'unsafe-inline' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com *.google-analytics.com *.analytics.google.com analytics.google.com tpc.googlesyndication.com www.googletagmanager.com tagmanager.google.com www.gstatic.com players.brightcove.net app-lon09.marketo.com vjs.zencdn.net cdn.ampproject.org adservice.google.com sadmin.brightcove.com www.eventbrite.com cdn.mouseflow.com optimize.google.com www.googleadservices.com thedeal.com metrics.brightcove.com secure.gravatar.com pagead2.googlesyndication.com dify.wpengine.com ssl.gstatic.com fonts.googleapis.com yoast.com fonts.gstatic.com w.soundcloud.com edge.api.brightcove.com *.boltdns.net *.brightcovecdn.com *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net o2.mouseflow.com *.euromoneyplc.com ps.w.org my.wpengine.com www.googletagservices.com *.googlesyndication.com www.buzzsprout.com cdn.shortpixel.ai snap.licdn.com px.ads.linkedin.com p.adsymptotic.com s.w.org *.pardot.com bankingfinance.euromoney.com *.thedeal.com code.jquery.com cdn.jsdelivr.net *.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.linkedin.oribi.io *.doubleclick.net *.g.doubleclick.net www.google.co.uk js.zi-scripts.com ws-assets.zoominfo.com ws.zoominfo.com blob: data: 1
default-src 'self' whatsapp:; connect-src https://*.tote.digital https://*.tote.rocks https://*.tote.live https://tote.co.uk https://*.tote.co.uk https://api.addressy.com https://*.lot.to https://*.sportcaller.com https://*.mixpanel.com https://cdn.contentful.com https://preview.contentful.com https://sentry.io https://*.pusher.com wss://*.pusher.com https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.intercomusercontent.com https://www.facebook.com https://*.crazyegg.com https://*.maxmind.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.googleoptimize.com/ https://*.launchdarkly.com https://*.akamaized.net https://*.akamaihd.net https://*.attheraces.com https://*.global.ssl.fastly.net https://adservice.google.com https://*.secure.footprint.net https://*.atgvision.com https://cdn-atgvision-live2.rackfish.net https://geoip-js.com https://*.appsflyer.com https://bat.bing.com https://*.oscato.com https://t.co https://google.com https://*.appsync-api.eu-west-2.amazonaws.com wss://*.appsync-realtime-api.eu-west-2.amazonaws.com https://*.tote.ie https://*.clarity.ms https://*.sports.tote.co.uk https://*.test.sports.tote.co.uk wss://*.sports.tote.co.uk wss://*.test.sports.tote.co.uk https://zz.connextra.com https://*.vercel.app/ https://*.hasura.app/ https://region1.google-analytics.com https://*.worldpay.com https://*.8count.tv/api/ https://www.google.com https://googleads.g.doubleclick.net/ https://pcast.phenixrts.com https://*.abetting.co https://*.performgroup.com/ https://*.idscan.cloud/ https://*.gameassists.co.uk/ https://*.adnxs.com https://*.fullstory.com/ https://tote-test.uk.auth0.com/; form-action 'self' https://*.aircall.io https://js.intercomcdn.com https://intercom.help https://api-iam.intercom.io https://verify.monzo.com https://www.facebook.com https://*.oscato.com https://webapp.securetrading.net https://danskebank-3ds-vdm.wlp-acs.com https://www.clicksafe.lloydstsb.com https://*.arcot.com https://*.worldpay.com https://*.securesuite.co.uk https://*.cardinalcommerce.com https://tote-test.uk.auth0.com; frame-ancestors 'self' https://*.idscan.cloud/; frame-src 'self' https://account.tote.digital https://account.test.tote.digital https://account.dev.tote.digital https://account.migration.tote.digital https://www.google.com https://account.staging.tote.live https://account.performance.tote.live https://account.live.tote.live https://account.tote.live https://account.staging.tote.co.uk https://account.performance.tote.co.uk https://account.live.tote.co.uk https://account.tote.co.uk https://thetote.atlassian.net https://tentofollow.test.tote.digital https://tentofollow-internal.tote.digital https://tentofollow.tote.live https://tentofollow.tote.co.uk https://flattentofollow.tote.co.uk https://minigame.tote.co.uk https://minigame.tote.digital https://colossus.stage.tote.co.uk https://colossus.tote.co.uk https://development.tote.digital https://test.tote.digital https://stage.tote.co.uk https://tote.co.uk https://test-branch.tote.digital https://intercom-sheets.com https://*.pariplaygames.com https://d21j22mhfwmuah.cloudfront.net https://player.vimeo.com https://www.youtube.com https://*.fls.doubleclick.net https://cdn.sportcaller.com https://*.adsrvr.org https://*.blueprintgaming.com https://*.rubyplay.com https://*.inspiredvirgo.com https://servedby.flashtalking.com/ https://wab-visualisation.performgroup.com/ https://www.facebook.com https://*.inseincvirtuals.com/ https://*.oscato.com https://*.prerelease-env.biz/ https://*.pragmaticplay.net/ https://wa.me/ https://*.userzoom.com https://app-pp.trunarrative.cloud https://app.trunarrative.cloud https://development-aws.tote.co.uk https://test-aws.tote.co.uk https://stage-aws.tote.co.uk https://*.pplivedealer.com https://*.lxy511.com https://*.pragmaticplaylive.net https://analytics.twitter.com https://c.bing.com https://www.googleoptimize.com https://*.vercel.app/ https://*.hasura.app/ https://pixel.mathtag.com https://*.tote.ie https://*.worldpay.com https://*.8count.tv/api/ https://lb.1x2nwh.com https://1x2-cloud-1.com https://www.1x2gamingcdn.com https://www.1x2-nwh-int-staging.com https://static-live.hacksawgaming.com https://static-stg.hacksawgaming.com https://pcast.phenixrts.com https://*.abetting.co https://*.idscan.cloud/ https://*.valueactive.eu/ https://*.gameassists.co.uk/ https://*.eyecongames.com/ https://tote-test.uk.auth0.com/; img-src 'self' blob: data: https://icard.gbiracing.com https://*.tote.digital https://*.tote.rocks https://*.tote.live https://*.tote.co.uk https://*.tote.ie https://images.ctfassets.net https://images.racingpost.com https://*.googletagmanager.com https://static.intercomassets.com https://*.intercomcdn.com https://*.gstatic.com https://*.aircall.io https://*.micpn.com https://*.intercom.io https://*.intercom-attachments.com https://uploads.intercomusercontent.com https://lotto.nyc3.cdn.digitaloceanspaces.com https://www.facebook.com https://connect.facebook.net https://t.myvisualiq.net https://bat.bing.com https://tapestry.tapad.com https://t.co https://*.doubleclick.net https://tags.bluekai.com https://dpm.demdex.net https://loadus.exelator.com https://idsync.rlcdn.com https://www.google.com https://www.google.co.uk https://www.google.com.ua https://www.google.ie https://*.adsrvr.org https://*.crazyegg.com https://*.google-analytics.com https://cx.atdmt.com https://servedby.flashtalking.com https://cdn.sportcaller.com https://*.oscato.com https://googleads.g.doubleclick.net https://*.userzoom.com https://*.clarity.ms https://*.vercel.app/ https://*.hasura.app/ https://sync.mathtag.com https://secure.adnxs.com https://segment.prod.bidr.io https://secure.adnxs.com https://match.prod.bidr.io https://zz.connextra.com/ https://cnv.event.prod.bidr.io/log/cnv https://pixel.mathtag.com https://*.worldpay.com https://*.8count.tv/api/ https://analytics.twitter.com https://pcast.phenixrts.com https://*.abetting.co https://*.idscan.cloud/ https://*.adnxs.com; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pusher.com https://*.gstatic.com https://www.googletagmanager.com https://*.intercom.io https://js.intercomcdn.com https://*.google.com https://*.mxpnl.com https://thetote.atlassian.net https://*.micpn.com https://connect.facebook.net https://static.ads-twitter.com https://bat.bing.com https://*.myvisualiq.net https://www.googleadservices.com https://analytics.twitter.com https://*.crazyegg.com https://js.adsrvr.org https://*.google-analytics.com https://*.googletagmanager.com https://s3.amazonaws.com/trk.cetrk.com/7/t.js https://*.maxmind.com https://websdk.appsflyer.com https://*.userzoom.com https://*.oscato.com https://*.clarity.ms https://zz.connextra.com https://www.youtube.com/ https://*.vercel.app/ https://*.hasura.app/ https://www.googleoptimize.com/ https://pixel.mathtag.com/ https://*.worldpay.com/ https://*.8count.tv/api/ https://cdn.seondf.com/js/v5/agent.js https://*.performgroup.com/ https://*.adnxs.com https://*.fullstory.com/; font-src 'self' data: https://js.intercomcdn.com https://*.gstatic.com https://fonts.intercomcdn.com https://cdn.tote.co.uk; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.oscato.com https://*.tote.digital https://*.tote.rocks https://*.tote.live https://*.tote.ie https://*.tote.co.uk https://*.userzoom.com https://*.worldpay.com; media-src 'self' https://js.intercomcdn.com https://customer-n3fizij3iayvp17p.cloudflarestream.com https://*.akamaized.net https://*.akamaihd.net https://*.attheraces.com https://*.global.ssl.fastly.net https://*.secure.footprint.net https://*.atgvision.com https://cdn-atgvision-live2.rackfish.net https://wab-visualisation.performgroup.com/ blob: https://betsmart-cms.vercel.app/api/get-jwt https://betsmart-app.hasura.app/api/rest/video https://betsmart-cms-git-staging-8count.vercel.app/api/get-jwt https://betsmart-app-stg.hasura.app/api/rest/video https://videodelivery.net/ https://*.8count.tv/api/ https://pcast.phenixrts.com; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://wab-visualisation.performgroup.com/ https://*.attheraces.com https://*.global.ssl.fastly.net https://*.oscato.com blob: https://betsmart-cms.vercel.app/api/get-jwt https://betsmart-app.hasura.app/api/rest/video https://betsmart-cms-git-staging-8count.vercel.app/api/get-jwt https://betsmart-app-stg.hasura.app/api/rest/video https://*.worldpay.com https://*.8count.tv/api/ https://pcast.phenixrts.com; worker-src blob:; upgrade-insecure-requests; report-uri https://thetote.report-uri.com/r/d/csp/reportOnly 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://s.yimg.jp/images/listing/tool/cv/ytag.js https://www.googleadservices.com https://googleads.g.doubleclick.net http://www.googleadservices.com https://s.yimg.jp/images/listing/tool/cv/conversion.js https://bid.g.doubleclick.net *.facebook.net https://cdn.syndication.twimg.com https://static.ads-twitter.com *.karte.io *.twitter.com *.pardot.com facebook.com graph.facebook.com ; child-src 'self' https://platform.twitter.com https://syndication.twitter.com *.facebook.com https://www.youtube.com *.pardot.com *.ebay.co.jp *.doubleclick.net; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://o3o.ca; img-src 'self' https: data: blob: https://o3o.ca; style-src 'self' https://o3o.ca 'nonce-kOSHyz6+vM4M+2itbcJuhA=='; media-src 'self' https: data: https://o3o.ca; frame-src 'self' https:; manifest-src 'self' https://o3o.ca; form-action 'self'; child-src 'self' blob: https://o3o.ca; worker-src 'self' blob: https://o3o.ca; connect-src 'self' data: blob: https://o3o.ca https://mstdn-s3.o3o.studio wss://o3o.ca; script-src 'self' https://o3o.ca 'wasm-unsafe-eval' 1
frame-ancestors 'self' http://sentryonlinetraining.com http://natlonlinetraining.com http://aironlinetraining.com http://assuredpartnersonlinetraining.com http://cfinsonlinetraining.com http://hatchagencyonlinetraining.com http://hubinternationalonlinetraining.com http://prlonlinetraining.com http://fniconlinetraining.com http://cottinghambutleronlinetraining.com http://nationwideonlinetraining.com https://allinsureonlinetraining.com https://funduwonlinetraining.com https://bflonlinetraining.com https://economicalonlinetraining.com https://cowanonlinetraining.com https://assets.partners.carriersedge.com https://kunkelonlinetraining.com http://otalearningsolutions.com http://www.otalearningsolutions.com/ http://otalearningsolutions.ca http://www.otalearningsolutions.ca/ http://pmtcacademy.ca http://www.pmtcacademy.ca/ http://pmtcacademy.com http://www.pmtcacademy.com/ http://aptaonlinetraining.com http://www.aptaonlinetraining.com/ http://bctaonlinetraining.com http://www.bctaonlinetraining.com/ http://mtaonlinetraining.com http://www.mtaonlinetraining.com/ http://dotrgonlinetraining.com http://www.dotrgonlinetraining.com/ http://dotrgdrivertraining.com http://www.dotrgdrivertraining.com/ http://sentry.carriersedge.com http://www.sentry.carriersedge.com/ http://kunkel.carriersedge.com http://www.kunkel.carriersedge.com/ http://saskcompliancetraining.com http://www.saskcompliancetraining.com/ http://bfl.carriersedge.com http://www.bfl.carriersedge.com/ http://cb.carriersedge.com http://www.cb.carriersedge.com/ http://cowan.carriersedge.com http://www.cowan.carriersedge.com/ http://cowan.carriersedge.com http://www.cowan.carriersedge.com/ http://cowan.carriersedge.com http://www.cowan.carriersedge.com/ http://cowan.carriersedge.com http://www.cowan.carriersedge.com/ http://cowan.carriersedge.com http://economical.carriersedge.com http://www.economical.carriersedge.com/ http://www.bctaonlinetraining.com http://otaelearningsolutions.com https://ap.carriersedge.com http://www.otaelearningsolutions.com http://natl.carriersedge.com http://fnic.carriersedge.com http://nationwide.carriersedge.com http://allinsure.carriersedge.com http://chubb.carriersedge.com http://chubb-us.carriersedge.com https://fleetowner.com http://www.fleetowner.com http://ccjdigital.com https://ccjdigital.com http://fleetowner.com https://fleetowner.com http://ttnews.com https://ttnews.com http://trucknews.com https://trucknews.com http://www.ccjdigital.com https://www.ccjdigital.com http://www.fleetowner.com https://www.fleetowner.com http://www.ttnews.com https://www.ttnews.com http://www.trucknews.com https://www.trucknews.com http://tam.carriersedge.com http://radionemo.com http://www.radionemo.com https://radionemo.com https://egr.carriersedge.com https://egr-fr.carriersedge.com https://www.radionemo.com  https://intact.carriersedge.com http://funduw.carriersedge.com https://funduw.carriersedge.com https://intact-fr.carriersedge.com https://trucknews.com https://hub.carriersedge.com https://prl.carriersedge.com http://intact-fr.carriersedge.com https://cfins.carriersedge.com https://hatchagency.carriersedge.com https://air.carriersedge.com https://tamonlinetraining.com https://burrowesonlinetraining.com https://univestaonlinetraining.com https://egronlinetraining.com https://echelononlinetraining.com https://intactonlinetraining.com 1
default-src 'self';  connect-src 'self' px.ads.linkedin.com accounts.google.com www.facebook.com tagmanager.google.com secure.adnxs.com c.6sc.co vimeo.com cdn.linkedin.oribi.io log.cookieyes.com cdn-cookieyes.com directory.cookieyes.com wss://ws.hotjar.com wss://wsp38.hotjar.com wss://ws3.hotjar.com wss://ws38.hotjar.com wss://ws47.hotjar.com  *.hotjar.com *.hotjar.io cdn.cookielaw.org geolocation.onetrust.com ipv6.6sc.co analytics.google.com www.google-analytics.com stats.g.doubleclick.net my.yoast.com yoast.com my.wpengine.com *.cloudfront.net *.wistia.com;  font-src 'self' fonts.gstatic.com fonts.googleapis.com maxcdn.bootstrapcdn.com rambus.wpenginepowered.com data:; form-action 'self' www.facebook.com;  frame-ancestors 'self';  style-src 'self' rambus.wpenginepowered.com *.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline';  script-src 'self' connect.facebook.net rambus.wpenginepowered.com cdn-cookieyes.com/ www.youtube.com player.vimeo.com go.rambus.com cdn.c212.net c212.net pixel.mathtag.com cdn.cookielaw.org www.googletagmanager.com *.hotjar.com j.6sc.co snap.licdn.com www.google-analytics.com pi.pardot.com cdnjs.cloudflare.com yoast.com accounts.google.com *.wistia.com beacon-v2.helpscout.net 'unsafe-inline' 'unsafe-eval';  img-src 'self' data: rambus.wpenginepowered.com cdn-cookieyes.com googletagmanager.com b.6sc.co px.ads.linkedin.com px4.ads.linkedin.com www.google-analytics.com www.google.com www.facebook.com go.rambus.com secure.gravatar.com content.cdntwrk.com pixel.mathtag.com i.ytimg.com pbs.twimg.com wpengine.com *.wpengine.com ps.w.org yoa.st yoast.com storage.googleapis.com wp-rocket.me *.openstreetmap.org;  frame-src 'self' www.facebook.com www.slideshare.net vars.hotjar.com player.vimeo.com go.rambus.com pixel.mathtag.com www.youtube.com app.essential-addons.com wp-rocket.me smartslider3.com; 1
default-src 'unsafe-inline' 'unsafe-eval' https: data: blob: https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: http:; frame-ancestors 'self' https://integrator.io/ https://eu.integrator.io/ https://staging.integrator.io/ http://localhost:6006 http://localhost.io:4000/ https://celigo.github.io/ http://165.232.183.57/ https://qa.staging.integrator.io/ https://iaqa.staging.integrator.io/ https://qaprod.staging.integrator.io/ https://platform1.dev.integrator.io/ https://platform2.dev.integrator.io/ https://core.dev.integrator.io/ https://discover.celigo.com/ https://platform5.dev.integrator.io/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://connect.facebook.net https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com/ https://www.googletagmanager.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; img-src * data:; font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.hotjar.com; connect-src 'self' https://www.google-analytics.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; object-src 'none'; frame-src 'self' https://www.facebook.com https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com https://www.google.com https://www.youtube.com https://web.facebook.com; frame-ancestors 'self' https://author.smrt.com.sg https://authordev.smrt.com.sg 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdnjs.cloudflare.com *.sharethis.com *.facebook.net *.googletagmanager.com *.acquia.com *.google-analytics.com *.newrelic.com *.nr-data.net *.yimg.com *.adform.net *.licdn.com *.azureedge.net *.adsrvr.org *.samlassertion *.gstatic.com *.taboola.com *.adobedtm.com *.vimeo.com *.googleadservices.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.sharethis.com *.typekit.net *.samlassertion *.googleapis.com; report-uri /report-csp-violation 1
frame-ancestors 'self';script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' https: 'unsafe-inline' 1
default-src 'none'; style-src 'self'; connect-src 'self'; img-src 'self'; font-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; 1
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googleapis.com *.googletagmanager.com *.addtoany.com *.youtube-nocookie.com *.google.com *.google-analytics.com *.ytimg.com *.facebook.com forms.gle *.chnu.edu.ua madmagz.com 1
default-src * data: blob: 'self' 'unsafe-inline' 'unsafe-eval' *.zoom.us zoom.us wss://*.zoom.us www.bing.com *.virtualearth.net connect.facebook.net www.google-analytics.com ajax.googleapis.com www.googletagmanager.com data:; connect-src *; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.www.google-analytics.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://pi.pardot.com/pd.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.pi.pardot.com *.cdn-images.mailchimp.com *.maxcdn.bootstrapcdn.com *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org widget.surveymonkey.com www.googletagmanager.com pi.pardot.com info.acara.edu.au www.youtube.com; style-src 'self' 'unsafe-inline' *.cdn-images.mailchimp.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css https://cdn-images.mailchimp.com/embedcode/slim-10_7.css *.twimg.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' https://acaraweb.blob.core.windows.net https://dataandreporting.blob.core.windows.net *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com; media-src 'self' data: blob:; child-src 'self' https://app.powerbi.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.surveymonkey.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com www.google-analytics.com stats.g.doubleclick.net; 1
default-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src https: wss:; form-action 'self' www.facebook.com forms.hsforms.com; object-src 'self'; base-uri 'self'; 1
frame-ancestors 'self' https://manage.ledsmagazine.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: *.casinos.at *.lotterien.at *.cloudfront.net *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.google.com *.google.at *.googletagmanager.com *.gstatic.com *.usercentrics.eu *.econda-monitor.de *.quandoo.at *.vimeo.com *.youtube.com track.adform.net s2.adform.net *.friendlycaptcha.com *.friendlycaptcha.eu; 1
frame-ancestors 'self' https://app.unbouncepreview.com https://app.unbounce.com https://learn.salfinc.com https://learn.self.inc; 1
frame-ancestors 'self' ; report-uri https://itickets.report-uri.io/r/default/csp/enforce; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; media-src https://*.mux.com blob: data:; 1
default-src 'self'; base-uri 'self'; media-src 'self' https://cdn.livechatinc.com/widget/ https://s3.amazonaws.com/dreamgiveaway/ https://youtu.be; img-src 'self' https://wellput.go2cloud.org https://fonts.googleapis.com https://ct.pinterest.com/v3/ https://*.clarity.ms https://c.bing.com data: *.google.com *.doubleclick.net *.googleadservices.net https://photos.smugmug.com/ https://system.picreel.com/img/ https://cm.g.doubleclick.net/pixel https://cs.adingo.jp/push/ https://odr.mookie1.com/t/v2 https://x.bidswitch.net/syncd https://usermatch.krxd.net/um/ https://eb2.3lift.com/xuid https://io.narrative.io/ https://tags.rd.linksynergy.com/rcs https://e.nexac.com/e/ttd_sync.xgi https://loadm.exelator.com/load/ https://dmp.truoptik.com/ https://match.sharethrough.com/sync/ https://uipglob.semasio.net/tradedesk/1/get https://match.sync.ad.cpe.dotomi.com/w/user.sync https://mid.rkdms.com/bct https://idsync.rlcdn.com/361776.gif https://aa.agkn.com/adscores/g.pixel https://ads.scorecardresearch.com/p https://i.liadm.com/s/ https://su.addthis.com/red/ https://secure.insightexpressai.com/adserver/ https://match.adsrvr.org/track/cmf/ https://simage2.pubmatic.com/AdServer/Pug  https://pixel.tapad.com/idsync/ex/ https://ups.analytics.yahoo.com/ups/ https://www.google-analytics.com/collect https://googleads.g.doubleclick.net/pagead/ https://www.googletagmanager.com/ https://bat.bing.com https://www.facebook.com https://connect.facebook.net/log/error https://via.placeholder.com/ https://s3.amazonaws.com/dreamgiveaway/images/ https://i.ytimg.com https://www.google.com https://insight.adsrvr.org/track/conv/ https://www.w3.org/2000/ https://cs.adingo.jp/push/ https://ib.adnxs.com/ https://www.shareasale.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://wellput.go2cloud.org https://js.go2sdk.com/v2/tune.js https://tr.outbrain.com/cachedClickId https://wave.outbrain.com/mtWavesBundler/handler/ https://s.pinimg.com/ct/lib/ https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://s.pinimg.com/ct/core.js https://amplify.outbrain.com/cp/ https://amplify.outbrain.com/cp/obtp.js https://cdn.livechatinc.com/tracking.js https://api.livechatinc.com/ https://secure.livechatinc.com/customer/ https://www.gstatic.com/charts/ https://connect.facebook.net/signals/config/ https://www.facebook.com https://connect.facebook.net/en_US/ https://www.facebook.com/tr/ https://bat.bing.com/ https://nexus.ensighten.com https://www.googletagmanager.com https://s3.amazonaws.com/dreamgiveaway https://assets.pcrl.co https://www.googleadservices.com https://www.youtube.com https://bat.bing.com/action/ https://www.google.com https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://system.picreel.com https://app.picreel.com https://static.doubleclick.net https://insight.adsrvr.org/track/conv/ https://match.adsrvr.org/track/ https://pixel.admedia.com/ https://www.dwin1.com https://*.clarity.ms https://trk.mdrtrck.com/aff_lsr https://cdn.rollbar.com/rollbarjs/refs/tags/v2.26.1/rollbar.min.js  https://pips.taboola.com/ https://cdn.taboola.com/libtrc/unip/1593681/tfa.js https://cdn.taboola.com/scripts/ https://trc.taboola.com/1593681/trc/; style-src 'self' 'unsafe-inline'  https://fonts.googleapis.com https://www.gstatic.com/charts/ https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com/css https://www.w3.org; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com/s/ https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/; connect-src 'self'  https://wellput.go2cloud.org https://wellput.go2cloud.org/ping https://fonts.googleapis.com https://ct.pinterest.com/user/ https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://app.picreel.com/api/getUserTypeByUrl/ https://tr.outbrain.com https://s.pinimg.com https://ct.pinterest.com/stats/ https://metrics.dreamgiveaway.com/events https://*.analytics.google.com/g/collect https://analytics.google.com/g/collect https://pixel.admedia.com/convVisitLib.php https://www.google-analytics.com/j/collect https://stats.g.doubleclick.net https://www.google-analytics.com/collect https://bat.bing.com/action/ https://bat.bing.com/actionp/ https://facebook.com https://*.clarity.ms https://api.rollbar.com/api/1/item/ https://trc-events.taboola.com/1593681/log/ https://pips.taboola.com https://cds.taboola.com; child-src 'self' https://facebook.com https://www.youtube.com/ https://youtu.be; worker-src 'self' blob:; object-src 'self' https://www.sandbox.dreamgiveaway.com/donations/certificate/ frame-ancestors https://app.picreel.com/ https://ct.pinterest.com/ct.html https://www.tabsite.com/ https://www.facebook.com/dreamgiveaway/ https://www.youtube.com/; frame-src 'self' https://www.facebook.com/ https://ct.pinterest.com/ct.html https://secure.livechatinc.com/customer/ https://facebook.com/ https://www.youtube.com/ https://youtu.be https://bid.g.doubleclick.net/ https://app.picreel.com/; form-action 'self' https://www.facebook.com/tr/ https://testsecureacceptance.cybersource.com/silent/pay https://secureacceptance.cybersource.com/silent/pay 1
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self' 1
frame-ancestors 'self'            https://ksa.iprox.nl https://kansspelautoriteit.nl https://www.kansspelautoriteit.nl 1
script-src 'strict-dynamic' 'unsafe-inline' 'wasm-unsafe-eval' 'self' www.channelengine.net cdn.channelengine.net www.gstatic.com/charts/ https://*.googletagmanager.com https://hcaptcha.com https://*.hcaptcha.com https://*.clarity.ms https://*.productfruits.com https://productfruits.help/ 'nonce-p6AJSYJtVYv762EQzGAW36iMggGuNXq03JxVC7VhaHI='; default-src 'self'; object-src 'none'; img-src * https://*.google-analytics.com https://*.googletagmanager.com 'self' data: https:; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://hcaptcha.com https://*.hcaptcha.com https://api.powerbi.com https://*.sentry.io https://*.clarity.ms wss://*.productfruits.com https://*.productfruits.com; style-src 'unsafe-inline' 'self' www.channelengine.net cdn.channelengine.net fonts.googleapis.com www.gstatic.com/charts/ https://hcaptcha.com https://*.hcaptcha.com https://*.productfruits.com; font-src 'self' www.channelengine.net cdn.channelengine.net fonts.gstatic.com data:; frame-src https://hcaptcha.com https://*.hcaptcha.com https://app.powerbi.com https://app.customgpt.ai https://images.channelengineai.com https://*.productfruits.com; frame-ancestors 'none'; base-uri 'self'; worker-src 'self' blob: 1
frame-ancestors 'self' https://*.papayapay.com https://papayapay.com https://www.datamediallc.com https://www.epayitonline.com * 1
frame-ancestors 'self' pagerduty.lookbookhq.com 1
default-src *.crazyegg.com blob: 'self' https: 'unsafe-inline' 'unsafe-eval' 1
connect-src 'self' *.fontawesome.com *.yimg.com *.google-analytics.com *.doubleclick.net rest-api.e-shot.net bat.bing.com terryberry.force.com *.omappapi.com z.omappapi.com a.omappapi.com api.omappapi.com *.nr-data.net *.terryberry.com secure.agile-company-365.com idx.liadm.com *.clickagy.com *.zoominfo.com *.hu-manity.co onesignal.com *.onesignal.com cdn.linkedin.oribi.io *.duosecurity.com terryberry.com *.gstatic.com  *.google.com *.hcaptcha.com terryberry.my.salesforce.com terryberry.my.site.com *.clickcease.com pagead2.googlesyndication.com *.trstplse.com *.trustpulse.com *.chilipiper.com *.ads.linkedin.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com; default-src  'self' 'unsafe-inline' data:; font-src  'self' 'unsafe-inline' data: *.fontawesome.com fonts.gstatic.com *.hu-manity.co *.duosecurity.com  terryberry.com *.terryberry.com *.hcaptcha.com terryberry.my.salesforce.com *.trstplse.com *.trustpulse.com data: *.chilipiper.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com; frame-src 'self' bid.g.doubleclick.net service.force.com www.facebook.com go.pardot.com *.youtube.com storage.pardot.com terryberry.com *.terryberry.com player.vimeo.com *.hu-manity.co  onesignal.com *.onesignal.com *.duosecurity.com *.gstatic.com *.google.com *.hcaptcha.com terryberry.my.salesforce.com td.doubleclick.net *.trstplse.com *.trustpulse.com data: *.chilipiper.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com; img-src 'self' 'unsafe-inline' terryberry.com *.terryberry.com *.gravatar.com *.linkedin.com *.bing.com *.analytics.yahoo.com *.google.com *.google.co.uk *.google.de *.facebook.com *.google-analytics.com live-terryberry.pantheonsite.io p.adsymptotic.com go.pardot.com *.doubleclick.net i.ytimg.com *.omappapi.com *.googletagmanager.com *.clickagy.com *.rlcdn.com *.demdex.net *.crwdcntrl.net *.agkn.com *.bluekai.com pixel-sync.sitescout.com *.hu-manity.co  onesignal.com *.onesignal.com *.duosecurity.com terryberry.my.site.com *.gstatic.com *.google.com *.hcaptcha.com terryberry.my.salesforce.com *.clickcease.com *.trstplse.com *.trustpulse.com data: *.chilipiper.com trustpulse.s3.amazonaws.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com; media-src 'self' 'unsafe-inline' *.terryberry.com *.duosecurity.com terryberry.com data: *.optinmonster.com *.visualwebsiteoptimizer.com; script-src 'self' 'unsafe-inline'  'unsafe-eval' *.pantheonsite.io *.360recognition.com *.giveawow.com *.youtube.com *.google.com *.google-analytics.com *.googleapis.com use.fontawesome.com kit.fontawesome.com www.googletagmanager.com service.force.com terryberry.my.salesforce.com bat.bing.com *.googleadservices.com snap.licdn.com tracking.g2crowd.com s.yimg.com connect.facebook.net pi.pardot.com *.salesforceliveagent.com *.doubleclick.net signup.es-mail.co.uk ajax.googleapis.com static.lightning.force.com terryberry.force.com *.omappapi.com *.googleoptimize.com *.adservice.google.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.terryberry.com secure.agile-company-365.com player.vimeo.com *.zoominfo.com *.clickagy.com *.hu-manity.co onesignal.com *.onesignal.com *.duosecurity.com terryberry.com *.gstatic.com *.google.com terryberry.my.site.com *.hcaptcha.com *.clickcease.com *.trstplse.com *.trustpulse.com *.chilipiper.com cdnjs.cloudflare.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com  unpkg.com/vue@3/dist/vue.global.js unpkg.com/vue@3/; style-src 'self' 'unsafe-inline' *.pantheonsite.io *.fontawesome.com service.force.com terryberry.force.com fonts.googleapis.com *.omappapi.com *.terryberry.com secure.agile-company-365.com *.hu-manity.co onesignal.com *.onesignal.com *.duosecurity.com terryberry.com *.gstatic.com *.google.com terryberry.my.site.com *.hcaptcha.com terryberry.my.salesforce.com *.trstplse.com *.trustpulse.com *.chilipiper.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com; worker-src 'self' 'unsafe-inline' *.terryberry.com terryberry.com blob: data:; 1
img-src * data: blob:; script-src 'unsafe-eval' 'unsafe-inline' *; worker-src 'unsafe-inline' * blob:; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src data: https:; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://www.gartner.com/; connect-src https: 'unsafe-inline' 'unsafe-eval' wss://reflex.bigpicture.io; frame-ancestors 'self' https://yugabyte.thinkific.com/ https://*.yugabyte.com/; 1
frame-ancestors 'self'; report-uri frame-src 'self'; frame-ancestors 'self'; report-uri https://entertainmentcareers.report-uri.com/r/d/csp/enforce 1
default-src 'self' ; style-src 'self' 'self' ; style-src-elem 'self' ; font-src 'self' ; frame-ancestors 'self' *.niit-mts.com; frame-src 'self' ; img-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' google.com googleapis.com maps.googleapis.com www.google.com bootstrap.com fontawesome.com fonts.googleapis.com fonts.gstatic.com www.gstatic.com www.googletagmanager.com script.infinity-tracking.com cdn-ukwest.onetrust.com www.google-analytics.com www.doctify.com www.cqc.org.uk code.jquery.com extsub.cmadvantage.co.uk customer.cludo.com js.monitor.azure.com googleadservices.com www.youtube.com edge.fullstory.com googleads.g.doubleclick.net connect.facebook.net bat.bing.com www.googleadservices.com static.hotjar.com bid.g.doubleclick.net script.hotjar.com cdn.optimizely.com cdn-ukwest.onetrust.com ict.infinity-tracking.net *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com adswizz.com octave-7535-adswizz.attribution.adswizz.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' use.typekit.net p.typekit.net cdnjs.cloudflare.com www.cqc.org.uk customer.cludo.com www.doctify.com; font-src 'self' cdnjs.cloudflare.com use.typekit.net fonts.googleapis.com; img-src 'self' data: googleads.g.doubleclick.net www.google.com www.cqc.org.uk adswizz.com bat.bing.com www.facebook.com www.google.co.uk octave-7535-adswizz.attribution.adswizz.com maps.gstatic.com maps.googleapis.com cdn-ukwest.onetrust.com cdn.optimizely.com; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' blob:;script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudfare.com i.icomoon.io maps.googleapis.com www.google-analytics.com www.googletagmanager.com mktdplp102cdn.azureedge.net www.gstatic.com places.googleapis.com rum-static.pingdom.net chimpstatic.com downloads.mailchimp.com mc.us9.list-manage.com cdn.nocnsf.nl;style-src 'self' 'unsafe-inline' fonts.googleapis.com i.icomoon.io downloads.mailchimp.com cdn.nocnsf.nl;img-src 'self' data: maps.googleapis.com maps.gstatic.com images.unsplash.com http://placeimg.com www.google-analytics.com cdn.nocnsf.nl;media-src 'self' www.youtube.com youtube.com cdn.nocnsf.nl;font-src 'self' fonts.gstatic.com cdn.nocnsf.nl;frame-src * youtube.com www.youtube.com;frame-ancestors 'self' youtube.com www.youtube.com;connect-src 'self' i.icomoon.io maps.googleapis.com www.google-analytics.com region1.google-analytics.com stats.g.doubleclick.net www.gstatic.com places.googleapis.com *.svc.dynamics.com rum-static.pingdom.net rum-collector-2.pingdom.net;form-action 'self' accounts.google.com; 1
default-src 'self'; connect-src 'self' *.google-analytics.com https://cdn.linkedin.oribi.io https://*.hotjar.io https://*.hotjar.com *.analytics.google.com *.googletagmanager.com www.google-analytics.com https://*.addthis.com; frame-src 'self' *.eurolandir.com *.euroland.com www.youtube.com https://www.youtube-nocookie.com https://*.addthis.com www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.googleadservices.com https://www.google.com snap.licdn.com https://*.facebook.net https://*.hotjar.com https://www.youtube.com *.googletagmanager.com use.fontawesome.com www.google-analytics.com https://www.youtube-nocookie.com https://addthisevent.com https://*.addthisevent.com https://*.addevent.com www.gstatic.com www.google.com graph.facebook.com www.linkedin.com https://*.addthis.com https://*.addthisedge.com; font-src 'self' https://fast.fonts.net https://use.fontawesome.com data:; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fast.fonts.net; img-src 'self' https://googleads.g.doubleclick.net https://www.google.com https://www.facebook.com https://px.ads.linkedin.com https://*.cloudfront.net *.google-analytics.com *.googletagmanager.com https://*.cdninstagram.com *.fbcdn.net external.xx.fbcdn.net http://pbs.twimg.com media.licdn.com i.ytimg.com scontent.xx.fbcdn.net image-store.slidesharecdn.com www.google-analytics.com https://addevent.com https://*.addevent.com data:; 1
frame-ancestors https://mynikonhub.nikonlenswear.co.uk https://dev.mynikonhub.nikonlenswear.co.uk/ https://uat.mynikonhub.nikonlenswear.co.uk/; 1
frame-ancestors 'self' https://www.livesupportteam.com 1
default-src 'self' *.continuum.ie *.gamma.ie https://ecn.t2.tiles.virtualearth.net/ *.autoaddress.com *.maze.co gateway.zscalertwo.net privacyportal-de.onetrust.com/request/v1/consentreceipts https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location cdn.cookielaw.org staging.cdn-net.com staging-uk.cdn-net.com uk.cdn-net.com six.cdn-net.com ajax.aspnetcdn.com searchservices.tescomobile.ie static.ads-twitter.com lptag.liveperson.net lpcdn.lpsnmedia.net *.googletagmanager.com platform.twitter.com analytics.twitter.com accdn.lpsnmedia.net lo.v.liveperson.net privacyportal-de.onetrust.com maps.googleapis.com fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com servedby.flashtalking.com accreditation.datacash.com *.googleadservices.com 2866153.fls.doubleclick.net googleads.g.doubleclick.net use.typekit.net static.addtoany.com ib.adnxs.com *.google.com *.google.ie *.google-analytics.com code.jquery.com service.gamma.ie *.t.co d1j07uq9klr1j0.cloudfront.net service.autoaddress.ie api.autoaddress.ie dev.virtualearth.net edge.quantserve.com connect.facebook.net rules.quantcount.com *.youtube.com s.ytimg.com r.turn.com secure.quantserve.com  *.hotjar.com *.googlesyndication.com *.doubleclick.net *.hotjar.io ds-aksb-a.akamaihd.net payments.worldpay.com wss://lo2.msg.liveperson.net wss://ws.hotjar.com/api/v2/client/ws analytics.tiktok.com cdn.jsdelivr.net three.gamma.ie service.gamma.ie analytics.pangle-ads.com cdn.co-buying.com data: https://bp.tescomobile.ie/ https://www.facebook.com/ 'unsafe-eval' 'unsafe-inline'; media-src *;img-src * data:; frame-src * d1j07uq9klr1j0.cloudfront.net *.youtube.com secure.quantserve.com; worker-src 'self' blob: 1
upgrade-insecure-requests;                     style-src 'self' 'unsafe-inline' *.lytics.io feed.pghub.io pandg.tapad.com;                     script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com *.facebook.net *.segment.com pghub.io *.lytics.io *.doubleclick.net feed.pghub.io pandg.tapad.com;                     manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com;                     media-src 'self' *.ctfassets.net feed.pghub.io pandg.tapad.com;                     font-src 'self' feed.pghub.io pandg.tapad.com;                     frame-ancestors 'none' feed.pghub.io pandg.tapad.com;                     frame-src 'self' *.pghub.io *.doubleclick.net consumersupport.pg.com pandg.tapad.com;                     img-src 'self' data: *.ctfassets.net *.tapad.com *.lytics.io www.googletagmanager.com www.google.com www.google.cz feed.pghub.io www.facebook.com;                     connect-src 'self' *.adsrvr.org *.segment.com *.segment.io *.doubleclick.net *.bazaarvoice.com *.googlesyndication.com *.analytics.google.com *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com;                     default-src 'none' feed.pghub.io pandg.tapad.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net www.gstatic.com *.google.com *.hotjar.com *.googletagmanager.com *.cookiebot.com *.targeo.pl; frame-src 'self' *.doubleclick.net *.google.com *.cookiebot.com *.targeo.pl; object-src 'self'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net www.gstatic.com *.google.com *.hotjar.com *.googletagmanager.com *.cookiebot.com *.targeo.pl 1
base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://prime-psf.2b-advice.com https://2badvice-cdn.azureedge.net https://maps.google.com https://d1c1fyrod5p5bz.cloudfront.net https://www.google-analytics.com https://heatmaps.monsido.com https://d44wixjfbtz1l.cloudfront.net https://www.googletagmanager.com https://app-script.monsido.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d2o7emhzwey5ns.cloudfront.net https://2badvicecdn.azureedge.net; object-src 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.topdanmark.dk *.topdanmark.com *.topdanmark.cloud https://www.googletagmanager.com *.googletagmanager.com *.cookieinformation.com https://dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com *.imgeng.in *.google.dk *.google.se *.google.no *.google.nl *.google.gl *.google.gr *.google.pl *.google.iq www.google.com www.google-analytics.com https://www.google-analytics.com www.facebook.com widget.trustpilot.com *.doubleclick.net https://connect.facebook.net https://www.googleadservices.com www.googleadservices.com topdanmark.leadfamly.com trustpilot.com *.danid.dk cdnjs.cloudflare.com https://polyfill.io www.youtube.com *.ditonlinebetalingssystem.dk *.dawa.aws.dk *.scalepoint.com www.talenthub.io https://talenthub.io https://s3.eu-central-1.amazonaws.com/talenthub.io *.googleapis.com *.form.io https://app.vwo.com https://cdn.jsdelivr.net https://via.ritzau.dk https://leadvalidator.dk https://bat.bing.com https://www.clarity.ms https://static.zdassets.com *.gstatic.com *.insurely.com;frame-ancestors 'self' *.ci360.sas.com;report-to website-csp-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.7ru.news https://push.7ru.news https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://push.7ru.news https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz https://push.7ru.news ; 1
default-src 'unsafe-inline' 'unsafe-eval' data: blob: https: wss:; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' *.amalgamatedbank.com bam.nr-data.net unpkg.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com js.locatorsearch.com *.prod.acquia-sites.com *.instagram.com *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com *.googletagmanager.com *.doubleclick.net *.addtoany.com fonts.gstatic.com *.omappapi.com *.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com app.jazz.co js-agent.newrelic.com *.google.com *.gstatic.com www.recaptcha.net ajax.googleapis.com bam.nr-data.net 'unsafe-inline' 'unsafe-eval' http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://www.recaptcha.net/recaptcha/api.js https://www.recaptcha.net/recaptcha/api/fallback; style-src 'self' 'unsafe-inline' unpkg.com *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com bam.nr-data.net *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com *.google.com *.gstatic.com app.jazz.co; img-src 'self' amalgamatedbank.com www.amalgamatedbank.com *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com bam.nr-data.net cdn.jsdelivr.net *.prod.acquia-sites.com js.locatorsearch.com *.oktacdn.com *.okta.com *.oktapreview.com data: *.googletagmanager.com app.jazz.co *.google.com *.google-analytics.com *.gstatic.com images.printable.com images.locatorsearch.com instagram.com i.ytimg.com; media-src files.marcomcentral.app.pti.com *.youtube.com *.amalgamatedbank.com bam.nr-data.net *.talkdeskapp.com *.talkdeskdev.com *.twilio.com; frame-src *; font-src 'self' 'unsafe-inline' cdnjs.cloudflare.com bam.nr-data.net *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com unpkg.com fonts.gstatic.com app.jazz.co *.google.com *.gstatic.com *.locatorsearch.com; connect-src 'self' abnyunityuat.fisglobal.com login-uat.fisglobal.com mcs.us1.twilio.com wss://tsock.us1.twilio.com *.talkdeskapp.com *.talkdeskdev.com maps-api-ssl.google.com bam.nr-data.net stats.addtoany.com googleads.g.doubleclick.net *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com *.omappapi.com *.google-analytics.com *.google.com *.gstatic.com googleads.g.doubleclick.net; report-uri /report-csp-violation 1
script-src 'self' npmcdn.com *.amazonaws.com *.webshark.hu webshark.hu *.cookie-script.com *.npmcdn.com *.jsdelivr.net *.smartlook.com *.hotjar.com *.disqus.com *.google.com 'unsafe-inline' 'unsafe-eval' *.facebook.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net *.gstatic.com; frame-src 'self' *.webshark.hu *.facebook.com *.hotjar.com *.youtube.com *.google.com; object-src 'self'; worker-src 'self' blob:; 1
default-src ‘self’; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-MWZhYTc4Nzg2Mjk1NGRjMThlZjY5ZWRjMmIyYjY5NDM=' https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rijksoverheid.nl; font-src 'self' https://statistiek.rijksoverheid.nl; object-src 'none'; connect-src https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl; img-src 'self' data: https://d3oiud1b8fohdw.cloudfront.net https://statistiek.rijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.toegankelijkheidsverklaring.nl; media-src 'self' https://*.rovid.nl https://*.rijksoverheidsvideo.nl; form-action 'self' https://export.highcharts.com https://*.contenttoolsrijksoverheid.nl https://*.rijksoverheid.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
style-src 'self' https://www.youraccessone.com https://youraccessone.com  https://js-agent.newrelic.com https://cdn.walkme.com https://pciapply.com 'unsafe-inline';script-src 'self' https://youraccessone.com https://www.youraccessone.com https://h.online-metrix.net https://cdn.walkme.com https://playerserver.walkme.com  https://js-agent.newrelic.com https://pciapply.com 'unsafe-eval' 'unsafe-inline';form-action 'self' https://pciapply.com; 1
frame-ancestors https://trscms.us.aegon.com/ https://trs-cms.us.aegon.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://plausible.io https://challenges.cloudflare.com; connect-src https://plausible.io; style-src 'self' 'unsafe-inline'; img-src 'self'; frame-src 'self' https://*.kystverket.no https://challenges.cloudflare.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:     https://advertiserpro.flexoffers.com/     https://api.joinnow.live/     https://bat.bing.com/     https://browser.sentry-cdn.com/     https://cdn.foxycart.com/     https://cdn.jsdelivr.net/     https://cdn.jwplayer.com/     https://cdn.knightlab.com/     https://cdn.pdst.fm/     https://cdnjs.cloudflare.com/     https://code.jquery.com/     https://connect.facebook.net/     https://diffuser-cdn.app-us1.com/     https://ef.richdadworld.com/     https://experts.richdadworld.com/     https://google.com/     https://googleads.g.doubleclick.net/     https://*.hotjar.com/     https://intljs.rmtag.com/     https://joinnow.live/     https://ka-f.fontawesome.com/     https://kit.fontawesome.com/     https://o228308.ingest.sentry.io/     https://pei.activehosted.com/     https://prism.app-us1.com/     https://richdad.foxycart.com/     https://richdadespanol.foxycart.com/     https://richdadworld.com/     https://recaptchaenterprise.googleapis.com/     https://script.hotjar.com/     https://sealserver.trustkeeper.net/     https://sealserver.trustwave.com/     https://ssl.p.jwpcdn.com/     https://static.hotjar.com/     https://tags.rd.linksynergy.com/     https://td.doubleclick.net/     https://trackcmp.net/     https://tracker.marinsm.com/     https://unpkg.com/     https://use.fontawesome.com/     https://use.typekit.net/     https://ut.rd.linksynergy.com/     https://vc.hotjar.io/     https://vjs.zencdn.net/     https://www.google-analytics.com/     https://www.google.com/     https://www.googleadservices.com/     https://www.googletagmanager.com/     https://www.gstatic.com/     https://www.peicoachnetwork.com/     https://www.richdadworld.com/     https://richdadtest.foxycart.com/     https://ajax.googleapis.com/     https://cdn.datatables.net/     https://maxcdn.bootstrapcdn.com/     https://web02.richdadworld.com/     https://www.upsellit.com/; style-src 'self' 'unsafe-inline'     https://cdn.foxycart.com/     https://cdn.joinnow.live/     https://cdn.jsdelivr.net/     https://cdn.knightlab.com/     https://cdnjs.cloudflare.com/     https://experts.richdadworld.com/     https://fonts.googleapis.com/     https://*.hotjar.com/     https://netdna.bootstrapcdn.com/     https://richdadworld.com/     https://richdadtest.foxycart.com/     https://recaptchaenterprise.googleapis.com/     https://use.fontawesome.com/     https://www.peicoachnetwork.com/     https://maxcdn.bootstrapcdn.com/     https://cdn.datatables.net/     https://richdadtest.foxycart.com/     https://fonts.bunny.net/     https://www.richdadworld.com/; img-src 'self' data: blob:     https://api.joinnow.live/     https://assets-jpcust.jwpsrv.com/     https://bat.bing.com/     https://cdn.jwplayer.com/     https://dev.richdadworld.com/     https://*.hotjar.com/     https://experts.richdadworld.com/     https://googleads.g.doubleclick.net/     https://idsync.rlcdn.com/     https://p.typekit.net/     https://pei.activehosted.com/     https://prd.jwpltx.com/     https://richdad.com/     https://richdadworld.com/     https://richdadtest.foxycart.com/     https://recaptchaenterprise.googleapis.com/     https://sealserver.trustkeeper.net/     https://sealserver.trustwave.com/     https://stats.g.doubleclick.net/     https://trackcmp.net/     https://use.fontawesome.com/     https://www.facebook.com/     https://www.google-analytics.com/     https://www.google.com/     https://www.googleadservices.com/     https://www.googletagmanager.com/     https://www.gravatar.com/     https://www.peicoachnetwork.com/     https://cdn.datatables.net/     https://richdadtest.foxycart.com/     https://www.richdadworld.com/; font-src 'self' data:     https://cdn.knightlab.com/     https://fonts.gstatic.com/     https://*.hotjar.com/     https://ka-f.fontawesome.com/     https://netdna.bootstrapcdn.com/     https://recaptchaenterprise.googleapis.com/     https://ssl.p.jwpcdn.com/     https://maxcdn.bootstrapcdn.com/     https://use.typekit.net/     https://fonts.bunny.net/     https://use.fontawesome.com/; media-src 'self' blob:     https://experts.richdadworld.com/     https://joinnow.live/     https://profedu.hs.llnwd.net/     https://richdadworld.com/     https://recaptchaenterprise.googleapis.com/     https://use.fontawesome.com/     https://www.peicoachnetwork.com/     https://richdadtest.foxycart.com/     https://www.richdadworld.com/     https://videos-cloudfront-usp.jwpsrv.com/     https://cdn.jwplayer.com/; connect-src 'self'     https://analytics.google.com/     https://api.joinnow.live/     https://api.thepei.com/     https://api2.thepei.com/     https://apidev.thepei.com/     https://assets-jpcust.jwpsrv.com/     https://bat.bing.com/     https://cdn.jwplayer.com/     https://content.hotjar.io/     https://experts.richdadworld.com/     https://google.com/     https://*.hotjar.com/     https://joinnow.live/     https://richdadtest.foxycart.com/     https://richdadworld.com/     https://ka-f.fontawesome.com/     https://metrics.hotjar.io/     https://o228308.ingest.sentry.io/     https://pagead2.googlesyndication.com/     https://pixels.spotify.com/     https://pei.activehosted.com/     https://prd.jwpltx.com/     https://profedu.hs.llnwd.net/     https://pxy.thepei.com/     https://www.richdadespanol.com/     https://recaptchaenterprise.googleapis.com/     https://sheets-proxy.knightlab.com/     https://ssl.p.jwpcdn.com/     https://stats.g.doubleclick.net/     https://td.doubleclick.net/     https://td.doubleclick.net/     https://thepei.com/     https://track.flexlinkspro.com/     https://us-central1-adaptive-growth.cloudfunctions.net/     https://vc.hotjar.io/     https://videos-cloudfront-usp.jwpsrv.com/     https://vc.hotjar.io/     https://www.google-analytics.com/     https://www.google.com/     https://www.googleadservices.com/     https://www.googleadservices.com/     https://www.peicoachnetwork.com/     wss://ws.hotjar.com/; frame-src 'self'     https://agelessbeautysolutions.com/     https://cfclassic.richdad.com/     https://experts.richdadworld.com/     https://google.com/     https://www.googletagmanager.com/     https://joinnow.live/     https://pei.activehosted.com/     https://richdad.foxycart.com/     https://richdadtest.foxycart.com/     https://richdadworld.com/     https://richdadespanol.com/     https://richdadespanol.foxycart.com/     https://recaptchaenterprise.googleapis.com/     https://tags.rd.linksynergy.com/     https://td.doubleclick.net/     https://vc.hotjar.io/     https://www.facebook.com/     https://www.google.com/     https://www.monthlyshoppingdollars.com/     https://richdadtest.foxycart.com/     https://www.richdadworld.com/     https://www.richdadespanol.com/     https://www.thepeionline.com/     https://cdn.jwplayer.com/     https://www.peicoachnetwork.com/; frame-ancestors 'self'     https://agelessbeautysolutions.com/     https://api.joinnow.live/     https://cfclassic.richdad.com/     https://experts.richdadworld.com/     https://joinnow.live/     https://richdad.foxycart.com/     https://richdadespanol.com/     https://richdadespanol.foxycart.com/     https://recaptchaenterprise.googleapis.com/     https://vc.hotjar.io/     https://richdadtest.foxycart.com/     https://richdadworld.com/     https://www.richdadworld.com/     https://www.carletonsheets.com/     https://www.peicoachnetwork.com/     https://www.thepeionline.com/; worker-src 'self' blob: 1
default-src 'self' https:; img-src * 'self' data: https:; frame-ancestors 'self'; frame-src youtube.com https://www.youtube.com; form-action https://*.babygearlab.com; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline' 1
frame-ancestors 'self' livanova-global-cms-prod-2020.azurewebsites.net; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-N30U5FSFoeIIPHdfZIoOAA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self';  script-src 'self' 'unsafe-eval' 'unsafe-inline' http://localhost:3000 http://localhost:8000 https://*.krohne.com https://api.fraud0.com https://api.livechatinc.com https://api.usercentrics.eu https://app.usercentrics.eu https://cdn.livechatinc.com https://code.etracker.com https://ct.leady.com https://googleads.g.doubleclick.net https://hm.baidu.com https://i.simpli.fi https://ifirmy.cz https://sentry.krohne.com https://snap.licdn.com https://tag.simpli.fi https://www.etracker.de https://www.googletagmanager.com;  style-src 'self' 'unsafe-inline' https://*.krohne.com;  img-src 'self' blob: data: http://localhost:3000 https://*.google.co.uk https://*.google.com https://*.google.de https://*.google.fr https://api.fraud0.com https://app.usercentrics.eu https://cdn-dev-ng.krohne.com https://cdn-stage-ng.krohne.com https://dam.krohne.com https://dam.krohnechina.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://uct.service.usercentrics.eu https://www.googletagmanager.com;  media-src 'self' blob: data: http://localhost:3000 https://*.google.co.uk https://*.google.com https://*.google.de https://*.google.fr https://app.usercentrics.eu https://dam.krohne.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://uct.service.usercentrics.eu https://www.googletagmanager.com;  font-src 'self' data: https://*.krohne.com;  object-src 'none';  base-uri 'self';  form-action 'self';  frame-ancestors 'none';  block-all-mixed-content;  upgrade-insecure-requests;  connect-src 'self' http://localhost:8000 https://*.google.co.uk https://*.google.com https://*.google.de https://*.google.fr https://*.krohne.com https://api.fraud0.com https://api.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://form-dev-ng.krohne.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://region1.google-analytics.com https://www.etracker.de;  frame-src 'self' https://*.krohne.com https://app.usercentrics.eu https://td.doubleclick.net; 1
frame-ancestors 'self' https://learn.spot.io; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://ws.sharethis.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://use.fontawesome.com https://static.ctctcdn.com https://aacdn.nagich.com https://www.google.com https://www.gstatic.com https://t.sharethis.com https://platform-api.sharethis.com https://www.googletagmanager.com https://www.google-analytics.com https://s3-us-west-2.amazonaws.com https://crm.bloomerang.co https://ajax.aspnetcdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://ws.sharethis.com; style-src 'self' https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://cloud.typography.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://static.ctctcdn.com https://ws.sharethis.com; frame-ancestors 'self'; report-uri https://www.americancouncils.org/report-uri/enforce 1
worker-src * blob:; frame-ancestors 'self' https://www.youtube.com https://www.instagram.com https://www.facebook.com https://accounts.google.com https://kritique-widgets-stage.unileversolutions.com https://unilever3.demdex.net https://widget.kritique.io 1
default-src 'self' blob: https://*.withhugo.com:* http://withhugo.com:* https://withhugo.com https://apis.google.com:*; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' blob: *; child-src 'self' blob: *; frame-src 'self' https://widget.trustpilot.com https://player.vimeo.com https://js.stripe.com https://hooks.stripe.com https://accounts.google.com/ https://*.withhugo.com https://*.withhugo.com:* https://withhugo.com data: blob: *; object-src 'self' *; img-src 'self' data: blob: *; media-src 'self' data: blob: *; font-src 'self' data: *; connect-src 'self' *; frame-ancestors 'self' https://*.zendesk.com https://js.stripe.com https://hooks.stripe.com https://accounts.google.com/ https://*.withhugo.com https://*.withhugo.com:* https://withhugo.com; 1
block-all-mixed-content; frame-ancestors 'self' cloudficient.com; default-src cloudficient.com; object-src 'none'; img-src 'self' cloudficient.com https:; media-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cloudficient.com https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' cloudficient.com https:; frame-src 'self' https:; connect-src 'self' cloudficient.com https:; base-uri 'self'; form-action 'self' https:; upgrade-insecure-requests 1
default-src 'self' *.streamlinehq.com *.sleeknote.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' sleeknotecustomerscripts.sleeknote.com sleeknotestaticcontent.sleeknote.com; style-src 'self' https: 'unsafe-inline' data:; img-src 'self' data: blob: *.streamlinehq.com *.cloudinary.com sleeknotestaticcontent.sleeknote.com analytics.sleeknote.com *.google.com *.google-analytics.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://t.co https://analytics.twitter.com https://*.ads.linkedin.com; connect-src 'self' https: wss://nexus-websocket-a.intercom.io cdnjs.cloudflare.com fonts.googleapis.com images.sleeknote.com sleeknotestaticcontent.sleeknote.com sleeknotecustomerscripts.sleeknote.com;font-src 'self' https://fonts.intercomcdn.com fonts.gstatic.com sleeknotestaticcontent.sleeknote.com;frame-src *.streamlinehq.com https://tally.so/ mailchimp.sleeknote.com agillic.sleeknote.com campaign campaignmonitor.sleeknote.com;object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'none';block-all-mixed-content;upgrade-insecure-requests; 1
frame-ancestors 'self' *.lundsandbyerlys.com 1
frame-ancestors https://preview.themeforest.net/; 1
default-src 'none'; frame-ancestors 'none'; script-src 'none'; object-src 'none';  connect-src *.ookla.com *.speedtest.net *.norma4.ks.ua *.speedtestcustom.com 1
default-src 'self' https://stats.g.doubleclick.net *.google.com  *.nabilbank.com www.nabilbank.com siteapi.nabilbank.com siteadmin.nabilbank.com *.googleapis.com *.gstatic.com *.cloudflare.com *.jquery.com *.googletagmanager.com https://code.jquery.com https://cdnjs.cloudflare.com https://gitcdn.github.io  *.google-analytics.com https://connect.facebook.net/ https://web.facebook.com *.facebook.com *.youtube.com *.google.com https://apac-in.app.koopid.ai 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.google.com *.facebook.com www.nabilbank.com *.nabilbank.com siteapi.nabilbank.com siteadmin.nabilbank.com https://connect.facebook.net  https://www.google-analytics.com/ https://www.googletagmanager.com https://code.jquery.com https://cdnjs.cloudflare.com https://gitcdn.github.io *.cloudflare.com *.jquery.com https://www.google.com https://apac-in.app.koopid.ai https://maps.googleapis.com *.gstatic.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' http://10.17.0.51 *.google.com www.nabilbank.com *.nabilbank.com siteapi.nabilbank.com siteadmin.nabilbank.com https://www.youtube.com ; img-src 'self' data: *.google.com img.youtube.com maps.gstatic.com *.googleapis.com *.ggpht https://pictures.beesender.com wss://balance.beesender.com  https://widget.beesender.com maps.googleapis.com https://developers.google.com www.nabilbank.com https://www.google-analytics.com *.nabilbank.com siteapi.nabilbank.com siteadmin.nabilbank.com 1
default-src https: http: wss: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: consent.cookiebot.com consentcdn.cookiebot.com cookiebot.com cdnjs.cloudflare.com www.google-analytics.com connect.facebook.net www.googletagmanager.com www.gstatic.com static.ads-twitter.com a.quora.com quora.com snap.licdn.com s-na1.hs-scripts.com js-na1.hs-scripts.com hs-scripts.com js.hsforms.net hs-scripts.com www.clarity.ms clarity.ms js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net js.hsadspixel.net js.hubspot.com googleads.g.doubleclick.net bizzabo.com organizer.bizzabo.com events.bizzabo.com wp.com stats.wp.com www.google.com cdn.userway.org; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com yoast.com; media-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; 1
default-src 'self'; script-src 'report-sample' 'self' https://hu.us4.list-manage.com/ https://player.vimeo.com/api/player.js https://*.googleadservices.com https://*.google.com https://va.vercel-scripts.com/v1/script.debug.js https://va.vercel-scripts.com/v1/speed-insights/script.debug.js https://www.youtube.com/iframe_api https://vercel.live/ https://vercel.com 'unsafe-inline' https://*.googleadservices.com https://*.google.com https://connect.facebook.net https://*.googletagmanager.com https://*.g.doubleclick.net https://*.tiktok.com https://static.ads-twitter.com https://*.t.hyros.com https://*.licdn.com https://*.linkedin.com https://*.yobi.ai https://sc-static.net https://*.snapchat.com https://*.klaviyo.com; base-uri 'self'; style-src 'report-sample' 'self' 'unsafe-inline'; img-src 'self' data: blob: https://cdn.shopify.com https://images.prismic.io https://i.vimeocdn.com/ https://vercel.live/ https://vercel.com https://sockjs-mt1.pusher.com/ https://*.google.com https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.facebook.com https://*.tiktok.com https://static.ads-twitter.com https://t.co https://analytics.twitter.com https://*.licdn.com https://*.linkedin.com https://*.yobi.ai https://sc-static.net https://tags.w55c.net https://*.klaviyo.com; connect-src 'self' https://dev-checkout.humane.com https://carry-checkout.humane.com https://checkout.humane.com https://rum.browser-intake-datadoghq.com https://logs.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://vitals.vercel-insights.com https://webapi.dev.humane.cloud https://webapi.carry.humane.cloud https://webapi.prod.humane.cloud https://vimeo.com https://auth.humane.center https://auth.dev.humane.center https://vercel.live/ https://vercel.com https://sockjs-mt1.pusher.com/ https://sockjs-us3.pusher.com wss://ws-mt1.pusher.com/ wss://ws-us3.pusher.com https://region1.analytics.google.com https://analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://analytics.tiktok.com https://analytics.pangle-ads.com https://*.t.hyros.com https://*.licdn.com https://*.linkedin.com https://*.yobi.ai https://sc-static.net https://support.humane.com https://*.snapchat.com https://*.google.com https://*.klaviyo.com; manifest-src 'self'; font-src 'self' https://assets.vercel.com; frame-src 'self' https://auth.humane.center https://auth.dev.humane.center https://auth.carry.humane.center https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com/ bid.g.doubleclick.net https://td.doubleclick.net/ https://vercel.live/ https://vercel.com https://*.snapchat.com https://*.klaviyo.com; media-src 'self' https://humane-content.cdn.prismic.io https://prismic-io.s3.amazonaws.com/humane-content/ https://player.vimeo.com https://*.akamaized.net; object-src 'none'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub1c4ce6290da09358707613fe74943eb5&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env%3Aprod; worker-src blob:; frame-ancestors 'self' https://auth.dev.humane.center/ https://auth.carry.humane.center/ https://auth.humane.center/; form-action 'self'; 1
worker-src 'self' blob:;img-src 'self' * data:;script-src 'self' * 'unsafe-eval' storage.googleapis.com googletagmanager.com 'unsafe-inline' *.facebook.net *.facebook.com *.google-analytics.com applepay.cdn-apple.com *.googletagmanager.com x.klarnacdn.net *.klarna.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com cookiebot.com *.cookiebot.com blob:;connect-src 'unsafe-eval' 'unsafe-inline' 'self' google.com *.google.com google.co.uk api.addressy.com *.facebook.net *.facebook.com *.googletagmanager.com googletagmanager.com *.google-analytics.com storage.googleapis.com api.yotpo.com api-cdn.yotpo.com *.klarnaevt.com x.klarnacdn.net *.klarna.com *.api.commercecloud.salesforce.com *.collect.igodigital.com *.criteo.com api.cquotient.com *.doubleclick.net wisepops.net *.wisepops.net wisepops.com *.wisepops.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com cookiebot.com *.cookiebot.com https://sfcc.predatornutrition.com sfcc.predatornutrition.com clarity.ms *.clarity.ms googlesyndication.com *.googlesyndication.com tiktok.com *.tiktok.com;default-src 'unsafe-eval' 'unsafe-inline' 'self' api.addressy.com *.facebook.net *.facebook.com googletagmanager.com *.google-analytics.com storage.googleapis.com *.googletagmanager.com wisepops.net *.wisepops.net wisepops.com *.wisepops.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com cookiebot.com *.cookiebot.com;media-src *;script-src-attr 'unsafe-inline' x.klarnacdn.net x.klarnacdn.net *.klarna.com wisepops.net *.wisepops.net wisepops.com *.wisepops.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com;frame-src 'self' *;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' https:; frame-ancestors 'none' ; script-src 'self' 'unsafe-inline' https: blob:; media-src 'self' blob: 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 1
default-src 'self' 'unsafe-inline' https://*.bing.com https://*.clarity.ms https://www.freshbots.ai https://yoast.com https://stats.g.doubleclick.net https://www.google-analytics.com; img-src 'self' 'unsafe-inline' https://px.ads.linkedin.com https://*.google.co.in https://app.vwo.com https://*.visualwebsiteoptimizer.com https://ade.googlesyndication.com https://sgtm.afrotc.com https://*.googletagmanager.com https://www.afrotc.com https://server-side-tagging-mxbkojm3ka-uc.a.run.app https://i.ytimg.com https://cdn.cookielaw.org https://*.privacysandbox.googleadservices.com https://*.snapchat.com https://www.google-analytics.com https://ps.w.org https://*.google-analytics.com/ https://*.doubleclick.net https://www.google.com https://ssl.gstatic.com https://*.gstatic.com https://*.googleapis.com https://bat.bing.com https://www.facebook.com https://secure.gravatar.com data:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://*.snapchat.com https://snap.licdn.com https://bat.bing.com https://sc-static.net https://connect.facebook.net https://maps.googleapis.com https://cdn.cookielaw.org https://www.google-analytics.com https://pagead2.googlesyndication.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://www.youtube.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.vwo.com https://*.googlesyndication.com https://*.snapchat.com https://cdn.cookielaw.org https://*.clarity.ms https://www.google.com https://connect.facebook.net https://sc-static.net https://bat.bing.com https://www.googleadservices.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.freshbots.ai https://cdn.announcekit.app https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://tagmanager.google.com https://www.googletagmanager.com https://*.googleapis.com https://www.youtube.com https://sgtm.afrotc.com https://server-side-tagging-mxbkojm3ka-uc.a.run.app; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cloud.typography.com https://*.googleapis.com https://pro.fontawesome.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://sgtm.afrotc.com https://server-side-tagging-mxbkojm3ka-uc.a.run.app https://*.visualwebsiteoptimizer.com https://app.vwo.com; font-src 'self' 'unsafe-inline' https://pro.fontawesome.com https://*.gstatic.com data:; frame-src 'self' https://*.visualwebsiteoptimizer.com https://app.vwo.com https://usaf.sites.crmforce.mil https://*.snapchat.com https://www.youtube.com https://*.doubleclick.net https://www.facebook.com; object-src 'self'; connect-src 'self' 'unsafe-inline' https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://pagead2.googlesyndication.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://usaf--afuat.sandbox.sites.crmforce.mil https://usaf--afuat.sandbox.my.salesforce.mil https://usaf.my.salesforce.mil https://*.salesforce.mil https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.clarity.ms https://*.snapchat.com https://maps.googleapis.com https://www.facebook.com https://*.doubleclick.net https://ssl.google-analytics.com https://www.google-analytics.com https://*.google-analytics.com https://bat.bing.com https://sc-static.net https://d3hb14vkzrxvla.cloudfront.net https://tagmanager.google.com https://www.googletagmanager.com https://sgtm.afrotc.com https://sgtm.airforce.com https://server-side-tagging-mxbkojm3ka-uc.a.run.app; worker-src 'self' blob:; 1
default-src 'self' *.google.com *.gstatic.com *.bidtracer.com *.bidtracer.net *.google-analytics.com *.googleapis.com 127.0.0.1:* *.scanalert.com  *.johnsoncontrols.com *.kele.com *.alpscontrols.com  *.workaci.com *.carriercms.com *.shareddocs.com; frame-src 'self' data: *.smartsheet.com *.matterport.com forms.hubspot.com *.google.com *.gstatic.com *.bidtracer.com *.bidtracer.net *.google-analytics.com *.googleapis.com 127.0.0.1:* *.scanalert.com  *.johnsoncontrols.com *.kele.com *.alpscontrols.com *.workaci.com; img-src 'self' blob: data: *.salsify.com *.siemens.com *.senvainc.com *.hubspotusercontent-na1.net share.hsforms.com  *.openstreetmap.org *.livehelpnow.net *.ferguson.com *.google.com *.gstatic.com *.bidtracer.com *.bidtracer.net *.google-analytics.com *.googleapis.com 127.0.0.1:* *.scanalert.com *.hubspot.com *.hubspot.net *.amazonaws.com *.johnsoncontrols.com *.kele.com *.belimo.com *.alpscontrols.com *.workaci.com *.automatedlogic.com *.bapihvac.com *.aic-wireless.com *.dwyer-inst.com *.kmccontrols.com *.alerton.com *.honeywell.com *.kele.com *.functionaldevices.com *.veris.com *.belimo.us *.inteccontrols.com *.cloudfront.net *.fullcontact.com *.carriercms.com *.epartsservices.com *.abb.com;script-src 'self' *.trustedsite.com cdn.ywxi.net cdn.polyfill.io *.livehelpnow.net *.hs-banner.com *.cloudfront.net *.hsadspixel.net *.cloudflare.com *.draw.io *.hsleadflows.net *.google.com *.gstatic.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.bidtracer.com *.bidtracer.net *.google-analytics.com *.googleapis.com *.hs-analytics.net *.usemessages.com forms.hubspot.com *.hs-scripts.com *.hsleadflows.net 127.0.0.1:* *.scanalert.com  *.johnsoncontrols.com *.kele.com *.alpscontrols.com *.workaci.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline' *.livehelpnow.net *.cloudflare.com *.googleapis.com; connect-src 'self' *.amazonaws.com wss://app.livehelpnow.net *.livehelpnow.net *.hsforms.com *.webflow.com *.hubapi.com *.draw.io *.pdftron.com *.webflow.com *.google.com *.gstatic.com *.bidtracer.com *.bidtracer.net *.google-analytics.com *.googleapis.com 127.0.0.1:* *.scanalert.com *.hubspot.com *.johnsoncontrols.com *.kele.com *.alpscontrols.com *.workaci.com; font-src 'self' data: 'unsafe-inline' *.cloudflare.com *.livehelpnow.net *.gstatic.com *.googleapis.com; worker-src 'self' blob:; 1
upgrade-insecure-requests; block-all-mixed-content; default-src 'self' 'unsafe-inline' 'unsafe-eval' img.youtube.com *.insight.sitefinity.com go.adspipe.ca cdn.jsdelivr.net *.edgepilot.com *.onelink-edge.com *.reddit.com *.ipredictive.com data: blob: search.adspipe.com.pagescdn.com *.yext.com adspipe.tfaforms.net assets.ads-pipe.com assets.adspipe.com assets.sitescdn.net *.cmp.osano.com cmp.osano.com adswww.azureedge.net go.adspipe.com ndn.statistinamics.com *.facebook.com *.livechatinc.com *.juicer.io *.googleapis.com *.googleadservices.com *.gstatic.com *.googletagmanager.com *.google.com *.evgnet.com *.evergage.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com *.doubleclick.net https://www.youtube.com/iframe_api https://www.youtube.com/ platform.twitter.com *.googleadservices.com https://snap.licdn.com https://syndication.twitter.com/ *.ytimg.com https://publish.twitter.com *.twimg.com *.linkedin.com http://platform.stumbleupon.com/1/widgets.js ucv.bynder.com cdn.adspipe.com adspipeca.mpeasylink.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org use.typekit.net kit.fontawesome.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.sharethis.com *.kbmax.com *.pardot.com *.ads-pipe.com *.qualtrics.com *.bing.com netdna.bootstrapcdn.com kendo.cdn.telerik.com https://dec.azureedge.net *.twimg.com use.typekit.net p.typekit.net kit-free.fontawesome.com https://p.adsymptotic.com platform.tumblr.com *.facebook.com https://delicious.com www.redditstatic.com https://syndication.twitter.com https://static.licdn.com *.cloudfront.net https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com *.eloqua.com track.hubspot.com p.typekit.net *.ads-pipe.com *.nyloplast-us.com https://assets.sitescdn.net/answers-search-bar analytics.convertlanguage.com *.fontawesome.com fr-ca.adspipe.ca; child-src 'self' *.ipredictive.com blob: search.adspipe.com.pagescdn.com *.ads-pipe.com *.adspipe.com adspipe.tfaforms.net *.juicer.io *.doubleclick.net https://platform.twitter.com/ https://info.nyloplast-us.com *.sharethis.com *.livechatinc.com https://platform.twitter.com/ https://*.google.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com *.facebook.com badge.stumbleupon.com *.hotjar.io https://c.sharethis.mgr.consensu.org *.kbmax.com *.qualtrics.com *.juicer.io adspipeca.mpeasylink.com; connect-src 'self' blob: pixel-config.reddit.com *.insight.sitefinity.com www.redditstatic.com/ https://conversions-config.reddit.com/ *.googlesyndication.com *.onelink-edge.com *.linkedin.oribi.io bcp.crwdcntrl.net/6/map *.facebook.com *.evergage.com *.evgnet.com *.qualtrics.com *.livechatinc.com accounts.google.com https://maps.googleapis.com https://*.dec.sitefinity.com *.mktoresp.com *.hotjar.io performance.typekit.net wss://ws.hotjar.com https://*.hotjar.com vc.hotjar.io wss://*.hotjar.io *.fontawesome.com https://www.google-analytics.com *.doubleclick.net *.google-analytics.com analytics.google.com answers.yext-pixel.com *.yext.com *.api.osano.com *.sharethis.com *.kbmax.com *.ads-pipe.com *.dec.sitefinity.com *.nyloplast-us.com *.bing.com www.google.com google.com *.linkedin.com; object-src none; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com *.vimeocdn.com  *.evergage.com https://cdn.evgnet.com https://*.qualtrics.com https://unpkg.com https://healthbenefitinsight.com https://cdn.insight.sitefinity.com https://dec.azureedge.net/ http://customer.cludo.com/ http://siteimproveanalytics.com/ https://bookeo.com/ https://bat.bing.com/ https://up.pixel.ad/ https://hub.arkansasbluecross.com/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://*.tvsquared.com https://*.us.tvsquared.com https://*.doubleclick.net *.pixel.ad *.sitescout.com *.dstillery.com *.facebook.com *.adnxs.com/ https://*.dynatrace-managed.com https://action.media6degrees.com/ https://pixel-sync.sitescout.com/ https://*.google.com/ https://ib.adnxs.com/ https://d.turn.com/ https://match.adsrvr.org/ https://dt-secure.videohub.tv/ https://dpm.demdex.net/ https://ce.lijit.com/ https://us-u.openx.net/ 'unsafe-inline' 'unsafe-eval' *.vimeo.com https://collector-26040.us.tvsquared.com https://players.yumpu.com/ https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api web-chat.nativechat.com; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' use.typekit.net https://hub.arkansasbluecross.com https://*.tvsquared.com https://*.us.tvsquared.com https://*.doubleclick.net *.pixel.ad *.sitescout.com *.adnxs.com/ *.typekit.net https://*.qualtrics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://collector-26040.us.tvsquared.com web-chat.nativechat.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.ib-ibi.com *.myspace.com https://www.arkansasbluecross.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com track.hubspot.com https://*.cludo.com https://*.vindicosuite.com https://bat.bing.com/ *.pixel.ad *.dstillery.com *.us.tvsquared.com *.vindicosuite.com *.ipredictive.com *.sitescout.com *.facebook.com *.adnxs.com/ https://pixel-sync.sitescout.com/ https://*.google.com/ https://d.turn.com/ https://match.adsrvr.org/ https://dt-secure.videohub.tv/ https://dpm.demdex.net/ https://ce.lijit.com/ https://us-u.openx.net/ https://*.qualtrics.com *.zales.com *.addthis.com *.krxd.net *.rlcdn.com *.doubleclick.net *.google-analytics.com *.eloqua.com https://*.global.siteimproveanalytics.io *.tvsquared.com https://cdn.insight.sitefinity.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: use.typekit.net https://*.qualtrics.com *.typekit.net; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.google.com/ https://*.bookeo.com/ https://*.doubleclick.net https://*.fls.doubleclick.net/ https://hub.arkansasbluecross.com/ https://www.yumpu.com/ https://*.dentaltotalhealth.com/ https://*.vimeo.com/ https://*.vimeocdn.com  web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com *.evergage.com https://*.qualtrics.com https://hub.arkansasbluecross.com https://stats.g.doubleclick.net/ *.mktoresp.com *.dstillery.com *.vindicosuite.com *.ipredictive.com *.sitescout.com *.facebook.com *.dynatrace-managed.com *.vimeo.com/ *.vimeocdn.com  *.google.com/ *.turn.com/ *.adsrvr.org/ *.videohub.tv/ *.demdex.net/ *.lijit.com/ *.openx.net/ https://healthbenefitinsight.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://*.cludo.com *.pixel.ad *.tvsquared.com *.us.tvsquared.com; media-src 'self' data: blob: *.arkansasbluecross.com arkansasbluecross.com https://*.vimeo.com/ https://*.vimeocdn.com ; child-src 'self' https://*.vimeo.com/ https://*.vimeocdn.com  https://w.soundcloud.com/ https://*.dentaltotalhealth.com/ https://hub.arkansasbluecross.com/ https://*.bookeo.com/ https://*.fls.doubleclick.net/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://*.tvsquared.com https://collector-26040.us.tvsquared.com https://*.us.tvsquared.com https://*.doubleclick.net *.pixel.ad *.sitescout.com *.facebook.com *.google.com https://*.qualtrics.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com www.yumpu.com web-chat.nativechat.com 1
default-src 'self' *.harmonicsecurity.app; img-src 'self' data: *.harmonicsecurity.app; script-src 'self' *.harmonicsecurity.app; style-src 'self' 'unsafe-inline' *.harmonicsecurity.app 1
base-uri 'none'; font-src 'self' blob: data: https://assets.vercel.com https://vercel.live/ *.abtasty.com *.gstatic.com *.googleapis.com; form-action 'self'; frame-ancestors 'self' localhost:* https://mkt-website-studio.tgtg.ninja/; img-src 'self' data: blob: https://vercel.com https://vercel.live/ https://sockjs-mt1.pusher.com/ https://cdn.sanity.io https://images.tgtg.ninja https://i.vimeocdn.com https://apptoogoodtogo.com https://dashboard.feedbucket.app https://www.googletagmanager.com https://*.ytimg.com https://*.googletagmanager.com https://*.abtasty.com https://*.hotjar.com https://*.bing.com https://bat.bing.com https://*.doubleclick.net https://*.linkedin.com https://*.facebook.com https://*.google.com https://*.amazonaws.com https://*.google.es; object-src 'none'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; script-src 'strict-dynamic' 'nonce-bpvG8Z8Xd3QG0hi33ZL2ZQ==' 'self' https: 'unsafe-inline'; upgrade-insecure-requests; frame-src 'self' https://vercel.com https://vercel.live/ https://player.vimeo.com www.youtube.com policy.app.cookieinformation.com *.hotjar.com https://*.doubleclick.net; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org web-static.archive.org wayback-api.archive.org analytics.archive.org pragma.archivelab.org 1
default-src 'self' https://8gvyw6q6yj.execute-api.eu-west-1.amazonaws.com https://argentwebsite.prismic.io argentwebsite.cdn.prismic.io images.prismic.io platform.twitter.com syndication.twitter.com twitter.com https://optimize.google.com https://script.google.com https://script.googleusercontent.com https://api.compound.finance/api/v2/ctoken https://www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' www.googletagmanager.com www.google-analytics.com syndication.twitter.com platform.twitter.com *.twimg.com https://optimize.google.com https://snap.licdn.com 'unsafe-inline'; style-src 'self' platform.twitter.com https://optimize.google.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com 'unsafe-inline'; img-src 'self' https://px.ads.linkedin.com https://dv3jj1unlp2jl.cloudfront.net api.producthunt.com images.prismic.io argentwebsite.cdn.prismic.io prismic-io.s3.amazonaws.com stats.g.doubleclick.net syndication.twitter.com *.twimg.com platform.twitter.com https://www.google.co.uk https://www.google.com https://fonts.gstatic.com data: www.google-analytics.com https://twitter.com 'self'; font-src 'self' https://fonts.gstatic.com data: 'self'; frame-src https://dune.xyz https://www.youtube.com https://optimize.google.com https://platform.twitter.com https://twitter.com https://syndication.twitter.com https://duneanalytics.com https://embed.theblockcrypto.com; frame-ancestors 'self' 1
connect-src 'self' https: *.hypd.co wss://*.hotjar.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' nonce-3c3f5624-0410-4562-aaea-cbf8186db7d7 http://www.google-analytics.com https://az416426.vo.msecnd.net https://cdnjs.cloudflare.com https://code.ionicframework.com https://code.jquery.com https://connect.facebook.net https://d3op16id4dloxg.cloudfront.net https://fonts.googleapis.com https://gitcdn.github.io https://googleads.g.doubleclick.net https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://qnabot.com https://surveyjs.azureedge.net https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://ssl.google-analytics.com https://connect.facebook.net https://maps.googleapis.com https://api.flickr.com https://rvid.imperium.com http://rvid.imperium.com https://www.google.com https://ajax.googleapis.com https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://bam.nr-data.net https://pixel.mathtag.com https://analytics.tiktok.com https://static.ads-twitter.com https://js.go2sdk.com/v2/tune.js http://pixel.mathtag.com/event/js;style-src 'self' 'unsafe-inline' https://az416426.vo.msecnd.net https://cdnjs.cloudflare.com https://code.ionicframework.com https://code.jquery.com https://connect.facebook.net https://d3op16id4dloxg.cloudfront.net https://fonts.googleapis.com https://gitcdn.github.io https://googleads.g.doubleclick.net https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://qnabot.com https://surveyjs.azureedge.net https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google.com;img-src 'self' data: https://images.pexels.com https://www.facebook.com https://www.google.co.in https://www.google.co.au https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://qnabot.com http://www.google-analytics.com https://farm9.static.flickr.com https://farm8.static.flickr.com https://stgadmin.panel-cube.com https://admin.panel-cube.com https://d30s7yzk2az89n.cloudfront.net https://www.google.com.au http://sandbox.giftpay.com https://googleads.g.doubleclick.net https://netdna.bootstrapcdn.com https://pcqa.blob.core.windows.net https://pcstatic.blob.core.windows.net https://panel-cube.com https://www.virtualrewardcenter.com https://bgsurveys.go2cloud.org https://ssl.google-analytics.com https://pixel.mathtag.com https://designstoreage.blob.core.windows.net https://www.google.com;font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.ionicframework.com;frame-src 'self' http://qnabot.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://www.youtube.com https://portal.qnabot.com https://web.facebook.com https://www.facebook.com https://www.google.com https://magic.veriff.me https://pixel.mathtag.com https://tracking.gopsjump.com.au https://www.samplicio.us;frame-ancestors 'self' https://web.facebook.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://translate.googleapis.com https://translate.google.com www.google-analytics.com www.googletagmanager.com https://js.arcgis.com;child-src blob: 1
script-src 'nonce-4fb884a8f9fc07b73c0b5c1903aa031e' 'report-sample' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'; frame-ancestors 'self' ; object-src 'none'; base-uri 'self'; report-uri https://www.melectronics.ch/jsapi/v1/de/log/csp 1
frame-src https://www.youtube-nocookie.com https://*.google.com 1
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; 1
frame-ancestors 'self' https://www.sierrarosealpacas.com/ 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-EqgjmpCODFnwLR5aVcxrXQ==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src 'none'; font-src 'self' data: obcan.justice.sk; script-src 'self' 'unsafe-inline' 'unsafe-eval' obcan.justice.sk; connect-src 'self' api.justice.gov.sk obchodnyvestnik.justice.gov.sk obcan.justice.sk; img-src 'self' data: a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org obcan.justice.sk; style-src 'self' 'unsafe-inline' obcan.justice.sk; base-uri 'self'; form-action 'self'; frame-src www.openstreetmap.org 1
frame-ancestors 'self' https://*.zoocasa.com; 1
frame-ancestors 'self' https://*.myshopify.com https://appery.io 1
base-uri 'self'; default-src https: 'unsafe-inline' wss://ws.hotjar.com/api/v2/client/ws; font-src 'self'  data: https:; form-action 'self'; frame-src 'self' *.doubleclick.net https://apps.sae1.pure.cloud *.dynamics.com https://www.youtube.com/ https://maps.googleapis.com/ https://bam.nr-data.net/ https://d335luupugsy2.cloudfront.net/js/; frame-ancestors 'self'; img-src 'self' https://secure.gravatar.com https://www.google-analytics.com *.google.com.br *.doubleclick.net *.dynamics.com https://cdn.cookielaw.org *.ads.linkedin.com https://www.facebook.com https://i.ytimg.com/ https://maps.gstatic.com https://bam.nr-data.net/ https://bam.nr-data.net/ https://maps.googleapis.com/ https://dk9suync0k2va.cloudfront.net/js/ https://cdnjs.cloudflare.com/ajax/ data:; object-src 'none'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.cookielaw.org https://unpkg.com https://code.jquery.com *.azureedge.net https://apps.sae1.pure.cloud *.hotjar.com https://cdn.mouseflow.com https://analytics.tiktok.com https://snap.licdn.com https://connect.facebook.net https://www.youtube.com/ https://cdn.jsdelivr.net/ https://maps.googleapis.com/ https://maps.gstatic.com https://bam.nr-data.net/ https://bam.nr-data.net/ https://d335luupugsy2.cloudfront.net/js/ https://cdnjs.cloudflare.com/ajax/ https://dk9suync0k2va.cloudfront.net/js/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google-analytics.com https://cdn.jsdelivr.net/npm/swiper@9/swiper-bundle.min.css https://maps.gstatic.com https://bam.nr-data.net/ https://maps.googleapis.com/ https://cdnjs.cloudflare.com/ajax/ https://dk9suync0k2va.cloudfront.net/js/; worker-src 'self' blob:; upgrade-insecure-requests 1
default-src 'self' https://*.shoppersvoice.com/ https://*.lavoixdelacheteur.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.shoppersvoice.com/ https://*.lavoixdelacheteur.com/ https://static.apester.com/ https://www.gstatic.com/  https://www.google-analytics.com/ https://www.googleadservices.com/  https://googleads.g.doubleclick.net/ https://www.google.com/ https://www.googleapis.com/ https://seal.entrust.net/ ; style-src 'self' 'unsafe-inline' https://*.shoppersvoice.com/ https://*.lavoixdelacheteur.com/ https://fonts.googleapis.com/ https://fast.fonts.net/ https://*.cloudfront.net; img-src 'self' data: https://*.shoppersvoice.com/ https://*.lavoixdelacheteur.com/ https://www.google.com/ https://secure.gravatar.com/ https://wpsitesync.com/ https://s.w.org/ https://ps.w.org/ https://seal.entrust.net/; connect-src 'self' https://*.shoppersvoice.com/ https://*.lavoixdelacheteur.com/ https://www.google-analytics.com/ https://events.apester.com/ https://stats.g.doubleclick.net/; font-src 'self' data: https://*.shoppersvoice.com/ https://*.lavoixdelacheteur.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://*.cloudfront.net; frame-src 'self' https://*.shoppersvoice.com/ https://*.lavoixdelacheteur.com/ https://www.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://vimeo.com/ 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.voicespin.com *.www.voicespin.com *.salesforce.com *.force.com *.zendesk.com *.monday.com *.canary.lwc.dev *.visualforce.com *.voicespin.info *.google-analytics.com *.snap.licdn.com *.maxcdn.bootstrapcdn.com *.fonts.gstatic.com *.partnerstack.com *.hotjar.com *.licdn.com *.facebook.net *.capterra.com *.hs-scripts.com *.tiktok.com wss://*.hotjar.com *.hotjar.io *.hotjar.com *.google.com *.google.com.ua *.google.de *.linkedin.com *.facebook.com *.connect.facebook.net *.js-eu1.hs-scripts.com *.analytics.tiktok.com *.region1.google-analytics.com *.region1.analytics.google.com *.googletagmanager.com *.js.partnerstack.com *.hs-analytics.net *.usemessages.com *.hscollectedforms.net *.hs-banner.com *.hsadspixel.net *.partnerlinks.io *.hubspotpagebuilder.eu *.hs-sites-eu1.com *.hubspot.com *.hsforms.com *.track-eu1.hubspot.com *.api-eu1.hubapi.com *.hubapi.com *.forms-eu1.hscollectedforms.net *.googleapis.com *.gstatic.com *.doubleclick.net cdnjs.cloudflare.com *.bootstrapcdn.com grsm.io partnerlinks.io www.google.am secure.gravatar.com px.ads.linkedin.com js.partnerstack.com js-eu1.hsforms.net wss://*.voicespin.com:7777 ps.w.org js.partnerstack.com/v1 partnerlinks.io grsm.io *.googleadservices.com *.mixpanel.com www.youtube.com i.ytimg.com cdn.mxpnl.com data: *.google-analytics.com; frame-ancestors 'self'; form-action 'self'; base-uri 'self' 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: blob:; object-src 'none'; script-src https: 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 1
default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://*.nuance.com https://*.wf.com https://*.google.com; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://www.facebook.com https://cx.atdmt.com https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://*.mworld.com https://*.postrelease.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://*.advanced-web-analytics.com https://iframe.arkoselabs.com https://*.doubleclick.net; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nuance.com; script-src 'nonce-e2469e48-b30c-4a7b-b7e5-0f40782dd4ab' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.nuance.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org privacyportal.onetrust.com geolocation.onetrust.com https://pm.geniusmonkey.com https://cdn.jsdelivr.net https://www.gstatic.com www.google-analytics.com www.google.com www.googletagmanager.com tagmanager.google.com https://ajax.googleapis.com www.googleadservices.com googleads.g.doubleclick.net vjs.zencdn.net connect.facebook.net https://dnn506yrbagrg.cloudfront.net https://pm.geniusmonkey.com https://t.ztsrv.com https://cdn.ztsrv.com https://www.votervoice.net https://platform.twitter.com https://cdn.syndication.twimg.com https://s3.amazonaws.com https://ncsbn.us2.list-manage.com https://snap.licdn.com player.video.wowza.com cdn3.wowza.com https://cdn.flowplayer.com embed.flowplayer.com ; media-src 'self' blob: https://dev.ncsbn.org https://test.ncsbn.org https://ncsbn.org ncsbnmediaservices01str.blob.core.windows.net https://ncsbnmediaservices01-usct.streaming.media.azure.net https://prod-railsapp.s3.amazonaws.com https://cdn3.wowza.com; img-src 'self' https://www.google-analytics.com/ https://www.google.com/ https://pm.geniusmonkey.com https://px.ads.linkedin.com *.google.com  *.facebook.com *.adsrvr.org data: https://prod-railsapp.s3.amazonaws.com; style-src 'self' 'unsafe-inline' *.mailchimp.com https://cdn.jsdelivr.net tagmanager.google.com vjs.zencdn.net fonts.googleapis.com ajax.googleapis.com https://cdn.flowplayer.com; connect-src 'self' https://px.ads.linkedin.com https://pmi.flowplayer.com/in https://cdn3.wowza.com https://stats.g.doubleclick.net www.google-analytics.com ncsbnmediaservices01str.blob.core.windows.net https://ncsbnmediaservices01-usct.streaming.media.azure.net https://cdn.linkedin.oribi.io https://ihi.flowplayer.com https://ljsp.lwcdn.com ptm.flowplayer.com wss://player.ws.flowplayer.com; 1
frame-ancestors 'self' pmt.honeywell.com ppe.sps.honeywell.com automation.honeywell.com process.honeywell.com; 1
default-src 'self' 'unsafe-inline' https: data: blob: 'unsafe-eval'; connect-src *; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com/ http://www.google.com/ https://www.google.com/ https://test-gpc-1.sg.va.sabio.cloud/ *.singpass.gov.sg *.facebook.net *.zdassets.com *.zopim.com *.ecitizen.gov.sg www.google-analytics.com www.googletagmanager.com maps.googleapis.com https://console-flex-api.ap.sabio.cloud webchat.vica.gov.sg;script-src-elem  'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com/ http://www.google.com/ https://www.google.com/ https://test-gpc-1.sg.va.sabio.cloud/ *.singpass.gov.sg *.facebook.net *.zdassets.com *.zopim.com *.ecitizen.gov.sg www.google-analytics.com www.googletagmanager.com maps.googleapis.com https://console-flex-api.ap.sabio.cloud webchat.vica.gov.sg;object-src 'none';font-src 'self' data: *.ecitizen.gov.sg *.amazonaws.com *.zopim.com *.singpass.gov.sg *.googleapis.com *.gstatic.com;img-src * data: https://console-flex-api.ap.sabio.cloud webchat.vica.gov.sg;frame-src *;style-src 'self' 'unsafe-inline' data: *.zdassets.com https://test-gpc-1.sg.va.sabio.cloud/ *.singpass.gov.sg *.ecitizen.gov.sg *.googleapis.com *.gstatic.com https://console-flex-api.ap.sabio.cloud webchat.vica.gov.sg;connect-src * https://console-flex-api.ap.sabio.cloud webchat.vica.gov.sg 1
frame-ancestors https://*.woman.at https://*.vgn.at; upgrade-insecure-requests; block-all-mixed-content 1
frame-ancestors 'self' http://awards.ratingruneta.ru https://awards.ratingruneta.ru 1
frame-ancestors https://www.lynn.edu https://www.pinetreecamp.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bicomsystems.com/ data: ; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self'; connect-src 'self' https://www.bicomsystems.com/ wss: 1
default-src 'self' 'nonce-85a3c0f3-9893-4c7d-9f2b-67cf91f34efe';script-src 'unsafe-inline' 'nonce-85a3c0f3-9893-4c7d-9f2b-67cf91f34efe' 'strict-dynamic' 'unsafe-eval' 'self' www.google.com/recaptcha/ maps.googleapis.com/maps/api/js pay.google.com/gp/p/js/pay.js pay.google.com/ js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net https://web.pypestream.com;img-src 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com www.google-analytics.com www.gstatic.com;base-uri 'self';object-src 'none';upgrade-insecure-requests;frame-src 'self' 'nonce-85a3c0f3-9893-4c7d-9f2b-67cf91f34efe' www.google.com/recaptcha/ www.youtube.com/embed/ pay.google.com/ https://web.pypestream.com blob: www.google.com/maps/;frame-ancestors;connect-src www.google-analytics.com maps.googleapis.com/maps/api/ maps.googleapis.com/maps-api-v3/api/ maps.googleapis.com/$rpc/ bam.nr-data.net bam-cell.nr-data.net 'self' *.launchdarkly.com *.pypestream.com *.pype.tech fontawesome.com 'nonce-85a3c0f3-9893-4c7d-9f2b-67cf91f34efe' ws://omny.info/ google.com/pay pay.google.com/about pay.google.com/gp/p/;style-src 'self' 'unsafe-inline' fonts.googleapis.com/css;font-src data: fonts.gstatic.com/ fontawesome.com;form-action 'self';script-src-attr 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: *.healthalliance.org healthalliance.org *.hally.com hally.com cdnjs.cloudflare.com *.sitesearch360.com *.googleapis.com *.typekit.net *.cloudfront.net cdn.icomoon.io *.gstatic.com healthalliance.knowledgeowl.com connect.facebook.net *.userback.io *.vo.msecnd.net www.googletagmanager.com *.google.com *.g.doubleclick.net *.doubleclick.net script.crazyegg.com www.google-analytics.com bat.bing.com snap.licdn.com static.ads-twitter.com dc.services.visualstudio.com t.co analytics.twitter.com pagead2.googlesyndication.com cdn.linkedin.oribi.io *.ads.linkedin.com askshirley.org *.formstack.com www.youtube.com s.yimg.com sp.analytics.yahoo.com player.vimeo.com f.vimeocdn.com web.powerva.microsoft.com healthalliance.tfaforms.net *.environment.api.powerplatform.com *.botframework.com *.force.com *.my.salesforce.com *.salesforceliveagent.com *.my.site.com *.my.salesforce-sites.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://widget.trustpilot.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com; img-src 'self' data: laposta.nl www.laposta.nl laposta.org www.laposta.org; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.google-analytics.com; frame-src 'self' https://widget.trustpilot.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' data: *.topachat.com *.groupe-ldlc.com *.affilae.com www.recaptcha.net www.gstatic.com wss:;img-src 'self' blob: *.topachat.com i.ytimg.com data:;frame-ancestors 'self'; 1
frame-ancestors 'self' *.service.vic.gov.au service.vic.gov.au 1
frame-ancestors tgs.aero 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com https://tvwh62.grueneerde.com app.usercentrics.eu https://*.adform.net https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://bat.bing.com/ *.publitas.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://scripts.publitas.com hello.myfonts.net; img-src 'self' *.usercentrics.eu https://tvwh62.grueneerde.com https://*.adform.net https://googleads.g.doubleclick.net https://www.google.com https://google.com https://www.google.de https://www.google.at https://www.google.ch https://bat.bing.com www.googletagmanager.com 'nonce-fa63f09d-5a31-41aa-b9e7-89ab56b60bf2' data:; connect-src 'self' https://tvwh62.grueneerde.com https://track.adform.net https://www.google.com *.usercentrics.eu; font-src 'self' data: https://fonts.gstatic.com www.grueneerde.com; object-src 'self'; manifest-src 'self'; media-src 'self' https://presse.grueneerde.com https://karriere.grueneerde.com; frame-ancestors 'self'; base-uri 'none'; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com shopberatung.grueneerde.com http://www.grueneerdeapps.com https://media.grueneerde.com https://newsletter.grueneerde.com https://beteiligungsmodell.grueneerde.com https://meet.jit.si https://my.matterport.com https://vimeo.com app.usercentrics.eu https://tvwh62.grueneerde.com https://*.adform.net https://*.gpwebpay.com https://bid.g.doubleclick.net https://td.doubleclick.net https://www.sandbox.paypal.com https://www.paypal.com https://view.publitas.com https://www.googletagmanager.com; form-action 'self' 'unsafe-inline' https://www.sandbox.paypal.com https://www.paypal.com; upgrade-insecure-requests; 1
default-src https://www.ziprecruiter.com 'self' https://accounts.google.com https://global.ketchcdn.com https://*.ketchjs.com; connect-src https://www.ziprecruiter.com 'self' https://accounts.google.com https://global.ketchcdn.com https://*.ketchjs.com https://*.ingest.us.sentry.io; script-src https://www.ziprecruiter.com 'self' https://accounts.google.com https://global.ketchcdn.com https://*.ketchjs.com 'nonce-tIcS7aspR5KjVRgAz5rRRQ' data: https://consent.truste.com https://consent.trustarc.com; style-src https://www.ziprecruiter.com 'self' https://accounts.google.com https://global.ketchcdn.com https://*.ketchjs.com 'unsafe-inline'; img-src https://www.ziprecruiter.com 'self' https://accounts.google.com https://global.ketchcdn.com https://*.ketchjs.com data: https://www.ziprecruiter.com https://static.ziprecruiter.com https://privacy-policy.truste.com https://consent.trustarc.com https://consent-pref.trustarc.com; frame-src https://www.ziprecruiter.com 'self' https://accounts.google.com https://global.ketchcdn.com https://*.ketchjs.com https://consent-pref.trustarc.com 1
base-uri 'none'; font-src 'self' blob: data: https://assets.vercel.com https://vercel.live/ *.abtasty.com *.gstatic.com *.googleapis.com; form-action 'self'; frame-ancestors 'self' localhost:* https://mkt-website-studio.tgtg.ninja/; img-src 'self' data: blob: https://vercel.com https://vercel.live/ https://sockjs-mt1.pusher.com/ https://cdn.sanity.io https://images.tgtg.ninja https://i.vimeocdn.com https://apptoogoodtogo.com https://dashboard.feedbucket.app https://www.googletagmanager.com https://*.ytimg.com https://*.googletagmanager.com https://*.abtasty.com https://*.hotjar.com https://*.bing.com https://bat.bing.com https://*.doubleclick.net https://*.linkedin.com https://*.facebook.com https://*.google.com https://*.amazonaws.com https://*.google.es; object-src 'none'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; script-src 'strict-dynamic' 'nonce-+YnJ+xvyOG2EyZQBES9maA==' 'self' https: 'unsafe-inline'; upgrade-insecure-requests; frame-src 'self' https://vercel.com https://vercel.live/ https://player.vimeo.com www.youtube.com policy.app.cookieinformation.com *.hotjar.com https://*.doubleclick.net; 1
frame-ancestors 'self' https://*.hana.ondemand.com; 1
default-src 'none'; frame-src *.contentservice.net player.vimeo.com *.rhapsode.com *.gigya.com *.nrplearningplatform.com *.laerdalblr.in *.googletagmanager.com *.google-analytics.com 'self'; script-src 'unsafe-inline' 'unsafe-eval' https: http: *.gigya.com *.nrplearningplatform.com *.laerdalblr.in *.googletagmanager.com 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src *.gigya.com *.nrplearningplatform.com *.laerdalblr.in *.googletagmanager.com *.google-analytics.com  'self'; style-src 'self' 'unsafe-inline'; font-src 'self' *.gstatic.com; img-src 'self' data: *.laerdalblr.in *.amazonaws.com; 1
base-uri 'none';object-src 'self' data:;script-src 'sha256-cn+m4pgNe3IRKICUaY3gG23Aofqr4BdxhBFi1A5Tg+Y=' 'sha256-ZNumia+5/9kqsTG18Bq9sp+4TDGre4ghlK5+/rgNZig=' 'sha256-TySAq9mfDJ7IPyttG9+RdOB+TGNDhey59XsGfFpw4vg=' 'sha256-Z2dLC8i/Z5SzG2LduMOBUlHHkTB1aQopojs5Dc1YwEA=' 'sha256-qBkywo7yasFP9P+ErkRH/VdHjUi3aNK7UdAAz1Ba674=' 'sha256-8vBHcrHltWkpbEVC4QKjHrFBgyZb+X32zKqeQ6l0qpo=' 'sha256-B7uwDAzv07fJBQ5Lrjd46hGfThZBHGY3KL3UGDKesA4=' 'sha256-btEfwm6PixrxsF3K/8pY/T+UZt6LkRdcbu5YRf2LJm0=' 'sha256-yRswpmov+AxTUvccky36ROK1GAliE/DVj3bVarRGS84=' 'sha256-oGbglMu4QQRoFeXBhCr2IZC3GZbvLqMD7Hn5z1nSqo0=' 'sha256-lWik/DTuzflALuwIdFoEa27YoO6Y3MkOtMVAwrTYdDU=' 'sha256-xkftsoET0xiFlHC4L/q7sdhNzuq8J6eTf7yjpinxIGw=' 'sha256-iovF5sV99VSTddV41IxK+2yeaUaTuft4hhMiFOaWvoA=' 'sha256-xnAQd9z3v53faS6N35LQru4VuYLDtInU9q9RCEQWLE8=' 'sha256-hUY9Z5K+ulj+moK1t1x0Nu/7rq0Bc3V9vcoElZvdeSk=' 'sha256-rG1ZiaWjXVtTxVly847cpV+Egnfaexpi2PH4o33yKbk=' 'sha256-JmOHOv6ifyNkf6A9XIvAo4+VC6+cLPQFhaG0C65KwC8=' 'sha256-Mfijc5ng1HSrdP0aV51ub1qul3u+ZbfdQDivCCTwaVQ=' 'sha256-2ACKbDhNAL28wjS7x6MmQJaCH4wvqFeL5ELgFzRVrN4=' 'sha256-n6vTNe/6PubA3aTuumlTB0MBB3tozgwz6+WptMm2h8w=' 'sha256-n6vTNe/6PubA3aTuumlTB0MBB3tozgwz6+WptMm2h8w=' 'sha256-Sv7AYquCRjd3kM8iVFVsYJ8uZcMhOhfL3Xrf7al1kkQ=' 'sha256-F0c8w6FaizCiJOXVBPyYARX2vzPYnd8/e/z5pN5Aotg=' 'sha256-6RrYx2D6uzyYEZrjGxisfByNQVj5A9dnUOnfbQrcH2Y=' 'sha256-9d383ZP7Tg8tQVad/QXHU6HneRA+WBF+Vv41J/E1O08=' 'sha256-UgVdMIW7pAYdJ5YUqs1QVQ9YRFjHuu+aGUQVSSUhAnY=' 'sha256-kFggNugiMlQgV8PgG2kfw+T/rL/RehA9c+dmmzpWkiI=' 'sha256-pqlUlNTywujDA0M+2j5LuHLrM+4/Nxyom1mMfCNph9I=' 'sha256-n199oP83p72gzdQNIs6HAk2gSv0psuOcW1hZZ5RVcyM=' 'sha256-EDj7W9PPlDOnfrxwlZJboGk7wwu+J3wk8oTwWfffEBc=' 'sha256-v85YtynazVNzwFHrNo1gjzjnYnAxaCZPR1KMVQHFNdU=' 'sha256-u35GM1kxpA8/DCeeZy0G6Pl2pa1oXUebKf7VoPnTPsA=' 'sha256-E0z5qgk9mtw2Gim81djyDxPJ9GFPolS4P/T2yVJQbkY=' 'sha256-XB8/cQ54gItx6qZ4K1UBeWn+49o1h2TqGfoau1d16EA=' 'sha256-NPOLFnhPFX/MPAmGqCOwC7ti3S/fjVLfZVbdVKo0qg4=' 'sha256-NPOLFnhPFX/MPAmGqCOwC7ti3S/fjVLfZVbdVKo0qg4='  https://a.localmonero.co 'sha256-kU270cRNgDiWGJyZygoB0f3LgtdWDmBQqyk4wxYOYq8=' 'sha256-/6SBPqW+GW+//4nlXX6Y1nR9dWlh0gsQJ6KK71djH6A=' 'self' https://maps.googleapis.com 'unsafe-eval';worker-src 'self' blob:;default-src 'self' https://a.localmonero.co;img-src 'self' blob: data:;connect-src 'self' https://api.mapbox.com https://a.localmonero.co https://cdn.jsdelivr.net/npm/redoc@next/bundles/redoc.standalone.js https://blockchain.info https://mempool.space https://blockstream.info https://api.blockcypher.com https://api.coingecko.com https://api.coincap.io https://bitcoiner.live https://kowalski.fiatfaucet.com:443 https://dewitte.fiatfaucet.com:443 https://node.portemonero.com:443 https://node.sethforprivacy.com:443 https://xmr.yemekyedim.com:18081 https://xmr.yemekyedim.com:18089 https://node.sethforprivacy.com:18089 https://xmr.bunkerlab.net:443 https://chad.fiatfaucet.com:443 https://node-xmr.encryp.ch:18089 https://xmr.cryptostorm.is:18081 https://moneronode.org:18081 https://xmr.visnova.pl:443 https://localhost:18081;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
default-src * data: https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; worker-src 'self' blob: 1
frame-ancestors 'self' https://www.weberhaus.de; 1
default-src 'none'; base-uri 'none'; block-all-mixed-content; form-action 'self'; frame-ancestors 'none'; style-src 'self'; img-src 'self'; font-src 'self'; object-src 'self'; frame-src https://xmpp.anoxinon.me:443/; media-src 'self'; 1
script-src https:  'unsafe-inline'; frame-ancestors 'self' 1
default-src 'self' *.snpmarket.com snpmarket.com api.snp.market blob: data: wss: 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://yandex.ru https://mc.yandex.ru https://admin.verbox.ru https://widget.apibcknd.com https://static.me-talk.ru https://yastatic.net http://yastatic.net https://chat.s3.yandex.net https://suggestions.dadata.ru https://widgets.2gis.com https://api-maps.yandex.ru https://www.gstatic.com https://profilepxl.ru https://cfv4.com https://acint.net https://manalyticshub.com https://pixel.hot-wifi.ru https://get4click.ru https://pixel.detmir.ru https://pxl.knam.pro https://fonts.googleapis.com https://me-talk.ru https://widget.me-talk.ru https://stats.g.doubleclick.net https://e-solution.pickpoint.ru https://core-renderer-tiles.maps.yandex.net https://pvzimage.cdek.ru https://captcha-api.yandex.ru 'unsafe-eval' 1
default-src 'self'; connect-src 'self' https://www.cnt.com.ec https://cnt.com.ec http://localhost:3000 http://localhost:8000 http://localhost:8081 https://sheetdb.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.facebook.net https://*.clarity.ms; media-src 'self'; object-src 'none'; font-src 'self' https://*.hotjar.com https://*.hotjar.io; frame-src 'self' https://www.youtube.com https://*.hotjar.com/ https://*.hotjar.io/ https://www.googletagmanager.com https://www.google.com/recaptcha/ https://*.youtube-nocookie.com https://hey.isbel.com.uy:8312/; img-src 'self' data: https://www.cnt.com.ec https://cnt.com.ec https://cnt-media.boxqos.com https://www.google-analytics.com https://script.hotjar.com https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://px.ads.linkedin.com/ https://*.adsymptotic.com/ https://cnt-cdn-test.nyc3.cdn.digitaloceanspaces.com https://c.clarity.ms/; script-src 'sha256-sdsp6gw5kGSibJRHcojbLCLoyRVqUp9SSWeiQDiUCmQ=' 'self' 'sha256-1rbDzM8rknJRvmqAwOz0VTE+V9sYBI3N6l2LPiNh2Tw=' https://*.hotjar.com https://*.hotjar.io https://*.facebook.com https://*.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cnt-media.boxqos.com https://snap.licdn.com/ https://hey.isbel.com.uy:8312/ https://www.clarity.ms; style-src 'self' 'unsafe-inline' https://hey.isbel.com.uy:8312/ 1
script-src http: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; connect-src http: wss://mcw.mango-office.ru 1
default-src https:; script-src 'self' https://cdn.tiny.cloud https://kit.fontawesome.com/ *.googletagmanager.com https://cdn.jsdelivr.net 'strict-dynamic' 'nonce-9f6ffec2902076d20144f21b00961243' 'sha256-3Ey30PJkNcf9LrK7CIqrujoq79a+uJqKgYsaBDj15Eo=' 'sha256-XUAOoXgas8fgNuX3dPUbmC3HvtG28k7DdxtftQVQOlY=' ; style-src https: 'unsafe-inline'; img-src https: www.googletagmanager.com data:; font-src https: data:; connect-src https: wss://ws.edas.info; frame-ancestors 'none'; 1
default-src 'self' d37hfq3t37fvvd.cloudfront.net www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' d37hfq3t37fvvd.cloudfront.net www.googletagmanager.com www.gstatic.com www.google-analytics.com *.pusher.com; connect-src 'self' ws: http: d37hfq3t37fvvd.cloudfront.net www.googletagmanager.com *.pusher.com 127.0.0.1:* localhost:*; img-src 'self' data: d37hfq3t37fvvd.cloudfront.net www.googletagmanager.com; style-src 'self' 'unsafe-inline' d37hfq3t37fvvd.cloudfront.net www.googletagmanager.com www.gstatic.com; base-uri 'self' d37hfq3t37fvvd.cloudfront.net www.googletagmanager.com; form-action 'self' d37hfq3t37fvvd.cloudfront.net www.googletagmanager.com; font-src 'self' data: d37hfq3t37fvvd.cloudfront.net d1ygukj37mahb2.cloudfront.net fonts.gstatic.com; frame-src 'self' d37hfq3t37fvvd.cloudfront.net www.youtube.com; frame-ancestors 'self' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src * data:;media-src blob: 'self' data:;worker-src blob: 'self' data:; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://ln-rules.rewardstyle.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://*.contentsquare.net https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://analytics.tiktok.com https://sgtm.christopherobin.fr; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.christopherobin.fr https://m.christopherobin.fr https://checkout.christopherobin.fr https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://ln-rules.rewardstyle.com https://*.contentsquare.net https://app.contentsquare.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://analytics.tiktok.com https://*.ibytedtos.com https://sgtm.christopherobin.fr; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.google-analytics.com https://*.googleapis.com https://search.studyaustralia.gov.au https://beta-search.studyaustralia.gov.au https://*.theaccessplatform.com https://*.svc.dynamics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.au; font-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.gstatic.com data:;  script-src  'self' 'unsafe-inline' https://*.search.acir.com.au/assets/embed/widget.js https://*.clarity.ms https://*.facebook.net https://www.youtube.com https://*.google-analytics.com https://*.hotjar.com https://mktdplp102cdn.azureedge.net https://mtestaus.hotcoursesabroad.com https://search.studyaustralia.gov.au https://beta-search.studyaustralia.gov.au https://*.theaccessplatform.com https://*.svc.dynamics.com https://www.amcharts.com https://maps.googleapis.com https://maps.gstatic.com https://*.prod.aws.idp-connect.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://*.g.doubleclick.net https://www.googleadservices.com; img-src 'self' https://beta-search.studyaustralia.gov.au https://search.studyaustralia.gov.au https://i.ytimg.com https://*.bing.com https://*.clarity.ms https://www.facebook.com https://ad.doubleclick.net https://ade.googlesyndication.com https://*.fls.doubleclick.net https://*.hotjar.com https://*.googletagmanager.com https://*.google.com.au https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.prod.aws.idp-connect.com  https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.googleusercontent.com https://*.svc.dynamics.com data:; media-src 'self' 'unsafe-inline';  style-src 'self' 'unsafe-inline' https://*.search.acir.com.au/assets/embed/widget.css https://css-intl.prod.aws.idp-connect.com https://fonts.googleapis.com https://*.hotjar.com https://beta-search.studyaustralia.gov.au https://search.studyaustralia.gov.au;  frame-src 'self' https://www.facebook.com https://forms.office.com https://mktdplp102cdn.azureedge.net https://app.powerbi.com https://*.svc.dynamics.com https://www.amcharts.com https://js-intl.prod.aws.idp-connect.com https://*.google.com  https://mtestaus.hotcoursesabroad.com https://www.youtube.com https://search.studyaustralia.gov.au https://beta-search.studyaustralia.gov.au https://*.theaccessplatform.com https://*.g.doubleclick.net https://*.fls.doubleclick.net; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'self' 'unsafe-inline' https: data:; img-src 'self' https: data: blob: android-webview-video-poster:; font-src https: data:; connect-src https: wss: blob:; media-src https: data: blob:; object-src 'none'; child-src https: data: blob:; form-action https:; frame-ancestors 'self' https://*.collegeadvisor.com; 1
frame-ancestors 'self' https://nnss.gov; 1
default-src 'self' data: https://ecosystem.matomo.cloud https://fonts.googleapis.com https://fonts.gstatic.com; base-uri 'self' https://ecosystem.matomo.cloud; block-all-mixed-content; connect-src 'self' wss: https://*.ckeditor.com https://*.hotjar.com https://*.hotjar.io https://*.teads.tv https://aax-eu.amazon-adsystem.com https://ara.paa-reporting-advertising.amazon https://consentcdn.cookiebot.com https://ecosystem.matomo.cloud https://maps.googleapis.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' https://*.doubleclick.net https://*.greenconnected.fr https://*.teads.tv https://aax-eu.amazon-adsystem.com https://bonusqualirepar.ecosystem.eco https://consentcdn.cookiebot.com https://ecosystem.matomo.cloud https://form.jotform.com https://page.ecosystem.eco https://portail-reparateurs.ecosystem.eco https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.doubleclick.net https://*.ecosystem.eco https://*.teads.tv https://*.tracker.adotmob.com https://img.youtube.com https://imgsct.cookiebot.com https://insight.adsrvr.org https://jedonnemontelephone.fr https://maps.googleapis.com https://maps.gstatic.com https://p1.zemanta.com https://secure.adnxs.com https://track.adform.net https://www.google.fr https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://*.ecosystem.eco; object-src 'none'; script-src 'unsafe-inline' 'report-sample' 'self' https://*.hotjar.com https://*.tracker.adotmob.com https://c.amazon-adsystem.com https://cdn.datatables.net https://cdn.matomo.cloud https://consent.cookiebot.com https://consentcdn.cookiebot.com https://ecosystem.matomo.cloud https://fonts.googleapis.com https://maps.googleapis.com https://p.teads.tv https://pixels.omnitagjs.com https://s2.adform.net https://track.adform.net https://www.googletagmanager.com https://www.youtube.com; style-src 'unsafe-inline' 'report-sample' 'self' https://cdn.datatables.net https://ecosystem.matomo.cloud https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'none' 1
default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval' translate.google.com www.nitrokey.com; object-src 'self'; style-src 'unsafe-inline' 'self'; img-src 'unsafe-inline' 'self' safari-extension www.nitrokey.com embetty.nitrokey.com data:; media-src 'self'; frame-src 'self' https://www.youtube-nocookie.com; frame-ancestors 'self'; font-src 'unsafe-inline' 'self' data:; connect-src 'self' https://api.github.com; report-uri /report-csp-violation; base-uri 'self'; form-action 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' wss://* https://* data:; 1
frame-ancestors https://*.zscloud.net 'self' macom.com *.macom.com *.jahia.cloud.com 1
script-src 'self' 'unsafe-eval' https://swyftx.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem safe data: 'unsafe-inline' https://swyftx.com https://metrics.swyftx.com https://app.intotheblock.com https://yoast.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com https://platform.twitter.com https://connect.facebook.net https://www.redditstatic.com https://static.ads-twitter.com https://cdn.branch.io https://analytics.tiktok.com https://bat.bing.com https://cdn.pdst.fm https://app.link https://static.hotjar.com https://script.hotjar.com https://cdn.callrail.com/ https://js.callrail.com/ https://dev.visualwebsiteoptimizer.com https://g10102301085.co https://cdn.veritonic.com; frame-src 'self' blob: data: https://www.google.com/ https://*.youtube.com https://platform.twitter.com https://11770793.fls.doubleclick.net https://td.doubleclick.net; font-src 'self' data: https://fonts.gstatic.com https://www.googletagmanager.com; 1
default-src 'self' *.twitter.com wss://*.iesnare.com https://*.iesnare.com https://c868f50ba0a44ab1a49811d2861c57f7.svc.dynamics.com https://9e23f0c0cf4b40e984c4ecab298228a7.svc.dynamics.com https://9e23f0c0cf4b40e984c4ecab298228a7.svc.dynamics.com/ data: https://www.google.com *.youtube.com *.youtube-nocookie.com; img-src 'self' *.twimg.com https://cifas.matomo.cloud/ *.twitter.com https://assets-gbr.mkt.dynamics.com/ https://9e23f0c0cf4b40e984c4ecab298228a7.svc.dynamics.com data: *.cifas.org.uk *.google-analytics.com; frame-ancestors 'none' https://syndication.twitter.com; style-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com; script-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com *.google-analytics.com https://mpsnare.iesnare.com https://cdn.matomo.cloud/cifas.matomo.cloud/ https://www.youtube.com https://mktdplp102cdn.azureedge.net/ blob: 'unsafe-eval' https://www.google.com http://www.google-analytics.com https://www.gstatic.com https://services.postcodeanywhere.co.uk https://www.googletagmanager.com 1
frame-ancestors https://register.enthuse.com; report-uri /report-csp-violation 1
default-src 'self' https://www.google-analytics.com https://sdk.apptentive.com https://api.apptentive.com;font-src 'self' https://use.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com https://unpkg.com data:;img-src 'self' https://www.google.com https://platform-cdn.sharethis.com https://s4desktop.com              https://www.google.co.in  https://www.google-analytics.com  https://s3.amazonaws.com;frame-ancestors 'self' https://cms-uat.mortgagequestions.com https://uat.mortgagequestions.com               https://4654125057.encompasstpoconnect.com;frame-src 'self' https://cms-uat.mortgagequestions.com https://uat.mortgagequestions.com https://bid.g.doubleclick.net https://www.google.com http://dntcl.qualaroo.com https://s4desktop.com;script-src 'self' 'nonce-pdTOzWhTe0S4LY9W5Gv0Ng=='  https://sdk.apptentive.com https://api.apptentive.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://s4desktop.com https://platform-api.sharethis.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://buttons-config.sharethis.com https://www.googletagmanager.com https://www.google-analytics.com https://unpkg.com https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cl.qualaroo.com http://cl.qualaroo.com https://turbo.qualaroo.com;style-src 'self'  https://sdk.apptentive.com  https://api.apptentive.com        https://maxcdn.bootstrapcdn.com  https://use.fontawesome.com      https://fonts.googleapis.com         https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://unpkg.com https://s4desktop.com  https://cdn.jsdelivr.net;object-src 'none';base-uri 'self' https://cms-uat.mortgagequestions.com https://uat.mortgagequestions.com; 1
script-src http: https: https://www.hardwarestore.com/ 'nonce-ab6fG6HZWxCmlEtnNTkAIegbzKb70MHoOan23NCDGPcii' 'unsafe-eval' 'unsafe-hashes' https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net *.wknd.ai *.bounceexchange.com 'sha256-+hSsSV2IXXRsl5bMQeEDYHtphbqnY8bJDu6xoakSuXA=' https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com *.turnto.com https://dev.visualwebsiteoptimizer.com *.vwo.com; style-src 'self' blob: https: 'unsafe-inline' https://www.hardwarestore.com/ https://tagmanager.google.com https://fonts.googleapis.com *.bounceexchange.com; img-src data: http: https: https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://www.facebook.com *.bounceexchange.com *.bouncex.net; object-src 'none'; base-uri 'none'; child-src 'self' blob: *.bounceexchange.com; font-src 'self' use.typekit.net https://fonts.gstatic.com data https://cdn.userway.org *.bounceexchange.com; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.googletagmanager.com *.userway.org *.facebook.com *.bounceexchange.com https://photos.pixlee.co/ https://dev.visualwebsiteoptimizer.com https://ct.pinterest.com *.paypal.com; 1
default-src https: http://*.tile.osm.org data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'unsafe-inline' 'unsafe-eval' https: wss: data: blob:; frame-ancestors 'self' https://groundcontrol.wscmdu.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://assets.hcstatic.net *.googleapis.com *.gstatic.com *.google.com *.youtube.com *.fontawesome.com *.tarteaucitron.io https://tarteaucitron.io https://www.googletagmanager.com https://cdnjs.cloudflare.com cdn-cookieyes.com; style-src 'self' 'unsafe-inline' https://assets.hcstatic.net *.googleapis.com *.fontawesome.com *.tarteaucitron.io; img-src 'self' data: blob: https://assets.hcstatic.net *.gstatic.com *.googleapis.com https://secure.gravatar.com https://websitedemos.net cdn-cookieyes.com; font-src 'self' data: https://assets.hcstatic.net *.googleapis.com *.gstatic.com *.fontawesome.com ; connect-src 'self' *.hotcity.lu api.cityapp.lu *.googleapis.com *.fontawesome.com *.cookieyes.com cdn-cookieyes.com; media-src 'self' https://assets.hcstatic.net; object-src 'self'; child-src 'self'; frame-src self https://www.youtube-nocookie.com *.google.com *.youtube.com https://www.visite-virtuelle-360.ovh https://visite-virtuelle-360.ovh; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' https://* *.sprylabprojects.com resource://* 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.boafoda.webcam:9080 www.boafoda.webcam:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.boafoda.webcam wss://www.boafoda.webcam *.campoints.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1721956951 1
default-src 'none'; object-src 'none'; manifest-src 'self'; style-src 'self' 'unsafe-inline' https://solana.tor.us/ https://fonts.googleapis.com; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data:; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; img-src 'self' data: image: https: blob:; font-src 'self' https:; frame-src https://solana.tor.us/ https://verify.walletconnect.org/ https://verify.walletconnect.com/ https://connect.solflare.com/ https://www.youtube.com; upgrade-insecure-requests 1
sandbox allow-same-origin allow-scripts allow-popups allow-forms allow-downloads;  1
default-src 'none'; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.cloudflare.com https://*.jquery.com https://*.bootstrapcdn.com https://*.pagescdn.com https://*.optimizely.com https://*.amazonaws.com https://*.adobedtm.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.facebook.net https://*.googleadservices.com https://*.sitescdn.net https://*.livechatinc.com https://*.demdex.net https://*.addthis.com https://*.addthisedge.com https://*.pinterest.com https://*.en25.com https://*.datadoghq-browser-agent.com https://optimize.google.com https://*.rlets.com https://*.reachlocallivechat.com https://reachlocallivechat.com about://*.reachlocallivechat.com https://*.cloudfront.net https://*.cloudflareinsights.com https://*.broadly.com https://web-2-tel.com https://*.hotjar.com https://*.btttag.com https://*.bing.com https://*.doubleclick.net https://*.thinkingchat.com https://*.here.com blob: https://*.stackadapt.com https://*.simpli.fi https://*.pinimg.com https://*.yimg.com https://*.adroll.com https://*.adsrvr.org https://*.scorpion.co https://*.stripe.com https://*.twilio.com wss://*.twilio.com https://*.gstatic.com https://*.liadm.com https://*.brandcdn.com https://*.cloudfunctions.net https://*.callrail.com https://*.web-2-tel.com https://*.mrelectric.com https://*.licdn.com https://*.convertexperiments.com https://*.outlook.com https://*.hibu.com https://*.ybn.io https://mrelectric.com https://*.mrelectric.com https://*.servicetitan.com https://*.natpal.com https://www.clarity.ms https://*.cudasvc.com/ https://*.amazon-adsystem.com https://*.xg4ken.com https://*.ctctcdn.com https://*.tvsquared.com https://*.marketingautomation.services https://*.google.com https://*.jsdelivr.net https://securesitetray.com https://adservice.google.com https://*.marketingcloudfx.com https://*.leadconnectorhq.com https://*.milestoneinternet.com; style-src 'self' 'unsafe-inline' auth.iws-hybrid.trendmicro.com 'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.typekit.net https://*.jquery.com https://*.sitescdn.net https://optimize.google.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.stackadapt.com https://*.scorpion.co https://*.twilio.com blob: https://*.mrelectric.com https://mrelectric.com https://*.jsdelivr.net https://*.leadconnectorhq.com https://*.milestoneinternet.com; object-src 'none'; connect-src https://www.facebook.com auth.iws-hybrid.trendmicro.com https://*.google.com https://*.liadm.com https://*.googleadservices.com https://*.nblyprod.com https://*.googleapis.com https://*.pagescdn.com https://*.demdex.net https://*.livechatinc.com https://*.neighborly.com https://*.crownpeak.net https://*.addthis.com https://*.dwyergroup.com https://*.broadly.com https://*.amazonaws.com https://*.google-analytics.com https://*.facebook.net https://*.gannettdigital.com https://*.browser-intake-datadoghq.com https://optimize.google.com https://*.reachlocalservices.com https://*.rlets.com https://reachlocallivechat.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.hotjar.io/ wss://reachlocallivechat.com https://*.web-2-tel.com wss://*.hotjar.com https://*.simpli.fi https://*.adroll.com https://*.oribi.io https://*.here.com https://*.hereapi.com https://*.stackadapt.com https://*.yimg.com https://*.pinterest.com https://*.scorpion.co https://*.btttag.com https://*.twilio.com wss://*.twilio.com https://*.doubleclick.net https://*.bing.com blob: https://*.cloudfunctions.net https://*.callrail.com https://*.mrelectric.com https://mrelectric.com https://*.convertexperiments.com https://*.googlesyndication.com https://*.linkedin.com https://*.cloudflare.com https://*.natpal.com https://*.servicetitan.com https://*.natpal.com https://*.clarity.ms https://*.localiq.com https://browser-intake-datadoghq.com https://adservice.google.com https://*.marketingcloudfx.com https://*.leadconnectorhq.com https://*.msgsndr.com https://*.leadmanagerfx.com https://*.milestoneinternet.com; font-src auth.iws-hybrid.trendmicro.com https://*.nblyprod.com https://*.typekit.net https://*.gstatic.com https://*.googleapis.com https://optimize.google.com https://reachlocallivechat.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.scorpion.co https://*.twilio.com blob: https://*.mrelectric.com https://mrelectric.com https://*.milestoneinternet.com; frame-src auth.iws-hybrid.trendmicro.com https://www.facebook.com https://*.rlets.com https://*.youtube.com https://*.livechatinc.com https://*.demdex.net/ https://*.addthis.com https://*.pagescdn.com https://*.amazonaws.com https://*.b2clogin.com https://optimize.google.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.doubleclick.net https://*.adsrvr.org https://*.pinterest.com https://*.stripe.com https://*.twilio.com https://*.broadly.com https://*.cloudfront.net blob: https://*.mrelectric.com https://*.nblyprod.com https://mrelectric.com https://*.cudasvc.com https://*.milestoneinternet.com; manifest-src https://*.nblyprod.com https://mrelectric.com/ https://*.milestoneinternet.com 1
object-src 'none'; default-src * data: 'self' blob:; frame-ancestors 'self' *.juridischloket.nl open.spotify.com test-botclient.juridischloket.nl *.juridischloket-dev.nl; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.gstatic.com siteimproveanalytics.com *.juridischloket.nl test-botclient.juridischloket.nl *.juridischloket-dev.nl *.youtube.com *.googletagmanager.com *.vimeo.com *.userback.io *.custhelp.com *.cookiebot.com *.google.com *.googleapis.com; style-src 'self' 'unsafe-inline'; 1
frame-ancestors 'self' http://www.breyers.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 1
frame-ancestors 'self' *.empowerfcu.com *.zagclients.net report-uri https://empower.report-uri.com/r/d/csp/wizard 1
upgrade-insecure-requests; frame-ancestors https://www.myrtlebeach.com; 1
frame-ancestors 'self' https://*.lawschooldata.org; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://inchcape.azureedge.net https://inchcape-prod.azureedge.net https://inchcape-prod-bnhgefd2dnf5a4ew.z01.azurefd.net https://inchcape-oc-prod.azureedge.net https://oc-prod.inchcape.com https://inchcape-sa-prod.azureedge.net https://sa-prod.inchcape.com https://js.stripe.com https://plugins.codeweavers.net https://cdn-assets-prod.s3.amazonaws.com/ https://iframe.app.autoconvert.co.uk https://vcc-eu11-cf.8x8.com https://js.monitor.azure.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://widgets.reputation.com https://cdn.autopress.cl https://unpkg.com https://cdn.jsdelivr.net https://au-ecom-sit.inchcapedigital.com https://au-ecom-gr.inchcapedigital.com https://bam.nr-data.net https://pixel.mathtag.com https://api-public.addthis.com https://*.cloudfront.net https://graph.facebook.com https://*.addthis.com https://*.addthisedge.com https://static.hotjar.com https://www.dynamicnumbers.mediahawk.co.uk https://static.analytics.netdirector.auto https://ajax.googleapis.com https://cdn.optimizely.com https://cdn.worldpay.com https://emac-direct.service-plan.co.uk https://maps.googleapis.com https://script.hotjar.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.googleadservices.com https://ad.doubleclick.net https://pagead2.googlesyndication.com https://js-agent.newrelic.com https://tagmanager.google.com https://googleads.g.doubleclick.net https://www.gstatic.com https://www.google.com https://t.astutemetrics.com https://vcc-eu11.8x8.com/CHAT/common/js/chat.js https://vcc-eu11.8x8.com/shared/CHAT/aW5jaGNhcGVtYW5hZ2VtZW4wMQ/button_31691278463ce9b3ff0f092.73115630/button.js https://vcc-eu11.8x8.com/shared/CHAT/aW5jaGNhcGVtYW5hZ2VtZW4wMQ/button_31691278463ce9b3ff0f092.73115630/img/logo https://vcc-eu11.8x8.com/shared/CHAT/aW5jaGNhcGVtYW5hZ2VtZW4wMQ/button_179846823363ce7ebc98f9e3.48906312/button.js https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://inchcape-prod.azureedge.net https://inchcape-prod-bnhgefd2dnf5a4ew.z01.azurefd.net https://inchcape-oc-prod.azureedge.net https://oc-prod.inchcape.com/ https://inchcape-sa-prod.azureedge.net https://sa-prod.inchcape.com https://cdnjs.cloudflare.com https://widgets.reputation.com https://emac-direct.service-plan.co.uk https://fonts.googleapis.com https://tagmanager.google.com  https://au-ecom-sit.inchcapedigital.com https://au-ecom-gr.inchcapedigital.com; img-src 'self' data: https://vcc-eu11-cf.8x8.com https://imgsct.cookiebot.com https://vcc-eu11.8x8.com/shared/CHAT/aW5jaGNhcGVtYW5hZ2VtZW4wMQ/button_179846823363ce7ebc98f9e3.48906312/img/logo https://componentsprodstorage.blob.core.windows.net/ https://prodsc-mediacdn.azureedge.net https://lh3.ggpht.com https://azsbrglocdnepdnbvoa.azureedge.net https://ad.doubleclick.net https://inchcape-prod.azureedge.net https://inchcape-prod-bnhgefd2dnf5a4ew.z01.azurefd.net https://inchcape-qa.azureedge.net https://oc-prod.inchcape.com https://inchcape-oc-prod.azureedge.net https://inchcape-sa-prod.azureedge.net https://sa-qa.inchcape.com https://js.stripe.com https://cdnjs.cloudflare.com https://azeauglocdnedevbvoa.azureedge.net https://azsbrglocdnedevbvoa.azureedge.net https://azeauglocdnepdnbvoa.azureedge.net https://*.google-analytics.com https://*.analytics.google.com https://media.reputation.com https://widgets.reputation.com https://s3-us-west-1.amazonaws.com https://pixelg.adswizz.com https://au-ecom-sit.inchcapedigital.com https://au-ecom-gr.inchcapedigital.com https://bam.nr-data.net https://pixel.mathtag.com https://match.adsrvr.org https://track.admaxim.com https://static.hotjar.com https://script.hotjar.com https://www.google.com https://www.google.ie https://www.google.co.uk https://*.g.doubleclick.net https://inchcapecdn.azureedge.net https://inchcapeukcdn.azureedge.net https://images-static.trustpilot.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google-analytics.com https://via.placeholder.com https://maps.googleapis.com https://maps.gstatic.com https://www.caranddriving.com https://*.googleapis.com https://ssl.gstatic.com https://5490816.fls.doubleclick.net https://www.facebook.com; font-src 'self' data: https://inchcape-prod.azureedge.net https://inchcape-prod-bnhgefd2dnf5a4ew.z01.azurefd.net https://inchcape-oc-prod.azureedge.net https://oc-prod.inchcape.com https://inchcape-sa-prod.azureedge.net https://sa-qa.inchcape.com https://cdnjs.cloudflare.com https://widgets.reputation.com https://emac-direct.service-plan.co.uk https://static.hotjar.com https://script.hotjar.com https://au-ecom-sit.inchcapedigital.com https://au-ecom-gr.inchcapedigital.com https://fonts.gstatic.com; connect-src 'self' http://inchcapeapi.local https://inchcapecarsearchapi.local/ https://prod.inchcape.co.uk https://dev.inchcape.co.uk prod.inchcape.co.uk https://oc-prod.inchcape.com https://sa-prod.inchcape.com https://inchcape-sa-prod.azureedge.net https://sa-qa.inchcape.com https://emac-direct-api.gforceslivelink.co.uk https://cloud8-cc-geo.8x8.com https://northeurope-2.in.applicationinsights.azure.com https://api.autopress.cl https://b2b.autopress.cl https://dn.mediahawk.co.uk https://*.logrocket.io https://*.lr-ingest.io https://analytics.netdirector.co.uk https://*.google-analytics.com https://*.analytics.google.com https://www.google-analytics.com https://googleads4.g.doubleclick.net https://www.facebook.com https://bam.nr-data.net https://au-ecom-sit.inchcapedigital.com https://au-ecom-gr.inchcapedigital.com https://api.oneweb.inchcape.co.uk https://inchcapeuatapi.azurewebsites.net/ https://inchcapeprodapi.azurewebsites.net https://inchcapeuatsearchapi.azurewebsites.net https://inchcapeproductionsearchapi.azurewebsites.net https://inchcapeuatapi.azurewebsites.net https://inchcapeuatimporterapi.azurewebsites.net https://inchcapeuatsearchapi.azurewebsites.net https://m.addthis.com https://www.dynamicnumbers.mediahawk.co.uk http://*.hotjar.io:* https://*.hotjar.io:* http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com https://*.googleapis.com https://*.optimizely.com https://stats.g.doubleclick.net https://consent.cookiebot.com https://consentcdn.cookiebot.com; media-src 'self'; object-src 'self'; child-src 'self' blob:; frame-src 'self' https://js.stripe.com https://iframe.app.autoconvert.co.uk/ https://vcc-eu11-cf.8x8.com/ https://plugins.codeweavers.net/ https://widgets.reputation.com https://www.bumper.co.uk/ https://www.bumper.co/ https://vcc-eu11.8x8.com/ https://vmc-qa.inchcape.digital/ https://vmc-prd.inchcape.digital/ https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.optimizely.com https://pixel.mathtag.com https://s7.addthis.com https://sdn.sitecore.net https://inchcape.mua.hrdepartment.com https://player.vimeo.com https://vars.hotjar.com https://*.citnow.com https://www.caranddriving.com https://www.youtube.com https://danclarksoninchcape.wufoo.eu https://danclarksoninchcape.wufoo.com https://5490816.fls.doubleclick.net https://emac-direct.service-plan.co.uk https://www.facebook.com/ https://www.google.com https://consentcdn.cookiebot.com; worker-src 'self' blob:; frame-ancestors 'self' https://vmc-qa.inchcape.digital/ https://vmc-prd.inchcape.digital/; form-action 'self' https://inchcape.mua.hrdepartment.com https://plugins.codeweavers.net www.facebook.com; upgrade-insecure-requests; 1
default-src 'self'; frame-src 'self' *.youtube.com; connect-src 'self' *.yandex.ru *.google-analytics.com *.google.com *.gigabyte-data.com; img-src 'self' data: *.google-analytics.com static.gigabyte-data.com *.gigabyte.com *.ytimg.com; font-src *; style-src 'unsafe-inline' *; media-src 'self' static.gigabyte-data.com *.gigabyte.com *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.yandex.ru *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com static.gigabyte-data.com *.gigabyte.com *.jquery.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.unpkg.com unpkg.com; 1
frame-ancestors file: https://*.retiehe.com https://airportal.cn https://*.airportal.cn https://localhost http://localhost:* 1
font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.fontawesome.com *.gstatic.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.trustpilot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io dev.visualwebsiteoptimizer.com cdn-ukwest.onetrust.com www.brandalley.co.uk www.brandalley.fr *.mirakl.net https://images.unsplash.com https://static.afterpay.com https://site-assets.afterpay.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io dev.visualwebsiteoptimizer.com cdn-ukwest.onetrust.com tag.mention-me.com static.mention-me.com code.jquery.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.trustpilot.com *.plugins.emarsys.net *.scarabresearch.com cdn.rudderlabs.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com fonts.gstatic.com static.afterpay.com/ *.squarecdn.com *.fontawesome.com *.trustpilot.com unsafe-inline assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io dev.visualwebsiteoptimizer.com cdn-ukwest.onetrust.com tag.mention-me.com static.mention-me.com invitejs.trustpilot.com analytics-staging.brandalley.fr analytics-staging.brandalley.co.uk analytics.brandalley.fr analytics.brandalley.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com static.afterpay.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk *.scarabresearch.com *.eservice.emarsys.net *.rudderstack.com api.addressy.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.youtube.com *.ads-twitter.com tracker.metricool.com *.facebook.com www.google.com www.once.es t.co mcusercontent.com *.facebook.net *.tiktok.com *.doubleclick.net *.list-manage.com cdn.iterwebcms.com *.twitter.com chimpstatic.com www.google.es www.googletagmanager.com analytics.google.com www.google-analytics.com *.mailchimp.com *.gstatic.com region1.analytics.google.com mas.protecmedia.com *.googleapis.com *.google-analytics.com/; 1
script-src 'self' 'unsafe-inline' https://apis.google.com https://code.jquery.com https://maps.googleapis.com 1
img-src 'self' data: https: 1
default-src 'self' *.marcomcentral.app.pti.com *.geotargetly-api-1.com embed.signalintent.com geotargetly-api-1.com *.sandbox.my.site.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.hotjar.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com *.calcxml.com *.cloudflare.com *.bootstrapcdn.com *.wave2.io *.matomo.cloud *.googleoptimize.com siteimproveanalytics.com maps.googleapis.com *.googletagmanager.com *.cookiepro.com snap.licdn.com *.cookielaw.org code.jquery.com geolocation.onetrust.com *.srv.stackadapt.com *.geotargetly-api-1.com geotargetly-api-1.com embed.signalintent.com *.segment.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com *.typekit.net *.cloudflare.com *.calcxml.com *.google-analytics.com *.cookielaw.org *.cookiepro.com *.geotargetly-api-1.com geotargetly-api-1.com embed.signalintent.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net *.cloudflare.com embed.signalintent.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.chevronfcu.org http://images.printable.com *.calcxml.com *.spectrumcu.org *.google.com px.ads.linkedin.com *.cookiepro.com *.adsymptotic.com *.segment.com calc-backend-prod.herokuapp.com s3.us-east-2.amazonaws.com embed.signalintent.com; media-src 'self' data: blob: *.marcomcentral.app.pti.com *.chevronfcu.org *.amazonaws.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.hotjar.com *.google.com *.wave2.io *.optimalblue.com 11549827.fls.doubleclick.net *.doubleclick.net; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.calcxml.com *.googleapis.com *.hotjar.com *.doubleclick.net wss://ws24.hotjar.com wss://ws1.hotjar.com wss://*.hotjar.com *.hotjar.io cdn.linkedin.oribi.io https://analytics.google.com/ *.segment.com calc-backend-prod.herokuapp.com api.segment.io; 1
default-src 'self'; base-uri 'self'; frame-src 'self'; frame-ancestors 'self'; form-action 'none'; script-src 'self'; img-src 'self' 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src * data:; font-src * data:; style-src 'unsafe-inline' *; 1
frame-ancestors 'self' https://www.linkedin.com/ https://linkedin.com/ chrome-extension://plmgcpmncieehlchnoknloacckpdoncc; 1
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.youtube.com; frame-src 'self' www.youtube-nocookie.com  www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com; 1
frame-src 'self' uzis.cz  https://www.youtube.com https://audiovisual.ec.europa.eu https://slideslive.com; frame-ancestors 'self' nzip.cz https://www.nzip.cz 1
default-src 'self'; script-src 'self' 'unsafe-eval' https://cdn.userway.org https://www.googletagmanager.com/gtag/js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://cdn.userway.org https://fonts.googleapis.com; img-src 'self' data: https://pbcdn1.podbean.com/ https://cdn.userway.org https://i.ytimg.com https://maps.gstatic.com https://i.vimeocdn.com/video/; font-src 'self' data: https://cdn.userway.org https://fonts.gstatic.com; connect-src 'self' https://cdn.userway.org https://api.userway.org/ https://*.google-analytics.com https://vimeo.com/api/oembed.json; frame-src 'self' https://vimeo.com/ https://www.youtube-nocookie.com https://www.podbean.com/ https://cdn.userway.org/ https://player.vimeo.com/ https://www.google.com/ www.youtube.com/embed/ 1
frame-ancestors 'self' https://cocc.instructure.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://merveilles.town; img-src 'self' https: data: blob: https://merveilles.town; style-src 'self' https://merveilles.town 'nonce-iPzqPtXyoGcdNBZTR+XQzA=='; media-src 'self' https: data: https://merveilles.town; frame-src 'self' https:; manifest-src 'self' https://merveilles.town; connect-src 'self' data: blob: https://merveilles.town https://assets.merveilles.town wss://merveilles.town; script-src 'self' https://merveilles.town 'wasm-unsafe-eval'; child-src 'self' blob: https://merveilles.town; worker-src 'self' blob: https://merveilles.town 1
default-src https: 'unsafe-eval' 'unsafe-inline' data: blob: 1
script-src https: 'nonce-99d27544-b8bb-4578-8a2a-3ab4a4452676' 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: https: www.googletagmanager.com; style-src 'self' 'unsafe-inline' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cegos.fr *.cegos.com https://www.gstatic.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://www.googleadservices.com/pagead/conversion/ https://www.google.fr/pagead/attribution/ https://www.gstatic.com/wcm/ https://www.gstatic.com/recaptcha/api2/ https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ec.js https://www.linkedin.com/px/ https://px.ads.linkedin.com/collect/ https://platform.linkedin.com/ https://snap.licdn.com/ https://static.ads-twitter.com/uwt.js https://analytics.twitter.com/ https://platform.twitter.com/ https://cdn.syndication.twimg.com/timeline/ https://sjs.bizographics.com/insight.min.js https://www.googleadservices.com/pagead/conversion_async.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://static.hotjar.com/ https://script.hotjar.com/ https://munchkin.marketo.net/ https://*.marketo.com/ https://connect.facebook.net/ https://www.youtube.com/ https://s.ytimg.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://*.kameleoon.com/ https://*.kameleoon.net https://*.kameleoon.eu https://kick-my-bot.s3-eu-west-1.amazonaws.com https://chat-window.kmblabs.com/ https://d134jvmqfdbkyi.cloudfront.net https://d24s38jd6z1bka.cloudfront.net https://d1986lffsl15jz.cloudfront.net https://bat.bing.com https://*.abtasty.com https://flagship.com https://cdn.segment.com https://cdn.matomo.cloud/ https://cegos.matomo.cloud/ https://*.clarity.ms https://accounts.google.com https://*.easy-lms.com; object-src 'self'; base-uri 'none'; 1
default-src * data: 'unsafe-inline' 1
form-action https: 'self'; default-src 'self' https: blob:; script-src 'self' https:  blob: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src data: https: 1
default-src 'self' app.cloutly.com https://*.clarity.ms https://stats.g.doubleclick.net https://*.rackcdn.com https://*.googlesyndication.com/ https://googleads.g.doubleclick.net/ https://ourworldindata.org/grapher/ https://edweek.carto.com/builder/ *.languagecourse.net https://widget.getyourguide.com/ https://mc.yandex.ru/watch/ *.twitter.com *.google.com/ *.googleapis.com https://*.google-analytics.com/ https://staticxx.facebook.com https://g.jwpsrv.com https://www.paypal.com/ https://sis.redsys.es/ https://tunein.com/ https://*.youtube.com bid.g.doubleclick.net https://pay.skrill.com *.moneybookers.com https://vt-api.com.es/ www.facebook.com; img-src 'self' data: *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.addtoany.com/ https://static.cloudflareinsights.com/ https://app.cloutly.com https://g.alicdn.com/code/ https://*.clarity.ms https://cdn.tiny.cloud https://cdnjs.cloudflare.com https://www.youtube.com/ https://securepubads.g.doubleclick.net/ https://kit.fontawesome.com/ https://www.googletagservices.com/ https://*.googlesyndication.com/ https://estatic.languagecourse.net/ https://instant.page/ https://*.getyourguide.com/ https://bat.bing.com/ https://mc.yandex.ru/metrika/tag.js *.twimg.com *.gstatic.com *.google.com *.twitter.com https://code.jquery.com https://www.googletagmanager.com https://s.ytimg.com/ https://ssl.p.jwpcdn.com https://content.jwplatform.com *.googleapis.com *.google-analytics.com connect.facebook.net https://unpkg.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.googletagmanager.com maxcdn.bootstrapcdn.com *.cloudflare.com apis.google.com; font-src 'self' https://unpkg.com/bootstrap@3.4.1/ https://estatic.languagecourse.net https://cdnjs.cloudflare.com https://kit-free.fontawesome.com/ ssl.p.jwpcdn.com fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com https://estatic.languagecourse.net; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdnjs.cloudflare.com *.twimg.com *.twitter.com https://kit-free.fontawesome.com https://unpkg.com/ https://ssl.p.jwpcdn.com fonts.googleapis.com code.jquery.com *.bootstrapcdn.com https://estatic.languagecourse.net/ 1
frame-ancestors 'self' https://*.vaasa.fi https://*.waltti.fi 1
object-src 'self' *.vietcap.com.vn www.googletagmanager.com www.gstatic.com www.google-analytics.com sp.zalo.me za.zdn.vn connect.facebook.net www.google.com static.hotjar.com script.hotjar.com code.jquery.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com deqik.com static.amcdn.vn media1.admicro.vn static.contineljs.com www.googleadservices.com g.doubleclick.net googleads.g.doubleclick.net cdn.jsdelivr.net; frame-ancestors 'self' 1
img-src 'self' *.stackadapt.com *.adnxs.com *.bidswitch.net *.omappapi.com *.clarity.ms *.pushcrew.com *.rlcdn.com *.clickagy.com *.superpinkday.com *.doubleclick.net *.vimeocdn.com www.alertlogic.com www.google.com *.amazonaws.com *.wpengine.com  *.google-analytics.com *.youtube.com  *.techtarget.com *.vimeo.com cdn.bizible.com *.visualwebsiteoptimizer.com b.6sc.co secure.gravatar.com www.facebook.com *.linkedin.com t.co *.bing.com *.adsymptotic.com and alertlogic.sc.omtrdc.net cdn.cookielaw.org cdn.bizibly.com okt.to *.techtarget.com www.googletagmanager.com ps.w.org *.quora.com fonts.gstatic.com *.neverbounce.com *.twitter.com *.clearbitjs.com *.trustarc.com *.adroll.com *.fortra.com *.company-target.com *.yahoo.com *.pubmatic.com *.3lift.com *.taboola.com *.openx.net *.outbrain.com *.casalemedia.com *.rubiconproject.com *.reson8.com *.g2crowd.com data: 'unsafe-inline' 'unsafe-eval' data:; 1
default-src 'self' https://online.pubhtml5.com/ https://www.google.com/recaptcha/api.js https://vimeo.com/825628046?share=copy; script-src 'self' https://player.vimeo.com/api/player.js https://www.google.com/recaptcha/api.js?render=explicit www.googletagmanager.com platform.twitter.com ajax.googleapis.com www.google-analytics.com cdnjs.cloudflare.com www.gstatic.com 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' ; font-src 'self' fonts.gstatic.com data:; img-src 'self' secure.gravatar.com https: data:; style-src 'self' cdnjs.cloudflare.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; connect-src 'self' https://vimeo.com/api/oembed.json?url=https%3A%2F%2Fvimeo.com%2F823530183&id=823530183&autoplay=false https://region1.google-analytics.com/g/collect?v=2&tid=G-CRBVQ0QFQB www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' platform.twitter.com app.powerbi.com eqaoweb.eqao.com maps.google.com www.google.com https://online.pubhtml5.com/ player.vimeo.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistiek.rijksoverheid.nl https://*.mopinion.com; img-src 'self' data: https://statistiek.rijksoverheid.nl; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.mopinion.com; font-src 'self' https://themes.googleusercontent.com https://*.mopinion.com; media-src 'self'; child-src 'self'; object-src 'self'; frame-src 'self' https://statistiek.rijksoverheid.nl https://www.youtube.com https://www.youtube-nocookie.com; connect-src 'self' https://statistiek.rijksoverheid.nl https://*.mopinion.com; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.calendly.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.hsforms.net *.hsforms.com *.hsleadflows.net *.hscollectedforms.net *.hubspot.com https://cdn.calconic.com/static/js/calconic.min.js https://cdn.omniconvert.com/ https://cdnjs.cloudflare.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.g.doubleclick.net https://js.usemessages.com https://sc.lfeeder.com https://snap.licdn.com https://static.ads-twitter.com https://tag.demandbase.com https://*.google-analytics.com https://www.googleoptimize.com/optimize.js https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://www.vimeo.com https://vimeo.com https://www.youtube.com https://js.monitor.azure.com https://*.hotjar.com https://www.gstatic.com https://static.hotjar.com; style-src 'unsafe-inline' 'self' https://cdnjs.cloudflare.com https://*.calendly.com https://*.googleapis.com https://growcreate.co.uk; object-src 'none'; base-uri 'self'; connect-src 'self' *.hubapi.com *.hubspot.com *.hsforms.com *.hscollectedforms.net *.hotjar.io https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.co.uk https://www.google.com https://app.omniconvert.com https://consentcdn.cookiebot.com https://growcreate.co.uk https://our.umbraco.com https://px.ads.linkedin.com https://tag-logger.demandbase.com https://vimeo.com https://api.company-target.com *.calconic.com https://*.applicationinsights.azure.com https://pagead2.googlesyndication.com wss://ws.hotjar.com https://calendly.com; font-src 'self' data: https://*.gstatic.com; frame-src 'self' *.hs-sites.com *.hubspot.com *.hsforms.net *.hsforms.com https://calendly.com https://www.google.com https://consentcdn.cookiebot.com https://player.vimeo.com https://s.company-target.com https://td.doubleclick.net youtube.com www.youtube.com https://marketplace.umbraco.com; child-src *.hsforms.com; img-src 'self' data: *.hubspotusercontent-na1.net *.hsforms.com *.hsforms.net *.hubspot.com https://id.rlcdn.com https://imgsct.cookiebot.com https://our.umbraco.com https://px.ads.linkedin.com https://raw.githubusercontent.com https://tr.lfeeder.com https://www.google.co.uk https://www.google.pt https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://analytics.twitter.com https://t.co https://i.ytimg.com https://github.com https://www.github.com https://www.bing.com https://dashboard.umbraco.com https://pagead2.googlesyndication.com https://static.hsappstatic.net https://assets.calendly.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src 'self'; base-uri 'self'; form-action 'self'; frame-src 'self'; frame-ancestors 'self' 1
upgrade-insecure-requests; object-src 'none'; base-uri 'self'; frame-src 'self' https://www.youtube.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css; font-src 'self' https://fonts.gstatic.com data:; 1
frame-ancestors 'self' *.storyblok.com 1
default-src 'self' https://api.ipify.org https://*.googlesyndication.com https://*.matterport.com https://matterport.com https://*.o2arena.cz https://*.oarena.local https://*.o2universum.cz https://*.twimg.com https://*.twitter.com https://*.lightwidget.com https://lightwidget.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com https://*.googleadservices.com https://*.gstatic.com https://*.google.cz https://*.doubleclick.net https://*.youtube.com https://*.ticketportal.cz https://*.instagram.com https://*.twitter.com https://*.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://*.matterport.com https://matterport.com https://*.o2arena.cz https://*.oarena.local https://*.o2universum.cz https://*.twimg.com https://*.twitter.com https://*.lightwidget.com https://lightwidget.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com https://*.googleadservices.com https://*.gstatic.com https://*.google.cz https://*.cloudflare.com https://*.instagram.com https://*.twitter.com https://*.gstatic.com https://www.facebook.com https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.net https://*.googleadservices.com https://*.google.com https://lightwidget.com https://*.twitter.com https://*.doubleclick.net https://cdn.lightwidget.com https://*.cloudflare.com https://*.gstatic.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://*.o2arena.cz https://*.oarena.local https://*.o2universum.cz https://*.twimg.com https://*.twitter.com https://*.lightwidget.com https://lightwidget.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com https://*.googleadservices.com https://*.gstatic.com https://*.google.cz https://*.cloudflare.com https://*.gstatic.com; img-src 'self' 'unsafe-inline' https: data: https://*.o2universum.cz https://o2universum.cz https://*.o2arena.cz https://*.oarena.local https://*.o2universum.cz https://*.twimg.com https://*.twitter.com https://*.lightwidget.com https://lightwidget.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com https://*.googleadservices.com https://*.gstatic.com https://*.google.cz https://*.instagram.com https://*.twitter.com https://*.gstatic.com; font-src 'self' https: data: https://*.googleapis.com https://*.gstatic.com https://*.o2.co.uk; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self' data: *.umbraco.org api.pwnedpasswords.com *.hotjar.com services.postcodeanywhere.co.uk *.google-analytics.com www2.theticketfactory.com connect.facebook.net *.facebook.com https://fbanalytics.theticketfactory.com ccocauth.10digital.co.uk *.coventry2021.co.uk *.doubleclick.net *.googleadservices.com *.google.co.uk *.google.com s.salecycle.com i.salecycle.com c.salecycle.com ws.salecycle.com mymachine.salecycle.com:8080 *.onetrust.com *.googlesyndication.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://analytics.tiktok.com *.hotelmap.com *.quantserve.com *.quantcount.com gtm-tp57jc8-ndq4z.uc.r.appspot.com necdigitalteamapi.azurewebsites.net drdhvt9zf1m5e.cloudfront.net https://*.clarity.ms;script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com *.cloudflare.com ajax.aspnetcdn.com bat.bing.com https://clarity.microsoft.com code.jquery.com *.googletagmanager.com *.google-analytics.com cdn.jsdelivr.net connect.facebook.net *.facebook.com theti11119.pcapredict.com *.hotjar.com services.postcodeanywhere.co.uk assets.theticketfactory.com www2.theticketfactory.com *.queue-it.net www2.theticketfactory.com www.dwin1.com cookiesuksouth.blob.core.windows.net geolocation.onetrust.com *.tiktok.com *.twitter.com *.googleadservices.com *.doubleclick.net s.salecycle.com i.salecycle.com c.salecycle.com ws.salecycle.com mymachine.salecycle.com:8080 d16fk4ms6rqz1v.cloudfront.net applepay.cdn-apple.com *.onetrust.com https://*.hotjar.com *.hotelmap.com *.quantserve.com *.quantcount.com gtm-tp57jc8-ndq4z.uc.r.appspot.com necdigitalteamapi.azurewebsites.net drdhvt9zf1m5e.cloudfront.net https://*.clarity.ms;object-src 'self' data: assets.theticketfactory.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com pro.fontawesome.com fast.fonts.net cdn.jsdelivr.net *.theticketfactory.com services.postcodeanywhere.co.uk *.queue-it.net cookiesuksouth.blob.core.windows.net https://*.hotjar.com;img-src 'self' data: www.awin1.com https://*.hotjar.com *;frame-src 'self' *.facebook.com *.servebase.net *.arcot.com *.hotjar.com assets.theticketfactory.com www2.theticketfactory.com *.queue-it.net www2.theticketfactory.com theticketfactory.queue-it.net *.youtube.com *.spotify.com *.tiktok.com *.twitter.com *.10digital.co.uk connect.facebook.net ccocauth.10digital.co.uk *.coventry2021.co.uk *.doubleclick.net s.salecycle.com i.salecycle.com c.salecycle.com ws.salecycle.com mymachine.salecycle.com:8080 *.onetrust.com https://*.hotjar.com *.hotelmap.com *.quantserve.com *.quantcount.com d16fk4ms6rqz1v.cloudfront.net gtm-tp57jc8-ndq4z.uc.r.appspot.com necdigitalteamapi.azurewebsites.net drdhvt9zf1m5e.cloudfront.net;font-src 'self' data: fonts.gstatic.com pro.fontawesome.com fast.fonts.net *.hotjar.com fonts.gstatic.com applepay.cdn-apple.com https://*.hotjar.com;report-uri https://theticketfactory.report-uri.com/r/d/csp/enforce 1
default-src 'self' *.bootstrapcdn.com/font-awesome/ *.cookiebot.com *.hotjar.com *.visualstudio.com;              script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aspnetcdn.com *.azure.com *.bootstrapcdn.com/font-awesome/ *.cookiebot.com *.datatables.net *.fortawesome.com *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.jquery.com *.jsdelivr.net *.mouseflow.com *.msecnd.net *.sharethis.com *.typekit.net *.youtube.com;              style-src 'self' 'unsafe-inline' *.bootstrapcdn.com/font-awesome/ *.cookiebot.com *.datatables.net *.fortawesome.com *.typography.com *.typekit.net;              frame-src 'self' *.arcgis.com *.cookiebot.com *.cyfoethnaturiolcymru.gov.uk *.google.com *.googletagmanager.com *.hotjar.com *.powerbi.com *.youtube.com;              font-src 'self' data: *.bootstrapcdn.com *.hotjar.com *.typekit.net;              img-src 'self' data: *.azureedge.net *.cyfoethnaturiol.cymru *.google-analytics.com *.hotjar.com *.naturalresources.wales *.sharethis.com *.umbraco.com *.ytimg.com;              connect-src 'self' ws: wss: *.azure.com *.cookiebot.com *.doubleclick.net *.google-analytics.com *.hotjar.com *.hotjar.io *.sharethis.com *.visualstudio.com;              worker-src blob:;              upgrade-insecure-requests 1
default-src 'self' https: blob: https://client-api.arkoselabs.com/ https://check3.tiaabank.com/ https://h.online-metrix.net/ https://12761246.fls.doubleclick.net/ https://td.doubleclick.net/ https://www.google.com/ https://cdn-prod.securiti.ai/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://analytics.google.com/ https://ad.doubleclick.net/ https://px.ads.linkedin.com/ https://assets.contentstack.io/ https://ingesteer.services-prod.nsvcs.net/ https://app.netlify.com/ https://gateway.zscalertwo.net/ https://www.googletagmanager.com/ https://content.hotjar.io/ https://metrics.hotjar.io/ wss://ws.hotjar.com/ https://app.securiti.ai/ https://stats.g.doubleclick.net *.fiscloudservices.com; script-src 'self' 'unsafe-eval' 'nonce-NDBmMjU0NTQtZjdlNC00ZTMwLWIxOGItNTdlNDc5NWNkNjQ0' 'unsafe-inline' 'strict-dynamic' https://check3.tiaabank.com/; script-src-elem 'self' 'unsafe-inline' https: assets.contentstack.io netlify-cdp-loader.netlify.app netlify-rum.netlify.app client-api.arkoselabs.com gateway.zscalertwo.net www.googletagmanager.com cdn-prod.securiti.ai static.hotjar.com snap.licdn.com bat.bing.com googleads.g.doubleclick.net connect.facebook.net script.hotjar.com check3.tiaabank.com action.dstillery.com action.media6degrees.com www.googleadservices.com players.brightcove.net; style-src 'self' 'nonce-NDBmMjU0NTQtZjdlNC00ZTMwLWIxOGItNTdlNDc5NWNkNjQ0'; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://cdn-prod.securiti.ai/ https://gateway.zscalertwo.net/ https://www.googletagmanager.com/ https://cdn-prod.securiti.ai/ https://static.hotjar.com/ https://snap.licdn.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://action.dstillery.com https://www.googleadservices.com/ https://action.media6degrees.com/ https://www.googleadservices.com/; img-src 'self' blob: data: https: images.contentstack.io check3.tiaabank.com ad.doubleclick.net www.google.com www.googletagmanager.com px.ads.linkedin.com bat.bing.com www.facebook.com www.linkedin.com *.d.aa.online-metrix.net gateway.zscalertwo.net action.dstillery.com www.googleadservices.com apply.everbank.com action.media6degrees.com metrics.brightcove.com; font-src 'self' data:; object-src 'self' blob:; base-uri 'self'; form-action *; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; frame-src 'self' 'nonce-NDBmMjU0NTQtZjdlNC00ZTMwLWIxOGItNTdlNDc5NWNkNjQ0' https: https://app.netlify.com/ https://client-api.arkoselabs.com/ https://gateway.zscalertwo.net/ https://12761246.fls.doubleclick.net/ https://td.doubleclick.net/ https://check3.tiaabank.com/ https://h.online-metrix.net/ https://tiaacref.locatorsearch.net/ https://0.fls.doubleclick.net; connect-src 'self' wss: https: cdn-prod.securiti.ai app.securiti.ai ws.hotjar.com *.hotjar.io px.ads.linkedin.com www.google.com check3.tiaabank.com ingesteer.services-prod.nsvcs.net googleads.g.doubleclick.net www.google-analytics.com analytics.google.com bat.bing.com apply.everbank.com stats.g.doubleclick.net vc.hotjar.io *.algolia.net insights.algolia.io ookh1nfe65-2.algolianet.com ookh1nfe65-1.algolianet.com ookh1nfe65-3.algolianet.com edge.api.brightcove.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.pricespider.com *.hotjar.com *.1worldsync.com srv.stackadapt.com east.srv.stackadapt.com uw.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com api.tiles.mapbox.com bat.bing.com cdnjs.cloudflare.com cdn.cookielaw.org code.jquery.com connect.facebook.net googleads.g.doubleclick.net j.6sc.co malsup.github.io maxcdn.bootstrapcdn.com munchkin.marketo.net snap.licdn.com static.cloud.coveo.com stats.sa-as.com tags.srv.stackadapt.com twin-iq.kickfire.com ui.powerreviews.com us-st.smartassistant.com use.typekit.net ws.zoominfo.com www.googletagmanager.com www.google-analytics.com www.youtube.com ; style-src 'self' 'unsafe-inline' *.marketo.com *.pricespider.com *.1worldsync.com api.tiles.mapbox.com cdnjs.cloudflare.com code.jquery.com maxcdn.bootstrapcdn.com tags.srv.stackadapt.com ui.powerreviews.com us-st.smartassistant.com *.typekit.net ; img-src 'self' data: blob: *.1worldsync.com bat.bing.com b.6sc.co cdn.pricespider.com connect.facebook.net embeddedcloud.pricespider.com gojo.liquifire.com i.ytimg.com img.youtube.com p.typekit.net px.ads.linkedin.com px4.ads.linkedin.com res.cloudinary.com stats.sa-as.com *.powerreviews.com twin-iq.kickfire.com us-st.smartassistant.com us-st3-bucket.s3.amazonaws.com www.facebook.com www.google-analytics.com www.google.com www.googletagmanager.com www.linkedin.com http://images.salsify.com ; media-src 'self' *.s3.amazonaws.com player.vimeo.com ; frame-src 'self' *.marketo.com *.hotjar.com airtable.com td.doubleclick.net ww2.gojo.com www.youtube.com www.facebook.com *.linkedin.com *.onetrust.com ; connect-src 'self' wss: *.6sc.co *.hotjar.com *.hotjar.io *.marketo.com *.onetrust.com *.tiles.mapbox.com 180-zia-109.mktoresp.com analytics.google.com api.mapbox.com cdn.cookielaw.org cdn.linkedin.oribi.io display.powerreviews.com events.mapbox.com gojo.com secure.adnxs.com stats.g.doubleclick.net tags.srv.stackadapt.com px.ads.linkedin.com ui.powerreviews.com ws.zoominfo.com www.facebook.com www.gojo.com www.google-analytics.com ; font-src 'self' *.cloudfront.net *.1worldsync.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com use.typekit.net ; worker-src blob: ; child-src blob: ; 1
default-src updates-np.ep.com updates.ep.com www.google.com www.gstatic.com *.pendo.io pendo-static-4766602228924416.storage.googleapis.com pendo-io-static.storage.googleapis.com cdn.cookielaw.org 'self' 'unsafe-inline' 'unsafe-eval' blob: ; img-src 'self' data: blob: *.pendo.io pendo-static-4766602228924416.storage.googleapis.com; frame-ancestors 'self' https://www.ep.com https://shop.ep.com app.pendo.io 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.swiftmedical.com swiftmedical.com *.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com https://api.hubspot.com https://*.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.hs-banner.com *.hsleadflows.net *.hsadspixel.net *.hs-analytics.net *.hsforms.net *.usemessages.com static.hsappstatic.net *.hs-scripts.com *.hubspot.com cdn2.hubspot.net *.hubspot.net *.hsleadflows.net *.hsforms.com https://www.googletagmanager.com https://code.createjs.com https://connect.facebook.net https://j.6sc.co https://snap.licdn.com https://bat.bing.com https://static.ads-twitter.com https://googleads.g.doubleclick.net https://www.google-analytics.com; style-src 'self' 'unsafe-inline' *.hsforms.net no-cache.hubspot.com *.hubspot.com *.hubspot.net https://*.typekit.net https://cdn.jsdelivr.net; img-src 'self' data: swiftmedical.com secure.gravatar.com *.hsforms.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net; frame-src 'self' *.hubspot.com *.hs-sites.com *.hubspot.net *.hsforms.net *.hsforms.com *.googletagmanager.com; object-src 'none'; base-uri 'none'; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://analytics.google.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://api.hubspot.com https://api.hubapi.com https://cta-service-cms2.hubspot.com https://px.ads.linkedin.com https://ipv6.6sc.co https://epsilon.6sense.com https://forms.hubspot.com https://bat.bing.com; 1
default-src 'self'; connect-src 'self' https://js.stripe.com/ https://www.google-analytics.com https://q.quora.com https://cdn.linkedin.oribi.io https://pagead2.googlesyndication.com data:; img-src 'self' https://www.google-analytics.com/ https://cdn.shopify.com https://apps.shopifycdn.com https://images.editor.website https://*.bigcommerce.com https://run.pstmn.io https://*.quora.com data: *; frame-ancestors 'self' ; frame-src 'self' https://js.stripe.com https://www.google.com https://player.vimeo.com https://td.doubleclick.net; font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ data:; script-src 'self' https://www.google-analytics.com/ https://js.stripe.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://a.quora.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://snap.licdn.com https://googleads.g.doubleclick.net https://www.googleadservices.com 'unsafe-eval' 'unsafe-inline' data:; style-src 'self' https://fonts.googleapis.com/ https://sdks.shopifycdn.com 'unsafe-inline' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com/ https://img.en25.com/ *.s3.amazonaws.com *.optimizely.com *.doubleclick.net https://connect.facebook.net https://www.googleadservices.com/ https://sc-static.net https://browser-update.org https://cdn.cookielaw.org *.salesforceliveagent.com ttps://browser-update.org/ https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://geolocation.onetrust.com https://*.crazyegg.com https://www.google-analytics.com https://cdn.siteimprove.net https://unpkg.com https://*.siteimprove.com *.youtube.com https://*.userzoom.com https://cdn.jsdelivr.net/ https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.hypemarks.com https://gba4ya26.micpn.com/p/js/ https://tr.snapchat.com/config/ https://www.google.com/pagead/ https://bat.bing.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://analytics.tiktok.com https://m5srpdpi.micpn.com https://tags.crwdcntrl.net https://ynnpkxoz.micpn.com https://tag.demandbase.com https://mi.chamberlain.edu https://static.hotjar.com https://s.adroll.com https://script.hotjar.com https://d.adroll.com https://marvel-b2-cdn.bc0a.com https://geoip-js.com *.avaamo.com https://munchkin.marketo.net https://ict.infinity-tracking.net https://js.adsrvr.org https://s.yimg.com https://waldenuniversity.referralrock.com https://cdn.mouseflow.com https://tag.mtrcs.samba.tv https://pixel.mathtag.com https://bs.serving-sys.com https://secure-ds.serving-sys.com https://pixel.admedia.com *.googlesyndication.com *.storelocatorwidgets.com https://ajax.googleapis.com https://home-c20.incontact.com https://gateway.on24.com https://www.riddle.com/ *.b0e8.com https://embedr.flickr.com https://widgets.flickr.com *.infinity-tracking.com https://c.hrzn-nxt.com https://public.flourish.studio https://www.redditstatic.com t.contentsquare.net app.contentsquare.com https://www.esyoh.com https://laureateone--l1dev.sandbox.my.salesforce.com https://laureateone--l1dev.sandbox.my.site.com/ https://laureateone--l1dev.sandbox.file.force.com/ https://cdn.pbbl.co https://img04.en25.com https://static.cloudflareinsights.com/ https://cdn.unibuddy.co *.mnixdata.com https://optimizely-hrd.appspot.com https://aa.trkn.us; base-uri 'none'; form-action 'self' https://www.facebook.com https://tr.snapchat.com *.salesforceliveagent.com https://rossu.secure.force.com https://auc--fullsanbox.sandbox.my.salesforce.com https://test.salesforce.com https://login.salesforce.com https://rossu.my.salesforce.com/ https://laureateone--l1dev.sandbox.my.salesforce.com https://laureateone--l1dev.sandbox.my.site.com/ https://laureateone--l1dev.sandbox.file.force.com/; object-src 'none'; style-src 'self' 'unsafe-inline' https://p.typekit.net/ https://cdn.jsdelivr.net/ https://hello.myfonts.net/ https://fast.fonts.net/ https://cdnjs.cloudflare.com/ https://optimize.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com *.mapbox.com https://cdn.storelocatorwidgets.com *.googletagmanager.com https://*.crazyegg.com  https://laureateone--l1dev.sandbox.my.salesforce.com https://laureateone--l1dev.sandbox.my.site.com/ https://laureateone--l1dev.sandbox.file.force.com/ https://unpkg.com; img-src 'self' data: https://tr.snapchat.com/ *.salesforceliveagent.com https://www.facebook.com/ https://webtracking.aucmed.edu/ *.google.com *.google.com.br *.google.com.uk *.google.com.ca *.google.com.fr *.google-analytics.com *.ytimg.com *.siteimproveanalytics.io https://americanuniversityofcarribean.secure.force.com https://cdn.jsdelivr.net/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/pagead/ https://bat.bing.com/ https://www.adtalem.com/ https://*.linkedin.com/ https://t.co/ https://analytics.twitter.com/ https://www.google-analytics.com https://optimize.google.com https://webtracking.medical.rossu.edu https://analytics.tiktok.com https://rossu.secure.force.com https://webtrackingvet.rossu.edu https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com https://ipv4.d.adroll.com https://pt.ispot.tv *.amazonaws.com https://sp.analytics.yahoo.com https://webtracking.chamberlain.edu https://pixel.mtrcs.samba.tv https://cu.secure.force.com https://bidagent.xad.com https://data.adxcel-ec2.com https://pixel.mathtag.com https://cdnjs.cloudflare.com https://img.storelocatorwidgets.com https://www.googleadservices.com https://arttrk.com ads-api.twitter.com analytics.twitter.com  ads-twitter.com https://bam.nr-data.net *.cookielaw.org *.b0e8.com *.salesforce-sites.com https://trkn.us *.contentsquare.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://live.staticflickr.com https://d.adroll.com https://ad.doubleclick.net https://public.flourish.studio https://l.hrzn-nxt.com https://alb.reddit.com https://analytics.pangle-ads.com https://laureateone--l1dev.sandbox.lightning.force.com/ https://px0.pbbl.co https://aa.agkn.com *.t.eloqua.com/ *.my.site.com/; media-src 'self' *.avaamo.com; frame-src 'self' *.youtube.com https://www.facebook.com/ *.doubleclick.net https://tr.snapchat.com https://vr.showmecaribbean.com/ https://e.issuu.com/ https://optimize.google.com *.cdn.optimizely.com https://waldenuniversity.referralrock.com https://insight.adsrvr.org https://s.amazon-adsystem.com https://match.adsrvr.org https://pixel.mathtag.com https://cdn.hypemarks.com https://widget.spreaker.com https://app.calconic.com https://www.google.com *.avaamo.com https://home-c20.incontact.com https://www.riddle.com https://gateway.on24.com https://cdn.yoshki.com https://massinteract.com https://www.flickr.com https://*.siteimprove.com https://public.flourish.studio https://flo.uri.sh https://www.massinteract.com https://cdn.pbbl.co https://img04.en25.com https://static.cloudflareinsights.com/ https://cdn.unibuddy.co https://unibuddy.co https://events.waldenu.edu https://investors.adtalem.com https://aa.trkn.us; frame-ancestors 'self'; child-src 'self' *.youtube.com blob:; font-src 'self' https://themes.googleusercontent.com https://use.typekit.net https://fonts.gstatic.com *.avaamo.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://cdn.storelocatorwidgets.com https://cdn.mouseflow.com ; connect-src 'self' wss://wsp43.hotjar.com https://gtm.waldenu.edu https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.siteimprove.com/ https://*.crazyegg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tr.snapchat.com/ https://analytics.google.com https://bam.nr-data.net https://ipinfo.io https://www.facebook.com/tr/ https://analytics.tiktok.com https://cdn.linkedin.oribi.io *.optimizely.com https://api.company-target.com https://vc.hotjar.io https://wsp43.hotjar.com https://s.yimg.com *.mktoresp.com https://ict.infinity-tracking.net https://nas.lon.infinity-tracking.net https://pixel.mtrcs.samba.tv https://in.hotjar.com https://segments.company-target.com https://geoip-js.com *.mouseflow.com https://api.tintup.com *.amazonaws.com https://ad.doubleclick.net https://pixel.admedia.com *.mapbox.com *.storelocatorwidgets.com ads-api.twitter.com ads-twitter.com analytics.twitter.com https://917-jig-558.mktoutil.com *.infinity-tracking.com *.contentsquare.net *.googlesyndication.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://embedr.flickr.com https://bat.bing.com https://discover.waldenu.edu https://www.esyoh.com https://gtm.chamberlain.edu https://gtm.aucmed.edu https://gtm.veterinary.rossu.edu https://gtm.medical.rossu.edu https://analytics.pangle-ads.com https://laureateone--l1dev.sandbox.my.salesforce.com https://laureateone--l1dev.sandbox.my.site.com/ https://laureateone--l1dev.sandbox.file.force.com/ https://px.ads.linkedin.com/ https://tr6.snapchat.com/ *.mnixdata.com https://integrations.optimizely-edge.com https://www.redditstatic.com https://conversions-config.reddit.com https://www.redditstatic.com *.reddit.com; report-uri /report-csp-violation 1
frame-ancestors 'self'; default-src 'self'; script-src 'report-sample' 'self' 'sha256-RPumnIR7FSgARDKw3/EMqdUO6scixVqjLq5BJ+esrKo=' 'sha256-UUocpuYdHXKmRArOq2g+5vVfCUSoGLiRvU5+S+u9TyQ=' 'sha256-usO+SxBGZw3RCz0Rpfwf+8+5iN8cofLTWeCizSzA0UA=' https://kit.fontawesome.com/688cf5a923.js; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://ka-f.fontawesome.com; font-src 'self' https://fonts.gstatic.com https://ka-f.fontawesome.com; frame-src 'self'; img-src 'self' data:; manifest-src 'self'; media-src 'self'; report-uri https://65650021ce75a73f0a40442b.endpoint.csper.io/?v=1; worker-src 'none'; 1
frame-ancestors 'self' https://*.ph-karlsruhe.de; 1
font-src fonts.gstatic.com *.klaviyo.com data: *.walmartimages.com *.googleapis.com *.gstatic.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com pay.realexpayments.com pay.sandbox.realexpayments.com *.realexpayments.com *.canadapost.ca https://sso.epost.ca *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.zdassets.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 11442927.fls.doubleclick.net *.doubleclick.net fls.doubleclick.net *.fls.doubleclick.net *.facebook.com *.pinterest.com *.adsrvr.org *.pinterest.ca *.cdn-btsg.com h.online-metrix.net static.olark.com imgs.signifyd.com www.google.com pay.realexpayments.com pay.sandbox.realexpayments.com *.realexpayments.com www.mrtesting.com www.myregistry.com blob: *.pinterdev.com commerce-app.pintergration.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com maps.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.zdassets.com *.zendesk.com *.mediaiqdigital.com *.doubleclick.net *.fls.doubleclick.net *.adnxs.com *.bing.com *.pinterest.com *.clarity.ms *.google.com.vn *.cloudfront.net *.adsrvr.org *.google.com *.kitchenstuffplus.com *.klevu.com *.ksearchnet.com placekitten.com *.cdn-btsg.com *.analytics.yahoo.com log.olark.com www.google.ca maps.gstatic.com cdn.bronto.com *.flippback.com *.flippenterprise.net *.wishabi.net *.pinterdev.com *.pinimg.com commerce-app.pintergration.com mageside.com *.canadapost.ca *.googleapis.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com developers.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.zdassets.com *.smooch.io wss://api.smooch.io *.googleapis.com *.klaviyo.com *.pinimg.com *.adsrvr.org *.clarity.ms *.doubleclick.net *.g.doubleclick.net *.klevu.com *.tiktok.com *.cdn-btsg.com api.olark.com *.luckyorange.com static.olark.com assets.olark.com cdn.bronto.com snip.bronto.com js-agent.newrelic.com bam.nr-data.net www.gstatic.com knrpc.olark.com www.google.com bat.bing.com www.myregistry.com www.mrtesting.com *.flippenterprise.net blob: *.pinterest.com *.pinterdev.com commerce-app.pintergration.com *.google.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.ksearchnet.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klaviyo.com static.olark.com *.flippenterprise.net *.googleapis.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.olark.com imgs.signifyd.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.smooch.io wss://api.smooch.io *.zendesk.com *.youtube.com *.googleapis.com *.klaviyo.com *.pinterest.com *.clarity.ms *.zdassets.com *.klevu.com *.ksearchnet.com *.google.com *.tiktok.com *.cdn-btsg.com wss://in.visitors.live wss://realtime.luckyorange.com *.luckyorange.com imgs.signifyd.com stats.g.doubleclick.net knrpc.olark.com fiddler.brontops.com maw.bronto.com bt.signifyd.com:11103 bam.nr-data.net *.flippenterprise.net *.flippback.com *.flipp.com *.pinterdev.com commerce-app.pintergration.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src blob: 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * 'unsafe-eval' 'unsafe-inline' blob: data: ; frame-src *; frame-ancestors 'self' https://*.googleapis.com https://*.rifleshootermag.com http://*.rifleshootermag.com https://*.androidplatform.net https://*.twixlmedia.com/ http://*.twixlmedia.com https://us.content.twixlmedia.com https://*.akamaized.net http://*.akamaized.net https://*.osgnetworks.tv file://* filesystem:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.hs-scripts.com/ https://js.hscollectedforms.net/collectedforms.js https://js.hs-banner.com https://js.hs-analytics.net/ https://cdn.cookielaw.org https://connect.facebook.net https://snap.licdn.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://fcc.websol.barchart.com https://acrobatservices.adobe.com https://cdn.jsdelivr.net https://*.clarity.ms https://netlify-cdp-loader.netlify.app https://cdnjs.cloudflare.com/ajax/libs/mathjax/3.2.2/es5/tex-mml-chtml.js https://netlify-rum.netlify.app; img-src 'self' https://forms.hsforms.com/ https://track.hubspot.com https://px.ads.linkedin.com https://cdn.cookielaw.org https://*.bing.com https://www.googletagmanager.com https://*.clarity.ms https://*.googleapis.com https://*.gstatic.com *.google.com https://www.google.ca *.googleusercontent.com data: https://www.facebook.com https://www.google-analytics.com https://images.ctfassets.net https://api.mapbox.com https://img.youtube.com https://img.evbuc.com https://*.ytimg.com; frame-src 'self' https://form.typeform.com *.google.com https://fcc.websol.barchart.com https://www.youtube.com https://www.youtube.com https://acrobatservices.adobe.com https://cdn.knightlab.com https://td.doubleclick.net https://app.netlify.com/; frame-ancestors 'self' https://app.stackbit.com https://app.netlify.com/; connect-src 'self' https://forms.hscollectedforms.net https://px.ads.linkedin.com https://ingesteer.services-prod.nsvcs.net/rum_collection https://cdn.cookielaw.org https://privacyportal-ca.onetrust.com https://geolocation.onetrust.com https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://www.google-analytics.com https://cdn.contentful.com https://graphql.contentful.com https://*.algolia.net https://*.algolianet.com https://assets.ctfassets.net https://downloads.ctfassets.net https://viewlicense.adobe.io/viewsdklicense/jwt https://webhook.gatsbyjs.com/ https://analytics.gatsbyjs.com/ https://stats.g.doubleclick.net https://*.clarity.ms https://preview.contentful.com; font-src https://fonts.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/mathjax/3.2.2/es5/output/chtml/fonts/; style-src 'self' 'unsafe-inline' https://connect.facebook.net https://www.googletagmanager.com https://fonts.googleapis.com platform.twitter.com ton.twimg.com embed.typeform.com; media-src https://downloads.ctfassets.net/ https://assets.ctfassets.net; form-action 'self' https://fcc-fac.us4.list-manage.com/subscribe/post https://fac-fcc.us4.list-manage.com/subscribe/post https://*.fcc-fac.ca 1
frame-ancestors https://*.facebook.com https://www.google.com https://integrations.ampifyme.com https://api.shopsheriff.com https://*.shopifypreview.com https://*.superchargify.com https://admin.shopify.com https://trustapps.co https://reviews.trustapps.co https://*.trustapps.co  https://*.myshopify.com https://*.shopifyapps.com *; 1
frame-ancestors 'none'; style-src 'self' 'unsafe-inline' https://optanon.blob.core.windows.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://geolocation.onetrust.com https://www.google-analytics.com https://www.googletagmanager.com https://optanon.blob.core.windows.net https://code.jquery.com; img-src 'self' data: https://api.mapbox.com https://www.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://api.mapbox.com; object-src 'self'; default-src 'self'; frame-src 'self' https://www.youtube.com; 1
script-src 'self'; frame-ancestors 'self'; object-src 'none'; media-src 'none'; connect-src 'self'; base-uri 'self'; 1
script-src 'self' http://cdwsam.com 'unsafe-inline' 1
style-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.kampyle.com https://fonts.googleapis.com https://optimize.google.com https://fonts.googleapis.com; img-src 'self' data: https://directus-p.prod.dfgnrk.aws.generali-cloud.it ade.googlesyndication.com region1.google-analytics.com region1.analytics.google.com https://*.kampyle.com https://optanon.blob.core.windows.net www.googletagmanager.com https://cdn.cookielaw.org https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://i.ytimg.com/ https://optimize.google.com https://*.google.com https://*.google.it https://*.doubleclick.net pagead2.googlesyndication.com; connect-src 'self' https://*.doubleclick.net *.googletagmanager.com *.google.com/pagead/landing pagead2.googlesyndication.com https://www.genertel.it/preventivo/ajax/recuperaAttestatoDiRischio https://*.kampyle.com region1.google-analytics.com region1.analytics.google.com https://*.onetrust.com https://*.google.com https://*.google.it https://maps.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.genertel.it/bp/DynaGate.do https://firebaseinstallations.googleapis.com https://firebaseremoteconfig.googleapis.com https://firebaselogging-pa.googleapis.com https://idcs-d2faa85e846c427eab40416f5fd0d09b.identity.oraclecloud.com https://api.genertel.com https://apigateway.generali.it https://cdn.cookielaw.org https://www.googletagmanager.com https://cdn.ampproject.org; font-src 'self' https://fonts.gstatic.com; frame-src 'self'  https://genertel-booking.acuityscheduling.com https://genertel-booking.acuityscheduling.com googleads.g.doubleclick.net tpc.googlesyndication.com https://*.kampyle.com https://gnrali-gbspeg-prod1.pegacloud.net https://amp.onetrust.mgr.consensu.org https://www.youtube.com https://player.vimeo.com/ https://www.google.com https://optimize.google.com https://*.doubleclick.net; script-src 'self' 'unsafe-eval' 'sha256-CIv65byxCO8mtfyoF2L6mF4g7LmTeHEDz92oW+X5/fY=' 'sha256-3/mNUpqF9X/gMYE+bOG6g8d6I32wdYdWwWuAk90mPCM=' https://www.googleoptimize.com https://*.kampyle.com https://optimize.google.com www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://cdn.ampproject.org https://gnrali-gbspeg-prod1.pegacloud.net https://api.genertel.com https://cdn.cookielaw.org https://geolocation.onetrust.com pagead2.googlesyndication.com; default-src 'self'; object-src 'none'; base-uri 'self' https://*.kampyle.com 1
frame-ancestors 'self' http://www.philips.com.sg *.philips.com *.philips.com.sg https://philipsigtdpv.com 1
default-src 'self' *.mendix.com/ *.mendixcloud.com/ play.vidyard.com/ ;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.googleadservices.com/  https://munchkin.marketo.net/ https://tag.demandbase.com/ https://www.redditstatic.com/ https://googleads.g.doubleclick.net/ https://web-analytics.engagio.com/ https://dn1f1hmdujj40.cloudfront.net/  https://cdn.bizible.com/ https://www.clickcease.com/ https://www.google.com/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ *.mendix.com/ *.mendixcloud.com/ https://js.driftt.com https://fast.appcues.com ; connect-src 'self' *.mendix.com *.mendixcloud.com/ https://729-zyh-434.mktoresp.com/ https://api.company-target.com/  https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://fast.appcues.com wss://api.appcues.net https://api.appcues.net *.algolia.net *.algolianet.com ; font-src 'self' *.mendix.com *.mendixcloud.com/ https://cdnjs.cloudflare.com/ https://s3.amazonaws.com/dock-static.mendix.com/ https://fonts.gstatic.com https://use.typekit.net/ data: ; img-src 'self' https://www.google.com/ https://id.rlcdn.com/ https://segments.company-target.com/ https://alb.reddit.com/ https://match.prod.bidr.io/  https://q.quora.com/ https://cdn.bizible.com/  https://cdn.bizibly.com/  https://www.google.nl/ https://www.googletagmanager.com/ *.mendix.com *.mendixcloud.com/ https://www.google-analytics.com blob: data: res.cloudinary.com/ ; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://fonts.googleapis.com *.mendix.com *.mendixcloud.com/ https://p.typekit.net/ https://use.typekit.net/ https://fast.appcues.com ;  frame-ancestors 'self' https://bid.g.doubleclick.net/ *.mendix.com/ *.mendixcloud.com/ ; base-uri 'self' *.mendix.com/ *.mendixcloud.com/ ; form-action 'self' *.mendix.com/ *.mendixcloud.com/ ; object-src 'self' *.mendix.com/ *.mendixcloud.com/ ; frame-src 'self'  https://js.driftt.com  play.vidyard.com/ ; 1
default-src 'self'; img-src * data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/  https://www.gstatic.com/recaptcha/ https://gateway.zscloud.net gateway.zscalerthree.net zscaler.net https://*.pcipal.cloud https://*.stripe.com/ blob:; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.pcipal.cloud https://www.google.com  accounts.google.com https://www.google.com/recaptcha/  www.gstatic.com/recaptcha/ https://fonts.googleapis.com/css2 *.walkme.com https://gateway.zscloud.net gateway.zscalerthree.net zscaler.net https://*.cardinalcommerce.com/ https://*.stripe.com/ blob:; frame-src * data: 'report-sample'; style-src 'self' 'unsafe-inline' *.walkme.com; report-uri https://pcipal.report-uri.com/r/d/csp/reportOnly; connect-src 'self' wss://pcipal.cloud wss://*.pcipal.cloud https://*.pcipal.cloud:* *.walkme.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com/stag/log https://*.apm.eu-west-1.aws.found.io:* https://*.cardinalcommerce.com/ https://pcipal.report-uri.com/ https://*.stripe.com/; font-src * data:; object-src 'none'; 1
default-src 'self';img-src 'self' http: https: data: blob: *.google.com;font-src 'self' data:;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.the1.co.th *.appsflyer.com *.onelink.me *.googletagservices.com *.doubleclick.net *.google.com *.google.co.th *.googlesyndication.com *.googletagmanager.com;connect-src 'self' *.the1.co.th *.appsflyer.com *.onelink.me *.demdex.net *.doubleclick.net *.googlesyndication.com *.gstatic.com *.google.com *.googleapis.com *.googletagmanager.com;frame-src *.youtube.com *.googlesyndication.com *.google.com *.googletagservices.com;frame-ancestors 'none';object-src 'none' 1
default-src 'self'; script-src * data: https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; media-src *; font-src https://* data:; worker-src * data: blob:; frame-src *; connect-src *; frame-ancestors 'self'; base-uri 'self'; upgrade-insecure-requests 1
default-src 'self';object-src 'self';frame-src 'self' https://consentcdn.cookiebot.eu;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://consentcdn.cookiebot.eu https://consent.cookiebot.eu;style-src 'self' data: 'unsafe-inline';img-src 'self' data: https://img.sct.eu1.usercentrics.eu;font-src 'self' data: 'unsafe-inline';connect-src 'self' https://consentcdn.cookiebot.eu;manifest-src 'self' 1
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; frame-src 'self' www.googletagmanager.com cdn.cookielaw.org costconextcom.bigscoots-staging.com blob:; 1
frame-ancestors 'self'; upgrade-insecure-requests; object-src 'none';base-uri 'none' 1
frame-ancestors 'self' esbroadcom.lookbookhq.com mfbroadcom.lookbookhq.com; script-src 'self' data: blob: https://script.crazyegg.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://ajax.googleapis.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://searchunify.com https://searchunify.broadcom.com https://tag.demandbase.com/9a4d64cf696797e4.min.js https://tag.demandbase.com *.adroll.com *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com *.brightcove.com *.brightcove.net https://images.sw.broadcom.com 'nonce-YjYwZmZjYzY2Mw/MGExMGMxNDUxY2I5N2Y='; object-src 'self'; 1
default-src 'self' 'unsafe-inline' *.ocbc.com *.iocbc.com; script-src 'self' 'unsafe-inline' *.linkedin.com *.bing.com *.iocbc.com *.ocbc.com  src.litix.io fast.wistia.net ssl.google-analytics.com *.google-analytics.com *.googletagmanager.com fast.wistia.com src.litix.io fast.wistia.net pipedream.wistia.com distillery.wistia.com fg8vvsvnieiv3ej16jby.litix.io embed.wistia.com cdn.flipsnack.com embedwistia-a.akamaihd.net *.adobedtm.com *.licdn.com *.googleadservices.com *.facebook.net *.outbrain.com *.youtube.com *.googleapis.com *.doubleclick.net *.sqreemtech.com  *.qualtrics.com *.adobedc.net *.api.marketanalyst.co https://api.marketanalyst.co data:;font-src * data:; connect-src 'self' *.linkedin.com *.google-analytics.com *.doubleclick.net *.demdex.net *.sqreemtech.com  *.qualtrics.com *.adobedc.net *.api.marketanalyst.co https://api.marketanalyst.co; media-src * blob:; img-src * data:; frame-src 'self' cdn.flipsnack.com *.iocbc.com *.ocbc.com fast.wistia.com cdn.flipsnack.com *.doubleclick.net *.sqreemtech.com  *.qualtrics.com *.youtube.com; 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.ayersrockresort.com.au/report-uri/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data:               https://*.hotjar.io                            https://*.hotjar.com              wss://*.hotjar.com               https://*.youtube.com               https://*.youtube-nocookie.com               https://*.ytimg.com               https://*.facebook.net              https://*.facebook.com              https://*.twitter.com              https://*.linkedin.com              https://*.google.com              https://*.google.nl               https://*.google-analytics.com               https://*.googleadservices.com               https://*.jsdelivr.net               https://*.gstatic.com              https://tagmanager.google.com               https://www.googletagmanager.com               https://i.vimeocdn.com               https://fonts.googleapis.com               https://code.jquery.com               https://*.tawk.to               https://*.aspnetcdn.com               https://*.jquery.com              https://*.googleapis.com;                                      frame-src 'self'                            https://*.local                            https://*.botest.nl                            https://*.basicorange.nl                            https://*.upersonal.nl                            https://vars.hotjar.com                            https://*.google.com/                            https://*.youtube.com                            https://*.youtube-nocookie.com; 1
base-uri 'self';default-src 'self' *.voyagersopris.com:443 *.letrs.com:443 letrs.com:443 *.lexiaaspire.com:443 lexiaaspire.com:443  ;script-src 'self' *.voyagersopris.com:443 *.letrs.com:443 letrs.com:443 *.lexiaaspire.com:443 lexiaaspire.com:443  'unsafe-inline' 'unsafe-eval' https://cdn.pendo.io https://data.pendo.io https://pendo-static-6298861489225728.storage.googleapis.com https://pendo-io-static.storage.googleapis.com;style-src 'self' *.voyagersopris.com:443 *.letrs.com:443 letrs.com:443 *.lexiaaspire.com:443 lexiaaspire.com:443  'unsafe-inline' https://cdn.pendo.io https://pendo-static-6298861489225728.storage.googleapis.com;img-src 'self' *.voyagersopris.com:443 *.letrs.com:443 letrs.com:443 *.lexiaaspire.com:443 lexiaaspire.com:443  data: 'unsafe-inline' https://cdn.pendo.io https://data.pendo.io https://pendo-static-6298861489225728.storage.googleapis.com;connect-src 'self' *.voyagersopris.com:443 *.letrs.com:443 letrs.com:443 *.lexiaaspire.com:443 lexiaaspire.com:443  https://cdn.pendo.io https://data.pendo.io https://pendo-static-6298861489225728.storage.googleapis.com;frame-ancestors 'self' *.voyagersopris.com:443 *.letrs.com:443 letrs.com:443 *.lexiaaspire.com:443 lexiaaspire.com:443  ; 1
frame-src *; object-src 'self'; base-uri 'none'; script-src-attr 'unsafe-inline'; script-src 'self' 'unsafe-eval'; script-src-elem *.googleapis.com https://cdn.jsdelivr.net/npm/ https://cdn.cookielaw.org/ https://cdn.matomo.cloud/ *.hotjar.com *.google.com https://plugins.flockler.com/ https://fl-1.cdn.flockler.com https://platform.twitter.com/ https://www.youtube.com/ https://player.ausha.co/ *.gstatic.com 'self' 'unsafe-inline';worker-src blob: 1
default-src 'self' https://*.marutisuzukicommercial.com https://*.azurefd.net https://www.youtube.com https://td.doubleclick.net 'unsafe-inline'; script-src 'self' https://www.youtube.com https://assets.adobedtm.com https://adobedc.demdex.net https://cdn.treasuredata.com https://*.facebook.net https://*.google-analytics.com https://*.marutisuzukicommercial.com https://*.googletagmanager.com 'unsafe-inline'; style-src 'self' https://www.googletagmanager.com https://fonts.googleapis.com https://*.marutisuzukicommercial.com 'unsafe-inline'; img-src 'self' data: https://*.google-analytics.com https://fonts.gstatic.com https://*.googletagmanager.com https://*.google.com https://*.facebook.com https://*.google.co.in https://*.marutisuzukicommercial.com; connect-src 'self' https://in.treasuredata.com https://edge.adobedc.net https://adobedc.demdex.net https://in.treasuredata.com https://ad.doubleclick.net https://10390846.fls.doubleclick.net https://tokyo.in.treasuredata.com  https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://*.marutisuzukicommercial.com; font-src 'self' https://*.gstatic.com; media-src 'self' https://*.azurefd.net https://*.marutisuzukicommercial.com; 1
frame-ancestors 'self' http://www.philips.it *.philips.com *.philips.it https://philipsigtdpv.com 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; connect-src https: http:; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://use.typekit.net; object-src 'none'; frame-ancestors 'none' 1
frame-ancestors'self'; 1
default-src 'self' *.consumer.org.nz; font-src *; img-src 'self' data: *; object-src 'none'; style-src 'self' 'unsafe-inline' *.consumer.org.nz *.marketo.com api.addressfinder.io *.googleapis.com consumer-nz-assets.s3.amazonaws.com uploads-cnz.s3-ap-southeast-2.amazonaws.com uploads-cnz.s3.ap-southeast-2.amazonaws.com optimize.google.com *.visualwebsiteoptimizer.com app.vwo.com embed.intentful.com d1y1ao4aj0rzc0.cloudfront.net; frame-src 'self' *.consumer.org.nz *.doubleclick.net *.marketo.com consumertest.shinyapps.io donorbox.org e.infogram.com *.spotify.com platform.twitter.com player.vimeo.com www.rnz.co.nz staticcdn.co.nz *.facebook.com www.googletagmanager.com www.iheart.com www.recaptcha.net www.youtube.com yabblezone.net survey.alchemer.com www.instagram.com optimize.google.com *.visualwebsiteoptimizer.com app.vwo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.consumer.org.nz *.google-analytics.com munchkin.marketo.net *.marketo.com *.algolia.net *.algolianet.com api.addressfinder.io *.nr-data.net bat.bing.com bat.bing-int.com connect.facebook.net consumer-nz-assets.s3.amazonaws.com donorbox.org e.infogram.com platform.twitter.com player.vimeo.com staticcdn.co.nz uploads-cnz.s3-ap-southeast-2.amazonaws.com www.googletagmanager.com www.gstatic.com www.recaptcha.net www.youtube.com www.instagram.com *.googleapis.com translate.google.com cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.5.16/iframeResizer.min.js survey.alchemer.com www.surveygizmo.com www.googleoptimize.com optimize.google.com analytics.tiktok.com cdn.raygun.io www.googleadservices.com *.doubleclick.net ajax.cloudflare.com snap.licdn.com *.visualwebsiteoptimizer.com app.vwo.com widget.surveymonkey.com embed.intentful.com *.clarity.ms d1y1ao4aj0rzc0.cloudfront.net uploads-cnz.s3.amazonaws.com; connect-src 'self' *.consumer.org.nz *.marketo.net *.algolia.io *.algolia.net *.algolianet.com *.doubleclick.net *.google-analytics.com *.mktoresp.com *.mktoutil.com *.google.com api.addressfinder.io *.nr-data.net bat.bing.com bat.bing-int.com www.facebook.com www.instagram.com *.googleapis.com analytics.tiktok.com www.googletagmanager.com *.raygun.io cdn.linkedin.oribi.io px.ads.linkedin.com *.visualwebsiteoptimizer.com app.vwo.com api.intentful.com *.clarity.ms; worker-src 'self' blob:; report-uri https://report-to-api.raygun.com/reports-csp?apikey=0DrrEZ5IGC5CYxKjtrP5aA== 1
frame-ancestors https://www.generali.rs https://generali.rs https://kupipolisu.rs 1
default-src 'self'; media-src 'self'; img-src 'self' data: blob:; form-action 'self' https://app.redsift.io https://app.redsift.cloud; connect-src 'self' sentry.io https://plausible.io; frame-ancestors https://app.redsift.io https://app.redsift.cloud; frame-src https://www.google.com; object-src 'self'; font-src 'self' data:; script-src 'report-sample' 'self' 'nonce-5b60ac6d319d19ed4cba9cf03d434ffa' https://plausible.io; style-src 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1544333/csp-report/?sentry_key=49d512bfcf954f33a5b9c68f30d60783 1
default-src 'self' https://cdn.queensboro.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://z.moatads.com https://m.addthis.com https://qb-static-public.s3.amazonaws.com https://assets.calendly.com/ https://www.google.com https://www.gstatic.com https://*.hotjar.com https://*.redditstatic.com https://calendly.com/ https://beacon-v2.helpscout.net https://*.bing.com https://*.clarity.ms https://d12wqas9hcki3z.cloudfront.net https://d33v4339jhl8k0.cloudfront.net https://www.linkedin.com https://px.ads.linkedin.com https://p.adsymptotic.com https://*.googletagmanager.com https://apis.google.com https://connect.facebook.net snap.licdn.com  https://static.ads-twitter.com https://widget.trustpilot.com https://www.googleadservices.com https://*.g.doubleclick.net https://analytics.twitter.com https://s7.addthis.com https://v1.addthisedge.com https://v1.addthis.com https://*.google-analytics.com https://*.analytics.google.com https://tags.srv.stackadapt.com/events.js https://cdn.queensboro.com *.qbstores.com; style-src 'self' 'unsafe-inline' https://qb-static-public.s3.amazonaws.com https://assets.calendly.com/ https://*.hotjar.com https://calendly.com/ https://beacon-v2.helpscout.net https://snap.licdn.com https://connect.facebook.net https://*.googletagmanager.com https://px.ads.linkedin.com https://p.adsymptotic.com https://tags.srv.stackadapt.com https://widget.trustpilot.com https://www.googleadservices.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.queensboro.com *.qbstores.com; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.slack-edge.com https://*.hotjar.com https://img.youtube.com https://placehold.it https://px.ads.linkedin.com https://p.adsymptotic.com https://srv.stackadapt.com *.cloudfront.net *.queensboro.com *.qbstores.com https://*.bing.com https://assets.calendly.com/ https://calendly.com/ https://beacon-v2.helpscout.net https://d33v4339jhl8k0.cloudfront.net https://chatapi-prod.s3.amazonaws.com/ https://qb-general-images.s3.amazonaws.com https://qb-static-public.s3.amazonaws.com https://qb-static-public.s3.us-east-2.amazonaws.com https://qb-web-images.s3.amazonaws.com https://cdn.queensboro.com https://qb-style.s3.amazonaws.com https://t.co https://*.google.com https://www.facebook.com https://alb.reddit.com https://csi.gstatic.com https://*.g.doubleclick.net blob: data:; media-src 'self' https://assets.calendly.com/ https://calendly.com/ https://beacon-v2.helpscout.net https://qb-sitevideos.s3.amazonaws.com https://cdn.queensboro.com *.qbstores.com; frame-src 'self' *.youtube.com https://dev-io.queensboro.com https://io.queensboro.com *.queensboro2.com https://assets.calendly.com/ https://*.hotjar.com https://calendly.com/ https://beacon-v2.helpscout.net https://www.google.com https://s7.addthis.com https://www.facebook.com https://accounts.google.com https://widget.trustpilot.com https://edge.addthis.com https://*.doubleclick.net https://bid.g.doubleclick.net; connect-src 'self' https://*.g.doubleclick.net https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://m.addthis.com https://dev-io.queensboro.com https://io.queensboro.com https://px.ads.linkedin.com https://p.adsymptotic.com https://*.clarity.ms https://tags.srv.stackadapt.com *.queensboro2.com https://*.bing.com https://assets.calendly.com/ https://calendly.com/ https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com *.sumologic.com https://widget.trustpilot.com *.qbstores.com https://qx.queensboro.com https://v1.addthisedge.com https://v1.addthis.com https://*.google-analytics.com https://*.analytics.google.com; font-src 'self' https://qb-general-images.s3.amazonaws.com fonts.gstatic.com https://*.hotjar.com https://assets.calendly.com/ https://calendly.com/ https://beacon-v2.helpscout.net https://cdn.queensboro.com https://themes.googleusercontent.com *.qbstores.com data:; base-uri https://dev-io.queensboro.com https://io.queensboro.com *.queensboro2.com https://docs.helpscout.net; object-src https://beacon-v2.helpscout.net; child-src blob: data: https://*.queensboro.com https://www.youtube.com https://player.vimeo.com; 1
frame-ancestors 'self' https://*.biblesociety.org.uk https://*.bydmaryjonesworld.org.uk; 1
default-src * data: 'unsafe-eval' 'unsafe-inline'; report-to csp-endpoint; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.thestrad.com; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pinterest.com/ https://*.pinim.com https://*.pinimg.com https://maps.googleapis.com https://maps.gstatic.com https://www.google.com https://www.google.nl https://ajax.googleapis.com https://tagmanager.google.com https://tagmanager.google.com/debug/css.css https://www.googletagmanager.com https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ec.js https://www.googleadservices.com https://googleads.g.doubleclick.net *.cookiebot.com *.youtube.com https://s.ytimg.com https://connect.facebook.net https://content.jwplatform.com https://ssl.p.jwpcdn.com *.hotjar.com *.hotjar.io https://stats.g.doubleclick.net https://snap.licdn.com/li.lms-analytics/ https://sc-static.net/scevent.min.js https://tr.snapchat.com https://www.youtube.com/iframe_api https://cdnjs.cloudflare.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://ajax.googleapis.com https://cdnjs.cloudflare.com;img-src 'self' data: https://www.toegankelijkheidsverklaring.nl https://*.pinterest.com https://www.google.com https://www.google.nl *.google-analytics.com *.analytics.google.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.facebook.com https://storage.googleapis.com/storyteq/ https://jwpltx.com https://prd.jwpltx.com *.hotjar.com *.hotjar.io *.ads.linkedin.com https://www.linkedin.com https://p.adsymptotic.com https://tr.snapchat.com https://i.ytimg.com https://a.tile.openstreetmap.de https://b.tile.openstreetmap.de https://c.tile.openstreetmap.de https://assets.citynavigator.nl *.cookiebot.com https://assets.plaece.nl;media-src 'self' https://storage.googleapis.com/storyteq/;frame-src 'self' https://*.pinterest.com https://consentcdn.cookiebot.com https://www.google.com https://*.doubleclick.net https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com *.cookiebot.com https://staticxx.facebook.com https://www.facebook.com https://g.jwpsrv.com https://www.vvvzeeland.nl *.hotjar.com *.hotjar.io *.formdesk.com https://tr.snapchat.com https://live.netcamviewer.nl;font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com *.hotjar.com *.hotjar.io;connect-src 'self' https://*.pinterest.com/ https://api.storyteq.com https://ssl.p.jwpcdn.com https://graph.facebook.com https://www.facebook.com https://www.google.com *.google-analytics.com *.analytics.google.com https://*.googlesyndication.com https://*.doubleclick.net *.cookiebot.com/ https://maps.googleapis.com *.hotjar.com *.hotjar.io wss://*.hotjar.io wss://*.hotjar.com *.snapchat.com *.linkedin.com;base-uri 'self' 1
default-src     'self' ; img-src         'self' data: https://*.pxia.de https://krannich-solar.com https://ip-172-26-12-168 https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.google.de https://*.facebook.com https://*.linkedin.com https://*.googletagmanager.com https://*.doubleclick.net https://*.cookiebot.com;  script-src      'self' 'unsafe-inline' 'unsafe-eval'  https://*.bootstrapcdn.com https://*.pxia.de https://ip-172-26-12-168 https://*.cookiebot.com https://*.google.com https://*.googleapis.com https://*.gstatic.com *.google-analytics.com https://*.googletagmanager.com;  script-src-elem 'self' 'unsafe-inline' https://*.google-analytics.com https://*.google.com https://*.cookiebot.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.gstatic.com https://*.facebook.net https://*.licdn.com https://*.mouseflow.com https://*.googleadservices.com https://*.googletagmanager.com https://*.youtube.com https://*.google.de;  style-src       'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com https://*.googletagmanager.com;  font-src        'self' data: https://*.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com;  frame-src       'self' https://*.cookiebot.com https://*.google.com https://www.youtube-nocookie.com https://indd.adobe.com https://*.youtube.com;  worker-src       data: blob: 'unsafe-eval' 'unsafe-inline';  object-src      'self' ;  connect-src     'self' https://*.google-analytics.com https://*.googleapis.com https://*.cookiebot.com https://*.doubleclick.net https://*.google.com https://*.linkedin.oribi.io https://*.linkedin.com;  1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval' chrome-extension: data: *.googleapis.com *.gstatic.com *.googleusercontent.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://recaptcha.net https://cdn.cookielaw.org  blob:; object-src https:; style-src 'unsafe-inline' https:; img-src 'self' https: *.keepeek-dev.com *.keepeek.com https://cdn.cookielaw.org mediaassets.airbus.com data:; media-src 'self' https: *.keepeek-dev.com *.keepeek.com blob:; frame-src 'self' https: https://www.youtube.com/embed/ https://youtu.be https://www.google.com/maps/ *.keepeek-dev.com *.keepeek.com *.airbus.com; child-src blob:, *.airbus.com; font-src https: data:; connect-src https: wss://ws.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.usercentrics.eu https://*.vimeocdn.com https://player.vimeo.com https://*.youtube.com https://*.youtube-nocookie.com https://maps.googleapis.com https://*.googletagmanager.com https://analytics.diakonie.de; style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://*.youtube-nocookie.com; img-src 'self' data: https://www.kirchen-diakonie-jobs.de https://*.usercentrics.eu https://*.service.usercentrics.eu https://cdn.plyr.io https://*.ytimg.com https://*.ggpht.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://analytics.diakonie.de; connect-src 'self' https://*.usercentrics.eu https://*.vimeocdn.com https://*.youtube-nocookie.com https://*.googleapis.com https://play.google.com https://noembed.com https://cdn.plyr.io https://api.diakonie.de https://www.kirchen-diakonie-jobs.de https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://analytics.diakonie.de; object-src 'none'; media-src 'self' https://*.vimeocdn.com; child-src 'self' https://app.usercentrics.eu https://player.vimeo.com https://*.youtube-nocookie.com https://live.flyp.tv; frame-src 'self' https://app.usercentrics.eu https://player.vimeo.com https://*.youtube-nocookie.com https://live.flyp.tv; frame-ancestors 'self' 1
default-src 'self'; base-uri 'self'; connect-src 'self' wss://*.intercom.io https://*.intercom.io https://*.intercom.com https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.intercomusercontent.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://stats.g.doubleclick.net; font-src data: https:; frame-ancestors 'self' https://intercomrades.support https://intercom.skilljar.com https://academy.intercom.com https://academy.guests.intercom.com https://app.intercom.com https://app.eu.intercom.com https://app.au.intercom.com https://intercomrades.intercom.com https://intercomrades.eu.intercom.com https://intercomrades.au.intercom.com; frame-src 'self' https://platform.twitter.com https://staticxx.facebook.com https://www.facebook.com https://fast.wistia.net https://fast.wistia.com https://www.useloom.com https://www.loom.com https://play.vidyard.com https://player.vimeo.com https://web.microsoftstream.com https://share.synthesia.io https://embed.app.guidde.com https://share.descript.com https://app.guideflow.com https://www.youtube.com https://www.youtube-nocookie.com https://content.jwplatform.com https://players.brightcove.net https://intercom-sheets.com https://www.intercom-reporting.com https://*.sharepoint.com; img-src data: blob: https: http:; media-src data: blob: https:; object-src 'self' https://static.intercomassets.com; script-src 'self' https://connect.facebook.net https://platform.twitter.com https://static.intercomassets.com https://googleadservices.com https://googletagmanager.com https://google-analytics.com https://widget.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://intercom.help https://intercom-help.eu https://au.intercom.help 'nonce-uLXJPA4euBIU3P6IIOosh5kWOir+lC9aqV7U1AO/3Bk='; style-src 'self' 'unsafe-inline' https://fonts.intercomcdn.com https://static.intercomassets.com https://static.intercomcdn.com https://marketing.intercomassets.com https://marketing.intercomcdn.com https://intercom.help https://intercom-help.eu https://au.intercom.help https://static.intercomassets.eu https://static.au.intercomassets.com 1
default-src 'none';script-src 'report-sample' 'unsafe-eval' 'unsafe-inline' 'self' https://app.usercentrics.eu https://cdn.attractify.io https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://script.hotjar.com https://static.hotjar.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com widgets.trustedshops.com http://o2-de.spatialbuzz.net https://o2-de.spatialbuzz.net https://fonicchat.novomind.com https://fonic.novomind.com https://fonic-oat.novomind.com;style-src 'report-sample' 'self' 'unsafe-inline' https://app.usercentrics.eu https://tagmanager.google.com https://fonts.googleapis.com https://app.vwo.com;object-src 'self';base-uri 'self';connect-src 'self' https://dev.visualwebsiteoptimizer.com https://sentry.fonic.de https://aggregator.service.usercentrics.eu https://api.usercentrics.eu https://graphql.usercentrics.eu https://in.hotjar.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io *.google-analytics.com *.analytics.google.com analytics.google.com https://fonic-iq.novomind.com https://fonic.novomind.com wss://fonic.novomind.com https://fonic-oat.novomind.com wss://fonic-oat.novomind.com http://o2-de.spatialbuzz.net https://o2-de.spatialbuzz.net https://api.attractify.io widgets.trustedshops.com https://api.trustedshops.com https://shops-si.trustedshops.com https://trustbadge.api.etrusted.com https://api.trustbadge.etrusted.com https://api/maintenance_mode https://stats.g.doubleclick.net https://www.google.de https://www.google.at https://www.google.ch https://translate.googleapis.com *.hotjar.io data:;font-src 'self' script.hotjar.com https://fonts.gstatic.com data:;frame-src 'self' https://app.usercentrics.eu https://vars.hotjar.com http://o2-de.spatialbuzz.net https://o2-de.spatialbuzz.net https://fonicchat.novomind.com https://app.vwo.com/ https://td.doubleclick.net;img-src 'self' data: https://app.usercentrics.eu https://handyshop.fonic.de https://shop.fonic-mobile.de https://dev.visualwebsiteoptimizer.com https://app.vwo.com *.google-analytics.com *.analytics.google.com http://o2-de.spatialbuzz.net https://o2-de.spatialbuzz.net https://widgets.trustedshops.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.de https://www.google.at https://www.google.ch https://translate.googleapis.com https://script.hotjar.com data:;manifest-src 'self';media-src 'self';worker-src blob:;report-uri https://sentry.fonic.de/api/2/security/?sentry_key=38cf201186774063918a253e28caadce 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://easyapply.co https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://code.jquery.com https://*.gstatic.com https://*.google.com https://cdnjs.cloudflare.com https://s.gethired.com https://www.googletagmanager.com https://*.acsbapp.com https://acsbapp.com https://unpkg.com https://momentjs.com https://www.google-analytics.com https://polyfill.io https://gitcdn.github.io https://*.googleapis.com https://s3.amazonaws.com https://cdn.jsdelivr.net https://apply.indeed.com https://www.googleadservices.com https://connect.facebook.net https://*.cloudfront.net https://googleads.g.doubleclick.net https://*.opentok.com https://*.tokbox.com https://*.zendesk.com https://*.zdassets.com https://*.hotjar.com https://*.axdapi.com https://*.google-analytics.com https://*.opendns.com https://www.dropbox.com https://*.pendo.io https://optanon.blob.core.windows.net https://click.appcast.io https://*.checkr.com https://cdn.hleb.prd.hlprd.com https://*.s3.indeed.com 1
worker-src blob:; font-src *.fontawesome.com *.gstatic.com 'self' data: *.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.hsforms.com *.hubspot.com *.amazonaws.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.prooftag.com *.google.com *.googletagmanager.com *.hubspot.com *.hsadspixel.net *.hscollectedforms.net *.usemessages.com *.amazonaws.com www.xtento.com forms.hsforms.com *.doubleclick.net ct.pinterest.com www.theoceanrace.com vars.hotjar.com theoceanrace.geovoile.com service.force.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.cloudfront.net *.google-analytics.com *.hubspot.com *.hubspot.net *.hsforms.com blob: www.xtento.com cdn.xtento.com media.ulysse-nardin.com eu3-cdn.inside-graph.com www.google.ch *.facebook.com ct.pinterest.com *.ads.linkedin.com bat.bing.com www.google.fr cdn.cookielaw.org distcdn.unlimited3d.com cdn.unlimited3d.com *.clarity.ms data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.gstatic.com *.cookielaw.org *.jsdelivr.net *.hotjar.com *.newrelic.com *.inside-graph.com *.google-analytics.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.hsadspixel.net *.hubspotfeedback.com *.usemessages.com *.hs-analytics.net *.hscollectedforms.net *.hubspot.net *.hubapi.com www.xtento.com cdn.xtento.com bat.bing.com snap.licdn.com connect.facebook.net s.pinimg.com cdnjs.cloudflare.com service.force.com tfour.my.salesforce.com *.salesforceliveagent.com static.lightning.force.com tfour.my.site.com 125268c633e8.eu-west-1.sdk.awswaf.com 125268c633e8.f70af3f4.eu-west-1.token.awswaf.com www.clarity.ms *.analytics.google.com distcdn.unlimited3d.com unpkg.com *.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.gstatic.com *.cloudflare.com eu3-cdn.inside-graph.com service.force.com tfour.my.site.com 'self' 'unsafe-inline'; object-src blob: 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net media.ulysse-nardin.com google.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://geoip-js.com t.elasticsuite.io *.google-analytics.com *.cookielaw.org *.onetrust.com *.hubspot.com *.hubapi.com *.usemessages.com *.hsleadflows.net *.hs-banner.com *.hubspotfeedback.com *.hsadspixel.net *.hs-scripts.com *.hs-analytics.net *.hsforms.com *.amazonaws.com *.mapbox.com *.doubleclick.net eu3-live.inside-graph.com wss://eu3-live.inside-graph.com/ ct.pinterest.com *.hotjar.com *.hotjar.io wss://ws29.hotjar.com/api/v2/client/ws tfour.my.site.com 125268c633e8.f70af3f4.eu-west-1.token.awswaf.com *.linkedin.com *.analytics.google.com dist.unlimited3d.com distcdn.unlimited3d.com analytics.unlimited3d.com unpkg.com cdn.unlimited3d.com *.google.com *.clarity.ms *.googlesyndication.com 'self' 'unsafe-inline'; child-src *.hubspot.com *.hsforms.com *.hsadspixel.net *.hscollectedforms.net *.usemessages.com blob: http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' kma.biz *.kma.biz code.jivosite.com vcdn.getreview.dev; script-src 'self' kma.biz *.kma.biz app.getreview.io 'unsafe-inline' 'unsafe-eval' stackpath.bootstrapcdn.com vk.com connect.facebook.net code.jquery.com ajax.cloudflare.com cdn.jsdelivr.net www.google.com ajax.googleapis.com www.googletagmanager.com www.google-analytics.com www.gstatic.com code.jivosite.com maxcdn.bootstrapcdn.com; img-src 'self' blob: vk.com kma.biz *.kma.biz mc.yandex.ru vcdn.getreview.dev mc.webvisor.org *.vk.com *.facebook.com www.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com data:; style-src 'self' kma.biz *.kma.biz 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com code.jivosite.com stackpath.bootstrapcdn.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com; font-src 'self' kma.biz *.kma.biz 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com; frame-src 'self' kma.biz *.kma.biz vk.com code.jivosite.com mc.yandex.ru www.youtube.com www.google.com; object-src 'self'; connect-src 'self' ws: wss: blob: kma.biz *.kma.biz mc.webvisor.org mc.yandex.ru app.getreview.io vk.com *.jivosite.com fcm.googleapis.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.doubleclick.net 1
frame-ancestors *.insideevs.de insideevs.de 1
default-src 'self' https://*.wistia.com https://*.wistia.net ; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net;frame-src https://td.doubleclick.net https://fast.wistia.com https://fast.wistia.net *.google.com https://s3.us-west-1.amazonaws.com; script-src-elem 'unsafe-inline' https: *.gstatic.com; object-src 'none';frame-ancestors 'none';manifest-src 'self';base-uri 'none';script-src 'unsafe-inline' 'self' 'unsafe-eval' https://*.wistia.com https://*.wistia.net https://src.litix.io www.gstatic.com *.bootstrapcdn.com cdn.datatables.net cdnjs.cloudflare.com *.google-analytics.com www.googletagmanager.com bat.bing.com *.googleapis.com *.google.com cdn.jsdelivr.net code.jquery.com;connect-src 'self' https://*.clarity.ms https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net *.google-analytics.com *.google.com www.googletagmanager.com *.googleapis.com bat.bing.com stats.g.doubleclick.net; img-src https: 'self' data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net ;style-src https: 'unsafe-inline' 'self' blob https://fast.wistia.com ;font-src 'self' data: https://*.typekit.net https://*.wistia.com pro.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com; worker-src 'self' blob: 1
base-uri 'none'; object-src 'none'; script-src 'nonce-88EwEm/OKtKjoWMQUj0zIaIRdPDuu6t/Sm4u2JhVH1X5' 'sha256-UCtjgL+bMnYcivkEyLlrTV+pM5/l9fJpHUKmxPhWKw4=' 'sha256-5VrVgGfPbUH5IoPb+tGodpswZad/XDHQfqHeVD0LMG4=' 'sha256-WdoNI5NM8BY+b0sR+VZfftZOgS140MhJ61Gxm2Icb2w=' 'strict-dynamic' http: https: 'self'; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' pghub.io cdn.segment.com cdn.cookielaw.org *.iesnare.com connect.facebook.net *.bazaarvoice.com c.lytics.io analytics.tiktok.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com c.lytics.io feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org *.doubleclick.net images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com c.lytics.io s.amazon-adsystem.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' *.doubleclick.net https://pglavenus.jebbit.com consumersupport.pg.com ct.pinterest.com www.facebook.com feed.pghub.io pandg.tapad.com ; manifest-src * ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.googletagmanager.com https://www.google-analytics.com/ https://www.google.com/ https://fonts.googleapis.com/ https://www.gstatic.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://fonts.gstatic.com/ https://player.vimeo.com/ https://developers.google.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://widgets.q4app.com/ https://maxcdn.bootstrapcdn.com/ https://secure.gravatar.com/ https://s.w.org/ https://ps.w.org/; script-src 'unsafe-inline' https: *.google-analytics.com/; connect-src https://www.google-analytics.com/ 1
frame-ancestors 'self' *.paderborn.de *.krz.de 1
script-src: https://www.google-analytics.com https://ssl.google-analytics.comimg-src: https://www.google-analytics.comconnect-src: https://www.google-analytics.com 1
frame-ancestors 'self' https://*.thesmartlocal.com https://*.thesmartlocal.id https://*.thesmartlocal.my https://*.thesmartlocal.jp https://*.thesmartlocal.kr https://*.thesmartlocal.co.th https://*.thesmartlocal.ph https://zula.sg https://mustsharenews.com; 1
default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline'; connect-src * 1
default-src 'none';  script-src 'unsafe-inline' 'unsafe-eval' 'self' www.googletagmanager.com www.yellowmap.de cdn.yellowmap.de cdn.trustcommander.net www.youtube.com www.google-analytics.com *.doubleclick.net *.facebook.net *.facebook.com *.fraud0.com;  style-src 'self' 'unsafe-inline' cdn.yellowmap.de;  connect-src 'self' *.lbs.de *.ingest.sentry.io autocomplete.smartmaps.cloud *.yellowmap.de *.trustcommander.net *.commander1.com *.google-analytics.com  *.analytics.google.com www.google.com www.google.de *.doubleclick.net  eu-api.friendlycaptcha.eu global.sitesearch360.com external-proxy-immobilien.sparkasse.de stage-service.lbs.de service.lbs.de *.facebook.net *.facebook.com *.fraud0.com;  img-src data: 'self' 'unsafe-inline' map.iib-institut.de *.yellowmaps.eu www.yellowmap.de *.lbs.de *.trustcommander.net *.commander1.com img.youtube.com *.google-analytics.com www.googletagmanager.com www.google.com www.google.de api.sparkassen-mediacenter.de *.doubleclick.net images.podigee-cdn.net www.sparkasse.de stage-www.sparkasse.de stage-static-immobilien.sparkasse.de static-immobilien.sparkasse.de *.facebook.net *.facebook.com *.fraud0.com;  media-src api.sparkassen-mediacenter.de youtu.be www.youtube.com;  frame-src data: 'self' cdn.trustcommander.net widget.civey.com www.youtube.com player.podigee-cdn.net;  font-src www.lbs.de cdn.yellowmap.de;  object-src 'self';  manifest-src 'self';  worker-src 'self' blob:; 1
object-src 'none'; frame-ancestors 'self'; report-uri https://bestcare.org/report-uri/enforce 1
frame-ancestors 'self'; report-uri https://bakerdist.report-uri.com/r/t/csp/enforce 1
upgrade-insecure-requests; default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
frame-ancestors 'self' *.servicetitan.com; 1
default-src 'self'; base-uri 'self'; block-all-mixed-content; connect-src 'self' *.google-analytics.com *.analytics.google.com *.cloudflare.com *.eesa.lh; font-src use.fontawesome.com 'self'; frame-src www.youtube.com www.google.com; img-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com; object-src 'none'; script-src 'self' www.googletagmanager.com *.cloudflare.com *.google.com 'strict-dynamic' 'unsafe-inline' 'nonce-L/Zls19yKQ05rJRhFoJl1A=='; style-src 'self' use.fontawesome.com *.cloudflare.com 'unsafe-inline' 'nonce-L/Zls19yKQ05rJRhFoJl1A=='; upgrade-insecure-requests; report-uri /csp/report 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://*.dcube.cloud www.google-analytics.com https://*.tiktok.com https://googleads.g.doubleclick.net https://*.wogaa.sg https://*.licdn.com https://*.cdn.telerik.com https://*.cloudflare.com *.google.com *.googleadservices.com *.vica.gov.sg *.elfsightcdn.com *.adobedtm.com static.zdassets.com *.youtube.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.elfsight.com *.curator.io *.telerik.com https://player.dacast.com https://prod-nplayer.dacast.com web-chat.nativechat.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.wogaa.sg *.cloudflare.com *.vica.gov.sg https://cdn.insight.sitefinity.com https://*.azureedge.net https://*.dcube.cloud https://prod-nplayer.dacast.com https://www.googletagmanager.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.com.sg www.google-analytics.com curator-assets.b-cdn.net https://*.s3.amazonaws.com *.google.com www.adsensecustomsearchads.com https://*.ads.linkedin.com https://phosphor.ivanenko.workers.dev https://padlet.net https://padlet.com https://px.ads.linkedin.com http://www.sp.edu.sg/ https://www.sp.edu.sg https://*.vica.gov.sg https://img.youtube.com https://wogadobeanalytics.sc.omtrdc.net *.google-analytics.com https://*.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com track.hubspot.com https://cm.everesttech.net https://dpm.demdex.net *.elfsightcdn.com https://prod-nplayer.dacast.com sp.edu.sg https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.cloudflare.com https://*.wogaa.sg https://*.dcube.cloud; frame-src 'self' www.youtube.com www.google.com https://*.12j3temcrbtf.us-south.codeengine.appdomain.cloud www.adsensecustomsearchads.com https://video.eko.com https://video.helloeko.com https://padlet.com https://cse.google.com https://cdn.flipsnack.com https://tourmkr.com https://www.gstatic.com https://wogaa.demdex.net *.facebook.com https://jointpoly-prd.mybluemix.net/ https://openhouse.sp.edu.sg https://openhouse-sp-edu-sg.cwp.sg https://summer-dust-rtbfcozlfcur.vapor-farm-e1.com https://iframe.dacast.com https://vimeo.com https://td.doubleclick.net web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://www.google-analytics.com https://*.curator.io https://*.vica.gov.sg https://*.tiktok.com https://*.google.com https://stats.g.doubleclick.net wss://chat.vica.gov.sg https://www.facebook.com *.wogaa.sg *.googleapis.com https://*.ads.linkedin.com https://csp.withgoogle.com https://cdn.linkedin.oribi.io ekr.zdassets.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://dpm.demdex.net/ *.elfsight.com *.facebook.com https://playback.dacast.com https://rtmp-live-ingest-ap-northeast-2-universe-dacast-com.akamaized.net https://www.cloudflare.com https://kinesis.us-east-1.amazonaws.com; media-src 'self' data: blob: https://curator-assets.b-cdn.net https://*.cdninstagram.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com stats.g.doubleclick.net web-chat.nativechat.com; frame-ancestors https://*.12j3temcrbtf.us-south.codeengine.appdomain.cloud 'self'; object-src 'none' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://ln-rules.rewardstyle.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://sgtm.myvitamins.de; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.myvitamins.de https://checkout.myvitamins.de https://m.myvitamins.de https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://*.criteo.com https://static.criteo.net https://ssl.trustpilot.com https://ln-rules.rewardstyle.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.google.de https://google.de https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myvitamins.de; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src * data:;img-src * data:;script-src * 'unsafe-eval' 'unsafe-inline';style-src * 'unsafe-inline';worker-src * data: blob:;font-src * data:; 1
default-src 'self'; script-src 'nonce-NTYwNWY5MTAtZDhlZC00OWU2LWE2ZWYtZDk2ZGUzMmUyMGYx' 'self' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https://cdn.iframe.ly https://google-analytics.com https://integrations.gitbook.com https://ssl.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' * analytics.google.com blob: data: files.gitbook.com ssl.google-analytics.com www.google-analytics.com www.google.com; connect-src 'self' * about: ampcid.google.com analytics.google.com api.gitbook.com app.gitbook.com integrations.gitbook.com srv.buysellads.com stats.g.doubleclick.net www.google-analytics.com; font-src 'self' data: fonts.gstatic.com; frame-src *; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors https: 1
default-src 'none'; child-src 'self' www.youtube.com www.googletagmanager.com; connect-src 'self' *.typekit.net *.googletagmanager.com *.google-analytics.com stats.g.doubleclick.net *.ads.linkedin.com metrics.hotjar.io vc.hotjar.io createsend.com *.createsend.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' *.typekit.net *.ytimg.com *.youtube.com www.googletagmanager.com data:; frame-src 'self' *.youtube.com www.youtube-nocookie.com www.googletagmanager.com recaptcha.google.com www.google.com; img-src 'self' *.jandenul.com *.typekit.net *.ytimg.com *.youtube.com www.googletagmanager.com *.ads.linkedin.com *.basemaps.cartocdn.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; script-src 'self' 'report-sample' https://content.linkedin.com https://google-analytics.com https://googletagmanager.com https://js.createsend1.com https://m.youtube.com https://platform.linkedin.com https://script.hotjar.com https://static.hotjar.com https://static-exp1.licdn.com https://snap.licdn.com https://ssl.google-analytics.com https://tagmanager.google.com https://use.typekit.net https://www.google-analytics.com https://www.youtube.com https://www.googletagmanager.com https://*.ads.linkedin.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.google.com momentjs.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://content.linkedin.com https://google-analytics.com https://googletagmanager.com https://js.createsend1.com https://m.youtube.com https://platform.linkedin.com https://script.hotjar.com https://static.hotjar.com https://static-exp1.licdn.com https://snap.licdn.com https://ssl.google-analytics.com https://tagmanager.google.com https://use.typekit.net https://www.google-analytics.com https://www.youtube.com https://www.googletagmanager.com https://*.ads.linkedin.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.google.com momentjs.com; style-src 'self' 'unsafe-inline' 'report-sample' *.typekit.net *.licdn.com tagmanager.google.com www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; worker-src 'self' www.google-analytics.com *.linkedin.com stats.g.doubleclick.net; base-uri 'self'; form-action 'self' http://staging.jdn-ds-jandenulcom.calibrate.dev createsend.com *.createsend.com; frame-ancestors 'self'; report-uri https://www.jandenul.com/log-report-uri/enforce; block-all-mixed-content 1
frame-ancestors 'self' www.ellipsizdss.com keysight.lookbookhq.com keysight.pathfactory.com next.brella.io online-events.keysight.com *.keysight.com *.keysight.com.cn *.hlx.page *.hlx.live 1
default-src 'self' data: https://www.ursus.ru https://www.1c-bitrix.ru/buy_tmp/ba.php https://top-fwz1.mail.ru https://rs.mail.ru https://r.mradx.net https://privacy-cs.mail.ru https://suggestions.dadata.ru https://yandex.ru https://mc.yandex.ru https://mc.yandex.com https://www.google.com https://td.doubleclick.net https://stats.g.doubleclick.net https://analytics.google.com https://mc.yandex.ru https://www.google-analytics.com https://fonts.gstatic.com https://bitrix.info; img-src 'self' data: blob: https://www.ursus.ru https://yandex.ru https://mc.yandex.ru https://core-renderer-tiles.maps.yandex.net https://api-maps.yandex.ru https://www.googletagmanager.com https://www.google.ru https://top-fwz1.mail.ru https://www.gstatic.com ; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mc.yandex.com https://core-renderer-tiles.maps.yandex.net https://api-maps.yandex.ru https://yastatic.net https://www.google.com https://privacy-cs.mail.ru https://www.googletagmanager.com https://code.jquery.com https://bitrix.info https://www.gstatic.com https://top-fwz1.mail.ru https://mc.yandex.ru https://www.google-analytics.com; style-src 'self' 'unsafe-inline' blob: https://www.gstatic.com; base-uri 'self'; form-action 'self'; frame-src 'self' https://www.google.com https://mc.yandex.ru https://mc.yandex.com https://yandex.ru https://td.doubleclick.net; 1
frame-src 'self' *.jict.fi https://www.recaptcha.net https://www.google.com; object-src 'self' *.jict.fi; style-src 'self' 'unsafe-inline' *.jict.fi fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com maxcdn.bootstrapcdn.com; base-uri 'self' *.jict.fi; form-action 'self' *.jict.fi; frame-ancestors 'self' *.jict.fi; upgrade-insecure-requests 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com https://koi-3qnilx5wcs.marketingautomation.services/ https://cdn.jotfor.ms/ https://createaclickablemap.com/ https://cdnjs.cloudflare.com/ https://form.jotform.com/ https://www.googletagmanager.com/ https://stats.g.doubleclick.net/ https://tbcdn.talentbrew.com/ https://s0.2mdn.net/ https://static.hotjar.com/ https://script.hotjar.com/ 'self' js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://dec.azureedge.net https://cdn.jotfor.ms/ 'self' web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://dec.azureedge.net https://*.dec.sitefinity.com *.eloqua.com https://cdn.jotfor.ms/ https://events.jotform.com/jsform/ https://stats.g.doubleclick.net/ https://events.jotform.com/ 'self' track.hubspot.com js.hsleadflows.net forms.hsforms.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src * 'self' forms.hsforms.com web-chat.nativechat.com; connect-src accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://platform.talentbrew.com/ https://in.hotjar.com/ wss://ws9.hotjar.com/ https://vc.hotjar.io/ 'self' forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: https://player.vimeo.com/ https://gcs-vimeo.akamaized.net/ https://vod-progressive.akamaized.net/ https://fpdl.vimeocdn.com/; child-src https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://app-3qnilx5wcs.marketingautomation.services/ https://createaclickablemap.com/ https://script.hotjar.com/modules.fee7048ea23070895b33.js 'self' web-chat.nativechat.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-53bca70a71fae263847dfe38155ceb94'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.fedica.com *.tweepsmap.com tweepsmap.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.giphy.com; img-src 'self' data: blob:  https://*; media-src 'self' data: blob: https://*;font-src 'self' data: *.fedica.com https://*.googleusercontent.com https://*.gstatic.com;frame-src 'self' https://www.youtube.com https://*.facebook.com https://*.google.com https://*.linkedin.com; report-uri https://fedica.com/health/csp; 1
frame-ancestors 'self' https://hmscloudstorage.blob.core.windows.net; 1
frame-ancestors https://cms.luks.ch; 1
default-src https: http: blob: 'unsafe-inline' 'unsafe-eval' data:; 1
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval';       script-src * data: blob: 'unsafe-inline' 'unsafe-eval';       connect-src * data: blob: 'unsafe-inline';       img-src * data: blob: 'unsafe-inline';       frame-src * data: blob:;      frame-ancestors 'self' https://my.westminster.edu;      style-src * data: blob: 'unsafe-inline';      font-src * data: blob: 'unsafe-inline'; 1
object-src 'none'; script-src 'strict-dynamic' https: 'unsafe-inline' 'nonce-W2iZ3r6l21mLqkbUUfhhVahFuJf44dLo'; base-uri 'none' 1
font-src 'self' *.gstatic.com *.unblu.com *.unblu-env.com *.unblu.com *.opentok.com *.tokbox.com *.celeroxpress.ca *.accesscu.ca data: vue.comm100.com https://www.glancecdn.net https://s3.amazonaws.com/glancecdn/ vue.comm100.com https://www.glancecdn.net https://s3.amazonaws.com/glancecdn/; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.unblu.com *.unblu-env.com *.unblu.com *.opentok.com *.tokbox.com *.celeroxpress.ca *.accesscu.ca https://www.glancecdn.net https://s3.amazonaws.com/glancecdn/ https://www.glancecdn.net https://s3.amazonaws.com/glancecdn/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdic.ca *.gstatic.com *.google.com googleads.g.doubleclick.net www.googleadservices.com connect.facebook.net www.googletagmanager.com www.google-analytics.com *.googleapis.com *.youtube.com s.ytimg.com tagmanager.google.com *.bing.com *.unblu.com *.unblu-env.com *.unblu.com *.opentok.com *.tokbox.com *.celeroxpress.ca *.accesscu.ca entchatserver.comm100.com appmax1.comm100.com vue.comm100.com standby.comm100vue.com https://www.glancecdn.net https://s3.amazonaws.com/glancecdn/ entchatserver.comm100.com appmax1.comm100.com vue.comm100.com standby.comm100vue.com https://www.glancecdn.net https://s3.amazonaws.com/glancecdn/; img-src * data: https://www.glancecdn.net https://s3.amazonaws.com/glancecdn/ https://www.glancecdn.net https://s3.amazonaws.com/glancecdn/; worker-src 'self' blob:; ; 1
default-src https: wss: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; worker-src blob:; 1
frame-ancestors 'self' https://dxpdev.cryosinternational.com https://dxptest.cryosinternational.com https://dxp.cryosinternational.com https://dxpcoredev.cryosinternational.com https://dxpcoretest.cryosinternational.com https://dxpcore.cryosinternational.com; media-src * data:; 1
default-src 'unsafe-inline' 'self' ;script-src  'unsafe-inline' 'self' https://challenges.cloudflare.com static.cloudflareinsights.com; connect-src 'self'  cloudflareinsights.com;img-src  'self'   data: ; frame-src  https://challenges.cloudflare.com ; object-src 'none' 1
default-src 'self' 'unsafe-inline'   ssl.google-analytics.com  pagead2.googlesyndication.com  www.googletagmanager.com  www.google-analytics.com  www.googleadservices.com  snap.licdn.com  assets.pcrl.co  partner.googleadservices.com  adservice.google.com.ar  widget.intercom.io  tpc.googlesyndication.com  adservice.google.com  connect.facebook.net  googleads.g.doubleclick.net  system.picreel.com  js.intercomcdn.com  www.youtube.com  app.picreel.com  *.googleapis.com  *.facebook.com  *.google.com  *.google.com.ar  stats.g.doubleclick.net  *.hotjar.com  *.linkedin.com  *.gstatic.com  *.jquery.com  fonts.gstatic.com  p.adsymptotic.com  api-iam.intercom.io  wss://nexus-websocket-a.intercom.io  bid.g.doubleclick.net  static.intercomassets.com  https://*.intercomcdn.com  *.fontawesome.com  i.ytimg.com  vc.hotjar.io  https://*.hotjar.com  https://*.hotjar.io  wss://*.hotjar.com;           child-src 'self'  https://vars.hotjar.com/  https://newsletter-link.nosis.com  https://googleads.g.doubleclick.net  https://www.facebook.com  https://bid.g.doubleclick.net  http://app.picreel.com  https://tpc.googlesyndication.com  https://www.google.com  https://www.youtube.com;         img-src 'self' data:         https://www.google-analytics.com  https://px.ads.linkedin.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' mc.yandex.ru ajax.googleapis.com blob:; block-all-mixed-content; upgrade-insecure-requests; 1
frame-ancestors https:; style-src https: 'unsafe-inline'; child-src 'self' https:; img-src 'self' https://www.mcx.nl https://wwwtest.mcx.nl data: blob:; connect-src 'self' https://www.google-analytics.com https://mcx.piwik.pro https://mcx.containers.piwik.pro; font-src 'self'; form-action 'self' https://mcx.us10.list-manage.com ; upgrade-insecure-requests 1
frame-ancestors 'self' https://insights.hotjar.com 1
default-src 'self' blob: data: ws: 'unsafe-eval' 'unsafe-inline' *.2mdn.net *.ads.linkedin.com *.taggrs.io *.awin1.com *.bing.com *.botframework.com *.clarity.ms *.cookie-script.com *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleadservices.com *.google-analytics.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.linkedin.com *.licdn.com *.msecnd.net *.powerplatform.com *.visualstudio.com *.visualwebsiteoptimizer.com *.vwo.com *.wepowerconnections.com *.youtube.com *.ytimg.com bat.bing.com cdn.cookie-script.com player.vimeo.com d.geld.nl searchrys.com www.dwin1.com www.dwin2.com www.google-analytics.com; report-uri https://www.financenetwork.nl/csp 1
frame-ancestors 'self' 'https://*.boydcorp.com''; 1
frame-ancestors 'self' *.serpclix.com serpclix.com 1
default-src https:; base-uri 'self'; connect-src 'self' https: wss://*; script-src 'unsafe-eval' 'unsafe-inline' https: *.typekit.net cookies.praguebest.cz; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net cookies.praguebest.cz; font-src 'self' data:;object-src 'none'; report-uri https://praguebest.report-uri.com/r/d/csp/enforce 1
default-src 'self'; script-src 'self' 'nonce-HLK0pfae2jQ8L2fZRRu43UZU' d3ga0yfowtcnef.cloudfront.net https://www.googletagmanager.com https://player.vimeo.com https://*.cookiebot.eu https://*.usercentrics.eu 'unsafe-hashes' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com d3ga0yfowtcnef.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com https://*.cookiebot.eu https://*.usercentrics.eu; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://davidjbradshaw.github.io https://* https://*.cookiebot.eu https://*.usercentrics.eu; style-src-elem 'self' 'unsafe-inline' 'unsafe-hashes' https://*.googleapis.com https://*.google-analytics.com https://*.consent.cookiebot.eu 'report-sample'; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.googleapis.com https://cdn.plyr.io https://*.cookiebot.eu https://*.usercentrics.eu https://*.google-analytics.com; worker-src 'self' 'nonce-HLK0pfae2jQ8L2fZRRu43UZU' d3ga0yfowtcnef.cloudfront.net https://www.googletagmanager.com blob:; report-uri https://www.leoni.com/@http-reporting?csp=report&requestTime=1721956019304872 1
frame-ancestors 'self' http://app.knovel.com https://app.knovel.com *.knovel.com *.omniture.com *.elsevier.com *.google.com *.mendeley.com *.brightcove.com *.google.com app.pendo.io *.serialssolutions.com *.lexis.com *.lexisnexis.com http://cpml2a587.lexisnexis.com:7382 *.demdex.net *.omtrdc.net; frame-src 'self' http://app.knovel.com https://app.knovel.com *.knovel.com *.omniture.com *.elsevier.com *.google.com *.mendeley.com *.brightcove.com *.google.com app.pendo.io *.serialssolutions.com *.lexis.com *.lexisnexis.com http://cpml2a587.lexisnexis.com:7382 *.demdex.net *.omtrdc.net 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://bothsidesofthetable.com https://*.bothsidesofthetable.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: *.officialaccount.me *.zalo.cloud *.zalo.me *.zaloapp.com *.zapps.vn *.zdn.vn *.zadn.vn *.zascdn.me *.adtima.vn *.adtimaserver.vn *.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googletagservices.com *.googleapis.com *.scorecardresearch.com *.doubleclick.net *.criteo.net *.criteo.com *.jsdelivr.net; style-src 'self' 'unsafe-inline' https: *.officialaccount.me *.zalo.cloud *.zalo.me *.zaloapp.com *.zapps.vn *.zdn.vn *.zadn.vn *.zascdn.me *.adtima.vn  *.adtimaserver.vn blob:; font-src * data:; img-src * data: blob:; media-src * blob:; connect-src 'self' wss://*.chat.zalo.me https: *.officialaccount.me *.zalo.cloud *.zalo.me *.zaloapp.com *.zapps.vn *.zdn.vn *.zadn.vn *.zascdn.me *.adtima.vn *.adtimaserver.vn *.zing.vn *.zingnews.vn *.baomoi.com *.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googletagservices.com *.googleapis.com *.scorecardresearch.com *.doubleclick.net *.criteo.net *.criteo.com *.jsdelivr.net htlb.casalemedia.com prebid-asia.creativecdn.com *.youtube.com *.facebook.com blob:; child-src 'self' https: *.officialaccount.me *.zalo.cloud *.zalo.me *.zaloapp.com *.zapps.vn *.zdn.vn *.zadn.vn *.zascdn.me *.adtima.vn *.adtimaserver.vn *.zing.vn *.zingnews.vn *.baomoi.com *.criteo.com *.youtube.com *.facebook.com wvjbscheme://* blob: 1
frame-ancestors  'self' 1
frame-ancestors 'self' https://*.forbole.com 1
frame-ancestors 'self' https://app.pia4you.com http://erika.hotainment.info 1
upgrade-insecure-requests;style-src 'self' 'nonce-GGgDhRwkxTbDD5f';font-src 'self';script-src 'self' 'nonce-GGgDhRwkxTbDD5f' ;connect-src 'self' https://labyrinth.zone wss://labyrinth.zone;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self'; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-b9TvgfLqmu79g8U1iYFcmBXRo' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com/ https://*.hotjar.com https://*.hotjar.io https://livestream.com https://staticcdn.co.nz https://dk4bbxgalxqek.cloudfront.net; connect-src 'self' https: https://*.lic.co.nz wss://*.lic.co.nz wss://*.hotjar.com; style-src 'self' 'unsafe-inline' https:; manifest-src https:; frame-ancestors 'self'; media-src https://*.lic.co.nz; font-src 'self' data: https://*.cloudfront.net *.googleapis.com https://fonts.gstatic.com https://*.lic.co.nz https://*.hotjar.com https://*.hotjar.io; img-src 'self' data: https:; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: 1
report-uri /csp-report?p=questions%2F%3Aslug; block-all-mixed-content; default-src 'none'; base-uri 'none'; script-src 'sha256-2vvxOZGNaNgKc6hsklalFxowLrGGY77RhgtSdOmreSQ=' 'sha256-HhVIFMsFgQRGJz8hlmlQnV4vKOS5xlt8WH3+fHbAXuo=' https://js.stripe.com https://stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://a300.stripecdn.com https://b.stripecdn.com 'report-sample'; style-src 'self' 'sha256-rhCVbbGt++ztYg3mqAj6TmOAovUg5Otx5ahkz1Nd6O8=' 'sha256-K4b1nkAuoFrcGc6ATIrRt4+EOt+8+l+Ggaih7c+huyM=' https://stripe.com 'report-sample' https://a300.stripecdn.com https://b.stripecdn.com; frame-ancestors 'self' https://dashboard.stripe.com; frame-src https://stripe.com https://js.stripe.com https://b.stripecdn.com https://dashboard.stripe.com https://dashboard-admin.stripe.com https://connect.stripe.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://support-conversations.stripe.com https://b.stripecdn.com https://a300.stripecdn.com; font-src 'self' https://b.stripecdn.com; form-action 'self'; img-src 'self' data: https://media.stripe.com https://t.stripe.com https://q.stripe.com https://files.stripe.com https://stripe-support-uploads.s3.amazonaws.com https://s3.amazonaws.com/stripe-uploads/ https://a300.stripecdn.com https://b.stripecdn.com; connect-src 'self' https://stripe.com https://stripe.com/cookie-settings/enforcement-mode https://files.stripe.com https://api.stripe.com https://r.stripe.com/ https://errors.stripe.com https://a300.stripecdn.com https://b.stripecdn.com https://b.stripecdn.com; media-src https://b.stripecdn.com 1
font-src image2.pubmatic.com t.co www.facebook.com analytics.twitter.com 'self' data: 'unsafe-inline' data: *.fontawesome.com googleapis.com fonts.gstatic.com *.twitter.com *.gstatic.com *.hotjar.com *.tiktok.com *.snapchat.com *.google.com *.nr-data.net *.google.co.in *.facebook.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.simplify.com *.snapchat.com *.twitter.com *.nr-data.net *.facebook.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.simplify.com *.ihorizons.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com image2.pubmatic.com t.co www.facebook.com analytics.twitter.com 'self' data: 'unsafe-inline' data: *.simplify.com *.google.com *.ihorizons.com *.twitter.com *.hotjar.com *.tiktok.com *.snapchat.com *.nr-data.net *.doubleclick.net *.google.co.in *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com image2.pubmatic.com t.co www.facebook.com analytics.twitter.com 'unsafe-inline' data: *.simplify.com addevent.com *.google-analytics.com *.gstatic.com *.ihorizons.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.paypal.com *.twitter.com *.hotjar.com *.tiktok.com *.snapchat.com https://t.co *.ytimg.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://eb2.3lift.com https://ups.analytics.yahoo.com https://sync.taboola.com https://sync.outbrain.com https://t.teads.tv https://cm.teads.tv connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.chimpstatic.com downloads.mailchimp.com *.list-manage.com image2.pubmatic.com t.co www.facebook.com www.google.com analytics.twitter.com 'self' data: 'unsafe-inline' data: *.simplify.com *.google-analytics.com addevent.com maps.googleapis.com *.gstatic.com *.ihorizons.com *.avada.io *.twitter.com *.hotjar.com *.tiktok.com *.snapchat.com *.ads-twitter.com *.google.com *.google.co.in *.doubleclick.net *.facebook.com *.googleadservices.com *.paypalobjects.com *.paypal.com *.googletagmanager.com *.facebook.net chimpstatic.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org https://js-agent.newrelic.com https://sc-static.net https://p.teads.tv connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com image2.pubmatic.com t.co www.facebook.com analytics.twitter.com 'self' data: 'unsafe-inline' data: *.fontawesome.com getfirebug.com googleapis.com addevent.com *.googleapis.com *.twitter.com *.hotjar.com *.tiktok.com *.snapchat.com *.google.com *.google.co.in *.facebook.com *.youtube.com *.nr-data.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com image2.pubmatic.com t.co www.facebook.com google.com analytics.twitter.com 'self' data: 'unsafe-inline' data: *.simplify.com maps.googleapis.com/ *.ihorizons.com https://get.geojs.io *.avada.io *.twitter.com *.hotjar.com *.tiktok.com *.snapchat.com *.doubleclick.net *.adroll.com *.cardinalcommerce.com *.google-analytics.com *.teads.tv *.paypal.com *.google.com *.google.co.in *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.alifstores.com/; report-to report-endpoint; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.skoda-storyboard.com skoda-storyboard.s3.amazonaws.com d37wqhjyfq7840.cloudfront.net *.cdninstagram.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googlevideo.com *.youtube.com *.ytimg.com *.vimeo.com *.doubleclick.net *.gomexlive.com *.hotjar.com *.googleapis.com cdnjs.cloudflare.com www.googletagmanager.com static.hotjar.com *.mailguide.cz *.twitter.com twitter.com *.twimg.com www.instagram.com *.instagram.com *.ads-twitter.com *.cookies.skoda-auto.com chargingcalculator.skoda-auto.com geolocation.onetrust.com sdrive.skoda-auto.com chargemap.skoda-auto.com charging-calculator.skoda-auto.com cross.skoda-auto.com europe-west3-skoda-gtm-sync-server.cloudfunctions.net *.onetrust.com europe-west3-skoda-gtm-sync-server.cloudfunctions.net sdrive.azureedge.net 1
frame-ancestors 'self' https://royalcollege.docebosaas.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://toot.io; img-src 'self' https: data: blob: https://toot.io; style-src 'self' https://toot.io 'nonce-p+FGnlkW0KwyJv9wdOFt7w=='; media-src 'self' https: data: https://toot.io; frame-src 'self' https:; manifest-src 'self' https://toot.io; form-action 'self'; child-src 'self' blob: https://toot.io; worker-src 'self' blob: https://toot.io; connect-src 'self' data: blob: https://toot.io https://s3.toot.io wss://toot.io; script-src 'self' https://toot.io 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://*.moodypublishers.com 1
script-src 'self' 'unsafe-inline' *.dhv.de *.google.com *.gstatic.com 1
default-src 'self' *.payportal.net payportal.net cloudflare.com *.cloudflare.com wss://analytex.userpilot.io *.userpilot.io userpilot.io googleapis.com *.googleapis.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com jsdelivr.net *.jsdelivr.net cloudfront.net *.cloudfront.net googletagmanager.com *.googletagmanager.com  google-analytics.com *.google-analytics.com cdn2.hubspot.net *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hs-banner.net *.hsforms.net *.hsforms.com static.hsappstatic.net js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com *.vidyard.com intuit.com *.intuit.com fontawesome.com *.fontawesome.com gravatar.com *.gravatar.com stripe.com *.stripe.com zoominfo.com *.zoominfo.com lfeeder.com *.lfeeder.com marketingautomation.services *.marketingautomation.services googleadservices.com *.googleadservices.com facebook.net *.facebook.net doubleclick.net *.doubleclick.net perfectaudience.com *.perfectaudience.com facebook.com *.facebook.com google.com *.google.com google.co.in *.google.co.in prfct.co *.prfct.co adnxs.com *.adnxs.com *.freshsuccess.com freshsuccess.com *.ckeditor.com ckeditor.com 'unsafe-inline' hatchbuck.com *.hatchbuck.com email2go.io *.email2go.io *.bootstrapcdn.com bootstrapcdn.com *.freshchat.com freshchat.com *.luckyorange.com luckyorange.com *.hs-scripts.com hs-scripts.com *.hscollectedforms.net hscollectedforms.net *.hs-analytics.net hs-analytics.net *.hs-banner.com hs-banner.com *.usemessages.com usemessages.com *.hubspot.com hubspot.com *.hsforms.com hsforms.com oktacdn.com *.oktacdn.com *.okta.com okta.com calendly.com *.calendly.com data: 'unsafe-eval' 1
frame-ancestors 'self' https://www.lamonasafetynotice.co.uk; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com v4.ai.ingka.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com translate-pa.googleapis.com www.youtube-nocookie.com www.youtube.com www.paypal.com blob: data: wss://web-api.ikea.com https://storage.googleapis.com/learnwithikeavideos/ unicorn-rainbow-flower.edgecompute.app ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com *.adform.net *.doubleclick.net googleads.g.doubleclick.net www.googleadservices.com *.googlesyndication.com adservice.google.se *.spinnaker-js.com chat.kindlycdn.com bot.kindly.ai conversion.klarnaservices.com *.cookielaw.org *.onetrust.com *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/ maps.googleapis.com fonts.googleapis.com www.googleapis.com *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
frame-ancestors 'self'; script-src *.tp88trk.com *.bigcommerce.com *.haircode.com pghub.io *.moatads.com *.online-metrix.net *.azurewebsites.net *.jquery.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.lightboxcdn.com *.lytics.io *.cookielaw.org *.onetrust.com *.crazyegg.com *.segment.com *.segment.io *.snapchat.com sc-static.net *.tapad.com *.google.com *.gstatic.com *.adsrvr.org blob: 'self' 'unsafe-eval' 'unsafe-inline' 1
default-src *.aiaibot.com https://*.akb.ch http://domtracd.main.agkb.ch/; img-src data: https://*.google.ch https://px.ads.linkedin.com https://*.cloudfront.net https://www.facebook.com/tr/ https://*.akb.ch https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.doubleclick.net https://*.google.com https://bat.bing.com https://cdn.cookielaw.org https://*.googletagmanager.com; script-src 'unsafe-inline' 'unsafe-eval' https://api.mailxpert.ch/ https://chat.aiaibot.com https://player.podigee-cdn.net/podcast-player/javascripts/podigee-podcast-player.js https://bat.bing.com https://googleads.g.doubleclick.net https://www.youtube.com https://www.googleadservices.com https://snap.licdn.com https://*.akb.ch https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://*.ticketpark.ch https://*.google.com https://*.gstatic.com https://www.contovista.com https://www.newhome.ch https://www.facebook.com/tr/ https://connect.facebook.net https://nl.mailxpert.ch https://cdn.cookielaw.org https://irewind.com/vue/loaders/loader-general.js; frame-src https://live.brame-gamification.com/ *.aiaibot.com https://player.podigee-cdn.net/podcast-player/ https://player.vimeo.com/video/ https://www.facebook.com https://open.spotify.com https://*.akb.ch https://*.cashgate.ch https://www.newhome.ch https://www.companymarket.ch https://b2c-stage.extranet.netcetera.biz/ https://b2c-prod.netcetera.ch https://www.youtube.com https://www.youtube-nocookie.com/ https://*.ticketpark.ch https://*.google.com https://*.gstatic.com https://my.matterport.com/show/ https://static.matterport.com/showcase https://360.newhome.ch https://embed.podcasts.apple.com https://nl.mailxpert.ch https://sra.logismata.ch/ https://irewind.com/; style-src 'unsafe-inline' 'unsafe-eval' https://api.aiaibot.com/ https://*.akb.ch https://fonts.googleapis.com https://tagmanager.google.com/debug/css.css; font-src https://*.akb.ch https://fonts.gstatic.com; connect-src https://*.googleapis.com https://api.aiaibot.com/ https://*.g.doubleclick.net https://*.google-analytics.com https://anchor.fm https://*.akb.ch https://*.google.com https://www.contovista.com https://akb.abacuscity.ch https://cdn.cookielaw.org https://*.onetrust.com https://bat.bing.com https://*.googlesyndication.com; child-src blob: https://*.akb.ch; media-src blob: https://*.cloudfront.net https://anchor.fm https://*.akb.ch; frame-ancestors https://www.jobs.ch https://*.akb.ch https://jobs.nzz.ch/; form-action https://*.akb.ch https://www.facebook.com/tr/ https://*.bankinghub.swisscom.ch; 1
frame-ancestors https://medinet.mediclin.de 1
default-src 'self';script-src * 'unsafe-inline';style-src * 'unsafe-inline';img-src * 'unsafe-inline' data:;font-src * 'unsafe-inline' data:;connect-src *; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.analytics.google.com *.doubleclick.net *.e-alloga.ch *.e-galexis.com *.e-ufd.swiss *.facebook.net *.galenica.com *.google-analytics.com *.googleapis.com *.gstatic.com *.hs-scripts.com *.hs-sites.com *.hsforms.com *.hsforms.net *.hubspot.com *.licdn.com *.linkedin.com *.linkedin.oribi.io *.px.ads.linkedin.com *.solique.ch *.vimeo.com *.weblication.de *.youtube.com *.ytimg.com analytics.google.com api.hubapi.com bat.bing.com bt.fraud0.com charts3.equitystory.com forms-na1.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com ir.tools.investis.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hsleadflows.net static.hotjar.com vimeo.com weblics.de www.facebook.com www.google.ch www.google.com www.googletagmanager.com www.youtu.be www.youtube-nocookie.com www.youtube.com youtu.be; frame-ancestors 'self' *.e-alloga.ch *.e-galexis.com *.e-ufd.swiss; report-uri https://cms1.app.e-galexis.com/csp-report.php; 1
default-src 'self' sense.org.uk *.sense.org.uk sense.org *.sense.org *.senseevents.co.uk *.touchbasepears.co.uk *.touchbasepears.com *.touchbasepears.net *.touchbasepears.org *.touchbasepears.org.uk; base-uri 'self' sense.org *.sense.org *.senseevents.co.uk *.touchbasepears.co.uk *.touchbasepears.com *.touchbasepears.net *.touchbasepears.org *.touchbasepears.org.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' sense.org.uk *.sense.org.uk sense.org *.sense.org *.senseevents.co.uk *.touchbasepears.co.uk *.touchbasepears.com *.touchbasepears.net *.touchbasepears.org *.touchbasepears.org.uk *.cloudflareinsights.com *.cloudflare.com *.quantserve.com *.quantcount.com www.redditstatic.com www.muchloved.com www.instagram.com www.cqc.org.uk services.postcodeanywhere.co.uk www.paypal.com www.google-analytics.com *.googleapis.com www.gstatic.com cookie-cdn.cookiepro.com cdn.cookielaw.org *.onetrust.com c5.adalyser.com connect.facebook.net *.hotjar.com sense11122.pcapredict.com pcapredict.com services.postcodeanywhere.co.uk www.google.co.uk www.googletagmanager.com www.google.com maps.gstatic.com js.stripe.com googleads.g.doubleclick.net www.youtube.com; frame-src 'self' sense.org *.sense.org *.senseevents.co.uk *.touchbasepears.co.uk *.touchbasepears.com *.touchbasepears.net *.touchbasepears.org *.touchbasepears.org.uk www.instagram.com www.sandbox.paypal.com www.paypal.com www.google.com *.doubleclick.net www.muchloved.com js.stripe.com youtube.com www.youtube.com vimeo.com www.facebook.com *.reach-ats.com;  connect-src 'self' sense.org *.sense.org *.senseevents.co.uk *.touchbasepears.co.uk *.touchbasepears.com *.touchbasepears.net *.touchbasepears.org *.touchbasepears.org.uk *.doubleclick.net www.google-analytics.com *.googlesyndication.com *.quantcount.com *.google.com services.postcodeanywhere.co.uk sandbox.paypal.com www.paypal.com maps.googleapis.com ajax.googleapis.com cookie-cdn.cookiepro.com *.onetrust.com; style-src 'self' 'unsafe-inline' sense.org *.sense.org *.senseevents.co.uk *.touchbasepears.co.uk *.touchbasepears.com *.touchbasepears.net *.touchbasepears.org *.touchbasepears.org.uk *.googleapis.com cookie-cdn.cookiepro.com cdn.cookielaw.org *.onetrust.com; font-src 'self' sense.org.uk *.sense.org.uk sense.org *.sense.org *.senseevents.co.uk *.touchbasepears.co.uk *.touchbasepears.com *.touchbasepears.net *.touchbasepears.org *.touchbasepears.org.uk fonts.gstatic.com data:; img-src 'self' sense.org.uk *.sense.org.uk sense.org *.sense.org *.reddit.com *.adalyser.com *.quantcount.com *.quantserve.com www.cqc.org.uk www.facebook.com images.muchloved.com www.paypalobjects.com *.gravatar.com maps.googleapis.com maps.gstatic.com www.google.com www.google.co.uk www.google-analytics.com www.googletagmanager.com services.postcodeanywhere.co.uk cookie-cdn.cookiepro.com i.ytimg.com picsum.photos fastly.picsum.photos t.paypal.com data:; style-src-elem 'self' 'unsafe-inline' sense.org.uk *.sense.org.uk sense.org *.sense.org *.senseevents.co.uk *.touchbasepears.co.uk *.touchbasepears.com *.touchbasepears.net *.touchbasepears.org *.touchbasepears.org.uk www.cqc.org.uk ajax.googleapis.com fonts.googleapis.com www.paypal.com services.postcodeanywhere.co.uk; 1
default-src  'self' https://*.dcube.cloud/ ;  script-src  'self'  'sha256-nWKjNpDy9BIIH8p69UATrM+dYfeHm3RCw7s03nOoDC0=' # Script for GTM tag blob:  https://assets.dcube.cloud  https://*.wogaa.sg  https://assets.adobedtm.com  https://www.google-analytics.com  https://cdnjs.cloudflare.com  https://va.ecitizen.gov.sg  https://*.cloudfront.net  https://printjs-4de6.kxcdn.com  https://unpkg.com  https://unpkg.com/web-vitals https://wogadobeanalytics.sc.omtrdc.net  https://connect.facebook.net  https://graph.facebook.com  https://facebook.com  https://www.facebook.com  https://*.googletagmanager.com https://*.licdn.com  https://webchat.vica.gov.sg  https://vica.gov.sg https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://www.instagram.com https://script.wiz.gov.sg/widget.js https://script-staging.wiz.gov.sg/widget.js wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console.apac.sabio.cloud/ https://console-flex-api.ap.sabio.cloud/ https://cdn.jsdelivr.net/npm/algoliasearch@4.20.0/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4.60.0/dist/instantsearch.production.min.js ;  object-src  'self' ;  style-src  'self'  'unsafe-inline' https://fonts.googleapis.com/  https://*.cloudfront.net  https://va.ecitizen.gov.sg  https://*.wogaa.sg  https://cdnjs.cloudflare.com  https://datagovsg.github.io  https://webchat.vica.gov.sg  https://vica.gov.sg https://unpkg.com https://script.wiz.gov.sg/widget.css https://script-staging.wiz.gov.sg/widget.css https://assets.dcube.cloud/ https://console.apac.sabio.cloud/ https://console-flex-api.ap.sabio.cloud https://cdn.jsdelivr.net/npm/instantsearch.css@7/themes/satellite-min.css ;  img-src  * ;  media-src  * ;  frame-src  https://form.gov.sg/  https://wogaa.demdex.net/  https://*.youtube.com  https://*.youtube-nocookie.com  https://*.vimeo.com  https://vimeo.com https://www.google.com  https://checkfirst.gov.sg  https://www.checkfirst.gov.sg  https://docs.google.com  https://nlb.ap.panopto.com https://www.google.com/recaptcha/ https://accounts.google.com https://www.gstatic.com/recaptcha/ https://data.gov.sg https://*.data.gov.sg https://calendar.google.com https://datastudio.google.com https://lookerstudio.google.com https://*.fls.doubleclick.net https://www.facebook.com https://m.facebook.com/ https://www.instagram.com https://api.id.gov.sg/ ;  frame-ancestors  'none' ;  font-src  *  data: ;  connect-src  'self'  https://dpm.demdex.net  https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com  https://stats.g.doubleclick.net  https://*.wogaa.sg  https://va.ecitizen.gov.sg  https://ifaqs.flexanswer.com  https://*.cloudfront.net  https://fonts.googleapis.com  https://cdnjs.cloudflare.com  https://wogadobeanalytics.sc.omtrdc.net  https://data.gov.sg  https://api-production.data.gov.sg https://api.isomer.gov.sg https://webchat.vica.gov.sg https://chat.vica.gov.sg https://vica.gov.sg https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com wss://chat.vica.gov.sg https://api-vica-ana.vica.gov.sg/api/v1/response-ratings https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://ask.gov.sg https://staging.ask.gov.sg wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://console.apac.sabio.cloud/ https://authmiddleware.ap.sabio.cloud https://*.algolia.net https://*.algolianet.com https://*.algolia.io ; 1
default-src 'self' *.bokf.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: api.ipdata.co cdn.stape.io https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://www.clarity.ms https://bat.bing.com *.bokf.com *.mpeasylink.com https://i.tryinteract.com https://tr-rc.lfeeder.com https://tag.clearbitscripts.com ws.sessioncam.com https://bokf.wufoo.com https://sc.lfeeder.com https://www.googleanalytics.com https://www.googleoptimize.com  https://optimize.google.com cdn.timetrade.com *.googletagmanager.com *.calcxml.com http://cdnjs.cloudflare.com http://www.google.com http://ajax.googleapis.com *.google-analytics.com http://maxcdn.bootstrapcdn.com *.cloudfront.net *.googleadservices.com app.quotemedia.com http://qmod.quotemedia.com c1.rfihub.net http://connect.facebook.net img.en25.com *.bankofalbuquerque.com *.bankofoklahoma.com *.bankoftexas.com *.bokfinancial.com *.doubleclick.net *.convertlanguage.com s3.amazonaws.com/trk.cetrk.com/9/t.js s3.amazonaws.com/trk.cetrk.com/b/t.js *.facebook.com https://www.linkedin.com/ www.gstatic.com cdn.glassboxcdn.com snap.licdn.com tracking.bokfinancial.com https://www.google-analytics.com https://ssl.google-analytics.com https://js.adsrvr.org https://insight.adsrvr.org https://extend.vimeocdn.com http://player.vimeo.com https://www.vimeo.com https://gtm-pchlzvs-yzg3y.uc.r.appspot.com vimeo.com/api/oembed.js www.bokfinancial.com www.bankofalbuquerque.com www.bankofoklahoma.com www.bankoftexas.com; style-src 'self' 'unsafe-inline' https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ fast.fonts.net https://optimize.google.com http://www.calcxml.com *.mpeasylink.com *.bankofalbuquerque.com *.bankofoklahoma.com *.bankoftexas.com *.bokfinancial.com fonts.googleapis.com https://www.googletagmanager.com; img-src 'self' data: https://c.clarity.ms/c.gif https://fonts.gstatic.com https://cdn.cookielaw.org/ https://bat.bing.com https://geolocation.onetrust.com/ *.kaltura.com i.ytimg.com https://www.google-analytics.com https://tr-rc.lfeeder.com https://www.googletagmanager.com/ https://www.google.com.mx/ads/ *.mpeasylink.com http://www.google-analytics.com *.google.com https://stats.g.doubleclick.net insight.adsrvr.org *.bokfinancial.com *.bankofoklahoma.com *.bankofalbuquerque.com *.bankoftexas.com https://www.facebook.com http://www.calcxml.com https://i.vimeocdn.com px.ads.linkedin.com p.adsymptotic.com https://cm.g.doubleclick.net https://analytics.convertlanguage.com https://dpm.demdex.net https://www.linkedin.com/ https://match.adsrvr.org https://idpix.media6degrees.com https://s.thebrighttag.com https://uipglob.semasio.net https://loadm.exelator.com https://ads.scorecardresearch.com https://cw.addthis.com https://e.nexac.com https://match.sync.ad.cpe.dotomi.com https://cs.adingo.jp https://usermatch.krxd.net https://x.dlx.addthis.com https://x.bidswitch.net https://match.sharethrough.com https://simage2.pubmatic.com https://eb2.3lift.com https://load77.exelator.com https://pixel.rubiconproject.com https://su.addthis.com https://ib.adnxs.com https://pixel.tapad.com https://mid.rkdms.com/ https://dmp.truoptik.com https://i.liadm.com https://io.narrative.io https://odr.mookie1.com https://ups.analytics.yahoo.com https://ml314.com/utsync.ashx https://beacon.krxd.net https://tags.rd.linksynergy.com https://px4.ads.linkedin.com https://googleads.g.doubleclick.net https://data.adxcel-ec2.com https://gtm-pchlzvs-yzg3y.uc.r.appspot.com; font-src 'self' data: https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ *.mpeasylink.com *.bankofalbuquerque.com *.bankofoklahoma.com *.bankoftexas.com *.bokfinancial.com fast.fonts.net *.cloudflare.com fonts.gstatic.com; connect-src 'self' https://v.clarity.ms/collect https://px.ads.linkedin.com https://bat.bing.com https://bam.nr-data.net/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://z.clarity.ms/collect chat.bok.com https://cdn.linkedin.oribi.io/ *.googleapis.com *.calcxml.com app.quotemedia.com https://cdn.linkedin.oribi.io api.addsearch.com report.bokf.glassboxdigital.io http://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://gtm-pchlzvs-yzg3y.uc.r.appspot.com; frame-src 'self' https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://www.calcxml.com/ https://www.clarity.ms *.mpeasylink.com *.timetrade.com https://optimize.google.com https://quiz.tryinteract.com/ https://bokf.wufoo.com https://cdn.embedly.com/ http://player.vimeo.com http://www.surveygizmo.com *.doubleclick.net adservice.google.com *.youtube.com http://www.google.com *.kaltura.com http://videos.bokf.com tracking.bokfinancial.com https://insight.adsrvr.org https://quickquote-config.optimalblue.com https://quickquote-consumer.optimalblue.com/ https://match.adsrvr.org https://*.bokf.com; frame-ancestors 'self' *.bokf.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net iframe.ly cookie.dxlabs.fr cdnjs.cloudflare.com 'unsafe-inline' *; object-src 'none'; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' www.pinaultcollection.com *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.fr *.dxlabs.fr data:; media-src *; frame-src *; font-src  'self' themes.googleusercontent.com fonts.googleapis.com; connect-src 'self' *.google-analytics.com analytics.tiktok.com wjrmdnw.pa-cd.com; upgrade-insecure-requests; script-src-attr 'unsafe-inline' 1
frame-ancestors 'none'; font-src 'self' data:; form-action 'self' *.hsforms.net *.hsforms.com; img-src 'self' data: https://imgsct.cookiebot.com *.usercentrics.eu *.hsforms.com *.hsforms.net *.hs-scripts.com *.s3.amazonaws.com *.hscta.net *.hubspot.com https://px.ads.linkedin.com *.basemaps.cartocdn.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; object-src 'self'; 1
font-src 'self' tls.freenet.de https://fonts.gstatic.com; img-src * data:; frame-ancestors 'self'; object-src 'self'; base-uri 'none'; 1
default-src 'self' ws: wss: data:;media-src 'self' blob: data: *.akamaihd.net *.hotjar.com *.wistia.com;script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.ads-twitter.com *.akamaihd.net *.aptrinsic.com *.arjo.com *.azure.com *.azurestaticapps.net *.bing.com *.bootstrapcdn.com *.cloudflare.com *.cookiebot.com *.episerver.net *.euroland.com *.facebook.com *.facebook.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.hotjar.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.jquery.com *.jsdelivr.net *.licdn.com *.litix.io *.msecnd.net *.on24.com *.pardot.com *.qbank.se *.siteimprove.net *.virtualearth.net *.visualstudio.com *.wistia.com siteimproveanalytics.com;style-src 'self' 'unsafe-inline' *.aptrinsic.com *.bing.com *.bootstrapcdn.com *.cloudflare.com *.cloudflare.com *.episerver.net *.googleapis.com *.googletagmanager.com *.hotjar.com *.jsdelivr.net *.litix.io *.qbank.se *.wistia.com;font-src 'self' data: *.bootstrapcdn.com *.cloudflare.com *.cloudflare.com *.cloudfront.net *.gstatic.com *.litix.io *.qbank.se *.wistia.com;connect-src 'self' blob: ws: https://www.gstatic.com/ wss: https://*.linkedin.com/ *.akamaihd.net *.analytics.google.com *.aptrinsic.com *.arjo-express.com *.arjo.com *.articulate.com *.bing.com *.cloudfront.net *.cookiebot.com *.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.litix.io *.litix.io *.oribi.io *.qbank.se *.qbank.se *.siteimprove.com *.virtualearth.net *.visualstudio.com *.wistia.com *.wistia.net;img-src 'self' blob: data: http: https: *.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com;child-src data: 'self' blob: *.arjo-express.com *.arjo.com *.azurestaticapps.net *.b2clogin.com *.cookiebot.com *.dxcloud.episerver.net *.episerver.net *.euroland.com *.eurolandir.com *.facebook.com *.google.com *.hotjar.com *.licdn.com *.on24.com *.pardot.com *.powerbi.com *.qbank.se *.siteimprove.com *.vimeo.com *.wistia.com *.wistia.net *.youtube.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.eu.usercentrics.eu https://sdp.eu.usercentrics.eu https://app.usercentrics.eu https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://fast-static.smarketer.de https://fast.smarketer.de https://www.google.com https://www.youtube.com https://privacy-proxy.usercentrics.eu/latest/uc-block.bundle.js https://app.usercentrics.eu/latest/main.js https://privacy-proxy.usercentrics.eu https://www.googletagmanager.com https://static.b-ite.com https://cs-assets.b-ite.com https://api.usercentrics.eu https://tarteaucitron.io; frame-ancestors 'self' 1
child-src https://*.afilio.de; connect-src blob: https://*.afilio.de https://*.algolia.net https://*.getvero.com https://*.hotjar.com https://*.hotjar.io https://*.posthog.com https://autocomplete.search.hereapi.com https://bigquery.googleapis.com https://firestore.googleapis.com https://identitytoolkit.googleapis.com https://securetoken.googleapis.com wss://*.afilio.de wss://*.hotjar.com wss://*.upscope.io; default-src 'none'; font-src https://*.afilio.de https://*.hotjar.com; frame-ancestors https://*.afilio.de; frame-src blob: https://*.afilio.de https://*.calendly.com https://*.cloudflarestream.com https://*.hotjar.com https://afilio-de.firebaseapp.com https://calendly.com; img-src blob: data: https://*.afilio.de https://*.hotjar.com https://a.slack-edge.com https://avatars.slack-edge.com; manifest-src https://*.afilio.de; media-src https://*.afilio.de; object-src https://*.afilio.de; script-src https://*.afilio.de https://*.calendly.com https://*.cloudflarestream.com https://*.getvero.com https://*.hotjar.com https://*.posthog.com https://*.upscope.io https://apis.google.com https://d3qxef4rp70elm.cloudfront.net; style-src 'unsafe-inline' https://*.afilio.de; report-uri https://o1357534.ingest.sentry.io/api/4504418313502720/security/?sentry_key=213bcc9a958643b79f4762ab22959b99 1
frame-ancestors 'self' plays.org; 1
default-src 'self';  connect-src 'self' https://*.doubleclick.net/ https://*.googlesyndication.com/ https://analytics.google.com/ https://www.google-analytics.com/ https://api.hubapi.com/ https://csi.gstatic.com/;  frame-src 'self' https://www.googleadservices.com/ https://*.doubleclick.net/ https://*.googlesyndication.com/ https://www.google.com/ https://www.youtube.com/;  media-src 'self' https://player.vimeo.com/ https://download-video.akamaized.net/ https://www.youtube.com/;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com/ https://*.doubleclick.net/ https://*.googlesyndication.com/ https://www.googletagservices.com/ https://diffuser-cdn.app-us1.com/ https://prism.app-us1.com/ https://trackcmp.net/;  style-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://fonts.googleapis.com/;  img-src 'self' blob: data: https://api.eremedia.com/ https://googleads.g.doubleclick.net/ https://*.googlesyndication.com/ http://www.google.com/ https://i.ytimg.com/ https://www.googletagmanager.com/ https://fonts.gstatic.com/;  font-src 'self' https://fonts.gstatic.com/;  object-src 'none';  base-uri 'self';  form-action 'self';  frame-ancestors 'none'; 1
font-src 'self' https://use.typekit.net/ https://cdn.curator.io/ https://fonts.gstatic.com/ https://cdnapisec.kaltura.com/; object-src 'none'; frame-ancestors 'self' https://experience.elluciancloud.com/ 1
default-src 'self' teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/; connect-src 'self'  *.addthis.com *.clarity.ms *.cookielaw.org *.doubleverify.com *.evergage.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleusercontent.com *.hs-banner.com *.hsforms.com *.hscollectedforms.net *.hubspot.com *.mktoresp.com *.mktoutil.com *.onetrust.com *.teamusa.org ad.doubleclick.net analytics.tiktok.com api.airbrake.io attestation.android.com bcbolt446c5271-a.akamaihd.net cdn.jsdelivr.net cdn.linkedin.oribi.io csi.gstatic.com csp.withgoogle.com dw5zrj66pk.execute-api.us-east-1.amazonaws.com d.agkn.com edge.api.brightcove.com failover-k8s-widgets.sports.gracenote.com gtm-w82hjxd-otazy.uc.r.appspot.com ka-f.fontawesome.com manifest.prod.boltdns.net notifier-configs.airbrake.io ogdemo-api.sports.gracenote.com og2022-api.sports.gracenote.com og2020-api.sports.gracenote.com og2024-api.sports.gracenote.com pagead2.googlesyndication.com pixel.adsafeprotected.com px.ads.linkedin.com region1.analytics.google.com rum-collector-2.pingdom.net sdk.classy.org siteintercept.qualtrics.com sportapi-widgets.sports.gracenote.com sportapi.widgets.sports.gracenote.com teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ usopc.tfaforms.net widgets.sports.gracenote.com widgetfailover.sports.gracenote.com ws://*.teamusadev.com:24678/ ws://*.usopcdev.com:24678/ ws://localhost:24678/ ws://*.teamusadev.com:24678/ ws://*.usopcdev.com:24678/ www.facebook.com www.trackwrestling.com; font-src 'self' cdnjs.cloudflare.com data://* data: fonts.gstatic.com ka-f.fontawesome.com maxcdn.bootstrapcdn.com use.typekit.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ widgets.sports.gracenote.com www.trackwrestling.com; form-action 'self' *.twitter.com analytics.clickdimensions.com bbox.blackbaudhosting.com feedback.teamusa.org form.usoc.org la28.qualtrics.com link.teamusa.org teamusa.tfaforms.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ usoc.tfaforms.net usopc.tfaforms.net www.facebook.com; frame-ancestors 'self' *.olympics.com; frame-src 'self' *.addthis.com *.emailmeform.com *.facebook.com *.fls.doubleclick.net *.g.doubleclick.net *.google.com *.hsforms.com *.hsforms.net *.hubspot.com *.olympics.com *.olympics.com/olympic-family-iframe-olympics/ *.safeframe.googlesyndication.com *.sport80.com *.teamusa.com *.teamusadev.com *.teamusadev.com:3000 *.tiktok.com *.tourneymachine.com *.ttwstatic.com *.twitter.com *.usopc.org *.usopcdev.org *.wufoo.com abc11.com ad.doubleclick.net anchor.fm app-ab22.marketo.com archivist.teamusa.org bbox.blackbaudhosting.com c.streamhoster.com cdn.flipsnack.com console.googletagservices.com content.usawmembership.com draftable.com embed.fitrankings.com embed.gettyimages.com free.timeanddate.com https://cheer-generator-website-git-feature-status-page-dogstudio.vercel.app/ https://cheer-generator-website.vercel.app/ gc.com www.googleadservices.com geosnapshot.com giphy.com imasdk.googleapis.com indd.adobe.com judoreferee.com kingsumo.com livestream.com la28.qualtrics.com mdm-iframe.teamusa.com olympics.com olympics.com/olympic-family-iframe-olympics/ online.anyflip.com photos.pixlee.co player.vimeo.com players.brightcove.net public.tableau.com s3.amazonaws.com/online.anyflip.com/vrut/kvxl/ share.transistor.fm snapwidget.com stage-schedules.nbcolympics.com schedules.nbcolympics.com st.chatango.com streaming.enetlive.tv support.teamusa.org tableau.usoc.org td.doubleclick.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ themat.tv tpc.googlesyndication.com universe.queue-it.net uploads.knightlab.com usa.asasoftball.com usaboxing.webpoint.us usadiving.ticketspice.com usatt.simplycompete.com usawaterski.org usopc.tfaforms.net vplayer.nbcolympics.com vplayer.nbcsports.com www.bullseyelocations.com www.buzzsprout.com www.classy.org www.givedirect.org www.googletagmanager.com www.instagram.com www.omegawatches.com www.paypal.com www.paypalobjects.com www.scribd.com www.slideshare.net www.surveymonkey.com www.thorne.com www.universe.com www.usakaratemembership.com www.usaracquetballevents.com www.usawaterski.org www.usawmembership.com www.youtube.com www.youtube-nocookie.com; img-src 'self' https://usat-production.s3.amazonaws.com/ *.2mdn.net *.ads.linkedin.com *.adsafeprotected.com *.doubleverify.com *.evergage.com *.g.doubleclick.net *.google-analytics.com *.googlesyndication.com *.gstatic.com *.hsforms.com *.hsforms.net *.hubspot.com *.twimg.com *.twitter.com ad.doubleclick.net barbend.com bbox.blackbaudhosting.com c.bing.com c.clarity.ms cdn.cookielaw.org cdn-images.mailchimp.com cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.0/ajax-loader.gif cf-images.us-east-1.prod.boltdns.net clients1.google.com connect.facebook.net content.themat.com data: i.ytimg.com images.contentstack.io images.sports.gracenote.com images.teamusa.org img.youtube.com iwf.sport learningacademy1.usadiving.org mcusercontent.com/93fe0d952f40d98f22a93f8e4/images/ metrics.brightcove.com p.adsymptotic.com p.typekit.net pixel.quantserve.com public.tableau.com reg.usajudo.net region1.analytics.google.com res.cloudinary.com storage.googleapis.com siteintercept.qualtrics.com sjc1.qualtrics.com s3.amazonaws.com/photos.usacycling.org/ t.co t.paypal.com teamusa.tfaforms.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ tw-ads.s3-us-west-2.amazonaws.com tw-ads.s3.us-west-2.amazonaws.com upload.wikimedia.org/wikipedia/commons/3/32/Sarah_Docter_1980.jpg usa.asasoftball.com usoc.tfaforms.net usopc.tfaforms.net widgets.sports.gracenote.com www.facebook.com www.google.at www.google.be www.google.ca www.google.ch www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.uk www.google.co.vi www.google.com.au www.google.com.hk www.google.com.mx www.google.com.pr www.google.com.sg www.google.com.tw www.google.com www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.ie www.google.it www.google.lu www.google.nl www.google.no www.google.pt www.google.se www.google.vg www.googleapis.com www.googletagmanager.com www.iwf.net www.linkedin.com www.nationalspeedskatingmuseum.org www.officialgear.com www.paypalobjects.com www.trackwrestling.com; media-src 'self' blob: *.evergage.com bcbolt446c5271-a.akamaihd.net bcovlive-a.akamaihd.net manifest.prod.boltdns.net; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.addthis.com *.adsafeprotected.com *.britecove.com *.cdc.gov *.clarity.ms *.clickdimensions.com *.cookielaw.org *.evergage.com *.g.doubleclick.net *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.googleusercontent.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com *.hubspotfeedback.com *.hubspot.com *.instagram.com *.pxlecdn.com *.tiktok.com *.ttwstatic.com *.twitter.com *.wufoo.com *.youtube.com adservice.google.at adservice.google.be adservice.google.ca adservice.google.ch adservice.google.co.jp adservice.google.co.kr adservice.google.co.nz adservice.google.co.uk adservice.google.com.au adservice.google.com.hk adservice.google.com.mx adservice.google.com.pr adservice.google.com.sg adservice.google.com.tw adservice.google.com adservice.google.de adservice.google.dk adservice.google.es adservice.google.fi adservice.google.fr adservice.google.gr adservice.google.ie adservice.google.it adservice.google.nl adservice.google.no adservice.google.pt adservice.google.se ajax.googleapis.com analytics.tiktok.com app-ab22.marketo.com assets.pixlee.com/assets/fp.js az124611.vo.msecnd.net/web/v10/CDWidget.js bbox.blackbaudhosting.com c.bing.com cdn.doubleverify.com cdn.evgnet.com cdn.syndication.twimg.com cdnjs.cloudflare.com cdnslssl.coveritlive.com code.jquery.com connect.facebook.net console.googletagservices.com countdown.omegawatches.com cse.google.com feedback.hubapi.com images.teamusa.org kit.fontawesome.com lf16-tiktok-web.tiktokcdn-us.com maxcdn.bootstrapcdn.com munchkin.marketo.net players.brightcove.net public.tableau.com qa-widgets.sports.gracenote.com reg.usajudo.net rules.quantcount.com rum-static.pingdom.net sdk.classy.org secure.givelively.org secure.quantserve.com snap.licdn.com snapwidget.com siteintercept.qualtrics.com stackpath.bootstrapcdn.com static.ads-twitter.com storage.cloud.google.com storage.googleapis.com tableau.usoc.org teamusa.tfaforms.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ tps.doubleverify.com use.typekit.net usoc.tfaforms.net usopc.tfaforms.net v1.addthisedge.com vjs.zencdn.net widget.surveymonkey.com widgets.flickr.com widgets.sports.gracenote.com www.buzzsprout.com www.google.com www.googletagmanager.com www.googletagservices.com www.gstatic.com www.olympicchannel.com www.paypal.com www.paypalobjects.com www.trackwrestling.com www.universe.com zn6x64ufidwjzj7w2-la28.siteintercept.qualtrics.com; style-src 'self' 'unsafe-inline' *.evergage.com *.googleusercontent.com bbox.blackbaudhosting.com cdn-images.mailchimp.com cdn-us.clickdimensions.com cdn.fonts.net cdnjs.cloudflare.com code.jquery.com fonts.googleapis.com images.teamusa.org www.google.com/cse/ lf16-tiktok-web.tiktokcdn-us.com lf16-tiktok-web.ttwstatic.com maxcdn.bootstrapcdn.com p.typekit.net platform.twitter.com reg.usajudo.net static.ctctcdn.com/h/contacts-embedded-signup-assets/1.0.2/css/signup-form.css storage.cloud.google.com storage.googleapis.com teamusa.tfaforms.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ use.typekit.net usoc.tfaforms.net usopc.tfaforms.net www.instagram.com www.teamusa.org www.trackwrestling.com; worker-src 'self' blob: https://teamusa.report-uri.com/r/d/csp/enforce; report-uri ; 1
frame-ancestors 'self' *.azurefd.net gg.nuwo.ai; 1
frame-ancestors 'self' https: *.wigmore-hall.org.uk; frame-src 'self' https: *.wigmore-hall.org.uk 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.dcloud.co.id *.google-analytics.com *.google.com *.gstatic.com *.doku.com cdnjs.cloudflare.com/ajax/ *.facebook.net/en_US/sdk.js *.googletagmanager.com *.youtube.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com/ajax/ fonts.googleapis.com dtrust.co.id dcloud.co.id static.dcloud.co.id *.doku.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.google-analytics.com analytics.google.com *.google.co.id google.com stats.g.doubleclick.net *.dcloud.co.id; font-src 'self' data: fonts.gstatic.com static.dcloud.co.id dtrust.co.id dcloud.co.id cdnjs.cloudflare.com/ajax/; frame-src 'self' *.youtube.com *.doku.com *.google.com *.doubleclick.net; img-src 'self' *.google.co.id *.google.com dtrust.co.id *.dcloud.co.id secure.gravatar.com *.googleusercontent.com/; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
default-src 'self' https://mattilsynet-xp7qa.enonic.cloud https://mattilsynet-xp7prod.enonic.cloud https://unleash-edge.web.mattilsynet.io https://unleash.web.mattilsynet.io; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://app.powerbi.com https://embedded.powerbi.com; connect-src 'self' https://mattilsynet.matomo.cloud https://cdn.matomo.cloud ws://mattilsynet-xp7qa.enonic.cloud ws://mattilsynet-xp7prod.enonic.cloud https://mattilsynet-xp7qa.enonic.cloud https://mattilsynet-xp7prod.enonic.cloud https://unleash-edge.web.mattilsynet.io https://unleash.web.mattilsynet.io; font-src 'self' data: https://mattilsynet.matomo.cloud https://cdn.matomo.cloud; img-src 'self' data: https://mattilsynet.matomo.cloud https://cdn.matomo.cloud https://mattilsynet-xp7qa.enonic.cloud https://mattilsynet-xp7prod.enonic.cloud https://cache.kartverket.no; object-src 'none'; script-src 'self' 'unsafe-eval' https://mattilsynet.matomo.cloud https://cdn.matomo.cloud 'sha256-nzv8I5Mf0AZBUKeL70LtQfYBjK/DghfP72B8j+UI49I=' 'sha256-Q9vPNvpI3BYCNwzFpA56s9IESqfHGcA8LabbrsO988U=' 'sha256-kjnm6Rh0x+Gul1OW/wzmk9dfzz+Mi7p9+NUa9808dXM=' 'sha256-YEdE45l3HQmUsCkIquemxQPI8snc97t4ldUHeWRXRZI=' 'nonce-ev4LoZRIa7ImOe7mFO281w=='; style-src 'self' 'unsafe-inline' https://mattilsynet.matomo.cloud https://cdn.matomo.cloud 1
default-src https://*.rogii.com https://*.solo.cloud https://solo.cloud https://rogii-portal-prod.s3.amazonaws.com blob:; connect-src https://*.rogii.com https://*.solo.cloud https://solo.cloud https://*.s3.amazonaws.com https://login.microsoftonline.com https://www.google-analytics.com/ https://maps.googleapis.com https://auth.petroninja.com https://api.mapbox.com https://*.tgsnopec.com https://map.datalake.tgs.com https://global.oktacdn.com https://*.amplitude.com wss:; font-src 'self' https://*.rogii.com https://*.solo.cloud https://solo.cloud https:; img-src https://*.rogii.com https://*.solo.cloud https://solo.cloud https://s3.amazonaws.com https://*.s3.amazonaws.com https://maps.gstatic.com https://*.googleapis.com https://www.google-analytics.com https://api.mapbox.com https://map.datalake.tgs.com *.ggpht *.khms0 blob: data:; style-src https://*.rogii.com https://*.solo.cloud https://solo.cloud https://*.googleapis.com 'unsafe-inline' https://rogii-portal-prod.s3.amazonaws.com; frame-src https://*.starsteer.solo.cloud https://starsteer.solo.cloud https://auth.petroninja.com https://app.powerbi.com https://*.tgsnopec.com; script-src 'unsafe-eval' https://*.rogii.com https://*.solo.cloud https://solo.cloud https://maps.googleapis.com; form-action https://*.rogii.com https://*.solo.cloud https://solo.cloud starlite: rtm: fcast:; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; worker-src https://*.rogii.com https://*.solo.cloud https://solo.cloud blob:; 1
frame-ancestors 'self' *.orange.ro  1
default-src 'none'; script-src acdn.adnxs.com cdn.admo.tv cstatic.weborama.fr dc.ads.linkedin.com developers.atinternet-solutions.com *.dom101.mapres *.dom101.intres *.dom101.prdres *.doubleclick.net d.turn.com *.evermaps.net *.facebook.net facebook.com *.gbpce.net *.googletagmanager.com *.googleadservices.com *.hcaptcha.com *.inbenta.io *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.k-app.io marketing.adobe.com my.tealiumiq.com publicidees.com px.ads.linkedin.com r.turn.com secure.adnxs.com 'self' snap.licdn.com support.criteo.com *.tiqcdn.com 'unsafe-inline' 'unsafe-eval' *.1bis.com *.myfeelback.com cdn.trustindex.io analytics.tiktok.com s2.adform.net track.adform.net *.adform.net *.bing.com *.teads.tv *.linkeo.com *.banquepopulaire.fr *.palatine.fr; connect-src *.dom101.mapres *.dom101.intres *.dom101.prdres *.inbenta.io *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.k-app.io *.omtrdc.net 'self' *.tealiumiq.com *.2o7.net *.hcaptcha.com cdn.linkedin.oribi.io adservice.google.com www.facebook.com *.prod.mycloud.intrabpce.fr google.com *.google.com analytics.tiktok.com px.ads.linkedin.com pagead2.googlesyndication.com gen-chat.i-bp.banquepopulaire.dev:8888 gen-widgets.hom.mycloud.intrabpce.fr gen-widgets.prod.mycloud.intrabpce.fr *.teads.tv *.banquepopulaire.fr *.epalatine.fr *.palatine.fr; img-src data: cdn.admo.tv *.cloudimg.io cstatic.weborama.fr developers.atinternet-solutions.com *.doubleclick.net d.turn.com www.facebook.com www.google.fr www.google.com *.googletagmanager.com *.inbenta.com *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.k-app.io *.omtrdc.net ib.adnxs.com publicidees.com *.hcaptcha.com r.turn.com secure.adnxs.com 'self' snap.licdn.com support.criteo.com *.myfeelback.com *.kxcdn.com www.linkedin.com dc.ads.linkedin.com px.ads.linkedin.com px4.ads.linkedin.com cdn.trustindex.io my.tealiumiq.com action.metaffiliation.com *.bing.com *.teads.tv *.linkeo.com *.banquepopulaire.fr *.palatine.fr; style-src fonts.googleapis.com *.inbenta.io 'self' *.hcaptcha.com 'unsafe-inline' *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.k-app.io cdn.trustindex.io *.linkeo.com *.banquepopulaire.fr *.palatine.fr; font-src data: fonts.gstatic.com *.inbenta.io 'self' *.banquepopulaire.fr; frame-ancestors *.dom101.mapres *.dom101.intres *.dom101.prdres 'self' *.banquepopulaire.fr *.epalatine.fr *.palatine.fr; frame-src https: *; worker-src 'self' blob:; report-uri https://www.csp.bpce.fr/v1/record; 1
frame-ancestors 'self' http://www.rslcontent.co.uk; 1
default-src 'self'; block-all-mixed-content ; base-uri 'self'; object-src 'none'; script-src  'nonce-49e8ce120a2248649ba3c766534b98da' 'self' 'unsafe-eval' https://www.clarity.ms/ https://*.onetrust.com https://cdn.gbqofs.com/ https://raconteur.london/ https://secure.scan6show.com https://lonrtp1-cdn.marketo.com https://munchkin.marketo.net https://d2oh4tlt9mrke9.cloudfront.net https://region1.google-analytics.com/ https://connect.facebook.net https://snap.licdn.com https://static.ads-twitter.com https://widgets.getsitecontrol.com https://static.oktopost.com https://view.ceros.com https://polyfill.io https://optimize.google.com https://www.google-analytics.com https://az416426.vo.msecnd.net https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.google.com/ https://dl.episerver.net https://maps.googleapis.com https://uk1.siteimprove.com https://analytics.newscred.com https://siteimproveanalytics.com https://www.youtube.com https://s.ytimg.com https://www.grantthornton.co.uk/ https://*.googletagmanager.com https://flo.uri.sh/ https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com; img-src 'self' data: https://*.onetrust.com https://*.google-analytics.com/ https://www.google.com/ https://www.google.com.vn/ https://*.analytics.google.com/ https://www.gstatic.com/i https://t.co/ https://px.ads.linkedin.com/ https://c.bing.com/ https://c.clarity.ms/ https://pixel.welcomesoftware.com/ https://b.ws.sessioncam.com https://ws.sessioncam.com https://l.betrad.com https://a.usea01.idio.episerver.net https://stats.g.doubleclick.net https://passle-net.s3.amazonaws.com/ https://p.adsymptotic.com https://px.ads.linkedin.com https://t.co https://1175.global.siteimproveanalytics.io https://www.linkedin.com https://www.facebook.com https://syndication.twitter.com https://optimize.google.com https://platform.twitter.com https://pbs.twimg.com https://images.passle.net https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://pixel.newscred.com https://i.ytimg.com https://emergencyresponse.grantthornton.co.uk https://img.youtube.com https://grant-thornton.vuturevx.com https://ton.twimg.com https://ssl.gstatic.com/ https://raconteur.london https://app.getsitecontrol.com https://gtukstaticwebcontenttest.azurewebsites.net/ https://webstaticcontent.grantthornton.co.uk/ https://analytics.twitter.com/ https://*.googletagmanager.com https://cdn.optimizely.com; style-src 'self' 'unsafe-inline' https://www2.grantthornton.co.uk/js/forms2/css/forms2-theme-simple.css https://www2.grantthornton.co.uk/js/forms2/css/forms2-theme-plain.css https://www2.grantthornton.co.uk/js/forms2/css/forms2.css https://rtp-static.marketo.com https://optimize.google.com https://platform.twitter.com https://cdnjs.cloudflare.com https://dukb55syzud3u.cloudfront.net https://sdk.passle.net https://fonts.googleapis.com https://clientapi.passle.net https://ton.twimg.com https://tagmanager.google.com/ https://fonts.googleapis.com/; font-src 'self' data: https://static3.avast.com/ https://st.getsitecontrol.com https://dukb55syzud3u.cloudfront.net https://fonts.gstatic.com https://webstaticcontent.grantthornton.co.uk; frame-src 'self' https://td.doubleclick.net/ https://rss.app/ https://www2.grantthornton.co.uk https://flo.uri.sh https://embed.chartblocks.com/ https://app.powerbi.com/ https://www.facebook.com https://www.podbean.com/ https://syndication.twitter.com/ https://platform.twitter.com https://www.passle.net https://view.ceros.com https://www.youtube.com https://optimize.google.com https://w.soundcloud.com https://player.vimeo.com https://www.gstatic.com https://cdn.optimizely.com https://a10084069166.cdn.optimizely.com https://www.slideshare.net https://www.google.com https://flo.uri.sh/ https://polite-island-04548d803.1.azurestaticapps.net/ https://*.optimizely.com https://a28826650685.cdn.optimizely.com https://a28826650685.cdn-pci.optimizely.com; connect-src 'self' https://*.onetrust.com https://*.googlesyndication.com https://px.ads.linkedin.com https://maps.googleapis.com/ https://analytics.google.com https://*.analytics.google.com/ https://googleads.g.doubleclick.net https://www.google.com/ https://*.google-analytics.com/ https://445-uit-144.mktoutil.com https://app.getsitecontrol.com https://dc.services.visualstudio.com https://www.passle.net https://clientapi.passle.net https://az416426.vo.msecnd.net https://logx.optimizely.com https://extreme-ip-lookup.com https://lonrtp1.marketo.com/ https://445-uit-144.mktoresp.com https://ws.sessioncam.com https://stats.g.doubleclick.net https://www.facebook.com https://b.ws.sessioncam.com/ https://www.clarity.ms/ https://idx.liadm.com/ https://c1001.report.gbss.io/ https://*.googletagmanager.com https://a.clarity.ms https://b.clarity.ms https://c.clarity.ms https://d.clarity.ms https://e.clarity.ms https://f.clarity.ms https://g.clarity.ms https://h.clarity.ms https://i.clarity.ms https://j.clarity.ms https://k.clarity.ms https://l.clarity.ms https://m.clarity.ms https://n.clarity.ms https://o.clarity.ms https://p.clarity.ms https://q.clarity.ms https://r.clarity.ms https://s.clarity.ms https://t.clarity.ms https://u.clarity.ms https://v.clarity.ms https://w.clarity.ms https://x.clarity.ms https://y.clarity.ms https://z.clarity.ms https://*.optimizely.com; frame-ancestors https://*.optimizely.com https://*.optimizelyedit.com 'self'; worker-src 'self' blob:; 1
frame-ancestors 'self' https://livezilla.centerpointe.com; 1
default-src 'self' singaporegp.sg *.singaporegp.sg; object-src 'self' singaporegp.sg *.singaporegp.sg; img-src 'self' data: blob: singaporegp.sg *.singaporegp.sg recaptcha.net *.recaptcha.net *.google.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net *.facebook.com *.facebook.net *.cloudflare.com *.cloudfront.net turn.com *.turn.com *.amgdgt.com *.gravatar.com *.gravatar.com placehold.it i0.wp.com *.moatads.com *.addthisedge.com *.sharethis.com *.google.com.sg; media-src *; frame-src 'self' *.singaporegp.sg s7.addthis.com *.google.com *.facebook.com *.facebook.net *.doubleclick.net *.youtube.com recaptcha.net *.recaptcha.net *.xdel.com; font-src 'self' data: singaporegp.sg *.singaporegp.sg recaptcha.net *.recaptcha.net *.google.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net *.facebook.com *.facebook.net *.cloudflare.com *.cloudfront.net turn.com *.turn.com *.amgdgt.com *.bootstrapcdn.com *.ionicframework.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' singaporegp.sg *.singaporegp.sg recaptcha.net *.recaptcha.net *.google.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net *.facebook.com *.facebook.net *.cloudflare.com *.cloudfront.net turn.com *.turn.com *.amgdgt.com m.addthisedge.com s7.addthis.com m.addthis.com api-public.addthis.com platform-api.sharethis.com buttons-config.sharethis.com singaporegp.us3.list-manage.com s3.amazonaws.com cdn.damianoff.com blazecdn.com *.bootstrapcdn.com *.ionicframework.com *.datatables.net *.moatads.com *.addthisedge.com *.jquery.com *.googletagmanager.com polyfill.io cdn.jsdelivr.net *.googleadservices.com *.sharethis.com bcp.crwdcntrl.net; style-src 'self' 'unsafe-inline' singaporegp.sg *.singaporegp.sg recaptcha.net *.recaptcha.net *.google.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net *.facebook.com *.facebook.net *.cloudflare.com *.cloudfront.net turn.com *.turn.com *.amgdgt.com *.mailchimp.com *.bootstrapcdn.com *.ionicframework.com *.datatables.net *.moatads.com *.addthisedge.com *.jquery.com cdn.jsdelivr.net; connect-src 'self' singaporegp.sg *.singaporegp.sg recaptcha.net *.recaptcha.net *.google.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net *.facebook.com *.facebook.net *.cloudflare.com *.cloudfront.net turn.com *.turn.com *.amgdgt.com s7.addthis.com m.addthis.com *.jquery.com *.addthis.com *.sharethis.com; frame-ancestors 'self' *.facebook.com *.youtube.com; manifest-src 'self' singaporegp.sg *.singaporegp.sg; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' tt.omtrdc.net *.akstat.io akstat.io *.go-mpulse.net go-mpulse.net *.amazonaws.com amazonaws.com s3-eu-west-1.amazonaws.com *.bing.com bing.com *.btttag.com btttag.com c212.net cloudflare.com *.decibelinsight.net wss://collection.decibelinsight.net decibelinsight.net g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.facebook.com *.facebook.net facebook.com facebook.net *.fanplayr.com fanplayr.com *.gigya.com gigya.com *.google.com *.google.de *.google.it *.googlesyndication.com *.gstatic.com *.youtube-nocookie.com google.co.uk google.com google.de google.it googlesyndication.com gstatic.com youtube-nocookie.com googleadservices.com *.googleapis.com googleapis.com *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.jaguar.com jaguar.co.uk jaguar.com *.build.landrover *.jaguarlandrover.com *.landrover.com *.landrover.de *.landrover.it *.pds.jaguarlandrover.com build.landrover jaguarlandrover.com landrover.co.uk landrover.com landrover.de landrover.it pds.jaguarlandrover.com ads.linkedin.com linkedin.com linkedin.oribi.io licdn.com *.lpsnmedia.net lpsnmedia.net *.liadm.com liadm.com *.liveperson.net idp.liveperson.net liveperson.net msg.liveperson.net msghist.liveperson.net v.liveperson.net a.run.app *.netdirector.auto netdirector.auto *.a.run.app *.ads.linkedin.com *.akamaihd.net *.b-cdn.net *.c212.net *.cloudflare.com *.config.landrover.com *.configureconnect.com *.decibel.com *.fls.doubleclick.net *.google.co.uk *.googleadservices.com *.jaguar.co.uk *.jaguarlandroverclassic.com *.jlr-dev.com *.kampyle.com *.landrover.co.uk *.landroverusa.com *.licdn.com *.linkedin.com *.linkedin.oribi.io *.medallia.eu *.netdirector.co.uk *.omtrdc.net *.onetrust.com *.pinimg.com *.pinterest.com *.podscribe.com *.psyma.com *.sc-static.net *.scene7.com *.securedvisit.com *.sfmc-content.com *.snapchat.com *.sophus3.com *.stripe.com *.sv.rkdms.com *.userlike.com *.web.app *.woosmap.com *.yahoo.co.jp akamaihd.net cdn.cookielaw.org collector-37690.tvsquared.com config.landrover.com cookie-cdn.cookiepro.com d34r8q7sht0t9k.cloudfront.net decibel.com jlr-360--ngcrm.sandbox.my.salesforce-scrt.com jlr-360--ngcrm.sandbox.my.site.com jlr-360.my.salesforce.com landroverusa.com ldti.syndication.kbb.com leasinglandrover.de pixel.tapad.com psyma.com sophus3.com syndication.kbb.com userlike.com web.app www.leasinglandrover.de pinimg.com pinterest.com podscribe.com securedvisit.com *.serving-sys.com serving-sys.com sc-static.net snapchat.com stripe.com *.tiktok.com tiktok.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.ads-twitter.com ads-twitter.com *.t.co t.co sv.rkdms.com *.vee24.com vee24.com woosmap.com *.yimg.jp yahoo.co.jp yimg.jp *.youtube.com *.ytimg.com youtube.com ytimg.com wss://lo.msg.liveperson.net wss://umd.userlike.com data: blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.top-ru.news https://push.top-ru.news https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://push.top-ru.news https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz https://push.top-ru.news ; 1
report-uri https://fifauteam.com/ 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri https://www.llyfrgell.cymru/?eID=error 1
default-src https: https: 'unsafe-inline' 'unsafe-eval'; script-src 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'self' https://www.pildorasdefe.net/cc-sty/nopre.css connect.facebook.net/es_LA/sdk.js 'unsafe-inline' *.googleapis.com apis.google.com https://platform.twitter.com; font-src 'self' apis.google.com https://platform.twitter.com *.gstatic.com data:; media-src 'self' https://platform.twitter.com apis.google.com; img-src 'self' apis.google.com * data:; object-src 'self'; base-uri 'none'; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
frame-ancestors managemycopay-back.xsunt.com; 1
default-src 'self'; script-src 'self' ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; report-uri api/Common/CspReport; frame-src 'self' *.eveseliba.gov.lv; img-src 'self' blob: ; 1
frame-ancestors 'self'; report-uri https://www.rp-photonics.com/csp-reports.php; 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com *.googletagmanager.com always 1
frame-ancestors 'self' https://w3f-website-gatsby-8b7e0a.netlify.app/ https://www.web3.foundation https://web3.foundation 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' wss://tsock.us1.twilio.com/v3/wsconnect https://api.talkdeskapp.com https://talkdeskchatsdk.talkdeskapp.com https://qa-cdn-talkdesk.talkdeskdev.com https://ssl.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net https://iris.epremiuminsurance.com https://www.paycomonline.net https://kit.fontawesome.com https://ka-p.fontawesome.com;     font-src 'self' https://talkdeskchatsdk.talkdeskapp.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://kit.fontawesome.com https://ka-p.fontawesome.com;     script-src 'unsafe-inline' 'unsafe-eval' 'self' https://talkdeskchatsdk.talkdeskapp.com https://ssl.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ajax.googleapis.com http://ajax.googleapis.com https://www.googletagmanager.com https://kit.fontawesome.com https://ka-p.fontawesome.com;     style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://kit.fontawesome.com https://ka-p.fontawesome.com;     frame-ancestors 'self' https://iris.epremiuminsurance.com;         img-src * 'self' data: https: https://iris.epremiuminsurance.com 1
img-src 'self' * data:; style-src 'self' 'unsafe-inline' *; upgrade-insecure-requests; frame-ancestors 'self'; 1
report-uri /tpicap/report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' https://*.openstreetmap.org/ https://api.mapbox.com/ https://unpkg.com/ https://piwik.bzga.de/ https://service.bzga.de/ https://shop.bzga.de/ https://www.etracker.de/ https://static.etracker.com/ https://code.etracker.com/; img-src 'self' https://shop.bzga.de/ data: https://*.openstreetmap.org/ https://api.mapbox.com/ https://unpkg.com/ https://piwik.bzga.de https://service.bzga.de https://www.etracker.de https://static.etracker.com https://code.etracker.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.mapbox.com/ https://unpkg.com/ https://piwik.bzga.de https://service.bzga.de https://www.etracker.de https://static.etracker.com https://code.etracker.com 1
frame-ancestors 'self' https://www.ourlounge.at/; block-all-mixed-content 1
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self' banesco.qualtrics.com; object-src 'none'; 1
Content-Security-Policy: frame-ancestors 'self' http://reversinglabs.lookbookhq.com https://reversinglabs.lookbookhq.com http://reversinglabs.pathfactory.com https://reversinglabs.pathfactory.com http://content.reversinglabs.com https://content.reversinglabs.com; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' https://px.ads.linkedin.com/ https://www.google-analytics.com https://content.hotjar.io wss://ws.hotjar.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://analytics.google.com/ https://analytics.google.com/ https://metrics.hotjar.io https://www.youtube.com/ https://toppanmerrill2.local https://www.google.com https://www.gstatic.com https://www.youtube.com https://js.hs-banner.com https://js.hs-analytics.net https://*.hubspot.com https://*.hsforms.com https://www.w3.org https://*.addtoany.com https://www.google-analytics.com/ wss://ws.hotjar.com/ https://content.hotjar.io/ https://analytics.google.com https://stats.g.doubleclick.net/ www-widgetapi.js; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.livechat-static.com https://go.toppanmerrill.com https://api.livechatinc.com https://cdn.livechatinc.com/ https://connect.livechatinc.com/ https://consent.cookiefirst.com/ https://script.hotjar.com/ https://snap.licdn.com/ https://static.hotjar.com/ https://snap.licdn.com/ https://snap.licdn.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com https://www.googletagmanager.com/ https://cdn.jsdelivr.net/ https://maxcdn.bootstrapcdn.com https://toppanmerrill2.local https://js.hs-banner.com https://js.hsforms.net https://js.hs-analytics.net https://js.hs-scripts.com https://js.hsleadflows.net https://static.addtoany.com https://*.gstatic.com https://www.youtube.com https://www.google.com https://googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://snap.licdn.com ttps://snap.licdn.com/ https://static.hotjar.com/ https://snap.licdn.com/li.lms-analytics/ https://snap.licdn.com/ https://www.googletagmanager.com/ https://script.hotjar.com wss://ws.hotjar.com/ https://content.hotjar.io https://px.ads.linkedin.com/ https://cdnjs.cloudflare.com/; style-src 'self' 'unsafe-inline' https://cdn.livechat-static.com https://fonts.googleapis.com https://consent.cookiefirst.com https://www.w3.org https://maxcdn.bootstrapcdn.com/; img-src 'self' 'unsafe-inline' data: https://cdn.livechat-static.com https://i.ytimg.com https://api.text.com https://yoast.com https://yoa.st https://ps.w.org https://px4.ads.linkedin.com https://www.linkedin.com https://www.googletagmanager.com/ https://forms-na1.hsforms.com/ https://px.ads.linkedin.com https://px.ads.linkedin.com/ https://www.google.com/ https://toppanmerrill2.local/sec-connect/ https://www.s.w.org https://www.google-analytics.com/ https://forms.hsforms.com https://track.hubspot.com forms-na1.hsforms.com https://www.google.com https://px.ads.linkedin.com; connect-src 'self' https://stats.addtoany.com https://pagead2.googlesyndication.com https://api.cookiefirst.com https://vc.hotjar.io https://yoast.com https://metrics.hotjar.io https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://googleads.g.doubleclick.net https://content.hotjar.io/ wss://ws.hotjar.com https://px.ads.linkedin.com https://www.google.com https://consent.cookiefirst.com https://edge.cookiefirst.com; font-src 'self' 'unsafe-inline' data: https://s0.wp.com https://fonts.gstatic.com; frame-ancestors 'self' content.toppanmerrill.com toppanmerrill.seismic.com; frame-src 'self' 'unsafe-inline' https://connect.livechatinc.com https://secure.livechatinc.com https://www.youtube-nocookie.com/ https://go.toppanmerrill.com/ https://w.soundcloud.com/ https://www.google.com/ https://www.youtube.com/ https://static.addtoany.com/; worker-src blob: 1
default-src 'self' feed.pghub.io pandg.tapad.com ; child-src blob: feed.pghub.io pandg.tapad.com ; media-src * 'self' data: https: blob: ; style-src 'self' 'unsafe-inline' * ; img-src * 'self' data: https: blob: ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' *.cookielaw.org *.onetrust.com ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: https: ; frame-src * ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://connect.facebook.net https://snap.licdn.com https://js.adsrvr.org https://ajax.googleapis.com https://www.google.com https://www.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.clarity.ms https://fast.wistia.com https://fast.wistia.net *.adobedtm.com *.dialogtech.com *.simpli.fi *.doubleclick.net *.kickfire.com *.googletagmanager.com *.licdn.com *.facebook.com https://apps.usw2.pure.cloud https://privacyportal-cdn.onetrust.com https://rumiview.com https://www.rumiview.com https://s.yimg.com  cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://polyfill.io https://static.addtoany.com https://unpkg.com mdbootstrap.com stackpath.bootstrapcdn.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://privacyportal-cdn.onetrust.com  cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' https://iamsmart.livekefu.com https://uat-iamsmart.livekefu.com 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com https://iamsmart.livekefu.com https://uat-iamsmart.livekefu.com 'unsafe-inline'; media-src 'self' https://www.youtube.com; frame-src 'self' https://www.youtube.com https://iamsmart.livekefu.com https://uat-iamsmart.livekefu.com; img-src 'self' data: https://iamsmart.livekefu.com https://uat-iamsmart.livekefu.com https://api.hkmapservice.gov.hk https://img.youtube.com; font-src 'self' https://fonts.gstatic.com 1
img-src 'self' www.facebook.com cdn.cookielaw.org fast.fonts.net; 1
object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests; frame-ancestors 'self' 'self'; form-action 'self' https://survey.g.doubleclick.net/ https://www.facebook.com/tr/ https://forms.hsforms.com/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://cdn.jst.ai/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://p.typekit.net/ https://use.typekit.net/ https://optimize.google.com https://connect.podium.com/ https://cdn.jsdelivr.net/ *.udev1a.net *.usablenet.com *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com p.typekit.net use.typekit.net 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://tools.justuno.com/ https://adservice.google.ca/ https://adservice.google.com/ https://adservices.brandcdn.com/ https://analytics.jst.ai/ https://api.braintreegateway.com/ https://bam.nr-data.net/ https://cdn.jsdelivr.net/ https://cdn.jst.ai/ https://cdn.livechatinc.com/ https://client-analytics.braintreegateway.com/ https://connect.facebook.net/ https://d.adroll.mgr.consensu.org/consent/iabcheck/KLHAGB4PQRDAZK2BRGDAY3 https://d10lpsik1i8c69.cloudfront.net/w.js https://forms.hsforms.com/ https://googleads.g.doubleclick.net/ https://js-agent.newrelic.com/ https://js.braintreegateway.com/ https://js.hs-analytics.net/ https://js.hs-banner.com/ https://js.hs-scripts.com/ https://js.hscollectedforms.net/ https://js.hsforms.net/ https://maps.google.com/ https://maps.googleapis.com https://my.jst.ai/ https://s.adroll.com/ https://script.hotjar.com/ https://secure.livechatinc.com/ https://static.hotjar.com/ https://survey.g.doubleclick.net/ https://tag.brandcdn.com/autoscript/ https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js https://www.google-analytics.com/plugins/ua/ec.js https://www.google.com/pagead/conversion_async.js https://www.google.com/recaptcha/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.paypalobjects.com/ https://apis.google.com/ https://www.google.com/ https://d.adroll.com/consent/check/ https://adservice.google.com.ua/ https://cdn.quantummetric.com/qscripts/quantum-watsons.js https://pippio.com/api/sync/ https://adservice.google.pl/ https://api.livechatinc.com/ *.purechat.com *.purechatcdn.com https://www.googleapis.com/youtube/ https://*.paypal.com https://optimize.google.com https://aly.jst.ai https://jslib.emotive.io https://loader.wisepops.com https://live.rezync.com/ https://*.rfihub.net/ cdn.wisepops.com https://s.pinimg.com/ https://call.chatra.io/chatra.js https://connect.podium.com/ https://www.clickcease.com/ https://aa.trkn.us/ https://js.hsadspixel.net/ https://www.youtube.com/ https://jslib.emotive.io/ https://tag.simpli.fi/ *.udev1a.net *.usablenet.com assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com https://www.gstatic.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org tools.justuno.com cdnjs.cloudflare.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src 'self' https://cdn.livechatinc.com *.adobe.com 'self' 'unsafe-inline'; img-src 'self' data: https://nextroll.com/ https://www.google.pl/ https://adservice.google.pl/ https://b.stats.paypal.com https://c.paypal.com https://checkout.paypal.com https://d.adroll.com https://forms.hsforms.com https://googleads.g.doubleclick.net https://graphics.jst.ai https://insight-event.brandcdn.com https://insight.adsrvr.org https://track.hubspot.com https://watsons-cincinnati.s3.us-east-2.amazonaws.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.paypalobjects.com https://www.magentocommerce.com https://www.xtento.com https://chd.stats.paypal.com/counter2.cgi https://perf.hsforms.com/embed/v3/counters.gif https://pixel.advertising.com/ups/55980/sync https://dsum-sec.casalemedia.com/rum https://pixel.rubiconproject.com/tap.php https://sync.outbrain.com/cookie-sync https://simage2.pubmatic.com/AdServer/Pug https://d.adroll.com/cm/r/in https://sync.taboola.com/sg/adroll-network/1/rtb-h https://eb2.3lift.com/xuid https://ups.analytics.yahoo.com/ups/55980/sync https://www.google.com.ua/pagead/1p-user-list/984698218/ https://www.google.com.ua/ads/ga-audiences https://ads.yahoo.com/cms/v1 https://www.google.com.ua/pagead/ https://forms.hubspot.com/collected-forms/submit/form mage https://dpm.demdex.net the image https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com https://cbks0.googleapis.com/cbk https://lh3.ggpht.com/ https://geo0.ggpht.com/cbk https://geo1.ggpht.com/cbk https://geo2.ggpht.com/cbk https://geo3.ggpht.com/cbk https://match.sharethrough.com https://dub.stats.paypal.com https://optimize.google.com https://i.ytimg.com/ cdn.wisepops.com cdn.klarna.com https://khms0.googleapis.com/kh https://khms1.googleapis.com/kh https://cm.g.doubleclick.net https://secure.adnxs.com https://ct.pinterest.com/v3/ https://segment.prod.bidr.io/ https://assets.podium.com/ https://*.krxd.net/ https://www.gstatic.com/ https://ib.adnxs.com/ https://us-u.openx.net/ https://image2.pubmatic.com/ https://idsync.rlcdn.com/ https://x.bidswitch.net/ https://forms-na1.hsforms.com/ https://podium-prod.s3.amazonaws.com/ https://odr.mookie1.com/ https://match.adsrvr.org/ https://*.addthis.com/ https://*.agkn.com/ https://*.doubleclick.net/ https://*.truoptik.com/ https://*.linksynergy.com/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com maps.googleapis.com maps.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com d.adroll.com graphics.jst.ai paypal.com blob: arttrk.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; frame-src 'self' https://survey.g.doubleclick.net/ https://forms.hsforms.com/ https://adservices.brandcdn.com https://assets.braintreegateway.com https://bid.g.doubleclick.net https://c.paypal.com https://cdn.jst.ai https://d1eoo1tco6rr5e.cloudfront.net https://insight.adsrvr.org https://my.matterport.com https://secure.livechatinc.com https://vars.hotjar.com https://www.google.com https://www.xtento.com https://app.hubspot.com https://www.facebook.com/ https://cdn.flipsnack.com/ https://ssl.kaptcha.com/ https://optimize.google.com https://js.hsforms.net/ https://www.youtube.com/ https://*.rfihub.com/ https://www.pinterest.com https://chat.chatra.io/ https://ct.pinterest.com/ https://aa.trkn.us/ https://firebuilder.travisindustries.com/ https://player.flipsnack.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://www.xtento.com https://connect.podium.com/ https://cdn.livechatinc.com/ fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com https://www.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; connect-src 'self' https://api.livechatinc.com/ wss://ws3.hotjar.com/api/ https://analytics.jst.ai/api/analytics/ https://analytics.jst.ai/api/session/ https://d.adroll.com/segment/KLHAGB4PQRDAZK2BRGDAY3/N6CLSWZXNVDYXMAGWZ7HLO https://forms.hubspot.com/collected-forms/v1/config/json https://my.jst.ai/ifm_4.1.html https://my.jst.ai/promocode/getcode_4.1.html https://settings.luckyorange.net https://stats.g.doubleclick.net/j/collect https://www.facebook.com/tr/ https://www.google-analytics.com/collect https://www.google-analytics.com/j/collect https://in.hotjar.com/api/v2/client/sites/1661351/visit-data https://watsons-app.quantummetric.com https://hubspot-forms-static-embed.s3.amazonaws.com/prod/5117171/968477ab-7ead-4482-a503-614d359cdde8.json.gz https://www.google.com/recaptcha/api.js https://forms.hsforms.com/emailcheck/ https://forms.hubspot.com/collected-forms/submit/form *.purechat.com https://*.braintree-api.com https://*.braintreegateway.com https://*.paypal.com https://*.hotjar.com https://*.hotjar.io https://bam.nr-data.net/ https://aly.jst.ai/ *.emotiveapp.co https://popup.wisepops.com/my-wisepop tracking.wisepops.com https://maps.googleapis.com https://ct.pinterest.com/user/ https://forms.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://mind-flayer.podium.com/ https://activity.wisepops.com/ https://api.hubapi.com/ https://api.amplitude.com/ https://api.lab.amplitude.com/ https://lab.analyticspodium.com/sdk/vardata https://api2.analyticspodium.com/2/httpapi https://forms.hscollectedforms.net/ *.udev1a.net *.usablenet.com https://js.hs-banner.com/v2/cf-location https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ wss://ws.hotjar.com/api/v2/client/ws https://stats.g.doubleclick.net/ https://ipgeolocation.abstractapi.com/ dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com d.adroll.com s.adroll.com my.jst.ai 'self' 'unsafe-inline'; default-src none 'self' 'unsafe-inline' 'unsafe-eval'; worker-src blob:; 1
frame-ancestors 'self' https://desipapa.com https://www.desipapa.com https://desipapa.vip https://www.desipapa.vip http://desi-fantasy.com http://www.desi-fantasy.com http://indiansexstories.desipapa.com http://www.suniasharma.com https://www.doodhwali.com https://www.doodhwali.xxx 1
frame-ancestors 'self' https://www.naturalhr.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: 'unsafe-inline' 'unsafe-eval' *.vimeo.com 'unsafe-inline' 'unsafe-eval' *.boards-api.greenhouse.io *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://cdn.bizible.com https://www.google.com brandfolder-svc.com https://cdn-cookieyes.com/ cdn.hu-manity.co/ https://tags.clickagy.com/ cdn.jsdelivr.net pages.e2open.com pages.e2open.com/js/forms2/css/forms2.css blob: *.ep-mimecast.ads-twitter.com *.doubleclick.net *.google.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.marketo.com *.nr-data.net https://analytics.twitter.com https://bat.bing.com https://bam.nr-data.net https://cdn.abrankings.com https://connect.facebook.net https://content.linkedin.com https://cdn.syndication.twimg.com https://en.twitter.com https://f.vimeocdn.com https://googleads.g.doubleclick.net https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://j.6sc.co https://js.adsrvr.org https://js.facebook.com https://js-agent.newrelic.com https://munchkin.marketo.net https://okt.to https://platform.linkedin.com https://platform.twitter.com https://play.vidyard.com https://player.vimeo.com https://r.bing.com https://static.ads-twitter.com https://script.crazyegg.com https://ssl.google-analytics.com https://script.hotjar.com https://static.hotjar.com https://snap.licdn.com https://static-exp1.licdn.com https://static.oktopost.com https://tagmanager.google.com https://t.co https://visitor.reactful.com https://www.clarity.ms https://www.google-analytics.com https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.vimeo.com https://ws.zoominfo.com https://app-sj31.marketo.com/index.php/form/getForm https://bam.nr-data.net/1/NRJS-861f3eedf716c4eaf11 https://bat.bing.com/bat.js https://cdn.abrankings.com/js/client.js https://cdn.syndication.twimg.com/timeline/profile https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/722106568/ https://j.6sc.co/6si.min.js https://js-agent.newrelic.com/nr-1216.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://munchkin.marketo.net/munchkin.js https://okt.to/ping https://pages.e2open.com/js/forms2/js/forms2.min.js https://platform.twitter.com/js/moment~timeline.d73eae5387f08ab9f8b71dcf9d12d391.js https://play.vidyard.com/embed/v4.js https://player.vimeo.com/api/player.js https://script.crazyegg.com/pages/scripts/0104/0422.js https://script.hotjar.com/modules.86ab03b5bc9b930d4f53.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://static.hotjar.com/c/hotjar-2184122.js https://static.oktopost.com/oktrk.js https://visitor.reactful.com/dist/main.rtfl.js https://ws.zoominfo.com/pixel/61eeeb0bcd134a001e3eda0d https://www.clarity.ms/tag/uet/17464652 https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com/gtm.js *.vimeo.com *.vimeocdn.com *.newrelic.com www.googletagservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com *.typeform.com embed.typeform.com api.typeform.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: 'unsafe-inline' 'report-sample' 'unsafe-inline' https://pages.e2open.com cdn.jsdelivr.net *.marketo.net *.marketo.com *.licdn.com *.google.com *.bing.com fonts.googleapis.com platform.twitter.com ton.twimg.com www.googletagmanager.com fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com *.vimeocdn.com maps.googleapis.com maps.google.com translate.googleapis.com tagmanager.google.com *.typeform.com embed.typeform.com api.typeform.com *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: 'unsafe-inline' data: https://ad.doubleclick.net https://image.thum.io https://t0.gstatic.com https://www.e2open.com https://img.youtube.com https://cdn.bizible.com  https://cdn.bizibly.com https://pages.e2open.com https://cdn-cookieyes.com https://abs.twimg.com https://p.adsymptotic.com https://id.rlcdn.com https://px.ads.linkedin.com px.ads.linkedin.com https://aorta.clickagy.com https://analytics.twitter.com https://b.6sc.co https://bat.bing.com https://pbs.twimg.com https://platform.twitter.com https://px.ads.linkedin.com https://secure.gravatar.com https://syndication.twitter.com https://t.co https://ton.twimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com *.vidyard.com *.twimg.com *.twitter.com *.clarity.ms *.linkedin.com *.t.co *.bing.com t.co facebook.com zoominfo.com *.google.com *.6sc.co privacy-policy.truste.com px.ads.linkedin.com www.google.com.au *.google.co https://px.ads.linkedin.com/collect s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://809-eog-429.mktoresp.com wss://ws.hotjar.com  https://content.hotjar.io https://directory.cookieyes.com https://log.cookieyes.com/ https://cdn.bizibly.com https://cdn-cookieyes.com https://px.ads.linkedin.com https://epsilon-globalaccelerator.6sense.com  https://designer-api.hu-manity.co/ https://hemsync.clickagy.com https://aorta.clickagy.com/ cdn.linkedin.oribi.io https://ad.doubleclick.net https://api.redirect.li/v1/ https://bam.nr-data.net https://bat.bing.com https://cdn.abrankings.com https://d.clarity.ms https://epsilon.6sense.com https://in.hotjar.com https://ipv6.6sc.co https://script.crazyegg.com https://sheets.googleapis.com https://stats.g.doubleclick.net https://tracking.reactful.com https://visitor.reactful.com https://ws.zoominfo.com https://ws31.hotjar.com https://www.google-analytics.com wss://ws31.hotjar.com *.6sc.co *.facebook.com *.hotjar.com *.clarity.ms secure.adnxs.com *.google-analytics.com vc.hotjar.io assets-tracking.crazyegg.com pages.e2open.com tracking.crazyegg.com pagestates-tracking.crazyegg.com 809-eog-429.mktoutil.com ws32.hotjar.com f.clarity.ms wss://ws30.hotjar.com wss://ws41.hotjar.com *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com boards-api.greenhouse.io https://809-eog-429.mktoresp.com https://hemsync.clickagy.com https://aorta.clickagy.com/ *.typeform.com embed.typeform.com api.typeform.com *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com; font-src 'self' data: data: https://fonts.gstatic.com data: fonts.gstatic.com fonts.googleapis.com connecteurope.e2open.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' *.googlesyndication.com *.boards-api.greenhouse.io; media-src 'self' ; frame-src 'self' 'unsafe-inline' https://play.vidyard.com td.doubleclick.net https://integration-panel-ui.brandfolder-svc.com brandfolder-svc.com https://*.fls.doubleclick.net https://match.adsrvr.org https://www.google.com pages.e2open.com https://11817530.fls.doubleclick.net https://match.adsrvr.org https://app-sj31.marketo.com https://bid.g.doubleclick.net https://insight.adsrvr.org https://player.vimeo.com https://vars.hotjar.com https://www.facebook.com *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com *.typeform.com embed.typeform.com api.typeform.com www.youtube-nocookie.com *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' blob: *.vimeo.com *.googlesyndication.com *.google.com *.facebook.com *.doubleclick.net connect.facebook.net platform.twitter.com vimeo.com www.googletagmanager.com *.vimeocdn.com www.youtube.com *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; worker-src 'self' blob: www.google.com; base-uri 'self' ; form-action 'self' *.twitter.com *.google.com *.facebook.com connect.facebook.net pages.e2open.com; frame-ancestors 'self' t.co twitter.com https://*.paperflite.com https://play.vidyard.com/; upgrade-insecure-requests; report-uri https://62cf790d4226858c368f8a9c.endpoint.csper.io?v=3;; 1
default-src 'self' *.typekit.net stackpath.bootstrapcdn.com *.fontawesome.com *.twitter.com sjgov.org www.sjgov.org api-us1.cludo.com *.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.typekit.net stackpath.bootstrapcdn.com *.fontawesome.com *.twitter.com unpkg.com translate.google.com www.googletagmanager.com customer.cludo.com votinginfotool.org www.tickcounter.com translate-pa.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.typekit.net stackpath.bootstrapcdn.com *.fontawesome.com customer.cludo.com votinginfotool.org; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net stackpath.bootstrapcdn.com *.fontawesome.com ka-f.fontawesome.com; img-src 'self' *.gstatic.com *.googleapis.com https://www.wrh.noaa.gov *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.typekit.net stackpath.bootstrapcdn.com *.google.com sjgov.org www.sjgov.org resource.sjgov.org customer.cludo.com vit-logos.votinginfoproject.org votinginfotool.org; media-src 'self' data: blob: https://resource.sjgov.org/; frame-src 'self' https://sjc-gis.maps.arcgis.com/ https://*.google.com/ *.verkada.com https://www.uyt.co/ https://www.youtube.com/ https://childsupport.ca.gov/ https://feed.mikle.com https://www.dhs.gov *.twitter.com https://sanjoaquin.granicus.com/ https://www.publicpurchase.com/ www.facebook.com https://user.govoutreach.com/ https://publicrealtime.dm1.tech/ *.vimeo.com www.tickcounter.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.typekit.net stackpath.bootstrapcdn.com *.verkada.com *.twitter.com *.vimeo.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.typekit.net stackpath.bootstrapcdn.com *.fontawesome.com *.verkada.com *.cludo.com sjgov.org translate.googleapis.com maps.googleapis.com www.googleapis.com translate-pa.googleapis.com; object-src 'self'; 1
base-uri 'none'; default-src 'self' https: blob:; connect-src 'self' https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com *.nr-data.net https://blog.daisybillstaging.com https://blog.daisybill.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.amazonaws.com *.statuspage.io *.wistia.com fast.wistia.net px.ads.linkedin.com *.sentry.io; frame-src 'self' https: www.google.com/recaptcha/ www.gstatic.com/recaptcha/; font-src 'self' https: data: js.intercomcdn.com fonts.intercomcdn.com; img-src 'self' blob: data: about: js.intercomcdn.com static.intercomassets.com downloads.intercomcdn.com downloads.intercomcdn.eu downloads.au.intercomcdn.com uploads.intercomusercontent.com gifs.intercomcdn.com video-messages.intercomcdn.com messenger-apps.intercom.io messenger-apps.eu.intercom.io messenger-apps.au.intercom.io *.intercom-attachments-1.com *.intercom-attachments.eu *.au.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com static.intercomassets.eu static.au.intercomassets.com images.ctfassets.net *.typekit.net *.wistia.com *.cloudfront.net *.daisybillreview.com *.s3.amazonaws.com *.daisybill.com *.daisybillstaging.com www.google.com px.ads.linkedin.com; object-src *.s3.amazonaws.com; script-src 'self' 'strict-dynamic' www.google.com www.gstatic.com *.googletagmanager.com app.intercom.io widget.intercom.io js.intercomcdn.com use.typekit.com js-agent.newrelic.com *.nr-data.net ajax.googleapis.com *.s3.amazonaws.com fast.wistia.com www.recaptcha.net browser.sentry-cdn.com js.sentry-cdn.com  'nonce-8zCt5zceV3GCYitvKI1V0g=='; style-src 'self' https: 'unsafe-inline' 'unsafe-eval' use.typekit.com use.typekit.net; child-src 'self' intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com; report-uri /csp_reports 1
default-src 'self' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 1
base-uri 'self'; style-src 'self' 'unsafe-inline' *.cognitoforms.com *.dignityhealth.org *.foresee.com *.hellohumankindness.org *.marketo.com fonts.googleapis.com use.typekit.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dignityhealth.org *.evaliahealth.com *.everesttech.net *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.gstatic.com/recaptcha/ *.hellohumankindness.org *.invoca.net *.jotform.io *.marketo.com *.marketo.net *.recaptcha.net/recaptcha/ *.tealiumiq.com *.youtube.com ajax.googleapis.com ajax.microsoft.com bam.nr-data.net cdnjs.cloudflare.com commonspirit.experiencecloud.adobe.com experience.adobe.com js-agent.newrelic.com login.commonspirit.org maps.googleapis.com pc-dignityhealth-visitor-service.tealiumiq.com tags.tiqcdn.com use.typekit.net; frame-src 'self' *.jotform.io *.marketo.com *.vimeo.com *.youtube.com commonspirit.demdex.net docasap.com www.cognitoforms.com www.google.com www.recaptcha.net; img-src 'self' *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.googleadservices.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.hellohumankindness.org *.marketo.com *.youtube.com bam.nr-data.net cdn.jotfor.ms data: dpm.demdex.net i.ytimg.com login.commonspirit.org s3.amazonaws.com use.typekit.net www.google.com; connect-src 'self' *.ase-usw1-shared-prd.p.azurewebsites.net *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.hellohumankindness.org *.mktoresp.com *.mktoutil.com *.omtrdc.net ajax.microsoft.com analytics.google.com bam.nr-data.net dpm.demdex.net fid.agkn.com fonts.googleapis.com identity-api.commonspirit.org identity-func.commonspirit.org login.commonspirit.org maps.googleapis.com pc-dignityhealth-collect.tealiumiq.com pc-dignityhealth-visitor-service.tealiumiq.com readaloud.googleapis.com translate.googleapis.com; default-src 'self' *.dignityhealth.org commonspirit.demdex.net identity-func.commonspirit.org identity-spa.commonspirit.org login.commonspirit.org pc-dignityhealth-collect.tealiumiq.com; font-src 'self' *.dignityhealth.org *.gstatic.com cdn.jorfor.ms data: use.typekit.net; 1
default-src 'self' * ws: wss: data: blob:; frame-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; font-src 'self' * data:; connect-src 'self' * ws: wss:; img-src 'self' data: * http: https:; child-src 'self' * blob:; 1
font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://fonts.gstatic.com https://cdn.jsdelivr.net; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://*.doubleclick.net https://cdn.jsdelivr.net *.recaptcha.net recaptcha.net https://www.google.com/recaptcha/ https://recaptcha.google.com https://vars.hotjar.com/ https://www.facebook.com/ https://*.criteo.com https://*.criteo.net; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.criteo.net data: https://www.google.co.id https://www.facebook.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://img.youtube.com https://blogspr.mocil.id https://cdn.jsdelivr.net https://s3.amazonaws.com https://code.jquery.com www.gstatic.com/recaptcha https://mocil.id https://storage.googleapis.com https://cm.g.doubleclick.net https://ib.adnxs.com https://contextual.media.net https://pixel.rubiconproject.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://eb2.3lift.com https://ups.analytics.yahoo.com https://adgen.socdm.com https://tg.socdm.com https://cs.adingo.jp https://ad.360yield.com https://s.ad.smaato.net https://ade.clmbtech.com https://ib.adnxs.com https://ups.analytics.yahoo.com https://hb.yahoo.net https://beacon.krxd.net https://*.facebook.com https://*.criteo.com https://criteo-sync.teads.tv; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' blob: https://www.googletagmanager.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net https://*.facebook.net https://*.pusher.com/ https://www.googleadservices.com https://www.google-analytics.com https://www.youtube.com https://s.ytimg.com https://*.doubleclick.net https://code.jquery.com https://*.cloudflare.com https://*.googleapis.com https://www.googleadservices.com http://www.googleadservices.com https://cdn.jsdelivr.net https://www.recaptcha.net https://recaptcha.net https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.google.com/recaptcha/ https://static.hotjar.com https://script.hotjar.com https://*.tiktok.com/ https://analytics.tiktok.com https://unpkg.com http://*.criteo.com https://*.criteo.com https://*.criteo.net; style-src 'self' 'unsafe-inline' 'report-sample' https://tagmanager.google.com https://fonts.googleapis.com https://code.jquery.com https://*.cloudflare.com https://*.googleapis.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://unpkg.com; worker-src https://www.google-analytics.com blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://connect.facebook.net https://claims.discover-airlines.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*; font-src 'self' data:; connect-src 'self' *.doubleclick.net *.googleadservices.com *.google.com youtube.com www.youtube.com *.google-analytics.com; frame-src 'self' *.doubleclick.net youtube.com www.youtube.com connect.facebook.net claims.discover-airlines.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; 1
default-src 'self' data: blob: https://*.lehrer-online.de/ https://*.handwerk-macht-schule.de; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.lehrer-online.de/ https://*.handwerk-macht-schule.de https://*.stripe.com https://*.paypalobjects.com https://*.paypal.com https://*.lamapoll.de https://*.lamapoll.io https://*.eduversum.de https://*.activehosted.com https://h5p.org https://*.adspirit.de https://*.googleapis.com https://*.youtube-nocookie.com https://*.cloudfront.net https://*.jwplayer.com https://*.googletagmanager.com https://*.vidis.schule https://plausible.io https://maileon-lpc.s3.eu-central-1.amazonaws.com https://news.lehrer-online.de; style-src 'self' data: 'unsafe-inline' https://*.lehrer-online.de/ https://*.handwerk-macht-schule.de https://*.stripe.com https://*.paypalobjects.com https://*.paypal.com https://*.adspirit.de https://*.googleapis.com https://*.youtube-nocookie.com https://*.cloudfront.net https://*.jwplayer.com https://fast.fonts.net https://fonts.googleapis.com https://plausible.io https://news.lehrer-online.de; img-src 'self' data: blob: https://*.lehrer-online.de/ https://*.handwerk-macht-schule.de https://*.stripe.com https://*.paypalobjects.com https://*.paypal.com https://*.adspirit.de https://*.googleapis.com https://*.youtube-nocookie.com https://*.cloudfront.net https://*.jwplayer.com https://*.gstatic.com https://*.google.com https://*.googleusercontent.com w3.org/svg/2000 https://h5p.org https://secure.gravatar.com https://*.vidis.schule https://news.lehrer-online.de; font-src 'self' data: https://fonts.gstatic.com https://fast.fonts.net https://*.vidis.schule; connect-src 'self' data: blob: https://*.lehrer-online.de/ https://*.stripe.com https://*.paypalobjects.com https://*.paypal.com https://*.eduversum.de https://h5p.org https://*.adspirit.de https://*.googleapis.com https://*.youtube-nocookie.com https://*.cloudfront.net https://*.jwplayer.com https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://plausible.io; media-src 'self' https://*.lehrer-online.de/ https://*.edupool.cloud/ https://*.adspirit.de https://*.googleapis.com https://*.youtube-nocookie.com https://*.cloudfront.net https://*.jwplayer.com; object-src 'self' data: https://*.lehrer-online.de/ https://*.adspirit.de https://*.googleapis.com https://*.youtube-nocookie.com https://*.cloudfront.net https://*.jwplayer.com; prefetch-src 'self' https://*.lehrer-online.de/ https://*.stripe.com https://*.paypalobjects.com https://*.paypal.com https://*.adspirit.de https://*.googleapis.com https://*.youtube-nocookie.com https://*.cloudfront.net https://*.jwplayer.com; child-src 'self' https://*.lehrer-online.de/ https://*.stripe.com https://*.paypalobjects.com https://*.paypal.com https://*.eduversum.de https://*.adspirit.de https://*.googleapis.com https://*.youtube-nocookie.com https://*.cloudfront.net https://*.jwplayer.com https://maileon-lpc.s3.eu-central-1.amazonaws.com; frame-src 'self' https://*.lehrer-online.de/ https://*.stripe.com https://*.paypalobjects.com https://*.paypal.com https://h5p.org https://*.h5p.org https://*.edupool.cloud https://*.lamapoll.de https://*.eduversum.de https://*.canva.com https://*.mastertool-online.com https://*.vimeo.com https://*.h5p.com https://*.adspirit.de https://*.googleapis.com https://*.youtube-nocookie.com https://*.cloudfront.net https://*.jwplayer.com https://*.google.com https://*.zdf.de https://maileon-lpc.s3.eu-central-1.amazonaws.com; worker-src 'self' blob: https://*.lehrer-online.de/ https://*.adspirit.de https://*.googleapis.com https://*.youtube-nocookie.com https://*.cloudfront.net https://*.jwplayer.com; frame-ancestors 'self' https://*.lehrer-online.de/ https://*.demo.meinbildungsraum.de https://*.meinbildungsraum.de/; form-action 'self' https://*.lehrer-online.de/ https://*.adspirit.de https://*.paypalobjects.com https://*.paypal.com https://*.googleapis.com https://*.youtube-nocookie.com https://*.cloudfront.net https://*.jwplayer.com; upgrade-insecure-requests; base-uri 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com  https://culoansaver.com https://delivery.datatrac.net *.datatrac.net https://3riversfculocator.wave2.io https://*.msecnd.net apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://s.ytimg.com https://publish.twitter.com platform.linkedin.com https://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://www.googletagmanager.com *.msecnd.net https://stackpath.bootstrapcdn.com/ https://cdn.boomcdn.com/ https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://code.jquery.com/ https://www.google-analytics.com/analytics.js https://www.onlinebanktours.com/external/v5/BCM_Light_Box.js *.addthis.com *.addthisedge.com https://graph.facebook.com https://z.moatads.com https://api.alpharank.io apis.google.com *.simpli.fi *.salemove.com *.glia.com https://abe-embedded-web.s3.amazonaws.com/glia-custom-renderer-latest.js https://info.autobooks.co recruitingbypaycor.com https://www.googleanalytics.com https://www.google-analytics.com https://abe-embedded-web.s3.amazonaws.com/glia-custom-renderer-src.js https://dev.virtualearth.net https://www.eventbriteapi.com https://www.eventbrite.com https://assets.sitescdn.net *.canva.com https://analytics.google.com/ *.segmint.net *.cloudfront.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/smartbanner.js/1.16.0/smartbanner.min.js https://static.3riversfcu.org https://cdn.timetrade.com/scripts/lightbox/latest/lightbox.js consumer.optimalblue.com https://api.stlouisfed.org *.alpharank.io; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com *.datatrac.net www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://stackpath.bootstrapcdn.com/bootstrap/4.1.2/css/bootstrap.min.css https://cdn.boomcdn.com/libs/owl-carousel/2.3.4/assets/owl.theme.default.min.css https://cdn.boomcdn.com/libs/owl-carousel/2.3.4/assets/owl.carousel.min.css https://use.fontawesome.com/ https://cdn.boomcdn.com/ https://www.onlinebanktours.com/external/v5/BCM_Ad_Styles.css *.salemove.com *.glia.com recruitingbypaycor.com https://fonts.googleapis.com https://assets.sitescdn.net *.canva.com *.segmint.net *.cloudfront.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/assets/owl.carousel.min.css https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/assets/owl.theme.default.min.css https://cdnjs.cloudflare.com/ajax/libs/smartbanner.js/1.16.0/smartbanner.min.css *.alpharank.io; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://use.fontawesome.com/ *.segmint.net *.cloudfront.net https://cdn.jsdelivr.net; img-src 'self' *.gstatic.com *.datatrac.net *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: *.datatrac.net blob: *.eloqua.com track.hubspot.com https://cdn.oectours.com/media/ https://www.onlinebanktours.com https://i.ytimg.com https://www.googletagmanager.com *.googleusercontent.com *.simpli.fi https://www.googleadservices.com *.doubleclick.net *.tremorhub.com *.yahoo.com *.bfmio.com *.rlcdn.com *.lijit.com *.tapad.com https://bcp.crwdcntrl.net *.agkn.com *.exelator.com *.bluekai.com *.pubmatic.com https://fei.pro-market.net *.advertising.com *.spotxchange.com *.rubiconproject.com *.openx.net https://ib.adnxs.com *.intentiq.com https://ads.stickyadstv.com *.google.com https://sync.mathtag.com https://secure.insightexpressai.com https://1f2e7.v.fwmrm.net https://pbid.pro-market.net https://match.adsrvr.org https://segments.company-target.com https://jelly.mdhv.io https://sync.tidaltv.com https://www.entitytag.co.uk https://www.totaljobs.com *.webmd.com https://pippio.com https://tag.apxlv.com *.salemove.com *.glia.com https://www.google-analytics.com https://www.googletagmanager.com https://assets.sitescdn.net *.segmint.net *.cloudfront.net https://cdn.jsdelivr.net; media-src 'self' data: blob: *.glia.com https://www.eventbrite.com; child-src 'self' https://cdn.flipsnack.com https://culoansaver.com *.datatrac.net https://delivery.datatrac.net https://3riversfculocator.wave2.io https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.onlinebanktours.com *.datatrac.net *.addthis.com *.timetrade.com https://webchat.3riversfcu.com *.tryinteract.com *.salemove.com *.glia.com https://forms.monday.com https://survey.alchemer.com https://reporting.alchemer.com *.culookup.com https://abe-embedded-web.s3.amazonaws.com/glia-custom-renderer-latest.js https://info.autobooks.co recruitingbypaycor.com https://dev.virtualearth.net 3riversfcu.hosted.panopto.com *.glia.com https://www.eventbriteapi.com https://www.eventbrite.com https://assets.sitescdn.net *.canva.com https://analytics.google.com/ *.segmint.net *.cloudfront.net https://cdn.jsdelivr.net https://supportform.3riversfcu.org https://static.3riversfcu.org https://cdn.timetrade.com/scripts/lightbox/latest/lightbox.js consumer.optimalblue.com *.alpharank.io; connect-src 'self' wss: accounts.google.com https://*.dec.sitefinity.com 3riversfcu.hosted.panopto.com *.datatrac.net *.mktoresp.com https://dc.services.visualstudio.com/v2/ https://pixel.alpharank.io https://www.google-analytics.com https://stats.g.doubleclick.net *.salemove.com *.glia.com https://forms.monday.com https://survey.alchemer.com https://reporting.alchemer.com *.culookup.com https://abe-embedded-web.s3.amazonaws.com/glia-custom-renderer-latest.js https://info.autobooks.co recruitingbypaycor.com https://dev.virtualearth.net *.glia.com https://www.eventbriteapi.com https://www.eventbrite.com https://assets.sitescdn.net *.canva.com https://analytics.google.com/ *.segmint.net *.cloudfront.net https://cdn.jsdelivr.net https://supportform.3riversfcu.org https://static.3riversfcu.org https://cdn.timetrade.com/scripts/lightbox/latest/lightbox.js consumer.optimalblue.com https://api.stlouisfed.org *.alpharank.io; object-src 'none'; 1
default-src             'self'             ;         script-src             'self'             'unsafe-inline'             'unsafe-eval'            'wasm-unsafe-eval'             *.egonzehnder.com             amplify.outbrain.com             analytics.twitter.com             *.usersnap.com             cdn.hypemarks.com             connect.facebook.net             consent.cookiebot.com             consentcdn.cookiebot.com             googleads.g.doubleclick.net             platform.twitter.com             snap.licdn.com             static.ads-twitter.com             tr.outbrain.com             use.typekit.net             view.ceros.com             *.ceros.com             www.google-analytics.com             www.google.com             *.analytics.google.com             *.google.com             www.googleadservices.com             www.googletagmanager.com             www.gstatic.com             www.youtube.com             *.hs-scripts.com             js.hscollectedforms.net             js.hsadspixel.net             js.hs-banner.com             js.hs-analytics.net             cdn.parsely.com             *.hotjar.com             *.hotjar.io             cdn.linkedin.oribi.io             *.googletagmanager.com             *.images-home.com             unpkg.com             cdn.jsdelivr.net             *.hsforms.net             ;         style-src             'self'             'unsafe-inline'             fonts.googleapis.com             ;         img-src             *             data:             *.google-analytics.com             *.googletagmanager.com             ;         media-src             *             ;         object-src             'none'             ;         base-uri             'self'             ;         worker-src             blob:             ;         child-src             blob:             ;         connect-src             'self'             consentcdn.cookiebot.com             www.facebook.com             *.usersnap.com             www.google-analytics.com             api.hubapi.com             www.google.com             *.google.com             *.doubleclick.net             *.hubspot.com             https://*.hotjar.com             https://*.hotjar.io             wss://*.hotjar.com             cdn.linkedin.oribi.io             *.parsely.com             leadersanddaughters.com             *.google-analytics.com             *.analytics.google.com             *.googletagmanager.com             *.linkedin.com             https://api.friendlycaptcha.com             *.hsforms.com             hubspot-forms-static-embed.s3.amazonaws.com             ;         font-src             'self'             fonts.gstatic.com             use.typekit.net             data:             ;         frame-src             'self'             *.egonzehnder.com             *.getbrandcast.com             cdn.hypemarks.com             consentcdn.cookiebot.com             hbr.org             p.typekit.net             platform.twitter.com             view.ceros.com             www.bloomberg.com             www.facebook.com             www.google.com             www.youtube.com             youtube.com             www.youtube-nocookie.com             *.simplecast.com             *.soundcloud.com             *.hotjar.com             via.placeholder.com             www.buzzsprout.com             demo.mcaptcha.org             *.hsforms.com             ;          1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval';img-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' https://track.bikesonline.com.au https://help.catch.com.au https://uattesting-catch.cs112.force.com; 1
form-action 'self' https://www.otip.com/Preference-Center/Thank-You https://13.otip.com/Preference-Center/Thank-You https://dev.otip.com/Preference-Center/Thank-You https://www.raeo.com/Preference-Center/Thank-You https://13.raeo.com/Preference-Center/Thank-You https://dev.raeo.com/Preference-Center/Thank-You https://cl.exct.net https://otip.ca1.qualtrics.com https://siteintercept.qualtrics.com; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com/ https://code.jquery.com https://otip.my.salesforce-sites.com https://www.google.com https://cdn.jsdelivr.net http://w.sharethis.com https://analytics.twitter.com http://www.gstatic.com https://static.ads-twitter.com https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net http://bat.bing.com http://siteimproveanalytics.com http://platform.twitter.com https://cdnjs.cloudflare.com https://player.vimeo.com http://graph.facebook.com https://graph.facebook.com https://optimize.google.com https://www.googleoptimize.com https://www.googleanalytics.com http://www.google-analytics.com https://www.google-analytics.com https://weatherwidget.io https://maxcdn.bootstrapcdn.com https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com http://websites.cdn.getfeedback.com https://ajax.googleapis.com https://googleads.g.doubleclick.net http://www.googleadservices.com use.typekit.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://z.moatads.com http://www.twinsurance.ca https://play.vidyard.com https://cdn-cookieyes.com;  style-src 'self' 'unsafe-inline' https://code.jquery.com https://getbootstrap.com https://cdn.jsdelivr.net https://www.otipinsurance.com http://www.otipinsurance.com use.typekit.net https://optimize.google.com https://fonts.googleapis.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com;  img-src 'self' data: https://code.jquery.com/ https://img.youtube.com/ https://cloud.e.edvantage.ca/ https://i.ytimg.com https://googleads.g.doubleclick.net/ https://script.hotjar.com https://bat.bing.com https://analytics.twitter.com https://t.co https://6105564.global.siteimproveanalytics.io https://edvantage.ca p.typekit.net https://stats.g.doubleclick.net https://ssl.google-analytics.com https://siteintercept.qualtrics.com https://quote.otip.com https://otipinsurance.com https://www.google.ca https://www.google.com https://www.otipinsurance.com https://www.otip.com https://ssl.gstatic.com https://www.gstatic.com https://optimize.google.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn-cookieyes.com;   font-src 'self' use.typekit.net https://script.hotjar.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; object-src 'self';     frame-src 'self' https://admin.otip.com/ https://13admin.otip.com/ https://td.doubleclick.net/ https://13.raeo.com/ https://13.otip.com/ https://otip.com/ https://dev.raeoassurance.com/ https://optimize.google.com https://www.facebook.com https://vars.hotjar.com https://www.getfeedback.com https://otip.ca1.qualtrics.com/ https://www.youtube.com https://www.otip.com https://share.transistor.fm https://bid.g.doubleclick.net https://weatherwidget.io https://player.vimeo.com https://play.vidyard.com; connect-src 'self' https://directory.cookieyes.com/ https://ask.hotjar.io https://surveystats.hotjar.io https://pagead2.googlesyndication.com https://metrics.hotjar.io https://static.hotjar.com https://otip.my.salesforce.com https://content.hotjar.io https://otip.my.salesforce-sites.com https://bat.bing.com https://otip.secure.force.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://www.google.ca https://www.googleadservices.com https://stats.g.doubleclick.net https://www.google-analytics.com https://siteintercept.qualtrics.com https://log.cookieyes.com https://cdn-cookieyes.com; report-uri https://www.otip.com/otip/endpoint; 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src * blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
connect-src 'self' *.analytics.google.com *.google-analytics.com *.googleadservices.com *.here.com *.hotjar.com *.onetrust.com *.pinterest.com *.sharetobuy.com cdn.cookielaw.org consentag.mgr.consensu.org content.hotjar.io insight.reflow.tv lm.serving-sys.com platform.twitter.com secure-ds.serving-sys.com stats.g.doubleclick.net wss://*.hotjar.com https://www.sharetobuy.com/wp; font-src 'self' *.googleapis.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com data: https://www.sharetobuy.com/wp; frame-src *.crwdcntrl.net *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.kuula.co *.spec.co *.theviewer.co *.twitter.com *.vimeo.com *.youtube.com andrewhorwitz.com app.immoviewer.com app.lapentor.com app.theviewer.co assets.reflow.tv cgitours.soresi.co.uk consentag.eu consentag.mgr.consensu.org dropbox.com embed360.s3.eu-west-2.amazonaws.com Imagine-Living.vr-360-tour.com kuula.co lm.serving-sys.com MadeSnappy my.matterport.com network-homes.vr-360-tour.com notting-hill-genesis.vr-360-tour.com octavia.vr-360-tour.com orders.captureenhanced.com roundme.com seekbeak.com spec.co/wp/wp-login.php static.addtoany.com tagmanager.google.com theviewer.co tour.giraffe360.com vars.hotjar.com Viewber vimeo.com www.accelevents.com www.dropbox.com www.googletagmanager.com www.icreatevr.com www.instagram.com www.madesnappy.co.uk www.photoplan.co.uk www.reevo360.com www.tidyworkdevelopment.co.uk https://drive.google.com/file/d/ https://kuula.co/share/collection/ https://my.matterport.com https://octavia-homes.vr-360-tour.com/ https://octavia.vr-360-tour.com https://orders.reevo360.com https://sketchfab.com/models/ https://sovereign-network-homes.vr-360-tour.com/ https://storage.viewit360.co.uk https://tidyworkdevelopment.co.uk/tidyworkdevelopment.co.uk/ https://tours.daviddaniels.co.uk/tour/ https://view.ricohtours.com/ https://vr.photoplan360.com/; child-src *.crwdcntrl.net *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.kuula.co *.spec.co *.theviewer.co *.twitter.com *.vimeo.com *.youtube.com andrewhorwitz.com app.immoviewer.com app.lapentor.com app.theviewer.co assets.reflow.tv cgitours.soresi.co.uk consentag.eu consentag.mgr.consensu.org dropbox.com embed360.s3.eu-west-2.amazonaws.com Imagine-Living.vr-360-tour.com kuula.co lm.serving-sys.com MadeSnappy my.matterport.com network-homes.vr-360-tour.com notting-hill-genesis.vr-360-tour.com octavia.vr-360-tour.com orders.captureenhanced.com roundme.com seekbeak.com spec.co/wp/wp-login.php static.addtoany.com tagmanager.google.com theviewer.co tour.giraffe360.com vars.hotjar.com Viewber vimeo.com www.accelevents.com www.dropbox.com www.googletagmanager.com www.icreatevr.com www.instagram.com www.madesnappy.co.uk www.photoplan.co.uk www.reevo360.com www.tidyworkdevelopment.co.uk https://drive.google.com/file/d/ https://kuula.co/share/collection/ https://my.matterport.com https://octavia-homes.vr-360-tour.com/ https://octavia.vr-360-tour.com https://orders.reevo360.com https://sketchfab.com/models/ https://sovereign-network-homes.vr-360-tour.com/ https://storage.viewit360.co.uk https://tidyworkdevelopment.co.uk/tidyworkdevelopment.co.uk/ https://tours.daviddaniels.co.uk/tour/ https://view.ricohtours.com/ https://vr.photoplan360.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.addtoany.com *.app-us1.com *.cloudflare.com *.crwdcntrl.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.gstatic.com *.here.com *.hotjar.com *.kuula.co *.onetrust.com *.pinimg.com *.spec.co *.theviewer.co *.twimg.com *.twitter.com *.vimeo.com assets.reflow.tv bs.serving-sys.com cdn.cookielaw.org cdn.ctnsnet.com cdn.jsdelivr.net cgitours.soresi.co.uk connect.facebook.net consentag.eu consentag.mgr.consensu.org embed360.s3.eu-west-2.amazonaws.com geolocation.onetrust.com i.ctnsnet.com insight.reflow.tv kuula.co network-homes.vr-360-tour.com notting-hill-genesis.vr-360-tour.com octavia.vr-360-tour.com secure-ds.serving-sys.com seekbeak.com spec.co tagmanager.google.com theviewer.co trackcmp.net www.accelevents.com www.googletagmanager.com www.instagram.com www.madesnappy.co.uk www.reevo360.com https://www.sharetobuy.com/wp 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://snap.licdn.com *.doubleclick.net assets.adobedtm.com www.googletagmanager.com app-script.monsido.com forms.cwp.gov.sg cse.google.com clients1.google.com *.google-analytics.com *.facebook.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com va.ecitizen.gov.sg assets.wogaa.sg https://*.dcube.cloud *.google.com.sg *.googleadservices.com *.vica.gov.sg https://analytics.google.com/ 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com assets.wogaa.sg https://assets.dcube.cloud/fonts/ *.vica.gov.sg www.googletagmanager.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: *.doubleclick.net https://px.ads.linkedin.com https://tracking.monsido.com *.vica.gov.sg wogadobeanalytics.sc.omtrdc.net *.adsymptotic.com https://cm.everesttech.net/ https://dpm.demdex.net/ forms.cwp.gov.sg www.google.com www.google.com.sg clients1.google.com va.ecitizen.gov.sg *.google-analytics.com *.facebook.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com *.googleadservices.com https://analytics.google.com/ www.googletagmanager.com blob: 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com assets.wogaa.sg https://assets.dcube.cloud/fonts/ va.ecitizen.gov.sg s3-us-west-2.amazonaws.com *.vica.gov.sg data:; frame-src https://*.demdex.net/ *.facebook.com forms.cwp.gov.sg www.youtube.com *.onemap.sg *.onemap.gov.sg cse.google.com *.doubleclick.net online.pubhtml5.com *.google.com *.gstatic.com 'self' web-chat.nativechat.com; connect-src accounts.google.com *.facebook.com *.doubleclick.net snowplow-sentiments.wogaa.sg api.sentiments.wogaa.sg dpm.demdex.net snowplow-web.wogaa.sg https://*.dcube.cloud va.ecitizen.gov.sg *.mktoresp.com *.google-analytics.com *.vica.gov.sg wss://chat.vica.gov.sg/ https://analytics.google.com/ 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com web.facebook.com badge.stumbleupon.com *.facebook.com https://forms.cwp.gov.sg 'self' web-chat.nativechat.com 1
default-src 'none';               script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com apps.elfsight.com static.elfsight.com;               img-src * 'self' data: btckstaging.blob.core.windows.net btckstorage.blob.core.windows.net;               style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com www.gstatic.com;               connect-src 'self' www.google-analytics.com apps.elfsight.com;               font-src 'self' fonts.gstatic.com;               frame-src *;               frame-ancestors 'self' https://www.denbowlingclub.co.uk https://denbowlingclub.co.uk http://www.aftereightsocialclub.co.uk/ http://aftereightsocialclub.co.uk/ http://www.garstangfairtrade.org.uk/ http://garstangfairtrade.org.uk/ http://www.merlinbraewaterski.co.uk/ http://merlinbraewaterski.co.uk/ http://dmsa.org.uk http://www.dmsa.org.uk http://www.busheyandoxhey-methodist.org.uk http://www.samcbh.org.uk http://www.cpsomc.org.uk http://stockportwalkingoutdoor.org.uk http://www.stockportwalkingoutdoor.org.uk http://www.garstangmillenniumgreen.org.uk; 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.etracker.com 1
default-src 'self' *.kinoplan.io; report-uri https://sentry.kinoplan.tech/api/13/csp-report/?sentry_key=79a56ddb03474a1eb318c77391692ec1; connect-src 'self' *.kinoplan24.ru *.kinoplan.io wss://* mc.yandex.ru mc.yandex.com www.google-analytics.com https://ssl.google-analytics.com https://sentry.kinoplan.tech https://servicedesk.dcp24.ru https://stats.g.doubleclick.net *.jivo.ru *.jivosite.com; child-src blob: 'self' mc.yandex.ru mc.yandex.com; style-src 'self' 'unsafe-inline' https: data: blob: *.kinoplan.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kinoplan.io ssl.google-analytics.com www.google-analytics.com mc.yandex.ru mc.yandex.com captcha-api.yandex.ru https://tagmanager.google.com/ https://www.googletagmanager.com https://cdn.nolt.io/ *.jivo.ru *.jivosite.com; img-src blob: 'self' ssl.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com www.google-analytics.com mc.yandex.ru mc.yandex.com *.dcp24.ru *.kinoplan24.ru kinoplan24.ru *.kinoplan.io kinoplan.io kinoplan.ru img.youtube.com data: *.jivo.ru *.jivosite.com; font-src 'self' https://fonts.gstatic.com *.kinoplan.io; frame-src 'self' *.kinoplan24.ru *.dcp24.ru *.kinoplan.io blob: mc.yandex.ru mc.yandex.com captcha-api.yandex.ru https://www.youtube.com https://kinoplan.nolt.io https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://webvisor.com; media-src 'self' https:; worker-src blob: 'self' 1
frame-ancestors https://*.aosfatos.org https://*.aosfatos.dev http://localhost:3000 1
frame-ancestors 'self' *.moneyam.com *.ajbell.co.uk *.ajbbuild.uk; 1
script-src 'self' https://*.google.com https://js.monitor.azure.com https://www.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://*.msecnd.net 'unsafe-inline' 'unsafe-eval'; object-src 'none'; 1
default-src 'self'; connect-src *; font-src 'self' data:; frame-src *; img-src data: *; media-src *; object-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://*.spotdraft.com http://localhost:4200 1
script-src 'nonce-2kfrnwy/68nSCzz87u4zgPYfh9pUxAknrGavyFNwh9c=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:; object-src 'none'; base-uri 'none'; 1
default-src 'self' * 'unsafe-inline' data:; frame-ancestors https://www.bursamarketplace.com/ https://v2.bursamarketplace.com/ 1
default-src 'self' https://pgfilexchange.partnersgroup.com/ https://staticcontents.investis.com https://media.idigitalcontents.com https://fonts.gstatic.com *.analytics.google.com *.google.com *.google-analytics.com fonts.googleapis.com viz.tools.investis.com edge.api.brightcove.com;  img-src 'unsafe-inline' data: *;  frame-src 'self' https://www.googletagmanager.com/ https://ir.connectidfeed.com/en/partners-group-share-price-center https://consentcdn.cookiebot.com/ *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net https://td.doubleclick.net www.youtube.com https://www.youtube.com https://www.google.com viz.tools.investis.com player.vimeo.com irs.tools.investis.com otp.tools.investis.com;  style-src 'self' 'unsafe-inline' 'unsafe-eval' https://ir-api.eqs.com/storage/ir/4a0d51/tools/489a9c4f-26df-40ed-b883-5acca71010bb/build/bundle.css *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net https://ir-api.eqs.com/storage/ir/a7ab4a/tools/69f5cba0-6602-4b52-98d0-e839185bdf66/build/bundle.css https://p.typekit.net https://use.typekit.net/zwy1nua.css www.googletagmanager.com https://api.mapbox.com https://assets.investisdigital.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://viz.tools.investis.com;  font-src 'self' 'unsafe-inline' data: fonts.idigitalcontents.com fonts.googleapis.com https://fonts.gstatic.com *;  script-src 'self' irpages2.eqs.com 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com https://www.gstatic.com/recaptcha/releases/07g0mpPGukTo20VqKa8GbTSw/recaptcha__en.js%27 https://www.gstatic.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.analytics.google.com *.google.com *.google-analytics.com  https://www.gstatic.com/recaptcha/releases/QquE1_MNjnFHgZF4HPsEcf_2/recaptcha__en.js https://consent.cookiebot.com/logconsent.ashx https://consent.cookiebot.com/ab59a161-f727-4cea-894a-854fcc700d5c/cc.js https://consent.cookiebot.com/Scripts/widget.min.js https://consent.cookiebot.com/Scripts/widgetIcon.min.js https://consentcdn.cookiebot.com/consentconfig/ab59a161-f727-4cea-894a-854fcc700d5c/state.js  https://consentcdn.cookiebot.com/consentconfig/ab59a161-f727-4cea-894a-854fcc700d5c/partnersgroup-corp.cd.invdcloud-is.co.uk/configuration.js https://consentcdn.cookiebot.com/consentconfig/ab59a161-f727-4cea-894a-854fcc700d5c/*/configuration.js https://consentcdn.cookiebot.com/consentconfig//partnersgroup-corp.cm.invdcloud-is.co.uk/configuration.js https://www.gstatic.com/recaptcha/releases/vj7hFxe2iNgbe-u95xTozOXW/recaptcha__en.js https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/recaptcha__en.js https://www.gstatic.com/recaptcha/releases/x5WWoE57Fv0d6ATKsLDIAKnt/recaptcha__en.js https://ir-api.eqs.com cdn.jsdelivr.net https://unpkg.com/axios@1.6.5/dist/axios.min.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/MHBiAvbtvk5Wb2eTZHoP1dUd/recaptcha__en.js https://www.google.com/recaptcha/api.js https://ir-api.eqs.com/storage/ir/a7ab4a/tools/69f5cba0-6602-4b52-98d0-e839185bdf66/build/bundle.js https://ir-api.eqs.com/storage/ir/a7ab4a/tools/69f5cba0-6602-4b52-98d0-e839185bdf66/index.js https://consent.cookiebot.com/ab59a161-f727-4cea-894a-854fcc700d5c/cdreport.js https://consentcdn.cookiebot.com/consentconfig/bb420960-f816-406b-856a-e9060cafa4ad/partnersgroup-corp.cm.invdcloud-is.co.uk/configuration.js https://consentcdn.cookiebot.com/consentconfig/bb420960-f816-406b-856a-e9060cafa4ad/partnersgroup-corp.cd.invdcloud-is.co.uk/configuration.js https://consentcdn.cookiebot.com/consentconfig/bb420960-f816-406b-856a-e9060cafa4ad/*/configuration.js https://consent.cookiebot.com/ab59a161-f727-4cea-894a-854fcc700d5c/cd.js https://consent.cookiebot.com/bb420960-f816-406b-856a-e9060cafa4ad/cc.js https://unpkg.co/gsap@3/dist/gsap.min.js https://unpkg.com/gsap@3/dist/ScrollTrigger.min.js https://cdnjs.cloudflare.com/ajax/libs/bodymovin/5.12.2/lottie_light.min.js https://cdn.jsdelivr.net/npm/jquery@3.6.0/dist/jquery.min.js https://consent.cookiebot.com/* https://cdn.jsdelivr.net/npm/locomotive-scroll@beta/bundled/locomotive-scroll.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js https://cdn.jsdelivr.net/npm/locomotive-scroll@beta/bundled/locomotive-scroll.min.js https://cdn.jsdelivr.net/npm/swiper@10/swiper-bundle.min.js https://cdn.jsdelivr.net/npm/vue@3.4.15/dist/vue.global.prod.js https://consent.cookiebot.com/uc.js https://consentcdn.cookiebot.com/consentconfig//partnersgroup-corp.cd.invdcloud-is.co.uk/configuration.js; connect-src 'self' https://consentcdn.cookiebot.com/widgetcontent/ab59a161-f727-4cea-894a-854fcc700d5c/widgetcontent_en.json *.analytics.google.com *.google.com *.google-analytics.com stats.g.doubleclick.net https://consentcdn.cookiebot.com/widgetcontent/ab59a161-f727-4cea-894a-854fcc700d5c/widgetcontent_default.json https://consentcdn.cookiebot.com/consentconfig/ab59a161-f727-4cea-894a-854fcc700d5c/settings.json https://irpages2.eqs.com/websites/swissfeed/English/4/json-feed.html tools.cms-eqs.com https://irs.tools.investis.com https://cdn.linkedin.oribi.io analytics.google.com https://api.mapbox.com https://assets.investisdigital.com https://edge.api.brightcove.com https://pagead2.googlesyndication.com https://www.google-analytics.com https://cookiemanager.investisdigital.com https://geoid.investisdigital.com viz.tools.investis.com;  object-src 'self';  base-uri;  form-action 'self'; 1
report-uri /_csp;default-src 'self';style-src 'self' 'unsafe-inline' https://*.googleapis.com https://fonts.soundestlink.com https://tagmanager.google.com https://www.googletagmanager.com https://fonts.googleapis.com https://*.mailerlite.com https://*.typekit.net/ https://getsnap.eu/ https://*.cookiehub.net https://*.cookiehub.com https://*.cookiehub.eu https://cookiehub.net https://getsnap.tech https://storage.tellq.io;font-src 'self' https://*.gstatic.com https://*.typekit.net/ data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://getsnap.eu/ https://fonts.soundestlink.com;img-src 'self' data: http: https: blob:;script-src 'self' https://www.googletagmanager.com https://*.google-analytics.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://snap.licdn.com/ https://*.facebook.net https://*.typekit.net/ https://*.tellq.io https://*.livechatinc.com https://omnisrc.com https://*.omnisend.com https://*.omnisendlink.com https://*.soundestlink.com https://*.cookiebot.com https://*.mailerlite.com https://*.newrelic.com https://*.nr-data.net https://omnisnippet1.com https://getsnap.eu/ https://*.getsnap.me/ https://cookiehub.net https://*.cookiehub.eu https://getsnap.tech https://skaiciuokles.inbank.lt https://*.eskimi.com https://*.lupasearch.com https://*.googlesyndication.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-eval' 'unsafe-inline';script-src-elem 'self' https://www.googletagmanager.com https://*.google-analytics.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://snap.licdn.com/ https://*.facebook.net https://*.typekit.net/ https://*.tellq.io https://*.livechatinc.com https://omnisrc.com https://*.omnisend.com https://*.omnisendlink.com https://*.soundestlink.com https://*.cookiebot.com https://*.mailerlite.com https://*.newrelic.com https://*.nr-data.net https://omnisnippet1.com https://getsnap.eu/ https://*.getsnap.me/ https://cookiehub.net https://*.cookiehub.eu https://getsnap.tech https://skaiciuokles.inbank.lt https://*.eskimi.com https://*.lupasearch.com https://*.googlesyndication.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-eval' 'unsafe-inline';frame-src 'self' https://*.cookiebot.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.doubleclick.net https://led-labs.eu https://*.livechatinc.com https://www.facebook.com www.youtube.com https://*.google.com http://*.vimeo.com https://*.mailerlite.com https://subscribepage.com https://omniform1.com https://lemona.reeco.info/ https://www.marketing.patona.de/;frame-ancestors 'none';connect-src 'self' https://*.lupasearch.com https://www.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.doubleclick.net https://*.facebook.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://multi-api-v3.tellq.io https://*.tellq.io https://*.livechatinc.com https://omnisrc.com https://p.osent.me https://*.omnisendlink.com https://*.soundestlink.com https://*.cookiebot.com https://*.nr-data.net https://o332115.ingest.sentry.io/ https://getsnap.eu/ https://*.getsnap.me/ https://*.cookiehub.net https://getsnap.tech https://live.tellq.io:* wss://live.tellq.io:* wss://chat.tellq.io:* https://skaiciuokles.inbank.lt https://*.eskimi.com https://cdn.linkedin.oribi.io https://*.googlesyndication.com https://*.ads.linkedin.com 1
frame-ancestors 'self' https://flemingcollege.ca https://*.flemingcollege.ca https://*.flemingc.on.ca:* https://fleming.desire2learn.com; 1
frame-ancestors 'self' bklinktraining.docebosaas.com www.burgerkinguniversity.com 1
default-src 'self' 'unsafe-inline' *.cookie-script.com *.snapwidget.com snapwidget.com *.tiktokv.com www.google.com data: *.bkv.hu *.snapwidget.com *.google-analytics.com *.facebook.com *.fbcdn.net *.fburl.com fburl.com *.ttwstatic.com www.tiktok.com *.tiktok.com *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdn.jsdelivr.net www.googletagmanager.com connect.facebook.net *.facebook.com *.fbcdn.net *.fburl.com fburl.com www.tiktok.com *.tiktok.com *.tiktokv.com cdn.cookie-script.com *.google-analytics.com *.newrelic.com *.ttwstatic.com *.cookie-script.com *.snapwidget.com; 1
default-src 'self' https://cms.powned.tv https://www.powned.tv https://cookies.powned.tv https://sentry.fabrique.nl https://apis.dev.avrotros.io https://apis.avrotros.io https://apis.avrotros.nl https://*.run.app/ https://*.powned.tv ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* https://nmonpoendpoint.2cnt.net blob: https://cms.powned.tv https://www.powned.tv https://cookies.powned.tv https://sentry.fabrique.nl https://apis.dev.avrotros.io https://apis.avrotros.io https://apis.avrotros.nl https://*.run.app/ https://*.powned.tv ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* https://*.googleusercontent.com https://*.google-analytics.com https://www.googletagmanager.com https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://*.fontawesome.com https://*.gstatic.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.youtube.com https://*.vimeo.com https://*.instagram.com https://*.ster.nl https://*.optoutadvertising.com https://www.riddle.com https://*.akamaized.net; font-src * data: https://fonts.gstatic.com https://*.fontawesome.com; img-src * data: 'report-sample'; script-src data: 'unsafe-inline' 'unsafe-eval' https://cms.powned.tv https://www.powned.tv https://cookies.powned.tv https://sentry.fabrique.nl https://apis.dev.avrotros.io https://apis.avrotros.io https://apis.avrotros.nl https://*.run.app/ https://*.powned.tv ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* https://*.googleusercontent.com https://*.google-analytics.com https://www.googletagmanager.com https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://*.npo-data.nl https://tag.aticdn.net https://nmonpoendpoint.2cnt.net https://kmnl.tns-nipo.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.youtube.com https://*.instagram.com https://*.ster.nl https://*.optoutadvertising.com https://*.ampproject.net https://cdn.ampproject.org https://polyfill.io https://*.fontawesome.com https://*.gstatic.com https://www.riddle.com 'report-sample'; style-src * 'unsafe-inline' 'report-sample'; media-src * blob: https://cms.powned.tv https://www.powned.tv https://cookies.powned.tv https://sentry.fabrique.nl https://apis.dev.avrotros.io https://apis.avrotros.io https://apis.avrotros.nl https://*.run.app/ https://*.powned.tv ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:*; frame-src *; object-src https://*.spotify.com https://media-service.vara.nl https://media.vara.nl https://player.vimeo.com https://w.soundcloud.com https://*.powned.nl https://radiobox2.omroep.nl https://icij.org https://projects.icij.org https://medicaldevices.icij.org https://medicaldevices-staging.cloud.icij.org https://*.tweedekamer.nl https://players.brightcove.net https://localfocus2.appspot.com https://localfocuswidgets.net https://*.calconic.com https://public.flourish.studio https://flo.uri.sh; base-uri 'self'; form-action 'self' 'report-sample'; manifest-src 'self' https://accounts.google.com; worker-src 'self' 1
frame-ancestors 'self' *.mercyone.org *.authorize.net; 1
... 1
frame-ancestors 'self'; script-src 'self' veeva.link *.veeva.link cookiebot.com *.cookiebot.com platform.twitter.com *.platform.twitter.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com; worker-src 'self' blob: 1
require-trusted-types-for 'script';report-uri /_/PlayStoreUi/cspreport 1
object-src 'none'; frame-ancestors 'self'; report-uri http://yuurewards.com/en/report-uri/enforce 1
frame-ancestors bbs.elecfans.com www.elecfans.com www.hqchip.com tongji.baidu.com www.hqpcb.com smt.hqchip.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.underskrift.no s.ytimg.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com ajax.aspnetcdn.com ng-multikanal-admin-cdn.azureedge.net *.reachmee.com kiwi-norge.mynewsdesk.com execution-ci360.kiwi.no *.ci360.sas.com norgesgruppen.containers.piwik.pro; connect-src 'self' *.sylinder.no *.ngdata.no *.trumf.no  *.cloudinary.com *.screen9.com ngdapidev.azure-api.net ng-azure-rest-api-preprod.azurewebsites.net ng-azure-rest-api-prod.azurewebsites.net ng-events.servicebus.windows.net dc.services.visualstudio.com data.brreg.no www.google-analytics.com delivery-ci360.kiwi.no execution-ci360.kiwi.no *.ci360.sas.com *.google-analytics.com maps.googleapis.com norgesgruppen.piwik.pro; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com ng-multikanal-admin-cdn.azureedge.net; img-src 'self' bilder.ngdata.no data: res.cloudinary.com bilder.ngdata.no maps.gstatic.com maps.googleapis.com *.google.com *.googleapis.com *.ggpht.com www.google-analytics.com *.screen9.com delivery-ci360.kiwi.no *.reachmee.com s.ytimg.com content-ci360.kiwi.no; font-src 'self' cdn.jsdelivr.net data: fonts.gstatic.com ng-multikanal-admin-cdn.azureedge.net; media-src 'self' blob: *.screen9.com; worker-src 'self' blob:; frame-ancestors 'self' *.ci360.sas.com; frame-src 'self' *.screen9.com kiwi-norge.mynewsdesk.com *.reachmee.com *.underskrift.no *.ci360.sas.com *.aerahost.com trumf-react-preprod.azurewebsites.net csfe-preprod.bankid.no; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rnv-online.de *.cookiebot.com www.google.com www.gstatic.com www.googletagmanager.com https://ajax.googleapis.com https://siteimproveanalytics.com https://cdn.siteimprove.net https://widget.solvemate.com https://player.podigee-cdn.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: https://*.rnv-online.de https://images.solvemate.com https://widget.solvemate.com https://*.siteimproveanalytics.io https://www.googletagmanager.com https://img.youtube.com https://i.ytimg.com https://imgsct.cookiebot.com; base-uri 'self' https://widget.solvemate.com; frame-src 'self' https://consentcdn.cookiebot.com *.youtube-nocookie.com *.rnv-online.de www.google.com https://widget.solvemate.com https://player.podigee-cdn.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; form-action 'self' https://www.rnv-online.de https://*.cleverreach.com; style-src 'self' 'unsafe-inline' *.cookiebot.com https://widget.solvemate.com https://player.podigee-cdn.net 'report-sample'; font-src 'self' data: https://*.rnv-online.de https://widget.solvemate.com https://player.podigee-cdn.net; worker-src blob:; connect-src 'self' https://www.rnv-online.de https://consentcdn.cookiebot.com https://api.solvemate.com https://widget.solvemate.com https://noembed.com; frame-ancestors 'self' https://*.rnv-online.de; report-uri https://www.rnv-online.de/@http-reporting?csp=report&requestTime=1721944816825704 1
connect-src *.rac.com.br *.gazetadepiracicaba.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; default-src *.rac.com.br *.gazetadepiracicaba.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; img-src *.rac.com.br *.gazetadepiracicaba.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; object-src *.rac.com.br *.gazetadepiracicaba.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; script-src *.rac.com.br *.gazetadepiracicaba.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; style-src *.rac.com.br *.gazetadepiracicaba.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; worker-src *.rac.com.br *.gazetadepiracicaba.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline' 1
default-src 'self';    script-src 'self' https://*.azirevpn.com/ 'unsafe-eval' 'unsafe-inline';    style-src 'self' 'unsafe-inline';    connect-src 'self' https://*.azirevpn.com/;    img-src 'self' blob: data:;    font-src 'self';    object-src 'none';    base-uri 'self';    form-action 'self';    frame-ancestors 'none';    upgrade-insecure-requests; 1
connect-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com px.ads.linkedin.com pagead2.googlesyndication.com cdn.linkedin.oribi.io c2.ktxlytics.io bat.bing.com wss://*.hotjar.com *.clarity.ms *.hotjar.com *.hotjar.io *.doubleclick.net *.googleadservices.com *.google.com *.qualtrics.com *.crazyegg.com naviwebapp.nyc3.digitaloceanspaces.com *.google-analytics.com *.googleapis.com *.gstatic.com;default-src 'self' *.googleapis.com *.gstatic.com *.google.com *.hotjar.com naviwebapp.nyc3.digitaloceanspaces.com *.navconfig.com;frame-src 'self' *.youtube.com *.ytimg.com *.hotjar.com *.doubleclick.net *.krxd.net *.googlesyndication.com *.internationaltrucks.com *.lpsnmedia.net *.liveperson.net  *.google.com *.digitaloceanspaces.com *.facebook.com *.buzzsprout.com *.navconfig.com *.google.ca;img-src 'self' *.addthis.com *.addthisedge.com *.moatads.com *.googleapis.com *.gstatic.com fonts.gstatic.com data: *.youtube.com *.ytimg.com *.doubleclick.net *.google-analytics.com px.ads.linkedin.com mid.rkdms.com simage2.pubmatic.com secure.adnxs.com c2.ktxlytics.io ib.adnxs.com analytics.twitter.com *.clarity.ms navinventorynew.blob.core.windows.net *.azureedge.net *.heapanalytics.com parts-cdn.fleetrite.com *.google.com *.facebook.com *.bing.com *.adsrvr.org *.demdex.net t.co *.linkedin.com *.krxd.net *.adsymptotic.com *.mookie1.com *.googletagmanager.com *.internationaltrucks.com *.jivox.com *.rlcdn.com *.agkn.com *.hotjar.com *.crwdcntrl.net *.thebrighttag.com *.addthis.com *.addthisedge.com *.moatads.com *.googleapis.com *.gstatic.com fonts.gstatic.com *.youtube.com *.ytimg.com *.doubleclick.net *.google-analytics.com *.google.ca;media-src 'self' *.youtube.com *.ytimg.com *.lpsnmedia.net *.liveperson.net *.google.com;script-src 'self' *.addthis.com *.addthisedge.com *.moatads.com cdnjs.cloudflare.com *.google-analytics.com code.jquery.com *.youtube.com *.ytimg.com *.googleapis.com *.gstatic.com www.googletagmanager.com 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.cloudfront.net trackit.ktxlytics.io *.clarity.ms unpkg.com *.crazyegg.com *.hotjar.com *.heapanalytics.com *.ytimg.com *.google.com *.doubleclick.net *.bing.com *.facebook.net *.googleadservices.com *.licdn.com *.krxd.net *.ads-twitter.com *.dstillery.com *.siteintercept.qualtrics.com *.pardot.com *.linkedin.com *.demdex.net *.media6degrees.com *.twitter.com *.googlesyndication.com *.jivox.com  cdn.siteimprove.net *.qualtrics.com *.addthis.com *.addthisedge.com *.moatads.com cdnjs.cloudflare.com *.google-analytics.com code.jquery.com *.youtube.com *.googleapis.com *.gstatic.com www.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.buzzsprout.com;style-src 'self' *.googleapis.com *.gstatic.com 'unsafe-inline' *.google.com; 1
default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' https://www.google.com; frame-ancestors 'self' *.masternautconnect.com:* *.connectedfleet.michelin.com:*; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; upgrade-insecure-requests; 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' content.mql5.com https://google.com https://post.foreximf.com https://www.google.com https://maps.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://google-analytics.com https://ssl.google-analytics.com https://googletagmanager.com https://www.googletagmanager.com https://youtube.com https://www.youtube.com https://connect.facebook.net https://www.google-analytics.com https://www.google.co.id https://www.facebook.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net/; worker-src 'self' blob:  'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://cdn.ampproject.org/; 1
script-src 'self' 'unsafe-inline' https://*.vimeo.com https://*.youtube.com https://*.googletagmanager.com https://*.google-analytics.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://maps.googleapis.com https://cdn.jsdelivr.net; object-src 'self'; frame-src https://www.googletagmanager.com/ https://*.google.com/ https://www.youtube.com https://www.youtube.com/embed https://vimeo.com https://player.vimeo.com https://api.nasdaqomx.wallst.com https://crowncork.gcs-web.com; child-src https://www.youtube.com https://www.youtube.com/embed https://vimeo.com https://player.vimeo.com https://api.nasdaqomx.wallst.com https://crowncork.gcs-web.com; report-uri /report-csp-violation 1
frame-ancestors 'self' *.umcchurches.org https://trinityoran.org https://enfieldum.org https://canaanum.org https://umclowell.org http://wesleychapelumcreidsville.org 1
default-src 'self';connect-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://firebase.googleapis.com https://firebaseinstallations.googleapis.com https://*.intercom.io https://*.intercomcdn.com wss://nexus-websocket-a.intercom.io https://widgets.marqeta.com/ https://api.levelcard.co.uk/ https://api.ideal-postcodes.co.uk/;script-src 'unsafe-inline' 'self' https://widgets.marqeta.com/ https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.intercom.io https://*.intercomcdn.com https://*.appsflyer.com;style-src 'self' 'unsafe-inline' https://widgets.marqeta.com/;frame-src 'self' 'nonce-NGIwNTA1Y2EtYWQ1Yi00ZTZkLTk2MzItOTE2OWM2Nzc4YTQz' https://widgets.marqeta.com/;img-src 'self' https://www.google-analytics.com https://*.facebook.com https://*.intercomcdn.com https://*.intercomassets.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
font-src *.yotpo.com *.gstatic.com *.klevu.com *.googletagmanager.com *.headcovers.com *.userway.org *.hotjar.com *.paypalobjects.com *.klaviyo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.facebook.com *.googletagmanager.com *.headcovers.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com https://api.boldcommerce.com *.facebook.com *.addthis.com *.headcovers.com *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.googletagmanager.com *.paypalobjects.com *.doubleclick.net *.hotjar.com *.userway.org *.freshchat.com *.instagram.com *.vimeo.com saasphoto.com *.commercepartnerhub.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.yotpo.com https://static.boldcommerce.com https://static.xx.fbcdn.net *.kaltura.com *.userway.org *.facebook.com *.klevu.com *.bing.com *.headcovers.com *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.googletagmanager.com *.shopperapproved.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.ytimg.com *.hotjar.com *.clarity.ms *.searchspring.net *.searchspring.io *.cloudfront.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com flagpedia.net https://redchamps.com maps.gstatic.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.yotpo.com https://api.boldcommerce.com https://static.xx.fbcdn.net https://connect.facebook.net https://cdnjs.cloudflare.com https://cashier.boldcommerce.com/assets/experience/flow_sdk.js *.userway.org *.facebook.com *.facebook.net *.headcovers.com *.addthisedge.com *.addthis.com *.moatads.com *.azureedge.net *.google.com *.gstatic.com *.klevu.com *.bing.com *.hotjar.com *.shopperapproved.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.googleadservices.com *.doubleclick.net *.freshchat.com *.instagram.com *.clarity.ms *.searchspring.io *.searchspring.net *.kaltura.com *.chimpstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdn.searchspring.net/intellisuggest/is.min.js maps.googleapis.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.yotpo.com *.klevu.com *.googletagmanager.com *.google.com *.headcovers.com *.userway.org *.freshchat.com *.hotjar.com *.searchspring.io *.searchspring.net *.shopperapproved.com *.klaviyo.com *.doubleclick.net https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'none'; media-src *.adobe.com blob: data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ *.yotpo.com https://api.boldcommerce.com https://api.staging.boldcommerce.com https://cashier.boldcommerce.com https://graph.facebook.com https://secure.boldcommerce.com https://secure.staging.boldcommerce.com *.userway.org *.signifyd.com https://bt.signifyd.com:11103 *.klevu.com *.headcovers.com *.core.windows.net *.4-tell.net *.paypal.com *.doubleclick.net *.bing.com *.google-analytics.com *.googletagmanager.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.ksearchnet.com *.facebook.com *.clarity.ms *.googleapis.com *.searchspring.io *.kaltura.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.gstatic.com https://beacon.searchspring.io/beacon https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.headcovers.com; report-to report-endpoint; 1
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; upgrade-insecure-requests; 1
frame-ancestors 'self' eu.opencitiesplanner.bentley.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: discord.com e.widgetbot.io *.helpscout.net *.360yield.com bing.com *.bing.com youtube.com *.youtube.com *.wistia.net wistia.net wistia.com *.wistia.com cdn.ampproject.org happyfoxchat.com *.happyfoxchat.com *.dianomi.com tiktok.com *.tiktok.com decide.dev *.decide.dev itstracking.com *.itstracking.com *.optipub.com *.angelpub.com *.angelnexus.com *.wealthdaily.com *.energyandcapital.com *.outsiderclub.com *.protradertoday.com *.longevityinsiderhq.com *.greenchipstocks.com *.gstatic.com *.googletagmanager.com *.google.com google.com anchor.fm *.google-analytics.com *.googleadservices.com *.googleapis.com *.googleusercontent.com *.googleoptimize.com *.blueconic.net *.doubleclick.net pd.trysera.com *.cloudflare.com *.criteo.net *.criteo.com addevent.com *.addevent.com *.bootstrapcdn.com *.rawgit.com *.github.io *.jquery.com *.pingdom.net *.taboola.com *.outbrain.com *.hotjar.com *.yahoo.com *.liadm.com *.yimg.com *.twimg.com *.twitter.com *.ads-twitter.com *.pinimg.com *.pinterest.com *.onesignal.com onesignal.com *.litix.io *.soundcloud.com *.akamaihd.net *.amzglt.com amzglt.com t.co lockerdome.com trk.lockerdome.com *.zedo.com cm.mgid.com *.go2cloud.org bbm.iljmp.com secure.verifiedlink.net px.khmtrack.com tracking.imspublishergroup.com cdn.jsdelivr.net powerinboxedge.com *.powerinboxedge.com lockerdomecdn.com *.lockerdomecdn.com *.norton.com *.facebook.net *.facebook.com *.gravatar.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; style-src 'self' 'unsafe-inline' onesignal.com *.github.io *.twitter.com *.twimg.com cdn.jsdelivr.net *.outsiderclub.com *.energyandcapital.com *.wealthdaily.com *.angelpub.com *.protradertoday.com *.longevityinsiderhq.com *.greenchipstocks.com *.bootstrapcdn.com *.googleapis.com; 1
default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-eval' 'unsafe-inline' https:; style-src 'unsafe-inline' https:; worker-src https: data: blob:; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https: data:; object-src 'none'; img-src 'self' https: data:; frame-ancestors 'none'; base-uri 'none'; form-action 'self' https://analyze.file.org/analyze/it; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://gum.criteo.com https://fledge.eu.criteo.com blob: https://www.provenance.org https://app.qubit.com https://tr6.snapchat.com https://www.pinterest.com https://www.pinterest.co.uk https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://ct.pinterest.com https://*.contentsquare.net https://api.provenance.org https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.storystream.ai https://*.pndsn.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://upload.uploadcare.com https://598nyfqkt7.execute-api.eu-west-1.amazonaws.com https://analytics.tiktok.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.myvegan.com https://*.vimeocdn.com https://*.akamaized.net https://*.pndsn.com https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://d3g5d7323c2i6m.cloudfront.net https://player.vimeo.com https://tr.snapchat.com https://*.criteo.com https://*.criteo.net https://sgtm.myvegan.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.myvegan.com https://m.myvegan.com https://checkout.myvegan.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-video.akamaized.net https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai https://download-media.akamaized.net https://*.myvegan.com https://*.vimeocdn.com https://player.vimeo.com https://*.akamaized.net https://*.vimeocdn.com blob: https://*.myvegan.com; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://s.pinimg.com https://static.criteo.net https://*.criteo.com https://*.contentsquare.net https://app.contentsquare.com https://unpkg.com/@provenance/ https://apps.storystream.ai https://platform.twitter.com https://cdn.pubnub.com https://ucarecdn.com https://analytics.tiktok.com https://*.ibytedtos.com https://static.goqubit.com https://*.qubit.com https://cdn.pubnub.com https://tr.snapchat.com https://lantern.roeyecdn.com https://sgtm.myvegan.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' https://polarisxchange.com;base-uri 'self' https://md-scp.kampyle.com;connect-src 'self' https://polarisxchange.com wss://polarisxchange.com wss://*.polarisxchange.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://vc.hotjar.io https://*.trustarc.com https://*.kampyle.com https://*.medallia.eu https://www.google.com https://adservice.google.com https://logx.optimizely.com https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com auth.polaris.com auth.polaris.com/.well-known/jwks.json https://joydrive-otel-collector.herokuapp.com/v1/traces https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.bing.com https://*.clarity.ms https://us.js.logs.insight.rapid7.com https://www.facebook.com;frame-src 'self' https://polarisxchange.com https://*.octane.co https://octane.co https://vars.hotjar.com https://*.trustarc.com https://*.kampyle.com https://*.medallia.eu https://*.cdn.optimizely.com auth.polaris.com https://d8pvvu29xif4d.cloudfront.net https://*.auth0.com https://www.youtube.com https://www.youtube-nocookie.com https://js.stripe.com https://www.googletagmanager.com https://www.facebook.com https://datastudio.google.com https://lookerstudio.google.com;font-src 'self' https://polarisxchange.com https://script.hotjar.com https://*.kampyle.com https://*.medallia.eu https://*.trustarc.com https://fonts.gstatic.com;img-src 'self' https://polarisxchange.com https://prdpolvehicleinspecstg.blob.core.windows.net https://cdn-qa.polarisxchangecms.com https://cdn-qa.goreveocms.com https://polarisxchange.polarisapi.com https://cdn.polarisxchange.com https://cdn1.polaris.com https://static.hotjar.com https://script.hotjar.com https://*.trustarc.com https://*.kampyle.com https://*.medallia.eu https://di.rlcdn.com https://secure.gravatar.com https://alb.reddit.com https://reveo-prod-secure-uploads.s3.amazonaws.com https://s3.amazonaws.com/reveo-prod-secure-uploads/ https://s3.amazonaws.com/reveo-prod/ https://cdn1.polarisxchange.com https://*.auth0.com data: blob: https://i.ytimg.com https://*.google-analytics.com https://*.analytics.google.com https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.gstatic.com https://*.bing.com https://*.clarity.ms https://www.facebook.com https://connect.facebook.net https://api.twilio.com https://media.twiliocdn.com https://s3-external-1.amazonaws.com/media.twiliocdn.com;media-src 'self' https://polarisxchange.com ;object-src 'none';report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub7c083ead0672479e64a82fef3f5b31dd&dd-evp-origin=content-security-policy&ddsource=csp-report&env=production&heroku.app=reveo-prod&heroku.dyno=web.1&host=reveo-prod&platform=reveo&service=joydrive&version=34b4dea;report-to csp-endpoint;script-src 'report-sample' 'self' https://polarisxchange.com 'nonce-JFeS71ytqOBSI9jD104h1ZlVSNlGuPWT1lJLiKRBHEM=' 'unsafe-eval' https://ride-octane-api-sandbox.s3.us-west-2.amazonaws.com https://*.hotjar.com https://*.octane.co https://octane.co https://*.trustarc.com https://*.kampyle.com https://*.medallia.eu https://js.adsrvr.org https://secure.gravatar.com https://cdn.optimizely.com auth.polaris.com https://*.auth0.com https://js.stripe.com https://www.youtube.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.googleadservices.com https://bat.bing.com https://*.clarity.ms https://connect.facebook.net;style-src 'report-sample' 'self' https://polarisxchange.com 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://*.kampyle.com https://*.medallia.eu https://fonts.googleapis.com https://www.googletagmanager.com; 1
default-src 'self';  script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.ads-twitter.com *.twitter.com *.instagram.com *.ctfassets.net *.fullstory.com *.zdassets.com *.segment.com *.facebook.net *.nextdoor.com *.tvsquared.com *.doubleclick.net *.adsrvr.org *.bing.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleusercontent.com *.vercel-insights.com *.vercel.app *.vercel-scripts.com embedsocial.com *.smooch.io *.mypurecloud.com *.cloudfront.net *.cobrowse.io *.redditstatic.com *.clarity.ms aa.trkn.us *.hotjar.com *.adnxs.com *.shop.pe shop.pe addshoppers.s3.amazonaws.com cdn.id5-sync.com action.dstillery.com action.media6degrees.com analytics.tiktok.com static.hsappstatic.net vercel.live js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.usemessages.com www.datadoghq-browser-agent.com *.gstatic.com d2mjzob2nc713b.cloudfront.net gotrhythm.cdn1.safeopt.com *.dwin1.com *.gotrhythm.com *.simpli.fi *.kameleoon.com *.kameleoon.eu *.kameleoon.io;  child-src *.youtube.com *.google.com *.twitter.com *.facebook.com *.adsrvr.org *.doubleclick.net embedsocial.com vercel.live;  style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.googletagmanager.com embedsocial.com *.typekit.net *.vercel.live;  img-src * blob: data: *.ctfassets.net *.fbsbx.com *.googleusercontent.com smart-pixl.com *.fullstory.com;  object-src * blob: data:;  media-src 'self' *.zdassets.com *.ctfassets.net;  connect-src * *.browser-intake-datadoghq.com;  frame-src * 'self' blob: data: *.ctfassets.net *.gotrhythm.com;  frame-ancestors * 'self' *.gotrhythm.com;  font-src 'self' data: fonts.gstatic.com *.cloudflare.com *.typekit.net *.hotjar.com;  worker-src * 'self' blob: *.vercel.app;  manifest-src 'self' *.vercel.app; 1
img-src 'self' * blob: data:;script-src 'self' 'unsafe-eval' blob: cdnjs.cloudflare.com 1million.casino;default-src 'self' api-v2.psg777.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action 'self' https://*.paysera.com; base-uri 'none'; frame-ancestors https://athletics.lv; object-src https://athletics.lv https://i.athletics.lv https://test.athletics.lv 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'  https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js http://fonts.googleapis.com/css?family=Oswald:400,700 http://http://fonts.googleapis.com/css?family=PT+Sans:400,700 http://http://fonts.googleapis.com/css?family=Open+Sans:300,700 http://fonts.googleapis.com/earlyaccess/lohitdevanagari.css http://fonts.googleapis.com/css?family=Ek+Mukta:400,500,600andsubset=latin,devanagari 1
default-src 'self' *.facebook.com *.youtube.com *.google-analytics.com *.google.com stats.g.doubleclick.net *.cinetpay.com *.paynah.com; img-src 'self' *.google-analytics.com *.openstreetmap.org i.imgur.com stats.g.doubleclick.net *.cinetpay.com *.paynah.com data:; object-src *; script-src 'self' 'unsafe-inline' https://unpkg.com/leaflet@1.6.0/dist/leaflet.js *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.jquery.com *.unpkg.com *.kommunicate.io *.openstreetmap.org *.gstatic.com  *.cinetpay.com *.paynah.com; font-src 'self' *.googleapis.com *.gstatic.com *.cinetpay.com *.paynah.com; style-src 'self' 'unsafe-inline' https://unpkg.com/leaflet@1.6.0/dist/leaflet.css *.googleapis.com *.cinetpay.com *.paynah.com cdn.jsdelivr.net 1
frame-ancestors 'self' https://jionews.com/ https://jionewsdev1.jio.ril.com/ 1
default-src http://test.zigloi.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; frame-src 'self'; object-src 'none'; form-action 'self'; frame-ancestors 'none' 1
frame-ancestors 'self' https://virtualshowroom.lundboats.com https://grn-www.lundboats.com; 1
default-src 'self'; style-src-elem 'self' 'unsafe-inline' use.fontawesome.com https://code.jquery.com cdnjs.cloudflare.com eworkorders.com app.provely.io common.eworkorders.com me.kis.v2.scr.kaspersky-labs.com gc.kis.v2.scr.kaspersky-labs.com fonts.googleapis.com releases.flowplayer.org connect.facebook.net maxcdn.bootstrapcdn.com pro.fontawesome.com; style-src 'self' 'unsafe-inline' eworkorders.com  tdns.gtranslate.net releases.flowplayer.org me.kis.v2.scr.kaspersky-labs.com gc.kis.v2.scr.kaspersky-labs.com data.processwebsitedata.com fonts.googleapis.com connect.facebook.net maxcdn.bootstrapcdn.com pro.fontawesome.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://s3-us-west-2.amazonaws.com/b2bjsstore/b/ https://b-code.liadm.com/lc2.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ code.jquery.com cdnjs.cloudflare.com https://common.eworkorders.com seal.alphassl.com me.kis.v2.scr.kaspersky-labs.com gc.kis.v2.scr.kaspersky-labs.com releases.flowplayer.org s3.amazonaws.com www.youtube.com ajax.googleapis.com eworkorders.com b.sf-syn.com data.processwebsitedata.com prod.purechatcdn.com snap.licdn.com app.purechat.com www.googletagmanager.com www.google-analytics.com data.processwebsitedata.com connect.facebook.net maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' eworkorders.com seal.alphassl.com me.kis.v2.scr.kaspersky-labs.com gc.kis.v2.scr.kaspersky-labs.com releases.flowplayer.org www.youtube.com eworkorders.com b.sf-syn.com prod.purechatcdn.com snap.licdn.com app.purechat.com www.googletagmanager.com www.google-analytics.com data.processwebsitedata.com connect.facebook.net maxcdn.bootstrapcdn.com; connect-src 'self' tdns.gtranslate.net https://pro.ip-api.com https://alocdn.com/c/vn3d8u2u/a/xtarget/p.json https://*.execute-api.us-west-2.amazonaws.com yoast.com *.purechat.com app.provely.io idx.liadm.com www.facebook.com stats.g.doubleclick.net www.google-analytics.com; frame-src 'self' tdns.gtranslate.net www.googletagmanager.com *.rackcdn.com www.facebook.com https://www.google.com/ www.youtube.com youtu.be securityscorecard.com; font-src 'self' data: use.fontawesome.com static3.avast.com cdnjs.cloudflare.com releases.flowplayer.org fonts.gstatic.com eworkorders.com maxcdn.bootstrapcdn.com pro.fontawesome.com; img-src 'self' data: https://ct.capterra.com blob: cdn.gtranslate.net tdns.gtranslate.net code.jquery.com cdnjs.cloudflare.com www.eworkorders.com *.amazonaws.com s3.amazonaws.com app.provely.io releases.flowplayer.org p.adsymptotic.com www.gstatic.com www.facebook.com connect.facebook.net ps.w.org www.googletagmanager.com img.youtube.com px.ads.linkedin.com s.w.org i.ytimg.com secure.gravatar.com www.getapp.com images.eworkorders.com eworkorders.com google-analytics.com www.google-analytics.com www.facebook.com www.linkedin.com cdn.linkedin.oribi.io seal.alphassl.com; script-src-attr 'self' 'unsafe-inline'; media-src 'self' eworkorders.com app.provely.io *.rackcdn.com; worker-src 'self' blob:; frame-ancestors 'self' https://*.eworkorders.com; report-uri 1
default-src 'self' https:; font-src 'self' https: data: https://d1s8393lsf2lpw.cloudfront.net/; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 1
default-src * 'unsafe-inline' * 'unsafe-eval' *; script-src * 'unsafe-inline'  'self' 'unsafe-eval' 'self'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' *; font-src * 'unsafe-inline' * 'unsafe-eval' * data: * 'unsafe-inline' 'unsafe-eval' ; 1
frame-ancestors 'none';  default-src 'self'   http://*.skyvia.com:*   https://www.google-analytics.com   https://www.google.com   https://www.google.com.ua   https://static.zohocdn.com   https://disqus.com   https://*.disquscdn.com;  child-src 'self' 'unsafe-inline' 'unsafe-eval'   https://www.google-analytics.com   https://www.google.com   https://www.google.com.ua   https://www.youtube.com   https://px.ads.linkedin.com   https://www.facebook.com   https://www.facebook.com   https://salesiq.zohopublic.eu   https://*.hotjar.com   https://www.clarity.ms   https://forms.zohopublic.eu   https://disqus.com;  object-src 'none';  img-src 'self' data:   https://blog.skyvia.com   https://www.google.com   https://www.google.com.ua   https://www.google.es   https://www.google-analytics.com   https://*.lfeeder.com   https://www.facebook.com   https://px.ads.linkedin.com   https://css.zohocdn.com   https://salesiq.zohopublic.eu   https://p.adsymptotic.com   https://*.disqus.com   https://*.disquscdn.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval'   https://www.google-analytics.com   https://www.googletagmanager.com   https://www.googleadservices.com   https://*.disqus.com   https://googleads.g.doubleclick.net   https://code.jquery.com   https://cdnjs.cloudflare.com   https://salesiq.zoho.eu   https://js.zohostatic.eu   https://js.zohocdn.com   https://stackpath.bootstrapcdn.com   https://snap.licdn.com   https://connect.facebook.net   https://d3js.org   https://cdn.jsdelivr.net   https://*.hotjar.com   https://www.clarity.ms   https://*.lfeeder.com   https://www.google.com   https://www.gstatic.com;     connect-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' *;  style-src 'self' 'unsafe-inline'   https://css.zohostatic.eu   https://css.zohocdn.com;  font-src 'self'    http://*.skyvia.com:*   https://www.google-analytics.com   https://www.google.com   https://www.google.com.ua   https://css.zohocdn.com   https://fonts.gstatic.com; 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com www1.modainpelle.com; base-uri 'self'; object-src 'none' 1
frame-ancestors 'self' https://homebanking.aplusfcu.org/aplusfederalcreditunion/uux.aspx https://a-plus-federal-credit-union-ss.uat.mantl.com https://open.aplusfcu.org; 1
default-src https:; connect-src https:; font-src https: data:; frame-src https: adidas.kz:; frame-ancestors https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 1
default-src 'none';media-src https://media.equityapartments.com https://www.youtube.com;connect-src 'self' https://cdn.cookielaw.org https://ka-f.fontawesome.com https://maps.googleapis.com https://analytics.google.com https://www.google-analytics.com  https://stats.g.doubleclick.net https://www.youtube.com/;frame-src https://td.doubleclick.net https://6677643.fls.doubleclick.net https://www.youtube.com/ https://my.matterport.com/ https://viewer.panoskin.com/;form-action 'self';img-src * 'self' data: *;object-src 'none';sandbox allow-downloads allow-forms allow-modals allow-popups allow-popups-to-escape-sandbox allow-presentation allow-same-origin allow-scripts;base-uri 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.google.com ka-f.fontawesome.com www.youtube.com www.google.com maps.googleapis.com googleads.g.doubleclick.net tracker.marinsm.com bat.bing.com connect.facebook.net www.googleadservices.com maps.google.com ajax.googleapis.com code.jquery.com www.google-analytics.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.cookielaw.org www.googletagmanager.com kit.fontawesome.com cdn.cookielaw.org b.clarity.ms e.clarity.ms f.clarity.ms d.clarity.ms g.clarity.ms s.dca0.com;style-src-elem 'self' 'unsafe-inline' code.jquery.com fonts.googleapis.com www.google-analytics.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com ka-f.fontawesome.com; 1
default-src usim.beprod.cosentyx.com 'self'; style-src usim.beprod.cosentyx.com prod.cz.hcp.novartis.com *.googleapis.com fonts.gstatic.com 'self' 'unsafe-inline' kms-a.akamaihd.net *.doctor.com; script-src js-agent.newrelic.com/nr-rum-1.248.0.min.js usim.beprod.cosentyx.com prod.cz.hcp.novartis.com unpkg.com kaltura.com *.kaltura.com contextweb.com *.contextweb.com bat.bing.com *.doubleclick.net tags.tiqcdn.com ipredictive.com *.ipredictive.com 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googleapis.com *.pmsrv.co t.contentsquare.net app.contentsquare.com static.cloudflareinsights.com *.meta.net mediahub.novartis.com match.deepintent.com trc.lhmos.com secure.adnxs.com *.facebook.net analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com tagmanager.google.com *.tagmanager.google.com cdn.cookielaw.org widget.doctor.com; child-src blob:; worker-src blob:; object-src 'none'; font-src prod.cz.hcp.novartis.com fonts.gstatic.com *.kaltura.com 'self' data: application: *.doctor.com; img-src *.ipredictive.com *.contentsquare.net http: https: data: image: 'self'; frame-src contextweb.com *.contextweb.com bat.bing.com *.doubleclick.net servedby.flashtalking.com di.rlcdn.com 'self' cdnapisec.kaltura.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com tagmanager.google.com *.tagmanager.google.com *.doctor.com; connect-src usim.beprod.cosentyx.com bam.nr-data.net prod.cz.hcp.novartis.com *.google.com contextweb.com *.contextweb.com bat.bing.com *.doubleclick.net *.googleadservices.net stats.g.doubleclick.net *.contentsquare.net *.kaltura.com ws: 'self' *.googleapis.com *.tiqcdn.com cloudflareinsights.com trc.lhmos.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com tagmanager.google.com *.tagmanager.google.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com directory-service.consumerism.pressganey.com *.doctor.com; media-src usim.beprod.cosentyx.com kaltura.com *.kaltura.com blob: 'self'; frame-ancestors usim.beprod.cosentyx.com 'self' 1
base-uri 'self'; connect-src 'self' analytics.google.com bam.nr-data.net *.googleapis.com *.osano.com mindsumo.s3.amazonaws.com mindsumodev.s3.amazonaws.com region1.analytics.google.com stats.g.doubleclick.net www.google-analytics.com ws://localhost:3035; default-src 'none'; font-src 'self' data: d18qs7yq39787j.cloudfront.net d3ursa3zzwkanm.cloudfront.net fonts.gstatic.com; form-action 'self' export.highcharts.com; frame-ancestors 'none'; frame-src 'self' mindsumo.s3.amazonaws.com mindsumodev.s3.amazonaws.com td.doubleclick.net www.google.com www.recaptcha.net www.youtube.com go.mbopartners.com; img-src 'self' data: https:; manifest-src 'self'; script-src 'self' d18qs7yq39787j.cloudfront.net d3ursa3zzwkanm.cloudfront.net js-agent.newrelic.com *.osano.com translate.google.com *.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.recaptcha.net go.mbopartners.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' d18qs7yq39787j.cloudfront.net d3ursa3zzwkanm.cloudfront.net *.googleapis.com www.gstatic.com 'unsafe-inline'; worker-src *.osano.com blob:; report-uri /report_csp_violation; upgrade-insecure-requests 1
frame-ancestors 'self' https://www.hotjar.com/ https://insights.hotjar.com/ 1
frame-ancestors 'self' https://digital.broadway.bank https://architectuat.broadway.bank https://digitaltest.broadway.bank; 1
default-src 'self' https://ssl.google-analytics.com 'unsafe-inline'; img-src 'self' https://source.unsplash.com https://images.unsplash.com https://code.jquery.com; frame-ancestors 'none' 1
frame-src 'self' *.marketo.com *.spreedly.com *.reviews.io *.site24x7statusiq.com td.doubleclick.net; form-action 'self' *.marketo.com *.spreedly.com *.reviews.io *.site24x7statusiq.com;  1
default-src 'self'; manifest-src *; child-src 'none'; worker-src 'self'; frame-src https://youtube.com https://www.youtube.com https://platform.twitter.com https://embed.tidal.com https://w.soundcloud.com https://www.mixcloud.com https://open.spotify.com https://player.twitch.tv https://embed.music.apple.com https://embed.wavlake.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline'; connect-src *; img-src * data: blob:; font-src 'self'; media-src * blob:; script-src 'self' 'wasm-unsafe-eval' https://platform.twitter.com https://embed.tidal.com https://challenges.cloudflare.com; 1
frame-ancestors biz.icepeak.ai biz.typecast.ai; 1
frame-ancestors 'self' twg2022.com https://wdg.kinetic.com https://*.bhamnow.com https://*.thebamabuzz.com https://*.hvilleblast.com 1
child-src blob:; connect-src 'self' dc.services.visualstudio.com/v2/track westeurope-4.in.applicationinsights.azure.com bat.bing.com *.clarity.ms media.damen.com consent.cookie-script.com www.facebook.com *.google-analytics.com *.g.doubleclick.net/ *.analytics.google.com *.googletagmanager.com *.google.com *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com *.licdn.com *.linkedin.com *.orib.io *.tiles.mapbox.com api.mapbox.com events.mapbox.com gapi.storyblok.com/v1/api app.storyblok.com app.storyblok.com/f/storyblok-latest.js t.co analytics.twitter.com player.vimeo.com/api/player.js player.vimeo.com; default-src 'self' *.lfeeder.com *.leadfeeder.com; font-src 'self' fonts.gstatic.com tagmanager.google.com script.hotjar.com; frame-src www.facebook.com/tr/ bid.g.doubleclick.net vars.hotjar.com www.linkedin.com go.damen.com recaptcha.net player.vimeo.com www.youtube-nocookie.com www.youtube.com https://nl.eu.research.net/; img-src 'self' medialibrary.damen.com bat.bing.com c.bing.com *.clarity.ms res.cloudinary.com media.damen.com www.facebook.com *.google.nl *.google.com *.googletagmanager.com *.google-analytics.com www.google-analytics.com/collect ssl.gstatic.com www.gstatic.com *.analytics.google.com *.g.doubleclick.net maps.googleapis.com/ script.hotjar.com *.lfeeder.com *.leadfeeder.com *.linkedin.com *.licdn.com p.adsymptotic.com data: blob: a.storyblok.com t.co analytics.twitter.com; media-src media.damen.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.licdn.com app.storyblok.com app.storyblok.com/f/blokeditor.css; script-src 'self' 'nonce-WmNFB1' *.clarity.ms *.cookie-script.com connect.facebook.net/en_US/fbevents.js connect.facebook.net tagmanager.google.com *.googletagmanager.com www.gstatic.com/ www.google-analytics.com ssl.google-analytics.com www.recaptcha.net www.googleadservices.com www.google.com googleads.g.doubleclick.net static.hotjar.com script.hotjar.com *.lfeeder.com *.leadfeeder.com snap.licdn.com static-exp1.licdn.com content.linkedin.com platform.linkedin.com pi.pardot.com go.damen.com recaptcha.net/recaptcha/api.js app.storyblok.com app.storyblok.com/f/storyblok-latest.js player.vimeo.com/api/player.js player.vimeo.com; worker-src blob:; form-action www.facebook.com/tr; frame-ancestors app.storyblok.com 1
default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors * 1
default-src 'self' 'unsafe-inline' *.hrmdirect.com *.gstatic.com *.googleapis.com *.twitter.com *.linkedin.com *.google-analytics.com *.tchbpiconference.com *.checkimagecentral.com *.patentqualityinitiative.com *.freedomagreement.com *.tchconference.com;       script-src 'unsafe-eval' 'unsafe-inline' *.azureedge.net *.hrmdirect.com *.vimeo.com *.typekit.net *.googletagmanager.com *.ceros.com *.azurewebsites.net *.freedomagreement.com *.checkimagecentral.org *.patentqualityinitiative.com *.theclearinghouse.org *.twitter.com *.google-analytics.com *.linkedin.com *.googleapis.com *.tchbpiconference.com *.checkimagecentral.com *.patentqualityinitiative.com *.freedomagreement.com *.tchconference.com;       img-src 'self' *.googletagmanager.com *.typekit.net *.azureedge.net data: *.tchbpiconference.com *.checkimagecentral.com *.patentqualityinitiative.com *.freedomagreement.com *.tchconference.com *.theclearinghouse.org;       frame-src 'self' *.hrmdirect.com *.vimeo.com *.azurewebsites.net uid-c9b09fc9-06fb-4538-9a48-9aaa904e6e1e.azurewebsites.net *.google.com *.youtube.com *.ceros.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.twitter.com *.linkedin.com *.azurewebsites.net *.theclearinghouse.org *.googleapis.com *.azureedge.net *.tchbpiconference.com *.checkimagecentral.com *.patentqualityinitiative.com *.freedomagreement.com *.tchconference.com;       frame-ancestors 'self' *.azureedge.net *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com dev-cm.theclearinghouse.org dev.theclearinghouse.org uat-cm.theclearinghouse.org uat.theclearinghouse.org mc-e7e64852-0e90-4a63-9a83-1251-cd.azurewebsites.net mc-e7e64852-0e90-4a63-9a83-1251-cm.azurewebsites.net mc-f7994b58-2b12-4a97-b400-6337-cd.azurewebsites.net mc-f7994b58-2b12-4a97-b400-6337-cm.azurewebsites.net mc-e3a82812-8e7a-44d9-956f-8910-cd.azurewebsites.net *.tchbpiconference.com *.checkimagecentral.com *.patentqualityinitiative.com *.freedomagreement.com *.tchconference.com *.theclearinghouse.org;       font-src 'self' *.typekit.com *.typekit.net *.gstatic.com *.tchbpiconference.com *.checkimagecentral.com *.patentqualityinitiative.com *.freedomagreement.com *.tchconference.com *.theclearinghouse.org;       connect-src 'self' analytics.google.com *.google-analytics.com *.tchbpiconference.com *.checkimagecentral.com *.patentqualityinitiative.com *.freedomagreement.com *.tchconference.com;       media-src 'self' *.azureedge.net *.tchbpiconference.com *.checkimagecentral.com *.patentqualityinitiative.com *.freedomagreement.com *.tchconference.com *.theclearinghouse.org;         1
frame-ancestors www.medidata.com medidata.com next.medidata.com loc.medidata.com explorer.medidata.com https://*.mdsol.com test-medidata-next.pantheonsite.io dev-medidata-next.pantheonsite.io blog-medidata-corporate.pantheonsite.io dev-medidata-corporate.pantheonsite.io test-medidata-corporate.pantheonsite.io 26five-medidata-corporate.pantheonsite.io perf-medidata-corporate.pantheonsite.io tags-medidata-corporate.pantheonsite.io web.cvent.com mdsol.preview.salesforce-experience.com mdsol.live-preview.salesforce-experience.com mdsol.my.site.com *.3ds.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https:; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' data: *.voxbeam.com *.voxbeam.co.uk *; 1
default-src: 'self' 'unsafe-inline' 'unsafe-eval' https://*.inductiveautomation.com https://*.inductiveuniversity.com https://icccdn.s3.amazonaws.com https://icccdn-production.s3.amazonaws.com https://icccdn-staging.s3.amazonaws.com https://code.jquery.com https://*.wistia.com http://*.embedwistia-a.akamaihd.net https://*.typekit.net https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.opentracker.net https://*.crazyegg.com https://*.litix.io https://*.marketo.net https://*.mktoresp.com https://*.facebook.net https://*.linkedin.com https://*.stripe.com https://*.stripe.network https://*.akamaized.net  https://*.vimeocdn.com https://*.vimeo.com https://*.getsitecontrol.com data: 'report-sample'; block-all-mixed-content; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org fpnpmcdn.net *.gstatic.com *.googletagmanager.com *.hotjar.com *.fbcdn.net https://ssl.gstatic.com https://www.google-analytics.com *.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://cdn.cookielaw.org *.adform.net https://static.zdassets.com *.zendesk.com connect.facebook.net 1
frame-ancestors 'self' https://*.force.com; 1
frame-ancestors 'self' https://web.dbuniversity.ac.in https://cdn.jsdelivr.net http://web.dbuniversity.ac.in; 1
script-src 'self' 'unsafe-eval' https://static.cloudflareinsights.com/beacon.min.js/vef91dfe02fce4ee0ad053f6de4f175db1715022073587 https://js.zi-scripts.com/zi-tag.js https://static.cloudflareinsights.com/ https://surveys-static.survicate.com/ https://surveys-static.survicate.com/widget_core-23.2.5.js https://img.en25.com/i/elqCfg.min.js https://ajax.cloudflare.com/cdn-cgi/scripts/04b3eb47/cloudflare-static/mirage2.min.js https://bat.bing.com/p/action/5039922.js https://bat.bing.com/bat.js https://static.cloudflareinsights.com/beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793  https://surveys-static.survicate.com/widget_core-22.10.7.js https://storage.googleapis.com https://www.snapengage.com https://surveys-static.survicate.com/widget_core-22.9.9.js  https://storage.googleapis.com/code.snapengage.com/js/5b172b70-8566-421b-a58a-a65f8cf004a0.js https://surveys-static.survicate.com/widget_core-22.9.3.js https://surveys-static.survicate.com/widget_core-22.8.0.js https://surveys-static.survicate.com/widget_core-22.7.3.js https://a24704070387.cdn.optimizely.com https://surveys-static.survicate.com/widget_core-22.5.4.js https://cdn.optimizely.com/js/25136191463.js https://survey.survicate.com/workspaces/7821bc82a5d92c15361342f212740d61/web_surveys.js https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816 https://edge.fullstory.com/s/fs.js https://static.cloudflareinsights.com/beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854 https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317 https://static.cloudflareinsights.com/beacon.min.js https://snap.licdn.com https://www.visableleads.com https://cdn.cookielaw.org https://www.youtube.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com https://connect.facebook.net https://googleads.g.doubleclick.net 'unsafe-inline'; frame-src 'self' https://td.doubleclick.net/ https://capture.navattic.com/ https://a24704070387.cdn.optimizely.com https://www.google.com https://outlook.office365.com https://maps.google.com https://www.youtube-nocookie.com https://www.google.com/maps https://www.visableleads.com https://www.youtube.com https://www.facebook.com https://googleads.g.doubleclick.net; object-src 'self'; sandbox allow-forms allow-scripts  allow-same-origin allow-popups allow-modals allow-orientation-lock allow-pointer-lock allow-presentation allow-popups-to-escape-sandbox allow-top-navigation allow-downloads; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.fruitnet.com; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'nonce-ubP1RUBMaRfh9INLklNaKA=='; ; 1
default-src 'self' *.zipmoney.com.au *.gstatic.com *.bazaarvoice.com *.vimeo.com *.akamaized.net *.hotjar.com *.hotjar.io *.trurating.com *.crazyegg.com tracking.myunidays.com *.five9.net; img-src 'self' data: https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; connect-src 'self' https: wss:; font-src 'self' data: https:; frame-ancestors 'self' https://*.sheridanoutlet.com.au; 1
default-src �eself�f; 1
frame-ancestors 'self' *.alation.com www.alationuniversity.com *.alationuniversity.com *.splashthat.com https://app.contentful.com app.optimizely.com 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.userback.io *.readspeaker.com https://www.canto.com https://www.dacast.com https://cdn.jsdelivr.net https://maps.googleapis.com https://unpkg.com https://skaoint.matomo.cloud https://cdn.matomo.cloud/skaoint.matomo.cloud; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.userback.io *.readspeaker.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://www.canto.com https://www.dacast.com https://unpkg.com https://skaoint.matomo.cloud https://cdn.matomo.cloud/skaoint.matomo.cloud; img-src 'self' 'unsafe-inline' data: https://www.canto.com https://*.tile.openstreetmap.org https://cdn.jsdelivr.net https://*.google.com https://maps.gstatic.com https://api.mapbox.com; media-src 'self' *.canto.global *.cloudfront.net; frame-src 'self' *.youtube.com *.vimeo.com https://airtable.com *.canto.com *.canto.global; frame-ancestors *; child-src 'self' *.youtube.com *.vimeo.com https://airtable.com *.canto.com *.canto.global; font-src 'self' data: https://fonts.gstatic.com *.readspeaker.com https://cdn.jsdelivr.net https://fonts.googleapis.com; connect-src 'self' https://skaoint.matomo.cloud https://oauth.canto.global; report-uri /report-csp-violation; upgrade-insecure-requests 1
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self' *.cybersource.com; object-src 'none'; 1
default-src 'self'; img-src * 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://cdn.cookielaw.org https://ssl.google-analytics.com https://connect.facebook.net https://expressentry.melissadata.net https://globalemail.melissadata.net https://www.gstatic.com https://use.fontawesome.com https://calendar.time.ly https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://www.paypal.com/ https://www.sandbox.paypal.com/; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com/ data:; connect-src 'self' https://globalemail.melissadata.net https://cdn.cookielaw.org/ https://biext.jafra.com https://www.google-analytics.com https://globalphone.melissadata.net https://personator.melissadata.net/ https://stats.g.doubleclick.net https://biextqa.jafra.com/ https://www.paypal.com/ https://www.sandbox.paypal.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com; frame-src *; media-src * 1
frame-ancestors 'self' insights.hotjar.com 1
object-src 'none';base-uri 'self';script-src 'nonce-SWKt2NK8Wz03_r3D_BnH7Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp 1
frame-ancestors 'self' https://makro.froggenius.com 1
default-src 'self' http: https: data: blob: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rcmp-grc.gc.ca csps-dev.con.rcmp-grc.gc.ca csps-dev.con.rcmp-grc.gc.ca csps.con.rcmp-grc.gc.ca www.google-analytics.com ajax.googleapis.com www.googletagmanager.com *.clet.ca platform.twitter.com cdn.syndication.twimg.com cdnjs.cloudflare.com use.fontawesome.com www.youtube.com unpkg.com; 1
frame-ancestors 'self' profectus.prod.stonebridge.uk.com 1
default-src 'self' https://partner.googleadservices.com/ https://afs.googlesyndication.com/ https://cse.google.com/ https://www.google.com/cse/static/ https://www.googletagmanager.com/ https://kit.fontawesome.com/ https://www.gstatic.com/ www.google-analytics.com/ https://www.googletagmanager.com/ https://*.intercomcdn.com/ https://static.intercomassets.com wss://nexus-websocket-a.intercom.io/ https://api-iam.intercom.io https://widget.intercom.io wss://app.livehelpnow.net/ https://app.livehelpnow.net https://api-iam.intercom.io https://js.intercomcdn.com/ https://widget.intercom.io https://*.online-metrix.net/  https://metrics.myfrs.com/ https://kit.fontawesome.com/7e7cfee65e.js https://fonts.googleapis.com/ https://fonts.gstatic.com https://ka-p.fontawesome.com/   https://www.livehelpnow.net https://cdn.livehelpnow.net/ https://cdn.polyfill.io/ https://developer.livehelpnow.net https://translate-pa.googleapis.com/ https://translate.googleapis.com/ https://translate.google.com/ https://*.online-metrix.net/  https://metrics.myfrs.com/ http://translate.google.com/ https://www.google.com/ http://www.google.com/ http://releases.flowplayer.org/ https://releases.flowplayer.org/ https://www.timevaluecalculators.com/ https://use.fontawesome.com/ https://hewitt.lipperweb.com/ https://sadmin.brightcove.com/ http://admin.brightcove.com/ https://players.brightcove.net/ http://players.brightcove.net/ https://translate.google.com/; script-src 'self' 'unsafe-eval' https://partner.googleadservices.com/ https://cse.google.com/ https://www.google.com/cse/static/ https://www.googletagmanager.com/ https://kit.fontawesome.com/ https://www.gstatic.com/  https://www.googletagmanager.com/ https://*.intercomcdn.com/ https://static.intercomassets.com wss://nexus-websocket-a.intercom.io/ https://api-iam.intercom.io https://widget.intercom.io wss://app.livehelpnow.net/ https://app.livehelpnow.net https://*.online-metrix.net/  https://metrics.myfrs.com/ https://api-iam.intercom.io https://js.intercomcdn.com/ https://widget.intercom.io https://kit.fontawesome.com/7e7cfee65e.js https://fonts.googleapis.com/ https://fonts.gstatic.com https://ka-p.fontawesome.com/   https://www.livehelpnow.net https://cdn.livehelpnow.net/ https://cdn.polyfill.io/ https://developer.livehelpnow.net https://translate.google.com/ https://www.gstatic.com/ https://use.fontawesome.com/ http://www.gstatic.com/ https://www.google.com/ http://www.google.com/ http://releases.flowplayer.org/ https://releases.flowplayer.org/ https://www.timevaluecalculators.com/ https://hewitt.lipperweb.com/ https://sadmin.brightcove.com/ http://admin.brightcove.com/ https://secure.brightcove.com/ https://ssl.bing.com/ http://www.bing.com  http://api.microsofttranslator.com/ https://translate-pa.googleapis.com/ https://translate.googleapis.com/ http://www.myfrs.com/ https://www.myfrs.com/  http://www.microsofttranslator.com/ https://ssl.microsofttranslator.com/ www.google-analytics.com/ https://ssl.google-analytics.com/  ajax.googleapis.com/ https://www.zazachat.com/ http://www.zazachat.com/ www.jquery.com/ json.org sizzlejs.com https://www.zazamagic.aspx https://translate.google.com/ 'unsafe-inline'; style-src 'self' https://partner.googleadservices.com/ https://kit.fontawesome.com/ https://cse.google.com/ https://www.google.com/cse/static/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.googletagmanager.com/ https://*.intercomcdn.com/ https://static.intercomassets.com wss://nexus-websocket-a.intercom.io/ https://api-iam.intercom.io https://widget.intercom.io wss://app.livehelpnow.net/ https://app.livehelpnow.net https://*.online-metrix.net/  https://metrics.myfrs.com/ https://api-iam.intercom.io https://js.intercomcdn.com/ https://widget.intercom.io https://kit.fontawesome.com/7e7cfee65e.js https://fonts.googleapis.com/ https://fonts.gstatic.com https://ka-p.fontawesome.com/   https://www.livehelpnow.net https://cdn.livehelpnow.net/ https://cdn.polyfill.io/ https://developer.livehelpnow.net http://releases.flowplayer.org/ https://use.fontawesome.com/ https://releases.flowplayer.org/ https://www.timevaluecalculators.com/ https://hewitt.lipperweb.com/ https://sadmin.brightcove.com/ http://admin.brightcove.com/ http://api.microsofttranslator.com/ https://translate-pa.googleapis.com/ https://translate.googleapis.com/ http://www.microsofttranslator.com/ https://ssl.microsofttranslator.com/ https://translate.google.com/ 'unsafe-inline' 'unsafe-eval'; object-src 'self' https://partner.googleadservices.com/ https://cse.google.com/ https://www.google.com/cse/static/ https://www.googletagmanager.com/ https://kit.fontawesome.com/ https://www.gstatic.com/  https://www.googletagmanager.com/ https://*.intercomcdn.com/ https://static.intercomassets.com wss://nexus-websocket-a.intercom.io/ https://api-iam.intercom.io https://widget.intercom.io wss://app.livehelpnow.net/ https://app.livehelpnow.net https://*.online-metrix.net/  https://metrics.myfrs.com/ https://api-iam.intercom.io https://js.intercomcdn.com/ https://widget.intercom.io https://kit.fontawesome.com/7e7cfee65e.js https://fonts.googleapis.com/ https://fonts.gstatic.com https://ka-p.fontawesome.com/   https://www.livehelpnow.net https://cdn.livehelpnow.net/ https://cdn.polyfill.io/ https://developer.livehelpnow.net http://releases.flowplayer.org/ https://releases.flowplayer.org/ https://www.timevaluecalculators.com/ https://hewitt.lipperweb.com/ https://sadmin.brightcove.com/ http://admin.brightcove.com/ https://secure.brightcove.com/ https://translate.google.com/; img-src https://afs.googlesyndication.com/ https://www.gstatic.com/ https://*.gstatic.com/ https://clients1.google.com/ https://kit.fontawesome.com/ https://*.intercomcdn.com/ https://static.intercomassets.com wss://nexus-websocket-a.intercom.io/ https://api-iam.intercom.io https://widget.intercom.io http://myfrs.com/ https://myfrs.com/ wss://app.livehelpnow.net/ https://app.livehelpnow.net https://*.online-metrix.net/  https://metrics.myfrs.com/ https://api-iam.intercom.io https://widget.intercom.io https://js.intercomcdn.com/ https://kit.fontawesome.com/7e7cfee65e.js https://fonts.googleapis.com/ https://fonts.gstatic.com https://ka-p.fontawesome.com/   https://www.livehelpnow.net https://cdn.livehelpnow.net/ https://cdn.polyfill.io/ https://developer.livehelpnow.net https://translate.google.com/ https://www.gstatic.com/ https://releases.flowplayer.org/ https://www.timevaluecalculators.com/ https://use.fontawesome.com/ https://hewitt.lipperweb.com/ https://ssl.google-analytics.com/ https://sadmin.brightcove.com/ https://secure.brightcove.com/ http://admin.brightcove.com/ https://translate-pa.googleapis.com/ https://translate.googleapis.com/ http://api.microsofttranslator.com/ http://www.microsofttranslator.com/ https://ssl.microsofttranslator.com/ data: http://www.myfrs.com/ https://www.myfrs.com/ https://www.zazachat.zazasoftware.com/ www.google-analytics.com/ http://www.zazachat.com/ http://zazachat.zazasoftware.com/ https://www.google.com/ http://www.google.com/ 1
default-src 'self' https: wss: data: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' *.vitaminstore.nl; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src 'self' blob: 1
frame-ancestors https://*.imoney.my 1
frame-ancestors https://*.nrla.org.uk https://engage.talkative.uk https://ignite.mitel.com 1
'self' *.wvgw.de 1
default-src 'self' https://my-estub.com https://www.snapengage.com/ http://storage.googleapis.com/code.snapengage.com/; script-src 'self' https://www.snapengage.com/ http://storage.googleapis.com/code.snapengage.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' https://www.snapengage.com/ https://storage.googleapis.com/code.snapengage.com/; frame-ancestors 'self'; 1
report-uri https://fides.ch 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com chat.g2khosting.com www.googletagmanager.com connect.facebook.net www.google-analytics.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://glasgow.social; img-src 'self' https: data: blob: https://glasgow.social; style-src 'self' https://glasgow.social 'nonce-zixayq3SzhbVJ/GO5HMDJQ=='; media-src 'self' https: data: https://glasgow.social; frame-src 'self' https:; manifest-src 'self' https://glasgow.social; form-action 'self'; child-src 'self' blob: https://glasgow.social; worker-src 'self' blob: https://glasgow.social; connect-src 'self' data: blob: https://glasgow.social https://files.glasgow.social wss://glasgow.social; script-src 'self' https://glasgow.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://*.iprox.nl 1
default-src 'unsafe-inline' syntellis.localhost *.prod.acquia-sites.com *.syntellis.com *.gstatic.com *.googleusercontent.com *.marketo.com *.fontawesome.com *.googletagmanager.com *.6sc.co *.crazyegg.com *.adnxs.com *.6sense.com *.mktoresp.com *.google-analytics.com *.analytics.google.com *.linkedin.com *.bing.com *.adsymptotic.com *.googleapis.com *.doubleclick.net *.wistia.com *.vimeo.com  *.cookielaw.org *.nr-data.net *.fullcircleinsights.com *.cloudfront.net  *.bizzabo.com *.clarity.ms *.windows.net *.onetrust.com *.salesloft.com *.calendly.com calendly.com syntellis.lndo.site *.reactful.com *.driftt.com *.jsdelivr.net; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com *.calendly.com calendly.com *.reactful.com; img-src 'self' *.6sc.co data: *.google-analytics.com  *.gstatic.com *.googleusercontent.com *.marketo.com *.fontawesome.com *.googletagmanager.com *.6sc.co *.crazyegg.com *.adnxs.com *.6sense.com *.mktoresp.com *.google-analytics.com *.linkedin.com *.bing.com *.adsymptotic.com *.google.ca *.google.com *.cookielaw.org *.clarity.ms *.calendly.com calendly.com *.reactful.com *.googleapis.com; frame-src syntellis.localhost *.prod.acquia-sites.com syntellis.com  'self' *.wistia.com *.vimeo.com *.marketo.com *.driftt.com *.comparably.com *.google.com *.bizzabo.com *.calendly.com calendly.com *.addtoany.com addtoany.com *.reactful.com; frame-ancestors *.prod.acquia-sites.com https://ideas.kaufmanhall.com http://ideas.kaufmanhall.com *.syntellis.com syntellis.com syntellis.localhost syntellis.lndo.site; connect-src https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.syntellis.com *.fullcircleinsights.com *.cookielaw.org *.marketo.com *.fontawesome.com *.6sc.co *.crazyegg.com *.adnxs.com *.6sense.com *.mktoresp.com *.jsdelivr.net *.onetrust.com *.reactful.com *.salesloft.com *.ads.linkedin.com *.nr-data.net 1
upgrade-insecure-requests; script-src 'strict-dynamic' 'nonce-Ukgs0+AtSBhLOE0et7r/9g=='; 1
frame-ancestors 'self' https://www.louisenthal.com/; 1
default-src 'self' https: https://*.clarity.ms https://c.bing.com https://www.googletagmanager.com; font-src 'self' https: data:; img-src 'self' https: data: https://development.versebyverseministry.org https://media.versebyverseministry.org https://www.googletagmanager.com; object-src 'none'; script-src 'self' https: https://www.googletagmanager.com https://js.stripe.com https://ga.jspm.io/npm:es-module-shims@1.8.2/dist/es-module-shims.js https://www.google-analytics.com https://player.vimeo.com/api/player.js 'unsafe-inline' blob:; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https: https://www.googletagmanager.com https://js.stripe.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' * https://jandy.stonly.com https://stonly.com https://embedsocial.com data:; img-src 'self' https://marvel-b1-cdn.bc0a.com https://play.vidyard.com https://www.facebook.com https://www.google-analytics.com https://www.google.com * data: blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://use.typekit.net *; upgrade-insecure-requests; script-src https://play.vidyard.com https://www.facebook.com https://www.google-analytics.com https://www.google.com 'unsafe-inline' 'unsafe-eval' * blob:; block-all-mixed-content; 1
default-src 'self' ; object-src 'self' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.segment.com ; font-src fonts.gstatic.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com ; img-src 'self' blob: data: lachain.io nfttest.lachain.net etherscan.io app.beefy.com cryptologos.cc offchainlabs.com upload.wikimedia.org s2.coinmarketcap.com dfwstrapi.lachain.io ; frame-src 'self' https://lachain.io https://test.lachain.net ; connect-src 'self' ws://next:3000 ws://localhost:3000 https://app.lachain.io https://api-qa.dev3.nekotal.tech https://defiwlt.com https://bridge-balancer1.lachain.io https://test-bridge-balancer1.lachain.io https://cdn.segment.com https://api.segment.io https://poly-mainnet.gateway.pokt.network https://fantom-mainnet.gateway.pokt.network https://mainnet.infura.io https://ropsten.infura.io https://relayer.lachain.io https://rinkeby.infura.io https://mainnet.optimism.io https://evm.cronos.org https://bsc-dataseed.binance.org https://mainnet.optimism.io https://data-seed-prebsc-1-s1.binance.org:8545 https://http-mainnet.hecochain.com https://polygon-rpc.com https://rpc-mainnet.lachain.io https://rpc-testnet.lachain.io https://rpc-devnet.lachain.io https://rpcapi.fantom.network https://http-testnet.hecochain.com https://cronos-testnet-3.crypto.org:8545 https://rpc.testnet.fantom.network https://arb1.arbitrum.io https://api.avax-test.network https://api.avax.network https://matic-mumbai.chainstacklabs.com https://rinkeby.arbitrum.io https://api.harmony.one https://api.s0.b.hmny.io https://nfttest.lachain.net https://bridge1.lachain.io ; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' pghub.io cdn.cookielaw.org *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' cdn.cookielaw.org images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' *.adsrvr.org *.doubleclick.net *.jebbit.com consumersupport.pg.com servedby.flashtalking.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com feed.pghub.io pandg.tapad.com ; manifest-src * ; 1
frame-ancestors https://io.apply.creditkarma.com https://embedded.creditkarma.com 1
script-src 'self' 'sha256-h3ph7OkuaL0D5L5xGUpp55bvrqHAoTnKFQGSPtWLZ5w=' https://nextgen-ui.trackinglibrary.prodperfect.com; object-src 'self'; worker-src blob:; 1
frame-ancestors 'self' https://formassembly.com https://forms.oviva.com 1
frame-ancestors teams.microsoft.com *.teams.microsoft.com teams.cloud.microsoft *.covi-stage.io *.coviu.us *.coviu.com *.covi-exp.io *.healthdirect.org.au *.telepractice.sa.edu.au *.telehealth.actforkids.com.au *.telehealth.melbournepolytechnic.edu.au *.telehealth.mpschild.com.au *.telehealth.macs.vic.edu.au *.app.videohealth.com.au *.telehealth.remedyhealthcare.com.au *.consultation.alternaleaf.com.au *.telehealth.spinal.com.au *.telehealth.rasa.org.au *.telehealth.physioinq.com.au *.telecare.northcott.com.au *.telecounselling.education.nsw.gov.au *.app.my-online.support *.telehealth.mmhg.com.au *.telehealth.youngmindsnetwork.com.au *.ecare.unitingcareqld.com.au *.uts.edu.au *.tafensw.edu.au *.joincareteampro.com *.oncoviu.us 1
default-src 'self' data:; img-src 'self' data: blob:; style-src 'self' 'unsafe-inline' https://datawrapper.dwcdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://datawrapper.dwcdn.net; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://www.youtu.be https://datawrapper.dwcdn.net; 1
default-src 'self' blob:; style-src 'self'; img-src 'self' data:; object-src 'none'; connect-src 'self' https://post.proctorio.com 1
default-src https:; script-src 'self' piwik.stairweb.de; media-src 'self'; object-src 'none'; worker-src 'self'; font-src 'self'; img-src 'self' https://piwik.stairweb.de/; style-src 'self'; frame-src 'self' https://*.stairweb.de/; frame-ancestors 'none'; base-uri 'self'; form-action 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.joinfreedelivery.com accounts.google.com connect.facebook.net appleid.cdn-apple.com *.deliverysfree.com *.braintree-api.com *.paypal.com *.fluidpay.com *.cdn-apple.com apple.com *.apple.com *.paypalobjects.com *.braintreegateway.com *.bootstrapcdn.com *.ladesk.com *.googleapis.com *.gstatic.com *.transactiongateway.com *.cloudflare.com *.jsdelivr.net *.jquery.com *.bunny.net unpkg.com *.unpkg.com *.networkmerchants.com *.api.here.com *.here.com *.hereapi.com *.googletagmanager.com *.doubleclick.net *.google.com google.com *.google.co.in googleadservices.com *.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com *.g.doubleclick.net *.google-analytics.com *.cookiepro.com geolocation.onetrust.com;img-src * data: 1
base-uri 'self'; font-src 'self' https: data: *.gstatic.com; form-action 'self' wellingtonnz.formstack.com *.facebook.com; frame-ancestors 'self' *.wellingtonnz-uat.com *.wellingtonnz.com; img-src 'self' data: blob: *.analytics.google.com *.cdninstagram.com *.cloudfront.net *.doubleclick.net *.facebook.com *.google-analytics.com *.google.co.nz *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.monsido.com *.siteimproveanalytics.io *.ytimg.com api.mapbox.com shielded.co.nz staticcdn.co.nz twemoji.maxcdn.com wellingtonnz.bynder.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline' *.google.com *.googleapis.com *.zencdn.net; script-src 'self' https: data: blob: 'unsafe-eval' 'unsafe-inline' *.analytics.google.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.jquery.com *.monsido.com *.vimeo.com *.youtube.com *.zencdn.net browser-update.org code.highcharts.com siteimproveanalytics.com staticcdn.co.nz; upgrade-insecure-requests; connect-src 'self' https: wss: *.analytics.google.com *.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.monsido.com *.windows.net *.wellingtonnz.com; frame-src 'self' *.doubleclick.net *.dwcdn.net *.google.com *.infogram.com *.metservice.com *.monsido.com *.spotify.com *.vimeo.com *.youtube.com configurator.takina.co.nz configurator.wcec.co.nz goo.gl nzhistory.govt.nz omny.fm radian.mintdesign.co.nz radianstaging.mintdemo.co.nz staticcdn.co.nz viewer.mapme.com wellingtonnz.formstack.com *.facebook.com; manifest-src 'self'; media-src 'self' *.cdninstagram.com maori-dictionary-media.s3.amazonaws.com storage.googleapis.com; 1
default-src 'self' *.youtube.com *.onfastspring.com airtable.com *.2checkout.com *.avangate.com cdn.jsdelivr.net *.freshworks.com *.freshdesk.com; style-src 'self' 'unsafe-inline' widget.freshworks.com; img-src 'self' data:; script-src unpkg.com 'self' 'unsafe-inline' 'unsafe-eval' *.onfastspring.com static.airtable.com *.2checkout.com cdn.jsdelivr.net widget.freshworks.com; connect-src 'self' *.freshdesk.com *.freshworks.com *.onfastspring.com; 1
default-src 'none'; media-src 'self'; style-src 'none' 'unsafe-inline'; img-src 'self' https://img.shields.io 1
default-src *; style-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' *; object-src 'self' ; img-src 'self' data: https:;  font-src 'self' data: * https://fonts.gstatic.com; connect-src 'self' *; media-src * data: https:; base-uri 'self'; 1
frame-ancestors 'self' folder.aldi.be experience.adobe.com aldinord.experiencecloud.adobe.com; default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 1
frame-ancestors 'self' https://*.partijvoordedieren.nl; 1
frame-ancestors 'self' https://prdsales.int.n-ergie https://prdnetz.int.n-ergie https://prdnim.int.n-ergie https://prduews.int.n-ergie https://*.usercentrics.eu; 1
default-src *; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; media-src * blob:; object-src 'none'; base-uri 'self' 1
default-src 'none'; script-src 'self' https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline'; img-src 'self' https://api.iconnectdaily.net data: blob: https://www.google-analytics.com/collect; media-src https://api.iconnectdaily.net blob:; connect-src https://api.iconnectdaily.net wss://api.iconnectdaily.net https://*.google-analytics.com/g/collect https://google-analytics.com/g/collect 'self'; font-src 'self'; prefetch-src 'self'; frame-ancestors 'none' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' js-agent.newrelic.com static.cloudflareinsights.com app.pendo.io app.eu.pendo.io us1.app.pendo.io app.jpn.pendo.io cdn.pendo.io cdn.eu.pendo.io us1.cdn.pendo.io cdn.jpn.pendo.io data.pendo.io data.eu.pendo.io us1.data.pendo.io data.jpn.pendo.io scopus.com service.elsevier.com pendo.reaxys.com *.nr-data.net pendo-io-static.storage.googleapis.com pendo-eu-static.storage.googleapis.com pendo-us1-static.storage.googleapis.com pendo-jp-prod-static.storage.googleapis.com pendo-static-5551907851993088.storage.googleapis.com pendo-eu-static-5551907851993088.storage.googleapis.com pendo-us1-static-5551907851993088.storage.googleapis.com pendo-jp-prod-static-5551907851993088.storage.googleapis.com pendo-static-5582159194488832.storage.googleapis.com pendo-static-6012908437241856.storage.googleapis.com pendo-static-5095337838772224.storage.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com app.pendo.io app.eu.pendo.io us1.app.pendo.io app.jpn.pendo.io scopus.com service.elsevier.com pendo.reaxys.com pendo-io-static.storage.googleapis.com pendo-eu-static.storage.googleapis.com pendo-us1-static.storage.googleapis.com pendo-jp-prod-static.storage.googleapis.com pendo-static-5551907851993088.storage.googleapis.com pendo-eu-static-5551907851993088.storage.googleapis.com pendo-us1-static-5551907851993088.storage.googleapis.com pendo-jp-prod-static-5551907851993088.storage.googleapis.com pendo-static-5582159194488832.storage.googleapis.com pendo-static-6012908437241856.storage.googleapis.com pendo-static-5095337838772224.storage.googleapis.com; img-src 'self' data: app.pendo.io app.eu.pendo.io us1.app.pendo.io app.jpn.pendo.io cdn.pendo.io cdn.eu.pendo.io us1.cdn.pendo.io cdn.jpn.pendo.io data.pendo.io data.eu.pendo.io us1.data.pendo.io data.jpn.pendo.io scopus.com service.elsevier.com pendo.reaxys.com pendo-io-static.storage.googleapis.com pendo-eu-static.storage.googleapis.com pendo-us1-static.storage.googleapis.com pendo-jp-prod-static.storage.googleapis.com pendo-static-5551907851993088.storage.googleapis.com pendo-eu-static-5551907851993088.storage.googleapis.com pendo-us1-static-5551907851993088.storage.googleapis.com pendo-jp-prod-static-5551907851993088.storage.googleapis.com pendo-static-5582159194488832.storage.googleapis.com pendo-static-6012908437241856.storage.googleapis.com pendo-static-5095337838772224.storage.googleapis.com *.cloudfront.net; media-src 'self' data: scopus.com service.elsevier.com pendo.reaxys.com *.cloudfront.net; connect-src 'self' ws: cloudflareinsights.com app.pendo.io app.eu.pendo.io us1.app.pendo.io app.jpn.pendo.io data.pendo.io data.eu.pendo.io us1.data.pendo.io data.jpn.pendo.io scopus.com service.elsevier.com pendo.reaxys.com *.nr-data.net pendo-io-static.storage.googleapis.com pendo-eu-static.storage.googleapis.com pendo-us1-static.storage.googleapis.com pendo-jp-prod-static.storage.googleapis.com pendo-static-5551907851993088.storage.googleapis.com pendo-eu-static-5551907851993088.storage.googleapis.com pendo-us1-static-5551907851993088.storage.googleapis.com pendo-jp-prod-static-5551907851993088.storage.googleapis.com pendo-static-5582159194488832.storage.googleapis.com pendo-static-6012908437241856.storage.googleapis.com pendo-static-5095337838772224.storage.googleapis.com; frame-src 'self' app.pendo.io app.eu.pendo.io us1.app.pendo.io app.jpn.pendo.io scopus.com service.elsevier.com pendo.reaxys.com; worker-src 'self' blob: scopus.com service.elsevier.com pendo.reaxys.com; object-src 'self' data: scopus.com service.elsevier.com pendo.reaxys.com 1
frame-ancestors 'self' wabco-solutioncentre.com 1
default-src 'self' https://koreascience.kr https://ocean.kisti.re.kr; style-src 'self' https://fonts.googleapis.com https://www.gstatic.com 'unsafe-inline'; object-src 'self' https://koreascience.kr https://ocean.kisti.re.kr; connect-src 'self' https://koreascience.kr https://www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://koreascience.kr https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com; img-src 'self' https://koreascience.kr https://ocean.kisti.re.kr https://www.google-analytics.com https://data.doi.or.kr data:; frame-ancestors 'self' https://koreascience.kr https://ocean.kisti.re.kr http://www.kjrs.or.kr/ http://kjrs.or.kr/ https://www.ksdt.kr/ https://ksdt.kr/ http://smarttourism.khu.ac.kr http://www.kstp.or.kr https://www.ksdb.org https://www.ejmsb.org https://www.ekjps.org https://www.kosfaj.org https://www.jkmood.org https://www.ejast.org https://www.jksaa.org https://www.jkiees.org https://www.ekosfop.or.kr https://www.e-fas.org https://www.woodj.org https://www.eksss.org https://www.jkila.org http://journal.rubber.or.kr http://journal.cg-korea.org http://journal.kfs21.or.kr https://www.janss.kr; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com 'unsafe-inline'; 1
frame-ancestors 'self'; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-aADoAXEcClwplvxpgbKGuw==' 1
default-src *; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; report-uri /report-csp-violation 1
frame-ancestors https://p-backoffice.b2c.gebr-heinemann.com/ 1
default-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data:; media-src 'self' https:; font-src 'self' https: data:; connect-src 'self' https: wss:; frame-src 'self' https:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com 'unsafe-inline' https://player.vimeo.com https://www.google-analytics.com https://www.googletagmanager.com https://*.googletagmanager.com; img-src 'self' data: https://images.ctfassets.net https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com/; child-src 'self' https://www.youtube-nocookie.com/ https://www.youtube.com/ https://player.vimeo.com; object-src 'self'; connect-src 'self' https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com; 1
frame-ancestors 'self' *.paypal.com *.mercadopago.com.mx *.tawk.to 1
default-src *; style-src * 'unsafe-inline'; img-src 'self' https://*.optimole.com https://*.facebook.com https://*.google.com https://*.gravatar.com https://*.linkedin.com https://*.bing.com https://cdn-cookieyes.com https://*.google.co.uk/ https://*.hubspot.com https://*.hs-scripts.com data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://*.tangoanalytics.com https://*.tangodev.wpengine.com https://*.tangostg.wpengine.com https://*.tangoprd.wpengine.com 1
default-src 'self' https://finetunelearning.com https://*.finetunelearning.com; img-src https://* data:; script-src 'unsafe-inline' 'self' https://js.driftt.com https://widget.drift.com https://finetunelearning.com https://*.finetunelearning.com https://*.googletagmanager.com https://*.google.com https://*.jsdelivr.net https://*.fontawesome.com https://*.gstatic.com https://*.google-analytics.com; style-src 'unsafe-inline' https://finetunelearning.com https://*.finetunelearning.com https://*.cloudflare.com https://*.googleapis.com https://*.jsdelivr.net; font-src https://* data:; connect-src 'self' https://*.fontawesome.com https://*.google-analytics.com; frame-src 'self' https://js.driftt.com https://widget.drift.com https://player.vimeo.com https://www.google.com https://go.prometric.com; media-src https://js.driftt.com/; 1
upgrade-insecure-requests; frame-src 'self' forms.hsforms.com vars.hotjar.com w.recruiterbox.com app.recruiterbox.com vimeo.com youtu.be youtube.com www.youtube.com www.google.com player.vimeo.com bid.g.doubleclick.net www.facebook.com cdn.knightlab.com; frame-ancestors 'self' 1
frame-ancestors 'self' *.verti.es *.verti.it *.verti.com *.verti.de *.mazda.de; 1
report-uri cdn.equalweb.com;child-src cdn.equalweb.com blob: 'self';connect-src *.powerreviews.com http://www.homeworksbyprecept.com *.bing.com cdn.equalweb.com ecommerce.merchantware.net access.equalweb.com ocr.equalweb.com cdn.cookielaw.org *.virtualearth.net https://www.google-analytics.com http://analytics.google.com/ r.lr-ingest.com r.intake-lr.com verifi.podscribe.com pixel.tapad.com ipv4.podscribe.com https://cdn.jsdelivr.net/gh/ryersondmp/sa11y 'self' https://login.microsoftonline.com https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://dc.services.visualstudio.com https://images-us-prod.cms.commerce.dynamics.com https://images-us-prod.cms.commerce.dynamics.com https://www.bjupresshomeschool.com https://scug0yja9l413430703-rs.su.retail.dynamics.com/;font-src https://static2.sharepointonline.com cdn.equalweb.com 'self' https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://use.fontawesome.com data:;frame-ancestors cdn.equalweb.com;frame-src https://paymentacceptsample.cloud.dynamics.com https://www.homeworksbyprecept.com cdn.equalweb.com https://www.youtube.com https://www.buzzsprout.com https://livestream.com app.five9.com https://e.issuu.com https://vimeo.com https://player.vimeo.com;img-src *.powerreviews.com https://res.cloudinary.com cdn.equalweb.com https://www.bjupresshomeschooling.com access.equalweb.com app.five9.com https://i.ytimg.com cdn.cookielaw.org *.virtualearth.net *.bing.com 'self' data: https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://images-us-prod.cms.commerce.dynamics.com https://images-us-prod.cms.commerce.dynamics.com;media-src cdn.equalweb.com 'self' https://ppe-streaming-video-mr-microsoft-com.akamaized.net https://*.streaming.media.azure.net https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://images-us-prod.cms.commerce.dynamics.com https://images-us-prod.cms.commerce.dynamics.com;object-src cdn.equalweb.com 'self';script-src *.powerreviews.com https://mpsnare.iesnare.com *.bing.com cdn.equalweb.com access.equalweb.com ecommerce.merchantware.net https://www.homeworksbyprecept.com app.five9.com https://www.bjupresshomeschool.com cdn.cookielaw.org *.virtualearth.net https://www.googletagmanager.com cdn.intake-lr.com d34r8q7sht0t9k.cloudfront.net https://cdn.jsdelivr.net/gh/ryersondmp/sa11y 'self' 'unsafe-inline' 'unsafe-eval' https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://*.vo.msecnd.net https://dc.services.visualstudio.com https://dev.virtualearth.net https://www.bjupresshomeschool.com https://js.monitor.azure.com/scripts/b/ai.2.min.js;style-src cdn.equalweb.com *.powerreviews.com *.bing.com access.equalweb.com app.five9.com 'self' 'unsafe-inline' https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://www.bjupresshomeschool.com ;default-src 'self' https://*.commerce.dynamics.com https://*.dynamics365commerce.ms;base-uri 'self'; 1
default-src 'none';style-src 'self' 'unsafe-inline' https://cdn.eye-able.com;script-src 'self' 'unsafe-inline' https://embed.journey.epilot.io https://analytics.stadtwerke-ratingen.de https://cdn.eye-able.com;img-src 'self' data: https:;font-src 'self';manifest-src 'self';connect-src 'self';frame-src https:;report-uri https://sentry.km2.de/api/10/security/?sentry_key=3548d5d299304ea88eb88d8f38310f6f 1
report-uri https://www.pratique.fr/contacts.html; base-uri 'self' 1
frame-ancestors 'self' https://pages.et4.de; 1
connect-src 'self' https: wss://ws.airbnb.com wss://ws.airbnb.org; default-src 'self' https:; font-src 'self' data: https:; frame-src *; img-src 'self' https: data:; media-src 'self' https: blob:; script-src 'self' https: 'unsafe-eval' 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-CZnW0hvLQpXhjRl/rvattFn8GcIhxi8fcsCstVugtsI=' 'sha256-96k+AOKIYoML3O+lb2L6QMfXHg/Ddn4WVb9vVVu6NMc=' 'sha256-BHwAb0nf7WoXfp/ZprHDF/IbZ86S9SLr9O42wIfJaQY=' 'sha256-Fs/m8B950rh+Jad0IXDMet9p37NTJrAEo0BeyxegMA4=' 'sha256-MUN2dOUR1yrPKHJK6oM1RmxND0SvAVTjk0iZIfIdA+Y='; style-src 'self' https: 'unsafe-inline'; worker-src 'self' https: blob:; report-uri /tracking/csp?controller=dot-org-loop&action=%2F&req_uuid=5d86b7f0-0964-96bb-1b6d-447d8cb037ff&version=sha%3D544209d3ea00&report_only=false; report-to /tracking/csp?controller=dot-org-loop&action=%2F&req_uuid=5d86b7f0-0964-96bb-1b6d-447d8cb037ff&version=sha%3D544209d3ea00&report_only=false 1
default-src 'self'; script-src 'self'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self' data:; font-src 'self'; connect-src 'self'; frame-src 'self'; frame-ancestors 'self' https://scripts.zdv.uni-mainz.de; form-action 'self' metager.org metager.de 1
script-src 'nonce-lePeAFDBF1iU8JghQdaFxg==' 'self' https://*.awswaf.com https://pages.awscloud.com; style-src 'nonce-lePeAFDBF1iU8JghQdaFxg==' 'self' https://*.awswaf.com https://pages.awscloud.com; font-src 'self'; img-src 'self' data:; connect-src https://cognito-identity.us-east-1.amazonaws.com https://sts.us-east-1.amazonaws.com 'self' https://dataplane.rum.us-east-1.amazonaws.com https://*.awswaf.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://pages.awscloud.com; upgrade-insecure-requests; frame-src https://pages.awscloud.com; default-src 'none'; base-uri 'none'; object-src 'none' 1
frame-ancestors 'self' https://www2.imba.com/ https://mwba.org/ https://tasmtb.org/ https://routtcountyriders.org 1
default-src 'self' www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://accounts.flatiron.com data:; script-src 'self' 'unsafe-inline' www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.com; frame-ancestors https://*.oncoemr.com; report-uri https://csp.flatiron.com/csp-report 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://ct.pinterest.com https://ampcid.google.gr https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.gr; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.gr https://m.myprotein.gr https://checkout.myprotein.gr https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myprotein.gr; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-MzgsMjgsMTA4LDEwNiwyMjEsMjExLDIyNiwzMA==' blob: https://cdn.discordapp.com/animations/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://checkout.paypal.com https://c.paypal.com https://kit.cash.app https://static.discord.com https://static-edge.discord.com; style-src 'self' 'unsafe-inline' https://cdn.discordapp.com https://*.hcaptcha.com https://hcaptcha.com https://kit.cash.app https://static.discord.com https://static-edge.discord.com; img-src 'self' blob: data: https://*.discordapp.net https://*.discordapp.com https://*.discord.com https://i.scdn.co https://i.ytimg.com https://i.imgur.com https://media.tenor.co https://media.tenor.com https://c.tenor.com https://*.youtube.com https://*.giphy.com https://static-cdn.jtvnw.net https://pbs.twimg.com https://assets.braintreegateway.com https://checkout.paypal.com https://c.paypal.com https://b.stats.paypal.com https://slc.stats.paypal.com https://hnd.stats.paypal.com https://api.cash.app; font-src 'self' https://fonts.gstatic.com https://cash-f.squarecdn.com https://static.discord.com https://static-edge.discord.com; connect-src 'self' https://status.discordapp.com https://status.discord.com https://support.discordapp.com https://support.discord.com https://discordapp.com https://discord.com https://discord-attachments-uploads-prd.storage.googleapis.com https://cdn.discordapp.com https://media.discordapp.net https://images-ext-1.discordapp.net https://images-ext-2.discordapp.net https://router.discordapp.net wss://*.discord.gg https://best.discord.media https://latency.discord.media wss://*.discord.media wss://dealer.spotify.com https://api.spotify.com https://music.amazon.com/embed/oembed https://*.sentry.io https://api.twitch.tv https://api.stripe.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.braintree-api.com https://www.googleapis.com https://*.algolianet.com https://*.hcaptcha.com https://hcaptcha.com https://*.algolia.net ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' blob: disclip: https://*.discordapp.net https://*.discord.com https://*.discordapp.com https://*.youtube.com https://streamable.com https://vid.me https://twitter.com https://oddshot.akamaized.net https://*.giphy.com https://i.imgur.com https://media.tenor.co https://media.tenor.com https://c.tenor.com; frame-src https://discordapp.com/domain-migration discord: https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://hooks.stripe.com https://checkout.paypal.com https://c.paypal.com https://assets.braintreegateway.com https://checkoutshopper-live.adyen.com https://kit.cash.app https://player.twitch.tv https://clips.twitch.tv/embed https://player.vimeo.com https://www.youtube.com/embed/ https://www.tiktok.com/embed/ https://music.amazon.com/embed/ https://music.amazon.co.uk/embed/ https://music.amazon.de/embed/ https://music.amazon.co.jp/embed/ https://music.amazon.es/embed/ https://music.amazon.fr/embed/ https://music.amazon.it/embed/ https://music.amazon.com.au/embed/ https://music.amazon.in/embed/ https://music.amazon.ca/embed/ https://music.amazon.com.mx/embed/ https://music.amazon.com.br/embed/ https://www.youtube.com/s/player/ https://twitter.com/i/videos/ https://www.funimation.com/player/ https://www.redditmedia.com/mediaembed/ https://open.spotify.com/embed/ https://w.soundcloud.com/player/ https://audius.co/embed/ https://*.watchanimeattheoffice.com https://sessionshare.sp-int.playstation.com/ https://session-share.playstation.com/ https://localhost:* https://*.discordsays.com https://discordappcom.cloudflareaccess.com/; child-src 'self' blob: https://assets.braintreegateway.com https://checkout.paypal.com https://c.paypal.com; prefetch-src 'self' https://cdn.discordapp.com/assets/; 1
default-src 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://tagmanager.google.com https://*.intercom.io https://js.intercomcdn.com https://connect.facebook.net https://js.appboycdn.com https://cdnjs.cloudflare.com/polyfill/v3/polyfill.min.js https://analytics.tiktok.com https://cdn.pdst.fm 'sha256-tugJqoPf7X2uqHgOWaae7aTIM3YprRfpRxsis23ke8Q=' 'sha256-ZhFP87cciS37uYEvdfRm4n49sodK2ZxPv7jiEYYS5i8=' 'sha256-zhPZteDOZxJblI6dgWh+atU2QJ64sivXUL15V31StCk=' 'sha256-aG6kMMHdH/Z9hK+eMaZJANrW2wsK8sGYz5UyFH+i3/o=' 'sha256-XPnKX8fj+vZrtZAoom2lMV0etZnxXrjAf7yWO4QeLaM=' 'sha256-iAydicCfNoGpOAtTWXbvR8Yzp1eueUQZrA16wIE1OL4=' 'sha256-pSpy+pBPy0HUQiY46i94MfLT2EoGVnP2733S63YC1og=' 'sha256-KKNq/1OtpqYzS4u4dTttf3kz3uCITT0ZYPGgTIzOmoo=' 'sha256-8dsSIGz252sz7rOLTvszqt/2gCg33KX3RJxjLtKxwMA=' 'sha256-uK3yorDdOTqp0AyWRVqBW/qKtFZ8jyTpHWQBWEPtEGA=' 'sha256-1R0R5FKN+G/4swwDHMpqIDgVMcCJFZ8fhAIwvCudQ7c=' 'sha256-cshYyI2jskutxB0i89pcV+W2nPo5iJIXE+1oL1ufyAU=' 'sha256-6hNtX4kWtSgUDaXQfYFXPC3Tzi0I6aBJ4qTGDy2Dasw=' https://staticcdn.co.nz; connect-src 'self' https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.intercomusercontent.com https://*.sharesies.com https://*.uat.opsies.net.nz https://sdk.iad-05.braze.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.nz https://*.google.ca https://*.google.com.au https://*.google.co.uk https://*.google.com.sg https://www.google-analytics.com https://rs.sharesies.com https://cdn.growthbook.io https://assets.ctfassets.net https://cdn.contentful.com https://api.convertkit.com https://analytics.tiktok.com https://analytics.pangle-ads.com https://api.hsforms.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://hello.myfonts.net https://tagmanager.google.com https://use.fontawesome.com; font-src 'self' data: https://fonts.gstatic.com https://js.intercomcdn.com https://use.fontawesome.com; img-src 'self' data: https://*.sharesies.com https://*.uat.opsies.net.nz https://*.sharesies.nz https://*.sharesies.com.au https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://*.intercomcdn.com https://*.intercomassets.com https://fairfax.demdex.net https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.googletagmanager.com https://adservice.google.co.nz https://adservice.google.com.au https://www.googleadservices.com https://*.google.co.nz https://*.google.ca https://*.google.com.au https://*.google.co.uk https://*.google.com.sg https://www.facebook.com https://connect.facebook.net https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://googleads.g.doubleclick.net https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://appboy-images.com https://braze-images.com https://cdn.braze.eu https://images.ctfassets.net https://sharesies.imgix.net https://beacon.krxd.net https://i.ytimg.com https://staticcdn.co.nz; media-src 'self' https://*.intercomcdn.com https://videos.ctfassets.net; frame-src https://intercom-sheets.com https://anchor.fm https://www.youtube.com https://embed.podcasts.apple.com https://open.spotify.com https://podcasters.spotify.com https://embed-standalone.spotify.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://omny.fm https://td.doubleclick.net/ https://staticcdn.co.nz; manifest-src 'self'; 1
frame-ancestors 'self' http://localhost:3000 https://anicrush.to https://anicrush.cc 1
frame-ancestors 'self' esswrp.ethicalsuperstore.com esswrp.pointov.com 1
script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-tI894tCs4thAusJJBmm5DsH4M0M1fYTYiQY7mqN8VpE='; base-uri 'self';report-to csp-endpoint 1
frame-ancestors http://jct.gov http://www.jct.gov http://jct-cms.ae-admin.com http://jct-live.ae-admin.com *.hawksearch.com *.hawksearch.net *.roccommerce.com 1
frame-ancestors 'self'; default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; style-src 'self' https://code.jquery.com https://www.lightboxcdn.com https://netdna.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net/ 'unsafe-inline'; script-src 'self' blob: *.netmng.com https://code.jquery.com https://disqus.com https://j.6sc.co https://boards.greenhouse.io https://p.adsymptotic.com https://www.googleadservices.com https://px4.ads.linkedin.com https://c1.rfihub.net https://connect.facebook.net https://lightboxapi.azurewebsites.net https://d.adroll.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://snap.licdn.com https://com-zglobal.netmng.com https://s.adroll.com 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com bootstrapcdn.com *.bootstrapcdn.com googleapis.com *.googleapis.com cloudflare.com *.cloudflare.com rezync.com *.rezync.com hsforms.net *.hsforms.net lightboxcdn.com *.lightboxcdn.com gstatic.com *.gstatic.com vimeo.com *.vimeo.com wistia.com *.wistia.com hs-scripts.com *.hs-scripts.com google.com *.google.com capterra.com *.capterra.com hscollectedforms.net *.hscollectedforms.net hsadspixel.net *.hsadspixel.net hubspot.com *.hubspot.com hsforms.com *.hsforms.com hs-analytics.net *.hs-analytics.net usemessages.com *.usemessages.com hs-banner.com *.hs-banner.com licdn.com *.licdn.com google-analytics.com *.google-analytics.com boomtrain.com *.boomtrain.com https://www.youtube.com https://www.googleoptimize.com https://s7.addthis.com/ https://unpkg.com/ https://cdn.jsdelivr.net https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://js.driftt.com https://cdn.calibermind.com/ 1
frame-ancestors 'self' http://www.philips.fi *.philips.com *.philips.fi https://philipsigtdpv.com 1
frame-src 'self' blob: dailyhoro.ru vk.com *.vk.com *.youtube.com my.mail.ru rutube.ru *.doubleclick.net *.googlesyndication.com *.yandex.ru yandexadexchange.net *.yandexadexchange.net *.yandex.net yastatic.net *.adfox.ru yastat.net cse.google.com ; child-src 'self' blob: dailyhoro.ru vk.com *.vk.com *.youtube.com my.mail.ru rutube.ru *.doubleclick.net *.googlesyndication.com *.yandex.ru yandexadexchange.net *.yandexadexchange.net *.yandex.net yastatic.net *.adfox.ru yastat.net cse.google.com ; object-src 'self' *.googlesyndication.com yandex.net *.yandex.net; font-src 'self' data: fonts.gstatic.com *.yandex.ru yastatic.net yastat.net; media-src 'self' data: blob: *.yandex.ru *.yandex.net yandex.ru yandex.st yastatic.net *.adfox.ru yastat.net yandex.com; img-src 'self' data: android-webview-video-poster: android-webview: vk.com *.googleapis.com *.google.com *.googlesyndication.com *.doubleclick.net *.yandex.ru yandex.com *.yandex.net *.adfox.ru yastat.net mc.admetrica.ru z.moatads.com *.weborama.fr yastatic.net *.tns-counter.ru tns-counter.ru *.gstatic.com http://chart.apis.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com yandex.st yastatic.net *.adfox.ru yastat.net; connect-src 'self' blob: yandex.ru *.yandex.ru *.yandex.ua *.yandex.by *.yandex.kz *.yandex.uz yandex.com yandex.st yastatic.net *.yandex.net *.adfox.ru yastat.net *.googleapis.com *.googlesyndication.com *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' vk.com *.google.com *.google.ru *.google.com.ua *.google.kz *.google.kg *.google.co.il *.google.co.uk *.google.de *.google.co.uz *.google.ee *.google.lv *.google.fr *.google.it *.google.tm *.google.md *.google.lt *.google.az *.google.ge *.google.es *.google.com.tr *.google.pl *.google.com.tj *.google.ae *.googleapis.com *.googlesyndication.com *.googletagservices.com *.doubleclick.net *.googleadservices.com cdn.ampproject.org yandex.ru yandex.com *.yandex.ru *.yandex.ua *.yandex.by *.yandex.kz *.yandex.uz yastatic.net yandex.st *.adfox.ru yastat.net polyfill.io; default-src 'self' *.googlesyndication.com; form-action 'self'; frame-ancestors 'self'; 1
base-uri https://gosearch.ai https://*.gosearch.ai ; connect-src 'self' https://*.factors.ai/ https://*.clearbit.com/ https://x.clearbitjs.com/ https://tag.clearbitscripts.com/ https://gosearch.ai https://*.gosearch.ai/ https://*.golinks.com/ https://*.golinks.dev/ https://accounts.google.com/ wss://*.intercom.io/ https://*.intercomcdn.com/ https://*.intercom.io/ https://www.facebook.com/ https://*.hubspot.com/ https://api.hubapi.com/ https://*.hsforms.com/ https://*.googletagmanager.com/ https://www.google-analytics.com/ https://*.doubleclick.net/ https://forms.hubspot.com/ https://forms.hsforms.com/ https://meetings.hubspot.com/ https://*.fullstory.com https://p.adsymptotic.com https://snap.licdn.com https://*.ads.linkedin.com https://*.linkedin.oribi.io https://sjs.bizographics.com https://ka-p.fontawesome.com/ https://kit.fontawesome.com ; default-src 'self' blob: ; font-src 'self' data: https://js.intercomcdn.com/ https://fonts.gstatic.com/ https://ka-p.fontawesome.com/ https://*.bootstrapcdn.com/bootstrap/ https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/ ; frame-src 'self' https://boards.greenhouse.io/ https://drive.google.com/ https://www.figma.com/ https://www.facebook.com/ https://app.hubspot.com/ https://meetings.hubspot.com/ https://*.doubleclick.net/ https://forms.hsforms.com/ https://js.hsforms.net/ https://www.google.com/ https://*.googletagmanager.com/ https://cdn.merge.dev/ https://js.stripe.com/ https://www.youtube.com/ https://www.g2.com/products/ ; img-src 'self' data: https: blob: https://gosearch.ai https://*.gosearch.ai/ https://*.golinks.io/ https://*.golinks.com/ https://*.golinks.dev/ https://tracking.g2crowd.com/ https://ws.zoominfo.com/ ;; media-src 'self' https://gosearch.ai https://*.gosearch.ai/ https://*.golinks.io/ https://*.golinks.dev/ https://*.golinks.com/ ; object-src 'none' ; report-uri https://www.gosearch.ai/csp-violation-report ; script-src 'self' 'strict-dynamic' 'nonce-OGQ5YTZlNDJhNzFlMmE2YzhhZmQ1Nzc3YjUxMTRhNWU1N2EyMjEzNDk0N2NlNTc3MzE4MzRkZTQ4OTI4ZWEyOQ==' http: https://boards.greenhouse.io/ https://connect.facebook.net/ https://api.hubapi.com/ https://code.jquery.com/ https://widget.intercom.io/ https://js.intercomcdn.com/ https://d3js.org/ https://*.bootstrapcdn.com/bootstrap/ https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/ https://cdnjs.cloudflare.com/ajax/libs/ https://cdnjs.cloudflare.com/polyfill/v3/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://bid.g.doubleclick.net/ https://tracking.g2crowd.com/ https://js.hs-scripts.com/ https://www.g2.com/products/ https://*.fullstory.com ; style-src 'self' 'unsafe-inline' https://gosearch.ai https://*.gosearch.ai/ https://fonts.googleapis.com/ https://*.googletagmanager.com/ https://*.bootstrapcdn.com/bootstrap/ https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/ https://ka-p.fontawesome.com/ https://cdnjs.cloudflare.com/ajax/libs/animate.css/ https://cdnjs.cloudflare.com/ajax/libs/c3/ https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/ https://unpkg.com/dropzone@5/dist/min/dropzone.min.css ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.addthis.com *.addthisedge.com *.google.com *.googleadservices.com *.moatads.com *.pinterest.com *.vandersanden.com *.ytimg.com *.youtube.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.cloudflare.com *.gstatic.com *.googleoptimize.com *.licdn.com *.g.doubleclick.net *.googleadservices.com *.pinimg.com *.facebook.net *.facebook.com *.hotjar.com *.hotjar.io *.wisepops.com *.fedjuh.com https://geoip-js.com *.cookiebot.com *.windows.net *.polyfill.io *.cloudfront.net *.piwikpro.com *.livechatinc.com *.bing.com *.pardot.com *.getwisp.co *.wisepops.net *.jsdelivr.net *.linkedin.oribi.io *.demio.com *.zohocdn.com *.zoho.eu *.unpkg.com *.vdstest.be https://unpkg.com *.addtoany.com *.pagesense.io data: *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; object-src 'self' *.livechatinc.com *.vandersanden.com; style-src 'self' 'unsafe-inline' *.gstatic.com *.googleapis.com *.cloudflare.com *.vandersanden.com *.hotjar.com *.hotjar.io *.google.com *.livechatinc.com *.bing.com *.jsdelivr.net *.linkedin.oribi.io *.demio.com *.zohocdn.com *.zoho.eu *.googletagmanager.com; media-src 'self' *.pinimg.com *.livechatinc.com; frame-src 'self' 'unsafe-inline' *.hotjar.com *.hotjar.io *.youtube.com *.vimeo.com *.google.com *.canto.com *.amazonaws.com *.facebook.com *.g.doubleclick.net *.pinterest.com *.pinterest.de *.cookiebot.com *.spotify.com *.soundcloud.com *.livechatinc.com *.pinterest.fr *.pinterest.es *.bing.com *.vandersanden.com *.vdstest.be *.pardot.com *.addtoany.com *.zoho.eu *.pagesense.io blob:; child-src *.zohocdn.com; font-src 'self' *.hotjar.com *.hotjar.io *.gstatic.com *.googleapis.com *.google.com *.bing.com *.linkedin.oribi.io *.livechatinc.com *.vandersanden.com *.zohocdn.com data: ; connect-src 'self' *.vandersanden.com *.vdstest.be *.addthis.com *.vdstest.be *.google-analytics.com *.pinterest.com *.pinterest.de *.facebook.com *.g.doubleclick.net *.google.com *.googleapis.com *.hotjar.com:* *.hotjar.io *.hotjar.com *.wisepops.com https://geoip-js.com *.google.de *.google.nl *.doubleclick.net *.canto.com *.cookiebot.com *.livechatinc.com *.bing.com *.getwisp.co wisepops.net *.linkedin.oribi.io *.google.be *.vandersanden.com *.demio.com wss://*.hotjar.com *.zoho.eu *.linkedin.com; report-uri /report-csp-violation 1
default-src 'self';base-uri 'self';font-src 'self' data: https://fonts.gstatic.com https://static.bestow.com https://cdnjs.cloudflare.com https://sjwoe.com https://*.cj.com https://google.com;form-action 'self' https://webto.salesforce.com https://sjwoe.com https://*.cj.com https://google.com;frame-ancestors 'self' https://builder.io https://sjwoe.com https://*.cj.com https://google.com;img-src 'self' data: https://*.bestow.com https://bam.nr-data.net https://www.facebook.com https://analytics.google.com https://*.g.doubleclick.net https://q.quora.com https://googleads.g.doubleclick.net https://www.google.com https://t.co https://analytics.twitter.com https://bat.bing.com https://ct.pinterest.com https://flask.nextdoor.com https://*.googletagmanager.com https://cdn.builder.io https://*.google-analytics.com https://alb.reddit.com https://adservice.google.com https://www.googleadservices.com https://ad.doubleclick.net https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com https://idsync.rlcdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://www.glassdoor.com https://*.analytics.google.com https://*.fls.doubleclick.net https://*.google.com https://ade.googlesyndication.com https://google.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://i.ytimg.com https://sjwoe.com https://*.cj.com https://*.ads.linkedin.com https://*.linkedin.oribi.io https://p.adsymptotic.com https://snap.licdn.com https://sjs.bizographics.com https://*.sitescout.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://scripts.neuro-id.com https://*.bestow.com http://*.bestow.com https://service.force.com https://bestowlife.my.salesforce.com widget.trustpilot.com https://cdn.lr-in-prod.com https://r.lr-in-prod.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-ingest.com https://cdn.ingest-lr.com https://cdn.lr-intake.com https://cdn.intake-lr.com https://static.fbot.me https://campaign.fbot.me https://*.salesforceliveagent.com https://maps.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://tags.tiqcdn.com https://a.quora.com https://googleads.g.doubleclick.net https://bat.bing.com https://www.google-analytics.com https://www.google.com https://static.ads-twitter.com https://www.consumersadvocate.org https://ads.nextdoor.com https://flask.nextdoor.com https://b-code.liadm.com https://s.pinimg.com js.iterable.com https://www.mczbf.com https://www.consumersadvocate.org https://bestowlife.secure.force.com https://static.lightning.force.com https://bestowlife.my.salesforce-sites.com https://www.redditstatic.com https://connect.facebook.net https://www.gstatic.com https://cdn.builder.io https://www.googleadservices.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com https://bestow.us19.list-manage.com/subscribe/post-json https://ct.pinterest.com/static/ct/token_create.js https://edge.fullstory.com http://www.youtube.com/iframe_api https://www.youtube.com https://*.ads.linkedin.com https://*.linkedin.oribi.io https://p.adsymptotic.com https://snap.licdn.com https://sjs.bizographics.com https://sjwoe.com https://*.cj.com https://google.com https://*.basis.net;script-src-attr 'unsafe-inline';style-src 'self' 'unsafe-inline' https://*.bestow.com https://hello.myfonts.net https://fonts.googleapis.com https://cdn.jsdelivr.net https://service.force.com https://bestowlife.my.salesforce.com https://public.fbot.me https://r.lr-in-prod.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com https://*.ingest-lr.com https://*.lr-intake.com https://*.intake-lr.com https://bestowlife.secure.force.com https://bestowlife.my.salesforce-sites.com https://cdnjs.cloudflare.com https://tags.srv.stackadapt.com https://googletagmanager.com https://tagmanager.google.com https://sjwoe.com https://*.cj.com https://google.com;upgrade-insecure-requests;connect-src 'self' ws: wss: https://*.bestow.com https://*.bestow.io https://api.neuro-id.com https://app.launchdarkly.com https://events.launchdarkly.com https://secure.shippingapis.com https://production.shippingapis.com https://maps.googleapis.com https://bam.nr-data.net https://r.lr-in-prod.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com https://*.ingest-lr.com https://*.lr-intake.com https://*.intake-lr.com https://*.g.doubleclick.net https://api.portal.insurance.io https://rp.liadm.com https://*.google-analytics.com https://ct.pinterest.com https://bestowlife.secure.force.com https://public.fbot.me https://collect.tealiumiq.com https://cdn.builder.io https://conversions-config.reddit.com https://www.googleadservices.com https://tags.srv.stackadapt.com https://rp4.liadm.com https://bat.bing.com https://q.quora.com https://www.mczbf.com https://akamai.tiqcdn.com https://api.lever.co https://*.google.com https://*.analytics.google.com https://*.googletagmanager.com https://sjwoe.com https://*.cj.com https://google.com https://*.ads.linkedin.com https://*.linkedin.oribi.io https://p.adsymptotic.com https://snap.licdn.com https://sjs.bizographics.com;media-src https://cdn.builder.io https://sjwoe.com https://*.cj.com https://google.com;frame-src 'self' https://service.force.com https://bestowlife.my.salesforce.com https://ct.pinterest.com widget.trustpilot.com https://*.fls.doubleclick.net https://www.google.com https://td.doubleclick.net https://bid.g.doubleclick.net https://www.youtube.com https://sjwoe.com https://*.cj.com https://google.com https://*.sitescout.com;child-src 'self' blob: https://service.force.com https://sjwoe.com https://*.cj.com https://google.com;worker-src 'self' blob: https://sjwoe.com https://*.cj.com https://google.com 1
default-src 'self' https://*.kums.ac.ir https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.kums.ac.ir https://*.google.com https://*.googleapis.com 'unsafe-inline'; img-src 'self' https://*.kums.ac.ir https://*.gstatic.com https://*.google.com https://*.googleapis.com https://trustseal.enamad.ir https://logo.samandehi.ir https://*.google-analytics.com data:; script-src-elem 'self' https://*.kums.ac.ir https://*.getclicky.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://*.googletagmanager.com https://*.google-analytics.com 'unsafe-inline'; frame-src 'self' https://*.kums.ac.ir https://www.aparat.com https://www.adsensecustomsearchads.com https://*.google.com; frame-ancestors 'self' https://*.kums.ac.ir https://www.aparat.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://plenti-cms.herokuapp.com/v3 ws://localhost:3000 https://api.plenti.com.au https://cdn-assets-prod.s3.amazonaws.com https://*.browser-intake-datadoghq.com https://io.clickguard.com https://*.doubleclick.net https://stats.g.doubleclick.net https://rs.fullstory.com https://analytics.google.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googleoptimize.com https://cdn.heapanalytics.com https://www.linkedin.com https://cdn.linkedin.oribi.io https://hello.myfonts.net https://*.pinterest.com https://*.tgtag.io https://api.trafficguard.ai https://vitals.vercel-insights.com/v1/vitals https://vimeo.com https://*.youtu.be https://*.youtube.com https://*.zoho.com https://*.zohocdn.com https://*.zohopublic.com https://*.zohostatic.com ws://vts.zohopublic.com wss://vts.zohopublic.com; font-src 'self' data: https://fonts.gstatic.com https://css.zohocdn.com; frame-src 'self' https://www.bankstatements.com.au https://io.clickguard.com https://*.doubleclick.net https://bid.g.doubleclick.net https://stats.g.doubleclick.net https://optimize.google.com https://www.googletagmanager.com https://cdn.heapanalytics.com https://*.pinterest.com https://widget.trustpilot.com https://vercel.live https://player.vimeo.com https://*.youtu.be https://*.youtube.com https://forms.zohopublic.com https://hardship.plenti.com.au; img-src 'self' data: localhost https://p.adsymptotic.com https://bat.bing.com https://res.cloudinary.com https://cdn-assets-prod.s3.amazonaws.com https://io.clickguard.com https://*.doubleclick.net https://www.facebook.com https://rs.fullstory.com https://googleads.g.doubleclick.net https://optimize.google.com https://www.google.com https://www.google.com.au https://www.google.pl https://www.google-analytics.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://heapanalytics.com https://cdn.heapanalytics.com https://*.ads.linkedin.com https://*.pinterest.com https://trc.taboola.com https://*.tgtag.io https://assets.vercel.com https://i.ytimg.com https://*.zoho.com https://*.zohocdn.com https://*.zohopublic.com https://*.zohostatic.com; media-src 'self' https://res.cloudinary.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-assets-prod.s3.amazonaws.com https://bat.bing.com https://io.clickguard.com https://www.datadoghq-browser-agent.com https://connect.facebook.net https://edge.fullstory.com https://rs.fullstory.com https://optimize.google.com https://tagmanager.google.com https://www.google.com https://www.google.com.au https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://cdn.heapanalytics.com https://snap.licdn.com https://s.pinimg.com https://tgtag.io https://*.tgtag.io https://widget.trustpilot.com https://vercel.live https://player.vimeo.com https://*.youtu.be https://*.youtube.com https://*.zoho.com https://*.zohocdn.com https://*.zohopublic.com https://*.zohostatic.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com https://fonts.googleapis.com https://*.zoho.com https://*.zohocdn.com https://*.zohopublic.com https://*.zohostatic.com; worker-src blob:; 1
default-src 'self'; connect-src 'self' *.siteimprove.com https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://www.google-analytics.com https://www.googletagmanager.com https://search.service.vportal.ee/v1/search/maaamet https://search.service.vportal.ee/v1/globalsearch/total https://form.service.vportal.ee/v1/ https://search.service.vportal.ee/v1/events/maaamet https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.rocket.chat https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://www.maaamet.ee https://old.maaamet.ee https://public.tableau.com/ https://xgis.maaamet.ee; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com https://public.tableau.com/ https://www.googletagmanager.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://public.tableau.com/ https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://public.tableau.com/ https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.gstatic.com; img-src * data: image/svg+xml; object-src 'none'; base-uri 'none'; frame-ancestors 'self' 1
default-src data: 'self' https://forms.office.com https://umap.openstreetmap.fr/ https://www.b2b-center.ru/ https://api.hh.ru/ https://*.doubleclick.net https://www.youtube.com https://bitrix.info https://yandex.ru https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru https://api-maps.yandex.ru  http://*.maps.yandex.net https://*.facebook.com https://www.google.com https://stats.g.doubleclick.net https://www.google.ru https://www.google-analytics.com ;style-src data: 'unsafe-inline' 'unsafe-eval' 'self' https://forms.office.com https://www.b2b-center.ru/ https://api.hh.ru/  https://yandex.ru https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru https://api-maps.yandex.ru  http://*.maps.yandex.net https://*.facebook.com https://www.google.com https://stats.g.doubleclick.net https://www.google.ru https://www.google-analytics.com;img-src data: 'unsafe-inline' 'unsafe-eval' 'self' https://forms.office.com https://www.b2b-center.ru/ https://api.hh.ru/ https://*.1c-bitrix-cdn.ru https://www.googletagmanager.com https://googleadservices.com  https://yandex.ru https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru https://api-maps.yandex.ru  http://*.maps.yandex.net https://*.facebook.com https://www.google.com https://stats.g.doubleclick.net https://www.google.ru https://www.google-analytics.com data: blob:;script-src data: 'unsafe-inline' 'unsafe-eval' 'self' https://forms.office.com https://www.b2b-center.ru/ https://api.hh.ru/ https://www.googleadservices.com https://yastatic.net https://*.doubleclick.net https://www.gstatic.com https://bitrix.info https://cdnjs.cloudflare.com https://mod.calltouch.ru https://connect.facebook.net https://www.googletagmanager.com https://yandex.ru https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru https://api-maps.yandex.ru  http://*.maps.yandex.net https://*.facebook.com https://www.google.com https://stats.g.doubleclick.net https://www.google.ru https://www.google-analytics.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://plausible.oni.nl; img-src 'self' data: https://*.oni.nl; connect-src 'self' https://*.oni.nl 1
frame-ancestors 'self' *.mellon.com; 1
frame-ancestors 'self' lulop.com *.lulop.com https://www.bosch-press.it https://media.jaguar.com https://media.landrover.com https://media.jaguarlandrover.com https://stg-media-jaguar.jlrms.com https://stg-media-landrover.jlrms.com https://stg-media-jaguarlandrover.jlrms.com https://stg-media-jaguarracing.jlrms.com; 1
upgrade-insecure-requests; style-src data: 'unsafe-inline' https:; default-src data: 'unsafe-inline' 'unsafe-eval' https:; object-src https:; form-action https:; connect-src https: wss: blob:; img-src data: https: blob:; media-src data: https: blob:; child-src data: https: blob:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data: https:; 1
default-src 'self' https://*.innovamarketinsights360.com https://*.innovadatabase.com https://*.innovamarketinsights360.cn https://*.innovadatabase.cn 'unsafe-inline';            script-src 'self' https://*.innovamarketinsights360.com https://*.innovadatabase.com https://cdn.ywxi.net http://cdn.saberfeedback.com https://feedback.saberfeedback.com https://www.trustedsite.com https://*.innovamarketinsights360.cn https://*.innovadatabase.cn 'unsafe-inline' 'unsafe-eval';            style-src 'self' https://*.innovamarketinsights360.com https://*.innovadatabase.com https://s3.amazonaws.com https://p.typekit.net https://fonts.googleapis.com https://*.innovamarketinsights360.cn https://*.innovadatabase.cn 'unsafe-inline';            font-src 'self' https://*.innovamarketinsights360.com https://*.innovadatabase.com https://fonts.gstatic.com https://s3.amazonaws.com  https://use.typekit.net https://*.innovamarketinsights360.cn https://*.innovadatabase.cn;            img-src 'self' https://*.innovamarketinsights360.com https://www.trustedsite.com https://asset-innova.s3.amazonaws.com https://*.innovadatabase.com https://s3.amazonaws.com https://cdn.ywxi.net https://*.innovamarketinsights360.cn https://*.innovadatabase.cn data:;                         connect-src 'self' http://s3-us-west-2.amazonaws.com https://www.trustedsite.com;            frame-src 'self' https://*.innovamarketinsights360.com https://*.innovadatabase.com https://*.innovamarketinsights360.cn https://*.innovadatabase.cn https://www.trustedsite.com; 1
default-src 'self' sentryio.signalstuff.com *.gradecam.com *.hamstudy.org *.exam.tools; script-src 'self' 'unsafe-inline' 'unsafe-eval' sentryio.signalstuff.com *.gradecam.com *.hamstudy.org *.exam.tools https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.googleapis.com; worker-src 'self' sentryio.signalstuff.com *.gradecam.com *.hamstudy.org *.exam.tools blob:; connect-src 'self' sentryio.signalstuff.com *.gradecam.com *.hamstudy.org *.exam.tools https://*.googleapis.com wss://hamstudy.org; frame-src 'self' sentryio.signalstuff.com *.gradecam.com *.hamstudy.org *.exam.tools https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; style-src 'self' 'unsafe-inline' sentryio.signalstuff.com *.gradecam.com *.hamstudy.org *.exam.tools https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com; font-src 'self' data: sentryio.signalstuff.com *.gradecam.com *.hamstudy.org *.exam.tools https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com; img-src * data: blob:; 1
frame-ancestors https://*.cisin.com https://*.developers.dev https://*.esignly.com https://*.idea2app.dev https://*.coders.dev; 1
default-src https: connect-src https: font-src https: data: frame-src https: img-src https: data: media-src https:  object-src https: script-src 'unsafe-inline' 'unsafe-eval' https: style-src 'unsafe-inline' https: 1
frame-ancestors 'self' https://sgl-live01.mcon-group.com https://logon.sglcarbon.com; 1
default-src https://www.google.de/ http://194.94.31.202/ https://stats.g.doubleclick.net https://www.google-analytics.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/ https://www.google.com/ https://connect.facebook.net/ https://www.etermin.net/ https://studip.hs-schmalkalden.de/ https://www.hs-schmalkalden.de/ https://www.hs-schmalkalden.de:14682 https://typo3.hs-schmalkalden.de/ https://typo3.hs-schmalkalden.de:14682/ https://fonts.gstatic.com https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/ 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' http: https: *.xg4ken.com *.linksynergy.com *.rakuten.com *.zdassets.com *.zopim.com *.zendesk.com wss://*.zendesk.com wss://*.zopim.com; script-src http: https: 'unsafe-inline' 'unsafe-eval' https://www.vans.com.au/ *.xg4ken.com *.linksynergy.com *.rakuten.com *.adobetm.com *.afterpay.com *.demdex.net *.google-analytics.com *.usehero.com afterpay.com foursixty.com; style-src 'self' https: 'unsafe-inline' https://www.vans.com.au/ *.xg4ken.com *.linksynergy.com *.rakuten.com *.adobetm.com foursixty.com; img-src data: http: https: *.xg4ken.com *.linksynergy.com *.rakuten.com *.google-analytics.com *.ist-track.com *.pinterest.com *.twilio.com *.tiktok.com *.usehero.com *.useinsider.com developers.google.com hero-prod-assets.s3-eu-west-1.amazonaws.com hero-service-media-upload-production.s3.eu-west-1.amazonaws.com *.zopim.io *.zdassets.com; object-src 'none'; base-uri 'none'; child-src 'self'; media-src http: https: *.xg4ken.com *.linksynergy.com *.rakuten.com *.twilio.com *.usehero.com; connect-src 'self' http: https: *.xg4ken.com *.linksynergy.com *.rakuten.com *.adobedc.net *.afterpay.com *.bazaarvoice.com *.braintree-api.com *.braintreegateway.com *.criteo.com *.demdex.net *.foursixty.com *.google-analytics.com *.googleapis.com *.nr-data.net *.paypal.com *.taboola.com *.truefitcorp.com *.twilio.com *.usehero.com *.zdassets.com *.zendesk.com *.zopim.com accentgroupxpdev.112.2o7.net afterpay.com analytics.tiktok.com api.usehero.com bcp.crwdcntrl.net facebook.com foursixty.com kleber.datatoolscloud.net.au sentry.io smetrics.hypedc.com vimeo.com wss://*.twilio.com wss://widget-mediator.zopim.com; font-src data: 'self' fonts.gstatic.com *.xg4ken.com *.linksynergy.com *.rakuten.com *.truefitcorp.com; frame-src 'self' *.xg4ken.com *.linksynergy.com *.rakuten.com *.formstack.com *.afterpay.com *.bazaarvoice.com *.criteo.com *.criteo.net *.demdex.net *.everesttech.net *.everestjs.net *.doubleclick.net *.facebook.com *.google.com *.myunidays.com *.omniparcelreturns.com *.paypal.com *.paypalobjects.com *.truefitcorp.com *.useinsider.com *.vimeo.com *.youtu.be *.youtube.com afterpay.com assets.braintreegateway.com everestjs.net facebook.com foursixty.com google.com player.whooshkaa.com tsdtocl.com vimeo.com; worker-src 'self' blob: *.xg4ken.com *.linksynergy.com *.rakuten.com *.accentgra.com *.vans.co.nz *.vans.com.au; 1
default-src https: wss: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' 1
default-src 'self'; font-src 'self' fonts.gstatic.com/ fonts.googleapis.com/ 'nonce-2726c7f26c'; script-src 'strict-dynamic' 'unsafe-eval' *.google.com/recaptcha/ *.gstatic.com/recaptcha/ *.smartlook.com/ *.smartlook.cloud/ *.googletagmanager.com/ *.google-analytics.com/ *.googleadservices.com/ *.doubleclick.net/ connect.facebook.net/ analytics.google.com/ 'nonce-2726c7f26c'; style-src 'self' fonts.gstatic.com/ fonts.googleapis.com/ 'nonce-2726c7f26c'; connect-src 'self' *.smartlook.com/ *.smartlook.cloud/ *.doubleclick.net/ *.facebook.com *.google-analytics.com/ *.hotjar.com/ *.hotjar.io/ analytics.google.com/ *.googleadservices.com/; worker-src 'self' blob: ; img-src 'self' *.google-analytics.com/ *.google.com/ *.google.com.br/ *.facebook.com/ *.facebook.net/ *.doubleclick.net/; frame-ancestors 'self'; form-action 'self'; frame-src 'self' *.doubleclick.net/ *.google.com/ *.gstatic.com/ *.hotjar.com/ *.googletagmanager.com/ analytics.google.com/ *.google-analytics.com/ 1
default-src 'none'; worker-src 'self' blob: ; media-src https://s3-eu-west-1.amazonaws.com https://storage.visomdm.com https://storage-prod.visomdm.com https://storage-prod.visomdm.com.s3.eu-west-1.amazonaws.com 'self' blob: data: ; frame-src https://radix-downloads.s3.eu-west-1.amazonaws.com *.bluesnap.com *.hotjar.com *.google.com https://visomdm.com/ ; connect-src https://visomdm.com wss://visomdm.com https://pro.ip-api.com *.hotjar.io *.glbth.com *.visomdm.com *.atvmanager.com *.teacherview.live https://mdm-packages.s3.eu-central-1.amazonaws.com https://storage.visomdm.com https://storage-prod.visomdm.com https://storage-prod.visomdm.com.s3.eu-west-1.amazonaws.com wss://*.glbth.com wss://*.visomdm.com wss://*.atvmanager.com wss://*.teacherview.live wss://*.hotjar.com wss://*.tawk.to wss://*.xirsys.com *.hotjar.com *.tawk.to 'self' ; font-src 'self' *.tawk.to *.gstatic.com ; img-src *.ggpht.com tawk.link blob: *.googleusercontent.com *.google.com https://*.gstatic.com https://*.mzstatic.com https://cdn.jsdelivr.net/emojione/ *.tawk.to https://mdm-packages.s3.eu-central-1.amazonaws.com https://storage.visomdm.com https://storage-prod.visomdm.com https://storage-prod.visomdm.com.s3.eu-west-1.amazonaws.com *.tile.openstreetmap.org data: 'self' ; style-src 'unsafe-inline' 'self' https://cdn.jsdelivr.net/emojione/ *.googleapis.com https://embed.tawk.to/ ; script-src 'self' https://cdn.jsdelivr.net/emojione/ *.hotjar.com *.tawk.to *.openstreetmap.org *.google.com *.gstatic.com *.ip-api.com 'sha256-jxahBNaefKb7HUgrP6SFqod39I6KB1wnzxNv+Gahh2s=' 'sha256-mf7OlEdaUdLAGAIDqicGf/kRbd9P604n4ooz6WIWPZc=' 'sha256-YJ3eJPxdzm7qieW1lfM307T3jCkb8WIfRGJEnAE84p0=' https://itunes.apple.com/ ; frame-ancestors 'self' https://visomdm.com/ 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://climatejustice.social; img-src 'self' https: data: blob: https://climatejustice.social; style-src 'self' https://climatejustice.social 'nonce-Nn9Iwfw5gdvKnsDtleLnAg=='; media-src 'self' https: data: https://climatejustice.social; frame-src 'self' https:; manifest-src 'self' https://climatejustice.social; form-action 'self'; child-src 'self' blob: https://climatejustice.social; worker-src 'self' blob: https://climatejustice.social; connect-src 'self' data: blob: https://climatejustice.social https://climatejustice.social wss://climatejustice.social; script-src 'self' https://climatejustice.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://teams.microsoft.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://ct.pinterest.com https://tr.snapchat.com https://td.doubleclick.net/ *.nicolas.com https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ct.pinterest.com https://tr.snapchat.com https://sc-static.net https://events.sk.ht https://rs.clic2buy.com https://s.pinimg.com https://bat.bing.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://code.jquery.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://cdn.cookielaw.org *.nicolas.com www.google.com; img-src 'self' https://bat.bing.com https://insight.adsrvr.org https://tr.snapchat.com https://adservice.google.com https://ad.doubleclick.net https://stats.g.doubleclick.net https://www.googletagmanager.com https://license.hybris.com https://googleads.g.doubleclick.net https://www.facebook.com *.analytics.google.com *.nicolas.com maps.gstatic.com https://www.google.fr https://www.google.com *.googleapis.com *.ggpht.com  https://www.google-analytics.com https://img.favicon data:; connect-src 'self' https://tr6.snapchat.com https://ct.pinterest.com https://tr.snapchat.com https://ct.pinterest.com https://sk.ht https://www.google.com *.nicolas.com *.analytics.google.com *.doubleclick.net https://cdn.cookielaw.org https://www.google-analytics.com https://maps.googleapis.com *.google-analytics.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors *.nicolas.com;font-src 'self' https://maxcdn.bootstrapcdn.com https://www.nicolas.com https://fonts.gstatic.com data:;style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com *.nicolas.com 1
frame-ancestors 'self' *.golfhouse.com; 1
frame-ancestors 'self' www.visually.io visually.io loomi.me vsly.local:8000; 1
default-src * data: 'unsafe-eval' 'unsafe-inline'; font-src * data: about:; worker-src * blob:; media-src * data: blob: 1
base-uri 'none'; connect-src 'self' blob: *.customer.io connect.facebook.net stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com www.googletagmanager.com *.mixpanel.com cdn.mxpnl.com *.redditstatic.com *.reddit.com cdn.segment.com api.segment.io *.sentry.io *.zdassets.com *.zendesk.com; default-src 'self'; font-src 'self' data:; form-action 'none'; frame-ancestors 'none'; frame-src 'self' https://www.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://www.youtube.com; img-src 'self' blob: data: *.naked.insure track.customer.io www.facebook.com https://ad.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://google.com https://www.google.co.za https://*.google-analytics.com https://*.googletagmanager.com www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com *.reddit.com *.twitter.com *.twimg.com *.ytimg.com https://*.zdassets.com; manifest-src 'self'; media-src 'self' blob: *.naked.insure; object-src 'none'; script-src 'self' 'strict-dynamic' 'nonce-NzhjMjY5MTQtMmYzYi00ZTk4LWI3ZDItYjQ0OWM5ZjMxZDIx' https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.co.za https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com; style-src 'self' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; worker-src 'self' blob:; 1
default-src * blob: data: https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 1
frame-ancestors 'self' https://www.bayard-jeunesse.com https://app.bayam.tv https://sso.bayard-jeunesse.com https://mention-me.com; 1
default-src 'self' *.doubleclick.net *.synthetix.com https://stats.g.doubleclick.net *.responsetap.com blob:; media-src 'self' *.synthetix.com; frame-ancestors 'self' *.doubleclick.net *.hotjar.com *.youtube.com https://widget.trustpilot.com https://www.google.com https://www.facebook.com; frame-src 'self' *.doubleclick.net *.hotjar.com *.youtube.com *.pardot.com https://apps.euw2.pure.cloud https://widget.trustpilot.com https://www.google.com https://www.facebook.com https://www.opinionstage.com https://www.googletagmanager.com https://connect.facebook.net https://embed.ex.co https://cdnjs.cloudflare.com https://optimize.google.com https://recaptcha.google.com app.vwo.com *.visualwebsiteoptimizer.com https://mybenendenhealthrewards.co.uk; font-src 'self' *.synthetix.com *.gstatic.com https://cloud.typography.com https://hello.myfonts.net https://benendenglobalassets.blob.core.windows.net https://benenden-global-assets-cdn.azureedge.net https://maxcdn.bootstrapcdn.com https://use.typekit.net https://script.hotjar.com https://cdnjs.cloudflare.com data:; connect-src 'self' *.synthetix.com *.hotjar.com *.google-analytics.com *.googleapis.com *.google.com *.doubleclick.net *.playbuzz.com *.perfdrive.com wss://webmessaging.euw2.pure.cloud https://api.euw2.pure.cloud https://api-cdn.euw2.pure.cloud https://www.facebook.com https://*.hotjar.io *.mapbox.com https://api.postcodes.io https://www.opinionstage.com https://www.google.com wss://*.hotjar.com https://adservice.google.com https://t.co https://prd-collector-platform.ex.co https://cdn.cookielaw.org https://benenden-privacy.my.onetrust.com https://optanon.blob.core.windows.net *.responsetap.com *.onetrust.com idx.liadm.com www.gravatar.com *.quantcount.com *.visualwebsiteoptimizer.com app.vwo.com; style-src 'self' *.googleapis.com *.synthetix.com https://hello.myfonts.net https://cloud.typography.com https://benendenglobalassets.blob.core.windows.net https://benenden-global-assets-cdn.azureedge.net https://benenden.syn-finity.com https://maxcdn.bootstrapcdn.com *.mapbox.com https://cdnjs.cloudflare.com *.pardot.com *.googletagmanager.com https://optimize.google.com *.hotjar.com 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; img-src 'self' *.google-analytics.com *.doubleclick.net *.visualwebsiteoptimizer.com *.gstatic.com *.googleapis.com *.facebook.net *.linkedin.com *.synthetix.com *.googletagmanager.com *.hotjar.com *.playbuzz.com *.benenden.co.uk https://secure.adnxs.com https://www.google.co.uk https://www.google.com https://t.co https://www.facebook.com https://bguksrowebsitestr01.blob.core.windows.net *.mapbox.com https://p.typekit.net https://i.ytimg.com https://amplifypixel.outbrain.com https://bppmdmxgsg.execute-api.eu-west-1.amazonaws.com https://px.ads.linkedin.com https://tracking.audio.thisisdax.com https://cdn.cookielaw.org https://optanon.blob.core.windows.net https://optimize.google.com analytics.twitter.com *.quantserve.com wingify-assets.s3.amazonaws.com app.vwo.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat data:; script-src 'self' *.benenden.co.uk *.googleapis.com *.google-analytics.com *.googleanalytics.com *.pardot.com *.visualwebsiteoptimizer.com app.vwo.com *.synthetix.com *.doubleclick.net *.responsetap.com *.hotjar.com *.googletagmanager.com *.twitter.com *.playbuzz.com https://pixel.mathtag.com https://vc.hotjar.io https://sjs.bizographics.com https://connect.facebook.net https://secure.frog9alea.com https://static.ads-twitter.com https://www.google.com https://benenden.syn-finity.com https://t.co https://www.facebook.com https://www.google.co.uk https://live-chat-help.com *.googleadservices.com https://widget.trustpilot.com *.mapbox.com https://api.postcodes.io https://maxcdn.bootstrapcdn.com https://connect.facebook.net *.youtube.com https://s.po.st https://s.ytimg.com https://use.typekit.net https://snap.licdn.com https://www.opinionstage.com https://cdnjs.cloudflare.com *.googleoptimize.com https://optimize.google.com *.perfdrive.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://c5.adalyser.com https://www.pagespeed-mod.com https://static.ex.co https://apps.euw2.pure.cloud *.gstatic.com *.quantserve.com *.quantcount.com 'unsafe-inline' 'unsafe-eval' data:; worker-src 'self' blob:; report-uri https://benwebteam.report-uri.com/r/d/csp/enforce; 1
frame-ancestors 'self' cms.big-direkt.de; default-src data: 'self' 'unsafe-inline' http: https: blob:; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'self' 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; connect-src * 'self' *.hotjar.com www.googletagmanager.com www.google.de www.google.com www.google-analytics.com *.g.doubleclick.net *.chatvisor.com www.googleadservices.com *.cookiebot.com sentry.operations.big-osp.de; worker-src * 'self' blob: 1
default-src 'self'; frame-src: 'self'; frame-ancestors: 'self'; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://www.youtube.com https://ln-rules.rewardstyle.com blob: https://s1.thcdn.com https://www.awin1.com https://d2d7do8qaecbru.cloudfront.net https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://www.pinterest.com https://www.pinterest.co.uk https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://smct.co https://*.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://smct.io https://*.smct.io https://ct.pinterest.com https://sgtm.perriconemd.co.uk; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; form-action 'self' https://www.facebook.com https://www.perriconemd.co.uk https://checkout.perriconemd.co.uk https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://ln-rules.rewardstyle.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://s.pinimg.com https://sgtm.perriconemd.co.uk; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
script-src www.gstatic.com *.360-value.com 360-value.com www.googletagmanager.com find pcagentgroup.com stillwater.com stillwaterinsurance.com *.stillwater.com *.stillwaterinsurance.com https://verify.authorize.net https://www.google-analytics.com https://seal.digicert.com *.providesupport.com *.googleapis.com https://na4.smartcommunications.cloud https://js-agent.newrelic.com *.nr-data.net https://connect.facebook.net https://www.demotech.com demotech.com *.smartystreets.com 'unsafe-eval' 'unsafe-inline'; object-src www.gstatic.com www.googletagmanager.com find pcagentgroup.com stillwater.com stillwaterinsurance.com *.stillwater.com *.stillwaterinsurance.com https://verify.authorize.net https://www.google-analytics.com https://seal.digicert.com *.providesupport.com *.googleapis.com https://na4.smartcommunications.cloud https://js-agent.newrelic.com *.nr-data.net https://connect.facebook.net *.demotech.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.stillwater.com *.cloudinsurer.com *.majesco.com:9443 capacitor://localhost http://localhost; worker-src 'self' blob: 1
upgrade-insecure-requests; media-src https: data: blob:; img-src https: data: blob:; object-src https:; worker-src blob:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' *.maxon.net 1
default-src https: *.visualwebsiteoptimizer.com app.vwo.com; script-src https: 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com app.vwo.com 'self' blob:; style-src https: blob: 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com; img-src https: data: *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io; font-src https: data: *.visualwebsiteoptimizer.com app.vwo.com; connect-src https: wss://*.hotjar.com *.visualwebsiteoptimizer.com app.vwo.com; frame-ancestors 'self' *.vandebron.nl *.vdbinfra.nl *.salesforce.com *.force.com 1
form-action 'self'; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline';       connect-src 'self' 'unsafe-inline'        https://*.googleapis.com/        https://maps.gstatic.com/          https://www.helpassistant.com/          https://demo.helpassistant.com/        wss://demo.spokechoice.com/api/signalr/reconnect                    wss://www.spokechoice.com/api/signalr/reconnect                    https://www.google.com/recaptcha/                    https://www.gstatic.com/recaptcha/        https://fonts.googleapis.com/        https://fonts.gstatic.com/;             script-src 'self' 'unsafe-inline' 'unsafe-eval'          https://*.googleapis.com/          https://www.helpassistant.com/          https://demo.helpassistant.com/          https://www.google.com/recaptcha/          https://www.gstatic.com/recaptcha/;       style-src 'self' 'unsafe-inline'                    https://fonts.googleapis.com;       img-src 'self'          data:        https://*.googleapis.com/        https://maps.gstatic.com/                    https://www.helpassistant.com/          https://demo.helpassistant.com/;       frame-src 'self'          *.helpassistant.com          https://demo.helpassistant.com/          https://www.helpassistant.com/        https://ddreports.screenstepslive.com/        https://www.google.com/;       font-src 'self'          *.helpassistant.com        https://*.googleapis.com/          https://demo.helpassistant.com/                    https://fonts.gstatic.com 1
default-src 'self' *.picus.io picussecurity.com *.picussecurity.com https://static.userguiding.com/ https://user.userguiding.com/ *.userguiding.com https://www.googletagmanager.com/ https://picus-digital-cdn.s3.amazonaws.com/ https://www.google-analytics.com/ *.popt.in/ https://cdn.heapanalytics.com https://heapanalytics.com *.heapanalytics.com *.hotjar.com *.hotjar.io *.newrelic.com *.cloudflare.com *.nr-data.net pcsdl.com *.pcsdl.com wss://ws.hotjar.com; style-src 'self' https://heapanalytics.com 'unsafe-inline'; img-src * 'self' blob: data: https: https://heapanalytics.com; form-action 'self'; frame-ancestors 'self'; object-src 'none';upgrade-insecure-requests; manifest-src 'self' data: ; 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors self https://app.storyblok.com; img-src 'self' data: https:; object-src 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https://*.storyblok.com/ https://netlify-cdp-loader.netlify.app/ 'strict-dynamic' 'nonce-HJHCfF9Kn5bvR0HyynEAdw=='; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self'; form-action 'self'; style-src 'self'  ; img-src 'self'; 1
frame-ancestors 'self' swk.kcenter.usu.com 1
default-src 'none';         script-src 'self' 'unsafe-inline' 'unsafe-eval'         https://*.ads-twitter.com         https://*.bing.com         https://*.ceros.com         https://*.contentsquare.com         https://*.contentsquare.net         https://*.cookiereports.com         https://*.cybersource.com         https://*.doubleclick.net         https://*.eloqua.com         https://*.en25.com         https://*.facebook.net         https://*.google-analytics.com         https://*.google.com         https://*.googleadservices.com         https://*.googletagmanager.com         https://*.gstatic.com         https://*.idio.episerver.net         https://*.licdn.com         https://*.linkedin.com         https://*.optimizely.com         https://*.storygize.com         https://*.twitter.com         https://*.visa.com         https://*.youtube.com         https://api.company-target.com         https://cdn-assets-prod.s3.amazonaws.com         https://code.jquery.com         https://company-target.com         https://id.rlcdn.com         https://optimizely.s3.amazonaws.com         https://rlcdn.com         https://s.company-target.com         https://scripts.demandbase.com         https://segments.company-target.com         https://storygize.com         https://tag-logger.demandbase.com         https://tag.demandbase.com;         style-src 'self' 'unsafe-inline'         https://*.cybersource.com         https://*.ceros.com         https://*.eloqua.com         https://*.google.com         https://*.gsatic.com         https://*.licdn.com         https://*.optimizely.com         https://*.visa.com         https://fonts.googleapis.com;         font-src 'self'         data:         https://*.cybersource.com         https://*.eloqua.com         https://*.visa.com         https://fonts.googleapis.com         https://fonts.gstatic.com;         img-src 'self'         data:         https://*.ads-twitter.com         https://*.adsrvr.org         https://*.cybersource.com         https://*.bing.com         https://*.ceros.com         https://*.contentsquare.net         https://*.cookiereports.com         https://*.doubleclick.net         https://*.eloqua.com         https://*.en25.com         https://*.facebook.com         https://*.facebook.net         https://*.google.com         https://*.google-analytics.com         https://*.googleadservices.com         https://*.googletagmanager.com         https://*.gstatic.com         https://*.idio.episerver.net         https://*.licdn.com         https://*.linkedin.com         https://*.optimizely.com         https://*.storygize.com         https://*.twitter.com         https://*.visa.com         https://*.youtube.com         https://i.ytimg.com         https://ib.adnxs.com         https://p.adsymptotic.com         https://storygize.com         https://t.co         https://yt3.ggpht.com;         frame-src 'self'         https://*.ads-twitter.com         https://*.cybersource.com         https://*.ceros.com         https://*.doubleclick.net         https://*.eloqua.com         https://*.facebook.com         https://*.facebook.net         https://*.google.com         https://*.licdn.com         https://*.linkedin.com         https://*.optimizely.com         https://*.storygize.com         https://*.twitter.com         https://*.visa.com         https://*.youtube.com         https://storygize.com;         connect-src 'self'         https://*.ads-twitter.com         https://*.bing.com         https://*.ceros.com         https://*.contentsquare.com         https://*.contentsquare.net         https://*.cookiereports.com         https://*.cybersource.com         https://*.doubleclick.net         https://*.eloqua.com         https://*.en25.com         https://*.facebook.net         https://*.google-analytics.com         https://*.google.com         https://*.googleapis.com         https://*.googlesyndication.com         https://*.gstatic.com         https://*.idio.episerver.net         https://*.licdn.com         https://*.linkedin.com         https://*.optimizely.com         https://*.storygize.com         https://*.visa.com         https://*.youtube.com         https://api.company-target.com         https://company-target.com         https://id.rlcdn.com         https://rlcdn.com         https://s.company-target.com         https://scripts.demandbase.com         https://segments.company-target.com         https://storygize.com         https://tag-logger.demandbase.com         https://tag.demandbase.com;         object-src 'self';         media-src 'self';         worker-src 'self'         blob:         https://*.cybersource.com         https://*.contentsquare.net         https://*.contentsquare.com         https://*.google.com; 1
frame-ancestors 'self' docs.google.com/spreadsheets/d/e/ *.facebook.com connect.facebook.net www.instagram.com;                         frame-src 'self' docs.google.com/spreadsheets/d/e/ *.facebook.com connect.facebook.net anchor.fm mek.fnusa.cz www.google.com/maps/ www.instagram.com;                         child-src 'self' *.facebook.com connect.facebook.net;                         default-src 'self' 'unsafe-inline' www.google-analytics.com/j/collect;                         img-src 'self' data: www.google-analytics.com/collect *.facebook.com/ *.facebook.net *.fbcdn.net *.cdninstagram.com *.instagram.com secure.gravatar.com;                         script-src 'self' webpack: 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com www.gstatic.com www.google.com/jsapi connect.facebook.net graph.facebook.net js.facebook.net cdn.datatables.net cloudfront.net platform.instagram.com www.instagram.com;                         style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com www.facebook.com/rsrc.php cdn.datatables.net *.cdninstagram.com *.instagram.com;                         font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com;                         connect-src 'self' *.facebook.com connect.facebook.net www.google-analytics.com;                         form-action 'self' fnusa.cz *.facebook.com connect.facebook.net; 1
frame-ancestors 'self' analytics.liquipedia.net; report-uri https://s1r2d1cd.uriports.com/reports/report 1
script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.tawk.to *.jsdelivr.net *.tidio.co *.facebook.net www.gstatic.com;script-src-attr 'unsafe-inline';img-src 'self' data: i.imgur.com www.google-analytics.com nyq4leycky5n94hcmplt3mpfla.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com tawk.link *.tawk.to *.tawk.link *.amazonaws.com *.jsdelivr.net *.databrain.com www.googletagmanager.com;style-src 'self' 'unsafe-inline' nyq4leycky5n94hcmplt3mpfla.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com fonts.googleapis.com *.tawk.to *.jsdelivr.net;font-src 'self' nyq4leycky5n94hcmplt3mpfla.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com fonts.googleapis.com fonts.gstatic.com *.tawk.to *.jsdelivr.net *.googletagmanager.com;frame-src static.goolec.com www.youtube.com youtube.com;connect-src 'self' tickers.playtech.com www.google-analytics.com *.googleapis.com *.tawk.to wss://*.tawk.to tracker.databrain.com;upgrade-insecure-requests;default-src 'self';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none' 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' 735-rtx-941.mktoresp.com 735-rtx-941.mktoutil.com abrtp2.marketo.com abrtp2-cdn.marketo.com app-ab42.marketo.com rtp-static.marketo.com munchkin.marketo.net app.addsearch.com addsearch.com adservice.google.com maxcdn.bootstrapcdn.com a.clarity.ms b.clarity.ms c.clarity.ms d.clarity.ms e.clarity.ms f.clarity.ms g.clarity.ms h.clarity.ms i.clarity.ms j.clarity.ms k.clarity.ms l.clarity.ms m.clarity.ms n.clarity.ms o.clarity.ms p.clarity.ms q.clarity.ms r.clarity.ms s.clarity.ms t.clarity.ms u.clarity.ms v.clarity.ms w.clarity.ms x.clarity.ms y.clarity.ms z.clarity.ms www.clarity.ms bat.bing.com cdn.conveythis.com api-proxy.conveythis.com ajax.aspnetcdn.com ajax.googleapis.com translate.googleapis.com analytics.google.com www.google-analytics.com www.googletagmanager.com cdn.callrail.com js.callrail.com cdn01.basis.net code.jquery.com connect.facebook.net d.adroll.com s.adroll.com x.adroll.com *.deltadentalia.com fonts.googleapis.com googleads.g.doubleclick.net stats.g.doubleclick.net td.doubleclick.net pixel-a.basis.net pixel.sitescout.com pixel-sync.sitescout.com px.ads.linkedin.com edge.quantserve.com secure.quantserve.com rules.quantcount.com pixel.quantcount.com snap.licdn.com s7.addthis.com secure.deltadentalia.com *.spinutech.com www.youtube.com static.cloudflareinsights.com d20vwa69zln1wj.cloudfront.net s6.searchcdn.com test.secure.deltadentalia.com unpkg.com www.gstatic.com www.google.com www.google.ca www.google.co.in www.google.co.uk; img-src 'self' blob data: *.deltadentalia.com *.spinutech.com addsearch.com stats.addsearch.com stats.g.doubleclick.net ad.doubleclick.net d20vwa69zln1wj.cloudfront.net pixel-a.basis.net pixel.sitescout.com cdn.conveythis.com bat.bing.com c.bing.com d.adroll.com s.adroll.com x.adroll.com a.clarity.ms b.clarity.ms c.clarity.ms d.clarity.ms e.clarity.ms f.clarity.ms g.clarity.ms h.clarity.ms i.clarity.ms j.clarity.ms k.clarity.ms l.clarity.ms m.clarity.ms n.clarity.ms o.clarity.ms p.clarity.ms q.clarity.ms r.clarity.ms s.clarity.ms t.clarity.ms u.clarity.ms v.clarity.ms w.clarity.ms x.clarity.ms y.clarity.ms z.clarity.ms www.clarity.ms clickserv.sitescout.com www.google-analytics.com translate.google.com www.facebook.com px.ads.linkedin.com px4.ads.linkedin.com pixel.quantserve.com fonts.gstatic.com www.googletagmanager.com www.google.com www.google.ca www.google.co.in www.google.co.uk; media-src 'self' data: s3.amazonaws.com; frame-ancestors 'self'; object-src 'none'; form-action 'self' accounts.google.com *.spinutech.com secure.deltadentalia.com test.secure.deltadentalia.com; font-src 'self' data: fonts.gstatic.com static.zip.co maxcdn.bootstrapcdn.com; base-uri 'self'; report-uri /csp/; 1
font-src *.tidiochat.com *.fontawesome.com fonts.gstatic.com *.openstreetmap.org *.inpost.pl *.easypack24.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.przelewy24.pl *.facebook.com sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.google.com/ *.addthis.com *.facebook.com ct.pinterest.com pay.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com img.youtube.com validator.swagger.io https://images.unsplash.com *.googletagmanager.com *.google.com *.google.pl *.gstatic.com *.googleadservices.com *.google-analytics.com *.linkedin.com www.oferteo.pl unpkg.com cdnjs.cloudflare.com *.tidiochat.com tidio-images-messenger.s3.us-east-1.amazonaws.com *.facebook.com static.przelewy24.pl www.gstatic.com gstatic.com *.openstreetmap.org *.inpost.pl *.easypack24.net *.instagram.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.licdn.com *.addthis.com *.addthisedge.com *.elfsight.com *.tidio.co *.tidio.com *.tidiochat.com *.facebook.net *.tiktok.com *.pinimg.com ct.pinterest.com s7.addthis.com sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com *.easypack24.net *.openstreetmap.org *.inpost.pl *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.fontawesome.com fonts.googleapis.com *.easypack24.net *.openstreetmap.org *.inpost.pl maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tidiochat.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.doubleclick.net *.cardinalcommerce.com 'self' data: *.addthis.com *.elfsight.com wss://socket.tidio.co *.tidio.com *.pinterest.com *.tiktok.com ekr.zdassets.com/ sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.easypack24.net *.openstreetmap.org *.inpost.pl https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * data: *.crazyegg.com 'unsafe-eval' 'unsafe-inline' blob:; font-src 'self' fonts.gstatic.com *.crazyegg.com data:; script-src * *.crazyegg.com 'unsafe-inline' 'unsafe-eval' blob:; connect-src * *.crazyegg.com 'unsafe-inline' data:; img-src * *.crazyegg.com data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 1
frame-ancestors 'self' https://webmaster.greenon.jp; 1
default-src http: https: 'unsafe-inline'; img-src http: https: data:; object-src 'none'; 1
img-src * 'self' blob: data:;default-src *; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; script-src 'self' data: https://www.googletagmanager.com https://www.clarity.ms https://a.clarity.ms https://b.clarity.ms https://c.clarity.ms https://d.clarity.ms https://e.clarity.ms https://f.clarity.ms https://g.clarity.ms https://h.clarity.ms https://i.clarity.ms https://j.clarity.ms https://k.clarity.ms https://l.clarity.ms https://m.clarity.ms https://n.clarity.ms https://o.clarity.ms https://p.clarity.ms https://q.clarity.ms https://r.clarity.ms https://s.clarity.ms https://t.clarity.ms https://u.clarity.ms https://v.clarity.ms https://w.clarity.ms https://x.clarity.ms  https://y.clarity.ms https://z.clarity.ms https://analytics.tiktok.com https://onesignal.com https://cdn.onesignal.com https://live.stc.com.kw https://business-soft.stc.com.kw  https://www.stc.com.kw  https://stc.com.kw https://www.solutions.com.kw https://solutions.com.kw https://maps.googleapis.com https://www.google-analytics.com https://analytics.tiktok.com https://p.teads.tv  https://connect.facebook.net https://static.ads-twitter.com https://sc-static.net  https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.twitter.com https://static.hotjar.com https://ajax.googleapis.com https://www.semrush.com https://dtm-dre.platform.hicloud.com https://www.googletagmanager.com https://snap.licdn.co https://p.teads.tv https://static.ads-twitter.com https://sc-static.net https://www.googleadservices.com https://analytics.twitter.com https://live.viva.com.kw https://www.google-analytics.com https://analytics.tiktok.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://platform.snapchat.com https://platform.twitter.com https://live.viva.com.kw https://snap.licdn.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com data:; 1
default-src http://127.0.0.1:* http://localhost:* https://fonts.googleapis.com https://*.poolpm.nftcdn.io https://nftstorage.link https://*.nftstorage.link https://*.ipfs.dweb.link https://arweave.net https://*.arweave.net data:; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://api.pool.pm data: blob: http://127.0.0.1:* http://localhost:* https://*.poolpm.nftcdn.io https://nftstorage.link https://*.nftstorage.link https://*.ipfs.dweb.link https://arweave.net https://*.arweave.net https://www.gstatic.com/draco/; font-src 'self' data: blob: https://fonts.gstatic.com; frame-src data: http://127.0.0.1:* http://localhost:* https://*.poolpm.nftcdn.io https://nftstorage.link https://*.nftstorage.link https://*.ipfs.dweb.link https://arweave.net https://*.arweave.net; img-src 'self' data: blob: http://127.0.0.1:* http://localhost:* https://*; media-src https://* data:; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://unpkg.com/@google/model-viewer/; style-src 'unsafe-inline' https://fonts.googleapis.com/ 1
default-src 'self' https: 'unsafe-eval' 'unsafe-inline' *.caixavidaeprevidencia.com.br *.caixaseguridade.com.br *.caixaseguradora.com.br dc.services.visualstudio.com; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' *.caixavidaeprevidencia.com.br *.caixaseguridade.com.br *.caixaseguradora.com.br *.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googleadservices.com dc.services.visualstudio.com; style-src 'self' https: 'unsafe-eval' 'unsafe-inline' *.caixavidaeprevidencia.com.br *.caixaseguridade.com.br *.caixaseguradora.com.br *.google.com *.googleapis.com dc.services.visualstudio.com; img-src 'self' https: data: 'unsafe-eval' 'unsafe-inline' *.caixavidaeprevidencia.com.br *.caixaseguridade.com.br *.caixaseguradora.com.br *.googletagmanager.com *.gstatic.com *.google-analytics.com *.google.com dc.services.visualstudio.com; font-src 'self' https: data: 'unsafe-eval' 'unsafe-inline' *.caixavidaeprevidencia.com.br *.caixaseguridade.com.br *.caixaseguradora.com.br *.gstatic.com dc.services.visualstudio.com; connect-src 'self' https: 'unsafe-eval' 'unsafe-inline' *.caixavidaeprevidencia.com.br *.caixaseguridade.com.br *.caixaseguradora.com.br *.google-analytics.com performance-api-service-dot-caixa-vida-previdencia.rj.r.appspot.com dc.services.visualstudio.com; frame-src 'self' https: 'unsafe-eval' 'unsafe-inline' *.caixavidaeprevidencia.com.br *.caixaseguridade.com.br *.caixaseguradora.com.br dc.services.visualstudio.com 1
frame-ancestors 'self' https://coco.coyocloud.com https://cdn.vangraaf.de; 1
font-src 'self' 'unsafe-inline' https://fonts.sayanogorsk.info https://fonts.gstatic.com https://yastatic.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 1
frame-ancestors https://vk.com https://*.vk.com https://ok.ru https://*.ok.ru https://my.mail.ru https://*.mail.ru https://yandex.ru https://*.yandex.ru https://yandex.com https://*.yandex.com 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wp.com https://*.gravatar.com https://*.google-analytics.com; img-src 'self' data: https://wordpress.org https://*.gravatar.com https://*.wp.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.wp.com https://*.gravatar.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com; object-src 'none' 1
font-src 'self' data: *.4flow.cloud  https://fonts.gstatic.com; frame-src 'self' data: *.4flow.cloud ; frame-ancestors 'self' *.4flow.cloud ; connect-src 'self' *.4flow.cloud *.4flow.net https://stats.g.doubleclick.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.4flow.cloud https://www.google-analytics.com; img-src 'self' data: *.4flow.cloud *.4flow.net https://www.google-analytics.com; style-src 'self' 'unsafe-inline' *.4flow.cloud https://fonts.googleapis.com; default-src 'self' blob: *.4flow.cloud https://www.google.com https://www.youtube.com;, 1
default-src * 'unsafe-inline' ;script-src * 'unsafe-inline' blob:; style-src 'self' *.visa.com 'unsafe-inline'; connect-src 'self' *.visa.com www.myvisacardportal.com myvisacardportal.com *.cdn.optimizely.com s.go2sdk.com *.optimizely.com tag-logger.demandbase.com s.company-target.com *.g.doubleclick.net td.doubleclick.net api.company-target.com *.smartrecruiters.com c.az.contentsquare.net *.contentsquare.net r.3gl.net pagead2.googlesyndication.com analytics.google.com *.googlesyndication.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.talentegy.com *.tiktok.com  *.ads.linkedin.com;font-src 'self' *.visa.com fonts.googleapis.com; object-src 'self' *.visa.com *.cdn.optimizely.com *.optimizely.com; media-src *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.visa.com 'self'; worker-src * 'unsafe-inline' blob:; frame-src 'self' *.visa.com *.google.com *.cdn.optimizely.com *.smartrecruiters.com *.doubleclick.net *.optimizely.com s.company-target.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com; 1
base-uri 'self'; default-src 'self'; script-src 'unsafe-inline' 'strict-dynamic' https: http: 'nonce-jqBEmDj5znA6aYSYe9IzhjxrlIaC6XiX'; object-src 'none'; img-src 'self' data: https://*.googleapis.com https://maps.gstatic.com https://www.google.com https://*.googleusercontent.com https://*.google-analytics.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://storage.googleapis.com https://*.ggpht.com https://i.ytimg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://*.googleapis.com https://securetoken.googleapis.com https://accounts.google.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net; frame-src 'self' https://www.youtube.com https://policies.google.com https://*.doubleclick.net; media-src 'self'; report-uri https://csp.withgoogle.com/csp/gweb-prod-campus-k-frontend/125250e9 1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 1
frame-ancestors 'self' *.amerigroup.com; 1
default-src 'self' http: https: data: *.hotjar.com *.hotjar.io wss://*.hotjar.com 'unsafe-inline';script-src https: *.trustlogo.com *.secure.comodo.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com *.ipinfo.io *.ui.powerreviews.com *.osano.com *.jsdelivr.net  *.authorize.net *.cybersource.com *.braintreegateway.com *.braintree-api.com 'unsafe-eval' 'unsafe-inline'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ravenation.club; img-src 'self' https: data: blob: https://ravenation.club; style-src 'self' https://ravenation.club 'nonce-grbPgWDKHN60fLGBZfkvmw=='; media-src 'self' https: data: https://ravenation.club; frame-src 'self' https:; manifest-src 'self' https://ravenation.club; form-action 'self'; child-src 'self' blob: https://ravenation.club; worker-src 'self' blob: https://ravenation.club; connect-src 'self' data: blob: https://ravenation.club https://media.ravenation.club wss://ravenation.club; script-src 'self' https://ravenation.club 'wasm-unsafe-eval' 1
base-uri 'self';               frame-ancestors 'self' https://go.pardot.com;               default-src 'self';               script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://pagead2.googlesyndication.com/ https://www.clarity.ms https://sc.lfeeder.com/ cdn.cookielaw.org https://www.googleoptimize.com google.ie go.top-employers.com https://*.moatads.com https://*.addthisedge.com https://*.mtcaptcha.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://js.driftt.com https://pi.pardot.com https://*.addthis.com https://snap.licdn.com https://*.hotjar.com https://widget.surveymonkey.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google.com/pagead/ ;               style-src 'report-sample' 'self' 'unsafe-inline' cdn.jsdelivr.net https://fonts.googleapis.com https://www.googletagmanager.com;              font-src 'self' data: https://fonts.gstatic.com;               connect-src 'self' https://*.googletagmanager.com https://analytics.google.com https://*.clarity.ms/ wss://ws.hotjar.com/ https://www.google.nl/ads/ https://px.ads.linkedin.com/ https://googleads.g.doubleclick.net cdn.cookielaw.org https://stats.g.doubleclick.net https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.addthis.com https://cdn.linkedin.oribi.io https://*.analytics.google.com https://www.google.com/pagead/ https://geolocation.onetrust.com;               img-src 'self' https://c.bing.com/ https://*.facebook.net https://*.clarity.ms https://*.lfeeder.com/ cdn.cookielaw.org data: https://*.linkedin.com https://*.facebook.com https://www.google-analytics.com https://*.analytics.google.com https://www.google.de https://www.google.com https://www.google.nl https://www.google.co.za https://www.google.co.in https://www.googletagmanager.com https://googleads.g.doubleclick.net/pagead/ https://fonts.gstatic.com;               child-src 'self' https://*.vimeo.com https://*.youtube.com;               frame-src 'self' https://go.top-employers.com https://td.doubleclick.net * data: blob: ;               object-src 'none';              manifest-src 'self';              media-src 'self';              report-uri https://65f1a62a77c15b585b4a37b0.endpoint.csper.io/;              worker-src 'none'; 1
default-src 'self' *.trendin.com *.jaypore.com *.yellowmessenger.com *.paytm *.gstatic.com data:; img-src * 'self' https://*.akstat.io blob: data:;script-src 'self' https://static-cdn.trackier.com in1.clevertap-prod.com *.creativecdn.com https://*.go-mpulse.net trc.taboola.com rtb-global.com webtrafficsource.com i.l-dsp.inmobicdn.net cdn.taboola.com go-mpulse.net sc-static.net sdk.rsut.io securegw-stage.paytm.in *.yellow.ai *.yellowmessenger.com *.paytm.com *.paytm.in *.amazonaws.com *.wizrocket.com *.criteo.com *.criteo.net *.googleapis.com *.resu.io sdk.resu.io cdnjs.cloudflare.com *.adobedtm.com *.gstatic.com *.primeai1.org *.primeai.co.uk *.primeai3.in *.jquery.com *.facebook.net *.google.com *.googleapis.com *.cloudfront.net *.hotjar.com *.contentsquare.net *.google-analytics.com *.bing.com *.streamoid.com *.googleadservices.com *.trendin.com *.google.com *.googletagmanager.com *.usersnap.com *.clevertap.com *.adobedtm.com *.go2cloud.org *.wzrkt.com 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.crazyegg.com; connect-src 'self' *.creativecdn.com google.com *.yellow.ai *.yellowmessenger.com wss://cloud.yellow.ai *.jaypore.com widget.usersnap.com *.paytm.in wss://stage-router.paytm.in wss://router.paytm.in wss://securegw-stage.paytm.in wss://securegw-stage.paytm.in wss://securegw.paytm.in *.taboola.com wss://websoc.resu.io http://abfrl.com/ *.google.com *.criteo.com rtb-global.com webtrafficsource.com https://*.akstat.io https://*.go-mpulse.net cdn.taboola.com *.adobedc.net in1.wzrkt.com apis.google.com *.googletagmanager.com   *.trendin.com assets.trendin.com assets.abfrlcdn.com assets.jaypore.com use.typekit.net *.gstatic.com *.facebook.com bat.bing.com *.hotjar.io geolocation-db.com *.hotjar.com *.googleapis.com *.primeai.co.uk *.primeai1.org *.primeai3.in http://recs.richrelevance.com/* http://recs.richrelevance.com *.richrelevance.com *.amazonaws.com *.wizrocket.com adityabirlafashion.sc.omtrdc.net *.google-analytics.com     *.doubleclick.net *.demdex.net *.adobeaemcloud.com nodeserver.sdk.streamoid.com *.elastic-cloud.com *.crazyegg.com sdk.resu.io cdnjs.cloudflare.com *.clickpost.in https://adityabirlafashion.tt.omtrdc.net; style-src 'self' 'unsafe-inline' *.google.com *.jaypore.com *.yellowmessenger.com *.paytm.in *.trendin.com *.primeai.co.uk *.primeai1.org *.primeai3.in *.streamoid.com *.crazyegg.com *.googleapis.com nodeserver.sdk.streamoid.com *.typekit.net; media-src 'self' 'unsafe-eval' 'unsafe-inline' *.adobeaemcloud.com *.typekit.net   *.trendin.com  *.elastic-cloud.com *.scene7.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://tsm.s3g6.com *.creativecdn.com *.paytm.in *.google.com afftracer.g2afse.com static.criteo.net *.amazon-adsystem.com *.criteo.com *.go2cloud.org *.amazonaws.com *.wizrocket.com *.facebook.com accounts.google.com *.doubleclick.net *.demdex.net *.hotjar.com   *.trendin.com *.youtube.com; child-src *.googleapis.com; worker-src localhost:3000 blob: *.jaypore.com; 1
frame-src *.google.com *.typeform.com https://*.vimeo.com/ it-kalkulator.swisscom.ch 'self';style-src *.typeform.com 'self' 'unsafe-inline';img-src data: 'self';connect-src https://*.mapbox.com/ https://*.matomo.cloud 'self';manifest-src 'self';media-src 'self';font-src 'self';form-action 'self';frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' google.com *.google.com gstatic.com *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' google.com *.google.com gstatic.com *.gstatic.com yandexcloud.net *.yandexcloud.net; style-src 'unsafe-inline' *; img-src *; media-src *; frame-src https://privetmir.ru https://form.privetmir.ru https://www.google.com https://smartcaptcha.yandexcloud.net; 1
default-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.vimeo.com https://vimeo.com https://*.spotify.com/ https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://p.scdn.co/ https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be https://*.apple.com https://*.instagram.com https://*.soundcloud.com https://*.cm.com https://*.slinger.to/; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-8fw3ib+YaAvuV6Ok8jkjhg=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.slinger.to/; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.ayaconnect.com https://*.lotusconnect.com 1
default-src 'self' www.googleadservices.com googleads.g.doubleclick.net www.google.com www.google.co.in adservice.google.com *.fls.doubleclick.net insight.adsrvr.org quantserve.com *.adnxs.com s.yimg.com *.onetrust.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.hotjar.com *.moengage.com *.adnxs.com *.googleoptimize.com *.mookie1.com *.fls.doubleclick.net *.doubleclick.net *.outbrain.com *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net cdn.jsdelivr.net simsys.ent.ap-southeast-1.aws.found.io https://platform-api.sharethis.com https://buttons-config.sharethis.com unpkg.com/@frontify/ brandportal.ihhhealthcare.com assets.gathercontent.com www.googletagmanager.com media.istockphoto.com beta.mountelizabeth.com.sg http://beta.mountelizabeth.com.sg http://admin-beta-mountelizabeth.com.sg insight.adsrvr.org quantserve.com googletagmanager.com secure.quantserve.com js.adsrvr.org rules.quantcount.com www.googleadservices.com adservice.google.com googleads.g.doubleclick.net admin-gleneagles.parkwayhealth.local admin-parkwayeast.parkwayhealth.local bat.bing.com staticcdn.enzymic.co cdn.polyfill.io https://unpkg.com/web-vitals/dist static.site24x7rum.com www.google.co.in s.yimg.com www.instagram.com www.sc.pages07.net sp.analytics.yahoo.com https://cdn-apac.onetrust.com *.onetrust.com https://rawgit.com https://cdnjs.cloudflare.com https://cdn.tailwindcss.com 'self' js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com *.en25.com web-chat.nativechat.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com cdn.jsdelivr.net simsys.ent.ap-southeast-1.aws.found.io brandportal.ihhhealthcare.com assets.gathercontent.com media.istockphoto.com beta.mountelizabeth.com.sg http://fonts.cdnfonts.com https://cdnjs.cloudflare.com googletagmanager.com *.googletagmanager.com *.bunny.net *.moengage.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://www.mountelizabeth.com.sg https://cdn-assets-eu.frontify.com simsys.ent.ap-southeast-1.aws.found.io www.gleneagles.com.sg https://www.parkwayhospitals.com.cn *.frontify.com brandportal.ihhhealthcare.com beta.mountelizabeth.com.sg assets.gathercontent.com media.istockphoto.com i.vimeocdn.com www.googletagmanager.com *.hotjar.com https://moe-email-campaigns.s3.amazonaws.com https://image.moengage.com countryflagsapi.com mountelizabeth.com *.mookie1.com *.google.com *.google.com.sg *.adnxs.com *.quantserve.com flagcdn.com ad.doubleclick.net google.co.in sdms-country-flag.s3.ap-southeast-1.amazonaws.com http://sitefinityprodpp.blob.core.windows.net googleads.g.doubleclick.net www.google.com/pagead bat.bing.com *.outbrain.com www.googleadservices.com www.google.co.in adservice.google.com fls.doubleclick.net insight.adsrvr.org quantserve.com s.yimg.com www.pages07.net sp.analytics.yahoo.com https://cdn-apac.onetrust.com *.onetrust.com *.amazonaws.com s3-ihhsg-sdms-prod.sg.ihhhealthcare.com 'self' track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.hotjar.com cdnjs.cloudflare.com https://fonts.cdnfonts.com; frame-src https://www.google.com/ https://www.youtube.com https://vimeo.com https://player.vimeo.com beta.mountelizabeth.com.sg assets.gathercontent.com media.istockphoto.com brandportal.ihhhealthcare.com https://vars.hotjar.com https://*.moengage.com https://www.facebook.com https://m.facebook.com *.fls.doubleclick.net insight.adsrvr.org www.instagram.com adservice.google.com td.doubleclick.net https://my.matterport.com/ 'self' forms.hsforms.com web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com cdn.jsdelivr.net simsys.ent.ap-southeast-1.aws.found.io https://l.sharethis.com *.frontify.com brandportal.ihhhealthcare.com beta.mountelizabeth.com.sg http://beta.mountelizabeth.com.sg assets.gathercontent.com media.istockphoto.com https://parkway-elastic-production.ent.ap-southeast-1.aws.found.io http://admin-beta-mountelizabeth.com.sg wss://*.hotjar.com *.hotjar.com *.hotjar.io *.moengage.com stats.g.doubleclick.net admin-parkwayeast.parkwayhealth.local admin-gleneagles.parkwayhealth.local analytics.google.com static.enzymic.co www.facebook.com metrics.mountelizabeth.com.sg insight.adsrvr.org quantserve.com *.adnxs.com s.yimg.com sp.analytics.yahoo.com https://cdn-apac.onetrust.com https://geolocation.onetrust.com *.onetrust.com tr.outbrain.com 'self' forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.frontify.com brandportal.ihhhealthcare.com assets.gathercontent.com media.istockphoto.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com cdn.jsdelivr.net simsys.ent.ap-southeast-1.aws.found.io *.frontify.com brandportal.ihhhealthcare.com beta.mountelizabeth.com.sg assets.gathercontent.com media.istockphoto.com https://*.moengage.com countryflagsapi.com 'self' web-chat.nativechat.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.twitter.com *.useinsider.com *.visualwebsiteoptimizer.com *.ads-twitter.com *.yandex.ru *.google.com *.google.com.tr *.facebook.net *.google.js *.trademaster.com.tr *.isyatirim.com.tr *.youtube.com *.userguiding.com *.google-analytics.com *.doubleclick.net *.isvarant.com *.isbank.com.tr *.maxisinvestments.com *.efesvarlik.com.tr *.isportfoy.com.tr *.isgirisim.com.tr *.isyatort.com.tr *.foreks.com userguiding.com *.magiclick.com *.linkedin.com *.facebook.com *.instagram.com *.kap.org.tr *.euromoney.com  *.mergermarket.com *.home.saxo *.edfman.com  *.mitsuibussancommodities.com  *.marexspectron.com  support.google.com  *.googleapis.com  *.bootstrapcdn.com *.taboola.com *.googletagmanager.com *.spotify.com; frame-ancestors 'self' https://istest.prosp.devexperts.com https://online.herkeseborsa.com.tr 1
report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub849937dfa04b034f76fc653a1f8565c8&dd-evp-origin=content-security-policy&ddsource=csp-report 1
frame-ancestors 'self' https://twinkaboo.com https://chat.twinkaboo.com; 1
default-src 'self' 'unsafe-inline' https://www.ifsttar.fr https://plausible.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tarteaucitron.io https://plausible.io https://*.tiktok.com https://*.facebook.net https://public.tableau.com https://*.audiomeans.fr https://*.googletagmanager.com https://cdn-eu.readspeaker.com https://webapi.affluences.com/ https://ajax.googleapis.com/ajax/ https://static.affluences.media/ https://www.google-analytics.com https://platform.twitter.com https://cdn.syndication.twimg.com api-public.addthis.com https://api-public-oci-origin.addthis.com https://*.addthis.com https://v1.addthisedge.com graph.facebook.com https://graph.facebook.com https://z.moatads.com https://widgets.pinterest.com https://vk.com/share.php https://www.odnoklassniki.ru/dk https://connect.ok.ru/dk; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.googletagmanager.com https://cdn-eu.readspeaker.com https://static.affluences.media https://platform.twitter.com https://*.twimg.com; font-src 'self' https://*.gstatic.com https://static.affluences.media/ data: ; frame-src 'self' https://www.dailymotion.com https://mediavideo.cnrs.fr https://*.esr.gouv.fr https://*.google.com https://spectremedia.org https://public.tableau.com https://my.matterport.com/ https://*.youtube.com https://*.libcast.com https://*.ephoto.fr https://*.univ-eiffel.fr https://*.univ-gustave-eiffel.fr https://maps.google.fr/ https://static.affluences.media/ https://embed.acast.com https://cdn.theconversation.com https://podcasts.ouest-france.fr https://datawrapper.dwcdn.net https://counter.theconversation.com  https://*.audiomeans.fr https://player.vimeo.com/ https://www.geoportail.gouv.fr/ https://www.facebook.com https://my.matterport.com/ https://*.youtube.com https://*.libcast.com https://clap.univ-eiffel.fr https://haltools.archives-ouvertes.fr https://archives-ouvertes.fr https://*.twitter.com https://www.youtube-nocookie.com http://*.u-pem.fr https://*.u-pem.fr https://*.vimeo.com https://upem.moveonfr.com https://view.genial.ly https://s7.addthis.com; img-src 'self' data: https://*.googletagmanager.com https://modele.univ-gustave-eiffel.fr https://*.tiktok.com https://*.facebook.com https://www.univ-gustave-eiffel.fr https://public.tableau.com https://*.twitter.com https://gallery.mailchimp.com/ https://*.google.fr https://*.google.com https://www.ifsttar.fr/ https://images.theconversation.com https://counter.theconversation.com https://i.ytimg.com https://gallery.mailchimp.com/ https://www.google-analytics.com https://template.univ-gustave-eiffel.fr https://static.affluences.media/ https://template.univ-gustave-eiffel.fr https://ssl.google-analytics.com https://*.twimg.com https://platform.twitter.com https://analytics.google.com https://www.addthis.com; connect-src 'self' 'unsafe-inline' https://plausible.io https://*.tiktok.com https://*.facebook.com https://*.doubleclick.net https://api.countapi.xyz/ https://www.ifsttar.fr https://media-eu.readspeaker.com/ https://app-eu.readspeaker.com/ https://vttts-eu.readspeaker.com/ https://cdn-eu.readspeaker.com/ https://*.googletagmanager.com https://*.google-analytics.com https://ssl.google-analytics.com https://*.analytics.google.com https://www.google.fr https://*.addthis.com https://api-public.addthis.com; media-src 'self' 'unsafe-inline' https://podcast.u-pem.fr https://*.addthis.com https://api-public.addthis.com; frame-ancestors 'self' https://*.eudonet.com 1
default-src *; connect-src *; font-src *; img-src * data:; media-src *; object-src *; script-src 'self' 'unsafe-inline' cdn.ampproject.org use.fontawesome.com *.gstatic.com *.doubleclick.net *.google.com *.googletagmanager.com *.clickfend.com *.doubleclick.net; style-src 'self' 'unsafe-inline' cdn.ampproject.org use.fontawesome.com *.gstatic.com *.doubleclick.net *.google.com *.googletagmanager.com; frame-ancestors 'self' *.enamad.ir; 1
frame-ancestors 'self' twitch.tv *.twitch.tv 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com; 1
base-uri 'self'; connect-src 'self' *.cookiepro.com *.google.com *.hotjar.com wss://ws26.hotjar.com *.hotjar.io *.googleapis.com *.onetrust.com cdn.cookielaw.org *.google-analytics.com *.readspeaker.com stats.g.doubleclick.net yoast.com; default-src 'self' ; font-src fonts.gstatic.com *.hotjar.com 'self' data:; frame-src www.google.com 'self' www.youtube-nocookie.com *.hotjar.com cdn.cookielaw.org *.readspeaker.com gamma.euroland.com tools.eurolandir.com e.infogram.com art.kunstmatrix.com; img-src blob: 'self' data: maps.googleapis.com *.google.com *.googletagmanager.com maps.gstatic.com *.google-analytics.com 0.gravatar.com *.hotjar.com cdn.cookielaw.org maps.googleapis.com maps.gstatic.com secure.gravatar.com *.google-analytics.com ps.w.org s.chkmkt.com; manifest-src 'self';media-src 'self'; object-src 'none';script-src www.google.com www.gstatic.com *.onetrust.com cdn.cookielaw.org *.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval' *.cookiepro.com *.onetrust.com cdn.cookielaw.org p-eu.chkmkt.com *.readspeaker.com www.googletagmanager.com ajax.googleapis.com maps.gstatic.com maps.googleapis.com tools.eurolandir.com *.google-analytics.com e.infogram.com www.youtube-nocookie.com p-eu.chkmkt.com; style-src 'unsafe-inline' 'self' eu.mar.medallia.com ajax.googleapis.com cdn.cookielaw.org fonts.googleapis.com fonts.gstatic.com tagmanager.google.com *.readspeaker.com s.chkmkt.com; worker-src 'self' blob:; 1
report-uri https://mmchubb1.report-uri.com/r/d/csp/enforce; report-to https://mmchubb1.report-uri.com/r/d/csp/enforce; default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.tfaforms.com https://www.youtube.com https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://apis.google.com https://www.gstatic.com https://www.google.com https://maps.googleapis.com https://ajax.googleapis.com https://connect.facebook.net https://platform.twitter.com https://assets.pinterest.com https://script.crazyegg.com https://cdnjs.cloudflare.com https://cdn.cookielaw.org https://hosted.paysafe.com https://api.paysafe.com https://www.paysafe.com  https://songbird.cardinalcommerce.com https://songbirdstag.cardinalcommerce.com https://writer.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com  https://hostedfieldsstag.cardinalcommerce.com  https://geostag.cardinalcommerce.com  https://0eafstag.cardinalcommerce.com  https://0geostag.cardinalcommerce.com  https://1geostag.cardinalcommerce.com  https://centinelapi.cardinalcommerce.com  https://geo.cardinalcommerce.com  https://0merchantacsstag.cardinalcommerce.com https://cdn.c212.net https://platform.twitter.com https://cdn.syndication.twimg.com; style-src 'unsafe-inline' 'self' https://www.tfaforms.com https://code.jquery.com https://fonts.googleapis.com https://translate.googleapis.com https://assets.pinterest.com https://cdn.cookielaw.org https://maxcdn.bootstrapcdn.com https://platform.twitter.com https://ton.twimg.com; img-src 'self' data: https://www.tfaforms.com https://www.wufoo.com https://apply.indeed.com https://cdn.cookielaw.org https://www.googletagmanager.com  https://www.gstatic.com https://maps.gstatic.com https://translate.google.com https://streetviewpixels-pa.googleapis.com https://region1.google-analytics.com https://www.google-analytics.com https://maps.googleapis.com https://dashboard.umbraco.org https://umbraco.tv  https://log.pinterest.com  https://syndication.twitter.com https://log.pinterest.com  https://syndication.twitter.com https://www.gravatar.com https://pixel.mathtag.com https://abs.twimg.com https://pbs.twimg.com https://via.placeholder.com https://platform.twitter.com https://ton.twimg.com https://hosted.paysafe.com  https://api.paysafe.com  https://www.paysafe.com  https://writer.cardinalcommerce.com  https://songbirdstag.cardinalcommerce.com  https://centinelapistag.cardinalcommerce.com  https://hostedfieldsstag.cardinalcommerce.com  https://geostag.cardinalcommerce.com  https://0eafstag.cardinalcommerce.com  https://0geostag.cardinalcommerce.com  https://1geostag.cardinalcommerce.com  https://songbird.cardinalcommerce.com  https://centinelapi.cardinalcommerce.com  https://geo.cardinalcommerce.com https://0merchantacsstag.cardinalcommerce.com https://www.headwayinmemory.org.uk; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; connect-src 'self' https://www.tfaforms.com https://translate.googleapis.com https://www.google-analytics.com https://region1.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://stats.g.doubleclick.net https://kg668dbov0.execute-api.us-east-1.amazonaws.com https://hosted.paysafe.com https://api.paysafe.com https://www.paysafe.com https://writer.cardinalcommerce.com https://songbirdstag.cardinalcommerce.com https://cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://hostedfieldsstag.cardinalcommerce.com https://geostag.cardinalcommerce.com https://0eafstag.cardinalcommerce.com https://0geostag.cardinalcommerce.com https://1geostag.cardinalcommerce.com https://songbird.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://geo.cardinalcommerce.com https://0merchantacsstag.cardinalcommerce.com; frame-src 'self' https://www.tfaforms.com https://headwayuk.wufoo.com/ https://www.googletagmanager.com/ https://widget.spreaker.com https://uk-www.securly.com https://w.soundcloud.com https://www.surveymonkey.co.uk https://player.vimeo.com https://open.spotify.com https://headwayuk.wufoo.eu https://ws-eu.amazon-adsystem.com https://www.youtube.com https://www.facebook.com https://m.facebook.com https://platform.twitter.com https://hosted.paysafe.com https://www.paysafe.com https://api.paysafe.com https://secure7.arcot.com https://tsys.arcot.com https://secure5.arcot.com https://secure4.arcot.com https://geo.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://songbird.cardinalcommerce.com https://0eaf.cardinalcommerce.com https://writer.cardinalcommerce.com https://authentication.cardinalcommerce.com https://1eaf.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://hostedfieldsstag.cardinalcommerce.com https://0merchantacsstag.cardinalcommerce.com https://geostag.cardinalcommerce.com https://0geostag.cardinalcommerce.com https://1geostag.cardinalcommerce.com https://songbirdstag.cardinalcommerce.com https://0eafstag.cardinalcommerce.com https://3ds-secure.cardcomplete.com https://acs.touch.tech https://www.rsa3dsauth.co.uk https://acs1.mpts.modirum.com https://acs2.mpts.modirum.com https://acs3.mpts.modirum.com https://acs3.3ds.modirum.com https://acs1-3dsecure.cic.fr https://acs2-3dsecure.cic.fr https://acs1.edb.com https://acs2.edb.com https://acs2.luottokunta.fi https://acs1.viseca.ch https://acs.revolut.com https://poseidon.revolut.com https://danskebank-3ds-vdm.wlp-acs.com https://belgium-3ds-bxl.wlp-acs.com https://ssl-prd-u7f-fo-acs-pa-casa-vdm.wlp-acs.com https://danskebank-3ds-bxl.wlp-acs.com https://luxembourg-3ds-bxl.wlp-acs.com https://3ds-b.live.ext.prod.enfuce.com https://3ds-a.live.ext.prod.enfuce.com https://acs.apata.io https://verify.monzo.com https://channel-cards-html.lloydsbankinggroup.com https://mycardsecure.com https://clients.smartsecure.tsys.co.uk https://3debspay.boc.cn https://caiyunapp.com https://3ds-challenge.n26.com https://authentication-acs.marqeta.com https://foriseu-vbv.mycardplace.com https://3dsecure.sumup.com https://safekey-3.americanexpress.com https://3ds.emlpayments.com https://3dsecure-vrp.de https://3ds.redsys.es https://cacs-v2.icard.com https://gbemv3dsecure.garanti.com.tr https://acssbafrica.bankserv.co.za https://online.smartdebit.co.uk https://www.youtube-nocookie.com https://assets.pinterest.com; frame-ancestors 'self' https://hosted.paysafe.com https://api.paysafe.com https://www.paysafe.com https://writer.cardinalcommerce.com https://songbirdstag.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://hostedfieldsstag.cardinalcommerce.com https://geostag.cardinalcommerce.com https://0eafstag.cardinalcommerce.com https://0geostag.cardinalcommerce.com https://1geostag.cardinalcommerce.com https://songbird.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://geo.cardinalcommerce.com https://0merchantacsstag.cardinalcommerce.com; object-src 'self'; 1
default-src 'self' 'unsafe-inline' https://app-static-prod.posthog.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://us-assets.i.posthog.com https://analytics.tiktok.com https://analytics.tiktok.com:443 https://accounts.google.com/gsi/client https://challenges.cloudflare.com https://app.posthog.com/static/array.js https://app.posthog.com/ https://bat.bing.com https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://tpc.googlesyndication.com https://www.googleadservices.com https://www.google.com https://ssl.google-analytics.com https://js.usemessages.com https://js.hs-analytics.net https://connect.facebook.net/ https://www.googletagmanager.com/ https://connect.facebook.net/signals/config/139016240286793 https://www.google-analytics.com/ https://static.hsappstatic.net/MeetingsEmbed/ex/MeetingsEmbedCode.js https://www.googleapis.com/oauth2/v4/token https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://cdn.checkout.com/js/framesv2.min.js https://ajax.cloudflare.com/cdn-cgi/scripts/ https://js.hs-scripts.com/2026270.js https://js.usemessages.com/conversations-embed.js https://js.hs-banner.com/v2/2026270/banner.js https://js.hs-analytics.net/analytics/ https://connect.facebook.net/en_US/sdk.js https://us-assets.i.posthog.com/static/recorder-v2.js; child-src 'self' blob:; worker-src 'self' blob:; img-src data: 'self' https://www.facebook.com/privacy_sandbox/ https://region1.analytics.google.com https://analytics.tiktok.com https://analytics.tiktok.com:443 https://www.facebook.com/privacy_sandbox https://api.mapbox.com https://sitter-maps.meowtel.com/ https://bat.bing.com https://adservice.google.com https://www.google.co.th https://googleads.g.doubleclick.net https://google.com https://www.google.ie https://www.google.co.in https://www.google.es https://www.google.nl https://i.vimeocdn.com/ https://*.api.tomtom.com/ https://www.googletagmanager.com/ https://fonts.gstatic.com https://www.google.com/ads/ https://www.google-analytics.com/ https://analytics.google.com/ https://www.google.com.mx/ https://www.google.com.ar/ https://www.gstatic.com https://stats.g.doubleclick.net https://ct.pinterest.com w3.org/svg/2000 https://i.vimeocdn.com/video https://user-images.meowtel.com https://sitter-images.meowtel.com https://cat-images.meowtel.com https://chat-images.meowtel.com https://track.hubspot.com/__ptq.gif https://www.facebook.com/tr/; media-src data: 'self' https://chat-videos.meowtel.com; connect-src 'self' https://us.i.posthog.com https://us-autocomplete-pro.api.smartystreets.com/lookup https://www.googleadservices.com https://adservice.google.com https://adservice.google.com:443 https://analytics.tiktok.com https://us.i.posthog.com https://us.i.posthog.com/s/ https://app.posthog.com/ https://exceptions.hubspot.com/api/1/store/ https://exceptions.hubspot.com https://bat.bing.com https://google.com google.com https://google.com/pagead/form-data/ meowtel.com https://meowtel.com/socket.io/ wss://meowtel.com wss://meowtel.com/ https://www.google.com https://www.google.com.ph/ https://www.google.com.mx/ https://www.google.co.in/ https://connect.facebook.net/ https://www.facebook.com/tr/ https://stats.g.doubleclick.net/ https://adservice.google.com/ https://region1.analytics.google.com https://analytics.google.com https://www.google-analytics.com/ https://vimeo.com/api/oembed.json https://api.hubspot.com/livechat-public/v1/message/public https://o4504816287350784.ingest.sentry.io https://js.checkout.com/framesv2/log https://www.googleapis.com/oauth2/v4/token https://www.googleapis.com/oauth2/v3/userinfo; frame-src https://challenges.cloudflare.com https://www.googletagmanager.com https://tpc.googlesyndication.com https://td.doubleclick.net https://www.facebook.com https://player.vimeo.com https://js.checkout.com  https://app.hubspot.com https://static.hsappstatic.net https://meowtel.com https://meetings.hubspot.com data: https://www.youtube.com/; report-uri https://cfhfayfw.uriports.com/reports/report; report-to default 1
default-src 'self' style-src 'self' 'unsafe-inline' img-src https: data:; 1
script-src http: https: 'unsafe-inline' https://www.voordeelvanger.nl/ https://www.googletagmanager.com https://unpkg.com 'unsafe-eval' https://td.doubleclick.net; style-src 'self' blob: https: 'unsafe-inline' https://www.voordeelvanger.nl/ https://fonts.googleapis.com; img-src data: http: https: www.googletagmanager.com; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com https://fonts.gstatic.com; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com  consentcdn.cookiebot.com *.googletagmanager.com unpkg.com *.facebook.com https://td.doubleclick.net 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri https://www.library.wales/?eID=error 1
default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' data:; connect-src 'self'; manifest-src 'self'; form-action 'self'; frame-ancestors 'none'; base-uri 'none' 1
frame-ancestors 'self' https://loopup.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://snap.licdn.com https://www.google-analytics.com https://polyfill.io https://www.google.com https://trk.techtarget.com https://ws.zoominfo.com https://www.gstatic.com https://use.typekit.net https://ajax.googleapis.com https://go.loopup.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://public-usa.mkt.dynamics.com https://ssl.google-analytics.com https://app.theresumator.com https://app.jazz.co 1
script-src         	'self'         	blob:         	https://www.google.com/recaptcha/         	https://www.gstatic.com/recaptcha/         	maps.googleapis.com         	www.googleadservices.com         	googleads.g.doubleclick.net         	srv2.wa.marketingsolutions.yahoo.com         	*.googletagmanager.com         	ssl.google-analytics.com         	www.google-analytics.com         	dash.unbeatable.com         	none 		; 		object-src 			'self' 		; 		child-src 			'self' 			blob: 			none 		; 		frame-src 			'self' 			blob: 			*.youtube.com 			*.youtube-nocookie.com 			*.vimeo.com 			https://www.google.com/recaptcha/ 			*.thegenealogist.co.uk 			none 		; 		connect-src 			'self' 			*.thegenealogist.co.uk 			*.thegenealogist.com 			*.google-analytics.com 			*.analytics.google.com 			*.googletagmanager.com 			https://stats.g.doubleclick.net 			https://sentry.io 			https://*.sentry.io 			https://api.maptiler.com/tiles/ 			https://atlas.microsoft.com/map/ 			https://maps.googleapis.com 			none 		; 		report-uri https://o135918.ingest.sentry.io/api/5557585/security/?sentry_key=1c86c6533f69492aa16f2221ff63b416 1
default-src 'self' www.book2look.com 'unsafe-inline' 'unsafe-eval' beckassets.blob.core.windows.net/author/portrait/ rd-space-de.fra1.cdn.digitaloceanspaces.com/prod/beck/ www.chbeck.de *.usercentrics.eu *.googletagmanager.com *.google-analytics.com imageservice.azureedge.net *.google.com *.gstatic.com *.youtube.com i.ytimg.com *.cloudflare.com *.beck-shop.de *.doubleclick.net *.hotjar.io *.hotjar.com *.googleapis.com *.ggpht.com *.aspnetcdn.com *.spotify.com *.zdf.de *.sensic.net *.akamaihd.net *.nmrodam.com *.ioam.de *.soundcloud.com *.sndcdn.com *.ggpht.com apim-unverlangtedigmanusscripte.azure-api.net ik.imagekit.io/ mailing.beck.de/ cdn-assetservice.ecom-api.beck-shop.de *.beck-shop.de; 1
default-src https: data: wss://*.hotjar.com wss://*.crazyegg.com *.crazyegg.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' us-central1-adaptive-growth.cloudfunctions.net cdn.pdst.fm developers.google.com/tag-platform/tag-manager www.googletagmanager.com www.google-analytics.com code.jquery.com cdn.jsdelivr.net share.social9.com sharecdn.social9.com www.google.com www.gstatic.com maps.googleapis.com googleapis.com static.addtoany.com www.paypal.com connect.facebook.net analytics.google.com nd.transact.nab.com.au demo.transact.nab.com.au adriano-au.avanser.com js.adsrvr.org www.googleadservices.com; frame-src 'self' www.youtube.com docs.google.com docs.google.com.au download.altronics.com.au www.google.com www.google.com.au my.matterport.com www.paypal.com www.facebook.com analytics.google.com acs-ap-southeast-2.ndsprod.nds-sandbox-issuer.com demo.transact.nab.com.au td.doubleclick.net insight.adsrvr.org; connect-src 'self' us-central1-adaptive-growth.cloudfunctions.net cdn.pdst.fm www.googletagmanager.com www.google-analytics.com analytics.google.com www.paypal.com demo.transact.nab.com.au maps.googleapis.com stats.g.doubleclick.net; img-src 'self' maps.gstatic.com www.google-analytics.com images.altronics.com.au sharecdn.social9.com maps.googleapis.com googleapis.com analytics.google.com www.paypal.com t.paypal.com www.facebook.com data: www.google.com.au www.google.com googleads.g.doubleclick.net insight.adsrvr.org; style-src 'unsafe-inline' 'self' cdn.jsdelivr.net cdnjs.cloudflare.com use.fontawesome.com sharecdn.social9.com fonts.googleapis.com www.paypal.com analytics.google.com; font-src 'self' use.fontawesome.com fonts.gstatic.com;frame-ancestors 'self'; 1
block-all-mixed-content; object-src 'none'; default-src 'self'; base-uri 'self'; font-src 'self' data:; img-src 'self' data: https:; connect-src 'self' https:; frame-src 'self' https:; script-src-elem 'self' https:; script-src 'self' https:; style-src 'self' https: 'unsafe-inline' 1
default-src 'self'; img-src 'self' data: https:; script-src 'self' 'unsafe-inline' https://*.olark.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://tagmanager.google.com https://undercity.usejimo.com https://karabor-undercity.usejimo.com/project 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://dashboard.rg-supervision.com https://tagmanager.google.com https://fonts.googleapis.com https://*.olark.com; font-src 'self' https://fonts.gstatic.com data: https://*.olark.com; connect-src 'self' https://*.olark.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.ingest.sentry.io wss://*.rg.gg https://login.microsoftonline.com https://karabor-undercity.usejimo.com; frame-src 'self' https://*.olark.com https://www.youtube.com/ https://login.microsoftonline.com https://*.usesjimo.com https://i.usejimo.com/ https://www.usejimo.com/ https://www.google.com; media-src 'self' https://*.olark.com; manifest-src 'self' 1
default-src https: wss: data: about: asset: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: wss: data: javascript: blob: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri https://herringshoes.report-uri.com/r/d/csp/enforce 1
default-src 'self' https://www.pagador.com.br https://transactionsandbox.pagador.com.br https://fonts.googleapis.com https://fonts.gstatic.com; img-src data: https: http:; script-src 'self' https://www.pagador.com.br 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://*.googlesyndication.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com https://www.pinterest.com https://www.pinterest.co.uk https://smct.co https://*.smct.co https://smct.io https://*.smct.io; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://ct.pinterest.com https://analytics.tiktok.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://c.lytics.io; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://fonts.gstatic.com; form-action 'self' https://www.facebook.com https://checkout.toblerone.co.uk https://www.toblerone.co.uk/ https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googlesyndication.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net  https://s1.thcdn.com/ https://s.pinimg.com https://analytics.tiktok.com https://*.ibytedtos.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://c.lytics.io; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com/ https://c.lytics.io; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.recaptcha.net lo.v.liveperson.net lptag.liveperson.net accdn.lpsnmedia.net tags.tiqcdn.com lpcdn.lpsnmedia.net cdn.optimizely.com cdn.appdynamics.com www.google-analytics.com maps.googleapis.com ssl.google-analytics.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com manifest.prod.boltdns.net *.siteintercept.qualtrics.com *.brightcovecdn.com brightcove.hs.llnwd.net maps.googleapis.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com www.hsbc.bm rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk http://127.0.0.1:5000 http://127.0.0.1:5000/* cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net *.recaptcha.net www.youtube.com; frame-ancestors 'self' www.hsbc.bm; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net brightcove.hs.llnwd.net manifest.prod.boltdns.net; manifest-src 'self' www.hsbc.bm; upgrade-insecure-requests ; report-uri /csp/report; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://foursixty.com https://*.cloudfront.net https://*.bazaarvoice.com http://*.bazaarvoice.com https://mpsnare.iesnare.com https://recaptcha.net https://dev.visualwebsiteoptimizer.com https://www.gstatic.com https://*.googleapis.com https://maps.google.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com http://connect.nosto.com https://www.paypal.com/ https://www.sandbox.paypal.com https://static.zdassets.com https://ekr.zdassets.com https://apgandco1642720129.zendesk.com https://*.zopim.com wss://apgandco1642720129.zendesk.com wss://*.zopim.com https://*.smooch.io https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.visualwebsiteoptimizer.com https://*.facebook.net https://*.klaviyo.com http://*.klaviyo.com https://*.rakuten.com http://*.rakuten.com https://*.trendii.com https://*.lexer.io https://*.doubleclick.net https://asia.creativecdn.com https://*.facebook.com https://zendesk-eu.my.sentry.io https://sgtm.sportscraft.com.au https://sgtm.sportscraft.nz https://*.pinimg.com https://*.sportscraft.nz http://*.sportscraft.nz http://*.criteo.com http://*.criteo.net https://*.criteo.net https://*.criteo.com https://*.pinterest.com http://*.pinterest.com https://*.wonderpush.com https://*.smooch.io/ https://zendesk-eu.my.sentry.io/ https://*.google.com https://cdn.jsdelivr.net https://unpkg.com/cloudinary-video-player@1.9.5/ https://form.typeform.com https://*.webeyez.com/ https://*.cardinalcommerce.com/ https://*.rsa3dauth.com/ https://*.rsa3dauth.co.uk/ https://*.rsa3dsauth.com/ https://*.rsa3dsauth.co.uk/ https://*.securesite.co.uk/ https://mycardsecure.com/ https://*.mycardsecure.com/ https://*.arcot.com/ https://assets.trendii.com/ https://analytics.tiktok.com/; img-src 'self' data: *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://foursixty.com http://foursixty.com https://*.bazaarvoice.com http://*.bazaarvoice.com https://*.googleapis.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com http://connect.nosto.com https://*.klaviyo.com http://*.klaviyo.com https://*.rakuten.com http://*.rakuten.com https://*.trendii.com https://*.lexer.io https://*.doubleclick.net http://*.doubleclick.net https://asia.creativecdn.com https://*.facebook.com https://*.facebook.net https://sgtm.sportscraft.com.au https://sgtm.sportscraft.nz https://cdn.jsdelivr.net https://*.visualwebsiteoptimizer.com https://unpkg.com/cloudinary-video-player@1.9.5/ https://form.typeform.com https://*.webeyez.com https://*.cardinalcommerce.com/ https://*.rsa3dauth.com/ https://*.rsa3dauth.co.uk/ https://*.rsa3dsauth.com/ https://*.rsa3dsauth.co.uk/ https://*.securesite.co.uk/ https://mycardsecure.com/ https://*.mycardsecure.com/ https://*.arcot.com/ https://assets.trendii.com/ https://analytics.tiktok.com/; font-src 'self' https://themes.googleusercontent.com https://display.ugc.bazaarvoice.com https://stg.api.bazaarvoice.com https://api.bazaarvoice.com https://*.webeyez.com https://*.cardinalcommerce.com/ https://*.rsa3dauth.com/ https://*.rsa3dauth.co.uk/ https://*.rsa3dsauth.com/ https://*.rsa3dsauth.co.uk/ https://*.securesite.co.uk/ https://mycardsecure.com/ https://*.mycardsecure.com/ https://*.arcot.com/ data: https://fonts.gstatic.com; frame-src 'self' https://*.saba.com.au https://apps.bazaarvoice.com http://apps.bazaarvoice.com https://stg.api.bazaarvoice.com https://api.bazaarvoice.com http://stg.api.bazaarvoice.com http://api.bazaarvoice.com https://analytics-static.ugc.bazaarvoice.com http://analytics-static.ugc.bazaarvoice.com https://display.ugc.bazaarvoice.com http://display.ugc.bazaarvoice.com https://network-stg.bazaarvoice.com https://network.bazaarvoice.com http://network-stg.bazaarvoice.com http://network.bazaarvoice.com https://themes.googleusercontent.com https://recaptcha.net https://dev.visualwebsiteoptimizer.com https://maps.googleapis.com https://maps.google.com https://sgtm.sportscraft.com.au https://sgtm.sportscraft.nz https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://pal-test.adyen.com https://www.sandbox.paypal.com https://brauz-book-a-stylist.netlify.app https://*.klaviyo.com http://*.klaviyo.com https://*.rakuten.com http://*.rakuten.com https://*.lexer.io https://*.doubleclick.net http://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.criteo.net http://*.criteo.net http://*.criteo.com https://*.pinterest.com http://*.pinterest.com https://cdn.jsdelivr.net https://*.contentful.com https://form.typeform.com https://www.google.com/ https://*.webeyez.com https://*.cardinalcommerce.com/ https://pay.google.com https://*.rsa3dauth.com/ https://*.rsa3dauth.co.uk/ https://*.rsa3dsauth.com/ https://*.rsa3dsauth.co.uk/ https://*.securesite.co.uk/ https://mycardsecure.com/ https://*.mycardsecure.com/ https://*.arcot.com/ https://assets.trendii.com/ https://analytics.tiktok.com/; frame-ancestors 'self' https://*.frontastic.io frontastic.io.local https://*.contentful.com https://*.webeyez.com https://*.cardinalcommerce.com/ https://*.rsa3dauth.com/ https://*.rsa3dauth.co.uk/ https://*.rsa3dsauth.com/ https://*.rsa3dsauth.co.uk/ https://*.securesite.co.uk/ https://mycardsecure.com/ https://*.mycardsecure.com/ https://*.arcot.com/; object-src 'self'; connect-src 'self' ws: wss: https://foursixty.com http://foursixty.com https://metrics.foursixty.com https://recaptcha.net https://dev.visualwebsiteoptimizer.com https://www.gstatic.com https://*.googleapis.com https://maps.google.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://*.algolia.net https://*.algolianet.com http://*.nosto.com https://*.getomneo.com https://*.omneoapp.com https://stg.api.bazaarvoice.com https://api.bazaarvoice.com http://apgandcocom.datatoolscloud.net.au https://kleber.datatoolscloud.net.au https://api.brauz.ai https://brauz-api-netlify.netlify.app https://www.paypal.com https://www.sandbox.paypal.com https://static.zdassets.com https://ekr.zdassets.com https://apgandco1642720129.zendesk.com https://*.zopim.com https://*.zendesk.com wss://apgandco1642720129.zendesk.com wss://*.zopim.com https://*.smooch.io https://zendesk-eu.my.sentry.io https://*.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://*.facebook.net https://*.klaviyo.com http://*.klaviyo.com https://*.rakuten.com https://*.trendii.com https://*.lexer.io https://*.doubleclick.net http://*.doubleclick.net https://asia.creativecdn.com https://*.facebook.com https://sgtm.sportscraft.com.au https://sgtm.sportscraft.nz https://*.pinterest.com http://*.pinterest.com http://*.criteo.com https://*.criteo.com http://*.criteo.net https://*.criteo.net http://*.sportscraft.nz https://*.sportscraft.nz https://*.wonderpush.com https://*.smooch.io/ https://zendesk-eu.my.sentry.io/ https://*.google.com https://cdn.jsdelivr.net https://*.algolianet.io https://form.typeform.com https://*.webeyez.com https://*.cardinalcommerce.com/ https://google.com/pay https://*.rsa3dauth.com/ https://*.rsa3dauth.co.uk/ https://*.rsa3dsauth.com/ https://*.rsa3dsauth.co.uk/ https://*.securesite.co.uk/ https://insights.algolia.io https://mycardsecure.com/ https://*.mycardsecure.com/ https://*.arcot.com/ https://assets.trendii.com/ https://analytics.tiktok.com/; media-src 'self' https://*.saba.com.au https://media.sportscraft.com.au https://*.cloudinary.com https://static.zdassets.com https://sgtm.sportscraft.com.au https://*.sportscraft.com.au https://*.ctfassets.net http://*.cloudinary.com https://*.webeyez.com https://*.cardinalcommerce.com/ https://*.rsa3dauth.com/ https://*.rsa3dauth.co.uk/ https://*.rsa3dsauth.com/ https://*.rsa3dsauth.co.uk/ https://*.securesite.co.uk/ https://mycardsecure.com/ https://*.mycardsecure.com/ https://*.arcot.com/ 1
frame-src 'self' js.stripe.com www.google.com secure.livechatinc.com *.relatient.net *.everseat.com; worker-src 'self'; connect-src wss: schdl.com capture.trackjs.com *.schdl.com *.pndsn.com *.pubnub.com blob:; font-src 'self' data: fonts.gstatic.com *.schdl.com; form-action 'self'; frame-ancestors https: *.relatient.net; img-src 'self' data: secure.livechatinc.com www.google-analytics.com q.stripe.com v3-common.s3.amazonaws.com s3.amazonaws.com usage.trackjs.com *.everseat.com *.schdl.com *.aws.relatient.net blob:; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.everseat.com *.schdl.com; 1
frame-src 'self' blob: https://*.migrosbank.ch https://io.fusedeck.net/ https://api.onloan.ch/ https://mb.api.onloan.ch/ https://docs.onloan.ch/ https://www.google-analytics.com/ https://*.doubleclick.net/ https://www.googletagmanager.com/ https://services.logismata.ch/ https://cdn.cookielaw.org/ https://cdn.migros.ch/ https://migros-gruppe.jobs/ https://payment.datatrans.biz/ https://www.youtube.com/ https://chat.viseca.ch https://online.serviceocean.com https://www.onlineberatung.ch https://www.coffeeb.com/ https://pv.offerten-rechner.ch/ https://hp.offerten-rechner.ch/ https://gowago.ch/ https://blog.migrosbank.ch/ https://mb.levo-app.ch https://www.google.com; object-src 'none'; frame-ancestors 'self' https://enl.migrosbank.ch https://*.ti8m.ch; 1
default-src 'self' *.ikhokha.io *.ikhokha.com https://6412394.hs-sites.com dashboard.ikhokha.com ikhokha.com *.ikhokha.green *.sanity.io *.vercel.app api.hubapi.com vercel.live *.datadoghq.eu browser-intake-datadoghq.eu api.smartrecruiters.com *.myshopify.com *.litix.io *.googleusercontent.com *.gstatic.com *.googleapis.com *.google.com google.com *.google.co.za google.co.za *.google.co.zw google.co.zw *.google.com.gh google.com.gh *.google.co.in google.co.in *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.mux.com *.youtube.com  *.hsforms.com *.hubspot.com *.algolianet.com *.algolia.com js.hs-scripts.com js.hs-banner.com js.usemessages.com js.hsadspixel.net js.hs-analytics.net js.hsleadflows.net https://google.com connect.facebook.net js.hsadspixel.net; connect-src 'self' webpack properties *.ikhokha.io *.pusher.com *.ikhokha.com https://6412394.hs-sites.com dashboard.ikhokha.com ikhokha.com *.ikhokha.green *.sanity.io *.vercel.app api.hubapi.com vercel.live *.datadoghq.eu browser-intake-datadoghq.eu api.smartrecruiters.com *.myshopify.com *.litix.io *.googleusercontent.com *.gstatic.com *.googleapis.com *.google.com google.com *.google.co.za google.co.za *.google.co.zw google.co.zw *.google.com.gh google.com.gh *.google.co.in google.co.in *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.mux.com *.youtube.com  *.hsforms.com *.hubspot.com *.algolianet.com *.algolia.com js.hs-scripts.com js.hs-banner.com js.usemessages.com js.hsadspixel.net js.hs-analytics.net js.hsleadflows.net https://google.com *.hsappstatic.net; img-src 'self' blob: data: cdn.sanity.io cta-service-cms2.hubspot.com vercel.com image.mux.com track.hubspot.com *.facebook.com facebook.com *.facebook.net facebook.net perf-na1.hsforms.com *.vercel.com maps.gstatic.com maps.googleapis.com *.google.com google.com *.google.co.za google.co.za *.google.co.zw google.co.zw *.google.com.gh google.com.gh *.google.co.in google.co.in *.doubleclick.net *.hubspotusercontent-na1.net https://www.googletagmanager.com;font-src 'self' data: *.vercel.app *.gstatic.com *.vercel.com *.google.com google.com *.google.co.za google.co.za *.google.co.zw google.co.zw *.google.com.gh google.com.gh *.google.co.in google.co.in; media-src 'self' blob: inferred.litix.io perf-na1.hsforms.com track.hubspot.com *.mux.com *.google.com google.com *.google.co.za google.co.za *.google.co.zw google.co.zw *.google.com.gh google.com.gh *.google.co.in google.co.in; style-src 'self' 'unsafe-inline' fonts.googleapis.com vercel.live; frame-ancestors 'self' ikhokha.com dashboard.ikhokha.com auth.ikhokha.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolianet.com *.algolia.com *.googleadservices.com *.google.com https://www.googletagmanager.com https://js.hubspotfeedback.com/feedbackweb-new.js *.doubleclick.net inferred.litix.io www.youtube.com www.gstatic.com www.datadoghq-browser-agent.com vercel.live js.hs-scripts.com js.hsleadflows.net js.hs-analytics.net js.hsadspixel.net/fb.js js.hubspot.com js.usemessages.com js.hs-banner.com maps.googleapis.com https://googleads.g.doubleclick.net https://connect.facebook.net; worker-src 'self' blob:; 1
frame-ancestors 'self' https://sites-ms.lumapps.com/ https://dwp.geodis.com/ https://wishes.geodis.com/; 1
style-src 'self' 'unsafe-inline' *.seb.se; script-src 'self' 'nonce-BqR57h//8WAV0RFuWgYE8sJdHqAMt/V8zBhamRdcgX4=' 'report-sample' 'unsafe-eval' *.seb.se; img-src 'self' *.seb.se seb.d3.sc.omtrdc.net cache.cvm3.se data: https:; frame-src 'self' seb.se *.seb.se seb-external.creo.se seb-external.creomediamanager.com player.cvm3.se seb-live.creo.se seb-live.creomediamanager.com; font-src 'self' content.seb.se data:; connect-src 'self' seb.se *.seb.se *.sebgroup.com seb.d3.sc.omtrdc.net; base-uri 'self'; object-src 'none'; report-uri /api/csp-report/ 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.mediaroom.com *.investorroom.com *.prnewswire.com *.drivetheweb.com *.onstreammedia.com *.onstreamsecure.com *.cloudflare.com *.c212.net c212.net prnewswire2-a.akamaihd.net www.google.com www.gstatic.com cdn.jsdelivr.net www.googletagmanager.com *.brightcove.net xbrl.quotemedia.com *.quotemedia.com *.google-analytics.com *.onetrust.com; 1
default-src 'self' https: recipeland.com c.recipeland.com ws-na.amazon-adsystem.com ir-na.amazon-adsystem.com pixel.adsafeprotected.com chicoryapp.com; font-src 'self' https: data: c.recipeland.com fonts.gstatic.com; img-src 'self' https: data: c.recipeland.com pixel.adsafeprotected.com ib.adnxs.com; object-src 'none'; script-src 'self' https: recipeland.com c.recipeland.com mato.recipeland.com ads.blogherads.com 'unsafe-inline' 'unsafe-eval' assets.pinterest.com cdn.adsafeprotected.com secure.cdn.fastclick.net cdn.id5-sync.com ats.rlcdn.com native.sharethrough.com chicoryapp.com cdn-gateflipp.flippback.com; style-src 'self' https: c.recipeland.com 'unsafe-inline' fonts.googleapis.com 1
default-src 'self' *.cloudflare.com 'unsafe-inline' *.googleapis.com *.lfeeder.com *.leadfeeder.com consentcdn.cookiebot.com cdn2.hubspot.net *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net  *.hscollectedforms.net  *.hsforms.net *.hsforms.com static.hsappstatic.net js.hubspotfeedback.com js.usemessages.com *.vidyard.com 'unsafe-hashes' *.hubspotusercontent-na1.net; font-src fonts.gstatic.com static.hsappstatic.net *.fontawesome.com *.hubspotusercontent-na1.net; connect-src 'self' https://google.com/pagead/form-data https://google.com/ccm/form-data https://www.google.com/pagead/landing pixel-config.reddit.com analytics.twitter.com ads-api.twitter.com ads-twitter.com https://www.redditstatic.com conversions-config.reddit.com js.hs-banner.com js.hscta.net *.hubapi.com *.linkedin.com cdn.linkedin.oribi.io stats.g.doubleclick.net *.hscollectedforms.net *.fontawesome.com *.google-analytics.com *.hubspot.com consentcdn.cookiebot.com googleads.g.doubleclick.net https://googleads.g.doubleclick.net/pagead *.hsforms.com *.analytics.google.com; img-src 'self' */ads/ga-audiences *.ververica.com *.lfeeder.com *.leadfeeder.com analytics.twitter.com ads-api.twitter.com ads-twitter.com www.googletagmanager.com no-cache.hubspot.com js.hscta.net data: *.hubspot.com *.linkedin.com *.cookiebot.com *.hsforms.com *.hsappstatic.net *.hubspotusercontent-na1.net https://www.google-analytics.com https://www.facebook.com https://alb.reddit.com https://www.google.com https://t.co googleads.g.doubleclick.net; frame-src 'self' play.hubspotvideo.com *.hs-sites.com forms.hsforms.com td.doubleclick.net www.youtube.com consentcdn.cookiebot.com *.hubspot.com platform.twitter.com www.google.com www.facebook.com; object-src 'none'; base-uri 'none'; script-src 'self' 'unsafe-eval' *.hubapi.com *.cloudflare.com *.googleapis.com *.lfeeder.com *.leadfeeder.com feedback.hubapi.com *.usemessages.com js.hscta.net *.hs-analytics.net static.hsappstatic.net *.hsadspixel.net *.hubspot.com js.hsforms.net lookerstudio.google.com www.googletagmanager.com kit.fontawesome.com consent.cookiebot.com www.google-analytics.com 'unsafe-inline' app.hubspot.com js.hsleadflows.net js.hscollectedforms.net js.usemessages.com js.hs-banner.com consentcdn.cookiebot.com connect.facebook.net googleads.g.doubleclick.net www.redditstatic.com snap.licdn.com static.ads-twitter.com platform.twitter.com *.linkedin.com cdn2.hubspot.net 'strict-dynamic' 'nonce-M0mRa+kVX57zaUMiMbVIUw=='; frame-ancestors 'self' www.ververica.academy; report-uri https://02r8cr13.uriports.com/reports/report; report-to default; upgrade-insecure-requests; 1
base-uri 'self';font-src 'self' data: apt-cucaaxacf9ghehaw.z01.azurefd.net;connect-src 'self' *.googletagmanager.com *.google-analytics.com *.mg.services *.doubleclick.net apt-cucaaxacf9ghehaw.z01.azurefd.net;default-src 'self' *.allpasstrust.com *.mg.services apt-cucaaxacf9ghehaw.z01.azurefd.net;form-action 'self' http://testing.mydirtyhobby.de https://testing.mydirtyhobby.de https://www.mydirtyhobby.de;frame-src 'self' www.google.com *.googletagmanager.com widget.tantumpay.com;img-src 'self' data: *.allpasstrust.com *.mg.services *.googletagmanager.com *.google-analytics.com apt-cucaaxacf9ghehaw.z01.azurefd.net;media-src 'self';style-src 'self' 'unsafe-inline' *.allpasstrust.com *.mg.services apt-cucaaxacf9ghehaw.z01.azurefd.net;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.allpasstrust.com *.mg.services apt-cucaaxacf9ghehaw.z01.azurefd.net www.google.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net www.gstatic.com widget.tantumpay.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://strangeobject.space; img-src 'self' data: blob: https://strangeobject.space https://files.strangeobject.space; style-src 'self' https://strangeobject.space 'nonce-fErXPS6O0V9jUegvqCQD2Q=='; media-src 'self' data: https://strangeobject.space https://files.strangeobject.space; frame-src 'self' https:; manifest-src 'self' https://strangeobject.space; form-action 'self'; child-src 'self' blob: https://strangeobject.space; worker-src 'self' blob: https://strangeobject.space; connect-src 'self' data: blob: https://strangeobject.space https://files.strangeobject.space wss://strangeobject.space; script-src 'self' https://strangeobject.space 'wasm-unsafe-eval' 1
default-src 'self'; manifest-src 'self'; base-uri 'self'; form-action 'self'; font-src 'self' data: 'unsafe-inline'; frame-ancestors 'self'; object-src 'none'; img-src www.googletagmanager.com 'self' blob: data:; connect-src www.google-analytics.com https://api.chilisburgertime.com 'self' data: blob: cognito-idp.us-east-1.amazonaws.com cognito-identity.us-east-1.amazonaws.com wss://av1469bmuw31r-ats.iot.us-east-1.amazonaws.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com; style-src-elem 'self' blob: data: 'unsafe-inline'; style-src 'self' blob: data: 'unsafe-inline'; worker-src 'self' blob: data; media-src 'self' data:; 1
connect-src 'self' *.googlesyndication.com *.googleapis.com *.gstatic.com *.google-analytics.com securepubads.g.doubleclick.net stats.g.doubleclick.net wss://*.zopim.com *.zopim.com *.zendesk.com *.zdassets.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.yimg.com; default-src 'self' *.googlesyndication.com; font-src 'self' data: *.gstatic.com *.zopim.com  https://*.hotjar.com; form-action 'self'; frame-src 'self' secure.rnstg.com secure.rewardsnetwork.com *.google.com *.googlesyndication.com *.googleapis.com https://www.googleadservices.com *.doubleclick.net https://*.hotjar.com youtube.com www.youtube.com; frame-ancestors 'self' *.rnqae.com *.rnstg.com *.idine.com; img-src 'self' data: media.rewardsnetwork.com https://apple-resources.s3.amazonaws.com *.ggpht.com *.google-analytics.com *.googlesyndication.com *.googleapis.com *.gstatic.com *.google.com cdn.buttercms.com res.cloudinary.com *.doubleclick.net stats.g.doubleclick.net seal-chicago.bbb.org *.zopim.io *.zopim.com *.zendesk.com *.zdassets.com https://*.hotjar.com *.facebook.com *.yahoo.com; media-src 'self' cdn.buttercms.com res.cloudinary.com *.zdassets.com ; object-src 'self' media.rewardsnetwork.com res.cloudinary.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.gstatic.com *.google.com *.googleapis.com *.googletagservices.com *.googletagmanager.com *.googlesyndication.com res.cloudinary.com *.doubleclick.net cdn.ampproject.org seal-chicago.bbb.org assets.adobedtm.com assets.zendesk.com *.zopim.com *.zdassets.com https://*.hotjar.com *.facebook.net *.yimg.com; style-src 'self' 'unsafe-inline' *.googleapis.com https://*.hotjar.com cloud.typography.com; 1
child-src 'self' blob:;connect-src 'self' https://www.google-analytics.com https://maps.googleapis.com facebook.com google-analytics.com cdn.islandsbanki.is 12pjqcn2sm-dsn.algolia.net https://640islandsbanki.boost.ai https://islandsbanki-test.boost.ai https://consentcdn.cookiebot.com/ https://edge.adobedc.net https://adobedc.demdex.net https://widget.datablocks.se https://hub.mfn.se/ https://auth-test.isbank.is https://auth.islandsbanki.is https://*.google-analytics.com;default-src 'self';img-src 'self' data: https://imgsct.cookiebot.com/ https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.is *.siteimproveanalytics.io *.gstatic.com *.googleapis.com *.ytimg.com cdn.islandsbanki.is boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com prismic-io.s3.amazonaws.com isb-website.cdn.prismic.io images.prismic.io;font-src 'self' data: https://cdn.islandsbanki.is/;object-src 'none';media-src 'self';manifest-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.prismic.io https://maps.googleapis.com https://prismic.io https://www.google.com https://www.youtube.com https://s.ytimg.com https://640islandsbanki.boost.ai https://islandsbanki-test.boost.ai https://www.googletagmanager.com https://www.gstatic.com https://siteimproveanalytics.com *.adobedc.net https://www.google-analytics.com https://connect.facebook.net https://www.google.com https://www.gstatic.com https://www.recaptcha.net/ https://consent.cookiebot.com https://consentcdn.cookiebot.com https://assets.adobedtm.com https://*.infogram.com 'nonce-9ac24390-c0cd-489b-8f95-d07d1641232a' 'sha256-QsLvY8Rx6B9JCjWGBE5gM3IN+2uclV2FJAUWMC4o58k=' 'sha256-1gIG1EI7ABKBfq8rVwk7j2MeEOIlut5+TbLxyAnCYTA=' 'sha256-yjbQYTDTGeh83tID7X4P8shfeXu07tD4iLjoMIr+e4w=' 'sha256-qEXb+QLuCAPNTPbZxHzxcXrnG22qOg/k7niD2csPshA=' 'sha256-gtKFj0yNetpIDkA36Pz+kl6/tx8y2XsLtD/uFt4lUYk=' 'sha256-TFbe14wfD8Dm1d/WnPUgdvGKU7iqemABzFbfecj708Y=' 'sha256-4cFcsF0wg+c2o8ebtN0UyYJ+eUB2WN4lNfLtNhFrMOY=' 'sha256-6CPmZ66VDSElGdOgAbpCDKf1M99mIw0NIsrbbJjXDZw=' 'sha256-Uf8y48ZxMQ7lyVfjNhtksVK2zVb+sfpG7IVN1msrK/k=' 'sha256-mGbGbnWys+WQjkr/v68zcXw5O6y8X97qI+UtewXd0yk=';style-src 'self' 'unsafe-inline' blob: *.adobedc.net;frame-src https://*.islandsbanki.is https://*.isbank.is https://gamli.islandsbanki.is https://*.islandssjodir.is https://www.youtube.com https://consentcdn.cookiebot.com https://www.vib.is https://*.isb.is https://*.infogram.com https://www.google.com https://www.gstatic.com https://isb-website.prismic.io/ https://www.recaptcha.net/ https://auth-test.isbank.is/ https://auth.islandsbanki.is/ https://islandsbanki-frodi-authentication.dev.kube.isbank.is https://*.featureupvote.com;worker-src 'self' blob: 1
default-src 'unsafe-inline' 'self' https://*.tez3.com https://*.smsvalet.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.blob.core.windows.net https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net; script-src 'unsafe-inline' 'self' 'unsafe-eval' https://*.tez3.com https://*.smsvalet.com https://*.googleapis.com https://*.gstatic.com https://stats.g.doubleclick.net; script-src-elem 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net; img-src 'self' data: https://*.google.com https://*.tez3.com https://*.smsvalet.com https://*.blob.core.windows.net https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com; 1
upgrade-insecure-requests; default-src 'self' https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; object-src https:; form-action https:; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=iregiony&d=2024-07-26 1
default-src 'self' maxcdn.bootstrapcdn.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googleapis.com *.google.com *.google.nl *.gstatic.com *.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onlineafspraken.nl *.facebook.net  *.jsdelivr.net *.mouseflow.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googleapis.com *.google.com *.google.nl *.gstatic.com *.doubleclick.net;script-src-elem 'self' 'unsafe-inline' *.onlineafspraken.nl *.facebook.net *.jsdelivr.net *.mouseflow.com portal.websecurityscan.eu *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googleapis.com *.google.com *.google.nl *.gstatic.com *.doubleclick.net *.instagram.com;connect-src 'self' *.jsdelivr.net *.onlineafspraken.nl code.jquery.com portal.websecurityscan.eu *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googleapis.com *.google.com *.google.nl *.gstatic.com *.doubleclick.net  *.instagram.com;manifest-src 'self';img-src 'self' *.onlineafspraken.nl *.facebook.net *.facebook.com *.ytimg.com data: *.websecurityscan.eu *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googleapis.com *.google.com *.google.nl *.gstatic.com *.doubleclick.net;style-src 'self' 'unsafe-inline' *.onlineafspraken.nl fonts.googleapis.com maxcdn.bootstrapcdn.com *.websecurityscan.eu  *.instagram.com;style-src-elem 'self' 'unsafe-inline' *.onlineafspraken.nl fonts.googleapis.com maxcdn.bootstrapcdn.com *.websecurityscan.eu *.instagram.com;base-uri 'self';frame-src 'self' *.facebook.com *.youtube.com *.youtu.be *.google.com portal.websecurityscan.eu  *.instagram.com;font-src 'self' *.onlineafspraken.nl maxcdn.bootstrapcdn.com fonts.gstatic.com 1
frame-ancestors 'self' https://*.poupex.com.br 1
frame-ancestors 'self' saleshood.com 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src 'self' data: https://*.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' data: https://px.ads.linkedin.com https://www.linkedin.com; 1
default-src 'self';font-src 'self' data: fonts.gstatic.com fonts.googleapis.com;img-src 'self' data: www.google-analytics.com www.g.doubleclick.net maps.gstatic.com maps.googleapis.com www.youtube.com cdn.cookielaw.org www.securitasmedia.com securitasmedia.com  www.googletagmanager.com i.ytimg.com www.google.co.in www.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;script-src www.youtube.com  az416426.vo.msecnd.net  'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org www.google-analytics.com maps.googleapis.com www.googletagmanager.com  dl.episerver.net www.youtube.com www.google.com www.gstatic.com https://*.googletagmanager.com apis.google.com munchkin.marketo.net cdn.jsdelivr.net;style-src 'self'  'unsafe-inline' fonts.googleapis.com dl.episerver.net;frame-src www.youtube.com tools.euroland.com www.google.com es-securitas.easycruit.com;media-src 'self';connect-src 'self'  cdn.cookielaw.org dc.services.visualstudio.com www.google-analytics.com stats.g.doubleclick.net maps.googleapis.com geolocation.onetrust.com ds-onetrust.securitas.com analytics.google.com region1.analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat 836-kbj-029.mktoresp.com https://api.friendlycaptcha.com https://*.gstatic.com;frame-ancestors 'none' 'self';worker-src 'self' blob:; 1
default-src     'self' ; img-src         'self' data: https://*.pxia.de https://www.apcoa.de https://vm-apcoa-typo3-04 https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.google.de *.facebook.com *.solvemate.com https://*.zohocdn.com https://*.zohopublic.eu https://*.newsletter2go.com https://*.linkedin.com https://www.apcoa.se https://*.zohostatic.eu https://*.zoho.eu https://*.wikimedia.org https://www.googletagmanager.com https://*.click4assistance.co.uk https://*.cookiebot.com https://*.tiktok.com https://*.apcoa.de https://*.usercentrics.eu;  script-src      'self' 'unsafe-inline' 'unsafe-eval' https://*.bootstrapcdn.com https://fonts.googleapis.com/css/ https://*.bootstrapcdn.com https://*.pxia.de https://vm-apcoa-typo3-04 https://consent.cookiebot.com https://www.googletagmanager.com https://consentcdn.cookiebot.com https://*.google.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.mana-hr.net https://*.facebook.net https://www.google-analytics.com/ https://*.doubleclick.net https://*.zoho.eu https://*.zohocdn.com https://*.newsletter2go.com;  script-src-elem 'self' 'unsafe-inline' https://*.park-control.de/ https://www.google-analytics.com/analytics.js https://*.bootstrapcdn.com https://fonts.googleapis.com/css/ https://*.google.com https://consent.cookiebot.com https://www.googletagmanager.com https://consentcdn.cookiebot.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.gstatic.com *.solvemate.com www.googleadservices.com *.facebook.net *.doubleclick.net *.mana-hr.net https://*.zoho.eu https://*.zohostatic.eu *.zohocdn.com https://*.newsletter2go.com https://www.google-analytics.com https://sc-static.net stats.docu.info https://leie.apcoa.no https://services.apcoa.no https://tr.snapchat.com *.livechatinc.com https://*.licdn.com https://*.hotjar.com https://*.click4assistance.co.uk https://*.zendesk.com https://*.zdassets.com https://*.tiktok.com https://*.usercentrics.eu;  style-src       'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com *.solvemate.com https://*.zohocdn.com *.bootstrapcdn.com https://*.zohostatic.eu;  font-src        'self' data: https://*.googleapis.com https://fonts.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com *.solvemate.com *.zohocdn.com https://*.zohostatic.eu;  frame-src       'self' https://consentcdn.cookiebot.com https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com *.apcoa.de *.mana-hr.net *.mana-jobs.de https://maps.google.com http://europark.easycruit.com https://tr.snapchat.com https://*.zohopublic.eu https://*.zoho.eu *.apcoa.no https://*.facebook.com https://*.livechatinc.com https://apcoa-rec.trustit.org http://prelive02.apcoa.com https://docs.google.com https://*.click4assistance.co.uk https://*.q2c.eu https://*.apcoa.se https://*.doubleclick.net https://*.googletagmanager.com https://*.usercentrics.eu;  worker-src       data: blob: 'unsafe-eval' 'unsafe-inline';  object-src      'self' ;  connect-src     'self' https://*.park-control.de https://*.google-analytics.com https://*.googleapis.com https://*.cookiebot.com *.google.com *.doubleclick.net *.solvemate.com *.facebook.com https://*.zoho.eu *.zohopublic.eu wss://vts.zohopublic.eu https://*.newsletter2go.com https://tr.snapchat.com https://*.linkedin.oribi.io https://pagead2.googlesyndication.com https://*.zdassets.com https://*.zendesk.com https://www.apcoa.de https://*.apcoa.de https://*.pangle-ads.com https://*.tiktok.com https://*.usercentrics.eu;  media-src       'self' data: https://*.googleapis.com https://fonts.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com *.solvemate.com *.zohocdn.com; 1
default-src 'self' 'unsafe-inline' *.gopay.cz *.gopay.com goshop.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.cz *.googletagmanager.com *.smartsuppcdn.com *.gopaycdn.com *.gopaycdn-test.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.gopay.cz *.gopay.com goshop.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.cz *.googleapis.com cdn.getbeyond.io *.googletagmanager.com *.hostedstatus.com *.leady.com *.crazyegg.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com googleads.g.doubleclick.net *.googlesyndication.com *.smartsuppchat.com *.smartsuppcdn.com *.smartsupp.com wss://*.smartsupp.com *.gopaycdn.com *.gopaycdn-test.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.gopay.cz *.gopay.com goshop.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.cz *.googleapis.com cdn.getbeyond.io *.googletagmanager.com https://*.hotjar.com *.crazyegg.com *.facebook.net *.leady.com c.imedia.cz *.googleadservices.com *.seznam.cz *.smartsuppchat.com *.doubleclick.net *.smartsuppcdn.com *.smartsupp.com *.gopaycdn.com *.gopaycdn-test.com https://bat.bing.com; img-src 'self' data: *.gopay.cz *.gopay.com goshop.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.cz *.googleapis.com https://partner.dev.gopay.cz p.typekit.net *.gstatic.com *.googletagmanager.com *.facebook.com *.seznam.cz *.smartsuppcdn.com *.maxcdn.com *.gopaycdn.com *.gopaycdn-test.com https://*.hotjar.com https://bat.bing.com; style-src 'self' 'unsafe-inline' *.gopay.cz *.gopay.com use.typekit.net p.typekit.net *.googletagmanager.com fonts.googleapis.com *.gopaycdn.com *.gopaycdn-test.com https://*.hotjar.com; frame-src *; child-src 'none'; frame-ancestors *; font-src 'self' data: use.typekit.net fonts.gstatic.com https://*.hotjar.com; object-src 'none'; report-to 'default'; 1
base-uri 'self'; font-src 'self'; form-action 'none'; frame-ancestors 'none'; img-src 'self' https: http: data: blob:; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests; default-src 'self'; connect-src 'self' https: http: wss: ws:; frame-src https:; manifest-src 'self'; media-src 'self' https: http:; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' 1
default-src 'self' data: 'unsafe-inline' syndication.twitter.com www.google.com qualitysetu.qcin.org www.facebook.com; script-src 'self' 'unsafe-inline' qcin.org www.qcin.org www.google.com www.gstatic.com connect.facebook.net www.youtube.com; frame-src 'self' www.youtube.com syndication.twitter.com www.facebook.com www.google.com; style-src 'self' fonts.googleapis.com qcin.org www.qcin.org 'unsafe-inline'; font-src * data: 1
default-src 'self' blob: www.google-analytics.com www.googletagmanager.com; img-src 'self' www.google-analytics.com www.googletagmanager.com data:; style-src 'self' 'unsafe-inline' www.google.com fonts.googleapis.com www.googletagmanager.com; font-src 'self' fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com/ www.googletagmanager.com/; 1
default-src 'none';script-src 'self' 'nonce-bKR6jHTVeft/nTTUsKmTOQZV' 'unsafe-eval' *.mailchimp.com blob: *.arcgis.com https://connect.facebook.net https://*.googletagmanager.com https://*.google-analytics.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://googleads.g.doubleclick.net https://www.googleadservices.com/pagead/conversion_async.js;object-src 'self';style-src 'self' 'unsafe-inline' *.arcgis.com *.npdcapps.co.nz *.mailchimp.com;img-src 'self' *.arcgis.com *.npdc.govt.nz *.npdcapps.co.nz data: *.youtube.com https://*.googletagmanager.com https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.co.nz https://*.google.com https://www.npdcevents.nz https://www.npdcevents.co.nz https://storesydprodeventmanagem.blob.core.windows.net https://sthpanpdccorporateprod.blob.core.windows.net;media-src 'self';frame-src 'self' https://*.mailchimp.com *.arcgis.com https://*.npdcevents.nz https://*.npdcapps.co.nz https://*.npdc.govt.nz https://www.npdcevents.nz https://www.npdcevents.co.nz https://www.ustream.tv https://www.googletagmanager.com https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://www.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.youtube.com https://*.addevent.com https://services.cognitoforms.com https://www.cognitoforms.com https://api.applicationinsights.io https://addevent.com https://app.powerbi.com https://npdc.maps.arcgis.com https://app.surveygizmo.com https://www.surveygizmo.com https://*.blob.core.windows.net https://*.azurewebsites.net https://connect.facebook.net https://www.facebook.com https://www.googleadservices.com https://www.google.co.nz https://*.doubleclick.net https://sketchfab.com https://bid.g.doubleclick.net https://radian.mintdesign.co.nz https://*.google.com;font-src 'self' *.arcgis.com;connect-src 'self' *.arcgis.com *.npdc.govt.nz https://gissearchwebapiproxy.npdcapps.co.nz https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.nz https://councilmeetings.npdcapps.co.nz 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com  *.cloudflare.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.cloudflare.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.googleapis.com stats.g.doubleclick.net *.google-analytics.com; font-src 'self' *.gstatic.com; frame-src 'self' *.google.com.my *.facebook.com *.google.com; img-src 'self' *.google-analytics.com *.google.com *.google.com.my; manifest-src 'self'; media-src 'self'; report-uri https://63dbeaac1110c9e871bfd13e.endpoint.csper.io/?v=2; worker-src https://www.maskargo.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://twit.social; img-src 'self' https: data: blob: https://twit.social; style-src 'self' https://twit.social 'nonce-iIuqMKOKV+gWVTLBS8kHoA=='; media-src 'self' https: data: https://twit.social; frame-src 'self' https:; manifest-src 'self' https://twit.social; form-action 'self'; child-src 'self' blob: https://twit.social; worker-src 'self' blob: https://twit.social; connect-src 'self' data: blob: https://twit.social https://cdn.masto.host wss://twit.social; script-src 'self' https://twit.social 'wasm-unsafe-eval' 1
object-src 'none'; script-src 'self' 'nonce-03b90760e9944c45b8fa87e8cf79ab9a' https://hitachi-rail-global.mynewsdesk.com/ https://*.hotjar.com/ *.youtube.com/ https://tags.srv.stackadapt.com/ http://www.youtube.com/ https://pi.pardot.com/ https://www.glassdoor.co.uk/ http://https//pi.pardot.com/ http://cdn.pardot.com/ https://player.vimeo.com/ https://ajax.aspnetcdn.com/ http://hitachi-rail-global-uk.mynewsdesk.com/ http://hitachi-rail-global.mynewsdesk.com/hosted_newsroom.js/ https://cc.cdn.civiccomputing.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://tools.eurolandir.com/ https://cdn.videosync.fi/ https://www.googleadservices.com/ https://snap.licdn.com/ https://komito.net/ https://googleads.g.doubleclick.net/ https://3xscreen.videosync.fi/ https://www.youtube.com/ https://maps.googleapis.com/ https://cdnjs.cloudflare.com/ https://s.ytimg.com/ http://cdnjs.cloudflare.com/ ; style-src 'self' 'nonce-03b90760e9944c45b8fa87e8cf79ab9a' https://hitachirailpenweb1-prelive.azurewebsites.net/ *.youtube.com/ https://tags.srv.stackadapt.com/ https://mnd-assets.mynewsdesk.com http://www.youtube.com/ https://cc.cdn.civiccomputing.com/ https://fonts.googleapis.com/ https://tools.eurolandir.com/ https://*.hotjar.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ ; img-src 'self' data: https://hitachirailpenweb1-prelive.azurewebsites.net/ http://www.youtube.com/ https://www.googletagmanager.com/ https://mnd-assets.mynewsdesk.com https://www.google.rs/ https://*.hotjar.com https://*.linkedin.com https://*.google-analytics.com/ https://*.analytics.google.com/ https://www.glassdoor.co.uk/ https://www.glassdoor.com/ https://www.linkedin.com/ https://i.vimeocdn.com/ https://px.ads.linkedin.com/ https://www.google.com/ https://accounts.google.com/ https://dashboard.umbraco.org/ https://www.google-analytics.com/ https://p.adsymptotic.com/ https://accounts.youtube.com/ https://www.google.co.uk/ https://accounts.google.co.uk/ https://resources.mynewsdesk.com/ https://i.ytimg.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ ; frame-src 'self' https://hitachirailpenweb1-prelive.azurewebsites.net/ *.hitachirail.com/ *.youtube.com/ https://*.hotjar.com/ http://www.youtube.com/ https://td.doubleclick.net/ http://go.pardot.com/ https://www.glassdoor.co.uk/ https://vimeo.com/ https://www.google.com/ http://hitachi-rail-global-uk.mynewsdesk.com/ http://hitachi-rail-global.mynewsdesk.com/ https://www.mynewsdesk.com/ https://hitachirailsts.mua.hrdepartment.com/ https://tools.eurolandir.com/ https://gamma.euroland.com/ https://player.vimeo.com/ https://www.youtube.com/ https://3xscreen.videosync.fi/ https://bid.g.doubleclick.net/ https://youtu.be/ 1
default-src 'self';img-src * data:;connect-src 'self' *.google-analytics.com;frame-src 'self' *.google.com *.wp.com;font-src 'self' fonts.gstatic.com *.bootstrapcdn.com data:;style-src 'self' *.googleapis.com *.bootstrapcdn.com *.datatables.net *.wp.com 'unsafe-inline';style-src-elem 'self' *.googleapis.com *.bootstrapcdn.com *.datatables.net *.wp.com 'unsafe-inline';script-src *.pic.cat pic.cat *.pic.es pic.es *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.wp.com *.wordpress.com *.google-analytics.com *.google.com *.datatables.net 'unsafe-inline' 'unsafe-eval'; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; frame-ancestors 'self' https://*.zingermans.com https://*.authorize.net; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-8bb75ad45a8a157b66ec28b7a796ddaa'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' *.quickrewards.net 1
default-src 'self' 'unsafe-inline' data: rosrezerv.gov.ru pos.gosuslugi.ru; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: rosrezerv.gov.ru pos.gosuslugi.ru; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' rosrezerv.gov.ru pos.gosuslugi.ru; style-src 'self' 'unsafe-inline' rosrezerv.gov.ru; frame-ancestors 'self'; base-uri 'self' rosrezerv.gov.ru; form-action 'self' rosrezerv.gov.ru; upgrade-Insecure-Requests 1
base-uri 'self'; connect-src 'self' https://consentcdn.cookiebot.com https://*.google.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://*.hotjar.com https://*.in.applicationinsights.azure.com https://*.svc.dynamics.com https://cdn.linkedin.oribi.io wss://*.hotjar.com https://content.hotjar.io https://maps.googleapis.com https://pagead2.googlesyndication.com https://vc.hotjar.io wss://localhost:44398 https://px.ads.linkedin.com; default-src 'none'; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; form-action 'self' https://*.worldpay.com; frame-ancestors 'self' https://ricardo.saleshood.com; frame-src 'self' https://*.cookiebot.com/ https://*.google.com https://vars.hotjar.com https://www.youtube-nocookie.com https://*.svc.dynamics.com https://player.vimeo.com https://irs.tools.investis.com https://otp.tools.investis.com https://calendly.com https://outlook.office365.com https://embed.mindstamp.com; img-src 'self' data: https://bat.bing.com https://px.ads.linkedin.com https://*.doubleclick.net https://*.google.com https://www.google.co.uk https://*.svc.dynamics.com https://*.google-analytics.com https://i.vimeocdn.com https://maps.googleapis.com https://www.googletagmanager.com https://maps.gstatic.com https://*.tile.openstreetmap.org https://*.basemaps.cartocdn.com https://unpkg.com https://imgsct.cookiebot.com; media-src 'self' https://player.vimeo.com http://vod-progressive.akamaized.net https://vod-progressive.akamaized.net https://download-video.akamaized.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.google.com https://www.googleadservices.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://snap.licdn.com https://script.hotjar.com https://static.hotjar.com https://googleads.g.doubleclick.net https://mktdplp102cdn.azureedge.net https://js.monitor.azure.com https://maps.googleapis.com https://mathjax.rstudio.com https://*.vimeo.com https://*.calendly.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://optimize.google.com; 1
default-src 'none'; script-src-elem 'unsafe-inline' 'self' *.googletagmanager.com widget.trustpilot.com cdn.cookielaw.org vercel.live www.dwin1.com; frame-src widget.trustpilot.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.ctfassets.net blob: data: *.bingbong.de cdn.cookielaw.org; manifest-src 'self'; media-src videos.ctfassets.net; connect-src 'self' vercel.live *.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com; font-src 'self' 1
child-src 'self' blob:; connect-src 'self' *.contentsquare.net https://*.google-analytics.com https://*.googleapis.com https://*.onetrust.com https://dc.services.visualstudio.com https://region1.google-analytics.com; default-src 'self' 'unsafe-eval' blob: *.contentsquare.net cdn.jsdelivr.net dhm5hy2vn8l0l.cloudfront.net https://*.google.com https://*.vetcollection.co.uk https://cgrp02aapv9vc1prod.dxcloud.episerver.net https://www.vetcollection.co.uk; font-src 'self' data: dhm5hy2vn8l0l.cloudfront.net https://fonts.gstatic.com; form-action 'self'; frame-src 'self' https://*.google.com; img-src 'self' data: *.contentsquare.net https://*.ggpht.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.onetrust.com https://*.vetcollection.co.uk https://maps.googleapis.com https://maps.gstatic.com https://www.vetcollection.co.uk; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.monitor.azure.com https://*.msecnd.net https://cdn-ukwest.onetrust.com https://dc.services.visualstudio.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com; script-src-elem 'unsafe-eval' 'unsafe-inline' *.contentsquare.net cdn.jsdelivr.net https://*.google.com https://*.googletagmanager.com https://*.gstatic.com https://*.monitor.azure.com https://*.onetrust.com https://*.vetcollection.co.uk https://cgrp02aapv9vc1prod.dxcloud.episerver.net https://maps.googleapis.com https://www.googletagmanager.com https://www.vetcollection.co.uk; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline' cdn.jsdelivr.net https://*.vetcollection.co.uk https://cgrp02aapv9vc1prod.dxcloud.episerver.net https://fonts.googleapis.com https://www.vetcollection.co.uk; script-src-attr 'unsafe-eval'; worker-src blob:; 1
default-src 'unsafe-hashes' https://crohnsandcolitis.org.uk https://docs.google.com https://platform.twitter.com https://customervoice.microsoft.com https://*.readspeaker.com https://*.azureedge.net https://poster.crohnsandcolitis.org.uk https://r1.dotdigital-pages.com https://www.youtube-nocookie.com https://www.google.com https://*.landbot.io https://*.addthis.com https://www.youtube.com https://player.vimeo.com https://*.typeform.com https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.fluidads.com https://forms.office.com https://*.snapchat.com https://*.doubleclick.net https://static.addtoany.com https://*.muchloved.com ;base-uri 'self' ;frame-ancestors 'self' ;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com https://*.azureedge.net https://*.readspeaker.com https://connect.facebook.net https://static.trackedweb.net https://app.postermaker.io https://snap.licdn.com https://analytics.nyltx.com https://*.cookiefirst.com https://maps.googleapis.com https://unpkg.com/vue@3.2.20/ https://*.landbot.io https://secure.callhandling.co.uk https://*.addthis.com https://z.moatads.com https://*.addthisedge.com https://static.addtoany.com https://*.fluidads.com https://*.simpli.fi https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://*.typeform.com https://*.hotjar.com https://analytics.tiktok.com https://*.snapchat.com https://*.twitter.com https://*.sc-static.net https://*.bing.com https://*.ads-twitter.com https://*.linkedin.com https://*.doubleclick.net https://*.muchloved.com https://cdnjs.cloudflare.com ;connect-src 'self' https://docs.google.com https://www.google.com https://platform.twitter.com https://cdn.acsbapp.com https://*.acsbap.com https://*.acsbapp.com https://acsbapp.com https://acsbap.com https://*.wikipedia.org https://*.trackedweb.net https://*.readspeaker.com https://*.azureedge.net https://*.fluidads.com https://www.facebook.com https://*.cookiefirst.com https://analytics.nyltx.com https://maps.googleapis.com https://secure.callhandling.co.uk https://*.landbot.io https://*.addthis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.doubleclick.net https://*.typeform.com https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.snapchat.com https://*.linkedin.oribi.io https://*.analytics.google.com https://analytics.tiktok.com ;img-src 'self' data: https://www.facebook.com https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com https://*.azureedge.net https://*.linkedin.com https://*.addthis.com https://maps.gstatic.com https://maps.googleapis.com https://maps.googleapis.com https://storage.googleapis.com https://static.landbot.io https://fonts.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.co.uk https://www.google.com.tr https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://tr.snapchat.com https://analytics.twitter.com https://t.co ;font-src 'self' data: https://use.typekit.net https://acsbapp.com https://*.acsbapp.com https://*.azureedge.net https://fonts.gstatic.com https://*.hotjar.com ;style-src 'self' 'unsafe-inline' https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com blob: https://*.readspeaker.com https://*.azureedge.net https://*.cookiefirst.com https://p.typekit.net https://use.typekit.net https://localhost:44367 https://fonts.googleapis.com https://*.typeform.com https://*.issuu.com https://*.hotjar.com ;form-action 'self' https://*.readspeaker.com https://*.azureedge.net https://*.typeform.com https://*.twitter.com https://*.landbot.io https://*.snapchat.com ;object-src 'none' ;media-src 'self' 'unsafe-inline' data: ; 1
default-src 'self'; img-src 'self' data: https://static.schubergphilis.com/media/ https://sbpaweupweb02sta03.blob.core.windows.net https://sbpaweupweb02sta01.blob.core.windows.net https://sbppweupweb02sta01.blob.core.windows.net https://sbppweupweb02cdn01.azureedge.net https://sbpaweupweb02cdn01.azureedge.net *.schubergphilis.com https://*.google-analytics.com https://www.googletagmanager.com https://i.ytimg.com https://pbs.twimg.com https://px.ads.linkedin.com/collect https://www.linkedin.com/px https://px4.ads.linkedin.com https://maps.googleapis.com/maps/ https://static.hotjar.com https://script.hotjar.com https://online.flippingbook.com/ https://d17lvj5xn8sco6.cloudfront.net; media-src 'self' https://static.schubergphilis.com/media/ https://sbpaweupweb02sta03.blob.core.windows.net https://sbpaweupweb02sta01.blob.core.windows.net https://sbppweupweb02sta01.blob.core.windows.net https://sbppweupweb02cdn01.azureedge.net https://sbpaweupweb02cdn01.azureedge.net *.schubergphilis.com; font-src 'self' data: https://static.schubergphilis.com/media/ https://sbpaweupweb02sta03.blob.core.windows.net https://sbpaweupweb02sta01.blob.core.windows.net https://sbppweupweb02sta01.blob.core.windows.net https://sbppweupweb02cdn01.azureedge.net https://sbpaweupweb02cdn01.azureedge.net *.schubergphilis.com https://script.hotjar.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline'  'unsafe-inline' sentry.io *.sentry-cdn.com https://static.hotjar.com https://script.hotjar.com; script-src 'self' 'self' 'unsafe-inline' https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js www.googletagmanager.com https://*.google-analytics.com https://maps.googleapis.com/ https://online.flippingbook.com/EmbedScriptUrl.aspx https://static.hotjar.com https://script.hotjar.com https://d33i2vgywgme2s.cloudfront.net; connect-src 'self' https://schubergphilis.com sentry.io *.sentry.io https://*.google-analytics.com/ https://region1.google-analytics.com/g/collect https://maps.googleapis.com/maps/api/ https://metrics.hotjar.io https://metrics.hotjar.io https://vc.hotjar.io https://content.hotjar.io https://events.hotjar.io https://surveystats.hotjar.io wss://*.hotjar.com https://cdn.linkedin.oribi.io https://fbo-b.flippingbook.com https://online.flippingbook.com/; form-action 'self'; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://vars.hotjar.com https://online.flippingbook.com; frame-ancestors 'self'; object-src 'none' 1
default-src 'self' fonts.gstatic.com themes.googleusercontent.com stats.g.doubleclick.net *.google-analytics.com *.hotjar.com *.google.com *.youtube.com csbs.mautic.net wss://*.hotjar.com *.soundcloud.com *.infogram.com cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com static.addtoany.com *.buzzsprout.com *.twitter.com *.hotjar.com *.cloudflareinsights.com *.cloudflare.com *.mautic.net unpkg.com cdn.jsdelivr.net *.soundcloud.com *.infogram.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.cloudflare.com static.addtoany.com *.infogram.com cdn.jsdelivr.net; img-src 'self' data: *.csbs.org *.google.com *.google-analytics.com *.googletagmanager.com csbs.mautic.net stats.g.doubleclick.net; frame-src 'self' *.buzzsprout.com *.twitter.com *.google.com *.youtube.com *.cld.bz *.hotjar.com *.data.csbs.org *.facts.csbs.org *.buzzsprout.com *.simplystated.csbs.org  *.csbs.org *.powerbi.com *.dayforcehcm.com *.mautic.net *.addtoany.com *.soundcloud.com *.infogram.com *.doubleclick.net; child-src 'self' *.buzzsprout.com *.twitter.com *.google.com *.youtube.com *.cld.bz *.hotjar.com *.data.csbs.org *.facts.csbs.org *.buzzsprout.com *.simplystated.csbs.org *.csbs.org *.powerbi.com *.dayforcehcm.com *.mautic.net *.addtoany.com *.soundcloud.com *.infogram.com ; connect-src 'self' 'unsafe-inline' *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com static.addtoany.com *.buzzsprout.com *.twitter.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.cloudflareinsights.com *.cloudflare.com *.mautic.net unpkg.com cdn.jsdelivr.net *.soundcloud.com *.infogram.com stats.g.doubleclick.net ; report-uri /report-csp-violation 1
frame-ancestors *.nha.nl *.nha.be *.nhad.de *.buddywise.nl 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-V2tSRU1ZcUwycEx3TEh3NDlHZFRDczZOcitpck5STEtGMTdqV1I4MW55ST06QWl0dkE5ejhpY3JBYVNsN3NnTWhhWjJpd2JpYkducXZJektBT2x0aXhuST0=' blob:;style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://*.tile.openstreetmap.org;font-src 'self' data:;connect-src 'self' blob: stun.nextcloud.com:443;media-src 'self' blob:;frame-src 'self';child-src blob: 'self';frame-ancestors 'self';worker-src blob: 'self';form-action 'self' 1
img-src 'self' data: https://*.objectstorage.eu-frankfurt-1.oci.customer-oci.com https://bat.bing.com/ https://tr-rc.lfeeder.com/ https://cdn.trustpilot.net/ https://auctim.com/ https://*.hubspot.com https://*.hsforms.com/ https://tr.lfeeder.com/ https://*.trustpilot.com https://www.auctim.com https://www.incimages.com https://ak.picdn.net https://media-exp3.licdn.com https://*.oracle.com https://connect.facebook.net https://c.bing.com https://c.clarity.ms https://www.googletagmanager.com https://www.google.si https://www.google.be  https://www.google.com https://www.linkedin.com https://www.facebook.com https://px.ads.linkedin.com  https://*.oraclecloud.com ;font-src 'self' data: https://*.hubspotusercontent-eu1.net/ https://*.objectstorage.eu-frankfurt-1.oci.customer-oci.com/ https://static.oracle.com https://fonts.gstatic.com https://use.typekit.net https://fonts.googleapis.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bat.bing.com/ https://*.analytics.google.com/ https://wsdev.auctim.com wss://wsdev.auctim.com wss://websocket4.apexrnd.be/ https://websocket4.apexrnd.be/ https://secure.intuitive-intuition.com/ https://td.doubleclick.net/ https://googleads.g.doubleclick.net/ https://*.analytics.google.com https://*.google-analytics.com/ https://forms-eu1.hscollectedforms.net/ https://content.hotjar.io https://cdn.linkedin.oribi.io https://www.googleadservices.com/ https://pagead2.googlesyndication.com/ https://*.hubapi.com/ https://*.hs-analytics.net/ https://collector.leadinfo.net/com.snowplowanalytics.snowplow/tp2 https://*.hubspot.com/ https://api.leadinfo.com/ https://collector.leadinfo.net/ https://js-eu1.hscollectedforms.net/collectedforms.js https://js-eu1.hs-analytics.net/ https://js-eu1.hs-banner.com/ https://js-eu1.hsadspixel.net/fb.js https://sc.lfeeder.com/ https://cdn.leadinfo.net/ping.js https://js-eu1.hs-scripts.com/ https://widget.trustpilot.com/ https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://www.youtube-nocookie.com https://www.youtube.com https://youtu.be https://youtube.com https://www.gstatic.com https://privacyportal.cookiepro.com https://api.ipify.org https://geolocation.onetrust.com http://*.oraclecloud.com https://*.auctim.com https://www.google.si https://wsap.auctim.com wss://wsap.auctim.com wss://websocket.apexrnd.be https://websocket.apexrnd.be wss://*.hotjar.com https://www.google.com  https://*.bing.com https://*.typekit.net https://*.linkedin.com https://*.hotjar.com https://stats.g.doubleclick.net https://www.google-analytics.com https://snap.licdn.com https://*.clarity.ms https://cookie-cdn.cookiepro.com https://www.facebook.com https://www.googletagmanager.com https://*.facebook.net https://use.typekit.net https://fonts.gstatic.com https://static.oracle.com https://fonts.googleapis.com https://*.objectstorage.eu-frankfurt-1.oci.customer-oci.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-kNv4HfOiqBl2w0zRpmHpcg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self' muenzeoesterreich.at *.muenzeoesterreich.at;         worker-src blob:;         connect-src 'self' stats.g.doubleclick.net login506.piwik.pro login506.containers.piwik.pro             eu-api.friendlycaptcha.eu nominatim.openstreetmap.org;         font-src 'self' fonts.gstatic.com player.podigee-cdn.net data:;         frame-src www.youtube.com player.podigee-cdn.net login506.piwik.pro login506.containers.piwik.pro             www.youtube-nocookie.com test.mpay24.com www.mpay24.com;         img-src 'self' login506.containers.piwik.pro login506.piwik.pro maps.omniscale.net;         script-src 'self' googleads.g.doubleclick.net             login506.piwik.pro login506.containers.piwik.pro             'nonce-Pbzv7SoyDI+ZmpGL2SzlrmTr';         script-src-elem 'self' openlayers.org www.googleadservices.com googleads.g.doubleclick.net             login506.piwik.pro login506.containers.piwik.pro secure.adnxs.com pxl.jivox.com             player.podigee-cdn.net routing.eps.or.at track.adform.net s2.adform.net www.youtube.com             'nonce-Pbzv7SoyDI+ZmpGL2SzlrmTr';         style-src 'self' secure.adnxs.com;         style-src-elem 'self' fonts.googleapis.com player.podigee-cdn.net openlayers.org             'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs='             'sha256-DtJ0G5eArSV7tvvFUUeV7iyiWfBGflIkRW64/tmMWUk=' 'sha256-UUAiPi6sSmGSyHT1S5Ra837pVZL+ia6mR7BdEvi6zRA='              'nonce-Pbzv7SoyDI+ZmpGL2SzlrmTr';         base-uri 'self';         object-src 'none';         report-to csp-endpoint;         report-uri https://reports.austrian-mint.at 1
img-src *.com *.dk *.net *.clarity.ms 'self' data:; font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ *.tidiochat.com ; default-src 'self' https://www.googletagmanager.com/ https://www.google.com https://forms.hsforms.com *.gstatic.com *.googleapis.com *.youtube.com *.rentalcars.com maps.gstatic.com maps.googleapis.com *.tmiweb.net *.elfsight.com *.travelmarket.com *.ritzau.dk *.youtube.be *.youtube.com *.vimeo.com *.tidio.co wss://socket.tidio.co *.tidiochat.com *.elfsightmail.com elfsightmail.com *.google-analytics.com *.doubleclick.net *.facebook.net *.cookieinformation.com *.clarity.ms *.google.com *.googletagmanager.com *.googleadservices.com *.emply.net *.iata.org *.lostandfoundsoftware.com *.scratcher.io *.adform.net *.licdn.com *.bll.dk *.cludo.com *.appstract.me wss://service.appstract.me/ws *.elfsightcdn.com *.hotjar.io *.hotjar.com wss://ws.hotjar.com *.adform.net *.cdn.scratcher.io https://mapplic.com/ *.discovercars.com/ 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' https://*.alvieromartini.it; 1
frame-ancestors 'self' covideo.com *.covideo.com vidmails.com *.vidmails.com eleadcrm.com *.eleadcrm.com forddirectcrm.com *.forddirectcrm.com usherpa.com *.usherpa.com *.autoipacket.com *.autoipacket.net *.ipacket.us *.ipacket.info dealersocket.com *.dealersocket.com dealersocket.engineering *.dealersocket.engineering linkedin.com *.linkedin.com *.kennected.video watch.kennected.video; 1
object-src 'none';script-src 'unsafe-inline' 'unsafe-eval'  https://az416426.vo.msecnd.net  https://www.google.com https://www.gstatic.com 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: www.google.com www.google.com.tw www.googletagmanager.com www.google-analytics.com analytics.google.com b.scorecardresearch.com sb.scorecardresearch.com stats.g.doubleclick.net; 1
frame-ancestors https://www.kuaifan.co/ https://en.kuaifan.co/ https://tc.kuaifan.co/ 1
default-src * 'unsafe-inline' 'unsafe-eval'; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-WsnN5A4kMJuUZts7LSm7oqLrn' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
base-uri 'self'; connect-src https://demo.synology.com:5001 https://*.demo.synology.com:5001 https://demo.synology.de:5001 https://*.demo.synology.de:5001 https://bat.bing.com https://mc.yandex.ru *.mouseflow.com https://in.hotjar.com/ https://vc.hotjar.io wss://*.hotjar.com/ analytics.twitter.com 'self' https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://*.synodev.com https://www.facebook.com https://graph.facebook.com https://analytics.synology.com https://px.adhigh.net/ https://*.clarity.ms https://api-fra.livechatinc.com https://api.mapbox.com https://events.mapbox.com https://fw-cdn.com https://src.fwusercontent.com https://synologyc2.myfreshworks.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net/ https://*.googletagmanager.com https://pagead2.googlesyndication.com *.google-analytics.com *.analytics.google.com https://lottie.host/ https://webec.synodev.com https://webec-cn.synodev.com https://webec.synology.com https://webec.synology.cn; default-src 'self'; font-src *.mouseflow.com 'self' data: https://synostatic.synology.com https://cdn.livechatinc.com https://themes.googleusercontent.com https://fonts.gstatic.com; frame-ancestors metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr *.webvisor.com 'self' https://*.facebook.com; frame-src *.mouseflow.com https://vars.hotjar.com/ 'self' https://*.synology.com https://*.facebook.com https://staticxx.facebook.com https://px.adhigh.net/ https://player.youku.com/ https://synology.jobbase.io https://secure.livechatinc.com https://secure-fra.livechatinc.com https://api-fra.livechatinc.com https://synology.onlyfy.jobs https://youtube.com https://www.youtube.com https://cse.google.com https://www.googletagmanager.com https://*.doubleclick.net https://optimize.google.com https://synoform.synology.com; img-src https://*.bing.com https://mc.yandex.ru https://alb.reddit.com *.mouseflow.com https://wcs.naver.com analytics.twitter.com https://t.co/ 'self' data: blob: https://*.synology.com https://global.download.synology.com https://cndl.synology.cn https://gallery.synology.com https://gallery.test.synology.inc https://global.synologydownload.com https://*.linkedin.com https://p.adsymptotic.com/d/px https://www.facebook.com https://*.clarity.ms https://c.bing.com https://secure.livechatinc.com https://secure-fra.livechatinc.com https://cdn.livechatinc.com https://api-fra.livechatinc.com https://cdn.livechat-files.com https://api.mapbox.com https://i.ytimg.com https://*.google-analytics.com https://*.doubleclick.net https://*.googleapis.com https://*.google.com https://*.google.de https://*.google.com.tw https://*.gstatic.com https://*.googletagmanager.com *.google-analytics.com *.analytics.google.com; media-src 'self' https://gallery.synology.com https://download.synology.com https://fileres.synology.com/ https://cdn.livechatinc.com https://api-fra.livechatinc.com; object-src 'none'; script-src https://demo.synology.com https://demo.synology.de https://bat.bing.com https://mc.yandex.ru https://www.redditstatic.com *.mouseflow.com https://static.hotjar.com https://script.hotjar.com/ https://wcs.naver.net/wcslog.js https://analytics.twitter.com https://static.ads-twitter.com https://t.co/i/adsct 'self' blob: 'unsafe-eval' https://snap.licdn.com https://www.linkedin.com/px/ https://px.ads.linkedin.com https://sjs.bizographics.com/insight.min.js 'nonce-24be8ee76308afb924abfaf26212411f2b66e53b9ce2534e5c9f88354c88cc39' https://connect.facebook.net https://px.adhigh.net/ https://cdnjs.cloudflare.com https://synology.jobbase.io https://*.clarity.ms https://cdn.livechatinc.com https://code.jquery.com https://secure.livechatinc.com https://secure-fra.livechatinc.com https://accounts.livechatinc.com https://api.livechatinc.com https://api-fra.livechatinc.com https://synology.onlyfy.jobs https://api.mapbox.com https://www.youtube.com fw-cdn.com https://*.freshsales.io https://synologyc2.myfreshworks.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://cse.google.com https://clients1.google.com https://tagmanager.google.com https://www.gstatic.com https://*.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://www.gstatic.cn https://www.recaptcha.net https://*.googleapis.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://synostatic.synodev.com https://synostatic.synology.com https://cdnjs.cloudflare.com https://cdn.livechat-files.com https://api.mapbox.com https://assets.freshsales.io https://www.google.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://optimize.google.com 1
base-uri 'none';default-src 'none';img-src 'self' data:;font-src 'self';media-src 'self';script-src 'self';style-src 'self' 'unsafe-inline' 1
default-src https: data: blob: filesystem: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' https://*.google.com https://*.fonts.gstatic.com X-Frame-Options: SAMEORIGIN  1
default-src https://* 'unsafe-inline' wss://vts.zohopublic.com data:; script-src 'self' 'unsafe-inline' bukuwarung.com *.bukuwarung.com *.appsflyer.com googletagmanager.com *.googletagmanager.com googleads.g.doubleclick.net *.googleadservices.com *.google-analytics.com cdn.jsdelivr.net *.facebook.net *.tiktok.com *.youtube.com *.google.com maxcdn.bootstrapcdn.com *.gstatic.com cdnjs.cloudflare.com *.zoho.com *.zohostatic.com *.zohocdn.com; frame-ancestors 'self' https://staging.d22bg8i31pway2.amplifyapp.com https://main1.d1degc53co1v55.amplifyapp.com https://develop.d3co3nb2lpfoig.amplifyapp.com https://api-dev.bukuwarung.com/mx-mweb https://api-staging-v1.bukuwarung.com/mx-mweb https://api-v3.bukuwarung.com/mx-mweb; object-src 'none' 1
connect-src 'self' 'unsafe-inline' *.google-analytics.com www.google-analytics.com www.plantlife.org.uk plantlife.org.uk wss://ws.hotjar.com *.analytics.google.com *.hotjar.io *.hotjar.com stats.g.doubleclick.net; default-src 'self' 'unsafe-inline'  www.googletagmanager.com data:; font-src data: www.plantlife.org.uk plantlife.org.uk staging-plantlife-staging.kinsta.cloud fonts.gstatic.com  fonts.googleapis.com; frame-src 'self' data: www.google.com platform.twitter.com www.googletagmanager.com player.vimeo.com vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com app.donorfy.com r.stripe.com m.stripe.com storymaps.arcgis.com plantlife.maps.arcgis.com survey123.arcgis.com js.arcgis.com pay.gocardless.com api.donorfy.com www.facebook.com facebook.com; img-src 'self' 'unsafe-inline' data: www.plantlife.org.uk plantlife.org.uk staging-plantlife-staging.kinsta.cloud www.google-analytics.com www.gstatic.com www.google.co.uk www.googletagmanager.com *.gravatar.com  *.vimeocdn.com *.stripe.com www.facebook.com facebook.com; media-src 'self' blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' connect.facebook.net; script-src-elem 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' static.hotjar.com script.hotjar.com player.vimeo.com vimeo.com apis.google.com www.youtube.com www.youtube-nocookie.com platform.twitter.com googletagmanager.com www.googletagmanager.com www.google.com google.com www.gstatic.com gstatic.com www.google-analytics.com connect.facebook.net app.donorfy.com r.stripe.com m.stripe.com survey123.arcgis.com js.arcgis.com www.plantlife.org.uk plantlife.org.uk; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com; style-src-elem 'self' www.plantlife.org.uk plantlife.org.uk 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com; worker-src 'self' blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdnjs.cloudflare.com https://js.hsforms.net https://www.google.com https://www.gstatic.com https://js.hs-scripts.com https://player.vimeo.com https://www.google-analytics.com https://static.ads-twitter.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.usemessages.com https://js-na1.hs-scripts.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' https://player.vimeo.com https://www.google.com https://forms.hsforms.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://perf.hsforms.com https://t.co https://analytics.twitter.com https://forms.hsforms.com https://www.google-analytics.com; connect-src 'self' https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://fn6g1hhu2h.execute-api.us-east-1.amazonaws.com https://vimeo.com https://*.algolianet.com https://www.google-analytics.com https://api.hubspot.com https://forms.hubspot.com https://stats.g.doubleclick.net 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.insurancetimes.co.uk; 1
default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self'; object-src 'self' https://pts.smartmobil.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.smartmobil.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://umfrage.smartmobil.de https://pts.smartmobil.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.smartmobil.de https://chat.smartmobil.de https://stats.smartmobil.de https://imagepool.smartmobil.de https://pts.smartmobil.de https://seal.globalsign.com https://ssif1.globalsign.com https://analytics.tiktok.com https://umfrage.smartmobil.de; script-src 'strict-dynamic' 'nonce-a32cb45a5136b64534612beddcd51f69' 'nonce-a10977fcfa00edec7616c7004b9bcdac' 'nonce-0cfeac612842a32410f731d06a6a6f6b' 'nonce-a6cdca3e0ff57c32a3f9989616d054dd' 'nonce-ed02e1f5a7465c22eb9628bffb24d86c' 'nonce-fbc0fa29ad7c3c3f8a13efeb59691e5b' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.smartmobil.de https://umfrage.smartmobil.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-a32cb45a5136b64534612beddcd51f69' 'nonce-a10977fcfa00edec7616c7004b9bcdac' 'nonce-0cfeac612842a32410f731d06a6a6f6b' 'nonce-a6cdca3e0ff57c32a3f9989616d054dd' 'nonce-ed02e1f5a7465c22eb9628bffb24d86c' 'nonce-fbc0fa29ad7c3c3f8a13efeb59691e5b' 'self' 'unsafe-inline' https: 'report-sample' 1
base-uri 'self'; child-src blob:; connect-src 'self' *.api.signableapi.com api.qa.signableapi.com *.analytics.google.com *.clarity.ms *.hotjar.com *.hotjar.io *.google-analytics.com *.analytics.google.com *.wistia.com *.wistia.net wss://*.hotjar.com wss://*.hotjar.io adservice.google.com analytics.google.com api.amplitude.com api.hubapi.com api.segment.io api.signableapi.com app.launchdarkly.com bat.bing.com beaconapi.helpscout.net beacon-v2.helpscout.net cdn.segment.com chatapi.helpscout.net clientstream.launchdarkly.com d3hb14vkzrxvla.cloudfront.net events.launchdarkly.com fast.trychameleon.com forms.hubspot.com sentry.io signable.help stats.g.doubleclick.net www.google.com www.google.co.uk www.google-analytics.com www2.profitwell.com *.productfruits.com wss://*.productfruits.com https://productfruits.help eu.i.posthog.com eu-assets.i.posthog.com eu.posthog.com app.posthog.com; default-src 'self' *.wistia.com *.wistia.net eu.i.posthog.com eu-assets.i.posthog.com eu.posthog.com app.posthog.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com *.wistia.com data:; frame-src 'self' accounts.google.com bid.g.doubleclick.net fast.trychameleon.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com vars.hotjar.com docs.google.com *.productfruits.com; img-src * data:; manifest-src 'self'; media-src 'self' blob: data: *.wistia.com *.wistia.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' apis.google.com bat.bing.com beacon-v2.helpscout.net cdn.amplitude.com cdn.firstpromoter.com cdn.segment.com connect.facebook.net fast.trychameleon.com googleads.g.doubleclick.net h.clarity.ms js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.stripe.com script.hotjar.com static.hotjar.com www.clarity.ms www.dropbox.com www.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com accounts.google.com public.profitwell.com *.productfruits.com *.wistia.com *.wistia.net eu.i.posthog.com eu-assets.i.posthog.com eu.posthog.com app.posthog.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fast.wistia.com *.productfruits.com data:; worker-src 'self' blob:; 1
script-src   'self' *.google.com *.google-analytics.com 'unsafe-inline'   'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com   *.googleapis.com uds.googleusercontent.com https://s.ytimg.com   https://i18n-cloud.appspot.com   https://www.youtube.com   www-onepick-opensocial.googleusercontent.com   www-bloggervideo-opensocial.googleusercontent.com   www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport 1
default-src * data: 'unsafe-inline' 'unsafe-eval' blob:;media-src * blob:;img-src * data: 'unsafe-inline' blob:;font-src * data: 'unsafe-inline'; frame-ancestors *.staples.com *.staplesadvantage.com 1
default-src 'none'; img-src 'self' data:; style-src 'sha256-u63PihE3COghISHa7lKT36CKADhM8M5ovxCijvnCeGg=' 'sha256-j4KLt4kEQ312AuUqAy5XvWbcZbwKYDa26bRMNy/j9vA=' 'sha256-8Ayo8ctgXanxvG567YD3IxJJ80DsgTgZRp+KZrpXGzk='; script-src 'sha256-/nEeE86N8ykMvnpONoxUKIKVkpk2VLejLWBhR4UuEPk=' 'sha256-wcSNn2MvQ0/HuUJ8EjnWeSIxYhHiP1BoyMqWqxwWBII=' 'sha256-uX1YEkZnD94HWAnmRFGobUERw5GnYj1r/4MaQxZwOO0=' 1
frame-ancestors http://app.storyblok.com 1
default-src *;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src * mailto: tel:; 1
default-src	'self'; script-src	'self' 'unsafe-inline'	https://*.demdex.net/	https://*.onetrust.com/	https://*.clarity.ms	https://tag-logger.demandbase.com	https://tag.demandbase.com	https://web.demandbase.com	https://api.company-target.com/api/	https://assets.adobedtm.com/	https://bat.bing.com/	https://c.bing.com	https://cdn.cookielaw.org/	https://cdn.linkedin.oribi.io/	https://cm.everesttech.net/	https://connect.facebook.net/	https://dc.ads.linkedin.com/	https://googleads.g.doubleclick.net/	https://gw.linkedin.oribi.io/	https://maps.googleapis.com	https://sjs.bizographics.com/	https://www.google.com/	https://www.google.com/recaptcha/	https://www.google.de/	https://www.googleadservices.com/	https://www.googletagmanager.com/	https://www.gstatic.com/recaptcha/	https://www.youtube.com/	; style-src	'self' 'unsafe-inline'	https://fonts.googleapis.com/	; connect-src	'self'	blob: 	https://*.112.2o7.net/	https://*.clarity.ms	https://*.data.adobedc.net/	https://*.demdex.net/	https://*.omtrdc.net/	https://*.onetrust.com/	https://airfiltration.mann-hummel.com/	https://assets.adobedtm.com/	https://c.bing.com	https://cdn.cookielaw.org/	https://cdn.linkedin.oribi.io/	https://cm.everesttech.net/	https://dc.ads.linkedin.com/	https://fleetdirect.mann-hummel.com/	https://gw.linkedin.oribi.io/	https://maps.googleapis.com	https://oem.mann-hummel.com/	https://s7g10.scene7.com	https://s7ips3.scene7.com	https://sjs.bizographics.com/	https://tag-logger.demandbase.com	https://api.company-target.com/api/	https://tridim.mann-hummel.com/	https://www.facebook.com/	https://www.google-analytics.com/	https://www.mann-filter.com/	https://www.mann-hummel.com/	https://www.purolatornow.com/; font-src	data:	https://fonts.gstatic.com/	; img-src	'self' data:	blob:	https://*.112.2o7.net/	https://*.clarity.ms	https://*.data.adobedc.net/	https://*.demdex.net/	https://*.doubleclick.net/	https://*.ggpht.com/	https://*.google.com/	https://*.google.de/	https://*.googleapis.com/	https://*.omtrdc.net/	https://ad.doubleclick.net/	https://ade.googlesyndication.com/	https://assets.adobedtm.com/	https://bat.bing.com/	https://c.bing.com	https://cm.everesttech.net/	https://googleads.g.doubleclick.net/	https://i.ytimg.com/	https://id.rlcdn.com	https://maps.gstatic.com/	https://p.adsymptotic.com/	https://px.ads.linkedin.com	https://px4.ads.linkedin.com/	https://s7g10.scene7.com/	https://s7ips3.scene7.com	https://smetrics.filtron.eu	https://www.facebook.com/	https://www.googletagmanager.com/	; form-action	'self'	https://newsletter.filtron.eu/	; frame-src	'self'	https://*.assetsadobe.com	https://*.demdex.net/	https://*.doubleclick.net/	https://*.filtron.eu/	https://*.scene7.com	https://bid.g.doubleclick.net/	https://cdn.linkedin.oribi.io/	https://cloud.mann-hummel-filtration.com/	https://dc.ads.linkedin.com/	https://gw.linkedin.oribi.io/	https://recaptcha.google.com/recaptcha/	https://s.company-target.com	https://sjs.bizographics.com/	https://www.facebook.com/	https://www.google.com/recaptcha/	https://www.nothinggetsbyus.com/	https://www.youtube-nocookie.com/	https://www.youtube.com/	; base-uri 'none'; frame-ancestors 'none'; object-src 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' www.google.com; 1
default-src 'none'; base-uri 'none'; form-action 'self' https://news.addy.io; connect-src 'self' https://app.addy.io/default-currency; manifest-src 'self'; frame-ancestors 'none'; script-src 'self' 'sha256-6qQWTVhBNcsGRyT26G26ZSIfLs+60+VhhX0ppPSgd50='; img-src 'self' data:; style-src 'self' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-/8CvIhEkJqzXuPzY8k7p4wTZ1zjLlE7mi3UcNExd8ao='; font-src 'self'; frame-src 'none'; object-src 'none'; upgrade-insecure-requests; 1
frame-ancestors 'self' emaillistverify.com *.emaillistverify.com 1
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' https: 'unsafe-eval' blob:; object-src 'self' data: 'unsafe-eval'; 1
default-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'; frame-ancestors 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketingcloudfx.com *.googleadservices.com *.azureedge.net download.pi.dynamics.com *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com *.twitter.com https://s.ytimg.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://cdn.jsdelivr.net https://kit.fontawesome.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://kendo.cdn.telerik.com/2021.1.119/js/kendo.all.min.js https://kendo.cdn.telerik.com/2021.1.119/js/kendo.aspnetmvc.min.js https://www.googletagmanager.com *.pricespider.com *.happyfoxchat.com *.bing.com *.clarity.ms https://googleads.g.doubleclick.net *.adsrvr.org https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net *.klaviyo.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.twimg.com https://cdnjs.cloudflare.com https://ka-p.fontawesome.com *.klaviyo.com; font-src 'self' data: fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com https://cdnjs.cloudflare.com https://ka-p.fontawesome.com *.klaviyo.com; img-src 'self' data: blob: *.dynamics.com *.doubleclick.net *.google.com *.praxair.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com platform.tumblr.com *.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.twimg.com *.eloqua.com track.hubspot.com https://cdnjs.cloudflare.com https://www.paypalobjects.com *.bing.com https://*.analytics.google.com *.clarity.ms google.com https://google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net https://www.google.com googleads.g.doubleclick.net www.google.com https://ad.doubleclick.net https://ade.googlesyndication.com *.cloudfront.net; media-src 'self' data: blob:; frame-src 'self' https://www.youtube.com/ *.smartercommercecloud.com *.happyfoxchat.com *.dynamics.com *.pricespider.com *.google.com https://bid.g.doubleclick.net bid.g.doubleclick.net *.adsrvr.org; frame-ancestors 'self' *.aquiire.net  https://fscm92dev.bidmc.org:8453/ *.apci.com https://srm.america.apci.com:9080/ *.utexas.edu *.gep.com *.vinimaya.com *.bidmc.org *.utmb.edu *.washington.edu  *.coupahost.com *.ariba.com *.sciquest.com *.oraclecloud.com *.govsci.com; child-src 'self' apiint.paymentsite.com *.dynamics.com *.twitter.com *.google.com *.facebook.com https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ badge.stumbleupon.com https://www.sandbox.paypal.com https://pilot-payflowlink.paypal.com https://www.computop-paygate.com *.smartercommercecloud.com; connect-src 'self' *.cloudflare.com *.marketingcloudfx.com *.azure.com *.dynamics.com *.microsoft.com *.google.com stats.g.doubleclick.net *.googleapis.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com https://ka-p.fontawesome.com https://www.google-analytics.com https://widget.happyfoxchat.com https://happyfoxchat.com *.pricespider.com *.webpagefx.org *.clarity.ms https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com *.klaviyo.com; 1
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; base-uri 'self'; frame-ancestors 'self'; 1
base-uri 'self'   data:; object-src 'none'; script-src https: 'nonce-8f9701e7cf' 'nonce-bd8a596e2a' 'nonce-fb1f38efac' 'nonce-b0360629f3' 'nonce-d364728c35' 'nonce-bd8a596e2a' 'nonce-bd8a596e2a' 'nonce-b8f0ac0a2f' 'nonce-7bb452abe4' 'nonce-ee450749e5' 'nonce-d178890bf2' 'nonce-efe9d214c0' 'nonce-0fbe5b365d' 'nonce-4b9ee83c6c' 'nonce-afa5e49f5d' 'nonce-601fde7808' 'nonce-29c3f2823b' 'nonce-a4379c71e4' 'nonce-a42e4609fd' 'nonce-abfe9a0602' 'nonce-cd97c37db1' 'nonce-e037621da2' 'nonce-431f5297a0' 'nonce-a85026d733' 'nonce-7e81ae985e' 'nonce-35ab236da3' 'nonce-d7a7268166' 'nonce-2a036eb209' 'nonce-e0cf95535e' 'nonce-b04b15e101' 'nonce-2d4a6d04c9' 'nonce-8f89820a20' 'nonce-515b867d09' 'nonce-6fe8e4f117' 'nonce-cfd914d1c1' 'nonce-9ad0b90e85' 'nonce-eaf736b2ec' 'nonce-c9d3397365' 'nonce-d09ec38343' 'nonce-d09ec38343' 'nonce-f828082d78' 'nonce-b68972feae' 'nonce-212bf33b9a' 'nonce-61e2d2a04b' 'nonce-74fbac4719' 'nonce-6142eaba0a' 'nonce-de08300aa3' 'nonce-54f2a1d0fb' 'nonce-60dd8bfa23' 'nonce-54cbe0f0cf' 'nonce-2d6ad740d8' 'nonce-a3d7b1a640' 'nonce-29526b03b7' 'nonce-82d75ae533' 'nonce-17a05933ef' 'nonce-b53fb8b759' 'nonce-fa24a24400' 'nonce-fbe1b82bb1' 'nonce-f4c696001c' 'nonce-71b3af7e1b' 'nonce-71b3af7e1b' 'nonce-71b3af7e1b' 'nonce-71b3af7e1b' 'nonce-71b3af7e1b' 'nonce-71b3af7e1b' 'nonce-71b3af7e1b' 'nonce-9db16c1759'     'strict-dynamic' 1
default-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; img-src 'self' https://avatars.githubusercontent.com data:; script-src 'self' 'nonce-dXNlcj0iaGVsbG8iLGRvbWFpbj0iaGVua3ZlcmxpbmRlLmNvbSIsZG9jdW1lbnQud3JpdGUodXNlcisiQCIrZG9tYWluKTs=' 'sha256-aWZ3y/RxbBYKHXH0z8+8ljrHG1mSBvyzSfxSMjBSaXk='; style-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' consent.trustarc.com consent.truste.com https://palig.planfamiliaprotegida.com https://tagmanager.google.com https://*.googletagmanager.com https://analytics.twitter.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net static.ads-twitter.com app.icontact.com www.google.com www.gstatic.com maps.google.com *.googleapis.com youtube.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com fonts.googleapis.com app.icontact.com tagmanager.google.com; img-src 'self' data: *.trustarc.com https://analytics.twitter.com *.smassets.net *.mzstatic.com https://pbs.twimg.com https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://www.facebook.com maps.gstatic.com *.googleapis.com t.co https://i.ytimg.com *.fbcdn.net stats.g.doubleclick.net www.google.com app.icontact.com maps.google.com *.gstatic.com; font-src 'self' consent.trustarc.com fonts.gstatic.com; media-src 'self' *.fbcdn.net https://video.twimg.com; frame-src 'self' itmss: *.trustarc.com https://*.salesforce-sites.com https://www.youtube-nocookie.com www.youtube.com www.google.com https://connect.facebook.net https://www5.recruitingcenter.net https://www.facebook.com castbox.fm embed.podcasts.apple.com; form-action 'self' https://*.salesforce.com https://app.icontact.com https://connect.facebook.net https://www.facebook.com/tr/; connect-src 'self' https://*.trustarc.com  https://*.facebook.com https://maps.googleapis.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com stats.g.doubleclick.net; 1
frame-ancestors 'self' https://*.hub.arcgis.com https://arcgis.com https://arcgisp.zwolle.intern https://arcgist.test.intern; 1
default-src 'self';script-src 'self' 'nonce-McrNE54gppnYsn2t0gyLptlD' 'unsafe-eval' js.adsrvr.org *.googletagmanager.com n1.m.tt ws.sharethis.com *.fouanalytics.com *.sharethis.com *.gtm.js bat.bing.com *.compactpowerrents.com compactpowerrents.com compactpower-admin.azurewebsites.net compactpower-live-staging.azurewebsites.net *.doubleclick.net *.googleadservices.com *.gstatic.com *.google.com *.googleapis.com maps.googleapis.com *.hubspot.com *.facebook.com *.facebook.net *.tiktok.com *.tiktok.net *.bing.com *.hotjar.com *.pinimg.com *.msecnd.net *.cloudfront.net *.typekit.net *.google-analytics.com compactpowerrents.brunnerstage.com *.adsrvr.org *.pinterest.com 'sha256-WwaK9UcfeMruZJ4ogrSZRx+VbHG5i1oSNKYH2QTrBxk=' 'sha256-jzkn8CguZqG5uNTIH/9FPYOH4ciXND5m050e26s/uD4=' 'sha256-l3hK1FNBv2oiBj4xlJ/hu5E0KQzEOpOYkiymu/iAtKM=' 'sha256-1rQA/TnEli0HuRT6g+cQiFGMpmrWsIbDiQl9HeYFbUc=' 'sha256-2AWkXgEZaIgeXvzVUI5NmWPv2j5KBR72k/xBAcV3mx4=' 'sha256-2wKFmaISIva9TpzsE4iDrRLYk2HAh2R+vp+NEVdLyDY=' 'sha256-46k2D6uKlh6Axx6mB+IKfI5ctFB7OwLy5z1XmLFkL7E=' 'sha256-4gygOMnqMM60KrFZ7a/Hx5R6ndV9WNMUC6vanC9Orvk=' 'sha256-8bo83ChL0Ep5a3ZNE7W2RUGSB2uDNbXaokTX1OY5QxA=' 'sha256-9vj9r4bJezc/lchF3NwLTDFK1BR3RrLKd5kegimtuKM=' 'sha256-AdF7JwJAxlu8yoQVdPKa3xXGdWR/5k/1DL4G2zeAh1k=' 'sha256-dD4NrvdGoeIWkUG9LVaCnPFxXsaW1V86wkCCExWa6Hw=' 'sha256-DhHMKwgFMh2/ORYVLS253/h7Ieg9devakjhOQoCk4PU=' 'sha256-FhDBA+wXe0pcqNkEuOCY0upgKb+l1CfNfutauobroec=' 'sha256-fqZh1oAC7w1TsYPySYHzI4I9XmWWrTdvlw4ndgu3hwk=' 'sha256-FrITtPnXHYsXXk4/Ry2qI3RJqWWg/03lK5eORVFyPM4=' 'sha256-GdsL8ZnExev45ssAH8tXslPYc0yJCQJojbb9Vwciavw=' 'sha256-h3L6aPTtKXzAoKHDyN7TbdTJn5Y2CFJGM2c6giQDswo=' 'sha256-IC0NmLAS7amT4CgLZqaoQn8YTxDEq7CjH7nqUCQJzbo=' 'sha256-ilVebaSRazkbhqsaf9J4EqOMqaHnLol2yDtE/wlLO0w=' 'sha256-jUhGMnyowWE5Darj5kkACGExLPZtfI2yrE7rNAxmGRA=' 'sha256-KgaxTXLiN75X75g3e/ojPNXRCBiK9+T59yI0fSyTNfM=' 'sha256-kwxYJpi1aZPT3/fyM/WZ0qip4hNbny7fjOhLpSBYZEQ=' 'sha256-l1+5mrwWi4nojv97/DAxWBjW2UjP6O40b9a7L222OtY=' 'sha256-MLqAxz8TKPiJCYnOLbmkTKxIFYIvHXstzVl4UNXfs8c=' 'sha256-NeLjrAr62GhSAkSaNZ/d7qXAeGWg83Gik+3i8Jrr/9Q=' 'sha256-NKMhOtDv64MUwZvg30fABLETW5U/I4MJCSmzwDcGCN4=' 'sha256-NNnn9DWSX2QX6yWY+ZHRsBbiEd9fhx4M3lhqg/+Q+y8=' 'sha256-pTLl8V8sEXg2MHPjPXwl3ke986FxM0Luc4ubTm/2ryE=' 'sha256-q5QV6RgIyxgCzYrriPZNCO5XVIr++AeXwmi0K9/P6PY=' 'sha256-QdJ+fqYxuc4ODLIio3LMTyN5959K4311+lU/kdXavHw=' 'sha256-Qr4sNm5paZT26rX1Tb9KPjaWVfB7wggPzdkm5vt2npc=' 'sha256-QyJUboKI+HxDeratJ9sFKXDV8IWtIUVICS9q46FJu0Q=' 'sha256-RoDuotRklWaOVG715oxUKTdqZU53q55bbEqntrRYHwI=' 'sha256-S6rDsDrUs08PFpuDr+45RISei/BdKA49m5nDX0Aad7M=' 'sha256-SF+RbUv1MKclI29cnUCSYqIf7dMI2PpgKyjneBOh4Aw=' 'sha256-sK+FcHKIQN8GMZ7CDzvttMCpO3FLfNA4RSy2XhKTnL0=' 'sha256-U0VLtZI6fJISbFtXVvLD2MdVz7rWZOjIpm9cFeoTQ0Y=' 'sha256-VL12JvBx7QYt3/t1D8PWiIokHr0uZvQ1QOnUFIVWCOY=' 'sha256-vvoU/VW9yBBEQ7WL0YANhije1EErvFTcvtB2TGCQCtI=' 'sha256-vXrHG9KZSf/jx0itlP12mTMw5UAO1LYHiqiNnbTn6sQ=' 'sha256-wnWjkLtOqx1elVU4lMtbsCnhgndGRqkfj/7V4/doS5s=' 'sha256-x8gP4vTj6Txd1zi/eeF8XV6oWGFeQNTouSzKhfa0uFo=' 'sha256-xCodMvvWbe39bxmlPK5ntQjTUiiwAJjJa0015IueEVA=' 'sha256-yEXL0AKnt9NEuGthqMOTnZnF2tST1I3bSdVBL6idrdQ=' 'sha256-yQWaPL9BYwHKDmQmorMnRSP0ryJXNrRaRD1NzpN6fv4=' 'sha256-zNAz+R3qQu5FOEeEAufeujIE6r3RI8k2NS4XwbS5T10=' 'sha256-RgPp3vev1m2NCAsoEjSeeMG8421/suzcyCgRXa+0LvU=' 'sha256-GOSdYxEcMZp0fL8XRqCvM/jxyBAl0gomO6SK+pSfKcE=' 'sha256-J1uCbYkBbRY8Erp1Q2+/BLFPMimnS0czwmuf7yQqK6g=' 'sha256-V1JRzy/rk1TukCWP6vHw9H16um1Mj6ZlPAK5GQqy2KA=' 'sha256-QNZepBp2sFHapu/mZlZx9qzx2uVkSgN5NkyJhrAa8XM=' 'sha256-0m/kIClItTQjAs5euEEqgrhHcxiGOx63bJYIM8BEQtY=' 'sha256-wViL6C0+swHGJojTwCLRGBOZqIllhAJmwb9DiCdxi7o=' 'sha256-rz+9sgJJI5FgdKBLfi+Ux+gNPUuVLqB/C3S/PYu/Oxc=' 'sha256-d9yTpVEmL1oXnyI3sDXbgT5c+7T0kYx6MrEPejeXw3Q=' 'sha256-GVA/8asE84+jA+xPBR2gAQdCAuLaMHqOc1PVSgzZlxY=' 'sha256-Ig4hTiZcjbLYaVbmkUIPTCIDLXscJ7rjr/XBF8DAkKo=' 'sha256-XWDQnSU8uqRGXBU8hnzdtk7xTyQZH0IVZ2U/mO6bcY0=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-RgdsHj4vxjPajir1JsL6V8FPj1c2gBvXaUGqlF4LvXw=' 'sha256-SkDWAzmoTROjNth2P8ob555s0TnAOg2oRUMyFOfVvWQ=';style-src 'self' js.adsrvr.org *.googletagmanager.com maps.googleapis.com compactpowerrents.brunnerstage.com *.compactpowerrents.com compactpowerrents.com compactpower-live-staging.azurewebsites.net compactpower-admin.azurewebsites.net *.sharethis.com *.googleapis.com *.bing.com fonts.googleapis.com *.hotjar.com 'sha256-j69g0Z+HAbHBMIzQNFis9uADYR6LPo2LYlSo6DI4wy0=' 'sha256-cH1+lg4dJr7FMyPRntBLER2hcaREO8zDwh5wmjRu4EQ=' 'sha256-/89VXeQIA5Q0hw3N12ouJtrW+Oez7cMNJfGkgxEln5o=' 'sha256-/Q4se7FLGCaPFRdiDgb/uQcgnY12w7eKaV8TA9b4SEc=' 'sha256-g1+M02rsvlWQa9CjaRfEaZvT//NG7UhCKe8br+KXuF8=' 'sha256-Q9miDVY9EmQYHiYVqVW22B4ck3MVy1MYKucyPW6AqWk=' 'sha256-zZp8BI/LRCsExnI71KZA79vRfTQ/33qQr5GcSWAOwto=' 'sha256-EgNBKOia+YkwLJnqORGP1/kLf8CRKfIhJ6yuxB8AU5g=' 'sha256-Q2SnX/r62v6ZKRE0LDy4rr7h0Am5SvjmKmIcnvt5IDY=' 'sha256-VuqcW0soeqvhf6IvNQ/ON9W30r2/sWrVyPeylDtJTE4=' 'sha256-DpOoqibK/BsYhobWHnU38Pyzt5SjDZuR/mFsAiVN7kk=' 'sha256-+cHBYCm7m18szWvCsXBN2DpeVStBGKqKMcE6ABBlX+0=' 'sha256-7L3QqAwjd1IHbJQW1wPxS8OaFzG3IYHSAae/OEAYqyQ=' 'sha256-q2Ota8lM0IpspHPaQ/qA2XlXnzgnd+QA5S5Dcz673B0=' 'sha256-FAqAbxrEDDJCGvJ4Gl5mxeJDcstOgkZyI0DYnxBAqxc=' 'sha256-NxSiB0gow8t7fdIOIpuuHiQBsMUDJZ1DkSah4apBDxY=' 'sha256-jUhGMnyowWE5Darj5kkACGExLPZtfI2yrE7rNAxmGRA=' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-kPvxGF+BhQSxr2aDCNXiJvveeq+LmfZqtH7AZx62UOk=' 'sha256-CYjFW1++spPanZLdwc+LdQaKc1XOjHZUoaI1Vc5T7VE=' 'sha256-wu3gJluHsPexcM0L2bTmsflJi5LPQF4LPQ/Cs+bwQDE=' 'sha256-v6W7drTuTxgEizxhUECDfDhV3qTHNsIZ/dXGoS2g2NU=' 'sha256-QzbuspFx3XWfDfPzTlfR0J2UlRJ1iYhfJ1wQgds/IA0=' 'sha256-hGfK5gahOBj6kuUTycpPC9xEvwIeSQUt+tdsTiscX6k=' 'sha256-ACHSEhmxKWLpd+d5Rd3UlTnV7wbG8unE0SwzWZS+ifE=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-WZ567ntT3BKIFaeoTtOOEdkkOJR5UidQJ809ufOE0zk=' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-Dd/cX5n6TYOEY3Ly2eGfV38NpXlV2a3so8BAL/odEGY=' 'sha256-0EZqoz+oBhx7gF4nvY2bSqoGyy4zLjNF+SDQXGp/ZrY=' 'sha256-mmA4m52ZWPKWAzDvKQbF7Qhx9VHCZ2pcEdC0f9Xn/Po=' 'sha256-vxDh7VAxCA/bCtu0YnWl3bRZqaW9GY9Ms8kSC13F2M0=' 'sha256-/VVOq+Ws/EiUxf2CU6tsqsHdOWqBgHSgwBPqCTjYD3U=' 'sha256-D1M7T0Ub2B2hjk0pBXnzYhEBYbLkzdUhGqi9uiYHmSw=' 'sha256-APrOy8nIZ3XLBwL5bKYrDEJVnCMh2E4zPqfsUGaCOjg=' 'sha256-Ew+ac64tx/Fslcpkd+9dcL+TCbfjaI7sQvlMq2DO3IA=' 'sha256-KIlXIKFGZ/dBp86g+V9El5vjkiS2xYO7pAtmB5gtuL8=' 'sha256-Bi8T5IOX88VG7I808mL3YJ3TH9lPMQ35eK8wwVGeyB0=' 'sha256-yQWaPL9BYwHKDmQmorMnRSP0ryJXNrRaRD1NzpN6fv4=' 'sha256-+17AcPK/e5AtiK52Z2vnx3uG3BMzyzRr4Qv5UQsEbDU=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-V1JRzy/rk1TukCWP6vHw9H16um1Mj6ZlPAK5GQqy2KA=' 'sha256-12CBregf9uH39U/2f2nTzo5qwGBc6Xz2i/qghyMg+AU=' 'sha256-QNZepBp2sFHapu/mZlZx9qzx2uVkSgN5NkyJhrAa8XM=' 'sha256-YTEza4CA2qPCNGLfB6mKa5FjY8kjkO/K7nQxeJxVd9E=' 'sha256-w7l1Afi0STbbri/625i3W2rPOsJA6YmqTuQJSKgj7zo=' 'sha256-TGlEi8oSNBlY3pBlAV+/ri4XUErUyilKVnmt+RQYLJI=' 'sha256-T6AAKdWxO6p6GZVyzGAJDSLhOoPuuoZ6LlqMX153CvM=' 'sha256-4y6R3c8q8xosatWMKmI9+VoG2vGMTENXcPd+Ieohev0=' 'sha256-iGOBlJOMrHBr5j/NTfNowR3/hCg3tRxoB6H+Jr2hpKU=' 'sha256-qBfwcC3tihIOpA6kZyzZDAUGqM4GtZ7w4IxdhqTqK+g=' 'sha256-ZqKyOPEo0RmXqhWwy131Ns62OMQh+DpdHufAXOVA00w=' 'sha256-6OpjuLvmuQBhO3uH72EVJw/fxgN2bG3GEuDN6479hlY=' 'sha256-Cennxi/OT9NGk/n3vAbxqSO+RplSkJ7/j6W0eeYE6Ak=' 'sha256-aTlA09MffLYtPieSY8rI8CKv7kSAhvUQ9uc+feqeJlM=' 'sha256-RgdsHj4vxjPajir1JsL6V8FPj1c2gBvXaUGqlF4LvXw=';img-src 'self' data: * *.hotjar.com;frame-src 'self' *.pinterest.com *.doubleclick.net *.google.com *.sharethis.com *.facebook.com compactpowerrents.brunnerstage.com compactpowerrents.com *.compactpowerrents.com *.adsrvr.org;font-src 'self' * fonts.gstatic.com *.googleapis.com fonts.googleapis.com *.hotjar.com;connect-src 'self' https://pagead2.googlesyndication.com l.sharethis.com *.tiktok.com capi.brunnerworks.com https://bat.bing.com analytics.google.com *.googleapis.com connect.facebok.net *.facebook.com *.pinterest.com *.google.com *.doubleclick.net *.visualstudio.com *.google-analytics.com *.hotjar.io *.hotjar.com ws.hotjar.com wss://*.hotjar.com api.fouanalytics.com *.fouanalytics.com;form-action 'self' *.facebook.com 1
default-src 'self' data: blob: https://dancebug.com https://wwww.dancebug.com *.worldnettps.com https://fts-uat.cardconnect.com/ https://web.squarecdn.com/ https://www.google.com https://pci-connect.squareup.com https://connect.squareup.com *.drcvideo.com *.dacast.com *.cardconnect.com https://pay.google.com https://js.stripe.com/ *.jotform.com https://www.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://secure.convergepay.com *.videojudge.com https://api.convergepay.com/hosted-payments/Checkout.js https://www.googletagmanager.com *.dancebug.com https://web.squarecdn.com/v1/ https://maxcdn.bootstrapcdn.com https://www.google.com https://static.zdassets.com https://www.gstatic.com https://www.google-analytics.com https://ssl.p.jwpcdn.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://cdn.datatables.net https://js.squareup.com https://api-square.nd.nudatasecurity.com https://nd.squarecdn.com *.dacast.com https://unpkg.com https://pay.google.com/gp/p/js/pay.js https://appcenter.intuit.com https://q.stripe.com/ https://js.stripe.com/v3/ https://cdn.jsdelivr.net https://form.jotform.com https://browser.sentry-cdn.com *.jotfor.ms https://www.jotform.com https://connect.facebook.net blob: data: blob:; connect-src 'self' data: blob: https://api.convergepay.com/hosted-payments/service/payment/hpe/process wss://dancebug.com:12354 https://www.facebook.com https://ekr.zdassets.com https://dancebughelp.zendesk.com wss://widget-mediator.zopim.com https://pci-connect.squareup.com https://www.google-analytics.com *.dacast.com *.drcvideo.com https://license.theoplayer.com *.mediamelon.com *.akamaihd.net https://dacastmmd.mmdlive.lldns.net https://www.cloudflare.com https://kinesis.us-east-1.amazonaws.com https://127.0.0.1:41951 https://localhost:41951 *.theoplayer.com https://ekr.zendesk.com; img-src 'self' blob: data: *.jwplayer.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://www.competitivedancer.com https://www.google-analytics.com https://www.videojudge.com https://videojudge.com *.drcvideo.com *.dancebug.com https://dancebug.com https://jwpltx.com https://cdn.datatables.net https://prd.jwpltx.com *.dacast.com https://licensing.theoplayer.com *.adobe.com *.viewdancechallenge.com https://www.gstatic.com https://www.connectsu.com https://appcenter.intuit.com https://cdn.jotfor.ms *.jotform.com https://www.facebook.com; style-src 'self' 'unsafe-inline' https://fonts.cdnfonts.com/css/lemonmilk *.videojudge.com https://assets.dancebug.com https://web.squarecdn.com/ https://use.fontawesome.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://www.google.com https://ajax.googleapis.com https://cdn.datatables.net https://ssl.p.jwpcdn.com *.dacast.com https://vjs.zencdn.net https://www.gstatic.com https://cdnjs.cloudflare.com https://appcenter.intuit.com https://cdn.jsdelivr.net https://cdn.jotfor.ms; font-src 'self' data: https://fonts.cdnfonts.com/s/14917/ https://d1g145x70srn7h.cloudfront.net https://square-fonts-production-f.squarecdn.com/ https://use.fontawesome.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com *.dancebug.com https://dancebug.com *.dacast.com https://cdn.jsdelivr.net; media-src 'self' https://f001.backblazeb2.com *.dancebug.com https://static.zdassets.com *.drcvideo.com https://dacastmmd.mmdlive.lldns.net data: blob:; 1
default-src 'none'; child-src blob: https://mc.yandex.ru; connect-src 'self' https://*.auvix.ru https://*.google-analytics.com https://mc.yandex.ru https://bitrix.info/bx_stat https://stats.g.doubleclick.net; font-src 'self' data: https://*.auvix.ru https://fonts.gstatic.com https://fonts.bitrix24.ru; frame-src 'self' https://www.google.com https://maps.google.com https://www.youtube.com https://yandex.ru blob: https://mc.yandex.ru https://cp.unisender.com; media-src 'self' https://www.youtube.com; img-src 'self' blob: data: https://*.auvix.ru https://*.google-analytics.com https://img.youtube.com https://mc.yandex.ru https://cdn.bitrix24.site https://*.yandex.net https://*.yandex.ru; object-src ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.auvix.ru https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://mc.yandex.ru https://api-maps.yandex.ru https://yastatic.net https://www.googletagmanager.com https://www.youtube.com https://cdn.bitrix24.ru https://cdn-ru.bitrix24.ru https://bitrix.info/ba.js https://*.gstatic.com https://www.google.com https://connect.facebook.net https://cp.unisender.com; style-src 'self' 'unsafe-inline' https://*.auvix.ru https://fonts.googleapis.com https://fonts.bitrix24.ru; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self' blob:;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://snap.licdn.com https://cmp.osano.com https://www.clarity.ms https://cl.qualaroo.com https://cdn.mouseflow.com https://js.adsrvr.org https://js.monitor.azure.com https://fxctag.com https://turbo.qualaroo.com https://maps.googleapis.com https://pi.pardot.com https://minerals.prep.global.weir https://www.google.com;script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/ https://cdn.jsdelivr.net/npm/jquery@3.6.4/ https://www.googletagmanager.com https://js.adsrvr.org https://js.monitor.azure.com https://cmp.osano.com https://fxctag.com https://cdn.mouseflow.com https://www.clarity.ms https://www.google-analytics.com https://snap.licdn.com https://*.qualaroo.com https://www.youtube.com https://maps.googleapis.com https://pi.pardot.com https://minerals.prep.global.weir https://esco.prep.global.weir https://www.gstatic.com https://go.esco.weir https://www.google.com https://s7.addthis.com https://player.vimeo.com https://adriano-au.avanser.com https://*.visualwebsiteoptimizer.com https://*.vwo.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.googleapis.com https://*.vwo.com;img-src 'self' data: https://www.google-analytics.com https://*.google.com https://s3.amazonaws.com https://*.clarity.ms https://match.adsrvr.org https://*.linkedin.com https://fxctag.com https://www.google.ca https://maps.googleapis.com https://www.googletagmanager.com https://www.google.com.au https://www.google.com.do https://www.google.co.za https://www.google.com.my https://www.google.co.id https://www.google.ie https://www.google.co.in https://www.google.com.pg https://www.google.com.pa https://pagead2.googlesyndication.com https://maps.gstatic.com https://www.google.es https://c.bing.com https://www.google.com.hk https://www.google.com.pe https://www.google.bf http://ad.doubleclick.net https://www.google.com.br https://i.ytimg.com https://stats.g.doubleclick.net https://www.google.co.uk https://*.visualwebsiteoptimizer.com;font-src 'self' https://fonts.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.vwo.com data:;media-src 'self';frame-src 'self' https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://*.tools.investis.com https://dntcl.qualaroo.com https://*.adsrvr.org https://www.google.com https://player.vimeo.com https://*.adsrvr.cn https://*.ceros.com https://www.connectidfeed.com/ https://*.vwo.com;report-uri https://cspreportviolations.report-uri.com/r/d/csp/reportOnly;worker-src blob:;connect-src 'self' wss: https://directline.botframework.com https://*.clarity.ms https://px.ads.linkedin.com https://dc.services.visualstudio.com https://*.osano.com https://pagead2.googlesyndication.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://vimeo.com https://*.google.com.au https://*.googleapis.com https://*.google.com.do https://*.google.com.pg https://*.google.com.hk https://*.visualwebsiteoptimizer.com https://*.vwo.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.episerver.com *.episerver.net/ *.webtraxs.com https://www.google-analytics.com/ *.mouseflow.com *.liveperson.net *.gstatic.com *.lpsnmedia.net *.googleapis.com *.visualstudio.com https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://dl.episerver.net/ https://bat.bing.com/ https://www.googleadservices.com/pagead/ https://tcp.googlesyndication/ https://ajax.cloudflare.com/ *.idio.co/ https://az416426.vo.msecnd.net https://static.cloudflareinsights.com/ https://www.youtube.com/ http://d1igp3oop3iho5.cloudfront.net/ https://*.clarity.ms/ https://snap.licdn.com/ https://googleads.g.doubleclick.net/; style-src 'self' 'unsafe-inline' *.ellsworth.com/ https://*.episerver.net/ https://dl.episerver.net/ https://lptag.liveperson.net/ https://lptag.liveperson.net/ *.googleapis.com https://www.googletagmanager.com/; img-src 'self' data: https://www.google.com/ads/ https://www.google-analytics.com/ *.lpsnmedia.net *.webtraxs.com/ https://maps.gstatic.com/ https://csi.gstatic.com/ https://i.ytimg.com/ https://n2.mouseflow.com/ https://stats.g.doubleclick.net/ https://strack.where-to-buy.co/ https://where-to-buy.co/ https://dl.episerver.net/ https://bat.bing.com/action/ https://googleads.g.doubleclick.net/pagead/ https://tcp.googlesyndication/ https://img.youtube.com/ *.idio.co/ *.ellsworth.com https://www.googletagmanager.com/ https://lpcdn.lpsnmedia.net/ https://www.commerce-connector.com/ *.googleapis.com https://fonts.gstatic.com/ https://jumbe.zaius.com/ https://*.clarity.ms/ https://*.bing.com/ https://px.ads.linkedin.com/ https://www.google.com/pagead/; media-src 'self' https://lpcdn.lpsnmedia.net/; font-src 'self' https://fonts.gstatic.com/ https://themes.googleusercontent.com/static/fonts/muli/ https://fonts.gstatic.com/s/muli/v6/ *.googleapis.com; child-src 'self' *.ellsworth.com/ https://*.episerver.net/ *.liveperson.net https://www.youtube.com/embed/ https://lpcdn.lpsnmedia.net/ https://player.vimeo.com/ https://vimeo.com/ https://4262392.va.cobrowse.liveperson.net/ https://www.google.com/recaptcha/ https://ellsworth.us18.list-manage.com/ https://editor.ne16.com/; frame-src 'self' *.ellsworth.com/ https://*.episerver.net/ *.liveperson.net https://pay.sandbox.realexpayments.com/ https://www.youtube.com/embed/ https://lpcdn.lpsnmedia.net/ https://player.vimeo.com/ https://vimeo.com/ https://4262392.va.cobrowse.liveperson.net/ https://www.google.com/recaptcha/ https://ellsworth.us18.list-manage.com/ https://ellsworth-dev.adagetech.net/ https://editor.ne16.com/ https://certtransaction.hostedpayments.com/ https://transaction.hostedpayments.com/ https://app.ne16.com/; connect-src 'self' ws://*.ellsworth.com/ *.ellsworth.com *.visualstudio.com https://*.episerver.net/ wss://*.ellsworth.com/ http://*.episerver.com/ https://n2.mouseflow.com/ https://www.google-analytics.com/ *.liveperson.net https://bat.bing.com/actionp/ https://stats.g.doubleclick.net/ *.googleapis.com https://analytics.google.com/ https://*.clarity.ms/ https://adservice.google.com/ https://cdn.linkedin.oribi.io/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; style-src 'self' 'unsafe-inline' data:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  www.facebook.com connect.facebook.net; connect-src 'self'; frame-src 'self' www.youtube.com https://www.facebook.com; script-src-elem  'self' 'unsafe-inline' 'unsafe-eval'  www.facebook.com connect.facebook.net; 1
frame-src *.bambuser.com *.pzebra.com *.krato.io *.vimeo.com *.facebook.com *.google.com *.youtube.com *.yudu.com *.cloudfront.net *.pinkzebrahome.com  'self' blob:; frame-ancestors 'self' 1
style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src blob: https: data:; frame-src https:; upgrade-insecure-requests; 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https:; img-src 'self' data: https:; style-src 'self' https: 'unsafe-inline'; base-uri 'self'; form-action 'self' https:; worker-src 'self' https:; frame-src 'self' https: 1
script-src 'nonce-1qDdc3z1pL2cCe2QNK2YxzaSqK0=' 'strict-dynamic' 'self' 'unsafe-eval'; base-uri 'self'; object-src 'self'; report-uri https://www.ymcagta.org/cdna-api/webhook/csp; 1
frame-ancestors 'self' http://bleudigo.the513.top https://www.indigo-net.com https://www.indigo.fr; 1
default-src 'self'; img-src * https://*.hotjar.com  https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net data:; media-src www.payininstallments.ph; script-src 'self' https://* 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ https://unpkg.com; style-src 'self' https://* 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://*.googletagmanager.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.oribi.io/ https://*.facebook.com ; frame-src *; object-src 'none'; 1
media-src 'self' data: blob: *.youtube.com *.vica.gov.sg; img-src *.gstatic.com *.googleapis.com *.google.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://test-gpc-1.sg.va.sabio.cloud/GPC/CFP2/VA/SCDF/config/config.json https://www.scdf.gov.sg/ *.vica.gov.sg https://d33wubrfki0l68.cloudfront.net/ 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.wogaa.sg *.googletagmanager.com *.youtube.com *.onemap.sg *.onemap.gov.sg; default-src 'self' *.vica.gov.sg; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com partner.googleadservices.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net https://assets.dcube.cloud/ https://test-gpc-1.sg.va.sabio.cloud/ *.vica.gov.sg https://cdn.jsdelivr.net/npm/@govtechsg/ https://www.cse.google.com/ 'self' cdn.ampproject.org web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval' https://code.jquery.com *.wogaa.sg *.googletagmanager.com cse.google.com *.youtube.com *.onemap.sg *.onemap.gov.sg; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.vica.gov.sg *.wogaa.sg *.youtube.com *.onemap.sg *.onemap.gov.sg; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com 'self' web-chat.nativechat.com *.vica.gov.sg *.youtube.com; connect-src data: accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com https://snowplow.dcube.cloud/sg.wogaa/cs1 *.vica.gov.sg wss://*.vica.gov.sg/ https://stats.g.doubleclick.net/ 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.wogaa.sg *.onemap.sg *.onemap.gov.sg; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://test-gpc-1.sg.va.sabio.cloud/ *.vica.gov.sg https://assets.dcube.cloud/ 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' *.wogaa.sg *.youtube.com *.onemap.sg *.onemap.gov.sg; frame-src https://www.gstatic.com/recaptcha https://google.com/recaptcha https://www.google.com/ 'self' web-chat.nativechat.com *.vica.gov.sg *.youtube.com *.wogaa.sg *.onemap.sg *.onemap.gov.sg 1
frame-src 'self' https://app.powerbi.com https://www.google.com https://static.addtoany.com https://vimeo.com https://www.youtube.com; object-src 'none'; script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.water.org.uk/report-uri/enforce 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.cinemaexpress.com;block-all-mixed-content; 1
default-src *;  img-src * data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.addsearch.com *.cloudfront.net;  script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.bootstrapcdn.com use.fontawesome.com *.googletagmanager.com *.facebook.net  *.searchcdn.com addsearch.com cdn.addsearch.com; font-src * data:; frame-ancestors *.kaiseraluminum.com; 1
default-scr https: data:  'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' 1
frame-ancestors 'self' https://*.townfairtire.com 1
object-src 'none';default-src 'self';frame-src 'self' www.google.com www.youtube.com youtu.be www.googletagmanager.com defensie.matomo.cloud cdn.matomo.cloud ad.doubleclick.net td.doubleclick.net aax-eu.amazon-adsystem.com *.doubleclick.net *.facebook.com www.google.nl;connect-src 'self' stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com www.google.com www.google.be www.youtube.com s.ytimg.com defensie.matomo.cloud cdn.matomo.cloud ad.doubleclick.net td.doubleclick.net aax-eu.amazon-adsystem *.doubleclick.net pagead2.googlesyndication.com *.facebook.com www.google.nl;script-src 'nonce-ZsNyLWEU5jAhtcq8gfJs49VxGihi0cOdx7oJRv/9DxA=' 'strict-dynamic' 'sha256-+QMpjeHPr7lWx1WU2+tmpySZbCXQBSUAbWdUcFY2xmM=' 'sha256-5msWZ5lvLPTzxHF1iYV3kIBAeW30TrGtwY9qaK/dIms=' 'sha256-yMaY29uPlynCXe25rjtjhHxYSyFi7HzjjReas8TcKk8=' 'sha256-WiHRxQNs1YkWgTsRMFVlLl7uaUDSgjSnYoH71xuB33M=' 'sha256-NZ4GOneZgBsRPejXjXvmAaIhZAoNtMnVCSut7/KJSoA=' 'sha256-KFB0gd1NztgpO22RExKjW9PmRP86JAOxmYlz50GecK0=' 'sha256-a2O9uaiiVkb2AyKnweSonu38xRDfF33JmK4NrEQbGmo=' 'sha256-o0cVnFnbHpxbtqnX6h1rSWzKR4Sd+WXOKsHo+cM3ECs=' 'sha256-3WsBXjvgTNvt1YITF5DViCv4GJlByX85uQBiDRRW578=' 'self' 'unsafe-eval' www.gstatic.com/recaptcha/ www.google.com/recaptcha/ www.googletagmanager.com www.youtube.com s.ytimg.com/ www.google-analytics.com youtu.be tagmanager.google.com defensie.matomo.cloud cdn.matomo.cloud stats.g.doubleclick.net ad.doubleclick.net td.doubleclick.net aax-eu.amazon-adsystem *.doubleclick.net *.facebook.com www.google.nl www.google.be www.google.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com/;img-src 'self' *.ytimg.com www.google.co.uk/ads/ www.google.be/ads/ www.google.com/ads/ www.google-analytics.com/ *.gstatic.com/ www.googletagmanager.com *.googleusercontent.com/ *.indeed.com data: ad.doubleclick.net stats.g.doubleclick.net td.doubleclick.net aax-eu.amazon-adsystem *.doubleclick.net www.facebook.com *.facebook.com www.google.nl www.google.com www.google.be;font-src 'self' fonts.gstatic.com fonts.googleapis.com;base-uri 'self'; 1
object-src 'none' blob:; base-uri 'self'; report-uri https://cspappdirect.report-uri.com/r/d/csp/enforce; worker-src 'self' blob:; 1
frame-src * ; default-src https://apis.google.com https://api.ipify.org https://www.reale.es https://fonts.googleapis.com https://www.gstatic.com https://prequotebuyproxy.grupporealemutua.it https://quotebuyproxy.grupporealemutua.it https://maps.googleapis.com https://www.google.com https://consentcdn.cookiebot.com https://amsharedrgprod01.grupporealemutua.it 'self' ; style-src https://md-scp.kampyle.com https://apis.google.com https://blog.reale.es https://www.connectedlife.es/ https://prequotebuyproxy.grupporealemutua.it https://quotebuyproxy.grupporealemutua.it https://www.reale.es https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com 'self' 'unsafe-inline' ; script-src https://ajax.googleapis.com https://cotizador.reale.es https://smetrics.reale.es https://adservice.google.com https://md-scp.kampyle.com https://connect.facebook.net https://try.abtasty.com https://resources.digital-cloud.medallia.eu https://apis.google.com https://prequotebuyproxy.grupporealemutua.it https://quotebuyproxy.grupporealemutua.it https://fonts.googleapis.com https://www.reale.es https://consent.cookiebot.com https://unpkg.com https://apis.google.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://js-cdn.dynatrace.com https://consentcdn.cookiebot.com https://googleads.g.doubleclick.net https://assets.adobedtm.com https://bf07634sen.bf.dynatrace.com https://www.googletagmanager.com https://www.google-analytics.com https://stackpath.bootstrapcdn.com https://bat.bing.com https://static.hotjar.com https://www.clarity.ms https://script.hotjar.com https://v.clarity.ms https://code.jquery.com 'self' 'unsafe-inline' 'unsafe-eval' ; connect-src https://apis.google.com https://blog.reale.es https://smetrics.reale.es https://googleads.g.doubleclick.net https://md-scp.kampyle.com https://resources.digital-cloud.medallia.eu https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://dpm.demdex.net https://bf07634sen.bf.dynatrace.com https://api.ipify.org https://fonts.googleapis.com https://www.gstatic.com https://www.reale.es https://prequotebuyproxy.grupporealemutua.it https://quotebuyproxy.grupporealemutua.it https://maps.googleapis.com https://www.google.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://udc-neb.kampyle.com https://i.clarity.ms https://adservice.google.com https://v.clarity.ms wss://ws.hotjar.com https://vc.hotjar.io https://content.hotjar.io https://metrics.hotjar.io https://l.clarity.ms https://o.clarity.ms https://blog.reale.es 'self' ; font-src https://apis.google.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.reale.es https://prequotebuyproxy.grupporealemutua.it https://quotebuyproxy.grupporealemutua.it https://maps.googleapis.com wss://localhost:44349 https://www.google.com https://api.ipify.org 'self' data: ; img-src https://www.google-analytics.com https://ad.doubleclick.net https://resources.digital-cloud.medallia.eu https://dpm.demdex.net https://www.google.it https://www.facebook.com https://cm.everesttech.net https://smetrics.reale.es https://udc-neb.kampyle.com https://apis.google.com https://prequotebuyproxy.grupporealemutua.it https://quotebuyproxy.grupporealemutua.it https://maps.gstatic.com https://www.google.com https://c.bing.com https://fonts.googleapis.com https://www.reale.es https://maps.google.com https://maps.googleapis.com https://imgsct.cookiebot.com https://realeagenciamicrositespro.112.2o7.net https://c.clarity.ms https://v.clarity.ms https://bat.bing.com https://cloud-observer.ip-label.net 'self' data: ;connect-src 'self' https://connect.facebook.netconnect-src 'self' https://dpm.demdex.neconnect-src 'self' https://try.abtasty.comimg-src 'self' https://smetrics.reale.esscript-src 'self' https://consent.cookiebot.comscript-src 'self' https://connect.facebook.netscript-src 'self' https://try.abtasty.comimg-src 'self' https://smetrics.reale.esconnect-src 'self' https://www.google-analytics.comconnect-src 'self' https://stats.g.doubleclick.netscript-src 'self' https://script.hotjar.comconnect-src 'self' https://adservice.google.comconnect-src 'self' https://s.clarity.msconnect-src 'self' https://c.clarity.msconnect-src 'self' https://q.clarity.msconnect-src 'self' https://v.clarity.msconnect-src 'self' https://smetrics.reale.esconnect-src 'self' https://p.clarity.ms 1
frame-ancestors 'self'  https://*.evergage.com https://www.yamaha-motor.ca; 1
script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://code.jquery.com https://d3js.org https://unpkg.com https://googleads.g.doubleclick.net https://script.crazyegg.com https://www.clarity.ms https://partner.googleadservices.com https://cdn.jsdelivr.net https://connect.facebook.net https://www.youtube.com https://cdnjs.cloudflare.com https://maps.googleapis.com cdn.ergadx.com/js/1508/ads.js https://clientcdn.pushengage.com/core/36435302-6253-4cc0-9e2c-52faa1000fd1.js https://www.google.com/recaptcha/api.js *.hotjar.com *.googlesyndication.com *.googleapis.com https://www.gstatic.com *.newrelic.com *.google.com; 1
default-src 'self' *.google-analytics.com; frame-src 'self' *.facebook.com *.google.com/maps *.youtube-nocookie.com; style-src 'self' *.googleapis.com 'unsafe-inline'; font-src 'self' *.gstatic.com 'unsafe-inline'; script-src 'self' *.facebook.net *.googletagmanager.com *.google-analytics.com *.googleapis.com *.googleadservices.com googleads.g.doubleclick.net 'unsafe-inline'; img-src 'self' *.facebook.com *.google-analytics.com *.ytimg.com *.ucb.com.bd *.google.com.bd *.google.com 1
frame-ancestors 'self'; default-src *.google-analytics.com *.google.com *.google.cz www.googletagmanager.com *.googleapis.com *.doubleclick.net *.linkedin.oribi.io www.youtube.com i.ytimg.com yt3.ggpht.com sprymedia.co.uk static.teamguru.com connect.facebook.net platform.twitter.com *.smartlook.cloud rec.smartlook.com snap.licdn.com px.ads.linkedin.com *.gstatic.com p.adsymptotic.com *.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' blob:; img-src *.teamguru.com *.youtube.com *.linkedin.com *.ytimg.com *.ggpht.com 'self' 1
style-src 'self' 'unsafe-inline' 'unsafe-inline' www2.triodos.com; img-src 'self' p-pan.triodos.com api.triodos.com maps.triodos.com www2.triodos.com video.triodos.com ad.doubleclick.net adservice.google.com adservice.google.co.uk adservice.google.nl adservice.google.be adservice.google.es adservice.google.de www.facebook.com data: android-webview-video-poster:; font-src 'self' data:; script-src 'self' 'nonce-8ebe0998-dbf5-4ece-92c8-06479f2af303' t-pan.triodos.com p-pan.triodos.com www2.triodos.com video.triodos.com chat.triodos.com; frame-src https://www.youtube.com https://www.youtube-nocookie.com; child-src https://www.youtube.com https://www.youtube-nocookie.com; connect-src 'self' p-pan.triodos.com t-pan.triodos.com chat.triodos.com video.triodos.com licensing.bitmovin.com; media-src 'self' blob: video.triodos.com; default-src 'self'; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'nonce-mO5UDHsTJa' https://*.stripe.com https://*.paypal.com https://*.paypalobjects.com;style-src 'self' 'unsafe-inline' https://*.stripe.com https://*.paypal.com;img-src 'self' s.w.org data: https://*.paypal.com https://*.paypalobjects.com https://*.stripe.com;media-src 'self';frame-src 'self' https://*.stripe.com https://*.paypal.com https://*.paypalobjects.com;font-src 'self' data: https://*.stripe.com;connect-src 'self' https://*.geonames.org https://*.geonames.net https://*.paypal.com https://*.stripe.com;frame-ancestors 'self' 1
frame-ancestors https://*.caremc.com https://*.corvel.com https://caremc.com 1
default-src 'self' https://www.downergroup.com https://cdnjs.cloudflare.com https://yourir.info https://www.google.com https://platform.twitter.com https://player.vimeo.com https://maps.googleapis.com https://www.gstatic.com https://www.youtube.com  https://syndication.twitter.com https://fonts.googleapis.com https://www.bugherd.com https://fonts.gstatic.com 'unsafe-inline';  img-src 'self' https://*.userway.org/ https://syndication.twitter.com https://www.downergroup.com https://www.google.com https://maps.gstatic.com https://maps.googleapis.com https://bugherd-attachments.s3.amazonaws.com https://sidebar.bugherd.com https://*.google-analytics.com https://*.googletagmanager.com data: 'unsafe-inline';  frame-src 'self' https://calendly.com/ https://*.userway.org/ https://syndication.twitter.com https://www.youtube.com https://player.vimeo.com https://platform.twitter.com https://e.infogram.com https://widget.tagembed.com https://forms.office.com https://yourir.info https://open.spotify.com https://www.google.com https://sidebar.bugherd.com;  script-src https: 'unsafe-inline' 'unsafe-eval' https://*.userway.org/;  connect-src 'self' *.userway.org/ https://yourir.info https://maps.googleapis.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://bam.nr-data.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;  report-uri /Content/CspReport 1
default-src data: 'self' 'unsafe-eval' 'unsafe-inline' https://*.metawerx.net https://metawerx.net https://google.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.twitter.com https://*.twimg.com https://*.doubleclick.net https://*.alexa.com https://*.facebook.com https://*.fbcdn.net; img-src data: 'self' https://*.twimg.com https://*.twitter.com https://*.metawerx.net https://*.google-analytics.com; frame-src https://*.metawerx.net https://*.twitter.com; frame-ancestors https://*.metawerx.net; report-to default 1
frame-ancestors 'self' myaccount.flogas.co.uk 1
default-src 'self' data: https://accounts.google.com 'unsafe-inline'; child-src 'none'; frame-src https://accounts.google.com; frame-ancestors none 1
default-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net *.sensehqchat.com *.sensehq.com *.careinspectorate.wales *.careinspectorate.com embedsocial.com *.livechatinc.com player.vimeo.com sp.analytics.yahoo.com *.tvsquared.com s.yimg.com tracker.gaconnector.com bat.bing.com cdn.mouseflow.com ict.infinity-tracking.net *.crazyegg.com api.carehome.co.uk www.cqc.org.uk cookie-cdn.cookiepro.com *.onetrust.com cdn.cookielaw.org script.infinity-tracking.com *.vimeocdn.com *.gstatic.com www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.google.com maps.googleapis.com *.twimg.com connect.facebook.net *.googleapis.com ajax.aspnetcdn.com;style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com *.careinspectorate.wales embedsocial.com *.livechatinc.com api.carehome.co.uk www.cqc.org.uk fonts.googleapis.com;connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.sensehqchat.com *.sensehq.com region1.analytics.google.com *.careinspectorate.wales *.mouseflow.com embedsocial.com *.livechatinc.com bat.bing.com cookie-cdn.cookiepro.com cdn.cookielaw.org *.onetrust.com s.yimg.com *.crazyegg.com ict.infinity-tracking.net nas.lon.infinity-tracking.com api.carehome.co.uk cdn.cookielaw.org web.lon.infinity-tracking.com vimeo.com maps.googleapis.com *.google-analytics.com *.doubleclick.net www.facebook.com;font-src 'self' https://fonts.gstatic.com cdn.livechatinc.com fonts.gstatic.com fonts.googleapis.com;frame-ancestors 'self' cms.careuk.com admin.cuk.local uat-cms.careuk.com uat2-cms.careuk.com;frame-src 'self' https://www.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net *.spotify.com maps.google.com maps.google.co.uk *.sensehqchat.com *.careinspectorate.wales *.careinspectorate.com embedsocial.com *.livechatinc.com player.vimeo.com www.google.com www.facebook.com *.googletagmanager.com *.doubleclick.net;img-src 'self' https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://ade.googlesyndication.com https://*.fls.doubleclick.net *.googleapis.com *.careinspectorate.wales *.careinspectorate.com cdn.livechat-files.com cdn.livechatinc.com cdn.cookielaw.org dpm.demdex.net *.tvsquared.com sp.analytics.yahoo.com bat.bing.com api.carehome.co.uk www.cqc.org.uk *.googletagmanager.com maps.gstatic.com maps.googleapis.com *.gstatic.com *.google-analytics.com *.facebook.com *.google.com *.google.co.uk i.vimeocdn.com data:;worker-src 'self' blob: *.careuk.com;media-src 'self' *.careinspectorate.wales *.careinspectorate.com cdn.livechatinc.com;form-action 'self' payments *.worldpay.com; 1
child-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net www.gstatic.com www.google.com *.outbrain.com ;connect-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net *.google-analytics.com noembed.com www.noembed.com cdn.plyr.io cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.doubleclick.net storage.googleapis.com event.talque.com lh3.googleusercontent.com *.googleadservices.com *.google.com *.itsa365.de *.mybeviale.com *.chillventa.de *.hubana.events *.embedded-world.de *.medteclive.com *.euroguss.de *.enforcetac.com *.fachpack.de *.frontale.de *.holz-handwerk.de *.nuernberg-convention.de *.perimeter-protection.de *.biofach.de *.vivaness.de *.interzoo.com *.biofach-japan.com *.galabau-messe.com *.consozial.de *.powtech-technopharm.com *.kommunale.de *.hydrogendialogue.com *.partec.info *.biofach-saudiarabia.com *.biofach-southeastasia.com *.iwa.info *.googlesyndication.com *.outbrain.com *.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io ;default-src 'self' *.azureedge.net ;font-src 'self' fonts.gstatic.com *.azureedge.net 'unsafe-inline' storage.googleapis.com event.talque.com lh3.googleusercontent.com ;img-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net *.google.com *.google.de *.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io snap.licdn.com static.ads-twitter.com analytics.twitter.com t.co www.googletagmanager.com analytics-udg.netdna-ssl.com code.s4d.io *.giphy.com *.clouddrive.com *.webexcontent.com data: blob: *.rackcdn.com data: blob: connect.facebook.net www.facebook.com *.doubleclick.net storage.googleapis.com event.talque.com lh3.googleusercontent.com ;media-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net storage.googleapis.com event.talque.com lh3.googleusercontent.com ;script-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.doubleclick.net cdn.plyr.io noembed.com www.noembed.com *.google.com *.google.de *.vimeocdn.com *.vimeo.com *.akamaized.net www.googletagmanager.com analytics-udg.netdna-ssl.com *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net 'unsafe-eval' *.googleadservices.com *.google.com static.ads-twitter.com analytics.twitter.com t.co snap.licdn.com 'unsafe-inline' www.gstatic.com www.google.com connect.facebook.net www.facebook.com storage.googleapis.com event.talque.com lh3.googleusercontent.com *.outbrain.com ;style-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net 'unsafe-inline' storage.googleapis.com event.talque.com lh3.googleusercontent.com ; 1
default-src 'self' https://tags.tiqcdn.com https://cdn.cookielaw.org https://tag.aticdn.net https://my-basf-privacy.my.onetrust.com https://strawberry.basf.com https://geolocation.onetrust.com; script-src 'self' https://tags.tiqcdn.com https://cdn.cookielaw.org https://tag.aticdn.net https://my-basf-privacy.my.onetrust.com https://strawberry.basf.com https://geolocation.onetrust.com; style-src 'self' 'unsafe-inline' https://tags.tiqcdn.com https://cdn.cookielaw.org https://tag.aticdn.net https://my-basf-privacy.my.onetrust.com https://strawberry.basf.com https://geolocation.onetrust.com; img-src 'self' data: https://tags.tiqcdn.com https://cdn.cookielaw.org https://tag.aticdn.net https://my-basf-privacy.my.onetrust.com https://strawberry.basf.com https://geolocation.onetrust.com; frame-src 'self' https://youtube-nocookie.com https://www.youtube-nocookie.com https://player.youku.com; font-src 'self' data: https://tags.tiqcdn.com https://cdn.cookielaw.org https://tag.aticdn.net https://my-basf-privacy.my.onetrust.com https://strawberry.basf.com https://geolocation.onetrust.com 1
default-src 'self' https://www.google-analytics.com https://analytics.google.com https://l.sharethis.com; font-src  'self'  https://use.fontawesome.com https://cdnjs.cloudflare.com/; img-src 'self' https://bat.bing.com/ https://www.google.com https://platform-cdn.sharethis.com https://www.google.co.in https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googletagmanager.com; frame-ancestors 'self' https://cms.phhmortgage.com:9109; frame-src 'self' https://esign.simplifile.com https://cms.phhmortgage.com:9109 https://bid.g.doubleclick.net https://c.sharethis.mgr.consensu.org https://t.sharethis.com https://www.google.com https://prod.northstar.ellielabs.com https://na3.docusign.net https://api.elliemae.com https://na.account.docusign.com https://widget.trustpilot.com;      script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com/bat.js https://bat.bing.com/p/action/331000377.js https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://platform-api.sharethis.com https://cdnjs.cloudflare.com https://buttons-config.sharethis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://t.sharethis.com https://www.gstatic.com https://widget.ellieservices.com https://protect-eu.mimecast.com https://security-eu.mimecast.com https://widget.trustpilot.com https://www.googleadservices.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://cdnjs.cloudflare.com/; object-src 'none'; base-uri 'self' https://cms.phhmortgage.com:9109; form-action 'self' https://partnerapi.lending.mortgagesvcs.com https://widget.ellieservices.com; report-uri https://www.phhmortgage.com/csp-report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' qchat.rizon.net https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' api.modarchive.org; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com 1
frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com 1
default-src 'self' *.cookiepro.com *.crazyegg.com *.doubleclick.net *.episerver.net *.gmo.com *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.jquery.com *.jsdelivr.net *.kaltura.com *.lever.co *.moatads.com *.monitor.azure.com *.msecnd.net *.onetrust.com *.pardot.com *.quantcount.com *.quantserve.com siteimproveanalytics.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.taleo.net *.visualstudio.com *.youtube.com *.ytimg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cookiepro.com *.crazyegg.com *.doubleclick.net *.episerver.net *.google.com *.google-analytics.com *.googletagmanager.com *.gmo.com *.gstatic.com *.jquery.com *.jsdelivr.net *.kaltura.com *.moatads.com *.monitor.azure.com *.msecnd.net *.onetrust.com *.quantcount.com *.quantserve.com siteimproveanalytics.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.taleo.net *.visualstudio.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' *; font-src 'self' data: *; img-src 'self' data: * 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-pr+xUsXoPjIJpDQ1NMDTLVsaH61mD2pJitYQ6/N+p3A3ln3a' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' 'self' data: https:; report-uri /report-csp-violation 1
object-src 'self'; worker-src 'self'; base-uri 'self'; frame-ancestors 'self'; report-uri https://www.jechange.fr/report-uri/enforce 1
block-all-mixed-content; require-sri-for 'self'; upgrade-insecure-requests; report-uri https://bitwoci.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.maps.yandex.net https://api-maps.yandex.ru https://bitrix.info https://cdnjs.cloudflare.com https://mc.yandex.ru https://yastatic.net;style-src 'self' 'report-sample' 'unsafe-inline' cdnjs.cloudflare.com;object-src 'none';frame-src 'self' https://*.yandex.net https://*.yandex.ru;child-src 'self';img-src 'self' data: blob: *.yandex.ru yandex.ru *.maps.yandex.net cdnjs.cloudflare.com;font-src 'self' cdnjs.cloudflare.com;connect-src 'self' bitrix.info cdnjs.cloudflare.com mc.yandex.ru;manifest-src 'self';base-uri 'self';form-action 'self';media-src 'self';worker-src 'self'; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://framer.com https://*.beta.framer.com https://sites.framer.com; report-uri https://sentry.io/api/2963040/security/?sentry_key=05dcfd8152434a7385d322f28af36f66 1
frame-ancestors https://*.smartrecruiters.com 1
upgrade-insecure-requests; default-src 'self' data: https://cdnjs.cloudflare.com wss://ws.pusherapp.com https://www.facebook.com/ *.facebook.com https://demos.calixtachat.com *.yggs.io wss://ws-mt1.pusher.com/ *.pusher.com https://api.refiner.io/ https://api-js.mixpanel.com/ *.hotjar.com *.hotjar.io wss://ws6.hotjar.com/api/v2/client/ws wss://ws43.hotjar.com/api/v2/client/ws https://api.auronix.com wss://api.auronix.com/frontend/aurochat/socket.io/; font-src data: 'self' https://cdnjs.cloudflare.com; img-src data: https: 'self' blob:; media-src *; object-src 'none'; script-src data: http: 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; frame-src * 1
frame-ancestors https://www.constructionspecifier.com/ https://kenilworth.com/ https://www.csiresources.org 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com ssl.google-analytics.com ee.hit.gemius.pl *.googletagmanager.com *.google-analytics.com *.youtube.com lt.morningstar.com nasdaqbaltic.com fonts.googleapis.com fonts.gstatic.com *.soundcloud.com *.news.eu.nasdaq.com *.vimeo.com *.analytics.google.com 1
default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; connect-src 'self' https://onionoo.torproject.org/; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts; object-src 'self'; 1
default-src 'self' *.wistia.com *.wistia.net; base-uri 'self'; child-src 'self'; form-action 'self' go.teledynelecroy.com pcdn.teledynelecroy.com; frame-ancestors 'none'; frame-src 'self' go.teledynelecroy.com www.youtube.com cdn.teledynelecroy.com assets.lcry.net fast.wistia.com fast.wistia.net https://vars.hotjar.com; manifest-src 'none'; object-src 'self' cdn.teledynelecroy.com assets.lcry.net; upgrade-insecure-requests; worker-src 'self' blob:; connect-src 'self' www.google-analytics.com api.cludo.com *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://cookie-cdn.bc0a.com https://*.algolia.net; font-src 'self' data: *.gstatic.com *.wistia.com http://script.hotjar.com https://script.hotjar.com https://*.teledynelecroy.com tigr.tdn.gtranslate.net; img-src 'unsafe-inline' 'self' *.gstatic.com https://*.bc0a.com data: teledynelecroy.com assets.lcry.net www.google-analytics.com www.googletagmanager.com *.wistia.com i2.ytimg.com px.ads.linkedin.com *.akamaihd.net *.cludo.com go.teledynelecroy.com img.youtube.com storage.pardot.com b97.yahoo.co.jp https://script.hotjar.com http://script.hotjar.com www.google.com; media-src 'self' blob: data: assets.lcry.net *.wistia.com *.wistia.net embedwistia-a.akamaihd.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' assets.lcry.net *.teledynelecroy.com *.wistia.com *.wistia.net src.litix.io www.google-analytics.com www.googletagmanager.com tagmanager.google.com snap.licdn.com/li.lms-analytics/insight.min.js www.googleadservices.com b92.yahoo.co.jp b97.yahoo.co.jp s.yimg.jp pi.pardot.com www.google.com cse.google.com ja.teledynelecroy.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://*.bc0a.com static.cloudflareinsights.com *.doubleclick.net https://js.sentry-cdn.com/a3591ba5e949a37083cc6f5a4191e903.min.js; style-src 'unsafe-inline' 'self' blob: fast.wistia.com fonts.googleapis.com ajax.googleapis.com translate.googleapis.com assets.lcry.net cdnjs.cloudflare.com ja.teledynelecroy.com tagmanager.google.com www.googletagmanager.com fonts.googleapis.com; 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.hsbc.com.hk:* bat.bing.com *.amazon-adsystem.com *.hsbc.ca tpc.googlesyndication.com *.v.liveperson.net googleads.g.doubleclick.net connect.facebook.net lptag.liveperson.net lpcdn.lpsnmedia.net www.googletagmanager.com accdn.lpsnmedia.net tags.tiqcdn.com www.google-analytics.com www.googleadservices.com ssl.google-analytics.com www.google.com googletagmanager.com mcm-prod.hsbc.ca www.google.ca cdn.appdynamics.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.hsbc.com.hk:* http://127.0.0.1:5000 http://127.0.0.1:5000/* *.hsbc.ca bat.bing.com *.siteintercept.qualtrics.com adservice.google.com *.brightcovecdn.com *.api.brightcove.com ad.doubleclick.net brightcove.hs.llnwd.net maps.googleapis.com www.googletagmanager.com analytics.google.com www.google-analytics.com stats.g.doubleclick.net *.va.cobrowse.liveperson.net mcm-prod.hsbc.ca rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net www.facebook.com www.google.com *.qualtrics.com cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com 8710119.fls.doubleclick.net; frame-ancestors 'self' www.hsbc.ca; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com cdn.jsdelivr.net at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com *.lpcdn.lpsnmedia.net brightcove.hs.llnwd.net ssl.gstatic.com manifest.prod.boltdns.net; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report; 1
frame-ancestors 'self' *.kunzmann.de 1
default-src 'self' https://www.vanquis.co.uk/; object-src 'self' https://cdn-p.vanquis.co.uk; media-src 'self' *.synthetix.com; img-src 'self' https://www.google.nl https://www.gstatic.com https://www.google.ie https://cdn-p.vanquis.co.uk data: *.godaddy.com *.cookielaw.org *.contentsquare.net *.googleadservices.com *.synthetix.com *.ytimg.com https://www.youtube.com/ https://9155399.fls.doubleclick.net https://providentfinancialmanagement.d3.sc.omtrdc.net https://bat.bing.com https://www.facebook.com https://*.google-analytics.com https://www.google-analytics.com https://cm.everesttech.net https://dpm.demdex.net/ https://www.google.com/ https://www.google.co.uk/ https://www.googletagmanager.com/ https://ade.googlesyndication.com/ https://googleads.g.doubleclick.net/ https://www.vanquis.co.uk/ https://www.googleads.g.doubleclick.net https://*.qualtrics.com; style-src 'self' 'unsafe-inline' optimize.google.com *.googleadservices.com *.synthetix.com https://fonts.googleapis.com/css2 https://fonts.googleapis.com/css https://use.fontawesome.com https://www.googletagmanager.com ; font-src 'self' *.googleadservices.com *.synthetix.com https://use.fontawesome.com https://fonts.gstatic.com https://www.googletagmanager.com; frame-src 'self' optimize.google.com *.googleadservices.com *.synthetix.com https://www.youtube.com/ https://cdn-p.vanquis.co.uk https://widget.trustpilot.com/ https://signup.consents.online https://servedby.flashtalking.com https://9155399.fls.doubleclick.net https://provident.demdex.net https://connect.consents.online/ https://www.googletagmanager.com https://*.qualtrics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:  *.godaddy.com *.googleoptimize.com *.contentsquare.net *.googleadservices.com *.synthetix.com optimize.google.com https://unpkg.com/web-vitals https://*.google-analytics.com https://www.google-analytics.com https://cdn.cookielaw.org https://widget.trustpilot.com/ https://vanquis.co.uk/ https://www.googletagmanager.com https://*.qualtrics.com; script-src-elem 'self' 'unsafe-inline' *.godaddy.com *.googleoptimize.com *.cookielaw.org *.contentsquare.net *.contentsquare.com *.googleadservices.com *.synthetix.com optimize.google.com https://www.googletagmanager.com http://widget.trustpilot.com https://cdn.cookielaw.org https://*.google-analytics.com https://www.google-analytics.com https://unpkg.com/web-vitals https://bat.bing.com https://connect.facebook.net https://vanquis.co.uk/ https://pagead2.googlesyndication.com/ https://*.qualtrics.com; connect-src 'self' *.contentsquare.net *.googleadservices.com *.synthetix.com http://providentpersonalcre.tt.omtrdc.net https://cdn.cookielaw.org http://mboxedge37.tt.omtrdc.net/ https://www.google.com https://dpm.demdex.net https://privacyportal-de.onetrust.com https://googleads.g.doubleclick.net https://providentfinancialmanagement.d3.sc.omtrdc.net https://stats.g.doubleclick.net https://dareboost.com https://pagead2.googlesyndication.com https://*.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://globalsiteanalytics.com/resource/resource.png https://globalsiteanalytics.com/service/hdim https://*.qualtrics.com 1
default-src *;             style-src 'self' 'unsafe-inline' 'unsafe-eval' http://fonts.googleapis.com https://code.google.com https://developers.google.com https://cam.mycii.in https://cii.in https://www.cii.in;            script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google.com http://ajax.googleapis.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://www.google-analytics.com http://static.hotjar.com https://connect.facebook.net https://script.hotjar.com http://www.googleadservices.com http://www.google-analytics.com http://connect.facebook.net https://platform.twitter.com/ https://*.cloudfront.net https://*.aspnetcdn.com https://*.jquery.com https://cii.in https://www.cii.in;             img-src 'self' data: 'unsafe-eval' https://www.google-analytics.com https://furrowthebrow.github.io https://www.google.com https://www.google.co.in https://www.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://www.mycii.in https://cii.in https://www.cii.in;            font-src 'self' data: 'unsafe-eval' https://fonts.gstatic.com https://cii.in https://www.cii.in; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.soundcloud.com *.spotify.com *.acast.com *.simplecast.com *.captivate.fm *.report-uri.com *.cookielaw.org ajax.cloudflare.com *.googleapis.com *.facebook.net *.linkedin.com cdn.linkedin.oribi.io *.instagram.com *.cdninstagram.com *.amazonaws.com *.google.com *.youtube.com *.megaphone.fm *.vimeo.com vimeo.com *.gstatic.com *.oniqa.com *.onistaged.com *.onenorth.com *.velaw.com *.vuturevx.com *.googletagmanager.com *.google-analytics.com *.yoshki.com *.stitcher.com stitcher.com sentry.io *.helpshift.com *.apple.com apple.com tunein.com *.tunein.com static.ads-twitter.com snap.licdn.com anchor.fm; object-src 'self'; img-src 'self' *.cookielaw.org *.googleapis.com *.instagram.com *.cdninstagram.com *.amazonaws.com *.google.com *.youtube.com *.megaphone.fm *.vimeo.com vimeo.com *.gstatic.com *.oniqa.com *.onistaged.com *.onenorth.com *.vuturevx.com *.velaw.com *.googletagmanager.com *.google-analytics.com *.yoshki.com *.heyzine.com static.ads-twitter.com analytics.twitter.com *.facebook.net *.facebook.com snap.licdn.com *.linkedin.com cdn.linkedin.oribi.io t.co *.adsymptotic.com data:; font-src 'self' fonts.gstatic.com data:; report-uri 1
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval' script-src * 'unsafe-inline' 'unsafe-eval' connect-src * 'unsafe-inline' img-src * data: blob: 'unsafe-inline' frame-src *; style-src * data: blob: 'unsafe-inline' font-src * data: blob: 'unsafe-inline'; 1
upgrade-insecure-requests; frame-ancestors 'none'; script-src blob: 'unsafe-inline' 'unsafe-eval' 'self' *.google.com *.googleadservices.com https://careers-kemin.icims.com https://maps.googleapis.com https://www.googleoptimize.com https://www.clarity.ms https://assets.adobedtm.com https://embed.typeform.com https://mc.yandex.ru https://js.usemessages.com https://code.jquery.com https://cdn.jsdelivr.net *.cloudflare.com https://connect.facebook.net https://fonts.googleapis.com https://forms.hsforms.com https://hsforms.com *.g.doubleclick.net *.hsadspixel.net *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com https://keminindustries.sc.omtrdc.net *.typekit.net *.sitescout.com *.cloud.coveo.com https://s7d2.scene7.com https://fast.wistia.net  https://fast.wistia.com  *.licdn.com https://stats.g.doubleclick.net https://stats.sa-as.com *.marketingcloudfx.com *.hubspot.com *.pixel.ad *.typekit.net *.google.ca *.google-analytics.com *.googletagmanager.com *.gstatic.com *.youtube.com https://cdn.leadmanagerfx.com;  object-src 'none' 1
frame-ancestors 'self' https://*.flashbay.com https://*.app.netsuite.com 1
frame-ancestors 'self' qr-generator.test *.qr-generator.test egodit.org *.egodit.org qr-code-generator.com *.qr-code-generator.com qr-code-generator.de *.qr-code-generator.de qrcode-generator.de *.qrcode-generator.de egoditor.com *.egoditor.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' snap.licdn.com *.youtube.com *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com *.googletagmanager.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://www.thompsoncoburn.com *.ads.linkedin.com https://p.adsymptotic.com; media-src 'self' data: blob:; frame-src 'self' https://www.npr.org https://www.youtube.com https://w.soundcloud.com https://player.vimeo.com https://www.google.com https://platform.twitter.com/ https://platform.twitter.com/widgets.js https://syndication.twitter.com/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com https://platform.twitter.com/ https://syndication.twitter.com/; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.googletagmanager.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.usercentrics.eu *.gstatic.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.dokom21.de c.leadlab.click *.googleadservices.com *.trustedshops.com *.hotjar.com snap.licdn.com *.onlyfy.jobs www.youtube.com; connect-src 'self' wss://*.hotjar.com *.onlyfy.jobs *.usercentrics.eu *.analytics.google.com content.hotjar.io wss://wsp33.hotjar.com cdn.linkedin.oribi.io *.googletagmanager.com *.google-analytics.com *.iadvize.com *.googleapis.com *.dokom21.de t.leadlab.click *.hotjar.com stats.g.doubleclick.net *.trustedshops.com api.trustbadge.etrusted.com trustbadge.api.etrusted.com logging.trustbadge.com; img-src 'self' *.dokom21.de maps.gstatic.com maps.googleapis.com googletagmanager.com data: googletagmanager.com *.tradedoubler.com *.usercentrics.eu www.google-analytics.com *.iadvize.com *.trustedshops.com *.linkedin.com *.google.com *.google.de; style-src 'self' 'unsafe-inline' fast.fonts.net *.iadvize.com; base-uri 'self';form-action 'self' *.dokom21.de service.dokom.net www.dokom21-webagent.de; object-src 'none'; frame-src 'self' *.onlyfy.jobs playout.3qsdn.com frontend.vlink.com *.google.com *.iadvize.com *.usercentrics.eu *.hotjar.com dokom21.jobbase.io www.youtube-nocookie.com; worker-src 'self' 'unsafe-inline' *.dokom21.de blob: ; frame-ancestors 'self' *.ipcentrex21.de http://127.0.0.1 http://localhost 1
default-src 'self';  script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://tagmanager.google.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' divvydrive.com/DasWebAppMedyaShow 'unsafe-inline' data:;  font-src 'self' 'unsafe-inline' data:; connect-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://tagmanager.google.com; 1
frame-ancestors http://myota.tradingacademy.com https://myota.tradingacademy.com; child-src https://www.google.com/ https://www.youtube.com/; 1
default-src 'self' *.infinity-tracking.net *.infinity-tracking.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.google.com *.facebook.net *.aspnetcdn.com *.youtube.com *.twitter.com *.ytimg.com *.twimg.com *.linkedin.com *.stumbleupon.com *.azureedge.net *.marketo.net *.eloqua.com *.en25.com *.ampproject.org *.cloudflare.com static.cloudflareinsights.com *.licdn.com *.bootstrapcdn.com *.trustpilot.com *.jsdelivr.net *.unpkg.com *.googletagmanager.com *.jquery.com *.doubleclick.net *.kldiscovery.com *.googleusercontent.com *.google-analytics.com *.googleadservices.com *.krollontrack.com *.bootstrapcdn.com *.momentjs.com *.typeform.com *.infinity-tracking.net *.infinity-tracking.com *.usemessages.com *.hsleadflows.net *.hubspot.com *.hsforms.net *.hsforms.com *.hubspot.com *.hubapi.com *.hscollectedforms.net *.hsforms.net *.hs-banner.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hsforms.com *.unpkg.com unpkg.com *.google.com *.yimg.jp *.yahoo.co.jp *.plavxml.com *.onetrust.com *.cookielaw.org js.monitor.azure.com *.msecnd.net *.hscta.net tags.srv.stackadapt.com srv.stackadapt.com east.srv.stackadapt.com uw.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.telerik.com *.google.com *.azureedge.net *.twitter.com *.twimg.com *.typekit.net *.trustpilot.com *.bootstrapcdn.com *.jquery.com *.bootstrapcdn.com tags.srv.stackadapt.com; font-src 'self' *.gstatic.com *.telerik.com *.bootstrapcdn.com data: *.typekit.net *.bootstrapcdn.com; img-src 'self' data: blob: *.azureedge.net *.cleverbridge.com *.delicious.com *.doubleclick.net *.eloqua.com *.facebook.com *.google.com *.googleapis.com *.google-analytics.com *.googleusercontent.com *.google.co.uk *.google.pl *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.com *.hubspot.com *.hubspotusercontent20.net *.ibas.com *.compiled.com *.kldiscovery.com *.ediscovery.com *.linkedin.com *.ontrack.com *.redditstatic.com *.sitefinity.com *.static.licdn.com *.tumblr.com *.twimg.com *.twitter.com *.windows.net *.yahoo.co.jp *.onetrust.com *.cookielaw.org tags.srv.stackadapt.com; media-src 'self' data: blob: *.youtu.be *.youtube.com *.blob.core.windows.net *.kldiscovery.com *.googleusercontent.com *.ediscovery.com; frame-src 'self' *.google.com *.youtu.be *.youtube.com *.youtube-nocookie.com youtube-nocookie.com *.hubspot.com *.taleo.net *.trustpilot.com *.hubapi.com *.doubleclick.net *.hsforms.com *.typeform.com *.avrotros.nl *.hsforms.net; child-src 'self' *.twitter.com *.twitter.com *.youtube.com *.youtu.be *.vimeo.com *.soundcloud.com *.google.com *.google.com *.facebook.com *.facebook.com *.stumbleupon.com *.trustpilot.com *.doubleclick.net *.hubspot.com *.infinity-tracking.net *.infinity-tracking.com *.hsforms.com blob:; connect-src 'self' wss: *.google.com *.sitefinity.com *.mktoresp.com *.trustpilot.com *.googleusercontent.com cloudflareinsights.com *.infinity-tracking.net *.infinity-tracking.com google-analytics.com *.google-analytics.com *.unpkg.com unpkg.com *.hubspot.com *.hsforms.com *.hubspot.com *.hubapi.com *.cleverbridge.com *.ampproject.org *.doubleclick.net dc.services.visualstudio.com *.googletagmanager.com *.onetrust.com *.cookielaw.org tags.srv.stackadapt.com; 1
frame-ancestors 'self' https://*.superoffice.com https://zamnesiasp.inone.useinsider.com; 1
frame-ancestors https://*.etracker.com 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src https://*.google-analytics.com https://suggestions.dadata.ru https://*.doubleclick.net https://sendsay.ru https://*.sendsay.ru https://*.google.com https://*.gstatic.com https://*.yandex.ru https://uaas.yandex.ru https://*.amplitude.com https://amdgstat.ru https://*.amdgstat.ru https://*.skcrtxr.com https://*.beeline.ru 'self'; script-src https://*.doubleclick.net https://*.artfut.com https://*.googleadservices.com https://yastatic.net https://*.mail.ru https://*.googletagmanager.com https://*.google-analytics.com https://*.yandex.ru https://*.yandex.net https://*.sendsay.ru https://*.vk.com https://vk.com https://*.amdgstat.ru https://*.terratraf.io https://*.soloway.ru https://*.adhigh.net https://*.adriver.ru https://*.bumlam.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.skcrtxr.com https://*.beeline.ru 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; img-src https://*.doubleclick.net https://*.google.com https://vk.com https://*.google.ru https://*.yandex.ru https://*.yandex.net https://*.mail.ru https://*.google-analytics.com https://*.webvisor.com https://*.adhigh.net https://*.adriver.ru https://*.bumlam.com https://*.amdgstat.ru https://*.skcrtxr.com https://*.beeline.ru 'self' blob: data:; frame-src https://youtube.com https://*.youtube.com https://rutube.ru https://*.rutube.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.by https://*.yandex.com https://*.yandex.com.tr https://*.webvisor.com https://*.google.com https://recaptcha.google.com/recaptcha/ https://*.gstatic.com https://*.skcrtxr.com https://*.beeline.ru 'self' blob: data:; font-src 'self' data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: https://api.boast.io https://kit.fontawesome.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; 1
default-src 'self' https://*.applicationinsights.azure.com; object-src 'none'; frame-ancestors http://localhost:51783 https://localhost https://*.isolvedhcm.com https://*.myisolved.com https://www.goqforce.com https://fusion.avintus.com https://cohere.ctrhcm.com https://www.iesonline.co https://benefitservices.infinisource.com https://www.hkp-usa.com https://www.dominionpayroll.net https://www.aholawebpr.com https://www.coastalpayroll.net https://www.sbspayroll.biz https://payroll.precisionpayrollevv.com https://payroll.paymastersinc.com https://connect.threadhcm.com https://online.commpayhr.com https://www.cpcpayroll.co https://db.zumapay.com ; base-uri 'self'; img-src 'self' https://*.blob.core.windows.net https://*.azureedge.net;sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox; script-src 'self' 'nonce-hnEnGRQWdc71hOfdi3Q+9Nkw' 'strict-dynamic'; 1
default-src 'self' *.stripe.com;script-src 'self' 'nonce-aeef52ff-101d-4315-888b-1f15819a1a43' js.stripe.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://connect.facebook.net/en_US/fbevents.js https://d2wy8f7a9ursnm.cloudfront.net/bugsnag-3.min.js connect.facebook.net https://graph.facebook.com app.intercom.io widget.intercom.io *.intercomcdn.com blob: https://*.googletagmanager.com https://static.nrk.no https://fpnpmcdn.net https://securepubads.g.doubleclick.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com;font-src 'self' fonts.gstatic.com data: js.intercomcdn.com https://fonts.intercomcdn.com maxcdn.bootstrapcdn.com;img-src 'self' data: blob: *.fbcdn.net *.fbsbx.com *.stripe.com *.gstatic.com *.facebook.com images.ctfassets.net notify.bugsnag.com spleisprod.s3.amazonaws.com innhold.spleis.no *.intercomcdn.com *.intercomassets.com https://downloads.intercomcdn.eu https://uploads.intercomusercontent.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu *.googleusercontent.com https://*.google-analytics.com https://*.googletagmanager.com *.googlesyndication.com;connect-src 'self' wss://*.spleis.no github.com checkout.stripe.com *.signicat.com api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io api-ping.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io *.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.intercomusercontent.com notify.bugsnag.com https://data.brreg.no https://sessions.bugsnag.com https://graph.facebook.com/v2.3/me www.facebook.com data.heroku.com https://dataclips-v2.s3.amazonaws.com/dataclips https://api.sjpf.io/ https://eu.api.fpjs.io/ https://fingerprint-worker-production.spleis.workers.dev *.fpapi.io https://data-nsr.udir.no/v3/enheter/sok https://data-nbr.udir.no/v3/enheter/sok https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://openfpcdn.io https://fpnpmcdn.net pagead2.googlesyndication.com https://securepubads.g.doubleclick.net/;object-src 'none';frame-src 'self' js.stripe.com share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://fast.wistia.net www.youtube.com youtube.com player.twitch.tv clips.twitch.tv twitch.tv player.vimeo.com https://www.google.com www.facebook.com s-static.ak.facebook.com static.ak.facebook.com staticxx.facebook.com connect.facebook.net m.facebook.com https://static.nrk.no https://tpc.googlesyndication.com/ *.safeframe.googlesyndication.com/;form-action 'self' https://api.vipps.no;frame-ancestors 'self' www.facebook.com;media-src 'self' *.intercomcdn.com videos.ctfassets.net blob:;base-uri 'self';script-src-attr 'none';upgrade-insecure-requests 1
object-src 'none';frame-ancestors 'self';base-uri 'none';upgrade-insecure-requests 1
frame-ancestors 'self' https://www.gamer.no *.ggez.no https://forum.kvinneguiden.no; 1
default-src 'self' https://*.nanelo.com https://nanelo.com; style-src 'unsafe-inline' 'self' https://*.nanelo.com https://nanelo.com; img-src 'self' data: https:; object-src 'none'; script-src 'sha256-r1eFpru1CrxDaAH5d03flbU3Dd2prcWxvprI2COfRII=' 'self' 1
default-src * blob: 'unsafe-inline' 'unsafe-eval'; script-src * blob: 'unsafe-inline' 'unsafe-eval'; worker-src * blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; font-src * data: 'unsafe-inline'; frame-ancestors 'self'; form-action *; 1
img-src 'self' data: *; default-src 'self' 'unsafe-inline' 'unsafe-eval' maasstad.local www.google-analytics.com www.googletagmanager.com tagmanager.google.com plus.google.com ajax.aspnetcdn.com www.facebook.com twitter.com www.linkedin.com www.youtube.com www.pinterest.com www.instagram.com digid.nl fast.fonts.com *.maasstadziekenhuis.nl *.maasstadehealth.nl guidingtube.com *.guidingtube.com; script-src * data: application/javascript 'unsafe-inline' 'unsafe-eval'; frame-src data: 'self' santeon.nl *.youtube.com *.youtube-nocookie.com guidingtube.com *.guidingtube.com beterdichtbij.nl *.beterdichtbij.nl indiveo.services 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-MMaJvkmdaIZnYnZY-oVNjA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
base-uri https://www.pfeiffer-vacuum.com; font-src 'self' https: data:; form-action *; frame-ancestors *; img-src 'self' https: data:; object-src 'none'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' pfeiffervacuum-bf09.kxcdn.com; upgrade-insecure-requests; default-src 'self' data:; media-src cdn.plyr.io youtu.be www.youtube.com www.pfeiffer-vacuum-china.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu *.storyblok.com www.googletagmanager.com www.google-analytics.com api.privacyhub.pro blob: pfeiffervacuum-bf09.kxcdn.com engagement.juneapp.com www.pfeiffer-vacuum-china.com www.youtube.com youtu.be; connect-src 'self' *.usercentrics.eu region1.analytics.google.com *.google-analytics.com/ *.doubleclick.net https://sso.pfeiffer-vacuum.com/auth/ *.sentry.io   api.friendlycaptcha.com engagement.juneapp.com smc-lp.s4hana.ondemand.com cdn.plyr.io noembed.com https://salesviewer.org/; frame-src 'self' https://sso.pfeiffer-vacuum.com/auth/ app.usercentrics.eu www.youtube.com api.privacyhub.pro www.pfeiffer-vacuum-china.com https://www.pfeiffer-vacuum.com; worker-src 'self' blob:; child-src 'self' blob:; report-uri https://o4504961394343936.ingest.sentry.io/api/4505364029440000/security/?sentry_key=513777765135426b8f5d5822761bf101 1
frame-ancestors 'self' https://dekra.e-spirit.hosting 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' blob: api.aituria.com overbridgenet.com *.google.com.br *.google.com.au *.google.co.uk cdn-images.mailchimp.com api.global-data-lab.com *.linkedin.com analytics.tiktok.com *.cdnfonts.com 5gtvu7km85.execute-api.us-east-1.amazonaws.com api.fbanalytics.org *.navisperformance.com *.google.es *.google.com.mx *.google.ch *.google.ca vimeo.com *.launchdarkly.com api.datacloudstat.com *.pixel.ad *.sitescout.com sitescout.com *.basis.net api.w3-edge.com scatec.io *.scatec.io spreedly.com sdk.selfbook.com pay.google.com *.googlesyndication.com linkcenter.derbysoftca.com *.ingest.sentry.io visitingmedia.com *.clarity.ms *.onetrust.com *.cookielaw.org *.sentry-cdn.com *.cendyn.com *.cendynhub.com capture.duettoresearch.com *.pcibooking.net secure.livechatinc.com *.thehotelsnetwork.com tag.yieldoptimizer.com *.livechatinc.com booking.azds.com linkcenterus.derbysoftsec.com cdnjs.cloudflare.com *.otstatic.com *.triptease.io *.opentable.com *.sojern.com api.ipstack.com newbooking.azds.com rw1.marchex.io widgets.nightpro.co *.youtube.com api.ipstack.com widgets.tablelist.com *.speedrfp.com *.gstatic.com *.googleadservices.com *.facebook.com *.yahoo.com *.doubleclick.net *.facebook.net *.googletagmanager.com *.googleapis.com *.google-analytics.com *.google.com *.bing.com; script-src-elem 'self' 'unsafe-inline' data: static.hotjar.com dynamic.criteo.com sc-static.net s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js www.typesample.com js.adsrvr.org snap.licdn.com use.fontawesome.com sibautomation.com analytics.tiktok.com *.navisperformance.com *.rewardstyle.com *.googlesyndication.com unpkg.com *.pinterest.com cdnjs.cloudflare.com *.triptease.io *.pixel.ad *.otstatic.com *.sentry-cdn.com linkcenterus.derbysoftsec.com *.azds.com bat.bing.com *.thehotelsnetwork.com *.opentable.com *.basis.net *.sojern.com *.googleapis.com *.pagespeed-mod.com *.facebook.net *.optimonk.com *.doubleclick.net *.clarity.ms *.google-analytics.com *.google.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.googleadservices.com; media-src 'self' data:; font-src 'self' data: static.designmanager.com sc-static.net ray.st unpkg.com at.alicdn.com static.matterport.com netdna.bootstrapcdn.com static.hsappstatic.net use.fontawesome.com account.affilitizer.com *.googleapis.com shopping.qantas.com www.slant.co account.affilitizer.com assets.tailwindapp.com connorbrez.gitlab.io cdn.scite.ai images.simplycodes.com fonts.cdnfonts.com http://themes.googleusercontent.com static.zip.co *.wp.com *.thehotelsnetwork.com *.otstatic.com newbooking.azds.com *.properhotel.com *.gstatic.com *.typekit.net; img-src 'self' data: blob: *.google.co.kr *.optimizingmatters.com optimizingmatters.com criticalcss.com sp-ao.shortpixel.ai *.googleadservices.com *.google.ie *.google.com.tw *.google.com.ph *.google.com.au *.google.co.uk *.google.co.th *.google.ch *.linkedin.com *.google.com.mx theeventscalendar.com na.spatime.com cdn.otstatic.com deliciousbrains.com log.pinterest.com *.google.fr *.google.de *.google.com.au *.google.co.uk *.google.co.jp *.google.co.in *.google.ca *.sitescout.com sitescout.com *.basis.net pixel.sitescout.com scatec.io c1.adform.net d1t1qzzb2zwrre.cloudfront.net dbmajt85xhr99.cloudfront.net *.thehotelsnetwork.com *.google.es linkcenter.derbysoftca.com *.clarity.ms *.youtube.com *.properhotel.com *.w.org *.synxis.com newbooking.azds.com linkcenterus.derbysoftca.com dk66958tcpc60.cloudfront.net pixel.sojern.com match.adsrvr.org ib.adnxs.com px.marchex.io *.speedrfp.com *.googletagmanager.com *.cdninstagram.com *.googleapis.com *.gstatic.com *.bing.com *.gravatar.com *.facebook.net *.doubleclick.net *.google-analytics.com *.google.com *.facebook.com; style-src 'self' *.sitescout.com sitescout.com *.basis.net *.thehotelsnetwork.com *.gstatic.com *.otstatic.com newbooking.azds.com *.typekit.net 'unsafe-inline' *.googleapis.com; report-uri https://sphrcl.report-uri.com/r/d/csp/enforce 1
default-src 'self' https://api.mapbox.com; script-src 'report-sample' 'self' https://api.mapbox.com https://connect.facebook.net https://d2iiunr5ws5ch1.cloudfront.net https://vimeo.com https://*.vimeo.com https://*.youtube.com https://sf.unicef.org.au https://unicefaustralia--wit.sandbox.my.site.com https://unicefaustralia--witstaging.sandbox.my.site.com https://unicefaustralia--full.sandbox.my.site.com https://www.bugherd.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://maps.googleapis.com https://www.tfaforms.com https://unicefau.elmotalent.com.au https://embed.typeform.com https://e.infogram.com/ https://c.paypal.com https://www.paypal.com https://tgbwidget.com https://www.googleadservices.com https://s.pinimg.com https://secure.quantserve.com https://*.igodigital.com https://*.hotjar.com https://*.tvsquared.com https://*.yimg.com https://*.ads-twitter.com https://analytics.ads-twitter.com https://analytics.tiktok.com https://googleads.g.doubleclick.net https://rules.quantcount.com https://c1.rfihub.net https://*.rfihub.com https://*.bugherd.com https://*.pusher.com https://d2iiunr5ws5ch1.cloudfront.net https://d2wy8f7a9ursnm.cloudfront.net https://bugherd-attachments.s3.amazonaws.com https://ws.pusherapp.com https://screenshots.bugherd.com https://sdks.shopifycdn.com https://*.getwhichit.com https://www.getwhichit.com https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://pay.google.com https://c5.adalyser.com https://platform.twitter.com https://*.mouseflow.com https://*.googleoptimize.com https://capi.unicef.org.au https://cdnjs.cloudflare.com https://snap.licdn.com https://cdn.jsdelivr.net/ https://bat.bing.com https://www.clarity.ms https://atag.adgile.media https://cdn.mida.so https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://wit-custom.unicef.au https://dev-wit-custom.unicef.au https://www.buzzsprout.com https://code.jquery.com https://static.lightning.force.com https://js.stripe.com https://ct.pinterest.com https://cdn.raisely.com 'unsafe-eval' 'unsafe-inline'; style-src 'report-sample' 'self' 'unsafe-inline' https://d2iiunr5ws5ch1.cloudfront.net https://fonts.googleapis.com https://sf.unicef.org.au https://unicefaustralia--wit.sandbox.my.site.com https://unicefaustralia--witstaging.sandbox.my.site.com https://unicefaustralia--full.sandbox.my.site.com https://www.tfaforms.com https://*.youtube.com https://*.hotjar.com https://tgbwidget.com https://d2iiunr5ws5ch1.cloudfront.net https://optimize.google.com https://wit-custom.unicef.au https://dev-wit-custom.unicef.au https://embed.typeform.com https://www.googletagmanager.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.google.com https://*.google-analytics.com https://api.mapbox.com https://events.mapbox.com https://rn4zthyb0f-dsn.algolia.net https://sf.unicef.org.au https://unicefaustralia--wit.sandbox.my.site.com https://unicefaustralia--witstaging.sandbox.my.site.com https://unicefaustralia--full.sandbox.my.site.com https://*.vimeo.com https://vimeo.com https://*.facebook.net https://*.facebook.com https://www.bugherd.com wss://ws.pusherapp.com https://www.tfaforms.com https://*.doubleclick.net https://pagead2.googlesyndication.com https://*.hotjar.com https://hotjar.com https://*.hotjar.io wss://*.hotjar.com https://tgbwidget.com https://www.paypal.com https://*.pusher.com https://sessions.bugsnag.com https://www.bugherd.com https://bugherd-attachments.s3.amazonaws.com https://ws.pusherapp.com https://screenshots.bugherd.com https://sessions.bugsnag.com https://*.algolianet.com https://s.yimg.com https://ct.pinterest.com https://analytics.tiktok.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://monorail-edge.shopifysvc.com https://unicef-australia-inspired-gifts.myshopify.com https://*.getwhichit.com https://www.getwhichit.com https://maps.googleapis.com https://capi.unicef.org.au https://cdn.linkedin.oribi.io https://shop.unicef.org.au https://*.clarity.ms https://google.com https://pay.google.com https://www.sandbox.paypal.com https://atag.adgile.media https://analytics.pangle-ads.com https://bat.bing.com https://api.howuku.com https://dev.visualwebsiteoptimizer.com https://*.ads.linkedin.com https://api.typeform.com https://www.cloudflare.com https://unicefpv.howatson.co https://datamodeling.unicef.org.au; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://www.bugherd.com https://d2iiunr5ws5ch1.cloudfront.net https://*.hotjar.com https://assets-us-01.kc-usercontent.com; frame-ancestors 'self' https://app.kontent.ai https://unicefaustralia--wit.sandbox.my.site.com https://unicefaustralia--witstaging.sandbox.my.site.com https://lookerstudio.google.com https://shop.unicef.org.au https://admin.shopify.com https://unicef-australia-inspired-gifts.myshopify.com https://online-store-web.shopifyapps.com; frame-src 'self' https://player.vimeo.com https://unicefau.elmotalent.com.au https://*.youtube.com https://*.facebook.com https://*.doubleclick.net https://ct.pinterest.com https://www.google.com https://unicefaustralia.typeform.com https://www.typeform.com https://e.infogram.com https://tgbwidget.com https://c.paypal.com https://www.paypal.com https://*.hotjar.com https://*.rfihub.com https://*.getwhichit.com https://www.getwhichit.com https://form.typeform.com https://platform.twitter.com https://optimize.google.com https://e.issuu.com https://*.bugherd.com https://bugherd.com https://unicefaustralia--wit.sandbox.my.site.com https://unicefaustralia--witstaging.sandbox.my.site.com https://sf.unicef.org.au https://pay.google.com https://www.sandbox.paypal.com https://app.vwo.com https://wit-custom.unicef.au https://dev-wit-custom.unicef.au https://www.buzzsprout.com https://js.stripe.com https://*.raisely.com https://*.unicef.org.au; img-src 'self' data: https://assets-us-01.kc-usercontent.com https://preview-assets-us-01.kc-usercontent.com https://d2iiunr5ws5ch1.cloudfront.net https://*.doubleclick.net https://*.facebook.com https://*.vimeocdn.com https://*.yimg.com https://*.ytimg.com https://ade.googlesyndication.com https://*.hotjar.com https://tgbwidget.com https://*.paypal.com https://b.stats.paypal.com https://www.paypal.com https://d2iiunr5ws5ch1.cloudfront.net https://bugherd-attachments.s3.amazonaws.com https://*.bugherd.com https://*.bugherd.com data: https://pixel.quantserve.com https://pxl.qccerttest.com https://sp.analytics.yahoo.com https://t.co https://*.twitter.com https://*.pinterest.com https://*.tvsquared.com https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://cdn.shopify.com https://*.getwhichit.com https://www.tfaforms.com https://c5.adalyser.com https://picsum.photos https://www.gstatic.com https://www.paypalobjects.com https://px.ads.linkedin.com https://*.shopifycdn.com https://bat.bing.com https://prreqcroab.icu https://*.ads.linkedin.com https://dev.visualwebsiteoptimizer.com https://chart.googleapis.com https://wingify-assets.s3.amazonaws.com https://www.linkedin.com https://c.clarity.ms; manifest-src 'self'; media-src 'self'; report-uri https://631568e523064c2afafa7168.endpoint.csper.io/?v=0; worker-src blob: 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com www1.bodykind.com; base-uri 'self'; object-src 'none' 1
frame-ancestors https://*.contentstack.com 1
frame-ancestors 'self' https://lms.myonlinetraininghub.com; 1
default-src 'self' *.weglot.com *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; media-src 'self' data:; script-src 'nonce-0da5087c-1ff3-4a97-9cf1-8a031f79f336' 'strict-dynamic'  'unsafe-hashes' cdn.weglot.com googleads.g.doubleclick.net www.gstatic.com *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; script-src-elem 'unsafe-inline' https://www.ilevia.fr sdk.privacy-center.org cdn.weglot.com cdn.matomo.cloud googleads.g.doubleclick.net www.gstatic.com cdn.yousign.tech *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; style-src 'self' *.weglot.com sdk.privacy-center.org *.ilevia.fr 'unsafe-inline' *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; connect-src 'self' data: *.ilevia.fr *.weglot.com cdn-api-weglot.com *.insitaction.org sdk.privacy-center.org google.com api.privacy-center.org api.navitia.io api-cus.navitia.io ilevia.matomo.cloud *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net   ; font-src 'self' data: *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; img-src 'self' data: *.weglot.com www.gstatic.com media.ilevia.fr int-media.ilevia.fr pprod-media.ilevia.fr sdk.privacy-center.org upload.wikimedia.org ilost.co www.ilevia.fr purecatamphetamine.github.io cdn.jsdelivr.net *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; worker-src 'self' blob: *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; form-action 'self' ilost.co *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; child-src https://nws-lille.hove.io pnp-ihm-lille-cus.canaltp.fr yousign.app *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; object-src 'self' *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; base-uri 'self' *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net 1
frame-ancestors self memberedelivery.com www.memberedelivery.com 1
frame-ancestors 'self' https://travelpoop.com https://webrezpro.com https://webrez.com https://dev.webrez.com https://secure.webrez.com https://worldweb.com https://webrezpro.com/status; 1
script-src blob: 'unsafe-inline' 'unsafe-eval' 'self' stories.ups.com about.ups.com dev.upsers.ams1907.com stage.upserstwo.com upsers.com www.upsers.com upserstwo.com www.upserstwo.com qa.upsers.ams1907.com beta.upsers.com https://login.microsoftonline.com https://tags.tiqcdn.com https://www.youtube.com https://gallery.sprinklr.com https://smetrics.ups.com https://platform.twitter.com https://www.facebook.com  https://pbs.twimg.com  https://thumb.sprinklr.com https://scontent-iad3-1.xx.fbcdn.net https://visitor-service-us-east-1.tealiumiq.com https://visitor-service-ap-east1.tealiumiq.com https://visitor-service-eu-central-1.tealiumiq.com https://visitor-service-ap-east-1.tealiumiq.com my.tealiumiq.com https://players.brightcove.net https://vjs.zencdn.net https://www.google.com  https://www.gstatic.com mboxedge31.tt.omtrdc.net ups.demdex.net dpm.demdex.net https://fonts.gstatic.com ups.tt.omtrdc.net s.go-mpulse.net https://scripts.demandbase.com https://qmod.quotemedia.com https://www.googletagmanager.com https://snap.licdn.com https://js.adsrvr.org https://www.redditstatic.com https://s7d1.scene7.com https://s7d9.scene7.com https://ups.scene7.com https://upstwo.scene7.com https://googleads.g.doubleclick.net https://connect.facebook.net https://bat.bing.com https://datacloud.tealiumiq.com https://www.recaptcha.net aap-d.parcelpro.com aap-p.parcelpro.com ups.blueconic.net ups-dev.blueconic.net aap-d.parcelpro3.ams1907.com aap-p.parcelpro3.ams1907.com https://api.salemove.com https://libs.salemove.com https://api.glia.com; object-src 'none' 1
frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.brightcove.net *.zencdn.net *.walkme.com www.google-analytics.com *.omtrdc.net cdn.optimizely.com www.googletagmanager.com ssl.google-analytics.com cdn-assets-prod.s3.amazonaws.com analytics.tiktok.com; img-src data: * blob: android-webview-video-poster: android-webview:; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.siteintercept.qualtrics.com www.google.com manifest.prod.boltdns.net *.brightcovecdn.com www.facebook.com *.hsbc.com.ph *.brightcove.com *.googleapis.com *.googletagmanager.com *.dbankcloud.com www.google-analytics.com *.doubleclick.net *.walkme.com *.jquery.com adtonus.com *.omtrdc.net *.demdex.net *.google.com.ph http://127.0.0.1:5000 http://127.0.0.1:5000/* rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk adservice.google.com ad.doubleclick.net cdn-assets-prod.s3.amazonaws.com analytics.tiktok.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com sts-aad.auth.hsbc.com *.demdex.net *.facebook.net *.zscloud.net gateway.zscaler.net gateway.zscalertwo.net analytics.tiktok.com; frame-ancestors 'self' *.hsbc.com.ph; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.jsdelivr.net at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net; object-src 'self' *.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net manifest.prod.boltdns.net *.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report; 1
default-src * 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.globaldatacompany.com api.segment.io cdn.segment.com cliocloudconference.com landing.clio.com www.clio.com bat.bing.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googletagmanager.com *.fontawesome.com stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com analytics.google.com; font-src * data:; frame-src 'self' api.globaldatacompany.com api.segment.io cdn.segment.com cliocloudconference.com landing.clio.com www.clio.com bat.bing.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googletagmanager.com *.fontawesome.com recaptcha.google.com/recaptcha/ td.doubleclick.net; img-src * data: blob:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' api.globaldatacompany.com api.segment.io cdn.segment.com cliocloudconference.com landing.clio.com www.clio.com bat.bing.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googletagmanager.com *.fontawesome.com; report-uri https://5fd7afb447ef7c02ddc12039.endpoint.csper.io 1
default-src 'self'; child-src https://notificacion.incibe-cert.es/; connect-src 'self' https://*.googleusercontent.com https://maps.googleapis.com https://*.flickr.com https://www.google-analytics.com/ https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com data:; frame-src 'self' https://*.incibe.es https://*.osi.es https://antibotnet.osi.es/ https://www.youtube.com https://www.vimeo.com https://*.vimeo.com https://www.google.com https://platform.twitter.com https://www.facebook.com https://syndication.twitter.com https://www.youtube-nocookie.com https://notificacion.incibe-cert.es/ https://player.flipsnack.com/; img-src 'self' https://i.ytimg.com/ https://www.facebook.com https://cdn.syndication.twimg.com https://*.twimg.com https://platform.twitter.com https://maps.gstatic.com https://maps.googleapis.com https://developers.google.com https://*.global.siteimproveanalytics.io https://live.staticflickr.com https://*.google-analytics.com data:; script-src 'self' 'unsafe-inline' https://siteimproveanalytics.com https://www.google.com https://www.gstatic.com https://*.facebook.net https://www.facebook.com https://*.twitter.com https://twitter.com https://*.flickr.com https://www.google-analytics.com https://www.googletagmanager.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://polyfill-fastly.io https://unpkg.com platform.twitter.com; style-src 'self' 'unsafe-inline' https://*.twimg.com https://platform.twitter.com https://fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-elem 'self' 'unsafe-inline' https://platform.twitter.com https://*.twimg.com https://fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self' https://*.incibe.es/ https://proxy.sni-des-publica.sni.dev.incibe.es/ 1
frame-ancestors 'self' https://*.sherweb.com https://*.cumulus.sherweb.com https://billing.rak4cloud.com https://cloud.itpartners.com https://cloudmanagerportal.com https://control.careservtech.com https://control.gocareserv.help https://control.intellam.com https://control.spekcloud.com https://cumulus.ats.avnet.com https://cumulus.checksum.biz https://cumulus.fusenetworks.com https://cumulus.ismgrid.com https://my.cloudportal365.com https://portal.cloudkama.com https://portal.gettechworkz.com https://portal.massiveit.com https://portal.xaas1.com https://productivity.cloudwyze.com https://store.wintellisys.com https://techdata.sherweb.com; 1
default-src 'self' data: https://www.google.com https://googleads.g.doubleclick.net https://dc.services.visualstudio.com https://www.google-analytics.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com https://stats.g.doubleclick.net https://app2.salesmanago.pl https://8519914.fls.doubleclick.net/ https://analytics.tiktok.com https://consentcdn.cookiebot.com https://pagead2.googlesyndication.com https://sentry2.ideo.pl https://trafficscanner.pl https://*.google-analytics.com https://www.blikomania.pl https://www.blikomania.pl https://www.blikomania.pl; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net/ https://static.hotjar.com https://script.hotjar.com https://track.adform.net https://s2.adform.net https://app2.salesmanago.pl https://8519914.fls.doubleclick.net/ https://www.googleadservices.com https://analytics.tiktok.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://pagead2.googlesyndication.com https://trafficscanner.pl https://googleads.g.doubleclick.net https://sentry2.ideo.pl https://google.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://hello.myfonts.net https://use.typekit.net/ https://p.typekit.net/; img-src 'self' 'unsafe-inline' data: https://www.facebook.com https://www.google.com https://www.google.pl https://www.google-analytics.com https://app2.salesmanago.pl https://8519914.fls.doubleclick.net/ https://googleads.g.doubleclick.net https://www.blikomania.pl https://www.blikomania.pl; frame-src 'self' https://onesignal.com https://vars.hotjar.com https://stats.g.doubleclick.net https://8519914.fls.doubleclick.net/ https://consentcdn.cookiebot.com https://sentry2.ideo.pl https://www.google.com; font-src https://fonts.gstatic.com https://localhost:3000 https://use.typekit.net/ https://www.blikomania.pl https://www.blikomania.pl 1
frame-ancestors https://bosbank.pl https://www.bosbank.pl https://wnioski.bosbank.pl/ords/f?p=FORMULARZE_WWW:KONTAKT_1::9 1
frame-ancestors 'self' http://*.sec6.net ; 1
default-src 'none'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'none' 1
connect-src 'self' blob: yastatic.net *.adfox.ru *.yandex.ru *.yandex.net yandex.ru yandex.com *.akamaized.net *.googlevideo.com *.ivi.ru *.mc.yandex.ru *.mds.yandex.net *.mycdn.me *.rutube.ru *.sharethis.com *.sndcdn.com *.strm.yandex.net *.tiktokcdn.com *.tiktokv.com *.vkuser.net avatars.dzeninfra.ru blob: csi.gstatic.com data: fonts.gstatic.com googleads.g.doubleclick.net i.ytimg.com marketingplatform.google.com mc.yandex.md mc.yandex.ru media-k.ntv.ru pagead2.googlesyndication.com skyfire.vimeocdn.com strm.yandex.ru survey.g.doubleclick.net video-preview.s3.yandex.net www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.youtube.com ymetrica1.com ad.adriver.ru wcm.weborama-tech.ru pixel.adlooxtracking.ru bs.serving-sys.ru unidownloader.com univideos.ru;default-src 'self' *.akamaized.net *.googlevideo.com *.ivi.ru *.mc.yandex.ru *.mds.yandex.net *.mycdn.me *.rutube.ru *.sharethis.com *.sndcdn.com *.strm.yandex.net *.tiktokcdn.com *.tiktokv.com *.vkuser.net avatars.dzeninfra.ru blob: csi.gstatic.com data: fonts.gstatic.com googleads.g.doubleclick.net i.ytimg.com marketingplatform.google.com mc.yandex.md mc.yandex.ru media-k.ntv.ru pagead2.googlesyndication.com skyfire.vimeocdn.com strm.yandex.ru survey.g.doubleclick.net video-preview.s3.yandex.net www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.youtube.com ymetrica1.com unidownloader.com univideos.ru;font-src 'self' yastatic.net data: unidownloader.com univideos.ru;frame-ancestors *.webvisor.com metrica.yandex.com.tr metrica.yandex.com metrika.yandex.by metrika.yandex.ru webvisor.com unidownloader.com univideos.ru;frame-src 'self' *.sharethis.com c.sharethis.mgr.consensu.org googleads.g.doubleclick.net mc.yandex.md mc.yandex.ru pagead2.googlesyndication.com survey.unidownloader.com tpc.googlesyndication.com www.google.com www.youtube.com yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru *.adfox.ru udlsetup.ru;img-src 'self' *.rutube.ru *.sharethis.com *.tiktokcdn.com avatars.dzeninfra.ru avatars.mds.yandex.net data: i.mycdn.me i.vimeocdn.com i.ytimg.com i1.sndcdn.com mc.yandex.ru pagead2.googlesyndication.com pic.rutube.ru prismic.stackdeploy.ru unidownloader.cdn.prismic.io www.google-analytics.com www.googletagmanager.com *.yandex.net *.adfox.ru *.yandex.ru yandex.ru yandex.com ad.adriver.ru wcm.weborama-tech.ru pixel.adlooxtracking.ru bs.serving-sys.ru unidownloader.com univideos.ru;media-src yastatic.net *.yandex.net *.yandex.ru *.adfox.ru yandex.ru yandex.com blob: data: *.googlevideo.com *.mycdn.me https://video.twimg.com *.tiktok.com unidownloader.com univideos.ru;object-src data:;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sharethis.com adservice.google.com adservice.google.ru blob: cdn.jsdelivr.net cdnjs.cloudflare.com mc.yandex.ru pagead2.googlesyndication.com partner.googleadservices.com static.cloudflareinsights.com tpc.googlesyndication.com www.google-analytics.com www.google.com www.googletagmanager.com www.googletagservices.com www.gstatic.com www.recaptcha.net www.youtube.com yastatic.net *.yandex.ru *.adfox.ru yandex.ru yandex.com verify.yandex.ru;script-src-elem 'self' 'unsafe-inline' *.sharethis.com adservice.google.com adservice.google.ru application/javascript cdn.jsdelivr.net cdnjs.cloudflare.com data:  mc.yandex.ru pagead2.googlesyndication.com partner.googleadservices.com static.cloudflareinsights.com tpc.googlesyndication.com www.google-analytics.com www.google.com www.googletagmanager.com www.googletagservices.com www.gstatic.com www.recaptcha.net www.youtube.com yastatic.net yandex.ru;style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com yastatic.net *.adfox.ru;upgrade-insecure-requests;base-uri 'self';form-action 'self';script-src-attr 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ https://*.analizy.pl https://*.google.com https://*.google.pl https://*.gstatic.com https://*.twitter.com https://*.twimg.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagservices.com https://*.youtube.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' https: 1
frame-ancestors 'self' https://campaign.interamerican.gr/ https://askme.interamerican.gr/; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://toot.cafe; img-src 'self' https: data: blob: https://toot.cafe; style-src 'self' https://toot.cafe 'nonce-ToqsrK2udTr9iVsZEIAumw=='; media-src 'self' https: data: https://toot.cafe; frame-src 'self' https:; manifest-src 'self' https://toot.cafe; form-action 'self'; child-src 'self' blob: https://toot.cafe; worker-src 'self' blob: https://toot.cafe; connect-src 'self' data: blob: https://toot.cafe https://assets.toot.cafe wss://toot.cafe; script-src 'self' https://toot.cafe 'wasm-unsafe-eval' 1
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.pl https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.pl https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com ;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.pl  https://smetrics.vwfs.pl https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com ;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.pl https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.pl https://smetrics.vwfs.pl https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.pl http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com https://smetrics.vwfs.tools;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net https://nbw.vwfs.pl;            media-src https://www.youtube-nocookie.com 'self' ; 1
frame-ancestors https://tsetscdev.prod.acquia-sites.com/ https://tsetscstage.prod.acquia-sites.com/ https://ecommercdev.tatasteel.online  https://ecommerctst.tatasteel.online  https://ecmc01qa.tatasteel.online  https://ecmc01dev.tatasteel.online https://www.tatasteeleurope.com https://www.tatasteel.online https://ecmc01.tatasteel.online https://ecmc03-p.tatasteel.online https://ecmc03-d.tatasteel.online https://ecmc03-acc.tatasteel.online/ https://ecmc03-t.tatasteel.online/ https://tsedev.prod.acquia-sites.com https://tsestg.prod.acquia-sites.com https://www.beta-tatasteeleurope.com https://cpws01-d.tatasteel.online https://dev.tatasteeleurope.com preprod.tatasteeleurope.com test.tatasteeleurope.com ecmc03-pp.tatasteel.online  https://local.tatacwr.com/CWR/docroot/; report-uri /report-csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com googleads.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.googletagmanager.com unpkg.com  https://www.google.com/recaptcha/api.js https://maps.googleapis.com *.gstatic.com *.googleapis.com *.addthis.com *.addthisedge.com https://apis.google.com/ global.localizecdn.com translate.google.com ajax.aspnetcdn.com https://consint.good.do/; base-uri 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com hello.myfonts.net www.gstatic.com; frame-ancestors 'self'; frame-src 'self' www.youtube.com fonts.googleapis.com *.vimeo.com https://consentcdn.cookiebot.com/ https://www.google.com/ https://consint.good.do/ 1
frame-ancestors 'self' https://play.workadventu.re 1
font-src *; require-sri-for script style; upgrade-insecure-requests 1
img-src *; object-src 'self'; media-src; frame-src *; connect-src 'self' *; report-uri https://pids-front.ssi-test.link/ 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' cdnjs.cloudflare.com 'unsafe-eval' ajax.googleapis.com; style-src 'self' data: 'unsafe-inline' *.fonts.googleapis.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: *.lubuntu.me secure.gravatar.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com 1
frame-ancestors 'self' http://*.paedml-linux.lokal/ https://*.paedml-linux.lokal/ https://*.etracker.com; 1
frame-ancestors 'self' https://dbrand.sanity.studio 1
script-src 'nonce-NA3SPRx8wGYrQa8BbMn8YTAzlpKPhAyPxGwYXS2ORwBLRrOjfTWz1T6eXCs79GyL' 'strict-dynamic' https: 'self'; object-src 'none'; base-uri 'self' 1
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'wasm-unsafe-eval' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; img-src 'self' cache.travelfish.org cache2.travelfish.org cache3.travelfish.org assets.calendly.com data: ; style-src 'self' cache.travelfish.org cache2.travelfish.org cache3.travelfish.org fonts.gstatic.com fonts.googleapis.com use.fontawesome.com assets.calendly.com 'nonce-OThiM2ZlMGNkODUw'; font-src fonts.gstatic.com use.fontawesome.com; script-src 'self' assets.calendly.com cloud.umami.is api-gateway.umami.dev cdnjs.cloudflare.com 'nonce-OThiM2ZlMGNkODUw'; frame-src 'self' calendly.com 'nonce-OThiM2ZlMGNkODUw'; connect-src 'self' api-gateway.umami.dev nasigoreng.travelfish.org 'nonce-OThiM2ZlMGNkODUw'; 1
frame-ancestors 'self' https://login.salesforce.com; upgrade-insecure-requests; report-uri https://sentry.ecedi.net/api/17/security/?sentry_key=223407ba2828481b8199cbd48a4e67f6 1
frame-ancestors www.sjpl.org *.www.sjpl.org sjpl.org *.sjpl.org sjpl.bibliocms.com *.sjpl.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src www.sjpl.org *.www.sjpl.org sjpl.org *.sjpl.org sjpl.bibliocms.com *.sjpl.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com cdn.gtranslate.net 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
frame-ancestors 'self' https://sms.hollandsnieuwe.nl https://vodafoneziggo.portal.mobilewater.nl https://act.ziggo.nl https://act.vodafone.nl; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://freeradical.zone; img-src 'self' https: data: blob: https://freeradical.zone; style-src 'self' https://freeradical.zone 'nonce-sQA/HzG6kkeMLle5D5eUBw=='; media-src 'self' https: data: https://freeradical.zone; frame-src 'self' https:; manifest-src 'self' https://freeradical.zone; form-action 'self'; child-src 'self' blob: https://freeradical.zone; worker-src 'self' blob: https://freeradical.zone; connect-src 'self' data: blob: https://freeradical.zone https://nfts.freeradical.zone wss://freeradical.zone; script-src 'self' https://freeradical.zone 'wasm-unsafe-eval' 1
default-src 'none'; script-src 'self' blob: 'nonce-UJgvsvLPoYbTNTEEYd+ivg==' 'unsafe-inline' 'unsafe-eval' mc.yandex.ru yandex.st yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.yandex-team.ru aflt.market.yandex.ru www.youtube.com *.vimeo.com s.ytimg.com lpc.s3.mdst.yandex.net abt.s3.yandex.net chat.s3.yandex.net *.api-maps.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yandex.com *.yandex.com ya.ru *.ya.ru; style-src 'self' 'unsafe-inline' 'unsafe-eval' yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.s3.yandex.net lpc.s3.mdst.yandex.net yandex.st banners.adfox.ru content.adfox.ru *.ya.ru; font-src 'self' data: yandex.ru an.yandex.ru *.s3.yandex.net yastatic.net yastat.net *.yandex.ru *.ya.ru; img-src * 'self' blob: data: android-webview-video-poster: *.yandex.net *.s3.yandex.net yastatic.net http://lpc.s3.mds.yandex.net http://yastatic.net mc.admetrica.ru avatars-fast.yandex.net favicon.yandex.net *.verify.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net avatars.mds.yandex.net *.yandex.ru *.ya.ru; frame-src 'self' data: yabrowser: turbopages.org *.turbopages.org yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.yandex-team.ru *.video.yandex.ru *.market.yandex.ru www.youtube.com *.vimeo.com embed.megogo.net coub.com awaps.yandex.net yandexadexchange.net *.yandexadexchange.net banners.adfox.ru meyou.ru broadcast.comdi.com datalens.yandex partner.market.yandex.ru go.yandex yango.com yandexteam-my.sharepoint.com *.bookmate.ru bookmate.ru yandex.com yandex.com.tr yandex.com.am yandex.com.ge yandex.md yandex.by yandex.kz yandex.uz yandex.rs *.yandex.com *.yandex.com.tr *.yandex.com.am *.yandex.com.ge *.yandex.md *.yandex.by *.yandex.kz *.yandex.uz *.yandex.rs ya.ru *.ya.ru; media-src * 'self' data: blob: *.video.yandex.ru *.storage.yandex.net *.s3.yandex.net *.cdn.yandex.net yastatic.net *.yandex.net *.strm.yandex.ru yandex.st banners.adfox.ru content.adfox.ru yastat.net yandex.ru *.yandex.ru ya.ru *.ya.ru; connect-src 'self' blob: yandexmetrica.com:* mc.admetrica.ru yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.yandex-team.ru yandex.st milab.s3.yandex.net *.k50.ru *.k50dev.ru openkitchen.media auto.ru yango.com ads.adfox.ru ads6.adfox.ru ya.ru *.ya.ru dev.introvert.bz; form-action https://*; worker-src blob: yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.yandex-team.ru; object-src yastatic.net; report-uri https://csp.yandex.net/csp?from=lp-constructor&project=lp-constructor&yandex_login=undefined&yandexuid=undefined; child-src 'self'; frame-ancestors 'self' webvisor.com http://webvisor.com *.mtproxy.yandex.net www.kinopoisk.ru *.yandex-team.ru n.maps.yandex.ru yandex.ru yandex.com yandex.com.tr yandex.com.am yandex.com.ge yandex.md yandex.by yandex.kz yandex.uz yandex.net yandex.rs *.yandex.ru *.yandex.ru:* *.yandex.com:* *.yandex.com.tr:* *.yandex.com.am *.yandex.com.ge *.yandex.md *.yandex.by *.yandex.kz *.yandex.uz *.yandex.net *.yandex.rs ya.ru *.ya.ru; 1
report-to 'self' ; child-src 'self'  'unsafe-inline' self; connect-src 'self'  'unsafe-inline' self *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.github.io  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' self; font-src 'self'  'unsafe-inline'  self *.gstatic.com *.bootstrapcdn.com data: fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com *.gstatic.com *.bootstrapcdn.com ; form-action 'self' ; frame-src 'self'  'unsafe-inline'  self *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com www.youtube.com esg.churchgatepartners.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self'  'unsafe-inline' self *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: ts.w.org s.w.org ps.w.org cdnjs.cloudflare.com www.abfrl.com  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self'  s.w.org; object-src 'self' ; script-src 'self'  'unsafe-inline' self *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com kenwheeler.github.io cdn.datatables.net js.stripe.com www.abfrl.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline' self *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.datatables.net js.stripe.com www.abfrl.com kenwheeler.github.io  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self' ; style-src 'self'  'unsafe-inline' self *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com datatables.net fonts.bunny.net maxcdn.bootstrapcdn.com www.abfrl.com  *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline' self *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com datatables.net fonts.bunny.net maxcdn.bootstrapcdn.com www.abfrl.com  *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline' ; worker-src 'self'  'unsafe-inline'  blob:; 1
default-src 'self' 'unsafe-inline' https://fonts.gstatic.com/ https://ekr.zdassets.com/ wss://widget-mediator.zopim.com/ https://v2.zopim.com/ data:; object-src 'self' https://www.youtube.com/; img-src 'self' https://fonts.gstatic.com/ https://www.stormware.cz/ http://www.mojepohoda.cz/ https://ssl.google-analytics.com/ https://www.adobe.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://v2.zopim.com https://www.google.com https://www.google-analytics.com https://www.google.cz https://i.ytimg.com https://stormware.bot.artin.cz https://c.seznam.cz https://stats.g.doubleclick.net https://www.facebook.com https://*.clarity.ms https://*.bing.com https://www.googletagmanager.com data:; child-src https://www.youtube.com https://www.instagram.com https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://www.googletagmanager.com/; media-src 'self' https://stormware.bot.artin.cz/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/ https://s.ytimg.com/ https://ssl.google-analytics.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://code.createjs.com/ https://maps.googleapis.com/ https://v2.zopim.com/ https://static.zdassets.com/ https://ekr.zdassets.com/ https://widget-mediator.zopim.com https://www.instagram.com https://www.googletagmanager.com https://www.google-analytics.com https://stormware.bot.artin.cz https://*.seznam.cz  https://connect.facebook.net https://*.clarity.ms; connect-src 'self' https://*.googlesyndication.com https://*.googleapis.com https://*.google-analytics.com wss://stormware.bot.artin.cz/ https://stormware.bot.artin.cz/ https://*.clarity.ms https://stats.g.doubleclick.net; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/; frame-src https://www.facebook.com/ 'self' https://*.doubleclick.net https://www.youtube.com https://www.instagram.com https://www.youtube-nocookie.com https://youtu.be/ 1
default-src 'self' *.nrw.de;    script-src  'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net;    style-src   'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net;    font-src data: *;    img-src  data: *;    frame-ancestors 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com www.youtube-nocookie.com *.youtube.com *.youtu.be ytchannelembed.com;    worker-src  'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de;    frame-src   'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com www.youtube-nocookie.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de *.menschen-im-sinn.justiz.nrw;    object-src  'self';    connect-src 'self' *.nrw.de svc.webspellchecker.net;    media-src data: *; upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: *.adbutler-luxon.com adbutler-fermion.com static.addtoany.com *.adobedtm.com *.ads-twitter.com *.adsrvr.org p.adsymptotic.com *.bamboohr.com bat.bing.com maxcdn.bootstrapcdn.com tags.bluekai.com capwiz.com *.cdc.gov grow.clearbitjs.com *.cmgdigital.com www.cms.gov cqrcengage.com *.crwdcntrl.net tma.custhelp.com dpm.demedex.net www.domain-of-replacement.com *.doubleclick.net *.facebook.com *.facebook.net *.feedburner.com gis.fema.gov apgb2b-reachcodeandproxy.gannettdigital.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com fusiontables.googleusercontent.com *.gstatic.com data.healthcare.gov oig.hhs.gov hootsuite.com *.hs-analytics.net *.hs-banner.com js.hsadspixel.net js.hscollectedforms.net *.hsforms.com *.hsforms.net *.hs-scripts.com api.hubapi.com *.hubspot.com rocket.nwood-kensett.k12.ia.us *.infogram.com *.informz.net *.jeffersoncms.org kff.org cdn.jsdelivr.net beacon.krxd.net snap.licdn.com px.ads.linkedin.com *.livestream.com *.marchex.io tag.marinsm.com pixel.mathtag.com texmed.medbuzz.com www.ncbi.nlm.nih.gov *.nnihcm.org block.opendns.com cdn.linkedin.oribi.io centro.pixel.ad clickserv.pixel.ad www.paypalobjects.com www.podbean.com www.powr.io *.poll-maker.com pixel-geo.prfct.co ql.tc *.qualtrics.com *.quantcount.com *.quantserve.com www.reachlocallivechat.com capture-api.reachlocalservices.com *.rlets.com rcod.rtrk.com www.rumiview.com *.scribd.com uip.semasio.net servedbyadbutler.com *.serving-sys.com *.sharethis.com i.simpli.fi tag.simpli.fi um.simpli.fi clickserv.sitescout.com pixel.sitescout.com *.slideshare.net public.slidesharecdn.com open.spotify.com storify.com t.co *.tapad.com *.tcms.com *.teletownhall.us *.texmed.org eu.thinkingchat.com reachlocal.thinkingchat.com cdn.tinymce.com *.tmait.org *.twimg.com *.twitter.com *.vimeo.com *.votervoice.net *.wakelet.com *.wufoo.com *.youtube.com *.yudu.com *.hscollectedforms.net 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.gstatic.com *.onetrust.com; img-src * data: ; font-src 'self' data: privacyportal-cdn.onetrust.com; connect-src *; object-src 'none'; child-src *.usatoday.com *.themuse.com *.dayforcehcm.com *.office.com *.google.com *.youtube.com *.gannett.com *.formstack.com *.gstatic.com *.app.com *.onetrust.com; frame-ancestors *; upgrade-insecure-requests; sandbox allow-forms allow-modals allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox; base-uri 'self'; report-uri https://reporting-api.gannettinnovation.com; report-to default 1
script-src-attr 'self' data: 'self'; frame-src 'self' data: *.facebook.com *.visualwebsiteoptimizer.com *.google.com *.scukcalculator.co.uk *.service-plan.co.uk *.doubleclick.net *.stoneacre.co.uk *.youtube.com; font-src 'self' data: assets.stoneacre.co.uk fonts.gstatic.com www.stoneacre.co.uk cdn.smooch.io ; img-src 'self' data: *.adswizz.com *.youtube.com *.ytimg.com w3.org/svg/2000 www.w3.org/2000/svg assets.stoneacre.co.uk *.stoneacremotorgroup.co.uk storage.googleapis.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com cdn.smooch.io bat.bing.com www.facebook.com www.google.co.uk www.google.com r3eu01.visualwebsiteoptimizer.com services.web1on1.com www.google.nl cdn.web1on1.chat r1eu01.visualwebsiteoptimizer.com analytics.tiktok.com www.googletagmanager.com www.google.ge maps.googleapis.com r2eu01.visualwebsiteoptimizer.com ; default-src 'self' ; script-src-elem 'self' *.googlesyndication.com assets.stoneacre.co.uk 'unsafe-inline' *.scukcalculator.co.uk *.youtube.com analytics.tiktok.com static.websites.data-crypt.com www.google-analytics.com maps.googleapis.com connect.facebook.net script.infinity-tracking.com bat.bing.com *.googleadservices.com www.googletagmanager.com cdn.smooch.io cdn.web1on1.chat dev.visualwebsiteoptimizer.com api.eu-1.smooch.io googleads.g.doubleclick.net pixel.byspotify.com cdn.veritonic.com *.google.com *.gstatic.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' assets.stoneacre.co.uk fonts.googleapis.com cdn.smooch.io; script-src 'unsafe-eval' assets.stoneacre.co.uk *.veritonic.com; connect-src 'self' *.google-analytics.com *.googlesyndication.com *.data-crypt.com *.veritonicmetrics.com analytics.tiktok.com region1.analytics.google.com analytics.google.com bat.bing.com activity-websites.data-crypt.com static.websites.data-crypt.com web.lon.infinity-tracking.com dev.visualwebsiteoptimizer.com ict.infinity-tracking.net europe-west2-cs-microservices.cloudfunctions.net o358390.ingest.sentry.io www.facebook.com *.spotify.com *.byspotify.com www.google.co.uk google.com *.google.com cdn.web1on1.chat nas.lon.infinity-tracking.com *.g.doubleclick.net *.doubleclick.net api.ipify.org adservice.google.com maps.googleapis.com r3eu01.visualwebsiteoptimizer.com cdn.smooch.io api.eu-1.smooch.io 64f844a44da51f4c76e47c7f.config.eu-1.smooch.io *.config.eu-1.smooch.io 64f844a44da51f4c76e47c7f.config.smooch.io r2eu01.visualwebsiteoptimizer.com 64f844a442d1d82966ca44ec.webloader.smooch.io r1eu01.visualwebsiteoptimizer.com; worker-src 'self' blob: ;  object-src; 1
frame-ancestors 'none'; default-src 'self'; img-src 'self' data: https://*.atani.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws; script-src 'self' 'unsafe-inline' https://*.atani.com https://*.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.atani.com; font-src 'self' https://*.atani.com https://fonts.gstatic.com; connect-src 'self' https://*.atani.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net; object-src 'none'; frame-src https://www.youtube.com; 1
img-src data: 'self' blob: *;style-src stackpath.bootstrapcdn.com 'unsafe-inline' *.teamretro.com fonts.googleapis.com beacon-v2.helpscout.net djtflbt20bdde.cloudfront.net style.helpscout.com static.teamretro.com;connect-src 'self' blob: data: *;media-src assets.teamretro.com 'self' *.teamretro.com beacon-v2.helpscout.net static.teamretro.com;child-src *.paypal.com assets.braintreegateway.com;frame-src *;script-src js.braintreegateway.com assets.braintreegateway.com *.paypal.com songbird.cardinalcommerce.com 'self' 'unsafe-eval' 'report-sample' cdnjs.cloudflare.com *.teamretro.com beacon-v2.helpscout.net d12wqas9hcki3z.cloudfront.net d33v4339jhl8k0.cloudfront.net plausible.io *.pusher.com assets.rollbar.com cdn.rollbar.com static.teamretro.com 'nonce-96e5bfb6-12c4-442e-a7f4-18abea8c543c';default-src data: *;frame-ancestors 'none';form-action 'self' *;report-uri https://groupmap.report-uri.com/r/d/csp/enforce;object-src *.teamretro.com;font-src data: fonts.gstatic.com static.teamretro.com;base-uri 'self';script-src-attr 'none';upgrade-insecure-requests 1
default-src https:;style-src https: 'unsafe-inline';script-src 'self' about: https: http: 'unsafe-inline' 'unsafe-eval' data: 'report-sample';script-src-elem 'self' about: https: http: 'unsafe-inline' 'unsafe-eval' data: 'report-sample';font-src https: http: 'unsafe-inline' data: ;img-src https: http: data: blob: ; media-src https: http: data: blob:  1
default-src 'self';    child-src 'self' www.youtube.com www.youtube-nocookie.com blob:;    connect-src 'self' apps.hagaziekenhuis.nl nominatim.openstreetmap.org/search;    font-src 'self' data:;    img-src 'self' data: blob: i.ytimg.com img.youtube.com *.tile.openstreetmap.org;    media-src 'self';    object-src 'none';    script-src 'self' 'unsafe-inline' 'unsafe-eval';    style-src 'self' 'unsafe-inline' data:;    base-uri 'self';    form-action 'self';    frame-ancestors 'self' file://*;    report-uri /csp-report;    upgrade-insecure-requests;  1
frame-ancestors support.unionepro.ru 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: api.corporateshowcase.com *.irasia.com *.addthis.com; connect-src 'self' *.addthis.com; frame-src 'self' *.irasia.com *.aastocks.com *.addthis.com; frame-ancestors 'self'; font-src 'self'; media-src 'self' ; object-src 'none'; manifest-src 'none'; prefetch-src 'none'; form-action 'self'; 1
frame-ancestors *.mailslurp.com; default-src 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.mailslurp.biz *.mailslurp.com *.mailslurp.dev *.mailslurp.link *.ingest.sentry.io https://app-static.eu.posthog.com *.posthog.com plausible.io *.plausible.io *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.googletagmanager.com *.hsforms.net *.hsforms.com *.hubspot.com *.hubspot.net *.redditstatic.com *.licdn.com https://www.youtube.com static.hsappstatic.net https://scripts.simpleanalyticscdn.com https://queue.simpleanalyticscdn.com https://simpleanalyticsbadges.com wss://hubspot-realtime.ably.io *.usemessages.com https://typesense.mailslurp.biz https://www.youtube-nocookie.com https://*.cookie-script.com/ https://www.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://*.google.com; script-src-elem 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.mailslurp.biz *.mailslurp.com *.mailslurp.dev *.mailslurp.link *.ingest.sentry.io https://app-static.eu.posthog.com *.posthog.com plausible.io *.plausible.io *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.googletagmanager.com *.hsforms.net *.hsforms.com *.hubspot.com *.hubspot.net *.redditstatic.com *.licdn.com https://www.youtube.com static.hsappstatic.net https://scripts.simpleanalyticscdn.com https://queue.simpleanalyticscdn.com https://simpleanalyticsbadges.com wss://hubspot-realtime.ably.io *.usemessages.com https://typesense.mailslurp.biz https://www.youtube-nocookie.com https://*.cookie-script.com/ https://www.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://*.google.com; object-src 'none'; font-src 'self' fonts.gstatic.com fonts.googleapis.com; style-src blob: 'unsafe-inline' 'self' fonts.gstatic.com fonts.googleapis.com unpkg.com; connect-src *.amazonaws.com *.mailslurp.biz *.mailslurp.com *.mailslurp.dev *.mailslurp.link *.ingest.sentry.io https://app-static.eu.posthog.com *.posthog.com plausible.io *.plausible.io *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.googletagmanager.com *.hsforms.net *.hsforms.com *.hubspot.com *.hubspot.net *.redditstatic.com *.licdn.com https://www.youtube.com static.hsappstatic.net https://scripts.simpleanalyticscdn.com https://queue.simpleanalyticscdn.com https://simpleanalyticsbadges.com wss://hubspot-realtime.ably.io *.usemessages.com https://typesense.mailslurp.biz https://www.youtube-nocookie.com https://*.cookie-script.com/ https://www.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://*.google.com; style-src-elem 'self' 'unsafe-inline' unpkg.com fonts.gstatic.com fonts.googleapis.com https://app-static.eu.posthost.com blob:; img-src https://* 'self' data: *.amazonaws.com *.mailslurp.biz *.mailslurp.com *.mailslurp.dev *.mailslurp.link *.ingest.sentry.io https://app-static.eu.posthog.com *.posthog.com plausible.io *.plausible.io *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.googletagmanager.com *.hsforms.net *.hsforms.com *.hubspot.com *.hubspot.net *.redditstatic.com *.licdn.com https://www.youtube.com static.hsappstatic.net https://scripts.simpleanalyticscdn.com https://queue.simpleanalyticscdn.com https://simpleanalyticsbadges.com wss://hubspot-realtime.ably.io *.usemessages.com https://typesense.mailslurp.biz https://www.youtube-nocookie.com https://*.cookie-script.com/ https://www.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://*.google.com; worker-src blob: *.mailslurp.com 1
script-src 'self' *.kirjastot.fi *.cookiehub.net cookiehub.net cookiehub.com *.cookiehub.com gfx.kirjastot.fi plausible.io *.reactandshare.com 'sha256-iGVnd+rCgxQLnoM8DIuXVnxBa2mI33NMERpbtUkSVPc=' 'sha256-0mrNGIYMWIceAEUl5dyz0JztNfw+G2//EqERhq2uGWA=' 'sha256-wXbHY7Db1wmXNcghacxZzBaV2ck7e/RAjXIBRgtTb18=' 'sha256-r/uisynRJD3HZpC16hOJtQyOgFj7bhWsLCl4pL/xv2E=' 'sha256-ZrT99Ut4KOG6m3SUaPhBHEd9kqjIUrXafTVoPhMirBo=';  frame-src 'self' gfx.kirjastot.fi; 1
default-src https://www.prioritycolo.com https://mrtg.prioritycolo.com https://api.na.bambora.com https://api.paypal.com https://www.google.com https://www.gstatic.com 'unsafe-inline'; 1
default-src 'self'; child-src *; frame-src *; img-src * data:; media-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; 1
https://www.googletagmanager.com; 1
default-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; connect-src 'self' https://analytics.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://www.gstatic.com https://yastatic.net https://yandex.ru https://*.yandex.ru https://*.yandex.com https://mc.yandex.md; frame-src 'self' https://yandex.ru https://mc.yandex.ru www.google.com/recaptcha/ https://www.youtube.com https://www.googletagmanager.com https://mc.yandex.ru; frame-ancestors 'self' https://www.kartoteka.ru; child-src 'self' https://www.google.com https://mc.yandex.ru; font-src 'self' https: data:; img-src 'self' https: data:; style-src 'self' 'unsafe-inline'; form-action 'self' https://www.kartoteka.ru https://secure.payler.com; manifest-src 'self' https://www.nalog.ru; report-uri https://csp.vestnik-gosreg.ru/; 1
default-src 'self'; style-src 'self' 'unsafe-inline' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://static.flockler.com https://*.mailchimp.com https://*.gstatic.com https://*.googleapis.com https://cdn.jsdelivr.net https://*.onlim.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://static.flockler.com https://fl-cdn.scdn1.secure.raxcdn.com https://embed-cdn.flockler.com https://flockler.embed.codes https://plugins.flockler.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://cdn.jsdelivr.net https://*.onlim.com; font-src 'self' data: http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://fonts.gstatic.com https://*.onlim.com; img-src 'self' 'unsafe-inline' https://* http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://flockler.com https://*.rackcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.googleapis.com data: https://*.gstatic.com https://*.google.com https://secure.gravatar.com https://*.onlim.com; frame-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://*.spotify.com https://archiv.yourvideo.tv https://sn.kavedo.com https://smartslider3.com https://www.yumpu.com https://www.fitsportaustria.at https://board.fitsportaustria.at https://player.vimeo.com https://www.youtube.com https://www.google.com https://www.youtube-nocookie.com https://*.onlim.com; connect-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at wss://*.onlim.com https://*.googleapis.com https://stats.g.doubleclick.net https://yoast.com https://*.google-analytics.com https://*.onlim.com; media-src https://*; worker-src blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com ajax.googleapis.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.youtube.com *.ytimg.com bat.bing.com cdn.ywxi.net seal.websecurity.norton.com www.googletagmanager.com secure-ds.serving-sys.com bs.serving-sys.com use.fontawesome.com maxcdn.icons8.com cdnjs.cloudflare.com *.braintreegateway.com *.paypal.com *.paypalobjects.com connect.facebook.net *.g.doubleclick.net *.amazonaws.com *.mcafeesecure.com *.olark.com cc.cdn.civiccomputing.com *.trustedsite.com *.matomo.cloud *.app-us1.com trackcmp.net cdn-web.vtp-media.com web.vtp-media.com diffuser-cdn.app-us1.com prism.app-us1.com *.zohopublic.com *.zohostatic.com *.zohocdn.com salesiq.zoho.com;frame-ancestors 'self' https://leapfrogbabycare.com 1
default-src 'self'; script-src 'unsafe-inline' 'self' maps.googleapis.com maps.google.com *.itzbund.de *.spotify.com; style-src 'unsafe-inline' 'self' maps.gstatic.com *.googleapis.com *.ggpht.com *.spotify.com; img-src data: blob: 'self' a.tile.openstreetmap.de maps.gstatic.com *.googleapis.com *.ggpht.com maps.google.com *.spotify.com; font-src 'self' fonts.gstatic.com *.googleapis.com *.ggpht.com *.spotify.com; frame-src 'self' *.youtube-nocookie.com *.vimeo.com *.blitzvideoserver.de intocities.com maps.gstatic.com *.googleapis.com *.ggpht.com *.spotify.com; connect-src 'self' *.googleapis.com *.itzbund.de *.spotify.com 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com https://www.shoplooks.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://*.contentsquare.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.facialco.com.au https://m.facialco.com.au https://checkout.facialco.com.au https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://cupoftea.social; img-src 'self' data: blob: https://cupoftea.social https://cdn.cupoftea.social; style-src 'self' https://cupoftea.social 'nonce-CLSEHBuF9Kfhlnlg6gMFzQ=='; media-src 'self' data: https://cupoftea.social https://cdn.cupoftea.social; frame-src 'self' https:; manifest-src 'self' https://cupoftea.social; form-action 'self'; child-src 'self' blob: https://cupoftea.social; worker-src 'self' blob: https://cupoftea.social; connect-src 'self' data: blob: https://cupoftea.social https://cdn.cupoftea.social wss://cupoftea.social; script-src 'self' https://cupoftea.social 'wasm-unsafe-eval' 1
default-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self' sandbox.flo2cash.com secure.flo2cash.co.nz flo2cash.ng.grv.nz; frame-ancestors 'self' tally.so forms.spca.nz; font-src 'self' fonts.gstatic.com data:; img-src 'self' maps.googleapis.com googleapis.com maps.gstatic.com www.google-analytics.com www.googletagmanager.com www.google.com www.google.co.nz developers.google.com data: *.crazyegg.com www.facebook.com tally.so forms.spca.nz *.visualwebsiteoptimizer.com app.vwo.com chart.googleapis.com; script-src 'self' https: 'unsafe-inline' 'strict-dynamic' *.visualwebsiteoptimizer.com app.vwo.com 'nonce-OI8PzgpZHaMDCcDOW7wQOE8/pFEx8fuaLKXoEIscaNU='; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.googletagmanager.com www.google.com sandbox.flo2cash.com secure.flo2cash.co.nz connect.facebook.net www.facebook.com *.visualwebsiteoptimizer.com app.vwo.com tally.so forms.spca.nz; connect-src 'self' wt.engage.ubiquity.co.nz wt-production.servicebus.windows.net www.google-analytics.com ajax.googleapis.com sandbox.flo2cash.com secure.flo2cash.co.nz *.crazyegg.com stats.g.doubleclick.net connect.facebook.net www.facebook.com maps.googleapis.com graph.facebook.com api.raygun.io *.visualwebsiteoptimizer.com app.vwo.com; worker-src 'self' blob:; child-src 'self' blob:; upgrade-insecure-requests ; report-uri https://gravitatenz.report-uri.com/r/d/csp/enforce; 1
default-src 'self' https://*.sofi.com  https://a.clarity.ms https://b.clarity.ms https://c.clarity.ms https://d.clarity.ms https://e.clarity.ms https://f.clarity.ms https://g.clarity.ms https://h.clarity.ms https://i.clarity.ms https://j.clarity.ms https://k.clarity.ms https://l.clarity.ms https://m.clarity.ms https://n.clarity.ms https://o.clarity.ms https://p.clarity.ms https://q.clarity.ms https://r.clarity.ms https://s.clarity.ms https://t.clarity.ms https://u.clarity.ms https://v.clarity.ms https://w.clarity.ms https://x.clarity.ms https://y.clarity.ms https://z.clarity.ms https://*.clarity.ms https://c.bing.com; script-src https: data: 'unsafe-inline' 'unsafe-eval' https://www.sofi.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://forms.hsforms.com/ https://*.audioeye.com; connect-src 'self'  https://pagead2.googlesyndication.com https://maps.googleapis.com https://www.google-analytics.com https://analytics.google.com https://ssl.google-analytics.com https://www.google.com/ccm/collect https://www.google.com/ads/ga-audiences/ https://www.google.com/pagead/ https://adservice.google.com/pagead/ https://www.googletagmanager.com https://ampcid.google.com https://ampcid.google.ca https://stats.g.doubleclick.net https://*.doubleclick.net https://bat.bing.com https://t.co/i/adsct https://analytics.twitter.com https://s.yimg.com/wi/ https://sp.analytics.yahoo.com https://static.ads-twitter.com https://www.facebook.com/tr/ https://www.redditstatic.com/ads/ https://c.conversionlogic.net/track/event/v2/sofi https://api.rollbar.com https://report.sofi.glassboxdigital.io https://sdk.iad-03.braze.com https://sdk.iad-03.appboy.com https://jssdks.mparticle.com https://identity.mparticle.com https://*.sofi.com https://*.datadoghq.com https://rum.browser-intake-datadoghq.com https://cdn.cookielaw.org https://geolocation.onetrust.com/cookieconsentpub/ https://logx.optimizely.com https://errors.client.optimizely.com https://rum.optimizely.com https://analytics.tiktok.com/api/ https://api2.branch.io wss://*.glance.net https://*.glance.net https://d32ijn7u0aqfv4.cloudfront.net https://d3331otr86r7j1.cloudfront.net https://tags.srv.stackadapt.com https://*.audioeye.com https://us-central1-adaptive-growth.cloudfunctions.net https://ct.pinterest.com https://cta-service-cms2.hubspot.com https://csmetrics.hotjar.com https://in.hotjar.com https://vc.hotjar.io https://tr.snapchat.com https://track.contently.com https://translate.googleapis.com https://*.analytics.google.com https://ampcid.google.lt https://*.crazyegg.com https://cdn.linkedin.oribi.io https://stats.addtoany.com https://api.socialsolutionapp.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://privacyportal.onetrust.com https://rts.persado.com https://tapi.optimizely.com https://amplify.review-alerts.com/ https://api.ipify.org https://api.typeform.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://forms.hsforms.com/ https://*.reddit.com https://tr6.snapchat.com https://www.googleadservices.com https://*.linkedin.com https://a.clarity.ms https://b.clarity.ms https://c.clarity.ms https://d.clarity.ms https://e.clarity.ms https://f.clarity.ms https://g.clarity.ms https://h.clarity.ms https://i.clarity.ms https://j.clarity.ms https://k.clarity.ms https://l.clarity.ms https://m.clarity.ms https://n.clarity.ms https://o.clarity.ms https://p.clarity.ms https://q.clarity.ms https://r.clarity.ms https://s.clarity.ms https://t.clarity.ms https://u.clarity.ms https://v.clarity.ms https://w.clarity.ms https://x.clarity.ms https://y.clarity.ms https://z.clarity.ms https://*.clarity.ms https://c.bing.com; style-src 'self' https://*.sofi.com  'unsafe-inline' https://use.fontawesome.com https://www.glancecdn.net https://d32ijn7u0aqfv4.cloudfront.net https://s3.amazonaws.com/glancecdn/ https://tags.srv.stackadapt.com https://cdnjs.cloudflare.com https://embed.typeform.com https://optimize.google.com https://fonts.googleapis.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://forms.hsforms.com/ https://*.audioeye.com https://cdn.honey.io; img-src 'self' https: data: https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://forms.hsforms.com/; font-src 'self' data: https://s3-us-west-2.amazonaws.com/sofi-wordpress-prod/fonts/ https://d32ijn7u0aqfv4.cloudfront.net https://use.fontawesome.com https://fonts.gstatic.com https://*.audioeye.com https://zip.co/static-assets/fonts/ https://cdn.jsdelivr.net https://forms.hsforms.com/; frame-ancestors 'self' *.w3schools.com; object-src 'none'; child-src blob: https://*.sofi.com  https://form.typeform.com https://forms.hsforms.com/ https://*.cdn.optimizely.com; media-src data: https://*.sofi.com  https://d32ijn7u0aqfv4.cloudfront.net; frame-src 'self' https://app.calconic.com/ https://6375438.fls.doubleclick.net https://td.doubleclick.net https://*.sofi.com https://*.sofiatwork.com https://*.online-metrix.net https://di.rlcdn.com https://www.youtube.com https://ct.pinterest.com https://www.facebook.com https://*.audioeye.com https://a10819474327.cdn.optimizely.com https://assets.contently.com https://tpc.googlesyndication.com https://tr.snapchat.com https://vars.hotjar.com https://static.addtoany.com https://boards.greenhouse.io https://pixel.mathtag.com https://d32ijn7u0aqfv4.cloudfront.net https://www.slideshare.net https://filter.techloq.com https://go.pardot.com https://platform.twitter.com https://mozbar.moz.com https://v3.inviteeducation.com https://form.typeform.com https://optimize.google.com https://*.mykukun.com/ https://widget.trustpilot.com/ https://*.visualwebsiteoptimizer.com https://app.vwo.com https://forms.hsforms.com/ https://allpoint.locatorsearch.net/; worker-src blob: https://*.sofi.com  https://*.visualwebsiteoptimizer.com https://app.vwo.com 1
worker-src * 'self' 'unsafe-inline' blob:; script-src-elem * 'unsafe-inline' data:; font-src 'self' 'unsafe-inline' https://*.com data:; img-src 'self' data: https: 1
base-uri 'self' https://optimize.google.com; default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.doubleclick.net *.googleadservices.com *.linkedin.com *.facebook.com *.facebook.net *.google.com https://www.google.com https://websdk.appsflyer.com www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://pubads.g.doubleclick.net *.criteo.net *.criteo.com ajax.cloudflare.com analytics.tiktok.com bat.bing.com *.clarity.ms *.amazon-adsystem.com https://s.pinimg.com/ct/core.js https://www.clarity.ms/tag/; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.googleadservices.com *.doubleclick.net *.c6bank.com.br *.googletagmanager.com https://websdk.appsflyer.com https://www.clarity.ms/tag/; font-src 'self' data: *.gstatic.com *.c6bank.com.br; object-src 'none'; form-action 'self'; img-src 'self' data: *; report-uri /api/csp 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.facebook.com https://facebook.net https://*.facebook.net https://*.snapchat.com https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.com https://accounts.google.com/gsi/ https://*.mrbit.ro *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com s4vds4.ujad65dsai.com asdaerq.dapmaptuns.com *.checkout.com *.browser-intake-datadoghq.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://app.vwo.com https://*.mrbit.ro; frame-src 'self' bankid://* https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://*.zignsec.com https://*.trustly.com https://*.regily.com https://*.sumsub.com https://*.biahosted.com https://*.aitcloud.de https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.ro https://* paymentpage.ecommpay.com asdaerq.dapmaptuns.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.gstatic.com https://recaptcha.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://*.snapchat.com https://snapchat.com https://sc-static.net https://*.facebook.com https://facebook.net https://*.facebook.net https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.com https://accounts.google.com/gsi/client https://*.mrbit.ro *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com asdaerq.dapmaptuns.com *.checkout.com 'nonce-dH7R4vOHYWWKOipJuCWok2w2aWnH4+siQXgK56LcNYg=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://accounts.google.com/gsi/style https://*.mrbit.ro *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com fasd63.illongrlong.com s4vds4.ujad65dsai.com asdaerq.dapmaptuns.com; worker-src 'self' blob:; report-uri https://mrbit.ro/sentry/api/41/csp-report/?sentry_key=38bd9ad353b94f1a8143ea227d160767 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' *; frame-ancestors 'self' https: https://paynow.pmnts-sandbox.io https://paynow.pmnts.io; 1
script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/LabsTailwindMarketing/cspreport/allowlist 1
default-src 'none'; connect-src https: https://*.tawk.to wss://*.tawk.to https://tawk.to; font-src 'self' https: https://fonts.gstatic.com https://static-v.tawk.to https://embed.tawk.to; frame-src 'self' https: https://va.tawk.to; img-src 'self' https: https://static-v.tawk.to; media-src 'self' https://static-v.tawk.to https://player.vimeo.com https://download-video.akamaized.net https://vod-progressive.akamaized.net; object-src 'none'; script-src 'self' https: data: 'report-sample' 'unsafe-eval' 'unsafe-inline'  https://embed.tawk.to https://static-v.tawk.to; style-src 'self' https: https://embed.tawk.to 'unsafe-inline'; worker-src 'none'; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-cqMRL9Uoopl/ypB4OLp80Q=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self' https://cms.nystrs.org/ https://nystrs-live.ae-admin.com/  https://www.nystrs.org/ https://fonts.googleapis.com  https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://www.youtube.com/ https://view.genially.com/ https://www.google-analytics.com/ https://reports.hrmdirect.com https://nystrs.hrmdirect.com; style-src 'self' 'unsafe-inline' https://cms.nystrs.org/ https://nystrs-live.ae-admin.com/ https://www.nystrs.org/ https://fonts.googleapis.com https://fonts.gstatic.com https://www.youtube.com/ https://view.genially.com/ https://reports.hrmdirect.com https://nystrs.hrmdirect.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cms.nystrs.org/ https://nystrs-live.ae-admin.com/ https://www.nystrs.org/ https://www.youtube.com/  https://view.genially.com/ https://reports.hrmdirect.com https://nystrs.hrmdirect.com https://maps.googleapis.com https://www.google.com/ https://www.gstatic.com/ https://www.google-analytics.com/ https://www.googletagmanager.com; child-src https://cms.nystrs.org/ https://nystrs-live.ae-admin.com/ https://www.nystrs.org/  https://www.youtube.com/ https://view.genially.com/ https://reports.hrmdirect.com https://nystrs.hrmdirect.com; frame-src https://cms.nystrs.org/ https://nystrs-live.ae-admin.com/ https://www.nystrs.org/ https://www.youtube.com/ https://www.google.com/ https://view.genially.com/ https://reports.hrmdirect.com https://nystrs.hrmdirect.com; frame-ancestors https://cms.nystrs.org/ https://nystrs-live.ae-admin.com/ https://www.nystrs.org/ https://www.youtube.com/ https://view.genially.com/ https://reports.hrmdirect.com https://nystrs.hrmdirect.com; img-src 'self' 'unsafe-eval' * data:; 1
frame-ancestors 'self' 'fsbank.sharepoint.com'; 1
frame-ancestors 'self'; form-action 'self' *.domainregistration.com.sg *.paypal.com; upgrade-insecure-requests 1
https:; connect-src 'self' img-src http://www.skodalive.in/ http://www.skodalive.co.in/ 'self' data: http://*.singleinterface.com http://*.google-analytics.com http://gaadicdn.com https: *.gstatic.com *.google-analytics.com *.ytimg.com  blob:; object-src 'self' http://*.singleinterface.com https:; script-src http://www.skodalive.in/ http://www.skodalive.co.in/ 'self' 'unsafe-eval' *.mapmyindia.com *.google.com http://*.singleinterface.com *.jquery.com *.google-analytics.com assets.adobedtm.com fbexternal-a.akamaihd.net *.netcore.co.in *.crazyegg.com *.netcoresmartech.com 'unsafe-inline' *.gstatic.com https: blob:;style-src http://www.skodalive.in/ http://www.skodalive.co.in/ 'unsafe-inline' 'self' http://*.singleinterface.com maxcdn.bootstrapcdn.com https:  *.gstatic.com; font-src http://www.skodalive.in/ http://www.skodalive.co.in/ data: http://*.singleinterface.com 'self' maxcdn.bootstrapcdn.com https: *.gstatic.com  1
default-src 'self' https://*.lufthansagroup.com https://*.equitystory.com https://export.highcharts.com https://s.ytimg.com https://*.youtube.com https://*.youtube-nocookie.com https://*.twitter.com https://*.twimg.com https://*.soundcloud.com https://*.customervoice360.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ytimg.com *.youtube.com *.youtube-nocookie.com *.soundcloud.com p11.techlab-cdn.com; style-src 'self' 'unsafe-inline' https://*.lufthansagroup.com; object-src 'self'; img-src data: https:; 1
default-src 'self' https://*.abus.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://service.excentos.com https://widget.moin.ai; font-src 'self' https://fonts.gstatic.com https://service.excentos.com https://widget.moin.ai data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com https://www.googletagmanager.com https://piwik.abus.com https://privacy.abus.com https://abus.containers.piwik.pro https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://maps.googleapis.com https://widget.moin.ai https://*.google-analytics.com https://service.excentos.com blob:; img-src 'self' https://c1.abus.com https://privacy.abus.com https://www.facebook.com https://i.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://memories.abus.com https://image-scaler.excentos.com https://m.excentos.com https://media.moin.ai data:; media-src 'self' data:; connect-src 'self' https://*.abus.com https://abus.piwik.pro https://www.facebook.com https://abus-privacy.my.onetrust.com https://maps.googleapis.com wss://ws.hotjar.com https://content.hotjar.io https://*.google-analytics.com https://api.friendlycaptcha.com https://m.excentos.com https://service.excentos.com https://api.moin.ai wss://bot.moin.ai https://vc.hotjar.io; frame-src 'self' https://www.youtube.com; 1
default-src 'self';script-src 'self' https://maps.googleapis.com *.googletagmanager.com *.google-analytics.com https://consent.cookiebot.com https://consent.azureedge.net https://consentcdn.cookiebot.com https://tagmanager.google.com https://www.googleadservices.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.cobrowser.com https://connect.facebook.net https://optimize.google.com https://*.mopinion.com https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js https://scripts.viduate.com/iv.copy.params.embed.js 'unsafe-eval' 'unsafe-inline';style-src 'self' https://fonts.googleapis.com/ https://tagmanager.google.com https://*.cobrowser.com https://optimize.google.com https://*.mopinion.com 'unsafe-inline';connect-src *;font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://app.cobrowser.com https://app.conversation24.com https://*.mopinion.com;img-src 'self' data: http://dev.vesteda-v10.com http://dev.vesteda-v9.com https://content.presspage.com/ https://maps.gstatic.com https://*.googleapis.com https://*.google.com https://*.google.nl https://*.ggpht.com https://raw.githubusercontent.com/googlemaps/ *.google-analytics.com *.analytics.google.com https://www.facebook.com https://optimize.google.com https://*.hotjar.com https://*.hotjar.io https://app.cobrowser.com https://app.conversation24.com https://vst-web-test-cdn-media-endpoint.azureedge.net https://vst-web-acc-cdn-media-endpoint.azureedge.net https://vst-web-prod-cdn-media-endpoint.azureedge.net https://vst-web-test-cdn-remote-media-endpoint.azureedge.net https://vst-web-acc-cdn-remote-media-endpoint.azureedge.net https://vst-web-prod-cdn-remote-media-endpoint.azureedge.net https://*.doubleclick.net;media-src 'self' http://dev.vesteda-v10.com http://dev.vesteda-v9.com https://vst-web-test-cdn-media-endpoint.azureedge.net https://vst-web-acc-cdn-media-endpoint.azureedge.net https://vst-web-prod-cdn-media-endpoint.azureedge.net;frame-src 'self' https://www.youtube.com/embed/ https://player.vimeo.com https://www.youtube-nocookie.com/ https://consent.azureedge.net https://consentcdn.cookiebot.com https://*.hotjar.com https://*.hotjar.io https://optimize.google.com https://projects.ivorystudio.net/ 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-88b7be5cc401aa1c2a37dc276f9d18a7'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'none'; connect-src https://cdn.cookielaw.org https://*.contentsquare.net  https://region1.analytics.google.com https://*.mediarithmics.com https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://*.thcdn.com https://asgard.thehut.net https://cpwidgets.thehut.net https://cdn.ampproject.org https://bat.bing.com https://www.facebook.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://*.google-analytics.com https://ampcid.google.com https://adservice.google.com https://the.sciencebehindecommerce.com https://sf-hs-sg.ibytedtos.com https://ct.pinterest.com; font-src 'self' https://blogscdn.thehut.net https://fonts.gstatic.com https://fonts.googleapis.com https://*.thcdn.com; form-action 'self' https://tr.snapchat.com https://connect.facebook.net https://www.facebook.com https://syndication.twitter.com https://survey.g.doubleclick.net; child-src 'self' https://*.contentsquare.net https://sightmill.com https://woobox.com https://ct.pinterest.com https://open.spotify.com https://www.tiktok.com https://widget.trustpilot.com https://gum.criteo.com https://static.criteo.net https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://www.instagram.com https://www.youtube.com https://vimeo.com https://tr.snapchat.com https://*.doubleclick.net https://www.pinterest.com; img-src https://*.contentsquare.net https: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://sightmill.com https://cdn.cookielaw.org  https://*.contentsquare.net https://app.contentsquare.com  https://dynamic.criteo.com https://*.mediarithmics.com https://adservice.google.com https://*.ibytedtos.com https://geolocation.onetrust.com https://cdn.ampproject.org https://blogscdn.thehut.net https://*.thcdn.com https://cdn.woobox.com https://analytics.twitter.com/ https://bat.bing.com https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js https://code.jquery.com/jquery-3.6.0.min.js https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://sc-static.net https://sslwidget.criteo.com https://widget.eu.criteo.com https://static.criteo.net https://static.ads-twitter.com https://www.dwin1.com https://*.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.googleadservices.com https://www.instagram.com https://www.tiktok.com https://s16.tiktokcdn.com https://survey.g.doubleclick.net https://*.google.co.uk https://s.pinimg.com https://*.doubleclick.net; style-src 'self' 'unsafe-inline' https://blogscdn.thehut.net https://*.thcdn.com https://fonts.google.com https://fonts.googleapis.com https://s16.tiktokcdn.com; frame-ancestors 'self'; media-src 'self'; object-src 'none'; worker-src blob: 'self'; upgrade-insecure-requests; report-uri https://csp.thehut.net/blogs 1
frame-ancestors 'self' login.wmtransfer.com 1
default-src: 'self'; script-src: 'self' www.your-freedom.net 1
frame-ancestors 'self' *.wifi.teledata.de https://*.wifi.teledata.de *.gisserver.de https://*.gisserver.de 1
default-src 'self' rocmondriaan.nl *.rocmondriaan.nl; connect-src 'self' *.genial.ly rocmondriaan.nl *.rocmondriaan.nl stats.g.doubleclick.net tr.snapchat.com *.analytics.google.com *.google-analytics.com *.googlesyndication.com www.googletagmanager.com cdn.linkedin.oribi.io analytics.tiktok.com *.clarity.ms; img-src * data:; style-src 'self' rocmondriaan.nl *.rocmondriaan.nl *.typekit.net *.genial.ly 'unsafe-inline'; script-src 'self' rocmondriaan.nl *.rocmondriaan.nl *.cookiebot.com *.genial.ly *.googleapis.com www.youtube.com www.google-analytics.com www.googletagmanager.com connect.facebook.net snap.licdn.com sc-static.net d12ue6f2329cfl.cloudfront.net googleads.g.doubleclick.net www.clarity.ms analytics.tiktok.com tr.snapchat.com 'unsafe-inline'; font-src use.typekit.net; frame-src *.genial.ly *.cookiebot.com *.connexys.nl *.facebook.com www.youtube.com player.vimeo.com letszoip.com www.letszoip.com tr.snapchat.com; object-src 'none' 1
default-src 'self' *.nmcdn.io https://gpkflrj998.execute-api.us-east-1.amazonaws.com; script-src 'unsafe-inline' 'self' *.nmcdn.io https://gpkflrj998.execute-api.us-east-1.amazonaws.com https://api.mapbox.com https://*.dwcdn.net https://widget-mediator.zopim.com https://*.zdassets.com https://*.zendesk.com https://www.youtube.com https://www.google.com 'unsafe-eval' https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com blob:; style-src 'unsafe-inline' 'self' *.nmcdn.io https://gpkflrj998.execute-api.us-east-1.amazonaws.com https://api.mapbox.com https://*.dwcdn.net https://www.youtube.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' *.nmcdn.io https://gpkflrj998.execute-api.us-east-1.amazonaws.com https://api.mapbox.com https://*.dwcdn.net https://*.zopim.io https://img.youtube.com https://www.youtube.com https://i.ytimg.com *.ggpht.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com data: https://paea.epicenter1.com; font-src 'self' *.nmcdn.io https://gpkflrj998.execute-api.us-east-1.amazonaws.com https://*.dwcdn.net https://fonts.gstatic.com data:; connect-src 'self' *.nmcdn.io https://gpkflrj998.execute-api.us-east-1.amazonaws.com https://api.mapbox.com https://events.mapbox.com https://*.zdassets.com https://*.my.sentry.io https://*.zendesk.com wss://widget-mediator.zopim.com *.googleapis.com https://www.youtube.com https://play.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; media-src 'self' *.nmcdn.io https://gpkflrj998.execute-api.us-east-1.amazonaws.com https://static.zdassets.com; object-src 'none'; frame-src 'self' *.nmcdn.io https://gpkflrj998.execute-api.us-east-1.amazonaws.com https://*.dwcdn.net https://youtube.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://google.de https://app.usercentrics.eu https://www.googletagmanager.com  https://www.googleadservices.com https://googleads.g.doubleclick.net https://netzwerk.uppr.de https://www.google-analytics.com https://privacy-proxy.usercentrics.eu https://www.facebook.com https://twitter.com https://www.linkedin.com https://www.xing.com https://www.youtube.com https://cdnjs.cloudflare.com https://nebula-cdn.kampyle.com https://bat.bing.com https://ad4m.at https://connect.facebook.net https://www.usemaxserver.de https://widgets.energiemonitor.de https://play.google.com https://www.googleoptimize.com https://icpublichosting.azureedge.net https://optimize.google.com https://service.mtcaptcha.com https://service2.mtcaptcha.com https://ic-chatwindow-service.azurewebsites.net https://clb2.cfapps.mila.external.ap.innogy.com https://www.googleanalytics.com https://cdn.medallia.com/ https://cdn.appsol.medallia.com/ *.kampyle.com/ https://metrics-proxy.medallia.ca/ https://metrics-proxy.medallia.eu/ https://metrics-proxy.medallia.com.au/ https://metrics-proxy.medallia.com/ https://col.eum-appdynamics.com/ https://static.medallia.com/ https://bugreport.medallia.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://chart.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ https://express.ger.medallia.eu/ https://express.sbx.ger.medallia.eu/ https://feed2.medallia.eu/ https://feed2sbx.sbx.ger.medallia.eu/ https://mft1.medallia.eu/ https://filestash.fra1.medallia.eu/ https://tm.ad-srv.net https://tm703.ad-srv.net https://tm707.ad-srv.net https://tm708.ad-srv.net https://*.iadvize.com https://znbd9pj7eqbjzjd42-eon.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://trck.lew.de; style-src 'self' 'unsafe-inline' https://widgets.energiemonitor.de https://fonts.googleapis.com https://icpublichosting.azureedge.net https://optimize.google.com https://*.iadvize.com; object-src 'self'; report-uri /umbraco/api/helper/CreateCSPReport 1
default-src 'self' blob: data: *; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *; frame-ancestors 'self' https://xodo-web.sanity.studio; 1
script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleanalytics.com *.googleoptimize.com *.googletagmanager.com *.twitter.com  *.lemnisk.co *.mygreatlearning.com https://optimize.google.com:* https://pay.billdesk.com:* https://services.billdesk.com:* https://pgi.billdesk.com:* *.googleadservices.com *.facebook.net *.doubleclick.net https://js.boxx.ai:* https://cdn.syndication.twimg.com:* https://snap.licdn.com:* https://js-cdn.dynatrace.com:* https://cdn.ampproject.org:* ; base-uri 'none'; style-src 'self' 'unsafe-inline' https://optimize.google.com:* https://fonts.googleapis.com:* ; 1
frame-ancestors self http://localhost/ https://mpower.pidilite.com https://pidilite-lms.herokuapp.com http://clientdata.colorjive.com/ https://www.youtube.com/ https://s7.addthis.com/ https://www.drfixit.co.in/ http://localhost:3000 http://localhost:3002 http://dduzkvnw6iy47.cloudfront.net https://www.facebook.com https://s3.amazonaws.com/widget.colorjive/ https://evt.paytm.com https://tracking.icubeswire.co https://dialstar.trackneo.net/ https://td.doubleclick.net/ https://www.google.com/ 1
frame-ancestors 'self' *.canva.com canva.com; report-uri https://csp.canva.com/_cspreport?app=websites; base-uri 'self'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'nonce-f01a71af-58a5-4415-8e9b-70dca2a3ee50' https://www.google.com/recaptcha/api.js; 1
default-src 'self' ;frame-src fledge.ladsp.com cd.ladsp.com um.ladsp.com cache.send.microad.jp img.ak.impact-ad.jp 11973408.fls.doubleclick.net youtube.com www.youtube.com td.doubleclick.net googleads.g.doubleclick.net; script-src 'self' 'unsafe-inline' www.googletagmanager.com akamai.tiqcdn.com collect.tealiumiq.com visitor-service.tealiumiq.com tags.tiqcdn.com data:; style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com; font-src 'self' use.fontawesome.com fonts.gstatic.com; connect-src 'self' wss: ntjp.mieru-ca.com ps.ladsp.com z.clarity.ms diagnostics.id5-sync.com audiencedata.im-apps.net q.clarity.ms cdn.microad.jp apm.yahoo.co.jp am.yahoo.co.jp id5-sync.com lb.eu-1-id5-sync.com akamai.tiqcdn.com collect.tealiumiq.com glaxosmithklinebeech.tt.omtrdc.net; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; object-src 'none'; base-uri 'self'; img-src 'self' c.bing.com c.clarity.ms universe.send.microad.jp b98.yahoo.co.jp i6.smartnews-ads.com i.smartnews-ads.com bat.bing.com dsp.logly.co.jp googleads.g.doubleclick.net aw.dw.impact-ad.jp www.facebook.com b97.yahoo.co.jp www.google.com www.google.co.jp data:; script-src-elem 'self' 'sha256-Brwt2ffnfDnAUANkltkOfYAErTWW2MgjqvfP2kK8Ucg=' 'sha256-Qxo284Ul9eHEadouckapt9JjCbgAqhFXIfBEl1fWT0U=' 'sha256-k/8PNdgpd2hBs6idRYwKT52Piq+lZBYm8b/tA0wrYD8=' 'sha256-72lNR16CAh9z1onSoJ4kLZOAhgXMc5cNndHx4YwcLU8=' 'sha256-PIFGs1vlo/ssAvzRj7v50yq0b5ungH7Z3bWpn7A1Nh8=' 'sha256-I4nPHjBQiEasYOKTrRm5xM9MT4Sd7DhTvMjwIB84Nw4=' 'sha256-Qu+tY3dOOINTwl0Wr6m6Mc1MG9M1vYyMk13Uu9jH4f0=' 'sha256-O49VoxqJ7jyDfqaBjjI7r6b7PAM36V6cFhWsuxXLuxI=' 'sha256-1fewxGV9y2lMzQrWXs5pGOS6jPBtKI5ChRKX90M20LQ=' 'sha256-oqnileiLnwIGTXyUWCe7Ao57jLMB5QQj/WBCWAFseGs=' hm.mieru-ca.com tag.ladsp.com dsp.logly.co.jp dmp.im-apps.net www.clarity.ms px.ladsp.com cdn.microad.jp b98.yahoo.co.jp bat.bing.com cdn.microad.jp cdn.smartnews-ads.com cd.ladsp.com s.yimg.jp penta.a.one.impact-ad.jp connect.facebook.net img.ak.impact-ad.jp tags.tiqcdn.com www.googletagmanager.com www.googleadservices.com visitor-service.tealiumiq.com googleads.g.doubleclick.net 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.synbird.com *.google-analytics.com *.googletagmanager.com  *.clarity.ms stats.2vcreation.com  https://www.google.com https://maps.google.com https://apis.google.com https://*.googleapis.com https://*.gstatic.com https://connect.facebook.net https://platform.twitter.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.synbird.com https://fonts.googleapis.com https://www.google.com; img-src * data: blob:; media-src * data: blob:; frame-src * blob:; child-src * blob:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' *.gouv.fr *.synbird.com *.google-analytics.com *.googletagmanager.com *.clarity.ms stats.2vcreation.com https://sarralbe.live-kd.com 1
default-src 'self';         style-src 'self' 'unsafe-inline' unpkg.com fonts.googleapis.com www.svvv.edu.in svvv.edu.in cdnjs.cloudflare.com use.fontawesome.com cdn.plyr.io player.vimeo.com ;        font-src 'self' data: fonts.gstatic.com www.svvv.edu.in svvv.edu.in unpkg.com use.fontawesome.com cdnjs.cloudflare.com;        script-src * 'unsafe-inline' 'unsafe-eval';        img-src 'self' i.ytimg.com data: www.google.com www.google.co.in encrypted-tbn0.gstatic.com;        frame-src www.svvv.edu.in svvv.edu.in accounts.google.com app.powerbi.com www.youtube.com bid.g.doubleclick.net td.doubleclick.net clickeffect.co.in;        connect-src 'self' www.google-analytics.com stats.g.doubleclick.net;        media-src 'self' www.youtube.com ; 1
frame-ancestors https://*.ntuc.org.sg/ https://mccebnveobhqeehilh1-cm.managedcloud.sitecore.com https://mccebnveobhqeehilh1-cd.managedcloud.sitecore.com; 1
default-src 'self' https://feed.pghub.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://snippet.maze.co https://feed.pghub.io https://z.moatads.com/ https://s.swiftypecdn.com/ https://connect.facebook.net/ https://js.adsrvr.org/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://www.googleadservices.com/ https://maps.googleapis.com https://unpkg.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://script.crazyegg.com https://api.ipify.org https://code.jquery.com/ https://c.lytics.io/ https://cdn.segment.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://pghub.io/ https://cdn.cookielaw.org/; style-src 'self' 'unsafe-inline' https://feed.pghub.io https://cdn.cookielaw.org/ https://c.lytics.io/ https://cdnjs.cloudflare.com https://unpkg.com; object-src https://images.ctfassets.net/; base-uri 'self'; connect-src 'self' https://feeds.businesswire.com https://csapi-nonprod.pg.com https://csapi.pg.com https://downloads.ctfassets.net https://cdn.segment.com https://privacytermsprod.azureedge.net https://assets.ctfassets.net/ https://cdn.contentful.com https://mw-ar-recom-prod.pgapi.io/ https://staging-api.fr.pg.com/ https://gpdb-staging.name-coach.com/api/public/v1/pronunciations/phonetics https://gpdb.name-coach.com/api/public/v1/pronunciations/phonetics https://prompts.maze.co https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://tracking.crazyegg.com https://api.fr.pg.com https://pg-poc-regulatory-app-test.azurewebsites.net https://s.swiftypecdn.com https://maps.googleapis.com https://script.crazyegg.com https://consent-api.onetrust.com https://api.segment.io/ https://match.adsrvr.org/ https://lj18wdvpyu-3.algolianet.com/ https://lj18wdvpyu-2.algolianet.com/ https://lj18wdvpyu-1.algolianet.com/ https://lj18wdvpyu-dsn.algolia.net/ https://www.google-analytics.com/ https://region1.google-analytics.com https://cdn.cookielaw.org *.doubleclick.net https://stats.g.doubleclick.net; font-src 'self' https://feed.pghub.io; frame-src 'self' https://images.ctfassets.net/ https://www.youtube-nocookie.com/ https://feed.pghub.io https://www.facebook.com/ https://d.agkn.com/ https://www.youtube.com https://pandg.tapad.com https://www.google.com/ https://www.googletagmanager.com/; img-src 'self' blob: data: https://mms.businesswire.com/ https://feed.pghub.io https://www.facebook.com/ https://downloads.ctfassets.net/ https://px.moatads.com/ https://googleads.g.doubleclick.net/ https://www.confianzaonline.es *.akamaihd.net https://maps.gstatic.com https://maps.googleapis.com https://t.co https://www.google.com/ https://www.google.hr/ https://analytics.twitter.com https://s.amazon-adsystem.com/ https://c.lytics.io/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://match.adsrvr.org/ https://images.ctfassets.net https://pixel.tapad.com https://www.google-analytics.com https://i.ytimg.com; manifest-src 'self'; frame-ancestors 'self' https://app.contentful.com; media-src 'self' https://feed.pghub.io https://videos.ctfassets.net/; worker-src blob:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://tilde.zone; img-src 'self' data: blob: https://tilde.zone https://media.tilde.zone; style-src 'self' https://tilde.zone 'nonce-N8zlHIG86RKrcIdXkFHllQ=='; media-src 'self' data: https://tilde.zone https://media.tilde.zone; frame-src 'self' https:; manifest-src 'self' https://tilde.zone; form-action 'self'; child-src 'self' blob: https://tilde.zone; worker-src 'self' blob: https://tilde.zone; connect-src 'self' data: blob: https://tilde.zone https://media.tilde.zone wss://tilde.zone; script-src 'self' https://tilde.zone 'wasm-unsafe-eval' 1
frame-ancestors https://www.sconto.de 'self' http://images.google.de http://images.google.com https://images.google.de https://images.google.com https://ogone.test.v-psp.com https://secure.ogone.com 1
default-src data: https: 'self' 'unsafe-inline' 'unsafe-eval'; font-src data: https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://dev.visualwebsiteoptimizer.com/ https://analytics.pangle-ads.com/ https://atag.adgile.media/ https://pagead2.googlesyndication.com/ wss://realtime.mypurecloud.com.au/ wss://webmessaging.mypurecloud.com.au/ https://*.mypurecloud.com.au/ https://*.goodstart.org.au/ https://d38o6ero4cmsrz.cloudfront.net/ https://cdn.linkedin.oribi.io/ https://ct.pinterest.com/ https://f.clarity.ms/ https://s.yimg.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://www.facebook.com/ https://*.clarity.ms/ https://maps.googleapis.com/ https://analytics.google.com/ https://analytics.tiktok.com/ https://*.linkedin.com/ https://jlihhjqe.goodstart.org.au/ https://adservice.google.com/ https://www.google.com/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.g.doubleclick.net *.googleadservices.com *.iqm.com *.cookielaw.org *.vimeo.com tags.srv.stackadapt.com resources.forvis.com resources.forvismazars.us *.googletagmanager.com *.knowledgeowl.com *.wistia.com *.bugherd.com *.jquery.com *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.facebook.net *.youtube.com *.twitter.com *.marketo.net *.eloqua.com *.tableau.com *.jsdelivr.net; style-src 'self' 'unsafe-inline' tags.srv.stackadapt.com resources.forvis.com resources.forvismazars.us *.knowledgeowl.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google.com *.twimg.com *.typekit.net *.fontawesome.com; font-src * data:; img-src * data:; media-src 'self' data: blob: *.wistia.com; child-src 'self' resources.forvis.com resources.forvismazars.us *.libsyn.com *.bkd.com *.yumpu.com *.brightcove.net *.knowledgeowl.com *.twitter.com *.youtube.com *.vimeo.com *.soundcloud.com *.bugherd.com *.google.com *.wistia.com *.wistia.net *.facebook.com *.tableau.com; connect-src 'self' accounts.google.com *.g.doubleclick.net *.cookielaw.org *.onetrust.com tags.srv.stackadapt.com *.google-analytics.com *.google.com *.litix.io *.wistia.com *.bugsnag.com *.pusher.com ws-mt1.pusher.com *.bugherd.com *.googleapis.com *.mktoresp.com; 1
default-src 'self' *.chengmail.cn *.mail.top *.cndns.com *.chengpan.vip at.alicdn.com *.51.la *.idccenter.net *.chengmail.me;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cndns.com *.cnzz.com cdn.jsdelivr.net unpkg.com *.51.la *.idccenter.net www.googletagmanager.com;style-src 'self' 'unsafe-inline' *.cndns.com cdn.jsdelivr.net unpkg.com at.alicdn.com *.idccenter.net;img-src * 'self' data: https: blob:;frame-src 'self' *.chengmail.cn *.chengpan.vip *.idccenter.net;font-src 'self' data: cdn.jsdelivr.net at.alicdn.com unpkg.com *.idccenter.net 1
default-src https://brandl-services.com/org.dreamox.cmsmox.divlayout/org/dreamox/cmsmox/divlayout/view/jsp/images/socialshare/svg/sprite.svg ;base-uri 'none';object-src 'none';form-action 'self' ;frame-ancestors 'none';connect-src 'self' 'self' data: api.brandl-services.com matomo.brandl-services.com;img-src 'self' brandl-services.com   'self' data: https:  matomo.brandl-services.com;media-src 'self' ;script-src 'self' 'strict-dynamic' 'nonce-a2guasuaeudlhpphbu8c0qiscqq';style-src 'self' 'unsafe-inline' ;font-src 'self' ;manifest-src 'self';upgrade-insecure-requests;report-uri https://csp-report.auctores.de/resources/index;frame-src  matomo.brandl-services.com plugin.brandl-services.com; 1
default-src 'self' https://*.nhs.uk; frame-src 'self' https://*.flipsnack.com/ https://mf.igspectrum.net https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.facebook.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feeds.trac.jobs https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.google.ie https://*.google.nl  https://*.webspellchecker.net 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https://cms.cirrushosting.com https://analytics.sleeknote.com https://www.googletagmanager.com https://www.facebook.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' https://stablechat.mysecurecloudhost.com; upgrade-insecure-requests; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com js-agent.newrelic.com www.youtube.com www.google-analytics.com bam.nr-data.net static.dvinci-easy.com maps.googleapis.com bat.bing.com www.gstatic.com connect.facebook.net widget.msgp.pl services.gastronovi.com https://tagmanager.google.com/ www.googleadservices.com blob: https://cdn.jsdelivr.net https://cdn.kiprotect.com https://cdnjs.cloudflare.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com static.dvinci-easy.com unpkg.com js-agent.newrelic.com www.google-analytics.com maps.googleapis.com bam.nr-data.net connect.facebook.net bat.bing.com www.gstatic.com www.youtube.com widget.msgp.pl services.gastronovi.com www.google.com googleads.g.doubleclick.net www.recaptcha.net www.googleadservices.com content.syndigo.com js.monitor.azure.com static.hotjar.com script.hotjar.com https://cdn.jsdelivr.net https://cdn.kiprotect.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' static.dvinci-easy.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' static.dvinci-easy.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; base-uri 'self'; frame-ancestors 'self' lpda9f27a988.hana.ondemand.com; report-uri https://www.selgros.de/report-uri/enforce 1
img-src 'self' data: https://statistiek.rijksoverheid.nl https://www.google-analytics.com https://i.ytimg.com https://i.vimeocdn.com https://*.pleio.nl https://account.pleio.nl https://images.unsplash.com https://vimeo.com; frame-src 'self' https://www.youtube-nocookie.com https://player.vimeo.com https://api.eu.kaltura.com https://*.pleio.nl https://feed.mikle.com https://images.unsplash.com https://vimeo.com; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://formulieren.pleio.nl; object-src 'none'; default-src 'self'; upgrade-insecure-requests; connect-src 'self' https://stats.pleio.nl https://statistiek.rijksoverheid.nl https://www.google-analytics.com https://vimeo.com https://formulieren.pleio.nl; base-uri 'none'; script-src 'unsafe-inline' 'strict-dynamic' https: http: 'nonce-YxJ9odij3ANLKZOaVEc68Q==' 1
frame-ancestors 'self' https://www.foodlog.nl https://agrifoodnetworks.org 1
frame-ancestors 'self' https://*.irem.org https://app.dev.lobbycre.com https://app.qa.lobbycre.com https://app.staging.lobbycre.com https://app.lobbycre.com; 1
base-uri 'self'; style-src 'self' 'unsafe-inline' https: ; default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' https:; connect-src 'self' wss: https:; font-src 'self' data: https:; frame-src 'self' https:; img-src http: https: data:; manifest-src 'self'; media-src 'self' data: blob: https: *; worker-src 'none'; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-e101bb08188fc4d7e86f44c779405b8b'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'none';     script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:;     script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://remote.captcha.com https://maps.googleapis.com https://fonts.googleapis.com https://ajax.googleapis.com https://code.3dissue.com;     connect-src 'self' https://maps.googleapis.com https://dc.services.visualstudio.com  https://www.google-analytics.com;     img-src 'self' data: https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com;     frame-src 'self' https://cdn.jwplayer.com/ https://www.youtube.com/;     style-src 'self' 'unsafe-inline';     style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://code.3dissue.com;    base-uri 'self';     form-action 'self';     font-src 'self' data: https://fonts.gstatic.com;     media-src 'self';     upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' https://www.meon.com.br https://www.metropolemagazine.com.br 1
style-src fonts.googleapis.com https://cdn1.cobornsinc.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' 'unsafe-inline'; connect-src https://ka-f.fontawesome.com 'self' https://beta-shop.hornbachers.com https://dc.services.visualstudio.com https://beta-shop.coborns.com https://beta-shop.cashwise.com https://shop.coborns.com https://shop.cashwise.com https://shop.hornbachers.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; img-src https://cdn1.cobornsinc.com https://www.hornbachers.com https://*.cloudfront.net https://www.facebook.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' data:; font-src https://fonts.gstatic.com https://ka-f.fontawesome.com; script-src https://kit.fontawesome.com/219cac2c34.js https://knowledgetags.yextapis.com 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://dboktu48tbzl9.cloudfront.net https://cdnjs.cloudflare.com https://js.monitor.azure.com https://secure.wufoo.com https://static.wufoo.com https://www.googletagmanager.com https://connect.facebook.net https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api; frame-src 'self' *.google.com https://maps.app.goo.gl https://www.youtube.com https://coborns.wufoo.com; default-src 'self' 1
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' exe.in.th *.exe.in.th; frame-src 'self' exe.in.th *.exe.in.th https://www.google.com; img-src *; script-src 'self' 'unsafe-inline' https://cdn.exe.in.th https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.google-analytics.com https://analytics.tiktok.com https://d.line-scdn.net; connect-src 'self' https://www.google-analytics.com https://analytics.google.com; report-to https://security.exe.in.th/csp 1
default-src https: blob: 'unsafe-inline' 'unsafe-eval' *.vimeocdn.com *.vimeo.com akamai-assets.squarespace.com; script-src blob: 'self' https: https://static1.squarespace.com https://www.evconnect.com https://maps.googleapis.com https://code.jquery.com https://unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src blob: 'self' https: data: https://www.evconnect.com; connect-src blob: https:; font-src https:; media-src blob: https: data: 1
frame-ancestors 'self' bam.harridev.com harridev.com fr.harridev.com es.harridev.com ru.harridev.com de.harridev.com pl.harridev.com ar.harridev.com tr.harridev.com dev.harridev.com fr.dev.harridev.com es.dev.harridev.com ru.dev.harridev.com de.dev.harridev.com pl.dev.harridev.com ar.dev.harridev.com tr.dev.harridev.com newdev.harridev.com stage.harridev.com hmap.harridev.com fr.hmap.harridev.com es.hmap.harridev.com ru.hmap.harridev.com de.hmap.harridev.com pl.hmap.harridev.com ar.hmap.harridev.com tr.hmap.harridev.com dv1.harridev.com dv2.harridev.com sandbox.harridev.com local.harridev.com:9001 fr.local.harridev.com:9001 es.local.harridev.com:9001 ru.local.harridev.com:9001 de.local.harridev.com:9001 pl.local.harridev.com:9001 ar.local.harridev.com:9001 tr.local.harridev.com:9001 local.harridev.com:9002 fr.local.harridev.com:9002 es.local.harridev.com:9002 ru.local.harridev.com:9002 de.local.harridev.com:9002 pl.local.harridev.com:9002 ar.local.harridev.com:9002 tr.local.harridev.com:9002 localhost.harridev.com:9001; 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; font-src * data: 1
default-src 'self' https: wss://ws23.hotjar.com/ https://*.azureedge.net https://*.azure-api.net https://*.blob.core.windows.net https://*.azurewebsites.net https://portal.sjofartsdir.no blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://www.google-analytics.com https://static.hotjar.com https://*.azureedge.net https://*.cloudflare.com https://widget.usersnap.com https://*.vimeo.com blob:; style-src 'self' 'unsafe-inline' https: https://*.azureedge.net https://*.cloudflare.com https://fonts.googleapis.com; img-src 'self' data: blob:; frame-src 'self' https: https://*.vimeo.com https://*.azure-api.net; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googleapis.com *.googletagmanager.com *.google.com google-analytics.com *.google-analytics.com *.gstatic.com platform-api.sharethis.com *.sharethis.com tcr-manager.net cdnjs.cloudflare.com cdn.jsdelivr.net *.cloudfront.net *.fontawesome.com unpkg.com *.emolytics.com; 1
script-src *.clarity.com *.survicate.com *.adform.net *.facebook.net *.zemanta.com 'self' 'unsafe-inline' *.youtube.com *.vimeo.com maps.googleapis.com *.google-analytics.com *.googletagmanager.com https://widget.eu.surveymonkey.com https://ajax.googleapis.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ https://*.cookiebot.com https://*.clarity.ms https://c.bing.com; style-src *.survicate.com 'self' 'unsafe-inline' fonts.googleapis.com; font-src *.survicate.com 'self' data: fonts.gstatic.com; connect-src *.survicate.com *.clarity.ms *.doubleclick.net 'self' maps.googleapis.com *.analytics.google.com *.googletagmanager.com consentcdn.cookiebot.com https://*.cookiebot.com https://*.google-analytics.com; img-src *.cloudinary.com *.survicate.com *.clarity.ms *.bing.com *.facebook.com *.zemanta.com *.google.nl 'self' data: *.cookiebot.com *.ytimg.com *.vimeocdn.com maps.gstatic.com maps.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com; form-action 'self' ideal.ing.nl betalen.rabobank.nl www.abnamro.nl diensten.asnbank.nl ideal2.knab.nl diensten.regiobank.nl diensten.snsbank.nl ideal.triodos.nl *.vanlanschotkempen.com ideal.bunq.com https://htmnlb2c.b2clogin.com *.buckaroo.nl *.b2clogin.com; frame-src *.vimeo.com *.youtuve-nocookie.com *.google.com *.doubleclick.net 'self' consentcdn.cookiebot.com https://eu.surveymonkey.com *.youtube-nocookie.com; base-uri 'self'; default-src 'self'; frame-ancestors 'self' *.buckaroo.nl; manifest-src 'self' 1
default-src *.ctfassets.net 'self'; style-src js.jebbit.com fonts.googleapis.com aadcdn.msauth.net *.haptikapi.com haptikapi.net *.haptikapi.net *.pricespider.com 'self' blob: 'unsafe-inline'; img-src aadcdn.msauth.net buzzoblob.blob.core.windows.net *.haptikapi.com haptikapi.net *.haptikapi.net *.tapad.com *.ctfassets.net *.google-analytics.com 'self' data: https: blob:; script-src aadcdn.msauth.net js.jebbit.com *.haptikapi.com haptikapi.net *.haptikapi.net *.youtube.com *.youtube-nocookie.com *.facebook.net *.qualtrics.com pghub.io *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.pricespider.com *.segment.com js.adsrvr.org data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src fonts.gstatic.com *.ctfassets.net fonts.googleapis.com *.haptikapi.com haptikapi.net *.haptikapi.net 'self' data: blob: 'unsafe-inline'; frame-src 'self' *.haptikapi.com haptikapi.net *.haptikapi.net pgglobalpro.jebbit.com *.pghub.io *.adsrvr.org *.ctfassets.net *.youtube.com *.youtube-nocookie.com *.tapad.com; media-src *.haptikapi.com haptikapi.net *.haptikapi.net *.youtube.com *.youtube-nocookie.com; frame-ancestors 'self' pgglobalpro.jebbit.com *.pghub.io *.adsrvr.org *.ctfassets.net *.youtube.com *.youtube-nocookie.com *.tapad.com data: https: blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://*.trustpilot.com https://*.stripe.com https://*.stripe.network https://m.stripe.network  https://*.gstatic.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://www.mappila.com https://*.tutorhunt.com https://*.googleapis.com www.google-analytics.com https://maps.google.com  s3.amazonaws.com https://*.cardinalcommerce.com https://*.us-east-1.amazonaws.com; object-src 'self' https://*.trustpilot.com  s3.amazonaws.com; style-src 'unsafe-inline' 'self' s3.amazonaws.com https://*.googleapis.com https://www.mappila.com; img-src 'self' data: https://optimize.google.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.googletagmanager.com www.google-analytics.com maps.google.com openlayers.org https://openlayers.org https://www.mappila.com data: https://*.tile.openstreetmap.org https://*.google.com https://*.googleapis.com; media-src https://*.tutorhunt.com 'self'; frame-src 'self' https://*.trustpilot.com https://*.stripe.com https://*.stripe.network https://www.youtube.com https://*.cardinalcommerce.com; font-src 'self' https://*.tutorhunt.com https://fonts.gstatic.com; connect-src 'self' https://*.cardinalcommerce.com https://*.stripe.com https://*.us-east-1.amazonaws.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hightext.de *.googletagservices.com *.doubleclick.net *.ibusiness.de *.onetoone.de *.versandhausberater.de *.neuhandeln.de *.press1.de *.google.de *.google.com *.googlesyndication.com; 1
default-src 'self' data: 'unsafe-hashes' 'unsafe-eval' *.typekit.net *.vimeo.com *.siteimproveanalytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ssl.google-analytics.com *.fontawesome.com *.typekit.net siteimproveanalytics.com *.wp.com https://beacon-v2.helpscout.net/ https://www.googletagmanager.com *.vimeocdn.com *.gstatic.com; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; img-src 'self' data: http: https: *.gravatar.com https://www.google-analytics.com www.googletagmanager.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; connect-src 'self' https://www.google-analytics.com *.cloudfront.net www.googletagmanager.com https://stats.g.doubleclick.net 1
frame-ancestors 'self' *.scfederal.org *.zagclients.net 1
frame-ancestors 'self' https://badanie.serwersms.pl/; 1
default-src 'self'; connect-src http: https: wss:; form-action * 'unsafe-inline' 'unsafe-eval'; frame-src https:; frame-ancestors 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; style-src-elem * 'unsafe-inline' 'unsafe-eval'; font-src * data: blob:; img-src * data: blob:; media-src * data: blob:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; 1
default-src 'self'; child-src 'self' www.youtube-nocookie.com w.soundcloud.com *.vimeocdn.com player.vimeo.com vimeo.com;  connect-src 'self'; font-src 'self' data:; img-src 'self' www.zorgkaartnederland.nl data: blob: 6005217.global.siteimproveanalytics.io;  media-src 'self'; object-src 'none'; script-src 'self' 'nonce-e96a16ed-3cf1-40aa-8914-02024267a8cd' www.zorgkaartnederland.nl siteimproveanalytics.com; style-src 'self' 'nonce-e96a16ed-3cf1-40aa-8914-02024267a8cd' www.zorgkaartnederland.nl data:;  base-uri 'self'; form-action 'self'; frame-ancestors 'self';  report-uri /csp-report; upgrade-insecure-requests; 1
font-src 'self' data: *.gstatic.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googletagmanager.com *.assets.adobedtm.com *.googleapis.com *.gstatic.com; img-src 'self' data: *.gstatic.com 1
frame-ancestors 'self' *.cms.snakeware.nl *.snakeware.nl *.snakeware.cloud *.snakeware.test 1
frame-ancestors 'self' https://*.toyota.cz https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
sandbox allow-downloads allow-forms allow-modals allow-popups allow-popups-to-escape-sandbox allow-scripts allow-same-origin; default-src 'self' http://maxcdn.bootstrapcdn.com *.youtube-nocookie.com/embed/ https://www.youtube.com/embed/ https://fonts.gstatic.com/ widgets.trustedshops.com api.zanox.ws https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' adservice.google.de *.google.com *.google-analytics.com *.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net/ https://widgets.trustedshops.com https://bot.moin.ai/ https://dialog.botcast.ai/ https://code.jquery.com/jquery-1.10.2.min.js *.zanox.com https://www.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com https://widget.moin.ai/ https://bat.bing.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://ss-gtm.admiraldirekt.de/ https://ssgtm.admiraldirekt.de/ https://g.microsoft.com https://translate.googleapis.com  https://www.clarity.ms/ https://api.ipify.org https://analytics.fatmedia.io/ https://ad4m.at/ https://lantern.roeyecdn.com/lantern_global_11671.min.js https://fat.financeads.net/; connect-src 'self' https://googleads.g.doubleclick.net *.analytics.google.com https://www.google-analytics.com/ https://ss-gtm.admiraldirekt.de/ https://ssgtm.admiraldirekt.de/ https://www.google.com/ https://widgets.trustedshops.com https://www.facebook.com/tr/ https://azure.botcast.ai/ wss://bot.moin.ai/primus https://stats.g.doubleclick.net https://cdncache-a.akamaihd.net https://bat.bing.com/ https://api.moin.ai https://cfg.moin.ai https://cdn.cookielaw.org/ https://privacyportal-de.onetrust.com/ https://www.google.de/ https://widget.moin.ai *.clarity.ms https://admiraldirekt-api-dienste.ey.r.appspot.com https://admiraldirekt-api-dienste.appspot.com https://geolocation.onetrust.com/ https://maps.googleapis.com/; img-src 'self' data: *.admiraldirekt.de https://widgets.trustedshops.com *.google-analytics.com *.analytics.google.com https://www.google.com/ads/ https://www.google.de/ads/ https://www.google.com/pagead/ https://www.google.de/pagead/ https://stats.g.doubleclick.net https://*.amazonaws.com *.googletagmanager.com https://*.googleapis.com https://*.ggpht.com https://maps.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com/ https://media.botcast.ai/ https://media.moin.ai/ https://scontent.xx.fbcdn.net/ https://external.xx.fbcdn.net/ *.awin1.com *.zenaps.com *.bing.com https://knowhere.to/ https://cdn.cookielaw.org/ https://*.admiraldirekt.de/ https://www.google.at/ https://www.google.ch/ https://fonts.gstatic.com/ https://translate.google.com https://c.clarity.ms/ https://optanon.blob.core.windows.net/ https://googleads.g.doubleclick.net https://ad.doubleclick.net/ https://r.adserver01.de/ https://ad11.adfarm1.adition.com https://track.adform.net https://trc.taboola.com https://as.ad4m.at/ https://adservice.google.com/ https://secure.adnxs.com/ https://imagesrv.adition.com/ https://ad4m.at https://*.adserver01.de https://*.adc-serv.net https://*.df-srv.de https://*.adition.com https://*.ad4mat.de https://*.doubleclick.net https://*.adscale.de https://*.twiago.com https://*.casalemedia.com https://*.adfarm1.adition.com https://*.adform.net https://*.secure.adnxs.com https://*.taboola.com https://*.retrack-kupona.kuponacdn.de https://*.smartadserver.com https://*.pubmatic.com https://*.yieldlab.net https://lantern.roeye.com/; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com https://tagmanager.google.com https://fonts.googleapis.com https://widgets.trustedshops.com https://widget.moin.ai/ https://translate.googleapis.com https://www.googletagmanager.com/debug/; font-src 'self' https://fonts.gstatic.com  https://widgets.trustedshops.com https://static3.avast.com https://widget.moin.ai; child-src 'self' https://www.youtube-nocookie.com https://www.googletagmanager.com https://bid.g.doubleclick.net/ https://www.awin1.com/ https://bid.g.doubleclick.net https://ad4m.at/ https://hal9000.redintelligence.net/ https://mathtag.com/ https://*.ad4mat.net https://td.doubleclick.net/; worker-src 'self' *.awin1.com *.zenaps.com ; base-uri 'self'; media-src 'self'; object-src 'self'; form-action 'self'; frame-ancestors 'self' https://www.admiraldirekt.de/; block-all-mixed-content; report-uri https://prod.admiraldirekt.iv.local/intern/csp/CSPReporting 1
default-src 'self' *.googleapis.com *.google-analytics.com mfapi.advisorkhoj.com *.bajajamc.com/api/er/* *.clarity.ms *.notifyvisitors.com *.netcoresmartech.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.jsdelivr.net *.notifyvisitors.com googleads.g.doubleclick.net *.clarity.ms *.netcoresmartech.com *.googleadservices.com *.facebook.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.jsdelivr.net; img-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com preproduat.bajajamc.com *.notifyvisitors.com *.googletagmanager.com googleads.g.doubleclick.net *.google.com *.google.co.in *.facebook.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com; manifest-src 'self' *.notifyvisitors.com *.netcoresmartech.com; frame-src 'self' *.youtube.com *.notifyvisitors.com *.doubleclick.net; 1
base-uri 'self'; object-src 'none'; script-src 'self' https://chartstatic.com https://chartexchange.com https://chartexchange.local https://www.google.com https://www.gstatic.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://code.jquery.com https://js.stripe.com https://hooks.stripe.com https://stripecdn.com 'nonce-c39c531bf4607fa5c44083b97bfeee37' 1
frame-ancestors 'self' pcnational.stqry.app; 1
default-src 'self' *.multiline.lu; script-src 'self' 'unsafe-inline' *.multiline.lu; style-src 'self' 'unsafe-inline' *.multiline.lu; object-src 'self' *.multiline.lu; img-src 'self' *.multiline.lu data: https: 1
default-src 'self'; connect-src 'self' *.nr-data.net *.clarity.ms *.google.com stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.hotjar.com *.bing.com *.google.ca *.facebook.net https://api64.ipify.org/ *.translate-pa.googleapis.com https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://api.cac1.pure.cloud *.mypurecloud.com wss://webmessaging.mypurecloud.com https://cl.exct.net; font-src 'self' *.fontawesome.com *.googleusercontent.com; frame-src 'self' *.addtoany.com *.gstatic.com *.google.com *.youtube.com *.googletagmanager.com *.recaptcha.net *.facebook.com td.doubleclick.net https://apps.cac1.pure.cloud/ https://apps.mypurecloud.com/; img-src 'self' *.alectra.com *.gstatic.com *.facebook.com data: www.w3.org/svg/2000 *.google.ca *.google-analytics.com *.bing.com *.outbrain.com *.google.com *.googleapis.com *.facebook.net *.clarity.ms bing.com *.googletagmanager.com https://alectrautilities.com *.clarity.ms *.bing.com https://t.co/i/ *.twitter.com https//i.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.newrelic.com *.nr-data.net *.addtoany.com *.facebook.net *.googletagmanager.com *.google.com *.clarity.ms *.googleapis.com *.google-analytics.com *.outbrain.com *.bing.com *.clarity.ms *.cloudflare.com unpkg.com *.recaptcha.net *.gstatic.com *.cloudflare.com *.addtoany.com *.ads-twitter.com https://apps.cac1.pure.cloud https://apps.mypurecloud.com *.youtube.com; style-src 'self' 'unsafe-inline' *.fontawesome.com *.gstatic.com *.cloudflare.com; frame-ancestors 'self' *.youtube.com you.tube https://apps.mypurecloud.com/ ; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.toyota.no https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
frame-src 'self' https: blob: data:; connect-src 'self' https:; font-src https: data:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; media-src https: data:; object-src https: data:; form-action 'self' https:; default-src https: 1
default-src 'none'; connect-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src 'self' survey.akhtaboot.com s3.amazonaws.com www.facebook.com googleads.g.doubleclick.net t.effectivemeasure.net docs.google.com view.officeapps.live.com www.google.com optimize.google.com www.youtube.com akhtaboot.s3.amazonaws.com akhtaboot-staging.s3.amazonaws.com www.recaptcha.net *.googlesyndication.com *.oraclecloud.com; img-src * data: blob: 'unsafe-inline'; media-src s3.amazonaws.com; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline' 1
default-src 'self' https://*.disney.com https://*.google.com https://*.gstatic.com https://*.go.com localhost:*; frame-src 'self' https://*.go.com http://*.go.com *.disney.com:* *.google.com:* *.gstatic.com:* localhost:* *.demdex.net assets.adobedtm.com *.clicktale.net s.amazon-adsystem.com *.bluekai.com *.doubleclick.net *.facebook.com *.flashtalking.com *.snapchat.com *.tamgrt.com *.adsrvr.org; img-src 'self' * data: *.akstat.io *.clicktale.net *.contentsquare.net *.google-analytics.com *.googletagmanager.com *.cookielaw.org www.google.com px.ads.linkedin.com; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' data: *.disney.com:* localhost:* *.go.com:* *.google.com:* *.gstatic.com:* *.wdpromedia.com assets.adobedtm.com www.googletagmanager.com *.demdex.net *.tt.omtrdc.net *.go-mpulse.net *.clicktale.net *.contentsquare.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.apptentive.com bat.bing.com *.bluekai.com tags.bkrtx.com *.branch.io app.link *.scorecardresearch.com disneyparks.sp1.convertro.com *.doubleclick.net *.facebook.com connect.facebook.net www.googleadservices.com www.google.com *.googleadservices.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com static.tacdn.com js.adsrvr.org *.twitter.com *.ads-twitter.com *.yahoo.com s.yimg.com/wi/ytc.js; style-src 'self' 'unsafe-inline' https://cdn.cookielaw.org tagmanager.google.com fonts.googleapis.com *.apptentive.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com data: *.disney.com:* localhost:*; connect-src 'self' 'self' data: *.disney.com:* localhost:* *.go.com:*  *.google.com:* *.gstatic.com:* *.demdex.net *.tt.omtrdc.net *.akstat.io *.go-mpulse.net *.clicktale.net *.contentsquare.net r.disneystore.com r.disney.com r.disney.go.com r.starwars.com r.disneyjunior.com r.babble.com r.disneybaby.com *.google-analytics.com *.googletagmanager.com *.cookielaw.org *.onetrust.com *.apptentive.com bat.bing.com *.branch.io *.doubleclick.net cdn.linkedin.oribi.io *.reson8.com *.snapchat.com analytics.tiktok.com s.yimg.com; child-src 'self' *.disney.com *.go.com *.wdpromedia.com 'unsafe-eval' 'unsafe-inline' assets.adobedtm.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.tt.omtrdc.net *.go-mpulse.net blob:; worker-src 'self' *.disney.com *.go.com *.wdpromedia.com 'unsafe-eval' 'unsafe-inline' assets.adobedtm.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.tt.omtrdc.net *.go-mpulse.net blob:; 1
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.ie https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.ie https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.ie;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.ie  https://smetrics.vwfs.ie https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.ie;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.ie https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.ie https://smetrics.vwfs.ie https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ie http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com ;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net https://online.flowpaper.com;            media-src https://www.youtube-nocookie.com 'self' ; 1
font-src 'self' data: https://tools.agencewebcom.com/prod/widgets/be/static/fonts/ https://fonts.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com http://*.cloudfront.net https://*.cloudfront.net ; base-uri 'self'; 1
default-src 'self'; connect-src 'self' https://plausible.io https://*.hotjar.com wss://*.hotjar.com; img-src 'self' https://pleasant-authority-2ff9630a39.media.strapiapp.com data:; script-src 'self' 'unsafe-inline' https://plausible.io https://static.hotjar.com https://script.hotjar.com https://*.list-manage.com; font-src 'self' https://use.typekit.net https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com https://p.typekit.net 'unsafe-inline'; frame-src https://www.youtube.com https://www.youtube-nocookie.com https://vars.hotjar.com; frame-ancestors 'none'; media-src https://pleasant-authority-2ff9630a39.media.strapiapp.com; 1
connect-src https://api.instagram.com https://*.doubleclick.net https://*.googlevideo.com https://skyfire.vimeocdn.com https://vimeo.com http://vimeo.com https://www.youtube.com https://www.instagram.com https://*.knowledgevision.com https://*.googletagmanager.com https://adservice.google.com https://ads.avocet.io https://ads.avocet.cloud https://*.brrmedia.co.uk https://player.vimeo.com https://*.civiccomputing.com wss://*.infrontservices.com https://*.google-analytics.com https://*.analytics.google.com https://www.datadoghq-browser-agent.com https://*.adobedtm.com https://*.demdex.net https://*.adobe.com https://*.everesttech.net https://*.2o7.net https://*.omtrdc.net https://*.choruscall.com https://*.amazonaws.com https://*.adobe.io https://*.world-television.com https://cdn.gbqofs.com https://*.report.gbss.io https://*.lseg.com/oauth2/ https://browser-intake-datadoghq.eu https://*.stage-knowledgevision.com https://*.awswaf.com https://api.lsegissuerservices.com https://cache-api.lsegissuerservices.com https://ws.lsegissuerservices.com wss://ws.lsegissuerservices.com https://assets.lsegissuerservices.com https://upload.lsegissuerservices.com https://closed-event-content.lsegissuerservices.com https://amr.lsegissuerservices.com https://identity.lseg.com;script-src 'self' https://cdn.syndication.twimg.com https://www.youtube.com https://www.google.com https://*.google-analytics.com https://static.doubleclick.net https://*.vimeocdn.com https://player.vimeo.com https://vimeo.com https://connect.facebook.net https://platform.twitter.com https://*.knowledgevision.com https://*.googletagmanager.com https://adservice.google.com https://ads.avocet.io https://*.brrmedia.co.uk https://www.gstatic.com/ https://*.civiccomputing.com https://*.adobedtm.com https://*.demdex.net https://*.adobe.com https://*.everesttech.net https://*.2o7.net https://*.omtrdc.net https://*.choruscall.com https://*.world-television.com https://cdn.gbqofs.com https://*.report.gbss.io https://*.console.glassboxsaas.com https://*.everestjs.net https://*.googleadservices.com https://*.g.doubleclick.net https://browser-intake-datadoghq.eu https://*.stage-knowledgevision.com https://*.awswaf.com 'unsafe-eval' 'unsafe-inline';style-src 'self' https://*.twimg.com https://platform.twitter.com https://*.vimeocdn.com https://www.youtube.com https://fonts.googleapis.com https://*.brrmedia.co.uk https://www.gstatic.com/ 'unsafe-inline';img-src 'self' https://*.twimg.com https://*.cdninstagram.com https://*.twitter.com https://www.facebook.com https://researchtreefilesprod.blob.core.windows.net https://*.vimeocdn.com https://*.ytimg.com https://img.youtube.com https://www.google-analytics.com https://www.youtube.com https://csi.gstatic.com https://maps.gstatic.com https://*.brrmedia.co.uk https://*.everesttech.net https://www.gstatic.com/ https://*.demdex.net https://*.googletagmanager.com https://wtk.infrontservices.com https://www.ifre.com https://*.google-analytics.com https://assets.lsegissuerservices.com data:;font-src 'self' https://fonts.gstatic.com data:; 1
frame-ancestors 'self' https://*.m2.aeroflow.dev https://aeroflowbreastpumps.com https://*.aeroflowbreastpumps.com https://cpapsupplies.com https://*.cpapsupplies.com https://cheapcpapsupplies.com https://*.cheapcpapsupplies.com https://aeroflowsleep.com https://*.aeroflowsleep.com https://aeroflowdirect.com https://*.aeroflowdirect.com https://shop.aeroflowinc.com https://aeroflowurology.com https://*.aeroflowurology.com https://motifmedical.com https://*.motifmedical.com https://lactationlink.com https://*.lactationlink.com https://aeroflowdiabetes.com https://*.aeroflowdiabetes.com https://proxy.omniconvert.com 1
default-src 'self' 3mrfkn2zieuc3mxi6d26ag4d-wpengine.netdna-ssl.com www.youtube.com go.sudoplatform.com https://go.sudoplatform.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 3mrfkn2zieuc3mxi6d26ag4d-wpengine.netdna-ssl.com anonyome.us2.list-manage.com js.zi-scripts.com ws.zoominfo.com go.sudoplatform.com https://go.sudoplatform.com; style-src 'self' 'unsafe-inline' 3mrfkn2zieuc3mxi6d26ag4d-wpengine.netdna-ssl.com fonts.googleapis.com; img-src 'self' data: 3mrfkn2zieuc3mxi6d26ag4d-wpengine.netdna-ssl.com i.ytimg.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' data: cognito-identity.us-east-1.amazonaws.com pinpoint.us-east-1.amazonaws.com 3mrfkn2zieuc3mxi6d26ag4d-wpengine.netdna-ssl.com js.zi-scripts.com ws.zoominfo.com; font-src 'self' data: fonts.gstatic.com 3mrfkn2zieuc3mxi6d26ag4d-wpengine.netdna-ssl.com; object-src cognito-identity.us-east-1.amazonaws.com; frame-src go.sudoplatform.com https://go.sudoplatform.com 1
frame-ancestors https://*.wizdom.ai https://wizdom.ai capacitor://wizdom.ai 1
default-src 'self' https://www.mirdvornikov.ru; connect-src 'self' https://*.clarity.ms https://yandex.ru/ads/adfox/1503404/ https://mc.yandex.com/ https://yandex.ru/clck/ https://analytics.google.com https://region1.analytics.google.com https://region1.google-analytics.com https://www.mirdvornikov.ru https://www.facebook.com/tr/ https://o354851.ingest.sentry.io https://widget.me-talk.ru wss://widget.me-talk.ru wss://widget.apibcknd.com https://widget.apibcknd.com https://static.me-talk.ru/API/DOCS/onlineChatAssets/json/f/3/f302aeeda1c251762669ddab75ed76ca/ https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.webvisor.org https://mc.yandex.md https://mc.yandex.ru;  font-src 'self' https://yastatic.net/ https://www.mirdvornikov.ru data: https://maxcdn.bootstrapcdn.com;  form-action 'self' https://pay.modulbank.ru https://www.mirdvornikov.ru https://www.facebook.com/tr/ https://money.yandex.ru/eshop.xml https://yoomoney.ru/;  frame-src 'self'  https://mc.yandex.com https://vk.com/widget_community.php https://login.vk.com https://www.mirdvornikov.ru  https://www.banki.ru/insurance/ https://www.facebook.com https://bid.g.doubleclick.net https://www.google.com/recaptcha/ https://www.youtube.com https://yandex.ru https://f302aeeda1c251762669ddab75ed76ca.me-talk.ru blob: https://mc.yandex.ru;  img-src 'self' https://c.bing.com https://c.clarity.ms https://banners.adfox.ru/ https://ads.adfox.ru/ https://www.mirdvornikov.ru https://mc.yandex.com/sync_cookie_image_check https://vk.com/images/upload.gif https://googleads.g.doubleclick.net www.googletagmanager.com https://www.facebook.com/tr/ https://www.google.ae/ads/ga-audiences data: https://api-maps.yandex.ru https://static.me-talk.ru/uploads/avatars/ https://avatars.mds.yandex.net https://img.youtube.com https://mc.webvisor.org https://mc.yandex.ru https://*.maps.yandex.net https://www.google-analytics.com  https://www.google.ru/ads/ga-audiences https://stats.g.doubleclick.net https://www.google.com/ads/;  object-src 'self' https://www.mirdvornikov.ru;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://mc.yandex.com/ https://banners.adfox.ru/ https://yandex.ru/ads/system/context.js https://vk.com/js/api/openapi.js https://widget.me-talk.ru/ https://www.banki.ru/static/bundles/ https://www.mirdvornikov.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://connect.facebook.net/ https://www.googletagmanager.com https://js.sentry-cdn.com/ https://www.google.com/recaptcha/  https://www.gstatic.com/recaptcha/ https://static.me-talk.ru/cabinet/build/chat/ https://browser.sentry-cdn.com https://suggest-maps.yandex.ru https://lux.speedcurve.com https://cdn.speedcurve.com/js/lux.js https://mc.yandex.ru https://yastatic.net https://ajax.googleapis.com https://api-maps.yandex.ru https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js https://lcab.talk-me.ru/support/support.js https://static.me-talk.ru/API/DOCS/onlineChatAssets/json/f/3/f302aeeda1c251762669ddab75ed76ca/www.mirdvornikov.ru.js https://*.maps.yandex.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com;  style-src 'self' 'unsafe-inline' https://www.mirdvornikov.ru;  child-src blob: https://mc.yandex.ru; manifest-src https://www.mirdvornikov.ru/manifest.json; 1
script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.statcounter.com/counter/counter.js https://www.google.com/recaptcha/api.js; frame-ancestors 'none';child-src 'self' https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://vimeo.com; 1
default-src 'self'; img-src 'self' https://* data:; child-src https://www.youtube.com/ https://www.google.com/; style-src 'self' https://fonts.googleapis.com/ https://cdn.jsdelivr.net/npm/@duetds/date-picker@1.1.0/dist/duet/themes/default.css 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/ https://business.senedd.wales; script-src 'self' blob: https://www.google-analytics.com/ https://cc.cdn.civiccomputing.com/ https://www.googletagmanager.com/ https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.0.0.min.js https://ajax.aspnetcdn.com/ajax/jquery.validate/1.16.0/jquery.validate.min.js https://ajax.aspnetcdn.com/ajax/mvc/5.2.3/jquery.validate.unobtrusive.min.js https://cdn.jsdelivr.net 'sha256-qTS4cC+BnlabE/doSj+MPbjtJWVdVNtQah7AzuFfjbE=' 'sha256-h4tI5yM0TF6GI9CZe5uWnJX7WqXL1kpLAJ13Idyytts=' 'sha256-byyDoONdqE08AIFI6uBk/n8GJDNnu4o8VE6qf+NETJs=' 'sha256-GG+mi50DV7jNq33JItnAeSGKu+DyOuVZM484bs4ioq4=' 'sha256-r3mDNAbdsnbtcqGzAwDXN/1Ln5hKyg8GDZlm46+kpKg=' 'sha256-GG+mi50DV7jNq33JItnAeSGKu+DyOuVZM484bs4ioq4=' 'sha256-IZgGOToFausimoy1Ehqf2azcfWd5NrdyLunVfExDBbE=' 'sha256-NGxJAeRnkyrA2OBRtnqvyQRY28RBBbWXd+45iwUuOUU=' 'sha256-F/cu6HUELqMYhkB6TZFkoZoPLA7wPQ+ImBdqTVxZPUc=' 'sha256-OH++59VDvU6yN74Q2UuMkDjXzMZbZYGxaTP1SrqUqJs='; connect-src 'self' https://www.google-analytics.com https://www.senedd.tv https://senedd.tv https://www.senedd.assembly.wales https://www.senedd.cynulliad.cymru https://apikeys.civiccomputing.com https://senedd.assembly.wales https://senedd.cynulliad.cymru https://player.senedd.tv https://busnes.senedd.cymru https://business.senedd.wales https://region1.google-analytics.com; frame-src 'self' https://www.youtube.com/ https://www.google.com/ https://umap.openstreetmap.fr https://openstreetmap.cymru https://www.ons.gov.uk https://player.senedd.tv https://w.soundcloud.com https://my.matterport.com https://embeds.audioboom.com https://player.vimeo.com https://business.senedd.wales https://busnes.senedd.cymru https://www.canva.com https://forms.office.com https://app.powerbi.com https://cy.ons.gov.uk https://instagram.com https://www.instagram.com 1
frame-ancestors https://tools.univer.se 1
default-src 'none'; object-src 'self' https://beacon-v2.helpscout.net; img-src 'self' data: https://s3.amazonaws.com/tfo-qa-schoolimages/ https://s3.amazonaws.com/tfo-schoolimages/ https://lh3.googleusercontent.com/ https://platform-lookaside.fbsbx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/maps/ p.typekit.net https://www.googletagmanager.com/ https://*.gravatar.com https://beacon-v2.helpscout.net https://d33v4339jhl8k0.cloudfront.net https://chatapi-prod.s3.amazonaws.com/; form-action 'self'; media-src 'self' https://beacon-v2.helpscout.net; font-src 'self' use.typekit.net data: https://fonts.gstatic.com https://beacon-v2.helpscout.net; connect-src 'self' https://www.google-analytics.com/ https://maps.googleapis.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com; frame-src 'self' fast.wistia.net www.google.com https://collegesource.typeform.com https://beacon-v2.helpscout.net form.typeform.com; manifest-src 'self'; base-uri null; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://embed.typeform.com/ https://fast.wistia.net https://appleid.cdn-apple.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/analytics.js https://maps.googleapis.com browser-update.org www.google.com www.googletagmanager.com www.gstatic.com use.typekit.net polyfill.io https://beacon-v2.helpscout.net; style-src 'self' 'unsafe-inline' https://embed.typeform.com/ https://fonts.googleapis.com https://beacon-v2.helpscout.net 1
default-src 'self'  *.doubleclick.net *.vimeo.com *.googlesyndication.com *.rokt.com *.rokt.com/wsdk/controller/index.html *.rokt.com/wsdk/plugin-runtime/index.html *.rokt.com/wsdk/plugins/widget/index.html *.rokt.com/wsdk/plugins/dcui/index.html *.paypalobjects.com *.monetate.net www.google.com *.paypal.com *.worldpay.com *.criteo.com *.qualaroo.com www.youtube.com *.issuu.com www.instagram.com *.addthis.com *.facebook.com *.twitter.com *.emarsys.net *.google.com *.onetrust.com *.onetrust.io *.criteo.net;  script-src 'self' *.cookielaw.org *.googlesyndication.com www.googleadservices.com *.rokt.com *.rokt.com/integrations/launcher.js *.rokt.com/store/js/gtm_wrapper.min.js *.paypalobjects.com *.youtube.com *.googletagmanager.com *.paypal.com *.monetate.net *.cquotient.com *.cloudflare.com unpkg.com *.zdassets.com *.bing.com www.google-analytics.com/analytics.js www.google-analytics.com/plugins/ua/ecommerce.js www.google-analytics.com/plugins/ua/ec.js maps.googleapis.com *.mondialrelay.com *.feefo.com *.worldpay.com *.px-cloud.net *.scarabresearch.com www.google.com www.gstatic.com *.criteo.net *.criteo.com *.crazyegg.com *.amazonaws.com *.facebook.net *.trustedshops.com *.qualaroo.com int-ds-shared-1.monetate.org localhost:2323 *.webgains.com *.webgains.io www.instagram.com *.salon-services.com *.addthis.com *.addthisedge.com *.moatads.com *.twitter.com *.webgains.com *.webgains.io *.emarsys.net *.sallyexpress.com *.onetrust.com *.onetrust.io *.google.com *.clarity.ms *.cdn-apple.com 'unsafe-inline' 'unsafe-eval' blob:;  img-src 'self' *.eyeota.net *.1rx.io *.emxdgt.com *.yahoo.net *.rokt.com *.paypal.com *.monetate.net *.salesforce.com www.paypalobjects.com *.demandware.net *.bing.com www.google.com www.google.com.ua www.google-analytics.com maps.gstatic.com maps.googleapis.com *.salon-services.com *.feefo.com *.cloudfront.net *.trustedshops.com *.mondialrelay.com *.tapad.com *.criteo.com *.smaato.net *.yieldmo.com *.rubiconproject.com *.advertising.com *.mgid.com *.liadm.com *.yahoo.com *.openx.net *.addthis.com *.doubleclick.net *.outbrain.com *.yieldlab.net *.bidswitch.net *.smartadserver.com *.3lift.com *.taboola.com *.360yield.com *.teads.tv *.pubmatic.com *.casalemedia.com *.mgid.com *.media.net *.omnitagjs.com *.adform.net *.twiago.com *.adnxs.com *.adscale.de *.socdm.com *.sharethrough.com *.stickyadstv.com *.rlcdn.com *.ivitrack.com *.e-planning.net *.smartclip.net *.ad-stir.com *.clmbtech.com *.tremorhub.com *.demdex.net *.postrelease.com *.facebook.com *.google.com *.openstreetmap.org *.aralego.com *.bluekai.com *.adsrvr.org *.ants.vn *.krxd.net *.mediavine.com *.microad.jp *.agkn.com *.emarsys.net *.crazyegg.com *.bluekai.com *.gstatic.com *.clarity.ms id5-sync.com *.dmxleo.com *.thebrighttag.com *.crwdcntrl.net data:;  font-src 'self' *.rokt.com *.paypal.com *.monetate.net *.googleapis.com *.gstatic.com *.cdn-apple.com data:;  style-src 'self' *.rokt.com *.paypal.com 'unsafe-inline' *.feefo.com *.monetate.net *.googleapis.com unpkg.com *.mondialrelay.com *.worldpay.com;  connect-src 'self' *.cookielaw.org *.googlesyndication.com *.criteo.com *.google.com *.onetrust.io *.paypal.com *.monetate.net *.zendesk.com *.crazyegg.com *.zdassets.com *.google-analytics.com *.feefo.com *.doubleclick.net *.crazyegg.com *.mondialrelay.com *.scarabresearch.com *.emarsys.net *.px-cdn.net *.px-cloud.net *.edq.com *.bing.com *.webgains.com *.webgains.io *.onetrust.com *.clarity.ms *.googleapis.com;  media-src 'self'; 1
default-src 'self'; img-src 'self' data:; media-src 'self' blob:; connect-src 'self' blob:; form-action 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://deliver.kontent.ai https://assets-eu-01.kc-usercontent.com https://cdn.jsdelivr.net https://www.sabes.it https://www.asdaa.it https://home.sabes.it https://home.asdaa.it https://www.youtube.com https://www.youtube-nocookie.com https://*.ytimg.com https://cdn.jsdelivr.net https://unpkg.com https://*.googleapis.com https://*.google.com https://*.vimeo.com https://*.vimeocdn.com https://*.facebook.net https://*.siteimprove.com https://*.siteimprove.net https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io https://siag.form.cloud https://fonts.gstatic.com https://redas.services.siag.it https://dati.retecivica.bz.it https://civis.bz.it https://sabes.onboard.org https://cdn1.onboard.org https://prod.b-optimist.com wss://prod.b-optimist.com https://*.sibforms.com https://sibforms.com https://*.brevo.com https://*.sendinblue.com https://*.gstatic.com https://siagsap4pab.prod.apimanagement.eu20.hana.ondemand.com https://sis.prod.apimanagement.eu20.hana.ondemand.com https://api-integrations.services.siag.it https://api-integrations.services.siag.it https://www.iubenda.com https://cpl.iubenda.com https://cdn.iubenda.com https://consent.iubenda.com https://hits-i.iubenda.com https://cs.iubenda.com/; base-uri 'self'; frame-ancestors 'self' https://*.kontent.ai/; font-src https://www.sabes.it https://www.asdaa.it https://home.sabes.it https://home.asdaa.it https://fonts.gstatic.com https://prod.b-optimist.com; object-src 'none'; 1
frame-ancestors 'self' https://rakentaja-backend.rkt-pro.rakentaja.com; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.rkt-prod.rakentaja.com https://cdn-cookieyes.com https://pagead2.googlesyndication.com https://kit.fontawesome.com https://www.googletagmanager.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com; style-src 'self' 'unsafe-inline' https://ka-f.fontawesome.com https://fonts.googleapis.com; img-src 'self' data: 127.0.0.1 localhost crcdn01.adnxs-simple.com cdn.rkt-prod.rakentaja.com img.youtube.com rakentaja.fi cdn.rkt-pro-1.eks.schibsted.io cdn-cookieyes.com www.google-analytics.com pagead2.googlesyndication.com www.google.fi www.google.com rakentaja.fi https://cdn.rkt-pro-1.eks.schibsted.io https://cdn-cookieyes.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://www.google.fi https://www.google.com https://www.youtube.com/ https://pagead2.googlesyndication.com; font-src 'self' https://kit.fontawesome.com https://ka-f.fontawesome.com https://fonts.gstatic.com data:; connect-src 'self' https://cdn-cookieyes.com https://ka-f.fontawesome.com https://region1.analytics.google.com https://www.google-analytics.com https://*.analytics.google.com https://log.cookieyes.com https://www.youtube.com/ https://pagead2.googlesyndication.com https://sendy.rakentaja.fi; frame-src 'self' https://pagead2.googlesyndication.com https://td.doubleclick.net https://www.googletagmanager.com https://www.youtube.com/ https://pagead2.googlesyndication.com https://tpc.googlesyndication.com; 1
default-src  'self' ; img-src      'self' 'unsafe-inline' 'unsafe-eval' data: *.clarity.ms analytics-sm.com *.cookielaw.org *.facebook.com *.adnxs.com *.google.com *.bing.com *.adroll.com *.kampyle.com *.doubleclick.net;  script-src   'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.pinterest.com *.taboola.com *.snapchat.com *.impactradius-event.com analytics-sm.com unpkg.com *.blackcrow.ai *.pinimg.com *.facebook.net *.cnnx.link sc-static.net *.doubleclick.net cdn.cookielaw.org *.bing.com *.tiktok.com nebula-cdn.kampyle.com *.adroll.com cdn.jsdelivr.net cdnjs.cloudflare.com assets.adobedtm.com *.googletagmanager.com *.gravatar.com *.googleapis.com *.google-analytics.com;  style-src    'self' 'unsafe-inline' *.googleapis.com;  font-src     'self' data: *.googleapis.com;  frame-src    'self' *.snapchat.com *.pinterest.com *.doubleclick.net;  object-src   'self' ;  connect-src   'self' *.clarity.ms *.onetrust.com *.cookielaw.org *.pinterest.com *.taboola.com *.snapchat.com *.tiktok.com *.adroll.com *.bing.com *.google.com *.google-analytics.com *.doubleclick.net sgtm.petco.com ; 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri https://www.edeandravenscroft.com/?eID=error 1
default-src 'self' browser-update.org cdn.jsdelivr.net *.tiny.cloud *.tinymce.com cdnjs.cloudflare.com unpkg.com *.es.fr *.groupe-es.net assets.app.smart-tribune.com api-gateway.app.smart-tribune.com *.dial-once.com; connect-src 'self' *.dial-once.com *.smart-tribune.com *.es.fr; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; frame-src 'self' www.youtube.com player.vimeo.com es.gestmax.fr contact.es.fr *.dial-once.com; img-src 'self' data: *.tinymce.com api-gateway.app.smart-tribune.com *.app.smart-tribune.com *.ytimg.com; script-src 'self' 'unsafe-inline' *.es.fr browser-update.org *.groupe-es.net es.gestmax.fr assets.app.smart-tribune.com polyfill-fastly.io *.dial-once.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' *.tiny.cloud assets.app.smart-tribune.com fonts.googleapis.com https://cdnjs.cloudflare.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com:* *.googletagmanager.com:* *.addtoany.com:* *.google-analytics.com:*; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.fontawesome.com:* *.umanizales.edu.co:*; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob: data: gap:; style-src * 'unsafe-inline'; 1
default-src 'self' https://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://*.marketo.com https://*.google.com https://*.youtube.com https://*.gstatic.com https://*.gstatic.cn https://*.ul.com https://player.vimeo.com https://www.recaptcha.net *.salesforce-sites.com data: blob:; connect-src 'self' https://*.wistia.com http://*.wistia.com *.wistia.cdn.com https://*.ul.com https://www.google-analytics.com https://*.google.com https://www.facebook.com https://stats.addtoany.com https://*.hotjar.com https://*.hotjar.io https://*.mktoutil.com https://*.mktoresp.com http://*.mktoresp.com https://embedwistia-a.akamaihd.net https://sessions.bugsnag.com https://stats.g.doubleclick.net https://fg8vvsvnieiv3ej16jby.litix.io https://*.nr-data.net https://sheets-proxy.knightlab.com wss://*.hotjar.com https://csp.withgoogle.com https://cdn.linkedin.oribi.io https://*.qualtrics.com https://en.wikipedia.org/ *.my.salesforce-sites.com https://api.company-target.com https://acsbapp.com https://cdn.acsbapp.com https://*.trustarc.com *.demandbase.com demandbase.com company-target.com *.company-target.com https://uliodev.azure-api.net/informatica-email-phone/Global_Email_Phone_Validation https://io.ul.com/informatica-email-phone/Global_Email_Phone_Validation https://na1.ai.dm-us.informaticacloud.com/active-bpel/public/rt/cTHkDDQ8MOqgFALFbuPY0C/Global_Email_Phone_Validation_test https://ulenterpriseorg--devservice.sandbox.my.salesforce-scrt.com https://ulenterpriseorg--intdev.sandbox.my.salesforce-scrt.com https://ulenterpriseorg--sit.sandbox.my.salesforce-scrt.com *.my.salesforce-scrt.com *.adobe.io wss://*.adobe.io https://adobeid-na1.services.adobe.com https://*.adobelogin.com https://auth.services.adobe.com https://delegated.identity.adobe.com; font-src 'self' https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://*.gstatic.com https://*.gstatic.cn https://script.hotjar.com https://*.ul.com https://fast.wistia.com/ https://acsbapp.com https://consent.trustarc.com https://cdnjs.cloudflare.com https://*.typekit.net data:; frame-src 'self' https://*.marketo.com https://*.google.com https://player.vimeo.com https://*.youtube.com https://fast.wistia.com https://vars.hotjar.com https://www.facebook.com http://*.ul.com https://*.ul.com https://www.recaptcha.net https://*.addtoany.com https://*.doubleclick.net https://airtable.com https://ulsolutions.qualtrics.com *.salesforce.com *.salesforce-sites.com http://consent-pref.trustarc.com company-target.com *.company-target.com https://documentcloud.adobe.com https://ulenterpriseorg--devservice.sandbox.my.site.com https://ulenterpriseorg--intdev.sandbox.my.site.com https://ulenterpriseorg--sit.sandbox.my.site.com *.my.site.com experience.adobe.com; img-src 'self' https://*.adroll.com https://*.linkedin.com https://*.facebook.com https://*.gstatic.com https://*.gstatic.cn https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://*.ul.com https://s.ml-attr.com https://*.adnxs.com https://attr.ml-api.io https://pixel.mathtag.com https://*.amazonaws.com https://*.acsbapp.com https://*.qualtrics.com *.trustarc.com https://live-shimadzu.pantheonsite.io https://live-wwwul.pantheonsite.io https://live-latamul.pantheonsite.io https://live-emergo1.pantheonsite.io https://live-aunzul.pantheonsite.io https://test-shimadzu.pantheonsite.io https://test-wwwul.pantheonsite.io https://test-latamul.pantheonsite.io https://test-emergo1.pantheonsite.io https://test-aunzul.pantheonsite.io https://dev-shimadzu.pantheonsite.io https://dev-wwwul.pantheonsite.io https://dev-latamul.pantheonsite.io https://dev-emergo1.pantheonsite.io https://dev-aunzul.pantheonsite.io https://develop-shimadzu.pantheonsite.io https://develop-wwwul.pantheonsite.io https://develop-latamul.pantheonsite.io https://develop-emergo1.pantheonsite.io https://develop-aunzul.pantheonsite.io https://aunz.pasapp.dev https://emergo.psapp.dev https://latam.psapp.dev https://shimadzu.psapp.dev https://ul.psapp.dev https://ul.com https://id.rlcdn.com https://segments.company-target.com/validateCookie https://assets.adoberesources.net https://lh3.googleusercontent.com data: *.adobeaemcloud.com; media-src 'self' https://embedwistia-a.akamaihd.net https://*.wistia.com *.wistia.cdn.com https://*.youtube.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wistia.com http://*.wistia.net https://*.wistia.net https://*.youtube.com http://*.youtube.com https://*.vimeo.com https://connect.facebook.net https://*.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.gstatic.cn https://*.google.com https://googleads.g.doubleclick.net https://*.ul.com https://*.ul-renewables.com https://*.hotjar.com https://*.marketo.net https://www.recaptcha.net https://*.adroll.com https://*.ytimg.com https://snap.licdn.com https://*.adroll.mgr.consensu.org https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://cdn.c212.net https://c212.net https://pixel.mathtag.com *.cloudflare.com http://empoweringtrust.ul.com https://empoweringtrust.ul.com https://*.marketo.com https://browser-update.org http://browser-update.org https://acsbapp.com https://cdn.acsbapp.com https://*.qualtrics.com https://en.wikipedia.org https://tag.demandbase.com http://munchkin.marketo.net http://consent.trustarc.com *.demandbase.com demandbase.com company-target.com *.company-target.com https://assets.adoberesources.net https://documentcloud.adobe.com https://service.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.lightning.force.com https://ulenterpriseorg--devservice.sandbox.my.site.com https://ulenterpriseorg--intdev.sandbox.my.site.com https://ulenterpriseorg--sit.sandbox.my.site.com *.my.site.com blob: js.sentry-cdn.com consent.trustarc.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com https://commons.ul.com https://experience.adobe.com https://fast.wistia.com https://static.addtoany.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.marketo.com https://static.addtoany.com https://*.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com http://empoweringtrust.ul.com https://empoweringtrust.ul.com https://*.typekit.net *.salesforce.com *.salesforce-sites.com https://ulenterpriseorg--devservice.sandbox.my.site.com https://ulenterpriseorg--intdev.sandbox.my.site.com https://ulenterpriseorg--sit.sandbox.my.site.com *.my.site.com cdnjs.cloudflare.com https://cdn.knightlab.com; frame-ancestors 'self' *.salesforce-sites.com *.force.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' maps.googleapis.com www.google-analytics.com www.googletagmanager.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' policy.cookiereports.com www.google-analytics.com maps.googleapis.com www.googletagmanager.com maps.gstatic.com data:; media-src 'self'; frame-src 'self' *.visammg.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' fonts.gstatic.com; connect-src 'self' region1.google-analytics.com www.google-analytics.com maps.googleapis.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' maps.googleapis.com *.google-analytics.com *.gstatic.com www.google.com www.google.com.au www.googleadservices.com adservice.google.com googleads.g.doubleclick.net stats.g.doubleclick.net *.fls.doubleclick.net *.paypal.com *.braintree-api.com *.braintreegateway.com analytics.tiktok.com www.facebook.com *.livehire.com; script-src 'self' 'unsafe-inline' code.jquery.com www.google.com *.googleapis.com *.gstatic.com www.googletagmanager.com www.google-analytics.com analytics.tiktok.com connect.facebook.net *.adroll.com www.googleadservices.com adservice.google.com googleads.g.doubleclick.net www.tripadvisor.com.au www.tripadvisor.com static.tacdn.com www.jscache.com *.paypal.com www.paypalobjects.com js.braintreegateway.com cdn.jsdelivr.net cdn.datatables.net *.livehire.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com static.tacdn.com cdn.jsdelivr.net cdn.datatables.net; img-src https: data:; font-src 'self' fonts.gstatic.com static.tacdn.com; frame-ancestors 'self'; report-uri /monitor-csp-reports/index.php; report-to csp-endpoint 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.finam.dev https://*.finam.ru https://*.limex.me https://*.whotrades.net https://*.whotrades.com https://whotrades.com https://mc.yandex.ru https://*.jquery.com https://*.bootstrapcdn.com https://*.fontawesome.com https://*.datatables.net https://www.google.com https://www.gstatic.com https://www.youtube.com https://youtube.com; style-src 'self' 'unsafe-inline' https://*.finam.ru https://*.bootstrapcdn.com https://*.datatables.net https://*.whotrades.com https://whotrades.com https://*.googleapis.com; frame-src  'self' https://*.finam.dev https://*.finam.ru https://*.whotrades.net https://*.whotrades.com https://whotrades.com https://coreapp.ai https://*.coreapp.ai https://mc.yandex.ru https://www.google.com https://www.youtube.com https://youtube.com https://rutube.ru https://vk.com; connect-src 'self' ws: wss://whotrades.com https://*.finam.ru https://limex.com https://limex.me https://*.whotrades.net https://*.whotrades.com  https://whotrades.com https://*.j2t.com https://*.just2trade.com https://mc.yandex.ru https://mc.yandex.md https://mc.yandex.com https://coreapp.ai https://fin-masters.ru ; img-src 'self' data: https://*.yandex.net https://*.finam.ru https://*.limex.me https://*.whotrades.net https://*.whotrades.com https://whotrades.com https://*.ytimg.com https://mc.yandex.ru https://www.gstatic.com https://*.amazonaws.com; font-src 'self' https://*.finam.ru https://fonts.gstatic.com https://yastatic.net; object-src 'none'; report-uri https://str.finam.ru/api/23/security/?sentry_key=fe9f28263f094167b5cfa62b358185d3&sentry_environment=prod_finms 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com cdnjs.cloudflare.com unpkg.com *.fontawesome.com *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://snap.licdn.com/ https://diffuser-cdn.app-us1.com/diffuser/diffuser.js https://cdn.leadchampion.com/leadchampion.js https://mastertag.leadchampion.com/ https://prism.app-us1.com/ https://trackcmp.net/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://contattachat.bpp.it https://stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com unpkg.com *.fontawesome.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://contattachat.bpp.it https://stackpath.bootstrapcdn.com https://cdn.lineicons.com/3.0/lineicons.css; font-src 'self' *.fontawesome.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://cdn.lineicons.com/; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://px.ads.linkedin.com/ https://imgsct.cookiebot.com/; media-src 'self' data: blob:; child-src 'self' https://www.google.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com bpponline.bpp.it https://consentcdn.cookiebot.com/ https://contattachat.bpp.it https://recruitingaaf.bpp.it; connect-src 'self' *.google-analytics.com *.fontawesome.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://consentcdn.cookiebot.com/ https://maps.googleapis.com/; 1
report-to default; report-uri https://csp-reporter.ixmediahosting.com:1443/report-uri.php; default-src 'none'; connect-src 'self' *.analytics.google.com *.google-analytics.com analytics.google.com consent.cookiebot.com consentcdn.cookiebot.com metrics.hotjar.io stats.g.doubleclick.net vc.hotjar.io www.facebook.com www.google.be www.google.ca www.google.de www.google.es www.google.fr www.google.it www.google.nl www.google.pt www.googletagmanager.com; font-src 'self' data: fonts.gstatic.com; form-action 'self' ixmedia.us4.list-manage.com www.facebook.com; frame-ancestors 'self'; frame-src consentcdn.cookiebot.com player.vimeo.com td.doubleclick.net www.facebook.com www.google.com www.googletagmanager.com; img-src 'self' *.google-analytics.com data: i.vimeocdn.com imgsct.cookiebot.com static.xx.fbcdn.net tr-rc.lfeeder.com www.facebook.com www.google-analytics.com www.google.be www.google.ca www.google.com www.google.de www.google.es www.google.fr www.google.it www.google.nl www.google.pt www.googletagmanager.com www.gstatic.com; manifest-src 'self'; script-src 'report-sample' 'self' 'sha256-NfHtBXvtOA9IC0YpnmozJjX4weCLRu4diaJTRn+lMhk=' 'sha256-W2uEbIpK6q92muqoDy6u3KMeUePel1zQOvV1Co9KM3s=' 'sha256-ecUmnWipzwnydBIxUX3xSTzhsl1TV6acmav1if9sFos=' 'sha256-nfuLyQYnt1nByVVhPiUEga6J7XeFM5Vswf0ZExsIjr8=' 'sha256-oWPGmIx9JdlTCBW0DdZ8qiCoNWGYDJxyWGw3rA4BwTU=' connect.facebook.net consent.cookiebot.com consentcdn.cookiebot.com f.vimeocdn.com player.vimeo.com sc.lfeeder.com script.hotjar.com static.hotjar.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com; style-src 'self' 'unsafe-inline' f.vimeocdn.com fonts.googleapis.com www.gstatic.com; 1
frame-src htp.tokenex.com ssl.kaptcha.com www.google.com www.googletagmanager.com; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' * ; img-src * 'self' data: https: blob: ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; frame-ancestors * 'self' data: https: blob: ; 1
default-src 'self';  script-src 'self' 'unsafe-eval' 'unsafe-inline' giscus.app analytics.umami.is https://www.googletagmanager.com;  style-src 'self' 'unsafe-inline';  img-src * blob: data: www.googletagmanager.com;  media-src *.s3.amazonaws.com;  connect-src *;  font-src 'self';  frame-src giscus.app youtube.com https://www.youtube.com/; 1
default-src 'self'; connect-src https: wss:; font-src 'self' https://fonts.gstatic.com; frame-src https: mailto:; img-src https: data:; media-src https: blob:; worker-src blob:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; form-action https:; report-uri https://csp-reports.globalweb.aws.assaabloy.com/reports; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-fd9725aec053ad946555aa0da87d9f22'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: dcvxs6ggqztsa.cloudfront.net *.metadata.io *.chilipiper.com *.storylane.io *.slideshare.net calsandbox.wpengine.com optimize.google.com *.youtube.com cdnjs.cloudflare.com *.tryinteract.com my.wpengine.com *.litix.io *.akamaihd.net *.wistia.net *.workable.com *.calculoid.com *.wistia.com  *.calabrio.com www.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.googleoptimize.com *.facebook.com *.facebook.net secure.text6film.com secure.cold5road.com j.6sc.co c.6sc.co *.demandbase.com *.googleadservices.com *.hotjar.com *.licdn.com *.outbrain.com *.force.com calabrio.my.salesforce.com *.g2crowd.com *.pardot.com googleads.g.doubleclick.net www.google-analytics.com match.prod.bidr.io id.rlcdn.com api.company-target.com px.ads.linkedin.com d.la1-c2-ia5.salesforceliveagent.com stats.g.doubleclick.net *.leadforensics.com *.doubleclick.net *.podcasts.apple.com *.adnxs.com *.hotjar.io webeo-web-content.s3-eu-west-1.amazonaws.com cdn.jsdelivr.net use.typekit.net a.omwpapi.com *.omwpapi.com g2.com share.transistor.fm *.omappapi.com *.driftt.com s.company-target.com; img-src 'self' media.licdn.com media-exp1.licdn.com googleads.g.doubleclick.net *.metadata.io *.chilipiper.com bat.bing.com *.googleapis.com complianz.io yoast.com yoa.st dify.wpengine.com calsandbox.wpengine.com b.6sc.co www.gstatic.com www.google-analytics.com www.googletagmanager.com optimize.google.com *.svgator.com *.linkedin.com *.tryinteract.com *.cloudfront.net update.creoworx.com *.googletagmanager.com *.w.org *.oktacdn.com *.netdna-ssl.com *.akamaihd.net *.amazonaws.com *.gravatar.com *.wistia.com *.wistia.net www.google-analytics.com segments.company-target.com p.adsymptotic.com *.omwpapi.com *.omappapi.com s38924.pcdn.co optinmonster.com *.typekit.net *.google.com match.prod.bidr.io id.rlcdn.com px.ads.linkedin.com *.outbrain.com g2.com *.6sc.co *.facebook.com data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' js.zi-scripts.com  ws.zooinfo.com tags.clickagy.com *.metadata.io *.chilipiper.com bat.bing.com dcvxs6ggqztsa.cloudfront.net *.storylane.io yoast.com optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.svgator.com cdnjs.cloudflare.com my.wpengine.com *.litix.io *.akamaihd.net *.webeo.com *.wistia.net *.workable.com *.calculoid.com *.wistia.com  *.calabrio.com www.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.googleoptimize.com *.facebook.com *.facebook.net secure.text6film.com *.tryinteract.com secure.cold5road.com j.6sc.co c.6sc.co *.demandbase.com *.googleadservices.com *.hotjar.com *.licdn.com *.outbrain.com *.force.com calabrio.my.salesforce.com  *.g2crowd.com *.pardot.com googleads.g.doubleclick.net www.google-analytics.com match.prod.bidr.io id.rlcdn.com api.company-target.com px.ads.linkedin.com  d.la1-c2-ia5.salesforceliveagent.com d.la5-c1-ia4.salesforceliveagent.com d.la5-c1-ia5.salesforceliveagent.com stats.g.doubleclick.net *.leadforensics.com *.doubleclick.net *.podcasts.apple.com *.adnxs.com *.hotjar.io  webeo-web-content.s3-eu-west-1.amazonaws.com cdn.jsdelivr.net use.typekit.net a.omwpapi.com *.omwpapi.com g2.com share.transistor.fm *.omappapi.com *.driftt.com blob:;connect-src 'self' *.metadata.io amplify.outbrain.com tracking.g2crowd.com wss://*.hotjar.com ws.zoominfo.com js.zi-scripts.com aorta.clickagy.com hemsync.clickagy.com *.chilipiper.com pagead2.googlesyndication.com px.ads.linkedin.com analytics.google.com epsilon-globalaccelerator.6sense.com epsilon.6sense.com cdn.linkedin.oribi.io my.yoast.com *.hotjar.io my.wpengine.com *.calculoid.com *.6sc.co *.adnxs.com *.facebook.com *.facebook.net *.wistia.com *.wistia.net *.litix.io *.google-analytics.com tr.outbrain.com stats.g.doubleclick.net *.calabrio.com *.company-target.com *.leadforensics.com *.omappapi.com *.omwpapi.com *.akamaihd.net;font-src 'self' *.calabrio.com cdnjs.cloudflare.com *.calculoid.com use.typekit.net a.omappapi.com *.gstatic.com *.wistia.net *.wistia.com data: ;report-uri https://www.calabrio.com 1
default-src 'self' *.blob.core.windows.net *.googleapis.com maps.googleapis.com; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com kit.fontawesome.com *.wistia.com cdn.insight.sitefinity.com www.googleadservices.com stats.sa-as.com snap.licdn.com blog.trinityconsultants.com static.hotjar.com www.google-analytics.com googleads.g.doubleclick.net script.hotjar.com gomkto.trinityconsultants.com munchkin.marketo.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com gomkto.trinityconsultants.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com trinityprod.trinityconsultants.com *.blob.core.windows.net trinityconsultants.com *.wistia.com stats.sa-as.com px.ads.linkedin.com blog.trinityconsultants.com www.google.com www.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: ka-p.fontawesome.com *.wistia.com maps.googleapis.com; frame-src 'self' td.doubleclick.net fast.wistia.com gomkto.trinityconsultants.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com kit.fontawesome.com ka-p.fontawesome.com *.wistia.com analytics.google.com www.googleadservices.com www.google-analytics.com px.ads.linkedin.com www.google.com stats.g.doubleclick.net ws.hotjar.com content.hotjar.io wss://ws.hotjar.com maps.googleapis.com *.mktoresp.com; media-src 'self' data: blob: *.wistia.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com 1
default-src https: wss: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' *.smartsupp.com *.smartsuppchat.com *.smartsuppcdn.com smartsupp-widget-161959.c.cdn77.org *.yottlyscript.com fonts.googleapis.com *.google.com *.gstatic.com media.flixcar.com d10lpsik1i8c69.cloudfront.net app.foxentry.cz cdn.foxentry.cz cdn.luigisbox.com *.rajce.idnes.cz; 1
script-src 'self' https://www.googletagmanager.com 'unsafe-inline';img-src 'self' data: https://aws-files.gcu.edu https://aws-files.qa.gcu.edu *.gcumedia.com;media-src 'self' https://lc.gcumedia.com;frame-src 'self' https://aws-files.gcu.edu *.gcumedia.com *.gcu.edu *.qa.gcu.edu *.dev.gcu.edu *.aws-files.gcu.edu http://localhost:* https://www.youtube.com/;frame-ancestors 'self' *.gcumedia.com *.gcu.edu *.qa.gcu.edu *.dev.gcu.edu *.aws-files.gcu.edu http://localhost:* https://www.youtube.com/;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'none'; frame-ancestors 'self'; connect-src 'self'; img-src 'self'; form-action 'self'; base-uri 'none'; worker-src 'none'; object-src 'none'; script-src 'unsafe-inline' https: 'nonce-89tUM/CMt1bLZcuCgIxM1g==' 'strict-dynamic' ; style-src 'self' https:  'unsafe-inline' ; 1
frame-ancestors 'none';object-src 'none';base-uri 'self';script-src 'nonce-vqTlcmqhg-4XGGjZNUkSA43Bncl8QPldhwv92qIRDq4' 'strict-dynamic' https: http: 'unsafe-eval' 'unsafe-inline'; 1
upgrade-insecure-requests; worker-src 'self' blob: ;style-src 'self' 'unsafe-inline' blob:; media-src 'self' ; manifest-src 'self' login.windows.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googletagmanager.com *.cookielaw.org *.doubleclick.net connect.facebook.net www.youtube.com script.crazyegg.com www.google-analytics.com; font-src 'self' data: ; frame-ancestors 'none';frame-src 'self' *.doubleclick.net www.youtube-nocookie.com; img-src 'self' data: images.ctfassets.net pixel.tapad.com www.facebook.com *.cookielaw.org i.ytimg.com www.googletagmanager.com *.doubleclick.net www.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; connect-src 'self' *.contentful.com *.cookielaw.org *.google-analytics.com *.googlesyndication.com script.crazyegg.com *.doubleclick.net *.algolia.net *.algolianet.com; default-src 'none'; base-uri 'none'; 1
default-src https: 'unsafe-inline' 'unsafe-eval' 'self' wss: https: ; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' ; img-src https: data: blob:; style-src 'self' https: 'unsafe-inline'; font-src 'self'; 1
default-src 'self' ;style-src 'self' 'unsafe-inline' 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' dart.fss.or.kr https://www.google.com https://www.gstatic.com/ https://www.googletagmanager.com/ blob:; img-src 'self' data: blob: ; font-src 'self' data:;frame-src dart.fss.or.kr youtube.com www.youtube.com www.google.com https://youtu.be/;child-src 'self' dart.fss.or.kr youtube.com www.youtube.com; connect-src 'self' https://maps.googleapis.com https://www.google-analytics.com/ dart.fss.or.kr; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms/ https://cdn.attn.tv/ https://www.googleadservices.com https://www.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.bing.com https://*.liadm.com https://*.avmws.com https://*.jsdelivr.net https://*.cloudflare.com https://*.tawk.to https://*.soundestlink.com https://*.postaffiliatepro.com https://googleads.g.doubleclick.net https://omnisnippet1.com https://*.amazonaws.com https://*.google-analytics.com https://*.paypal.com https://*.paypalobjects.com https://*.facebook.net; style-src 'self' 'unsafe-inline' https://*.cloudflare.com https://*.tawk.to https://*.googleapis.com https://*.soundestlink.com/; img-src 'self' data: https://googleads.g.doubleclick.net https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.pr https://*.google.ie https://*.google.co.il https://*.bing.com https://*.paypal.com https://tawk.link https://*.paypalobjects.com https://*.facebook.com https://*.cloudflare.com https://*.soundestlink.com/ https://*.alocdn.com https://*.youtube.com https://*.liadm.com; font-src 'self' https://*.cloudflare.com https://*.tawk.to https://*.gstatic.com https://*.soundestlink.com/; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.bing.com https://*.tawk.to https://*.soundestlink.com https://*.googlesyndication.com https://*.liadm.com https://*.paypal.com https://*.execute-api.us-west-2.amazonaws.com/ wss://*.tawk.to https://events.attentivemobile.com https://galcoholsters-us.attn.tv; media-src 'self' https://*.tawk.to; object-src 'none'; frame-src 'self' https://bid.g.doubleclick.net https://*.doubleclick.net https://*.paypal.com https://*.paypalobjects.com https://*.youtube.com https://creatives.attn.tv https://galcoholsters.attn.tv; upgrade-insecure-requests; base-uri 'self'; manifest-src 'self'; 1
default-src 'self' *.google.com *.googletagmanager.com *.youtube.com *.addthis.com *.typekit.net *.fonticons.com *.fortawesome.com *.victorreinz.us https://victorreinz.us *.crazyegg.com *.twimg.com https://addevent.com *.addevent.com connect.facebook.net www2.dana.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://stats.g.doubleclick.net https://stats.g.doubleclick.net/j/collect https://googleads.g.doubleclick.net https://www.google.com https://ade.googlesyndication.com *.doubleclick.net *.googleadservices.com *.googlesyndication.com *.google-analytics.com www.googletagservices.com about: https://r.clarity.ms/collect https://cdn.cookielaw.org https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal.onetrust.com/request/v1/consentreceipts https://connect.facebook.net https://facebook.com/tr https://www.facebook.com/tr https://www.googletagmanager.com/gtm.js https://js.adsrvr.org/up_loader.1.1.0.js https://viewer.jig.space https://jig.space https://digitalthrottle.ss-gtm.com/; connect-src 'self' https://addevent.com *.addevent.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net https://stats.g.doubleclick.net https://*.doubleclick.net https://*.googleadservices.com https://*.google.com https://*.googlesyndication.com https://*.googletagservices.com https://stats.g.doubleclick.net/j/collect *.googlesyndication.com https://ade.googlesyndication.com ad.doubleclick.net http://ad.doubleclick.net https://ad.doubleclick.net https://region1.google-analytics.com https://region1.google-analytics.com/g/collect *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com https://r.clarity.ms/collect https://*.clarity.ms https://cdn.cookielaw.org https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal.onetrust.com/request/v1/consentreceipts https://connect.facebook.net https://facebook.com/tr https://www.facebook.com/tr https://digitalthrottle.ss-gtm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://js.adsrvr.org/up_loader.1.1.0.js https://viewer.jig.space https://jig.space https://digitalthrottle.ss-gtm.com/; font-src 'self' data: *.typekit.net *.fonticons.com *.fortawesome.com *.spicerparts.com *.victorreinz.us https://spicerparts.com https://victorreinz.us fonts.gstatic.com https://r.clarity.ms/collect https://cdn.cookielaw.org https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal.onetrust.com/request/v1/consentreceipts https://connect.facebook.net; frame-src 'self' *.youtube.com *.google.com *.victorreinz.us https://victorreinz.us *.crazyegg.com https://bid.g.doubleclick.net https://tpc.googlesyndication.com tpc.googlesyndication.com *.googlesyndication.com www2.dana.com dana.newsletter.mg-l.com https://stats.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net/j/collect https://r.clarity.ms/collect https://cdn.cookielaw.org https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal.onetrust.com/request/v1/consentreceipts https://connect.facebook.net https://insight.adsrvr.org/ https://match.adsrvr.org/ https://viewer.jig.space https://jig.space; img-src * about: data:; object-src 'self' *.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://addevent.com *.addevent.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net https://stats.g.doubleclick.net https://*.doubleclick.net https://*.googleadservices.com https://*.google.com https://*.googlesyndication.com https://*.googletagservices.com https://stats.g.doubleclick.net/j/collect *.googletagmanager.com https://r.clarity.ms/collect https://*.clarity.ms https://cdn.cookielaw.org https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal.onetrust.com/request/v1/consentreceipts https://connect.facebook.net https://bat.bing.com https://www.googletagmanager.com/gtm.js https://js.adsrvr.org/up_loader.1.1.0.js https://digitalthrottle.ss-gtm.com/ https://www.facebook.com/tr https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://js.adsrvr.org https://maps.googleapis.com https://polyfill-fastly.io https://unpkg.com https://use.fonticons.com https://use.typekit.net https://www.googletagmanager.com platform.twitter.com 'nonce--KSK6In1jSn_9yyZMOfXxQ'; style-src 'self' 'unsafe-inline' *.typekit.net *.fonticons.com *.fortawesome.com *.spicerparts.com *.victorreinz.us https://spicerparts.com https://victorreinz.us *.crazyegg.com fonts.googleapis.com *.google.com https://r.clarity.ms/collect https://cdn.cookielaw.org https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal.onetrust.com/request/v1/consentreceipts https://connect.facebook.net https://cdn-images.mailchimp.com/embedcode/classic-061523.css https://cdn-images.mailchimp.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; base-uri 'self' 1
default-src 'self'; script-src 'self' data: https://*.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://*.freshworks.com https://js.hsadspixel.net https://*.google-analytics.com https://*.hubspot.com https://google-analytics.com https://*.clarity.ms https://*.googleadservices.com https://pixel.sitescout.com https://*.doubleclick.net https://*.google.com https://*.googletagmanager.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://js.hscollectedforms.net https://bat.bing.com https://up.pixel.ad https://code.jquery.com; script-src-elem 'self' data: 'unsafe-inline' https://player.vimeo.com https://js.hsforms.net https://s3.amazonaws.com https://js.hsadspixel.net https://*.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://*.freshworks.com https://*.google-analytics.com https://*.hubspot.com https://google-analytics.com https://*.clarity.ms https://*.googleadservices.com https://pixel.sitescout.com https://*.doubleclick.net https://*.google.com https://*.googletagmanager.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://js.hscollectedforms.net https://bat.bing.com https://up.pixel.ad https://code.jquery.com https://s3.amazonaws.com; script-src-attr 'self' data: 'unsafe-inline' https://*.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://*.freshworks.com https://*.google-analytics.com https://*.hubspot.com https://google-analytics.com https://*.clarity.ms https://*.googleadservices.com https://pixel.sitescout.com https://*.doubleclick.net https://*.google.com https://*.googletagmanager.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://js.hscollectedforms.net https://bat.bing.com https://up.pixel.ad https://code.jquery.com; style-src 'self' data: 'unsafe-inline' https://*.fontawesome.com https://*.googleapis.com https://*.westfax.com https://*.freshworks.com https://s3.amazonaws.com ; style-src-elem 'self' data: 'unsafe-inline' https://*.fontawesome.com https://*.googleapis.com https://*.westfax.com https://*.freshworks.com https://s3.amazonaws.com;  style-src-attr 'self' data: 'unsafe-inline' https://*.fontawesome.com https://*.googleapis.com https://*.westfax.com https://*.freshworks.com; img-src 'self' data: http://www.w3.org/2000/svg; font-src 'self' data: https://*.fontawesome.com https://*.googleapis.com https://*.gstatic.com; connect-src 'self' https://westfax.freshdesk.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://api.hubapi.com https://*.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://*.freshworks.com https://*.google-analytics.com https://*.hubspot.com https://google-analytics.com https://*.clarity.ms https://*.googleadservices.com https://pixel.sitescout.com https://*.doubleclick.net https://*.google.com; media-src 'self' https://*.youtube.com; object-src 'self'; child-src 'self'; frame-src 'self' https://player.vimeo.com https://www.google.com https://forms.hsforms.com https://westfax.freshdesk.com https://*.westfax.com https://*.sitescout.com https://*.doubleclick.net https://*.youtube.com; worker-src 'self'; form-action 'self' https://forms.hsforms.com https://*.westfax.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' 1
default-src 'self'; frame-ancestors 'self' areacliente.repsol.es waylet.es newdev-areacliente.cloudapp.repsol.com test-areacliente.cloudapp.repsol.com pre-areacliente.repsol.es pre-pidetubombona.repsol.es pidetubombona.repsol.es repsol.pt pro.areaclientemultienergia.es; frame-src * ; media-src *; img-src * https://cdn.valuesportal.com https://log.adtraction.fail blob: data: ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://valuesportal.com https://cdn.adt356.com https://gtm.adt313.net https://cnv.adt632.com *.google-analytics.com *.analytics.google.com *.krxd.net www.repsol.com www.dev-com.repsol.com www.google.com d3a.walmeric.com cdn.jsdelivr.net cdn.cookielaw.org p.teads.tv platform.twitter.com px.sunmedia.tv secure.adnxs.com s.yimg.com cdn.taboola.com pixel.mathtag.com amplify.outbrain.com bat.bing.com d1skycrvs9ubse.cloudfront.net www.gstatic.com googleads.g.doubleclick.net cdn.krxd.net *.hotjar.com www.googleadservices.com www.dev-net.repsol.com www.google-analytics.com cdns.eu1.gigya.com consent.cookiebot.com connect.facebook.net consentcdn.cookiebot.com assets.adobedtm.com www.googletagmanager.com www.youtube.com apis.google.com tienda.dev-es.repsol.com t.womtp.com ws.walmeric.com maps.googleapis.com unpkg.com sdk.inbenta.io up.pixel.ad static.ads-twitter.com secure-ds.serving-sys.com i.clarity.ms trc.taboola.com tr.outbrain.com bs.serving-sys.com embed.typeform.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com static-eu.oct8ne.com snap.licdn.com stories.adsocy.com 9000468.spxl.socy.es p1.socy.es repsol.my.site.com ai.trk42.net pro.areaclientemultienergia.es adtraction.net kwanko.com; style-src * 'unsafe-inline'; font-src * blob: data:; connect-src *; object-src 'none' 1
base-uri 'self'; default-src 'none'; child-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://googleads.g.doubleclick.net https://static.doubleclick.net; connect-src 'self' https://*.google-analytics.com https://sentry.io https://*.ingest.sentry.io https://*.vimeocdn.com/ https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; font-src 'self' https://*.hotjar.com data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://*.google.com https://*.youtube.com https://*.youtube-nocookie.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://staticcdn.co.nz https://*.vimeo.com/ https://*.powerbi.com/ https://powerbi.com/; img-src 'self' https://*.google-analytics.com https://shielded.co.nz https://staticcdn.co.nz https://*.vimeo.com/ https://*.vimeocdn.com/ https://*.googletagmanager.com https://*.hotjar.com blob: data:; media-src https://*.vimeocdn.com/; object-src 'self' blob:; manifest-src 'self'; script-src 'self' https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://googleads.g.doubleclick.net https://*.gstatic.com https://static.doubleclick.net https://polyfill.io https://staticcdn.co.nz/ https://browser.sentry-cdn.com https://*.vimeocdn.com/ https://*.hotjar.com https://unsafe-inline unsafe-inline 'unsafe-inline'; style-src 'self' https://hello.myfonts.net https://*.vimeocdn.com/ https://*.hotjar.com https://unsafe-inline unsafe-inline 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/6521288/security/?sentry_key=a79b5568564347a2937890e4932796e3&sentry_environment=live; upgrade-insecure-requests 1
style-src  *.edentiti.com *.optimizely.com cloud.typography.com smetrics.mastercard.com fonts.googleapis.com ajax.aspnetcdn.com hello.myfonts.net fast.fonts.net use.typekit.net 'unsafe-inline' 'self'; script-src *.cookielaw.org *.demdex.net smetrics.mastercard.com *.edentiti.com ipac.ctnsnet.com *.optimizely.com *.auspost.com.au *.omtrdc.net *.demdex.net *.effectivemeasure.net assets.adobedtm.com d3b3ehuo35wzeh.cloudfront.net *.fullstory.com www.google.com www.gstatic.com www.googleadservices.com connect.facebook.net app.rejoiner.com pixel.mathtag.com *.taboola.com benchtag.co www.googletagmanager.com *.rfihub.net *.serving-sys.com s3.amazonaws.com tinymce.cachefly.net ajax.googleapis.com www.google-analytics.com ajax.aspnetcdn.com use.typekit.net  api-mastercard-mpms.nd.nudatasecurity.com ndapi-us-east-1.ndsprod.nudatasecurity.com 'self' 'unsafe-inline' 'unsafe-eval'; frame-src * 'self'; img-src *.mastercard.com *.mastercard.us *.cookielaw.org *.optimizely.com s.effectivemeasure.net *.auspost.com.au *.facebook.com load.s3.amazonaws.com *.openx.net *.bluekai.com *.adnxs.com *.exelator.com smetrics.mastercard.com *.casalemedia.com *.pubmatic.com *.360yield.com *.btrll.com *.twitter.com *.mathtag.com *.taboola.com *.g.doubleclick.net app.rejoiner.com www.google.com www.google.com.au www.googleadservices.com www.gravatar.com www.google-analytics.com p.typekit.net  ndapi-us-east-1.ndsprod.nudatasecurity.com 'self' data:; font-src  fonts.gstatic.com use.typekit.net 'unsafe-inline' data: * 'self'; default-src *.cookielaw.org  smetrics.mastercard.com *.onetrust.com *.demdex.net *.optimizely.com 'self' data:; media-src * ndapi-us-east-1.ndsprod.nudatasecurity.com 'self' data:; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://*.googlesyndication.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com https://api.kitbuilder.co.uk https://shoesize.me https://*.shoesize.me; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://storyboard.storystream.ai https://content.storystream.ai https://shoesize.me https://plugin.shoesize.me https://analytics.shoesize.me; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.canterbury.com https://checkout.canterbury.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-video.akamaized.net https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googlesyndication.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://apps.storystream.ai https://platform.twitter.com https://shoesize.me; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net https://plugin.shoesize.me; upgrade-insecure-requests; report-to report-endpoint 1
default-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'none'; 1
default-src 'self'; img-src 'self' cdnmedia.endeavorsuite.com cdn.partsmartconnect.com data:; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-modals; base-uri 'self'; upgrade-insecure-requests; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com cdnmedia.endeavorsuite.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' https://ari-cms.com/bundles/webcomponents/loginpromotion.js; connect-src 'self' https://ari-cms.com/; 1
default-src 'self' data: ws: blob: *.goodenergy.co.uk www.goodenergy.co.uk *.google-analytics.com *.shortpixel.ai *.which.co.uk *.googletagmanager.com analytics.google.com *.google.com google.com *.google.co.uk/ads *.gstatic.com *.collect.igodigital.com *.facebook.com snap.licdn.com *.hotjar.com *.hotjar.io *.linkedin.com linkedin.com *.shortpixel.ai *.calendly.com calendly.com plausible.io *.ads-twitter.com t.co analytics.twitter.com *.youtube.com unpkg.com/website-carbon-badge *.doubleclick.net api.websitecarbon.com i.ytimg.com assets.windowsphone.com cdn.trustpilot.net v4in1-ti.click4assistance.co.uk v4in1-si.click4assistance.co.uk gebusinessstaticprod01.blob.core.windows.net ir.q4europe.com goodenergy2018corp.q4web.com *.gravatar.com sentry.io *.w.org youtube-nocookie.com *.youtube-nocookie.com *.cloudfront.net sentry.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.goodenergy.co.uk *.which.co.uk *.google-analytics.com *.shortpixel.ai *.calendly.com calendly.com *.googletagmanager.com analytics.google.com *.collect.igodigital.com *.facebook.com *.facebook.net snap.licdn.com *.hotjar.com *.linkedin.com linkedin.com *.shortpixel.ai plausible.io *.ads-twitter.com t.co analytics.twitter.com *.youtube.com unpkg.com ws12.hotjar.com *.leadforensics.com *.cloudfront.net ajax.aspnetcdn.com v4in1-ti.click4assistance.co.uk v4in1-si.click4assistance.co.uk code.jquery.com *.google.com data: blob: *.gstatic.com; style-src 'self' 'unsafe-inline' https:; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; connect-src https: wss:; img-src https: http: data:; object-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: wss://* https://*; 1
form-action 'self';       upgrade-insecure-requests; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: s.w.org cdn-apac.onetrust.com privacyportal-apac.onetrust.com maxcdn.bootstrapcdn.com *.zepp.co.jp secure.gravatar.com placehold.jp www.youtube.com www.google.com i.ytimg.com stackpath.bootstrapcdn.com code.jquery.com cdnjs.cloudflare.com ajax.googleapis.com www.googletagmanager.com www.google-analytics.com www.gstatic.com;img-src data: blob: * ; 1
connect-src 'self' wss:             *.maxict.nl            *.maxshop.test            *.doubleclick.net            *.google-analytics.com            *.google.com            *.hotjar.com            *.hotjar.io            *.pro6pp.nl            *.tawk.to            *.dwin1.com            unpkg.com            *.clarity.ms            *.oribi.io            *.visualwebsiteoptimizer.com app.vwo.com            *.googlesyndication.com            *.profitmetrics.io            *.doubleclick.net            *.channext.com            *.zenaps.com;        default-src 'self' blob:;        font-src 'self' data:            *.maxict.nl            *.maxshop.test             *.gstatic.com            *.tawk.to            *.dwin1.com            unpkg.com            *.zenaps.com            *.clarity.ms            *.visualwebsiteoptimizer.com            *.googlesyndication.com            *.profitmetrics.io            *.doubleclick.net            *.hotjar.com;        frame-src 'self' 'unsafe-inline' about:             *.maxict.nl            *.maxshop.test            *.criteo.com            *.google.com            *.dpd.de            *.eetgroup.com            *.facebook.com            *.hotjar.com            *.hotjar.io            *.kingston.com            *.newstar.eu            *.newstar.nl            *.neomounts.com            *.neomounts.nl            *.startech.com            *.tawk.to            *.twindis.com            *.youtube.com            *.psaparts.co.uk            *.gls-info.nl            *.gls-netherlands.com            *.dwin1.com            unpkg.com            *.zenaps.com            *.icecat.biz            *.clarity.ms            app.vwo.com *.visualwebsiteoptimizer.com            *.googlesyndication.com            *.profitmetrics.io            *.doubleclick.net            inishop.com            *.channext.com            *.inishop.com;        img-src 'self' data: https:             *.maxict.nl            *.maxshop.test            *.clarity.ms            *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com            *.googlesyndication.com            *.profitmetrics.io            *.doubleclick.net            *.google.com;        worker-src 'self' blob:;        manifest-src 'self' *.maxict.nl;        object-src 'self' *.maxict.nl;        script-src 'self' 'unsafe-inline' 'unsafe-eval' about:             *.maxict.nl            *.maxshop.test            *.bing.com            *.bizographics.com            *.cloudfront.net            *.criteo.com            *.criteo.net            *.doubleclick.net            *.facebook.net            *.flix360.com            *.flixcar.com            *.flixfacts.com            *.google-analytics.com            *.googleadservices.com            *.googletagmanager.com            *.google.com            *.gstatic.com            *.hotjar.com            *.hotjar.io            *.iceleads.com            *.jsdelivr.net            *.licdn.com            *.linkedin.com            *.list-manage.com            *.mailchimp.com            *.tawk.to            *.vane3alga.com            *.dwin1.com            unpkg.com            *.clarity.ms            *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com            *.googlesyndication.com            *.profitmetrics.io            *.doubleclick.net            *.channext.com            *.zenaps.com;        style-src 'self' 'unsafe-inline'             *.maxict.nl            *.maxshop.test            *.cloudfront.net            *.googleapis.com            *.google.com            *.jsdelivr.net            *.mailchimp.com            *.dwin1.com            unpkg.com            *.tawk.to            *.clarity.ms            *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com            *.googlesyndication.com            *.profitmetrics.io            *.doubleclick.net            *.channext.com            *.zenaps.com;        upgrade-insecure-requests; 1
default-src 'self' https://andela.com https://storage.googleapis.com https://*.vidyard.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.chilipiper.com https://s3-us-west-2.amazonaws.com/b2bjsstore/b/W7N850HW7XN1/reb2b.js.gz https://x.clearbitjs.com https://www.youtube.com https://tag.clearbitscripts.com https://marketo.clearbit.com https://tracking.g2crowd.com https://googleads.g.doubleclick.net https://www.redditstatic.com https://connect.facebook.net https://static.ads-twitter.com https://a.quora.com https://j.6sc.co https://snap.licdn.com https://a.quora.com https://www.clickcease.com https://play.vidyard.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://bat.bing.com https://storage.googleapis.com https://cdn.svgator.com https://www.gstatic.com https://www.google.com https://hire.andela.com https://unpkg.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://apis.google.com https://andela-uploads.s3.amazonaws.com https://ajax.googleapis.com https://d3e54v103j8qbb.cloudfront.net https://cdn.prod.website-files.com cdn.prod.website-files.com https://*.vidyard.com *.mutinycdn.com; style-src 'self' 'unsafe-inline' https://www.andela.com https://storage.googleapis.com https://enterprise.andela.com https://hire.andela.com https://cdn.jsdelivr.net https://andela-uploads.s3.amazonaws.com https://d3e54v103j8qbb.cloudfront.net https://cdn.prod.website-files.com cdn.prod.website-files.com https://fonts.googleapis.com; connect-src 'self' https://*.chilipiper.com https://*.seismic.com https://app.clearbit.com https://tracking.g2crowd.com https://www.redditstatic.com https://analytics.google.com https://www.google-analytics.com https://cdn.segment.com https://statsigapi.net https://*.algolianet.com https://*.algolia.net https://bat.bing.com https://stats.g.doubleclick.net https://swfe37lzts-dsn.algolia.net https://events.statsigapi.net https://editor-api.webflow.com https://px.ads.linkedin.com https://pixel-config.reddit.com https://conversions-config.reddit.com https://secure.adnxs.com https://c.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://*.vidyard.com *.mutinyhq.com *.mutinyhq.io *.mutinycdn.com https://9xgnrndqve.execute-api.us-west-2.amazonaws.com/b2b; font-src 'self' data: https://fonts.gstatic.com https://d3e54v103j8qbb.cloudfront.net; frame-src 'self' https://*.chilipiper.com youtube.com https://www.youtube.com https://td.doubleclick.net https://cdn.embedly.com https://www.youtube-nocookie.com https://www.google.com https://webflow.com https://play.vidyard.com https://*.vidyard.com https://hire.andela.com https://www.youtube.com; img-src 'self' https://www.linkedin.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://q.quora.com https://px.ads.linkedin.com https://storage.googleapis.com https://www.google-analytics.com https://www.google.com https://uploads-ssl.webflow.com https://d3e54v103j8qbb.cloudfront.net https://cdn.prod.website-files.com cdn.prod.website-files.com https://andela-uploads.s3.amazonaws.com https://t.co https://analytics.twitter.com https://alb.reddit.com https://px4.ads.linkedin.com https://bat.bing.com https://b.6sc.co https://www.facebook.com https://*.vidyard.com *.mutinycdn.com; media-src 'self' https://*.vidyard.com https://cdn.prod.website-files.com cdn.prod.website-files.com https://andela-uploads.s3.amazonaws.com https://storage.googleapis.com blob: https://play.vidyard.com; frame-ancestors 'self' https://seismic.com https://app.mutinyhq.com; 1
script-src 'self' https: 'unsafe-eval' 1
font-src fonts.gstatic.com *.gstatic.com *.bootstrapcdn.com *.googleapis.com *.affirm.com *.hotjar.com *.olark.com data: acsbapp.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cloudflare.com *.cloudfront.net *.google-analytics.com *.klaviyo.com *.facebook.com *.facebook.net *.amazon.com *.googletagmanager.com *.affirm.com *.betterbaseball.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.weltpixel.com *.cloudflare.com *.cloudfront.net *.google-analytics.com *.klaviyo.com *.facebook.com *.facebook.net *.amazon.com *.googletagmanager.com *.olark.com *.hotjar.com *.microsoft.com *.betterbaseball.com *.wesupply.xyz https://wesupplylabs.com magento-cloudflare.jetrails.com *.google.com/ www.facebook.com platform.twitter.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca https://www.magezon.com *.cloudflare.com *.cloudfront.net *.klaviyo.com *.google.com *.gstatic.com *.facebook.com *.facebook.net *.amazon.com *.payments-amazon.com *.bootstrapcdn.com *.googletagmanager.com *.googleapis.com *.olark.com *.ytimg.com *.bing.com *.microsoft.com *.clarity.ms *.bolt.com acsbapp.com *.acsbapp.com *.cdn.imgeng.in *.betterbaseball.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.searchspring.net *.searchspring.io *.cdninstagram.com *.fbcdn.net maps.googleapis.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.cloudflare.com *.cloudfront.net *.google-analytics.com *.klaviyo.com *.google.com *.gstatic.com *.facebook.com *.facebook.net *.amazon.com *.payments-amazon.com *.bootstrapcdn.com *.hotjar.com *.googletagmanager.com *.doubleclick.net *.olark.com *.hellomedian.com *.googleapis.com *.roirevolution.com *.bing.com *.clarity.ms acsbapp.com *.betterbaseball.com *.datadome.co https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com/ connect.facebook.net twitter.com platform.twitter.com *.searchspring.net *.searchspring.io https://cdn.searchspring.net/intellisuggest/is.min.js ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com unpkg.com *.instagram.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.cloudfront.net *.klaviyo.com *.google.com *.gstatic.com *.amazon.com *.payments-amazon.com *.bootstrapcdn.com *.googleapis.com *.olark.com *.bing.com *.googletagmanager.com acsbapp.com *.betterbaseball.com https://static.klaviyo.com maxcdn.bootstrapcdn.com *.searchspring.net *.searchspring.io tagmanager.google.com 'self' 'unsafe-inline'; object-src *.bolt.com 'self' 'unsafe-inline'; media-src *.adobe.com *.olark.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com *.cloudflare.com *.cloudfront.net *.google-analytics.com *.klaviyo.com *.google.com *.amazon.com *.hotjar.com *.googletagmanager.com *.doubleclick.net *.signifyd.com *.olark.com wss://socket.hellomedian.com/ wss://*.hotjar.com/ *.hotjar.io *.zippopotam.us *.hellomedian.com https://bt.signifyd.com:11103/ *.bing.com wss://*.bing.com *.roirevolution.com *.bugsnag.com *.clarity.ms *.acsbapp.com *.betterbaseball.com *.datadome.co https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.searchspring.net *.searchspring.io https://beacon.searchspring.io/beacon *.facebook.net *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.klaviyo.com/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; style-src 'self'; img-src 'self'; frame-ancestors 'none'; form-action 'none'; 1
default-src 'self' https: data: ;        script-src 'self' https://www.layahealthcare.ie https://*.lo.cobrowse.liveperson.net https://lpcdn.lpsnmedia.net https://accdn.lpsnmedia.net https://lptag.liveperson.net https://lo.v.liveperson.net https://*.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://*.googlesyndication.com https://www.google.com https://www.google.ie https://*.clickdimensions.com https://twitter.com https://analytics.twitter.com https://static.ads-twitter.com https://ad.doubleclick.net https://i.ctnsnet.com https://www.gstatic.com https://*.quantserve.com https://*.quantcount.com https://*.hotjar.com https://*.hotjar.io https://dhqbrvplips7x.cloudfront.net https://apps.mypurecloud.ie https://snap.licdn.com https://www.youtube.com https://*.speedcurve.com https://src.laya.webpu.sh https://matomo.laya.ie 'unsafe-eval';        style-src 'self' https: data: 'unsafe-inline';        frame-ancestors 'self';        form-action 'self';        object-src 'self';        connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net https://googleads4.g.doubleclick.net https://www.google.com https://www.google.ie https://www.googleadservices.com https://adservice.google.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io wss://*.mypurecloud.ie https://api.mypurecloud.ie https://*.cxindex.cloud https://sdk.laya.xtremepush.com https://matomo.laya.ie;        upgrade-insecure-requests; block-all-mixed-content;        report-uri https://www.layahealthcare.ie/api/csp/report/csp-report.json; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' stripe.com  *.stripe.com cdn.jsdelivr.net  *.google-analytics.com *.google.com *.addthis.com *.moatads.com svc.webspellchecker.net  maps.googleapis.com  www.google-analytics.com  *.googletagmanager.com *.gstatic.com  *.twitter.com; style-src 'self'   'unsafe-inline'  *.googleapis.com *.jsdelivr.net *.stripe.com *.webspellchecker.net; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.youtube.com *.vimeo.com *.twitter.com *.facebook.com *.brightcove.net *.gstatic.com *.stripe.com *.google-analytics.com *.googleapis.com; frame-src 'self' *.stripe.com *.youtube.com *.vimeo.com *.brightcove.net *.addthis.com *.twitter.com *.facebook.com *.bbc.co.uk *.google.com *.googletagmanager.com; font-src 'self' cdn.jsdelivr.net fonts.gstatic.com *.webspellchecker.net; connect-src 'self'   'unsafe-inline'  *.google-analytics.com *.googleapis.com  *.stripe.com *.addthis.com  *.webspellchecker.net *.googletagmanager.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeo.com *.3playmedia.com *.googleadservices.com *.googleads.g.doubleclick.net *.acsbapp.com acsbapp.com *.mktoweb.com https://js.adsrvr.org/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://optimize.google.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://tracker.adreadyclick.com https://tags.srv.stackadapt.com https://www.wingsfinancial.com *.touchcommerce.com *.inq.com *.nuance.com *.wingsfinancial.com *.wingscu.com *.mktoutil.com https://munchkin.marketo.net/ *.4seeresults.com https://gateway.foresee.com/ https://www.youtube.com/ https://*.googleapis.com https://*.calcxml.com https://*.sharethis.com:443 cdnjs.cloudflare.com polyfill.io www.googletagmanager.com maxcdn.bootstrapcdn.com https://*.google-analytics.com connect.facebook.net s.btstatic.com s.thebrighttag.com https://rlforms.referlive.com; style-src 'self' 'unsafe-inline' *.3playmedia.com originp3.s3.amazonaws.com *.4seeresults.com *.foresee.com *.mktoweb.com https://optimize.google.com https://rlforms.referlive.com https://fonts.googleapis.com https://tags.srv.stackadapt.com https://www.wingsfinancial.com *.touchcommerce.com *.inq.com *.nuance.com https://*.googleapis.com https://*.calcxml.com https://*.sharethis.com:443 builder.risdall.com; img-src 'self' data: googleads.g.doubleclick.net *.acsbapp.com acsbapp.com https://azurestorefront.blob.core.windows.net https://rlforms.referlive.com https://trustage.liveplatform.com https://optimize.google.com https://script.hotjar.com http://script.hotjar.com https://tags.srv.stackadapt.com https://www.wingsfinancial.com *.touchcommerce.com *.inq.com *.nuance.com https://www.google.com/ads/ga-audiences https://tn.alphonso.tv https://*.gstatic.com https://*.googleapis.com https://*.calcxml.com https://*.sharethis.com https://insight.adsrvr.org https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://dpm.demdex.net https://io.narrative.io https://idpix.media6degrees.com https://mid.rkdms.com https://play.google.com https://developer.apple.com; font-src 'self' *.3playmedia.com acsbapp.com http://script.hotjar.com https://script.hotjar.com https://www.wingsfinancial.com *.touchcommerce.com *.inq.com *.nuance.com https://*.gstatic.com *.4seeresults.com *.foresee.com; connect-src 'self' *.google.com *.doubleclick.net *.3playmedia.com *.4seeresults.com *.foresee.com *.acsbapp.com https://rlforms.referlive.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://pixelconnector.adready.com https://tracker.adreadyclick.com https://in.hotjar.com https://tags.srv.stackadapt.com https://www.wingsfinancial.com *.touchcommerce.com *.inq.com *.nuance.com https://*.mktoresp.com/ https://*.sharethis.com https://www.calcxml.com https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net *.googleapis.com; object-src 'self' https://player.vimeo.com https://vimeo.com https://www.youtube.com/; frame-src 'self' *.google.com *.doubleclick.net t.sharethis.com plugin.3playmedia.com *.3playmedia.com *.mktoweb.com https://match.adsrvr.org/ https://insight.adsrvr.org/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://optimize.google.com https://player.vimeo.com https://vimeo.com https://vars.hotjar.com *.wingsfinancial.com *.touchcommerce.com *.inq.com *.nuance.com https://www.youtube.com/ https://wings.locatorsearch.com/ www.facebook.com:443 https://*.sharethis.mgr.consensu.org; form-action 'self' *.wingscu.com *.architect-cert.fiservapps.com *.referlive.com *.touchcommerce.com *.inq.com *.nuance.com https://wingsfinancial.onlinebank.com https://www.facebook.com; frame-ancestors 'self' https://wingsfinancial.onlinebank.com/; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self'; connect-src 'self' *.readspeaker.com *.google-analytics.com stats.g.doubleclick.net *.googleapis.com https://ipv4.icanhazip.com https://chatbottest.appypie.com https://us-central1-chatbot-production-d6ea3.cloudfunctions.net *.appypie.com  *.aladhan.com  https://api.ipify.org https://vc.hotjar.io https://content.hotjar.io wss://ws.hotjar.com ; font-src 'self' *.gstatic.com  *.fontawesome.com; frame-src 'self' *.google.com menafn.com *.youtube-nocookie.com *.true-markets.net *.youtube.com *.clutch.co; img-src 'self' data: *.google-analytics.com *.readspeaker.com *.gstatic.com *.google.com *.googleapis.com i.ytimg.com *.google.jo https://chatbot.appypie.com *.appypie.com/; manifest-src 'self'; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.readspeaker.com *.jsdelivr.net  https://chatbot.appypie.com *.clutch.co https://static.hotjar.com https://script.hotjar.com ; style-src 'self' 'unsafe-inline' *.googleapis.com *.readspeaker.com   https://pro.fontawesome.com/releases/v5.10.0/css/all.css  https://designcloudtest.appypie.com https://chatbot.appypie.com/  https://chatbotnew.appypie.com ; media-src 'self' https://chatbot.appypie.com; form-action 'self' ; worker-src 'self'; child-src 'self'; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests 1
child-src www.google.com; frame-ancestors 'self'; object-src 'none'; frame-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.krystal.io *.adroll.com *.facebook.net *.redditstatic.com *.googletagmanager.com *.cookiepro.com; 1
default-src 'self' https://*.clearygottlieb.com https://*.truste.com https://*.nr-data.net https://*.siteimproveanalytics.io https://*.newrelic.com https://*.google-analytics.com https://*.trustarc.com https://*.doubleclick.net https://*.vimeo.com https://*.youtube-nocookie.com https://*.youtube.com; script-src 'nonce-y9yRpMY+Yuj14sK0+m60CnvRGt9zQjr7q5BNJL1308k=' 'unsafe-eval' 'self' https://*.clearygottlieb.com https://*.jquery.com https://*.googletagmanager.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.newrelic.com https://*.google-analytics.com https://*.trustarc.com https://*.nr-data.net https://snap.licdn.com; connect-src 'self' https://px.ads.linkedin.com https://consent-reporting.trustarc.com https://consent.trustarc.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bam-cell.nr-data.net ; style-src 'unsafe-inline' 'self' https://*.clearygottlieb.com; font-src 'self' https://*.trustarc.com data:; img-src 'self' https://*.clearygottlieb.com https://*.googletagmanager.com https://*.google.com https://*.google.co.uk https://*.google.com.ec https://*.truste.com https://*.siteimproveanalytics.io https://*.google-analytics.com https://*.trustarc.com https://px.ads.linkedin.com data:; media-src https://*.clearygottlieb.com https://*.vimeo.com https://*.akamaized.net data:; child-src https://*.clearygottlieb.com https://*.vimeo.com; frame-src https://*.clearygottlieb.com https://*.googletagmanager.com https://*.trustarc.com https://*.vimeo.com; base-uri 'self'; upgrade-insecure-requests; block-all-mixed-content; 1
script-src 'unsafe-eval' 'unsafe-inline' 'self' https://f1-eu.readspeaker.com *.episerver.net minsida.siriusit.net web103.reachmee.com s.ytimg.com image.providesupport.com *.youtube.com *.newrelic.com *.googletagmanager.com *.google-analytics.com script *.nr-data.net *.ytimg.com *.googleapis.com *.doubleclick.net tagmanager.google.com googleads.g.doubleclick.net csi.gstatic.com *.vo.msecnd.net *.e-space.se siteimproveanalytics.com inrapportering.ehalsomyndigheten.se ehalsomyndigheten.humany.net ehalsomyndigheten.ace.teliacompany.com wds.ace.teliacompany.com *.delivery.consentmanager.net cdn.consentmanager.net *.rekai.se; 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-tnUlyX5JGf/ugxXhvhE4sQ==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
base-uri self; object-src none; font-src * data:; img-src *; script-src 'self' embed.tawk.to cdn.jsdelivr.net www.hostworx.co.za cdn.fraudlabspro.com www.google.com www.gstatic.com www.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to; frame-ancestors 'self'; report-uri ; report-to default 1
default-src https: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none';img-src https: data: blob:;font-src https: data:;frame-src https: blob:;worker-src https: blob:;connect-src https: blob: ws: 1
default-src 'none';script-src 'self' 'nonce-Evelyn' *.evelyn.com *.calendly.com *.vimeocdn.com *.cloudfront.net *.withcubed.com *.smartrecruiters.com script.infinity-tracking.com embed.typeform.com *.bing.com cdn.cookielaw.org *.trustpilot.com connect.facebook.net js.monitor.azure.com *.googletagmanager.com *.fullstory.com *.doubleclick.net *.hotjar.com *.licdn.com *.tiqcdn.com tracker.marinsm.com *.abtasty.com *.tealiumiq.com www.google-analytics.com *.ceros.com *.google.com *.google.co.uk *.google.com.tr *.google.com.pl *.getsitecontrol.com *.getsitectrl.com *.vimeo.com *.linkedin.com *.googlesyndication.com 'unsafe-eval' 'unsafe-inline';style-src 'self' embed.typeform.com *.calendly.com static.smartrecruiters.com *.googleapis.com *.abtasty.com 'unsafe-inline';connect-src 'self' *.bing.com i.emlfiles.com *.infinity-tracking.com *.infinity-tracking.net app-uks-prod-bestinvest-website-forms.azurewebsites.net app-uks-test-bestinvest-website-forms.azurewebsites.net wss: cdn.cookielaw.org *.googletagmanager.com geolocation.onetrust.com *.fullstory.com collect.tealiumiq.com cdn.linkedin.oribi.io *.hotjar.com *.hotjar.io *.google-analytics.com *.google.com *.google.co.uk *.google.com.tr *.google.com.pl *.doubleclick.net vimeo.com *.getsitecontrol.com *.getsitectrl.com *.linkedin.com *.abtasty.com *.googlesyndication.com;font-src 'self' fonts.gstatic.com script.hotjar.com *.abtasty.com;img-src 'self' data: i.emlfiles.com *.vimeocdn.com cdn.cookielaw.org *.bing.com *.ytimg.com *.google.co.uk *.google.com.tr *.google.com.pl *.google.com *.googletagmanager.com *.google-analytics.com www.facebook.com *.cloudfront.net *.typeform.com *.linkedin.com *.abtasty.com;media-src 'self' youtube.com vimeo.com;object-src 'none';frame-ancestors 'self';frame-src 'self' *.evelyn.com calendly.com www.youtube.com *.calconic.com maps.google.com datawrapper.dwcdn.net form.typeform.com *.vimeo.com *.google.com *.ceros.com *.podbean.com *.hylandcloud.com *.trustpilot.com *.abtasty.com *.doubleclick.net 1
default-src https://*.ctfassets.net 'self' blob: feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://tagmanager.google.com https://*.cookielaw.org https://script.crazyegg.com https://*.facebook.net https://*.adsrvr.org https://pghub.io https://*.bazaarvoice.com https://z.moatads.com feed.pghub.io pandg.tapad.com ; connect-src 'self' * https: 'unsafe-inline' ; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fast.fonts.net feed.pghub.io pandg.tapad.com ; img-src https://*.ctfassets.net 'self' data: https://www.googletagmanager.com https://ssl.gstatic.com https://pixel.tapad.com https://*.cookielaw.org https://*.qualtrics.com https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.co.in https://*.bazaarvoice.com feed.pghub.io pandg.tapad.com ; media-src https://videos.ctfassets.net data: feed.pghub.io pandg.tapad.com ; font-src https://fonts.gstatic.com data: http://fast.fonts.net https://assets.ctfassets.net feed.pghub.io pandg.tapad.com ; frame-src https://*.qualtrics.com 'self' https://*.tapad.com https://*.facebook.com https://*.google.com https://www.youtube.com https://consumersupport.pg.com https://*.adsrvr.org feed.pghub.io pandg.tapad.com ; 1
default-src 'self'; script-src 'self' https://diariobitcoin.b-cdn.net https://cdn-cookieyes.com https://*.diariobitcoin.care https://chimpstatic.com https://www.googletagmanager.com https://platform.twitter.com https://platform.x.com https://connect.facebook.net https://cdnjs.cloudflare.com https://onesignal.com https://*.onesignal.com https://mc.us13.list-manage.com https://downloads.mailchimp.com https://*.highcharts.com https://*.intotheblock.com https://stats.wp.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://fonts.cdnfonts.com https://*.twitter.com https://*.x.com https://*.googleusercontent.com https://diariobitcoin.b-cdn.net https://secure.gravatar.com https://mcusercontent.com https://ps.w.org https://wpadvancedads.com https://www.bitven.com https://pixel.wp.com https://cdn-cookieyes.com data:; style-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://fonts.cdnfonts.com https://onesignal.com https://downloads.mailchimp.com https://*.typekit.net https://*.googleapis.com https://*.diariobitcoin.care; object-src 'none'; font-src 'self' https://fonts.cdnfonts.com https://*.typekit.net https://fonts.gstatic.com data:; frame-src 'self' https://platform.twitter.com https://platform.x.com https://www.facebook.com https://connect.facebook.com; worker-src 'self' blob:; connect-src 'self' https://onesignal.com https://analytics.google.com https://stats.g.doubleclick.net https://*.diariobitcoin.care https://*.intotheblock.com https://log.cookieyes.com https://cdn-cookieyes.com; script-src-elem 'self' https://diariobitcoin.b-cdn.net https://cdn-cookieyes.com https://*.diariobitcoin.care https://chimpstatic.com https://www.googletagmanager.com https://platform.twitter.com https://platform.x.com https://connect.facebook.net https://cdnjs.cloudflare.com https://onesignal.com https://*.onesignal.com https://mc.us13.list-manage.com https://downloads.mailchimp.com https://*.highcharts.com https://*.intotheblock.com https://stats.wp.com 'unsafe-inline' 'unsafe-eval';  1
default-src https: 'self' 'unsafe-eval' 'unsafe-inline' data: 1
frame-ancestors 'self'; worker-src blob:; child-src * blob: gap:; img-src * 'self' blob: data:;default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://scholar.social; img-src 'self' https: data: blob: https://scholar.social; style-src 'self' https://scholar.social 'nonce-8cVXOIBDPw5adCMLZs5GGw=='; media-src 'self' https: data: https://scholar.social; frame-src 'self' https:; manifest-src 'self' https://scholar.social; form-action 'self'; child-src 'self' blob: https://scholar.social; worker-src 'self' blob: https://scholar.social; connect-src 'self' data: blob: https://scholar.social https://cdn.masto.host wss://scholar.social; script-src 'self' https://scholar.social 'wasm-unsafe-eval' 1
default-src 'self'  http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
default-src 'self' https://*.xen.to https://*.tidnex.dev https://*.xendit.co; img-src * data:; style-src * 'unsafe-inline'; connect-src 'self' https://*.xen.to https://*.tidnex.dev https://*.xendit.co https://*.sentry.io https://stats.g.doubleclick.net https://snowplow-collector.iluma.ai https://www.google-analytics.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.xen.to https://*.tidnex.dev https://*.xendit.co https://www.recaptcha.net https://www.gstatic.com https://www.gstatic.cn https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://www.google-analytics.com http://*.cloudfront.net https://connect.facebook.net http://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net; font-src https://fonts.googleapis.com https://fonts.gstatic.com; frame-src data: https: https://*.xen.to https://*.tidnex.dev https://*.xendit.co https://www.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.acv-csc.be *.acvcsc.be *.hetacv.be *.lacsc.be *.diecsc.be *.dmz-web.acv-csc.intranet https://chat.smartcall.cc https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com *.analytics.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.cloudflare.com *.jquery.com kendo.cdn.telerik.com *.hotjar.com ws://*.hotjar.com surfly.com *.googletagmanager.com https://*.talkjs.com https://unpkg.com; style-src 'self' 'unsafe-inline' *.acv-csc.be *.acvcsc.be *.hetacv.be *.lacsc.be *.diecsc.be *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.smartcall.cc *.googletagmanager.com; font-src 'self' data: *.acv-csc.be *.acvcsc.be *.hetacv.be *.lacsc.be *.diecsc.be *.dmz-web.acv-csc.intranet fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com; img-src 'self' blob: *.acv-csc.be *.acvcsc.be *.hetacv.be *.lacsc.be *.diecsc.be *.dmz-web.acv-csc.intranet *.swagger.io *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.analytics.google.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.google.com *.google.be *.google.co.uk *.google.de *.google.fr *.google.lu *.google.nl googleads.g.doubleclick.net; media-src 'self' data: blob: https://*.talkjs.com; frame-src 'self' blob: *.acv-csc.be *.acvcsc.be *.hetacv.be *.lacsc.be *.diecsc.be *.dmz-web.acv-csc.intranet *.acv-bie.be https://acv-flash.be *.issuu.com surfly.com *.hotjar.com *.google.com *.facebook.com *.2tt.be *.youtube.com *.youtube-nocookie.com *.soundcloud.com https://*.talkjs.com https://pc201.be https://pc311.be *.appoint.be; frame-ancestors  'self' *.acv-csc.be *.acvcsc.be *.hetacv.be *.lacsc.be *.diecsc.be *.dmz-web.acv-csc.intranet *.acv-bie.be *.issuu.com surfly.com *.hotjar.com *.google.com *.facebook.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' data: blob: *.acv-csc.be *.acvcsc.be *.hetacv.be *.lacsc.be *.diecsc.be *.dmz-web.acv-csc.intranet *.hotjar.com ws://*.hotjar.com *.googleapis.com *.google-analytics.com *.analytics.google.com accounts.google.com *.gstatic.com *.facebook.net *.doubleclick.net surfly.com *.hotjar.io ws://*.hotjar.io *.facebook.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.smartcall.cc *.trackjs.com https://*.talkjs.com wss://*.talkjs.com https://directline.botframework.com wss://directline.botframework.com *.google.com *.google.be *.google.co.uk *.google.de *.google.fr *.google.lu *.google.nl *.googletagmanager.com; object-src 'self' data: blob: *.acv-csc.be *.acvcsc.be *.hetacv.be *.lacsc.be *.diecsc.be *.dmz-web.acv-csc.intranet 1
default-src 'self' https://api1.trendyaab.com ; manifest-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.gstatic.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' cdn1.trendyaab.com  vt.parsimap.com https://logo.samandehi.ir https://*.google-analytics.com review-rating.mncdn.com blob: https://api1.trendyaab.com data: https://api1.trendyaab.com https://cdn.dsmcdn.com https://video-content-img.dsmcdn.com  http://www.w3.org; media-src https://d12rjhfbnrelgt.cloudfront.net https://video-content.dsmcdn.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://hpadmin.post.ir https://api1.trendyaab.com https://api.trendyaab.com https://translate.googleapis.com https://*.google-analytics.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; frame-ancestors 'self' https://trustseal.enamad.ir; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: about: ws: wss:; 1
default-src *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.thernovotools.com *.thernovotools-preview.com dock.ui.bosch.tech *.hotjar.com wss://*.hotjar.com bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com *.boschtt-documents.com www.bimstore.co.uk *.kittelberger.net *.mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; media-src *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; font-src bott-fs.nautilus bott-fs.kittelberger.net script.hotjar.com fonts.gstatic.com *.bosch-thermotechnology.com www.bosch-thermotechnology.us www.heizung-steuern.com fonts.gstatic.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: ; object-src data: 'self'; img-src *.kameleoon.eu *.kameleoon.com bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net optimize.google.com www.google-analytics.com www.googletagmanager.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: blob:; style-src bosch-tt.kittelberger.net bott-fs.nautilus bott-fs.kittelberger.net *.bosch-thermotechnology.com cdn.datatables.net optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com www.bosch-thermotechnology.us *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' 'unsafe-inline' https: ; script-src *.kameleoon.eu *.kameleoon.com bott-fs.nautilus bott-fs.kittelberger.net dock.ui.bosch.tech optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src *.thernovotools.com *.thernovotools-preview.com mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com optimize.google.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: blob:; frame-ancestors bosch.mi4biz.net bott-fs.kittelberger.net *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; connect-src 'self' googleads.g.doubleclick.net www.google.com *.kameleoon.io *.kameleoon.eu *.kameleoon.com *.buderus.com *.googlesyndication.com fi-v2-configs.global.commerce-connector.com api-eu.global.commerce-connector.com www.facebook.com wss://*.hotjar.com *.hotjar.io wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech  www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com dock.ui.bosch.tech mycliplister.com *.mycliplister.com stats.g.doubleclick.net *.googleapis.com *.bosch-thermotechnology.com *.hotjar.com 1
default-src https:; font-src https: data:; img-src https: data:; script-src 'self' 'nonce-sh354q4Df954' *; style-src 'self' 'unsafe-inline' *;  frame-ancestors 'self'; 1
default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; base-uri 'self'; form-action 'self' https://iface.core-networks.de; frame-ancestors 'none'; block-all-mixed-content 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.bluecross.com.hk google.com www.google.com *.aia.biz *.zscalertwo.net s.yimg.com *.mixpanel.com *.bluecross.com.hk www.googletagmanager.com fonts.gstatic.com m.addthisedge.com m.addthis.com s7.addthis.com cdn.mxpnl.com www.google-analytics.com *.doubleclick.net *.aiaazure.biz  resources.xg4ken.com *.adsfactor.net *.ap-gateway.mastercard.com ap-gateway.mastercard.com *.ap-gateway.mastercard.com ap-gateway.mastercard.com syd-stripe2.ap.gateway.mastercard.com ap.gateway.mastercard.com rum-collector-2.pingdom.net www.googleadservices.com *.facebook.net *.facebook.com *.g.doubleclick.net www.google.com.vn www.google.com.hk ap.gateway.mastercard.com sp.analytics.yahoo.com *.codpayment.com appx js.go2sdk.com shopback.go2cloud.org *.mouseflow.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; 1
script-src 'unsafe-eval' 'strict-dynamic' 'nonce-Mjk0MTVhM2ZlZDc4MmVjYg==' 'nonce-ZDVhMzliYTY3ZjFlNjcxYg==' 'nonce-YWZkNjU4ZGUwYjE0YWMxMQ==' 'nonce-YzIwNjllNzRlZjNhNWRjNg==' 'nonce-YjkwZTQxN2VhMzY5NDVhNw==' 'nonce-MzAwZGE0OGRmODE4N2MxYg==' 'nonce-MDE2N2ViMjVkM2MyNWNlMA==' 'nonce-N2QxZDJlNjZlNzRmYzNkMQ==' 'nonce-YzQ0OWEyZWQ0ZmI5YzRjYg==' 'nonce-NzU2MmM3ODFkMGMzNjk1NQ==' 'nonce-MWFiYTk4ZWNkOGMyYmZjZA==' 1
object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 1
default-src 'self'; base-uri 'self'; script-src 'nonce-0e44744f2bbb4a38d1401d812ed97b99' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; connect-src 'self' www.googletagmanager.com *.facebook.com translate.googleapis.com *.instana.io wss://mpsnare.iesnare.com *.usercentrics.eu bat.bing.com/actionp/ *.liadm.com *.parship.dev www.googleadservices.com *.doubleclick.net *.google.com google.com; frame-ancestors 'self' secure1.parship.com secure1.eharmony.com secure1.elitepartner.de *.parship.dev; frame-src 'self' support.parship.nl tms.parship.nl *.greatviews.de app.usercentrics.eu www.youtube-nocookie.com accounts.google.com translate.googleapis.com *.doubleclick.net *.liadm.com; object-src 'none'; img-src 'self' data: *.instana.io *.parship.dev static.cloudflareinsights.com app.usercentrics.eu/ www.gstatic.com/images/ i.ytimg.com google.com *.google.com www.google.co.uk www.google.ca www.google.de www.google.at www.google.ch www.google.nl www.google.be www.google.fr www.google.com.au www.googleadservices.com www.googletagmanager.com googleads.g.doubleclick.net *.liadm.com sli.eharmony.com; font-src 'self' *.typekit.net; style-src 'self' 'unsafe-inline' 'report-sample' *.typekit.net accounts.google.com/gsi/style translate.googleapis.com; upgrade-insecure-requests; report-uri /ls/ 1
default-src 'self' cdn.synthetix.com ssc.synthetix.com;                     img-src 'self' syn-document-manager.s3.amazonaws.com cdn.synthetix.com ssc.synthetix.com data: *.google-analytics.com *.google.co.uk *.google.com *.facebook.com *.googletagmanager.com *.hotjar.com *.hotjar.io;                     font-src *.gstatic.com *.hotjar.com *.hotjar.io;                     frame-src *.facebook.com *.twitter.com *.hotjar.com *.hotjar.io *.google.com *.youtube.com https://wjecwebsitelive.blob.core.windows.net https://securelinks1.cmadvantage.co.uk/ https://wjec-cbac.leadfamly.com/ *.issuu.com/;                     object-src https://wjecwebsitelive.blob.core.windows.net;                     connect-src 'self' syn-document-manager.s3.amazonaws.com cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.hotjar.io *.google-analytics.com *.hotjar.com *.fullstory.com *.doubleclick.net wss://*.hotjar.com *.getaddress.io *.analytics.google.com;                     style-src 'self' 'unsafe-inline' cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.googleapis.com *.cloudfront.net;                     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.googletagmanager.com googleapis.com *.hotjar.com *.gstatic.com *.fullstory.com *.google-analytics.com *.aspnetcdn.com *.googleadservices.com *.facebook.net *.doubleclick.net 1
default-src 'none'; img-src 'self' https://media.kuketz.de; style-src 'self'; font-src 'self'; base-uri 'none'; frame-ancestors 'none'; form-action 'self'; block-all-mixed-content 1
frame-ancestors 'self' http://localhost:6090 1
default-src 'self' cibng.ibanking-services.com *.ellieservices.com *.docusign.ne; font-src 'self' cibng.ibanking-services.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.johnsonfinancialgroup.com cibng.ibanking-services.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vidyard.com *.pinterest.com *.qualtrics.com *.cloudfront.net *.googleapis.com *.johnsonfinancialgroup.com cibng.ibanking-services.com *.episerver.net *.addthis.com *.addthisedge.com *.moatads.com *.onlineaccess1.com *.levelaccess.net *.marketo.net *.pdst.fm *.ads-twitter.com *.crazyegg.com *.twitter.com *.pinimg.com *.adsrvr.org *.adform.net *.doubleclick.net *.facebook.net *.licdn.com *.google-analytics.com *.googletagmanager.com *.google.com *.visualstudio.com *.msecnd.net *.gstatic.com *.ellieservices.com *.docusign.net; img-src 'self' data: *; connect-src 'self' *.linkedin.com cibng.ibanking-services.com *.qualtrics.com *.oribi.io *.googleapis.com *.crazyegg.com *.addthis.com *.levelaccess.net *.cloudfunctions.net *.google-analytics.com *.google.com *.mktoresp.com *.pinterest.com *.doubleclick.net *.visualstudio.com run.mocky.io *.ellieservices.com *.docusign.net; frame-src 'self' *.libsyn.com *.buzzsprout.com *.qualtrics.com *.johnsonfinancialgroup.com *.docusign.com *.docusign.net *.ellielabs.com *.ellieservices.com *.elliemae.com *.pinterest.com cibng.ibanking-services.com *.vidyard.com  *.vimeo.com vimeo.com player.vimeo.com *.addthis.com *.agentinsure.com *.locatorsearch.com *.facebook.com *.google-analytics.com *.google.com *.doubleclick.net *.brainshark.com lifehappenspro.org *.adsrvr.org; worker-src 'self' blob: *.johnsonfinancialgroup.com *.ellieservices.com *.docusign.ne; 1
frame-ancestors 'self' https://www.kayak.com  https://www.kayak.co.uk https://www.momondo.co.uk https://www.cheapflights.co.uk; 1
default-src https: data: https://*.valantic.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com wss://*.cognigy.ai 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https://* s3.us-west-1.amazonaws.com www.google-analytics.com stats.g.doubleclick.net www.youtube.com anchor.fm www.googletagmanager.com;script-src * 'unsafe-inline' 'unsafe-eval';img-src * data:;frame-ancestors 'self' https://*.mybigcommerce.com https://*.shopify.com https://*.myshopify.com;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
frame-ancestors https://*.fsa-mobile.com 1
frame-ancestors 'self' https://*.bigbrotherawards.nl 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mstdn.plus; img-src 'self' https: data: blob: https://mstdn.plus; style-src 'self' https://mstdn.plus 'nonce-yCjd8qlZFoEVwqbkXC9URg=='; media-src 'self' https: data: https://mstdn.plus; frame-src 'self' https:; manifest-src 'self' https://mstdn.plus; form-action 'self'; child-src 'self' blob: https://mstdn.plus; worker-src 'self' blob: https://mstdn.plus; connect-src 'self' data: blob: https://mstdn.plus https://files.mstdn.plus wss://mstdn.plus; script-src 'self' https://mstdn.plus 'wasm-unsafe-eval' 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'sha256-vqkalYp8xkqn+hf7mUzDCfNWasvmTZuSB1iXppRJQ/0=' 'sha256-rwtr0ht6qV/IrmC4v1eJEgxPCqwO2CK19cdEs33KgkQ=' 'sha256-+XJ+sQA4fL+bDs0dm6CWwZfQZX3e1KZU/qy4RivVAGI=' 'strict-dynamic'; report-uri https://csp.ping-security.com/csp-reports 1
default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-grXZMItcDFbc8Wh+' static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl connect.facebook.net cdn.harvest.graindata.com *.pingvp.com pingvp.com *.visualwebsiteoptimizer.com app.vwo.com www.awin1.com *.stichtingdefriesland.nl d1mj578wat5n4o.cloudfront.net sitecorecloud.io;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com *.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu *.pingvp.com i.vimeocdn.com dev.visualwebsiteoptimizer.com *.doubleclick.net *.googlesyndication.com *.imgix.net;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net  *.pingvp.com;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com *.visualwebsiteoptimizer.com app.vwo.com *.applicationinsights.azure.com wss://api.defriesland.nl:13443 wss://api.zilverenkruis.nl:13443 wss://api.interpolis.nl:13443 *.googlesyndication.com www.google.com googleads.g.doubleclick.net *.coveo.com;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl *.pingvp.com;object-src 'self' ;child-src 'self' blob: t.svtrd.com player.vimeo.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm;frame-ancestors 'self' player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl app.vwo.com *.visualwebsiteoptimizer.com;;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://social.cologne; img-src 'self' https: data: blob: https://social.cologne; style-src 'self' https://social.cologne 'nonce-um1de9h+1wCShdR088ccow=='; media-src 'self' https: data: https://social.cologne; frame-src 'self' https:; manifest-src 'self' https://social.cologne; form-action 'self'; child-src 'self' blob: https://social.cologne; worker-src 'self' blob: https://social.cologne; connect-src 'self' data: blob: https://social.cologne https://media.social.cologne wss://social.cologne; script-src 'self' https://social.cologne 'wasm-unsafe-eval' 1
default-src 'self' ;connect-src 'self' consent.app.cookieinformation.com policy.app.cookieinformation.com dc.services.visualstudio.com px.ads.linkedin.com region1.google-analytics.com www.google-analytics.com www.google.com googleads.g.doubleclick.net pagead2.googlesyndication.com https://region1.analytics.google.com https://stats.g.doubleclick.net;font-src 'self' fonts.gstatic.com; frame-ancestors 'self' www.linkedin.com; frame-src 'self' *.danskerhverv.dk policy.app.cookieinformation.com www.linkedin.com video.ibm.com app.powerbi.com candidate.hr-manager.net forms.office.com eu.video.ibm.com https://td.doubleclick.net ;img-src 'self' data: danskerhverv.imgix.net analytics.twitter.com app-eu.clickdimensions.com px.ads.linkedin.com region1.google-analytics.com tracking.monsido.com www.googletagmanager.com ps4.ads.linkedin.com googleads.g.doubleclick.net fonts.gstatic.com www.google.com www.google.dk px4.ads.linkedin.com t.co; script-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self'  'unsafe-inline'  policy.app.cookieinformation.com cdn.polyfill.io dl.episerver.net   analytics-eu.clickdimensions.com app-script.monsido.com az416426.vo.msecnd.net connect.facebook.net snap.licdn.com static.ads-twitter.com track.adform.net www.googleadservices.com s2.adform.net www.googletagmanager.com https://pagead2.googlesyndication.com;  style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com;style-src 'self' 'unsafe-inline' 1
default-src 'self';font-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline';frame-ancestors 'none' 1
frame-ancestors 'self' http://localhost:3333 https://www.sanity.io https://*.sanity.studio https://*.vercel.app 1
default-src 'none'; script-src 'self' https://kit.fontawesome.com/ https://cdnjs.cloudflare.com/ https://www.gstatic.com/ https://cdn.jsdelivr.net/combine/gh/ryersondmp/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://*.hotjar.com/ https://unpkg.com/@google/ 'unsafe-inline' https://use.fontawesome.com/; style-src 'self' https://use.fontawesome.com/ https://cdnjs.cloudflare.com/ https://www.gstatic.com/ https://cdn.jsdelivr.net 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' data: https://www.w3.org https://maps.googleapis.com/ https://maps.gstatic.com/ https://developers.google.com/maps/documentation/javascript/examples/markerclusterer/ https://jadu-q-files.s3.eu-west-1.amazonaws.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com; frame-src 'self' https://www.youtube.com/ https://calendar.google.com/; child-src 'self' https://www.youtube.com/ https://calendar.google.com/; font-src 'self' https://ka-p.fontawesome.com/ https://fonts.gstatic.com/ https://use.fontawesome.com/ ; connect-src 'self' https://maps.googleapis.com/ https://kit.fontawesome.com/ https://ka-p.fontawesome.com/  https://*.google-analytics.com https://*.analytics.google.com https://tle5ea6myb.execute-api.eu-west-2.amazonaws.com/ https://uch9a5brqc.execute-api.eu-west-2.amazonaws.com/ https://93yf4nembc.execute-api.eu-west-2.amazonaws.com/ https://zbr7r13ke2.execute-api.eu-west-2.amazonaws.com/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-src 'self' data: https://open.spotify.com https://fagforbundet.piwik.pro/ https://zissoninteract.com/ https://ff-logomaker.azurewebsites.net/ https://fagbladet2.com/ https://fagbladet.no/ https://motion.easymeet.se/ https://cdn.jwplayer.com/ https://oppgavedeling.pleiar.no/ https://howspace.pleiar.no/ https://*.fagforbundet.no/ https://www1.fagforbundet.no/ https://www2.fagforbundet.no/ https://datawrapper.dwcdn.net/ https://secure.compendia.no/ https://compendia.boost.ai/ https://secure.compendia.no/ https://medlemsmorten.boost.ai/ https://e.infogram.com/ https://nettkurs.fagforbundet.no/ https://client.imageshop.no/ https://w.soundcloud.com https://www.facebook.com https://public.tableau.com https://vars.hotjar.com https://consentcdn.cookiebot.com https://ep-static.fagforbundet.no https://wtools.fagforbundet.no https://fsrv-int03 https://player.vimeo.com/ https://www.youtube.com/ https://youtube.com/ https://www.youtube-nocookie.com/; frame-ancestors 'self' https://zissoninteract.com/; 1
frame-ancestors 'self'  *.dastelefonbuch.de *.schatten.dastelefonbuch.de *.telefonbuch.de *.meinungsmeister.de 1
default-src https: 'self' blob:; media-src https: data: blob:; font-src https: data:; img-src https: 'self' 'unsafe-inline' data: about:; style-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors https://*.psychic-readings-for-free.com; 1
default-src 'none'; object-src 'none'; script-src 'self' 'sha256-0cMJQiSTWyrp/ttaqiAhqT1HP0tV12dJmQvaL06B4iE='; connect-src 'self'; font-src 'self'; manifest-src 'self'; style-src 'self'; img-src data: https://fileshare.brr.fyi 'self'; media-src https://fileshare.brr.fyi 'self'; frame-ancestors 'none' 1
base-uri 'self'; default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: wknlsta00001.blob.core.windows.net in-app-qa.wolterskluwer.eu in-app-staging.wolterskluwer.eu in-app.wolterskluwer.eu *.monitor.azure.com *.in.applicationinsights.azure.com *.navigator.nl *.kluwer.nl i.ytimg.com img.youtube.com *.my.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.force.com eu2.thunderhead.com eu2.cdn.thunderhead.com login.wolterskluwer.eu login-stg.wolterskluwer.eu ciam.wolterskluwer.eu myprofile.wolterskluwer.eu cdn.wolterskluwer.io cdn.userdatatrust.com service.force.com www.google-analytics.com www.googletagmanager.com cdn.pendo.io cdn.eu.pendo.io data.eu.pendo.io app.eu.pendo.io *.sleeknote.com region1.google-analytics.com www.google.com www.google.nl www.google.pl www.google.hu *.storage.googleapis.com fonts.googleapis.com stats.g.doubleclick.net navigator.kluwer.nl inview.nl www.inview.nl www.navigator.nl; font-src 'self' data: *.wolterskluwer.io fonts.gstatic.com sleeknotestaticcontent.sleeknote.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' service.force.com app.eu.pendo.io *.youtube-nocookie.com *.youtube.com www.googletagmanager.com mailchimp.sleeknote.com agillic.sleeknote.com campaignmonitor.sleeknote.com emarsys.sleeknote.com segment.sleeknote.com activecampaign.sleeknote.com integrationssite.sleeknote.com klaviyo.sleeknote.com dotdigital.sleeknote.com salesforce.sleeknote.com drip.sleeknote.com onsite-subscribe.getdrip.com smartweb.sleeknote.com apsis.sleeknote.com apsisone.sleeknote.com heyloyalty.sleeknote.com peytz.sleeknote.com ubivox.sleeknote.com mailplatform.sleeknote.com zapier.sleeknote.com onsite-subscribe.getdrip.com contactform.sleeknote.com subscribe.sleeknote.com; object-src 'none'; style-src 'self' 'unsafe-inline' data: service.force.com *.salesforce-sites.com *.storage.googleapis.com cdn.wolterskluwer.io cdn.eu.pendo.io sleeknotestaticcontent.sleeknote.com 1
base-uri 'self'; child-src blob:; connect-src 'self' * blob:; default-src 'none'; font-src 'self' * data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' *.addthis.com *.fls.doubleclick.net http://*.fls.doubleclick.net http://gleam.io https://gleam.io https://privacy-central.securiti.ai https://spellingbee.com https://td.doubleclick.net https://www.googletagmanager.com; img-src 'self' * about: blob: data:; manifest-src 'self'; media-src * blob: data:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub76ded8377f7502c3dcedbac113428770&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:iontv-staging; script-src 'self' 'unsafe-eval' 'unsafe-inline' * blob: data:; style-src 'self' 'unsafe-inline' * data:; worker-src 'self' blob: 1
object-src 'self'; frame-src 'self' www.google.com www.googletagmanager.com www.youtube.com https://widget.trustpilot.com https://securegw-stage.paytm.in/ https://securegw.paytm.in/ https://accounts.paytm.com/ paytm https://staticpg.paytm.in/ https://api.razorpay.com/ https://checkout.stripe.com/ https://td.doubleclick.net/ https://secure.paytmpayments.com/; 1
child-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net www.gstatic.com www.google.com ;connect-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net *.google-analytics.com noembed.com www.noembed.com cdn.plyr.io cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.doubleclick.net storage.googleapis.com event.talque.com lh3.googleusercontent.com *.googleadservices.com *.google.com *.itsa365.de *.mybeviale.com *.chillventa.de *.hubana.events *.embedded-world.de *.medteclive.com *.euroguss.de *.enforcetac.com *.fachpack.de *.frontale.de *.holz-handwerk.de *.nuernberg-convention.de *.perimeter-protection.de *.biofach.de *.vivaness.de *.interzoo.com *.biofach-japan.com *.galabau-messe.com *.consozial.de *.powtech-technopharm.com *.kommunale.de *.hydrogendialogue.com *.partec.info *.biofach-saudiarabia.com *.biofach-southeastasia.com *.iwa.info *.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io *.googlesyndication.com *.outbrain.com ;default-src 'self' *.azureedge.net ;font-src 'self' fonts.gstatic.com *.azureedge.net 'unsafe-inline' storage.googleapis.com event.talque.com lh3.googleusercontent.com ;img-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net *.google.com *.google.de *.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io snap.licdn.com static.ads-twitter.com analytics.twitter.com t.co www.googletagmanager.com analytics-udg.netdna-ssl.com code.s4d.io *.giphy.com *.clouddrive.com *.webexcontent.com data: blob: *.rackcdn.com data: blob: *.doubleclick.net connect.facebook.net www.facebook.com storage.googleapis.com event.talque.com lh3.googleusercontent.com ;media-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net storage.googleapis.com event.talque.com lh3.googleusercontent.com data: ;script-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.doubleclick.net cdn.plyr.io noembed.com www.noembed.com *.google.com *.google.de *.vimeocdn.com *.vimeo.com *.akamaized.net www.googletagmanager.com analytics-udg.netdna-ssl.com *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net 'unsafe-eval' *.googleadservices.com *.google.com static.ads-twitter.com analytics.twitter.com t.co snap.licdn.com 'unsafe-inline' www.gstatic.com www.google.com connect.facebook.net www.facebook.com storage.googleapis.com event.talque.com lh3.googleusercontent.com *.outbrain.com ;style-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net 'unsafe-inline' storage.googleapis.com event.talque.com lh3.googleusercontent.com ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.go-mpulse.net *.facebook.com *.facebook.net *.clarity.ms *.convertexperiments.com *.tiktok.com *.amazon.com *.flashtalking.com *.adsrvr.org *.yimg.com *.jquery.com *.twitter.com *.youtube.com *.answerdash.com *.googleadservices.com *.pinimg.com *.pinterest.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.answerdash.com *.googletagmanager.com; img-src 'self' *.bidr.io *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.doubleclick.net *.facebook.com *.clarity.ms *.cd-4-convertexperiments.com *.twitter.com *.yahoo.com *.flashtalking.com *.google.com *.google.de *.bing.com *.pinterest.com *.ytimg.com *.w3.org *.gstatic.com; connect-src 'self' *.googlesyndication.com *.google-analytics.com *.go-mpulse.net *.akstat.io *.google.com *.yimg.com *.tiktok.com *.clarity.ms *.doubleclick.net *.pinterest.com *.convertexperiments.com *.akamaihd.net; object-src 'none'; font-src 'self' *.gstatic.com *.answerdash.com; frame-src 'self' *.facebook.com *.twitter.com *.youtube-nocookie.com where-to-buy.co *.doubleclick.net *.amazon-adsystem.com *.flashtalking.com *.adsrvr.org *.pinterest.com 1
default-src: 'self'; object-src ‘none’; script-src: https://apis.google.com; https://clearout.io; https://www.googletagmanager.com; 1
frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.gstatic.com; frame-ancestors 'none'; font-src 'self' 'unsafe-eval' data: *.googleapis.com *.gstatic.com; connect-src 'self' 1
default-src * ; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data: https://ct.capterra.com; media-src *; frame-src *; frame-ancestors *; child-src *; font-src * https://themes.googleusercontent.com http://themes.googleusercontent.com; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; base-uri 'self'; frame-ancestors 'self' http://weblink.northshore.org.nomzit.com http://weblink.northshore.org.apkpoko.com; 1
base-uri 'self' *.intuitiolabs.com *.boseprofessional.com *.local;     frame-src 'self' *.doubleclick.net blob: *.intuitiolabs.com *.boseprofessional.com *.local *.trustarc.com https://boseprofessional.applytojob.com https://www.google.com/recaptcha/ https://assets.boseprofessional.com *.youtube.com;     connect-src 'self' www.google-analytics.com *.doubleclick.net *.intuitiolabs.com *.boseprofessional.com *.local https://www.googleapis.com *.wistia.com *.trustarc.com https://proxy.cwicly.com https://pub-3ebd12226b804a69ad05db8a0d6dd1ed.r2.dev *.wistia.net *.litix.io *.linkedin.com *.clarity.ms https://ads.google.com https://ads.microsoft.com https://analytics.google.com https://bat.bing.com;     font-src 'self' *.intuitiolabs.com *.boseprofessional.com *.local *.wistia.com https://cdn.jsdelivr.net data: https://fonts.gstatic.com https://consent.trustarc.com/ *.wistia.net http://cdnjs.cloudflare.com;     script-src 'report-sample' 'self' js.sentry-cdn.com *.intuitiolabs.com *.boseprofessional.com *.local *.weglot.com https://proxy.cwicly.com https://pub-3ebd12226b804a69ad05db8a0d6dd1ed.r2.dev https://www.dropbox.com/ https://apis.google.com https://js.live.net https://www.gstatic.com https://ucv.bynder.com http://cdnjs.cloudflare.com *.trustarc.com *.wistia.com *.wistia.net https://cdn.jsdelivr.net https://www.google.com/recaptcha/ *.doubleclick.net www.googletagmanager.com connect.facebook.net analytics.clickdimensions.com snap.licdn.com bat.bing.com *.clarity.ms https://ads.google.com https://ads.microsoft.com https://analytics.google.com https://secure.perk0mean.com/ 'unsafe-eval' 'unsafe-inline';     style-src 'report-sample'  *.doubleclick.net 'self' *.intuitiolabs.com *.boseprofessional.com *.local https://www.gstatic.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://ajax.googleapis.com https://cdn.jsdelivr.net *.wistia.com *.wistia.net 'unsafe-inline';     img-src 'self' https://www.google.co.in/ads/ga-audiences *.doubleclick.net *.intuitiolabs.com *.boseprofessional.com *.local *.cloudfront.net *.wistia.com *.wistia.net *.trustarc.com *.boseprofessional.com data: https://assets.boseprofessional.com https://secure.gravatar.com https://i.ytimg.com *.linkedin.com *.bing.com *.clarity.ms *.facebook.com *.weglot.com;     media-src 'self'  *.doubleclick.net blob: https://assets.boseprofessional.com *.intuitiolabs.com *.boseprofessional.com *.local *.wistia.com *.wistia.net *.weglot.com;     object-src 'self' *.doubleclick.net *.intuitiolabs.com *.boseprofessional.com *.local https://proxy.cwicly.com https://assets.boseprofessional.com;     manifest-src 'self';     worker-src 'self' blob: ;     default-src 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.fubonbank.com.hk https://*.etwealth.com https://*.google-analytics.com https://*.googleadservices.com https://*.facebook.net https://s.yimg.com https://11131692.fls.doubleclick.net https://googleads.g.doubleclick.net https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob:; img-src 'self' https://*.fubonbank.com.hk https://*.etwealth.com https://*.yahoo.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com data:; frame-src *.fubonbank.com.hk *.etwealth.com *.youtube.com youtu.be https://*.google-analytics.com https://*.googleadservices.com *.fls.doubleclick.net googleads.g.doubleclick.net *.googletagmanager.com *.google.com; connect-src 'self' https://*.fubonbank.com.hk https://*.etwealth.com https://*.google-analytics.com https://s.yimg.com https://*.googletagmanager.com https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob:; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://*.fubonbank.com.hk https://*.etwealth.com https://*.googletagmanager.com https://fonts.googleapis.com; worker-src blob:; 1
frame-src 'self' https://gstatic.com/ https://www.google.com/recaptcha/ https://www.grupopromerica.com/ https://www.youtube.com/ https://www.vidayexito.net/ 1
default-src 'self'; font-src 'self'; frame-src *; img-src 'self' data:; media-src 'self' data:; object-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; form-action 'self'; 1
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.cz https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.cz https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://c.imedia.cz https://*.seznam.cz https://*.google.cz;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.cz  https://smetrics.vwfs.cz https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://c.imedia.cz https://*.seznam.cz https://*.google.cz;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.cz https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.cz https://smetrics.vwfs.cz https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.cz http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com ;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net ;            media-src https://www.youtube-nocookie.com 'self' ; 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' minhabiblioteca.univille.edu.br univille.edu.br *.univille.edu.br gian.ess.devel2 localhost gian.devel2 *.facebook.com facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.hotjar.com *.licdn.com cdn.jsdevlivr.net s7.addthis.com *.rdstation.com.br *.rdstation.com *.cloudfront.net *.hotjar.io *.linkedin.com *.google.com.br *.google.com use.typekit.net *.gstatic.com *.grupoa.education *.grupoa.com *.grupoa.com.br *.gruposinternet.com.br *.enturma.com.br *.googleapis.com *.bootstrapcdn.com *.bing.com *.youtube.com; 1
object-src 'self'; frame-src 'self' www.google.com cloud.hostingraja.in www.googletagmanager.com chat.hostingraja.in www.youtube.com https://widget.trustpilot.com https://securegw-stage.paytm.in/ https://securegw.paytm.in/ https://accounts.paytm.com/ paytm https://staticpg.paytm.in/ https://api.razorpay.com/ https://checkout.stripe.com/ https://td.doubleclick.net/ https://secure.paytmpayments.com/; 1
default-src 'self' *.ib.de *.internationaler-bund.de ib-redaktion-staging.rmsdev.de;  script-src 'self' 'unsafe-eval' 'unsafe-inline' *.internationaler-bund.de *.ib.de ib-redaktion-staging.rmsdev.de *.cookiebot.com www.googletagmanager.com connect.facebook.net *.cookiebot.eu altruja.de *.altruja.de *.readspeaker.com *.freiwillig24.de *.emailsys1c.net *.unpkg.com unpkg.com flockler.com *.flockler.com *.fundraisingbox.com *.emailsys1a.net;  worker-src blob:;  img-src 'self' data: *.ytimg.com *.emailsys1c.net *.internationaler-bund.de www.google.de *.ib.de ib-redaktion-staging.rmsdev.de *.cookiebot.com *.cookiebot.eu *.usercentrics.eu www.entwicklungsdienst.de *.altruja.de *.openstreetmap.org *.twimg.com flockler.com *.flockler.com *.cdninstagram.com *.fbcdn.net *.fundraisingbox.com *.emailsys1a.net;   style-src 'self' 'unsafe-inline' *.readspeaker.com use.fontawesome.com *.freiwillig24.de *.emailsys1c.net *.emailsys1a.net;  font-src 'self' data: use.fontawesome.com *.emailsys1a.net;  media-src 'self' *.flockler.com *.twimg.com;  object-src 'self';  connect-src 'self' *.internationaler-bund.de *.ib.de *.altruja.de stats.g.doubleclick.net region1.analytics.google.com *.cookiebot.com *.cookiebot.eu *.friendlycaptcha.eu *.readspeaker.com *.openstreetmap.org formbuilder.online *.flockler.com *.flockler.app *.emailsys1c.net *.emailsys1a.net;  frame-ancestors 'self' https://ibiks.ibrz.de ;  frame-src 'self' *.cookiebot.com *.cookiebot.eu *.youtube-nocookie.com td.doubleclick.net fonts.gstatic.com googleapis.com www.google.com *.emailsys1c.net freiwillig24.de *.freiwillig24.de *.emailsys1a.net *.altruja.de flockler.com *.flockler.com *.cloudflarestream.com *.fundraisingbox.com;  1
default-src 'self'; img-src * data: ; connect-src 'self' data: https://*.authorize.net https://*.squareup.com https://*.convergepay.com https://*.interpaypos.com https://www.google-analytics.com https://*.doubleclick.net https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://connect.facebook.net https://*.authorize.net https://*.stripe.com https://*.squareup.com https://*.squarecdn.com https://*.interpaypos.com https://*.convergepay.com https://*.slimcd.com https://*.ewaypayments.com https://*.bambora.com https://*.bambora.com.au https://*.googleapis.com http://*.googlesyndication.com http://www.googletagservices.com https://www.googletagmanager.com https://www.google-analytics.com https://*.google.ca https://*.google.com https://*.gstatic.com https://*.doubleclick.net; frame-src 'self' https://connect.facebook.net https://*.stripe.com https://*.squareup.com https://*.squarecdn.com https://*.ewaypayments.com https://*.bambora.com https://*.bambora.com.au https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.squarecdn.com https://*.gstatic.com https://*.googleapis.com; font-src 'self' data: blob: https://*.gstatic.com https://*.googleusercontent.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' ajax.googleapis.com www.google-analytics.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' www.google-analytics.com; font-src 'self' fonts.gstatic.com; frame-src https://*.tempurpedic.com; 1
frame-ancestors 'self' https://*.tableau.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.map.baidu.com *.bdimg.com bdimg.share.baidu.com res.wx.qq.com pucha.kaipuyun.cn dcs.conac.cn webservice.coolwei.com www.gov.cn zfwzgl.www.gov.cn *.cnzz.com zfwzgl.www.gov.cn www.changde.gov.cn; object-src 'self'; frame-ancestors http://www.hunan.gov.cn http://120.226.245.226:33525 http://120.226.245.226:33526 1
object-src 'none'; img-src 'self' data: ps.w.org support.brainstormforce.com perf-na1.hsforms.com forms.hsforms.com track.hubspot.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' bpb.opendns.com googletagmanager.com www.googletagmanager.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com js.hubspot.com google.com www.google.com gstatic.com www.gstatic.com js-na1.hs-scripts.com player.vimeo.com youtube.com www.youtube.com platform.twitter.com 1
frame-ancestors https://*.fnol.cz/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.highspeed-at.net puh.highspeed-at.net fonts.googleapis.com fonts.gstatic.com; frame-src mailto: 'self' puh.highspeed-at.net; img-src 'self' data: 1
frame-ancestors 'self' https://milan-jeunesse.com https://app.bayam.tv https://sso.bayard-jeunesse.com https://mention-me.com; 1
default-src 'self';  style-src 'self' 'unsafe-inline' https://*.inside-graph.com https://fonts.googleapis.com https://*.typekit.net;  media-src 'self';  object-src 'none';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.queue-it.net https://*.krxd.net https://bam.nr-data.net https://*.adsrvr.org https://*.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://pixel.mathtag.com https://*.visualwebsiteoptimizer.com https://*.analytics.yahoo.com https://www.google-analytics.com https://s.yimg.com https://js-agent.newrelic.com https://*.inside-graph.com https://staticcdn.co.nz;  img-src 'self' data: https://*.krxd.net https://*.mylotto.co.nz https://*.inside-graph.com https://*.visualwebsiteoptimizer.com https://www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com https://www.google.co.nz https://staticcdn.co.nz https://shielded.co.nz https://*.adsrvr.org https://*.doubleclick.net;  connect-src 'self' https://*.mylotto.co.nz https://misnwhpjb8.execute-api.ap-southeast-2.amazonaws.com https://bam.nr-data.net wss://*.inside-graph.com https://*.inside-graph.com https://*.google-analytics.com https://*.doubleclick.net https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com;  frame-src 'self' https://cornerstonecx.co.nz https://*.krxd.net https://*.adsrvr.org https://*.windcave.com https://*.paymentexpress.com https://*.doubleclick.net https://*.mathtag.com https://*.finrings.com https://*.youtube.com https://*.vimeo.com https://*.wagerworks.com https://*.nz.rgsgames.com https://*.az4.rgsgames.com https://*.i-w-g.com https://*.mylotto.co.nz https://*.flashtalking.com https://staticcdn.co.nz;  font-src 'self' data: https://*.mylotto.co.nz https://mylotto.co.nz https://*.inside-graph.com https://fonts.gstatic.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mofa.gov.np *.mofa.gov.np *.genesesolution.com nepalembassy.org.uk londonembassyevent.pages.dev *.wp.com www.google.com.np *.google.com *.gstatic.com cdn.jsdelivr.net code.jquery.com stackpath.bootstrapcdn.com s.ytimg.com *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mofa.gov.np *.wp.com use.fontawesome.com stackpath.bootstrapcdn.com placehold.it *.facebook.net *.sharethis.com  *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: placehold.it mofa.gov.np *.mofa.gov.np *.wp.com *.w.org *.gstatic.com *.facebook.net *.facebook.com *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' *.youtube.com *.wp.com *.wordpress.com *.google.com *.facebook.net *.facebook.com syndication.twitter.com platform.twitter.com; font-src 'self' data: *.mofa.gov.np *.wp.com fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.com 1
default-src  'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.yimg.com https://*.inpwrd.net https://visitor-service.tealiumiq.com https://tags.tiqcdn.com https://dev.visualwebsiteoptimizer.com https://*.nrgenergy.com https://*.ads-twitter.com/ https://*.tiktok.com https://*.hotjar.com https://js.adsrvr.org/up_loader.1.1.0.js https://*.clarity.ms/s/0.6.34/clarity.js https://stg-wheelock.nrg.com https://wheelock.nrg.com https://cirro.egain.cloud https://cloud-us.analytics-egain.com https://analytics.analytics-egain.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.doubleclick.net https://reliantenergy.sc.omtrdc.net *.bbb.org https://ajax.googleapis.com https://googleads.g.doubleclick.net https://rules.quantcount.com https://*.hotjar.io https://*.hotjar.com https://reliant.egain.cloud https://www.googleadservices.com https://beacon.krxd.net https://consumer.krxd.net https://*.cirroenergy.com https://reliantenergyretails.tt.omtrdc.net https://cdn.jsdelivr.net https://assets.adobedtm.com https://analytics.analytics-egain.com https://assets.adobedtm.com https://www.googletagmanager.com https://bat.bing.com https://secure.quantserve.com https://*.contentsquare.net  https://app.leadsrx.com https://nrg.allegiancetech.com https://cdn.krxd.net https://connect.facebook.net https://siteintercept.allegiancetech.com https://*.cirroenergy.com *.contentsquare.net contentsquare.com https://www.google.com/pagead/conversion_async.js; style-src 'self' 'unsafe-inline' https://use.typekit.net https://*.hotjar.com *.bbb.org https://*.cirroenergy.com https://stg-wheelock.nrg.com https://wheelock.nrg.com https://use.fontawesome.com https://cdn.jsdelivr.net https://cdn.jsdelivr.net https://fonts.googleapis.com https://dev.cirroenergy.com https://cdnjs.cloudflare.com; frame-src 'self' https://www.youtube.com  https://*.sfmc-content.com https://match.adsrvr.org/ https://insight.adsrvr.org https://reliant.egain.cloud https://analytics.analytics-egain.com https://reliantenergyretailservicesllc.demdex.net https://reliantenergy.sc.omtrdc.net https://stg-wheelock.nrg.com https://wheelock.nrg.com https://*.hotjar.io https://*.hotjar.com https://*.doubleclick.net https://cdn.krxd.net csxd.cirroenergy.com; child-src blob:; img-src 'self' data: * *.contentsquare.net https://*.hotjar.com; font-src * https://*.hotjar.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.yimg.com https://collect.tealiumiq.com https://www.redditstatic.com https://dev.visualwebsiteoptimizer.com https://px.ads.linkedin.com https://visitor-service.tealiumiq.com  https://bf94493cun.bf.dynatrace.com https://*.tiktok.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com  https://*.clarity.ms/collect wss://ws26.hotjar.com/api/v2/client/ws https://bat.bing.com https://reliantenergyretailservicesllc.demdex.net https://reliantenergy.sc.omtrdc.net https://stg-wheelock.nrg.com https://wheelock.nrg.com https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.doubleclick.net https://dpm.demdex.net https://*.hotjar.io https://*.hotjar.com https://*.contentsquare.net https://api.ipify.org https://app.leadsrx.com https://*.cirroenergy.com https://www.google-analytics.com https://reliantenergyretails.tt.omtrdc.net https://reliantenergy.sc.omtrdc.net https://cdn.jsdelivr.net https://assets.adobedtm.com *.contentsquare.net; worker-src blob:; 1
upgrade-insecure-requests; block-all-mixed-content; default-src 'self' https://*.omappapi.com https://*.crazyegg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://go.wilmingtonplc.com https://www.googletagmanager.com https://tagmanager.google.com https://snap.licdn.com https://munchkin.marketo.net https://a.omappapi.com/app/ https://api.livechatinc.com https://cdn.livechatinc.com https://app.termly.io https://cdn.shareaholic.net https://m9m6e2w5.stackpathcdn.com https://partner.shareaholic.com https://app.termly.io https://z.omappapi.com/ https://widget.manychat.com https://www.google.com https://script.crazyegg.com/ https://www.shareaholic.com https://www.gstatic.com/recaptcha/releases/3kTz7WGoZLQTivI-amNftGZO/recaptcha__en_gb.js https://www.gstatic.com https://www.coursecheck.com/ https://www.google-analytics.com/ https://cdn.openshareweb.com/ https://wilmingtonplc--uat.sandbox.my.site.com https://wilmingtonplc--uat.sandbox.my.salesforce-scrt.com https://wilmingtonplc--uat.sandbox.my.salesforce.com https://service.force.com https://d.la1-c1cs-lo2.salesforceliveagent.com https://static.lightning.force.com https://wilmingtonplc--uat.sandbox.my.salesforce-sites.com https://wilmingtonplc.my.salesforce.com https://d.la3-c2-fra.salesforceliveagent.com https://wilmingtonplc.my.salesforce-sites.com https://cdn.cookie-script.com/ https://report.cookie-script.com https://www.clarity.ms https://www.buzzsprout.com; worker-src 'self' blob:; object-src 'none'; font-src 'self' https://fonts.gstatic.com https://cdn.livechatinc.com https://m9m6e2w5.stackpathcdn.com https://cdn.openshareweb.com data:; connect-src 'self' https://region1.analytics.google.com https://stats.g.doubleclick.net https://936-frz-719.mktoresp.com https://cdn.linkedin.oribi.io/partner/1212497 https://api.omappapi.com https://app.termly.io https://cdn.linkedin.oribi.io/partner/1212497/domain/int-comp.org/token https://a.omappapi.com https://analytics.shareaholic.com https://www.shareaholic.net https://www.shareaholic.com https://www.google.co.uk https://wilmingtonplc--uat.sandbox.my.salesforce-scrt.com https://*.crazyegg.com https://wilmingtonplc--uat.sandbox.my.salesforce-sites.com https://wilmingtonplc.my.salesforce.com https://wilmingtonplc.my.salesforce-sites.com https://region1.google-analytics.com https://www.google-analytics.com https://www.google.com https://px.ads.linkedin.com https://z.omappapi.com https://r.clarity.ms https://googleads.g.doubleclick.net; img-src https: data: https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; style-src https://www.youtube.com https://go.wilmingtonplc.com https://tagmanager.google.com https://fonts.googleapis.com https://a.omappapi.com/app/ https://wilmingtonplc--uat.sandbox.my.site.com https://service.force.com https://wilmingtonplc--uat.sandbox.my.salesforce-sites.com https://wilmingtonplc.my.salesforce.com https://wilmingtonplc.my.salesforce-sites.com https://*.crazyegg.com 'unsafe-inline' 'self'; media-src https:; frame-ancestors 'self'; base-uri 'self'; frame-src https://www.youtube.com https://widget.trustpilot.com https://www.google.com https://go.wilmingtonplc.com https://secure.livechatinc.com https://cdnapisec.kaltura.com https://app.termly.io https://service.force.com https://td.doubleclick.net https://app.swapcard.com/ https://www.buzzsprout.com/ 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-393618b89d9abae131ccde9992a08826'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
Content-Security-Policy: default-src  https://*.agero.com https://info.agero.com https://*.hubspot.com https://www.agero.com https://*.hubapi.com; frame-src https://info.agero.com https://driverspremier.com https://*.hubspot.com; 1
frame-ancestors 'self' https://ahu.edu https://*.ahu.edu 1
frame-ancestors 'self'; frame-src * data:; media-src * 'self' data: https:; img-src * 'self' data: https:; connect-src 'self' * 'unsafe-inline' data:; base-uri 'self' 'unsafe-inline' gap:; object-src 'none'; script-src-elem * 'unsafe-inline' cdn.evergage.com; style-src * 'unsafe-inline' cdn.evergage.com; script-src 'self' *.bing.com *.cloudfront.net *.cookielaw.org *.cquotient.com *.evergage.com *.evgnet.com *.facebook.com *.facebook.net *.fittingbox.com *.force.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.google-analytics.com googleads.g.doubleclick.net *.onetrust.com *.pagestrip.com *.paypal.com *.paypalobjects.com *.salesforce.com *.la1-c1cs-fra.salesforceliveagent.com *.shoeboxonline.com *.timify.com 'unsafe-eval' 'unsafe-inline'; default-src 'self' *.cloudfront.net service.force.com *.force.com cdn.evergage.com *.cquotient.com *.google-analytics.com *.evergage.com *.evgnet.com *.gstatic.com blob:; worker-src blob:; font-src * cdn.evergage.com data: 1
img-src * data:; style-src 'self' 'unsafe-inline'; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.youtube.com s.ytimg.com *.usercentrics.eu *.googleapis.com *.google.com www.youtube-nocookie.com *.vimeocdn.com *.vimeo.com fonts.gstatic.com www.googletagmanager.com www.google-analytics.com *.facebook.net *.altruja.de altruja.de; 1
default-src 'self'; img-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://*.google-analytics.com data: https://*.natwest.com https://*.gstatic.com https://*.googleusercontent.com https://*.cookielaw.org *.natwestmentor.co.uk *.rbsmentor.co.uk https://*.doubleclick.net https://*.google.com https://*.google.co.uk https://px.ads.linkedin.com https://*.linkedin.com https://*.facebook.com https://*.reddit.com; script-src 'self' 'unsafe-inline' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://*.google-analytics.com https://*.cookielaw.org https://*.onetrust.com https://*.googletagmanager.com https://tagmanager.google.com https://*.googleadservices.com https://snap.licdn.com https://*.facebook.net https://www.datadoghq-browser-agent.eu https://*.googlesyndication.com https://*.redditstatic.com; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com blob: https://*.googletagmanager.com; object-src 'none'; font-src 'self' https://*.gstatic.com; connect-src 'self' https://*.amazonaws.com https://*.path.co.uk https://*.natwestmentor.co.uk https://*.rbsmentor.co.uk https://*.cookielaw.org https://*.onetrust.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net/ https://*.browser-intake-datadoghq.eu https://cdn.linkedin.oribi.io https://px.ads.linkedin.com; media-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://player.vimeo.com *.natwestmentor.co.uk *.rbsmentor.co.uk; frame-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://player.vimeo.com https://view.officeapps.live.com *.natwestmentor.co.uk *.rbsmentor.co.uk https://*.doubleclick.net; worker-src blob:;form-action 'self' *.natwestmentor.co.uk *.rbsmentor.co.uk;manifest-src 'self' *.natwestmentor.co.uk *.rbsmentor.co.uk; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; 1
manifest-src 'self'; script-src 'self' 'unsafe-eval' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js; style-src 'self' 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https: blob: https://immortuos.life:8443/socket.io/ wss://immortuos.life:8443/socket.io/ https://immortuos.life/ https://hls.immortuos.live/; font-src 'self' https: data:; form-action 'self'; frame-src 'self' https:; media-src 'self' https: blob: about: https://sound.immortuos.live:8878/ https://immortuos.life/; worker-src https: blob:; block-all-mixed-content; upgrade-insecure-requests 1
upgrade-insecure-requests; object-src 'none'; block-all-mixed-content; frame-ancestors 'self'; 1
script-src https: 'unsafe-eval' 'unsafe-inline' blob: 1
default-src 'self'; img-src 'self' data: https://app.dynamic.xyz/assets/networks/ https://iconic.dynamic-static-assets.com/icons/ https://sdk.onfido.com https://assets.coingecko.com https://tokens.1inch.io https://etherscan.io https://tokens-data.1inch.io https://s2.coinmarketcap.com; connect-src 'self' https://eth-mainnet.g.alchemy.com/v2/ https://resolver-api.basename.app/v1/addresses/ https://logs.dynamicauth.com/api/v1/ https://arb1.arbitrum.io/rpc https://rpc.ankr.com/eth ws://localhost:3000/ https://api.pimlico.io/v1/kinto-mainnet/ https://api.turnkey.com/public/v1/submit/ wss://relay.walletconnect.com wss://relay.walletconnect.org https://rpc.kinto-rpc.com https://app.dynamicauth.com https://dynamic-static-assets.com https://api-js.mixpanel.com https://eth-mainnet.g.alchemy.com https://arb-mainnet.g.alchemy.com https://base-mainnet.g.alchemy.com https://ingesteer.services-prod.nsvcs.net/rum_collection https://kinto-mainnet.calderachain.xyz/infra-partner-http https://api.onfido.com; font-src 'self' https://cdn.jsdelivr.net/npm/@fontsource/dm-sans/files/; script-src 'self' 'unsafe-eval' https://engen.kinto.xyz https://kinto.xyz https://sdk.onfido.com https://cdn.plaid.com; style-src 'self' 'unsafe-inline' https://sdk.onfido.com; form-action 'self'; base-uri 'self'; frame-src 'self' https://export.turnkey.com/ https://verify.walletconnect.org/ https://verify.walletconnect.com/ https://verify.synaps.io https://verify-corporate.synaps.io https://cdn.plaid.com https://verify.plaid.com https://sdk.onfido.com https://recovery.turnkey.com/ 1
object-src 'none'; frame-ancestors 'self' https://ekatalog.viebrockhaus.de; report-uri https://www.viebrockhaus.de/report-uri/enforce 1
frame-ancestors 'self' https://erleben.landshut.de/ 1
default-src https: 'self'; object-src https: 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* http://* ; style-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js https://cdnjs.cloudflare.com/ajax/libs/jspdf/1.5.3/jspdf.min.js https://code.jquery.com/jquery-1.12.4.js https://code.jquery.com/ui/1.12.1/jquery-ui.js; img-src https: data: 'self'; 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; 1
frame-ancestors 'self' https://*.infor.com https://*.bnl.gov https://*.psu.edu https://*.stanford.edu https://*.jlab.org https://134.79.157.11 https://134.79.157.16 https://134.79.157.15 https://134.79.157.23 https://134.79.157.12 https://134.79.157.76 https://134.79.157.141 https://134.79.157.8 https://134.79.157.72 https://134.79.157.136 https://97.123.171.136 https://216.14.94.3 https://75.161.194.246 https://fmsprd.psft.lbl.gov/ https://*.vinimaya.com/ https://*.inforcloudsuite.com https://iprocure.eu1.inforcloudsuite.com https://iprocure.inforclousuite.com https://qatest1.ipro.dev.inforcloudsuite.com https://*.xfel.eu https://esson.esss.lu.se/ https://essondev.esss.lu.se/ https://*.jaggaer.com/ https://app11.jaggaer.com/ https://*.ariba.com/ https://s1.ariba.com/ https://sbportal.sap.mpg.de https://mpg-connection-test.subseq.net/ http://ohm.npl.co.uk:8005 https://apps.inside.anl.gov/ https://bnl.vinimaya.com/ https://cg.hzdr.de/ https://erp.gentex.com/ https://idp.mit.edu:446/ https://lbl.vinimaya.com/ https://lincs.llnl.gov/ https://lincs-pre.llnl.gov/ https://marketplacedev.vinimaya.com/ https://*.coupahost.com/ https://mit.coupahost.com/ https://*.dig.at/ https://procure.dig.at/ https://quantumscape.coupahost.com/ https://*.sciquest.com/ https://solutions.sciquest.com/ https://staging.govsci.com/ https://*.govsci.com/ https://www.govsci.com/ https://ebp.sap.mpg.de/ https://ornl.vinimaya.com/ https://*.cornell.edu https://*.aquiire.net 1
base-uri 'self';connect-src 'self' studiekeuze123nl.prismic.io *.google-analytics.com *.hotjar.io *.hotjar.com connect.facebook.net wm-backend-prod-dot-watermelonmessenger.appspot.com o970210.ingest.sentry.io/api/5930145/envelope/;default-src 'self';font-src data: fonts.gstatic.com use.fontawesome.com script.hotjar.com;form-action 'self' ymlp.com;img-src 'self' * data: https: *.google-analytics.com *.googletagmanager.com optimize.google.com;media-src 'self';object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' prismic.io static.cdn.prismic.io fonts.googleapis.com *.googleanalytics.com *.google-analytics.com *.googletagmanager.com googleoptimize.com optimize.google.com *.ytimg.com *.youtube.com *.hotjar.com *.adroll.com *.adroll.mgr.consensu.org connect.facebook.net public.tableau.com wm-livechat-2-prod-dot-watermelonmessenger.appspot.com player.tmrrw.nl o970210.ingest.sentry.io/api/5930145/envelope/;style-src 'self' 'unsafe-inline' fonts.googleapis.com optimize.google.com use.fontawesome.com wm-livechat-2-prod-dot-watermelonmessenger.appspot.com;worker-src 'self' blob:;frame-src studiekeuze123nl.prismic.io datastudio.google.com lookerstudio.google.com optimize.google.com *.youtube.com *.youtube-nocookie.com vars.hotjar.com public.tableau.com wm-livechat-2-prod-dot-watermelonmessenger.appspot.com player.tmrrw.nl;report-uri o970210.ingest.sentry.io/api/5930145/envelope/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.dilovamova.com https://webplus.info http://www.google.com https://www.googletagmanager.com https://www.googletagservices.com https://www.chromestatus.com https://www.google-analytics.com https://*.google.com https://adservice.google.com.ua https://*.googlesyndication.com https://*.googleapis.com https://*.googleadservices.com https://ukrbuy.com https://*.acint.net https://*.marketgid.com https://*.herokuapp.com https://graph.facebook.com https://www.linkedin.com https://api.pinterest.com https://*.tovarro.com https://*.doubleclick.net https://*.mgid.com https://*.yottos.com https://misto.travel https://*.ampproject.org http://www.w3.org https://*.steepto.com https://*.trafmag.com https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://www.dilovamova.com https://webplus.info http://www.google.com https://www.googletagmanager.com https://www.googletagservices.com https://www.chromestatus.com https://www.google-analytics.com https://*.google.com https://adservice.google.com.ua https://*.googlesyndication.com https://*.googleapis.com https://*.googleadservices.com https://ukrbuy.com https://*.acint.net https://*.marketgid.com https://*.herokuapp.com https://graph.facebook.com https://www.linkedin.com https://api.pinterest.com https://*.tovarro.com https://*.doubleclick.net https://*.mgid.com https://*.yottos.com https://misto.travel https://*.ampproject.org http://www.w3.org https://*.steepto.com https://*.trafmag.com https://*.gstatic.com; img-src 'self' data: https://www.dilovamova.com https://webplus.info http://www.google.com https://www.googletagmanager.com https://www.googletagservices.com https://www.chromestatus.com https://www.google-analytics.com https://*.google.com https://adservice.google.com.ua https://*.googlesyndication.com https://*.googleapis.com https://*.googleadservices.com https://ukrbuy.com https://*.acint.net https://*.marketgid.com https://*.herokuapp.com https://graph.facebook.com https://www.linkedin.com https://api.pinterest.com https://*.tovarro.com https://*.doubleclick.net https://*.mgid.com https://*.yottos.com https://misto.travel https://*.ampproject.org http://www.w3.org https://*.steepto.com https://*.trafmag.com https://*.gstatic.com; object-src 'self' https://www.dilovamova.com https://webplus.info http://www.google.com https://www.googletagmanager.com https://www.googletagservices.com https://www.chromestatus.com https://www.google-analytics.com https://*.google.com https://adservice.google.com.ua https://*.googlesyndication.com https://*.googleapis.com https://*.googleadservices.com https://ukrbuy.com https://*.acint.net https://*.marketgid.com https://*.herokuapp.com https://graph.facebook.com https://www.linkedin.com https://api.pinterest.com https://*.tovarro.com https://*.doubleclick.net https://*.mgid.com https://*.yottos.com https://misto.travel https://*.ampproject.org http://www.w3.org https://*.steepto.com https://*.trafmag.com https://*.gstatic.com 1
frame-ancestors https://*.geotab.com https://*.actsoft.com 'self' 1
frame-ancestors https://*.kbase.us; 1
frame-ancestors 'self' pi.pardot.com; upgrade-insecure-requests; default-src 'self'; script-src 'self' blob: 'report-sample' 'unsafe-inline' 'unsafe-eval' https://imacorp.com https://*.zendesk.com https://assets.zendesk.com https://code.jquery.com https://connect.facebook.net https://content.linkedin.com https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://go.imacorp.com https://js.facebook.com https://nexus.ensighten.com https://platform.linkedin.com https://pi.pardot.com https://ssl.google-analytics.com https://snap.licdn.com https://static-exp1.licdn.com https://tagmanager.google.com https://theme.zdassets.com https://use.typekit.net https://v2.zopim.com https://www.google-analytics.com https://www.googletagmanager.com https://widget-mediator.zopim.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://*.wufoo.com https://*.wpenginepowered.com *.osano.com *.greenhouse.io; style-src 'self' 'report-sample' 'unsafe-inline' *.imacorp.com imacorp.com *.licdn.com *.typekit.net *.zdassets.com *.wufoo.com code.jquery.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com https://cdnjs.cloudflare.com *.wpenginepowered.com *.osano.com; object-src 'none'; frame-src 'self' *.youtube.com *.facebook.com *.imacorp.com imacorp.com *.wufoo.com go.pardot.com www.googletagmanager.com www.linkedin.com *.google.com *.wpenginepowered.com *.osano.com *.greenhouse.io; child-src 'self' *.imacorp.com imacorp.com *.facebook.com *.wufoo.com connect.facebook.net www.googletagmanager.com *.wpenginepowered.com; img-src 'self' data: blob: *.gstatic.com *.facebook.com *.imacorp.com http://imacorp.com imacorp.com imacorp.com/towerstonecorp imacorp.com/cornerstonerisksolutions *.zopim.io *.zopim.com *.zendesk.com *.zdusercontent.com *.zdassets.com *.typekit.net *.linkedin.com *.licdn.com *.google.com *.google-analytics.com *.wufoo.com code.jquery.com fonts.gstatic.com p.adsymptotic.com www.googletagmanager.com *.gravatar.com *.wpengine.com *.wpenginepowered.com; font-src 'self' data: *.imacorp.com imacorp.com *.zopim.com *.wufoo.com fonts.googleapis.com fonts.gstatic.com use.typekit.net static.zdassets.com cdnjs.cloudflare.com *.cloudflare.com *.wpenginepowered.com; connect-src 'self' wss://widget-mediator *.zopim.io *.zopim.com *.zendesk.com *.zdassets.com *.typekit.net *.linkedin.com *.licdn.com *.google.com *.wufoo.com code.jquery.com fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com *.facebook.com *.wpenginepowered.com *.osano.com; manifest-src 'self'; base-uri 'self'; form-action 'self' *.facebook.com *.wufoo.com connect.facebook.net *.yoast.com; media-src 'self' *.wpengine.com *.wpenginepowered.com *.sliderrevolution.com *.wufoo.com *.imacorp.com imacorp.com imacorp.com/towerstonecorp media.licdn.com static.zdassets.com; worker-src 'self' *.osano.com; 1
default-src data: 'self' https: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.intellumlevel.com *.amazonaws.com *.googleapis.com *.google-analytics.com *.jquery.com *.googleusercontent.com *.githubusercontent.com *.snplow.net *.intellumanalytics.com *.userpilot.io ws://analytex.userpilot.io *.intellumsocial.com *.tribesocial.com *.intellum.com *.youtube.com *.vhall.com *.youtube-nocookie.com *.embedly.com *.embed.ly vimeo.com *.vimeo.com livestream.com *.livestream.com *.brightcove.net *.facebook.com zoom.us *.zoom.us wss://*.zoom.us cdnjs.cloudflare.com *.newrelic.com bam.nr-data.net *.evolveauthoring.com *.feathery.io *.cloudfront.net *.workato.com *.nest.com *.demandbase.com *.company-target.com *.zscaler.net *.widencdn.net *.ytimg.com *.tealiumiq.com *.atdmt.com *.tiqcdn.com *.facebook.net *.gstatic.com *.google.com *.doubleclick.net *.googleadservices.com *.stripe.com *.googletagmanager.com *.googleplex.com *.aptrinsic.com wss://websockets.intellum.com cdn.exceedlms.com *.s.pinimg.com *.pinimg.com *.ct.pinterest.com *.pinterest.com *.connect.facebook.net *.pinterestacademy.com *.cookielaw.org *.onetrust.com *.adsrvr.org adsrvr.org; img-src * data: blob:; media-src * blob: mediastream: data:; frame-ancestors 'self' *.exceedlms.com *.intellumsocial.com *.tribesocial.com *.intellum.com *.youtube.com *.vhall.com *.youtube-nocookie.com *.embedly.com *.embed.ly vimeo.com *.vimeo.com livestream.com *.livestream.com *.brightcove.net *.facebook.com zoom.us *.zoom.us wss://*.zoom.us cdnjs.cloudflare.com *.newrelic.com *.userpilot.io ws://analytex.userpilot.io bam.nr-data.net *.evolveauthoring.com *.feathery.io *.cloudfront.net *.workato.com *.nest.com *.demandbase.com *.company-target.com *.zscaler.net *.widencdn.net *.ytimg.com *.tealiumiq.com *.atdmt.com *.tiqcdn.com *.facebook.net *.gstatic.com *.doubleclick.net *.googleadservices.com *.stripe.com *.googletagmanager.com *.googleplex.com *.aptrinsic.com *.s.pinimg.com *.pinimg.com *.ct.pinterest.com *.pinterest.com *.connect.facebook.net *.pinterestacademy.com *.cookielaw.org *.onetrust.com *.adsrvr.org adsrvr.org; 1
default-src 'self'  ;font-src 'self' *.travel.com.tw fonts.gstatic.com use.fontawesome.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com;img-src *  data: w3.org/svg/2000 ;style-src 'self' *.travel.com.tw cdn.jsdelivr.net kenwheeler.github.io use.fontawesome.com fonts.googleapis.com  maxcdn.bootstrapcdn.com cdnjs.cloudflare.com 'unsafe-inline'; script-src 'self'  'unsafe-inline' 'unsafe-eval'  https: static.addtoany.com code.jquery.com cdn.jsdelivr.net *.google.com *.facebook.net  *.facebook.com *.google-analytics.com *.msecnd.net *.services.visualstudio.com *.googletagmanager.com ajax.googleapis.com maxcdn.bootstrapcdn.com www.googleadservices.com;frame-src static.addtoany.com www.facebook.com googleads.g.doubleclick.net *.google.com.tw *.google.com;connect-src 'self' *.google.com *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.visualstudio.com 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdn.datatables.net connect.facebook.net www.googletagmanager.com www.google-analytics.com gwhs.i.gov.ph cdnjs.cloudflare.com kit.fontawesome.com; connect-src 'self' https://ka-f.fontawesome.com connect.facebook.net www.google-analytics.com; style-src 'self' 'unsafe-inline' cdn.datatables.net ajax.googleapis.com fonts.googleapis.com use.fontawesome.com sachinchoolur.github.io cdnjs.cloudflare.com; font-src 'self' data: ka-f.fontawesome.com use.fontawesome.com fonts.gstatic.com; img-src 'self' data: secure.gravatar.com www.googletagmanager.com www.google-analytics.com; worker-src blob:; frame-src 'self'; 1
frame-ancestors 'self' https://view.ceros.com https://ceros.macfarlanes.com/ https://macfarlanes.preview.ceros.com/; 1
frame-ancestors https://*.bullhornstaffing.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com http://*.hotjar.com:* http://*.hotjar.io http://*.googletagmanager.com http://*.google-analytics.com http://*.gstatic.com http://*.googleapis.com http://*.youtube.com http://*.facebook.com http://*.facebook.net http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://*.clarovideo.net http://*.claromusica.com http://*.claro.com.sv https://*.hotjar.com:* https://*.hotjar.io https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.facebook.com https://tags.bkrtx.com https://stags.bluekai.com https://*.facebook.net https://*.kampyle.com https://*.medallia.com https://*.ads-twitter.com https://*.twitter.com https://t.co https://digitasgt.com https://clubclaro.com.ni https://*.doubleclick.net https://*.adform.net https://*.clarovideo.net https://*.claromusica.com https://*.claro.com.sv https://www.google.com https://stackpath.bootstrapcdn.com https://*.claro.com.ni https://planesclaronicaragua.com https://*.clarity.ms https://universalplus.com https://*.googleadservices.com https://*.teads.tv https://*.tiktok.com https://*.clarodigital.net; media-src mediastream:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://xoxo.zone; img-src 'self' https: data: blob: https://xoxo.zone; style-src 'self' https://xoxo.zone 'nonce-OAmwCdoS5vrZ+bNV7Uyg3Q=='; media-src 'self' https: data: https://xoxo.zone; frame-src 'self' https:; manifest-src 'self' https://xoxo.zone; form-action 'self'; child-src 'self' blob: https://xoxo.zone; worker-src 'self' blob: https://xoxo.zone; connect-src 'self' data: blob: https://xoxo.zone https://xoxo-media.sfo2.cdn.digitaloceanspaces.com wss://xoxo.zone; script-src 'self' https://xoxo.zone 'wasm-unsafe-eval' 1
default-src 'self'; script-src https://www.youtube.com  'unsafe-inline' 'unsafe-eval' https://www.six-dochub.com https://stats.banquedeluxembourg.com https://piwikext.prd.apps.bdl https://sebpcdn.com 'self'; style-src 'unsafe-inline' https://piwikext.prd.apps.bdl https://sebpcdn.com 'self'; img-src  https://i.ytimg.com https://piwikext.prd.apps.bdl https://sebpcdn.com  'self' data:; media-src  https://sebpcdn.com 'self'; connect-src https://stats.banquedeluxembourg.com https://piwikext.prd.apps.bdl https://sebpcdn.com 'self' ;font-src https://sebpcdn.com https://piwikext.prd.apps.bdl 'self' data: ; frame-src https://www.six-dochub.com https://six-dochub.com https://piwikext.prd.apps.bdl https://www.fundinfo.com https://digital.feprecisionplus.com https://www.youtube.com https://player.ausha.co https://wl.fundsquare.net https://www.conventum.lu https://www.youtube-nocookie.com 'self' ; frame-ancestors https://piwikext.prd.apps.bdl/ 'self'; 1
default-src 'self' https:;             worker-src 'self' blob: data:;             script-src 'self' 'unsafe-hashes' 'unsafe-eval' https: https://js.hs-scripts.com http://*.google-analytics.com http://*.googleapis.com https://www.googletagmanager.com *.msecnd.net localhost:*                 'sha256-GQKXR3cnP1TPe6ruNwfhQjFPFnug/AbgXa0yWkWIECc=' 'sha256-HA9BXdIPfcJPBdJ0W3wpOkZJakctvCgcNCIIdgwNxCU='                  'sha256-GpBxliaBvUNzEDR7T9ESwQyfHWrp4dmZUKkM5wRCKjU=' 'sha256-uBGbD14oGXAxc0m4b8kc5bRsgKqzSNe5/BDQgDJp5J0='                 'sha256-a7SwDWHDAlBYQLXTZ3Hc51aA3j9VPWLepBK6w8b9w7E=' 'sha256-eirLmyWA9usjBWVBkMPZLd4NEWmEvUCgyMqmPzhKaMM=' 'sha256-1NHdkzLSqvB4iyfZJDXPIVOp3OAPzWezgzOGtTNtfC8=';                script-src-attr 'self' 'unsafe-inline';          font-src 'self' https: http://*.gstatic.com;           img-src 'self' https: http://*.google-analytics.com http://*.gstatic.com http://*.googleapis.com data:;           connect-src 'self' https: https://js.monitor.azure.com https://westus2-5.in.applicationinsights.azure.com localhost:*;           frame-src *;           style-src 'self' 'unsafe-hashes' https: http://*.googleapis.com                  'sha256-7uHBt5vRwIxn0kJv43ZeZA+qhu1R5kALXmlniU5UUhc=' 'sha256-iZM0adR0InbgA+J6g+Vyi/SdovHNdYNv0w4/Z4L8RZQ='                 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU='                 'sha256-kmGPVWtzfwq6b9fEOy1NmWxrKyxreHZU5tKvRxQpDMA=' 'sha256-k5/nWte4ypyuMgQJaYXGRCM3pEWD6q5VSnA+339I16o='                 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog='                                   'sha256-sXlH6tbt9TJPOE2y1lpIfsBqXcYx8j1AfZITS60Iwmo=' 'sha256-4/gHwqyVKh2014KEWQM1FYnyKXN5KePSUMXwjgLGFz8='                 'sha256-iP2nR74/OZJA/4cy1Ug+d/41EfzWLuOlutm/FvWgmog=' 'sha256-JhCS0emBLziZRHxrVw0Vf2ZCBykAhU+bGVemaHiLezk='                 'sha256-YoOQrCohwOLcjO58W1u2XCDDkpTyDXz19mAIDWod3mA=' 'sha256-YJqyuGu6/H2XHPz3E8Qs3Kd0q5yr5Dz3jNgqb3ie6h4='                 'sha256-wm4uv7VQCfJGIRMVgyJUi5NwL8lNg9HVQEw5iufJAgw=' 'sha256-NyBpYhQlD2gcv/gFjXdaVDGbIoul8rF5az60h6BdziE='                 'sha256-f6efTJvyIlxfThfhHs9rF5Oi8jmD3R8QEcb/LRYRxE0=' 'sha256-Pdwi0GrnlfwGz2lFpsueNE/upkTBhqgIKoWZj9xgahg='                 'sha256-37Kz181k2CmJ0WrPkGfHrpjMSCSid6+k06mYOgrzqkQ=' 'sha256-BKdLneL8DqXhDqbL20NVC/WD8rz/ERsmo6ztI7cjo34='                 'sha256-EaQQo6r+9RnV2p1vUFJvXKePcTv9wd1W3PX5StXBrcE=' 'sha256-WbanUBFU33q5H2bx9VRi3BclXDAtSfuzoi7mOXEwPuw='                 'sha256-IOWYPccv4+GIAWz50PQ4hgBzwty+G8ckj9XrN5jdx6g=' 'sha256-a2VR/Wq1VPr0+3GRY+lEmAQm7wjwwnDtPpcCPs2zTrw='                 'sha256-mmA4m52ZWPKWAzDvKQbF7Qhx9VHCZ2pcEdC0f9Xn/Po=' 'sha256-/VVOq+Ws/EiUxf2CU6tsqsHdOWqBgHSgwBPqCTjYD3U='                 'sha256-VFkcZKIwYxNm8Z6oY+AC70f2fuyHVm5fJgnpOkYBF3Q=' 'sha256-g9aHNH7iF2hhGZYtVVd5mKQSnyLPmXWw5gwiuxBVonI='                 'sha256-VjKqXV9i0mo5RzxvaQpz7qQA91PkjLVqLQGYNI4Cc/I=' 'sha256-NsEzkM762veirpWZeMiqlWTPdCYrm1uJHLzzwfYnDLM='                                  'sha256-s5B5Aj3yyy9qpz6aWVtg2cAvDjZyxULJwm5TZ3VIuGs='                 'sha256-6RN7p33Fdhb0WzjWvMKfDnZoOm31e7UGqBtdsqelMF4=' 'sha256-eM4sNiGKt7Dk2J/lmndBxMxh5LsgW5Sn4l1tmFQvIho='                 'sha256-UXZboCJG4GfhsEgqEvUhLXfNx0TVgBMUv7XoV3JiC1Q=' ;           object-src https:; 1
frame-src 'self' static.addtoany.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://ajax.googleapis.com cdn.jsdelivr.net https://cdn.jsdelivr.net mdbootstrap.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://ajax.googleapis.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://use.fontawesome.com mdbootstrap.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' static.addtoany.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mstdn.games; img-src 'self' https: data: blob: https://mstdn.games; style-src 'self' https://mstdn.games 'nonce-ygPYI/Vmzj7E74LvqYxTQw=='; media-src 'self' https: data: https://mstdn.games; frame-src 'self' https:; manifest-src 'self' https://mstdn.games; form-action 'self'; child-src 'self' blob: https://mstdn.games; worker-src 'self' blob: https://mstdn.games; connect-src 'self' data: blob: https://mstdn.games https://cdn.masto.host wss://mstdn.games; script-src 'self' https://mstdn.games 'wasm-unsafe-eval' 1
default-src 'self' *.golfvantage.com *.letsgo.golf *.azurewebsites.net *.windows.net *.supremegolf.com *.amazonaws.com *.google.com bid.g.doubleclick.net www.facebook.com app.trustlock.co *.spreedly.com *.barstoolgolftime.com; script-src * 'unsafe-inline'; connect-src *; img-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; 1
script-src 'strict-dynamic' https: 'nonce-fh3dzp6ZOFxNPypA9AM81PGBoMPtgubdK+F8q6CoeN0='; connect-src https: *.dynamics.com/ *.azureedge.net/ *.microsoft.com/; frame-ancestors https: *.dynamics.com/ *.azureedge.net/ *.microsoft.com/ 1
default-src https://www.zgf.com; img-src 'self' data: https://www.google-analytics.com; connect-src 'self' data: https://www.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://consent.cookiebot.com https://consentcdn.cookiebot.com; font-src 'self'; frame-src https://player.vimeo.com http://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://consentcdn.cookiebot.com/ 1
default-src 'self' https://eu.fw-cdn.com https://picafreshsaleseu.myfreshworks.com https://abhilashmadhavan-508354047129717916-70e095023c9f1e616675586.freshchat.com https://src.freshmarketer.eu https://www.google-analytics.com https://datatables.net https://cloudflare.com https://cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://picahelpeu.freshchat.com https://picafreshsaleseu.myfreshworks.com https://abhilashmadhavan-508354047129717916-70e095023c9f1e616675586.freshchat.com https://src.freshmarketer.eu https://www.pica.gov.jm https://eu.fw-cdn.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://cloudflare.com https://cdnjs.cloudflare.com https://datatables.net https://cdn.datatables.net https://query.yahooapis.com https://cdn.jsdelivr.net https://ajax.googleapis.com https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://eu.fw-cdn.com https://picafreshsaleseu.myfreshworks.com https://abhilashmadhavan-508354047129717916-70e095023c9f1e616675586.freshchat.com https://src.freshmarketer.eu https://cdnjs.cloudflare.com https://www.google-analytics.com https://ssl.google-analytics.com https://s-static.ak.facebook.com; style-src 'self' 'unsafe-inline' https://picahelpeu.freshchat.com https://eu.fw-cdn.com https://picafreshsaleseu.myfreshworks.com https://abhilashmadhavan-508354047129717916-70e095023c9f1e616675586.freshchat.com https://src.freshmarketer.eu https://cdnjs.cloudflare.com https://datatables.net https://cdn.datatables.net http://fonts.googleapis.com https://cdn.jsdelivr.net; font-src 'self' https://eu.fw-cdn.com https://picafreshsaleseu.myfreshworks.com https://abhilashmadhavan-508354047129717916-70e095023c9f1e616675586.freshchat.com https://src.freshmarketer.eu https://themes.googleusercontent.com https://cdn.jsdelivr.net https://fonts.gstatic.com http://fonts.googleapis.com; frame-src 'self' https://674803454001280.eu.webpush.freshchat.com https://picahelpeu.freshchat.com https://eu.fw-cdn.com https://picafreshsaleseu.myfreshworks.com https://abhilashmadhavan-508354047129717916-70e095023c9f1e616675586.freshchat.com https://src.freshmarketer.eu https://cdnjs.cloudflare.com https://www.google.com https://www.facebook.com https://s-static.ak.facebook.com https://www.youtube.com https://cloudflare.com https://cdnjs.cloudflare.com https://datatables.net https://cdn.datatables.net; object-src https://eu.fw-cdn.com https://picafreshsaleseu.myfreshworks.com https://abhilashmadhavan-508354047129717916-70e095023c9f1e616675586.freshchat.com https://src.freshmarketer.eu https://www.pica.gov.jm https://cloudflare.com https://cdnjs.cloudflare.com https://datatables.net https://cdn.datatables.net https://cdnjs.cloudflare.com 1
font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency *.fonts.googleapis.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net *.googleapis.com googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.iubenda.com *.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net *.googleapis.com googleapis.com *.hcaptcha.com hcaptcha.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency https://hdsunflower-hd1.ycb.me *.addthis.com *.pinterest.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com https://*.gstatic.com *.trackedlink.net *.iubenda.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://img.youtube.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com https://*.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.iubenda.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com *.avada.io chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency https://embed.ycb.me *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.instagram.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com maxcdn.bootstrapcdn.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net *.googleapis.com googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency https://cdn.iubenda.com/iubenda_badge.css tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.iubenda.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ https://get.geojs.io *.avada.io chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency *.cloudflare.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net *.googleapis.com googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none';object-src 'self' livechat.ethias.be;media-src 'self' blob: data: cdn.bluebillywig.com d1p3lxatg21of3.cloudfront.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usabilla.com *.cloudfront.net *.googletagmanager.com *.bing.com *.outbrain.com *.adform.net connect.facebook.net *.hotjar.com assets.adobedtm.com *.ethias.be *.doubleclick.net *.googleadservices.com *.google.com *.google.be *.gstatic.com *.assistant.watson.appdomain.cloud edge.adobedc.net surfly.com https://*.nrb.be:* sc-static.net snap.licdn.com hs.pinimg.com *.tiktok.com tr.snapchat.com s.pinimg.com *.pinterest.com maps.googleapis.com ethias-fail-better-components.fly.dev ethias-fail-better-components-v2.fly.dev ethias.bbvms.com cdn.bluebillywig.com;connect-src 'self' wss://ws.hotjar.com *.hotjar.com *.hotjar.io *.omtrdc.net *.demdex.net *.ethias.be https://eth0014li.ethias.be:8080 edge.adobedc.net *.assistant.watson.appdomain.cloud surfly.com https://*.nrb.be:* ct.pinterest.com *.google.com *.google.be *.linkedin.com tr.outbrain.com *.tiktok.com *.snapchat.com *.googlesyndication.com *.doubleclick.net maps.googleapis.com ethias-fail-better-components.fly.dev ethias-fail-better-components-v2.fly.dev vimeo.com amplify.outbrain.com cdn.bluebillywig.com ethias.bbvms.com;img-src 'self' *.google.com *.google.be *.doubleclick.net *.facebook.com *.outbrain.com *.googletagmanager.com *.cloudfront.net *.usabilla.com *.everesttech.net *.demdex.net *.omtrdc.net *.ethias.be *.gstatic.com *.bing.com ad.doubleclick.net *.linkedin.com data: maps.googleapis.com ethias-fail-better-components.fly.dev ethias-fail-better-components-v2.fly.dev i.vimeocdn.com ethias.bbvms.com stats.bluebillywig.com;style-src 'self' 'unsafe-inline' p.typekit.net fonts.googleapis.com use.typekit.net *.ethias.be f.vimeocdn.com ethias-fail-better-components.fly.dev ethias-fail-better-components-v2.fly.dev;font-src 'self' use.typekit.net fonts.gstatic.com *.ethias.be data: ethias-fail-better-components.fly.dev ethias-fail-better-components-v2.fly.dev;frame-src 'self' *.youtube.com *.cloudfront.net *.vimeo.com *.hotjar.com *.demdex.net *.ethias.be *.google.com *.google.be surfly.com *.doubleclick.net *.snapchat.com *.pinterest.com *.salesforce-sites.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://kendo.cdn.telerik.com https://www.google-analytics.com https://maps.googleapis.com https://apis.google.com https://developers.google.com https://az416426.vo.msecnd.net https://appds8093.blob.core.windows.net https://widget.intercom.io https://js.intercomcdn.com https://share-component-uat.adesaauctionoperations.com/adesa-share-component.js https://share-component.adesaintegrations.com/adesa-share-component.js https://accounts.google.com https://cdn.segment.com/ https://www.googletagmanager.com/; 1
default-src 'self' blob: https://latium.org https://*.latium.org wss://*.latium.org http://storage.latium.org https://www.facebook.com https://stats.g.doubleclick.net https://www.google-analytics.com https://translate.googleapis.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.unsplash.com https://*.sentry.io https://*.squareup.com https://*.squareupsandbox.com; img-src 'self' blob: data: https: http://storage.latium.org http://www.google.com http://translate.google.com; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com https://*.cloudfront.net https://*.squarecdn.com; style-src 'self' 'unsafe-inline' https://prod.latium.org https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.squarecdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://maps.google.com https://maps.googleapis.com https://translate.google.com https://translate-pa.googleapis.com https://translate.googleapis.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://*.hotjar.com https://js.stripe.com https://*.twitter.com https://*.twimg.com https://static.zdassets.com https://connect.facebook.net https://*.sentry-cdn.com https://*.squarecdn.com https://*.squareup.com https://*.squareupsandbox.com; frame-src 'self' https:; media-src 'self' blob: data: https://latium.org https://*.latium.org https://static.zdassets.com; worker-src 'none'; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://use.fontawesome.com; font-src https://use.fontawesome.com https://projects.theo546.fr https://angeldust.ovh https://theo546.ovh data:; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://hcaptcha.com https://newassets.hcaptcha.com https://www.google.com https://www.gstatic.com https://platform.twitter.com blob:; frame-src https://newassets.hcaptcha.com https://www.google.com https://www.youtube.com https://platform.twitter.com; img-src https://theo546.fr https://projects.theo546.fr https://i.ytimg.com https://angeldust.ovh https://theo546.ovh data: blob:; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com ajax.aspnetcdn.com https://www.youtube.com https://s.ytimg.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google.com *.facebook.net *.twitter.com *.googletagmanager.com *.ads-twitter.com *.google-analytics.com *.ytimg.com web-chat.nativechat.com *.googleadservices.com *.g.doubleclick.net bot.ivy.ai widget.alongside.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://tags.srv.stackadapt.com/events.js https://analytics.tiktok.com/i18n/pixel/events.js https://qvdt3feo.com/events.js https://analytics.tiktok.com/i18n/pixel/static/main.MTdjYzNiZDU2MA.js https://analytics.tiktok.com/i18n/pixel/static/identify_bb163.js *.theaccessplatform.com crmwebs.nbcc.ca cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.google.com widget.alongside.com https://tags.srv.stackadapt.com/sa.css 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com www.redditstatic.com *.twimg.com data: blob: *.facebook.com *.facebook.net *.linkedin.com *.ytimg.com *.twitter.com *.googletagmanager.com *.google-analytics.com web-chat.nativechat.com *.googleadservices.com *.google.com t.co *.google.ca *.ivy-cdn.com *.nbcc.ca app.careerbeacon.com//assets/images/widget_powered_by_careerbeacon.png https://analytics.tiktok.com/api/v2/pixel https://analytics.tiktok.com/api/v2/pixel/act; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: bot.ivy.ai; frame-src 'self' *.nbcc.ca *.youtube.com *.google.com *.facebook.com *.googleadservices.com *.g.doubleclick.net *.salesforce.com *.iatspayments.com *.vimeo.com *.campusebookstore.com open.spotify.com tours.smarterspaces.ca *.theaccessplatform.com forms.microsoft.com; connect-src 'self' data: accounts.google.com *.gstatic.com *.google.com *.g.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.google-analytics.com https://px.ads.linkedin.com/wa/ https://tags.srv.stackadapt.com/sa.jpeg https://tags.srv.stackadapt.com/saq_pxl https://tags.srv.stackadapt.com/js_tracking https://analytics.tiktok.com/api/v2/pixel https://analytics.tiktok.com/api/v2/pixel/act https://crmwebs.nbcc.ca/web/newformeditor/CDWidget.js https://crmwebs.nbcc.ca/web/newformeditor/jquery.min.js crmwebs.nbcc.ca prod2-24.canadacentral.logic.azure.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com badge.stumbleupon.com *.facebook.net *.facebook.com 1
frame-ancestors 'self' https://www.rcashasp1.com *.elevate.cafe https://www.yardimarketplace.com https://*.yardimarketplace.com https://*.yardimarketplaceapp.com; report-uri /error/csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com https://dy-api.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net *.mczbf.com *.oppwa.com https://eu-test.oppwa.com/ https://assets.adobedtm.com/ *.acsbapp.com  *.acsbap.com https://acsbapp.com  https://acsbap.com *.wikipedia.org *.qualtrics.com; frame-ancestors *.ariba.com *.qa.merchandisecollection.com *.coupahost.com *.oracleoutsourcing.com *.contentsquare.net *.contentsquare.com *.azureedge.net  ; child-src blob: https://*.staplespromo.com https://*.contentsquare.net https://*.contentsquare.com;  worker-src blob: https://*.staplespromo.com https://*.contentsquare.net https://*.contentsquare.com;  frame-src https://*.qualtrics.com https://*.kaptcha.com https://*.staplespay.com https://*.trustarc.com https://*.staplespromo.com https://eu-prod.oppwa.com https://secure.viewer.zmags.com https://e.issuu.com https://secure.api.viewer.zmags.com/ https://designer.artifi.net/; 1
img-src 'self' https://ssl.google-analytics.com https://www.google.com https://www.google.com.tr https://www.youtube.com https://cdn.perkotek.com https://i.ytimg.com; 1
frame-ancestors 'self' *.davengo.com; 1
frame-ancestors 'self' https://jeune.epide.fr; 1
frame-ancestors 'self' https://oas.esf.edu.hk/  https://oasweb-stg.esf.edu.hk/  https://oasweb-uat.esf.edu.hk/  https://oasweb-dev.esf.edu.hk/  https://oasweb-dev2.esf.edu.hk/ https://srs-uat.esf.edu.hk  https://www.1823.gov.hk https://api.data.gov.hk; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.chimpstatic.com visitjersey.email *.cloudfont.net *.googletagmanager.com blob: *.google-analytics.com cdn.usefathom.com https: data:;style-src 'self' 'unsafe-inline'  https: data:;connect-src 'self' *.google-analytics.com *.analytics.google.com *.doubleclick.net *.teads.tv *.crowdriff.com *.plyr.io sojpublicdata.blob.core.windows.net *.mapbox.com *.algolia.net *.algolianet.com *.tripadvisor.com *.vimeo.com *.akamaized.net *.trackedweb.net *.bugsnag.com *.cookiescan.com *.googlesyndication.com noembed.com *.facebook.com *.google.com *.clarity.ms *.cookiebot.com *.googletagmanager.com *.gstatic.com *.facebook.net manychat.com *.linkedin.oribi.io *.linkedin.com *.adnxs.com cdn.usefathom.com *.smooch.io wss://api.smooch.io data:;font-src 'self' static.tacdn.com *.gstatic.com assets.hootsuite.com data:;img-src 'self' cdn.jersey.com *.google-analytics.com *.analytics.google.com *.cookiescan.com *.facebook.com *.linkedin.com t.co *.doubleclick.net *.google.je *.google.com *.google.co.uk *.netdna-ssl.com *.gravatar.com *.adsymptotic.com *.adnxs.com *.yahoo.com *.teads.tv *.googleadservices.com static.tacdn.com *.vimeocdn.com *.clarity.ms *.bing.com *.cloudfront.net *.magicseaweed.com *.ytimg.com *.google.nl blob: *.youtube.com *.adsrvr.org *.sojern.com *.amazonaws.com *.tripadvisor.co.uk *.cookiebot.com *.googletagmanager.com *.gstatic.com *.facebook.net manychat.com *.adform.net cdn.usefathom.com assets.hootsuite.com data:;frame-src 'self' *.vimeo.com vimeo.com *.youtube.com *.flipsnack.com *.google.com *.instagram.com *.facebook.com *.hdontap.com visitjersey.email *.crowdriff.com magicseaweed.com *.cookiebot.com *.snapsea.io *.ipcamlive.com *.doubleclick.net e.issuu.com ;form-action 'self' *.facebook.com ;object-src 'none' ;frame-ancestors 'self' *.jersey.com visitjersey.email ;base-uri 'none' ; 1
frame-ancestors 'self' https://marialunarillos.com; 1
frame-ancestors 'self' tsssb.unifi.com.my; 1
default-src 'self' data: blob: *.conac.cn  *.gov.cn *.gaokao.cn *.eol.cn *.jiathis.com *.baidu.com *.bshare.cn *.eol.cn *.qq.com *.kaipuyun.cn *.bdimg.com *.wx.qq.com *.people.com.cn *.weibo.com *.m1905.cn 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
upgrade-insecure-requests; frame-ancestors 'self' *.prd.go.th prd.gdcatalog.go.th; 1
frame-ancestors 'self' minezmap.com *.minezmap.com http://minezmap.com http://*.minezmap.com minez-nightswatch.com 1
connect-src 'self' *.facebook.com *.facebook.net  *.google-analytics.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval'; default-src 'self';  script-src 'self' connect.facebook.net graph.facebook.com *.google.com  maps.googleapis.com www.google-analytics.com/analytics.js *.twitter.com *.uservoice.com assets.uvcdn.com cdn.syndication.twimg.com www.gstatic.com cdn.jsdelivr.net  'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com platform.twitter.com 'unsafe-inline';img-src * data: blob:;font-src 'self' fonts.gstatic.com; frame-src 'self' https:; 1
default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' d18kwxxua7ik1y.cloudfront.net d22r54gnmuhwmk.cloudfront.net *.change.org change-production.s3.amazonaws.com change-public-stuff.s3.amazonaws.com *.google.ca *.googleadservices.com *.youtube.com *.doubleclick.net *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.recaptcha.net *.ytimg.com *.facebook.com *.facebook.net *.fbcdn.net fbrpc://* fb-messenger://* ajax.cdnjs.com cdnjs.cloudflare.com service.force.com *.salesforceliveagent.com *.braintreegateway.com *.paypalobjects.com *.paypal.com *.braintree-api.com *.stripe.com *.dlocal.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com px-cdn.net *.px-cdn.net *.px-client.net *.px-cloud.net pxchk.net *.pxchk.net p2a.co *.profitwell.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.messagebird.com secure.everyaction.com d3rse9xjbp8270.cloudfront.net *.ngpvan.com js2.verygoodvault.com *.cloudflarestream.com code.jquery.com player.vimeo.com bat.bing.com soundcloud.com *.soundcloud.com www.instagram.com www.flickr.com *.staticflickr.com *.voteamerica.com *.jotform.com actionnetwork.org *.airbrake.io browser-update.org *.tiktok.com *.bannerbear.com ads.nextdoor.com flask.nextdoor.com *.maze.co us-central1-niftic-agency.cloudfunctions.net/change-starter-image us-central1-niftic-agency.cloudfunctions.net/openai/generate-draft us-central1-niftic-agency.cloudfunctions.net/openai/generate-image cdn.iframe.ly change.my.salesforce.com help.change.org; font-src 'self' data: *.change.org d18kwxxua7ik1y.cloudfront.net d22r54gnmuhwmk.cloudfront.net fonts.gstatic.com d3rse9xjbp8270.cloudfront.net; img-src * blob: data:; form-action 'self'; frame-ancestors 'self' 1
default-src 'self';style-src-elem * 'unsafe-inline';script-src-elem * 'unsafe-inline';script-src * 'unsafe-eval' 'unsafe-inline';style-src * 'unsafe-inline';img-src * 'self' blob: data: https:;font-src * 'self' data: application:;connect-src * 'unsafe-inline';frame-src *.sc.com *.standardchartered.com *.standardchartered.com.tw *.demdex.net *.fls.doubleclick.net 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; frame-ancestors 'self'; font-src * data: 1
default-src https: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com 'unsafe-inline'; object-src 'none'; font-src https: data:; img-src https: data:; 1
default-src 'self' *.google-analytics.com *.doubleclick.net *.adsrvr.org *.cloudfront.net *.google.com *.youtube.com *.braintree-api.com *.braintreegateway.com *.paypal.com *.cardinalcommerce.com *.amazonaws.com *.onemap.sg *.facebook.com  https:; script-src 'self' www.googletagmanager.com www.google-analytics.com google-analytics.com *.adsrvr.org acdn.adnxs.com login.dotomi.com *.dotomi.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net www.googleadservices.com connect.facebook.net *.braintree-api.com *.braintreegateway.com *.fls.doubleclick.net googleads.g.doubleclick.net www.paypalobjects.com *.paypal.com pay.google.comsongbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com www.google.com code.jquery.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com *.adyen.com 'unsafe-inline' https:;style-src 'self' cdnjs.cloudflare.com fonts.googleapis.com *.braintreegateway.com cdn.jsdelivr.net  'unsafe-inline' https:; img-src 'self' assets.braintreegateway.com checkout.paypal.com  data: https:; media-src 'self' *.ascentismedia.com  data: https:; child-src 'self' assets.braintreegateway.com *.paypal.com  'unsafe-inline' 'unsafe-eval' https:; frame-src 'self' assets.braintreegateway.com *.braintreegateway.com *.paypal.com *.cardinalcommerce.com *.google.com *.youtube.com *.adsrvr.org *.doubleclick.net  https:; connect-src 'self' *.braintreegateway.com *.doubleclick.net *.cardinalcommerce.com *.paypal.com *.onemap.sg *.google-analytics.com *.facebook.com *.braintree-api.com *.smooch.io wss:  https:; frame-ancestors 'self' dmp.truoptik.com  https:; font-src 'self' fonts.gstatic.com kit-free.fontawesome.com cdnjs.cloudflare.com  https:; object-src 'self'  https:; 1
default-src 'self';     style-src 'self' 'unsafe-inline' *.adyen.com/ *.teads.tv/ *.hotjar.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.adobeaemcloud.com/ *.hotjar.io/ *.visualstudio.com/ *.bootstrapcdn.com/ *.briteverify.com/ *.channelsight.com/ *.chargebee.com/ *.commander1.com/ *.force.com/ *.google.com/ *.googleapis.com/ *.gstatic.com/ *.live2support.com/ *.lpsnmedia.net/ *.mopinion.com/ *.myfonts.net/ *.onetrust.com/ *.pinterest.com/ *.salesforce-sites.com/ *.scene7.com/ *.sharethis.com/ *.tagcommander.com/ *.teads.tv/ *.visualstudio.com/ *.youtube.com/ *.zencdn.net/;     script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amazon-adsystem.com/ blob: https://js-agent.newrelic.com/ *.algolia.net/ *.algolia.io/ *.addthis.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.addthisedge.com/ *.adobedtm.com/ *.ads-twitter.com/ *.adyen.com/ *.aptaclub.co.uk/ *.aptashop.co.uk/ *.bing.com/ *.candgshop.co.uk/ *.cgbabyclub.co.uk/ *.channelsight.com/ *.chargebee.com/ *.commander1.com/ *.constant.co/ *.danone-dtc.net/ *.digital4danone.com/ *.doubleclick.net/ *.everestjs.net/ *.facebook.net/ *.force.com/ *.gbqofs.com/ *.gigya.com/ *.google-analytics.com/ *.google.co.uk/ *.google.com/ *.googleadservices.com/ *.googleapis.com/ *.googletagmanager.com/ *.gstatic.com/ *.live2support.com/ *.liveperson.net/ *.lpsnmedia.net/ *.monitor.azure.com/ *.mopinion.com/ *.onetrust.com/ *.outbrain.com/ *.pinterest.com/ *.postcodeanywhere.co.uk/ *.salesforce-sites.com/ *.salesforce.com/ *.salesforceliveagent.com/ *.scene7.com/ *.sharethis.com *.tagcommander.com/ *.teads.tv/ *.theadex.com *.trustcommander.net/ *.trustpilot.com/ *.twitter.com *.visualstudio.com/ *.ytimg.com/ ct.captcha-delivery.com http://*.hotjar.com http://*.hotjar.io http://danone.d3.sc.omtrdc.net/ https://*.hotjar.com https://*.hotjar.io https://live2support.com/ https://s.pinimg.com/ https://sc-static.net/ js.datadome.co www.youtube.com/ *.tiktok.com/ *.jsdelivr.net/;     img-src 'self' data: *.adition.com/ *.hotjar.com/ *.hotjar.io/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.adobeaemcloud.com/ *.visualstudio.com/ *.adnxs.com/ *.adyen.com/ *.analytics.google.com/ *.assetsadobe.com/ *.assetsadobe2.com/ *.bing.com/ *.channelsight.com/ *.commander1.com/ *.cx.atdmt.com/ *.danone-dtc.net/ *.danone.com/ *.demdex.net/ *.digital4danone.com/ *.doubleclick.net/ *.everesttech.net/ *.facebook.com/ *.google-analytics.com/ *.google.co.uk/ *.google.com/ *.google.ie/ *.googleapis.com/ *.googletagmanager.com/ *.gstatic.com/ *.hotjar.com *.hotjar.io *.live2support.com/ *.lpsnmedia.net/ *.mookie1.com/ *.omtrdc.net/ *.onetrust.com/ *.outbrain.com/ *.postcodeanywhere.co.uk/ *.salesforce-sites.com/ *.scene7.com/ *.sharethis.com/ *.tagcommander.com/ *.teads.tv/ *.theadex.com/ *.trustcommander.net/ *.twitter.com/ *.visualstudio.com/ *.w3.org/ *.ytimg.com/ http://danonegroup-stage.neolane.net/ http://t.co/ https://ca-live.adyen.com/ https://cscoreproweustor.blob.core.windows.net/ https://ct.pinterest.com/ https://www.google.fr/ https://www.google.nl/;     frame-src 'self' *.algolia.net/ *.algolia.io/ *.addthis.com *.adsrvr.org/ *.adyen.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.amazon-adsystem.com/ *.briteverify.com *.channelsight.com/ *.chargebee.com/ *.cloudfront.net/ *.commander1.com/ *.constant.co/ *.demdex.net/ *.doubleclick.net/ *.facebook.com/ *.flockler.com/ *.force.com/ *.gigya.com/ *.google.com/ *.googleapis.com/ *.live2support.com/ *.liveperson.net/ *.lpsnmedia.net/ *.nutridrink.com.br/onde-encontrar/ *.onetrust.com/ *.proprofs.com/ *.salesforce-sites.com/ *.scene7.com/ *.sharethis.com/ *.spotify.com/ *.tagcommander.com/ *.teads.tv/ *.theadex.com/ *.tohklom.com/ *.trustcommander.net/ *.trustpilot.com *.vimeo.com/ *.visualstudio.com/ *.youtube.com geo.captcha-delivery.com http://*.hotjar.io https://*.hotjar.com https://*.hotjar.io https://aax-eu.amazon-adsystem.com/ https://ketchapi.co.uk/ https://tr.snapchat.com/ www.youtube.com;     connect-src 'self' *.example.com/ *.paa-reporting-advertising.amazon/ *.tapad.com/ *.azure.com/  *.amazon-adsystem.com/ https://bam.eu01.nr-data.net/ *.algolia.net/ *.algolia.io/ *.addthis.com/ *.adyen.com/ *.teads.tv/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.analytics.google.com/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.aptaclub.co.uk/ *.aptashop.co.uk/ *.bing.com/ *.briteverify.com/ *.candgshop.co.uk/ *.cgbabyclub.co.uk/ *.channelsight.com/ *.commercetools.com/ *.danone-dtc.net/ *.demdex.net/ *.digital4danone.com/ *.doubleclick.net/ *.facebook.com/ *.force.com/ *.gbqofs.io/ *.google-analytics.com *.google-analytics.com/ *.googleapis.com/ *.live2support.com/ *.mopinion.com/ *.omtrdc.net/ *.onetrust.com/ *.privacy.trustcommander.net/ *.salesforce-sites.com/ *.scene7.com/ *.sentry.io/ *.sharethis.com/ *.snapchat.com/ *.teads.tv/ *.visualstudio.com/ *.youtube.com/ api-js.datadome.co http://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.com:* https://*.hotjar.io https://api.sphere.io/ https://ct.pinterest.com/ https://lasteventf-tm.everesttech.net/ https://privacy.trustcommander.net/ https://services.postcodeanywhere.co.uk/ wss://*.hotjar.com *.tiktok.com/ *.google.com/;     font-src 'self' data: *.adyen.com/ *.channelsight.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.danone-dtc.net/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.googleapis.com/ *.gstatic.com/ *.gstatic.mopinion.com/ *.live2support.com/ *.onetrust.com/ *.pinterest.com/ *.salesforce-sites.com/ *.scene7.com/ *.teads.tv/ *.visualstudio.com/ http://*.hotjar.com http://*.hotjar.io https://*.hotjar.com https://*.hotjar.io https://gstatic.mopinion.com/ https://vjs.zencdn.net/ *.google.com/;     media-src 'self' *.briteverify.com/ *.channelsight.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.googleapis.com/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.lpsnmedia.net/ *.onetrust.com/ *.pinterest.com/ *.salesforce-sites.com/ *.scene7.com/ *.teads.tv/ *.visualstudio.com/ *.youtube.com/ *.google.com/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' googleadservices.com  www.gstatic.com www.google.com use.mazemap.com walls.io www.googletagmanager.com matomo.cs2.ch www.google-analytics.com www.youtube.com youtube.com player.vimeo.com snap.licdn.com static.zdassets.com connect.facebook.net assets.juicer.io googleads.g.doubleclick.net v2.zopim.com app.friendlyanalytics.ch cdn.cookielaw.org 1
frame-ancestors 'self' http://webvisor.com https://webvisor.com; 1
default-src 'self' https://*.abtasty.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://app-lon10.marketo.com https://www.comeet.com https://*.cookiefirst.com https://widget.freshworks.com *.pusher.com *.freshworksapi.com *.abtasty.com *.gstatic.com *.googleapis.com *.typeform.com https://inject.js https://*.google.com *.googletagmanager.com; font-src 'self' https://*.hotjar.com https://*.hotjar.io blob: data: *.abtasty.com *.gstatic.com *.googleapis.com https://acsbapp.com; img-src 'self' data: https://www.datocms-assets.com https://*.cookiefirst.com https://www.facebook.com https://www.linkedin.com https://linkedin.com https://www.linkedin.com https://*.ads.linkedin.com https://p.adsymptotic.com https://*.hotjar.com https://*.hotjar.io https://widget.freshworks.com https://healthyio.freshdesk.com https://*.google-analytics.com https://*.googletagmanager.com https://*.outbrain.com *.pusher.com *.freshworksapi.com blob: *.abtasty.com *.amazonaws.com https://*.adnxs.com https://*.ml-attr.com https://*.ml-api.io https://*.acsbapp.com https://*.gstatic.com https://*.vimeocdn.com https://*.visualwebsiteoptimizer.com; media-src 'self' data: https://www.datocms-assets.com https://stream.mux.com; frame-src 'self' https://player.vimeo.com https://app-lon10.marketo.com https://www.comeet.com https://www.comeet.co https://www.facebook.com https://*.hotjar.com https://*.hotjar.io https://*.google.com https://*.typeform.com *.abtasty.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://acsbapp.com/apps/app/dist/js/ https://*.cookiefirst.com https://cdn.segment.com https://*.segment.io https://connect.facebook.net https://player.vimeo.com https://*.vimeo.com https://vimeo.com https://app-lon10.marketo.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleoptimize.com https://*.hotjar.com https://*.hotjar.io https://*.outbrain.com https://*.marketo.net *.typeform.com https://widget.freshworks.com *.pusher.com *.freshworksapi.com https://*.google.com https://*.gstatic.com https://www.comeet.com https://www.comeet.co https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://platform.linkedin.com https://snap.licdn.com blob: *.abtasty.com *.googleapis.com https://acsbapp.com https://*.ip2c.net https://*.zoominfo.com https://*.visualwebsiteoptimizer.com; frame-ancestors 'self' https://www.kidney.org; connect-src 'self' https://acsbapp.com/apps/app/dist/js/ https://*.cookiefirst.com https://*.vercel.app https://graphql-listen.datocms.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.googletagmanager.com https://widget.freshworks.com *.pusher.com *.freshworksapi.com https://healthyio.freshdesk.com https://436-TYX-483.mktorest.com https://*.mktoresp.com https://*.linkedin.oribi.io https://*.mktoutil.com https://vimeo.com https://*.acsbapp.com https://*.sentry.io https://*.ip2c.net https://pages.healthy.io https://*.zoominfo.com 1
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' data:; style-src * 'unsafe-inline' 1
img-src * 'self' data:;script-src 'self'       https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com       https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com      https://code.jquery.com http://code.jquery.com 'unsafe-eval' 'unsafe-inline'; 1
base-uri 'self'; default-src 'none'; frame-ancestors 'self'; frame-src 'self' kubota.ca *.kubota.ca as-www-qa-cac-qa-backslot.azurewebsites.net as-www-qa-cac-qa-backslot2.azurewebsites.net as-www-prod-cac-localdeploy1.azurewebsites.net as-www-prod-cac-localdeploy2-stagingbranchprodsettings.azurewebsites.net/ https://info.kubota.ca *.g.doubleclick.net *.fls.doubleclick.net www.facebook.com www.youtube.com www.vimeo.com app.viralsweep.com vars.hotjar.com insight.adsrvr.org; style-src 'self' 'unsafe-inline' kubota.ca *.kubota.ca as-www-qa-cac-qa-backslot.azurewebsites.net as-www-qa-cac-qa-backslot2.azurewebsites.net as-www-prod-cac-localdeploy1.azurewebsites.net as-www-prod-cac-localdeploy2-stagingbranchprodsettings.azurewebsites.net/ *.cloudfront.net cdnjs.cloudflare.com fonts.googleapis.com fast.fonts.net *.sirv.com static.hotjar.com assets.juicer.io app.viralsweep.com cdn.addsearch.com cdn.jsdelivr.net; font-src 'self' data: cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com fast.fonts.net *.juicer.io; img-src 'self' data: blob: 'unsafe-hashes' kubota.ca *.kubota.ca as-www-qa-cac-qa-backslot.azurewebsites.net as-www-qa-cac-qa-backslot2.azurewebsites.net as-www-prod-cac-localdeploy1.azurewebsites.net as-www-prod-cac-localdeploy2-stagingbranchprodsettings.azurewebsites.net/ www.google.ca www.google.com maps.gstatic.com maps.googleapis.com *.cloudfront.net www.google-analytics.com *.sirv.com www.facebook.com cdn.intelligencebank.com pxl.jivox.com insight.adsrvr.org *.hotjar.com assets.juicer.io app.viralsweep.com *.juicer.io *.cdninstagram.com pixel.tapad.com cm.g.doubleclick.net googleads.g.doubleclick.net match.adsrvr.org *.adnxs.com cdn.addsearch.com *.acuityplatform.com *.bidswitch.net ca-gmtdmp.mookie1.com cdn.matomo.cloud; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: kubota.ca *.kubota.ca as-www-qa-cac-qa-backslot.azurewebsites.net as-www-qa-cac-qa-backslot2.azurewebsites.net as-www-prod-cac-localdeploy1.azurewebsites.net as-www-prod-cac-localdeploy2-stagingbranchprodsettings.azurewebsites.net/ *.cloudfront.net cdnjs.cloudflare.com *.raygun.io fast.fonts.net code.createjs.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com connect.facebook.net *.acuityplatform.com *.sirv.com img.en25.com www.youtube.com *.hotjar.com assets.juicer.io app.viralsweep.com script.hotjar.com cdn.addsearch.com cdn.jsdelivr.net js.adsrvr.org insight.adsrvr.org cdn.matomo.cloud www.googleadservices.com; connect-src 'self' kubota.ca *.kubota.ca as-www-qa-cac-qa-backslot.azurewebsites.net as-www-qa-cac-qa-backslot2.azurewebsites.net as-www-prod-cac-localdeploy1.azurewebsites.net as-www-prod-cac-localdeploy2-stagingbranchprodsettings.azurewebsites.net/ www.google-analytics.com www.googletagmanager.com maps.googleapis.com analytics.google.com api.raygun.io *.g.doubleclick.net *.fls.doubleclick.net scripts.sirv.com secure.p01.eloqua.com e.acuityplatform.com *.sirv.com *.juicer.io *.hotjar.com wss://*.hotjar.com *.hotjar.io *.addsearch.com; media-src 'self' cdn.intelligencebank.com; object-src 'self'; manifest-src 'self'; form-action 'self' www.facebook.com 1
default-src 'self' 'unsafe-inline' blob: https://*.vercel.com/ https://*.vercel.live/ https://*.vercel.app/ https://*.vercel-insights.com/ https://www.googletagmanager.com https://*.optimizely.com https://*.segment.com https://*.segment.io https://vimeo.com https://player.vimeo.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.amplitude.com https://sentry.io https://*.sentry.io https://*.mapbox.com https://*.inspectlet.com http://api.amplitude.com https://js.stripe.com https://*.capsule.com https://*.capsulecares.com https://*.capsulerx.com https://hipaa.jotform.com https://*.hotjar.com https://production-capsule-assets.s3.amazonaws.com https://*.google.com https://*.doubleclick.net https://*.amazon-adsystem.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.vercel.com/ https://*.vercel.live/ https://*.vercel.app/ https://*.vercel-insights.com/ https://*.logrocket.io/ https://*.logrocket.com/ https://*.lr-ingest.io/ https://*.lr-in.com/ https://*.lr-in-prod.com/ https://connect.facebook.net https://www.google-analytics.com https://app.link https://www.googleadservices.com https://*.optimizely.com https://*.segment.com https://cdn.amplitude.com https://player.vimeo.com https://assets.customer.io https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://*.inspectlet.com https://*.ns8ds.com http://api.amplitude.com https://js.stripe.com https://*.google.com https://*.capsule.com https://*.capsulecares.com https://*.capsulerx.com https://*.cloudfront.net https://trc.lhmos.com https://*.adnxs.com https://*.hotjar.com https://*.gstatic.com https://*.doubleclick.net https://*.amazon-adsystem.com; img-src 'self' data: blob: https://*.vercel.com/ https://*.vercel.live/ https://*.vercel.app/ https://*.vercel-insights.com/ https://www.facebook.com https://fonts.gstatic.com https://segment.prod.bidr.io https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://*.outbrain.com https://*.ns8ds.com https://hn.inspectlet.com https://*.google.com https://*.customer.io https://s3.amazonaws.com https://*.branch.io https://*.capsule.com https://*.capsulecares.com https://*.capsulerx.com https://lh3.googleusercontent.com https://trc.lhmos.com https://*.adnxs.com https://*.hotjar.com file-storage-service-production.s3.amazonaws.com consumer-apps-public-assets-production.s3.amazonaws.com https://arttrk.com https://*.doubleclick.net https://*.amazon-adsystem.com; connect-src 'self' wss: ws: blob: https://*.vercel.com/ https://*.vercel.live/ https://*.vercel.app/ https://*.vercel-insights.com/ https://*.logrocket.io/ https://*.logrocket.com/ https://*.lr-ingest.io/ https://*.lr-in.com/ https://*.lr-in-prod.com/ https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://*.segment.io https://*.segment.com https://api.amplitude.com https://sentry.io https://*.sentry.io https://*.optimizely.com https://*.branch.io https://vimeo.com https://*.mapbox.com http://*.amplitude.com http://*.inspectlet.com https://*.capsule.com https://*.capsulecares.com https://*.capsulerx.com https://*.cloudfront.net https://cognito-identity.us-east-1.amazonaws.com https://cognito-idp.us-east-1.amazonaws.com https://*.hotjar.com https://*.hotjar.io https://file-storage-service-insecure-production.s3.amazonaws.com https://*.doubleclick.net https://*.amazon-adsystem.com; font-src 'self' data: https://*.vercel.com/ https://*.vercel.live/ https://*.vercel.app/ https://*.vercel-insights.com/ https://fonts.gstatic.com https://*.hotjar.com https://*.capsule.com https://*.capsulecares.com https://*.capsulerx.com; frame-ancestors 'none'; 1
default-src 'self'; script-src 'report-sample' 'self' 'nonce-YzVsxPWS5K8QUR6k1B7JQqIKMhPx8Cfc' 'sha256-ATReICQsd+smV/PvrA4eH+DuxsenS4SxbGcSjySJlBA=' 'sha256-dfdOeclK8W2bc3pLeBjmBZ43zzL2twD8uFtbf+HK8eE=' 'sha256-Zs9dg8fLFqe8K+TMLxmxfh9kDb7kBHV/0xh8wa00FZU=' 'sha256-OjrU+L7RDhz/aEKmd2vXk9Ceps178yu5EltXeLfc/+g=' 'sha256-SYOXwCHIEJhtJXiogYuy6vW8We7ejD+n84SseLc2zwc=' 'sha256-gqP8Er0fEHsOdlI7pPfO6wVvN0f4RJqYSVMuWiiC4M8=' 'sha256-ks1JgVmPiEITuCaKVdvTGZZBhh/DWwWqAc7Ya+aR4BA=' 'sha256-MQULx/SwxpgCJn/YKLCygcj0hlAS/XtQgOhyxtYLn64=' 'sha256-aoeB9tsbYS7XWzsan2Vj9ZSOQFNxxE/T69O2JrgXyiI=' 'sha256-a+7Vi4aOyqYPBLwDdKm+MLKFGMZtuIIFXOAVo4j5OBw=' 'sha256-NC3yY+L6M7syzLGIfXdeXTTJ4Q86J2EiDhQ1wGZ/cSg=' 'sha256-NDrSAa4db/xdtY7ozXMWAfxhz62sskgkiu5neD8xeKs=' 'sha256-eYAFjxJ+b+ITDG3EKtiWhSvWPDOQCew06s2cQT/ybSU=' 'sha256-X9LSowu6ZLWt3t2T8ZZN7HZz9icRPQLUkwmVyZj74VI=' 'sha256-VxyoeC7FS0TZtUpSrUceJ+Wn/bhupvxSlpo41br3t2U=' 'sha256-61vDsr211SKRDeWf26LmbW1/M0Vdem9U5Xpt0nBO2/Y=' 'sha256-gwMjWqLzT+6PAbkcuWmeXKAag+AYqoEf8f4w+kmE/Ds=' 'sha256-T0+S9JfGWikewIenQYVtVUpKs5TCvO7qvagdoRep3l4=' 'sha256-I/lKnsG/ar8+VaAEiDlefvr0Q8kgN1ClsE8655Z0RmM=' 'sha256-XE1MpVjaq8Ok/fYomwPTSm0nIe7Xs0xbFGzG66XpGoc=' 'sha256-GIpI5d+7xnOGj88X+RrdFK2mm5Hcbd/iJJDKNORu7qg=' 'unsafe-eval' https://*.fleurop.ch https://accounts.google.com https://api.livechatinc.com https://assets.emarsys.net https://cdn.onesignal.com https://bat.bing.com https://browser-update.org https://cdn.jsdelivr.net https://cdn.live.mycontentbird.io https://cdn.livechatinc.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://s.pinimg.com https://www.google-analytics.com https://www.googletagmanager.com https://b2d.fleurop.ch https://b2d.fleurop.at https://track.adform.net https://s2.adform.net https://onesignal.com https://assets.pxlecdn.com https://assets.pixlee.com https://*.scarabresearch.com https://*.trustedshops.com https://ct.pinterest.com http://*.trustedshops.com https://ct.pinterest.com; style-src 'report-sample' 'self' 'unsafe-inline' https://accounts.google.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://fast.fonts.net https://onesignal.com https://*.scarabresearch.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://bat.bing.com https://consentcdn.cookiebot.com https://ct.pinterest.com https://maps.googleapis.com https://region1.analytics.google.com https://tag-manager.live.mycontentbird.io https://webchannel-content.eservice.emarsys.net https://www.google.ch https://www.google-analytics.com https://api.livechatinc.com https://www.facebook.com https://graph.facebook.co https://graph.facebook.com https://b2d.fleurop.ch https://b2d.fleurop.at https://onesignal.com https://stats.g.doubleclick.net https://photos.pixlee.co https://photos.pixlee.com https://accounts.google.com https://pagead2.googlesyndication.com https://me-client.eservice.emarsys.net https://*.scarabresearch.com https://*.trustedshops.com http://*.trustedshops.com https://*.etrusted.com http://*.etrusted.com https://*.trustbadge.com http://*.trustbadge.com https://www.google.com https://googleads.g.doubleclick.net; font-src 'self' data: https://cdn.jsdelivr.net https://cdn.livechatinc.com https://fonts.gstatic.com https://*.trustedshops.com http://*.trustedshops.com; frame-src 'self' https://accounts.google.com https://consentcdn.cookiebot.com https://ct.pinterest.com https://secure.livechatinc.com https://tag-manager.live.mycontentbird.io https://www.facebook.com https://track.adform.net https://*.doubleclick.net https://photos.pixlee.co https://photos.pixlee.com https://*.scarabresearch.com https://www.youtube.com; img-src 'self' blob: data: https://*.fleurop.ch https://*.fleurop.at https://bat.bing.com https://ct.pinterest.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://res.cloudinary.com https://www.facebook.com https://www.google-analytics.com https://www.google.ch https://www.google.com https://www.google.de https://www.google.at https://www.google.ro https://www.google.fr https://www.google.it https://www.google.li https://www.google.es https://www.google.co.uk https://www.fleurop.ch https://cdn.livechat-files.com https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://b2d.fleurop.ch https://b2d.fleurop.at https://*.onesignal.com https://assets.pixlee.com https://i.ytimg.com https://www.googleadservices.com https://*.trustedshops.com http://*.trustedshops.com https://imgsct.cookiebot.com https://*.fleuropnet.ch https://www.googletagmanager.com https://ad.doubleclick.net; manifest-src 'self'; media-src 'self'; worker-src 'self' https://assets.emarsys.net https://cdn.onesignal.com; frame-ancestors 'self' https://www.maennerpflanze.ch/; report-uri https://63dd480a1110c9e871bfd356.endpoint.csper.io/?v=2; 1
default-src 'self' *.recaptcha.net *.youtube-nocookie.com *.piwik.pro consentcdn.cookiebot.com *.coveo.com *.adobe.com bcove.video optimize.google.com *.api.brightcove.com api.bcovlive.io *.bcovlive.io *.sep.bcovlive.io bcovlive-a.akamaihd.net *.o.brightcove.com players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com *.boltdns.net brightcove.vo.llnwd.net *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.analytics.edgekey.net *.media.brightcove.com hlstoken-a.akamaihd.net *.gallerysites.net *.bcvp0rtal.com *.brightcovecdn.com manifest.prod.boltdns.net eba-api.uk.experian.com smeservices.uk.experian.com *.hotjar.com sjs.bizographics.com cdn.taboola.com trc.taboola.com *.js.ubembed.com *.events.ubembed.com assets.ubembed.com www.dwin1.com bat.bing.com t.co cdn.smct.co smct.co j.flxpxl.com *.doubleclick.net www.googleadservices.com www.google.com www.googletagmanager.com tagmanager.google.com *.googleapis.com ssl.gstatic.com www.google-analytics.com ssl.google-analytics.com adservice.google.com adservice.google.co.uk www.google.co.uk analytics.twitter.com platform.twitter.com static.ads-twitter.com *.linkedin.com www.facebook.com connect.facebook.net *.outbrain.com builder-assets.unbounce.com *.boldchat.com www.dianomi.com *.pingdom.net *.cloudfront.net *.eloqua.com *.quantserve.com rules.quantcount.com img.en25.com snap.licdn.com secure.livechatinc.com maxcdn.bootstrapcdn.com *.gstatic.com cdn.livechatinc.com themes.googleusercontent.com *.experian.com ui.customsearch.ai hosteduxprod.blob.core.windows.net *.brightcove.com *.brightcove.net vjs.zencdn.net *.adobedtm.com *.demdex.net *.omniture.com *.youtube.com *.hotjar.io; img-src 'self' data: *; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; font-src 'self' data: *; object-src 'none'; media-src * blob:; worker-src blob: 'self'; frame-ancestors 'self'; 1
upgrade-insecure-requests; default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.stalbert.ca https://stalbert.ca https://arcgis.com https://*.arcgis.com https://*.arcgisonline.com https://cdnjs.cloudflare.com https://*.ctctcdn.com https://ecdev.org https://api.ecdev.org https://*.echosign.com https://*.na1.echosign.com https://connect.facebook.net https://*.googleapis.com https://*.google.com https://*.google-analytics.com https://*.googlecode.com https://*.gstatic.com https://googletagmanager.com https://*.googletagmanager.com https://assets.ca.recollect.net https://*.recollect.net https://recollect.net https://*.typekit.net https://widget.twnmm.com https://*.zoomprospector.com; style-src 'self' 'unsafe-inline' https://*.stalbert.ca https://stalbert.ca https://arcgis.com https://*.arcgis.com https://*.arcgisonline.com https://*.ctctcdn.com https://api.ecdev.org https://stalbert.ecdev.org https://*.google.com https://*.googleapis.com https://cdn-images.mailchimp.com https://assets.ca.recollect.net https://recollect.a.ssl.fastly.net https://recollect.net https://widget.twnmm.com https://*.typekit.net; img-src 'self' data: https://*.stalbert.ca https://stalbert.ca https://s3.ca-central-1.amazonaws.com https://arcgis.com https://*.arcgis.com https://*.arcgisonline.com https://static.ctctcdn.com https://www.facebook.com https://*.google.ca https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://www.paypal.com https://www.paypalobjects.com https://assets.ca.recollect.net https://api.recollect.net https://recollect.net https://recollect.a.ssl.fastly.net https://recollect-images.global.ssl.fastly.net https://www.sumac.com https://widget.twnmm.com https://*.typekit.net https://*.ytimg.com; font-src 'self' data: https://*.stalbert.ca https://stalbert.ca https://arcgis.com https://*.arcgis.com https://*.gstatic.com https://recollect.a.ssl.fastly.net https://assets.ca.recollect.net https://recollect.net https://*.typekit.net; frame-src 'self' https://*.stalbert.ca https://stalbert.ca https://anchor.fm https://arcg.is https://arcgis.com https://*.arcgis.com https://environment.alberta.ca https://embed.clearpointstrategy.com https://*.doubleclick.net https://maps.ecdev.org https://stalbert.ecdev.org https://*.echosign.com https://*.na1.echosign.com https://*.google.ca https://*.google.com https://googletagmanager.com https://*.granicus.com https://*.legistar.com https://stalbert.ca.legistar.com/ https://pbtech.org https://assets.ca.recollect.net https://api.recollect.net https://recollect.net https://seeclickfix.com https://e605.spacelist.ca https://monitoringpublic.solaredge.com https://live.tourdash.com https://*.vimeo.com https://*.youtube.com https://*.youtube-nocookie.com https://properties.zoomprospector.com; object-src 'none'; report-uri https://stalbert.report-uri.io/r/default/csp/enforce 1
default-src 'none'; connect-src *; font-src 'self' data: https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://twemoji.maxcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://platform.twitter.com; img-src 'self' data: https:; worker-src 'self'; frame-src https://platform.twitter.com; manifest-src 'self'; report-uri https://fapcoholic.com/csp-report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net https://cdn.pubnub.com https://consent.cookiefirst.com; frame-ancestors 'none' 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' https://player.vimeo.com https://www.youtube.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://unpkg.com https://kit.fontawesome.com https://ka-p.fontawesome.com https://player.vimeo.com https://www.google-analytics.com https://www.buzzsprout.com https://www.termsfeed.com https://analytics.tiktok.com https://www.googletagmanager.com;style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://unpkg.com https://pro.fontawesome.com https://kit.fontawesome.com https://ka-p.fontawesome.com https://use.typekit.net/ https://p.typekit.net;font-src 'self' data: https://fonts.gstatic.com https://unpkg.com https://pro.fontawesome.com https://kit.fontawesome.com https://ka-p.fontawesome.com https://use.typekit.net/ https://cdn.jsdelivr.net/npm/nanogallery2@3/;img-src 'self' data: https://www.poetryinternational.org https://www.google-analytics.com;connect-src 'self' https://ka-p.fontawesome.com https://www.google-analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://analytics.tiktok.com https://kit.fontawesome.com/;frame-src 'self' https://player.vimeo.com https://www.youtube.com https://www.educaplay.com https://www.buzzsprout.com; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: mailto: ms-word: ms-excel: ms-powerpoint: wss: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://www.youtube.com https://s.ytimg.com https://chart.rsf.ru https://*.yandex.ru https://cdnjs.cloudflare.com https://s7.addthis.com https://*.yandex.net https://yastatic.net https://www.gravatar.com https://csi.gstatic.com/ http://maps.google.com/; 1
default-src 'self';       style-src 'self' 'unsafe-inline' fonts.googleapis.com *.cloudflare.com;        script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.cloudflare.com *.cloudfront.net *.helpscout.net webforms.pipedrive.com *.pipedriveassets.com *.lfeeder.com;       font-src 'self' data: fonts.gstatic.com *.cloudflare.com;        img-src 'self' www.google-analytics.com *.lfeeder.com;        connect-src *.cloudfront.net *.google-analytics.com;       media-src 'self' scormfly.blob.core.windows.net;       frame-src www.google.com maps.google.com www.youtube.com scormfly.blob.core.windows.net webforms.pipedrive.com 1
script-src 'nonce-fd93811a0b' https: 1
default-src 'self' blob: *.fitchsolutions.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: ajax.googleapis.com *.doubleclick.net td.doubleclick.net *.td.doubleclick.net *.fitchsolutions.com *.googleadservices.com googleads.g.doubleclick.net *.linkedin.com *.ads.linkedin.com linkedin.com *.ampproject.org app-lon06.marketo.com unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com reveal.clearbit.com *.googletagmanager.com players.brightcove.net *.google-analytics.com *.analytics.google.com analytics.google.com *.evidon.com cdn2.funnelenvy.com assets.map.brightcove.com your.fitchsolutions.com snap.licdn.com static.hotjar.com munchkin.marketo.net js.idio.co script.hotjar.com s.idio.co api.idio.co cdn.jsdelivr.net infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com *.clearbitscripts.com *.clearbit.com *.clearbitjs.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.fitchsolutions.com *.googletagmanager.com use.fontawesome.com unpkg.com app-lon06.marketo.com cdnjs.cloudflare.com fonts.googleapis.com players.brightcove.net ; object-src 'none'; frame-src 'self' *.fitchsolutions.com *.doubleclick.net *.hotjar.com  bid.g.doubleclick.net *.fls.doubleclick.net td.doubleclick.net *.td.doubleclick.net infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com indd.adobe.com *.evidon.com; img-src 'self' data: cf-images.us-east-1.prod.boltdns.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.twitter.com t.co googleads.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com *.ads.linkedin.com linkedin.com *.gstatic.com *.google.co.uk *.fitchsolutions.com metrics.brightcove.com *.evidon.com *.linkedin.com p.adsymptotic.com a.idio.co *.google-analytics.com *.analytics.google.com www.google.com www.google.co td.doubleclick.net *.td.doubleclick.net www.google.co.uk; font-src 'self' data: *.fitchsolutions.com fonts.gstatic.com use.fontawesome.com; media-src 'self' blob: *.fitchsolutions.com *.boltdns.net *.brightcove.com videos.ctfassets.net *.akamaihd.net *.brightcove.net; prefetch-src 'self' *.fitchsolutions.com *.google-analytics.com *.analytics.google.com; connect-src 'self' blob: *.fitchsolutions.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.brightcove.com *.brightcove.net 732-ckh-767.mktoresp.com fx.fitchgroup.co *.boltdns.net *.akamaihd.net *.crazyegg.com *.idio.co *.brightcovecdn.com *.marketo.net *.fitch.group *.evidon.com *.funnelenvy.com *.google-analytics.com *.analytics.google.com fonts.googleapis.com *.piwikpro.com snap.licdn.com images.ctfassets.net fonts.gstatic.com stats.g.doubleclick.net api.sjpf.io api.fpjs.io *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com *.hotjar.com *.hotjar.io notify.bugsnag.com *.clearbit.com cdn.linkedin.oribi.io *.google-analytics.com *.analytics.google.com *.clearbit.com *.linkedin.oribi.io td.doubleclick.net *.td.doubleclick.net *.google.com 1
frame-ancestors 'self' www.scc-events.com; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.pratidintime.com https://jionews.com/ https://jionewsdev1.jio.ril.com/;block-all-mixed-content; 1
frame-ancestors development-au.sfcc-ralphlauren-as.com https://care60.live800.com 1
strict-origin-when-cross-origin 1
style-src 'self' 'unsafe-inline' *.googleapis.com *.google-analytics.com *.gstatic.com *.tenkites.com tkmenus.com partners.designmynight.com atlas.microsoft.com *.cdn-cookieyes.com *.liveres.co.uk *.braintreegateway.com *.sevenrooms.com *.googleads cdn.co-buying.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.13/css/intlTelInput.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css *.designmynight.com *.instagram.com use.typekit.net https://use.typekit.net/wca6end.css https://p.typekit.net https://p.typekit.net/p.css; font-src 'self' data: *.googleapis.com *.google-analytics.com *.gstatic.com *.tenkites.com tkmenus.com atlas.microsoft.com *.liveres.co.uk *.braintreegateway.com *.sevenrooms.com *.googleads cdn.co-buying.com *.designmynight.com *.instagram.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/fa-v4compatibility.ttf https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/fa-v4compatibility.woff2 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/fa-regular-400.ttf https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/fa-brands-400.woff2 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/fa-brands-400.ttf https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/fa-regular-400.woff2 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/fa-solid-900.woff2 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/fa-solid-900.ttf https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/fa-brands-400.woff2 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/fa-brands-400.ttf https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/fa-solid-900.woff2 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/fa-solid-900.ttf https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/fa-regular-400.woff2 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/fa-regular-400.ttf https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/fa-solid-900.woff2 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/fa-solid-900.ttf https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/fa-brands-400.woff2 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/fa-brands-400.ttf https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/fa-regular-400.woff2 use.typekit.net; script-src 'self' 'self' data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleapis.com *.hotjar.com cdn-cookieyes.com *.tiktok.com *.licdn.com *.ads-twitter.com *.twitter.com *.bing.com *.facebook.net *.google.com *.gstatic.com *.google-analytics.com *.exponea.com *.tenkites.com tkmenus.com *.braintreegateway.com menus.tenkites.com partners.designmynight.com code.jquery.com secure.livebookings.com bda.bookatable.com atlas.microsoft.com connect.facebook.net *.liveres.co.uk *.designmynight.com https://songbird.cardinalcommerce.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.13/js/intlTelInput.min.js https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.13/js/utils.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js *.recaptcha.net *.sevenrooms.com *.googleads cdn.co-buying.com *.instagram.com use.typekit.net; worker-src 'self' blob: atlas.microsoft.com; frame-ancestors 'self' *.googleapis.com *.google.com *.google.com *.gstatic.com menus.tenkites.com *.sevenrooms.com cdn.co-buying.com; object-src 'none' 1
upgrade-insecure-requests;             default-src 'none';              base-uri 'self';             script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.alsace.eu/ https://t-stats.alsace.eu/ https://cdn.ampproject.org/ https://www.googletagmanager.com/ https://ajax.googleapis.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.syndication.twimg.com https://platform.twitter.com;                   img-src 'self' https://www.alsace.eu/ https://www.googletagmanager.com/ https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com https://stats.g.doubleclick.net https://tile.openstreetmap.org/ https://a.tile.openstreetmap.fr https://b.tile.openstreetmap.fr https://c.tile.openstreetmap.fr  https://img.youtube.com data:;                   media-src 'self';                                                                          frame-src 'self' https://player.vimeo.com/ https://platform.twitter.com https://www.youtube.com https://www.google.com;                   frame-ancestors 'self';                                                                            font-src 'self' https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://cdn.bas-rhin.fr;                   style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://platform.twitter.com/;                   form-action 'self' ;                   connect-src  'self' https://stats.alsace.eu/ https://t-stats.alsace.eu/ https://data.geopf.fr/geocodage/completion https://platform.twitter.com/ https://api-adresse.data.gouv.fr/ https://nominatim.openstreetmap.org/;                   manifest-src 'self';                   child-src 'self' https://player.vimeo.com/ https://platform.twitter.com https://www.youtube.com https://www.google.com;                   object-src 'self';              report-uri /_csp; 1
default-src 'self' 'unsafe-inline' https: data: blob:; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https: blob: 1
default-src https:; frame-ancestors 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.hsappstatic.net https://*.code.jquery.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hubspot.com https://*.hubspot.net 'strict-dynamic' 'nonce-hwuQ1ejVH4rNtlG2Uc6hQA=='; style-src 'unsafe-inline' 'self' https:; upgrade-insecure-requests; ; 1
object-src 'none'; base-uri 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' lowya.silveregg.net *.low-ya.com *.googletagmanager.com *.mobilus.me *.polyfill.io *.google-analytics.com *.googleanalytics.com *.googleoptimize.com *.mobilus.me *.a8.net *.newrelic.com *.nr-data.net *.hotjar.com *.googleadservices.com *.facebook.net *.ladsp.com *.line-scdn.net *.nakanohito.jp *.yimg.jp *.doubleclick.net *.yahoo.co.jp *.csolution.jp *.google.com *.gstatic.com *.adtdp.com *.criteo.net *.criteo.com *.globalsign.com *.googleapis.com *.qgr.ph appier.net *.appier.net *.qgraph.io *.jquery.com *.amazonaws.com *.smartnews-ads.com *.typekit.net ad.atown.jp *.im-apps.net *.fraudprevention.jp *.datadoghq-browser-agent.com act-d02.catsasp.net *.visumo.io hacobune-contents-api-prod.azure-api.net sp-trk.com amp.azure.net unpkg.com/@google/model-viewer/ cdn.jsdelivr.net/npm/@amplitude/ cdn.amplitude.com *.ads-twitter.com *.bing.com s.pinimg.com ct.pinterest.com *.abtasty.com *.tiktok.com; child-src 'self' youtube.com *.google.com *.googletagmanager.com *.youtube.com *.youtube-nocookie.com *.hotjar.com *.facebook.com *.doubleclick.net *.ladsp.com *.criteo.com asia.creativecdn.com *.fraudprevention.jp blob: *.streaming.media.azure.net *.abtasty.com 1
frame-ancestors 'self' https://signage.vkf-renzel.de https://signage.allnet.de 1
frame-ancestors 'self' *.toppoint.de; 1
upgrade-insecure-requests 1
default-src  'self'  data:;font-src  'self' data: cdn-vsh.runczech.com api.mapy.cz *.gstatic.com;connect-src  'self' *.google.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.facebook.com *.instagram.com *.googlesyndication.com;script-src  'self' 'unsafe-inline' 'unsafe-eval' cdn-vsh.runczech.com *.google.com *.google.cz *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.adform.net *.seznam.cz *.facebook.net api.instagram.com downloads.mailchimp.com *.list-manage.com *.highcharts.com api.mapy.cz s3.amazonaws.com *.cloudfront.net *.activehosted.com *.app-us1.com;script-src-elem  'self' 'unsafe-inline' 'unsafe-eval' cdn-vsh.runczech.com *.google.com *.google.cz *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.adform.net *.seznam.cz *.facebook.net api.instagram.com downloads.mailchimp.com *.list-manage.com *.highcharts.com api.mapy.cz s3.amazonaws.com *.cloudfront.net *.activehosted.com *.app-us1.com;form-action  'self' *.facebook.com *.facebook.net *.3dsecure.gpwebpay.com 3dsecure.gpwebpay.com *.list-manage.com;frame-src  'self' blob: *.runczech.com *.youtube.com *.google.com www.cognitoforms.com www.youtube-nocookie.com *.iplatba.cz *.facebook.com *.facebook.net public.pim.cz e.issuu.com *.gpsguard.eu *.tds-live.com runczech.golibe.com player.vimeo.com *.activetimes.eu activetimes.eu *.runczechresults.com api.mapy.cz;worker-src  'self' blob: *.runczech.com *.youtube.com *.google.com www.cognitoforms.com www.youtube-nocookie.com *.iplatba.cz *.facebook.com *.facebook.net public.pim.cz e.issuu.com *.gpsguard.eu *.tds-live.com runczech.golibe.com player.vimeo.com *.activetimes.eu activetimes.eu *.runczechresults.com api.mapy.cz;frame-ancestors  'self' *.aktualne.cz aktualne.cz;img-src  'self' data: blob: *.runczech.com *.gstatic.com *.googleapis.com *.googlecode.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net cdn-vsh.runczech.com *.facebook.com scontent.cdninstagram.com cdn-images.mailchimp.com *.atdmt.com http://*.staticflickr.com edee.runczech.com http://*.vimeocdn.com *.mapy.cz *.cdninstagram.com *.fbcdn.net  *.google.am *.google.ae *.google.at *.google.be *.google.bg *.google.bj *.google.by *.google.ca *.google.ch *.google.cl *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.ee *.google.es *.google.fi *.google.fr *.google.gr *.google.hr *.google.hu *.google.ie *.google.ies *.google.iq *.google.it *.google.li *.google.lt *.google.lu *.google.md *.google.mk *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si *.google.sk *.google.tn *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.kr *.google.co.nz *.google.co.uk *.google.co.uz *.google.co.za *.google.com.au *.google.com.bh *.google.com.bo *.google.com.br *.google.com.eg *.google.com.gh *.google.com.hk *.google.com.kw *.google.com.mx *.google.com.ng *.google.com.pe *.google.com.ph *.google.com.pk *.google.com.sa *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.vn;style-src  'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com cdn-vsh.runczech.com translate.googleapis.com downloads.mailchimp.com public.pim.cz api.mapy.cz;object-src  'self' 1
default-src 'self' plugout2.halcom.rs data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src 'self' plugout2.halcom.rs data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' plugout2.halcom.rs data: blob: 'unsafe-inline'; img-src 'self' data: blob: 'unsafe-inline'; frame-src 'self' plugout2.halcom.rs com.nexusgroup.plugout: 'unsafe-eval' 'unsafe-inline' data: blob: ; style-src 'self' data: blob: 'unsafe-inline'; font-src 'self' data: blob: 'unsafe-inline'; 1
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.google.com https://accounts.google.com/gsi/style https://*.clarity.ms https://*.cloudfront.net/js/ https://*.crunch.co.uk https://*.dwin1.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googleoptimize.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.infinity-tracking.com https://*.kommunicate.io https://*.omappapi.com https://*.pardot.com https://*.website-files.com https://assets.calendly.com https://bat.bing.com https://cdn.jsdelivr.net/gh/g4knr/crunch-new@1.0.5/ https://cdn.jsdelivr.net/gh/ramp-development/ https://cdn.jsdelivr.net/gh/CrunchWebteam/crunch-calculators@1.1.5/dist/index.js https://cdn.jsdelivr.net/npm/@finsweet/ https://cdnjs.cloudflare.com/ajax/ https://code.jquery.com https://connect.facebook.net https://js.stripe.com https://snap.licdn.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.userguiding.com https://the.sciencebehindecommerce.com https://unpkg.com/@popperjs/ https://unpkg.com/tippy.js@6 https://unpkg.com/tippy.js@6.3.7 https://use.typekit.net/nbb0tca.js https://use.typekit.net/pal0kiz.js https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://www.crunch.uk https://www.pagespeed-mod.com https://www.unpkg.com/iframe-resizer@4.3.5/ https://www.youtube.com https://www.zenaps.com https://ajax.googleapis.com https://use.typekit.net https://cdn.jsdelivr.net/npm/@finsweet/cookie-consent@1 https://d3e54v103j8qbb.cloudfront.net https://cdn.prod.website-files.com cdn.prod.website-files.com assets-global.website-files.com https://widget-assets.crunch.co.uk https://cdnjs.cloudflare.com/ajax/libs/typed.js/2.0.10 https://www.dynamicnumbers.mediahawk.co.uk https://platform-api.sharethis.com https://buttons-config.sharethis.com https://cdn.finsweet.com https://tools.refokus.com/masonry-layout/bundle.v1.0.0.js https://cdn.mida.so https://app.humblytics.com https://app.optibase.io https://cdn.plyr.io https://embed.interactivecalculator.com https://www.interactivecalculator.com https://www.google.com https://www.gstatic.com;  img-src 'self' about: data: 'unsafe-inline' 'unsafe-eval' blob: https://platform-cdn.sharethis.com https://*.ads.linkedin.com https://*.analytics.google.com https://*.clarity.ms https://*.crunch.co.uk https://*.kommunicate.io https://*.omappapi.com https://*.typekit.net https://cdn.prod.website-files.com cdn.prod.website-files.com assets-global.website-files.com https://assets.calendly.com https://c.bing.com/c https://px.ads.linkedin.com https://res.cloudinary.com https://stats.g.doubleclick.net https://*.google.at https://*.google.be https://*.google.ch https://*.google.cn https://*.google.co.kr https://*.google.co.nz https://*.google.co.uk https://*.google.com.at https://*.google.com.im https://*.google.com https://*.google.de https://*.google.dk https://*.google.es https://*.google.fi https://*.google.fr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.no https://*.google.pl https://*.google.se https://*.ytimg.com https://googleads.g.doubleclick.net https://images.unsplash.com https://www.awin1.com https://www.crunch.uk https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com https://www.zenaps.com https://d3e54v103j8qbb.cloudfront.net https://uploads-ssl.webflow.com https://secure.gravatar.com https://cdn.plyr.io https://*.cloudfront.net;  frame-ancestors 'self' https://my.crunch.co.uk/;  manifest-src 'self';  frame-src 'self' https://accounts.google.com https://*.crunch.co.uk https://*.doubleclick.net https://*.kommunicate.io https://airtable.com/embed/ https://cdn.prod.website-files.com cdn.prod.website-files.com assets-global.website-files.com https://calendly.com https://cdn.embedly.com https://fast.wistia.net https://js.stripe.com https://tpc.googlesyndication.com https://webflow.com https://widget.trustpilot.com https://www.crunch.uk https://www.facebook.com https://www.youtube.com https://www.zenaps.com https://streamyard.com https://www.google.com;  worker-src blob:;  style-src 'self' 'unsafe-inline' https://accounts.google.com https://accounts.google.com/gsi/style https://*.crunch.co.uk https://*.googleapis.com https://*.kommunicate.io https://*.omappapi.com https://*.typekit.net https://*.website-files.com https://assets.calendly.com https://use.typekit.net/nbb0tca.css https://www.crunch.uk https://d3e54v103j8qbb.cloudfront.net https://cdn.plyr.io;  connect-src 'self' https://api.mida.so/init/uuid https://api.mida.so/test/setting2 https://api.mida.so/widget/event/W7Gz1ZaVYKMjLBoPqwJQj8 https://api.mida.so/abtest/visitor https://*.analytics.google.com https://*.clarity.ms https://*.crunch.co.uk https://*.google.at https://*.google.be https://*.google.ch https://*.google.cn https://*.google.co.nz https://*.google.co.uk https://*.google.com.at https://*.google.com.im https://*.google.com https://*.google.de https://*.google.dk https://*.google.es https://*.google.fi https://*.google.fr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.no https://*.google.pl https://*.google.se https://*.kommunicate.io https://*.lon.infinity-tracking.com https://*.omappapi.com https://*.userguiding.com https://analytics.google.com https://cdn.prod.website-files.com cdn.prod.website-files.com assets-global.website-files.com https://assets.website-files.com https://cdn.jsdelivr.net/gh/ramp-development/ https://cdn.linkedin.oribi.io https://editor-api.webflow.com https://ict.infinity-tracking.net https://stats.g.doubleclick.net https://the.sciencebehindecommerce.com https://www.facebook.com/tr/ https://www.google-analytics.com https://www.wepowerconnections.com wss://socket2.kommunicate.io https://events.statsigapi.net https://statsigapi.net https://dn.mediahawk.co.uk https://l.sharethis.com https://sessions.bugsnag.com https://notify.bugsnag.com https://px.ads.linkedin.com https://b-fallback.realtime.webflow.com https://webflow-prod-assets.s3.amazonaws.com https://app.humblytics.com https://app.optibase.io https://app.optibase.io/api/script/initialize https://noembed.com https://cdn.plyr.io https://realtime.webflow.com https://ably-realtime.com wss://realtime.webflow.com https://webflow.com;  object-src 'unsafe-inline' data: 'unsafe-eval';  media-src 'self' https://kommunicate.io;  font-src 'self' data: https://cdn.prod.website-files.com cdn.prod.website-files.com assets-global.website-files.com https://assets.website-files.com https://fonts.gstatic.com https://res.cloudinary.com https://use.typekit.net https://d3e54v103j8qbb.cloudfront.net;  base-uri 'self';  report-uri https://services.crunch.co.uk/csp-violations/report/; 1
frame-ancestors 'self' https://*.blkbx.com/ https://nrcha.com/ 1
default-src https://use.fontawesome.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://static.femscat.com; frame-src https://www.juicycash.net; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; img-src 'self' https://www.inet-cash.com https://*.google-analytics.com https://*.googletagmanager.com https://static.femscat.com https://www.juicycash.net https://yezzclips.r.worldssl.net; media-src 'self' https://static.femscat.com https://yezzclips.r.worldssl.net; script-src https://*.googletagmanager.com data: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://www.inet-cash.com https://ajax.googleapis.com/ https://www.google-analytics.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://maxcdn.bootstrapcdn.com https://static.femscat.com https://yezzclips.r.worldssl.net; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://static.femscat.com https://yezzclips.r.worldssl.net https://use.fontawesome.com; frame-ancestors 'none'; 1
default-src https: 'unsafe-eval' 'unsafe-inline' data:; object-src 'none' 1
default-src 'self' *; style-src 'self' 'unsafe-inline' https://*.vercel.app https://fonts.googleapis.com https://tags.srv.stackadapt.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://cdn.mouseflow.com https://js.adstk.io https://i.loopme.me https://js.adsrvr.org https://*.googletagmanager.com https://tags.tiqcdn.com https://static.ads-twitter.com https://*.btstatic.com https://tags.srv.stackadapt.com https://*.yimg.com https://*.googleadservices.com https://*.facebook.net https://acdn.adnxs.com https://*.vercel.app https://api-engage-us.sitecorecloud.io https://cdn.cookielaw.org https://acsbapp.com https://*.acsbapp.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://*.vercel.app; img-src * data:; object-src 'none'; 1
script-src 'self' blob: dcpages.bcbsil.com *.mpeasylink.com *.omtrdc.net *.convertlanguage.com *.bcbsnm.com *.walkme.com *.jquery.com  *.brightcove.com *.tvsquared.com *.marinsm.com *.clarity.ms *.steelhousemedia.com *.stackadapt.com  'sha256-Rqz5HBTdDZqvx9tFQtMxkOrL6I7oKHMPUmejT+2LMw8=' 'sha256-0rnAJ6vApAwYvkwKRItvYvJBuC2Tc6FUGnpWWGKm0s0=' 'sha256-E3D70tU+C9GFn1aNG7ja3BGmXO6SUTBfXNPkiks6YKM=' 'sha256-WiBrp8n6qzXaR53OMuij2Wqky+WBAZHWS4m9u+Y6Vgs=' 'sha256-Bwbsdql2wuxPBfreVcjv4IcQRIm2tK54E/ZtuKmHmLI=' 'sha256-+QoWUsMtJAiKNrS9ddu7252XOoLq26XVwk4TdboDGM0=' 'sha256-EFemVE1/2VPlNZdptBdgN2GjWc7noj81GGGv0MwOyJY=' 'sha256-K83smGC12/mOrMV+5hXYSc0TQHjFQM6XX+Zdj9pBbas=' 'sha256-Fx0LrAqaK0HfpKOTd5jtbUe4X89Fz86oesjqSQUn8Y8=' 'sha256-L+CdrbB/3MWzakKjyzoy8w1eIqDVGrsftnkvJdo4gIc=' 'sha256-ud+TXSHWwW6/Ltq5qioGqWeGcQMxHWR5TiMnvYBaUEk=' 'sha256-BaFk7RP58iF1BkZHdqeujuDXXLld9PS1LiKm9MnnQ2A=' 'sha256-3BUC2uqkLtf11hujvyMEl1NTcrpXaw9M/nxK0qpugE4=' 'sha256-ThHZXYAEciBA4PPtRsuwrM4rS6A27cEeDZfKFgMjOHs=' 'sha256-Fx0LrAqaK0HfpKOTd5jtbUe4X89Fz86oesjqSQUn8Y8=' 'sha256-1jH1jUGW8+/nnNLV4s1f8jHlAtMsBv985QVausqXm5s=' 'sha256-oRdVJzqGJc9xIgrN9giweGhI+uJQxUjkla++Xx19V+M=' 'sha256-P+6dUXh0AE0IknMkVtquEOaJZkrTTlUwjdLsSHSwG90=' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' 'sha256-XpDQ/sKD1Q35z6yrfuUgNaqcpCpmaF6wIFXhd6+xJLo=' 'sha256-39xatTpd5FpCS4XEP4t1a9EhvY/OmWxChEfjA6mbhtU=' 'sha256-N63VR5czWRUyi4yTEGyoam6orM200eR4SB/ndd2vCSE=' 'sha256-fa6IhOXuT1sFDBEux0qFqpXFUwCzHXKUpMweVwvDBK0=' 'sha256-518pk5SuTHe1wO+qPfs05CALGxGj8b7R9joTeyF3MMg=' 'sha256-h1BXcWieM0hfS3GVpaXzPev+V7bbo0VQKstgeMXvP04=' 'sha256-nyYhGb/ogFCXA+jjhnQPaWmEGq7zMi7is/Og/WHHu1U=' 'sha256-MW7xYbbWUIy+vpnrRUsAKgafurRDpmEtw8ibUiTK9kg=' 'sha256-5fsNGF2R9ioLIErxzZqlt7Q+qLwWOmVWJp0buVkNkRY=' 'sha256-JlKI/jgeMVC9UAc3axGPML/PCKwu8dAnBRUHncXK+cQ=' 'sha256-PYtocK3DFaOHMHXcTLPhO1P5IEXMf8cf6Yyf1u0USFQ=' 'sha256-nwxOa/AwuXKhEnQfF8z3U9AQyig3d1tfIX6QLS1c7/U=' 'sha256-GtVr9Zuz9aTjQAj54p9HhTNTu36Dn7NyQh3d7xMZg4k=' 'sha256-prCWgxIMGDrHbwdw5mT2MeFWJJGImVIKxAV7gJOpQ0w=' 'sha256-tU2s1s4syE7gpagiZ/DMk2OM7ZcxzIYUDAn0ZWZZvcw=' 'sha256-IohmHrNbNfYp1N8eOkosBSzsog22PSpNMgxp+rP0ba0=' 'sha256-gdUVY3rNP3d8mugxATRy94Oef9TvyvQv4LByypmpoQM=' 'sha256-Oc0DJ+pN/Q9MEzC3WsStCthU0JXK5IxeTD/NO180ggI=' 'sha256-3R5kPMMUS7lCbC94I1yEP6/LrPcCxCpJkMghRm5vc+M=' 'sha256-TfsnO13RGWJOuqMSQ71jj+6N2s997hJAghDCvf9s9dM=' 'sha256-xri8zZKOW+5jts4GRTZuQGosPS+dSTQJr5bebWtNr90=' 'sha256-zOJVpbdSYuV1KeKh04uYsnYyneK7qLzkfYDw9h6+0KM=' 'sha256-0Cmn/CPjE7iLtaGEpZ3gIbyK7+T2PCg6t/q0GQ8aurU=' 'sha256-+F7WJt5j0JAyOvITKopxkUbW3zrhfgO/64YUDWNfWV4=' 'sha256-V5fb1zKsLvfOQE+Tz3abD2NIZPMKdQKrZG6116lj62Y=' 'sha256-/R+9/01InyDhaLq1zYqbjyPav2dunvCCN1mHJxx026U=' 'sha256-023g/MYKiNi2UHZqb0fjW4jU0C9zmvXY7ylFFTbQLAs=' 'sha256-9w+aFd0ogU/pVs/M0q0ixKcQLrt524ABSMma2ixZRmA=' 'sha256-uvQd362cMOZMihRdpHDQkkQG005hI1hAULGe/1hrq7A=' 'sha256-RLZndXh1nmE1wrQG6kjO6AGpiyGJTN5t/otHymIj8UA=' 'sha256-ttmSnfQfAQQQiV28ls0mnFkkr+dl0cSWZO+7qlgQV7w=' 'sha256-JV3lxBYaKBxEcW9cv7bpM9YrLNCSO2x+5hI319J5VH4=' 'sha256-s1BV33CoxJjYzvmpCjN3WTwdPhNhnco3NW1k5J/YA3o=' 'sha256-7JcAvVdE2sCnsRNg9sUUpEVPc2NLH+qJYzoCeD2nHss=' 'sha256-ehPVrgdV2GwJCE7DAMSg8aCgaSH3TZmA66nZZv8XrTg=' 'sha256-ooG2PlUfrfqVyDZV30w0BK5FwqPKhiPhrYEc3z3R3ow=' 'sha256-5nRGMOmqCmDqDhW/cRGfA1gF0jaDt730ej6AJpe2m9g=' 'sha256-7bwnNunfhUOLCxywkp0xlObo3iqPpAfiCr6IN5IeXCA=' 'sha256-0Pvth24NB2HpvezgdvpJMgDYWi91zp9XQc0lnwVD76I=' 'sha256-VL0W/0a7GGeMu92Qz6/kju/TfhubARqd6hobZ5vR8HM=' 'sha256-G38Y5gB6x7PXV8puXKlJ1t7rV5fLuVPEDLHAb64SY20=' cdn.walkme.com  *.bcbsil.com *.bcbstx.com *.marketo.net *.hcsc.net contentz.mkt922.com healthcareservicecorporation.sc.omtrdc.net resources.digital-cloud-west.medallia.com dx.steelhousemedia.com cdn.decibelinsight.net *.facebook.net *.googleadservices.com bat.bing.com *.googletagmanager.com nexus.ensighten.com *.google-analytics.com js-cdn.dynatrace.com assets.adobedtm.com googleads.g.doubleclick.net gateway.foresee.com dx.steelhousemedia.com *.kampyle.com *.medallia.com, frame-src 'self' dcpages.bcbsil.com *.mpeasylink.com *.bcbsnm.com hcsc.demdex.net players.brightcove.net *.youtube.com resources.digital-cloud-west.medallia.com healthcareservicecorporation.sc.omtrdc.net *.kampyle.com *.medallia.com *.doubleclick.net, frame-ancestors 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://media.bsd.network; font-src 'self' https://media.bsd.network; img-src 'self' data: blob: https://media.bsd.network; style-src 'self' https://media.bsd.network 'nonce-xStKtgzVUogU2v5qjnUFww=='; media-src 'self' data: https://media.bsd.network; frame-src 'self' https:; child-src 'self' blob: https://media.bsd.network; worker-src 'self' blob: https://media.bsd.network; connect-src 'self' blob: data: wss://bsd.network https://media.bsd.network; manifest-src 'self' https://media.bsd.network; form-action 'self' 1
default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'self' 1
default-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;frame-src 'self' https://fonts.googleapis.com;img-src 'self' data: https://fonts.googleapis.com;media-src 'self' https://fonts.googleapis.com;font-src 'self' https://fonts.googleapis.com;connect-src 'self' https://fonts.googleapis.com;script-src 'self' *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.gstatic.com *.typekit.net *.typogoogle.com; 1
default-src https: https://collector.leadinfo.net; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.googletagmanager.com https://imgsct.cookiebot.com https://s.w.org https://ps.w.org https://app-rsrc.getbee.io https://www.mailcamp.nl https://mailcamp.eu https://www.mailcamp.eu https://p.typekit.net https://secure.gravatar.com https://www.google.com https://www.google.nl https://a.omappapi.com https://c.clarity.ms https://www.facebook.com https://bat.bing.com https://c.bing.com; font-src 'self' data: https://use.typekit.net https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.getbee.io https://google.com https://googleapis.com https://gstatic.com https://googletagmanager.com https://www.googletagmanager.com https://google-analytics.com https://omappapi.com https://secure.easy7bear.com https://maxcdn.bootstrapcdn.com; script-src-elem 'self' 'unsafe-inline' https://consentcdn.cookiebot.com https://app-rsrc.getbee.io https://loader.getbee.io https://app.getbee.io https://assets.calendly.com https://use.typekit.net https://consent.cookiebot.com https://maxcdn.bootstrapcdn.com https://googleads.g.doubleclick.net https://cdn.oribi.io https://ajax.googleapis.com https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://google.com https://www.googletagmanager.com https://www.googleadservices.com https://secure.easy7bear.com https://connect.facebook.net https://www.clarity.ms https://a.omappapi.com https://cdn.leadinfo.net https://bat.bing.com; style-src-elem 'self' 'unsafe-inline' https://www.mailcamp.nl https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://a.omappapi.com; frame-src 'self' https://calendly.com https://www.youtube.com https://player.vimeo.com https://securityscorecard.com https://www.google.com https://td.doubleclick.net https://consentcdn.cookiebot.com; frame-ancestors 'self' https://calendly.com https://a.omappapi.com https://mailcamp.eu; object-src 'self' blob:; worker-src 'self' blob: 1
default-src 'self' *.wirth-horn.de 'unsafe-eval' 'unsafe-inline' *.payengine.de *.jobs.personio.de *.etrusted.com *.trustbadge.com *.trustedshops.com www.youtube-nocookie.com *.matomo.cloud; img-src data: *; media-src data: *; style-src 'self' data: 'unsafe-inline' *.wirth-horn.de  https://fonts.googleapis.com *.matomo.cloud; font-src data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.matomo.cloud; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com www.tjk-njk.com *.xvideos.tube *.exoclick.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com wss://*.1ka.com https://*.1ka.com https://media.1ka.com https://u.1ka.com https://n.1ka.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.1ka.com *.xvideos.tube *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.xvideos.tube/csp-reports; report-to csp-endpoint 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: via.tt.se translate.googleapis.com translate.google.com fonts.googleapis.com m1.analytics.sitevision-cloud.se i.ytimg.com gstatic.com www.gstatic.com fonts.gstatic.com kemi.matomo.cloud www.browsealoud.com plus.browsealoud.com plusqa.browsealoud.com *.mediaflow.com mfstatic.com m1.analytics.sitevision-cloud.se speech-eu.speechstream.net speech.speechstream.net siteimproveanalytics.com *.siteimproveanalytics.io https://svanalytics.piwik.pro https://svanalytics.containers.piwik.pro *.entryscape.com data.kemi.se data.naturvardsverket.se; frame-ancestors 'none'; frame-src 'self' qna.kemi.se webapps.kemi.se youtube.com www.youtube.com www.youtube-nocookie.com youtube-nocookie.com google.com www.google.com html5-player.libsyn.com; report-uri /rest-api/CSP-reports/report  1
frame-src 'self' test.authorize.net 1
default-src *; img-src * 'self' data: https://*; font-src 'self' data: https://*; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' https://www.my-garage.ca 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com; style-src 'self' 'unsafe-inline' bam.nr-data.net; connect-src 'self' www.google-analytics.com; base-uri 'self' 1
default-src 'self' 'unsafe-inline' data: *.algolia.net optanon.blob.core.windows.net stats.g.doubleclick.net api.craftcms.com go.pardot.com maps.googleapis.com geolocation.onetrust.com www.google-analytics.com googleads.g.doubleclick.net cdn.cookielaw.org downloads.microscope.healthcare.nikon.com *.healthcare.nikon.com d2yjaub2m73j9n.cloudfront.net; frame-ancestors 'self'; img-src 'self' data: i.ytimg.com cdn.cookielaw.org i.vimeocdn.com pluginicons.craft-cdn.com maps.googleapis.com maps.gstatic.com www.google.com downloads.microscope.healthcare.nikon.com www.google-analytics.com; font-src 'self' data: fast.fonts.net d2yjaub2m73j9n.cloudfront.net; script-src 'self' code.jquery.com optanon.blob.core.windows.net cdnjs.cloudflare.com cdn.jsdelivr.net polyfill.io www.youtube.com ajax.googleapis.com www.gstatic.com www.google.com mktdplp102cdn.azureedge.net maps.googleapis.com go.healthcare.nikon.com use.typekit.net  pi.pardot.com www.googletagmanager.com www.google-analytics.com 'unsafe-eval' 'unsafe-inline' blob: fast.fonts.net www.googleadservices.com cdn.cookielaw.org pages.nikoninst.com pi.pardot.com googleads.g.doubleclick.net ; style-src 'self' 'unsafe-inline' blob: cdn.jsdelivr.net optanon.blob.core.windows.net fast.fonts.net fonts.googleapis.com; frame-src 'self' www.youtube-nocookie.com player.vimeo.com js.stripe.com *.nikon.com pages.nikoninst.com bid.g.doubleclick.net; connect-src 'self' analytics.google.com cdn.cookielaw.org *.onetrust.com www.google-analytics.com stats.g.doubleclick.net 1
default-src blob: 'self' *.mgm.mo; script-src *.mgm.mo *.mlife.mo *.google.com *.gstatic.com *.recaptcha.net *.google-analytics.com *.googleadservices.com *.aliyuncs.com *.tiqcdn.com *.googletagmanager.com hm.baidu.com *.facebook.net *.bing.com *.doubleclick.net blob: 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.mlife.mo fonts.googleapis.com data:; font-src data: *.gstatic.com *.mlife.mo 'self'; img-src * *.mchdevapp01 *.mgm.mo *.mlife.mo  *.mlife.com *.google-analytics.com *.google.com *.google.co.jp *.baidu.com *.facebook.com data: blob: 'self';media-src 'self' *.mlife.mo *.oss-cn-hongkong.aliyuncs.com;frame-src 'self' https://static.mgm.mo/  https://www.mgm.mo/  https://mgm-static.itedigital.cn/ https://8015923.fls.doubleclick.net/ *.youtube.com *.mlife.mo *.recaptcha.net *.facebook.com *.google.com; connect-src 'self' *.mlife.mo *.google-analytics.com *.doubleclick.net *.google.com *.facebook.com; 1
frame-ancestors 'self' https://cottagerentalagency.com https://www.cottagerentalagency.com 1
frame-ancestors 'self' http://www.philips.co.id *.philips.com *.philips.co.id https://philipsigtdpv.com 1
frame-ancestors 'self' www.skaki64.gr skaki64.gr 1
frame-ancestors 'self' *.drugsredalert.nl *.drugs-test.nl *.medialift.nl *.drugsinfo.nl *.readymag.com readymag.com *.alcoholinfo.nl *.allesoverdrinken.nl *.ledd.nl *.trimbos.nl *.drugsenuitgaan.nl *.helderopvoeden.nl *.rokeninfo.nl *.verslaafdaanjou.nl *.gokkeninfo.nl *.gameninfo.nl *.mentaalvitaal.nl *.helderopschool.nl *.geweldinjeugdzorginfo.nl *.nationaledrugmonitor.nl *.trimbosportaal.nl *.ican-app.nl ican-app.nl; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hsforms.com *.hsforms.net iconoclast-mb.com *.clickagy.com js.zohocdn.com js.zohostatic.com *.hubspot.com www.clarity.ms bat.bing.com widget.trustpilot.com js.hscta.net salesiq.zoho.com salesiq.zohopublic.com snap.licdn.com tags.clickagy.com *.googleanalytics.com *.google.com g9706132415.co *.googleoptimize.com *.doubleclick.net *.googleadservices.com *.hs-banner.com *.usemessages.com *.hscollectedforms.net *.hsadspixel.net *.hs-analytics.net *.zoominfo.com *.hs-scripts.com *.googletagmanager.com *.hotjar.com *.github.io vimkit.io *.cloudfront.net *.webflow.com *.youtube.com *.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net; frame-src 'self' widget.trustpilot.com *.google.com *.doubleclick.net app.hubspot.com *.hotjar.com *.youtube.com salesiq.zohopublic.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com *.hsforms.com *.hsforms.net; object-src 'self'; frame-ancestors 'self' *.gofax.com.au; 1
frame-ancestors 'self' https://info.mercadona.es https://www.mercadona.pt; 1
frame-ancestors cms.vistry.co.uk devcms.vistry.co.uk uatcms.vistry.co.uk 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://bettermarketing.pub https://*.bettermarketing.pub https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src 'self'; img-src * data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com maps.googleapis.com www.google-analytics.com www.youtube.com code.jquery.com cdnjs.cloudflare.com www.googletagmanager.com; connect-src 'self' wss://global.vss.twilio.com wss://sdkgw.us1.twilio.com maps.googleapis.com analytics.google.com www.google-analytics.com stats.g.doubleclick.net; font-src 'self' http: fonts.gstatic.com maxcdn.bootstrapcdn.com; frame-src http: docusign.net; media-src mediastream: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: ; report-uri /security-report.php 1
script-src 'self' 'unsafe-eval' localhost:8080 cdn1.readspeaker.com use.typekit.net p.typekit.net www.googletagmanager.com *.google-analytics.com 'unsafe-inline'; connect-src 'self' stats.g.doubleclick.net app-eu.readspeaker.com rstts-eu.readspeaker.com vttts-eu.readspeaker.com media-eu.readspeaker.com cdn1.readspeaker.com ws://localhost:8080/ http://localhost:8080/ https://*.google-analytics.com/; font-src 'self' data: use.typekit.net; frame-src 'self' *.youtube.com *.youtube-nocookie.com youtu.be app-eu.readspeaker.com 1
default-src temu: *.temu.com *.kwcdn.com wss://*.temu.com *.paypal.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com *.googleusercontent.com www.googleadservices.com www.google.cn www.google.com.hk www.google.co.uk www.google.ca www.google.com.au www.google.co.nz google.com connect.facebook.net www.facebook.com appleid.cdn-apple.com socialplugin.facebook.net *.cash.app *.forter.com www.paypalobjects.com *.braintree-api.com *.braintreegateway.com cash-f.squarecdn.com api.squareup.com api.lab.amplitude.com *.paidy.com *.cardinalcommerce.com *.stripe.com d3nocrch4qti4v.cloudfront.net duuytoqss3gu4.cloudfront.net df45ay5pw60dy.cloudfront.net d2o5idwacg3gyw.cloudfront.net d3lqotgbn3npr.cloudfront.net d6rak4b14t5gp.cloudfront.net dlthst9q2beh8.cloudfront.net o160250.ingest.sentry.io *.pagoefectivo.pe wauth.teledit.com blob: data: 'unsafe-eval' 'unsafe-inline' 'wasm-unsafe-eval'; report-uri /api/sec-csp/110000006/enforce 1
child-src 'self' https://*.easyeda.com https://cart.jlcpcb.com https://jlcpcb.com www.google.com https://www.youtube.com; frame-ancestors 'self' https://cart.jlcpcb.com https://jlcpcb.com www.google.com https://www.youtube.com 1
default-src 'self' altcensored.com *.altcensored.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.altcensored.com; media-src 'self' *.altcensored.com archive.org *.archive.org; img-src * data:; font-src 'self' data:; frame-src *; frame-ancestors * data: 1
default-src 'self' ; base-uri 'none'; style-src 'self' 'unsafe-inline' https://fast.fonts.net/ https://eu5.bookingkit.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://6896ed1a7fe8514b9c830dc0f45dbf2e.widget.bookingkit.net https://eu5.bookingkit.de https://*.googletagmanager.com https://www.google-analytics.com; img-src 'self' data: https://content.contagt.com https://eu5.bookingkit.de https://cdn.bookingkit.de http://webcam.wilhelma.de https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com https://www.google.de; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://www.onlineticket.wilhelma.de/ https://embed.cn.gt https://wilhelma.projekte.bauer-kirch.de/ https://www.google.com https://eu5.bookingkit.de https://www.ipg-online.com/ https://www.ipg-online.com/ https://pay.syrcon.com/*; font-src 'self' ; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net; manifest-src 'none' 1
font-src 'self' *.gstatic.com data:; img-src 'self'; 1
default-src * data: blob: https:; script-src *.terme-olimia.com *.gooya.io *.phobs.net *.sos-sw.si *.googletagmanager.com *.cloudflare.com *.googlesyndication.com *.bootstrapcdn.com *.gstatic.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.google.com *.facebook.net *.intelliad.de *.doubleclick.net *.sentry-cdn.com *.hotjar.com *.iprom.net *.iprom.si *.google.si cdn-cookieyes.com *.criteo.com 'unsafe-inline' 'unsafe-eval'; style-src *.gooya.io *.terme-olimia.com *.phobs.net *.googleapis.com *.google.com  *.sos-sw.si *.googletagmanager.com 'unsafe-inline' 1
default-src 'self' equisoft.com *.equisoft.com uctcorp.com https://*.wistia.com https://*.wistia.net https://consent.cookiebot.com; script-src 'self' 'strict-dynamic' *.clarity.ms *.outbrain.com https://www.redditstatic.com https://amplify.outbrain.com snap.licdn.com ajax.googleapis.com e.infogram.com code.jquery.com api.ipstack.com cdnjs.cloudflare.com www.facebook.com connect.facebook.net https://bat.bing.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googletagmanager.com https://*.wistia.com https://*.wistia.net https://src.litix.io *.cookiebot.com *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net 'nonce-bWZvcXRidGFzZXdrcXZoZGtuYWZwaW14amd2YmFpbm13Zmpq' 'nonce-Y2Rkd2tkbnFwZHNrYm5rZnNtcnZvb2tiYWlta2JxcGZ1Z3B5' 'nonce-d3FmYXV5aGxtZ213bmFmdnBwbWdxeXBkc2ludHdlamtjcGlx' 'nonce-bGZqa2NtZHhmdGtndGl3cXFwaWRkZHJ3aWFzcW50cXVwZm11' 'nonce-bXFuY3djZ3Rrc2tyb2tlbmJ0YXljcnF0eHNocHFheGN3Ymxz' 'nonce-aWJqc2drZm1yemFuYXl4YnNhdmFldXVwdWprb2dnZXdrZ2Vv' 'nonce-emNtdmtkY3dzeXFhdGZkYmpneHdld2Jnc3VhZmphaGdib21o' 'nonce-32d2e51135b74c241441a38d78fffcaa28083090f82a' 'nonce-b2f080b28dcd56d49278388085381e272214965bd624' 'nonce-b3bd8eb88385e50413e67ad3e47197d0761957d86b59'; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com blob: https://fast.wistia.com cdn2.hubspot.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net; img-src 'self' * alb.reddit.com *.cookiebot.com *.clarity.ms *.bing.com *.facebook.com https://static.hsappstatic.net https://px.ads.linkedin.com https://www.glassdoor.ca https://equisoft.imgix.net https://equisoft-staging.imgix.net https://googleads.g.doubleclick.net https://www.google.com https://analytics.google.com www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com data: https://*.wistia.com https://*.wistia.net js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net; connect-src 'self' *.craftcms.com *.outbrain.com *.clarity.ms *.facebook.com *.wistia.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.litix.io https://*.wistia.com https://*.algolia.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://hubspot-forms-static-embed.s3.amazonaws.com https://www.redditstatic.com https://conversions-config.reddit.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com api.ipstack.com; font-src data: https://fonts.gstatic.com https://*.wistia.com http://equisoft.localhost equisoft.com *.equisoft.com uctcorp.com *.uctcorp.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net; frame-src 'self' play.libsyn.com www.facebook.com e.infogram.com *.doubleclick.net https://fast.wistia.com https://fast.wistia.net https://consentcdn.cookiebot.com https://consent.cookiebot.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com; child-src blob: *.hsforms.com; worker-src 'self' blob:; base-uri 'none'; 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com www1.cultfurniture.com; base-uri 'self'; object-src 'none' 1
default-src 'self' cdn.wcc.heine-shop.nl https://cdn.wcc.heine-shop.nl/graphql;    base-uri 'self' widget.solvemate.com;    font-src 'self' cdn.wcc.heine-shop.nl https://fonts.gstatic.com data: widget.solvemate.com *.dixa.io https://*.userwerk.com;    img-src * data: https://*.userwerk.com;    connect-src 'self' https://cdn.wcc.heine-shop.nl/graphql cdn.wcc.heine-shop.nl cdn.witt.info/ https://images.ctfassets.net te.heine-shop.nl tp.heine-shop.nl wasp.heine-shop.nl wst.heine-shop.nl https://*.analytics.google.com https://*.facebook.com https://*.contentsquare.net https://*.my.onetrust.eu https://*.google-analytics.com https://bat.bing.com eu-witt-gruppe-prod1.mini.snplow.net https://www.google-analytics.com https://www.jsctool.com https://adservice.google.com/pagead/ https://graphql.contentful.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://geolocation.onetrust.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ https://*.creativecdn.com https://*.googlesyndication.com https://*.optimizely.com ct.pinterest.com https://jsctool.com checkout-cdn.aboutyou.cloud checkout-v3.wcc.heine-shop.nl https://*.ingest.sentry.io api.solvemate.com widget.solvemate.com relay.solvemate.com *.dixa.io wss://sockets.dixa.io https://*.userwerk.com https://maps.googleapis.com;    object-src 'none';    child-src blob: ;    script-src * 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.paypal.com blob: *.dixa.io https://*.userwerk.com;    style-src 'self' cdn.wcc.heine-shop.nl https://www.googletagmanager.com https://fonts.googleapis.com 'unsafe-inline' d.heine-shop.nl checkout-cdn.aboutyou.cloud https://*.adyen.com https://*.paypal.com blob: widget.solvemate.com *.dixa.io;    frame-src 'self' checkout-v3.wcc.heine-shop.nl https://*.awin1.com https://*.criteo.net https://*.criteo.com https://*.adrtx.net https://*.contentsquare.net https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://dmp.theadex.com https://5127363.fls.doubleclick.net https://12769738.fls.doubleclick.net https://www.jsctool.com https://creativecdn.com/ https://fledge-eu.creativecdn.com/ https://tbs.tradedoubler.com/ https://survey2.quantilope.com/ https://*.adyen.com https://*.paypal.com https://*.computop-paygate.com blob: *.dixa.io https://*.userwerk.com;    media-src 'self' cdn.wcc.heine-shop.nl cdn.witt.info/ https://images.ctfassets.net https://videos.ctfassets.net https://www.youtube.com https://witt-gruppe-res.cloudinary.com *.dixa.io;    manifest-src 'self' cdn.wcc.heine-shop.nl *.dixa.io;    worker-src 'self' cdn.wcc.heine-shop.nl blob:;    form-action 'self' www.facebook.com https://*.userwerk.com;    block-all-mixed-content;    frame-ancestors 'self' https://app.contentful.com;    sandbox allow-scripts allow-forms allow-same-origin allow-top-navigation allow-popups allow-popups-to-escape-sandbox allow-modals; 1
frame-ancestors https://*.castr.com https://*.castr.io https://*.faithvalues.media https://faithandvalues.b-cdn.net https://donorbox.org https://www.google-analytics.com https://s3.us-central-1.wasabisys.com https://*.us-central-1.wasabisys.com https://www.googletagmanager.com https://td.doubleclick.net; frame-src https://*.castr.com https://*.castr.io https://*.faithvalues.media https://faithandvalues.b-cdn.net https://donorbox.org https://www.google-analytics.com https://s3.us-central-1.wasabisys.com https://*.us-central-1.wasabisys.com https://www.googletagmanager.com https://td.doubleclick.net 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.radio; img-src 'self' https: data: blob: https://mastodon.radio; style-src 'self' https://mastodon.radio 'nonce-81sQXGl3LLjuzYExSTfh+A=='; media-src 'self' https: data: https://mastodon.radio; frame-src 'self' https:; manifest-src 'self' https://mastodon.radio; form-action 'self'; child-src 'self' blob: https://mastodon.radio; worker-src 'self' blob: https://mastodon.radio; connect-src 'self' data: blob: https://mastodon.radio https://mastodon.radio wss://mastodon.radio; script-src 'self' https://mastodon.radio 'wasm-unsafe-eval' 1
default-src 'none'; frame-src https://trocador.app/; connect-src 'self'; font-src 'self'; img-src 'self'; manifest-src 'self'; script-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'; require-trusted-types-for 'script'; trusted-types 'none' 1
default-src 'none'; connect-src 'self' https://eu-api.friendlycaptcha.eu/ https://api.friendlycaptcha.com/ https://*.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google.de https://www.google.ch https://www.google.at https://www.google.fr https://www.google.com https://www.google.it https://www.google.cz https://www.google.es https://www.google.hu https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-de.onetrust.com https://yoveo.bbvms.com https://yoveo-business.bbvms.com; font-src 'self'; form-action 'self'; img-src 'self' data: https://www.google.de https://www.google.ch https://www.google.at https://www.google.fr https://www.google.com https://www.google.it https://www.google.cz https://www.google.es https://www.google.hu https://cdn.cookielaw.org https://stats.bluebillywig.com https://yoveo-business.bbvms.com https://yoveo.bbvms.com https://*.google-analytics.com https://www.kununu.com; media-src data: https://cdn.bluebillywig.com https://d1t49lbiau98sq.cloudfront.net; script-src 'wasm-unsafe-eval' 'unsafe-eval' 'self' https://yoveo.bbvms.com https://yoveo-business.bbvms.com; script-src-elem 'self' 'unsafe-inline' data: https://googleads.g.doubleclick.net https://*.google-analytics.com https://www.googletagmanager.com https://yoveo.bbvms.com https://yoveo-business.bbvms.com https://cdn.bluebillywig.com https://www.gstatic.com https://cdn.cookielaw.org/; style-src-elem 'self' 'unsafe-inline' https://cdn.bluebillywig.com/; style-src 'self' 'unsafe-inline'; frame-src 'self' https://hmmh.scnem.com; worker-src 'self' blob:; report-uri /csp.php 1
frame-ancestors https://evenements.uniformation.fr/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.paynimo.com https://*.razorpay.com/ https://www.googletagmanager.com/  https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://cdn.botframework.com/ https://www.google.com/ https://www.gstatic.com/ *.doubleclick.net *.ads-twitter.com *.pingdom.net *.facebook.net;font-src *  data: blob: 'unsafe-inline';img-src 'self' https: data:;style-src 'self' 'unsafe-inline' https: data:;connect-src 'self' wss://broking.fundzbazar.com:26004/ https://*.paynimo.com/ https://www.google-analytics.com/ https://*.razorpay.com/ *.pingdom.net/ *.doubleclick.net/ https://directline.botframework.com/ wss://directline.botframework.com ;frame-ancestors 'self';frame-src 'self' data: blob: https://www.youtube.com/ https://api.razorpay.com/ https://www.googletagmanager.com/ https://www.prudentcorporate.com/ https://fundzbazar.com/ https://www.fundzbazar.com/ https://pcasuat.com/ https://www.pcasuat.com/ https://www.google.com/ 1
default-src 'self';             script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.google.com https://maps.googleapis.com https://dev.virtualearth.net;             style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;             img-src 'self' data: https:;             font-src 'self' https://fonts.gstatic.com;             connect-src 'self' https://maps.googleapis.com 1
default-src 'none' 'self' *.gewobag.de data: eqs-cockpit.com *.eqs.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com *.wohnungshelden.de 'unsafe-inline' 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://learn.marriagemastery.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * blob: 'unsafe-inline'; 1
frame-src 'self' bomjesus.br *.bomjesus.br usf.edu.br *.usf.edu.br fae.edu *.fae.edu google.com *.google.com youtube.com *.youtube.com vimeo.com *.vimeo.com viddler.com *.viddler.com eadfranciscanos.com.br *.eadfranciscanos.com.br virtualspirits.com *.virtualspirits.com matterport.com *.matterport.com hotjar.com *.hotjar.com my.visme.co *.my.visme.co *.spotify.com *.doubleclick.net pixel.mathtag.com ct.pinterest.com 1
default-src https: 'self' blob:; media-src https: data: blob:; font-src https: data:; img-src https: 'self' 'unsafe-inline' data: about:; style-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors https://*.william-angel.com; 1
connect-src 'self' at-cdn14.streamdiver.com https://verbund.matomo.cloud https://cdn.matomo.cloud/; font-src 'self'; frame-src base.streamdiver.com 'self' my.walls.io; media-src 'self' data: blob: *;; style-src 'self' 'unsafe-inline'; default-src 'self'; img-src 'self' https://verbund.matomo.cloud https://cdn.matomo.cloud/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://verbund.matomo.cloud https://cdn.matomo.cloud/ https://cdn.walls.io/ 1
default-src 'self';script-src 'self' 'nonce-ZMBrWHllCY3OZD/sxtq/bt+A3yNhWQefTLhCI0Df5nU=' ajax.cloudflare.com cdnjs.cloudflare.com www.google.com www.gstatic.com secure.wufoo.com static.wufoo.com cc.cdn.civiccomputing.com maps.googleapis.com player.vimeo.com *.googletagmanager.com googletagmanager.com www.google-analytics.com tools.eurolandir.com 3xscreen.videosync.fi s3.amazonaws.com laingorourke.us1.list-manage.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;object-src 'none';connect-src 'self' maps.googleapis.com our.umbraco.com *.google-analytics.com google-analytics.com apikeys.civiccomputing.com clapi.civiccomputing.com stats.g.doubleclick.net analytics.google.com *.analytics.google.com region1.google-analytics.com region1.analytics.google.com printreleaf.com;font-src 'self' fonts.gstatic.com;frame-src 'self' *.wufoo.com www.google.com printreleaf.com marketplace.umbraco.com youtube.com www.youtube.com player.vimeo.com forms.zohopublic.eu tools.eurolandir.com my.matterport.com td.doubleclick.net indd.adobe.com;img-src 'self' data: *.googleusercontent.com i.vimeocdn.com dashboard.umbraco.com maps.googleapis.com maps.gstatic.com www.googletagmanager.com www.google.co www.google.co.uk i.ytimg.com www.google-analytics.com accounts.google.co.uk www.google.rs;frame-ancestors 'self';upgrade-insecure-requests ;block-all-mixed-content 1
default-src 'self'; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' *.google.com *.gstatic.com e.issuu.com  *.reciteme.com  *.hotjar.com cdn-cookieyes.com *.google-analytics.com *.googletagmanager.com ajax.googleapis.com maps.googleapis.com connect.facebook.net; style-src 'unsafe-inline' 'report-sample' 'self' *.reciteme.com fonts.googleapis.com https://p.typekit.net https://use.typekit.net; object-src 'none'; base-uri 'self'; connect-src 'self' *.sentry.io *.reciteme.com *.google-analytics.com cdn-cookieyes.com *.cookieyes.com yoast.com *.hotjar.io *.hotjar.com www.google-analytics.com maps.googleapis.com; font-src 'self' data: *.reciteme.com fonts.gstatic.com use.typekit.net; frame-src 'self' *.google.com *.sentry.io e.issuu.com *.youtube-nocookie.com https://www.youtube.com  https://player.vimeo.com otp.tools.investis.com irs.tools.investis.com www.facebook.com business.facebook.com; img-src 'self' *.reciteme.com cdn-cookieyes.com  *.google-analytics.com *.gravatar.com data: maps.gstatic.com *.googleapis.com *.ggpht www.facebook.com; manifest-src 'self'; media-src 'self' *.reciteme.com; report-uri https://5f5f4be97d2e04922acab86c.endpoint.csper.io/; worker-src menziesaviation.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vkkd-kliniken.de/matomo/ https://hcaptcha.com https://www.vkkd-kliniken.de https://www.marien-hospital.de https://marien-hospital.de https://www.augusta-duesseldorf.de https://augusta-duesseldorf.de https://www.krankenhaus-elbroich.de https://krankenhaus-elbroich.de https://www.vinzenz-duesseldorf.de https://vinzenz-duesseldorf.de https://www.vkkd-wdgz.de https://vkkd-wdgz.de; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.vkkd-kliniken.de https://www.marien-hospital.de https://marien-hospital.de https://www.augusta-duesseldorf.de https://augusta-duesseldorf.de https://www.krankenhaus-elbroich.de https://krankenhaus-elbroich.de https://www.vinzenz-duesseldorf.de https://vinzenz-duesseldorf.de https://www.vkkd-wdgz.de https://vkkd-wdgz.de; font-src 'self' data:; connect-src 'self' https://vkkd-kliniken.de https://www.vkkd-kliniken.de https://hcaptcha.com https://newassets.hcaptcha.com https://www.marien-hospital.de https://marien-hospital.de https://www.augusta-duesseldorf.de https://augusta-duesseldorf.de https://www.krankenhaus-elbroich.de https://krankenhaus-elbroich.de https://www.vinzenz-duesseldorf.de https://vinzenz-duesseldorf.de https://www.vkkd-wdgz.de https://vkkd-wdgz.de; frame-src 'self' https://hcaptcha.com https://newassets.hcaptcha.com https://www.youtube-nocookie.com https://www.youtube.com; form-action 'self'; base-uri 'self'; worker-src 'self' blob:; 1
default-src 'unsafe-eval' 'unsafe-inline' img-src: 'self' data: issuu.com *.issuu.com *.lottie.host *.spotify.com *.instagram.com *.megaphone.fm *.podcasts.apple.com *.apple.com *.monday.com *.soundcloud.com *.w.org *.whooshkaa.com *.elmotalent.com.au *.mailchimp.com *.eventbrite.com.au *.eventbrite.com *.googletagmanager.com *.crazyegg.com *.jquery.com *.datatables.net *.cloudflare.com *.pinterest.com developers.google.com *.google.com *.google.co.in *.google.com.au *.twitter.com *.youtube.com *.doubleclick.net *.bootstrapcdn.com *.gstatic.com *.grv.org.au *.wpengine.com *.facebook.net *.facebook.com *.amazonaws.com *.googleapis.com *.google-analytics.com *.googlecode.com *.windows.net 1
default-src 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline' cookiehub.net https://dash.cookiehub.com/; img-src 'self' https://kvika.cdn.prismic.io https://prismic-io.s3.amazonaws.com images.prismic.io assets.kvika.is https://assets.vercel.com https://www.facebook.com data:; font-src 'self' data:; manifest-src 'self'; script-src 'self' https://cookiehub.net/c2/cbd8fa92.js 'unsafe-eval' https://static.cdn.prismic.io localhost:3000  https://cdneu.net/app.js https://capture-api.eu.autopilotapp.com https://cookiehub.net/c2/cbd8fa92.js ; connect-src 'self' cdn.segment.com api.segment.io *.segmentapis.com https://api.staging.kvika.is o394619.ingest.sentry.io https://prod-232.westeurope.logic.azure.com https://api.kvika.is cookiehub.net consent.cookiehub.net https://vitals.vercel-insights.com/v1/vitals https://consent.cookiehub.net/log https://cdneu.net/app.js https://capture-api.eu.autopilotapp.com https://*.algolia.net https://*.algolianet.com https://region1.google-analytics.com https://prod-215.westeurope.logic.azure.com:443 'unsafe-eval' https://static.cdn.prismic.io localhost:3000  https://cdneu.net/app.js https://capture-api.eu.autopilotapp.com https://cookiehub.net/c2/cbd8fa92.js ; frame-src www.google.com https://kvika.prismic.io/ https://www.youtube.com https://vimeo.com https://vercel.live/; object-src 'none'; frame-ancestors 'none'; media-src 'none'; worker-src 'none'; child-src 'none'; form-action 'none'; script-src-elem 'self' cdn.segment.com api.segment.io www.google.com https://www.gstatic.com https://static.cdn.prismic.io https://prismic.io https://www.youtube.com https://cdn.vercel-insights.com/v1/script.debug.js https://vercel.live/_next-live/feedback/feedback.js https://cookiehub.net/c2/cbd8fa92.js 'sha256-gWCqfvMz6gFY4H/Mp7RV+XjLH7rk7PPLATCuGeG+iXI=' 'sha256-Yp8iS3F034uTKuR4TdrPhoUldVQPTmqM7o6bdu1USS8=' 'sha256-JvbmMLt1q/lwi8wQLTE/LnQWNGjodcH1QIUO/5GGdRA=' 'sha256-gl8xNJRHfG8vAtbpa3dnM5IFgTj+MX2Jj/YAo8X8afQ=' 'sha256-X9ULMWyazaLadUxVXpgiextyE/U3aX2FK/rcjrya3gc=' 'sha256-WNPGWdj2di0h2Lb/r3IDKqFbnj0Cx3ECli0VsVTGtVE=' 'sha256-uMeGRS4Ymwe80vgv/35Fz7dbN5np7QoZJ3uutNOoCSk=' 'sha256-km+zOqalmwWcNr9vswrWcmXNpD78mtPohx8sh9YexGc=' https://www.googletagmanager.com http://www.googletagmanager.com https://region1.google-analytics.com connect.facebook.net/ 'unsafe-eval' https://static.cdn.prismic.io localhost:3000  https://cdneu.net/app.js https://capture-api.eu.autopilotapp.com https://cookiehub.net/c2/cbd8fa92.js ; 1
default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; manifest-src 'self'; media-src 'self' blob: https://*.googlevideo.com:443 https://*.youtube.com:443; child-src 'self' blob:; frame-src 'self'; frame-ancestors 'none' 1
default-src 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://form.jotform.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com data:; frame-src 'self' https://*.cookieyes.com https://form.jotform.com; img-src 'self' https://*.elliottmgmt.com *.elliottmgmt.com https://elliottmgmt.com https://dev-elliott-mgmt.pantheonsite.io https://test-elliott-mgmt.pantheonsite.io https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://cdn-cookieyes.com https://*.cookieyes.com https://secure.gravatar.com blob: data:; object-src; script-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://*.google-analytics.com 'unsafe-inline'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 1
frame-ancestors https://myreid.mobile.reidhealth.org https://myreiddev.mobile.reidhealth.org https://mychart-np.et1220.epichosted.com https://google.com https://my.matterport.com 'self'; 1
frame-ancestors 'self' https://*.facebook.com; https://pavlok.reamaze.com; 1
default-src 'self' https://fbcdn.net adsymptotic.com;              script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ablyft.com https://bat.bing.com https://www.clarity.ms td.doubleclick.net googleadservices.com https://assistant.kpt-dev.ch https://assistant.kpt-int.ch https://assistant.kpt.ch https://www.youtube.com youtu.be youtube.com ytimg.com *.pinimg.com gtm.js https://*.licdn.com https://snap.licdn.com https://www.linkedin.com *.pinterest.com https://connect.facebook.net https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://googletagmanager.com https://ajax.googleapis.com https://ssl.google-analytics.com https://cdn.cookielaw.org https://googleadservices.com https://www.googleadservices.com https://geoloaction.onetrust.com https://google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://*.hotjar.com https://*.crazyegg.com;             style-src 'self' 'unsafe-inline' https://assistant.kpt-dev.ch https://assistant.kpt-int.ch https://assistant.kpt.ch https://fonts.googleapis.com https://tagmanager.google.com https://optimize.google.com https://*.crazyegg.com https://*.googletagmanager.com;             font-src 'self' data: https://fonts.googleapis.com https://*.hotjar.com https://fonts.gstatic.com;             connect-src 'self' https://assistant.kpt-dev.ch https://assistant.kpt-int.ch https://assistant.kpt.ch *.licdn.com *.pinimg.com *.pinterest.com https://*.google.com https://*.google.ch https://region1.google-analytics.com https://*.google-analytics.com https://google-analytics.com https://cdn.cookielaw.org https://*.analytics.google.com https://geolocation.onetrust.com https://*.googletagmanager.com https://googletagmanager.com https://*.g.doubleclick.net https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.crazyegg.com;             img-src 'self' data: https://www.facebook.com https://ct.pinterest.com/v3 *.pinterest.com *.linkedin.com *.licdn.com *.pinimg.com https://*.google-analytics.com https://*.analytics.google.com https://ssl.gstatic.com https://googleads.g.doubleclick.net https://www.gstatic.com https://*.google.com https://*.google.ch https://google-analytics.com https://*.googletagmanager.com https://googletagmanager.com https://*.g.doubleclick.net https://stats.g.doubleclick.net https://google-analytics.com https://optimize.google.com https://*.hotjar.com https://*.crazyegg.com https://cdn.cookielaw.org;             frame-src 'self' td.doubleclick.net https://www.youtube.com https://bid.g.doubleclick.net https://optimize.google.com https://*.hotjar.com https://*.pinterest.com https://*.issuu.com https://e.issuu.com;    media-src 'self' youtube.com ytimg.com youtu.be;             upgrade-insecure-requests;              block-all-mixed-content; 1
default-src 'self' *.hotetec.com; worker-src 'self' blob:; connect-src 'self' ws: *.hotetec.com *.google.com *.googleapis.com *.optimizely.com one2guest.com consentimientos.com *.epica.ai *.useinsider.com *.hijiffy.com *.dataria.com *.talentclue.com *.yandex.ru *.aplazame.com *.relay-t.io *.hotelinking.com secure-relay.com *.secure-relay.com secure-hotel-tracker.com *.secure-hotel-tracker.com *.asksuite.com *.turitop.com api-oa.com *.oastatic.com *.criteo.com *.bing.com *.joyned.app *.cdnwebcloud.com *.clarity.ms *.smooch.io *.quicktext.im *.sendpulse.com *.reviewpro.com backend.fideltour.com stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.hotjar.com *.123compare.me 123compareme.com cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com *.pushtech.com *.thorbooking.com formbuilder.online *.affilired.com www.googleadservices.com www.google.es *.facebook.com dev-traffic.attby.io vc.hotjar.io *.parthenon.io *.triptease.io api.rollbar.com www.thehotelsnetwork.com clientes.alisys.net *.majestic-resorts.com *.chatbot.com *.yandex.ru; frame-src *; ; font-src * data:;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self' dejpknyizje2n.cloudfront.net d1ij5seu2h8qgc.cloudfront.net dyjt5tacz9t2j.cloudfront.net carstickers.activehosted.com; script-src 'nonce-fc2c00a595414c5394a373778fb88390' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' dejpknyizje2n.cloudfront.net d1ij5seu2h8qgc.cloudfront.net dyjt5tacz9t2j.cloudfront.net data: wss://www.carstickers.com o116203.ingest.sentry.io *.google-analytics.com *.doubleclick.net *.braintree-api.com *.braintreegateway.com *.paypal.com *.google.com *.google-analytics.com google.com t.vibe.co *.clarity.ms c.bing.com; img-src 'self' dejpknyizje2n.cloudfront.net d1ij5seu2h8qgc.cloudfront.net dyjt5tacz9t2j.cloudfront.net data: *.doubleclick.net *.ytimg.com *.google-analytics.com www.googletagmanager.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.shutterstock.com ak.picdn.net assets.braintreegateway.com *.paypal.com www.gstatic.com d226aj4ao1t61q.cloudfront.net fonts.googleapis.com www.paypalobjects.com t.vibe.co *.clarity.ms c.bing.com; frame-src 'self' dejpknyizje2n.cloudfront.net d1ij5seu2h8qgc.cloudfront.net dyjt5tacz9t2j.cloudfront.net www.youtube.com assets.braintreegateway.com *.paypal.com pay.google.com *.doubleclick.net *.google.com; style-src 'self' 'unsafe-inline' dejpknyizje2n.cloudfront.net d1ij5seu2h8qgc.cloudfront.net dyjt5tacz9t2j.cloudfront.net fonts.googleapis.com fonts.gstatic.com assets.braintreegateway.com *.googletagmanager.com; font-src 'self' dejpknyizje2n.cloudfront.net d1ij5seu2h8qgc.cloudfront.net dyjt5tacz9t2j.cloudfront.net fonts.googleapis.com fonts.gstatic.com; object-src 'none'; base-uri 'self'; 1
frame-ancestors 'self' https://relabel.us https://www.sos-kinderdorf.at 1
frame-ancestors 'self' https://manage.lightwaveonline.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'none'; base-uri 'self'; frame-ancestors 'none'; form-action 'self' https://www.paypal.com; script-src 'self' https://unpkg.com/ https://code.jquery.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://e.widgetbot.io https://www.datadoghq-browser-agent.com https://api.lovense.com 'unsafe-inline'; style-src 'self' https://unpkg.com/ https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline'; font-src 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com data:; img-src 'self' http: https: data:; connect-src 'self' wss://www.erofights.com/cable wss://stonks.widgetbot.io/ws/graphql https://stonks.widgetbot.io/api/graphql https://e.widgetbot.io/ https://api.lovense.com *.lovense.club:*; manifest-src 'self'; media-src 'self' http: https:;  frame-src https://*.widgetbot.io https://widgetbot.io https://discord.com/ https://www.eporner.com https://hypnotube.com https://www.redgifs.com https://www.xvideos.com https://*.pornhub.com https://www.dailymotion.com https://www.youtube.com https://heavyfetish.com https://spankbang.com https://www.spankbang.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://stranger.social; img-src 'self' https: data: blob: https://stranger.social; style-src 'self' https://stranger.social 'nonce-9wdu7h77cBypfS2QKEuN1Q=='; media-src 'self' https: data: https://stranger.social; frame-src 'self' https:; manifest-src 'self' https://stranger.social; form-action 'self'; child-src 'self' blob: https://stranger.social; worker-src 'self' blob: https://stranger.social; connect-src 'self' data: blob: https://stranger.social https://us-southeast-1.linodeobjects.com wss://stranger.social; script-src 'self' https://stranger.social 'wasm-unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://fairy.id; img-src 'self' data: blob: https://fairy.id; style-src 'self' https://fairy.id 'nonce-0B8Ca250oYn1qwd5pLdtfg=='; media-src 'self' data: https://fairy.id; frame-src 'self' https:; manifest-src 'self' https://fairy.id; form-action 'self'; child-src 'self' blob: https://fairy.id; worker-src 'self' blob: https://fairy.id; connect-src 'self' data: blob: https://fairy.id wss://fairy.id; script-src 'self' https://fairy.id 'wasm-unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://tweesecake.social; img-src 'self' data: blob: https://tweesecake.social https://cdn.tweesecake.social; style-src 'self' https://tweesecake.social 'nonce-UXP9B/WRJiu1gOK8qQtoxg=='; media-src 'self' data: https://tweesecake.social https://cdn.tweesecake.social; frame-src 'self' https:; manifest-src 'self' https://tweesecake.social; form-action 'self'; child-src 'self' blob: https://tweesecake.social; worker-src 'self' blob: https://tweesecake.social; connect-src 'self' data: blob: https://tweesecake.social https://cdn.tweesecake.social wss://tweesecake.social; script-src 'self' https://tweesecake.social 'wasm-unsafe-eval' 1
default-src 'self' cdn.wcc.your-look-for-less.nl https://cdn.wcc.your-look-for-less.nl/graphql;    base-uri 'self' widget.solvemate.com;    font-src 'self' cdn.wcc.your-look-for-less.nl https://fonts.gstatic.com data: widget.solvemate.com *.dixa.io;    img-src * data:;    connect-src 'self' https://cdn.wcc.your-look-for-less.nl/graphql cdn.wcc.your-look-for-less.nl cdn.witt.info/ https://images.ctfassets.net te.your-look-for-less.nl tp.your-look-for-less.nl wasp.your-look-for-less.nl wst.your-look-for-less.nl https://*.analytics.google.com https://*.facebook.com https://*.contentsquare.net https://*.my.onetrust.eu https://*.google-analytics.com https://bat.bing.com eu-witt-gruppe-prod1.mini.snplow.net https://www.google-analytics.com https://www.jsctool.com https://adservice.google.com/pagead/ https://graphql.contentful.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://geolocation.onetrust.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ https://*.creativecdn.com https://*.googlesyndication.com https://*.optimizely.com ct.pinterest.com https://jsctool.com checkout-cdn.aboutyou.cloud checkout-v3.wcc.your-look-for-less.nl https://*.ingest.sentry.io api.solvemate.com widget.solvemate.com relay.solvemate.com *.dixa.io wss://sockets.dixa.io  https://maps.googleapis.com;    object-src 'none';    child-src blob: ;    script-src * 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.paypal.com blob: *.dixa.io;    style-src 'self' cdn.wcc.your-look-for-less.nl https://www.googletagmanager.com https://fonts.googleapis.com 'unsafe-inline' d.your-look-for-less.nl checkout-cdn.aboutyou.cloud https://*.adyen.com https://*.paypal.com blob: widget.solvemate.com *.dixa.io;    frame-src 'self' checkout-v3.wcc.your-look-for-less.nl https://*.awin1.com https://*.criteo.net https://*.criteo.com https://*.adrtx.net https://*.contentsquare.net https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://dmp.theadex.com https://5127363.fls.doubleclick.net https://12769738.fls.doubleclick.net https://www.jsctool.com https://creativecdn.com/ https://fledge-eu.creativecdn.com/ https://tbs.tradedoubler.com/ https://survey2.quantilope.com/ https://*.adyen.com https://*.paypal.com https://*.computop-paygate.com blob: *.dixa.io;    media-src 'self' cdn.wcc.your-look-for-less.nl cdn.witt.info/ https://images.ctfassets.net https://videos.ctfassets.net https://www.youtube.com https://witt-gruppe-res.cloudinary.com *.dixa.io;    manifest-src 'self' cdn.wcc.your-look-for-less.nl *.dixa.io;    worker-src 'self' cdn.wcc.your-look-for-less.nl blob:;    form-action 'self' www.facebook.com;    block-all-mixed-content;    frame-ancestors 'self' https://app.contentful.com;    sandbox allow-scripts allow-forms allow-same-origin allow-top-navigation allow-popups allow-popups-to-escape-sandbox allow-modals; 1
frame-ancestors mybill.com mybill.ru direct.yandex.ru 1
default-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline'; 1
base-uri 'none' ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; frame-src 'self' blob: https://analytics.screenwork-net.de/; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; 1
default-src 'self'; connect-src 'self' www.google-analytics.com *.analytics.google.com *.google-analytics.com wss://www.joa.fr stats.g.doubleclick.net via.batch.com ws.batch.com maps.googleapis.com www.novaresa.net www.joa.fr consentcdn.cookiebot.com www.facebook.com; font-src 'self' fonts.gstatic.com data:; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.googletagmanager.com module.lafourchette.com widget.thefork.com *.weezevent.com ubishaker.com t.regionsjob.com *.gaming1.com www.google.com widget.fanzo.com www.facebook.com consentcdn.cookiebot.com *.paperform.co; img-src 'self' www.googletagmanager.com media.joa.fr www.google-analytics.com ytimg.com i.ytimg.com img.youtube.com www.facebook.com www.google.com www.google.fr maps.googleapis.com *.gstatic.com data: blob: www.novaresa.net novaresa.net icons.batch.com www.google.ch www.google.hr www.google.lu www.joa.fr www.tripadvisor.fr via.batch.com apply.indeed.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.google-analytics.com via.batch.com www.youtube.com connect.facebook.net maps.googleapis.com www.novaresa.net www.google.com www.gstatic.com consent.cookiebot.com consentcdn.cookiebot.com www.joa.fr www.weezevent.com t.regionsjob.com paperform.co; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.novaresa.net www.googletagmanager.com; upgrade-insecure-requests; report-uri /csp 1
base-uri 'none'; object-src 'none'; script-src 'nonce-18dee93fe36e4842be0a7c3a7a0c3279' 'unsafe-inline' https: http: 'strict-dynamic'; style-src 'unsafe-inline' 'self' 'unsafe-eval' https://fonts.googleapis.com; worker-src 'self' blob:; frame-ancestors 'none' 1
* 'unsafe-inline' 'unsafe-eval' data: blob:; 1
default-src 'self' https://d1e8vjamx1ssze.cloudfront.net; connect-src https://*.mixam.com 'self' blob: data: ws: wss://hub.prod.mixam.co.uk wss://hub.staging.mixam.co.uk https://uploads.prod.mixam.co.uk https://uploads.staging.mixam.co.uk https://reporter.prod.mixam.co.uk https://reporter.staging.mixam.co.uk https://d1e8vjamx1ssze.cloudfront.net https://d3hb14vkzrxvla.cloudfront.net https://*.clarity.ms https://bat.bing.com https://*.google-analytics.com https://*.analytics.google.com https://*.noibu.com https://maps.googleapis.com https://api.amplitude.com https://payments.amazon.com https://payments-uk.amazon.com https://payments.amazon.co.uk https://apay-us.amazon.com https://services.postcodeanywhere.co.uk https://apis.google.com https://pay.google.com https://stats.g.doubleclick.net https://*.paypal.com https://www.facebook.com https://portal.afterpay.com https://portal.sandbox.afterpay.com https://static.afterpay.com https://*.afterpay.com https://www.googleadservices.com https://cdn.jsdelivr.net https://bam.nr-data.net https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://cdn.linkedin.oribi.io https://bam.eu01.nr-data.net https://js.volt.io https://api.addressy.com https://chat-assets.frontapp.com https://chat-assets.frontusercontent.com https://chat.frontapp.com https://eu-west-1-chat-server.frontapp.com https://chat-webhook.frontapp.com https://sessions.bugsnag.com https://static.klaviyo.com https://static-tracking.klaviyo.com https://api.countrystatecity.in https://*.insertchatgpt.com https://cdn.plaid.com https://dcvxs6ggqztsa.cloudfront.net https://*.northbeam.io https://*.ads.linkedin.com https://*.trustpilot.com https://*.getprintbox.com https://*.printboxteam.com https://*.storage.googleapis.com https://storage.googleapis.com https://*.browser-intake-datadoghq.com https://unpkg.com http://liam.com https://cdn.shopify.com; font-src 'self' data: https://fonts.gstatic.com https://editor.printess.com https://d1e8vjamx1ssze.cloudfront.net https://fonts.googleapis.com https://cdn.jsdelivr.net https://*.getprintbox.com https://storage.googleapis.com; img-src https://c.paypal.com https://b.stats.paypal.com https://*.getprintbox.com https://liam.com https://mixam.co.uk https://chat-assets.frontusercontent.com 'self' data: * blob:; media-src 'self' *; object-src 'none'; script-src 'self' https://js.afterpay.com https://www.googletagmanager.com https://www.google-analytics.com https://*.analytics.google.com https://*.noibu.com https://bat.bing.com https://snap.licdn.com https://connect.facebook.net https://*.clarity.ms https://maps.googleapis.com https://js.stripe.com https://*.paypal.com https://m.stripe.network https://www.dropbox.com https://*.payments-amazon.com https://www.gstatic.com https://portal.afterpay.com https://portal.sandbox.afterpay.com https://*.afterpay.com https://apis.google.com https://d1e8vjamx1ssze.cloudfront.net https://www.google.com https://www.workable.com https://apply.workable.com https://pay.google.com https://cdnjs.cloudflare.com https://beacon-v2.helpscout.net https://static.hotjar.com http://cdnjs.cloudflare.com https://www.googleadservices.com https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://js.volt.io https://chat-assets.frontapp.com https://chat-assets.frontusercontent.com https://chat.frontapp.com https://eu-west-1-chat-server.frontapp.com https://chat-webhook.frontapp.com https://sessions.bugsnag.com 'unsafe-eval' 'unsafe-inline' https://unpkg.com https://static.klaviyo.com https://static-tracking.klaviyo.com https://*.insertchatgpt.com https://cdn.plaid.com https://dcvxs6ggqztsa.cloudfront.net https://*.northbeam.io https://*.trustpilot.com https://accounts.google.com https://apis.google.com https://*.getprintbox.com https://*.browser-intake-datadoghq.com https://cdn.shopify.com; style-src 'self' blob: data: https://d1e8vjamx1ssze.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdn.plaid.com https://*.getprintbox.com https://unpkg.com 'unsafe-inline'; frame-src 'self' blob: data: https://interactive.edocbuilder.com https://editor.printess.com https://www.youtube.com https://www.facebook.com https://js.stripe.com https://www.google.com https://accounts.google.com https://content-sheets.googleapis.com https://vars.hotjar.com https://payments.amazon.co.uk https://payments.amazon.com https://*.payments-amazon.com https://*.paypal.com https://checkout.sandbox.volt.io/ https://checkout.volt.io/ https://*.creditkey.com https://static.klaviyo.com https://static-tracking.klaviyo.com https://*.insertchatgpt.com https://cdn.plaid.com https://*.trustpilot.com https://www.youtube-nocookie.com https://*.trustpilot.com https://*.getprintbox.com https://*.browser-intake-datadoghq.com; 1
default-src 'self' https://api.certspotter.com https://web.api.sslmate.com data: blob: 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; report-uri https://web.api.sslmate.com/csp-report 1
default-src 'self'; font-src 'self' * data:; img-src 'self' * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://mtgify.org; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://mtgify.org; connect-src 'self' https://mtgify.org https://www.googletagmanager.com https://www.google-analytics.com https://17lands.cdn.prismic.io 1
frame-ancestors 'self' *.thelandoflegendsthemepark.com; 1
font-src 'self' https://*.googleapis.com https://*.gstatic.com; img-src 'self' data: https://*.hubspot.com https://*.hsforms.com https://offstreet.s3.us-west-2.amazonaws.com https://offstreet-file-upload.s3.ca-central-1.amazonaws.com https://media.offstreet.io https://guest-registration-uploads.s3.amazonaws.com https://guest-registration-uploads.s3.us-west-2.amazonaws.com; media-src 'self' data: https://offstreet.s3.us-west-2.amazonaws.com https://offstreet-file-upload.s3.ca-central-1.amazonaws.com https://media.offstreet.io https://guest-registration-uploads.s3.amazonaws.com https://guest-registration-uploads.s3.us-west-2.amazonaws.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://widget.freshworks.com; report-uri https://sentry.io/api/undefined/security/?sentry_key=undefined; report-to 'csp-endpoint' 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-DvZKL2XGT0ggfo3nW6CNlhX5B' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/; connect-src 'self' https://capybarabr.com:8443/socket.io/ wss://capybarabr.com:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self'; connect-src 'self' wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';img-src 'self' data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.lndo.site *.suno.com.br *.gstatic.com *.googletagmanager.com *.googleadservices.com *.google.com *.onesignal.com https://onesignal.com *.facebook.net *.google-analytics.com  *.googlesyndication.com *.hotjar.com *.getblue.io *.g.doubleclick.net ad.doubleclick.net adclick.g.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net *.hs-scripts.com *.licdn.com *.facebook.com *.hs-banner.com *.hsleadflows.net *.hsadspixel.net *.usemessages.com *.hs-analytics.net *.hubapi.com *.hubspot.com *.twitter.com *.twimg.com *.hsforms.net https://unpkg.com *.googleapis.com *.hsforms.com *.amazonaws.com *.validity.com *.youtube.com *.newrelic.com *.nr-data.net *.ampproject.org https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js http://localhost:3000 *.getwisp.co *.cloudfront.net https://js.hubspotfeedback.com/feedbackweb-new.js *.analytics.tiktok.com https://www.googleoptimize.com/optimize.js https://td.doubleclick.net https://npmcdn.com/flatpickr/dist/l10n/pt.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js https://cdn.jsdelivr.net/npm/swiper@6.3.3/swiper-bundle.min.js https://app.powerbi.com/ *.funnelytics.io cdn.wisepops.com loader.wisepops.com app.getwisp.co activity.wisepops.com popup.wisepops.com tracking.wisepops.com wisepops.net notifications.wisepops.com *.wisepops.com *.wisepops.net *.clarity.ms https://tag.goadopt.io/injector.js https://disclaimer-api.goadopt.io/api/tag/get-consent https://membros-api-gateway.suno.com.br/api/v1/events/register-data https://static.ads-twitter.com/uwt.js https://www.google.com.br/ads/ga-audiences *.goadopt.io https://forms.hubspot.com https://tag.curiosidadesdigitais.com/suno_suno.9999.js http://cdn.stape.io https://sunoresearch-com-br-7171354.hs-sites.com/; style-src 'self' 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com https://onesignal.com *.ampproject.org http://localhost:3000/styles/frontend.css *.code.jquery.com http://localhost:3000/styles/admin.css http://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css; img-src * data: cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net; font-src * data:; connect-src 'self' https://suno-noticias-staging.suno-noticias.svc.cluster.local http://suno-noticias.lndo.site *.suno.com.br *.google.com activity.wisepops.com popup.wisepops.com tracking.wisepops.com wisepops.net *.wisepops.com *.clarity.ms https://forms.hubspot.com https://api.hubspot.com/ https://js.hs-banner.com/ https://cta-service-cms2.hubspot.com/ https://googleads.g.doubleclick.net/ https://cdn.ampproject.org *.gstatic.com *.googletagmanager.com *.googleadservices.com *.google.com *.google-analytics.com  *.googlesyndication.com *.g.doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net *.facebook.com *.twitter.com *.twimg.com *.googleapis.com *.amazonaws.com *.youtube.com *.newrelic.com *.cloudfront.net https://disclaimer-api.goadopt.io http://cdn.stape.io *.hubapi.com https://sunoresearch-com-br-7171354.hs-sites.com/; object-src 'none'; base-uri 'self' 1
connect-src *.google-analytics.com http://*.yandex.ru https://yandex.ru https://*.yandex.ru https://mc.yandex.ru https://*.merlion.com/ https://connect.facebook.net https://vk.com 'self' ; child-src 'none' ; font-src static.lc-group.ru 'self' ; form-action https://*.merlion.com/ https://ferrum-itg.ru/ https://www.facebook.com http://cp.unisender.com https://cp.unisender.com 'self' ; frame-ancestors webvisor.com *.webvisor.com ; frame-src https://*.facebook.com https://*.youtube.com *.youtube.com https://*.yandex.ru https://yandex.ru http://*.yandex.ru ; img-src https://*.merlion.com https://img.youtube.com *.merlion.ru *.ferrum-itg.ru static.lc-group.ru ferrum-itg.ru *.google-analytics.com *.yandex.net *.yandex.ru data: https://*.yandex.net https://*.yandex.ru 'self' https://vk.com https://*.facebook.com https://yandex.ru; media-src static.lc-group.ru ; object-src static.lc-group.ru *.ferrum-itg.ru 'self' ; script-src https://*.merlion.com https://vk.com https://connect.facebook.net static.lc-group.ru *.ferrum-itg.ru https://*.yandex.ru  *.google-analytics.com *.yandex.ru https://yastatic.net https://yandex.ru https://*.google-analytics.com 'self' 'unsafe-eval' ; style-src https://yandex.ru https://*.yandex.ru https://*.merlion.com static.lc-group.ru *.ferrum-itg.ru 'unsafe-inline' 'self' ; default-src 'none' ; worker-src 'self'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://tenforward.social; img-src 'self' https: data: blob: https://tenforward.social; style-src 'self' https://tenforward.social 'nonce-v2NE5+aN5swmuwWAeOOYqQ=='; media-src 'self' https: data: https://tenforward.social; frame-src 'self' https:; manifest-src 'self' https://tenforward.social; form-action 'self'; child-src 'self' blob: https://tenforward.social; worker-src 'self' blob: https://tenforward.social; connect-src 'self' data: blob: https://tenforward.social https://cdn.tenforward.social wss://tenforward.social; script-src 'self' https://tenforward.social 'wasm-unsafe-eval' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.hsforms.net https://*.lightspeed.com https://gtm.lightspeed.com https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.hs-scripts.com https://*.hsadspixel.net https://*.hs-banner.com https://*.hs-analytics.net https://*.vimeo.com https://*.usemessages.com https://*.hs-scripts.com https://*.livechatinc.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/ https://fonts.googleapis.com/; font-src 'self'; img-src 'self' unsafe-inline https://*.lightspeed.com https://*.hsforms.com https://*.builder.io https://*.google.com https://*.hubspot.com https://*.facebook.com https://*.doubleclick.net https://*.bing.com https://*.hsforms.com https://*.vimeocdn.com data:; frame-ancestors 'self' https://*.builder.io https://builder.io 1
frame-ancestors https://*.global2000.at https://*.acolono.dev https://*.acolono.net https://*.wwf.at 1
default-src 'none'; frame-src 'self' data: https://inter-vpos.com.tr https://ilkcekilis.azurewebsites.net https://consentcdn.cookiebot.com https://www.facebook.com https://www.google.com https://recaptcha.google.com/recaptcha/ https://*.etiya.com https://*.togg.com.tr https://*.togg.cloud https://etiyatoggstorage.blob.core.windows.net https://smart-ix.ai/privacy.html https://fonts.googleapis.com https://fonts.gstatic.com https://inter-vpos.com.tr/ https://static.site24x7rum.com https://www.google.com https://mobile-api.staging.togg.cloud:7445 https://omccstb.turkcell.com.tr https://togg-prd-cdn-ebcuc9ayg8fgegc8.z01.azurefd.net https://epayment.turkcell.com.tr https://*.vakifbank.com.tr https://*.yapikredi.com.tr https://*.garanti.com.tr https://*.denizbank.com https://*.qnbfinansbank.com https://*.sanalakpos.com https://*.halkbank.com.tr https://*.isbank.com.tr https://*.teb.com.tr https://*.ziraatbank.com.tr https://www.wirecard.com.tr https://entegrasyon.asseco-see.com.tr/ https://www.gstatic.com https://*.bkm.com.tr https://*.merlincdn.net https://toggprodcdn.blob.core.windows.net https://*.asseco-see.com.tr https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.fireflow.ai https://etiya-event-listener.fireflow.ai https://etiya-event-listener.fireflow.ai/event_listener/g/collect https://artgeneration.blob.core.windows.net wss://mobile-api.staging.togg.cloud:7445 https://td.doubleclick.net; connect-src 'self' 'unsafe-line' 'unsafe-eval' data: blob: https://*.here.com https://*.hereapi.com https://consent.cookiebot.com https://ilkcekilis.azurewebsites.net https://consentcdn.cookiebot.com https://www.gstatic.com https://www.google.com https://www.google.com.tr https://www.google.com.ua https://togg.count.ly https://t.co https://stats.g.doubleclick.net https://www.facebook.com https://cdn.jsdelivr.net https://connect.facebook.net https://static.ads-twitter.com https://*.togg.com.tr https://*.togg.cloud https://mobile-api.staging.togg.cloud:7445 https://mobile-api.togg.cloud:7443 https://toggid-api-gateway.togg.cloud:9443 https://toggprodcdn.blob.core.windows.net https://fonts.googleapis.com https://togg-prd-cdn-ebcuc9ayg8fgegc8.z01.azurefd.net https://trial-togg.count.ly https://www.googletagmanager.com https://*.etiya.com https://etiyatoggstorage.blob.core.windows.net https://smart-ix.ai/privacy.html https://fonts.gstatic.com https://inter-vpos.com.tr/ https://static.site24x7rum.com https://omccstb.turkcell.com.tr https://epayment.turkcell.com.tr https://*.vakifbank.com.tr https://*.yapikredi.com.tr https://*.garanti.com.tr https://*.denizbank.com https://*.qnbfinansbank.com https://*.sanalakpos.com https://*.halkbank.com.tr https://*.isbank.com.tr https://*.teb.com.tr https://*.ziraatbank.com.tr https://www.wirecard.com.tr https://entegrasyon.asseco-see.com.tr/ https://*.merlincdn.net https://*.bkm.com.tr https://*.asseco-see.com.tr https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.fireflow.ai https://etiya-event-listener.fireflow.ai https://etiya-event-listener.fireflow.ai/event_listener/g/collect https://artgeneration.blob.core.windows.net wss://mobile-api.staging.togg.cloud:7445 https://imgsct.cookiebot.com https://www.googleadservices.com https://analytics.google.com;  font-src 'self' data: https://*.here.com https://*.hereapi.com https://*.azurestaticapps.net/* https://*.togg.com.tr https://*.togg.cloud https://fonts.googleapis.com https://fonts.gstatic.com https://togg-prd-cdn-ebcuc9ayg8fgegc8.z01.azurefd.net https://*.etiya.com https://etiya.com https://etiyatoggstorage.blob.core.windows.net https://smart-ix.ai/privacy.html https://inter-vpos.com.tr/ https://static.site24x7rum.com https://www.google.com https://mobile-api.staging.togg.cloud:7445 https://omccstb.turkcell.com.tr https://epayment.turkcell.com.tr https://*.vakifbank.com.tr https://*.yapikredi.com.tr https://*.garanti.com.tr https://*.denizbank.com https://*.qnbfinansbank.com https://*.sanalakpos.com https://*.halkbank.com.tr https://*.isbank.com.tr https://*.teb.com.tr https://*.ziraatbank.com.tr https://www.wirecard.com.tr https://entegrasyon.asseco-see.com.tr/ https://www.gstatic.com https://*.bkm.com.tr https://*.merlincdn.net https://toggprodcdn.blob.core.windows.net https://*.asseco-see.com.tr https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.fireflow.ai https://etiya-event-listener.fireflow.ai https://etiya-event-listener.fireflow.ai/event_listener/g/collect https://artgeneration.blob.core.windows.net wss://mobile-api.staging.togg.cloud:7445;  style-src 'self' 'unsafe-inline' https://*.here.com https://*.hereapi.com https://togg-prd-cdn-ebcuc9ayg8fgegc8.z01.azurefd.net https://*.togg.com.tr https://togg.com.tr https://*.togg.cloud https://fonts.googleapis.com https://togg-prd-cdn-ebcuc9ayg8fgegc8.z01.azurefd.net https://epayment.turkcell.com.tr https://*.vakifbank.com.tr https://*.yapikredi.com.tr https://*.garanti.com.tr https://*.denizbank.com https://*.qnbfinansbank.com https://*.sanalakpos.com https://*.halkbank.com.tr https://*.isbank.com.tr https://*.teb.com.tr https://*.ziraatbank.com.tr https://www.wirecard.com.tr https://entegrasyon.asseco-see.com.tr/ https://www.gstatic.com https://*.bkm.com.tr https://*.merlincdn.net https://toggprodcdn.blob.core.windows.net https://*.asseco-see.com.tr https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.fireflow.ai https://etiya-event-listener.fireflow.ai https://etiya-event-listener.fireflow.ai/event_listener/g/collect https://artgeneration.blob.core.windows.net wss://mobile-api.staging.togg.cloud:7445 ;  script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.here.com https://*.hereapi.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://*.togg.com.tr https://togg.com.tr https://*.togg.cloud https://mobile-api.staging.togg.cloud:7445  https://mobile-api.togg.cloud:7443 https://toggprodcdn.blob.core.windows.net https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://cdn.jsdelivr.net https://connect.facebook.net https://static.ads-twitter.com https://www.googletagmanager.com https://*.etiya.com https://etiya.com https://*.togg.com.tr https://*.togg.cloud https://etiyatoggstorage.blob.core.windows.net https://smart-ix.ai/privacy.html https://fonts.googleapis.com https://fonts.gstatic.com https://inter-vpos.com.tr/ https://static.site24x7rum.com https://www.google.com https://mobile-api.staging.togg.cloud:7445  https://omccstb.turkcell.com.tr https://togg-prd-cdn-ebcuc9ayg8fgegc8.z01.azurefd.net https://epayment.turkcell.com.tr https://*.vakifbank.com.tr https://*.yapikredi.com.tr https://*.garanti.com.tr https://*.denizbank.com https://*.qnbfinansbank.com https://*.sanalakpos.com https://*.halkbank.com.tr https://*.isbank.com.tr https://*.teb.com.tr https://*.ziraatbank.com.tr https://www.wirecard.com.tr https://entegrasyon.asseco-see.com.tr/ https://www.gstatic.com https://*.bkm.com.tr https://*.merlincdn.net https://toggprodcdn.blob.core.windows.net https://*.asseco-see.com.tr https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.fireflow.ai https://etiya-event-listener.fireflow.ai https://etiya-event-listener.fireflow.ai/event_listener/g/collect https://artgeneration.blob.core.windows.net wss://mobile-api.staging.togg.cloud:7445 https://www.googleadservices.com ; img-src * data: * blob: * https://*.here.com https://*.hereapi.com; object-src 'self' https://ilkcekilis.azurewebsites.net; media-src 'self' data: blob: https://togg-prd-cdn-ebcuc9ayg8fgegc8.z01.azurefd.net https://*.merlincdn.net; manifest-src https://*.togg.cloud https://*.togg.com.tr 1
frame-ancestors 'self' *.hasselt.be *.visithasselt.be; report-uri /report-csp-violation 1
default-src 'self' mbank.net.pl adserwer.mbank.net.pl www.mbank.net.pl www.google.com www.google.pl googleads.g.doubleclick.net www.googletagmanager.com google.com google-analytics.com ssl.google-analytics.com mbank.pl fonts.googleapis.com fonts.gstatic.com www.googleadservices.com;object-src 'none' 1
default-src 'self' cdn.geomant.cloud packages.umbraco.org our.umbraco.org; connect-src 'self' consentcdn.cookiebot.com wss://api-prod.geomant.cloud heatmaps.monsido.com pagecorrect.monsido.com region1.google-analytics.com api-prod.geomant.cloud directline.botframework.com wss://directline.botframework.com region1.analytics.google.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' r1.dotdigital-pages.com connect.facebook.net consentcdn.cookiebot.com consent.cookiebot.com app-script.monsido.com heatmaps.monsido.com pagecorrect.monsido.com widgets.moovit.com cdn.geomant.cloud wymetro.widget.custhelp.com wymetro.custhelp.com www.rnengage.com wymetroforms.firmstep.com www.google.com www.gstatic.com westyorks-ca.firmstep.com platform.twitter.com cdn.syndication.twimg.com ajax.aspnetcdn.com www.googletagmanager.com www.google-analytics.com; frame-ancestors 'self' www.rslcontent.co.uk rslcontent.co.uk journeokioskcontent.azurewebsites.net wymetro-uk.azurewebsites.net wymetro-uk-staging2.azurewebsites.net wymetro-auth.azurewebsites.net wymetro-auth-staging.azurewebsites.net wymetro-uat.azurewebsites.net wymetro-dev.azurewebsites.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com heatmaps.monsido.com pagecorrect.monsido.com maxcdn.bootstrapcdn.com wymetro.widget.custhelp.com wymetroforms.firmstep.com westyorks-ca.firmstep.com platform.twitter.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; img-src * data: blob:; frame-src 'self' td.doubleclick.net consentcdn.cookiebot.com widgets.moovit.com r1.dotdigital-pages.com r1.dotmailer-surveys.com yorkshire.acisconnect.com www.youtube.com wymetro.acisconnect.com www.youtube-nocookie.com www.communicatoremail.com planner.wymetro.com www.google.com testcheckout.sagepay.com checkout.sagepay.com; object-src 'self' www.youtube.com www.youtube-nocookie.com 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://pay.google.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.recaptcha.net https://isitetv.com https://*.translate.naver.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.shoplooks.com https://tpc.googlesyndication.com blob: https://*.abtasty.com https://app.qubit.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://ampcid.google.nl https://*.parcellab.com https://tr.snapchat.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com https://analytics.tiktok.com https://*.abtasty.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.lookfantastic.nl https://sgtm.lookfantastic.nl; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://www.lookfantastic.nl https://m.lookfantastic.nl https://checkout.lookfantastic.nl https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://tpc.googlesyndication.com https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com https://analytics.tiktok.com https://*.ibytedtos.com blob: https://*.abtasty.com https://static.goqubit.com https://*.qubit.com https://sgtm.lookfantastic.nl; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://static.thgcdn.cn https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; style-src 'self' 'unsafe-inline' https://staticw2.yotpo.com; frame-ancestors 'self'; 1
frame-ancestors 'self' https://olbsupport.cbvoyager.com https://banking.commercebank.com https://bankingapi.commercebank.com https://loans.commercebank.com https://solutions.commercebank.com https://go.pardot.com https://pi.pardot.com https://sb.commercebank.com/legacybillpayenrollment https://view.ceros.com https://transact.commercebank.com/ 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://www.kelwatt.fr/report-uri/enforce 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=GB&lang=en-GB&device=desktop&yrid=6qf5eo9ja5ulo&partner=; 1
connect-src 'self'; img-src 'self'; base-uri 'self'; upgrade-insecure-requests; 1
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
frame-ancestors 'self' *.abaa.com *.abaa.org 1
default-src 'self' https://*.sfs.biz https://*.sfs.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sapui5.hana.ondemand.com/resources/ https://design-rx-nvelope-us.s3.us-east-1.amazonaws.com https://ucalc.pro https://sfs.biz https://*.sfs.biz https://sfs.com https://*.sfs.com https://sfs.ch https://*.sfs.ch https://allchemet.ch https://*.allchemet.ch https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.cookiebot.com https://snap.licdn.com https://analytics.tiktok.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://design-rx-nvelope-us.s3.us-east-1.amazonaws.com https://api.ucalc.pro https://sfs.biz https://*.sfs.biz https://sfs.com https://*.sfs.com https://sfs.ch https://*.sfs.ch https://allchemet.ch https://*.allchemet.ch; img-src 'self' data: https://design-rx-nvelope-us.s3.us-east-1.amazonaws.com https://sfs.biz https://*.sfs.biz https://sfs.com https://*.sfs.com https://sfs.ch https://*.sfs.ch https://allchemet.ch https://*.allchemet.ch https://*.google-analytics.com https://www.google.com https://www.google.ch https://www.googletagmanager.com https://*.linkedin.com https://www.facebook.com https://*.doubleclick.net; frame-src 'self' https://api.ucalc.pro https://www.youtube.com https://irs.tools.investis.com https://www.google.com https://*.sfs.biz https://*.sfs.com https://*.cookiebot.com https://charts3.equitystory.com https://*.doubleclick.net; frame-ancestors 'self' https://*.sfsintec.biz https://sfsintec.biz https://*.sfsintec.fr https://sfsintec.fr https://*.sfsintec.co.uk https://sfsintec.co.uk https://*.sfs.biz https://*.sfs.com https://sfs.com http://sfs.com capacitor://sfs.com https://*.sfs.ch https://sfs.ch https://allchemet.ch https://*.allchemet.ch https://ostjob.ch https://*.ostjob.ch http://staffbase.com capacitor://staffbase.com; font-src 'self' https://sfs.biz https://*.sfs.biz https://sfs.com https://*.sfs.com; connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net https://design-rx-nvelope-us.s3.us-east-1.amazonaws.com https://newsletter.sfs.biz https://newsletter.dev.sfs.biz https://piwik.sfs.biz https://consentcdn.cookiebot.com https://*.ads.linkedin.com https://analytics.tiktok.com; 1
default-src 'self'; img-src 'self' * data:; media-src s3.eu-central-1.amazonaws.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' js.chargebee.com upag.chargebee.com fonts.googleapis.com unaparolaalgiorno.it; script-src 'self' 'self' cdn.unaparolaalgiorno.it *.upag.it 'unsafe-inline' 'unsafe-eval' unaparolaalgiorno.it polyfill.io sentry.io o411862.ingest.sentry.io *.sentry-cdn.com *.fontawesome.com unpkg.com cdn.jsdelivr.net static.cloudflareinsights.com *.cloudflare.com connect.facebook.net stats.g.doubleclick.net fonts.gstatic.com cdn.ampproject.org js.chargebee.com; connect-src unaparolaalgiorno.it v3.unaparolaalgiorno.it cdn.unaparolaalgiorno.it *.upag.it sentry.io *.fontawesome.com unpkg.com o411862.ingest.sentry.io stats.g.doubleclick.net s3.eu-central-1.amazonaws.com connect.facebook.net cdn.ampproject.org *.ampproject.net adservice.google.com pagead2.googlesyndication.com; form-action 'self'; frame-ancestors 'none'; font-src 'self' unaparolaalgiorno.it fonts.gstatic.com; frame-src js.chargebee.com upag.chargebee.com googleads.g.doubleclick.net open.spotify.com; object-src 'none'; base-uri unaparolaalgiorno.it 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.adnxs.com ad.ad-srv.net ad4m.at *.adition.com *.adsrvr.org api.xs2a.com *.audiencemanager.de *.bankofscotland.de *.ccm19.net *.ccm19.de cdn.cookielaw.org cdn.mateti.net connect.facebook.net *.cookiebot.com *.doubleclick.net *.facebook.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.intelliad.de *.kuponacdn.de netzwerk.uppr.de responder.wt-safetag.com siteimproveanalytics.com *.hotjar.com *.wcfbc.net *.webtrekk.net *.windows.net *.vimeo.com mastertag.kpcustomer.de *.hstatic.nl; style-src 'self' 'unsafe-inline' api.xs2a.com *.ccm19.de *.gstatic.com *.googleapis.com *.windows.net; object-src 'self' blob: *.lloydsbank.nl; base-uri 'self'; connect-src 'self' web.bankofscotland.de consentcdn.cookiebot.com r.mateti.net *.ccm19.de *.webtrekk.net api.xs2a.com  *.audiencemanager.de *.doubleclick.net *.google-analytics.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.vimeo.com vimeo.com *.uppr.de; font-src 'self' blob: data: *.gstatic.com *.googleapis.com *.googleusercontent.com; frame-src 'self' blob: hal9000.redintelligence.net ad.ad-srv.net *.vimeo.com vimeo.com consentcdn.cookiebot.com *.audiencemanager.de ad.ad-srv.net youtube-nocookie.com *.lloydsbank.nl *.advieskeuze.nl *.tools.hypotheekbond.nl ad4m.at opt.kuponacdn.de insight.adsrvr.org consentcdn.cookiebot.com *.adsrvr.org; img-src 'self' data: blob: x.bidswitch.net adservice.google.de *.adnxs.com *.ccm19.de *.amazonaws.com *.googletagmanager.com *.bankofscotland.de *.lloydsbank.nl *.doubleclick.net *.google-analytics.com *.intelliad.de api.xs2a.com *.siteimproveanalytics.io *.wcfbc.net *.webtrekk.net *.windows.net *.intelliad.de *.ad4m.at *.adserver01.de *.adition.com track.adform.net adservice.google.com *.smartadserver.com *.adscale.de *.twiago.com *.casalemedia.com *.financeads.net; manifest-src 'self'; media-src 'self'; worker-src 'none' 1
script-src 'nonce-ygJMsBMdHOMrvVDy9iyDVg==' 'strict-dynamic' 'unsafe-eval' 'report-sample' https: 'unsafe-inline'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=kqXjhsbeZ9AXdInyIlNjKc-1lzbMlq3cQPbKqaK2kDoFIiODjHpUgv-_h0QXG-Rn_VggCw==&policy_id=10&user_id=&request_id=185b9589-cf5d-40f3-ab75-f077df064ad4; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com cdnjs.cloudflare.com fimnet.fi *.fimnet.fi laakariliitto.fi *.laakariliitto.fi laakarilehti.fi *.laakarilehti.fi; style-src 'self' 'unsafe-inline' fonts.googleapis.com auth.fimnet.fi; img-src 'self' * *.google-analytics.com data:; connect-src 'self' fimnet.fi *.fimnet.fi laakarilehti.fi *.laakarilehti.fi laakariliitto.fi *.laakariliitto.fi *.google-analytics.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; media-src 'self' aristo.fimnet.fi; frame-src 'self' *.fimnet.fi www.youtube-nocookie.com www.youtube.com player.vimeo.com w.soundcloud.com; form-action 'self'; frame-ancestors 'self' laakariliitto.fi *.laakariliitto.fi *.fimnet.fi laakarilehti.fi *.laakarilehti.fi login.helsinki.fi laakariliitto.em87.io 1
base-uri 'none'; form-action 'self' *.interstates.com; frame-ancestors 'self' *.interstates.com; upgrade-insecure-requests; default-src 'self' https://com-interstates-cdn-2023.s3.amazonaws.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.interstates.com https://ad.ipredictive.com https://play.libsyn.com https://analytics.twitter.com https://player.vimeo.com https://maps.googleapis.com https://www.facebook.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://fonts.googleapis.com https://www.google-analytics.com https://www.googleadservices.com https://snap.licdn.com https://connect.facebook.net https://static.ads-twitter.com https://analytics.clickdimensions.com https://cdn.cookielaw.org https://insight.adsrvr.org; style-src 'self' *.interstates.com 'unsafe-inline' https://www.socialintents.com https://netdna.bootstrapcdn.com https://ad.ipredictive.com https://fonts.googleapis.com data: blob:; font-src 'self' *.interstates.com https://netdna.bootstrapcdn.com https://fonts.gstatic.com data:; img-src 'self' *.interstates.com https://*.s3.amazonaws.com https://via.placeholder.com https://*.craft-cdn.com https://github.com https://*.githubusercontent.com https://um.simpli.fi https://tag.simpli.fi https://ad.ipredictive.com https://analytics.twitter.com https://d3vfyagh5j3wrg.cloudfront.net https://d17lvj5xn8sco6.cloudfront.net https://resources.interstates.com https://online.flippingbook.com https://d23zwngtnzokv7.cloudfront.net https://dsum-sec.casalemedia.com https://cdn.cookielaw.org https://khms0.googleapis.com https://khms1.googleapis.com https://i.vimeocdn.com https://optanon.blob.core.windows.net https://i.ytimg.com https://p.adsymptotic.com https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://pixel.rubiconproject.com https://www.google.com https://www.facebook.com https://www.google-analytics.com https://px.ads.linkedin.com https://t.co *.gravatar.com https://insight.adsrvr.org https://ib.adnxs.com https://cm.g.doubleclick.net https://match.adsrvr.org https://ups.analytics.yahoo.com data: blob:; script-src-elem 'self' *.interstates.com 'unsafe-inline' https://chat.socialintents.com https://ajax.googleapis.com https://www.socialintents.com https://www.recaptcha.net https://d33i2vgywgme2s.cloudfront.net https://cdn.polyfill.io https://js.stripe.com https://cdnjs.cloudflare.com https://*.usersnap.com https://polyfill.io https://i.simpli.fi https://tag.simpli.fi https://resources.interstates.com https://online.flippingbook.com https://d23zwngtnzokv7.cloudfront.net https://player.vimeo.com https://maps.googleapis.com https://www.gstatic.com https://www.google.com https://googleads.g.doubleclick.net https://analytics.twitter.com https://www.google-analytics.com https://www.googleadservices.com https://snap.licdn.com https://connect.facebook.net https://static.ads-twitter.com https://analytics.clickdimensions.com https://cdn.cookielaw.org https://www.googletagmanager.com https://fonts.googleapis.com data: blob:; style-src-elem 'self' *.interstates.com 'unsafe-inline' https://netdna.bootstrapcdn.com https://www.googletagmanager.com https://www.socialintents.com https://fonts.googleapis.com https://www.google-analytics.com https://www.googleadservices.com https://snap.licdn.com https://connect.facebook.net https://static.ads-twitter.com https://analytics.clickdimensions.com https://cdn.cookielaw.org https://insight.adsrvr.org data: blob:; frame-src 'self' *.interstates.com https://chat.socialintents.com https://www.socialintents.com https://td.doubleclick.net https://www.recaptcha.net https://js.stripe.com https://play.libsyn.com https://resources.interstates.com https://online.flippingbook.com https://analytics.clickdimensions.com https://interstates-privacy.my.onetrust.com https://player.vimeo.com https://www.youtube.com https://bid.g.doubleclick.net https://www.google.com https://www.facebook.com; connect-src 'self' https://pagead2.googlesyndication.com https://widget.usersnap.com https://api.craftcms.com https://play.libsyn.com https://analytics.google.com https://cdn.linkedin.oribi.io https://fbo-b.flippingbook.com https://resources.interstates.com https://online.flippingbook.com https://d23zwngtnzokv7.cloudfront.net https://www.google-analytics.com https://cookies-data.onetrust.io https://interstates-privacy.my.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://www.facebook.com file: data: blob: filesystem: url: 1
frame-ancestors https://magic.store; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.googletagmanager.com www.google-analytics.com www.googleoptimize.com optimize.google.com *.wayin.com *.mouseflow.com unpkg.com assets.adobedtm.com www.rockomni.com *.rocketmortgage.com api.lincx.com code.jquery.com; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net cdnjs.cloudflare.com optimize.google.com fonts.googleapis.com; font-src 'self' use.typekit.net www.rockomni.com cdnjs.cloudflare.com fonts.gstatic.com; img-src 'self' data: *.google-analytics.com *.analytics.google.com *.googletagmanager.com optimize.google.com *.g.doubleclick.net *.google.com cm.everesttech.net *.cloudfront.net *.demdex.net; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.mouseflow.com *.rocketmortgage.com somni.rocketmortgage.com assets.adobedtm.com geometer.lincx.la *.demdex.net api.lincx.com somni.quickenloans.com somni.moneytips.com; frame-src 'self' *.wayin.com quicken.demdex.net optimize.google.com; 1
frame-ancestors self https://www.matw.com; default-src *.gstatic.com ir.stockpr.com www.matw.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; script-src 'nonce-a60b9c0751f3edb135cdeb565b9b00126be63da100ca1530c13aace3c54dc560' *.quotemedia.com *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.hcaptcha.com *.browser-update.org hcaptcha.com dev-ir.stockpr.com www.youtube.com cdnjs.cloudflare.com/ajax/libs/cookieconsent2/ analytics.imirwin.com fast.wistia.com ir.stockpr.com www.matw.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; connect-src *.quotemedia.com *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.hcaptcha.com *.browser-update.org hcaptcha.com dev-ir.stockpr.com www.youtube.com cdnjs.cloudflare.com/ajax/libs/cookieconsent2/ analytics.imirwin.com fast.wistia.com ir.stockpr.com www.matw.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; style-src fonts.googleapis.com *.gstatic.com *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com qmod.quotemedia.com static.c1.quotemedia.com fast.fonts.net cdnjs.cloudflare.com/ajax/libs/cookieconsent2/  ir.stockpr.com www.matw.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; font-src cdnjs.cloudflare.com/ajax/libs/font-awesome/ fonts.googleapis.com *.gstatic.com static.c1.quotemedia.com fast.fonts.net data: ir.stockpr.com www.matw.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; img-src i.ytimg.com qmod.quotemedia.com s3.amazonaws.com www.googletagmanager.com googletagmanager.com ir.stockpr.com www.matw.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; frame-src *.google.com youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com vimeo.com player.vimeo.com *.hcaptcha.com hcaptcha.com ir.stockpr.com www.matw.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; object-src *.gstatic.com ir.stockpr.com www.matw.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; 1
frame-ancestors 'self' *.purevpn.com purevpn.com *.purevpn.fr purevpn.fr *.purevpn.com.tw purevpn.com.tw *.purevpn.de purevpn.de *.streamingdigitally.com streamingdigitally.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com 1
frame-ancestors 'self' bosys.eu *.bosys.eu *.touristikerfotos.net touristikerfotos.net bigreisen.com reisecentercityblick.de *.bestfortravel.com 1
frame-ancestors 'self' *.aggr.trade aggr.trade 1
frame-ancestors 'self' https://attivazioni.windtre.it attivazioni.windtre.it https://ac.windtre.it ac.windtre.it https://www.windtrebusiness.it www.windtrebusiness.it https://shop.windtre.it shop.windtre.it https://buy.shop.windtre.it  buy.shop.windtre.it ; 1
script-src 'self' https://www.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://js.quaderno.io https://sandbox-quadernoapp.com https://*.stripe.com https://m.stripe.network https://www.howsmyssl.com https://*.googletagmanager.com https://rum-static.pingdom.net 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.stripe.com 1
frame-ancestors https://*.storyblok.com https://*.complex.com 1
frame-ancestors 'self' https://*.build.com/ https://*.build-catalogs.com/ https://bcom.my.salesforce.com/ https://*.visual.force.com/ https://omconsole.com/ https://*.omconsole.com/ https://*.cybersource.com/ 1
default-src 'self';  script-src 'self' 'unsafe-inline' *.ctfassets.net *.youtube.com *.twitter.com;  child-src 'self' *.ctfassets.net *.youtube.com player.vimeo.com *.twitter.com;  style-src 'self' 'unsafe-inline' *.googleapis.com;  img-src 'self' blob: data: *.ctfassets.net *.youtube.com *.twitter.com;  media-src 'self' *.youtube.com;  connect-src *;  font-src 'self' blob: data: fonts.gstatic.com maxcdn.bootstrapcdn.com;  worker-src 'self' blob:; 1
default-src 'self'; connect-src *; font-src 'self' data:; frame-src *; img-src data: 'self' *; media-src *; object-src *; script-src data: 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; 1
script-src 'self' 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.onesignal.com https://maps.googleapis.com https://www.googletagmanager.com https://code.jquery.com https://stackpath.bootstrapcdn.com https://www.gstatic.com https://static.dialogflow.com https://onesignal.com https://www.clarity.ms https://www.google-analytics.com https://connect.facebook.net 1
default-src 'self' https://*.eracore.net https://*.google-analytics.com https://*.tawk.to wss://*.tawk.to; frame-src 'self' https://*.google.com  https://*.eracore.net; img-src 'self' https://*.google-analytics.com  https://*.tawk.to https://*.eracore.net data:; script-src 'self' 'unsafe-inline' https://*.eracore.net https://cdn.jsdelivr.net https://*.google-analytics.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.tawk.to; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.tawk.to; font-src 'self' https://*.tawk.to https://fonts.gstatic.com 1
default-src  *.responsetap.com; base-uri  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk; report-uri  https://not-available-yet.wesleyan.co.uk; report-to  https://not-available-yet.wesleyan.co.uk; upgrade-insecure-requests; manifest-src  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk; connect-src  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk  https://px.ads.linkedin.com https://clapi.civiccomputing.com https://apikeys.civiccomputing.com https://wesleyan.matomo.cloud *.google-analytics.com *.analytics.google.com *.google.co.uk *.google.com https://app.responseiq.com *.responsetap.com https://bat.bing.com https://cscript-cdn-irl.cassiecloud.com https://cscript-irl.cassiecloud.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://metrics.responsetap.com https://api.wesleyan.co.uk https://dc.services.visualstudio.com/v2/track https://pagead2.googlesyndication.com *.clarity.ms https://googleads.g.doubleclick.net; font-src  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk  https://storage.googleapis.com https://fonts.gstatic.com https://fonts.googleapis.com https://script.hotjar.com; form-action  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk  https://b2cwesleyanenv01prod.b2clogin.com https://sc92-wes-prod-si.azurewebsites.net; child-src  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk  https://snapwidget.com https://www.podbean.com/ https://widget.trustpilot.com https://video.wesleyan.co.uk https://8931421.fls.doubleclick.net https://outlook.office365.com https://cscript-cdn-irl.cassiecloud.com https://optimize.google.com www.youtube-nocookie.com https://td.doubleclick.net; frame-src  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk  https://snapwidget.com https://www.podbean.com/ https://widget.trustpilot.com https://video.wesleyan.co.uk https://8931421.fls.doubleclick.net https://outlook.office365.com https://cscript-cdn-irl.cassiecloud.com https://optimize.google.com www.youtube-nocookie.com https://td.doubleclick.net; frame-ancestors  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk; img-src  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk data:  https://app.responseiq.com https://static.responseiq.com https://api.responseiq.com https://storage.responseiq.com https://www.google.fr https://www.facebook.com https://connect.facebook.net https://px.ads.linkedin.com https://www.linkedin.com https://www.dianomi.com https://content.cookieconfidence.com https://cdn.syrenis.com https://www.googletagmanager.com https://www.google-analytics.com *.google.com *.google.co.uk https://optimize.google.com https://static.hotjar.com https://script.hotjar.com *.clarity.ms *.bing.com; media-src  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk; object-src  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk  ; script-src  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk  https://cc.cdn.civiccomputing.com https://cdn.matomo.cloud https://app.responseiq.com https://static.responseiq.com https://bat.bing.com https://connect.facebook.net https://js.buto.tv https://butoembed.twentythree.net https://snap.licdn.com https://widget.trustpilot.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://cscript-cdn-irl.cassiecloud.com https://www.googletagmanager.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com https://googleads.g.doubleclick.net https://secure.adnxs.com *.responsetap.com https://z.moatads.com www.youtube.com https://www.clarity.ms 'unsafe-inline' 'unsafe-eval' 'unsafe-inline'; script-src-elem  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk  https://cc.cdn.civiccomputing.com https://cdn.matomo.cloud https://app.responseiq.com https://static.responseiq.com https://bat.bing.com https://connect.facebook.net https://js.buto.tv https://butoembed.twentythree.net https://snap.licdn.com https://widget.trustpilot.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://cscript-cdn-irl.cassiecloud.com https://www.googletagmanager.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com https://googleads.g.doubleclick.net https://secure.adnxs.com *.responsetap.com https://z.moatads.com www.youtube.com https://www.clarity.ms 'unsafe-inline' 'unsafe-inline'; style-src  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk  https://static.responseiq.com https://cscript-cdn-irl.cassiecloud.com https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://optimize.google.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' 'unsafe-inline'; worker-src  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=sports&region=US&lang=en-US&device=desktop&yrid=5i96p8dja5tuo&partner=; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://discuss.systems; img-src 'self' https: data: blob: https://discuss.systems; style-src 'self' https://discuss.systems 'nonce-0mf5GyH/F+E/K0PrgM+mfQ=='; media-src 'self' https: data: https://discuss.systems; frame-src 'self' https:; manifest-src 'self' https://discuss.systems; form-action 'self'; child-src 'self' blob: https://discuss.systems; worker-src 'self' blob: https://discuss.systems; connect-src 'self' data: blob: https://discuss.systems https://fd.discuss.systems wss://discuss.systems; script-src 'self' https://discuss.systems 'wasm-unsafe-eval' 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://jf.x.com https://jf.twitter.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com ws://localhost:8008/v2/ipc https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com https://localhost.twitter.com:3443 https://localhost.x.com:3443; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://static.ads-twitter.com  'nonce-MGIxYzE0NTYtOTFjMC00ZDA4LWJmM2UtMmM5Y2UxNjFiZjli'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
default-src 'none'; connect-src 'self' www.bkk-mobil-oil.de www.mobil-krankenkasse.de mobil-krankenkasse.de analytics.bkk-mobil-oil.de analytics.mobil-krankenkasse.de bat.bing.com consentcdn.cookiebot.com googleads.g.doubleclick.net www.google.com jobspreader.com; font-src 'self' data: www.bkk-mobil-oil.de www.mobil-krankenkasse.de mobil-krankenkasse.de fonts.gstatic.com; frame-src consentcdn.cookiebot.com mobil-krankenkasse-wpn.eportrait.de mobiloil-wpn.eportrait.de hilfsmittel.gwq-serviceplus.de www.kununu.com pushing-limits.de www.terminland.de www.youtube-nocookie.com; img-src 'self' blob: data: www.bkk-mobil-oil.de www.mobil-krankenkasse.de mobil-krankenkasse.de analytics.bkk-mobil-oil.de analytics.mobil-krankenkasse.de bat.bing.com googleads.g.doubleclick.net www.google.com www.googletagmanager.com www.gstatic.com img.youtube.com i.ytimg.com; object-src 'self' www.bkk-mobil-oil.de www.mobil-krankenkasse.de mobil-krankenkasse.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.bkk-mobil-oil.de www.mobil-krankenkasse.de mobil-krankenkasse.de analytics.bkk-mobil-oil.de analytics.mobil-krankenkasse.de www.arztauskunftservice3.de bat.bing.com consent.cookiebot.com consentcdn.cookiebot.com www.dtvp.de www.google.com www.googleadservices.com www.googletagmanager.com bkk-mobil-oil.novomind.com mkk.novomind.com ecdn.novomind.com; style-src 'self' 'unsafe-inline' www.bkk-mobil-oil.de; report-uri https://www2.bkk-mobil-oil.de/report/; report-to csp-endpoint 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.coffee; img-src 'self' https: data: blob: https://mastodon.coffee; style-src 'self' https://mastodon.coffee 'nonce-UnEHAd+QSTx58NePO5tbIw=='; media-src 'self' https: data: https://mastodon.coffee; frame-src 'self' https:; manifest-src 'self' https://mastodon.coffee; form-action 'self'; child-src 'self' blob: https://mastodon.coffee; worker-src 'self' blob: https://mastodon.coffee; connect-src 'self' data: blob: https://mastodon.coffee https://cdn.mastodon.coffee wss://mastodon.coffee; script-src 'self' https://mastodon.coffee 'wasm-unsafe-eval' 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-dpZTzeFtFKATlFc3HzxvtQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' https://*.visiondirect.nl https://*.luxottica.com https://*.essilorluxottica.com; 1
default-src 'self' *.bbc.co.uk *.bbc.com *.bbci.co.uk *.bbci.com https://*.googlesyndication.com;child-src 'self';connect-src 'self' *.bbc.co.uk *.bbc.com *.bbci.co.uk *.bbci.com https://*.akamaihd.net https://*.doubleclick.net https://*.effectivemeasure.net https://*.google.com https://*.googlesyndication.com https://*.gstatic.com https://*.imrworldwide.com https://*.optimizely.com https://*.wearehearken.eu https://cdn.privacy-mgmt.com https://ws.bbc-reporting-api.app;font-src *.bbc.co.uk *.bbc.com *.bbci.co.uk *.bbci.com data: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://fonts.gstatic.com;frame-src 'self' *.bbc.co.uk *.bbc.com *.bbci.co.uk *.bbci.com https://*.chartbeat.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googlesyndication.com https://*.twitter.com https://bbc-maps.carto.com https://bbc.com https://cdn.privacy-mgmt.com https://chartbeat.com https://edigitalsurvey.com https://flo.uri.sh https://public.flourish.studio https://www.instagram.com https://www.riddle.com https://www.tiktok.com https://www.youtube-nocookie.com https://www.youtube.com;img-src *.bbc.co.uk *.bbc.com *.bbci.co.uk *.bbci.com data: 'self' https://*.adsafeprotected.com https://*.cdninstagram.com https://*.doubleclick.net https://*.effectivemeasure.net https://*.google.com https://*.googlesyndication.com https://*.googleusercontent.com https://*.gstatic.com https://*.imrworldwide.com https://*.tiktokcdn.com https://*.twimg.com https://*.twitter.com https://*.xx.fbcdn.net https://i.ytimg.com https://ping.chartbeat.net https://sb.scorecardresearch.com;script-src 'self' 'unsafe-inline' *.bbc.co.uk *.bbc.com *.bbci.co.uk *.bbci.com https://*.adsafeprotected.com https://*.chartbeat.com https://*.covatic.io https://*.doubleverify.com https://*.effectivemeasure.net https://*.facebook.com https://*.g.doubleclick.net https://*.google.ae https://*.google.at https://*.google.az https://*.google.be https://*.google.ca https://*.google.ch https://*.google.cl https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.kr https://*.google.co.nz https://*.google.co.tz https://*.google.co.ve https://*.google.com https://*.google.com.af https://*.google.com.ar https://*.google.com.au https://*.google.com.bo https://*.google.com.br https://*.google.com.co https://*.google.com.cy https://*.google.com.ec https://*.google.com.eg https://*.google.com.gt https://*.google.com.hk https://*.google.com.kh https://*.google.com.mm https://*.google.com.mt https://*.google.com.mx https://*.google.com.ng https://*.google.com.ni https://*.google.com.np https://*.google.com.pe https://*.google.com.pk https://*.google.com.pr https://*.google.com.py https://*.google.com.ro https://*.google.com.sa https://*.google.com.sg https://*.google.com.sv https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.uy https://*.google.com.vn https://*.google.cv https://*.google.cz https://*.google.de https://*.google.dk https://*.google.es https://*.google.fi https://*.google.fr https://*.google.ge https://*.google.hn https://*.google.ie https://*.google.iq https://*.google.it https://*.google.jo https://*.google.kz https://*.google.lk https://*.google.lv https://*.google.nl https://*.google.no https://*.google.pl https://*.google.ru https://*.google.se https://*.google.so https://*.googlesyndication.com https://*.imrworldwide.com https://*.permutive.com https://*.twimg.com https://*.twitter.com https://*.wearehearken.eu https://*.webcontentassessor.com https://*.xx.fbcdn.net https://adservice.google.co.uk https://bbc.gscontxt.net https://cdn.ampproject.org https://cdn.privacy-mgmt.com https://connect.facebook.net https://lf16-tiktok-web.ttwstatic.com https://public.flourish.studio https://sb.scorecardresearch.com https://www.googletagservices.com https://www.instagram.com https://www.riddle.com https://www.tiktok.com;style-src 'unsafe-inline' *.bbc.co.uk *.bbc.com *.bbci.co.uk *.bbci.com https://*.twimg.com https://*.twitter.com https://*.xx.fbcdn.net https://fonts.googleapis.com https://lf16-tiktok-web.ttwstatic.com;media-src *.bbc.co.uk *.bbc.com *.bbci.co.uk *.bbci.com;worker-src blob: 'self' *.bbc.co.uk *.bbc.com;report-to worldsvc;upgrade-insecure-requests 1
default-src * 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://remitano.com 1
base-uri 'none'; connect-src https://stripe.com; default-src 'none'; font-src 'self'; form-action 'none'; frame-ancestors 'none'; img-src 'self' https://images.ctfassets.net; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report 1
object-src 'none' ; frame-ancestors 'self' ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://ajax.googleapis.com https://*.purechat.com https://*.purechatcdn.com https://www.google-analytics.com https://appmon.catalyst.net.nz https://sentry.catalyst.net.nz; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com maxcdn.bootstrapcdn.com; img-src * data:; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com fonts.googleapis.com maxcdn.bootstrapcdn.com; connect-src 'self' https://*.purechat.com https://*.purechatcdn.com wss://*.purechat.com wss://*.purechatcdn.com https://*.google-analytics.com https://appmon.catalyst.net.nz https://sentry.catalyst.net.nz  https://appmon.catalyst.net.nz/api/8/envelope/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://s.go-mpulse.net https://www.youtube.com https://www.googletagmanager.com 1
default-src 'self';connect-src *;style-src 'self' 'unsafe-inline';font-src 'self' data:;script-src 'self' 'unsafe-eval' *.nmrodam.com *.imrworldwide.com *.sensic.net *.gstatic.com;img-src 'self' data: *.ardmediathek.de *.ard.de *.nmrodam.com *.imrworldwide.com;media-src * mediastream: blob:;frame-src 'self' *.ard.de *.nmrodam.com *.imrworldwide.com *.sensic.net mailto: tg: threema: fb-messenger:;frame-ancestors *;worker-src 'self' blob: 1
frame-ancestors www.storybird.com storybird.com backstage.storybird.com pad.storybird.com phone.storybird.com 1
frame-ancestors 'self' https://trustseal.enamad.ir 1
default-src 'self'; connect-src 'self' *.hcaptcha.com *.matomo.cloud *.nr-data.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.fr; form-action 'self'; frame-src 'self' *.hcaptcha.com *.asn.fr *.irsn.fr *.twitter.com *.youtube.com; frame-ancestors 'self'; img-src 'self' blob: data: *.asn.fr *.hcaptcha.com http://*.openstreetmap.org https://*.openstreetmap.org *.google-analytics.com *.analytics.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.fr; script-src 'self' platform.twitter.com hcaptcha.com *.matomo.cloud *.newrelic.com *.youtube.com *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; media-src 'self' blob: data: *.asn.fr; worker-src 'self' blob: *.asn.fr; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' 1
frame-ancestors 'self' https://www.alandsbanken.fi https://www.alandsbanken.ax https://www.alandsbanken.se https://www.alandsbanken.com 1
child-src blob:;default-src 'self' https://*.wistia.com https://*.wistia.net;connect-src http://localhost:3000 https://devsite.blueconic.com/ https://stgsite.blueconic.com/ https://blueconic.com/ https://www.blueconic.com/ https://cdn.acsbapp.com px.ads.linkedin.com https://analytics.google.com https://dogfood.blueconic.com https://pl21.blueconic.com https://assets.ctfassets.net https://viewlicense.adobe.io https://ngmrewndgx-dsn.algolia.net https://ngmrewndgx-2.algolianet.com https://ngmrewndgx-3.algolianet.com https://ngmrewndgx-1.algolianet.com https://ngmrewndgx-dsn.algolia.net https://distillery.wistia.com https://fast.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com https://embedwistia-a.akamaihd.net https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://*.blueconic.net https://*.sb.blueconic.net https://bc.holland.com https://bc.anwb.nl https://dogfood.blueconic.com https://psv.blueconic.com https://bc.gxsoftware.com https://bc.nn.nl https://wpg.blueconic.com https://b.bostonglobemedia.com https://d.putnam.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://l.clarity.ms https://*.clarity.ms https://bat.bing.com https://ipv6.6sc.co/ https://c.6sc.co/ https://secure.adnxs.com https://cdn.linkedin.oribi.io https://epsilon.6sense.com https://358-xtm-616.mktoresp.com https://js.zi-scripts.com https://ws.zoominfo.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' view.ceros.com https://go.blueconic.com/ unpkg.com https://cdnjs.com https://cdnjs.cloudflare.com https://dogfood.blueconic.com https://li.protechts.net/ https://static.licdn.com/ https://j.6sc.co https://acsbapp.com https://ws.zoominfo.com https://js.zi-scripts.com https://358-xtm-616.mktoweb.com http://358-xtm-616.mktoweb.com https://munchkin.marketo.net https://secure.adnxs.com https://js.zi-scripts.com https://ipv4.d.adroll.com/ https://www.googleanalytics.com google-analytics.com https://www.google-analytics.com https://www.googleoptimize.com www.google-analytics.com www.googletagmanager.com https://pl21.blueconic.com https://code.jquery.com https://cdn.jsdelivr.net https://dogfood.blueconic.com https://fast.wistia.com https://documentcloud.adobe.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://*.blueconic.net https://*.sb.blueconic.net https://bc.holland.com https://bc.anwb.nl https://dogfood.blueconic.com https://psv.blueconic.com https://bc.gxsoftware.com https://bc.nn.nl https://wpg.blueconic.com https://b.bostonglobemedia.com https://d.putnam.com https://www.googleadservices.com https://stats.g.doubleclick.net https://tagmanager.google.com https://*.googletagmanager.com https://s.adroll.com/j/roundtrip.js https://snap.licdn.com https://static.ads-twitter.com https://bat.bing.com https://s.adroll.com https://d.adroll.com https://www.clarity.ms https://connect.facebook.net https://*.clarity.ms;style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://fast.wistia.com https://pl21.blueconic.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://358-xtm-616.mktoweb.com http://358-xtm-616.mktoweb.com/;font-src 'self' data: https://www.blueconic.com https://fonts.blueconic.com https://cdn2.hubspot.net https://fonts.gstatic.com https://*.wistia.com https://fonts.gstatic.com;img-src 'self' data: https://x.adroll.com https://ds.reson8.com https://b.6sc.co https://images.ctfassets.net https://www.google-analytics.com https://www.googletagmanager.com https://fast.wistia.com https://embed-ssl.wistia.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://googleads.g.doubleclick.net https://www.google.com https://pl21.blueconic.com pl21.blueconic.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://t.co https://analytics.twitter.com https://px.ads.linkedin.com https://bat.bing.com https://px.ads.linkedin.com https://d.adroll.com https://c.clarity.ms https://*.clarity.ms https://www.facebook.com https://c.bing.com https://x.bidswitch.net https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://pixel.rubiconproject.com https://cm.g.doubleclick.net https://us-u.openx.net https://image2.pubmatic.com https://ups.analytics.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://ib.adnxs.com https://sync.taboola.com https://idsync.rlcdn.com https://image2.pubmatic.com https://px4.ads.linkedin.com https://segments.company-target.com https://p.adsymptotic.com https://global.ib-ibi.com https://odr.mookie1.com https://privacy-policy.truste.com https://acsbapp.com;media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net;worker-src 'self' blob:;frame-src 'self' https://x.adroll.com https://go.blueconic.com/ https://dogfood.blueconic.com view.ceros.com https://358-xtm-616.mktoweb.com/ https://li.protechts.net/ li.protechts.net www.linkedin.com https://static.licdn.com/ https://www.linkedin.com https://acsbapp.com http://358-xtm-616.mktoweb.com https://more.blueconic.com https://documentcloud.adobe.com https://fast.wistia.com https://fast.wistia.net 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: mediastream:; script-src * data: blob: mediastream: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline' data: blob: mediastream:; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * blob: data: 'unsafe-inline'; worker-src * data: blob: mediastream: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self';style-src 'self' 'unsafe-inline' https://*.cdn.flockler.com/ https://cdn.landbot.io/ https://service.giosg.com/static/stylesheets/ https://cdn.reactandshare.com/fonts/ https://maxcdn.bootstrapcdn.com/ https://cdn.jsdelivr.net/ https://fonts.googleapis.com/;img-src * data:;font-src 'self' https://cdn.landbot.io/ https://cdn.reactandshare.com/fonts/ https://*.cloudfront.net/ https://fonts.gstatic.com/ https://giosg-chat-public-eu.s3.amazonaws.com/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/ https://plugins.flockler.com/embed/ https://*.cdn.flockler.com/ https://cdn.landbot.io/ https://service.giosg.com/live/ https://service.giosg.com/static/ https://*.interactions.giosgusercontent.com/ https://cdn.reactandshare.com/plugin/ https://data.reactandshare.com/api/plugin/ https://connect.facebook.net/ https://eu1.snoobi.com/ https://platform.twitter.com/ https://js.monitor.azure.com/ https://dc.services.visualstudio.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com/ https://cdn.jsdelivr.net/ https://static.hotjar.com/ https://script.hotjar.com/ https://cookie-cdn.cookiepro.com/;frame-src 'self' https://dashboard.find.episerver.net/ https://www.youtube.com/embed/ https://www.youtube-nocookie.com/embed/ https://www.google.com https://*.clients.giosgusercontent.com/ https://www.slideshare.net/ https://dreambroker.com/ https://plugins.flockler.com/ https://platform.twitter.com/;connect-src 'self' https://plugins.flockler.com/embed/ https://storage.googleapis.com/landbot.online/ https://firestore.googleapis.com/ https://service.giosg.com/api/ https://api.giosg.com/ https://welcome.landbot.io/webchat/ https://messages.landbot.io/webchat/ https://identitytoolkit.googleapis.com/ https://data.reactandshare.com/ https://dc.services.visualstudio.com/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://cookie-cdn.cookiepro.com/ https://privacyportal.cookiepro.com/ https://geolocation.onetrust.com/ https://www.facebook.com/;object-src 'none'; 1
default-src 'self' 'unsafe-inline' *.amerihealth.com https://rtb.gumgum.com/ https://statse.webtrendslive.com/ https://match.sharethrough.com https://sync.smartadserver.com https://router.infolinks.com/ https://rtb-csync.smartadserver.com https://s-cs.rmp.rakuten.com/ https://image8.pubmatic.com/ https://live.primis.tech/ https://capi.connatix.com/ https://x.bidswitch.net/ https://tags.rd.linksynergy.com/ https://sync.outbrain.com/ https://pixel.tapad.com/ https://pixel.rubiconproject.com/ https://d.agkn.com/ https://pippio.com/ https://fei.pro-market.net https://sync.intentiq.com/ https://loadm.exelator.com/ https://aa.agkn.com/ https://idsync.rlcdn.com/ https://s.ad.smaato.net/ https://stags.bluekai.com/ https://sync.1rx.io/ https://ce.lijit.com https://ups.analytics.yahoo.com/ https://ads.stickyadstv.com/ https://image2.pubmatic.com/ https://u.openx.net/ https://ads.yieldmo.com https://sync.taboola.com https://simplifi.partners.tremorhub.com/ https://us-u.openx.net/ https://bcp.crwdcntrl.net/ https://sync.bfmio.com/ https://eb2.3lift.com/ https://www.googleadservices.com/ https://fei.pro-market.net https://www.youtube.com/ https://*.simpli.fi *.bttrack.com/ https://bttrack.com/ http://acdn.adnxs.com/ https://*.cctm.xyz/t.js https://google.com/ https://px.ads.linkedin.com/ https://sjs.bizographics.com http://www.googletagmanager.com/ http://js.bizographics.com/ https://tenvcservice.ibx.com/ https://player.vimeo.com/ https://*.ibx.com/ https://www.ihgforms.com/ https://*.google.com/ https://*.doubleclick.net/ https://*.cctm.xyz/ https://thevoyage.blob.core.windows.net https://*.cloudfront.net/ https://cdssotest.highmark.com/ *.amerihealthnj.com/ https://*.facebook.com/ https://ib.adnxs.com/ https://*.doubleclick.net/ https://ajax.googleapis.com https://njhps.mysubcalc.net/ https://acdn.adnxs.com/ https://cdnjs.cloudflare.com *.subcalc.net https://www.google-analytics.com https://www.googletagmanager.com https://code.jquery.com/ https://cdn.quantummetric.com https://googleads.g.doubleclick.net https://connect.facebook.net/ https://bat.bing.com https://www.google.com https://www.gstatic.com https://*.azureedge.net/ https://*.dynamics.com; frame-ancestors https://*.ibx.com https://*.amerihealth.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.quttera.com  cdn.rawgit.com *.tildacdn.com tilda.ws *.googletagmanager.com *.googleapis.com;img-src 'self' *.tildacdn.com  *.quttera.com js.nicedit.com *.google.com *.facebook.com forms.hsforms.com track.hubspot.com https://*.hotjar.com *.googletagmanager.com  data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com 'unsafe-inline' *.googleadservices.com  js.hs-banner.com  js.hsadspixel.net js.hs-analytics.net js.hscollectedforms.net  *.tildacdn.com *.quttera.com *.google-analytics.com *.gstatic.com *.google.com cdn.rawgit.com cdn.jsdelivr.net *.doubleclick.net *.googletagmanager.com *.hotjar.com *.facebook.net *.hs-scripts.com tilda.ws *.youtube.com *.jquery.com;  font-src 'self' https://*.hotjar.com fonts.gstatic.com *.quttera.com *.tildacdn.com data:; connect-src 'self' wss://wsp24.hotjar.com *.google-analytics.com *.google.com  wsp24.hotjar.com *.doubleclick.net *.hubspot.com *.hotjar.com *.hubapi.com *.hotjar.io *.hotjar.com *.tildacdn.com forms.hscollectedforms.net; frame-src youtube.com *.youtube.com  *.threatsign.com  threatsign.com *.doubleclick.net *.facebook.com  *.hotjar.com;  upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 1
default-src https: wss: blob: data: 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com account.psplugin.com commondatastorage.googleapis.com omni.teleperformance.se static.hotjar.com bat.bing.com track.adform.net *.doubleclick.net www.googleadservices.com www.googletagmanager.com connect.facebook.net test-allentetest.lekane.net allente.lekane.net tango-churn.viasat.dk *.vo.msecnd.net assets.adobedtm.com dl.episerver.net canaldigital.d3.sc.omtrdc.net fast.canaldigital.demdex.net dpm.demdex.net cm.everesttech.net cd-static.telenorcdn.net canaldigital.demdex.net; frame-ancestors 'self' www.elkjop.no elkjop.no www.power.no power.no logon.canaldigital.com ssotest.api-canaldigital.com ssostage.api-canaldigital.com localhost; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://sociale.network; img-src 'self' https: data: blob: https://sociale.network; style-src 'self' https://sociale.network 'nonce-W+P87rPKH9NQpPF3OzINwg=='; media-src 'self' https: data: https://sociale.network; frame-src 'self' https:; manifest-src 'self' https://sociale.network; form-action 'self'; connect-src 'self' data: blob: https://sociale.network https://cdn.sociale.network wss://sociale.network; script-src 'self' https://sociale.network 'wasm-unsafe-eval'; child-src 'self' blob: https://sociale.network; worker-src 'self' blob: https://sociale.network 1
font-src 'self' data: fonts.gstatic.com 1
img-src 'self' data: https://maps.gstatic.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/ https://www.google.com.au/ https://www.google.com.ph/ https://www.google.com.fr/ https://www.google.co.nz/ https://www.google.co.vn/ https://www.google.co.hk/ https://documents.medebridge.com.au/media/ https://maps.google.com/ https://maps.googleapis.com/ https://acsbapp.com/; font-src 'self' data: https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://acsbapp.com/; object-src 'self'; frame-src 'self' https://js.stripe.com/ https://medhealth.atlassian.net/ https://app.powerbi.com/; default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://fonts.googleapis.com/css https://maps.googleapis.com/ https://maps.gstatic.com/ https://medhealth.atlassian.net/ https://www.google-analytics.com https://www.googletagmanager.com/ https://stats.g.doubleclick.net/ https://uhgreports.medebridgeforms.com/ https://uhgreports.medebridge2.com/ https://cdn.form.io/ckeditor/19.0.0/ckeditor.js https://cdn.form.io/flatpickr/flatpickr.min.css https://cdn.form.io/flatpickr/flatpickr.min.js https://cdn.form.io/flatpickr-formio/4.6.13-formio.1/flatpickr.min.css https://cdn.form.io/flatpickr-formio/4.6.13-formio.1/flatpickr.min.js https://acsbapp.com/ https://cdn.acsbapp.com/ https://process.acsbapp.com/ https://fonts.googleapis.com/ https://browser.ihtsdotools.org https://cdn.form.io/flatpickr-formio/4.6.13-formio.3/flatpickr.min.css https://cdn.form.io/flatpickr-formio/4.6.13-formio.3/flatpickr.min.js https://acsbapp.com/; 1
default-src 'self'; connect-src *; font-src * data:;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src * 1
default-src 'self' 'unsafe-inline' data: https://service.mtcaptcha.com https://service2.mtcaptcha.com https://*.investhk.gov.hk https://investhk.gov.hk https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.hk https://*.googleapis.com https://*.gstatic.com https://ad.doubleclick.net https://*.fls.doubleclick.net https://ade.googlesyndication.com https://*.youtube.com https://*.baidu.com https://*.emtana.com https://e03.optimix.cn https://e03.optimix.asia https://j03.optimix.cn https://j03.optimix.asia https://libjs.s4mdsp.com https://evt.s4mdsp.com https://www.googleadservices.com/ https://*.qq.com https://qzonestyle.gtimg.cn https://usc.cpp32.com https://asc.cpp32.com https://*.youku.com https://*.teads.tv https://*.taboola.com; frame-src https://service.mtcaptcha.com https://service2.mtcaptcha.com youtube.com www.youtube.com https://player.vimeo.com https://e03.optimix.cn https://*.fls.doubleclick.net https://*.g.doubleclick.net https://*.teads.tv https://*.taboola.com 1
default-src 'self' scwstorageprd.blob.core.windows.net scw-cdn-sm-prd-sea.azureedge.net sdi.sats.com.sg; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.licdn.com *.googleapis.com *.gstatic.com api.worldtradingdata.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://developers.google.com/maps/documentation/javascript/examples/markerclusterer/markerclusterer.js s7.addthis.com z.moatads.com v1.addthisedge.com/live/boost m.addthis.com/live/red_lojson/300lo.json emea3.recruitmentplatform.com apidojo-yahoo-finance-v1.p.rapidapi.com www.googletagmanager.com ir.listedcompany.com sats.listedcompany.com sdi.sats.com.sg https://unpkg.com/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com apidojo-yahoo-finance-v1.p.rapidapi.com sdi.sats.com.sg; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: scw-cdn-sm-prd-sea.azureedge.net; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com scw-cdn-sm-prd-sea.azureedge.net sats.listedcompany.com; media-src 'self' data: blob: https://scw-cdn-sm-prd-sea.azureedge.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com s7.addthis.com www.google.com sats.listedcompany.com sdi.sats.com.sg; connect-src 'self' *.google-analytics.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com www.alphavantage.co api.worldtradingdata.com emea3.recruitmentplatform.com global3.recruitmentplatform.com apidojo-yahoo-finance-v1.p.rapidapi.com www.googletagmanager.com yh-finance.p.rapidapi.com maps.googleapis.com sdi.sats.com.sg https://lottie.host/; 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors * https://a.cms.omniupdate.com; 1
frame-ancestors 'self' http://pudtoday http://prointnet 1
object-src 'none'; child-src https: data: blob:; script-src 'self' *.allcomponent.org cdnjs.cloudflare.com code.jquery.com *.google.com *.betgames.tv *.betgamestv.eu *.snippet.antillephone.com *.paygiga.com netent-static.casinomodule.com *.livechatinc.com cdn.livechatinc.com *.liveperson.net *.lpsnmedia.net *.googletagmanager.com *.google-analytics.com *.aitcloud.de *.betradar.com *.akamaized.net *.gstatic.com cdnstatic.thstatic.com  games.spigo.com google-analytics.com virtual.golden-race.net 'unsafe-inline' 'unsafe-eval' 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://luce-gas.it/report-uri/enforce 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de; script-src 'self' 'unsafe-inline' https://piwik.bzga.de; img-src 'self' data: https://piwik.bzga.de 1
frame-ancestors 'self' https://www.ecophon.com https://www.byggebasen.dk https://admin.byggebasen.dk 1
script-src 'strict-dynamic' 'self' 'nonce-KgI/DqRkWsXfFTtZc3QgpA==' 'report-sample'; report-uri /uwmciamprod.onmicrosoft.com/B2C_1A_SignUpOrSignIn/client/cspreport?p=B2C_1A_SignUpOrSignIn 1
default-src 'self';script-src 'self' 'nonce-lct84tlVB6hY8LDXI68iRjVE' 'unsafe-eval' *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.youtube.com *.twitter.com *.ytimg.com *.jquery.com *.bootstrapcdn.com *.timexpo.net;object-src 'self';style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com *.google.com *.gstatic.com *.peki.io;img-src 'self' data: *.google.com *.googleapis.com *.googletagmanager.com *.google.com.tr *.google-analytics.com *.gstatic.com *.doubleclick.net *.youtube.com peki.io *.peki.io *.timexpo.net;media-src 'self' *.googleapis.com;frame-src 'self' *.tim.org.tr:* *.timexpo.net *.google.com *.googletagmanager.com *.youtube.com *.youtube-nocookie.com peki.io *.peki.io *.qualtrics.com *.twitter.com;font-src 'self' data: *.gstatic.com *.bootstrapcdn.com;connect-src 'self' localhost:5001 localhost:* *.timexpo.net *.performans.com *.google-analytics.com *.doubleclick.net *.peki.io *.tim.rest *.google.com;base-uri 'self';frame-ancestors 'self' * 1
frame-ancestors 'self' avto-trast.info *.avto-trast.info ati.su *.ati.su metrika.yandex.ru; report-uri https://s1.ati.su/api/250/security/?sentry_key=26fdc7599dca4410ae3f3212919d17b9&sentry_environment=production 1
frame-ancestors 'self' *.sparkboxqa.com sparkboxqa.com *.tirediscounters.com tirediscounters.com *.dev.tirediscountersdirect.com *.tirediscountersdirect.com tirediscountersdirect.com localhost:8080 localhost:8081 1
frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://* http://* data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* http://* data:; style-src 'self' 'unsafe-inline' https://* http://* data:; font-src 'self' https://* http://* data:; object-src 'self'; 1
default-src 'self' https://www.lacrossecounty.org https://kendo.cdn.telerik.com https://kendo.cdn.telerik.com* www.google-analytics.com ajax.googleapis.com *.ctctcdn.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com code.jquery.com https://vimeo.com/ https://www.googletagmanager.com https://kendo.cdn.telerik.com *.ctctcdn.com *.constantcontact.com *.constantcontactpages.com https://cdnjs.cloudflare.com https://static.ctctcdn.com https://listgrowth.ctctcdn.com 'self' web-chat.nativechat.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://static.ctctcdn.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://www.lacrossecounty.org 'self' https://lacrossecounty.org https://static.ctctcdn.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://www.lacrossecounty.org; frame-src 'self' https://www.google.com https://www.youtube.com https://player.vimeo.com/ https://app.powerbigov.us web-chat.nativechat.com; connect-src accounts.google.com www.google-analytics.com *.mktoresp.com https://vimeo.com/ https://www.googletagmanager.com https://www.googletagmanager.com* https://kendo.cdn.telerik.com https://listgrowth.ctctcdn.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com 'self' web-chat.nativechat.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://icosahedron.website; img-src 'self' https: data: blob: https://icosahedron.website; style-src 'self' https://icosahedron.website 'nonce-3fDsVfaaIOhu+rjb6gxGSw=='; media-src 'self' https: data: https://icosahedron.website; frame-src 'self' https:; manifest-src 'self' https://icosahedron.website; form-action 'self'; child-src 'self' blob: https://icosahedron.website; worker-src 'self' blob: https://icosahedron.website; connect-src 'self' data: blob: https://icosahedron.website https://icosahedron.website wss://icosahedron.website; script-src 'self' https://icosahedron.website 'wasm-unsafe-eval' 1
'default-src' 'unsafe-inline' 'unsafe-eval' 'self' api.sacscoc.org googleapis.com *.googleapis.com google.com *.google.com gstatic.com *.gstatic 1
default-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' data:; script-src 'self' 'unsafe-inline' cdn.cloud.techsmith.com; style-src 'self' 'unsafe-inline' cdn.cloud.techsmith.com; upgrade-insecure-requests 1
default-src 'none'; child-src 'none'; connect-src 'self' *.fullstory.com *.gbci.org https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net *.slideshare.net prd-msearch.usgbc.org https://analytics.google.com *.analytics.google.com googletagmanager.com https://platform-api.usgbc.org/ https://platform-api.usgbc.org; font-src *; frame-src 'self' *.vimeo.com *.youtube.com *.gbci.org *.slideshare.net build.usgbc.org *.recaptcha.net cert-xiecomm.paymetric.com xiecomm.paymetric.com; img-src * data:; media-src 'self' *.gbci.org *.slideshare.net usgbc-web.s3.amazonaws.com gbci.s3.amazonaws.com; object-src 'self'; script-src 'self' *.twitter.com bomeimedia.com analytics.kapost.com cdn.ckeditor.com netdna.bootstrapcdn.com/ www.google-analytics.com/ s3.amazonaws.com/gbci/ use.typekit.com *.fullstory.com pi.pardot.com *.gbci.org fullstory.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com use.fontawesome.com https://pi.pardot.com https://build.usgbc.org https://www.googletagmanager.com googletagmanager.com ajax.googleapis.com https://ajax.googleapis.com googleadservices.com www.googleadservices.com recaptcha.net https://www.recaptcha.net gstatic.com https://www.gstatic.com https://platform-api.usgbc.org/ https://platform-api.usgbc.org cdn.jsdelivr.net https://cdn.datatables.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; script-src-attr 'unsafe-inline'; script-src-elem * 'unsafe-inline'; style-src 'self' 'unsafe-inline' netdna.bootstrapcdn.com *.gbci.org s3.amazonaws.com/gbci/ use.fontawesome.com maxcdn.bootstrapcdn.com p.typekit.net cloud.typography.com usgbc-web.s3.amazonaws.com fonts.googleapis.com https://cdn.datatables.net https://cdn.linearicons.com https://unpkg.com https://use.fontawesome.com https://use.typekit.net; base-uri 'self'; form-action 'self' cert-xiecomm.paymetric.com xiecomm.paymetric.com login.usgbc.org platform-api.usgbc.org usgbc-users-prd.us.auth0.com; frame-ancestors 'self' *.gbci.org *.slideshare.net; report-uri https://www.gbci.org/report-uri/enforce 1
script-src 'self' 'unsafe-eval' *.wlresources.com *.acwebconnecting.com 'sha256-e4pYjXQH6ajx5POUxz2FrYEpL/WroFiVF5clf0FNS5g=' https://api.lovense-api.com/api/cam/tipper/v2/tipper.js www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.wlresources.com; connect-src 'self' *.wlresources.com *.acwebconnecting.com wss://*.wlresources.com *.campoints.net https://display.lovense-api.com/api/customer/ *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; report-uri /err0r/js?ts=1721960773; worker-src 'self' blob:; frame-ancestors 'none'; object-src 'self' 1
frame-ancestors uitgekookt.nl 1
frame-ancestors https://4hy5z-qaaaa-aaaal-addrq-cai.icp0.io https://desktop.windoge98.com https://vault-bet.com https://www.vault-bet.com https://gooble.app  https://signalsicp.com https://kjfeq-waaaa-aaaan-qedva-cai.icp0.io https://spyzr-gqaaa-aaaan-qd66q-cai.icp0.io https://221bravo.app https://ht7v7-iaaaa-aaaak-qakga-cai.icp0.io https://mdocx-gyaaa-aaaak-qcbsq-cai.icp0.io https://calm-pasca-49d7be.netlify.app http://localhost:5173 https://zexzi-jyaaa-aaaam-abj3q-cai.icp0.io https://xw4dq-4yaaa-aaaam-abeuq-cai.ic0.app https://bxnm7-oqaaa-aaaag-albpq-cai.icp0.io https://panoramablock.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'unsafe-inline' 'unsafe-eval' https://www.roechling.com https://jobs.roechling.com https://analytics.roechling.com https://roechling.containers.piwik.pro https://roechling.piwik.pro https://editors.roechling.com *.algolia.net *.algolianet.com blob:; style-src 'unsafe-inline' https://www.roechling.com/ https://jobs.roechling.com https://editors.roechling.com *.algolia.net *.algolianet.com https://roechling.containers.piwik.pro https://roechling.piwik.pro; img-src 'self' https://analytics.roechling.com https://roechling.containers.piwik.pro https://roechling.piwik.pro data: *; frame-src 'self' https://player.vimeo.com/ *.algolia.net *.algolianet.com https://roechling.containers.piwik.pro https://roechling.piwik.pro https://www.youtube-nocookie.com/; connect-src https://www.roechling.com/ https://jobs.roechling.com/ https://editors.roechling.com https://recruiting.roechling.com https://analytics.roechling.com https://roechling.containers.piwik.pro https://roechling.piwik.pro *.algolia.net *.algolianet.com; font-src 'self' https://jobs.roechling.com https://www.roechling.com https://roechling.containers.piwik.pro https://roechling.piwik.pro filesystem: *.algolia.net *.algolianet.com; object-src 'self' https://www.roechling.com *.algolia.net *.algolianet.com https://roechling.containers.piwik.pro https://roechling.piwik.pro; 1
frame-ancestors 'self' *.virginmoney.com; report-uri https://cyburi.report-uri.com/r/t/csp/enforce; 1
script-src 'self' 'unsafe-inline' cds-sdkcfg.onlineaccess1.com connect.facebook.net cdnjs.cloudflare.com static.addtoany.com maps.googleapis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.googletagmanager.com googletagmanager.com *.googletagservices.com googletagservices.com adservice.google.com googleads.g.doubleclick.net use.typekit.net js-agent.newrelic.com www.google.com bam-cell.nr-data.net www.recaptcha.net www.gstatic.com info.autobooks.co fx.cathaybank.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ home-c44.nice-incontact.com; style-src 'self' 'unsafe-inline' static.addtoany.com fonts.googleapis.com; frame-src 'self' static.addtoany.com ad.doubleclick.net www.youtube.com www.youtube-nocookie.com www.facebook.com www.recaptcha.net info.autobooks.co recaptcha.google.com/recaptcha www.google.com/recaptcha/ home-c44.nice-incontact.com 1
default-src 'self' https://onoffmix.com https://*.onoffmix.com https://*.facebook.com https://*.google.com https://*.iamport.kr https://*.channel.io; connect-src 'self' https://translate.googleapis.com wss://*.channel.io https://*.channel.io https://collector-api-general.zaikorea.org https://*.kakao.com https://*.buttr.dev https://*.codenbutter.com https://buttr.dev https://*.widerplanet.com https://*.amplitude.com https://*.doubleclick.net https://*.google.com https://bam.nr-data.net https://www.facebook.com https://*.clarity.ms https://*.google-analytics.com https://onesignal.com https://*.onesignal.com https://*.gstatic.com https://onoffmix.com https://*.onoffmix.com wss://onoffmix.com wss://*.onoffmix.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.channel.io https://js.sentry-cdn.com https://*.googleapis.com https://scripts.zaikorea.org https://*.daumcdn.net https://chai.finance https://unpkg.com https://momentjs.com https://*.buttr.dev https://*.codenbutter.com https://buttr.dev https://cdnjs.cloudflare.com https://*.kakao.com https://*.kakaocdn.net https://*.apple.com https://*.cdn-apple.com https://*.newrelic.com https://*.iamport.kr https://onoffmix.com https://*.onoffmix.com https://bam.nr-data.net https://*.newrelic.com https://pixel.mathtag.com https://*.widerplanet.com https://nrbe.pstatic.net https://*.amplitude.com https://connect.facebook.net https://*.widerplant.com https://*.clarity.ms https://*.googletagmanager.com https://*.google-analytics.com https://onesignal.com https://*.onesignal.com https://*.googlesyndication.com https://*.naver.com https://openapi.map.naver.com https://wcs.naver.net https://*.google.com https://*.google.co.kr https://*.doubleclick.net https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://onoffmix.com https://*.onoffmix.com https://www.gstatic.com https://*.googleapis.com https://fonts.googleapis.com https://onesignal.com; font-src 'self' data: https://onoffmix.com https://*.onoffmix.com https://fonts.gstatic.com; frame-src 'self' https://*.map.daum.net https://*.buttr.dev https://*.codenbutter.com https://buttr.dev https://*.naver.com https://*.kakao.com https://onoffmix.com https://*.onoffmix.com https://*.iamport.kr https://www.facebook.com https://pixel.mathtag.com https://astg.widerplanet.com https://*.doubleclick.net https://*.google.com https://*.iamport.kr https://*.youtube.com; object-src 'none'; img-src * 'self' data: https:;  1
default-src 'self' *.sixt-neuwagen.de *.sixt-leasing.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src *;object-src 'none';script-src 'self' *.sixt-neuwagen.de *.sixt-leasing.com https: 'unsafe-inline' https: 'unsafe-eval';script-src-attr 'self' *.sixt-neuwagen.de *.sixt-leasing.com https: 'unsafe-inline' https: 'unsafe-eval';style-src 'self' *.sixt-neuwagen.de *.sixt-leasing.com https: 'unsafe-inline';upgrade-insecure-requests;frame-src *;connect-src * 1
font-src *.klarnacdn.net *.fontawesome.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.amazonaws.com *.cdn-apple.com data: *.glopal.com *.glopalservice.com *.gocertify.me *.googleapis.com *.google.com google.com *.google.at *.g.doubleclick.net *.googlesyndication.com *.googleadservices.com *.google-analytics.com *.criteo.net *.criteo.com *.gstatic.com *.hotjar.com *.hotjar.io *.icomoon.io *.klarna.com *.klarnaservices.com *.referralcandy.com reporting.trespass.com reporting.nevisport.com *.retargeted.co smct.co *.smct.co smct.io *.smct.io *.tiktok.com *.worldpay.com *.postrelease.com *.salesfire.co.uk *.yahoo.net *.dmxleo.com *.facebook.net fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com *.reviews.io *.reviews.co.uk https://secure-test.worldpay.com/shopper/3ds/ddc.html *.facebook.com *.google.com google.com *.google.at *.g.doubleclick.net *.googlesyndication.com *.googleadservices.com *.google-analytics.com *.criteo.net *.criteo.com *.glopal.com *.glopalservice.com *.klarnacdn.net *.list-manage.com *.pure360.com *.referralcandy.com reporting.trespass.com reporting.nevisport.com *.retargeted.co *.worldpay.com *.postrelease.com *.salesfire.co.uk *.tiktok.com *.yahoo.net *.dmxleo.com *.facebook.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.reviews.io *.reviews.co.uk https://pay.google.com https://secure-test.worldpay.com scripts.affiliatefuture.com *.amazonaws.com *.arcot.com *.bsmartdata.com *.cloudfront.net *.doubleclick.net *.facebook.com *.glopal.com *.glopalservice.com *.gocertify.me *.google.com google.com *.google.at *.g.doubleclick.net *.googlesyndication.com *.googleadservices.com *.google-analytics.com *.criteo.net *.criteo.com *.hotjar.com *.hotjar.io *.icomoon.io *.klarnacdn.net *.klarnaservices.com *.list-manage.com *.official-coupons.com *.paypalobjects.com *.playground.klarnaservices.com *.referralcandy.com reporting.trespass.com reporting.nevisport.com *.retargeted.co *.salesfire.co.uk senior.discount smct.co *.smct.co smct.io *.smct.io *.soreto.com connect.studentbeans.com *.studentbeans.com *.tradedoubler.com *.tiktok.com *.veinteractive.com *.vimeo.com *.worldpay.com *.youthdiscount.com *.postrelease.com *.yahoo.net *.dmxleo.com *.facebook.net *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.cloudflare.com *.gstatic.com www.google-analytics.com *.t-pass.co.uk *.adnxs.com *.adroll.com *.amazonaws.com *.bidswitch.net *.bing.com *.clarity.ms *.criteo.net *.criteo.com *.doubleclick.net eep.io *.eep.io *.facebook.com *.glopal.com *.glopalservice.com *.gocertify.me *.google.com *.google.co.uk *.googleadservices.com googletagmanager.com *.googlesyndication.com google.com *.google.at *.g.doubleclick.net *.hotjar.com *.hotjar.io *.icomoon.io img-statics.com *.klarnaservices.com *.official-coupons.com *.official-deals.co.uk *.onetrust.com *.openx.net *.payments-amazon.com *.playground.klarnaservices.com *.referralcandy.com reporting.trespass.com reporting.nevisport.com *.salesfire.co.uk smct.co *.smct.co smct.io *.smct.io *.soreto.com www.uploadlibrary.com *.volvelle.tech *.yahoo.com *.ytimg.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.adform.net *.omnitagjs.com *.casalemedia.com id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.outbrain.com *.pubmatic.com *.tremorhub.com *.tiktok.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.krxd.net *.thebrighttag.com *.postrelease.com *.revcontent.com *.retargeted.co *.yahoo.net *.dmxleo.com *.facebook.net www.googletagmanager.com googleads.g.doubleclick.net ssl.gstatic.com www.gstatic.com maps.gstatic.com maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com *.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ *.google.com www.googletagmanager.com www.google-analytics.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.reviews.io *.reviews.co.uk https://www.google.com/recaptcha/api.js *.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js tags.affiliatefuture.com scripts.affiliatefuture.com *.adroll.com *.amazonaws.com *.atdmt.com *.bing.com chimpstatic.com *.chimpstatic.com *.clarity.ms *.cloudfront.net *.criteo.net *.criteo.com *.consensu.org data: *.doubleclick.net *.ethn.io *.facebook.com *.facebook.net *.freshrelevance.com *.glopal.com *.glopalservice.com *.gocertify.me google.com google-analytics.com *.googleoptimize.com *.analytics.google.com *.googlesyndication.com *.googleadservices.com *.googleapis.com *.google.at *.g.doubleclick.net *.hotjar.com *.hotjar.io *.icomoon.io *.newrelic.com *.nr-data.net *.onetrust.com *.oribi.io *.playground.klarnaservices.com *.referralcandy.com *.revlifter.io reporting.trespass.com reporting.nevisport.com *.salesfire.co.uk senior.discount smct.co *.smct.co smct.io *.smct.io *.soreto.com cdn.studentbeans.com *.tradedoubler.com *.veinteractive.com *.worldpay.com wss://*.freshrelevance.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.tiktok.com *.3lift.com *.adform.net *.omnitagjs.com *.casalemedia.com id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.outbrain.com *.pubmatic.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.krxd.net *.thebrighttag.com *.postrelease.com *.retargeted.co *.yahoo.net *.dmxleo.com googletagmanager.com ssl.google-analytics.com tagmanager.google.com maps.googleapis.com https://www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net *.fontawesome.com unsafe-inline *.cloudfront.net *.reviews.io *.reviews.co.uk *.cloudflare.com data: *.glopal.com *.glopalservice.com *.gocertify.me *.google.com fonts.googleapis.com *.google.at *.g.doubleclick.net *.googlesyndication.com *.googleadservices.com *.google-analytics.com *.criteo.net *.criteo.com *.icomoon.io *.klarna.com *.klarnaservices.com *.playground.klarnaservices.com *.referralcandy.com reporting.trespass.com reporting.nevisport.com *.retargeted.co smct.co *.smct.co smct.io *.smct.io *.worldpay.com *.postrelease.com *.salesfire.co.uk *.tiktok.com *.yahoo.net *.dmxleo.com *.facebook.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com widget.freshworks.com m2epro.freshdesk.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.amazonaws.com *.appspot.com *.atdmt.com *.bing.com *.clarity.ms *.criteo.net *.criteo.com *.doubleclick.net *.dycdn.net *.freshrelevance.com *.glopal.com *.glopalservice.com *.gocertify.me *.hotjar.com:* *.hotjar.io:* *.icomoon.io *.klarnauserservices.com *.googleapis.com *.google.com pay.google.com google.com *.google.at *.g.doubleclick.net *.analytics.google.com *.google-analytics.com *.googlesyndication.com *.googleadservices.com *.nr-data.net *.onetrust.com *.playground.klarnaservices.com *.playground.klarnauserservices.com *.pure360.com *.pvnsolutions.com *.referralcandy.com reporting.trespass.com reporting.nevisport.com *.revlifter.com *.retargeted.co *.salesfire.co.uk senior.discount smct.co *.smct.co smct.io *.smct.io *.smartmetrics.co.uk https://*.soreto.com *.tiktok.com *.veinteractive.com wss://*.freshrelevance.com wss://*.hotjar.com *.postrelease.com *.yahoo.net *.dmxleo.com *.facebook.net google-analytics.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://trespass.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://carlsoncraft.com https://yui-s.yahooapis.com https://cbi.boldchat.com https://vms.boldchat.com https://vmss.boldchat.com https://*.carlsoncraft.com https://*.theoccasionsgroup.com https://static.hotjar.com https://script.hotjar.com https://code.jquery.com https://livechat.boldchat.com https://platform-api.sharethis.com https://connect.facebook.net https://s7.addthis.com https://v1.addthisedge.com https://z.moatads.com https://api-public.addthis.com https://assets.pinterest.com https://edge.addthis.com http://static.hotjar.com https://bat.bing.com; script-src-elem 'self' 'unsafe-inline'  https://carlsoncraft.com https://ssl.google-analytics.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://www.googleadservices.com https://www.googletagmanager.com https://maps.googleapis.com https://*.sharethis.com https://ajax.googleapis.com https://m.addthis.com https://graph.facebook.com https://widgets.pinterest.com https://widgets.pinterest.com https://googleads.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com https://yui-s.yahooapis.com https://dealerresources.carlsoncraft.com; img-src * 'self' data: https://carlsoncraft.com https://yui-s.yahooapis.com https://cbi.boldchat.com https://vms.boldchat.com https://vmss.boldchat.com https://*.carlsoncraft.com https://*.theoccasionsgroup.com https://static.hotjar.com https://script.hotjar.com https://code.jquery.com https://livechat.boldchat.com https://platform-api.sharethis.com https://connect.facebook.net https://s7.addthis.com https://v1.addthisedge.com https://z.moatads.com https://api-public.addthis.com https://assets.pinterest.com https://edge.addthis.com http://static.hotjar.com https://bat.bing.com; style-src 'self' 'unsafe-inline' https://carlsoncraft.com https://fonts.googleapis.com http://fonts.googleapis.com https://cbi.boldchat.com https://cdnjs.cloudflare.com https://*.carlsoncraft.com https://*.theoccasionsgroup.com https://use.fontawesome.com; font-src 'self'  data: https://carlsoncraft.com https://netdna.bootstrapcdn.com https://*.carlsoncraft.com https://*.theoccasionsgroup.com https://use.fontawesome.com https://fonts.gstatic.com https://script.hotjar.com http://script.hotjar.com; frame-src 'self' https://carlsoncraft.com https://www.youtube.com https://*.fls.doubleclick.net https://*.carlsoncraft.com https://*.theoccasionsgroup.com https://googleads.g.doubleclick.net https://vars.hotjar.com https://livechat.boldchat.com https://c.sharethis.mgr.consensu.org https://www.facebook.com https://s7.addthis.com https://assets.pinterest.com https://edge.addthis.com https://www.google.com; connect-src 'self' data: wss: https://carlsoncraft.com https://www.google-analytics.com https://*.carlsoncraft.com https://*.theoccasionsgroup.com https://vms.boldchat.com http://blog.carlsoncraft.com https://in.hotjar.com https://vc.hotjar.io https://*.sharethis.com https://m.addthis.com https://www.facebook.com https://graph.facebook.com https://stats.g.doubleclick.net wss://*.hotjar.com https://vc.hotjar.io:* https://*.hotjar.com:* http://*.hotjar.com:* https://s7.addthis.com https://metrics.hotjar.io https://content.hotjar.io https://contactpro.taylor.com https://maps.googleapis.com https://visitor-services.boldchat.com; 1
default-src 'self' 'unsafe-eval' data: https://*.wistia.com https://*.wistia.net https://event.api.drift.com https://metrics.api.drift.com https://cta-service-cms2.hubspot.com https://pipedream.wistia.com https://distillery.wistia.com; script-src 'self' 'unsafe-eval' https://*.wistia.com https://*.wistia.net https://src.litix.io https://button.glitch.me https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://api.hubapi.com https://js.hsforms.net https://hire.myavionte.com https://www.google.com https://snap.licdn.com https://connect.facebook.net https://js.driftt.com https://event.api.drift.com https://metrics.api.drift.com https://js.hsleadflows.net https://tracking.g2crowd.com https://sc.lfeeder.com https://js.hubspot.com https://cta-service-cms2.hubspot.com https://open.spotify.com https://embed.podcasts.apple.com https://www.iheart.com https://app.fusebox.fm/ https://js.hubspotfeedback.com https://googleads.g.doubleclick.net https://google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://fast.wistia.net https://js-na1.hs-scripts.com 'nonce-4ZfJxo/nB4P4twftMkL5sySPQH0=' nonce-hN7HuLBgY5J3ZNFJmZ+qrBv5h0A= ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' data: blob: https://fast.wistia.com https://button.glitch.me 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://glitch.com https://cdn.glitch.com https://avatars0.githubusercontent.com https://track.hubspot.com https://forms.hsforms.com https://forms-na1.hsforms.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://www.linkedin.com https://px4.ads.linkedin.com https://tr.lfeeder.com https://perf-na1.hsforms.com https://tr-rc.lfeeder.com https://www.google.com blob: https://www.google-analytics.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://api.glitch.com https://api.hubapi.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://js.hs-banner.com https://event.api.drift.com https://metrics.api.drift.com https://cdn.linkedin.oribi.io https://forms.hubspot.com https://cta-service-cms2.hubspot.com https://pipedream.wistia.com https://distillery.wistia.com https://js.hubspot.com https://js.hsleadflows.net https://my.wpengine.com https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ampcid.google.com about: https://px.ads.linkedin.com https://google.com https://www.analytics.google.com www.googletagmanager.com; font-src 'self' data: data: https://*.wistia.com fonts.gstatic.com fonts.googleapis.com; object-src 'self' https://metrics.api.drift.com https://event.api.drift.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://js.driftt.com; frame-src 'self' https://fast.wistia.com https://fast.wistia.net https://bid.g.doubleclick.net https://www.youtube-nocookie.com data: blob: https://hire.myavionte.com https://app.hubspot.com https://static.hsappstatic.net https://forms.hsforms.com https://js.driftt.com https://event.api.drift.com https://metrics.api.drift.com https://www.facebook.com https://cta-service-cms2.hubspot.com https://forms.hubspot.com https://open.spotify.com https://embed.podcasts.apple.com https://www.iheart.com https://pipedream.wistia.com https://distillery.wistia.com https://js.hubspot.com https://js.hsleadflows.net https://www.instagram.com https://*.vimeo.com https://*.vimeocdn.com https://*.googlesyndication.com https://app.fusebox.fm https://www.google.com https://td.doubleclick.net https://*.hs-sites.com/ www.youtube.com www.googletagmanager.com; child-src 'self' www.youtube.com www.googletagmanager.com; 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.ed.gov http://*.ed.gov; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; object-src 'self' 'unsafe-eval' 'unsafe-inline' https:; script-src-elem 'unsafe-inline' blob: https:; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://analytics.rubensteintech.com https://analytics.rubyapps.dev.ruby.app https://analytics.rubyapps.io https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://code.jquery.com https://kit.fontawesome.com https://maps.googleapis.com https://player.vimeo.com https://static.ctctcdn.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://use.typekit.net https://ssl.p.jwpcdn.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://hello.myfonts.net https://static.ctctcdn.com https://www.googletagmanager.com ; connect-src 'self' https://*.analytics.google.com https://*.google-analytics.com https://analytics.google.com https://analytics.rubensteintech.com https://analytics.rubyapps.dev.ruby.app https://analytics.rubyapps.io https://cdn.cookielaw.org https://cdn.plyr.io https://forms.hubspot.com https://google-analytics.com https://hubspot-forms-static-embed.s3.amazonaws.com https://ka-f.fontawesome.com https://listgrowth.ctctcdn.com https://maps.googleapis.com https://maps.gstatic.com https://noembed.com https://stats.g.doubleclick.net https://vimeo.com https://visitor2.constantcontact.com https://www.google-analytics.com/ https://ssl.p.jwpcdn.com ; font-src 'self' data: https://fonts.gstatic.com https://ka-f.fontawesome.com https://use.typekit.net ; img-src 'self' data: blob: https://*.analytics.google.com https://*.google-analytics.com https://analytics.google.com https://cdn.cookielaw.org https://f.hubspotusercontent30.net https://google-analytics.com https://i.vimeocdn.com https://i.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://track.hubspot.com https://www.google-analytics.com https://www.googletagmanager.com https://p.typekit.net https://jwpltx.com https://bsfllp.vuture.net ; frame-src 'self' mailto: blob: https://player.vimeo.com https://static.ctctcdn.com https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://cdn.yoshki.com/ ; worker-src 'self' blob: ; media-src 'self' data: https://cdn.plyr.io https://vimeo.com https://www.youtube.com ; frame-ancestors 'self' ; object-src 'self' ; 1
frame-ancestors 'self' https://*.toyota.ie https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
base-uri 'none'; object-src 'none'; connect-src 'self' cdn.linkedin.oribi.io ws.zoominfo.com www.google-analytics.com region1.google-analytics.com aorta.clickagy.com hemsync.clickagy.com www.facebook.com adservice.google.com analytics.google.com px.ads.linkedin.com google.com js.zi-scripts.com; script-src-attr 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net snap.licdn.com tags.clickagy.com ws.zoominfo.com www.google.com www.googletagmanager.com www.gstatic.com googleads.g.doubleclick.net www.googleadservices.com js.zi-scripts.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'report-sample'; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ www.facebook.com www.googletagmanager.com www.youtube.com; report-uri https://earthreporturi.report-uri.com/r/d/csp/wizard; 1
frame-ancestors 'self' *.bluecatnetworks.com bluecat.pathfactory.com bluecat.lookbookhq.com; 1
frame-ancestors 'self' https://*.hhsva.ca https://*.teamhhsva.ca https://*.hhsvaagm.ca https://*.preferredcatering.ca ; script-src https://cdn.jsdelivr.net https://*.googleapis.com https://*.google.com https://*.connect.facebook.net https://*.youtube.com https://*.google-analytics.com https://*.hotjar.com https://*.googletagmanager.com https://*.facebook.net https://*.twitter.com 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com ; style-src https://use.fontawesome.com https://cdn.jsdelivr.net https://*.googleapis.com https://unpkg.com https://www.gstatic.com 'self' 'unsafe-inline'; 1
frame-ancestors 'self' www.facebook.com www.youtube.com cdn.iwnsvg.com si0.iwnsvg.com si1.iwnsvg.com; 1
default-src *;img-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src https://subscriptions.heylogin.com; font-src 'self' data:; img-src 'self' data: https://static.heylogin.app; connect-src 'self' https://*.heylogin.app https://stackreports.heylogin.app; report-uri https://heyloginapp.report-uri.com/r/d/csp/enforce 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://shop.pzu.com.ua https://optimize.google.com https://*.doubleclick.net https://www.facebook.com  https://www.ssl.gstatic.com https://*.googleapis.com *.googleadservices.com www.google.com https://*.youtube.com https://www.fbstatic-a.akamaihd.net https://www.google.com *.gstatic.com https://www.googleapis.com *.googleoptimize.com https://*.googletagservices.com https://www.googleadservices.com https://dc.cux.io https://www.oauth.googleusercontent.com *.consentmanager.net https://maps.googleapis.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://connect.facebook.net https://tagmanager.google.com https://*.googlesyndication.com https://maps.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.apis.google.com https://apis.google.com; object-src 'self' https://*.doubleclick.net https://maps.googleapis.com *.googleadservices.com; 1
frame-ancestors 'self' *.vietgiaitri.com 1
script-src 'self' 'unsafe-eval' www.google-analytics.com tagmanager.google.com connect.facebook.net code.jquery.com www.googletagmanager.com maps.googleapis.com ds-aksb-a.akamaihd.net g.3gl.net policy.cookiereports.com 'unsafe-eval' 'unsafe-inline' ; object-src 'self' 1
default-src 'self' https://static.zdassets.com https://ekr.zdassets.com https://elasticpress.zendesk.com https://*.zopim.com https://res.cloudinary.com wss://elasticpress.zendesk.com wss://*.zopim.com data: https://www.10up.com https://10up.com https://revenueaccelerator.10up.com https://elasticpress.io https://www.elasticpress.io https://tenup.teamwork.com; connect-src 'self' data: https://www.10up.com https://10up.com https://revenueaccelerator.10up.com https://elasticpress.io https://www.elasticpress.io https://tenup.teamwork.com https://elasticpress.zendesk.com https://ekr.zdassets.com https://performance.typekit.net https://yoast.com https://p1.parsely.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com/ https://www.10up.com https://10up.com https://revenueaccelerator.10up.com https://elasticpress.io https://www.elasticpress.io https://tenup.teamwork.com https://static.zdassets.com https://ajax.googleapis.com/ https://js.stripe.com/ https://analytics.twitter.com https://static.ads-twitter.com https://cdnjs.cloudflare.com https://use.typekit.net https://www.youtube.com https://player.vimeo.com https://cdn.parsely.com https://*.googletagmanager.com https://*.google-analytics.com; img-src 'self' https://ps.w.org/ https://www.paypalobjects.com/ https://res.cloudinary.com/ https://v2assets.zopim.io https://static.zdassets.com data: https://www.10up.com https://10up.com https://revenueaccelerator.10up.com https://elasticpress.io https://www.elasticpress.io https://tenup.teamwork.com https://p.typekit.net https://lh3.googleusercontent.com/ https://t.co https://secure.gravatar.com https://platform.twitter.com https://analytics.twitter.com https://p1.parsely.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; style-src 'self' 'unsafe-inline' https://www.10up.com https://10up.com https://revenueaccelerator.10up.com https://elasticpress.io https://www.elasticpress.io https://tenup.teamwork.com https://www.gstatic.com/ https://cdnjs.cloudflare.com https://platform.twitter.com https://ton.twimg.com/tfw/css/ https://fonts.googleapis.com https://tagmanager.google.com; font-src 'self' data: https://www.10up.com https://10up.com https://revenueaccelerator.10up.com https://elasticpress.io https://www.elasticpress.io https://tenup.teamwork.com https://use.typekit.net https://fonts.gstatic.com https://themes.googleusercontent.com; frame-src 'self' https://js.stripe.com https://tenup.teamwork.com https://www.youtube.com https://youtube.com https://player.vimeo.com https://platform.twitter.com https://www.instagram.com https://fast.wistia.net https://ssl.google-analytics.com https://connect.facebook.net https://www.facebook.com https://s-static.ak.facebook.com; object-src 'self' 1
frame-ancestors 'self' https://www.drankgigant.nl/ https://be.drankgigant.nl/ https://www.drankgigant.de/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.infogram.com:* *.quiz-maker.com:* *.sharethis.com:* *.cloudflare.com:* *.bootstrapcdn.com:* *.poll-maker.com:* *.google-analytics.com:* *.ytimg.com:* *.twimg.com:* *.disquscdn.com:* disqus.com:* *.disqus.com:* *.googletagmanager.com:* *.consensu.org:* *.gstatic.com:* *.googleapis.com:* *.fontawesome.com:* *.addtoany.com:* *.unicef.org:* *.disqus.com:* *.facebook.com:* *.facebook.net:* *.google.com:* *.linkedin.com:* *.twitter.com:* *.umblr.com:* *.unicef.org:* *.unicef.org.au:* *.youtube.com:* *.instagram.com:* *.newrelic.com:* *.nr-data.net:* *.soundcloud.com:* *.spotify.com:* *.office.com:* *.tiktok.com:* *.tiktokcdn.com:* *.tiktokv.com:* *.ibytedtos.com:* data:; frame-ancestors 'self'; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com:* *.gstatic.com:* *.googleusercontent.com:* *.googleapis.com:* *.googleapis.com:* *.fontawesome.com:* data: 1
script-src 'nonce-kRXG/YvbUoh1v/Vl324gnw==' 'strict-dynamic' https: 'unsafe-inline'; object-src 'none'; base-uri 'none'; report-uri https://www.bennadel.com/index.cfm?event=api.csp.report; report-to csp-endpoint 1
worker-src 'self' blob:; script-src 'strict-dynamic' 'unsafe-eval' 'nonce-rslUnsSXAjaXyGn00tiQVw=='; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' https://*.michelin.com 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: http://www.google-analytics.com http://www.googletagmanager.com http://*.list-manage.com http://s3.amazonaws.com http://*.mailchimp.com http://fonts.gstatic.com http://fonts.googleapis.com http://*.youtube.com http://*.youtube-nocookie.com http://tickets.volksoper.at http://www.culturall.com https://*.list-manage.com https://s3.amazonaws.com https://*.mailchimp.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://tickets.volksoper.at https://www.culturall.com https://www.googletagmanager.com https://www.google-analytics.com https://www.wiener-staatsoper.at https://use.typekit.net https://p.typekit.net/ https://p.interacty.me/ https://cloud.ccm19.de https://matomo.volksoper.at https://connect.facebook.net https://www.facebook.com https://googleads.g.doubleclick.net https://td.doubleclick.net/ https://www.google.at https://www.google.com 1
frame-src 'self' 'unsafe-inline' https://xd.adobe.com https://www.youtube.com https://widgets.golomtbank.   /messenger https://www.google.com/ blob: data: filesystem:; object-src 'self' blob: filesystem: data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; default-src *; img-src 'self' data: *; script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://maps.googleapis.com https://www.youtube.com https://widgets.golomtbank.com https://xd.adobe.com; report-uri https://glmt.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' intranet.swbno.org webadmin.swbno.org *.jsdelivr.net *.swbno.org; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.nola.gov *.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net *.aspnetcdn.com *.facebook.net *.facebook.com *.office.com *.cloudflare.com webadmin.swbno.org *.swbno.org swbno.maps.arcgis.com *.maps.arcgis.com *.gstatic.com *.accessibe.com *.youtube.com *.userway.org *.powerbi.com *.arcgis.com *.esri.com cdn.jsdelivr.net fonts.googleapis.com *.visualstudio.com cdn.materialdesignicons.com app.purechat.com api.purechar.com platform.twitter.com www.google-analytics.com widgetapi.purechat.com cdn.syndication.twimg.com syndication.twitter.com api-cdn.purechat.com pbs.twimg.com prod.purechatcdn.com syndication.twitter.com *.twitter.com *.purechat.com *.purecharcdn.com *.google.com *.googleapis.com *.google-analytics.com *.twimg.com; font-src * data: blob:; img-src  * data: blob: ; worker-src * blob: ; media-src * blob: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://functional.cafe; img-src 'self' data: blob: https://functional.cafe; style-src 'self' https://functional.cafe 'nonce-euLYnDjbYF2FAJ7oYYyQYQ=='; media-src 'self' data: https://functional.cafe; frame-src 'self' https:; manifest-src 'self' https://functional.cafe; form-action 'self'; child-src 'self' blob: https://functional.cafe; worker-src 'self' blob: https://functional.cafe; connect-src 'self' data: blob: https://functional.cafe wss://functional.cafe; script-src 'self' https://functional.cafe 'wasm-unsafe-eval' 1
upgrade-insecure-requests  ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.lytics.io *.pricespider.com *.mapbox.com blob: feed.pghub.io pandg.tapad.com ; media-src 'self' feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com *.cookielaw.org *.onetrust.com *.moatads.com www.youtube.com pghub.io *.bazaarvoice.com *.pricespider.com js.jebbit.com cdn.segment.com *.lytics.io connect.facebook.net cdnjs.cloudflare.com *.mapbox.com feed.pghub.io pandg.tapad.com ; font-src 'self' data: cdn.pricespider.com feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' feed.pghub.io consumersupport.pg.com www.facebook.com pandg.tapad.com ; img-src 'self' data: images.ctfassets.net pixel.tapad.com *.akamaihd.net *.moatads.com www.google-analytics.com *.cookielaw.org *.onetrust.com *.bazaarvoice.com *.lytics.io www.facebook.com *.pricespider.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; connect-src 'self' *.bazaarvoice.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.doubleclick.net *.algolia.net match.adsrvr.org *.segment.com *.segment.io *.jebbit.com *.pricespider.com *.mapbox.com geolocation-db.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; default-src 'none'; upgrade-insecure-requests 1
default-src https: 'self'; connect-src https: 'self' http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://axon-ems-fe-api.arx.com.ua wss://axon-ems-fe-api.arx.com.ua; font-src https: 'self' data: http://script.hotjar.com https://script.hotjar.com; frame-src https: 'self' https://vars.hotjar.com; frame-ancestors https: 'self'; img-src https: data: 'self' https://script.hotjar.com http://script.hotjar.com; media-src https: 'self'; object-src https: 'self'; script-src 'unsafe-inline' 'unsafe-eval' https: 'self' http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com; style-src 'unsafe-inline' https: 'self'; 1
frame-ancestors 'self'; report-uri /_/commcsp?disposition=enforce 1
frame-ancestors 'self' *.thinkofliving.com 1
default-src 'self';connect-src *; child-src *; frame-src *; img-src * data:; media-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; 1
default-src 'self'; connect-src 'self' *.senat.cz https://*.google-analytics.com https://cdn.cookielaw.org *.cdn77.org; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.gstatic.com; img-src 'self' data: https://www.googletagmanager.com https://www.facebook.com https://*.senat.cz *.bradmax.com; script-src 'self' 'unsafe-inline' ajax.googleapis.com https://connect.facebook.net https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://cdn.cookielaw.org https://*.senat.cz https://*.cloudfront.net; font-src 'self' data: https://*.gstatic.com; media-src 'self' blob: https://senat.cz https://*.senat.cz *.cdn77.org; child-src 'self' blob: https://walkinto.in https://*.facebook.com https://*.google.com https://senat.cz https://*.senat.cz http://*.senat.cz; frame-ancestors 'self' https://senat.cz https://www.senat.cz http://pes https://pes https://intranet 1
default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com cdnjs.cloudflare.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.gstatic.com cdnjs.cloudflare.com assets.adobedtm.com www.googletagmanager.com www.google-analytics.com snap.licdn.com connect.facebook.net googleads.g.doubleclick.net pixel.everesttech.net www.everestjs.net bat.bing.com a.quora.com *.plusgrade.com *.awswaf.com *.dynatrace.com; frame-src 'self' www.google.com book.airvistara.com www.youtube.com www.timaticweb2.com vistara.demdex.net; font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; img-src 'self' px.ads.linkedin.com cm.everesttech.net tatasiaairlinesltd.sc.omtrdc.net bat.bing.com q.quora.com www.linkedin.com www.google.com www.google.co.in dpm.demdex.net www.googletagmanager.com data:; connect-src 'self' tatasiaairlinesltd.tt.omtrdc.net tatasiaairlinesltd.sc.omtrdc.net dpm.demdex.net lasteventf-tm.everesttech.net cdn.linkedin.oribi.io *.campaign.adobe.com fcm.googleapis.com services.airvistara.com *.amadeus.com analytics.google.com stats.g.doubleclick.net t.email.clubvistara.com www.google-analytics.com *.awswaf.com *.dynatrace.com; worker-src 'self' blob:; 1
dpu.edu.in ajax.googleapis.com maxcdn.bootstrapcdn.com googletagmanager.com blogs.dpuerp.in dpu.edu.in gbsrc.dpu.edu.in google.com youtube.com *dpu.edu.in *.dpuerp.in *.googleapis.com *.bootstrapcdn.com; 1
default-src * data: blob:; child-src https: http: 'self' *.facebook.com *.facebook.net *.ontraport.com usersnap.com load.sumome.com *.sumo.com *.twitter.com *.kxcdn.com d3mvnvhjmkxpjz.cloudfront.net/*; connect-src 'self' sumome.com sumo.com api.hubapi.com *.googletagmanager.com www.google-analytics.com forms.hubspot.com *.usersnap.com blob:; script-src https: http: 'self' 'unsafe-eval' 'unsafe-inline' d3mvnvhjmkxpjz.cloudfront.net/* *.facebook.net *.ontraport.com *.googletagmanager.com load.sumome.com *.sumo.com *.twitter.com *.kxcdn.com www.google-analytics.com api.usersnap.com/load/fb92bdd3-36ab-42b8-81ac-295a4bf444cb.js cdn.optimizely.com/js/ edge.quantserve.com/quant.js www.google.com/recaptcha/api.js; style-src https: 'self' 'unsafe-inline' d3mvnvhjmkxpjz.cloudfront.net/* *.facebook.net *.ontraport.com usersnap.com *.twitter.com load.sumome.com *.sumo.com *.kxcdn.com www.google-analytics.com *.googletagmanager.com api.usersnap.com *.googleapis.com 1
frame-ancestors 'self' https://*.shopify.com https://*.myshopify.com https://*.mybigcommerce.com 1
default-src 'self' c.clarity.ms fcmregistrations.googleapis.com cdn.shriramgi.com t.clarity.ms td.doubleclick.net pagead2.googlesyndication.com firebaseinstallations.googleapis.com www.facebook.com lumberjack-metrics.razorpay.com lumberjack.razorpay.com lumberjack-cx.razorpay.com cdnt.netcoresmartech.com cdndc.netcoresmartech.com wdc.netcoresmartech.com twa.netcoresmartech.com psegment.netcoresmartech.com maps.googleapis.com www.gstatic.com www.google.com www.googletagmanager.com www.google-analytics.com connect.facebook.net www.google-analytics.com stats.g.doubleclick.net osjs.netcoresmartech.com analytics.google.com api.razorpay.com ; script-src 'self' 'unsafe-inline' cdpanalytics.novactech.in www.googleadservices.com www.clarity.ms t.clarity.ms cdnt.netcoresmartech.com cdndc.netcoresmartech.com wdc.netcoresmartech.com twa.netcoresmartech.com psegment.netcoresmartech.com code.jquery.com checkout.razorpay.com googleads.g.doubleclick.net bat.bing.com cdn.datatables.net www.gstatic.com www.google.com cdn.shriramgi.com maps.googleapis.com use.fontawesome.com cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com  connect.facebook.net www.google-analytics.com osjs.netcoresmartech.com analytics.google.com 'unsafe-eval'; style-src 'self' 'unsafe-inline' cdnt.netcoresmartech.com cdndc.netcoresmartech.com wdc.netcoresmartech.com twa.netcoresmartech.com psegment.netcoresmartech.com weloveiconfonts.com cdn.shriramgi.com cdnjs.cloudflare.com fonts.googleapis.com cdn.jsdelivr.net code.jquery.com cdn.datatables.net; font-src 'self' 'unsafe-inline' cdnt.netcoresmartech.com cdndc.netcoresmartech.com wdc.netcoresmartech.com twa.netcoresmartech.com psegment.netcoresmartech.com cdnjs.cloudflare.com cdn.shriramgi.com data: fonts.gstatic.com weloveiconfonts.com; worker-src 'self' cdnt.netcoresmartech.com cdndc.netcoresmartech.com wdc.netcoresmartech.com twa.netcoresmartech.com psegment.netcoresmartech.com ckeditor.com; img-src 'self'  data: c.bing.com c.clarity.ms www.googletagmanager.com googleads.g.doubleclick.net cdpanalytics.novactech.in cdnt.netcoresmartech.com cdndc.netcoresmartech.com wdc.netcoresmartech.com twa.netcoresmartech.com psegment.netcoresmartech.com maps.gstatic.com maps.googleapis.com app.shriramgi.com googletagmanager.com bat.bing.com cdn.shriramgi.com maps.google.com www.google.co.in www.facebook.com www.google-analytics.com www.google.com; 1
frame-ancestors 'self' https://*.spyic.com https://spyic.com https://*.google.com 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.kodakmoments.gr/report-uri/enforce 1
script-src 'self' https://*.hotjar.com https://pay.google.com/ https://static.zohocdn.com/zohosecurity/ https://salesiq.zoho.com/ https://js.zohocdn.com https://js.zohostatic.com https://browser.sentry-cdn.com/ https://cloud-ua.webitel.com/ https://cloud-ua.webitel.com/widgets/domains/fondy/ https://widgets.binotel.com/ https://customer.smartsender.eu/js/client/ https://www.googleadservices.com/ https://analytics.twitter.com/ https://pay.google.com/ https://cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/ https://*.bing.com https://app.satismeter.com https://production-assets.codepen.io https://cdnjs.cloudflare.com/ajax/libs/ https://static.ads-twitter.com/ https://*.fondy.io  https://*.fondy.ua/ https://*.fondy.eu/ https://*.linkedin.com/ https://*.licdn.com/ https://*.google-analytics.com/ https://*.googletagmanager.com https://*.google.com https://*.google.com.ua https://*.doubleclick.net https://*.googleapis.com https://ekr.zdassets.com https://fondyhelp.zendesk.com  https://*.plerdy.com https://connect.facebook.net https://www.facebook.com https://static.zdassets.com https://widget-mediator.zopim.com https://*.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/highlight.js/ https://app.satismeter.com https://recaptcha.net https://script.ringostat.com/v4/ 'unsafe-inline' 'unsafe-eval' blob: data: ; style-src https://*.hotjar.com https://pay.google.com/ https://googletagmanager.com/debug/ https://css.zohocdn.com https://css.zohostatic.com https://widgets.binotel.com/ https://*.jquery.com https://cdnjs.cloudflare.com/ajax/libs/highlight.js/ https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ data: blob: 'unsafe-inline' 'self' https://*.fondy.io https://*.fondy.eu https://*.fondy.ua; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com  https://pay.google.com/ https://analytics.google.com/g/ https://px.ads.linkedin.com/ https://adservice.google.com/pagead/ https://sentry.dev.cipsp.net/api/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://analytics.ringostat.net/ https://callback.ringostat.com/ https://callback.ringostat.net/ https://analytics.ringostat.com/ https://salesiq.zoho.com https://salesiq.zohopublic.com ws: https://sentry.cloudipsp.com https://cloud-ua.webitel.com/  https://stats.g.doubleclick.net https://www.google-analytics.com https://*.plerdy.com https://www.facebook.com https://widget-mediator.zopim.com https://fondyhelp.zendesk.com https://ekr.zdassets.com https://*.fondy.io https://*.fondy.ua https://*.fondy.eu https://fondy.eu https://connect.facebook.net https://app.satismeter.com; frame-ancestors 'self' https://*.webvisor.com https://*.webvisor.com https://webvisor.com/* https://mc.webvisor.org https://yastatic.net https://*.fondy.ua https://*.fondy.eu https://*.fondy.io https://fondy.ua https://fondy.eu https://fondy.io; font-src 'self' https://*.hotjar.com https://fonts.gstatic.com https://css.zohocdn.com/salesiq/styles/fonts/ https://css.zohocdn.com/webfonts/ 1
upgrade-insecure-requests; default-src 'self' https:; style-src-elem 'self' https: 'unsafe-inline'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; img-src https: data:; frame-ancestors 'self' https: 1
default-src *;img-src 'self';font-src 'self' https://fonts.gstatic.com;style-src 'self' https://fonts.googleapis.com 'unsafe-inline';script-src 'strict-dynamic' 'nonce-T/wEVJOfDHDB+5XqSEVjxLF8O9E=' https: 'unsafe-inline';frame-src https://www.google.com/recaptcha/;base-uri 'none';object-src 'none';report-to main-endpoint; 1
frame-ancestors 'self' metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com; 1
default-src 'self'; style-src *.dbankcdn.cn 'self' 'unsafe-inline' *.dbankcdn.com ; script-src *.dbankcloud.cn *.dbankcloud.com *.dbankcdn.cn 'self' 'sha256-Y6kphufA9QVqszieQPKViDMgy9L8lFm9m0fbQ8FA0v8=' *.cloud.huawei.com *.dbankcdn.com ; connect-src *.dbankcdn.cn *.dbankcloud.cn 'self' *.dbankcdn.com *.map.dbankcloud.com *.hicloud.com:*; img-src *.dbankcdn.cn 'self' data: blob: *.dbankcdn.com  *.myhuaweicloud.com; worker-src 'self' blob:; frame-src 'self' *.dbankcdn.com privacy.consumer.huawei.com privacy-cn.hwcloudtest.cn:40443; 1
frame-src 'self' https://www.google.com/; frame-ancestors 'self'; object-src 'none'; 1
default-src 'self' https://consentcdn.cookiebot.com https://cn.mane.com https://www.mane.com data: https://fonts.gstatic.com https://assets.juicer.io https://consent.cookiebot.com https://www.youtube.com https://static.juicer.io https://www.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.juicer.io https://api.mapbox.com https://events.mapbox.com https://view.vzaar.com https://dacastdd.s.llnwi.net https://www.google.com; img-src 'self' https://cn.mane.com https://www.mane.com https://imgsct.cookiebot.com https://i.ytimg.com https://www.googletagmanager.com https://assets.juicer.io https://www.google.com https://www.google.fr https://www.juicer.io data: https://view.vzaar.com https://universe-files.vzaar.com https://universe-files.dacast.com https://api.mapbox.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://polyfill.io https://cn.mane.com https://www.mane.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://consent.cookiebot.com https://www.google-analytics.com https://assets.juicer.io https://consentcdn.cookiebot.com https://api.mapbox.com https://ajax.googleapis.com blob: https://vjs.zencdn.net https://unpkg.com; style-src 'self' 'unsafe-inline' https://www.mane.com https://cn.mane.com https://fonts.googleapis.com https://api.mapbox.com https://assets.juicer.io https://vjs.zencdn.net; form-action 'self' https://cn.mane.com https://www.mane.com; 1
default-src 'self' ;                style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://unpkg.com https://widget.mondialrelay.com https://api-clicandpay.groupecdn.fr https://scripts.publitas.com			https://api-clicandpay.groupcnd.fr;		img-src 'self' data:			https://ad.360yield.com https://ads.stickyadstv.com https://ads.yahoo.com https://c.bing.com https://cm.g.doubleclick.net			https://cm.meba.kr https://criteo-sync.teads.tv https://cw.addthis.com https://exchange.mediavine.com			https://googleads.g.doubleclick.net https://gum.criteo.com https://i.liadm.com https://ib.adnxs.com			https://match.sharethrough.com https://matching.ivitrack.com https://pixel.advertising.com			https://pixel.rubiconproject.com https://pixel.tapad.com https://public-prod-dspcookiematching.dmxleo.com			https://rtb-csync.smartadserver.com https://s.ad.smaato.net https://secure.adnxs.com https://simage2.pubmatic.com			https://sp.analytics.yahoo.com https://sync-criteo.ads.yieldmo.com https://sync.ad-stir.com https://sync.outbrain.com		        https://t.mydialoginsight.com https://ups.analytics.yahoo.com https://visitor.omnitagjs.com			https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.fr			https://bat.bing.com https://ad.tpmn.co.kr https://tg.socdm.com https://adgen.socdm.com https://cs.adingo.jp			https://eb2.3lift.com https://contextual.media.net https://r.casalemedia.com https://adx.dable.io			https://x.bidswitch.net https://dis.criteo.com https://idsync.rlcdn.com https://d.turn.com https://*.clarity.ms			https://sync-t1.taboola.com https://ad.as.amanad.adtdp.com https://trends.revcontent.com https://cl.avis-verifies.com			https://googletagmanager.com https://sbm.nate.com https://jadserve.postrelease.com https://cdn.stickyadstv.com			https://*.cloudfront.net https://criteo-partners.tremorhub.com https://cm.adform.net https://widget.mondialrelay.com			https://maps.gstatic.com https://maps.googleapis.com https://*.tile.openstreetmap.org https://www.mondialrelay.com			https://statics.pushaddict.com https://notifpush.com blob: https://gjigle.com https://t.paypal.com https://reductionsprivees.com https://tbs.tradedoubler.com https://storage.googleapis.com			https://api-clicandpay.groupecdn.fr https://view.publitas.com http://preprod-sc.station-chargeur.com https://eu1-doofinderuser.s3.amazonaws.com https://assets.sc-trc.com                        https://static.reductionsprivees.com https://graphql.reductionsprivees.com https://www.googletagmanager.com;                script-src 'self' 'unsafe-inline' 'unsafe-eval'                        https://maps.googleapis.com http://cl.avis-verifies.com https://cl.avis-verifies.com https://cdn.doofinder.com                        https://cdn.cookielaw.org https://fonts.googleapis.com https://fonts.gstatic.com			https://static.criteo.net https://connect.facebook.net https://www.googleadservices.com			https://asseteasydmp.net https://t.mydialoginsight.com https://gjigle.com			https://bat.bing.com https://notifpush.com https://www.googletagmanager.com https://sdk.reductionsprivees.com			https://www.google-analytics.com https://asset.easydmp.net https://*.cloudfront.net https://googleads.g.doubleclick.net			https://*.clarity.ms https://sslwidget.criteo.com https://dynamic.criteo.com https://ajax.googleapis.com			https://widget.mondialrelay.com https://unpkg.com https://www.youtube.com https://youtube.com https://secure-api.notifadz.com			https://secure-trig.notifadz.com https://www.paypalobjects.com https://www.paypal.com https://api-clicandpay.groupecdn.fr https://scripts.publitas.com https://view.publitas.com			https://www.google.com https://www.gstatic.com https://d3js.org http://preprod-sc.station-chargeur.com https://assets.sc-trc.com https://api-clicandpay.groupecnd.fr			https://tpc.googlesyndication.com https://trk.adbutter.net https://acdn.adnxs.com https://widgets.rr.skeepers.io;                connect-src 'self' 			https://cdn.cookielaw.org https://eu1-search.doofinder.com https://maps.googleapis.com			https://*.salecycle.com https://privacyportal-fr.onetrust.com https://www.clarity.ms			https://awsapis3.netreviews.eu https://www.google-analytics.com https://notifpush.com			wss://ws.salecycle.com https://stats.g.doubleclick.net https://*.clarity.ms			https://widget.mondialrelay.com https://secure-apis.notifadz.com https://adservice.google.com			https://www.google.com https://gddglis.com https://gjigle.com https://secure-api.notifadz.com https://secure-trig.notifadz.com https://www.paypal.com https://reductionsprivees.com			https://services.publitastest.nl http://preprod-sc.station-chargeur.com https://ducatillon-privacy.my.onetrust.com https://region1.google-analytics.com			https://assets.sc-trc.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net;                font-src 'self' https://fonts.gstatic.com https://cl.avis-verifies.com;                child-src 'self'			https://cl.avis-verifies.com https://gum.criteo.com https://s.salecycle.com https://asset.easydmp.net https://gjigle.com			https://www.facebook.com https://dynamic.criteo.com https://www.avis-verifies.com https://youtube.com https://www.youtube.com https://www.paypal.com https://maps.google.fr https://google.com			https://www.google.com https://api-clicandpay.groupecdn.fr http://preprod-sc.station-chargeur.com https://view.publitas.com https://www.ecologie.gouv.fr https://td.doubleclick.net; 1
default-src 'self';frame-ancestors 'self';object-src 'none' ;child-src 'self' https://cloud.typography.com;frame-src 'self' https://athora.recruitee.com https://consentcdn.cookiebot.com https://vivat3.recruitee.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com;connect-src 'self' https://dc.services.visualstudio.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://consentcdn.cookiebot.com https://*.applicationinsights.azure.com;font-src 'self' data: data: https://fonts.gstatic.com;img-src 'self' data: data: https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.gstatic.com https://i.ytimg.com https://imgsct.cookiebot.com https://ssl.gstatic.com https://www.gstatic.com;script-src 'self' 'strict-dynamic' 'nonce-Ys70nNDsd47GN/7Yy5Ox/gcn' data: data: https://*.googletagmanager.com https://az416426.vo.msecnd.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.google-analytics.com https://www.youtube.com https://*.monitor.azure.com;style-src 'unsafe-inline' https://cloud.typography.com https://fonts.googleapis.com https://tagmanager.google.com https://www.athora.nl https://www.googletagmanager.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.bunny.net app.snipcart.com data: payment.snipcart.com  cdn.snipcart.com;frame-src youtu.be youtube.com www.youtube.com ;img-src 'self' bouletcorp-admin.cepcam.fr; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://cdn.cookielaw.org https://ajax.googleapis.com https://maps.googleapis.com https://www.youtube.com https://player.vimeo.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.rubensteintech.com https://analytics.rubyapps.dev.ruby.app https://analytics.rubyapps.io https://kit.fontawesome.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com https://hello.myfonts.net ; connect-src 'self' https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com https://vimeo.com https://noembed.com https://stats.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://maps.gstatic.com https://maps.googleapis.com https://cdn.plyr.io https://www.google-analytics.com/ https://forms.hubspot.com https://analytics.rubensteintech.com https://analytics.rubyapps.dev.ruby.app https://analytics.rubyapps.io https://ka-f.fontawesome.com ; font-src 'self' data: https://fonts.gstatic.com https://ka-f.fontawesome.com ; img-src 'self' data: blob: https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com https://i.vimeocdn.com https://i.ytimg.com https://f.hubspotusercontent30.net https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://track.hubspot.com https://www.google-analytics.com ; frame-src 'self' mailto: blob: https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://cdn.yoshki.com ; worker-src 'self' blob: ; media-src 'self' data: https://vimeo.com https://www.youtube.com https://cdn.plyr.io ; frame-ancestors 'self' ; object-src 'self' ; 1
object-src 'self'; worker-src 'self'; font-src 'self' fonts.googleapis.com cdnjs.cloudflare.com fonts.gstatic.com 'unsafe-inline' img.icons8.com maps.gstatic.com; form-action 'self'; connect-src 'self' www.google-analytics.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com 'unsafe-inline' data: maps.googleapis.com img.icons8.com maps.gstatic.com googletagmanager.com; style-src 'self' cdnjs.cloudflare.com stackpath.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com 'unsafe-inline' maps.googleapis.com img.icons8.com maps.gstatic.com; default-src 'self' unsafe-inline; img-src 'self' 'unsafe-inline' data: img.icons8.com maps.gstatic.com maps.googleapis.com; media-src 'self'; manifest-src 'self'; script-src 'self' 'unsafe-inline' maps.googleapis.com img.icons8.com maps.gstatic.com googletagmanager.com www.googletagmanager.com; frame-ancestors 'self'; base-uri 'self' 1
font-src https: data:; upgrade-insecure-requests; 1
frame-ancestors 'https://conrep.notion.site' 'https://www.conrep.com' 'https://mail.conrep.com' 1
default-src 'self' 'unsafe-inline' *.perfmaker.net *.googlesyndication.com *.google.com *.google.fr *.analytics.google.com *.supabase.co *.ekoo.co danone.my.salesforce-sites.com *.secure.force.com *.force.com service.force.com *.danone.gbqofs.io mydanonelivechat.force.com danone.my.salesforce-sites.com mydanonelivechat.secure.force.com bledina-pp.agencer2.com bledina.com *.trustcommander.net *.commander1.com  *.facebook.com *.facebook.net *.pinterest.com *.google-analytics.com *.doubleclick.net lpcdn.lpsnmedia.net; img-src 'self' data: log.pinterest.com  *.googlesyndication.com *.ekoo.co *.supabase.co *.force.com http://mydanonelivechat.force.com bledina.com *.bledina.com bledina.commander1.com *.google.com *.google.fr *.pinterest.com *.facebook.com *.doubleclick.net *.google-analytics.com *.pixibox.com lpcdn.lpsnmedia.net *.tagcommander.com; font-src 'self' data: fonts.gstatic.com; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn.gbqofs.com *.perfmaker.net player.ausha.co sc-static.net *.ekoo.co *.salesforceliveagent.com static.lightning.force.com danone.my.salesforce-sites.com *.secure.force.com *.force.com *.la2-c1-cdg.salesforceliveagent.com *.la2-c1-fra.salesforceliveagent.com service.force.com *.my.salesforce.com ajax.googleapis.com *.google.com *.gstatic.com cdn.jsdelivr.net lptag.liveperson.net accdn.lpsnmedia.net lo.v.liveperson.net static.doubleclick.net lpcdn.lpsnmedia.net cdn.rawgit.com *.pinterest.com cdn.trustcommander.net *.tagcommander.com *.google-analytics.com *.facebook.net *.googletagmanager.com *.googleadservices.com *.pinimg.com *.doubleclick.net cdnjs.cloudflare.com; frame-src 'self' 'unsafe-inline' *.perfmaker.net aax-eu.amazon-adsystem.com player.ausha.co service.force.com *.facebook.com lpcdn.lpsnmedia.net *.liveperson.net www.youtube.com player.vimeo.com *.doubleclick.net *.pinterest.com *.pinterest.fr *.bledina.com cdn.trustcommander.net; 1
frame-ancestors enkoping.se piwik.enkoping.se vaxer.enkoping.se upplevenkoping.se; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://js.hsforms.net https://js.hsforms.net/forms/embed/v2.js https://www.googletagmanager.com https://cdn.tailwindcss.com https://cdn.gbqofs.com https://code.jquery.com https://acsbapp.com https://cdn.amcharts.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://forms-na1.hsforms.com; font-src 'self' https://fonts.googleapis.com; connect-src 'self' https://forms.hsforms.com https://www.google-analytics.com; frame-src 'self' https://www.google.com https://forms-na1.hsforms.com https://fonts.googleapis.com https://forms.hsforms.com/ https://forms-na1.hsforms.com/embed/v3/counters.gif https://fonts.googleapis.com/css2 https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1  https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-SUBMISSION_SUCCESS&count=1; 1
script-src 'self' www.google.com www.gstatic.com https://*.websiteoptimizer.dev https://*.wlog.dev;default-src 'self' www.google.com https://*.websiteoptimizer.dev https://*.wlog.dev;frame-src 'self' www.youtube.com www.google.com;img-src 'self' data: https://insightmakercloud-files.storage.googleapis.com/ https://insightmakercloud-files-staging.storage.googleapis.com/ www.gravatar.com www.paypalobjects.com lh3.googleusercontent.com;style-src 'self' https: 'unsafe-inline';font-src 'self' https: data:;frame-ancestors 'none' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://lor.sh; img-src 'self' https: data: blob: https://lor.sh; style-src 'self' https://lor.sh 'nonce-4/YSH2wKu0RNEQnEd+qSog=='; media-src 'self' https: data: https://lor.sh; frame-src 'self' https:; manifest-src 'self' https://lor.sh; form-action 'self'; child-src 'self' blob: https://lor.sh; worker-src 'self' blob: https://lor.sh; connect-src 'self' data: blob: https://lor.sh https://s3.eu-central-1.wasabisys.com/lor-sh/lor-sh/ wss://lor.sh; script-src 'self' https://lor.sh 'wasm-unsafe-eval' 1
default-src 'self' fonts.gstatic.com xpress.jobs static.cloudflareinsights.com use.fontawesome.com stats.g.doubleclick.net *.google-analytics.com; style-src 'self' 'unsafe-inline'  *.s3-ap-southeast-1.amazonaws.com code.jquery.com maxcdn.bootstrapcdn.com use.fontawesome.com fonts.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' static.cloudflareinsights.com  *.s3-ap-southeast-1.amazonaws.com code.jquery.com maps.googleapis.com maxcdn.bootstrapcdn.com www.googleadservices.com snap.licdn.com googleads.g.doubleclick.net cdnjs.cloudflare.com maps.googleapis.com platform.linkedin.com *.facebook.com connect.facebook.net platform.twitter.com *.google-analytics.com *.googletagmanager.com *.google.lk *.google.com *.gstatic.com; frame-src 'self' platform.twitter.com bid.g.doubleclick.net www.youtube.com sea-hnb-chatbot-webapp-bot-prod.azurewebsites.net *.facebook.com *.google.com; img-src 'self' www.hnb.net maps.gstatic.com *.twitter.com  *.google-analytics.com *.googleapis.com *.google.lk *.google.com *.facebook.com code.jquery.com *.ggpht  data: https:; frame-ancestors 'self'; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io *.sleeknote.com; frame-ancestors 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io *.sleeknote.com; frame-src blob: 'self' https://www.google.com https://www.youtube.com https://larutadelgin.com/ https://integrationssite.sleeknote.com/ https://sleeknotestaticcontent.sleeknote.com/:1 *.sleeknote.com; worker-src blob: 'self' 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://musiciansunion.info https://r1.dotdigital-pages.com https://mail.themu.org https://ajax.cloudflare.com https://static.cloudflareinsights.com https://code.jquery.com https://cdnjs.cloudflare.com/ajax/libs/cropper/0.9.3/cropper.min.js https://connect.facebook.net https://platform.twitter.com https://www.instagram.com https://static.hotjar.com https://script.hotjar.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://maps.googleapis.com https://www.gstatic.com https://embed.typeform.com https://podbean.com https://*.podbean.com https://*.tiktok.com https://*.ttwstatic.com https://plausible.io/js/script.js; style-src 'report-sample' 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/cropper/0.9.3/cropper.min.css https://fonts.googleapis.com https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css  https://*.ttwstatic.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com tiktok.com *.tiktok.com https://plausible.io/api/event; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com; frame-src 'self' https://musiciansunion.info https://r1.dotdigital-pages.com https://app.wiredplus.com https://vars.hotjar.com https://platform.twitter.com https://syndication.twitter.com https://www.instagram.com https://www.google.com https://www.youtube.com https://w.soundcloud.com https://open.spotify.com https://embed.music.apple.com https://player.vimeo.com https://bandcamp.com https://www.facebook.com https://form.typeform.com https://www.crowdcast.io https://podbean.com https://*.podbean.com https://*.audioboom.com tiktok.com *.tiktok.com; img-src 'self' https://*.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://www.google.com https://www.google.co.uk https://www.googletagmanager.com https://script.hotjar.com https://www.facebook.com; manifest-src 'self'; media-src 'self'; report-uri https://60104d4bbcd8c7f28285dbe7.endpoint.csper.io/; worker-src 'none'; 1
frame-ancestors 'self' terminal.dietfurt.de  terminal.naturpark-altmuehltal.de; 1
object-src 'none';    base-uri 'self';    frame-ancestors 'self';    upgrade-insecure-requests; 1
child-src 'self' td.doubleclick.net *.google.com *.adyen.com;frame-src  'self' *.facebook.com *.snapchat.com *.google.com *.adyen.com td.doubleclick.net www.zenaps.com *.drg.co.uk *.kidspass.co.uk *.popcornpass.co.uk *.digitalperks.co.uk *.familypass.co.uk *.globalhotelpass.co.uk *.globalhotelpass.com *.daysout.com;connect-src 'unsafe-inline' 'self' data: ws: wss: https: www.google.co.uk bat.bing.com googleads.g.doubleclick.net *.googlesyndication.com maps.googleapis.com localhost:* http://localhost:* www.google-analytics.com stats.g.doubleclick.net app.termly.io www.googletagmanager.com www.google.com analytics.tiktok.com *.analytics.google.com *.adyen.com tr.snapchat.com;img-src 'self' data: googleads.g.doubleclick.net *.facebook.com connect.facebook.net bat.bing.com maps.googleapis.com *.gstatic.com www.googletagmanager.com www.google-analytics.com www.google.com www.google.co.uk www.w3.org lantern.roeye.com cdn.jsdelivr.net www.zenaps.com www.awin1.com *.drg.co.uk *.kidspass.co.uk *.popcornpass.co.uk *.digitalperks.co.uk *.familypass.co.uk *.globalhotelpass.co.uk *.globalhotelpass.com *.daysout.com media.giphy.com *.adyen.com *.cdn.adyen.com daysout.co.uk lordicon.com *.snapchat.com *.twitter.com;font-src 'self' data: unpkg.com fonts.googleapis.com *.gstatic.com cdnjs.cloudflare.com fonts.gstatic.com *.fontawesome.com lordicon.com *.adyen.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' ajax.aspnetcdn.com www.googletagmanager.com *.google-analytics.com cdnjs.cloudflare.com cdn.jsdelivr.net *.adyen.com *.google.com code.jquery.com app.termly.io dwin1.com unpkg.com www.dwin1.com lantern.roeyecdn.com googleads.g.doubleclick.net static.cloudflareinsights.com analytics.tiktok.com bat.bing.com maps.googleapis.com www.gstatic.com *.cdn.adyen.com pay.google.com api.ideal-postcodes.co.uk www.googleadservices.com pjtharness.ckmhop.com www.zenaps.com the.sciencebehindecommerce.com *.lordicon.com *.drg.co.uk connect.facebook.net *.facebook.com sc-static.net *.snapchat.com *.twitter.com cdn.ckeditor.com ajax.googleapis.com hosted.paysafe.com kit.fontawesome.com songbird.cardinalcommerce.com stackpath.bootstrapcdn.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://hessen.social; img-src 'self' https: data: blob: https://hessen.social; style-src 'self' https://hessen.social 'nonce-/RlLEs7HnKGPtg5KQoyyTA=='; media-src 'self' https: data: https://hessen.social; frame-src 'self' https:; manifest-src 'self' https://hessen.social; form-action 'self'; child-src 'self' blob: https://hessen.social; worker-src 'self' blob: https://hessen.social; connect-src 'self' data: blob: https://hessen.social https://hessen.social wss://hessen.social; script-src 'self' https://hessen.social 'wasm-unsafe-eval' 1
default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src 'self' data: https://smart-ip.net; connect-src 'self' wss://*.liveperson.net http://* 'unsafe-inline' 'unsafe-eval'; 1
default-src https:; script-src 'self' https://www.youtube.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com https://www.googletagmanager.com https://platform.twitter.com https://connect.facebook.net 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src 'self' https://www.w3.org/2000/svg 'unsafe-inline'; font-src 'self' data:; img-src https://syndication.twitter.com https://www.google-analytics.com https://i.ytimg.com https://facebook.com https://www.facebook.com 'self'  data:; 1
frame-ancestors 'self' *.studis-online.de *.bafoeg-rechner.de *.netzseiten.de; 1
frame-ancestors 'self' *.kassel.de *.stadtreiniger.de *.stadt-kassel.de *.kasselkultur2022.de www-kassel-de.translate.goog 1
frame-ancestors 'self' https://edicola.ilroma.net/ 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.charteroak.edu http://*.omniupdate.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ursal.zone; img-src 'self' data: blob: https://ursal.zone https://cdn.ursal.zone; style-src 'self' https://ursal.zone 'nonce-5aBLCwnlp8JliKG8eOp2hA=='; media-src 'self' data: https://ursal.zone https://cdn.ursal.zone; frame-src 'self' https:; manifest-src 'self' https://ursal.zone; form-action 'self'; child-src 'self' blob: https://ursal.zone; worker-src 'self' blob: https://ursal.zone; connect-src 'self' data: blob: https://ursal.zone https://cdn.ursal.zone wss://ursal.zone; script-src 'self' https://ursal.zone 'wasm-unsafe-eval' 1
default-src 'none'; connect-src *; font-src * data: about:; frame-src *; img-src * data: about:; media-src 'self' www.l3harris.com; script-src 'self' 'strict-dynamic' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com 'nonce-8IfphwjrXbwJsGRUbhhVcw'; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.wescam.info www.googletagmanager.com cdn.userway.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; form-action 'self' www.facebook.com; frame-ancestors 'self'; report-uri https://www.l3harris.com/report-uri/enforce 1
connect-src 'self' https://consentcdn.cookiebot.com  https://www.google-analytics.com; font-src 'self' fonts.gstatic.com; frame-src 'self' https://consentcdn.cookiebot.com  youtube.com www.youtube.com https://www.facebook.com https://destinilocators.com https://player.vimeo.com/ https://d2c2pc4938x49p.cloudfront.net/ https://d3oe0yoemy00cg.cloudfront.net/; img-src *; script-src 'self' https://consent.cookiebot.com   https://consentcdn.cookiebot.com https://consent.cookiebot.com/uc.js https://www.youtube.com/iframe_api https://www.google-analytics.com https://ssl.google-analytics.com *.googletagmanager.com  *.cookiebot.com  youtube.com www.youtube.com connect.facebook.net https://destinilocators.com/bolthousefarms/site/install/ https://destinilocators.com/control/pscript_s.js https://destinilocators.com/control/gtm.js https://player.vimeo.com/api/player.js  'unsafe-inline'; script-src-elem 'self' https://consent.cookiebot.com   https://consentcdn.cookiebot.com https://consent.cookiebot.com/uc.js https://www.youtube.com/iframe_api https://www.google-analytics.com https://ssl.google-analytics.com *.googletagmanager.com  *.cookiebot.com  youtube.com www.youtube.com connect.facebook.net 'sha256-t/nwnYa7CkMOiVkh2Bp3iW7JLICRxPsGkN0O0OonnW0=' 'sha256-CF1J8IwfSw2kT/tIoH1iFqIe0uHe0G+WGrB3BL16Bco=' 'sha256-+hZyosobhUriFr+VybdepsNA5z3yB8a4szXMZOj+030=' 'sha256-3EAKSgo1aFAMv86iit3lZDIclGW8iQhpBj+6ZG+Zu3s=' 'sha256-c0+CseKyBLY+S5BTdE0UHs5mBWL8UTl1dd7NLDFlIq4=' https://destinilocators.com/bolthousefarms/site/install/ https://destinilocators.com/control/pscript_s.js https://destinilocators.com/control/gtm.js https://player.vimeo.com/api/player.js 'sha256-VyR/+TC4HI+6r6SEq5lfv7Xbzc+yhbJZtp00/egP0pM=' 'sha256-P9MnoWaMwcEMOEPeWnorxhSQ2Fb0lofchey4YsOYeu4=' 'sha256-Gp70VQyXtfY9dEFKEiJwOY1H1SuwVcnnopbUg2QcnXw=' https://destinilocators.com/bolthousefarms/pdpwidget/install/ 'sha256-p9ehbm2jeUJA9MPUO+l/xAReN+wscpsOmTxy4KXIZ8w='  'sha256-clRxcaRYB71+kXqGT2rQetOmLZuLMtopzqkY/uGH4CA='; 1
default-src 'unsafe-inline' 'unsafe-eval' https: wss: data: blob:; frame-ancestors 'self'; report-uri https://www.evocagroup.com/en/report-uri/enforce 1
default-src 'self'; connect-src 'self' *.siteimprove.com https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://www.google-analytics.com https://www.googletagmanager.com https://matomo.agri.ee/ https://search.service.vportal.ee/v1/search/agri https://search.service.vportal.ee/v1/globalsearch/total https://form.service.vportal.ee/v1/ https://search.service.vportal.ee/v1/events/agri https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.rocket.chat https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://www.google.com/maps/d/embed https://public.tableau.com/views/Lennundus_kodulehele_16518542427600/Tituvusejaotus https://public.tableau.com/views/ATLmaakonnaliinidemahudjamuutuslbiaastate/Toetused https://public.tableau.com/views/ATLmaakonnaliinidemahudjamuutuslbiaastate/Muutus https://public.tableau.com/views/Peatustekasutus/Reisijatearvkaardil https://public.tableau.com/app/profile/transpordiamet/viz/SaaremaajaHiiumaapraamiliinidkodulehele/SaaremaajaHiiumaa https://public.tableau.com/views/SaaremaajaHiiumaapraamiliinidkodulehele/SaaremaajaHiiumaa https://xgis.maaamet.ee; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com https://www.googletagmanager.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com https://matomo.agri.ee/ 'unsafe-eval'; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://matomo.agri.ee/matomo.js cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src 'self' wss: https://www.google-analytics.com https://*.inbenta.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.azureedge.net https://project.woonmodule.nl https://*.pinimg.com https://*.pinrterest.com https://player.vimeo.com https://extend.vimeocdn.com https://www.google.com https://www.gstatic.com https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.go-mpulse.net https://optimize.google.com *.livechatinc.com *.cookiebot.com *.googletagmanager.com *.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.ytimg.com https://*.cookiebot.com https://*.pardot.com https://*.hotjar.com https://eu2.snoobi.eu https://snap.licdn.com https://connect.facebook.net https://static.ads-twitter.com https://www.google.com/pagead/ https://analytics.twitter.com https://sdk.inbenta.io https://tagmanager.google.com/; worker-src blob:; frame-src 'self' https://www.facebook.com https://player.vimeo.com https://www.google.com https://www.gstatic.com https://optimize.google.com https://*.livechatinc.com https://*.cookiebot.com https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.hotjar.com; img-src 'self' data: blob: mediastream: https://project.woonmodule.nl https://*.pinterest.com https://p.adsymptotic.com https://pi.pardot.com https://*.akstat.io https://www.linkedin.com https://optimize.google.com https://www.google.nl/pagead/ https://www.google.com/pagead/ https://cdn.livechatinc.com/ https://*.inbenta.io https://*.inbenta.com https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.gstatic.com https://t.co https://px.ads.linkedin.com https://www.facebook.com https://i.ytimg.com https://*.snoobi.eu https://*.blob.core.windows.net https://www.google-analytics.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://project.woonmodule.nl https://www.googletagmanager.com https://optimize.google.com https://sdk.inbenta.io https://tagmanager.google.com/ https://fonts.googleapis.com/; font-src 'self' data: https://fonts.gstatic.com https://cdn.inbenta.io https://script.hotjar.com https://fonts.gstatic.com https://cdn.inbenta.io; connect-src 'self' 'unsafe-inline' https://*.azureedge.net https://*.dynamics.com https://*.pinterest.com https://www.gstatic.com https://vimeo.com https://googleads.g.doubleclick.net/ https://consentcdn.cookiebot.com https://www.google.com https://*.googlesyndication.com https://*.akstat.io https://*.go-mpulse.net https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.inbenta.io https://*.google-analytics.com https://*.googleapis.com; 1
default-src 'self' *; base-uri 'self'; font-src 'self' https: data:; form-action http://*.enterprisedb.com http://enterprisedb.com http://enterprisedb.okta.com 'self'; frame-ancestors 'self'; img-src 'unsafe-inline' 'self' blob: data: *; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; script-src-attr 'unsafe-inline'; style-src 'unsafe-inline' 'self' *; upgrade-insecure-requests 1
connect-src     'self' https://*.clarity.ms/ https://adservice.google.com/ https://api.securemyemail.com https://frstre.com https://webadmin.witopia.com/api/ https://webadmin.witopia.com/graphql https://www.google-analytics.com https://www.google.com/ https://www.sjwoe.com ;        default-src     'self' https://w.cdn.witopia.com/ https://*.clarity.ms https://c.bing.com 'unsafe-inline' ;        font-src        'self' data: https://w.cdn.witopia.com https://fonts.gstatic.com data: ;        frame-src       'self' https://optimize.google.com https://td.doubleclick.net/ ;        img-src         'self' data: https://w.cdn.witopia.com https://*.bing.com/ https://*.clarity.ms https://fonts.gstatic.com/ https://googleads.g.doubleclick.net/ https://optimize.google.com https://ssl.gstatic.com https://www.google-analytics.com https://www.google.com/ https://www.googletagmanager.com https://www.gstatic.com ;        object-src      'none' ;        script-src      'self' 'unsafe-eval' 'unsafe-inline' https://script.tapfiliate.com https://tagmanager.google.com https://unpkg.com/ https://w.cdn.witopia.com https://www.clarity.ms/ https://www.google-analytics.com https://www.googleadservices.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.googletagmanager.com ;        style-src       'self' https://w.cdn.witopia.com 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://www.googletagmanager.com/ https://tagmanager.google.com ;        worker-src      https://www.witopia.com/ ; 1
frame-ancestors 'self' https://*.sfox.com; 1
frame-ancestors 'self' https://webbfiler.kommunal.se/ 1
default-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net www.google.com https://*.hotjar.com buttons-config.sharethis.com platform-cdn.sharethis.com maps.googleapis.com apps.mypurecloud.de *.cookiebot.com openfed.github.io connect.facebook.net https://*.arcgis.com; script-src-elem 'self' data: 'unsafe-inline' www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net www.google.com https://*.hotjar.com www.youtube.com platform-api.sharethis.com buttons-config.sharethis.com maps.googleapis.com apps.mypurecloud.de consent.cookiebot.com consentcdn.cookiebot.com connect.facebook.net https://*.arcgis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.hotjar.com https://*.mypurecloud.de https://*.euc1.pure.cloud https://*.arcgis.com; img-src 'self' data: media.ores.be media.umbraco.io platform-cdn.sharethis.com l.sharethis.com maps.gstatic.com maps.googleapis.com mapsresources-pa.googleapis.com www.googletagmanager.com https://*.doubleclick.net https://*.google.be imgsct.cookiebot.com openfed.github.io googleads.g.doubleclick.net www.google.com google.com https://*.hotjar.com www.facebook.com www.google-analytics.com www.google.be *.mypurecloud.de *.euc1.pure.cloud https://*.arcgis.com; font-src 'self' fonts.gstatic.com https://*.hotjar.com fonts.googleapis.com https://*.arcgis.com; connect-src 'self' media.ores.be l.sharethis.com ores-breakdownmapapi-prd.azurewebsites.net ores-addressesrepositoryapi-prd.azurewebsites.net maps.googleapis.com *.mypurecloud.de wss://webmessaging.mypurecloud.de ores-extranetapi-dev.azurewebsites.net ores-extranetapi-prd.azurewebsites.net consentcdn.cookiebot.com or-lz-web-np-01-euw-azfun-sd-cms-api-dev-01.azurewebsites.net or-lz-web-pd-01-euw-azfun-sd-cms-api-acc-01.azurewebsites.net or-lz-web-pd-01-euw-azfun-sd-cms-api-prd-01.azurewebsites.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com www.google.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.nr-data.net *.newrelic.com *.euc1.pure.cloud *.arcgis.com; object-src https://*.mypurecloud.de https://*.euc1.pure.cloud; child-src https://*.mypurecloud.de https://*.euc1.pure.cloud blob:; frame-src 'self' www.youtube.com *.mypurecloud.de *.hotjar.com *.cookiebot.com *.doubleclick.net; frame-ancestors 'self'; form-action 'self' 1
default-src 'self'; connect-src 'self' *.nr-data.net https://*.go-mpulse.net www.googletagmanager.com *.google-analytics.com https://*.akstat.io https://csp.withgoogle.com https://maps.googleapis.com *.nanorep.co *.nanorep.com *.monsido.com https://*.nr-data.net https://shyrka-prod-usw2.s3.us-west-2.amazonaws.com https://*.newrelic.com https://*.usw2.pure.cloud wss://*.usw2.pure.cloud *.weglot.com cdn-api-weglot.com *.qualtrics.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com; frame-src 'self' https://cse.google.com https://www.googletagmanager.com https://calendar.google.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.com *.tableau.com *.arcgis.com https://app.powerbi.us https://app.powerbigov.us https://*.usw2.pure.cloud *.qualtrics.com https://public.tableau.com https://iwddata.iwd.iowa.gov https://data.iowa.gov; img-src 'self' data: https: *.nr-data.net *.google.com www.googletagmanager.com *.qualtrics.com; object-src 'self' https://*.usw2.pure.cloud; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.nr-data.net https://*.go-mpulse.net https://cse.google.com https://googletagmanager.com https://js-agent.newrelic.com https://tagmanager.google.com https://www.google.com https://www.googletagmanager.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.com *.nanorep.co https://*.google.com https://*.newrelic.com https://*.usw2.pure.cloud *.weglot.com cdn-api-weglot.com *.qualtrics.com https://cdnjs.cloudflare.com https://unpkg.com public.tableau.com nonce-kJUMWBRghre1B4PnfNqzHw; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com *.google.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.co *.nanorep.com https://partner.googleadservices.com https://maps.googleapis.com https://*.usw2.pure.cloud *.weglot.com cdn-api-weglot.com https://js-agent.newrelic.com https://s.go-mpulse.net *.qualtrics.com https://cdnjs.cloudflare.com https://cse.google.com https://unpkg.com public.tableau.com; style-src 'self' 'unsafe-inline' *.google.com www.googletagmanager.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.co *.nanorep.com https://fonts.googleapis.com *.weglot.com cdn-api-weglot.com *.qualtrics.com cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
frame-src 'self' *.vocalcom.com *.google.com *.marketo.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.mktoresp.com px.ads.linkedin.com *.google.fr *.linkedin.com *.youtube-nocookie.com *.ytimg.com googleads.g.doubleclick.net static.doubleclick.net *.noembed.com cdn.plyr.io *.facebook.com *.wpml.org 1
default-src 'self' payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.de ws://127.0.0.1:35729 www.dr-gamringer.de augenallianz-test.dc-test.de;  script-src 'self' 'unsafe-eval' 'unsafe-inline' use.typekit.net www.googletagmanager.com www.google.com www.google-analytics.com www.gstatic.com maps.google.com maps.googleapis.com connect.facebook.net *.payments-amazon.com payments-de-sandbox.amazon.com tagmanager.google.com www.dr-gamringer.de augenallianz-test.dc-test.de;  style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com tagmanager.google.com www.dr-gamringer.de augenallianz-test.dc-test.de;  img-src 'self' data: p.typekit.net www.google-analytics.com *.googleapis.com maps.google.com *.cloudfront.net *.ssl-images-amazon.com *.ggpht.com *.gstatic.com img.youtube.com www.dr-gamringer.de augenallianz-test.dc-test.de;  font-src 'self' data: use.typekit.net fonts.gstatic.com www.dr-gamringer.de augenallianz-test.dc-test.de;  object-src 'self' www.dr-gamringer.de augenallianz-test.dc-test.de;  media-src 'self' www.dr-gamringer.de augenallianz-test.dc-test.de;  child-src 'self' payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.com www.computop-paygate.com staticxx.facebook.com www.facebook.com www.youtube.com *.payments-amazon.com api-cdn.amazon.com www.dr-gamringer.de augenallianz-test.dc-test.de;  form-action 'self' payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.com www.computop-paygate.com www.dr-gamringer.de augenallianz-test.dc-test.de;  frame-ancestors 'self' www.dr-gamringer.de augenallianz-test.dc-test.de;  connect-src 'self' ws://127.0.0.1:35729 performance.typekit.net www.google-analytics.com www.dr-gamringer.de augenallianz-test.dc-test.de; 1
frame-ancestors http://optimizer.com http://*.optimizer.com https://optimizer.com https://*.optimizer.com https://url.onlinebusiness.com 1
default-src 'self';frame-src 'none';frame-ancestors 'none';script-src 'self' statistiek.rijksoverheid.nl;frame-src 'none';frame-ancestors 'none';object-src 'self' 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com *.twimg.com platform.linkedin.com *.google-analytics.com youtube.com syndication.twitter.com s.ytimg.com publish.twitter.com platform.stumbleupon.com cdn.insight.sitefinity.com dec.azureedge.net munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com code.jquery.com *.cloudflare.com *.bootstrapcdn.com *.greenheck.com *.wistia.com https://www.googletagmanager.com fast.wistia.net https://az416426.vo.msecnd.net/ 'self' 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com *.twimg.com code.jquery.com cdn.insight.sitefinity.com dec.azureedge.net platform.twitter.com *.bootstrapcdn.com *.cloudflare.com fast.wistia.com 'self' 'unsafe-inline' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com pbs.twimg.com *.twimg.com data: blob: *.google-analytics.com delicious.com syndication.twitter.com static.licdn.com dec.azureedge.net *.insight.sitefinity.com *.dec.sitefinity.com platform.twitter.com *.eloqua.com track.hubspot.com ghsitefinitytesting.blob.core.windows.net *.valentair.com *.wistia.com *.akamaihd.net greenheck-microsites-cms-prod.azureedge.net fast.wistia.net https://content.innoventair.com/ 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.bootstrapcdn.com *.cloudflare.com *.valentair.com; frame-src *.google.com *.wistia.com 'self' web-chat.nativechat.com; connect-src accounts.google.com *.insight.sitefinity.com *.dec.sitefinity.com *.mktoresp.com *.greenheck.com *.wistia.com *.litix.io *.akamaihd.net fast.wistia.net https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://analytics.google.com/ https://az416426.vo.msecnd.net/ https://dc.services.visualstudio.com/ 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.wistia.com *.akamaihd.net *.innoventair.com; child-src apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com platform.twitter.com syndication.twitter.com youtube.com player.vimeo.com w.soundcloud.com google.com *.wistia.com localhost:49286 *.akamaihd.net *.valentair.com *.innoventair.com 'self' web-chat.nativechat.com 1
frame-ancestors 'self' https://*.fh-kaernten.at; upgrade-insecure-requests 1
frame-ancestors kink.com kinkmen.com mrman-kink.com mrskin-kink.com twistedfactory.com 1
default-src 'self' 'unsafe-inline' https://www.youtube.com https://player.vimeo.com https://*.harvest.fr https://fonts.googleapis.com www.google.fr www.googletagmanager.com analytics.google.com www.google-analytics.com fonts.gstatic.com vars.hotjar.com in.hotjar.com px.ads.linkedin.com connect.facebook.net stats.g.doubleclick.net unpkg.com secure.gravatar.com player.ausha.co s.w.org ps.w.org https://challenges.cloudflare.com *.harvest-r7.fr data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.harvest.fr www.google.com www.googletagmanager.com www.google-analytics.com https://www.gstatic.com googleads.g.doubleclick.net script.hotjar.com static.hotjar.com code.jquery.com maps.googleapis.com snap.licdn.com pi.pardot.com connect.facebook.net unpkg.com static.addtoany.com ps.w.org https://challenges.cloudflare.com; frame-ancestors 'self' https://*.harvest.fr *.harvest-r7.fr 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.everestglobal.com vimeo.com www.google-analytics.com wss://ws.hotjar.com *.hotjar.com *.hotjar.io everest2023tf.q4web.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.google.com/recaptcha/ ajax.googleapis.com www.gstatic.com/recaptcha/ benalman.com polyfill.io gateway.zscalertwo.net vimeo.com static.hotjar.com script.hotjar.com s202.q4cdn.com;img-src 'self' https://*.everestglobal.com i.vimeocdn.com gateway.zscalertwo.net www.googletagmanager.com www.google-analytics.com data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com ajax.googleapis.com/ajax/;font-src 'self' 'unsafe-inline' fonts.gstatic.com; form-action 'self'; frame-src 'self' mailto: tel: https://*.everestnational.com enwebt2.everestre.net www.google.com player.vimeo.com *.zscalertwo.net everest2023tf.q4web.com login.microsoftonline.com; 1
base-uri 'self';default-src 'self';object-src 'self';frame-ancestors 'self';style-src 'self' 'unsafe-inline' https://*.google.com http://*.googleapis.com https://*.googleapis.com;font-src 'self' data:;img-src 'self' data: blob: https:;script-src 'self' https://*.mollie.com https://*.adyen.com https://*.bing.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://icu.cv.nl https://*.tapfiliate.com https://*.cookiebot.com https://appleid.cdn-apple.com https://*.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://*.clarity.ms 'nonce-d-2706b87e-3765-4a9c-a5f2-da1451b4ee48' 'nonce-g-34ad938a-3643-4479-96e0-693a0fbc5e81' 'nonce-b-177c42ea-9203-4fc8-acb2-3061bffc773e' 'nonce-s-f3067f21-b6f8-488e-acf5-3a083f34064b';child-src 'self' data: https:;frame-src 'self' data: https:;connect-src 'self' https://*.mollie.com https://*.adyen.com https://*.bing.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://icu.cv.nl https://*.tapfiliate.com https://*.cookiebot.com https://appleid.cdn-apple.com https://*.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://*.clarity.ms https://*.google-analytics.com https://*.doubleclick.net https://frstre.com https://*.linkedin.oribi.io; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pghub.io cdn.cookielaw.org *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' https://cdn.cookielaw.org images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' *.adsrvr.org *.doubleclick.net *.jebbit.com consumersupport.pg.com servedby.flashtalking.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com feed.pghub.io pandg.tapad.com ; manifest-src * ; 1
frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mktoweb.com https://customer.cludo.com https://cdn.cookielaw.org https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://m.youtube.com https://www.youtube.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' *.mktoweb.com customer.cludo.com fonts.googleapis.com privacyportal-cdn.onetrust.com;object-src 'none';frame-src 'self' *.media-server.com *.mktoweb.com *.youtube.com solutions.vwdservices.com www.youtube-nocookie.com;child-src 'self' www.youtube.com;img-src 'self' data: *.cludo.com *.mktoweb.com *.ytimg.com *.youtube.com *.core.windows.net *.globenewswire.com cdn.cookielaw.org fonts.gstatic.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com privacyportal-cdn.onetrust.com customer.cludo.com;connect-src 'self' *.mktoweb.com *.cludo.com *.onetrust.com cdn.cookielaw.org fonts.googleapis.com fonts.gstatic.com;manifest-src 'self';base-uri 'self';form-action 'self';media-src 'self'; 1
frame-ancestors gamearena.gg; 1
frame-ancestors 'self';frame-src 'self' https://www.facebook.com https://www.googletagmanager.com/ https://player.vimeo.com https://tpc.googlesyndication.com https://optimize.google.com; 1
default-src * 'self' data:; style-src 'self' 'unsafe-inline' https://*.googleapis.com; script-src 'self' https://*.google.com https://*.gstatic.com https://*.googleapis.com; 1
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://chat-static.kasastefczyka.pl; connect-src 'self' https://*.googleapis.com https://*.gstatic.com https://region1.analytics.google.com https://*.google-analytics.com https://*.bik.pl https://stats.g.doubleclick.net https://csmetrics.hotjar.com wss://ws.hotjar.com https://*.hotjar.io https://chat-static.kasastefczyka.pl https://chat-rail-preview.kasastefczyka.pl https://chat-rail-webfront.kasastefczyka.pl https://chat-rail-webfront.kasastefczyka.pl/* https://*.chat-rail-webfront.kasastefczyka.pl; frame-src 'self' https://youtube.com https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://signin.kontomatik.com https://www.googletagmanager.com https://*.googletagmanager.com https://8834209.fls.doubleclick.net https://td.doubleclick.net https://chat-static.kasastefczyka.pl https://chat-static.kasastefczyka.pl/; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://www.googletagmanager.com https://www.google.com https://*.google-analytics.com https://unpkg.com https://*.kasastefczyka.pl https://signin.kontomatik.com https://code.jquery.com https://netdna.bootstrapcdn.com https://static.hotjar.com https://connect.facebook.net https://script.hotjar.com; default-src 'self'; img-src 'self' https://cdn.bsbox.pl https://*.google.com https://*.googleapis.com https://www.googletagmanager.com https://google.pl https://*.google.pl https://*.gstatic.com https://*.amazonaws.com https://www.gravatar.com https://i.ytimg.com https://www.facebook.com https://*.google-analytics.com https://ad.doubleclick.net blob: data: 1
default-src 'self' data: blob: *.braintree-api.com *.braintreegateway.com *.jquery.com *.mbsquoteline.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.braintreegateway.com *.jquery.com *.googleapis.com *.google.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.formstack.com *.facebook.net; 1
default-src 'self';connect-src 'self' https: https://*.stripe.com https://*.ilek.tech https://*.ilek.fr https://*.herokuapp.com/api https://cdn.lr-in-prod.com https://cdn.rudderlabs.com https://api.rudderlabs.com https://ilekdataycos.dataplane.rudderstack.com https://cdn.segment.com https://api.segment.io https://*.cloudfront.net/ https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io/ wss://nexus-websocket-a.intercom.io/ https://uploads.intercomcdn.com https://www.google.com/pagead/ https://www.google-analytics.com/ https://googleads.g.doubleclick.net/ https://region1.google-analytics.com/ https://lm.serving-sys.com/ https://bs.serving-sys.com/ https://secure-ds.serving-sys.com/ wss://*.hotjar.com https://api.privacy-center.org/v1/events https://widget.trustpilot.com/;form-action 'self' https://www.facebook.com https://*.helpdocs.io/;frame-src 'self' https://calendly.com/ https://*.stripe.com https://gum.criteo.com/ https://vars.hotjar.com/ https://intercom-sheets.com https://www.intercom-reporting.com https://player.vimeo.com https://fast.wistia.net https://player.ausha.co https://*.dailymotion.com https://www.youtube.com https://www.facebook.com https://airtable.com/ https://*.gist.build https://widget.trustpilot.com/ https://*.cloudfront.net/;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: https://*.cloudfront.net/ https://*.stripe.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.rudderlabs.com https://api.rudderlabs.com https://ilekdataycos.dataplane.rudderstack.com https://cdn.segment.com https://api.segment.io https://cdn.lr-in-prod.com https://*.ilek.tech https://*.ilek.fr https://*.herokuapp.com/api https://lm.serving-sys.com/ https://bs.serving-sys.com/ https://secure-ds.serving-sys.com/ https://static.criteo.net/ https://sslwidget.criteo.net/ https://sslwidget.criteo.com/ https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://vars.hotjar.com wss://ws18.hotjar.com https://sdk.privacy-center.org https://cdn.ravenjs.com https://widget.trustpilot.com https://u.logbor.com/ https://snap.licdn.com/ https://bat.bing.com/ https://www.clarity.ms/ https://widget.trustpilot.com/;media-src https://*.cloudfront.net/ https://ilek.s3.eu-central-1.amazonaws.com/ https://js.intercomcdn.com/;img-src 'self' data: https: https://*.cloudfront.net/ https://*.stripe.com https://purecatamphetamine.github.io https://ilek.s3.eu-central-1.amazonaws.com/ https://pubads.g.doubleclick.net/ https://px.ads.linkedin.com/ https://bat.bing.com/ https://www.facebook.com https://widget.trustpilot.com/ https://s.thebrighttag.com https://beacon.krxd.net https://dpm.demdex.net https://r.casalemedia.com https://dis.criteo.com/ https://ups.analytics.yahoo.com https://ad.360yield.com https://ib.adnxs.com https://x.bidswitch.net https://cm.g.doubleclick.net https://ad.yieldlab.net https://sync-t1.taboola.com https://match.sharethrough.com https://pixel.rubiconproject.com https://sync.outbrain.com https://exchange.mediavine.com https://sync-criteo.ads.yieldmo.com https://criteo-partners.tremorhub.com https://visitor.omnitagjs.com https://eb2.3lift.com https://criteo-sync.teads.tv https://rtb-csync.smartadserver.com https://simage2.pubmatic.com https://contextual.media.net https://matching.ivitrack.com https://cm.adform.net;font-src 'self' https://*.ilek.fr data: https://*.cloudfront.net/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.intercomcdn.com/ https://*.helpdocs.io/;style-src 'self' https: https://*.cloudfront.net/ 'unsafe-inline';manifest-src 'self' https: https://*.cloudfront.net/ 'unsafe-inline';script-src-attr 'unsafe-inline';base-uri 'self';frame-ancestors 'self';object-src 'none';upgrade-insecure-requests 1
default-src 'self'            http://localhost:*            ws://localhost:*           https://www.google-analytics.com           https://secure.livechatinc.com           https://api.livechatinc.com           https://www.youtube.com;         style-src   'self'           'unsafe-inline'           https://cdn.livechatinc.com           https://cdn.jsdelivr.net           https://cdnjs.cloudflare.com           https://use.fontawesome.com           https://fonts.googleapis.com           ;        img-src 'self'          https://lender.ihfa.org          data:;        font-src 'self'            https://fonts.gstatic.com           https://use.fontawesome.com           https://cdnjs.cloudflare.com           ;        script-src  'self'           http://localhost:*           https://www.gstatic.com           https://www.googletagmanager.com           https://www.google.com           https://youtube.com           https://www.youtube.com           https://ajax.googleapis.com           https://googleads.g.doubleclick.net/           https://static.doubleclick.net/instream           https://cdnjs.cloudflare.com           https://maxcdn.bootstrapcdn.com           https://cdn.jsdelivr.net           https://cdn.livechatinc.com           https://api.livechatinc.com;        form-action 'self';        frame-ancestors 'none';        frame-src 'self'           https://www.google.com/           https://youtube.com           https://www.youtube.com           https://secure.livechatinc.com/           https://googleads.g.doubleclick.net/; 1
base-uri  'none'; default-src  'none'; script-src  'self'  https://cdn.fanflix.co  https://connect.facebook.net  https://www.googletagmanager.com  https://static.klaviyo.com/onsite/  https://static-tracking.klaviyo.com/onsite/  'unsafe-inline'  'nonce-6b+jOjXWzV7MeEsM'  'strict-dynamic'; style-src  'self'  'unsafe-inline'  https://cdn.fanflix.co  https://fonts.googleapis.com  https://accounts.google.com/gsi/style; frame-src  https://accounts.google.com; frame-ancestors  'self'; manifest-src  'self'  https://cdn.fanflix.co; img-src  'self'  https://cdn.fanflix.co  https://mdeo.imgix.net  https://fanflix.imgix.net  https://www.facebook.com/tr/  https://www.facebook.com/privacy_sandbox/pixel/  https://www.google-analytics.com  https://www.google.com/pagead/; font-src  data:  https://fonts.gstatic.com; connect-src  'self'  https://fonts.googleapis.com/css  https://www.facebook.com/platform/  https://www.facebook.com/tr/  https://*.google-analytics.com  https://*.klaviyo.com; 1
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://code.jquery.com http://cdn.ckeditor.com https://www.hitwebcounter.com/ http://www.hitwebcounter.com/ https://drive.google.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://cdn.ckeditor.com https://www.hitwebcounter.com/ http://www.hitwebcounter.com/ https://drive.google.com/; font-src 'self' https://fonts.gstatic.com; frame-src https://www.youtube.com/ 'self' http://iitjammu.ac.in https://www.iitjammu.ac.in https://www.facebook.com https://drive.google.com/ http://www.youtube.com/ https://beta.iitjammu.ac.in https://us14.campaign-archive.com/?u=1ea5a80e32cc85f1764ba4096&id=a8f67da3c5; connect-src alpha.iitjammu.ac.in 10.10.10.100 http://10.10.10.100 iitjammu.ac.in http://iitjammu.ac.in https://iitjammu.ac.in https://www.iitjammu.ac.in https://beta.iitjammu.ac.in http://10.10.10.6; img-src http://cdn.ckeditor.com https://www.hitwebcounter.com/ http://www.hitwebcounter.com/ http://iitjammu.ac.in https://iitjammu.ac.in https://www.iitjammu.ac.in https://hitwebcounter.com/counter/counter.php?page=7840813&style=0006&nbdigits=6&type=ip&initCount=898 https://drive.google.com/ https://beta.iitjammu.ac.in https://us14.campaign-archive.com/?u=1ea5a80e32cc85f1764ba4096&id=a8f67da3c5 1
default-src 'self' blob:; script-src 'self' 'nonce-DBNm7R5qts050EF0PET02cfxE8A9ZsEg860TXN7PToE=' blob: 'unsafe-eval' *.quantserve.com *.quantserve.com/ secure.quantserve.com/quant.js *.teamtailor-cdn.com *.googleapis.com *.postescanada-canadapost.ca *.googletagmanager.com *.googletagmanager.com/ *.sitesearch360.com *.sitesearch360.com/ *.google.com https://cdnjs.cloudflare.com/ajax/libs/popper.js/ https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/js/ *.paysafe.com https://www.google-analytics.com *.gstatic.com/recaptcha/releases/ *.hotjar.com *.hotjar.com/ https://www.smartsurvey.co.uk *.facebook.net/ *.newrelic.com *.newrelic.com/ *.quantcount.com *.quantcount.com/ *.cloudflareinsights.com *.cloudflareinsights.com/ *.googleadservices.com *.nr-data.net *.googlesyndication.com *.opendns.com *.opendns.com/ gateway.id.swg.umbrella.com/ cdn.jsdelivr.net/gh/jfeltkamp/cookiesjsr@1/ *.visualwebsiteoptimizer.com/ app.vwo.com 'sha256-Dj1KvV407y0kXtkO8zlK+Ro6I5G3tqKSDtqGGl7LTDo=' 'sha256-5v1AAxcO7RhxW12aExIEXjnCU/W0WEzouDQbxi/Z7W0='; object-src 'none'; style-src 'self' 'unsafe-inline' *.fontawesome.com *.fontawesome.com/ *.postescanada-canadapost.ca *.postescanada-canadapost.ca/css/ *.googleapis.com gateway.id.swg.umbrella.com/ *.visualwebsiteoptimizer.com app.vwo.com; img-src 'self' data: * *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com; frame-src 'self' https://www.google.com *.paysafe.com *.doubleclick.net https://www.smartsurvey.co.uk https://embed.acast.com *.umbrella.com *.googlesyndication.com *.googletagmanager.com *.opendns.com *.opendns.com/ forms.office.com/ www.youtube.com/ app.vwo.com *.visualwebsiteoptimizer.com; font-src 'self' data: https://use.fontawesome.com *.gstatic.com/; connect-src 'self' https://maps.googleapis.com *.paysafe.com *.sitesearch360.com  https://www.google-analytics.com *.doubleclick.net *.g.doubleclick.net/ *.hotjar.io *.adservice.google.com *.teamtailor.com/ *.quantcount.com *.quantcount.com/ *.google-analytics.com *.vc.hotjar.io *.google.com *.nr-data.net *.hotjar.com *.hotjar.com/ *.postescanada-canadapost.ca wss://ws.hotjar.com/api/v2/client/ws gateway.id.swg.umbrella.com/ *.visualwebsiteoptimizer.com app.vwo.com; report-uri /report-csp-violation; base-uri 'self'; 1
script-src 'self' 'unsafe-eval' blob: https://*.dcube.cloud https://assets.adobedtm.com/ https://*.wogaa.sg https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://tagmanager.google.com https://www.youtube.com https://connect.facebook.net https://webchat.vica.gov.sg https://api.search.gov.sg https://www.search.gov.sg https://cdn.jsdelivr.net/npm/@govtechsg/sgds-web-component/Masthead/index.js;child-src 'self' blob: https://www.google.com https://www.youtube.com https://www.search.gov.sg;object-src 'none';base-uri 'none'; 1
default-src 'self' *; media-src 'self' * blob:; style-src 'self' * 'unsafe-inline' data:; connect-src 'self' * wss:; img-src * data: android-webview-video-poster:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' * blob:; frame-src 'self' * gsa://onpageload command://event webpagecontroller://complete callback://https webviewprogress:; 1
default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' *.webvisor.com metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr 1
script-src 'unsafe-inline' 'unsafe-eval' *; 1
frame-ancestors 'self'; frame-src 'self' www.google.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com www.google.com www.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com www.google.com www.gstatic.com; img-src * data:; upgrade-insecure-requests; 1
default-src  'self' *.google-analytics.com *.googleapis.com yoast.com *.upt.pt; img-src      'self' *.elemailer.com elemailer.com *.wpmet.com *.uportu.pt *.w.org *.ytimg.com *.gravatar.com *.gstatic.com *.googleapis.com *.upt.pt data: http://*.upt.pt blob: *.upt.pt;  img-src      'self' 'unsafe-inline' 'unsafe-eval' data: *.elemailer.com elemailer.com *.printfriendly.com *.w.org *.gravatar.com *.vimeocdn.com *.gstatic.com *.google.com *.googleapis.com *.upt.pt *.uportu.pt;  script-src   'self' *.googletagmanager.com *.jquery.com 'unsafe-inline' 'unsafe-eval' *.twitter.com *.w.org *.gravatar.com *.googleapis.com *.jsdelivr.net *.printfriendly.com *.kxcdn.com *.vimeocdn.com *.hs-analytics.net *.securitymetrics.com *.google-analytics.com *.cloudflare.com developers.google.com recaptcha.google.com *.google.com *.gstatic.com *.youtube.com *.upt.pt;  style-src    'self' *.cloudflare.com 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.jquery.com *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.vimeocdn.com *.jsdelivr.net *.fontawesome.com *.upt.pt;  font-src     'self' 'unsafe-inline' 'unsafe-eval' data: *.sharepointonline.com *.cloudflare.com *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com *.jsdelivr.net *.fontawesome.com *.upt.pt;  frame-src    'self' wordpress.org *.hubspot.com *.hsappstatic.net *.doubleclick.com *.facebook.com *.vimeocdn.com *.vimeo.com *.youtube.com leap13.github.io *.google.com *.gstatic.com *.upt.pt; object-src   'self' ;  1
frame-ancestors 'self';object-src 'none';img-src * data:;script-src https://accounts.google.com/gsi/client https://*.googleapis.com *.filae.com *.genealogie.com 'unsafe-eval' 'unsafe-inline' blob: data: 'self' https://tpc.googlesyndication.com https://*.doubleclick.net https://*.google.com https://*.googletagmanager.com https://connect.facebook.net https://bat.bing.com https://www.googleadservices.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://www.gstatic.com https://*.googleapis.com https://code.jquery.com https://platform.twitter.com https://cdnjs.cloudflare.com https://unpkg.com https://*.cookiebot.com https://cdn.jsdelivr.net/ https://*.payzen.eu https://u.heatmap.it https://*.hotjar.com https://ads.rubiconproject.com https://www.clarity.ms; 1
default-src=* 1
frame-ancestors 'self' levelone.com *.levelone.com www.realpage.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-src 'self' analytics.google.com www.google-analytics.com stats.g.doubleclick.net jobs.htcinc.com; img-src 'self' data: *; font-src 'self' data: *; object-src 'self'; media-src 'self'; child-src 'self'; frame-src 'self' www.google.com www.recaptcha.net securityscorecard.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; form-action 'self'; frame-ancestors 'self'; 1
img-src * data:; script-src  'self' 'unsafe-eval' 'unsafe-inline' http://www.google-analytics.com https://www.google.com https://www.gstatic.com https://js-agent.newrelic.com https://www.googletagmanager.com/gtm.js https://bam.nr-data.net https://tagmanager.google.com/debug https://tagmanager.google.com/debug/css.css https://tagmanager.google.com/debug/angular-bundle.js https://cdn.polyfill.io/ https://maxcdn.bootstrapcdn.com/ https://ajax.googleapis.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com;  style-src  'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/; font-src 'self' https://fonts.gstatic.com; frame-src *; child-src 'self' https://prtest.paymentsradius.com; default-src 'self'; connect-src 'self'  https://*.radiusone.com/ https://d3ua4cgpi6lo9y.cloudfront.net https://*.highradius.com/ https://www.google-analytics.com/; frame-ancestors 'self' https://*.radiusone.com/ https://*.highradius.com/; 1
default-src 'self' https://www.privatesportshop.de; connect-src 'self' https://www.privatesportshop.de https://m.sportpursuit.com https://raven.privatesportshop.de https://api.sportpursuit.com https://*.elev.io https://*.amazon.com https://*.amazon.co.uk https://capture.trackjs.com https://*.facebook.com https://*.facebook.net https://*.doubleclick.net https://*.google.com https://*.postcodeanywhere.co.uk https://*.iubenda.com https://*.dixa.io wss://*.dixa.io https://cdn.polyfill.io https://sentry.io https://trustbadge.api.etrusted.com https://shops-si.trustedshops.com https://*.taboola.com https://bat.bing.com https://in.requestmetrics.com https://*.addressy.com https://*.scarabresearch.com https://*.googlesyndication.com https://*.logbor.com https://cdn.jsdelivr.net/gh/TimeOne-Group/isdk@latest/dist/isdk.min.js https://tracking.publicidees.com https://binel.hunkal.com https://*.creativecdn.com https://*.time1.me https://*.lacmp.net https://analytics.optimalpeople.fr https://analytics.tiktok.com https://*.imgstatics.com https://*.gsitrix.com; font-src 'self' https://images1.sportpursuit.info https://images2.sportpursuit.info https://images3.sportpursuit.info https://images4.sportpursuit.info https://*.elev.io https://fonts.gstatic.com https://widgets.trustedshops.com https://*.dixa.io; frame-src https://*.amazon.co.uk https://*.elev.io https://*.amazon.com https://*.payments-amazon.com https://www.googletagmanager.com https://staticxx.facebook.com https://www.facebook.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com https://widget.trustpilot.com https://player.vimeo.com https://*.doubleclick.net https://*.dcmn.io https://*.googlesyndication.com https://*.iubenda.com https://iubenda.mgr.consensu.org/ https://accounts.google.com https://*.publicidees.com https://ams.creativecdn.com https://ad.ad-srv.net/ https://*.redintelligence.net/ https://*.tradedoubler.com; media-src 'self' https://images1.sportpursuit.info https://images2.sportpursuit.info https://images3.sportpursuit.info https://images4.sportpursuit.info https://*.dixa.io/; form-action https://www.privatesportshop.de https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://trc.taboola.com https://*.amazon.co.uk https://*.amazon.de https://*.amazon.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' https://m.sportpursuit.com https://*.scarabresearch.com https://s.ytimg.com https://www.youtube.com/ https://cdn.elev.io https://googleads.g.doubleclick.net https://www.google.com/pagead/conversion_async.js https://www.googleadservices.com https://*.payments-amazon.com https://*.amazon.com https://www.googletagmanager.com https://connect.facebook.net https://www.sc.pages05.net https://platform.twitter.com https://widget.trustpilot.com https://*.dcmn.io https://*.googlesyndication.com https://*.googleapis.com https://apis.google.com https://*.postcodeanywhere.co.uk https://tagmanager.google.com https://*.iubenda.com https://bat.bing.com https://*.dixa.io https://cdn.polyfill.io https://sentry.io https://widgets.trustedshops.com https://cdn.taboola.com https://trc.taboola.com https://app.storyblok.com https://accounts.google.com data: https://*.logbor.com https://cdn.jsdelivr.net/gh/TimeOne-Group/isdk@latest/dist/isdk.min.js https://tracking.publicidees.com https://binel.hunkal.com https://*.creativecdn.com https://*.time1.me https://analytics.optimalpeople.fr https://pixel.adensemble.com https://s.retargeted.co https://cdn.mndtrk.com https://*.stylight.net https://*.lacmp.net https://*.tradedoubler.com https://analytics.tiktok.com https://*.gsitrix.com; style-src 'self' 'unsafe-inline' https://*.payments-amazon.com https://fonts.googleapis.com https://*.postcodeanywhere.co.uk https://tagmanager.google.com https://*.iubenda.com https://widgets.trustedshops.com https://accounts.google.com https://accounts.google.com; object-src 'none'; upgrade-insecure-requests; 1
base-uri 'none'; style-src 'self' *.cassiecloud.com *.googleapis.com 'unsafe-inline' https://cscript-cdn-use.lilly.com/templates/2/template.min.css *.lillytempo.com *.kisunla.com https://d1ltrl2zzo6l3e.cloudfront.net/public/syrenis-cookie-management.css https://d3gnk5748ud580.cloudfront.net/public/syrenis-cookie-management.css https://dscrutpyu4zff.cloudfront.net/public/syrenis-cookie-management.css; script-src 'nonce-SB3F2SWjSOsyim0CgJ5PEg=='  'sha256-QMXE5IQeLfDDSr1ccvO9EwGUMDeLdC35hS15iCi/ipw='  'self' 'strict-dynamic' 'unsafe-eval' *.kaltura.com/ *.cassiecloud.com *.googletagmanager.com https://google-analytics.com *.google-analytics.com *.bing.com https://connect.facebook.net https://lilly-customerconnect.secure.force.com https://customerconnect.my.salesforce-sites.com https://ispot.tv *.turn.com *.myadvocado.com *.doubleclick.net *.analytics.yahoo.com *.google.com https://facebook.com *.salesforceliveagent.com *.youtube.com *.ytimg.com *.gstatic.com *.googlevideo.com blob: http://d22xmn10vbouk4.cloudfront.net *.googleapis.com assets.adobedtm.com assets.ctfassets.net *.kisunla.com 'nonce-Q+3SsP/nT1Qb9DtwRm8EbA==' *.soundcloud.com *.recaptcha.net 'sha256-uMkuBZ4FQVVBqzs6NHOoGr/1vOLA1h9acPURz3E39HA=' 'sha256-9VDmhXS8/iybLLyD3tql7v7NU5hn5+qvu9RRG41mugM=' 'sha256-tempUn1btibnrWwQxEk37lMGV1Nf8FO/GXxNhLEsPdg=' 'sha256-YvYJ5WVzt8kOVVuSB9YcyVJLN4a6HcbOgQpzrg0BLUI=' https://clientapi.gcs-web.com https://d22xmn10vbouk4.cloudfront.net https://servicesplatform.partneringplace.com https://forms.office.com bugcrowd.com *.lilly.com tags.tiqcdn.com pc-lilly-visitor-service-us-west-2.tealiumiq.com https://d1ltrl2zzo6l3e.cloudfront.net/public/syrenis-cookie-management.js https://d3gnk5748ud580.cloudfront.net/public/syrenis-cookie-management.js https://dscrutpyu4zff.cloudfront.net/public/syrenis-cookie-management.js; object-src 'none'; frame-src *.doubleclick.net/ *.myadvocado.com/ *.lillytempo.com *.lillycares.com *.lillyoncologysupport.com *.lillyloxooncologypipeline.com *.lillydirect.com *.lrlscience.com *.syrenis.com *.taltz.com *.olumiant.com *.verzenio.com *.omvoh.com *.true.lilly *.tap.lilly *.together.lilly *.certuitad.com *.lilly.com *.enrollment.taltz.com *.enrollment.olumiant.com *.enrollment.verzenio.com *.enrollment.omvoh.com *.kisunla.com *.rlcdn.com *.youtube.com *.soundcloud.com *.google.com *.facebook.com *.spotify.com *.simplecast.com *.recaptcha.net https://servicesplatform.partneringplace.com https://forms.office.com *.kaltura.com/ bugcrowd.com di.rlcdn.com 1
frame-ancestors https://*.ionos.com https://*.ionos.at https://*.ionos.co.uk https://*.ionos.de https://*.ionos.es https://*.ionos.fr https://*.ionos.it https://*.ionos.ca https://*.ionos.mx https://*.ionos.us https://*.website-editor.net https://*.mywebsite-editor.com www.toutapprendre.com 1
default-src 'self'; script-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; worker-src 'none'; font-src 'self'; connect-src 'self'; media-src 'self'; manifest-src 'self'; base-uri 'self'; form-action 'self'; frame-src 'none'; 1
default-src 'self' data: *.zdassets.com ppq.zendesk.com ws: *.zopim.com *.ppq.com.au *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.com *.trackedlink.net *.trackedweb.net *.clarity.ms *.doubleclick.net *.google.com.au *.youtube.com *.cloudfront.net *.adsrvr.org *.quantcast.com *.quantcount.com *.quantserve.com *.quantserve.net *.adswizz.com *.tiqcdn.com deploytealium.com *.tealiumiq.com *.linkedin.com *.licdn.com https://*.yieldify.com https://*.yieldify-production.com fonts.googleapis.com https://*.flashtalking.com https://*.teads.tv *.taboola.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ppq.com.au personalisedplatesqld.atlassian.net *.cloudfront.net *.zdassets.com *.gstatic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.com *.trackedlink.net *.trackedweb.net *.clarity.ms *.doubleclick.net ppq.zendesk.com *.zopim.com connect.facebook.net *.youtube.com *.adsrvr.org *.quantcast.com *.quantcount.com *.quantserve.com *.quantserve.net *.adswizz.com *.tiqcdn.com deploytealium.com *.tealiumiq.com *.linkedin.com *.licdn.com https://*.yieldify.com https://*.flashtalking.com https://*.teads.tv *.taboola.com; child-src *.cloudfront.net *.ppq.com.au *.google.com personalisedplatesqld.atlassian.net *.youtube.com *.doubleclick.net *.adsrvr.org https://*.yieldify.com https://*.flashtalking.com 'about:blank'; style-src 'self' 'unsafe-inline' *.ppq.com.au *.cloudfront.net https://*.yieldify-production.com fonts.gstatic.com fonts.googleapis.com https://*.flashtalking.com; font-src 'self' *.ppq.com.au https://*.yieldify-production.com fonts.gstatic.com fonts.googleapis.com https://*.flashtalking.com; worker-src 'self' *.ppq.com.au blob:; 1
report-uri https://www.yelp.com/csp_block?id=6a61e573fc257e6c&page=enforced_by_default_directives&policy_hash=4a31667603ab2e38c60aeeb09daa5097&site=www&timestamp=1721957240; object-src 'self'; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; font-src 'self' data: https: 1
frame-ancestors 'self' https://stgweb.umang.gov.in https://web.umang.gov.in; 1
default-src 'self' 'nonce-nvBq3TQgZdQkTmXz' https://*.usebeacon.app; frame-src 'self' https://player.vimeo.com; style-src 'self' 'nonce-nvBq3TQgZdQkTmXz'; script-src 'self' 'nonce-nvBq3TQgZdQkTmXz'; font-src 'self'; object-src 'none'; connect-src 'self' https://*.usebeacon.app https://api.nitrado.net; base-uri 'self'; sandbox allow-forms allow-same-origin allow-scripts allow-downloads allow-popups; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.googletagmanager.com https://servedby.ceramicartsnetwork.org www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://unpkg.com *.wistia.com embedwistia-a.akamaihd.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com use.fontawesome.com https://unpkg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com use.fontawesome.com data:; img-src 'self' https://static.ceramicartsnetwork.org https://servedby.ceramicartsnetwork.org *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com placeimg.com *.wistia.com embedwistia-a.akamaihd.net picsum.photos *.picsum.photos https://ceramicartsnetwork.org/images/default-source/shop-product-images/; media-src 'self' data: blob: *.wistia.com embedwistia-a.akamaihd.net; child-src 'self' blob: https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.wistia.com embedwistia-a.akamaihd.net; connect-src 'self' accounts.google.com https://servedby.ceramicartsnetwork.org *.doubleclick.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.wistia.com *.litix.io embedwistia-a.akamaihd.net; 1
frame-ancestors 'self' https://website-justlease-it-api.xtl.nl 1
frame-ancestors 'self' https://secure.quantumgateway.com; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com/recaptcha/ *.google.com/recaptcha/api.js *.google-analytics.com connect.facebook.net; frame-src 'self' maps.google.com www.google.com *.youtube.com *.youtube-nocookie.com www.facebook.com; img-src 'self' data: maps.gstatic.com *.googleapis.com *.ggpht; script-src-elem 'self' 'unsafe-inline' *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.facebook.net *.youtube.com *.youtube-nocookie.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri https://secure.wonderline.eu/reports/csp/ 1
default-src ws: data: 'self' 'unsafe-inline' 'unsafe-eval' *.pobeda.aero *.flypobeda.ru www.youtube.com mc.yandex.ru mc.yandex.com captcha-api.yandex.ru yastatic.net smartcaptcha.yandexcloud.net vk.com *.tripster.ru *.mail.ru; frame-ancestors 'self' https://*.yandex.ru https://*.webvisor.com 1
frame-ancestors https://app.reskyt.com https://app.deporvillage.net 1
frame-ancestors 'self' https://www.sopula.com http://*.sopula.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://polyfill.io https://www.googletagmanager.com https://static.hotjar.com https://www.google-analytics.com https://connect.facebook.net https://script.hotjar.com https://embedsocial.com https://tagmanager.google.com https://www.autouncle.se https://optimize.google.com https://wds.callguide.telia.com https://wds.ace.teliacompany.com https://holmgrens-bil.humany.net https://holmgrensbil.cust.se.phyron.com https://holmgrensweb.azureedge.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://cdn.tiny.cloud https://snap.licdn.com https://chimpstatic.com https://downloads.mailchimp.com https://*.list-manage.com https://www.googleoptimize.com https://holmgrensweb-hwchezh3hsakbyh4.z01.azurefd.net https://cdn.holmgrensbil.se https://sfxway.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com;object-src 'self';style-src 'self' 'unsafe-inline' https://embedsocial.com https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://wds.callguide.telia.com https://wds.ace.teliacompany.com https://holmgrens-bil.humany.net https://assets.autouncle.com https://cdn.tiny.cloud https://cdn-images.mailchimp.com https://holmgrensweb.azureedge.net https://holmgrensweb-hwchezh3hsakbyh4.z01.azurefd.net https://cdn.holmgrensbil.se;img-src 'self' https://static.holmgrensbil.se data: https://maps.googleapis.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://www.google.com https://www.google.se https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com http://kabeadriacenter.se https://wds.callguide.telia.com https://wds.ace.teliacompany.com https://api.eontyre.com http://api.eontyre.com https://assets.autouncle.com https://holmgrensbil.cust.se.phyron.com https://holmgrensstatic.azureedge.net https://holmgrensweb.azureedge.net https://fonts.gstatic.com https://sp.tinymce.com https://px.ads.linkedin.com https://www.linkedin.com https://script.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://holmgrensweb-hwchezh3hsakbyh4.z01.azurefd.net https://holmgrensbilstatic-bthzafckcacxejdm.z01.azurefd.net https://staticcdn.holmgrensbil.se https://cdn.holmgrensbil.se https://*.googleusercontent.com https://imgsct.cookiebot.com https://dev.visualwebsiteoptimizer.com https://cdn.visualwebsiteoptimizer.com;media-src 'self' https://wds.ace.teliacompany.com https://holmgrensbil.cust.se.phyron.com https://holmgrensweb.azureedge.net https://holmgrensweb-hwchezh3hsakbyh4.z01.azurefd.net https://cdn.holmgrensbil.se;frame-src 'self' https://www.gaello.se https://vars.hotjar.com https://skadebesiktning.cab.se https://embedsocial.com https://www.autouncle.se https://optimize.google.com https://www.google.com https://omnitest.resurs.com https://www.powr.io https://www.youtube.com https://kabeadriacenter.kamafritid.se https://boka.se https://www.facebook.com https://wds.ace.teliacompany.com https://mozbar.moz.com https://consentcdn.cookiebot.com https://c1.adform.net https://holmgrensweb.azureedge.net https://holmgrensweb-hwchezh3hsakbyh4.z01.azurefd.net https://cdn.holmgrensbil.se;font-src 'self' https://fonts.gstatic.com https://secure.ecster.se https://holmgrens-bil.humany.net https://holmgrensbil.cust.se.phyron.com https://script.hotjar.com https://holmgrensweb.azureedge.net https://holmgrensweb-hwchezh3hsakbyh4.z01.azurefd.net https://cdn.holmgrensbil.se;connect-src 'self' https://haapi.holmgrensbil.se https://fordon.holmgrensbil.se https://imageupload.holmgrensbil.se https://sessions.bugsnag.com https://notify.bugsnag.com https://in.hotjar.com https://vc.hotjar.io https://www.google-analytics.com https://cgchat.callguide.telia.com https://www.facebook.com https://chat.ace.teliacompany.com https://production.depict-api.com https://holmgrens-bil.humany.net https://www.autouncle.se https://holmgrensbil.cust.se.phyron.com http://phyron.com http://app.se.phyron.com https://consentcdn.cookiebot.com https://fordonsapi.azurewebsites.net https://*.hotjar.com wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://cdn.linkedin.oribi.io https://stats.g.doubleclick.net https://*.hotjar.io https://px.ads.linkedin.com https://dev.visualwebsiteoptimizer.com;base-uri 'self' https://optimize.google.com;child-src 'self' blob:;form-action 'self' https://www.facebook.com https://*.list-manage.com;frame-ancestors 'self' https://skadebesiktning.cab.se 1
default-src 'self' wss://isaacphysics.org https://cdn.isaacphysics.org https://plausible.isaacphysics.org https://www.youtube-nocookie.com https://www.youtube.com; object-src 'none'; frame-src 'self' https://anvil.works https://*.anvil.app https://www.youtube-nocookie.com; img-src 'self' data: https://cdn.isaacphysics.org https://*.tile.openstreetmap.org https://developers.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://cdn.isaacphysics.org https://fonts.gstatic.com; 1
default-src 'self' * 'unsafe-inline' data: blob: ws: wss: gap://ready file//*; child-src *; object-src *; frame-src *; script-src * 'unsafe-inline' 'unsafe-eval' data:; style-src * 'unsafe-inline'; font-src *; connect-src * ws: wss:; 1
default-src 'self' 'unsafe-inline' https://jai.pivot-center.online https://csa.pivot-center.online https://cdn.datatables.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://cdn.datatables.net;object-src data: 'self' 'unsafe-eval' *; img-src 'self' data: *;  1
frame-ancestors 'self' bridge.dbxp.app screenfly.org 1
default-src 'self';object-src 'none';img-src 'self' data: blob:;font-src 'self' data: https://fonts.gstatic.com;connect-src 'self' wss://bilaxy.com wss://www.bilaxy.com wss://m.bilaxy.com https://newapi.bilaxy.com/ https://bilaxy.zendesk.com/api/v2/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;frame-src 'self' blob: https://www.google.com/recaptcha/; 1
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self' https://bo.franceolympique.com; 1
frame-ancestors citizenwatch.eu 'self' *.etracker.com http://192.168.0.3; 1
default-src 'self' https://www-cdn01.avisonyoung.com https://api-eu1.hubspot.com https://analytics.avisonyoung.com; style-src 'self' 'unsafe-inline' https://www-cdn01.avisonyoung.com https://fonts.googleapis.com https://www-proxy01.avisonyoung.com https://platform.twitter.com https://ton.twimg.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://tagmanager.google.com https://fast.fonts.net https://cdn.foleon.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://optimize.google.com https://uat-ay.buildout.com https://www.avisonyoungproperty.co.uk https://cdn.jsdelivr.net https://*.sharplaunch.com; font-src 'self' data: https://www-cdn01.avisonyoung.com https://www-proxy01.avisonyoung.com https://fonts.gstatic.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://*.hs-banner.com http://script.hotjar.com https://script.hotjar.com https://*.sharplaunch.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www-cdn01.avisonyoung.com https://www-proxy01.avisonyoung.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://pi.pardot.com https://go.avisonyoung.com https://buildout.com https://platform.twitter.com https://www-cdn01.avisonyoung.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://ceros.com https://static.cloudflareinsights.com https://cdn.syndication.twimg.com https://maps.googleapis.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://widget.usersnap.com https://resources.usersnap.com https://ajax.googleapis.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://cdn.analytics.foleon.com https://previewer.foleon.com https://optimize.google.com https://uat-ay.buildout.com https://e.infogram.com https://www.youtube.com https://static.hotjar.com https://script.hotjar.com https://avantanalytics.avisonyoung.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsforms.net https://*.hsforms.com https://ext.chtbl.com https://www.googleoptimize.com https://js-eu1.hsleadflows.net https://www.google.com https://www.gstatic.com https://js-eu1.usemessages.com https://js-eu1.hsadspixel.net https://analytics.avisonyoung.com https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://js-eu1.hubspot.com https://cdn.jsdelivr.net https://www.avisonyoungproperty.co.uk https://sdk.sharplaunch.com https://cdnjs.cloudflare.com https://maps.google.com https://realtyads.com https://www.onelink-edge.com https://link.edgepilot.com https://analytics.sharplaunch.com https://*.sharplaunch.com; img-src https: data: blob:; frame-src 'self' https://buildout.com https://platform.twitter.com https://syndication.twitter.com https://youtu.be https://www.youtube.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://www.google.com https://go.avisonyoung.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://forms.office.com *.youtube-nocookie.com https://dev.gvadob.ie https://experience.arcgis.com https://infogram.com https://optimize.google.com https://buildout-production.s3.amazonaws.com https://e.infogram.com https://vars.hotjar.com https://avantanalytics.avisonyoung.com https://*.hsforms.com https://omny.fm https://forms-eu1.hubspot.com https://app-eu1.hubspot.com https://analytics.avisonyoung.com https://player.cohostpodcasting.com https://bid.g.doubleclick.net https://open.spotify.com https://td.doubleclick.net https://app.powerbi.com/ https://realtyads.com; connect-src 'self' https://www-cdn01.avisonyoung.com https://www.google-analytics.com https://maps.googleapis.com/ https://widget.usersnap.com https://api.analytics.foleon.com https://api.foleon.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.com https://*.hs-banner.com https://web.chtbl.com https://stats.g.doubleclick.net https://forms-eu1.hubspot.com https://vimeo.com https://api-eu1.hubspot.com https://api-eu1.hubapi.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com https://content.hotjar.io https://metrics.hotjar.io https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://cta-eu1.hubspot.com https://cdn.growthbook.io https://sdk.sharplaunch.com https://analytics.sharplaunch.com https://5igwwa7oi7.execute-api.us-east-1.amazonaws.com; media-src 'self' blob: https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; object-src 'self' https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; worker-src 'self' blob: 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' blob: https://cdn.jsdelivr.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net https://www.pari.com/typo3conf/ext/pari_cms/Resources/Public/JavaScript/Vendor/analytics.js https://pari.com/typo3conf/ext/pari_cms/Resources/Public/JavaScript/Vendor/analytics.js https://matomo.pari.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://www.youtube-nocookie.com https://snap.licdn.com/; frame-src www.youtube.com www.youtube-nocookie.com login.doccheck.com www.login.doccheck.com www.player.youku.com player.youku.com https://scnem.com/ scnem.com; img-src * www.googletagmanager.com; form-action 'self'; object-src 'self'; font-src 'self' https://userlike-cdn-umm.b-cdn.net/fonts/; connect-src *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsforms.net https://*.hsforms.net https://*.hsforms.com https://trackcmp.net https://*.app-us1.com https://pandell.activehosted.com https://platform.twitter.com https://s.ytimg.com https://www.youtube.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://google-analytics.com https://googleads.g.doubleclick.net https://www.google.ca https://maps.googleapis.com https://js.createsend1.com https://ajax.googleapis.com https://www.workable.com/ https://apply.workable.com/ https://*.cloudfront.net;  script-src-elem 'self' 'unsafe-inline' https://js.hubspot.com https://js.hsadspixel.net https://js.hsforms.net https://*.hscollectedforms.net https://*.hs-analytics.net https://*.hs-banner.com https://forms.hsforms.com https://js.hs-scripts.com https://js.hsforms.net https://js.hsforms.com https://trackcmp.net https://prism.app-us1.com https://prism.app-us1.com https://diffuser-cdn.app-us1.com/diffuser/diffuser.js https://pandell.activehosted.com https://*.app-us1.com/ https://*.cloudfront.net https://platform.twitter.com https://s.ytimg.com https://www.youtube.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://www.workable.com https://apply.workable.com https://js.createsend1.com https://ajax.googleapis.com; script-src-attr 'self' 'unsafe-inline' https://js.hsforms.net https://platform.twitter.com https://s.ytimg.com https://www.youtube.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://use.typekit.net https://p.typekit.net; style-src-elem 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://use.typekit.net https://p.typekit.net; style-src-attr 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://use.typekit.net https://p.typekit.net; img-src 'self' data: https://exceptions.hs-embed-reporting.com/ https://adservice.google.com https://analytics.google.com https://fonts.gstatic.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://*.hubspot.com https://*.hsforms.com https://www.google.ca https://www.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://applauncher.pandell.com; font-src *; connect-src 'self' https://js.hs-banner.com/ https://analytics.google.com https://adservice.google.com https://fonts.gstatic.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://api.hubapi.com/ https://*.hscollectedforms.net https://*.hsforms.com https://*.hubspot.com https://hubspot-forms-static-embed.s3.amazonaws.com https://tagmanager.google.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google.ca/ https://www.google-analytics.com https://stats.g.doubleclick.net https://createsend.com/ https://www.google.com; media-src *; object-src *; child-src 'self'; frame-src 'self' https://pandell-21247847.hs-sites.com https://*.hsforms.net https://*.hsforms.com https://*.soundcloud.com/ https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com https://bid.g.doubleclick.net https://docs.google.com; worker-src 'self'; frame-ancestors 'self'; form-action *; base-uri https://www.pandell.com https://waf.pandell.com http://web-pandellweb.net.pandell.com/; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: wss:; worker-src 'self' blob: https://*.googleapis.com; child-src 'self' blob: https://*.googleapis.com https://*.facebook.com; frame-src 'self' https://*.facebook.com https://*.youtube.com https://speak.speechace.co/ https://*.vimeo.com https://*.officeapps.live.com https://*.omise.co https://*.paypal.com https://*.paypalobjects.com; 1
default-src 'none'; connect-src 'self' blob: https://res.cloudinary.com https://accounts.spotify.com https://fanhouse-staging--staging-v5ho8y0j.web.app/ https://api.fanhouse.app https://us-central1-fanhouse-staging.cloudfunctions.net https://api.stripe.com https://botd.fpapi.io https://securetoken.googleapis.com https://firestore.googleapis.com https://firebasestorage.googleapis.com https://www.google-analytics.com https://firebase.googleapis.com https://firebaseinstallations.googleapis.com https://www.googleapis.com https://api.amplitude.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io; frame-src 'self' https://fanhouse.app https://js.stripe.com https://www.youtube.com https://hooks.stripe.com https://fanhouse-staging.firebaseapp.com/; script-src 'self' blob: 'sha256-jAKQ61BFJ9QMmd+aURgAWIDQvg7k58/GCDU3ISLK9IU=' 'sha256-FvEKghNLP0YzyZSAxnPKuXunfcpTJfm4/Tuu/j9uBRw=' https://apis.google.com https://js.stripe.com https://ajax.cloudflare.com https://static.cloudflareinsights.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net; font-src 'self' https://fonts.gstatic.com https://unpkg.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; style-src 'self' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' https://unpkg.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; img-src 'self' https://res.cloudinary.com https://fanhouse-res.cloudinary.com https://firebasestorage.googleapis.com https://www.google-analytics.com https://purecatamphetamine.github.io/ *.googletagmanager.com *.google.com *.twimg.com *.googleusercontent.com i.scdn.co data: blob:; media-src 'self' https://firebasestorage.googleapis.com data: blob:; base-uri 'none'; object-src 'none'; manifest-src 'self'; worker-src 'self' blob:; child-src 'self' blob:; form-action 'none'; frame-ancestors 'self' https://sonnyangel.watch http://sonnyangel.watch https://zizz.ai http://zizz.ai; 1
default-src 'self';  upgrade-insecure-requests;  object-src 'none';  base-uri 'none';  connect-src 'self' https: ;  font-src 'self' data: https: ;  form-action 'self' https://hanayashiki.movabletype.io;  frame-ancestors 'self';  frame-src 'self' https: ;  img-src 'self' data: https: ;  media-src 'self'     www.youtube.com   ;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https: ;  script-src-attr 'self' 'unsafe-inline';  script-src-elem 'self' 'unsafe-inline' https: ;  style-src 'self' 'unsafe-inline' https: ;  style-src-attr 'self' 'unsafe-inline';  style-src-elem 'self' 'unsafe-inline' https: ; 1
default-src 'none'; connect-src 'self' https://assets.hcaptcha.com https://hcaptcha.com https://newassets.hcaptcha.com/; frame-src 'self' https://assets.hcaptcha.com https://hcaptcha.com https://newassets.hcaptcha.com/; script-src 'self' https://assets.hcaptcha.com https://hcaptcha.com https://newassets.hcaptcha.com/ 'unsafe-inline'; style-src 'unsafe-inline'; 1
frame-ancestors 'self' https://*.mybigcommerce.com https://*.bigcommerce.com https://*.myshopify.com https://*.shopify.com https://*.3dcartstores.com  1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https: https://was-nam-us-prd-bhapi.azurewebsites.net wss://ws.qualified.com wss://directline.botframework.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://bhgateway.azurewebsites.net; font-src 'self' https:; frame-ancestors 'self' https; 1
frame-src 'self' https://experience.arcgis.com/ https://*.adform.net https://connect.facebook.net https://c1.adform.net https://platform.twitter.com/ https://a.flexbooker.com/ https://www.snappayglobal.com/ https://stage.snappayglobal.com/ https://www.youtube.com/ https://player.vimeo.com/ https://request.eprotect.vantivprelive.com https://request.eprotect.vantivcnp.com https://hctra.maps.arcgis.com https://www.google.com/maps/ https://www.google.com/maps https://www.google.com https://www.trustedsite.com https://cse.google.com/ https://public.earthcam.net;     default-src 'self';   script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.clarity.ms  https://t.clarity.ms  https://*.stackadapt.com https://*.tvsquared.com  https://*.tvsquared.com/tv2track.js  https://qvdt3feo.com/events.js   https://tags.srv.stackadapt.com https://connect.facebook.net  https://*.adform.net https://www.clarity.ms  https://ads.nextdoor.com  https://platform.twitter.com/js/tweet.b81b6d7af2d75db873cff6099e4f433a.js https://platform.twitter.com/widgets.js https://request.eprotect.vantivprelive.com https://request.eprotect.vantivcnp.com https://bam.nr-data.net https://js-agent.newrelic.com https://cse.google.com https://www.google.com/cse/ https://clients1.google.com https://www.google-analytics.com https://cdn.ywxi.net https://www.googletagmanager.com https://www.google.com https://*.gstatic.com;         img-src blob: data: 'self' https://www.facebook.com https://*.stackadapt.com  https://tags.srv.stackadapt.com https://*.tvsquared.com https://*.tvsquared.com/tv2track.js  https://*.mdhv.io   https://*.clarity.ms  https://c.clarity.ms https://pbs.twimg.com https://syndication.twitter.com https://cdn.ywxi.net https://smetrics.hctra.org https://clients1.google.com https://www.google.com/cse/ https://www.google-analytics.com https://www.googleapis.com/ https://ssl.gstatic.com https://encrypted-tbn0.gstatic.com/images https://encrypted-tbn1.gstatic.com/images https://encrypted-tbn2.gstatic.com/images https://encrypted-tbn3.gstatic.com/images https://traffic.houstontranstar.org https://www.adobe.com/images/shared/download_buttons/;      object-src 'self';    style-src 'self' 'unsafe-inline' https://tags.srv.stackadapt.com https://www.google.com/cse/static/;        connect-src 'self' https://connect.facebook.net https://*.clarity.ms  https://*.stackadapt.com https://*.tvsquared.com https://*.tvsquared.com/tv2track.js https://qvdt3feo.com/events.js  https://y.clarity.ms https://t.clarity.ms  https://tags.srv.stackadapt.com  https://*.adform.net  https://www.google-analytics.com https://s3-us-west-2.amazonaws.com/mfesecure-public/host/ https://bam.nr-data.net https://triposcert.vantiv.com https://tripos.vantiv.com https://www.googletagmanager.com https://analytics.google.com;    form-action 'none';    frame-ancestors 'self';    report-uri /api/sessions/CspViolationLog/ReportViolation/ 1
default-src 'self' data: https://www.google-analytics.com *.usabilla.com *.cloudfront.net *.googleapis.com *.linkedin.com *.facebook.net;img-src 'self' data: https://www.google-analytics.com *.cloudfront.net https://www.google.com https://www.google.ro https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://www.google.nl https://cdn.cookielaw.org https://bat.bing.com *.doubleclick.net *.usabilla.com *.cloudfront.net *.googleapis.com *.linkedin.com *.facebook.net *.facebook.com *.google.co.uk https://ade.googlesyndication.com;script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://www.googleoptimize.com https://w.usabilla.com https://static.hotjar.com https://www.youtube.com https://script.hotjar.com https://www.googleadservices.com https://static.doubleclick.net https://js.monitor.azure.com https://bat.bing.com https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://cdn.jsdelivr.net https://vvaa.piwikpro.com *.usabilla.com *.cloudfront.net *.googleapis.com *.linkedin.com *.facebook.net *.licdn.com *.google.co.uk https://pagead2.googlesyndication.com ;script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://www.googleoptimize.com https://w.usabilla.com https://static.hotjar.com https://www.youtube.com https://script.hotjar.com https://www.googleadservices.com https://static.doubleclick.net https://js.monitor.azure.com https://bat.bing.com https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://cdn.jsdelivr.net https://vvaa.piwikpro.com  https://api.usabilla.com *.usabilla.com *.cloudfront.net *.googleapis.com *.linkedin.com *.facebook.net *.licdn.com *.google.co.uk https://pagead2.googlesyndication.com ;style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net *.usabilla.com *.cloudfront.net *.googleapis.com *.linkedin.com;font-src 'self' data: *.gstatic.com;object-src 'none';frame-ancestors 'self' https://mijn.onvz.nl;frame-src https://*.youtube.com https://9406030.fls.doubleclick.net *.mendixcloud.com https://cdn.cookielaw.org https://*.onvz.nl *.doubleclick.net *.usabilla.com *.cloudfront.net *.googleapis.com https://*.vvaazorgverzekering.nl https://*.vvaa.nl *.linkedin.com *.facebook.net *.google.co.uk *.mijnonvz.nl https://mijnonvz.nl *.mijnvvaazorgverzekering.nl https://mijnvvaazorgverzekering.nl https://mijn.onvz.nl;connect-src https://stats.g.doubleclick.net https://www.google-analytics.com https://region1.google-analytics.com https://dc.services.visualstudio.com https://www-tst.onvz.nl https://www-acc.onvz.nl https://www.onvz.nl https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.vvaazorgverzekering.nl https://www-tst.vvaazorgverzekering.nl https://www-acc.vvaazorgverzekering.nl https://vvaa.piwikpro.com https://*.onvz.nl https://*.vvaazorgverzekering.nl *.usabilla.com *.cloudfront.net *.googleapis.com *.linkedin.com *.facebook.net *.google.co.uk https://*.onetrust.com wss://ws.hotjar.com https://content.hotjar.io https://adservice.google.com *.google.com;base-uri 'self';form-action 'self'; 1
upgrade-insecure-requests;default-src 'self' 'unsafe-inline' 'unsafe-eval' js: https: data: blob: ymeeting: ymeetingontest: wss:;media-src https: http: rtmp: blob: data: 'self';frame-src ymeeting: ymeetingontest: js: https: 'self';img-src data: blob: https://open.weixin.qq.com gm.mmstat.com *.ylyun.com *.yealinkmeeting.com *.onyealink.com *.onyealinkcloud.com *.ymcs.yealink.com *.aliyuncs.com *.azureedge.net *.blob.core.windows.net 'self';frame-ancestors 'self' https://xf.ctoou.com https://wsxf.xfj.gz.gov.cn; 1
frame-ancestors 'self' https://changemakers.thehumaneleague.org; object-src 'none'; 1
default-src 'self' https:;script-src 'self' 'unsafe-inline'  https://www.googletagmanager.com  https://player.vimeo.com/api/player.js  https://policy.app.cookieinformation.com  https://www.youtube.com  https://mktdplp102cdn.azureedge.net  https://cxppusa1formui01cdnsa01-endpoint.azureedge.net  https://assets-eur.mkt.dynamics.com  https://public-eur.mkt.dynamics.com  *.svc.dynamics.com/f  *.svc.dynamics.com/t  *.svc.dynamics.com/t/w  https://dhigroup.matomo.cloud  https://cdn.matomo.cloud/dhigroup.matomo.cloud/container_HH5X4G0y.js  https://cdn.matomo.cloud/dhigroup.matomo.cloud/matomo.js;style-src 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com https:;font-src 'self' *.gstatic.com data: https:;img-src 'self' *.googletagmanager.com data: https:;object-src 'self' 'unsafe-inline' *;frame-ancestors 'none';base-uri 'self';form-action 'none'; 1
frame-ancestors www.thehourglass.com reports.thehourglass.com ovr.thehourglass.com 1
default-src 'self'  *.pn.vg *.pushnews.eu *.smrk.io *.achefly.net;    script-src 'report-sample' 'self'  'unsafe-eval' 'unsafe-inline' *.facebook.com *.facebook.net *.google.com *.google.com.br *.google-analytics.com *.googletagmanager.com *.googleadservices.com www.gstatic.com www.googleoptimize.com *.rdstation.com.br *.rdstation.com *.rd.services code.jquery.com cdn.jsdelivr.net cdn.pn.vg polyfill.io cdnjs.cloudflare.com reservas.rioquente.com.br googleads.g.doubleclick.net static.hotjar.com script.hotjar.com cdn.pmweb.com.br www.dataunion.com.br bat.bing.com onboard.triptease.io cdn.asksuite.com platform-api.sharethis.com buttons-config.sharethis.com t.sharethis.com secure.lomadee.com mc.yandex.ru event.getblue.io widget.getblue.io targeted-messages.triptease.io static-meta.triptease.io p.relay-t.io script.crazyegg.com *.clarity.ms *.navdmp.com assets.streamshop.com.br analytics.tiktok.com pixel.mathtag.com *.campaign-lomadee.com *.pn.vg *.pushnews.eu *.smrk.io *.achefly.net;    style-src 'report-sample' 'self' 'unsafe-inline'  fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net s3.amazonaws.com *.pn.vg *.pushnews.eu *.smrk.io *.achefly.net;    object-src 'none'; base-uri 'self';    connect-src 'self'                                *.facebook.com *.facebook.net *.google.com *.google.com.br *.google-analytics.com *.googletagmanager.com *.googleadservices.com cdn.cookielaw.org stats.g.doubleclick.net osp-assets.pn.vg *.yandex.com *.yandex.ru onboard.triptease.io static-meta.triptease.io messages.guest-experience.triptease.io df.pmweb.com.br companies.asksuite.com l.sharethis.com control.asksuite.com *.aviva.com.br www.dataunion.com.br api.triptease.io *.hotjar.com *.hotjar.io b.smrk.io wss://ws.hotjar.com beapi.omnibees.com bcp.crwdcntrl.net p.relay-t.io p.smrk.io beapi.omnibees.com pagead2.googlesyndication.com script.crazyegg.com *.clarity.ms api.pn.vg analytics.tiktok.com pagestates-tracking.crazyegg.com assets-tracking.crazyegg.com tracking.crazyegg.com *.campaign-lomadee.com *.pn.vg *.pushnews.eu *.smrk.io *.achefly.net;    font-src 'self'                                   fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com script.hotjar.com;    frame-src 'self'                                  *.facebook.com *.facebook.net *.google.com *.google.com.br *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net onboard.triptease.io event.getblue.io *.yandex.com *.yandex.ru targeted-messages.triptease.io s3.amazonaws.com t.sharethis.com www.youtube.com *.liveshop.com.br *.streamshop.com.br;    img-src 'self'                                    *.facebook.com *.facebook.net *.google.com *.google.com.br *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net bat.bing.com *.yandex.com *.yandex.ru sync.sharethis.com images.asksuite.com chart.googleapis.com placehold.it doc-0k-34-docs.googleusercontent.com platform-cdn.sharethis.com drive.google.com widgets.omnibees.com *.clarity.ms *.bing.com files.streamshop.com.br icons.pn.vg *.streamshop.com.br *.cachefly.net static.tacdn.com data: *.pn.vg *.pushnews.eu *.smrk.io *.achefly.net;    manifest-src 'self';    media-src 'self';    worker-src 'self'                                   blob:; 1
default-src 'self' data: cdn.linkedin.oribi.io region1.analytics.google.com varta.matomo.cloud metrics.hotjar.io csmetrics.hotjar.com content.hotjar.io wss://ws.hotjar.com wss://wsp19.hotjar.com csmetrics.hotjar.com wss://ws32.hotjar.com wss://ws5.hotjar.com in.hotjar.com csp.withgoogle.com www.salesviewer.com salesviewer.org www.varta-ag.com dev.varta-ag.com www.facebook.com region1.google-analytics.com maps.googleapis.com stats.g.doubleclick.net www.google-analytics.com irs.tools.investis.com static.b-ite.com www.youtube.com jobs.b-ite.com config1.veinteractive.com cookiee1.veinteractive.com sessionapi.veinteractive.com dtrc.veinteractive.com www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: snap.licdn.com script.hotjar.com cdn.matomo.cloud static.hotjar.com partner.googleadservices.com clients1.google.com cse.google.com www.varta-ag.com dev.varta-ag.com connect.facebook.net maps.googleapis.com www.googleadservices.com googleads.g.doubleclick.net cdnjs.cloudflare.com cdn.jsdelivr.net www.youtube.com static.b-ite.com cs-assets.b-ite.com  www.googletagmanager.com  www.google.com www.gstatic.com config1.veinteractive.com www.google-analytics.com; font-src  'self' 'unsafe-inline' data: www.varta-ag.com dev.varta-ag.com  fonts.gstatic.com googleads.g.doubleclick.net; img-src 'self' 'unsafe-inline' data: cdn.matomo.cloud connect.facebook.net www.linkedin.com px.ads.linkedin.com region1.analytics.google.com cse.google.com clients1.google.com www.googleapis.com  ssl.gstatic.com encrypted-tbn0.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com fonts.gstatic.com www.varta-ag.com dev.varta-ag.com www.varta-microbattery.com www.facebook.com region1.google-analytics.com maps.gstatic.com maps.googleapis.com biz.service.varta-consumer.com www.google.com www.google.de www.google-analytics.com cs-assets.b-ite.com www.googletagmanager.com; style-src https: 'unsafe-inline' www.varta-ag.com dev.varta-ag.com; frame-src 'self' www.google.com irs.tools.investis.com www.youtube-nocookie.com www.youtube.com; child-src blob: 'self' vars.hotjar.com cse.google.com www.varta-ag.com dev.varta-ag.com www.youtube-nocookie.com www.youtube.com config1.veinteractive.com www.google.com cdn.matomo.cloud irs.tools.investis.com; 1
frame-ancestors 'self'; script-src https://apis.google.com/ https://ajax.googleapis.com/ https://eu.yextstatic.com/ https://www.yext.com/ 'self' https://tileproxy.cloud.mapquest.com/ 'report-sample' https://cmp.osano.com/ https://www.yextstatic.com/ https://edge.fullstory.com/ https://yexttest.atlassian.net/ https://www.googletagmanager.com/ blob: https://www.yext-static.com/ https://maps.googleapis.com/ https://www.mapquestapi.com/ https://assets.sitescdn.net/ https://www.google-analytics.com/ 'nonce-6LfHfoz5aP114huFf3qrEg=='; style-src https://cdn.jsdelivr.net/ https://ajax.googleapis.com/ https://eu.yextstatic.com/ https://use.typekit.net/ 'sha256-GNF74DLkXb0fH3ILHgILFjk1ozCF3SNXQ5mQb7WLu/Y=' 'self' https://stackpath.bootstrapcdn.com/ https://fonts.googleapis.com/ https://meyerweb.com/ 'report-sample' https://www.yextstatic.com/ https://maxcdn.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ https://www.yext-static.com/ https://p.typekit.net/ https://hitchhikers.yext.com/ 'nonce-Su/IbSSEx0+gt79c5s/Ctg==' https://assets.sitescdn.net/ https://www.gstatic.com/; font-src https://fonts.gstatic.com/ https://www.yext-static.com/ https://use.typekit.net/ 'self' https://d33wubrfki0l68.cloudfront.net/ https://www.yextstatic.com/; img-src https://i.ytimg.com/ https://www.yext.com/ data: https://ssl.gstatic.com/ https://www.yextstatic.com/ https://www.yext-static.com/ https://maps.googleapis.com/ https://help.yext.com/ https://a.mktgcdn.com/ https://realtimeanalytics.yext.com/ https://dyn.mktgcdn.com/ https://dynl.mktgcdn.com/ http://i.ytimg.com/ http://www.yext.com/ 'self' http://ssl.gstatic.com/ http://www.yextstatic.com/ blob: http://help.yext.com/ http://a.mktgcdn.com/ http://www.yext-static.com/ http://maps.googleapis.com/ http://dynl.mktgcdn.com/ http://realtimeanalytics.yext.com/ http://dyn.mktgcdn.com/; default-src 'self'; connect-src https://answersstatus.pagescdn.com/ https://liveapi-cached.yext.com/ https://disclosure.api.osano.com/ https://liveapi-or2.yext.com/ https://a.mktgcdn.com/ https://www.google-analytics.com/ https://realtimeanalytics.yext.com/ https://liveapi.yext.com/ 'self' https://schema.yext.com/ https://liveapi-jp2.yext.com/ https://sentry.yext.use4a.devops-o2cwhite.net/ https://us.yextevents.com/ https://cmp.osano.com/ https://cdn.yextapis.com/ https://upload.mktgcdn.com/ https://liveapi-ne2.yext.com/ https://edge.fullstory.com/ https://tattle.api.osano.com/ https://liveapi-us2.yext.com/ https://consent.api.osano.com/ https://api.smartling.com/ https://rs.fullstory.com/ https://prod-cdn.us.yextapis.com/ https://analytics.google.com/; media-src 'self'; frame-src https://accounts.google.com/ https://*.preview.pagescdn.com/ https://*.landingpagespreview.com/ https://www.yext.com/ 'self' https://socialplugin.facebook.net/ https://*.starters.yext.com/ https://www.zuora.com/ https://cmp.osano.com/ https://*.pgsdemo.com/ https://mozbar.moz.com/ https://sites.yext.com/; report-uri /cspreports/error?slug=users 1
frame-ancestors 'self' https://www.quironsalud.com https://betaweb.quironsalud.es https://international.quironsalud.com https://intranetfjd.idc.local https://olympia.quironsalud.com https://olympia.quironsalud.es https://overweightinstitute.fjd.es https://pacientes.healthdiagnostic.es https://rare-genomics.com https://www.cirujanosdelcorazon.es https://www.clinicadelpilar.org https://www.clinicavalles.com https://www.cuidamosdelamujer.es https://www.diverhospital.es https://www.e-quironsalud.com https://www.fjd.es https://www.fundacionquironsalud.org https://www.hgc.es https://www.hgvillalba.es https://www.hope-documental.es https://www.hospitalinfantaelena.es https://www.hospitalpublicocolladovillalba.es https://www.hospitalreyjuancarlos.es https://www.hscor.com https://www.idcsaludenfermeria.es https://www.idcsalud.es https://www.imbanaco.com https://www.jornadaspbp.es https://www.lungscreen.eu https://www.oncohealth.eu https://www.porquesabeselegir.es https://www.quironsalud.es https://www.quironsalud-hospitals.com https://www.rare-genomics.com https://www.recetaenergia.es https://www.redneurosalud.es https://www.ruber.es https://www.ruberinternacional.es https://www.teknonbarcelona.com https://www.teknonbarcelona.it https://www.teknonbarcelona.ru https://www.teknon.es https://www.tucanaldesalud.es 1
block-all-mixed-content;default-src  'self';script-src  'self'  'unsafe-inline'  'unsafe-eval'  https://*.bimago.com  https://*.bimago.cz  https://*.bimago.es  https://*.bimago.at  https://*.bimago.art  https://*.bimago.co.uk  https://*.bimago.se  https://*.bimago.pl  https://*.bimago.de  https://*.bimago.fr  https://*.bimago.it  https://*.bimago.nl  https://*.bimago.pt  https://pay.google.com/gp/p/js/pay.js  https://consent.cookiebot.com  https://api.exponea.com  https://googleads.g.doubleclick.net  https://www.gstatic.com  https://www.googletagmanager.com  https://www.google.com/recaptcha/api.js  https://www.googleadservices.com  https://www.google.com  https://pagead2.googlesyndication.com  https://connect.facebook.net  https://s.pinimg.com  https://ct.pinterest.com  https://pixel.biano.cz  https://cz.bianopixel.com  https://bianopixel.com  https://*.trustpilot.com  https://*.trustedshops.com  https://*.etrusted.com  https://*.cookiebot.com  https://*.hotjar.com  https://*.clarity.ms  https://c.bing.com  https://*.inteliwise.com  https://s3-eu-west-1.amazonaws.com/static.inteliwise.com/  https://inteliwise-eu.s3.amazonaws.com  https://*.inteliwi.se;font-src  'self'  data:  https://*.bimago.com  https://fonts.gstatic.com  https://script.hotjar.com  https://*.trustedshops.com  https://*.etrusted.com  https://*.inteliwise.com;style-src  'self'  'unsafe-inline'  https://*.bimago.com  https://fonts.googleapis.com  https://www.googletagmanager.com  https://www.gstatic.com  https://*.trustedshops.com  https://*.etrusted.com  https://*.inteliwise.com;img-src  'self'  data:  blob:  https://*.bimago.media  https://*.bimago.com  https://*.bimago.cz  https://*.bimago.es  https://*.bimago.at  https://*.bimago.art  https://*.bimago.co.uk  https://*.bimago.se  https://*.bimago.pl  https://*.bimago.de  https://*.bimago.fr  https://*.bimago.it  https://*.bimago.nl  https://*.bimago.pt  https://*.adyen.com  https://www.googletagmanager.com  https://www.google.pl  https://www.google.cz  https://www.google.com  https://www.google.ie  https://www.google.de  https://www.google.sk  https://www.google.com.eg  https://www.google.co.uk  https://www.google.fr  https://www.google.es  https://www.google.se  https://imgsct.cookiebot.com  https://fonts.gstatic.com  https://googleads.g.doubleclick.net  https://googleads.g.doubleclick.net/  https://adservice.google.com  https://ad.doubleclick.net  https://stats.g.doubleclick.net  https://www.facebook.com  https://www.googleadservices.com  https://translate.google.com  https://connect.facebook.net  https://www.google.ad  https://*.inteliwise.com  https://*.trustedshops.com  https://*.etrusted.com  https://*.analytics.google.com  https://*.google-analytics.com  https://*.googlesyndication.com  https://*.clarity.ms  https://c.bing.com;media-src  'self'  data:  blob:  https://*.bimago.com;connect-src  'self'  https://*.bimago.com  https://*.bimago.com/  https://*.bimago.cz  https://*.bimago.cz/  https://*.bimago.es  https://*.bimago.es/  https://*.bimago.at  https://*.bimago.at/  https://*.bimago.art  https://*.bimago.art/  https://*.bimago.co.uk  https://*.bimago.co.uk/  https://*.bimago.se  https://*.bimago.se/  https://*.bimago.pl  https://*.bimago.pl/  https://*.bimago.de  https://*.bimago.de/  https://*.bimago.fr  https://*.bimago.fr/  https://*.bimago.it  https://*.bimago.it/  https://*.bimago.pt  https://*.bimago.pt/  https://*.bimago.nl  https://*.bimago.nl/  https://*.adyen.com  https://*.adyen.com/  https://www.gstatic.com  https://www.googletagmanager.com  https://www.google.com  https://pagead2.googlesyndication.com  https://consent.cookiebot.com  https://consentcdn.cookiebot.com  https://api.exponea.com  https://adservice.google.com  https://adservice.google.com/  https://connect.facebook.net  https://capig.stape.host  https://www.facebook.com  https://analytics.google.com  https://ct.pinterest.com  https://p.biano.cz  https://cz.bianopixel.com  https://*.trustpilot.com  https://*.trustedshops.com  https://*.etrusted.com  https://*.googleapis.com  https://*.analytics.google.com  https://*.google-analytics.com  https://*.g.doubleclick.net  https://*.sentry.io  https://*.hotjar.io  https://*.hotjar.com  wss://*.hotjar.com  https://*.clarity.ms  https://c.bing.com  https://*.inteliwise.com  https://s3-eu-west-1.amazonaws.com/static.inteliwise.com/  https://inteliwise-eu.s3.amazonaws.com  https://*.inteliwi.se  wss://*.inteliwi.se;frame-src  'self'  https://*.bimago.com  https://*.adyen.com  https://pay.google.com  https://consentcdn.cookiebot.com  https://www.google.com  https://td.doubleclick.net  https://www.facebook.com  https://ct.pinterest.com  https://s3-eu-west-1.amazonaws.com/static.inteliwise.com/  https://inteliwise-eu.s3.amazonaws.com  https://*.trustpilot.com;manifest-src  'self';frame-ancestors  https://acss-cms.prod.artgeist.co;object-src  'self';worker-src  'self';base-uri  'self'  https://*;navigate-to  'self'  https://*;report-uri  https://o1145345.ingest.us.sentry.io/api/4504405867954176/security/?sentry_key=260ae0f35117a325331d44621f6a4006&sentry_environment=prod;report-to sentry; 1
frame-ancestors https://www.ap-ncr.com www.bfcu.org 1
frame-ancestors 'self' http://cms.metro.style; upgrade-insecure-requests 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' storage.googleapis.com *.google.com *.gstatic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://js-agent.newrelic.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com; style-src 'self' blob: 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; connect-src 'self' *.carfaxforpolice.com *.carfax.io *.crashdocs.org https://bam.nr-data.net https://bam-cell.nr-data.net *.s3.amazonaws.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com; frame-src 'self' *.carfaxforpolice.com carfaxforpolice.com *.google.com *.crashdocs.org *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com chasepaymentechhostedpay-var.com chasepaymentechhostedpay.com https://carfax.co1.qualtrics.com blob:; img-src 'self' data: *.carfax.com *.s3.amazonaws.com https://siteintercept.qualtrics.com https://co1.qualtrics.com blob:; object-src 'self' blob: *.carfaxforpolice.com; frame-ancestors 'self' *.carfaxforpolice.com carfaxforpolice.com *.crashdocs.org *.carfax.com *.carfax.io 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://mc.yandex.ru https://googleads.g.doubleclick.net https://connect.facebook.net; 1
default-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' https: data:; frame-src 'self' https:; connect-src 'self' https:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; 1
default-src 'self' 'nonce-5krl59ibFCeWQqCC3EKegTit' https://*.joesecurity.org wss://*.joesecurity.org:* https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ wss://www.joesandbox.com:* https://*.getresponse.com https://*.gr-cdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com wss://*.google-analytics.com wss://*.analytics.google.com; img-src 'self' data: blob: *; font-src 'self' data:; base-uri 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-5krl59ibFCeWQqCC3EKegTit' https://*.joesecurity.org wss://*.joesecurity.org:* https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ wss://www.joesandbox.com:* https://*.getresponse.com https://*.gr-cdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com wss://*.google-analytics.com wss://*.analytics.google.com; style-src 'self' 'unsafe-inline' https://*.joesecurity.org wss://*.joesecurity.org:* https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ wss://www.joesandbox.com:* https://*.getresponse.com https://*.gr-cdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com wss://*.google-analytics.com wss://*.analytics.google.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'nonce-5krl59ibFCeWQqCC3EKegTit' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-DQkto1YLMojQMpngbn54aQkn4NeSKZVG732Kkk0EDrM=' 'sha256-idFLoxeUxvvEelYRkHv+ecCM1NFDFNjInf1IVOZVrQE=' 'sha256-sA0hymKbXmMTpnYi15KmDw4u6uRdLXqHyoYIaORFtjU=' 'sha256-JxGePvcXojgw6oyM7DjecYGHHYJ+cjx44JPnL40VRP8=' 'sha256-NZLQvdTTZtrktFDkzPeufcUBlW9EwQVrDp/YV7nMphM=' https://*.joesecurity.org wss://*.joesecurity.org:* https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ wss://www.joesandbox.com:* https://*.getresponse.com https://*.gr-cdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com wss://*.google-analytics.com wss://*.analytics.google.com; frame-ancestors 'self'; report-uri /reports 1
default-src 'self' https://ravenol.de https://*.ravenol.de 'unsafe-inline' data:; font-src 'self' https://ravenol.de https://*.ravenol.de 'unsafe-inline' data:;img-src 'self' https://ravenol.de https://*.ravenol.de i.ytimg.com data:; frame-src www.youtube-nocookie.com https://ravenol.de https://*.ravenol.de; script-src 'report-sample' 'self' https://ravenol.de https://*.ravenol.de 'unsafe-inline' 'unsafe-eval' maps.googleapis.com www.google.com/recaptcha/api.js ; script-src-elem 'report-sample' 'self' https://ravenol.de https://*.ravenol.de 'unsafe-inline' 'unsafe-eval' maps.googleapis.com www.google.com/recaptcha/api.js ; style-src 'report-sample' 'self' https://ravenol.de https://*.ravenol.de 'unsafe-inline' ; media-src 'report-sample' 'self' ; child-src 'self' ; worker-src 'self' *; 1
frame-ancestors http://cms.ymcachicago.org http://www.ymcachicago.org http://ymcachicago.org http://ymca-cms.ae-admin.com http://ymca-live.ae-admin.com 1
frame-ancestors 'self' https://booksy.com https://*.booksy.com; 1
default-src 'self' data: *.eu-west-1.amazonaws.com maps.googleapis.com cdnjs.cloudflare.com *.veeva.io www.googletagmanager.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: * 1
default-src 'self'; font-src 'self' *; style-src 'unsafe-inline' 'self' *; img-src https://*.googletagmanager.com/* 'self' * blob: data: image; connect-src https://*.intuit.com https://*.ingest.sentry.io/  ws://packsizenow.com wss://packsizenow.com 'self'; script-src 'self' 'nonce-nETA1CDwFr3EHQ'; frame-src youtube.com www.youtube.com; 1
frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'unsafe-inline' 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://cdn.perfdrive.com https://maps.googleapis.com/ static.hotjar.com script.hotjar.com www.gstatic.com bat.bing.com googleads.g.doubleclick.net www.googleadservices.com www.google.com connect.facebook.net www.google-analytics.com code.jquery.com cdnjs.cloudflare.com www.googletagmanager.com; style-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-hashes' code.jquery.com https://fonts.googleapis.com; object-src 'none'; frame-src *.google.com https://tpc.googlesyndication.com www.google.com www.youtube.com vars.hotjar.com; child-src 'none'; img-src 'self' https://hopper.bipdrive.com https://servicios.bipdrive.com:8196 https://hopper.bipdrive.com:8196 https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com connect.facebook.net *.google-analytics.com data: www.google.it bat.bing.com www.google.com.py googleads.g.doubleclick.net maps.googleapis.com www.facebook.com www.google.es www.google.com maps.gstatic.com www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.io https://cas.avalon.perfdrive.com wss://*.hotjar.com https://googleads.g.doubleclick.net https://*.googleapis.com *.google.com https://*.gstatic.com wss://wsp39.hotjar.com https://adservice.google.com wss://wsp27.hotjar.com https://region1.analytics.google.com wss://wsp18.hotjar.com in.hotjar.com vc.hotjar.io www.google.com bat.bing.com www.bipdrive.com www.google-analytics.com stats.g.doubleclick.net; manifest-src 'none'; base-uri 'self'; form-action 'self' https://www.bipdrive.com/; media-src 'self' www.bipdrive.com; worker-src 'none'; 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://jf.x.com https://jf.twitter.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com ws://localhost:8008/v2/ipc https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com https://localhost.twitter.com:3443 https://localhost.x.com:3443; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://static.ads-twitter.com  'nonce-NDA5MzA2ZDYtM2E4Yi00ODZkLThiZGMtNGZkMjExNzA1OTcx'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
script-src 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; base-uri 'self'; 1
connect-src 'self';img-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data; object-src 'self' 'unsafe-inline' 'unsafe-eval' https: data; 1
default-src 'self' https://s7.addthis.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; script-src 'self' 'unsafe-inline' https://s7.addthis.com https://m.addthis.com https://player.vimeo.com https://z.moatads.com https://v1.addthisedge.com https://code.jquery.com https://siteimproveanalytics.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://snap.licdn.com https://maps.googleapis.com https://cdn.siteimprove.net https://www.gstatic.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://privacyportal.onetrust.com https://geolocation.onetrust.com https://*.silktide.com 'unsafe-eval' https://*.wistia.com https://*.wistia.net https://src.litix.io; connect-src 'self' https://*.blakes.com https://*.silktide.com https://m.addthis.com https://s7.addthis.com https://blakesdevsearch.search.windows.net https://blakesstagingsearch.search.windows.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://www.google-analytics.com https://maps.googleapis.com https://my2.siteimprove.com https://blakesprodsearch.search.windows.net https://tpspdf.pixelshopdesign.net https://cdn.linkedin.oribi.io https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://privacyportal.onetrust.com https://geolocation.onetrust.com https://*.ads.linkedin.com https://privacyportal-ca.onetrust.com; img-src data: 'self' https://blakesprodstorage.blob.core.windows.net https://*.blakes.com https://blakesdevmedialob.blob.core.windows.net http://www.w3.org https://www.w3.org https://via.placeholder.com https://www.toolkitforkentico.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://ad.doubleclick.net https://ade.googlesyndication.com https://px.ads.linkedin.com https://blakes.vuture.net https://maps.gstatic.com https://maps.googleapis.com https://blakes.com https://blakesnitro.com https://*.siteimproveanalytics.io https://61281071.global.siteimproveanalytics.io https://d21y75miwcfqoq.cloudfront.net https://www.linkedin.com https://p.adsymptotic.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://*.vimeocdn.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://privacyportal.onetrust.com https://geolocation.onetrust.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://fonts.googleapis.com https://fast.wistia.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://privacyportal.onetrust.com https://geolocation.onetrust.com https://cdn.fonts.net; base-uri 'self'; form-action 'self';  frame-src 'self' https://*.blakes.com https://s7.addthis.com https://player.vimeo.com https://bid.g.doubleclick.net https://my2.siteimprove.com https://w.soundcloud.com https://www.google.com https://fast.wistia.com https://fast.wistia.net https://td.doubleclick.net;  font-src data: 'self' https://fonts.gstatic.com https://*.wistia.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://privacyportal.onetrust.com https://geolocation.onetrust.com 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://jf.x.com https://jf.twitter.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com ws://localhost:8008/v2/ipc https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com https://localhost.twitter.com:3443 https://localhost.x.com:3443; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://static.ads-twitter.com  'nonce-MGZkZGU2YmYtMWYyMy00ZGQzLTllNTMtMDRlZTExZTQ5NTYw'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
default-src 'self'; script-src 'unsafe-inline' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.cookiebot.com https://*.provenexpert.com https://content.app-us1.com https://*.googleusercontent.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://*.123hundeschule.de https://*.cookiebot.com https://*.kutego.martinruetter.com https://open.spotify.com https://www.eversports.de https://*.edoobox.com https://*.klicktipp.com https://*.calenso.com https://*.etermin.net https://calendly.com; connect-src 'self' https://openmaptiles.github.io https://maps.int.martinruetter.com https://*.cookiebot.com https://*.provenexpert.net https://*.google-analytics.com https://*.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://*.cookiebot.com https://*.kutego.martinruetter.com https://*.googletagmanager.com https://*.edoobox.com https://*.provenexpert.com https://*.provenexpert.net https://*.klicktipp.com https://*.activehosted.com https://*.etermin.net https://*.calendly.com https://*.googleapis.com 'report-sample'; style-src 'self' https://*.provenexpert.com https://fonts.bunny.net 'unsafe-inline' 'report-sample'; font-src 'self' 'unsafe-inline' data: https://*.provenexpert.com https://fonts.bunny.net; worker-src 'unsafe-inline' blob:; report-uri https://www.martinruetter.com/@http-reporting?csp=report&requestTime=1721959637827115 1
base-uri 'self';frame-ancestors 'none';font-src 'self' fonts.gstatic.com; 1
frame-ancestors 'self' admin.hamiltonlane.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-v8JfSw7E+sQ17Fe+7mC7tOPspgbrSexVSjbUDxHxyu0EUcIH' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' b2broker.activehosted.com *.ads-twitter.com *.b2broker.net *.b2broker.com *.doubleclick.net *.google.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com *.gravatar.com *.facebook.net *.facebook.com *.roistat.com *.twitter.com *.yahoo.com *.yandex.ru *.yimg.com *.googleusercontent.com *.youtube.com *.google.ru; script-src 'self' 'unsafe-inline' gstatic.com www.gstatic.com cdnjs.cloudflare.com b2broker.activehosted.com *.ads-twitter.com *.b2broker.net *.b2broker.com *.doubleclick.net *.google.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com *.gravatar.com *.facebook.net *.facebook.com *.roistat.com *.twitter.com *.yahoo.com *.yandex.ru *.yimg.com; connect-src 'self' b2broker.activehosted.com *.ads-twitter.com *.b2broker.net *.b2broker.com *.doubleclick.net *.google.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com *.gravatar.com *.facebook.net *.facebook.com *.roistat.com *.twitter.com *.yahoo.com *.yandex.ru *.yimg.com; img-src 'self' data: *.b2binpay.com b2broker.activehosted.com *.ads-twitter.com *.b2broker.net *.b2broker.com *.doubleclick.net *.google.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com *.gravatar.com *.facebook.net *.facebook.com *.roistat.com *.twitter.com *.yahoo.com *.yandex.ru *.yimg.com *.googleusercontent.com *.youtube.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com b2broker.activehosted.com *.ads-twitter.com *.b2broker.net *.b2broker.com *.doubleclick.net *.google.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com *.gravatar.com *.facebook.net *.facebook.com *.roistat.com *.twitter.com *.yahoo.com *.yandex.ru *.yimg.com; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com 1
default-src 'self' https://login.windows.net https://gateway.zscaler.net/ https://cdn.cpnscdn.com/ https://images.ctfassets.net/ https://privacytermsprod.azureedge.net/ https://videos.ctfassets.net https://www.googleadservices.com/ https://*.segmanta.com/ https://*.pggoodeveryday.ca/ https://*.pgsvc.com/ https://match.adsrvr.org/ https://js.adsrvr.org/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://www.terracycle.com/ https://search-api.swiftype.com/ https://api-pge.segmanta.com/ https://res.cloudinary.com/ https://fonts.googleapis.com/ https://d29usylhdk1xyu.cloudfront.net/ https://d1lqe9temigv1p.cloudfront.net/ https://fonts.gstatic.com/ https://www.googletagmanager.com/ https://quilt-cdn.janrain.com/ https://cdn.segment.com/ https://feed.pghub.io/ https://pixel.tapad.com/ https://googleads.g.doubleclick.net/ blob: feed.pghub.io pandg.tapad.com ; font-src 'self' https://fonts.gstatic.com/ data: feed.pghub.io pandg.tapad.com ; img-src * 'self' https://cdn.incentives.gcp.pgcloud.com https://np-cdn.incentives.gcp.pgcloud.com https://cdn.cpnscdn.com/ https://images.ctfassets.net/ https://privacytermsprod.azureedge.net/ https://videos.ctfassets.net blob: data: https: https://www.google.com/ https://www.google.co.in/ https://www.google-analytics.com/ https://feed.pghub.io/ https://pixel.tapad.com/ https://res.cloudinary.com/ https://images.ctfassets.net/ https://privacytermsprod.azureedge.net/ https://videos.ctfassets.net https://cdn.cpnscdn.com/ ; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://get.free.ca https://analytics.tiktok.com https://s.pinimg.com https://gateway.zscaler.net/ https://procter-gamble.us.janraincapture.com/ https://procter-gamble.us-dev.janraincapture.com/ https://z.moatads.com/ https://www.terracycle.com/ https://pghub.io/ https://www.tp88trk.com/ https://cdn.cookielaw.org/ https://script.crazyegg.com/ https://container.pepperjam.com/ https://connect.facebook.net/ https://www.gstatic.com https://www.google.com https://c.lytics.io https://www.youtube.com https://www.youtube-nocookie.com https://procter-gamble-qa.us-dev.janraincapture.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://d29usylhdk1xyu.cloudfront.net/ https://d1lqe9temigv1p.cloudfront.net/ https://cdn.segment.com/ https://www.googleadservices.com/ https://pge.segmanta.com/ https://js.adsrvr.org/ https://googleads.g.doubleclick.net/ blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://c.lytics.io https://quilt-cdn.janrain.com/ https://fonts.googleapis.com/ feed.pghub.io pandg.tapad.com ; frame-src 'self' https://pgnacagoodeveryday.jebbit.com https://ct.pinterest.com https://preferencecenter.pg.com https://*.doubleclick.net/ https://youtu.be/ https://consumersupport.pg.com/ mailto: https://gateway.zscaler.net/ https://pg-lex.my.salesforce-sites.com/ https://procter-gamble.us.janraincapture.com/ https://procter-gamble.us-dev.janraincapture.com/ https://feed.pghub.io/ https://pandg.tapad.com/ https://*.pepperjamnetwork.com/ https://www.terracycle.com/ https://sg.pggoodeveryday.com/ https://*.pg.promosvcs.com/ https://www.facebook.com/ https://*.fls.doubleclick.net/ https://www.coupons.com/ https://pgconsumersupport.secure.force.com/ https://consumeraccessapi.smartsource.com https://gears.websaver.ca/ https://pgsurveys.segmanta.com/ https://9942807.fls.doubleclick.net/ https://www.google.com/ https://www.youtube.com https://www.youtube-nocookie.com/ https://coupons.websaver.ca https://stagegears.websaver.ca/ https://insight.adsrvr.org/ https://bid.g.doubleclick.net/ https://match.adsrvr.org/ https://procter-gamble-qa.us-dev.janraincapture.com/ feed.pghub.io pandg.tapad.com ; object-src 'self' feed.pghub.io pandg.tapad.com ; connect-src 'self' https://cdn.incentives.gcp.pgcloud.com https://np-cdn.incentives.gcp.pgcloud.com https://get.free.ca https://s.pinimg.com https://ct.pinterest.com https://analytics.tiktok.com https://cdn-uat.pg-campaigns.com https://stage-eapi.pggoodeveryday.com https://dev-eapi.pggoodeveryday.com https://gateway.zscaler.net/ https://api.pggoodeveryday.ca/ https://dev-api.pggoodeveryday.ca/ https://i.ytimg.com/ https://px.moatads.com/ https://www.terracycle.com/ https://gateway.zscaler.net/ https://cdn.cpnscdn.com/ https://images.ctfassets.net/ https://privacytermsprod.azureedge.net/ https://videos.ctfassets.net https://ups.analytics.yahoo.com/ https://trk.shophermedia.net/ https://pghub.io/ https://www.tp88trk.com/ https://*.pepperjam.com/ https://www.facebook.com/ https://connect.facebook.net/ https://*.algolianet.com/ https://*.onetrust.io/ https://*.algolia.net/ https://*.crazyegg.com https://cdn.cookielaw.org/ https://dc.services.visualstudio.com/ https://www.youtube.com https://www.youtube-nocookie.com/ https://pixel.rubiconproject.com https://mediaid.pg.com/ https://insight.adsrvr.org https://www.gstatic.com https://s.amazon-adsystem.com https://c.lytics.io https://api.segment.io https://www.googleadservices.com/ https://*.segmanta.com/ https://*.pggoodeveryday.ca/ https://*.pgsvc.com/ https://match.adsrvr.org/ https://js.adsrvr.org/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://search-api.swiftype.com/ https://api-pge.segmanta.com/ https://res.cloudinary.com/ https://fonts.googleapis.com/ https://d29usylhdk1xyu.cloudfront.net/ https://d1lqe9temigv1p.cloudfront.net/ https://fonts.gstatic.com/ https://www.googletagmanager.com/ https://quilt-cdn.janrain.com/ https://cdn.segment.com/ https://feed.pghub.io/ https://pixel.tapad.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://www.google.co.in/ https://*.janraincapture.com/ feed.pghub.io pandg.tapad.com ; 1
frame-ancestors flashpoint-intel.com *.flashpoint-intel.com flashpoint.io fp.tools *.flashpoint.io *.echosec.net *.fp.tools automate.fp.tools autodemo.fp.tools *.platform.fpint.net *.cyberriskanalytics.com *.crft.app *.arcade.software *.okta.com *.calendly.com *.pendo.io *.googleapis.com *.wistia.net *.looker.com *.twitter.com *.platform.fpint.net; frame-src 'self' flashpoint-intel.com *.flashpoint-intel.com app.flashpoint.io *.app.flashpoint.io flashpoint.io fp.tools *.flashpoint.io *.echosec.net *.fp.tools automate.fp.tools autodemo.fp.tools *.platform.fpint.net *.cyberriskanalytics.com *.crft.app *.arcade.software *.okta.com *.calendly.com *.pendo.io *.googleapis.com *.wistia.net *.looker.com *.twitter.com *.platform.fpint.net *.youtube.com youtube.com linkedin.com *.linkedin.com 1
default-src 'self' google-analytics.com manifest-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com *.googletagmanager.com www.google-analytics.com www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com hotjar.com https://connect.facebook.net crelan-be-website.scalecity.space vwdservices.com s.ytimg.com https://px.ads.linkedin.com px.ads.linkedin.com youtube.com vimeo.com snap.licdn.com www.linkedin.com tagmanager.google.com *.googleadservices.com https://googleads.g.doubleclick.net w3.org *.crazyegg.com https://cdn.jsdelivr.net *.google.com *.google.be *.googleoptimize.com *.facebook.com *.doubleclick.net *.crelan.be *.facebook.net sc-crelan-server-side-tagging.ew.r.appspot.com blob: https://*.skedify.io  https://s.pinimg.com  https://*.pinterest.com  https://open.spotify.com *.fontawesome.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.googleusercontent.com *.hotjar.com *.google.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org cdnjs.cloudflare.com *.crazyegg.com *.google.com *.google.be *.googleadservices.com *.facebook.com *.facebook.net *.fontawesome.com; img-src 'self'  *.googletagmanager.com *.googleadservices.com cookie-cdn.cookiepro.com https://www.google-analytics.com *.gstatic.com maps.googleapis.com w3.org  data: *.crazyegg.com blog.crelan.be *.google.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net *.linkedin.com; media-src *.youtube.com *.twitter.com *.vimeo.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org *.google.com *.googleadservices.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net; frame-src 'self' in.hotjar.com vc.hotjar.io google-analytics.com stats.g.doubleclick.net crelan-be-website.scalecity.space *.crelan-int.be *.vwdservices.com maps.googleapis.com w3.org www.google.com www.youtube.com player.vimeo.com *.crazyegg.com  *.alchemer.eu *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.googleadservices.com https://*.skedify.io  https://*.pinterest.com  https://open.spotify.com *.fontawesome.com; font-src 'self' *.gstatic.com *.googleusercontent.com w3.org data:; connect-src 'self' cookie-cdn.cookiepro.com *.google-analytics.com in.hotjar.com vc.hotjar.io stats.g.doubleclick.net maps.googleapis.com *.googletagmanager.com w3.org *.crazyegg.com *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.onetrust.com sc-crelan-server-side-tagging.ew.r.appspot.com *.sc-crelan-server-side-tagging.ew.r.appspot.com *.googleadservices.com *.googlesyndication.com https://px.ads.linkedin.com  https://ct.pinterest.com *.fontawesome.com; upgrade-insecure-requests 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.icons8.com https://*.googleapis.com https://*.jsdelivr.net https://*.cloudflare.com; script-src 'self' 'unsafe-inline' https://s3.amazonaws.com https://*.youtube.com https://*.cloudfront.net https://*.cloudflare.com https://*.hotjar.com https://*.facebook.net https://*.googletagmanager.com https://*.go-mpulse.net https://*.google-analytics.com https://*.jsdelivr.net https://*.google.com https://*.licdn.com https://*.doubleclick.net https://*.gstatic.com data: blob:; connect-src 'self' https://google.com https://*.google.com https://*.doubleclick.com https://*.go-mpulse.net https://*.akamaihd.net https://*.akastat.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.akstat.io https://*.google.com https://*.rdstation.com.br https://*.linkedin.com; frame-src 'self' https://*.youtube.com https://*.doubleclick.net https://*.google.com; font-src 'self' https://*.gstatic.com data:; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cloudflare.com https://*.cloudfront.net https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleusercontent.com https://*.movidesk.com https://*.notion.so https://*.facebook.com https://*.google.com.br https://*.linkedin.com data:; 1
report-to 'self' ; child-src 'self' blob: ; connect-src 'self' *.crazyegg.com analytics.tiktok.com cdn.linkedin.oribi.io *.constantcontact.com *.hotjar.com *.googleadservices.com *.facebook.com *.addthis.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.jsdelivr.net *.googleapis.com *.sharethis.com  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' blob: *.crazyegg.com *.constantcontact.com; font-src 'self' *.gstatic.com *.bootstrapcdn.com data:  *.gstatic.com *.bootstrapcdn.com ; form-action 'self' *.constantcontact.com *.facebook.com wpmudev.com; frame-src 'self' tpc.googlesyndication.com *.crazyegg.com *.constantcontact.com *.ambrahealth.com *.hotjar.com *.facebook.com *.youtube.com *.ambrahealth expert-reputation.com.com *.addthis.com *.simplecast.com expert-reputation.com highlightedreviews.com *.blackbaudhosting.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.googleapis.com  *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self'  'unsafe-inline' *.g.doubleclick.net *.crazyegg.com i.ytimg.com *.linkedin.com *.ads.linkedin.com *.facebook.com *.adsymptotic.com *.blackbaudhosting.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: *.googleapis.com *.sharethis.com  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self' *.medtronic.com; object-src 'self' ; script-src 'self'  'unsafe-inline'  'unsafe-eval' tpc.googlesyndication.com *.crazyegg.com cdnjs.cloudflare.com analytics.tiktok.com *.constantcontact.com *.hotjar.com *.licdn.com *.facebook.net *.addthis.com *.moatads.com *.youtube.com *.blackbaudhosting.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleapis.com *.sharethis.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline'  'unsafe-eval' tpc.googlesyndication.com *.crazyegg.com cdnjs.cloudflare.com analytics.tiktok.com *.constantcontact.com *.hotjar.com *.licdn.com *.facebook.net *.addthis.com *.moatads.com *.youtube.com *.blackbaudhosting.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleapis.com *.sharethis.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self'  'unsafe-inline'  'unsafe-eval' ; style-src 'self'  'unsafe-inline'  'unsafe-eval' *.crazyegg.com *.constantcontact.com *.blackbaudhosting.com *.googleapis.com *.gstatic.com *.jsdelivr.net  *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline'  'unsafe-eval' *.crazyegg.com *.constantcontact.com *.blackbaudhosting.com *.googleapis.com *.gstatic.com *.jsdelivr.net  *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline'  'unsafe-eval' ; worker-src 'self' blob: ;  upgrade-insecure-requests; 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * 'unsafe-inline' data:; connect-src *; report-uri /admin/config/system/seckit/csp-report 1
default-src 'none'; script-src 'self' https://soylentnews.org https://www.soylentnews.org http://7rmath4ro2of2a42.onion https://checkout.stripe.com; frame-src https://checkout.stripe.com; connect-src https://checkout.stripe.com; img-src 'self' https://soylentnews.org https://www.soylentnews.org http://7rmath4ro2of2a42.onion https://www.paypalobjects.com https://q.stripe.com; style-src 'unsafe-inline' 'self' https://soylentnews.org https://www.soylentnews.org http://7rmath4ro2of2a42.onion https://checkout.stripe.com 1
default-src 'self' https:;connect-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src-elem 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' data: https:; style-src-elem 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; 1
default-src * 'self';            style-src * 'self' 'unsafe-inline' 'unsafe-hashes';         img-src * 'self' *.sec-xm41d.com *.w3.org data:;         script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'         *.gstatic.com         *.bootstrapcdn.com         *.googleapis.com         *.cloudflare.com         *.jsdelivr.net         *.jquery.com         *.sec-xm41d.com         *.googletagmanager.com;         frame-ancestors 'self' X-Frame-Options: DENY 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com/gtag/ https://www.google.com/recaptcha/ https://www.mpi.ziraatbank.com.tr https://mernis.yesilay.org.tr:8086 https://maps.googleapis.com https://fonts.googleapis.com https://www.gstatic.com/ https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net https://unpkg.com https://cdnjs.cloudflare.com https://cdn.userway.org/widget.js https://cdn.userway.org/widgetapp/2023-04-06/widget_app_base_1680789796996.js https://cdn.userway.org/widgetapp/2023-04-06/widget_app_lazy_1680789796996.js https://cdn.userway.org/widgetapp/2023-04-06/widget_app_1680789796996.js https://cdn.userway.org/widgetapp/2023-04-06/remediation/remediation_1680789796996.js https://cdn.userway.org/widgetapp/2023-04-06/remediation/nav_menu_helper1680789796996.js https://cdn.userway.org/widgetapp/2023-04-06/scan/scan_1680789796996.js https://cdn.userway.org/widgetapp/2023-04-06/remediation/slick_slider_1680789796996.js https://cdn.userway.org/widgetapp/2023-04-18/widget_app_1681832080775.js https://cdn.userway.org/widgetapp/2023-04-18/remediation/remediation_1681832080775.js https://cdn.userway.org/widgetapp/ https://cdn.userway.org/ 1
frame-ancestors 'self' 'https://www.googletagmanager.com'; 1
report-uri /api/csp/report-violations;default-src 'self';connect-src 'self' https://in.hotjar.com https://va.tawk.to www.google-analytics.com maps.googleapis.com www.google.com www.gstatic.com www.googletagmanager.com *.hotjar.io wss://*.tawk.to *.doubleclick.net *.veldar.nl *.salesfeed.com *.google-analytics.com *.activehosted.com *.facebook.com *.analytics.google.com *.lfeeder.com google.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.hotjar.com https://embed.tawk.to https://static.hotjar.com www.google-analytics.com maps.googleapis.com www.google.com www.gstatic.com www.googletagmanager.com *.app-us1.com *.jsdelivr.net *.facebook.net *.veldar.nl *.salesfeed.com *.activehosted.com *.youtube.com *.lfeeder.com *.doubleclick.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to *.veldar.nl *.salesfeed.com *.lfeeder.com;img-src 'self' data: www.google-analytics.com maps.googleapis.com maps.gstatic.com *.tawk.to https://tawk.link www.google.com www.google.nl *.facebook.com *.veldar.nl *.salesfeed.com *.googletagmanager.com *.youtube.com *.hotjar.com *.lfeeder.com *.jsdelivr.net;media-src 'self';font-src 'self' fonts.gstatic.com *.tawk.to *.veldar.nl *.salesfeed.com *.hotjar.com *.lfeeder.com;object-src 'none';frame-src 'self' https://vars.hotjar.com www.youtube.com player.vimeo.com www.google.com *.sgm-online.de *.facebook.com *.veldar.nl *.salesfeed.com *.lfeeder.com *.doubleclick.net;frame-ancestors 'none';block-all-mixed-content; 1
default-src 'self' https://racecenter.letour.fr https://emeaclientportal.datacenter.hello.global.ntt https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://s1329636.t.eloqua.com https://www.google.com.br https://www.google.com.hk https://www.google.com.sg https://www.google.co.in https://www.google.co.nz https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.com.pa https://www.google.nl https://www.google.co.jp https://*.fls.doubleclick.net  https://prodau-cdn.azureedge.net https://prodeu-cdn.azureedge.net https://www.google.com https://resources.digital-cloud.medallia.eu https://*.licdn.com https://s7.addthis.com https://vars.hotjar.com/ https://connect.facebook.net/ https://www.facebook.com/ *.crazyegg.com https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com/vi_webp/PfZzvGGRaOM/mqdefault.webp; img-src 'self' blob: data: https://*.emtana.com:* https://emeaclientportal.datacenter.hello.global.ntt/servlet/servlet.ImageServer?id=0151i000000vC0y&oid=00D58000000H2jR https://portal.webolytics.com/ https://admin.bound360.com/images/logos/bound-logo-full.png https://cdn.bizible.com https://cdn.bizibly.com https://px4.ads.linkedin.com https://ad.doubleclick.net https://www.google.be https://pbs.twimg.com https://*.analytics.google.com https://*.google.com https://*.brightfunnel.com https://q.quora.com https://alb.reddit.com https://www.marketing-town.com https://assets.getsmartcontent.com https://www.google.co.in https://www.google.com.hk https://www.google.com.sg https://www.google.co.nz https://www.google.co.jp https://www.google.com.br https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.nl https://di3c8wks3odob.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com https://www.google.de https://www.google.it https://pixel.tapad.com https://decibel-49-adswizz.attribution.adswizz.com https://www.google.co.uk https://attribution.decibelads.com https://reverseads.matomo.cloud https://tracking.connect.services.global.ntt https://fonts.gstatic.com https://cdn.cookielaw.org https://analytics.twitter.com https://analytics.google.com https://*.terminus.services https://match.adsrvr.org https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://resources.digital-cloud.medallia.eu https://j.mrpdata.net https://857338121.privacysandbox.googleadservices.com https://720787047.privacysandbox.googleadservices.com https://apt.techtarget.com https://620993155.privacysandbox.googleadservices.com https://p.adsymptotic.com/ *.crazyegg.com https://tracking.hello.global.ntt/ https://www.google.co.za https://*.kampyle.com https://vars.hotjar.com https://pubads.g.doubleclick.net https://script.hotjar.com http://script.hotjar.com www.googletagmanager.com https://www.google.com https://www.google.com.pa https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://prodeu-cdn.azureedge.net https://prodau-cdn.azureedge.net https://t.co/ https://px.ads.linkedin.com/ https://connect.facebook.net/ https://www.facebook.com/ https://www.linkedin.com/ https://s2190102.t.eloqua.com/ https://storage.googleapis.com/ https://*.akstat.io; style-src 'unsafe-inline' 'unsafe-eval' 'self' *.crazyegg.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/tiny-slider.css https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com; font-src 'self' https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://fonts.gstatic.com data: http://script.hotjar.com https://script.hotjar.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors https://cm.euprod.services.global.ntt https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://vars.hotjar.com https://bid.g.doubleclick.net https://*.crazyegg.com; script-src 'nonce-NTcxNzcyODhub25jZS1yYW5kb20='  'unsafe-inline' 'unsafe-eval' 'self' blob: https://*.emtana.com:* https://emeaclientportal.datacenter.hello.global.ntt https://*.adobe.io https://*.go-mpulse.net https://portal.webolytics.com https://cdn.bizible.com https://secure.intelligentdata52.com https://a.quora.com https://unpkg.com/web-vitals@3.0.0/dist/web-vitals.attribution.iife.js https://*.brightfunnel.com https://*.analytics.google.com https://*.google.com https://www.redditstatic.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.js https://maps.googleapis.com https://www.google.co.in https://www.google.co.nz https://www.google.com.pa https://www.google.de https://www.google.it https://cdn.matomo.cloud https://s.getsmartcontent.com https://cdn.getsmartcontent.com https://attribution.decibelads.com https://tracking.connect.services.global.ntt https://snippet.ramblechat.com https://munchkin.brightfunnel.com https://*.terminus.services https://analytics.google.com https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://www.gstatic.com https://trk.techtarget.com https://visitor.reactful.com https://*.crazyegg.com https://script.crazyegg.com https://connect.facebook.net/ https://cdn.cookielaw.org/ https://secure.east2pony.com/ https://protect-eu.mimecast.com/ https://www.google.co.za/ https://*.addthisedge.com https://z.moatads.com https://*.addthis.com https://script.hotjar.com http://script.hotjar.com http://static.hotjar.com https://static.hotjar.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://analytics.twitter.com https://static.ads-twitter.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com https://img03.en25.com https://script.crazyegg.com https://www.youtube.com www.googleadservices.com https://pubads.g.doubleclick.net https://snap.licdn.com https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/min/tiny-slider.js https://geolocation.onetrust.com https://vidassets.terminus.services  https://acrobatservices.adobe.com; connect-src 'self' https://*.t.eloqua.com https://*.adobe.io https://*.go-mpulse.net https://portal.webolytics.com https://px.ads.linkedin.com https://*.brightfunnel.com https://*.analytics.google.com https://*.google.com https://ibc-flow.techtarget.com https://cdn.linkedin.oribi.io https://udc-neb.kampyle.com https://www.google.com.pa https://s.getsmartcontent.com https://chat-messaging.terminus.services https://www.gstatic.com https://maps.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/mapConfigs https://reverseads.matomo.cloud wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com https://chat-visitor-info.terminus.services https://iotas.terminus.services https://chat-team-management.terminus.services https://di3c8wks3odob.cloudfront.net https://realtime.ramblechat.com https://idx.liadm.com/ https://geolocation.onetrust.com/ https://api.brightfunnel.com https://analytics.google.com https://*.leady.com/ https://tracking.reactful.com https://resources.digital-cloud.medallia.eu https://visitor.reactful.com *.crazyegg.com https://www.facebook.com/ https://connect.facebook.net/ https://cdn.cookielaw.org/ https://stats.g.doubleclick.net/ https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://script.crazyegg.com/* https://api-public.addthis.com https://*.addthis.com https://privacyportal-de.onetrust.com/ https://*.akstat.io https://*.akamaihd.net https://acrobatservices.adobe.com; object-src blob: ; frame-src https://racecenter.letour.fr https://block.opendns.com https://td.doubleclick.net https://ssp2.gin.ntt.net https://www.google.com.pa https://10155546.fls.doubleclick.net https://resources.digital-cloud.medallia.eu https://extraordinary-platypus-f5e0bb.netlify.app https://nttbdttour.netlify.app/ https://cm.euprod.services.global.ntt https://www.youtube.com https://www.google.com https://youtu.be https://acrobatservices.adobe.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.ensighten.com *.hotjar.com *.google.com *.googletagmanager.com *.gstatic.com *.google-analytics.com player.vimeo.com *.googleadservices.com snap.licdn.com trkn.us *.nice-incontact.com  *.g.doubleclick.net code.jquery.com; script-src-elem 'self' 'unsafe-inline' maps.googleapis.com *.facebook.net *.ensighten.com *.nice-incontact.com *.hotjar.com *.google.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.googleadservices.com snap.licdn.com trkn.us *.g.doubleclick.net code.jquery.com; script-src-attr 'unsafe-inline' *.hotjar.com code.jquery.com *.ensighten.com *.nice-incontact.com *.facebook.net *.google.com player.vimeo.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.googleadservices.com snap.licdn.com trkn.us *.g.doubleclick.net; connect-src 'self' maps.googleapis.com *.google.com *.google-analytics.com *.g.doubleclick.net player.vimeo.com *.hotjar.com cdn.linkedin.oribi.io; style-src 'self' 'unsafe-inline' fast.fonts.net *.fontawesome.com; img-src 'self' data: secure.gravatar.com images.ctfassets.net *.bluekai.com *.facebook.com *.choozle.com *.adsrvr.org *.rlcdn.com *.company-target.com *.entitytag.co.uk *.b1img.com *.mookie1.com *.taboola.com *.truefitcorp.com  trkn.us px.ads.linkedin.com *.google-analytics.com *.adsymptotic.com *.google.com; font-src 'self' data: use.fontawesome.com; media-src 'self' player.vimeo.com images.ctfassets.net vod-progressive.akamaized.net; child-src 'self' *.cloudfront.net bluefoundrybank.referralrock.com *.nice-incontact.com *.hotjar.com *.adsrvr.org *.secureline.com *.g.doubleclick.net locations.bluefoundrybank.com player.vimeo.com *.fls.doubleclick.net *.google.com forms.microsoft.com forms.office.com *.windows.net *.microsoftonline.com images.printable.com; form-action 'self'; upgrade-insecure-requests; worker-src 'self'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://scicomm.xyz; img-src 'self' https: data: blob: https://scicomm.xyz; style-src 'self' https://scicomm.xyz 'nonce-E5R9D4ZcqpElDKThu3PTnA=='; media-src 'self' https: data: https://scicomm.xyz; frame-src 'self' https:; manifest-src 'self' https://scicomm.xyz; form-action 'self'; child-src 'self' blob: https://scicomm.xyz; worker-src 'self' blob: https://scicomm.xyz; connect-src 'self' data: blob: https://scicomm.xyz https://media.scicomm.xyz wss://scicomm.xyz; script-src 'self' https://scicomm.xyz 'wasm-unsafe-eval' 1
default-src 'none' ; object-src 'self' ; frame-ancestors 'none' ; frame-src https://intercom-sheets.com https://www.googletagmanager.com https://www.facebook.com https://cardframe.isaac.tribepayments.com 'unsafe-inline' ; connect-src 'self' https://amon.tech https://wallet.amon.tech https://api.amon.tech https://rates.amon.tech https://wa.appsflyer.com https://wa.onelink.me https://websdk.appsflyer.com https://www.gstatic.com https://firebase.googleapis.com https://firebaseinstallations.googleapis.com https://www.facebook.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://*.google-analytics.com https://www.google.com https://min-api.cryptocompare.com https://images.cryptocompare.com https://maps.google.com https://maps.googleapis.com https://www.redditstatic.com https://analytics.tiktok.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat wss://*.intercom.io https://fonts.googleapis.com https://*.intercom.io *.intercomcdn.com *.intercomusercontent.com https://amon-tech.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://api.exchangeratesapi.io https://upload.wikimedia.org https://sentry.io https://*.ingest.sentry.io https://api.coingecko.com https://assets.coingecko.com https://api.celsius.network https://amon.sjv.io/cur/14124 https://amon.sjv.io/xur/14124 https://amon.sjv.io/ur/14124 https://amon.sjv.io/xconv/26957/14124 https://amon.sjv.io/xconv/26958/14124 https://amon.sjv.io/xconv/26960/14124 https://rawjeansadvertising.com https://utt.impactcdn.com/A2917494-d314-405d-94f7-8fcafac303fc1.js https://*.cloudfront.net/* https://cloudfront.net/* *.cloudfront.net/* https://onesignal.com https://cdn.onesignal.com https://img.onesignal.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.intercom.io *.intercomcdn.com https://utt.impactcdn.com https://js.intercomcdn.com https://utt.impactcdn.com/A2917494-d314-405d-94f7-8fcafac303fc1.js https://websdk.appsflyer.com https://www.gstatic.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://maps.google.com https://maps.googleapis.com https://analytics.tiktok.com https://static.zdassets.com https://assets.coingecko.com https://onesignal.com https://cdn.onesignal.com ; style-src 'self' https://www.googletagmanager.com https://fonts.googleapis.com 'unsafe-inline' https://onesignal.com https://cdn.onesignal.com ; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com *.intercomcdn.com https://*.cloudfront.net https://cloudfront.net *.cloudfront.net; img-src 'self' https: blob: data: maps.gstatic.com *.googleapis.com *.ggpht https://assets.coingecko.com https://www.facebook.com https://www.googletagmanager.com https://www.google-analytics.com *.intercomassets.com *.intercomusercontent.com *.intercomcdn.io *.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com ; media-src 'self' *.intercomcdn.com ; form-action 'self' https://intercom-zendesk-plugin-api.getalvis.com https://www.facebook.com https://intercom.help *.intercom.io ; base-uri 'self' ; manifest-src 'self' ; worker-src 'self' https://wallet.amon.tech ; upgrade-insecure-requests ; 1
frame-ancestors 'self' https://www.china-briefing.com https://www.india-briefing.com https://www.vietnam-briefing.com https://www.aseanbriefing.com https://www.russia-briefing.com/ https://www.silkroadbriefing.com/ https://www.asiabriefing.com/ 1
default-src 'self'; connect-src 'self' *.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.instagram.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src 'self' *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com kumasta.buendnisse-fuer-bildung.de *.facebook.com *.instagram.com *.bmbf.de graphcommons.com www.baden-tv.com/ *.video-stream-hosting.de ;img-src 'self' data: *.materna.de *.bmbf.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.openstreetmap.de *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; frame-ancestors 'self'; 1
default-src 'self' blob: https://*.akamaihd.net; img-src 'self' data: https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://*.intercomusercontent.com https://*.intercomassets.com https://*.intercomcdn.com https://*.intercom.com https://*.intercom.io https://images.ctfassets.net/ https://*.azure.net https://americanspecialtyhealth.nanorep.co https://*.hubspot.com https://*.hsforms.com https://*.fod247.io https://*.amazonaws.com http://*.boldchat.com https://*.boldchat.com http://via.placeholder.com/ https://seal.websecurity.norton.com https://*.internal.ashfitness.net/ https://*.ashconnect.com http://*.gstatic.com http://*.googleapis.com https://app.validic.com https://*.typekit.net https://*.ashcompanies.com https://*.api.ashcompanies.com https://*.googleapis.com  https://csi.gstatic.com https://www.google-analytics.com http://www.google-analytics.com https://stats.g.doubleclick.net/ https://www.facebook.com/ https://www.google.com/ https://dev.api.healthyroads.com https://stg.api.healthyroads.com/ https://preprod.api.healthyroads.com https://api.healthyroads.com/ https://www.googletagmanager.com/ https://optimize.google.com http://optimize.google.com https://*.choosehealthynext.com https://cdn.fod247.com https://*.ooyala.com https://*.brightcove.com https://*.boltdns.net https://*.choosehealthy.com https://*.akamaihd.net https://*.googleadservices.com https://*.doubleclick.net https://assets.prod.validic.com https://*.z1.web.core.windows.net; media-src 'self' blob: https://*.intercomcdn.com https://*.silverandfit.com/ http://*.boldchat.com https://*.boldchat.com https://*.internal.ashfitness.net https://dev.api.healthyroads.com  https://preprod.api.healthyroads.com  https://api.healthyroads.com/ https://stg.api.healthyroads.com/ https://*.api.ashcompanies.com https://*.ooyala.com https://*.akamaized.net https://*.choosehealthy.com https://*.boltdns.net https://*.akamaihd.net https://*.azure.net https://*.ptrx.org https://*.amazonaws.com https://*.westus2.streaming.mediakind.com https://ottapp-appgw-amp.prodc.mkio.tv3cloud.com https://licensing.bitmovin.com https://*.z1.web.core.windows.net data:; frame-src 'self' 'unsafe-inline' blob: data: application/pdf https://intercom-sheets.com https://*.api.ashcompanies.com https://vimeo.com/ http://*.boldchat.com https://*.boldchat.com https://www.youtube.com/  https://www.facebook.com/ https://connect.facebook.net/ https://*.vimeo.com https://api.recurly.com/ https://*.networksearch.api.ashcompanies.com https://optimize.google.com http://optimize.google.com https://*.choosehealthynext.com https://*.ooyala.com https://*.choosehealthy.com https://youtu.be/ https://*.usw2.pure.cloud; font-src 'self' 'unsafe-inline' data: https://*.intercomcdn.com http://*.boldchat.com https://*.boldchat.com https://*.api.ashcompanies.com/ https://*.ashconnect.com http://*.gstatic.com https://*.typekit.net https://*.ui.api.ashcompanies.com https://fonts.gstatic.com http://fonts.gstatic.com https://*.ooyala.com https://*.choosehealthy.com; connect-src 'self' blob: wss://*.intercom.io https://*.intercomcdn.com https://*.intercom.com https://*.intercom.io wss://*.bold360.com https://*.applicationinsights.azure.com https://www.google-analytics.com https://ak-use.akamaized.net/ https://metrics-api.librato.com http://americanspecialtyhealth.nanorep.co https://visitor-services.nanorep.com http://*.boldchat.com https://*.boldchat.com https://*.silverandfit.com https://silverandfit.com http://dc.services.visualstudio.com/v2/track https://dc.services.visualstudio.com/v2/track https://api.healthyroads.com/ https://*.api.healthyroads.com https://*.ashconnect.com https://*.activeandfit.com https://activeandfit.com https://*.exerciserewards.com https://*.typekit.net/ https://*.api.ashcompanies.com https://api.recurly.com https://connect.facebook.net https://dc.services.visualstudio.com/ https://*.choosehealthynext.com https://*.ooyala.com https://*.bitmovin.com https://*.brightcove.com https://*.boltdns.net https://stats.g.doubleclick.net https://*.akamaihd.net https://*.choosehealthy.com https://*.azure.net https://*.ashcompanies.com https://*.azurefd.net https://*.azure-api.net https://*.hubspot.com https://*.ashcompanies.com https://*.googleapis.com https://*.facebook.com https://syncmydevice.com https://www.google.com https://googleads.g.doubleclick.net https://*.amazonaws.com https://*.usw2.pure.cloud wss://*.usw2.pure.cloud https://*.westus2.streaming.mediakind.com https://ottapp-appgw-amp.prodc.mkio.tv3cloud.com https://licensing.bitmovin.com https://*.z1.web.core.windows.net data:; worker-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.intercomcdn.com https://*.intercom.com https://*.intercom.io https://*.ssqt.io https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://www.googleoptimize.com http://americanspecialtyhealth.nanorep.co http://*.boldchat.com https://*.boldchat.com https://seal.verisign.com/ https://*.typekit.net http://noembed.com/ https://noembed.com/ https://api.healthyroads.com https://*.ui.api.ashcompanies.com/ https://*.api.ashcompanies.com https://*.api.healthyroads.com https://*.exerciserewards.com http://tagmanager.google.com https://tagmanager.google.com http://*.googleapis.com https://js.recurly.com/v4/recurly.js  https://www.googletagmanager.com http://www.google-analytics.com/ https://www.google-analytics.com/ https://analytics.clickdimensions.com https://az416426.vo.msecnd.net/ https://connect.facebook.net/ http://analytics.clickdimensions.com/ https://optimize.google.com http://optimize.google.com https://*.choosehealthynext.com https://*.ooyala.com https://*.brightcove.net https://*.gstatic.com https://*.choosehealthy.com https://*.ashcompanies.com https://*.googleadservices.com https://*.hsadspixel.net https://js.monitor.azure.com https://cdnjs.cloudflare.com/ajax/libs/select2/3.5.2/select2.min.js https://googleads.g.doubleclick.net https://apps.usw2.pure.cloud; style-src 'self' 'unsafe-inline' http://*.boldchat.com https://*.boldchat.com https://js.recurly.com/ http://tagmanager.google.com https://tagmanager.google.com https://*.googleapis.com http://*.googleapis.com https://api.healthyroads.com/ https://*.api.ashcompanies.com/ https://*.api.healthyroads.com https://*.choosehealthynext.com 'unsafe-inline' https://optimize.google.com https://seal.websecurity.norton.com http://optimize.google.com https://*.ooyala.com https://*.googletagmanager.com https://*.typekit.net; child-src 'self' 'unsafe-inline' blob: data: https://intercom-sheets.com https://*.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; frame-ancestors 'self' https://vimeo.com/ https://*.choosehealthy.com; object-src 'self' data: application/pdf  blob: filesystem:; 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 1
style-src 'self' 'unsafe-inline' *.googleapis.com *.google-analytics.com *.gstatic.com *.tenkites.com tkmenus.com partners.designmynight.com atlas.microsoft.com *.cdn-cookieyes.com *.liveres.co.uk *.braintreegateway.com *.sevenrooms.com *.googleads cdn.co-buying.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.13/css/intlTelInput.css *.designmynight.com *.instagram.com; font-src 'self' data: *.googleapis.com *.google-analytics.com *.gstatic.com *.tenkites.com tkmenus.com atlas.microsoft.com *.liveres.co.uk *.braintreegateway.com *.sevenrooms.com *.googleads cdn.co-buying.com *.designmynight.com *.instagram.com; script-src 'self' 'self' data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleapis.com *.hotjar.com cdn-cookieyes.com *.tiktok.com *.licdn.com *.ads-twitter.com *.twitter.com *.bing.com *.facebook.net *.google.com *.gstatic.com *.google-analytics.com *.exponea.com *.tenkites.com tkmenus.com *.braintreegateway.com menus.tenkites.com partners.designmynight.com code.jquery.com secure.livebookings.com bda.bookatable.com atlas.microsoft.com connect.facebook.net *.liveres.co.uk *.designmynight.com https://songbird.cardinalcommerce.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.13/js/intlTelInput.min.js https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.13/js/utils.min.js *.recaptcha.net *.sevenrooms.com *.googleads cdn.co-buying.com *.instagram.com; worker-src 'self' blob: atlas.microsoft.com; frame-ancestors 'self' *.googleapis.com *.google.com *.google.com *.gstatic.com menus.tenkites.com *.sevenrooms.com cdn.co-buying.com; object-src 'none' 1
font-src 'self' data:; media-src 'self' https://cdn.pfh.de; object-src 'none'; frame-ancestors 'self'; report-uri https://www.pfh.de/report-uri/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: players.brightcove.net ajax.googleapis.com cdnjs.cloudflare.com *.gwpdev.seic.com *.myplatform.tsudev.seic.com *.api.seic.com api.seic.com *.walkme.com *.pay3000web.com *.corp.seic.com cpservices.seic.com *.wealthgateway.seic.com; 1
base-uri 'self' https:; default-src 'self' sentry.io https: blob: ws:; font-src 'self' https: data:; img-src 'self' images.ctfassets.net d2dizdekwkg6b2.cloudfront.net d20qjvnf09gpyc.cloudfront.net https: data: blob:; object-src 'none'; script-src 'self' js.hsforms.net d2dizdekwkg6b2.cloudfront.net d20qjvnf09gpyc.cloudfront.net cdn.plaid.com snap.licdn.com cdn.mxpnl.com ssl.google-analytics.com www.google-analytics.com *.hs-scripts.com js.hs-analytics.net js.hs-banner.com forms.hsforms.com app.hubspot.com cdn.jsdelivr.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com checkout.stripe.com code.jquery.com assets.apollo.io tags.clickagy.com www.googletagmanager.com blob: 'nonce-P1pvcAu5ceDPAXepv+KYOvW8pcnxUlJx'; style-src 'self' 'unsafe-inline' d2dizdekwkg6b2.cloudfront.net d20qjvnf09gpyc.cloudfront.net https:; upgrade-insecure-requests; report-uri https://o159749.ingest.sentry.io/api/1222570/security/?sentry_key=dd1b4e788e024340b2fc82e49d84bbe5 1
frame-ancestors 'self' https://jobcloud.ch https://*.jobcloud.ch https://jobs.ch https://*.jobs.ch https://jobup.ch https://*.jobup.ch https://ingjobs.ch https://ictcareer.ch https://jobs4sales.ch https://financejobs.ch https://medtalents.ch https://jobwinner.ch https://alpha.ch https://topjobs.ch https://*.jobscout24.ch https://impieghi.ch https://*.impieghi.ch https://*.stellenmarkt.ch; 1
base-uri 'none'; font-src 'self' data: shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu *.fontawesome.com *.zopim.com fonts.gstatic.com; form-action 'self' shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu *.coupahost.com *.facebook.com *.paypal.com *.paypalobjects.com; frame-ancestors 'self' shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu *.orbitvu.cloud *.orbitvu.co *.paypal.com *.paypalobjects.com orbitvu.cloud orbitvu.co; img-src 'self' blob: data: shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu *.bing.com *.clarity.ms *.cloudfront.net *.consensu.org *.consentmanager.net *.facebook.com *.facebook.net *.googleadservices.com *.google-analytics.com *.google.com *.google.de *.googletagmanager.com *.gstatic.com *.orbitvu.co *.orbitvu.cloud *.paypal.com *.paypalobjects.com *.spoteffects.net *.tinymce.com *.trustedshops.com *.ytimg.com *.zopim.com *.zopim.io a.twiago.com ad.360yield.com ads.yieldmo.com c1.adform.net ad.yieldlab.net beacon.krxd.net b.stats.paypal.com cm.adform.net cm.g.doubleclick.net contextual.media.net criteo-partners.tremorhub.com criteo-sync.teads.tv dis.criteo.com dpm.demdex.net e1.emxdgt.com eb2.3lift.com exchange.mediavine.com files.newsletter2go.com googleads.g.doubleclick.net gum.criteo.com hb.yahoo.net ib.adnxs.com id5-sync.com jadserve.postrelease.com maps.googleapis.com match.sharethrough.com matching.ivitrack.com orbitvu.co pixel.rubiconproject.com public-prod-dspcookiematching.dmxleo.com r.casalemedia.com rtb-csync.smartadserver.com s.thebrighttag.com s3-eu-west-1.amazonaws.com sbp-plugin-images.s3.amazonaws.com sbp-plugin-images.s3.eu-west-1.amazonaws.com simage2.pubmatic.com sync.1rx.io sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.targeting.unrulymedia.com sync.outbrain.com ups.analytics.yahoo.com visitor.omnitagjs.com x.bidswitch.net; object-src 'self' shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu; script-src-attr 'none'; style-src 'self' 'unsafe-inline' shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu *.cloudfront.net *.consensu.org *.fontawesome.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.orbitvu.co *.orbitvu.cloud *.typekit.net fonts.googleapis.com hb.yahoo.net unpkg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu *.attributy.com *.bing.com *.clarity.ms *.cloudfront.net *.consensu.org *.consentmanager.net *.criteo.com *.doofinder.com *.googleadservices.com *.google-analytics.com *.google.com *.google.de *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.intedia.de *.jsdelivr.net *.orbitvu.co *.orbitvu.cloud *.paypal.com *.paypalobjects.com *.sentry.io *.sentry-cdn.com *.sovendus.com *.spoteffects.net *.taboola.com *.tiny.cloud *.tinymce.com *.zopim.com cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net orbitvu.cloud orbitvu.co static.newsletter2go.com static.zdassets.com unpkg.com widgets.trustedshops.com; upgrade-insecure-requests; connect-src 'self' ws: localhost:3000 arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu *.attributy.com *.bing.com *.clarity.ms *.consensu.org *.consentmanager.net *.criteo.com *.doofinder.com *.doubleclick.net *.etrusted.com *.facebook.com *.googleadservices.com *.google-analytics.com *.google.com google.com *.googlesyndication.com *.googletagmanager.com *.orbitvu.cloud *.paypal.com *.paypalobjects.com *.sovendus.com *.sentry.io *.taboola.com *.trustbadge.com *.trustbadge.etrusted.com *.trustedshops.com *.zdassets.com *.zendesk.com *.zopim.com api.newsletter2go.com maps.googleapis.com scnem2.com shopware.api stats.g.doubleclick.net; default-src 'self' localhost:3000 shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu; frame-src 'self' data: shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu *.braintreegateway.com *.criteo.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.googleadservices.com *.orbitvu.cloud *.orbitvu.co *.paypal.com *.paypalobjects.com *.sovendus-connect.com *.sovendus.com *.youtube-nocookie.com *.youtube.com orbitvu.cloud orbitvu.co; media-src 'self' shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu *.orbitvu.cloud *.zdassets.com *.zopim.com; worker-src 'self' blob: 'unsafe-inline' 'unsafe-eval' arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu; 1
default-src 'self' *.psw-group.de *.psw.net *.consentmanager.net *.googletagmanager.com *.youtube-nocookie.com data: 'sha256-XRY2r3GtyLUEh37thupfndppE1As1MyDP9OsypdgSbA=' 'sha256-l806fwxM7RCQlXehzEwih52LwIJfmRlzZkgfU9M4nm8='; style-src 'unsafe-inline' *.psw-group.de *.psw.net; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self'; object-src 'self'; media-src 'self'; frame-ancestors 'self'; 1
default-src 'self'; frame-ancestors 'self'; frame-src 'self' https://outages.otpco.com https://www.google.com https://www.gstatic.com/ https://e.issuu.com www.youtube.com otpgis.maps.arcgis.com https://*.alida.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com/ https://*.fontawesome.com https://*.weglot.com connect.facebook.net cdnjs.cloudflare.com https://*.cloudfront.net https://*.alida.com data: blob:; object-src 'none'; style-src 'self' 'unsafe-inline' https://*.weglot.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://*.fontawesome.com; connect-src 'self' https://web.delighted.com https://www.google-analytics.com https://www.googletagmanager.com *.fontawesome.com fontawesome.com *.weglot.com weglot.com cdn-api-weglot.com https://connect.facebook.net https://*.alida.com; img-src 'self' data: https://e.issuu.com https://www.google-analytics.com https://www.facebook.com https://www.glassdoor.com https://*.googletagmanager.com https://i.ytimg.com; 1
frame-ancestors 'self' https://manage.controlglobal.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors http://webvisor.com/ http://testweb.ibar.az/ https://www.googleapis.com/ http://localhost/ https://ibar.az/ https://abb-bank.az/ https://iba-telegram.ibar.az/ https://facebook.com/ https://www.facebook.com/ https://www.developers.facebook.com/ https://ibahackathon.com/ http://10.129.24.26/   1
frame-ancestors 'self' https://*.bytebloc.com 1
default-src 'self' https://www.molalla.com https://beta.molalla.com https://molalla.com https://www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.molalla.com https://beta.molalla.com https://molalla.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' https://speedtest.molalla.net; frame-src 'self' https://speedtest.molalla.net https://www.youtube.com; font-src 'self' data: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://gamepad.club; img-src 'self' https: data: blob: https://gamepad.club; style-src 'self' https://gamepad.club 'nonce-/VHUw7v3LkJYzGrLDJ/FpQ=='; media-src 'self' https: data: https://gamepad.club; frame-src 'self' https:; manifest-src 'self' https://gamepad.club; form-action 'self'; child-src 'self' blob: https://gamepad.club; worker-src 'self' blob: https://gamepad.club; connect-src 'self' data: blob: https://gamepad.club https://media.gamepad.club wss://gamepad.club; script-src 'self' https://gamepad.club 'wasm-unsafe-eval' 1
style-src 'unsafe-inline' 'self' http://localhost:* https://localhost:* http://simplybnb.uk https://simplybnb.uk http://simplybnb.co.uk https://simplybnb.co.uk http://www.simplyowners.net https://www.simplyowners.net https://images.simplyowners.net/ https://images.sodev.uk/ https://fonts.googleapis.com/;script-src 'unsafe-inline' 'unsafe-eval' 'self' http://localhost:* https://localhost:* http://simplybnb.uk https://simplybnb.uk http://simplybnb.co.uk https://simplybnb.co.uk http://www.simplyowners.net https://www.simplyowners.net https://images.simplyowners.net/ https://images.sodev.uk/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/ https://maps.googleapis.com/ https://sentry.io/ https://*.ingest.sentry.io/ https://*.kycaid.com/ https://forms.kycaid.com/ https://js.stripe.com/ https://checkout.stripe.com/ https://cdn.jsdelivr.net/npm/qrcode-generator/qrcode.js https://*.clarity.ms/ blob: https://connect.facebook.net https://widget.trustpilot.com;base-uri 'self' http://localhost:* https://localhost:* http://simplybnb.uk https://simplybnb.uk http://simplybnb.co.uk https://simplybnb.co.uk http://www.simplyowners.net https://www.simplyowners.net;connect-src 'self' http://localhost:* https://localhost:* ws://localhost:* wss://localhost:* http://simplybnb.uk https://simplybnb.uk ws://simplybnb.uk wss://simplybnb.uk http://simplybnb.co.uk https://simplybnb.co.uk ws://simplybnb.co.uk wss://simplybnb.co.uk http://www.simplyowners.net https://www.simplyowners.net ws://www.simplyowners.net wss://www.simplyowners.net https://www.google-analytics.com/ https://*.analytics.google.com/ https://region1.analytics.google.com https://stats.g.doubleclick.net/ https://www.google.co.uk https://www.google.ie https://analytics.google.com https://maps.googleapis.com/ https://maps.gstatic.com/ https://sentry.io/ https://*.ingest.sentry.io/ https://*.stripe.com/ https://ip2c.org/ https://*.clarity.ms/;default-src 'self' http://localhost:* https://localhost:* http://simplybnb.uk https://simplybnb.uk http://simplybnb.co.uk https://simplybnb.co.uk http://www.simplyowners.net https://www.simplyowners.net https://properties.simplyowners.net/;form-action 'self';img-src 'self' http://localhost:* https://localhost:* http://simplybnb.uk https://simplybnb.uk http://simplybnb.co.uk https://simplybnb.co.uk http://www.simplyowners.net https://www.simplyowners.net https://images.simplyowners.net/ https://images.sodev.uk/ https://solaravel.lndo.site/ data: https://properties.sodev.uk/ https://properties.simplyowners.net/ https://stats.g.doubleclick.net/ https://www.google.com/ https://www.google.co.uk/ https://www.google.ie/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://fonts.gstatic.com/ https://storage.googleapis.com/ https://*.stripe.com/ https://*.clarity.ms/ https://c.bing.com/;font-src 'self' http://localhost:* https://localhost:* http://simplybnb.uk https://simplybnb.uk http://simplybnb.co.uk https://simplybnb.co.uk http://www.simplyowners.net https://www.simplyowners.net https://images.simplyowners.net/ https://images.sodev.uk/ https://solaravel.lndo.site/ data: https://fonts.googleapis.com/ https://fonts.gstatic.com/;frame-src 'self' http://localhost:* https://localhost:* http://simplybnb.uk https://simplybnb.uk http://simplybnb.co.uk https://simplybnb.co.uk http://www.simplyowners.net https://www.simplyowners.net https://www.googletagmanager.com/ https://td.doubleclick.net/ https://*.kycaid.com/ https://forms.kycaid.com/ https://js.stripe.com/ https://checkout.stripe.com/ https://hooks.stripe.com/;media-src 'self' http://localhost:* https://localhost:* http://simplybnb.uk https://simplybnb.uk http://simplybnb.co.uk https://simplybnb.co.uk http://www.simplyowners.net https://www.simplyowners.net https://storage.googleapis.com/;object-src 'none' 1
default-src https: http: wss: 'self' data: 'unsafe-inline' blob: 'unsafe-eval'; 1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src https: data:; frame-src https:; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; base-uri 'self'; 1
frame-ancestors 'self' https://*.globalchristianrelief.org https://globalchristianrelief.org; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.reciteme.com *.recitemelabs.com *.buzzsprout.com *.civiccomputing.com *.googleapis.com *.googletagmanager.com siteimproveanalytics.com *.deep4jibe.com *.google-analytics.com; style-src 'self' 'unsafe-inline' *.reciteme.com *.recitemelabs.com *.buzzsprout.com *.googleapis.com; font-src 'self' *.reciteme.com *.recitemelabs.com *.gstatic.com; img-src 'self' blob: data: *.reciteme.com *.recitemelabs.com *.googletagmanager.com *.buzzsprout.com shlegal.vuture.net 10543.global.siteimproveanalytics.io; media-src 'self' blob: data: *.reciteme.com *.recitemelabs.com; child-src 'self' *.reciteme.com *.recitemelabs.com *.buzzsprout.com *.yoshki.com *.google.com *.youtube-nocookie.com; connect-src 'self' *.reciteme.com *.recitemelabs.com *.google-analytics.com *.civiccomputing.com; worker-src blob:; 1
font-src cdn.jsdelivr.net fonts.gstatic.com https://fonts.gstatic.com https://ws.colissimo.fr *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cl.avis-verifies.com/ https://913.userly.net/ https://uzerly.net/ https://*.uzerly.net/ https://*.kameleoon.com/ https://*.kameleoon.eu/ https://*.kameleoon.io/ https://*.analytics.google.com/ https://*.facebook.com https://*.clarity.ms/ https://*.almapay.com/ https://www.google.com https://metrics.naturalforme.fr/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com pay.hipay.com https://*.facebook.com https://913.userly.net/ https://uzerly.net/ https://*.uzerly.net/ https://*.kameleoon.com/ https://*.kameleoon.eu/ https://*.kameleoon.io/ https://*.analytics.google.com/ https://*.clarity.ms/ https://*.almapay.com/ https://www.google.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com secure-gateway.hipay-tpp.com *.hipay.com www.googletagmanager.com https://form.typeform.com https://libs.hipay.com https://gum.criteo.com/ https://*.facebook.com https://913.userly.net/ https://uzerly.net/ https://*.uzerly.net/ https://*.kameleoon.com/ https://*.kameleoon.eu/ https://*.kameleoon.io/ https://*.analytics.google.com/ https://*.clarity.ms/ https://*.almapay.com/ https://metrics.naturalforme.fr/ https://www.paypalobjects.com https://*.mapbox.com https://*.onyourmap.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr *.alothemes.com *.magepow.com * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com cdn.jsdelivr.net *.plugins.emarsys.net *.scarabresearch.com secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com https://maps.googleapis.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.alothemes.com *.magepow.com static.axept.io https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cdnjs.cloudflare.com https://cdn.appconsent.io https://secure-gateway.hipay-tpp.com https://libs.hipay.com https://mpsnare.iesnare.com https://static.zdassets.com/ https://cl.avis-verifies.com/ https://assets.zendesk.com/ https://static.affilae.com/ https://bat.bing.com/ https://static.criteo.net/ https://sslwidget.criteo.com/ https://*.msecnd.net/ https://googleads.g.doubleclick.net/ https://*.beyable.com/ https://beyableprod.blob.core.windows.net/ https://code.jquery.com/ https://*.axept.io/ https://913.userly.net/ https://dynamic.criteo.com/ https://s.marvellousmachine.net/ https://adperf.go2cloud.org/ https://uzerly.net/ https://*.uzerly.net/ https://*.kameleoon.com/ https://*.kameleoon.eu/ https://*.kameleoon.io/ https://*.analytics.google.com/ https://*.facebook.com https://*.clarity.ms/ https://*.almapay.com/ https://metrics.naturalforme.fr/ https://static.elfsight.com/ https://*.mapbox.com https://*.onyourmap.com https://*.my-probance.one 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.hipay.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://libs.hipay.com https://913.userly.net/ https://uzerly.net/ https://*.uzerly.net/ https://*.kameleoon.com/ https://*.kameleoon.eu/ https://*.kameleoon.io/ https://*.analytics.google.com/ https://*.facebook.com https://*.clarity.ms/ https://*.almapay.com/ https://www.google.com https://metrics.naturalforme.fr/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com https://mpsnare.iesnare.com https://913.userly.net/ https://uzerly.net/ https://*.uzerly.net/ https://*.kameleoon.com/ https://*.kameleoon.eu/ https://*.kameleoon.io/ https://*.analytics.google.com/ https://*.facebook.com https://*.clarity.ms/ https://*.almapay.com/ https://www.google.com https://metrics.naturalforme.fr/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu *.scarabresearch.com *.eservice.emarsys.net https://*.hipay.com wss://mpsnare.iesnare.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net https://nominatim.openstreetmap.org *.alothemes.com *.magepow.com client.axept.io api.axept.io pagead2.googlesyndication.com pro.ip-api.com region1.google-analytics.com ws.colissimo.fr secure-gateway.hipay-tpp.com https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://www.naturalforme.info https://maps.googleapis.com https://collector.appconsent.io https://*.zendesk.com https://*.zdassets.com iesnare.com wss://*.iesnare.com https://awsapis3.netreviews.eu/ https://cl.avis-verifies.com/ https://*.doubleclick.net/ https://*.azure-api.net/ https://913.userly.net/ https://uzerly.net/ https://*.uzerly.net/ https://*.kameleoon.com/ https://*.kameleoon.eu/ https://*.kameleoon.io/ https://*.facebook.com https://*.clarity.ms/ https://*.almapay.com/ https://www.google.com https://metrics.naturalforme.fr/ https://*.elfsight.com/ https://*.mapbox.com https://*.onyourmap.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';script-src 'self' https://*.hotjar.com *.government.bg *.nksoftware.net *.youtube.com *.googletagmanager.com *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com track.freecallinc.com cnt.tyxo.bg *.facebook.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.hotjar.com track.freecallinc.com *.government.bg *.nksoftware.net *.youtube.com tagmanager.google.com *.googleapis.com www.google.com 'unsafe-inline';style-src-elem 'self' *.gstatic.com  *.googletagmanager.com www.google.com *.government.bg *.nksoftware.net *.googleapis.com 'unsafe-inline';img-src 'self' *.googletagmanager.com https://*.hotjar.com *.nksoftware.net *.youtube.com *.gstatic.com *.google.com *.googleapis.com *.google-analytics.com gotoburgas.com *.gotoburgas.com burgas.bg *.burgas.bg cnt.tyxo.bg track.freecallinc.com *.imgur.com data:;font-src 'self' https://*.hotjar.com *.googleapis.com track.freecallinc.com *.gstatic.com data:; base-uri 'self'; form-action 'self'; frame-src 'self' *.google.com *.gstatic.com syndicatedsearch.goog *.government.bg *.youtube.com *.youtube-nocookie.com *.facebook.com;manifest-src 'self';frame-ancestors 'self';connect-src 'self' translate.googleapis.com translate-pa.googleapis.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.google-analytics.com *.freecallinc.com *.doubleclick.net *.smartburgas.eu; media-src 'self' * blob: *.smartburgas.eu; worker-src 'self' blob: ; 1
frame-ancestors 'self' www.roompotpsa.eu survey.insocial.nl www.detolplas.nl www.familieparken.nl www.onsvakanties.nl www.vakantieparkhellendoorn.nl www.vakantievilla-met-prive-zwembad.nl www.strandparkzeeland.nl www.kronenburgersee.nl kronenburgersee.nl www.eifelpark-eks.de www.duinresortdunimar.nl dev72.lined.nl 89051.afasinsite.nl www.detwentsehoeve.nl www.edeka-reisen.de www.edeka-urlaubswelt.de www.edeka-reiselust.de www.htc-reisen.de www.mein-kleiner-urlaub.de www.bungalowpark-veluwsehoevegaerde.nl www.deriethorst.com www.drentsewold.nl f.insocial.nl strandparkzeeland.nl www.globista.de www.holidayparkhellendoorn.com www.ferienparkhellendoorn.de uptour.de test.uptour.de www.deriethorst.com www.vakantieparkdeheihorsten.nl www.vakantieparkschaijk.nl www.uptour.de www.marberveluwe.nl www.detolplas.de; report-to csp-endpoint; report-uri https://www.roompot.nl/cspreports/ 1
default-src 'none'; script-src 'self' 'unsafe-eval' *.cookiebot.com *.googletagmanager.com www.google.com www.gstatic.com *.lfeeder.com lfeeder.com script.crazyegg.com snap.licdn.com *.crazyegg.com code.jquery.com https://code.jquery.com 'unsafe-inline';worker-src blob:; connect-src 'self' *.google-analytics.com/ https://consentcdn.cookiebot.com/ script.crazyegg.com px.ads.linkedin.com *.crazyegg.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: our.umbraco.com tr.lfeeder.com dashboard.umbraco.com www.w3.org imgsct.cookiebot.com px.ads.linkedin.com *.crazyegg.com; style-src 'self' *.googleapis.com *.crazyegg.com 'unsafe-inline';base-uri 'self';form-action 'self';font-src 'self' fonts.gstatic.com; media-src 'self'; frame-src https://consentcdn.cookiebot.com/ https://qinshift.com/ www.google.com *.cazyegg.com code.jquery.com https://code.jquery.com 1
worker-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zencdn.net *.photoninfotech.com *.googletagmanager.com *.google.com *.facebook.net *.gstatic.com *.test.semantico.net *.recaptcha.net *.cloudinary.com *.onetrust.com *.brightcove.net *.cloudflare.com *.googleapis.com *.star.saas.semcs.net *.3playmedia.com *.zscloud.net *.jsdelivr.net ; frame-src 'self' *.recaptcha.net *.photoninfotech.com *.sspbloomsbury.com *.worldbank.org *.googletagmanager.com *.youtube.com  *.brightcove.net ; object-src 'self'; 1
default-src https: http://history.oa-bsa.org data: 'unsafe-inline' 'unsafe-eval' placehold.it;     script-src 'self' 'unsafe-inline' 'unsafe-eval' *.oa-bsa.org www.google-analytics.com www.googletagmanager.com *.hotjar.com *.hotjar.io *.vimeo.com *.vimeocdn.com use.typekit.com www.google.com use.typekit.net code.jquery.com stackpath.bootstrapcdn.com www.gstatic.com cdn.knightlab.com cdnjs.cloudflare.com static.addtoany.com api.instagram.com ajax.googleapis.com maps.googleapis.com connect.facebook.net platform.twitter.com cdn.jsdelivr.net *.createsend1.com;     style-src 'self' 'unsafe-inline' *.oa-bsa.org fonts.googleapis.com cdn.knightlab.com stackpath.bootstrapcdn.com use.typekit.net p.typekit.net cdnjs.cloudflare.com;     connect-src 'self' http://api.oa-bsa.org api.oa-bsa.org www.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com use.typekit.com www.google.com use.typekit.net performance.typekit.net www.gstatic.com cdnjs.cloudflare.com static.addtoany.com www.instagram.com api.instagram.com ajax.googleapis.com maps.googleapis.com createsend.com *.doubleclick.net;     frame-ancestors 'self' *.oa-bsa.org; 1
frame-ancestors https://*.belmontstakes.com https://belmontstakes.com https://*.thorograph.com https://thorograph.com https://*.belmontstakes.com https://belmontstakes.com https://*.belmontstakesbets.com 'self' https://belmontstakesbets.com https://*.gbetest.com https://gbetest.com https://*.dev07-broker0201.com https://dev07-broker0201.com https://*.dev07-gbeb2c.com https://dev07-gbeb2c.com https://*.test02-belmontstakesbets.com https://test02-belmontstakesbets.com https://*.gbe.global https://gbe.global; 1
default-src 'self' *.zdassests.com *.cloudinary.com;connect-src *.amplitude.com *.crazyegg.com *.yotpo.com https://*.prod.devacurlaws.com https://*.bing.com https://*.bounceexchange.com https://*.cdnbasket.net https://*.cdnwidget.com https://*.cookielaw.org https://*.devacurl.com https://*.devatech.us https://*.devatechpro.us https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.hotjar.com https://*.hotjar.io https://*.likeshop.me https://*.myshopify.com https://*.onetrust.com/ https://*.pinterest.com https://*.tiktok.com https://*.trackedweb.net https://*.zdassets.com https://*.zendesk.com https://*.zopim.com https://analytics.google.com/g/collect https://analytics.tiktok.com https://api.astutebot.com https://app.glitchtip.com https://devacurl.2m8f.net https://dfp.bouncex.net https://events.bouncex.net https://perf-api.wknd.ai https://s3-us-west-2.amazonaws.com/afterpayus-integrations/javascript/modal/us_modal.html https://sentry.io https://server.clearforme.com likeshop.me localhost:* wss://widget-mediator.zopim.com www.google-analytics.com;font-src 'self' *.gstatic.com *.yotpo.com data: fonts.gstatic.com https://assets.bounceexchange.com likeshop.me;frame-src *.afterpay.com *.crazyegg.com *.dotdigital-pages.com *.dotmailer-surveys.com *.doubleclick.net *.facebook.com *.googletagmanager.com *.hotjar.com *.meevo.com *.phorest.me *.youtube.com https://admin.rechargeapps.com/ https://assets.bounceexchange.com https://bot.emplifi.io/ https://calendly.com https://ct.pinterest.com https://dash.bounceexchange.com optimize.google.com phorest.com phorest.me;frame-ancestors https://*.dev.devacurlaws.com https://*.staging.devacurlaws.com https://*.prod.devacurlaws.com https://*.devacurl.com http://*.gitlab.io https://*.sephora.de http://localhost:*;img-src * blob: data: https://assets.bounceexchange.com https://events.bouncex.net optimize.google.com www.google-analytics.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.bing.com *.cookielaw.org *.crazyegg.com *.dashhudson.com *.dotdigital-pages.com *.dotmailer-surveys.com *.doubleclick.net *.facebook.net *.google.com *.google.com *.hotjar.com *.yotpo.com *.zdassets.com blob: https://*.afterpay.com https://*.bounceexchange.com https://*.calendly.com https://*.impactradius-event.com https://*.onetrust.com https://*.pinimg.com https://*.pinterest.com https://*.tiktok.com https://*.trackedweb.net https://analytics.tiktok.com https://analytics.tiktok.com/i18n/pixel/events.js https://bot.emplifi.io/ https://dash-staging.bounceexchange.com https://s.pinimg.com https://static.zdassets.com https://tag.bounceexchange.com https://tag.wknd.ai https://widget-mediator.zopim.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com;worker-src blob:;style-src 'self' 'unsafe-inline' *.crazyegg.com https://*.google.com https://*.googleapis.com https://*.mapbox.com https://*.yotpo.com https://assets.bounceexchange.com https://bot.emplifi.io/;report-uri https://app.glitchtip.com/api/441/security/?glitchtip_key=3dde4127c3534fe993e9bc77c36be5e5&sentry_environment=prod;media-src 'self' *.cloudinary.com *.crazyegg.com *.zdassets.com dashhudson-static.s3.amazonaws.com https://*.dashhudson.com 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.bytescm.com *.zhuxiaobang.com *.yangyi08.com *.yangyi07.com *.byteimg.com *.snssdk.com *.bytedance.net *.ibytedtos.com wss://*.bytedance.net *.pstatp.com *.ipstatp.com *.sgpstatp.com *.bytecdn.cn *.bytetos.com *.byted.org *.tiktok.com *.shimolife.com *.alipayobjects.com *.toutiao.com *.oceanengine.com *.bytedance.com *.hypstarcdn.com *.byteoversea.com *.alicdn.com *.giocdn.com *.growingio.com *.baidu.com *.bytegoofy.com zz.bdstatic.com *.snssdk.com wss://*.snssdk.com *.alipay.com *.douyinstatic.com *.toutiaostatic.com *.ibytedtos.com *.byted-static.com *.bytednsdoc.com *.feelgood.cn *.googletagmanager.com *.google-analytics.com;report-uri https://csp.snssdk.com/v17 1
script-src 'unsafe-inline' http: https:;object-src 'none';base-uri 'none';report-uri 'https://prixa.net'; 1
default-src 'self' 'unsafe-inline'   https://*.tpsportal.co.nz https://www.tenancy.co.nz https://*.vimeocdn.com  https://*.googleapis.com https://*.vimeo.com https://*.youtube.com https://*.sndcdn.com https://www.google-analytics.com https://tps-dev-tenancy-attachments.s3.amazonaws.com https://tps-dev-tenancy-attachments.s3-ap-southeast-2.amazonaws.com https://tps-testing-tenancy-attachments.s3.amazonaws.com https://tps-testing-tenancy-attachments.s3-ap-southeast-2.amazonaws.com https://tps-prod-tenancy-attachments.s3.amazonaws.com https://tps-prod-tenancy-attachments.s3-ap-southeast-2.amazonaws.com https://stats.g.doubleclick.net https://tps-dev-tenancy-attachments.s3.ap-southeast-2.amazonaws.com https://tps-file-storage-dev.s3.ap-southeast-2.amazonaws.com https://tps-file-storage.s3.ap-southeast-2.amazonaws.com https://tps-testing-public-images.s3.ap-southeast-2.amazonaws.com https://tps-prod-public-images.s3.ap-southeast-2.amazonaws.com https://tps-testing-tenancy-attachments.s3.ap-southeast-2.amazonaws.com https://tps-prod-tenancy-attachments.s3.ap-southeast-2.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'   https://*.tpsportal.co.nz https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://*.googletagmanager.com https://*.googleapis.com https://*.vimeo.com https://*.youtube.com https://*.vimeocdn.com https://*.sndcdn.com https://www.googleadservices.com https://*.doubleclick.net; style-src 'self' 'unsafe-inline' data: https://*.googleapis.com; img-src * data: blob:; font-src * 'unsafe-inline' data:; media-src *; object-src *; frame-src *; child-src *; frame-ancestors 'self'  https://*.sndcdn.com https://*.vimeo.com https://*.youtube.com https://*.vimeocdn.com https://www.googleadservices.com https://*.doubleclick.net;form-action https://*.tpsportal.co.nz https://*.tpsportal.docksal https://*.tpsportal.docksal.site https://*.tpsportal.lndo.site 1
default-src 'self' https://ethosenergygroup.com https://ethosenergy.com https://careers.ethosenergy.com https://ethosenergy.com https://oakwoodagency.com https://go.ethosenergy.com https://*.google.com https://*.google.co.uk https://*.googleadservices.com https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.gstatic.com https://fonts.gstatic.com https://maps.gstatic.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://imagesct.cookiebot.com https://imgsct.cookiebot.com https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.exstole.com https://vumbnail.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://code.jquery.com https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.pardot.com https://*.newscred.com https://*.zoominfo.com https://*.doubleclick.net https://*.litix.io https://*.cart8draw.com https://*.ceros.com 'nonce-rSBGK7b7Nco9bnJRAhjBONHV93p4Aa7hGbIFXWxYCpc='; frame-src 'self' 'strict-dynamic' https://ethosenergygroup.com https://ethosenergy.com https://careers.ethosenergy.com https://ethosenergy.com https://oakwoodagency.com https://go.ethosenergy.com https://*.google.com https://*.google.co.uk https://*.googleadservices.com https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.gstatic.com https://fonts.gstatic.com https://maps.gstatic.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://imagesct.cookiebot.com https://imgsct.cookiebot.com https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.exstole.com https://vumbnail.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://code.jquery.com https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.pardot.com https://*.newscred.com https://*.zoominfo.com https://*.doubleclick.net https://*.litix.io https://*.cart8draw.com https://*.ceros.com 'nonce-rSBGK7b7Nco9bnJRAhjBONHV93p4Aa7hGbIFXWxYCpc='; style-src 'self' 'unsafe-inline' https://ethosenergygroup.com https://ethosenergy.com https://careers.ethosenergy.com https://ethosenergy.com https://oakwoodagency.com https://go.ethosenergy.com https://*.google.com https://*.google.co.uk https://*.googleadservices.com https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.gstatic.com https://fonts.gstatic.com https://maps.gstatic.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://imagesct.cookiebot.com https://imgsct.cookiebot.com https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.exstole.com https://vumbnail.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://code.jquery.com https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.pardot.com https://*.newscred.com https://*.zoominfo.com https://*.doubleclick.net https://*.litix.io https://*.cart8draw.com https://*.ceros.com; font-src 'self' data: https://ethosenergygroup.com https://ethosenergy.com https://careers.ethosenergy.com https://ethosenergy.com https://oakwoodagency.com https://go.ethosenergy.com https://*.google.com https://*.google.co.uk https://*.googleadservices.com https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.gstatic.com https://fonts.gstatic.com https://maps.gstatic.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://imagesct.cookiebot.com https://imgsct.cookiebot.com https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.exstole.com https://vumbnail.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://code.jquery.com https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.pardot.com https://*.newscred.com https://*.zoominfo.com https://*.doubleclick.net https://*.litix.io https://*.cart8draw.com https://*.ceros.com; img-src 'self' data: https://ethosenergygroup.com https://ethosenergy.com https://careers.ethosenergy.com https://ethosenergy.com https://oakwoodagency.com https://go.ethosenergy.com https://*.google.com https://*.google.co.uk https://*.googleadservices.com https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.gstatic.com https://fonts.gstatic.com https://maps.gstatic.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://imagesct.cookiebot.com https://imgsct.cookiebot.com https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.exstole.com https://vumbnail.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://code.jquery.com https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.pardot.com https://*.newscred.com https://*.zoominfo.com https://*.doubleclick.net https://*.litix.io https://*.cart8draw.com https://*.ceros.com; media-src 'self' data: https://ethosenergygroup.com https://ethosenergy.com https://careers.ethosenergy.com https://ethosenergy.com https://oakwoodagency.com https://go.ethosenergy.com https://*.google.com https://*.google.co.uk https://*.googleadservices.com https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.gstatic.com https://fonts.gstatic.com https://maps.gstatic.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://imagesct.cookiebot.com https://imgsct.cookiebot.com https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.exstole.com https://vumbnail.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://code.jquery.com https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.pardot.com https://*.newscred.com https://*.zoominfo.com https://*.doubleclick.net https://*.litix.io https://*.cart8draw.com https://*.ceros.com; script-src 'self' 'unsafe-inline' https://ethosenergygroup.com https://ethosenergy.com https://careers.ethosenergy.com https://ethosenergy.com https://oakwoodagency.com https://go.ethosenergy.com https://*.google.com https://*.google.co.uk https://*.googleadservices.com https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.gstatic.com https://fonts.gstatic.com https://maps.gstatic.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://imagesct.cookiebot.com https://imgsct.cookiebot.com https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.exstole.com https://vumbnail.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://code.jquery.com https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.pardot.com https://*.newscred.com https://*.zoominfo.com https://*.doubleclick.net https://*.litix.io https://*.cart8draw.com https://*.ceros.com; frame-ancestors 'self' https://ethosenergygroup.com https://ethosenergy.com https://careers.ethosenergy.com https://ethosenergy.com https://oakwoodagency.com https://go.ethosenergy.com https://*.google.com https://*.google.co.uk https://*.googleadservices.com https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.gstatic.com https://fonts.gstatic.com https://maps.gstatic.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://imagesct.cookiebot.com https://imgsct.cookiebot.com https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.exstole.com https://vumbnail.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://code.jquery.com https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.pardot.com https://*.newscred.com https://*.zoominfo.com https://*.doubleclick.net https://*.litix.io https://*.cart8draw.com https://*.ceros.com; form-action 'self' https://ethosenergygroup.com https://ethosenergy.com https://careers.ethosenergy.com https://ethosenergy.com https://oakwoodagency.com https://go.ethosenergy.com https://*.google.com https://*.google.co.uk https://*.googleadservices.com https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.gstatic.com https://fonts.gstatic.com https://maps.gstatic.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://imagesct.cookiebot.com https://imgsct.cookiebot.com https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.exstole.com https://vumbnail.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://code.jquery.com https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.pardot.com https://*.newscred.com https://*.zoominfo.com https://*.doubleclick.net https://*.litix.io https://*.cart8draw.com https://*.ceros.com; upgrade-insecure-requests; object-src 'none'; base-uri 'self' 1
default-src 'self'; script-src 'self' *.google-analytics.com *.system-alpha.co.jp system-alpha.co.jp *.e-business.ne.jp 'unsafe-inline' 'unsafe-eval';style-src 'self' *.google-analytics.com *.system-alpha.co.jp system-alpha.co.jp *.e-business.ne.jp 'unsafe-inline'; frame-ancestors 'self';  1
default-src 'self' *.fwdlife.hk *.metlife.com.hk; script-src 'self' 'sha256-mWUTXWdFnR8iHK19IiMNKFUpods+TodIuzk5sDOJ8zY=' 'sha256-ZJTH6gwodBeayf/C9UqCsFvmQqAkDQXcUICC/BAmZos=' *.fwdlife.hk *.metlife.com.hk https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com; style-src 'self' *.fwdlife.hk *.metlife.com.hk 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' *.fwdlife.hk *.metlife.com.hk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com; font-src 'self' *.fwdlife.hk *.metlife.com.hk https://fonts.gstatic.com data:; connect-src 'self' *.fwdlife.hk *.metlife.com.hk https://www.google-analytics.com; object-src 'none'; 1
frame-ancestors 'self' nachc.docebosaas.com; 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval';frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://becominghuman.ai https://*.becominghuman.ai https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
frame-ancestors 'self' https://*.sharepoint.com; 1
default-src 'self' http: https: data: blob: 'unsafe-inline' script-src: 'unsafe-inline' 'unsafe-eval' 1
base-uri 'none';child-src 'none';connect-src 'self' https://cdn.cookielaw.org https://*.google-analytics.com https://stats.g.doubleclick.net;default-src 'self';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src 'none';img-src 'self' https://cdn.cookielaw.org https://*.google-analytics.com https://www.googletagmanager.com https://d21y75miwcfqoq.cloudfront.net/deaafc32;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net;style-src 'self' 'unsafe-inline';worker-src 'self';upgrade-insecure-requests ; 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: alfiekohn.org 1
font-src *.squarecdn.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.treasurebox.co.nz 'self' *.fontawesome.com maxcdn.bootstrapcdn.com www.searchanise.com *.searchserverapi.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com 'self' *.treasurebox.co.nz www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.searchanise.com *.searchserverapi.com *.paymentexpress.com *.windcave.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com www.google.com *.twitter.com *.pinterest.com *.doubleclick.net 'self' *.afterpay.com *.google.co.nz *.treasurebox.co.nz *.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.searchanise.com *.searchserverapi.com *.trustpilot.com *.paymentexpress.com *.windcave.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ *.gstatic.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.au-freshbots.ai *.freshbots.ai *.google.co.nz *.google.com.sg *.treasurebox.co.nz *.tbsandbox.co.nz 'self' *.cloudfront.net *.latitudefinancial.com *.clarity.ms *.bing.com *.afterpay.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net *.au-freshbots.ai s.pinimg.com *.pinterest.com/ *.clarity.ms *.treasurebox.co.nz *.tbsandbox.co.nz *.googletagmanager.com 'self' *.latitudefinancial.com *.freshdesk.com *.amazonaws.com *.searchserverapi.com *.searchanise.com *.freshworksapi.com *.afterpay.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com searchserverapi.com api.amplitude.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ *.squarecdn.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com https://static.klaviyo.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.au-freshbots.ai *.treasurebox.co.nz *.tbsandbox.co.nz 'self' *.amazonaws.com *.searchserverapi.com *.afterpay.com maxcdn.bootstrapcdn.com www.searchanise.com searchanise-ef84.kxcdn.com s3.amazonaws.com ton.twimg.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com https://www.google-analytics.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org *.au-freshbots.ai *.pinterest.com *.clarity.ms *.treasurebox.co.nz *.doubleclick.net *.tbsandbox.co.nz 'self' *.trustpilot.com *.google.co.nz *.freshworksapi.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.amplitude.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-RLHvCi5gmT' blob:  *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com unpkg.com *.cloudflare.com *.jsdelivr.net *.youtube.com *.gstatic.com https://translate.googleapis.com/ *.moatads.com *.pinterest.com *.vimeo.com *.facebook.net *.hotjar.com *.marker.io *.newrelic.com *.nr-data.net *.googleapis.com *.sharethis.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.cloudflare.com *.jsdelivr.net *.marker.io www.gstatic.com; img-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.cloudflare.com *.ogilvy.com.au *.google.com i.ytimg.com *.pinterest.com *.vimeocdn.com *.ggpht.com *.youtube.com *.marker.io *.doubleclick.net *.facebook.com *.sharethis.com *.googletagmanager.com *.nsw.gov.au *.facebook.net; media-src 'self'; frame-src 'self' *.youtube.com *.vimeo.com vimeo.com *.google.com *.pinterest.com *.marker.io *.doubleclick.net *.hotjar.com *.facebook.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' *.gstatic.com *.amazonaws.com data:; connect-src 'self' *.google-analytics.com *.googleapis.com vimeo.com *.marker.io *.nr-data.net *.hotjar.com *.doubleclick.net *.facebook.com *.facebook.net *.sharethis.com *.hotjar.io *.google.com data.stbuttons.click; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' font.fusiondex.org fonts.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https:; connect-src https:; base-uri 'none'; frame-ancestors 'self'; img-src 'self' https: blob: data: pagead2.googlesyndication.com storage.googleapis.com; font-src 'self' font.fusiondex.org fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https:; object-src 'self' 1
default-src 'self' data: analytics.google.com *.googleadservices.com https://onlia.zendesk.com https://static.zdassets.com/ekr/snippet.js https://ekr.zdassets.com/compose/ https://static.zdassets.com/ https://v2assets.zopim.io wss://widget-mediator.zopim.com/s/W/ws/ https://widget-mediator.zopim.com https://p27.zdusercontent.com/ https://dc.services.visualstudio.com/v2/track https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js https://c.la3-core1.sfdc-yfeipo.salesforceliveagent.com https://d.la3-core1.sfdc-yfeipo.salesforceliveagent.com *.trustpilot.com optimize.google.com d6tizftlrpuof.cloudfront.net *.digitalcx.com *.elitechnology.com *.usabilla.com *.eqads.com *.onliasense.ca *.gstatic.com *.doubleclick.net fonts.googleapis.com tagmanager.google.com maps.google.com maps.google.ca *.googleapis.com *.googleapis.ca *.ggpht.com www.youtube.com https://onlia-ca-pixel-cynolytics.outshared.services/ https://connect.facebook.net https://s-static.ak.facebook.com https://www.facebook.com https://www.google.com www.google.ca *.google-analytics.com https://*.analytics.google.com wss://*.smooch.io https://*.smooch.io https://*.googletagmanager.com https://www.googleoptimize.com https://surfly.com/  https://*.tvsquared.com https://player.vimeo.com/ https://ucc.oc365s.com wss://*.hotjar.com *.hotjar.com vc.hotjar.io content.hotjar.io https://*.trustev.com https://*.iesnare.com wss://mpsnare.iesnare.com/ https://static.ads-twitter.com/ *.twitter.com *.stackadapt.com https://t.co/ https://bat.bing.com/ https://bat.bing.com/action/0* https://www.instagram.com/ 'unsafe-eval' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' https://*.googleapis.com https://forms.eboxentreprise.be https://forms.eboxenterprise.be https://forms.e-boxunternehmung.be https://forms.eboxunternehmung.be https://forms.e-boxonderneming.be https://forms.eboxonderneming.be https://formsacc.eboxentreprise.be https://formsacc.eboxenterprise.be https://formsacc.e-boxunternehmung.be https://formsacc.eboxunternehmung.be https://formsacc.e-boxonderneming.be https://formsacc.eboxonderneming.be https://analytics.onss.be https://matomo.bosa.be https://www.flexmail.eu openfed.github.io; frame-src 'self' https://forms.eboxentreprise.be https://forms.e-boxunternehmung.be https://forms.eboxunternehmung.be https://forms.e-boxonderneming.be https://forms.eboxonderneming.be https://forms.eboxenterprise.be https://forms.socialsecurity.be https://formsacc.eboxentreprise.be https://formsacc.e-boxunternehmung.be https://formsacc.eboxunternehmung.be https://formsacc.e-boxonderneming.be https://formsacc.eboxonderneming.be https://formsacc.eboxenterprise.be https://formsacc.socialsecurity.be https://www.flexmail.eu https://youtube-nocookie.com https://www.youtube-nocookie.com; 1
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors *; 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.3lift.com *.acuityplatform.com *.adadvisor.net *.addthis.com *.addthisedge.com *.addthisevent.com *.adform.net *.adgrx.com *.admission.net *.admixer.net *.adnxs.com *.adotmob.com *.adsrvr.org *.adsymptotic.com *.advertising.com *.agkn.com *.alcmpn.com *.amazon-adsystem.com *.amazonaws.com *.apxlv.com *.arcgis.com *.betweendigital.com *.bfmio.com *.bidr.io *.bidswitch.net *.bluekai.com *.bootstrapcdn.com *.brandcdn.com *.cdc.gov *.choozle.com *.cloudflare.com *.cloudfront.net *.cogocast.net *.company-target.com *.contextweb.com *.crazyegg.com *.crwdcntrl.net *.demdex.net *.docscores.com *.domdex.com *.dotomi.com *.doubleclick.net *.eloqua.com *.emailsrvr.com *.en25.com *.ensighten.com *.entitytag.co.uk *.epichosted.com *.everesttech.net *.exelator.com *.facebook.com *.facebook.net *.fg8dgt.com *.force.com *.fwmrm.net *.google.com *.googleadservices.com *.googleapis.com *.gstatic.com *.healthgrades.com *.mercuryhealthcare.com *.imrworldwide.com *.insightexpressai.com *.intentiq.com *.ipredictive.com *.jumptap.com *.krxd.com *.krxd.net *.liadm.com *.libsyn.com *.licdn.com *.lijit.com *.linkedin.com *.linksynergy.com *.mathtag.com *.mdhv.io *.medtouch.com *.ml314.com *.ml314.com *.moatads.com *.mookie1.com *.ngrok.io *.nrchealth.com *.openx.net *.placelocal.com *.prfct.com *.pro-market.net *.pubmatic.com *.quantserve.com *.reson8.com *.rfihub.com *.rkdms.com *.rlcdn.com *.rubiconproject.com *.rundsp.com *.salesforce.com *.scorecardresearch.com *.semasio.net *.sharethis.com *.simpli.fi *.siteimproveanalytics.com *.siteimproveanalytics.io *.sitescout.com *.spotify.com *.spotxchange.com *.stickyadstv.com *.sundaysky.com *.survata.com *.swarminteractive.com *.tapad.com *.thrtle.com *.tidaltv.com *.tinypic.com *.tremorhub.com *.tribalfusion.com *.trueleadid.com *.truoptik.com *.turn.com *.twitter.com *.twimg.com *.undertone.com *.universityhealthsystem.com *.universityhealth.com *.universityhealthsystemsc.dev.local *.viewmedica.com *.vindicosuite.com *.w55c.net *.walmart.com *.xspadvertising.com *.yahoo.com *.youtube.com *.vimeo.com *.vimeocdn.com *.yextpages.net https://addevent.com http://siteimproveanalytics.com https://oxblue.com https://pippio.com https://siteimproveanalytics.com https://thrtle.com https://uhs-portal.com https://universityhealthsystemsc.dev.local https://viewmedica.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://rg-uh-corpcomm-sitecore-pr-288890-cd.azurewebsites.net/ https://rg-uh-corpcomm-sitecore-pr-288890-cm.azurewebsites.net/ ; 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' data: https:; object-src 'none'; base-uri 'self'; frame-ancestors 'self' ; 1
frame-ancestors 'self' *.thebestof.co.uk 1
frame-ancestors 'none'; frame-src https://www.youtube.com; 1
child-src https://plusone.google.com https://facebook.com https://platform.twitter.com https://franfinance.fr/ https://www.partners-finances.fr/ https://www.assurpeople.com/ https://www.youtube.com/ https://asset.easydmp.net/ https://optimize.google.com http://pffr-gv.dev.viaevista.fr/ https://pffr.preprod.viaevista.fr https://www.franfinance.fr/ https://docs.google.com/ https://www.youtube-nocookie.com/ https://www.carreprive.fr https://tag.aticdn.net/ https://td.doubleclick.net/ https://carrev4.euroback.fr https://www.carreprive.fr/Partners/TopSeller https://odigo-franfinance.dimelochat.com https://odigo-franfinance.ws.dimelo.com https://odigo-franfinance.messaging.dimelo.com; connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://smart-widget-assets.ekomiapps.de/ https://www.franfinance.fr/ https://bat.bing.com/ https://asset.easydmp.net/ https://api.privacy-center.org wss://api.algoan.com/ https://api.algoan.com/ https://dcinfos-cache.abtasty.com/ https://ariane.abtasty.com/ https://www.facebook.com/ https://solution-selfhelp.easyvista.com https://www.clarity.ms/ https://b.clarity.ms/ https://pagead2.googlesyndication.com/ https://w.clarity.ms/ https://tag.aticdn.net/ https://region1.google-analytics.com/ https://www.google.com/ https://rmjnvmk.pa-cd.com/ https://googleads.g.doubleclick.net/ https://odigo-franfinance.dimelochat.com https://odigo-franfinance.ws.dimelo.com https://odigo-franfinance.messaging.dimelo.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://sw-assets.ekomiapps.de/ https://github.com/ data: https://asset.easydmp.net/ https://optimize.google.com https://solution-selfhelp.easyvista.com; script-src https://apis.google.com https://platform.twitter.com https://ajax.googleapis.com https://www.googletagmanager.com/ https://www.google-analytics.com/ https://sw-assets.ekomiapps.de/ https://smart-widget-assets.ekomiapps.de/ https://ssl.google-analytics.com/ https://www.googleadservices.com/ https://www.dwin1.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ 'unsafe-eval' https://www.franfinance.fr/ 'self' https://atout.email-match.com/ https://asset.easydmp.net/ https://asset.easydmp.net https://apis.google.com/ https://plus.google.com/ www.easydmp.net https://maps.google.com/ https://franfinance.fr/landing_page 'unsafe-inline' data: https://optimize.google.com https://sdk.privacy-center.org/ https://api.privacy-center.org https://franfinance-sav.algoan.com/ https://ajax.aspnetcdn.com/ https://try.abtasty.com/ https://connect.facebook.net/ https://www.google.com/pagead/conversion_async.js https://solution-selfhelp.easyvista.com https://www.clarity.ms/ https://pagead2.googlesyndication.com/ https://tag.aticdn.net/piano-analytics.js https://lantern.roeyecdn.com/ https://odigo-franfinance.dimelochat.com https://odigo-franfinance.ws.dimelo.com https://odigo-franfinance.messaging.dimelo.com; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline' https://sw-assets.ekomiapps.de/ https://asset.easydmp.net/ https://optimize.google.com https://solution-selfhelp.easyvista.com https://odigo-franfinance.dimelochat.com; img-src 'self' 'unsafe-inline' data: https://ssl.google-analytics.com/ https://sw-assets.ekomiapps.de/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.franfinance.fr/ https://www.googletagmanager.com/ https://www.google.com/ https://www.google.fr/ https://bat.bing.com/ https://asset.easydmp.net/ https://optimize.google.com https://franfinance-sav.algoan.com/ https://solution-selfhelp.easyvista.com https://www.clarity.ms/ https://c.clarity.ms/ https://c.bing.com/ https://lantern.roeye.com/ https://odigo-franfinance.dimelochat.com https://odigo-franfinance.engagement.dimelo.com; object-src 'none'; frame-ancestors https://franfinance.fr/ https://www.partners-finances.fr/ https://www.franfinance.fr/ https://www.piscines-ibiza.com/ https://piscines-ibiza.com/ http://e-solutions.franfinance.com https://solution-selfhelp.easyvista.com https://languedoc-pools-group.com/ https://www.languedoc-pools-group.com/; default-src https://franfinance.fr/ 'self' https://www.partners-finances.fr/; 1
default-src 'self' https://*.applicationinsights.azure.com; object-src 'none'; frame-ancestors http://localhost:51783 https://localhost https://*.isolvedhcm.com https://*.myisolved.com https://www.goqforce.com https://fusion.avintus.com https://cohere.ctrhcm.com https://www.iesonline.co https://benefitservices.infinisource.com https://www.hkp-usa.com https://www.dominionpayroll.net https://www.aholawebpr.com https://www.coastalpayroll.net https://www.sbspayroll.biz https://payroll.precisionpayrollevv.com https://payroll.paymastersinc.com https://connect.threadhcm.com https://online.commpayhr.com https://www.cpcpayroll.co https://db.zumapay.com ; base-uri 'self'; img-src 'self' https://*.blob.core.windows.net https://*.azureedge.net;sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox; script-src 'self' 'nonce-ECuRz2xKHo1qqbN3kk46f7qX' 'strict-dynamic'; 1
frame-ancestors https://kolornik.mgprojekt.com.pl 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.greenpeace.org.au https://greenpeace.org.au 1
default-src 'self' *.dvbern.ch *.google.com *.gstatic.com *.googletagmanager.com data:;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dvbern.ch *.google.com *.gstatic.com *.googletagmanager.com 1
default-src 'self'; font-src https:;img-src https: data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; media-src https:; frame-src https:; connect-src https: 1
upgrade-insecure-requests; frame-ancestors 'self' https://app.mutinyhq.com; 1
script-src https://*.googleapis.com 'unsafe-eval' 'unsafe-inline' https: blob: 'self'; script-src-elem https://*.googleapis.com 'unsafe-eval' 'unsafe-inline' https: blob: 'self'; object-src 'none'; base-uri 'self'; report-uri https://sentry.luminate.one/api/27/security/?sentry_key=646f65150e0f4008bcd6d01c85b33d84&sentry_environment=production; 1
default-src 'self' blob: https://*.akamaihd.net; img-src 'self' data: https://*.bing.com https://*.intercomassets.com https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://*.intercomusercontent.com https://*.intercomcdn.com https://*.intercom.com https://*.intercom.io https://images.ctfassets.net/ https://*.azure.net https://americanspecialtyhealth.nanorep.co https://*.hubspot.com https://*.hsforms.com https://*.fod247.io https://*.amazonaws.com http://*.boldchat.com https://*.boldchat.com http://via.placeholder.com/ https://seal.websecurity.norton.com https://*.internal.ashfitness.net/ https://*.ashconnect.com http://*.gstatic.com http://*.googleapis.com https://app.validic.com https://*.typekit.net https://*.ashcompanies.com https://*.api.ashcompanies.com https://*.googleapis.com  https://csi.gstatic.com https://www.google-analytics.com http://www.google-analytics.com https://stats.g.doubleclick.net/ https://www.facebook.com/ https://www.google.com/ https://dev.api.healthyroads.com https://stg.api.healthyroads.com/ https://preprod.api.healthyroads.com https://api.healthyroads.com/ https://www.googletagmanager.com/ https://optimize.google.com http://optimize.google.com https://*.choosehealthynext.com https://cdn.fod247.com https://*.ooyala.com https://*.brightcove.com https://*.boltdns.net https://*.choosehealthy.com https://*.akamaihd.net https://*.googleadservices.com https://*.doubleclick.net https://assets.prod.validic.com https://*.z1.web.core.windows.net; media-src 'self' blob: https://*.intercomcdn.com https://*.silverandfit.com/ http://*.boldchat.com https://*.boldchat.com https://*.internal.ashfitness.net https://dev.api.healthyroads.com  https://preprod.api.healthyroads.com  https://api.healthyroads.com/ https://stg.api.healthyroads.com/ https://*.api.ashcompanies.com https://*.ooyala.com https://*.akamaized.net https://*.choosehealthy.com https://*.boltdns.net https://*.akamaihd.net https://*.azure.net https://*.ptrx.org https://*.amazonaws.com  https://*.westus2.streaming.mediakind.com https://ottapp-appgw-amp.prodc.mkio.tv3cloud.com https://licensing.bitmovin.com https://*.z1.web.core.windows.net data:; frame-src 'self' 'unsafe-inline' blob: data: application/pdf https://intercom-sheets.com https://*.api.ashcompanies.com https://vimeo.com/ http://*.boldchat.com https://*.boldchat.com https://www.youtube.com/  https://www.facebook.com/ https://connect.facebook.net/ https://*.vimeo.com https://api.recurly.com/ https://*.networksearch.api.ashcompanies.com https://optimize.google.com http://optimize.google.com https://*.choosehealthynext.com https://*.ooyala.com https://*.choosehealthy.com https://youtu.be/ https://*.usw2.pure.cloud; font-src 'self' 'unsafe-inline' data: https://*.intercomcdn.com http://*.boldchat.com https://*.boldchat.com https://*.api.ashcompanies.com/ https://*.ashconnect.com http://*.gstatic.com https://*.typekit.net https://*.ui.api.ashcompanies.com https://fonts.gstatic.com http://fonts.gstatic.com https://*.ooyala.com https://*.choosehealthy.com; connect-src 'self' blob: wss://*.intercom.io https://*.intercomcdn.com https://*.intercom.com https://*.intercom.io wss://*.bold360.com https://*.applicationinsights.azure.com https://www.google-analytics.com https://ak-use.akamaized.net/ https://metrics-api.librato.com http://americanspecialtyhealth.nanorep.co https://visitor-services.nanorep.com http://*.boldchat.com https://*.boldchat.com https://*.silverandfit.com https://silverandfit.com http://dc.services.visualstudio.com/v2/track https://dc.services.visualstudio.com/v2/track https://api.healthyroads.com/ https://*.api.healthyroads.com https://*.ashconnect.com https://*.exerciserewards.com https://*.typekit.net/ https://*.api.ashcompanies.com https://api.recurly.com https://connect.facebook.net https://dc.services.visualstudio.com/ https://*.choosehealthynext.com https://*.ooyala.com https://*.bitmovin.com https://*.brightcove.com https://*.boltdns.net https://stats.g.doubleclick.net https://*.akamaihd.net https://*.choosehealthy.com https://*.azure.net https://*.ashcompanies.com https://*.azurefd.net https://*.azure-api.net https://*.hubspot.com https://*.ashcompanies.com https://*.googleapis.com https://*.facebook.com https://syncmydevice.com https://www.google.com https://googleads.g.doubleclick.net https://*.amazonaws.com https://*.usw2.pure.cloud wss://*.usw2.pure.cloud https://*.westus2.streaming.mediakind.com https://ottapp-appgw-amp.prodc.mkio.tv3cloud.com https://licensing.bitmovin.com https://*.z1.web.core.windows.net data:; worker-src 'self' data: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.bing.com https://*.intercomcdn.com https://*.intercom.com https://*.intercom.io https://*.ssqt.io https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://www.googleoptimize.com http://americanspecialtyhealth.nanorep.co http://*.boldchat.com https://*.boldchat.com https://seal.verisign.com/ https://*.typekit.net http://noembed.com/ https://noembed.com/ https://api.healthyroads.com https://*.ui.api.ashcompanies.com/ https://*.api.ashcompanies.com https://*.api.healthyroads.com https://*.exerciserewards.com http://tagmanager.google.com https://tagmanager.google.com http://*.googleapis.com https://js.recurly.com/v4/recurly.js  https://www.googletagmanager.com http://www.google-analytics.com/ https://www.google-analytics.com/ https://analytics.clickdimensions.com https://az416426.vo.msecnd.net/ https://connect.facebook.net/ http://analytics.clickdimensions.com/ https://optimize.google.com http://optimize.google.com https://*.choosehealthynext.com https://*.ooyala.com https://*.brightcove.net https://*.gstatic.com https://*.choosehealthy.com https://*.ashcompanies.com https://*.googleadservices.com https://*.hsadspixel.net https://js.monitor.azure.com https://cdnjs.cloudflare.com/ajax/libs/select2/3.5.2/select2.min.js https://googleads.g.doubleclick.net https://apps.usw2.pure.cloud; style-src 'self' 'unsafe-inline' http://*.boldchat.com https://*.boldchat.com https://js.recurly.com/ http://tagmanager.google.com https://tagmanager.google.com https://*.googleapis.com http://*.googleapis.com https://api.healthyroads.com/ https://*.api.ashcompanies.com/ https://*.api.healthyroads.com https://*.choosehealthynext.com 'unsafe-inline' https://optimize.google.com https://seal.websecurity.norton.com http://optimize.google.com https://*.ooyala.com https://*.googletagmanager.com https://*.typekit.net; child-src 'self' 'unsafe-inline' blob: data: https://intercom-sheets.com https://*.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; ; frame-ancestors 'self' https://vimeo.com/ https://*.choosehealthy.com; object-src 'self' data: application/pdf  blob: filesystem:; 1
default-src 'self' https://dpm.demdex.net *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov *.fontawesome.com *.doubleclick.net *.castlighthealth.com *.mapbox.com https://*.google-analytics.com *.foresee.com cdc.112.2o7.net https://*.googletagmanager.com; child-src 'self' *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov *.google.com https://cdc.demdex.net blob:; object-src 'self' *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov; img-src 'self' https://dpm.demdex.net/ https://cm.everesttech.net/ *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov cdc.112.2o7.net *.google-analytics.com *.gstatic.com  https://*.googletagmanager.com data:; style-src 'self' *.cdc.gov vaccines.gov vacunas.gov *.mapbox.com *.fontawesome.com 'unsafe-inline'; script-src 'self' *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov *.castlighthealth.com *.google-analytics.com *.adobe.com *.gstatic.com  *.googletagmanager.com *.google.com *.fontawesome.com 'unsafe-inline' 'unsafe-eval'; worker-src blob:; frame-ancestors *.cdc.gov 1
script-src 'self' https://www.gstatic.com https://www.recaptcha.net https://www.googletagmanager.com 'sha256-EbTN0dyaKxIwFTnV4Sjx5BPoymK1iuuzqBf0A00pqV8=' 'nonce-FhCE3xN3Q2jt//lP/LDToQ==' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 1
frame-ancestors 'self' *.chemistwarehouse.com.au *.epharmacy.com.au *.mychemist.com.au htmlbuilder.com.au *.htmlbuilder.com.au *.chemistwarehouse.hk 1
frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com gala.acsevents.org main.acsevents.org relay.acsevents.org; report-uri https://secure.acsevents.org/site/XFrameViolation 1
frame-ancestors 'self' *.foscarini.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.hotjar.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://*.googletagmanager.com https://*.youtube.com https://cdn.cookielaw.org https://*.onetrust.com https://walls.io https://*.walls.io https://challenges.cloudflare.com  https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com *.googleusercontent.com https://mc.yandex.ru https://mc.yandex.by https://mc.yandex.ua https://mc.yandex.kz https://mc.yandex.com https://mc.yandex.md https://yastatic.net static.cloudflareinsights.com https://unpkg.com https://*.bing.com https://api.swiftype.com; img-src 'self' data: https://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.youtube.com https://*.googlesyndication.com https://*.google.com *.googleusercontent.com https://*.googleapis.com https://*.gstatic.com https://mc.yandex.ru https://mc.yandex.by https://mc.yandex.ua https://mc.yandex.kz https://mc.yandex.com https://mc.yandex.md https://yastatic.net https://i.ytimg.com https://cdn.cookielaw.org https://*.bing.com; frame-src 'self' https://www.youtube-nocookie.com https://walls.io https://*.walls.io https://challenges.cloudflare.com https://momento360.com https://*.google.com https://mc.yandex.ru https://mc.yandex.by https://mc.yandex.ua https://mc.yandex.kz https://mc.yandex.com https://mc.yandex.md https://yastatic.net https://showpark.containex.com/; font-src 'self' https://*.hotjar.com https://fonts.gstatic.com; connect-src 'self' data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.google.com https://cdn.cookielaw.org https://*.onetrust.com https://*.googleapis.com https://*.gstatic.com https://mc.yandex.ru https://mc.yandex.by https://mc.yandex.ua https://mc.yandex.kz https://mc.yandex.com https://mc.yandex.md https://yastatic.net cloudflareinsights.com https://ipmeta.io https://*.containex.com https://*.lkw-walter.com https://*.instana.io https://*.bing.com https://*.swiftype.com; form-action 'self' 1
default-src 'self' *.sitevision.se https://*.vizzit.se *.minasidor.mjolby.se; script-src 'self' 'nonce-056272d1-4aec-11ef-a435-339214c6f114' 'report-sample' 'unsafe-eval' 'unsafe-hashes' *.sitevision.se *.gstatic.com *.googleapis.com *.rekai.se *.vizzit.se  *.minasidor.mjolby.se *.readspeaker.com https://cdn-eu.readspeaker.com/script/13797/webReader/webReader.js https://cdn.vizzit.se/integration/ https://static.rekai.se/53537ad8.js 'sha256-dxf3toqyD++EzJuhrKpapNcfknBG25Z8wS+GO411e5g=' 'sha256-YeBe1D2X5oE1pnktmFkKmQzNNXF3V2dSo9vOryFC18U=' 'sha256-RTBq9RLGJyE7Oz1hUkEtPcCMAa/zhzHEoY+hu2draKY=' 'sha256-EbriFkI1qrtlosbHdCgvB++oS58ybBEfMLee1QSSz4s=' 'sha256-Rkydu5AEZQhSKJSG4VkpDkN61T1kFsR0WWIsRjDUA0s=' 'sha256-X3fa7wJsGVHQf0PNZTWy3lNAMDh02LczcobHPmVvPT0=' 'sha256-2+u+Qf9LC0vRZoS/1HBstW1FPVetboBnVsKjnrZ0hGM=' 'sha256-NPfufwr8eTkffn9sQd5yFKqqVp2fFXOWMAYW1LeMNn4=' 'sha256-pCoIcTqw06SoJDA1CVWORlYDjpWwpQ4ZtJ8VxljhVFw='; style-src 'self' 'unsafe-inline' 'report-sample' *.sitevision.se *.cloudflare.com *.fontawesome.com *.mfstatic.com *.readspeaker.com https://cdn-eu.readspeaker.com; img-src 'self' *.sitevision.se *.gstatic.com *.basetool.se; font-src 'self' *.sitevision.se *.cloudflare.com *.fontawesome.com *.gstatic.com *.readspeaker.com data:; connect-src 'self' *.sitevision.se *.googleapis.com *.rekai.se https://*.vizzit.se *.readspeaker.com *.minasidor.mjolby.se; frame-src 'self' *.screen9.com; base-uri 'self' 'nonce-056272d1-4aec-11ef-a435-339214c6f114'; form-action 'self' https://minasidor.mjolby.se/;  1
default-src https: http: ws: wss: data: 'unsafe-inline' 'unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://arvr.social; img-src 'self' https: data: blob: https://arvr.social; style-src 'self' https://arvr.social 'nonce-pZIO6Vd0B/bFuNL142KUww=='; media-src 'self' https: data: https://arvr.social; frame-src 'self' https:; manifest-src 'self' https://arvr.social; form-action 'self'; child-src 'self' blob: https://arvr.social; worker-src 'self' blob: https://arvr.social; connect-src 'self' data: blob: https://arvr.social https://cache.arvr.social wss://arvr.social; script-src 'self' https://arvr.social 'wasm-unsafe-eval' 1
base-uri 'none';child-src 'none';connect-src 'self' https://ws.zoominfo.com/pixel/collect https://aorta.clickagy.com/ https://aorta.clickagy.com/liveramp_redir https://hemsync.clickagy.com/external/ https://maps.googleapis.com/;default-src 'self';font-src 'self' https://fonts.gstatic.com;;form-action 'self';frame-ancestors 'self';frame-src 'none';img-src 'self' https://id.rlcdn.com/ https://idsync.rlcdn.com/ https://aorta.clickagy.com/ https://maps.gstatic.com/ https://maps.googleapis.com/  https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' https://maps.googleapis.com/ https://www.google.com https://ws.zoominfo.com/pixel/6320bf5aac6e98ed3e39d094 https://tags.clickagy.com/ https://aorta.clickagy.com/ https://hemsync.clickagy.com/external/ https://ws.zoominfo.com/;style-src 'self' https://aorta.clickagy.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com/ https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com 'unsafe-inline';worker-src 'self';upgrade-insecure-requests ; 1
frame-ancestors 'self' https://*.facebook.com/ https://community.aluminate.net https://www.community.aluminate.net https://angdemo.com https://*.angdemo.com https://*.*.angdemo.com; 1
frame-ancestors 'self' https://*.trinetx.com; 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https: http: https://www.googletagmanager.com/; base-uri 'self'; report-uri https://o88274.ingest.sentry.io/api/192214/security/?sentry_key=a0af93cc03a44e39b9cd79d299a8d76d; frame-src 'self' https://app.syncbnb.com   https://js.stripe.com https://www.youtube.com https://www.facebook.com https://intercom-sheets.com https://bid.g.doubleclick.net https://www.googletagmanager.com https://td.doubleclick.net https://consentcdn.cookiebot.com https://tsdtocl.com; frame-ancestors https://app.syncbnb.com https://www.hosthub.com https://js.stripe.com https://www.facebook.com; worker-src 'self' blob: 1
default-src 'none'; base-uri 'self';connect-src 'self' fonts.googleapis.com ssl.google-analytics.com; font-src 'self' data: fonts.gstatic.com; img-src 'self' blob: data: ssl.google-analytics.com ssl.microsofttranslator.com www.google-analytics.com www.gstatic.com; form-action 'self'; frame-src www.youtube.com; frame-ancestors 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: api.microsofttranslator.com ssl.bing.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com ssl.microsofttranslator.com; upgrade-insecure-requests; report-uri https://fusionapps.report-uri.com/r/d/csp/enforce 1
default-src 'self'; style-src  'unsafe-inline' 'self'     https://ajax.googleapis.com/      https://fonts.googleapis.com ; style-src-elem  'unsafe-inline' 'self'     https://fonts.googleapis.com/     https://ajax.googleapis.com/     https://cdn.jsdelivr.net/ ; img-src 'self' 'unsafe-inline' data:     https://waitlistcheck.com/     https://www.waitlistcheck.com/     https://i.vimeocdn.com/     https://paymentrouter-trunk.redmz.mrisoftware.com/     https://beta.waitlistcheck.com/     https://ssl.google-analytics.com/     https://ajax.googleapis.com/     https://www.googleapis.com/     https://www.google-analytics.com/; script-src  https://www.google-analytics.com/     https://cdn.polyfill.io/     https://www.google.com/     https://www.gstatic.com/     https://www.googletagmanager.com/     https://www.google-analytics.com/     https://ssl.google-analytics.com/     https://ajax.googleapis.com/     https://cdnjs.cloudflare.com/     'unsafe-inline' 'unsafe-eval' 'self' ; script-src-elem 'self' 'unsafe-inline'     https://stackpath.bootstrapcdn.com/     https://cdn.jsdelivr.net/     https://cdn.polyfill.io/     https://www.google.com/     https://www.gstatic.com/     https://www.googletagmanager.com/     https://www.google-analytics.com/     https://ssl.google-analytics.com/     https://ajax.googleapis.com/     https://cdnjs.cloudflare.com/ ;font-src 'self' data: https://fonts.gstatic.com/ https://cdn.jsdelivr.net/ 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com/  ; frame-src 'self'     https://www.youtube.com/     https://youtube.com/     https://player.vimeo.com/     https://www.google.com/ 1
default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; frame-ancestors 'self'; script-src-elem 'unsafe-inline' 'unsafe-eval' https: data:; 1
default-src 'self' *.effia.com https://themes.googleusercontent.com https://maxcdn.bootstrapcdn.com *.google.fr *.google.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.youtube.com *.doubleclick.net *.payline.com *.slimpay.com *.slimpay.net hcaptcha.com *.hcaptcha.com *.abtasty.com data: https://alize-map.azurewebsites.net https://sdk.privacy-center.org https://api.privacy-center.org https://tag.aticdn.net/piano-analytics.js https://nssvsmp.pa-cd.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' *.effia.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.youtube.com *.doubleclick.net *.payline.com *.slimpay.com *.slimpay.net *.abtasty.com hcaptcha.com *.hcaptcha.com https://sdk.privacy-center.org https://api.privacy-center.org https://tag.aticdn.net/piano-analytics.js https://nssvsmp.pa-cd.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google.com https://homologation-payment.payline.com https://maps.googleapis.com https://payment.payline.com https://webpayment.dev.payline.com https://www.appelsiini.net; script-src-elem 'self' 'unsafe-inline' *.effia.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.youtube.com *.doubleclick.net *.payline.com *.slimpay.com *.slimpay.net *.abtasty.com hcaptcha.com *.hcaptcha.com https://sdk.privacy-center.org https://api.privacy-center.org https://tag.aticdn.net/piano-analytics.js https://nssvsmp.pa-cd.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://homologation-payment.payline.com https://maps.googleapis.com https://payment.payline.com https://webpayment.dev.payline.com https://www.appelsiini.net; style-src 'self' 'unsafe-inline' *.effia.com https://fonts.googleapis.com https://homologation-payment.cdn.payline.com *.payline.com *.slimpay.com *.slimpay.net *.abtasty.com hcaptcha.com *.hcaptcha.com https://sdk.privacy-center.org https://api.privacy-center.org https://tag.aticdn.net/piano-analytics.js https://nssvsmp.pa-cd.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://homologation-payment.payline.com https://payment.payline.com https://webpayment.dev.payline.com; frame-ancestors 'self'; report-uri https://www.effia.com/report-uri/enforce 1
frame-ancestors 'self' *.payubiz.in *.payu.in *.google.com www.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net www.googleadservices.com *.payumoney.com www.premiermiles.co.in www.goibibo.com secure.skype.com *.facebook.com 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src *; connect-src *; object-src *; frame-ancestors *; worker-src blob: 1
frame-ancestors https://www.lapstore.de/; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.toyota.ro https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
frame-ancestors 'self' https://*.aainsurance.co.nz; 1
frame-ancestors *.toast.com *.dooray.com dooray.com 1
frame-ancestors 'self' https://reader.bookfusion.com 1
frame-ancestors 'self' *.sovremennik.ru 1
frame-ancestors *.bolt.com self *.zdassets.com https://growgen.zendesk.com/ 'self'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests; form-action https://www.facebook.com/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.yotpo.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * self 'self' 'unsafe-inline'; style-src https://*.sharethis.com/ https://www.youtube.com/ https://web-sdk.aptrinsic.com/ *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.yotpo.com unsafe-inline assets.braintreegateway.com self 'self' 'unsafe-inline'; script-src https://bam.nr-data.net/ https://ws.sharethis.com/ https://newton.newtonsoftware.com/ https://recruitingbypaycor.com/ https://*.sharethis.com/ https://widget-mediator.zopim.com/ https://www.youtube.com/ https://connect.facebook.net/ https://chimpstatic.com/ https://googleads.g.doubleclick.net/ https://js-eu1.hs-scripts.com/ https://js-eu1.hs-analytics.net/ https://js-eu1.hs-banner.com/ https://js-eu1.hscollectedforms.net/ https://js-eu1.hsadspixel.net/ https://web-sdk.aptrinsic.com/ https://cdn.attn.tv/ https://growgeneration.attn.tv/ https://*.mouseflow.com https://growgeneration-us.attn.tv/ https://snap.licdn.com/ https://static.zdassets.com/ *.route.com *.cloudfront.net https://unpkg.com/ *.tiktok.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com self *.tctm.xyz/ *.zdassets.com https://www.google.com/ https://www.gstatic.com/ https://includes.ccdc02.com/cardinalcruise/v1/songbird.js *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.hsadspixel.net https://growgen.zendesk.com/ api.smooch.io *.simpli.fi *.rumiview.com *.kickfire.com *.callrail.com *.hotjar.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src https://www.youtube.com/ 'self' 'unsafe-inline'; media-src https://static.zdassets.com/ https://www.youtube.com/ *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src https://www.youtube.com/ *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; img-src https://*.sharethis.com/ https://www.googletagmanager.com/ https://www.youtube.com/ https://www.google.com/ https://www.facebook.com/ https://www.google.com.ua/ https://forms-eu1.hsforms.com/ https://track-eu1.hubspot.com/ https://*.mouseflow.com https://meetanshi.com/media/logo.png https://*.linkedin.com https://www.growgeneration.com https://www.theharvestco.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com self *.omtrdc.net *.hsforms.com *.hubspot.com https://growgen.zendesk.com/ *.zdassets.com/ *.flexipim.com *.simpli.fi *.rumiview.com *.kickfire.com https://cm.g.doubleclick.net https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; frame-src https://newton.newtonsoftware.com/ https://*.sharethis.com/ *.consensu.org https://recruitingbypaycor.com/ https://www.youtube.com/ https://www.facebook.com/ creatives.attn.tv https://*.mouseflow.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * self https://www.google.com/ *.demdex.net/ *.zdassets.com https://growgen.zendesk.com/ https://11989942.fls.doubleclick.net/ https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; font-src https://*.mouseflow.com *.cloudfront.net fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.yotpo.com self data: 'self' 'unsafe-inline'; connect-src *.sharethis.com wss://widget-mediator.zopim.com/ https://www.youtube.com/ https://amcglobal.sc.omtrdc.net/ https://www.facebook.com/ https://forms-eu1.hubspot.com/ https://api-eu1.hubapi.com/ https://esp-m.aptrinsic.com/ https://events.attentivemobile.com/ https://growgeneration.attn.tv/ https://*.mouseflow.com https://*.linkedin.com https://growgeneration-us.attn.tv/ *.route.com www.derekbaldwin.com *.cloudfront.net *.stape.io https://analytics.tiktok.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com self https://widget-mediator.zopim.com/ wss://api.smooch.io https://growgen.zendesk.com/ *.zdassets.com https://formbuilder.online/ *.doubleclick.net/ *.authorize.net/ *.demdex.net/ https://bam.nr-data.net/ https://maps.googleapis.com/ https://insights.algolia.io/ *.hubspot.com/ *.hubapi.com/ *.flexipim.com *.adobedtm.com *.hscollectedforms.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com/ https://analytics.google.com/ https://imgs.signifyd.com 'self' 'unsafe-inline'; default-src https://*.mouseflow.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com self 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src * 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' https: data: blob: 1
frame-ancestors 'self' *.vembu.com *.connexxanetworks.com 1
default-src * data:; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src data: 'self' https://im-in.space https://*.im-in.space; img-src 'self' https: data: blob:; connect-src wss://im-in.space https://*.giphy.com https://*.tenor.com https://*.shields.io https://im-in.space https://*.im-in.space 'self' blob: data:; script-src 'self' 'unsafe-eval' https://hcaptcha.com 'sha256-ED4WAAOcRWKeM9/DFfGQvve8gTylUkyaTxB59gMHfro=' 'sha256-mcw81LUqGI6+qAB9k0iReT8re4cGtbD1m8KbOUSfG9s=' blob:; style-src https://*.im-in.space 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; frame-src https:; upgrade-insecure-requests 1
default-src *; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' data: 'unsafe-inline' https://*; img-src https://* 'self' data:; font-src 'self' data: https://* 1
frame-ancestors https://frosttreasuryconnect.com https://frostconnect.com 1
default-src 'self'; child-src 'self' *.criteo.com *.criteo.net *.adform.net *.google-analytics.com *.meine-krankenkasse.de *.meine-gesundheitsplattform.de *.nexpics.com *.sibforms.com *.weisse-liste.de 360.nexpics.com *.form.cloud bkk-vbu.limequery.org digitus-bkkvbu.apps.cloud.itsc.de pixel.mathtag.com player.podigee-cdn.net player.vimeo.com tagmanager.google.com vbu.gesundheitsformulare.de vbu.matomo.cloud www.youtube-nocookie.com www.googletagmanager.com www.facebook.com; connect-src 'self' *.meine-krankenkasse.de *.nexpics.com *.sibforms.com api.usercentrics.eu aggregator.service.usercentrics.eu *.form.cloud digitus-bkkvbu.apps.cloud.itsc.de graphql.usercentrics.eu maps.googleapis.com vbu.matomo.cloud wss://digitus-bkkvbu.apps.cloud.itsc.de www.facebook.com; font-src 'self' data: *.nexpics.com *.sibforms.com *.form.cloud fonts.gstatic.com pixel.mathtag.com player.podigee-cdn.net vbu.gesundheitsformulare.de; frame-ancestors 'self' *.meine-krankenkasse.de vbu.matomo.cloud; img-src 'self' data: *.googleapis.com *.gstatic.com *.meine-krankenkasse.de *.nexpics.com *.sibforms.com app.usercentrics.eu *.form.cloud f.vimeocdn.com googleads.g.doubleclick.net images.podigee-cdn.net pixel.mathtag.com player.podigee-cdn.net s.ytimg.com vbu.gesundheitsformulare.de vbu.matomo.cloud www.facebook.com www.google.de www.google.com; object-src 'none'; script-src 'self' 'unsafe-inline' *.adform.net *.criteo.com *.criteo.net *.google-analytics.com *.googleapis.com *.meine-krankenkasse.de *.nexpics.com *.sibforms.com app.usercentrics.eu *.form.cloud connect.facebook.net f.vimeocdn.com googleads.g.doubleclick.net pixel.mathtag.com player.podigee-cdn.net s.ytimg.com secure.adnxs.com tagmanager.google.com vbu.gesundheitsformulare.de vbu.matomo.cloud www.googletagmanager.com www.googleadservices.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.meine-krankenkasse.de *.nexpics.com *.sibforms.com *.form.cloud player.podigee-cdn.net vbu.gesundheitsformulare.de vbu.matomo.cloud s.ytimg.com f.vimeocdn.com; upgrade-insecure-requests 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com *.stockmanbank.com https://www.onlinebanktours.com https://www.googletagmanager.com *.doubleclick.net https://up.pixel.ad https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://stockmanbank-421014.workflowcloud.com/embedform/iframe/ntx-embed-iframe.js files.marcomcentral.app.pti.com 'self' web-chat.nativechat.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdnjs.cloudflare.com/ https://www.onlinebanktours.com files.marcomcentral.app.pti.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://up.pixel.ad/ https://pixel.sitescout.com *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.stockmanbank.com *.eloqua.com track.hubspot.com https://cdnjs.cloudflare.com/ https://picsum.photos/ https://cdn.oectours.com *.google.com https://www.googletagmanager.com https://a.mktgcdn.com https://images.printable.com https://www.onlinebanktours.com/ https://googleads.g.doubleclick.net/ https://www.google.com files.marcomcentral.app.pti.com https://ad.doubleclick.net/ 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.gstatic.com *.googleapis.com https://cdnjs.cloudflare.com/ files.marcomcentral.app.pti.com; frame-src https://www.fintactix.com/ *.bugherd.com https://up.pixel.ad/ *.doubleclick.net bugherd-attachments.s3.amazonaws.com ws.pusherapp.com *.cloudfront.net screenshots.bugherd.com https://pixel.sitescout.com https://www.youtube.com/ https://www.onlinebanktours.com/ https://bid.g.doubleclick.net https://stockmanbank-421014.workflowcloud.com/ https://gbo-app-znc.nintex.io/ https://demos.wavecx.com/ https://forms.office.com/ https://pixel-sync.sitescout.com/ 'self' web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com https://ebank.secure.stockmanbank.com/EBC_EBC1151/js/RemoteLogon *.stockmanbank.com *.yext.com *.googleapis.com https://onlinebanktours.com *.doubleclick.net https://adservice.google.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.stockmanbank.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com 'self' web-chat.nativechat.com 1
default-src 'self' ifdb.org www.google.com 'nonce-PRW9H7QW'; script-src 'self' ifdb.org www.google.com 'nonce-PRW9H7QW'; style-src 'self' ifdb.org 'nonce-PRW9H7QW'; frame-ancestors 'self'; 1
default-src 'self' https://static.manebooru.art; script-src 'self' https://static.manebooru.art; style-src 'self' https://static.manebooru.art; object-src 'none'; frame-ancestors 'none'; frame-src 'none'; form-action 'self'; manifest-src 'self'; img-src 'self' data: https://static.manebooru.art https://camo.manebooru.art; block-all-mixed-content 1
default-src 'self' blob: ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.pinterest.com *.diageoai.com *.amplifyapp.com *.vimeo.com *.seedlipdrinks.com *.treasuredata.com *.channeladvisor.com *.eum-appdynamics.com *.appdynamics.com *.quantummetric.com *.klaviyo.com *.facebook.com *.facebook.net *.clarity.ms *.bing.com *.pinimg.com *.adsrvr.org *.jquery.com *.yotpo.com *.cloudflare.com *.diageohorizon.com *.diageoplatform.com *.diageoagegate.com *.anyroad.com *.youtube.com *.googletagmanager.com *.googleadservices.com *.google.com *.google-analytics.com *.gstatic.com *.cloudfunctions.net *.shortlyst.com *.juicer.io assets.juicer.io *.mapbox.com *.onetrust.com stats.g.doubleclick.net *.fontawesome.com; style-src 'self' 'unsafe-inline' *.cloudflare.com *.shopifycdn.com *.klaviyo.com *.yotpo.com *.fonts.net *.typekit.net *.bootstrapcdn.com *.diageohorizon.com *.myfonts.net *.fontawesome.com *.googleapis.com *.mapbox.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.diageoagegate.com *.amazonaws.com *.googlesyndication.com *.google.com https://api *.quantummetric.com *.myshopify.com *.onetrust.com *.eum-appdynamics.com *.appdynamics.com *.klaviyo.com *.clarity.ms *.bing.com *.pinterest.com *.thebar.com *.diageoplatform.com *.yotpo.com *.mapbox.com *.onetrust.com *.doubleclick.net *.google-analytics.com *.analytics.google.com *.shortlyst.com *.juicer.io ws: wss: gap://ready ; font-src 'self' *.typekit.net *.fonts.com *.cloudflare.com *.gstatic.com *.yotpo.com *.fontawesome.com *.bootstrapcdn.com data: blob:; frame-src 'self' *.faire.com *.vimeo.com *.facebook.com *.facebook.net *.pinterest.com *.google.com *.shortlyst.com *.thebar.com *.threedium.co.uk https://*.interactnow.tv *.adsrvr.org *.youtube.com *.anyroad.com where-to-buy.co *.doubleclick.net; img-src 'self' *.google.co.uk *.diageoai.com *.diageohorizon.com *.amplifyapp.com *.vimeocdn.com *.eum-appdynamics.com *.ytimg.com *.youtube.com *.seedlipdrinks.com *.shopify.com *.salsify.com *.thoriumd.com *.bing.com *.facebook.com *.clarity.ms *.pinterest.com *.yotpo.com *.thebar.com *.diageoplatform.com *.onetrust.com *.doubleclick.net *.juicer.io *.mapbox.com *.google.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.cloudfunctions.net data: blob:; manifest-src 'self'; media-src 'self' *.youtube.com *.vimeo.com vimeo.com *.seedlipdrinks.com *.thebar.com *.thoriumd.com *.diageoplatform.com; worker-src blob:; frame-ancestors 'self' *.shop-au-seedlip.com *.shopalyst.com *.diageoplatform.com *.shortlyst.com *.thoriumd.com *.thebar.com https://*.interactnow.tv; 1
default-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' 1
default-src 'self'; worker-src * blob:; connect-src * 'unsafe-eval' 'unsafe-inline'; font-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; frame-ancestors *.malarenergi.se *.psplugin.com; 1
default-src 'self'; img-src 'self' https://sharedservice-infinpay-website-rootbucket.s3.us-east-1.amazonaws.com data:; script-src 'self' 'unsafe-inline' https://d3592300uvnra.cloudfront.net https://sharedservice-infinpay-website-rootbucket.s3.us-east-1.amazonaws.com https://code.jquery.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com; style-src 'self' https://sharedservice-infinpay-website-rootbucket.s3.us-east-1.amazonaws.com 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://localhost:* http://*.pollballthai.com http://apmcmwrew.cedexis.cc https://*.sbotop.com *.google.com *.google.com.tw https://www.googletagmanager.com http://blog.sbotop.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.sbotop.co.uk *.connextra.com https://dev.visualwebsiteoptimizer.com https://*.cdnrocket.net/ https://*.cloudswiftcdn.net/ https://*.speedysurfcdn.net/ https://*.rapidflarecdn.net/ https://*.lightningspeedcdn.net/ https://connect.facebook.net www.facebook.com https://*.g.doubleclick.net http://*.sbobet.com; img-src data: http://localhost:* http://*.pollballthai.com http://apmcmwrew.cedexis.cc https://*.sbotop.com *.google.com *.google.com.tw https://www.googletagmanager.com http://blog.sbotop.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.sbotop.co.uk *.connextra.com https://dev.visualwebsiteoptimizer.com https://*.cdnrocket.net/ https://*.cloudswiftcdn.net/ https://*.speedysurfcdn.net/ https://*.rapidflarecdn.net/ https://*.lightningspeedcdn.net/ https://connect.facebook.net www.facebook.com https://*.g.doubleclick.net; report-uri https://csp.trackittk.net/z/3693b3a4-1444-448c-93f9-abfaa546d0e0; frame-src data: http://localhost:* http://*.pollballthai.com http://apmcmwrew.cedexis.cc https://*.sbotop.com *.google.com *.google.com.tw https://www.googletagmanager.com http://blog.sbotop.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.sbotop.co.uk *.connextra.com https://dev.visualwebsiteoptimizer.com https://*.cdnrocket.net/ https://*.cloudswiftcdn.net/ https://*.speedysurfcdn.net/ https://*.rapidflarecdn.net/ https://*.lightningspeedcdn.net/ https://connect.facebook.net www.facebook.com https://*.g.doubleclick.net https://*.youtube.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com; worker-src data: blob: https://dev.visualwebsiteoptimizer.com; frame-ancestors 'self' data: https://*.sbotop.com; 1
default-src 'self' data:; frame-src * blob:; connect-src * data: blob:; font-src * data:; img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'self'; base-uri 'self'; frame-ancestors 'self'; 1
default-src * 'unsafe-inline' script-src *.subaru.pl google-analytics.com www.google-analytics.com; 1
default-src 'self' *.hijiffy.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.theguestbook.com theguestbook.com acdn.adnxs.com player.vimeo.com stats.pusher.com *.jsdelivr.net *.cloudflare.com *.triptease.io *.facebook.net *.doubleclick.net *.selfbook.com *.relay-t.io *.licdn.com *.sojern.com wasm-eval *.hijiffy.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.adform.net cdn.segment.com core.spreedly.com secure-hotel-tracker.com self *.googleadservices.com; script-src-elem 'self' data: 'unsafe-inline' sc-static.net *.theguestbook.com theguestbook.com tags.creativecdn.com *.bing.com *.adnxs.com *.googleapis.com *.stripe.com *.adform.net *.jsdelivr.net *.segment.com *.cloudflare.com *.triptease.io *.facebook.net *.spreedly.com *.doubleclick.net *.selfbook.com *.relay-t.io *.google.com *.vimeo.com *.licdn.com *.sojern.com stats.pusher.com *.hijiffy.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com secure-hotel-tracker.com *.pagespeed-mod.com unpkg.com; style-src 'self' 'unsafe-inline' *.gstatic.com use.fontawesome.com *.jsdelivr.net *.cloudflare.com *.typekit.net *.selfbook.com *.hijiffy.com cdn.honey.io self; style-src-elem 'self' 'unsafe-inline' fonts.cdnfonts.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com code.jquery.com *.googleapis.com *.selfbook.com *.typekit.net *.hijiffy.com cdn.honey.io *.bootstrapcdn.com ray.st unpkg.com *.gstatic.com; style-src-attr 'unsafe-inline'; img-src 'self' blob: data: *.theguestbook.com cdn.leanlibrary.app *.google.de *.google.co.kr *.google.co.jp *.google.fr cdn.simplycodes.com i.vimeocdn.com www.exploretock.com *.seadform.net *.doubleclick.net *.adform.net *.cloudflare.com *.synxis.com *.adnxs.com *.adsrvr.org messenger-services.com *.hijiffy.com *.w.org *.linkedin.com s3.eu-west-1.amazonaws.com *.cdninstagram.com *.selfbook.com secure.gravatar.com six-middelware-backend.s3.amazonaws.com theeventscalendar.com www.facebook.com *.google-analytics.com *.google.com *.google.es *.gstatic.com *.youtube.com *.sojern.com *.google.ca *.google.com.au *.google.com.mx *.googletagmanager.com secure-hotel-tracker.com *.googletraveladservices.com *.google.co.uk cdn.honey.io *.googleapis.com *.facebook.net eu-u.openx.net idsync.rlcdn.com rtb-csync.smartadserver.com tags.bluekai.com token.rubiconproject.com; font-src 'self' data: *.theguestbook.com cdn.ivaws.com at.alicdn.com static.zohocdn.com use.fontawesome.com *.googleapis.com account.affilitizer.com images.simplycodes.com static.hsappstatic.net static.zip.co www.slant.co http://themes.googleusercontent.com cdnjs.cloudflare.com *.gstatic.com *.selfbook.com six-middelware-backend.s3.amazonaws.com *.typekit.net *.hijiffy.com cdn.scite.ai chrome-extension maxcdn.bootstrapcdn.com moz-extension ray.st; connect-src 'self' securegw.paytm.in api.amcreativemedia.com api.aituria.com api.highdataanalytics.com *.theguestbook.com ib.adnxs.com *.googletagmanager.com cdn.jsdelivr.net *.typekit.net *.adsrvr.org *.rankmath.com *.cendyn.com *.googleadservices.com cdnjs.cloudflare.com *.vimeocdn.com api.mkmediaworks.com http://ad.doubleclick.net *.google.com *.segment.io *.selfbook.com *.triptease.io cdn.segment.com *.hijiffy.com google.com *.sentry.io *.sojern.com *.linkedin.com *.bugsnag.com *.doubleclick.net wss://ws-eu.pusher.com *.facebook.com *.google-analytics.com api.ipstack.com mbrfp.meetingbroker.com *.bing.com *.google.com.mx *.spreedly.com *.google.co.uk *.google.es *.launchdarkly.com overbridgenet.com properties sockjs-eu.pusher.com *.samsung.com *.googleapis.com *.cendynhub.com *.google.ca; media-src 'self' simplecast.com videos.fonts.ninja *.gstatic.com *.simplecast.com data:; child-src *.triptease.io *.google.com; frame-src 'self' recaptcha.net *.stripe.com *.googletagmanager.com c1.adform.net *.triptease.io *.google.com player.vimeo.com *.sojern.com *.doubleclick.net *.facebook.com *.spotify.com mozbar.moz.com player.simplecast.com; worker-src blob:; form-action 'self' *.facebook.com; manifest-src 'self'; report-uri https://sphrcl.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' data: https://www.facebook.com https://fo-emea.ttinteractive.com; default-src 'self' data: https://*.privacy-center.org https://*.analytics.google.com https://*.google-analytics.com https://td.doubleclick.net https://14003771.fls.doubleclick.net https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.alphamailing.fr https://www.google.fr https://adservice.google.com https://adservice.google.fr https://player.vimeo.com https://stats.g.doubleclick.net https://fast.wistia.net https://ps.w.org https://secure.gravatar.com https://yoast.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://ad.doubleclick.net https://fo-emea.ttinteractive.com https://www.gstatic.com https://fonts.gstatic.com https://connect.facebook.net https://www.google.com https://fonts.googleapis.com http://www.facebook.com 'unsafe-inline'; 1
frame-ancestors https://engage.talkative.uk https://ignite.mitel.com https://srv-contactcent.theimi.org.uk https://eu.engage.app/ *.theimi.org.uk  https://www.youtube.com/ https://imiacp.ddev.site:8443/; report-uri /report-csp-violation 1
frame-ancestors 'self' https://www.matrimonio.com.pe https://comunidad.matrimonio.com.pe https://landing.matrimonio.com.pe 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com *.google-analytics.com https://www.youtube.com/iframe_api https://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net https://floridahousing.org/Scripts/js/jquery.resizer.min.js https://translate.googleapis.com https://translate.google.com https://ajax.googleapis.com https://*.googleapis.com https://www.googletagmanager.com https://cdn.raygun.io/raygun4js/raygun.min.js https://www.floridahousing.org/ https://cdn.userway.org/widget.js elmahio.min.js https://www.floridahousing.org/Scripts/elmahio.min.js api.elmah.io *.userway.org https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js 'self' web-chat.nativechat.com cdn.ampproject.org *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://cdn.userway.org/widget.js *.userway.org https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css 'self' web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://translate.google.com https://www.google.com https://cdn.userway.org/widget.js *.userway.org 'self' web-chat.nativechat.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.userway.org; frame-src https://apps.floridahousing.org/ https://floridahousing.sharefile.com/ https://www.youtube.com/embed/QVXAam3CHi8 https://www.youtube.com/embed/lI6PG4UCm6I https://player.vimeo.com/video/389876939 https://www.youtube.com/embed/70sD1sJXHnM https://cdn.userway.org/widget.js api.elmah.io *.userway.org https://floridahousing.org/demo3.html https://www.youtube.com/embed/4vsmv-0AK8Y https://www.youtube.com/embed/Gb4b9gwNl8g https://www.youtube.com/embed/rolim_U_-J8 https://www.youtube.com/embed/Sj_3UTzBYbU https://www.youtube.com/embed/u0XFzHNcF6Y https://www.youtube.com/embed/59yHsKUQBf0 https://www.youtube.com/embed/111W_B9GiM8 https://www.youtube.com/embed/_4n68faqZS0 https://www.youtube.com/embed/_Ng1nHd_rBE https://www.youtube.com/embed/1s9RPndjEOg https://www.youtube.com//embed/2vhz6vbG8js 'self' web-chat.nativechat.com forms.hsforms.com; connect-src accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://floridahousing.org/Scripts/js/jquery.resizer.min.js https://translate.google.com https://ajax.googleapis.com https://*.googleapis.com *.google-analytics.com apis.google.com https://translate.googleapis.com https://stats.g.doubleclick.net https://cdn.userway.org/widget.js api.elmah.io *.userway.org 'self' forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://cdn.userway.org/widget.js *.userway.org 'self' web-chat.nativechat.com 1
frame-ancestors *.amazingco.me 1
default-src 'self' https:; style-src 'self' https://*.hotjar.com 'unsafe-inline' data: https:; font-src 'self' data: https:; script-src 'self' https://*.hotjar.com 'unsafe-eval' 'unsafe-inline' https:; connect-src https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'self' https:; img-src 'self' https://*.hotjar.com data: https:; media-src 'self' data: https:; 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com cdn.cookielaw.org pghub.io *.pricespider.com mpsnare.iesnare.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' assets.ctfassets.net feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' feed.pghub.io pandg.tapad.com ; img-src 'self' data: images.ctfassets.net pixel.tapad.com cdn.cookielaw.org www.googletagmanager.com feed.pghub.io pandg.tapad.com ; connect-src 'self' *.google-analytics.com cdn.cookielaw.org *.algolia.net *.algolianet.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https: https://fonts.gstatic.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https:; 1
child-src 'self' www.googletagmanager.com https:; connect-src 'self' *.hsforms.com www.googletagmanager.com *.ctfassets.net vimeo.com https: consentcdn.cookiebot.com consent.cookiebot.com; default-src 'self' https:; font-src data: 'self' https: *.vimeocdn.com; frame-src 'self' www.googletagmanager.com https: consentcdn.cookiebot.com consent.cookiebot.com; img-src data: 'self' https: *.ctfassets.net *.vimeocdn.com *.akamaized.net; media-src data: 'self' https: *.ctfassets.net *.vimeocdn.com *.akamaized.net; object-src 'none'; script-src data: 'unsafe-inline' 'wasm-unsafe-eval' 'self' https: www.googletagmanager.com *.hsforms.net vimeo.com *.vimeocdn.com player.vimeo.com consentcdn.cookiebot.com consent.cookiebot.com; style-src data: 'unsafe-inline' 'self' https: *.vimeocdn.com; worker-src 'none'; form-action 'self' *.hsforms.com https:; frame-ancestors 'self' app.contentful.com https:; upgrade-insecure-requests 1
frame-ancestors https://*.gusto.at https://*.vgn.at; upgrade-insecure-requests; block-all-mixed-content 1
upgrade-insecure-requests; base-uri 'self'; default-src 'none'; frame-ancestors 'none'; object-src 'none'; script-src 'none'; require-trusted-types-for 'script'; form-action 'none'; report-uri https://defesa.report-uri.com/r/d/csp/enforce 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.gstatic.com https://givebutter.com https://www.google.com https://www.googletagmanager.com  https://maps.googleapis.com https://maps.google.com https://connect.facebook.net https://www.youtube.com https://*.cloudfront.net https://www.bugherd.com https://www.google-analytics.com/analytics.js https://cdn.jsdelivr.net https://releases.transloadit.com https://script.hotjar.com/ https://static.hotjar.com 1
base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'none'; img-src 'self'; media-src 'none'; object-src 'none'; worker-src 'none'; form-action 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none' 1
frame-ancestors 'self' https://hireupsupport.zendesk.com 1
upgrade-insecure-requests;frame-ancestors 'self' 1
default-src 'self' https:; script-src 'self' t.contentsquare.net 'unsafe-inline' https: blob:; style-src 'self' 'unsafe-inline' https:; connect-src 'self' https:; img-src 'self' data: https:; base-uri 'self'; form-action 'self' https://secure.payzen.eu; 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri /json/csp-violation 1
frame-ancestors 'self' https://www.sirius.nl; 1
default-src 'self'; connect-src 'self' https://google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.googleapis.com https://*.google.com https://*.google.nl https://*.doubleclick.net https://*.fontawesome.com https://cdn.plyr.io https://*.timeblockr.com https://noembed.com https://*.tawk.to wss://*.tawk.to https://*.facebook.com https://*.facebook.net https://*.leadinfo.net https://*.leadinfo.com https://in.logtail.com https://*.browsealoud.com https://*.speechstream.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cdn.linkedin.oribi.io https://*.visualstudio.com https://*.clarity.ms https://*.tiktok.com https://*.amazonaws.com https://*.recras.nl https://*.hubspot.com https://*.hubapi.com https://*.hs-banner.com https://*.hsforms.com https://*.hsforms.net https://*.hscollectedforms.net https://*.bing.com https://*.cookiebot.com https://*.elfsight.com https://*.trustedshops.com https://*.etrusted.com https://*.trustbadge.com https://*.linkedin.com https://*.googleadservices.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cloudflare.com https://cdn.trustindex.io https://*.recras.nl https://dashboard.webwinkelkeur.nl https://polyfill.io https://*.hubspot.com https://*.hs-analytics.net https://*.hsadspixel.net https://*.usemessages.com https://*.hs-banner.com https://*.hsleadflows.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hscollectedforms.net https://*.fontawesome.com https://connect.facebook.net https://*.amazonaws.com https://*.googleapis.com https://*.google.com https://*.google.ad https://*.google-analytics.com https://*.googletagmanager.com https://*.doubleclick.net https://*.gstatic.com https://*.googleadservices.com https://*.googletagservices.com https://*.googleoptimize.com https://*.googlesyndication.com https://www.youtube.com https://player.vimeo.com https://*.timeblockr.com https://*.tawk.to wss://*.tawk.to https://cdn.jsdelivr.net https://*.browsealoud.com https://*.mailplus.nl https://*.leadinfo.net https://chimpstatic.com https://*.cookiebot.com https://*.calendly.com https://*.activehosted.com https://*.typekit.net https://*.hotjar.com https://*.pinterest.com https://*.licdn.com https://*.tiktok.com https://*.bing.com https://*.clarity.ms https://*.redditstatic.com https://*.adsafeprotected.com https://*.elfsight.com https://*.lfeeder.com https://*.app-us1.com data: blob: https://*.eventix.io https://*.trustedshops.com https://*.mollie.com https://sdk.privacy-center.org; style-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://*.gstatic.com https://*.mailplus.nl https://cdn.plyr.io https://*.recras.nl https://*.timeblockr.com https://*.hotjar.com https://*.cloudflare.com https://*.tawk.to https://*.leadinfo.net https://*.leadinfo.com https://*.googleapis.com; font-src 'self' https://fonts.gstatic.com https://cdn.trustindex.io https://*.fontawesome.com https://dashboard.webwinkelkeur.nl https://*.typekit.net https://*.timeblockr.com https://*.tawk.to https://*.hotjar.com https://*.cloudflare.com data: https://*.trustedshops.com https://*.leadinfo.net; img-src 'self' https://secure.gravatar.com https://*.tawk.to https://*.timeblockr.com https://*.typekit.net https://*.cloudflare.com https://*.google.at https://*.google.be https://*.google.ca https://*.google.ch https://*.google.ci https://*.google.com https://*.google.de https://*.google.es https://*.google.fi https://*.google.fr https://*.google.gr https://*.google.hu https://*.google.ie https://*.google.is https://*.google.lu https://*.google.lv https://*.google.nl https://*.google.no https://*.google.pt https://*.google.ro https://*.google.ru https://*.google.se https://*.google.sr https://*.google.tn https://*.google.com.bd https://*.google.com.bh https://*.google.com.eg https://*.google.com.et https://*.google.com.mt https://*.google.com.pa https://*.google.com.ph https://*.google.com.py https://*.google.com.tn https://*.google.com.tr https://*.google.com.ua https://*.google.com.vn https://*.google.co.by https://*.google.co.et https://*.google.co.id https://*.google.co.in https://*.google.co.jp https://*.google.co.uk https://*.google.co.za https://*.google-analytics.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.googleusercontent.com https://*.googleadservices.com https://*.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://*.cdninstagram.com https://*.facebook.com https://cdn.trustindex.io https://*.hotjar.com https://*.linkedin.com https://*.bing.com https://*.trustedshops.com https://*.hubspot.com https://*.hubspotusercontent-na1.net https://*.hsforms.com https://*.clarity.ms https://*.reddit.com https://*.mailplus.nl https://i.ytimg.com https://*.lfeeder.com https://*.tiktok.com https://*.amazonaws.com https://cdn.jsdelivr.net data: https://*.leadinfo.net https://*.leadinfo.com https://*.cookiebot.com https://woo.com https://*.mollie.com https://www.roularta.be; media-src 'self' https://vimeo.com https://player.vimeo.com https://*.akamaized.net blob:; frame-src 'self' https://www.youtube.com https://youtu.be https://*.youtube-nocookie.com https://youtube-nocookie.com https://player.vimeo.com https://calendly.com https://*.google.com https://*.googlesyndication.com https://*.doubleclick.net https://dashboard.webwinkelkeur.nl https://*.facebook.com https://consentcdn.cookiebot.com https://*.hubspot.com https://*.hsforms.com https://*.hs-sites.com https://*.klantenvertellen.nl https://open.spotify.com https://*.recras.nl https://*.stager.nl https://*.stager.co blob: https://myprivacy.roularta.be; frame-ancestors 'self'; form-action 'self' https://*.facebook.com https://*.make.com https://*.hsforms.com https://*.hubspot.com https://*.mailplus.nl https://*.mollie.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' strict-dynamic https: http: blob: data: *.osano.com *.braintreegateway.com;img-src * data: *.activeprospect.com;object-src 'none';base-uri 'none';style-src 'self' 'unsafe-inline' *.jsdelivr.net *.typekit.net *.braintreegateway.com; 1
report-uri https://pestdefense.com 1
default-src https:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 1
connect-src 'self' https://apis.google.com https://dev.onepay.vn/home/; 1
frame-ancestors 'self' https://www.growingio.com 1
default-src 'self' *.cloudinary.com *.fontawesome.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.osvhub.com *.osvmosaicservices.com *.pendo.io *.telerik.com; img-src 'self' *.cloudinary.com *.google.com *.googleapis.com *.osvhub.com *.pendo.io *.telerik.com osv.zendesk.com static.zdassets.com v2assets.zopim.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudinary.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com js.datadome.co *.osvmosaicservices.com *.pendo.io *.telerik.com ekr.zdassets.com ekr.zendesk.com zendesk-eu.my.sentry.io osv.zendesk.com static.zdassets.com wss://osv.zendesk.com wss://*.zopim.com *.zopim.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudinary.com api-js.datadome.co *.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagservices.com *.launchdarkly.com *.osvhub.com pagead2.googlesyndication.com data.pendo.io *.pendo.io *.visualstudio.com ekr.zdassets.com ekr.zendesk.com zendesk-eu.my.sentry.io osv.zendesk.com static.zdassets.com wss://osv.zendesk.com wss://*.zopim.com *.zopim.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudinary.com *.fontawesome.com *.googleapis.com *.osvhub.com *.pendo.io *.telerik.com; media-src 'self' content.osvhubstaticcontent.com static.zdassets.com; frame-src *.osvmosaicservices.com app.pendo.io geo.captcha-delivery.com status.osvhub.com suggestions.osvhub.com upload-widget.cloudinary.com www.google.com/recaptcha/ www.figma.com; worker-src blob:; 1
default-src 'self' *.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.chime.aws *.pingdom.net *.google.com *.googleusercontent.com unpkg.com *.datafree.co *.amazonaws.com *.doubleclick.net *.vimeo.com *.facebook.net *.clarity.ms *.intercom.io *.intercomcdn.com data: ws:; img-src * data:; style-src 'self' 'unsafe-inline' api.mapbox.com *.googleapis.com unpkg.com *.cloudfront.net *.googletagmanager.com *.googleadservices.com *.datafree.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudfront.net *.google-analytics.com *.clarity.ms *.jquery.com *.googletagmanager.com *.googleapis.com unpkg.com *.google.com *.gstatic.com *.datafree.co *.googleadservices.com *.facebook.com *.facebook.net *.intercom.io *.intercomcdn.com *.pingdom.net blob: 1
base-uri 'none'; object-src 'none'; script-src 'self' *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.youtube.com *.ytimg.com; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; worker-src https://*.ewnova.live/ https://*.mindtools.com/ https://www.ewnova.live/ blob:; connect-src https://yoast.com/ https://my.wpengine.com/ https://s.w.org/ https://wpengine.com/ https://*.ewnova.live/ https://*.mindtools.com/ https://ewnova.live/ https://*.www.ewnova.live/ https://www.ewnova.live/ https://r1.trackedweb.net/ https://*.amazonaws.com/ https://cdn-cookieyes.com/ https://*.cookieyes.com/ https://*.browser-intake-datadoghq.com/ https://*.browser-intake-datadoghq.eu/ https://www.google-analytics.com/ https://*.hotjar.com/ https://*.logs.datadoghq.eu/ wss://*.hotjar.com/ wss://*.mindtools.com/ wss://wss-live-nova-api.mindtools.com/ wss://*.ewnova.live/ wss://ewnova.live/ wss://*.www.ewnova.live/ wss://www.ewnova.live/ https://*.hotjar.io/ https://*.gstatic.com/ https://*.googlesyndication.com/ https://*.google-analytics.com/ https://nova-live-content.s3.eu-west-2.amazonaws.com/ https://nova-dev-content.s3.eu-west-2.amazonaws.com/ https://nova-dev-s3.imgix.net/ https://nova-live.imgix.net/ https://cdn.jsdelivr.net/npm/@emoji-mart/data https://*.visualwebsiteoptimizer.com/ https://www.google.com https://stats.g.doubleclick.net https://*.execute-api.eu-west-2.amazonaws.com/ https://*.execute-api.us-west-1.amazonaws.com/ https://*.execute-api.ap-southeast-1.amazonaws.com/ https://*.execute-api.sa-east-1.amazonaws.com/ wss://*.execute-api.eu-west-2.amazonaws.com/ wss://*.execute-api.us-west-1.amazonaws.com/ wss://*.execute-api.ap-southeast-1.amazonaws.com/ wss://*.execute-api.sa-east-1.amazonaws.com/; img-src https://via.placeholder.com/ https://secure.gravatar.com/ https://mindtoolsdev.wpengine.com/ https://mindtoolsstg.wpengine.com/ https://mindtoolslive.wpengine.com/ https://my.wpengine.com/ https://s.w.org/ https://wpengine.com/ https://*.wpengine.com/ https://p.typekit.net/ https://elements.oxy.host/ w3.org/svg/2000 https://www.ewnova.live https://*.ewnova.live https://goodpractice.imgix.net/ https://nova-live-content.s3.eu-west-2.amazonaws.com/ https://nova-dev-content.s3.eu-west-2.amazonaws.com/ https://nova-dev-s3.imgix.net/ https://nova-live.imgix.net/ https://d2iiunr5ws5ch1.cloudfront.net/ https://*.visualwebsiteoptimizer.com/ https://content.jwplatform.com/ https://cdn-cookieyes.com/ https://prd.jwpltx.com/ https://assets-jpcust.jwpsrv.com/ https://script.hotjar.com/ https://*.googlesyndication.com/ https://www.google-analytics.com/ https://t.co https://analytics.twitter.com https://www.facebook.com data:; font-src 'self' https://use.typekit.net/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ https://script.hotjar.com/ data:; media-src blob:; 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * blob: data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
img-src 'self' *.thecheat.co.kr;media-src https://*;connect-src 'self' *.thecheat.co.kr *.naver.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.thecheat.co.kr  *.naver.net *.naver.com *.jquery.com *.google-analytics.com *.google.com *.youtube.com;style-src 'self' 'unsafe-inline' *.bootstrapcdn.com; 1
default-src 'self';script-src 'self' 'nonce-VN9OpH5bJtHCMSrYhzMACs00REFrZKdKnKeQtZg7VPY=' ajax.cloudflare.com cdnjs.cloudflare.com www.google.com www.gstatic.com secure.wufoo.com static.wufoo.com cc.cdn.civiccomputing.com maps.googleapis.com player.vimeo.com *.googletagmanager.com googletagmanager.com www.google-analytics.com tools.eurolandir.com 3xscreen.videosync.fi s3.amazonaws.com laingorourke.us1.list-manage.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;object-src 'none';connect-src 'self' maps.googleapis.com our.umbraco.com *.google-analytics.com google-analytics.com apikeys.civiccomputing.com clapi.civiccomputing.com stats.g.doubleclick.net analytics.google.com *.analytics.google.com region1.google-analytics.com region1.analytics.google.com printreleaf.com;font-src 'self' fonts.gstatic.com;frame-src 'self' *.wufoo.com www.google.com printreleaf.com marketplace.umbraco.com youtube.com www.youtube.com player.vimeo.com forms.zohopublic.eu tools.eurolandir.com my.matterport.com td.doubleclick.net indd.adobe.com;img-src 'self' data: *.googleusercontent.com i.vimeocdn.com dashboard.umbraco.com maps.googleapis.com maps.gstatic.com www.googletagmanager.com www.google.co www.google.co.uk i.ytimg.com www.google-analytics.com accounts.google.co.uk www.google.rs;frame-ancestors 'self';upgrade-insecure-requests ;block-all-mixed-content 1
default-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.jsdelivr.net https://optanon.blob.core.windows.net https://cdnjs.cloudflare.com https://invitation.opinionbar.com https://www.google-analytics.com https://pp-ad.enviedebienmanger.fr https://tags.digital-metric.com https://analytics.digital-metric.com https://dgvoua7mh4f9h.cloudfront.net https://pp-v4-www.enviedebienmanger.fr https://www.enviedebienmanger.fr https://5301507.fls.doubleclick.net https://www.google.com https://tbl.tradedoubler.com https://track.effiliation.com https://tagmanager.google.com https://connect.facebook.net https://staticxx.facebook.com https://www.gstatic.com/ https://tracker.optin-lead.com https://snakeinteractive.go2cloud.org https://www.google.fr https://www.uptilabtest1.com https://fonts.googleapis.com https://fonts.gstatic.com https://contact.president.fr https://tracker.mailomedia-tracking.com https://swrap.tradoubler.com https://cdn.cookielaw.org https://www.dwin1.com https://www.awin1.com https://www.zenaps.com https://the.sciencebehindecommerce.com https://static.criteo.net https://mobile.mng-ads.com https://sslwidget.criteo.com https://gum.criteo.com https://stats.g.doubleclick.net https://api.flymenu.fr https://form.jevousremercie.fr https://action.metaffiliation.com https://tag.aticdn.net https://geolocation.onetrust.com https://logs1412.xiti.com https://analytics.digital-metric.net https://primevere.voyelle-dev.fr https://privacyportal-de.onetrust.com https://files.qualifio.com https://www.facebook.com https://adservice.google.com; connect-src *; frame-src 'self' https://5301507.fls.doubleclick.net https://tagmanager.google.com https://www.google.com https://tracker.optin-lead.com https://snakeinteractive.go2cloud.org https://www.google.fr https://www.uptilabtest1.com https://track.actiplay-network.com https://7890636.fls.doubleclick.net https://www.youtube.com https://fonts.googleapis.com https://cdn.cookielaw.org https://fonts.gstatic.com https://staticxx.facebook.com https://contact.president.fr https://www.president.fr https://adbx.io https://www.jeu-enviedebienmanger.fr https://www.dwin1.com https://www.awin1.com https://www.zenaps.com https://the.sciencebehindecommerce.com https://stats.g.doubleclick.net blob: https://api.flymenu.fr https://app.flymenu.fr https://form.jevousremercie.fr https://action.metaffiliation.com https://tag.aticdn.net https://geolocation.onetrust.com https://primevere.voyelle-dev.fr https://td.doubleclick.net https://files.qualifio.com https://numberly.qualifioapp.com https://www.opecashback-edbm-2024.fr https://www.facebook.com https://*.fls.doubleclick.net https://primevere.com; img-src 'self' https://www.googletagmanager.com https://optanon.blob.core.windows.net https://cdnjs.cloudflare.com https://invitation.opinionbar.com https://www.google-analytics.com https://tags.digital-metric.com https://analytics.digital-metric.com https://dgvoua7mh4f9h.cloudfront.net data: https://www.enviedebienmanger.fr https://stats.g.doubleclick.net https://*.fls.doubleclick.net https://www.google.com https://tbl.tradedoubler.com https://www.google.fr https://www.google.mu https://track.effiliation.com https://tagmanager.google.com https://connect.facebook.net https://staticxx.facebook.com https://tracker.optin-lead.com https://snakeinteractive.go2cloud.org https://www.uptilabtest1.com https://track.actiplay-network.com https://www.gstatic.com https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://contact.president.fr https://tracker.mailomedia-tracking.com https://swrap.tradoubler.com https://cdn.cookielaw.org https://www.dwin1.com https://www.awin1.com https://www.zenaps.com https://the.sciencebehindecommerce.com https://static.criteo.net https://mobile.mng-ads.com https://sslwidget.criteo.com https://gum.criteo.com https://api.flymenu.fr https://static.flymenu.fr https://form.jevousremercie.fr https://action.metaffiliation.com https://tag.aticdn.net https://geolocation.onetrust.com https://analytics.digital-metric.net https://primevere.voyelle-dev.fr https://kwptg.kantarworldpanel.fr https://ad.doubleclick.net https://files.qualifio.com https://scripts.qualifioapp.com https://www.facebook.com https://adservice.google.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://optanon.blob.core.windows.net https://cdnjs.cloudflare.com https://invitation.opinionbar.com https://www.google-analytics.com https://tags.digital-metric.com https://analytics.digital-metric.com https://dgvoua7mh4f9h.cloudfront.net https://www.enviedebienmanger.fr https://5301507.fls.doubleclick.net https://www.google.com https://tbl.tradedoubler.com https://track.effiliation.com https://tagmanager.google.com https://connect.facebook.net https://staticxx.facebook.com https://www.gstatic.com http://cdnjs.cloudflare.com https://tracker.optin-lead.com https://snakeinteractive.go2cloud.org https://www.google.fr https://www.uptilabtest1.com https://track.actiplay-network.com https://7890636.fls.doubleclick.net https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://contact.president.fr https://tracker.mailomedia-tracking.com https://swrap.tradoubler.com https://cdn.cookielaw.org https://www.jeu-enviedebienmanger.fr https://www.dwin1.com https://www.awin1.com https://www.zenaps.com https://the.sciencebehindecommerce.com https://static.criteo.net https://mobile.mng-ads.com https://sslwidget.criteo.com https://gum.criteo.com https://stats.g.doubleclick.net https://api.flymenu.fr https://form.jevousremercie.fr https://action.metaffiliation.com https://tag.aticdn.net https://geolocation.onetrust.com https://logs1412.xiti.com https://analytics.digital-metric.net https://static.digital-metric.net https://primevere.voyelle-dev.fr https://files.qualifio.com https://scripts.qualifioapp.com cdn.jsdelivr.net https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://optanon.blob.core.windows.net https://cdnjs.cloudflare.com https://invitation.opinionbar.com https://www.google-analytics.com https://tags.digital-metric.com https://analytics.digital-metric.com https://dgvoua7mh4f9h.cloudfront.net https://www.enviedebienmanger.fr https://*.fls.doubleclick.net https://*.doubleclick.net https://www.google.com https://tbl.tradedoubler.com https://track.effiliation.com https://tagmanager.google.com https://www.gstatic.com/ https://tracker.optin-lead.com https://snakeinteractive.go2cloud.org https://www.google.fr https://www.uptilabtest1.com https://track.actiplay-network.com https://7890636.fls.doubleclick.net https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://contact.president.fr https://tracker.mailomedia-tracking.com https://swrap.tradoubler.com https://cdn.cookielaw.org https://www.dwin1.com https://www.awin1.com https://www.zenaps.com https://the.sciencebehindecommerce.com https://static.criteo.net https://mobile.mng-ads.com https://sslwidget.criteo.com https://gum.criteo.com https://stats.g.doubleclick.net https://api.flymenu.fr data: https://form.jevousremercie.fr https://action.metaffiliation.com https://tag.aticdn.net https://geolocation.onetrust.com https://primevere.voyelle-dev.fr https://www.facebook.com https://www.primevere.com https://cdn.jsdelivr.net 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com s3.amazonaws.com fonts.googleapis.com *.hotjar.com *.zopim.com *.fontawesome.com data: maxcdn.bootstrapcdn.com *.fonts.googleapis.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com amc.demdex.net *.paypalobjects.com *.payflowlink.paypal.com cdn.dnky.co youtube.com www.youtube.com *.hotjar.com *.facebook.com *.trustpilot.com *.criteo.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.addthis.com *.pinterest.com tarpsnow.attn.tv creatives.attn.tv *.doubleclick.net *.bayengage.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com *.amazonaws.com *.webtraxs.com *.bing.com *.adelixir.com *.cloudfront.net *.targetbay.com facebook.com *.linkedin.com google-analytics.com www.google.co.in *.adroll.com adroll.com *.tb-list.com *.advertising.com *.casalemedia.com *.rubiconproject.com *.pubmatic.com eb2.3lift.com *.taboola.com *.rlcdn.com *.yahoo.com *.outbrain.com x.bidswitch.net us-u.openx.net cm.g.doubleclick.net ib.adnxs.com *.google.com pippio.com google.mg google.fr *.google.ca *.exelator.com *.google.co.uk *.nr-data.net *.convertcart.com *.clarity.ms www.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com www.linkedin.com linkedin.com googletagmanager.com gallery.mailchimp.com *.trustedshops.com www.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net quickchart.io img.youtube.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com *.facebook.com *.reddit.com events.attentivemobile.com region1.google-analytics.com region1.analytics.google.com *.google-analytics.com *.analytics.google.com *.bayengage.com *.searchspring.net *.tarpsnow.com *.hsforms.com *.hubspot.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com widget.freshworks.com m2epro.freshdesk.com mc.us15.list-manage.com *.targetbay.com *.bing.com *.adelixir.com *.cloudfront.net *.noibu.com *.webtraxs.com apis.google.com *.adroll.com adroll.com *.consensu.org renokonnect.com *.cloudflare.com *.dca0.com *.convertcart.com *.pippio.com *.clarity.ms www.google.com gstatic.com www.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com cdn.jsdelivr.net www.googleoptimize.com www.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com https://www.googletagmanager.com tagmanager.google.com s7.addthis.com *.avada.io *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://cdn.searchspring.net/intellisuggest/is.min.js *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.redditstatic.com *.reddit.com unpkg.com cdn.attn.tv *.luckyorange.com *.bayengage.com *.searchspring.io *.doubleclick.net cdn.yottaa.com *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.cloudfront.net *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net tagmanager.google.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.gstatic.com unsafe-inline assets.braintreegateway.com *.targetbay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.zopim.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com widget.freshworks.com m2epro.freshdesk.com *.targetbay.com *.noibu.com *.luckyorange.net wss://*.noibu.com wss://visitors.live wss://*.visitors.live *.bing.com *.dca0.com bat.bing.com *.convertcart.com *.luckyorange.com api-js.mixpanel.com *.clarity.ms commerce.adobedc.net api.comapi.com www.google-analytics.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com www.clarity.ms *.facebook.com *.datatrics.com https://www.google-analytics.com ekr.zdassets.com/ https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://beacon.searchspring.io/beacon *.cloudflare.com *.googleapis.com *.addthis.com https://graph.instagram.com *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net *.yottaa.net tarpsnow.attn.tv events.attentivemobile.com region1.google-analytics.com region1.analytics.google.com *.analytics.google.com realtime.luckyorange.com wss://realtime.luckyorange.com/mqtt https://in.visitors.live/ajax *.bayengage.com *.searchspring.io 82zw19.a.searchspring.io *.googlesyndication.com *.hs-analytics.net *.hscollectedforms.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://www.whipsnadezoo.org https://cms.whipsnadezoo.org; object-src 'none'; base-uri 'self'; style-src 'self' https://www.whipsnadezoo.org https://cms.whipsnadezoo.org 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://tagmanager.google.com https://www.googletagmanager.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com https://www.tripadvisor.co.uk https://static.tacdn.com ; font-src 'self' https://www.whipsnadezoo.org https://cms.whipsnadezoo.org data: https://p.typekit.net https://use.typekit.net https://fonts.gstatic.com https://fonts.googleapis.com https://script.hotjar.com https://static.tacdn.com ; script-src 'self' https://www.whipsnadezoo.org https://cms.whipsnadezoo.org 'nonce-45697648732d4a614554704539636473' 'sha256-ZnhAS6LXLZWmpPSEDrVRkNeIsVEIsRredGkFx2WiKec=' 'sha256-iW4WnuBtxrtQK6YASZph6rx6yZZMg0U77OLIlEZvlDA=' 'sha256-48TuDkUabuH2v1zRqgyqecgn+HRkc9gfpOVMELfgzQI=' 'sha256-U96gVTGDtlmnaK204EbaOTNyZRKvfBiWyuolgJwd8CI=' 'sha256-2L/tFj1yFovfnD4TertAGuww56zrGsGC1JDWaqC75s0=' 'sha256-9HOlWcnxwIXUmTPdnAhre+W8Z0FDeSQmn4+a1GXnQSA=' 'sha256-dKGt8dCuqKR/hwtTSFNbDeXeYUxOjtop6H2SYqoIGvc=' 'sha256-y6gO+OYD2TDPY9r3GtOTvnCs5/oE/O7PmNL2zaGYeJQ=' 'sha256-Jg7eYnts8zlTEJyHuCysngL/qIiJiSEFfkFvZJOMRGY=' https://cdn.jsdelivr.net https://connect.facebook.net https://cookie-cdn.cookiepro.com https://r1.dotdigital-pages.com https://r1-t.trackedlink.net/_dmpt.js https://s.yimg.com/wi/ytc.js https://static.hotjar.com https://script.hotjar.com https://analytics.twitter.com https://static.ads-twitter.com/uwt.js https://www.dwin1.com/15333.js https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://www.youtube.com https://www.youtube-nocookie.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://campaign.zsl.org https://reclaimhub.com https://www.tripadvisor.co.uk https://www.tripadvisor.com https://static.tacdn.com https://www.jscache.com https://analytics.tiktok.com https://static.trackedweb.net https://www.googletagmanager.com https://lantern.roeyecdn.com https://go.affec.tv https://cdn.cookielaw.org https://secure.adnxs.com ; connect-src 'self' https://www.whipsnadezoo.org https://cms.whipsnadezoo.org https://cookie-cdn.cookiepro.com https://s.yimg.com https://stats.g.doubleclick.net https://*.google.co.uk https://*.google.com https://*.google-analytics.com https://geolocation.onetrust.com https://privacyportal.cookiepro.com https://*.analytics.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com/tr/ https://campaign.zsl.org https://analytics.tiktok.com https://px.ads.linkedin.com ; frame-src 'self' https://www.whipsnadezoo.org https://cms.whipsnadezoo.org data: https://*.fls.doubleclick.net https://vars.hotjar.com https://www.facebook.com https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://r1.dotdigital-pages.com https://www.arcgis.com https://html5-player.libsyn.com https://campaign.zsl.org https://www.google.com https://bid.g.doubleclick.net https://td.doubleclick.net https://reclaimhub.com https://zsl-london-zoo-timeline.octophindev.com https://cdn.knightlab.com https://my.matterport.com https://hhakkinen.shinyapps.io ; frame-ancestors 'self' https://www.whipsnadezoo.org https://cms.whipsnadezoo.org https://cms.zsl.org https://www.zsl.org https://cms.londonzoo.org https://www.londonzoo.org https://cms.whipsnadezoo.org https://www.whipsnadezoo.org https://campaign.zsl.org ; img-src 'self' https://www.whipsnadezoo.org https://cms.whipsnadezoo.org data: https://analytics.twitter.com https://cookie-cdn.cookiepro.com https://sp.analytics.yahoo.com https://t.co https://www.facebook.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.uk https://www.google.be https://campaign.zsl.org https://static.hotjar.com https://script.hotjar.com https://i.ytimg.com https://*.fls.doubleclick.net https://ad.doubleclick.net https://*.googlesyndication.com https://www.tripadvisor.co.uk https://px.ads.linkedin.com https://adservice.google.com https://lantern.roeye.com https://map.go.affec.tv ; upgrade-insecure-requests; 1
report-uri https://ulcm.report-uri.com/r/d/csp/enforce;base-uri 'none';object-src 'none';frame-ancestors 'self';form-action 'self' https://www.facebook.com;upgrade-insecure-requests;script-src 'self' https://www.googletagmanager.com/ https://bat.bing.com/ https://connect.facebook.net/ https://cdnjs.cloudflare.com/ https://api.swiftype.com/ https://www.google-analytics.com/ https://ajax.googleapis.com/ https://platform.twitter.com/ https://script.crazyegg.com/ 'unsafe-inline' 'strict-dynamic' 'nonce-NLODYtCuAbts3ANFtHzwOtVxNYNJ1NZd' 1
frame-src 'self' *.queue-it.net *.hkpc.org *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.youtube.com *.google.com *.youtube-nocookie.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hscollectedforms.net *.hs-banner.com *.gstatic.com *.islash.io *.outlook.com *.hsforms.com *.jquery.com *.hubspot.com; script-src-elem 'self' 'unsafe-inline' *.queue-it.net *.hkpc.org *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.youtube.com *.google.com *.gstatic.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hscollectedforms.net *.hs-banner.com *.islash.io *.outlook.com *.jquery.com *.hubspot.com html5shiv.googlecode.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; report-uri https://www.hkpc.org/zh-HK/report-uri/enforce 1
frame-ancestors 'self' https://*.optimizely.com; default-src 'self'; font-src 'self' https://*.gstatic.com https://*.typekit.net https://*.sharepointonline.com data:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com; img-src 'self' https: data: https://*.optimizely.com; connect-src https: wss://*.hotjar.com https://*.optimizely.com; frame-src 'self' https://*.hotjar.com https://*.snapchat.com https://*.facebook.com https://*.trustpilot.com https://*.greenhouse.io https://*.vimeo.com https://*.google.com https://*.youtube.com https://*.typeform.com https://*.optimizely.com https://*.doubleclick.net 1
default-src 'self' 'self' https://*.fontawesome.com https://*.google-analytics.com https://*.analytics.google.com; img-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com transloadit.edgly.net use.fontawesome.com code.jquery.com https://*.fontawesome.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com/ https://*.gstatic.com; font-src 'self' use.fontawesome.com fonts.gstatic.com fonts.googleapis.com https://*.fontawesome.com fontawesome.com 'self' data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com transloadit.edgly.net use.fontawesome.com https://fonts.googleapis.com/; frame-src 'self' https://*.google.com/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.in4mo.net www.google.com *.bing.com *.virtualearth.net seal.verisign.com *.amazonaws.com *.in4mo.io *.gstatic.com cdn.matomo.cloud in4mo.matomo.cloud 1
default-src 'self' data: *.birjand.ac.ir http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org https://cdn77.api.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://conf.isc.ac https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com https://widget-react.raychat.io; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org https://widget-react.raychat.io; img-src 'self' blob: data: https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://ws5.goftino.com wss://cdn.goftino.com https://api.userway.org https://cdn.userway.org https://cdn77.api.userway.org https://widget-service.raychat.io wss://ws10.goftino.com; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org https://edu.sapiba.ir; frame-ancestors 'self' https://trustseal.enamad.ir; 1
default-src 'self' *.nshipster.com; script-src 'self' *.nshipster.com https://*.apple-mapkit.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.gravatar.com https://*.apple-mapkit.com; frame-ancestors 'none'; object-src 'none'; connect-src 'self' *.nshipster.com https://*.apple-mapkit.com; base-uri 'none'; upgrade-insecure-requests; report-uri https://readeval.report-uri.com/r/d/ct/reportOnly; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com *.livechatinc.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com *.paymentexpress.com *.windcave.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.doubleclick.net *.livechatinc.com *.facebook.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.xtento.com *.paymentexpress.com *.windcave.com app.redpepperdigital.net www.google.com https://staticcdn.co.nz 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://static.afterpay.com https://site-assets.afterpay.com/ *.google.com *.google.com.ua *.google.com.nz *.google.co.nz *.shielded.co.nz shielded.co.nz *.gstatic.com *.facebook.com www.google.by c.clarity.ms c.bing.com pixel.quantserve.com *.googleapis.com *.cdninstagram.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.xtento.com cdn.xtento.com app.redpepperdigital.net *.animates.co.nz *.bazaarvoice.com *.doubleclick.net https://shielded.co.nz/img/custom-logo.png data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com https://js.appboycdn.com/web-sdk/5.0/braze.min.js sdk.iad-06.braze.com *.animates.co.nz *.googleapis.com api.livechatinc.com cdn.livechatinc.com *.nr-data.net cdn.lr-ingest.io cdn.pricespider.com cdnjs.cloudflare.com connect.facebook.net foursixty.com geoip-db.com js-agent.newrelic.com rules.quantcount.com script.crazyegg.com secure.quantserve.com static.zdassets.com staticcdn.co.nz www.clarity.ms apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.avada.io player.vimeo.com www.xtento.com cdn.xtento.com app.redpepperdigital.net analytics.tiktok.com https://foursixty.com capig.animates.co.nz https://staticcdn.co.nz/embed/embed.js https://cdn.jsdelivr.net/mark.js/8.6.0/jquery.mark.min.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com foursixty.com *.fontawesome.com display.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'none'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.zdassets.com *.livechatinc.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com sdk.iad-06.braze.com animatesnz.zendesk.com *.nr-data.net *.zdassets.com *.googleapis.com *.lr-ingest.io script.crazyegg.com *.doubleclick.net *.clarity.ms *.google.co.nz *.zopim.com *.livechatinc.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://get.geojs.io *.avada.io assets-tracking.crazyegg.com pagestates-tracking.crazyegg.com tracking.crazyegg.com adservice.google.com analytics.tiktok.com https://foursixty.com capig.animates.co.nz 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.animates.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://manage.vendingmarketwatch.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
base-uri 'self'; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com; manifest-src 'self'; media-src 'self'; object-src 'self'; report-to /csp-violation-report/; worker-src 'self' blob:; 1
1 1
default-src 'self' criticalsoftware.com; script-src-elem 'self' 'nonce-gtm-20240117-1255' 'nonce-gtm-20240409' 'nonce-csw-20240409' *.googletagmanager.com *.hsforms.net *.hsforms.net https://js.hs-banner.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hsadspixel.net https://snap.licdn.com; script-src 'self' 'nonce-gtm-20240117-1255' 'nonce-gtm-20240409' 'nonce-csw-20240409' *.googletagmanager.com *.hsforms.net script.crazyegg.com snap.licdn.com js.hs-scripts.com forms.hsforms.com google-analytics.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; img-src 'self' data: criticalsoftware.com www.criticalsoftware.com https://*.google-analytics.com https://*.googletagmanager.com forms-na1.hsforms.com forms.hsforms.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://www.google.pt https://www.google.com https://track.hubspot.com; connect-src 'self' backend.criticalsoftware.com forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://www.google.pt https://api.hubapi.com; media-src 'self' data: criticalsoftware.com; font-src 'self' https://cdnjs.cloudflare.com; object-src 'none'; form-action 'self' forms.hsforms.com; frame-ancestors 'self'; frame-src 'self' *.hsforms.net *.hsforms.com; upgrade-insecure-requests; 1
base-uri 'self'; default-src 'none'; script-src 'strict-dynamic' 'nonce-k2MtTymxUKomWSXYQFjF8dxvAo6EKWvQ'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: blob: a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org i.ytimg.com maps.googleapis.com maps.gstatic.com s3.eu-west-1.amazonaws.com twemoji.maxcdn.com widget.kominfo.go.id www.googletagmanager.com www.gstatic.com; font-src 'self' data: fonts.gstatic.com widget-v4.tidiochat.com; connect-src 'self' analytics.google.com maps.googleapis.com stats.addtoany.com stats.g.doubleclick.net widget.kominfo.go.id www.google-analytics.com wss://socket.tidio.co; media-src 'self' widget-v4.tidiochat.com; object-src 'none'; form-action 'self'; frame-ancestors 'self'; frame-src 'self' docs.google.com newassets.hcaptcha.com public.tableau.com static.addtoany.com view.officeapps.live.com www.google.com www.youtube.com; manifest-src 'self'; worker-src 'self'; upgrade-insecure-requests; 1
frame-ancestors https://*.prod.kanvo.com https://*.kanvo.com https://*.prod.redsailapp.com https://*.redsailapp.com https://*.prod.rxlocal.com https://*.rxlocal.com; 1
frame-ancestors 'self' https://manage.plantservices.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'none'; script-src 'self' https://*.hotjar.com https://appsrv.directcouriers.com.au https://browser-update.org/update.min.js https://images.dmca.com/Badges/DMCABadgeHelper.min.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://maps.googleapis.com/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ 'nonce-eiwIrES9gomlRese481S'; style-src 'self' https://directcouriers.us10.list-manage.com https://*.hotjar.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css https://cdn.plyr.io/3.7.3/plyr.css https://fast.fonts.net/t/1.css 'nonce-eiwIrES9gomlRese481S'; object-src 'self' https://appsrv.directcouriers.com.au; base-uri 'self' https://appsrv.directcouriers.com.au; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://appsrv.directcouriers.com.au https://www.google-analytics.com https://maps.googleapis.com/ 'nonce-eiwIrES9gomlRese481S'; font-src 'self' https://*.hotjar.com https://fonts.gstatic.com https://fast.fonts.net/t/1.css; frame-src 'self' https://appsrv.directcouriers.com.au https://vimeo.com https://player.vimeo.com https://www.google.com/; img-src 'self' https://*.hotjar.com https://images.dmca.com https://www.google-analytics.com https://maps.gstatic.com/ https://maps.googleapis.com/ data:; manifest-src 'self' https://appsrv.directcouriers.com.au; media-src 'self' https://appsrv.directcouriers.com.au; report-uri https://62e0db94e7a4e344fdd77039.endpoint.csper.io/?v=1; worker-src 'self' https://appsrv.directcouriers.com.au; frame-ancestors 'self' https://appsrv.directcouriers.com.au; form-action 'self' https://appsrv.directcouriers.com.au 'nonce-eiwIrES9gomlRese481S'; upgrade-insecure-requests 1
frame-ancestors 'none'; default-src 'self'; script-src 'self' 'unsafe-inline' app.tinyanalytics.io www.google-analytics.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com www.googletagmanager.com; frame-src 'none' widget.changelly.com www.google.com www.youtube.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: ik.imagekit.io chart.googleapis.com stats.g.doubleclick.net www.google-analytics.com; font-src 'self' fonts.gstatic.com; connect-src 'self' app.tinyanalytics.io; 1
frame-ancestors 'self' moovicite.com test.dbm-local.com; 1
default-src 'none'; frame-src https://www.youtube-nocookie.com; img-src 'self' https://img.shields.io data: https://raw.githubusercontent.com https://github.com; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src data: 'self'; connect-src 'self' https://stats.anima.nz/count; object-src 'none'; media-src 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self'; frame-ancestors 'none'; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' https: *.talos.com sentry.io widget.intercom.io js.intercomcdn.com; style-src 'self' 'unsafe-inline' https: fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https: fonts.googleapis.com; img-src 'self' data: storage.googleapis.com blob:  cdnjs.cloudflare.com/ajax/libs/twemoji/; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; frame-src 'self' https: *.talostrading.com blob: *.talostrading.com *.talos.com ; connect-src wss: sentry.io *.sentry.io *.datadoghq.com browser-intake-datadoghq.com *.browser-intake-datadoghq.com *.intercom.io *.mixpanel.com cdnjs.cloudflare.com/ajax/libs/twemoji/ talostrading.com *.talostrading.com 1
default-src 'self';script-src 'self' 'sha256-SkZYlM/DnEYa1DqVEpWdJ4xu32ABcyryxEgY0GX7Rsw=' 'sha256-AYyIhiyVwTLrw2hrJ3/PqIZxE9iM5rhnrFKGWh27Qqo=' 'sha256-LECLh+TbJs5nJ1VIZ4UE+KQD0LQkvJ+LU/0YoF9W6As=' 'sha256-u1rON8FMTy/xzocP1NMZCeuxgT7prQyncEoFw5vweoI=' 'sha256-f5lsRfP9D3IfItCArg/eFPe3u1pBW1Uh5IahkioNYEA=' 'sha256-vwUBT1MmLENiSSTPXpUO/dTjtJzZY9byamZkhJNq3lo=' 'sha256-0KdjwaiUg+h6Sf489zmQKCWt8Bn24yyzaWsXbIFOpk4=' 'sha256-g+odoihHDk8pagnVrEcdVdm2Ifbw8G3zE8HIPmy2y8o=' 'sha256-hModenNvf9UAnNt4GeQmPsL63bAnxv/tcc9jCpxFPTg=' 'sha256-G4vYaxMoSqy5fXryHD+HPOaQkwa3H0h8Yd/VkGQoBEY=' 'sha256-OfqdnCO5xH3GzYzxEBIplO3KdVb2tQ2pqhHxNEQzK5Q=' 'sha256-FDyPg8CqqIpPAfGVKx1YeKduyLs0ghNYWII21wL+7HM=' 'sha256-FDyPg8CqqIpPAfGVKx1YeKduyLs0ghNYWII21wL+7HM=' 'sha256-QIWZ41MW+Sx+14+5rMza0ridotq9bHOYjpPRQTD8i2E=' 'sha256-9IdTXgKO1bc58nnKeLH/j1dFsIggoLCnu5W5zwSVbBs=' 'sha256-YrtASzyaONIhkxu39zmgucRm5lcOazJWmBdi5NVPqck=' https://ajax.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://plausible.io https://player.vimeo.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://unpkg.com/;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://use.typekit.net https://p.typekit.net https://unpkg.com https://fonts.googleapis.com;font-src 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net;connect-src 'self' https://590184134703-pickled-user-models.s3-us-west-2.amazonaws.com https://numerai-production-uploads-us-west-2.s3-us-west-2.amazonaws.com https://numerai-production-signals-us-west-2.s3-us-west-2.amazonaws.com https://numerai-production-cryptosignals-us-west-2.s3-us-west-2.amazonaws.com https://numerai-public-images.s3.amazonaws.com https://numerai-public-images.s3-us-west-2.amazonaws.com https://api-tournament.numer.ai/ https://www.google-analytics.com https://stats.g.doubleclick.net/ https://api.amplitude.com https://sentry.io https://plausible.io/;img-src 'self' data: https://numerai-public-images.s3.amazonaws.com https://numerai-public-images.s3-us-west-2.amazonaws.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://s2.coinmarketcap.com;child-src 'self' numer.ai https://www.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com;frame-src 'self' numer.ai https://www.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self' blob: unpkg.com *.autofactpro.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.autofactpro.com *.gstatic.com static.dialogflow.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net cdn.optimizely.com cdn.carbonads.com dnn506yrbagrg.cloudfront.net code.highcharts.com https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/yvNf14d7LXsePM0g/delighted.js https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/3KiQWDl8DfxTxlDn/delighted.js us1.zonka.co https://static.hotjar.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.autofactpro.com fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net cdn.optimizely.com cdn.carbonads.com flatlogic.github.io https://static.hotjar.com https://script.hotjar.com; img-src 'self' unpkg.com *.autofactpro.com http://*.autofact.qa https://*.billing.autofactpro.com/images/khipu.png *.autofactpro.cl *.autofact.cl data: www.google-analytics.com us1.zonka.co https://static.hotjar.com https://script.hotjar.com; font-src 'self' *.autofactpro.com unpkg.comfonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.datatables.net https://script.hotjar.com; frame-ancestors 'self' *.autofactpro.com; frame-src 'self' www.youtube.com firma.id.autofact.qa firma.id.autofactpro.com *.autofactpro.com us1.zonka.co; object-src 'self' *.autofactpro.com blob:; connect-src 'self'  web.delighted.com *.autofactpro.com dialogflow.cloud.google.com https://plugin.autentia.mb:7777 https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; 1
font-src 'self' data: https: https://fonts.gstatic.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com https: https://evs.pink-boat.fool.com; style-src 'self' data: 'unsafe-inline' https: http://fonts.googleapis.com https://fonts.googleapis.com https://optimize.google.com; frame-src 'self' https: https://optimize.google.com; connect-src 'self' https: wss://www.fool.com wss://*.33across.com wss://*.hotjar.com https://api.pink-boat.fool.com; default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https: https://g.foolcdn.com https://optimize.google.com https://www.google-analytics.com; media-src 'self' https: blob:; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.cognitoforms.com https://services.cognitoforms.com ; img-src 'self' 'unsafe-inline' data: https: ; font-src 'self' data: https: ; connect-src 'self' *.facebook.com *.instagram.com *.podbean.com *.twitter.com *.youtube.com *.intercom.io *.doubleclick.net *.cognitoforms.com services.cognitoforms.com *.googlesyndication.com *.google.com *.gstatic.com *.google-analytics.com *.disqus.com *.addtoany.com *.quiz-maker.com *.feathr.co feathr.co wss://*.intercom.io https://cdn.linkedin.oribi.io; media-src https: ; object-src 'self' ; child-src 'self' *.linkedin.com *.facebook.com *.instagram.com *.podbean.com *.twitter.com *.googlesyndication.com *.addtoany.com *.google.com disqus.com *.disqus.com *.opinionstage.com *.youtube.com api.connectedcommunity.org www.votervoice.net *.doubleclick.net *.cognitoforms.com services.cognitoforms.com feathr.co *.feathr.co ficpa.atsondemand.com ; form-action 'self' accounts.ficpa.org ; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.travelboxsoftware.com/ https://helio.flightcentre.space/ https://*.fcl.cloud; report-uri /api/csp_report; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://anywise.net; img-src 'self' https: data: blob: https://anywise.net; style-src 'self' https://anywise.net 'nonce-XJ9t29fbLmA2lSlv96FJHg=='; media-src 'self' https: data: https://anywise.net; frame-src 'self' https:; manifest-src 'self' https://anywise.net; form-action 'self'; connect-src 'self' data: blob: https://anywise.net https://anywise.net wss://anywise.net; script-src 'self' https://anywise.net 'wasm-unsafe-eval'; child-src 'self' blob: https://anywise.net; worker-src 'self' blob: https://anywise.net 1
default-src 'none'; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://assets-ctb.pernod-ricard.io https://api.pernod-ricard.io https://cdn.jsdelivr.net/npm/algoliasearch https://zfm2j5365u-3.algolianet.com https://zfm2j5365u-dsn.algolia.net https://d8ejoa1fys2rk.cloudfront.net https://brandcloud.pernod-ricard.com https://optoutapi.evidon.com *.evidon.com *.betrad.com https://us-central1-pantheon-psapps.cloudfunctions.net https://insight.pravp.com/analytics https://webform-console.pernod-ricard.io https://ct.pinterest.com *.google-analytics.com *.zendesk.com *.zdassets.com *.yahoo.co.jp *.bazaarvoice.com *.perrier-jouet.com *.hotjar.com wss://*.hotjar.com *.sleeknote.com *.googleapis.com https://live-pernod-ricard-global-cms.pantheonsite.io https://*.hotjar.io https://optimize.google.com https://matomo.pernod-ricard.io https://adservice.google.com https://pernodricardusa.blueconic.net https://nyc3.digitaloceanspaces.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://archeio.nyc3.digitaloceanspaces.com http://juice.hellosandia.com http://seeds.hellosandia.com agegate.pr-globalcms.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://app-avp.pravp.com https://assets-ctb.pernod-ricard.io https://fonts.gstatic.com https://fonts.googleapis.com data: *.perrier-jouet.com https://*.hotjar.com http://plant.hellosandia.com http://archeio.nyc3.digitaloceanspaces.com http://archeio2.nyc3.digitaloceanspaces.com; frame-src 'self' https://insight.adsrvr.org https://www.youtube.com https://player.vimeo.com https://static.addtoany.com https://emperia.gallery *.doubleclick.net https://vars.hotjar.com https://webform-console.pernod-ricard.io https://www.facebook.com *.perrier-jouet.com *.sleeknote.com *.pernod-ricard.de *.pernod-ricard.com *.pinterest.com https://*.hotjar.com https://optimize.google.com https://www.google.com *.zenchef.com; img-src 'self' https: data: blob: *.perrier-jouet.com http://plant.hellosandia.com http://archeio.nyc3.digitaloceanspaces.com http://archeio2.nyc3.digitaloceanspaces.com; media-src 'self' data: blob:; object-src 'self' https://optimize.google.com http://juice.hellosandia.com http://seeds.hellosandia.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.adsrvr.org https://www.googleoptimize.com https://www.googletagmanager.com https://avp.pravp.com https://www.googleanalytics.com https://www.google-analytics.com https://c.evidon.com https://assets-ctb.pernod-ricard.io https://cdn.jsdelivr.net/npm/algoliasearch https://zfm2j5365u-3.algolianet.com https://www.youtube.com https://player.vimeo.com *.facebook.net https://js-agent.newrelic.com https://bam.nr-data.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://s.yimg.jp https://static.hotjar.com https://www.googleadservices.com *.sleeknote.com https://s.pinimg.com https://static.ads-twitter.com https://script.hotjar.com https://googleads.g.doubleclick.net *.yahoo.co.jp https://apps.bazaarvoice.com https://static.zdassets.com *.bazaarvoice.com *.zenchef.com *.shopifycdn.com *.googleapis.com *.perrier-jouet.com https://live-pernod-ricard-global-cms.pantheonsite.io https://*.hotjar.com https://optimize.google.com https://matomo.pernod-ricard.io https://cdn.blueconic.net https://voxdplif.micpn.com https://pernodricardusa.blueconic.net http://plant.hellosandia.com http://archeio.nyc3.digitaloceanspaces.com http://archeio2.nyc3.digitaloceanspaces.com http://juice.hellosandia.com http://seeds.hellosandia.com https://www.google.com/recaptcha/api.js https://www.gstatic.com agegate.pr-globalcms.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://developers.google.com https://maps.googleapis.com https://static.addtoany.com https://unpkg.com https://webform-console.pernod-ricard.io; style-src 'self' 'unsafe-inline' https://assets-ctb.pernod-ricard.io https://fonts.googleapis.com https://display.ugc.bazaarvoice.com *.perrier-jouet.com data: https://live-pernod-ricard-global-cms.pantheonsite.io https://*.hotjar.com https://optimize.google.com http://plant.hellosandia.com http://archeio.nyc3.digitaloceanspaces.com http://archeio2.nyc3.digitaloceanspaces.com *.zenchef.com https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; base-uri 'self'; form-action 'self' https://login.microsoftonline.com https://device.login.microsoftonline.com https://www.facebook.com *.perrier-jouet.com https://plant.hellosandia.com; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' *.wistia.com *.wistia.net https://apis.google.com/ https://accounts.google.com/ https://www.kialo-edu.com/ 'nonce-1aee8a1d47e705e13f955ad435ca89791d8bbaad70d405b61ffc765fbf3b557b'; style-src 'self' 'unsafe-inline' https://www.kialo-edu.com/; connect-src 'self' https://app.getsentry.com/ *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net/ wss://www.kialo-edu.com/; img-src 'self' data: blob: *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net https://www.kialo-edu.com https://www.kialo-edu.com/; font-src data: 'self' https://fonts.gstatic.com *.wistia.com; child-src 'self' blob: *.wistia.com *.wistia.net https://www.youtube-nocookie.com https://accounts.google.com/ https://content-classroom.googleapis.com/; frame-src 'self' blob: *.wistia.com *.wistia.net https://www.youtube-nocookie.com https://accounts.google.com/ https://content-classroom.googleapis.com/; media-src 'self' data: blob: *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net https://www.kialo-edu.com; object-src https://embedwistia-a.akamaihd.net; report-uri https://www.kialo-edu.com/api/v1/cspreport; report-to default 1
base-uri 'self'; default-src 'self'; img-src 'self' https://pbs.twimg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src 'self' 'unsafe-hashes' 'unsafe-inline' 'sha256-CFWxk59hmWWhsVWNXy+t1albqTRppvlCMXFTDkd+1YA=' https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' 'nonce-895d2292-e23e-4f78-87e0-eea08210d8b4' asciinema.org  static.cloudflareinsights.com https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' youtube-nocookie.com www.youtube-nocookie.com godbolt.org https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' cloudflareinsights.com https://hcaptcha.com https://*.hcaptcha.com; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NTZiMjk4YjhlMmZlNDkyZGJmM2JmOTUwZjNlZjMxYmQ=' https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.ndw.nu; font-src 'self' https://statistiek.rijksoverheid.nl; object-src 'none'; connect-src https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.ndw.nu; img-src 'self' data: https://d3oiud1b8fohdw.cloudfront.net https://statistiek.rijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.toegankelijkheidsverklaring.nl; media-src 'self' https://*.rovid.nl https://*.rijksoverheidsvideo.nl; form-action 'self' https://export.highcharts.com https://*.contenttoolsrijksoverheid.nl https://*.ndw.nu; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' *.alliants.app itinerary.mandarinoriental.com thegrandmoosehotel.com; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.cookielaw.org pghub.io feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.pghub.io pandg.tapad.com ; img-src 'self' data: *.ctfassets.net *.tapad.com *.cookielaw.org www.googletagmanager.com feed.pghub.io ; connect-src 'self' *.cookielaw.org www.googletagmanager.com *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
frame-ancestors 'self' *.persol-career.co.jp *.adobetm.com 1
default-src 'self'; connect-src 'self' https://api.joomlatools.com https://payments.blackbaud.com https://www.google-analytics.com https://stats.g.doubleclick.net https://data.accentapi.com https://images.sociablekit.com https://api.ipify.org https://views.accentapi.com *.google.com; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://widget.surveymonkey.com https://www.google-analytics.com/analytics.js https://ssl.google-analytics.com https://www.google-analytics.com https://connect.facebook.net https://themes.googleusercontent.com/ https://www.google.com/jsapi https://www.gstatic.com/charts/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://code.jquery.com *.raisely.com https://static.addtoany.com https://widgets.sociablekit.com https://cdnjs.cloudflare.com/ajax/libs/jquery/ *.facebook.com *.blackbaudhosting.com *.blackbaudcdn.net *.blackbaud.com; img-src 'self' https://www.facebook.com *.google.com.au https://prod.smassets.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com *.facebook.com https://widgets.sociablekit.com https://images.sociablekit.com https://bbox.blackbaudhosting.com https://sky.blackbaudcdn.net data:; style-src 'self' 'unsafe-inline' *.google.com/ https://ajax.googleapis.com/ https://fonts.googleapis.com https://www.gstatic.com https://code.jquery.com https://widgets.sociablekit.com https://maxcdn.bootstrapcdn.com/font-awesome/ *.blackbaudhosting.com *.blackbaud.com https://sky.blackbaudcdn.net; font-src 'self' https://fonts.gstatic.com https://themes.googleusercontent.com https://maxcdn.bootstrapcdn.com/font-awesome/ data:; frame-src 'self' https://cdn.embedly.com/ https://td.doubleclick.net https://www.surveymonkey.com https://widget.surveymonkey.com https://www.facebook.com https://ajax.googleapis.com *.petermac.org *.petermac.org.au *.raisely.com ridetofightcancer.org.au https://walktofightcancer.org.au *.google.com *.youtube.com *.raisely.com https://static.addtoany.com https://bbox.blackbaudhosting.com https://*.blackbaud.com *.blackbaud.com.au *.sky.blackbaud.com; frame-ancestors 'self'; object-src 'self'; media-src 'self' 1
frame-ancestors 'self' https://admin.yallastore.co.il; 1
default-src 'none'; style-src 'self' 'unsafe-inline' https://www.paypal.com https://fonts.googleapis.com; script-src 'unsafe-inline' 'self' https://www.paypal.com https://donorbox.org; img-src 'self' data:; frame-src 'self' https://isrg.formstack.com https://outreach.abetterinternet.org https://donorbox.org https://youtube.com https://www.youtube.com https://youtube-nocookie.com https://www.youtube-nocookie.com https://www.paypal.com; font-src https://fonts.gstatic.com data:; connect-src 'self' https://www.paypal.com; object-src 'self'; 1
default-src 'self'; img-src 'self' data: blob: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; script-src 'self' 'unsafe-inline' https:; connect-src 'self' https:; object-src 'none'; media-src 'self' data: blob: https:; frame-src 'self' https:; worker-src 'self' blob: https:; manifest-src 'self'; form-action 'self' https:; frame-ancestors 'self'; base-uri 'self'; 1
font-src 'self' fonts.gstatic.com cdn.jotfor.ms; 1
default-src 'self' https: data: wss:; frame-ancestors 'self' kaiserpermanente.org *.kaiserpermanente.org kp.org *.kp.org; img-src * data: blob:; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; frame-src 'self' forms.rniito.ru formdesigner.ru rutube.ru yandex.ru vk.com login.vk.com; 1
base-uri 'self';default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-e21830dce54f4a52a37c8c8e29af8d35' *.readspeaker.com *.google.com *.gstatic.com *.siteimprove.com https://siteimproveanalytics.com/js/siteanalyze_6006062.js https://cloudstatic.obi4wan.com/chat/obi-launcher.js *.obi4wan.com *.pusher.com  https://stats.pusher.com/timeline/ https://js.pusher.com/4.1/ https://cloudstatic.obi4wan.com/ https://chatapi.obi4wan.com/api/v1.0/;frame-src 'self' *.youtube-nocookie.com *.youtu-nocookie.be *.google.com *.readspeaker.com cloudstatic.obi4wan.com;connect-src 'self' https://6006243.global.siteimproveanalytics.io https://cloudstatic.obi4wan.com/ https://sockjs-eu.pusher.com/pusher/ https://*.pusher.com/ https://chatapi.obi4wan.com/api/v1.0/ wss://ws-eu.pusher.com/app/ https://chatapi.obi4wan.com/api/v1.0/token;style-src 'self' 'unsafe-inline' *.readspeaker.com cloudstatic.obi4wan.com;img-src * data:;font-src 'self' data:;object-src 'self';media-src 'self' *.readspeaker.com cloudstatic.obi4wan.com 1
default-src ws28.hotjar.com *.g.doubleclick.net https://stats.g.doubleclick.net https://www.facebook.com region1.analytics.google.com https://graylog.hotjar.com https://insights.hotjar.com https://region1.analytics.google.com https://app2.salesmanago.pl https://syndication.twitter.com salesmanago.pl app2.salesmanago.pl *.hotjar.com 'self'; font-src 'self'; style-src https://bitly.com www.google.com https://cse.google.com https://tagmanager.google.com platform.twitter.com https://ton.twimg.com 'self' 'unsafe-inline'; img-src clients1.google.com *.analytics.google.com https://static.hotjar.com https://abs.twimg.com https://www.facebook.com www.googleapis.com https://rpm.mennica.com.pl https://facebook.com https://pbs.twimg.com *.google-analytics.com syndication.twitter.com http://user-mrp-ow.ext.e-point.pl stats.g.doubleclick.net https://www.google.pl https://app2.salesmanago.pl https://user-mrp-ow.ext.e-point.pl https://o.twimg.com facebook.com www.google.com platform.twitter.com http://rpm.mennica.com.pl www.google-analytics.com https://ton.twimg.com 'self' data:; frame-src https://bitly.com https://*.google.com https://vars.hotjar.com https://www.googletagmanager.com www.google.com https://www.facebook.com www.youtube.com platform.twitter.com https://facebook.com https://www.youtube.com syndication.twitter.com www.yumpu.com 'self'; script-src http://*.google.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com www.googleapis.com https://facebook.com connect.facebook.net *.twitter.com https://bitly.com app2.emlgrid.com https://*.google.com http://www.google.com https://app2.salesmanago.pl static.hotjar.com www.googletagmanager.com https://www.gstatic.com https://www.googletagmanager.com facebook.com https://www.google-analytics.com https://app2.emlgrid.com app2.salesmanago.pl https://cdn.syndication.twimg.com https://cdn.jsdelivr.net www.google-analytics.com 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'self'; connect-src *.analytics.google.com https://app2.salesmanago.pl https://in.hotjar.com http://app2.salesmango.pl https://www.facebook.com *.hotjar.com *.google-analytics.com 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://f1-eu.readspeaker.com https://maps.googleapis.com https://platform.twitter.com https://polyfill-fastly.io https://polyfill.io https://static.addtoany.com https://unpkg.com https://webchat.wheatleygroupservices.com https://www.google.com; script-src-elem 'self' 'unsafe-inline' https://translate.google.com/translate_a/element.js https://translate.googleapis.com/ https://translate-pa.googleapis.com/ https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com/ https://cdn.gtranslate.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://pagead2.googlesyndication.com/ https://js.hsforms.net/ https://js.hs-scripts.com https://tpc.googlesyndication.com/ https://js.hs-analytics.net/ https://js.hubspot.com/ https://js.hs-banner.com/ https://js.hscollectedforms.net/ https://js.hsadspixel.net/ https://snap.licdn.com/ https://www.gstatic.com/ https://apis.google.com/ https://platform.linkedin.com/in.js https://www.linkedin.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://f1-eu.readspeaker.com https://maps.googleapis.com https://platform.twitter.com https://polyfill-fastly.io https://polyfill.io https://static.addtoany.com https://unpkg.com https://webchat.wheatleygroupservices.com https://www.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://unpkg.com https://use.fontawesome.com; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com/ https://maxcdn.bootstrapcdn.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://unpkg.com https://use.fontawesome.com; frame-ancestors 'self' 1
default-src https: data: blob:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; connect-src https: wss:; frame-src https: twitter:; frame-ancestors https:; media-src https:; object-src https:; style-src 'unsafe-inline' https:; 1
frame-src 'self' www.youtube.com youtu.be player.vimeo.com app.powerbi.com datastudio.google.com lookerstudio.google.com cdn.userway.org platform.twitter.com embed.podcasts.apple.com www.instagram.com www.linkedin.com; img-src 'self' www.google-analytics.com data: nelc.gov.sa assets.nelc.gov.sa ls.nelc.gov.sa cdn.userway.org cdn.jsdelivr.net cdn.dxpr.com; manifest-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com assets.nelc.gov.sa cdn.userway.org cdn.userconsent.org static.hotjar.com script.hotjar.com cdn.dxpr.com https://cdn.dxpr.com https://cdn.jsdelivr.net https://cdn.userconsent.org https://cdn.userway.org https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' cdn.userway.org cdn.dxpr.com assets.nelc.gov.sa https://cdn.dxpr.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; worker-src 'self'; frame-ancestors 'self' 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mc.yandex.ru https://yastatic.net https://yandex.net https://www.google.com https://www.gstatic.com https://*.uxfeedback.ru https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleoptimize.com https://www.hotjar.com https://hintedme.ru/ https://app.hintedme.ru/ https://edo-posthog.astral.ru/;img-src 'self' https://identity.demo.astral-dev.ru https://identity.astral.ru https://www.google-analytics.com https://www.googletagmanager.com https://*.uxfeedback.ru data:;style-src 'self' 'unsafe-inline';style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.uxfeedback.ru https://edo-posthog.astral.ru/;object-src 'self';font-src 'self' https://fonts.gstatic.com;frame-src 'self';connect-src 'self' wss://stub.astralnalog.ru:9399/WebReport ws://localhost:9299/WebReport https://info.1cdocs.ru wss://ws.1cdocs.ru wss://gql.1cdocs.ru wss://gql.1cdocs.ru wss://gql.1cdocs.ru:8443 https://identity.demo.astral-dev.ru https://identity.astral.ru https://sentry.infra.yandex.astral-dev.ru/ https://*.uxfeedback.ru https://mc.yandex.ru https://suggestions.dadata.ru https://www.google-analytics.com https://edo-posthog.astral.ru/ https://hintedme.ru/ https://app.hintedme.ru/;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://musician.social; img-src 'self' https: data: blob: https://musician.social; style-src 'self' https://musician.social 'nonce-A79M5q7QckOiyUhR4Gt3BA=='; media-src 'self' https: data: https://musician.social; frame-src 'self' https:; manifest-src 'self' https://musician.social; form-action 'self'; child-src 'self' blob: https://musician.social; worker-src 'self' blob: https://musician.social; connect-src 'self' data: blob: https://musician.social https://cdn.masto.host wss://musician.social; script-src 'self' https://musician.social 'wasm-unsafe-eval' 1
script-src 'self' blob: googleads.g.doubleclick.net *.forter.com *.googleapis.com *.googleapis.com/maps/api/js bat.bing.com *.cloudflare.com connect.facebook.net *.salesforceliveagent.com *.truckpro.com *.cccparts.com d81mfvml8p5ml.cloudfront.net dkpklk99llpj0.cloudfront.net dn1i8v75r669j.cloudfront.net *.fontawesome.com *.bootstrapcdn.com nexus.ensighten.com *.force.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.sumologic.com api.ipdata.co truckpro.my.salesforce.com truckpro.my.salesforce-sites.com am.freshrelevance.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: truckpro-asset-store.s3.us-east-2.amazonaws.com *.truckpro.com *.cccparts.com *.gstatic.com *.cloudfront.net cs.choozle.com dpm.demdex.net insight.adsrvr.org solveda-cc-asset-store.s3.amazonaws.com; object-src 'none'; frame-ancestors *.truckpro.com *.cccparts.com; 1
default-src 'self' https://intercom-sheets.com https://*.intercomcdn.com http://postcode.map.daum.net https://service.iamport.kr; connect-src https://web-server.production.fruitsfamily.com/graphql https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.intercom.io wss://*.intercom.io https://service.iamport.kr https://firebase.googleapis.com https://firebaseinstallations.googleapis.com https://*.clarity.ms; img-src 'self' data: https://*.fruitsfamily.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.intercomcdn.com https://*.intercomassets.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://*.googletagmanager.com https://*.intercom.io https://*.intercomcdn.com https://t1.daumcdn.net https://cdn.iamport.kr https://*.clarity.ms; style-src 'self' 'unsafe-inline' 1
default-src 'self' *.googlesyndication.com https://accounts.google.com/gsi/ blob:; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' code.jquery.com cdn.omise.co *.treasuredata.com *.truck2hand.com *.cloudflare.com *.cloudflareinsights.com *.facebook.com *.facebook.net *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.google.co.th *.googlesyndication.com *.g.doubleclick.net *.googleadservices.com *.googletagservices.com *.omise.co *.firebaseio.com *.googleapis.com *.anymind360.com anymind360.com adservice.google.com.vn *.adlooxtracking.com *.sentry.io *.hs-scripts.com *.hsforms.net *.hsforms.com *.hs-analytics.net *.hs-banner.com *.usemessages.com *.hscollectedforms.net *.firebaseapp.com *.adbro.me *.thetradedesk.com https://accounts.google.com/gsi/client; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; block-all-mixed-content ; font-src 'self' https: data:; frame-src 'self' cdn.omise.co *.google.com *.facebook.net *.facebook.com *.g.doubleclick.net *.googlesyndication.com *.omise.co *.anymind360.com anymind360.com adservice.google.com.vn *.googletagservices.com *.adlooxtracking.com *.youtube.com *.hs-scripts.com *.hubspot.com *.hsforms.net *.hsforms.com *.firebaseapp.com *.adbro.me td.doubleclick.net https://accounts.google.com/gsi/; object-src 'none'; script-src-attr 'unsafe-inline'; style-src 'self' https: 'unsafe-inline' https://accounts.google.com/gsi/style; connect-src 'self' data: blob: ws: 'unsafe-inline' *.google-analytics.com *.g.doubleclick.net *.treasuredata.com *.facebook.com *.facebook.net *.truck2hand.com *.cloudflare.com *.cloudflareinsights.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.google.co.th *.googlesyndication.com *.g.doubleclick.net *.googleadservices.com *.googletagservices.com *.omise.co *.firebaseio.com *.googleapis.com *.anymind360.com anymind360.com adservice.google.com.vn *.adlooxtracking.com *.sentry.io *.hs-scripts.com hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.firebaseapp.com *.hsforms.net *.hsforms.com *.adbro.me *.thetradedesk.com https://accounts.google.com/gsi/; upgrade-insecure-requests ; form-action 'self' *.hsforms.net *.hsforms.com *.facebook.com 1
default-src 'self' 'unsafe-eval' https://content.sbuxtr.com https://firestore.googleapis.com https://core-internal.rtbs.io https://api.sbux.retter.io https://d2eiylesx4iyph.cloudfront.net https://core.rtbs.io https://www.google-analytics.com https://www.google-analytics.com https://ade.googlesyndication.com https://pagead2.googlesyndication.com https://core-internal-beta.rtbs.io https://content-beta.sbuxtr.com https://core-test.rtbs.io https://cdn.efilli.com https://analytics.google.com https://www.google.com https://analytics.tiktok.com https://analytics.tiktok.com https://stats.g.doubleclick.net https://auth-web.sbuxtr.com https://www.googleapis.com https://gateway.efilli.com https://riza.efilli.com https://maps.googleapis.com https://maps.gstatic.com https://identitytoolkit.googleapis.com https://mp.sbuxtr.com https://test.masterpassturkiye.com https://ui.masterpassturkiye.com https://securetoken.googleapis.com https://auth-web-beta.sbuxtr.com https://order.sbuxtr.com https://api.sbuxtr.com https://ad.doubleclick.net https://13291676.fls.doubleclick.net https://td.doubleclick.net https://www.facebook.com https://www.google.com.tr https://www.google.com https://googleads.g.doubleclick.net https://riza2.efilli.com https://sb-content-beta.s3.eu-west-1.amazonaws.com https://sbux-landing-page.vercel.app data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://content.sbuxtr.com https://sl.setrowid.com https://www.googletagmanager.com https://bundles.efilli.com https://www.google-analytics.com https://connect.facebook.net https://analytics.tiktok.com https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://googleadservices.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://content.sbuxtr.com; font-src 'self' https://fonts.gstatic.com https://content.sbuxtr.com 1
font-src fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.hotjar.io *.remus.eu *.remususa.com *.remusaustralia.com.au *.remus.dk *.remus-canada.com *.remus.ru *.remusexhaust.co.za *.remusuk.com *.remus.ch *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com *.linkedin.com *.batchgeo.com http://batchgeo.com *.vimeo.com *.facebook.com *.google.com *.google.at *.googletagmanager.com *.usercentrics.eu *.hotjar.com *.hotjar.io libs.na.bambora.com *.klarna.com js.mollie.com google.com gstatic.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com maps.googleapis.com maps.gstatic.com https://www.remus.eu https://remus.eu http://www.remus.eu http://remus.eu http://remususa.com http://remusaustralia.com.au http://remus.dk http://remus-canada.com http://remus.ru http://remusexhaust.co.za http://remusuk.com http://remus.ch *.facebook.com *.mailchimp.com mcusercontent.com *.google.com *.google.at *.usercentrics.eu *.hotjar.com *.hotjar.io cdn.na.bambora.com x.klarnacdn.net https://www.mollie.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://www.googletagmanager.com/gtm.js *.googletagmanager.com https://chimpstatic.com/ *.mailchimp.com *.list-manage.com https://ws.sharethis.com/button/buttons.js https://ws.sharethis.com/button/async-buttons.js https://platform.linkedin.com/in.js https://www.linkedin.com/pages-extensions/FollowCompany.js https://static.zotabox.com https://connect.facebook.net *.hotjar.com *.hotjar.io *.usercentrics.eu libs.na.bambora.com x.klarnacdn.net js.mollie.com google.com gstatic.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com fonts.googleapis.com https://www.remus.eu https://remus.eu http://www.remus.eu http://remus.eu http://remususa.com http://remusaustralia.com.au http://remus.dk http://remus-canada.com http://remus.ru http://remusexhaust.co.za http://remusuk.com http://remus.ch https://cdnjs.cloudflare.com *.mailchimp.com *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com https://stats.zotabox.com *.facebook.com *.doubleclick.net *.google.com *.google.at *.googletagmanager.com *.usercentrics.eu *.hotjar.com *.hotjar.io wss://*.hotjar.com *.klarnaevt.com google.com gstatic.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-src 'self' *.google.com *.oneassist.in https://oneassist.in https://ws.oneassist.in https://youtube.com https://www.youtube.com https://*.webengage.co https://webengage.co https://*.webengage.com https://webengage.com; frame-ancestors 'self' http://*.cloudagent.in https://*.cloudagent.in *.oneassist.in https://oneassist.in https://ws.oneassist.in https://in-ccaas.ozonetel.com; 1
frame-ancestors https://*.westmonroe.com 1
frame-ancestors 'self' https://*.atomlms.co.uk; 1
frame-ancestors 'self' https://*.biahosted.com https://*.safecharge.com https://*.paymentiq.io 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' data:  https://code.jquery.com  https://cdn.datatables.net https://www.google.com http://www.google-analytics.com/gtm/js https://*.gstatic.com https://ajax.googleapis.com  https://maps.googleapis.com https://www.googletagmanager.com  https://maxcdn.bootstrapcdn.com https://plausible.io https://*.emcorgroup.com https://emcorgroup.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdn.datatables.net https://fonts.googleapis.com https://www.google.com https://*.bootstrapcdn.com https://cdnjs.cloudflare.com; object-src 'self' 1
default-src 'self'; script-src 'self' inline 'unsafe-eval' https://www.youtube.com/ https://cdn.cookielaw.org/ https://cdn.matomo.cloud/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com/ https://www.googletagmanager.com/ https://maps.googleapis.com/ https://www.youtube.com/ https://cdn.cookielaw.org/ https://cdn.matomo.cloud/ https://fimmoto.matomo.cloud/ https://public.flourish.studio/ https://cdn.picturemosaics.com/ https://www.picturemosaics.com/; script-src-attr 'self' 'unsafe-inline' inline https://maps.googleapis.com/ https://cdn.cookielaw.org/; style-src 'self' 'unsafe-inline' inline https://fonts.googleapis.com/https://www.gstatic.com https://cdn.picturemosaics.com/; style-src-attr 'self' 'unsafe-inline' inline; style-src-elem 'self' 'unsafe-inline' inline https://fonts.googleapis.com/ https://cdn.picturemosaics.com/; object-src 'none'; base-uri 'self'; connect-src 'self' https://cdn.cookielaw.org/ https://fimmoto.matomo.cloud/ https://stats.g.doubleclick.net/ https://geolocation.onetrust.com/ https://privacyportal-eu.onetrust.com/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://analytics.google.com/ https://region1.google-analytics.com/; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com/; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://www.picturemosaics.com/ https://flo.uri.sh/ https://livemosaics.com/; img-src 'self' data: https://cdn.cookielaw.org/ https://www.gstatic.com https://www.google.com https://www.googletagmanager.com/ https://www.google-analytics.com https://maps.googleapis.com/ https://public.flourish.studio/ https://fimmoto.matomo.cloud https://cdn.picturemosaics.com/; manifest-src 'self' ; media-src 'self'; worker-src 'self' https://www.fim-moto.com/ 1
default-src 'self' 'unsafe-eval' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com/ http://www.google.com/ https://www.google.com/ https://test-gpc-1.sg.va.sabio.cloud/ *.singpass.gov.sg *.facebook.net *.zdassets.com *.zopim.com *.ecitizen.gov.sg www.google-analytics.com www.googletagmanager.com maps.googleapis.com;script-src-elem  'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com/ http://www.google.com/ https://www.google.com/ https://test-gpc-1.sg.va.sabio.cloud/ *.singpass.gov.sg *.facebook.net *.zdassets.com *.zopim.com *.ecitizen.gov.sg www.google-analytics.com www.googletagmanager.com maps.googleapis.com;object-src 'none';font-src 'self' data: *.ecitizen.gov.sg *.amazonaws.com *.zopim.com *.singpass.gov.sg *.googleapis.com *.gstatic.com;img-src * data:;frame-src *;style-src 'self' 'unsafe-inline' data: *.zdassets.com https://test-gpc-1.sg.va.sabio.cloud/ *.singpass.gov.sg *.ecitizen.gov.sg *.googleapis.com *.gstatic.com;connect-src * 1
frame-ancestors 'self' *.jokerbet.es blog.jokerbet.es; 1
default-src 'self' https://mw-ar-recom-prod.pgapi.io/ feed.pghub.io pandg.tapad.com ; media-src https://videos.ctfassets.net feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 1
default-src 'self' fonts.gstatic.com fonts.googleapis.com static.moliri.dk *.azure.com *.google-analytics.com *.doubleclick.net data: www.gstatic.com statservicefunctions.azurewebsites.net hearingportalfilestorage.blob.core.windows.net cookiecontrol.bleau.dk *.devtunnels.ms api-eu1.cludo.com *.moliri.dk app-moliripublic-koldingkommune-prod.azurewebsites.net *.kolding.dk *.cludo.com api.cludo.com s3.amazonaws.com popin.survey-xact.dk widgets.thenewsort.cloud  admin.thenewsort.cloud admin.genbrugscms.dk api.dataforsyningen.dk dawa.aws.dk;style-src 'self' 'unsafe-inline' fonts.googleapis.com cdhsign.dk cdnjs.cloudflare.com unpkg.com static.moliri.dk customer.cludo.com *.gstatic.com npmcdn.com app-moliripublic-koldingkommune-prod.azurewebsites.net *.kolding.dk cdn-images.mailchimp.com player.skyfish.com popin.survey-xact.dk api.dataforsyningen.dk dawa.aws.dk;script-src 'self' 'unsafe-inline' *.moliri.dk *.bleau.dk *.cludo.com *.gstatic.com *.monsido.com moliricdn.azurewebsites.net *.azure.com cdn.jsdelivr.net cookiecontrol.bleau.dk *.devtunnels.ms  app-moliripublic-koldingkommune-prod.azurewebsites.net *.kolding.dk cdn-recruiter.hr-manager.net *.cludo.com api.cludo.com kolding.affaldscms.dk besked.affaldscms.dk affaldscms.dk player.skyfish.com popin.survey-xact.dk widgets.thenewsort.cloud widgets.genbrugscms.cloud api.dataforsyningen.dk dawa.aws.dk 'unsafe-eval';frame-ancestors https://localhost:44399 https://admin-dev.moliri.dk https://admin.moliri.dk https://admin-beta.moliri.dk https://localhost:5001 https://localhost:44337 *.videotool.dk *.vimeo.com www.youtu.be youtu.be app-moliripublic-koldingkommune-prod.azurewebsites.net *.kolding.dk candidate.hr-manager.net kolding.affaldscms.dk besked.affaldscms.dk affaldscms.dk *.youtube.com *.youtube-nocookie.com www.thinglink.com e.issuu.com kolding-byggeraadgiver.shareconnect.dk  player.skyfish.com *.soundcloud.com *.google.com kolding-ungekonsulenter.shareconnect.dk api.dataforsyningen.dk dawa.aws.dk;frame-src https://localhost:44399 https://admin-dev.moliri.dk https://admin.moliri.dk https://admin-beta.moliri.dk https://localhost:5001 https://localhost:44337 *.videotool.dk *.vimeo.com www.youtu.be youtu.be app-moliripublic-koldingkommune-prod.azurewebsites.net *.kolding.dk candidate.hr-manager.net kolding.affaldscms.dk besked.affaldscms.dk affaldscms.dk *.youtube.com *.youtube-nocookie.com www.thinglink.com e.issuu.com kolding-byggeraadgiver.shareconnect.dk  player.skyfish.com *.soundcloud.com *.google.com kolding-ungekonsulenter.shareconnect.dk api.dataforsyningen.dk dawa.aws.dk;img-src 'self'  data: hearingportalfilestorage.blob.core.windows.net cdhsign.dk *.cludo.com static.moliri.dk *.monsido.com *.devtunnels.ms moliri.dk *.moliri.dk *.azureedge.net app-moliripublic-koldingkommune-prod.azurewebsites.net *.kolding.dk player.skyfish.com admin.thenewsort.cloud api.dataforsyningen.dk dawa.aws.dk;media-src 'self' dreambroker.com youtube.com vimeo.com molirivideostorage.blob.core.windows.net cdhsign.dk delivery.twentythree.com cdn.skyfish.com *.cloudfront.net *.devtunnels.ms www.youtube.com www.youtu.be youtu.be app-moliripublic-koldingkommune-prod.azurewebsites.net *.kolding.dk  player.skyfish.com *.youtube-nocookie.com api.dataforsyningen.dk dawa.aws.dk; 1
default-src 'self' www.hyd.gov.hk; style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline'; 1
frame-ancestors 'none'; default-src 'self' https://*.caracal.club:* wss://*.caracal.club:* https://www.ipqualityscore.com js.stripe.com https://r2.caracal.club; script-src 'self' js.stripe.com twemoji.maxcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net www.googletagmanager.com https://www.google-analytics.com https://r2.caracal.club 'nonce-LYjXGnWj/0NHQ/XYRXduE4BE5eM=';img-src * data:; style-src 'self' 'unsafe-inline' https://r2.caracal.club; 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src 'self' * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob:; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' *.ichbindeinauto.de 1
child-src forms.hsforms.com *.youtube-nocookie.com *.youtube.com *.loom.com *.qualified.com *.doubleclick.net *.slideshare.net;  connect-src 'self' cdn.sanity.io *.api.sanity.io *.apicdn.sanity.io forms.hsforms.com analytics.google.com *.s3.amazonaws.com stats.g.doubleclick.net *.hubapi.com *.hubspot.com wss://ws.qualified.com forms.hscollectedforms.net cdn.linkedin.oribi.io www.google-analytics.com;  default-src 'self' cdn.sanity.io *.api.sanity.io *.s3.amazonaws.com forms.hsforms.com *.g.doubleclick.net;  font-src 'self' data:;  frame-ancestors 'self' https://app.experiencewelcome.com;  img-src 'self' cdn.sanity.io www.google-analytics.com analytics.google.com www.google.com *.googletagmanager.com *.linkedin.com *.hubspot.com *.hsforms.com *.adsymptotic.com data: blob:;  script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.oktopost.com okt.to *.hsforms.net *.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net js.hsadspixel.net js.hs-banner.com js.usemessages.com snap.licdn.com js.qualified.com;  style-src 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsleadflows.net https://js.usemessages.com https://player.vimeo.com https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://www.youtube.com https://js.hsforms.net http://js.hs-scripts.com https://js.hubspot.com/web-interactives-embed.js https://www.googleadservices.com http://*.googlesyndication.com https://www.google.com https://www.google.nl https://cdn.leadinfo.net; connect-src 'self' 'unsafe-inline' https://api.hubspot.com https://cdn.linkedin.oribi.io https://consentcdn.cookiebot.com https://content.hotjar.io https://forms.hubspot.com https://in.hotjar.com https://metrics.hotjar.io https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://vc.hotjar.io https://vimeo.com wss://ws.hotjar.com https://*.hsforms.com https://*.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net https://*.hubspot.com https://px.ads.linkedin.com https://collector.leadinfo.net https://api.leadinfo.com; img-src 'self' 'unsafe-inline' data: https://www.facebook.com https://www.google.nl https://www.googletagmanager.com https://i.vimeocdn.com https://i.ytimg.com https://*.ads.linkedin.com https://track.hubspot.com https://*.hsforms.com https://*.hubspot.com https://googleads.g.doubleclick.net https://www.google.com https://imgsct.cookiebot.com; child-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self' https://backend.anewspring.prod.verveagency.com https://app.hubspot.com https://player.vimeo.com https://www.youtube.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://forms.hsforms.com https://*.hs-sites.com http://tpc.googlesyndication.com https://td.doubleclick.net; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://is-a.cat; img-src 'self' data: blob: https://is-a.cat https://is-a.cat/system/; style-src 'self' https://is-a.cat 'nonce-mfraL8AopYyQuV9OPbXZ7A=='; media-src 'self' data: https://is-a.cat https://is-a.cat/system/; frame-src 'self' https:; manifest-src 'self' https://is-a.cat; form-action 'self'; child-src 'self' blob: https://is-a.cat; worker-src 'self' blob: https://is-a.cat; connect-src 'self' data: blob: https://is-a.cat https://is-a.cat/system/ wss://is-a.cat; script-src 'self' https://is-a.cat 'wasm-unsafe-eval' 1
default-src 'self'; form-action 'self' https: *.spelpaus.se; frame-ancestors 'self'; frame-src 'self' https://www.googletagmanager.com https://www.youtube.com https://api.screen9.com https://spelinspektionen.screen9.tv; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://www.youtube.com; img-src 'self' data: https://our.umbraco.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://i.ytimg.com https://dashboard.umbraco.com; font-src 'self'; connect-src 'self' https://our.umbraco.com https://www.youtube.com https://www.google-analytics.com https://*.googlevideo.com; 1
require-trusted-types-for 'script';report-uri /_/ConversionPanelUi/cspreport 1
default-src * 'self' blob: data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' ocdn.eu m.konto.onet.pl onet.pl *.onet.pl *.dreamlab.pl *.gstatic.com *.grupaonet.pl *.google.com *.google.pl *.hotjar.com; frame-ancestors 'self' https://www.onet.pl https://beta.onet.pl; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=konto.onet.pl::ENCRYPT_SSO_COOKIE 1
frame-ancestors 'self' https://*.advaworx.com; 1
default-src 'self' blob: data: *.wistia.com fonts.googleapis.com fonts.gstatic.com fonts.bunny.net; 	connect-src 'self' wss: westlandinsurance.my.site.com westlandinsurance.force.com *.googlesyndication.com *.helpscout.net *.cloudfront.net *.wistia.com wpmudev.com *.googleapis.com yoast.com *.visualwebsiteoptimizer.com app.vwo.com www.google-analytics.com api.hubapi.com *.hotjar.com *.hotjar.io analytics.google.com stats.g.doubleclick.net; 	style-src 'self' 'unsafe-inline' service.force.com westlandinsurance.my.site.com westlandinsurance.force.com fonts.bunny.net *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com fonts.googleapis.com; 	script-src 'self' data: 'unsafe-inline' 'unsafe-eval' http: https: blob: westlandinsurance.my.salesforce.com westlandinsurance.lightning.force.com westlandinsurance--c.vf.force.com westlandinsurance--c.visualforce.com cdn.jsdelivr.net *.visualwebsiteoptimizer.com app.vwo.com *.googletagmanager.com code.jquery.com js.hs-analytics.net www.googleoptimize.com googleads.g.doubleclick.net www.google-analytics.com static.hotjar.com js.hs-scripts.com js.hs-banner.com js.hsadspixel.net script.hotjar.com; 	img-src 'self' data: i.ytimg.com/vi/Ky4i2kC8bQM/mqdefault.jpg westlandinsurance.my.salesforce.com westlandinsurance.lightning.force.com westlandinsurance--c.vf.force.com westlandinsurance--c.visualforce.com *.doubleclick.net *.wistia.com wp-rocket.me *.paypalobjects.com *.paypal.com *.twitter.com *.wpmudev.org servmask.com gravityflow.io *.w.org *.google-analytics.com *.gstatic.com wpmudev.com s.w.org *.visualwebsiteoptimizer.com *.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com www.google.com www.google.ca track.hubspot.com *.googletagmanager.com secure.gravatar.com; 	worker-src 'self' blob:; 	frame-src 'self' www.youtube-nocookie.com service.force.com *.doubleclick.net *.moneris.com wp-rocket.me *.facebook.com *.twitter.com *.youtube.com *.google.com app.vwo.com *.visualwebsiteoptimizer.com *.fls.doubleclick.net; 	frame-ancestors 'self'; 1
frame-ancestors 'none'; default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.openstreetmap.org; img-src data: blob: * *.momentjs.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googlesyndication.com *.gstatic.com *.hotjar.com *.twitter.com *.youtube.com ajax.googleapis.com c.bazo.io; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.bazo.io; frame-src 'self' *.google.com *.facebook.com *.youtube.com *.instagram.com *.twitter.com *.cookiebot.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.momentjs.com momentjs.com *.google.com connect.facebook.net *.instagram.com *.twitter.com *.googletagmanager.com *.hotjar.com *.gstatic.com c.bazo.io *.google-analytics.com *.licdn.com *.cookiebot.com; connect-src 'self' ws: *.openstreetmap.org *.google-analytics.com *.google.com *.g.doubleclick.net *.hotjar.com *.hotjar.io *.bazo.io *.cookiebot.com *.linkedin.com *.googlesyndication.com 1
default-src 'none'; frame-ancestors 'self'; form-action 'self' https://*.e-paycapita.com https://hooks.stripe.com https://mms.cardsaveonlinepayments.com https://secure.worldpay.com https://*.paypal.com https://*.opayo.eu.elavon.com/ https://*.sagepay.com; base-uri 'self'; connect-src 'self' https://*.tiny.cloud https://*.stripe.com https://cdn-cookieyes.com https://*.cookieyes.com https://*.googletagmanager.com https://www.google.co.uk https://*.clarity.ms/collect https://*.muscula.com https://*.paypal.com https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://api.reviews.co.uk https://*.addthis.com; font-src 'self' data: https://*.tinymce.com https://*.breakerlink.com https://reviewscouk.s3.amazonaws.com https://fonts.gstatic.com; frame-src 'self' https://*.cookiebot.com https://wp-rocket.me https://confusedmedia.azureedge.net https://*.confused.com https://*.paypal.com https://*.trackingmore.com https://*.googlesyndication.com https://drive.google.com/ https://*.sagepay.com https://*.stripe.com https://td.doubleclick.net https://googleads.g.doubleclick.net https://www.youtube.com https://widget.reviews.co.uk https://widget.trustpilot.com https://www.google.com https://www.google.co.uk https://*.addthis.com; img-src 'self' data: https://cdn-cookieyes.com https://*.gstatic.com https://*.imagin.studio https://*.w.org https://*.imagin.studio https://*.bing.com https://*.clarity.ms https://www.pay360.com https://s.w.org https://www.carimagery.com https://www.paypalobjects.com https://www.sainsburysbank.co.uk https://secure.gravatar.com https://wp-rocket.me https://*.media.net https://*.awin.com https://*.awin1.com https://*.paypal.com https://api.ecologi.com https://media.reviews.co.uk https://*.googletagmanager.com https://*.tinymce.com https://pagead2.googlesyndication.com https://cdn.breakerlink.com https://s3-eu-west-1.amazonaws.com https://*.google-analytics.com https://*.analytics.google.com https://*.google.be https://*.google.co.uk https://*.google.com https://*.g.doubleclick.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn-cookieyes.com https://*.cookiebot.com https://*.clarity.ms https://*.muscula.com https://*.wistia.com https://*.media.net https://www.paypal.com https://*.trackingmore.com https://*.tiny.cloud https://*.tinymce.com https://*.postcodeanywhere.co.uk https://cdn.jsdelivr.net https://secure.worldpay.com https://*.stripe.com https://*.cloudflare.com https://www.googletagservices.com https://*.googlesyndication.com https://graph.facebook.com https://widgets.pinterest.com https://ajax.googleapis.com https://code.jquery.com https://www.gstatic.com https://cdn.breakerlink.com https://*.google.com https://*.google.co.uk https://widget.reviews.co.uk https://widget.trustpilot.com https://*.google-analytics.com https://*.googletagmanager.com https://*.addthis.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.trackingmore.com https://*.tiny.cloud https://*.tinymce.com https://fonts.googleapis.com https://reviewscouk.s3.amazonaws.com https://cdn.breakerlink.com; media-src 'self' https://*.googleusercontent.com https://docs.google.com https://drive.google.com https://www.youtube.com 1
worker-src 'self' cielo24.com; upgrade-insecure-requests; 1
default-src 'self'; script-src 'report-sample' 'self' https://use.fontawesome.com/releases/v5.12.0/js/all.js https://ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js https://cdn.jsdelivr.net/gh/RobinHerbots/Inputmask@5.0.8/dist/jquery.inputmask.min.js https://tag.aticdn.net/621891/smarttag.js https://unpkg.com/tippy.js@6.3.7/dist/tippy-bundle.umd.min.js https://use.fontawesome.com/releases/v5.12.0/js/v4-shims.js https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js; style-src 'unsafe-inline' 'report-sample' 'self' https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://logs1412.xiti.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; frame-src 'self' https://careers.flatchr.io https://www.youtube.com https://widget.trustpilot.com https://santiane.flatchr.io; img-src 'self' data: https://img.youtube.com https://logs1412.xiti.com https://santiane-newsletters.s3.amazonaws.com; manifest-src 'self'; media-src 'self'; report-uri https://65082038a068cd9821c1e7aa.endpoint.csper.io/?v=0; worker-src 'none'; 1
font-src data: *.gstatic.com oct8necdneu.azureedge.net *.oct8ne.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.googleapis.com supermercadosmas.papelaweb.com folletos.supermercadosmas.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.vimeo.com *.oct8ne.com *.issuu.com *.cookiebot.com *.googletagmanager.com *.bing.com *.criteo.com *.doubleclick.net *.connectif.cloud *.facebook.net *.facebook.com *.facebook.es *.analytics.google.com *.google.es *.google.com *.clarity.ms supermercadosmases.twgdns.com *.bidswitch.net *.dnxs.com *.media.net *.rubiconproject.com *.martadserver.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.net *.adform.net *.omnitagjs.com *.casalemedia.com *.id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.adnxs.com *.demdex.net *.postrelease.com *.outbrain.com *.pubmatic.com *.sharethrough.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.googlesyndication.com  supermercadosmas.papelaweb.com folletos.supermercadosmas.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net *.oct8ne.com *.ggpht *.amazonaws.com *.supermercadosmas.com *.facebook.com *.connectif.cloud *.cookiebot.com *.bing.com *.criteo.com *.doubleclick.net *.facebook.net *.facebook.es *.analytics.google.com *.clarity.ms supermercadosmases.twgdns.com *.bidswitch.net *.dnxs.com *.media.net *.rubiconproject.com *.martadserver.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.net *.adform.net *.omnitagjs.com *.casalemedia.com *.id5-sync.com id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.adnxs.com *.demdex.net *.postrelease.com *.outbrain.com *.pubmatic.com *.sharethrough.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.googlesyndication.com  supermercadosmas.papelaweb.com folletos.supermercadosmas.com *.smartadserver.com sync.1rx.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.adyen.com *.webeyez.com *.connectif.cloud *.bing.com *.criteo.com *.doubleclick.net *.facebook.net *.facebook.com *.facebook.es *.analytics.google.com *.clarity.ms supermercadosmases.twgdns.com *.bidswitch.net *.dnxs.com *.media.net *.rubiconproject.com *.martadserver.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.net *.adform.net *.omnitagjs.com *.casalemedia.com *.id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.adnxs.com *.demdex.net *.postrelease.com *.outbrain.com *.pubmatic.com *.sharethrough.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.googlesyndication.com  supermercadosmas.papelaweb.com folletos.supermercadosmas.com *.doofinder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doofinder.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.oct8ne.com *.adyen.com *.googleapis.com *.webeyez.com cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com *.trackingplan.com *.connectif.cloud *.cookiebot.com *.bing.com *.criteo.com *.doubleclick.net *.facebook.net *.facebook.com *.facebook.es *.analytics.google.com *.clarity.ms supermercadosmases.twgdns.com *.bidswitch.net *.dnxs.com *.media.net *.rubiconproject.com *.martadserver.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.net *.adform.net *.omnitagjs.com *.casalemedia.com *.id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.adnxs.com *.demdex.net *.postrelease.com *.outbrain.com *.pubmatic.com *.sharethrough.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.googlesyndication.com  supermercadosmas.papelaweb.com folletos.supermercadosmas.com *.doofinder.com wss://*.doofinder.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://extranet.bbdental.com.br http://extranet.bbdental.com.br 1
default-src 'self' https://*.clarity.ms https://c.bing.com https://www.google.com 'unsafe-inline';style-src 'self' 'nonce-zXJMf4YFBlHZMRY81BMOYy66fup91yxihofY273hSMg=' https://www.gstatic.com;img-src * 'self' data: https: https://www.gstatic.com;object-src 'none';frame-ancestors 'none';sandbox allow-forms allow-same-origin allow-scripts allow-downloads allow-popups;base-uri 'self';script-src 'self' 'unsafe-inline' 'nonce-zXJMf4YFBlHZMRY81BMOYy66fup91yxihofY273hSMg=' 'sha256-kHb9IgtqKl2dZLDx7+YeW7Se1+DGF3pFHdB6SMV3mEg=' https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.8/js/utils.js https://www.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://www.googletagmanager.com/gtag https://www.google-analytics.com/ https://www.googletagmanager.com/gtag/js https://www.clarity.ms/ https://www.clarity.ms/tag/ ;frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.clarity.ms/tag/ ;connect-src 'self' https://www.google-analytics.com/ https://www.google.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/ https://www.googletagmanager.com/ https://clarity.ms/ https://*.clarity.ms/ ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.hotjar.com https://script.hotjar.com https://www.datadoghq-browser-agent.com/ https://maps.google.com/ https://maps.googleapis.com/ https://youtu.be/ https://*.usercentrics.eu/ https://*.omtrdc.net/ https://*.tt.omtrdc.net/ https://*.demdex.net/ https://cm.everesttech.net https://assets.adobedtm.com/ https://wconfigure.com/ https://widget.itek.de/; style-src 'self' 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://wconfigure.com/ https://widget.itek.de/ https://plattform.baudocs.de; img-src 'self' https://static.hotjar.com https://script.hotjar.com https://*.onlineplus.store https://*.grosshaendlernetzwerk.de/ https://ablexprod.blob.core.windows.net/ https://maps.google.com/ https://csi.gstatic.com/ https://maps.gstatic.com/ https://maps.googleapis.com https://i1.ytimg.com/ https://*.datpool.net/ https://shk-tv.de/ https://www.gc-gruppe.de/ https://*.obs.eu-de.otc.t-systems.com/ https://*.usercentrics.eu/ https://*.omtrdc.net/ https://*.tt.omtrdc.net/ https://*.demdex.net/ https://cm.everesttech.net https://assets.adobedtm.com/ https://wconfigure.com/ https://www.productdataportal.com/ https://produktdatenportal.gc-gruppe.de/ https://widget.itek.de/ https://*.gconlineplus.de data:; connect-src 'self' blob: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://maps.googleapis.com/ https://*.onlineplus.store https://*.datpool.net/ https://rum-http-intake.logs.datadoghq.eu/ https://browser-http-intake.logs.datadoghq.eu/ https://lbinappgui.gc-gruppe.net/ https://localhost:14144 https://*.usercentrics.eu/ https://aggregator.service.usercentrics.eu/ https://*.omtrdc.net/ https://*.tt.omtrdc.net/ https://*.demdex.net/ https://cm.everesttech.net https://assets.adobedtm.com/ https://wconfigure.com/ https://www.productdataportal.com/ https://produktdatenportal.gc-gruppe.de/ https://widget.itek.de/ https://widgets.itek.de/ https://*.gconlineplus.de gap:; frame-src 'self' blob: https://ecode.datpool.net/ https://www.youtube.com https://www.youtube-nocookie.com/ https://ecopl.datpool.net/ https://*.usercentrics.eu/ https://*.tt.omtrdc.net/ https://*.demdex.net/ gap:; child-src 'self' https://ecode.datpool.net/ https://www.youtube.com https://www.youtube-nocookie.com/ https://ecopl.datpool.net/ https://*.usercentrics.eu/ https://*.tt.omtrdc.net/ https://*.demdex.net/ gap:; font-src 'self' https://script.hotjar.com https://wconfigure.com/ https://widget.itek.de/ data:; media-src 'self' https://www.productdataportal.com/ https://produktdatenportal.gc-gruppe.de/ data:; object-src 'none';  1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://planet.moe; img-src 'self' https: data: blob: https://planet.moe; style-src 'self' https://planet.moe 'nonce-gJeojwHKP6oGPBGffCjN2g=='; media-src 'self' https: data: https://planet.moe; frame-src 'self' https:; manifest-src 'self' https://planet.moe; form-action 'self'; child-src 'self' blob: https://planet.moe; worker-src 'self' blob: https://planet.moe; connect-src 'self' data: blob: https://planet.moe https://media.planet.moe wss://planet.moe; script-src 'self' https://planet.moe 'wasm-unsafe-eval' 1
default-src 'self'; connect-src 'self' *.cookielaw.org *.getsitectrl.com *.getsitecontrol.com *.googleapis.com *.onetrust.com *.doubleclick.net *.google-analytics.com *.google.com *.facebook.com *.facebook.net *.googletagmanager.com bam.nr-data.net *.googlesyndication.com www.google.co.in *.bing.com *.clarity.ms; font-src 'self' data: *.gstatic.com *.onetrust.com *.fontawesome.com *.typekit.net *.bing.com; frame-src 'self' *.doubleclick.net *.amazon-adsystem.com www.youtube.com www.facebook.com *.bing.com; img-src 'self' data: *.doubleclick.net *.cookielaw.org *.getsitecontrol.com *.googleapis.com *.gstatic.com s3.eu-west-3.amazonaws.com www.google-analytics.com www.googletagmanager.com www.facebook.com www.google.com www.google.co.in *.ytimg.com *.bing.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.cookielaw.org *.cloudflare.com *.facebook.net *.doubleclick.net *.googleapis.com *.onetrust.com *.getsitecontrol.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.newrelic.com *.bing.com *.clarity.ms cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.cloudflare.com *.googleapis.com *.typekit.net *.onetrust.com *.fontawesome.com www.googletagmanager.com *.gstatic.com *.bing.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.fontawesome.com https://use.typekit.net; worker-src 'none'; base-uri 'self' 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/; connect-src 'self' https://shareisland.org:8443/socket.io/ wss://shareisland.org:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self' https://www.paypal.com/donate; frame-ancestors 'self'; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: fonts.googleapis.com gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; 1
default-src 'self'; connect-src 'self' google.com *.google.com cookielaw.org *.cookielaw.org *.xlsmedical.it *.googleapis.com *.onetrust.com *.outbrain.com *.google-analytics.com doubleclick.net *.doubleclick.net *.hotjar.io *.bing.com bam.nr-data.net *.googlesyndication.com *.facebook.net *.clarity.ms; font-src 'self' gstatic.com *.gstatic.com onetrust.com *.onetrust.com fontawesome.com *.fontawesome.com typekit.net *.typekit.net *.bing.com; frame-src 'self' *.doubleclick.net; img-src 'self' data: doubleclick.net *.doubleclick.net cookielaw.org *.cookielaw.org gstatic.com *.gstatic.com s3.eu-west-3.amazonaws.com *.google.com *.google.co.in facebook.com *.facebook.com facebook.net *.facebook.net prod-xlsmedical-it.perrigocms.com googpleapis.com *.googleapis.com *.googletagmanager.com www.googletagmanager.com *.bing.com *.googlesyndication.com; media-src 'self' data: s3.eu-west-3.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' outbrain.com *.outbrain.com cookielaw.org *.cookielaw.org *.jsdelivr.net *.facebook.net *.doubleclick.net *.googleapis.com *.onetrust.com *.hotjar.com *.googletagmanager.com googletagmanager.com *.bing.com *.clarity.ms *.newrelic.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.jsdelivr.net *.googleapis.com *.typekit.net *.onetrust.com *.fontawesome.com *.bing.com www.googletagmanager.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.fontawesome.com https://use.typekit.net; worker-src 'none'; base-uri 'self'; frame-ancestors 'self' 1
script-src 'nonce-7b5784053dccfbe96a4ee8d3bd8a5c6aa7cd8b5edbad6f864b7f31913fe71cf7' 'self' https://js.intercomcdn.com https://www.gstatic.com https://www.google.com https://www.clarity.ms https://connect.facebook.net https://www.googletagmanager.com https://googleads.g.doubleclick.net; frame-ancestors 'self'; object-src 'none'; frame-src 'self' https://roadmap.zapisp.com.br https://www.googletagmanager.com https://www.youtube.com https://youtube.com https://forms.clickup.com https://www.google.com https://www.youtube-nocookie.com https://td.doubleclick.net https://docs.google.com;base-uri 'self'; 1
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bugherd.com cdn.penguin.co.uk *.ads-twitter.com *.doubleclick.net *.jquery.com *.yoast *.quizzes.cx *.shopifycdn.com *.jsdelivr.net *.facebook.net *.tiktok.com cdnjs.cloudflare.com *.googleadservices.com *.googletagmanager.com *.pinimg.com *.pinterest.com *.doubleclick.net *.ads-twitter.com *.adobedtm.com ssl.google-analytics.com fonts.googleapis.com *.google.com *.gstatic.com *.facebook.com connect.facebook.net www.dwin2.com *.riddle.com *.hotjar.com *.cloudfront.net *.newrelic.com *.nr-data.net instagram.com *.instagram.com *.twitter.com therandomhousegroupltd.d3.sc.omtrdc.net therandomhousegroupl.tt.omtrdc.net *.onetrust.com *.google-analytics.com *.typekit.net *.bootstrapcdn.com *.fontawesome.com *.wpengine.com *.msgfocus.com *.youtube.com *.schema.org aax-eu.amazon-adsystem.com; object-src 'self'; frame-ancestors 'self'; 1
frame-ancestors  https://*.yandex.ru https://*.yandex.com https://*.yandex.com.tr https://*.yandex.uz https://*.yandex-team.ru; report-uri https://csp.yandex.net/csp?from=iframe-tasks.yandex&project=tasks; 1
frame-ancestors https://web.j-osler-jrs.jp/ https://web.dev.j-osler-jrs.jp/ https://mt7-4q7t7u8.jrs.or.jp/ https://web2.dev.j-osler-jrs.jp/ https://web2.j-osler-jrs.jp/ 1
default-src 'self' https: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; style-src https: 'self' 'unsafe-inline'; img-src https: 'self' data: blob:; font-src 'self' data: https:; frame-src 'self' https:; frame-ancestors 'self' https: 1
default-src 'self';      script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://ajax.aspnetcdn.com/ajax/jquery.ui/1.8.9/jquery-ui.js  https://netdna.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js  https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.0/jquery.min.js https://www.googletagmanager.com/ https://code.jquery.com/jquery-1.12.0.min.js https://www.gstatic.com/recaptcha/releases/ https://cdn.jsdelivr.net/jquery.slick/1.4.1/slick.min.js code.jquery.com      https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google-analytics.com/analytics.js      https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js      https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__en.js;      style-src 'report-sample' 'self' 'unsafe-inline' https://cdn.jsdelivr.net      https://cdnjs.cloudflare.com https://fonts.googleapis.com;      object-src 'none';      base-uri 'self';      connect-src 'self' https://analytics.google.com https://px.ads.linkedin.com      https://stats.g.doubleclick.net https://www.google-analytics.com;      font-src 'self' data: https://cdnjs.cloudflare.com https://netdna.bootstrapcdn.com;      frame-src 'self' https://www.youtube.com/ https://td.doubleclick.net https://www.google.com;       img-src 'self' https://www.linkedin.com/px/ https://www.googletagmanager.com/      https://px4.ads.linkedin.com/collect https://cdnjs.cloudflare.com https://px.ads.linkedin.com https://www.google.co.in      https://www.google.com; manifest-src 'self';      media-src 'self' https://videos.startv.com ;    worker-src 'none';      frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' use.fontawesome.com netdna.bootstrapcdn.com www.chatbase.co cdn.jsdelivr.net *.mauve.work *.google-analytics.com www.googletagmanager.com unpkg.com; img-src https://* data: *.mauve.work; font-src 'self' netdna.bootstrapcdn.com use.fontawesome.com data:; script-src 'self' 'unsafe-inline' platform.twitter.com www.privacypolicies.com www.chatbase.co consent.comply-app.com privacy-policy-sync.comply-app.com ajax.googleapis.com data: www.google-analytics.com www.googletagmanager.com cdn.ckeditor.com unpkg.com www.google.com www.gstatic.com cdn.jsdelivr.net 'unsafe-eval'; child-src 'none'; frame-src 'self' *.twitter.com www.google.com outlook.office365.com www.youtube-nocookie.com www.youtube.com www.chatbase.co *.spotify.com forms.office.com; worker-src blob:; connect-src 'self' api.comply-app.com www.google-analytics.com www.chatbase.co; 1
frame-ancestors 'self' https://2gis.ru https://zoon.ru https://sravni.ru https://tutortop.ru https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://webvisor.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://snap.licdn.com https://connect.facebook.net https://ssl.google-analytics.com https://www.google-analytics.com https://static.ads-twitter.com https://analytics.twitter.com https://w.usabilla.com https://www.workable.com/ https://script.crazyegg.com/ https://tagmanager.google.com https://apply.workable.com/ https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net www.googleadservices.com googleads.g.doubleclick.net www.google.com https://api.usabilla.com/ https://cookie-cdn.cookiepro.com/ https://cdn.matomo.cloud/davy.matomo.cloud/matomo.js https://davy.matomo.cloud 1
frame-ancestors 'self' https://efps.bir.gov.ph 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com https://*.slotv.ro; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://app.vwo.com https://*.slotv.ro; frame-src 'self' bankid://* https://livechat24.tech https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://*.zignsec.com https://www.facebook.com https://*.trustly.com https://tpc.googlesyndication.com https://*.regily.com https://*.sumsub.com https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com https://*.slotv.ro; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://analytics.twitter.com https://platform.twitter.com https://quantcount.com https://rules.quantcount.com https://quantserve.com https://secure.quantserve.com https://edge.quantserve.com https://*.creative-serving.com https://*.snapchat.com https://snapchat.com https://sc-static.net https://*.slotv.ro 'nonce-CXIZqNzqC03onZ4LozW0W+31lG4kbc4Yf6EQpF8ySTg=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://tagmanager.google.com https://*.slotv.ro; worker-src 'self' blob:; report-uri https://slotv.ro/sentry/api/45/csp-report/?sentry_key=e5368be6f1e24bce9ce26ca332a1f973 1
frame-ancestors 'self' https://als.my.salesforce.com https://als.lightning.force.com https://*.force.com https://localhost:44370/ https://www.scottmorganfoundation.org/ https://www.youralsguide.com/ 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://www.datocms-assets.com https://*.mux.com https://www.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.infogram.com https://player.vimeo.com https://*.vimeocdn.com https://*.youtube.com https://youtube.com/ https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://fonts.gstatic.com https://cdn.cookielaw.org https://*.onetrust.com https://symbio-main.cloud.symbio.agency https://app.sli.do *.wowza.com 1
self *.publitas.com; font-src *.gstatic.com *.googleapis.com *.hiperdino.es *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.net *.facebook.com *.hiperdino.es *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.facebook.net *.facebook.com *.googleapis.com *.hotjar.com *.paycomet.com *.tiendeo.com *.hiperdino.es https://view.publitas.com *.publitas.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.amazonaws.com *.facebook.com *.facebook.net *.googleapis.com *.google.com *.google.es *.gstatic.com *.hiperdino.es *.singularfactory.com *.doubleclick.net https://cdn.jsdelivr.net *.publitas.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.amazonaws.com *.doubleclick.net *.cloudflare.com *.facebook.net *.googleapis.com *.hotjar.com *.mouseflow.com *.zdassets.com *.tiendeo.com *.hiperdino.es https://scripts.publitas.com https://cdn.jsdelivr.net https://openfpcdn.io https://intl-tel-input.com *.publitas.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.hiperdino.es https://scripts.publitas.com https://cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.hiperdino.es 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doubleclick.net *.googleapis.com *.google.com analytics.google.com *.google.es *.hotjar.com *.zendesk.com *.zdassets.com zendesk-eu.my.sentry.io *.zopim.com wss://widget-mediator.zopim.com *.hiperdino.es https://lib-eu-1.brilliantcollector.com/collector/collectorPost https://eu1-search.doofinder.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.hiperdino.es *.singularfactory.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.fontawesome.com *.typekit.net goto.benchmarkeducation.com *.braintreegateway.com *.paypal.com *.kaptcha.com *.wistia.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.benchmarkeducation.com/ *.newmarklearning.com/ *.jotfor.ms *.jotfor.com *.jotform.us *.jotform.com *.braintreegateway.com *.paypal.com *.kaptcha.com forms.hscollectedforms.net *.hsforms.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.braintreegateway.com *.demdex.net *.nr-data.net *.jotfor.ms *.jotfor.com *.jotform.us *.jotform.com *.paypal.com *.kaptcha.com *.hotjar.com *.addthis.com *.podbean.com forms.hscollectedforms.net *.hsforms.com app.hubspot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * 'self' data: *.omtrdc.net *.everesttech.net *.gstatic.com *.google.com *.akamaihd.net *.wistia.com *.demdex.net *.jotfor.ms *.jotfor.com *.jotform.us *.jotform.com *.googleapis.com *.linkedin.com *.adsymptotic.com t.co *.nr-data.net goto.benchmarkeducation.com *.braintreegateway.com *.paypal.com *.kaptcha.com *.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ * *.google.com *.gstatic.com *.googleapis.com goto.benchmarkeducation.com goto.newmarklearning.com *.wistia.com *.cloudflare.com *.jotfor.ms *.jotfor.com *.jotform.us *.jotform.com *.kit.fontawesome.com *.googletagmanager.com *.licdn.com *.twitter.com/ *.ads-twitter.com/ *.newrelic.com *.nr-data.net *.braintreegateway.com *.paypal.com *.kaptcha.com *.hotjar.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com kit-free.fontawesome.com *.fontawesome.com goto.benchmarkeducation.com goto.newmarklearning.com *.jotfor.ms *.jotfor.com *.jotform.us *.jotform.com *.typekit.net *.nr-data.net *.braintreegateway.com *.paypal.com *.kaptcha.com *.site-marketing-sites.s3.amazonaws.com *.cloudflare.com https://www.benchmarkeducation.com *.actonsoftware.com *.jsdelivr.net unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.wistia.net 'self' blob: *.jotfor.ms *.jotfor.com *.jotform.us *.jotform.com *.braintreegateway.com *.paypal.com *.kaptcha.com *.wistia.com *.fast.wistia.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com goto.benchmarkeducation.com goto.newmarklearning.com *.braintree-api.com *.braintreegateway.com *.demdex.net *.akamaihd.net *.litix.io *.wistia.io *.wistia.com *.jotfor.ms *.jotfor.com *.jotform.us *.jotform.com *.googleapis.com *.nr-data.net *.paypal.com *.kaptcha.com *.doubleclick.net *.hotjar.com wss://*.hotjar.com/api/v2/client/ws forms.hscollectedforms.net *.hsforms.com *.linkedin.com *.clarity.ms *.hubspot.com *.hubapi.com *.hotjar.io *.content.hotjar.io *.metrics.hotjar.io *.fast.wistia.com *.crwdcntrl.net *.stbuttons.click api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' blob: assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://*.sella.it https://*.axerve.com https://*.gestpay.it https://*.coremedia.vm https://*.coremedia.cloud https://*.coremedia.io https://*.coremedia.com https://*.quickrun.io https://*.coremedia.rocks 1
default-src 'self'; style-src * 'unsafe-inline'; font-src *; script-src * 'unsafe-eval' 'unsafe-inline'; img-src * data:; connect-src *; media-src * blob:; frame-src *; worker-src * blob:; 1
default-src 'self' https://www.youtube.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.dipucordoba.es https://dipucordoba.es https://wc.eprinsa.es https://cdn.syndication.twimg.com https://platform.twitter.com https://ajax.googleapis.com moz-extension://* https://googleapis.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.google.com https://www.tiempo.com https://www.eltiempo.es https://www.tutiempo.net https://www.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.dipucordoba.es https://dipucordoba.es https://maps.googleapis.com https://googleapis.com https://www.googletagmanager.com  https://www.eltiempo.es https://www.google-analytics.com/ https://connect.facebook.net https://www.tiempo.com https://www.google.com https://www.tutiempo.net https://platform.twitter.com https://cdn.syndication.twimg.com https://assets.pinterest.com https://assets.pinterest.com https://widgets.pinterest.com https://www.instagram.com https://widgets.waqi.info https://www.gstatic.com https://static.dialogflow.com https://ajax.googleapis.com; connect-src 'self' https://ai.elegantthemes.com https://apis.dipucordoba.es https://apis2.dipucordoba.es https://*.google-analytics.com https://maps.googleapis.com https://cloud.elegantthemes.com https://googleapis.com https://yoast.com https://dialogflow.cloud.google.com https://stats.g.doubleclick.net; img-src 'self' data: https://toolset.com https://wp.eprinsa.es https://*.w.org https://www.dipucordoba.es https://via.placeholder.com https://dipucordoba.es https://googleapis.com https://www.elegantthemes.com https://wp.eprinsa.es https://maps.googleapis.com https://maps.gstatic.com https://www.hitwebcounter.com https://www.google-analytics.com https://secure.gravatar.com https://www.facebook.com https://i.ytimg.com https://w.bookcdn.com https://hitwebcounter.com https://abs.twimg.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://log.pinterest.com https://i.pinimg.com https://www.googletagmanager.com https://apis.dipucordoba.es https://apis2.dipucordoba.es; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com https://stackpath.bootstrapcdn.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://centrovirtual.educacion.es https://www.dipucordoba.es https://dipucordoba.es https://i.vimeocdn.com https://player.vimeo.com https://mapserver.eprinsa.es https://www.tiempo.com https://www.eltiempo.es https://www.tutiempo.net https://www.google.com https://maps.google.com https://www.facebook.com https://www.youtube.com https://www.elegantthemes.com https://www.andalucialive.com https://platform.twitter.com https://syndication.twitter.com https://mapserver.eprinsa.es https://www.instagram.com; 1
script-src 'self' *.annies-publishing.com *.bing.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.pingdom.net *.audioeye.com code.jquery.com recruitingbypaycor.com *.liadm.com 'self' 'unsafe-inline' 'unsafe-eval';worker-src blob://* data://* 'self';connect-src 'self' *.annies-publishing.com *.bing.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.pingdom.net *.audioeye.com code.jquery.com recruitingbypaycor.com *.liadm.com;frame-ancestors 'self' *.recruitingbypaycor.com; 1
default-src 'self' 'nonce-kEStFUmhSR0guBBtEKSEknY3HBAnh9nS8aGmTFYDhs4='; script-src 'self' 'nonce-kEStFUmhSR0guBBtEKSEknY3HBAnh9nS8aGmTFYDhs4=' 'unsafe-inline' 'unsafe-eval' https://*.efilli.com https://recaptcha.google.com https://connect.facebook.net; frame-src 'self' https://td.doubleclick.net https://www.google.com https://www.youtube.com https://youtu.be https://e-bulten.istanbulmodern.com https://online.anyflip.com; connect-src 'self' https://*.google.com https://stats.g.doubleclick.net https://*.efilli.com; img-src 'self' data: https://www.istanbulmodern.org https://www.facebook.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.google.com.tr https://www.google.de https://i.ytimg.com https://interaktif.istanbulmodern.org https://www.eczacibasi.com.tr https://cdn.efilli.com; style-src 'self' 'unsafe-inline' 'unsafe-hashes' https://cdn.fonts.net https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://cdn.fonts.net 1
default-src https://accounts.google.com https://www.mollie.com https://stats.g.doubleclick.net https://quick-ferret-verbally.ngrok-free.app/ http://localhost https://localhost https://region1.analytics.google.com https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com https://dev40.aspetos.com/ https://test.aspetos.com/ https://live.aspetos.com/ https://aspetos.com/ https://media.aspetos.com/ https://cdnjs.cloudflare.com/ https://*.googleusercontent.com/ https://s3.eu-central-1.amazonaws.com/static.aspetos.com/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://www.google.de/ https://unpkg.com/@lottiefiles/lottie-player@latest/dist/ https://*.lottiefiles.com/packages/'self' data:  'unsafe-inline' 'unsafe-eval' 1
default-src 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.youtube.com https://www.primax.my https://www.rovr2u.com https://www.mymesra.com.my https://www.googletagmanager.com https://static.hotjar.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://cdn.curator.io https://www.google-analytics.com https://script.hotjar.com https://www.googleadservices.com https://fonts.googleapis.com https://connect.facebook.net https://googleads.g.doubleclick.net https://apis.google.com https://content.googleapis.com https://dynamicdiesel.my https://tagmanager.google.com https://rovr2u.ximnet.com.my/ https://www.instagram.com/ https://platform.instagram.com/ https://*.addthis.com https://z.moatads.com https://v1.addthisedge.com https://salesiq.zoho.com https://crm.zohopublic.com https://*.zohocdn.com https://*.zohostatic.com https://mc.yandex.ru https://yastatic.net https://analytics.tiktok.com https://apps.elfsight.com https://static.elfsight.com https://kit.fontawesome.com https://universe-static.elfsightcdn.com https://cdn-apac.onetrust.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.youtube.com https://www.primax.my https://www.rovr2u.com https://www.mymesra.com.my https://www.googletagmanager.com https://static.hotjar.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://cdn.curator.io https://www.google-analytics.com https://script.hotjar.com https://www.googleadservices.com https://fonts.googleapis.com https://connect.facebook.net https://googleads.g.doubleclick.net https://apis.google.com https://content.googleapis.com https://dynamicdiesel.my https://rovr2u.ximnet.com.my https://www.instagram.com https://platform.instagram.com https://*.addthis.com https://z.moatads.com https://v1.addthisedge.com https://salesiq.zoho.com https://crm.zohopublic.com https://*.zohocdn.com https://*.zohostatic.com https://mc.yandex.ru https://yastatic.net https://analytics.tiktok.com https://apps.elfsight.com https://static.elfsight.com https://kit.fontawesome.com https://universe-static.elfsightcdn.com https://cdn-apac.onetrust.com https://cdn.rawgit.com https://cdn.jsdelivr.net https://pagead2.googlesyndication.com; script-src-attr 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.youtube.com https://www.primax.my https://www.rovr2u.com https://www.mymesra.com.my https://www.googletagmanager.com https://static.hotjar.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://cdn.curator.io https://www.google-analytics.com https://script.hotjar.com https://www.googleadservices.com https://fonts.googleapis.com https://connect.facebook.net https://googleads.g.doubleclick.net https://apis.google.com https://content.googleapis.com https://dynamicdiesel.my https://www.instagram.com https://platform.instagram.com https://mc.yandex.ru https://yastatic.net https://analytics.tiktok.com https://apps.elfsight.com https://static.elfsight.com https://kit.fontawesome.com https://universe-static.elfsightcdn.com https://cdn-apac.onetrust.com; style-src * 'self' data: 'unsafe-inline' https://www.primax.my https://www.rovr2u.com https://www.mymesra.com.my https://fonts.googleapis.com https://cdn.curator.io https://dynamicdiesel.my https://www.gstatic.com https://rovr2u.ximnet.com.my https://*.zohocdn.com https://*.zohostatic.com; style-src-elem * 'self' data: 'unsafe-inline' https://www.primax.my https://www.rovr2u.com https://www.mymesra.com.my https://fonts.googleapis.com https://cdn.curator.io https://dynamicdiesel.my https://www.gstatic.com https://rovr2u.ximnet.com.my/ https://*.zohocdn.com https://*.zohostatic.com; style-src-attr * 'self' data: 'unsafe-inline' https://www.primax.my https://www.rovr2u.com https://www.mymesra.com.my https://fonts.googleapis.com https://cdn.curator.io https://dynamicdiesel.my https://*.zohocdn.com https://*.zohostatic.com; img-src * data:; font-src *; connect-src *; media-src * https://www.primax.my https://www.rovr2u.com https://www.mymesra.com.my http://dynamicdiesel.my/; frame-src *; frame-ancestors 'self' http://webvisor.com; base-uri *; manifest-src https://www.mymesra.com.my/ 1
style-src 'self' 'unsafe-inline' http://fast.fonts.net http://cdnjs.cloudflare.com https://tagmanager.google.com/debug/css.css  https://go.mimsoftware.com https://fonts.googleapis.com/icon https://fonts.googleapis.com/css https://static.hsappstatic.net/ https://kit-free.fontawesome.com/releases/latest/css/ https://s3.amazonaws.com/mimweb-portal/ https://andreasmb.github.io/lever-jobs-embed/embed-css/style.css  http://cdn2.hubspot.net https://mimsoftware.bamboohr.com/css/jobs-embed.css; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://www.google-analytics.com https://www.googletagmanager.com http://cdn.livechatinc.com https://secure.livechatinc.com https://accounts.livechatinc.com https://api.livechatinc.com/ d3rxaij56vjege.cloudfront.net https://tagmanager.google.com/debug https://bat.bing.com/bat.js https://static.ads-twitter.com/uwt.js https://js.hs-scripts.com/5300642.js https://extend.vimeocdn.com/ga/30453521.js https://tagmanager.google.com/debug/angular-bundle.js https://tagmanager.google.com/debug/debuguiApp.js https://js.hs-analytics.net/ https://js.hsadspixel.net/fb.js https://js.hscollectedforms.net/ https://tagmanager.google.com/debug/api/vtinfo https://www.google.com/pagead/conversion_async.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/943181837/ https://kit.fontawesome.com/ https://js.hsforms.net/forms/ https://forms.hsforms.com/embed/v3/form/ https://forms.hsforms.com/emailcheck/ https://tagmanager.google.com/debug/debuguiApp-bundle.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://s3.amazonaws.com/mimweb-portal/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://js.hs-banner.com/ https://js.hsleadflows.net/leadflows.js https://www.googleadservices.com/pagead/conversion_async.js https://analytics.twitter.com/i/adsct https://andreasmb.github.io/lever-jobs-embed/index.js https://js.hscta.net/cta/current.js https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/loader-v2.js https://bat.bing.com/p/action/26029591.js https://js.hsforms.net/forms/v2.js https://static.hsappstatic.net/ https://www.googleadservices.com/pagead/conversion_async.js http://cdn2.hubspot.net https://go.mimsoftware.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://app.hubspot.com/ https://js.hsadspixel.net http://js.hs-scripts.com https://*.clarity.ms https://www.vimeo.com http://www.googletagmanager.com https://mimsoftware.bamboohr.com/js/jobs2.php https://www.google.com/recaptcha/enterprise.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://js.hubspot.com/web-interactives-embed.js; media-src 'self' https://vod-progressive.akamaized.net/ https://go.mimsoftware.com/hubfs/; 1
frame-ancestors 'self' library-tools.org meritpages.com 1
default-src 'self' seatgeek.okta.com *.oktacdn.com; connect-src 'self' seatgeek.okta.com seatgeek-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com seatgeek.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' seatgeek.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' seatgeek.okta.com *.oktacdn.com; frame-src 'self' seatgeek.okta.com seatgeek-admin.okta.com login.okta.com *.vidyard.com com-okta-authenticator: api-680e7385.duosecurity.com; img-src 'self' seatgeek.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' seatgeek.okta.com data: *.oktacdn.com fonts.gstatic.com 1
default-src 'self' *.iwan.com.tw *.iwplay.com.tw *.google.com *.google.com.tw; frame-src *.iwplay.com.tw *.iwan.com.tw www.youtube.com *.facebook.com bid.g.doubleclick.net *.facebook.net; script-src *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com s.ytimg.com libs.baidu.com code.jquery.com *.google-analytics.com *.facebook.net *.facebook.com *.googleapis.com www.googletagmanager.com www.youtube.com www.googleadservices.com googleads.g.doubleclick.net *.google.com *.google.com.tw *.youtube.com ;style-src *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' www.youtube.com.tw fonts.googleapis.com *.facebook.net *.facebook.com *.google.com *.google.com.tw; img-src *.iwplay.com.tw *.google-analytics.com stats.g.doubleclick.net www.youtube.com *.google.com *.google.com.tw googleads.g.doubleclick.net *.facebook.com *.facebook.net data: ;frame-ancestors *.iwplay.com.tw *.iwan.com.tw *.google.com *.google.com.tw;font-src  fonts.gstatic.com *.googleapis.com *.google.com *.google.com.tw *.iwplay.com.tw data:;connect-src *.iwplay.com.tw *.google-analytics.com analytics.google.com stats.g.doubleclick.net; 1
default-src 'self'; script-src 'report-sample' 'self' https://connect.facebook.net/signals/config https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://browser-update.org/update.min.js https://connect.facebook.net/en_US/fbevents.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.caixaconsorcio.com.br/performance/performance.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/linkid.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self' 'unsafe-inline' https://static.caixaconsorcio.com.br/performance/disclaimer.css; object-src 'none'; base-uri 'self'; connect-src 'self' https://cdn.linkedin.oribi.io https://api.caixaseguradora.com.br https://performance.caixaconsorcio.com.br https://static.caixaconsorcio.com.br https://stats.g.doubleclick.net https://www.google-analytics.com https://youse.demdex.net; font-src 'self'; frame-src 'self' https://www.googletagmanager.com/ https://youse.demdex.net/; img-src 'self' data: https://px.ads.linkedin.com https://px4.ads.linkedin.com/collect https://www.facebook.com https://www.google-analytics.com https://www.google.com.br https://www.google.com; manifest-src 'self'; media-src 'self'; form-action 'none'; report-to endpoint; worker-src 'none'; 1
frame-ancestors zismo.biz zismo.ru zismone.ru promoggaqjkd.ru 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src !gateway.pinata.cloud * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
script-src 'self' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://code.jquery.com https://www.google.com https://www.google-analytics.com https://livechat.infobip.com https://www.googletagmanager.com https://kit.fontawesome.com https://www.gstatic.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://trc.taboola.com https://js.hscollectedforms.net https://unpkg.com https://cdn.botframework.com https://cdn.taboola.com https://connect.facebook.net https://www.trc.taboola.com 'unsafe-inline' 'unsafe-eval' object-src 'self' blob: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://tooting.ch; img-src 'self' https: data: blob: https://tooting.ch; style-src 'self' https://tooting.ch 'nonce-XhV+6hY3fKGUGufjHvpbwQ=='; media-src 'self' https: data: https://tooting.ch; frame-src 'self' https:; manifest-src 'self' https://tooting.ch; form-action 'self'; child-src 'self' blob: https://tooting.ch; worker-src 'self' blob: https://tooting.ch; connect-src 'self' data: blob: https://tooting.ch https://tooting.ch wss://tooting.ch; script-src 'self' https://tooting.ch 'wasm-unsafe-eval' 1
default-src * data:; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline'; frame-ancestors 'self' 1
default-src 'self' https://*.stepnova.net;script-src 'unsafe-inline' 'unsafe-eval' https://*.stepnova.net https://*.evsrv.net https://*.evsrv.de;style-src 'unsafe-inline' https://*.stepnova.net https://*.evsrv.net https://*.evsrv.de;img-src 'self' data: https://*.stepnova.net https://*.evsrv.net https://*.evsrv.de;connect-src 'self' https://*.stepnova.net https://*.evsrv.net https://*.evsrv.de;font-src 'self' https://*.stepnova.net https://*.evsrv.net https://*.evsrv.de;object-src 'self' data: 'unsafe-eval' https://*.stepnova.net;media-src 'self' https://*.stepnova.net https://*.evsrv.net https://*.evsrv.de;form-action 'self'; 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; connect-src 'self' https: data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; media-src 'self' https: data: blob:; child-src 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'self' data:; frame-src 'self' https: data: blob:; worker-src 'self' blob:; manifest-src 'self'; navigate-to 'self'; base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 	            https://www.google.com 	            https://ajax.googleapis.com 	            https://www.google-analytics.com 	            https://www.googletagmanager.com 	            https://use.fontawesome.com/ 	            https://cdnjs.cloudflare.com/ 	            https://maxcdn.bootstrapcdn.com 		    https://www.googleadservices.com/ 		    https://unpkg.com 		    https://code.jquery.com 		    https://developers.kakao.com 		    *.kakaocdn.net 		    https://cdn.jsdelivr.net 		    https://www.facebook.com 		    https://connect.facebook.net 		    https://svc6cdn.hectoinnovation.co.kr                     https://t1.daumcdn.net 		    https://ssp.igaw.io 		    https://analytics.tiktok.com 		    https://static.ads-twitter.com 		    https://trc.taboola.com 		    https://cdn.taboola.com 		    https://*.cloudfront.net 		    https://karrot-pixel.business.daangn.com 	  	    https://wcs.naver.net 	  	    https://*.airbridge.io 		    https://*.sentry-cdn.com 	            https://googleads.g.doubleclick.net/ ; 	    frame-ancestors 'self' 1
default-src:'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://accounts.google.com https://connect.facebook.net https://cdn.apple.com https://*; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://accounts.google.com; img-src 'self' https: data:; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; connect-src 'self' https:; frame-src 'self' https://accounts.google.com; object-src 'none';frame-ancestors 'self'; 1
frame-ancestors https://bdash-cloud.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://localhost:* http://*.sbotopcup.com http://apmcmwrew.cedexis.cc https://*.sbotop.com *.google.com *.google.com.tw https://www.googletagmanager.com http://blog.sbotop.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.sbotop.co.uk *.connextra.com https://dev.visualwebsiteoptimizer.com https://*.cdnrocket.net/ https://*.cloudswiftcdn.net/ https://*.speedysurfcdn.net/ https://*.rapidflarecdn.net/ https://*.lightningspeedcdn.net/ https://connect.facebook.net www.facebook.com https://*.g.doubleclick.net http://*.sbobet.com; img-src data: http://localhost:* http://*.sbotopcup.com http://apmcmwrew.cedexis.cc https://*.sbotop.com *.google.com *.google.com.tw https://www.googletagmanager.com http://blog.sbotop.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.sbotop.co.uk *.connextra.com https://dev.visualwebsiteoptimizer.com https://*.cdnrocket.net/ https://*.cloudswiftcdn.net/ https://*.speedysurfcdn.net/ https://*.rapidflarecdn.net/ https://*.lightningspeedcdn.net/ https://connect.facebook.net www.facebook.com https://*.g.doubleclick.net; report-uri https://csp.trackittk.net/z/3693b3a4-1444-448c-93f9-abfaa546d0e0; frame-src data: http://localhost:* http://*.sbotopcup.com http://apmcmwrew.cedexis.cc https://*.sbotop.com *.google.com *.google.com.tw https://www.googletagmanager.com http://blog.sbotop.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.sbotop.co.uk *.connextra.com https://dev.visualwebsiteoptimizer.com https://*.cdnrocket.net/ https://*.cloudswiftcdn.net/ https://*.speedysurfcdn.net/ https://*.rapidflarecdn.net/ https://*.lightningspeedcdn.net/ https://connect.facebook.net www.facebook.com https://*.g.doubleclick.net https://*.youtube.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com; worker-src data: blob: https://dev.visualwebsiteoptimizer.com; frame-ancestors 'self' data: https://*.sbotop.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://cloudisland.nz; img-src 'self' https: data: blob: https://cloudisland.nz; style-src 'self' https://cloudisland.nz 'nonce-4hglDxjEeEPMcnS9TCri3Q=='; media-src 'self' https: data: https://cloudisland.nz; frame-src 'self' https:; manifest-src 'self' https://cloudisland.nz; form-action 'self'; child-src 'self' blob: https://cloudisland.nz; worker-src 'self' blob: https://cloudisland.nz; connect-src 'self' data: blob: https://cloudisland.nz https://files.cloudisland.nz wss://cloudisland.nz; script-src 'self' https://cloudisland.nz 'wasm-unsafe-eval' 1
base-uri 'none'; child-src 'none'; connect-src 'self'; default-src 'self'; font-src 'none'; form-action 'self'; frame-ancestors 'none'; frame-src https://platform.twitter.com https://www.youtube.com; img-src 'self' data: https://201904.blogspot.com https://assets.gaysexpositions.guide https://www.gstatic.com https://*.imgbox.com https://i.pinimg.com https://c1.staticflickr.com https://*.media.tumblr.com https://pbs.twimg.com https://upload.wikimedia.org https://imgs.xkcd.com; manifest-src 'none'; media-src 'none'; object-src 'none'; report-to endpoint; report-uri https://gaysexpositions.guide/csp-report; script-src 'nonce-ciQmiKzH0NjgoQWQEN76zp15CgvRcoKj' 'report-sample' 'strict-dynamic' https: 'unsafe-inline'; style-src 'nonce-ciQmiKzH0NjgoQWQEN76zp15CgvRcoKj' 'report-sample' https: 'unsafe-inline'; worker-src 'none' 1
default-src 'none'; script-src 'self' 'unsafe-inline' www.google.com www.googleadservices.com www.google-analytics.com www.googleanalytics.com www.googletagmanager.com www.googleoptimize.com optimize.google.com *.g.doubleclick.net js.stripe.com app.certcapture.com www.gstatic.com/recaptcha/ js-agent.newrelic.com bam.nr-data.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com optimize.google.com app.certcapture.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: www.google.com www.google-analytics.com www.googletagmanager.com optimize.google.com *.g.doubleclick.net app.certcapture.com s3.amazonaws.com/certcapture_versioned/ s3.amazonaws.com/certcapture_unversioned/ www.google.ca www.google.co.au www.google.co.in www.google.co.uk www.google.com.mx www.google.com.ph www.google.de www.google.jo www.google.tt; frame-src 'self' www.youtube.com www.youtube-nocookie.com vimeo.com player.vimeo.com bid.g.doubleclick.net www.googleadservices.com optimize.google.com js.stripe.com app.certcapture.com s3.amazonaws.com/certcapture_versioned/ s3.amazonaws.com/certcapture_unversioned/ www.google.com/recaptcha/; connect-src 'self' www.google-analytics.com analytics.google.com adservice.google.com *.g.doubleclick.net https://*.algolia.net https://*.algolianet.com https://insights.algolia.io app.certcapture.com https://track1099-default-production-activestorage.s3.amazonaws.com bam.nr-data.net; manifest-src 'self'; form-action 'self'; base-uri 'none'; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self'; frame-src 'self' https://td.doubleclick.net https://youtube.com www.youtube.com www.youtube-nocookie.com; font-src 'self' fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com snap.licdn.com ajax.googleapis.com www.googletagmanager.com www.youtube.com connect.facebook.net www.google-analytics.com googleads.g.doubleclick.net cdn.jsdelivr.net maps.google.com maps.googleapis.com www.googleadservices.com pagead2.googlesyndication.com https://dc.cux.io https://static.hotjar.com https://script.hotjar.com; connect-src *; img-src 'self' px.ads.linkedin.com googleads.g.doubleclick.net *.aluprof.com aluprof.com *.google.com *.google.pl www.google-analytics.com www.gravatar.com maps.gstatic.com maps.googleapis.com blob: data:; style-src 'self' 'unsafe-hashes' 'unsafe-inline' fonts.googleapis.com;base-uri 'self';form-action 'self' 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *.google.com *.maps.google.com https://fonts.googleapis.com https://maps.googleapis.com https://maps.gstatic.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleusercontent.com ghbtns.com cdnjs.cloudflare.com *.facebook.net *.facebook.com sitest.jp https://*.clarity.ms https://c.bing.com *.hubspot.com js.hs-scripts.com js.hs-banner.com js.hscollectedforms.net js.hsforms.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com js.usemessages.com js.hs-analytics.net *.hsadspixel.net *.hubapi.com *.hscollectedforms.net;  1
frame-ancestors 'self' *.getxo.eus; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 1
frame-ancestors https://new.oasis.gov.in 1
default-src 'self'; script-src 'self' https://www.biohort.com 'unsafe-inline' 'unsafe-eval' https://*.pinterest.com https://*.online-metrix.net https://www.biohort.com https://*.skadtec.com https://*.gsitrix.com https://*.payments-amazon.com https://*.googlesyndication.com https://*.hotjar.com https://*.youtube.com https://*.g.doubleclick.net https://*.clarity.ms https://*.adform.net https://*.pinimg.com https://*.bing.com https://*.googleadservices.com http://*.googleapis.com http://*.google-analytics.com https://*.elfsight.com https://*.google-analytics.com https://connect.facebook.net https://*.googletagmanager.com https://live.luigisbox.com https://cdn.luigisbox.com https://cdn.jsdelivr.net/npm/pwacompat@2.0.6/pwacompat.min.js https://maps.googleapis.com/ https://static.unzer.com/v1/unzer.js https://widgets.trustedshops.com http://widgets.trustedshops.com https://*.api.trustedshops.com http://*.api.trustedshops.com https://www.google-analytics.com/ga.js https://maps.googleapis.com/maps-api-v3/api/js/48/4/intl/de_ALL/common.js https://maps.googleapis.com/maps-api-v3/api/js/48/4/intl/de_ALL/util.js https://*.luigisbox.com https://cdn.luigisbox.com/biohort.js; style-src 'self' https://www.biohort.com 'unsafe-inline' https://widgets.trustedshops.com http://widgets.trustedshops.com https://live.luigisbox.com https://cdn.luigisbox.com https://fonts.googleapis.com https://static.unzer.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.biohort.com https://www.biohort.com https://*.google.com https://*.unzer.com https://*.online-metrix.net https://*.googlesyndication.com https://*.amazon.com https://*.gsitrix.com https://*.bing.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.pinterest.com https://*.clarity.ms https://*.trustbadge.etrusted.com https://*.trustbadge.com https://*.api.etrusted.com https://*.trustedshops.com http://*.googleapis.com http://*.google-analytics.com https://*.elfsight.com https://*.g.doubleclick.net http://cdn1.api.trustedshops.com https://cdn1.api.trustedshops.com https://*.heidelpay.com https://payments.amazon.de https://live.luigisbox.com https://payments-de.amazon.com https://payments-de-sandbox.amazon.com/ https://maps.googleapis.com https://api.luigisbox.com https://app.luigisbox.com https://linter.luigisbox.com https://www.roomle.com/api/v2/configurators/biohort https://*.facebook.com; font-src 'self' https://www.biohort.com data: https://widgets.trustedshops.com http://widgets.trustedshops.com https://live.luigisbox.com https://cdn.luigisbox.com https://fonts.gstatic.com https://static.unzer.com; frame-src 'self' https://www.biohort.com data: tel: 'unsafe-inline' https://*.adform.net  https://*.unzer.com https://*.online-metrix.net https://roomle-uploads.storage.googleapis.com https://*.googlesyndication.com https://*.doubleclick.net https://*.hotjar.com https://*.pinterest.com https://*.heidelpay.com https://www.youtube.com https://www.youtube-nocookie.com https://static-eu.payments-amazon.com https://payments.amazon.de https://hvtool.biohort.com https://www.roomle.com blob: https://biohortgmbh.dev-vm blob: http://biohortgmbh.dev-vm blob: https://biohortgmbh.livecluster.siwa.at blob: https://biohortgmbh.com https://*.facebook.com;img-src 'self' https://www.biohort.com data: 'unsafe-inline' https://www.biohort.com https://*.online-metrix.net https://fastly.picsum.photos https://picsum.photos https://*.doubleclick.net https://*.payments-amazon.com https://*.skadtec.com https://*.googleadservices.com https://hvtool.biohort.com  https://*.facebook.net https://*.clarity.ms https://*.g.doubleclick.net https://*.pinterest.com https://*.bing.com https://*.google.com https://*.google.at https://*.google.de https://*.googletagmanager.com http://*.google-analytics.com https://*.elfsight.com https://*.elfsightcdn.com https://*.trustedshops.com https://*.ytimg.com https://www.facebook.com https://static.unzer.com https://uploads.roomle.com https://images-na.ssl-images-amazon.com https://m.media-amazon.com https://d23yuld0pofhhw.cloudfront.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.biohort.com https://app.luigisbox.com https://live.luigisbox.com; manifest-src 'self' https://*.amazoncognito.com; media-src 'self' https://www.biohort.com; worker-src 'self'; 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com media.brightcove.com cdn.jsdelivr.net dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com bam.eu01.nr-data.net sjpdigital.fra1.qualtrics.com *.qualtrics.com api.edq.com stats.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://ws7.hotjar.com  partnership-site-api.sjp.co.uk maps.googleapis.com ict.infinity-tracking.net *.hotjar.com *.intercom.io cdn.linkedin.oribi.io *.intercom.io vc.hotjar.io https://content.hotjar.io/ wss://*.nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io *.region1.analytics.google.com region1.analytics.google.com region1.google-analytics.com *.analytics.google.com *.google.com *.google-analytics.com fonts.gstatic.com maxcdn.bootstrapcdn.com themes.googleusercontent.com http://manifest.prod.boltdns.net https://manifest.prod.boltdns.net manifest.prod.boltdns.net * blob: gateway.shorthand.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis-live.com dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com *.investisdigital.com player.vimeo.com www.recaptcha.net otp.tools.investis.com qaotp.tools.investisdigital.com sjp.getmediamanager.com bam.eu01.nr-data.net code.highcharts.com viz.tools.investis.com jquery.magnific-popup.min sjpdigital.fra1.qualtrics.com *.qualtrics.com *.googleadservices.com *.licdn.com *.googleadservices.com *.licdn.com *.doubleclick.net sjp.secure.force.com www3.sjp.co.uk *.intercom.io *.intercomcdn.com *.trustarc.com consent.trustarc.com https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js *.region1.analytics.google.com players.brightcove.net *.zencdn.net blob: *.brightcove.net *.shorthandstories.com *.cloudfront.net *.shorthand.com *.mediamanager.io; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis-live.com *.investisdigital.com *.googletagmanager.com *.googletagmanager.com consent.trustarc.com; img-src 'self' 'unsafe-inline' * data: *.brightcove.net; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.youtube.com player.vimeo.com blob: https://manifest.prod.boltdns.net manifest.prod.boltdns.net *.akamaihd.net *.brightcovecdn.com http://manifest.prod.boltdns.net nginx.flagship-eu-only.eu-central-1.bynder.cloud sjp.bynder.com theinvestor.shorthandstories.com; frame-src 'self' *.investis.com www.google.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com sjp.getmediamanager.com digital.feprecisionplus.com play.acast.com viz.tools.investis.com embed.acast.com staging-digital.feprecisionplus.com https://surveys.sjp.co.uk trustarc.com *.fls.doubleclick.net *.amazon-adsystem.com *.fls.doubleclick.net *.amazon-adsystem.com *.hotjar.com *.trustarc.com sjp.secure.force.com https://widget.trustpilot.com/ cloud.comms.sjp.co.uk sjp.my.salesforce-sites.com studio.h2creative.co.uk https://td.doubleclick.net/ prod.respondselfserve.com partnership.sjp.co.uk/ open.spotify.com cloud.comms.sjpp.co.uk gateway.shorthand.com; frame-ancestors *; child-src https://partnership.sjp.co.uk/ https://sjp-partner-nginx-stg.uk.deptagency.com/ https://sjp.secure.force.com https://sjp.my.salesforce-sites.com/ blob:; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com cdn.loom.com consent.trustarc.com *.zencdn.net *.shorthandstories.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval'  *.region1.analytics.google.com region1.google-analytics.com *.analytics.google.com *.google.com *.google-analytics.com https://siteintercept.qualtrics.com/ https://stats.g.doubleclick.net/ https://vc.hotjar.io/ https://in.hotjar.com/ https://api-iam.eu.intercom.io/ https://cdn.linkedin.oribi.io/ https://stats.g.doubleclick.net/ wss://ws.hotjar.com/ https://content.hotjar.io/ wss://nexus-europe-websocket.intercom.io/ maps.googleapis.com consent-pref.trustarc.com api.investisdigital.com dev-assets.investisdigital.com https://pagead2.googlesyndication.com/ assets.investisdigital.com px.ads.linkedin.com edge.api.brightcove.com *.akamaihd.net https://manifest.prod.boltdns.net *.brightcovecdn.com http://manifest.prod.boltdns.net googleads.g.doubleclick.net manifest.prod.boltdns.net *.brightcove.net sjp.bynder.com *.shorthand.com 1
frame-ancestors khh.travel 'self' 1
upgrade-insecure-requests; default-src https: 'self' 'unsafe-inline' 'unsafe-eval' data: *.lojaepson.com.br *.kalunga.com.br https://www.google-analytics.com https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com *.lojaepson.com.br *.kalunga.com.br connect.facebook.net https://s.go-mpulse.net https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.google.com.br; img-src 'self' data: *.lojaepson.com.br  *.kalunga.com.br https://www.google-analytics.com https://www.google.com https://www.google.com.br https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.lojaepson.com.br *.kalunga.com.br https://www.googletagmanager.com https://fonts.googleapis.com; object-src 'none'; 1
frame-ancestors 'self' https://*.melissa.com.br https://*.zaxy.com.br https://*.sandaliasipanema.com.br https://*.lojacartago.com.br https://*.grendenekids.com.br https://*.grendha.com.br https://*.shopmelissaeu.com https://*.shopmelissa.com https://*.conexaomelissa.com.br https://*.grendene.com.br 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://literatur.social; img-src 'self' https: data: blob: https://literatur.social; style-src 'self' https://literatur.social 'nonce-fyi6sjvcUiTrkG+VhzX53Q=='; media-src 'self' https: data: https://literatur.social; frame-src 'self' https:; manifest-src 'self' https://literatur.social; form-action 'self'; child-src 'self' blob: https://literatur.social; worker-src 'self' blob: https://literatur.social; connect-src 'self' data: blob: https://literatur.social https://literatur.social wss://literatur.social; script-src 'self' https://literatur.social 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com google-analytics.com; frame-src 'self' https://www.youtube.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com google-analytics.com;img-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com google-analytics.com 1
frame-ancestors 'self' https://manage.americanmachinist.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self' cbsl.nl cbsl.tergooi.nl geboorteteamhetgooi.nl https://*.readspeaker.com https://googleads.g.doubleclick.net https://msd.bbvms.com https://pagead2.googlesyndication.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://yoast.com mijntergooi.nl plastischechirurgietergooi.nl tergooi.com tergooi.eu tergooi.info tergooi.nl tergooi.org tergooiclinics.nl tergooimcclinics.nl tergooiziekenhuis.nl tergooiziekenhuizen.nl www.cbsl.nl www.geboorteteamhetgooi.nl www.mijntergooi.nl www.plastischechirurgietergooi.nl www.tergooi.com www.tergooi.eu www.tergooi.info www.tergooi.nl www.tergooi.org www.tergooiclinics.nl www.tergooimcclinics.nl www.tergooiziekenhuis.nl www.tergooiziekenhuizen.nl www.ziekenhuishilversum.nl ziekenhuishilversum.nl; img-src * blob: data:; media-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' cbsl.nl cbsl.tergooi.nl geboorteteamhetgooi.nl https://*.googleapis.com https://*.readspeaker.com https://apis.google.com https://cdn.bluebillywig.com https://cdn.syndication.twimg.com https://cdnjs.cloudflare.com https://djtflbt20bdde.cloudfront.net https://f.vimeocdn.com https://m15.mailplus.nl https://maps.google.com https://msd.bbvms.com https://platform.twitter.com https://ssl.google-analytics.com https://static.mailplus.nl https://use.typekit.com https://use.typekit.net https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.zorgkaartnederland.nl mijntergooi.nl plastischechirurgietergooi.nl tergooi.com tergooi.eu tergooi.info tergooi.nl tergooi.org tergooiclinics.nl tergooimcclinics.nl tergooiziekenhuis.nl tergooiziekenhuizen.nl www.cbsl.nl www.geboorteteamhetgooi.nl www.mijntergooi.nl www.plastischechirurgietergooi.nl www.tergooi.com www.tergooi.eu www.tergooi.info www.tergooi.nl www.tergooi.org www.tergooiclinics.nl www.tergooimcclinics.nl www.tergooiziekenhuis.nl www.tergooiziekenhuizen.nl www.ziekenhuishilversum.nl ziekenhuishilversum.nl; font-src 'self' cbsl.nl cbsl.tergooi.nl data: geboorteteamhetgooi.nl https://cdnjs.cloudflare.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.com https://use.typekit.net mijntergooi.nl plastischechirurgietergooi.nl tergooi.com tergooi.eu tergooi.info tergooi.nl tergooi.org tergooiclinics.nl tergooimcclinics.nl tergooiziekenhuis.nl tergooiziekenhuizen.nl www.cbsl.nl www.geboorteteamhetgooi.nl www.mijntergooi.nl www.plastischechirurgietergooi.nl www.tergooi.com www.tergooi.eu www.tergooi.info www.tergooi.nl www.tergooi.org www.tergooiclinics.nl www.tergooimcclinics.nl www.tergooiziekenhuis.nl www.tergooiziekenhuizen.nl www.ziekenhuishilversum.nl ziekenhuishilversum.nl; style-src 'self' 'unsafe-inline' cbsl.nl cbsl.tergooi.nl geboorteteamhetgooi.nl https://*.readspeaker.com https://cdnjs.cloudflare.com https://djtflbt20bdde.cloudfront.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://platform.twitter.com https://static.mailplus.nl https://ton.twimg.com https://www.zorgkaartnederland.nl mijntergooi.nl plastischechirurgietergooi.nl tergooi.com tergooi.eu tergooi.info tergooi.nl tergooi.org tergooiclinics.nl tergooimcclinics.nl tergooiziekenhuis.nl tergooiziekenhuizen.nl www.cbsl.nl www.geboorteteamhetgooi.nl www.mijntergooi.nl www.plastischechirurgietergooi.nl www.tergooi.com www.tergooi.eu www.tergooi.info www.tergooi.nl www.tergooi.org www.tergooiclinics.nl www.tergooimcclinics.nl www.tergooiziekenhuis.nl www.tergooiziekenhuizen.nl www.ziekenhuishilversum.nl ziekenhuishilversum.nl; frame-src 'self' cbsl.nl cbsl.tergooi.nl geboorteteamhetgooi.nl https://*.guidingtube.com https://*.readspeaker.com https://eenvandaag.avrotros.nl https://embed.bouw.live https://indd.adobe.com https://live.bakerymedia.nl https://live.bobkoetsier.nl https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://syndication.twitter.com https://takeda.bbvms.com https://vt.plushglobalmedia.com https://w.soundcloud.com https://www.google.com https://www.hoedrukisdeseh.nl https://www.youtube.com mijntergooi.nl plastischechirurgietergooi.nl tergooi.com tergooi.eu tergooi.info tergooi.nl tergooi.org tergooiclinics.nl tergooimcclinics.nl tergooiziekenhuis.nl tergooiziekenhuizen.nl www.cbsl.nl www.geboorteteamhetgooi.nl www.mijntergooi.nl www.plastischechirurgietergooi.nl www.tergooi.com www.tergooi.eu www.tergooi.info www.tergooi.nl www.tergooi.org www.tergooiclinics.nl www.tergooimcclinics.nl www.tergooiziekenhuis.nl www.tergooiziekenhuizen.nl www.ziekenhuishilversum.nl ziekenhuishilversum.nl 1
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://js.hsforms.net https://js.hs-analytics.net https://js.hs-scripts.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdn.taboola.com https://fe.sitedataprocessing.com https://app.termly.io https://www.googletagmanager.com https://js.hs-banner.com https://js.hsadspixel.net https://trc.taboola.com https://googleads.g.doubleclick.net https://bat.bing.com https://connect.facebook.net https://snap.licdn.com https://static.ads-twitter.com https://platform.twitter.com https://cdnjs.cloudflare.com https://ws.zoominfo.com https://www.google-analytics.com https://meetings.hubspot.com https://static.hsappstatic.net https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://cdn.datatables.net https://cdn-cookieyes.com 1
frame-ancestors 'self'; base-uri 'self'; form-action assets.koempf24.de gpc-sys.pay1.de pixi.koempf24.de ratenkauf.easycredit.de threedssvc.pay1.de www.mollie.com www.paypal.com www.sofort.com www.zoologo.de backoffice.koempf24.de 'self' https://threedssvc.pay1.de https://gpc-sys.pay1.de https://www.paypal.com https://www.sofort.com https://ratenkauf.easycredit.de https://seu2.cleverreach.com https://*.mollie.com https://*.mollie.nl https://pay.twint.ch https://r2.girogate.de https://www.paydirekt.de/ https://pay.klarna.com/eu/hpp/payments/* 1
default-src 'self'; form-action 'none'; worker-src blob: ; media-src https://d10lpsik1i8c69.cloudfront.net/sounds/pop.mp3; connect-src 'self' wss://realtime.luckyorange.com/mqtt https://api.parkassist.com/ https://pubsub.googleapis.com/ wss://visitors.live/ https://api-preview.luckyorange.com/ wss://in.visitors.live/ https://settings.luckyorange.com/ https://settings.luckyorange.net/ https://flykc.cdn.prismic.io/ https://stats.g.doubleclick.net https://visitor2.constantcontact.com/ https://listgrowth.ctctcdn.com/ https://flykc-functions.azurewebsites.net/api/ https://www.google-analytics.com/ https://analytics.google.com/ https://www.cognitoforms.com/ https://api.openweathermap.org/ https://kc-airports.cdn.prismic.io/; font-src 'self' https://use.typekit.net https://cdnjs.cloudflare.com https://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/npm/ https://connect.facebook.net https://d10lpsik1i8c69.cloudfront.net/ https://tools.luckyorange.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdnjs.cloudflare.com/ https://static.ctctcdn.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://static.cognitoforms.com/ https://www.cognitoforms.com/ https://static.cdn.prismic.io; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://d10lpsik1i8c69.cloudfront.net https://static.ctctcdn.com/ https://fonts.googleapis.com/ https://p.typekit.net https://use.typekit.net https://cdnjs.cloudflare.com; frame-src https://maps.google.com/ https://www.youtube.com/ https://www.google.com/ https://4475515.fls.doubleclick.net/ https://book.appointedd.com/ https://pcmap-kci-new.netlify.app/ https://flymkc.prismic.io/ https://kc-airports.cdn.prismic.io/; img-src 'self' https://fonts.gstatic.com/ https://www.googletagmanager.com/ https://d10lpsik1i8c69.cloudfront.net/ https://www.facebook.com/tr/ https://images.prismic.io https://flymkc.cdn.prismic.io/flymkc/ data: w3.org/svg/2000; frame-ancestors 'none'; 1
connect-src 'self' wss://www.genisysonlinebanking.org wss://*.twilio.com https://maps.geo.us-east-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://api.botcopy.com https://*.velaro.com https://*.orpheusdev.net https://*.mfmnow.com https://*.financialhost.org https://*.livetest-financialhost.org https://*.test-financialhost.org https://*.dev-financialhost.org wss://*.orpheusdev.net wss://*.test-financialhost.org wss://*.financialhost.org wss://*.livetest-financialhost.org wss://*.dev-financialhost.org wss://demows.financialtown.com https://demomain.financialtown.com https://demowebrtclb.financialtown.com wss://ws.financialtown.com https://main.financialtown.com https://webrtclb.financialtown.com https://*.purechat.com wss://*.purechat.com 1
default-src * data: blob: 'self'; script-src 'self' googlesyndication.com *.googlesyndication.com google.com googleadservices.com *.googleadservices.com woobox.com www.gstatic.com app.anyroad.com maps.googleapis.com adservice.google.com gleam.io api.omappapi.com a.optnmstr.com bam.nr-data.net rum-collector-2.pingdom.net analytics.google.com d31qbv1cthcecs.cloudfront.net js.gleam.io js-agent.newrelic.com rum-static.pingdom.net static.ads-twitter.com www.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net cdn.privacy-mgmt.com *.google-analytics.com *.googletagmanager.com ajax.googleapis.com *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *; connect-src 'self' googlesyndication.com *.googlesyndication.com google.com googleadservices.com *.googleadservices.com woobox.com www.gstatic.com app.anyroad.com maps.googleapis.com adservice.google.com gleam.io api.omappapi.com a.optnmstr.com bam.nr-data.net rum-collector-2.pingdom.net analytics.google.com d31qbv1cthcecs.cloudfront.net js.gleam.io js-agent.newrelic.com rum-static.pingdom.net static.ads-twitter.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net cdn.privacy-mgmt.com *.google-analytics.com *.google.com *.googletagmanager.com ajax.googleapis.com *.facebook.com facebook.com; block-all-mixed-content; upgrade-insecure-requests; 1
base-uri 'self'; default-src 'self' https://cdn.shopify.com https://widget.trustpilot.com/ https://*.jotform.com/ http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://*.tangiblee.com https://*.googletagmanager.com https://calendly.com/ https://kcsvs.keyzarjewelry.com/ https://cdn.kustomerapp.com/ https://keyzar.api.kustomerapp.com/ https://www.google.com/ https://kcyor.keyzarjewelry.com/api/v1/kcyor/wishList/ localhost:* ws://localhost:* ws://127.0.0.1:* https://sc-static.net/ https://*.gstatic.com/ https://use.typekit.net/ https://*.keyzarjewelry.com https://www.instagram.com/ 'self' 'nonce-90706cd486dfb616d41cd6428164e192' https://cdn.shopify.com https://shopify.com; frame-ancestors 'self' https://cdn.shopify.com https://widget.trustpilot.com/ https://*.jotform.com/ https://www.googletagmanager.com/ https://*.tangiblee.com https://*.googletagmanager.com https://calendly.com/ https://kcsvs.keyzarjewelry.com/ https://cdn.kustomerapp.com/ https://keyzar.api.kustomerapp.com/ https://www.google.com/ https://kcyor.keyzarjewelry.com/api/v1/kcyor/wishList/ https://*.criteo.com/ http://*.criteo.com/ https://*.keyzarjewelry.com https://keyzarjewelry.com https://www.instagram.com/; style-src * 'unsafe-inline' 'self' https://cdn.shopify.com https://assets.calendly.com https://use.typekit.net localhost:* https://*.tangiblee.com https://*.keyzarjewelry.com https://www.instagram.com/ 'self' 'unsafe-inline' https://cdn.shopify.com; connect-src 'self' https://cdn.shopify.com https://widget.trustpilot.com/ https://*.jotform.com/ http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://*.tangiblee.com https://*.googletagmanager.com https://calendly.com/ https://kcsvs.keyzarjewelry.com/ https://cdn.kustomerapp.com/ https://keyzar.api.kustomerapp.com/ https://www.google.com/ https://kcyor.keyzarjewelry.com/api/v1/kcyor/wishList/ localhost:* ws://localhost:* ws://127.0.0.1:* https://monorail-edge.shopifysvc.com/ https://*.analytics.google.com/ https://*.ingest.sentry.io/ https://*.klaviyo.com/ https://*.attn.tv/ https://*.attentivemobile.com/ https://*.criteo.com/ http://*.criteo.com/ https://sc-static.net/ https://*.google-analytics.com/ https://stats.g.doubleclick.net/ https://*.reddit.com/ https://*.getelevar.com/ https://cdn.cookielaw.org/ https://*.onetrust.com/ https://services.mybcapps.com/ https://venkatmcajj.github.io/ https://*.keyzarjewelry.com https://www.redditstatic.com https://ct.pinterest.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com 'self' https://monorail-edge.shopifysvc.com; script-src 'self' https://cdn.shopify.com https://widget.trustpilot.com/ https://*.jotform.com/ http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://*.tangiblee.com https://*.googletagmanager.com https://calendly.com/ https://kcsvs.keyzarjewelry.com/ https://cdn.kustomerapp.com/ https://keyzar.api.kustomerapp.com/ https://www.google.com/ https://kcyor.keyzarjewelry.com/api/v1/kcyor/wishList/ https://shopify-gtm-suite.getelevar.com/ https://*.klaviyo.com/ https://*.attn.tv/ https://*.attentivemobile.com/ https://*.criteo.com/ http://*.criteo.com/ https://sc-static.net/ https://*.google-analytics.com/ https://cdn.cookielaw.org/ https://*.onetrust.com/ * https://*.keyzarjewelry.com https://www.redditstatic.com https://ct.pinterest.com https://www.instagram.com/ 'unsafe-inline' 'unsafe-eval' 'nonce-90706cd486dfb616d41cd6428164e192'; frame-src 'self' https://cdn.shopify.com https://widget.trustpilot.com/ https://*.jotform.com/ https://www.googletagmanager.com/ https://*.tangiblee.com https://*.googletagmanager.com https://calendly.com/ https://kcsvs.keyzarjewelry.com/ https://cdn.kustomerapp.com/ https://keyzar.api.kustomerapp.com/ https://www.google.com/ https://kcyor.keyzarjewelry.com/api/v1/kcyor/wishList/ https://*.criteo.com/ http://*.criteo.com/ https://*.keyzarjewelry.com https://keyzarjewelry.com https://www.redditstatic.com https://ct.pinterest.com https://www.instagram.com/; img-src * data: https://cdn.shopify.com https://*.google-analytics.com https://*.googletagmanager.com https://www.instagram.com/ 1
default-src 'self' data: https: wss: 'unsafe-inline' 'unsafe-eval'; font-src data: https:; media-src blob: data: https: 1
frame-ancestors 'self' https://*.lexus.fr https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
script-src 'self' 'unsafe-inline' https://code.jquery.com/ https://cdn.jsdelivr.net/npm/ https://d1f8f9xcsvx3ha.cloudfront.net/ https://plausible.io/; sandbox allow-top-navigation allow-scripts allow-same-origin allow-forms allow-downloads; 1
default-src 'self' https://*.gstatic.com https://s.kv-rlp.de; script-src 'self' 'nonce-RJ9vZ5hZK-4RVsof6AQdF4Mht9JN-pi4nJ3-bhUF90wXFxZguDIyYw' 'sha256-VtSGJFAY3YGqW6klGSZDALKvRz5hw18biEWs/fFwd20=' https://*.googleapis.com https://*.kv-rlp.de 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com 'nonce-RJ9vZ5hZK-4RVsof6AQdF4Mht9JN-pi4nJ3-bhUF90wXFxZguDIyYw' https://*.gstatic.com https://*.googleapis.com https://*.kv-rlp.de https://*.kv-safenet.de; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com 'nonce-RJ9vZ5hZK-4RVsof6AQdF4Mht9JN-pi4nJ3-bhUF90wXFxZguDIyYw' https://*.powerbi.com; style-src-elem 'self' 'nonce-RJ9vZ5hZK-4RVsof6AQdF4Mht9JN-pi4nJ3-bhUF90wXFxZguDIyYw' 'sha256-oVLhmACRZ0dspPO3kTf2vYtL/UWzJTKtLhY1vu4fGcI=' https://*.googleapis.com 'report-sample'; connect-src 'self' https://*.gstatic.com https://s.kv-rlp.de https://*.googleapis.com https://*.kv-rlp.de; report-uri https://www.kv-rlp.de/@http-reporting?csp=report&requestTime=1721957762353681 1
upgrade-insecure-requests; frame-ancestors 'self' *.sc-pa.com; object-src 'self'; 1
report-uri https://odigeoconnect.com/wp-json/wpcsp/v1/route/LogPolicyViolation?_wpnonce=4eef80a462 1
frame-ancestors 'self' https://preprod-cmq.netlify.app https://develop--preprod-cmq.netlify.app https://phpstack-932685-3238413.cloudwaysapps.com https://phpstack-932685-3238296.cloudwaysapps.com 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://tr.snapchat.com; form-action 'self' https://www.facebook.com https://checkout.yourcoca-cola.co.uk https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://cdn.trackjs.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' *.sf.gov *.sfgov.org *.ca.gov sf.courts.ca.gov sf-fire.org sfport.com sfpublicdefender.org www.flysfo.com www.sfanimalcare.org www.sfartscommission.org asianart.org www.sfassessor.org sfbos.org www.calacademy.org www.dcyf.org www.sfcityattorney.org www.sfhsa.org www.sfcdcp.org sfdistrictattorney.org sfenvironment.org www.sfdph.org sfethics.org www.famsf.org sfplanning.org sfdhr.org www.sfmta.com sfocii.org www.sfpuc.org www.sfpublicworks.org sfrecpark.org www.sfcityhallevents.org mysfers.org sfhss.org sfpl.org www.sfusd.edu www.sfsheriff.com sftreasurer.org fwarmemorial.org; report-uri /report-csp-violation 1
frame-ancestors https://*.selfapy.com 1
default-src 'self' * data: 'unsafe-eval' 'unsafe-inline' blob:  https://www.googletagmanager.com https://www.google.com/ https://www.google-analytics.com  data: gap: https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' https://cdn.jsdelivr.net https://gd.geobytes.com https://tags.crwdcntrl.net https://www.gstatic.com  https://www.googleoptimize.com https://www.gstatic.com * https://www.google-analytics.com http://cdn.taboola.com http://ajax.googleapis.com https://www.googletagmanager.com https://trc.taboola.com https://www.google.com https://cdnjs.cloudflare.com https://cds.taboola.com *   https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/assets/owl.carousel.css 'unsafe-inline' 'unsafe-eval' https://cdn.taboola.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.mahindramanulife.com *.youtube.com *.cdnjs.cloudflare.com https://gd.geobytes.com https://use.fontawesome.com/552df102e9.js https://connect.facebook.net/en_US/fbevents.js https://apis.google.com/js/platform.js http://widgets.in.webengage.com/js/webengage-min-v-6.0.js https://googleads.g.doubleclick.net * https://ajax.googleapis.com https://unpkg.com https://www.googleoptimize.com  https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://sdki.truepush.com https://cdnjs.cloudflare.com http://www.googletagmanager.com http://www.google.com https://pagecdn.io/lib/jquery-cookie/v1.4.1/jquery.cookie.js http://cdnjs.cloudflare.com https://cdn.jsdelivr.net data: blob:; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.googletagmanager.com *.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/assets/owl.carousel.css https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/assets/owl.theme.default.min.css https://use.fontawesome.com * http://c.in.webengage.com * https://docs.google.com * docs.google.com * https://wsdk-files.in.webengage.com * https://chatbot.mahindramanulife.com *; worker-src 'self' * data: blob: gap: 'unsafe-eval' 'unsafe-inline' 'self'; img-src 'self'  https://tags.crwdcntrl.net https://www.googletagmanager.com  https://sdki.truepush.com https://trc.taboola.com  http://tr.outbrain.com * https://www.google.com https://cdnjs.cloudflare.com https://apis.google.com https://www.google.co.in https://www.google-analytics.com https: data:; media-src 'self' data:; connect-src * 1
default-src https: 'unsafe-eval' 'unsafe-inline'; form-action https:; img-src 'self' data:; connect-src https: wss:; object-src 'none' 1
frame-ancestors 'self' *.gosshosted.com 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-cS8gHXDsQUkYdBPU2XIEDiVoQ' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors 'self' newlynamed.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; base-uri 'self'; form-action 'self' https://www.paypal.com; frame-ancestors 'self'; frame-src 'self' https://*.guardedhost.com https://*.amhosting.com https://*.amhosting.com:2222;  img-src 'self' data: https://ssl.google-analytics.com https://www.paypalobjects.com https://*.guardedhost.com; connect-src 'self' wss://wssp.guardedhost.com; 1
upgrade-insecure-requests; default-src beeon.ru:240724 https://beeon.ru; child-src 'self'; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com push4site.com; frame-src 'self' *.best2pay.net *.ru *.*.ru *.*.*.ru https://*.*.ru:8443 https://*.*.ru:444 https://*.*.ru:3443 https://*.*.ru:442 https://*.*.ru:9647 https://*.*.ru:5443 *.com *.*.com *.*.*.com https://acs.rncb.ru:8443; img-src 'self' data: blob: static.beeon.ru cms.cdn.beeon.ru qrify.fintechiq.ru mc.yandex.ru mc.yandex.com uaas.yandex.ru top-fwz1.mail.ru *.google.ru www.google.com *.google.com *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.uxfeedback.ru *.v2.flomni.com; media-src 'self' data: jivo.ru i.v2.flomni.com i.flomni.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.gstatic.com *.google.com cem.fintechiq.ru code.jquery.com code.jivo.ru pixel.scoring.ru pixel.kbki.ru score.juicyscore.com *.googletagmanager.com ajax.googleapis.com *.google-analytics.com mc.yandex.ru mc.yandex.com *.s3.yandex.net i.v2.flomni.com i.flomni.com push4site.com web-zaim.push4site.com cdn.uxfeedback.ru top-fwz1.mail.ru privacy-cs.mail.ru; style-src 'self' 'unsafe-inline' 'report-sample' cdnjs.cloudflare.com fonts.googleapis.com code.jivo.ru i.v2.flomni.com i.flomni.com push4site.com cdn.uxfeedback.ru; connect-src 'self' web-zaim.ru sentry.webzaim.tech cem.fintechiq.ru *.yandex.ru mc.yandex.com ymetrica1.com yandexmetrica.com:* *.analytics.google.com analytics.google.com www.google.ru www.google-analytics.com adservice.google.com www.googleadservices.com *.juicyscore.com *.jivo.ru *.jivosite.com top-fwz1.mail.ru privacy-cs.mail.ru rs.mail.ru pixel.scoring.ru stats.g.doubleclick.net i.flomni.com *.v2.flomni.com wss://link.v2.flomni.com push4site.com web-zaim.push4site.com widget-api.uxfeedback.ru; report-uri /csp-report; report-to default; 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://comparaiso.es/report-uri/enforce 1
default-src 'self' https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.google.com https://*.googleusercontent.com https://*.doubleclick.net https://code.jquery.com https://*.gstatic.com https://*.amazonaws.com  https://*.fontawesome.com https://*.ysl.nl https://*.facebook.com https://*.facebook.net https://*.licdn.com https://*.linkedin.com https://*.werkenbijjobsrepublic.nl; script-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.google.com https://*.googleusercontent.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.doubleclick.net https://code.jquery.com https://*.gstatic.com https://*.amazonaws.com  https://*.fontawesome.com https://*.ysl.nl https://*.facebook.com https://*.facebook.net https://*.licdn.com https://*.linkedin.com https://*.werkenbijjobsrepublic.nl; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com  https://*.fonts.com/ https://*.fonts.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.google.com https://*.googleusercontent.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.doubleclick.net https://code.jquery.com https://*.gstatic.com https://*.amazonaws.com  https://*.fontawesome.com https://*.ysl.nl https://*.facebook.com https://*.facebook.net https://*.licdn.com https://*.linkedin.com https://*.werkenbijjobsrepublic.nl; img-src 'self' 'unsafe-inline' data: https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.google.com https://*.googleusercontent.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.doubleclick.net https://code.jquery.com https://*.gstatic.com https://*.amazonaws.com  https://*.fontawesome.com https://*.ysl.nl https://*.facebook.com https://*.facebook.net https://*.licdn.com https://*.linkedin.com https://*.werkenbijjobsrepublic.nl; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com  https://*.fonts.com/ https://*.fonts.gstatic.com https://*.doubleclick.net https://code.jquery.com https://*.gstatic.com https://*.amazonaws.com  https://*.fontawesome.com https://*.ysl.nl https://*.facebook.com https://*.facebook.net https://*.licdn.com https://*.linkedin.com https://*.werkenbijjobsrepublic.nl; object-src 'none'; media-src 'self'; frame-ancestors 'self'  https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.google.com https://*.googleusercontent.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com; frame-src 'self' https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.google.com https://*.googleusercontent.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com; base-uri 'self'; connect-src 'self' ws: wss: data: blob: https://ysl.proudreports.nl https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.google.com https://*.googleusercontent.com https://*.doubleclick.net https://code.jquery.com https://*.gstatic.com https://*.amazonaws.com  https://*.fontawesome.com https://*.ysl.nl https://*.facebook.com https://*.facebook.net https://*.licdn.com https://*.linkedin.com https://*.werkenbijjobsrepublic.nl; report-uri https://ysl.proudreports.nl/report.php; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://ajax.googleapis.com; 1
default-src 'self' forms.hscollectedforms.net forms-na1.hsforms.com ps.w.org ajax.googleapis.com bcp.crwdcntrl.net crwdcntrl.net www.google.com www.google.cn sync.sharethis.com cdnjs.cloudflare.com maps.googleapis.com www.google-analytics.com analytics.google.com www.elegantthemes.com content.wuxibiologics.com www.wuxibiologics.com apcn006.wpengine.com online.flippingbook.com flippingbook.com static.hotjar.com elegantthemes.com hotjar.com www.hotjar.com ws.hotjar.com script.hotjar.com d33i2vgywgme2s.cloudfront.net fbo-b.flippingbook.com    collateral.wuxibiologics.com  ws.hotjar.com surveystats.hotjar.io www.google.ca ws.hotjar.com/api/vs/client/ content.hotjar.io wss://ws.hotjar.com/api/v2/client/ws?v=4  metrics.hotjar.io d17lvj5xn8sco6.cloudfront.net bat.bing.com sync.irasia.com js.hsforms.net vc.hotjar.io hm.baidu.com www.googletagmanager.com platform-cdn.sharethis.com js.hs-scripts.com hq.sinajs.cn platform-api.sharethis.com  gdpr-api.sharethis.com api.irasia.com api.corporateshowcase.com 'unsafe-inline' maxcdn.bootstrapcdn.com bshare.optimix.cn static.bshare.cn www.corporateshowcase.com static.bshare.cn buttons-config.sharethis.com code.jquery.com bshare.optimix.cn publishpress.com fonts.gstatic.com forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com l.sharethis.com c.sharethis.mgr.consensu.org t.sharethis.com app.hubspot.com static.hsappstatic.net js.hs-analytics.net js.hsleadflows.net js.hscollectedforms.net developers.hubspot.com forms.hubspot.com track.hubspot.com js.hs-banner.com pi.pardot.com go.pardot.com stats.g.doubleclick.net fonts.googleapis.com 'unsafe-eval' blob: data: ; 1
default-src vacaf.org *.vacaf.org api-adresse.data.gouv.fr mailto: tel: ; font-src 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' api-adresse.data.gouv.fr; img-src 'self' https://*.openstreetmap.fr https://vacaf.org https://*.vacaf.org data:; frame-ancestors 'self' https://vacaf.org https://*.vacaf.org https://api-adresse.data.gouv.fr; 1
default-src 'self' https://ads.yahoo.com/ https://vimeo.com/ blob: https://www.youtube.com/; connect-src 'self' https://s.yimg.com/ https://cdn.linkedin.oribi.io/ https://www.googleadservices.com/pagead/conversion/ https://www.google.co.in/pagead/attribution/wcm https://google.com/pay https://pay.google.com/ https://in.hotjar.com/api/v2/client/sites/1899954/visit-data https://api.mypurecloud.com.au/ wss://streaming.mypurecloud.com.au/chat/jwt/ https://vc.hotjar.io/sessions/1899954 https://ad.doubleclick.net/ https://www.google.com.au/ https://b.sbox.stats.paypal.com https://assets5.lottiefiles.com/packages/ https://bat.bing.com/ *.visualwebsiteoptimizer.com app.vwo.com https://lm.serving-sys.com/ https://stats.g.doubleclick.net/ https://secure-ds.serving-sys.com/ https://bam.nr-data.net https://payments.braintree-api.com/graphql https://api.braintreegateway.com/ https://client-analytics.braintreegateway.com/ https://www.paypal.com/ https://analytics.google.com/ wss://ws.hotjar.com/ https://content.hotjar.io/ https://px.ads.linkedin.com/ https://www.redditstatic.com/ https://pagead2.googlesyndication.com https://metrics.hotjar.io/ https://www.google.com/pay https://www.facebook.com/tr/ https://pixels.spotify.com/v1/ingest https://pixel-config.reddit.com/pixels/t2_gtwinmfd/config https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' https://apps.mypurecloud.com/ https://fonts.gstatic.com/s/opensans/v34/ https://applepay.cdn-apple.com/jsapi/v1/assets/1.0.0/fonts/ data: https://use.typekit.net/; frame-src 'self' https://pay.google.com/ https://assets.braintreegateway.com/ https://dev.visualwebsiteoptimizer.com/ https://checkout.paypal.com/ https://tsdtocl.com/ https://www.recaptcha.net/ https://player.vimeo.com/ app.vwo.com https://c.paypal.com/ https://www.paypal.com/ https://www.paypalobjects.com/ https://www.youtube.com/ https://www.google.com https://www.facebook.com/ https://td.doubleclick.net/ https://9917932.fls.doubleclick.net/ https://4808515.fls.doubleclick.net/; img-src 'self' https://ads.yahoo.com/cms/v1 https://dev.visualwebsiteoptimizer.com/ https://pixel.quantserve.com/ https://t.myvisualiq.net/ https://sp.analytics.yahoo.com/sp.pl https://s.tribalfusion.com/visitor https://px.ads.linkedin.com/collect https://alb.reddit.com/rp.gif https://cm.g.doubleclick.net/pixel https://bat.bing.com/action/0 https://vxml4.plavxml.com/sited/ref/integration.jsp https://secure.adnxs.com/px https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://b.stats.paypal.com/counter.cgi https://hnd.stats.paypal.com/counter2.cgi https://i.imgur.com/4ywwgvB.png https://www.paypalobjects.com/js-sdk-logos/ data: https://ups.analytics.yahoo.com/ups/57628/sync https://a.tribalfusion.com/i.match https://ads.stickyadstv.com/user-registering https://www.linkedin.com/px/li_sync https://public-prod-dspcookiematching.dmxleo.com/dspreply https://ib.adnxs.com/ https://www.gstatic.com/ https://us-u.openx.net/ https://i.vimeocdn.com/video/ https://assets5.lottiefiles.com/packages/ cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://www.google.com/ads/ga-audiences https://www.google.com/pagead/1p-user-list/ https://www.google.co.in/ https://useruploads.visualwebsiteoptimizer.com/ https://www.google.com.au/ https://dsum-sec.casalemedia.com/rr https://image6.pubmatic.com/ https://pixel.rubiconproject.com/ https://c.paypal.com/ https://t.paypal.com/ https://ad.doubleclick.net/ https://www.facebook.com/ https://ade.googlesyndication.com https://lvs.stats.paypal.com/counter2.cgi https://lhr.stats.paypal.com/counter2.cgi https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet https://c6.paypal.com/v1/r/d/b/p3 https://r1.visualwebsiteoptimizer.com/analyze https://r2.visualwebsiteoptimizer.com/analyze https://r3.visualwebsiteoptimizer.com/analyze https://px4.ads.linkedin.com/collect https://www.google-analytics.com https://www.googletagmanager.com; manifest-src 'self' https://pay.google.com; object-src 'none'; script-src 'self' 'strict-dynamic' 'nonce-rAnd0m123' 'report-sample' https://www.google.com/recaptcha/api.js; script-src-elem 'self' 'unsafe-inline' https://www.googleadservices.com/pagead/conversion/ https://bs.serving-sys.com/Serving https://www.recaptcha.net/recaptcha/api.js https://player.vimeo.com/api/player.js https://stats.g.doubleclick.net/j/collect https://bam.nr-data.net/events/1/NRJS-d8c45026f403048202f https://www.paypalobjects.com/muse/muse.js https://hello.myfonts.net/count/3b2f3c https://bat.bing.com/bat.js https://dev.visualwebsiteoptimizer.com/ https://static.hotjar.com/c/hotjar-1899954.js https://vars.hotjar.com/box-63c3a81830bf549dafe40b369003f751.html https://secure.quantserve.com/quant.js https://bat.bing.com/p/action/23007079.js https://pixel.quantserve.com/pixel/p-DqjwyNPDmH5zE.gif https://c.paypal.com/da/r/fb.js https://a.tribalfusion.com/pixel/tags/Simply%20Energy/792833/pixel.js https://www.gstatic.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://vxml4.plavxml.com/sited/ref/ https://vt.myvisualiq.net/2/uNcuvNOEiN4QQyR43MfVWA%3D%3D/vt-365.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://t.myvisualiq.net/impression_pixel https://t.myvisualiq.net/sync https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js https://script.hotjar.com/ https://s.yimg.com/wi/ytc.js https://s.tribalfusion.com/displayAd.js https://rules.quantcount.com/rules-p-DqjwyNPDmH5zE.js https://apps.mypurecloud.com.au/widgets/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://connect.facebook.net/signals/config/160161931353827 https://connect.facebook.net/en_US/fbevents.js https://www.redditstatic.com/ads/pixel.js https://connect.facebook.net/signals/config/1819284704803383 https://js-agent.newrelic.com https://www.paypal.com/ https://www.youtube.com/ https://www.google.com/recaptcha/api.js https://pay.google.com/gp/p/js/pay.js https://js.braintreegateway.com/web/3.87.0/js/client.min.js https://www.google.com/pay https://js.braintreegateway.com/web/3.87.0/js/data-collector.min.js https://js.braintreegateway.com/web/3.87.0/js/hosted-fields.min.js https://js.braintreegateway.com/web/3.87.0/js/paypal-checkout.min.js https://js.braintreegateway.com/web/3.87.0/js/google-payment.min.js https://js.braintreegateway.com/web/3.87.0/js/apple-pay.min.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://pixel.byspotify.com/ping.min.js; style-src 'self' 'unsafe-inline' 'unsafe-hashes' 'report-sample' https://hello.myfonts.net/count/3b2f3c https://apps.mypurecloud.com/webfonts/roboto.css https://fonts.googleapis.com/css2 *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com https://use.typekit.net/pup6vyc.css https://p.typekit.net/p.css; worker-src 'self' blob:; base-uri 'none'; form-action 'self' https://www.facebook.com/tr/ https://dev.visualwebsiteoptimizer.com/; frame-ancestors 'self' https://hansencis.se.hsntech.com/ https://cpq.se.hsntech.com/ https://hpg-prod.se.hsntech.com/ https://hansencis.engie.delivery.hansencx.com/ https://cpq.engie.delivery.hansencx.com/ https://hpg-prod.engie.delivery.hansencx.com/ https://hansencis-dr.se.hsntech.com/ https://hpg-dr.se.hsntech.com/ https://cpq-dr.se.hsntech.com/ https://hansencis-dr.engie.delivery.hansencx.com/ https://hpg-dr.engie.delivery.hansencx.com/ https://cpq-dr.engie.delivery.hansencx.com/ https://myengie.engie.com.au https://simplyenergy.lightning.force.com https://simplyenergy.my.salesforce.com https://myaccount.simplyenergy.com.au https://se10.smartcmobile.com; upgrade-insecure-requests 1
default-src * 'self' 'unsafe-inline' data: gap: content:; script-src 'self' 'nonce-M2NhOTg2NzAtZDFiMy00MjA2LWIyMzctYjAwNDA1YmM4ZmU1' 'strict-dynamic' ajax.cloudflare.com widget.slinger.to ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://widget.slinger.to; img-src 'self' blob: data: mywheels.nl prod-api.mywheels.nl market-assets.strapi.io https://*.amazonaws.com https://*.media.strapiapp.com https://*.hsforms.com https://*.hubspot.com https://*.ads.linkedin.com https://www.facebook.com https://www.googletagmanager.com http://127.0.0.1:1337 https://*.ytimg.com; font-src 'self' https://fonts.gstatic.com; frame-src challenges.cloudflare.com https://www.facebook.com https://*.hsforms.com wdgt.slinger.to https://www.youtube-nocookie.com; object-src 'none'; worker-src 'self' blob:; base-uri 'self'; form-action 'self' https://www.facebook.com https://*.hsforms.com https://widget.slinger.to; frame-ancestors 'none'; upgrade-insecure-requests; connect-src 'self' https: prod-api.mywheels.nl mywheels.nl 1
default-src 'self'; base-uri 'self'; img-src * data: https://meierijstad.containers.piwik.pro https://meierijstad.piwik.pro https://eu.cdn.kleksi.com https://kleksi.com https://*.kleksi.com; frame-src 'self' https://kaartapi.nl https://www.kaartapi.nl https://websurveys2.govmetric.com https://app-eu.readspeaker.com https://www.youtube-nocookie.com https://www.youtube.com https://content.googleapis.com/ https://vars.hotjar.com https://gemeente-meierijstad.email-provider.nl https://embed.email-provider.eu https://anchor.fm https://drive.google.com https://oplaadpalen.nl/ https://www.google.com/maps/ https://player.vimeo.com/ https://podcasters.spotify.com/; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob:; script-src 'self' 'nonce-MTAzOGMwYTQtN2Y2Yi00NjFmLThmZjQtZTc4ZDZjZWY3YmZm' https://stats.pusher.com https://www.browsealoud.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://websurveys2.govmetric.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://cdn-eu.readspeaker.com https://virtuele-gemeente-assistent.nl https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com https://virtuele-gemeente-assistent.nl https://gemeente-meierijstad.email-provider.nl https://embed.email-provider.eu https://meierijstad.containers.piwik.pro https://eu.cdn.kleksi.com; connect-src 'self' https://sockjs-eu.pusher.com wss://ws-eu.pusher.com https://vttts-eu.readspeaker.com https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://wrapi-eu.readspeaker.com https://www.browsealoud.com https://plus.browsealoud.com https://speech.speechstream.net https://speech-eu.speechstream.net https://www.google-analytics.com https://maps.googleapis.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.obi4wan.ai https://app-eu.readspeaker.com/ https://hitcounter.govmetric.com https://platform.hireserve.nl/ https://cdn1.readspeaker.com https://maps.googleapis.com https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl ws://virtuele-gemeente-assistent.nl https://in.hotjar.com https://www.facebook.com https://cdn.linkedin.oribi.io https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl https://embed.email-provider.eu https://anchor.fm https://meierijstad.containers.piwik.pro https://meierijstad.piwik.pro https://eu.cdn.kleksi.com https://eu.api.kleksi.com https://*.unpkg.com https://unpkg.com; object-src 'self' https://kaartapi.nl https://www.kaartapi.nl; style-src 'self' data: 'nonce-MTAzOGMwYTQtN2Y2Yi00NjFmLThmZjQtZTc4ZDZjZWY3YmZm' https://fonts.googleapis.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://websurveys2.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://maps.googleapis.com/ https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://embed.email-provider.eu https://meierijstad.containers.piwik.pro https://meierijstad.piwik.pro https://eu.cdn.kleksi.com; font-src 'self' data: https://fonts.gstatic.com https://cdn1.readspeaker.com https://script.hotjar.com https://meierijstad.containers.piwik.pro https://meierijstad.piwik.pro https://eu.cdn.kleksi.com;  1
frame-ancestors 'self' *.lookbookhq.com *.pathfactory.com *.bizzdesign.com http://bizzDesign.lookbookhq.com https://bizzDesign.lookbookhq.com http://bizzDesign.pathfactory.com https://bizzDesign.pathfactory.com http://resources.bizzDesign.com https://resources.bizzDesign.com bizzdesign-academy.com *.bizzdesign-academy.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: translate.google.com www.googletagmanager.com *.analytics.google.com cdn.honey.io *.www.googletagmanager.com cdn.jsdelivr.net www.google.com.au browser-update.org youtube.com *.doubleclick.net img.youtube.com www.google-analytics.com *.region1.analytics.google.com www.youtube.com *.googleapis.com www.google.fr www.google.co.uk www.google.com.mx *.alicdn.com region1.analytics.google.com analytics.google.com *.facebook.com www.google.ca *.gstatic.com mcap.com code.jquery.com *.facebook.net myhome.mcap.com www.google.com *.www.google-analytics.com; frame-ancestors 'self' www.myhome.mcap.com www.mcap.com www.mamaison.mcap.com ;  1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fonts.gstatic.com 'self' data: *.hotjar.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com data: 'self' 'unsafe-inline'; form-action *.paypal.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com google.com *.google.com *.googletagmanager.com *.authorize.net *.hotjar.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.googleapis.com *.google.com *.googleusercontent.com *.hsforms.net *.hsforms.com 'self' data: *.hotjar.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.cheneliere.ca *.somabec.com *.editionscaractere.com *.erpi.com *.tcmediaelt.com *.cloudfront.net *.zopim.com *.zopim.io cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.googleapis.com *.gstatic.com *.ggpht.com *.googleusercontent.com *.googletagmanager.com *.authorize.net sandbox-assets.secure.checkout.visa.com *.hsforms.net *.hsforms.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.hotjar.com *.cloudfront.net *.zdassets.com *.zopim.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com https://cdn.cookielaw.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.hotjar.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com *.gstatic.com *.authorize.net t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com bam.nr-data.net bam-cell.nr-data.net *.hotjar.com wss://*.hotjar.io wss://*.hotjar.com *.hotjar.io *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.amazonaws.com *.pearsonerpi.com *.tcerpi.com *.zdassets.com *.zendesk.com zendesk-eu.my.sentry.io *.zopim.com *.zopim.io wss://widget-mediator.zopim.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' content.delivery.nsinternational.com;connect-src 'self' *.nsinternational.com browser-intake-datadoghq.eu www.datadoghq-browser-agent.com *.enterprisebot.co ws://*.enterprisebot.co www.google-analytics.com region1.google-analytics.com www.google.com www.google.nl stats.g.doubleclick.net googleads.g.doubleclick.net ad.doubleclick.net *.ns.nl *.blueconic.net *.optimizely.com o71339.ingest.sentry.io maps.googleapis.com www.googletagmanager.com www.googleadservices.com adservice.google.com api-prd.kpn.com *.usabilla.com www.facebook.com edge.api.brightcove.com manifest.prod.boltdns.net *.brightcovecdn.com ts.tradetracker.net t.co analytics.twitter.com bat.bing.com mail.nsinternational.nl d6tizftlrpuof.cloudfront.net *.r42tag.com region1.analytics.google.com data:;frame-src 'self' www.google.com recaptcha.google.com t.svtrd.com d6tizftlrpuof.cloudfront.net a7779470749.cdn.optimizely.com ezvr.nl roundme.com translate.googleapis.com translate.google.com;font-src 'self' content.delivery.nsinternational.com *.ns.nl *.enterprisebot.co d6tizftlrpuof.cloudfront.net fonts.gstatic.com data:;worker-src 'self' content.delivery.nsinternational.com blob:;img-src 'self' fonts.gstatic.com www.googletagmanager.com *.enterprisebot.co ad.doubleclick.net content.delivery.nsinternational.com d6tizftlrpuof.cloudfront.net googleads.g.doubleclick.net b339.nsinternational.com nshispeed.blueconic.net w.usabilla.com www.facebook.com *.google-analytics.com www.google.com www.google.nl www.google.be www.google.de www.google.fr www.google.co.uk www.google.ie www.googleadservices.com maps.gstatic.com maps.googleapis.com adservice.google.com adservice.google.nl adservice.google.be analytics.twitter.com t.co ts.tradetracker.net bat.bing.com *.boltdns.net plugins.blueconic.net translate.google.com *.r42tag.com data:;media-src 'self' content.delivery.nsinternational.com manifest.prod.boltdns.net *.brightcovecdn.com blob:;script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.gstatic.com admin.relay42.com www.datadoghq-browser-agent.com *.enterprisebot.co api.usabilla.com cdn.blueconic.net/nshispeed.js b339.nsinternational.com nshispeed.blueconic.net plugins.blueconic.net cdn.optimizely.com/js/12346740180.js content.delivery.nsinternational.com *.r42tag.com w.usabilla.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com d6tizftlrpuof.cloudfront.net code.jquery.com players.brightcove.net vjs.zencdn.net translate.googleapis.com translate.google.com;style-src 'self' 'unsafe-inline' content.delivery.nsinternational.com www.googletagmanager.com *.enterprisebot.co d6tizftlrpuof.cloudfront.net fonts.googleapis.com b339.nsinternational.com plugins.blueconic.net;object-src 'none';form-action 'self' t.svtrd.com/structure-collection;frame-ancestors 'self' b339.nsinternational.com nshispeed.blueconic.net;upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://api.scb10x.com https://www.youtube.com https://www.googletagmanager.com; frame-src 'self' https://www.youtube.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*.ytimg.com; connect-src 'self' https://api.scb10x.com https://www.google-analytics.com; media-src 'self' data:; object-src 'none'; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; font-src 'self' data:; 1
base-uri 'self'; default-src 'self' 'nonce-NjZhMmY3YjE1MTk3MA=='; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'nonce-NjZhMmY3YjE1MTk3MA=='; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://*.cloudfront.net 'nonce-NjZhMmY3YjE1MTk3MA=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net; img-src 'self' https://*.bing.com https://*.clarity.ms https://cdn.wisepops.com https://maps.gstatic.com https://*.googleapis.com https://www.facebook.com https://www.google.com https://www.google.co.uk https://www.googletagmanager.com https://www.google-analytics.com https://*.cloudfront.net https://tracking.wisepops.com https://cdn.wisepops.com https://tracking.wisepops.com https://dx4nr741tfc02.cloudfront.net https://wisp-production-storage.s3.amazonaws.com https://cdn.wisepops.net https://*.cookiepro.com data: https://cdn.jsdelivr.net 'nonce-NjZhMmY3YjE1MTk3MA=='; child-src 'none'; object-src 'none'; frame-src https://service.pcibooking.net https://*.notifications.wisepops.com https://*.wisepops.net *; frame-ancestors 'self' https://*.i-escape.com; connect-src 'self' https://*.bing.com https://*.clarity.ms https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.facebook.net https://*.facebook.com https://*.freshrelevance.com wss://*.freshrelevance.com https://*.cloudfront.net https://*.dycdn.net https://activity.wisepops.com https://popup.wisepops.com https://tracking.wisepops.com https://app.getwisp.co https://*.wisepops.net https://wisepops.net https://*.wisepops.com https://*.google-analytics.com https://*.analytics.google.com https://*.googlesyndication.com https://maps.googleapis.com https://stats.g.doubleclick.net https://*.cookiepro.com https://*.onetrust.com https://ct.pinterest.com; 1
default-src 'self' *.userway.org *.qualified.com *.googletagmanager.com *.lendistry.com *.mylendistry.com *.googleapis.com *.facebook.com *.gstatic.com *.google.com *.wpengine.com  *.thecenterbylendistry.org lendistry.com mylendistry.com thecenterbylendistry.org; script-src 'self' *.googleadservices.com *.userway.org *.rfihub.net *.qualified.com *.googletagmanager.com *.facebook.net *.rlets.com *.google.com *.googleapis.com *.doubleclick.net *.bing.com accessibilityserver.org snap.licdn.com *.redditstatic.com  *.google-analytics.com *.ads-twitter.com *.adsrvr.org *.stackadapt.com *.wpengine.com *.mylendistry.com *.lendistry.com *.thecenterbylendistry.org lendistry.com mylendistry.com thecenterbylendistry.org *.cloudflare.com instant.page *.jsdelivr.net *.vimeocdn.com *.vimeo.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src  'self'  *.googletagmanager.com *.bootstrapcdn.com *.googleapis.com  *.userway.org *.gstatic.com  *.typekit.net *.stackadapt.com *.wpengine.com *.lendistry.com *.mylendistry.com *.thecenterbylendistry.org lendistry.com mylendistry.com thecenterbylendistry.org *.cloudflare.com *.jsdelivr.net 'unsafe-inline' ; base-uri 'self'; connect-src 'self' *.rlets.com https://api.userway.org https://cdn.userway.org https://cdn77.api.userway.org https://www.google-analytics.com wss://ws.qualified.com https://capture-api.reachlocalservices.com *.googleapis.com *.localiq.com *.linkedin.com *.reddit.com *.redditstatic.com *.google.com *.doubleclick.net *.stackadapt.com *.salesforce.com *.wpengine.com *.lendistry.com *.mylendistry.com *.thecenterbylendistry.org lendistry.com mylendistry.com thecenterbylendistry.org; font-src 'self' *.bootstrapcdn.com *.gstatic.com *.userway.org *.wpengine.com  *.lendistry.com *.mylendistry.com *.thecenterbylendistry.org  lendistry.com mylendistry.com thecenterbylendistry.org *.typekit.net *.cloudflare.com *.jsdelivr.net data:; frame-src 'self' *.google.com  *.qualified.com *.vimeo.com *.rlets.com *.doubleclick.net *.rfihub.com *.youtube.com *.userway.org *.adsrvr.org *.salesforce.com *.wpengine.com *.lendistry.com *.mylendistry.com *.thecenterbylendistry.org lendistry.com mylendistry.com thecenterbylendistry.org *.amazonaws.com; img-src 'self' googleads.g.doubleclick.net *.userway.org *.weglot.com *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.bing.com *.wpengine.com arttrk.com *.linkedin.com *.reddit.com *.rlets.com *.gravatar.com *.googletagmanager.com *.google-analytics.com t.co *.twitter.com *.wpengine.com *.lendistry.com *.mylendistry.com *.thecenterbylendistry.org lendistry.com mylendistry.com thecenterbylendistry.org *.crwdcntrl.net *.wpenginepowered.com data: ; media-src * data:; manifest-src 'self'; worker-src 'self' lendistry.com *.wpengine.com *.lendistry.com *.mylendistry.com *.thecenterbylendistry.org  lendistry.com mylendistry.com thecenterbylendistry.org data: blob:; 1
child-src 'self' *.lightning.force.com *.pendo.io *.greenhouse.io *.google.com *.vimeo.com *.isnetworld.com *.mypurecloud.com; frame-ancestors 'self' *.lightning.force.com; form-action 'self'; 1
default-src 'self' https: blob: data:; script-src 'self' 'unsafe-eval' 'nonce-jKuC9TN2JTtypqz93zp50BEJ9IAZvPVs' https://g9904216750.co  https://defaultb41b72d04e9f4c268a69f949f367c9.1d.environment.api.powerplatform.com https://cdn.botframework.com https://sc.pages04.net https://siteintercept.allegiancetech.com https://googletagmanager.com https://tagmanager.google.com https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://www.clarity.ms https://connect.facebook.net https://ajax.googleapis.com https://analytics.kaltura.com https://api.peer5.com https://bat.bing.com https://cdnapisec.kaltura.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://players.brightcove.net https://s7.addthis.com https://secure.perk0mean.com https://static.cloud.coveo.com  https://platform.cloud.coveo.com https://tag.demandbase.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com players.brightcove.net vjs.zencdn.net https://*.sharethis.com https://snap.licdn.com; img-src https://dc.ads.linkedin.com https://secure.perk0mean.com https://www.facebook.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com 'self' https: blob: data: https://adservice.google.com https://*.analytics.google.com; object-src https://fonts.gstatic.com https://players.brightcove.net; connect-src wss://europe.directline.botframework.com https://europe.directline.botframework.com https://defaultb41b72d04e9f4c268a69f949f367c9.1d.environment.api.powerplatform.com https://*.clarity.ms https://*.cookiepro.com https://*.onetrust.com https://px.ads.linkedin.com https://platform.cloud.coveo.com https://*.sharethis.com https://*.googlesyndication.com https://*.google.com https://google.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com adservice.google.com 'self' *.boltdns.net https://*.brightcove.net https://*.brightcove.com https://edge.api.brightcove.com *.akamaihd.net https://bcp.crwdcntrl.net https://www.facebook.com https://*.facebook.net https://segments.company-target.com; style-src https://siteintercept.allegiancetech.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com 'self' 'unsafe-inline' players.brightcove.net https://fonts.googleapis.com https://fonts.gstatic.com https://static.cloud.coveo.com; font-src https://fonts.gstatic.com https://staticdev.cloud.coveo.com https://static.cloud.coveo.com https://fonts.gstatic.com 'self' data: players.brightcove.net; base-uri 'self'; worker-src blob:; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com; child-src 'self' https://cookie-cdn.cookiepro.com https://players.brightcove.net https://platform.cloud.coveo.com https://www.google.com; frame-src 'self' https://cms.slb.com https://*.sharethis.com https://*.google.com https://*.analytics.google.com https://td.doubleclick.net https://www.arcgis.com https://www.facebook.com https://adservice.google.com https://players.brightcove.net https://cdnapisec.kaltura.com; 1
upgrade-insecure-requests  ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.lytics.io *.pricespider.com *.mapbox.com *.salesforce.com service.force.com blob: *.my.salesforce-sites.com consumersupport.pg.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com cdn.pricespider.com cdn.cookielaw.org script.crazyegg.com *.adsrvr.org connect.facebook.net *.moatads.com *.segment.com pghub.io *.lytics.io *.pricespider.com cdnjs.cloudflare.com *.mapbox.com *.iesnare.com api.ipify.org *.jebbit.com *.doubleclick.net www.google-analytics.com *.youtube.com service.force.com *.salesforce.com *.salesforceliveagent.com static.lightning.force.com *.my.salesforce-sites.com consumersupport.pg.com feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.adsrvr.org feed.pghub.io jebbit.tide.com consumersupport.pg.com www.facebook.com www.youtube.com *.doubleclick.net *.salesforce.com service.force.com pandg.tapad.com ; img-src 'self' data: images.ctfassets.net *.tapad.com *.akamaihd.net *.moatads.com www.facebook.com *.lytics.io *.pricespider.com *.mapbox.com *.ytimg.com www.googletagmanager.com *.youtube.com www.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io ; connect-src 'self' cdn.cookielaw.org *.crazyegg.com *.doubleclick.net *.adsrvr.org *.segment.io *.segment.com *.onetrust.com *.algolianet.com *.algolia.net *.pricespider.com *.contentful.com *.iesnare.com *.jebbit.com *.googlesyndication.com *.google-analytics.com wss: *.iesnare.com *.mapbox.com *.i1.ytimg.com *.img.youtube.com *.my.salesforce-sites.com consumersupport.pg.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
frame-ancestors *.absglobal.com  localhost:44361 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com www.tjk-njk.com *.exoclick.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.blacktube.com/csp-reports; report-to csp-endpoint 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://slides.growth.design https://ajax.googleapis.com fast.wistia.com https://growth.design https://va.vercel-scripts.com; child-src blob:; style-src 'self' 'unsafe-inline' https://growth.design https://fonts.googleapis.com; font-src 'self' data: https://*.wistia.com https://growth.design https://fonts.gstatic.com; img-src 'self' data: blob: https://growth.design https://userimg-assets.customeriomail.com https://embed-ssl.wistia.com https://fast.wistia.com https://embedwistia-a.akamaihd.net https://s3.amazonaws.com; form-action 'self' https://checkout.stripe.com; frame-ancestors 'self' https://slides.growth.design ; frame-src 'self' https://slides.growth.design https://www.google.com https://growthdesign.slides.com https://cloud.protopie.io; connect-src 'self' https://api.growth.design https://*.wistia.com https://embedwistia-a.akamaihd.net https://*.litix.io https://api.glitch.com https://vitals.vercel-insights.com; media-src 'self' blob: https://s3.amazonaws.com; object-src 'self' data:; 1
frame-ancestors 'self' *.thethirdwave.co ajax.cloudflare.com 1
default-src 'self';    script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com      connect.facebook.net www.locrating.com clients.yomdel.com *.livechatinc.com cdn.jsdelivr.net cdnjs.cloudflare.com      *.matomo.cloud www.youtube.com *.vimeocdn.com bymtrackinglive.azurewebsites.net;    style-src 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com *.gstatic.com *.typekit.net rettie.matomo.cloud;    img-src 'self' data: https: blob: rettiecdn.co.uk;    connect-src 'self' https:;    font-src 'self' data: https:;    object-src 'self';    media-src 'self' data: www.youtube.com vimeo.com *.cloudflarestream.com;    manifest-src 'self';    frame-src 'self' www.youtube-nocookie.com *.youtube.com player.vimeo.com *.google.com infogram.com *.infogram.com      www.facebook.com *.soundcloud.com *.cloudflarestream.com my.matterport.com schools.locrating.com *.livechatinc.com      td.doubleclick.net www.googletagmanager.com;    form-action 'self' www.facebook.com;    base-uri 'self' rettie.matomo.cloud;    worker-src blob:;    child-src blob:;    frame-ancestors 'self';    report-to default;    report-uri https://nbcom.report-uri.com/r/d/csp/enforce 1
frame-ancestors *.yandex.ru 1
default-src 'none'; script-src 'self' 'sha256-+bciAoXo8tqxurJAfFdRHhPFvC+ti9sSCf6nP1Mq0zk='; style-src 'self' data: 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self'; media-src 'self' data: blob:; object-src 'self'; child-src 'none'; frame-src 'none'; worker-src 'self'; frame-ancestors 'none'; form-action 'self' https://docs.immerda.ch/de/search; base-uri 'self'; manifest-src 'none'; report-uri https://csp-report.immerda.ch/report.php; upgrade-insecure-requests; block-all-mixed-content 1
img-src 'self'; style-src 'self' 'unsafe-inline'; default-src 'none'; form-action 'none'; frame-ancestors 'none'; 1
frame-ancestors 'self' *.cbg.nl *.cbg.outsite.app; connect-src 'self' releases.wagtail.org *.wiewaswie.nl stamboomnederland.nl *.stamboomnederland.nl webservices.picturae.com *.google-analytics.com *.googletagmanager.com; frame-src 'self' *.cbg.nl *.cbg.outsite.app; style-src 'self' 'unsafe-inline' *.cbg.nl fonts.googleapis.com; font-src 'self' data: *.cbg.nl; default-src 'self' *.cbg.outsite.app; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cbg.nl webservices.picturae.com *.wiewaswie.nl stamboomnederland.nl *.stamboomnederland.nl *.google-analytics.com *.googletagmanager.com; img-src 'self' data: *.cbg.nl *.cbg.outsite.app images.memorix.nl www.gravatar.com *.googletagmanager.com 1
default-src 'none'; base-uri 'self'; form-action 'self'; frame-src 'self' https://*.stripe.com https://js.stripe.com https://hooks.stripe.com; connect-src 'self'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'nonce-QhHBpjoH9eFSHHLw7fyLKQQb' 'sha256-ZqyIDH2pz2dabHLATvIMI+M5z7jjrcquw5wyjnaWtzy=' https://js.stripe.com; img-src 'self' data:; 1
'self' cdn.naftonline.ir; 1
font-src use.fontawesome.com affect3dstore.com *.fontawesome.com *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.google.com *.youtube.com maps.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com wnu.com https://plumrocket.com *.twitter.com *.google.com *.youtube.com maps.googleapis.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ cdn-pub.affect3d.com cdn-pub-ovh.affect3d.com stage.api.centrobill.com stage.pay.centrobill.com api.centrobill.com pay.centrobill.com https://plumrocket.com *.twitter.com *.google.com maps.googleapis.com api.shift4.com js.dev.shift4.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io affect3dstore.com affect3d.com cdn-pub.affect3d.com blob: pay.wnu.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com maps.googleapis.com t.dev.shift4.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.noibu.com affect3dstore.com *.hotjar.com pay.wnu.com *.fontawesome.com *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.google.com maps.googleapis.com js.dev.shift4.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src use.fontawesome.com affect3dstore.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src cdn-pub.affect3d.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.doubleclick.net wss://input.noibu.com https://input.noibu.com affect3dstore.com *.hotjar.io wss://*.hotjar.com api.centrobill.com stage.api.centrobill.com https://api.userinfo.io *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.youtube.com maps.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src *; script-src 'self' 'unsafe-inline'; worker-src 'self' blob:; child-src 'self'; style-src 'self' 'unsafe-inline'; manifest-src 'self'; connect-src *; font-src 'self' data:; img-src * data:; frame-src 'self' https://connect.trezor.io https://beta.mycrypto.com https://github.proxy.mycryptoapi.com https://analytics.proxy.mycryptoapi.com; frame-ancestors 'self' https://mycrypto.com https://app.mycrypto.com https://github.proxy.mycryptoapi.com https://analytics.proxy.mycryptoapi.com 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://jf.x.com https://jf.twitter.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com ws://localhost:8008/v2/ipc https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com https://localhost.twitter.com:3443 https://localhost.x.com:3443; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://static.ads-twitter.com  'nonce-M2JjZTdkY2EtMTFmOS00NGRjLTk4ZDgtMzIxMWVhN2UzNzhk'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
default-src 'self';script-src 'self' 'unsafe-inline';script-src-attr 'self' 'unsafe-inline';style-src 'self' https: 'unsafe-inline' *.typography.com *.googleapis.com;font-src 'self' https: data:;form-action 'self' https:;base-uri 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';upgrade-insecure-requests 1
default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src *; frame-src *; img-src data: *; media-src *; object-src *; 1
default-src 'self'; child-src 'self' blob: data: cdn.lightwidget.com player.vimeo.com  www.youtube.com  www.youtube-nocookie.com play.guidingtube.com maps.google.com maps.google.nl www.google.com *.vimeocdn.com player.vimeo.com vimeo.com  indiveo.services; connect-src 'self' vimeo.com; font-src 'self' data: fonts.gstatic.com ;  img-src 'self' data: blob: pbs.twimg.com i.ytimg.com www.google-analytics.com img.youtube.com i.vimeocdn.com indiveo.services;  media-src 'self'; object-src 'none'; script-src 'self' 'nonce-b17a3592-aa79-4f31-9626-86635a2bf09f' maps.google.nl code.highcharts.com fonts.googleapis.com fonts.gstatic.com f.vimeocdn.com i.vimeocdn.com cdn.lightwidget.com; style-src 'self' 'nonce-b17a3592-aa79-4f31-9626-86635a2bf09f';  base-uri 'self'; form-action 'self' ezorg.zgv.nl; frame-ancestors 'self'; upgrade-insecure-requests; 1
default-src 'self' *.facebook.net *.kvantum-app.com wss://*.visitors.live *.luckyorange.com *.google.co.il *.googleoptimize.com wss://collection.decibelinsight.net collection.decibelinsight.net tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx analytics.tiktok.com voices.s1gateway.com *.webeyez.com *.crwdcntrl.net *.braze.com wss://*.hotjar.com *.googleadservices.com *.indigitall.com consentcdn.cookiebot.com *.browser-intake-datadoghq.eu *.g.doubleclick.net *.bringg.com *.ubereats.com *.adyen.com *.oppwa.com *.onetrust.com cdn.cookielaw.org *.browser-intake-datadoghq.com *.googleapis.com wss://ws.inspectlet.com *.inspectlet.com *.google-analytics.com *.datadoghq.com *.datadoghq.eu *.browser-intake-datadoghq.eu *.hotjar.com *.googletagmanager.com *.googleusercontent.com *.lr-ingest.io *.lji.li *.tictuk.com *.facebook.com *.google.com pay.payphonetodoesposible.com data:;frame-src 'self' *arcot.com *.nutritionix.com lili.ly *.webeyez.com voices.s1gateway.com *.amazon-adsystem.com *.crwdcntrl.net *.mathtag.com *.doubleclick.net docs.google.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx *.prb.com.mx:* consentcdn.cookiebot.com *.tracker.dragontail.com *.youtube.com *.bringg.com *.ubereats.com *.uber.com *.adyen.com *.oppwa.com *.payeezy.com authentication.cardinalcommerce.com aacsw.3ds.verifiedbyvisa.com ecom.eglobal.com.mx *.modirum.com *.ipg-online.com pay.payphonetodoesposible.com *.mercadopago.com.co *.hotjar.com *.facebook.com *.cardnet.com.do; object-src 'self' kfc.com.mx *.kfc.com.mx *.tictuk.com tacobell.ca *.tacobell.ca *.tictuk.com;style-src 'self' 'unsafe-inline' voices.s1gateway.com use.fontawesome.com www.googletagmanager.com *.adyen.com *.oppwa.com *.lji.li *.tictuk.com fonts.googleapis.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.kfcbotswana.com *.luckyorange.com *.googleoptimize.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx cdn.decibelinsight.net voices.s1gateway.com analytics.tiktok.com *.webeyez.com *.pizzahut.com.ec *.crwdcntrl.net *.mathtag.com  *.gstatic.com *.g.doubleclick.net *.googleadservices.com *.cookiebot.com *.appboycdn.com *.adyen.com *.oppwa.com *.onetrust.com cdn.cookielaw.org *.maps.yandex.net yastatic.net *.yandex.ru yandex.ru *.payeezy.com polyfill.io cdn.inspectlet.com cdn.polyfill.io lab.cardnet.com.do servicios.cardnet.com.do *.google-analytics.com *.hotjar.com *.googletagmanager.com cdn.lr-ingest.io cdn.logrocket.io cdnjs.cloudflare.com *.lji.li *.tictuk.com *.google.com *.facebook.net *.googleapis.com *.facebook.com pay.payphonetodoesposible.com;img-src 'self'  *.kfcbotswana.com *.xilnex.com *.kfc.co.za *.amazon-adsystem.com *.ofisistemas.com:8096 *.kfc-panama.com habit-images.s3.us-east-2.amazonaws.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx *.pizzahut.cl pizzahut.cl *.google.co.uk *.s1gateway.com *.pizzahut.com.mx *.mathtag.com *.ofisistemas.com pizzahut.com.co *.pizzahut.com.co nolocdnmsftaznua.azureedge.net *.indigitall-cdn.com *.g.doubleclick.net *.pizzahut.com.br *.pizzahut.com.ec *.google.com.mx *.google.ca *.google.co.il *.google.es *.google.com.do *.google.com *.google.com.ec *.google.com.br *.pizzahut-tt.com *.tacobell.co.nz *.pizzahut.fi  pizzahut.fi nolocdnmsftus.azureedge.net ros-prd.s3.amazonaws.com *.adyen.com *.cookielaw.org *.maps.yandex.net *.yandex.ru yandex.ru *.kfc.tt *.cognizantorderserv.com connect.facebook.net *.inspectlet.com *.google-analytics.com ph-web-bucket.s3.us-east-2.amazonaws.com *.mobstorm.com images-rest.wixmp.com *.googleusercontent.com *.lji.li *.tictuk.com *.googleapis.com *.cloudfront.net/phws/ *.gstatic.com *.wixstatic.com *.facebook.com test.ipg-online.com data:;font-src 'self' voices.s1gateway.com use.fontawesome.com *.tictuk.com fonts.gstatic.com data:;worker-src 'self' 'unsafe-eval' 'unsafe-inline' *.lji.li *.tictuk.com blob: data:;frame-ancestors 'self' kfc.com.mx *.kfc.com.mx *.ipg-online.com  pay.payphonetodoesposible.com *.lji.li http://local.tictuk.com:8080 *.tictuk.com *.facebook.com *.messenger.com facebook.com messenger.com *.telegram.org telegram.org kfc.cw pizzahut.cw kfc.mystagingwebsite.com ; 1
default-src 'self'; script-src 'self' data: https://www.gstatic.com data: https://form.typeform.com data: https://static.geetest.com data: https://*.hotjar.com data: http://gcaptcha4.geetest.com data: http://gcaptcha4.gsensebot.com data: https://analytics.twitter.com data: https://t.co data: https://connect.facebook.net data: http://gcaptcha4.geetest.com data: http://gcaptcha4.gsensebot.com data: https://connect.facebook.net data: https://connect.facebook.net data: https://static.ads-twitter.com data: http://static.ads-twitter.com data: https://static.ads-twitter.com data: http://gcaptcha4.geevisit.com data: http://static.geetest.com data: http://static.geevisit.com data: http://dn-staticdown.qbox.me data: https://www.googletagmanager.com data: https://www.google-analytics.com data: https://widget.intercom.io data: https://js.intercomcdn.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' data: wss://*.firebaseio.com data: https://*.googleapis.com data: https://www.gstatic.com data: https://*.hyperverge.co data: https://*.amazonaws.com data: https://stats.g.doubleclick.net data: https://vitals.vercel-insights.com/v1/vitals data: https://test-api.difx.com data: http://gcaptcha4.gsensebot.com data: https://*.hotjar.com data: wss://*.hotjar.com data: https://www.facebook.com data: https://*.hotjar.io data: https://api.digitalfinancialexchange.com data: wss://test-api.difx.com data: wss://api.digitalfinancialexchange.com data: https://api-iam.intercom.io data: wss://nexus-websocket-a.intercom.io data: https://o1100856.ingest.sentry.io data: https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://www.gstatic.com data: https://unpkg.com/@dotlottie/player-component@1.0.0/dist/dotlottie-player.js data: https://*.amazonaws.com data: https://connect.facebook.net data: https://*.hotjar.com data: http://gcaptcha4.geevisit.com data: http://gcaptcha4.gsensebot.com data: https://static.ads-twitter.com data: http://static.ads-twitter.com data: https://analytics.twitter.com data: https://t.co data: https://connect.facebook.net data: https://www.google.com/recaptcha data: https://static.geetest.com data: http://static.geetest.com data: http://gcaptcha4.geetest.com data: http://static.geevisit.com/ data: https://widget.intercom.io data: https://js.intercomcdn.com/ data: https://www.google-analytics.com data: https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: http://static.geetest.com data: http://static.geevisit.com data: http://dn-staticdown.qbox.me data: https://fonts.googleapis.com data: https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' ; style-src-elem 'self' data: https://www.googletagmanager.com data: https://www.google-analytics.com data: http://static.geetest.com data: https://fonts.googleapis.com data: https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://cdnjs.cloudflare.com data: https://js.intercomcdn.com data: https://fonts.gstatic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' blob: https://difx-futures-app.vercel.app blob: data: https://media.difx.com data: https://hv-camera-web-sg.s3-ap-southeast-1.amazonaws.com data: https://www.google.com data: https://www.google.ae data: http://*.cloudfront.net data: https://downloads.intercomcdn.com data: https://js.intercomcdn.com data: https://www.facebook.com data: https://t.co data: https://analytics.twitter.com data: http://static.geetest.com data: https://www.googletagmanager.com data: https://www.google-analytics.com data: http://static.geevisit.com data: http://dn-staticdown.qbox.me data: https://difxio.medium.com data: https://flagcdn.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' data: https://alchemy.veriff.com data: https://www.google.com data: https://www.typeform.com data: https://form.typeform.com/ data: https://www.facebook.com data: https://*.hotjar.com data: https://api.sumsub.com 'unsafe-inline' 'unsafe-eval' data: https://*.onramper.com data: https://onramp.money data: https://*.onramp.money; 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.seancannell.com https://www.thinkmedia.video https://courses.seancannell.com 1
object-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/enterprise.js https://app.chatlyn.com https://*.bootstrapcdn.com https://www.google.com https://*.bing.com/ https://js.chilipiper.com/marketing.js https://js.hs-analytics.net/ https://js.hs-banner.com/ https://js.hsadspixel.net/fb.js https://js.hscollectedforms.net/collectedforms.js https://js.hubspot.com/web-interactives-embed.js https://pagead2.googlesyndication.com/pagead/conversion/743735395/ https://scout-cdn.salesloft.com/sl.js https://snap.licdn.com/li.lms-analytics/* https://static.hsappstatic.net/ https://ws.zoominfo.com/ https://ws-assets.zoominfo.com/ https://www.clarity.ms/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/ https://code.jquery.com https://*.bant.io https://bant.io https://sc.lfeeder.com https://cdn.jsdelivr.net https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://plausible.io https://connect.facebook.net https://platform.twitter.com/widgets.js https://platform.linkedin.com/in.js https://*.adroll.com https://*.outbrain.com https://ws.zoominfo.com https://*.taboola.com https://static.hotjar.com https://www.clickcease.com https://js.zi-scripts.com/zi-tag.js https://script.hotjar.com https://app.hubspot.com https://cdn.calconic.com/static/js/calconic.min.js ; style-src 'self' 'unsafe-inline' https://*.hubspot.net https://static.hsappstatic.net https://fonts.googleapis.com ; connect-src 'self' https://2029395.fs1.hubspotusercontent-na1.net https://googleads.g.doubleclick.net https://app.calconic.com https://app.hubspot.com https://bat.bing.com https://forms.hscollectedforms.net https://*.clarity.ms/ https://*.hubspot.com/ https://js.hs-banner.com https://pagead2.googlesyndication.com https://px.ads.linkedin.com https://*.google-analytics.com https://ws.zoominfo.com https://scout.salesloft.com/ https://plausible.io https://stats.g.doubleclick.net https://*.google.com https://www.google.co.uk https://www.google.ie https://*.analytics.google.com https://analytics.google.com https://api.hubapi.com https://adservice.google.com https://forms.hsforms.com https://*.adroll.com https://*.outbrain.com https://*.bing.com/ https://*.taboola.com https://*.clickcease.com https://js.zi-scripts.com/unified/v1/master/getSubscriptions https://www.facebook.com/tr/ https://metrics.hotjar.io https://vc.hotjar.io https://hubspot-forms-static-embed.s3.amazonaws.com; font-src 'self' data: https://blog.roomex.com https://use.typekit.net https://fonts.gstatic.com https://forms.hsforms.com https://*.bootstrapcdn.com ; frame-src 'self' https://app.chatlyn.com https://play.hubspotvideo.com https://td.doubleclick.net https://platform.twitter.com https://*.adroll.com https://forms.hsforms.com www.googlegetagmanager.com https://2029395.hs-sites.com ; frame-ancestors 'self' ; img-src 'self' data: https://2029395.fs1.hubspotusercontent-na1.net https://blog.roomex.com https://forms-na1.hsforms.com https://forms.hsforms.com https://*.hubspot.com https://perf-na1.hsforms.com https://px.ads.linkedin.com https://www.linkedin.com https://tr-rc.lfeeder.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.uk https://www.google.co.za https://www.google.ie https://*.bing.com https://*.clarity.ms  https://www.linkedin.com https://www.googletagmanager.com https://perf.hsforms.com https://*.facebook.com https://scout.us4.salesloft.com  https://adservice.google.com https://*.adroll.com https://*.outbrain.com https://pagead2.googlesyndication.com https://*.taboola.com https://*.adroll.com  https://static.hsappstatic.net ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubacbd08ec5fa2c5a00a021b5671c5e89b&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service:marketing_site ;; upgrade-insecure-requests 1
base-uri 'self';connect-src 'self' *.googletagmanager.com *.google-analytics.com *.google.com *.googleapis.com *.api.video *.consentmanager.net *.doubleclick.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com;default-src 'self';form-action 'self';img-src 'self' data: *.googletagmanager.com *.google-analytics.com googleads.g.doubleclick.net *.google.com *.google.de *.googleapis.com maps.gstatic.com *.consentmanager.net *.facebook.com *.wetu.com wetu.com images.unsplash.com *.api.video;media-src 'self' blob: *.api.video;object-src 'none';script-src 'self' 'nonce-irdGmrVlA2qSK2abaXmwrIOCdYGlTPY9SzRZ1XQd' *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.googleapis.com *.consentmanager.net unpkg.com *.hotjar.com *.facebook.net vjs.zencdn.net;style-src 'self' 'unsafe-inline' *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.googleapis.com *.consentmanager.net unpkg.com;font-src 'self' data: fonts.gstatic.com;worker-src 'self' blob:;frame-src *.youtube.com *.youtube-nocookie.com *.vimeo.com vimeo.com *.google.com *.googletagmanager.com *.camper24.de *.issuu.com *.doubleclick.net *.sunnycars.de *.instagram.com *.thankyounature.org *.spotify.com *.msgp.pl *.api.video 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://libretooth.gr; img-src 'self' https: data: blob: https://libretooth.gr; style-src 'self' https://libretooth.gr 'nonce-bYGT1urTzWzO2miQxh5hKw=='; media-src 'self' https: data: https://libretooth.gr; frame-src 'self' https:; manifest-src 'self' https://libretooth.gr; form-action 'self'; child-src 'self' blob: https://libretooth.gr; worker-src 'self' blob: https://libretooth.gr; connect-src 'self' data: blob: https://libretooth.gr https://libretooth.gr wss://libretooth.gr; script-src 'self' https://libretooth.gr 'wasm-unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://www.youtube.com/iframe_api https://*.gstatic.com https://www.google.com/recaptcha/api.js https://*.tiktok.com https://*.cookiebot.com https://*.talention.com https://maps.googleapis.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://connect.facebook.net https://*.jameda-elements.de https://snap.licdn.com https://empfehlungen.aerzte.de/app.js; style-src 'self' 'unsafe-inline' 'report-sample' https://*.talention.com https://fonts.googleapis.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com/ https://www.google.com/ https://*.cookiebot.com https://*.doubleclick.net; report-uri /api/csp-report 1
font-src reviews.io *.reviews.io cloudfront.net *.cloudfront.net tawk.to *.tawk.to *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ js.stripe.com hooks.stripe.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.facebook.com adobedtm.com *.adobedtm.com px.ads.linkedin.com bing.com *.bing.com clarity.ms *.clarity.ms reviews.co.uk *.reviews.co.uk reviews.io *.reviews.io tawk.to *.tawk.to store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googletagmanager.com *.facebook.net adobedtm.com *.adobedtm.com reviews.io *.reviews.io ontraport.com *.ontraport.com reviews.co.uk *.reviews.co.uk licdn.com *.licdn.com tawk.to *.tawk.to deadlinefunnel.com *.deadlinefunnel.com bing.com *.bing.com referrals.miridiatech.com clarity.ms *.clarity.ms jsdelivr.net *.jsdelivr.net js.stripe.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cloudflare.com *.cloudflare.com cloudfront.net *.cloudfront.net reviews.io *.reviews.io tawk.to *.tawk.to unsafe-inline assets.braintreegateway.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com adobedtm.com *.adobedtm.com reviews.io *.reviews.io ontraport.com *.ontraport.com reviews.co.uk *.reviews.co.uk licdn.com *.licdn.com tawk.to *.tawk.to wss://*.tawk.to deadlinefunnel.com *.deadlinefunnel.com bing.com *.bing.com referrals.miridiatech.com clarity.ms *.clarity.ms px.ads.linkedin.com *.stripe.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.googleapis.com *.addthis.com *.graph.instagram.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; img-src https://*.openstreetmap.org 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self'; frame-ancestors 'none' ; report-uri /admin/tools/CspReport.php 1
default-src 'self' statsng.knobelbecher.net 'unsafe-inline'; img-src 'self' https:; script-src 'self' statsng.knobelbecher.net 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' *.hubgets.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://apis.google.com https://ssl.google-analytics.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://statics.rivals.space; img-src 'self' data: blob: https://statics.rivals.space https://cdn.rivals.space https://media.tenor.com; style-src 'self' https://statics.rivals.space 'nonce-1YK1J3RBWVCUWXDGhj0pFQ=='; media-src 'self' data: https://statics.rivals.space https://cdn.rivals.space https://media.tenor.com; frame-src 'self' https:; manifest-src 'self' https://statics.rivals.space; form-action 'self'; child-src 'self' blob: https://statics.rivals.space; worker-src 'self' blob: https://statics.rivals.space; connect-src 'self' data: blob: https://statics.rivals.space https://cdn.rivals.space https://media.tenor.com wss://s.rivals.space https://api.tenor.com; script-src 'self' https://statics.rivals.space 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' https://plausible.tobrien.me https://ipv6.tobrien.dev https://giscus.app; object-src 'none'; base-uri 'none'; style-src 'self' https://giscus.app 'unsafe-inline';  require-trusted-types-for 'script'; frame-src https://giscus.app; connect-src https://plausible.tobrien.me https://ipv6.tobrien.dev; 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self' *.facebook.com; img-src 'self' data: res.cloudinary.com recruitee-main.s3.eu-central-1.amazonaws.com vanboxtel.nl www.vanboxtel.nl vanboxtel-website-frontend.onrender.com *.vimeocdn.com *.facebook.com *.licdn.com *.ads.linkedin.com *.iubenda.com www.google.nl www.google.com googleads.g.doubleclick.net *.googletagmanager.com *.hotjar.com; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' *.hotjar.com *.googleapis.com; script-src 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com recaptcha.net vimeo.com player.vimeo.com fresnel.vimeocdn.com *.hotjar.com *.facebook.net *.facebook.com snap.licdn.com *.ads.linkedin.com *.iubenda.com googleads.g.doubleclick.net www.googleadservices.com 'sha256-GBFYlI6Bev3FOclAEuopcEjccE+/FCoCnmo75PmxGi0=' 'sha256-5gFxpLBEqC2Wn6Rw+5vCqP8jyTt+Okwe+j/Ro1juGIU='; upgrade-insecure-requests ; frame-src 'self' vimeo.com player.vimeo.com recaptcha.net *.vimeocdn.com *.facebook.com *.iubenda.com td.doubleclick.net *.googletagmanager.com *.hotjar.com; default-src 'self' *.hotjar.com *.hotjar.io *.hotjar.com unsafe-inline *.google.com *.iubenda.com *.linkedin.com *.doubleclick.net *.googletagmanager.com *.facebook.com *.recruitee.com *.jsdelivr.net *.onrender.com; connect-src 'self' vanboxtel-website-frontend.onrender.com www.vanboxtel.nl recruitee.vanboxtel.nl support.vanboxtel.nl werkenbij.vanboxtel.nl vanboxtel.nl cms.vanboxtel.nl *.google.com *.linkedin.com *.iubenda.com *.doubleclick.net vanboxtel.recruitee.com *.hotjar.com *.hotjar.io *.hotjar.com *.google.com *.iubenda.com *.linkedin.com *.doubleclick.net *.googletagmanager.com *.facebook.com *.recruitee.com *.jsdelivr.net *.onrender.com *.google-analytics.com wss://*.hotjar.com 1
form-action https: 'self'; default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src data: https: 1
default-src 'self' ; script-src 'self' https://www.googletagmanager.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com 'sha256-xu9Iq5nB3QL00atr1Rq5QHgoWT+CMeSIRxYEQoXF6oc=' 'sha256-Q8ZuYJje7UlpSaSOgMMOAFtU5xSGLKxrnAbf0enZIec=' 'sha256-GZUL2cHNZEB372HDaunFlkmWRlmPjUCVh363Q/Hwkss=' 'sha256-DfG8D9nfn3FARaznOfvCwohx09pdQRZP/yU2N4GrPOM=' 'sha256-wWMpNbh9bP4s3KdaWGtZyNRc6Un5wj4cbA3BIhid/a8=' 'sha256-z1bLwpdvbSkJHXu9i71V5al08xRoxQGPzSw+gSAoI4U=' 'sha256-hp7wFMJYsPu/52rbuRz5KYXAvXMOmGB5gGqmdXEx3K0=' 'nonce-pbscript'; img-src 'self' data: https://ssl.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com; connect-src 'self' wss: https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com; style-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; style-src-elem 'self' https://fonts.googleapis.com 'sha256-/VVOq+Ws/EiUxf2CU6tsqsHdOWqBgHSgwBPqCTjYD3U=' 'sha256-zZp8BI/LRCsExnI71KZA79vRfTQ/33qQr5GcSWAOwto=' 'sha256-QzbuspFx3XWfDfPzTlfR0J2UlRJ1iYhfJ1wQgds/IA0=' 'sha256-j69g0Z+HAbHBMIzQNFis9uADYR6LPo2LYlSo6DI4wy0=' 'sha256-g1+M02rsvlWQa9CjaRfEaZvT//NG7UhCKe8br+KXuF8=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-vi0IHEWWjH+X+5ImyV6kj/fBMFzSTz4uPlUjRhRTuDQ=' 'sha256-cwZgAPm2CTAW2GLDlL0o2J5isI4Gr0wno+xO/MvtT3s=' 'sha256-mmA4m52ZWPKWAzDvKQbF7Qhx9VHCZ2pcEdC0f9Xn/Po=' 'sha256-cH1+lg4dJr7FMyPRntBLER2hcaREO8zDwh5wmjRu4EQ=' 'sha256-UQBytKn0DQWyDg5/YC+FaQxonSsbQk4k0ErDHqBuhfw=' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-1PxuDsPyGK6n+LZsMv0gG4lMX3i3XigG6h0CzPIjwrE=' 'sha256-hx0up+5msNNPOIf047hgFKR59NaAvp5txflkdef6WVE=' 'nonce-pbstyle'; frame-src 'self' https://img.youtube.com https://www.youtube.com https://www.google.com https://maegis.pbb.safe/; object-src 'self'; base-uri 'self'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://yiff.life; img-src 'self' data: blob: https://yiff.life https://cdn.yiff.life; style-src 'self' https://yiff.life 'nonce-FhBG+Koq2wiUhlHvjLTL6A=='; media-src 'self' data: https://yiff.life https://cdn.yiff.life; frame-src 'self' https:; manifest-src 'self' https://yiff.life; form-action 'self'; child-src 'self' blob: https://yiff.life; worker-src 'self' blob: https://yiff.life; connect-src 'self' data: blob: https://yiff.life https://cdn.yiff.life wss://yiff.life; script-src 'self' https://yiff.life 'wasm-unsafe-eval' 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.redditstatic.com/ads/pixel.js https://googleads.g.doubleclick.net https://d6unz3nsyh8vw.cloudfront.net/3SFv8DuWrRsddehY9xMi45LjA.js https://*.googletagmanager.com https://www.google.com https://consent.cookiebot.com https://www.gstatic.com https://*.google-analytics.com https://tagmanager.google.com https://snap.licdn.com https://connect.facebook.net https://consentcdn.cookiebot.com https://www.youtube.com https://player.vimeo.com https://www.connexys.nl https://analytics.apg.nl https://www.googleadservices.com https://js.monitor.azure.com https://static.hotjar.com https://script.hotjar.com https://platform.instagram.com https://collection.passfort.com https://www.instagram.com;object-src 'self';style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://static.hotjar.com https://script.hotjar.com;img-src 'self' data: https://alb.reddit.com https://px.ads.linkedin.com https://www.facebook.com https://www.linkedin.com https://i.ytimg.com https://*.g.doubleclick.net https://*.google.com https://*.google.nl https://*.googletagmanager.com https://*.cookiebot.com https://*.googlesyndication.com https://*.google-analytics.com https://www.gstatic.com https://ssl.gstatic.com https://static.hotjar.com https://script.hotjar.com;media-src 'self';frame-src 'self' https://*.google.com/ https://www.googletagmanager.com https://acceptatie.connexys.nl https://www.connexys.nl https://consentcdn.cookiebot.com https://youtube.com https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://*.soundcloud.com https://localfocuswidgets.net https://*.hotjar.com https://*.hotjar.io https://collection.passfort.com https://www.instagram.com;font-src 'self' data: https://script.hotjar.com;connect-src 'self' https://cdn.linkedin.oribi.io https://com-vonq-main.collector.snplow.net https://*.google-analytics.com https://*.googletagmanager.com https://consentcdn.cookiebot.com https://*.passfort.com https://*.g.doubleclick.net https://noembed.com https://cdn.plyr.io https://analytics.apg.nl https://dc.services.visualstudio.com https://*.googlesyndication.com https://*.google.com https://*.google.nl https://*.linkedin.com https://www.redditstatic.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;base-uri 'self';frame-ancestors 'self';manifest-src 'self';upgrade-insecure-requests;block-all-mixed-content 1
default-src 'none';     script-src  'unsafe-inline' 'unsafe-eval' https://www.banchileinversiones.cl https://assets.zendesk.com https://www.youtube.com https://connect.facebook.net https://widget-mediator.zopim.com https://*.hotjar.com https://www.google-analytics.com https://www.gstatic.com https://www.googletagmanager.com https://app.certainly.io https://www.google.com https://*.zdassets.com https://ww2.banchileinversiones.cl;  script-src-elem  'unsafe-inline' 'unsafe-eval' https://www.banchileinversiones.cl https://assets.zendesk.com https://connect.facebook.net https://www.youtube.com https://widget-mediator.zopim.com https://www.gstatic.com https://www.google-analytics.com https://*.hotjar.com https://app.certainly.io https://www.googletagmanager.com https://www.google.com https://*.zdassets.com https://ww2.banchileinversiones.cl https://www.empresas.bancochile.cl;     style-src 'self' 'unsafe-inline' 'unsafe-eval' https://ww2.banchileinversiones.cl https://www.empresas.bancochile.cl https://fonts.googleapis.com;     img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://www.banchileinversiones.cl https://www.facebook.com https://10.200.204.204:15871  https://ww2.banchileinversiones.cl https://www.google.cl https://www.google.com https://i.ytimg.com https://www.empresas.bancochile.cl;     font-src 'self' https://www.empresas.bancochile.cl https://fonts.gstatic.com;     connect-src 'self' https://www.google.cl https://www.google.com wss://widget-mediator.zopim.com https://stats.g.doubleclick.net https://analytics.google.com https://banchilesupport.zendesk.com https://app.certainly.io https://zendesk-eu.my.sentry.io https://www.google-analytics.com https://ekr.zdassets.com https://*.zdassets.com https://www.empresas.bancochile.cl;  media-src 'self' https://static.zdassets.com;  frame-src 'self' https://www.youtube.com https://10.200.204.204:15871 https://www.google.com https://www.google.cl https://app.certainly.io https://indicadores.banchileinversiones.cl 1
frame-ancestors 'self' https://www.myrasecurity.com https://myrasecurity.360learning.com; 1
default-src 'self'; base-uri 'none'; form-action 'self' https://*.stadtmobil.de https://ewi3-stadtmobil.cantamen.de; style-src 'self' 'unsafe-inline' *.cookiebot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stadtmobil.de statistik.stadtmobil.de *.cookiebot.com maps.googleapis.com www.google.com www.gstatic.com www.meinungsmeister.de; frame-src 'self' https://consentcdn.cookiebot.com *.youtube-nocookie.com *.stadtmobil.de *.cantamen.de www.google.com app.cituro.com www.vvs.de www.meinungsmeister.de www.stadtradeln.de *.youtube.com *.vimeo.com *.vimeocdn.com; font-src 'self'; object-src 'self'; img-src 'self' data: maps.googleapis.com maps.gstatic.com www.meinungsmeister.de imgsct.cookiebot.com tile.openstreetmap.org; connect-src 'self' https://www.stadtmobil.de https://statistik.stadtmobil.de https://mein.stadtmobil.de https://consentcdn.cookiebot.com https://maps.googleapis.com www.meinungsmeister.de https://nominatim.openstreetmap.org; frame-ancestors 'self' https://*.stadtmobil.de https://*.cantamen.de https://*.eifel-carsharing.de https://ewi3-stadtmobil.cantamen.de; 1
default-src 'self' *.jamef.com.br; script-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.clarity.ms https://*.licdn.com *.linkedin.com https://*.ads.linkedin.com https://connect.facebook.net https://netdna.bootstrapcdn.com 'unsafe-inline' 'unsafe-eval' *.jamef.com.br *.bhz.jamef *.dtc.jamef apis.google.com www.google.com ssl.google-analytics.com tagmanager.google.com www.google-analytics.com www.gstatic.com gstatic.com maps.googleapis.com cdnjs.cloudflare.com ajax.googleapis.com storage.googleapis.com code.jquery.com cdn.cookielaw.org https://cdn.datatables.net https://cdn.rawgit.com https://geolocation.onetrust.com ; img-src 'self' * https://*.google-analytics.com https://*.analytics.google.com  https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com  blob: data:; style-src 'self' https://cdn.jsdelivr.net https://netdna.bootstrapcdn.com https://cdnjs.cloudflare.com 'unsafe-inline' https://www.gstatic.com https://gstatic.com https://maps.googleapis.com https://fonts.googleapis.com code.jquery.com *.cookielaw.org *.onetrust.com ; font-src 'self' https://netdna.bootstrapcdn.com  https://cdn.jsdelivr.net  fonts.gstatic.com  themes.googleusercontent.com ; frame-src 'self' *.vscode-cdn.net https://embed.diagrams.net https://www.bnet.bradesco.com.br https://www.facebook.com; object-src 'self' * blob: data: ; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.clarity.ms https://*.licdn.com *.linkedin.com https://*.ads.linkedin.com http://gitlab.jamef.com.br https://cdn.jsdelivr.net *.jamef.com.br http://jobserver1.dtc.jamef:8123 https://jobserver1.dtc.jamef:3030 *.amazonaws.com https://cdn.cookielaw.org https://cdn.jsdelivr.net data:; child-src 'self' * blob: data:; frame-ancestors *.jamef.com.br 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://instagram-engineering.com https://*.instagram-engineering.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src 'self' https://www.google-analytics.com https://www.facebook.com/ https://webto.salesforce.com https://www.youtube.com;
		   font-src *; 
		   img-src 'self' blob: https://www.ford.com https://www.toyotacr.com https://i.ibb.co https://i.imgur.com https://corporate.ford.com https://pixel.sitescout.com https://pixel-a.basis.net https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://i.ytimg.com https://img.youtube.com https://www.google.com https://www.google.co.cr https://googleads.g.doubleclick.net https://www.facebook.com/ https://cdn-api.toyotacr.com https://www.google-analytics.com https://pixel.sitescout.com https://pixel-a.basis.net https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://i.ytimg.com https://img.youtube.com https://www.google.com https://www.google.co.cr https://googleads.g.doubleclick.net https://www.facebook.com/ https://cdn-api.toyotacr.com analytics.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com data:; 
		   script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tpc.googlesyndication.com https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.js https://code.jquery.com https://maps.googleapis.com https://www.gstatic.com https://www.google.com https://connect.facebook.net https://c1.rfihub.net/js/tc.min.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/en_US/sdk.js https://static.site24x7rum.com/beacon/site24x7rum-min.js https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com https://platform.linkedin.com/in.js analytics.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com; 
		   style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.materialdesignicons.com https://fonts.googleapis.com; 
		   frame-src 'self' data: bytedance: sslocal: https://td.doubleclick.net https://tpc.googlesyndication.com https://pixel-a.basis.net https://pixel.sitescout.com https://www.google.com https://toyota-la.transparenttestdrive.com https://bid.g.doubleclick.net https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://*.rfihub.com; 
		   connect-src 'self' https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://www.facebook.com https://capig.toyotacr.com https://www.google-analytics.com https://stats.g.doubleclick.net https://col.site24x7rum.com https://maps.googleapis.com https://api-gateway.toyotacr.com https://analytics.google.com https://gtm-w59h9dt-zgnln.uc.r.appspot.com analytics.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com;
		    1
default-src data: https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: https://fonts.googleapis.com https://fonts.gstatic.com; connect-src https: wss:; worker-src blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.google-analytics.com www.gstatic.com www.googleadservices.com maps.googleapis.com static.olark.com api.olark.com knrpc.olark.com servedbyadbutler.com pagead2.googlesyndication.com www.googletagmanager.com click.appcast.io connect.facebook.net optimize-pixel.jobadx.com js.hsforms.net static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com static.olark.com; font-src 'self' fonts.gstatic.com static.olark.com 1
frame-ancestors 'self' https://www.zi-mannheim.de https://www.einzigartigwir.de ; 1
default-src 'self' *.cookielaw.org *.onetrust.com feed.pghub.io pandg.tapad.com ; media-src https://videos.ctfassets.net feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com https: blob: ; script-src * data: blob: *.pricespider.com 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 1
default-src 'self' *.basc.org.uk; connect-src 'self' *.basc.org.uk *.google-analytics.com *.google.com *.twitter.com https://my.yoast.com https://*.vimeo.com https://scd.blazefuture.wpengine.com https://members-api.parliament.uk https://nominatim.openstreetmap.org; font-src 'self' data: *.basc.org.uk *.bootstrapcdn.com *.google-analytics.com *.google.com *.gstatic.com *.paypalobjects.com *.twitter.com *.wpmudev.org *.youtube.com data https://use.fontawesome.com; form-action 'self' *.basc.org.uk *.google-analytics.com *.google.com *.twitter.com https://basc.us13.list-manage.com  https://www.facebook.com https://www.paypal.com https://www.sional.co.uk; frame-ancestors 'self' *.mapbox.com https://www.facebook.com *.cloudfront.net *.google-analytics.com *.google.com https://basc.adventcalendaronline.com/ *.twitter.com *.wpmudev.org *.youtube.com https://*.vimeo.com https://staticxx.facebook.com https://w.soundcloud.com https://www.facebook.com https://www.media.volvocars.com https://www.sional.co.uk https://wp-themes.com/ https://www.buzzsprout.com/ https://library.elementor.com/ https://js.gleam.io https://gleam.io/; frame-src 'self' *.basc.org.uk *.mapbox.com https://www.facebook.com *.cloudfront.net *.google-analytics.com *.google.com https://basc.adventcalendaronline.com/ *.twitter.com *.wpmudev.org *.youtube.com https://*.vimeo.com https://staticxx.facebook.com https://w.soundcloud.com https://www.facebook.com https://www.media.volvocars.com https://www.sional.co.uk https://wp-themes.com/ https://www.buzzsprout.com/ https://library.elementor.com/ https://js.gleam.io https://gleam.io/ https://basc.app.do/; img-src 'self' blob: *.basc.org.uk https://ps.w.org https://yoast.com https://yoa.st *.facebook.com *.google-analytics.com *.google.com *.googleapis.com/ *.gstatic.com *.openstreetmap.org *.paypalobjects.com *.twimg.com *.twitter.com *.wpmudev.org *.youtube.com *.ytimg.com data: https://badges.instagram.com https://s.w.org https://stats.g.doubleclick.net https://basc.org.uk https://secure.gravatar.com https://ts.w.org/ https://library.elementor.com/ https://members-api.parliament.uk https://www.google.co.uk/ https://js.gleam.io/; media-src 'self'  *.basc.org.uk *.google-analytics.com *.google.com *.twitter.com *.wpmudev.org *.youtube.com https://*.vimeo.com https://www.sional.co.uk; object-src 'self'  *.basc.org.uk *.cloudfront.net *.google-analytics.com *.google.com *.twitter.com *.wpmudev.org *.youtube.com https://*.vimeo.com https://www.sional.co.uk; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob:  *.angularjs.org/ *.basc.org.uk *.cloudfront.net *.facebook.net *.google-analytics.com *.google.com *.gstatic.com *.jquery.com *.twitter.com *.wpmudev.org *.youtube.com ajax.googleapis.com apis.google.com https://yoast.com maps.googleapis.com https://*.vimeo.com https://basc.us13.list-manage.com https://cdn.syndication.twimg.com https://cdnjs.cloudflare.com https://onesignal.com https://s3.amazonaws.com https://scd.blazefuture.wpengine.com/ https://secure.comodo.com https://sucuri.net https://www.googleapis.com https://www.jqueryscript.net https://www.moonmodule.com https://www.paypal.com https://www.sional.co.uk https://cdn.jsdelivr.net https://www.googletagmanager.com https://basc.org.uk https://www.buzzsprout.com/ https://googleads.g.doubleclick.net/ https://nominatim.openstreetmap.org/ https://widget.gleamjs.io https://basc.app.do/; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.basc.org.uk *.bootstrapcdn.com *.cloudfront.net *.google.com *.googleapis.com *.gunstar.co.uk *.paypalobjects.com *.twimg.com/ *.twitter.com *.wpmudev.org *.youtube.com https://*.vimeo.com https://cdn-images.mailchimp.com https://sucuri.net https://www.sional.co.uk https://use.fontawesome.com https://cdnjs.cloudflare.com/ https://www.googletagmanager.com; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com 'self' data: chrome-extension: https://*.hotjar.com https://*.hotjar.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com https://*.manutan-collectivites.fr 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.google.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://www.google.com/recaptcha/api2/anchor https://www.google.com/recaptcha/api2/bframe https://*.hotjar.com https://*.hotjar.io https://*.emsecure.net 'self' blob: payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com 'self' data: * https://*.facebook.com https://*.windows.net https://*.quanta.io https://*.bing.com https://*.linkedin.com https://*.twitter.com https://*.clarity.ms https://t.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://*.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.google.com https://www.googleoptimize.com/optimize.js https://*.cookielaw.org https://*.perfdrive.com https://*.go-mpulse.net https://*.newrelic.com https://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.licdn.com https://*.netdna-ssl.com https://*.facebook.net https://*.twitter.com https://*.ads-twitter.com https://*.quanta.io https://*.clarity.ms https://*.voicepublisher.net https://*.nr-data.net https://*.demoup.com https://*.facebook.com https://*.google-analytics.com https://*.akamaihd.net https://*.windows.net https://*.dexem.net https://*.polyfill.io https://*.slgnt.eu https://*.google.com https://*.mitel.io payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com *.fontawesome.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com t.elasticsuite.io *.google-analytics.com https://*.google-analytics.com https://cdn.cookielaw.org/ https://privacyportal-eu.onetrust.com/request/v1/consentreceipts https://*.perfdrive.com https://*.go-mpulse.net https://*.doubleclick.net https://*.nr-data.net https://*.clarity.ms https://*.facebook.com https://*.hotjar.com https://*.akstat.io https://*.voicepublisher.net https://*.akamaihd.net https://*.oribi.io https://*.polyfill.io https://*.hotjar.io https://*.slgnt.eu https://*.analytics.google.com wss://*.hotjar.com https://*.linkedin.com https://www.google.com https://*.googlesyndication.com https://*.google.com https://*.mitel.io payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://www.mymrs.mrs.org.uk/ https://test.mymrs.mrs.org.uk/ https://mrsprod.imiscloud.com/ https://www.my.research-live.com/ 1
default-src 'self'; img-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.googlesyndication.com *.google.com *.toast.com *.google.es *.ytimg.com *.googletagmanager.com *.openstreetmap.org; media-src 'self'; frame-src 'self' https://syndicatedsearch.goog *.googlesyndication.com *.youtube.com  *.google.com googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.cloudflare.com *.toast.com *.github.io *.googleapis.com *.google.com *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.toast.com *.cloudflare.com *.toast.com *.google.com *.googleapis.com; font-src 'self' *.gstatic.com; connect-src 'self' *.googleapis.com *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com; 1
connect-src *.google-analytics.com www.google-analytics.com script.crazyegg.com stats.g.doubleclick.net analytics.tiktok.com *.analytics.google.com earthshotprize.org www.facebook.com *.googletagmanager.com analytics.google.com *.googlesyndication.com *.crazyegg.com adservice.google.com earthshotprize.bamboohr.com; default-src 'self' 'unsafe-inline' *.googletagmanager.com cdn.jsdelivr.net fonts.gstatic.com scontent-lcy1-1.cdninstagram.com scontent-lcy1-2.cdninstagram.com *.crazyegg.com; frame-src www.google.com platform.twitter.com www.googletagmanager.com www.facebook.com www.youtube-nocookie.com www.instagram.com *.instagram.com earthshotprize.org player.vimeo.com *.vimeo.com *.youtube.com *.googlesyndication.com *.doubleclick.net *.crazyegg.com; img-src 'self' data: *.google-analytics.com cdn.jsdelivr.net t.co analytics.twitter.com www.facebook.com www.google.com www.google.co.uk googleads.g.doubleclick.net i.ytimg.com scontent-lcy1-1.cdninstagram.com scontent-lcy1-2.cdninstagram.com sa.earthshotprize.org player.vimeo.com *.googletagmanager.com www.google.com.au *.crazyegg.com resources.bamboohr.com; script-src-elem 'self' 'unsafe-inline'  player.vimeo.com vimeo.com apis.google.com www.youtube.com www.youtube-nocookie.com platform.twitter.com googletagmanager.com www.googletagmanager.com www.google.com google.com www.gstatic.com gstatic.com www.google-analytics.com ps://static.ads-twitter.com/uwt.js fonts.googleapis.com cdn.jsdelivr.net static.ads-twitter.com connect.facebook.net googleads.g.doubleclick.net analytics.tiktok.com script.crazyegg.com www.googleadservices.com sa.earthshotprize.org tpc.googlesyndication.com *.crazyegg.com www.instagram.com www.instagram.com/embed.js earthshotprize.bamboohr.com; style-src 'self' 'unsafe-inline'  cdn.jsdelivr.net fonts.googleapis.com script.crazyegg.com; style-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com *.crazyegg.com; worker-src       'self'       blob:; 1
default-src 'self' *.usercentrics.eu; frame-src 'self' www.advocard.de www.youtube.de www.youtube.com www.youtube-nocookie.com customlocation.here.com; img-src 'self' *.advocard.de *.usercentrics.eu generali01.webtrekk.net advocard01.wt-eu02.net *.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu www.youtube.de www.youtube.com www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' *.usercentrics.eu 1
report-uri /sentry/api/61/csp-report/?sentry_key=8505cd7669a24ba78131bbe9f6e8db09; worker-src blob: 'self'; child-src blob:; object-src 'none'; default-src https: data: 'self' *.1gamepay.com; img-src 'self' https: data: blob: *.google.com *.google.ro *.google.se *.google.nl *.google.de *.google.fi *.google.ch *.google.ee *.google.sk *.google.dk *.visualwebsiteoptimizer.com app.vwo.com https://ssl.gstatic.com https://www.gstatic.com *.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com; frame-src * bankid: https://bid.g.doubleclick.net wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; connect-src 'self' ws: wss: livechat24.tech *.livechat24.tech https://stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net *.unetsafe.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.bing.com app.vwo.com facebook.com www.facebook.com *.google.com *.google.ru *.google.ro *.google.se *.google.de *.google.fr *.google.nl *.google.by *.google.pt *.google.kz *.google.bg *.google.kg *.google.md *.google.gr *.google.fi https://*.googlesyndication.com *.snapchat.com snapchat.com sc-static.net https://static.ads-twitter.com https://analytics.twitter.com https://*.atlantgaming.com https://cdn-sp.kertn.net https://*.pusher.com https://cdn-sp.gbshgbsh.com *.regily.com https://*.fasttrack-solutions.com https://*.ft-crm.com https://verification.okwork.io https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com *.frankcasino.com *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com s4vds4.ujad65dsai.com asdaerq.dapmaptuns.com *.checkout.com *.browser-intake-datadoghq.com https://*.frankcasino.ro wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com *.google.com *.cloudflare.com *.cloudflareinsights.com *.unetsafe.com livechat24.tech *.livechat24.tech *.visualwebsiteoptimizer.com app.vwo.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://cdn-sp.kertn.net https://cdn-sp.gbshgbsh.com https://*.fasttrack-solutions.com https://*.gstatic.com https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com https://tagmanager.google.com https://fonts.googleapis.com https://s3.amazonaws.com *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com fasd63.illongrlong.com s4vds4.ujad65dsai.com asdaerq.dapmaptuns.com https://*.frankcasino.ro wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; font-src 'self' https://fonts.gstatic.com data: *.cloudflare.com *.cloudflareinsights.com livechat24.tech *.livechat24.tech *.visualwebsiteoptimizer.com app.vwo.com *.frankcasino.com https://cdn-sp.kertn.net https://*.frankcasino.ro wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; script-src 'self' 'unsafe-eval' 'nonce-xA7SAOzNWt6KZPFwhhXvBg==' blob: *.google.com *.google.ro *.google.se *.google.nl *.google.de *.google.fi *.google.ch *.google.ee *.google.sk *.google.dk recaptcha.net www.gstatic.com *.googleadservices.com https://www.googleadservices.com https://*.googlesyndication.com *.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://*.googletagmanager.com *.google-analytics.com *.analytics.google.com platform.twitter.com connect.facebook.net *.curacao-egaming.com stats.g.doubleclick.net https://stats.g.doubleclick.net livechat24.tech *.livechat24.tech *.livestatisc.com *.jsdelivr.net *.ptstaging.eu track.adform.net *.unetsafe.com *.cloudflare.com *.cloudflareinsights.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.snapchat.com *.bing.com snapchat.com sc-static.net app.vwo.com facebook.com www.facebook.com https://static.ads-twitter.com https://analytics.twitter.com *.regily.com https://*.fasttrack-solutions.com https://cdn-sp.kertn.net https://*.pusher.com https://cdn-sp.gbshgbsh.com https://*.gstatic.com https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com *.frankcasino.com *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com asdaerq.dapmaptuns.com *.checkout.com https://*.frankcasino.ro wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com 1
default-src 'self'; frame-ancestors *; object-src 'none'; worker-src 'self' blob:; connect-src 'self' https://cdn.inlinemanual.com https://analytics.inlinemanual.com https://www.googleapis.com https://api.rollbar.com https://app.launchdarkly.com https://events.launchdarkly.com https://web.delighted.com wss://ws.pusherapp.com/app/7fa7ab308aa09e4f2ae1 https://browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://api.rudderstack.com https://neuroflow-dataplane.rudderstack.com https://dev-neuroflow.us.auth0.com https://sandbox-neuroflow.us.auth0.com https://prod-neuroflow.us.auth0.com https://api.x.flatfile.com https://platform.flatfile.com; script-src 'self' 'sha256-EkyF7d6utoX8SkizhXCB3jKkUnVRvEugyIhEyadGMKk=' https://cdn.inlinemanual.com https://analytics.inlinemanual.com https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/ https://www.datadoghq-browser-agent.com https://cdn.rudderlabs.com/v1.1/rudder-analytics.min.js https://www.google.com/recaptcha/api.js https://www.gstatic.com https://www.youtube.com; media-src 'self' https://s3.amazonaws.com/neuroflow-audio-repository/ https://neuroflow.mhl.psychhub.com/; frame-src 'self' https://www.youtube.com https://www.google.com https://portal-2.flatfile.io https://platform.flatfile.com https://spaces.flatfile.com;img-src 'self' data: https://*.ytimg.com https://dwwvg90koz96l.cloudfront.net/images/brands/ https://neuroflow-comic-repository.s3.amazonaws.com https://neuroflow-root-shared-resources-use1.s3.amazonaws.com https://prod-neuroflow-document-uploads-usw2.s3.amazonaws.com https://neuroflow-inline-manual-files.s3-us-west-2.amazonaws.com https://neuroflow-inline-manual-files.s3.us-west-2.amazonaws.com https://purecatamphetamine.github.io/country-flag-icons/ https://neuroflow.mhl.psychhub.com/; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net; font-src 'self' https://use.typekit.net data:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub96a3f08ad5b1174e57f253b25f57f467&dd-evp-origin=content-security-policy&ddsource=csp-report; 1
frame-ancestors 'self' *.conexaoclarobrasil.com.br https://www.netcombo.com.br https://www.net.com.br; 1
frame-ancestors '*' 1
object-src 'none';base-uri 'self';script-src 'nonce-HIWO1hf7ZJq4oVTIz0Zsww' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp 1
object-src 'none';base-uri 'self';script-src 'nonce-Om-8EMb81SzAVJzlZ0z3Wg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp 1
frame-ancestors 'self' https://online.amp.co.nz https://ampwmnz.force.com https://ampwmnz--uat2.sandbox.my.site.com https://ampwmnz--lmartynova.sandbox.my.site.com/ https://ampwmnz--imozo2.sandbox.my.site.com/ https://ampwmnz.my.site.com https://ampwmnz--uat2.sandbox.my.site.com https://ampwmnz--imozo2.sandbox.my.site.com https://ampwmnz--imozo.sandbox.my.site.com https://ampwmnz--lmartynova.sandbox.my.site.com https://ampwmnz--gtan.sandbox.my.site.com https://ampwmnz--gtandev.sandbox.my.site.com https://ampwmnz--iansdev.sandbox.my.site.com https://ampwmnz--nbustillos.sandbox.my.site.com https://ampwmnz--rollup2.sandbox.my.site.com https://ampwmnz--rollup.sandbox.my.site.com https://ampwmnz--rollup.sandbox.preview.salesforce-experience.com https://ampwmnz--rollup.sandbox.live-preview.salesforce-experience.com https://ampwmnz--rollup2.sandbox.preview.salesforce-experience.com https://ampwmnz--rollup2.sandbox.live-preview.salesforce-experience.com https://ampwmnz--validtn2.sandbox.my.site.com https://ampwmnz--preprod.sandbox.my.site.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.facebook.net *.bing.com *.doubleclick.net *.googlesyndication.com *.gstatic.com *.google.com stackpath.bootstrapcdn.com *.googleapis.com www.googletagmanager.com *.google-analytics.com challenges.cloudflare.com *.redditstatic.com *.reddit.com px.ads.linkedin.com snap.licdn.com *.youtube.com code.jquery.com; img-src * data:; font-src * data:; media-src 'self' blob: data: 1
frame-ancestors *.myshopify.com https://admin.shopify.com; 1
default-src 'self'; base-uri 'self'; manifest-src 'self'; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' herbalife.ru https://ad.adriver.ru/ https://antifraud.acstat.com/ assets.adobedtm.com https://cdn.cookielaw.org/scripttemplates/ https://code.acstat.com/ https://connect.facebook.net/en_US/fbevents.js https://dmp.vihub.ru/pixeljs herbalife.ramfy.ru https://pix.sniperlog.ru/js/pix_o_7b525d0183dd9dc4a103be4413704c25.js https://pixel.betweenx.com/s/_herbalife/dist/smartPixel.min.js https://tags.soloway.ru/DSPCounter.js https://top-fwz1.mail.ru/js/code.js https://vk.com/js/api/openapi.js https://www.clarity.ms/s/0.7.10/clarity.js https://www.clarity.ms/tag/emvxvwmmrl https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com/ https://maps.googleapis.com https://mc.yandex.ru/metrika/watch.js https://matchid.adfox.yandex.ru https://core-renderer-tiles.maps.yandex.net/tiles https://yastatic.net https://api-maps.yandex.ru bitrix.info/ba.js https://leads.herbalife.ru 'strict-dynamic' 'nonce-iqkskg4at0xk6eyw6ovt'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net https://fonts.googleapis.com www.google.com herbalife.ramfy.ru https://leads.herbalife.ru ; connect-src 'self' cdn.cookielaw.org mc.yandex.ru privacyportal.onetrust.com geolocation.onetrust.com top-fwz1.mail.ru stats.g.doubleclick.net www.google-analytics.com www.google.ru www.google.com https://stats.g.doubleclick.net maps.googleapis.com https://fonts.googleapis.com/ analytics.google.com y.clarity.ms c.clarity.ms r.clarity.ms https://c.bing.com/c.gif https://herbalife.tt.omtrdc.net/ herbalife.ramfy.ru bitrix.info https://leads.herbalife.ru; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://leads.herbalife.ru; frame-src 'self' www.google.com www.youtube.com content.adriver.ru td.doubleclick.net partners.cpaex.ru mc.yandex.ru https://leads.herbalife.ru; child-src 'self' www.google.com www.youtube.com content.adriver.ru td.doubleclick.net partners.cpaex.ru mc.yandex.ru https://leads.herbalife.ru; img-src 'self' https://c.clarity.ms/c.gif https://hit.acstat.com https://x01.aidata.io https://px.adhigh.net https://sync.1dmp.io https://sync.bumlam.com/ https://sync.videonow.ru tms.dmp.wi-fi.ru https://trc.taboola.com https://vk.com https://c.bing.com/c.gif maps.gstatic.com https://www.google-analytics.com https://www.google.ru www.google.com https://www.googletagmanager.com https://i.ytimg.com googleads.g.doubleclick.net https://yandex.ru https://mc.yandex.ru https://an.yandex.ru/mapuid/adsniperis/ https://core-renderer-tiles.maps.yandex.net https://api-maps.yandex.ru https://ads.adfox.ru/ https://herbalife-breakfast.com/ https://smetrics.herbalife.com/ https://herbalife-breakfast.com/ https://leads.herbalife.ru; object-src 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com; upgrade-insecure-requests; frame-ancestors 'none' ; 1
base-uri 'none';child-src 'none';connect-src 'self' 'strict-dynamic' https://formspree.io https://*.sentry.io https://unpkg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.walletconnect.com wss://*.walletconnect.com https://*.amplitude.com wss://*.zendesk.com wss://*.zopim.com https://ekr.zdassets.com https://*.zendesk.com https://zendesk-eu.my.sentry.io https://*.zopim.com https://moonspin.us wss://moonspin.us https://*.moonspin.us wss://*.moonspin.us https://*.doubleclick.net https://*.clarity.ms https://chat.imred.ai https://accounts.google.com https://swivel-production-public.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src * https://api.sumsub.com/ https://*.mochalabs.com https://*.whenmoonbro.com https://*.avo.app https://*.walletconnect.com https://chat.imred.ai;img-src 'self' data: blob: https://verification.curacao-egaming.com https://v2assets.zopim.io https://static.zdassets.com https://*.zendesk.com https://*.google-analytics.com https://www.facebook.com https://*.googletagmanager.com https://*.walletconnect.com https://*.game-program.com https://moonspin.us https://*.strapiapp.com https://*.amazonaws.com d1b82hscw3e9o2.cloudfront.net 'strict-dynamic' https://pixel.quantserve.com https://my.rtmark.net https://*.google.com https://*.doubleclick.net https://flagcdn.com https://*.yandex.com https://chat.imred.ai https://swivel-production-public.s3.eu-west-1.amazonaws.com;manifest-src 'self';media-src 'self' https://static.zdassets.com https://moonspin.us/blog;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkout.bridgerpay.com https: 'nonce-snuozdQu+XTdnjaPZqitDA==' 'strict-dynamic' https://accounts.google.com;style-src 'self' 'unsafe-inline';worker-src 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com *.telerikstatic.com *.cloudfront.net *.google.com *.google-analytics.com *.googleapis.com *.jquery.com *.fontawesome.com *.allibo.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.allibo.com; img-src data: 'self' *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.allibo.com; frame-ancestors 'self' *.allibo.com;object-src 'none';form-action 'self'; 1
default-src 'self'; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-87eff6a0-ad09-462c-9088-0d60b1db53ae'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com heapanalytics.com; object-src 'none'; frame-src 'self' *.svc.dynamics.com app.hellosign.com player.vimeo.com www.google.com; frame-ancestors 'self'; child-src 'self' blob:; img-src 'self' data: *.svc.dynamics.com api.swiftype.com cdnjs.cloudflare.com cdn.jsdelivr.net gallery.mailchimp.com i.vimeocdn.com heapanalytics.com; font-src 'self' data:  cdnjs.cloudflare.com cdn.jsdelivr.net fonts.gstatic.com heapanalytics.com; connect-src 'self' *.bf.dynatrace.com *.centralstatesfunds.org *.pdfjs.express *.svc.dynamics.com cdnjs.cloudflare.com cdn.jsdelivr.net heapanalytics.com; manifest-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self'; worker-src 'self' blob:; 1
frame-src https://ganeshaoperationexpert.com https://www.youtube.com 1
frame-ancestors 'self'  *.ccaeducate.me *.brightspacedemo.com *.blenderconnect.com *.elearningontario.ca *.myedio.com *.brightspace.com *.echo-ntn.org *.srgtech.com *.safarimontage.com *.aacps.org *.agilixbuzz.com *.instructure.com *.savvasrealize.com *.schoology.com *.d2l.com *.wondavr.com ; 1
default-src 'self' https:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' https: 'unsafe-inline' 1
default-src https: data: wss: about: blob: dc-photo: dc-illu: dc-v2: fb-messenger: tg: whatsapp: sms: mailto: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.danland.dk/pubweb/csp-violation 1
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors https://*.androidacy.com; sandbox allow-downloads allow-modals allow-forms allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation-by-user-activation; report-uri https://sentry.androidacy.com/api/7/security/?sentry_key=f25de59239104cf9a130e05c6fd3062d 1
object-src * 1
default-src 'self' https://*.tataplay.com blob:; connect-src 'self'  https://www.clarity.ms/ https://*.clarity.ms/ https://col.site24x7rum.com https://app.litmusworld.com https://*.tataplay.com https://*.tatasky.com https://*.g.doubleclick.net https://logs.juspay.in https://payments.juspay.in https://*.taboola.com/ https://www.google-analytics.com/ https://anuvadak-wms.reverieinc.com https://avtstagecdn.blob.core.windows.net https://api.ipify.org https://s.yimg.com https://e3zogked5l.execute-api.us-west-2.amazonaws.com https://app.easyling.com/ https://crest-dot-skawa-easyling.appspot.com/ https://rs.fullstory.com/ https://maps.googleapis.com/ https://analytics.google.com/ https://wafs.mfilterit.net/ https://assets.juspay.in/ https://tr.outbrain.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sf16-muse-va.ibytedtos.com https://s0.ipstatp.com https://static.bytedance.com https://a.quora.com https://bat.bing.com https://www.googletagservices.com https://maps.googleapis.com https://code.jquery.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.sokrati.com https://ad.doubleclick.net https://www.googleadservices.com https://static.site24x7rum.com https://tagmanager.google.com https://ssl.gstatic.com https://www.tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/ https://*.google.co.in/ https://www.gstatic.com/recaptcha/ https://*.twitter.com/ https://*.twimg.com/ https://www.youtube.com/ https://s.ytimg.com/ https://*.googlesyndication.com/ https://*.taboola.com/ https://payments.juspay.in/ https://static.ads-twitter.com/ https://cdn.invitereferrals.com/ https://www.googleoptimize.com/ https://optimize.google.com https://www.ref-r.com/ https://anuvadak-wms.reverieinc.com https://avtstagecdn.blob.core.windows.net https://api.ipify.org https://aax-eu.amazon-adsystem.com https://s.yimg.com https://sp.analytics.yahoo.com/ https://script.mfilterit.net/ https://app.easyling.com/ https://crest-dot-skawa-easyling.appspot.com/ https://d1r1tbvxnfd82x.cloudfront.net/ https://sokrati.g2afse.com/ https://d2yjce5oayglmo.cloudfront.net/ https://uathelpchat.tataplay.com/ https://edge.fullstory.com/ https://rs.fullstory.com/ https://amplify.outbrain.com/ https://www.clarity.ms/ https://*.clarity.ms/ https://helpchat.tataplay.com/ https://public.releases.juspay.in/ https://tr.outbrain.com/ https://wave.outbrain.com/ ; img-src 'self' https://mediaready.videoready.tv/ https://uat.tstatic.videoready.tv/ https://business-sg.topbuzz.com https://business.topbuzz.com https://q.quora.com https://www.ref-r.com https://bat.bing.com https://maps.gstatic.com https://maps.googleapis.com https://*.facebook.com https://*.sokrati.com https://www.google.com https://www.google.co.in https://*.fls.doubleclick.net https://*.linkedin.com https://www.googleadservices.com https://*.g.doubleclick.net https://tagmanager.google.com https://www.google-analytics.com https://ssl.gstatic.com https://*.twitter.com/ https://*.twimg.com/ https://ad.doubleclick.net/ https://*.google.com/ https://*.google.co.in/ https://*.tataplay.com https://*.tatasky.com/ https://*.taboola.com/ https://secure.adnxs.com/ https://optimize.google.com https://www.gstatic.com/ https://aax-eu.amazon-adsystem.com https://app.easyling.com/ https://crest-dot-skawa-easyling.appspot.com/  https://*.googleusercontent.com/ https://*.ggpht.com/ https://sp.analytics.yahoo.com/ https://sokrati.g2afse.com/ https://tr.outbrain.com https://www.googletagmanager.com https://uat.tstatic.videoready.tv/ https://tstatic.videoready.tv/ data: blob:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://ssl.gstatic.com https://*.twitter.com/ https://*.twimg.com/ https://optimize.google.com https://anuvadak-wms.reverieinc.com https://avtstagecdn.blob.core.windows.net https://cdn.invitereferrals.com/ ; font-src 'self' https://*.tataplay.com https://*.tatasky.com/ https://tagmanager.google.com https://fonts.gstatic.com https://ssl.gstatic.com https://optimize.google.com data: ; frame-src 'self' tez: phonepe: paytmmp: upi: bytedance: https://*.juspay.in/ https://td.doubleclick.net https://*.g.doubleclick.net https://*.fls.doubleclick.net https://app.litmusworld.com https://www.youtube.com https://www.google.com/ https://uat.help.tatasky.com https://www.facebook.com/ https://*.twitter.com/ https://*.twimg.com/ https://www.ref-r.com/ https://player.vimeo.com/ https://payments.juspay.in/ https://optimize.google.com https://youtu.be/ https://docs.google.com/ https://d1r1tbvxnfd82x.cloudfront.net/ https://d2yjce5oayglmo.cloudfront.net/ https://uathelpchat.tataplay.com/ https://helpchat.tataplay.com/ https://gethelpuat2.tatasky.com/ https://help.tatasky.com/ https://public.releases.juspay.in/ data: blob:; object-src 'self' https://docs.google.com/ data: blob:; frame-ancestors https://*.tataplay.com https://*.tatasky.com ; 1
frame-ancestors 'self' https://*.rediredi.com 1
frame-ancestors 'self' *.primecredit.com *.primecredit.biz online.munroads.com 1
frame-ancestors 'self' *.scot.nhs.uk *.nhsgrampian.org *.nhslothian.scot hcaptcha.com *.hcaptcha.com *.nhsggc.org.uk msk.testing.nhsscotland.net; upgrade-insecure-requests; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report 1
default-src 'self' wct-2.com fonts.gstatic.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com assets.pinterest.com *.addthis.com www.facebook.com *.onetrust.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' wct-2.com code.jquery.com www.googletagmanager.com www.google-analytics.com assets.pinterest.com *.addthisedge.com connect.facebook.net *.onetrust.com bat.bing.com cdn.cookielaw.org stackpath.bootstrapcdn.com *.promocodesforyou.com *.addthis.com z.moatads.com cdnjs.cloudflare.com; connect-src 'self' wct-2.com cdn.cookielaw.org www.google-analytics.com stats.g.doubleclick.net *.onetrust.com; img-src * data:; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com stackpath.bootstrapcdn.com code.jquery.com maxcdn.bootstrapcdn.com;base-uri 'self';form-action 'self' wct-2.com www.facebook.com; 1
default-src 'self'; img-src 'self' https://* data: blob:; script-src 'self' https://* 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' https://* 'unsafe-inline' data: blob:; connect-src 'self' https://* data: blob:; font-src 'self' https://* data: blob:; frame-src 'self' https://* data: blob:; worker-src 'self' https://* data: blob:; 1
default-src 'self' http://www.escmid.org http://escmid.org *.eccmid.org *.escmid.org cookies.codered.net; script-src 'self' 'nonce-2crbuTMi8zaRwV4fbyBIe0W_1yY2s7H8kJnmRitTgIueg6D2DUUFww' data: https://*.openstreetmap.org http://www.escmid.org http://escmid.org *.eccmid.org *.escmid.org cookies.codered.net etrackingserver.de tags.tiqcdn.com 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.openstreetmap.org http://www.escmid.org http://escmid.org escmid.org *.eccmid.org *.escmid.org cookies.codered.net; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com http://www.escmid.org http://escmid.org *.eccmid.org *.escmid.org cookies.codered.net; style-src-elem 'self' 'nonce-2crbuTMi8zaRwV4fbyBIe0W_1yY2s7H8kJnmRitTgIueg6D2DUUFww' cookies.codered.net 'report-sample'; connect-src 'self' data: https://*.openstreetmap.org http://www.escmid.org http://escmid.org *.eccmid.org *.escmid.org cookies.codered.net etrackingserver.de tags.tiqcdn.com collect.tealiumiq.com; font-src 'self' data:; style-src 'self' http://www.escmid.org http://escmid.org *.eccmid.org *.escmid.org cookies.codered.net 'report-sample'; report-uri https://www.escmid.org/@http-reporting?csp=report&requestTime=1721956983645165 1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' code.jquery.com https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; 1
default-src data: google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com googleapis.com *.googleapis.com zencdn.net *.zencdn.net github.io *.github.io get.ga *.get.ga clnk.au *.clnk.au nelsonnet.com.au *.nelsonnet.com.au https://stats.g.doubleclick.net  https://fonts.gstatic.com  https://cdnjs.cloudflare.com https://fast.wistia.com https://maxcdn.bootstrapcdn.com https://fast.wistia.net https://embedwistia-a.akamaihd.net *.wistia.com *.wistia.net *.litix.io blob: inspectlet.com *.inspectlet.com survicate.com *.survicate.com https://cdn.datatables.net https://code.jquery.com https://cdn.jsdelivr.net google.com *.google.com gstatic.com *.gstatic.com cengageanz.h5p.com *.h5p.com 'self' 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://*.straitstimes.com https://*.businesstimes.com.sg https://*.zaobao.com.sg https://*.zaobao.com https://*.shinmin.sg https://*.wanbao.com.sg https://*.beritaharian.sg https://*.beritaharian.sg https://*.tamilmurasu.com.sg https://*.stproperty.sg https://newslink.sg https://*.sgsme.sg https://*.sphdigital.com; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.google.com *.facebook.com *.typekit.net *.twimg.com *.trustedshops.com *.bootstrapcdn.com https://db.onlinewebfonts.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.facebook.com https://funcaps.nl https://funcaps.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.twitter.com https://www.google.com https://www.facebook.com https://www.kiyoh.com *.meetanshi.com https://meetanshi.com https://www.googletagmanager.com/ www.facebook.com platform.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com https://cdn.clerk.io *.cloudflare.com *.google.com https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com https://cdn-icons-png.flaticon.com https://funcaps.nl https://funcaps.com *.meetanshi.com https://meetanshi.com flagpedia.net pinterest.com assets.pinterest.com syndication.twitter.com *.hsforms.net *.hsforms.com maps.gstatic.com https://www.magmodules.eu https://maps.googleapis.com https://icons.iconarchive.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cdninstagram.com www.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com https://api.clerk.io https://cdn.clerk.io https://cdnjs.cloudflare.com *.twitter.com *.google.com *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com https://instant.page https://custom.clerk.io 'unsafe-inline' https://static.cloudflareinsights.com https://storage.googleapis.com https://ajax.cloudflare.com https://funcaps.nl https://funcaps.com https://js-agent.newrelic.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googleoptimize.com cdnjs.cloudflare.com *.avada.io *.meetanshi.com maps.googleapis.com connect.facebook.net twitter.com platform.twitter.com https://polyfill.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://api.clerk.io https://cdn.clerk.io *.cloudflare.com *.twitter.com *.google.com *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google-analytics.com https://cdnjs.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.facebook.com https://www.kiyoh.com https://fonts.googleapis.com https://fonts.gstatic.com https://funcaps.nl https://funcaps.com *.cloudflare.com https://bam.eu01.nr-data.net http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.meetanshi.com www.gstatic.com maps.googleapis.com https://polyfill.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://c9925871-ff24-4fbd-b6d2-326666b8cdda.sansec.watch/; report-to report-endpoint; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 1
script-src 'self' https://cdn.segment.com/v1/projects/PiKDtYk0DbBsqt4zmWvRFZcv7JyKYqgQ/settings https://cdn.segment.com/analytics-next/bundles/* https://cdn.segment.com/next-integrations/integrations/* *.powerbi.com *.powerapps.com blob: consent.cookiebot.com fast.appcues.com js.hs-scripts.com snap.licdn.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com maps.googleapis.com maps.gstatic.com app.satismeter.com cdn.segment.com track.segment.com api.segment.io api.segment.com widget.reviews.io widget.trustpilot.com widget.intercom.io cdn.plaid.com js.intercomcdn.com connect.facebook.net *.payrix.com *.doubleclick.net *.kinsta.cloud *.hellosign.com *.withpersona.com consentcdn.cookiebot.com fullstory.com www.fullstory.com rs.fullstory.com edge.fullstory.com 'unsafe-inline' *.cloudfront.net *.youtube.com *.jquery.com *.cloudflare.com *.bootstrapcdn.com *.shipit-climbcredit.com *.cdn.apollographql.com *.visualwebsiteoptimizer.com *.vwo.com app.vwo.com *.climbcredit.com app.intercom.io;script-src-attr 'unsafe-inline' *.climbcredit.com;style-src 'self' data: https: 'unsafe-inline' *.climbcredit.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com;img-src 'self' data: q.quora.com assets.reviews.io *.intercomcdn.com *.intercomassets.com *.visualwebsiteoptimizer.com *.climbcredit.com www.facebook.com www.google.com www.googletagmanager.com www.google-analytics.com *.googleusercontent.com developers.google.com maps.gstatic.com *.linkedin.com *.adsymptotic.com *.kinsta.cloud *.imgur.com *.hellosign.com imgur.com *.gravatar.com *.squarespace-cdn.com *.boxcdn.net *.cdn.apollographql.com https://rs.fullstory.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com blob: uploads.intercomusercontent.com messenger-apps.intercom.io *.intercom-attachments-1.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com;prefetch-src 'self' cdn.plaid.com *.climbcredit.com cdn.segment.com *.vwo.com;connect-src 'self' cdn.segment.com track.segment.com api.segment.io api.segment.com *.vwo.com https://cdn.segment.com/v1/projects/PiKDtYk0DbBsqt4zmWvRFZcv7JyKYqgQ/settings https://cdn.segment.com/analytics-next/bundles/* https://cdn.segment.com/next-integrations/integrations/* *.powerbi.com *.powerapps.com *.visualwebsiteoptimizer.com app.vwo.com *.climbcredit.com api.segment.io api.segment.com www.google-analytics.com rs.fullstory.com https://edge.fullstory.com app.satismeter.com api.reviews.co.uk stats.g.doubleclick.net api.reviews.io *.intercom.io *.cloudfront.net *.hellosign.com *.kinsta.cloud *.plaid.com wss://*.intercom.io wss://api.appcues.net *.shipit-climbcredit.com uploads.intercomcdn.com uploads.intercomusercontent.com;frame-src 'self' blob: *.powerbi.com *.powerapps.com consentcdn.cookiebot.com www.youtube.com www.google.com www.facebook.com *.hellosign.com *.withpersona.com *.plaid.com *.payrix.com *.doubleclick.net *.outgrow.us *.google.com *.trustpilot.com *.typeform.com *.climbcredit.com app.vwo.com *.visualwebsiteoptimizer.com https://sandbox.embed.apollographql.com/ https://withpersona.com/ https://intercom-sheets.com https://www.intercom-reporting.com;object-src 'self' *.climbcredit.com;manifest-src *.cdn.apollographql.com *.climbcredit.com *.vwo.com;worker-src 'self' blob: https://intercom-sheets.com https://www.intercom-reporting.com;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-src 'self' https://tol-app-prod.firebaseapp.com/ https://tol-app-82e72.firebaseapp.com/ https://googleads.g.doubleclick.net/ https://*.google.com/ https://*.googlesyndication.com/ https://www.youtube.com/ https://api.pay.jp/ https://js.pay.jp/ https://js.stripe.com/; frame-ancestors 'self'; img-src 'self' data: https:; object-src 'none'; script-src 'self' https://*.googlesyndication.com/ https://*.googleadservices.com/ https://adservice.google.co.in/ https://adservice.google.co.jp/ https://adservice.google.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://apis.google.com/ https://*.pay.jp/ https://*.stripe.com/ 'unsafe-eval' 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' https://*.google.com/ https://*.google.co.jp/ https://*.googleadservices.com/ https://www.googletagmanager.com/ https://*.googlesyndication.com/ https://www.google-analytics.com/ https://vercel.live/ https://*.pay.jp/ https://*.stripe.com/ https://cdnjs.cloudflare.com/ 'unsafe-inline' 'unsafe-eval'; worker-src blob:; child-src blob:; connect-src 'self' https://*.tol-app.jp https://*.googleapis.com/ https://*.gstatic.com/ https://*.googlesyndication.com/ https://www.google-analytics.com/ https://*.sentry.io/ https://*.pay.jp/; style-src 'self' https: 'unsafe-inline'; style-src-elem 'self' http://fonts.googleapis.com https: 'unsafe-inline'; upgrade-insecure-requests ; 1
frame-ancestors 'self' *.kpcu.com *.zagclients.net 1
script-src 'nonce-4i1FhDYgm+g0ywXi0ciBGiUpc7M=' 'unsafe-inline' 'strict-dynamic' https: http:; object-src 'none'; 1
default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' *.fastcdn.co i.liadm.com a.usbrowserspeed.com a.remarketstats.com *.instapage.com *.instapagemetrics.com cdnjs.cloudflare.com *.6sense.com tracking.intentsify.io *.cloudfront.net https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com *.clarity.ms *.oribi.io *.marketo.com *.statcounter.com code.jquery.com cdn.amcharts.com player.vimeo.com www.google-analytics.com googleads.g.doubleclick.net snap.licdn.com j.6sc.co trk.techtarget.com *.secureprivacy.ai app.secureprivacy.ai a.omappapi.com cdn.jsdelivr.net www.googletagmanager.com match.prod.bidr.io *.google.com *.hotjar.com *.hotjar.io *.marketo.net *.linkedin.com *.googleapis.com d26x5ounzdjojj.cloudfront.net *.3pillarglobal.com p.adsymptotic.com secure.gravatar.com com-thebigwillow-prod1.collector.snplow.net secure.adnxs.com c.6sc.co *.googleadservices.com; connect-src 'self' *.fastcdn.co *.instapage.com *.instapagemetrics.com *.6sense.com *.ads.linkedin.com *.statcounter.com *.clarity.ms *.techtarget.com *.oribi.io *.google.com *.marketo.com *.6sc.co maps.googleapis.com secure.adnxs.com com-thebigwillow-prod1.collector.snplow.net secure.adnxs.com *.googleadservices.com yoast.com *.hotjar.com *.g.doubleclick.net *.mktoresp.com *.secureprivacy.ai api-prod.secureprivacy.ai *.google-analytics.com googleads.g.doubleclick.net soundcloud.com ws:; font-src 'self' https://fonts.gstatic.com fonts.googleapis.com fonts.gstatic.com data:; img-src 'self' *.fastcdn.co *.instapage.com cnv.event.prod.bidr.io *.6sense.com *.instapagemetrics.com *.cloudfront.net *.marketo.com https://www.google.ro https://www.google-analytics.com https://www.googletagmanager.com blob: *.clarity.ms *.oribi.io https://optimize.google.com c.statcounter.com s.w.org code.jquery.com maps.gstatic.com cdn.amcharts.com *.secureprivacy.ai app.secureprivacy.ai *.google.co.in *.google.com cdn.jsdelivr.net *.3pillarglobal.com b.6sc.co *.linkedin.com soundcloud.com apt.techtarget.com *.google-analytics.com secure.gravatar.com p.adsymptotic.com data:; style-src 'unsafe-inline' http: https:; frame-src 'self' *.apple.com *.soundcloud.com *.clarity.ms *.oribi.io td.doubleclick.net *.cloudfront.net *.marketo.com https://optimize.google.com www.youtube.com www.slideshare.net vars.hotjar.com *.hotjar.io *.g.doubleclick.net *.3pillarglobal.com player.vimeo.com *.6sense.com *.libsyn.com *.secureprivacy.ai; object-src 'none'; base-uri 'self'; frame-ancestors 'self' 3pillarglobal.showpad.com 3pillarglobal.showpad.biz; 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: mailto:; img-src * 'self' data: https:; 1
default-src 'self' 'unsafe-inline' images-2.partnerportal.ionos.de 1
default-src 'self'; connect-src 'self' *.nr-data.net https://*.go-mpulse.net www.googletagmanager.com *.google-analytics.com https://*.akstat.io https://csp.withgoogle.com https://maps.googleapis.com *.nanorep.co *.nanorep.com *.monsido.com https://*.nr-data.net https://shyrka-prod-usw2.s3.us-west-2.amazonaws.com https://*.newrelic.com https://*.usw2.pure.cloud wss://*.usw2.pure.cloud *.weglot.com cdn-api-weglot.com *.qualtrics.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com; frame-src 'self' https://cse.google.com https://www.googletagmanager.com https://calendar.google.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.com *.tableau.com *.arcgis.com https://app.powerbi.us https://app.powerbigov.us https://*.usw2.pure.cloud *.qualtrics.com https://public.tableau.com https://iwddata.iwd.iowa.gov https://data.iowa.gov; img-src 'self' data: https: *.nr-data.net *.google.com www.googletagmanager.com *.qualtrics.com; object-src 'self' https://*.usw2.pure.cloud; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.nr-data.net https://*.go-mpulse.net https://cse.google.com https://googletagmanager.com https://js-agent.newrelic.com https://tagmanager.google.com https://www.google.com https://www.googletagmanager.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.com *.nanorep.co https://*.google.com https://*.newrelic.com https://*.usw2.pure.cloud *.weglot.com cdn-api-weglot.com *.qualtrics.com https://cdnjs.cloudflare.com https://unpkg.com public.tableau.com nonce-uLr-AyDqKp2aKUu0-I1J1w; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com *.google.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.co *.nanorep.com https://partner.googleadservices.com https://maps.googleapis.com https://*.usw2.pure.cloud *.weglot.com cdn-api-weglot.com https://js-agent.newrelic.com https://s.go-mpulse.net *.qualtrics.com https://cdnjs.cloudflare.com https://cse.google.com https://unpkg.com public.tableau.com; style-src 'self' 'unsafe-inline' *.google.com www.googletagmanager.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.co *.nanorep.com https://fonts.googleapis.com *.weglot.com cdn-api-weglot.com *.qualtrics.com cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
default-src *.albeda.nl 'self'; base-uri 'self'; connect-src *.google-analytics.com 'unsafe-inline' 'self'; img-src *.google-analytics.com 'self'; font-src *.gstatic.com 'self'; frame-src www.youtube.com player.vimeo.com 'self'; frame-ancestors 'self'; form-action 'self'; media-src www.youtube.com player.vimeo.com vod-progressive.akamaized.net 'self'; script-src *.googletagmanager.com albeda.livecom.net cdn.jsdelivr.net 'unsafe-inline' *.albeda.nl 'self'; style-src albeda.livecom.net *.googleapis.com 'unsafe-inline' *.albeda.nl 'self' 1
frame-src 'self' https://*.opekepe.gr;  frame-ancestors 'self' https://*.opekepe.gr;  object-src 'self';  form-action 'self' https://www1.gsis.gr;  manifest-src 'self';  base-uri 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' irs.tools.investis.com js-agent.newrelic.com otp.tools.investis.com www.googletagmanager.com www.google-analytics.com r1.dotdigital-pages.com cdn.cookielaw.org api.reciteme.com code.jquery.com www.youtube.com connect.facebook.net snap.licdn.com; style-src 'self' 'unsafe-inline' api.tiles.mapbox.com api.reciteme.com cdn.cookielaw.org; img-src 'self' data: pbs.twimg.com blob: api.mapbox.com api.reciteme.com www.google.com www.google.co.uk www.google.co.im cdn.cookielaw.org www.google-analytics.com www.google.co.in px.ads.linkedin.com; font-src 'self' data: api.reciteme.com; connect-src 'self' api.mapbox.com events.mapbox.com *.google-analytics.com stats.g.doubleclick.net api.reciteme.com stats.reciteme.com cdn.cookielaw.org *.onetrust.com bam.nr-data.net px.ads.linkedin.com; media-src 'self' api.reciteme.com; object-src 'none'; frame-src 'self' irs.tools.investis.com r1.dotdigital-pages.com otp.tools.investis.com www.youtube.com; worker-src blob:; form-action 'self' r1.ddlnk.net landsec.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self' 1
upgrade-insecure-requests; frame-ancestors 'self'; report-uri https://tuclothing.sainsburys.co.uk/csp-report 1
default-src 'self'; media-src http://videos.ctfassets.net/ images.sparhandy.de; script-src bat.bing.com/ eu.b2c.com/ https://fonts.gstatic.com/ https://tr.outbrain.com/ https://www.adcell.de https://*.abtasty.com/ https://*.adform.net/ https://*.amazon-adsystem.com/ https://ad.doubleclick.net https://aggregator.service.usercentrics.eu/ https://amplify.outbrain.com/ https://analytics.tiktok.com/ https://api.aklamio.com https://api.fraud0.com/ https://api.usercentrics.eu/ https://app.usercentrics.eu/ https://bt.fraud0.com/api/ https://cdn.parcellab.com/ https://cdn.taboola.com https://connect.facebook.net https://*.criteo.com/ https://*.criteo.net/ https://googleads.g.doubleclick.net/ https://iframe.duverkaufst.de https://jsctool.com https://middleware.sparhandy.de/ https://p.teads.tv/ https://pagead2.googlesyndication.com/ https://script.hotjar.com https://secure.pay1.de https://static.hotjar.com https://t.adcell.com/ https://trc.taboola.com/ https://wave.outbrain.com/ https://widget.msgp.pl/ https://widgets.trustedshops.com/ https://www.dwin1.com/ https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com/ https://www.googletagservices.com/ https://www.high-mobile.de/ https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ 'self' 'unsafe-eval' 'unsafe-inline' ws: wss: www.googleadservices.com/pagead/; img-src 'self' data: * editor-assets.abtasty.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ws: * wss: * https://jsctool.com; font-src https://common-fonts.abtasty.com https://script.hotjar.com https://secure.pay1.de https://themes.googleusercontent.com 'self'; frame-src 'self' ws: * wss: * https://app.usercentrics.eu/ https://cdn.parcellab.com/; frame-ancestors 'self' https://app.contentful.com; object-src 'self'; connect-src *.abtasty.com https://aggregator.service.usercentrics.eu/ https://api.usercentrics.eu/ https://app.usercentrics.eu/ https://cdn.parcellab.com/ https://widget.msgp.pl/ https://widgets.trustedshops.com/ https://www.googletagmanager.com/ 'self' ws: * wss: *; 1
policy-uri /'none' 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self' www.google.com; upgrade-insecure-requests ; connect-src 'self' https://salesiq.zohopublic.eu https://appvizer.one https://ariadne.appvizer.one https://region1.analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net wss: ; default-src 'none'; font-src 'self' https://fonts.gstatic.com https://css.zohocdn.com; frame-src 'self' https://www.google.com https://consentcdn.cookiebot.com https://www.youtube-nocookie.com ; img-src 'self' https://www.google.fr https://www.google.com https://fonts.gstatic.com https://eolia-software.com/ data: https://imgsct.cookiebot.com https://www.google-analytics.com https://i.ytimg.com; object-src 'none'; script-src 'self' 'unsafe-eval'; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://consent.cookiebot.com https://www.googletagmanager.com https://appvizer.one https://salesiq.zoho.eu https://js.zohocdn.com https://css.zohocdn.com https://www.google-analytics.com https://css.zohocdn.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' https://cdnjs.cloudflare.com 'unsafe-inline' https://css.zohocdn.com; worker-src 'self' blob:; 1
frame-ancestors 'self' control.motionpoint.com/ iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ https://www.next.sa 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-JDGNvNd2S0rWO4hiQ8bpeQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' teams.microsoft.com; script-src 'self' cdn.rudderlabs.com 1
default-src 'none';media-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com;img-src 'self' * data: blob:;frame-src 'self' *;font-src 'self';connect-src 'self' *;form-action 'self' *;manifest-src 'self' 1
default-src 'self' https://*.synlab-marketing.com https://*.synlab.fr/ https://synlab.fr.ddev.ddev.site/ https://use.fontawesome.com https://maps.gstatic.com https://maps.googleapis.com https://fonts.gstatic.com https://*.google-analytics.com/ https://stats.g.doubleclick.net/ https://*.analytics.google.com/; script-src 'nonce-34d5645ae44434f' https://*.synlab-marketing.com https://*.synlab.fr/ https://synlab.fr.ddev.ddev.site/ https://maps.googleapis.com https://www.googletagmanager.com/ https://www.google-analytics.com/; style-src 'self' 'unsafe-inline' https://*.synlab-marketing.com https://*.synlab.fr/ https://synlab.fr.ddev.ddev.site/ https://fonts.googleapis.com; frame-src https://*.vimeo.com; img-src data: https://*.gstatic.com https://*.googleapis.com/ https://*.ggpht.com/ https://*.synlab-marketing.com https://*.synlab.fr/ https://synlab.fr.ddev.ddev.site/ https://*.google.de/ https://*.google.com/ https://*.google-analytics.com/ https://*.analytics.google.com/; frame-ancestors 'self' https://*.synlab.fr/ https://*.synlab.com/; 1
base-uri 'none'; default-src 'self' https://accesso.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://p.adsymptotic.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://api.greenhouse.io/v1/boards/accesso/embed/departments blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://edge.marker.io https://analytics.google.com https://app.marker.io https://cdn.cookielaw.org https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://code.jquery.com https://edge.marker.io https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://marker.io https://pi.pardot.com https://secure.agileenterpriseintelligence.com https://snap.licdn.com https://stackpath.bootstrapcdn.com https://www.google-analytics.com https://www.googletagmanager.com https://api.greenhouse.io/v1/boards/accesso/embed/departments https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://accesso.us11.list-manage.com/subscribe/post-json https://js.hs-scripts.com/45049552.js https://www.google.com/recaptcha/api.js https://js.zi-scripts.com/zi-tag.js https://js.zi-scripts.com https://js.hs-analytics.net/analytics/ https://js.hs-banner.com/v2/45049552/banner.js https://js.hscollectedforms.net/collectedforms.js https://js.hsforms.net/ https://tags.clickagy.com https://www.gstatic.com/recaptcha/releases/KXX4ARWFlYTftefkdODAYWZh/recaptcha__en.js https://www.gstatic.com https://documentservices.adobe.com/view-sdk/3.27.1_3.2.4-b4b0ecd5/ViewSDKInterface.js https://www.recaptcha.net/recaptcha/api.js https://www.google.com/recaptcha/ *.hubspot.com *.hsforms.com blob:; style-src 'self' 'unsafe-inline' https://accesso.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cloud.typography.com https://code.jquery.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://www.googletagmanager.com; img-src 'self' https://accesso.com https://www.accesso.com https://www.google-analytics.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.google.com https://www.googletagmanager.com https://fonts.gstatic.com https://privacy-policy.truste.com https://media.marker.io https://app.marker.io https://edge.marker.io https://scontent-sin6-4.cdninstagram.com https://cdn.cookielaw.org/ https://forms.hsforms.com/embed/ https://forms-na1.hsforms.com/ *.hubspot.com blob: data:; connect-src 'self' https://analytics.google.com https://api.marker.io https://ssr.marker.io https://s3.eu-west-1.amazonaws.com/marker.sessions.prod https://cdn.cookielaw.org https://geolocation.onetrust.com https://idx.liadm.com https://privacyportal.onetrust.com https://ssr.marker.io https://stats.g.doubleclick.net https://www.googletagmanager.com https://api.greenhouse.io/v1/boards/accesso/embed/departments https://www.google-analytics.com https://js.zi-scripts.com/unified/ https://forms.hscollectedforms.net/collected-forms/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://forms.hsforms.com https://aorta.clickagy.com https://hemsync.clickagy.com *.hubspot.com *.hsforms.com https://ws.zoominfo.com; font-src 'self' https://app.marker.io https://cloud.typography.com https://edge.marker.io https://fonts.gstatic.com https://fonts.googleapis.com https://use.fontawesome.com data:; media-src https://media.marker.io https://app.marker.io https://edge.marker.io; frame-src 'self' https://bid.g.doubleclick.net https://hello.accesso.com/ https://app.marker.io https://player.vimeo.com/ https://polaris.brighterir.com https://www.youtube.com https://td.doubleclick.net/ https://forms.hsforms.com/ https://hemsync.clickagy.com https://www.google.com/ https://www.recaptcha.net/ *.hubspot.com *.hsforms.com; child-src https://app.marker.io; form-action 'self' https://forms.hsforms.com/ https://app.marker.io https://api.marker.io https://www.accesso.com https://accqa.test.vmgdev.com *.hsforms.com *.hubspot.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.stage.eventit.de *.eventit.de blob:; media-src 'self' 'unsafe-inline' 'unsafe-eval' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.stage.eventit.de *.eventit.de *.akamaized.net *.cloudfront.net dist-vid-blaze.s3.eu-central-1.amazonaws.com *.vimeocdn.com vimeo.com data.w52.com data: blob:; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.walls.io walls.io *.slidesync.com slidesync.com *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.webcast-eqs.com export.highcharts.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com dist-vid-blaze.s3.eu-central-1.amazonaws.com *.vimeocdn.com vimeo.com data.w52.com blob: data:; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io blob:; child-src 'self' *.youtube.com *.youtube-nocookie.com *.walls.io walls.io *.slidesync.com slidesync.com *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com blob: data:; style-src 'self' 'unsafe-inline' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com; font-src 'self' data: *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pusher.com walls.io *.walls.io *.slidesync.com *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com dist-vid-blaze.s3.eu-central-1.amazonaws.com *.vimeocdn.com vimeo.com *.youtube.com data.w52.com blob:; img-src 'self' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.stage.eventit.de *.vimeocdn.com vimeo.com *.youtube.com *.ytimg.com data.w52.com data data:; object-src 'self' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com; connect-src 'self' ws: *.pusher.com *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.akamaized.net dist-vid-blaze.s3.eu-central-1.amazonaws.com *.cloudfront.net *.vimeocdn.com vimeo.com data.w52.com blob:; frame-ancestors 'self' file://* social.cloud.tbintra.net *.daimlertruck.com *.mercedes-benz-trucks.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.gogulfwinds.com api.glia.com *.glia.com cdn.jsdelivr.net cdnjs.cloudflare.com cds-sdkcfg.onlineaccess1.com connect.facebook.net facebook.com *.facebook.com googleads.g.doubleclick.net *.doubleclick.net *.hotjar.com script.hotjar.com static.hotjar.com vc.hotjar.io wss://*.hotjar.com tags.srv.stackadapt.com google-analytics.com *.google-analytics.com google.com *.google.com googletagmanager.com gtm.com *.googletagmanager.com googleadservices.com *.googleadservices.com *.fontawesome.com  *.salemove.com *.googleapis.com *.gstatic.com wss://pubsub.salemove.com gulfwindscu.everfi-next.net *.everfi-next.net everfi-next.net *.cloudfront.net dn72ykomo3jiz.cloudfront.net *.paypalobjects.com *.paypal.com s2.adform.net *.adform.net updates.expressionengine.com *.expressionengine.com *.bat.bing.com bat.bing.com *.vimeo.com *.adsrvr.org ajax.cloudflare.com *.documatix.com; 1
frame-ancestors 'self' https://vimeo.com https://www.dailymotion.com https://www.youtube-nocookie.com https://static.sportresult.com https://racing-sro.liveresults.swisstiming.com; style-src 'self' fonts.googleapis.com p.typekit.net; img-src 'self' data: img.youtube.com www.gt-world-challenge-europe.com www.sro-motorsports.com; font-src fonts.gstatic.com use.typekit.net; manifest-src 'self'; media-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.sportresult.com https://tagmanager.google.com https://www.googletagmanager.com https://racing-sro.liveresults.swisstiming.com; object-src 'none' 1
default-src 'self' *.saptco.com.sa *.oppwa.com *.mastercard.com ;              font-src 'self' data: fonts.gstatic.com *.googleapis.com ;              img-src * data: ;              style-src 'self' 'unsafe-inline' *.oppwa.com ppipe.net *.ppipe.net ;              script-src 'self' 'unsafe-inline' 'unsafe-eval' platform.twitter.com https://localhost *.googletagmanager.com *.google-analytics.com *.google.com *.saptco.com.sa saptco.com.sa *.googleapis.com *.gstatic.com https://www.gstatic.com code.jquery.com *.oppwa.com oppwa.com ppipe.net *.ppipe.net;              frame-src 'self' *.twitter.com https://www.youtube.com/ youtube.com  *.google.com *.saptco.com.sa saptco.com.sa *.oppwa.com *.mastercard.com *.ppipe.net ppipe.net oppwa.com ppipe.net *.ppipe.net ;              frame-ancestors 'self'  *.google.com *.saptco.com.sa *.oppwa.com *.mastercard.com mtf.gateway.mastercard.com saptco.com.sa https://mtf.gateway.mastercard.com ppipe.net oppwa.com *.ppipe.net ;              connect-src 'self' localhost *.google-analytics.com stats.g.doubleclick.net *.google.com *.saptco.com.sa saptco.com.sa *.oppwa.com *.googleapis.com ppipe.net *.ppipe.net ;              style-src-elem 'self' 'unsafe-inline' *.google.com *.saptco.com.sa saptco.com.sa *.oppwa.com *.googleapis.com oppwa.com ppipe.net *.ppipe.net ; 1
"default-src 'self' *.gezondheid.be;" 1
default-src 'none';style-src 'self' 'unsafe-inline' hello.myfonts.net;img-src 'self' data: *.googleapis.com;frame-src 'self' *.google.com *.youtube.com;manifest-src 'self';script-src 'self' 'unsafe-inline' *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.cloudflareinsights.com ;font-src 'self';connect-src 'self' *.google-analytics.com;media-src 'self' blob: 1
default-src * data: 'unsafe-eval' 'unsafe-inline' *.evergage.com *.evgnet.com cdn.evergage.com *.criteo.com unpkg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' google-analytics.com *.google-analytics.com googleapis.com *.googleapis.com google.com *.google.com gstatic.com *.gstatic.com facebook.net *.facebook.net facebook.com *.facebook.com cloudflareinsights.com *.cloudflareinsights.com addtoany.com *.addtoany.com *.cloudflare.com cloudflare.com *.googletagmanager.com googletagmanager.com *.bootstrapcdn.com bootstrapcdn.com *.bing.com bing.com *.licdn.com licdn.com *.crazyegg.com crazyegg.com *.clarity.ms clarity.ms *.dynamic.criteo.com dynamic.criteo.com *.sslwidget.criteo.com sslwidget.criteo.com *.criteo.com/* pi.pardot.com js-agent.newrelic.com static.hotjar.com script.hotjar.com info.flexcarestaff.com bam.nr-data.net cdn.evgnet.com flexcarestaffing.us-7.evergage.com *.googleadservices.com *.flexcarestaffing.us-7.evergage.com cdn.evergage.com *.cloudflareinsights.com unpkg.com *.greenhouse.io *.resonate.com *.reson8.com *.criteo.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.mydccu.com *.adobedtm.com *.demdex.net *.omtrdc.net *.everesttech.net unpkg.com *.fontawesome.com *.googleapis.com *.facebook.com *.linkedin.com *.adobeaemcloud.com *.day.com *.gstatic.com *.formstack.com *.calcxml.com *.youtube.com *.google.com *.cloudflare.com *.adobeaemcloud.com.seg.js *.adobe.com *.adobe.io *.googletagmanager.com *.google-analytics.com *.ellieservices.com *.docusign.net *.docusign.com *.ellielabs.com https://widget.ellieservices.com/latest/launcher.js https://na3.docusign.net https://na.account.docusign.com https://d21y75miwcfqoq.cloudfront.net; img-src 'self' data: *.mydccu.com *.adobedtm.com *.demdex.net *.omtrdc.net *.everesttech.net unpkg.com *.fontawesome.com *.googleapis.com *.facebook.com *.linkedin.com *.adobeaemcloud.com *.day.com *.gstatic.com *.formstack.com *.calcxml.com *.youtube.com *.google.com *.cloudflare.com *.adobeaemcloud.com.seg.js *.adobe.com *.adobe.io *.googletagmanager.com *.google-analytics.com *.ellieservices.com *.docusign.net *.docusign.com *.ellielabs.com https://widget.ellieservices.com/latest/launcher.js https://na3.docusign.net https://na.account.docusign.com https://d21y75miwcfqoq.cloudfront.net 1
frame-ancestors 'self'; object-src 'self' https://on-site.com https://*.on-site.com https://*.realpage.com; report-uri /pub/csp_reports 1
default-src 'self'; object-src 'self' https://evul.ee; connect-src 'self' data: https://kaart.ir.ee https://scorestorybook.ee *.openstreetmap.org *.analytics.google.com  *.ssb.ee *.webpushr.com *.unsplash.com *.pexels.com *.doubleclick.net *.google-analytics.com https://vc.hotjar.io:* https://in.hotjar.com/api/v2/client/sites/1684639/visit-data https://stats.g.doubleclick.net/j/collect https://www.google-analytics.com/j/collect https://maps.googleapis.com; font-src 'self' data: *.bootstrapcdn.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://vars.hotjar.com https://www.google.com; img-src 'self' * *.ee blob: data: https://secure.gravatar.com/avatar/ https://images.unsplash.com https://googleads.g.doubleclick.net https://static.ssb.ee https://www.google-analytics.com https://www.google.com https://www.google.ee; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://pistik.ssb.ee https://ssb.ee https://www.gstatic.com *.webpushr.com *.googleapis.com *.googleadservices.com *.google.ee https://*.hotjar.com https://www.googleadservices.com/pagead/conversion_async.js https://*.gstatic.com https://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js https://cdnjs.cloudflare.com/ajax/libs/jqcloud/1.0.4/jqcloud-1.0.4.min.js https://static.hotjar.com/c/hotjar-1684639.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/1p-conversion/692627918/ https://www.google.com/pagead/conversion_async.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/6pQzWaE1NP-gB4FrqRViKjM-/recaptcha__en.js; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.gstatic.com https://fonts.googleapis.com/ https://use.fontawesome.com/releases/v5.7.2/css/; frame-ancestors 'self'; base-uri 'self'; form-action 'self' https://*.maksekeskus.ee https://kreedix.ee https://group.kreedix.ee; report-uri https://62557e0a851a6e55b76236d0.endpoint.csper.io/?v=3; 1
default-src 'self' data: *.googlesyndication.com *.doubleclick.net *.google.com *.fontawesome.com botbuilder.labiba.ai *.googleadservices.com bsf.labibabot.com *.euroland.com *.eurolandir.com *.snapchat.com *.youtube.com *.sharethis.com *.gstatic.com *.google.com *.cloudflare.com *.googleapis.com *.googlecode.com *.facebook.com *.googletagmanager.com *.linkedin.com;        script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.sc-static.net sc-static.net *.snapchat.com *.tiktok.com *.ibytedtos.com *.google.com *.google.com.lb *.googlesyndication.com *.bizographics.com *.googleapis.com *.jquery.com bsf.labibabot.com *.labiba.ai *.sc-static.net *.googleadservices.com *.euroland.com *.eurolandir.com *.twitter.com *.ads-twitter.com *.cloudflare.com *.sharethis.com *.gstatic.com *.google-analytics.com *.googleapis.com *.facebook.net *.modulusglobal.com *.googletagmanager.com *.licdn.com *.doubleclick.net *.linkedin.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com *.tagmanager.google.com *.googleapis.com *.labiba.ai *.fontawesome.com *.googleapis.com *.cloudflare.com *.sharethis.com *.modulusglobal.com;      connect-src 'self' *.googlesyndication.com *.linkedin.oribi.io *.teads.tv *.snapchat.com *.tiktok.com *.doubleclick.net *.google.com *.facebook.com *.labibabot.com *.sharethis.com *.google.com *.vimeo.com *.google-analytics.com *.googleapis.com  *.gstatic.com *.googletagmanager.com *.linkedin.com; img-src 'self' data: *; 1
frame-ancestors 'self' twitter.com t.co;block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.ep-mimecast.ads-twitter.com https://*.marketo.com https://analytics.twitter.com https://assets.pinterest.com https://apis.google.com https://ajax.googleapis.com https://cdn.syndication.twimg.com https://connect.facebook.net https://code.jquery.com https://en.twitter.com https://graph.facebook.com https://googletagmanager.com https://google-analytics.com https://js.facebook.com https://kit.fontawesome.com https://m.youtube.com https://munchkin.marketo.net https://platform.twitter.com https://static.ads-twitter.com https://ssl.google-analytics.com https://t.co https://tagmanager.google.com https://use.fontawesome.com https://vrmgr.worketc.com https://www.youtube.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://www.google.com;style-src 'self' 'report-sample' 'unsafe-inline' *.fontawesome.com *.marketo.com *.marketo.net ajax.googleapis.com code.jquery.com fonts.googleapis.com platform.twitter.com ton.twimg.com tagmanager.google.com www.googletagmanager.com;object-src 'none';child-src 'self' *.facebook.com connect.facebook.net platform.twitter.com www.youtube.com www.googletagmanager.com;base-uri 'self';form-action 'self' *.facebook.com *.twitter.com connect.facebook.net;worker-src 'self'; 1
default-src 'self' 'unsafe-inline' https://*.wistia.com https://*.wistia.net weightmanslivecdn.azureedge.net; frame-src *.weightmans.com weightmans.email *.google.com static.addtoany.com cdn.yoshki.com *.youtube.com *.youtube-nocookie.com *.libsyn.com *.soundcloud.com chatbot.wearegabba.com *.addthis.com *.googletagmanager.com *.slideshare.net dev-weightmans.neotalogic.com weightmans.neotalogic.com weightmans.outgrow.us gateway.id.swg.umbrella.com; script-src 'self' 'unsafe-inline' 'inline-speculation-rules' *.azure.com *.visualstudio.com blob: 'unsafe-eval' www.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.wistia.com *.wistia.net gateway.id.swg.umbrella.com dyv6f9ner1ir9.cloudfront.net https://src.litix.io static.addtoany.com *.juicer.io cookiehub.net *.cookiehub.net cookiehub.com *.cookiehub.com stats.g.doubleclick.net *.gstatic.com *.cloudflare.com app.everviz.com d2hywq2hljgss4.cloudfront.net widget.ubisend.io clarity.microsoft.com clarity.ms plausible.io cdn.yoshki.com www.clarity.ms *.addthis.com *.addtoany.com *.cdnjs.cloudflare.com/ajax/libs/hammer.js/ weightmanslivecdn.azureedge.net jsdelivr.net cdn.jsdelivr.net; connect-src 'self' 'unsafe-inline' *.azure.com *.visualstudio.com cookiehub.com *.cookiehub.com cookiehub.net *.cookiehub.net analytics.nyltx.com embedwistia-a.akamaihd.net *.wistia.com *.wistia.net *.litix.io fg8vvsvnieiv3ej16jby.litix.io *.juicer.io wss://localhost:* analytics.google.com *.google-analytics.com *.analytics.google.com *.doubleclick.net plausible.io *.clarity.ms weightmanslivecdn.azureedge.net cdnjs.cloudflare.com cdn.jsdelivr.net cdn.yoshki.com *.googletagmanager.com static.addtoany.com *.googleapis.com o356983.ingest.sentry.io we-are-gabba-bot-server.ubisendaws.com wss://we-are-gabba-bot-server.ubisendaws.com we-are-gabba-api.ubisend.io; style-src 'self' 'unsafe-inline' blob: cookiehub.net *.cookiehub.net cookiehub.com *.cookiehub.com fonts.googleapis.com *.juicer.io *.cloudflare.com https://fast.wistia.com widget.ubisend.io weightmansstagingcdn.azureedge.net weightmanslivecdn.azureedge.net WeightmansStagingMediaCDN.azureedge.net; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com *.juicer.io https://*.wistia.com weightmansstagingcdn.azureedge.net weightmanslivecdn.azureedge.net WeightmansStagingMediaCDN.azureedge.net; img-src 'self' 'unsafe-inline' data: *.juicer.io gateway.id.swg.umbrella.com media.licdn.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net pbs.twimg.com maps.gstatic.com maps.googleapis.com *.google-analytics.com *.analytics.google.com uniform.azureedge.net *.doubleclick.net *.google.com *.google.co.uk *.cdninstagram.com *.instagram.com *.fbcdn.net cdn.yoshki.com we-are-gabba-pulse-assets.s3.eu-west-2.amazonaws.com *.clarity.ms c.bing.com *.umbraco.com weightmansstagingcdn.azureedge.net weightmanslivecdn.azureedge.net WeightmansStagingMediaCDN.azureedge.net; media-src 'self' blob: https://*.wistia.com 1
frame-ancestors sevenhub.id 1
frame-ancestors 'self' shop.staging.bitocloud.net shop.bito.com 1
frame-ancestors 'self' *.autodesk.com *.bluesnap.com; 1
default-src https://*;                        script-src 'unsafe-inline' https://* 'unsafe-eval' https://*.roberts.edu;                        style-src 'unsafe-inline' https://tags.srv.stackadapt.com https://*.nes.edu https://*.roberts.edu https://stackpath.bootstrapcdn.com/ https://kit-free.fontawesome.com https://maxcdn.bootstrapcdn.com https://www.google.com/cse https://fonts.googleapis.com https://use.fontawesome.com https://api2.libanswers.com https://bbox.blackbaudhosting.com/ https://code.jquery.com/ https://widgets.ebscohost.com https://support.ebscohost.com https://cdn.jsdelivr.net https://www.lightboxcdn.com/ https://accounts.google.com/;     img-src 'self' data: * 1
frame-ancestors 'self' airporttransfer.com *.airporttransfer.com 1
frame-ancestors 'self' http://pardot.com https://pardot.com http://*.pardot.com https://*.pardot.com http://preview.pardot.com https://preview.pardot.com http://*.preview.pardot.com https://*.preview.pardot.com http://pi.pardot.com https://pi.pardot.com http://*.pi.pardot.com https://*.pi.pardot.com http://embedded.pardot.com https://embedded.pardot.com http://*.embedded.pardot.com https://*.embedded.pardot.com http://pi.demo.pardot.com https://pi.demo.pardot.com http://*.pi.demo.pardot.com https://*.pi.demo.pardot.com http://embedded.demo.pardot.com https://embedded.demo.pardot.com http://*.embedded.demo.pardot.com https://*.embedded.demo.pardot.com http://preview.demo.pardot.com https://preview.demo.pardot.com http://*.preview.demo.pardot.com https://*.preview.demo.pardot.com http://debug.pardot.com https://debug.pardot.com http://*.debug.pardot.com https://*.debug.pardot.com http://debug-preview.pardot.com https://debug-preview.pardot.com http://*.debug-preview.pardot.com https://*.debug-preview.pardot.com http://salesforce.com https://salesforce.com http://*.salesforce.com https://*.salesforce.com http://t.salesforce.com https://t.salesforce.com http://*.t.salesforce.com https://*.t.salesforce.com http://gs0.salesforce.com https://gs0.salesforce.com http://*.gs0.salesforce.com https://*.gs0.salesforce.com http://my.salesforce.com https://my.salesforce.com http://*.my.salesforce.com https://*.my.salesforce.com http://*.my.salesforce.com https://*.my.salesforce.com http://visual.force.com https://visual.force.com http://*.visual.force.com https://*.visual.force.com http://*.visual.force.com https://*.visual.force.com http://*.visualforce.com https://*.visualforce.com http://*.force.com https://*.force.com http://b2bmktg.com https://b2bmktg.com http://*.b2bmktg.com https://*.b2bmktg.com http://*.cloudforce.com https://*.cloudforce.com http://pardot.force.com https://pardot.force.com http://*.pardot.force.com https://*.pardot.force.com http://demo.pardot.force.com https://demo.pardot.force.com http://*.demo.pardot.force.com https://*.demo.pardot.force.com http://embedded.pardot.force.com https://embedded.pardot.force.com http://*.embedded.pardot.force.com https://*.embedded.pardot.force.com http://embedded.demo.pardot.force.com https://embedded.demo.pardot.force.com http://*.embedded.demo.pardot.force.com https://*.embedded.demo.pardot.force.com http://*.lightning.force.com https://*.lightning.force.com http://*.sandbox.lightning.force.com https://*.sandbox.lightning.force.com http://*.vf.force.com https://*.vf.force.com; report-uri https://csp-report.force.com/_/ContentDomainCSPNoAuth?type=pardotUnauth 1
connect-src 'self' *.google.com *.pusher.com wss://ws-ap2.pusher.com *.google-analytics.com *.doubleclick.net *.linkedin.com *.outbrain.com *.tiktok.com;default-src 'self' data: w3.org/svg/2000 direct.tranzila.com *.cloudfront.net p.alpha.co.il *.google.com *.google.co.il *.facebook.com *.doubleclick.net *.googletagmanager.com *.linkedin.com;media-src 'none';object-src 'none';script-src 'self' 'unsafe-inline' *.pusher.com *.googletagmanager.com *.google.com *.gstatic.com *.outbrain.com *.tiktok.com *.googleadservices.com *.licdn.com *.google-analytics.com *.facebook.net *.doubleclick.net;style-src 'self' 'unsafe-inline'; 1
frame-ancestors 'www.careinspectorate.com' 1
base-uri 'self'; object-src 'self'; frame-ancestors 'self'; 1
Content-Security-Policy: frame-ancestors 'self' https://app.platform.sportsdigita.com 1
frame-ancestors 'self' https://formulariosdigitales.bi.com.gt 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://browser-update.org https://archive.org https://analytics.archive.org https://orders.value.net https://feed2js.widomaker.com https://html5shiv.googlecode.com; style-src 'self' 'unsafe-inline' https://www.w3schools.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' https://widomaker.com/HSTS.png https://pr.prchecker.info https://browser-update.org https://canarytokens.com; base-uri 'self'; frame-ancestors 'none'; media-src 'self' https://upload.wikimedia.org; upgrade-insecure-requests; report-uri https://widomaker.report-uri.com/r/d/csp/enforce 1
default-src 'self'; font-src data: https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud; script-src 'self' https://*.bazaarvoice.com https://*.mm.dm-drogeriemarkt.bg https://app.usercentrics.eu https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.dm-drogeriemarkt.bg https://tags.tiqcdn.com https://www.dm-drogeriemarkt.bg; worker-src 'self' blob:; connect-src  'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.dm-drogeriemarkt.bg https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://coupon-aktionen.dm.de https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omc.dm-drogeriemarkt.bg https://product-based-recos.services.dmtech.com https://products.dm.de https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://signin.dm-drogeriemarkt.bg https://sos-prod.availability.services.dmtech.com https://staedtetour.dm-fb2.de https://storage.googleapis.com/gift-card-builder-emergency-disabled-bucket/ https://cartnext.services.dmtech.com https://products.dm.de https://shopping-list-prod.services.dmtech.com; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud; form-action 'self' https://*.bazaarvoice.com https://checkout.dm-drogeriemarkt.bg https://giftcard-checkout.dm-drogeriemarkt.bg/api/checkout https://signin.dm-drogeriemarkt.bg; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.dm-drogeriemarkt.bg https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://composer.apps.nonprod.gcp.dmtech.cloud https://content-preview.apps.prod.gcp.dmtech.cloud https://d2pqvatijh75rn.cloudfront.net https://d3s22jwy77sx9i.cloudfront.net https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.apps.nonprod.gcp.dmtech.cloud https://*.apps.prod.gcp.dmtech.cloud https://*.dm-drogeriemarkt.bg https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42007 https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.lxprod.ka.de.dm-drogeriemarkt.com https://app.datadoghq.eu https://studio.dm-drogeriemarkt.com; frame-src 'self' https://*.bazaarvoice.com https://*.dm-drogeriemarkt.bg https://*.services.dmtech.com https://app.usercentrics.eu https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://player.podigee-cdn.net https://sandbox.om.dm.de https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.dm-drogeriemarkt.bg https://*.services.dmtech.com https://events.mapbox.com; child-src 'self' blob:; manifest-src 'self'; report-uri /__csp-reports__; upgrade-insecure-requests; 1
frame-ancestors officiallondontheatre.com *.officiallondontheatre.com uktheatre.org *.theatretokens.com *.solt.co.uk *.theatreartists.fund *.theatrehelpline.org *.theatremeansbusiness.info *.si9n.io *.signage.ninja; default-src blob: https: data: wss: 'unsafe-inline' 'unsafe-eval'; 1
upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; manifest-src 'self'; report-uri https://vault.gostatera.com/collect/csp 1
frame-ancestors 'self' https://*.realtylink.org https://*.centris.ca; default-src 'self' https://*.centris.ca https://*.realtylink.org/ https://analytics.google.com https://*.google-analytics.com https://fonts.gstatic.com https://fonts.googleapis.com https://stats.g.doubleclick.net https://www.google.ca https://www.google.com https://www.googletagmanager.com https://sb.scorecardresearch.com https://cdn.jsdelivr.net https://*.locallogic.co https://cdnjs.cloudflare.com https://browser.sentry-cdn.com https://maps.google.com https://maps.google.ca https://maps.googleapis.com https://*.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://unpkg.com https://*.arcgis.com https://events.mapbox.com https://maxcdn.bootstrapcdn.com https://*.lrcontent.com https://connect.facebook.net https://snap.licdn.com https://*.hotjar.com https://*.hotjar.io https://www.facebook.com https://*.loginradius.com https://www.prospectsweb.com https://www.youtube.com https://*.tryinteract.com https://spark.adobe.com https://*.surveymonkey.com https://ajax.googleapis.com https://*.ofsys.com https://ofsys.com https://*.dialoginsight.com https://*.pinterest.com https://*.pinterest.ca https://s.pinimg.com https://api.maptiler.com https://*.research.net https://cdn.linkedin.oribi.io wss://ws.hotjar.com https://sdk.privacy-center.org https://api.privacy-center.org blob: 'unsafe-inline' 'unsafe-eval'; img-src * data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com; img-src 'self' data: https://maps.googleapis.com https://maps.gstatic.com https://csi.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src 'none'; connect-src 'self' https://maps.googleapis.com 1
default-src   'self'   apis.google.com   app.clearbit.com   connect.facebook.net   firestore.googleapis.com   fonts.googleapis.com   fonts.gstatic.com   form.smileweb.net   dev-form.smileweb.net   identitytoolkit.googleapis.com   prod-api.smileweb.net   securetoken.googleapis.com   smileweb-app.firebaseapp.com   static.smileweb.net   testing-form.smileweb.net   stats.g.doubleclick.net   tag.clearbitscripts.com   www.google-analytics.com   www.googletagmanager.com   x.clearbitjs.com   'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='   'sha256-KJxnsNT0gtdqJuu4ax26lLQPfNPovAIoDwH4Ql0esmA='   'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='   'sha256-WVkNUdWP0lukQtTjeNmSOhLNStVYP/Ho92RLxHVM2M0='   'sha256-9DoVum3m8JKsIY3DTlnlYUaZmF0qX8+iPcNp2w20t90=' ;img-src   'self'   data:   s3.sa-east-1.amazonaws.com   static.smileweb.net   www.facebook.com   www.google-analytics.com ;script-src   'self'   'sha256-HDP6PPmUSTygOms82GqatyknRdPtGrQf2Mx7gI07ywE='   'sha256-hnD7loh8ISm5RQ4QgaNwq9T5Y4AY7Pi6zSDaGXASjGA='   'sha256-NYiv/TuY+idwGDsdFmxOvluUANrfoPumXWnuSO/nqts='   'sha256-TEo0NHqqdmiDKkdbi6ouHBr+IOO4iEd3Pe5LNS05Cv8='   'sha256-FDyPg8CqqIpPAfGVKx1YeKduyLs0ghNYWII21wL+7HM='   apis.google.com   app.clearbit.com   connect.facebook.net   fonts.gstatic.com   form.smileweb.net   testing-form.smileweb.net   static.smileweb.net   stats.g.doubleclick.net   tag.clearbitscripts.com   www.google-analytics.com   www.googletagmanager.com   www.smileweb.net   x.clearbitjs.com ;object-src   'none';form-action ;frame-ancestors   form.smileweb.net   prod-api.smileweb.net   static.smileweb.net ; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net *.financialcontent.com *.licdn.com googleads.g.doubleclick.net https://cdn.lr-in-prod.com ui.upcp.wirewheel.io s.upcp.wirewheel.io https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/ https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.financialcontent.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.linkedin.com *.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' https://retirementtool.massmutualascend.com/ https://www.youtube.com/ https://ui.uat.upcp.wirewheel.io/ https://ui.upcp.wirewheel.io/ https://www.calcxml.com/calculators/; connect-src 'self' accounts.google.com https://*.google-analytics.com https://*.analytics.google.com *.mktoresp.com *.visualstudio.com *.financialcontent.com *.linkedin.oribi.io *.lr-in-prod.com api.upcp.wirewheel.io api.uat.upcp.wirewheel.io https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.azureedge.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.lr-in-prod.com blob: 1
frame-ancestors 'self' https://*.rooom.com 1
default-src 'self'; font-src 'self' https: data: https://script.hotjar.com; img-src 'self' https: data: p.typekit.net https://www.google.com/ads/ga-audiences https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com; object-src 'none'; script-src 'report-sample' 'strict-dynamic' https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-4faHuiaYQrYKfJ6gZkFfYA=='; frame-src 'strict-dynamic' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://td.doubleclick.net/; style-src 'self' 'report-sample' 'unsafe-inline' https://cdn.jsdelivr.net/npm/daterangepicker@3.1.0/daterangepicker.css use.typekit.net p.typekit.net https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://static.hotjar.com https://script.hotjar.com d1napmdp9lzbyy.cloudfront.net d1030xxn62fyyb.cloudfront.net; connect-src 'self' https: https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://adservice.google.com https://stats.g.doubleclick.net; base-uri 'self'; report-uri https://o8095.ingest.sentry.io/api/15415/security/?sentry_key=7f5f5d4c4104451d8b56b1a148a65915&sentry_environment=production&sentry_release=92b450c33938a161186ba71c830536b6495b957d 1
frame-src 'self' 'unsafe-inline' 'unsafe-eval' * blob: data: * ; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: app.netaffinity.io app.office.netaffinity.net app.demo.netaffinity.net app.uat.netaffinity.net *.ecodev.netaffinity.net *.staging.ecodev.netaffinity.net *.host.staging.ecodev.netaffinity.net *.adyen.com bat.bing.com maxcdn.bootstrapcdn.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com cdnjs.cloudflare.com cdn-a.cumul.io app.cumul.io pay.sandbox.datatrans.com pay.datatrans.com www.facebook.com connect.facebook.net forms.hsforms.com heapanalytics.com cdn.heapanalytics.com js.hsforms.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsleadflows.net api.hubspot.com app.hubspot.com track.hubspot.com forms.hubspot.com js.hubspotfeedback.com pay.google.com accounts.google.com tagmanager.google.com www.google.com www.googletagmanager.com *.google-analytics.com ajax.googleapis.com maps.googleapis.com www.googleapis.com fonts.googleapis.com fonts.gstatic.com maps.gstatic.com jsconsole.com sslgstatic.com www.gstatic.com code.jquery.com cdn.jsdelivr.net cdn.materialdesignicons.com www.netaffinity.com js.paymentsos.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com *.pusher.com secure.payu.com pi-test.sagepay.com core.spreedly.com js.stripe.com https://pay.realexpayments.com https://pay.sandbox.realexpayments.com api.userlane.com cdn.userlane.com imgcdn.userlane.com staticassets.userlane.com ekr.zdassets.com static.zdassets.com netaffinity.zendesk.com v2assets.zopim.io widget-mediator.zopim.com youtube.com www.youtube.com js.usemessages.com wss://ws.pusher.com wss://ws-eu.pusher.com wss://ws.pusherapp.com wss://ws-eu.pusherapp.com wss://widget-mediator.zopim.com ubpysjit.kclub.ie kit.fontawesome.com ka-p.fontawesome.com www.clarity.ms c.clarity.ms r.clarity.ms https://applepay.cdn-apple.com https://consent.cookiebot.com/ https://capig.stape.org/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://googleads.g.doubleclick.net https://region1.analytics.google.com https://www.google.ie https://pagead2.googlesyndication.com *.eu.stape.io https://app.userguest.com/ https://server-side-tagging-coprpnpvaq-uc.a.run.app 1
default-src 'self'  blob: data: *.mayoclinic.org *.gstatic.com *.googleapis.com maps.google.com translate.google.com kaltura.com *.kaltura.com *.vimeocdn.com vimeocdn.com vimeo.com *.vimeo.com svc.webspellchecker.net 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; connect-src 'self' https://*.sata.pt https://*.proscloud.com https://o210366.ingest.sentry.io https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.paypal.com https://*.azoresairlines.pt https://azo-cdn.azureedge.net https://tracking.monsido.com https://*.inside-graph.com wss://*.inside-graph.com https://*.googlesyndication.com https://*.quantcast.com https://*.inmobi.com https://www.facebook.com/tr/; font-src 'self' https://i.icomoon.io https://fonts.gstatic.com data: https://fonts.googleapis.com https://fonts.gstatic.com https://azo-cdn.azureedge.net; form-action 'self' https://*.proscloud.com https://*.paypal.com https://*.iata.org https://payments.sata.pt https://*.azoresairlines.pt https://*.sata.pt https://www.facebook.com/tr/; frame-src 'self' https://www.youtube.com https://www.google.com https://www.recaptcha.net https://bid.g.doubleclick.net https://*.paypal.com https://static.sojern.com https://*.inside-graph.com https://*.doubleclick.net; frame-ancestors 'self'; img-src 'self' data: https: https://*.google-analytics.com https://*.analytics.google.com; object-src 'none'; script-src 'unsafe-inline' 'self' https://cdn.jsdelivr.net https://quantcast.mgr.consensu.org https://secure.quantserve.com https://cmp.quantcast.com https://cmp.inmobi.com https://rules.quantcount.com https://www.google.com/recaptcha/ https://www.gstatic.com https://www.recaptcha.net https://www.googletagmanager.com https://storage.googleapis.com https://www.google-analytics.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.paypal.com https://static.sojern.com/utils/sjrn_autocx.js https://cdn.monsido.com https://*.inside-graph.com https://connect.facebook.net https://static.connect.travelaudience.com https://azo-cdn.azureedge.net; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://tagmanager.google.com https://www.googletagmanager.com https://fonts.googleapis.com https://*.inside-graph.com https://i.icomoon.io https://azo-cdn.azureedge.net; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.recaptcha.net/recaptcha/ https://www.google.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://*.google-analytics.com https://connect.facebook.net/en_US/fbevents.js https://static.cloudflareinsights.com https://browser.sentry-cdn.com/6.13.3/bundle.tracing.min.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: htts://accounts.google.com https://*.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com/recaptcha/ https://www.facebook.com https://fonts.googleapis.com https://stats.g.doubleclick.net https://*.coinmarketcap.com/static/img/coins/ *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' wss://btc-alpha.com https://report.btc-alpha.com https://sentry.btc-alpha.io https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://prod.spline.design/SUpbmbat9sNAp-jk/scene.splinecode; frame-src 'self' blob: https://www.recaptcha.net/recaptcha/ https://www.google.com https://www.youtube.com https://www.facebook.com; frame-ancestors 'self'; report-uri https://report.btc-alpha.com/api/8/security/?sentry_key=2f92208cf42e4137940a2db21eeb63be 1
frame-ancestors 'self' https://gms.affinalways.com; 1
font-src *.googleapis.com *.gstatic.com *.cloudflare.com *.cloudflare.net *.twitter.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.clarity.ms *.bing.com *.klaviyo.com *.dotomi.com *.emjcd.com *.resellerratings.com *.b-cdn.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.b-cdn.net *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.affirm.com *.affirm.ca *.twitter.com *.google.com *.addthis.com *.clarity.ms *.bing.com *.klaviyo.com *.dotomi.com *.emjcd.com *.resellerratings.com *.b-cdn.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca *.cloudflare.com *.googleadservices.com *.google-analytics.com *.twitter.com *.vtdns.net https://api.resellerratings.com *.resellerratings.com *.google.co.in *.clarity.ms https://c.bing.com *.bing.com *.klaviyo.com *.mczbf.com *.cloudfront.net *.dotomi.com *.emjcd.com *.b-cdn.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ store.paradoxlabs.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com apis.google.com *.gstatic.com *.affirm.com *.affirm.ca *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.google.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com graph.facebook.com widgets.pinterest.com static.cloudflareinsights.com *.resellerratings.com *.pinimg.com *.pinterest.com *.podcorn.com *.klaviyo.com *.clarity.ms *.bing.com *.mczbf.com *.dotomi.com *.emjcd.com *.b-cdn.net www.facebook.com connect.facebook.net business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.authorize.net https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.resellerratings.com *.clarity.ms *.bing.com *.klaviyo.com *.mczbf.com *.dotomi.com *.emjcd.com *.b-cdn.net https://static.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.affirm.com *.affirm.ca *.cloudflare.com *.twitter.com *.vtdns.net *.doubleclick.net *.pinterest.com *.podcorn.com *.klaviyo.com *.clarity.ms https://y.clarity.ms *.bing.com *.mczbf.com *.dotomi.com *.emjcd.com *.resellerratings.com *.b-cdn.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io *.authorize.net *.google-analytics.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.24ru.news https://push.24ru.news https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://push.24ru.news https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz https://push.24ru.news ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://localhost:* https://*.kanomchansee.com https://apmcmwrew.cedexis.cc https://*.sbotop.com *.google.com *.google.com.tw https://www.googletagmanager.com http://blog.sbotop.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.sbotop.co.uk *.connextra.com https://dev.visualwebsiteoptimizer.com https://*.cdnrocket.net/ https://*.cloudswiftcdn.net/ https://*.speedysurfcdn.net/ https://*.rapidflarecdn.net/ https://*.lightningspeedcdn.net/ https://connect.facebook.net www.facebook.com https://*.g.doubleclick.net https://*.sbobet.com; img-src data: https://localhost:* https://*.kanomchansee.com https://apmcmwrew.cedexis.cc https://*.sbotop.com *.google.com *.google.com.tw https://www.googletagmanager.com http://blog.sbotop.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.sbotop.co.uk *.connextra.com https://dev.visualwebsiteoptimizer.com https://*.cdnrocket.net/ https://*.cloudswiftcdn.net/ https://*.speedysurfcdn.net/ https://*.rapidflarecdn.net/ https://*.lightningspeedcdn.net/ https://connect.facebook.net www.facebook.com https://*.g.doubleclick.net; report-uri https://csp.trackittk.net/z/3693b3a4-1444-448c-93f9-abfaa546d0e0; frame-src data: https://localhost:* https://*.kanomchansee.com https://apmcmwrew.cedexis.cc https://*.sbotop.com *.google.com *.google.com.tw https://www.googletagmanager.com http://blog.sbotop.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.sbotop.co.uk *.connextra.com https://dev.visualwebsiteoptimizer.com https://*.cdnrocket.net/ https://*.cloudswiftcdn.net/ https://*.speedysurfcdn.net/ https://*.rapidflarecdn.net/ https://*.lightningspeedcdn.net/ https://connect.facebook.net www.facebook.com https://*.g.doubleclick.net https://*.youtube.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com; worker-src data: blob: https://dev.visualwebsiteoptimizer.com; frame-ancestors 'self' data: https://*.sbotop.com; 1
frame-ancestors 'self' app.firedrumemailmarketing.com fdsend.com fdhv1.com; 1
img-src https: data:; default-src https: 'unsafe-eval' 'unsafe-inline'; 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: police.vic.gov.au content.police.vic.gov.au *.content.police.vic.gov.au cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com *.googleanalytics.com *.googleoptimize.com optimize.google.com *.monsido.com connect.facebook.net *.cloudfront.net api.reciteme.com secure-ds.serving-sys.com bs.serving-sys.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com secure.quantserve.com rules.quantcount.com *.youtube.com ytimg.com *.ytimg.com usercheck.vgso.vic.gov.au *.facebook.com *.sc-static.net maps.googleapis.com sc-static.net *.outbrain.com *.taboola.com *.yahoo.com *.yahooapis.com *.licdn.com *.linkedin.com cdn.linkedin.oribi.io gw.linkedin.oribi.io sjs.bizographics.com *.yimg.com *.browsiprod.com *.openforms.com *.adsrvr.org; style-src 'self' 'unsafe-inline' police.vic.gov.au content.police.vic.gov.au *.content.police.vic.gov.au fonts.googleapis.com tagmanager.google.com api.reciteme.com optimize.google.com drwgdblqzrfiz.cloudfront.net *.taboola.com *.licdn.com *.openforms.com; img-src 'self' *.adsymptotic.com *.amazee.io *.analytics.google.com *.content.police.vic.gov.au *.doubleclick.net *.facebook.com *.google-analytics.com *.licdn.com *.linkedin.com *.taboola.com *.yahoo.com *.yimg.com about: ad.yieldmanager.com api.reciteme.com base.maps.vic.gov.au blob: content.police.vic.gov.au data: drwgdblqzrfiz.cloudfront.net i.ytimg.com maps.googleapis.com maps.gstatic.com omny.fm optimize.google.com pixel.quantserve.com police.vic.gov.au secure.adnxs.com tracking.monsido.com translate.google.com www.google.be www.google.ca www.google.co.bw www.google.co.nz www.google.co.uk www.google.com www.google.com.au www.google.com.pk www.google.com.sg www.google.com.ua www.google.lu www.googletagmanager.com www.gstatic.com *.adsrvr.org; font-src 'self' data: police.vic.gov.au content.police.vic.gov.au *.content.police.vic.gov.au fonts.gstatic.com api.reciteme.com *.taboola.com; frame-src 'self' data: police.vic.gov.au content.police.vic.gov.au *.content.police.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.issuu.com issuu.com api.reciteme.com www.google.com www.facebook.com maps.google.com www.policecareer.vic.gov.au *.vic.gov.au *.acast.com omny.fm *.doubleclick.net optimize.google.com vicpol.maps.arcgis.com *.taboola.com *.yimg.com *.linkedin.com *.openforms.com embed.podcasts.apple.com podcasters.spotify.com podcasts.google.com *.arcgis.com *.adsrvr.org; manifest-src 'self'; media-src 'self' api.reciteme.com *.taboola.com *.yimg.com *.licdn.com; connect-src 'self' *.analytics.google.com *.arcgis.com *.browsiprod.com *.content.police.vic.gov.au *.doubleclick.net *.google-analytics.com *.hotjar.com *.hotjar.io *.licdn.com *.linkedin.com *.monsido.com *.outbrain.com *.sdp.vic.gov.au *.taboola.com *.yahoo.com *.yimg.com about: analytics.google.com api.ipify.org api.reciteme.com bs.serving-sys.com cdn.linkedin.oribi.io content.police.vic.gov.au drwgdblqzrfiz.cloudfront.net maps.googleapis.com police.vic.gov.au secure-ds.serving-sys.com wss://*.hotjar.com www.facebook.com *.adsrvr.org; frame-ancestors 'self' *.youtube.com *.taboola.com *.yimg.com *.yahoo.com; base-uri *.taboola.com *.yahoo.com; form-action *.taboola.com apply.policecareer.vic.gov.au; 1
script-src 'self' 'unsafe-inline' http://js.hs-scripts.com http://js.hsforms.net https://cdn.cookielaw.org https://forms.hsforms.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://snap.licdn.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com; script-src-attr 'self'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.hearst.es/report-uri/enforce 1
default-src 'self' https:; base-uri 'self'; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; worker-src 'self' https: blob:; connect-src 'self' https: wss://*.karte.io; report-uri /csp-violation-report-endpoint 1
font-src 'self' https://*.patton.io https://*.google.com https://*.gstatic.com; img-src 'self' https://*.patton.io http://*.w3.org https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.global.ssl.fastly.net https://*.slack-edge.com https://img.youtube.com data:; media-src 'self' https://*.patton.io https://notificationsounds.com data:; script-src 'self' https://*.patton.io https://www.google.com https://*.gstatic.com https://*.googleapis.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://*.patton.io https://*.google.com https://*.googleapis.com http://*.googleapis.com https://*.gstatic.com 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https://*.patton.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.global.ssl.fastly.net http://*.w3.org https://*.slack-edge.com https://notificationsounds.com wss:; frame-src 'self' https://*.patton.io https://*.google.com https://www.youtube.com; default-src 'self' https://*.patton.io 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://ws.zoominfo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cookie-cdn.cookiepro.com https://go.ordr.net https://www.youtube.com https://snap.licdn.com https://munchkin.marketo.net https://assets.rampmetrics.com https://ws.zoominfo.com https://j.6sc.co https://*.ordr.net www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://go.ordr.net fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://cookie-cdn.cookiepro.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.linkedin.com https://b.6sc.co https://*.ordr.net s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://www.youtube.com https://px.ads.linkedin.com https://976-oja-437.mktoresp.com https://events.rm-api.com https://ws.zoominfo.com https://c.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://*.ordr.net http://ordr.lookbookhq.com https://ordr.lookbookhq.com http://ordr.pathfactory.com https://ordr.pathfactory.com http://resources.ordr.net https://resources.ordr.net *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com; font-src 'self' data: data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' ; media-src 'self' https://ws.zoominfo.com; frame-src 'self' https://go.ordr.net https://www.youtube-nocookie.com https://www.youtube.com https://td.doubleclick.net https://*.ordr.net https://wp-rocket.me *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' www.youtube.com www.googletagmanager.com; worker-src 'self' blob; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src *; img-src * 'self' http: https: data:; frame-src *; style-src 'self' 'unsafe-inline'; font-src 'self'; base-uri 'self'; form-action 'self' *.hsforms.com; object-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'nonce-cm1vaw==' https://cdn.datatables.net; style-src 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.datatables.net  'unsafe-inline'; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:;img-src data: https: 'self'; base-uri 'self'; object-src 'none'; 1
frame-ancestors https://www.kayak.com | https://www.cheapflights.com | https://www.skyscanner.com | https://www.kayak.com.ph | https://www.ca.kayak.com 1
default-src 'self'; script-src https://maps.google.co.in *.google.com https://cdn.jsdelivr.net https://cdn.plyr.io/ https://www.youtube-nocookie.com/ https://*.googleadservices.com s1259754.t.eloqua.com https://*.yellowmessenger.com www.gstatic.com www.google.com maps.gstatic.com maps.googleapis.com  www.googletagmanager.com use.fontawesome.com www.google-analytics.com www.youtube.com service.maxymiser.net tags.bkrtx.com app.yellowmessenger.com cdn.yellowmessenger.com img06.en25.com connect.facebook.net googleads.g.doubleclick.net glightbox.min.js plyr.js 'self' 'unsafe-inline'; style-src https://www.google.com https://cdn.jsdelivr.net https://cdn.plyr.io/ fonts.googleapis.com use.fontawesome.com slick.css glightbox.min.css plyr.css 'self' 'unsafe-inline'; font-src use.fontawesome.com fonts.gstatic.com fonts.googleapis.com cdn.yellowmessenger.com data: 'self'  'unsafe-inline'; img-src https://maps.google.co.in https://img.youtube.com https://www.googletagmanager.com https://display.pubmatic.com *.ytimg.com https://*.maxymiser.net ade.clmbtech.com s1259754.t.eloqua.com www.google.co.in www.google.com www.facebook.com www.google-analytics.com maps.gstatic.com maps.googleapis.com secure.gravatar.com cdn.yellowmessenger.com data: 'self' ; connect-src https://noembed.com/ https://cdn.plyr.io https://www.googleapis.com *.google.com wss://*.yellow.ai https://*.yellow.ai cdn.yellowmessenger.com analytics.google.com stats.g.doubleclick.net app.yellowmessenger.com www.youtube.com maps.googleapis.com www.google-analytics.com s1259754.t.eloqua.com 'self'; frame-src www.youtube-nocookie.com/ www.google.com td.doubleclick.net stags.bluekai.com https://youtube.com/ www.youtube.com www.facebook.com 'self'; media-src cdn.yellowmessenger.com 'self';object-src 'none'; base-uri 'none'; 1
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval'     *.ads-twitter.com     *.albacross.com     *.ampproject.org     *.avenga.com     *.bing.com     *.ccm19.de     *.clarity.ms     *.clutch.co     *.company-target.com     *.demandbase.com     *.doubleclick.net     *.facebook.net     *.google.com     *.googleadservices.com     *.googleapis.com     *.googletagmanager.com     *.gstatic.com     *.hotjar.com     *.hotjar.io     *.hs-analytics.net     *.hs-banner.com     *.hs-scripts.com     *.hsadspixel.net     *.hscollectedforms.net     *.hsforms.net     *.hsleadflows.net     *.hubspot.com     *.licdn.com     *.stories.google     *.zoominfo.com     acsbapp.com     cdnjs.cloudflare.com;  style-src 'self' 'unsafe-inline'     *.ampproject.org     *.avenga.com     *.ccm19.de     *.googleapis.com     *.gstatic.com     *.hubspot.com     *.stories.google;  img-src 'self' data: https:     *.avenga.com     *.gravatar.com     *.hubspot.com     *.stories.google     *.wp.com;  media-src 'self'     *.stories.google;  font-src 'self' data:     *.avenga.com     *.gstatic.com     *.stories.google;  connect-src 'self' data: wss:     *.acsbapp.com     *.albacross.com     *.ampproject.org     *.avenga.com     *.bing.com     *.ccm19.de     *.clarity.ms     *.company-target.com     *.demandbase.com     *.google-analytics.com     *.googleapis.com     *.googletagmanager.com     *.gstatic.com     *.hotjar.com     *.hotjar.io     *.hscollectedforms.net     *.hsforms.com     *.hubapi.com     *.hubspot.com     *.linkedin.com     *.stories.google     *.unsplash.com     *.zoominfo.com     hubspot-forms-static-embed.s3.amazonaws.com;  frame-src 'self'     *.avenga.com     *.clutch.co     *.company-target.com     *.demandbase.com     *.doubleclick.net     *.facebook.com     *.google.com     *.hsforms.com     *.stories.google     *.youtube.com;  frame-ancestors 'self';  object-src 'none';  worker-src 'self' blob:;  base-uri 'self'; 1
default-src 'self' blob: *.clarity.ms *.doubleclick.net *.facebook.com *.rokka.io *.snapchat.com c.bing.com; connect-src 'self' *.algolia.net *.algolianet.com *.analytics.google.com *.clarity.ms *.doubleclick.net *.g.doubleclick.net *.google-analytics.com *.google.ch *.google.com *.googletagmanager.com *.rokka.io *.snapchat.com https://*.hotjar.com https://*.hotjar.io https://px.ads.linkedin.com/wa/ wss://*.hotjar.com analytics.tiktok.com api.mapbox.com cdn.linkedin.oribi.io login.migros.ch storage.googleapis.com; font-src 'self' data: *.hotjar.com fonts.gstatic.com; frame-src 'self' bytedance: sslocal: *.doubleclick.net *.firebaseapp.com *.google.com/recaptcha/ *.kununu.com *.vimeo.com bid.g.doubleclick.net tr.snapchat.com www.facebook.com www.youtube.com; img-src 'self' data: *.analytics.google.com *.doubleclick.net *.facebook.com *.google-analytics.com storage.googleapis.com *.google.ch *.google.com *.googletagmanager.com *.hotjar.com *.linkedin.com *.rokka.io *.snapchat.com www.gstatic.com analytics.tiktok.com api.mapbox.com ssl.gstatic.com; media-src 'self' storage.googleapis.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.hotjar.com www.googleadservices.com analytics.tiktok.com googleads.g.doubleclick.net polyfill.io ssl.google-analytics.com tagmanager.google.com unpkg.com vjs.zencdn.net www.google.com https://polyfill.io https://unpkg.com https://vjs.zencdn.net https://www.google.com localhost:8099; script-src-elem 'self' 'unsafe-inline' analytics.tiktok.com *.clarity.ms *.doubleclick.net *.facebook.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.snapchat.com cdn.jsdelivr.net polyfill.io sc-static.net snap.licdn.com unpkg.com vjs.zencdn.net https://polyfill.io https://unpkg.com https://vjs.zencdn.net https://www.google.com localhost:8099; style-src 'self' 'unsafe-inline' *.hotjar.com fonts.googleapis.com storage.googleapis.com tagmanager.google.com vjs.zencdn.net https://vjs.zencdn.net; style-src-elem 'self' 'unsafe-inline' storage.googleapis.com vjs.zencdn.net https://vjs.zencdn.net; worker-src 'self'; form-action 'self' blob: www.facebook.com; frame-ancestors 'self' 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com *.simonjersey.com; base-uri 'self'; object-src 'none' 1
script-src 'nonce-b3ae11def873b6e14c86d2e6851a7c47' 'unsafe-inline' 'self' ag-forum-tcas.herokuapp.com https://developers.panopto.com https://embed-cdn.gettyimages.com https://s.imgur.com https://platform.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com/embed.js https://www.google.com; frame-ancestors 'self' 1
base-uri 'self';connect-src 'self' https://*.google-analytics.com https://*.doubleclick.net;default-src 'self';font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com;form-action 'self';img-src 'self' https://media.reinierdegraaf.nl https://osk6eqzj7h.execute-api.eu-central-1.amazonaws.com https://d1m0vixjc1og0f.cloudfront.net data: https://i.ytimg.com https://*.google-analytics.com https://*.cloudfront.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com;media-src 'self' https://media.reinierdegraaf.nl https://osk6eqzj7h.execute-api.eu-central-1.amazonaws.com https://d1m0vixjc1og0f.cloudfront.net https://*.guidingtube.com/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://consent.23g.io https://www.google.com https://www.gstatic.com https://www.googletagmanager.com 'nonce-gpr9QdhyTOGD7K9KQdZKvXPq8OY1MbYU';frame-src 'self' https://w.soundcloud.com/ https://www.youtube.com/ https://player.vimeo.com/ https://*.guidingtube.com/;style-src 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://www.googletagmanager.com https://fonts.googleapis.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.walkme.com https://arn.upraise.io https://cdn.jsdelivr.net https://lp.poweredbyonsite.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://simpleui-test-au.vixverify.com https://code.jquery.com https://gateway.nab.com.au https://cdnjs.cloudflare.com.au https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.ls.poweredbyonsite.com https://*.onsitetrackeasy.com.au https://www.gstatic.com https://www.google.com https://paynow.pmnts.io https://app.powerbi.com https://js-agent.newrelic.com https://bam-cell.nr-data.net blob:; frame-src https://arn.upraise.io https://pumaenergyqld.safetyhub.com https://*.onsitetrackeasy.com.au https://www.google.com https://gateway.nab.com.au https://paynow.pmnts.io https://player.vimeo.com https://*.avetta.com https://app.powerbi.com https://*.poweredbyonsite.com https://*.ls.poweredbyonsite.com https://cloud.scorm.com https://*.qa.ls.poweredbyonsite.com https://*.dev.ls.poweredbyonsite.com https://*.onsitetrackeasy.com.au https://www.google.com https://gateway.nab.com.au https://paynow.pmnts-sandbox.io https://paynow.pmnts.io https://player.vimeo.com https://*.qa.poweredbyonsite.com https://*.dev.poweredbyonsite.com https://*.avetta.com https://app.powerbi.com https://reports-staging.poweredbyonsite.com https://www.youtube.com https://cloud.scorm.com 'self' blob: data:; frame-ancestors https://paynow.pmnts.io https://*.ls.poweredbyonsite.com https://*.onsitetrackeasy.com.au https://*.poweredbyonsite.com https://poweredbyonsite.com https://*.okta.com; object-src 'self' https://*.ls.poweredbyonsite.com blob:; 1
frame-src 'self'; frame-ancestors 'self' https://hq.thesoul.io https://apicurio-registry-ui.tsp.li/ https://thesoul.atlassian.net https://cer.tsp.li/ https://cass.tsp.li/ https://project-portfolio-app.tsp.li/ https://diffusion.tsp.li/ https://creator-management.tsp.li/ https://thesoul.io/; object-src 'none'; report-uri https://csp.tsp.la/report; 1
default-src 'self' 'unsafe-inline' https://www.youtube.com https://ajax.googleapis.com https://fonts.googleapis.com https://s.ytimg.com https://use.typekit.net https://www.google-analytics.com https://p.typekit.net; 1
default-src 'self' *.umbraco.org *.hotjar.com *.hotjar.io *.googleapis.com *.gstatic.com *.vo.msecnd.net *.services.visualstudio.com local.ecom.com local.saa.co.uk *.saa.co.uk *.e78.co.uk *.allaboutart.co.uk cdn.flipsnack.com;connect-src 'self' *.ksearchnet.com *.klevu.com *.noibu.com *.googleadservices.com *.google.com *.googlesyndication.com *.doubleclick.net *.hotjar.io *.search.windows.net *.google-analytics.com *.vo.msecnd.net *.services.visualstudio.com *.hotjar.com *.hotjar.io *.paypal.com *.saa.co.uk *.e78.co.uk *.allaboutart.co.uk *.nosto.com cdn.flipsnack.com wss://*.hotjar.com wss://*.noibu.com maps.googleapis.com;style-src 'self' 'unsafe-inline' login.windows.net *.google.com *.googleapis.com hello.myfonts.net local.ecom.com *.worldpay.com *.saa.co.uk *.e78.co.uk *.allaboutart.co.uk cdn.flipsnack.com;script-src 'self' 'unsafe-eval' login.windows.net js.klevu.com js.monitor.azure.com *.doubleclick.net *.noibu.com *.googleadservices.com *.googletagmanager.com *.google.com 'unsafe-inline' *.hotjar.com *.hotjar.io *.google-analytics.com *.gstatic.com *.google.com *.googletagmanager.com *.vo.msecnd.net *.services.visualstudio.com local.ecom.com *.worldpay.com *.paypal.com *.dwin1.com *.awin1.com *.zenaps.com *.the.sciencebehindecommerce.com cc-cdn.com cdn.jsdelivr.net *.nosto.com *.craftyclicks.co.uk *.saa.co.uk maps.googleapis.com *.e78.co.uk *.allaboutart.co.uk connect.facebook.net cdn.flipsnack.com lantern.roeyecdn.com;img-src * data: 'unsafe-inline' *.gstatic.com local.ecom.com *.saa.co.uk *.e78.co.uk *.allaboutart.co.uk cdn.flipsnack.com;frame-src 'self' td.doubleclick.net player.flipsnack.com *.amazon-adsystem.com *.google.com *.youtube.com *.hotjar.com *.hotjar.io *.3dsecure.net *.arcot.com local.ecom.com *.paypal.com *.worldpay.com *.saa.co.uk *.e78.co.uk *.allaboutart.co.uk vimeo.com *.vimeo.com *.dwin1.com *.awin1.com *.zenaps.com *.the.sciencebehindecommerce.com cdn.flipsnack.com www.facebook.com *.v21artspace.com; 1
default-src https:; font-src https: data:; img-src https: data:; script-src https:; style-src https:; 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-cec4ef14a25f4a1ea2d61b3fd7f753bd' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://*.amplitude.com ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io https://*.amplitude.com;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
default-src 'self'; block-all-mixed-content; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.matomo.cloud https://cofrac.matomo.cloud/ https://player.vimeo.com https://ajax.googleapis.com https://www.google.com https://www.gstatic.com https://www.youtube.com https://storage.googleapis.com/ideta-prod.appspot.com/bots/; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com www.googletagmanager.com cofrac.matomo.cloud https://storage.googleapis.com/ideta-prod.appspot.com/bots/; img-src 'self' data: https:; frame-src 'self' www.googletagmanager.com www.youtube.com www.youtube-nocookie.com player.vimeo.com www.google.com cofrac.matomo.cloud app.ideta.io; child-src 'self' www.googletagmanager.com player.vimeo.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' fonts.googleapis.com fonts.gstatic.com www.googletagmanager.com cofrac.matomo.cloud tools.cofrac.fr *.s3.amazonaws.com; media-src 'self' *.s3.amazonaws.com blob:; frame-ancestors 'self'; 1
frame-ancestors 'self';    block-all-mixed-content;    default-src 'self';    script-src 'self' 'nonce-WnFNSFBZWkB1TTRSbHJKR2x2aGZBQUFBQWxR' 'strict-dynamic' 'report-sample' 'unsafe-inline'  *.inmobi.com   https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.jsdelivr.net https://f.vimeocdn.com https://googletagmanager.com https://m.youtube.com https://player.vimeo.com https://secure.gravatar.com https://tagmanager.google.com https://www.youtube.com https://www.vimeo.com https://www.clarity.ms https://*.googletagmanager.com https://www.google-analytics.com *.bootstrapcdn.com https://s7.addthis.com;     style-src 'self' 'report-sample' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net secure.gravatar.com tagmanager.google.com www.googletagmanager.com *.bootstrapcdn.com https://sibforms.com/forms/;     object-src 'none';     frame-src 'self' *.vimeo.com *.youtube.com vimeo.com www.youtube-nocookie.com https://youtu.be www.googletagmanager.com www.google.com;     child-src 'self' *.vimeo.com vimeo.com www.youtube.com www.googletagmanager.com;img-src 'self' *.vivesceramica.com data: *.clarity.ms *.vimeocdn.com *.vimeo.com *.gravatar.com *.ytimg.com *.youtube.com cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net *.bing.com  https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com;     font-src 'self' data: https://assets.brevo.com/font/ cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com;     connect-src 'self' https://16264faf.sibforms.com/serve/  https://cmp.inmobi.com/ https://api.cmp.inmobi.com/ *.clarity.ms *.gravatar.com cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net vimeo.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com;manifest-src 'self';     base-uri 'self';     form-action 'self';     media-src 'self' *.vimeo.com vimeo.com;     worker-src 'self';     report-to default 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; upgrade-insecure-requests; frame-ancestors 'self' ;  report-uri https://cspreports.realpage.com/api/reports/save/violation; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.fontawesome.com *.daopay.com *.googleapis.com *.gstatic.com *.google.com; 1
font-src *.globalpay.com https://fonts.gstatic.com fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.americanexpress.com *.globalpay.com *.mastercard.com *.visa.com https://hps.github.io https://api2.heartlandportico.com self api2.heartlandportico.com *.google.com/ *.meetanshi.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.globalpay.com https://hps.github.io https://api2.heartlandportico.com www.facebook.com www.google.co.in m.media-amazon.com api2.heartlandportico.com https://theme.co https://www.magezon.com *.meetanshi.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.aexp-static.com https://ajax.aspnetcdn.com *.globalpay.com *.gpapiservices.com https://hps.github.io https://api2.heartlandportico.com *.github.io *.facebook.net acp-magento.appspot.com *.cloudflare.com cdn.jsdelivr.net s7.addthis.com *.avada.io *.indicalive.com *.google.com/ *.meetanshi.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com *.cloudflare.com *.datatables.net cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com stats.g.doubleclick.net ekr.zdassets.com/ https://get.geojs.io *.avada.io indicalive.com *.meetanshi.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://search.opendental.com;frame-src https://twitter.com platform.twitter.com syndication.twitter.com https://www.youtube.com;img-src data: 'self' www.google-analytics.com https://www.google.com/ads/ga-audiences abs.twimg.com https://pbs.twimg.com ton.twimg.com platform.twitter.com https://syndication.twitter.com https://stats.g.doubleclick.net/r/collect;script-src 'self' 'unsafe-inline' google-analytics.com https://ssl.google-analytics.com www.google-analytics.com code.jquery.com https://cdn.syndication.twimg.com api.twitter.com platform.twitter.com;style-src 'self' 'unsafe-inline' code.jquery.com https://ton.twimg.com platform.twitter.com https://fonts.googleapis.com/; 1
frame-ancestors 'self' https://www.banbif.com.pe https://*.banbif.com.pe https://*.extranetbanbif.com.pe/; upgrade-insecure-requests 1
base-uri 'self';connect-src 'self' cdn-cookieyes.com *.cookieyes.com *.googlesyndication.com *.google-analytics.com www.google.com cdn.linkedin.oribi.io *.doubleclick.net;default-src 'self';form-action 'self';img-src 'self' cdn-cookieyes.com staticblob.insitessquare.com squarenprdblob01.blob.core.windows.net insitesecoprod.blob.core.windows.net cdn.usefathom.com *.ads.linkedin.com *.googlesyndication.com *.google-analytics.com www.googletagmanager.com data:;media-src 'self';object-src 'none';font-src 'self' fonts.gstatic.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com www.google.com www.googletagmanager.com cdn.usefathom.com cdn-cookieyes.com snap.licdn.com cdn.linkedin.oribi.io;style-src fonts.googleapis.com 'self' 'unsafe-inline';frame-src www.googletagmanager.com 1
object-src 'none' ; base-uri 'self';img-src 'self' ; 1
default-src  'self' 'unsafe-inline' blob: data: gap: https://embed-ssl.wistia.com/ https://www.silverfort.com https://pages.silverfort.com https://cta-service-cms2.hubspot.com/ https://js.hs-banner.com; style-src 'self' 'unsafe-inline' blob: data: gap: https://www.comeet.com/ https://www.silverfort.com https://fonts.googleapis.com/ https://use.typekit.net/ https://cdnjs.cloudflare.com/ https://p.typekit.net/ https://pages.silverfort.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap: https://www.comeet.com/ https://f.vimeocdn.com/ https://js.sentry-cdn.com https://fast.wistia.com/ https://tdns4.gtranslate.net https://app.revenuehero.io/ https://ws-assets.zoominfo.com/ https://embed.interactivecalculator.com/ https://js.zi-scripts.com/ https://tags.clickagy.com  https://www.silverfort.com https://pages.silverfort.com/ https://js.hsforms.net/ https://www.comeet.co/ https://obseu.bzcclandlord.com/ https://cdn.mxpnl.com/ https://www.gstatic.com/ https://www.google.com/ https://client-registry.mutinycdn.com/ https://www.googletagmanager.com/ https://rs.fullstory.com/ https://www.clickcease.com/ https://acsbapp.com/ https://munchkin.marketo.net/ https://unpkg.com/ https://cdnjs.cloudflare.com https://js.hs-analytics.net/ https://www.youtube.com/ https://www.google-analytics.com/ https://snap.licdn.com/ https://js.hubspot.com/ https://js.hsadspixel.net/ https://static.hotjar.com/ https://bat.bing.com/ https://www.redditstatic.com/ https://connect.facebook.net/ https://sc.lfeeder.com/ https://js.hs-banner.com/ https://js.usemessages.com/ https://script.hotjar.com/ https://tools.luckyorange.com/ https://edge.fullstory.com/ https://www.clarity.ms/ https://www.googleadservices.com/ https://j.6sc.co/ https://googleads.g.doubleclick.net/ https://js.hs-scripts.com/ ; img-src * 'self' 'unsafe-inline' blob: data: gap:;  object-src 'self' blob: data: gap: https://www.silverfort.com https://pages.silverfort.com; connect-src 'self' ws: wss: 'unsafe-inline' blob: data: gap: https://tdns.gtranslate.net https://distillery.wistia.com/ https://pipedream.wistia.com/ https://fast.wistia.com/ https://metrics.hotjar.io https://www.googleadservices.com/ https://vimeo.com/ https://bat.bing.com/ https://adservice.google.com/ https://proxy.gtranslate.net https://app.revenuehero.io/ https://api.mutinyhq.io/ https://www.facebook.com/ https://www.google.com/ https://ws.zoominfo.com/ https://js.zi-scripts.com/ https://api-js.mixpanel.com/ https://pixel-config.reddit.com/ https://q.clarity.ms/ https://pages.silverfort.com https://rs.fullstory.com/ https://api-v2.mutinyhq.io/ https://cdn.acsbapp.com/ https://client-registry.mutinycdn.com https://yoast.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://client-registry.mutinycdn.com/ https://d.clarity.ms/ https://forms.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://obseu.bzcclandlord.com/ https://px.ads.linkedin.com/ https://www.redditstatic.com/ https://secure.adnxs.com/ https://conversions-config.reddit.com/ https://api.hubapi.com https://js.hs-banner.com/ https://api.hubspot.com/ https://cta-service-cms2.hubspot.com/ https://settings.luckyorange.com/ https://c.6sc.co/ https://content.hotjar.io/ https://ipv6.6sc.co/ https://vc.hotjar.io/ https://epsilon-globalaccelerator.6sense.com/ https://epsilon.6sense.com/ https://edge.fullstory.com/; frame-src * 'self' blob: data: gap: ; font-src * 'self' blob: data: gap: ; frame-ancestors 'self'; 1
default-src 'none'; base-uri 'none'; form-action 'self'; connect-src https://*.freebsdbrasil.com.br https://www.google-analytics.com; script-src 'strict-dynamic' 'nonce-fbsdbr2018' 'unsafe-inline' http: https:; img-src 'self' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com; style-src 'self' https://fonts.googleapis.com https://use.fontawesome.com; frame-ancestors 'none'; report-uri https://freebsdbrasil.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests; 1
img-src 'self' wakapi.dev; script-src 'self' tracking.frachtwerk.de; object-src 'self'; default-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' tracking.frachtwerk.de 1
frame-ancestors 'self'; base-uri 'self'; upgrade-insecure-requests 1
frame-ancestors 'self' *.spine.org spineadvocacy.org 1
default-src https://necnijmegen.bbvms.com/ https://stats.bluebillywig.com https://y062.nec-nijmegen.nl/ https://collector.leadinfo.net/ https://*.doubleclick.net/ https://www.google-analytics.com/ https://*.convio.us wss://*.convio.us https://nec.blueconic.net 'self' 'unsafe-inline'; font-src data: https://fonts.gstatic.com https://*.typekit.net https://*.cloudfront.net/necnijmegen/ 'self'; child-src  'self'; connect-src https://*.cloudfront.net https://www.google-analytics.com/ https://*.convio.us wss://*.convio.us https://nec.blueconic.net https://necnijmegen.bbvms.com/ https://stats.bluebillywig.com/ https://y062.nec-nijmegen.nl/ https://collector.leadinfo.net/ https://*.doubleclick.net/ 'self'; frame-src https://www.sporcle.com/ https://www.googletagmanager.com https://www.instagram.com/ https://content.streamone.net/ https://twitter.com https://*.twitter.com/ https://*.facebook.com/ https://www.youtube.com/ https://stanza.co/ https://*.gxcloud.local https://*.gxcloud.net https://*.convio.us https://*.typekit.net https://*.amazonaws.com https://player.streampunt.nl/ https://form.typeform.com/ 'self'; frame-ancestors  'self'; img-src https://stats.bluebillywig.com/ https://necnijmegen.bbvms.com https://*.gxsoftware.com https://nec.devel.gxsoftware.com https://*.gxcloud.net/ http://*.gxcloud.net/ https://*.nec-nijmegen.nl/ https://*.doubleclick.net/ https://nec.blueconic.net https://*.convio.us https://*.typekit.net https://*.amazonaws.com https://*.twimg.com/ https://www.google-analytics.com https://*.twitter.com/ https://www.google.com/ https://plugins.blueconic.net https://www.google.nl/ https://y062.nec-nijmegen.nl/ 'self' data:; media-src data: blob: https://nec-preprod.devel.gxsoftware.com https://necnijmegen.bbvms.com/ https://cdn.bluebillywig.com/ https://*.cloudfront.net/necnijmegen/ https://*.cloudfront.net/live/necnijmegen/  'self'; object-src  'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; style-src https://nec.blueconic.net/ https://*.google.com/ https://*.twitter.com/ https://ton.twimg.com/ https://plugins.blueconic.net/ https://fonts.googleapis.com/ https://y062.nec-nijmegen.nl/ 'self' 'unsafe-inline';  worker-src  'self' blob: 1
default-src 'self';        	script-src https://www.gns.gov.pt https://webstats.cncs.gov.pt;        	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;        	img-src 'self' data: https;        	form-action 'self';        	connect-src https://webstats.cncs.gov.pt;        	font-src 'self' https://fonts.gstatic.com;        	object-src 'none';        	base-uri 'none';        	frame-src 'self' https://maps.google.com https://www.google.com https://www.youtube.com;        	frame-ancestors 'none' 1
default-src 'self'  *.grdp.co blob:; img-src 'self' blob: data: https://releases/traefik/02-csp-middleware.yamlgrdp.co https://tr.outbrain.com https://byjusexamprep.com/ https://translate.google.com https://nr1.s3.amazonaws.com *.boldchat.com accounts.google.com *.doubleclick.net https://www.google.co.in https://bat.bing.com https://www.youtube.com/favicon.ico *.googleadservices.com http://gs-post-images.grdp.co https://gs-groups-images.grdp.co https://graph.facebook.com https://www.google.com gradeup.co https://www.google-analytics.com https://www.facebook.com https://maps.googleapis.com https://gs-post-images.grdp.co https://optimize.google.com cds.taboola.com api.typeform.com https://track.shoptopdeal.com https://events.ub-analytics.com https://ttrk.ringocount.com business.topbuzz.com gradestack.com i.ytimg.com trc.taboola.com *.fbcdn.net cost.affcost.com platform-lookaside.fbsbx.com d9hhrg4mnvzow.cloudfront.net csm.hk.as.criteo.net cm.g.doubleclick.net primedigital.go2cloud.org ad.admitad.com track.in.omgpm.com dis.criteo.com traqkar.com www.googletagmanager.com *.googleadservices.com myfaqprime.appspot.com heapanalytics.com *.googleusercontent.com *.grdp.co grdp.co connect.facebook.net q.quora.com *.gstatic.com www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://slike.indiatimes.com https://ventes40.gotrackier.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.cloudflareinsights.com *.joonbot.com eu1.clevertap-prod.com https://www.googleadservices.com/ https://d34qb8suadcc4g.cloudfront.net *.boldchat.com https://googleadservices.com https://bat.bing.com https://cdnjs.cloudflare.com/ajax/libs/gsap/latest/TweenMax.min.js https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google.com/pagead/conversion_async.js https://googleads.g.doubleclick.net https://tr.outbrain.com amplify.outbrain.com https://optimize.google.com https://cdn.jsdelivr.net/gh/cferdinandi/smooth-scroll@15.0.0/dist/smooth-scroll.polyfills.min.js https://www.google.co.in/pagead cdn.heapanalytics.com https://www.clarity.ms https://s-usc1c-nss-273.firebaseio.com https://udofy-crm-1022.firebaseio.com  s.ytimg.com cdn.ampproject.org cdn.taboola.com trc.taboola.com www.googletagservices.com tagmanager.google.com https://s-usc1c-nss-281.firebaseio.com ajax.cloudflare.com builder-assets.unbounce.com accounts.google.com myfaqprime.appspot.com portal.referralcandy.com go.referralcandy.com cdn.asbmit.com platform.twitter.com maps.googleapis.com adservice.google.com adservice.google.co.in smartlock.google.com wzrkt.com d2r1yp2w7bby2u.cloudfront.net connect.facebook.net track.in.omgpm.com *.grdp.co grdp.co https://www.google-analytics.com/ cdn.mouseflow.com static.bytedance.com sslwidget.criteo.com  www.gstatic.com https://www.google.com/pagead/1p-conversion/820422143/ apis.google.com widget.as.criteo.com maxcdn.bootstrapcdn.com https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://cdn.jsdelivr.net/npm/js-cookie@beta/dist/js.cookie.min.js https://tvid.akamaized.net https://tvid.in https://cdn.quilljs.com; connect-src 'self' https://bep-public.s3.ap-south-1.amazonaws.com/ https://ebooksecurepdf.s3.ap-south-1.amazonaws.com/ https://google.com https://mpkgr-streaming.tllms.com https://byju.pc.cdn.bitgravity.com *.gradestack.co *.byjusexamprep.com https://gradeup-streaming.tllms.com https://byjus-in.akamaized.net https://gcdn.byjus.com https://*.nanorep.co https://*.nanorep.com wss://*.bold360.com *.boldchat.com https://gradeup-assets.grdp.co https://bat.bing.com https://d27yfew3jd3yhj.cloudfront.net https://drm.tllms.com/ https://us-central1-udofy-1021.cloudfunctions.net https://us-central1-amp-error-reporting.cloudfunctions.net https://adservice.google.com https://www.facebook.com https://maps.googleapis.com wss://photon.gradestack.co wss://mule.byjusexamprep.com webapi.byjusexamprep.com https://udofy-crm-1022.firebaseio.com trc-events.taboola.com trc.taboola.com wss://udofy-crm-1022.firebaseio.com https://www.clarity.ms wss://s-usc1c-nss-273.firebaseio.com https://sheets.googleapis.com https://script.google.com https://script.googleusercontent.com wss://s-usc1c-nss-281.firebaseio.com json.faqprime.com firebaseinstallations.googleapis.com *.grdp.co grdp.co cdnjs.cloudflare.com o2.mouseflow.com heapanalytics.com www.googletagmanager.com wss://*.gradeup.co https://www.google-analytics.com cdn.ampproject.org accounts.google.com www.google.com *.doubleclick.net cdn.ampproject.com https://cleovod.akamaized.net https://cleorec.akamaized.net https://cleolive.akamaized.net https://slike.indiatimes.com https://tvid.in https://*.slike.in https://s3.ap-south-1.amazonaws.com/byjus-media-delivery/videos/ *.razorpay.com ; frame-src whatsapp: *.doubleclick.net https://gradeup.co https://optimize.google.com https://help.byjusexamprep.com https://sin.creativecdn.com https://*.joonbot.com https://*.joonbot.xyz *.boldchat.com https://www.google.com/maps/embed https://s-usc1c-nss-273.firebaseio.com https://asia.creativecdn.com https://s-usc1c-nss-281.firebaseio.com ts.tradetracker.net tl.tradetracker.net tracking.icubeswire.co www.youtube.com portal.referralcandy.com go.onelink.me accounts.google.com gum.criteo.com tpc.googlesyndication.com secure.payu.in gradeup.referralcandy.com www.facebook.com grdp.co https://byjusexamprep.com gradestack.com smartlock.google.com static.criteo.net www.googletagmanager.com https://hts-premium.byjusexamprep.com https://api.razorpay.com https://www.menti.com; style-src 'self' blob: data: *.grdp.co  'unsafe-inline' https://optimize.google.com unpkg.com builder-assets.unbounce.com cdnjs.cloudflare.com myfaqprime.appspot.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com translate.googleapis.com maxcdn.bootstrapcdn.com https://www.googletagmanager.com/gtm.js accounts.google.com cdn.ampprojectorg cdn.materialdesignicons.com cloud.typography.com https://cdn.quilljs.com; object-src 'none'; font-src 'self' blob: data: *.grdp.co https://optimize.google.com fonts.gstatic.com maxcdn.bootstrapcdn.com fast.fonts.net cloud.typography.com fonts.googleapis.com use.fontawesome.com cdnjs.cloudflare.com; worker-src 'self' blob: data:  https://byjusexamprep.com gradestack.com; media-src 'self' blob: data:  *.grdp.co https://gradeup-streaming.tllms.com https://cleolive.akamaized.net https://cleorec.akamaized.net https://d27yfew3jd3yhj.cloudfront.net; frame-ancestors 'self' *.nanorep.co https://byjus.com https://byjusexamprep.com; script-src-elem 'self' 'unsafe-inline' https://d2r1yp2w7bby2u.cloudfront.net/js/clevertap.min.js https://eu1.clevertap-prod.com https://connect.facebook.net https://amplify.outbrain.com https://tpc.googlesyndication.com *.joonbot.com https://*.joonbot.xyz https://www.googleadservices.com/ https://*.nanorep.co https://d34qb8suadcc4g.cloudfront.net https://bat.bing.com *.googleadservices.com https://*.boldchat.com https://fonts.googleapis.com/css2 https://cdn.ampproject.org/rtv/012110290545003/v0/amp-loader-0.1.js https://www.googletagmanager.com/ https://track.in.omgpm.com https://portal.referralcandy.com/assets/widgets/refcandy-poprocks.js https://apis.google.com https://d2r1yp2w7bby2u.cloudfront.net/js/a.js https://cdn.ampproject.org *.gstatic.com  https://builder-assets.unbounce.com/published-js/ https://ajax.googleapis.com https://myfaqprime.appspot.com https://gradeup-assets.grdp.co https://www.google-analytics.com https://www.googletagmanager.com https://ajax.cloudflare.com  https://wzrkt.com https://tr.outbrain.com https://maps.googleapis.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net *.googleadservices.com https://wzrkt.com https://www.youtube.com https://checkout.razorpay.com/v1/checkout.js; manifest-src 'self' blob: data: https://byjusexamprep.com; report-uri https://sentry.byjusexamprep.com/api/26/security/?sentry_key=e3c3abaf223b441c8dd91fdc48764d72 1
default-src 'self'; connect-src 'self' wss://*.streami.co wss://*.streami.io wss://*.gopax.co.kr https://*.gopax.co.kr https://*.gopax.co.kr:* https://*.amazonaws.com https://*.streami.io https://adservice.google.com https://aem-kakao-collector.onkakao.net/api https://bc.ad.daum.net https://browser-intake-datadoghq.com https://pagead2.googlesyndication.com https://sentry.io https://www.google.iq https://stats.g.doubleclick.net/g/collect https://stats.g.doubleclick.net/j/collect https://api.xangle.io/external/disclosure-project https://api.intotheblock.com https://nice.qa.streami.co:8081 https://nice.staging.streami.io:8081 https://www.tradingview.com https://ads.tnkad.net https://kn.acrosspf.com https://www.tdmcom.co.kr https://*.adpopcorn.com https://bizmessage.kakao.com https://gopax.ghost.io https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://www.google-analytics.com; frame-src 'self' https://www.google.com https://*.gopax.co.kr https://*.gopax.co.kr:* https://*.daumcdn.net https://*.daum.net https://safe.ok-name.co.kr https://connect.facebook.net https://*.doubleclick.net https://s3.ap-northeast-2.amazonaws.com/service.xangle.io https://nice.checkplus.co.kr https://s.tradingview.com https://www.tradingview-widget.com https://www.youtube.com https://kn.acrosspf.com https://*.twitter.com; img-src 'self' data: blob: https://adlc-exchange.toast.com https://bid.g.doubleclick.net/xbbe/pixel https://googleads.g.doubleclick.net/pagead/ https://idm.skplanet.com/pixel https://kiup.ibk.co.kr https://log.mediacategory.com/servlet/rd https://*.gopax.co.kr https://*.gopax.qa.streami.io https://*.gopax.staging.streami.io https://s3.ap-northeast-2.amazonaws.com/service.xangle.io/ticker/images/ https://s3.ap-northeast-2.amazonaws.com/upload.xangle.io/images/ https://stats.g.doubleclick.net https://track.buzzvil.com/ https://www.google.co.kr https://www.google.com https://www.googleadservices.com/pagead/conversion/ https://www.googletagmanager.com/ https://bc.ad.daum.net https://wcs.naver.com/ https://t1.daumcdn.net https://*.twimg.com https://resource.gopax.co.kr https://resource.gopax.staging.streami.io https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://www.google-analytics.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.gopax.co.kr https://cdn.megadata.co.kr/js/en_script/3.5/enliple_min3.5.js https://cdnet.nasmob.com/adpacker/js/ap_pv_v1.0.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10944913108/ https://www.google.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://ajax.googleapis.com https://cdn.megadata.co.kr https://cdnet.nasmob.com https://stats.g.doubleclick.net https://tagmanager.google.com https://www.google.co.kr https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://*.daumcdn.net https://www.googleadservices.com https://s3.ap-northeast-2.amazonaws.com/service.xangle.io/xi-ticker.min.js https://app.intotheblock.com https://api3.tnkfactory.com https://scr.nsmartad.com https://inter-nswitch.nasmob.com https://s3.tradingview.com https://fin.rainbownine.net/js/adn_tags_2.1.3.js https://www.tdmcom.co.kr https://*.adpopcorn.com https://kn.acrosspf.com https://bizmessage.kakao.com https://www.youtube.com https://*.twitter.com https://*.twimg.com https://openfpcdn.io/fingerprintjs/v3/iife.min.js https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://s3.ap-northeast-2.amazonaws.com/service.xangle.io/xi-ticker.min.css https://*.twitter.com; font-src 'self' data: https://fonts.gstatic.com; object-src 'self' blob:; base-uri 'self'; frame-ancestors https://gopax.co.kr https://*.gopax.co.kr https://streami.io https://*.gopax.qa.streami.io https://*.gopax.staging.streami.io https://*.gopax.prod.streami.io 1
default-src 'self' ;  frame-ancestors 'self' *.bellcurve.jp reg31.smp.ne.jp;  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.gstatic.com *.googleadservices.com *.cardservice.co.jp *.cloudfront.net *.amazon.co.jp *.assoc-amazon.com *.amazon-adsystem.com *.globalsign.com ajax.googleapis.com pagead3.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.google.co.jp cse.google.co.jp *.google.com www.google-analytics.com platform.twitter.com jsoon.digitiminimi.com www.facebook.com connect.facebook.net b.st-hatena.com media.line.naver.jp d.line-scdn.net scdn.line-apps.com cdn-ak.b.st-hatena.com media.line.me cdn.mathjax.org cdnjs.cloudflare.com; font-src 'self' fonts.googleapis.com data:;style-src 'self' 'unsafe-inline' *.cardservice.co.jp *.jquery.com  *.google.com fonts.googleapis.com ajax.googleapis.com www.facebook.com d.line-scdn.net platform.twitter.com;img-src * data:;child-src *.cloudfront.net *.amazon.co.jp *.assoc-amazon.com *.amazon-adsystem.com bellcurve.jp apis.google.com accounts.google.com googleads.g.doubleclick.net www.facebook.com platform.twitter.com syndication.twitter.com staticxx.facebook.com timeline.line.me cdn.api.b.hatena.ne.jp jsoon.digitiminimi.com www.slideshare.net;object-src 'self'  *.cloudfront.net *.amazon.co.jp  *.assoc-amazon.com *.amazon-adsystem.com pagead2.googlesyndication.com;media-src 'self' pagead2.googlesyndication.com; connect-src 'self' *.cardservice.co.jp *.cloudfront.net *.amazon.co.jp *.assoc-amazon.com *.amazon-adsystem.com www.google-analytics.com pagead2.googlesyndication.com stats.g.doubleclick.net; frame-src 'self' *.twitter.com *.bellcurve.jp  bellcurve.jp  *.facebook.com  *.assoc-amazon.com  *.youtube.com *.slideshare.net  *.google.com *.amazon-adsystem.com;  1
default-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.hubspot.com static.addtoany.com cdn.socket.io cdn.datatables.net *.cloudfront.net *.airtable.com www.googleadservices.com bat.bing.com www.youtube.com snap.licdn.com static.hotjar.com cdn.privacytools.com.br plugin.handtalk.me unpkg.com *.hubspot.net cdnjs.cloudflare.com www.gstatic.com script.hotjar.com www.google.com *.storylane.io try.abtasty.com code.jquery.com googleads.g.doubleclick.net www.google-analytics.com www.clarity.ms ajax.googleapis.com cdn.cookielaw.org *.facebook.net js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hscollectedforms.net js.hsforms.net js.hsleadflows.net js.hubspot.com app.hubspot.com js.usemessages.com *.linkedin.com static.hsappstatic.net www.googletagmanager.com www.gupy.io sibforms.com; style-src 'self' 'unsafe-inline' *.gupy.io *.hubspot.com *.hsappstatic.net *.hubspot.net cdnjs.cloudflare.com cdn.datatable.net cdn.datatables.net stackpath.bootstrapcdn.com cdn.cookielaw.org *.hubspotusercontent-na1.net *.hubspotusercontent40.net fonts.googleapis.com cdn.privacytools.com.br www.gupy.io sibforms.com; img-src 'self' blob: 3299491.fs1.hubspotusercontent-na1.net perf-na1.hsforms.com track.hubspot.com www.gupy.io data: *; font-src 'self' fonts.gstatic.com *.hubspotusercontent-na1.net *.hubspotusercontent40.net www.gupy.io assets.sendinblue.com; connect-src 'self' blob: fs1.hubspotusercontent-na1.net cdn.cookielaw.org *.gupy.io data: gap: *; media-src 'self' *.hubspot.com *.hubspotusercontent-na1.net; frame-src gupy.com.br *.gupy.com.br gupy.com.br/ gupy.io *.hs-sites.com *.hubspot.com *.sibforms.com static.addtoany.com www.youtube.com app.hubspot.com *.hubspotvideo.com td.doubleclick.net *.facebook.com forms.hsforms.com *.storylane.io airtable.com *.spotify.com gupy.chat.blip.ai gupy673.outgrow.us *.google.com anchor.fm; frame-ancestors 'self' gupy.com.br gupy.io;; upgrade-insecure-requests 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.blueghost.cz *.securenet.cz *.google.com *.youtube.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.vimeocdn.com *.gstatic.com *.ytimg.com 1
default-src 'self' www.googletagmanager.com https://d1af033869koo7.cloudfront.net;; script-src 'self' app.cdn.lookbookhq.com tracker.engageclick.com stage-new.www.247.ai turbo.engageclick.com platform.linkedin.com www.googletagmanager.com ajax.cloudflare.com ajax.googleapis.com js-agent.newrelic.com consent.trustarc.com extend.vimeocdn.com www.linkedin.com 074-hbw-141.mktoutil.com *.cloudfront.net unpkg.com info.247.ai www.google-analytics.com analytics.google.com *.marketo.com munchkin.marketo.net https://platform.linkedin.com/xdoor/scripts/in.js cdpn-js.figureone.com 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-eval' 'unsafe-inline' https://d1af033869koo7.cloudfront.net https://*.247-inc.net consent.trustarc.com ws-assets.zoominfo.com schedule.zoominfo.com js.zi-scripts.com www.recaptcha.net www.gstatic.com tag.demandbase.com;; object-src 'none' ; style-src 'self' maxcdn.bootstrapcdn.com app.cdn.lookbookhq.com rtp-static.marketo.com fast.fonts.net fonts.googleapis.com info.247.ai 'unsafe-inline' data: 'unsafe-inline' https://d1af033869koo7.cloudfront.net; ; img-src www.googletagmanager.com dev-new.www.247.ai google-analytics.com data: https: www.247.ai/*  tfscorp.intelliresponse.com;; frame-src 'self' consent-pref.trustarc.com www.linkedin.com vars.hotjar.com turbo.engageclick.com *.cloudfront.net player.vimeo.com www.youtube.com boards.greenhouse.io info.247.ai https://d1af033869koo7.cloudfront.net https://*.247-inc.net career4.successfactors.com www.recaptcha.net customercentricityworldseries.com www.brella.io sponsor.brella.io next.brella.io;; frame-ancestors 'self' consent-pref.trustarc.com https://www.linkedin.com customercentricityworldseries.com www.brella.io sponsor.brella.io next.brella.io;; child-src www.linkedin.com consent-pref.trustarc.com turbo.engageclick.com *.cloudfront.net blob: https://d1af033869koo7.cloudfront.net https://*.247-inc.net;; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com info.247.ai;; connect-src 'self' info.247.ai www.google.co.in wss: secure.adnxs.com stats.g.doubleclick.net analytics.google.com www.google-analytics.com api.company-target.com dev-new.www.247.ai *.mktoresp.com 074-hbw-141.mktoutil.com *.marketo.com *.cloudfront.net tie-stage.247-inc.net tie-stage.247-inc.net staging.api.247-inc.net stage-new.www.247.ai tie.247-inc.net bam.nr-data.net api.247-inc.net fonts.googleapis.com 6jh2sbaxvh.execute-api.us-east-1.amazonaws.com segments.company-target.com staging.api.cloud.247-inc.net https://d1af033869koo7.cloudfront.net api.cloud.247-inc.net https://*.247-inc.net target-web-staging.247-inc.net target-web.247-inc.net ws.zoominfo.com api.schedule.zoominfo.com js.zi-scripts.com; 1
upgrade-insecure-requests; block-all-mixed-content; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.youtube.com data:; style-src 'self' 'unsafe-inline' ; style-src-elem 'self' 'unsafe-inline'; img-src 'self' https://secure.gravatar.com data:; connect-src 'self' https://analytics.google.com; font-src 'self' data: https://www.gstatic.com https://fonts.gstatic.com; media-src 'self'; frame-src 'self' https://www.google.com https://www.youtube.com; form-action 'self'; frame-ancestors 'self'; base-uri 'self'; worker-src blob:; 1
frame-ancestors 'self' https://*.mailstation.de https://mailstation.de; report-uri https://mailstation.report-uri.com/r/d/csp/wizard 1
style-src 'self' 'unsafe-inline' https://cdn.frende.no https://frende-cms-prod.eu-central-1.elasticbeanstalk.com https://frende-cms-prod.s3.eu-central-1.amazonaws.com https://www.gstatic.com/ https://fonts.googleapis.com/ https://*.psplugin.com https://*.vergic.com; worker-src 'self' blob:; frame-src 'self' https://frende.no https://wwww.frende.no https://as.frende.no https://sts.frende.no https://login.frende.no https://cdn.frende.no/mypage/callback.html https://sikker.frende.no https://login.frende.no/identityserver/connect https://openwms.statkart.no/ https://www.sign.nets.eu https://www.e-sign.nets.eu/ https://www.facebook.com/tr/ https://www.youtube.com https://vimeo.com https://content.vergic.com; default-src 'self' beta.frende.no cdn.frende.no; font-src 'self' https://cdn.frende.no https://frende-cms-prod.eu-central-1.elasticbeanstalk.com https://frende-cms-prod.s3.eu-central-1.amazonaws.com https://fonts.gstatic.com http://*.psplugin.com http://*.vergic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.frende.no https://frende-cms-prod.eu-central-1.elasticbeanstalk.com https://frende-cms-prod.s3.eu-central-1.amazonaws.com https://*.googletagmanager.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/ https://www.facebook.com/tr/ https://*.psplugin.com https://*.vergic.com; img-src 'self' data: https://streetviewpixels-pa.googleapis.com https://frende-cms-test.s3.eu-central-1.amazonaws.com https://cdn.frende.test.z63.no.tconet.net https://images.finncdn.no/ https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com/ads/ga-audiences https://www.google.no/ads/ga-audiences https://www.google.se/ads/ga-audiences https://www.google.dk/ads/ga-audiences https://www.google.co.uk/ads/ga-audiences https://www.google.com.co/ads/ga-audiences https://www.google.com.au/ads/ga-audiences https://www.google.co.th/ads/ga-audiences https://www.google.co.in/ads/ga-audiences https://www.google.pl/ads/ga-audiences https://www.google.es/ads/ga-audiences https://www.google.ie/ads/ga-audiences https://www.google.de/ads/ga-audiences https://www.google.fi/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://www.google.is/ads/ga-audiences https://www.google.it/ads/ga-audiences https://www.google.ee/ads/ga-audiences https://www.google.fr/ads/ga-audiences https://www.google.cz/ads/ga-audiences https://www.google.lt/ads/ga-audiences https://www.google.co.id/ads/ga-audiences https://www.google.co.ma/ads/ga-audiences https://www.google.co.kr/ads/ga-audiences https://www.google.com.vn/ads/ga-audiences https://www.google.com.ph/ads/ga-audiences https://frende-cms-prod.s3.eu-central-1.amazonaws.com/favicons/favicon.ico https://i.ytimg.com https://i.vimeocdn.com https://maps.gstatic.com https://maps.googleapis.com https://*.ggpht.com https://*.psplugin.com https://*.vergic.com https://frende-cms-prod.s3.eu-central-1.amazonaws.com https://frende-cms-prod.s3.eu-central-1.amazonaws.com https://www.google.se/ads/ga-audiences https://www.google.dk/ads/ga-audiences https://www.google.co.uk/ads/ga-audiences https://www.google.com.co/ads/ga-audiences https://www.google.com.au/ads/ga-audiences https://www.google.co.th/ads/ga-audiences https://www.google.co.in/ads/ga-audiences https://www.google.pl/ads/ga-audiences https://www.google.es/ads/ga-audiences https://www.google.ie/ads/ga-audiences https://www.google.de/ads/ga-audiences https://www.google.fi/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://www.google.is/ads/ga-audiences https://www.google.it/ads/ga-audiences https://www.google.ee/ads/ga-audiences https://www.google.fr/ads/ga-audiences https://www.google.cz/ads/ga-audiences https://www.google.lt/ads/ga-audiences https://www.google.co.id/ads/ga-audiences https://www.google.co.ma/ads/ga-audiences https://www.google.co.kr/ads/ga-audiences https://www.google.com.vn/ads/ga-audiences https://www.google.com.ph/ads/ga-audiences https://www.facebook.com/ https://beta.frende.no https://cdn.frende.no https://www.gstatic.com/images/branding/product/2x/translate_24dp.png; connect-src 'self' https://api.frende.no https://nettbutikk.frende.no https://cdn.frende.no https://www.facebook.com/tr/ https://reflex.frende.no https://stats.g.doubleclick.net https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://login.frende.no/identityserver/.well-known/openid-configuration https://login.frende.no/identityserver/.well-known/openid-configuration/jwks https://login.frende.no/identityserver/connect/userinfo https://login.frende.no/identityserver/connect/token https://login.frende.no/identityserver/connect/revocation https://*.psplugin.com https://*.vergic.com wss://*.psplugin.com wss://*.vergic.com; frame-ancestors 'self' https://login.frende.no https://*.psplugin.com; report-uri https://sentry.frende.no/api/4/security/?sentry_key=a8f0108442274bb4abc943116523a7f8&sentry_environment=prod 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://chaosfem.tw; img-src 'self' data: blob: https://chaosfem.tw https://chaosfemtw.files.fedi.monster; style-src 'self' https://chaosfem.tw 'nonce-l7OMT6eLBT7DlB0kJOAWig=='; media-src 'self' data: https://chaosfem.tw https://chaosfemtw.files.fedi.monster; frame-src 'self' https:; manifest-src 'self' https://chaosfem.tw; form-action 'self'; child-src 'self' blob: https://chaosfem.tw; worker-src 'self' blob: https://chaosfem.tw; connect-src 'self' data: blob: https://chaosfem.tw https://chaosfemtw.files.fedi.monster wss://chaosfem.tw; script-src 'self' https://chaosfem.tw 'wasm-unsafe-eval' 1
default-src data: blob: https: wss: 'unsafe-inline' 'unsafe-eval'; font-src https: data: 1
"frame-ancestors 'self' https://www.perugina.com;" 1
script-src  'self' 'unsafe-inline' 'unsafe-eval' https://widget02.wolkvox.com https://youtube.com https://www.googleadservices.com https://unpkg.com https://www.facebook.com https://connect.facebook.net https://d335luupugsy2.cloudfront.net https://googleads.g.doubleclick.net https://trackcmp.net https://www.clickcease.com https://bundle.run https://tweetnacl.js.org https://cdn.jsdelivr.net https://botai.smartdataautomation.com https://chat01.ipdialbox.com https://chat01.wolkvox.com https://widget.manychat.com https://referidos.coomeva.com.co https://chat01.ipdialbox.com  https://www.coomeva.com.co https://cdnjs.cloudflare.com https://code.jquery.com https://core.pengi.co https://core.pengi.co:3001 https://digital.coomeva.com.co *.tableau.com *.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleapis.com https://assets.zendesk.com https://connect.facebook.net *.hotjar.com *.twitter.com *.twimg.com *.googletagmanager.com; img-src 'self' blob: www.googleadservices.com https://unpkg.com https://www.facebook.com connect.facebook.net botai.smartdataautomation.com https://chat01.ipdialbox.com  https://www.coomeva.com.co https://cdnjs.cloudflare.com https://stats.g.doubleclick.net https://placeholdit.imgix.net https://digital.coomeva.com.co https://platform.bluemessaging.net *.tableau.com s3.amazonaws.com http://smartlink.cool *.cool http://sellodeexcelencia.gov.co http://especiales.presidencia.gov.co http://synersis.co:8442 *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.gstatic.com http://img.youtube.com https://s-static.ak.facebook.com https://assets.zendesk.com www.googleadservices.com data: www.googleadservices.com botai.smartdataautomation.com *.hotjar.com *.twitter.com *.twimg.com http://vozme.com sedeelectronica.com.co; style-src 'self' 'unsafe-inline' www.googleadservices.com https://www.facebook.com botai.smartdataautomation.com https://chat01.ipdialbox.com https://www.coomeva.com.co https://cdnjs.cloudflare.com http https://digital.coomeva.com.co *.tableau.com https://www.nexura.com *.gstatic.com *.google.com *.googleapis.com https://assets.zendesk.com *.hotjar.com *.twitter.com sedeelectronica.com.co pruebas-se-macondo.nexura.com http://www.cali.gov.co https://*.bootstrapcdn.com; font-src 'self' data: botai.smartdataautomation.com https://chat01.ipdialbox.com https://www.coomeva.com.co https://cdnjs.cloudflare.com http www.googleadservices.com https://core.pengi.co https://core.pengi.co:3001 https://digital.coomeva.com.co *.tableau.com https://*.bootstrapcdn.com https://www.nexura.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.hotjar.com sedeelectronica.com.co http://www.cali.gov.co; object-src 'self' www.googleadservices.com https://botai.smartdataautomation.com https://chat01.ipdialbox.com https://www.coomeva.com.co  https://cdnjs.cloudflare.com http ; frame-ancestors 'self' www.googleadservices.com https://botai.smartdataautomation.com https://chat01.ipdialbox.com *.tableau.com https://digital.coomeva.com.co; media-src 'self' blob: https://botai.smartdataautomation.com https://chat01.ipdialbox.com https://www.coomeva.com.co  https://cdnjs.cloudflare.com http www.googleadservices.com http://vozme.com https://digital.coomeva.com.co *.tableau.com http://smartlink.cool *.smartlink.cool; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://js.stripe.com https://static.cloudflareinsights.com https://hcaptcha.com https://*.hcaptcha.com; img-src https://i.creativecommons.org https://licensebuttons.net 'self' data: https://legacy.suttacentral.net https://suttacentral.net; connect-src 'self' https://api.stripe.com https://js.stripe.com https://cloudflareinsights.com https://hcaptcha.com https://*.hcaptcha.com https://raw.githubusercontent.com/suttacentral/editions/main/last_run_date https://*.algolia.net https://*.algolianet.com https://*.algolia.io; style-src 'self' https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self'; frame-src about: https://www.google.com https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com; object-src 'none'; media-src 'self' https://ia601508.us.archive.org; 1
default-src 'self' 'nonce-JSXbpTvFRFeimKstVjQN2Q==' data: ;script-src 'self' https://d2ki1uyufn7sj9.cloudfront.net https://d2lm0p9xttk9v1.cloudfront.net https://d3847ft59mjvb2.cloudfront.net/ https://js-cdn.dynatracelabs.com 'unsafe-inline' https://chat-one.dynatrace.com https://cdn.chat-one.dynatrace.com ;object-src 'self' 'nonce-JSXbpTvFRFeimKstVjQN2Q==' https://assets.dynatrace.com;style-src 'self' 'unsafe-inline' https://d2ki1uyufn7sj9.cloudfront.net https://d2lm0p9xttk9v1.cloudfront.net https://cdn.chat-one.dynatrace.com;font-src 'self' 'nonce-JSXbpTvFRFeimKstVjQN2Q==' https://d2ki1uyufn7sj9.cloudfront.net https://d2lm0p9xttk9v1.cloudfront.net https://dt-cdn.net https://cdn.chat-one.dynatrace.com;img-src 'self' 'nonce-JSXbpTvFRFeimKstVjQN2Q==' data: https://d2ki1uyufn7sj9.cloudfront.net https://d2lm0p9xttk9v1.cloudfront.net https://ruxit-synth-screencap-dev.s3.amazonaws.com https://ruxit-synth-screencap-sprint.s3.amazonaws.com https://ruxit-synth-screencap.s3.amazonaws.com data: https://dt-cdn.net https://dynatrace.asknice.ly https://assets.survicate.com blob: https://cdn.chat-one.dynatrace.com https://chat-one.dynatrace.com;media-src 'self' 'nonce-JSXbpTvFRFeimKstVjQN2Q==' ;frame-src 'self' 'nonce-JSXbpTvFRFeimKstVjQN2Q=='  https://d2ki1uyufn7sj9.cloudfront.net https://d2lm0p9xttk9v1.cloudfront.net https://assets.dynatrace.com https://chat-one.dynatrace.com;connect-src 'self' 'nonce-JSXbpTvFRFeimKstVjQN2Q==' https://d2ki1uyufn7sj9.cloudfront.net https://d2lm0p9xttk9v1.cloudfront.net https://api.segment.io https://trello.com/1/ https://assets.dynatrace.com https://chat-one.dynatrace.com https://cdn.chat-one.dynatrace.com wss://chat-one.dynatrace.com;child-src 'self' blob:;worker-src 'self' blob:;frame-ancestors 'self' ;base-uri 'self' ;form-action 'self' https://dynatrace.asknice.ly https://federation.auth.schwarz; report-uri /reportCPSViolations 1
default-src 'self' 'unsafe-inline' https: blob: wss: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: ; img-src 'self' data: https: ; font-src 'self' data: https: ; frame-ancestors 'self' https://cms.chanbrothers.com; 1
default-src *;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';img-src * data:;font-src 'self' data: https://fonts.googleapis.com:* https://fonts.gstatic.com:* https://www.googletagmanager.com:* https://www.google-analytics.com:* https://googleads.g.doubleclick.net:* https://maxcdn.bootstrapcdn.com:*;upgrade-insecure-requests;block-all-mixed-content;manifest-src 'self';object-src 'none'; 1
default-src https: http:;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://js-agent.newrelic.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://static.hotjar.com https://*.nr-data.net https://snap.licdn.com https://secure.leadforensics.com https://script.hotjar.com https://www.youtube.com https://assets.calendly.com https://embed.tawk.to https://va.tawk.to https://tawk.link https://www.google-analytics.com https://cdn.jsdelivr.net js.zi-scripts.com ws.zoominfo.com ws-assets.zoominfo.com;  style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://assets.calendly.com/ https://va.tawk.to https://embed.tawk.to https://tawk.link;  img-src 'self' data: https://virsaemarketingstorage.blob.core.windows.net https://www.google-analytics.com https://*.vimeocdn.com https://px.ads.linkedin.com https://p.adsymptotic.com https://va.tawk.to https://embed.tawk.to https://tawk.link https://cdn.jsdelivr.net https://www.google.co.nz; connect-src 'self' wss://*.hotjar.com https://in.hotjar.com https://va.tawk.to https://embed.tawk.to https://tawk.link wss://vsa57.tawk.to https://www.google-analytics.com wss://*.tawk.to https://analytics.google.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://idx.liadm.com js.zi-scripts.com ws.zoominfo.com ws-assets.zoominfo.com; 1
frame-ancestors *.needmytranscript.com; 1
default-src 'self';script-src 'self' *.schibsted.com *.schibsted.io platform.instagram.com www.instagram.com pp.lp4.io cdn.jsdelivr.net vgc.no cdn.stream.schibsted.media smartplugin.youbora.com www.gstatic.com ssl.p.jwpcdn.com blob: 'unsafe-eval' static.vg.no *.vektklubb.no;style-src 'self' 'unsafe-inline' 'unsafe-hashes' unpkg.com fonts.googleapis.com use.fontawesome.com vgc.no cdn.stream.schibsted.media static.vg.no;font-src 'self' data: fonts.gstatic.com use.fontawesome.com cdn.vev.design vgc.no d3iwtia3ndepsv.cloudfront.net;frame-src 'self' www.instagram.com player.vimeo.com;connect-src 'self' pp.lp4.io *.schibsted.com *.schibsted.io customer.api.appboy.eu time.akamai.com svp.vg.no cdn.stream.schibsted.media related.stream.schibsted.media entitlements.jwplayer.com prd.jwpltx.com amd-ab.akamaized.net *.vektklubb.no *.vgnett.no api.vg.no d3iwtia3ndepsv.cloudfront.net session-service.payment.schibsted.no vgtvlive-lh.akamaized.net amd-vgtv.akamaized.net dd-vgtv.akamaized.net;img-src 'self' data: blob: ship-pro-static-content.s3.eu-west-1.amazonaws.com/img/schibsted_logo.svg media.github.schibsted.io cdn.braze.eu sch-map.norstatsurveys.com cis.schibsted.com shared.cdn.smp.schibsted.com shared.cdn.schibsted.lol cdn.ship.schibsted.io cdn.vev.design images.stream.schibsted.media *.jwpltx.com static.vg.no imbo.vgtv.no *.vektklubb.no d3iwtia3ndepsv.cloudfront.net svp-images-vh.akamaized.net;media-src 'self' svpvodps-vh.akamaized.net blob: dd-vgtv.akamaized.net vgtvlive-lh.akamaized.net amd-vgtv.akamaized.net;object-src 'self';report-uri /webapi/csp/report;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none' 1
frame-ancestors 'self' https://*.comdinheiro.com.br https://*.gstatic.com https://*.btrader.com.br https://online.btrader.com.br; default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; connect-src * ws: wss:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.realperson.cloud code.jquery.com static.cloudflareinsights.com ajax.cloudflare.com *.cookiebot.com www.googletagmanager.com ssl.google-analytics.com analytics.regiohelden.de data: https://*.openstreetmap.org 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: source.unsplash.com images.unsplash.com usercontent.realperson.cloud www.googletagmanager.com www.google.de www.google.com ssl.google-analytics.com analytics.regiohelden.de imgsct.cookiebot.com https://*.openstreetmap.org; base-uri 'self'; frame-src 'self' https://consentcdn.cookiebot.com *.youtube-nocookie.com www.linkedin.com www.chatnode.ai embed.chatnode.ai; form-action 'self'; style-src 'self' 'unsafe-inline' *.realperson.cloud *.cookiebot.com 'report-sample'; font-src 'self' data: *.realperson.cloud; worker-src 'self' blob:; connect-src 'self' https://chat2180.realperson.cloud wss://chat2180.realperson.cloud https://charts3.equitystory.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://analytics.regiohelden.de data: https://*.openstreetmap.org; frame-ancestors 'self'; report-uri https://www.stroeer.de/@http-reporting?csp=report&requestTime=1721917939052808 1
default-src 'self' *.sprinklr.com; script-src 'self' *.sprinklr.com *.googleapis.com *.amazonaws.com *.blob.core.windows.net; script-src-elem 'self' *.sprinklr.com *.googleapis.com *.amazonaws.com *.blob.core.windows.net 1
script-src 'self' 'unsafe-inline' *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com cdn-cookieyes.com; frame-src 'self' *.youtube.com; object-src 'self'; style-src 'self' 'unsafe-inline' 1
default-src 'self' www.youtube.com www.youtube-nocookie.com; child-src 'self' www.youtube.com www.youtube-nocookie.com *.fls.doubleclick.net; frame-src 'self' vars.hotjar.com *.fls.doubleclick.net www.youtube.com www.youtube-nocookie.com apps.mypurecloud.com.au player.vimeo.com; connect-src 'self' *.ambithub.com ipinfo.io wss://sbsfaq.ambithub.com stats.g.doubleclick.net wss://*.hotjar.com *.hotjar.com *.hotjar.io *.monsido.com *.googletagmanager.com analytics.google.com www.google-analytics.com api.mypurecloud.com.au api-cdn.mypurecloud.com.au wss://webmessaging.mypurecloud.com.au; img-src 'self' data: www.google.co.nz *.google.com www.google-analytics.com *.g.doubleclick.net *.googleapis.com *.gstatic.com *.ambithub.com bat.bing.com *.facebook.com *.quantserve.com *.hotjar.com *.hotjar.io *.monsido.com *.googletagmanager.com analytics.google.com; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com cdn.polyfill.io *.ambithub.com bat.bing.com connect.facebook.net *.quantserve.com *.quantcount.com static.hotjar.com script.hotjar.com *.hotjar.io *.monsido.com *.googletagmanager.com analytics.google.com staticcdn.co.nz apps.mypurecloud.com.au; style-src 'unsafe-inline' 'self' hello.myfonts.net *.googleapis.com *.gstatic.com *.ambithub.com; font-src 'self' data: *.gstatic.com *.hotjar.com; 1
font-src 'self' fonts.googleapis.com fonts.gstatic.com www.framer.com framerusercontent.com app.framerstatic.com img-vb.100ms.live data:;img-src 'self' data: dezerv-assets.s3.ap-south-1.amazonaws.com www.framer.com framerusercontent.com app.framerstatic.com dezerv-profile-images.s3.ap-south-1.amazonaws.com dezerv-strapi-integration.s3.ap-south-1.amazonaws.com dezerv-strapi-test.s3.ap-south-1.amazonaws.com t.co analytics.twitter.com googleads.g.doubleclick.net www.facebook.com www.google.com www.google.co.in px.ads.linkedin.com facebook.net storage.googleapis.com img-vb.100ms.live;script-src 'self' 'unsafe-eval' 'unsafe-inline' widgets.in.webengage.com www.framer.com framerusercontent.com app.framerstatic.com www.googletagmanager.com https: fc.dezerv.in www.google.co.in facebook.net www.facebook.com img-vb.100ms.live data: blob:;frame-src 'self' inz8261735b.in.webengage.co inzz71680a69.in.webengage.co www.framer.com framerusercontent.com app.framerstatic.com dezerv-assets.s3.ap-south-1.amazonaws.com www.youtube.com calendly.com td.doubleclick.net facebook.net www.facebook.com img-vb.100ms.live www.google.com; 1
script-src 'self' 'unsafe-inline' blob: 'unsafe-eval' *.orange.cd *.google.fr cdn.jsdelivr.net ray.st *.facebook.net facebook.net *.readspeaker.com maps.gstatic.com orange-rdv.right-q.com *.googleapis.com 0-dsn.algolia.net 0-1.algolianet.com 0-2.algolianet.com 0-3.algolianet.com www.gstatic.com www.google.com www.google.com.pk www.googleadservices.com api.orangefootballclub.com www.surveygizmo.com www.surveygizmo.eu help.dimelo.com cobrowsing.eu2.digital.ringcentral.com orange-rdc.engagement.dimelo.com cobrowsing.eu2.digital.ringcentral.com dimelo-chat.s3.amazonaws.com *.orange.cd orange-rdc.ws.dimelo.com orange-rdc.dimelochat.com orange-rdc.messaging.dimelo.com sfdc.dimelo.com engagement-connect.herokuapp.com optimize.google.com s.ytimg.com www.youtube.com tagmanager.google.com w.usabilla.com orange-ci.dimelochat.com appstatic.quanta.io completion.ke.orange.fr img.ke.woopic.com  www.googletagmanager.com www.google-analytics.com  graph.facebook.com urls.api.twitter.com api.pinterest.com www.linkedin.com *.crazyegg.com; style-src 'self' 'unsafe-inline' *.orange.cd ray.st *.crazyegg.com *.readspeaker.com maps.gstatic.com orange-rdv.right-q.com *.googleapis.com 0-dsn.algolia.net 0-1.algolianet.com 0-2.algolianet.com 0-3.algolianet.com api.orangefootballclub.com www.surveygizmo.com www.surveygizmo.eu help.dimelo.com cobrowsing.eu2.digital.ringcentral.com orange-rdc.engagement.dimelo.com cobrowsing.eu2.digital.ringcentral.com dimelo-chat.s3.amazonaws.com orange-rdc.wc.dimelo.com orange-rdc.dimelochat.com orange-rdc.messaging.dimelo.com sfdc.dimelo.com engagement-connect.herokuapp.com optimize.google.com mastermedia.orange-business.com img.ke.woopic.com orange-rdc.dimelochat.com; img-src blob: data: 'self' 'unsafe-inline' *.orange.cd sport365.fr *.sport365.fr *.google.fr *.orange.cd ray.st *.crazyegg.com maps.gstatic.com orange-rdv.right-q.com *.googleapis.com 0-dsn.algolia.net 0-1.algolianet.com 0-2.algolianet.com 0-3.algolianet.com www.googletagmanager.com googleads.g.doubleclick.net api.orangefootballclub.com www.surveygizmo.com www.surveygizmo.eu help.dimelo.com cobrowsing.eu2.digital.ringcentral.com orange-rdc.engagement.dimelo.com cobrowsing.eu2.digital.ringcentral.com dimelo-chat.s3.amazonaws.com orange-rdc.wc.dimelo.com orange-rdc.dimelochat.com orange-rdc.messaging.dimelo.com sfdc.dimelo.com engagement-connect.herokuapp.com optimize.google.com i.ytimg.com fr.orangefootballclub.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.com.pk www.google.fr rum-metrics.quanta.io d212beldn0wvcm.cloudfront.net dimelo.s3.amazonaws.com; form-action 'self' http://testinstantbillspay.com.ng payment.instantbillspay.com cd.instantbillspay.com mpayment.orange-money.com webpayment-ow-sb.orange-money.com; object-src 'self' *.crazyegg.com  ; frame-src 'self' 'unsafe-inline' *.orange.cd *.crazyegg.com live-homescreen.orange.com td.doubleclick.net *.orange.com *.readspeaker.com maps.gstatic.com orange-rdv.right-q.com *.googleapis.com 0-dsn.algolia.net 0-1.algolianet.com 0-2.algolianet.com 0-3.algolianet.com api.orangefootballclub.com wwww.surveygizmo.com ww.surveygizmo.eu help.dimelo.com cobrowsing.eu2.digital.ringcentral.com orange-rdc.engagement.dimelo.com cobrowsing.eu2.digital.ringcentral.com dimelo-chat.s3.amazonaws.com orange-rdc.wc.dimelo.com orange-rdc.dimelochat.com orange-rdc.messaging.dimelo.com sfdc.dimelo.com engagement-connect.herokuapp.com optimize.google.com mastermedia.orange-business.com www.orange-business.com www.youtube.com datastudio.google.com otapoci.gos.orange.com; frame-ancestors 'self'; 1
connect-src 'self'  *.addthis.com *.clarity.ms *.cookielaw.org *.g.doubleclick.net *.google-analytics.com *.google.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.hubspot.com *.mktoresp.com *.mktoutil.com *.onetrust.com *.statbroadcast.com analytics.tiktok.com api.airbrake.io attestation.android.com bcbolt446c5271-a.akamaihd.net cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net cdn.linkedin.oribi.io csi.gstatic.com csp.withgoogle.com gtm-w82hjxd-otazy.uc.r.appspot.com ka-f.fontawesome.com manifest.prod.boltdns.net notifier-configs.airbrake.io pagead2.googlesyndication.com pixel.adsafeprotected.com px.ads.linkedin.com region1.analytics.google.com rum-collector-2.pingdom.net s3.amazonaws.com/s3.statbroadcast.com/ ws://*.theufl.com:24678/ ws://localhost:24678/ www.facebook.com scripts.cleverwebserver.com; default-src 'self' *.statbroadcast.com cdn.datatables.net s3.amazonaws.com/s3.statbroadcast.com/ cdnjs.cloudflare.com scripts.cleverwebserver.com; font-src 'self' cdnjs.cloudflare.com data: fonts.gstatic.com ka-f.fontawesome.com maxcdn.bootstrapcdn.com use.typekit.net data://* scripts.cleverwebserver.com; form-action 'self' *.twitter.com analytics.clickdimensions.com bbox.blackbaudhosting.com www.facebook.com scripts.cleverwebserver.com; frame-src 'self' *.addthis.com *.emailmeform.com *.facebook.com *.fls.doubleclick.net *.g.doubleclick.net *.google.com *.hsforms.com *.hsforms.net *.hubspot.com *.safeframe.googlesyndication.com *.sport80.com *.statbroadcast.com *.tiktok.com *.tourneymachine.com *.twitter.com *.wufoo.com abc11.com anchor.fm app-ab22.marketo.com bbox.blackbaudhosting.com c.streamhoster.com cdn.datatables.net cdn.flipsnack.com cdnjs.cloudflare.com cloud.e.theufl.com console.googletagservices.com draftable.com embed.fitrankings.com embed.gettyimages.com free.timeanddate.com gc.com geosnapshot.com giphy.com imasdk.googleapis.com indd.adobe.com livestream.com online.anyflip.com player.vimeo.com s3.amazonaws.com/online.anyflip.com/vrut/kvxl/ s3.amazonaws.com/s3.statbroadcast.com/ share.transistor.fm snapwidget.com st.chatango.com streaming.enetlive.tv td.doubleclick.net tpc.googlesyndication.com universe.queue-it.net uploads.knightlab.com vplayer.nbcsports.com www.bullseyelocations.com www.buzzsprout.com www.foxsports.com www.givedirect.org www.googletagmanager.com www.instagram.com www.paypal.com www.paypalobjects.com www.scribd.com www.slideshare.net www.statbroadcast.com www.surveymonkey.com www.thorne.com www.universe.com www.youtube-nocookie.com www.youtube.com scripts.cleverwebserver.com; img-src 'self'  *.ads.linkedin.com *.adsafeprotected.com *.g.doubleclick.net *.google-analytics.com *.googlesyndication.com *.gstatic.com *.hsforms.com *.hsforms.net *.hubspot.com *.statbroadcast.com *.twimg.com *.twitter.com ad.doubleclick.net barbend.com bbox.blackbaudhosting.com c.bing.com c.clarity.ms cdn-images.mailchimp.com cdn.cookielaw.org cdn.datatables.net cdnjs.cloudflare.com cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.0/ajax-loader.gif cf-images.us-east-1.prod.boltdns.net clients1.google.com connect.facebook.net data: i.ytimg.com images.contentstack.io img.youtube.com p.adsymptotic.com p.typekit.net pixel.quantserve.com region1.analytics.google.com res.cloudinary.com s3.amazonaws.com/s3.statbroadcast.com/ t.co t.paypal.com www.facebook.com www.google.at www.google.be www.google.ca www.google.ch www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.uk www.google.co.vi www.google.com.au www.google.com.hk www.google.com.mx www.google.com.pr www.google.com.sg www.google.com.tw www.google.com www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.ie www.google.it www.google.lu www.google.nl www.google.no www.google.pt www.google.se www.google.vg www.googleapis.com www.googletagmanager.com www.linkedin.com www.paypalobjects.com scripts.cleverwebserver.com; media-src 'self' blob: ; report-uri ; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.addthis.com *.adsafeprotected.com *.cdc.gov *.clarity.ms *.clickdimensions.com *.cookielaw.org *.g.doubleclick.net *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hscollectedforms.net *.hsforms.com *.hsforms.net *.hsleadflows.net *.hubspot.com *.hubspotfeedback.com *.instagram.com *.pxlecdn.com *.statbroadcast.com *.tiktok.com *.ttwstatic.com *.twitter.com *.wufoo.com *.youtube.com adservice.google.at adservice.google.be adservice.google.ca adservice.google.ch adservice.google.co.jp adservice.google.co.kr adservice.google.co.nz adservice.google.co.uk adservice.google.com.au adservice.google.com.hk adservice.google.com.mx adservice.google.com.pr adservice.google.com.sg adservice.google.com.tw adservice.google.com adservice.google.de adservice.google.dk adservice.google.es adservice.google.fi adservice.google.fr adservice.google.gr adservice.google.ie adservice.google.it adservice.google.nl adservice.google.no adservice.google.pt adservice.google.se ajax.googleapis.com analytics.tiktok.com app-ab22.marketo.com az124611.vo.msecnd.net/web/v10/CDWidget.js c.bing.com cdn.datatables.net cdn.datatables.net/v/dt/dt-2.0.1/datatables.min.js cdn.statbroadcast.com cdn.syndication.twimg.com cdnjs.cloudflare.com cdnslssl.coveritlive.com code.jquery.com connect.facebook.net console.googletagservices.com cse.google.com feedback.hubapi.com kit.fontawesome.com lf16-tiktok-web.tiktokcdn-us.com maxcdn.bootstrapcdn.com munchkin.marketo.net rules.quantcount.com rum-static.pingdom.net s3.amazonaws.com/s3.statbroadcast.com/ secure.givelively.org secure.quantserve.com snap.licdn.com snapwidget.com stackpath.bootstrapcdn.com static.ads-twitter.com use.typekit.net v1.addthisedge.com vjs.zencdn.net widget.surveymonkey.com widgets.flickr.com www.buzzsprout.com www.google.com www.googletagmanager.com www.googletagservices.com www.gstatic.com www.paypal.com www.paypalobjects.com scripts.cleverwebserver.com; style-src 'self' 'unsafe-inline' *.statbroadcast.com bbox.blackbaudhosting.com cdn-images.mailchimp.com cdn-us.clickdimensions.com cdn.datatables.net cdn.datatables.net/v/dt/dt-2.0.1/datatables.min.css cdn.fonts.net cdn.statbroadcast.com/css/UFLroster.css cdn.statbroadcast.com/css/UFLteamstats.css cdnjs.cloudflare.com code.jquery.com fonts.googleapis.com lf16-tiktok-web.ttwstatic.com maxcdn.bootstrapcdn.com p.typekit.net platform.twitter.com s3.amazonaws.com s3.amazonaws.com/s3.statbroadcast.com/ use.typekit.net www.google.com/cse/ www.instagram.com scripts.cleverwebserver.com; worker-src 'self' blob: ; 1
frame-ancestors 'self' https://*.graceframe.com 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://popupmaker.com https://*.googletagmanager.com https://*.bronto.com wss://*.hotjar.com https://snapwidget.com https://*.nr-data.net https://*.newrelic.com https://*.calendly.com https://*.flodesk.com https://*.getsitecontrol.com https://*.sharethis.com https://*.vistag.com https://*.privy.com https://*.zopim.com https://*.zdassets.com *.mailchimp.com *.hotjar.com http://localhost:* https://*.powr.io https://*.tawk.to https://*.pinterest.com https://cdn.lightwidget.com js.hs-scripts.com https://unpkg.com https://www.google.com *.google.com *.google-analytics.com http://js.hs-analytics.net https://cdn.firebase.com https://cdnjs.cloudflare.com https://d2zah9y47r7bi2.cloudfront.net https://*.firebaseio.com https://*.vo.msecnd.net https://browser-update.org https://api.instagram.com *.fonts.net/ http://browser-update.org http://cdn.datatables.net http://cdn.heapanalytics.com *.googleapis.com/ https://www.googletagmanager.com https://use.typekit.net https://chat.milittisales.com https://crm.imaxcorp.com *.list-manage.com https://ct.capterra.com http://lightwidget.com https://cdn.jsdelivr.net *.googleadservices.com https://www.gstatic.com https://chimpstatic.com https://*.facebook.net/ *.segment.com/ https://api.segment.io https://s.yimg.com http://sp.analytics.yahoo.com *.driftt.com *.tokenex.com https://browser.sentry-cdn.com https://js.sentry-cdn.com *.smartlook.cloud *.hsadspixel.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hs-banner.com https://*.doubleclick.net https://*.localizecdn.com https://*.usemessages.com;object-src 'self' https://repzio-azurefunctions-pdfgenerator.azurewebsites.net;style-src 'self' 'unsafe-inline' https://popupmaker.com https://*.privy.com https://*.zdassets.com *.mailchimp.com data: https://*.jsdelivr.net https://*.tawk.to https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com *.fonts.net https://fonts.googleapis.com http://cdn.datatables.net https://cdn-images.mailchimp.com https://use.fontawesome.com https://translate.googleapis.com;img-src 'self' https://snapwidget.com https://popupmaker.com https://google-analytics.com https://*.sharethis.com https://*.privy.com https://privymktg.com https://*.zdassets.com *.mailchimp.com data: https://*.jsdelivr.net https://*.tawk.to track.hubspot.com https://studiowebware.secure.force.com https://heapanalytics.com https://images.unsplash.com http://via.placeholder.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.gstatic.com https://maps.googleapis.com *.googleapis.com https://usage.trackjs.com *.global.ssl.fastly.net *.repzio.com https://b2bbucket.s3.amazonaws.com https://s3.amazonaws.com https://scontent.cdninstagram.com http://cdn.datatables.net https://tradegecko-images.s3.amazonaws.com https://stats.g.doubleclick.net https://cdn.b2bdirect.io https://assets.bwconnect.com https://googleads.g.doubleclick.net https://www.facebook.com https://salesrepimages.s3.amazonaws.com *.fonts.net/ https://p.typekit.net https://*.localizecdn.com https://*.junipercdn.com;media-src 'self' https://*.privy.com https://*.zdassets.com https://b2bbucket.s3.amazonaws.com https://player.vimeo.com http://www.greenhillaudio.com https://repzioproductimages.s3.amazonaws.com;frame-src 'self' https://*.captur3d.io/ https://*.matterport.com/ https://*.googletagmanager.com https://*.bronto.com https://*.nr-data.net wss://*.hotjar.com https://snapwidget.com https://*.aftermkt.com https://popupmaker.com https://momento360.com https://calendly.com https://kuula.co https://*.activemerchandiser.com https://*.hotjar.com https://c.sharethis.mgr.consensu.org https://*.sharethis.com https://*.privy.com *.list-manage.com/ *.driftt.com https://*.tawk.to https://*.powr.io https://*.facebook.com https://cdn.lightwidget.com https://studiowebware.secure.force.com https://player.vimeo.com https://www.youtube.com https://*.firebaseio.com https://www.google.com https://showroom.gso360.com https://*.issuu.com https://*.repzio.com https://crm.imaxcorp.com http://lightwidget.com https://repzio-azurefunctions-pdfgenerator.azurewebsites.net *.tokenex.com/ https://*.doubleclick.net https://*.hubspot.com https://*.hsforms.com;font-src 'self' https://b2bbucket.s3.amazonaws.com https://*.vistag.com https://*.privy.com https://*.zdassets.com https://*.tawk.to https://cdn.lightwidget.com https://cdn.joinhoney.com data: *.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://use.typekit.net https://use.fontawesome.com;connect-src 'self' https://*.googletagmanager.com https://*.bronto.com https://*.nr-data.net wss://*.hotjar.com https://popupmaker.com https://*.popupmaker.com https://*.flodesk.com https://*.getsitecontrol.com *.hotjar.com https://*.sharethis.com https://*.vistag.com https://*.privy.com ws://*.zopim.com https://*.zopim.com https://*.zendesk.com https://*.zdassets.com ws://*.tawk.to https://*.tawk.to https://*.powr.io ws://192.168.1.124:* ws://10.0.0.133:* ws://localhost:* http://localhost:* https://b2bbucket.s3.amazonaws.com https://repziowebapizipcodes.azurewebsites.net https://maps.googleapis.com wss://*.firebaseio.com https://capture.trackjs.com https://clconnect.coltonlane.com https://dc.services.visualstudio.com https://repziotest.azurewebsites.net https://crm.imaxcorp.com https://*.repzio.com https://api.segment.io https://www.google-analytics.com *.google-analytics.com *.azurewebsites.net https://repzio.azure-api.net https://performance.typekit.net https://tearsheetsgeneration.blob.core.windows.net *.sentry.io *.smartlook.cloud *.hsadspixel.net https://*.amazonaws.com https://*.localizecdn.com *.segment.com/ https://api.hubspot.com https://*.hsforms.com;report-uri /WebResource.axd?cspReport=true 1
default-src 'self' pl-proxy.uidotdev.workers.dev npm-trends-proxy.uidotdev.workers.dev; connect-src 'self' bytes.dev npm-trends-proxy.uidotdev.workers.dev npm-trends-gateway.onrender.com connect.facebook.net pl-proxy.uidotdev.workers.dev; script-src 'self' https://static.ads-twitter.com/uwt.js use.fortawesome.com connect.facebook.net npm-trends-proxy.uidotdev.workers.dev pl-proxy.uidotdev.workers.dev 'unsafe-eval' 'unsafe-inline'; style-src 'self' use.fortawesome.com 'unsafe-inline'; img-src 'self' https: data:; font-src 'self' data:; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: wss: blob: 1
frame-ancestors 'self' https://microapps.google.com https://freshpik.hostx5.de https://fynd.hostx5.de https://*.werafoods.com https://*.bharatgo.com 1
frame-ancestors 'self'; base-uri 'self'; form-action assets.koempf24.de gpc-sys.pay1.de pixi.koempf24.de ratenkauf.easycredit.de threedssvc.pay1.de www.mollie.com www.paypal.com www.sofort.com www.oase-teichbau.de backoffice.koempf24.de 'self' https://threedssvc.pay1.de https://gpc-sys.pay1.de https://www.paypal.com https://www.sofort.com https://ratenkauf.easycredit.de https://seu2.cleverreach.com https://*.mollie.com https://*.mollie.nl https://pay.twint.ch https://r2.girogate.de https://www.paydirekt.de/ https://pay.klarna.com/eu/hpp/payments/* 1
default-src 'self';style-src 'self' 'unsafe-inline' use.fontawesome.com popin.survey-xact.dk maxcdn.bootstrapcdn.com cdn.jsdelivr.net *.hotjar.com pensjonskassa.containers.piwik.pro;script-src 'self' 'unsafe-eval' 'unsafe-inline' euwa.puzzel.com popin.survey-xact.dk maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.hotjar.com pensjonskassa.containers.piwik.pro analytics.silktide.com;font-src 'self' data: euwa.puzzel.com use.fontawesome.com dhm5hy2vn8l0l.cloudfront.net *.hotjar.com pensjonskassa.containers.piwik.pro;frame-src 'self' www.survey-xact.no *.hotjar.com pensjonskassa.piwik.pro;img-src 'self' data: ssl.gstatic.com www.gstatic.com www.survey-xact.no popin.survey-xact.dk *.hotjar.com pensjonskassa.containers.piwik.pro;connect-src 'self' *.puzzel.com *.hotjar.com *.hotjar.io wss://*.hotjar.com pensjonskassa.piwik.pro pensjonskassa.containers.piwik.pro a.eu.silktide.com; 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.nitrocdn.com *.play.ht play.ht *.techvalidate.com *.wistia.com *.realproof.io *.livechatinc.com *.listenlayer.com collect.listenlayer.com *.bing.com *.callrail.com *.pardot.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.linkedin.com *.licdn.com scatec.io *.clickcease.com *.zoominfo.com *.googlesyndication.com info.datavail.com *.ampproject.org ajax.cloudflare.com *.cloudflareinsights.com fast.wistia.net; script-src-elem 'self' data: blob: 'unsafe-inline' cdn-app.pathfactory.com nitroscripts.com *.nitrocdn.com yoast.com *.play.ht play.ht *.techvalidate.com *.cloudfront.net *.wistia.com *.realproof.io *.livechatinc.com *.listenlayer.com collect.listenlayer.com *.bing.com *.callrail.com *.pardot.com *.gstatic.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com fonts.googleapis.com *.doubleclick.net *.linkedin.com *.licdn.com scatec.io *.clickcease.com *.zoominfo.com *.ampproject.org *.googlesyndication.com info.datavail.com *.parmonic.ai *.bootstrapcdn.com *.helpscout.net *.google.com connect.facebook.net cdnjs.cloudflare.com fast.wistia.net; style-src 'self' 'unsafe-inline' *.nitrocdn.com *.play.ht play.ht *.wistia.com *.googleapis.com; style-src-elem 'self' 'unsafe-inline' cdn-app.pathfactory.com *.nitrocdn.com *.play.ht play.ht *.googleapis.com *.ampproject.org *.googletagmanager.com *.cloudflare.com; img-src 'self' data: cdn.pathfactory.com resources.datavail.com *.nitrocdn.com s.w.org *.parmonic.ai *.play.ht play.ht *.doubleclick.net *.akamaihd.net *.wistia.com *.gravatar.com *.linkedin.com *.bing.com *.google.com scatec.io *.google-analytics.com *.googletagmanager.com *.googleapis.com; font-src 'self' data: *.pathfactory.com cdn-app.pathfactory.com *.nitrocdn.com *.gstatic.com cdn.livechatinc.com *.wistia.com *.jsdelivr.net *.alicdn.com cdnjs.cloudflare.com *.typekit.net; connect-src 'self' data: blob: *.googleadservices.com jukebox.pathfactory.com *.pathfactory.com ai.elegantthemes.com nitropack.io *.nitrocdn.com *.getnitropack.com *.yoast.com *.cloudflarestream.com *.parmonic.ai *.play.ht play.ht *.litix.io yoast.com *.zoominfo.com *.akamaihd.net *.wistia.com *.livechatinc.com *.linkedin.com *.licdn.com *.cloudflare.com *.bing.com *.google.com *.amazonaws.com *.doubleclick.net *.listenlayer.com collect.listenlayer.com *.callrail.com *.realproof.io *.getrealproof.com scatec.io *.google-analytics.com cdn.linkedin.oribi.io monitor.clickcease.com bat.bing.com *.googletagmanager.com analytics.google.com *.cloudflareinsights.com; media-src 'self' *.nitrocdn.com blob: cdn.pathfactory.com resources.datavail.com cdn.livechatinc.com *.googleapis.com *.play.ht play.ht *.akamaihd.net *.wistia.com; object-src 'self' *.nitrocdn.com *.akamaihd.net; child-src 'self'; frame-src 'self' *.datavail.com datavail.pathfactory.com *.nitrocdn.com *.play.ht play.ht *.techvalidate.com *.amazonaws.com *.wistia.com *.livechatinc.com info.datavail.com *.doubleclick.net *.googletagmanager.com *.googlesyndication.com wp-rocket.me fast.wistia.net; worker-src 'self' blob: *.wistia.com; frame-ancestors 'self' *.datavail.com datavail.pathfactory.com; form-action 'self' 1
script-src 'sha256-9+E4OlpS7bdUe51C5Qrvb2ds1+okAVVSUA/7ILZ0A14=' 'self' https://*.stripe.com; child-src 'none'; connect-src https://*.stripe.com 'self' https://*.iubenda.com https://*.pwnedpasswords.com https://www.federacy.report; default-src 'none'; font-src 'self' https://*.gstatic.com data:; frame-src https://*.stripe.com 'self'; img-src https://*.stripe.com 'self' data:; manifest-src 'none'; media-src 'none'; object-src 'none'; style-src https://*.googleapis.com 'unsafe-inline' 'self'; worker-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action https://*.federacy.com; report-uri https://1392f01d6bc3000db9255bc87fe01447.report-uri.com/r/d/csp/enforce 1
frame-ancestors onze.com.br *.onze.com.br app.storyblok.com 1
frame-ancestors 'self' https://*.bancobpi.pt https://bancobpi.pt; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bancobpi.pt https://tags-eu.tiqcdn.com https://tags.tiqcdn.com https://bpi.containers.piwik.pro https://*.byside.com https://*.tealiumiq.com https://*.googleapis.com https://acsbapp.com https://www.googletagmanager.com https://www.youtube.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.gstatic.com; object-src 'none'; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; worker-src 'self' 'unsafe-inline' * blob:; 1
upgrade-insecure-requests; script-src ‘self’; form-action ‘self’; frame-ancestors ‘self’; SameSite=Strict 1
frame-ancestors 'self' sdiapi.com ${FRAME_ANCESTORS}; 1
frame-ancestors http://aestethics.cutvert.de http://dmn1.root1292.premium-rootserver.net http://admin-muecke.business-rootserver.net https://admin-muecke.business-rootserver.net https://static.newsletter2go.com; 1
child-src blob: 'self';connect-src 'self' https://*.yimg.com https://*.yahoo.com https://s.yimg.com/nq/ads/mb/native/* https://service.cmp.oath.com https://www.yahoo.com/p.gif https://smetrics.att.com/id https://dpm.demdex.net/id https://video-api.yql.yahoo.com/ https://edgecast-vod.yahoo.net/ https://*.vpg.cdn.yimg.com/ https://media.zenfs.com/ https://assets.video.yahoo.net/ https://ads.adaptv.advertising.com/ https://video.adaptv.advertising.com/ https://consent.yahoo.com/ https://ganon.yahoo.com/ https://geo.yahoo.com/ https://guce.yahoo.com/ https://api.taboola.com/1.2/json/taboola-usersync/user.sync https://gpt.mail.yahoo.net/ https://alpha-gpt.mail.yahoo.net/ https://alpha-gam.mail.yahoosandbox.net/ https://canary-gam.mail.yahoosandbox.net/ https://gam.mail.yahoosandbox.net/;default-src 'self';font-src https: data:;frame-src https://*.yahoo.com https://*.yimg.com https://*.ymail.com https://secure.bannerfarm.ace.advertising.com https://cmp.advertising.com https://assets.video.yahoo.net/ https://opus.analytics.yahoo.com https://tsdtocl.com/ https://consent.yahoo.com/ https://guce.yahoo.com/ https://pfs.yahoo.com https://gpt.mail.yahoo.net/sandbox https://alpha-gpt.mail.yahoo.net/sandbox https://alpha-gam.mail.yahoosandbox.net/sandbox https://canary-gam.mail.yahoosandbox.net/sandbox https://gam.mail.yahoosandbox.net/sandbox https://norrin.tbl.mail.yahoosandbox.net https://alpha-tbl.mail.yahoosandbox.net https://tbl.mail.yahoosandbox.net;img-src data: blob: http: https: https://ganon.yahoo.com/ https://geo.yahoo.com/;media-src blob: https://*.yahoo.com https://*.yimg.com;report-uri https://csp.yahoo.com/beacon/csp?src=mail-norrin;script-src 'self' https://s.yimg.com/nq/nr/ https://s.yimg.com/os/yaft/ https://s.yimg.com/ss/ https://s.yimg.com/aaq/yc/ https://s.yimg.com/ds/scripts/ https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://s.yimg.com/aaq/vzm/ https://s.yimg.com/cx/pv/ https://s.yimg.com/nq/polyfills/ https://yep.video.yahoo.com/ https://s.yimg.com/rx/ https://assets.video.yahoo.net/ https://jsapi.login.yahoo.com/w/ https://s.aolcdn.com/membership/omp-static/omp-widgets/ https://qa.checkout.yahoo.com/widget/ https://checkout.yahoo.com/widget/ https://s.yimg.com/cv/apiv2/partner-portals/att/adobe_analytics/ https://consent.cmp.oath.com/ https://opus.analytics.yahoo.com/ https://s.yimg.com/oa/ https://s.yimg.com/uc/sf/ https://s.yimg.com/cx/acookie/ 'sha256-lRMQ2lQozgbWLOqNJOrnclJXX6G77pQVIlF8SAI3++I=' 'sha256-xx5VFh71P/poOsh6S7wo5Hz/h6kNWHqOpIqJR04djx4=' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://s.yimg.com/oa/ 'nonce-8clEEWXFuQ4Fh/vexbcB+5MEpeRINTbyKfhzd+b/cbhEIxIH' ;style-src 'self' https://s.yimg.com/nq/nr/ https://assets.video.yahoo.net/ 'unsafe-inline';worker-src 'self' blob:;manifest-src https://s.yimg.com/nq/nr/json/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com www.googleadservices.com platform.twitter.com cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com code.cdn.mozilla.net platform.twitter.com *.twimg.com; font-src 'self' data: ms-appx-web: fonts.gstatic.com code.cdn.mozilla.net; img-src * data:; frame-src 'self' data:; form-action 'self' www.mollie.com *.twitter.com; connect-src 'self' *.twitter.com; block-all-mixed-content; report-uri https://leemankuiper.uriports.com/reports/enforce; report-to default 1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.youtube.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.google-analytics.com https://optimize.google.com; style-src 'unsafe-inline' https: cdnjs.cloudflare.com/ajax/libs/foundicons/3.0.0/foundation-icons.css https://optimize.google.com https://fonts.googleapis.com; img-src 'self' https: data: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com; font-src 'unsafe-eval' https: data: filesystem: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://optimize.google.com; frame-ancestors 'self'; object-src 'none'; frame-src 'self' https://www.facebook.com/ https://widget.installchatbot.com/ https://www.google.com/ https://www.youtube.com/ https://optimize.google.com https://youtu.be/; base-uri 'self' 1
default-src *; img-src 'self' https://bat.bing.com https://www.googleadservices.com https://stats.g.doubleclick.net https://www.google.com https://www.google.at https://www.google.de https://img.youtube.com https://www.facebook.com https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://googleads.g.doubleclick.net https://i.ytimg.com https://*.img.eurofunv2-prod.px.at https://img.eurobike.at https://img.eurohike.at https://img.velociped.de https://img.eurofun-touristik.at https://img.eurotrek.ch https://img.activescandinavia.com https://img.rueckenwind.de https://img.beringtravel.com https://img.espace-randonnee.fr https://img.se-tours.de https://img.pedalo.com https://img.activeonholiday.com  data:; script-src 'self' https://booking4.velociped.de https://booking4.eurobike.at https://booking4.eurohike.at https://booking4.eurotrek.ch https://booking4.activescandinavia.com https://booking4.rueckenwind.de https://booking4.beringtravel.com https://booking4.espace-randonnee.fr https://booking4.se-tours.de https://booking4.activeonholiday.com https://booking4.pedalo.com https://bat.bing.com https://cdn1.legalweb.io https://*.youtube.com https://www.google.com https://tagmanager.google.com https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://connect.facebook.net https://*.clarity.ms https://c.bing.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://booking4.velociped.de https://booking4.eurobike.at https://booking4.eurohike.at https://booking4.eurotrek.ch https://booking4.activescandinavia.com https://booking4.rueckenwind.de https://booking4.beringtravel.com https://booking4.espace-randonnee.fr https://booking4.se-tours.de https://booking4.activeonholiday.com https://booking4.pedalo.com https://cdn1.legalweb.io https://www.facebook.com https://tagmanager.google.com https://www.gstatic.com https://www.google-analytics.com https://fast.fonts.net https://fonts.googleapis.com https://googleads.g.doubleclick.net 'unsafe-inline' https://www.facebook.com https://maps.googleapis.com https://maps.gstatic.com data:; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' *.doubleclick.net www.googletagmanager.com www.googleadservices.com analytics.google.com www.google.com use.typekit.net stats.g.doubleclick.net www.google.com.pr *.google-analytics.com maps.googleapis.com www.facebook.com fonts.googleapis.com www.gstatic.com fonts.gstatic.com pixel.sitescout.com bid.g.doubleclick.net 10266195.fls.doubleclick.net images.supermaxonline.com www.supermaxonline.com data: ; script-src 'self' cdnjs.cloudflare.com www.gstatic.com fonts.gstatic.com www.facebook.com fonts.googleapis.com oss.maxcdn.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com *.supermaxonline.com *.google-analytics.com stats.g.doubleclick.net www.google.com www.google-analytics.com  www.googletagmanager.com *.doubleclick.net 127.0.0.1 'unsafe-eval' 'unsafe-inline'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://fnordon.de; img-src 'self' https: data: blob: https://fnordon.de; style-src 'self' https://fnordon.de 'nonce-BTtDzuCZ4fLHpoAJ2e7SUw=='; media-src 'self' https: data: https://fnordon.de; frame-src 'self' https:; manifest-src 'self' https://fnordon.de; form-action 'self'; child-src 'self' blob: https://fnordon.de; worker-src 'self' blob: https://fnordon.de; connect-src 'self' data: blob: https://fnordon.de https://media.fnordon.de wss://fnordon.de; script-src 'self' https://fnordon.de 'wasm-unsafe-eval' 1
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.more.com.au *.cloudflare.com *.jquery.com  unpkg.com *.googleapis.com *.admatch.io *.productreview.com.au *.googleadservices.com *.sharethis.com *.smct.co *.googletagmanager.com *.amazonaws.com *.hotjar.com *.google.com *.kaspersky-labs.com *.comm100vue.com *.gstatic.com *.comm100.com *.productreview.com.au *.facebook.com *.tillpayments.com datatables.net *.facebook.net  *.azureedge.net *.microsoft.com *.cfjump.com widget.powerboard.commbank.com.au *.commbank.com.au *.newrelic.com *.doubleclick.net *.luckyorange.com  *.smct.io smct.co *.tangerinetelecom.com.au *.tiktok.com *.google-analytics.com;  object-src 'none'; style-src 'self' 'unsafe-inline' *.azureedge.net cdnjs.cloudflare.com use.typekit.net p.typekit.net  unpkg.com cdnjs.cloudflare.com fonts.googleapis.com cdn.datatables.net ajax.googleapis.com; worker-src 'self' blob:; 1
default-src 'self' localhost https://alfa-website-2022.cdn.prismic.io https://*.alfasystems.com https://secure.leadforensics.com https://ldynamicspublicapi.leadforensics.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com/ldproduct/editor/images https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net/npm; font-src 'self' data: https://*.alfasystems.com localhost; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://analytics.google.com https://vercel.live *.analytics.google.com *.google-analytics.com https://*.hotjar.com https://prismic.io http://*.cdn.prismic.io https://webeo-web-content.s3-eu-west-1.amazonaws.com https://ldynamicspublicapi.leadforensics.com https://*.alfasystems.com https://www.gstatic.com https://ldynamicspublicapi.leadforensics.com https://secure.perk0mean.com https://cta-service-cms2.hubspot.com https://js.hscta.net https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hsleadflows.net https://forms.hsforms.com https://googleads.g.doubleclick.net https://js.hscollectedforms.net https://www.googleadservices.com http://js.hs-scripts.com https://snap.licdn.com https://www.googletagmanager.com https://*.cookiebot.com https://js.createsend1.com https://www.createsend.com https://*.vimeo.com https://*.facebook.com https://*.facebook.net https://www.youtube.com https://www.google.com https://www.google-analytics.com https://wurfl.io https://webeo-web-content.s3-eu-west-1.amazonaws.com https://secure.leadforensics.com https://*.google.co.uk https://html2canvas.hertzen.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://webeo-web-content.s3-eu-west-1.amazonaws.com https://cdn.plyr.io https://*.alfasystems.com https://js.createsend1.com https://www.createsend.com https://fonts.googleapis.com https://fonts.gstaic.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://fonts.googleapis.com/; img-src 'self' *.cookiebot.com *.google.co.uk *.google.ca *.google.co.in *.google.ie *.google.es *.google.fr *.google.de *.google.com.au *.google.co.za *.googletagmanager.com *.linkedin.com *.google.com.ph *.vercel.com *.google.com *.google-analytics.com *.vimeocdn.com https://prismic-io.s3.amazonaws.com *.prismic.io https://webeo-web-content.s3-eu-west-1.amazonaws.com https://*.privacysandbox.googleadservices.com http://*.alfasystems.com https://perf.hsforms.com https://i.ytimg.com https://*.hubspotusercontent40.net https://s3-eu-west-1.amazonaws.com/ldproduct/editor/images data: https://s3-eu-west-1.amazonaws.com/ldproduct/editor/images https://s3-eu-west-1.amazonaws.com/ldproduct/editor/images https://no-cache.hubspot.com https://webeo-web-content.s3-eu-west-1-amazonaws.com/webcontent/images https://track.hubspot.com https://forms.hsforms.com https://*.alfasystems.com https://*.createsend1.com https://*.createsend.com https://*.facebook.com https://*.cloudflare.com https://*.ytimg.com/vi_webp https://*.ssl.cf1.rackcdn.com https://*.doubleclick.net; connect-src 'self' *.linkedin.com https://www.google.co.uk https://analytics.google.com wss://ws-us3.pusher.com *.pusher.com *.analytics.google.com *.google-analytics.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://alfa-website-2022.prismic.io https://cdn.linkedin.oribi.io https://vimeo.com https://ldynamicspublicapi.leadforensics.com https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://consentcdn.cookiebot.com https://noembed.com https://ldynamicspublicapi.leadforensics.com https://googleads.g.doubleclick.net https://www.google.com https://api.hubapi.com https://stats.g.doubleclick.net https://forms.hubspot.com https://www.google-analytics.com localhost https://createsend.com; frame-src https://airtable.com https://vercel.live *.hotjar.com *.prismic.io *.alfasystems.com *.google.com *.cookiebot.com *.youtube-nocookie.com *.vimeo.com *.youtube.com *.facebook.com *.brighterir.com *.hsforms.com *.hubspot.com; frame-ancestors 'self' https://*.alfasystems.com https://*.prismic.io; 1
default-src 'self' cdn.cookielaw.org; script-src 'self' 'nonce-57df4103e10d6c39b01021d285898688' https://www.youtube.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; style-src 'self' 'nonce-57df4103e10d6c39b01021d285898688' https://fonts.googleapis.com; img-src 'self' https://*.novonor.com https://www.google-analytics.com  https://i.ytimg.com data: cdn.cookielaw.org https://optanon.blob.core.windows.net; font-src 'self' https://fonts.gstatic.com; frame-src https://www.google.com https://www.youtube.com; connect-src 'self' https://www.youtube.com https://*.novonor.com https://www.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-br.onetrust.com; 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com pghub.io mpsnare.iesnare.com *.bazaarvoice.com www.youtube.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; media-src 'self' mpsnare.iesnare.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' feed.pghub.io consumersupport.pg.com www.pgerase.com www.youtube-nocookie.com pandg.tapad.com ; img-src 'self' data: images.ctfassets.net pixel.tapad.com www.google-analytics.com *.bazaarvoice.com *.ytimg.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; connect-src 'self' *.contentful.com *.google-analytics.com *.doubleclick.net *.algolia.net *.algolianet.com *.bazaarvoice.com wss: feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src 'self' *.xx.fbcdn.net localhost:44398 localhost:57708 video-cdg2-1.xx.fbcdn.net video-cdt1-1.xx.fbcdn.net campaign.leadfamly.co.uk dif.leadfamly.com stats.g.doubleclick.net report.23video.com localhost:44322 wss://localhost:44322/DIF.Website/ wss://localhost:44338/DIF.Website/ wss://localhost:44357/DIF.Website/ https://olympics.com/ *.olympics.com http://localhost:8085 http://localhost:64408 http://localhost:44398 ws://localhost:64408/ *.google-analytics.com *.jotformeu.com difdkv2.oxygen.local difv2.oxygenservice.dk dif-difv10-production.azurewebsites.net dif-v10-stage.azurewebsites.net dif-staging.azurewebsites.net/ dif-v13-staging.azurewebsites.net *.dif.dk dif.dk www.gstatic.com www.google.com curator-assets.b-cdn.net curatorio.s3.amazonaws.com search-api.swiftype.com api.curator.io public.tableau.com candidate.hr-manager.net e.issuu.com video.dif.dk www.gravatar.com player.vimeo.com www.youtube.com www.youtube-nocookie.com *.vimeocdn.com packages.umbraco.org our.umbraco.org *.app.cookieinformation.com *.jotform.com *.arena.im *.liveblog.pro *.firebaseio.com *.facebook.com *.googleapis.com *.jwplatform.com content.jwplatform.com firebaseio.com blog-rt-proxy.arena.im arena.im liveblog.pro realtime.arena.im s-usc1f-nss-2528.firebaseio.com wss://realtime.arena.im wss://s-usc1f-nss-2528.firebaseio.com wss://blog-rt-proxy.arena.im static.cdninstagram.com videos-cloudfront-usp.jwpsrv.com assets-jpcust.jwpsrv.com prd.jwpltx.com scontent.cdninstagram.com firestore.googleapis.com cdn.getarena.im static.xx.fbcdn.net stationfy.imgix.net scontent.xx.fbcdn.net instagram.com *.instagram.com player.castr.com; script-src 'self' data: https: 'unsafe-inline' 'unsafe-eval' files.cdn.leadfamly.com *.google-analytics.com report.23video.com *.googletagmanager.com e.issuu.com public.tableau.com www.gstatic.com www.google.com cdn.curator.io cdn-recruiter.hr-manager.net *.app.cookieinformation.com *.jotform.com cdnjs.cloudflare.com localhost:8085 *.arena.im *.liveblog.pro dif-v13-staging.azurewebsites.net *.olympics.com http://localhost:8085 http://localhost:56917; script-src-elem 'self' data: https: 'unsafe-inline' 'unsafe-eval' files.cdn.leadfamly.com *.google-analytics.com report.23video.com *.googletagmanager.com e.issuu.com public.tableau.com www.gstatic.com www.google.com cdn.curator.io cdn-recruiter.hr-manager.net *.app.cookieinformation.com *.jotform.com cdnjs.cloudflare.com localhost:8085 *.arena.im *.liveblog.pro dif-v13-staging.azurewebsites.net *.olympics.com http://localhost:8085 http://localhost:56917; style-src 'self' data: https: 'unsafe-inline' 'unsafe-eval' cdn.curator.io cdn.jotfor.ms *.arena.im *.liveblog.pro *.olympics.com; style-src-elem 'self' data: https: 'unsafe-inline' 'unsafe-eval' cdn.curator.io cdn.jotfor.ms *.arena.im *.liveblog.pro *.olympics.com; font-src 'self' data: https: cdn.curator.io dif-difv10-production.azurewebsites.net dif-v10-stage.azurewebsites.net dif-staging.azurewebsites.net/ dif-v13-staging.azurewebsites.net cdn.jotfor.ms *.arena.im *.liveblog.pro *.olympics.com; img-src 'self' data: https: difumb.blob.core.windows.net placekitten.com/300/300 dif-difv10-production.azurewebsites.net dif-v10-stage.azurewebsites.net dif-staging.azurewebsites.net/ dif-v13-staging.azurewebsites.net *.google-analytics.com delivery.twentythree.com *.picsum.photos picsum.photos curator-assets.b-cdn.net video.dif.dk *.ytimg.com *.vimeocdn.com *.fbcdn.net cdn.curator.io curatorio.s3.amazonaws.com public.tableau.com www.gravatar.com umbraco.tv *.googleapis.com *.umbraco.org dif.azureedge.net cdn.jotfor.ms *.jotform.com *.arena.im *.liveblog.pro *.olympics.com; 1
default-src https://*.consolewars.de *.youtube.com *.twitter.com *.twitch.tv; style-src 'unsafe-inline' https://*.consolewars.de; script-src 'unsafe-inline' https://*.consolewars.de *.twitter.com *.twitch.tv 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com; base-uri 'self'; object-src 'none', frame-ancestors 'self', frame-ancestors 'self' https://*.facebook.com, frame-ancestors 'self', frame-ancestors 'self' https://*.facebook.com 1
default-src 'self' *.wpromote.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.omniconvert.com *.demandbase.com s.company-target.com api.company-target.com company.target.com  *.cloudflare.com *.cognitoforms.com *.tiktokcdn-us.com *.tiktok.com *.instagram.com *.twitter.com *.wistia.com *.pardot.com *.zi-scripts.com *.jsdelivr.net *.wpromote.com *.bing.com *.facebook.net *.cookiebot.com *.cloudfront.net *.doubleclick.net *.pi.pardot.com *.clearbit.com *.iconnode.com *.licdn.com *.unpkg.com *.clarity.ms *.google-analytics.com *.google.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.clearbitjs.com *.amazonaws.com *.salesloft.com https://unpkg.com/web-vitals https://unpkg.com/web-vitals@3.3.2/dist/web-vitals.iife.js https://cdn.jsdelivr.net/npm/ie11-custom-properties@2.6.0/ie11CustomProperties.min.js *.googlesyndication.com https://www.googletagmanager.com/gtm.js; style-src 'self' 'unsafe-inline' 'report-sample' *.cognitoforms.com *.tiktokcdn-us.com *.wpromote.com *.cloudfront.net *.p.typekit.net *.use.typekit.net *.typekit.net *.fonts.googleapis.com *.googleapis.com *.fonts.gstatic.com *.gstatic.com; img-src 'self' data: searchengineland.com segments.company-target.com *.rlcdn.com stats.g.doubleclick.net *.demandbase.com tracker.wpromote.com *.clarity.ms *.wistia.com *.googleusercontent.com *.adweek.com *.giphy.com *.cookiebot.com *.facebook.net *.gravatar.com *.bing.com *.cloudfront.net *.linkedin.com *.facebook.com *.google-analytics.com *.google.co.uk *.google.com *.googletagmanager.com *.googlesyndication.com; font-src 'self' data: *.cognitoforms.com *.typekit.net *.fonts.googleapis.com *.googleapis.com *.fonts.gstatic.com *.gstatic.com; connect-src 'self' *.omniconvert.com *.demandbase.com *.clearbitjs.com wss://in.visitors.live wss://visitors.live *.googleapis.com s.company-target.com api.company-target.com company.target.com  *.luckyorange.com visitors.live *.visitors.live *.cognitoforms.com *.zi-scripts.com *.cookiebot.com *.bing.com *.zoominfo.com *.wistia.com *.zi-scripts.com *.iconnode.com *.linkedin.com *.sentry.io *.app.clearbit.com *.bat.bing.com *.amazonaws.com *.process.iconnode.com *.google.com *.luckyorange.net *.doubleclick.net *.wpromote.com *.clarity.ms *.google-analytics.com *.visitors.live *.facebook.com *.salesloft.com; media-src 'self' *.cloudfront.net *.cognitoforms.com; object-src 'self' blob: *.youtube.com *.cognitoforms.com; frame-src 'self' giphy.com *.cognitoforms.com *.instagram.com *.twitter.com *.tiktok.com *.vimeo.com s.company-target.com api.company-target.com company.target.com *.giphy.com *.youtube.com *.doubleclick.net *.cookiebot.com *.wistia.net *.google.com *.facebook.com; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; manifest-src 'self'; report-uri https://36e39a507c71b18d6983ce67b6ecef83.report-uri.com/r/d/csp/enforce; 1
default-src 'self' https://ethosenergygroup.com https://ethosenergy.com https://careers.ethosenergy.com https://ethosenergy.com https://oakwoodagency.com https://go.ethosenergy.com https://*.google.com https://*.google.co.uk https://*.googleadservices.com https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.gstatic.com https://fonts.gstatic.com https://maps.gstatic.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://imagesct.cookiebot.com https://imgsct.cookiebot.com https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.exstole.com https://vumbnail.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://code.jquery.com https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.pardot.com https://*.newscred.com https://*.zoominfo.com https://*.doubleclick.net https://*.litix.io https://*.cart8draw.com https://*.ceros.com 'nonce-2Khl+BbXQpwVxtmE1Yx1fbpSzl0RWG4Le4dWM0qyhTk='; frame-src 'self' 'strict-dynamic' https://ethosenergygroup.com https://ethosenergy.com https://careers.ethosenergy.com https://ethosenergy.com https://oakwoodagency.com https://go.ethosenergy.com https://*.google.com https://*.google.co.uk https://*.googleadservices.com https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.gstatic.com https://fonts.gstatic.com https://maps.gstatic.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://imagesct.cookiebot.com https://imgsct.cookiebot.com https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.exstole.com https://vumbnail.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://code.jquery.com https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.pardot.com https://*.newscred.com https://*.zoominfo.com https://*.doubleclick.net https://*.litix.io https://*.cart8draw.com https://*.ceros.com 'nonce-2Khl+BbXQpwVxtmE1Yx1fbpSzl0RWG4Le4dWM0qyhTk='; style-src 'self' 'unsafe-inline' https://ethosenergygroup.com https://ethosenergy.com https://careers.ethosenergy.com https://ethosenergy.com https://oakwoodagency.com https://go.ethosenergy.com https://*.google.com https://*.google.co.uk https://*.googleadservices.com https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.gstatic.com https://fonts.gstatic.com https://maps.gstatic.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://imagesct.cookiebot.com https://imgsct.cookiebot.com https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.exstole.com https://vumbnail.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://code.jquery.com https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.pardot.com https://*.newscred.com https://*.zoominfo.com https://*.doubleclick.net https://*.litix.io https://*.cart8draw.com https://*.ceros.com; font-src 'self' data: https://ethosenergygroup.com https://ethosenergy.com https://careers.ethosenergy.com https://ethosenergy.com https://oakwoodagency.com https://go.ethosenergy.com https://*.google.com https://*.google.co.uk https://*.googleadservices.com https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.gstatic.com https://fonts.gstatic.com https://maps.gstatic.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://imagesct.cookiebot.com https://imgsct.cookiebot.com https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.exstole.com https://vumbnail.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://code.jquery.com https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.pardot.com https://*.newscred.com https://*.zoominfo.com https://*.doubleclick.net https://*.litix.io https://*.cart8draw.com https://*.ceros.com; img-src 'self' data: https://ethosenergygroup.com https://ethosenergy.com https://careers.ethosenergy.com https://ethosenergy.com https://oakwoodagency.com https://go.ethosenergy.com https://*.google.com https://*.google.co.uk https://*.googleadservices.com https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.gstatic.com https://fonts.gstatic.com https://maps.gstatic.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://imagesct.cookiebot.com https://imgsct.cookiebot.com https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.exstole.com https://vumbnail.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://code.jquery.com https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.pardot.com https://*.newscred.com https://*.zoominfo.com https://*.doubleclick.net https://*.litix.io https://*.cart8draw.com https://*.ceros.com; media-src 'self' data: https://ethosenergygroup.com https://ethosenergy.com https://careers.ethosenergy.com https://ethosenergy.com https://oakwoodagency.com https://go.ethosenergy.com https://*.google.com https://*.google.co.uk https://*.googleadservices.com https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.gstatic.com https://fonts.gstatic.com https://maps.gstatic.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://imagesct.cookiebot.com https://imgsct.cookiebot.com https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.exstole.com https://vumbnail.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://code.jquery.com https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.pardot.com https://*.newscred.com https://*.zoominfo.com https://*.doubleclick.net https://*.litix.io https://*.cart8draw.com https://*.ceros.com; script-src 'self' 'unsafe-inline' https://ethosenergygroup.com https://ethosenergy.com https://careers.ethosenergy.com https://ethosenergy.com https://oakwoodagency.com https://go.ethosenergy.com https://*.google.com https://*.google.co.uk https://*.googleadservices.com https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.gstatic.com https://fonts.gstatic.com https://maps.gstatic.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://imagesct.cookiebot.com https://imgsct.cookiebot.com https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.exstole.com https://vumbnail.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://code.jquery.com https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.pardot.com https://*.newscred.com https://*.zoominfo.com https://*.doubleclick.net https://*.litix.io https://*.cart8draw.com https://*.ceros.com; frame-ancestors 'self' https://ethosenergygroup.com https://ethosenergy.com https://careers.ethosenergy.com https://ethosenergy.com https://oakwoodagency.com https://go.ethosenergy.com https://*.google.com https://*.google.co.uk https://*.googleadservices.com https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.gstatic.com https://fonts.gstatic.com https://maps.gstatic.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://imagesct.cookiebot.com https://imgsct.cookiebot.com https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.exstole.com https://vumbnail.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://code.jquery.com https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.pardot.com https://*.newscred.com https://*.zoominfo.com https://*.doubleclick.net https://*.litix.io https://*.cart8draw.com https://*.ceros.com; form-action 'self' https://ethosenergygroup.com https://ethosenergy.com https://careers.ethosenergy.com https://ethosenergy.com https://oakwoodagency.com https://go.ethosenergy.com https://*.google.com https://*.google.co.uk https://*.googleadservices.com https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.gstatic.com https://fonts.gstatic.com https://maps.gstatic.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://imagesct.cookiebot.com https://imgsct.cookiebot.com https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.exstole.com https://vumbnail.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://code.jquery.com https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.pardot.com https://*.newscred.com https://*.zoominfo.com https://*.doubleclick.net https://*.litix.io https://*.cart8draw.com https://*.ceros.com; upgrade-insecure-requests; object-src 'none'; base-uri 'self' 1
upgrade-insecure-requests; block-all-mixed-content; frame-ancestors *.caf.io 1
default-src 'self' *.tuono.org *.peoplelinkonline.com https://wiki.peoplelink.it; connect-src 'self' *.tuono.org *.peoplelinkonline.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://accounts.google.com/gsi/ *.hereapi.com *.here.com blob:; script-src 'self' *.tuono.org *.peoplelinkonline.com *.googleapis.com *.google-analytics.com https://apis.google.com https://accounts.google.com *.googletagmanager.com *.hereapi.com *.here.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' *.tuono.org *.googleapis.com *.api.here.com 'unsafe-inline'; img-src 'self' https://* http://* data: blob: *.tuono.org *.peoplelinkonline.com https://*.google-analytics.com https://*.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com *.api.here.com; object-src 'self'; frame-src 'self' *.tuono.org *.peoplelinkonline.com https://accounts.google.com; report-uri /csp/logit 1
upgrade-insecure-requests; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' polyfill-fastly.io www.buas.nl buas.us5.list-manage.com bat.bing.com squeezely.tech www.clarity.ms tr.snapchat.com snap.licdn.com *.tiktok.com cdn.jsdelivr.net cdnjs.cloudflare.com tr.datatrics.com malong.webinargeek.com webinargeek.com www.google-analytics.com www.googleadservices.com sc-static.net connect.facebook.net chimpstatic.com static.hotjar.com script.hotjar.com googleads.g.doubleclick.net www.youtube.com www.google.com ajax.googleapis.com www.googletagmanager.com consentcdn.cookiebot.com consent.cookiebot.com unpkg.com static.doubleclick.net cdn.unibuddy.co buas.easycruit.com; 1
frame-ancestors 'self'  *.ooredoo.ps 1
frame-ancestors 'self' *.azurewebsites.net 1
default-src 'self'; connect-src 'self' https://analytics.openalt.org https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src https://hcaptcha.com https://*.hcaptcha.com https://www.youtube.com https://www.google.com https://player.vimeo.com; img-src 'self' https: data: https://secure.gravatar.com; manifest-src 'none'; media-src https://videos.mozilla.org https://videos.cdn.mozilla.net; object-src https://www.youtube.com; prefetch-src 'self'; script-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://use.fontawesome.com https://analytics.openalt.org https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://apis.google.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://fonts.googleapis.com; upgrade-insecure-requests 1
child-src *; font-src *; img-src *; manifest-src *; media-src *; report-uri https://www.hiberus.com/report-uri/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss:; worker-src * blob:; frame-ancestors 'self' localhost:* *.gotakanal.se gotakanal.se; report-uri https://www.gotakanal.se/sv/report-uri/enforce 1
default-src 'self'; script-src 'self' 'unsafe-inline'; img-src 'self' https://tests.services.druide https://services-tests-tmp.druide.com https://services.druide.com https://www.gravatar.com https://*.googleusercontent.com  https://googleusercontent.com https://*.fbcdn.net https://fbcdn.net https://*.fbsbx.com https://fbsbx.com data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'none'; frame-ancestors 'none'; connect-src 'self' wss://antidote.app/correcteur/corrigerWS2; object-src 'none'; child-src 'none'; media-src 'self'; manifest-src 'self'; worker-src 'none'; form-action 'none'; upgrade-insecure-requests;report-to 'csp-reports';report-uri /__rapport_csp__ 1
frame-ancestors 'self'; img-src 'self' data: https: http: *.w3.org *.trustedshops.com cdnjs.cloudflare.com s3-eu-west-1.amazonaws.com track.adform.net *.google.com *.gstatic.com *.googleapis.com *.gstatic.com;font-src 'self' data: https: http: *.w3.org fonts.evn.at netdna.bootstrapcdn.com *.trustedshops.com *.google.com *.gstatic.com *.googleapis.com *.gstatic.com 1
default-src 'self' data: 'unsafe-inline' www.google.com *.hsforms.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com www.google.com cdn.ampproject.org cdn.emerchantpay.com d3ftwl0l0i2zyj.cloudfront.net code.jquery.com www.googletagmanager.com *.clarity.ms js.hs-scripts.com static.ads-twitter.com js.hs-banner.com js.hsforms.net js.hs-analytics.net js.hsadspixel.net snap.licdn.com connect.facebook.net maxcdn.bootstrapcdn.com; style-src 'unsafe-inline' secure.gravatar.com *.emerchantpay.com fonts.googleapis.com cdn.emerchantpay.com d3ftwl0l0i2zyj.cloudfront.net maxcdn.bootstrapcdn.com; img-src 'self' data: *.linkedin.com www.googletagmanager.com *.hsforms.com *.google-analytics.com t.co www.facebook.com analytics.twitter.com track.hubspot.com px.ads.linkedin.com cdn.emerchantpay.com d3ftwl0l0i2zyj.cloudfront.net *.emerchantpay.com secure.gravatar.com; font-src data: *.emerchantpay.com fonts.gstatic.com fonts.googleapis.com; connect-src 'self' yoast.com *.clarity.ms *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com px.ads.linkedin.com api.hubapi.com *.google-analytics.com connect.facebook.net cdn.ampproject.org www.googletagmanager.com; media-src cdn.emerchantpay.com d3ftwl0l0i2zyj.cloudfront.net; object-src 'none'; frame-src * data: blob: ; frame-ancestors 'self' www.google.com *.hubspot.com *.emerchantpay.com 1
connect-src 'self' https://forms.hubspot.com https://api.hubapi.com https://collect-eu-central-1.tealiumiq.com https://osms.carglass.be https://logx.optimizely.com https://ampcid.google.com https://ampcid.google.be https://www.facebook.com https://staticw2.yotpo.com https://w2.yotpo.com https://cdn.cookielaw.org https://conductor.clicktale.net https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://tapi.optimizely.com https://s7.addthis.com https://apollo.carglass.be https://bat.bing.com https://m.addthis.com https://europe-west1-carglass-be-dlp.cloudfunctions.net https://stats.g.doubleclick.net https://privacyportal-eu.onetrust.com https://api.yotpo.com https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://vimeo.com https://api.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://rum.optimizely.com https://forms.hsforms.com https://api-public.addthis.com *.clarity.ms https://cm.teads.tv https://t.teads.tv https://maps.googleapis.com https://geolocation.onetrust.com https://5tyiep8ui4.execute-api.eu-central-1.amazonaws.com *.google-analytics.com *.analytics.google.com https://carglass-be-gtm.ew.r.appspot.com https://*.hotjar.com https://*.hotjar.io https://analytics.freespee.com https://l.sharethis.com *.qualtrics.com https://pagead2.googlesyndication.com https://collect.carglass.be https://*.mypurecloud.de https://*.nr-data.net https://shyrka-prod-euc1.s3.eu-central-1.amazonaws.com https://*.newrelic.com https://*.euc1.pure.cloud wss://*.mypurecloud.de wss://*.euc1.pure.cloud https://*.mypurecloud.ie https://comcluster.cxense.com https://carglass-prd-apim.azure-api.net https://edi5on.com;default-src  'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net https://carglassdevstoragemedia.blob.core.windows.net;font-src 'self' 'unsafe-inline' https://fonts.gstatic.com data: https://staticw2.yotpo.com http://script.hotjar.com https://script.hotjar.com https://js.intercomcdn.com;frame-src https://vars.hotjar.com https://dntcl.qualaroo.com https://1377979.fls.doubleclick.net https://www.facebook.com https://www.youtube.com https://carglass930-cm-be.prd.reference.be https://sitecore.carglass.be https://www.google.com https://www.surveygizmo.com https://bid.g.doubleclick.net https://s7.addthis.com https://www.youtube-nocookie.com https://forms.hubspot.com https://e.issuu.com https://player.vimeo.com https://survey.alchemer.com https://alchemer.com *.cxense.com https://intercom-sheets.com https://survey.alchemer.eu *.qualtrics.com https://td.doubleclick.net https://apps.mypurecloud.de;img-src 'self' data: https://www.google.be https://www.google.com *.bing.com https://www.google-analytics.com https://track.hubspot.com https://stats.g.doubleclick.net https://www.facebook.com https://www.carglass.be https://maps.gstatic.com https://maps.googleapis.com https://p.yotpo.com https://carglass-prd-930-images.azurewebsites.net https://carglass930-cd-be.prd.reference.be https://images.carglass.be https://ssl.gstatic.com https://www.gstatic.com www.googletagmanager.com https://googleads.g.doubleclick.net https://script.hotjar.com http://script.hotjar.com https://email.carglass.be https://forms.hubspot.com https://no-cache.hubspot.com https://img.youtube.com https://script.google.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com https://comcluster.cxense.com https://t.teads.tv https://cdn.optimizely.com https://cx.atdmt.com https://secure.adnxs.com https://cdn-yotpo-images-production.yotpo.com https://pubads.g.doubleclick.net https://scomcluster.cxense.com https://www.clarity.ms https://c.clarity.ms https://u360.d-bi.fr https://l.teads.tv https://cm.teads.tv https://p1.zemanta.com *.cookielaw.org https://www.google.nl https://cdn.cookielaw.org *.privacysandbox.googleadservices *.fls.doubleclick.net carglass-be-gtm.ew.r.appspot.com https://cbks0.google.com https://cbks0.googleapis.com https://cbks1.google.com https://cbks1.googleapis.com https://cbks2.google.com https://cbks2.googleapis.com https://cbks3.google.com https://cbks3.googleapis.com https://clients.l.google.com https://fonts.googleapis.com https://geo0.ggpht.com https://geo1.ggpht.com https://geo2.ggpht.com https://geo3.ggpht.com https://googleapis.l.google.com https://khm.google.com https://khm.googleapis.com https://khm.l.google.com https://khm0.google.com https://khm0.googleapis.com https://khm1.google.com https://khm1.googleapis.com https://khmdb0.google.com https://khmdb0.googleapis.com https://khmdb1.google.com https://khmdb1.googleapis.com https://khms0.google.com https://khms0.googleapis.com https://khms1.google.com https://khms1.googleapis.com https://khms2.google.com https://khms2.googleapis.com https://khms3.google.com https://khms3.googleapis.com https://lh3.ggpht.com https://lh3.googleusercontent.com https://lh4.ggpht.com https://lh4.googleusercontent.com https://lh5.ggpht.com https://lh5.googleusercontent.com https://lh6.ggpht.com https://lh6.googleusercontent.com https://maps.l.google.com https://mt.l.google.com https://streetviewpixels-pa.googleapis.com https://static.hotjar.com https://platform-cdn.sharethis.com https://l.sharethis.com *.qualtrics.com https://ad.doubleclick.net https://*.mypurecloud.de https://*.euc1.pure.cloud https://collect.carglass.be https://fonts.gstatic.com https://www.googleadservices.com https://*.gumgum.com https://adservice.google.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.googletagmanager.com https://ajax.googleapis.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://s3.amazonaws.com https://bat.bing.com https://js.hs-scripts.com https://enquete.agconsult.com https://cdnssl.clicktale.net https://www.google-analytics.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://js.hs-banner.com https://js.hsleadflows.net https://js.hsadspixel.net https://js.hs-analytics.net https://tags.tiqcdn.com https://visitor-service.tealiumiq.com https://connect.facebook.net https://visitor-service-eu-central-1.tealiumiq.com https://cdn.optimizely.com https://maps.googleapis.com https://staticw2.yotpo.com https://www.google.com https://ipinfo.io https://cdn.cookielaw.org https://cdn3.optimizely.com https://s7.addthis.com https://tagmanager.google.com https://ssl.google-analytics.com https://gstatic.com https://www.gstatic.com https://cdn-assets-prod.s3.amazonaws.com https://app.optimizely.com https://optimizely.s3.amazonaws.com https://apollo.carglass.be https://z.moatads.com https://v1.addthisedge.com https://m.addthis.com https://graph.facebook.com https://api-public.addthis.com https://code.jquery.com https://stackpath.bootstrapcdn.com https://forms.hubspot.com https://js.hscta.net https://geolocation.onetrust.com https://www.youtube.com https://cdnjs.cloudflare.com https://widget.intercom.io https://js.intercomcdn.com https://api-iam.intercom.io https://player.vimeo.com https://app.intercom.io https://p.teads.tv https://cta-service-cms2.hubspot.com https://scdn.cxense.com https://polyfill.io *.clarity.ms https://u360.d-bi.fr https://analytics.freespee.com https://id.cxense.com https://cdn.freespee.com https://5tyiep8ui4.execute-api.eu-central-1.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.google.nl https://optimizely-hrd.appspot.com https://platform-api.sharethis.com https://buttons-config.sharethis.com *.qualtrics.com https://*.mypurecloud.ie https://*.mypurecloud.de https://*.nr-data.net https://*.newrelic.com https://*.euc1.pure.cloud https://edi5on.com https://*.gumgum.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://staticw2.yotpo.com https://tagmanager.google.com https://stackpath.bootstrapcdn.com https://googletagmanager.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rawgit.com cdn.jsdelivr.net cdnjs.cloudflare.com stackpath.bootstrapcdn.com *.googleapis.com static.addtoany.com connect.facebook.net *.cookiebot.com *.googletagmanager.com spg.qly.site1.sibs.pt api.sibspayments.com *.google-analytics.com cdn-te.e-goi.com; object-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.fontawesome.com; media-src 'self' 'unsafe-inline'; form-action 'self' *.sibs.pt *.sibspayments.com; frame-src 'self' 'unsafe-inline' consentcdn.cookiebot.com static.addtoany.com www.facebook.com *.sibs.pt *.sibspayments.com; font-src 'self' 'unsafe-inline' *.fontawesome.com; report-uri /report-csp-violation 1
default-src 'self' *.testvenuedirectory.com *.stagingvenuedirectory.com *.venuedirectory.com *.tvdsandbox.co.uk *.umbraco.org *.sharethis.com *.gstatic.com *.googleapis.com *.google.com wchat.freshchat.com *.youtube.com *.doubleclick.net *.google-analytics.com *.visualstudio.com www.vflive.co.uk stats.g.doubleclick.net *.sendinblue.com sibautomation.com *.brevo.com bcp.crwdcntrl.net data.stbuttons.click *.pendo.io *.cookielaw.org *.onetrust.com *.vflive.co.uk;img-src 'self' *.testvenuedirectory.com *.stagingvenuedirectory.com *.venuedirectory.com *.tvdsandbox.co.uk data: umbraco.tv *.gstatic.com *.googleapis.com *.google.com *.google.co.in *.sharethis.com *.youtube.com *.google-analytics.com *.cloudfront.net *.ggpht.com *.pendo.io *.cookielaw.org *.onetrust.com *.vflive.co.uk *.googletagmanager.com;script-src 'self' *.testvenuedirectory.com *.stagingvenuedirectory.com *.venuedirectory.com *.tvdsandbox.co.uk 'unsafe-inline' 'unsafe-eval' sibautomation.com *.gstatic.com *.googleapis.com *.google.com polyfill-fastly.io *.sharethis.com *.youtube.com wchat.freshchat.com *.googletagmanager.com *.msecnd.net *.google-analytics.com *.doubleclick.net *.pendo.io *.cookielaw.org *.onetrust.com *.vflive.co.uk;style-src 'self' *.testvenuedirectory.com *.stagingvenuedirectory.com *.venuedirectory.com *.tvdsandbox.co.uk 'unsafe-inline' *.gstatic.com *.googleapis.com *.google.com wchat.freshchat.com *.doubleclick.net *.pendo.io *.cookielaw.org *.onetrust.com *.vflive.co.uk *.sharethis.com;frame-src 'self' *.google.com sibautomation.com *.pendo.io *.youtube.com *.cookielaw.org *.onetrust.com *.freshchat.com *.vflive.co.uk vflive.co.uk *.sharethis.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.licdn.com *.hotjar.com *.ads-twitter.com *.aspnetcdn.com secure.leadforensics.com googleads.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.googletagmanager.com unpkg.com  https://www.google.com/recaptcha/api.js https://maps.googleapis.com *.gstatic.com *.googleapis.com *.addthis.com *.addthisedge.com *.moatads.com *.cookiebot.com; base-uri 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com; frame-ancestors 'self' www.youtube.com fonts.googleapis.com *.vimeo.com 1
default-src 'self' http://persis.gemu-group.com:8080 *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.albacross.com *.webtraxs.com *.ggpht.com amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.userlike.com userlike-cdn-umm.b-cdn.net *.leadenhancer.com wss://*.userlike.com *.alexametrics.com cdn.delight-vr.com *.cookiebot.eu *.cookiebot.com *.simpli.fi slsntllgnc.com usercentrics.eu data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.gemu-group.com 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.knorr-bremse.com:* https://cdn.cookielaw.org https://responder.wt-safetag.com https://fbc.wcfbc.net https://*.gstatic.com https://*.googleapis.com https://www.youtube.com https://www.youtube-nocookie.com https://*.ytimg.com https://n0c357rmy1njbuit2friqwu.blob.core.windows.net; frame-ancestors 'self' https://www.threesixty-events.de/selectron_innotrans/; 1
frame-ancestors https://jionews.com/ https://jionewsdev1.jio.ril.com/ 1
default-src 'self' ;frame-ancestors 'self' ; form-action 'self' https://login.microsoftonline.com ; frame-src 'self' ; script-src-elem 'unsafe-inline' 'self' ; style-src-elem 'unsafe-inline' 'self' ; img-src 'self' data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self' 1
frame-ancestors 'self' https://www.adh-fishing.com https://adh-fishing.com https://www.adh-fishing.de https://adh-fishing.de; 1
frame-ancestors 'self' control.motionpoint.com/ iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ https://www.next.ro 1
base-uri 'self'; default-src 'self' *.macgamestore.com *.wingamestore.com; form-action 'self' https://*.paypal.com https://*.apple.com https://*.zendesk.com; frame-src 'self' cdn1.macgamestore.com *.trustpilot.com *.facebook.net *.twitter.com *.youtube.com *.google.com *.paypal.com *.braintreegateway.com *.apple.com *.ubisoft.com; frame-ancestors 'self'; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com *.trustpilot.com *.facebook.com *.braintreegateway.com *.braintree-api.com http://127.0.0.1:11155; script-src 'self' 'nonce-3c6716551b78017dcd972fb4f1d3edaab612' appleid.cdn-apple.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.trustpilot.com *.facebook.net *.twitter.com *.youtube.com *.ytimg.com *.paypal.com *.paypalobjects.com *.braintreegateway.com ubistatic2-a.akamaihd.net; style-src 'self' 'unsafe-inline' accounts.google.com; img-src 'self' data: blob: *.macgamestore.com *.wingamestore.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.googletagmanager.com *.trustpilot.com *.facebook.com *.fbsbx.com *.fbcdn.net *.facebook.net *.twitter.com *.youtube.com *.ytimg.com *.akamaized.net *.paypal.com *.braintreegateway.com www.gravatar.com; font-src 'self' data: *.gstatic.com *.googleusercontent.com fontlibrary.org github.com use.typekit.net cdn.honey.io; 1
default-src 'self' blob: cdn.plaid.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.mapbox.com https://cdn.unstack.com https://js.intercomcdn.com https://cdn.hellosign.com https://widget.intercom.io https://googleads.g.doubleclick.net https://www.googleadservices.com https://static.hsappstatic.net https://platform-api.sharethis.com https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.15.8/highlight.min.js cdn.spark.app widget.privy.com beacon-v2.helpscout.net *.gstatic.com *.appcues.com *.appcues.net *.hs-analytics.net *.hs-scripts.com *.logrocket.io *.googleapis.com maps.google.com *.plaid.com *.stripe.com *.braintreegateway.com www.paypalobjects.com *.mxpnl.com connect.facebook.net *.googletagmanager.com js.hs-banner.com www.google-analytics.com; font-src 'self' data: https://res-1.cdn.office.net/files/fabric-cdn-prod_20221201.001/assets/icons/ https://res-1.cdn.office.net/files/fabric-cdn-prod_20221201.001/assets/fonts/ https://cdn.unstack.com https://cdn.spark.app https://cloud.typography.com https://*.gstatic.com; connect-src 'self' https://events.mapbox.com https://api.mapbox.com https://notify.bugsnag.com https://analytics.google.com https://sessions.bugsnag.com https://l.sharethis.com https://*.privy.com https://*.googleapis.com wss://ws-helpscout.pusher.com https://sockjs-helpscout.pusher.com https://analytics.google.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://firestore.googleapis.com https://*.logrocket.io *.mixpanel.com wss://api.appcues.net *.s3.amazonaws.com https://www.google-analytics.com https://stats.g.doubleclick.net; img-src 'self' data: blob: https://d3h3lpctydzo3v.cloudfront.net https://cdn.unstack.com https://mms.unstack.com https://events.privy.com https://assets.privy.com https://privymktg.com https://cdn.spark.app https://d33v4339jhl8k0.cloudfront.net https://*.plaid.com https://*.stripe.com https://*.braintreegateway.com https://checkout.paypal.com https://*.s3.amazonaws.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://notify.bugsnag.com https://track.hubspot.com https://www.facebook.com https://d3h3lpctydzo3v.cloudfront.net https://google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://api.mapbox.com https://res-1.cdn.office.net/files/fabric-cdn-prod_20221209.001/office-ui-fabric-core/11.1.0/css/fabric.min.css https://cdn.unstack.com https://assets.privy.com https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.15.8/styles/github.min.css https://cdn.spark.app https://*.appcues.com https://cloud.typography.com https://d12qcj0uj8d5fb.cloudfront.net https://*.gstatic.com https://*.googleapis.com https://*.google.com; media-src 'self' blob: https://d3h3lpctydzo3v.cloudfront.net; child-src 'self' blob: https://*.plaid.com https://*.stripe.com https://*.braintreegateway.com https://c.paypal.com; frame-src 'self' blob: data: https://www.petpocketbook.com/ https://ppbproduction.s3.amazonaws.com/ https://d3h3lpctydzo3v.cloudfront.net/ https://d2qjscj87954o5.cloudfront.net/ https://app.hellosign.com/ https://embedded.hellosign.com/ https://www.youtube.com/ https://bid.g.doubleclick.net/ https://www.facebook.com https://meetings.hubspot.com https://c.sharethis.mgr.consensu.org https://*.appcues.com https://*.plaid.com https://*.stripe.com https://*.braintreegateway.com https://c.paypal.com https://docs.google.com/; 1
upgrade-insecure-requests; frame-ancestors https://burgan.com https://*.burgan.com https://*.burganbank.com; 1
form-action 'self';object-src 'none' 1
default-src data: https: wss: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; 1
style-src 'self' 'unsafe-inline' *.readspeaker.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src-elem 'self' 'sha256-kDRQ3dagwwb3nrm8xnMC0VgLt6lNN98+2oajznduaKI='; font-src 'self'; img-src data: *; frame-src *; connect-src 'self' https://ucs-sso.schule-sh.de/ http://ucs-sso.schule-sh.de/; frame-ancestors 'self' https://ucs-sso.schule-sh.de/ http://ucs-sso.schule-sh.de/; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.liveabout.com 1
default-src 'none'; child-src 'self' https://cdn-ukwest.onetrust.com; connect-src 'self' *.rekai.se https://*.kundo.se/ https://*.lantmannen.com/ https://adservice.google.com https://adservice.google.com/ https://api.hubapi.com/ https://api.hubspot.com/ https://cdn-ukwest.onetrust.com https://content.hotjar.io/ https://cta-service-cms2.hubspot.com/ https://dc.services.visualstudio.com https://esp-eu.aptrinsic.com/ https://esp-eu.aptrinsic.com/rte/v1/ https://f.clarity.ms/collect https://fonts.googleapis.com https://forms.hsforms.com/ https://forms.hsforms.com/embed/v3/ https://forms.hubspot.com/ https://geolocation.onetrust.com https://googleads.g.doubleclick.net/pagead/ https://maps.googleapis.com/ https://matomo.azurewebsites.net https://metrics.hotjar.io/ https://pagead2.googlesyndication.com https://privacyportal-uk.onetrust.com https://px.ads.linkedin.com https://px.ads.linkedin.com/wa/ https://px4.ads.linkedin.com https://q.clarity.ms https://region1.analytics.google.com/ https://region1.google-analytics.com/ https://sleeknotestaticcontent.sleeknote.com https://stats.g.doubleclick.net/ https://t.clarity.ms https://translate.googleapis.com/ https://unpkg.com https://unpkg.com/ https://unpkg.com/swiper@8/swiper-bundle.min.css https://w.clarity.ms https://www.facebook.com/ https://www.google-analytics.com https://www.google.com/pagead/ https://www.google.fi https://www.google.no https://x.clarity.ms https://y.clarity.ms https://z.clarity.ms wss://ws.hotjar.com/api/; font-src 'self' data: https://*.cloudfront.net/graphik/ https://*.cloudfront.net/lato/ https://*.lantmannen.com/ https://brand-incl.lantmannen.com https://cdn-ukwest.onetrust.com https://cdn.jsdelivr.net/npm/bootstrap-icons@1.10.5/font/bootstrap-icons.css https://cdn.jsdelivr.net/npm/bootstrap-icons@1.10.5/font/fonts/ https://cdn.jsdelivr.net/npm/bootstrap-icons@1.7.2/font/bootstrap-icons.css https://cdn.jsdelivr.net/npm/bootstrap-icons@1.7.2/font/fonts/ https://cdnjs.cloudflare.com/ https://fonts.gstatic.com/ https://sleeknotestaticcontent.sleeknote.com https://use.fontawesome.com/; form-action 'self' https://cdn-ukwest.onetrust.com https://forms.hsforms.com/; frame-ancestors 'self' https://cdn-ukwest.onetrust.com https://www.lantmannencerealia.no; frame-src 'self' https://*.hs-sites.com/ https://*.kundo.se/ https://*.scratcher.io/ https://12640402.fls.doubleclick.net/ https://13014958.fls.doubleclick.net https://9757970.fls.doubleclick.net/ https://agrol.lubricantadvisor.com https://cdn-ukwest.onetrust.com https://dreambroker.com/ https://embed.acast.com/ https://form.apsis.one/ https://forms.hsforms.com/ https://odla-herbicide.azurewebsites.net/ https://odla-mixture.azurewebsites.net/ https://open.spotify.com/ https://player.vimeo.com/ https://press.lantmannen.com/ https://staspeneducationde.z6.web.core.windows.net/ https://staspeneducationdk.z6.web.core.windows.net/ https://staspeneducationfi.z6.web.core.windows.net/ https://staspeneducationfr.z6.web.core.windows.net/ https://staspeneducationit.z6.web.core.windows.net/ https://staspeneducationnl.z6.web.core.windows.net/ https://staspeneducationno.z6.web.core.windows.net/ https://staspeneducationse.z6.web.core.windows.net/ https://staspeneducationuk.z6.web.core.windows.net/ https://statistics-dashboard.azurewebsites.net/ https://stgagroltips.z6.web.core.windows.net/ https://td.doubleclick.net/ https://test-agrol.lubricantadvisor.com/ https://viewer.ipaper.io/ https://www.google.com/ https://www.lantmannenlantbrukmaskin.se https://www.youtube.com/; img-src 'self' data: https://*.lantmannen.com/ https://2714594.fs1.hubspotusercontent-na1.net/ https://ad.doubleclick.net/ https://adservice.google.com https://adservice.google.com/ https://analytics.sleeknote.com https://bat.bing.com/ https://brand-incl.lantmannen.com https://c.clarity.ms https://c.clarity.ms/c.gif https://cdn-ukwest.onetrust.com https://cta-service-cms2.hubspot.com/ https://fonts.gstatic.com/ https://forms-na1.hsforms.com/embed/v3/ https://forms.hsforms.com/embed/v3/ https://googleads.g.doubleclick.net/pagead/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://i.ytimg.com https://img.youtube.com/ https://maps.googleapis.com/ https://maps.gstatic.com/mapfiles/ https://mnd-assets.mynewsdesk.com/ https://pagead2.googlesyndication.com https://perf-na1.hsforms.com/embed/v3/counters.gif https://px.ads.linkedin.com https://px.ads.linkedin.com/ https://px4.ads.linkedin.com https://sleeknotestaticcontent.sleeknote.com https://static.hsappstatic.net/ https://static.hubspot.com/ https://track.hubspot.com/ https://vumbnail.com https://www.facebook.com/ https://www.google-analytics.com/ https://www.google.be https://www.google.co.in https://www.google.com/ads/ https://www.google.com/pagead/ https://www.google.de https://www.google.dk/ https://www.google.es https://www.google.fi https://www.google.lt https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ro https://www.google.se/ads/ https://www.google.se/pagead/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.lantmannen.com https://www.lantmannen.se/ https://www.lantmannenbiorefineries.se https://www.lantmannencerealia.com https://www.lantmannenlantbrukmaskin.se https://www.lantmannenunibake.dk https://www.linkedin.com/ https://www.odla.lantmannenlantbruk.se https://www.schulstadbakerysolutions.dk; manifest-src 'self' https://cdn-ukwest.onetrust.com https://www.kraffthastfoder.se; media-src 'self' https://cdn-ukwest.onetrust.com; navigate-to 'self' https://cdn-ukwest.onetrust.com; object-src 'self' https://cdn-ukwest.onetrust.com; script-src-attr 'self' 'unsafe-inline' https://*.lantmannen.com/ https://*.scratcher.io/ https://cdn-ukwest.onetrust.com https://cdnjs.cloudflare.com/ https://popper.js.org/; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.rekai.se https://*.hotjar.com/ https://*.kundo.se/ https://*.lantmannen.com/ https://*.scratcher.io/ https://ajax.googleapis.com/ajax/libs/angularjs/1.6.4/angular.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js https://bat.bing.com/bat.js https://bat.bing.com/p/action/343099345.js https://brand-incl.lantmannen.com https://cdn-ukwest.onetrust.com https://cdn.jsdelivr.net/npm/@splidejs/splide@4.1.4/dist/js/splide.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/js/ https://cdn.rawgit.com/twbs/bootstrap/v3.3.7/js/affix.js https://cdnjs.cloudflare.com/ https://code.jquery.com https://connect.facebook.net/ https://fonts.googleapis.com/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://js-na1.hs-scripts.com/ https://js.hs-analytics.net/analytics/ https://js.hs-banner.com/ https://js.hs-scripts.com/2714594.js https://js.hsadspixel.net/fb.js https://js.hsforms.net/ https://js.hsforms.net/forms/embed/v2.js https://js.hsleadflows.net/leadflows.js https://js.hubspot.com/web-interactives-embed.js https://js.monitor.azure.com https://js.usemessages.com/conversations-embed.js https://maps.googleapis.com/ https://matomo.azurewebsites.net https://netdna.bootstrapcdn.com/bootstrap/3.1.1/js/bootstrap.min.js https://player.vimeo.com/api/player.js https://popper.js.org/ https://secure.smart-business-foresight.com https://sibautomation.com/ https://sleeknotecustomerscripts.sleeknote.com https://sleeknotestaticcontent.sleeknote.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://translate-pa.googleapis.com/ https://translate.google.com/ https://translate.googleapis.com/ https://unpkg.com/ https://use.fontawesome.com/ https://web-sdk-eu.aptrinsic.com https://www.clarity.ms/ https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/enterprise.js https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.youtube.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.rekai.se https://*.kundo.se/ https://*.lantmannen.com/ https://cdn-ukwest.onetrust.com https://cdn.rawgit.com https://cdnjs.cloudflare.com/ https://code.jquery.com https://connect.facebook.net https://js.monitor.azure.com https://maps.googleapis.com/ https://popper.js.org/ https://secure.smart-business-foresight.com https://static-chat.kundo.se/ https://static.hotjar.com/ https://translate.google.com https://unpkg.com https://use.fontawesome.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com/; style-src-attr 'self' 'unsafe-inline' https://*.lantmannen.com/ https://cdn-ukwest.onetrust.com https://cdn.jsdelivr.net/npm/@splidejs/splide@4.1.4/dist/css/splide.min.css https://cdnjs.cloudflare.com/ https://sleeknotestaticcontent.sleeknote.com; style-src-elem 'self' 'unsafe-inline' data: https://*.kundo.se/ https://*.lantmannen.com/ https://brand-incl.lantmannen.com https://cdn-ukwest.onetrust.com https://cdn.jsdelivr.net https://cdn.jsdelivr.net/npm/@splidejs/splide@4.1.4/dist/css/splide.min.css https://cdn.jsdelivr.net/npm/bootstrap-icons@1.10.5/font/bootstrap-icons.css https://cdn.jsdelivr.net/npm/bootstrap-icons@1.7.2/font/bootstrap-icons.css https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com/ https://chat.kundo.se https://chat.kundo.se/ https://fast.fonts.net https://fonts.googleapis.com https://fonts.googleapis.com/ https://hello.myfonts.net https://netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css https://sleeknotestaticcontent.sleeknote.com https://static-chat.kundo.se/ https://unpkg.com https://unpkg.com/ https://unpkg.com/swiper@8/swiper-bundle.min.css https://use.fontawesome.com https://use.fontawesome.com/ https://web-sdk-eu.aptrinsic.com/ https://www.gstatic.com/; style-src 'self' 'unsafe-inline' data: https://*.lantmannen.com/ https://cdn-ukwest.onetrust.com https://cdn.jsdelivr.net https://cdn.jsdelivr.net/npm/@splidejs/splide@4.1.4/dist/css/splide.min.css https://cdnjs.cloudflare.com https://chat.kundo.se/ https://sleeknotestaticcontent.sleeknote.com https://static-chat.kundo.se/ https://use.fontawesome.com https://www.gstatic.com/; worker-src 'self' https://cdn-ukwest.onetrust.com; base-uri https://cdn-ukwest.onetrust.com https://www.schulstadbakerysolutions.de; 1
upgrade-insecure-requests; frame-ancestors 'none' *.parchment.com; 1
default-src 'none'; connect-src 'self' sgtm.bigbank.eu vimeo.com www.facebook.com https://hcaptcha.com https://*.hcaptcha.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net https://api.country.is; script-src 'unsafe-inline' 'unsafe-eval' 'self' sgtm.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com *.googletagmanager.com www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com connect.facebook.net; img-src 'self' data: sgtm.bigbank.eu www.facebook.com static.bigbank.eu marketing-polaris-eu.s3.eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com s3.eu-west-1.amazonaws.com marketing-polaris-eu.s3.eu-central-1.amazonaws.com s3-eu-central-1.amazonaws.com s3.eu-central-1.amazonaws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net www.google.lv www.google.nl www.google.co.uk www.google.no www.google.at www.google.lt www.google.ee www.google.com www.google.de www.google.bg www.google.it www.google.se www.google.ru www.google.es www.google.fi www.google.be www.google.de www.google.fr www.google.pl translate.google.com www.gstatic.com www.google.dk www.google.ch www.google.gm www.google.rs www.google.sn www.google.pt www.gstatic.com translate.google.com; style-src 'unsafe-inline' 'self' https://hcaptcha.com https://*.hcaptcha.com; object-src 'self' static.bigbank.eu; media-src 'self' static.bigbank.eu; font-src 'self' data:; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com player.vimeo.com www.googletagmanager.com; upgrade-insecure-requests; report-uri https://bigbank.uriports.com/reports/report; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google-analytics.com *.addthis.com *.amigosmuseoprado.org *.google.com *.ytimg.com *.youtube.com *.addthisedge.com *.bookitit.com *.jsdelivr.net *.ovidds.com my.icareus.com icomem.probetax.es *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.metricool.com https://*.hotjar.com wss://*.hotjar.com *.hotjar.io *.addtoany.com *.webempresa.eu unpkg.com *.arkibot.app *.googletagmanager.com *.saludalplato.es quickchart.io 1
connect-src 'self' https://www.googleapis.com/customsearch/v1 https://dc.services.visualstudio.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.nz https://maps.googleapis.com ;  frame-src 'self' https://www.youtube.com https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://scv.bankstatements.com.au/ ;  default-src 'self' ;  img-src 'self' data: https://*.tmcdn.co.nz https://*.google.co.nz https://*.google.com https://www.facebook.com https://www.googleadservices.com https://*.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://ssl.gstatic.com https://www.gstatic.com https://maps.gstatic.com https://*.googletagmanager.com https://maps.googleapis.com https://*.fls.doubleclick.net https://ade.googlesyndication.com ;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com https://*.googletagmanager.com https://www.googleanalytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googleadservices.com https://adservice.google.com https://googleadservices.com https://az416426.vo.msecnd.net https://maps.googleapis.com https://googleads.g.doubleclick.net https://www.google.com ;  style-src 'self' 'unsafe-inline' https://www.co-operativebank.co.nz https://my.co-operativebank.co.nz https://apply.co-operativebank.co.nz https://tagmanager.google.com https://fonts.googleapis.com ;  media-src blob: ;  font-src 'self' data: https://fonts.gstatic.com 1
default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src 'self' *.youtube.com *.desmos.com; img-src * blob: data:; media-src * blob: data:; font-src 'self' data:; base-uri 'self'; object-src 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wlresources.com *.my.cam *.model.cam *.link.cam *.google.com *.googleapis.com *.gstatic.com *.facebook.net *.google-analytics.com *.googlesyndication.com https://www.googletagservices.com https://www.googletagmanager.com *.doubleclick.net; connect-src 'self' *.wlresources.com *.my.cam *.model.cam *.link.cam wss://api.my.cam *.facebook.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com; worker-src 'self' blob:; report-uri /err0r/js?ts=1721960201 1
frame-ancestors 'self' https://buy.adesa.com https://ots.drivindealer.com https://*.iasmarketplace.com https://*.velocicast.io 1
frame-ancestors 'self' cms.ouster.com gemini.ouster.dev gemini.ouster.com 1
frame-ancestors 'self' https://*.toyota.at https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
frame-ancestors *.adit.com;base-uri 'none';default-src 'none';script-src 'self' https: 'strict-dynamic' 'unsafe-inline' 'unsafe-hashes' 'nonce-D1tNQsGy0ZwYC19Qt6NwYhApHM1ZpYER';script-src-elem https: 'unsafe-inline' 'unsafe-hashes';script-src-attr https: 'unsafe-inline' 'unsafe-hashes';object-src 'none';img-src 'self' https: data: blob:;style-src 'self' 'unsafe-hashes' 'unsafe-inline' 'nonce-D1tNQsGy0ZwYC19Qt6NwYhApHM1ZpYER';style-src-elem https: 'unsafe-inline' 'unsafe-hashes';style-src-attr https: 'unsafe-inline' 'unsafe-hashes';media-src 'self';worker-src 'self' blob:;form-action 'self' https://www.facebook.com/tr/;connect-src 'self' https: ws:;font-src 'self' data: https: http:;frame-src 'self' https: http:;block-all-mixed-content;upgrade-insecure-requests 1
frame-ancestors 'self' rectangle.design localhost middleeasteye.net *.middleeasteye.net alaraby.co.uk *.alaraby.co.uk theintercept.com *.theintercept.com thetimes.co.uk *.thetimes.co.uk telegraph.co.uk *.telegraph.co.uk aljazeera.com *.aljazeera.com timesofisrael.com *.timesofisrael.com jpost.com *.jpost.com vercel.app *.vercel.app; 1
connect-src 'self' ws: wss: https://survey.feedbackly.com https://api.flockler.com https://*.giosg.com https://*.giosgusercontent.com https://www.google-analytics.com *.google-analytics.com *.analytics.google.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com/ *.bing.com wss://*.bing.com https://*.clarity.ms; default-src 'none'; font-src 'self' use.fontawesome.com fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com; frame-src 'self' blob: data: mailto: tel: https://www.facebook.com/ https://survey.feedbackly.com https://surveys.feedbackly.com https://*.giosg.com https://*.giosgusercontent.com https://*.doubleclick.net *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com sdx.microsoft.com https://*.clarity.ms https://w.soundcloud.com secredirect.wheelq.com surveys.wheelq.com www.youtube.com www.youtube-nocookie.com; img-src 'self' data: https://www.facebook.com https://*.fbcdn.net flockler.com media-api.flockler.com giosg-chat-public-eu.s3.amazonaws.com cdn.giosgusercontent.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.fi https://*.doubleclick.net *.google-analytics.com *.analytics.google.com https://www.google.com/pagead/landing https://stats.g.doubleclick.net js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://*.cdninstagram.com https://*.ads.linkedin.com *.bing.com *.microsoft.com https://*.clarity.ms https://*.twimg.com img.youtube.com https://i.ytimg.com; object-src 'self'; script-src 'self' 'unsafe-eval' https://connect.facebook.net https://survey.feedbackly.com https://*.giosg.com https://*.giosgusercontent.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com https://snap.licdn.com https://bat.bing.com https://r.bing.com https://c.bing.com https://*.clarity.ms https://www.youtube.com/ https://www.youtube.com/iframe_api 'unsafe-inline'; style-src 'self' use.fontawesome.com https://*.giosg.com https://*.giosgusercontent.com https://fonts.googleapis.com https://tagmanager.google.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net *.bing.com https://*.clarity.ms 'unsafe-inline'; 1
frame-ancestors 'self' https://*.diak.fi; 1
frame-ancestors self www.vix.com.br 1
default-src 'self'; connect-src https://region1.google-analytics.com https://www.google-analytics.com https://maps.googleapis.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com; img-src 'self' data: https://www.toegankelijkheidsverklaring.nl https://www.gstatic.com https://maps.gstatic.com https://ssl.gstatic.com https://maps.googleapis.com/ https://www.upload.ee https://secure.gravatar.com https://www.google-analytics.com https://lh3.googleusercontent.com https://scontent-ams2-1.xx.fbcdn.net https://fonts.gstatic.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; frame-src https://www.youtube.com https://player.vimeo.com 'self'; frame-ancestors 'none'; form-action https://connect.smashballoon.com/auth/ig/ 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://npmcdn.com https://analytics.tiktok.com https://*.website-files.com/ https://unpkg.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://accounts.google.com https://appleid.cdn-apple.com https://www.gstatic.com https://www.redditstatic.com https://www.google.com https://static.ads-twitter.com https://*.srv.stackadapt.com https://qvdt3feo.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.bing.com https://*.googletagmanager.com https://*.yahoo.com https://*.yahoodns.net https://*.yimg.com sp.analytics.yahoo.com s.yimg.com https://fonts.gstatic.com https://www.google.com.hk https://www.google.com.au https://s.yimg.com https://www.buzzsprout.com https://www.googleoptimize.com https://*.outbrain.com https://websdk.appsflyer.com https://calendly.com https://www.googleadservices.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://www.youtube.com https://s.ytimg.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://static.zdassets.com https://assets.calendly.com https://ekr.zdassets.com https://syfe.zendesk.com wss://syfe.zendesk.com wss://*.zopim.com https://stats.g.doubleclick.net https://connect.facebook.net https://fast.wistia.com https://optimize.google.com https://sjs.bizographics.com https://px.ads.linkedin.com https://tagmanager.google.com https://snap.licdn.com https://amplify.outbrain.com https://cdn.taboola.com https://trc.taboola.com https://www.datadoghq-browser-agent.com https://rum-http-intake.logs.datadoghq.eu https://api.smooch.io https://www.syfe.com https://stable-production-v1-www-assets-sync-bucket.s3.amazonaws.com; img-src 'self' data: https://cdnjs.cloudflare.com https://*.website-files.com https://*.cloudfront.net https://stable-production-v1-user-documents-bucket.s3.ap-southeast-1.amazonaws.com https://stable-production-v1-user-documents-bucket.s3.us-west-2.amazonaws.com https://www.syfe.com https://stable-production-v1-www-assets-sync-bucket.s3.amazonaws.com https://*.twitter.com https://*.reddit.com https://*.bing.com https://*.googleusercontent.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.yahoo.com https://*.yahoodns.net https://*.yimg.com sp.analytics.yahoo.com s.yimg.com https://www.google.com.hk https://www.google.com.au https://badge.seedly.sg https://www.google.com https://optimize.google.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://stable-production-v1-public-assets.s3.ap-southeast-1.amazonaws.com/ https://insights.hotjar.com http://static.hotjar.com https://static.hotjar.com https://ekr.zdassets.com https://syfe.zendesk.com https://v2assets.zopim.io https://static.zdassets.com https://www.facebook.com https://embedwistia-a.akamaihd.net https://fast.wistia.com https://www.google.com https://www.google.com.sg https://www.google.co.in https://ssl.gstatic.com https://www.gstatic.com https://px.ads.linkedin.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://p.adsymptotic.com https://www.dianomi.com https://cds.taboola.com https://api.smooch.io https://accounts.zendesk.com https://*.srv.stackadapt.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://*.website-files.com https://accounts.google.com https://optimize.google.com https://fonts.googleapis.com https://tagmanager.google.com https://calendly.com https://*.srv.stackadapt.com https://www.syfe.com https://stable-production-v1-www-assets-sync-bucket.s3.amazonaws.com; font-src 'self' data: https://cdnjs.cloudflare.com https://*.website-files.com https://uploads-ssl.webflow.com https://fonts.googleapis.com https://fonts.gstatic.com https://js.intercomcdn.com http://static.hotjar.com https://static.hotjar.com https://www.syfe.com https://stable-production-v1-www-assets-sync-bucket.s3.amazonaws.com; child-src 'self' blob: https://share.intercom.io https://intercom-sheets.com https://www.youtube.com https://vars.hotjar.com https://fast.wistia.net https://www.syfe.com https://stable-production-v1-www-assets-sync-bucket.s3.amazonaws.com; media-src 'self' data: blob: https://stable-production-v1-www-persistent-assets-bucket.s3.ap-southeast-1.amazonaws.com https://js.intercomcdn.com https://static.zdassets.com https://embedwistia-a.akamaihd.net https://stable-production-v1-public-assets.s3.ap-southeast-1.amazonaws.com/ https://www.syfe.com https://stable-production-v1-www-assets-sync-bucket.s3.amazonaws.com; object-src 'self' blob:; connect-src 'self' data: *; frame-src 'self' https://accounts.google.com https://www.google.com/ https://open.spotify.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.yahoo.com https://*.yahoodns.net https://*.yimg.com sp.analytics.yahoo.com s.yimg.com https://www.buzzsprout.com https://optimize.google.com https://fast.wistia.com/ https://www.youtube.com/ https://vars.hotjar.com https://www.facebook.com/ https://calendly.com https://www.syfe.com https://stable-production-v1-www-assets-sync-bucket.s3.amazonaws.com; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.acsbap.com https://*.acsbapp.com https://*.adsrvr.org https://*.akstat.io https://*.bazaarvoice.com https://*.datasteam.io https://*.forter.com https://*.go-mpulse.net https://*.google-analytics.com https://*.iperceptions.com https://*.mpstats.us https://*.ncl.com https://*.newrelic.com https://*.nr-data.net https://*.optimizely.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.taboola.com https://*.yahoo.co.jp https://3001.scriptcdn.net https://aa.agkn.com https://acsbap.com https://acsbapp.com https://adstax-cdn.adrtx.net https://ajax.googleapis.com https://analytics.convertlanguage.com https://analytics.tiktok.com https://apps.rokt.com https://assets.adobedtm.com https://bat.bing.com https://blinkjork.com https://blocked.syd-1.linewize.net https://bpb.opendns.com https://brigstoneapp.com https://cdn.cookielaw.org https://cdn.dashhudson.com https://cdn.evgnet.com https://cdn.jsdelivr.net https://cdn.tt.omtrdc.net https://cdn.uplift-platform.com https://clinmaid.com https://code.jquery.com https://connect.facebook.net https://content.presspage.com https://control.motionpoint.com https://ct.pinterest.com https://d.line-scdn.net https://d35u1vg1q28b3w.cloudfront.net https://edge.approachguides.com https://firewall-nas.thompsontradingco.com https://fkd7.g4ui.com https://geolocation.onetrust.com https://get663.com https://googleads.g.doubleclick.net https://he70.82omyo.com https://hublosk.com https://i7sqe0.82omyo.com https://images.uc.cn https://includes.ccdc02.com https://includestest.ccdc02.com https://jullyambery.net https://login.dotomi.com https://manager.presspage.com https://maps.googleapis.com https://meltwaternews.com https://mpsnare.iesnare.com https://ncl.secure.force.com https://ncl.usablenet.com https://nclh--test.sandbox.my.salesforce-sites.com https://nclh.my.salesforce-sites.com https://nicola-ncla40-a40.udev1a.net https://norwegiancruiseline.mpeasylink.com https://p11.techlab-cdn.com https://pixel.admedia.com https://pixel.quantserve.com https://platform.linkedin.com https://platform.twitter.com https://player.vimeo.com https://portal.bitglass.com https://s.go-mpulse.net https://s.pinimg.com https://s.uicdn.com https://s.yimg.jp https://s.yjtag.jp https://s.ytimg.com https://sc-static.net https://script.crazyegg.com https://script.hotjar.com https://secure.shoptimizelymac.com https://security-us.mimecast.com https://service.force.com https://snap.licdn.com https://sofz9.82omyo.com https://songbird.cardinalcommerce.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.formstack.com https://static.hotjar.com https://static.lightning.force.com https://t.contentsquare.net https://tag.uplift.com https://tags.tiqcdn.com https://toolsmagick.com https://tr.snapchat.com https://track.searchignite.com https://tracksmall.com https://ucads-cdn.ucweb.com https://utt.impactcdn.com https://vd.vidoplay.com https://view.atdmt.com https://webgateway.sanepar.com.br https://www.google.co.in https://www.google.com https://www.google.com.au https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.instagram.com https://www.ncl.com.mx https://www.pagespeed-mod.com https://www.uplift-platform.com https://www.xing-share.com https://www.youtube.com https://xeldurap.peazheut.com https://xeroxlogo.s3.amazonaws.com https://xo5q6.g4ui.com https://z7yj.82omyo.com blob:; style-src 'unsafe-inline' 'self' https://*.ncl.com https://cdn.honey.io https://cdn.tt.omtrdc.net https://content.presspage.com https://edge.approachguides.com https://fonts.googleapis.com https://hello.myfonts.net https://manager.presspage.com https://ncl.secure.force.com https://ncl.ugc.bazaarvoice.com https://ncl.usablenet.com https://nclh--test.sandbox.my.salesforce-sites.com https://nclh.my.salesforce-sites.com https://nclh.my.salesforce.com https://nicola-ncla40-a40.udev1a.net https://norwegiancruiseline.mpeasylink.com https://pwm-image.trendmicro.com https://service.force.com https://static.formstack.com https://www.gstatic.com https://www.motionpoint.com https://www.ncl.com.mx https://www.xing-share.com blob:; img-src 'self' https://*.acsbap.com https://*.acsbapp.com https://*.akstat.io https://*.bazaarvoice.com https://*.cloudfront.net https://*.gstatic.com https://*.iperceptions.com https://*.ispot.tv https://*.liadm.com https://*.linkedin.com https://*.ncl.com https://*.picsum.photos https://*.presspage.com https://*.taboola.com https://*.yahoo.co.jp https://aa.agkn.com https://aa.trkn.us https://accounts.google.com https://acsbap.com https://acsbapp.com https://ad.doubleclick.net https://adservice.google.com https://analytics.convertlanguage.com https://analytics.google.com https://analytics.tiktok.com https://analytics.twitter.com https://api.datasteam.io https://api.dtstmio.com https://api.fillr.com https://bat.bing.com https://brigstoneapp.com https://c.az.contentsquare.net https://cdn.approachguides.co https://cdn.cookielaw.org https://cdn.dashhudson.com https://cdn.exchmapdata.com https://cdn.honey.io https://cm.everesttech.net https://cm.g.doubleclick.net https://connect.facebook.net https://ct.pinterest.com https://dev.day.com https://dpm.demdex.net https://ecdn.teacherspayteachers.com https://etc.roboform.com https://googleads.g.doubleclick.net https://i.ebayimg.com https://i.liadm.com https://i.ytimg.com https://ib.adnxs.com https://idxch.rtactivate.com https://images.booksense.com https://images.dashhudson.com https://img.youtube.com https://insight.adsrvr.org https://l.contentsquare.net https://lh3.google.com https://lh3.googleusercontent.com https://likeshop.me https://m.media-amazon.com https://maps.googleapis.com https://match.adsrvr.org https://mm-static.mustcheck.com https://nclh--c.na100.content.force.com https://nclh.file.force.com https://nclncbeprod.112.2o7.net https://norwegiancruiseline.112.2o7.net https://picsum.photos https://pixel.rubiconproject.com https://pt.ispot.tv https://pubads.g.doubleclick.net https://px.ads.linkedin.com https://region1.analytics.google.com https://rockysandstudio.com https://s1.npass.app https://ssl.google-analytics.com https://sstat.ncl.com https://static.formstack.com https://stats.g.doubleclick.net https://sync.intentiq.com https://syncv4.intentiq.com https://t.co https://t.uimserv.net https://tag.uplift.com https://toolsmagick.com https://tpc.googlesyndication.com https://tpcs.payu.in https://tr.line.me https://tracksmall.com https://translate.google.com https://ucgfk6g6s7.execute-api.us-east-1.amazonaws.com https://uconnect.tealiumiq.com https://useast-www.securly.com https://www.adbstr.com https://www.facebook.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.ca https://www.google.cg https://www.google.ch https://www.google.cl https://www.google.cm https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kz https://www.google.la https://www.google.li https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mk https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sr https://www.google.tn https://www.google.tt https://www.google.ws https://www.googleadservices.com https://www.googletagmanager.com https://www.gritcitybooks.com https://www.motionpoint.com https://www.ncl.com https://www.ncl.com.mx https://www.securly.com https://www.uplift-platform.com blob: data:; font-src 'self' https://*.ncl.com https://assets.tailwindapp.com https://cdn.scite.ai https://content.presspage.com https://fonts.cdnfonts.com https://fonts.gstatic.com https://images.simplycodes.com https://likeshop.me https://mm-static.mustcheck.com https://pouch-global-font-assets.s3.eu-central-1.amazonaws.com https://shopping.qantas.com https://static.formstack.com https://use.typekit.net https://www.slant.co data:; frame-ancestors 'self' https://*.motionpoint.com https://*.ncl.com https://www.ncl.com.mx; worker-src 'self' blob:; object-src 'self'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=puba307841645eaebf9edbc94ad5efbd926&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=ncl-prod; report-to dd-endpoint; 1
object-src 'none'; connect-src 'self' https://www.google-analytics.com https://api.mapbox.com; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com; default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.google-analytics.com *.googleusercontent.com https://www.googletagmanager.com; report-uri /api/csp-report 1
default-src 			'self'; 		style-src 			'self' 'unsafe-inline' https://*.semikron-danfoss.com https://*.semikron.com https://www.googletagmanager.com https://fonts.googleapis.com; 		img-src 			'self' data: https://*.semikron-danfoss.com https://*.semikron.com https://cdn.cookielaw.org; 		media-src 			'self' https://*.semikron-danfoss.com https://*.semikron.com; 		script-src 			'self' 'unsafe-inline' https://*.semikron-danfoss.com https://*.semikron.com 'unsafe-eval' https://cdn.cookielaw.org https://www.googletagmanager.com https://www.youtube.com; 		connect-src 			'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-eu.onetrust.com https://region1.google-analytics.com; 		font-src 			'self' https://*.semikron-danfoss.com https://*.semikron.com https://fonts.googleapis.com https://fonts.gstatic.com; 		frame-src 			'self' https://www.youtube.com https://www.youtube-nocookie.com *.youku.com https://s3.amazonaws.com; 		frame-ancestors 			'self'; 		object-src 			'none' 1
default-src 'self' https://matomo.protectuk.police.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.protectuk.police.uk https://cdn.jsdelivr.net https://js-agent.newrelic.com https://bam.nr-data.net https://api.reciteme.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.protectuk.police.uk https://cdn.jsdelivr.net https://js-agent.newrelic.com https://bam.nr-data.net https://api.reciteme.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://api.reciteme.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://api.reciteme.com; img-src 'self' 'unsafe-inline' data: https://matomo.protectuk.police.uk https://api.reciteme.com; media-src 'self' https://api.reciteme.com; frame-src 'self' https://*.protectuk.police.uk https://protectuk.police.uk; child-src 'self' https://*.protectuk.police.uk; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://themes.googleusercontent.com https://api.reciteme.com; connect-src 'self' https://*.protectuk.police.uk https://bam.nr-data.net https://api.reciteme.com https://stats.reciteme.com https://events.reciteme.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' *.ford-koegler.de *.ddev.site; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ford-koegler.de *.ddev.site *.youtube.com *.usercentrics.eu *.googletagmanager.com *.google-analytics.com *.igodigital.com *.tvsquared.com *.facebook.net *.vercel-insights.com sleeknotecustomerscripts.sleeknote.com *.doubleclick.net *.googleoptimize.com *.google.com *.gstatic.com *.leadinfo.net *.vercel-scripts.com; style-src 'self' 'unsafe-inline' *.ford-koegler.de *.ddev.site; font-src 'self' *.ford-koegler.de *.ddev.site; img-src 'self' 'unsafe-eval' data: *; media-src 'self' *.ford-koegler.de *.ddev.site *.youtube.com *.googlevideo.com d1rinvh86ghtl4.cloudfront.net; connect-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.ford-koegler.de *.ddev.site *.youtube.com *.usercentrics.eu *.googletagmanager.com *.google-analytics.com *.igodigital.com *.tvsquared.com *.facebook.net *.vercel-insights.com *.youtube.com *.googlevideo.com d1rinvh86ghtl4.cloudfront.net d1o0h11u4diybn.cloudfront.net *.usercentrics.eu *.igodigital.com data:; frame-src *.facebook.com *.youtube-nocookie.com *.google.com; 1
default-src 'nonce-e92f6adeb68ec503272cee99386657c0' 'self' *.vanheusenindia.com *.yellowmessenger.com *.trendin.com *.abfrl.net *.abfrl.in *.paytm *.louisphilippe.com *.reebok.in *.aeo.in *.forever21.in *.simoncarter.in *.peterengland.com *.allensolly.com *.gstatic.com data:; img-src * 'self' https://*.akstat.io vanhuesenindia.imgix.net blob: data:;script-src 'self' assets.abfrlcdn.com *.google.com pantaloons.imgix.net tr.snapchat.com tags.creativecdn.com asia.creativecdn.com *.artfut.com zailaf.org *.yellowmessenger.com tsm.s3g6.com retag.crossdevicetracking.com static-cdn.trackier.com wd-ret.io in1.clevertap-prod.com https://*.go-mpulse.net trc.taboola.com targetinng.com rtb-global.com webtrafficsource.com i.l-dsp.inmobicdn.net cdn.taboola.com go-mpulse.net sc-static.net sdk.rsut.io router.paytm.in stage-router.paytm.in securegw-stage.paytm.in *.paytm.com *.paytm.in *.amazonaws.com *.wizrocket.com *.criteo.com *.criteo.net *.googleapis.com *.resu.io sdk.resu.io cdnjs.cloudflare.com *.adobedtm.com *.gstatic.com *.primeai1.org *.primeai.co.uk *.primeai3.in *.jquery.com *.facebook.net *.google.com *.googleapis.com *.cloudfront.net *.hotjar.com *.contentsquare.net *.google-analytics.com *.bing.com *.streamoid.com *.googleadservices.com *.abfrl.in *.abfrl.net *.trendin.com *.vanheusenindia.com *.louisphilippe.com *.peterengland.com *.allensolly.com google.com *.googletagmanager.com *.usersnap.com *.clevertap.com *.adobedtm.com *.wzrkt.com 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.crazyegg.com; connect-src 'self' *.tryndbuy.com widget.usersnap.com wd-ret.io targetinng.com asia.creativecdn.com tr.snapchat.com wss://cloud.yellow.ai *.forever21.in *.simoncarter.in *.reebok.in *.aeo.in *.yellow.ai *.paytm.in *.akamaihd.net wss://stage-router.paytm.in wss://router.paytm.in wss://securegw-stage.paytm.in wss://securegw.paytm.in *.taboola.com wss://websoc.resu.io http://abfrl.com/ *.google.com *.google.co.in *.criteo.com rtb-global.com webtrafficsource.com https://*.akstat.io https://*.go-mpulse.net cdn.taboola.com *.adobedc.net in1.wzrkt.com apis.google.com *.googletagmanager.com *.abfrl.in *.abfrl.net *.trendin.com assets.trendin.com assets.abfrlcdn.com use.typekit.net *.gstatic.com *.facebook.com pantaloons.imgix.net bat.bing.com *.hotjar.io geolocation-db.com *.hotjar.com *.googleapis.com *.primeai.co.uk *.primeai1.org *.primeai3.in http://integration.richrelevance.com/* http://integration.richrelevance.com http://recs.richrelevance.com/* http://recs.richrelevance.com *.richrelevance.com *.amazonaws.com *.wizrocket.com adityabirlafashion.sc.omtrdc.net *.google-analytics.com *.forever21.in *.simoncarter.in *.reebok.in *.aeo.in *.vanheusenindia.com *.louisphilippe.com *.peterengland.com *.allensolly.com *.doubleclick.net *.demdex.net *.adobeaemcloud.com nodeserver.sdk.streamoid.com *.elastic-cloud.com *.crazyegg.com sdk.resu.io cdnjs.cloudflare.com *.clickpost.in; style-src 'self' 'unsafe-inline' *.google.com accounts.google.com *.abfrl.in *.abfrl.net *.yellowmessenger.com *.paytm.in *.trendin.com *.primeai.co.uk *.primeai1.org *.primeai3.in *.crazyegg.com *.streamoid.com *.googleapis.com nodeserver.sdk.streamoid.com *.typekit.net; media-src 'self' 'unsafe-eval' 'unsafe-inline' *.adobeaemcloud.com *.typekit.net *.abfrl.in *.abfrl.net *.trendin.com  *.elastic-cloud.com *.scene7.com assets.abfrlcdn.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' zailaf.org tr.snapchat.com *.paytm.in afftracer.g2afse.com tsm.s3g6.com tracking.icubeswire.co static.criteo.net *.amazon-adsystem.com *.criteo.com *.amazonaws.com *.wizrocket.com *.facebook.com accounts.google.com *.doubleclick.net *.demdex.net *.hotjar.com *.abfrl.in *.abfrl.net *.trendin.com *.youtube.com; child-src pantaloons.imgix.net *.googleapis.com; worker-src localhost:3000 blob: *.vanheusenindia.com *.abfrl.in *.abfrl.net *.louisphilippe.com *.peterengland.com *.allensolly.com; prefetch-src  *.googleapis.com *.abfrl.in assets.abfrlcdn.com imagescdn.abfrl.in connect.facebook.net cdn.yellowmessenger.com script.crazyegg.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' app.koofr.net; navigate-to 'self' app.koofr.net; 1
style-src 'unsafe-inline' 'self' https://*.typekit.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://*.hospitalitysem.com https://*.sorryapp.com https://*.fontawesome.com https://*.googleapis.com https://*.vizergy.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.bing.com https://*.facebook.com https://*.facebook.net https://*.demdex.net https://*.everesttech.net https://*.vizergy.com https://*.hospitalitysem.com https://*.googletagmanager.com https://*.doubleclick.net https://*.twitter.com https://*.pinterest.com https://*.sorryapp.com https://*.googleapis.com https://*.zi-scripts.com https://ws.zoominfo.com; default-src 'self' https://*.typekit.net https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.bing.com https://*.facebook.com https://*.facebook.net https://*.demdex.net https://*.everesttech.net https://*.vizergy.com https://*.hospitalitysem.com https://player.vimeo.com  https://*.googletagmanager.com https://*.doubleclick.net https://*.twitter.com https://*.pinterest.com https://*.sorryapp.com https://*.fontawesome.com https://*.googleapis.com https://*.fbcdn.net https://*.cdninstagram.com https://*.googleusercontent.com https://www.youtube.com https://*.zi-scripts.com https://ws.zoominfo.com data: 1
default-src * 'unsafe-inline'; img-src http://* https://* data:; child-src 'none'; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://* data:; frame-src https://*; worker-src https://* blob:; 1
default-src 'self' https://www.all-connect.net; img-src 'self' data: https://s.w.org https://ps.w.org; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; worker-src 'self' https://www.all-connect.net; frame-ancestors 'self' 1
default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.googleapis.com www.google.com www.gstatic.com *.googlesyndication.com www.googletagmanager.com connect.facebook.net js-agent.newrelic.com accounts.google.com *.googleadservices.com adservice.google.com adservice.google.com.pk googleads.g.doubleclick.net bam.nr-data.net onesignal.com *.onesignal.com; connect-src 'self' *.peekaboo.guru www.google-analytics.com maps.gstatic.com maps.googleapis.com pagead2.googlesyndication.com stats.g.doubleclick.net accounts.google.com bam.nr-data.net; img-src 'self' data: d2liqplnt17rh6.cloudfront.net www.google-analytics.com *.googleapis.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com www.facebook.com www.google.com www.google.com.pk googleads.g.doubleclick.net www.googleadservices.com pagead2.googlesyndication.com peekaboo-guru.s3-ap-southeast-1.amazonaws.com sp-ao.shortpixel.ai secure.gravatar.com https://peekaboo.guru https://*.peekaboo.guru; media-src 'self' d2liqplnt17rh6.cloudfront.net; style-src 'self' 'unsafe-inline' *.googleapis.com accounts.google.com onesignal.com *.onesignal.com; font-src 'self' d2liqplnt17rh6.cloudfront.net *.gstatic.com cdn.rawgit.com cdn.jsdelivr.net; frame-src 'self' https://peekaboo.guru https://*.peekaboo.guru www.facebook.com *.doubleclick.net tpc.googlesyndication.com www.google.com accounts.google.com; frame-ancestors https://peekaboo.guru https://*.peekaboo.guru https://zsajjad-93.firebaseapp.com; 1
default-src * data: 'unsafe-eval' 'unsafe-inline'; connect-src * data: blob: 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self'; base-uri 'self' holdemmanager.com; script-src 'self' https://cdn.holdemmanager.com https://affiliate.maxvaluesoftware.com https://cdnjs.cloudflare.com 'sha256-Ex177XxTzDxvnFfQ3vjCgh7rB5jPURepPErhXOOL2IY=' 'sha256-1JsKp7KkQC0HkPxNJYUOYVUwAmmrxeC8nalU75BtG7U=' holdemmanager.com *.holdemmanager.com 'unsafe-eval' https://player.vimeo.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.holdemmanager.com https://cdnjs.cloudflare.com; img-src 'self' holdemmanager.com *.holdemmanager.com; connect-src 'self'; font-src 'self' https://fonts.google.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://use.fontawesome.com holdemmanager.com *.holdemmanager.com; object-src 'none'; media-src 'self' holdemmanager.com *.holdemmanager.com; frame-src  https://player.vimeo.com https://www.youtube.com; worker-src 'none'; form-action 'self' 'self' holdemmanager.com *.holdemmanager.com; frame-ancestors 'none', 1
default-src 'self' ; img-src 'self' data: matchbox.hepdata.com doublethedonation.com *.google-analytics.com *.adsymptotic.com *.linkedin.com *.azure.net *.windows.net *.facebook.net *.facebook.com *.twimg.com *.twitter.com *.instructure.com *.instructuremedia.com *.canvas-user-content.com;  script-src 'self' data:  blob: 'unsafe-eval' 'unsafe-inline' *.yourgamecam.com *.wowza.com doublethedonation.com matchbox.hepdata.com *.google-analytics.com *.oribi.io *.googletagmanager.com *.licdn.com *.linkedin.com *.azure.net *.windows.net *.facebook.net *.facebook.com *.twimg.com *.twitter.com *.youtube.com *.google.com *.gstatic.com;  worker-src 'self' data:  blob: 'unsafe-eval' 'unsafe-inline' *.azure.net *.windows.net *.facebook.net *.facebook.com *.twimg.com *.twitter.com *.youtube.com *.google.com *.gstatic.com;  style-src 'self' data: 'unsafe-inline' *.wowza.com doublethedonation.com matchbox.hepdata.com *.googleapis.com *.azure.net *.windows.net *.facebook.net *.facebook.com *.twimg.com *.twitter.com;  font-src 'self' data: matchbox.hepdata.com *.gstatic.com *.azure.net *.windows.net;  frame-src 'self' *.bcp.org *.yourgamecam.com *.sharepoint.com *.issuu.com matchbox.hepdata.com massinteract.com sway.cloud.microsoft *.azure.net *.windows.net *.facebook.net *.facebook.com *.twimg.com *.twitter.com *.youtube.com *.google.com *.gstatic.com *.microsoftstream.com;  object-src 'none';  frame-ancestors 'self' bcp.org *.bcp.org; connect-src 'self' *.bcp.org *.wowza.com doublethedonation.com matchbox.hepdata.com *.oribi.io *.azure.net *.windows.net;  form-action 'self' https://*.bcp.org https://*.ravenna-hub.com;  media-src 'self' blob: *.wowza.com *.azure.net *.windows.net *.instructure.com *.instructuremedia.com *.canvas-user-content.com; 1
default-src 'self' cdn.wcc.witt-international.cz https://cdn.wcc.witt-international.cz/graphql;    base-uri 'self' widget.solvemate.com;    font-src 'self' cdn.wcc.witt-international.cz https://fonts.gstatic.com data: widget.solvemate.com *.dixa.io;    img-src * data:;    connect-src 'self' https://cdn.wcc.witt-international.cz/graphql cdn.wcc.witt-international.cz cdn.witt.info/ https://images.ctfassets.net te.witt-international.cz tp.witt-international.cz wasp.witt-international.cz wst.witt-international.cz https://*.analytics.google.com https://*.facebook.com https://*.contentsquare.net https://*.my.onetrust.eu https://*.google-analytics.com https://bat.bing.com eu-witt-gruppe-prod1.mini.snplow.net https://www.google-analytics.com https://www.jsctool.com https://adservice.google.com/pagead/ https://graphql.contentful.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://geolocation.onetrust.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ https://*.creativecdn.com https://*.googlesyndication.com https://*.optimizely.com ct.pinterest.com https://jsctool.com checkout-cdn.aboutyou.cloud checkout-v3.wcc.witt-international.cz https://*.ingest.sentry.io api.solvemate.com widget.solvemate.com relay.solvemate.com *.dixa.io wss://sockets.dixa.io  https://maps.googleapis.com;    object-src 'none';    child-src blob: ;    script-src * 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.paypal.com blob: *.dixa.io;    style-src 'self' cdn.wcc.witt-international.cz https://www.googletagmanager.com https://fonts.googleapis.com 'unsafe-inline' d.witt-international.cz checkout-cdn.aboutyou.cloud https://*.adyen.com https://*.paypal.com blob: widget.solvemate.com *.dixa.io;    frame-src 'self' checkout-v3.wcc.witt-international.cz https://*.awin1.com https://*.criteo.net https://*.criteo.com https://*.adrtx.net https://*.contentsquare.net https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://dmp.theadex.com https://5127363.fls.doubleclick.net https://12769738.fls.doubleclick.net https://www.jsctool.com https://creativecdn.com/ https://fledge-eu.creativecdn.com/ https://tbs.tradedoubler.com/ https://survey2.quantilope.com/ https://*.adyen.com https://*.paypal.com https://*.computop-paygate.com blob: *.dixa.io;    media-src 'self' cdn.wcc.witt-international.cz cdn.witt.info/ https://images.ctfassets.net https://videos.ctfassets.net https://www.youtube.com https://witt-gruppe-res.cloudinary.com *.dixa.io;    manifest-src 'self' cdn.wcc.witt-international.cz *.dixa.io;    worker-src 'self' cdn.wcc.witt-international.cz blob:;    form-action 'self' www.facebook.com;    block-all-mixed-content;    frame-ancestors 'self' https://app.contentful.com;    sandbox allow-scripts allow-forms allow-same-origin allow-top-navigation allow-popups allow-popups-to-escape-sandbox allow-modals; 1
frame-ancestors *.is0.org https://reflectors.m17.link 1
default-src 'self' 'unsafe-inline' ajax.googleapis.com fonts.googleapis.com www.googletagmanager.com rum-static.pingdom.net connect.facebook.net fonts.gstatic.com www.googleadservices.com www.facebook.com doubleclick.net www.google-analytics.com resources.xg4ken.com cdn.krxd.net up.pixel.ad bcp.crwdcntrl.net adservice.google.com s.pinimg.com pixel-a.basis.net pixel.sitescout.com www.google.com ct.pinterest.com consumer.krxd.net 8788596.fls.doubleclick.net googleads.g.doubleclick.net beacon.krxd.net rum-collector-2.pingdom.net beacon.krxd.net stats.g.doubleclick.net bid.g.doubleclick.net public.tableau.com accounts.google.com calendar.google.com stackpath.bootstrapcdn.com; 1
default-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' * 'unsafe-inline' data: ; script-src * 'unsafe-inline' 'unsafe-eval'  1
font-src 'self' data: *.hinrichfoundation.com; img-src 'self' data: *; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.linkedin.com *.googleadservices.com *.licdn.com *.ads-twitter.com *.twitter.com *.hubapi.com *.hubspot.com *.hotjar.io *.hs-banner.com *.hsadspixel.net *.hsleadflows.net *.hs-analytics.net *.addthisedge.com *.moatads.com *.addthis.com *.hs-scripts.com *.hotjar.com *.hinrichfoundation.com *.google.com *.maps.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.facebook.com *.facebook.net *.akamaihd.net *.fbcdn.net *.google-analytics.com *.pinterest.com *.twitter.com *.youtube.com *.cloudflare.com *.doubleclick.net *.windows.net *.piktochart.com https://static.addtoany.com; 1
frame-ancestors 'self' banco.bradesco financiamentos.bradesco wspf.bradesco.com.br wspf.banco.bradesco wspj.bradescopessoajuridica.com.br institucional.bradesco.com.br bradescoseguranca.com.br; 1
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://*.sirv.com https://cdn.soft8soft.com https://*.se.com http://*.usersnap.com https://sisense.dev https://trackcmp.net https://prism.app-us1.com https://diffuser-cdn.app-us1.com https://www.googleadservices.com https://cdn.behamics.com https://cdn.mouseflow.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com/ https://widget.trustpilot.com/ https://assets.onfido.com/ https://sdk.onfido.com/ https://cdnjs.cloudflare.com/ https://vm.providesupport.com/ https://snap.licdn.com/ https://s.adroll.com/ https://www.googletagmanager.com/ https://d.adroll.com/ https://messenger.providesupport.com/ https://d.adroll.mgr.consensu.org/ https://cdn.jsdelivr.net/ https://code.jquery.com/ https://www.google.com/ https://cdn.segment.com/ https://static.klaviyo.com/ https://static-tracking.klaviyo.com/ https://consentcdn.cookiebot.com/ https://consent.cookiebot.com/ https://tagmanager.google.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://image.providesupport.com/ https://browser-update.org/ https://www.googleadservices.com/ https://ajax.googleapis.com/ https://apis.google.com/ https://cdnjs.cloudflare.com/ https://s3.amazonaws.com/ https://ssl.google-analytics.com https://ssl.gstatic.com https://www.googleadservices.com https://*.hotjar.com https://*.hotjar.io https://*.facebook.net https://*.facebook.com https://*.bing.com; img-src 'self' blob: https://ads.yahoo.com/ https://qrcode.tec-it.com/ https://px.ads.linkedin.com/ https://d3k81ch9hvuctc.cloudfront.net/ https://googleads.g.doubleclick.net/ https://play-lh.googleusercontent.com/ https://x.bidswitch.net/ https://imgsct.cookiebot.com/ https://ib.adnxs.com/ https://idsync.rlcdn.com/ https://us-u.openx.net/ https://d.adroll.com/ https://www.google.ie/ https://code.jquery.com/ data: https://chart.googleapis.com/ https://www.google-analytics.com/ https://image.providesupport.com/ https://stats.g.doubleclick.net/ https://ssl.gstatic.com/ https://s3.amazonaws.com/ https://www.google.com/ https://www.google.nl/ https://*.hotjar.com https://*.hotjar.io https://*.facebook.net https://*.facebook.com https://*.bing.com; style-src 'self' 'unsafe-inline' https://code.jquery.com/ https://assets.onfido.com/ https://cdnjs.cloudflare.com/ https://static-tracking.klaviyo.com/ https://www.gstatic.com/ https://fonts.googleapis.com/ https://sdk.onfido.com/ https://static.klaviyo.com/ https://www.google.com/ https://ajax.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://*.hotjar.com https://*.hotjar.io https://*.facebook.net https://*.facebook.com https://*.bing.com; font-src 'self' https://maxcdn.bootstrapcdn.com/ https://static.klaviyo.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com https://*.hotjar.com https://*.hotjar.io https://*.facebook.net https://*.facebook.com https://*.bing.com; frame-src 'self' https://www.youtube.com/ https://vm.providesupport.com/ https://widget.trustpilot.com/ https://consentcdn.cookiebot.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://www.google.nl/ https://apis.google.com/ https://accounts.google.com/ https://*.hotjar.com https://*.hotjar.io https://*.facebook.net https://*.facebook.com https://*.bing.com; object-src 'self' https://*.hotjar.com https://*.hotjar.io https://*.facebook.net https://*.facebook.com https://*.bing.com; connect-src 'self' https://api.segment.io/ https://www.google-analytics.com/ https://*.hotjar.com https://*.hotjar.io https://*.facebook.net https://api.onfido.com/ https://chatapi.providesupport.com/ wss://sync.onfido.com/ https://*.klaviyo.com/ https://*.cookiebot.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://region1.analytics.google.com/ https://googleads.g.doubleclick.net/ https://px.ads.linkedin.com/ https://www.google.com/ https://*.facebook.com https://cdn.segment.com/ https://*.bing.com 1
frame-ancestors 'self' https://tickets.fmf.md;  1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.google-analytics.com *.vo.msecnd.net privacyportal.cookiepro.com cookie-cdn.cookiepro.com cookiepro.blob.core.windows.net www.googletagmanager.com channel.me fonts.googleapis.com code.jquery.com www.google.com fonts.gstatic.com www.gstatic.com www.google-analytics.com; connect-src 'self' *.google-analytics.com privacyportal.cookiepro.com cookie-cdn.cookiepro.com geolocation.onetrust.com www.google-analytics.com dc.services.visualstudio.com auth.prod.tapico.io store.embark.prod.tapico.io services.postcodeanywhere.co.uk api.addressy.com store.scottishwidowsplatform.prod.tapico.io; frame-src 'self' auth.prod.tapico.io identity.embark.prod.tapico.io store.embark.prod.tapico.io *.cybersource.com channel.me www.google.com identity.scottishwidowsplatform.prod.tapico.io store.scottishwidowsplatform.prod.tapico.io; 1
base-uri 'self'; object-src 'none'; form-action 'self' https:; frame-ancestors 'self'; default-src 'self'  https://*.giosg.com https://*.giosgusercontent.com https://*.interactions.giosgusercontent.com https://*.clients.giosgusercontent.com https://*.googleoptimize.com/ https://*.googleapis.com https://*.cookiebot.com/ https://www.google.com/pagead/ https://analytics.puhti.fi/g/ https://td.doubleclick.net/ https://www.googletagmanager.com/ https://fonts.gstatic.com/; connect-src 'self'  https://analytics.google.com https://at.puhti.fi https://*.getsitectrl.com/ https://*.getsitecontrol.com https://*.wistia.com  https://geo.wpforms.com https://*.g.doubleclick.net https://*.clarity.ms https://*.facebook.com https://*.google-analytics.com https://fg8vvsvnieiv3ej16jby.litix.io/ https://api.mypurecloud.de wss://*.mypurecloud.de/ https://*.mypurecloud.com/ https://*.adroll.com https://www.puhti.fi https://service.giosg.com https://glitchtip.jco.fi/ https://cdn.linkedin.oribi.io https://px.ads.linkedin.com/ https://adservice.google.com https://services.paytrail.com https://*.paytrail.com https://*.googlesyndication.com https://*.giosg.com https://*.giosgusercontent.com https://*.interactions.giosgusercontent.com https://*.clients.giosgusercontent.com https://*.googleoptimize.com/ https://*.googleapis.com https://*.cookiebot.com/ https://www.google.com/pagead/ https://analytics.puhti.fi/g/ https://td.doubleclick.net/ https://www.googletagmanager.com/ https://fonts.gstatic.com/; font-src 'self' data:  https://fonts.gstatic.com https://use.fontawesome.com/ https://*.giosg.com https://*.giosgusercontent.com https://*.interactions.giosgusercontent.com https://*.clients.giosgusercontent.com https://*.googleoptimize.com/ https://*.googleapis.com https://*.cookiebot.com/ https://www.google.com/pagead/ https://analytics.puhti.fi/g/ https://td.doubleclick.net/ https://www.googletagmanager.com/ https://fonts.gstatic.com/; frame-src 'self'  https://www.youtube.com https://*.facebook.com https://www.google.com/maps/ https://*.livechatinc.com/ https://*.openstreetmap.fr/ https://optimize.google.com https://service.giosg.com https://*.giosgusercontent.com https://*.g.doubleclick.net https://*.giosg.com https://*.giosgusercontent.com https://*.interactions.giosgusercontent.com https://*.clients.giosgusercontent.com https://*.googleoptimize.com/ https://*.googleapis.com https://*.cookiebot.com/ https://www.google.com/pagead/ https://analytics.puhti.fi/g/ https://td.doubleclick.net/ https://www.googletagmanager.com/ https://fonts.gstatic.com/; img-src 'self' data:  https://*.wistia.com https://*.getsitecontrol.com https://*.wistia.net https://secure.gravatar.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.google.fi https://*.googletagmanager.com https://*.trackmytarget.com https://i.ytimg.com https://optimize.google.com https://*.clarity.ms/ https://*.bing.com/ https://*.adroll.com https://ads.yahoo.com https://*.bidswitch.net https://*.adnxs.com https://*.openx.net https://*.g.doubleclick.net https://*.paytrail.com/ https://*.taboola.com/ https://*.readpeak.com/ https://cdn.giosgusercontent.com/ https://px.ads.linkedin.com/ https://www.puhti.fi/ https://s.w.org/ https://www.puhti.fi https://maps.gstatic.com/ https://*.linkedin.com https://*.googlesyndication.com https://pixel.wp.com/ https://*.giosg.com https://*.giosgusercontent.com https://*.interactions.giosgusercontent.com https://*.clients.giosgusercontent.com https://*.googleoptimize.com/ https://*.googleapis.com https://*.cookiebot.com/ https://www.google.com/pagead/ https://analytics.puhti.fi/g/ https://td.doubleclick.net/ https://www.googletagmanager.com/ https://fonts.gstatic.com/; media-src 'self'  blob: https://*.wistia.com/ https://*.giosg.com https://*.giosgusercontent.com https://*.interactions.giosgusercontent.com https://*.clients.giosgusercontent.com https://*.googleoptimize.com/ https://*.googleapis.com https://*.cookiebot.com/ https://www.google.com/pagead/ https://analytics.puhti.fi/g/ https://td.doubleclick.net/ https://www.googletagmanager.com/ https://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://cdn.adt328.com https://*.facebook.net https://diffuser-cdn.app-us1.com https://*.wistia.net https://*.wistia.com https://googleads.g.doubleclick.net https://*.getsitecontrol.com https://prism.app-us1.com https://trackcmp.net https://*.clarity.ms https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.livechatinc.com https://*.trackmytarget.com https://www.youtube.com https://*.googleadservices.com https://puhti.activehosted.com https://*.cloudfront.net https://optimize.google.com https://*.mypurecloud.de https://*.adroll.com https://*.adroll.mgr.consensu.org https://service.giosg.com https://glitchtip.jco.fi/ https://app.readpeak.com/js/rpa.js https://snap.licdn.com/ https://*.giosg.com https://*.giosgusercontent.com https://*.interactions.giosgusercontent.com https://*.clients.giosgusercontent.com https://*.googleoptimize.com/ https://*.googleapis.com https://*.cookiebot.com/ https://www.google.com/pagead/ https://analytics.puhti.fi/g/ https://td.doubleclick.net/ https://www.googletagmanager.com/ https://fonts.gstatic.com/; style-src 'self' 'unsafe-inline' 'unsafe-eval'  https://optimize.google.com https://*.adroll.com https://service.giosg.com https://use.fontawesome.com/ https://*.giosg.com https://*.giosgusercontent.com https://*.interactions.giosgusercontent.com https://*.clients.giosgusercontent.com https://*.googleoptimize.com/ https://*.googleapis.com https://*.cookiebot.com/ https://www.google.com/pagead/ https://analytics.puhti.fi/g/ https://td.doubleclick.net/ https://www.googletagmanager.com/ https://fonts.gstatic.com/; worker-src 'self'  blob: https://*.giosg.com https://*.giosgusercontent.com https://*.interactions.giosgusercontent.com https://*.clients.giosgusercontent.com https://*.googleoptimize.com/ https://*.googleapis.com https://*.cookiebot.com/ https://www.google.com/pagead/ https://analytics.puhti.fi/g/ https://td.doubleclick.net/ https://www.googletagmanager.com/ https://fonts.gstatic.com/; report-uri https://glitchtip.jco.fi/api/12/security/?glitchtip_key=f82ca5cefcc748238cd6d10284a92342; report-to glitchtip 1
default-src 'self' feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com ; manifest-src 'self' feed.pghub.io pandg.tapad.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 1
default-src *;script-src * 'unsafe-inline' 'unsafe-eval' blob:;style-src * 'unsafe-inline';img-src * data: blob:;connect-src * blob:;frame-src *;object-src *;font-src * data:;media-src * blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.rus-news.net https://push.rus-news.net https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://push.rus-news.net https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz https://push.rus-news.net ; 1
block-all-mixed-content; frame-src 'self' https://*.uber.com https://*.ubereats.com http://*.cdn-net.com https://tr.snapchat.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://www.google.com/recaptcha/ https://auth.uberinternal.com https://gumi.criteo.com/ https://mug.criteo.com https://gum.criteo.com https://catalogs.uberinternal.com/ bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net *.optimizely.com; worker-src 'self' blob:; child-src 'self' blob: bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net; connect-src 'self' 'self' https://*.uber.com https://duyt4h9nfnj50.cloudfront.net https://d3fa76b550dpw9.cloudfront.net https://d4p17acsd5wyj.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://dkl8of78aprwd.cloudfront.net https://cn-geo1.uber.com https://d1goeicueq33a8.cloudfront.net https://siteintercept.qualtrics.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://analytics.tiktok.com https://analytics.google.com https://dynamic.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://sslwidget.criteo.com https://tr.snapchat.com https://app.paypay.ne.jp https://stg.paypay-corp.co.jp https://image.paypay.ne.jp https://d1g1f25tn8m2e6.cloudfront.net https://www.google.com/pagead/landing https://googleads.g.doubleclick.net/pagead/landing https://dyguxp1m9tbrw.cloudfront.net https://u-vsm.tmobiapi.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://maps.googleapis.com https://www.gstatic.com https://44.238.122.172 https://100.20.58.101 https://35.85.84.151 https://44.228.85.26 https://34.215.155.61 https://35.160.46.251 https://52.71.121.170 https://18.210.229.244 https://44.212.189.233 https://3.212.39.155 https://52.22.50.55 https://54.156.2.105 events.uber.com api.mixpanel.com d3i4yxtzktqr9n.cloudfront.net *.optimizely.com *.google-analytics.com *.tealiumiq.com *.demdex.net https://api-js.mixpanel.com; manifest-src 'self' https://*.uber.com; form-action 'self' https://tr.snapchat.com https://www.facebook.com/tr/ https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com; frame-ancestors 'self' https://www.nimblerx.com https://static-team-ops.nimbleandsimple.com https://pharma.uber.com http://local.shakeshack.com https://shakeshack.prod.acquia-sites.com https://www.shakeshack.com https://dev.shakeshack.com https://stg.shakeshack.com https://shakeshack.com https://pre-prod.shakeshack.com https://stg-green.shakeshack.com https://stg-alt.shakeshack.com https://front-hml-delivery.azurewebsites.net https://front-dev-delivery.azurewebsites.net https://front-prd-delivery.azurewebsites.net https://deliverycontrol.grupomadero.com.br https://delivery.grupomadero.com.br https://staging-shop.mccolls.co.uk https://shop.mccolls.co.uk https://stoq.shop https://staging.stoq.shop https://admin.stoq.shop https://admin-staging.stoq.shop https://www.gcom.com.br https://www.spoleto.com.br https://www.koni.com.br https://www.lebonton.com.br https://www.gokoni.com https://www.cutthecrap.com.br https://www.risierisoteria.com.br https://www.giustoculinaria.com.br https://www.roomservicedelivery.com.br https://www.strogonosso.com.br https://voalzira.online/ https://voalzira.online/minhaloja https://medmate.com.au https://order.manoosh.com.au https://test.expresskfc.com/ https://expresskfc.com/ https://www.test.expresskfc.com/ https://www.expresskfc.com/ https://kfccostarica.cr/ https://www.kfccostarica.cr/ https://express.dospinos.com/ https://mcstaging.dospinos.com/ https://shopuat.pxpay.com.tw/ https://shop.pxpay.com.tw/ https://app.cocinasocultas.com https://app.foodstarsuk.com https://app.pruebehubster.com https://app.pruebehubster.com.mx https://app.tryhubster.co.uk https://app.tryhubster.com https://app.tryhubster.com.au https://app.tryotter.com https://catalogs.uberinternal.com https://catalogs-staging.uberinternal.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://health-staging.uber.com https://health.uber.com https://admin.restoplus.com https://admin.staging.restoplus.com https://admin.qa1.restoplus.com https://admin.qa2.restoplus.com https://admin.qa3.restoplus.com https://admin.qa4.restoplus.com https://admin.qa5.restoplus.com https://admin.qa6.restoplus.com https://orders.restoplus.com https://orders.staging.restoplus.com https://orders.qa1.restoplus.com https://orders.qa2.restoplus.com https://orders.qa3.restoplus.com https://orders.qa4.restoplus.com https://orders.qa5.restoplus.com https://orders.qa6.restoplus.com https://pos.restoplus.com https://pos.staging.restoplus.com https://pos.qa1.restoplus.com https://pos.qa2.restoplus.com https://pos.qa3.restoplus.com https://pos.qa4.restoplus.com https://pos.qa5.restoplus.com https://pos.qa6.restoplus.com https://beta-shop.cashier.tw https://shop.cashier.tw https://indev-webapp.cashier.tw https://indev-beta-shop.cashier.tw https://indev-shop.cashier.tw https://us-int-office.tabit-int.com https://us-office.tabit-stage.com/auth/login https://us-demo-office.tabit-stage.com https://us-office.tabit.cloud https://foxtrotco.com/tracking https://foxtrotco.com/orderconfirmation https://foxtrotco.com/home https://foxtrotco.com https://app.onhere.com.br https://beta.inline.app https://staging.inline.app https://inline.app https://shane.machinat.dev/ https://app.topcaisse.fr https://ordering.ritas.com http://ordering.ritas.com https://ordering.ritas.stage.demotesturl.net http://ordering.ritas.stage.demotesturl.net https://*.cookiedelivery.com ee.magento.test 245.magento.test uber.improntus.dev https://dev.kfc.co.uk https://qa.kfc.co.uk https://brand.preprod.platform.kfcapi.com/ https://www.kfc.co.uk/ https://qa-kfc-za.eu.cognizantorderservnxtgen.com/ https://dev-kfc-za.eu.cognizantorderservnxtgen.com/ https://uat-kfc-za.eu.cognizantorderservnxtgen.com/ https://perf-kfc-za.eu.cognizantorderservnxtgen.com/ https://pen-kfc-za.eu.cognizantorderservnxtgen.com/ https://betatest.kfc.co.za/ https://order.kfc.co.za/ https://shop.pxgo.com.tw/ https://shopuat.pxpay.com.tw/ https://delivery.jimmybrings.com.au/ https://staging.jimmybrings.com.au/ https://beta.jimmybrings.com.au/ https://49171584-9e6d-4979-ab61-27a301a7e33e-production.au.prd.c.deity.cloud/ https://42d9d738-3eab-441f-91de-1afcd88b770f-acceptance.au.prd.c.deity.cloud/ https://1b8d2377-9260-4384-bc9f-aa1086543c69-test.au.prd.c.deity.cloud/ https://jimmybrings.com.au/ https://www.kfccostarica.cr https://www.kfccostarica.com https://kfccostarica.cr https://kfccostarica.com https://edb-staging.uber.com https://edb.uber.com 'self' quiznos.co.cr https://quiznos.co.cr https://pos.mymealsy.com https://stage.mymealsy.com https://dev.mymealsy.com https://fast.tk3c.com https://fdtest.tk3c.com https://panda-express.wallia.dev https://127.0.0.1:5173/ https://test.tacobellpr.com/ https://test.arcoprueba.com/ https://www.tacobellpr.com/ https://tacobellpr.com/ https://www.kfcpuertorico.com/ https://kfcpuertorico.com/ https://boba.rbteawalnut.com/ https://qjmpdemo.altaineapps.com/ https://stinkerapi.altaineapps.com/ https://mapcoapi.altaineapps.com/ https://loyalty.ritasice.com https://loyalty.stage.demotesturl.net https://loyalty.training.demotesturl.net https://loyalty.dev.demotesturl.net https://web-ordering.test.apps.gyg.com.au/ https://web-ordering.staging.apps.gyg.com.au/ https://order.guzmanygomez.com.au/ https://*.order.staging.apps.gyg.com.au/ https://*.order.test.apps.gyg.com.au/ https://*.order.prod.apps.gyg.com.au https://test-store.deliclever.com/ https://vicio.menu/ https://*.homeriabktest.com https://*.burgerkingemcasa.com https://*.burgerkingencasa.es https://*.windelivery-alsea.com https://*.windelivery.es https://*.windelivery.io https://uboard.ueat.io https://uboard-beta.ueat.io https://uboard-staging.ueat.io https://uboard.ueat.dev *.appspaces.ca *.paidshipping.com *.shiptime.com https://darwinnow.io/ https://darwinfood.com https://ewpf-staging.uber.com/ https://ewpf.uber.com/ https://yurinowqa.azurewebsites.net http://takeaway.sticksnsushi.com https://*.flipdish.com https://*.inovretail.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com 'nonce-941112e1-221b-4f44-998d-963616b926e0' https://bat.bing.com https://*.qualtrics.com https://analytics.twitter.com http://www.googletagservices.com http://*.cdn-net.com https://sc-static.net https://tr.snapchat.com https://*.yjtag.jp https://yjtag.yahoo.co.jp https://b92.yahoo.co.jp https://*.yimg.jp https://*.outbrain.com https://www.redditstatic.com https://analytics.tiktok.com https://dynamic.criteo.com https://static.criteo.net https://sslwidget.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://d4p17acsd5wyj.cloudfront.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://dca.ubereats.com https://phx.ubereats.com https://ln-rules.rewardstyle.com/bookmarklet.js https://dx.mountain.com/spx https://gs.mountain.com/gs https://px.mountain.com/st https://js.adsrvr.org/up_loader.1.1.0.js 'unsafe-eval' script.crazyegg.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com maps.google.com tags.tiqcdn.com beacon.krxd.net cdn.krxd.net cdn.mxpnl.com www.googleadservices.com www.ziprecruiter.com analytics.recruitics.com edge.quantserve.com secure.quantserve.com connect.facebook.net cdn.nanigans.com api.nanigans.com *.adroll.com s.yimg.com sp.analytics.yahoo.com click.app-cast.com i.l.inmobicdn.net *.optimizely.com *.tealiumiq.com *.doubleclick.net static.ads-twitter.com https://www.google-analytics.com https://ssl.google-analytics.com maps.googleapis.com maps.google.com; style-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com https://api.tiles.mapbox.com https://fonts.googleapis.com; report-uri https://csp.uber.com/csp?a=web-eats-v2&ro=false 1
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.youtube.com *.facebook.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.juicer.io *.hijiffy.com *.hotjar.com *.optimonk.com *.pusher.com *.onetrust.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amsoil.com *.amsoil.ca *.amsoilindustrial.com https://amsoilcontent.com https://www.amsoilcontent.com https://cdn.evgnet.com *.evergage.com https://amsoil.us-1.evergage.com https://analytics.amsoil.com https://analytics.amsoil.ca https://analytics.amsoilindustrial.com https://static.cloud.coveo.com https://www.google-analytics.com https://maps.googleapis.com https://assets.sitescdn.net https://realtimeanalytics.yext.com https://cdnjs.cloudflare.com/ *.doubleclick.net https://snap.licdn.com https://bat.bing.com *.microsoft.com *.facebook.net *.facebook.com *.criteo.com *.criteo.net https://www.googletagmanager.com *.linkedin.com *.google.com https://www.googleoptimize.com *.hotjar.com *.bc0a.com *.brightedge.com cdn.b0e8.com device.clearsale.com.br https://www.paypalobjects.com *.paypal.com https://www.gstatic.com https://www.googleadservices.com *.wistia.com *.wistia.net https://az124611.vo.msecnd.net https://cookie-cdn.cookiepro.com https://cdn-us.clickdimensions.com cdn.attn.tv *.attentivemobile.com *.googlesyndication.com *.powerobjects.net *.zoominfo.com *.convertlanguage.com *.docusign.com https://challenges.cloudflare.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://api.ipify.org https://appleid.cdn-apple.com *.niceincontact.com blob:; frame-src 'self' *.amsoil.com *.amsoil.ca https://amsoilcontent.com *.hotjar.com *.criteo.com *.criteo.net *.docusign.net *.docusign.com *.facebook.com *.google.com *.paypal.com *.doubleclick.net *.powerobjects.net *.googlesyndication.com *.wistia.com *.wistia.net creatives.attn.tv https://challenges.cloudflare.com https://a25683390326.cdn.optimizely.com https://a25683390326.cdn-pci.optimizely.com *.niceincontact.com; frame-ancestors 'self' https://sapcc.amsoil.com; report-uri /csp-report 1
script-src *.iag.bg *.googleapis.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://*.kinderloop.com https://*.v.smartcentral.net; 1
frame-ancestors 'self', base-uri 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com https://px.ads.linkedin.com https://connect.facebook.net https://www.facebook.com https://ad.doubleclick.net/ https://www.googletagmanager.com https://www.gstatic.com; frame-ancestors 'self' 1
font-src 'self' 'unsafe-inline' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.recaptcha.net https://isitetv.com https://*.translate.naver.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.shoplooks.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk wss://*.hotjar.com https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com https://*.akamaihd.net https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ampcid.google.com.au https://tr.snapchat.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com https://sgtm.lookfantastic.com.au; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.lookfantastic.com.au https://m.lookfantastic.com.au https://checkout.lookfantastic.com.au https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://remote.captcha.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://*.hotjar.com https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com https://sgtm.lookfantastic.com.au; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
default-src https: 'self' data: http://devwebservices.loyals.nl; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline'; connect-src https: 'self' data: wss: ;report-uri /csp-reports 1
frame-ancestors 'self' weleda.sabio.de 1
frame-ancestors *.uninassau.edu.br *.uninabuco.edu.br *.sereducacional.com *.sereduc.com *.leiaja.com *.ung.br *.unama.br *.univeritas.com *.uninorte.com.br *.blackboard.com http://*.joaquimnabuco.edu.br http://*.unama.br *.gokursos.com *.ig.com.br http://*.ung.br *.uninassau.digital *.unama.digital *.univeritas.digital *.uninorte.digital *.uninabuco.digital *.facimed.edu.br *.unifacimed.digital *.unijuazeiro.edu.br *.fasb.edu.br *.rdstation.com.br *.cursoscdmv.com.br https://cursoscdmv.com.br https://unijuazeiro.edu.br https://websdk.hyperflowapis.global *.cloudfront.net *.unescnet.br *.fael.edu.br *.unifael.edu.br *.uni7.edu.br; 1
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'; worker-src blob: 1
frame-ancestors 'self' https://manage.newequipment.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net http://c.seznam.cz https://region1.analytics.google.com https://q.clarity.ms https://www.facebook.com https://www.google.cz; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://cdn.tiny.cloud/1/ https://fonts.googleapis.com https://unpkg.com/aos@2.3.1/dist/aos.css; img-src 'self' blob: data: https://www.gstatic.com https://sp.tinymce.com https://www.googletagmanager.com https://www.facebook.com https://www.google.com https://www.google.cz http://c.seznam.cz https://google-analytics.com/collect https://www.google-analytics.com/collect https://stats.g.doubleclick.net https://c.clarity.ms https://c.bing.com; script-src 'nonce-dF22KKwcI0sn+zw6GsaQxA==' 'strict-dynamic' 'self' 'unsafe-inline' https://www.google.com/recaptcha/api.js https://www.gstatic.com https://cdn.tiny.cloud/1/ https://www.googletagmanager.com/gtag/js https://unpkg.com/aos@2.3.1/dist/aos.js https://code.jquery.com/jquery-3.6.4.min.js; font-src 'self' data: https://fonts.gstatic.com; object-src 'self'; base-uri 'none'; frame-src 'self' https://www.google.com/recaptcha/; media-src 'self'; 1
script-src http: https: https://m2.adendorff.co.za/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' https://m2.adendorff.co.za/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com staticw2.yotpo.com; frame-src *.cognitoforms.com assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.google.com *.gstatic.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.polyfill.io *.jquery.com *.slgnt.eu *.morabanc.ad *.inbenta.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.google.com *.googleadservices.com *.taboola.com *.adform.net *.facebook.net *.licdn.com *.doubleclick.net *.gstatic.com *.cookielaw.org *.windows.net morabanc.test *.inbenta.io *.hotjar.com unpkg.com;connect-src  *;frame-src *;img-src data: * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; img-src 'self' data: https:; 1
default-src *.kameleoon.com *.kameleoon.eu *.kameleoon.io dock.ui.bosch.tech *.hotjar.io *.hotjar.com wss://*.hotjar.com bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com *.boschtt-documents.com www.bimstore.co.uk *.kittelberger.net *.mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; media-src *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; font-src *.hotjar.com bott-fs.nautilus bott-fs.kittelberger.net script.hotjar.com fonts.gstatic.com *.bosch-thermotechnology.com www.bosch-thermotechnology.us www.heizung-steuern.com fonts.gstatic.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: ; object-src data: 'self'; img-src *.kameleoon.eu *.kameleoon.com *.hotjar.com bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net optimize.google.com www.google-analytics.com www.googletagmanager.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: blob:; style-src *.hotjar.com bott-fs.nautilus bott-fs.kittelberger.net *.bosch-thermotechnology.com cdn.datatables.net optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com www.bosch-thermotechnology.us *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' 'unsafe-inline' https: ; script-src *.kameleoon.eu *.kameleoon.com *.hotjar.com bott-fs.nautilus bott-fs.kittelberger.net dock.ui.bosch.tech optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com optimize.google.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https:; frame-ancestors bosch.mi4biz.net bott-fs.kittelberger.net *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; connect-src *.kameleoon.eu *.kameleoon.com *.kameleoon.io 'self' *.hotjar.io *.hotjar.com fi-v2-configs.global.commerce-connector.com api-eu.global.commerce-connector.com wss://*.hotjar.com  wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech  www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com dock.ui.bosch.tech mycliplister.com *.mycliplister.com stats.g.doubleclick.net *.googleapis.com *.hotjar.com 1
object-src *;script-src * 'unsafe-inline' 'unsafe-eval' data: 1
frame-ancestors 'none'; form-action https:; upgrade-insecure-requests 1
frame-ancestors 'self' dev.lowendspirit.com lowendspirit.com www.lowendspirit.com ana.lowendspirit.com 1
default-src 'self' ; worker-src 'self'  data: blob:; report-uri https://eagerly.nl/reports/report.php; img-src 'self' * data:; media-src 'self' https://vimeo.com http://www.grounds.nu http://mudshirt.nl https://widget.guts.events http://musicbyoffshore.com https://*.wiqhit.com https://*.doubleclick.net https://*.facebook.com https://*.vimeo.com https://*.soundcloud.com https://*.spotify.com https://*.youtube.com https://*.googletagmanager.com https://*.wiqhit.com https://*.doubleclick.net https://*.facebook.com https://*.vimeo.com https://*.soundcloud.com https://*.spotify.com https://*.youtube.com https://*.googletagmanager.com https://*.googletagmanager.com blob: data:; connect-src 'self' http://player.ooyala.com https://*.googlesyndication.com wss://*.hotjar.com https://*.facebook.com https://*.google.nl https://*.jwpltx.com https://*.hotjar.io https://*.doubleclick.net https://*.tiktok.com https://*.google.com https://*.jwpsrv.com https://*.jwplatform.com https://*.cloudflare.com https://*.issuu.com https://*.jwplayer.com https://*.vimeo.com https://*.googletagmanager.com https://*.google-analytics.com; frame-src 'self' https://vimeo.com http://www.grounds.nu http://mudshirt.nl https://widget.guts.events http://musicbyoffshore.com https://*.wiqhit.com https://*.doubleclick.net https://*.facebook.com https://*.vimeo.com https://*.soundcloud.com https://*.spotify.com https://*.youtube.com https://*.googletagmanager.com https://*.wiqhit.com https://*.doubleclick.net https://*.facebook.com https://*.vimeo.com https://*.soundcloud.com https://*.spotify.com https://*.youtube.com https://*.googletagmanager.com https://*.googletagmanager.com; child-src 'self' https://vimeo.com http://www.grounds.nu http://mudshirt.nl https://widget.guts.events http://musicbyoffshore.com https://*.wiqhit.com https://*.doubleclick.net https://*.facebook.com https://*.vimeo.com https://*.soundcloud.com https://*.spotify.com https://*.youtube.com https://*.googletagmanager.com https://*.wiqhit.com https://*.doubleclick.net https://*.facebook.com https://*.vimeo.com https://*.soundcloud.com https://*.spotify.com https://*.youtube.com https://*.googletagmanager.com https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.vimeocdn.com https://*.wiqhit.com https://*.google.com  https://*.youtube.com https://*.ticketswap.nl https://*.tiktok.com https://*.googleadservices.com https://*.hotjar.com https://*.jwpcdn.com https://*.facebook.net https://*.jwplatform.com https://*.issuu.com https://*.jwplayer.com https://*.vimeo.com https://*.cloudflare.com https://*.googletagmanager.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.cloudflare.com https://*.myfonts.net https://*.googleapis.com; font-src 'self' https://*.wp.com https://*.hotjar.com https://*.googleapis.com https://*.gstatic.com https://*.wp.com https://*.hotjar.com https://*.googleapis.com https://*.gstatic.com data:; form-action 'self' https://*.hotjar.com https://*.facebook.com https://*.hotjar.com https://*.facebook.com; 1
base-uri 'self';connect-src *;form-action *;img-src * data: blob:;media-src 'self';object-src 'none';frame-ancestors 'self' *.tiktok.com 1
default-src 'self' blob: https: wss: data: 'unsafe-inline' 'unsafe-eval'; worker-src blob: 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.educationalistmethod.com https://www.studentsofhistory.com https://www.studentsofcivics.com 1
script-src 'self' https://*.clarity.ms https://c.bing.com https://msadsscale.azureedge.net https://*.google-analytics.com https://*.googletagmanager.com https://js.stripe.com https://*.google.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-Y0sWYIvedIIgD2ARn+GFONvyEtPAXt/FhrMm8bfhBeA=' 'sha256-N4Vmo8tb6pSc+ImxfQvM1NhFwKWUGlZd+RPuS6cXym8='; connect-src 'self' https://*.clarity.ms https://c.bing.com https://browser.pipe.aria.microsoft.com https://www.bing.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.fr https://*.gstatic.com https://icon.horse; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://msadsscale.azureedge.net https://unpkg.com/vue-multiselect/dist/vue-multiselect.min.css https://cdn.jsdelivr.net/npm/famfamfam-flags/dist/sprite/famfamfam-flags.min.css https://*.google.com; frame-src https://js.stripe.com; img-src 'self' data: https://.wikimedia.org https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.fr https://*.gstatic.com https://*.media-amazon.com https://*.kelkoo.com https://icon.horse https://icons.duckduckgo.com; font-src 'self' https://msadsscale.azureedge.net https://fonts.gstatic.com; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; default-src 'self'; upgrade-insecure-requests 1
default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data:; base-uri 'self'; frame-ancestors 'self' https://www.amcny.org; object-src 'none'; worker-src 'self' blob:; 1
default-src 'none'; connect-src 'self' *.fonwall.ru fonwall.ru *.google-analytics.com *.gstatic.com yastatic.net *.adfox.ru *.yandex.ru yandex.ru yandex.com *.yandex.net; font-src 'self' data: *.fonwall.ru fonwall.ru fonts.googleapis.com *.gstatic.com yastatic.net; form-action 'self' *.fonwall.ru fonwall.ru; frame-src 'self' *.fonwall.ru fonwall.ru yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru *.adfox.ru yoomoney.ru; img-src 'self' data: blob: *.fonwall.ru fonwall.ru *.vk.com vk.com *.userapi.com *.google-analytics.com *.gstatic.com *.yandex.net *.adfox.ru *.yandex.ru yandex.ru yandex.com; media-src 'self' data: yastatic.net *.yandex.net *.yandex.ru *.adfox.ru yandex.ru yandex.com; object-src 'self' *.fonwall.ru fonwall.ru; script-src 'unsafe-inline' 'unsafe-eval' *.fonwall.ru fonwall.ru *.google-analytics.com *.gstatic.com *.googletagmanager.com yastatic.net *.yandex.ru *.adfox.ru yandex.ru yandex.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.fonwall.ru fonwall.ru fonts.googleapis.com yastatic.net *.adfox.ru; 1
default-src 'self'; font-src data: https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud; script-src 'self' https://*.bazaarvoice.com https://*.mm.dm-drogeriemarkt.it https://app.usercentrics.eu https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.dm-drogeriemarkt.it https://tags.tiqcdn.com https://www.dm-drogeriemarkt.it; worker-src 'self' blob:; connect-src  'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.dm-drogeriemarkt.it https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://coupon-aktionen.dm.de https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omc.dm-drogeriemarkt.it https://product-based-recos.services.dmtech.com https://products.dm.de https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://signin.dm-drogeriemarkt.it https://sos-prod.availability.services.dmtech.com https://staedtetour.dm-fb2.de https://storage.googleapis.com/gift-card-builder-emergency-disabled-bucket/ https://cartnext.services.dmtech.com https://products.dm.de https://shopping-list-prod.services.dmtech.com; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud; form-action 'self' https://*.bazaarvoice.com https://checkout.dm-drogeriemarkt.it https://giftcard-checkout.dm-drogeriemarkt.it/api/checkout https://signin.dm-drogeriemarkt.it; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.dm-drogeriemarkt.it https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://composer.apps.nonprod.gcp.dmtech.cloud https://content-preview.apps.prod.gcp.dmtech.cloud https://d2pqvatijh75rn.cloudfront.net https://d3s22jwy77sx9i.cloudfront.net https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.apps.nonprod.gcp.dmtech.cloud https://*.apps.prod.gcp.dmtech.cloud https://*.dm-drogeriemarkt.it https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42007 https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.lxprod.ka.de.dm-drogeriemarkt.com https://app.datadoghq.eu https://studio.dm-drogeriemarkt.com; frame-src 'self' https://*.bazaarvoice.com https://*.dm-drogeriemarkt.it https://*.services.dmtech.com https://app.usercentrics.eu https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://player.podigee-cdn.net https://sandbox.om.dm.de https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.dm-drogeriemarkt.it https://*.services.dmtech.com https://events.mapbox.com; child-src 'self' blob:; manifest-src 'self'; report-uri /__csp-reports__; upgrade-insecure-requests; 1
style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com data:; font-src *.fontawesome.com 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.livechatinc.com *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: blob: *.facebook.com *.googleadservices.com *.google-analytics.com *.transmart.co.id *.paypalobjects.com *.googletagmanager.com/ *.gstatic.com https://www.google.com/ads/ga-audiences https://www.google.co.id/ads/ga-audiences https://maps.googleapis.com https://placehold.co https://allofresh.id *.allofresh.id allofresh.local data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.livechatinc.com *.googletagmanager.com *.facebook.com *.facebook.net *.googleapis.com *.gstatic.com *.fontawesome.com 'self' 'unsafe-inline' data: *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.livechatinc.com *.facebook.com https://connect.facebook.net https://stats.g.doubleclick.net *.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src data: 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; child-src 'self' *.blumatica.it https://www.youtube.com *.facebook.net *.facebook.com *.gstatic.com; connect-src 'self' *.blumatica.it *.google-analytics.com *.facebook.net *.facebook.com www.google-analytics.com *.paypal.com *.gstatic.com https://*.cookiebot.com *.google.com google.com *.doubleclick.net https://*.googlesyndication.com; default-src 'self' *.blumatica.it https://www.google-analytics.com 'unsafe-inline' www.safetyware.it *.gstatic.com; font-src 'self' *.blumatica.it *.googleapis.com *.gstatic.com; frame-src 'self' *.blumatica.it https://www.youtube.com *.facebook.net *.facebook.com *.gstatic.com *.google.com https://*.paypal.com assets.braintreegateway.com https://*.cookiebot.com https://td.doubleclick.net; img-src 'self' data: *.blumatica.it http://mailing.blumatica.it *.gstatic.com *.googleapis.com *.doubleclick.net https://www.google-analytics.com *.google.com *.google.it *.googletagmanager.com  *.paypal.com https://stats.g.doubleclick.net *.facebook.net *.facebook.com https://addsearch.com https://*.addsearch.com https://*.cloudfront.net https://*.youtube.com www.geolive.org *.paypalobjects.com https://*.cookiebot.com; media-src 'self' *.blumatica.it https://www.youtube.com *.facebook.net *.facebook.com *.gstatic.com; script-src 'self' *.blumatica.it 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.paypal.com *.paypalobjects.com https://www.youtube.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://addsearch.com https://s7.searchcdn.com *.facebook.net *.facebook.com https://static.xx.fbcdn.net https://widget.manychat.com https://manychat.com https://*.hotjar.com https://mccdn.me https://*.cookiebot.com; style-src 'self' *.blumatica.it 'unsafe-inline' *.facebook.net *.facebook.com *.googleapis.com *.gstatic.com *.paypalobjects.com https://app.addsearch.com https://d20vwa69zln1wj.cloudfront.net; 1
default-src 'self'  https://*.useinsider.com https://*.api.useinsider.com wss://*.useinsider.com *.api.useinsider.com *.useinsider.com  standardbankna.api.useinsider.com  syndication.twitter.com  web.facebook.com platform.twitter.com  www.facebook.com https://cdn.evgnet.com https://cdn.evergage.com https://standardbank.germany-2.evergage.com https://www.google.com   https://stream.tribeca.vidavee.com https://stbg.stanbic.co.ug https://stbg.stanbicbank.co.bw https://stbg.stanbicbank.com.gh https://stbg.stanbicbank.co.zm https://stbg.standardbank.co.sz https://stbg.standardbank.co.mw https://stbg.standardbank.mu https://stbg.standardbank.com.na https://stbg.stanbicbank.com.ci* https://stbg.sbgsecurities.co.ke https://stbg.standardbank.cd   *.tt.omtrdc.net  https://www.google.com  https://platform.blits.ai https://blitsproduction.z6.web.core.windows.net https://directline.botframework.com wss://directline.botframework.com stbg.standardbank.co.za stbg.standardbank.com  https://tribeca.vidavee.com https://img.youtube.com http://business.twitter.com https://analytics.twitter.com http://ad.doubleclick.net cdn.cookielaw.org *.onetrust.com http://*.fls.doubleclick.net https://googleads.g.doubleclick.net http://pixel.facebook.com https://www.facebook.com/tr/ http://dc.ads.linkedin.com https://px.ads.linkedin.com https://client.demdex.net https://dpm.demdex.net/ https://cdn.krxd.net/ https://beacon.krxd.net http://bs.serving-sys.com https://googleads.g.doubleclick.net https://assets.adobedtm.com https://cdnjs.cloudflare.com https://maps.lightstoneproperty.co.za http://maps.lightstoneproperty.co.za http://*.tt.omtrdc.net http://dpm.demdex.net https://maps.googleapis.com https://www.gstatic.com https://maps.googleapis.com http://fast.standardbank.demdex.net http://accstandardbank.d1.sc.omtrdc.net https://bid.g.doubleclick.net/xbbe/pixel http://8448999.fls.doubleclick.net https://cdn.krxd.net https://bs.serving-sys.com/Serving https://secure-ds.serving-sys.com https://standardbank.demdex.net https://www.youtube.com/ https://*.map2.ssl.hwcdn.net; font-src 'self' https://cdn.evgnet.com https://cdn.evergage.com https://standardbank.germany-2.evergage.com  https://stream.tribeca.vidavee.com https://stbg.standardbank.mu https://stbg.stanbicbank.com.ci* https://stbg.sbgsecurities.co.ke https://stbg.standardbank.cd  https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://cdn.evgnet.com https://cdn.evergage.com https://standardbank.germany-2.evergage.com https://stbg.stanbic.co.ug https://stream.tribeca.vidavee.com  https://stbg.stanbicbank.co.bw  https://stbg.stanbicbank.com.gh  https://stbg.stanbicbank.co.zm https://stbg.standardbank.co.sz  https://stbg.standardbank.co.mw https://stbg.standardbank.com.na https://stbg.standardbank.mu https://stbg.sbgsecurities.co.ke https://stbg.stanbicbank.com.ci* https://stbg.standardbank.cd  stbg.standardbank.co.za stbg.standardbank.com https://blitsproduction.blob.core.windows.net https://platform.blits.ai https://blitsproduction.z6.web.core.windows.net https://directline.botframework.com wss://directline.botframework.com stbg.standardbank.co.za stbg.standardbank.com https://tribeca.vidavee.com https://img.youtube.com cdn.cookielaw.org https://www.homeloans1.standardbank.co.za https://googleads.g.doubleclick.net https://www.homeloans1.standardbank.co.za https://geo0.ggpht.com https://geo1.ggpht.com https://geo2.ggpht.com https://geo3.ggpht.com https://khms1.googleapis.com https://khms0.googleapis.com https://geo0.ggpht.com https://cbks0.googleapis.com https://maps.googleapis.com https://maps.gstatic.com http://accstandardbank.d1.sc.omtrdc.net https://www.google.com https://www.google.co.za http://cm.everesttech.net https://beacon.krxd.net https://jslog.krxd.net https://standardbank.demdex.net https://dpm.demdex.net http://*.tt.omtrdc.net https://*.map2.ssl.hwcdn.net https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.useinsider.com *.api.useinsider.com standardbankna.api.useinsider.com  platform.twitter.com https://cdn.evgnet.com https://cdn.evergage.com https://standardbank.germany-2.evergage.com  https://www.google.com  https://stream.tribeca.vidavee.com https://stbg.standardbank.mu https://stbg.stanbicbank.com.ci* https://stbg.sbgsecurities.co.ke https://stbg.standardbank.cd  https://www.google.com   https://platform.blits.ai https://blitsproduction.z6.web.core.windows.net https://directline.botframework.com wss://directline.botframework.com https://tribeca.vidavee.com https://img.youtube.com cdn.cookielaw.org *.onetrust.com https://connect.facebook.net https://code.jquery.com https://assets.adobedtm.com https://googleads.g.doubleclick.net https://www.gstatic.com https://maps.googleapis.com http://assets.adobedtm.com https://secure-ds.serving-sys.com http://cdn.krxd.net http://www.googleadservices.com http://www.googletagmanager.com https://consumer.krxd.net https://googleads.g.doubleclick.net https://beacon.krxd.net https://tribeca.vidavee.com http://*.tt.omtrdc.net  https://geo0.ggpht.com https://*.map2.ssl.hwcdn.net; style-src 'unsafe-inline' 'self' assets.api.useinsider.com   *.useinsider.com *.api.useinsider.com https://cdn.evgnet.com https://cdn.evergage.com https://standardbank.germany-2.evergage.com  https://stbg.stanbicbank.com.ci* stbg.standardbank.co.za stbg.standardbank.com https://tribeca.vidavee.com https://img.youtube.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com https://*.map2.ssl.hwcdn.net; frame-ancestors 'self' https://stbg.stanbicbank.com.ci* *.useinsider.com *.api.useinsider.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com; 1
frame-ancestors 'self' https://mail.missiveapp.com; 1
default-src 'self' payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.de maps.googleapis.com www.google-analytics.com;  script-src 'self' 'unsafe-eval' 'unsafe-inline' use.typekit.net www.googletagmanager.com www.google.com www.google-analytics.com www.gstatic.com maps.google.com maps.googleapis.com connect.facebook.net *.payments-amazon.com payments-de-sandbox.amazon.com tagmanager.google.com *.s3-eu-west-1.amazonaws.com *.cloudfront.net *.googleapis.com api.userlike.com https://unpkg.com *.paypalobjects.com *.paypal.com https://ad4m.at https://ad4m.at  https://*.ekomi.de  https://www.dwin1.com https://bat.bing.com https://www.googleadservices.com  https://googleads.g.doubleclick.net https://*.ekomiapps.de https://*.convertexperiments.com https://*.hotjar.com https://api.bounce-commerce.de https://lantern.roeyecdn.com;  style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com tagmanager.google.com use.typekit.net p.typekit.net https://*.ekomiapps.de https://www.googletagmanager.com;  img-src 'self' data: p.typekit.net www.google-analytics.com *.googleapis.com maps.google.com *.cloudfront.net *.ssl-images-amazon.com *.ggpht.com *.gstatic.com img.youtube.com userlike.com *.amazonaws.com *.google.com *.google.de *.pferdefutter.de https://bat.bing.com https://lh3.googleusercontent.com  https://connect.ekomi.de https://www.facebook.com cdn.agrobs.de https://ad4m.at https://*.adserver01.de https://*.adc-serv.net https://*.df-srv.de https://*.adition.com https://*.ad4mat.de https://*.doubleclick.net https://*.adscale.de https://*.twiago.com https://*.casalemedia.com https://*.adfarm1.adition.com  https://*.adform.net https://*.adnxs.com  https://*.taboola.com https://*.kupona.de  https://*.smartadserver.com https://*.pubmatic.com  https://*.yieldlab.net https://as.ad4m.at https://pixel.onaudience.com https://loada.exelator.com https://sync.crwdcntrl.net https://spl.zeotap.com https://match.adsrvr.org https://*.ekomiapps.de https://www.googletagmanager.com;  font-src 'self' data: use.typekit.net fonts.gstatic.com *.cloudfront.net;  object-src 'self';  media-src 'self' *.cloudfront.net *.pferdefutter.de;  child-src 'self' payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.com www.computop-paygate.com staticxx.facebook.com www.facebook.com www.youtube.com *.payments-amazon.com api-cdn.amazon.com https://unpkg.com blob:  *.paypal.com *.google.com https://hal9000.redintelligence.net https://www.youtube-nocookie.com  https://ad.ad-srv.net  https://ad4m.at https://td.doubleclick.net;  form-action 'self' payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.com *.paypal.com *.computop-paygate.com  https://www.facebook.com;  frame-ancestors 'self' *.youtube.com;  plugin-types application/pdf;  connect-src 'self' ws://127.0.0.1:35729 performance.typekit.net www.google-analytics.com *.googleapis.com *.userlike.com wss://chat.userlike.com wss://umd.userlike.com *.g.doubleclick.net https://api.friendlycaptcha.com https://eu-api.friendlycaptcha.eu https://analytics.google.com cdn.pferdefutter.de cdn.agrobs.de https://*.analytics.google.com  https://www.facebook.com https://*.ekomiapps.de https://*.convertexperiments.com https://*.hotjar.com https://*.googlesyndication.com https://adservice.google.com https://www.google.com https://*.google-analytics.com https://api.bounce-commerce.de; 1
frame-ancestors 'self' *.edenordigital.com *.edenor.com *.widergy.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: 'unsafe-inline' 1
worker-src 'self' blob:; font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com * *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.crazyegg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com * *.googletagmanager.com tagmanager.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.crazyegg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com tagmanager.google.com fonts.google.com https://cdn.jsdelivr.net/npm/sweetalert2@11.10.5/dist/sweetalert2.min.css * fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adyen.com * *.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.crazyegg.com https://viacep.com.br 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com 'self' blob: http: https: blob: 'self' 'unsafe-inline'; default-src *.crazyegg.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-dycIxOvX6bH5ZByAum9CNcxtr' 'strict-dynamic'; frame-ancestors 'self' https://ubuntu-mate.org; manifest-src 'self' 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src 'none'; 1
default-src 'self' https: data: 'unsafe-eval' 'unsafe-inline'; 1
frame-ancestors 'self' ostermann.eu *.ostermann.eu 1
script-src http: https: https://backend.baader-planetarium.com/ 'unsafe-inline'; style-src 'self' blob: https: 'unsafe-inline' https://backend.baader-planetarium.com/; img-src data: http: https: blob:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src 'self' assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.youtube-nocookie.com static.addtoany.com assets.pinterest.com us12.campaign-archive.com *.paypal.com 1
object-src 'self'; base-uri 'none'; 1
default-src 'self'; script-src 'self' https://*.hotjar.com https://secure.leadforensics.com https://snap.licdn.com https://mc.yandex.ru https://*.google.com https://www.googletagmanager.com https://*.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://vk.com https://*.facebook.net https://www.youtube.com/iframe_api https://code-ya.jivosite.com https://code.jivo.ru https://js.zi-scripts.com https://ws.zoominfo.com https://tags.clickagy.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.google.com https://fonts.googleapis.com https://*.mailchimp.com https://*.typekit.net 'unsafe-inline' https://code-ya.jivosite.com https://code.jivo.ru; img-src 'self' data: https://*.linkedin.com https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://vk.com https://*.vk.com https://www.facebook.com https://code-ya.jivosite.com; child-src 'self' https://www.youtube-nocookie.com/ https://*.google.com https://www.youtube.com https://www.facebook.com https://*.clickagy.com; connect-src 'self' https://analytics.google.com https://*.google-analytics.com https://*.amazonaws.com https://*.doubleclick.net https://mc.yandex.ru https://ymetrica1.com wss://*.jivosite.com https://*.jivosite.com https://suggestions.dadata.ru https://idx.liadm.com https://*.clickagy.com https://js.zi-scripts.com https://ws.zoominfo.com wss://ws.hotjar.com https://*.hotjar.io; media-src 'self' https://www.youtube-nocookie.com/ https://www.youtube.com/ https://*.amazonaws.com https://code-ya.jivosite.com https://code.jivo.ru; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; 1
default-src 'self' * ; script-src 'self' * 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src data: *; object-src 'self' 1
default-src 'self' 'unsafe-eval' https://rstts-as.readspeaker.com https://cdn1.readspeaker.com https://www.naha.ae https://www.gstatic.com https://app-as.readspeaker.com wss://directline.botframework.com  https://comms.omnichannelengagementhub.com https://adda-chatbot-prod.azurewebsites.net https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://mindrocketsinc.com https://tamm.abudhabi https://arcgis.sdi.abudhabi.ae https://js.arcgis.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.jsdelivr.net  https://unpkg.com https://www.google-analytics.com https://tamm.abudhabi https://www.naha.ae https://naha.ae https://server.arcgisonline.com https://translate-pa.googleapis.com https://stackpath.bootstrapcdn.com https://api.abudhabi.ae http://w3.org  https://httpbin.org https://directline.botframework.com  https://www.google.com https://es.adpolice.gov.ae https://rstts-as.readspeaker.com https://cdn1.readspeaker.com https://app-as.readspeaker.com wss://directline.botframework.com https://comms.omnichannelengagementhub.com https://mindrocketsinc.com https://player.vimeo.com https://www.tamm.abudhabi https://www.naha.ae https://naha.ae https://js.arcgis.com https://recaptcha.net https://ssl.google-analytics.com https://translate.google.com https://translate.googleapis.com https://www.gstatic.com https://www.youtube.com https://s.ytimg.com https://adda-chatbot-prod.azurewebsites.net https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://webchatic3.blob.core.windows.net https://addastorageaccountuat.blob.core.windows.net https://addadevstorage.blob.core.windows.net https://ocsdk-prod.azureedge.net https://sandboxadmin.prioticket.com https://sandboxadmin.prioticket.com https://static.ads-twitter.com https://snap.licdn.com https://googleads.g.doubleclick.net https://oc-cdn-ocuae-uae.azureedge.net https://cdn.jsdelivr.net oc-cdn-public-eur.azureedge.net/* oc-cdn-public-sam.azureedge.net/* oc-cdn-public-gbr.azureedge.net/* oc-cdn-public-jpn.azureedge.net/* oc-apj-public-eur.azureedge.net/* oc-cdn-public.azureedge.net/* oc-cdn-public-ind.azureedge.net/* oc-cdn-public-apj.azureedge.net/* oc-cdn-public-oce.azureedge.net/* oc-cdn-public-fra.azureedge.net/* oc-cdn-ocuae-uae.azureedge.net/* oc-cdn-ocprod.azureedge.net/* https://*.screenmeet.com https://edge.screenmeet.com wss://*.screenmeet.com https://tammlivesupport.com https://*.tammlivesupport.com https://*.scrn.mt https://tamm-chatbot-prod.azurewebsites.net https://connect.facebook.net https://analytics.tiktok.com; object-src 'self'; img-src 'self' data: *; media-src *; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdn1.readspeaker.com https://rstts-as.readspeaker.com https://static.tamm.abudhabi https://app-as.readspeaker.com https://mindrocketsapis.com https://www.gstatic.com https://mindrocketsinc.com https://js.arcgis.com https://translate.google.com https://translate.googleapis.com https://fonts.googleapis.com; frame-src https://schdmngr.tamm.abudhabi https://myland.dmt.gov.ae https://recaptcha.net  https://rstts-as.readspeaker.com https://cdn1.readspeaker.com https://app-as.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://www.youtube.com https://www.youtube-nocookie.com https://www.instagram.com https://www.google.com https://es.adpolice.gov.ae https://directline.botframework.com  https://cdn1.readspeaker.com https://rstts-as.readspeaker.com https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://webchatic3.blob.core.windows.net https://addastorageaccountuat.blob.core.windows.net https://addadevstorage.blob.core.windows.net https://ocsdk-prod.azureedge.net https://sandboxadmin.prioticket.com https://app-as.readspeaker.com https://mindrocketsinc.com https://player.vimeo.com https://comms.omnichannelengagementhub.com  https://rstts-as.readspeaker.com https://www.gstatic.com https://cdn1.readspeaker.com https://app-as.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://static.arcgis.com https://services.arcgisonline.com https://translate.googleapis.com https://geocode.arcgis.com https://arcgis.sdi.abudhabi.ae https://js.arcgis.com https://adda-chatbot-prod.azurewebsites.net https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://webchatic3.blob.core.windows.net https://addastorageaccountuat.blob.core.windows.net https://addadevstorage.blob.core.windows.net https://ocsdk-prod.azureedge.net https://sandboxadmin.prioticket.com; font-src 'self' https://cdn1.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://www.naha.ae https://naha.ae https://static.tamm.abudhabi https://www.tamm.abudhabi/nicabudhabi https://adda-chatbot-prod.azurewebsites.net https://fonts.gstatic.com data: *;  worker-src 'self' https://www.tamm.abudhabi https://www.naha.ae https://naha.ae https://static.tamm.abudhabi https://www.tamm.abudhabi/nicabudhabi blob:; connect-src 'self' wss://pub-csm-plce-01-t.trouter.skype.com wss://pub-csm-plce-02-t.trouter.skype.com wss://directline.botframework.com https://comms.omnichannelengagementhub.com  https://rstts-as.readspeaker.com https://www.gstatic.com https://cdn1.readspeaker.com https://app-as.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://static.arcgis.com https://services.arcgisonline.com https://translate.googleapis.com https://geocode.arcgis.com https://arcgis.sdi.abudhabi.ae https://js.arcgis.com https://adda-chatbot-prod.azurewebsites.net https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://webchatic3.blob.core.windows.net https://addastorageaccountuat.blob.core.windows.net https://addadevstorage.blob.core.windows.net https://ocsdk-prod.azureedge.net https://sandboxadmin.prioticket.com wss://trouter-azsc-euno-0-a.trouter.skype.com https://trouter-azsc-euno-0-b.trouter.skype.com https://adda-chatbot-r2-prod.azurewebsites.net https://*.omnichannelengagementhub.com https://ProdCRM-APIM.tammcrm.abudhabi.ae/ wss://trouter-azsc-ukwe-0-b.trouter.skype.com wss://trouter-azsc-ukwe-0-a.trouter.skype.com wss://trouter-azsc-euno-0-b.trouter.skype.com wss://trouter-azsc-asse-0-b.trouter.skype.com wss://trouter-azsc-asse-0-a.trouter.skype.com https://adda-bot-preprod.azurewebsites.net/api https://PreprodCRM-APIM.tammcrm.abudhabi.ae https://*.communication.azure.com https://login.microsoft.net https://login.microsoftonline.com https://login.windows.net https://*.teams.microsoft.com https://ecs.office.com https://*.skype.com/* https://*.trouter.skype.com https://*.edge.skype.com https://browser.pipe.aria.microsoft.com https://plat.teams.microsoft.com https://aad.skypetoken.skype.com https://authsvc.teams.microsoft.com https://swc.cdn.skype.com/* https://config.edge.skype.com/* https://edge.skype.com/* https://api.aps.skype.com/* https://*.asm.skype.com https://*.ng.msg.teams.microsoft.com/* https://*.notifications.teams.microsoft.com/* https://cdn.botframework.com/botframework-webchat https://ocsdk-prod.azureedge.net8 https://*.service.signalr.net https://ecs.office.com https://browser.pipe.aria.microsoft.com https://oc-cdn-ocprod.azureedge.net/livechatwidget https://cdn.botframework.com/botframework-webchat wss://trouter2-azsc-sece-8-a.trouter.teams.microsoft.com wss://trouter2-azsc-euno-4-b.trouter.teams.microsoft.com wss://trouter2-azsc-euwe-2-a.trouter.teams.microsoft.com https:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ldlc.pro *.groupe-ldlc.com *.fontawesome.com via.placeholder.com *.intercomassets.com *.s-microsoft.com *.userlike.com wss://umd.userlike.com userlike-store-media-files.s3.amazonaws.com userlike-cdn-umm.b-cdn.net userlike-cdn-web.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com chat.userlike.com *.cloudfront.net *.intercomcdn.com *.intercom.io *.hotjar.com *.hotjar.io *.doofinder.com *.youtube.com *.quadro-selector.com *.google.com *.google.fr *.google-analytics.com *.doubleclick.net *.gstatic.com *.googleapis.com www.googletagmanager.com www.youtube-nocookie.com tracking.groupe-ldlc.com *.facebook.com *.facebook.net *.licdn.com *.linkedin.com syndication.inc.hp.com *.1worldsync.com *.cnetcontent.com *.groupe-ldlc.com *.ldlc.com tracking.channelsight.com ws: wss: data: *.cloudflare.com;frame-ancestors 'self'; 1
default-src 'self' afirma://*; img-src 'self' *.google.com *.googleapis.com data:; media-src 'self'; script-src *.google.com *.googleapis.com 'unsafe-eval' 'unsafe-inline' 'self'; style-src *.google.com *.googleapis.com 'self' 'unsafe-inline' data:; font-src 'self' *.gstatic.com *.google.com *.googleapis.com data:; object-src 'self'; base-uri 'self'; connect-src 'self' api.amplitude.com wss://127.0.0.1:63117; frame-ancestors 'self' 1
frame-ancestors default-src 'self' *.jivosite.com ws://*.jivosite.com/ https://pay.deko.finance 1
default-src https://excathedra.co:443 https://*.excathedra.co:443 https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pixel.wp.com:443 https://stats.wp.com:443 'unsafe-inline' 'unsafe-eval' https://cdnjs.org:443 https://ssl.google-analytics.com:443 1
frame-ancestors https://www.usetreno.cz https://acc.usetreno.cz https://www.online-pojisteni.cz http://www.cestovani-po-usa.cz https://www.topsrovnani.cz http://www.privetour.cz http://www.top-pojisteni.cz https://www.autodoplnky.cz http://www.bigsnowjam.cz https://skveleceny.cz http://www.aapp.cz http://www.sosatko.cz http://www.fajnpojisteni.cz http://www.cestovani.cz http://www.autodoplnkyfro.cz http://www.smartflyagency.cz http://www.inzertia.cz http://www.hk-leasing.cz https://www.buddymag.cz https://iphone.app http://www.ruceni-povinne.eu https://fin24.cz/ http://www.vas-financni-poradce.cz https://uamk.cz http://www.123zajezdy.cz http://www.obyvatele.cz https://penize.cz http://www.rehurek.cz https://www.autanamiru.cz http://www.acosa.cz http://mediaplanet.com http://www.skrblik.cz http://www.cestovatelskyobchod.cz http://www.flightor.com https://kubicek.cz https://www.kalkulackaruceni.cz http://www.pojisteni-prehledne.cz https://android.app http://www.brnolowcost.estranky.cz https://affilplhalova.cz https://cyklotury.cz/ https://nasetreno.cz https://www.platinum.cz https://usetreno.cz https://www.simonasedlarova.cz http://www.autickar.cz https://www.touria.cz https://top-pojisteni.svetodmen.cz/ http://fijalka.cz/ https://povinkomat.cz/ https://www.tipli.cz http://www.autovesely.cz http://www.bukuj.cz http://kamfit.cz http://rezervace.zlevneneletenky.eu https://tripuj.cz http://www.go-travel.cz https://www.turistika.cz/ https://www.autoservis-garant.cz/ https://cestovia.cz https://autotrip.cz https://trendom.cz https://www.vzvcarservis.cz http://bestzajezdy.cz https://adventureguy.cz/cs/ http://www.top-pojisteni.cz https://www.vipapp.cz https://www.klick.cz http://www.fondik.cz http://realtorify.io https://europetravelagency.cz https://www.cestovatel.cz https://www.vimvic.cz https://entuzio.cz https://www.aquarius-ca.cz http://top-pojisteni.cz https://www.povinneruceni.biz https://www.leadgenje.cool https://www.expresnipojisteni.cz https://usetreno-acc.ucz.app; 1
default-src 'self' data: https://cdn.ctengine.io https://*.doubleclick.net https://fonts.gstatic.com https://*.cloudflare.com https://*.bootstrapcdn.com https://youtube.com https://www.youtube.com https://*.googlesyndication.com ads-partners.coupang.com *.coupangcdn.com *.linkprice.com *.about.co.kr *.googletagmanager.com *.dable.io www.facebook.com www.google.com; connect-src 'self' https://nam.veta.naver.com https://fundingchoicesmessages.google.com https://*.ctengine.io https://ctracking.io https://analytics.google.com https://adservice.google.com https://ads-partners.coupang.com wss://stream.binance.com:9443 https://api.upbit.com https://apiv2.bitz.com https://*.ethersocial.org https://*.ethersocial.net https://*.ddengle.com https://yoast.com https://www.google-analytics.com https://*.gstatic.com *.ad.daum.net *.daumkakao.io https://*.doubleclick.net https://wcs.naver.com https://*.googlesyndication.com https://request-global.czilladx.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.pstatic.net https://appsha-prm.ctengine.io https://cdn.datatables.net https://code.jquery.com https://*.ddengle.com https://*.cloudflare.com https://*.ampproject.org https://cdn.jsdelivr.net https://*.google.com https://*.googletagservices.com https://*.google-analytics.com https://*.googlesyndication.com https://wcs.naver.net https://*.google.co.kr ads-partners.coupang.com *.coupangcdn.com *.cloudflareinsights.com api.ipify.org connect.facebook.net t1.daumcdn.net https://*.googletagmanager.com https://coinzillatag.com; img-src 'self' https://www.googletagmanager.com https://cdn.datatables.net https://*.ddengle.com data: https://*.qrserver.com https://*.google-analytics.com https://secure.gravatar.com https://wcs.naver.com https://*.w.org https://wordpress.org *.linkprice.com *.linketshop.com *.sixshop.com *.about.co.kr www.facebook.com www.google.co.kr https://*.googlesyndication.com; style-src 'self' *.ddengle.com 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://*.bootstrapcdn.com https://cdn.datatables.net https://code.jquery.com; frame-src 'self' https://request-global.czilladx.com https://td.doubleclick.net https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.google.com https://cdn.ctengine.io; 1
connect-src 'self' *.ispapi.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.hubspot.com https://*.hubapi.com https://*.g.doubleclick.net https://www.facebook.com https://cdn-cookieyes.com https://*.cookieyes.com https://*.zdassets.com wss://api.smooch.io https://zendesk-eu.my.sentry.io https://hexonetbrand.zendesk.com ;default-src 'self';img-src 'self' https://script.hotjar.com https://static.hotjar.com https://*.google-analytics.com https://t.co https://*.hsforms.com https://*.hubspot.com https://www.facebook.com https://cdn-cookieyes.com https://hexonetbrand.zendesk.com https://*.zdassets.com https://*.zendesk.com https://*.zdusercontent.com https://*.hubspotemail-eu1.net data: ;media-src 'self' https://*.zdassets.com ;script-src 'self' https://static.hotjar.com https://script.hotjar.com https://www.google-analytics.com https://ssl.google-analytics.com https://analytics.twitter.com https://*.hubspot.com https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://*.usemessages.com https://js.hsleadflows.net https://connect.facebook.net https://www.googletagmanager.com https://cdn-cookieyes.com https://log.cookieyes.com https://js-eu1.hsleadflows.net https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.net https://js-eu1.hs-banner.com https://platform.instagram.com https://www.instagram.com https://*.zdassets.com https://api.smooch.io 'unsafe-inline' 'unsafe-eval' ;style-src 'self' https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' ;frame-src 'self' https://vars.hotjar.com https://*.hubspot.com https://www.instagram.com ;font-src 'self' https://script.hotjar.com ;frame-ancestors 'self' https://*.hexonet.net ; 1
default-src 'self'; frame-src 'self' *.youtube.com *.google.com *.vimeo.com; media-src 'self' *.youtube.com *.dropbox.com *.dropboxusercontent.com; script-src 'self' 'unsafe-inline' ajax.googleapis.com; script-src-elem 'self' *.clarity.ms *.googletagmanager.com *.googleapis.com; connect-src 'self' *.clarity.ms *.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com connect.facebook.net ajax.aspnetcdn.com https://s.ytimg.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com https://www.facebook.com https://*.userway.org https://*.amazonaws.com/ https://*.brizy.site/ https://*.b-cdn.net/ https://*.weather.gov/ https://www.googletagmanager.com/gtag/ https://baldwin-co-al.vod.castus.tv/ https://cloud.castus.tv/ *.google.com *.youtube.com *.twitter.com *.google-analytics.com https://textmygov.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://*.userway.org https://*.amazonaws.com/ https://*.brizy.site/ https://*.b-cdn.net/ https://*.weather.gov/ https://fonts.bunny.net/ https://baldwin-co-al.vod.castus.tv/ https://cloud.castus.tv/ https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://*.userway.org https://*.amazonaws.com/ https://*.brizy.site/ https://*.b-cdn.net/ https://static.licdn.com/ https://baldwin-co-al.vod.castus.tv/ https://cloud.castus.tv/ https://cdn.userway.org/widgetapp/images/ *.facebook.com *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://*.userway.org https://*.amazonaws.com/ https://*.brizy.site/ https://*.b-cdn.net/ https://fonts.bunny.net/ https://baldwin-co-al.vod.castus.tv/ https://cloud.castus.tv/ https://cdn.userway.org/widgetapp/images/; object-src https://*.granicus.com https://*.granicusinternalvideo.net https://www.google.com/ https://www.facebook.com https://baldwin-co-al.vod.castus.tv/ https://*.userway.org https://*.amazonaws.com/ https://*.brizy.site/ https://*.b-cdn.net/ https://*.weather.gov/ https://www.youtube-nocookie.com/ https://cloud.castus.tv/ *.baldwincountyal.gov 'self'; connect-src 'self' accounts.google.com *.gstatic.com *.mktoresp.com https://*.userway.org https://*.amazonaws.com/ https://*.brizy.site/ https://*.b-cdn.net/ https://*.weather.gov/ https://www.youtube-nocookie.com/ https://baldwin-co-al.vod.castus.tv/ https://cloud.castus.tv/ *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://*.granicus.com *.granicusinternalvideo.net http://*.baldwincountyal.gov https://www.youtube.com https://*.userway.org https://*.amazonaws.com/ https://*.brizy.site/ https://*.b-cdn.net/ https://baldwin-co-al.vod.castus.tv/ https://cloud.castus.tv/ https://cdn.userway.org/widgetapp/images/ https://baldwincountyal.gov/; child-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ badge.stumbleupon.com https://*.granicus.com https://*.granicusinternalvideo.net https://*.baldwincountyal.gov https://baldwin-co-al.vod.castus.tv https://*.userway.org https://*.amazonaws.com/ https://*.brizy.site/ https://*.b-cdn.net/ https://*.weather.gov/ *.twitter.com *.google.com *.facebook.com web-chat.nativechat.com; frame-src https://www.facebook.com/ https://cdn.userway.org/ https://radar.weather.gov https://www.youtube.com/ https://baldwin-co-al.vod.castus.tv/ https://www.youtube-nocookie.com/ 'self' https://www.google.com/ https://cloud.castus.tv/ https://textmygov.com web-chat.nativechat.com 1
frame-ancestors https://*.renderer.cse.canva-dev.com https://canvateam1639724441.zendesk.com https://canvateam1696641530.zendesk.com; 1
default-src 'none'; img-src 'self' data:; connect-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' 1
default-src 'self' data: https://account.stock3.com https://stock3.com https://*.stock3.com https://*.guidants.com https://*.godmode-trader.de https://*.boerse-go.de https://*.guidants-trading.de https://*.brokerize.com wss://*.stock3.com wss://status.guidants.com wss://*.boerse-go.de wss://*.guidants-trading.de wss://*.brokerize.com https://mein.finanzen-zero.net https://mein.zero-staging.net https://mein.t5.zero-test.net https://consentcdn.cookiebot.com https://consent.cookiebot.com http://localhost:* ws://localhost:*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://account.stock3.com https://stock3.com https://*.stock3.com https://*.guidants.com https://*.godmode-trader.de https://*.boerse-go.de https://*.guidants-trading.de https://*.brokerize.com wss://*.stock3.com wss://status.guidants.com wss://*.boerse-go.de wss://*.guidants-trading.de wss://*.brokerize.com https://*.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://is.stock3.com https://as.stock3.com https://track.adform.net https://s1.adform.net https://s2.adform.net https://code.createjs.com https://cdnjs.cloudflare.com/ajax/libs/gsap/ https://feed.goldencross.de https://cdn.adspirit.de https://kerlundcie.adspirit.de https://ad.doubleclick.net https://s0.2mdn.net https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://www.googletagservices.com; connect-src https://account.stock3.com https://stock3.com https://*.stock3.com https://*.guidants.com https://*.godmode-trader.de https://*.boerse-go.de https://*.guidants-trading.de https://*.brokerize.com wss://*.stock3.com wss://status.guidants.com wss://*.boerse-go.de wss://*.guidants-trading.de wss://*.brokerize.com https://*.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://mein.finanzen-zero.net https://mein.zero-staging.net https://mein.t5.zero-test.net http://localhost:* ws://localhost:* https://track.adform.net https://googleads4.g.doubleclick.net https://pagead2.googlesyndication.com https://ade.googlesyndication.com; style-src 'unsafe-inline' 'self' https://data.boerse-go.de https://s1.adform.net https://s2.adform.net https://fonts.googleapis.com; frame-src https://account.stock3.com 'self' https://*.youtube.com https://*.youtube-nocookie.com https://player.vimeo.com https://modules.wikifolio.com https://tradematch.sgmarkets.com https://open.spotify.com https://embed.podcasts.apple.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://is.stock3.com https://c1.adform.net https://cdn.adspirit.de https://s0.2mdn.net https://tpc.googlesyndication.com https://c.bannerflow.net; img-src 'self' https: data: http://localhost:* ws://localhost:*; font-src 'self' https://fonts.gstatic.com 1
font-src *.bglobale.com *.global-e.com *.klarnacdn.net data: fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.salesfire.co.uk *.typekit.net *.fonts.googleapis.com *.gstatic.com *.cloudflare.com *.amazonaws.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.bglobale.com *.global-e.com *.klarna.com *.facebook.com www.paypalobjects.com tpc.googlesyndication.com storage.googleapis.com *.trustpilot.com *.klarnacdn.net *.klarnaevt.com www.google.co.uk googleads.g.doubleclick.net *.kaptcha.com *.paypal.com *.klarnaservices.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.salesfire.co.uk *.google.com *.addthis.com *.pinterest.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.bglobale.com *.global-e.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.pinterest.com connect.facebook.net *.addthis.com *.cloudiq.com s.pinimg.com *.facebook.com www.google.co.in pubads.g.doubleclick.net *.paypal.com *.cloudfront.net www.google.co.uk *.sharethis.com *.bing.com *.clarity.ms angus.finance-calculator.co.uk *.trustpilot.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.salesfire.co.uk *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.cdninstagram.com https://osm.klarnaservices.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de widget.freshworks.com m2epro.freshdesk.com *.bglobale.com *.global-e.com *.klarna.com *.klarnacdn.net *.klarnaservices.com s7.addthis.com 'self' data: http://tpc.googlesyndication.com chimpstatic.com connect.facebook.net *.paypal.com *.cloudiq.com s.pinimg.com *.google-analytics.com www.google.com www.google.co.uk www.gstatic.com secure.adnxs.com js-agent.newrelic.com ajax.cloudflare.com static.cloudflareinsights.com angus.finance-calculator.co.uk *.mailchimp.com mc.us2.list-manage.com *.trustpilot.com *.bing.com *.clarity.ms *.klarnaevt.com cdn.inspectlet.com player.vimeo.com twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.salesfire.co.uk *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com https://www.googletagmanager.com tagmanager.google.com https://osm.klarnaservices.com https://bat.bing.com https://www.paypal.com/ *.amazonaws.com https://uk.trustpilot.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com *.bglobale.com *.global-e.com *.klarnacdn.net storage.googleapis.com *.sharethis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.salesfire.co.uk *.typekit.net fonts.googleapis.com *.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de widget.freshworks.com m2epro.freshdesk.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com ekr.zdassets.com/ 'self' data: *.pinterest.com connect.facebook.net *.cloudiq.com s.pinimg.com  stats.g.doubleclick.net *.google-analytics.com *.paypal.com angus.finance-calculator.co.uk *.clarity.ms api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.salesfire.co.uk *.smartmetrics.co.uk *.cloudflare.com *.googleapis.com *.addthis.com *.graph.instagram.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://bat.bing.com/ *.g.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.googleapis.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.be2bill.com *.1000lentilles.fr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com *.google.com *.addthis.com *.doubleclick.net 'self' 'unsafe-inline'; img-src *.adobe.com  amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.1000lentilles.fr *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com widgets.pinterest.com *.doubleclick.net *.smartsuppchat.com *.smartsupp.com *.smartsuppcdn.com *.demdex.net *.google.fr *.be2bill.com data: 'self' 'unsafe-inline'; script-src *.adobe.com  *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googleapis.com *.google.com *.gstatic.com *.avada.io js.mollie.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com widgets.pinterest.com *.smartsuppchat.com *.doubleclick.net *.smartsuppcdn.com *.demdex.net *.be2bill.com *.googletagmanager.com *.adobedtm.com https://*.smartlook.com https://*.smartlook.cloud https://*.googleadservices.com https://*.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.twitter.com *.typekit.net *.bootstrapcdn.com *.googletagmanager.com *.google-analytics.com *.adobe.com  *.smartsuppcdn.com  'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com widgets.pinterest.com *.adobe.com  *.doubleclick.net *.smartsuppchat.com *.smartsuppcdn.com *.demdex.net *.smartsupp.com wss://*.smartsupp.com/ *.googlesyndication.com https://*.smartlook.com https://*.smartlook.cloud 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com *.gstatic.com cdn.jsdelivr.net *.sensefuel.live *.clarity.ms *.cookiebot.com *.facebook.com *.facebook.net https://static.payzen.eu/static/ *.fontawesome.com https://cdnjs.cloudflare.com 'self' data: data: 'self' 'unsafe-inline'; form-action https://www.baby-lux.com/ https://www.babylux.be/fr/ https://www.babylux.nl/ https://www.babylux.be/nl/ pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com secure.payzen.eu https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src https://www.baby-lux.com/ https://www.babylux.be/fr/ https://www.babylux.nl/ https://www.babylux.be/nl/ bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widget.trustpilot.com maps.google.com *.clarity.ms *.facebook.com *.facebook.net *.cookiebot.com *.pinterest.com *.doubleclick.net *.sendcloud.sc *.jsdelivr.net https://secure.payzen.eu/vads-payment/ https://static.payzen.eu/static/ js.mollie.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.doubleclick.net *.lorempixel.com *.google.com *.google.be *.gstatic.com *.googleapis.com *.babylux.nl *.babylux.be *.baby-lux.com *.clarity.ms *.googletagmanager.com *.google-analytics.com *.facebook.com *.facebook.net *.cookiebot.com *.pinterest.com placehold.co *.amazonaws.com https://secure.payzen.eu/static/latest/images/type-carte/ https://static.payzen.eu/static/ https://secure.payzen.eu/vads-payment/ https://img.youtube.com https://www.mollie.com 'self' data: ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net *.sensefuel.live *.cloudflare.com *.g.doubleclick.net *.googletagmanager.com *.newrelic.com *.nr-data.net widget.trustpilot.com *.googleapis.com *.tpc.googlesyndication.com *.clarity.ms *.google-analytics.com *.googleadservices.com *.google.com *.facebook.com *.facebook.net *.cookiebot.com *.pinimg.com *.sendcloud.sc *.jsdelivr.net https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ s7.addthis.com *.avada.io js.mollie.com https://cdnjs.cloudflare.com www.gstatic.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdn.jsdelivr.net fonts.googleapis.com *.sensefuel.live *.clarity.ms *.cookiebot.com *.googletagmanager.com *.facebook.com *.facebook.net *.sendcloud.sc *.jsdelivr.net https://static.payzen.eu/static/ *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu *.google-analytics.com *.analytics.google.com *.doubleclick.net *.nr-data.net *.sensefuel.live *.googleapis.com *.clarity.ms *.googletagmanager.com *.cookiebot.com *.google.com *.pinterest.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ ekr.zdassets.com/ https://get.geojs.io *.avada.io t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.bixoto.com; 1
block-all-mixed-content; frame-ancestors *.boutiquedassi.com.br 1
default-src 'self' *.verifyt.com edge.curalate.com *.typeform.com *.zipmoney.com.au *.gstatic.com *.zdassets.com *.bazaarvoice.com *.vimeo.com *.akamaized.net load.sumo.com *.hotjar.com *.hotjar.io *.trurating.com *.crazyegg.com tracking.myunidays.com; img-src 'self' data: https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; connect-src 'self' https: wss: *.force.com; font-src 'self' data: https:; frame-ancestors 'self' https://*.brasnthings.com; 1
frame-ancestors 'self' *.brico-phone.com 1
default-src 'none'; img-src 'self' carauktion.marketing.campaignpro.io cdn.carauktion.ch www.google.by www.google.com www.google.com.ua www.google.ch https://plausible.io/js/script.js cau-vid.carit.ch stats.g.doubleclick.net cdn.cookielaw.org blob: data:; object-src 'self'; connect-src 'self' o408348.ingest.sentry.io ca3-af1-mvp.carit.ch auth.carauktion.ch https://plausible.io/js/script.js https://plausible.io/api/event fonts.googleapis.com stats.g.doubleclick.net cdn.cookielaw.org geolocation.onetrust.com ws: wss:; font-src 'self' fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-ancestors 'self' www.google.com docs.carit.ch reporting.carauktion.ch; frame-src 'self' www.google.com docs.carit.ch reporting.carauktion.ch; media-src 'self' cau-vid.carit.ch; script-src 'self' carauktion.marketing.campaignpro.io/focus/1.js carauktion.marketing.campaignpro.io/focus/2.js carauktion.marketing.campaignpro.io/focus/3.js carauktion.marketing.campaignpro.io/focus/4.js browser.sentry-cdn.com o408348.ingest.sentry.io https://plausible.io/js/script.js www.google.com www.googletagmanager.com www.gstatic.com browser.sentry-cdn.com stats.g.doubleclick.net/ cdn.cookielaw.org https://europe-west6-ca3-logging.cloudfunctions.net/logPerformance 'nonce-ZWJiMDViMDctZDBjZC00MmM2LTlkNWYtMzk0ZWM0YzhmNDA3' 1
default-src; base-uri 'none'; connect-src 'self' https://chilebt.com:8443/socket.io/ wss://chilebt.com:8443/socket.io/; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https:; img-src 'self' https:; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/api2/ https://www.gstatic.com/recaptcha/api2/v1550471573786/recaptcha__en.js https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.11.1/moment-with-locales.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.3.0/Chart.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/4.15.35/js/bootstrap-datetimepicker.min.js 'nonce-fa6732f3913c83f0a945c656e67dbc19'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/4.15.35/css/bootstrap-datetimepicker.min.css; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'nonce-b17c9f0dd8b2ec20a7bc220b51191fa7' 'self'; form-action 'self';connect-src 'self' https:; script-src 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https:; frame-src 'self' https://www.google.com/recaptcha/ https://www.buyatab.com https://na.account.amazon.com; 1
frame-src 'self' https://www.google.com https://*.tecsinapse.com.br; frame-ancestors 'self' https://*.cimbb.com.br 1
frame-ancestors self https://api.cftbeyzkhd-whirlpool2-p1-public.model-t.cc.commerce.ondemand.com:443  https://api-hybris-cprod.whirlpool.com:443  https://whirlpoolportal.com:443 https://www.whirlpoolportal.com:443 https://whirlpoolportal.ca:443 https://www.whirlpoolportal.ca:443 https://partsales.whirlpoolcorp.com:443 https://serviceparts.whirlpoolcorp.com:443 1
font-src *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com https://github.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com *.fintecture.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com https://consentcdn.cookiebot.com/ *.trustpilot.com *.criteo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' blob: data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.gstatic.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com http://comptoirdespros.groupe-mb.net https://cdn1.comptoirdespros.com *.google.fr https://criteo-sync.teads.tv/ https://match.sharethrough.com/ https://ads.stickyadstv.com/ https://s.ad.smaato.net/ *.omnitagjs.com https://criteo-partners.tremorhub.com/ https://i.liadm.com/ https://sync-criteo.ads.yieldmo.com/ https://secure.adnxs.com/ https://jadserve.postrelease.com/ *.criteo.com *.trustpilot.com https://amcglobal.sc.omtrdc.net/ * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.trustpilot.com *.cookiebot.com https://static.criteo.net/ https://s.kk-resources.com/ https://googleads.g.doubleclick.net *.criteo.com *.criteo.net *.productsup.io https://notifpush.com/ https://tag.imagino.com/ *.nr-ext.net *.nr-assets.net https://analytics.tiktok.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.trustpilot.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com https://googleads.g.doubleclick.net *.google-analytics.com *.trustpilot.com https://s.kelkoogroup.net https://consentcdn.cookiebot.com/ https://notifpush.com/ https://tag.imagino.com/ https://analytics.tiktok.com t.elasticsuite.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors self *.contorion.net *.storyblok.com 1
default-src 'none'; connect-src 'self' *.googleapis.com *.cloudfunctions.net *.costcopharmacy.ca *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.cookielaw.org *.onetrust.com https://cloudflareinsights.com/cdn-cgi/rum; font-src https://fonts.gstatic.com; frame-src 'self' mailto: *.google.com *.firebaseapp.com https://www.chasepaymentechhostedpay-var.com https://www.chasepaymentechhostedpay.com https://player.vimeo.com/; img-src 'self' data: *.googleapis.com https://i.vimeocdn.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.cookielaw.org; script-src 'self' *.google.com *.gstatic.com https://www.chasepaymentechhostedpay-var.com https://www.chasepaymentechhostedpay.com *.googletagmanager.com https://ajax.cloudflare.com https://static.cloudflareinsights.com https://apis.google.com *.cookielaw.org *.onetrust.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.googleapis.com 1
default-src 'self'; connect-src 'self' blob: https://www.youtube.com/ https://*.googleapis.com/ https://www.facebook.com/ https://www.googletagmanager.com/ https://analytics.google.com/ https://googleads.g.doubleclick.net/ https://*.g.doubleclick.net/ https://viacep.com.br/ http://tracker.tolvnow.com https://noembed.com/embed https://cdn.privacytools.com.br https://www.google-analytics.com/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ https://us-central1-perto-digital.cloudfunctions.net/ https://*.pertodigital.com.br:3005 https://perto-digital.nyc3.cdn.digitaloceanspaces.com/ https://perto-digital.nyc3.digitaloceanspaces.com/ https://d3rf60mhi96lym.cloudfront.net/ https://libras.pertodigital.com.br/ https://vercel.live/ https://dicio-pertodigital-api.vercel.app https://*.pertodigital.com.br*/ https://ccoreilly.github.io https://pluginlibras.pertodigital.com.br/ https://librasfiles.pertodigital.com.br/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com/ https://noembed.com/embed https://www.youtube.com/ https://*.facebook.net/ https://googleads.g.doubleclick.net/ https://www.googletagmanager.com/ https://analytics.google.com/ http://tracker.tolvnow.com https://cdn.privacytools.com.br http://event.getblue.io/ https://*.getblue.io/ https://*.hotjar.com/ https://www.googleadservices.com/pagead/ https://perto-digital.nyc3.digitaloceanspaces.com/ https://perto-digital.nyc3.cdn.digitaloceanspaces.com/ https://d3rf60mhi96lym.cloudfront.net/ https://d1pf7no49ltvta.cloudfront.net/ https://cdn.jsdelivr.net/ https://vercel.live/ https://dicio-pertodigital-api.vercel.app https://cdn.jsdelivr.net/ https://static.cdn.prismic.io/ https://*.pertoplugin.link https://*.pertodigital.com.br/; style-src 'self' 'unsafe-inline' https://*.googleapis.com/ http://tracker.tolvnow.com https://www.tolvnow.com/chatwidget/css/ https://cdn.privacytools.com.br https://*.hotjar.com/ https://perto-digital.nyc3.cdn.digitaloceanspaces.com/ https://dicio-pertodigital-api.vercel.app https://*.pertoplugin.link; media-src 'self' https://cdn.vistahost.com.br https://azuqbrcreditorealstorage.blob.core.windows.net https://storage.googleapis.com https://www.youtube.com/ https://creditoreal.file.force.com/servlet/servlet.ImageServer* https://creditoreal.my.salesforce.com/* https://d3rf60mhi96lym.cloudfront.net/ https://dicio-pertodigital-api.vercel.app https://*.pertoplugin.link https://pluginlibras.pertodigital.com.br/; frame-src 'self' https://www.youtube.com/ https://pricing-app.nivu.com.br/ https://www.banibconecta.com/ https://www.tolvnow.com/ https://i.ytimg.com/vi/ https://admin.refera.com.br/ https://www.google.com/ http://event.getblue.io/ https://td.doubleclick.net/ https://dicio-pertodigital-api.vercel.app; img-src 'self' https://azupbrcreditorealstorage.blob.core.windows.net/ https://storage.googleapis.com https://cdn.vistahost.com.br https://*.googleapis.com/ https://googleads.g.doubleclick.net/ https://*.gstatic.com/ data: https://*.tolvnow.com https://creditoreal.file.force.com/servlet/servlet.ImageServer* https://creditoreal.my.salesforce.com/* https://www.creditoreal.com.br/ https://i.ytimg.com/vi/ https://cdn.privacytools.com.br https://www.facebook.com/ https://*.hotjar.com/ https://survey-images.hotjar.com/ https://www.google.com/ https://www.google.com.br/ http://historico.creditoreal.com.br/ https://creditoreal.my.salesforce.com/ https://creditoreal.file.force.com/ https://images.prismic.io https://portal-credito-real.cdn.prismic.io https://perto-digital.nyc3.cdn.digitaloceanspaces.com/ https://d3rf60mhi96lym.cloudfront.net/ https://dicio-pertodigital-api.vercel.app https://*.pertoplugin.link https://creditoreal.com.br/; font-src 'self' https://*.gstatic.com/ https://fonts.googleapis.com/ https://www.tolvnow.com/ https://script.hotjar.com/ https://fonts.cdnfonts.com/s/14017/calibril.woff https://perto-digital.nyc3.cdn.digitaloceanspaces.com/ https://dicio-pertodigital-api.vercel.app https://*.pertoplugin.link; worker-src 'self' blob:; 1
default-src 'self' *.widgetworks.com.au *.mypurecloud.com.au *.youtube.com webchat.cusa.com.au *.vimeo.com localhost:8000 cms.creditunion.atomix.dev cms.creditunionsa.com.au cms.creditunionsa.uat.com.au cms.creditunion.uat.atomix.dev https://gpm.westernunion.com/au/AU/RT/02156-FI *.fls.doubleclick.net tr.snapchat.com www.pinterest.com.au www.pinterest.com https://www.google.com/; style-src 'self' 'unsafe-inline' *.widgetworks.com.au https://tagmanager.google.com https://fonts.googleapis.com localhost:8000 cms.creditunion.atomix.dev cms.creditunionsa.com.au cms.creditunionsa.uat.com.au cms.creditunion.uat.atomix.dev; img-src 'self' data: * www.googletagmanager.com  https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; connect-src 'self' localhost:8000 cms.creditunion.atomix.dev cms.creditunionsa.com.au cms.creditunionsa.uat.com.au cms.creditunion.uat.atomix.dev *.mypurecloud.com.au *.ingest.sentry.io jsonapi.sajari.net/sajari.api.pipeline.v1.Query/Search vitals.vercel-insights.com analytics.tiktok.com www.google.com.au/pagead/attribution https://*.google-analytics.com https://google-analytics.com https://*.analytics.google.com  https://analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://ct.pinterest.com api.hubapi.com forms.hubspot.com stats.g.doubleclick.net www.googleadservices.com secure-ds.serving-sys.com tr.snapchat.com lm.serving-sys.com/lm/tmd wss://webmessaging.mypurecloud.com.au/v1?deploymentId=ad8161a7-448e-46ed-8009-c8d7c813206d&application=messenger-2.11.0; frame-ancestors 'self' localhost:8000 cms.creditunion.atomix.dev cms.creditunionsa.com.au cms.creditunionsa.uat.com.au cms.creditunion.uat.atomix.dev; font-src 'self' https://fonts.gstatic.com data: 'self' *.widgetworks.com.au *.mypurecloud.com.au *.youtube.com webchat.cusa.com.au *.vimeo.com localhost:8000 cms.creditunion.atomix.dev cms.creditunionsa.com.au cms.creditunionsa.uat.com.au cms.creditunion.uat.atomix.dev https://gpm.westernunion.com/au/AU/RT/02156-FI *.fls.doubleclick.net tr.snapchat.com www.pinterest.com.au www.pinterest.com https://www.google.com/; script-src 'unsafe-inline' 'self' *.widgetworks.com.au *.mypurecloud.com.au *.youtube.com webchat.cusa.com.au *.vimeo.com localhost:8000 cms.creditunion.atomix.dev cms.creditunionsa.com.au cms.creditunionsa.uat.com.au cms.creditunion.uat.atomix.dev https://gpm.westernunion.com/au/AU/RT/02156-FI *.fls.doubleclick.net tr.snapchat.com www.pinterest.com.au www.pinterest.com https://www.google.com/ secure-ds.serving-sys.com js.hs-scripts.com s.pinimg.com js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net js.hs-banner.com connect.facebook.net https://*.googletagmanager.com www.google-analytics.com www.gstatic.com siteimproveanalytics.com sc-static.net static.ads-twitter.com www.redditstatic.com cdn.sajari.com snap.licdn.com analytics.tiktok.com bs.serving-sys.com analytics.twitter.com https://tagmanager.google.com https://www.google.com/recaptcha/api.js 1
block-all-mixed-content; frame-ancestors *.crisecia.com.br 1
default-src 'self'; font-src data: https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud; script-src 'self' https://*.bazaarvoice.com https://*.mm.dm.pl https://app.usercentrics.eu https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.dm.pl https://tags.tiqcdn.com https://www.dm.pl; worker-src 'self' blob:; connect-src  'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.dm.pl https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://coupon-aktionen.dm.de https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omc.dm.pl https://product-based-recos.services.dmtech.com https://products.dm.de https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://signin.dm.pl https://sos-prod.availability.services.dmtech.com https://staedtetour.dm-fb2.de https://storage.googleapis.com/gift-card-builder-emergency-disabled-bucket/ https://cartnext.services.dmtech.com https://products.dm.de https://shopping-list-prod.services.dmtech.com; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud; form-action 'self' https://*.bazaarvoice.com https://checkout.dm.pl https://giftcard-checkout.dm.pl/api/checkout https://signin.dm.pl; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.dm.pl https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://composer.apps.nonprod.gcp.dmtech.cloud https://content-preview.apps.prod.gcp.dmtech.cloud https://d2pqvatijh75rn.cloudfront.net https://d3s22jwy77sx9i.cloudfront.net https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.apps.nonprod.gcp.dmtech.cloud https://*.apps.prod.gcp.dmtech.cloud https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42007 https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.dm.pl https://*.lxprod.ka.de.dm-drogeriemarkt.com https://app.datadoghq.eu https://studio.dm-drogeriemarkt.com; frame-src 'self' https://*.bazaarvoice.com https://*.dm.pl https://*.services.dmtech.com https://app.usercentrics.eu https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://player.podigee-cdn.net https://sandbox.om.dm.de https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.dm.pl https://*.services.dmtech.com https://events.mapbox.com; child-src 'self' blob:; manifest-src 'self'; report-uri /__csp-reports__; upgrade-insecure-requests; 1
frame-ancestors 'self' https://yobingo-statices.casinomodule.com/ https://www.yobingo.es/ https://www.yocasino.es/ https://www.enracha.es/ 1
base-uri 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'nonce-Pp/5vcMfB0VFUFJSuZWkAA==' 'sha256-2lWLrBMqNEeZZva7ECueFJwRLzfyWRLI38lTzWLH7yo=' 'sha256-U+9uytu1wNMDRkbPT1c4SIzmnZr8B8uJ7tscj8Ot6mg=' 'sha256-WWM1JRyw57UB5WW0keQVmrvNG3BmFRmm253yNpWLHFI=' 'sha256-Qda2uFsqXBGj9V5cAGbsO7+345iGKJU/hgWCTjY1E40=' https://*.swogo.net https://sdk.privacy-center.org https://*.svea.com https://*.tiktok.com https://*.facebook.net https://panelista.com https://*.googletagmanager.com https://*.vimeo.com https://*.hotjar.com https://*.google.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bing.com https://www.googleanalytics.com https://*.voyado.com https://*.testfreaks.com 'unsafe-eval' 'report-sample' 'strict-dynamic'; style-src 'self' https://tagmanager.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.hotjar.com https://*.redeal.se https://*.redeal.io https://*.testfreaks.com 'unsafe-inline'; connect-src 'self' *.fyndiq.se analytics.tiktok.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://rum.browser-intake-datadoghq.com https://*.apptus.cloud https://*.swogo.net https://*.privacy-center.org https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com https://*.bing.com https://*.facebook.com https://*.sentry.io https://cloudflareinsights.com https://*.googleapis.com https://*.snapchat.com https://*.microsofttranslator.com https://*.microsoft.com https://*.googlesyndication.com https://*.voyado.com https://cdn.growthbook.io https://*.redeal.se https://*.redeal.io https://*.testfreaks.com; frame-src https://*.svea.com https://*.hotjar.com https://*.isecrets.se https://panelista.com https://reclaimit-support.fyndiq.se https://*.reclaimit.com https://bid.g.doubleclick.net https://*.googletagmanager.com https://*.facebook.com https://*.googlesyndication.com https://*.vimeo.com https://*.tradedoubler.com https://*.youtube.com https://*.redeal.se https://*.redeal.io tel: https://*.testfreaks.com; font-src 'self' https://fonts.gstatic.com data: https://*.hotjar.com; frame-ancestors 'self' https://fyndiq-dev.sanity.studio https://app.datadoghq.com https://*.testfreaks.com https://fyndiq.dk https://*.fyndiq.dk https://fyndiq.fi https://*.fyndiq.fi https://fyndiq.no https://*.fyndiq.no https://fyndiq.se https://*.fyndiq.se 1
default-src 'self'; img-src https://www.google-analytics.com 'self' data: blob:; script-src 'self' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com 'unsafe-inline' https://www.elektronicznypodpis.pl https://chrome.google.com  https://addons.opera.com 'unsafe-eval' */pdf.js */viewer.js blob:; connect-src 'self' blob: data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; child-src 'self' blob: https: http:; object-src 'none'; 1
default-src 'self' *.game7athletics.com *.zipmoney.com.au *.gstatic.com *.bazaarvoice.com *.vimeo.com vod-progressive.akamaized.net *.hotjar.com *.hotjar.io *.trurating.com *.crazyegg.com *.facebook.com *.paypalobjects.com *.paypal.com *.adyen.com; img-src 'self' *.nosto.com *.nos.to *.paypalobjects.com *.paypal.com *.adyen.com data: https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nosto.com *.nos.to *.paypalobjects.com *.paypal.com *.adyen.com https:; style-src 'self' 'unsafe-inline' *.nosto.com *.nos.to *.paypalobjects.com *.paypal.com *.adyen.com https:; frame-src 'self' https:; connect-src 'self' *.nosto.com *.nos.to *.paypalobjects.com *.paypal.com *.adyen.com https: wss:; font-src 'self' data: https:; frame-ancestors 'self' https://*.game7athletics.com.au; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://static.photoslurp.com/ *.taboola.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.taboola.com *.salesforce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.hotjar.com *.taboola.com https://consentcdn.cookiebot.com/ https://www.youtube.com/ https://fledge-eu.creativecdn.com/ https://ct.pinterest.com/ https://js.klarna.com/ https://js.playground.klarna.com/ *.facebook.com *.flipsnack.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com s.ytimg.com https://img.youtube.com https://mcstaging.gatopreto.com/ https://gatopreto.com/ *.facebook.com *.google.com https://*.klarna.com/ https://*.klarnacdn.net/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://*.photoslurp.com/ https://*.collect.igodigital.com/ https://ct.pinterest.com/ *.google.pt *.doubleclick.net https://*.creativecdn.com/ https://bh.contextweb.com/ *.googletagmanager.com *.analytics.yahoo.com *.adnxs.com *.mobon.net *.seedtag.com *.sync.1rx.io *.omnitagjs.com *.media.net *.addlv.smt.docomo.ne.jp onetag-sys.com *.yieldmo.com *.mgid.com *.console.adtarget.com.tr *.s3xified.com *.rmp.rakuten.com *.gumgum.com *.smartadserver.com *.openx.net data: *.taboola.com *.pixel.rubiconproject.com *.sync.cootlogix.com *.dsum-sec.casalemedia.com *.1rx.io *.ce.lijit.com *.e-planning.net *.smaato.net *.admedia.com *.kelkoogroup.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com commerce.adobedtm.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net js.braintreegateway.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.avada.io https://www.google.com/recaptcha/ https://www.gstatic.com/ https://js-agent.newrelic.com/ *.googletagmanager.com https://bam-cell.nr-data.net/ https://bam.nr-data.net/ *.hotjar.com https://s.pinimg.com/ https://static.trackedweb.net/ https://consentcdn.cookiebot.com/ https://consent.cookiebot.com/ https://*.collect.igodigital.com/ *.googleapis.com https://static.photoslurp.com/ https://*.kuantokusta.pt/ https://*.creativecdn.com/ *.doubleclick.net https://x.klarnacdn.net/ https://js.playground.klarna.com/ *.facebook.net *.tiktok.com *.addthis.com *.moatads.com *.addthisedge.com *.taboola.com *.kk-resources.com *.google.com *.google.pt 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://static.photoslurp.com/ *.googleapis.com *.taboola.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.google-analytics.com *.google.com *.doubleclick.net https://ct.pinterest.com/ https://bam-cell.nr-data.net/ https://bam.nr-data.net https://r1.trackedweb.net/ https://consentcdn.cookiebot.com/ https://api.photoslurp.com/ https://ams.creativecdn.com/ *.facebook.com https://eu.playground.klarnaevt.com/ https://eu.klarnaevt.com/ https://js.playground.klarna.com/ https://js.klarna.com/ https://x.klarnacdn.net/ *.googleapis.com *.tiktok.com *.hotjar.io *.hotjar.com wss://*.hotjar.com/ *.outbrain.com *.taboola.com *.kelkoogroup.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; style-src https: 'unsafe-inline'; img-src * data: 1
default-src * 'unsafe-inline' 'unsafe-eval'; frame-src https:; img-src * data:;frame-ancestors 'self'; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' https://analytics.optimalpeople.fr https://secure.adnxs.com public.joomeo.com *.jotform.com *.jotformeu.com data: wss: http://i.ytimg.com gouiran-beaute.com http://doofindermedia.s3.amazonaws.com https://doofindermedia.s3.amazonaws.com https://www.survio.com/ https://inrecruitingfr.intervieweb.it https://eu1-doofinderuser.s3.amazonaws.com/ http://eu1-doofinderuser.s3.amazonaws.com/ *.youtube.com *.gstatic.com *.cdninstagram.com *.gravatar.com cdn.jsdelivr.net *.doubleclick.net *.gouiran-beaute.com netdna.bootstrapcdn.com *.avis-verifies.com *.nosto.com *.affilae.com *.elfsight.com *.elfsightcdn.com *.googletagmanager.com cdnjs.cloudflare.com static-sb.com static.sb.com *.google.com www.google.fr social-sb.com *.doofinder.com *.be2bill.com *.paypal.com *.google-analytics.com *.googleadservices.com *.hotjar.io *.hotjar.com fonts.gstatic.com maps.gstatic.com ssl.gstatic.com s.w.org sb-img.s3.amazonaws.com t.co *.linkedin.com sb-widget.s3.amazonaws.com bat.bing.com scontent.cdninstagram.com spread-public.s3.eu-west-3.amazonaws.com *.zopim.com *.zopim.io static.ads-twitter.com sjs.bizographics.com *.criteo.com img.youtube.com *.pinterest.com i.pinimg.com apis.google.com maps.googleapis.com www.netreviews.eu *.leguide.com s.kk-resources.com s.kelkoogroup.net *.facebook.net *.facebook.com *.twitter.com *.criteo.net *.zdassets.com *.twimg.com api.socloz.com api.testing.sandbox.socloz.com *.tradedoubler.com https://*.pinimg.com https://*.pinterest.com https://*.google.ie ;  style-src 'unsafe-inline' 'unsafe-eval' 'self' *; font-src 'unsafe-inline' 'unsafe-eval' 'self' data: wss: * https://svht.tradedoubler.com/tr_sdk.js 1
default-src 'self'; img-src * data:; media-src media1.com media2.com; script-src 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com https://static.pay.expedia.com https://www.grnconnect.com https://ajax.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://cdn.jsdelivr.net;style-src 'unsafe-inline'  https://www.grnconnect.com https://fonts.googleapis.com https://www.gstatic.com;font-src https://www.grnconnect.com https://fonts.gstatic.com; frame-src https://www.tripadvisor.com https://www.grnconnect.com https://static.pay.expedia.com;connect-src https://www.google-analytics.com https://www.grnconnect.com  https://maps.googleapis.com; 1
default-src https: wss:; img-src data: https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 1
frame-ancestors 'self' *.commercevision.biz *.commercevision.com.au https://punchoutcommerce.com 1
frame-src 'self';frame-ancestors 'self'; object-src 'none'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: http: data: blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.fmd.ag *.google-analytics.com *.googletagmanager.com *.vercel.app *.facebook.net *.jsdelivr.net *.doubleclick.net *.force.com *.salesforceliveagent.com *.salesforce.com *.salesforce-sites.com *.site.com *.salesforce-scrt.com *.goadopt.io *.equalweb.com *.handtalk.me *.gstatic.com *.google.com.br *.google.com.br *.googleapis.com *.cloudflare.com *.youtube.com *.facebook.com *.amazonaws.com; img-src 'self' data: blob: *.fmd.ag *.google-analytics.com *.googletagmanager.com *.vercel.app *.facebook.net *.jsdelivr.net *.doubleclick.net *.force.com *.salesforceliveagent.com *.salesforce.com *.salesforce-sites.com *.site.com *.salesforce-scrt.com *.goadopt.io *.equalweb.com *.handtalk.me *.gstatic.com *.google.com.br *.google.com.br *.googleapis.com *.cloudflare.com *.youtube.com *.facebook.com *.amazonaws.com; frame-ancestors 'self'; 1
frame-ancestors *.intrcity.com 1
frame-ancestors none; default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.inverite.com *.fontawesome.com *.bootstrapcdn.com *.ravenjs.com *.amazonaws.com *.cloudflare.com *.jsdelivr.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com stats.g.doubleclick.net https://status.inverite.ca https://static.wixstatic.com https://static.parastorage.com https://www.gravatar.com https://releases.wagtail.io https://releases.wagtail.org https://jsd-widget.atlassian.com 1
child-src 'self' blob:;connect-src 'self' https://www.google-analytics.com https://maps.googleapis.com facebook.com google-analytics.com cdn.islandsbanki.is 12pjqcn2sm-dsn.algolia.net https://640islandsbanki.boost.ai https://islandsbanki-test.boost.ai https://consentcdn.cookiebot.com/ https://edge.adobedc.net https://adobedc.demdex.net https://widget.datablocks.se https://hub.mfn.se/ https://auth-test.isbank.is https://auth.islandsbanki.is https://*.google-analytics.com;default-src 'self';img-src 'self' data: https://imgsct.cookiebot.com/ https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.is *.siteimproveanalytics.io *.gstatic.com *.googleapis.com *.ytimg.com cdn.islandsbanki.is boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com prismic-io.s3.amazonaws.com isb-website.cdn.prismic.io images.prismic.io;font-src 'self' data: https://cdn.islandsbanki.is/;object-src 'none';media-src 'self';manifest-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.prismic.io https://maps.googleapis.com https://prismic.io https://www.google.com https://www.youtube.com https://s.ytimg.com https://640islandsbanki.boost.ai https://islandsbanki-test.boost.ai https://www.googletagmanager.com https://www.gstatic.com https://siteimproveanalytics.com *.adobedc.net https://www.google-analytics.com https://connect.facebook.net https://www.google.com https://www.gstatic.com https://www.recaptcha.net/ https://consent.cookiebot.com https://consentcdn.cookiebot.com https://assets.adobedtm.com https://*.infogram.com 'nonce-1263125a-8bc9-4113-8cb6-0f545b62c6a9' 'sha256-QsLvY8Rx6B9JCjWGBE5gM3IN+2uclV2FJAUWMC4o58k=' 'sha256-1gIG1EI7ABKBfq8rVwk7j2MeEOIlut5+TbLxyAnCYTA=' 'sha256-yjbQYTDTGeh83tID7X4P8shfeXu07tD4iLjoMIr+e4w=' 'sha256-qEXb+QLuCAPNTPbZxHzxcXrnG22qOg/k7niD2csPshA=' 'sha256-gtKFj0yNetpIDkA36Pz+kl6/tx8y2XsLtD/uFt4lUYk=' 'sha256-TFbe14wfD8Dm1d/WnPUgdvGKU7iqemABzFbfecj708Y=' 'sha256-4cFcsF0wg+c2o8ebtN0UyYJ+eUB2WN4lNfLtNhFrMOY=' 'sha256-6CPmZ66VDSElGdOgAbpCDKf1M99mIw0NIsrbbJjXDZw=' 'sha256-Uf8y48ZxMQ7lyVfjNhtksVK2zVb+sfpG7IVN1msrK/k=' 'sha256-mGbGbnWys+WQjkr/v68zcXw5O6y8X97qI+UtewXd0yk=';style-src 'self' 'unsafe-inline' blob: *.adobedc.net;frame-src https://*.islandsbanki.is https://*.isbank.is https://gamli.islandsbanki.is https://*.islandssjodir.is https://www.youtube.com https://consentcdn.cookiebot.com https://www.vib.is https://*.isb.is https://*.infogram.com https://www.google.com https://www.gstatic.com https://isb-website.prismic.io/ https://www.recaptcha.net/ https://auth-test.isbank.is/ https://auth.islandsbanki.is/ https://islandsbanki-frodi-authentication.dev.kube.isbank.is https://*.featureupvote.com;worker-src 'self' blob: 1
frame-ancestors 'self' *.instructure.com canvas.kings.edu.au canvas.parra.catholic.edu.au canvas.barker.college canvas.au.oneschoolglobal.com lti.schoolbox.cloud; 1
frame-ancestors 				www.adultexpo.com.tw 				www.jkforum.net 				www.shotexpo.com.tw 				shotexpo.com.tw 				makawesome2.com 1
frame-ancestors 'self' www.juttu.be  ; 1
default-src 'self' data: www.keikei.com keikei.com api-test.keikei.com api-prod.keikei.com api-prod.keikei.co www.keikei.co keikei.co api-test.keikei.co api.ipify.org api.iplocation.net static.hotjar.com *.segmentify.com *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *; style-src 'self' 'unsafe-inline' data: *.segmentify.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.keikei.com *.segmentify.com keikei.com api-test.keikei.com api-prod.keikei.com api-prod.keikei.co www.keikei.co keikei.co api-test.keikei.co api.ipify.org api.iplocation.net static.hotjar.com *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *; img-src 'self' data: www.keikei.com keikei.com api-test.keikei.com api-prod.keikei.com api-prod.keikei.co www.keikei.co keikei.co api-test.keikei.co *.segmentify.com api.ipify.org api.iplocation.net static.hotjar.com *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *; font-src 'self' data: www.keikei.com keikei.com api-test.keikei.com api-prod.keikei.com api-prod.keikei.co www.keikei.co keikei.co api-test.keikei.co *.segmentify.com api.ipify.org api.iplocation.net static.hotjar.com *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com * 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-WD4iTwdogn6kKc6ztWKQt67KW' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self';  style-src 'self' https://playplay.com/ *.cirkwi.com/ *.openstreetmap.org/ *.google.nl/ *.ausha.co/ https://unpkg.com/ *.modulesbox.com/ *.salesforce.com/ *.adobeaemcloud.com/ *.force.com/ *.salesforceliveagent.com/ *.trustcommander.net/ *.tagcommander.com/ *.adobeaemcloud.com/ *.salesforce-sites.com/ *.salesforceliveagent.com/ *.squarelovin.com/ https://squarelovin.com/ *.adyen.com/ *.gstatic.mopinion.com/ *.danone-dtc.net/ *.chargebee.com/ *.static.criteo.net/ *.criteo.com/ *.mopinion.com/ *.gstatic.com/ *.live2support.com/ *.lpsnmedia.net/ *.gstatic.com/ *.commander1.com/ *.bootstrapcdn.com/ *.tagcommander.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ *.zencdn.net/ *.sharethis.com/ *.googleapis.com/ *.pinimg.com/ *.commandersact.com/ *.data.perfmaker.net/ *.perfmaker.net/ *.googletagmanager.com/ *.google.ie/ *.google-analytics.com/ *.googleadservices.com/ *.google.com/ https://googletagmanager.com/ https://data.perfmaker.net/website/664736a9caef7/tag.js/ https://tagmanager.google.com/ https://fonts.googleapis.com/ 'unsafe-inline';  script-src 'self' https://playplay.com/ *.cirkwi.com/ *.openstreetmap.org/ *.google.nl/ *.ausha.co/ https://unpkg.com/ *.modulesbox.com/ https://js-agent.newrelic.com/ *.adobeaemcloud.com/ *.salesforce.com/ *.force.com/ *.salesforceliveagent.com/ *.trustcommander.net/ *.adobeaemcloud.com/ *.salesforce-sites.com/ *.youtube.com/ https://www.youtube.com/iframe_api https://unpkg.com/@google/markerclustererplus@4.0.1/dist/markerclustererplus.min.js *.gbqofs.com/ *.googleapis.com/ *.salesforce.com/ *.force.com/ *.salesforceliveagent.com/ *.gigya.com/ *.hotjar.com/ *.squarelovin.com/ *.paypal.com *.nxtck.com/ *.adyen.com/ *.gstatic.mopinion.com/ *.chargebee.com/ https://static.criteo.net/js/ld/ld.js *.criteo.com/ *.ytimg.com/ https://live2support.com/ https://*.google.com/ *.data.perfmaker.net/ *.perfmaker.net/ *.mopinion.com/ *.googletagmanager.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ https://s.pinimg.com/ *.trustcommander.net/ *.tagcommander.com/ *.twitter.com/ *.pinterest.com/ *.instagram.com/ https://services.postcodeanywhere.co.uk/ *.commandersact.com/ *.facebook.net/ *.google.ie/ *.lpsnmedia.net/ *.pinimg.com/ *.danone-dtc.net/ *.outbrain.com/ *.google.com/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.theadex.com *.commander1.com/ *.liveperson.net/ *.doubleclick.net/ *.gstatic.com/ *.aptaclub.de/ *.milupa.de/ *.digital4danone.com/ *.addthisedge.com/ *.ads-twitter.com/ *.adnxs.com/ *.adventori.com/ https://adventori.com/ https://dsp.adfarm1.adition.com/ https://squarelovin.com/ https://data.perfmaker.net/website/664736a9caef7/tag.js/ https://googletagmanager.com/ https://tagmanager.google.com/ *.googletagmanager.com/ https://www.googleadservices.com/ blob: 'unsafe-inline' 'unsafe-eval';  img-src 'self' data: https://playplay.com/ *.cirkwi.com/ *.openstreetmap.org/ *.google.nl/ *.ausha.co/ https://unpkg.com/ *.modulesbox.com/ *.salesforce.com/ *.adobeaemcloud.com/ *.force.com/ *.salesforceliveagent.com/ *.trustcommander.net/ *.salesforce-sites.com/ *.digital4danone.com/ *.serving-sys.com/ *.leboncoin.fr/ *.salesforceliveagent.com/ *.hotjar.com/ *.assetsadobe.com/ *.squarelovin.com/ https://squarelovin.com/ https://tools.applemediaservices.com/ https://apple-resources.s3.amazonaws.com/ *.adyen.com/ *.gstatic.mopinion.com/ *.gstatic.com/  *.ytimg.com/ *.live2support.com/ https://ca-live.adyen.com/ https://www.google.fr/ https://dpm.demdex.net/ https://assets.adobedtm.com/ https://services.postcodeanywhere.co.uk/ http://danonegroup-stage.neolane.net/ *.data.perfmaker.net/ *.perfmaker.net/ *.commandersact.com/ *.googleadservices.com/ *.trustcommander.net/ https://ca-live.adyen.com/ *.cx.atdmt.com/ *.danone-dtc.net/ https://ct.pinterest.com/ *.outbrain.com/ *.danone.com/ *.atdmt.com/ *.pinterest.com/ *.commander1.com/ *.tagcommander.com/ *.lpsnmedia.net/ *.adnxs.com/ *.adition.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.theadex.com/ *.google-analytics.com/ *.google.com.ph/ *.google.com/ *.sharethis.com/ *.gstatic.com/ *.googleapis.com/ *.w3.org/ *.mookie1.com/ *.pinimg.com/ *.pinterest.com/ *.facebook.com/ *.googletagmanager.com/ *.linkedin.com/ https://t.co/ *.adsrvr.org/ *.crm4d.com/ https://play.google.com/ *.adotmob.com/ https://data.perfmaker.net/website/664736a9caef7/tag.js/ https://googletagmanager.com/ https://ssl.gstatic.com/ https://www.gstatic.com/ *.google-analytics.com/ *.googletagmanager.com/ *.analytics.google.com/ *.g.doubleclick.net/ *.google.com/ https://ade.googlesyndication.com/ *.goldenbees.fr;  frame-src 'self' https://playplay.com/ *.cirkwi.com/ *.openstreetmap.org/ *.google.nl/ *.googletagmanager.com/ *.ausha.co/ https://unpkg.com/ *.modulesbox.com/ *.salesforce.com/ *.adobeaemcloud.com/ *.force.com/ *.salesforceliveagent.com/ *.trustcommander.net/ *.salesforceliveagent.com/ *.gigya.com/ *.hotjar.com/ *.squarelovin.com/ https://squarelovin.com/ https://player.simplecast.com/ *.googleapis.com/ *.simplecast.com/ *.paypal.com *.adyen.com/ *.gstatic.com/  *.gstatic.mopinion.com/ *.danone-dtc.net/ *.chargebee.com/ *.static.criteo.net/ *.criteo.com/ *.tohklom.com/  *.tagcommander.com/ https://aax-eu.amazon-adsystem.com/ *.amazon-adsystem.com/ *.liveperson.net/ *.vimeo.com/ *.live2support.com/ *.google.com/ *.lpsnmedia.net/ *.commander1.com/ *.commandersact.com/ *.data.perfmaker.net/ *.perfmaker.net/ *.google.ie/ *.google-analytics.com/ *.googleadservices.com/ *.proprofs.com/ https://www.google.nl/ https://data.perfmaker.net/website/664736a9caef7/tag.js/ https://dpm.demdex.net/ https://assets.adobedtm.com/ *.facebook.com/ *.doubleclick.net/ *.theadex.com/ *.sharethis.com/  *.addthis.com *.youtube.com *.adsrvr.org/ *.spotify.com/ *.cloudfront.net/ *.instagram.com/ *.soundcloud.com/ *.twitter.com/ *.pinterest.com/ *.trustcommander.net/ *.flockler.com/ *.tagcommander.net/;  connect-src 'self' blob: https://playplay.com/ *.cirkwi.com/ *.openstreetmap.org/ *.google.nl/ *.ausha.co/ https://unpkg.com/ *.modulesbox.com/ https://bam.eu01.nr-data.net/ *.adobeaemcloud.com/ *.salesforce.com/ *.force.com/ *.salesforceliveagent.com/ *.trustcommander.net/ *.tagcommander.com/ *.salesforce-sites.com/ *.google.com/ *.digital4danone.com/ *.gbqofs.io/ *.googleapis.com/ *.salesforce.com/ *.force.com/ *.salesforceliveagent.com/ *.gigya.com/ *.hotjar.com/ *.hotjar.io/ wss://*.hotjar.com *.squarelovin.com/ https://squarelovin.com/ *.paypal.com *.sentry.io/ *.adyen.com/ *.gstatic.com/    *.gstatic.mopinion.com/ *.live2support.com/ https://sentry.labdigital.nl *.addthis.com/ *.mopinion.com/ https://www.google.nl/ https://dpm.demdex.net/ https://data.perfmaker.net/website/664736a9caef7/tag.js/ https://assets.adobedtm.com/ *.data.perfmaker.net/ *.perfmaker.net/ *.google.ie/ *.google-analytics.com/ *.googleadservices.com/ *.commandersact.com/ *.danone-dtc.net/ *.ct.pinterest.com/ *.privacy.trustcommander.net/ https://services.postcodeanywhere.co.uk/  *.commercetools.com/ *.google-analytics.com *.facebook.com/ *.omtrdc.net/ *.pinterest.com/ *.trustcommander.net/ *.commander1.com/ *.sharethis.com/ *.doubleclick.net/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.g.doubleclick.net/ *.google.com/;  font-src 'self' data: https://playplay.com/ *.cirkwi.com/ *.openstreetmap.org/ *.google.nl/ *.data.perfmaker.net/ *.perfmaker.net/ *.googletagmanager.com/ *.ausha.co/ https://unpkg.com/ *.modulesbox.com/ *.google.com/ *.salesforce.com/ *.force.com/ *.adobeaemcloud.com/ *.salesforceliveagent.com/ *.trustcommander.net/ *.tagcommander.com/ *.adobeaemcloud.com/ *.salesforceliveagent.com/ *.hotjar.com/ *.squarelovin.com/ https://squarelovin.com/ *.adyen.com/ *.gstatic.mopinion.com/ https://gstatic.mopinion.com/ *.gstatic.com/ *.googleapis.com/ *.live2support.com/ *.googleadservices.com/ *.commandersact.com/ *.google-analytics.com/ *.commandersact.com/ *.google.ie/ *.danone-dtc.net/ https://vjs.zencdn.net/ https://data.perfmaker.net/website/664736a9caef7/tag.js/ https://fonts.gstatic.com/;  media-src 'self' https://playplay.com/ *.cirkwi.com/ *.data.perfmaker.net/ *.perfmaker.net/ *.google.com/ *.google.nl/ *.googletagmanager.com/ *.openstreetmap.org/ *.google-analytics.com/ *.gstatic.com/ *.ausha.co/ https://unpkg.com/ *.modulesbox.com/ *.salesforce.com/ *.adobeaemcloud.com/ *.force.com/ *.salesforceliveagent.com/ *.trustcommander.net/ *.google.ie/ *.tagcommander.com/ *.googleadservices.com/ *.salesforceliveagent.com/ *.squarelovin.com/ https://data.perfmaker.net/website/664736a9caef7/tag.js/ https://squarelovin.com/ *.googleapis.com/ *.lpsnmedia.net/ 1
default-src 'self' *.larmoiredebebe.com;style-src 'self' 'unsafe-inline' media.larmoiredebebe.com use.typekit.net;style-src-elem 'self' 'unsafe-inline' *.larmoiredebebe.com fonts.googleapis.com use.typekit.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' media.larmoiredebebe.com browser.sentry-cdn.com *.cloudfront.net *.cloudflare.com *.sips-services.com payment-web.ha2.sips-services.com affiliation.groupe-ldlc.com ajax.googleapis.com ajax.googleapis.com cdn.doofinder.com connect.facebook.net libs.hipay.com m.addthis.com mpsnare.iesnare.com pub.groupe-ldlc.com s7.addthis.com script.hotjar.com static.hotjar.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com v1.addthisedge.com www.google.com www.googletagmanager.com www.gstatic.com z.moatads.com larmoire-de-bebe.my.join-stories.com maps.googleapis.com tracking.groupe-ldlc.com assets.pinterest.com browser.sentry-cdn.com googleads.g.doubleclick.net www.googleadservices.com tag.shopping-feed.com userlike-cdn-umm.b-cdn.net static.affilae.com s.kk-resources.com s.kelkoogroup.net;script-src-elem 'self' 'unsafe-inline' *.cloudfront.net *.cloudflare.com *.sips-services.com payment-web.ha2.sips-services.com affiliation.groupe-ldlc.com ajax.googleapis.com ajax.googleapis.com cdn.doofinder.com connect.facebook.net libs.hipay.com m.addthis.com mpsnare.iesnare.com pub.groupe-ldlc.com s7.addthis.com script.hotjar.com static.hotjar.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com v1.addthisedge.com www.google.com www.googletagmanager.com www.gstatic.com z.moatads.com larmoire-de-bebe.my.join-stories.com maps.googleapis.com tracking.groupe-ldlc.com assets.pinterest.com browser.sentry-cdn.com googleads.g.doubleclick.net www.googleadservices.com tag.shopping-feed.com userlike-cdn-umm.b-cdn.net static.affilae.com s.kk-resources.com s.kelkoogroup.net widget.trustpilot.com;img-src 'self' data: *.larmoiredebebe.com media.ldlc.com www.facebook.com secure.gravatar.com chloe.codesupply.co images.join-stories.com stories.join-stories.com larmoire-de-bebe.my.join-stories.com maps.googleapis.com maps.gstatic.com *.cdninstagram.com s.w.org log.pinterest.com tag.shopping-feed.com googleads.g.doubleclick.net www.google.com www.google.fr lb.affilae.com s.kelkoogroup.net eu1-doofinderuser.s3.amazonaws.com;connect-src 'self' *.larmoiredebebe.com api.userlike.com eu1-search.doofinder.com s7.addthis.com m.addthis.com lb.affilae.com static.affilae.com stage-data.hipay.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com wss://mpsnare.iesnare.com www.facebook.com api.stories.studio *.hotjar.com vc.hotjar.io wss://*.hotjar.com maps.googleapis.com pagead2.googlesyndication.com tracking.groupe-ldlc.com sentry.groupe-ldlc.com content.hotjar.io s.kelkoogroup.net;frame-src 'self' *.larmoiredebebe.com *.cloudflare.com libs.hipay.com s7.addthis.com vars.hotjar.com www.facebook.com www.youtube-nocookie.com payment-web.ha2.sips-services.com office-web.sips-services.com larmoire-de-bebe.my.join-stories.com www.google.com www.youtube.com assets.pinterest.com googleads.g.doubleclick.net td.doubleclick.net www.google.fr widget.trustpilot.com;media-src 'self' *.larmoiredebebe.com data: mpsnare.iesnare.com videos.join-stories.com stories.join-stories.com;font-src 'self' *.larmoiredebebe.com fonts.gstatic.com use.typekit.net;frame-ancestors 'self'; 1
object-src 'self' *.youtube.com; frame-ancestors 'self' 1
frame-ancestors 'self' https://client.closd.com 1
: upgrade-insecure-requests 1
default-src 'self' *.littlebigconnection.com www.littlebigconnection.com *.littlebigconnection.com static.zdassets.com ekr.zdassets.com littlebigconnection.zendesk.com *.zopim.com  ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.littlebigconnection.com www.littlebigconnection.com data: *.littlebigconnection.com *.walkme.com www.googletagmanager.com *.googletagmanager.com www.googleadservices.com www.google.com maps.googleapis.com cdnjs.cloudflare.com client.crisp.chat connect.facebook.net snap.licdn.com www.google-analytics.com cdn.mouseflow.com settings.crisp.chat ajax.googleapis.com gl.hostcg.com cdn4.mxpnl.com assets.calendly.com www.gstatic.com *.agilecrm.com maxcdn.bootstrapcdn.com static.zdassets.com *.littlebigconnection.com code.jquery.com widget-mediator.zopim.com app.eu.pendo.io pendo-eu-static.storage.googleapis.com cdn.eu.pendo.io pendo-eu-static-4769335516987392.storage.googleapis.com data.eu.pendo.io littlebigconnection.toucantoco.com *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.hsadspixel.net *.hubspotfeedback.com *.usemessages.com *.hs-analytics.net *.hscollectedforms.net *.hsforms.net consent.cookiebot.com consentcdn.cookiebot.com unpkg.com *.hs-scripts.com *.hsforms.com *.website-files.com *.cloudfront.net  ; style-src 'self' 'unsafe-inline' *.littlebigconnection.com www.littlebigconnection.com *.littlebigconnection.com fonts.googleapis.com client.crisp.chat cdnjs.cloudflare.com maxcdn.bootstrapcdn.com www.gstatic.com use.typekit.net p.typekit.net use.fontawesome.com cdn.walkme.com app.eu.pendo.io cdn.eu.pendo.io pendo-eu-static-4769335516987392.storage.googleapis.com littlebigconnection.toucantoco.com *.website-files.com  ; img-src 'self' data: *.littlebigconnection.com www.littlebigconnection.com *.littlebigconnection.com maps.gstatic.com *.linkedin.com www.google-analytics.com *.google-analytics.com www.googletagmanager.com *.googletagmanager.com www.facebook.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google.com www.google.fr image.crisp.chat s3.walkmeusercontent.com *.walkme.com p.adsymptotic.com v2assets.zopim.io static.zdassets.com gl.hostcg.com *.swagger.io v2uploads.zopim.io static.zdassets.com cdn.eu.pendo.io app.eu.pendo.io pendo-eu-static-4769335516987392.storage.googleapis.com data.eu.pendo.io littlebigconnection.toucantoco.com api-littlebigconnection.toucantoco.com *.hubspot.com cdn2.hubspot.net *.hsforms.com *.website-files.com *.cloudfront.net  ; font-src 'self' data: *.littlebigconnection.com www.littlebigconnection.com data: *.littlebigconnection.com fonts.gstatic.com settings.crisp.chat client.crisp.chat use.fontawesome.com use.typekit.net maxcdn.bootstrapcdn.com littlebigconnection.toucantoco.com *.webflow.com  ; connect-src 'self' *.littlebigconnection.com www.littlebigconnection.com *.littlebigconnection.com *.walkme.com *.crisp.chat wss://*.crisp.chat wss://widget-mediator.zopim.com www.facebook.com api-js.mixpanel.com ekr.zdassets.com littlebigconnection.zendesk.com maps.googleapis.com www.google-analytics.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com o2.mouseflow.com stats.g.doubleclick.net widget-mediator.zopim.com app.eu.pendo.io data.eu.pendo.io pendo-eu-static-4769335516987392.storage.googleapis.com littlebigconnection.toucantoco.com api-littlebigconnection.toucantoco.com wss://api-littlebigconnection.toucantoco.com *.hubspot.com api.hubapi.com *.usemessages.com *.hsleadflows.net *.hs-banner.com *.hubspotfeedback.com *.hsadspixel.net *.hs-analytics.net *.hs-scripts.com *.hsforms.com consentcdn.cookiebot.com  ; media-src 'self' *.littlebigconnection.com www.littlebigconnection.com *.littlebigconnection.com static.zdassets.com v2uploads.zopim.io  ; frame-src 'self' 'unsafe-inline' *.littlebigconnection.com www.littlebigconnection.com *.littlebigconnection.com airliquide-test.coupahost.com *.walkme.com calendly.com www.google.com www.googletagmanager.com www.youtube.com www.facebook.com auth.apps.airliquide.com app.eu.pendo.io *.hubspot.com static.hsappstatic.net *.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com consentcdn.cookiebot.com b771aefe.sibforms.com  ; frame-ancestors 'self' *.littlebigconnection.com www.littlebigconnection.com *.littlebigconnection.com airliquide.coupahost.com app.eu.pendo.io  ; child-src 'self' *.littlebigconnection.com www.littlebigconnection.com *.littlebigconnection.com app.eu.pendo.io app.hubspot.com *.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com  ; worker-src 'self' *.littlebigconnection.com www.littlebigconnection.com *.littlebigconnection.com  ; form-action 'self' *.littlebigconnection.com littlebigconnection.com *.littlebigconnection.com airliquide-test.coupahost.com fisso-intra-vip.preprod.macif.fr directory-veolia.appspot.com accounts.google.com auth.mantu.com login.corp.ovh.com idpdecathlon.oxylane.com fisso-intra.macif.fr fisso-hub.macif.fr www.facebook.com sso.connect.pingidentity.com portal.sephora.eu smartfed.iis.amadeus.net *.ult-inwebo.com www.myinwebo.com auth.biomerieux.com airliquide.coupahost.com aser0001.ww.faurecia.com aser0002.ww.faurecia.com aser0003.ww.faurecia.com safe.menlosecurity.com auth.apps.airliquide.com iam.sandbox.bouyguestelecom.fr iam.bouyguestelecom.fr www.mon-compte.sandbox.bouyguestelecom.fr www.mon-compte.bouyguestelecom.fr apps4u.valeo.com apps4u-sso.valeo.com my.apps4u.valeo.com sso.apps4u.valeo.com valeo-apps4u.memority.fr login.corp.ovh.com myid.siemens.com *.myid.siemens.com auxmyid.siemens.com smartfed.iis.amadeus.net okta.lvmh.com *.hsforms.com *.hubspot.com uat.cloudgateway.saint-gobain.com pp.websso.saint-gobain.com www.urssaf.fr *.caas.intra.groupama.fr authentification.groupama.com *.caas-nonprod.intra.groupama.fr cloudsso.saint-gobain.com fdj.oktapreview.com fdj.okta-emea.com pp-sso-digitalpassport.hubtotal.net sso-digitalpassport.hubtotal.net login.solvay.com  https://login.microsoftonline.com; upgrade-insecure-requests; block-all-mixed-content; 1
base-uri https://mercermasante.fr/; connect-src  'self' *.optis.xyz *.optisantis.io *.optis.online https://maps.googleapis.com https://secure.geonames.org *.sentry.io; default-src 'self' blob: *.optis.xyz *.optisantis.io *.optis.online https://unpkg.com/pdfjs-dist@2.9.359/build/pdf.worker.min.js; img-src 'self' data: https: *.optis.xyz *.optisantis.io *.optis.online; manifest-src 'self'; script-src 'self' blob: *.optis.xyz *.optisantis.io *.optis.online https://maps.googleapis.com https://unpkg.com/pdfjs-dist@2.9.359/build/pdf.worker.min.js ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'none'; form-action 'self' *.perquisite.net *.cnp.fr; report-uri /api/csp-report; frame-src 'self' https://player.vidata.io/; 1
block-all-mixed-content; frame-ancestors *.newlentes.com.br 1
frame-ancestors https://payhub.com.ua https://standalone.fuib.com https://viber.payhub.com.ua 1
default-src 'none'; base-uri 'none'; img-src 'self' https://assets.radaresportivo.com https://gravatar.com https://api.qrserver.com https://*.google-analytics.com https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' https://*.googletagmanager.com; style-src 'self' 'unsafe-inline'; object-src 'none'; connect-src 'self' https://api.radaresportivo.com https://cognito-idp.us-east-2.amazonaws.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src https://widgets.sofascore.com https://sports.whcdn.net; 1
frame-ancestors 'self' *.cdc2vckncu-lederands1-p1-public.model-t.cc.commerce.ondemand.com:443 1
default-src * 'unsafe-inline' 'unsafe-eval';img-src * data:; child-src * 'self' blob: http:;font-src * data: 1
frame-ancestors 'self' https://backoffice.shoppster.com 1
default-src 'self' data:; block-all-mixed-content; connect-src http: https: ws: blob: 'self' *.tinymce.com *.tiny.cloud blob:; font-src 'self' data: fonts.gstatic.com *.tinymce.com *.tiny.cloud *.fontawesome.com; img-src 'self' data: http: https: *.tinymce.com *.tiny.cloud data: blob:; script-src 'self' 'unsafe-inline' js-agent.newrelic.com static.zdassets.com *.zendesk.com api.smooch.io cdn.tiny.cloud maps.google.com maps.googleapis.com *.posthog.com *.tinymce.com *.tiny.cloud 'nonce-YD4wfNqMfyVdByqd06U9MA=='; style-src 'self' 'unsafe-inline' cdn.tiny.cloud fonts.googleapis.com *.tinymce.com *.tiny.cloud; upgrade-insecure-requests 1
script-src 'unsafe-inline' 'unsafe-eval' https: http: blob: 'self' *.securionpay.com securionpay.com *.dev.shift4.com api.shift4.com content.jwplatform.com *.p.jwpcdn.com cdn.rawgit.com cdn.jsdelivr.net *.googleapis.com *.googletagmanager.com *.gstatic.com *.appdynamics.com *.google-analytics.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubbee8abfcdc61c11351e77198b719f98b&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=vtc; 1
default-src 'self' cdn.wcc.witt-weiden.at https://cdn.wcc.witt-weiden.at/graphql;    base-uri 'self' widget.solvemate.com;    font-src 'self' cdn.wcc.witt-weiden.at https://fonts.gstatic.com data: widget.solvemate.com *.dixa.io https://*.userwerk.com;    img-src * data: https://*.userwerk.com;    connect-src 'self' https://cdn.wcc.witt-weiden.at/graphql cdn.wcc.witt-weiden.at cdn.witt.info/ https://images.ctfassets.net te.witt-weiden.at tp.witt-weiden.at wasp.witt-weiden.at wst.witt-weiden.at https://*.analytics.google.com https://*.facebook.com https://*.contentsquare.net https://*.my.onetrust.eu https://*.google-analytics.com https://bat.bing.com eu-witt-gruppe-prod1.mini.snplow.net https://www.google-analytics.com https://www.jsctool.com https://adservice.google.com/pagead/ https://graphql.contentful.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://geolocation.onetrust.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ https://*.creativecdn.com https://*.googlesyndication.com https://*.optimizely.com ct.pinterest.com https://jsctool.com checkout-cdn.aboutyou.cloud checkout-v3.wcc.witt-weiden.at https://*.ingest.sentry.io api.solvemate.com widget.solvemate.com relay.solvemate.com *.dixa.io wss://sockets.dixa.io https://*.userwerk.com https://maps.googleapis.com;    object-src 'none';    child-src blob: ;    script-src * 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.paypal.com blob: *.dixa.io https://*.userwerk.com;    style-src 'self' cdn.wcc.witt-weiden.at https://www.googletagmanager.com https://fonts.googleapis.com 'unsafe-inline' d.witt-weiden.at checkout-cdn.aboutyou.cloud https://*.adyen.com https://*.paypal.com blob: widget.solvemate.com *.dixa.io;    frame-src 'self' checkout-v3.wcc.witt-weiden.at https://*.awin1.com https://*.criteo.net https://*.criteo.com https://*.adrtx.net https://*.contentsquare.net https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://dmp.theadex.com https://5127363.fls.doubleclick.net https://12769738.fls.doubleclick.net https://www.jsctool.com https://creativecdn.com/ https://fledge-eu.creativecdn.com/ https://tbs.tradedoubler.com/ https://survey2.quantilope.com/ https://*.adyen.com https://*.paypal.com https://*.computop-paygate.com blob: *.dixa.io https://*.userwerk.com;    media-src 'self' cdn.wcc.witt-weiden.at cdn.witt.info/ https://images.ctfassets.net https://videos.ctfassets.net https://www.youtube.com https://witt-gruppe-res.cloudinary.com *.dixa.io;    manifest-src 'self' cdn.wcc.witt-weiden.at *.dixa.io;    worker-src 'self' cdn.wcc.witt-weiden.at blob:;    form-action 'self' www.facebook.com https://*.userwerk.com;    block-all-mixed-content;    frame-ancestors 'self' https://app.contentful.com;    sandbox allow-scripts allow-forms allow-same-origin allow-top-navigation allow-popups allow-popups-to-escape-sandbox allow-modals; 1
frame-ancestors 'self' https://*.zappy.dev https://*.zappy.pro https://*.zappysoftware.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://www.clickcease.com https://vd.trinitymedia.ai https://trinitymedia.ai https://www.redditstatic.com https://assets.apollo.io https://script.hotjar.com https://static.hotjar.com https://ipinfo.io https://app.vwo.com https://dev.visualwebsiteoptimizer.com https://js.zi-scripts.com https://x.clearbitjs.com https://tag.clearbitscripts.com https://www.youtube.com https://cdn.jsdelivr.net https://tracking.g2crowd.com https://cdn-cookieyes.com https://unpkg.com https://static.semrush.com https://cdn.semrush.com https://www.semrush.com https://js.hsforms.net https://pageimprove.io https://js.hscollectedforms.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-scripts.com https://js.partnerstack.com https://www.clarity.ms https://api.social9.com https://cdn.social9.com https://maps.googleapis.com https://ajax.googleapis.com https://snap.licdn.com https://cdnjs.cloudflare.com https://api.braintreegateway.com https://js.braintreegateway.com https://d.adroll.com https://s.adroll.com https://d.adroll.mgr.consensu.org https://analytics.twitter.com https://static.ads-twitter.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.linkedin.com https://www.gstatic.com https://a.quora.com https://api.amplitude.com https://cdn.amplitude.com https://api-iam.intercom.io https://widget.intercom.io https://secure.hims1nice.com https://seal.godaddy.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleoptimize.com https://certify-js.alexametrics.com https://www.google.com https://apis.google.com https://optimize.google.com https://www.googleanalytics.com https://graph.facebook.com https://connect.facebook.net https://js.intercomcdn.com  https://z.moatads.com https://sjs.bizographics.com https://www.googletagmanager.com https://cdn.wpcc.io; frame-src 'self' https://trinitymedia.ai *.g2.com https://*.semrush.com https://td.doubleclick.net https://forms.hsforms.com https://wp-rocket.me https://apis.google.com https://ssl.google-analytics.com https://optimize.google.com *.facebook.com s-static.ak.facebook.com https://api-iam.intercom.io  https://s.adroll.com https://www.google.com https://cdnjs.cloudflare.com https://cdn.social9.com https://www.youtube.com; connect-src 'self' wss://ws.hotjar.com https://*.clickcease.com https://depart.trinitymedia.ai https://www.redditstatic.com https://tracking.g2crowd.com https://googleads.g.doubleclick.net https://aplo-evnt.com https://www.googleadservices.com https://*.reddit.com https://*.hotjar.io https://*.visualwebsiteoptimizer.com https://*.linkedin.com https://ws.zoominfo.com https://js.zi-scripts.com https://app.clearbit.com https://*.google.com https://pagead2.googlesyndication.com https://www.g2.com https://*.cookieyes.com https://cdn-cookieyes.com https://forms.hscollectedforms.net  wss://www.semrush.com https://cdn.jsdelivr.net https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://grsm.io https://partnerlinks.io https://pageimprove.io https://api.hubapi.com https://forms.hubspot.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://www.chromestatus.com https://api.amplitude.com https://api-iam.intercom.io https://maps.googleapis.com https://snap.licdn.com https://api.social9.com https://www.facebook.com https://stats.g.doubleclick.net https://*.google-analytics.com; object-src 'self'; frame-ancestors 'self' *.spinbackup.com *.spin.ai 1
base-uri 'self';block-all-mixed-content;frame-ancestors 'none';img-src data: https:;object-src 'none';upgrade-insecure-requests; 1
object-src 'self'; worker-src 'self' blob: ;child-src http://*.kruizinga.nl https://*.kruizinga.nl https://*.kruizinga.at https://*.kruizinga.be https://*.kruizinga.ch https://*.kruizinga.com https://*.kruizinga.cz https://*.kruizinga.de https://*.kruizinga.dk https://*.kruizinga.es https://*.kruizinga.eu https://*.kruizinga.fi https://*.kruizinga.fr https://*.kruizinga.it https://*.kruizinga.lu https://*.kruizinga.pl https://*.kruizinga.pt https://*.kruizinga.se https://www.google.com https://*.ladesk.com https://*.pinterest.com http://*.youtube.com https://*.youtube.com https://*.yout-ube.com https://*.youtube-nocookie.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com http://*.testkruizinga.nl https://optimize.google.com  http://td.doubleclick.net https://*.abtasty.com; frame-ancestors http://*.kruizinga.nl https://*.kruizinga.nl https://*.kruizinga.de https://*.kruizinga.fr https://*.kruizinga.com; block-all-mixed-content 1
frame-ancestors 'self' https://metrika.yandex.ru https://webvisor.com 1
frame-ancestors 'self' https://eppendorf.e-spirit.hosting https://*.ariba.com https://*.sciquest.com https://*.oracle.com https://*.workday.com https://procure.prendio.com https://*.coupahost.com https://*.gep.com https://eprocurement.esmsolutions.com https://vp.labcloudinc.com https://demo.procuredesk.com https://myprocuredesk.com https://*.umn.edu https://*.mdanderson.edu https://*.princeton.edu https://*.duke.edu https://austin.utexas.edu https://*.utmb.edu https://*.virginia.edu https://*.miami.edu https://*.moffit.org https://*.app.netsuite.com https://rcbb.psfs.lsuhsc.edu https://prd.psfs.lsuhsc.edu https://lawpe.c0xl.velocity.cloud https://lawde.c0xl.velocity.cloud https://lawdf.c0xl.velocity.cloud https://hilsapp50.qiagen.ads:8403 https://hilsapp50.qiagen.ads https://*.uni-bonn.de 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: * nbcc_cce.informz.net http://localhost:51909 https://cce-global.org cdn.jsdelivr.net player.vimeo.com https://nbcc_cce.informz.net/web_trk/sp.js s6.searchcdn.com https://nbcc_cce.informz.net/web_trk/sp.js www.gstatic.com app.termly.io www.google-analytics.com addsearch.com app.addsearch.com www.google.com nbcc_cce.informz.net cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' d20vwa69zln1wj.cloudfront.net app.addsearch.com maxcdn.bootstrapcdn.com fonts.googleapis.com cdn.jsdelivr.net ; img-src 'self' blob: * data:; connect-src 'self' vimeo.com stats.g.doubleclick.net app.termly.io www.google-analytics.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; object-src 'self'; media-src 'self' data: blob: * media.example.com; frame-src 'self' player.vimeo.com app.termly.io www.google.com www.youtube.com; worker-src 'self' blob: * data:; 1
default-src 'self' https://*.hubspot.com https://*.hubspotusercontent-na1.net; font-src https: data:; img-src https: data:; script-src 'self' https://www.bentallgreenoak.com https://www.bgoreit.com https://www.googletagmanager.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.hsappstatic.net https://*.hscollectedforms.net https://*.hs-analytics.net https://*.hubspot.com https://*.hs-banner.com 'unsafe-eval' 'unsafe-inline'; style-src https: https://www.bentallgreenoak.com https://www.bgoreit.com https://cloud.typography.com https://fonts.googleapis.com https://cdn.jsdelivr.net 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com https://*.hubspot.com https://analytics.google.com https://stats.g.doubleclick.net https://*.hscollectedforms.net; object-src 'none';frame-src https://*.youtube.com https://*.hubspotvideo.com;; upgrade-insecure-requests 1
report-uri /csp; child-src 'self'; connect-src *; default-src 'self'; img-src 'self' data: *.facebook.com https://wise.com https://gtm.wise.com https://tw-avatar.s3.eu-central-1.amazonaws.com https://tw-test-avatar-storage.s3.eu-west-1.amazonaws.com https://*.doubleclick.net https://www.googleadservices.com https://alb.reddit.com https://*.yahoo.co.jp https://bat.bing.com https://cx.atdmt.com https://daw291njkc3ao.cloudfront.net https://dq8dwmysp7hk1.cloudfront.net https://d2dgj1jjqgsb96.cloudfront.net https://help.wise.com/ https://lienzo.s3.amazonaws.com https://platform-lookaside.fbsbx.com https://pixel.pointmediatracker.com https://cnv.event.prod.bidr.io https://q.quora.com https://s3-eu-west-1.amazonaws.com https://t.co https://wise.desk.com https://widgets.wise.com https://www.google-analytics.com https://www.gstatic.com https://i.ytimg.com https://px.ads.linkedin.com https://www.linkedin.com https://aax-eu.amazon-adsystem.com https://www.googletagmanager.com https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.sg https://www.google.com.ph https://www.google.com.my https://www.google.com.mx https://www.google.com.ua https://www.google.com.vn https://www.google.com.tr https://www.google.com.ar https://www.google.com.hk https://www.google.com.pk https://www.google.com.pe https://www.google.com.ng https://www.google.com.cy https://www.google.com.mt https://www.google.com.bd https://www.google.com.eg https://www.google.co.uk https://www.google.co.th https://www.google.co.jp https://www.google.co.nz https://www.google.co.id https://www.google.co.kr https://www.google.co.ve https://www.google.co.in https://www.google.co.il https://www.google.co.za https://www.google.de https://www.google.ca https://www.google.es https://www.google.pl https://www.google.ie https://www.google.ch https://www.google.pt https://www.google.nl https://www.google.it https://www.google.hu https://www.google.fr https://www.google.be https://www.google.ro https://www.google.fi https://www.google.cl https://www.google.cz https://www.google.ae https://www.google.lu https://www.google.se https://www.google.ru https://www.google.at https://www.google.bg https://www.google.ee https://www.google.dk https://www.google.no https://www.google.gr https://www.google.sk https://www.google.lt https://www.google.lv https://www.google.ge https://www.google.hr https://www.google.me *.googleusercontent.com http://wi.se https://wi.se https://collector-20079.tvsquared.com https://analytics.twitter.com https://tr.line.me https://c5.adalyser.com https://img.shields.io; font-src 'self' data: https://fonts.gstatic.com https://widgets.wise.com/; object-src 'self'; media-src 'self' https://wise.com; manifest-src 'self' 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'self' https://wise.com https://gtm.wise.com polyfill.io https://js-agent.newrelic.com https://bam.nr-data.net/ https://ajax.cloudflare.com bat.bing.com https://s.yimg.jp https://*.yahoo.co.jp a.quora.com static.hotjar.com https://script.hotjar.com/ https://collector-20079.tvsquared.com https://d.line-scdn.net www.google.co.uk www.google.com www.googletagmanager.com/ tagmanager.google.com/ https://storage.googleapis.com https://ajax.googleapis.com/ https://microapps.google.com https://microapps-prod-tt.sandbox.google.com googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com static.ads-twitter.com analytics.twitter.com www.snapengage.com insitez.blob.core.windows.net sjs.bizographics.com *.mxpnl.com https://cdn.pdst.fm https://us-central1-adaptive-growth.cloudfunctions.net https://bidr.io https://d2dgj1jjqgsb96.cloudfront.net https://www.redditstatic.com/ads/pixel.js https://snap.licdn.com https://js.adsrvr.org https://c5.adalyser.com; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com/css tagmanager.google.com/; frame-ancestors 'self' https://wiseturkiye.com.tr https://microapps.google.com https://microapps-prod-tt.sandbox.google.com; frame-src youtube.com www.youtube.com www.youtube-nocookie.com https://vars.hotjar.com https://bid.g.doubleclick.net https://www.googletagmanager.com https://insight.adsrvr.org https://match.adsrvr.org https://wise.com 1
default-src 'self';script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.app-us1.com https://trackcmp.net/t_prism_sitemessages.php api.tripleseat.com gatherhere.com *.sojern.com *.gstatic.com *.rfihub.net *.doubleclick.net/ https://connect.facebook.net/ https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/TbD3vPFlUWKZD-9L4ZxB0HJI/recaptcha__en.js *.userway.org userway.org;style-src 'report-sample' 'self' 'unsafe-inline' *.googleapis.com userway.org *.userway.org;object-src 'none';base-uri 'self';connect-src 'self' yoast.com *.doubleclick.net https://www.google-analytics.com/ userway.org *.userway.org;font-src 'self' data: ;frame-src 'self' *.rfihub.net *.rfihub.com https://www.youtube.com/ https://www.facebook.com/ *.doubleclick.net https://www.google.com userway.org *.userway.org;img-src 'self' data: match.adsrvr.org ajax.googleapis.com tripleseat-static-production.s3.amazonaws.com secure.gravatar.com *.gstatic.com *.sojern.com *.adnxs.com *.youtube.com *.google.com *.doubleclick.net/ https://www.google-analytics.com/ https://www.facebook.com/ https://*.cloudfront.net userway.org *.userway.org;manifest-src 'self';media-src 'self';report-uri https://60e6e57021be247f01bb539c.endpoint.csper.io;worker-src https://www.gratonresortcasino.com/wp-content/plugins/wordpress-seo/js/dist/analysis-worker.js?ver=09c761a74bfdc57095e35baeb7a8d206; 1
default-src 'self' 'unsafe-inline' assets.risk.net assets.insurancehound.co.uk assets.waterstechnology.com assets.risklibrary.net assets.centralbanking.com assets.postonline.co.uk assets.incinsight.com assets.insuranceage.co.uk assets.euinsurancetech.com assets.fx-markets.com assets.risktech-forum.com assets.infopro-insight.com assets.chartis-research.com content.jwplatform.com videos-cloudfront-usp.jwpsrv.com securepubads.g.doubleclick.net blob:; connect-src *; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com assets.risk.net assets.insurancehound.co.uk assets.waterstechnology.com assets.risklibrary.net assets.centralbanking.com assets.postonline.co.uk assets.incinsight.com assets.insuranceage.co.uk assets.euinsurancetech.com assets.fx-markets.com assets.risktech-forum.com assets.infopro-insight.com assets.chartis-research.com; frame-src *; img-src * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.risk.net assets.insurancehound.co.uk assets.waterstechnology.com assets.risklibrary.net assets.centralbanking.com assets.postonline.co.uk assets.incinsight.com assets.insuranceage.co.uk assets.euinsurancetech.com assets.fx-markets.com assets.risktech-forum.com assets.infopro-insight.com assets.chartis-research.com blob: cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com https://assets.infopro-insight.com https://cdn.jsdelivr.net https://cdn.mathjax.org https://cdnjs.cloudflare.com https://code.highcharts.com https://code.jquery.com https://polyfill-fastly.io https://unpkg.com https://www.google.com platform.instagram.com platform.twitter.com unpkg.com; script-src-elem * 'unsafe-inline'; style-src 'self' 'unsafe-inline' assets.risk.net assets.insurancehound.co.uk assets.waterstechnology.com assets.risklibrary.net assets.centralbanking.com assets.postonline.co.uk assets.incinsight.com assets.insuranceage.co.uk assets.euinsurancetech.com assets.fx-markets.com assets.risktech-forum.com assets.infopro-insight.com assets.chartis-research.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; form-action *; frame-ancestors 'self'; report-uri https://www.postonline.co.uk/report-uri/enforce 1
default-src *; script-src 'unsafe-inline' 'unsafe-eval'  https://*.anico.com https://*.americannational.com https://*.googleapis.com http://otf.msn.com https://americannational.com https://*.lifeannuitydi.com https://*.inmoment.com https://tagmanager.google.com https://www.googletagmanager.com https://*.airkit.com https://*.airkitapps.com https://www.google-analytics.com https://www.gstatic.com https://www.google.com https://unpkg.com https://*.vtimg.com https://*.assistant.watson.appdomain.cloud https://*.ytimg.com  http://*.angularjs.org https://*.youtube.com  https://*.dnanico1.aniconet.com https://*.anicoweb.com; style-src * 'unsafe-inline' ; img-src * data: ; child-src * data: blob: filesystem: ; 1
upgrade-insecure-requests; frame-ancestors https://willowpointrehab.com; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src 'self' data: https://www.googletagmanager.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://cdn.livechatinc.com https://api.livechatinc.com https://cdn.ckeditor.com https://cdn.datatables.net https://www.google.com https://www.gstatic.com https://www.paypal.com https://embed.tawk.to https://www.clarity.ms https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 1
default-src 'self' https://demos.shorthandstories.com https://cymru-wales.shorthandstories.com; connect-src 'self' https://demos.shorthandstories.com https://cymru-wales.shorthandstories.com https://apikeys.civiccomputing.com https://stats.g.doubleclick.net https://www.facebook.com https://tr.snapchat.com https://*.algolia.net https://*.algolianet.com https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.tiktok.com https://cdn.linkedin.oribi.io https://dev.visualwebsiteoptimizer.com https://*.google.com https://cc.cdn.civiccomputing.com; font-src 'self' fonts.gstatic.com themes.googleusercontent.com data: https://demos.shorthandstories.com https://cymru-wales.shorthandstories.com; frame-src 'self' https://platform.twitter.com https://syndication.twitter.com https://www.instagram.com https://maps.google.com/ https://www.google.com/ https://www.youtube.com/ https://r1.dotmailer-surveys.com/ https://www.google.co.uk/ https://9530286.fls.doubleclick.net https://player.vimeo.com https://facebook.com https://www.facebook.com https://web.facebook.com https://r1.dotdigital-pages.com https://open.spotify.com https://iframely.shorthand.com https://*.pinterest.com https://m.facebook.com https://tr.snapchat.com https://*.doubleclick.net https://cc.cdn.civiccomputing.com; img-src 'self' data: https:; media-src 'self' https://www.google-analytics.com https://demos.shorthandstories.com https://cymru-wales.shorthandstories.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://maps.googleapis.com https://cdn.syndication.twimg.com https://www.instagram.com https://r1.dotmailer-surveys.com/ https://www.google-analytics.com https://*.googletagmanager.com https://js-agent.newrelic.com/ https://bam.nr-data.net https://www.googleadservices.com https://s.yimg.com https://connect.facebook.net https://bat.bing.com https://s.pinimg.com https://sc-static.net https://amplify.outbrain.com https://tag.yieldoptimizer.com https://ad.doubleclick.net https://sp.analytics.yahoo.com https://googleads.g.doubleclick.net/ https://static.ads-twitter.com/ https://analytics.twitter.com https://www.google.com https://demos.shorthandstories.com https://cymru-wales.shorthandstories.com https://embed.shorthand.com https://news.files.bbci.co.uk https://r1.dotdigital-pages.com https://iframely.shorthand.com https://www.youtube.com https://addevent.com https://cc.cdn.civiccomputing.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com maps.google.com platform.facebook.com platform.instagram.com platform.twitter.com; script-src-elem 'self' 'unsafe-inline' https://tagmanager.google.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://www.google-analytics.com https://static.ads-twitter.com/uwt.js https://connect.facebook.net https://js-agent.newrelic.com https://r1.dotmailer-surveys.com https://r1.dotdigital-pages.com https://analytics.twitter.com https://bam.nr-data.net https://embed.shorthand.com https://demos.shorthandstories.com https://cymru-wales.shorthandstories.com https://news.files.bbci.co.uk https://maps.googleapis.com https://iframely.shorthand.com https://platform.instagram.com https://www.youtube.com https://*.googletagmanager.com http://static.ads-twitter.com/ https://snap.licdn.com https://sc-static.net https://analytics.tiktok.com https://tr.snapchat.com https://dev.visualwebsiteoptimizer.com https://addevent.com https://cc.cdn.civiccomputing.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com maps.google.com platform.facebook.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://platform.twitter.com https://demos.shorthandstories.com https://cymru-wales.shorthandstories.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com; style-src-elem 'self' 'unsafe-inline' blob: https://platform.twitter.com https://ton.twimg.com https://demos.shorthandstories.com https://cymru-wales.shorthandstories.com https://fonts.googleapis.com http://translate.googleapis.com/ https://www.youtube.com https://cdnjs.cloudflare.com https://unpkg.com; worker-src 'self' blob:; frame-ancestors 'self' https://www.rslcontent.co.uk www.rslcontent.co.uk; report-uri https://www.wales.com/report-uri/enforce 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src http: https: blob: data:; font-src https: data:; object-src 'none'; connect-src https: wss://api.appcues.net; frame-src https: blob: data:; 1
frame-ancestors 'self' https://cube.nl 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'   https://*.uptolike.com/ http://aj1616.online/ fapabelno.com  *.fapabelno.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' fapabelno.com  https://*.yandex.com/ https://*.bngprm.com/ https://grown-t-code.com/ https://*.uptolike.com/ http://*.realsrv.com/ https://goryachie-foto.net/ https://bongacams10.com/ https://*.bcprm.com/ https://bcprm.com/  https://aj1616.online/  *.fapabelno.com https://syndication.exosrv.com  https://dugwap.com http://funbuy.pp.ua      connect.facebook.net http://connect.facebook.net https://www.facebook.com http://facebook.net *.yandex.ru yandex.ru       http://www.24video.net/ http://player.vimeo.com/ http://www.24video.xxx/ http://24video.ws/ a.tiaplex.com http://a.tiaplex.com https://a.tiaplex.com http://x.tiaplex.com/ x.tiaplex.com *.yandex.net yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net https://*.yandex.ru https://yandex.ru https://*.yandex.net https://yandex.net https://yandex.st https://*.yandex.st https://yastatic.net https://*.yastatic.net http://*.yandex.ru http://yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://*.yandex.st http://yastatic.net http://*.yastatic.net *.vk.com https://*.vk.com vk.com https://vk.com top-fwz1.mail.ru counter.yadro.ru www.google.com advapi.ru   cse.google.com http://10.20.2.42:15871 *.akamaihd.net *.amazonaws.com *.ytimg.com http://*.whisla.com https://*.googleapis.com https://*.google.com *.google.com *.gstatic.com https://*.gstatic.com www.google-analytics.com cse.google.com http://*.uptolike.com https://*.uptolike.com https://*.google.com http://*.google.com https://www.google-analytics.com http://*.googlesyndication.com https://*.googlesyndication.com *.googlesyndication.com *.googleapis.com *.doubleclick.net ;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'  https://srv224.com/ https://*.trustlink.ru/ https://*.magsrv.com https://*.pemsrv.com/ https://envious-low.com/ https://www.tallfriend.pro/ https://adcck.ru/ https://pddata.ru/ https://creepy-reception.com/ https://*.click.ru/ https://*.bngprm.com/ https://bcprm.com/ https://goryachie-foto.net/ https://aj1616.online/ https://*.uptolike.com/ https://*.yandex.ru/ https://*.realsrv.com/ https://*.yandex.com/ ;object-src 'self' *.yandex.ru yandex.ru       http://www.24video.net/ http://player.vimeo.com/ http://www.24video.xxx/ http://24video.ws/ a.tiaplex.com http://a.tiaplex.com https://a.tiaplex.com http://x.tiaplex.com/ x.tiaplex.com *.yandex.net yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net https://*.yandex.ru https://yandex.ru https://*.yandex.net https://yandex.net https://yandex.st https://*.yandex.st https://yastatic.net https://*.yastatic.net http://*.yandex.ru http://yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://*.yandex.st http://yastatic.net http://*.yastatic.net http://*.ytimg.com *.macromedia.com *.adobe.com https://*.adobe.com https://*.googleapis.com http://www.youtube.com https://www.youtube.com *.gstatic.com http://*.uptolike.com https://*.uptolike.com   *.googleapis.com *.vk.com https://*.vk.com vk.com https://vk.com http://*.googlesyndication.com https://*.googlesyndication.com *.googlesyndication.com ;style-src 'self' 'unsafe-inline' *.yandex.ru yandex.ru       http://www.24video.net/ http://player.vimeo.com/ http://www.24video.xxx/ http://24video.ws/ a.tiaplex.com http://a.tiaplex.com https://a.tiaplex.com http://x.tiaplex.com/ x.tiaplex.com *.yandex.net yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net https://*.yandex.ru https://yandex.ru https://*.yandex.net https://yandex.net https://yandex.st https://*.yandex.st https://yastatic.net https://*.yastatic.net http://*.yandex.ru http://yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://*.yandex.st http://yastatic.net http://*.yastatic.net *.vk.com https://*.vk.com vk.com https://vk.com fapabelno.com *.fapabelno.com http://*.uptolike.com https://*.uptolike.com https://* cse.google.com www.google.com http://netdna.bootstrapcdn.com fonts.googleapis.com *.googleapis.com  http://*.googlesyndication.com https://*.googlesyndication.com *.googlesyndication.com ;img-src * data: fapabelno.com *.fapabelno.com *.yandex.ru yandex.ru       http://www.24video.net/ http://player.vimeo.com/ http://www.24video.xxx/ http://24video.ws/ a.tiaplex.com http://a.tiaplex.com https://a.tiaplex.com http://x.tiaplex.com/ x.tiaplex.com *.yandex.net yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net https://*.yandex.ru https://yandex.ru https://*.yandex.net https://yandex.net https://yandex.st https://*.yandex.st https://yastatic.net https://*.yastatic.net http://*.yandex.ru http://yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://*.yandex.st http://yastatic.net http://*.yastatic.net top-fwz1.mail.ru counter.yadro.ru *.vk.com https://*.vk.com vk.com https://vk.com http://*.uptolike.com https://*.uptolike.com  http://*.googlesyndication.com https://*.googlesyndication.com *.googlesyndication.com http://*.gravatar.com/; media-src 'self' * mediastream: *;frame-src 'self' 'unsafe-eval' https://*.xlivrdr.com https://*.mnaspm.com/ https://*.bongacams22.com/ https://*.bongacams10.com/ https://bongacams10.com/ https://*.bongacams.com/ https://bongacams.com/ http://staticxx.facebook.com/ https://promo-bc.com http://www.facebook.com *.yandex.ru yandex.ru       http://www.24video.net/ http://player.vimeo.com/ http://www.24video.xxx/ http://24video.ws/ a.tiaplex.com http://a.tiaplex.com https://a.tiaplex.com http://x.tiaplex.com/ x.tiaplex.com *.yandex.net yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net https://*.yandex.ru https://yandex.ru https://*.yandex.net https://yandex.net https://yandex.st https://*.yandex.st https://yastatic.net https://*.yastatic.net http://*.yandex.ru http://yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://*.yandex.st http://yastatic.net http://*.yastatic.net fapabelno.com *.fapabelno.com  blocking.stat *.yahoo.com *.uptolike.com vk.com *.hubrus.com www.google.com cse.google.com  http://www.youtube.com https://www.youtube.com http://*.googlesyndication.com https://*.googlesyndication.com *.googlesyndication.com *.doubleclick.net https://*.doubleclick.net https://*.google.com http://*.google.com top-fwz1.mail.ru counter.yadro.ru http://*.uptolike.com https://*.uptolike.com *.googleapis.com   *.vk.com https://*.vk.com vk.com https://vk.com;font-src 'self' data: fapabelno.com *.fapabelno.com *.googleapis.com *.gstatic.com http://*.uptolike.com https://*.uptolike.com http://fonts.gstatic.com:*;connect-src 'self' https://*.magsrv.com https://*.pemsrv.com/ https://www.tallfriend.pro/ https://*.realsrv.com/ https://mc.yandex.com/ *.yandex.ru yandex.ru http://aj1616.online/ https://aj1616.online/  http://w.uptolike.com/       http://www.24video.net/ http://player.vimeo.com/ http://www.24video.xxx/ http://24video.ws/ a.tiaplex.com http://a.tiaplex.com https://a.tiaplex.com http://x.tiaplex.com/ x.tiaplex.com *.yandex.net yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net https://*.yandex.ru https://yandex.ru https://*.yandex.net https://yandex.net https://yandex.st https://*.yandex.st https://yastatic.net https://*.yastatic.net http://*.yandex.ru http://yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://*.yandex.st http://yastatic.net http://*.yastatic.net https://www.youtube.com *.googlevideo.com https://*.gstatic.com http://*.googlesyndication.com https://*.googlesyndication.com *.googlesyndication.com *.google-analytics.com;report-uri //fapabelno.com/csp.php 1
default-src 'self' *.webnet.fr *.socotec.com socotec.com *.socotec.fr socotec.fr *.cfasocotec.fr cfasocotec.fr *.socotecbuildingcontrol.co.uk socotecbuildingcontrol.co.uk socotecsmartsolutions.fr *.socotecsmartsolutions.fr storage.gra.cloud.ovh.net *.socotec.co.uk socotec.co.uk *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.go-mpulse.net *.akstat.io *.akamaihd.net *.trustcommander.net *.commander1.com; connect-src 'self' *.mktoresp.com *.webnet.fr *.socotec.com socotec.com *.socotec.fr socotec.fr *.cfasocotec.fr cfasocotec.fr *.socotecbuildingcontrol.co.uk socotecbuildingcontrol.co.uk socotecsmartsolutions.fr *.socotecsmartsolutions.fr storage.gra.cloud.ovh.net *.socotec.co.uk socotec.co.uk *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.go-mpulse.net *.akstat.io *.akamaihd.net cdn.linkedin.oribi.io *.trustcommander.net; font-src 'self' *.webnet.fr *.socotec.com socotec.com *.socotec.fr socotec.fr *.cfasocotec.fr cfasocotec.fr *.socotecbuildingcontrol.co.uk socotecbuildingcontrol.co.uk socotecsmartsolutions.fr *.socotecsmartsolutions.fr storage.gra.cloud.ovh.net *.socotec.co.uk socotec.co.uk *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.go-mpulse.net *.akstat.io *.akamaihd.net; img-src 'self' *.linkedin.com *.webnet.fr *.socotec.com socotec.com *.socotec.fr socotec.fr *.cfasocotec.fr cfasocotec.fr *.socotecbuildingcontrol.co.uk socotecbuildingcontrol.co.uk socotecsmartsolutions.fr *.socotecsmartsolutions.fr storage.gra.cloud.ovh.net *.socotec.co.uk socotec.co.uk *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.go-mpulse.net *.akstat.io *.akamaihd.net p.adsymptotic.com; media-src 'self' *.webnet.fr *.socotec.com socotec.com *.socotec.fr socotec.fr *.cfasocotec.fr cfasocotec.fr *.socotecbuildingcontrol.co.uk socotecbuildingcontrol.co.uk socotecsmartsolutions.fr *.socotecsmartsolutions.fr storage.gra.cloud.ovh.net *.socotec.co.uk socotec.co.uk *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.go-mpulse.net *.akstat.io *.akamaihd.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net www.googleadservices.com *.licdn.com *.webnet.fr *.socotec.com socotec.com *.socotec.fr socotec.fr *.cfasocotec.fr cfasocotec.fr *.socotecbuildingcontrol.co.uk socotecbuildingcontrol.co.uk socotecsmartsolutions.fr *.socotecsmartsolutions.fr storage.gra.cloud.ovh.net *.socotec.co.uk socotec.co.uk *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.go-mpulse.net *.akstat.io *.akamaihd.net connect.facebook.net cdn.tagcommander.com cdn.trustcommander.net; style-src 'self' 'unsafe-inline' *.webnet.fr *.socotec.com socotec.com *.socotec.fr socotec.fr *.cfasocotec.fr cfasocotec.fr *.socotecbuildingcontrol.co.uk socotecbuildingcontrol.co.uk socotecsmartsolutions.fr *.socotecsmartsolutions.fr storage.gra.cloud.ovh.net *.socotec.co.uk socotec.co.uk *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.go-mpulse.net *.akstat.io *.akamaihd.net *.tagcommander.com cdn.trustcommander.net snap.licdn.com; base-uri 'self'; form-action 'self' *.webnet.fr *.socotec.com socotec.com *.socotec.fr socotec.fr *.cfasocotec.fr cfasocotec.fr *.socotecbuildingcontrol.co.uk socotecbuildingcontrol.co.uk socotecsmartsolutions.fr *.socotecsmartsolutions.fr storage.gra.cloud.ovh.net *.socotec.co.uk socotec.co.uk *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.go-mpulse.net *.akstat.io *.akamaihd.net *.payrct.fr *.paynum.fr; frame-ancestors 'self' 1
default-src 'none'; connect-src * 'self'; font-src * 'self'; frame-src * 'self'; img-src * 'self' data:; manifest-src * 'self'; object-src * 'self'; prefetch-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline'; media-src * 'self'; form-action * 'self'; worker-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: indd.adobe.com *.braintreegateway.com *.braintree-api.com *.sandbox.braintree-api.com *.trackjs.com *.gstatic.com *.googleapis.com www.googletagmanager.com www.google-analytics.com *.nflflag.com nflflag.com nflstatic.s3.amazonaws.com nfl-static.s3.amazonaws.com *.ytimg.com www.youtube.com player.vimeo.com connect.facebook.net facebook.com *.facebook.com *.twitter.com *.twimg.com *.fls.doubleclick.neti sc-static.net *.googleadservices.com *.doubleclick.net *.snapchat.com *.google.com *.g.doubleclick.net *.instagram.com *.adobedtm.com *.demdex.net *.nfltags.com *.nfl.com *.everesttech.net 1
frame-ancestors 'self' https://meinkonto-vkw.apps.test.egv.at https://meinkonto-vkw.qa.illwerkevkw.at https://meinkonto.vkw.at 1
connect-src 'self' 'unsafe-inline' *.garvan.org.au *.algolia.net *.algolianet.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com https://maps.googleapis.com https://noembed.com https://payments.blackbaud.com/api/Checkout *.blackbaud.com https://bbox.blackbaudhosting.com *.blackbaudhosting.com *.contentstack.io https://pagead2.googlesyndication.com *.googlesyndication.com https://fndrsp.net *.fundraiseup.com https://fndrsp-checkout.net *.google.com google.com/pay *.paypal.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.garvan.org.au https://stats.g.doubleclick.net https://www.googletagmanager.com https://analytics.google.com https://www.google-analytics.com https://maps.googleapis.com https://www.youtube.com https://bbox.blackbaudhosting.com *.blackbaudhosting.com https://code.jquery.com s3.amazonaws.com https://payments.blackbaud.com *.blackbaud.com https://www.google.com https://maps.gstatic.com *.gstatic.com *.doubleclick.net *.facebook.net *.paypal.com https://chimpstatic.com/ https://js.adsrvr.org *.paypalobjects.com https://pagead2.googlesyndication.com *.googlesyndication.com https://netlify-cdp-loader.netlify.app *.fundraiseup.com *.stripe.com *.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://bbox.blackbaudhosting.com *.blackbaudhosting.com https://payments.blackbaud.com *.blackbaud.com https://stackpath.bootstrapcdn.com cdn-images.mailchimp.com; img-src 'self' https://images.contentstack.io *.contentstack.io https://bbox.blackbaudhosting.com *.blackbaudhosting.com https://maps.gstatic.com https://img.youtube.com https://i.vimeocdn.com https://maps.googleapis.com *.google-analytics.com *.paypal.com *.google.com *.google.com.au *.facebook.com https://ucarecdn.com/ *.fundraiseup.com *.paypalobjects.com *.gstatic.com *.googletagmanager.com data:; base-uri 'self';, font-src https://fonts.gstatic.com https://fonts.googleapis.com *.fundraiseup.com data:;, sandbox allow-scripts allow-same-origin allow-forms allow-popups allow-popups-to-escape-sandbox allow-downloads;, frame-ancestors 'self' *.garvan.org.au *.contentstack.com; 1
frame-ancestors 'self' *.myshopify.com admin.shopify.com 1
script-src 'unsafe-inline' https: 'nonce-O0LiV7GdJ2rhhJGBz1V7R5rn2/M=' 'strict-dynamic' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'nonce-O0LiV7GdJ2rhhJGBz1V7R5rn2/M=' api.extranet.pl; font-src data: 'self'; manifest-src 'self'; frame-src 'self' *.googletagmanager.com *.google-analytics.com *.google.com; object-src 'none';  form-action 'self'; base-uri https://www.extranet.pl/ 1
frame-ancestors 'self' youtube.com; 1
connect-src 'self' *.google-analytics.com www.google-analytics.com *.analytics.google.com *.bumblebeeconservation.org *.cloudflare.com *.doubleclick.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.www.bumblebeeconservation.org *.mkt.dynamics.com assets-gbr.mkt.dynamics.com cxppusa1formui01cdnsa01-endpoint.azureedge.net *.googleapis.com; default-src 'self' 'unsafe-inline' www.googletagmanager.com; font-src 'self' data: *.bumblebeeconservation.org *.www.bumblebeeconservation.org *.gstatic.com; frame-src 'self' data: www.google.com platform.twitter.com www.googletagmanager.com player.vimeo.com vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com *.twitter.com *.cloudflare.com *.doubleclick.net *.stripe.com; img-src 'self' data: www.google-analytics.com www.gstatic.com www.google.co.uk www.googletagmanager.com *.gravatar.com  *.vimeocdn.com  *.ytimg.com *.twitter.com *.youtube.com *.doubleclick.net *.bumblebeeconservation.org *.www.bumblebeeconservation.org cxppusa1formui01cdnsa01-endpoint.azureedge.net public-gbr.mkt.dynamics.com; media-src 'self' blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' connect.facebook.net; script-src-elem 'self' 'unsafe-inline' player.vimeo.com vimeo.com apis.google.com www.youtube.com www.youtube-nocookie.com platform.twitter.com googletagmanager.com www.googletagmanager.com www.google.com google.com www.gstatic.com gstatic.com www.google-analytics.com connect.facebook.net *.cloudflare.com *.stripe.com cxppusa1formui01cdnsa01-endpoint.azureedge.net public-gbr.mkt.dynamics.com; style-src 'self' 'unsafe-inline' blob:; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com *.googleapis.com; worker-src 'self' blob:; 1
script-src 'self' https://www.google.com 1
script-src 'self' *.cookiebot.com *.googletagmanager.com *.googleapis.com *.licdn.com *.i.cz *.doubleclick.net *.google.com *.seznam.cz *.gstatic.com 'unsafe-inline' 'unsafe-eval'; 1
upgrade-insecure-requests; default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors zubersoft.com www.zubersoft.com; base-uri 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' zubersoft.com www.zubersoft.com zubersoft.com cdn-x2ppztmqpvwv.vultrcdn.com zubersoft.download www.zubersoft.download www.google.com www.gstatic.com www.youtube.com www.youtu.be www.dropbox.com drive.google.com www.paypal.com www.youtube-nocookie.com js.hcaptcha.com imgur.com i.imgur.com; frame-src zubersoft.com www.zubersoft.com www.google.com www.youtube.com www.youtu.be www.dropbox.com drive.google.com www.paypal.com www.youtube-nocookie.com js.hcaptcha.com newassets.hcaptcha.com imgur.com i.imgur.com cdn-x2ppztmqpvwv.vultrcdn.com zubersoft.download www.zubersoft.download 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: wss://*.purechat.com *.amazonaws.com *.barilliance.com *.uberads.com *.bootstrapcdn.com *.list-manage.com *.jquery.com *.purechatcdn.com *.purechat.com *.chase.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com *.googleadservices.com *.google-analytics.com *.schemaapp.com *.googletagmanager.com *.doubleclick.net *.webeyez.com *.hotjar.io *.hotjar.com *.youtube.com *.webeyez.com firehose.eu-west-1.amazonaws.com cognito-identity.eu-west-1.amazonaws.com *.adobedtm.com *.gstatic.com *.googleapis.com *.google.com; frame-ancestors 'self' https://trans-global-service.myshopify.com https://tgsmobile.limetac.com https://tgsmobile.limetac.com; style-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; report-uri /error/csp-violation 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-onyrwyhiRgrSQ4A4/konWg=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self' *.google.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.googleapis.com *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com code.highcharts.com; connect-src 'self' *.sitesage.net *.googleapis.com *.google-analytics.com *.amazonaws.com; img-src data: blob: 'self' *.gstatic.com *.google-analytics.com *.google.com s3.amazonaws.com sitesage.net *.sitesage.net emonitor.us *.emonitor.us *.googleapis.com icons.wxug.com; style-src 'unsafe-inline' 'self' *.googleapis.com *.google.com; font-src 'self' data: *.gstatic.com; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' 1
default-src 'self' 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline' *.sprinklr.com firestoneindustrial.mpeasylink.com *.googleapis.com *.bing.com; script-src 'self' 'unsafe-inline'  'unsafe-eval' *.twitter.com *.sprinklr.com https://www.google.com/recaptcha/api.js firestoneindustrial.mpeasylink.com hub.firestonecompleteautocare.com *.doubleclick.net *.adobedtm.com *.google-analytics.com *.everestjs.net *.pinimg.com *.hotjar.com *.bing.com *.googleadservices.com *.xg4ken.com *.facebook.net *.doubleclick.com *.googletagmanager.com *.akamaihd.net *.marchex.io *.everesttech.net *.iperceptions.com *.powerreviews.com *.iovation.com *.iesnare.com *.googleapis.com *.virtualearth.net *.recaptcha.net *.gstatic.com; img-src * data: blob: ; connect-src *; frame-src *; font-src 'self' *.gstatic.com *.sprinklr.com data: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://brighteon.social; img-src 'self' https: data: blob: https://brighteon.social; style-src 'self' https://brighteon.social 'nonce-bkdsh9imUr4QMEquLwlmgg=='; media-src 'self' https: data: https://brighteon.social; frame-src 'self' https:; manifest-src 'self' https://brighteon.social; connect-src 'self' data: blob: https://brighteon.social https://s3.us-west-002.backblazeb2.com wss://brighteon.social https://www.brighteon.com https://censored.news https://analytics.distributednews.com; script-src 'self' https://brighteon.social https://support.brighteon.com https://www.brighteon.tv https://hcaptcha.com https://static.cloudflareinsights.com https://analytics.distributednews.com; child-src 'self' blob: https://brighteon.social; worker-src 'self' blob: https://brighteon.social 1
media-src 'self' https:; img-src 'self' https://script.hotjar.com http://script.hotjar.com data: https:; font-src 'self' data: *.googleapis.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https:; default-src 'none'; connect-src 'self' http://*.hotjar.com https://*.hotjar.com https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https:; child-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com data: https:; object-src 'self' blob:; frame-ancestors https://*.tepapa.govt.nz https://nzbirdsonline.org.nz; frame-src 'self' www.google.com https://vars.hotjar.com 1
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'nonce-42697557635344489217858617418774' data: blob: https://analytics.google.com https://assets.juicer.io https://cdn.chatbot.com https://cdn.jsdelivr.net https://connect.facebook.net https://fonts.gstatic.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://snap.licdn.com https://static.ads-twitter.com https://t.clarity.ms https://t.co https://td.doubleclick.net https://www.clarity.ms https://www.facebook.com https://www.linkedin.com https://twitter.com https://www.youtube.com https://instagram.com https://www.amazon.in https://connect.facebook.net https://www.google-analytics.com https://www.google.co.in https://www.googletagmanager.com https://www.vedantalimited.com https://cdnjs.cloudflare.com https://graphics.stanford.edu https://developers.google.com/maps/ https://fonts.googleapis.com https://cdn.datatables.net https://cdn.datatables.net https://cdn.jsdelivr.net https://www.hzlindia.com/ https://vedanta-zincinternational.com/ https://code.jquery.com/ https://platform-api.sharethis.com https://script.google.com https://unpkg.com https://*.juicer.io/ https://r.clarity.ms https://*.ytimg.com https://px.ads.linkedin.com https://instagram.com/ https://www.amazon.in/ https://img.youtube.com https://www.cdp.net https://www.spglobal.com https://www.msci.com https://www.sustainalytics.com https://youtu.be *.hotjar.com *.hotjar.io wss://ws.hotjar.com https://www.youtube-nocookie.com https://*.xx.fbcdn.net *.twitter.com *.google.com https://vedantaapi.pythonanywhere.com/share_price_calculator/show_stock_history *.chatbot.com *.algolia.net *.ads.linkedin.com *.linkedin.com *.googleapis.com *.clarity.ms *.vedantalimited.com *.sharethis.com *.pythonanywhere.com *.ccavenue.com https://maps.gstatic.com https://script.google.com https://script.googleusercontent.com https://kit.fontawesome.com https://online.publuu.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodontti.fi; img-src 'self' https: data: blob: https://mastodontti.fi; style-src 'self' https://mastodontti.fi 'nonce-Eewo95Nlnv5Lq9v/Sh6MDA=='; media-src 'self' https: data: https://mastodontti.fi; frame-src 'self' https:; manifest-src 'self' https://mastodontti.fi; form-action 'self'; child-src 'self' blob: https://mastodontti.fi; worker-src 'self' blob: https://mastodontti.fi; connect-src 'self' data: blob: https://mastodontti.fi https://cdn.masto.host wss://mastodontti.fi; script-src 'self' https://mastodontti.fi 'wasm-unsafe-eval' 1
default-src 'self'; connect-src *; img-src 'self' data: stract.com 0.0.0.0:3000 localhost:3000; script-src 'self' 'wasm-unsafe-eval' 'nonce-rUOwGwqbyndGjQkK0lXb/Q=='; style-src 'self' 'unsafe-inline' 1
base-uri 'self'; default-src 'self'; child-src; connect-src 'self' https://*.abtasty.com https://*.adservice.google.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.mypurecloud.com.au https://*.sentry.io https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://analytics.formstack.com https://api.addressfinder.io https://au-live.inside-graph.com https://js.hsadspixel.net https://js.hscollectedforms.net https://stats.g.doubleclick.net https://www.instagram.com wss://*.hotjar.com wss://*.mypurecloud.com.au wss://au-live.inside-graph.com https://*.swiftype.com https://*.swiftypecdn.com; font-src 'self' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io blob: data:; form-action 'self' https://*.powershop.co.nz https://*.springload.nz https://*.facebook.com; frame-ancestors 'self'; frame-src https://*.mypurecloud.com.au *.mypurecloud.com.au https://*.doubleclick.net https://*.google.com https://*.vimeo.com https://*.youtube.com https://recaptcha.google.com https://*.facebook.com https://*.google.com https://*.googletagmanager.com https://au-cdn.inside-graph.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://critchlow.carto.com; img-src 'self' https://*.abtasty.com https://*.amazonaws.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.co.nz https://*.google.com https://*.google.com.au https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://adservice.google.com https://analytics.formstack.com https://fonts.gstatic.com https://i.vimeocdn.com https://js.hsadspixel.net https://www.instagram.com https://*.swiftype.com https://*.springload.nz https://www.powershop.co.nz blob: data:; media-src https://*.youtube.com https://*.vimeo.com https://au-cdn.inside-graph.com; object-src 'none'; script-src 'self' https://*.abtasty.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com/recaptcha/ https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com/recaptcha/ https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://*.usemessages.com https://*.vimeo.com https://*.youtube.com https://analytics.formstack.com https://api.addressfinder.io https://au-tracker.inside-graph.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hscollectedforms.net https://tagmanager.google.com wss://*.hotjar.com https://*.swiftype.com https://*.swiftypecdn.com https://*.springload.nz https://www.powershop.co.nz 'nonce-OTg1Y2MwY2ZhZDRiYjI5ZjZiNjEyYmE3YTRhNzA3NjI3ZmU5ZWY2ODYyNWRiZDVhN2JmNWJmOWYyN2Q5MDAwNjEwZjcwZjE0NTc4YjA2MWU5MzEyOGJlMDk2YTA1NWY3MjZhZDBmYjdlZTc1N2M1YWRlMGE3NTBlOWUyNjZkZDM=' 'unsafe-eval' blob:; style-src 'self' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.googleapis.com https://tagmanager.google.com https://*.swiftype.com https://*.swiftypecdn.com 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/4504811489984512/csp-report/?sentry_key=a2cb92247922492b95ce72aee1ae6528&sentry_environment=live; upgrade-insecure-requests 1
default-src 'self' *.youtube.com *.google.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: *.bzcompany.cz; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.google-analytics.com *.upv.cz cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.bzcompany.cz cdn.jsdelivr.net *.upv.cz cdnjs.cloudflare.com; style-src 'unsafe-inline' 'self' *.googleapis.com *.jsdelivr.net cdnjs.cloudflare.com; connect-src 'self' *.google-analytics.com *.upv.cz 1
default-src 'self' 'unsafe-inline' https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.olark.com https://assurance.sysnetgs.com https://hm.baidu.com; style-src 'self' 'unsafe-inline' https://static.olark.com; font-src 'self' data: https://fonts.gstatic.com https://static.olark.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://knrpc.olark.com; frame-src 'self' https://api.teapplix.com https://www.google.com https://www.youtube.com https://bid.g.doubleclick.net https://static.olark.com frame-ancestors 'none'; media-src 'self' https://static.olark.com; img-src 'self' data: * 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://cdn.ampproject.org https://vodafone-ghana-cdn.s3.amazonaws.com https://a.vodafone.com.gh tags.tiqcdn.com cdn.cookielaw.org https://nebula-cdn.kampyle.com https://cdnjs.cloudflare.com https://smetrics.vodafone.com.gh https://d2wrz230yyz3cg.cloudfront.net https://myvodafone.vodafone.com.gh https://vodafone.com.gh google.com *.google.com *.telecel.com.gh *.vodafone.com.gh vodafone.com.gh telecel.com.gh *.newrelic.com *.nr-data.net blob:; style-src 'self' 'unsafe-inline' https://cdn.ampproject.org https://vodafone-ghana-cdn.s3.amazonaws.com https://cdn.cookielaw.org https://myvodafone.vodafone.com.gh https://vodafone.com.gh google.com *.google.com *.telecel.com.gh *.vodafone.com.gh vodafone.com.gh telecel.com.gh ; font-src 'self' https://cdn.ampproject.org https://vodafone-ghana-cdn.s3.amazonaws.com https://d2wrz230yyz3cg.cloudfront.net https://myvodafone.vodafone.com.gh https://vodafone.com.gh google.com *.google.com *.telecel.com.gh *.vodafone.com.gh vodafone.com.gh telecel.com.gh; img-src 'self' https://support.vodafone.com.gh https://vodafone-ghana-cdn.s3.amazonaws.com https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com https://chat.vodafone.com.gh https://d2wrz230yyz3cg.cloudfront.net https://myvodafone.vodafone.com.gh https://vodafone.com.gh https://cm.everesttech.net google.com *.google.com *.telecel.com.gh *.vodafone.com.gh vodafone.com.gh telecel.com.gh data:; connect-src 'self' https://cdn.ampproject.org https://vodafone.com.gh https://a.vodafone.com.gh https://support.vodafone.com.gh https://myvodafone.vodafone.com.gh https://gcpsmapi-pre.vodafone.com https://smetrics.vodafone.com.gh metrics.vodafone.com.gh https://dpm.demdex.net https://tags.tiqcdn.com https://c.go-mpulse.net gcpsmapi.vodafone.com https://nebula-cdn.kampyle.com https://us-central1-amp-error-reporting.cloudfunctions.net https://vodafoneghana.tt.omtrdc.net udc-neb.kampyle.com https://d2wrz230yyz3cg.cloudfront.net https://cdn.cookielaw.org google.com *.google.com *.telecel.com.gh *.vodafone.com.gh vodafone.com.gh telecel.com.gh *.newrelic.com *.nr-data.net; manifest-src 'self' https://vodafone.com.gh https://myvodafone.vodafone.com.gh google.com *.google.com *.telecel.com.gh *.vodafone.com.gh vodafone.com.gh telecel.com.gh; frame-src https://a.vodafone.com.gh https://vodafone.com.gh https://nebula-cdn.kampyle.com https://www.youtube-nocookie.com https://www.youtube.com https://myvodafone.vodafone.com.gh https://vodafonegh.demdex.net google.com *.google.com *.telecel.com.gh *.vodafone.com.gh vodafone.com.gh telecel.com.gh blob:; object-src 'none' 1
default-src data: http: https: 'unsafe-inline' 'unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://procursus.social; img-src 'self' data: blob: https://procursus.social https://assets.procursus.social; style-src 'self' https://procursus.social 'nonce-5EvTsQnm52IRS/7AJkwzKA=='; media-src 'self' data: https://procursus.social https://assets.procursus.social; frame-src 'self' https:; manifest-src 'self' https://procursus.social; form-action 'self'; child-src 'self' blob: https://procursus.social; worker-src 'self' blob: https://procursus.social; connect-src 'self' data: blob: https://procursus.social https://assets.procursus.social wss://procursus.social; script-src 'self' https://procursus.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' *.evergage.com *.evgnet.com *.vimeo.com *.hotjar.com https://fuse-event.com;frame-src 'self' blob: https:;default-src 'self' 'unsafe-inline' blob: https:;font-src 'self' https: data:;script-src 'self' blob: data: https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:;connect-src 'self' wss: data: https: blob:; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval'         use.fontawesome.com *.googlesyndication.com *.google-analytics.com  telfordhomes.london www.telfordhomes.london fonts.googleapis.com fonts.gstatic.com         consent.cookiebot.com consentcdn.cookiebot.com pbs.twimg.com www.googletagmanager.com *.analytics.google.com         static-ssl.responsetap.com www.youtube.com youtube.com www.google-analytics.com static.hotjar.com         i.ctnsnet.com connect.facebook.net tags.crwdcntrl.net analytics.tiktok.com pixel.mathtag.com         service.giosg.com www.google.co.uk maps.gstatic.com *.hotjar.com *.hotjar.io www.gstatic.com         *.teads.tv *.typekit.net *.typekit.com *.homeviews.com *.adsrvr.org p.teads.tv www.facebook.com         telfordmaster.appealstaging.co.uk         *.youtube.com *.vimeo.com *.vimeocdn.com         maps.googleapis.com www.google.com google.com bcp.crwdcntrl.net *.doubleclick.net *.responsetap.com; 1
report-uri https://csp.uel.wildapricot.com/report; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.appointlet.com *.appointletcdn.com *.aptrinsic.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.ecomm.events *.ecwid.com *.elev.io *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.mcjobboard.net *.mybillsystem.com *.newrelic.com *.nr-data.net *.pagespeed-mod.com *.paypal.com *.termly.io *.twitter.com *.typekit.net *.uservoice.com *.wildapricot.com *.youtube.com *.zdassets.com *.zendesk.com *.zopim.com caas-sf.wildapricot.org live-sf.wildapricot.org maps.googleapis.com onlinestore-prod-digital-products.s3.amazonaws.com sf.wildapricot.org vimeo.com widget-mediator.zopim.com wss://widget-mediator.zopim.com/ reserveddomainnames.wildapricot.org sf.wildapricot.org;   img-src * data: blob:;   media-src * blob:;   font-src * https://*.aptrinsic.com data:;  1
frame-ancestors 'self' https://sportland.lv/ https://sportland.com/ https://en.sportland.fi/ https://ru.sportland.ee/ https://ru.sportland.lt/ https://ru.sportland.lv/ https://pl.sportland.com/ https://sportland.fi/ https://sportland.ee/ https://sportland.lt/ https://sportskim.sportland.lv/ https://outlet.sportland.lv/ https://outlet.sportland.lt/ https://outlet.sportland.ee/ https://outlet.sportland.com/ https://ru-outlet.sportland.com/ https://outlet.sportland.fi/; 1
frame-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://lpcdn.lpsnmedia.net https://lo.msg.liveperson.net https://lo.v.liveperson.net https://lo.idp.liveperson.net https://widget.trustpilot.com; object-src 'none'; frame-ancestors *; report-uri http://prepaypower.ie/report-uri/enforce 1
default-src 'self' https://*.googleapis.com/ https://*.google-analytics.com/ https://www.googletagmanager.com/ https://*.google.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.ytimg.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://connect.facebook.net/ https://*.facebook.com/ https://*.reservanto.cz/ https://*.jsdelivr.net/ https://web-sdk.smartlook.com/ https://*.eu.smartlook.cloud/ https://*.smartlook.cloud/ https://c.imedia.cz/ https://chat.supportbox.cz/ https://*.seznam.cz/ https://*.google.cz/ https://*.googlesyndication.com/ https://*.googleadservices.com/ wss://*.smartsupp.com https://*.smartsupp.com https://*.smartsuppchat.com https://*.smartsuppcdn.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com/ https://*.google-analytics.com/ https://www.googletagmanager.com/ https://*.google.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.ytimg.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://connect.facebook.net/ https://*.facebook.com/ https://*.reservanto.cz/ https://*.jsdelivr.net/ https://web-sdk.smartlook.com/ https://*.eu.smartlook.cloud/ https://*.smartlook.cloud/ https://c.imedia.cz/ https://chat.supportbox.cz/ https://*.seznam.cz/ https://*.google.cz/ https://*.googlesyndication.com/ https://*.googleadservices.com/ wss://*.smartsupp.com https://*.smartsupp.com https://*.smartsuppchat.com https://*.smartsuppcdn.com ; connect-src 'self' https://*.googleapis.com/ https://*.google-analytics.com/ https://www.googletagmanager.com/ https://*.google.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.ytimg.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://connect.facebook.net/ https://*.facebook.com/ https://*.reservanto.cz/ https://*.jsdelivr.net/ https://web-sdk.smartlook.com/ https://*.eu.smartlook.cloud/ https://*.smartlook.cloud/ https://c.imedia.cz/ https://chat.supportbox.cz/ https://*.seznam.cz/ https://*.google.cz/ https://*.googlesyndication.com/ https://*.googleadservices.com/ wss://*.smartsupp.com https://*.smartsupp.com https://*.smartsuppchat.com https://*.smartsuppcdn.com ; img-src 'self' data: blob: 'unsafe-inline' https://*.googleapis.com/ https://*.google-analytics.com/ https://www.googletagmanager.com/ https://*.google.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.ytimg.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://connect.facebook.net/ https://*.facebook.com/ https://*.reservanto.cz/ https://*.jsdelivr.net/ https://web-sdk.smartlook.com/ https://*.eu.smartlook.cloud/ https://*.smartlook.cloud/ https://c.imedia.cz/ https://chat.supportbox.cz/ https://*.seznam.cz/ https://*.google.cz/ https://*.googlesyndication.com/ https://*.googleadservices.com/ wss://*.smartsupp.com https://*.smartsupp.com https://*.smartsuppchat.com https://*.smartsuppcdn.com ; font-src 'self' https://*.googleapis.com/ https://*.google-analytics.com/ https://www.googletagmanager.com/ https://*.google.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.ytimg.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://connect.facebook.net/ https://*.facebook.com/ https://*.reservanto.cz/ https://*.jsdelivr.net/ https://web-sdk.smartlook.com/ https://*.eu.smartlook.cloud/ https://*.smartlook.cloud/ https://c.imedia.cz/ https://chat.supportbox.cz/ https://*.seznam.cz/ https://*.google.cz/ https://*.googlesyndication.com/ https://*.googleadservices.com/ wss://*.smartsupp.com https://*.smartsupp.com https://*.smartsuppchat.com https://*.smartsuppcdn.com ; style-src 'self' 'unsafe-inline' https://*.googleapis.com/ https://*.google-analytics.com/ https://www.googletagmanager.com/ https://*.google.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.ytimg.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://connect.facebook.net/ https://*.facebook.com/ https://*.reservanto.cz/ https://*.jsdelivr.net/ https://web-sdk.smartlook.com/ https://*.eu.smartlook.cloud/ https://*.smartlook.cloud/ https://c.imedia.cz/ https://chat.supportbox.cz/ https://*.seznam.cz/ https://*.google.cz/ https://*.googlesyndication.com/ https://*.googleadservices.com/ wss://*.smartsupp.com https://*.smartsupp.com https://*.smartsuppchat.com https://*.smartsuppcdn.com ; frame-src 'self' https://*.googleapis.com/ https://*.google-analytics.com/ https://www.googletagmanager.com/ https://*.google.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.ytimg.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://connect.facebook.net/ https://*.facebook.com/ https://*.reservanto.cz/ https://*.jsdelivr.net/ https://web-sdk.smartlook.com/ https://*.eu.smartlook.cloud/ https://*.smartlook.cloud/ https://c.imedia.cz/ https://chat.supportbox.cz/ https://*.seznam.cz/ https://*.google.cz/ https://*.googlesyndication.com/ https://*.googleadservices.com/ wss://*.smartsupp.com https://*.smartsupp.com https://*.smartsuppchat.com https://*.smartsuppcdn.com 1
default-src 'none'; base-uri 'self' data:; manifest-src 'self'; form-action 'self'; frame-src 'self' https://app.kontent.ai https://brandcentral.ramboll.com https://video.ramboll.com https://consentcdn.cookiebot.com https://bid.g.doubleclick.net https://td.doubleclick.net; frame-ancestors 'self' https://app.kontent.ai; script-src 'self' 'unsafe-inline' nonce-1685b32d-c6b9-4427-8a78-59831b5529e2 https://consent.cookiebot.com https://consentcdn.cookiebot.com https://app.kontent.ai https://*.piwik.pro https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net 'unsafe-eval' https://www.googletagmanager.com/gtm.js; object-src 'none'; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com https://*.piwik.pro; img-src 'self' data: https://cdn-assets-eu.frontify.com https://imgsct.cookiebot.com https://*.piwik.pro https://fonts.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com; font-src 'self' data: https://fonts.gstatic.com https://*.piwik.pro; media-src 'self' data: https://cdn-assets-eu.frontify.com; connect-src 'self' https://brandcentral.ramboll.com https://consentcdn.cookiebot.com https://*.piwik.pro https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-YWI0MDJiYzBiYzMwNDZjMWIyMGExZmM0M2I0OGQxNDk=' https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.ssc-ict.nl; font-src 'self' https://statistiek.rijksoverheid.nl; object-src 'none'; connect-src https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.ssc-ict.nl; img-src 'self' data: https://d3oiud1b8fohdw.cloudfront.net https://statistiek.rijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.toegankelijkheidsverklaring.nl; media-src 'self' https://*.rovid.nl https://*.rijksoverheidsvideo.nl; form-action 'self' https://export.highcharts.com https://*.contenttoolsrijksoverheid.nl https://*.ssc-ict.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self'; child-src blob:; media-src * 'self' data: https: blob:; style-src 'self' 'unsafe-inline' *; img-src * 'self' data: https: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: https:; frame-src * 1
default-src 'self'; script-src 'self' https://www.youtube.com 'sha256-bsriBHhd3ID9p66p9X58fI1QXOmr7Xa/VNqUGfGlE0o' 'sha256-CIIWJRx1FMu7SRVDnbgTr4xXu3pL3G6hBk4N6SI4/Uw=' http://*.lessonup.com:* https://*.lessonup.com:* https://*.lessonup.com http://localhost:3100 http://localhost:3050 http://localhost:3000 http://localhost:3002 https://*.lessonup.dev https://staging.lessonup.app https://lessonup.com http://*.googletagmanager.com https://*.googletagmanager.com http://*.g.doubleclick.net https://*.g.doubleclick.net http://*.hotjar.co http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com http://*.googleapis.com https://*.googleapis.com http://*.googleadservices.com https://*.googleadservices.com https://maps.googleapis.com https://www.youtube.com/iframe_api 'unsafe-eval'; connect-src * 'self' 'unsafe-inline' http://*.lessonup.com:* https://*.lessonup.com:* https://*.lessonup.com http://localhost:3100 http://localhost:3050 http://localhost:3000 http://localhost:3002 https://*.lessonup.dev https://staging.lessonup.app https://lessonup.com http://*.google-analytics.com https://*.google-analytics.com http://*.analytics.google.com https://*.analytics.google.com http://*.googletagmanager.com https://*.googletagmanager.com http://*.g.doubleclick.net https://*.g.doubleclick.net http://*.google.com https://*.google.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://optimize.google.com https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://www.google-analytics.com http://www.google-analytics.com https://stats.g.doubleclick.net; img-src data: 'self' blob: https: http://*.lessonup.com:* https://*.lessonup.com:* https://*.lessonup.com http://localhost:3100 http://localhost:3050 http://localhost:3000 http://localhost:3002 https://*.lessonup.dev https://staging.lessonup.app https://lessonup.com http://*.google-analytics.com https://*.google-analytics.com http://*.analytics.google.com https://*.analytics.google.com http://*.googletagmanager.com https://*.googletagmanager.com http://*.g.doubleclick.net https://*.g.doubleclick.net http://*.google.com https://*.google.com http://*.google.com:* https://*.google.com:* http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com https://www.googletagmanager.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://widget.intercom.io/widget https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com http://www.googletagmanager.com http://www.google-analytics.com https://stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://cloud.typography.com http://*.lessonup.com:* https://*.lessonup.com:* https://*.lessonup.com http://localhost:3100 http://localhost:3050 http://localhost:3000 http://localhost:3002 https://*.lessonup.dev https://staging.lessonup.app https://lessonup.com https://optimize.google.com https://fonts.gstatic.com https://fonts.googleapis.com http://cloud.typography.com/6162672/684584/css/fonts.css https://cloud.typography.com/6162672/684584/css/fonts.css https://www.vangoghmuseum.nl/statics/fonts/796821/50011f6b07dc2a0f8.css https://www.google-analytics.com https://maps.googleapis.com https://www.youtube.com/iframe_api; media-src 'self' https://api.lessonup.com https://lessonup-assets.appspot.com http://*.lessonup.com:* https://*.lessonup.com:* https://*.lessonup.com http://localhost:3100 http://localhost:3050 http://localhost:3000 http://localhost:3002 https://*.lessonup.dev https://staging.lessonup.app https://lessonup.com https://js.intercomcdn.com; font-src 'self' http://*.lessonup.com:* https://*.lessonup.com:* https://*.lessonup.com http://localhost:3100 http://localhost:3050 http://localhost:3000 http://localhost:3002 https://*.lessonup.dev https://staging.lessonup.app https://lessonup.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://js.intercomcdn.com https://fonts.intercomcdn.com https://cloud.typography.com https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://player.vimeo.com https://*.youtube.com https://www.youtube-nocookie.com https://q42.nl https://q42.com https://*.wikipedia.org https://*.schoolblocks.nl https://app.wereldvanoz.org https://flamingo.digibord-tool.c66.me https://natuurlab.q42labs.com https://kominactie.npo3fm.nl https://umu.nl https://jck.nl https://micr.io https://sketchfab.com https://wtfff.nl https://*.helpmaya.nl https://walk-in-my-shoes.be http://*.lessonup.com:* https://*.lessonup.com:* https://*.lessonup.com http://localhost:3100 http://localhost:3050 http://localhost:3000 http://localhost:3002 https://*.lessonup.dev https://staging.lessonup.app https://lessonup.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com https://intercom-sheets.com; 1
default-src 'none'; base-uri 'none'; child-src 'self' app.netlify.com; form-action 'none'; frame-ancestors 'none'; img-src 'self' images.prismic.io assets.coingecko.com s2.coinmarketcap.com *.cloudfront.net data:; media-src 'self'; object-src 'none'; script-src 'self' ajax.googleapis.com widgets.coingecko.com files.coinmarketcap.com 3rdparty-apis.coinmarketcap.com app.netlify.com netlify-cdp-loader.netlify.app *.googletagmanager.com; script-src-elem 'self' ajax.googleapis.com widgets.coingecko.com files.coinmarketcap.com 3rdparty-apis.coinmarketcap.com *.googletagmanager.com; style-src 'self' fonts.googleapis.com 'unsafe-inline' files.coinmarketcap.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com; connect-src 'self' api.coingecko.com 3rdparty-apis.coinmarketcap.com wss://cable.coingecko.com ocean.defichain.com api.github.com; prefetch-src 'self'; 1
default-src * 'self'; style-src https://fonts.googleapis.com 'self' 'unsafe-inline'; script-src https://www.google.com https://nexus.ensighten.com https://nexus-test.ensighten.com  https://www.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://script.hotjar.com https://static.hotjar.com https://googleads.g.doubleclick.net https://www.youtube.com 'self' 'unsafe-eval' 'unsafe-inline';  object-src * 'self'; img-src * 'self' data:;connect-src * 'self';  frame-src * 'self'; 1
frame-ancestors 'self' https://app.endearhq.com *.endearhq.com; report-uri https://o76320.ingest.sentry.io/api/5434086/security/?sentry_key=4606408afb594b4dafe50588b2179815 1
default-src 'self' *.hoechsmann.com *.google.com *.google.de https://*.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net https://www.googletagmanager.com https://tagmanager.google.com; script-src 'self' *.hoechsmann.com *.google.com *.google.de https://*.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.hoechsmann.com *.google.com *.google.de https://*.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-inline'; img-src 'self' *.hoechsmann.com *.google.com *.google.de https://*.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net https://www.googletagmanager.com https://tagmanager.google.com *.ytimg.com *.youtube.com data:; frame-src 'self' *.hoechsmann.com *.google.com *.google.de https://*.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net https://www.googletagmanager.com https://tagmanager.google.com *.youtube.com; font-src 'self' *.hoechsmann.com *.google.com *.google.de https://*.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net https://www.googletagmanager.com https://tagmanager.google.com 1
all; upgrade-insecure-requests 1
default-src *.archiefweb.eu *.wp.com; frame-src *.archiefweb.eu googleads.g.doubleclick.net *.wp.com; script-src 'unsafe-inline' 'unsafe-eval' *.archiefweb.eu *.googleapis.com *.googlesyndication.com adservice.google.nl adservice.google.com *.wp.com; style-src 'unsafe-inline' *.archiefweb.eu *.googleapis.com *.wp.com *.bootstrapcdn.com; font-src data: *.archiefweb.eu fonts.googleapis.com fonts.gstatic.com *.wp.com *.fontawesome.com wordpress.com *.bootstrapcdn.com; media-src *.archiefweb.eu; img-src data: *.archiefweb.eu *.w.org *.wp.com *.wordpress.com *.gravatar.com 1
default-src https:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval' 'report-sample'; img-src https: data:; form-action https:; connect-src https: wss:; object-src 'none'; worker-src https: wss: blob:; upgrade-insecure-requests 1
default-src https: wss:; object-src 'none'; script-src 'self' 'sha256-pVP3wiRK6EgotPvbJ2R65xpjHaVawiUq7xpvmES7HRA=' 'sha256-0Ql1J31jzC6EHJM2MUoUyEgmRntzyhoDq7h/gZw/BuQ=' 'sha256-Imv8rgvxn2GP4QJH/s+T5I8tEtsRwclyX3+LH36ke+U=' 'sha256-jurkMhxvcAAwFxjIjfR12lUpYT7opw/vFikj4x8bjdI=' 'sha256-jeiHD0Dprtjm5hhdGMFRwCA0Dj6efCfMLhYKIcCFf+o=' https://widget.freshworks.com/ https://sentry.razortheory.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ wss://relay.walletconnect.org/ https://static.moonpay.com/web-sdk/v1/moonpay-web-sdk.min.js *.googletagmanager.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://widget.freshworks.com/; img-src https: data: blob:; frame-ancestors 'self'; report-uri https://sentry.razortheory.com/api/91/security/?sentry_key=f3b78c6e49024631b6c5f239ec52c6b9 1
script-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' https://cdn.prod.website-files.com cdn.prod.website-files.com assets-global.website-files.com https://*.cloudfront.net https://*.force.com https://*.typekit.net; img-src * 'self' data: about:; font-src 'self' data: https://assets.website-files.com https://use.typekit.net https://c1.sfdcstatic.com; connect-src * 'self'; media-src 'self' https://cdn.prod.website-files.com cdn.prod.website-files.com assets-global.website-files.com; object-src 'none'; prefetch-src 'self'; child-src 'none'; frame-src https://forms.hsforms.com https://bid.g.doubleclick.net https://cdn.embedly.com https://service.force.com https://www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://player.vimeo.com https://www.youtube.com https://t.sharethis.com https://a21365630547.cdn.optimizely.com https://a21365630547.cdn-pci.optimizely.com https://insight.adsrvr.org https://*.facebook.com https://match.adsrvr.org; worker-src blob:; frame-ancestors 'self'; form-action 'self' https://forms.hsforms.com https://nydig--emsservice.my.salesforce.com https://webto.salesforce.com https://*.facebook.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self' 1
base-uri 'self'; default-src 'self'; script-src 'self' https://matomo.stodlinjen.se; script-src-elem 'self' https://matomo.stodlinjen.se; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data: https://*.stodlinjen.se; font-src 'self' data:; connect-src 'self' https://api.stodlinjen.se https://matomo.stodlinjen.se; frame-ancestors 'none'; form-action 'self' *.stodlinjen.se 1
default-src 'self'; script-src 'self' https://ingress.crowdpurr.com https://www.google.com https://www.googletagmanager.com 'sha256-W+XeZiIHtLq7Y2KSmr6DqjMcCn8jAXz/4SYpVaV/qE0=' https://www.gstatic.com https://stats.g.doubleclick.net https://www.youtube.com https://s.ytimg.com https://player.twitch.tv https://d1dzpm7ky4geqi.cloudfront.net 'unsafe-eval'; connect-src * 'self'; img-src data: 'self' http://* https://*; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://d1dzpm7ky4geqi.cloudfront.net; font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net https://s3.amazonaws.com https://d1dzpm7ky4geqi.cloudfront.net; frame-src 'self' https://www.googletagmanager.com https://www.google.com https://www.youtube.com https://player.twitch.tv https://www.facebook.com https://viewer.millicast.com; media-src 'self' https://viewer.millicast.com https://d1dzpm7ky4geqi.cloudfront.net; 1
default-src https: http: blob: data: 'unsafe-inline' 'unsafe-eval'; object-src ceros.com www3.ceros.com view.ceros.com wwwprod.eastdilsecured.com wwwprodbe.eastdilsecured.com wwwuat.eastdilsecured.com wwwbcp.eastdilsecured.com www.eastdilsecured.com esi.eastdilsecured.com esiadmin.eastdilsecured.com www.eastdilsecured.tech eastdilsecured.tech; base-uri http: https:; frame-ancestors 'self' eastdil-secured.preview.ceros.com api.ceros.com view.ceros.com www3.ceros.com wwwuat.eastdilsecured.com wwwbcp.eastdilsecured.com www.eastdilsecured.com esi.eastdilsecured.com ceros.com esiadmin.eastdilsecured.com www.eastdilsecured.tech eastdilsecured.tech; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: data: *; frame-ancestors 'self' samandehi.ir logo.samandehi.ir enamad.ir trustseal.enamad.ir ecunion.ir mediaad.org translate.googleapis.com 1
default-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: use.typekit.net use.fontawesome.com code.jquery.com google-analytics.com https://*.hotjar.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' http: https: e.issuu.com use.typekit.net code.jquery.com use.fontawesome.com www.google-analytics.com www.wufoo.com google-analytics.com; style-src 'self' 'unsafe-inline' http: https: 'report-sample' use.typekit.net use.fontawesome.com fonts.googleapis.com www.wufoo.com wufoo.com https://*.hotjar.com; style-src-elem 'self' 'unsafe-inline' http: https: 'report-sample' use.typekit.net use.fontawesome.com fonts.googleapis.com www.wufoo.com wufoo.com; img-src 'self' data: https: p.typekit.net https://*.hotjar.com; font-src 'self' data: use.typekit.net *.fontawesome.com cdnjs.cloudflare.com/* fonts.gstatic.com acsbapp.com https://*.hotjar.com; connect-src 'self' ws24.hotjar.com in.hotjar.com www.google-analytics.com stats.g.doubleclick.net cdn.acsbapp.com web1.acsbapp.com *.fontawesome.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.monsido.com/ https://monsido-consent.com/ https://*.monsido-consent.com/ https://px.ads.linkedin.com/ http://*.sentry.io/ ; media-src 'self' web1.acsbapp.com; frame-src 'self' vars.hotjar.com anchor.fm e.issuu.com www.google.com player.vimeo.com connect.bipc.com s3.amazonaws.com acsbapp.com accounts.accessibe.com https://td.doubleclick.net/ https://*.hotjar.com https://view.officeapps.live.com/ https://player.flipsnack.com https://www.youtube-nocookie.com; frame-ancestors 'self' https://app.socio.events/; form-action 'self'; base-uri 'self'; report-uri https://notarobot.report-uri.com/r/d/csp/enforce 1
default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://forum.arcaneodyssey.dev/logs/ https://forum.arcaneodyssey.dev/sidekiq/ https://forum.arcaneodyssey.dev/mini-profiler-resources/ https://forum.arcaneodyssey.dev/assets/ https://forum.arcaneodyssey.dev/brotli_asset/ https://forum.arcaneodyssey.dev/extra-locales/ https://forum.arcaneodyssey.dev/highlight-js/ https://forum.arcaneodyssey.dev/javascripts/ https://forum.arcaneodyssey.dev/plugins/ https://forum.arcaneodyssey.dev/theme-javascripts/ https://forum.arcaneodyssey.dev/svg-sprite/ 'report-sample' 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://unpkg.com https: 'unsafe-inline'; worker-src 'self' https://forum.arcaneodyssey.dev/assets/ https://forum.arcaneodyssey.dev/brotli_asset/ https://forum.arcaneodyssey.dev/javascripts/ https://forum.arcaneodyssey.dev/plugins/; report-uri https://forum.arcaneodyssey.dev/csp_reports; frame-ancestors 'self'; manifest-src 'self' 1
max-age=31536000; includeSubDomains; preload 1
default-src 'self' https://*.ipc-computer.de https://*.ipc-computer.eu https://*.ipc-computer.fr https://*.ipc-computer.es https://*.sparepartworld.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ipc-computer.de https://widgets.trustedshops.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.paypal.com https://www.paypalobjects.com https://checkout.dibspayment.eu https://unpkg.com; style-src 'self' 'unsafe-inline' https://checkout.dibspayment.eu https://*.googleapis.com https://www.googletagmanager.com https://*.ipc-computer.de; img-src 'self' data: https://*.ipc-computer.de https://*.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.ytimg.com https://img.youtube.com https://widgets.trustedshops.com https://www.paypalobjects.com; media-src 'self' data:; font-src 'self' data: https://*.gstatic.com; connect-src 'self' https://*.ipc-computer.de https://*.google-analytics.com https://*.googleapis.com https://*.doubleclick.net https://*.etrusted.com https://*.trustedshops.com https://*.paypal.com https://checkout.dibspayment.eu https://vendorlist.consensu.org; object-src 'none'; frame-src 'self' https://*.ipc-computer.de https://*.paypal.com https://checkout.dibspayment.eu https://www.google.com https://www.youtube-nocookie.com; worker-src 'none'; report-uri https://www.ipc-computer.de/csp-violation-log.php 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *jsdelivr.net franklin-electric.com  *.franklin-electric.com  *.mouseflow.com corp.local corp.dev *.youtube.com youtube.com *.gstatic.com *.googleapis.com html5shiv.googlecode.com cloud.typography.com otp.tools.investis.com hsprod.investis.com google-analytics.com www.google-analytics.com stats.g.doubleclick.net *.addsearch.com addsearch.com *.cloudfront.net *.searchcdn.com *.pingdom.net *.googletagmanager.com *.cloudfront.net *.rdstation.com.br 1
frame-ancestors 'self' https://www.mnclgroup.com; 1
default-src 'self' www.youtube.com apollo-server-landing-page.cdn.apollographql.com; script-src 'self' 'nonce-Bd978vZyP4fzJ6PCUHI5yw==' apollo-server-landing-page.cdn.apollographql.com embeddable-sandbox.cdn.apollographql.com sandbox.embed.apollographql.com; script-src-elem 'self' 'nonce-Bd978vZyP4fzJ6PCUHI5yw==' apollo-server-landing-page.cdn.apollographql.com embeddable-sandbox.cdn.apollographql.com sandbox.embed.apollographql.com; frame-src 'self' embeddable-sandbox.cdn.apollographql.com sandbox.embed.apollographql.com www.youtube.com https://app.igniteprocurement.com/; connect-src 'self' https://sentry.io https://obosit-dev-connect-fa.azurewebsites.net https://obosit-prod-connect-fa.azurewebsites.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: res.cloudinary.com apollo-server-landing-page.cdn.apollographql.com embeddable-sandbox.cdn.apollographql.com obos-res.cloudinary.com https://res.cloudinary.com https://obos-res.cloudinary.com https://storage.googleapis.com ignite-procurement-production.s3.amazonaws.com *.ignite-procurement-production.s3.amazonaws.com https://cdn.sanity.io https://cdn.sanity.io https://cdn.jsdelivr.net blob:; media-src 'self' res.cloudinary.com obos-res.cloudinary.com https://res.cloudinary.com https://obos-res.cloudinary.com https://cdn.sanity.io; base-uri 'self'; object-src 'self'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; worker-src 'none'; form-action 'self' innlogging.obos.no; 1
frame-ancestors https://luckycloud.de https://www.luckycloud.de https://storage.luckycloud.de https://support.luckycloud.de 1
frame-ancestors 'self' https://max.niceincontact.com https://app.calltrackingmetrics.com 1
default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'nonce-5046e9f038af553ef62ec92a7089b038' 'unsafe-eval' 'strict-dynamic' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; frame-src 'self' https://consentcdn.cookiebot.com https://www.google.com  https://td.doubleclick.net *.google.com; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://consentcdn.cookiebot.com *.google-analytics.com https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:;  img-src 'self' https: data: blob:; frame-ancestors 'self'; object-src 'none'; base-uri 'self';form-action 'self' 1
default-src *.bbb.org *.google.com bootstrapcdn.com  googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com *.crowdfiber.io data: *.googletagmanager.com luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.benlomandconnect.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.facebook.net *.smeco.coop electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' elfsight.com icua.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co billing.benlomandconnect.com *.cooperative.com *.google-analytics.com cloudfront.net *.ctctcdn.com *.marketingautomation.services gmpg.org *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com speedcheck.blomand.net *.azgt.coop; 1
img-src data: 'self' https://dc.ads.linkedin.com https://maps.googleapis.com https://maps.gstatic.com/ https://*.tile.openstreetmap.org https://www.google-analytics.com https://www.google.nl https://www.google.com https://www.googletagmanager.com https://www.facebook.com https://imgsct.cookiebot.com;frame-src 'self' https://consentcdn.cookiebot.com https://www.youtube.com https://www.googletagmanager.com https://www.facebook.com https://player.vimeo.com https://vars.hotjar.com https://*.doubleclick.net;script-src 'nonce-8IdLshEwDi1EALf0e8OA' 'strict-dynamic' ;style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://ajax.googleapis.com/ https://netdna.bootstrapcdn.com;font-src 'self' https://fonts.gstatic.com https://netdna.bootstrapcdn.com;connect-src 'self' https://www.google-analytics.com https://consentcdn.cookiebot.com https://maps.googleapis.com https://region1.analytics.google.com https://region1.google-analytics.com https://*.hotjar.com wss://*.hotjar.com https://content.hotjar.io https://www.google.com https://www.google.nl  https://*.doubleclick.net;manifest-src 'self';default-src 'self' https://www.odin.nl 1
default-src 'self' 'unsafe-inline';script-src 'self' cdnjs.cloudflare.com statistiek.rijksoverheid.nl maps.googleapis.com *.publikaan.nl i.icomoon.io cdn.jsdelivr.net code.jquery.com www.gstatic.com gstatic.com ajax.aspnetcdn.com www.google.com google.com instituut-mijnbouwschade-groningen.onstuimig.nl 'unsafe-eval' 'unsafe-inline';style-src 'self' fonts.googleapis.com *.publikaan.nl cdn.jsdelivr.net statistiek.rijksoverheid.nl img.de-publieke-zaak.nl 'unsafe-inline';connect-src 'self' *.publikaan.nl contentanalyzer.azurewebsites.net i.icomoon.io t-ic-products-contentcoach-coach.azurewebsites.net maps.googleapis.com statistiek.rijksoverheid.nl img.de-publieke-zaak.nl;font-src 'self' fonts.gstatic.com *.publikaan.nl cdn.jsdelivr.net statistiek.rijksoverheid.nl img.de-publieke-zaak.nl data:;form-action 'self' accounts.google.com;img-src 'self' data: p-ic-hosting-shared-weu-cdn-img.azureedge.net statistiek.rijksoverheid.nl *.publikaan.nl maps.gstatic.com maps.googleapis.com www.gravatar.com i.vimeocdn.com;media-src 'self' www.youtube.com vimeo.com youtube.com youtube.com;frame-ancestors 'self' www.schadedoormijnbouw.infocaster-cloud.net www.schadedoormijnbouw.nl;frame-src * 1
frame-ancestors 'self' ailabtools.com *.ailabtools.com 1
base-uri 'none'; default-src 'self' data: https: wss: http://campaigns.zoho.eu; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://api.scrivito.com https://assets.scrivito.com https://bmoi-zcmp.maillist-manage.eu https://cdn.iubenda.com https://cs.iubenda.com https://maillist-manage.eu https://static.axept.io https://www.eventbrite.com https://www.googletagmanager.com; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com 1
frame-ancestors 'self' *.regmovies.com *.authorize.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usefathom.com *.marker.io su478.infusionsoft.app *.gstatic.com *.amazonaws.com *.doubleclick.net *.freshworks.com livestream.com *.googleadservices.com *.sumo.com www.google.com cdn.jsdelivr.net cdn.plyr.io widget.happyfoxchat.com cdn.datatables.net static.leadpages.net *.issuu.com issuu.com *.vimeo.com code.jquery.com www.googletagmanager.com *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com connect.facebook.net *.stripe.com js.stripe.com fast.wistia.com; frame-src 'self' su478.infusionsoft.app *.google.com *.doubleclick.net *.freshdesk.com http://www.buddhismuskunde.uni-hamburg.de/ livestream.com wisdomexperience.org fast.wistia.com *.issuu.com issuu.com wisdompubs.lpages.co widget.happyfoxchat.com js.stripe.com *.vimeo.com vimeo.com hooks.stripe.com *.youtube.com *.facebook.com s-static.ak.facebook.com; object-src 'self'; 1
base-uri 'none'; default-src 'none'; child-src https://www.youtube.com https://www.youtube.com https://player.vimeo.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be https://*.resengo.com https://*.tiktok.com; connect-src 'self' https://*.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://vimeo.com https://*.resengo.com https://resengocomgeneralpurpose.blob.core.windows.net https://bam.nr-data.net https://*.tiktok.com; font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://*.typenetwork.com https://fonts.gstatic.com data:; frame-ancestors 'self'; frame-src https://www.youtube.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be https://*.resengo.com https://*.tiktok.com; img-src 'self' https://www.google-analytics.com https://*.google.com/ads/ https://*.google.be/ads/ https://www.facebook.com https://i3.ytimg.com https://gallery.mailchimp.com https://cdn-images.mailchimp.com/ https://resengocomgeneralpurpose.blob.core.windows.net https://*.tiktok.com data:; media-src https://p.scdn.co; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.youtube.com/player_api https://s.ytimg.com https://player.vimeo.com/api/player.js https://*.resengo.com https://resengocomgeneralpurpose.blob.core.windows.net https://js-agent.newrelic.com https://bam.nr-data.net https://*.tiktok.com 'unsafe-inline'; style-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://*.typenetwork.com 'unsafe-inline'; 1
upgrade-insecure-requests  ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; media-src 'self' data: mpsnare.iesnare.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com cdn.cookielaw.org script.crazyegg.com pghub.io www.youtube.com *.bazaarvoice.com mpsnare.iesnare.com feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' feed.pghub.io www.youtube.com consumersupport.pg.com pandg.tapad.com ; img-src 'self' images.ctfassets.net pixel.tapad.com cdn.cookielaw.org www.googletagmanager.com *.ytimg.com *.bazaarvoice.com data: feed.pghub.io pandg.tapad.com ; connect-src 'self' cdn.cookielaw.org geolocation.onetrust.com script.crazyegg.com *.google-analytics.com *.bazaarvoice.com csapi-nonprod.pg.com csapi.pg.com geolocation-db.com *.algolia.net wss: mpsnare.iesnare.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
frame-ancestors 'self' https://landing.weddingwire.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://graz.social; img-src 'self' https: data: blob: https://graz.social; style-src 'self' https://graz.social 'nonce-3Q3XH5wDRghovnfWqh9VXw=='; media-src 'self' https: data: https://graz.social; frame-src 'self' https:; manifest-src 'self' https://graz.social; form-action 'self'; child-src 'self' blob: https://graz.social; worker-src 'self' blob: https://graz.social; connect-src 'self' data: blob: https://graz.social https://graz.social wss://graz.social; script-src 'self' https://graz.social 'wasm-unsafe-eval' 1
default-src 'self' https://*.doubleclick.net https://stats.g.doubleclick.net; child-src blob: https://www.amnh.org; connect-src 'self' https://*.googlesyndication.com https://*.sentry.io https://analytics.tiktok.com https://*.abtasty.com https://region1.analytics.google.com https://analytics.google.com https://*.cloudflarestream.com https://*.doubleclick.net https://*.googleapis.com https://ask.hotjar.io https://*.hotjar.com https://*.videodelivery.net https://ad.doubleclick.net https://adservice.google.com https://apis.google.com https://cdn.syndication.twimg.com https://cdp.cloud.unity3d.com https://config.uca.cloud.unity3d.com https://edit.meridianapps.com https://googletagmanager.com https://media.amnh.org https://region1.google-analytics.com https://starling.crowdriff.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://syndication.twitter.com https://tags.meridianapps.com https://translate.googleapis.com https://vc.hotjar.io https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ca https://www.google.ch https://www.google.co.in https://www.google.co.tz https://www.google.co.uk https://www.google.com https://www.google.com.ar https://www.google.com.bd https://www.google.de https://www.google.es https://www.google.fr https://www.google.no https://www.google.ro wss://*.hotjar.com wss://tags.meridianapps.com wss://ws15.hotjar.com https://amnh.ungerboeck.com; font-src 'self' data: https://*.abtasty.com https://*.googleapis.com https://script.hotjar.com https://abs.twimg.com https://fonts.gstatic.com https://surveystats.hotjar.io https://ssl.p.jwpcdn.com https://use.typekit.net; form-action 'self' https://data.library.amnh.org https://digitallibrary.amnh.org https://export.highcharts.com https://www.googletagmanager.com https://libcat1.amnh.org https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com; frame-ancestors 'self' https://*.google.com https://*.amnh.org https://amnh.org; frame-src 'self' https://*.abtasty.com https://*.cloudflarestream.com https://*.search.serialssolutions.com https://9432320.fls.doubleclick.net https://accounts.google.com https://amnh.uservoice.com https://bid.g.doubleclick.net https://block.opendns.com https://calendar.google.com https://consentag.eu https://d1eoo1tco6rr5e.cloudfront.net https://darwin.amnh.org https://docs.google.com https://embed.videodelivery.net https://giphy.com https://iframe.videodelivery.net https://*.adsrvr.org https://mead2019.sched.com https://m.facebook.com https://moodle.amnh.org https://osborn.amnh.org https://ourworldindata.org https://platform.twitter.com https://player.vimeo.com https://sketchfab.com https://syndication.twitter.com https://td.doubleclick.net https://tpc.googlesyndication.com https://useast-www.securly.com https://vars.hotjar.com https://videodelivery.net https://w.soundcloud.com https://widgets.resy.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.instagram.com https://www.youtube.com; img-src 'self' data: blob: https: *; media-src 'self' 'unsafe-inline' data: https://*.cloudflarestream.com https://crowdriff-video-upload.s3.amazonaws.com https://embed.videodelivery.net https://media.amnh.org https://videodelivery.net https://www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' blob: https://pixel.byspotify.com/ping.min.js https://analytics.tiktok.com https://*.abtasty.com https://*.googleapis.com https://addevent.com https://beacon.sojern.com https://*.adsrvr.org https://static.cloudflareinsights.com https://*.videodelivery.net https://*.addevent.com https://ajax.cloudflare.com https://anthro.amnh.org https://by2.uservoice.com https://cdn.knightlab.com https://cdn.syndication.twimg.com https://code.highcharts.com https://code.jquery.com https://collector-2328.tvsquared.com https://connect.facebook.net https://consentag.eu https://data.library.amnh.org https://googleads.g.doubleclick.net https://i.ctnsnet.com https://i.simpli.fi https://maps.googleapis.com https://maps.google.com https://mead2019.sched.com https://platform.instagram.com https://platform.twitter.com https://script.hotjar.com https://ssl.p.jwpcdn.com https://starling.crowdriff.com https://static.hotjar.com https://tagmanager.google.com https://tag.simpli.fi https://tpc.googlesyndication.com https://translate.googleapis.com https://translate.google.com https://translate-pa.googleapis.com https://use.typekit.net https://widget.uservoice.com https://widgets.resy.com https://www.amnh.org https://www.googleadservices.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.instagram.com https://www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.abtasty.com data: https://analytics.tiktok.com https://*.abtasty.com https://*.adsrvr.org https://beacon.sojern.com https://static.cloudflareinsights.com https://*.googleapis.com https://*.addevent.com https://ajax.cloudflare.com https://ajax.googleapis.com https://analytics.twitter.com https://anthro.amnh.org https://apis.google.com https://bpb.opendns.com https://cdn.knightlab.com https://cdn.syndication.twimg.com https://cdn.yoochoose.net https://cdnjs.cloudflare.com https://code.highcharts.com https://code.jquery.com https://collector-2328.tvsquared.com https://connect.facebook.net https://consentag.eu https://embed.videodelivery.net https://fullstory.com https://googleads.g.doubleclick.net https://googletagmanager.com https://i.ctnsnet.com https://i.simpli.fi https://maps.google.com https://maps.googleapis.com https://nexus.ensighten.com https://platform.instagram.com https://platform.twitter.com https://region1.google-analytics.com https://rules.quantcount.com https://s.ytimg.com https://script.hotjar.com https://secure.quantserve.com https://ssl.p.jwpcdn.com https://starling.crowdriff.com https://static.ads-twitter.com https://static.hotjar.com https://tag.simpli.fi https://tagmanager.google.com https://tpc.googlesyndication.com https://translate.google.com https://translate.googleapis.com https://use.typekit.net https://useast-www.securly.com https://www.google-analytics.com https://www.google.al https://www.google.ca https://www.google.ch https://www.google.co.in https://www.google.co.tz https://www.google.co.uk https://www.google.com https://www.google.com.ar https://www.google.com.bd https://www.google.de https://www.google.es https://www.google.fr https://www.google.no https://www.google.ro https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.instagram.com https://www.securly.com https://www.youtube.com; style-src-elem 'self' 'unsafe-inline' https://teddytor.abtasty.com https://www.googletagmanager.com https://cloud.typography.com https://code.jquery.com https://data.library.amnh.org https://fonts.googleapis.com https://platform.twitter.com https://stackpath.bootstrapcdn.com https://starling.crowdriff.com https://tagmanager.google.com https://ton.twimg.com https://translate.googleapis.com https://www.amnh.org https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://code.jquery.com https://fonts.googleapis.com https://p.typekit.net https://platform.twitter.com https://starling.crowdriff.com https://ton.twimg.com https://translate.googleapis.com https://use.typekit.net; manifest-src 'self'; worker-src blob: 'self'; object-src https://www.youtube.com; report-to report-uri-amnh-csp-endpoint; report-uri https://amnh.report-uri.com/r/t/csp/enforce 1
script-src 'self' blob: https://googleads.g.doubleclick.net https://ct.pinterest.com/  https://s.pinimg.com/ https://static.ads-twitter.com https://bat.bing.com https://www.redditstatic.com https://www.google-analytics.com https://www.gstatic.com/ 'unsafe-inline' 'unsafe-eval' https://www.bugherd.com https://www.google.com https://ajax.googleapis.com https://apply.app.jobvite.com https://bidagent.xad.com https://cdn.jsdelivr.net https://code.jquery.com https://hb.secure.force.com https://hopebridge.my.salesforce-sites.com https://jobs.hopebridge.com https://maps.googleapis.com https://maps.google.com https://my.hellobar.com https://sitestats.ttcportals.com https://tenor.com https://www.googletagmanager.com https://www.instagram.com https://www.tiktok.com; style-src 'self' 'unsafe-inline' https://dhbhdrzi4tiry.cloudfront.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://hopebridge.my.salesforce-sites.com https://hopebridge.com https://p.typekit.net; img-src data: *; 1
frame-ancestors 'self' *.canva.com canva.com; report-uri https://csp.canva.com/_cspreport?app=websites; base-uri 'self'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'nonce-7166200f-41ce-4f40-b6db-a25c198d6805' https://www.google.com/recaptcha/api.js; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; connect-src 'self' https:; font-src 'self' data: https://fonts.gstatic.com; media-src *; report-uri *; child-src *; form-action 'self'; frame-ancestors *; object-src 'none'; frame-src 'self' https:; worker-src *; manifest-src *; navigate-to *; prefetch-src *; base-uri * 1
upgrade-insecure-requests; base-uri 'self'; form-action 'self'; object-src 'none'; frame-ancestors 'self' http://localhost https://silverchain-mvc-uat.azurewebsites.net https://silverchain-cms-uat.azurewebsites.net https://www.silverchain.org.au https://silverchain-prod-cms.azurewebsites.net/; 1
default-src https: 'self'; connect-src 'self' https://px.ads.linkedin.com https://dock.ui.bosch.tech https://region1.google-analytics.com https://www.google-analytics.com https://svrdntfctn.com https://scnem.com https://api.friendlycaptcha.com; font-src 'self' data: ; frame-src 'self' https://scnem.com https://www.youtube-nocookie.com https://www.buzzsprout.com https://td.doubleclick.net; img-src 'self' https://px.ads.linkedin.com https://www.linkedin.com https://www.google-analytics.com/ https://www.kununu.com https://www.glassdoor.ie https://region1.google-analytics.com https://www.googletagmanager.com https://scnem.com https://googleads.g.doubleclick.net data: ;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.buzzsprout.com https://www.googletagmanager.com https://dock.ui.bosch.tech https://www.google-analytics.com https://svrdntfctn.com https://cdn.jsdelivr.net https://www.googleadservices.com https://scnem.com https://snap.licdn.com; style-src 'self' 'unsafe-inline' data: fast.fonts.net; frame-ancestors 'self'; report-uri /csp_.php; worker-src 'self' blob: ; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none';base-uri 'none';frame-ancestors 'self' 1
frame-src https://*.karls-shop.de https://*.mollie.com https://*.paypal.com https://my.matterport.com https://*.klarna.com https://*.youtube-nocookie.com/ 1
default-src 'self' 'unsafe-inline' player.vimeo.com www.youtube.com *.tile.openstreetmap.org; script-src 'self' 'unsafe-inline' cdn.usefathom.com unpkg.com api.mapbox.com *.tile.openstreetmap.org; img-src data: 'self' 'unsafe-eval' cdn.usefathom.com unpkg.com api.mapbox.com *.tile.openstreetmap.org; style-src 'self' 'unsafe-inline' fonts.googleapis.com unpkg.com api.mapbox.com; font-src 'self' fonts.gstatic.com; connect-src 'self' *.tile.openstreetmap.org 1
default-src 'self'; connect-src 'self' https://*.siteimprove.com https://*.readspeaker.com https://*.google-analytics.com https://*.analytics.google.com https://*.gemeentemaastricht.eu https://matomo.spzl.nl; font-src 'self' https://fonts.gstatic.com https://*.readspeaker.com https://matomo.spzl.nl data:; frame-src https://my2.siteimprove.com https://*.readspeaker.com https://www.google.com https://app.powerbi.com; img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://*.global.siteimproveanalytics.io https://*.tile.openstreetmap.org https://www.toegankelijkheidsverklaring.nl https://matomo.spzl.nl; manifest-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://siteimproveanalytics.com https://maps.googleapis.com https://matomo.spzl.nl https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://github.com https://polyfill.io https://sf1-eu.readspeaker.com https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://siteimproveanalytics.com https://maps.googleapis.com https://matomo.spzl.nl https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://github.com https://polyfill.io https://sf1-eu.readspeaker.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://*.readspeaker.com https://matomo.spzl.nl https://cdnjs.cloudflare.com https://fonts.googleapis.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; worker-src 'none'; base-uri 'self' https://matomo.spzl.nl; report-uri https://www.gemeentemaastricht.nl/report-uri/enforce; upgrade-insecure-requests 1
default-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; frame-src https: data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' stats.g.doubleclick.net unpkg.com ajax.googleapis.com www.googletagmanager.com code.jquery.com cdn.auth0.com stackpath.bootstrapcdn.com *.google-analytics.com bat.bing.com cdn.jsdelivr.net wchat.freshchat.com www.youtube.com s.ytimg.com www.googleadservices.com dl.episerver.net snap.licdn.com connect.facebook.net googleads.g.doubleclick.net maps.googleapis.com *.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ http://www.google.com/recaptcha/api.js https://www.google.com/pagead/conversion_async.js https://js.monitor.azure.com *.hs-analytics.net *.hsadspixel.net static.hsappstatic.net js.hscta.net *.usemessages.com *.hubspot.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com; style-src 'self' 'unsafe-inline' *.analytics.google.com use.typekit.net p.typekit.net wchat.freshchat.com dl.episerver.net fonts.googleapis.com cdn.jsdelivr.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net; img-src * data: blob: js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com; font-src 'self' use.typekit.net p.typekit.net fonts.gstatic.com *.cloudfront.net; connect-src 'self' *.analytics.google.com *.linkedin.com *.auth0.com bat.bing.com *.google-analytics.com *.googlesyndication.com stats.g.doubleclick.net ad.doubleclick.net maps.googleapis.com https://*.hotjar.com:* https://vc.hotjar.io:* https://ip2c.org/s https://api.localazy.com:* https://delivery.localazy.com:* wss://*.hotjar.com *.hotjar.io google.com/pagead/landing *.google.com *.google.nl cdn.linkedin.oribi.io googleads.g.doubleclick.net *.applicationinsights.azure.com https://www.facebook.com/tr/ *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com; object-src youtube.com www.youtube.com; frame-src * https://www.google.com/recaptcha/ *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com; frame-ancestors 'self'; form-action 'self' cadac.eu.auth0.com *.cadac.com www.youtube.com wchat.freshchat.com *.buckaroo.nl https://www.facebook.com/tr/ *.hsforms.com; upgrade-insecure-requests; block-all-mixed-content 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://types.pl; img-src 'self' data: blob: https://types.pl https://pool.jortage.com/typespl/ https://blob.jortage.com; style-src 'self' 'unsafe-inline' https://types.pl; media-src 'self' data: https://types.pl https://pool.jortage.com/typespl/ https://blob.jortage.com; frame-src 'self' https:; manifest-src 'self' https://types.pl; form-action 'self'; child-src 'self' blob: https://types.pl; worker-src 'self' blob: https://types.pl; connect-src 'self' data: blob: https://types.pl https://pool.jortage.com/typespl/ https://blob.jortage.com wss://types.pl; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://types.pl 'wasm-unsafe-eval' 1
frame-ancestors https://*.ariba.com https://sanofi.coupahost.com 1
frame-ancestors 'self'; manifest-src 'none'; font-src https: data: 'self'; img-src https: data: blob: 'self'; style-src https: data: blob: 'unsafe-inline' 'self'; script-src 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' data: https://www.shopmania.rs https://s.cdnshm.com www.shopmania.net *.facebook.com *.facebook.net *.fbcdn.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google.com 'self'; object-src 'self'; media-src 'self'; default-src https://www.shopmania.rs https://s.cdnshm.com www.shopmania.net *.facebook.com *.facebook.net *.fbcdn.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google.com 'self'; report-to csp_reports; report-uri https://www.shopmania.rs/csp?action=report_csph&k=ByIhExAbb0NGfAcVMRhiYW9BOCM%3D 1
img-src * 'self' data:;script-src 'self' http://www.google-analytics.com       https://fonts.shopifycdn.com        https://www.gstatic.com https://maps.googleapis.com https://code.jquery.com https://www.googleadservices.com       https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net        https://unpkg.com https://cdnjs.cloudflare.com https://www.youtube.com https://www.googletagmanager.com        https://connect.facebook.net https://www.google.com https://www.facebook.com https://googleads.g.doubleclick.net/        https://www.google.com.tr 'unsafe-eval' 'unsafe-inline'; 1
font-src *.gstatic.com static.klaviyo.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com api.livechatinc.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.unsplash.com bat.bing.com *.gstatic.com cdn.livechat-files.com cdn.livechat-static.com api.livechatinc.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com cdn.attn.tv bat.bing.com cdnjs.cloudflare.com cdn.avmws.com ssl.avmws.com js-agent.newrelic.com *.sandbox.google.com *.google.com/pay cdn.livechatinc.com api.livechatinc.com *.turnto.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ cdn.jsdelivr.net connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline static-tracking.klaviyo.com static.klaviyo.com cdn.livechatinc.com api.livechatinc.com *.googleapis.com *.cloudflare.com *.turnto.com https://static.klaviyo.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cdn.attn.tv cdn.livechat-files.com cdn.livechat-static.com api.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com events.attentivemobile.com outdoorgearexchange.attn.tv ssl.avmws.com *.sandbox.braintree-api.com/graphql *.google.com *.google.com/about/redirect *.sandbox.google.com api.livechatinc.com *.arizonreports.cloud *.turnto.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self'  http://*.ceca.es https://*.ceca.es; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://girlcock.club; img-src 'self' https: data: blob: https://girlcock.club; style-src 'self' https://girlcock.club 'nonce-mLBPyjx6y+eiQrEbv7DECA=='; media-src 'self' https: data: https://girlcock.club; frame-src 'self' https:; manifest-src 'self' https://girlcock.club; form-action 'self'; child-src 'self' blob: https://girlcock.club; worker-src 'self' blob: https://girlcock.club; connect-src 'self' data: blob: https://girlcock.club https://media.girlcock.club wss://girlcock.club; script-src 'self' https://girlcock.club 'wasm-unsafe-eval' 1
frame-ancestors 'self' www.eands.com.au 1
frame-ancestors 'self' versapay.com staging.versapay.com; 1
frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com *.boursobank.com 1
script-src 'self' 'unsafe-inline' https: ; frame-src 'self' https: 1
default-src 'self' 'unsafe-inline' data: dweb: ipfs: ipns: https://*.dweb.link https://ipfs.io https://*.infura.io https://cgi.ninetailed.ninja; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com www.google.com www.youtube.com www.tagassistant.google.com www.googletagmanager.com www.google-analytics.com www.gstatic.com *.browsealoud.com *.soundcloud.com cashierui-api.intelligent-payments.com rezoomo.com rum.browser-intake-datadoghq.eu; 1
frame-ancestors 'self' creativespirits.info 1
frame-ancestors 'self' https://bechtle.com https://www.bechtle.com https://arp.nl https://prod.arp.nl https://www.arp.nl https://bechtle-clouds.com https://www.bechtle-clouds.com https://services.inmac.com 1
default-src 'self' https://ificbank.com.bd https://www.ificbank.com.bd https://www.google-analytics.com https://www.youtube.com/ https://www.google.com https://maps.googleapis.com; script-src * 'self' https://www.ificbank.com.bd https://cdn.datatables.net https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://polyfill.io https://maps.googleapis.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/4.17.47/css/bootstrap-datetimepicker.min.css https://use.fontawesome.com/ea731dcb6f.css https://use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css https://cdn.datatables.net https://cdn.jsdelivr.net https://fonts.googleapis.com https://unpkg.com/swiper/css/swiper.min.css https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com https://cdnjs.cloudflare.com; object-src 'self'; img-src 'self' data: https://ificbank.com.bd https://www.ificbank.com.bd https://www.google-analytics.com https://lh3.googleusercontent.com/7KVxxD0HSHA_a1nb3O5xjXyhDojE1lDwdA-f3a5dCZt5351i5cOKnZT_JzIbaBpU6Ds=s180-rw https://maps.googleapis.com https://maps.gstatic.com https://developers.google.com https://cdn.datatables.net; 1
frame-ancestors 'self' panoramen.frauenkirche-dresden.de 1
default-src data: https: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval';      font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline' 'unsafe-eval';      script-src 'self' data: https: https://graph.facebook.com https://facebook.com 'unsafe-inline' 'unsafe-eval';      style-src data: 'self' https://www.qldxray.com.au https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.com https://cdn.plyr.io 'unsafe-inline' 'unsafe-eval'; connect-src  data: 'self' https: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://pre-qldxray.uat.sonichealthcare.com https://www.qldxray.com.au https://www.google-analytics.com https://in.hotjar.com https://vc.hotjar.io https://maps.googleapis.com 1
frame-ancestors 'self' https://*.sprutcam.com 1
default-src 'self' *.youtube.com *.pinterest.com www.google-analytics.com maps.googleapis.com *.purecaps.net *.wufoo.com login.doccheck.com 4allportal.promedico.net forms.office.com td.doubleclick.net; font-src 'self' produktberater.purecaps.net data:; img-src 'self' *.purecaps.net *.shopify.com www.google-analytics.com googleads.g.doubleclick.net *.google.com *.google.at *.googleadservices.com t.co analytics.twitter.com *.facebook.com promedico.piwik.pro *.pinterest.com bat.bing.com maps.gstatic.com maps.googleapis.com www.googletagmanager.com widgets.trustedshops.com integrations.etrusted.com tracking.dspx.tv static.kameleoon.com data:; object-src 'none'; script-src 'self' *.google.at *.google.com *.purecaps.net *.kameleoon.eu *.kameleoon.io static.kameleoon.com *.cookiefirst.com *.wufoo.com widgets.trustedshops.com integrations.etrusted.com *.adform.net 'unsafe-inline' 'unsafe-eval' www.youtube.com www.google-analytics.com *.googleoptimize.com *.googleadservice.com googleads.g.doubleclick.net *.googleadservices.com www.googletagmanager.com maps.googleapis.com bat.bing.com s.pinimg.com static.ads-twitter.com connect.facebook.net *.cloudfront.net promedico.piwik.pro cdn.jsdelivr.net; style-src 'self' integrations.etrusted.com produktberater.purecaps.net *.kameleoon.com 'unsafe-inline' *.cookiefirst.com; connect-src integrations.etrusted.com *.algolia.net *.algolianet.com maps.googleapis.com *.google.com *.googleoptimize.com googleads.g.doubleclick.net *.google-analytics.com *.purecaps.net promedico.piwik.pro produktberater.purecaps.net:2053 *.kameleoon.eu *.kameleoon.io *.cookiefirst.com *.kameleoon.com *.506.ai:* *.pinterest.com stats.g.doubleclick.net bat.bing.com www.facebook.com 4allportal.promedico.net *.googlesyndication.com; frame-ancestors 'self' *.purecaps.net 1
report-uri https://petrostar.com 1
default-src 'none'; base-uri 'self'; frame-ancestors 'self'; child-src 'self'; manifest-src 'self'; form-action 'self'; object-src 'none'; connect-src kmu-datacenter.ch *.google-analytics.com googletagmanager.com https: ; font-src 'self'; frame-src 'self' https://www.google.com; script-src 'self' https: 'unsafe-inline' 'nonce-78610495863231852312718693958296778' ; img-src 'self'; style-src 'self' 'unsafe-inline' ; media-src 'self' https: data: ; 1
default-src 'self' data: wss: *.youtube.com youtube.com developer.livehelpnow.net *.membee.com *.amazon-adsystem.com *.tableau.com *.adnxs.com *.doubleclick.net *.yahoo.com *.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.monitor.azure.com https://google-analytics.com https://googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.visualstudio.com https://*.services.visualstudio.com https://cdn.jsdelivr.net https://insight.adsrvr.org https://*.tableau.com https://*.vimeo.com https://*.youtube.com https://developer.livehelpnow.net https://f.vimeocdn.com https://player.vimeo.com https://www.vimeo.com https://c.amazon-adsystem.com https://www.google.com https://www.gstatic.com https://memberservices.membee.com https://*.membee.com/ https://s.amazon-adsystem.com https://*.googleapis.com https://static.cloudflareinsights.com;object-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com www.googletagmanager.com insight.adsrvr.org developer.livehelpnow.net membee.com *.googleapis.com;img-src 'self' data: *.google.com *.google-analytics.com fonts.gstatic.com maps.gstatic.com maps.googleapis.com insight.adsrvr.org *.bidswitch.net trkn.us www.googletagmanager.com *.tableau.com *.vimeocdn.com *.vimeo.com developer.livehelpnow.net membee.com *.amazon-adsystem.com *.adnxs.com *.doubleclick.net *.yahoo.com *.yahoo.net *.adsrvr.org *.rubiconproject.com https://*.livehelpnow.net https://arttrk.com;media-src 'self' *.vimeo.com vimeo.com *.youtube.com youtube.com *.livehelpnow.net *.membee.com *.amazon-adsystem.com *.adnxs.com *.doubleclick.net *.yahoo.com *.vimeocdn.com;frame-src 'self' https://*.bluemod.us https://*.bluemod.me https://*.azurewebsites.net https://*.chfainfo.com https://insight.adsrvr.org www.googletagmanager.com https://player.vimeo.com https://*.google.com https://vimeo.com *.vimeo.com https://*.youtube.com https://www.youtube.com/embed/ https://*.tableau.com *.livehelpnow.net s-static.ak.facebook.com static.ak.facebook.com www.facebook.com twitter.com linkedin.com https://*.membee.com *.amazon-adsystem.com *.adnxs.com *.doubleclick.net *.yahoo.com https://*.vimeocdn.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com dn.livehelpnow.net cdn.livehelpnow.net membee.com;connect-src 'self' *.livehelpnow.net fonts.gstatic.com fonts.googleapis.com *.google.com *.applicationinsights.azure.com fonts.gstatic.com stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com insight.adsrvr.org *.tableau.com dc.services.visualstudio.com vimeo.com app.livehelpnow.net wss: membee.com *.amazon-adsystem.com *.adnxs.com *.doubleclick.net *.yahoo.com *.googleapis.com https://static.cloudflareinsights.com https://*.amazon.com https://ara.paa-reporting-advertising.amazon https://fresnel.vimeocdn.com https://player.vimeo.com https://*.vimeocdn.com;base-uri 'self';child-src 'self' *.vimeo.com vimeo.com *.youtube.com youtube.com www.googletagmanager.com *.membee.com *.amazon-adsystem.com *.adnxs.com *.doubleclick.net *.yahoo.com *.googleapis.com;form-action 'self';frame-ancestors 'self' https://*.bluemod.us https://*.bluemod.me https://*.azurewebsites.net https://*.chfainfo.com https://insight.adsrvr.org https://*.tableau.com https://*.vimeo.com https://*.youtube.com https://*.membee.com *.amazon-adsystem.com *.adnxs.com *.doubleclick.net *.yahoo.com https://*.vimeocdn.com;manifest-src 'self';worker-src 'self' blob: *.youtube.com;upgrade-insecure-requests;block-all-mixed-content 1
default-src 'self'; img-src 'self' data: https://chart.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com ; font-src 'self' https://fonts.gstatic.com; report-uri https://cspreport.chainbox.io/report; 1
frame-ancestors 'self' https://echobotsales.de/ https://*.echobotsales.de/ https://*.lightning.force.com/ https://*.my.salesforce.com https://*.echobot.de https://d35wjiveis58b7.cloudfront.net/ https://www.dealfront.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com in.hotjar.com script.hotjar.com static.hotjar.com vars.hotjar.com www.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com bat.bing.com code.jquery.com app.responseiq.com maps.googleapis.com wstatic.responseiq.com www.gstatic.com www.google.co.uk www.googleadservices.com googleads.g.doubleclick.net www.google.com a19.responseiq.com fonts.googleapis.com fonts.gstatic.com jqueryjs.googlecode.com maps.gstatic.com ssl.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' bat.bing.com cdn.inspectlet.com connect.facebook.net www.google-analytics.com www.googletagmanager.com www.gstatic.com ajax.googleapis.com googleads.g.doubleclick.net script.hotjar.com static.hotjar.com t.trackedlink.net www.google.co.uk www.googleadservices.com jqueryjs.googlecode.com ssl.google-analytics.com www.google.com www.google.es www.google.co.in seal.verisign.com www.google.co.ma www.google.ro www.google.it www.google.be www.google.ie www.awin1.com maps.googleapis.com cdnjs.cloudflare.com ajax.cloudflare.com app.responseiq.com code.jquery.com maxcdn.bootstrapcdn.com wstatic.responseiq.com cdn.rlets.com www.dwin1.com maps.google.com cdn.oribi.io tagmanager.google.com fonts.googleapis.com tagcdn.gi-solutionsgroup.com services.postcodeanywhere.co.uk collector-11715.tvsquared.com https://invitejs.trustpilot.com/tp.min.js https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://ecommplugins-trustboxpreview.trustpilot.com/v1.0/trustboxpreview.min.js?ver=1.0 https://ecommplugins-scripts.trustpilot.com/v2.1/js/preview.min.js static.cloudflareinsights.com cdn.hu-manity.co tags.srv.stackadapt.com srv.stackadapt.com east.srv.stackadapt.com uw.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com; script-src-elem 'self' 'unsafe-inline' tags.srv.stackadapt.com srv.stackadapt.com east.srv.stackadapt.com uw.srv.stackadapt.com qvdt3feo.com eu.srv.stackadapt.com fonts.googleapis.com bat.bing.com cdn.inspectlet.com connect.facebook.net www.google-analytics.com www.googletagmanager.com www.gstatic.com ajax.googleapis.com googleads.g.doubleclick.net script.hotjar.com static.hotjar.com t.trackedlink.net www.google.co.uk www.googleadservices.com jqueryjs.googlecode.com ssl.google-analytics.com www.google.com www.google.es www.google.co.in seal.verisign.com www.google.co.ma www.google.ro www.google.it www.google.be www.google.ie www.awin1.com maps.googleapis.com cdnjs.cloudflare.com ajax.cloudflare.com app.responseiq.com code.jquery.com maxcdn.bootstrapcdn.com wstatic.responseiq.com cdn.rlets.com www.dwin1.com maps.google.com cdn.oribi.io tagmanager.google.com tagcdn.gi-solutionsgroup.com collector-11715.tvsquared.com https://invitejs.trustpilot.com/tp.min.js https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://ecommplugins-trustboxpreview.trustpilot.com/v1.0/trustboxpreview.min.js?ver=1.0 https://ecommplugins-scripts.trustpilot.com/v2.1/js/preview.min.js cdn.hu-manity.co; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com wstatic.responseiq.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com tagmanager.google.com tags.srv.stackadapt.com ecommplugins-scripts.trustpilot.com 'unsafe-eval'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com wstatic.responseiq.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com tagmanager.google.com ecommplugins-scripts.trustpilot.com tags.srv.stackadapt.com 'unsafe-eval'; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data: bat.bing.com r1-t.trackedlink.net stats.g.doubleclick.net www.google-analytics.com www.google.co.uk www.google.com ssl.google-analytics.com www.google.com.np googleads.g.doubleclick.net www.google.it www.googletagmanager.com www.google.es www.google.co.in www.google.co.ma www.google.ro www.gstatic.com www.google.im www.google.be www.google.ie www.awin1.com www.topcashback.co.uk tile.openstreetmap.org a19.responseiq.com app.responseiq.com maps.googleapis.com maps.gstatic.com wstatic.responseiq.com fault.rlets.com cbks0.googleapis.com khms0.googleapis.com khms1.googleapis.com smartslider3.com www.alfatravel.co.uk www.googleadservices.com ssl.gstatic.com tag.gi-solutionsgroup.com www.facebook.com collector-11715.tvsquared.com pubads.g.doubleclick.net dpm.demdex.net region1.analytics.google.com tags.srv.stackadapt.com; font-src 'self' data: app.responseiq.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fonts.gstatic.com www.alfatravel.co.uk; connect-src 'self' in.hotjar.com app.responseiq.com region1.google-analytics.com www.google-analytics.com stats.g.doubleclick.net 49817b22-010e-431a-a361-fe015e221575.rlets.com apgb2b-reachcodeandproxy.gannettdigital.com capture-api.reachlocalservices.com sentry.hotjar.com ws1.hotjar.com localhost ws10.hotjar.com ws2.hotjar.com ws3.hotjar.com ws4.hotjar.com ws5.hotjar.com ws6.hotjar.com ws7.hotjar.com ws8.hotjar.com ws9.hotjar.com gw.oribi.io ssl.google-analytics.com api.wppopupmaker.com vc.hotjar.io www.googleadservices.com www.google.co.uk www.facebook.com bat.bing.com services.postcodeanywhere.co.uk tvsquared.com maps.googleapis.com tag.gi-solutionsgroup.com hotjar.com designer-api.hu-manity.co region1.analytics.google.com tags.srv.stackadapt.com; media-src 'self' ssl.gstatic.com www.alfatravel.co.uk; child-src 'self' vars.hotjar.com www.google.com; frame-src 'self' vars.hotjar.com staticxx.facebook.com www.googletagmanager.com www.facebook.com web.facebook.com bid.g.doubleclick.net mozbar.moz.com www.google.com 49817b22-010e-431a-a361-fe015e221575.rlets.com onpageload 'unsafe-eval' div.show smartslider3.com https://ecommscript-integrationapp.trustpilot.com/ ecommplugins-scripts.trustpilot.com widget.trustpilot.com; worker-src 'self'; frame-ancestors 'self' 'unsafe-eval'; form-action 'self' news-alfatravel.co.uk www.coachholidays.com www.ipg-online.com; report-uri https://alfatravel.report-uri.com/r/d/csp/enforce 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://snap.licdn.com https://px.ads.linkedin.com https://*.twitter.com https://code.jquery.com https://*.google.com http://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://connect.facebook.net https://static.ads-twitter.com https://*.meetami.ai http://*.meetami.ai https://*.liveperson.net https://*.liveperson.com https://*.lpsnmedia.net https://*.liveengage.net https://*.liveengage.com https://*.liveper.sn http://ajax.googleapis.com wss://chat.meetami.ai; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://code.jquery.com https://*.googleapis.com https://*.google.com https://*.lpsnmedia.net https://*.meetami.ai http://*.meetami.ai; frame-src 'self' https://www.youtube.com http://player.vimeo.com https://player.vimeo.com https://www.facebook.com https://*.lpsnmedia.net https://*.liveperson.net https://*.meetami.ai http://*.meetami.ai; font-src 'self' https://fonts.gstatic.com https://*.meetami.ai http://*.meetami.ai; img-src 'self' data: https://www.teacherspensions.co.uk https://i.vimeocdn.com https://img.youtube.com https://www.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://*.google.com http://*.google-analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://secure.adnxs.com https://connect.facebook.net https://t.co https://*.facebook.com https://*.lpsnmedia.net https://*.meetami.ai http://*.meetami.ai https://s3-eu-west-1.amazonaws.com; connect-src 'self' https://px.ads.linkedin.com https://region1.analytics.google.com https://*.google-analytics.com https://*.meetami.ai http://*.meetami.ai wss://chat.meetami.ai wss://*.liveperson.net https://cdn.linkedin.oribi.io; media-src 'self' https://*.lpsnmedia.net https://*.meetami.ai http://*.meetami.ai; 1
frame-ancestors https://weta365.com https://*.weta365.com https://*.laihua.com https://laihua.com http://aigc.tanyiwise.cn https://videopost.hjananking.com https://videopost-if.hjananking.com http://*.zkyfszr.cn http://zkyfszr.cn http://xingwy.com http://*.xingwy.com https://*.xhsnews.com http://*.xhsnews.com http://ai.hushida.com http://xn.jcyint.cn https://shenggongshuzhi.com https://*.shenggongshuzhi.com http://live.4utech.cn http://ydboem.4utech.com http://*.xxlive.cn http://xxlive.cn https://*.xxlive.cn https://xxlive.cn https://avatar.yuan365.com https://*.yuan365.com http://sibac.net http://www.sibac.net https://yainoo.com https://www.yainoo.com http://digiman.yunbiao.tv http://dh.huizhihuyu.com https://nszr.n.cn http://www.hokooai.com https://human.n.cn https://juliangai.com http://juliangai.com https://www.juliangai.com http://www.juliangai.com http://www.chumenyw.com https://weta.magook.com https://weta.bookan.com.cn https://oa.bookan.com.cn https://public.bookan.com.cn https://weta.bookan.com http://heyvatar.com https://heyvatar.com https://www.heyvatar.com http://www.hcxaiszr.com https://twlwu.com https://www.twlwu.com https://alo-ai.com https://ai.idebao.com http://ai.idebao.com http://www.bolehuizhi.com https://www.bolehuizhi.com 1
script-src 'self' 'unsafe-inline' http://js.hs-scripts.com http://js.hsforms.net https://cdn.cookielaw.org https://forms.hsforms.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://snap.licdn.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com; script-src-attr 'self'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.hearst.it/report-uri/enforce 1
frame-ancestors 'self' http://10.110.50.137/ 1
frame-ancestors 'self' *.yandex.ru *.yastatic.net https://webvisor.com http://webvisor.com; 1
frame-ancestors 'self' https://assets.braintreegateway.com; 1
upgrade-insecure-requests; default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://collector-45069.tvsquared.com https://secure.adnxs.com https://td.doubleclick.net https://form.asana.com https://bidagent.xad.com https://jelly.mdhv.io https://jelly-v6.mdhv.io https://cdn.insight.sitefinity.com https://api.insight.sitefinity.com https://*.spotify.com https://*.spotifycdn.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://analytics.google.com wss://*.salemove.com https://*.4frontcu.com https://*.salemove.com https://cds-sdkcfg.onlineaccess1.com https://info.autobooks.co https://link.edgepilot.com wss://*.hotjar.com https://*.youtube-nocookie.com https://*.formstack.com https://api.glia.com https://*.googletagmanager.com https://netdna.bootstrapcdn.com https://platform.twitter.com https://*.ytimg.com https://*.typekit.net https://*.youtube.com https://www.google.com https://www.gstatic.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://maps.googleapis.com https://maps.gstatic.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.lk-cs.com https://lkcsunix.com; frame-ancestors 'self' https://www.youtube.com; 1
default-src 'self'; img-src * data: ; connect-src 'self' analytics.google.com www.google.com www.google.com.my stats.g.doubleclick.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.googletagmanager.com www.gstatic.com cdnjs.cloudflare.com fonts.gstatic.com challenges.cloudflare.com ; style-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com ; frame-src 'self' www.google.com challenges.cloudflare.com ; font-src 'self' fonts.gstatic.com ; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com 1
style-src-elem https://fonts.googleapis.com https://www.googletagmanager.com https://services.postcodeanywhere.co.uk *.columnrads.co.uk https://*.appwholesale.co.uk https://*.dnky.co https://translate.googleapis.com https://*.gstatic.com 'unsafe-inline' 'self' https://*.feefo.com; script-src-elem https://tpc.googlesyndication.com https://www.googletagmanager.com https://appwh11112.pcapredict.com https://bat.bing.com https://*.algolianet.com https://*.algolia.net https://*.mrcentralheating.co.uk https://*.columnrads.co.uk https://*.flushking.co.uk https://*.plumbingstocks.co.uk https://*.appheatingdistribution.co.uk https://*.rfihub.net https://live.rezync.com https://*.pinimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.google-analytics.com https://*.boomtrain.com https://services.postcodeanywhere.co.uk https://*.paypal.com https://*.feefo.com https://*.google.com https://*.google.co.uk https://*.addthis.com https://*.moatads.com https://connect.facebook.net https://*.facebook.com https://*.addthisedge.com https://*.elfsight.com https://cld.bz https://*.cloudfront.net https://*.pinterest.com https://*.resultspage.com https://*.dnky.co https://*.gstatic.com https://maps.googleapis.com https://*.rfihub.com https://*.trackedlink.net https://*.monzo.com https://polyfill.io https://*.cookiebot.com https://*.cookiebot.eu https://*.webgains.io https://*.klaviyo.com 'unsafe-inline' 'self'; font-src *.gstatic.com data: https://www.googletagmanager.com *.googleapis.com https://fonts.gstatic.com https://cdn.honey.io https://*.columnrads.co.uk 'self' https://*.amazonaws.com https://*.paypalobjects.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com https://www.facebook.com https://www.rsa3dsauth.co.uk https://www.securesuite.co.uk https://*.arcot.com https://*.monzo.com https://clients.smartsecure.tsys.co.uk https://authentication-acs.marqeta.com https://acs.apata.io https://*.pinterest.com https://*.modirum.com https://mycardsecure.com https://acs.touch.tech 'self' https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com www.google.com https://acs.touch.tech https://mycardsecure.com https://*.rfihub.com https://*.doubleclick.net https://www.facebook.com https://tst.kaptcha.com https://www.google.com https://www.gstatic.com/ https://*.cld.bz https://*.pinterest.com https://*.dnky.co https://*.youtube.com https://acs.revolut.com https://tpc.googlesyndication.com https://www.rsa3dsauth.co.uk https://*.arcot.com https://*.lloydsbankinggroup.com https://*.addthis.com/ https://*.securesuite.co.uk https://*.monzo.com https://clients.smartsecure.tsys.co.uk https://authentication-acs.marqeta.com https://acs.apata.io https://*.modirum.com https://register.feefo.com/ *.dotdigital-pages.com *.dotdigital.com *.weltpixel.com consentcdn.cookiebot.com consentcdn.cookiebot.eu cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.gstatic.com *.googleapis.com * 'self' *.trackedlink.net imgsct.cookiebot.com imgsct.cookiebot.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill.io *.googleapis.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://connect.facebook.net https://*.facebook.com https://*.rfihub.net https://*.rfihub.com https://bat.bing.com https://appwh11112.pcapredict.com https://maps.googleapis.com https://*.doubleclick.net https://*.feefo.com https://r1-t.trackedlink.net https://*.google.com https://www.gstatic.com https://services.postcodeanywhere.co.uk https://*.columnrads.co.uk https://*.addthis.com https://*.addthisedge.com https://z.moatads.com https://*.elfsight.com https://cld.bz https://*.cloudfront.net https://*.pinterest.com https://*.resultspage.com https://*.dnky.co https://*.pinimg.com https://*.rezync.com/ https://*.boomtrain.com https://*.algolia.net https://*.algolianet.com https://tpc.googlesyndication.com https://*.google-analytics.com https://*.monzo.com https://polyfill.io https://*.webgains.io 'unsafe-inline' 'self' *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal consent.cookiebot.com consent.cookiebot.eu cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://fonts.googleapis.com https://services.postcodeanywhere.co.uk *.columnrads.co.uk https://*.appwholesale.co.uk https://*.dnky.co https://translate.googleapis.com https://register.feefo.com https://*.gstatic.com 'unsafe-inline' 'self' *.fontawesome.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://www.google-analytics.com https://*.feefo.com https://services.postcodeanywhere.co.uk https://bat.bing.com https://*.paypal.com https://*.addthis.com https://www.facebook.com https://*.elfsight.com https://*.cld.bz https://google.com https://*.google-analytics.com  https://*.doubleclick.net https://*.pinterest.com https://*.comapi.com https://*.boomtrain.com https://*.googleapis.com https://*.google.com https://www.googletagmanager.com https://*.webgains.io https://*.columnrads.co.uk https://*.googlesyndication.com https://*.klaviyo.com 'self' *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com consentcdn.cookiebot.com consentcdn.cookiebot.eu webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /ateam_csp/CSP/Index; report-to report-endpoint; 1
frame-ancestors https://metrika.yandex.ru http://webvisor.com https://mv.legal https://www.mv.legal http://awards.ratingruneta.ru https://awards.ratingruneta.ru 1
default-src *;img-src 'self';font-src 'self' https://fonts.gstatic.com;style-src 'self' https://fonts.googleapis.com 'unsafe-inline';script-src 'strict-dynamic' 'nonce-U6Rf6nGcCROl15aMTgh1I/EH1hI=' https: 'unsafe-inline';frame-src https://www.google.com/recaptcha/;base-uri 'none';object-src 'none';report-to main-endpoint; 1
frame-ancestors 'self' www.woodworkerexpress.com catalog.woodworkerexpress.com www.baersupply.com bt1.baersupply.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://vercel.live https://network.us20.list-manage.com;object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'none';upgrade-insecure-requests; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *; 1
default-src 'self'; base-uri 'self'; script-src 'self'; style-src 'self'; img-src 'self' https://www.gstatic.com/instantbuy/ https://gstatic.com/instantbuy/; connect-src 'self' https://google.com/pay https://www.google.com/pay https://pay.google.com/; font-src 'self'; object-src 'none'; child-src 'none'; form-action 'self'; frame-src 'self'; frame-ancestors 'self' 1
default-src 'self' https://kotapay.com https://*.kotapay.com https://*.intercepteft.com https://*.interceptcorporation.com;     connect-src 'self' wss://*.salemove.com https://*.salemove.com wss://*.glia.com https://*.glia.com https://*.twilio.com wss://*.twilio.com https://www.google-analytics.com https://thefontzone.com/v4/w/fonts/ https://*.kotapay.com;     media-src 'self' https://*.kc-usercontent.com https://*.salemove.com https://*.glia.com;     font-src 'self' 'unsafe-inline' data: https://*.gstatic.com;     style-src 'self' 'unsafe-inline' https://*.salemove.com https://*.glia.com https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css;     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com/js/ https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.salemove.com https://*.glia.com https://cdn.jsdelivr.net/npm/popper.js@1.12.9/dist/umd/popper.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js https://googleads.g.doubleclick.net/;     object-src 'self';     img-src 'self' https://*.kc-usercontent.com blob: data: data: https://*.siteimproveanalytics.io https://www.googletagmanager.com https://www.google-analytics.com https://*.salemove.com https://*.glia.com;     frame-src 'self' https://bid.g.doubleclick.net https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.youtube.com 1
default-src 'self';child-src 'self' *.youtube.com *.google.com *.vimeo.com vimeo.com *.dailymotion.com *.soundcloud.com static.addtoany.com *.twitter.com *.issuu.com *.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com *.eurelectric.org chat.dante-ai.com;connect-src 'self' *.google-analytics.com *.analytics.google.com maps.googleapis.com stats.g.doubleclick.net chat.dante-ai.com;font-src 'self' fonts.gstatic.com cdn.eurelectric.org;form-action 'self' login.windows.net login.microsoftonline.com syndication.twitter.com;frame-ancestors *.eurelectric.org;img-src 'self' data: csi.gstatic.com maps.googleapis.com fonts.googleapis.com docshare.eurelectric.org maps.gstatic.com www.google.com www.google.be www.google.fr cdn.eurelectric.org *.google-analytics.com *.analytics.google.com cbks0.googleapis.com *.ggpht.com *.linkedin.com *.twitter.com *.twimg.com dante-chatbot-pictures.s3.amazonaws.com chat.dante-ai.com;media-src 'self' *.eurelectric.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com *.google.com *.gstatic.com cdn.eurelectric.org *.google-analytics.com *.analytics.google.com snap.licdn.com px.ads.linkedin.com *.googletagmanager.com static.addtoany.com platform.twitter.com *.twimg.com *.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com *.amcharts.com chat.dante-ai.com;style-src 'self' 'unsafe-inline' hello.myfonts.net fonts.googleapis.com cdn.eurelectric.org platform.twitter.com chat.dante-ai.com; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; report-uri https://tqfcbjeysouazea6vvjbvjpjyq0bvhjr.lambda-url.us-west-1.on.aws/ 1
script-src 'self' 'nonce-13d46054bb94474daaeb5dbb157da70f' use.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com *.cloudfront.net *.googletagmanager.com *.google.com *.google.com.tr *.google-analytics.com *.analytics.google.com *.googleapis.com *.googleapis.com; connect-src 'self' 'nonce-13d46054bb94474daaeb5dbb157da70f' use.typekit.net cdnjs.cloudflare.com *.cloudfront.net *.googletagmanager.com *.google.com *.google.com.tr *.google-analytics.com *.analytics.google.com *.g.doubleclick.net;img-src use.typekit.net cdnjs.cloudflare.com *.cloudfront.net 'self' 'nonce-13d46054bb94474daaeb5dbb157da70f' data: *.bootstrapcdn.com code.jquery.com cdnjs.cloudflare.com *; font-src data: *; style-src 'self' 'nonce-13d46054bb94474daaeb5dbb157da70f'; media-src * 1
default-src 'unsafe-inline' 'unsafe-eval' data: blob: https://clarity.ai/ https://*.clarity.ai/ https://static.clarity.ai/ https://developer.clarity.ai/ https://*.hcaptcha.com/ https://*.weglot.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://www.googletagmanager.com/ https://secure.gravatar.com/ https://regulations-funds-demo.clarity.ai/ https://cdnjs.cloudflare.com/ https://unpkg.com/ https://cdn.simplelocalize.io/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://analytics.google.com/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://td.doubleclick.net/ https://*.linkedin.com/ https://www.google.com/ https://*.googlesyndication.com/ https://stats.g.doubleclick.net/ https://datawrapper.dwcdn.net/ https://*.crazyegg.com/ https://pi.pardot.com/ https://www.googleadservices.com/ https://cdn.jsdelivr.net/ https://public.flourish.studio/ https://flo.uri.sh/ https://reallyfreegeoip.org/json/ https://www.youtube.com/ https://consentcdn.cookiebot.com/ https://consent.cookiebot.com/ ; img-src 'self' https: data: 1
default-src 'none'; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://skk.erecruiter.pl https://*.userway.org; script-src 'nonce-891e2bbea736f5afa639a5c93869bc4f' 'self' https://bat.bing.com https://*.clarity.ms https://pagead2.googlesyndication.com https://www.googleadservices.com https://optimize.google.com https://www.googleoptimize.com https://www.google.com https://www.gstatic.com https://skk.erecruiter.pl https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://www.google-analytics.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://*.userway.org; img-src 'self' data: https://bat.bing.com https://*.clarity.ms https://c.bing.com https://googleads.g.doubleclick.net https://cdn.userway.org https://www.google.com https://www.google.pl https://www.gstatic.com https://www.google-analytics.com https://script.hotjar.com https://imgsct.cookiebot.com; font-src 'self' https://*.userway.org https://fonts.gstatic.com https://www.googletagmanager.com https://script.hotjar.com; connect-src 'self' https://region1.google-analytics.com https://*.clarity.ms wss://ws.przelewy24.pl https://secure.przelewy24.pl https://offers.erecruiter.pl https://*.userway.org https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://*.analytics.google.com; frame-src https://td.doubleclick.net https://optimize.google.com https://www.google.com https://cdn.userway.org https://vars.hotjar.com https://consentcdn.cookiebot.com; base-uri 'none'; form-action 'self' https://www.przelewy24.pl/zapytanie-o-dane https://secure.przelewy24.pl; frame-ancestors 'none'; object-src https://player.vimeo.com; 1
default-src 'self' about: *.esf.de  www.etracker.de api.flockler.com analytics-api.flockler.com; base-uri 'self'; connect-src 'self' 'unsafe-inline' *.etracker.de *.etracker.com maps.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.googletagmanager.com tagmanager.google.com *.delivery.consentmanager.net *.podigee.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.etracker.com *.etracker.de tagmanager.google.com *.delivery.consentmanager.net *.googletagmanager.com *.googleapis.com *.google.com *.gstatic.com *.pixelpark.com *.google-analytics.com *.podigee.com cdn.consentmanager.mgr.consensu.org *.consentmanager.net consentmanager.mgr.consensu.org https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/tables.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/landmarks.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/images.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/lists.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/lang.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/focus.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/aria.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/headings.js code.highcharts.com about: ; object-src 'self'; font-src 'self' data: *.podigee.com fonts.googleapis.com fonts.gstatic.com; media-src 'self' blob: *.youtube.com *.bmas.de *.esf.de; child-src *.google.com *.gstatic.com *.youtube.com *.pixelpark.com *.podigee.com *.bmbf.de cdn.jwplayer.com player.vimeo.com *.video-stream-hosting.de cdn.consentmanager.mgr.consensu.org; img-src 'self' blob: data:  fonts.googleapis.com ssl.gstatic.com *.google.com *.bmas.de *.esf.de esf.de *.gstatic.com *.youtube.com *.pixelpark.com *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net maps.googleapis.com about: ; upgrade-insecure-requests; form-action 'self' validator.w3.org export.highcharts.com; frame-src 'self' *.consentmanager.net *.delivery.consentmanager.net; frame-ancestors 'self' 1
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data: blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src * blob: 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://ardor-gaming.com https://*.ardor-gaming.com https://dns-shop.ru/ https://*.dns-shop.ru/  https://www.google-analytics.com/ https://gstatic.com https://*.gstatic.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/  https://mc.yandex.ru/ https://*.doubleclick.net https://doubleclick.net; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https://*.dns-shop.ru https://*.retailrocket.net https://*.retailrocket.ru https://ohio8.vchecks.me https://hls-jp.jwpsrv.com/ https://content.jwplatform.com/  https://mc.yandex.ru/ https://www.google-analytics.com/ https://*.mtproxy.yandex.net/ https://bam.nr-data.net https://api.retailrocket.net https://api.retailrocket.ru  https://content.syndigo.com/ https://google-analytics.bi.owox.com/ https://api-maps.yandex.ru/ https://stats.g.doubleclick.net/  https://www.google.com/ads/ https://m.addthis.com/live/red_lojson/ https://s7.addthis.com/l10n/ https://top-fwz1.mail.ru/  https://bot.aimylogic.com/restapi/ wss://chat.dns-shop.ru https://chat.dns-shop.ru https://e-shop.homecredit.ru https://media.pointandplace.com/ https://vk.com https://media.flixcar.com/ https://autocomplete.diginetica.net/ https://www.facebook.com/tr/  https://analytics.tiktok.com/ https://content.24ttl.stream/ https://itweb-asmsys.dns-shop.ru:17589/  https://*.flix360.io/ https://www.youtube-nocookie.com/ https://pplan.ru/ https://firebaseinstallations.googleapis.com/ https://www.googletagmanager.com/; frame-src 'self' intent: https://club.dns-shop.ru https://ftp.dexp.club/ https://ftp.dns-shop.ru/  https://www.facebook.com/ https://www.youtube.com https://www.google.com https://optimize.google.com; worker-src blob: https://dns-shop.ru https://*.dns-shop.ru 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-VvpIsggBvpmTs06Tp0hh3lxk1' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self' data: 'unsafe-inline' js-agent.newrelic.com cdn.twibooru.org https://cdn.twibooru.org; object-src 'none'; frame-ancestors 'none'; frame-src 'self'; form-action 'self'; manifest-src 'self'; img-src 'self' data: https://cdn.twibooru.org camo.twibooru.org; block-all-mixed-content 1
frame-ancestors 'self' https://eu-app.contentstack.com; report-uri /_/reports 1
default-src 'self' cdn.polyfill.io static.ads-twitter.com www.gstatic.com mailingflow.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net www.google.com.ua s3.eu-central-1.amazonaws.com  www.google.com maxcdn.bootstrapcdn.com unpkg.com cdnjs.cloudflare.com *.hotjar.com *.hotjar.io www.googleadservices.com trackdateflow.com https://tagmanager.google.com blob:; img-src * https://optimize.google.com https://ssl.gstatic.com https://www.gstatic.com  data: * blob: https://amourlee.com ; style-src 'self' 'unsafe-inline' https://imgsourcechain.com  maxcdn.bootstrapcdn.com unpkg.com https://fonts.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com; font-src 'self' https://imgsourcechain.com  https://script.hotjar.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com data:;connect-src * blob:;media-src * blob: data:;script-src 'self' 'unsafe-eval' https://consentcdn.cookiebot.com https://consent.cookiebot.com https://cdn.jsdelivr.net/npm/@growthbook/growthbook/dist/bundles/index.min.js https://dev.visualwebsiteoptimizer.com https://imgsourcechain.com https://amplify.outbrain.com https://tr.outbrain.com https://wave.outbrain.com https://cdn.taboola.com https://trc.taboola.com https://a.mgid.com https://tr.snapchat.com https://pay.google.com https://cdn.seondf.com https://accounts.google.com https://*.clarity.ms https://analytics.tiktok.com https://sc-static.net cdn.polyfill.io static.ads-twitter.com www.gstatic.com mailingflow.com www.googletagmanager.com https://www.google-analytics.com stats.g.doubleclick.net www.google.com.ua s3.eu-central-1.amazonaws.com  www.google.com maxcdn.bootstrapcdn.com unpkg.com cdnjs.cloudflare.com *.hotjar.com *.hotjar.io www.googleadservices.com trackdateflow.com https://tagmanager.google.com https://optimize.google.com 'unsafe-inline' https://www.googletagmanager.com https://bat.bing.com https://www.googleoptimize.com https://s.yimg.com;frame-src https://consentcdn.cookiebot.com  https://pay.google.com https://content-people.googleapis.com https://content.googleapis.com https://accounts.google.com https://tr.snapchat.com https://www.google.com/ https://optimize.google.com https://vars.hotjar.com; 1
default-src * data: blob: 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors * 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; font-src 'self' *; connect-src 'self' *; media-src 'self' *; frame-src 'self' *; object-src 'self' *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://connect.facebook.net https://tag.getdrip.com https://acsbapp.com https://connect.livechatinc.com https://cdn.livechatinc.com https://api.getdrip.com https://*.sleeknote.com https://js.stripe.com https://api.livechatinc.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://*.sleeknote.com; connect-src 'self' https://analytics.google.com https://cdn.acsbapp.com https://*.google.com https://*.doubleclick.net; img-src 'self' https://www.facebook.com https://secure.gravatar.com https://*.google.com data:; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com data:; worker-src 'self' blob:; frame-src 'self' https://td.doubleclick.net https://js.stripe.com; frame-ancestors 'self' https://td.doubleclick.net https://js.stripe.com; 1
frame-ancestors 'self' https://flexcard.cards; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.elektro-material.ch https://*.hotjar.com https://*.contentsquare.net https://www.googletagmanager.com https://*.pingdom.net https://*.google-analytics.com https://cdn.soft8soft.com https://fast.fonts.net https://*.doubleclick.net https://www.google.com https://start.unblu.com https://www.google.ch https://*.gstatic.com https://*.googleapis.com https://*.youtube.com https://e-m.info/ https://www.youtube-nocookie.com https://visuals.se.com https://www.rexel.de https://js-agent.newrelic.com https://bam.nr-data.net https://shore01.nine.ch https://analytics.google.com https://snap.licdn.com https://*.ads.linkedin.com https://*.linkedin.com https://datawrapper.dwcdn.net https://www.googleadservices.com https://region1.analytics.google.com https://mktdplp102cdn.azureedge.net https://0983555290d14aadaf74e5f590a5bd4d.svc.dynamics.com https://assets-eur.mkt.dynamics.com https://service.ariba.com https://client.prod.repmap.microsoft.com https://critizr.com https://static.critizr.com https://emagpim-1d1da.kxcdn.com https://cdn.goodays.co https://app.goodays.co https://map.geo.admin.ch https://elektro-material.solarprotool.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://public-eur.mkt.dynamics.com; base-uri 'self'; 1
default-src https:; font-src https: data:; img-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; worker-src blob: 1
child-src https://*.zscalerthree.net play.vidyard.com secure.livechatinc.com; connect-src consent-pref.trustarc.com consent.trustarc.com consent-reporting.trustarc.com https://*.zscalerthree.net 'self' wss://data.upscope.io api.livechatinc.com play.vidyard.com region1.google-analytics.com wss://data--ap-southeast.upscope.io wss://data--eu-central.upscope.io wss://data--eu-west.upscope.io wss://data--sa-east.upscope.io wss://data--us-east.upscope.io wss://data--us-west.upscope.io www.google-analytics.com; default-src https://*.zscalerthree.net 'self' 'unsafe-eval' 'unsafe-inline' api.livechatinc.com cdn.livechatinc.com cdn.vidyard.com code.jquery.com code.upscope.io fonts.gstatic.com js.upscope.io play.vidyard.com secure.livechatinc.com wss://data--us-east.upscope.io wss://data--us-west.upscope.io www.google-analytics.com www.googletagmanager.com extreme-ip-lookup.com client-data.knak.io; font-src consent.trustarc.com https://*.zscalerthree.net 'self' data: cdn.livechatinc.com fonts.gstatic.com; form-action 'self'; frame-ancestors https://*.zscalerthree.net 'self'; frame-src consent-pref.trustarc.com https://*.zscalerthree.net 'self' play.vidyard.com secure.livechatinc.com play.vidyard.com.x.37f7620000a8b0469c0b2400d47d38b98e4d.9270f859.id.opendns.com play.vidyard.com.x.d6f6a8920e76a04b3e0bcd507a8a246c8510.9270fa5d.id.opendns.com; img-src consent-pref.trustarc.com consent.trustarc.com consent.truste.com https://*.zscalerthree.net 'self' data: cdn.vidyard.com fonts.gstatic.com play.vidyard.com www.google-analytics.com www.googletagmanager.com www.gstatic.com client-data.knak.io www.republicindemnity.com; media-src https://*.zscalerthree.net 'self' data: cdn.livechatinc.com; object-src https://*.zscalerthree.net 'self'; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' consent.trustarc.com api.livechatinc.com cdn.livechatinc.com code.jquery.com code.upscope.io js.upscope.io play.vidyard.com www.googletagmanager.com extreme-ip-lookup.com; script-src https://*.zscalerthree.net 'self' 'unsafe-eval' 'unsafe-inline' api.livechatinc.com cdn.livechatinc.com code.jquery.com code.upscope.io js.upscope.io play.vidyard.com www.googletagmanager.com extreme-ip-lookup.com wasm-eval; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' data: www.gstatic.com; style-src https://*.zscalerthree.net 'self' 'unsafe-inline'; report-uri https://wwwrepublicindemnity.report-uri.com/r/t/csp/enforce 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.hsforms.net https://js.hscollectedforms.net https://static.hotjar.com https://script.hotjar.com https://cookie-cdn.cookiepro.com https://lhfs.com https://maxcdn.bootstrapcdn.com https://www.google.com https://www.google-analytics.com https://maps.googleapis.com https://js.hs-banner.com https://js.hs-analytics.net https://apps.usw2.pure.cloud https://js.hs-scripts.com https://ajax.googleapis.com https://maxcdn.bootstrapcnd.com https://tagmanager.google.com https://www.socialsurvey.me https://www.googletagmanager.com https://www.gstatic.com https://cdn.userway.org https://don7n2as2v6aa.cloudfront.net https://fonts.googleapis.com https://code.jquery.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://*.typekit.net https://ssl.google-analytics.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://cdn.userway.org https://ka-p.fontawesome.com https://kit.fontawesome.com https://tagmanager.google.com https://don7n2as2v6aa.cloudfront.net https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://www.google.com https://fonts.googleapis.com; img-src 'self' https://forms.hsforms.com https://www.google-analytics.com https://www.facebook.com https://maps.googleapis.com https://track.hubspot.com https://www.googletagmanager.com https://ssl.gstatic.com https://cdn.userway.org https://stats.g.doubleclick.net https://don7n2as2v6aa.cloudfront.net https://socialsurvey.me https://socialsurvey.com https://secure.gravatar.com https://stats.doubleclick.net https://www.paypalobjects.com https://bizcybercert.us https://0.gravatar.com https://1.gravatat.com https://cdn.lhfs.com https://micc.us https://maps.gstatic.com https://csi.gstatic.com https://ssl.google-analytics.com https://s-static.ak.facebook.com data:; font-src 'self' https://cdn.userway.org https://don7n2as2v6aa.cloudfront.net https://use.fontawesome.com https://use.typekit.net https://fonts.gstatic.com https://fonts.googleapis.com https://themes.googleusercontent.com data:; frame-src 'self' https://forms.hsforms.com/ https://apps.usw2.pure.cloud https://static.hsappstatic.net https://app.hubspot.com https://cdn.userway.org https://www.google.com https://s-static.ak.facebook.com; object-src 'self'; base-uri 'none'; frame-ancestors 'self'; default-src 'self' https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hscollectedforms.net wss://ws.hotjar.com https://content.hotjar.io https://in.hotjar.com https://cookie-cdn.cookiepro.com https://ajax.googleapis.com https://api.usw2.pure.cloud https://*.usw2.pure.cloud wss://webmessaging.usw2.pure.cloud https://*.userway.org https://stats.g.doubleclick.net https://analytics.google.com https://corpapi.lhfs.com https://corpapi.lhfs.com https://maps.googleapis.com https://api.userway.org https://www.google-analytics.com https://fonts.gstatic.com https://userway.org https://youtube.com https://p.typekit.net https://use.typekit.net https://socialsurvey.me https://socialsurvey.com 1
font-src www.rockford.edu fonts.gstatic.com use.typekit.net; object-src 'none'; base-uri 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.rockford.edu https://bbox.blackbaudhosting.com/webforms/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://uchat.co/ ajax.googleapis.com/ajax/libs/jquery/1.10.2/ https://www.googletagmanager.com/ https://js-agent.newrelic.com/ 1
frame-ancestors 'self' https://chefcookit.com http://chefcookit.com http://cookitt-new.staging.tempurl.host 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self' *.storyblok.com *.my-pv.com *.eveeno.com *.piwik.pro *.microsoft.com *.eveeno.com; img-src * data: blob: *.vimeocdn.com; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' *.storyblok.com *.datareporter.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.storyblok.com *.netlify.app *.google.com *.datareporter.eu *.gstatic.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.vimeo.com *.vimeocdn.com *.piwik.pro; upgrade-insecure-requests; default-src 'self' *.storyblok.com; connect-src 'self' data: blob: *.storyblok.com *.datareporter.eu *.google-analytics.com *.doubleclick.net *.algolia.com *.algolianet.com *.piwik.pro; frame-src 'self' *.netlify.com *.my-pv.com *.google.com *.vimeo.com *.youtube.com *.facebook.com *.eveeno.com eveeno.com *.piwik.pro *.microsoft.com player.restream.io liveevent.page; 1
default-src 'self' 'unsafe-inline'; connect-src 'self' blob: *; font-src 'self' https://images.mutinycdn.com/ https://livestorm.imgix.net; frame-ancestors 'self' https://app.mutinyhq.com https://preview.mutinyhq.com; frame-src * data: *; img-src 'self' data: *; media-src 'self' blob: *; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *; 1
frame-ancestors 'self'; report-uri https://www.nutren.com.br/report-uri/enforce 1
default-src 'self' 'unsafe-inline' alhabibpharmacy.com www.googletagmanager.com app.adjust.com app.adjust.net.in app.adjust.world cdn-sandbox.tamara.co alhabibpharmacyuat.api.useinsider.com m2.alhabibpharmacy.net core-api.alhabibpharmacy.net insights.algolia.io data: *.algolia.net; script-src 'self' 'unsafe-inline' alhabibpharmacy.com www.googletagmanager.com app.adjust.com app.adjust.net.in app.adjust.world cdn-sandbox.tamara.co alhabibpharmacyuat.api.useinsider.com connect.facebook.net unpkg.com sc-static.net static.ads-twitter.com static.hotjar.com analytics.tiktok.com data: challenges.cloudflare.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' alhabibpharmacy.com www.googletagmanager.com app.adjust.com app.adjust.net.in app.adjust.world cdn-sandbox.tamara.co alhabibpharmacyuat.api.useinsider.com connect.facebook.net unpkg.com sc-static.net static.ads-twitter.com static.hotjar.com analytics.tiktok.com data: challenges.cloudflare.com; style-src 'self' 'unsafe-inline' 1
default-src 'none';  script-src 'unsafe-inline' 'unsafe-eval' 'self' www.googletagmanager.com www.yellowmap.de cdn.yellowmap.de cdn.trustcommander.net www.youtube.com www.google-analytics.com *.doubleclick.net *.ytimg.com assets.adobedtm.com adobedc.demdex.net edge.adobedc.net tagmanager.google.com cdn.trkkn.com;  style-src 'self' 'unsafe-inline' cdn.yellowmap.de;  connect-src 'self' *.sparkasse.de *.sparkassen-finanzportal.de autocomplete.smartmaps.cloud *.yellowmap.de *.trustcommander.net *.commander1.com *.google-analytics.com *.doubleclick.net assets.adobedtm.com adobedc.demdex.net edge.adobedc.net *.google.com *.google.de region1.analytics.google.com eu-api.friendlycaptcha.eu region1.google-analytics.com *.googletagmanager.com;  img-src data: 'self' 'unsafe-inline' i.ytimg.com map.iib-institut.de *.yellowmaps.eu www.yellowmap.de *.sparkasse.de *.trustcommander.net *.commander1.com img.youtube.com *.google-analytics.com www.googletagmanager.com api.sparkassen-mediacenter.de *.doubleclick.net images.podigee-cdn.net feeds.sparkassen-finanzportal.de *.ytimg.com *.google.com *.google.de *.analytics.google.com region1.analytics.google.com region1.google-analytics.com *.gstatic.com;  media-src api.sparkassen-mediacenter.de youtu.be www.youtube.com;  frame-src data: 'self' cdn.trustcommander.net widget.civey.com sparkasse.linda-chatbot.de www.youtube.com player.podigee-cdn.net;  font-src 'self' webfonts.sparkasse.de cdn.yellowmap.de;  object-src 'self';  manifest-src 'self';  worker-src 'self' blob:; 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors gba-editor-kkn.prod.gsb.gba.in.bund.de piwik.itzbund.de *.facebook.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-0TfYC7RPTeu0fXOx6oJdTg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-src 'self' *.optimizely.com *.doubleclick.net *.adsrvr.org *.bounceexchange.com *.amazon-adsystem.com *.owneriq.net *.google.com *.facebook.com *.facebook.net *.rokt.com *.amazon.com *.paypal.com *.payments-amazon.com *.sojern.com *.qantasloyalty.com *.qantas.com tag.yieldoptimizer.com img3.avis.com img3.budget.com img3.paylesscar.com *.youtube.com  quantserv.com  adnxs.com  impactradius-event.com  dgm-au.com  everestjs.net  everesttech.net  yahoo.com  xg4ken.com *.online-metrix.net *.uplift.com  *.quantummetric.com api.securedvisit.com  track.securedvisit.com content.securedvisit.com images.securedvisit.com track.sv.rkdms.com *.mypurecloud.com  *.nagich.com cloudfront.net  bing.com go.pardot.com sme.avis.co.nz sme.avis.com.au sme.budget.co.nz sme.budget.com.au  *.salecycle.com abgnz.wufoo.com; 1
frame-ancestors 'self' https://www.gluecksspiel-behoerde.de/ 1
default-src 'self'; object-src 'none'; base-uri 'self'; font-src 'self' data: https://fonts.gstatic.com data: https://fonts.gstatic.com; script-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://widgets.nrel.gov/tada/analytics/ https://www.google-analytics.com https://ssl.google-analytics.com https://public.govdelivery.com https://*.crazyegg.com 'nonce-QmrVGpyyy1O5YhxLSoq+bA=='; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com https://www.google-analytics.com https://public.govdelivery.com https://*.crazyegg.com; style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com/debug/ https://fonts.googleapis.com https://*.crazyegg.com; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://www.google-analytics.com https://*.crazyegg.com; child-src 'self' blob:; worker-src 'self' blob:; frame-src 'self' https://www.googletagmanager.com/ https://public.govdelivery.com https://*.crazyegg.com https://www.youtube.com/ 1
frame-ancestors 'self'; object-src 'none';worker-src 'self' ;manifest-src 'self';base-uri *.whtop.com ;report-uri https://www.whtop.com/utils.csp-report; report-to whtop.com 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'unsafe-inline' data: blob:; img-src * data: blob:; font-src * data: blob:; connect-src *; media-src *; object-src *; frame-src *; worker-src *; form-action *; base-uri *; 1
frame-ancestors publications.ess.eu www.kommersannons.se europeanspallationsource.se newpub.ess.eu *.scicat.ess.eu *.useroffice.ess.eu scichat.ess.eu confluence-staging.ess.eu confluence.esss.lu.se confluence.ess.eu jamf.esss.lu.se jira.esss.lu.se jira.ess.eu jira-edmz.ess.eu 1
worker-src 'self' blob:;child-src 'self' https://www.chasepaymentechhostedpay.com/ https://*.earthlink.com https://*.elnk.net/ https://*.deltacom.com/ https://*.earthlinkbusiness.com https://*.elnk.us/ https://voip.elnk.us/bg/ https://*.liveperson.net/ https://www.google.com https://mvpn.paetec.net/ https://stats.paetec.com/ https://aar.paetec.net  http://*.windstream.net https://*.windstream.net https://wol.windstreamonline.com/ https://www.windstreamonline.com  http://lg.paetec.net/ https://lptag.liveperson.net/ https://liveengage.liveperson.net/ https://lpcdn-a.lpsnmedia.net/ https://lpcdn.lpsnmedia.net/ https://*.lpsnmedia.net/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://myidentity-edit.windstream.com https://login.windstream.com/ https://authenticator.pingone.com/ https://hostedsecurity.paetec.net/ https://epaytest.windstreamonline.com:8283 https://epaytest.windstreamonline.com:7443 https://epaytest.windstream.com:8283 https://epayuat.gokinetic.com https://epaytest.windstream.com:7443 https://epaytest.windstream.com https://epaytest.windstream.com:8683 https://epaytest.gokinetic.com:8583 https://epay.windstream.com https://epay.gokinetic.com https://epaytest.windstreamonline.com:8683 https://www.osgview.com/ https://wsmeview.osgview.com/ https://bvdevperseusvm:52972/ https://*.broadviewnet.com/ https://*.broadviewnet.net/ https://nyrocpssrspol.windstream.com/ https://*.windstream.com https://aar.paetec.net/ https://*.windstreambusiness.net/ https://player.vimeo.com/ https://windstreamcsr.osgview.com https://windstreamvoip.com/ https://chatbot.windstream.com/ https://bvdevperseusvm.broadviewnet.com:52970/ https://sam.windstream.com/ https://sam2.windstream.com/ https://sam1.windstream-test.com https://*.wordpress.com/ https://*.wpcomstaging.com/ http://*.salesforce.com https://*.salesforce.com http://*.my.salesforce.com https://*.my.salesforce.com http://*.visualforce.com https://*.visualforce.com https://service.force.com https://*.force.com https://windstream.lightning.force.com https://*.lightning.force.com https://kinetic--chatd1.my.salesforce.com/ https://chatd1-kinetic.cs43.force.com/ https://*.medallia.com https://app.pendo.io/ https://windstream.my.salesforce-sites.com; 1
base-uri 'self' *.crazyegg.com;connect-src 'self' https://ip2c.org https://maps.googleapis.com https://www.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net *.crazyegg.com *.sentry.io https://*.com https://com https://*.elfsight.com https://core.service.elfsight.com *.elfsight.com;default-src 'self' *.crazyegg.com blob:;form-action 'self' *.crazyegg.com;media-src 'self' *.crazyegg.com;object-src 'none';font-src 'self' data: https://fonts.gstatic.com;img-src 'self' data: https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://www.gravatar.com https://*.s3.amazonaws.com https://*.com https://com https://cdn.worldweatheronline.com https://www.googleapis.com https://clients1.google.com https://*.gstatic.com *.crazyegg.com *.prfct.co *.adnxs.com https://www.glassdoor.com https://seal-dc-easternpa.bbb.org https://s3.amazonaws.com;frame-src 'self' https://widget.trustpilot.com https://www.google.com https://www.youtube.com https://cse.google.com *.crazyegg.com *.youtube-nocookie.com *.marketingautomation.services;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.com https://com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://widget.trustpilot.com https://www.youtube.com https://cse.google.com https://partner.googleadservices.com *.crazyegg.com blob: *.marketingautomation.services *.perfectaudience.com *.prfct.co https://static.elfsight.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com https://www.google.com *.crazyegg.com 1
frame-ancestors 'self' https://manage.fleetmaintenance.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-VUV0S2dGU0krU3p0WXB3M0tLTmJjalJTQVIwS25XYVVGanNKTlExeEliND06R3dsNXlSS25qQVBiRHNwNVVza3hRM0VoZFZwSHlDV2hRRk00QjJwQ1kvMD0=' blob:;style-src 'self' 'unsafe-inline';img-src 'self' data: blob: * https://*.tile.openstreetmap.org;font-src 'self' data:;connect-src 'self' blob: ptznetwork.org:5349;media-src 'self' blob:;frame-src data: prezi.com player.vimeo.com vine.co www.youtube.com 'self';child-src 'self' blob:;frame-ancestors 'self';worker-src 'self' blob:;form-action 'self' 1
media-src 'self'; 1
default-src 'self' 'unsafe-inline' *.vimeo.com *.hotjar.com;                object-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeocdn.com *.vimeo.com https://unieksporten.blob.core.windows.net *.unieksporten.nl *.youtube.com ;                media-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.vimeocdn.com https://scribit-pro-hosting.storage.googleapis.com *.unieksporten.nl *.hpsindustrial.nl *.scribit.pro *.unieksporten.nl *.kommunicate.io *.readspeaker.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://if-cdn.com *.tiktok.com *.scribit.pro *.cookiebot.com *.botcopy.com *.vimeo.com *.unieksporten.nl *.leadfamly.com https://z.moatads.com/addthismoatframe568911941483/moatframe.js  https://cdn.applozic.com https://cdnjs.cloudflare.com *.kommunicate.io http://*.hotjar.com https://*.hotjar.com *.bbvms.com *.ip-studio.nl https://connect.facebook.net *.typekit.net *.twimg.com *.instagram.com *.twitter.com *.addthis.com *.linkedin.com *.facebook.com *.addthisedge.com *.googleadservices.com https://www.google-analytics.com *.youtube.com  https://cdn-test.unieksporten.nl https://cdn.unieksporten.nl *.google.com https://www.googletagmanager.com https://maps.googleapis.com *.gstatic.com https://media.readspeaker.com *.blueconic.net *.readspeaker.com ;                frame-src 'self' 'unsafe-inline' data: *.cookiebot.com *.vimeocdn.com https://if-cdn.com https://unieksporten.blob.core.windows.net *.unieksporten.nl *.scribit.pro *.twitch.tv *.vimeo.com https://vimeo.com *.bnnvara.nl *.linkedin.com *.leadfamly.com *.spotify.com *.hotjar.com *.bbvms.com *.readspeaker.com *.google.com *.facebook.com *.instagram.com https://twitter.com *.twitter.com *.addthis.com *.youtube.com;                img-src 'self' 'unsafe-inline' data: blob: *.cookiebot.com *.vimeocdn.com *.unieksporten.nl *.ytimg.com *.scribit.pro *.botcopy.com *.facebook.com *.vimeo.com https://kommunicate.s3.ap-south-1.amazonaws.com *.amazonaws.com https://s3.amazonaws.com http://*.hotjar.com https://*.hotjar.com *.typekit.net *.i-pulse.nl https://www.sportstad-utrecht.nl https://www.rotterdamsport.nl http://rotterdamsport.nl *.ip-studio.nl https://unieksportenwebapi.azurewebsites.net https://unieksportenwebapi-test.azurewebsites.net *.readspeaker.com *.blueconic.net *.twitter.com *.twimg.com *.google.nl *.googleapis.com *.google.com https://stats.g.doubleclick.net https://www.google-analytics.com *.facebook.com *.youtube.com https://i.ytimg.com https://cdn.i-pulse.nl *.unieksporten.nl https://www.readspeaker.com https://maps.googleapis.com https://maps.gstatic.com;                font-src 'self' 'unsafe-inline' data: *.vimeocdn.com *.unieksporten.nl *.vimeo.com *.typekit.net https://cdn-test.unieksporten.nl https://cdn.unieksporten.nl https://fonts.googleapis.com https://fonts.gstatic.com;                style-src 'self' 'unsafe-inline' *.vimeocdn.com *.botcopy.com *.unieksporten.nl *.scribit.pro *.kommunicate.io *.ip-studio.nl *.blueconic.net https://platform.twitter.com https://cdn-test.unieksporten.nl https://cdn.unieksporten.nl *.ip-studio.nl *.googleapis.com *.readspeaker.com ;                connect-src 'self' ws: cognito-identity.us-east-1.amazonaws.com https://googleads.g.doubleclick.net https://vimeo.com *.scribit.pro *.googlesyndication.com *.cookiebot.com *.tiktok.com *.botcopy.com *.vimeo.com *.unieksporten.nl https://stats.g.doubleclick.net https://sentry.io wss://socket4.applozic.com *.applozic.com wss://socket.applozic.com/ws *.twitter.com *.readspeaker.com *.applozic.com *.kommunicate.io *.googleapis.com *.hotjar.io http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com *.ip-studio.nl https://fondsgehandicaptensport.blueconic.net *.facebook.com *.addthis.com https://www.google.com https://www.google-analytics.com *.google-analytics.com *.google.com 1
frame-ancestors https://curiocity.teemew.com 1
child-src 'self'; default-src 'self' https://*.google.com https://*.googleapis.com https://*.stripe.com https://sc-static.net https://tr.snapchat.com; frame-src 'self' https://*.crazyegg.com https://*.stripe.com https://*.google.com https://consentcdn.cookiebot.com https://*.sj.se https://td.doubleclick.net/ https://tr.snapchat.com https://*.thehotelsnetwork.com; worker-src 'self' blob:; connect-src 'self' ws://localhost:* http://localhost:4000/graphql https://*.bestwestern.se/graphql https://*.bestwestern.com https://*.crazyegg.com https://content.web.bwhhotelgroup.com/stripe-pk.json https://*.doubleclick.net/ https://*.g.doubleclick.net https://*.google.com https://*.google.no https://*.google.dk https://*.google.se https://*.analytics.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://consentcdn.cookiebot.com https://*.clarity.ms/ https://*.bing.com https://api.maptiler.com https://sc-static.net https://tr6.snapchat.com/ https://tr.snapchat.com https://facebook.com/ https://www.facebook.com/ https://*.thehotelsnetwork.com https://*.sentry.io; font-src 'self' data: https://*.typekit.net https://*.gstatic.com; img-src 'self' data: https://bestwestern.se https://bestwestern.no https://bestwestern.dk https://*.bestwestern.se https://*.bestwestern.no https://*.bestwestern.dk https://*.crazyegg.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.gstatic.com https://maps.googleapis.com https://images.ctfassets.net https://imgsct.cookiebot.com/ https://*.google.no https://*.google.dk https://*.google.se https://*.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.bing.com https://www.facebook.com https://*.clarity.ms https://api.maptiler.com https://tr.snapchat.com https://storedevbwhs.blob.core.windows.net; manifest-src 'self'; media-src 'self' data:; object-src 'none'; script-src 'self' 'unsafe-eval' https://*.thehotelsnetwork.com 'sha256-fsJPdw9IOPY+jQHUJFolDvsicbhKMq1zygSgltL1WFE='; script-src-elem 'self' 'unsafe-inline' https://*.google.com https://*.google.no https://*.google.dk https://*.google.se https://*.googleadservices.com https://connect.facebook.net https://bat.bing.com https://*.clarity.ms https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.stripe.com https://*.cookiebot.com https://*.sj.se https://sc-static.net https://tr.snapchat.com https://*.thehotelsnetwork.com https://*.sentry-cdn.com http://script.crazyegg.com 'sha256-fsJPdw9IOPY+jQHUJFolDvsicbhKMq1zygSgltL1WFE='; style-src 'self' 'unsafe-inline' https://*.crazyegg.com https://*.googleapis.com https://*.googletagmanager.com https://*.typekit.net; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-e987011305d4c0dc79de4f2770da4149'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com www1.thewhiskyworld.com; base-uri 'self'; object-src 'none' 1
default-src 'self' self localhost:5000 10.3.0.7:5000 10.3.2.4:5000 *.topticketshop.nl *.topticketshop.eu *.topticketshop.io wss://www.topticketshop.nl ws://www.topticketshop.nl *.google-analytics.com cdn.ampproject.org *.google.nl *.google.com www.googletagmanager.com widget.trustpilot.com bat.bing.com www.googleadservices.com flex.msn.com googleads.g.doubleclick.net ws://topticketshop.nl connect.facebook.net www.facebook.com optimize.google.com fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net api.livechatinc.com www.google.ie *.bitpay.com bitpay.com *.trustpilot.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.mouseflow.com *.criteo.com assets.website-files.com use.typekit.net p.scdn.co;script-src 'self' 'unsafe-inline' 'unsafe-eval' self localhost:5000 10.3.0.7:5000 10.3.2.4:5000 *.topticketshop.nl *.topticketshop.eu *.topticketshop.io wss://www.topticketshop.nl ws://www.topticketshop.nl *.google-analytics.com cdn.ampproject.org *.google.nl *.google.com www.googletagmanager.com widget.trustpilot.com bat.bing.com www.googleadservices.com flex.msn.com googleads.g.doubleclick.net ws://topticketshop.nl connect.facebook.net www.facebook.com optimize.google.com fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net api.livechatinc.com www.google.ie *.bitpay.com bitpay.com *.trustpilot.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.mouseflow.com *.criteo.com assets.website-files.com use.typekit.net www.topticketshop.io az416426.vo.msecnd.net ajax.googleapis.com ajax.aspnetcdn.com res.cloudinary.com cdn.mathjax.org www.dwin1.com www.awin1.com *.criteo.net *.queue-it.net cdnjs.cloudflare.com cdn.jsdelivr.net cdn.livechatinc.com chat.livechatinc.net www.google-analytics.com *.buckaroo.nl *.buckaroo.io *.samenresultaat.nl wt1.rqtrk.eu apis.google.com partners.webmasterplan.com www.zenaps.com fp.zenaps.com secure.livechatinc.com;object-src 'self' blob:;style-src 'self' 'unsafe-inline' self localhost:5000 10.3.0.7:5000 10.3.2.4:5000 *.topticketshop.nl *.topticketshop.eu *.topticketshop.io wss://www.topticketshop.nl ws://www.topticketshop.nl *.google-analytics.com cdn.ampproject.org *.google.nl *.google.com www.googletagmanager.com widget.trustpilot.com bat.bing.com www.googleadservices.com flex.msn.com googleads.g.doubleclick.net ws://topticketshop.nl connect.facebook.net www.facebook.com optimize.google.com fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net api.livechatinc.com www.google.ie *.bitpay.com bitpay.com *.trustpilot.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.mouseflow.com *.criteo.com assets.website-files.com use.typekit.net maxcdn.bootstrapcdn.com *.buckaroo.nl *.buckaroo.io cdnjs.cloudflare.com;img-src 'self' self localhost:5000 10.3.0.7:5000 10.3.2.4:5000 *.topticketshop.nl *.topticketshop.eu *.topticketshop.io wss://www.topticketshop.nl ws://www.topticketshop.nl *.google-analytics.com cdn.ampproject.org *.google.nl *.google.com www.googletagmanager.com widget.trustpilot.com bat.bing.com www.googleadservices.com flex.msn.com googleads.g.doubleclick.net ws://topticketshop.nl connect.facebook.net www.facebook.com optimize.google.com fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net api.livechatinc.com www.google.ie *.bitpay.com bitpay.com *.trustpilot.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.mouseflow.com *.criteo.com assets.website-files.com use.typekit.net *.cloudinary.com res.cloudinary.com s3-eu-west-1.amazonaws.com www.dwin1.com www.awin1.com data: *.livechatinc.com *.feedbackcompany.nl *.doubleclick.net www.google-analytics.com www.google.com www.google.nl ssl.gstatic.com www.zenaps.com zijn.samenresultaat.nl blob: i.scdn.co;media-src 'self' self localhost:5000 10.3.0.7:5000 10.3.2.4:5000 *.topticketshop.nl *.topticketshop.eu *.topticketshop.io wss://www.topticketshop.nl ws://www.topticketshop.nl *.google-analytics.com cdn.ampproject.org *.google.nl *.google.com www.googletagmanager.com widget.trustpilot.com bat.bing.com www.googleadservices.com flex.msn.com googleads.g.doubleclick.net ws://topticketshop.nl connect.facebook.net www.facebook.com optimize.google.com fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net api.livechatinc.com www.google.ie *.bitpay.com bitpay.com *.trustpilot.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.mouseflow.com *.criteo.com assets.website-files.com use.typekit.net *.cloudinary.com cdn.livechatinc.com blob: i.scdn.co;frame-src widget.eu.criteo.com *.trustpilot.com secure.livechatinc.com gum.criteo.com dis.eu.criteo.com static.criteo.net *.feedbackcompany.nl zijn.samenresultaat.nl *.google.com *.google.nl www.facebook.com www.zenaps.com optimize.google.com;font-src 'self' self localhost:5000 10.3.0.7:5000 10.3.2.4:5000 *.topticketshop.nl *.topticketshop.eu *.topticketshop.io wss://www.topticketshop.nl ws://www.topticketshop.nl *.google-analytics.com cdn.ampproject.org *.google.nl *.google.com www.googletagmanager.com widget.trustpilot.com bat.bing.com www.googleadservices.com flex.msn.com googleads.g.doubleclick.net ws://topticketshop.nl connect.facebook.net www.facebook.com optimize.google.com fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net api.livechatinc.com www.google.ie *.bitpay.com bitpay.com *.trustpilot.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.mouseflow.com *.criteo.com assets.website-files.com use.typekit.net maxcdn.bootstrapcdn.com cdn.livechatinc.com themes.googleusercontent.com data:;connect-src 'self' self localhost:5000 10.3.0.7:5000 10.3.2.4:5000 *.topticketshop.nl *.topticketshop.eu *.topticketshop.io wss://www.topticketshop.nl ws://www.topticketshop.nl *.google-analytics.com cdn.ampproject.org *.google.nl *.google.com www.googletagmanager.com widget.trustpilot.com bat.bing.com www.googleadservices.com flex.msn.com googleads.g.doubleclick.net ws://topticketshop.nl connect.facebook.net www.facebook.com optimize.google.com fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net api.livechatinc.com www.google.ie *.bitpay.com bitpay.com *.trustpilot.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.mouseflow.com *.criteo.com assets.website-files.com use.typekit.net wss://www.topticketshop.io ws://www.topticketshop.io act.samenresultaat.nl www.feedbackcompany.com dc.services.visualstudio.com fp.zenaps.com cdn.livechatinc.com *.buckaroo.nl *.buckaroo.io api.spotify.com;child-src self localhost:5000 10.3.0.7:5000 10.3.2.4:5000 *.topticketshop.nl *.topticketshop.eu *.topticketshop.io wss://www.topticketshop.nl ws://www.topticketshop.nl *.google-analytics.com cdn.ampproject.org *.google.nl *.google.com www.googletagmanager.com widget.trustpilot.com bat.bing.com www.googleadservices.com flex.msn.com googleads.g.doubleclick.net ws://topticketshop.nl connect.facebook.net www.facebook.com optimize.google.com fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net api.livechatinc.com www.google.ie *.bitpay.com bitpay.com *.trustpilot.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.mouseflow.com *.criteo.com assets.website-files.com use.typekit.net secure.livechatinc.com;form-action 'self' self localhost:5000 10.3.0.7:5000 10.3.2.4:5000 *.topticketshop.nl *.topticketshop.eu *.topticketshop.io wss://www.topticketshop.nl ws://www.topticketshop.nl *.google-analytics.com cdn.ampproject.org *.google.nl *.google.com www.googletagmanager.com widget.trustpilot.com bat.bing.com www.googleadservices.com flex.msn.com googleads.g.doubleclick.net ws://topticketshop.nl connect.facebook.net www.facebook.com optimize.google.com fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net api.livechatinc.com www.google.ie *.bitpay.com bitpay.com *.trustpilot.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.mouseflow.com *.criteo.com assets.website-files.com use.typekit.net ajax.googleapis.com ajax.aspnetcdn.com res.cloudinary.com cdn.mathjax.org testcheckout.buckaroo.nl checkout.buckaroo.nl pay.buckaroo.nl *.buckaroo.nl *.buckaroo.io www.abnamro.nl ideal.ing.nl diensten.asnbank.nl ideal2.knab.nl betalen.rabobank.nl diensten.regiobank.nl diensten.snsbank.nl ideal.triodos.nl app.n26.com www.nn.nl ideal.vanlanschotkempen.com ideal.bunq.com ideal.revolut.com pay.bitsafe.com applepay.buckaroo.io www.belfius.be www.kbc.be routing.eps.or.at r3.girogate.de checkout.trustly.com multibanco.secure.girogate.de mbway.secure.girogate.de *.nexigroup.com *.przelewy24.pl zijn.samenresultaat.nl;frame-ancestors secure.livechatinc.com *.feedbackcompany.nl 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com  1
default-src * 'unsafe-inline' 'unsafe-eval'; connect-src https://* wss://api.scaledrone.com/v3/websocket wss://ff.kis.v2.scr.kaspersky-labs.com; worker-src https://tetatet-club.ru/ https://www.gstatic.com/ https://mc.yandex.ru/ https://mc.yandex.com/ https://an.yandex.ru/ https://yandex.ru/ https://yastatic.net blob: *; frame-src https://* wss://ff.kis.v2.scr.kaspersky-labs.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* wss://ff.kis.v2.scr.kaspersky-labs.com https://www.gstatic.com/ https://mc.yandex.ru https://mc.yandex.com https://yandex.ru https://yastatic.net https://an.yandex.ru https://yandex.net https://www.google-analytics.com https://www.googletagmanager.com;img-src * blob: * data: https://* wss://ff.kis.v2.scr.kaspersky-labs.com; media-src * data: https://* wss://ff.kis.v2.scr.kaspersky-labs.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.episerver.net *.cookiebot.com www.googletagmanager.com *.googletagmanager.com tagmanager.google.com *.google-analytics.com analytics.google.com dc.services.visualstudio.com connect.facebook.net *.fls.doubleclick.net adservice.google.com googleads.g.doubleclick.net js.monitor.azure.com service.mtcaptcha.com service2.mtcaptcha.com code.jquery.com netdna.bootstrapcdn.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com tools.euroland.com/tools/common/eurolandiframeautoheight/eurolandtoolsintegrationobject.js cookie-script.com cdn.cookie-script.com videobot.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.atria.fi *.atria.se *.atria.com *.atriaammattilaiset.fi *.lihakauppa.fi *.jyvabroiler.fi *.solitaonline.fi; frame-src 'self' data: *.doubleclick.net www.facebook.com *.facebook.com *.fbcdn.net connect.facebook.net consentcdn.cookiebot.com tagmanager.google.com www.googletagmanager.com tools.eurolandir.com tools.euroland.com service.mtcaptcha.com videobot.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.atria.fi *.atria.se *.atria.com *.atriaammattilaiset.fi *.lihakauppa.fi *.jyvabroiler.fi *.solitaonline.fi; frame-ancestors 'self' *.atria.fi *.atria.se *.atria.com *.atriaammattilaiset.fi *.lihakauppa.fi *.jyvabroiler.fi *.solitaonline.fi; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://*.youtube.com https://apps.bazaarvoice.com https://js-gent.newrelic.com https://play.google.com https://jnn-pa.googleapis.com https://ct.pinterest.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://vjs.zencdn.net maps.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://sfapi.formstack.io https://www.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://s.pinimg.com https://js.adsrvr.org/up_loader.1.1.0.js https://analytics.tiktok.com https://apps.bazaarvoice.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://maps.googleapis.com https://js-agent.newrelic.com/ https://*.youtube.com https://play.google.com https://jnn-pa.googleapis.com https://ct.pinterest.com https://vjs.zencdn.net maps.googleapis.com; style-src 'self' 'unsafe-inline' https://formsprod.azureedge.net https://fonts.googleapis.com https://js-agent.newrelic.com/ https://jnn-pa.googleapis.com https://ct.pinterest.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; frame-ancestors 'self' 1
default-src 'self'; connect-src https://*.logitech.io 'self'; img-src 'self'; font-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; 1
default-src 'self' blob:;img-src https: *.google-analytics.com 'self' * data: blob:;style-src 'self' https: 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.botion.com *.alphax.com *.alphaxpro.app *.hydeex.com *.webpushs.com *.legendtrading.com *.sendpulse.com *.bing.com *.googletagmanager.com static.zdassets.com *.google-analytics.com ajax.cloudflare.com *.geetest.com *.qbox.me *.zopim.com *.tradingview.com *.twitter.com *.ads-twitter.com *.recaptcha.net *.google.com *.facebook.net *.facebook.com *.gstatic.com *.doubleclick.net *.googleadservices.com *.volccdn.com *.ibytedtos.com fpnpmcdn.net fpcdn.io *.prdredir.com *.geevisit.com *.mql5.com *.taboola.com *.ads-twitter.com *.yandex.ru;script-src-elem 'self' 'unsafe-inline' *;connect-src 'self' 'unsafe-inline' * data: blob: *.fptls.com api.fpjs.io *.api.fpjs.io fp.alphax.com fp.hydeex.com;form-action 'self' *.facebook.com *.facebook.net *.advcash.com *.mrcr.io *.mercuryo.io;frame-src 'self' * blob:;object-src 'none';font-src 'self' * data:;media-src 'self' *;manifest-src 'self' 'unsafe-inline' 'unsafe-eval';worker-src * blob:;child-src * blob: 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; img-src * data: blob:; frame-src *; font-src * data:; connect-src *; media-src *; object-src *; child-src *; form-action *; frame-ancestors *; base-uri *; 1
default-src 'self' https: wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; worker-src blob: 1
frame-ancestors https://sell.totaram.com https://www.totaram.com 1
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; frame-ancestors 'self'; form-action 'self' 1
default-src 'self'; object-src 'self' data: https://evul.ee; connect-src 'self' data: https://scorestorybook.ee *.ssb.ee *.webpushr.com *.unsplash.com *.pexels.com *.google-analytics.com https://vc.hotjar.io:* wss://internal.ssb.ee:8074 https://in.hotjar.com/api/v2/client/sites/1684639/visit-data https://stats.g.doubleclick.net/j/collect https://www.facebook.com/tr/ https://www.google-analytics.com/j/collect wss://ssb.ee:8076 wss://ssb.ee:8077 wss://scorestorybook.ee:8076 wss://scorestorybook.ee:8077 https://maps.googleapis.com; font-src 'self' data: https://scorestorybook.ee https://ssb.ee https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://web.facebook.com https://evul.ee https://www.facebook.com https://www.tiktok.com https://www.instagram.com https://www.youtube.com https://static.addtoany.com https://vars.hotjar.com https://www.google.com; img-src 'self' * *.ee blob: data: https://secure.gravatar.com/avatar/ https://i.ytimg.com https://scorestorybook.ee https://img.youtube.com https://images.unsplash.com https://googleads.g.doubleclick.net https://static.ssb.ee https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.ee *.accountex.ee; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://pistik.ssb.ee https://scorestorybook.ee https://www.tiktok.com https://ssb.ee https://static.addtoany.com https://www.gstatic.com *.ttwstatic.com *.webpushr.com *.facebook.net *.googleapis.com *.googleadservices.com *.google.ee *.lfeeder.com https://*.hotjar.com https://www.googleadservices.com/pagead/conversion_async.js https://*.gstatic.com https://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js https://cdnjs.cloudflare.com/ajax/libs/jqcloud/1.0.4/jqcloud-1.0.4.min.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/749588238881287 https://static.addtoany.com/menu/page.js https://static.hotjar.com/c/hotjar-1684639.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/1p-conversion/692627918/ https://www.google.com/pagead/conversion_async.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/6pQzWaE1NP-gB4FrqRViKjM-/recaptcha__en.js https://www.youtube.com/player_api https://*.youtube.com; style-src 'self' 'unsafe-inline' https://scorestorybook.ee *.scorestorybook.ee *.ssb.ee *.gstatic.com *.ttwstatic.com https://fonts.googleapis.com/ https://use.fontawesome.com/releases/v5.7.2/css/; frame-ancestors 'self' *.ee http://suureparasedsuupisted.ee/ https://suureparasedsuupisted.ee/ *.com *.eu *.net *.org; base-uri 'self'; form-action 'self' https://*.maksekeskus.ee https://kreedix.ee https://group.kreedix.ee https://facebook.com https://www.facebook.com/tr/; report-uri https://62557e0a851a6e55b76236d0.endpoint.csper.io/?v=3; 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://www.google.com https://www.gstatic.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.sentry.io https://api.bullet-train.io https://apis.postcode-jp.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://www.google.com https://recaptcha.google.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; frame-ancestors 'self' https://www.google.com; img-src data: blob: 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
frame-ancestors 'self' 'https://www.corianquartz.com' 'http://corian-uk.telkeadev.lu' 'http://corian-us.telkeadev.lu' 'https://www.corian.com' 'https://www.corian.uk' 'https://www.corian.it' 'https://www.corian.fr' 'https://www.corian.de' 'https://www.corian.es' 'https://dps-coriantools.azurewebsites.net' 'https://www.colors.corian.com' 'https://market.bimsmith.com' 'https://www.youtube.com' 'https://youtu.be' 'https://fr.zone-secure.net' 'https://content.zone-secure.net' 'http://en-gb-corian.azureedge.net' 'https//code.metalocator.com' 'http://dpscrm.force.com' 'http://player.youku.com' 'https://yuntu.amap.com' 'http://yingkebao.top'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.hsforms.com *.amazonaws.com *.teads.tv *.beda.systems *.azurewebsites.net *.brisbane.qld.au vercel.live *.vercel.app *.doubleclick.net sketchfab.com *.gstatic.com apps.sitecore.net connect.facebook.net www.facebook.com *.google.com www.googletagmanager.com www.google-analytics.com *.sharethis.com *.apple.com rss.app www.youtube.com *.ytimg.com starling.crowdriff.com *.cloudfront.net *.cloudflarestream.com *.atdw-online.com.au *.podio.com *.yimg.com *.linkedin.oribi.io *.linkedin.com airtable.com *.vercel-insights.com *.wisepops.com wisepops.net *.adsrvr.org *.clarity.ms https://api.cloudflare.com ib.adnxs.com ugc-gallery-clips.crowdriff.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hsforms.net *.teads.tv *.beda.systems *.vercel.app *.azurewebsites.net *.brisbane.qld.au vercel.live script.crazyegg.com sketchfab.com *.gstatic.com connect.facebook.net www.facebook.com *.google.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net *.sharethis.com *.apple.com rss.app www.youtube.com *.ytimg.com starling.crowdriff.com *.cloudfront.net *.cloudflarestream.com *.atdw-online.com.au *.podio.com *.airtable.com *.yimg.com *.ads-twitter.com secure.quantserve.com snap.licdn.com *.quantcount.com https://static.cloudflareinsights.com *.wisepops.com wisepops.net *.adnxs.com *.adsrvr.org *.clarity.ms;img-src 'self' *.teads.tv  *.beda.systems *.vercel.app mc-c55e1dc3-7362-48d7-a479-6476-cm.azurewebsites.net mc-c55e1dc3-7362-48d7-a479-6476-cm-staging.azurewebsites.net mc-c55e1dc3-7362-48d7-a479-6476-cd.azurewebsites.net mc-c55e1dc3-7362-48d7-a479-6476-cd-staging.azurewebsites.net *.brisbane.qld.au *.dev.local vercel.live sketchfab.com *.gstatic.com *.facebook.com *.google.com www.google-analytics.com www.google.com.au *.doubleclick.net *.sharethis.com *.apple.com rss.app www.youtube.com *.ytimg.com starling.crowdriff.com *.cloudfront.net *.cloudflarestream.com *.atdw-online.com.au *.podio.com *.yahoo.com *.quantserve.com *.linkedin.com t.co *.twitter.com *.sojern.com data: *.zprk.io *.wisepops.com *.adnxs.com *.adsrvr.org *.clarity.ms *.bing.com c1.adform.net;style-src 'self' 'unsafe-inline' *.beda.systems *.vercel.app *.azurewebsites.net *.brisbane.qld.au *.dev.local vercel.live sketchfab.com *.gstatic.com connect.facebook.net www.facebook.com *.google.com fonts.googleapis.com *.sharethis.com *.apple.com rss.app www.youtube.com *.ytimg.com starling.crowdriff.com *.cloudfront.net *.cloudflarestream.com *.atdw-online.com.au *.podio.com;font-src 'self' 'unsafe-inline' *.beda.systems *.vercel.app *.azurewebsites.net *.brisbane.qld.au *.dev.local vercel.live sketchfab.com *.gstatic.com *.facebook.com *.google.com *.doubleclick.net *.sharethis.com *.apple.com rss.app www.youtube.com *.ytimg.com starling.crowdriff.com *.cloudfront.net *.cloudflarestream.com *.atdw-online.com.au *.podio.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self'; 1
default-src * 'unsafe-inline' 'unsafe-eval' data:;media-src     'self'     blob:     https://*.speechstream.net;object-src 'none'; 1
default-src https:; connect-src https:; font-src 'self' https: data: https:; frame-src https: rldb:; frame-ancestors https:; img-src 'self' https: blob: data:; media-src https: blob:; object-src https:; style-src 'unsafe-inline' https:; worker-src blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; 1
default-src 'self';     font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.fontawesome.com;           frame-src 'self' *.google.com *.youtube.com;           script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com  fonts.googleapis.com *.gstatic.com *.bing.com *.google-analytics.com *.googletagmanager.com *.virtualearth.net *.fontawesome.com  www.p.zjptg.com;          connect-src 'self' *.bing.com *.fontawesome.com *.google-analytics.com *.googletagmanager.com www.p.zjptg.com www.sjwoe.com clicks.tyuwq.com;           img-src 'self' data: *.passportcorporate.com *.google-analytics.com *.googletagmanager.com *.virtualearth.net *.bing.com *.fontawesome.com;           style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.passportcorporate.com *.bing.com *.virtualearth.net *.fontawesome.com;      base-uri 'self'; form-action 'self' *.passportcorporate.com *.pasportdining.com www.microsoftprime.com oracleperks.com *.microsoftonline.com; 1
frame-ancestors 'self' https://*.kameleoon.com https://h7vcu8taur.kameleoon.eu https://dtvktbn6qk.kameleoon.eu https://*.kameleoon.io https://portal.decibel.com 1
frame-ancestors 'self' https://visionexpress.hu:*;  worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.arukereso.hu/widget/ https://map.gls-hungary.com  https://polyfill.io https://*.luxottica.com https://cwdlatest.botoffice.net/cwdlatest/js/WCWSocket2.js https://acdn.adnxs.com  https://cdn.mookie1.com/containr.js https://cwdlatest.botoffice.net https://code.createjs.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://acdn.adnxs.com https://connect.facebook.net https://www.googletagmanager.com https://static.fittingbox.com/ https://maps.googleapis.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://assets.arukereso.com/; frame-src 'self' https://www.facebook.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://static.fittingbox.com/ https://vars.hotjar.com  https://www.youtube-nocookie.com/;  1
frame-src 'self' *.amazon.de *.cookiebot.com *.google.com *.paypal.com *.prismic.io *.vimeo.com; frame-ancestors 'self'; upgrade-insecure-requests; 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-src blob: *; 1
default-src 'self'; script-src 'self' 'report-sample' 'unsafe-eval' 'strict-dynamic' 'sha256-km7Z7Q/deuGnP1CMlC9+RCOTa0uat5E0irIAoiuErFk=' https://www.aparat.com/embed/W4lIv https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://optimize.google.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/api.js 'nonce-5f36fc95720d9569aef06f83c1c64c521ead05cf'; style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com/css https://optimize.google.com/; object-src 'none'; base-uri 'self' about:; connect-src 'self' https://www.google-analytics.com/ https://region1.analytics.google.com/ https://mc.webvisor.org/ https://mc.yandex.ru/ https://heapanalytics.com/ https://analytics.google.com/ https://adservice.google.com/ https://stats.g.doubleclick.net/ https://audience.yektanet.com/api/v1/scripts/preview/validate/ https://ua.yektanet.com/__fake.gif https://ma-cdn.pegah.tech/v1/retargeting/46320/advertiser.json https://sentry.pegah.tech/api/229/store/ https://api.mediaad.org/ https://mc.yandex.md/ https://p.dongi.ir/; font-src 'self' data: https://fonts.gstatic.com/ https://www.google-analytics.com/ https://s3.ir-thr-at1.arvanstorage.com/fontsfsf/; frame-src 'self' https://www.aparat.com/video/video/embed/videohash/ https://chat.dongi.ir/ https://www.google.com/recaptcha/ https://optimize.google.com/ https://www.googletagmanager.com/ https://tpc.googlesyndication.com/ https://app.didar.me/customer/form/48bd7934-f7be-4ecc-a171-0e8218ed0726 https://ua.yektanet.com/cookie/iframe/ https://mc.yandex.ru/ https://td.doubleclick.net/ https://mediacdn.mediaad.org/; img-src 'self' data: blob: https://cdn.dongi.ir/ https://mc.webvisor.org/ https://mc.yandex.ru/ https://heapanalytics.com/ https://ssl.google-analytics.com/ https://www.google-analytics.com/ https://fonts.gstatic.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://trustseal.enamad.ir/ https://cf.ifb.ir/report/ https://analytics.google.com/ https://optimize.google.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://stats.g.doubleclick.net/ https://www.google.com/; manifest-src 'self'; media-src 'self' blob: https://cdn.dongi.ir/; worker-src 'self'; frame-ancestors 'self' https://trustseal.enamad.ir/; report-uri /base/security/csp 1
default-src 'self' data: feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com https://mpsnare.iesnare.com https://wtbng.pricespider.com https://wtbstream.pricespider.com https://embeddedcloud.pricespider.com https://omni.pricespider.com https://locate.pricespider.com https://wtbevents.pricespider.com https://cdn.pricespider.com api.tiles.mapbox.com *.youtube.com *.google.com static.doubleclick.net *.bazaarvoice.com c.lytics.io pghub.io *.pghub.io cdn.segment.com *.pricespider.com *.facebook.net *.googletagmanager.com *.google-analytics.com cdn.cookielaw.org pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://cdn.pricespider.com api.tiles.mapbox.com cdn.pricespider.com display.ugc.bazaarvoice.com c.lytics.io feed.pghub.io pandg.tapad.com ; img-src 'self' data: https://cdn.pricespider.com https://wwwassets.pricespider.com https://embeddedcloud.pricespider.com https://www.facebook.com *.doubleclick.net *.bazaarvoice.com *.cookielaw.org display.ugc.bazaarvoice.com *.pricespider.com cdn.pricespider.co yt3.ggpht.com i.ytimg.com network.bazaarvoice.com match.adsrvr.org c.lytics.io pixel.tapad.com images.ctfassets.net *.google-analytics.com feed.pghub.io pandg.tapad.com ; font-src 'self' data: fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src 'self' https://privacytermsprod.azureedge.net *.pricespider.com *.mapbox.com *.google.com jnn-pa.googleapis.com *.google.com https://stats.g.doubleclick.net googleads.g.doubleclick.net *.bazaarvoice.com *.algolia.net cdn.segment.com api.segment.io match.adsrvr.org cdn.cookielaw.org *.google-analytics.com region1.google-analytics.com cdn.cookielaw.org feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net feed.pghub.io pandg.tapad.com ; frame-src 'self' *.bazaarvoice.com *.doubleclick.net https://www.facebook.com consumersupport.pg.com *.youtube.com pandg.tapad.com feed.pghub.io ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; 1
base-uri 'none'; default-src 'none'; child-src blob:; font-src data: https://assets.filmmakers.eu; img-src 'self' data: blob: android-webview-video-poster: android-webview: https://filmmakers-eu-west-1.s3.eu-west-1.amazonaws.com https://assets.filmmakers.eu https://imgproxy.filmmakers.eu https://static.filmmakers.eu https://maps.gstatic.com https://cd.filmmakers.eu https://www.ufa-base.de https://www.troeber-castingbase.de https://www.filmpool-casting.de https://www.pro.castupload.com; media-src https://static.filmmakers.eu; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'report-sample' https://assets.filmmakers.eu https://maps.googleapis.com 'nonce-hpFqHF/PA66JOCXldWfb2w=='; style-src 'unsafe-inline' https://assets.filmmakers.eu; connect-src 'self' https://filmmakers-eu-west-1.s3.eu-west-1.amazonaws.com https://o4507482697236480.ingest.de.sentry.io/ https://maps.googleapis.com; block-all-mixed-content; manifest-src 'self' https://assets.filmmakers.eu; frame-ancestors 'none'; report-uri https://o4507482697236480.ingest.de.sentry.io/api/4507662493548624/security/?sentry_key=35ac7252a353c6fb38ef154dcdb35d30 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' js.honeybadger.io js.authorize.net jstest.authorize.net cdn.jsdelivr.net assets0.zendesk.com static.zdassets.com pod-19.zendesk.com; style-src 'self' 'unsafe-inline' assets0.zendesk.com; worker-src 'self' blob: 1
frame-ancestors 'self' https://*.cartradeexchange.com 1
frame-ancestors 'self' http://localhost:3030 https://grate-cms.gr-dev.com https://grate-cms.dev.gri.rate.com https://grate-cms.prate-dev.com https://grate-cms.prate-stage.com https://grate-cms.gr-stage.com grate-cms-stage.dev.gri.rate.com https://grate-cms.gra-stage.com https://*.rate.com https://*.grarate.com https://*.properrate.com https://*.originpoint.com https://www.atproperties.com https://atproperties.com https://www.myatproperties.com https://myatproperties.com https://www.staging.atproperties.com https://staging.atproperties.com https://www.staging-website.myatproperties.com https://staging-website.myatproperties.com http://www.website.local http://website.local https://www.venturephilly.com https://venturephilly.com https://www.corcoranpacific.com https://corcoranpacific.com https://*.yextpages.net http://*.yextpages.net https://rcm.rockco.com https://www.yourhomehub.com/ https://yourhomehub.com https://kbhshomeloans.com https://www.kbhshomeloans.com https://citywidehomeloans.com https://www.citywidehomeloans.com https://citywidehm.com https://www.citywidehm.com https://certaintyhomeloans.com https://www.certaintyhomeloans.com https://premiarelocationmortgage.com https://www.premiarelocationmortgage.com https://equitymortgagegroup.com https://www.equitymortgagegroup.com https://ansleyre.com https://www.ansleyre.com https://owning.com https://www.owning.com https://advhypo.morningstar.com https://advhypo-uat.morningstar.com https://awsstghypo.morningstar.com https://awse2webqa.morningstar.com https://dev.certaintyhomelending.com https://staging.certaintyhomelending.com https://certaintyhomelending.com https://searchdfwareahomes.com https://www.searchdfwareahomes.com https://www.ericatexada.com https://www.sellatexashome.com https://ericatexada-brawnsterling.sites.erarealestate.com https://www.brawnsterling.com https://www.discoverrealestate.org https://www.corcoran.com https://www.remopacker.com https://remopacker.com 1
base-uri 'none'; frame-ancestors 'self' https:; script-src 'nonce-c3360d57-0c65-45b2-8988-78b852035313' 'strict-dynamic' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://o191354.ingest.sentry.io/api/1804128/security/?sentry_key=c70af02fd39547c19e9c93a469bd1584 1
frame-ancestors 'self' https://manage.watertechonline.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src https: 'unsafe-eval' 'unsafe-inline' 'self' data: blob:; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://thriftynet:357 https://www.thriftynet.co.uk:357 https://thriftynet.co.uk:357 https://thriftynet https://www.thriftynet.co.uk https://thriftynet.co.uk https://refresh.switchcarrental.co.uk https://www.switchcarrental.co.uk https://switchcarrental.co.uk; 1
form-action 'self' *.list-manage.com *.mollie.com *.facebook.com; 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.flixfacts.com *.flix360.io *.flix360.com https://media.flixcar.com *.media.flixcar.com media.flixcar.com media.flixfacts.com logo.flixfacts.co.uk media.flixsyndication.net t.flix360.com Syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com https://e-crowngroup.freshchat.com/js/widget.js https://acdn.adnxs.com/dmp/up/pixie.js https://c.usebeon.io/loader/v5.js https://mc.yads.tech/int.js https://bcp.crwdcntrl.net/5/c=11255/b=103171996?gtmcb=1406265631 *.freshchat.com *.yandex.ru *.usebeon.io *.adnxs.com *.yads.tech *.sharethis.com https://gw-iad-bid.ymmobi.com/dsp/user/sync?dspid=eWFuZGV4X2RzcA==&dspuid=C0F31FE4715E8D69&callback=https%3A%2F%2Fyandex.ru%2Fan%2Fmapuid%2Fyeahmobissp%2F%7Bym_user_id%7D https://t.adx.opera.com/sync?vendor=60143&uid=3DF66DDB1EFC10CA&int_integration=1 https://yandex.ru/an/mapuid/yeahmobissp/ym_user_bc60770c-f121-4777-8b77-a9daf826c20c https://cm.g.doubleclick.net/pixel?google_nid=opera_norway_as&google_ula=8190636370&google_hm=T1BVZmYxYzg0ZTNmMzQ3NDc3ZWE3OGZjNDA2MzQ2YTBjZDk&google_cm *.facebook.com connect.facebook.net *.commercepartnerhub.com https://cdn-icons-png.flaticon.com/512/1384/1384023.png data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.flixfacts.com *.flix360.io *.flix360.com https://media.flixcar.com *.media.flixcar.com media.flixcar.com media.flixfacts.com logo.flixfacts.co.uk media.flixsyndication.net t.flix360.com Syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com https://e-crowngroup.freshchat.com/js/widget.js https://acdn.adnxs.com/dmp/up/pixie.js https://c.usebeon.io/loader/v5.js https://mc.yads.tech/int.js https://bcp.crwdcntrl.net/5/c=11255/b=103171996?gtmcb=1406265631 *.freshchat.com *.yandex.ru *.usebeon.io *.adnxs.com *.yads.tech *.sharethis.com https://gw-iad-bid.ymmobi.com/dsp/user/sync?dspid=eWFuZGV4X2RzcA==&dspuid=C0F31FE4715E8D69&callback=https%3A%2F%2Fyandex.ru%2Fan%2Fmapuid%2Fyeahmobissp%2F%7Bym_user_id%7D https://t.adx.opera.com/sync?vendor=60143&uid=3DF66DDB1EFC10CA&int_integration=1 https://yandex.ru/an/mapuid/yeahmobissp/ym_user_bc60770c-f121-4777-8b77-a9daf826c20c https://cm.g.doubleclick.net/pixel?google_nid=opera_norway_as&google_ula=8190636370&google_hm=T1BVZmYxYzg0ZTNmMzQ3NDc3ZWE3OGZjNDA2MzQ2YTBjZDk&google_cm *.facebook.com *.commercepartnerhub.com https://cdn-icons-png.flaticon.com/512/1384/1384023.png 'self' 'unsafe-inline'; frame-ancestors none *.mundipagg.com *.movidesk.com *.amazonaws.com *.googletagmanager.com *.google.com *.google.com.br *.youtube.com *.newrelic.com *.nr-data.net *.facebook.net *.facebook.com *.trustvox.com.br trustvox.com.br *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.flixfacts.com *.flix360.io *.flix360.com https://media.flixcar.com *.media.flixcar.com media.flixcar.com media.flixfacts.com logo.flixfacts.co.uk media.flixsyndication.net t.flix360.com Syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com https://e-crowngroup.freshchat.com/js/widget.js https://acdn.adnxs.com/dmp/up/pixie.js https://c.usebeon.io/loader/v5.js https://mc.yads.tech/int.js https://bcp.crwdcntrl.net/5/c=11255/b=103171996?gtmcb=1406265631 *.freshchat.com *.yandex.ru *.usebeon.io *.adnxs.com *.yads.tech *.sharethis.com https://gw-iad-bid.ymmobi.com/dsp/user/sync?dspid=eWFuZGV4X2RzcA==&dspuid=C0F31FE4715E8D69&callback=https%3A%2F%2Fyandex.ru%2Fan%2Fmapuid%2Fyeahmobissp%2F%7Bym_user_id%7D https://t.adx.opera.com/sync?vendor=60143&uid=3DF66DDB1EFC10CA&int_integration=1 https://yandex.ru/an/mapuid/yeahmobissp/ym_user_bc60770c-f121-4777-8b77-a9daf826c20c https://cm.g.doubleclick.net/pixel?google_nid=opera_norway_as&google_ula=8190636370&google_hm=T1BVZmYxYzg0ZTNmMzQ3NDc3ZWE3OGZjNDA2MzQ2YTBjZDk&google_cm connect.facebook.net *.commercepartnerhub.com https://cdn-icons-png.flaticon.com/512/1384/1384023.png 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.mundipagg.com *.zopim.com *.movidesk.com *.amazonaws.com *.sunset.systems *.googletagmanager.com *.google.com *.google.com.br *.performa.ai *.ebit.com.br *.tawk.to *.bizcommerce.com.br/ youtube.com *.doubleclick.net *.newrelic.com *.nr-data.net https://www.googletagmanager.com/ *.facebook.net *.facebook.com *.trustvox.com.br trustvox.com.br *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.addthis.com *.pinterest.com *.flixfacts.com *.flix360.io *.flix360.com https://media.flixcar.com *.media.flixcar.com media.flixcar.com media.flixfacts.com logo.flixfacts.co.uk media.flixsyndication.net t.flix360.com Syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com https://e-crowngroup.freshchat.com/js/widget.js https://acdn.adnxs.com/dmp/up/pixie.js https://c.usebeon.io/loader/v5.js https://mc.yads.tech/int.js https://bcp.crwdcntrl.net/5/c=11255/b=103171996?gtmcb=1406265631 *.freshchat.com *.yandex.ru *.usebeon.io *.adnxs.com *.yads.tech *.sharethis.com https://gw-iad-bid.ymmobi.com/dsp/user/sync?dspid=eWFuZGV4X2RzcA==&dspuid=C0F31FE4715E8D69&callback=https%3A%2F%2Fyandex.ru%2Fan%2Fmapuid%2Fyeahmobissp%2F%7Bym_user_id%7D https://t.adx.opera.com/sync?vendor=60143&uid=3DF66DDB1EFC10CA&int_integration=1 https://yandex.ru/an/mapuid/yeahmobissp/ym_user_bc60770c-f121-4777-8b77-a9daf826c20c https://cm.g.doubleclick.net/pixel?google_nid=opera_norway_as&google_ula=8190636370&google_hm=T1BVZmYxYzg0ZTNmMzQ3NDc3ZWE3OGZjNDA2MzQ2YTBjZDk&google_cm *.commercepartnerhub.com https://cdn-icons-png.flaticon.com/512/1384/1384023.png 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.mundipagg.com *.googleusercontent.com *.movidesk.com *.amazonaws.com *.googletagmanager.com *.google.com *.google.com.br *.zopim.com *.siteblindado.com *.cloudfront.net *.cartstack.com *.cartstack.com.br *.conectiva.io conectiva.io *.conectiva.app *.sunset.systems *.tolvnow.com *.cupom.social *.akamaihd.net *.akstat.io *.performa.ai *.ebit.com.br *.tawk.to *.bizcommerce.com.br/ *.s.ytimg.com *.e-goi.com *.yourviews.com.br *.jivosite.com *.newrelic.com *.nr-data.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.facebook.net *.facebook.com *.trustvox.com.br trustvox.com.br *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.cdn.klarna.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.flixfacts.com *.flix360.io *.flix360.com https://media.flixcar.com *.media.flixcar.com media.flixcar.com media.flixfacts.com logo.flixfacts.co.uk media.flixsyndication.net t.flix360.com Syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com https://e-crowngroup.freshchat.com/js/widget.js https://acdn.adnxs.com/dmp/up/pixie.js https://c.usebeon.io/loader/v5.js https://mc.yads.tech/int.js https://bcp.crwdcntrl.net/5/c=11255/b=103171996?gtmcb=1406265631 *.freshchat.com *.yandex.ru *.usebeon.io *.adnxs.com *.yads.tech *.sharethis.com https://gw-iad-bid.ymmobi.com/dsp/user/sync?dspid=eWFuZGV4X2RzcA==&dspuid=C0F31FE4715E8D69&callback=https%3A%2F%2Fyandex.ru%2Fan%2Fmapuid%2Fyeahmobissp%2F%7Bym_user_id%7D https://t.adx.opera.com/sync?vendor=60143&uid=3DF66DDB1EFC10CA&int_integration=1 https://yandex.ru/an/mapuid/yeahmobissp/ym_user_bc60770c-f121-4777-8b77-a9daf826c20c https://cm.g.doubleclick.net/pixel?google_nid=opera_norway_as&google_ula=8190636370&google_hm=T1BVZmYxYzg0ZTNmMzQ3NDc3ZWE3OGZjNDA2MzQ2YTBjZDk&google_cm *.commercepartnerhub.com https://cdn-icons-png.flaticon.com/512/1384/1384023.png data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.zdassets.com *.bizcommerce.com.br *.zendesk.com *.movidesk.com *.amazonaws.com *.getbutton.io *.whatshelp.io *.googletagmanager.com *.google.com *.google.com.br *.svcs.biz *.mundipagg.com *.zopim.com *.siteblindado.com *.cloudfront.net *.cartstack.com *.cartstack.com.br *.conectiva.io conectiva.io *.conectiva.app *.sunset.systems *.tolvnow.com *.tolvfaq.com *.cupom.social *.performa.ai *.ebit.com.br *.tawk.to *.go-mpulse.net *.e-goi.com *.yourviews.com.br *.jivosite.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.facebook.net *.facebook.com *.trustvox.com.br trustvox.com.br *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.instagram.com *.bizcommerce.com.br/ *.flixfacts.com *.flix360.io *.flix360.com https://media.flixcar.com *.media.flixcar.com media.flixcar.com media.flixfacts.com logo.flixfacts.co.uk media.flixsyndication.net t.flix360.com Syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com https://e-crowngroup.freshchat.com/js/widget.js https://acdn.adnxs.com/dmp/up/pixie.js https://c.usebeon.io/loader/v5.js https://mc.yads.tech/int.js https://bcp.crwdcntrl.net/5/c=11255/b=103171996?gtmcb=1406265631 *.freshchat.com *.yandex.ru *.usebeon.io *.adnxs.com *.yads.tech *.sharethis.com https://gw-iad-bid.ymmobi.com/dsp/user/sync?dspid=eWFuZGV4X2RzcA==&dspuid=C0F31FE4715E8D69&callback=https%3A%2F%2Fyandex.ru%2Fan%2Fmapuid%2Fyeahmobissp%2F%7Bym_user_id%7D https://t.adx.opera.com/sync?vendor=60143&uid=3DF66DDB1EFC10CA&int_integration=1 https://yandex.ru/an/mapuid/yeahmobissp/ym_user_bc60770c-f121-4777-8b77-a9daf826c20c https://cm.g.doubleclick.net/pixel?google_nid=opera_norway_as&google_ula=8190636370&google_hm=T1BVZmYxYzg0ZTNmMzQ3NDc3ZWE3OGZjNDA2MzQ2YTBjZDk&google_cm *.commercepartnerhub.com https://cdn-icons-png.flaticon.com/512/1384/1384023.png 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.tolvnow.com *.cupom.social *.movidesk.com *.amazonaws.com *.googletagmanager.com *.performa.ai *.ebit.com.br *.tawk.to *.bizcommerce.com.br/ *.youtube.com *.e-goi.com *.yourviews.com.br *.jivosite.com *.newrelic.com *.nr-data.net *.google.com *.facebook.net *.facebook.com *.trustvox.com.br trustvox.com.br *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.googleapis.com *.flixfacts.com *.flix360.io *.flix360.com https://media.flixcar.com *.media.flixcar.com media.flixcar.com media.flixfacts.com logo.flixfacts.co.uk media.flixsyndication.net t.flix360.com Syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com https://e-crowngroup.freshchat.com/js/widget.js https://acdn.adnxs.com/dmp/up/pixie.js https://c.usebeon.io/loader/v5.js https://mc.yads.tech/int.js https://bcp.crwdcntrl.net/5/c=11255/b=103171996?gtmcb=1406265631 *.freshchat.com *.yandex.ru *.usebeon.io *.adnxs.com *.yads.tech *.sharethis.com https://gw-iad-bid.ymmobi.com/dsp/user/sync?dspid=eWFuZGV4X2RzcA==&dspuid=C0F31FE4715E8D69&callback=https%3A%2F%2Fyandex.ru%2Fan%2Fmapuid%2Fyeahmobissp%2F%7Bym_user_id%7D https://t.adx.opera.com/sync?vendor=60143&uid=3DF66DDB1EFC10CA&int_integration=1 https://yandex.ru/an/mapuid/yeahmobissp/ym_user_bc60770c-f121-4777-8b77-a9daf826c20c https://cm.g.doubleclick.net/pixel?google_nid=opera_norway_as&google_ula=8190636370&google_hm=T1BVZmYxYzg0ZTNmMzQ3NDc3ZWE3OGZjNDA2MzQ2YTBjZDk&google_cm connect.facebook.net *.commercepartnerhub.com https://cdn-icons-png.flaticon.com/512/1384/1384023.png 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.flixfacts.com *.flix360.io *.flix360.com https://media.flixcar.com *.media.flixcar.com media.flixcar.com media.flixfacts.com logo.flixfacts.co.uk media.flixsyndication.net t.flix360.com Syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com https://e-crowngroup.freshchat.com/js/widget.js https://acdn.adnxs.com/dmp/up/pixie.js https://c.usebeon.io/loader/v5.js https://mc.yads.tech/int.js https://bcp.crwdcntrl.net/5/c=11255/b=103171996?gtmcb=1406265631 *.freshchat.com *.yandex.ru *.usebeon.io *.adnxs.com *.yads.tech *.sharethis.com https://gw-iad-bid.ymmobi.com/dsp/user/sync?dspid=eWFuZGV4X2RzcA==&dspuid=C0F31FE4715E8D69&callback=https%3A%2F%2Fyandex.ru%2Fan%2Fmapuid%2Fyeahmobissp%2F%7Bym_user_id%7D https://t.adx.opera.com/sync?vendor=60143&uid=3DF66DDB1EFC10CA&int_integration=1 https://yandex.ru/an/mapuid/yeahmobissp/ym_user_bc60770c-f121-4777-8b77-a9daf826c20c https://cm.g.doubleclick.net/pixel?google_nid=opera_norway_as&google_ula=8190636370&google_hm=T1BVZmYxYzg0ZTNmMzQ3NDc3ZWE3OGZjNDA2MzQ2YTBjZDk&google_cm *.facebook.com connect.facebook.net *.commercepartnerhub.com https://cdn-icons-png.flaticon.com/512/1384/1384023.png 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.zdassets.com *.zendesk.com *.movidesk.com *.amazonaws.com *.googletagmanager.com *.google.com *.google.com.br *.svcs.biz *.mundipagg.com *.zopim.com *.siteblindado.com *.tolvnow.com *.cloudfront.net *.cartstack.com *.cartstack.com.br conectiva.io *.conectiva.io *.conectiva.app *.sunset.systems *.cupom.social *.doubleclick.net *.performa.ai *.ebit.com.br *.akstat.io *.go-mpulse.net *.tawk.to *.bizcommerce.com.br/ *.youtube.com *.e-goi.com *.yourviews.com.br *.jivosite.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.facebook.net *.facebook.com *.trustvox.com.br trustvox.com.br *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com *.flixfacts.com *.flix360.io *.flix360.com https://media.flixcar.com *.media.flixcar.com media.flixcar.com media.flixfacts.com logo.flixfacts.co.uk media.flixsyndication.net t.flix360.com Syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com https://e-crowngroup.freshchat.com/js/widget.js https://acdn.adnxs.com/dmp/up/pixie.js https://c.usebeon.io/loader/v5.js https://mc.yads.tech/int.js https://bcp.crwdcntrl.net/5/c=11255/b=103171996?gtmcb=1406265631 *.freshchat.com *.yandex.ru *.usebeon.io *.adnxs.com *.yads.tech *.sharethis.com https://gw-iad-bid.ymmobi.com/dsp/user/sync?dspid=eWFuZGV4X2RzcA==&dspuid=C0F31FE4715E8D69&callback=https%3A%2F%2Fyandex.ru%2Fan%2Fmapuid%2Fyeahmobissp%2F%7Bym_user_id%7D https://t.adx.opera.com/sync?vendor=60143&uid=3DF66DDB1EFC10CA&int_integration=1 https://yandex.ru/an/mapuid/yeahmobissp/ym_user_bc60770c-f121-4777-8b77-a9daf826c20c https://cm.g.doubleclick.net/pixel?google_nid=opera_norway_as&google_ula=8190636370&google_hm=T1BVZmYxYzg0ZTNmMzQ3NDc3ZWE3OGZjNDA2MzQ2YTBjZDk&google_cm *.commercepartnerhub.com https://cdn-icons-png.flaticon.com/512/1384/1384023.png 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.handytick.de 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.archives.gov www.googletagmanager.com www.google-analytics.com dap.digitalgov.gov script.crazyegg.com cdn.jsdelivr.net https://cdn.jsdelivr.net mdbootstrap.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' www.archives.gov cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://use.fontawesome.com mdbootstrap.com use.fontawesome.com; frame-ancestors 'self'; report-uri https://www.clintonlibrary.gov/report-uri/enforce 1
default-src 'self' support.yare.hk; script-src 'self' 'unsafe-inline' support.yare.hk ajax.cloudflare.com ; img-src 'self'  support.yare.hk www.dr2.tw www.dr2.us; style-src 'self' 'unsafe-inline'  support.yare.hk; font-src 'self'  support.yare.hk; frame-src 'self'  same-origin www.paypal.com payment.ecpay.com.tw  support.yare.hk ;  report-uri /plugins/csp-report.php ; 1
default-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com www.google.com www.youtube.com ergonet.piwik.pro extreme-ip-lookup.com; font-src 'self' data:; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 1
base-uri 'self'; default-src * data: blob:; form-action 'self'; frame-ancestors 'self'; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 1
default-src 'self';worker-src blob: https://*.contentsquare.net https://*.royalcanin.fr/ https://*.wikichat.fr/ https://*.wikichien.fr/;connect-src 'self' blob: https://*.onetrust.io https://*.cookielaw.org https://*.contentsquare.net https://*.royalcanin.fr/ https://*.googlesyndication.com https://*.googleapis.com https://*.g.doubleclick.net https://*.google.com https://*.google-analytics.com https://connect.facebook.net https://*.facebook.com https://*.sharethis.com;script-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://*.bootstrapcdn.com https://*.g.doubleclick.net https://*.jeu-semaine-du-chat.com https://adbx.io https://amplify.outbrain.com https://*.bing.com https://*.contentsquare.net https://*.contentsquare.com https://*.quantserve.com https://*.cloudfront.net https://*.cookielaw.org https://*.quantcount.com https://*.onetrust.com https://*.jquery.com https://*.windows.net https://*.instagram.com https://*.sharethis.com https://*.ytimg.com https://*.youtube.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.iadvize.com https://*.evidon.com https://*.cloudflare.com https://*.jsdelivr.net https://*.mars.com https://connect.facebook.net;img-src 'self' blob:   https://*.googlesyndication.com https://*.vo.msecnd.net https://*.royalcanin-weshare-online.io https://*.contentsquare.net https://*.southwatts.com https://*.facebook.net https://*.sharethis.com https://*.onclixray.com https://*.blob.core.windows.net https://*.org data:  https://*.quantserve.com https://*.quantcount.com https://*.betrad.com https://*.royalcanin.fr/ https://*.wikichat.fr/ https://*.wikichien.fr/ https://*.google-analytics.com https://*.google.com https://*.evidon.com https://*.google.fr https://*.doubleclick.net maps.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.facebook.com https://*.mars.com; style-src 'self' 'unsafe-inline' https://code.jquery.com https://optanon.blob.core.windows.net https://*.google.com https://*.bootstrapcdn.com https://fonts.googleapis.com https://*.mars.com; font-src 'self' data: https://themes.googleusercontent.com https://fonts.gstatic.com https://*.mars.com https://*.bootstrapcdn.com; frame-src https://*.jeu-semaine-du-chat.com https://adbx.io https://*.wikichien.fr/ https://*.wikichat.fr/ https://*.royalcanin.com/ https://*.royalcanin.fr/ https://*.calameo.com https://*.evidon.com https://*.vimeo.com https://*.google.com https://*.youtube.com https://*.youtube-nocookie.com  https://*.digitaddict.com https://*.facebook.com https://c.sharethis.mgr.consensu.org; object-src 'self' 1
default-src 'none';script-src 'self' 'nonce-a68b9402a12dd82e23c3fdb7ec023b61' 'unsafe-eval' https://*.eis-deliveryintegration.cloud https://*.eis-deliverydevqa.cloud https://*.devqa.ebscohealth.cloud https://*.live.ebscohealth.cloud https://*.dynahealth.com https://*.dynamed.com https://*.dynamedex.com https://engagement.devqa.ebsco.zone https://ebsco-dev.us1app.churnzero.net https://engagement.ebsco.zone https://resources.ebsco.zone https://resources.devqa.ebsco.zone https://ebsco.us1app.churnzero.net https://*.osano.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.typekit.net https://*.eis-deliveryintegration.cloud https://*.eis-deliverydevqa.cloud https://*.devqa.ebscohealth.cloud https://*.live.ebscohealth.cloud https://*.dynahealth.com https://*.dynamed.com https://*.dynamedex.com https://resources.ebsco.zone https://resources.devqa.ebsco.zone https://engagement.devqa.ebsco.zone https://ebsco-dev.us1app.churnzero.net https://engagement.ebsco.zone https://ebsco.us1app.churnzero.net;img-src 'self' data: https://*.eis-deliveryintegration.cloud https://*.eis-deliverydevqa.cloud https://*.devqa.ebscohealth.cloud https://*.live.ebscohealth.cloud https://*.dynahealth.com https://*.dynamed.com https://*.dynamedex.com https://*.ebsco.com https://*.ebsco.zone https://*.ebscohost.com https://p.typekit.net https://*.cloudflare.com https://mobile.micromedexsolutions.com https://cmp.osano.com https://play.google.com/intl/en_us/badges/static/images/badges/en_badge_web_generic.png https://linkmaker.itunes.apple.com/en-us/badge-lrg.svg https://ebsco-dev.us1app.churnzero.net https://ebsco.us1app.churnzero.net https://us2img.churnzero.net;connect-src 'self' https://*.osano.com https://*.amplitude.com https://*.ebsco.com https://*.eis-deliveryintegration.cloud https://*.eis-deliverydevqa.cloud https://*.devqa.ebscohealth.cloud https://*.live.ebscohealth.cloud https://*.dynahealth.com https://*.dynamed.com https://*.dynamedex.com https://dd.devqa.eismedi.com https://www.cloudflare.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://browser-intake-us3-datadoghq.com https://browser-intake-us5-datadoghq.com https://browser-intake-datadoghq.eu https://browser-intake-ddog-gov.com https://browser-intake-ap1-datadoghq.com https://use.typekit.net https://apis.ebsco.com https://login.ebsco.zone https://logon.ebsco.zone https://findmystacks.ebscomedical.com https://myaccount.ebsco.healthcare https://resources.ebsco.zone https://resources.devqa.ebsco.zone https://resources.integration.ebsco.zone https://engagement.devqa.ebsco.zone https://ebsco-dev.us1app.churnzero.net https://engagement.ebsco.zone https://ebsco.us1app.churnzero.net https://analytics.churnzero.net;font-src 'self' data: https://fonts.gstatic.com https://*.typekit.net https://resources.ebsco.zone https://resources.devqa.ebsco.zone https://engagement.devqa.ebsco.zone https://ebsco-dev.us1app.churnzero.net https://engagement.ebsco.zone https://ebsco.us1app.churnzero.net;object-src 'self';media-src 'self' https://*.eis-deliveryintegration.cloud https://*.eis-deliverydevqa.cloud https://*.devqa.ebscohealth.cloud https://*.live.ebscohealth.cloud https://*.dynahealth.com https://*.dynamed.com https://*.dynamedex.com;manifest-src 'self';frame-src *;base-uri 'self';frame-ancestors *;form-action 'self';worker-src blob:;upgrade-insecure-requests 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; connect-src 'self' https://*.c.mad.interhost.com https://*.metrobilbao.eus wss://client.relay.crisp.chat https://*.crisp.chat https://*.google-analytics.com https://*.googleapis.com https://*.doubleclick.net; img-src 'self' data: https://*.c.mad.interhost.com https://*.metrobilbao.eus https://*.crisp.chat https://*.google-analytics.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht https://*.googletagmanager.com 1
font-src *.stripe.com *.google.com *.opayo.eu.elavon.com *.klarnacdn.net *.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com *.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.google-analytics.com *.analytics.google.com  pay.google.com *.apple.com *.cloudflare.com *.sportsmanguncentre.co.uk *.sharethis.com *.loadbee.com *.klaviyo.com *.cdn-cookieyes.com *.livechatinc.com *.livechat-files.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.lightwidget.com *.bing.com *.google.co.uk onesignal.com *.onesignal.com *.hotjar.com *.pingdom.net *.simplybook.it secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com fonts.googleapis.com js.hcaptcha.com *.recaptcha.net *.olark.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com *.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.google-analytics.com *.analytics.google.com  pay.google.com *.apple.com *.cloudflare.com *.sportsmanguncentre.co.uk *.sharethis.com *.loadbee.com *.klaviyo.com *.cdn-cookieyes.com *.livechatinc.com *.livechat-files.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.lightwidget.com *.bing.com *.google.co.uk onesignal.com *.onesignal.com *.hotjar.com *.pingdom.net *.simplybook.it secure5.arcot.com ecclients.btrl.ro bofp.erstebank.hu 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com fonts.googleapis.com maxcdn.bootstrapcdn.com js.hcaptcha.com *.recaptcha.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com https://*.google.com *.opayo.eu.elavon.com *.klarna.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.facebook.com *.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.google-analytics.com *.analytics.google.com  *.google.com *.apple.com *.cloudflare.com *.sportsmanguncentre.co.uk *.sharethis.com *.loadbee.com *.klaviyo.com *.cdn-cookieyes.com *.livechatinc.com *.livechat-files.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.lightwidget.com *.bing.com *.google.co.uk onesignal.com *.onesignal.com *.hotjar.com *.pingdom.net *.simplybook.it secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com fonts.googleapis.com maxcdn.bootstrapcdn.com js.hcaptcha.com *.recaptcha.net *.trustpilot.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.stripe.com https://*.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.paypal.com *.opayo.eu.elavon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.facebook.com *.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.google-analytics.com *.analytics.google.com  pay.google.com *.google.com *.apple.com *.cloudflare.com *.sportsmanguncentre.co.uk *.sharethis.com *.loadbee.com *.klaviyo.com *.cdn-cookieyes.com *.livechatinc.com *.livechat-files.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.lightwidget.com *.bing.com *.google.co.uk onesignal.com *.onesignal.com *.hotjar.com *.pingdom.net *.simplybook.it secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com fonts.googleapis.com maxcdn.bootstrapcdn.com js.hcaptcha.com *.recaptcha.net *.olark.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com https://*.google.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.opayo.eu.elavon.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com *.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.google-analytics.com *.analytics.google.com  *.google.com *.apple.com *.cloudflare.com *.sportsmanguncentre.co.uk *.sharethis.com *.loadbee.com *.klaviyo.com *.cdn-cookieyes.com *.livechatinc.com *.livechat-files.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.lightwidget.com *.bing.com *.google.co.uk onesignal.com *.onesignal.com *.hotjar.com *.pingdom.net *.simplybook.it secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com fonts.googleapis.com maxcdn.bootstrapcdn.com js.hcaptcha.com *.recaptcha.net widget.trustpilot.com *.olark.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com https://fonts.googleapis.com downloads.mailchimp.com *.opayo.eu.elavon.com *.klarnacdn.net https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com *.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.google-analytics.com *.analytics.google.com  pay.google.com *.google.com *.apple.com *.cloudflare.com *.sportsmanguncentre.co.uk *.sharethis.com *.loadbee.com *.klaviyo.com *.cdn-cookieyes.com *.livechatinc.com *.livechat-files.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.lightwidget.com *.bing.com *.google.co.uk onesignal.com *.onesignal.com *.hotjar.com *.pingdom.net *.simplybook.it secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com fonts.googleapis.com js.hcaptcha.com *.recaptcha.net *.olark.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tinyboxcompany.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com https://*.google.com *.paypal.com *.opayo.eu.elavon.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com *.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.google-analytics.com *.analytics.google.com  pay.google.com *.apple.com *.cloudflare.com *.sportsmanguncentre.co.uk *.sharethis.com *.loadbee.com *.klaviyo.com *.cdn-cookieyes.com *.livechatinc.com *.livechat-files.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.lightwidget.com *.bing.com *.google.co.uk onesignal.com *.onesignal.com *.hotjar.com *.pingdom.net *.simplybook.it secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com fonts.googleapis.com maxcdn.bootstrapcdn.com js.hcaptcha.com *.recaptcha.net *.olark.com *.zendesk.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com *.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.google-analytics.com *.analytics.google.com pay.google.com *.google.com *.apple.com *.cloudflare.com *.sportsmanguncentre.co.uk *.sharethis.com *.loadbee.com *.klaviyo.com *.cdn-cookieyes.com *.livechatinc.com *.livechat-files.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.lightwidget.com *.bing.com *.google.co.uk onesignal.com *.onesignal.com *.hotjar.com *.pingdom.net *.simplybook.it secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com fonts.googleapis.com maxcdn.bootstrapcdn.com js.hcaptcha.com *.recaptcha.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self';connect-src 'self' ws: https://*.ausy.solutions https://*.westtoer.be https://vimeo.com https://*.vlaanderen.be https://tris.westtoer.be https://geoserver.westtoer.be https://*.google-analytics.com https://bam.nr-data.net https://westtoer-winrecommender-prod.ausy.solutions https://*.analytics.google.com https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://adservice.google.com https://*.elfsight.com https://pagead2.googlesyndication.com;default-src 'self' https://*.ausy.solutions https://*.westtoer.be https://*.vimeo.com;form-action 'self' https://*.list-manage.com;img-src 'self' data: https://*.ausy.solutions https://*.westtoer.be https://*.openstreetmap.org https://*.openstreetmap.be https://tris.westtoer.be https://ad.doubleclick.net https://adservice.google.com https://www.googletagmanager.com https://www.facebook.com https://www.google.be https://fonts.gstatic.com https://googleads.g.doubleclick.net https://www.google.com https://*.elfsightcdn.com https://segments.optinadserving.com;media-src 'self' https://*.ausy.solutions https://*.westtoer.be;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.ausy.solutions https://*.westtoer.be https://*.fontawesome.com https://*.googletagmanager.com https://*.juicer.io https://*.jsdelivr.net https://connect.facebook.net https://*.newrelic.com https://*.cumul.io https://*.elfsight.com https://s3.amazonaws.com/downloads.mailchimp.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://segments.optinadserving.com;style-src 'self' 'unsafe-inline' https://*.ausy.solutions https://*.westtoer.be https://*.mailchimp.com https://www.googletagmanager.com https://fonts.googleapis.com;font-src 'self' data: https://www.dekust.be https://fonts.gstatic.com;frame-src https://*.ausy.solutions https://www.youtube.com https://proximusanalytics.cumul.io https://player.vimeo.com https://*.spotify.com https://*.issuu.com https://www.google.com https://cms.westtoer.be https://*.nodemapp.com https://www.routechirurg.be https://westtoer.virtualtour.poppr.be https://td.doubleclick.net;frame-ancestors 'self' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://umap.openstreetmap.fr ; object-src 'none' 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-15c027c76412f6a949b3134ac4e925de'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; script-src 'self' 'sha256-sLU1QYxA52/o693aSUlHcdwCjZ+/hpOPmx2tr57+Lic=' 'sha256-Zk+DYgtdB0vbc/W9IgQuzTQk5zM2Jt/4MFCO4ru717Y=' 'sha256-f2mro/5b+gAbPX7ggwAI7LNJ3FOzQObQz+3vMHCxWYY=' ajax.cloudflare.com static.cloudflareinsights.com https://edu2review.com https://maps.googleapis.com https://apis.google.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.googletagmanager.com *.facebook.net *.googleadservices.com; child-src https://www.youtube.com https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com https://edu2review.com; frame-ancestors 'self'; connect-src https://analytics.google.com *.analytics.google.com cloudflareinsights.com *.facebook.com https://maps.googleapis.com *.googleadservices.com *.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://static.cloudflareinsights.com https://edu2review.com; font-src 'self' https://fonts.gstatic.com; style-src https: 'self' *.googleapis.com 'unsafe-inline'; img-src https: 'self' data: always; 1
default-src 'self' *.participantportal.com *.viabenefitsaccounts.com https://viabenefitsaccounts.com https://www.viabenefitsaccounts.com; form-action 'self' https://willistowerswatson.co1.qualtrics.com *.b2clogin.com/ *.participantportal.com *.viabenefitsaccounts.com *.payerexpress.com https://www.payerexpress.com *.payerexpress.net https://www.payerexpress.net; frame-ancestors *.participantportal.com/ *.viabenefitsaccounts.com/ https://viabenefitsaccounts.com https://www.viabenefitsaccounts.com; frame-src 'self' data: *.participantportal.com/ *.viabenefitsaccounts.com/ https://viabenefitsaccounts.com https://www.viabenefitsaccounts.com willistowerswatson.co1.qualtrics.com/ *.fullstory.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/* https://use.fontawesome.com; script-src 'self' 'unsafe-eval'  https://willistowerswatson.co1.qualtrics.com *.siteintercept.qualtrics.com https://siteintercept.qualtrics.com http://siteintercept.qualtrics.com *.fullstory.com 'unsafe-inline'; script-src-elem 'self' https://willistowerswatson.co1.qualtrics.com https://cdn.walkme.com/* https://*.siteintercept.qualtrics.com http://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com http://siteintercept.qualtrics.com *.fullstory.com 'unsafe-inline'; img-src 'self' data: https: ; font-src 'self' fonts.gstatic.com; connect-src 'self' *.qualtrics.com *.fullstory.com *.acclariscorp.com *.participantportal.com *.viabenefitsaccounts.com https://www.viabenefitsaccounts.com https://viabenefitsaccounts.com https://my.viabenefits.com; object-src 'self' data: ; child-src 'self'; worker-src 'self'; base-uri 'self'; report-uri /benefits/servlets/CSPLogServlet; report-to /benefits/servlets/CSPLogServlet; 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; 1
*" 1
default-src 'self' *.paranix.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.paranix.eu *.addtoany.com *.adsrvr.org *.amazon-adsystem.com *.azure.com *.bootstrapcdn.com *.channelsight.com *.ckeditor.com *.clic2buy.com *.click2buy.com *.cloudflare.com *.cookielaw.org *.criteo.com *.criteo.net *.delivr.net *.doubleclick.net *.facebook.com *.facebook.net *.google.co.in *.google.com *.googleadservices.com *.google-analytics.com	*.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.jquery.com *.jsdelivr.net *.myfonts.net *.newrelic.com *.onetrust.com *.outbrain.com *.pinterest.com *.recaptcha.net *.snapchat.com *.soundcloud.com *.static.net *.taboola.com *.teads.tv *.typekit.net *.unpkg.com *.vimeo.com *.visualstudio.com *.wp.com *.youtube.com addtoany.com adsrvr.org amazon-adsystem.com azure.com bootstrapcdn.com channelsight.com ckeditor.com clic2buy.com click2buy.com cloudflare.com cookielaw.org criteo.com criteo.net delivr.net doubleclick.net facebook.com facebook.net google.co.in google.com googleadservices.com google-analytics.com googleapis.com googletagmanager.com gstatic.com hotjar.com hotjar.io jquery.com jsdelivr.net myfonts.net newrelic.com onetrust.com outbrain.com pinterest.com recaptcha.net snapchat.com soundcloud.com static.net taboola.com teads.tv typekit.net unpkg.com vimeo.com visualstudio.com wp.com youtube.com data:; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.paranix.eu *.addtoany.com *.adsrvr.org *.amazon-adsystem.com *.azure.com *.bootstrapcdn.com *.channelsight.com *.ckeditor.com *.clic2buy.com *.click2buy.com *.cloudflare.com *.cookielaw.org *.criteo.com *.criteo.net *.delivr.net *.doubleclick.net *.facebook.com *.facebook.net *.google.co.in *.google.com *.googleadservices.com *.google-analytics.com	*.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.jquery.com *.jsdelivr.net *.myfonts.net *.newrelic.com *.onetrust.com *.outbrain.com *.pinterest.com *.recaptcha.net *.snapchat.com *.soundcloud.com *.static.net *.taboola.com *.teads.tv *.typekit.net *.unpkg.com *.vimeo.com *.visualstudio.com *.wp.com *.youtube.com addtoany.com adsrvr.org amazon-adsystem.com azure.com bootstrapcdn.com channelsight.com ckeditor.com clic2buy.com click2buy.com cloudflare.com cookielaw.org criteo.com criteo.net delivr.net doubleclick.net facebook.com facebook.net google.co.in google.com googleadservices.com google-analytics.com googleapis.com googletagmanager.com gstatic.com hotjar.com hotjar.io jquery.com jsdelivr.net myfonts.net newrelic.com onetrust.com outbrain.com pinterest.com recaptcha.net snapchat.com soundcloud.com static.net taboola.com teads.tv typekit.net unpkg.com vimeo.com visualstudio.com wp.com youtube.com; img-src * data:; media-src 'self' *.paranix.eu; frame-src 'self' *.doubleclick.net cdn.cookielaw.org www.googletagmanager.com cdn.cookielaw.org cdn.jsdelivr.net use.typekit.net www.google-analytics.com *.onetrust.com www.youtube.com; child-src 'self' blob: *.paranix.eu *.addtoany.com *.adsrvr.org *.amazon-adsystem.com *.azure.com *.bootstrapcdn.com *.channelsight.com *.ckeditor.com *.clic2buy.com *.click2buy.com *.cloudflare.com *.cookielaw.org *.criteo.com *.criteo.net *.delivr.net *.doubleclick.net *.facebook.com *.facebook.net *.google.co.in *.google.com *.googleadservices.com *.google-analytics.com	*.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.jquery.com *.jsdelivr.net *.myfonts.net *.newrelic.com *.onetrust.com *.outbrain.com *.pinterest.com *.recaptcha.net *.snapchat.com *.soundcloud.com *.static.net *.taboola.com *.teads.tv *.typekit.net *.unpkg.com *.vimeo.com *.visualstudio.com *.wp.com *.youtube.com addtoany.com adsrvr.org amazon-adsystem.com azure.com bootstrapcdn.com channelsight.com ckeditor.com clic2buy.com click2buy.com cloudflare.com cookielaw.org criteo.com criteo.net delivr.net doubleclick.net facebook.com facebook.net google.co.in google.com googleadservices.com google-analytics.com googleapis.com googletagmanager.com gstatic.com hotjar.com hotjar.io jquery.com jsdelivr.net myfonts.net newrelic.com onetrust.com outbrain.com pinterest.com recaptcha.net snapchat.com soundcloud.com static.net taboola.com teads.tv typekit.net unpkg.com vimeo.com visualstudio.com wp.com youtube.com; font-src 'self' data: *.paranix.eu *.addtoany.com *.adsrvr.org *.amazon-adsystem.com *.azure.com *.bootstrapcdn.com *.channelsight.com *.ckeditor.com *.clic2buy.com *.click2buy.com *.cloudflare.com *.cookielaw.org *.criteo.com *.criteo.net *.delivr.net *.doubleclick.net *.facebook.com *.facebook.net *.google.co.in *.google.com *.googleadservices.com *.google-analytics.com	*.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.jquery.com *.jsdelivr.net *.myfonts.net *.newrelic.com *.onetrust.com *.outbrain.com *.pinterest.com *.recaptcha.net *.snapchat.com *.soundcloud.com *.static.net *.taboola.com *.teads.tv *.typekit.net *.unpkg.com *.vimeo.com *.visualstudio.com *.wp.com *.youtube.com addtoany.com adsrvr.org amazon-adsystem.com azure.com bootstrapcdn.com channelsight.com ckeditor.com clic2buy.com click2buy.com cloudflare.com cookielaw.org criteo.com criteo.net delivr.net doubleclick.net facebook.com facebook.net google.co.in google.com googleadservices.com google-analytics.com googleapis.com googletagmanager.com gstatic.com hotjar.com hotjar.io jquery.com jsdelivr.net myfonts.net newrelic.com onetrust.com outbrain.com pinterest.com recaptcha.net snapchat.com soundcloud.com static.net taboola.com teads.tv typekit.net unpkg.com vimeo.com visualstudio.com wp.com youtube.com; connect-src 'self' *.paranix.eu *.addtoany.com *.adsrvr.org *.amazon-adsystem.com *.azure.com *.bootstrapcdn.com *.channelsight.com *.ckeditor.com *.clic2buy.com *.click2buy.com *.cloudflare.com *.cookielaw.org *.criteo.com *.criteo.net *.delivr.net *.doubleclick.net *.facebook.com *.facebook.net *.google.co.in *.google.com *.googleadservices.com *.google-analytics.com	*.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.jquery.com *.jsdelivr.net *.myfonts.net *.newrelic.com *.onetrust.com *.outbrain.com *.pinterest.com *.recaptcha.net *.snapchat.com *.soundcloud.com *.static.net *.taboola.com *.teads.tv *.typekit.net *.unpkg.com *.vimeo.com *.visualstudio.com *.wp.com *.youtube.com addtoany.com adsrvr.org amazon-adsystem.com azure.com bootstrapcdn.com channelsight.com ckeditor.com clic2buy.com click2buy.com cloudflare.com cookielaw.org criteo.com criteo.net delivr.net doubleclick.net facebook.com facebook.net google.co.in google.com googleadservices.com google-analytics.com googleapis.com googletagmanager.com gstatic.com hotjar.com hotjar.io jquery.com jsdelivr.net myfonts.net newrelic.com onetrust.com outbrain.com pinterest.com recaptcha.net snapchat.com soundcloud.com static.net taboola.com teads.tv typekit.net unpkg.com vimeo.com visualstudio.com wp.com youtube.com; report-uri /at/report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; object-src 'none'; base-uri 'self'; manifest-src 'self'; media-src 'self'; worker-src 'self'; frame-src 'self' https://js.stripe.com; font-src 'self' https://fonts.gstatic.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; script-src 'self' https://cdn.promotekit.com https://maps.googleapis.com https://js.stripe.com; img-src 'unsafe-inline' 'self' data: https://cdnjs.cloudflare.com https://maps.googleapis.com https://maps.gstatic.com https://s3.eu-central-1.amazonaws.com https://rak-id-production-user-profile-photos.s3.eu-central-1.amazonaws.com; connect-src 'self' https://www.promotekit.com https://api.id.rakwireless.com https://api.wisdm.rakwireless.com https://maps.googleapis.com https://o1151370.ingest.sentry.io https://ssh-tun.wisdm.rakwireless.com wss://ssh-tun.wisdm.rakwireless.com https://fonts.googleapis.com; 1
default-src 'self';font-src 'self' *.docdoc.com *.gstatic.com *.hotjar.com *.hotjar.io https://d3c31zpszpp17j.cloudfront.net; frame-src 'self' *.contivio.com *.docdoc.com *.google.com *.hotjar.com *.hotjar.io *.vimeo.com *.youtube.com blob:; img-src *.hotjar.com *.hotjar.io https: data: blob:; script-src 'self' *.hotjar.com *.hotjar.io *.docdoc.com *.jsdelivr.net *.cloudflare.com *.twilio.com *.contivio.com *.ytimg.com *.youtube.com *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.docdoc.com *.contivio.com *.youtube.com *.google.com *.googleapis.com https://d3c31zpszpp17j.cloudfront.net 'unsafe-inline'; media-src https: mediastream:;connect-src *.g.doubleclick.net *.google-analytics.com *.docdoc.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.ytimg.com https://*.twilio.com wss://*.twilio.com https://api.amplitude.com https://vimeo.com https://youtube.com *.amazonaws.com *.googleapis.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.metrovaartha.com https://jionewsdev1.jio.ril.com/ https://jionews.com/;block-all-mixed-content; 1
default-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.vimeo.com https://vimeo.com https://consentcdn.cookiebot.com https://open.spotify.com https://*.google-analytics.com https://*.googletagmanager.com https://widget.weezevent.com; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://imgsct.cookiebot.com https://*.google-analytics.com https://*.googletagmanager.com; object-src 'none'; script-src 'self' https://consent.cookiebot.com 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.vimeo.com https://*.google-analytics.com https://*.googletagmanager.com 'nonce-evqfymvBq7M1xfncUIY31g=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com; upgrade-insecure-requests 1
frame-ancestors 'self' https://www.veolianorthamerica.com 1
object-src 'none'; media-src https: data: mediastream: blob: filesystem:; img-src https: data: mediastream: blob: filesystem: 1
frame-ancestors https://*.ilnotiziario.net 1
frame-src 'self' https://www.google.com https://content.googleapis.com https://accounts.google.com https://staticxx.facebook.com https://www.youtube.com https://www.facebook.com https://cid.center https://cid.center/sme/ https://cid.center/sme/profile https://tascombank.ua https://24b.tascombank.ua https://tas24b.ua https://ovsb.ics.gov.ua https://ovsb.ics.gov.ua http://www.vkursi.com.ua https://vars.hotjar.com https://a.plerdy.com https://bid.g.doubleclick.net https://code-ya.jivosite.com https://td.doubleclick.net https://o.clarity.ms https://o.clarity.ms/collect/ https://u.clarity.ms/collect/;frame-ancestors 'self' https://www.google.com https://content.googleapis.com https://accounts.google.com https://staticxx.facebook.com https://www.youtube.com https://www.facebook.com https://cid.center https://cid.center/sme/ https://cid.center/sme/profile https://tascombank.ua https://24b.tascombank.ua https://tas24b.ua https://ovsb.ics.gov.ua https://ovsb.ics.gov.ua http://www.vkursi.com.ua https://vars.hotjar.com https://a.plerdy.com https://bid.g.doubleclick.net https://code-ya.jivosite.com https://td.doubleclick.net https://o.clarity.ms 1
Content-Security-Policy: default-src https:; upgrade-insecure-requests 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://usocial.pro https://strm.yandex.ru; script-src 'self' 'unsafe-inline' https://novvedomosti.ru https://yandex.ru https://mc.yandex.ru https://mc.yandex.com https://an.yandex.ru https://strm.yandex.ru https://yastatic.net https://cdn.ampproject.org https://www.googletagmanager.com https://cdn.ampproject.org https://usocial.pro https://cdn.jsdelivr.net https://informer.yandex.ru; img-src 'self' https://macropod.ru https://yandex.ru https://informer.yandex.ru https://ad.adriver.ru https://mc.yandex.ru https://mc.webvisor.org https://mc.yandex.com https://amc.yandex.ru https://storage.mds.yandex.net https://avatars.mds.yandex.net https://favicon.yandex.net https://analytics.google.com https://www.google.ru https://www.google.be https://www.google-analytics.com; connect-src 'self' https://yandex.ru https://an.yandex.ru https://verify.yandex.ru https://mc.yandex.ru https://mc.yandex.com https://log.strm.yandex.ru https://strm.yandex.ru https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://3p.ampproject.net https://*.ampproject.net; child-src blob: https://novvedomosti.ru/pwa.js https://mc.yandex.ru https://mc.yandex.com; frame-src blob: https://yastatic.net https://mc.yandex.ru https://mc.yandex.com https://www.google.com https://metrika.yandex.ru https://www.youtube.com https://vk.com https://*.ampproject.net; worker-src 'self' https://novvedomosti.ru/pwa.js; font-src 'self' https://yastatic.net https://usocial.pro; media-src 'self' https://strm.yandex.ru 1
script-src 	'self' 'unsafe-inline' 'unsafe-eval' 	bat.bing.com *.clarity.ms 	cdnjs.cloudflare.com 	*.cloudfront.net 	connect.facebook.net 	cdn.doofinder.com cdn.ebi.cloud 	*.googleapis.com *.googlesyndication.com *.googletagmanager.com maps.google.co.uk *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net 	*.jotform.com secure.jotformpro.com widgets.jotform.io 	code.jquery.com 	*.livechatinc.com 	js.squareup.com 	rec.smartlook.com         web-sdk.smartlook.com 	s7.addthis.com         embed.typeform.com         widget.trustpilot.com     *.pcapredict.com services.postcodeanywhere.co.uk 	; 	worker-src blob: 1
default-src 'self' data: *.cler.ch *.googleapis.com googleapis.com cdn.cookielaw.org stats.g.doubleclick.net region1.google-analytics.com geolocation.onetrust.com  privacyportal-ch.onetrust.com www.googletagmanager.com www.google.com googleads.g.doubleclick.net ad.doubleclick.net *.googlesyndication.com; font-src 'self' *.cler.ch *.gstatic.com data:; img-src 'self' data: *.cler.ch ad.doubleclick.net *.googleapis.com googleapis.com *.gstatic.com ad.doubleclick.net google.com google.ch www.google-analytics.com raw.githubusercontent.com cdn.cookielaw.org *.doubleclick.net adservice.google.com i.ytimg.com www.googletagmanager.com ade.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cler.ch assets.adobedtm.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net chat.cler.ch *.googleapis.com googleapis.com *.youtube.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-ch.onetrust.com; style-src 'self' 'unsafe-inline' *.cler.ch *.googleapis.com googleapis.com googletagmanager.com; frame-ancestors 'self' www.jobs.ch *.cler.ch; frame-src 'self' 'unsafe-inline' *.cler.ch *.doubleclick.net *.youtube.com *.youtube-nocookie.com insight.adsrvr.org *.doubleclick.net *.google.com *.google.ch sitecatalyst.omniture.com authorize.omniture.com sc3.omniture.com match.adsrvr.org payment.datatrans.biz acs1.viseca.ch epayment.postfinance.ch edge.capturemedia.network 1
default-src 'self' *.gompels.co.uk;           script-src 'self' 'unsafe-inline' https://www.googleadservices.com https://www.google.com https://*.googletagmanager.com https://www.gstatic.com https://static.openreplay.com js.honeybadger.io *.tawk.to fonts.googleapis.com cdn.jsdelivr.net www.youtube.com;           img-src 'self' data: s3-eu-west-1.amazonaws.com s3.eu-west-1.amazonaws.com https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com www.googletagmanager.com *.tawk.to cdn.jsdelivr.net tawk.link pclportal.mhra.gov.uk img.youtube.com;           style-src 'self' 'unsafe-inline' *.tawk.to fonts.googleapis.com https://www.gstatic.com cdn.jsdelivr.net;           connect-src 'self' data: *.gompels.co.uk gompelsopencart.s3.amazonaws.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://openreplay-ghc.gompels.com api.ideal-postcodes.co.uk *.tawk.to wss://*.tawk.to;           font-src *.tawk.to fonts.gstatic.com;           frame-src 'self' *.gompels.co.uk gompelsopencart.s3.amazonaws.com *.tawk.to youtube.com www.youtube.com www.youtube-nocookie.com; www.google.com           frame-ancestors 'self' youtube.com;           worker-src blob:;           object-src 'none'; 1
default-src u-he.com *.u-he.com *.google-analytics.com; base-uri 'self'; font-src 'self' *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.typekit.net *.webtype.com *.typenetwork.com; frame-src 'self' *.itunes.apple.com *.youtube.com *.youtube-nocookie.com; img-src 'self' data: 'unsafe-inline' *.google-analytics.com *.googletagmanager.com *.itunes.apple.com *.kvraudio.com *.twimg.com *.typekit.net u-he.com *.u-he.com *.webtype.com *.youtube.com; media-src 'self' uhe-media.b-cdn.net https://*; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com *.doubleclick.net *.feedrapp.info *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.jquery.com *.typekit.net *.twimg.com *.yahooapis.com *.youtube.com https://sedoparking.com/frmpark/u-he.com/IONOSParkingDE/park.js; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com *.typekit.net *.twimg.com *.webtype.com *.youtube.com *.typenetwork.com; form-action 'self'; frame-ancestors * 1
report-uri /csp-report; default-src 'self' https://shop.stpancras.com https://google.co.uk https://www.google.co.uk https://www.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://connect.facebook.net/en_US/fbevents.js https://d10lpsik1i8c69.cloudfront.net/w.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://js.createsend1.com/javascript/copypastesubscribeformlogic.js https://*.hotjar.com maps.googleapis.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' http://admin.highspeed1.co.uk https://createsend.com https://maps.googleapis.com https://settings.luckyorange.net https://www.facebook.com https://www.google-analytics.com https://analytics.google.com https://*.hotjar.io https://*.google-analytics.com https://*.analytics.google.com wss://ws.hotjar.com https://*.google.co.uk https://*.doubleclick.net; font-src 'self' https://use.typekit.net https://fonts.gstatic.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://widget-3bcbfadb1b0e462e809ce25304fd6efd.elfsig.ht https://map.stpancras.com https://*.doubleclick.net; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com img.fat.dev; manifest-src 'self'; media-src 'self'; worker-src 'self'; upgrade-insecure-requests 1
default-src wss: https: blob: 'unsafe-inline' 'unsafe-eval'; media-src https: blob:; font-src https: data:;img-src https: data:; 1
default-src 'none';script-src 'self' https: 'unsafe-inline' 'strict-dynamic' 'nonce-6198f3b7add15a4f64ec5c5bc8d9439b';script-src-elem 'self' 'unsafe-inline' 'nonce-6198f3b7add15a4f64ec5c5bc8d9439b' https://www.buzzsprout.com https://static.ads-twitter.com https://snap.licdn.com https://bat.bing.com https://player.vimeo.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js-na1.hs-scripts.com https://ad.wsod.com https://polyfill.apps.factset.com https://cdn.factset.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com;img-src 'self' data: https://i.vimeocdn.com https://px.ads.linkedin.com https://t.co https://analytics.twitter.com https://bat.bing.com https://www.google.com https://google.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://14107197.fls.doubleclick.net https://ad.doubleclick.net https://ad.wsod.com;connect-src 'self' https://cdn.linkedin.oribi.io https://*.googletagmanager.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net https://px.ads.linkedin.com;font-src 'self' https://cdn.factset.com https://fonts.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src https://player.vimeo.com https://www.buzzsprout.com/ https://www.google.com https://www.googletagmanager.com https://ad.wsod.com https://bid.g.doubleclick.net https://td.doubleclick.net https://14107197.fls.doubleclick.net;object-src 'none';base-uri 'self' 1
frame-ancestors 'self' https://ohws.prospective.ch https://jobs.vpbank.com; report-uri /report-csp-violation 1
frame-src *.cookiebot.com *.google.com *.vimeo.com *.youtube.com player.hihaho.com td.doubleclick.net;img-src *.cookiebot.com *.google.com *.google.nl *.trappers.net *.vimeo.com *.vimeocdn.com *.youtube.com data: https://px.ads.linkedin.com i.ytimg.com 'self';media-src *.youtube.com i.ytimg.com player.hihaho.com;object-src 'none';script-src *.cookiebot.com *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.hotjar.com https://snap.licdn.com/ 'self' 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' data: *.eatclub.com *.myeatclub.com *.typekit.net unpkg.com *.google.com *.googleapis.com *.cloudfront.net *.sentry.io *.sentry-cdn.com *.braintreegateway.com *.freedompay.com newrelic.com *.newrelic.com *.googletagmanager.com *.fastly.net *.googleadservices.com bat.bing.com connect.facebook.net www.facebook.com *.google-analytics.com *.inspectlet.com *.newrelic.com *.doubleclick.net *.nr-data.net *.optimizely.com *.hs-scripts.com *.leadpages.net *.hsforms.net *.hsforms.com *.licdn.com *.workable.com *.hsadspixel.net *.hsleadflows.net *.hs-analytics.net *.hs-banner.com *.amazonaws.com *.lpages.co *.linkedin.com *.leadpages.io *.gstatic.com *.hubspot.com *.hubapi.com p.adsymptotic.com *.cloudflare.com *.github.io opensource.twitter.dev *.statuspage.io *.bootstrapcdn.com code.jquery.com *.onetrust.com eatclub.looker.com *.webflow.com cdn.jsdelivr.net cdn.embedly.com *.website-files.com *.productfruits.com wss://*.productfruits.com sentry.io; frame-ancestors 'self' *.eatclub.com *.myeatclub.com *.inspectlet.com 1
base-uri 'self'; font-src 'self' 'unsafe-inline' data: https://sothebys.test https://sothebys-admin.test https://localhost:3000 https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net https://nzsothebysrealty.com https://www.nzsothebysrealty.com https://*.hotjar.com https://cdn.livechatinc.com; form-action 'self' https://www.facebook.com; frame-ancestors 'self'; img-src 'self' data: https://sothebys.test https://sothebys-admin.test https://uat.cms.nzsir.com https://cms.nzsir.com https://bre-directus-uat.azurewebsites.net https://bre-directus-prod.azurewebsites.net https://www.google.co.nz https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com https://ad.doubleclick.net *.loopaautomate.com *.loopa.net.au *.adnxs.com *.taboola.com looparesources.azureedge.net https://connect.facebook.net https://www.facebook.com https://img.youtube.com https://i.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://ik.imagekit.io https://images.nzsothebysrealty.com http://127.0.0.1:*/ https://nzsothebysrealty.com https://www.nzsothebysrealty.com; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https://vjs.zencdn.net https://fonts.googleapis.com https://*.hotjar.com https://cloud.typography.com https://use.typekit.net https://p.typekit.net https://unpkg.com/sanitize.css https://nzsothebysrealty.com https://www.nzsothebysrealty.com; connect-src 'self' data: https://sothebys.test https://sothebys-admin.test https://uat.cms.nzsir.com https://cms.nzsir.com https://bre-directus-uat.azurewebsites.net https://bre-directus.azurewebsites.net https://maps.googleapis.com https://analytics.google.com https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net https://www.facebook.com https://api.hostaway.com https://booking-engine.hostaway.com https://api.raygun.io *.loopaautomate.com *.loopa.net.au *.adnxs.com *.taboola.com looparesources.azureedge.net http://127.0.0.1:*/ ws://localhost:*/ wss://localhost:*/ http://localhost:*/ https://localhost:*/ ws://sothebys.test:*/ ws://local.nzsothebysrealty.com:*/ https://nzsothebysrealty.com https://www.nzsothebysrealty.com https://api.livechatinc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com/recaptcha/api.js https://cdn.raygun.io/raygun4js/raygun.min.js https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://*.hotjar.com https://connect.facebook.net https://www.youtube.com https://vjs.zencdn.net https://maps.googleapis.com https://nzsothebysrealty.com https://www.nzsothebysrealty.com https://d2q3n06xhbi0am.cloudfront.net/calendar.js https://js.stripe.com/v3 https://auctionslive.com https://widget.auctionslive.com *.loopaautomate.com *.loopa.net.au *.adnxs.com *.taboola.com looparesources.azureedge.net;  1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; base-uri 'self';  frame-src 'self' https://www.google.com  https://maps.google.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com ;  1
default-src 'self'; connect-src 'self' sds.steemworld.org sds1.steemworld.org steemd.steemworld.org api.steemwow.com api.steemit.com api.justyy.com api.steemitstage.com steemitimages.com api.steemdb.online api.steem.bts.tw cn.steems.top steem.61bts.com api.steem.fans api.steemzzang.com; font-src 'self'; frame-ancestors 'none'; frame-src 'self'; img-src * data:; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline' 1
default-src blob: 'self'; script-src blob: 'self' 'unsafe-eval' 'unsafe-inline' https://*.accessionmeeting.com http://*.mymeet.me http://*.accessionmeeting.com https://*.mymeet.me https://accessionmeeting.com http://mymeet.me http://accessionmeeting.com https://mymeet.me http://ajax.aspnetcdn.com http://apps.bdimg.com http://cdn.mplxtms.com http://cdn.pardot.com http://connect.facebook.net http://intljs.rmtag.com http://js.ywsem.com http://m.baidu.com http://pi.pardot.com http://rum-static.pingdom.net http://static.hotjar.com http://static.tieba.baidu.com http://tagmanager.google.com http://www.comeet.co http://www.google-analytics.com http://www.google.com http://www.googleadservices.com http://www.googletagmanager.com https://*.cmptch.com https://*.50million.club https://*.cloudfront.net https://ajax.aspnetcdn.com https://apis.google.com https://apiurl.org https://appsforoffice.microsoft.com https://assets.zendesk.com https://cdn.5bong.com https://cdn.jsdelivr.net https://cdncache-a.akamaihd.net https://code.jquery.com https://connect.facebook.net https://consent.trustarc.com https://extnetcool.com https://fp166.digitaloptout.com https://higedev.cool https://intljs.rmtag.com https://localhost:1337 https://pi.pardot.com https://rum-static.pingdom.net https://s.dcbap.com https://s.ytimg.com https://s3.amazonaws.com https://scout-cdn.salesloft.com https://script.hotjar.com https://sealserver.trustwave.com https://secure-cdn.mplxtms.com https://secure.myshopcouponmac.com https://srvvtrk.com https://static.hotjar.com https://static.zdassets.com https://static2.sharepointonline.com https://tag.demandbase.com https://tagmanager.google.com https://tpc.googlesyndication.com https://tracking.g2crowd.com https://translate.google.com https://translate.googleapis.com https://unpkg.com https://www.comeet.co https://www.dropbox.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://www.recaptcha.net https://www.gstatic.cn https://*.meetzoom.us; img-src https: http: blob: data: 'self'; style-src blob: https: 'unsafe-inline' 'self'; font-src https: data: chrome-extension: 'self'; connect-src * blob: data: 'self'; media-src * blob: 'self'; frame-src 'self' https://*.accessionmeeting.com https://*.mymeet.me http://www.googletagmanager.com https: ms-appx-web: accessionmeeting: com.accessionmeeting zoom zoomamdev zoomamdev: com.callone.meeting: zoomserveurcom: zoomnhc: com.accessionmeeting.aspenuc.meeting: zoomamdevtgs: com.accessionmeeting.sonic: me.mymeet.h3a: me.mymeet.h3asit: com.accessionmeeting.allstream-ca: com.accessionmeeting.allstream-us: com.accessionmeeting.aspenuc.meeting: com.accessionmeeting.broadvoice: com.accessionmeeting.cablebahamas: com.accessionmeeting.calltower: com.accessionmeeting.chief070.meeting: com.accessionmeeting.cloudx: com.accessionmeeting.docomopacific: com.accessionmeeting.docomopacificspn: com.accessionmeeting.fetnet.meeting: com.accessionmeeting.frontier: com.accessionmeeting.getgds: com.accessionmeeting.gtdconectados: com.accessionmeeting.liquid: com.accessionmeeting.liquidpoc.meeting: com.accessionmeeting.mcmtelecom.meeting: com.accessionmeeting.myaccessplus: com.accessionmeeting.myaccessplus-lab: com.accessionmeeting.nt.meeting: com.accessionmeeting.officesmart.meeting: com.accessionmeeting.pod: com.accessionmeeting.testfly-aces.meeting: com.accessionmeeting.vtrnegocios: com.accessionmeeting.xchangetele.centraloffice: com.accessionmeeting.zwelamais: com.earthlinkmeetingroom.meeting: em.teemym.dnuotsa: me.mymeet.cablenet: me.mymeet.dhiraagu: me.mymeet.ena: me.mymeet.maxcom.meeting: me.mymeet.vivo.meeting: me.mymeet.enove: me.mymeeting.east: me.mymeeting.west: mymeet.me.gtd: zoomamdev: zoomcareconnect: zoomcw: zoomelnklab: zoomsotel: zoomyiptel: me.mymeet.sparklight: me.mymeet.uat-sparklight: me.mymeet.smartmeeting: me.mymeet.everfast: com.accessionmeeting.truvista: itms-apps://itunes.apple.com; report-uri https://www.accessionmeeting.com/csp/report 1
default-src 'self' 'unsafe-eval' *.hs-scripts.com *.iubenda.com http://cdn.hoog.design 'unsafe-inline' exch.hoog.design *.vimeo.com vumbnail.com *.googleapis.com blob: data: *.gstatic.com *.googletagmanager.com *.hs-analytics.net *.hscollectedforms.net *.hs-banner.com js.hsforms.net unpkg.com cdnjs.cloudflare.com *.google.com *.pinterest.com *.tiktok.com *.youtube.com *.pinimg.com forms.hsforms.com *.hubspot.com *.doubleclick.net hubspot-forms-static-embed.s3.amazonaws.com pagead2.googlesyndication.com www.google.nl forms-na1.hsforms.com s3.eu-west-2.amazonaws.com *.google-analytics.com static.hotjar.com cdn.leadinfo.net connect.facebook.com script.hotjar.com collector.leadinfo.net connect.facebook.net api.leadinfo.com www.facebook.com http://yoast.com http://my.yoast.com *.s.w.org *.wp.com *.googleadservices.com; 1
frame-ancestors: 'self' 1
frame-ancestors 'self' ddev.site nissan-nic.test nissan-nic.slava.digital renault.ru *.renault.ru ren-dark-ru-wrd-prod-1.wrd-aws.com *.heliosnissan.net finance-nissan.ru *.nissan.ru test-app.nissansmtool.ru webvisor.com metrika.yandex.ru nissan-russia.comunica-digital.ru nissan-russia.comunica-digital.ru intranet.comunica-digital.ru; 1
frame-ancestors 'self' https://*.bliz.com https://*.luxottica.com https://*.essilorluxottica.com; 1
default-src 'none'; img-src 'self' data: https://*.jivosite.com https://*.jivo.ru https://www.gstatic.com https://*.giphy.com; style-src 'self' 'unsafe-inline' https://translate.googleapis.com https://*.jivosite.com https://*.jivo.ru; script-src 'self' 'unsafe-inline' https://*.jivosite.com https://*.jivo.ru; font-src 'self'; connect-src 'self' https://*.jivosite.com wss://*.jivosite.com https://*.jivo.ru wss://*.jivo.ru; frame-src https://*.niks.by https://*.jivosite.com https://*.jivo.ru https://niks-by.speedtestcustom.com; frame-ancestors 'none'; media-src https://*.jivosite.com https://*.jivo.ru; base-uri 'self'; form-action 'self'; 1
default-src * 'unsafe-inline' 'unsafe-eval' data:;frame-src * data: blob: intent:; 1
default-src 'self';script-src 'unsafe-eval' 'self' 'unsafe-inline' js.stripe.com/v3/ www.gstatic.com/recaptcha/releases/ *.tshirtstudio.com *.pinterest.com s.ytimg.com www.youtube.com *.google-analytics.com *.googleapis.com *.facebook.net *.facebook.com *.bing.com *.googleadservices.com *.googletagmanager.com *.smartlook.com *.smartlook.cloud googleads.g.doubleclick.net code.jquery.com *.google.com songbird.cardinalcommerce.com songbird.cardinalcommerce.com/edge/v1/songbird.js songbirdstag.cardinalcommerce.com widget.trustpilot.com;style-src  'self' 'unsafe-inline' *.googleapis.com;connect-src 'self' api.stripe.com *.googleadservices.com *.googlesyndication.com td.doubleclick.net googleads.g.doubleclick.net *.google.com *.facebook.com *.smartlook.com code.jquery.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net *.cardinalcommerce.com;img-src 'self' *.googletagmanager.com *.google.ge *.msn.com *.bing.com *.google-analytics.com *.analytics.google.com *.facebook.com *.blob.core.windows.net *.xx.fbcdn.net scontent.cdninstagram.com *.g.doubleclick.net *.google.co.uk *.google.com *.tshirtstudio.com *.googleadservices.com;font-src 'self' fonts.gstatic.com;worker-src *.tshirtstudio.com;frame-src 'self' hooks.stripe.com js.stripe.com td.doubleclick.net googleads.g.doubleclick.net bid.g.doubleclick.net *.facebook.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.google.co.uk *.cardinalcommerce.com widget.trustpilot.com;frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.trustedshops.com *.beslist.nl *.jotform.com https://surfly.com robin-storage.js *.ravecapture.com *.azureedge.net https://trustspot.io *.bing.com https://squeezely.tech *.msecnd.net *.criteo.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.facebook.net *.fontawesome.com *.googletagmanager.com *.google.com *.google.nl *.google-analytics.com *.googleadservices.com *.googleapis.com *.gstatic.com *.hotjar.com *.twitter.com *.vimeo.com *.youtube.com *.cloudsuite.com *.robinhq.com robincontentdesktop.blob.core.windows.net; img-src 'self' blob: *.trustedshops.com *.cloudsuite.com data: *.cloudfront.net *.googleadservices.com *.amazonaws.com *.demdex.net *.squeezely.tech *.demex.net *.unrulymedia.com https://robincontentdesktop.blob.core.windows.net/ *.bing.com *.ventilatieland.nl *.econox.nl *.cloudsuite.com *.facebook.com *.fbcdn.net *.google.com *.google.nl *.googletagmanager.com *.google-analytics.com *.gstatic.com *.googleapis.com *.twitter.com *.vimeocdn.com *.youtube.com *.360yield.com *.yieldlab.net *.adform.net *.doubleclick.net https://contextual.media.net https://criteo-partners.tremorhub.com https://criteo-sync.teads.tv *.emxdgt.com *.3lift.com *.mediavine.com *.criteo.com *.adnxs.com https://id5-sync.com *.postrelease.com *.sharethrough.com *.ivitrack.com *.rubiconproject.com *.dmxleo.com *.casalemedia.com *.smartadserver.com *.pubmatic.com *.ads.yieldmo.com *.taboola.com *.1rx.io *.outbrain.com *.omnitagjs.com *.bidswitch.net; font-src 'self' 'unsafe-inline' data: *.gstatic.com *.cloudsuite.com *.fontawesome.com *.onlinewebfonts.com data: *.typekit.net *.bootstrapcdn.com *.cloudflare.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.amazonaws.com *.cloudsuite.com *.googleapis.com *.typekit.net *.onlinewebfonts.com *.ravecapture.com; connect-src 'self' *.beslist.nl https://surfly.com *.ravecapture.com *.hotjar.io *.robinhq.com sentry.cloudsuite.io *.hotjar.com wss://*.hotjar.com *.visualstudio.com *.criteo.com *.amazonaws.com *.doubleclick.net *.cloudsuite.com *.cloudsuite.io *.fontawesome.com *.googleapis.com *.google-analytics.com *.google.com https://google.com *.vimeo.com *.youtube.com; frame-src 'self' https://surfly.com *.jotform.com *.robinhq.com *.doubleclick.net *.facebook.com *.google.com *.hotjar.com *.rsa3dsauth.co.uk *.securesuite.co.uk *.vimeo.com *.youtube.com *.criteo.com; media-src 'self' 1
block-all-mixed-content; frame-ancestors *.artesana.com.br 1
frame-ancestors 'self'; object-src 'none'; base-uri 'none' 1
connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com; default-src 'self'; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com; frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://consentcdn.cookiebot.com; img-src 'self' https://www.google.com https://www.google.co.uk https://www.google-analytics.com https://i.ytimg.com https://www.gstatic.com data:; media-src 'self' https://nuiiicecream.com https://nuiiicecream.co.uk https://nuiiicecream.at https://nuiiicecream.de https://nuiiicecream.es https://nuiiicecream.fr https://nuiiicecream.it https://nuiiicecream.ch ; script-src 'self' 'unsafe-inline' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.youtube.com https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; 1
frame-ancestors 'self';script-src 'unsafe-inline' http: https:; object-src 'none'; base-uri 'none'; 1
script-src 'self' http://www.chromestatus.com http://www.springmodules.org https://www.springmodules.org https://maps.googleapis.com http://maps.googleapis.com https://translate.googleapis.com http://translate.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com  http://tranWomenMngSugangControllerslate.google.com https://translate.google.com http://connect.facebook.net https://connect.facebook.net https://api.instagram.com http://api.instagram.com https://maps.google.co.kr http://maps.google.co.kr https://code.jquery.com http://code.jquery.com https://developers.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://appleid.cdn-apple.com https://spi.maps.daum.net https://www.google-analytics.com http://maps.google.com https://maps.google.com https://wcs.naver.net https://ipinfo.io https://openapi.map.naver.com http://openapi.map.naver.com http://onetile1.map.naver.net http://onetile2.map.naver.net http://onetile3.map.naver.net http://onetile4.map.naver.net http://static.naver.net https://onetile1.map.naver.net https://onetile2.map.naver.net https://onetile3.map.naver.net https://onetile4.map.naver.net https://static.naver.net http://www.facebook.com https://www.facebook.com http://connect.facebook.net https://connect.facebook.net http://dapi.kakao.com https://dapi.kakao.com http://s1.daumcdn.net http://t1.daumcdn.net http://i1.daumcdn.net http://map0.daumcdn.net http://map1.daumcdn.net http://map2.daumcdn.net http://map3.daumcdn.net http://map4.daumcdn.net https://s1.daumcdn.net https://t1.daumcdn.net https://i1.daumcdn.net https://map0.daumcdn.net https://map1.daumcdn.net https://map2.daumcdn.net https://map3.daumcdn.net https://map4.daumcdn.net http://map.vworld.kr http://fonts.gstatic.com http://xdworld.vworld.kr:8080 http://map.ngii.go.kr http://emapapi.ngii.go.kr http://emapapi.ngii.go.kr:9082 https://tour.busan.go.kr http://tour.busan.go.kr http://apis.atlan.co.kr 'unsafe-inline' 'unsafe-eval'; object-src 'self'; 1
script-src 'self' https://bookwyrm-social.sfo3.digitaloceanspaces.com 'nonce-XhlXQlLocLb/ssGyt04OLg=='; default-src 'self' https://bookwyrm-social.sfo3.digitaloceanspaces.com 1
default-src 'self'; script-src 'self' blob: 'unsafe-inline' data: 'unsafe-eval' https://analytics.whitelabeliq.com https://secure.leadforensics.com/Track/Capture.aspx https://stats.wp.com/w.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/ https://secure.leadforensics.com/js/28812.js https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.youtube.com https://maps.googleapis.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com/; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.whitelabeliq.com https://analytics.google.com https://idx.liadm.com https://www.google-analytics.com https://maps.googleapis.com/ https://stats.g.doubleclick.net https://sockjs.pusher.com wss://ws-mt1.pusher.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://cdn.collage.inc https://www.google.com https://www.youtube.com https://d3tw6iv5rfkior.cloudfront.net https://td.doubleclick.net https://d14k1p5f03m83q.cloudfront.net; img-src 'self' data: https://cdn.collage.inc https://collage-prod-storage.s3.amazonaws.com/ https://s3.us-east-2.amazonaws.com https://ps.w.org https://img.youtube.com https://pixel.wp.com https://i.ytimg.com https://d3mhhyy97dj42z.cloudfront.net https://d3tw6iv5rfkior.cloudfront.net https://www.googletagmanager.com https://www.google.co.in/ads https://maps.gstatic.com https://maps.googleapis.com/ https://www.google.co.in/ads/ https://stats.g.doubleclick.net https://fonts.gstatic.com https://marcom3prod.s3.amazonaws.com https://d2iiunr5ws5ch1.cloudfront.net https://d3mhhyy97dj42z.cloudfront.net; 1
default-src 'self';     script-src 'report-sample' 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.releasenotes.io/v1/rne.min.js https://cdn.segment.com https://*.hotjar.com https://*.userflow.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.stripe.com https://maps.googleapis.com;     style-src 'report-sample' 'self' 'unsafe-inline' https://*.userflow.com;     object-src 'none';     base-uri 'self';     connect-src 'report-sample' 'self' https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.sentry.io https://tracking.scalr.com https://tracking.scalr.io https://*.scalr.io wss://*.hotjar.com wss://*.userflow.com https://api.stripe.com  https://maps.googleapis.com;     font-src 'report-sample' 'self' data: https://use.typekit.net https://fonts.gstatic.com;     frame-src 'report-sample' 'self' https://js.stripe.com https://hooks.stripe.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;     manifest-src 'self';     img-src 'report-sample' 'self' https://*.scalr.io data: blob: https://storage.googleapis.com https://*.userflow.com https://*;     media-src 'self' https://*.scalr.io data:;     report-uri https://browser-intake-us3-datadoghq.com/api/v2/logs?dd-api-key=pubb6d3b29d303e3425ec694796b4c57f7c&dd-evp-origin=content-security-policy&ddsource=csp-report;     worker-src 'report-sample' 'self' https://*.scalr.io blob:; 1
frame-ancestors 'self' https://*.myshopify.com https://admin.shopify.com https://builder.io; 1
base-uri 'self';block-all-mixed-content; frame-ancestors 'self';worker-src 'none' 1
script-src 'report-sample' 'nonce-0bpI_ihiNh8w9MdoE4OFYA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport 1
frame-ancestors *.ariba.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.witron.de/ https://www.youtube.com/ https://statistics.witron.de/ https://www.google.com/ https://creator.hosted-pageflow.com/ https://player.podigee-cdn.net/ https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.witron.de/; img-src https://*.witron.de/ 'self' data:; 1
default-src 'self' *.fastly.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fastly.com *.zoom.us; connect-src 'self' fiddle.fastly.dev log-bin-dot-rd---product.uc.r.appspot.com tachotest.edgecompute.app *.google-analytics.com *.fastly.com *.zoom.us wss://*.zoom.us; img-src 'self' data: user-images.githubusercontent.com deploy.edgecompute.app *.basemaps.cartocdn.com passkeys.edgecompute.app *.fastly.com *.zoom.us blob: *.fastly.com; style-src 'self' 'unsafe-inline' *.fastly.com; worker-src 'self' blob: *.fastly.com; frame-src *; 1
default-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube-nocookie.com https://identity.netlify.com/ https://www.netlifystatus.com *.eden.com;connect-src 'self' 'unsafe-inline' blob: *.cloudfront.net *.google.com *.google-analytics.com *.eden.com https://*.gstatic.com https://cdn.cookie-script.com https://consent.cookie-script.com https://fonts.googleapis.com https://fonts.gstatic.com https://geo.cookie-script.com https://identity.netlify.com https://l.sharethis.com https://raw.githubusercontent.com https://maps.googleapis.com https://maps.gstatic.com https://maxcdn.bootstrapcdn.com https://platform-cdn.sharethis.com https://script.google.com https://script.googleusercontent.com https://stats.g.doubleclick.net https://ug-edn.netlify.app https://www.google-analytics.com https://www.googletagmanager.com https://www.eden.com https://www.youtube-nocookie.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://www.youtube-nocookie.com *.cloudfront.net https://maxcdn.bootstrapcdn.com;frame-src 'self' https://c.sharethis.mgr.consensu.org  https://www.youtube-nocookie.com;img-src 'self' blob: data: https://platform-cdn.sharethis.com https://www.googletagmanager.com https://cdn.cookie-script.com https://www.google-analytics.com https://fonts.gstatic.com https://www.google.co.uk *.google.com https://maps.gstatic.com https://l.sharethis.com https://raw.githubusercontent.com images.ctfassets.net *.cloudfront.net *.googleapis.com *.ggpht *.eden.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;object-src 'self' 'unsafe-inline' data: https://www.netlify.com https://identity.netlify.com https://www.netlifystatus.com assets.ctfassets.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.cookie-script.com https://geo.cookie-script.com https://www.google-analytics.com https://maps.googleapis.com https://platform-api.sharethis.com https://identity.netlify.com https://unpkg.com https://www.netlifystatus.com https://script.google.com https://script.googleusercontent.com https://maxcdn.bootstrapcdn.com *.eden.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://cdn.cookie-script.com https://raw.githubusercontent.com https://www.eden.com https://ug-edn.netlify.app/ *.fontawesome.com *.cloudfront.net;manifest-src 'self' https://www.eden.com https://ug-edn.netlify.app/ 1
frame-ancestors 'self' https://api.c9guxrh1t0-osbornedi1-p1-public.model-t.cc.commerce.ondemand.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' macquariecloudservices.com macquariedatacentres.com *.macquariedatacentres.com *.macquarietelecom.com https://yoast.com https://pi.pardot.com https://bat.bing.com https://connect.facebook.net https://www.gstatic.com/ https://opt-au.spatialbuzz.net https://platform.twitter.com https://beacon-v2.helpscout.net https://*.sharethis.com https://bam.nr-data.net https://js-agent.newrelic.com https://*.hotjar.com https://snap.licdn.com https://storage.googleapis.com https://www.clickcease.com https://www.google-analytics.com https://www.googletagmanager.com https://www.snapengage.com https://sok.soapfighters.com https://player.vimeo.com https://googleads.g.doubleclick.net https://www.youtube.com https://www.google.com https://api.w3-edge.com https://cdn.jsdelivr.net https://*.unbounce.com;  style-src * 'unsafe-inline' data: blob:;  img-src * data:;  font-src * data:;  connect-src 'self' https://*.cloudfront.net https://api.ipgeolocation.io https://yoast.com https://*.yoast.com https://bam.nr-data.net https://www.google-analytics.com https://analytics.google.com https://cdn.linkedin.oribi.io https://stats.g.doubleclick.net https://pagead2.googlesyndication.com wss://*.hotjar.com *.hotjar.io https://vimeo.com https://*.unbounce.com https://*.ipify.org;  frame-src 'self' https://opt-au.spatialbuzz.net/ https://www.youtube-nocookie.com https://td.doubleclick.net https://player.vimeo.com https://*.twitter.com/ https://www.youtube.com https://www.facebook.com/ https://syf.tbe.taleo.net/ macquarietechnologygroup.com *.macquarietechnologygroup.com macquarietelecomgroup.com *.macquarietelecomgroup.com macquarietelecom.com *.macquarietelecom.com macquariecloudservices.com *.macquariecloudservices.com macquariegovernment.com *.macquariegovernment.com macquariedatacentres.com *.macquariedatacentres.com *.google.com; media-src 'self' https://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools; base-uri 'self' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.mosanweb.com *.googleapis.com *.google-analytics.com *.gstatic.com *.google.com *.gravatar.com; report-uri https://mosanweb.com/submitticket.php?step=2&deptid=4 1
frame-ancestors https://*.studiomuseum.org/ 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-cYu_WJbWoQ66dk6PBEwY0A' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' https://manage.pharmamanufacturing.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self' files.hollmann.international data:;base-uri https://hollmann.international;block-all-mixed-content;style-src 'self' files.hollmann.international 'unsafe-inline';script-src 'self' files.hollmann.international 'unsafe-inline';frame-ancestors 'none' 1
frame-ancestors 'self' https://www.zerowastescotland.org.uk 1
default-src 'self'; script-src-elem 'self' 'unsafe-inline' https://ajax.cloudflare.com https://static.cloudflareinsights.com https://hcaptcha.com  https://cdnjs.cloudflare.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com; connect-src 'self' https://analytics.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.cloudflare.com https://cdnjs.cloudflare.com https://www.googletagmanager.com; frame-src 'self' https://hcaptcha.com https://newassets.hcaptcha.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.com; img-src 'self' https://* data: https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; child-src 'self'; 1
default-src 'self' http://compagniedulit.local:3000 http://compagniedulit.local:3004 wss://compagniedulit.local:3000/ws https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://api.beeroot.io https://cdn.jsdelivr.net https://lp.lacompagniedulit.com/ https://22admedia.com/22rtb/355.js; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' http://compagniedulit.local:3000 https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://www.google.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://apis.google.com https://www.youtube.com https://www.facebook.com https://connect.facebook.net https://connect.facebook.net/fr_FR/sdk.js https://t.mydialoginsight.com https://api.beeroot.io https://bam.eu01.nr-data.net/1/NRJS-7e7de70efc7604444cc https://bat.bing.com https://cdn.doofinder.com/media/js/doofinder-classic.7.latest.min.js https://cdn.doofinder.com https://cl.avis-verifies.com https://dcniko1cv0rz.cloudfront.net/realytics-1.2.min.js https://eu1-search.doofinder.com https://events.sk.ht/lacompagniedulit/lib.js https://i.realytics.io/tc.js https://tp.realytics.io https://tc-sync.realytics.io https://js-agent.newrelic.com/nr-1216.min.js https://media.lacompagniedulit.com/themes/antadis/js/modernizr.js https://cdn.scaleflex.it https://libs.hipay.com/js/sdkjs.js https://libs.hipay.com/hostedfields/loader.js https://libs.hipay.com https://data.hipay.com https://stage-data.hipay.com https://mpsnare.iesnare.com/general5/wdp.js https://mpsnare.iesnare.com/5.5.0/logo.js https://mpsnare.iesnare.com/snare.js https://mpsnare.iesnare.com/script/logo.js https://s.yimg.com/wi/ytc.js https://script.hotjar.com https://static.hotjar.com/c/hotjar-907938.js https://static.zdassets.com https://t.contentsquare.net https://js-agent.newrelic.com https://www.clarity.ms https://cdn.cartsguru.io https://cdn.cookielaw.org https://*.lacompagniedulit.com/ https://www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://*.hotjar.com https://*.facebook.com https://*.cookielaw.org https://data.perfmaker.net https://tag.perfmaker.net https://*.useinsider.com https://*.retargeted.co https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js https://*.rr.skeepers.io; style-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://fonts.googleapis.com/ https://tagmanager.google.com https://libs.hipay.com/themes/material.min.css https://cdn.doofinder.com https://*.perfmaker.net https://www.googletagmanager.com/debug/badge.css https://*.useinsider.com https://api.beeroot.io https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; object-src https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://api.beeroot.io https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; base-uri 'self'; connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss://compagniedulit.local:3000/ws http://compagniedulit.local:3004 https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://www.google.com https://googleads.g.doubleclick.net https://www.google.fr https://www.googleadservices.com https://*.googlesyndication.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.facebook.com https://libs.hipay.com https://data.hipay.com https://secure-gateway.hipay-tpp.com https://openfpcdn.io https://ekr.zdassets.com/compose/2f1b04c5-1c22-440d-9212-c9c5da549d3a https://e.clarity.ms/collect https://stage-data.hipay.com/checkout-data https://api.beeroot.io https://api.realytics.io https://bam.eu01.nr-data.net https://bat.bing.com https://*.contentsquare.net https://hotjar.com https://in.hotjar.com https://ekr.zendesk.com https://eu1-search.doofinder.com https://integration.carts.guru https://j.clarity.ms https://lacompagniedulit.zendesk.com https://maps.googleapis.com wss://mpsnare.iesnare.com/star https://region1.google-analytics.com https://s.yimg.com https://sk.ht https://stats.g.doubleclick.net wss://widget-mediator.zopim.com https://cdn.cookielaw.org https://privacyportal-fr.onetrust.com/request/v1/consentreceipts https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://eu1-layer.doofinder.com wss://eu1-layer.doofinder.com https://mtm.lacompagniedulit.com/ https://*.perfmaker.net https://*.useinsider.com wss://*.useinsider.com https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js https://*.rr.skeepers.io; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://fonts.gstatic.com https://*.useinsider.com https://api.beeroot.io https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; frame-src 'self' 'unsafe-inline' 'unsafe-eval' 'self' blob: https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://www.google.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com https://bid.g.doubleclick.net https://www.youtube.com/ https://www.facebook.com https://libs.hipay.com https://stage-data.hipay.com https://11435458.fls.doubleclick.net https://vars.hotjar.com https://www.youtube-nocookie.com https://*.perfmaker.net https://*.avis-verifies.com/ https://*.useinsider.com https://api.beeroot.io https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js https://td.doubleclick.net; img-src 'self' data: 'unsafe-inline' 'unsafe-eval' 'self' blob: https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://*.google-analytics.com https://*.google.com https://*.google.fr https://ib.adnxs.com/getuid https://maps.gstatic.com/mapfiles/ https://www.googletagmanager.com https://*.googletagmanager.com https://*.analytics.google.com https://maps.googleapis.com/ https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://www.facebook.com https://sp.analytics.yahoo.com https://www.lacompagniedulit.com https://media.lacompagniedulit.com https://static1.lacompagniedulit.net https://contentsquare.net https://l.contentsquare.net https://bat.bing.com https://c.contentsquare.net https://cl.avis-verifies.com https://t.mydialoginsight.com https://www.netreviews.eu https://cdn.cookielaw.org https://i.ytimg.com https://*.useinsider.com https://api.beeroot.io https://cdn.jsdelivr.net https://images.prismic.io https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js https://cdn.doofinder.com https://eu1-doofinderuser.s3.amazonaws.com; manifest-src 'self' https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; media-src 'self' https://mpsnare.iesnare.com/time.mp3 data: https://static.zdassets.com https://api.beeroot.io https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; report-uri https://62d537b090d65793425d8b0b.endpoint.csper.io/?v=0 https://api.beeroot.io https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; child-src 'self' blob: https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://api.beeroot.io https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; frame-ancestors 'self' blob: https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://*.useinsider.com https://api.beeroot.io https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; 1
frame-ancestors check24.de *.check24.de 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-eval' 'report-sample' https://www.ketogenicforums.com/logs/ https://www.ketogenicforums.com/sidekiq/ https://www.ketogenicforums.com/mini-profiler-resources/ https://www.ketogenicforums.com/assets/ https://www.ketogenicforums.com/brotli_asset/ https://www.ketogenicforums.com/extra-locales/ https://www.ketogenicforums.com/highlight-js/ https://www.ketogenicforums.com/javascripts/ https://www.ketogenicforums.com/plugins/ https://www.ketogenicforums.com/theme-javascripts/ https://www.ketogenicforums.com/svg-sprite/ https://www.googletagmanager.com/gtm.js 'unsafe-inline' https: http:; worker-src 'self' blob: 1
default-src 'self' 'unsafe-inline' https://*.talentqgroup.com https://*.cloudfront.net https://www.google-analytics.com https://www.google.com/ https://www.gstatic.com  https://hello.myfonts.net/count/3122c9; frame-ancestors 'self' 1
frame-ancestors 'self' hxa.stage.cosmicdev.com cms.heterodoxacademy.org 1
default-src 'self' elca.ch *.elca.ch *.crazyegg.com; script-src 'self' 'nonce-NTZlNjJlNDQtNjVmOC00OWFlLWIxMGUtNjIyNjUwZTlhZjk5' 'strict-dynamic' 'unsafe-inline' *.crazyegg.com https://*.googletagmanager.com http: https: *.clickdimensions.com; style-src 'self' *.crazyegg.com 'unsafe-inline' *.clickdimensions.com; img-src 'self' elca.ch *.elca.ch *.crazyegg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com blob: data: https://cdn.addevent.com; connect-src 'self' elca.ch *.elca.ch *.crazyegg.com https://script.crazyegg.com https://vimeo.com https://consentcdn.cookiebot.com https://elcawebsites.matomo.cloud https://elcamarketing.azurewebsites.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; frame-src 'self' elca.ch *.elca.ch *.crazyegg.com https://player.vimeo.com https://www.google.com https://consentcdn.cookiebot.com; font-src 'self' data: *.clickdimensions.com; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self' elca.ch *.elca.ch; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'unsafe-inline' 'self' https://*.fileyourtaxes.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://www.google-analytics.com; img-src 'unsafe-inline' 'self' https://*.fileyourtaxes.com https://lantern.roeye.com https://chart.apis.google.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://www.awin1.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.fileyourtaxes.com https://www.dwin1.com https://www.awin1.com https://the.sciencebehindecommerce.com https://lantern.roeyecdn.com https://adservice.google.com https://ajax.googleapis.com https://code.jquery.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'unsafe-inline' 'self' https://*.fileyourtaxes.com https://use.fontawesome.com https://cdnjs.cloudflare.com; font-src 'unsafe-inline' 'self' https://*.fileyourtaxes.com https://use.fontawesome.com https://fonts.googleapis.com; frame-src 'unsafe-inline' 'self' https://*.fileyourtaxes.com https://www.google.com https://td.doubleclick.net https://www.awin1.com; connect-src 'unsafe-inline' 'self' https://*.fileyourtaxes.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://www.google-analytics.com https://the.sciencebehindecommerce.com https://www.wepowerconnections.com; 1
default-src *; script-src 'self' 'unsafe-inline' https://js.stripe.com/v3/ https://translate-pa.googleapis.com https://www.trustedsite.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com  https://translate.googleapis.com https://translate.google.com https://www.googletagmanager.com https://oss.maxcdn.com https://cdn.ywxi.net https://*.amazonaws.com https://*.formsite.com https://code.jquery.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://js.squareupsandbox.com https://nd.squarecdn.com https://js.squareup.com; object-src 'self' blob:; style-src 'self' https://www.gstatic.com https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://translate.googleapis.com https://translate.google.com; img-src https://www.google.com https://www.google-analytics.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://s3.us-east-2.amazonaws.com https://code.jquery.com https://cdn.ywxi.net blob: 'self' data: 'self' https://translate.googleapis.com https://translate.google.com https://www.gstatic.com; media-src 'none'; frame-src https://js.stripe.com/ 'self' https://www.trustedsite.com https://www.google.com https://*.formsite.com https://sandbox.web.squarecdn.com https://connect.squareupsandbox.com https://web.squarecdn.com https://connect.squareup.com; font-src 'self' https://fonts.gstatic.com https://d1g145x70srn7h.cloudfront.net; connect-src https://api.parkingsnap.com https://translate.googleapis.com https://www.google-analytics.com https://*.amazonaws.com 'self' https://pci-connect.squareupsandbox.com https://pci-connect.squareup.com https://translate.google.com https://squareup.com; base-uri 'self'; form-action 'self'; 1
default-src 'self' ; script-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://www.google-analytics.com ; style-src 'self' data: https://hcaptcha.com https://*.hcaptcha.com https://use.fontawesome.com ; font-src 'self' https://use.fontawesome.com ; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com ; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://js.cexplorer.io https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net ; img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net ; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-bVA4iq+/tRcffXLVDFTcSQ=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://www.google.com; object-src 'none'; frame-ancestors 'self' 1
default-src https: 'unsafe-inline' 'unsafe-eval' wss://umd.userlike.com wss://ws.botmaker.com; worker-src blob:; img-src 'self' blob: data: https:; font-src 'self' data: https:; frame-ancestors https://mc.yandex.ru https://yastatic.net https://metrika.yandex.ru  https://*.webvisor.com 1
default-src 'self'; script-src www.driveks.com *.googletagmanager.com 'sha256-lLFbnzbafs16YZgbc4k2ym3D/VRcXQoshF7e5li+GVY=' 'unsafe-eval' blob; img-src www.driveks.com; connect-src api.driveks.com https://browser-intake-us5-datadoghq.com *.googletagmanager.com *.google-analytics.com;  worker-src 'self' data: blob:; style-src 'unsafe-inline' www.driveks.com cdnjs.cloudflare.com; frame-ancestors none; form-action 'self'; object-src 'none'; base-uri www.driveks.com; font-src cdnjs.cloudflare.com; 1
default-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'; child-src 'self'; object-src blob: 'report-sample'; connect-src https://www.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://csi.gstatic.com https://*.googletagmanager.com https://analytics.google.com https://*.analytics.google.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google.com.br https://www.google.cl https://www.google.com.py https://www.google.fr https://www.google.com.mx https://www.google.com.bd https://www.google.com.co https://www.google.com.pe https://www.google.nl https://www.google.es https://www.google.com.gt https://www.google.com.uy https://www.google.com.pr https://www.google.com.sg https://www.google.es https://www.google.com.co https://www.google.at https://www.google.ca https://www.google.pl https://www.google.cl https://www.google.es https://www.google.com.ec https://www.google.co.ve https://www.google.jo https://www.google.hu https://www.google.com.ar https://www.google.com.qa https://www.google.com.co https://www.google.it https://www.google.hr https://www.google.co.il https://www.google.co.uk https://www.google.com.mm https://www.google.com.jm https://www.google.pt/ https://www.google.com.pk https://www.google.ca https://www.google.tt https://www.google.ie/ https://www.google.com.mx https://www.google.no https://www.google.com.au https://www.google.fi https://www.google.rs https://www.google.co.th https://www.google.de https://www.google.cz https://www.google.co.in https://www.google.co.nz https://www.google.co.za https://www.google.com.ua/ https://www.google.com.pk https://www.google.co.id https://www.google.com.ar https://www.google.az https://www.google.cl https://www.google.fr https://www.google.ru https://www.google.com.do https://www.google.com.ng https://www.google.co.jp https://www.google.co.zw https://www.google.ch https://www.google.es https://www.google.co.za https://www.google.com.tr https://www.google.co.ke https://www.google.com.sa https://www.google.pt/ https://www.google.dz https://www.google.be https://www.google.com.ph https://www.google.com.my https://www.google.co.id https://www.google.co.ma https://www.google.de https://www.google.com.kw https://www.google.gy https://www.google.hn https://www.google.com.hk https://www.google.co.ao https://www.google.com.eg https://www.google.co.ke https://www.google.co.cr https://www.google.co.tw; media-src blob: 'report-sample'; img-src 'self' blob: data: https://region1.analytics.google.com https://*.analytics.google.com https://www.google-analytics.com https://*.googleusercontent.com https://*.googlesyndication.com https://*.googletagmanager.com https://region1.analytics.google.com https://www.google.cz https://www.google.com.my https://www.google.co.in https://www.google.com.uy https://www.google.com.ar https://www.google.co.uk https://www.google.pt https://www.google.com.co https://www.google.co.ma https://www.google.bs https://www.google.de https://www.google.cl https://www.google.com.pe https://www.google.it https://www.google.fr https://www.google.com.mx https://www.google.ca https://www.google.bs https://www.google.es https://www.google.com.kw https://www.google.com.ec https://www.google.nl https://www.google.co.ke https://www.google.gr https://www.google.com.vn https://www.google.co.il https://www.google.com.mt https://www.google.com.pk https://www.google.com.jm https://www.google.dk https://www.google.com.bd https://www.google.com.ng https://www.google.hu https://www.google.ie https://www.google.cz https://www.google.pl https://www.google.ae https://www.google.com.hk https://www.google.co.id https://www.google.at https://www.google.com.br https://www.google.com.sa https://www.google.ru https://www.google.co.ve https://www.google.com.ec https://www.google.com.py https://www.google.co.za https://www.google.com.sv https://www.google.ro https://www.google.ch https://www.google.no https://www.google.sn https://www.google.hr https://www.google.com.pr https://www.google.com.ph https://www.google.com.eg https://www.google.se https://www.google.ge https://www.google.com.lb https://www.google.com.ua https://www.google.com.pa https://www.google.be https://www.google.co.nz https://www.google.co.zm https://www.google.com.sg https://www.google.com.gt https://www.google.com.br https://www.google.com.fj https://www.google.com.bo https://www.google.sk https://www.google.com.ni https://www.google.dz https://www.google.com.do https://www.google.rw https://www.google.as https://www.google.com.om https://www.google.co.jp https://www.google.rw https://www.google.md https://www.google.co.th https://www.google.jo/ https://www.google.com.gt/ https://www.google.fi https://www.google.co.tz https://www.google.bg https://www.google.co.kr https://www.google.rs https://www.google.com.au https://www.google.de https://www.google.iq https://www.google.az https://www.google.co.cr https://www.google.com.mm https://www.google.com.ly https://www.google.mw https://www.google.com.qa https://www.google.be https://www.google.hn https://www.google.com.pg/ https://www.google.bf https://www.google.com.tw https://www.google.ws https://www.google.tn https://www.google.com.tr https://www.google.com.np https://www.google.ci/ https://www.google.com.gh https://www.google.ht; script-src 'self' 'report-sample' https://*.googletagmanager.com https://*.google-analytics.com/analytics.js https://ssl.google-analytics.com/ https://apis.google.com https://*.googlesyndication.com https://*.googleadservices.com https://*.googletagservices.com https://adservice.google.com https://adservice.google.com.br https://adservice.google.com.mx https://adservice.google.com.co https://adservice.google.com.ar https://adservice.google.com.pe https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.tr https://adservice.google.com.pk https://adservice.google.com.sa https://adservice.google.com.ec https://adservice.google.com.ph https://adservice.google.com.bo https://adservice.google.com.gt https://adservice.google.com.tr https://adservice.google.com.ng https://adservice.google.com.ua https://adservice.google.com.my https://adservice.google.com.gt https://adservice.google.com.eg https://adservice.google.com.bh  https://adservice.google.co.uk https://adservice.google.co.in https://adservice.google.co.nz https://adservice.google.co.kr https://adservice.google.co.id https://adservice.google.co.ve https://adservice.google.co.il https://adservice.google.co.jp https://adservice.google.co.ke https://adservice.google.co.za https://adservice.google.co.ve  https://adservice.google.pl https://adservice.google.it https://adservice.google.es https://adservice.google.pt https://adservice.google.ca https://adservice.google.ru https://adservice.google.fr https://adservice.google.cl https://adservice.google.sk https://adservice.google.cz https://adservice.google.se https://adservice.google.gr https://adservice.google.ie https://adservice.google.hn https://adservice.google.ae https://adservice.google.cl https://adservice.google.hu https://adservice.google.de https://adservice.google.iq https://adservice.google.si https://adservice.google.rs https://adservice.google.nl https://adservice.google.py https://adservice.google.tn https://adservice.google.hu https://adservice.google.at https://adservice.google.fi https://adservice.google.rw https://adservice.google.co.th https://adservice.google.co.tz https://adservice.google.com.sg https://adservice.google.com.np https://adservice.google.com.vn https://adservice.google.com.kh https://adservice.google.com.bd https://adservice.google.com.fj https://adservice.google.be https://adservice.google.ro https://adservice.google.dk https://adservice.google.kz https://adservice.google.ch https://adservice.google.lt https://adservice.google.no https://adservice.google.bg https://adservice.google.lv https://adservice.google.com.tw https://adservice.google.lb https://adservice.google.com.bz https://adservice.google.com.py https://adservice.google.com.kw https://adservice.google.com.uy https://adservice.google.com.jm https://adservice.google.com.qa https://adservice.google.com.lb https://adservice.google.com.pr https://adservice.google.com.sv  https://adservice.google.com.cy https://adservice.google.com.hk https://adservice.google.com.et https://adservice.google.com.pa https://adservice.google.co.zm https://adservice.google.co.cr https://adservice.google.co.zw https://adservice.google.co.uz https://adservice.google.co.ug https://adservice.google.tt https://adservice.google.dz https://adservice.google.mu https://adservice.google.cm https://adservice.google.ht https://adservice.google.ee https://adservice.google.bt https://adservice.google.az https://adservice.google.hr https://adservice.google.is https://adservice.google.ad https://adservice.google.lk https://adservice.google.al https://adservice.google.lu https://adservice.google.mw https://adservice.google.ci https://adservice.google.co.mz https://adservice.google.com.mm https://adservice.google.com.na https://adservice.google.com.af https://adservice.google.bj https://adservice.google.bs https://adservice.google.co.ao https://adservice.google.co.bw https://adservice.google.co.vi https://adservice.google.com.ag https://adservice.google.com.bn https://adservice.google.com.cu https://adservice.google.com.gh https://adservice.google.com.ni https://adservice.google.com.pg https://adservice.google.fm https://adservice.google.la https://adservice.google.mn https://adservice.google.sn https://adservice.google.sr https://adservice.google.tl https://adservice.google.ws https://adservice.google.jo; style-src 'self' https://*.googletagservices.com https://fonts.googleapis.com 'unsafe-inline' 'report-sample'; font-src 'self' data: 'report-sample' https://fonts.gstatic.com https://use.typekit.net; frame-src blob: https://accounts.google.com https://*.doubleclick.net https://*.googlesyndication.com https://docs.google.com https://drive.google.com https://www.google.com; 1
frame-src 'self' https://*.sispi.it https://*.comune.palermo.it https://*.amat.pa.it https://*.moovit.com https://www.manageengine.com https://*.cartodb.com https://*.carto.com https://*.google.com https://*.googleapis.com platform.twitter.com m.facebook.com web.facebook.com www.facebook.com connect.facebook.net youtube.com www.youtube.com www.youtube-nocookie.com s7.addthis.com edge.addthis.com api-8a2c2c8b.duosecurity.com js.zohocdn.com salesiq.zohopublic.com blob:; frame-ancestors 'self' https://*.sispi.it https://*.comune.palermo.it; object-src 'self'; upgrade-insecure-requests; report-uri https://csp-reports.sispi.it/api/2/security/?sentry_key=305c57efb1024f9686f976f3658cff59 1
font-src *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.fontawesome.com *.fonts.googleapis.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://www.googletagmanager.com/ *.google.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.gstatic.com *.google.com *.google.co.in https://www.facebook.com *.cdn.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.s.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com https://www.magezon.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.google.com/ *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com *.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.addthis.com *.graph.instagram.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.miltonhouse.eu/; report-to report-endpoint; 1
default-src 'self' *.gstatic.com;       style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;       script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com *.google-analytics.com *.googleapis.com www.google.com         data: *.gstatic.com *.googleapis.com *.ggpht.com;       img-src 'self' www.googletagmanager.com www.google-analytics.com *.googleapis.com         data: *.gstatic.com *.googleapis.com *.ggpht.com;       connect-src 'self' www.google-analytics.com *.googleapis.com;       frame-src 'self' www.google.com; 1
default-src https: data: blob 'unsafe-inline' 'unsafe-eval'; connect-src wss: ws: https:; 1
script-src 'unsafe-inline' 'self' fonts.googleapis.com www.google.com www.gstatic.com recaptcha.msgapp.com cdn.ampproject.org www.google-analytics.com braintree-api.com sandbox.braintree-api.com client-analytics.braintreegateway.com api.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.sandbox.braintreegateway.com sandbox.braintreegateway.com gstatic.sandbox.braintreegateway.com payments.sandbox.braintree-api.com www.braintreegateway.com gstatic.braintreegateway.com payments.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com js.braintreegateway.com marketing.suzohapp.com stats.g.doubleclick.net maps.googleapis.com maps.google.com ajax.googleapis.com mts1.googleapis.com www.kota3chat.com; frame-ancestors 'self' http://*.suzohapp.com https://*.suzohapp.com http://*.happcontrols.com https://*.happcontrols.com 1
default-src 'self' ;script-src 'strict-dynamic' 'nonce-6n0ZCnnebcl8Z2YeFdtOFYohYbixzQ==' 'sha256-dJ2ziT8Ub0imytpULgqXqtzULlOfjgmbXfAIghWhFco=' 'sha256-Q+TK9ExxgHGiTty46lnFlcm+gZqZ0NEsMVOUdy3kHIg=';style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://www.googleapis.com https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.cookielaw.org https://www.onetrust.com https://geolocation.onetrust.com https://privacyportal.onetrust.com https://privacyportal-de.onetrust.com ;img-src 'self' https://cdn.cookielaw.org https://www.onetrust.com https://geolocation.onetrust.com https://privacyportal.onetrust.com https://privacyportal-de.onetrust.com https://www.facebook.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google.pt https://i.ytimg.com https://www.googletagmanager.com data:;font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com https://fonts.googleapis.com ;connect-src 'self' https://connect.facebook.net https://www.analytics.google.com https://region1.analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://www.g.doubleclick.net https://td.doubleclick.net https://stats.g.doubleclick.net https://www.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://cdn.cookielaw.org https://www.onetrust.com https://geolocation.onetrust.com https://privacyportal.onetrust.com https://privacyportal-de.onetrust.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect;media-src 'self' https://www.youtube.com https://play.google.com ;object-src 'none' ;frame-src 'self' https://www.google.com/recaptcha/ https://www.g.doubleclick.net https://td.doubleclick.net https://stats.g.doubleclick.net https://www.youtube.com https://play.google.com https://www.facebook.com ;frame-ancestors 'self' ;base-uri 'self' ;form-action 'self' https://www.facebook.com ; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: https:; report-uri www.atmoskop.cz/csp-reports; frame-ancestors 'self' 1
default-src 'self' *.fair.co.il fair.co.il; img-src data: 'self' *.fair.co.il fair.co.il *.google-analytics.com *.google.com *.google.de *.google.co.il *.googletagmanager.com *.gstatic.com *.g.doubleclick.net *.googleadservices.com static.hotjar.com script.hotjar.com *.nagich.co.il www.facebook.com; script-src 'self' *.fair.co.il fair.co.il 'unsafe-eval' 'unsafe-inline' *.youtube.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net *.google-analytics.com *.googleadservices.com script.hotjar.com static.hotjar.com *.nagich.co.il connect.facebook.net www.facebook.com cdnjs.cloudflare.com; style-src 'self' *.fair.co.il fair.co.il fonts.googleapis.com  *.gstatic.com *.googletagmanager.com *.googleadservices.com 'unsafe-inline' static.hotjar.com script.hotjar.com *.nagich.co.il; font-src data: 'self' *.fair.co.il fair.co.il  *.gstatic.com *.googleadservices.com script.hotjar.com *.nagich.co.il; object-src 'none'; connect-src wss://*.hotjar.com *.hotjar.com *.hotjar.io *.google.com *.google.de *.google.co.il  *.googletagmanager.com *.gstatic.com *.g.doubleclick.net *.google-analytics.com *.googleadservices.com *.ingest.sentry.io 'self' *.nagich.co.il *.vimeo.com; frame-ancestors 'self' https://*.harel-group.co.il https://*.harel-ext.com; frame-src 'self' *.fair.co.il  hf.tranzila.com vars.hotjar.com www.facebook.com *.youtube.com *.vimeo.com *.google.com *.doubleclick.net; worker-src blob: 'self' 1
font-src *.easypack24.net *.sysadvisors.pl *.bing.com *.virtualearth.net opineo.pl *.opineo.pl *.dotpay.pl *.payu.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://geowidget.easypack24.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com facebook.net *.dotpay.pl *.facebook.com *.przelewy24.pl sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ self *.criteo.com *.criteo.net *.facebook.com *.facebook.net *.doubleclick.net opineo.pl *.opineo.pl *.dotpay.pl 'unsafe-inline' data: *.addtoany.com *.buybox.click *.dpd.com.pl www.google.com *.cookiebot.com *.interankiety.pl converti.se *.tradedoubler.com *.clickonometrics.pl *.salesmanago.pl pay.google.com https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cdninstagram.com *.easypack24.net *.openstreetmap.org *.inpost.pl *.google.com *.google.pl google.com google.pl googletagmanager.com *.doubleclick.net *.google-analytics.com *.criteo.com *.criteo.net https: data: *.sysadvisors.pl *.bing.com *.virtualearth.net opineo.pl *.opineo.pl *.dotpay.pl self blob: static.przelewy24.pl www.gstatic.com gstatic.com https://geowidget.easypack24.net *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.easypack24.net unpkg.com *.mapbox.com *.jsdelivr.net furgonetka.pl *.openstreetmap.org *.inpost.pl *.doubleclick.net *.criteo.com *.criteo.net *.cloudflareinsights.com *.wp.pl *.clickonometrics.pl *.cloudflare.com *.googletagmanager.com *.googleadservices.com *.googleoptimize.com *.google-analytics.com *.facebook.net *.facebook.com *.sysadvisors.pl *.bing.com *.virtualearth.net opineo.pl *.opineo.pl *.dotpay.pl *.addtoany.com *.buybox.click *.hotjar.com *.payu.com *.clarity.ms *.retargeted.co *.trackmytarget.com *.publitas.com trustmate.io *.tmtarget.com *.mimeeqapp.com *.mimeeqapi.com *.mimeeq.com maps.googleapis.com static.paynow.pl cdngazeta.pl tp.convertiser.com svht.tradedoubler.com mc.yandex.ru *.cookiebot.com *.cloudfront.net *.tradedoubler.com *.googlesyndication.com *.avada.io sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com https://geowidget.easypack24.net *.hsforms.net *.hsforms.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.easypack24.net *.openstreetmap.org *.cloudflare.com *.sysadvisors.pl *.bing.com *.virtualearth.net opineo.pl *.opineo.pl *.dotpay.pl *.payu.com *.googletagmanager.com trustmate.io cdn.jsdelivr.net secure.przelewy24.pl *.fontawesome.com maxcdn.bootstrapcdn.com fonts.googleapis.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.easypack24.net *.openstreetmap.org *.google-analytics.com *.inpost.pl *.doubleclick.net *.facebook.com *.facebook.net *.googleadservices.com *.analytics.google.com *.googletagmanager.com *.google.pl *.sysadvisors.pl *.bing.com *.virtualearth.net opineo.pl *.opineo.pl *.dotpay.pl *.addtoany.com *.buybox.click *.clarity.ms *.hotjar.com *.hotjar.io *.retargeted.co *.amazonaws.com *.cloudfront.net *.mimeeq.com maps.googleapis.com pixel.wp.pl vc-service.saleago.com *.cookiebot.com *.edrone.me *.clickonometrics.pl converti.se *.imgstatics.com https://get.geojs.io *.avada.io sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors yangqianguan.com:* *.yangqianguan.com:* fintopia.tech:* *.fintopia.tech:* *.fengtai.tech:* *.xiaoshuihua.com:* *.geteasycash.asia:* *.sjrtguarantee.com:* *.sjrtguarantee.cn:* *.snxguarantee.cn:* *.snxguarantee.com:* 1
frame-ancestors 'self' https://www.hmagasin.no/ https://www.human.no/; upgrade-insecure-requests 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' www.gstatic.com www.googletagmanager.com www.google.com unpkg.com www.google-analytics.com; script-src-elem 'self' 'unsafe-inline' www.gstatic.com www.googletagmanager.com www.google.com unpkg.com www.google-analytics.com; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com region1.google-analytics.com; img-src 'self' www.google-analytics.com i.ytimg.com data:; base-uri 'self'; form-action 'self'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; frame-src 'self' www.youtube.com www.google.com www.youtube-nocookie.com; frame-ancestors 'self' 1
default-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://api-maps.yandex.ru https://suggest-maps.yandex.ru http://*.maps.yandex.net https://yandex.ru https://yastatic.net https://enterprise.api-maps.yandex.ru https://optimize.google.com https://www.googletagmanager.com https://www.googleanalytics.com https://www.google-analytics.com https://api-cis.exponea.com https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org *.metrika.yandex.ru *.yandex.tld *.yandex.net https://vk.com https://top-fwz1.mail.ru; style-src https: blob: 'self' 'unsafe-inline'; style-src-elem blob: https: 'self' 'unsafe-inline'; img-src blob: data: https: 'self' 'unsafe-inline' https://*.maps.yandex.net https://optimize.google.com https://enterprise.api-maps.yandex.ru https://api-maps.yandex.ru https://yandex.ru https://mc.yandex.ru; connect-src wss://*.blanc.ru wss://*.vestabankdev.ru https: 'self' 'unsafe-inline' *.sentry.io *.ingest.sentry.io https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://yandex.ru https://*.taxi.yandex.net https://api-cis.exponea.com https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru; font-src data: https: 'self' 'unsafe-inline'; object-src 'self'; media-src 'self'; child-src https: 'self' https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://mc.yandex.ru; frame-src blob: 'self' https://*.group-ib.com https://*.group-ib.ru https://wcm-ru.frontend.weborama.fr https://content.adriver.ru https://www.facebook.com https://optimize.google.com http://*.fls.doubleclick.net http://*.doubleclick.net https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://*.mkb.ru:* https://*.mirconnect.ru:* https://*.vestabankdev.ru https://*.blanc.ru https://mc.yandex.ru https://mc.yandex.com https://ad.new-programmatic.com https://px.adhigh.net/; form-action https: 'self' 'unsafe-inline'; worker-src https: 'self' blob:; manifest-src https: 'self'; frame-ancestors 'self' https://*.blanc.ru https://avito.ru https://www.avito.ru https://*.avito.ru *.yandex.ru *.yandex.by *.yandex.com *.yandex.com.tr webvisor.com; block-all-mixed-content; report-uri https://o547163.ingest.sentry.io/api/5669457/security/?sentry_key=1f47343ab8d64a3bb44fa53d85499fff; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.myscience.at *.myscience.ca *.myscience.es *.myscience.fr *.myscience.de *.myscience.co.nl *.myscience.uk *.myscience.org *.aura-dsp.com *.creativecdn.com *.bing.com *.bingj.com *.careerjet.ch *.careerjet.net *.clarity.ms *.doubleclick.net *.dailymotion.com *.googlesyndication.com *.googletagmanager.com *.google.ch *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.paypal.com *.paypalobjects.com *.switch.ch *.youtube.com *.ytimg.com  *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com ; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com; frame-src 'self' *.dailymotion.com *.doubleclick.net *.google.com *.googlesyndication.com *.paypal.com *.switch.ch *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'self'; form-action 'self' *.paypal.com *.paypalobjects.com; base-uri 'self'; object-src 'none' ; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://wehavecookies.social; img-src 'self' https: data: blob: https://wehavecookies.social; style-src 'self' https://wehavecookies.social 'nonce-BFkFjeYYtIyLiPR1kZ5apQ=='; media-src 'self' https: data: https://wehavecookies.social; frame-src 'self' https:; manifest-src 'self' https://wehavecookies.social; form-action 'self'; child-src 'self' blob: https://wehavecookies.social; worker-src 'self' blob: https://wehavecookies.social; connect-src 'self' data: blob: https://wehavecookies.social https://files.wehavecookies.social wss://wehavecookies.social; script-src 'self' https://wehavecookies.social 'wasm-unsafe-eval' 1
default-src 'self' https://cmsapi.mahzooz.ae https://www.google.com https://www.youtube.com https://maps.googleapis.com https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://maps.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://fonts.googleapis.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://maps.googleapis.com https://fonts.googleapis.com https://www.google.com https://www.gstatic.com; img-src 'self' https://cmsapi.mahzooz.ae https://cmsadmin.mahzooz.ae https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://analytics.google.com https://www.google.ae blob: data:; connect-src 'self' https://cmsapi.mahzooz.ae https://maps.googleapis.com https://fonts.googleapis.com https://www.google.com https://www.gstatic.com https://analytics.google.com; font-src 'self' https://cmsapi.mahzooz.ae https://fonts.gstatic.com https://jsbin-user-assets.s3.amazonaws.com https://fonts.googleapis.com data:; object-src 'none'; base-uri 'self'; frame-src 'self' https://www.google.com https://www.youtube.com;; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://js.monitor.azure.com; img-src 'self' data:; 1
frame-ancestors https://www.asaporg.com https://divcomplatform.s3.amazonaws.com 1
default-src 'self' *;script-src 'self' 'unsafe-inline' 'nonce-RQhWD4sggCxayihR8z5q6smF' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;img-src 'self' data: maps.gstatic.com maps.googleapis.com media.pressburst.app syndication.twitter.com www.google-analytics.com 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.cookielaw.org pghub.io feed.pghub.io pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; media-src 'self' *.ctfassets.net feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.pghub.io consumersupport.pg.com pandg.tapad.com ; img-src 'self' data: *.ctfassets.net *.tapad.com www.googletagmanager.com *.cookielaw.org *.cookielaw.org feed.pghub.io ; connect-src 'self' *.cookielaw.org *.algolia.net *.algolianet.com *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
frame-ancestors 'self' https://members.onvif.org 1
frame-ancestors https://*.estratraining.it 1
default-src 'self'; connect-src 'self' maps.googleapis.com www.google-analytics.com www.paypal.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' docs.google.com e.issuu.com indd.adobe.com libanswers.greenvillelibrary.org my.nicheacademy.com  player.vimeo.com www.google.com www.paypal.com www.youtube.com; img-src 'self' data: aspen.greenvillelibrary.org http://contentcafe2.btol.com csi.gstatic.com maps.google.com maps.googleapis.com maps.gstatic.com t.paypal.com www.google-analytics.com www.gstatic.com www.paypalobjects.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com cdnjs.cloudflare.com libanswers.greenvillelibrary.org maps.googleapis.com www.google.com www.google-analytics.com www.gstatic.com www.googletagmanager.com www.paypal.com www.paypalobjects.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com; 1
default-src * self blob:; font-src * self data:; worker-src blob:; img-src * self data:; script-src * 'self' 'unsafe-eval' 'unsafe-inline'; style-src * self 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' 1
true 1
default-src *; img-src * 'self' data: https:; style-src 'self' 'unsafe-inline' *; script-src www.google-analytics.com  www.googletagmanager.com  www.google.com  www.gstatic.com  'self' 'unsafe-inline' 'unsafe-eval' *; report-uri  https://report-service-url.report-uri.com/r/d/csp/reportOnly 1
block-all-mixed-content; base-uri 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; font-src https: data:; form-action 'self'; img-src https: data:; frame-ancestors 'none'; frame-src https:; object-src 'none'; report-uri https://puntapi.com/csp-reporting/capture 1
default-src *;  style-src * 'unsafe-inline';  script-src * 'unsafe-inline' 'unsafe-eval';  img-src * data: 'unsafe-inline';  connect-src * 'unsafe-inline';  frame-src www.google.com www.youtube.com;  frame-ancestors none;  upgrade-insecure-requests; 1
default-src 'self' 'unsafe-hashes'      data:     ;      script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'     'sha256-8spxeCSi69147DOnNd3KS//gig06iEEDZjVkaYpqHzs='      'sha256-WGWi9TlE5t5A1b00yt5KfBhbCx8kMM+0YiO0bnjRHCw='     'sha256-rcnQ62+3JaG3jhdqisGlWt1eDeX3RBbouKsGdZ5xiKY='      'sha256-ICdUNhKfQE6Exxbku1k1vgabxPfVWXbaJpk9VfsArAk='     'sha256-OPnKUMua4e0GN7bTqOlYGiMdPJx8Db7oqOFxAR30J+0='     'sha256-Bad4CtxyEmKqugEFYKVv6wx00AAesAgz7tjuvHNpRFw='     'sha256-qpiJam7Y2DuO22tZ/bgH8L7VBqxWZUWu3D8U9T75NSk='     'sha256-rNvCGiCRyiPJjtwqB4vymBwGb34k0WAU73OuNB/BTy0='     'sha256-OU9wV+vKucwhrrtmm8UWT2Pyi1EOxBisey2TQf8OUWo='     'sha256-U94NnnauyiDYvd0WHSl7sRM2E/x32UWeOb0/pdxPoRo='     'sha256-Mt54s4yhiIX6n5g1eRDpI0A4ZQx0/XXS6rAXQw7TUAE='     'sha256-ceTeNRWsIST2BVqKoleIB/3nlZH9hfT2WzhMd0oAnD0='     'sha256-4fvZGCMDUtVbuFc7EJsac2UrP9gLL+7AzNzYPriO8lg='     'sha256-zOaLQOqGChG3+24L+BJ0ora2KEo+1LUv0s4MhrUemsI='     'sha256-sV4mUzRMG1YhQUhZ0+uf7GoflqSBkVHFXqqvqOuyB4s='     'sha256-0QAVk6F911LK5gXYCB6agFme9DJhg0VBmGquZQPS5r0='     'sha256-O4vJcDwO5xfK9fmjkETz2Q5m3IoEh1yIxGmrhwsRGmY='     'sha256-902jiC80ubv/Jb6twxix6Bi11B6NxdscGKMwneeJtTU='     'sha256-C79UWGvRQdxwLEUsZc6lOksYaxbAmSUmWV+OVHpXyps='     'sha256-qJHRHZKDaBz+9WxWoUvehB9DuqMIXNqhAKmJ7QqcrzE='     'sha256-mfbuCHfmjncPpgUJGGZiLJdubfhZpbdkOtgB+WpdfBM='     data:      ;      style-src 'self' 'unsafe-hashes'      'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog='     'sha256-TkQEhgatO0tm/yqps35DBRUbR0QPH+7TiaRN6ZJJUBE='     'sha256-OI2LyEunVorhNx1U6QFfA5hdl7UWie34o7klNRiGWac='     'sha256-tLi5c4M/P9JloBadVPrsKPIG1rgn/95K3P+HshWbi2c='     'sha256-ACYRe3pfW2tc/upevr9jDDpbPzLOcIxMR4DsSopR/Ns='     'sha256-YeQ/KPsnhbsbqZLfX3TBPMpkbTI8ashJz8PMffp73PU='     'sha256-M+x1t9JxS/Lr8UD/GnUj5m5dXUvsUiupBtkmKlI4tGA='     'sha256-DjEitNbMIwNILMMF4SIgBxPKzQEvA5mDNqpOHf+yUAs='     'sha256-FH0qtoSg7BJeT3K9KaxO5H+LnG2uj6R+v7W9bvaZ8j0='     'sha256-8ut0cb/b7cENeQ8zic+cZ2VODFs7jDKOMHv4HHM/6eg='     'sha256-TlBJZQipIt0g6nZmaJ2HssWTU26qBHogTo2fOWgqAYI='     'sha256-zRzLIrvro8BlOwJ6Xepm4LClGY1sM4kDoLpoXEFlBeg='     'sha256-9IQfZen02H9J7uarhLGvo7CBBjN24CM8rYBXvHx7+YU='     'sha256-WaSrqDSFOfMKqcWxEazhqSHDRmVu/ML0fgm8VK6RyGQ='     'sha256-4qwSjaWZIv6u/72hYSsfkmj+B/gfKm46WK5flJuIKjE='     'sha256-ZGucq5sjA26GZl5EGl15K7ZAO7nLEOdCoz5sen3Tm4k='     'sha256-PYjKx2cQdErBDxaZaQ7Gr5rYwI+cSRBn6N8QJMVWepY='     'sha256-Risr9Ovnx+uStZhyMZ5hMi3EMu6WKUj3WS802j8BvpM='     'sha256-1n1ZWCCdFZGI2VpRa1+3s2o0Hv/GkOjvDVFLbaDKgqk='     'sha256-X6Hek/B5km7NYwYRi87mCX7wRIKWVpHnPyOwBrT8T68='     'sha256-1n1ZWCCdFZGI2VpRa1+3s2o0Hv/GkOjvDVFLbaDKgqk='     'sha256-X6Hek/B5km7NYwYRi87mCX7wRIKWVpHnPyOwBrT8T68='     'sha256-X6Hek/B5km7NYwYRi87mCX7wRIKWVpHnPyOwBrT8T68='     ;      img-src 'self' 'unsafe-hashes'      data:      ;      object-src 'none';      base-uri 'none';       1
default-src 'self'; img-src 'self' data: https://www.google-analytics.com https://px.ads.linkedin.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://shop.domainecarneros.com *.vin65.com https://secure.gravatar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net https://www.exploretock.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net https://www.exploretock.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://www.datadoghq-browser-agent.com *.exploretock.com *.redchirp.com *.vin65.com https://shop.domainecarneros.com https://acsbapp.com https://connect.facebook.net https://snap.licdn.com https://s.pinimg.com https://secure.adnxs.com https://ct.pinterest.com https://static.mobilemonkey.com; connect-src 'self' https://domainecarneros.com https://www.google-analytics.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://ct.pinterest.com https://px.ads.linkedin.com *.acsbapp.com https://acsbapp.com https://domainecarneros.com; frame-ancestors 'self'; frame-src 'self' https://maps.google.com https://assetss3.vin65.com https://app.redchirp.com https://ct.pinterest.com https://www.facebook.com https://www.youtube.com https://www.exploretock.com https://td.doubleclick.net; report-to csp-report 1
default-src 'self' http: https: data: blob: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' *.clarity.ms leadsbridge.com *.earpros.com *.googlesyndication.com www.facebook.com www.youtube-nocookie.com amplifon.demdex.net i.ytimg.com;     connect-src 'self' leadsbridge.com *.clarity.ms *.earpros.com *.outbrain.com *.googlesyndication.com maps.googleapis.com www.gstatic.com *.showmetheresource.com *.amplifoninternal.com *.trksis.com aem-americas.earpros.com *.doubleclick.net *.showmetheresource.com *.nextdoor.com *.hotjar.com *.pinterest.it *.postimg.cc *.ibb.co *.teads.tv *.googleadservices.com *.addevent.com *.adform.net *.everesttech.net *.smetrics.amplifon.com *.everestjs.net aem-apac.earpros.com amplifongroup.tt.omtrdc.net www.facebook.com smetrics.earpros.com www.google-analytics.com stats.g.doubleclick.net trc-events.taboola.com amplifon.d3.sc.omtrdc.net www.youtube-nocookie.com r2---sn-8vq54voxpu-hm26.googlevideo.com r2---sn-hpa7kn7s.googlevideo.com dpm.demdex.net aem-emea.earpros.com bat.bing.com trc.taboola.com *.bc0a.com;     script-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' *.clarity.ms leadsbridge.com *.earpros.com *.outbrain.com *.googlesyndication.com maps.googleapis.com www.gstatic.com *.criteo.net *.criteo.com *.trksis.com *.doubleclick.net showmetheresource.com *.showmetheresource.com *.nextdoor.com *.hotjar.com *.pinterest.it *.postimg.cc *.ibb.co *.teads.tv *.googleadservices.com *.addevent.com *.adform.net *.everesttech.net *.smetrics.amplifon.com *.everestjs.net assets.adobedtm.com smetrics.earpros.com www.google-analytics.com bat.bing.com amplify.outbrain.com connect.facebook.net www.googletagmanager.com www.googleadservices.com cdn.taboola.com trc.taboola.com googleads.g.doubleclick.net www.youtube.com www.youtube-nocookie.com www.google.com tr.outbrain.com amplifon.d3.sc.omtrdc.net *.bc0a.com;     style-src 'self' 'unsafe-hashes' 'unsafe-inline' *.ub-assets.com fonts.googleapis.com www.youtube-nocookie.com;     img-src 'self' *.clarity.ms *.miracle-ear.com offlinemilano.it leadsbridge.com *.earpros.com *.keyxel.com *.g2afse.com *.googlesyndication.com maps.googleapis.com maps.gstatic.com *.adnxs.com *.bidswitch.net *.omnitagjs.com *.casalemedia.com *.dmxleo.com *.360yield.com *.criteo.com *.media.net *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.smaato.net *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.advertising.com *.yahoo.com *.yieldlab.net *.criteo.net *.postimg.cc *.trksis.com *.doubleclick.net *.showmetheresource.com *.nextdoor.com *.hotjar.com *.googleadservices.com bat.bing.com tr.outbrain.com p1.zemanta.com www.facebook.com cds.taboola.com www.google.com www.google.it i.ibb.co googleads.g.doubleclick.net www.youtube-nocookie.com i.ytimg.com yt3.ggpht.com cm.everesttech.net dpm.demdex.net www.googletagmanager.com www.google-analytics.com trc.taboola.com data:;     frame-src 'self' *.clarity.ms leadsbridge.com *.earpros.com *.googlesyndication.com *.trksis.com *.doubleclick.net *.showmetheresource.com *.nextdoor.com *.hotjar.com www.youtube-nocookie.com www.google.com amplifon.demdex.net www.facebook.com antevenio-it.com;     font-src 'self' *.ub-assets.com fonts.gstatic.com; 1
default-src 'self' cse.google.com; base-uri 'none'; img-src 'self' *.google.com *.googleapis.com *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com cse.google.com; style-src 'self' 'unsafe-inline' www.google.com; frame-src 'self' cse.google.com; font-src 'self'; frame-ancestors 'self' 1
default-src https:; worker-src blob:; font-src https: data:; img-src https: blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; 1
default-src 'self'; script-src 'self' dnstest2.ficora.fi dnstest.traficom.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi occhat.elisa.fi stat.traficom.fi https://static.aim.front.ai https://traficom-prod.boost.ai stat.viestintavirasto.fi 10.250.193.20 'nonce-d95845fc-2428-4096-bfae-7dbd21a6c652'; img-src 'self' data: https://boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com https://static.aim.front.ai *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi qa.bittimittari.fi prod.bittimittari.fi www.youtube.com img.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com occhat.elisa.fi; style-src 'self' dnstest2.ficora.fi dnstest.traficom.fi occhat.elisa.fi https://static.aim.front.ai https://traficom-prod.boost.ai 'unsafe-inline'; font-src 'self' occhat.elisa.fi https://static.aim.front.ai; object-src 'self' data:; base-uri 'self'; frame-src 'self' *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi qa.bittimittari.fi prod.bittimittari.fi www.youtube.com img.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com occhat.elisa.fi; connect-src 'self' wss://occhat.elisa.fi https://occhat.elisa.fi https://static.aim.front.ai https://traficom-prod.boost.ai https://stat.viestintavirasto.fi https://stat.traficom.fi; form-action 'self' 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://mfpembedcdnweu.azureedge.net/mfpembedcontweu/ http://maps.google.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://customervoice.microsoft.com/ https://www.google.com/; connect-src data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net *.investis.com *.api.brightcove.com geoid.investisdigital.com cookiemanager.investisdigital.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis.com *.api.brightcove.com otp.tools.investis.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net assets.investisdigital.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net assets.investisdigital.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.api.brightcove.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' 'unsafe-inline' *.investis.com www.google.com ir.tools.investis.com staticxx.facebook.com www.youtube.com viz.tools.investis.com http://viz.tools.investis.com vivoenergy.canto.global https://vivoenergy.canto.global/v/photogallery https://d1c96hlcey6qkb.cloudfront.net *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; connect-src 'self' *.investis.com *.api.brightcove.com  https://cookiemanager.investisdigital.com https://geoid.investisdigital.com www.google-analytics.com https://region1.google-analytics.com analytics.google.com stats.g.doubleclick.net https://assets.investisdigital.com; report-uri /report-csp-violation 1
default-src 'self'; img-src 'self' data: http: https: *.gravatar.com cdn.buyhttp.com *.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.hotjar.com:* *.hotjar.com:* *.hotjar.io *.hotjar.io www.google.com www.google-analytics.com *.doubleclick.net www.googletagmanager.com maps.googleapis.com ajax.googleapis.com support.buyhttp.com www.gstatic.com; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; frame-src 'self' *.hotjar.com www.google.com www.youtube.com *.facebook.com; connect-src 'self' *.hotjar.com *.hotjar.io *.facebook.com stats.g.doubleclick.net analytics.google.com www.google-analytics.com maps.googleapis.com wss: *.hotjar.com; child-src 'self' *.facebook.com; form-action 'self' *.facebook.net *.facebook.com; 1
default-src 'self' https://*.zopim.com https://*.zopim.io wss://*.zopim.com;connect-src 'self' https://www.sandbox.paypal.com https://www.paypal.com https://www.google-analytics.com https://links.services.disqus.com wss://localhost wss://*.zopim.com https://static.zdassets.com https://ekr.zdassets.com https://brasstrains.sirv.com https://brasstrains.zendesk.com;font-src 'self' https://fonts.gstatic.com https://*.zopim.com https://fonts.gstatic.com data:;frame-src https://www.paypal.com https://www.sandbox.paypal.com https://www.youtube.com https://www.facebook.com https://apis.google.com https://accounts.google.com https://www.google.com https://brasstrains.sirv.com https://livestream.com https://disqus.com https://secure.comodo.com;img-src 'self' data: https://test-images.brasstrains.com https://t.paypal.com https://brasstrains.sirv.com https://badges.instagram.com https://instagramstatic-a.akamaihd.net https://ssl.google-analytics.com https://assets.pinterest.com https://www.paypal.com https://secure.gravatar.com https://images.brasstrains.com https://secure.gravatar.com https://i1.wp.com https://referrer.disqus.com https://a.disquscdn.com https://b.disquscdn.com https://c.disquscdn.com https://secure.comodo.com https://www.paypalobjects.com https://www.google-analytics.com https://www.googletagmanager.com https://*.zopim.com https://*.zopim.io https://secure.trust-provider.com;media-src 'self' https://*.zopim.com https://static.zdassets.com;object-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-MDR4NHlFU2RsUDJCT0d0UnZzQzNEWXEwcXJGdFNvQ3M=' https://*.paypal.com https://*.paypalobjects.com https://www.sandbox.paypal.com https://apis.google.com https://www.google.com https://www.gstatic.com https://scripts.sirv.com https://widgets.pinterest.com https://assets.pinterest.com https://log.pinterest.com https://brasstrains.sirv.com https://code.highcharts.com https://livestream.com https://disqus.com https://brasstrains.disqus.com https://a.disquscdn.com https://b.disquscdn.com https://c.disquscdn.com https://secure.comodo.com https://www.googletagmanager.com https://www.google-analytics.com https://*.zopim.com https://static.zdassets.com https://ekr.zdassets.com ;style-src 'self' 'unsafe-inline' https://scripts.sirv.com https://a.disquscdn.com https://b.disquscdn.com https://c.disquscdn.com https://fonts.googleapis.com;report-uri /Common/CspReport; 1
frame-ancestors 'self' *.beautiful.ai 1
default-src 'unsafe-inline' 'self' zugfinder.azureedge.net *.openstreetmap.org; 1
default-src 'none'; connect-src 'self' https://094-chh-722.mktoresp.com https://api.hubapi.com https://basemaps.arcgis.com https://cdn.arcgis.com https://dc.services.visualstudio.com https://dpm.demdex.net https://esp-eu.aptrinsic.com https://forms.hubspot.com https://js.arcgis.com https://ocm.elase.pohjolavakuutus.fi https://ocm.op-media.fi https://opservicesltd.d3.sc.omtrdc.net https://pui.episerver.net https://static.arcgis.com https://www.arcgis.com https://northeurope-4.in.applicationinsights.azure.com https://maps.googleapis.com https://maps.gstatic.com; font-src 'self' https://fonts.gstatic.com https://dhm5hy2vn8l0l.cloudfront.net https://js.arcgis.com; frame-ancestors 'self'; frame-src 'self' https://c1.adform.net https://cdn.krxd.net https://email.op-media.fi https://episerveridentity.b2clogin.com https://manager.emea01.idio.episerver.net https://survey.zef.fi https://tr.snapchat.com https://w.soundcloud.com http://www.youtube-nocookie.com http://www.youtube.com https://cg.optimizely.com https://statistics-dashboard.azurewebsites.net/; img-src 'self' data: https://a.emea01.idio.episerver.net https://a.usea01.idio.episerver.net https://beacon.krxd.net https://cdn.arcgis.com https://dl.episerver.net http://i.idio.co https://i.ytimg.com https://js.arcgis.com https://opservicesltd.d3.sc.omtrdc.net https://px.ads.linkedin.com https://server.seadform.net https://t.co https://track.hubspot.com https://www.facebook.com https://www.google.com https://www.google.fi https://www.linkedin.com https://www.op.fi https://maps.googleapis.com https://maps.gstatic.com; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.vo.msecnd.net https://ajax.googleapis.com https://analytics.twitter.com https://a.emea01.idio.episerver.net https://api.emea01.idio.episerver.net https://assets.adobedtm.com https://beacon.krxd.net https://cdn.jsdelivr.net https://cdn.krxd.net https://connect.facebook.net https://consumer.krxd.net https://dl.episerver.net https://googleads.g.doubleclick.net https://js.arcgis.com https://munchkin.marketo.net https://s.emea01.idio.episerver.net https://s.usea01.idio.episerver.net https://s2.adform.net https://sc-static.net https://snap.licdn.com https://static.ads-twitter.com https://tags.op-palvelut.fi https://track.adform.net https://www.googleadservices.com https://www.googletagmanager.com https://web-sdk-eu.aptrinsic.com https://www.youtube.com https://js.monitor.azure.com https://maps.googleapis.com https://maps.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://dl.episerver.net https://js.arcgis.com https://web-sdk-eu.aptrinsic.com https://fonts.googleapis.com/; media-src 'self'; worker-src blob: 'self'; 1
report-uri /jss/csp_report.phtml;base-uri 'self';default-src 'self' pd1ql.stereocdn.com d13058ycfhe2cj.cloudfront.net am-us.stereocdn.com d1uys5gv2539gd.cloudfront.net am-eu.stereocdn.com stereocdn.com static.stereo.com storage.stereo.com stereo-images.stereocdn.com media.stereocdn.com *.amazonaws.com records.stereocdn.com blob:;script-src 'self' 'nonce-fdf83e9b-adcc-4522-b9a7-9941001ccaac' 'unsafe-eval' pd1ql.stereocdn.com www.googletagmanager.com googletagmanager.com connect.facebook.net *.google-analytics.com cdn.jsdelivr.net;style-src 'self' 'unsafe-inline' pd1ql.stereocdn.com;font-src 'self' data: pd1ql.stereocdn.com;frame-src 'self' pd1ql.stereocdn.com www.youtube.com;connect-src 'self' blob: pd1ql.stereocdn.com d13058ycfhe2cj.cloudfront.net am-us.stereocdn.com d1uys5gv2539gd.cloudfront.net am-eu.stereocdn.com stereocdn.com static.stereo.com storage.stereo.com stereo-images.stereocdn.com media.stereocdn.com *.amazonaws.com records.stereocdn.com www.googletagmanager.com googletagmanager.com connect.facebook.net *.google-analytics.com www.facebook.com *.ingest.sentry.io;img-src 'self' data: blob: *;media-src 'self' data: blob: pd1ql.stereocdn.com d13058ycfhe2cj.cloudfront.net am-us.stereocdn.com d1uys5gv2539gd.cloudfront.net am-eu.stereocdn.com stereocdn.com static.stereo.com storage.stereo.com stereo-images.stereocdn.com media.stereocdn.com *.amazonaws.com records.stereocdn.com;manifest-src 'self' pd1ql.stereocdn.com;object-src 'none';worker-src 'self' blob:;block-all-mixed-content;upgrade-insecure-requests;frame-ancestors 'self';form-action 'self';script-src-attr 'none' 1
connect-src 'self' https:; font-src 'self' data: https://*.cloudfront.net *.googleapis.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; object-src 'self' blob:; img-src 'self' data: https:; default-src 'none'; style-src 'self' 'unsafe-inline' https:; frame-ancestors 'self'; frame-src https: 1
: default-src 'self'; 
font-src https://www.cherkasyoblenergo.com/fonts/; 
frame-src 'self' https://cherkasyoblenergo.com https://cherkasyoblenergo.com https://www.youtube.com; 1
frame-ancestors 'self' http://*.webvisor.com http://webvisor.com *.webvisor.com webvisor.com 1
default-src 'self' 'unsafe-inline' *.google-analytics.com *.googletagmanager.com *.youtube.com *.gstatic.com *.opstechnology.com *.elevate.cafe *.googleapis.com *.google.com *.alive5.com alive5.com *.doubleclick.net; style-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' https://market.realpage.com https://*.elevate.cafe https://*.realpage.com https://*.opstechnology.com https://www.yardimarketplace.com; report-uri /error/csp-violation 1
frame-ancestors metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com; 1
default-src https:;         object-src 'none';         script-src 'self' 'unsafe-inline' 'unsafe-eval'             blob:             https://*.consentmanager.net             https://*.g.doubleclick.net             https://*.google.com             https://*.googletagmanager.com             https://*.gstatic.com             https://*.stadtwerke-bielefeld.de             https://www.google-analytics.com             https://www.googleadservices.com         ;         img-src 'self' data:             https://*.analytics.google.com             https://*.consentmanager.net             https://*.g.doubleclick.net             https://*.google-analytics.com             https://*.google.com             https://*.google.de             https://*.googleapis.com             https://*.googletagmanager.com             https://*.gstatic.com             https://*.stadtwerke-bielefeld.de             https://*.tile.openstreetmap.org             https://www.googleadservices.com         ;         connect-src 'self'             https://*.analytics.google.com             https://*.consentmanager.net             https://*.g.doubleclick.net             https://*.google-analytics.com             https://*.google.com             https://*.google.de             https://*.googletagmanager.com             https://*.stadtwerke-bielefeld.de             https://www.googleadservices.com         ;         style-src 'unsafe-inline' https:;         font-src 'self' data:         ; 1
style-src 'self' 'unsafe-inline' https://cmcmarketsinvest.com https://service.force.com *.salesforce.com https://static.lightning.force.com *.my.salesforce-sites.com *.salesforceliveagent.com https://trading.sharetrade.com.au https://fonts.googleapis.com https://*.google-analytics.com; font-src 'self' data: https://cmcmarketsinvest.com fonts.gstatic.com *.sfdcstatic.com cmcmarketsstockbroking.com.au https://*.qantas.com https://fonts.gstatic.com; object-src 'self'; frame-ancestors 'self' https://www.cmcmarketsstockbroking.com.au https://signup.invest.cmcmarkets.com.au https://trading.anzshareinvesting.com.au https://cmcmarketsinvest.com https://www.cmcmarketsinvest.com; report-uri https://report-uri.cmcmarkets.com.au/csp 1
frame-src 'self' https://www.google.com/recaptcha/  https://recaptcha.google.com/recaptcha/ 1
frame-ancestors 'self' https://www.mitiendadearte.com https://mitiendadearte.com https://www.craftelier.com https://hartem.com https://www.hartem.com https://it-blog.craftelier.com https://de-blog.craftelier.com https://nl-blog.craftelier.com https://pl-blog.craftelier.com https://pt-blog.craftelier.com https://ie-blog.craftelier.com https://cl-blog.craftelier.com https://es-blog.craftelier.com https://esh-blog.craftelier.com https://fr-blog.craftelier.com https://gb-blog.craftelier.com https://hgb-blog.craftelier.com https://hfr-blog.craftelier.com https://hie-blog.craftelier.com https://hde-blog.craftelier.com https://hpt-blog.craftelier.com https://hit-blog.craftelier.com https://hnl-blog.craftelier.com; 1
style-src 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com d2s38hr28qq8qn.cloudfront.net cdn.electoralcommission.ie use.typekit.net p.typekit.net; 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob:; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 1
default-src 'self'; connect-src * blob:; img-src https: data: blob:; media-src https: data:; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.ghostmarket.io; font-src 'self' 'unsafe-inline' *.ghostmarket.io; object-src 'none'; frame-src buy.moonpay.com pay.inst.money; frame-ancestors *.pavillionhub.com 'self'; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://entrepreneurshandbook.co https://*.entrepreneurshandbook.co https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src 'none'; script-src 'self' 'unsafe-eval' data: blob: health.vic.gov.au content.health.vic.gov.au *.content.health.vic.gov.au cdnjs.cloudflare.com 'unsafe-inline' *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com cdn.monsido.com connect.facebook.net *.cloudfront.net *.youtube.com ytimg.com *.ytimg.com maps.googleapis.com *.readspeaker.com subscribe.health.vic.gov.au app-script.monsido.com *.openforms.com; style-src 'self' 'unsafe-inline' health.vic.gov.au content.health.vic.gov.au *.content.health.vic.gov.au fonts.googleapis.com tagmanager.google.com *.readspeaker.com subscribe.health.vic.gov.au drwgdblqzrfiz.cloudfront.net *.openforms.com; img-src 'self' *.amazee.io *.analytics.google.com *.content.health.vic.gov.au *.doubleclick.net *.ggpht.com *.google-analytics.com *.googleapis.com *.googletagmanager.com content.health.vic.gov.au curator-assets.b-cdn.net data: developers.google.com drwgdblqzrfiz.cloudfront.net health.vic.gov.au maps.gstatic.com scontent-lga3-1.xx.fbcdn.net subscribe.health.vic.gov.au tracking.monsido.com www.facebook.com www.google.ad www.google.ae www.google.al www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cat www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.af www.google.com.ag www.google.com.ai www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.ki www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.ms www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.nr www.google.nu www.google.pl www.google.pn www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.st www.google.td www.google.tg www.google.tl www.google.tm www.google.tn www.google.to www.google.tt www.google.vg www.google.vu www.google.ws; font-src 'self' data: health.vic.gov.au content.health.vic.gov.au *.content.health.vic.gov.au fonts.gstatic.com subscribe.health.vic.gov.au *.readspeaker.com data:; frame-src 'self' *.health.vic.gov.au content.health.vic.gov.au *.content.health.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.doubleclick.net prevention.health.vic.gov.au subscribe.health.vic.gov.au app.powerbi.com w.soundcloud.com dhhs.carto.com dhhs.cartodb.com public.tableau.com flo.uri.sh bettersynd.betterhealth.vic.gov.au form.business.vic.gov.au *.openforms.com *.arcgis.com; manifest-src 'self'; media-src content.health.vic.gov.au; connect-src 'self' *.analytics.google.com *.arcgis.com *.content.health.vic.gov.au *.doubleclick.net *.google-analytics.com *.readspeaker.com *.sdp.vic.gov.au analytics.google.com api.ipify.org content.health.vic.gov.au drwgdblqzrfiz.cloudfront.net health.vic.gov.au https://hotjar.com https://hotjar.io maps.googleapis.com prevention.health.vic.gov.au subscribe.health.vic.gov.au wss://hotjar.com; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';style-src * data: blob: 'unsafe-inline';img-src * data: blob:;connect-src * data: blob:;font-src * data: blob:;frame-src * data: blob:;object-src *;base-uri *;form-action *;frame-ancestors 'self';upgrade-insecure-requests; 1
frame-ancestors 'self' *.scrapfly.io; font-src 'self' *.scrapfly.io https://*.crisp.chat https://fonts.gstatic.com https://cdnjs.cloudflare.com; default-src 'self' *.scrapfly.io https://*.clarity.ms https://c.bing.com 'unsafe-inline'; img-src 'self' *.scrapfly.io data: https://c.bing.com https://*.clarity.ms https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://cdn.scrapfly.io https://assets.capterra.com https://logo.clearbit.com https://maps.googleapis.com https://maps.gstatic.com https://googlechromelabs.github.io https://ssl.gstatic.com https://run.pstmn.io https://*.crisp.chat https://*.placeholder.com https://*.stripe.com; media-src 'self' *.scrapfly.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.scrapfly.io data: https://googletagmanager.com https://tagmanager.google.com https://www.google.com https://*.googletagmanager.com https://www.clarity.ms https://polyfill.io https://maps.googleapis.com https://www.gstatic.com https://*.statuspage.io https://unpkg.com https://run.pstmn.io https://*.crisp.chat https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://hcaptcha.com https://*.hcaptcha.com https://www.googleadservices.com https://ipinfo.io https://js.stripe.com; style-src 'self' 'unsafe-inline' *.scrapfly.io https://googletagmanager.com https://tagmanager.google.com https://cdnjs.cloudflare.com https://www.gstatic.com https://cdn.jsdelivr.net https://client.crisp.chat https://unpkg.com https://fonts.googleapis.com https://use.fontawesome.com https://*.hcaptcha.com; frame-src 'self' *.scrapfly.io https://www.youtube.com/embed/ https://go.crisp.chat https://*.statuspage.io https://*.hcaptcha.com https://js.stripe.com https://hooks.stripe.com; worker-src 'self' *.scrapfly.io blob: data:; connect-src 'self' *.scrapfly.io https://*.scrapfly.io https://polyfill.io https://*.clarity.ms https://www.gstatic.com https://maps.googleapis.com https://ipinfo.io https://*.statuspage.io https://*.crisp.chat wss://client.relay.crisp.chat https://hcaptcha.com https://*.hcaptcha.com https://api.stripe.com; 1
default-src 'self' https://www.google-analytics.com https://cdn.cookielaw.org https://bam.nr-data.net https://analytics.google.com https://stats.g.doubleclick.net https://geolocation.onetrust.com; font-src 'self' data:; frame-src 'self' https://www.youtube.com http://www.youtube.com; img-src * data:; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.cookielaw.org https://js-agent.newrelic.com https://bam.nr-data.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; base-uri 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.youtube.com *.openstreetmap.org *.vimeo.com *.frikanalen.no *.nuug.no yewtu.be *.kjemi.uio.no *.oreilly.com *.skolelinux.de *.googleapis.com remarkjs.com *.gstatic.com api.flattr.com;img-src 'self' twitter-badges.s3.amazonaws.com nuug.no; script-src-elem 'self' 'unsafe-inline' yewtu.be remarkjs.com *.flattr.com digg.com; script-src 'self' 'unsafe-inline' yewtu.be report-to default 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' *.pricespider.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.cookielaw.org *.google-analytics.com *.facebook.net *.pricespider.com *.segment.com pghub.io *.doubleclick.net *.crazyegg.com *.googleapis.com *.zeotap.com *.adsrvr.org *.bazaarvoice.com *.iesnare.com feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; frame-src 'self' *.pghub.io *.adsrvr.org *.facebook.com *.tapad.com *.jebbit.com consumersupport.pg.com ; media-src 'self' *.ctfassets.net data: *.iesnare.com feed.pghub.io pandg.tapad.com ; img-src 'self' data: *.ctfassets.net *.tapad.com *.google-analytics.com *.google.com *.google.cz *.facebook.com *.cookielaw.org youradchoices.com *.bazaarvoice.com *.googletagmanager.com feed.pghub.io ; connect-src 'self' *.cookielaw.org *.google-analytics.com *.adsrvr.org *.segment.io *.segment.com *.crazyegg.com *.googleapis.com *.zeotap.com *.facebook.com *.doubleclick.net *.bazaarvoice.com *.geolocation-db.com geolocation-db.com wss: *.iesnare.com *.algolia.net *.algolianet.com feed.pghub.io pandg.tapad.com ; 1
frame-ancestors https://admin.beatmakers.tv https://admin.beatmaker.tv https://superadmin-btv.herokuapp.com 1
default-src 'self' blob: https://*.mapbox.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.pagespeed-mod.com *.clearbitjs.com vitals.vercel-insights.com vercel.live *.sentry.io js.driftt.com static.truckmap.com widget.drift.com *.google-analytics.com; script-src-elem 'self' 'unsafe-inline' js.driftt.com static.truckmap.com api.mapbox.com vitals.vercel-insights.com vercel.live *.googletagmanager.com *.pagespeed-mod.com *.clearbitjs.com *.sentry.io *.google-analytics.com; font-src 'self' blob: data: 'unsafe-inline' https:; connect-src 'self' blob: *.tiles.mapbox.com api.mapbox.com *.sentry.io events.mapbox.com static.truckmap.com vitals.vercel-insights.com *.google-analytics.com *.clearbitjs.com vercel.live *.pusher.com map-features.truckmap.com truckmap-map-features.s3.amazonaws.com; frame-src 'self' js.driftt.com widget.drift.com vercel.live; style-src 'self' blob: 'unsafe-inline' static.truckmap.com fonts.gstatic.com fonts.googleapis.com data: blob:; img-src 'self' assets.vercel.com truckmap.s3.amazonaws.com apple-resources.s3.amazonaws.com *.google-analytics.com vercel.com static.truckmap.com *.clearbitjs.com data: blob:; worker-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; child-src 'self' blob: api.mapbox.com *.tiles.mapbox.com; base-uri 'self' 1
frame-ancestors oaklandlibrary.org *.oaklandlibrary.org oaklandlibrary.bibliocms.com *.oaklandlibrary.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src oaklandlibrary.org *.oaklandlibrary.org oaklandlibrary.bibliocms.com *.oaklandlibrary.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com cdn.gtranslate.net 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.algolia.net *.b-cdn.net *.cookiebot.com *.doubleclick.net *.dtc-lease.nl *.facebook.com *.facebook.net *.googleadservices.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hsadspixel.net *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.hsleadflows.net *.hs-scripts.com *.hs-sites-eu1.com *.hubapi.com *.hubspot.com *.hubspotusercontent-eu1.net *.pdok.nl *.prepr.io *.pusher.com *.stape.net *.trustpilot.com *.vercel.com bat.bing.com cdn.dealertotaalconcept.nl dtc-import.clweb.nl googleads.g.doubleclick.net https://*.algolia.io https://*.algolianet.com https://*.clarity.ms https://*.hotjar.com https://*.hotjar.io https://c.bing.com https://va.vercel-scripts.com/v1/script.debug.js stream.mux.com vercel.live ws://127.0.0.1:58761 wss://*.hotjar.com https://cdn.jsdelivr.net/npm/search-insights@2.13.0/dist/search-insights.min.js translate.googleapis.com; worker-src 'self' blob:; child-src 'self' blob: *.trustpilot.com *.cookiebot.com vercel.live *.doubleclick.net *.googlesyndication.com *.facebook.com *.facebook.net *.hs-sites-eu1.com dealer.dtc-lease.nl; frame-src 'self' blob: *.trustpilot.com *.cookiebot.com vercel.live *.doubleclick.net *.googlesyndication.com *.facebook.com *.facebook.net *.hs-sites-eu1.com dealer.dtc-lease.nl; report-uri https://o4505516027412480.ingest.sentry.io/api/4506228804681728/security/?sentry_key=f6e55e18842f4cdb6403025f1bf2429d; 1
your-content-security-policy-here 1
frame-ancestors 'self'; connect-src 'self' stats.g.doubleclick.net *.google-analytics.com bam.nr-data.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com; default-src 'self' 'unsafe-inline'; font-src 'self' data: fonts.gstatic.com *.hotjar.com; frame-src 'self' www.googletagmanager.com www.youtube.com platform.twitter.com www.youtube-nocookie.com; img-src 'self' data: www.google.com www.google.ca www.googletagmanager.com i.ytimg.com *.googleusercontent.com; script-src 'self' 'unsafe-inline' *.google-analytics.com static.cloudflareinsights.com blob:; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com js-agent.newrelic.com *.google-analytics.com static.cloudflareinsights.com *.hotjar.com platform.twitter.com www.youtube.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; worker-src blob:; 1
script-src 'self' assets.ethcocdn.com blob: 'wasm-unsafe-eval' 'nonce-MLe/GHev9LRj7gKXJDXAxoSYl55ZitobHhqJp6v8xhQ=' *.googletagmanager.com a.eth.co js.hcaptcha.com; style-src 'self' assets.ethcocdn.com 'unsafe-inline'; img-src 'self' assets.ethcocdn.com blob: data: https: *.ethcocdn.com *.google-analytics.com *.googletagmanager.com i.seadn.io pbs.twimg.com i.imgur.com https://explorer-api.walletconnect.com eth.info; media-src 'self' assets.ethcocdn.com *.ethcocdn.com; font-src 'self' assets.ethcocdn.com data:; connect-src 'self' assets.ethcocdn.com data: wss://eth.co *.ethcocdn.com *.xmtp.network *.gstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com a.eth.co sentry.ethco.us cloudflare-eth.com wss://*.walletlink.org wss://*.walletconnect.org wss://*.walletconnect.com https://explorer-api.walletconnect.com 1
default-src https: data: blob: resource: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; 1
img-src 'self' data: *.net.pekao.com.pl; default-src 'self' *.net.pekao.com.pl; connect-src 'self' https://localhost:* *.net.pekao.com.pl https://chatvideo.pekao.com.pl; frame-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.net.pekao.com.pl; style-src 'self' 'unsafe-inline'; 1
default-src 'self'; style-src 'self' https://fonts.googleapis.com/ https://app.termageddon.com 'unsafe-inline'; script-src 'self' https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://www.googletagmanager.com https://d3e54v103j8qbb.cloudfront.net https://app.termageddon.com 'sha256-QmhRDVaGwa7jmx/BXenyEC1TUMA/ordcNEL8Be0RHTs=' 'sha256-mjdgHR9aXy+6OwAGlNS/XgNcYG1Uhd2U4pl8vi7+XCY=' 'sha256-qDRj3zhnzwaqgjpXbRWATLyLPO+eygQ2OwujiCFfxEQ=' 'sha256-tU37cbBmavKSfccaypnDFYT/FqImtNGPYOrymA0Do94='; img-src 'self'; media-src 'self'; frame-src https://google.com https://www.google.com https://www.chatbase.co; connect-src 'self' https://region1.google-analytics.com https://app.termageddon.com; font-src 'self' https://fonts.gstatic.com data: 1
default-src 'self' https://stats.g.doubleclick.net https://region1.analytics.google.com https://www.google-analytics.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://cdnjs.cloudflare.com https://www.google.com/recaptcha/api.js https://*.gstatic.com https://use.fontawesome.com https://www.googletagmanager.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://use.fontawesome.com;frame-src 'self' https://www.youtube.com/ https://www.google.com/ https://*.gstatic.com https://use.fontawesome.com https://www.googletagmanager.com;frame-ancestors 'self' https://use.fontawesome.com  https://www.googletagmanager.com;img-src 'self' data: blob https://www.google.com.mt https://www.googletagmanager.com https://www.google-analytics.com;font-src 'self' data: https://use.fontawesome.com  https://*.gstatic.com;  1
default-src 'self';    script-src 'self' 'unsafe-inline' 'unsafe-eval' hm.baidu.com www.google-analytics.com maps.googleapis.com maps.googleapi.com https://webmedia.nwd.com.hk https://webmediauat.nwd.com.hk www.googletagmanager.com cdn.jsdelivr.net;   script-src-elem 'self' 'unsafe-inline' www.google-analytics.com webmedia.nwd.com.hk webmediauat.nwd.com.hk hm.baidu.com www.googletagmanager.com maps.googleapis.com cdn.jsdelivr.net;   font-src https: data: 'self' https://use.typekit.net/;   connect-src 'self' https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://viewlicense.adobe.io https://www.facebook.com/ https://region1.analytics.google.com/ maps.googleapis.com;   img-src 'self' webmediauat.nwd.com.hk webmedia.nwd.com.hk maps.gstatic.com maps.googleapis.com data: www.google.com.hk;   style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net;   frame-src 'self' http://quote.tonghaiir.com/ https://wwwlegacy.nwd.com.hk/ www.facebook.com; 1
frame-ancestors https://rajaview.id; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.youtube.com https://www.sjchs.org https://m.addthis.com http://graph.facebook.com http://api-public.addthis.com www.docscores.com www.sjc.jellyfishhealth.com bloom-service.jellyfishhealth.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js s7.addthis.com v1.addthisedge.com v1.addthis.com http://sjcdevadmin.aviddesign.com cmsadmin.sjchs.org bbox.blackbaudhosting.com www.googletagmanager.com cdn.rlets.com urldefense.com *.simpli.fi https://www.practicematch.com/CareerCenter/Opportunities/Find.cfm/RemainEmbedded/1/OwnerIDTypeIDs/29161_3/ExcludeSpecialtyAliases/1/SortOrder/2 bat.bing.com pubads.g.doubleclick.net beacon.krxd.net ssl.google-analytics.com tag.simpli.fi i.simpli.fi www.googleadservices.com pixel.mathtag.com reachlocal.thinkingchat.com eu.thinkingchat.com www.reachlocallivechat.com *.practicematch.com js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://www.sjchs.org https://fonts.googleapis.com/css https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap-theme.min.css https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css sjcdevadmin.aviddesign.com cmsadmin.sjchs.org www.docscores.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com www.sjc.jellyfishhealth.com bloom-service.jellyfishhealth.com bbox.blackbaudhosting.com *.practicematch.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: www.docscores.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com www.sjc.jellyfishhealth.com bloom-service.jellyfishhealth.com http://sjcdevadmin.aviddesign.com cmsadmin.sjchs.org https://www.googletagmanager.com/ bbox.blackbaudhosting.com *.simpli.fi *.google.com www.googleadservices.com *.doubleclick.net fault.rlets.com *.practicematch.com js.hsleadflows.net forms.hsforms.com *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com/ https://s7.addthis.com/ www.docscores.com www.sjc.jellyfishhealth.com bloom-service.jellyfishhealth.com *.practicematch.com; frame-src 'self' *.youtube.com http://www.google.com s7.addthis.com v1.addthisedge.com v1.addthis.com bbox.blackbaudhosting.com https://www.practicematch.com/CareerCenter/Opportunities/Find.cfm/RemainEmbedded/1/OwnerIDTypeIDs/29161_3/ExcludeSpecialtyAliases/1/SortOrder/2 *.rlets.com https://www.facebook.com/ forms.hsforms.com web-chat.nativechat.com; connect-src 'self' *.youtube.com http://sjcdevadmin.aviddesign.com https://www.sjchs.org *.mktoresp.com cmsadmin.sjchs.org www.sjc.jellyfishhealth.com bloom-service.jellyfishhealth.com www.docscores.com *.google.com *.doubleclick.net www.sjcphysiciannetwork.com *.googleapis.com *.gannettdigital.com apgb2b-reachcodeandproxy.gannettdigital.com *.rlets.com capture-api.reachlocalservices.com um.simpli.fi capturelogger-prod-usa.localiq.com *.practicematch.com forms.hubspot.com *.hsforms.com *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.docscores.com https://www.google.com/ www.sjc.jellyfishhealth.com bloom-service.jellyfishhealth.com web-chat.nativechat.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://geekdom.social; img-src 'self' https: data: blob: https://geekdom.social; style-src 'self' https://geekdom.social 'nonce-BIC7BOe41yWNmn5udec3Rg=='; media-src 'self' https: data: https://geekdom.social; frame-src 'self' https:; manifest-src 'self' https://geekdom.social; form-action 'self'; connect-src 'self' data: blob: https://geekdom.social https://objstorage.f7it.net wss://geekdom.social; script-src 'self' https://geekdom.social 'wasm-unsafe-eval'; child-src 'self' blob: https://geekdom.social; worker-src 'self' blob: https://geekdom.social 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://gaygeek.social; img-src 'self' https: data: blob: https://gaygeek.social; style-src 'self' https://gaygeek.social 'nonce-qwUBSdUQFMlHbSp+CVfR5g=='; media-src 'self' https: data: https://gaygeek.social; frame-src 'self' https:; manifest-src 'self' https://gaygeek.social; form-action 'self'; child-src 'self' blob: https://gaygeek.social; worker-src 'self' blob: https://gaygeek.social; connect-src 'self' data: blob: https://gaygeek.social https://media.gaygeek.social wss://gaygeek.social; script-src 'self' https://gaygeek.social 'wasm-unsafe-eval' 1
font-src 'self' https: data: fonts.googleapis.com fonts.gstatic.com; frame-ancestors 'none'; frame-src calendly.com *.facebook.com *.googleadservices.com *.g.doubleclick.net *.googlesyndication.com www.google.com *.instagram.com *.linkedin.com *.loom.com *.stripe.com *.tiktok.com *.typeform.com *.urssaf.fr *.youtube.com zapier.com *.zapier.com; img-src 'self' https: data: *.googleadservices.com *.g.doubleclick.net *.googlesyndication.com www.google.com *.google-analytics.com *.googletagmanager.com tagmanager.google.com sumo.com *.sumo.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.axept.io ckeditor.com *.facebook.com *.googleadservices.com *.g.doubleclick.net *.googlesyndication.com www.google.com *.google-analytics.com *.googletagmanager.com tagmanager.google.com *.hs-scripts.com *.instagram.com *.jquery.com *.pinterest.com reddit.com *.stripe.com sumo.com *.sumo.com *.tiktok.com *.typeform.com zapier.com *.zapier.com; style-src 'self' https: 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.googletagmanager.com tagmanager.google.com zapier.com *.zapier.com; connect-src 'self' https: *.google-analytics.com *.stripe.com sumo.com *.sumo.com wss://*.tawk.to 1
default-src 'self' 'nonce-4Fhh/TAaPj/d5adkTpxSplaS' https://www.joesecurity.org/ https://*.cookiebot.com/ https://www.googletagmanager.com https://cdn.jotfor.ms http://events.jotform.com https://www.google.com/ http://widgets.jotform.io/ https://www.google-analytics.com/ https://region1.google-analytics.com https://stats.g.doubleclick.net/ https://maps.google.com/; img-src 'self' data: blob: *; font-src 'self' data:; base-uri 'none'; object-src 'none'; script-src 'self' 'strict-dynamic' 'nonce-4Fhh/TAaPj/d5adkTpxSplaS' https://www.joesecurity.org/ https://*.cookiebot.com/ https://www.googletagmanager.com https://cdn.jotfor.ms http://events.jotform.com https://www.google.com/ http://widgets.jotform.io/ https://www.google-analytics.com/ https://region1.google-analytics.com https://stats.g.doubleclick.net/ https://maps.google.com/; style-src 'self' 'unsafe-inline' https://www.joesecurity.org/ https://*.cookiebot.com/ https://www.googletagmanager.com https://cdn.jotfor.ms http://events.jotform.com https://www.google.com/ http://widgets.jotform.io/ https://www.google-analytics.com/ https://region1.google-analytics.com https://stats.g.doubleclick.net/ https://maps.google.com/; frame-ancestors 'self'; report-uri /reports 1
frame-ancestors 'self';block-all-mixed-content;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://*.tiktok.com https://googleads.g.doubleclick.net https://googletagmanager.com https://www.googletagmanager.com https://*.facebook.com https://*.facebook.net https://*.youtube.com https://*.adroll.com https://*.google.com;style-src 'self' 'unsafe-inline' *.google.com www.googletagmanager.com;object-src *.googlesyndication.com;child-src 'self' blob: *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com *.facebook.net *.youtube.com www.googletagmanager.com *.adroll.com;base-uri 'self';form-action 'self' *.google.com *.facebook.com *.facebook.net;worker-src 'self' blob: *.google.com 1
connect-src https://auth.sdc.dk https://api-proxy-neos.sdc.eu https://azure-sign-p1.sdc.dk https://*.dynamicyield.com/ https://*.dynamicyield.eu/ https://*.sdc.dk/ https://*.sdc.eu/ https://api.cludo.com https://career.recruitee.com https://consent.app.cookieinformation.com https://dc.services.visualstudio.com/ https://maps.googleapis.com/ https://policy.app.cookieinformation.com https://sdc.containers.piwik.pro/ https://sdc.piwik.pro https://vimeo.com https://www.totalkredit.dk/ 'self'; default-src 'self'; font-src https://*.dynamicyield.com/ https://*.dynamicyield.eu/ https://career.recruitee.com https://cdnjs.cloudflare.com https://d10zminp1cyta8.cloudfront.net 'self'; frame-src https://auth.sdc.dk https://azure-sign-p1.sdc.dk https://e.issuu.com/ https://player.vimeo.com/ https://policy.app.cookieinformation.com https://www.youtube.com/ 'self'; img-src data: https://*.dynamicyield.com/ https://*.dynamicyield.eu/ https://customer.cludo.com https://i.ytimg.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ 'self'; script-src https://*.dynamicyield.com/ https://*.dynamicyield.eu/ https://cdnjs.cloudflare.com https://consent.cookiebot.com/ https://customer.cludo.com https://d10zminp1cyta8.cloudfront.net https://jobs-widget.recruiteecdn.com/ https://maps.googleapis.com/ https://player.vimeo.com/ https://policy.app.cookieinformation.com https://policy.app.cookieinformation.com/ https://s.ytimg.com/ https://sdc.containers.piwik.pro https://static.smartrecruiters.com https://www.googletagmanager.com/ https://www.smartrecruiters.com https://www.totalkredit.dk/ https://www.youtube.com/ 'self' 'unsafe-eval' 'unsafe-inline'; style-src https://*.dynamicyield.com/ https://*.dynamicyield.eu/ https://customer.cludo.com https://policy.app.cookieinformation.com https://static.smartrecruiters.com https://www.smartrecruiters.com https://www.totalkredit.dk/ 'self' 'unsafe-inline'; report-uri /api/sdc/security/csp/report; report-to default 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' source.zoom.us zoom.us www.googletagmanager.com blob: ajax.googleapis.com www.google-analytics.com www.google.com www.gstatic.com platform.twitter.com source.zoom.us zoom.us www.youtube.com ajax.aspnetcdn.com;      style-src 'self' 'unsafe-inline' fonts.googleapis.com source.zoom.us www.gstatic.com;      img-src 'self' data: blob: img.youtube.com syndication.twitter.com i.ytimg.com www.worldgovernmentsummit.org www.worldgovernmentssummit.org;      font-src 'self' data: fonts.gstatic.com source.zoom.us;     connect-src 'self' wss:  www.google-analytics.com stats.g.doubleclick.net *.zoom.us;     media-src 'self' data: source.zoom.us;      object-src 'self';      child-src 'self';      frame-src 'self' www.youtube.com source.zoom.us zoom.us www.youtube.com www.juicer.io platform.twitter.com syndication.twitter.com www.google.com wgs--uat.sandbox.my.site.com wgs.my.site.com docs.google.com;      worker-src 'self' blob:;     frame-ancestors 'self';      form-action 'self';      upgrade-insecure-requests;     block-all-mixed-content;      base-uri 'self';      manifest-src 'self' 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *; object-src 'self' data: *; style-src 'self' data: 'unsafe-inline' *; img-src 'self' data: *; media-src 'self' data: *; frame-src 'self' data: *; font-src 'self' data: *; connect-src 'self' data: * 1
default-src 'self' assurant.okta.com *.oktacdn.com; connect-src 'self' assurant.okta.com assurant-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com assurant.kerberos.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' assurant.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' assurant.okta.com *.oktacdn.com; frame-src 'self' assurant.okta.com assurant-admin.okta.com login.okta.com *.vidyard.com; img-src 'self' assurant.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' assurant.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://ppp.cnhinsurance.com https://www.afasinc.com https://espp.epgins.com https://www-p.afasinc.com https://afasinc.com 1
frame-ancestors 'self' https://*.good-game-network.com; 1
default-src 'self' 'unsafe-inline' https://acsbapp.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob:  https://streetviewpixels-pa.googleapis.com https://lh3.ggpht.com https://khms0.googleapis.com https://khms1.googleapis.com https://www.google-analytics.com https://whoson.alfapolicy.com:444 https://usage.trackjs.com https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com; script-src 'self' https://acsbapp.com https://www.google-analytics.com https://www.googleapis.com https://cdn.trackjs.com https://eapi.trexis.com https://portalone.processonepayments.com https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com/ 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://eapi.trexis.com https://portalone.processonepayments.com https://cdn.acsbapp.com https://capture.trackjs.com https://www.google-analytics.com https://maps.googleapis.com; frame-src 'self' *.trexis.com trexis.com https://www.tranzpay.com https://portalone.processonepayments.com https://pronto.alfapolicy.com; object-src 'none'; base-uri 'self'; frame-ancestors https://rtr.trexis.com https://www.trexis.com https://trexis.com; 1
report-uri https://csp-report.ponderosa.agency/log; base-uri 'self'; connect-src 'self' https://script.crazyegg.com https://yoast.com https://stats.g.doubleclick.net https://www.google-analytics.com; default-src 'self'; font-src 'self' data: *.wp.com https://maxcdn.bootstrapcdn.com https://use.typekit.net; frame-src 'self' *.investis.com *.twitter.com *.wp.com https://facebook.com https://player.vimeo.com https://www.google.com; img-src 'self' https: data:; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.wp.com *.gstatic.com *.twitter.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://connect.facebook.net/en_GB/sdk.js https://script.crazyegg.com/pages/scripts/0023/1043.js https://stats.wp.com/e-202243.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js; style-src 'report-sample' 'self' 'unsafe-inline' *.wp.com *.typekit.com *.typekit.net https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://code.jquery.com/ui/1.13.1/themes/smoothness/jquery-ui.min.css https://fonts.googleapis.com; worker-src *.greencore.com; 1
worker-src 'self' blob:; script-src 'strict-dynamic' 'unsafe-eval' 'nonce-vKv9syP9auh3QAwB8dQ5gA=='; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' https://*.michelin.com 1
default-src 'none'; script-src 'self' 'nonce-fcb0b5ae-847b-4c2a-bc91-1dc75c305910' 'unsafe-inline' 'unsafe-eval' 'sha256-V1EJR36VkO9k0FYEKig0eMyDOlEDL5YW9EpzNLJcgRI=' 'sha256-yZA+8n3qPZ5OADHZbcpooPo/8gxZnd6h4usWRLnm5NM=' 'sha256-IPQ8Oj8E2WHVhRiIZvKrMXoDDBKQk2YpNQDSqhcVHWA' connect.facebook.net https://*.hotjar.com cdn-cookieyes.com https://analytics.tiktok.com; style-src 'self' 'unsafe-inline' https://*.hotjar.com https://tagmanager.google.com https://fonts.googleapis.com *.googletagmanager.com; connect-src 'self' *.cookieyes.com cdn-cookieyes.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.euf.stape.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com *.google.com https://*.gstatic.com https://px.ads.linkedin.com api.friendlycaptcha.com *.doubleclick.net data: blob:; img-src 'self' cdn-cookieyes.com www.facebook.com https://googletagmanager.com *.googletagmanager.com *.google-analytics.com https://*.hotjar.com https://*.googleapis.com https://*.gstatic.com https://www.gstatic.com *.google.com *.googleusercontent.com https://*.doubleclick.net https://px.ads.linkedin.com ohws.prospective.ch data:; object-src 'none'; font-src 'self' https://script.hotjar.com https://fonts.gstatic.com data:;base-uri 'self'; frame-src rechner.eturnity.ch *.vimeo.com *.google.com https://td.doubleclick.net https://*.fls.doubleclick.net/ *.frcapi.com www.facebook.com www.youtube.com youtube.com; worker-src blob:; 1
default-src 'none' 'self' mc.yandex.ru https://mc.yandex.ru https://mc.yandex.ua https://mc.yandex.by https://mc.yandex.kz https://mc.yandex.fr https://mc.yandex.com.tr yastatic.net https://yastatic.net ajax.googleapis.com www.google-analytics.com https://www.google-analytics.com googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://securepubads.g.doubleclick.net https://pagead2.googlesyndication.com https://tpc.googlesyndication.com vk.com https://vk.com https://login.vk.com platform.twitter.com https://platform.twitter.com; font-src 'self' data: yastatic.net fonts.gstatic.com https://fonts.gstatic.com; object-src pagead2.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://prozavr.ru top-fwz1.mail.ru *.yandex.ru https://yandex.ru yandex.ru yandex.com https://yandex.by *.yandex.net https://site.yandex.net https://yandex.st yandex.st yandex.ua https://yastatic.net yastatic.net mc.yandex.ru https://mc.yandex.ru https://mc.yandex.ua https://mc.yandex.by https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.com https://mc.yandex.com.tr https://mc.yandex.uz https://mc.yandex.ee https://mc.yandex.tj https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.kg https://cdn.jsdelivr.net/npm/yandex-metrica-watch/ https://conoret.com https://cdn.ampproject.org https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ ajax.googleapis.com  api.google.com https://pagead2.googlesyndication.com pagead2.googlesyndication.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://tpc.googlesyndication.com https://translate.google.com https://translate.google.cn https://translate.googleapis.com https://translate-pa.googleapis.com https://googleads.g.doubleclick.net www.googletagmanager.com googletagmanager.com www.googletagservices.com https://www.googletagservices.com https://partner.googleadservices.com vk.com platform.twitter.com https://platform.twitter.com https://s.tradingview.com https://s3.tradingview.com https://fundingchoicesmessages.google.com https://adservice.google.ru https://adservice.google.com https://adservice.google.co.th https://adservice.google.kz https://adservice.google.co.uz https://adservice.google.co.jp https://adservice.google.kg https://adservice.google.co.kr https://adservice.google.com.vn https://adservice.google.by https://adservice.google.co.id https://adservice.google.co.il https://adservice.google.com.ua https://adservice.google.lv https://adservice.google.pl https://adservice.google.se https://adservice.google.com.tr https://adservice.google.be https://adservice.google.hu https://adservice.google.am https://adservice.google.ge https://adservice.google.bg https://adservice.google.com.tj https://adservice.google.nl https://adservice.google.de https://adservice.google.co.in https://adservice.google.cz https://adservice.google.az https://adservice.google.ee https://adservice.google.com.sg https://adservice.google.lk https://adservice.google.ae https://adservice.google.md https://adservice.google.ca https://adservice.google.com.cy https://adservice.google.sk https://adservice.google.it https://adservice.google.com.eg https://adservice.google.lt https://adservice.google.no https://adservice.google.com.om https://adservice.google.fr https://adservice.google.es https://adservice.google.co.uk https://adservice.google.dk https://adservice.google.fi https://adservice.google.com.mx https://adservice.google.com.lb https://adservice.google.com.hk https://adservice.google.com.pk https://adservice.google.dz https://adservice.google.mn https://adservice.google.iq https://adservice.google.co.za https://adservice.google.me https://adservice.google.is https://adservice.google.com.br https://adservice.google.tm https://adservice.google.rs https://adservice.google.com.qa https://adservice.google.com.ph https://adservice.google.com.my https://adservice.google.com.mt https://adservice.google.pt https://adservice.google.co.nz https://adservice.google.ba https://adservice.google.gr https://adservice.google.mu https://adservice.google.com.cu https://adservice.google.com.au https://adservice.google.jo https://adservice.google.al https://adservice.google.com.kh https://adservice.google.cv https://adservice.google.mk https://adservice.google.sn https://adservice.google.com.pa https://adservice.google.ro https://adservice.google.com.sa https://adservice.google.at https://adservice.google.ch https://adservice.google.tn https://adservice.google.co.ao https://adservice.google.ie https://adservice.google.mv https://adservice.google.com.bd https://adservice.google.co.tz https://adservice.google.com.gt https://adservice.google.com.np https://adservice.google.com.pe https://adservice.google.com.kw https://adservice.google.com.tw https://adservice.google.si https://adservice.google.co.ke https://adservice.google.hr https://adservice.google.com.ar https://adservice.google.ci https://adservice.google.lu https://adservice.google.com.co https://adservice.google.com.bh https://adservice.google.co.ma https://adservice.google.co.zm https://adservice.google.bs https://adservice.google.sc https://adservice.google.com.mm https://adservice.google.cm https://adservice.google.com.na https://adservice.google.la https://adservice.google.com.ec https://adservice.google.co.cr https://adservice.google.ml https://adservice.google.com.af https://adservice.google.com.uy https://adservice.google.rw https://adservice.google.cl https://adservice.google.co.ve https://adservice.google.bf https://adservice.google.mg https://adservice.google.ga https://adservice.google.com.et https://adservice.google.ne https://adservice.google.bj https://adservice.google.com.ng https://adservice.google.sm https://adservice.google.sr https://adservice.google.com.jm https://adservice.google.com.ly https://adservice.google.co.ug https://adservice.google.com.py https://adservice.google.com.sv https://adservice.google.com.pr https://adservice.google.co.mz https://adservice.google.hn https://adservice.google.com.bo https://adservice.google.ps https://adservice.google.tg https://adservice.google.co.zw https://adservice.google.com.bn https://adservice.google.li https://adservice.google.com.gh https://adservice.google.com.bz https://adservice.google.ad https://adservice.google.tt https://adservice.google.vg https://adservice.google.com.ni https://adservice.google.com.gi; img-src 'self' data: https://prozavr.ru top-fwz1.mail.ru *.yandex.net *.adfox.ru *.yandex.ru yandex.ru yandex.com mc.yandex.ru https://mc.yandex.ru https://mc.yandex.ua https://mc.yandex.by https://mc.yandex.kz https://mc.yandex.fr https://mc.yandex.com https://mc.yandex.com.tr https://mc.yandex.kg https://mc.yandex.uz https://mc.yandex.tj https://mc.yandex.md https://mc.yandex.az https://mc.yandex.tm *.yandex.net yandex.st yastatic.net https://yastatic.net clck.yandex.ru https://yandex.ru https://yandex.ua https://www.yandex.ua https://yandex.by https://www.yandex.by https://webmaster.yandex.ru https://www.google.com https://www.google.ru https://www.google.kg https://www.google.co.th https://www.google.fr https://www.google.kz  https://www.google.com.ua https://www.google.lv https://www.google.md https://www.google.pl https://www.google.lt https://www.google.by https://www.google.cz https://www.google.co.uk https://www.google.am https://ssl.google-analytics.com https://*.googleusercontent.com https://tpc.googlesyndication.com pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net gstatic.com https://www.gstatic.com https://translate.googleapis.com https://*.ggpht.com counter.rambler.ru counter.yadro.ru www.google-analytics.com google-analytics.com https://www.google-analytics.com https://vk.com vk.com https://syndication.twitter.com https://twitter.com https://*.userapi.com https://csi.gstatic.com translate.google.com *.ytimg.com img.youtube.com https://*.ytimg.com https://img.youtube.com https://ad.adriver.ru https://ad.doubleclick.net https://wcm-ru.frontend.weborama.fr https://tps.doubleverify.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://yastatic.net yastatic.net *.adfox.ru https://translate.googleapis.com fonts.googleapis.com https://fonts.googleapis.com; connect-src 'self' blob: http://127.0.0.1:* yastatic.net *.adfox.ru *.yandex.ru yandex.ru yandex.com top-fwz1.mail.ru https://mc.yandex.ru https://mc.yandex.ua https://mc.yandex.by https://mc.yandex.kz https://mc.yandex.fr https://mc.yandex.com https://mc.yandex.com.tr https://mc.yandex.uz https://mc.yandex.ee https://mc.yandex.tj https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.com.ge https://mc.yandex.kg https://mc.yandex.az https://mc.yandex.tm https://www.google.com.ua https://ymetrica1.com https://yandexmetrica.com:* yandex.st https://translate.yandex.net  https://browser.translate.yandex.net https://csp.yandex.net https://favicon.yandex.net https://www.google.ru https://www.google.by https://www.google.kg https://www.google.co.th https://www.google.fr https://www.google.kz https://www.google.lv https://www.google.md https://www.google.pl https://www.google.lt https://stats.g.doubleclick.net https://region1.analytics.google.com https://analytics.google.com www.google-analytics.com https://www.google-analytics.com https://pagead2.googlesyndication.com pagead2.googlesyndication.com www.googletagservices.com https://partner.googleadservices.com https://csi.gstatic.com https://translate.googleapis.com https://adservice.google.com https://fundingchoicesmessages.google.com; child-src 'self' mc.yandex.ru https://mc.yandex.ru https://mc.yandex.md googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://www.google.com awaps.yandex.ru yastatic.net vk.com platform.twitter.com https://login.vk.com https://static.doubleclick.net; frame-src yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru *.adfox.ru https://mc.yandex.md https://mc.yandex.com https://www.google.com https://recaptcha.google.com https://googleads.g.doubleclick.net https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://yoomoney.ru; media-src blob: data: yastatic.net *.yandex.net *.yandex.ru yandex.ru *.adfox.ru yandex.com; report-uri https://prozavr.ru/temp/csp/errors_csp_writer.php; 1
default-src 'self'; style-src * 'unsafe-inline'; img-src * data:; object-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; font-src * data:; worker-src * blob:;frame-src 'self' *; 1
default-src 'self'; child-src 'self' www.youtube.com chart.googleapis.com *.issuu.com https://drive.google.com https://static.genkgo.com https://wereldfietser.genkgo.app; connect-src 'self' *.google-analytics.com wereldfietser.containers.piwik.pro wereldfietser.piwik.pro stats.g.doubleclick.net *.analytics.google.com https://static.genkgo.com https://wereldfietser.genkgo.app; font-src 'self' fonts.gstatic.com https://static.genkgo.com https://wereldfietser.genkgo.app 'unsafe-inline'; img-src 'self' https://* https://static.genkgo.com https://wereldfietser.genkgo.app data:; media-src 'self' https://static.genkgo.com https://wereldfietser.genkgo.app; script-src 'self' *.googletagmanager.com *.google-analytics.com wereldfietser.containers.piwik.pro *.hotjar.com https://static.genkgo.com https://wereldfietser.genkgo.app 'unsafe-inline'; style-src 'self' fonts.googleapis.com hello.myfonts.net https://static.genkgo.com https://wereldfietser.genkgo.app 'unsafe-inline'; report-uri https://wereldfietser.nl/f/error-report/report/csp; upgrade-insecure-requests 1
default-src 'self' data: *.google-analytics.com *.youtube-nocookie.com *.ytimg.com *.cookielaw.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cookielaw.org *.onetrust.com  *.googletagmanager.com *.jsdelivr.net *.hotjar.com *.google-analytics.com *.youtube-nocookie.com  *.youtube.com *.draw.io *.diagrams.net *.sharethis.com https://podtrac.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.sharethis.com; img-src 'self' data: https: www.googletagmanager.com www.google-analytics.com *.cookielaw.org; media-src 'self' https://chtbl.com https://podtrac.com https://traffic.omny.fm *.tritondigital.com; frame-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.sharethis.com anchor.fm podcasters.spotify.com https://chtbl.com https://podtrac.com https://traffic.omny.fm *.tritondigital.com *.doubleclick.net; connect-src 'self' *.cookielaw.org *.onetrust.com *.google.com *.google.ca *.google-analytics.com wss://ws.hotjar.com *.hotjar.io *.doubleclick.net *.sharethis.com *.crwdcntrl.net; report-uri /report-csp-violation 1
default-src https: wss: blob: data: 'unsafe-inline'; worker-src https: blob:; script-src https: 'unsafe-inline' 'unsafe-eval';img-src https: data:;frame-ancestors 'self' *.psplugin.com *.vergic.com https://*.psplugin.com https://*.vergic.com https://*.cudl.com https://*.studentchoice.org https://internetloanapplication.cudl.com https://olb.firstfinancial.org 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.sunypoly.edu *.bootstrapcdn.com *.fontawesome.com *.gstatic.com *.google-analytics.com *.google.com *.googletagmanager.com *.doubleclick.net www.suny.edu *.office365.com *.cdninstagram.com *.instagram.com *.youtube.com *.livechatinc.com *.twitter.com *.twimg.com *.knowmia.com  tscpressunypoly.azureedge.net *.techsmith.com *.useriq.com *.paypal.com iframe.dacast.com *.heyhalda.com sc-static.net *.snapchat.com *.facebook.net *.facebook.com *.issuu.com *.technolutions.net https://acsbapp.com cdn.acsbapp.com analytics.tiktok.com https://sunypoly.campuslabs.com *.googleadservices.com *.doubleclick.net; img-src 'self' data: *.acsbapp.com cdn.acsbapp.com *.cdninstagram.com scontent-lga3-1.cdninstagram.com scontent-lga3-2.cdninstagram.com www.google.com tr.snapchat.com www.facebook.com connect-sunypoly-edu.cdn.technolutions.net; frame-src 'self' https://sunypoly.campuslabs.com https://www.youtube.com https://e.issuu.com https://www.google.com/ https://secure.livechatinc.com/ https://*.doubleclick.net https://*.heyhalda.com https://view.genially.com https://*.dacast.com; font-src 'self' data: *.bootstrapcdn.com *.fontawesome.com *.gstatic.com *.sunypoly.edu; 1
default-src 'self' data: blob: *.conac.cn  *.gov.cn *.jiathis.com *.baidu.com *.bshare.cn *.eol.cn *.qq.com *.kaipuyun.cn *.bdimg.com *.wx.qq.com *.people.com.cn *.weibo.com *.slrbs.com bdimg.share.baidu.com *.m1905.cn 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://maps.googleapis.com https://maps.gstatic.com/ data: https://*.google-analytics.com https://forms-eu1.hsforms.com https://track-eu1.hubspot.com https://www.googletagmanager.com https://imgsct.cookiebot.com https://forms.hsforms.com; object-src data:; frame-src 'self' mailto: tel: *.krone-dev.cybob-one.com *.krone-agriculture.com https://*.mykrone.green https://mykrone.green https://*.krone.de *.youtube.com *.youtube-nocookie.com https://www.webstream.eu https://*.cookiebot.com https://my.matterport.com https://forms-eu1.hsforms.com/; script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://*.cookiebot.com https://www.googletagmanager.com https://js-eu1.hs-scripts.com https://js-eu1.hs-banner.com https://js-eu1.hs-analytics.net https://js-eu1.hscollectedforms.net https://js-eu1.hsforms.net/forms/embed/v2.js https://js-eu1.hsforms.net/; connect-src 'self' https://maps.googleapis.com https://*.cookiebot.com https://*.google-analytics.com https://*.liadm.com https://forms-eu1.hscollectedforms.net https://forms-eu1.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com; font-src 'self' https://fonts.gstatic.com data:; frame-ancestors 'self' https://www.krone-group.com https://krone-group.com; 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/; connect-src 'self' https://animeworld.cx:8443/socket.io/ wss://animeworld.cx:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
img-src 'self'; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' kalibrr.com *.kalibrr.com kalibrr.id *.kalibrr.id kalibrr.ph *.kalibrr.ph kalibrr.vn *.kalibrr.vn *.blitzllama.com *.zendesk.com https://static.zdassets.com https://ekr.zdassets.com *.zopim.com appleid.cdn-apple.com connect.facebook.net *.facebook.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com d36lvucg9kzous.cloudfront.net s1.webspellchecker.net js.stripe.com www.googletagmanager.com *.inspectlet.com *.googleapis.com *.newrelic.com *.nr-data.net platform.twitter.com static.ads-twitter.com apis.google.com ajax.cloudflare.com tagmanager.google.com analytics.twitter.com analytics.trovit.com *.effectivemeasure.net jscdn.appier.net track.adform.net cdn.ckeditor.com https://optimize.google.com; form-action 'self'; frame-src 'self' https://staticxx.facebook.com https://web.facebook.com https://accounts.google.com https://www.facebook.com https://docs.google.com https://www.youtube.com https://www.google.com https://optimize.google.com https://snap.licdn.com *.blitzllama.com; frame-ancestors http://careers.aboitiz.com https://careers.aboitiz.com https://careers-uat.aboitiz.com http://citysavings.com.ph https://citysavings.com.ph; 1
script-src 'self' 'unsafe-inline' www.agrica.loc www.groupagrica.com productionagricole.groupagrica.com https://www.google-analytics.com/analytics.js http://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/ckscayt.js http://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/local/fr/local.js https://www.googletagmanager.com https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js  https://www.googletagmanager.com/debug/ https://app.mailjet.com/statics/js/iframeResizer.min.js https://unpkg.com/imask@6.0.5/dist/imask.js https://unpkg.com/@popperjs/core@2.10.2/dist/umd/popper.min.js https://unpkg.com/tippy.js@6.3.2/dist/tippy-bundle.umd.min.js; style-src 'self' 'unsafe-inline' http://svc.webspellchecker.net/spellcheck31/ http://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/css/wsc.css http://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/themes/all.css stackpath.bootstrapcdn.com use.fontawesome.com cdn.jsdelivr.net https://cdn.jsdelivr.net/gh/google/code-prettify@master/loader/prettify.css https://cdn.rawgit.com/google/code-prettify/master/loader/prettify.css https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css https://www.googletagmanager.com productionagricole.groupagrica.com; font-src 'self' use.fontawesome.com https://svc.webspellchecker.net/spellcheck31/ https://svc.webspellchecker.net https://fonts.gstatic.com https://cdnjs.cloudflare.com https://www.googletagmanager.com productionagricole.groupagrica.com; img-src 'self' data: https://statics.groupagrica.com http://statics.agrica.loc www.agrica.loc www.groupagrica.com productionagricole.groupagrica.com http://svc.webspellchecker.net/spellcheck31/ http://img.youtube.com/vi/HR6TarlgwoQ/0.jpg http://img.youtube.com/vi/85Z6PWfXyho/0.jpg http://img.youtube.com/vi/lmor2ctufwM/0.jpg https://stv2-uploads-prod.s3.eu-west-3.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' https://www.youtube.com https://agrica-recette.harvest.fr/ https://agrica.harvest.fr https://app.mailjet.com/ https://www.google.com/ https://tracking.wiztopic.com; script-src-elem 'self' 'unsafe-inline' http://svc.webspellchecker.net/spellcheck31/ https://www.googletagmanager.com https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js www.agrica.loc productionagricole.groupagrica.com www.groupagrica.com https://www.google-analytics.com/analytics.js  http://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/ckscayt.js http://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/local/fr/local.js https://app.mailjet.com/statics/js/iframeResizer.min.js https://unpkg.com/imask@6.0.5/dist/imask.js https://unpkg.com/@popperjs/core@2.10.2/dist/umd/popper.min.js https://unpkg.com/tippy.js@6.3.2/dist/tippy-bundle.umd.min.js https://assets.app.smart-tribune.com/ https://assets.app.smart-tribune.com/smart-tribune/ContactFormSelect/contactformselect.main.js https://assets.app.smart-tribune.com/smart-tribune/FAQ/public/faq.main.js https://assets.app.smart-tribune.com/smart-tribune/FAQ/public/faq.js https://assets.app.smart-tribune.com/smart-tribune/FAQ/faq.main.js https://www.googletagmanager.com/debug/bootstrap; 1
frame-ancestors 'self'; form-action 'self'; default-scr 'self'; img-src 'self' data: img.youtube.com www.facebook.com www.google.com; object-src 'none'; script-src 'self' 'nonce-XoZ5td6LkKkkla7oblAL+7jwmiE=' *.google.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.hotjar.com business.facebook.com connect.facebook.net facebook.com graph.facebook.com https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net maps.googleapis.com s.ytimg.com video.google.com www.facebook.com www.google-analytics.com www.google.com/recaptcha/ www.googleadservices.com www.gstatic.com/recaptcha/ www.youtube.com www.buzzsprout.com/ https://cdn.datatables.net www.clarity.ms chart.googleapis.com api.qrserver.com https://consent.cookiebot.com; 1
default-src 'self'; script-src 'self' 'nonce-JJ3WR5eYtyqU8BPfFCUiqmzCDZNOhFYa' 'strict-dynamic' https://www.googletagmanager.com https: http: 'unsafe-inline' ; connect-src 'self' https://6c82ya5gbl.execute-api.ap-east-1.amazonaws.com https://dfcorpdev.prod.acquia-sites.com https://dfcorp.prod.acquia-sites.com https://dfcorpstg.prod.acquia-sites.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; script-src-elem 'self' https://*.googletagmanager.com https://*.google-analytics.com 'sha256-FLy/XwC4dpmBAvNgIK/7H0utf6GANtX/vR8Osqmi5tY='; style-src 'self' https: http: 'unsafe-inline'; img-src 'self' blob: data: https://dfcorpdev.prod.acquia-sites.com https://dfcorp.prod.acquia-sites.com https://dfcorpstg.prod.acquia-sites.com https://*.google-analytics.com https://*.googletagmanager.com; font-src 'self' https://fonts.gstatic.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; 1
X-Content-Type-Options: nosniff 1
script-src 'self' 'strict-dynamic' js.zohostatic.com d17nz991552y2g.cloudfront.net static.zohocdn.com salesiq.zoho.com dtzpfzv31buvf.cloudfront.net cdn.pagesense.io js.zohocdn.com widgets.zohosalesiq.com zohotagmanager.cdn.pagesense.io 'nonce-6699e0d7d5ef4a8248a6a9e8c26b26b0' 'unsafe-hashes' 'sha256-uxu43L3ae+5FAGQq28H4PfBwFx02U9nlMRh37t3YyzY=';object-src 'none';base-uri 'self';report-uri https://logsapi.zoho.com/csplog?service=support; 1
default-src 'self' 'unsafe-inline' data: 'unsafe-eval' https://dkstatics-public.digikala.com https://dkstatics-public-2.digikala.com https://dkstatics-public-3.digikala.com  https://img.filmkala.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://firebase.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://maps.gstatic.com https://ajax.googleapis.com https://gstatic.com https://www.gstatic.com *.google-analytics.com https://maxst.icons8.com https://use.fontawesome.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://fcmregistrations.googleapis.com https://code.jquery.com https://polyfill.io https://www.googleapis.com https://apis.google.com https://hominextcom.firebaseapp.com https://securetoken.googleapis.com https://www.google.com https://www.digikala.com https://accounts.google.com https://trustseal.enamad.ir; 1
default-src 'self' scout.salesloft.com scout-cdn.salesloft.com *.driftt.com widget.drift.com *.smartrecruiters.com *.clickagy.com *.zoominfo.com *.coveo.com *.fluidads.com *.stackadapt.com *.truste.com *.omtrdc.net *.livechatinc.com *.chatbot.com *.adobe.com c.6sc.co secure.adnxs.com epsilon.6sense.com *.tableau.com *.experian.com *.experianmarketingservices.com api.ipgeolocation.io *.adobedtm.com *.adsrvr.org *.ads-twitter.com *.bing.com *.brightcove.com *.brightcove.net *.terminus.services *.cloudflare.com *.demdex.net *.doubleclick.net *.eloqua.com *.everesttech.net *.facebook.com *.facebook.net metrics1.experian.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.hsadspixel.net *.hs-analytics.net *.hsappstatic.net *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.hs-scripts.com *.hubapi.com *.hubspot.com *.hubspot.net *.licdn.com *.linkedin.com *.omappapi.com *.omniture.com *.optmnstr.com *.twimg.com *.twitter.com *.usemessages.com *.youtube.com *.zencdn.net *.google-analytics.com img.en25.com p.adsymptotic.com bcove.video *.api.brightcove.com api.bcovlive.io *.bcovlive.io *.sep.bcovlive.io bcovlive-a.akamaihd.net *.o.brightcove.com players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com *.boltdns.net brightcove.vo.llnwd.net *.llnw.net *.llnwd.net manifest.prod.boltdns.net *.media.brightcove.com *.akafms.net *.akamaihd.net *.analytics.edgekey.net *.cloudfront.net hlstoken-a.akamaihd.net vjs.zencdn.net *.gallerysites.net *.bcvp0rtal.com *.brightcovecdn.com ws://*.hotjar.com wss://*.hotjar.com; img-src 'self' data: *; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; font-src 'self' data: *; object-src 'none'; media-src * blob:; worker-src blob: 'self'; frame-ancestors 'self'; 1
default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors https://bancintranets.com https://*.bancintranets.com https://ncontracts.com https://*.ncontracts.com https://*.my100bank.com https://*.greatercb.com https://csbintranetnews.com https://*.csbintranetnews.com https://*.cambridgesavings.com https://libby-intranet.com https://*.firstbank.com https://quonticportal.com https://*.quonticportal.com https://bankatcity.com https://*.bankatcity.com https://wsbemployee.com https://wvbkthevault.com 1
default-src 'self' ; object-src 'none'; frame-ancestors 'none'; frame-src 'none'; form-action 'self'; manifest-src 'self'; img-src 'self' data:  ; block-all-mixed-content 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://snap.licdn.com *.google-analytics.com *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org www.googletagmanager.com http://banners.aipla.org https://banners.aipla.org www.buzzsprout.com *.googleadservices.com https://googleads.g.doubleclick.net *.connectedcommunity.org community.aipla.org https://live-tag.bannersnack.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.connectedcommunity.org; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.ads.linkedin.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com stats.g.doubleclick.net https://googleads.g.doubleclick.net *.google.com/pagead *.adsymptotic.com *.connectedcommunity.org; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.buzzsprout.com *.connectedcommunity.org https://live-tag.bannersnack.com/; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.doubleclick.net *.connectedcommunity.org analytics.google.com; 1
child-src 'self' blob: https://*.auth0.com; object-src 'self'; worker-src 'self' blob:; script-src https://firebaseinstallations.googleapis.com https://firebase.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://maps.googleapis.com 'self'; connect-src 'self' https://firebaseinstallations.googleapis.com https://firebase.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://*.tiles.mapbox.com https://overpass-api.de https://api.mapbox.com https://events.mapbox.com https://*.auth0.com https://clouderrorreporting.googleapis.com https://storage.googleapis.com wss://welink-nms.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.flockler.com *.cloudflareaccess.com *.amazonaws.com *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.cloudfront.net *.youtube.com *.vimeo.com vimeo.com *.calendly.com calendly.com *.usemessages.com *.gstatic.com *.oniqa.com *.onistaged.com *.wpengine.com *.hsforms.com *.hsforms.net.org *.hubspot.com *.hs-sites.com *.hsforms.net *.hubapi.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com ws.zoominfo.com hscollectedforms.net js.hscollectedforms.net forms.hscollectedforms.net *.flippingbook.com *.joomag.com *.pubhtml5.com pubhtml5.com *.wistia.net *.wistia.com hsadspixel.net *.hsadspixel.net googleads.g.doubleclick.net stats.g.doubleclick.net bid.g.doubleclick.net snap.licdn.com connect.facebook.net facebook.com *.facebook.com px.ads.linkedin.com px4.ads.linkedin.com cdn.linkedin.oribi.io p.adsymptotic.com googleadservices.com *.googleadservices.com *.vcita.com vcita.com embedwistia-a.akamaihd.net *.litix.io c15117557.ssl.cf2.rackcdn.com *.onistaged.com *.onenorth.com *.ksmcpa.com data: blob:; font-src 'self' fonts.gstatic.com fonts.googleapis.com *.cloudfront.net data:; frame-ancestors 'self' *.hubspot.com *.flippingbook.com *.pubhtml5.com pubhtml5.com *.joomag.com; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-8QCJ2c_oUkKvYMV7UN80ZQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/ https://google.com https://connect.facebook.net https://unpkg.com https://www.googletagmanager.com/gtag/ https://developers.google.com https://wsdk-files.in.webengage.com https://s3.ap-south-1.amazonaws.com https://www.clarity.ms https://maps.googleapis.com/ https://www.googletagmanager.com/ https://widgets.in.webengage.com/ https://tars-file-upload.s3.amazonaws.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://code.jquery.com/jquery-3.7.1.min.js; style-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ https://cdn.jsdelivr.net/ https://fonts.googleapis.com/css; font-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ https://fonts.gstatic.com/ https://cdnjs.cloudflare.com/ajax/libs/ https://assets.hellotars.com/assets/; img-src 'self' data: blob: *; frame-src 'self' data: blob: https://www.youtube.com https://chatbot.hellotars.com/ https://tmfmw.tmf.co.in/cmsdata/ https://inzd3a49c58.in.webengage.co/ https://td.doubleclick.net; media-src 'self' data: blob: https://www.youtube.com https://uatunvmw.tmf.co.in https://tars-file-upload.s3.amazonaws.com/ByNADi/ https://tmfmw.tmf.co.in/cmsdata/ mediastream:; child-src 'self' data: blob: ; block-all-mixed-content; upgrade-insecure-requests; 1
frame-ancestors https://cms.trive.com 1
default-src 'none'; worker-src 'self' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.fontawesome.com polyfill.io *.cookiebot.com *.jsdelivr.net *.googleapis.com *.polyfill.io *.googletagmanager.com *.equitystory.com *.google-analytics.com *.doubleclick.net *.cloudflare.com *.gstatic.com *.google.ch *.google.com *.addthis.com *.moatads.com *.addthisedge.com *.gate49.net *.bellfoodgroup.com *.placeholder.com *.vimeo.com *.facebook.com *.facebook.net ;style-src 'self' 'unsafe-inline' *.cookiebot.com *.jsdelivr.net *.googleapis.com *.polyfill.io *.googletagmanager.com *.equitystory.com *.google-analytics.com *.doubleclick.net *.cloudflare.com *.gstatic.com *.google.ch *.google.com *.addthis.com *.moatads.com *.addthisedge.com *.gate49.net *.bellfoodgroup.com *.pi-asp.de *.bellfoodgroup.pi-asp.de *.vimeo.com;object-src 'self';img-src 'self' data: blob: *.google-analytics.com *.facebook.com *.facebook.net *.career.bellfoodgroup.com *.bellfoodgroup.com *.pi-asp.de bellfoodgroup.pi-asp.de *.google.ch *.google.com *.placeholder.com i.vimeocdn.com www.googletagmanager.com imgsct.cookiebot.com;media-src 'self' https://cdn.plyr.io;frame-src 'self' data: *.addthis.com *.bellfoodgroup.com *.pi-asp.de *.bellfoodgroup.pi-asp.de *.gate49.net *.equitystory.com *.vimeo.com *.facebook.com *.facebook.net *.cookiebot.com *.google.com td.doubleclick.net;font-src 'self' data: *.fontawesome.com *.gstatic.com *.cloudflare.com;connect-src 'self' consentcdn.cookiebot.com *.fontawesome.com adservice.google.com www.google.com *.addthis.com *.google-analytics.com *.google-analytics.com *.doubleclick.net *.analytics.google.com *.jsdelivr.net cdn.plyr.io *.googlesyndication.com eu-api.friendlycaptcha.eu;base-uri 'self';form-action 'self' *.facebook.com *.facebook.net *.cookiebot.com *.google.com;frame-ancestors 'self' *.bellfoodgroup.com *.jobup.ch *.zentraljob.ch *.myjob.ch *.nicejob.de *.westjob.at *.liechtensteinjobs.li *.suedostschweizjobs.ch *.laendlejob.at *.jobs.ch *.ostjob.ch;manifest-src 'self' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com polyfill.io use.fontawesome.com www.youtube.com www.vimeo.com region1.google-analytics.com www.santandercib.com www.google.com www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com polyfill.io use.fontawesome.com www.youtube.com www.vimeo.com www.santandercib.com www.google.com www.gstatic.com; form-action 'self'; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com use.fontawesome.com www.santandercib.com; img-src 'self' 'unsafe-eval' data: about: maps.googleapis.com maps.gstatic.com www.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com i.ytimg.com www.santandercib.com; font-src 'self' data: use.fontawesome.com fonts.googleapis.com fonts.gstatic.com www.santandercib.com; report-uri /report-csp-violations; upgrade-insecure-requests 1
'self' *.model-t.cc.commerce.ondemand.com *.flyer-bikes.com 1
upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://*.ozzu.com https://www.ozzu.com:6001 wss://www.ozzu.com:6001 https://*.posthog.com; base-uri 'none'; form-action 'self'; object-src 'none'; frame-ancestors 'self'; worker-src 'self'; child-src 'self'; frame-src 'self' https://challenges.cloudflare.com https://js.stripe.com; font-src 'self' https://*.ozzu.com data:; img-src 'self' https://*.ozzu.com https://img.youtube.com data:; style-src 'self' https://*.ozzu.com https://*.posthog.com 'unsafe-inline' 'nonce-vHwb3vznXIPx6QrviMM3QXLoT9nKmkS5'; script-src 'self' https://*.ozzu.com 'unsafe-inline' 'nonce-vHwb3vznXIPx6QrviMM3QXLoT9nKmkS5' 'strict-dynamic'; report-uri https://unmelted.report-uri.com/r/d/csp/enforce 1
block-all-mixed-content; base-uri 'self'; frame-ancestors 'self'; form-action 'self' *.wealden.gov.uk; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wealden.gov.uk https://cdn.jsdelivr.net *.siteimprove.com siteimproveanalytics.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io 93.160.60.22 185.229.144.22 185.229.144.61 *.readspeaker.com *.google.com *.googletagmanager.com *.google-analytics.com *.gstatic.com 1
frame-ancestors 'self' https://player.prezentor.com/ https://editor.prezentor.com/ 1
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw  flightbookings.airnewzealand.com.cn flightbookings.grabaseat.co.nz  flightbookings.airnewzealand.co.jp identity.airnewzealand.com au-connect.authsignal.com auth.identity.airnewzealand.com auth.identity.qual.airnewzealand.com auth.airnewzealand.co.nz auth.airnewzealand.com.sg; script-src 'self' p-airnz.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com player.vimeo.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com www.google.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com s.swiftypecdn.com upgrade.plusgrade.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com static.hotjar.com script.hotjar.com yourir.info ssl.google-analytics.com auth.airnewzealand.co.nz auth.airnewzealand.com.sg cdnjs.cloudflare.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js *.linkedin.com *.licdn.com oc-cdn-public-oce.azureedge.net; style-src 'unsafe-inline' p-airnz.com fonts.googleapis.com tagmanager.google.com s.swiftypecdn.com upgrade-cdn-prd.plusgrade.com static.hotjar.com script.hotjar.com yourir.info 'self' oc-cdn-public-oce.azureedge.net; img-src https: data: static.hotjar.com script.hotjar.com *.linkedin.com *.licdn.com; font-src p-airnz.com fonts.googleapis.com fonts.gstatic.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com 'self' data:; media-src 'self' p-airnz.com video.cdnvue.com ; frame-src 'self' *.google.com www.airnewzealand-hk.com/ auth.identity.airnewzealand.com identity.airnewzealand.com au-connect.authsignal.com player.youku.com v.qq.com player.vimeo.com www.youtube.com nz.fltmaps.com airnz.wufoo.com xd.wayin.com display.engagesciences.com *.demdex.net *.doubleclick.net www.googletagmanager.com *.cdn-pci.optimizely.com nebula-cdn.kampyle.com vars.hotjar.com forms.cd.airnewzealand.co.nz www.airnewzealand.co.nz/airpoints-account/payments/scripts/done.html www.airnewzealand.co.nz/payment/scripts/done.html sec.windcave.com uat.windcave.com oc-cdn-public-oce.azureedge.net blob: airnz-cargo.chooose.today airnz-corporate.chooose.today; connect-src 'self' api.airnz.io api.airnz.ai *.googleapis.com *.google.com *.gstatic.com auth.airnewzealand.co.nz auth.airnewzealand.com.sg identity.airnewzealand.com *.demdex.net *.tt.omtrdc.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net adservice.google.com *.optimizely.com s.swiftypecdn.com search-api.swiftype.com *.kampyle.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.sentry.io yourir.info https://widget.timatic.iata.org/api/ *.linkedin.com *.licdn.com cdn.linkedin.oribi.io sec.windcave.com uat.windcave.com; object-src 'none'; frame-ancestors 'none'; report-uri /csp-report 1
default-src 'self' data: ;   connect-src 'self' data: https: wss: ;   font-src 'self' data: chrome-extension: https: ;   img-src 'self' data: blob: android-webview-video-poster: about: https: ;   frame-src 'self' https: ;   script-src 'self' 'unsafe-inline' 'unsafe-eval' about: https: ;   script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' about: https: data: ;   style-src 'self' 'unsafe-inline' https: ;   style-src-elem 'self' 'unsafe-inline' https: data: ;   style-src-attr 'self' 'unsafe-inline' https: ;   media-src 'self' data: https: ;   worker-src 'self' 'unsafe-inline' https: blob: ;   frame-ancestors 'self' https: ;   upgrade-insecure-requests;   block-all-mixed-content;  report-uri https://cspr-it.mag-news.it/ 1
default-src 'none'; base-uri 'self' https://altoplan.de https://www.altoplan.de; child-src 'self'; connect-src 'self'; font-src 'self' data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 1
base-uri 'self' https://*.mailstrom.co; block-all-mixed-content; report-uri /api/csp_reports; default-src 'self' https:; object-src 'none'; child-src 'self' https://*.mailstrom.co https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; font-src 'self' https: data: https://fonts.gstatic.com; frame-src 'self' https://*.mailstrom.co https://www.facebook.com https://bid.g.doubleclick.net https://js.stripe.com https://hooks.stripe.com https://checkout.stripe.com https://platform.twitter.com; frame-ancestors 'self'; img-src 'self' https: data: blob: https://*.stripe.com; connect-src 'self' https: https://www.google-analytics.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://bam.nr-data.net https://api.stripe.com https://checkout.stripe.com https://syndication.twitter.com; style-src 'self' https://fonts.googleapis.com 'report-sample' https: 'unsafe-inline'; script-src 'report-sample' 'strict-dynamic' 'nonce-l3S0ellKxs2Xz8eo5YQHhw==' 1
default-src 'self'; script-src 'self' 'unsafe-eval' www.youtube.com www.googletagmanager.com www.google-analytics.com connect.facebook.net *.js; connect-src 'self' *.ingest.sentry.io *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net *.be-salt.com *.ngrok.io; child-src 'self'; frame-src 'self' www.youtube.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: https:; 1
frame-ancestors 'self' garajsepeti.com tasit.com *.garajsepeti.com *.tasit.com 1
upgrade-insecure-requests; default-src https: 'self'; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sbl.onfastspring.com https://plausible.io https://*.typeform.com https://*.zendesk.com https://*.zdassets.com https://*.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://analytics.twitter.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://handsontable.piwik.pro https://handsontable.containers.piwik.pro https://*.list-manage.com https://docs.handsontable.com https://s3.amazonaws.com https://unpkg.com https://cdn.jsdelivr.net https://buttons.github.io https://code.jquery.com https://cdn.headwayapp.co https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.googletagmanager.com https://*.google-analytics.com https://tagmanager.google.com https://script.crazyegg.com https://*.cloudfront.net https://*.cloudflare.com https://*.s3.amazonaws.com https://*.doubleclick.net https://connect.facebook.net https://*.sentry-cdn.com; img-src * 'self' data: https:; style-src 'self' 'unsafe-inline' https://sbl.onfastspring.com https://plausible.io https://*.typeform.com https://*.zendesk.com https://*.zdassets.com https://www.googletagmanager.com https://*.hotjar.com https://*.cloudflare.com https://fonts.googleapis.com https://tagmanager.google.com https://cdn.jsdelivr.net; font-src 'self' data: https://*.zendesk.com https://*.zdassets.com https://*.hotjar.com https://fonts.gstatic.com; frame-src 'self' 'unsafe-inline' https://handsontablestore.onfastspring.com https://handsontablestore.test.onfastspring.com https://*.doubleclick.net https://plausible.io https://*.typeform.com https://*.zendesk.com https://*.zdassets.com https://examples.handsontable.com https://handsontable.github.io https://*.hotjar.com https://consentcdn.cookiebot.com https://www.google.com https://headway-widget.net https://www.youtube.com https://player.vimeo.com https://codesandbox.io https://www.youtube-nocookie.com https://www.facebook.com https://*.doubleclick.net https://www.googletagmanager.com/; object-src 'self'; connect-src 'self' https://plausible.io https://*.linkedin.com https://*.zendesk.com https://adservice.google.com https://*.zdassets.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://consentcdn.cookiebot.com https://cdn.linkedin.oribi.io https://www.google.com https://google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.pl https://*.google-analytics.com https://*.analytics.google.com https://*.googlesyndication.com https://*.handsontable.com https://www.googletagmanager.com https://handsontable.com https://handsontablestore.test.onfastspring.com https://handsontablestore.onfastspring.com https://snap.licdn.com https://www.facebook.com https://*.sentry.io; worker-src 'self' blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam.nr-data.net/ https://cdn.usefathom.com/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/ https://js-agent.newrelic.com/ https://www.google.com/ https://www.gstatic.com/ https://www.google-analytics.com/ https://www.googletagmanager.com https://use.typekit.net/ https://craftpeak.site/ https://embed-menu-preloader.untappdapi.com/ https://business.untappd.com/ https://assets.untappd.com/ https://cdn.clarip.com/ https://offers.pearcommerce.com/ 1
frame-ancestors 'self' https://*.yandex.ru 1
default-src 'self' https://*.media-artists.nl https://*.bigcheese.site https://www.cdn-1.pokon.nl https://www.cdn-2.pokon.nl https://*.e.ce-analytics.com https://*.facebook.com https://*.google.com https://*.google.nl https://*.googleusercontent.com https://*.instagram.com; style-src 'self' https://*.media-artists.nl https://*.bigcheese.site https://www.cdn-1.pokon.nl https://www.cdn-2.pokon.nl https://*.googleapis.com https://embed.typeform.com https://*.tiktok.com https://*.ttwstatic.com https://*.thuiswinkel-cdn.org 'unsafe-inline'; img-src * data:; media-src 'self' https://*.media-artists.nl https://*.bigcheese.site https://www.cdn-1.pokon.nl https://www.cdn-2.pokon.nl data:; font-src 'self' https://*.media-artists.nl https://*.bigcheese.site https://www.cdn-1.pokon.nl https://www.cdn-2.pokon.nl data: https://fonts.gstatic.com https://ma-fonts.s3.eu-west-1.amazonaws.com https://cdn.channelsight.com; script-src 'self' https://*.media-artists.nl https://*.bigcheese.site https://www.cdn-1.pokon.nl https://www.cdn-2.pokon.nl https://*.facebook.net https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.clarity.ms https://acdn.adnxs.com https://trk.adbutter.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.trackedweb.net https://embed.typeform.com https://*.tiktok.com https://*.ttwstatic.com https://*.thuiswinkel.org https://*.thuiswinkel-cdn.org https://*.facebook.net 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https://*.media-artists.nl https://*.bigcheese.site https://www.cdn-1.pokon.nl https://www.cdn-2.pokon.nl https://*.clarity.ms wss://*.clarity.ms https://region1.google-analytics.com wss://region1.google-analytics.com https://consentcdn.cookiebot.com wss://consentcdn.cookiebot.com https://*.trackedweb.net wss://*.trackedweb.net https://api.typeform.com wss://api.typeform.com https://*.thuiswinkel-cdn.org wss://*.thuiswinkel-cdn.org https://*.trackedweb.net; frame-src 'self' https://*.media-artists.nl https://*.bigcheese.site https://www.cdn-1.pokon.nl https://www.cdn-2.pokon.nl https://*.youtube.com https://*.youtu.be https://*.facebook.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://form.typeform.com https://*.tiktok.com https://*.ttwstatic.com https://*.widget.thuiswinkel.org https://*.youtube.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; media-src 'self'; form-action 'self' https://www.server-team1.de https://www.server-team3.de; child-src 'self' https://www.google.com https://www.server-team1.de https://www.server-team3.de; frame-ancestors 'self'; connect-src 'self' https://api.imgur.com; report-uri 'self'; report-to 'self'; 1
frame-ancestors 'self' https://gisportalprod01.svo.local/ https://gisportal.skogsstyrelsen.se/ 1
script-src-elem https://www.bwi.de https://sc-static.net https://piwik.bwi.de https://connect.facebook.net https://js.adsrvr.org https://snap.licdn.com https://static.ads-twitter.com https://acdn.adnxs.com https://www.googletagmanager.com https://tr.snapchat.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.com/pagead/1p-conversion/11022211265/ https://www.google.com/pagead/1p-conversion/813917562/ *.www.google.com 'strict-dynamic' 'nonce-on8S2R86T91PsqV-2wuW_8t9xerpNcOKEyY8XDsM9NwO8kh5LAdD0g' http: https: https://bwi.ddev.site https://bwi-staging.jweiland-hosting.de https://www.google.de https://match.adsrvr.org https://www.redditstatic.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://jobspreader.com 'report-sample'; connect-src https://*.bwi.de https://bwi.ddev.site https://*.jweiland-hosting.de https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://gtm-t9r5q9m-yja3z.uc.r.appspot.com https://tr.snapchat.com https://*.bing.com https://bat.bing.com/%2A https://www.facebook.com https://*.googlesyndication.com https://px.ads.linkedin.com https://tr6.snapchat.com/p https://www.redditstatic.com https://pixel-config.reddit.com https://jobspreader.com https://acdn.adnxs.com https://ib.adnxs.com https://pagead2.googlesyndication.com; default-src 'self' https://*.bwi.de https://cdn.linkedin.oribi.io https://tr.snapchat.com https://insight.adsrvr.org https://match.adsrvr.org https://play-workadventure.innoxlab.de/web/; script-src 'self' 'nonce-on8S2R86T91PsqV-2wuW_8t9xerpNcOKEyY8XDsM9NwO8kh5LAdD0g' 'strict-dynamic' http: https: https://www.bwi.de https://bwi-staging.jweiland-hosting.de https://www.google.com https://www.google.de https://www.googleadservices.com https://www.googletagmanager.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/878161939333953 https://bat.bing.com/bat.js https://bat.bing.com/p/action/134601748.js https://static.ads-twitter.com/uwt.js https://js.adsrvr.org/up_loader.1.1.0.js https://p.teads.tv/teads-fellow.js https://www.redditstatic.com/ads/pixel.js https://sc-static.net/scevent.min.js https://acdn.adnxs.com/dmp/up/pixie.js https://googleads.g.doubleclick.net 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://www.bwi.de https://bwi-staging.jweiland-hosting.de https://messenger.bwi.de https://karriere.bwi.de https://secure.adnxs.com https://bat.bing.com https://*.linkedin.com https://px.ads.linkedin.com https://t.co https://analytics.twitter.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://www.google.de https://ad.doubleclick.net https://adservice.google.com https://adservice.google.de https://alb.reddit.com https://www.facebook.com https://ib.adnxs.com https://px4.ads.linkedin.com https://gtm-t9r5q9m-yja3z.uc.r.appspot.com https://gtm-t9r5q9m-yja3z.uc.r.appspot.com/%2A https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://*.google.nl https://www.googletagmanager.com https://pagead2.googlesyndication.com https://connect.facebook.net https://piwik.bwi.de; base-uri 'self'; frame-src https://karriere.bwi.de https://insight.adsrvr.org https://match.adsrvr.org https://bat.bing.com https://www.googletagmanager.com https://tr.snapchat.com https://feedback-pa.clients6.google.com https://bid.g.doubleclick.net https://td.doubleclick.net; style-src 'self' 'unsafe-inline' 'report-sample'; object-src 'none'; font-src 'self'; worker-src blob:; report-uri https://www.bwi.de/@http-reporting?csp=report&requestTime=1721955933336894 1
default-src * data: blob: https:; script-src *.terme-tuhelj.hr *.terme-olimia.com *.gooya.io *.phobs.net *.sos-sw.si *.googletagmanager.com *.google-analytics.com *.gstatic.com *.googleapis.com *.googleadservices.com *.facebook.net *.intelliad.de *.doubleclick.net *.google.com *.sentry-cdn.com *.hotjar.com cdn-cookieyes.com 'unsafe-inline' 'unsafe-eval'; style-src *.terme-tuhelj.hr *.gooya.io *.phobs.net *.googleapis.com *.googletagmanager.com *.google.com *.sos-sw.si 'unsafe-inline' 1
default-src 'unsafe-inline' 'unsafe-eval' https://www.vv.lt *.analytics.google.com https://nominatim.openstreetmap.org/ https://proxy.tcg.lt:23451/ https://unpkg.com https://pagead2.googlesyndication.com https://maps.googleapis.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://region1.google-analytics.com https://nulispasiteisinimu.lt https://www.facebook.com https://connect.facebook.net https://vilnius.lt https://www.vilnius.lt https://web.vilnius.lt https://yoast.com https://www.youtube.com/ https://vvandenys.maps.arcgis.com https://fcrchat.fcrmedia.lt https://gis.vv.lt https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://ajax.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google.com https://www.google.lt https://maps.google.com/ https://www.gstatic.com https://use.fontawesome.com 'self'; font-src 'self' data: https://www.vv.lt https://fonts.gstatic.com:443 https://netdna.bootstrapcdn.com; img-src 'self' data: https://www.vv.lt https://tile.openstreetmap.org/ https://a.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://www.facebook.com https://connect.facebook.net https://www.google.com https://www.google.lt https://www.googletagmanager.com https://ps.w.org https://s.w.org https://secure.gravatar.com:443 https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://proxy.tcg.lt:23451/ https://www.vv.lt https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com:443 https://netdna.bootstrapcdn.com 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://fun.meghantelpner.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' sonix.ai js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.cloudfront.net js.hs-scripts.com o26255.ingest.sentry.io online.flippingbook.com fast.fonts.net siteimproveanalytics.com www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com cdnjs.cloudflare.com www.google-analytics.com consent.trustarc.com kit.fontawesome.com acsbapp.com blob:; style-src 'self'  'unsafe-inline' *.cloudfront.net sonix.ai cdn-images.mailchimp.com cdn-images.mailchimp.com cdnjs.cloudflare.com fonts.googleapis.com consent.trustarc.com fast.fonts.net ka-p.fontawesome.com; img-src 'self' *.flippingbook.com *.siteimproveanalytics.io consent.trustarc.com www.google.com www.tenrec.com www.google-analytics.com forms.hsforms.com *.hubspot.com consent.truste.com data:; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com consent.trustarc.com ka-p.fontawesome.com fast.fonts.net; 1
frame-ancestors 'self' https://*.dogorama.app 1
default-src 'self' *.cotabank.com *.cotabank.com.tw; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cotabank.com *.cotabank.com.tw https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://accounts.google.com https://maps.google.com; style-src 'self' 'unsafe-inline' *.cotabank.com *.cotabank.com.tw https://fonts.googleapis.com https://maps.google.com https://maps.googleapis.com; connect-src 'self'  *.cotabank.com *.cotabank.com.tw wss://127.0.0.1:14700 wss://127.0.0.1:36994 wss://127.0.0.1:59288 wss://127.0.0.1:15700 wss://127.0.0.1:37994 wss://127.0.0.1:60288 wss://127.0.0.1:14702 wss://127.0.0.1:14703 wss://127.0.0.1:14704 https://localhost:56355 https://localhost:56375 https://localhost:56395 https://localhost:54355 https://localhost:54375 https://localhost:54395 https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com blob:; img-src 'self' *.cotabank.com *.cotabank.com.tw https://www.google-analytics.com https://maps.google.com https://maps.gstatic.com https://maps.googleapis.com data: blob:; font-src 'self' https://fonts.gstatic.com data:; frame-ancestors 'self' *.cotabank.com.tw *.cotabank.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' ajax.googleapis.com api-maps.yandex.ru; connect-src 'self'; child-src 'self'; img-src * data:; style-src * 'unsafe-inline'; font-src *; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' eu-prod.oppwa.com publuu.com secure.trust-provider.com live.brame-gamification.com wlan.klipp.at klipp.at *.paypal.com *.piwik.pro cdn.matomo.cloud *.sendinblue.com *.brevo.com blob: *.youtube-nocookie.com *.pay1.de *.gstatic.com *.google.com *.jsdelivr.net *.g.doubleclick.net *.smarketer.de *.sectigo.com *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com connect.facebook.net *.googletagmanager.com *.googleadservices.com; frame-src: 'self' *.paypal.com publuu.com secure.trust-provider.com live.brame-gamification.com klipp.at klipp-wlan.agoradesign.at *.sendinblue.com *.brevo.com youtu.be *.youtube-nocookie.com *.pay1.de *.google.com *.youtube.com *.facebook.com s-static.ak.facebook.com; object-src 'self'; frame-ancestors 'self' https://klipp.at https://klipp-wlan.agoradesign.at https://wlan.klipp.at 1
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: *; style-src 'self' 'unsafe-inline' *; font-src 'self' * data:; object-src 'self' *; frame-src 'self' *; worker-src 'self' *; connect-src 'self' * 1
frame-ancestors 'self' http://www.philips.pt *.philips.com *.philips.pt https://philipsigtdpv.com 1
default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; object-src 'self'; font-src https: data: 'self' http: fonts.googleapis.com themes.googleusercontent.com; connect-src https: wss: 'self'; img-src https: data: 'self' http: *.gravatar.com; worker-src blob: https: 'self' 'unsafe-inline' 'unsafe-eval'; media-src https: blob: 'self'; style-src https: 'unsafe-eval' 'unsafe-inline' 'self' http: fonts.googleapis.com frame-ancestors: localhost https://sfci-charpentes.fr/ 1
Content-Security-Policy: 1
default-src 'self' 'unsafe-inline';frame-src 'self' 'unsafe-inline' https://www.youtube.com; script-src 'self' 'unsafe-inline' https://ssl.google-analytics.com http://www.google-analytics.com http://www.google.com https://www.googletagmanager.com http://www.googletagmanager.com; img-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' http://www.google.com; 1
default-src 'self' https://* data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* data:; connect-src * 'self' ws://localhost:* wss://backstage.sila-production.ru:* ws://backstage.sila-production.ru:* https://* data:; img-src data: 'self' https://*; style-src 'self' 'unsafe-inline' https://* data:; frame-ancestors 'self' https://* data: https://backstage.sila-production.ru https://backstage.sila-production.ru:*; 1
default-src 'self' https://imperialroadsafety.bastionstudio.co.za https://p.typekit.net https://use.typekit.net https://ton.twimg.com https://pbs.twimg.com https://www.overend.co.za https://vod.overendstudio.co.za https://fonts.googleapis.com https://fonts.gstatic.com http://vod.overendstudio.co.za https://twitter.com/ https://www.google-analytics.com https://platform.twitter.com https://www.facebook.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.za https://overendstudio.co.za https://abs.twimg.com https://cdn.syndication.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://consent.cookiebot.com/; img-src * data: about:;frame-src 'self' https://imperialroadsafety.bastionstudio.co.za https://irhosted.profiledata.co.za https://consentcdn.cookiebot.com/ https://fonts.gstatic.com https://fonts.googleapis.com https://twitter.com https://platform.twitter.com/ https://www.twitter.com https://www.facebook.com https://9954673.fls.doubleclick.net https://maps.google.com https://www.google.com https://overendstudio.co.za https://abs.twimg.com https://cdn.syndication.twimg.com https://platform.twitter.com https://syndication.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://imperialroadsafety.bastionstudio.co.za https://use.typekit.net https://code.createjs.com https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://cdn.syndication.twimg.com/ https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://9954673.fls.doubleclick.net http://code.jquery.com https://code.highcharts.com https://abs.twimg.com https://fonts.googleapis.com; style-src 'self' 'unsafe-inline' https://imperialroadsafety.bastionstudio.co.za https://fonts.googleapis.com/ https://twitter.com/ https://www.google-analytics.com https://platform.twitter.com https://abs.twimg.com https://pbs.twimg.com https://cdn.syndication.twimg.com https://ton.twimg.com https://consent.cookiebot.com; 1
script-src 'self' 'unsafe-inline' tracking.g2crowd.com tag.clearbitscripts.com x.clearbitjs.com https://app.factors.ai/assets/ b-code.liadm.com https://s3-us-west-2.amazonaws.com/b2bjsstore/ *.intercom.io *.fullstory.com js.intercomcdn.com js.hscta.net cdn.segment.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com snap.licdn.com js.hs-analytics.net *.hubspot.com *.hs-banner.com *.hs-scripts.com; object-src 'none'; report-uri https://upflow.uriports.com/reports/report; report-to csp-report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' epcplc.com *.epcplc.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.duosecurity.com *.cookielaw.org *.onetrust.com; img-src 'self' 'unsafe-inline' epcplc.com *.epcplc.com *.cookielaw.org data:; 1
frame-ancestors 'self' https://infoboard.rsue.ru 1
frame-ancestors 'none' ; report-uri https://netresec.report-uri.com/r/d/csp/enforce; 1
default-src https: data:; script-src https: data: 'unsafe-eval' 'unsafe-inline'; style-src https: data: 'unsafe-inline' 1
base-uri 'none'; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' https://img.quanti.cz https://www.google.cz https://region1.google-analytics.com https://ct.leady.com https://www.facebook.com https://maps.gstatic.com https://maps.googleapis.com https://www.linkedin.com https://www.google-analytics.com https://px.ads.linkedin.com https://maps.gstatic.com data:; object-src 'none'; script-src-attr 'none'; style-src 'self' https://hello.myfonts.net https://fonts.googleapis.com https://maps.googleapis.com 'unsafe-inline'; script-src 'self' 'nonce-NB8M4b8vJRuy2eebO0WoRg==' 'strict-dynamic' https://web-sdk.smartlook.com https://ct.leady.com https://www.quanti-web-prod.quanti.cz https://www.googletagmanager.com https://snap.licdn.com https://connect.facebook.net https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://rec.smartlook.com blob; upgrade-insecure-requests; default-src 'self'; connect-src 'self' data: https://www.quanti.cz https://www.quanti-web.quanti.cz https://www.quanti-web-be-testing.quanti.cz https://www.quanti-web-be-prod.quanti.cz https://maps.googleapis.com https://www.google.cz/ https://region1.google-analytics.com https://region1.analytics.google.com/ https://www.facebook.com/tr/ https://manager.eu.smartlook.cloud https://ct.leady.com https://px.ads.linkedin.com https://stats.g.doubleclick.net;; media-src 'self' https://img.quanti.cz; frame-src 'self' https://td.doubleclick.net; 1
default-src railserve.biz *.vimeo.com *.vimeocdn.com fresnel.vimeocdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com ajax.googleapis.com jotform.com form.jotform.com *.jotfor.ms player.vimeo.com; connect-src 'self' www.google-analytics.com *.vimeo.com *.vimeocdn.com; font-src https://railserve.biz fonts.gstatic.com *.fontawesome.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.jotfor.ms *.fontawesome.com; form-action 'self' jotform.com; img-src 'self' data: www.w3.org https://secure.gravatar.com jotform.com www.googletagmanager.com www.google-analytics.com *.w.org; media-src 'self' *.vimeo.com;frame-src 'self' *.vimeo.com form.jotform.com submit.jotform.com; worker-src 'self' 1
frame-ancestors 'self' ispch.gob.cl *.ispch.gob.cl *ispch.cl 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.fwc.pl *.victoriassecret.pl *.trustmate.io trustmate.io *.cookiebot.com *.cookiebot.eu *.webgains.io *.packeta.com *.youtube.com *.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net *.googletagmanager.com *.ingest.sentry.io *.google.com data: *.salesmanago.pl *.criteo.com *.hotjar.com; frame-src 'self' * *.packeta.com *.gstatic.com *.google.com *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com *.adyen.com *.dhl.pl *.criteo.com *.hotjar.com *.salesmanago.pl; object-src 'self'; default-src 'self' *.bathandbodyworks.pl *.bathandbodyworks.ro; img-src 'self' data: *.trustmate.io trustmate.io *.google-analytics.com *.adyen.com *.google.com *.gstatic.com *.googleapis.com *.doubleclick.net *.salesmanago.pl *.facebook.com *.criteo.com *.bathandbodyworks.pl *.bathandbodyworks.ro; style-src 'unsafe-inline' 'self' *.trustmate.io trustmate.io *.googletagmanager.com *.googleapis.com; connect-src 'self' *.victoriassecret.pl *.trustmate.io trustmate.io *.cookiebot.com *.cookiebot.eu *.webgains.io *.packeta.com *.googlesyndication.com *.googletagmanager.com *.google.com *.ingest.sentry.io *.google-analytics.com *.adyen.com *.googleapis.com *.doubleclick.net *.facebook.com *.criteo.com *.hotjar.com *.salesmanago.pl; font-src 'self' *.googleapis.com *.gstatic.com; media-src 'self' *.bathandbodyworks.pl *.bathandbodyworks.ro; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; frame-ancestors 'self' 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval' data:; frame-src 'self' https: data:; object-src 'none'; 1
default-src 'self'; script-src 'self' is.gd v.gd sentry.io blob:; style-src 'self' 'unsafe-inline'; style-src-attr 'self';  img-src 'self' data:; font-src 'self'; frame-src 'self'; connect-src 'self' https: l10n.hexed.it sentry.io 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://*.contentsquare.net https://sgtm.mioskincare.fr; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co; form-action 'self' https://www.facebook.com https://www.mioskincare.fr https://m.mioskincare.fr https://checkout.mioskincare.fr https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://ln-rules.rewardstyle.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com https://sgtm.mioskincare.fr; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://fonts.smct.co https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
upgrade-insecure-requests; object-src 'none'; script-src 'self'; frame-ancestors 'seframe-ancestors 'self'; base-uri 'self'; form-action 'self'; report-uri /cgi-bin/report-uri 1
default-src 'self' 'unsafe-inline' *.google-analytics.com *.gravatar.com cdnjs.cloudflare.com cdnjs.com freebsdfoundation.org liberapay.com github.com raw.githubusercontent.com; 1
frame-ancestors 'self' welcome.espace.link ; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.calameo.com *.criteo.net *.criteo.com *.fls.doubleclick.net *.pwspace.com *.powerspace.com *.tradelab.fr *.classcroute.com www.youtube.com secureaud.solocpm.com www.linkedin.com cdn.linkedin.oribi.io www.mainadv.com *.tradedoubler.com *.avtm.fr *.ad-srv.net tag.azame.net *.adnxs.com uzerly.net *.adsrvr.org *.mathtag.com *.veoxa.com sk.ht *.sk.ht kx1.co px.ads.linkedin.com sjs.bizographics.com snap.licdn.com *.bing.com connect.facebook.net www.facebook.com fonts.googleapis.com *.g.doubleclick.net tag.statshop.fr *.tracktag.sytsem.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.google.com *.axept.io; img-src 'self' blob: data: http: https: *.classcroute.com; font-src 'self' data: http: https: fonts.googleapis.com  1
default-src 'none'; img-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none' 1
default-src         'self';             script-src         'self'         'unsafe-inline'         'unsafe-eval' 		blob:         http://www.google-analytics.com/         http://connect.facebook.net         https://fonts.googleapis.com/         https://www.googletagmanager.com/gtag/         https://www.google.com/recaptcha/         https://www.gstatic.com/recaptcha/         https://www.googletagmanager.com         https://www.googleadservices.com/         https://googleads.g.doubleclick.net         https://www.gstatic.com 		https://pi.pardot.com         http://cdn.pardot.com         https://info.acin.pt         https://info.acingov.pt         https://www.google.com/jsapi;            img-src         'self'         data:         blob:         https://www.facebook.com/         http://www.google-analytics.com/         https://stats.g.doubleclick.net/         https://www.google.com/         https://www.google.pt/ 		https://www.googletagmanager.com         https://apps.acingov.pt;             style-src         'self'         'unsafe-inline' 		https://www.gstatic.com/         https://fonts.googleapis.com/;             font-src         'self'         https://fonts.googleapis.com/         https://fonts.gstatic.com/         https://themes.googleusercontent.com/;             frame-src         'self'         https://www.googletagmanager.com 		https://www.youtube.com/         https://www.google.com/;             frame-ancestors         'self'         https://www.google.com/;             object-src         'self'        data:         blob:;             media-src         'self';             connect-src         'self' 		https://stats.g.doubleclick.net/         https://www.google-analytics.com/ 		https://region1.google-analytics.com/ ;        	form-action         'self'         https://preprod.autenticacao.gov.pt/fa/Default.aspx         https://autenticacao.gov.pt/fa/Default.aspx ;      1
default-src 'self'; connect-src 'self' www.google-analytics.com www.googletagmanager.com analytics.google.com stats.g.doubleclick.net www.google.com google.com www.datocms-assets.com datocms-assets.com www.yourir.info yourir.info fast.fonts.net www.vimeo.com vimeo.com www.youtube.com youtube.com app.netlify.app netlify.app ppinlgt5jk.execute-api.ap-southeast-2.amazonaws.com *.netlify.app search-api.swiftype.com yourir.info gstatic.com www.gstatic.com google.com.au www.google.com.au; frame-src 'self' player.vimeo.com www.youtube.com youtube.com www.google.com google.com app.netlify.app netlify.app app.netlify.com www.yourir.info yourir.info; script-src 'self' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' www.yourir.info yourir.info player.vimeo.com www.google.com google.com www.google-analytics.com www.googletagmanager.com analytics.google.com stats.g.doubleclick.net www.gstatic.com gstatic.com netlify-cdp-loader.netlify.app netlify.app; style-src 'self' 'unsafe-inline' www.yourir.info yourir.info; style-src-elem 'self' 'unsafe-inline' www.yourir.info yourir.info; img-src 'self' data: www.datocms-assets.com datocms-assets.com www.google.com www.google.com.au; media-src 'self' stream.mux.com www.datocms-assets.com datocms-assets.com www.google.com google.com; font-src 'self' data: fast.fonts.net; object-src 'self' www.yourir.info yourir.info; 1
script-src 'unsafe-inline' 'unsafe-eval' https:; object-src 'self' 1
font-src 'self'; manifest-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' 1
default-src 'self'; media-src https://player.vimeo.com https://download-video.akamaized.net; connect-src 'self' https://cdn.cookielaw.org https://ibsagroup.matomo.cloud *.google-analytics.com https://geolocation.onetrust.com *.googleapis.com https://stats.g.doubleclick.net *.analytics.google.com https://privacyportal-de.onetrust.com *.taleez.com https://taleez.com; font-src 'self' *.gstatic.com data:; img-src 'self' https://cdn.cookielaw.org *.gstatic.com *.googleapis.com https://www.w3.org https://i.ytimg.com https://www.googletagmanager.com *.google.ch *.google.it *.google.com *.google-analytics.com *.taleez.com data:;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com *.googleapis.com https://unpkg.com *.gstatic.com https://polyfill.io https://cdn.cookielaw.org https://www.googletagmanager.com https://cdn.matomo.cloud https://ibsagroup.matomo.cloud https://maps.google.com https://s7.addthis.com *.google-analytics.com https://www.youtube.com https://taleez.com; style-src 'self' 'unsafe-inline' *.googleapis.com;  worker-src 'self';  frame-src 'self' https://www.youtube.com https://www.google.com https://online.fliphtml5.com *.cloudfront.net/ https://player.vimeo.com https://e.issuu.com; frame-ancestors 'self'; 1
frame-ancestors 'self' https://www.spenderfeedback.com 1
frame-ancestors nedap-luna.com www.nedap-luna.com nedap-luna.superbold.nl 1
frame-ancestors 'self' https://arabicpost.net/ 1
img-src 'self' *.commercecloud.salesforce.com nadir.com.br *.nadir.com.br data: *.demandware.net cdn.popt.in https://www.facebook.com https://www.google.com.br https://www.google.com/ads/ga-audiences https://storage.googleapis.com https://api.pagar.me https://www.google-analytics.com https://googleads.g.doubleclick.net/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://code.jquery.com/ *.bing.com/ *.enviou.com.br/ *.tiktok.com/ *.hotjar.com/ *.getblue.io/ *.smarthint.co/ www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://*.afilio.com.br/ https://*.azurewebsites.net/ targeting.voxus.com.br targeting.voxus.tv api.ipify.org api.voxus.tv loggly.com secure.adnxs.com/ *.targeting.voxus.com.br *.targeting.voxus.tv *.api.ipify.org *.api.voxus.tv *.loggly.com *.secure.adnxs.com/;script-src 'self' 'unsafe-eval' 'unsafe-inline' storage.googleapis.com/ https://accounts.google.com/ *.commercecloud.salesforce.com/ nadir.com.br *.nadir.com.br https://cdn.popt.in/ https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js https://www.google.com.br/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.facebook.com/ https://connect.facebook.net/ https://unpkg.com/ https://googleads.g.doubleclick.net/ https://code.jquery.com/ *.botmaker.com/ *.bing.com/ *.enviou.com.br/ *.tiktok.com/ *.hotjar.com/ *.getblue.io/ *.smarthint.co/ https://tagmanager.google.com https://*.googletagmanager.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.afilio.com.br/ https://*.azurewebsites.net/ targeting.voxus.com.br targeting.voxus.tv api.ipify.org api.voxus.tv loggly.com secure.adnxs.com/ *.targeting.voxus.com.br *.targeting.voxus.tv *.api.ipify.org *.api.voxus.tv *.loggly.com *.secure.adnxs.com/ https://*.gstatic.com/;connect-src 'self' api.cquotient.com https://viacep.com.br https://accounts.google.com *.commercecloud.salesforce.com *.demandware.net nadir.com.br *.nadir.com.br https://cdn.popt.in https://display.popt.in https://d3lopmpcew67el.cloudfront.net https://www.google.com.br https://googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.facebook.com https://connect.facebook.net https://www.facebook.com/tr https://api.pagar.me https://lottie.host https://googleads.g.doubleclick.net/ https://code.jquery.com/ *.bing.com/ *.enviou.com.br/ *.tiktok.com/ *.hotjar.com/ *.hotjar.io/ *.getblue.io/ *.smarthint.co/ google.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.google.com/ wss://*.hotjar.com/ https://www.googleadservices.com/ https://*.googleadservices.com/ https://*.afilio.com.br/ https://*.azurewebsites.net/ targeting.voxus.com.br targeting.voxus.tv api.ipify.org api.voxus.tv loggly.com secure.adnxs.com/ *.targeting.voxus.com.br *.targeting.voxus.tv *.api.ipify.org *.api.voxus.tv *.loggly.com *.secure.adnxs.com/ https://*.gstatic.com/;frame-src 'self' www.youtube.com https://www.google.com.br https://accounts.google.com https://www.googletagmanager.com *.commercecloud.salesforce.com nadir.com.br *.nadir.com.br https://cdn.popt.in https://www.facebook.com https://td.doubleclick.net/ https://googleads.g.doubleclick.net/ https://code.jquery.com/ *.bing.com/ *.enviou.com.br/ *.tiktok.com/ *.hotjar.com/ *.getblue.io/ *.smarthint.co/ https://bid.g.doubleclick.net targeting.voxus.com.br targeting.voxus.tv api.ipify.org api.voxus.tv loggly.com secure.adnxs.com/ *.targeting.voxus.com.br *.targeting.voxus.tv *.api.ipify.org *.api.voxus.tv *.loggly.com *.secure.adnxs.com https://*.gstatic.com/ https://*.google.com/;upgrade-insecure-requests;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' wss://socket.linkhub.co.kr https://pay.linkhub.co.kr https://partner.linkhub.co.kr https://partner.popbill.com https://www.linkhub.co.kr https://blog.linkhub.co.kr https://stats.g.doubleclick.net https://www.google-analytics.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://d17ecin4ilxxme.cloudfront.net https://127.0.0.1:17107;frame-ancestors 'none'; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://www.standard-insurance.com https://fonts.googleapis.com https://fonts.googleapis.com https://use.fontawesome.com; script-src * 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: https://res.cloudinary.com https://34.205.31.173 https://www.googletagmanager.com https://www.google-analytics.com/r/collect https://www.google-analytics.com/collect https://www.standard-insurance.com https://maps.googleapis.com https://maps.gstatic.com https://khms0.googleapis.com https://khms1.googleapis.com; connect-src *; font-src 'self' https://fonts.gstatic.com; frame-src *; object-src 'none'; 1
frame-src https: 1
frame-ancestors: self 1
frame-ancestors 'self' https://tourpoules.nl https://tourdefrancespellen.nl https://cyclingstartlist.com https://ek-poules.nl https://wk-poules.nl 1
frame-ancestors 'self' https://*.private-ai.com https://*.redoc.ly; 1
frame-ancestors 'self' https://*.encompass.ice.com https://www.encompassloconnect.com https://encompassloconnect.com https://*.ellieservices.com https://encompass.ice.com 1
default-src 'self' localhost https data: blob: *;connect-src 'self' localhost https data: blob: *;style-src 'unsafe-inline' 'unsafe-eval' 'self' localhost https data: blob: *;script-src 'unsafe-inline' 'unsafe-eval' 'self' localhost https data: blob: *;img-src 'self' localhost https data: blob: *;media-src 'self' localhost https data: blob: *;worker-src 'unsafe-inline' 'unsafe-eval' 'self' localhost https data: blob: *;frame-ancestors https://app.crystallize.com https://app-dev.crystallize.digital 1
default-src 'self' localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr *.disquscdn.com disqus.com; connect-src * data: blob: filesystem: localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagservices.com localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr vercel.live vitals.vercel-insights.com script.hotjar.com static.hotjar.com static.cdn.prismic.io stats.qiota.com scripts.qiota.com data.qiota.com static.qiota.com www.qiota.com adservice.google.com www.google.com cse.google.com adservice.google.fr securepubads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.google.com/recaptcha www.gstatic.com/recaptcha platform.twitter.com lessor.disqus.com tpc.googlesyndication.com prismic.io; child-src 'self' localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr ; frame-src 'self' localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr https://rue-bleue.kessel.media ruebleue.lessor.org lessor.prismic.io *.qiota.com www.qiota.com qiota.com *.safeframe.googlesyndication.com vars.hotjar.com https://platform.twitter.co disqus.com www.google.com tpc.googlesyndication.com https://www.youtube.com/ https://platform.twitter.com/ http://www.googletagmanager.com/'; form-action 'self' localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr; img-src 'self' data: https: localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr *.google.com; style-src 'unsafe-inline' localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr www.qiota.com www.google.com disqus.com *.disquscdn.com; media-src 'self' localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr ; font-src 'self' localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr; 1
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw  flightbookings.airnewzealand.com.cn flightbookings.grabaseat.co.nz  flightbookings.airnewzealand.co.jp; script-src 'self' p-airnz.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com typesquare.com flightbookings.airnewzealand.co.nz player.vimeo.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com www.google.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com static.hotjar.com script.hotjar.com s.swiftypecdn.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js oc-cdn-public-oce.azureedge.net yourir.info; style-src 'unsafe-inline' p-airnz.com fonts.googleapis.com tagmanager.google.com static.hotjar.com script.hotjar.com s.swiftypecdn.com 'self' oc-cdn-public-oce.azureedge.net yourir.info; img-src https: data: static.hotjar.com script.hotjar.com; font-src p-airnz.com fonts.googleapis.com fonts.gstatic.com wf.typesquare.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com data: 'self'; media-src 'self' p-airnz.com video.cdnvue.com ; frame-src 'self' *.google.com nz.fltmaps.com player.youku.com v.qq.com player.vimeo.com www.youtube.com airnz.wufoo.com xd.wayin.com display.engagesciences.com *.demdex.net *.doubleclick.net www.googletagmanager.com *.cdn-pci.optimizely.com vars.hotjar.com nebula-cdn.kampyle.com sec.windcave.com uat.windcave.com www.airnewzealand.co.nz/payment/scripts/done.html oc-cdn-public-oce.azureedge.net blob: airnz-cargo.chooose.today airnz-corporate.chooose.today; connect-src 'self' api.airnz.io api.airnz.ai *.googleapis.com *.google.com *.gstatic.com l.typesquare.com *.demdex.net *.tt.omtrdc.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net adservice.google.com *.optimizely.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com s.swiftypecdn.com search-api.swiftype.com *.kampyle.com https://widget.timatic.iata.org/api/ sec.windcave.com uat.windcave.com yourir.info; object-src 'none'; frame-ancestors 'none'; report-uri /csp-report 1
upgrade-insecure-requests;style-src 'self' 'nonce-XNj0qGuaOUsaW4x';font-src 'self';script-src 'self' 'nonce-XNj0qGuaOUsaW4x' ;connect-src 'self' https://crimew.gay wss://crimew.gay ;media-src 'self';img-src 'self' data: blob:;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self'; 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-c514c9e0cfc64cfe8e9e4aa67ca4da4d' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://*.amplitude.com ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io https://*.amplitude.com;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.portoseguro.com.br https://cinetica.ag https://*.cdninstagram.com https://googleads.g.doubleclick.net *.hotjar.com https://www.googletagmanager.com https://www.google.com.br https://www.youtube.com https://analytics.google.com https://use.typekit.net https://www.googletagmanager.com https://content.hotjar.io https://www.google.com.br http://www.youtube.com https://www.youtube.com https://*.typekit.net https://*.corretoronlinenoticias.com.br https://*.ytimg.com https://*.soundcloud.com https://*.cinetica.digital https://cinetica.digital:40002 wss://ws.hotjar.com https://*.cinetica.ag https://*.gstatic.com https://*.youtube.com https://*.hotjar.com https://*.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://*.googleapis.com https://*.spotify.com https://*.jmvstream.com https://*.google.com https://instagram.fcgh8-1.fna.fbcdn.net https://code.jquery.com; script-src 'self' 'nonce-215edda60ff5f2803045e1d3cb327e3bace2816a' 'unsafe-eval' 'strict-dynamic' https://www.googletagmanager.com https://code.jquery.com *.dynatrace.com  *.hotjar.com https://www.gstatic.com https://analytics.google.com https://www.google.com https://www.google-analytics.com https://w.soundcloud.com; connect-src 'self' https://analytics.google.com https://www.google-analytics.com https://www.google.com.br https://stats.g.doubleclick.net https://www.google.com.br; font-src 'self' data: *.typekit.net  *.gstatic.com 1
frame-ancestors https://stratolaunch.frb.io https://www.stratolaunch.com 1
frame-ancestors 'self' https://swj.format78.de https://vmt.hafas.de 1
default-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com data:; img-src 'self' 'unsafe-inline' mediastream: data: https: 1
frame-ancestors 'self' https://repligen.com https://store.repligen.com; 1
upgrade-insecure-requests; default-src 'none';         img-src 'self' www.nomagic.uk nomagic.uk matomo.nomagic.uk upload.wikimedia.org data:;         script-src 'self' www.nomagic.uk nomagic.uk matomo.nomagic.uk status.nomagic.uk math.draw.io liberapay.com 'unsafe-eval';         object-src 'none';         connect-src 'self' www.nomagic.uk nomagic.uk status.nomagic.uk matomo.nomagic.uk www.draw.io sogo.nomagic.uk;         style-src 'self' www.nomagic.uk nomagic.uk 'unsafe-inline';         frame-src 'self' peertube.nomagic.uk www.arte.tv;         font-src 'self' www.nomagic.uk nomagic.uk 1
default-src 'self' data: gap: https://px.ads.linkedin.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://www.youtube.com/ https://www.google.com https://www.google-analytics.com https://www.youtube.com https://www.youtube-nocookie.com https://youtu.be https://www.gstatic.com/ ajax.googleapis.com https://www.googletagmanager.com cdn.privacytools.com.br https://tagmanager.google.com 'unsafe-eval' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/cappen-sign/dist/cappen-sign/p-45ada26e.system.entry.js https://cdn.jsdelivr.net/npm/cappen-sign/dist/cappen-sign/p-327d649a.system.js https://cdn.jsdelivr.net/npm/cappen-sign/dist/cappen-sign/p-c7b87c72.system.js https://cdn.jsdelivr.net/npm/cappen-sign/dist/cappen-sign/cappen-sign.js https://googleads.g.doubleclick.net https://d335luupugsy2.cloudfront.net https://cdn.jsdelivr.net/npm/cappen-sign/dist/cappen-sign/p-c4b4a299.system.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google.com https://www.gstatic.com/ ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.youtube.com https://youtu.be https://www.youtube-nocookie.com 'unsafe-eval'; img-src 'self' data: https://px4.ads.linkedin.com https://px.ads.linkedin.com https://cdn.jsdelivr.net https://www.google-analytics.com https://unpkg.com https://www.youtube.com https://youtu.be; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com fonts.gstatic.com; frame-src 'self' https://td.doubleclick.net https://www.google.com; 1
frame-ancestors 'self' *.atlassian.net *.vsassets.io *.azure.com *.visualstudio.com chrome-extension://nnddcnfpihodaooabkngahnjimbpoehp 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://woof.group; img-src 'self' https: data: blob: https://woof.group; style-src 'self' https://woof.group 'nonce-8Qb0PAgqSXjVwJhYVSjehQ=='; media-src 'self' https: data: https://woof.group; frame-src 'self' https:; manifest-src 'self' https://woof.group; form-action 'self'; child-src 'self' blob: https://woof.group; worker-src 'self' blob: https://woof.group; connect-src 'self' data: blob: https://woof.group https://files.woof.group wss://woof.group; script-src 'self' https://woof.group 'wasm-unsafe-eval' 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com https://www.onlinebanktours.com/ https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://js.adsrvr.org https://*.go-mpulse.net https://bat.bing.com https://www.clarity.ms https://cdn.lr-ingest.com https://cdn.evgnet.com https://cdn.evergage.com https://farmcreditmidamerica.us-7.evergage.com https://cdn.cookielaw.org https://snap.licdn.com https://s.pinimg.com https://www.google-analytics.com https://i.loopme.me https://action.dstillery.com http://action.dstillery.com https://action.media6degrees.com https://match.adsrvr.org https://ct.pinterest.com http://www.onlinebanktours.com/external/ 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.typekit.net https://www.onlinebanktours.com/ https://cdn.evergage.com https://farmcreditmidamerica.us-7.evergage.com https://cdn.cookielaw.org http://www.onlinebanktours.com/external/ https://www.googletagmanager.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://cdn.oectours.com/ https://www.onlinebanktours.com/ https://*.google-analytics.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://9135826.fls.doubleclick.net https://ade.googlesyndication.com https://www.google.com https://*.akstat.io https://bat.bing.com https://c.clarity.ms https://cdn.evergage.com https://farmcreditmidamerica.us-7.evergage.com https://cdn.cookielaw.org https://c.bing.com https://px.ads.linkedin.com https://ct.pinterest.com https://px4.ads.linkedin.com https://insight.adsrvr.org https://kcc0.com https://tk0x1.com https://match.adsrvr.org/ https://*.adsrvr.org https://pix.cadent.tv https://p.veritone-ce.com https://dpm.demdex.net 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net https://farmcreditmidamerica.us-7.evergage.com https://cdn.cookielaw.org; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.onlinebanktours.com/ https://9135826.fls.doubleclick.net/ https://bid.g.doubleclick.net/ https://*.adsrvr.org/ https://9113559.fls.doubleclick.net/ https://6589934.fls.doubleclick.net/ https://s.amazon-adsystem.com/ http://s.amazon-adsystem.com/ https://ct.pinterest.com/ https://td.doubleclick.net/ https://insight.adsrvr.org https://match.adsrvr.org; connect-src data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com https://www.onlinebanktours.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.akstat.io https://*.go-mpulse.net https://*.clarity.ms https://r.lr-ingest.com https://cdn.evergage.com https://farmcreditmidamerica.us-7.evergage.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://*.akamaihd.net https://analytics.google.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://ct.pinterest.com https://gdpr.loopme.com https://bat.bing.com https://*.adsrvr.org https://www.facebook.com/tr/ 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' data: blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.treasuredata.com js.adsrvr.org   where-to-buy.co *.mapbox.com anyroad-staging.herokuapp.com staging.anyroad.com app.anyroad.com connect.facebook.net vimeo.com cdn.jsdelivr.net *.aviationgin.com *.diageohorizon.com *.diageoplatform.com *.diageoagegate.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.youtube-nocookie.com www.youtube.com *.tagmanager.google.com *.googleapis.com *.doubleclick.net www.google.com *.cloudflare.com *.onetrust.io *.onetrust.com *.vimeo.com; style-src 'self' 'unsafe-inline' *.s3.amazonaws.com cdnjs.cloudflare.com   where-to-buy.co *.mapbox.com *.aviationgin.com *.diageohorizon.com *.diageoplatform.com *.diageoagegate.com netdna.bootstrapcdn.com *.vimeo.com; img-src 'self' data: https: 'unsafe-inline' *.aviationgin.com   where-to-buy.co *.mapbox.com *.vimeo.com www.w3.org *.diageohorizon.com *.diageoplatform.com *.diageoagegate.com netdna.bootstrapcdn.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com netdna.bootstrapcdn.com *.onetrust.io *.onetrust.com cdn-ukwest.onetrust.com www.diageo.com *.cloudfunctions.net; font-src 'self' 'unsafe-inline' *.s3.amazonaws.com   where-to-buy.co *.mapbox.com *.aviationgin.com *.diageohorizon.com *.diageoplatform.com *.diageoagegate.com netdna.bootstrapcdn.com *.onetrust.io *.onetrust.com; connect-src 'self' *.diageohorizon.com   where-to-buy.co *.mapbox.com *.googlesyndication.com stats.g.doubleclick.net *.onetrust.io *.onetrust.com *.google-analytics.com *.google.com *.googletagmanager.com;object-src 'none'; frame-src 'self' insight.adsrvr.org *.anyroad.com   where-to-buy.co *.mapbox.com *.herokuapp.com integrations.anyroad.com *.youtube-nocookie.com www.youtube.com www.facebook.com finder.vtinfo.com *.s3.amazonaws.com aax-eu.amazon-adsystem.com *.fls.doubleclick.net 10027330.fls.doubleclick.net www.google.com *.vimeo.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' * blob: data:; img-src * blob: data:; 1
default-src 'self' eeasy.jp js.eeasy.jp *.googleapis.com *.gstatic.com *.googletagmanager.com pay.veritrans.co.jp *.google-analytics.com *.googleadservices.com connect.facebook.net *.yimg.jp *.yahoo.co.jp *.doubleclick.net *.facebook.com *.google.com *.google.co.jp pagead2.googlesyndication.com *.amazonaws.com *.rollbar.com cdn.jsdelivr.net npmcdn.com data: 'unsafe-inline' 'unsafe-eval' blob: 1
default-src 'self' carnegiegroup.com www.carnegiegroup.com;connect-src 'self' www.google-analytics.com analytics.google.com consent.cookie-script.com sentry.frojd.se stats.g.doubleclick.net www.google.se www.google.dk www.google.no www.google.co.uk www.google.fi *.dynamics.com *.azureedge.net *.microsoft.com widget.datablocks.se hub.mfn.se pagead2.googlesyndication.com www.google.com googleads.g.doubleclick.net;script-src 'self' blob: 'unsafe-inline' cdn.cookie-script.com code.jquery.com www.googletagmanager.com www.google-analytics.com www.youtube.com browser.sentry-cdn.com www.google.com www.gstatic.com connect.facebook.net *.dynamics.com *.azureedge.net *.microsoft.com report.cookie-script.com widget.datablocks.se www.googleadservices.com;style-src 'self' 'unsafe-inline' translate.googleapis.com;frame-src 'self' www.googletagmanager.com w.soundcloud.com vimeo.com player.vimeo.com www.youtube.com www.google.com *.dynamics.com td.doubleclick.net;img-src 'self' www.google.se www.google-analytics.com www.googletagmanager.com i.vimeocdn.com www.google.dk www.google.no www.google.co.uk www.google.fi i.ytimg.com www.facebook.com www.gstatic.com translate.google.com googleads.g.doubleclick.net www.google.com fonts.gstatic.com www.google.com.my carnegiegroup.com www.carnegiegroup.com;frame-ancestors 'self' *.dynamics.com *.azureedge.net *.microsoft.com;report-uri https://sentry.frojd.se/api/65/security/?sentry_key=bcf54e55a7e24345986d60b8a4448fb0; 1
default-src 'self';style-src 'self' 'unsafe-inline'; script-src 'self' https://www.google-analytics.com;img-src 'self' https://www.google-analytics.com; 1
script-src 'unsafe-inline' *.licdn.com connect.facebook.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.hubspot.com *.googlesyndication.com googlesyndication.com *.googletagmanager.com www.googletagmanager.com *.hotjar.com *.cookiebot.com cdn.goodays.co agreeable-meadow-01451ba03.4.azurestaticapps.net kind-grass-0171c3903.4.azurestaticapps.net www.googleadservices.com www.google-analytics.com *.newrelic.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com media.bmn.nl *.media.bmn.nl *.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com cloudinary.com *.cloudinary.com *.vimeo.com *.gstatic.com *.bouwbedrijfkreeft.nl *.esize.nl *.sap.com *.spend.cloud *.acto.nl *.afas.nl *.afasonline.com *.afas.online *.afasinsite.nl 'self' 'unsafe-eval'; style-src www.googletagmanager.com media.bmn.nl *.media.bmn.nl https://fonts.googleapis.com cloudinary.com *.cloudinary.com *.googleapis.com *.gstatic.com *.bouwbedrijfkreeft.nl *.esize.nl *.sap.com *.spend.cloud *.acto.nl *.afas.nl *.afasonline.com *.afas.online *.afasinsite.nl 'self' 'unsafe-inline' cdn.goodays.co https://www.bmn.nl/; connect-src *.hubspot.com *.hscollectedforms.net wss://*.hotjar.com *.hotjar.com *.hotjar.io  *.linkedin.com *.bmn.nl *.doubleclick.net *.googlesyndication.com googlesyndication.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.newrelic.com vimeo.com media.bmn.nl *.media.bmn.nl https://*.google.com https://*.gstatic.com https://*.googleapis.com cloudinary.com *.cloudinary.com *.cookiebot.com t.elasticsuite.io *.google-analytics.com *.bouwbedrijfkreeft.nl *.esize.nl *.sap.com *.spend.cloud *.acto.nl *.afas.nl *.afasonline.com *.afas.online *.afasinsite.nl 'self' 'unsafe-inline'; img-src data: *.hubspot.com *.hsforms.com www.facebook.com *.linkedin.com www.google.nl *.doubleclick.net *.bmn.nl *.cookiebot.com cdn.goodays.co data: *.googlesyndication.com googlesyndication.com www.google-analytics.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.media.bmn.nl https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com cloudinary.com *.cloudinary.com *.bouwbedrijfkreeft.nl *.esize.nl *.sap.com *.spend.cloud *.acto.nl *.afas.nl *.afasonline.com *.afas.online *.afasinsite.nl 'self' 'unsafe-inline'; form-action 'self' bouwmakers.nl *.bouwmakers.nl *.deddo.nl deddo.nl *.bouwbedrijfkreeft.nl *.esize.nl *.sap.com *.spend.cloud *.acto.nl *.afas.nl *.afasonline.com *.afas.online *.afasinsite.nl; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; base-uri 'none'; media-src media.bmn.nl *.media.bmn.nl cloudinary.com *.cloudinary.com 'self' 'unsafe-inline'; child-src 'self'; font-src 'self' fonts.gstatic.com *.hotjar.com data:; frame-src https://*.hotjar.com https://*.cookiebot.com https://agreeable-meadow-01451ba03.4.azurestaticapps.net https://kind-grass-0171c3903.4.azurestaticapps.net https://www.yumpu.com *.google.com *.youtube.com *.youtu.be *.vimeo.com www.googletagmanager.com *.youtube-nocookie.com media.bmn.nl *.media.bmn.nl cloudinary.com *.cloudinary.com *.bouwbedrijfkreeft.nl *.esize.nl *.sap.com *.spend.cloud *.acto.nl *.afas.nl *.afasonline.com *.afas.online *.afasinsite.nl app.goodays.co *.wsi-techniek.nl:* 'self' 'unsafe-inline'; 1
default-src https: blob: wss: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 1
font-src 'self' data: *; img-src 'self' blob: data: secure.gravatar.com *.gstatic.com *.googletagmanager.com *.clarity.ms *.bing.com; default-src * 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src *.gstatic.com *.solidgate.com *.cdn-solidgate.com *.googletagmanager.com *.google.com *.clarity.ms transactions-api.cba-ua.click 'self' 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self';; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.calendly.com https://browser.sentry-cdn.com https://cdn-cookieyes.com https://cdn.getkoala.com https://cdn.outfunnel.com https://connect.facebook.net https://dev.visualwebsiteoptimizer.com https://googleads.g.doubleclick.net https://js.sentry-cdn.com https://snap.licdn.com https://www.clarity.ms https://www.google.com/recaptcha/api.js https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://yoast.com; style-src 'self' 'unsafe-inline' https://assets.calendly.com; connect-src 'self' https://api.getkoala.com https://cdn-cookieyes.com https://dev.visualwebsiteoptimizer.com https://log.cookieyes.com https://my.yoast.com https://o.clarity.ms https://*.ingest.us.sentry.io https://px.ads.linkedin.com https://*.analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://yoast.com wss://api.getkoala.com; font-src 'self' data:; frame-src 'self' https://calendly.com https://td.doubleclick.net https://www.figma.com https://www.google.com https://www.youtube.com blob:; img-src 'self' data: https://assets.calendly.com https://c.bing.com https://c.clarity.ms https://cdn-cookieyes.com https://dev.visualwebsiteoptimizer.com https://googleads.g.doubleclick.net https://i.ytimg.com https://ps.w.org https://px.ads.linkedin.com https://secure.gravatar.com https://wt.outfunnel.com https://www.facebook.com https://www.google.com https://www.google.de https://www.googletagmanager.com https://yoa.st; worker-src 'self' blob:; 1
frame-ancestors https://demoshop.hepster-services.com 1
frame-ancestors https://*.vgn.at https://*.tv-media.at https://*.news.at https://*.trend.at https://*.woman.at https://*.yachtrevue.at https://*.gusto.at https://autorevue.at https://*.autorevue.at; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' online.flipbuilder.com hitouchbusinessservices.com www.hitouchbusinessservices.com www.google.co.in https://s.company-target.com *.imiclk.com data: https:; 1
default-src 'self' 'unsafe-inline' bennettjones.com *.googleapis.com *.google.com *.google-analytics.com *.vimeocdn.com *.vimeo.com *.linkedin.com *.typekit.net maxcdn.bootstrapcdn.com *.addthis.com *.vuturevx.com *.bennettjones.com *.akamaihd.net *.gstatic.com *.sitecore.net *.highcharts.com code.highcharts.com *.cbc.ca *.9c9media.com *.googletagmanager.com *.siteimprove.net *.siteimprove.com unpkg.com *.ampproject.org siteimproveanalytics.com siteimproveanalytics.io *.siteimproveanalytics.io *.api.cnn.io *.youtube.com *.brightcove.net *.tvo.org *.oktopost.com okt.to api.brightedge.com *.b0e8.com *.bc0a.com www.convergepay.com px.ads.linkedin.com cdn.linkedin.oribi.io snap.licdn.com use.typekit.net *.adsymptotic.com cdn.jsdelivr.net cdnjs.cloudflare.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' bennettjones.com *.googleapis.com *.google.com *.google-analytics.com *.vimeocdn.com *.vimeo.com *.linkedin.com *.typekit.net maxcdn.bootstrapcdn.com *.addthis.com *.vuturevx.com *.bennettjones.com *.akamaihd.net *.gstatic.com *.sitecore.net *.highcharts.com code.highcharts.com *.cbc.ca *.9c9media.com *.googletagmanager.com *.siteimprove.net *.siteimprove.com unpkg.com *.ampproject.org siteimproveanalytics.com siteimproveanalytics.io *.siteimproveanalytics.io *.api.cnn.io *.youtube.com *.brightcove.net *.tvo.org *.oktopost.com okt.to api.brightedge.com *.b0e8.com *.bc0a.com www.convergepay.com px.ads.linkedin.com cdn.linkedin.oribi.io snap.licdn.com use.typekit.net *.adsymptotic.com cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; font-src 'self' data: bennettjones.com *.typekit.net cdnjs.cloudflare.com *.gstatic.com; frame-src 'self' 'unsafe-eval' *.sitecore.com *.sitecore.net *.vimeo.com *.vuturevx.com; img-src 'self' data: bennettjones.com *.linkedin.com *.siteimproveanalytics.io 1
frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com; object-src 'none'; base-uri 'none' 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self'  https://*.house.gov; form-action 'self' https://*.house.gov https://congress.gov https://www.congress.gov https://www.google.com https://vekeo.com https://republicanwhip.us21.list-manage.com;  font-src 'self' https://fonts.gstatic.com https://use.typekit.net https://js.arcgis.com https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://use.fontawesome.com https://www.google.com https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://maps.google.com https://cse.google.com https://ajax.googleapis.com https://maps.googleapis.com https://video.teleforumonline.com https://platform.twitter.com https://widgets.twimg.com https://cdn.syndication.twimg.com https://static.sk.facebook.com https://connect.facebook.net https://www.instagram.com/embed.js https://js.arcgis.com https://video.foxbusiness.com https://rumble.com https://code.jquery.com https://platform-api.sharethis.com https://ws.sharethis.com https://s7.addthis.com https://s3.amazonaws.com;  object-src 'none';; upgrade-insecure-requests 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; object-src 'none' 1
default-src 'self'; connect-src *; frame-src *; font-src * data:; media-src *; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'none'; script-src 'self' https://analytics.benkel.org; style-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.benkel.org; font-src 'self'; frame-src 'self'; img-src 'self' https://analytics.benkel.org; manifest-src 'self'; media-src 'self'; form-action 'self'; frame-ancestors 'self'; 1
worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.cookielaw.org *.adsrvr.org pghub.io *.google.com www.gstatic.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.flashtalking.com *.pghub.io *.adsrvr.org consumersupport.pg.com pandg.tapad.com ; img-src 'self' data: *.ctfassets.net *.tapad.com *.cookielaw.org feed.pghub.io ; default-src 'none' feed.pghub.io pandg.tapad.com ; connect-src 'self' *.cookielaw.org *.google-analytics.com *.contentful.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://catcatnya.com; img-src 'self' data: blob: https://catcatnya.com https://cdn.catcatnya.com; style-src 'self' https://catcatnya.com 'nonce-j2oaH0zFfRJj+AhLj7uW2g=='; media-src 'self' data: https://catcatnya.com https://cdn.catcatnya.com; frame-src 'self' https:; manifest-src 'self' https://catcatnya.com; form-action 'self'; child-src 'self' blob: https://catcatnya.com; worker-src 'self' blob: https://catcatnya.com; connect-src 'self' data: blob: https://catcatnya.com https://cdn.catcatnya.com wss://catcatnya.com; script-src 'self' https://catcatnya.com 'wasm-unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://catswords.social; img-src 'self' https: data: blob: https://catswords.social; style-src 'self' https://catswords.social 'nonce-BCWYdRVNSjqCa5ZVfSe/LA=='; media-src 'self' https: data: https://catswords.social; frame-src 'self' https:; manifest-src 'self' https://catswords.social; form-action 'self'; child-src 'self' blob: https://catswords.social; worker-src 'self' blob: https://catswords.social; connect-src 'self' data: blob: https://catswords.social https://files.example.com wss://catswords.social; script-src 'self' https://catswords.social 'wasm-unsafe-eval' 1
default-src 'self' https://*.ddyun.com https://*.ddyun123.com http://*.ddyun.com http://*.ddyun123.com https://*.meiqia.com 'unsafe-inline';connect-src 'self' https://*.meiqia.com wss://*.meiqia.com https://*.baidu.com;script-src 'unsafe-eval' 'unsafe-inline' https://*.meiqia.com https://*.bdstatic.com https://*.ddyun.com https://*.ddyun123.com http://*.ddyun.com http://*.ddyun123.com https://*.baidu.com http://*.baidu.com;img-src 'self' https://aqyzmedia.yunaq.com https://*.baidu.com https://*.ddyun.com https://*.ddyun123.com http://*.ddyun.com http://*.ddyun123.com https://*.meiqiausercontent.com https://*.meiqia.com data: base64;font-src https://at.alicdn.com;form-action 'self';base-uri 'self';object-src 'none';frame-ancestors https://*.ddyun.com https://*.ddyun123.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://epicure.social; img-src 'self' https: data: blob: https://epicure.social; style-src 'self' https://epicure.social 'nonce-H+WO9ZL/KIPf7KMcV7iddg=='; media-src 'self' https: data: https://epicure.social; frame-src 'self' https:; manifest-src 'self' https://epicure.social; form-action 'self'; child-src 'self' blob: https://epicure.social; worker-src 'self' blob: https://epicure.social; connect-src 'self' data: blob: https://epicure.social https://files.epicure.social wss://epicure.social; script-src 'self' https://epicure.social 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com www.gstatic.com www.google.com cdnjs.cloudflare.com cdn.jsdelivr.net google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: use.fontawesome.com cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: www.google.com.br s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com www.googletagmanager.com; connect-src 'self' api.rankmath.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com; font-src 'self' data: use.typekit.net use.fontawesome.com data: fonts.gstatic.com fonts.googleapis.com; frame-src 'self' www.google.com www.youtube.com www.googletagmanager.com; child-src 'self' www.googletagmanager.com; worker-src 'self' ; upgrade-insecure-requests; block-all-mixed-content; report-uri https://fastquest.net?gdsih-csp-report; 1
referrer always; 1
object-src 'none';base-uri 'self';script-src 'nonce-JY_0gMSdfOMz_9AWAU9J9Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net ipfs.io; frame-ancestors 'self'; child-src 'self' blob: ; font-src 'self' 'unsafe-inline' data: use.fontawesome.com fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com  ; img-src 'self' data: blob: forms.hsforms.com track.hubspot.com chart.apis.google.com hextrust.com s3.amazonaws.com lh3.googleusercontent.com hex-asset-icon.hextech.io storage.opensea.io img.seadn.io i.seadn.io openseauserdata.com ipfs.io ; connect-src 'self' hextrust.perimeter81.com js.hs-banner.com forms.hubspot.com api.hubspot.com zkw.hexsafe.io:8065 wss://hexsafe.io; script-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net js.usemessages.com js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com js-na1.hs-scripts.com; worker-src 'self' blob: ; script-src 'self'  'unsafe-inline' 'unsafe-eval'; frame-src * data: blob:  ; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://assets.infosec.space; img-src 'self' data: blob: https://assets.infosec.space https://media.infosec.space; style-src 'self' https://assets.infosec.space 'nonce-LM9xvWXaYRQRMIum1tuy2A=='; media-src 'self' data: https://assets.infosec.space https://media.infosec.space; frame-src 'self' https:; manifest-src 'self' https://assets.infosec.space; form-action 'self'; child-src 'self' blob: https://assets.infosec.space; worker-src 'self' blob: https://assets.infosec.space; connect-src 'self' data: blob: https://assets.infosec.space https://media.infosec.space wss://streaming.infosec.space; script-src 'self' https://assets.infosec.space 'wasm-unsafe-eval' 1
default-src 'none'; style-src 'self'; img-src 'self'; media-src 'self'; base-uri 'none'; script-src 'none'; frame-ancestors 'none'; form-action 'none'; sandbox allow-forms allow-orientation-lock allow-pointer-lock allow-presentation allow-scripts allow-same-origin; 1
default-src 'self'; img-src 'self' data: blob: https://pbs.twimg.com https://jbuk-media.s3-eu-west-1.amazonaws.com https://jbuk-media-dev.s3-eu-west-1.amazonaws.com https://secure.gravatar.com https://graph.facebook.com *.fbcdn.net https://*.cdninstagram.com https://*.4sqi.net https://upload.wikimedia.org https://mastodon.thebeeches.house https://cdn.bsky.app; frame-src 'self' blob: https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-to csp-endpoint; report-uri https://jonnybarnes.report-uri.io/r/default/csp/enforce; 1
frame-ancestors *.kizeoforms.com *.kizeo.dev *.kizeo.com 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline'; frame-ancestors 'none'; object-src 'none' 1
default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 1
default-src 'self' https://limbachgruppe.ftapi.com https://*.laborpublisher.de https://api.newsletter2go.com https://piwik.limbachgruppe.com https://maps.googleapis.com https://cmill.de https://www.cmill.de https://prime-psf.2b-advice.com; script-src 'self' 'unsafe-eval' https://limbachgruppe.ftapi.com https://*.laborpublisher.de https://*.app.laborpublisher.staging.lfda.de https://static.newsletter2go.com https://piwik.limbachgruppe.com https://maps.googleapis.com https://cdn1.jameda-elements.de https://lv.limbachgruppe-test.com https://2badvice-cdn.azureedge.net https://prime-psf.2b-advice.com 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://lv.limbachgruppe-test.com https://2badvice-cdn.azureedge.net; frame-ancestors 'self' *.stage.ueberbit.de *.prev.ueberbit.de; frame-src 'self' *.stage.ueberbit.de *.prev.ueberbit.de https://piwik.limbachgruppe.com https://www.youtube-nocookie.com https://youtube.com https://player.vimeo.com https://vimeo.com https://cmill.de https://www.cmill.de https://mtu.adsystemhaus.com https://termin.samedi.de/ https://lv.dialoglabor.de/; font-src 'self' data: https://limbachgruppe.ftapi.com https://fonts.gstatic.com https://lv.limbachgruppe-test.com; 1
frame-ancestors 'self' https://*.veniocrm.com https://*.empeo.com https://*.myempeo.com https://*.gofive.co.th https://*.etaxgo.com https://*.tks.co.th; upgrade-insecure-requests; block-all-mixed-content; 1
form-action 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';frame-src 'self';iframe-src 'self';child-src 'self';report-uri /Error/ContentSecurity 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  blob:; img-src 'self' data:;worker-src blob:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://pubeurope.com; img-src 'self' https: data: blob: https://pubeurope.com; style-src 'self' https://pubeurope.com 'nonce-ZTV5IQgJFO+MtzYk9ceu8w=='; media-src 'self' https: data: https://pubeurope.com; frame-src 'self' https:; manifest-src 'self' https://pubeurope.com; form-action 'self'; connect-src 'self' data: blob: https://pubeurope.com https://media.pubeurope.com wss://pubeurope.com; script-src 'self' https://pubeurope.com 'wasm-unsafe-eval'; child-src 'self' blob: https://pubeurope.com; worker-src 'self' blob: https://pubeurope.com 1
default-src 'self' speedtest.avantiplc.com;img-src 'self';script-src 'self' code.highcharts.com 'unsafe-inline';style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.gstatic.com;report-uri /csp-report; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.iconnode.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.securitastechnology.com *.clarity.ms lxp-pr-cac-cdnve.azureedge.net *.lexop.com *.segment.com *.segment.io *.fontawesome.com *.wistia.net *.windows.net www.stanleysecuritysolutions.com *.adroll.mgr.consensu.org *.subscribers.com *.6sc.co *.adroll.com *.omappapi.com *.callrail.com *.police.uk *.stanleysecurity.com *.stanleycss.com *.pardot.com *.wistia.com *.google.com *.google.fr *.google.be *.google.nl *.google-analytics.com *.googleapis.com *.formstack.com *.jsdelivr.net *.addtoany.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.bing.com *.go-mpulse.net *.akamaihd.com *.akamaihd.net *.janraincapture.com *.rpxnow.com *.nr-data.net *.newrelic.com *.marketo.net *.marketo.com *.youtube.com *.ytimg.com *.onetrust.com *.cookielaw.org *.drift.com *.driftt.com *.reevoo.com *.pricespider.com *.cloudfront.net *.mapbox.com *.hotjar.com *.doubleclick.net *.linkedin.com *.licdn.com *.ads.linkedin.com *.facebook.net *.facebook.com rpxnow.com *.googleoptimize.com resource://pdf.js app-ab06.marketo.com resources.securitastechnology.com content.securitastechnology.com cdn.jsdelivr.net cdnjs.cloudflare.com d8ejoa1fys2rk.cloudfront.net maps.googleapis.com polyfill.io unpkg.com www.google.com *.googleapis.com *.adnxs.com *.mktoweb.com *.visualwebsiteoptimizer.com *.iconnode.com  *.demandbase.com; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' lxp-pr-cac-cdnve.azureedge.net *.lexop.com *.fontawesome.com *.wistia.net *.windows.net *.google.com *.google.nl *.google.fr *.police.uk *.google.be *.cloudflare.com *.formstack.com *.jsdelivr.net *.marketo.net *.marketo.com resources.securitastechnology.com content.securitastechnology.com  *.google-analytics.com *.googleapis.com *.reevoo.com *.pricespider.com *.cloudfront.net in.hotjar.com *.mapbox.com *.typekit.net p.typekit.net *.googletagmanager.com *.mktoweb.com; img-src 'self' data: blob: *.clarity.ms lxp-pr-cac-cdnve.azureedge.net *.lexop.com *.fontawesome.com *.wistia.net *.windows.net *.google.com *.google.ae *.police.uk *.adroll.com *.subscribers.com *.6sc.co *.wistia.com *.cookielaw.org *.google.nl *.google.be *.google.fr *.jsdelivr.net s3.amazonaws.com *.formstack.com *.googleusercontent.com *.google.com.ua *.facebook.com *.facebook.net *.ads.linkedin.com *.adsymptotic.com *.google-analytics.com *.linkedin.com *.googleapis.com *.google.co.in *.googletagmanager.com *.gstatic.com *.ggpht.com *.akamaihd.net *.google.by *.ytimg.com *.reevoo.com *.pricespider.com *.cloudfront.net *.doubleclick.net *.bing.com *.hotjar.com *.marketo.com resources.securitastechnology.com content.securitastechnology.com  *.google.am *.google.co.uk *.google.ca *.securitastechnology.com *.mktoweb.com *.nr-data.net *.visualwebsiteoptimizer.com *.stanleysecurity.com id.rlcdn.com *.company-target.com *.demandbase.com; media-src 'self' data: blob: *.fontawesome.com *.wistia.net *.windows.net *.driftqa.com *.driftt.com *.googletagmanager.com *.wistia.com *.stanleysecurity.com; frame-src 'self' *.google.com *.stanleysecurity.co.uk stanleyblackanddecker.ent.box.com *.police.uk *.twitter.com *.stanleysecurity.com *.stanleycss.com www.google.nl www.google.fr www.google.be *.marketo.net *.stanleyhealthcare.com *.stanleyaccess.com *.wistia.com *.wistia.net *.marketo.com resources.securitastechnology.com content.securitastechnology.com  *.doubleclick.net *.facebook.com *.facebook.net *.googletagmanager.com *.hotjar.com *.janraincapture.com *.youtube.com *.drift.com *.driftt.com *.drift.click *.reevoo.com *.pricespider.com *.reachmee.com *.stanleysecurity.fr *.mktoweb.com *.securitastechnology.com *.company-target.com *.visualwebsiteoptimizer.com; frame-ancestors 'self' *.clarity.ms lxp-pr-cac-cdnve.azureedge.net *.lexop.com *.fontawesome.com *.wistia.net *.windows.net *.google.com *.google.ae *.police.uk *.adroll.com *.subscribers.com *.6sc.co *.wistia.com *.cookielaw.org *.google.nl *.google.be *.google.fr *.jsdelivr.net s3.amazonaws.com *.formstack.com *.googleusercontent.com *.google.com.ua *.facebook.com *.facebook.net *.ads.linkedin.com *.adsymptotic.com *.google-analytics.com *.linkedin.com *.googleapis.com *.google.co.in *.googletagmanager.com *.gstatic.com *.ggpht.com *.akamaihd.net *.google.by *.ytimg.com *.reevoo.com *.pricespider.com *.cloudfront.net *.bing.com *.hotjar.com *.stanleysecurity.com *.stanleycss.com *.securitastechnology.com securitastechnology.com; child-src 'self' *.fontawesome.com *.wistia.net *.windows.net *.pardot.com *.stanleycss.com *.googletagmanager.com; worker-src 'self' data: blob: *.securitastechnology.com; font-src 'self' data: *.fontawesome.com *.wistia.net *.windows.net *.cloudflare.com *.formstack.com *.jsdelivr.net *.googleapis.com *.googleusercontent.com *.gstatic.com *.typekit.net *.hotjar.com d8ejoa1fys2rk.cloudfront.net/5.0.5/includes/fonts/ *.googletagmanager.com *.wistia.com; connect-src 'self' *.akamaihd.net *.segmentapis.com *.clarity.ms *.segment.io *.segment.com *.fontawesome.com *.wistia.net *.windows.net *.doubleclick.net *.6sense.com *.litix.io *.police.uk *.ip-api.com *.6sc.co *.adnxs.com *.subscribers.com *.wistia.com *.callrail.com *.google.com www.google.nl www.google.fr www.google.be *.facebook.com *.facebook.net wss://*.hotjar.com *.driftcdn.com *.googleapis.com *.google-analytics.com *.mktoresp.com *.bing.com *.googlevideo.com *.hotjar.com *.hotjar.io *.nr-data.net *.onetrust.com *.cookielaw.org wss://*.driftt.com *.reevoo.com *.mapbox.com d8ejoa1fys2rk.cloudfront.net/5.0.5/modules/compactview/i18n/en.json *.bynder.cloud p11.techlab-cdn.com cdn.linkedin.oribi.io *.googletagmanager.com *.oribi.io *.securitas.com *.mktoutil.com *.securitastechnology.com *.googleadservices.com googleadservices.com *.googlesyndication.com *.visualwebsiteoptimizer.com *.iconnode.com *.company-target.com *.demandbase.com *.linkedin.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://ajax.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://example.com; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self'; frame-src 'self'; object-src 'none'; form-action 'self'; upgrade-insecure-requests; 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-ODFkNWFkMDdlOWY3NTZmYw=='; block-all-mixed-content; upgrade-insecure-requests 1
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src * data:; media-src 'self';object-src 'none'; base-uri 'self';frame-ancestors 'self' https://www.jobs-im-allgaeu.de;form-action 'self' https://*.tq-group.com https://*.facebook.com; 1
default-src https: data: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.arcgis.com localhost *.embedly.com *.youtube.com *.ytimg.com *.twitter.com *.twimg.com *.googletagmanager.com *.google-analytics.com *.github.com *.adobedtm.com https://cdn.jsdelivr.net/npm/@arcgis/ geoip.esri.com securetags.esri.com core.spreedly.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://storymaps.statuspage.io/embed/script.js *.adobedtm.com *.cookielaw.org *.doubleclick.net *.everestjs.net *.onetrust.com;style-src 'self' 'unsafe-inline' *.arcgis.com *.embedly.com *.twitter.com *.githubassets.com fonts.googleapis.com https://cdn.jsdelivr.net/npm/@arcgis/;img-src https: data: blob: 'self';frame-ancestors 'none';upgrade-insecure-requests;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none' 1
default-src https: ; connect-src https: 'self' wss://nexus-websocket-a.intercom.io; img-src data: https: 'self' ; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' ; style-src https: 'self' 'unsafe-inline' ; font-src data: https: 'self'; worker-src blob:; 1
font-src *.googleapis.com *.gstatic.com *.klarnacdn.net *.cloudfront.net *.klarna.com *.zdassets.com *.mekonomen.se *.mekonomen.no *.firebase.com *.zendesk.com mekonomen.customer.eclub.se *.myvisitors.se *.triggerbee.com google-analytics.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mekonomen.se *.mekonomen.no *.facebook.com mekonomen.customer.eclub.se 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com *.mekonomen.se *.mekonomen.no *.facebook.com *.google.com *.castrol.com *.lubricantadvisor.com *.mobil1.se *.zendesk.com *.thule.com *.doubleclick.net *.hotjar.com mekonomen.boost.ai *.promeisterportal.com *.googletagmanager.com *.google-analytics.com mekonomen-booking.promeisterportal.com code.jquery.com *.googleapis.com mekonomen.customer.eclub.se c2m.c2management.se *.reco.se mekonomenno.customer.eclub.se *.resurs.com *.signicat.com *.promeister.com staging-booking.promeister.com *.jobylon.com *.redeal.se 'self' 'unsafe-inline'; img-src *.adobedtm.com *.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.swagger.com *.googleapis.com *.gstatic.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.mekonomen.se *.mekonomen.no cdn.cookielaw.org *.google.com *.google.co.in *.ytimg.com *.redchamps.com *.cloudfront.net *.firebase.com *.zendesk.com *.adnxs.com *.mookie1.com *.googletagmanager.com *.facebook.net *.google-analytics.com mekonomen.customer.eclub.se *.magentocommerce.com *.demdex.net *.googleadservices.com *.paypalobjects.com *.paypal.com *.sandbox.paypal.com *.bing.com *.doubleclick.net *.facebook.com *.jobylon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com *.klarnacdn.net *.klarnaservices.com s7.addthis.com *.googletagmanager.com *.google-analytics.com *.stats.g.doubleclick.net *.mekonomen.se *.mekonomen.no *.bing.com *.google.com *.adtraction.com *.adnxs.com *.firebase.com *.zdassets.com *.zopim.com *.cloudfront.net *.zendesk.com *.criteo.net *.criteo.com *.hotjar.com mekonomen.boost.ai *.mookie1.com *.promeisterportal.com code.jquery.com google-analytics.com *.googleadservices.com *.facebook.com *.facebook.net cdn.cookielaw.org *.onetrust.com mekonomen.customer.eclub.se *.authorize.net *.braintreegateway.com *.cardinalcommerce.com *.ccdc02.com *.dnky.co *.dotdigital.com *.addthis.com *.doubleclick.net *.myvisitors.se *.triggerbee.com *.dep-x.com *.jobylon.com *.redeal.se 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net *.mekonomen.se *.mekonomen.no *.cloudfront.net *.klarna.com *.zdassets.com *.firebase.com *.zendesk.com *.google.com *.googleapis.com *.googletagmanager.com mekonomen.customer.eclub.se 'self' 'unsafe-inline'; object-src *.mekonomen.se *.mekonomen.no *.cloudfront.net *.zendesk.com code.jquery.com *.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com *.mekonomen.se *.mekonomen.no *.klarna.com *.cloudfront.net *.zendesk.com *.zdassets.com *.zopim.com *.googleapis.com *.myvisitors.se *.triggerbee.com *.google-analytics.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com ekr.zdassets.com/ *.algolia.io *.googletagmanager.com *.google-analytics.com *.stats.g.doubleclick.net *.mekonomen.se *.mekonomen.no *.facebook.com *.google.com *.doubleclick.net *.zopim.com *.zdassets.com *.zendesk.com *.cloudfront.net *.youtube.com *.firebase.com *.hotjar.com mekonomen.boost.ai *.getsentry.com *.promeisterportal.com code.jquery.com cdn.cookielaw.org *.onetrust.com webborder-test.mekonline.com webborder.mekonline.com *.redeal.se 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: https://www.google.com https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com https://mc.yandex.ru https://translate.yandex.net https://yastatic.net/ https://api.ssllabs.com https://hstspreload.org https://http-observatory.security.mozilla.org https://securityheaders.com https://sshscan.rubidus.com https://tls.imirhil.fr https://tls-observatory.services.mozilla.com https://www.immuniweb.com https://ya.ru/ https://bitrix.info https://analytics.bitrix.info/ https://*.roistat.com/ https://crm.e-m-l.ru https://www.1c-bitrix.ru/ https://yoomoney.ru/ https://crm.e-m-l.ru wss://crm.e-m-l.ru https://yandex.ru/ https://e-m-l.ru https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://*.gstatic.com:* https://*.googleapis.com https://yastatic.net https://mc.yandex.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://translate.yandex.net https://bitrix.info https://api-maps.yandex.ru https://*.roistat.com https://crm.e-m-l.ru https://emlru.webim.ru wss://crm.e-m-l.ru https://e-m-l.ru https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; style-src 'self' 'unsafe-inline' https://www.google-analytics.com https://maps.google.com https://*.gstatic.com:* https://*.googleapis.com https://code.jivosite.com https://mc.yandex.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.voximplant.com https://crm.e-m-l.ru wss://crm.e-m-l.ru https://e-m-l.ru https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; img-src 'self' data: https://mc.yandex.ru:* https://*.googleapis.com https://*.gstatic.com:* https://www.google-analytics.com https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net https://mc.yandex.com https://emlru.webim.ru https://crm.e-m-l.ru wss://crm.e-m-l.ru https://emlru.webim2.ru https://e-m-l.ru blob: https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; font-src 'self' https://*.gstatic.com:* https://emlru.webim.ru:* https://e-m-l.ru https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; connect-src 'self' https://mc.yandex.com https://translate.yandex.net https://ya.ru https://mc.yandex.ru https://www.google-analytics.com https://crm.e-m-l.ru wss://crm.e-m-l.ru https://e-m-l.ru https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; 1
default-src 'self'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' data: https://storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*.google.com 1
default-src 'self' challenges.cloudflare.com  *.neighbourly.com *.twitter.com *.vimeo.com *.youtube.com *.google-analytics.com cdn.matomo.cloud  neighbourly.matomo.cloud; frame-src 'self' challenges.cloudflare.com  *.microsoftonline.com *.powerbi.com  *.youtube-nocookie.com *.youtube.com *.vimeo.com *.stripe.com *.twitter.com; connect-src 'self'  px.ads.linkedin.com challenges.cloudflare.com  *.neighbourly.com forms.hubspot.comdisabled forms.hsforms.comdisabled maps.googleapis.com googleapis.com js.hsforms.net nbrlyprod.streaming.mediaservices.windows.net *.mapbox.com *.google-analytics.com cdn.matomo.cloud  neighbourly.matomo.cloud;media-src blob: nbrlyprodmedia.blob.core.windows.net nbrlyprod.streaming.mediaservices.windows.net *.neighbourly.com *.youtube.com *.vimeo.com; img-src 'self'  px.ads.linkedin.com challenges.cloudflare.com  data: *.mapbox.com track.hubspot.com forms.hsforms.comdisabled nbrlyprodmedia.blob.core.windows.net maps.gstatic.com *.neighbourly.com *.stripe.com; script-src 'self' snap.licdn.com challenges.cloudflare.com  *.neighbourly.com 'unsafe-eval' *.googleapis.com googleapis.com js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.netdisabled js.hsadspixel.netdisabled js-na1.hs-scripts.com *.twitter.com *.vimeo.com *.youtube.com *.google-analytics.com cdn.matomo.cloud  neighbourly.matomo.cloud *.mapbox.com *.stripe.com; style-src 'self' challenges.cloudflare.com  *.neighbourly.com 'unsafe-inline'; report-uri https://nbrly-prod-fn-schedules-v2.azurewebsites.net/api/log?code=CSrelvJVFKZtDoUcrgbyKhMKm4DBBPpJcdaR8h1wZP/5zjHodNdgeQ== 1
frame-ancestors 'self' http://www.rslcontent.co.uk https://travelinescotland.com https://www.travelinescotland.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://rollenspiel.social; img-src 'self' https: data: blob: https://rollenspiel.social; style-src 'self' https://rollenspiel.social 'nonce-lImC8++znxZqZ+FJUOa/kA=='; media-src 'self' https: data: https://rollenspiel.social; frame-src 'self' https:; manifest-src 'self' https://rollenspiel.social; form-action 'self'; child-src 'self' blob: https://rollenspiel.social; worker-src 'self' blob: https://rollenspiel.social; connect-src 'self' data: blob: https://rollenspiel.social https://files.example.com wss://rollenspiel.social; script-src 'self' https://rollenspiel.social 'wasm-unsafe-eval' 1
frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 1
default-src https: 'unsafe-inline'; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; font-src https: data: 1
font-src *.klarnacdn.net *.fontawesome.com *.mut.de *.gstatic.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com *.typekit.net *.twimg.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cleverreach.com *.mut.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com https://www.googletagmanager.com/ *.cloudflare.com *.mut.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.sovendus-benefits.com/ *.sovendus-connect.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.cloudfront.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnaevt.com *.klarnacdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cloudflare.com *.mut.de *.cloudflare.net *.koongo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.paypal.com https://widgets.trustedshops.com https://integrations.etrusted.com *.googleadservices.com *.twimg.com *.ytimg.com *.usercentrics.eu *.bing.com *.google.com *.google.com.vn *.google.com.de data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.googleapis.com *.gstatic.com jquery.sellxed.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnacdn.net *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.cloudflare.com *.mut.de js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://widgets.trustedshops.com https://integrations.etrusted.com *.usercentrics.eu *.fontawesome.com *.bing.com *.googlesyndication.com *.sovendus.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net *.fontawesome.com *.cloudflare.com *.mut.de cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/darkula.min.css unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com *.twimg.com *.typekit.net *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.cloudflare.com *.mut.de *.koongo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com *.trustedshops.com *.etrusted.com *.twimg.com *.usercentrics.eu www.google.com googleads.g.doubleclick.net *.googlesyndication.com *.sovendus.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.mut.de/; report-to report-endpoint; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.hsforms.net *.hubspot.com *.hsforms.com qcms.qisda.com www.youtube.com www.googletagmanager.com www.google-analytics.com analytics.google.com www.google.com.tw fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net i.ytimg.com cse.google.com www.google.com www.googleapis.com clients1.google.com partner.googleadservices.com csp.withgoogle.com; 1
frame-ancestors 'self' https://app.code2order.com https://app.straiv.io; 1
frame-ancestors 'self' *.blogsdeportivos.es api.blogsdeportivos.es 1
frame-ancestors 'self'; report-uri https://csp-reports.apis.cuf.pt/_csp 1
script-src https http: 'unsafe-inline' 'unsafe-eval' ; style-src https http: 'unsafe-inline'; media-src https http: 'unsafe-inline'; img-src https http: 'unsafe-eval' data: blob:; font-src https http: data: 'unsafe-inline'; connect-src https http: 'unsafe-inline' ; frame-src https http: 'unsafe-inline'; worker-src 'self' blob: ; 1
default-src 'self' oaktrading.com *.oaktrading.com *.admis.com *.admisi.com ws://*.oaktrading.com; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.signalize.com https://static.b-ite.com https://cs-assets.b-ite.com https://www.deutsches-ausschreibungsblatt.de https://maps.niederrhein-tourismus.de https://code.jquery.com cdn.jsdelivr.net code.etracker.com f1-eu.readspeaker.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://rebilly.github.io platform.instagram.com platform.twitter.com www.etracker.de; style-src 'self' 'unsafe-inline' https://static.b-ite.com https://cdnjs.cloudflare.com f1-eu.readspeaker.com 1
default-src 'self';connect-src *;  font-src 'self' * data:; img-src * data:; media-src *; script-src * https://*.evalbox.com https://*.evalbox.fr  https://*.vimeo.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *;frame-src 'self' https://*.evalbox.com https://*.evalbox.fr  https://*.vimeo.com 1
img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.funcao.com.br *.google.com *.gstatic.com *.googleapis.com *.ggpht.com *.googletagmanager.com *.google-analytics.com *.azurewebsites.net ; 1
frame-src 'self' blob: *; 1
frame-ancestors 'self' maurosergio.com maurosergiotejidos.com.ar maurosergioshop.com.ar textilana.com.ar; 1
frame-ancestors 'self' https://*.outlookmovie.com; upgrade-insecure-requests; 1
frame-ancestors 'self' http://www.spillespill.no 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src 'self' 'unsafe-inline' data:; img-src 'self' blob: data:; media-src 'self'; frame-src 'self' https://www.youtube-nocookie.com; font-src 'self'; connect-src 'self' https://sentry.io 1
frame-ancestors 'self' https://www.visitdenmark.dk https://*.www.visitdenmark.dk https://api.www.www.visitdenmark.dk 1
script-src 'unsafe-eval' 'self' wss://*.zopim.com *.criteo.net *.addthisedge.com bat.bing.com *.clarity.ms  *.ads-twitter.com  *.infogram.com *.adnxs.com *.optimalworkshop.com *.youtube-nocookie.com *.botrecruiter.com  *.audioboom.com  secure-ds.serving-sys.com  secure.adnxs.com  *.acsbapp.com  acsbap.com  *.appcast.io *.bizographics.com *.bootstrapcdn.com *.bootstrapcdn.com *.browser-update.org *.cloudflare.com *.cloudfront.net *.cloudinary.com *.criteo.com *.eggplant.cloud *.fontawesome.com *.google.co.uk *.google.ie *.googleadservices.com *.indeed.com *.ionicframework.com *.jquery.com *.jsdelivr.net *.moatads.com *.npmcdn.com *.plyr.io *.recaptcha.net *.scorecardresearch.com *.serving-sys.com *.sndcdn.com *.unpkg.com *.vimeocdn.com *.ytimg.com *.zencdn.net *.zendesk.com *.hays.ie *.moatads.com *.sndcdn.com  *.d3fw5vlhllyvee.cloudfront.net *.criteo.com *.outbrain.com *.licdn.com *.doubleclick.net acsbapp.com *.accesstrade.net *.googleadservices.com consent-or.trustarc.com *.taboola.com web-material3.yokogawa view.ceros.com *.quantcount.com *.quantserve.com *.addthis.com *.adscience.nl *.akamaized.net *.bit.ly *.crazyegg.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.graph.instagram.com *.gstatic.com *.hays.co.uk *.hays.com *.hotjar.* *.hotjar.com *.igodigital.com *.instagram.fbom5-1.fna.fbcdn.net *.linkedin.com *.nccgroup-webperf.com *.onrecruit.net *.optimizely.com *.slideshare.net *.soundcloud.com *.surveymonkey.com *.tealiumiq.com *.tiqcdn.com *.twimg.com *.twitter.com *.typography.com *.vimeo.com *.yahooapis.com *.youtube.com *.zdassets.com *.zopim.com *.zopim.io accessibe.com acsbap.com consent.trustarc.com consent-pref.trustarc.com consent-st.trustarc.com  prefmgr-cookie.truste-svc.net 'self' 'unsafe-inline' hm.baidu.com data: 1
frame-src www.google.com;default-src 'self' 1
default-src https: 'unsafe-inline' 'unsafe-eval' data:; worker-src 'self' blob: 1
default-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 1
form-action 'self' 'unsafe-inline';script-src 'self' 'unsafe-eval' kolmeya.com.br s3.amazonaws.com www.google.com www.gstatic.com www.googletagmanager.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com challenges.cloudflare.com 'nonce-XqQstZvm4SO5OXXEMtJQAqAfWVxP1XpaCiP9aZ1b';script-src-elem 'self' 'unsafe-inline' kolmeya.com.br s3.amazonaws.com www.google.com www.gstatic.com www.googletagmanager.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com challenges.cloudflare.com;style-src-attr 'unsafe-inline';style-src-elem 'self' 'unsafe-inline' kolmeya.com.br s3.amazonaws.com fonts.googleapis.com cdnjs.cloudflare.com;script-src-attr 'unsafe-inline' ;frame-ancestors 'self';img-src 'self' data: kolmeya.com.br s3.amazonaws.com www.facebook.com web.facebook.com www.google.com www.google.com.br www.googletagmanager.com www.googleadservices.com fonts.gstatic.com storage.kolmail.com.br;worker-src 'self' blob:;report-uri https://kolmeya.report-uri.com/r/d/csp/wizard 1
frame-ancestors 'self' *.e-joburg.org.za; 1
default-src 'self'; img-src 'self' *.siga.swiss data: https://*.svc.dynamics.com https://px.ads.linkedin.com https://*.facebook.com https://www.google.ch https://www.google.com https://maps.gstatic.com https://maps.googleapis.com https://img.youtube.com https://siga.canto.global https://www.google-analytics.com https://*.ytimg.com https://*.cloudfront.net https://www.linkedin.com https://www.googletagmanager.com; connect-src 'self' https://maps.googleapis.com https://px.ads.linkedin.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://cdn-cookieyes.com https://*.cookieyes.com https://*.googlesyndication.com https://www.google.com https://vc.hotjar.io https://www.linkedin.com https://*.google-analytics.com https://googleads.g.doubleclick.net; frame-src 'self' https://*.svc.dynamics.com https://www.google.com https://*.google-analytics.com https://www.facebook.com https://www.youtube.com/ https://www.youtube-nocookie.com/ https://*.doubleclick.net/; frame-ancestors 'self' ; media-src 'self' https://www.youtube.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://maps.googleapis.com/ https://*.azureedge.net/ https://privacy.cortina-consult.com/ https://*.hotjar.com/ https://snap.licdn.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/ https://cdn.cookie-script.com https://cdn-cookieyes.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fast.fonts.net https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com  https://fonts.googleapis.com; https://www.googletagmanager.com 1
font-src *.googleapis.com *.gstatic.com https://use.typekit.net/af/* *.typekit.net *.flixcar.com *.flixfacts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.sharethis.com https://a2.adform.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.google.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com cdn.doofinder.com *.trackedlink.net https://www.magezon.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://platform-cdn.sharethis.com/img/facebook-white.svg https://platform-cdn.sharethis.com/img/whatsapp-white.svg *.doofinder.com *.zendesk.com *.google.com *.facebook.com *.google.com.mx *.zdassets.com https://chatadmintool-test-credentials.s3.eu-central-1.amazonaws.com/chats/default/img/00d7e48accea4e35be5c7ac40930b279.png *.zdusercontent.com *.flixcar.com *.sharethis.com *.jwpsrv.com *.jwpltx.com *.juguetron.mx https://www.expotusjuguetes.mx https://cdn.aplazo.mx/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com cdn.doofinder.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.google.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com http://cdn.livechatinc.com http://device.clearsale.com.br https://api.livechatinc.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://platform-cdn.sharethis.com https://static.zdassets.com https://a2.adform.net *.sharethis.com *.doofinder.com https://www.facebook.com https://connect.facebook.net https://ekr.zdassets.com https://widget-mediator.zopim.com https://static.hotjar.com https://script.hotjar.com/modules.28e3191d8757c557b4b7.js https://connect.facebook.net/es_US/fbevents.js https://cdn.doofinder.com/* https://cdn.doofinder.com/livelayer/1/js/dflayer.min.js *.zdassets.com https://static.zdassets.com/ekr/snippet.js https://static.zdassets.com/web_widget/classic/latest/web-widget-main-0345ad6.js https://s2.adform.net/banners/scripts/st/trackpoint-async.js *.smooch.io https://static.zdassets.com/web_widget/messenger/latest/web-widget-main-0345ad6.js *.flixcar.com http://media.flixcar.com https://s.pinimg.com/ct/core.js https://www.googletagmanager.com/* https://api.aplazo.net https://posbifrost.aplazo.net https://api.aplazo.mx https://posbifrost.aplazo.mx https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.doofinder.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://use.typekit.net https://p.typekit.net https://cdn.doofinder.com *.flixcar.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.zdassets.com *.juguetron.mx 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.doofinder.com wss://*.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.sharethis.com https://a2.adform.net *.adform.net https://connect.facebook.net *.zdassets.com *.zopim.com https://lego.juguetron.mx https://www.juguetron.mx https://juguetronsupport.zendesk.com wss://widget-mediator.zopim.com https://stats.g.doubleclick.net https://legojuguetron.zendesk.com wss://api.smooch.io/faye https://zendesk-eu.my.sentry.io *.flixcar.com *.flix360.com https://expotusjuguetes.zendesk.com https://api.aplazo.net https://posbifrost.aplazo.net https://api.aplazo.mx https://posbifrost.aplazo.mx *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';script-src 'self' 'nonce-iW2NfPK8t4sPRxZkATuFKWW5' maps.googleapis.com https://www.google.com https://www.gstatic.com https://js.monitor.azure.com https://boards.greenhouse.io/embed/job_board/js *.umbraco.com https://cc.cdn.civiccomputing.com 'sha256-kCOlPGWrp2Js9iJSlPh3lwr41O79LOkfD/eh7dKHkbA=' 'sha256-Lza2JSaoYpjY9GchlJnhXwcsxez00Mf/xo7F9rtzTK8=' 'sha256-Hl+ak/e/XYre6Gsd6thQmwfSfL1pQyYfn/hgbWf/FpQ=' https://go.globalprocessing.com https://go.thredd.com https://*.google-analytics.com 'sha256-fN3gNlJRX40BbJLYkDdnZ3Ew2nXqwW3prKNWqklPAJQ=' https://snap.licdn.com https://bat.bing.com *.pardot.com *.googletagmanager.com https://secure.leadforensics.com https://secure.visionary-enterprise-wisdom.com https://www.riddle.com/embed/build-embedjs/embedV2.js 'sha256-l3qyqO57UlWUWS6prX3nWqyGGlYGe7jw5hAwchj0s2Y=' js.zi-scripts.com ws.zoominfo.com tags.clickagy.com 'sha256-/mnHYOFmOCt7Hiqc6ea/xUeoJ50agT5kE7YqPjEHMa0=' 'sha256-0rGcZv4aAsonHpyBWDv9DLSc3Z0OwSmHpatHlbkbSGo=';style-src 'self' 'unsafe-hashes' https://fonts.googleapis.com https://assets.juicer.io *.googletagmanager.com/ 'sha256-vZ6DERRW5CRT9PyrEI3g/oL9A6roiJHBAZEOgSnyvwY=' 'sha256-07O+Y9GjPVmZ7F7/8gcQST6Pk1k2JUve+9UIZ6crtS8=' https://bat.bing.com 'sha256-/Q4se7FLGCaPFRdiDgb/uQcgnY12w7eKaV8TA9b4SEc=' 'sha256-kgl2iDd4aV+Kx8zicjvM4i4fUGcubVyGF1vOhrAw4X8=' 'sha256-tx21Qwtv4Ml7IqjbUjkTDmLmExaqf5vnYd/hUZ8yp3s=' 'sha256-IbCmW2jfIZglOoDAzlo2RVn8rSmbBtjhsqzqAfh1qeo=' 'sha256-KWxDqbniGgEelO8aphwG50lBIjYfvbDELI46O1ZBC1o=' 'sha256-26Rc/Fct2OQ3tL3NW2RwPa5lyE5cf7w9mQlOc5RmB5A=' 'sha256-kRHpkGodfHkt1MXVZ/7THSBtqilF3edPGX3tbE6+paA=';img-src 'self' https://maps.gstatic.com https://maps.googleapis.com *.umbraco.com data: www.googletagmanager.com *.linkedin.com https://bat.bing.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.google.com https://*.google.co.uk https://secure.leadforensics.com;media-src 'self' https://player.vimeo.com https://download-video.akamaized.net https://vod-progressive.akamaized.net;frame-src 'self' https://www.youtube.com https://rive.app https://e.infogram.com https://forms.office.com https://player.vimeo.com https://boards.greenhouse.io https://www.google.com https://www.riddle.com hemsync.clickagy.com https://*.doubleclick.net;font-src 'self' https://fonts.gstatic.com;connect-src 'self' ws: https://www.youtube.com https://vimeo.com https://rive.app https://e.infogram.com https://rive.app/community https://infogram.com https://maps.googleapis.com https://dc.services.visualstudio.com/v2/track https://player.vimeo.com https://download-video.akamaized.net https://boards.greenhouse.io/embed/job_board/js https://apikeys.civiccomputing.com https://clapi.civiccomputing.com *.applicationinsights.azure.com https://cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.google.com https://*.google.co.uk https://*.liadm.com https://bat.bing.com aorta.clickagy.com hemsync.clickagy.com;report-uri /report-uri 1
default-src 'self' blob:;media-src 'self' blob: https://fgrsqtudn7ktjmlh.public.blob.vercel-storage.com;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' https://static.ads-twitter.com/uwt.js https://*.googleapis.com https://*.gstatic.com *.google.com https://static.ads-twitter.com/uwt.js https://va.vercel-scripts.com/v1/speed-insights/script.debug.js https://va.vercel-scripts.com/v1/script.debug.js https://www.youtube.com/ https://c.thirdweb.com/ https://*.rpc.thirdweb.com/ https://api-js.mixpanel.com/ https://vercel.live/ https://vitals.vercel-insights.com/;img-src 'self' https: data: blob: data:;connect-src 'self' ws: wss: https://fgrsqtudn7ktjmlh.public.blob.vercel-storage.com https://cloudflare-eth.com https://c.thirdweb.com/ https://contract.thirdweb.com/ https://*.rpc.thirdweb.com/ https://ipfs.io/ipfs/ https://*.ipfscdn.io/ https://*.walletconnect.com/ https://developer-access-mainnet.base.org/ https://*.googleapis.com https://*.gstatic.com https://api-js.mixpanel.com/ *.google.com https://vercel.live/ https://vitals.vercel-insights.com/ https://api-js.mixpanel.com/ https://*.coinbase.com/ https://*.sentry.io/;frame-src *.google.com https://embedded-wallet.thirdweb.com/ https://www.youtube.com/embed/ https://vercel.live/ https://www.figma.com/embed;font-src 'self';object-src none;base-uri 'self';form-action 'self';frame-ancestors 'none';block-all-mixed-content ;upgrade-insecure-requests ; 1
worker-src blob: mobelringen.global.ssl.fastly.net; font-src maxcdn.bootstrapcdn.com *.gstatic.com data: script.hotjar.com 'self' data: *.typography.com *.intercomcdn.com *.cloudfront.net mobelringen.global.ssl.fastly.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.voyado.com *.facebook.com *.vipps.no 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.klarna.com big.g.doubleclick.net vars.hotjar.com optimize.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.authorize.net *.socialboards.com embedsocial.com *.cookieinformation.com *.google.com *.google.lt *.google.no *.ipaper.io *.voyado.com voyado.oculos.no *.doubleclick.net *.adform.net *.facebook.com mobelringen.global.ssl.fastly.net kommunikasjon.ntb.no *.typeform.com go.smoc.ai *.visualwebsiteoptimizer.com app.vwo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://cdn.flbx.io *.klarna.com *.klarnaevt.com *.google.com *.google.no *.google.se *.google.fi *.google.ro *.google.pl *.google.dk *.gstatic.com *.google-analytics.com *.googleadservices.com *.hotjar.com *.hotjar.io *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.wpcloud.trollweb.no *.dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com *.magentocommerce.com *.readpeak.com *.adnxs.com *.taboola.com *.ytimg.com storage.googleapis.com img.youtube.com analytics.sleeknote.com *.google.lt *.cloudfront.net *.ipaper.io ipaper.ipapercms.dk *.fbcdn.net *.facebook.com blob: mobelringen.global.ssl.fastly.net *.doubleclick.net *.mobelringen.no app.vwo.com useruploads.vwo.io data: 'self' 'unsafe-inline'; script-src *.assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.flbx.io https://connect.getflowbox.com http://connect.getflowbox.com *.klarna.com *.google.com *.gstatic.com *.google-analytics.com *.googleanalytics.com *.googleadservices.com *.googleoptimize.com *.doubleclick.net static.hotjar.com script.hotjar.io https://storage.googleapis.com/ https://api.mapbox.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com *.trustpilot.com *.geostag.cardinalcommerce.com *.leaf.cardinalcommerce.com *.1eafstag.cardinalcommerce.com *.geoapi.cardinalcommerce.com *.1eafapi.cardinalcommerce.com oc-cookieless-cmp-app.azurewebsites.net sst.mobelringen.no *.readpeak.com *.typeform.com *.songbird.cardinalcommerce.com *.geo.cardinalcommerce.com *.centinelapistag.cardinalcommerce.com *.centinelapi.cardinalcommerce.com *.1eaf.cardinalcommerce.com *.includestest.ccdc02.com *.secure.authorize.net *.test.authorize.net *.ytimg.com *.js.authorize.net *.jstest.authorize.net *.braintreegateway.com *.signifyd.com widget.intercom.io js.intercomcdn.com sleeknotecustomerscripts.sleeknote.com sleeknotestaticcontent.sleeknote.com *.googletagmanager.com browser-update.org script.hotjar.com connect.facebook.net track.adform.net *.mobelringen.no *.googleapis.com *.socialboards.com *.elfsight.com *.cookieinformation.com embedsocial.com bam.nr-data.net js-agent.newrelic.com data: blob: *.facebook.com mobelringen.global.ssl.fastly.net kommunikasjon.ntb.no *.voyado.com app.vwo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com *.googleapis.com *.google.com unsafe-inline assets.braintreegateway.com *.wpcloud.trollweb.no *.typography.com getfirebug.com *.getfirebug.com mobelringen.no *.socialboards.com embedsocial.com mobelringen.global.ssl.fastly.net data: *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://*.amazonaws.com https://cdn.flbx.io https://connect.getflowbox.com http://connect.getflowbox.com *.klarnaevt.com *.google-analytics.com *.doubleclick.net *.klarna.com *.hotjar.io *.hotjar.com vc.hotjar.io surveystats.hotjar.io wss://*.hotjar.com *.google.com *.googleapis.com https://storage.googleapis.com/ https://api.mapbox.com/ https://events.mapbox.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io api-iam.intercom.io wss://nexus-websocket-a.intercom.io stats.g.doubleclick.net *.vdc-services.io *.elfsight.com *.cookieinformation.com bam.nr-data.net *.mapbox.com *.getflowbox.com *.socialboards.com mobelringen.global.ssl.fastly.net *.sleeknote.com sst.mobelringen.no oc-cookieless-cmp-app.azurewebsites.net *.voyado.com *.visualwebsiteoptimizer.com app.vwo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blob: mobelringen.global.ssl.fastly.net http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://eng.vdc.dev/csp-report; report-to report-endpoint; 1
default-src 'self' data: *; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-ancestors 'self' ; style-src 'unsafe-inline' *; worker-src 'self' blob:; 1
default-src 'self' https://cognito-idp.us-east-1.amazonaws.com/ https://cognito-identity.us-east-1.amazonaws.com/ https://8hl3qfs905.execute-api.us-east-2.amazonaws.com/ https://0h7548fy5k.execute-api.us-east-2.amazonaws.com/ https://u1snkvxurl.execute-api.us-east-2.amazonaws.com/ https://svnwjuay7a.execute-api.us-east-1.amazonaws.com/;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data: https:;object-src 'none';script-src 'self' 'sha256-5As4+3YpY62+l38PsxCEkjB1R4YtyktBtRScTJ3fyLU=' 'sha256-GgRxrVOKNdB4LrRsVPDSbzvfdV4UqglmviH9GoBJ5jk=';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self' https://www.google.com.au/ https://counter.adcourier.com/ https://www.google.com.ph/ https://www.google.com/ https://cdnjs.cloudflare.com/ https://px.ads.linkedin.com https://www.facebook.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ipinfo.io/ https://ajax.cloudflare.com https://t.sharethis.com/ https://buttons-config.sharethis.com/ https://cdn-cookieyes.com https://static.cloudflareinsights.com https://www.google-analytics.com/ https://platform-api.sharethis.com/ https://www.gstatic.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://analytics.tiktok.com/ https://connect.facebook.net/ https://snap.licdn.com/ https://acsbapp.com/apps/ https://static.cloudflareinsights.com/ https://www.googletagmanager.com/ https://cdn.jsdelivr.net/ https://cdn-cookieyes.com/ https://cdnjs.cloudflare.com/; font-src 'self' https://cdnjs.cloudflare.com/ https://fonts.gstatic.com/;  img-src 'self' data: https://dashboard.umbraco.com/ https://www.google.nl/ https://sync.sharethis.com/ https://i.ibb.co/ https://i.ytimg.com/ https://cdn-cookieyes.com/ https://www.linkedin.com/ https://counter.adcourier.com/ https://www.google.com.ph/ https://www.google.com.au/ https://www.google.com/ https://www.facebook.com/ https://cdnjs.cloudflare.com https://px.ads.linkedin.com/; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloudflareinsights.com/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/ ; connect-src 'self' https://api.bigdatacloud.net/ https://www.facebook.com/tr/ https://bcp.crwdcntrl.net/ http://analytics.pangle-ads.com/ http://stats.g.doubleclick.net https://www.google.com/ https://cdn-cookieyes.com/ https://log.cookieyes.com/ https://l.sharethis.com/ https://www.google-analytics.com/ https://analytics.pangle-ads.com https://stats.g.doubleclick.net/ https://acsbapp.com/ https://analytics.google.com/ https://analytics.tiktok.com/ https://cdn.acsbapp.com/ https://px.ads.linkedin.com/ https://analytics.google.com/; frame-src 'self' https://e.issuu.com/ https://www.youtube.com/ https://td.doubleclick.net https://www.google.com/; object-src 'none'; 1
frame-ancestors 'self' https://*.mercedes-benz.com; default-src 'self' https://*.mercedes-benz.com https://*.mercedes-benz.de https://*.corpinter.net https://*.usercentrics.eu https://*.googletagmanager.com https://*.krxd.net https://*.day.com https://*.anythingabout.net https://*.system360gmbh.de https://*.mercedes-benz-classic.com https://*.speedcurve.com https://alltime-stars.com  https://cdn.jsdelivr.net https://*.mb-lounge.com  https://*.eventbase.com https://narando.com https://*.narando.com https://*.googleapis.com  https://maxcdn.bootstrapcdn.com https://cdn.plyr.io https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.doubleclick.net https://shop.nostalgic.de https://*.gstatic.com https://cdn.ampproject.org https://amp.azure.net https://*.windows.net https://cmsdata.net https://booking-widget.quandoo.de https://api.corpinter.net https://*.facebook.net https://*.facebook.com https://*.atdmt.com https://*.adobe.com https://www.kinoheld.de https://mb-prototypes.swhost.in https://*.go-mpulse.net https://*.akstat.io https://my.matterport.com data: blob: 'unsafe-inline' 'unsafe-eval' 1
frame-src 'self';                                                      img-src  *.mysedgwick.com  https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ 'self' data:;                                                     child-src 'self';                                                     object-src 'none';                                                     base-uri 'self';                                                     frame-ancestors 'self';                                                     default-src 'self' https://geolocation.onetrust.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.cookielaw.org https://fonts.gstatic.com/ https://storage.googleapis.com/co;                                                     style-src 'self' https://cdn.jsdelivr.net https://cdn.materialdesignicons.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://storage.googleapis.com 'unsafe-inline';                                                     script-src 'self' https://cdn.cookielaw.org https://storage.googleapis.com/ 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' *.kameleoon.com; report-uri /report-csp-violation 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *; frame-ancestors 'self' https://secure.petafrance.com; 1
frame-ancestors https://*.ionos.com https://*.ionos.at https://*.ionos.co.uk https://*.ionos.de https://*.ionos.es https://*.ionos.fr https://*.ionos.it https://*.ionos.ca https://*.ionos.mx https://*.ionos.us https://*.website-editor.net https://*.mywebsite-editor.com www.mikescomputerrescue.com 1
frame-ancestors 'self' data: https://sii.pl/ https://sii.ua/ https://siisweden.se/; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.jsdelivr.net https://www.google.com https://px.ads.linkedin.com https://*.clarity.ms https://*.googlesyndication.com https://*.cdninstagram.com https://cdn.linkedin.oribi.io https://www.recaptcha.net https://*.recaptcha.net https://*.siitest.pl https://*.siidev.pl https://*.sii.pl https://*.analytics.google.com https://analytics.google.com https://cdn.sii.pl https://*.fontawesome.com https://*.googleapis.com https://*.jquery.com https://*.msecnd.net https://www.eventbrite.com https://*.doubleclick.net https://www.facebook.com https://*.doubleclick.net wss://*.cux.io https://www.google-analytics.com https://*.cux.io https://*.dynamics.com https://*.livechatinc.com https://sii.pl https://*.clickdimensions.com https://secure.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: blob:https://sii.pl https://sii.pl https://cdn.jsdelivr.net https://*.clarity.ms https://*.cloudflareinsights.com https://*.gstatic.com https://*.recaptcha.net https://*.youtube.com https://*.siitest.pl https://*.siidev.pl https://*.sii.pl https://maps.google.com https://code.jquery.com https://*.msecnd.net  https://www.eventbrite.com wss://*.cux.io https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.doubleclick.net https://www.google-analytics.com https://*.cux.io https://connect.facebook.net https://snap.licdn.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://mktdplp102cdn.azureedge.net https://*.clickdimensions.com https://*.livechatinc.com https://sii.pl https://analytics-eu.clickdimensions.com https://ajax.googleapis.com; img-src 'self' data: https://c.bing.com https://c.clarity.ms https://*.cdninstagram.com https://*.siitest.pl https://*.siidev.pl https://*.sii.pl https://googleads.g.doubleclick.net https://analytics.google.com https://*.clickdimensions.com https://analytics-eu.clickdimensions.com https://i.ytimg.com https://www.google.pl/ https://www.google.com/ https://www.facebook.com https://*.linkedin.com https://px.ads.linkedin.com https://www.googletagmanager.com https://www.google-analytics.com https://*.dynamics.com https://cdn.sii.pl https://secure.gravatar.com https://s.w.org https://*.googleapis.com https://*.gstatic.com https://*.sii.pl; 1
frame-ancestors http://webvisor.com 'self' 1
default-src 'self' https://*.tec.com https://*.tecmain.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data: https://*.tec.com https://*.tecmain.com/ https://*.ggpht.co https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com/ https://*.youtube.com https://*.ytimg.com https://stats.g.doubleclick.net https://*.addtoany.com/ https://*.crowdfiber.io https://*.crowdfiber.com https://*.hsforms.com https://track.hubspot.com https://px4.ads.linkedin.com https://px.ads.linkedin.com https://*.linkedin.com;object-src 'self' https://*.youtube.com;script-src 'self' https://*.tec.com/ https://*.google-analytics.com https://*.googletagmanager.com/ https://*.youtube.com https://*.googleapis.com https://*.gstatic.com/ https://*.browser-update.org https://*.socialintents.com https://*.crowdfiber.io https://*.crowdfiber.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://snap.licdn.com https://ws.zoominfo.com https://tags.clickagy.com https://js.zi-scripts.com 'nonce-9-1721960572608' 'sha256-M1NHnldOEb3DHAvGPbGG5YUze1B2C7TeaiIYS7PCFCY=' 'sha256-dbNa05ZZgeahJh7J1PkzbyqH/IYNMQ0w9xZAKAwbyAM=' 'sha256-+5AVzJUgOkI4cXRAYH6y46YJB0Vj7Ui+rMYSD8ZSrRE=' 'sha256-0wH0wgt8IjwHEut5Xf+Z4GwW26i+lRHdBvrE+ST2BYw=' 'sha256-4ARrLHyG8JnxLz+xWviJ9QnFvHwVRLQjUrpAzIpR5/g=' 'sha256-5/Oy34h9bsKzpB19JIdX2IMmtppqSc1jU7SGA0wCHP0=' 'sha256-XEtnhtU1JBSpm/ghFnD2ehS6BxXGg46/PXuXb1JdZAI=' 'sha256-liV5ascJEginnAqJRpx2D6NFJJlNAhkBHRSSYYZ7dFE=' 'sha256-vjgUgDCE7Y1vBXKzooItxXy6FsbVEWT7yCvph5AD8k0=' 'sha256-ym7NYCOaNqY3UN/+UDYagz5iSYtASg287mV6eIwLsHA=' 'sha256-JhWxYagRvfgyL4S9nEIh0dkFxvE+876lFB8PeblPhus=' 'sha256-ewKIDWnWQRWXWxnXrkXsd8yVPb/fBm+/36VDKjm5VkY=';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;script-src-elem 'self' https://*.tec.com/ https://analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com/ https://*.youtube.com https://*.googleapis.com https://*.gstatic.com/ https://*.browser-update.org https://js.hs-scripts.com/ https://*.hubspot.com/ https://*.hsadspixel.net/ https://*.hscollectedforms.net/ https://*.hs-analytics.net/ https://*.hs-banner.com/ https://*.socialintents.com https://snap.licdn.com https://js.zi-scripts.com 'sha256-dbNa05ZZgeahJh7J1PkzbyqH/IYNMQ0w9xZAKAwbyAM=' 'sha256-vjgUgDCE7Y1vBXKzooItxXy6FsbVEWT7yCvph5AD8k0=' 'sha256-ort0i701h1ZujulfTh9FA49UmaFy5lDawJdqgxO14lc=' 'sha256-0wH0wgt8IjwHEut5Xf+Z4GwW26i+lRHdBvrE+ST2BYw=' 'sha256-M1NHnldOEb3DHAvGPbGG5YUze1B2C7TeaiIYS7PCFCY=' 'sha256-+5AVzJUgOkI4cXRAYH6y46YJB0Vj7Ui+rMYSD8ZSrRE=' 'sha256-/1SyXZovHoaiOhC/MM0kw2Ll9iDO3M4akeaHJNcO6yM=' 'sha256-iDUmheLZKJRL/AEtEP3IZpdcoK/shrcEbMVgc5Qz5x8=' 'sha256-ewKIDWnWQRWXWxnXrkXsd8yVPb/fBm+/36VDKjm5VkY=' 'sha256-HEGEmLlGzvyVXpguEVjT44MmOsCq+0e6Mlqc5kexXoE=' 'sha256-QR54mPomFpH6nZelLJrujyYsF6dpQzeBvdgoKRp00jY=' 'sha256-4uaewFagpadrvP/CTEk2ZoRjj3abf1baWH1XdsCQmBY=' 'sha256-QYU3joUj06j1Jo5UuXlWdzn9+YRq7uX6p3iO02dMQpc=' 'sha256-SPYv7Rwsch0yLwe3EEbc7FtY819doIhSNyQF6y5DoHg=' 'sha256-mjYORlZPXNQwuatl/Z+46STDGHe+BkSlKx8FrWghBkQ=' 'sha256-gPjlli1HEdLlR0AZTY971/wQVOdSkl9mEinLnxrPpJw=' 'sha256-gPjlli1HEdLlR0AZTY971/wQVOdSkl9mEinLnxrPpJw=' 'sha256-iWbnfKAtRRP33NUY93QxaqxDE5wRjfacbz7hq4+sHsM=' 'sha256-jA1AkUHUe6xxS1m5ADipVdbS0dFsP4j3x51pUgm9+Wk=' 'sha256-lmWa0BWjljANSM78Q9Pkpsjy6R5Xy3hPFu+xLWdipRU=' 'sha256-LOW+aCkaYmJbknpVGqYs/0+f93XNKoe1vA/gNz/ryPg=' 'sha256-AGPHr7BAcxZ9zriFx2hnAOl+ltZ825H/QsokdZBCR18=' 'sha256-d67U09etRmJBlLhDfXENYCP3ZYp8QpC2HxhuF4K19II=' 'sha256-zJ/fcaDHOCvBaQVmIiHCRjFlsq+J8UKyKeWLPc8LNoc=' 'sha256-pDxrpje3t2NC+2JqU+rnBoXAgWz/3ctn11NOPzxrDwg=';connect-src 'self' https://*.tec.com https://*.tecmain.com/ https://analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.youtube.com https://stats.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com/ https://*.geonames.org/ https://geolocation-db.com/json/ https://tecorp.crowdfiber.com https://*.crowdfiber.com https://*.hubspot.com https://forms.hscollectedforms.net https://api.hubapi.com https://px.ads.linkedin.com https://aorta.clickagy.com https://hemsync.clickagy.com https://ws.zoominfo.com https://js.zi-scripts.com;frame-src 'self' https://*.tec.com https://*.google.com https://*.youtube.com https://*.socialintents.com https://tec.speedtestcustom.com https://player.vimeo.com https://hemsync.clickagy.com https://td.doubleclick.net/ 1
default-src 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; object-src 'none'; child-src 'self'; frame-ancestors 'self' http://www.usg.ru http://usg.ru 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-v0R+OH9zLXgJinwsMTvI+Q==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
base-uri 'self';form-action 'self';frame-ancestors *.max.co.il; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.google.com *.gstatic.com hcaptcha.com *.hcaptcha.com; img-src 'self' *.google-analytics.com *.nzbvortex.com *.xsnews.nl; style-src 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com; font-src 'self'; frame-src 'self' *.google.com hcaptcha.com *.hcaptcha.com; object-src 'none'; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.realperson.cloud code.jquery.com static.cloudflareinsights.com ajax.cloudflare.com *.cookiebot.com www.googletagmanager.com ssl.google-analytics.com analytics.regiohelden.de data: https://*.openstreetmap.org 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: source.unsplash.com images.unsplash.com usercontent.realperson.cloud www.googletagmanager.com www.google.de www.google.com ssl.google-analytics.com analytics.regiohelden.de imgsct.cookiebot.com https://*.openstreetmap.org; base-uri 'self'; frame-src 'self' https://consentcdn.cookiebot.com *.youtube-nocookie.com www.linkedin.com www.chatnode.ai embed.chatnode.ai; form-action 'self'; style-src 'self' 'unsafe-inline' *.realperson.cloud *.cookiebot.com 'report-sample'; font-src 'self' data: *.realperson.cloud; worker-src 'self' blob:; connect-src 'self' https://chat2180.realperson.cloud wss://chat2180.realperson.cloud https://charts3.equitystory.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://analytics.regiohelden.de data: https://*.openstreetmap.org; frame-ancestors 'self'; report-uri https://www.stroeer.de/@http-reporting?csp=report&requestTime=1721916362118352 1
default-src 'self' https://*.livechatinc.com; font-src 'self' 'unsafe-inline' https://*.livechat-static.com https://*.gstatic.com https://*.livechatinc.com data: ; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.livechat-static.com ; script-src 'self' 'unsafe-eval' https://*.googletagmanager.com https://*.xdp.co.uk https://*.google-analytics.com  https://*.livechat-static.com https://*.vimeo.com https://connect-eu.livechatinc.com https://*.livechatinc.com 'unsafe-inline' ; frame-src 'self' https://*.xdp.co.uk https://player.vimeo.com https://*.livechatinc.com ; connect-src 'self' https://*.google-analytics.com  https://*.livechat-static.com https://*.livechatinc.com ; img-src 'self' https://*.xdp.co.uk https://*.tile.openstreetmap.org https://*.livechat-static.com https://cdn.livechat-files.com https://*.gravatar.com data: blob: 1
default-src http: data: blob: 'unsafe-inline' 'unsafe-eval' 1
default-src  'self' *.esa.edu.au *.nccd.edu.au;  img-src      'self' *.esa.edu.au *.nccd.edu.au www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com data: https://s.viostream.com https://image.viostream.com https://image.viostream.com ;  script-src   'self' 'unsafe-inline' *.esa.edu.au *.nccd.edu.au https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net ajax.cloudflare.com static.cloudflareinsights.com https://static.hotjar.com https://publish.viostream.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://parsleyjs.org https://script.hotjar.com https://s.viostream.com blob: https://code.jquery.com https://www.gstatic.com ;  style-src    'self' 'unsafe-inline' *.esa.edu.au *.nccd.edu.au https://fonts.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com;  font-src     'self' *.esa.edu.au *.nccd.edu.au data: https://themes.googleusercontent.com https://fonts.gstatic.com https://use.fontawesome.com https://cdnjs.cloudflare.com;  frame-src   'self' *.esa.edu.au *.nccd.edu.au https://bid.g.doubleclick.net https://vars.hotjar.com https://uat-api-se.ttn.edu.au/ https://www.google.com/   ;  connect-src 'self' *.esa.edu.au *.nccd.edu.au https://www.google-analytics.com https://www.google-analytics.com https://cdn2.app.viostream.com https://s.viostream.com https://*.hotjar.com https://*.hotjar.io;  media-src 'self' *.esa.edu.au *.nccd.edu.au data: blob: https://cdn2.app.viostream.com https://*.viostream.com; frame-ancestors 'self' *.esa.edu.au *.nccd.edu.au; 1
script-src 'self' https: *.placehold.it *.jsdelivr.net *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: *.placehold.it *.jsdelivr.net *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https:; manifest-src 'self' https:; font-src 'self' https: *.placehold.it *.jsdelivr.net *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https:; img-src 'self' https: data: *.placehold.it *.jsdelivr.net *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https:; object-src 'self' https:; frame-ancestors 'self' https:; frame-src 'self' https:; worker-src 'self' https:; base-uri 'self' https:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; frame-src 'self' https:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob:; frame-ancestors 'self' *.7across.travel *.7acrosstravel *.accorplusdiscovery.com *.addthis.com *.airportparking.net.au *.avctravel.com.au *.azurewebsites.net *.bzzworld.com *.bzzworldtravel.com *.clubmedaustralia.com.au *.crownclubmarketplace.com *.cruise.ovscruise.com *.cruise.wotif.com *.cruisemegastore.com.au *.cruisepilot.com.au *.dae-travel.com *.discover365.co.nz *.discover365.co.uk *.discover365.com.au *.doubleclick.net *.driveaway.com.au *.facebook.com *.favc.com *.hightide.com.au *.IAMLVC.com *.ice-cdn.com *.icecruises.com.au *.iceenterprise.com *.icevacations.com.au *.kampyle.com *.kivac.com.mx *.latitude21resorts.com *.latitudeguestservices.com *.latitudevacationclub.com *.lifestylebywyndhamlite.com *.liveaquaresidenceclub.com *.livechatinc.com *.looking4.com *.mustdotravels.com *.my241cruise.com.au *.my241rewards.com.au *.myfuturecruisecredit.com *.optimizely.com *.ourvacationcentre.com *.ourvacationcentre.com.au *.ourvacationcentre.net *.ovctour.com *.ovscruise.com *.ovsresort.com *.qvitravelsavings.com *.rci.my241cruise.com.au *.rci.travel *.re-set.mx *.re-set.travel *.saveonresorts.com *.tawk.to *.theclub365.com.au *.tourmegastore.com.au *.travelii.mx *.travelmegastore.com.au *.travelperksplus.com *.travelsavingspassport.com *.tripauthority.com *.tripsavr.com *.tripsavr2.com *.ultiqa.com.au *.ultiqaexplore.com.au *.ultiquaexplore.com.au *.windows.net *.world2go.mx *.wotif.com *.youtube.com 7across.travel accorplusdiscovery.com agentportalui-wa-dev-usw.azurewebsites.net agentportalui-wa-qa-usw.azurewebsites.net assets.cruisemail.com.au avctravel.com.au bid.g.doubleclick.net cruise.flybuystravel.com.au cruise.ovscruise.com cruise.wotif.com cruisemegastore.com.au cruisepilot.com.au dae-travel.com discover365.co.nz discover365.co.uk discover365.com.au elcidsales.latitudeguestservices.com hightide.com.au icecruises.com.au iceenterprise.com icevacations.com.au latitudevacationclub.com lifestylebywyndhamlite.com mustdotravels.com my241cruise.com.au my241rewards.com.au myfuturecruisecredit.com ourvacationcentre.com ourvacationcentre.com.au ourvacationcentre.net ovctour.com ovscruise.com rci.my241cruise.com.au rci.travel tawk.to theclub365.com.au tour.icruiserewards.com tour.thevidalifestyle.com tourmegastore.com.au tours.icruise.com tours.tourmegastore.com.au travelmegastore.com.au travelperksplus.com ukproducthub.azureedge.net ukproducthub.blob.core.windows.net ultiqa.com.au ultiqaexplore.com.au ultiquaexplore.com.au windows.net wotif.com; block-all-mixed-content; upgrade-insecure-requests; 1
connect-src 'self' https://*.ats-platform.com https://*.hireserve.nl https://*.bugsnag.com https://consentcdn.cookiebot.com https://*.cloudfront.net https://*.algolia.net https://*.hotjar.com https://*.algolia.io https://my.yoast.com https://yoast.com https://*.sudwestfryslan.nl https://*.readspeaker.com https://*.obi4wan.com wss://ws-eu.pusher.com https://obipubvideo.s3.eu-central-1.amazonaws.com; default-src 'self' https://*.sudwestfryslan.nl; font-src 'self' data: https://*.ats-platform.com https://*.hireserve.nl https://cdn.jsdelivr.net https://*.hotjar.com https://*.typekit.net; form-action 'self' https://*.ats-platform.com https://*.hireserve.nl https://*.ogone.com; frame-src https://*.vimeo.com https://*.ats-platform.com https://*.hireserve.nl https://*.savviihq.com https://*.sudwestfryslan.nl https://consentcdn.cookiebot.com https://sudwestfryslan.nl https://*.hotjar.com https://*.youtube.com https://*.youtube-nocookie.com; img-src 'self' data: https://*.ats-platform.com https://*.hireserve.nl https://*.savviihq.com https://*.sudwestfryslan.nl https://*.openstreetmap.org https://*.siteimproveanalytics.io https://ajax.googleapis.com https://*.w.org https://secure.gravatar.com https://translate.yoast.com https://www.paypalobjects.com https://qr-code.ithemes.com https://*.obi4wan.com https://s3-eu-west-1.amazonaws.com https://obipubvideo.s3.eu-central-1.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.hireserve.nl https://*.facebook.net https://beacon-v2.helpscout.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.hotjar.com https://siteimproveanalytics.com https://cdn.jsdelivr.net https://polyfill.io https://*.readspeaker.com https://*.google.com https://*.gstatic.com https://*.obi4wan.com; style-src 'self' 'unsafe-inline' https://*.hireserve.nl https://ajax.googleapis.com https://cdn.jsdelivr.net https://*.typekit.net https://*.readspeaker.com https://*.google.com https://*.gstatic.com https://*.obi4wan.com; worker-src 'self' 1
frame-ancestors 'self' https://ssoadmin.dv1.rv.intcx.net https://ssoadmin.ft.rv.intcx.net;;object-src 'none'; script-src 'unsafe-inline' 'nonce-Nd7rU8dNfEUIKTMg5XI0HA==' 'strict-dynamic' https: http:; base-uri 'self'; 1
frame-src *; script-src 'unsafe-eval' 'unsafe-inline' 'self'  www.balbooa.com cdn.jsdelivr.net; script-src-elem 'self' chatandbot.com call.chatra.io gspeech.io storage.googleapis.com js.hcaptcha.com www.balbooa.com cdn.ckeditor.com cdn.jsdelivr.net www.google.com www.gstatic.com hcaptcha.com cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; img-src blob: 'self'  https://chatandbot.com  storage.googleapis.com www.cm-portimao.pt cm-portimao.pt data: www.balbooa.com ; default-src 'self'  cdn.ckeditor.com gspeech.io storage.googleapis.com cdn.jsdelivr.net www.gstatic.com cm-portimao.pt www.cm-portimao.pt api.joomlatools.com code.jquery.com tile.osm.org www.google.com appscdn.joomla.org *.hcaptcha.com cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval';connect-src 'self' wss://chatandbot.com  1
frame-ancestors 'self' https://*.toyota.bg https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' 1
default-src 'self' *.mypurecloud.ie *.clarity.ms *.youtube-nocookie.com *.youtube.com *.admincompensa.com *.micompensacion.com *.googleapis.com *.google.com *.gstatic.com *.microsoftonline.com *.beruby.com *.vimeo.com vimeo.com app.howdeniberia.com link.videoplatform.limelight.com app.powerbi.com cdn.cookielaw.org geolocation.onetrust.com srv.pecunpay.es:44100 mailto: tel: ;img-src * data:; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval';object-src *.mypurecloud.ie;connect-src 'self' ws: *.mypurecloud.ie *.clarity.ms; 1
img-src 'self' data: https://cdn.accmed.org https://www.accmed.org https://siti.accmed.org https://fad.accmed.org https://www.forumservice.net https://pbs.twimg.com https://grasp.accmed.org; media-src 'self' data: https://cdn.accmed.org https://mediafad.accmed.org https://www.accmed.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siti.accmed.org https://www.accmed.org https://securityscorecard.com https://cdn.datatables.net/ https://stackpath.bootstrapcdn.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com https://cdn.jsdelivr.net https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://siti.accmed.org  https://www.accmed.org https://cdn.datatables.net/ https://ajax.googleapis.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com/ https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net/;object-src 'none';frame-ancestors 'self' https://*.accmed.org htts://hematologykeys.it; 1
frame-ancestors *; frame-src *; 1
frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self'; form-action www.ost.spryker.local zed.ost.spryker.local iglobuscz-prod-static-files.s3.eu-central-1.amazonaws.com 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ajax.aspnetcdn.com https://www.googleadservices.com https://*.go-mpulse.net https://*.doubleclick.net https://*.mastercard.com; frame-src 'self' https://www.mcdeliveryaddressstg.co.za https://www.mcdeliveryaddress.co.za https://*.doubleclick.net https://*.mastercard.com; connect-src 'self' https://*.google.com https://*.akstat.io https://*.akamaihd.net https://*.go-mpulse.net https://www.google-analytics.com https://*.doubleclick.net https://*.analytics.google.com; img-src 'self' data: https://www.google-analytics.com https://www.google.com https://*.akstat.io https://*.doubleclick.net https://www.googletagmanager.com; 1
default-src 'self';script-src 'self' https://checkout.stripe.com https://player.vimeo.com https://maps.googleapis.com https://js.stripe.com https://www.youtube.com https://s.ytimg.com https://www.gstatic.com https://www.googletagmanager.com 'nonce-7ed1a9fb3bb24f07bc938ae0b21b0361';img-src 'self' data: https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com https://img.youtube.com https://www.googletagmanager.com https://www.google-analytics.com blob:;font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com;frame-src 'self' https://player.vimeo.com https://js.stripe.com https://www.youtube.com https://docs.google.com;connect-src 'self' https://fcmregistrations.googleapis.com https://firebaseinstallations.googleapis.com https://api.postcodes.io https://www.google-analytics.com https://maps.googleapis.com https://firebase.googleapis.com wss://*;worker-src 'self' blob:; 1
block-all-mixed-content; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; 1
frame-ancestors 'self' https://sphere.canamgroupinc.com 1
frame-ancestors 'self' *.facebook.com 1
frame-ancestors 'self' https://*.thebancorp.com;  1
default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/;font-src 'self' https://fonts.gstatic.com/;img-src 'self' data: https://www.google-analytics.com/ https://www.googletagmanager.com/ https://stats.g.doubleclick.net/ https://file.for.sg/;script-src 'self' https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://www.googletagmanager.com/ https://*.browser-intake-datadoghq.com/ https://www.datadoghq-browser-agent.com/;worker-src blob:;connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://*.browser-intake-datadoghq.com/ o372043.ingest.sentry.io o372043.ingest.sentry.io;frame-ancestors 'self';report-uri https://o372043.ingest.sentry.io/api/5193500/security/?sentry_key=a76d61749b824d8fa8ad84eee7ecc882;upgrade-insecure-requests 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://wchat.freshchat.com https://www.google-analytics.com https://analytics.google.com https://www.googleoptimize.com https://connect.facebook.net https://apis.google.com https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js;connect-src * 'unsafe-inline';font-src 'self' fonts.googleapis.com;img-src * data: blob:; frame-src 'self' https://wchat.freshchat.com https://www.googletagmanager.com https://www.youtube.com https://545299966298273.webpush.freshchat.com/ https://www.google.com/recaptcha/api.js https://www.google.com/; 1
default-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com npci.corover.mobi w3.org;script-src-elem 'self' 'unsafe-inline' www.google.com www.gstatic.com; frame-src 'self' www.google.com; img-src 'self' www.w3.org 'data:image/svg+xml,%3csvg' 1
default-src 'self' *.athletereg.com; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.googletagservices.com js-agent.newrelic.com service.force.com *.braintreegateway.com *.fontawesome.com *.g.doubleclick.net *.analytics.google.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hubspot.com *.jquery.com *.moatads.com *.nr-data.net *.salesforceliveagent.com *.twitter.com cdn.amplitude.com cdn.metarouter.io connect.facebook.net googleads.g.doubleclick.net js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hsforms.net js.hsleadflows.net outside-header.vercel.app s3.amazonaws.com *.scorecardresearch.com unpkg.com ajax.googleapis.com *.protecht-sandbox.io *.protecht.io cdnjs.cloudflare.com sealserver.trustkeeper.net *.cloudfront.net ajax.aspnetcdn.com cdn.speedcurve.com *.stripe.com *.salesforce.com connect.facebook.com salesforceliveagent.com *.googleadservices.com www.google-analytics.com athletereg.us12.list-manage.com cdn.jsdelivr.net js.hscollectedforms.net adservice.google.com metarouter-ajs-next-destinations-stage.s3.amazonaws.com es.pinkbike.org *.vercel.com cdn-prod.securiti.ai *.datadoghq-browser-agent.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.typekit.net *.googleapis.com service.force.com *.gstatic.com *.cloudfront.net athletereg.my.salesforce.com cdn.jsdelivr.net *.fontawesome.com *.braintreegateway.com *.vercel.com cdn-prod.securiti.ai *.bikereg.com; img-src 'self' data: https: http://www.millenniumrunning.com; connect-src 'self' *.athletereg.com *.hubspot.com *.braintree-api.com *.facebook.com *.g.doubleclick.net *.analytics.google.com *.google-analytics.com *.googleanalytics.com *.trailforks.com *.googlesyndication.com *.hubapi.com *.outsideapi.com outsideapi.com *.rivt.com api.amplitude.com *.googleapis.com *.cloudfront.net	*.nr-data.net *.braintreegateway.com *.gstatic.com *.hsforms.com *.googletagmanager.com use.fontawesome.com js.hs-banner.com *.google.com forms.hscollectedforms.net app.securiti.ai cdn-prod.securiti.ai *.datadoghq-browser-agent.com https://browser-intake-datadoghq.com *.bikereg.com *.browser-intake-datadoghq.com *.RunReg.com; font-src 'self' data: fonts.gstatic.com *.typekit.net *.sfdcstatic.com use.fontawesome.com static2.sharepointonline.com rwgps-embeds.com *.millenniumrunning.com netdna.bootstrapcdn.com *.braintreegateway.com app.securiti.ai cdn-prod.securiti.ai; frame-ancestors 'self' *.athletereg.com *.bikereg.com *.runreg.com *.trireg.com *.skireg.com *.plegereg.com *.trailforks.com; frame-src 'self' *.doubleclick.net *.facebook.com *.google.com *.outsideonline.com outsideonline.com service.force.com platform.twitter.com *.salesforce.com *.braintreegateway.com *.trailforks.com/; form-action 'self' *.paypal.com *.pledgereg.com *.facebook.com *.strava.com *.salesforce.com *.outsideonline.com; base-uri 'self'; object-src 'self'; report-uri https://api.athletereg.com/ErrorReport/cspViolation; 1
default-src='self'; 1
script-src 'self' static.ctctcdn.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.google.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com https://connect.facebook.net/ code.jquery.com kit.fontawesome.com 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://www.fl3xx.com https://paxtax.eu 1
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.pt https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.pt https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.pt;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.pt  https://smetrics.vwfs.pt https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.pt;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.pt https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.pt https://smetrics.vwfs.pt https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.pt http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com ;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net ;            media-src https://www.youtube-nocookie.com 'self' ; 1
default-src 'self' https://beck-elibrary.de https://*.beck-elibrary.de https://consentcdn.cookiebot.com https://google.com https://*.google.com https://gstatic.com https://*.gstatic.com https://vgwort.de https://*.vgwort.de https://vimeo.com https://*.vimeo.com https://vimeocdn.com https://*.vimeocdn.com https://hotjar.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.de; img-src 'self' https://beck-elibrary.de https://*.beck-elibrary.de 'nonce-Gu866iJcLmYQBzDTon1r' data: https://gstatic.com https://*.gstatic.com https://vgwort.de https://*.vgwort.de https://vimeocdn.com https://*.vimeocdn.com https://*.hotjar.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.de; frame-ancestors 'self' https://beck-elibrary.de https://*.beck-elibrary.de https://www.googletagmanager.com; script-src 'strict-dynamic' 'nonce-r6HJikVuatHfPCHzvJ8n'; frame-src 'self' blob: https://beck-elibrary.de https://*.beck-elibrary.de 'nonce-MnG2WQrfdzNYNjAo2GSL' https://consentcdn.cookiebot.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://player.vimeo.com/video/; style-src 'self' 'unsafe-inline' https://beck-elibrary.de https://*.beck-elibrary.de https://consentcdn.cookiebot.com; base-uri 'self'; object-src 'none' 1
default-src 'none'; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.neighborly.com https://*.cloudflare.com https://*.jquery.com https://*.bootstrapcdn.com https://*.pagescdn.com https://*.optimizely.com https://*.amazonaws.com https://*.adobedtm.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.facebook.net https://*.googleadservices.com https://*.sitescdn.net https://*.livechatinc.com https://*.demdex.net https://*.addthis.com https://*.addthisedge.com https://*.pinterest.com https://*.en25.com https://*.datadoghq-browser-agent.com https://optimize.google.com https://*.rlets.com https://*.reachlocallivechat.com https://reachlocallivechat.com about://*.reachlocallivechat.com https://*.cloudfront.net https://*.cloudflareinsights.com https://*.broadly.com https://web-2-tel.com https://*.hotjar.com https://*.btttag.com https://*.bing.com https://*.doubleclick.net https://*.thinkingchat.com https://*.here.com blob: https://*.stackadapt.com https://*.simpli.fi https://*.pinimg.com https://*.yimg.com https://*.adroll.com https://*.adsrvr.org https://*.scorpion.co https://*.stripe.com https://*.twilio.com wss://*.twilio.com https://*.gstatic.com https://*.liadm.com https://*.brandcdn.com https://*.cloudfunctions.net https://*.callrail.com https://*.nblyprod.com https://*.web-2-tel.com https://*.licdn.com https://*.convertexperiments.com https://*.outlook.com https://*.hibu.com https://*.windowgenie.com https://*.jsdelivr.net https://adservice.google.com; style-src 'self' 'unsafe-inline' auth.iws-hybrid.trendmicro.com 'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.typekit.net https://*.jquery.com https://*.sitescdn.net https://optimize.google.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.stackadapt.com https://*.scorpion.co https://*.twilio.com blob: https://*.windowgenie.com https://*.jsdelivr.net; object-src 'none'; connect-src https://*.nblyprod.com auth.iws-hybrid.trendmicro.com https://*.google.com https://*.liadm.com https://*.googleadservices.com https://*.nblyprod.com https://*.googleapis.com https://*.pagescdn.com https://*.demdex.net https://*.livechatinc.com https://*.neighborly.com https://*.crownpeak.net https://*.addthis.com https://*.yext.com https://*.b2clogin.com https://*.dwyergroup.com https://*.broadly.com https://*.amazonaws.com https://*.google-analytics.com https://*.facebook.net https://*.gannettdigital.com https://*.browser-intake-datadoghq.com https://optimize.google.com https://*.reachlocalservices.com https://*.rlets.com https://reachlocallivechat.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.hotjar.io/ wss://reachlocallivechat.com https://*.web-2-tel.com wss://*.hotjar.com https://*.simpli.fi https://*.adroll.com https://*.oribi.io https://*.here.com https://*.hereapi.com https://*.stackadapt.com https://*.yimg.com https://*.pinterest.com https://*.scorpion.co https://*.btttag.com https://*.twilio.com wss://*.twilio.com https://*.doubleclick.net https://*.bing.com blob: https://*.cloudfunctions.net https://*.callrail.com https://*.convertexperiments.com https://*.googlesyndication.com https://api.neighborly.com https://*.windowgenie.com https://*.localiq.com https://browser-intake-datadoghq.com https://adservice.google.com https://*.facebook.com; font-src auth.iws-hybrid.trendmicro.com https://*.nblyprod.com https://*.typekit.net https://*.gstatic.com https://*.googleapis.com https://optimize.google.com https://reachlocallivechat.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.scorpion.co https://*.twilio.com blob:; frame-src auth.iws-hybrid.trendmicro.com https://www.facebook.com https://*.rlets.com https://*.youtube.com https://*.livechatinc.com https://*.demdex.net/ https://*.addthis.com https://*.pagescdn.com https://*.amazonaws.com https://*.b2clogin.com https://optimize.google.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.doubleclick.net https://*.adsrvr.org https://*.pinterest.com https://*.stripe.com https://*.twilio.com https://*.broadly.com https://*.cloudfront.net blob: https://*.windowgenie.com; manifest-src https://*.windowgenie.com 1
default-src  'self' 'unsafe-inline'; font-src data: 'self'; child-src  'self'; connect-src https://*.google-analytics.com/ https://*.readspeaker.com/ https://*.tkbc.nl https://www.google-analytics.com/ 'self'; frame-src https://geoweb.oss.nl/ https://www.google.com/ https://www.youtube.com/ https://player.vimeo.com 'self'; frame-ancestors  'self'; img-src https://img.youtube.com/ https://*.google-analytics.com/ 'self' data:; media-src  'self'; object-src  'self'; script-src https://cdn1.readspeaker.com/ https://www.googletagmanager.com/ 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; style-src https://*.readspeaker.com/ 'self' 'unsafe-inline';  worker-src  'self' blob: 1
default-src 'self' https://www.youtube.com https://www.google.com https://www.gstatic.com https://bcp.crwdcntrl.net https://csm01.bancocaribe.com.do:590 https://c.go-mpulse.net blob:; connect-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.analytics.google.com https://analytics.google.com https://c.go-mpulse.net https://173bf104.akstat.io https://stats.g.doubleclick.net https://68794910.akstat.io https://173bf10d.akstat.io https://*.akstat.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://csm01.bancocaribe.com.do:590/ccp/ui/ConnectivityCheck.html https://api.userway.org https://cdn.userway.org https://media.imi.chat https://chat-widget.imi.chat; font-src 'self' https://fonts.gstatic.com https://media.imi.chat; frame-src 'self' 'unsafe-inline' https://8257245.fls.doubleclick.net https://bcp.crwdcntrl.net https://csm01.bancocaribe.com.do:590 https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://cdn.userway.org https://media.imi.chat; img-src 'self' https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://img.youtube.com https://stats.g.doubleclick.net https://www.google.com https://bcp.crwdcntrl.net https://www.facebook.com https://www.google.com.do https://cdn.userway.org data: blob:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.gstatic.com https://www.google.com https://tags.crwdcntrl.net https://s.go-mpulse.net https://connect.facebook.net https://wjs.fgptgp.com https://googleads.g.doubleclick.net https://cdn.userway.org https://media.imi.chat https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://www.google.com https://cdn.userway.org https://media.imi.chat https://cdn.jsdelivr.net 1
default-src 'self' static.hsappstatic.net; script-src 'self' 'unsafe-inline' *.hubspot.com cdnjs.cloudflare.com *.hubspot.net *.hs-scripts.com *.hubspotfeedback.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com static.hsappstatic.net *.hs-banner.com *.hs-analytics.net *.hsadspixel.net js.hscta.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.com *.hsforms.net feedback.hubapi.com *.usemessages.com snap.licdn.com *.doubleclick.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.hubspot.net static.hsappstatic.net fonts.googleapis.com; img-src 'self' data: *.hubspot.com *.hubspot.net static.hsappstatic.net *.hsforms.com *.hsforms.net js.hscta.net *.linkedin.com www.google.com maps.gstatic.com maps.googleapis.com; font-src 'self' cdnjs.cloudflare.com *.hs-banner.com fonts.gstatic.com; connect-src 'self' *.hubspot.com *.hubapi.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com js.hscta.net *.google-analytics.com www.google.com maps.googleapis.com *.doubleclick.net; child-src 'self' *.hsforms.com; frame-src 'self' *.hubspot.com *.hubspot.net *.hs-sites.com *.hsforms.com *.hsforms.net play.hubspotvideo.com www.google.com www.youtube.com; frame-ancestors 'self'; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morainepark.edu cse.google.com partner.googleservices.com www.google.com www.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net www.googleadservices.com connect.facebook.net analytics.tiktok.com static.ads-twitter.com tag.simpli.fi www.gstatic.com sc-static.net tr.snapchat.com embedr.flickr.com widgets.flickr.com www.youtube.com tag.brandcdn.com adservices.brandcdn.com polyfill.io use.fontawesome.com secure.adnxs.com player.vimeo.com collector-30227.us.tvsquared.com; frame-src 'self' *.morainepark.edu www.youtube.com www.youtube-nocookie.com player.vimeo.com *.fls.doubleclick.net td.doubleclick.net www.facebook.com www.google.com insight.adsrvr.org *.cloudfront.net adservices.brandcdn.com cse.google.com cdn.yoshki.com community.instructuremedia.com tr.snapchat.com; object-src 'self'; base-uri 'self' 1
report-uri https://www.desteklio.com 1
connect-src 'self' *.algolia.io *.algolia.net *.algolianet.com *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.userway.org *.voyagetext.com *.zdassets.com *.zendesk.com *.zopim.com code.jquery.com pro.ip-api.com stats.g.doubleclick.net vyg.mobi wss://widget-mediator.zopim.com; default-src 'self'; font-src 'self' *.facebook.com *.googleapis.com *.gstatic.com assets.targetbarn.com cdn.userway.org data: themes.googleusercontent.com; frame-src 'self' *.facebook.com *.google.com *.googleapis.com *.userway.org; img-src 'self' *.facebook.com *.google-analytics.com *.googleapis.com *.gstatic.com *.userway.org *.zopim.io assets.targetbarn.com data: stats.g.doubleclick.net; manifest-src assets.targetbarn.com www.targetbarn.com; media-src 'self' *.facebook.com *.zdassets.com *.zopim.com; object-src 'self' *.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.io *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.userway.org *.voyagetext.com *.zdassets.com *.zopim.com assets.targetbarn.com assets.voyagetext.com blob: code.jquery.com https://cdn.jsdelivr.net/npm/algoliasearch@4/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4 stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' *.facebook.com *.google.com *.googleapis.com *.gstatic.com assets.targetbarn.com cdn.userway.org 1
default-src 'none'; img-src 'self'; style-src 'self'; font-src 'self' 1
upgrade-insecure-requests; frame-ancestors 'self' https://motiivilehti.fi https://www.jhl.fi 1
default-src https: data: blob: 'unsafe-inline'; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src https:; base-uri 'self';  upgrade-insecure-requests; report-uri /csp.cgi 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://goodassur.com/report-uri/enforce 1
default-src 'none'; img-src 'self' blob: data: https:; script-src 'nonce-common1721126210764001' https://*.cloudflare.com https://*.gannettdigital.com https://*.omtrdc.net *.rlets.com *.reachlocalservices.com *.rlcdn.com https://www.googletagmanager.com https://www.google-analytics.com *.googleapis.com https://*.typekit.net https://*.pagescdn.com https://unpkg.com https://*.youtube.com https://*.sitescdn.net https://*.addthis.com https://*.moatads.com https://*.addthisedge.com https://*.pinterest.com https://*.hotjar.com https://*.realpropertymgt.com/ https://*.stackadapt.com https://*.cloudflareinsights.com *.doubleclick.net *.googleadservices.com *.google.com *.co.in *.tctm.co *.en25.com https://*.facebook.net https://*.facebook.com 'sha256-MHn/Hks0GgEc+Zilo3/Eb4becrxH9UcUIQJIN4fG5Y0=' 'sha256-i+hvj9cTZ4vQ9QjJYFHFqgdQePBilFtrn41xnl5eqFk=' 'sha256-Bl/zoZ5TJc3P4Vm9zi55j8+cpWYrEVV9lwnXcrl8DQQ=' 'sha256-FopwLmeNBiLLpVuhwJGlnpxQLfhDh2DJ1v7dX4YvYHY=' 'sha256-Drt91cQiFuKb1gDrsk3UQyE3FTyYuMQhXGniT3+AVJ8=' 'sha256-ZERf/xDbkM+tvHUQWxMbcU9w84mW32n1m7rAOlHBEoA=' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-0nHBJ1JMFOfh2D7tEJmRNQrnrvshj5S7pBuWIKcMuiY=' 'sha256-xdq+Yc2dkov5X+Cy/7RBA7eN4jB0h7Qtms1yT4/wZok=' 'sha256-6wv2SoKUIA2ZFEXIu5t/wMnVntcHOaVJM1W9RNZSoCo=' 'sha256-Rax3uHwr5dPaKgcgkHEa8WlZ39lBO+YlnUUL0BGYUR4=' 'sha256-4SFsmJhKjc+kVXCeX1o0d4iFwwbYH7wpW093fd6kc94=' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' 'sha256-H35mVd0+x+5ZLRhOnFEmVH8+M90gcNEBQ5TxKoLSyK4=' 'sha256-AtztT98yHEpKM0dVyGtb3TG+tahNOgpXBOeVBEdkSa4=' 'sha256-k0cNrleGLTb7A1yJoIyGgHaYXwFfZyvhn6nNFOhaiso=' 'sha256-04eSie37wRnmW35RNq9yluz5ioB9ywqTxe1tSziyjtM=' 'sha256-GBKQLAtuuQQkk0q2NS4YKaWI+YNdtCTvxYUIRLmH6NY=' 'sha256-uaN16cZ4MzjDslkWC8qhwWBF199Y8ruzgrLrZf1viz0=' 'sha256-GEHvDKftLeDaPBVmdzQMXBK74F3ghrvAwGMjRBIRb6c=' 'sha256-TnLEzSLcQjyfKo6bWvO072+q1gWLTma63OtqEtDzijU=' 'sha256-vMcvpZB2qLvlug/3TMCW4RppoHFQ6Tq31TaivHkkFE4=' 'sha256-MwMutdIbx5dyVOqwRSTQgFvwCUv3oTCIiuXL9g0G3Ao=' 'sha256-yJgwczxP+xkTFFqKcrIpkbF+Rkee7/06yohXCrUabGs=' 'sha256-BplHvXS5ltNlp+5KWVfNIKjbAWQ9YrBO+EReBQ7ztDw=' 'sha256-SbeVxNdKxJo1ZQI94ZW4nOQyUSEzu1muBCLMxArrZtQ=' 'sha256-PuYjllI18Vl24wupmBbWs0q/Hg6zoX2QMgZcgk4e0B4=' 'sha256-PwdJJQLBctl0SX5w7d71Yi4O5W4sT0RWo7qLWSEGW6s=' 'sha256-UEAQMtSbNbCs69PAxDRev/HtpuL5GuBlLnhtQEuE32c=' 'sha256-aDJ5Bql+RjPsQvM2jhkH/Zsvfio3OzAB4a0aMxemTeY=' 'unsafe-inline' *.nextdoor.com *.leadportal.com https://*.jsdelivr.net https://*.nblyprod.com https://*.jquery.com https://*.mailing.realpropertymgt.com 'sha256-iwTaSfB8Qg7dd2yoW+VBE+kM3gGPpfXiqqatDbKI1bI=' https://*.google.com https://*.gstatic.com https://*.googletagmanager.com 'nonce-DATADOG_STATIC_NONCE_KEY' https://www.datadoghq-browser-agent.com 'self' 'unsafe-eval'; style-src undefined 'self' *.googleapis.com *.gmailapis.com *.jsdelivr.net *.nblydev.com https://*.jsdelivr.net https://cdn.jsdelivr.net https://*.nblydev.com https://*.nblyprod.com https://*.typekit.net 'unsafe-inline'; object-src 'none'; connect-src https://*.googleapis.com https://*.gannettdigital.com https://*.omtrdc.net *.rlets.com *.reachlocalservices.com *.rlcdn.com https://www.google-analytics.com https://*.demdex.net https://*.realpropertymgt.com https://*.pagescdn.com https://*.addthis.com https://*.crownpeak.net https://*.neighborly.com https://realpropertymgt.com https://liveapi-cached.yext.com https://*.hotjar.com https://*.stackadapt.com https://*.dwyergroup.com *.doubleclick.net *.googleadservices.com *.google.com *.co.in *.tctm.co *.en25.com https://*.facebook.net https://*.facebook.com https://*.mailing.realpropertymgt.com https://*.nblytest.com https://*.nblyprod.com wss://*.hotjar.com  https://*.browser-intake-datadoghq.com https://*.amazonaws.com https://*.googlesyndication.com typekit.net https://*.hotjar.io; font-src undefined https://*.gstatic.com *.jsdelivr.net https://*.nblydev.com https://*.nblytest.com https://*.realpropertymgt.com https://*.nblyprod.com https://*.typekit.net; frame-src https://*.gannettdigital.com https://*.omtrdc.net *.rlets.com *.reachlocalservices.com *.rlcdn.com https://*.youtube.com https://*.demdex.net https://*.addthis.com https://answers-embed.realpropertymgt.com.pagescdn.com https://*.hotjar.com/ *.google-analytics.com *.doubleclick.net *.googleadservices.com *.google.com *.co.in *.tctm.co *.en25.com https://*.facebook.net https://*.facebook.com *.nextdoor.com *.leadportal.com https://*.en25.com https://*.nblyprod.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://blocks.insurely.com/ https://cdn.cookielaw.org/ https://cdn.jsdelivr.net/ https://observe.spp.se/ https://googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com/ https://*.hotjar.com/ https://*.hotjar.io/ https://*.googletagmanager.com;connect-src 'self' https://cdn.cookielaw.org/ https://observe.spp.se/ https://*.onetrust.com/  wss://*.hotjar.com/  https://*.hotjar.com/ http://*.hotjar.io/ https://stats.g.doubleclick.net/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;default-src 'self' 'unsafe-eval';form-action 'self';media-src 'self';font-src 'self' https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io data:;frame-ancestors 'self' https://spp.uat.fundlist.com;style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com;frame-src https://blocks.insurely.com/ https://spp.dev.fundlist.com https://spp.uat.fundlist.com https://www.youtube.com/ https://youtu.be/ https://www.youtube-nocookie.com/ https://*.hotjar.com/ https://*.hotjar.io/ https://open.spotify.com/ https://forms.spp.se/  'self';img-src  'self' data: https://cdn.cookielaw.org/ https://observe.spp.se/ https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.hotjar.com/ https://*.hotjar.io/ https://*.google-analytics.com https://*.googletagmanager.com 1
frame-ancestors 'self' https://argus2022.wpengine.com 1
frame-ancestors 'self' *.linkmedia.rs linkmedia.rs editor.wallboard.info *.nlbkb.rs nlbkb.rs; default-src 'self' https://code.jquery.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://maps.googleapis.com https://maps.gstatic.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://connect.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.rs https://www.google-analytics.com https://www.youtube.com https://www.nlb.si https://recruiter.omega.rs data: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' data: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/css/ https://unpkg.com/ https://*.gooisemeren.nl; script-src 'self' 'nonce-rXd1U8t__XUG2txcuAVQj8yd_p2AKv5gbNoDqeleUZS9gJUiuzOv9Q' 'unsafe-eval' https://code.jquery.com/ https://siteimproveanalytics.com/js/ https://plattegronden.gooisemeren.nl/ https://virtuele-gemeente-assistent.nl/ 'sha256-13gFAZg0LqaJi4oNz3YGUforTEMqvr3H/Jk+xk9Wy/w=' 'sha256-hNTn0/nEs2VvZ5vK0hRwwVS3JY+WWzIVSK03cIkar3k=' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.openstreetmap.org ws: wss: https://*.gooisemeren.nl https://www.openbasiskaart.nl https://*.global.siteimproveanalytics.io/ https://virtuele-gemeente-assistent.nl/; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://www.youtube.com/ https://www.google.com/maps/; connect-src 'self' data: https://*.openstreetmap.org https://*.gooisemeren.nl/ https://gooisemeren.email-provider.nl/ https://virtuele-gemeente-assistent.nl/ wss://virtuele-gemeente-assistent.nl/; style-src 'self' data: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/css/ https://unpkg.com/ https://*.gooisemeren.nl 'unsafe-inline' https://mijn.virtuele-gemeente-assistent.nl/ https://virtuele-gemeente-assistent.nl/ 'report-sample'; manifest-src 'self'; object-src 'none'; worker-src blob:; report-uri https://gooisemeren.nl/@http-reporting?csp=report&requestTime=1721958114933962 1
default-src 'self' 'unsafe-inline' data: wc.ts.ee www.nasdaqbaltic.com platform.linkedin.com secure.gravatar.com yoast.com www.googletagmanager.com *.google-analytics.com stats.g.doubleclick.net fonts.googleapis.com maps.googleapis.com streetviewpixels-pa.googleapis.com khms0.googleapis.com khms1.googleapis.com maps.gstatic.com fonts.gstatic.com translate.google.com translate.googleapis.com www.gstatic.com www.youtube.com www.google.ee www.google.com www.google.co.uk www.google.lv www.google.lt www.google.fi www.google.se www.google.no www.google.de www.google.pl lh3.ggpht.com www.google.com.hk www.google.gr www.google.nl www.google.dk www.google.com.ua www.google.fr i.ytimg.com connect.facebook.net api.microsofttranslator.com www.facebook.com 'unsafe-eval' www.google.ch www.google.at www.google.ro www.google.es www.google.it www.google.hu www.google.co.in www.google.ie www.google.cz www.google.be www.google.ru www.google.com.au photos.marinetraffic.com www.google.at www.google.co.il www.google.co.kr www.google.pt www.google.ca www.google.mk www.google.co.th www.google.co.id www.google.com.lb www.google.cl www.google.sk www.google.is www.google.com.np www.google.com.pk www.google.si www.google.rs www.google.dz www.google.com.ng www.google.com.my www.google.com.ci www.google.im www.google.com.sg www.google.com.tr www.google.com.hr www.google.com.mt www.google.li www.google.co.jp view.news.eu.nasdaq.com www.solwininfotech.com www.google.com.co www.google.com.br www.google.cn www.google.com.cy www.google.ge www.google.lu www.google.ae cdn.jsdelivr.net wd.ts.ee static.cloudflareinsights.com ajax.cloudflare.com www.vikingline.ee www.envir.ee www.google.com.ph www.google.co.nz www.google.hr www.google.bg www.google.by www.transit.ee www.tallinnamerepaevad.ee www.google.com.vn www.google.kz www.google.mv www.google.com.tw www.balticline.fi www.google.com.eg tallinnamerepaevad.ee www.google.com.bz www.google.com.mx www.google.jo www.google.com.sa www.google.ci www.google.com.kw www.google.co.ma www.google.com.gh www.google.com.ar region1.analytics.google.com www.google.az www.google.com.uy www.google.co.za www.google.sn www.google.com.mm www.google.me www.google.mn www.google.lk vincent.callebaut.org tentea.ec.europa.eu www.google.tg www.google.com.qa www.google.co.tz www.google.co.cr www.kjk.ee www.google.co.uz www.google.co.ke ps.w.org s.w.org www.google.ba www.google.com.jm www.google.com.pe www.google.mg 6zzuupda.sendsmaily.net www.google.bj www.google.com.kh www.google.com.do lh3.googleusercontent.com www.google.iq www.google.co.ug www.google.co.mz www.google.al www.google.tn www.google.ad www.google.am www.google.md www.google.com.ly www.google.com.ec www.google.com.pa www.google.com.bd www.google.com.pr www.google.mu www.google.gg www.google.cm www.google.com.py www.google.com.bh www.google.je www.google.com.cu www.google.com.pg komerk.ee www.google.kg www.google.cv www.google.com.sl www.portoftallinn.com www.google.vg www.google.bt www.google.bf www.google.la www.google.tt www.google.com.sv www.google.so www.google.ps www.google.co.ve www.google.ga www.seatradecruiseglobal.com www.parkimine.ee translate-pa.googleapis.com wptide.org toolset.com wpml.org challenges.cloudflare.com cloudflareinsights.com analytics.google.com td.doubleclick.net blob: www.google.gl wpforms.com www.google.co.zw www.google.co.ao d1lsub6zbh43gv.cloudfront.net tp-cdn.wpml.org googleads.g.doubleclick.net adservice.google.com google.com pagead2.googlesyndication.com www.googleadservices.com tpc.googlesyndication.com www.vikingline.ee www.google.com.sb www.google.td apis.google.com platform.twitter.com www.google.gm www.google.gy paldiski.ee www.christmasmarket.ee www.logistikauudised.ee www.voyagesofdiscovery.co.uk static.neljas.ee www.google.tm cns.omxgroup.com www.iaa.ie www.komerk.ee www.jazzkaar.ee; report-uri /069b75c4f2e07da64b888cac9af4ea98c60c3e6787e0368d1a5ab34114eda24e 1
default-src 'self'; script-src 'self' https://*.involve.me https://app.mailjet.com https://hcaptcha.com https://*.hcaptcha.com *.amazonaws.com calendar.google.com *.edoobox.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://www.google-analytics.com https://region1.analytics.google.com; font-src 'self'; frame-src 'self' https://*.involve.me https://hcaptcha.com https://*.hcaptcha.com clvr.ch outlook.office365.com calendar.google.com *.edoobox.com www.gotostage.com tools.untis.at youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com my.walls.io www.ait.ac.at untis.apcloud.one ionos-39ba7e0f8.sendserver.email https://email-marketing.ionos.de https://e.issuu.com; img-src 'self' *.amazonaws.com https://www.youtube.com https://www.googletagmanager.com https://region1.google-analytics.com https://region1.analytics.google.com https://www.google.at data: https://www.google-analytics.com; manifest-src 'self'; media-src 'self'; 1
connect-src 'self' www.gstatic.com/recaptcha/ www.google.com/recaptcha/ maps.googleapis.com/ www.google-analytics.com/ analytics.google.com/ stats.g.doubleclick.net/ dc.services.visualstudio.com/;      form-action testsecureacceptance.cybersource.com secureacceptance.cybersource.com;      style-src 'self' 'unsafe-inline' fonts.googleapis.com/;     font-src 'self' fonts.gstatic.com/;     img-src 'self' data: www.google-analytics.com/ www.googletagmanager.com/ www.google.com/ www.facebook.com/ maps.gstatic.com/ maps.googleapis.com/ img.youtube.com/ blob: img.youtube.com/ i.ytimg.com/;                           frame-ancestors 'self';               frame-src 'self' www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ www.youtube.com/ td.doubleclick.net/ marathonconsulting.atlassian.net/; 1
frame-ancestors 'self' https://trustseal.enamad.ir; 1
default-src https: data: maps.google.com *.doubleclick.net *.googletagmanager.com *.googleapis.com yottlyscript.com hd.koloo.net *.youtube.com *.google-analytics.com cookies.praguebest.cz mczbf.com kdukvh.com emjcd.com cj.dotomi.com members.cj.com fonts.gstatic.com 'self' wss://* 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri https://bambule.report-uri.com/r/d/csp/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.yandex.ru *.yastatic.net  *.jsdelivr.net *.cleverwebserver.com *.xgscore.io *.doubleclick.net *.ipify.org *.google-analytics.com *.googletagmanager.com;font-src 'self' fonts.gstatic.com; 1
default-src 'self' https://*.aamlive.com blob: ; frame-ancestors https://*.aamlive.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.aamlive.com blob: https://*.getsitecontrol.com https://maxcdn.bootstrapcdn.com https://js.hsforms.net https://*.googleapis.com https://*.wistia.net https://*.wistia.com https://*.ceros.com https://*.gstatic.com https://*.google.com https://code.highcharts.com https://www.buzzsprout.com https://*.googletagmanager.com https://*.google-analytics.com https://*.pardot.com https://*.licdn.com https://*.linkedin.com https://*.hotjar.com  https://*.doubleclick.net https://*.adroll.com https://*.taboola.com https://*.pubmatic.com https://*.yahoo.com https://d.adroll.mgr.consensu.org https://dsum-sec.casalemedia.com https://eb2.3lift.com https://p.adsymptotic.com https://pixel.advertising.com https://pixel.rubiconproject.com https://snap.licdn.com https://sync.outbrain.com https://www.facebook.com https://connect.facebook.net https://idsync.rlcdn.com https://ib.adnxs.com https://x.bidswitch.net ; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://maxcdn.bootstrapcdn.com https://*.gstatic.com https://*.wistia.com; img-src 'self' https://*.aamlive.com  data: https://*.getsitecontrol.com https://*.googleapis.com https://*.ggpht.com https://*.wistia.net https://*.wistia.com https://embedwistia-a.akamaihd.net https://*.feedspot.com https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://www.googletagmanager.com https://*.linkedin.com https://*.doubleclick.net https://*.adroll.com https://*.taboola.com https://*.pubmatic.com https://*.yahoo.com https://d.adroll.mgr.consensu.org https://dsum-sec.casalemedia.com https://eb2.3lift.com https://p.adsymptotic.com https://pixel.advertising.com https://pixel.rubiconproject.com https://snap.licdn.com https://sync.outbrain.com https://www.facebook.com https://connect.facebook.net https://idsync.rlcdn.com https://ib.adnxs.com https://x.bidswitch.net https://fcmatch.youtube.com https://us-u.openx.net https://segments.company-target.com https://*.reson8.com https://dpm.demdex.net https://pixel.mathtag.com https://tags.bluekai.com https://thrtle.com ; font-src 'self'  data: https://fast.wistia.net https://fast.wistia.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com ; media-src 'self' https://*.aamlive.com blob:  https://*.wistia.com; frame-src 'self' https://*.aamlive.com https://go.pardot.com https://fast.wistia.net https://view.ceros.com https://www.buzzsprout.com https://*.doubleclick.net https://x.adroll.com ; connect-src 'self' https://*.aamlive.com https://api64.ipify.org https://l.getsitecontrol.com https://events.getsitectrl.com https://*.wistia.net https://*.wistia.com https://embedwistia-a.akamaihd.net https://*.litix.io https://*.gstatic.com https://*.googleapis.com https://www.google-analytics.com https://analytics.google.com https://px.ads.linkedin.com  https://stats.g.doubleclick.net; object-src 'self' https://*.aamlive.com ; form-action 'self' https://*.aamlive.com ; report-uri /reports/csp-report ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.advantech.com *.advantech.com.cn static.zdassets.com static.hotjar.com cdnjs.cloudflare.com www.gstatic.com www.googletagmanager.com dev.visualwebsiteoptimizer.com js.hs-analytics.net script.hotjar.com www.google-analytics.com lpcdn.lpsnmedia.net dashboard.whoisvisiting.com snap.licdn.com va.v.liveperson.net connect.facebook.net accdn.lpsnmedia.net fast.wistia.com s7.addthis.com api.ipify.org www.google.com hm.baidu.com az416426.vo.msecnd.net player.polyv.net www.youtube.com www.clarity.ms kit.fontawesome.com cdn-cookieyes.com openfpcdn.io challenges.cloudflare.com app.vwo.com cdn.mouseflow.com js.sentry-cdn.com;                         img-src 'self' data: *.advantech.com *.advantech.com.cn *.visualwebsiteoptimizer.com advantechfiles.blob.core.windows.net advdownload.blob.core.windows.net app.vwo.com c.bing.com c.clarity.ms cdn-cookieyes.com chart.googleapis.com dashboard.whoisvisiting.com dev.visualwebsiteoptimizer.com embed-ssl.wistia.com fast.wistia.com fonts.gstatic.com googleads.g.doubleclick.net hm.baidu.com img.videocc.net px.ads.linkedin.com www.facebook.com www.google-analytics.com www.google.com www.google.com.tw www.googleadservices.com www.googletagmanager.com www.linkedin.com;                         style-src 'self' 'unsafe-inline' *.advantech.com *.advantech.com.cn fonts.googleapis.com dev.visualwebsiteoptimizer.com cdnjs.cloudflare.com kit.fontawesome.com ka-p.fontawesome.com www.googletagmanager.com;                         font-src 'self' data: *.advantech.com *.advantech.com.cn fast.wistia.com fonts.gstatic.com script.hotjar.com ka-p.fontawesome.com;                         worker-src 'self' blob:;                         frame-ancestors 'self' *.advantech.com *.advantech.com.cn;                         object-src 'none'; 1
script-src 'self'  'unsafe-inline' 'unsafe-eval' ; frame-src 'self' https://www.youtube-nocookie.com https://youtu.be/uCwVAatHwCg https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d732.8337671235354!2d3.0197549580645133!3d36.75512749583183!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x128fb21d2e02759f%3A0x2cf2acd2cf86f648!2zRGlyZWN0aW9uIEfDqW7DqXJhbGUgRGVzIEltcMO0dHM!5e0!3m2!1sfr!2sdz!4v1716890951421!5m2!1sfr!2sdz;frame-ancestors 'self' ;base-uri 'self';default-src 'self';form-action 'self'; img-src * 'self'  https://maps.gstatic.com https://maps.googleapis.com https://youtu.be/uCwVAatHwCg data: https:; object-src 'none' ;font-src 'self' https://fonts.gstatic.com 'unsafe-inline' data:;style-src 'self' https://fonts.googleapis.com 'unsafe-inline';worker-src blob: 1
frame-src 'self' https://consentcdn.cookiebot.com; frame-ancestors 'self' https://consentcdn.cookiebot.com; object-src 'none'; 1
default-src 'self' designacademy.nl *.designacademy.nl 1
default-src 'self' https:; img-src 'self' www.msc.com.pl/cezar/* data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' https: 'unsafe-inline' 1
block-all-mixed-content; upgrade-insecure-requests; default-src https:; frame-ancestors 'self' https:; frame-src tel: mailto: https:; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' https: 'unsafe-hashes'; script-src-elem 'unsafe-inline' https:; style-src 'unsafe-inline' 'report-sample' https: 'unsafe-hashes'; style-src-elem 'unsafe-inline' https:; report-uri /.well-known/csp/afc50834-47a9-4f84-b965-04652c70215a 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: exelixis2022de.wpengine.com exelixis2022st.wpengine.com exelixis2019.wpengine.com exelixisstage.wpengine.com www.exelixis.com exelixis.com player.vimeo.com platform.twitter.com qvdt3feo.com cdn.mxpnl.com storage.googleapis.com kit.fontawesome.com ka-f.fontawesome.com static.addtoany.com maps.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com fast.wistia.com www.youtube.com beacon-v2.helpscout.net use.fontawesome.com www.google-analytics.com google.com www.google.com www.gstatic.com snap.licdn.com tags.srv.stackadapt.com c1.rfihub.net login-ds.dotomi.com login.dotomi.com live.rezync.com googleads.g.doubleclick.net cdn.jsdelivr.net use.typekit.net js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net cdn.iubenda.com www.iubenda.com; font-src 'self' 'unsafe-inline' ka-f.fontawesome.com use.fontawesome.com fast.wistia.com fonts.gstatic.com use.typekit.net ka-p.fontawesome.com data:  www.exelixis.com s0.wp.com cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' tags.srv.stackadapt.com code.jquery.com rgsharedweb.s3.amazonaws.com fonts.googleapis.com ka-p.fontawesome.com use.fontawesome.com p.typekit.net use.typekit.net www.iubenda.com cdn.jsdelivr.net; frame-src td.doubleclick.net static.addtoany.com wp-rocket.me tools.akismet.com careers.peopleclick.com exelixis2022de.wpengine.com exelixis2022st.wpengine.com exelixis2019.wpengine.com exelixisstage.wpengine.com www.exelixis.com exelixis.com player.vimeo.com youtube.com www.youtube.com 20839650p.rfihub.com 20824683p.rfihub.com a.rfihub.com rfihub.com live.rezync.com google.com www.google.com; img-src * data:; connect-src 'self' 'unsafe-inline' melt.services *.melt.services px.ads.linkedin.com static.addtoany.com region1.analytics.google.com analytics.google.com exelixis2022de.wpengine.com exelixis2022st.wpengine.com exelixis2019.wpengine.com exelixisstage.wpengine.com www.exelixis.com exelixis.com pagead2.googlesyndication.com storage.googleapis.com www.googletagmanager.com  googletagmanager.com d3hb14vkzrxvla.cloudfront.net beaconapi.helpscout.net ka-f.fontawesome.com pipedream.wistia.com fast.wistia.com distillery.wistia.com stats.g.doubleclick.net maps.googleapis.com ka-p.fontawesome.com cdn.linkedin.oribi.io tags.srv.stackadapt.com www.google-analytics.com yoast.com my.wpengine.com forms.hscollectedforms.net; frame-ancestors 'self'; object-src exelixis2022de.wpengine.com exelixis2022st.wpengine.com exelixis2019.wpengine.com exelixisstage.wpengine.com www.exelixis.com exelixis.com; media-src 'self' data: blob: *; 1
default-src 'self' *.disquscdn.com *.disqus.com disquscdn.com disqus.com; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self'; style-src 'self' https://static.threema.ch 'unsafe-inline'; font-src 'self' https://static.threema.ch; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://hcaptcha-ws.threema.ch; frame-src https://hcaptcha-assets.threema.ch; img-src 'self' https://static.threema.ch data: blob:; media-src 'self' data:; connect-src 'self' https://bugs.threema.ch https://hcaptcha-assets.threema.ch; object-src 'none'; worker-src 'self' blob:; child-src blob: https://hcaptcha-assets.threema.ch; frame-ancestors 'self'; form-action 'self' https://work.threema.ch; upgrade-insecure-requests; block-all-mixed-content; base-uri https://threema.ch; report-uri https://bugs.threema.ch/api/14/security/?sentry_key=744c2cdf2cab49a492d3f26ff8733d0a; report-to default 1
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' 'unsafe-eval' *.kakaocdn.net *.mktoutil.com *.flashtalking.com *.llnw.net *.llnwd.net *.akafms.net *.brightcovecdn.com *.cloudfront.net *.issgovernance.com *.myworkdayjobs.com *.aetna.com theinvestoragenda.org accesstomedicinefoundation.org *.twitter.com *.facebook.com bcove.video *.youtube.com *.instagram.com vds.issproxy.com spotify.link *.abfunds.com pigeonhole.at *.amazon.com *.apple.com *.spotify.com *.fundsquare.net *.alliancebernstein.co.kr *.abfunds.com youtu.be *.dbs.com *.eqt.com *.brainshark.com *.pensionspolicyinstitute.org.uk *.vimeo.com *.unpri.org *.scopeexplorer.com *.finra.org mymanagedfunds.com *.issgovernance.com *.linkfundsolutions.com *.dbs.com *.praemium.com *.net *.hub24.com *.kakao.com allncbrnstn.co *.on24.com *.secureaccountview.com *.financialtrans.com *.financialtrans.com *.rightprospectus.com *.fondsprofessi.net *.linkmarketservices.com *.podbean.com *.abfunds.co.kr *.etftrends.com *.citywire.com *.nasdaq.com *.youtube.com *.abfunds.com.hk *.abfunds.com.sg *.abfunds.co.kr *.fbcdn.net bernstein.com www.facebook.com prezi-nocookies.com *.demdex.net *.glance.net *.prezicdn.net cdn.cookielaw.org *.facebook.net *.glancecdn.net alliancebernstein.122.2o7.net *.oribi.io *.adoberesources.net alliancebernsteinholdinglp.gcs-web.com www.juicer.io  *.adobe.io *.typekit.net *.adobe.com *.libsyn.com *.lottiefiles.com *.cloudflare.com *.geenee.it rawgit.com *.akamaihd.net *.boltdns.net *.bc0a.com *.zencdn.net *.daum.net  *.demdex.net *.everesttech.net *.ytimg.com *.line.me *.lfeeder.com *.taboola.com *.facebook.net *.doubleclick.net *.line-scdn.net *.googlesyndication.com *.brightcove.net *.brightcove.com *.youtube.com *.daumcdn.net *.hotjar.com *.alliancebernstein.com okt.to *.pardot.com assets.adobedtm.com *.company-target.com cdn.cookielaw.org *.acml.com metrics.alliancebernstein.com *.googletagmanager.com alliancebernstein.tt.omtrdc.net *.fontawesome.com *.mktoweb.com *.marketo.net *.adobedtm.com *.marketo.com *.d41.co vettafi.com snap.licdn.com static.hotjar.com static.oktopost.com tag.demandbase.com cdn.pardot.com www.google-analytics.com id.rlcdn.com beacon.etfflows.com *.googlesyndication.com.company-target.com *.google.com *.rlcdn.com beacon.etfflows.com *.linkedin.com *.cookielaw.org data: *.marketo.com *.demandbase.com analytics.google.com dpm.demdex.net *.onetrust.com *.mktoresp.com *.d41.co www.google-analytics.com *.doubleclick.net *.gstatic.com *.googleapis.com blob:; img-src 'self' *.kakaocdn.net *.mktoutil.com *.flashtalking.com *.llnw.net *.llnwd.net *.akafms.net *.brightcovecdn.com *.cloudfront.net *.issgovernance.com *.myworkdayjobs.com *.aetna.com theinvestoragenda.org accesstomedicinefoundation.org *.twitter.com *.facebook.com bcove.video *.youtube.com *.instagram.com vds.issproxy.com spotify.link *.abfunds.com pigeonhole.at *.amazon.com *.apple.com *.spotify.com *.fundsquare.net *.alliancebernstein.co.kr *.abfunds.com youtu.be *.dbs.com *.eqt.com *.brainshark.com *.pensionspolicyinstitute.org.uk *.vimeo.com *.unpri.org *.scopeexplorer.com *.finra.org mymanagedfunds.com *.issgovernance.com *.linkfundsolutions.com *.dbs.com *.praemium.com *.net *.hub24.com *.kakao.com allncbrnstn.co *.on24.com *.secureaccountview.com *.financialtrans.com *.financialtrans.com *.rightprospectus.com *.fondsprofessi.net *.linkmarketservices.com *.podbean.com *.abfunds.co.kr *.etftrends.com *.citywire.com *.nasdaq.com *.youtube.com *.abfunds.com.hk *.abfunds.com.sg *.abfunds.co.kr *.fbcdn.net bernstein.com www.facebook.com prezi-nocookies.com *.demdex.net *.glance.net *.prezicdn.net cdn.cookielaw.org *.facebook.net *.glancecdn.net alliancebernstein.122.2o7.net *.oribi.io *.adoberesources.net alliancebernsteinholdinglp.gcs-web.com www.juicer.io  *.adobe.io *.typekit.net *.adobe.com *.libsyn.com *.lottiefiles.com *.cloudflare.com *.geenee.it rawgit.com *.akamaihd.net *.boltdns.net *.bc0a.com *.zencdn.net *.daum.net  *.demdex.net *.everesttech.net *.ytimg.com *.line.me *.lfeeder.com *.taboola.com *.facebook.net *.doubleclick.net *.line-scdn.net *.googlesyndication.com *.brightcove.net *.brightcove.com *.youtube.com *.daumcdn.net *.hotjar.com *.alliancebernstein.com okt.to *.pardot.com assets.adobedtm.com *.company-target.com cdn.cookielaw.org *.acml.com metrics.alliancebernstein.com *.googletagmanager.com alliancebernstein.tt.omtrdc.net *.fontawesome.com *.mktoweb.com *.marketo.net *.adobedtm.com *.marketo.com *.d41.co vettafi.com snap.licdn.com static.hotjar.com static.oktopost.com tag.demandbase.com cdn.pardot.com www.google-analytics.com id.rlcdn.com beacon.etfflows.com *.googlesyndication.com.company-target.com *.google.com *.rlcdn.com beacon.etfflows.com *.linkedin.com *.cookielaw.org data: *.marketo.com *.demandbase.com analytics.google.com dpm.demdex.net *.onetrust.com *.mktoresp.com *.d41.co www.google-analytics.com *.doubleclick.net *.gstatic.com *.googleapis.com blob:; style-src 'self' 'unsafe-inline' *.kakaocdn.net *.mktoutil.com *.flashtalking.com *.llnw.net *.llnwd.net *.akafms.net *.brightcovecdn.com *.cloudfront.net *.issgovernance.com *.myworkdayjobs.com *.aetna.com theinvestoragenda.org accesstomedicinefoundation.org *.twitter.com *.facebook.com bcove.video *.youtube.com *.instagram.com vds.issproxy.com spotify.link *.abfunds.com pigeonhole.at *.amazon.com *.apple.com *.spotify.com *.fundsquare.net *.alliancebernstein.co.kr *.abfunds.com youtu.be *.dbs.com *.eqt.com *.brainshark.com *.pensionspolicyinstitute.org.uk *.vimeo.com *.unpri.org *.scopeexplorer.com *.finra.org mymanagedfunds.com *.issgovernance.com *.linkfundsolutions.com *.dbs.com *.praemium.com *.net *.hub24.com *.kakao.com allncbrnstn.co *.on24.com *.secureaccountview.com *.financialtrans.com *.financialtrans.com *.rightprospectus.com *.fondsprofessi.net *.linkmarketservices.com *.podbean.com *.abfunds.co.kr *.etftrends.com *.citywire.com *.nasdaq.com *.youtube.com *.abfunds.com.hk *.abfunds.com.sg *.abfunds.co.kr *.fbcdn.net bernstein.com www.facebook.com prezi-nocookies.com *.demdex.net *.glance.net *.prezicdn.net cdn.cookielaw.org *.facebook.net *.glancecdn.net alliancebernstein.122.2o7.net *.oribi.io *.adoberesources.net alliancebernsteinholdinglp.gcs-web.com www.juicer.io  *.adobe.io *.typekit.net *.adobe.com *.libsyn.com *.lottiefiles.com *.cloudflare.com *.geenee.it rawgit.com *.akamaihd.net *.boltdns.net *.bc0a.com *.zencdn.net *.daum.net  *.demdex.net *.everesttech.net *.ytimg.com *.line.me *.lfeeder.com *.taboola.com *.facebook.net *.doubleclick.net *.line-scdn.net *.googlesyndication.com *.brightcove.net *.brightcove.com *.youtube.com *.daumcdn.net *.hotjar.com *.alliancebernstein.com okt.to *.pardot.com assets.adobedtm.com *.company-target.com cdn.cookielaw.org *.acml.com metrics.alliancebernstein.com *.googletagmanager.com alliancebernstein.tt.omtrdc.net *.fontawesome.com *.mktoweb.com *.marketo.net *.adobedtm.com *.marketo.com *.d41.co vettafi.com snap.licdn.com static.hotjar.com static.oktopost.com tag.demandbase.com cdn.pardot.com www.google-analytics.com id.rlcdn.com beacon.etfflows.com *.googlesyndication.com.company-target.com *.google.com *.rlcdn.com beacon.etfflows.com *.linkedin.com *.cookielaw.org data: *.marketo.com *.demandbase.com analytics.google.com dpm.demdex.net *.onetrust.com *.mktoresp.com *.d41.co www.google-analytics.com *.doubleclick.net *.gstatic.com *.googleapis.com blob:; base-uri 'self' blob:; form-action 'self' *.kakao.com  blob:; connect-src  'self' wss: *.kakaocdn.net *.mktoutil.com *.flashtalking.com *.llnw.net *.llnwd.net *.akafms.net *.brightcovecdn.com *.cloudfront.net *.issgovernance.com *.myworkdayjobs.com *.aetna.com theinvestoragenda.org accesstomedicinefoundation.org *.twitter.com *.facebook.com bcove.video *.youtube.com *.instagram.com vds.issproxy.com spotify.link *.abfunds.com pigeonhole.at *.amazon.com *.apple.com *.spotify.com *.fundsquare.net *.alliancebernstein.co.kr *.abfunds.com youtu.be *.dbs.com *.eqt.com *.brainshark.com *.pensionspolicyinstitute.org.uk *.vimeo.com *.unpri.org *.scopeexplorer.com *.finra.org mymanagedfunds.com *.issgovernance.com *.linkfundsolutions.com *.dbs.com *.praemium.com *.net *.hub24.com *.kakao.com allncbrnstn.co *.on24.com *.secureaccountview.com *.financialtrans.com *.financialtrans.com *.rightprospectus.com *.fondsprofessi.net *.linkmarketservices.com *.podbean.com *.abfunds.co.kr *.etftrends.com *.citywire.com *.nasdaq.com *.youtube.com *.abfunds.com.hk *.abfunds.com.sg *.abfunds.co.kr *.fbcdn.net bernstein.com www.facebook.com prezi-nocookies.com *.demdex.net *.glance.net *.prezicdn.net cdn.cookielaw.org *.facebook.net *.glancecdn.net alliancebernstein.122.2o7.net *.oribi.io *.adoberesources.net alliancebernsteinholdinglp.gcs-web.com www.juicer.io  *.adobe.io *.typekit.net *.adobe.com *.libsyn.com *.lottiefiles.com *.cloudflare.com *.geenee.it rawgit.com *.akamaihd.net *.boltdns.net *.bc0a.com *.zencdn.net *.daum.net  *.demdex.net *.everesttech.net *.ytimg.com *.line.me *.lfeeder.com *.taboola.com *.facebook.net *.doubleclick.net *.line-scdn.net *.googlesyndication.com *.brightcove.net *.brightcove.com *.youtube.com *.daumcdn.net *.hotjar.com *.alliancebernstein.com okt.to *.pardot.com assets.adobedtm.com *.company-target.com cdn.cookielaw.org *.acml.com metrics.alliancebernstein.com *.googletagmanager.com alliancebernstein.tt.omtrdc.net *.fontawesome.com *.mktoweb.com *.marketo.net *.adobedtm.com *.marketo.com *.d41.co vettafi.com snap.licdn.com static.hotjar.com static.oktopost.com tag.demandbase.com cdn.pardot.com www.google-analytics.com id.rlcdn.com beacon.etfflows.com *.googlesyndication.com.company-target.com *.google.com *.rlcdn.com beacon.etfflows.com *.linkedin.com *.cookielaw.org data: *.marketo.com *.demandbase.com analytics.google.com dpm.demdex.net *.onetrust.com *.mktoresp.com *.d41.co www.google-analytics.com *.doubleclick.net *.gstatic.com *.googleapis.com blob:; font-src 'self' *.kakaocdn.net *.mktoutil.com *.flashtalking.com *.llnw.net *.llnwd.net *.akafms.net *.brightcovecdn.com *.cloudfront.net *.issgovernance.com *.myworkdayjobs.com *.aetna.com theinvestoragenda.org accesstomedicinefoundation.org *.twitter.com *.facebook.com bcove.video *.youtube.com *.instagram.com vds.issproxy.com spotify.link *.abfunds.com pigeonhole.at *.amazon.com *.apple.com *.spotify.com *.fundsquare.net *.alliancebernstein.co.kr *.abfunds.com youtu.be *.dbs.com *.eqt.com *.brainshark.com *.pensionspolicyinstitute.org.uk *.vimeo.com *.unpri.org *.scopeexplorer.com *.finra.org mymanagedfunds.com *.issgovernance.com *.linkfundsolutions.com *.dbs.com *.praemium.com *.net *.hub24.com *.kakao.com allncbrnstn.co *.on24.com *.secureaccountview.com *.financialtrans.com *.financialtrans.com *.rightprospectus.com *.fondsprofessi.net *.linkmarketservices.com *.podbean.com *.abfunds.co.kr *.etftrends.com *.citywire.com *.nasdaq.com *.youtube.com *.abfunds.com.hk *.abfunds.com.sg *.abfunds.co.kr *.fbcdn.net bernstein.com www.facebook.com prezi-nocookies.com *.demdex.net *.glance.net *.prezicdn.net cdn.cookielaw.org *.facebook.net *.glancecdn.net alliancebernstein.122.2o7.net *.oribi.io *.adoberesources.net alliancebernsteinholdinglp.gcs-web.com www.juicer.io  *.adobe.io *.typekit.net *.adobe.com *.libsyn.com *.lottiefiles.com *.cloudflare.com *.geenee.it rawgit.com *.akamaihd.net *.boltdns.net *.bc0a.com *.zencdn.net *.daum.net  *.demdex.net *.everesttech.net *.ytimg.com *.line.me *.lfeeder.com *.taboola.com *.facebook.net *.doubleclick.net *.line-scdn.net *.googlesyndication.com *.brightcove.net *.brightcove.com *.youtube.com *.daumcdn.net *.hotjar.com *.alliancebernstein.com okt.to *.pardot.com assets.adobedtm.com *.company-target.com cdn.cookielaw.org *.acml.com metrics.alliancebernstein.com *.googletagmanager.com alliancebernstein.tt.omtrdc.net *.fontawesome.com *.mktoweb.com *.marketo.net *.adobedtm.com *.marketo.com *.d41.co vettafi.com snap.licdn.com static.hotjar.com static.oktopost.com tag.demandbase.com cdn.pardot.com www.google-analytics.com id.rlcdn.com beacon.etfflows.com *.googlesyndication.com.company-target.com *.google.com *.rlcdn.com beacon.etfflows.com *.linkedin.com *.cookielaw.org data: *.marketo.com *.demandbase.com analytics.google.com dpm.demdex.net *.onetrust.com *.mktoresp.com *.d41.co www.google-analytics.com *.doubleclick.net *.gstatic.com *.googleapis.com blob:; frame-src *.kakaocdn.net *.mktoutil.com *.flashtalking.com *.llnw.net *.llnwd.net *.akafms.net *.brightcovecdn.com *.cloudfront.net *.issgovernance.com *.myworkdayjobs.com *.aetna.com theinvestoragenda.org accesstomedicinefoundation.org *.twitter.com *.facebook.com bcove.video *.youtube.com *.instagram.com vds.issproxy.com spotify.link *.abfunds.com pigeonhole.at *.amazon.com *.apple.com *.spotify.com *.fundsquare.net *.alliancebernstein.co.kr *.abfunds.com youtu.be *.dbs.com *.eqt.com *.brainshark.com *.pensionspolicyinstitute.org.uk *.vimeo.com *.unpri.org *.scopeexplorer.com *.finra.org mymanagedfunds.com *.issgovernance.com *.linkfundsolutions.com *.dbs.com *.praemium.com *.net *.hub24.com *.kakao.com allncbrnstn.co *.on24.com *.secureaccountview.com *.financialtrans.com *.financialtrans.com *.rightprospectus.com *.fondsprofessi.net *.linkmarketservices.com *.podbean.com *.abfunds.co.kr *.etftrends.com *.citywire.com *.nasdaq.com *.youtube.com *.abfunds.com.hk *.abfunds.com.sg *.abfunds.co.kr *.fbcdn.net bernstein.com www.facebook.com prezi-nocookies.com *.demdex.net *.glance.net *.prezicdn.net cdn.cookielaw.org *.facebook.net *.glancecdn.net alliancebernstein.122.2o7.net *.oribi.io *.adoberesources.net alliancebernsteinholdinglp.gcs-web.com www.juicer.io  *.adobe.io *.typekit.net *.adobe.com *.libsyn.com *.lottiefiles.com *.cloudflare.com *.geenee.it rawgit.com *.akamaihd.net *.boltdns.net *.bc0a.com *.zencdn.net *.daum.net  *.demdex.net *.everesttech.net *.ytimg.com *.line.me *.lfeeder.com *.taboola.com *.facebook.net *.doubleclick.net *.line-scdn.net *.googlesyndication.com *.brightcove.net *.brightcove.com *.youtube.com *.daumcdn.net *.hotjar.com *.alliancebernstein.com okt.to *.pardot.com assets.adobedtm.com *.company-target.com cdn.cookielaw.org *.acml.com metrics.alliancebernstein.com *.googletagmanager.com alliancebernstein.tt.omtrdc.net *.fontawesome.com *.mktoweb.com *.marketo.net *.adobedtm.com *.marketo.com *.d41.co vettafi.com snap.licdn.com static.hotjar.com static.oktopost.com tag.demandbase.com cdn.pardot.com www.google-analytics.com id.rlcdn.com beacon.etfflows.com *.googlesyndication.com.company-target.com *.google.com *.rlcdn.com beacon.etfflows.com *.linkedin.com *.cookielaw.org data: *.marketo.com *.demandbase.com analytics.google.com dpm.demdex.net *.onetrust.com *.mktoresp.com *.d41.co www.google-analytics.com *.doubleclick.net *.gstatic.com *.googleapis.com blob:; object-src 'self' blob:; media-src 'self' blob: *.kakaocdn.net *.mktoutil.com *.flashtalking.com *.llnw.net *.llnwd.net *.akafms.net *.brightcovecdn.com *.cloudfront.net *.issgovernance.com *.myworkdayjobs.com *.aetna.com theinvestoragenda.org accesstomedicinefoundation.org *.twitter.com *.facebook.com bcove.video *.youtube.com *.instagram.com vds.issproxy.com spotify.link *.abfunds.com pigeonhole.at *.amazon.com *.apple.com *.spotify.com *.fundsquare.net *.alliancebernstein.co.kr *.abfunds.com youtu.be *.dbs.com *.eqt.com *.brainshark.com *.pensionspolicyinstitute.org.uk *.vimeo.com *.unpri.org *.scopeexplorer.com *.finra.org mymanagedfunds.com *.issgovernance.com *.linkfundsolutions.com *.dbs.com *.praemium.com *.net *.hub24.com *.kakao.com allncbrnstn.co *.on24.com *.secureaccountview.com *.financialtrans.com *.financialtrans.com *.rightprospectus.com *.fondsprofessi.net *.linkmarketservices.com *.podbean.com *.abfunds.co.kr *.etftrends.com *.citywire.com *.nasdaq.com *.youtube.com *.abfunds.com.hk *.abfunds.com.sg *.abfunds.co.kr *.fbcdn.net bernstein.com www.facebook.com prezi-nocookies.com *.demdex.net *.glance.net *.prezicdn.net cdn.cookielaw.org *.facebook.net *.glancecdn.net alliancebernstein.122.2o7.net *.oribi.io *.adoberesources.net alliancebernsteinholdinglp.gcs-web.com www.juicer.io  *.adobe.io *.typekit.net *.adobe.com *.libsyn.com *.lottiefiles.com *.cloudflare.com *.geenee.it rawgit.com *.akamaihd.net *.boltdns.net *.bc0a.com *.zencdn.net *.daum.net  *.demdex.net *.everesttech.net *.ytimg.com *.line.me *.lfeeder.com *.taboola.com *.facebook.net *.doubleclick.net *.line-scdn.net *.googlesyndication.com *.brightcove.net *.brightcove.com *.youtube.com *.daumcdn.net *.hotjar.com *.alliancebernstein.com okt.to *.pardot.com assets.adobedtm.com *.company-target.com cdn.cookielaw.org *.acml.com metrics.alliancebernstein.com *.googletagmanager.com alliancebernstein.tt.omtrdc.net *.fontawesome.com *.mktoweb.com *.marketo.net *.adobedtm.com *.marketo.com *.d41.co vettafi.com snap.licdn.com static.hotjar.com static.oktopost.com tag.demandbase.com cdn.pardot.com www.google-analytics.com id.rlcdn.com be 1
frame-src *.google.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net; 1
default-src 'self' *.google.com *.youtube-nocookie.com *.youtube.com *.youtu.be; form-action * 'self'; script-src * 'self' 'unsafe-inline' mc.yandex.ru static.criteo.net ad.yieldlab.net sync.outbrain.com criteo-partners.tremorhub.com match.sharethrough.com simage2.pubmatic.com jadserve.postrelease.com exchange.mediavine.com matching.ivitrack.com ad.360yield.com id5-sync.com sync-criteo.ads.yieldmo.com gum.criteo.com sslwidget.criteo.com widget.eu.criteo.com *.sinpas.com.tr googleads.g.doubleclick.net cdn.onesignal.com connect.facebook.net cdnjs.cloudflare.com *.googletagmanager.com *.google.com *.google.com.tr *.google-analytics.com *.analytics.google.com *.googleapis.com *.googleapis.com *.gstatic.com; connect-src * 'self' mc.yandex.com *.googletagmanager.com *.google.com *.google.com.tr *.google-analytics.com *.analytics.google.com *.g.doubleclick.net;img-src * 'self' www.facebook.com e1.emxdgt.com cm.g.doubleclick.net ups.analytics.yahoo.com eb2.3lift.com criteo-sync.teads.tv mc.yandex.ru r.casalemedia.com visitor.omnitagjs.com cm.adform.net hb.yahoo.net sync-t1.taboola.com rtb-csync.smartadserver.com pixel.rubiconproject.com contextual.media.net ib.adnxs.com x.bidswitch.net *.sinpas.com.tr mc.yandex.com *.bootstrapcdn.com code.jquery.com cdnjs.cloudflare.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.google.com.tr *.ytimg.com; font-src * 'self' cdnjs.cloudflare.com *.gstatic.com *.google-analytics.com *.analytics.google.com *.google.com *.google.com.tr; style-src * 'self' 'unsafe-inline' *.sinpas.com.tr *.google.com *.googleapis.com *.gstatic.com; media-src * 'self';frame-src * 'self' *.google.com gum.criteo.com 1
default-src 'self' cab.de *.cab.de 'unsafe-inline' cab.de 'self'; 		child-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net blob:; 		connect-src 'self' analytics.cab.de wss://umd.userlike.com umd.userlike.com api.userlike.com d3upe020n1uosc.cloudfront.net www.userlike.com blob: userlike-cdn-widgets.s3-eu-west-1.amazonaws.com; 		font-src 'self' data: d3dc1lgancj6l0.cloudfront.net; 		frame-src 'self' analytics.cab.de api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net www.youtube.com www.youtube-nocookie.com player.vimeo.com; 		img-src 'self' data: cab.tom.webcontact.de cdn.sitesearch360.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3upe020n1uosc.cloudfront.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com; 		media-src 'self' *.cab.de d3dc1lgancj6l0.cloudfront.net userlike-store-media-files.s3.amazonaws.com www.userlike.com blob:; 		object-src 'none'; 		script-src 'self' *.cab.de 'unsafe-inline' 'unsafe-eval' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net www.youtube.com userlike-cdn-umm.b-cdn.net; 1
script-src 'unsafe-inline' 'self' 'unsafe-eval'; style-src * 'unsafe-inline' data: ; img-src * data: blob:; frame-src 'self' buildamerica.com creditsummaries.assuredguaranty.com *.lumesis.com munipoints.com www.munipoints.com; connect-src www.google-analytics.com 'self' ; default-src 'self' data:; report-uri /tmc/servlet/error/csp 1
default-src data: 'unsafe-inline' 'self' https: pjtpartners.com *.pjtpartners.com *.fictive-pjt.net fictive-pjt-qa.s3.amazonaws.com; upgrade-insecure-requests 1
default-src 'none'; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com blob:; font-src 'self'; img-src 'self' http: https: blob: 'unsafe-inline'; media-src 'self' https://cdn.ych.art blob:; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com 'sha256-xe/OzeYzMoPAN63Uvl2fqORTe+wuNWy8rqc3YiM3JYU=' 'sha256-voqoKUMrcWk2X/6LHQBhCBIQs4jisisGNsDEfGJUI/8='; style-src 'self' 'sha256-Do/Bu2HU9dgvvDDrPWY8Dx/uhsfevl88VmLJzj3Y9kA=' 'sha256-aABiI/f7CrymsdIHtEfU3tqw8H/Dhsbpn5qcRVQmMHE=' 1
default-src 'self' https://ordin-delta.vercel.app/content/ *.google-analytics.com *.googletagmanager.com https://ordin.s3.amazonaws.com 'unsafe-eval' 'unsafe-inline' wss://* ord.io *.ord.io *.google-analytics.com https://ordin-delta.vercel.app *.googletagmanager.com https://ordin.s3.amazonaws.com https://ordin-delta.vercel.app/ *.ordinals.xverse.app/ https://ordinals.xverse.app/v1/runes/mint/estimate https://ordinals.xverse.app/v1/runes/mint/orders https://ordinals.xverse.app/v1/orders/; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://ordin-delta.vercel.app/content/ *.googletagmanager.com *.google-analytics.com blob:; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' https://ordin-delta.vercel.app/content/; img-src 'self' wss://* ord.io *.ord.io *.google-analytics.com https://ordin-delta.vercel.app *.googletagmanager.com https://ordin.s3.amazonaws.com https://ordin-delta.vercel.app/ *.ordinals.xverse.app/ https://ordinals.xverse.app/v1/runes/mint/estimate https://ordinals.xverse.app/v1/runes/mint/orders https://ordinals.xverse.app/v1/orders/ data: blob:; frame-src https://*.ord.io https://ordin-delta.vercel.app/content/;; connect-src 'self' wss://* ord.io *.ord.io *.google-analytics.com https://ordin-delta.vercel.app *.googletagmanager.com https://ordin.s3.amazonaws.com https://ordin-delta.vercel.app/ *.ordinals.xverse.app/ https://ordinals.xverse.app/v1/runes/mint/estimate https://ordinals.xverse.app/v1/runes/mint/orders https://ordinals.xverse.app/v1/orders/ *.gstatic.com/draco/versioned/decoders/1.5.6/draco_decoder.wasm  *.gstatic.com/draco/versioned/decoders/1.5.6/draco_wasm_wrapper.js https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://*.gstatic.com/draco/versioned/decoders/1.5.6/draco_wasm_wrapper.js https://*.gstatic.com/draco/versioned/decoders/1.5.6/draco_decoder.wasm blob: data:; media-src 'self' wss://* ord.io *.ord.io *.google-analytics.com https://ordin-delta.vercel.app *.googletagmanager.com https://ordin.s3.amazonaws.com https://ordin-delta.vercel.app/ *.ordinals.xverse.app/ https://ordinals.xverse.app/v1/runes/mint/estimate https://ordinals.xverse.app/v1/runes/mint/orders https://ordinals.xverse.app/v1/orders/ blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' wss://* ord.io *.ord.io *.google-analytics.com https://ordin-delta.vercel.app *.googletagmanager.com https://ordin.s3.amazonaws.com https://ordin-delta.vercel.app/ *.ordinals.xverse.app/ https://ordinals.xverse.app/v1/runes/mint/estimate https://ordinals.xverse.app/v1/runes/mint/orders https://ordinals.xverse.app/v1/orders/ https://ordin-delta.vercel.app/content/ *.googletagmanager.com *.google-analytics.com data: blob:; style-src-elem 'self' *.googletagmanager.com 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline'  wss://* ord.io *.ord.io *.google-analytics.com https://ordin-delta.vercel.app *.googletagmanager.com https://ordin.s3.amazonaws.com https://ordin-delta.vercel.app/ *.ordinals.xverse.app/ https://ordinals.xverse.app/v1/runes/mint/estimate https://ordinals.xverse.app/v1/runes/mint/orders https://ordinals.xverse.app/v1/orders/ https://ordin-delta.vercel.app/content/ 1
default-src 'self' *.dkefe.com *.cloudinary.com *.onetrust.com *.unisvg.com *.simplesvg.com *.graphcms.com *.google-analytics.com *.windows.net *.cloudfront.net *.qzzr.com *.make.com *.amazonaws.com *.riddle.com *.youtube.com *.iconify.design *.vercel.live ; script-src 'self' http://vercel.live *.dkefe.com 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com *.onetrust.com *.amazonaws.com *.riddle.com *.twitter.com *.cloudfront.net *.instagram.com *.youtube.com; style-src 'self' 'unsafe-inline' *.onetrust.com *.riddle.com ; font-src 'self' *.onetrust.com https://fonts.gstatic.com *.riddle.com ; img-src 'self' *.cloudinary.com *.cloudfront.net 'unsafe-inline' *.google-analytics.com data: https://www.media.graphcms.com https://www.res.cloudinary.com https://www.images.unsplash.com *.graphassets.com *.onetrust.com *.riddle.com; 1
default-src 'self' blob: 'unsafe-inline'; media-src * blob: data: ; style-src 'self' https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://app.interakt.ai  https://fonts.googleapis.com https://cdn.jsdelivr.net https://code.highcharts.com http://cdnjs.cloudflare.com https://connect.facebook.net https://www.facebook.com https://www.google-analytics.com 'unsafe-inline'; font-src data: 'self' https://maxcdn.bootstrapcdn.com https://app.interakt.ai  https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net https://code.highcharts.com https://connect.facebook.net https://www.facebook.com https://www.google-analytics.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://translate-pa.googleapis.com https://translate.google.com https://translate.googleapis.com http://cdnjs.cloudflare.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.gstatic.com https://app.interakt.ai  https://www.googletagmanager.com https://www.googleanalytics.com https://code.highcharts.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://connect.facebook.net https://www.facebook.com https://www.google-analytics.com; connect-src data: 'self' blob: 'unsafe-inline' https://xtratrust.com https://translate-pa.googleapis.com https://translate.googleapis.com https://pagead2.googlesyndication.com https://graph.facebook.com https://www.facebook.com https://www.google.com https://stats.g.doubleclick.net https://app.interakt.ai https://api.interakt.ai https://www.google-analytics.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://code.highcharts.com https://connect.facebook.net; img-src 'self' data: blob: 'unsafe-inline' https://interaktdevweb.z1.web.core.windows.net https://api1.digitalsms.biz:1949 https://translate.googleapis.com https://translate.google.com https://fonts.gstatic.com  https://www.gstatic.com https://api.qrserver.com https://xtratrust.com https://stats.g.doubleclick.net https://www.google.co.in https://www.google.com https://stkiwiwebdev.z23.web.core.windows.net https://app.interakt.ai  https://www.google-analytics.com https://www.googletagmanager.com https://cdn.jsdelivr.net http://cdnjs.cloudflare.com http://webapplayers.com https://connect.facebook.net https://www.facebook.com; frame-src 'self' blob: https://api1.digitalsms.biz:1949 https://td.doubleclick.net https://app.interakt.ai  https://www.google.com https://www.google-analytics.com https://cdn.jsdelivr.net https://code.highcharts.com https://www.googletagmanager.com https://code.highcharts.com http://cdnjs.cloudflare.com https://connect.facebook.net https://www.facebook.com; 1
default-src 'self' https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://*.globalrewardsolutions.com https://*.gstatic.com https://code.jquery.com https://*.marketo.net https://*.marketo.com https://www.googletagmanager.com https://*.typekit.net https://*.carlton.ca https://*.carltonone.com https://cdn.jsdelivr.net www.w3.org https://*.freshbots.ai https://*.bootstrapcdn.com https://*.mktoresp.com https://*.vimeo.com wss://*.pusher.com https://*.pusher.com https://*.buttercms.com https://*.hs-scripts.com https://*.hscollectedforms.net https://*.usemessages.com https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://*.hs-analytics.net https://*.hs-banner.com https://evergrow.app https://api-ms.internal.p2motivate.com https://api-ms.p2motivate.com data: 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' hackerone.com *.cookielaw.org *.onetrust.com *.googletagmanager.com *.google-analytics.com *.licdn.com *.ads-twitter.com *.twitter.com *.linkedin.com *.brightcove.net *.zencdn.net blob: *.twimg.com *.addthis.com *.addthisedge.com *.msecnd.net *.issuu.com *.pardot.com *.moatads.com *.qualtrics.com *.createjs.com *.ceros.com *.mobular.com js.hsforms.net; style-src 'self' 'unsafe-inline' *.cookielaw.org *.onetrust.com *.twitter.com *.datatables.net *.twimg.com *.mobular.com *.googleapis.com; img-src 'self' *.cookielaw.org *.onetrust.com *.googletagmanager.com *.google-analytics.com t.co *.doubleclick.net *.google.com *.brightcove.com *.boltdns.net data: *.twitter.com *.twimg.com *.linkedin.com *.adsymptotic.com *.qualtrics.com *.mobular.com; media-src 'self' blob: *.boltdns.net *.akamaihd.net; font-src 'self' data: *.zencdn.net fonts.gstatic.com; object-src 'self'; connect-src 'self' *.cookielaw.org *.onetrust.com *.brightcove.com *.boltdns.net *.brightcovecdn.com *.addthis.com *.visualstudio.com *.google-analytics.com *.doubleclick.net *.akamaihd.net *.qualtrics.com *.mobular.com *.mobular.net cdn.linkedin.oribi.io fonts.googleapis.com; frame-src 'self' hackerone.com *.twitter.com *.google.com *.addthis.com *.brightcove.net *.issuu.com *.qualtrics.com *.pardot.com *.ceros.com *.captivate.fm embed.mobular.com; 1
default-src 'self' *.dibufelon.ru https://code.jquery.com data: 'unsafe-inline' *.youtube.com https://yandex.ru https://mc.yandex.ru https://yastatic.net https://ymetrica1.com https://mc.yandex.md *.googleapis.com https://fonts.gstatic.com 1
default-src https: 'unsafe-inhline' 'unsafe-eval' https://*.useinsider.com https://*.api.useinsider.com wss://*.useinsider.com; connect-src 'self' https://*.useinsider.com https://*.api.useinsider.com wss://*.useinsider.com bots.kore.ai wss://rtm.kore.ai *.clarity.ms analytics.google.com www.google-analytics.com https://stats.g.doubleclick.net api.trafficguard.ai; font-src 'self' 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com fonts.gstatic.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.doubleclick.net *.useinsider.com *.api.useinsider.com; img-src 'self' data: * marketing.rcbcbankard.com www.google.com www.google.com.ph www.google-analytics.com https://stats.g.doubleclick.net www.facebook.com lh.trafficguard.ai; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com fonts.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com www.google.com www.google-analytics.com tgtag.io www.googletagmanager.com www.gstatic.com apis.google.com connect.facebook.net bots.kore.ai; script-src-elem 'self' 'unsafe-inline' *.useinsider.com *.api.useinsider.com *.clarity.ms *.facebook.net *.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.facebook.neti tgtag.io; worker-src 'self' *.useinsider.com *.api.useinsider.com; object-src 'self' *.useinsider.com *.api.useinsider.com; 1
default-src 'self' *.google-analytics.com *.doubleclick.net *.adsrvr.org *.cloudfront.net *.google.com *.youtube.com *.braintree-api.com *.braintreegateway.com *.paypal.com *.cardinalcommerce.com *.amazonaws.com *.onemap.sg *.facebook.com *.mastercard.com  https:; script-src 'self' www.googletagmanager.com www.google-analytics.com google-analytics.com *.adsrvr.org acdn.adnxs.com login.dotomi.com *.dotomi.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net www.googleadservices.com connect.facebook.net *.braintree-api.com *.braintreegateway.com *.fls.doubleclick.net googleads.g.doubleclick.net www.paypalobjects.com *.paypal.com pay.google.comsongbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com www.google.com code.jquery.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com *.mastercard.com  'unsafe-inline' https:;style-src 'self' cdnjs.cloudflare.com fonts.googleapis.com *.braintreegateway.com cdn.jsdelivr.net *.mastercard.com  'unsafe-inline' https:; img-src 'self' assets.braintreegateway.com checkout.paypal.com *.mastercard.com  data: https:; media-src 'self' *.ascentismedia.com  data: https:; child-src 'self' assets.braintreegateway.com *.paypal.com  'unsafe-inline' 'unsafe-eval' https:; frame-src 'self' assets.braintreegateway.com *.braintreegateway.com *.paypal.com *.cardinalcommerce.com *.google.com *.youtube.com *.adsrvr.org *.doubleclick.net *.mastercard.com  https:; connect-src 'self' *.braintreegateway.com *.doubleclick.net *.cardinalcommerce.com *.paypal.com *.onemap.sg *.google-analytics.com *.facebook.com *.braintree-api.com *.smooch.io wss:  https:; frame-ancestors 'self' dmp.truoptik.com *.mastercard.com  https:; font-src 'self' fonts.gstatic.com kit-free.fontawesome.com cdnjs.cloudflare.com  https:; object-src 'self'  https:; 1
child-src *.tyoelake.fi *.frc.io tyoelake.herokuapp.com tyoelake-staging.herokuapp.com d107h3c3r1aaxa.cloudfront.net cdn.tyoelake.fi *.google.fi *.google.com  *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.ytimg.com *.youtube.com *.googleusercontent.com *.giosg.com giosg-chat-public-eu.s3.amazonaws.com *.giosgusercontent.com *.interactions.giosgusercontent.com *.clients.giosgusercontent.com *.mypurecloud.de wss://webmessaging.mypurecloud.de etk.containers.piwik.pro etk.piwik.pro *.facebook.net *.facebook.com *.taloustutkimus.fi *.sanomagames.com *.jsdelivr.net *.reactandshare.com *.cookiebot.com analytics.etk.fi analytiikka.ahtp.fi *.riddle.com; object-src 'none'; connect-src  *.tyoelake.fi *.frc.io tyoelake.herokuapp.com tyoelake-staging.herokuapp.com d107h3c3r1aaxa.cloudfront.net cdn.tyoelake.fi *.google.fi *.google.com  *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.ytimg.com *.youtube.com *.googleusercontent.com *.giosg.com giosg-chat-public-eu.s3.amazonaws.com *.giosgusercontent.com *.interactions.giosgusercontent.com *.clients.giosgusercontent.com *.mypurecloud.de wss://webmessaging.mypurecloud.de *.pingdom.net *.taloustutkimus.fi *.jsdelivr.net *.reactandshare.com *.cookiebot.com analytics.etk.fi analytiikka.ahtp.fi *.riddle.com etk.containers.piwik.pro etk.piwik.pro *.facebook.net *.facebook.com; 1
default-src 'self' 'report-sample'; base-uri 'self'; frame-src 'self' https://www.youtube-nocookie.com https://*.googlevideo.com https://*.google.com https://www.fietsnetwerk.nl; frame-ancestors 'self'; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://*.googleapis.com https://maps.gstatic.com https://lh3.ggpht.com https://www.molendatabase.org https://molens.hippoextranet.nl; object-src 'self'; script-src 'self' blob: https://*.googleapis.com https://unpkg.com 'nonce-'; style-src 'self' https://*.googleapis.com; connect-src 'self' https://*.googleapis.com https://www.gstatic.com; form-action 'self' 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline' 1
default-src 'self' www.google-analytics.com www.youtube.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://sbl.onfastspring.com;               connect-src 'self' our.umbraco.com filmimpact.onfastspring.com vimeo.com www.google-analytics.com region1.google-analytics.com www.facebook.com stats.g.doubleclick.net bat.bing.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.google-analytics.com *.analytics.google.com;               child-src 'self' filmimpact.onfastspring.com www.youtube.com player.vimeo.com www.google.com www.facebook.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://www.youtube-nocookie.com;               script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.cloudfront.net premium.filmimpact.com s.ytimg.com www.google-analytics.com www.google.com www.gstatic.com www.youtube.com www.perplex.nl ajax.aspnetcdn.com vimeo.com www.vimeo.com connect.facebook.net www.googletagmanager.com bat.bing.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://trackcmp.net https://prism.app-us1.com https://sbl.onfastspring.com;               style-src 'self' 'unsafe-inline' https://*.cloudfront.net fonts.googleapis.com https://sbl.onfastspring.com;               img-src 'self' data: *.cloudfront.net services.perplex.eu www.google-analytics.com www.perplex.nl i.vimeocdn.com i.ytimg.com www.facebook.com www.google.com www.google.nl www.googletagmanager.com bat.bing.com http://*.hotjar.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.onfastspring.com;               font-src 'self' data: fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;               form-action 'self' secure.ogone.com www.facebook.com premium.filmimpact.com;               upgrade-insecure-requests; block-all-mixed-content; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://federate.social; img-src 'self' https: data: blob: https://federate.social; style-src 'self' https://federate.social 'nonce-PBwm3Xm8VrQEwMgt8gnbVw=='; media-src 'self' https: data: https://federate.social; frame-src 'self' https:; manifest-src 'self' https://federate.social; form-action 'self'; child-src 'self' blob: https://federate.social; worker-src 'self' blob: https://federate.social; connect-src 'self' data: blob: https://federate.social https://cdn.masto.host wss://federate.social; script-src 'self' https://federate.social 'wasm-unsafe-eval' 1
upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://paste.yunohost.org wss://channels247.net; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'; object-src 'none'; img-src 'self' data:; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-ZNJ6wecXWmc5INIimVbLF6XCH' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors 'self' https://*.chartres.fr/ https://*.chartres-metropole.fr/; 1
frame-ancestors 'self' https://cyon.ch https://www.cyon.ch https://blog.cyon.ch; 1
frame-ancestors https://*.taxaudit.com 1
frame-ancestors 'self' metrika.yandex.ru metrika.yandex.by metrika.yandex.com metrika.yandex.com.tr webvisor.com *.webvisor.com; 1
frame-ancestors 'self' http://gzw.fujian.gov.cn https://gzw.fujian.gov.cn http://rst.fujian.gov.cn https://rst.fujian.gov.cn http://gat.fujian.gov.cn https://gat.fujian.gov.cn  *.fujian.gov.cn https://ptgl.fujian.gov.cn:8088 http://zwfw.fujian.gov.cn:722 http://www.fujian.gov.cn https://www.fujian.gov.cn https://zwfw.fujian.gov.cn http://test.fujian.gov.cn  https://test.fujian.gov.cn  http://www.xm.gov.cn https://www.xm.gov.cn http://ptgl.fujian.gov.cn https://ptgl.fujian.gov.cn http://fujian.gov.cn https://fujian.gov.cn http://www.fujian.gov.cn https://www.fujian.gov.cn http://fj.gov.cn https://fj.gov.cn http://www.fj.gov.cn https://www.fj.gov.cn http://test.fujian.gov.cn https://test.fujian.gov.cn http://fgw.fujian.gov.cn https://fgw.fujian.gov.cn http://fgw.fj.gov.cn https://fgw.fj.gov.cn http://gxt.fujian.gov.cn https://gxt.fujian.gov.cn http://gxt.fj.gov.cn https://gxt.fj.gov.cn http://stream14.fjtv.net https://gat.fujian.gov.cn https://mzzjt.fujian.gov.cn https://rst.fujian.gov.cn https://zjt.fujian.gov.cn https://nynct.fujian.gov.cn https://lyj.fujian.gov.cn https://swt.fujian.gov.cn https://yjt.fujian.gov.cn https://www.ningde.gov.cn http://www.ningde.gov.cn http://lyj.fujian.gov.cn https://zwfw.fujian.gov.cn:1001 https://zwfw.fujian.gov.cn:9020 1
frame-ancestors 'self' https://manage.controldesign.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors 'self' *.tu-ilmenau.de; 1
frame-ancestors https://*.evergladesfarmequipment.com 1
upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self' https://*.patientnow.com; object-src 'self'; base-uri 'self'; 1
default-src 'self'; base-uri 'none'; connect-src 'self' *.stripe.com *.dev.stripe.me https://vercel.live/ https://vercel.com https://*.pusher.com/ wss://*.pusher.com/ https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com; form-action 'self' *.stripe.com *.dev.stripe.me; font-src 'self'; frame-ancestors 'none'; img-src 'self' https://vercel.live/ https://vercel.com https://*.pusher.com/ data: blob: data: blob: ; media-src 'self' d37ugbyn3rpeym.cloudfront.net; script-src 'self' 'unsafe-eval' https://vercel.live/ https://vercel.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests; frame-src https://vercel.live/ https://vercel.com; worker-src blob: ; child-src blob: 1
child-src  www.paypalobjects.com lemproducts.commercev3.com blob: lemproducts.commercev3.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles lemproducts.commercev3.com *.listrakbi.com *.listrak.com *.google-analytics.com  ui.powerreviews.com *.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google.com *.clarity.ms www.facebook.com *.klaviyo.com  *.attn.tv *.rejoiner.com *.turnto.com *.google.com heapanalytics.com *.criteo.com *.mountain.com  *.storepoint.co *.google.com google.com cdn.roirevolution.com events.attentivemobile.com *.pinterest.com *.mapbox.com *.monetate.net *.yimg.com; default-src 'self' cdn.commercev3.net/cdn.lemproducts.com/ cdn.lemproducts.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' lemproducts.commercev3.com cdn.commercev3.net/cdn.lemproducts.com/ cdn.lemproducts.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data:; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com optimize.google.com *.criteo.com photos.pixlee.co static.addtoany.com www.youtube.com *.criteo.net lemproducts.outgrow.us batchgeo.com ct.pinterest.com www.powr.io  *.attn.tv  marketer.monetate.net; frame-ancestors 'self' ; img-src 'self' cdn.commercev3.net/cdn.lemproducts.com/ cdn.lemproducts.com ssl.google-analytics.com *.google.com ct.pinterest.com/v3/ *.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com hexagon-analytics.com heapanalytics.com wac.edgecastcdn.net *.youtube.com s3.amazonaws.com/cdn.lemproducts.com/ *.lemproducts.com  *.criteo.net i.yimg.com *.monetate.net cdn.commercev3.net/cdn.lemproducts.com *.criteo.com *.yahoo.com *.sharethrough.com *.outbrain.com *.casalemedia.com *.mediawallahscript.com *.smaato.net tg.socdm.com *.omnitagjs.com i.liadm.com criteo-partners.tremorhub.com sync-criteo.ads.yieldmo.com idsync.rlcdn.com x.bidswitch.net ib.adnxs.com ad.360yield.com contextual.media.net exchange.mediavine.com simage2.pubmatic.com pixel.rubiconproject.com criteo-sync.teads.tv trends.revcontent.com tags.bluekai.com aa.agkn.com dpm.demdex.net tapestry.tapad.com *.smartadserver.com *.taboola.com jadserve.postrelease.com ws.rqtrk.eu optimize.google.com *.attn.tv  *.storepoint.co lh3.googleusercontent.com; script-src 'self' 'report-sample' cdn.commercev3.net/cdn.lemproducts.com/ cdn.lemproducts.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googleanalytics.com www.googleoptimize.com optimize.google.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com *.attn.tv cdn.sift.com f.monetate.net www.res-x.com cdn.rejoiner.com *.monetate.net cdn.roirevolution.com cdn.heapanalytics.com *.turnto.com static.addtoany.com www.youtube.com *.criteo.com *.criteo.net se.monetate.net *.certona.net  powr.io www.powr.io cdnjs.cloudflare.com data: *.mountain.com *.storepoint.co ct.pinterest.com   *.yimg.com; script-src-elem 'self' 'report-sample' cdn.commercev3.net/cdn.lemproducts.com/ cdn.lemproducts.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googleanalytics.com www.googleoptimize.com optimize.google.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com *.attn.tv cdn.sift.com f.monetate.net www.res-x.com cdn.rejoiner.com *.monetate.net cdn.roirevolution.com cdn.heapanalytics.com *.turnto.com static.addtoany.com www.youtube.com *.criteo.com *.criteo.net se.monetate.net *.certona.net  powr.io www.powr.io cdnjs.cloudflare.com data: *.mountain.com *.storepoint.co ct.pinterest.com   *.yimg.com; style-src 'self' cdn.commercev3.net/cdn.lemproducts.com/ cdn.lemproducts.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com optimize.google.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net widgets.turnto.com marketer.monetate.net *.storepoint.co api.mapbox.com *.cdn.storepoint.co cdnjs.cloudflare.com/ajax/libs/font-awesome/; style-src-elem 'self' cdn.commercev3.net/cdn.lemproducts.com/ cdn.lemproducts.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com optimize.google.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net widgets.turnto.com marketer.monetate.net *.storepoint.co api.mapbox.com *.cdn.storepoint.co cdnjs.cloudflare.com/ajax/libs/font-awesome/; style-src-attr  'unsafe-inline'; media-src 'self' lemproducts.commercev3.com cdn.commercev3.net/cdn.lemproducts.com/ cdn.lemproducts.com www.bing.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sites-rpc.vuturevx.com https://px.ads.linkedin.com https://snap.licdn.com https://code.jquery.com https://ajax.googleapis.com https://ssl.google-analytics.com https://www.youtube.com https://www.youtu.be https://youtu.be https://www.google.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://code.jquery.com/jquery-2.1.4.min.js *.crazyegg.com *.amazonaws.com https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://fonts.googleapis.com; img-src * data:; font-src 'self' data: https://fonts.gstatic.com https://fonts.typekit.net https://themes.googleusercontent.com; connect-src 'self' https://cdn.plyr.io *.crazyegg.com https://*.google-analytics.com https://*.analytics.google.com https://consentcdn.cookiebot.com/; child-src 'self' https://open.spotify.com/ https://player.pippa.io https://player.acast.com https://embed.acast.com https://sdn.sitecore.net https://www.youtube.com https://www.youtu.be https://youtu.be https://www.google.com https://accounts.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com/ https://cdn.yoshki.com https://player.vimeo.com https://vimeo.com  https://consentcdn.cookiebot.com/ https://rpc.turtl.co; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com https://open.spotify.com; report-uri https://3chillies.report-uri.com/r/d/csp/enforce; 1
script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://www.google-analytics.com 1
script-src https: 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; 1
frame-ancestors 'self'; report-uri https://airshoppen.report-uri.com/r/d/csp/enforce; report-to default 1
default-src 'self' https://*.applicationinsights.azure.com; object-src 'none'; frame-ancestors http://localhost:51783 https://localhost https://*.isolvedhcm.com https://*.myisolved.com https://www.goqforce.com https://fusion.avintus.com https://cohere.ctrhcm.com https://www.iesonline.co https://benefitservices.infinisource.com https://www.hkp-usa.com https://www.dominionpayroll.net https://www.aholawebpr.com https://www.coastalpayroll.net https://www.sbspayroll.biz https://payroll.precisionpayrollevv.com https://payroll.paymastersinc.com https://connect.threadhcm.com https://online.commpayhr.com https://www.cpcpayroll.co https://db.zumapay.com ; base-uri 'self'; img-src 'self' https://*.blob.core.windows.net https://*.azureedge.net;sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox; script-src 'self' 'nonce-7J8QVjvoUZhZ1dzsKIBIxvbT' 'strict-dynamic'; 1
default-src 'self'  *.oda.com;img-src 'self' *.oda.com  blob: data: bilder.kolonial.no cdn.sanity.io i.vimeocdn.com translate.googleapis.com api.mapbox.com ct.pinterest.com log.pinterest.com www.facebook.com connect.facebook.net *.google-analytics.com www.google.no *.google.com *.g.doubleclick.net 11208031.fls.doubleclick.net ad.doubleclick.net pagead2.googlesyndication.com ade.googlesyndication.com *.ads.linkedin.com www.linked.com www.google.de www.google.fi www.google.no www.google.se *.googletagmanager.com oda.com storage.googleapis.com *.snapchat.com bat.bing.com analytics.pangle-ads.com log.adtraction.fail checkoutshopper-live.adyen.com;style-src 'unsafe-inline' 'self' *.oda.com translate.googleapis.com;script-src 'self' 'unsafe-eval'  *.oda.com  'sha256-QLN4/tVmbx4rIRUIwpoTvMI9PyCLdP+V6RSDfQMVEfM=' 'sha256-6xYRXGTve/VTSs6Rki/dNOaYbQbQscqyCpbKFoaO/QA=' 'sha256-N4/5hGfx8xkPtfVswEIqYnX0T8THpCSI4Z57gINwoUw=' js.sentry-cdn.com browser.sentry-cdn.com messenger.dixa.io widget.trustpilot.com connect.facebook.net s.pinimg.com ct.pinterest.com www.google.com *.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com *.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com snap.licdn.com sc-static.net *.snapchat.com bat.bing.com analytics.tiktok.com gtm.adt313.net tagmanager.google.com polyfill-fastly.io;connect-src 'self' *.oda.com   *.sentry.io 1teetjp9.apicdn.sanity.io 1teetjp9.api.sanity.io cdn.sanity.io translate.googleapis.com messenger.dixa.io messenger-edge.dixa.io www.facebook.com ct.pinterest.com *.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com www.google.de www.google.fi www.google.no pagead2.googlesyndication.com ad.doubleclick.net *.g.doubleclick.net cdn.linkedin.oribi.io px.ads.linkedin.com *.snapchat.com bat.bing.com analytics.tiktok.com analytics.pangle-ads.com bat.bing.com log.adtraction.fail gtm-sst-se.mathem.se checkoutshopper-live.adyen.com;frame-src acs.3dsecure.no player.vimeo.com www.youtube.com messenger.dixa.io widget.trustpilot.com ct.pinterest.com www.facebook.com *.g.doubleclick.net *.fls.doubleclick.net td.doubleclick.net tpc.googlesyndication.com *.snapchat.com checkoutshopper-live.adyen.com;font-src 'self' *.oda.com;base-uri 'none';object-src 'none'; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; font-src https: data: filesystem: 'unsafe-inline'; img-src https: data: ; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-d92fd212d0dc40f98063afda71d5752e'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' meinwerbetechniker.de *.meinwerbetechniker.de 1
frame-ancestors 'self' localhost falconinsgroup.com *.falconinsgroup.com 1
default-src 'self' *.google-analytics.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.cloudfront.net *.trustarc.com *.amazonaws.com *.qualtrics.com *.googletagmanager.com data:;               style-src 'self' *.aspnetcdn.com *.googleapis.com  *.hotjar.com *.trustarc.com 'unsafe-hashes' 'unsafe-inline';              script-src 'self' *.trustarc.com *.aspnetcdn.com *.jquery.com *.recaptcha.net *.gstatic.com *.gstatic.cn *.hotjar.com *.googletagmanager.com *.google-analytics.com *.clicktale.net 'unsafe-hashes' *.cdngc.net *.qualtrics.com g9904216750.co 'unsafe-inline' 'unsafe-eval';                frame-src 'self'  *.hotjar.com *.recaptcha.net *.live.com *.qualtrics.com *.trustarc.com;              font-src 'self' *.gstatic.com *.gstatic.cn *.trustarc.com;              frame-ancestors 'self'  *.hotjar.com *.recaptcha.net *.live.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vercel.live https://www.googletagmanager.com https://www.google-analytics.com https://cdn.contentful.com https://snap.licdn.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://analytics.tiktok.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline'; img-src 'self' 'unsafe-inline' data: https://images.ctfassets.net https://downloads.ctfassets.net https://www.google-analytics.com https://px.ads.linkedin.com https://www.facebook.com; connect-src 'self'  https://vercel.live https://cdn.contentful.com https://assets.ctfassets.net https://www.googletagmanager.com https://www.google-analytics.com https://px.ads.linkedin.com https://analytics.tiktok.com; frame-ancestors 'self' https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://vercel.live/ https://td.doubleclick.net/ 1
default-src 'self' ;	script-src 'self' 'unsafe-inline' active-wow.failbettergames.com 'unsafe-eval' js.stripe.com www.youtube-nocookie.com;    frame-src 'self' js.stripe.com www.youtube-nocookie.com;	font-src data: 'self';	img-src data: 'self' blob: *.ytimg.com *.craft-cdn.com *.craftcms.com active-wow.failbettergames.com;    connect-src 'self' feed-proxy.craftcms.com api.craftcms.com ;    object-src 'none';	style-src 'self' 'unsafe-inline' *.googleapis.com www.youtube-nocookie.com; 1
default-src 'self' *.livejournal.com *.livejournal.net *.dsp-rambler.ru *.google.com google.com *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru *.tiktok.com tiktok.com *.youtube.com youtube.com; script-src 'self' *.livejournal.com *.livejournal.net *.adfox.ru ad.mail.ru api.giphy.com bs.serving-sys.ru cdn.ampproject.org cdn.jsdelivr.net cdnjs.smi2.ru content.adriver.ru *.criteo.com *.criteo.net cstatic.weborama.fr data00.adlooxtracking.com data.24smi.net *.doubleclick.net *.dropbox.com dsp-rambler.ru *.dsp-rambler.ru *.exelator.com *.facebook.com vk.com *.facebook.net gist.github.com googleads.g.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com google.com *.google.ru *.googlesyndication.com *.googletagmanager.com googletagmanager.com *.googletagservices.com *.gstatic.com *.instagram.com j.adlooxtracking.ru js.mamydirect.com jsn.24smi.net *.lj.ru mc.yandex.com mc.yandex.ru *.newrelic.com *.nr-data.net *.ok.ru openstat.net pingback.giphy.com *.pingdom.com *.pingdom.net *.pinterest.com *.plista.com privacy-cs.mail.ru *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru rb.infox.sg r.mradx.net *.rnet.plus *.rubiconproject.com r.webturn.ru *.scorecardresearch.com sdk.canva.com *.services.livejournal.com smi2.ru ssl.p.jwpcdn.com static.smi2cdn.ru static.smi2.net static.weborama.fr static.xx.fbcdn.net stat.media telegram.org tiktokcdn-us.com *.tiktok.com tiktok.com tns-counter.ru *.top100.ru top-fwz1.mail.ru tpc.googlesyndication.com *.ttwstatic.com twemoji.maxcdn.com *.twimg.com *.twitter.com *.videos.livejournal.com *.vk.com wcm-ru.frontend.weborama.fr weborama.fr *.webturn.ru *.yahooapis.com *.yandex.ru yandex.ru yastatic.net ymetrica.com *.youtube.com youtube.com z.moatads.com 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: 'unsafe-inline'; img-src blob: http: https: data:; frame-src http: https:; font-src http: https: data:; connect-src 'self' *.livejournal.com *.livejournal.net ad.mail.ru *.ad-tech.ru api.giphy.com bs.serving-sys.ru cdn.ampproject.org *.criteo.com csi.gstatic.com data00.adlooxtracking.com dsp-rambler.ru *.dsp-rambler.ru *.eaglecdn.com *.g.doubleclick.net googleads.g.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com google.com *.googletagmanager.com googletagmanager.com graph.facebook.com gstatic.com *.lj.ru lj.stat.eagleplatform.com mc.yandex.by mc.yandex.com mc.yandex.md mc.yandex.ru pingback.giphy.com *.pingdom.net privacy-cs.mail.ru *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru rb.infox.sg *.rnet.plus *.services.livejournal.com *.ssp.rambler.ru ssp.rambler.ru static-mon.yandex.net static.xx.fbcdn.net stat.media stats.g.doubleclick.net smi2.net smi2.ru *.tiktok.com tiktok.com top-fwz1.mail.ru *.twitter.com *.webturn.ru webvisor.org wss://www.livejournal.com yandexmetrica.com yandexmetrica.com:29010 yandexmetrica.com:30103 *.yandex.ru yandex.ru yastatic.net ymetrica1.com ymetrica.com *.youtube.com youtube.com; report-uri https://www.livejournal.com/csp_reports; report-to livejournal; media-src http: https: data: storage.mds.yandex.net; frame-ancestors 'self'; worker-src 'self' blob:; object-src 'self' blob: *.livejournal.net youtube.com *.youtube.com; child-src 'self' blob:; 1
frame-ancestors 'self' *.canva.com canva.com; report-uri https://csp.canva.com/_cspreport?app=websites; base-uri 'self'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'nonce-4354a373-2f35-4854-a6de-7e0340b83c23' https://www.google.com/recaptcha/api.js; 1
default-src 'none';base-uri 'self';script-src 'self' 'report-sample' 'unsafe-inline' https://*.helpscout.net https://*.facebook.net https://*.google.com https://www.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com;style-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com;img-src * data:;font-src *;connect-src *;manifest-src *;frame-src 'self' https://www.google.com https://td.doubleclick.net https://www.facebook.com;frame-ancestors 'self';report-uri https://logotournament.com/request-error-csp 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors https://*.duemint.com https://*.icontel.cl; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self'; media-src 'none'; frame-src 'none'; font-src 'self'; connect-src 'self' https://api.amplitude.com https://eth-ropsten.alchemyapi.io https://eth-rinkeby.alchemyapi.io https://eth-mainnet.alchemyapi.io https://api.thegraph.com wss://bridge.walletconnect.org wss://fei.bridge.walletconnect.org https://assets.fei.money; frame-ancestors 'none' 1
default-src 'self' *.cndns.com *.idccenter.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cndns.com *.cnzz.com *.idccenter.net;style-src 'self' 'unsafe-inline' *.cndns.com *.idccenter.net;img-src * 'self' data: https: blob:;frame-src 'self' *.idccenter.net 1
font-src *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.shift4api.net *.ups.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://www.google.com *.shift4api.net *.shift4test.com *.i4go.com *.youtube.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.avada.io maps.googleapis.com *.google.com *.gstatic.com *.shift4api.net *.shift4test.com *.i4go.com *.googleapis.com *.google-analytics.com *.constantcontact.com *.ctctcdn.com *.cloudflare.com *.fontawesome.com *.trustedshops.com 'self' 'unsafe-eval' 'sha256-KVeaWNqWRgFbLbt7kPxynCAOGWP3T7Nh+xdJSXgD0cw=' 'sha256-x5wlRmW2PL9g045UWcf7gZYQYBYaADAnikFaiqP4DoI=' 'sha256-S0dIL3nNpqhbN9MzYBWMnOfdPj41OL1+xCNSQHQ9tco=' 'sha256-/PMCWZKtqJzk3S1+HedAlW8N4KXnW6qHfP0aa7/c6SI=' 'sha256-u8V1rVHy62MPW7Ieda8CBzjmy+Zau53BNJxtjKweO2g=' 'sha256-EYHFoYhOX2arMRAk05cE/RWOCcHDrygB3oSoGfkOQCY=' 'sha256-rwMOiOeVICH7/Cjy5SkreID3OOi5HTrit357k22hUDQ=' 'sha256-VU3qMY/n6k6QtAvAUUFXij37SvZoFtLCc4tE5wM4F44=' 'sha256-TcUB1mzXiQO4GxpTRZ0EMpOXKMU3u+n/q1WrgVIcs1I=' 'sha256-bXWxNSz1UyEfsO4GhVlmoTPqxFTHGQERakowyxjR+K0=' 'sha256-5R3L6HPNzkygXtGT2c02E/ZnH2Bhs/fTkRVRrfN79IU=' 'sha256-8s+OCqTgfizM3+zblmvadGMT7BdSCMsCB+CGF6ww5nw=' 'sha256-n8pnJTEfGYgfoiHd5qKgeOKugJXl/g89j411ycbuCAw=' 'sha256-UPxrYDH2imBGWTHzyhTqNZCXTClji/8LYHDDYHREznU=' 'sha256-awxQffQ+p1m1Tchc3qeqEs69nwMBbrK82EDY+BBaJz4=' 'sha256-48sb4Je7XoTlJimO7pm/+fwXo5BBI6oU4Vci+QqK2/I=' 'sha256-kUdIWiatURyAea1bhLxzW5JgJLFcbPA+HewOl2LIM4I=' 'sha256-pctLFcfSaMlv/d7PO3+XSW5DTwweZ+CSNoI9Vpi/SBA=' 'sha256-x1qki0aBh12oPJ8SVwgYGt0R8O4r3w9lo1EZqiHmaOA=' 'sha256-PU004fzvlK18E13DpFKPBcTM6CG2ZEXfrWArwv/37L4=' 'sha256-M2Qsjkwv/5Nm3EON+m3T8aAomYjPYoXTgkpnzHJPO+E=' 'sha256-TJCCqJ1QU65tUv4WsRFt5Ux9inC0cN36cq9dlFxr5nw=' 'sha256-wn/KnAgJFNrBLPiw46GiAPQLyLX/noVfQIXTlyIgH9I=' 'sha256-8fj5J6Pbg6qvtob4F/PNJvqZlaQpUJzo0y/JqeH5NFI=' 'sha256-25dlPZLjAXJYgjFTliSfU4Hu8e7GdxW4nJ1HDwUZuW4=' 'sha256-9vpql/NLyCCe3HPEb2b/lcLKPbkRi48w2Lfn0AbTxsQ=' 'sha256-k8+C5lcUJ4hCb8g4HSvggvDkWlg8/sbpK6KKXVOtIRE=' 'nonce-ZqL7UuhiQL2s_XJ3q54n6QABySw'; style-src unsafe-inline *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.constantcontact.com *.google-analytics.com *.cloudflare.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.johnscheepers.com/fl32csp/report/; 1
frame-ancestors 'self', frame-ancestors 'self' 1
base-uri mleasing.pl; default-src 'none'; manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.callpage.io cdn-1.mbiscuit.mbank.pl *.google.com cdnjs.cloudflare.com *.googleadservices.com *.google-analytics.com *.google.pl *.google.com *.facebook.com connect.facebook.net *.3way.pl *.googleapis.com *.googletagmanager.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.callpage.io *.3way.pl *.googleapis.com; img-src 'self' data: ad.doubleclick.net googleads.g.doubleclick.net *.google.pl *.callpage.io *.google.com *.google-analytics.com region1.google-analytics.com *.facebook.com fc10.3way.pl maps.googleapis.com maps.gstatic.com; font-src 'self' data: cdn-1.mbiscuit.mbank.pl cdnjs.cloudflare.com fonts.gstatic.com; connect-src 'self' *.callpage.io *.facebook.com stats.g.doubleclick.net *.google-analytics.com region1.google-analytics.com maps.googleapis.com cdnjs.cloudflare.com; media-src 'self' data: *.callpage.io ; object-src 'self'; frame-src td.doubleclick.net 6100198.fls.doubleclick.net *.facebook.com *.google.com; child-src 'self'; frame-ancestors 'self'; worker-src 'self'; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-913c2d8604c6171caa45201ce0b518b5'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' app.hubspot.com 1
font-src https://fonts.gstatic.com/ https://fonts.googleapis.com/ *.fontawesome.com https://fonts.gstatic.com *.compassmerchantsolutions.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com self *.addtoany.com *.googleapis.com *.botmaker.com *.appspot.com *.facebook.com wss://ws.botmaker.com/stable11/ws/wendpoint/ https://bam.nr-data.net *.compassmerchantsolutions.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.compassmerchantsolutions.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ https://*.doubleclick.net/ *.addtoany.com *.googleapis.com *.botmaker.com *.appspot.com *.facebook.com wss://ws.botmaker.com/stable11/ws/wendpoint/ https://bam.nr-data.net *.compassmerchantsolutions.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://kalicr.com https://www.google.co.cr/ *.capris.cr *.magentosite.cloud *.googleapis.com *.google.co.cr *.facebook.com *.botmaker.com wss://ws.botmaker.com/stable11/ws/wendpoint/ https://bam.nr-data.net blob: https://capris.cr/media/wysiwyg/categoria_sin_imagen.png https://static.grainger.com/ *.compassmerchantsolutions.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://googletagmanager.com/ https://www.googletagmanager.com/ data: *.capris.cr *.magentosite.cloud *.googleapis.com *.google-analytics.com *.googleadservices.com *.addtoany.com *.marketo.net *.botmaker.com *.facebook.net polyfill.io *.appspot.com wss://ws.botmaker.com/stable11/ws/wendpoint/ https://bam.nr-data.net *.googlesyndication.com *.compassmerchantsolutions.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://googletagmanager.com/ https://www.googletagmanager.com/ data: *.addtoany.com *.googleapis.com *.botmaker.com *.appspot.com wss://ws.botmaker.com/stable11/ws/wendpoint/ https://bam.nr-data.net https://credomatic.compassmerchantsolutions.com/ https://secure.networkmerchants.com/ *.fontawesome.com *.compassmerchantsolutions.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src *.compassmerchantsolutions.com 'self' 'unsafe-inline'; media-src *.adobe.com *.capris.cr *.magentosite.cloud *.googleapis.com *.google.co.cr *.botmaker.com wss://ws.botmaker.com/stable11/ws/wendpoint/ https://bam.nr-data.net https://capris.cr/media/wysiwyg/categoria_sin_imagen.png *.compassmerchantsolutions.com 'self' 'unsafe-inline'; manifest-src *.compassmerchantsolutions.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://googletagmanager.com/ https://www.googletagmanager.com/ https://*.doubleclick.net/ data: *.doubleclick.net *.googleapis.com *.google-analytics.com *.mktoresp.com *.botmaker.com *.appspot.com wss://ws.botmaker.com/stable11/ws/wendpoint/ fonts.gstatic.com https://bam.nr-data.net https://credomatic.compassmerchantsolutions.com/ http://dpm.demdex.net *.compassmerchantsolutions.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src *.compassmerchantsolutions.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: data: wss: about: blob: dc-photo: dc-illu: dc-v2: fb-messenger: tg: whatsapp: sms: mailto: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.stugsommar.se/pubweb/csp-violation 1
font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleapis.com https://*.google.co.uk https://*.google.com https://*.trustpilot.com https://stats.g.doubleclick.net https://*.sagepay.com https://*.paypal.com https://*.doubleclick.net https://*.avsfencing.co.uk  https://bat.bing.com https://connect.facebook.net https://*.vimeo.com https://*.occupop.com https://www.youtube.com https://*.googlesyndication.com; media-src 'self' https://www.youtube.com; img-src 'self' data: https://www.google.co.uk https://www.google.com https://*.lawsons.co.uk https://lawsons.co.uk https://*.facebook.com https://*.facebook.net https://*.bing.com; 1
img-src https: data: android-webview-video-poster: ; report-uri https://www.kochform.de/csp_transmitterd2000.php 1
default-src 'self' *.lvvwd.com *.youtube.com data:; style-src 'self' 'unsafe-inline' *.lvvwd.com *.juicer.io *.cludo.com *.cludo.com.cdn.cloudflare.net *.googleapis.com; script-src 'self' 'unsafe-inline' blob: cdn.lvvwd.com *.lvvwd.com *.juicer.io *.digicert.com *.google-analytics.com *.googleapis.com *.jwpcdn.com *.gstatic.com *.google.com *.googletagmanager.com *.facebook.net *.facebook.com *.cludo.com *.cludo.com.cdn.cloudflare.net apps.usw2.pure.cloud cdn.jwplayer.com api.flickr.com data:; connect-src 'self' *.lvvwd.com *.juicer.io *.facebook.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.doubleclick.net *.cludo.com *.cludo.com.cdn.cloudflare.net api-use2.digital.genesyscloud.com cdn.jwplayer.com cdn3.wowza.com data:; font-src 'self' *.lvvwd.com *.juicer.io *.jwpcdn.com *.gstatic.com data:; img-src 'self' *.lvvwd.com *.snwa.com *.springspreserve.org *.google.com *.juicer.io *.cdninstagram.com prd.jwpltx.com seal.digicert.com maps.gstatic.com *.googleapis.com cdn.jwplayer.com assets-jpcust.jwpsrv.com live.staticflickr.com *.cludo.com *.facebook.com *.fbcdn.net *.facebook.net  blob: data:; frame-src 'self' *.captionedtext.com *.youtube.com *.doubleclick.net *.google.com *.facebook.com data:; media-src 'self' *.lvvwd.com cdn3.wowza.com blob: data:; 1
connect-src 'self' data: *.lovetovisit.com *.lovetovisit.net capig.stape.cc *.googlesyndication.com cdn-cookieyes.com directory.cookieyes.com log.cookieyes.com api.todaytix.com *.seatsio.net atlas.microsoft.com appleid.cdn-apple.com accounts.google.com *.analytics.google.com atlas.microsoft.com forms.hubspot.com form.jotform.com *.jotformeu.com *.bing.com js.hs-banner.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net *.google-analytics.com *.virtualearth.net api.getaddress.io fonts.googleapis.com maps.googleapis.com maps.gstatic.com www.googletagmanager.com js.monitor.azure.com js.stripe.com cdn.bookingprotect.com dc.services.visualstudio.com *.applicationinsights.azure.com *.virtualearth.net loveto.cloudflareaccess.com analytics.tiktok.com *.doubleclick.net widget.trustpilot.com connect.facebook.net www.google.com www.google.co.uk js-na1.hs-scripts.com track.hubspot.com get.geojs.io www.facebook.com forms.hsforms.com i.ytimg.com www.youtube-nocookie.com i.vimeocdn.com www.googleadservices.com *.clarity.ms *.stagingtixuk.io *.tixuk.io cdnjs.cloudflare.com cdn.seatsio.net fonts.gstatic.com; font-src data: fonts.gstatic.com *.lovetovisit.com *.lovetovisit.net *.jotfor.ms atlas.microsoft.com *.stagingtixuk.io *.tixuk.io cdnjs.cloudflare.com; frame-src 'self' accounts.google.com js.stripe.com www.youtube-nocookie.com www.youtube.com youtu.be player.vimeo.com www.facebook.com widget.trustpilot.com form.jotform.com widgets.jotform.io *.jotformeu.com *.seatsio.net; img-src 'self' data: blob: *.lovetovisit.com *.lovetovisit.net cdn-cookieyes.com *.virtualearth.net track.hubspot.com *.bing.com cdn.bookingprotect.com cdn1.iconfinder.com *.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com *.googleapis.com maps.gstatic.com www.facebook.com forms.hsforms.com www.google.com www.google.co.uk i.ytimg.com i.vimeocdn.com *.clarity.ms *.doubleclick.net *.jotform.com *.jotfor.ms *.jotformeu.com; manifest-src 'self' loveto.cloudflareaccess.com; script-src 'self' *.lovetovisit.com *.lovetovisit.net cdn-cookieyes.com *.virtualearth.net form.jotform.com *.bing.com js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hscollectedforms.net js.monitor.azure.com js.stripe.com *.virtualearth.net appleid.cdn-apple.com accounts.google.com *.google-analytics.com www.googletagmanager.com maps.googleapis.com widget.trustpilot.com connect.facebook.net analytics.tiktok.com www.googleadservices.com *.clarity.ms cdnjs.cloudflare.com js.jotform.com *.jotfor.ms *.jotformeu.com *.stagingtixuk.io *.tixuk.io *.seatsio.net 'sha256-kGUQiECb7HTB3+cdt9SV9OGtiju37vTHScB5TlU3tzo=' 'sha256-fNV9UM12Liz2ej9OiEFGty61Xyy45WiumDGRULrmMas=' 'sha256-HxloihkFPRahWDIJbyPmS+ZqdN4lbPEU8HICje2e5KE=' 'sha256-RsMFjKdD6G6SbypZRyY15y/udfKgefRKApbQ17fTt1A=' 'sha256-pH8ZtgS6Yw1nJ8vSsAs4VG5ymYTiy/9F6Rc/WTvIW/o=' 'sha256-LRJO/cPa6jqGlnpx3VNktmJyhmBbGLLeOUHTR+yuoFE=' 'sha256-D3Q3spg+mp8e0W2whrBhmcri40lFN+CCKrSRBv++DZc=' 'sha256-7TKSX9mLOfam46WWxZrs305ZZEjSItRUYr/zBHLSLtU=' 'sha256-XftMmGwy7WCgpZxWFjqnfbMDJAsef9V+QnGlUwSEbdw=' 'sha256-1fw2c7FNcs76yTVbHEFHCSlY0kf7aVoEdQajrpQ5bm0=' 'sha256-G/Ew3QdUoo9PpcvqvAVvJm78VA3gwggMwC5KnaNahwg=' 'sha256-CsKrQpqLJ8JVnODB1fCcmzC/wfITHnf2MjJq2ksowUA=' 'sha256-Df/bomiC4MxTu59OQQpp7dl7IayQZhPwvhqbUuztOCU=' 'sha256-TtWZJYo9CsnFDflsnKpvMQupYp0SWPUJhncXRWhqHgY=' 'sha256-3yx1MggTDndzcmLHwxFCzn1vj9PupDMDzbf1rxxmVZs=' 'sha256-Iv0PPGMEI0LZDoRiujpPmBVcMcn8MaU7sokBUiZOio0=' 'sha256-sG/XKoCl/NzLxCnmOncNMinSy5y81d9alJI9HxBvPZk=' 'sha256-IPFvm2utq4Ir+EZZM7ksjlezLtXA0NY7hhlwT1ngE1Q=' 'sha256-i5wdQEYWxSf0cisy2nmGBORIOnxxrxn/l1gIqCbATKA='; style-src-elem 'self' 'unsafe-inline' accounts.google.com fonts.googleapis.com *.lovetovisit.com *.lovetovisit.net *.bing.com *.jotfor.ms cdnjs.cloudflare.com *.seatsio.net; worker-src 'self' blob: ; object-src 'none' 1
frame-ancestors 'self' https://*.therapy.nethealth.com 1
base-uri 'self';connect-src 'self' https://adservice.google.com https://www.google.com https://*.doubleclick.net https://www.google-analytics.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com statsnzprod.azure-api.net https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://www.google.co.nz https://www.google.com.au https://www.google.com.vn *.hotjar.com *.hotjar.io wss://*.hotjar.com *.livechatinc.com https://app.optimalworkshop.com performance.typekit.net;default-src 'self';form-action 'self' export.highcharts.com govt.us9.list-manage.com;img-src 'self' https: https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com *.ytimg.com https://*.appcues.com https://*.appcues.net res.cloudinary.com cdn.jsdelivr.net https://*.googletagmanager.com https://*.google-analytics.com *.hotjar.com *.hotjar.io *.livechatinc.com shielded.co.nz staticcdn.co.nz p.typekit.net;media-src 'self' *.livechatinc.com;object-src 'self' *.livechatinc.com;font-src 'self' https://fonts.gstatic.com data: use.fontawesome.com *.hotjar.com *.hotjar.io staticcdn.co.nz data://* use.typekit.net;upgrade-insecure-requests;frame-src https://*.doubleclick.net https://stats.g.doubleclick.net https://www.googletagmanager.com https://bid.g.doubleclick.net player.vimeo.com *.youtube.com 'self' https://*.appcues.com *.hotjar.com *.hotjar.io *.livechatinc.com staticcdn.co.nz helpline.homecaremedical.co.nz *.office.com *.shinyapps.io statsnz.maps.arcgis.com statsmaps.cloud.eaglegis.co.nz;script-src https://www.googletagmanager.com 'unsafe-eval' https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net player.vimeo.com www.youtube.com s.ytimg.com 'self' https://*.appcues.com https://*.appcues.net https://*.googletagmanager.com *.hotjar.com *.hotjar.io 'unsafe-inline' *.livechatinc.com s3.amazonaws.com staticcdn.co.nz helpline.homecaremedical.co.nz use.typekit.net cdnjs.cloudflare.com;style-src https://tagmanager.google.com https://fonts.googleapis.com 'self' https://*.appcues.com https://*.appcues.net https://fonts.google.com 'unsafe-inline' stackpath.bootstrapcdn.com use.fontawesome.com *.livechatinc.com cdn-images.mailchimp.com use.typekit.net;child-src player.vimeo.com 'self' *.livechatinc.com;script-src-elem https://*.googletagmanager.com https://*.google-analytics.com *.hotjar.com *.hotjar.io 'self' 'unsafe-inline' 'unsafe-eval' *.livechatinc.com staticcdn.co.nz helpline.homecaremedical.co.nz use.typekit.net cdnjs.cloudflare.com;manifest-src 'self';report-uri https://report-to-api.raygun.com/reports-csp?apikey=fUCNIUtmo6N5JyZrZmL9g 1
default-src 'self' data: https://framacarte.org https://umap.openstreetmap.fr; script-src 'self' 'unsafe-inline' https://framacarte.org https://umap.openstreetmap.fr; object-src 'self'; base-uri 'self'; form-action 'self'; style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' file:; 1
frame-ancestors 'self' control.motionpoint.com/ iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ https://www.next.se 1
frame-src 'self' *.pentavida.cl pentavida.cl *.google.com google.com *.livechatinc.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *userway.org cdn.userway.org  1
default-src 'self' *.crazyegg.com *.mathtag.com *.hs-scripts.com https: blob: data: 'unsafe-inline' 'unsafe-eval'; 1
connect-src 'self' https://*.cookiebot.com https://google.ro https://region1.analytics.google.com/ https://region1.google-analytics.com/ https://ams.creativecdn.com/ https://cm.teads.tv/ https://t.teads.tv/ https://teads.tv https://connect.facebook.net https://facebook.com https://www.googletagmanager.com https://analytics.tiktok.com https://*.facebook.net ;default-src https://*.cookiebot.com https://fledge.teads.tv/ https://*.google-analytics.com https://*.googlesyndication.com https://www.google.by  https://ams.creativecdn.com/ https://salt.bank https://*.salt.bank;media-src 'self';font-src 'self' https://fonts.gstatic.com https://use.typekit.net;base-uri 'self';object-src 'none'; img-src 'self' data: https://imgsct.cookiebot.com https://google.ro https://region1.analytics.google.com https://connect.facebook.net https://teads.tv https://*.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://cm.teads.tv/ https://t.teads.tv/ https://analytics.tiktok.com https://*.facebook.net ;script-src 'unsafe-inline' 'nonce-OQVEA6UyYh6p98fHsyhmJPk9e40BAOPW' 'self' *.salt.bank  *.adform.net  *.cookiebot.com *.googleadservices.com *.google.com *.google-analytics.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.doubleclick.net *.google.by *.googlesyndication.com *.googletagmanager.com *.facebook.net *.twitter.com *.tiktok.com *.google-analytics.com *.licdn.com *.hcaptcha.com *.google.com *.gstatic.com *.creativecdn.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.googletagmanager.com https://*.typekit.net; 1
default-src     'self'     https://bid.g.doubleclick.net/xbbe/pixel     ;      script-src     'self'     'report-sample'     'unsafe-inline'     https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js     https://code.iconify.design/1/1.0.7/iconify.min.js     https://googleads.g.doubleclick.net/pagead/viewthroughconversion/798837973/     https://js.hs-analytics.net/analytics/1654805700000/2063147.js     https://js.hs-banner.com/2063147.js     https://js.hs-scripts.com/2063147.js     https://js.hscollectedforms.net/collectedforms.js     https://js.intercomcdn.com/frame-modern.a7822daa.js     https://widget.intercom.io/widget/jvg80vqq     https://www.google-analytics.com/analytics.js     https://www.googleadservices.com/pagead/conversion_async.js     https://www.googletagmanager.com/gtag/js     https://js.hs-analytics.net/analytics/1655307000000/2063147.js     https://js.hs-analytics.net/analytics/     https://js.intercomcdn.com/frame-modern.53729a77.js     https://js.intercomcdn.com/vendor-modern.b8592417.js     https://app.intercom.io     https://widget.intercom.io     https://js.intercomcdn.com     https://www.google.com/pagead/conversion_async.js     https://api.iconify.design/eva.js     https://api.iconify.design/mdi.js     https://api.iconify.design/cil.js     https://api.iconify.design/bi.js     https://static.intercomassets.com/assets/help_center-d36cfac0eccacbe14d1a7ba68d9f0c90b39aba04a7f1d862292ab8a525bf4c8f.js     ;     style-src     'report-sample'      'self'     'unsafe-inline'     ;     object-src     'none'     ;     base-uri     'self'     ;     connect-src     'self'       https://api.intercom.io       https://api.au.intercom.io     https://api.eu.intercom.io       https://api-iam.intercom.io       https://api-iam.eu.intercom.io     https://api-iam.au.intercom.io      https://api-ping.intercom.io       https://nexus-websocket-a.intercom.io     wss://nexus-websocket-a.intercom.io     https://nexus-websocket-b.intercom.io     wss://nexus-websocket-b.intercom.io     https://nexus-europe-websocket.intercom.io      wss://nexus-europe-websocket.intercom.io      https://nexus-australia-websocket.intercom.io     wss://nexus-australia-websocket.intercom.io      https://uploads.intercomcdn.com     https://uploads.intercomcdn.eu      https://uploads.au.intercomcdn.com      https://uploads.intercomusercontent.com     https://forms.hubspot.com     https://www.google-analytics.com/j/collect     https://www.google-analytics.com/g/collect     https://js.hs-banner.com/cookie-banner-public/v1/activity/view     https://js.hs-banner.com/cookie-banner-public/v1/activity/click     https://forms.hscollectedforms.net/collected-forms/          ;     font-src     'self'     https://js.intercomcdn.com                   https://fonts.intercomcdn.com     ;     child-src       https://intercom-sheets.com       https://www.intercom-reporting.com        https://www.youtube.com       https://player.vimeo.com       https://fast.wistia.net     ;     frame-src     'self'      https://www.youtube.com/     https://bid.g.doubleclick.net/     https://intercom-sheets.com     ;     img-src      'self'     https://forms.hsforms.com     https://track.hubspot.com     https://www.google-analytics.com     https://www.google.com     https://static.intercomassets.com                 https://js.intercomcdn.com     https://static.intercomassets.com     https://downloads.intercomcdn.com     https://downloads.intercomcdn.eu     https://downloads.au.intercomcdn.com     https://uploads.intercomusercontent.com     https://gifs.intercomcdn.com      https://video-messages.intercomcdn.com     https://messenger-apps.intercom.io     https://messenger-apps.eu.intercom.io     https://messenger-apps.au.intercom.io     https://*.intercom-attachments-1.com     https://*.intercom-attachments.eu     https://*.au.intercom-attachments.com     https://*.intercom-attachments-2.com     https://*.intercom-attachments-3.com     https://*.intercom-attachments-4.com     https://*.intercom-attachments-5.com     https://*.intercom-attachments-6.com     https://*.intercom-attachments-7.com     https://*.intercom-attachments-8.com     https://*.intercom-attachments-9.com     https://static.intercomassets.eu     https://static.au.intercomassets.com     https://forms.hscollectedforms.net/collected-forms/     ;         manifest-src     https://js.intercomcdn.com     https://static.intercomassets.com     https://downloads.intercomcdn.com     https://downloads.intercomcdn.eu     https://downloads.au.intercomcdn.com     https://uploads.intercomusercontent.com     https://gifs.intercomcdn.com      https://video-messages.intercomcdn.com     https://messenger-apps.intercom.io     https://messenger-apps.eu.intercom.io     https://messenger-apps.au.intercom.io     https://*.intercom-attachments-1.com     https://*.intercom-attachments.eu     https://*.au.intercom-attachments.com     https://*.intercom-attachments-2.com     https://*.intercom-attachments-3.com     https://*.intercom-attachments-4.com     https://*.intercom-attachments-5.com     https://*.intercom-attachments-6.com     https://*.intercom-attachments-7.com     https://*.intercom-attachments-8.com     https://*.intercom-attachments-9.com     https://static.intercomassets.eu     https://static.au.intercomassets.com     ;         media-src      'self'     https://js.intercomcdn.com     ;     report-uri      https://62a2552a9bc141b6c536fb71.endpoint.csper.io/?v=0     ;     worker-src      'none'     ;     form-action     'self'     https://intercom.help     https://api-iam.intercom.io     https://api-iam.eu.intercom.io     https://api-iam.au.intercom.io     ;      1
default-src https: data: https://api.convergepay.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com wss://*.pusher.com https://*.cybernet.us http://*.cybernet.us https://*.fedex.com 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors *.grupomaaf.com.br *.3c.plus 1
img-src 'self' *.queplan.cl queplan.cl  https: data: blob:; connect-src 'self' wss://widget-mediator.zopim.com wss://*.hotjar.com https://*.hotjar.io *.queplan.cl queplan.cl   www.google-analytics.com www.googletagmanager.com  https://*.hotjar.com www.googleadservices.com *.api.kushkipagos.com *.api-uat.kushkipagos.com api.kushkipagos.com api-uat.kushkipagos.com *.twilio.com wss://tsock.us1.twilio.com *.linkify.cl *.googleadservices.com *.ads-twitter.com *.licdn.com *.facebook.net *.consensu.org *.openx.net *.rlcdn.com *.adnxs.com *.yahoo.com *.twitter.com *.t.co *.jsdelivr.net  https: data: blob:; style-src 'self' 'unsafe-inline' *.queplan.cl queplan.cl  https: data: blob:, script-src 'self' 'unsafe-inline' 'unsafe-eval' *.queplan.cl queplan.cl  browser-update.org *.hotjar.com api.kushkipagos.com *.api.kushkipagos.com api-uat.kushkipagos.com *.api-uat.kushkipagos.com *.twilio.com wss://tsock.us1.twilio.com *.linkify.cl *.ads-twitter.com *.licdn.com *.facebook.net *.consensu.org *.openx.net *.rlcdn.com *.t.co *.adroll.com https: data: blob: www.google-analytics.com www.googletagmanager.com, script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' www.google.cl www.google.co www.google.pe www.google.com browser-update.org *.queplan.cl queplan.cl  www.google-analytics.com www.googletagmanager.com https://*.hotjar.com www.googleadservices.com *.api.kushkipagos.com *.api-uat.kushkipagos.com api.kushkipagos.com api-uat.kushkipagos.com  *.twilio.com wss://tsock.us1.twilio.com *.linkify.cl *.googleadservices.com *.ads-twitter.com *.licdn.com *.facebook.net *.consensu.org *.openx.net *.rlcdn.com *.adnxs.com *.yahoo.com *.twitter.com *.t.co *.jsdelivr.net https: data: blob:, font-src 'self' fonts.googleapis.com fonts.gstatic.com *.queplan.cl queplan.cl  https: data: blob:; frame-src 'self' *.youtube.com https: data: blob: www.google-analytics.com www.googletagmanager.com; worker-src 'self' *.queplan.cl queplan.cl  https: data: blob:; object-src 'none'; frame-ancestors * 1
default-src 'self'; style-src 'self' 'nonce-3hEiux2cIGyi0XjoD4IePp4UAfgXmowldjIVcgFENn4'; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; script-src 'self'; object-src 'none'; require-trusted-types-for 'script'; base-uri 'self'; frame-src 'self' https://google.com https://www.google.com; frame-ancestors 'self'; form-action 'self'; img-src 'self'; 1
frame-ancestors 'self' *.ikost.com 1
base-uri 'self'; child-src 'self' https://*.nuxeo.io https://*.nuxeocloud.com blob: gap:; frame-src 'self' https://*.nuxeo.io https://*.nuxeocloud.com blob: gap:; connect-src 'self' https://*.civiccomputing.com https://*.visualstudio.com https://*.nuxeocloud.com https://*.tiny.cloud; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://*.tinymce.com/ blob:; media-src 'self'; object-src 'self' https://*.tiny.cloud; plugin-types https://*.tiny.cloud; script-src 'self' https://*.civiccomputing.com https://*.tiny.cloud https://*.tinymce.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.tinymce.com https://*.tiny.cloud 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=Ro7dZgy6rw%2B7PjGH%2FGekxG4OzfgDNiNw1eZJMCBUlGlExj%2BxWDjFHafyZC41tcDVMo%2BQjt%2BUs6e%2B1cczRmKdCQ%3D%3D; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://aviva.co.uk https://2o7.net https://omtrdc.net https://tt.omtrdc.net https://omniture.com https://*.demdex.net https://cookielaw.org https://qualtrics.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://cm.everesttech.net https://assets.adobedtm.com https://edge.adobedc.net https://cdn.decibelinsight.net https://cdn-ukwest.onetrust.com https://collection.decibelinsight.net https://smetrics.aviva.co.uk; style-src 'self' 'unsafe-inline'; img-src data: 'self' https://aviva.co.uk https://cookielaw.org https://cdn-ukwest.onetrust.com; connect-src 'self' https://smetrics.aviva.co.uk https://*.demdex.net https://cookielaw.org https://qualtrics.com https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com wss://cdn.decibelinsight.net wss://collection.decibelinsight.net; font-src 'self'; child-src 'self' https://*.google.com/ https://*.demdex.net; object-src 'self'; media-src 'self'; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: https: 1
default-src 'self'; base-uri 'self'; child-src 'self'; form-action 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; manifest-src 'self' data:; object-src 'self'; script-src-attr 'self'; script-src-elem 'self' 'sha256-WDRaqFUsVVms0ceXv+yyEARM1aNzDNu/Taw77VqWtBU='; style-src 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.rawgit.com *.newrelic.com *.nr-data.net *.mrlender.com *.typekit.net *.facebook.net  *.reviews.co.uk *.mouseflow.com *.google.co.uk *.google.com *.googletagservices.com *.googlesyndication.com *.livechatinc.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.console.glassboxsaas.com *.glassboxdigital.io *.gbqofs.com *.report.gbss.io *.gbqofs.io 1
default-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' *.openstreetmap.org https://cdnjs.cloudflare.com/ajax/libs/flag-icon-css/ https://cdn.jsdelivr.net/gh/lipis/flag-icons/flags/ data:;font-src 'self';worker-src blob:;form-action 'none';frame-ancestors 'none';base-uri 'self';object-src 'none'; script-src 'self' 'unsafe-eval' pro6pp.nl *.pro6pp.nl 6pp.nl *.6pp.nl sentry.io *.sentry.io https://*.appspot.com plausible.d-centralize.nl 'sha256-/6SBPqW+GW+//4nlXX6Y1nR9dWlh0gsQJ6KK71djH6A='; connect-src 'self' sentry.io *.sentry.io pro6pp.nl *.pro6pp.nl 6pp.nl *.6pp.nl https://*.appspot.com plausible.d-centralize.nl mail.d-centralize.nl; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'nonce-MTQxLDE1NywyNDQsMjUwLDMsMTU5LDEwNCwyMDU=' https://discord.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://script.crazyegg.com https://*.website-files.com https://global.localizecdn.com https://cdn.localizeapi.com https://d3e54v103j8qbb.cloudfront.net https://gist.github.com https://unpkg.com/@splinetool/runtime/build/runtime.js https://*.twitter.com https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js https://boards-api.greenhouse.io https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js https://cdn.finsweet.com/files/fscalendar/calendar-invite-v1.0.min.js 'sha256-mjdgHR9aXy-6OwAGlNS_XgNcYG1Uhd2U4pl8vi7-XCY=' 'sha256-gqG2LEZaHDwOL3S_CXJTuk_f3LimTEyruhOc_U0_QUY=' 'sha256-y0oGiuXZdmX7xRABTnY5cbHkfghDqbfX6JoerXLgVJc=' 'sha256-gBzDBwsujjXjXk6GLgdSlLIrvt5h0s3F_qF7Qt8TYwY=' 'sha256-TrY3AqlyKfZdsI3LYsy6u8GAhckLEXeyLcFK2gOe18U=' 'sha256-lVOL-gH47X0Li5QriWNZ69Hcr-71DsXFvGmQxN9TpBw=' 'sha256-j11ZNhk91nmUjPCBAIRcvJeEgnkbdJ9qNqoEMekilec=' 'sha256-1sQ9sTbc6Lumd2Frwf7IBwGG02gPTreTI8QBBW5kibM=' 'sha256-uh1p-Vy3_Cn66Ugk4Hak-gGr2Udg7yiI_5u5E_BdCRM=' 'sha256-7JHgDILwD7i_kvnHwJFF5WsHHmIc98tkBqDqbv47iFE=' 'sha256-KvstP_RIj6GGaE25Mqo-kIO0_WVEls1n5tnNhm8zmPA=' 'sha256-6xIDOlx5P0LKHv8fkot5ULOnB8ySdhjJi5r_ZP5EDPY=' 'sha256-jY_7jWrddtNUb-Y4CFKWaH-R2lrqgm_LAX72E8SLqKw=' 'sha256-MdICB9cW7ILT3ZeSxhN2YlpFxEsn5WHr03Ix-WVpHsw=' 'sha256-fUfByJGhChEFu7PE5HJfFwiYKySnP1H0iXvAxkauLNU=' 'sha256-xjkCDxBOM2TlIn5DpGQM4aJldb4AiHMKlRjfW46l-x0=' 'sha256-VOPfGBY-XgTDMwhG41S5eZyMKlu3gN60suwCPDWZ8MY=' 'sha256-tVeTMYknRG_IAdCHRGlDd9S2bX2_rX0e4HpaP9lgKWY=' 'sha256-kprfDg8ElCpUCFQAX5shnAPf3i59vVTSy02AjZXV3k0=' 'sha256-llLws8TR-U3nNRCIvJNVc-SGscqwyeO1IPgpbnWuZdc=' 'sha256-h9lm4cvrD7egZu1GTAE1h2IDy1K4fXgD-q_O7aEosuw=' 'sha256-_cdQbTQzcfSt2_aCceUvkUmLh1WMdvlKbi1BBG7u8Jg=' 'sha256-U0jHWhsvIpjnwYKeJS_-2pe9ROsYnck5ZB2aXNyKWq8=' 'sha256-rB4G_-e_bAPU7rKI_9HC1lBZ0XEa_nHDH6hXFz4GIh4=' 'sha256-N02bP-slnHB-OYEN6imRqCHcHLN5DvBouRmyO2qcQYU=' 'sha256-QHiY6i8ql9SJTaFXzUhm08ZWuNz0QarKruf0Omd9-OQ=' 'sha256-s4OBHcHJnkGxjEyNJhU5BQt4qlt6MH07rG/j/hFOUnE=' 'sha256-s4OBHcHJnkGxjEyNJhU5BQt4qlt6MH07rG_j_hFOUnE=' 'sha256-mjdgHR9aXy+6OwAGlNS/XgNcYG1Uhd2U4pl8vi7+XCY=' 'sha256-jY/7jWrddtNUb+Y4CFKWaH+R2lrqgm/LAX72E8SLqKw=' 'sha256-lVOL+gH47X0Li5QriWNZ69Hcr+71DsXFvGmQxN9TpBw=' 'sha256-/cdQbTQzcfSt2/aCceUvkUmLh1WMdvlKbi1BBG7u8Jg=' 'sha256-N02bP+slnHB+OYEN6imRqCHcHLN5DvBouRmyO2qcQYU=' 'sha256-gqG2LEZaHDwOL3S/CXJTuk/f3LimTEyruhOc/U0/QUY=' 'sha256-llLws8TR+U3nNRCIvJNVc+SGscqwyeO1IPgpbnWuZdc=' 'sha256-gBzDBwsujjXjXk6GLgdSlLIrvt5h0s3F/qF7Qt8TYwY=' 'sha256-6xIDOlx5P0LKHv8fkot5ULOnB8ySdhjJi5r/ZP5EDPY=' 'sha256-7JHgDILwD7i/kvnHwJFF5WsHHmIc98tkBqDqbv47iFE=' 'sha256-VOPfGBY+XgTDMwhG41S5eZyMKlu3gN60suwCPDWZ8MY='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hcaptcha.com https://hcaptcha.com https://*.website-files.com https://*.githubassets.com; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.facebook.com https://cdn.discordapp.com https://hackerone-api.discord.workers.dev/user-avatars/ https://safety.discord.com https://discordmoderatoracademy.zendesk.com https://assets-global.website-files.com data: https://*.website-files.com https://global.localizecdn.com https://cdn.localizeapi.com https://*.ytimg.com https://uploads-ssl.webflow.com; font-src 'self' https://fonts.gstatic.com https://fonts.gstatic.com https://*.website-files.com https://uploads-ssl.webflow.com; connect-src 'self' https://discordapp.com https://discord.com https://connect.facebook.net https://api.greenhouse.io https://api.github.com https://sentry.io https://www.google-analytics.com https://hackerone-api.discord.workers.dev https://*.hcaptcha.com https://hcaptcha.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location ws://127.0.0.1:* http://127.0.0.1:* https://global.localizecdn.com https://cdn.localizeapi.com https://*.website-files.com https://webflow.com/api/ https://script.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://tracking.crazyegg.com; media-src 'self' https://cdn.discordapp.com/assets/ https://cdn.discordapp.com/promotions/premium-marketing/ https://*.website-files.com; frame-src https://discordapp.com/domain-migration https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://www.youtube.com/embed/ https://hackerone.com/631fba12-9388-43c3-8b48-348f11a883c0/ https://10851314.fls.doubleclick.net/ https://*.twitter.com https://*.vimeo.com; 1
script-src https://www.gstatic.com https://www.googletagmanager.com https://maps.googleapis.com 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-bmV0c3BhcmtlciBydWxlcyA7KQ==' 1
frame-ancestors 'self' https://augustatech.blackboard.com 1
frame-ancestors kinmen.travel www.kinmen.travel pwa.kinmen.travel 'self' 1
default-src 'self' ; script-src-elem 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com ; style-src-elem 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://*.googletagmanager.com ; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com https://maxcdn.bootstrapcdn.com ; img-src * data: ; media-src 'none' ; object-src 'self' ; frame-src https://*.googletagmanager.com https://www.stratapay.com.au ; connect-src 'self' https://maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com ; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloudflareinsights.com https://wisepops.net *.clarity.ms *.wisepops.net *.cdn.wisepops.com *.loader.wisepops.com *.cdn.wisepops.net *.heatmap.it *.wisepops.com https://chimpstatic.com *.boxnow.gr https://api.livechatinc.com https://greca.adman.gr https://cdn.livechatinc.com https://ajax.googleapis.com https://static.adman.gr https://player.vimeo.com *.ubembed.com *.skroutz.gr https://skroutza.skroutz.gr *.zdassets.com/ *.hotjar.com https://apis.google.com https://www.gstatic.com https://z.moatads.com https://s7.addthis.com https://m.addthis.com https://analytics.skroutz.gr https://skroutza.skroutz.gr https://360.bestprice.gr https://www.bestprice.gr https://www.glami.gr https://region1.google-analytics.com https://cdn.stat-track.com/ https://assets.citrusad.net https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://script.crazyegg.com https://go.linkwi.se https://trustmark.gr https://www.youtube.com https://script.crazyegg.com https://insurance.e-satisfaction.gr; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com; object-src 'self'; img-src 'self' data: https://cdn.files-text.com https://stats.g.doubleclick.net https://gtm.aesthet.com https://static.aesthet.com region1.google-analytics.com gtm.aesthet.com region1.analytics.google.com https://*.c.bing.com/ c.bing.com https://googleads.g.doubleclick.net   *.c.bing.com/ https://googleads.g.doubleclick.net *.clarity.ms *.cdn.wisepops.net *.assets.wisepops.net *.cdn.wisepops.com *.googletagmanager.com https://player.vimeo.com https://i.vimeocdn.com/video/  *.vimeo.com *.heatmap.it *.livechat-files.com *.wisepops.com https://greca-obj.adman.gr https://www.aesthet.com https://aesthetnew.staginglh.com https://local.aesthetnew.gr https://aesthetnew.test.devlh.com https://aesthet.com *.cdninstagram.com https://www.glami.gr https://www.facebook.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.google.gr https://www.google.com.tr https://trustmark.gr; font-src 'self' data: https://cdn.livechatinc.com https://fonts.gstatic.com; connect-src 'self' *.clarity.ms   https://googleads.g.doubleclick.net/* *.aesthet.com *.wisepops.com https://wisepops.net https://wisepops.net/my-wisepop *.app.getwisp.co *.tracking.wisepops.com *.wisepops.net *.activity.wisepops.com *.popup.wisepops.com *.google.com https://cdn.livechatinc.com *.googlesyndication.com https://api.livechatinc.com https://vimeo.com https://greca.adman.gr wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com wss://ws8.hotjar.com wss://ws9.hotjar.com wss://ws10.hotjar.com wss://ws11.hotjar.com wss://ws12.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com wss://ws15.hotjar.com wss://ws16.hotjar.com wss://ws17.hotjar.com wss://ws18.hotjar.com wss://ws19.hotjar.com wss://ws20.hotjar.com wss://ws21.hotjar.com wss://ws22.hotjar.com wss://ws23.hotjar.com wss://ws24.hotjar.com wss://ws25.hotjar.com wss://ws26.hotjar.com wss://ws27.hotjar.com wss://ws28.hotjar.com wss://ws29.hotjar.com wss://ws30.hotjar.com wss://ws31.hotjar.com wss://ws32.hotjar.com wss://ws33.hotjar.com wss://ws34.hotjar.com wss://ws35.hotjar.com wss://ws36.hotjar.com wss://ws37.hotjar.com wss://ws38.hotjar.com wss://ws39.hotjar.com wss://ws40.hotjar.com wss://ws41.hotjar.com wss://ws42.hotjar.com wss://ws43.hotjar.com wss://ws44.hotjar.com wss://ws45.hotjar.com wss://ws46.hotjar.com wss://ws47.hotjar.com wss://ws48.hotjar.com wss://ws49.hotjar.com wss://ws50.hotjar.com wss://ws51.hotjar.com wss://ws52.hotjar.com wss://ws53.hotjar.com wss://ws54.hotjar.com wss://ws55.hotjar.com wss://ws56.hotjar.com wss://ws57.hotjar.com wss://ws58.hotjar.com wss://ws59.hotjar.com wss://ws60.hotjar.com wss://ws61.hotjar.com wss://ws62.hotjar.com wss://ws63.hotjar.com wss://ws64.hotjar.com wss://ws65.hotjar.com wss://ws66.hotjar.com wss://ws67.hotjar.com wss://ws68.hotjar.com wss://ws69.hotjar.com wss://ws70.hotjar.com wss://ws71.hotjar.com wss://ws72.hotjar.com wss://ws73.hotjar.com wss://ws74.hotjar.com wss://ws75.hotjar.com wss://ws76.hotjar.com wss://ws77.hotjar.com wss://ws78.hotjar.com wss://ws79.hotjar.com wss://ws80.hotjar.com wss://ws81.hotjar.com wss://ws82.hotjar.com wss://ws83.hotjar.com wss://ws84.hotjar.com wss://ws85.hotjar.com wss://ws86.hotjar.com wss://ws87.hotjar.com wss://ws88.hotjar.com wss://ws89.hotjar.com wss://ws90.hotjar.com wss://ws91.hotjar.com wss://ws92.hotjar.com wss://ws93.hotjar.com wss://ws94.hotjar.com wss://ws95.hotjar.com wss://ws96.hotjar.com wss://ws97.hotjar.com wss://ws98.hotjar.com wss://ws99.hotjar.com *.hotjar.io  *.hotjar.com *.zdassets.com https://www.youtube.com https://www.bestprice.gr https://s7.addthis.com https://m.addthis.com  https://forms.m-pages.com https://t.stat-track.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com; frame-src *; media-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: privacytermsprod.azureedge.net *.ctfassets.net *.googletagmanager.com *.google-analytics.com  *.googletagmanager.com api.ipify.org *.cookielaw.org *.onetrust.com *.moatads.com *.mimecast.com *.adsrvr.org *.pghub.io *.tapad.com *.akamaihd.net consumersupport.pg.com *.bootstrapcdn.com *.force.com *.dynatrace.com *.doubleclick.net *.bazaarvoice.com *.pricespider.com; 1
frame-ancestors 'self'; frame-src 'self' youtube.com *.youtube.com *.pinterest.com *.facebook.com *.robinhq.com *.sleeknote.com *.google.com *.gstatic.com *.googleanalytics.com *.google-analytics.com  *.googletagmanager.com *.googleapis.com; 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; 1
default-src 'self'; script-src 'unsafe-inline' http: https: www.goodcook.com:443 *.newrelic.com *.nr-data.net; style-src 'self' blob: https: 'unsafe-inline' www.goodcook.com:443; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' data: fonts.gstatic.com; frame-src assets.braintreegateway.com *.pinterest.com *.goodcook.com *.youtube-nocookie.com *.youtube.com *.youtu.be *.vimeo.com widget.trustpilot.com *.bazaarvoice.com *.google.com disqus.com eucs24.ksearchnet.com zendesk.com mailerlite.com *.cybersource.com *.hotjar.com *.adsrvr.org *.gomage.dev *.doubleclick.net; connect-src wss: http: https: bam-cell.nr-data.net; 1
default-src 'self';connect-src 'self' mc.yandex.ru yandex.ru *.direct-credit.ru suggestions.dadata.ru *.google-analytics.com *.doubleclick.net media.flixcar.com *.jivosite.com jivosite.com jivo.ru  wss://*.jivosite.com wss://*.jivo.ru *.vsegda-da.com *.2gis.ru *.2gis.com *.sberbank.ru unpkg.com *.jivo.ru qoopler.ru ruperstat.ru *.mail.ru msearch.space *.msearch.space;img-src 'self' data:  *.mega-tehnika.ru yandex.ru *.yandex.ru *.yandex.net *.direct-credit.ru media.flixfacts.com *.flix360.com *.flixcar.com *.google-analytics.com *.doubleclick.net *.google.com *.google.ru *.googletagmanager.com *.google.ch *.google.de *.google.am *.google.com.ua *.google.co.kr *.jivosite.com *.jivo.ru *.pp.credit *.l-kredit.ru *.youtube.com *.2gis.ru *.2gis.com ruperstat.ru *.mail.ru msearch.space *.msearch.space;script-src 'self' 'unsafe-inline' 'unsafe-eval' mc.yandex.ru api-maps.yandex.ru *.direct-credit.ru media.flixfacts.com t.flix360.com media.flixcar.com cdn.jsdelivr.net *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.jivosite.com *.jivo.ru *.pp.credit *.l-kredit.ru yastatic.net *.vsegda-da.com *.2gis.ru *.2gis.com *.sberbank.ru qoopler.ru prostats.info *.onef.pro lpt-crm.online profilepx1.ru *.mail.ru *.msearch.space;style-src 'self' 'unsafe-inline' *.direct-credit.ru *.flixcar.com *.flixfacts.com cdn.jsdelivr.net fonts.googleapis.com *.jivosite.com *.jivo.ru *.msearch.space;font-src 'self' data: *.flixcar.com *.flixfacts.com *.gstatic.com;media-src 'self' *.jivosite.com *.jivo.ru;frame-src 'self' *.youtube.com *.yandex.ru *.yandex.net *.direct-credit.ru *.flixcar.com *.flixfacts.com *.pp.credit *.l-kredit.ru *.jivosite.com *.2gis.ru *.2gis.com *.jivo.ru;report-uri /csp/ 1
upgrade-insecure-requests;     frame-ancestors 'self' *.eizo.de *.eizo.at *.eizo.be *.eizo.cz *.eizo.it *.eizo.nl *.eizo.eu *.eizo.hu *.eizo.lu *.eizo.es *.eizo.ch;     block-all-mixed-content;     report-uri /csp-report.php;     default-src 'self';     script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' *.eizo.de *.eizo.at *.eizo.be *.eizo.cz *.eizo.it *.eizo.nl *.eizo.eu *.eizo.hu *.eizo.lu *.eizo.es *.eizo.ch *.creativecdn.com *.consentmanager.net *.outbrain.com *.google-analytics.com *.googleapis.com *.googletagmanager.com cdn.jsdelivr.net www.paypal.com *.googleadservices.com *.adform.net *.adsrvr.org *.teads.tv *.googletagmanager.com *.doubleclick.net *.google.de *.google.com bat.bing.com unpkg.com *.vimeocdn.com *.youtube.com *.vimeo.com;     style-src 'self' 'unsafe-inline' *.eizo.de *.eizo.at *.eizo.be *.eizo.cz *.eizo.it *.eizo.nl *.eizo.eu *.eizo.hu *.eizo.lu *.eizo.es *.eizo.ch unpkg.com;     object-src 'none';     frame-src 'self' *.creativecdn.com *.doubleclick.net *.googletagmanager.com *.teads.tv *.adsrvr.org *.eizo.de *.eizo.at *.eizo.be *.eizo.cz *.eizo.it *.eizo.nl *.eizo.eu *.eizo.hu *.eizo.lu *.eizo.es *.eizo.ch *.youtube.com *.vimeo.com *.youtube-nocookie.com;     child-src 'self' *.vimeo.com *.youtube.com *.youtube-nocookie.com;     img-src 'self' * data:;     font-src 'self' *.eizo.de *.eizo.at *.eizo.be *.eizo.cz *.eizo.it *.eizo.nl *.eizo.eu *.eizo.hu *.eizo.lu *.eizo.es *.eizo.ch data:;     connect-src 'self' *.mkmediaworks.com *.eizo.de *.eizo.at *.eizo.be *.eizo.cz *.eizo.it *.eizo.nl *.eizo.eu *.eizo.hu *.eizo.lu *.eizo.es *.eizo.ch *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.consentmanager.net connect.facebook.net *.creativecdn.com *.adform.net *.outbrain.com bat.bing.com *.googlesyndication.com *.google-analytics.com *.analytics.google.com *.teads.tv blob: *.googleapis.com *.googletagmanager.com *.g.doubleclick.net *.friendlycaptcha.eu *.friendlycaptcha.com *.vimeo.com *.youtube-nocookie.com *.youtube.com;     manifest-src *.eizo.de *.eizo.at *.eizo.be *.eizo.cz *.eizo.it *.eizo.nl *.eizo.eu *.eizo.hu *.eizo.lu *.eizo.es *.eizo.ch 'self';     base-uri 'self';     form-action 'self' https://www.paypal.com https://*.list-manage.com https://ipayment.de https://www.saferpay.com;     media-src 'self' *.eizo.de *.eizo.at *.eizo.be *.eizo.cz *.eizo.it *.eizo.nl *.eizo.eu *.eizo.hu *.eizo.lu *.eizo.es *.eizo.ch *.vimeo.com vimeo.com *.youtube.com;     worker-src 'self' blob:;      1
default-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' blob: *; style-src 'unsafe-inline' *; object-src 'self'; font-src 'self' data: *; connect-src *; img-src 'self' data: *; frame-src *; media-src *; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' *.intuit.com intuit.com *.quickbooks.com quickbooks.com *.square.com square.com *.squareupstaging.com squareupstaging.com *.squareup.com squareup.com *.bambee.com bambee.com *.gusto.com gusto.com *.netsuite.com netsuite.com *.dripos.com dripos.com *.enkempass.com enkempass.com *.miter.com miter.com *.eddy.com eddy.com *.housecallpro.com housecallpro.com *.monograph.com monograph.com *.joinwarp.com joinwarp.com *.central.inc central.inc *.7shifts.com 7shifts.com *.belfrysoftware.com belfrysoftware.com *.plane.com plane.com *.tryplayground.com tryplayground.com *.getthera.com getthera.com *.keka.com *.kekad.com *.kekauat.com *.kekastage.com *.kekademo.com *.lumberfi.com lumberfi.com *.checkhq.com checkhq.com; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri https://simplyinsured.report-uri.com/r/d/csp/enforce 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://drift.skb.net https://park.skb.net https://pen.skb.net https://tri.skb.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data:; frame-src 'self' https://park.skb.net https://pen.skb.net https://aweucn1.advanced-web-analytics.com https://www.skb.si; font-src fonts.gstatic.com data:; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; report-uri /report/send; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; frame-ancestors 'self' https: ; object-src 'none'; 1
default-src  'self' *.fg.cz localhost localhost-promo;font-src  'self' data: fonts.gstatic.com *.fg.cz localhost localhost-promo *.zopim.com;connect-src  'self' *.google.com *.googleapis.com *.googletagmanager.com *.analytics.google.com *.google-analytics.com *.googleadservices.com c.imedia.cz *.fg.cz *.bileto.com *.zdassets.com arrivacz.zendesk.com *.zopim.com wss://*.zopim.com *.doubleclick.net *.instagram.com arriva.daktela.com *.googlesyndication.com;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.fg.cz *.facebook.net *.bileto.com *.arriva.cz *.issuu.com *.zdassets.com cdnjs.cloudflare.com arrivacz.zendesk.com *.zopim.com *.instagram.com arriva.daktela.com *.doubleclick.net *.seznam.cz *.imedia.cz;form-action  'self' *.fg.cz *.facebook.com;frame-src  'self' www.youtube.com www.googletagmanager.com *.fg.cz *.issuu.com *.zdassets.com arrivacz.zendesk.com *.zopim.com *.google.com *.facebook.com *.doubleclick.net;worker-src  'self' www.youtube.com www.googletagmanager.com *.fg.cz *.issuu.com *.zdassets.com arrivacz.zendesk.com *.zopim.com *.google.com *.facebook.com *.doubleclick.net;frame-ancestors  'self' *.fg.cz;img-src  'self' data: blob: *.google.com *.google.cz *.gstatic.com *.googleapis.com *.googlecode.com *.googletagmanager.com *.google-analytics.com *.fg.cz *.doubleclick.net *.facebook.com *.bileto.com *.zopim.com *.instagram.com *.cdninstagram.com *.fbcdn.net *.openstreetmap.org *.openrailwaymap.org *.seznam.cz;style-src  'self' 'unsafe-inline' *.googleapis.com *.google.com *.fg.cz *.gstatic.com *.googletagmanager.com;object-src  'self' *.fg.cz 1
default-src 'self'; script-src 'self'; frame-ancestors 'self'; object-src 'self'; base-uri 'self'; require-trusted-types-for 'script'; connect-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; 1
base-uri 'none'; default-src 'self'; style-src 'self' 'nonce-8b4d8e3afa33af7044901dd0560650aa' fonts.googleapis.com static.sooqr.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: www.google-analytics.com region1.google-analytics.com pixel.sooqr.com maps.googleapis.com www.google.com maps.gstatic.com www.toegankelijkheidsverklaring.nl; script-src 'self' 'nonce-8b4d8e3afa33af7044901dd0560650aa' www.google-analytics.com region1.google-analytics.com static.sooqr.com dynamic.sooqr.com maps.googleapis.com; connect-src 'self' maps.googleapis.com www.google-analytics.com region1.google-analytics.com cognito-identity.eu-central-1.amazonaws.com firehose.eu-central-1.amazonaws.com; form-action 'self' digid.nl secure.ogone.com; frame-src 'self' www.youtube.com www.google.com kaarten.veldhoven.nl; frame-ancestors 'self'; 1
frame-ancestors 'self' nefkens.uwdatamotive.nl www.nefkens.nl; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.bing.com https://*.optimalworkshop.com https://tally.so https://*.tally.so https://*.clarity.ms https://honolulu.emuseum.com https://honolulumuseum.org https://*.honolulumuseum.org https://www.gstatic.com https://*.google.com https://www.googletagmanager.com https://www.google-analytics.com https://*.recaptcha.net https://*.hotjar.com https://www.youtube.com https://connect.facebook.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.queue-it.net https://*.tbdine.com https://region1.analytics.google.com; frame-src 'self' https://tally.so https://*.tally.so https://*.recaptcha.net https://honolulu.emuseum.com https://honolulumuseum.org https://*.honolulumuseum.org https://*.afterdigital.io https://w.soundcloud.com https://www.google.com https://vars.hotjar.com https://www.youtube.com https://player.vimeo.com https://www.facebook.com https://transaction.hostedpayments.com https://certtransaction.hostedpayments.com https://*.afterdigital.io https://*.afterdigital.uk https://skyway.honolulumuseum.org https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.tbdine.com; connect-src 'self' https://tally.so https://*.tally.so https://*.clarity.ms https://region1.analytics.google.com https://api.ipify.org https://honolulu.emuseum.com https://honolulumuseum.org https://*.honolulumuseum.org https://*.sentry.io https://stats.g.doubleclick.net https://*.google-analytics.com https://services.postcodeanywhere.co.uk https://api.addressy.com https://skyway.honolulumuseum.org https://*.afterdigital.uk https://*.afterdigital.io https://vc.hotjar.io wss://*.hotjar.com https://*.hotjar.com; img-src 'self' https://tally.so https://*.tally.so https://*.clarity.ms https://honolulu.emuseum.com https://honolulumuseum.org https://*.honolulumuseum.org https://*.cdninstagram.com https://*.afterdigital.uk https://*.afterdigital.io https://t-bridge.s3.eu-west-1.amazonaws.com https://skyway-us-cms-assets.s3.us-east-2.amazonaws.com https://us-skyway-cms-assets.s3.us-east-2.amazonaws.com https://www.google-analytics.com https://www.instagram.com https://*.doubleclick.net https://www.google.com https://www.google.co.uk; font-src 'self' 'unsafe-inline' data: 1
default-src https: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' https://fonts.googleapis.com/ https://services.postcodeanywhere.co.uk/ 'unsafe-inline'; img-src * 'self' data: https:; 1
frame-ancestors 'self'; form-action 'self'; object-src 'none'; base-uri 'none'; block-all-mixed-content; upgrade-insecure-requests; connect-src 'self' https:; 1
default-src 'self'; style-src 'self' 'unsafe-inline' comment.bitstorm.org; script-src 'self' 'unsafe-inline' comment.bitstorm.org data.bitstorm.org sentry.io; connect-src 'self' wss://comment.bitstorm.org comment.bitstorm.org data.bitstorm.org; img-src * data:; frame-src 'self'; object-src 'none'; report-uri https://sentry.io/api/1375377/security/?sentry_key=37a44af6812a48e58322a30492ab7025 1
img-src data: https://cdn.cookielaw.org/ https://webanalytics.inera.se/ https://*.inviewer.se/ 'self'; connect-src https://cdn.cookielaw.org/ https://webanalytics.inera.se/ 'self'; script-src https://cdn.cookielaw.org/ https://dl.episerver.net/ https://webanalytics.inera.se/ 'report-sample' 'sha256-3/mNUpqF9X/gMYE+bOG6g8d6I32wdYdWwWuAk90mPCM=' 'sha256-KdrksQVVfPWUX99NitlEt4ABdXZmgoZpezLqt68xrRU=' 'sha256-NBS7EduG2pL/l2J3FKVM//a6/tkbjRXCbg6q7vBX/JQ=' 'sha256-9nbqryG6r8ah9AReuQJKTzRXvO4bc5sLyPTD9Ybevj8=' 'sha256-laWjrqJThFpSbf4H+IwSnwccrjKHaVCE1bYgwmmXevg=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-XgLmW8WPko07g266IWjJcuRxC60fNdY/+PeN0bnJvoI=' 'self'; frame-src https://play.mediaflowpro.com/ https://dreambroker.com/ https://play.mediaflow.com/; style-src 'report-sample' 'unsafe-inline' 'self'; style-src-attr 'report-sample' 'unsafe-inline'; style-src-elem 'report-sample' 'unsafe-inline' 'self'; object-src 'none'; base-uri 'self'; worker-src 'self'; manifest-src 'self'; media-src 'self'; form-action 'self'; child-src 'self'; frame-ancestors 'self'; report-uri https://www.vardhandboken.se/api/v1/csp/report; font-src data: 'self'; upgrade-insecure-requests ; default-src 'self'; report-to csp-endpoint 1
default-src 'unsafe-inline' *; img-src 'unsafe-inline' *; media-src 'self'; script-src 'self' www.forums.gardengatemagazine.com www.forums.woodnet.net forums.woodnet.net www.googletagservices.com www.googletagmanager.com securepubads.g.doubleclick.net cdn.ampproject.org tpc.googlesyndication.com secure.augusthome.com images.ahpc.us adservice.google.com connect.facebook.net; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://use.typekit.net *; font-src 'self' data: *; form-action 'self' *; frame-ancestors 'self'; reflected-xss block; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; 1
default-src 'unsafe-eval' 'unsafe-inline' https://www.bancofie.com.bo https: blob:; style-src 'unsafe-inline' https:; frame-src https://www.bancofie.com.bo https://www.facebook.com https://docs.google.com https://www.google.com https://maps.google.com https://logo.prismasystems.com.ar https://www.youtube.com; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' https://www.bancofie.com.bo https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://docs.google.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://logo.prismasystems.com.ar https://unruffled-shannon-1a7413.netlify.app https://www.youtube.com blob:; img-src 'unsafe-inline' data: https: blob:; worker-src * 'self' blob:; font-src 'self' data: 1
default-src 'none'; frame-ancestors 'self' *.bluemod.me *.truliantfcu.org *.truliantfcu.org:8443; object-src data: 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.truliantfcu.org *.google.com maps.googleapis.com *.quantcount.com *.doubleclick.net *.newrelic.com js.adsrvr.org *.quantserve.com www.googleadservices.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com fonts.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.poshdevelopment.com https://apps.mypurecloud.com *.cloudfront.net *.mouseflow.com *.inmarkethub.com *.sitescout.com *.amazon-adsystem.com widgets.hive.genesys.com *.ads-twitter.com connect.facebook.net *.youtube.com; connect-src 'self' *.truliantfcu.org *.doubleclick.net *.mouseflow.com www.google-analytics.com api.poshdevelopment.com/api/ dev.poshdevelopment.com/api/ *.googleapis.com; img-src 'self' placeimg.com www.facebook.com t.co analytics.twitter.com *.truliantfcu.org *.doubleclick.net *.gstatic.com *.googleapis.com www.google-analytics.com *.quantserve.com www.google.com *.youtube.com *.mouseflow.com *.inmarkethub.com *.sitescout.com *.amazon-adsystem.com *.googletagmanager.com data:  *.ytimg.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.truliantfcu.org fonts.googleapis.com agentchat.truliantfcu.org; base-uri 'self'; form-action 'self' *.truliantfcuonline.org *.truliantfcu.org; frame-src 'self' *.truliantfcu.org *.doubleclick.net *.mouseflow.com *.newrelic.com *.adsrvr.org truliantfcu.locatorsearch.com truliantfcu.locatorsearch.net *.hcdigital.com www.youtube.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ *.poshdevelopment.com https://apps.mypurecloud.com *.amazon-adsystem.com https://truliantcareers.hua.hrsmart.com/; media-src 'self' *.youtube.com 1
connect-src 'self' https://otlp.bugsnag.com https://aicdn.picsart.com https://api.picsart.io wss://ws.hotjar.com https://measurement-api.criteo.com https://k.clarity.ms  https://www.google-analytics.com https://www.shareaholic.net https://cdn.openshareweb.com https://pearblog.wpengine.com https://ct.pinterest.com https://erk.zdassets.com https://*.hotjar.com https://content.hotjar.io https://analytics.tiktok.com https://n.clarity.ms https://t.clarity.ms https://*.shareaholic.com https://ekr.zdassets.com https://maps.googleapis.com wss://widget-mediator.zopim.com https://cdn.tiny.cloud https://ds-us-1.azureedge.net https://*.sharethis.com https://*.zendesk.com https://*.cardsdirect.com https://image.cardsdirect.com https://image.brookhollowcards.com https://image.123print.com https://image.usgacardshop.com https://image.peartree.com https://ekr.zdassets.com https://widget.usersnap.com;default-src 'self' https://*.cardsdirect.com https://static.zdassets.com https://www.google.com; frame-src 'self' https://gleam.io https://ct.pinterest.com https://td.doubleclick.net https://*.sharethis.com https://*.criteo.com https://*.secure.orders.com https://secure.orders.com https://static.criteo.net https://*.cardsdirect.com https://www.google.com https://widget.trustpilot.com https://www.facebook.com https://www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *;img-src 'self' data: *; font-src 'self' https://*.wpengine.com https://cdn.icomoon.io https://cdn.openshareweb.com https://fonts.gstatic.com https://d1azc1qln24ryf.cloudfront.net;object-src 'none';script-src-elem 'self' 'unsafe-inline' * 1
upgrade-insecure-requests;frame-ancestors 'self' https:; object-src 'self' icims.com; 1
frame-ancestors 'self' *.corelight.com https://corelight.com https://www.corelight.com;; upgrade-insecure-requests 1
default-src 'unsafe-inline' 'unsafe-eval' blob: data: *.gegridsolutions.com think-grid.org http://*.think-grid.org *.think-grid.org www.gedigitalenergy.com https://appdash.gedigitalenergy.com *.bootstrapcdn.com *.googletagmanager.com *.googlesyndication.com *.addthis.com snap.licdn.com *.linkedin.com *.jabmo.app api.ipify.org secure.adnxs.com *.cloudfront.net *.evidon.com *.6sc.co *.sharethis.com platform.twitter.com *.google-analytics.com *.analytics.google.com analytics.google.com *.marketo.net *.marketo.com *.adobedtm.com cm.everesttech.net *.demdex.net c.sharethis.mgr.consensu.org *.mktoutil.com *.mktoresp.com gepowerandwater.tt.omtrdc.net gepowerandwater.d2.sc.omtrdc.net z.moatads.com v1.addthisedge.com www.googleadservices.com *.doubleclick.net www.google.com connect.facebook.net www.facebook.com p.adsymptotic.com citia.com *.youtube.com addsearch.com *.addsearch.com *.searchcdn.com www.mygegrid.com *.cloudflare.com *.cdntwrk.com *.uberflip.com *.zencdn.net *.jsdelivr.net *.jquery.com dqm.crownpeak.com *.googleapis.com *.crownpeak.net *.gstatic.com http://*.cloudfront.net https://*.cloudfront.net export.highcharts.com *.webflow.com https://www.youtube.com dfjwbjdffd4z4.cloudfront.net https://ssl.p.jwpcdn.com player.vimeo.com *.vimeocdn.com https://cdn.linkedin.oribi.io https://siteimproveanalytics.com *.siteimproveanalytics.io https://*.hotjar.com wss://*.hotjar.com https://*.bing.com https://*.hotjar.io https://*.clarity.ms *.addtoany.com https://*.elfsight.com https://*.elfsightcdn.com https://*.gevernova.com; frame-ancestors 'self' https://www.gegridsolutions.com https://resources.gegridsolutions.com resources.grid.gevernova.com http://resources.grid.gevernova.com https://appdash.gedigitalenergy.com https://*.gevernova.com; object-src 'self'; form-action 'self' https://www.gegridsolutions.com https://*.gevernova.com https://resources.gegridsolutions.com resources.grid.gevernova.com http://resources.grid.gevernova.com export.highcharts.com http://export.highcharts.com https://dqm.crownpeak.com; report-to 'none' 1
script-src 'unsafe-eval' 'unsafe-hashes' *.content.allianzpartnerservices.com https://connect.facebook.net https://www.google.com/recaptcha/api.js https://facebook.com https://cdn.cookielaw.org https://onetrust.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self' 'unsafe-inline'; worker-src 'self'; script-src-elem 'self' 'unsafe-inline' https://content.allianzpartnerservices.com https://maxcdn.bootstrapcdn.com https://s3.amazonaws.com https://cdn.cookielaw.org  https://onetrust.com https://privacyportal.onetrust.com https://connect.facebook.net https://www.gstatic.com https://www.google-analytics.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://www.googleadservices.com; 1
default-src 'self' www.google-analytics.com *.googleapis.com; script-src 'self' *.government.bg *.nksoftware.net *.youtube.com *.googletagmanager.com *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.government.bg *.nksoftware.net *.youtube.com *.googleapis.com 'unsafe-inline';style-src-elem 'self' *.government.bg *.nksoftware.net *.googleapis.com 'unsafe-inline';img-src 'self' *.government.bg *.nksoftware.net *.youtube.com *.googletagmanager.com *.gstatic.com *.google.com *.googleapis.com *.google-analytics.com data:;font-src 'self' *.government.bg *.googleapis.com *.gstatic.com data:; base-uri 'self'; form-action 'self'; frame-src 'self' *.cdn.bg sportenkalendar.bg *.google.com *.gstatic.com *.government.bg *.youtube.com rtsp.me e.pcloud.link;manifest-src 'self';frame-ancestors 'self'; 1
report-uri https://csp-report.ems-prd.mgnlsw.com/reports; default-src 'self' 'unsafe-eval' 'unsafe-inline' ws: blob: data: ad.doubleclick.net commondatastorage.googleapis.com manifest.prod.boltdns.net xd0.serverdomain.org a.clarity.ms a.rfihub.com ad.doubleclick.net ad.sxp.smartclip.net ade.googlesyndication.com ads-engagement.presage.io adservice.google.com aim-tag.hcn.health ajax.googleapis.com amplify.outbrain.com analytics.google.com analytics.tiktok.com analytics.twitter.com api.highdataanalytics.com api.ipify.org api.lapis-analytics.com api.privacy-protector-adblocker.com api.rabatta.app api.retargetly.com api.socialsolutionapp.com api.solarspireconsulting.com api.userway.org assets.map.brightcove.com assistant.woorank.com atopiker.prelivereview.co.uk authenticate.ibotta.com az416426.vo.msecnd.net b.clarity.ms bam.nr-data.net bat.bing.com bcbolt446c5271-a.akamaihd.net beacon.deepintent.com bh.contextweb.com block.opendns.com c.bing.com c.clarity.ms c1.rfihub.net cases.meduniverse.com cdn-icons-png.flaticon.com cdn-uicons.flaticon.com cdn.boomtrain.com cdn.conative.de cdn.cookielaw.org cdn.di-capt.com cdn.exchmapdata.com cdn.honey.io cdn.jsdelivr.net cdn.leanlibrary.app cdn.mathjax.org cdn.megabonus.com cdn.mouseflow.com cdn.scite.ai cdn.segment.com cdn.userway.org cdn1.iconfinder.com cdn77.api.userway.org cdnjs.cloudflare.com centri.dermatopia.it cf-images.us-east-1.prod.boltdns.net clientstream.launchdarkly.com cm.g.doubleclick.net cms.analytics.yahoo.com code.jquery.com connect.facebook.net conoret.com content.vaccininfo.se cookieless-campaign.prd-00.retargetly.com crescendoc.wufoo.com ct.pinterest.com d.clarity.ms d1lkfzu2puirk6.cloudfront.net d1lqe9temigv1p.cloudfront.net d1v9u0bgi1uimx.cloudfront.net d2auwyhirucld7.cloudfront.net d2u92cqafxf20o.cloudfront.net d29usylhdk1xyu.cloudfront.net data1.aligoram.com data1.bemitch.com data1.ilipol.com data1.scopich.com datenschutz.sanofi.de dc.services.visualstudio.com delivery.contentbird-convert.com dev.visualwebsiteoptimizer.com di.rlcdn.com dpm.demdex.net e.clarity.ms edge.api.brightcove.com embed.typeform.com embed.xircles.com events.api.boomtrain.com extend.vimeocdn.com f.clarity.ms fast.fonts.net fonts.googleapis.com fonts.googleapis.com fonts.gstatic.com foodin.site form.typeform.com form.typeform.com gateway.id.swg.umbrella.com gateway.zscloud.net geolocation.onetrust.com get663.com go.affec.tv googleads.g.doubleclick.net h.clarity.ms html2canvas.hertzen.com hublosk.com i.clarity.ms i.vimeocdn.com ib.adnxs.com id.rlcdn.com infimv.com insight.adsrvr.org interaktiv.contilla.de j.clarity.ms jonypractic.net js-agent.newrelic.com js.adsrvr.org js.pulseinsights.com jullyambery.net k.clarity.ms ka-f.fontawesome.com killongers.com kit.fontawesome.com l.clarity.ms l.facebook.com letscast.fm live.rezync.com luxins.net m.clarity.ms manifest.prod.boltdns.net map.brightcove.com map.go.affec.tv maps.googleapis.com maps.googleapis.com maps.gstatic.com maps.gstatic.com match.adsrvr.org match.deepintent.com mc.yandex.by mc.yandex.com mc.yandex.kz mc.yandex.ru mein.sanofi.de metrics-dre.dt.dbankcloud.cn metrics.articulate.com metrics.brightcove.com metrics.hotjar.io mozbar.moz.com n.clarity.ms o.clarity.ms outlook.office.com overbridgenet.com p.clarity.ms p.typekit.net p1.parsely.com pagead2.googlesyndication.com pdp-service-v2.prd-00.retargetly.com pdp-service.retargetly.com people.api.boomtrain.com picsum.photos pixel.mathtag.com pixel.rubiconproject.com placehold.co plausible.io player.vimeo.com players.brightcove.net players.brightcove.net pos.baidu.com privacyportal-de.onetrust.com pro.campus.sanofi productinfoapi-dms.sanofi.de protect-de.mimecast.com px.adentifi.com px.ads.linkedin.com quilt-cdn.janrain.com r.clarity.ms region1.analytics.google.com region1.google-analytics.com restful-service.doceree.com rialto-gms.s3.amazonaws.com rpxnow.com s-usc1a-nss-2032.firebaseio.com s.clarity.ms s.pinimg.com s.w.org s.yimg.com s3.amazonaws.com s3.us-west-2.amazonaws.com safe.menlosecurity.com sanofi-japan.us.janrainsso.com sanofi.us.janrainsso.com sanofidigital.iad1.qualtrics.com sc-static.net script.hotjar.com secure.adnxs.com secure.wufoo.com servedbydoceree.doceree.com simage2.pubmatic.com siteintercept.qualtrics.com snap.licdn.com sp.analytics.yahoo.com spoppe-b.azureedge.net ssbsync.smartadserver.com static.ads-twitter.com static.hotjar.com static.wufoo.com static.zip.co static2.sharepointonline.com stats.g.doubleclick.net survey.pulseinsights.com sync-tm.everesttech.net sync.crwdcntrl.net sync.navdmp.com sync.smartadserver.com sync2.navdmp.com t.clarity.ms t.co tafopo.navahididi.com tag.demandbase.com tags.srv.stackadapt.com td.doubleclick.net td.doubleclick.net thrtle.com tr.contextweb.com tr.outbrain.com tr.snapchat.com translate-pa.googleapis.com translate.googleapis.com trc.lhmos.com trc.taboola.com trotjidayo-1.algolianet.com trotjidayo-2.algolianet.com trotjidayo-3.algolianet.com trotjidayo-dsn.algolia.net u.clarity.ms ubaslome.maynhtml.com undefined unpkg.com ups.analytics.yahoo.com urldefense.proofpoint.com use.fontawesome.com v.clarity.ms via.placeholder.com viewlicense.adobe.io vjs.zencdn.net vk.com w.clarity.ms wave.outbrain.com wellsfargo.okta.com wellsfargoprod.prod.fire.glass www.clarity.ms www.discoverfabry.com www.facebook.com www.google-analytics.com www.google-analytics.com www.google.ae www.google.al www.google.am www.google.as www.google.az www.google.ba www.google.be www.google.by www.google.ca www.google.ch www.google.ci www.google.cm www.google.cn www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.za www.google.com www.google.com.af www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bo www.google.com.br www.google.com.co www.google.com.cy www.google.com.gi www.google.com.gt www.google.com.kw www.google.com.lb www.google.com.mm www.google.com.mx www.google.com.na www.google.com.ni www.google.com.om www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sg www.google.com.sl www.google.com.tj www.google.com.tr www.google.com.ua www.google.com.uy www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.jo www.google.li www.google.lk www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mu www.google.pl www.google.ps www.google.ro www.google.rs www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.st www.google.tn www.googleadservices.com www.googletagmanager.com www.medley.com.br www.medtargetsystem.com www.pagespeed-mod.com www.sanofi.us www.understandingtype2inflammation.com www.woorank.com www.youtube-nocookie.com www.youtube.com y.clarity.ms yandex.ru mymedleyapi.firebaseio.com s-usc1a-nss-2032.firebaseio.com s-usc1a-nss-2042.firebaseio.com ws.hotjar.com trotjidayo-1.algolianet.com trotjidayo-3.algolianet.com trotjidayo-2.algolianet.com trotjidayo-dsn.algolia.net vimeo.com iguazu.co.uk sanofi-privacy.my.onetrust.com *.brightcovecdn.com widget-cdn.janrain.com www.gstatic.com sanofi.eu.janraincapture.com www.line-events.de web-chat.global.assistant.watson.appdomain.cloud integrations.eu-de.assistant.watson.appdomain.cloud 8188202.fls.doubleclick.net 12126648.fls.doubleclick.net 20848656p.rfihub.com api2.consultaremedios.com.br cdn.jsdelivr.net cdn.popupsmart.com cdnjs.cloudflare.com centri.dermatopia.it content.hotjar.io extend.vimeocdn.com id.rlcdn.com live.rezync.com privacyportal-eu.onetrust.com region1.google-analytics.com s.company-target.com ws.hotjar.com www.google-analytics.com www.google.com.ph www.google.no znekhcmc1yxrya9gm-sanofidigital.siteintercept.qualtrics.com www-kevzara-com.dup-prd.mgnlsw.com; 1
default-src 'self' data:; script-src plausible.farid.top 'self' 'unsafe-inline' static.cloudflareinsights.com; connect-src plausible.farid.top 'self'; img-src 'self' https: http: data:; style-src 'self' 'unsafe-inline'; frame-src http: https:; 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' https://a.cms.omniupdate.com; font-src * data:; 1
default-src 'self' blob: https://*.lrs.com:* http://*.lrs.com:*; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' blob: *; child-src 'self' blob: *; frame-src 'self' *; object-src 'self' *; img-src *.google-analytics.com 'self' data: blob: *; media-src 'self' data: blob: *; font-src 'self' data: *; connect-src *.google-analytics.com 'self' data: *; frame-ancestors 'self' https://*.lrs.com:* http://*.lrs.com:*; 1
base-uri 'self';object-src 'self' blob:;report-uri https://docs.google.com/presentation/cspreport;script-src 'report-sample' 'nonce-gzcPWWVzVM4C8PuVHk4roA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';worker-src 'self' blob: 1
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: dlswbr.baidu.com *.map.baidu.com *.bdimg.com bdimg.share.baidu.com res.wx.qq.com pucha.kaipuyun.cn dcs.conac.cn webservice.coolwei.com www.gov.cn zfwzgl.www.gov.cn *.powereasy.net; object-src 'self' 1
img-src 'self' data: https://newretailwebsite.s3.ap-southeast-1.amazonaws.com/ https://*.facebook.net/ https://*.facebook.com/; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com www.google-analytics.com 'unsafe-eval' https://*.googleapis.com/ https://www.google.com/ https://*.gstatic.com/ https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ https://*.facebook.net/ https://*.facebook.com/ https://*.site24x7rum.com/ https://*.tiktok.com/; 1
upgrade-insecure-requests;         frame-ancestors 'self' https://*.schaeffler.com; img-src 'self' https://maps.googleapis.com         https://maps.gstatic.com https://cdn.cookielaw.org https://www.schaeffler.com         https://*.schaeffler-cdn.com https://*.linkedin.com https://www.facebook.com         https://www.google-analytics.com https://www.google.com https://www.google.de         https://www.googletagmanager.com https://*.fbcdn.net https://*.twimg.com/         https://*.ytimg.com https://*.ggpht.com/ https://*.licdn.com         https://userlike-cdn-operators.userlike.com https://cdn.socialstudio.radian6.com          https://media-aftermarket.schaeffler.com         https://sch-cor-website-cdn-stage.mishost.ch https://sch-cor-website-cdn-live.mishost.ch https://www.eqs.com data:         blob:; 1
frame-ancestors 'self' *.ally.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com apis.google.com cdn.onesignal.com use.typekit.net cdn.cookiehub.eu eu2.snoobi.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.typekit.net cdn.cookiehub.eu dash.cookiehub.com; font-src 'self' fonts.gstatic.com use.typekit.net; img-src 'self' data: analytics.fcgtalent.fi p.typekit.net i.ytimg.com dreambroker.com 1
media-src 'self' https://*.webservices.mozgcp.net; script-src 'self' https://*.mozilla.org https://*.webservices.mozgcp.net https://*.google-analytics.com https://*.googletagmanager.com https://pontoon.mozilla.org https://*.jsdelivr.net; img-src 'self' blob: data: https://*.mozaws.net https://*.webservices.mozgcp.net https://*.google-analytics.com https://profile.accounts.firefox.com https://firefoxusercontent.com http://www.gravatar.com https://www.gravatar.com https://secure.gravatar.com https://i1.wp.com https://mozillausercontent.com; default-src 'none'; font-src 'self' https://*.webservices.mozgcp.net; manifest-src https://support.allizom.org https://support.mozilla.org; form-action 'self' https://accounts.firefox.com https://accounts.stage.mozaws.net; style-src 'self' https://*.webservices.mozgcp.net https://*.jsdelivr.net; frame-src 'self' https://*.youtube.com; connect-src 'self' https://*.google-analytics.com https://location.services.mozilla.com https://accounts.firefox.com/metrics-flow https://accounts.stage.mozaws.net/metrics-flow https://basket.mozilla.org https://releases.wagtail.org 1
default-src 'self' https://api-adresse.data.gouv.fr; block-all-mixed-content; font-src 'self' data:; frame-src 'self' blob:; img-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 1
default-src 'self' img-src 'self' blob: data: *.publishing.one *.vimeo.com *.googleusercontent.com unpkg.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.google.de *.google.ch *.siteimprove.com *.jsdelivr.net siteimproveanalytics.com *.peoplexs.com *.cloudflare.com *.rawgit.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.unsplash.com *.newsletter2go.com *.solique.ch *.global.siteimproveanalytics.io *.raisenow.com *.raisenow.io *.licdn.com *.ads-twitter.com *.twitter.com https://t.co *.facebook.net *.facebook.com *.linkedin.com *.linkedin.oribi.io *.doubleclick.net *.legal-cdn.com 'unsafe-eval' 'unsafe-inline' data:; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *; frame-src blob: *; 1
frame-ancestors 'self' cfn.mykronos.com *.cfn.mykronos.com 1
default-src 'self' www.sherwin.com.ar www.sherwin.com.br www.google.com www.youtube.com; script-src 'self' connect.facebook.net www.google.com www.gstatic.com cdnjs.cloudflare.com maps.googleapis.com code.jquery.com cdn.jsdelivr.net fonts.googleapis.com prism.sherwin-williams.com www.googletagmanager.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval' blob:; font-src 'self' fonts.googleapis.com fonts.gstatic.com use.fontawesome.com data:; connect-src 'self' blob: maps.googleapis.com prism.sherwin-williams.com sherwin.scene7.com api.sherwin-williams.com analytics.google.com www.google-analytics.com stats.g.doubleclick.net; img-src 'self' blob: maps.googleapis.com connect.facebook.net www.facebook.com i.ytimg.com maps.gstatic.com www.google.com.co prism.sherwin-williams.com cdnjs.cloudflare.com sherwin.scene7.com www.sherwin.com.br www.googletagmanager.com www.google-analytics.com secure.gravatar.com www.sherwin.com.ar a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org data:; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com prism.sherwin-williams.com fonts.googleapis.com use.fontawesome.com 'unsafe-inline'; base-uri 'self';form-action 'self'; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://maps.googleapis.com https://forms.hsforms.com https://js.hsforms.net https://www.youtube.com https://player.vimeo.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://www.googletagmanager.com https://www.google-analytics.com https://analytics.rubensteintech.com https://kit.fontawesome.com https://cc.cdn.civiccomputing.com https://siteimproveanalytics.com https://static.srcspot.com/libs/mullins.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://view.ceros.com/scroll-proxy.min.js ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://hello.myfonts.net https://cloud.typography.com/ ; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://clapi.civiccomputing.com https://google-analytics.com https://vimeo.com https://noembed.com https://stats.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://maps.gstatic.com https://maps.googleapis.com https://cdn.plyr.io https://www.google-analytics.com/ https://forms.hubspot.com https://analytics.rubensteintech.com https://ka-f.fontawesome.com https://apikeys.civiccomputing.com ; font-src 'self' data: https://fonts.gstatic.com https://ka-f.fontawesome.com ; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://61281933.global.siteimproveanalytics.io https://analytics.google.com https://google-analytics.com data: blob: https://i.vimeocdn.com https://i.ytimg.com https://f.hubspotusercontent30.net https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://track.hubspot.com https://www.google-analytics.com https://forms.hsforms.com https://pillsburylaw.vuturevx.com ; frame-src 'self' mailto: https://mail.google.com/ https://cdn.yoshki.com blob: https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://www.podbean.com https://app.powerbi.com https://www.google.com/ https://view.ceros.com/ https://player.captivate.fm/ ; worker-src 'self' blob: ; media-src 'self' data: https://vimeo.com https://www.youtube.com ; frame-ancestors 'self' ; object-src 'self' ; 1
default-src 'self' https://*.upbatam.ac.id; style-src 'unsafe-inline' 'self' https://*.upbatam.ac.id https://www.google.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://api.jooble.org https://*.tiktokcdn.com https://*.ttwstatic.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.upbatam.ac.id https://cdnjs.cloudflare.com https://*.google.com https://*.google.co.id https://ajax.googleapis.com https://*.googlesyndication.com https://*.googleadservices.com https://api.jooble.org https://*.amazonaws.com https://www.tiktok.com https://*.tiktokcdn.com https://*.ttwstatic.com https://*.ibytedtos.com https://*.elfsight.com https://*.youtube.com; img-src 'self' data: https://*.upbatam.ac.id https://*.google.com https://www.googleapis.com https://*.googlesyndication.com https://i.ytimg.com https://ssl.gstatic.com https://yt3.ggpht.com; font-src 'self' https://*.upbatam.ac.id https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://fonts.gstatic.com; frame-src 'self' https:; connect-src 'self' https://*.upbatam.ac.id https://id.jooble.org https://*.fastly.net https://*.ibytedtos.com https://*.googlesyndication.com https://core.service.elfsight.com; 1
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; frame-ancestors 'self' https://alfa-college.cdn-ve.com; 1
frame-ancestors 'self' https://gtranslate.io https://saintalexis-recette.mazedia.fr; 1
frame-ancestors 'self' http://my.conning http://portaluat.net.conning.com https://my.conning.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://go.conning.com www.googletagmanager.com tagmanager.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com/ *.google-analytics.com *.analytics.google.com app-ab20.marketo.com munchkin.marketo.net snap.licdn.com pixel.mathtag.com https://cdn.jsdelivr.net https://www.bugherd.com https://fast.wistia.com https://cdn.cookielaw.org https://*.adform.net; frame-src 'self' https://www.google.com/recaptcha/ https://app-ab20.marketo.com/ https://pixel.mathtag.com/ https://players.brightcove.net/ https://app.powerbi.com https://go.conning.com https://gateway.on24.com https://*.adform.net https://fast.wistia.net; 1
default-src https: data: 'self' vimeo.com youtube.com googletagmanager.com analytics.tiktok.com consent.cookiebot.com ade.googlesyndication.com google-analytics.com consentcdn.cookiebot.com region1.google-analytics.comservice.giosg.com2548.clients.giosgusercontent.com cdn.giosgusercontent.com maps.hoas.fi imghoas.fi npcmu07k9q-dsn.algolia.net; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline'; img-src https: 'self' data: ; report-uri /csp/csp-report 1
script-src *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.myfonts.net cdn.jsdelivr.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdnjs.cloudflare.com connect.facebook.net platform.twitter.com platform.linkedin.com *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.cookiebot.com *.hs-banner.com *.airbus.com *.hubspot.net *.securelandcommunications.com *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com code.jquery.com snap.licdn.com px.ads.linkedin.com 'strict-dynamic' 'nonce-Wnr6JznMimItnAa9/4B5kg=='; style-src 'unsafe-inline' static.hsappstatic.net cdn.jsdelivr.net *.myfonts.net *.cookiebot.com *.airbus.com cdnjs.cloudflare.com cdn2.hubspot.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.securelandcommunications.com; img-src 'self' data: *.hubspotusercontent-na1.net *.cookiebot.com *.airbus.com static.hsappstatic.net js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.securelandcommunications.com cdn2.hubspot.net *.hsforms.net *.hsforms.com snap.licdn.com platform.linkedin.com *.ads.linkedin.com; connect-src *.securelandcommunications.com *.cookiebot.com *.myfonts.net *.ads.linkedin.com *.airbus.com cdn.linkedin.oribi.io *.hubapi.com *.cookiebot.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com; child-src *.securelandcommunications.com *.airbus.com *.cookiebot.com *.hsforms.com; frame-src *.hubspot.com *.google.com *.vimeo.com *.youtube.com platform.twitter.com *.cookiebot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.securelandcommunications.com snap.licdn.com platform.linkedin.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hsforms.net *.hsforms.com; object-src 'self'; upgrade-insecure-requests; 1
script-src 'self' *.episerver.net *.jquery.com *.cloudflare.com *.bootstrapcdn.com *.jsdelivr.net *.cookiebot.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.nl *.licdn.com *.hotjar.com *.ipify.org *.doubleclick.net *.linkedin.com *.azure.com *.vimeo.com *.youtube.com *.acast.com *.spotify.com 'unsafe-eval' 'unsafe-inline';img-src 'self' *.google.com *.google-analytics.com *.google.nl *.linkedin.com data: https:;frame-ancestors 'self' *.vimeo.com *.youtube.com *.acast.com *.spotify.comfont-src 'self' data:; 1
font-src fonts.googleapis.com cdnjs.cloudflare.com fonts.gstatic.com *.intercomcdn.com *.fontawesome.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action livechat.boldchat.com www.facebook.com *.salesforce.com *.intercom.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.vee24.com *.authorize.net 'self'; frame-src livechat.boldchat.com www.google.com www.pinterest.com *.sharethis.com *.vee24.com *.doubleclick.net www.facebook.com www.paypalobjects.com www.eventbrite.com www.youtube.com *.gemfind.net *.cookielaw.org *.salesforce.com *.youtube-nocookie.com *.jotform.com *.submit.jotform.com *.adsrvr.org *.pinterest.com optimize.google.com *.attn.tv https://intercom-sheets.com/ fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.authorize.net 'self' 'unsafe-inline'; img-src *.placeholder.com bat.bing.com *.boldchat.com cdnjs.cloudflare.com www.facebook.com *.getsitecontrol.com www.google.com www.googletagmanager.com *.igodigital.com *.pinterest.com *.scene7.com *.doubleclick.net *.robbinsbrothers.com maps.gstatic.com *.googleapis.com *.googleusercontent.com *.ggpht.com *.sharethis.com *.ytimg.com *.googleadservices.com *.clarity.ms *.bing.com *.google.com *.google.co.uk *.google-analytics.com *.googletagmanager.com *.gstatic.com *.cookielaw.org *.cloudinary.com *.intercomcdn.com *.intercomassets.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net bid.g.doubleclick.net analytics.google.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io data: 'self' 'unsafe-inline'; script-src *.getsitecontrol.com *.bing.com *.boldchat.com *.doubleclick.net *.vee24.com cdnjs.cloudflare.com cdn.cookielaw.org *.facebook.net *.sharethis.com *.igodigital.com *.pinimg.com *.pardot.com www.google.com www.gstatic.com maps.googleapis.com js-agent.newrelic.com bam-cell.nr-data.net g1584674682.co *.authorize.net *.ccdc02.com www.eventbrite.com *.gemfind.net www.youtube.com *.cookielaw.org *.salesforce.com *.onetrust.com *.newrelic.com *.clarity.ms *.tiktok.com https://g1584674684.co/ *.nr-data.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.adsrvr.org optimize.google.com *.googleapis.com *.attn.tv *.pinterest.com *.intercom.io *.intercomcdn.com *.getclicky.com assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdnjs.cloudflare.com fonts.googleapis.com optimize.google.com *.adobe.com *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline'; object-src *.googleapis.com 'self' 'unsafe-inline'; media-src *.scene7.com download-video.akamaized.net *.intercomcdn.com *.cloudinary.com *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src bat.bing.com *.boldchat.com www.facebook.com *.getsitecontrol.com www.google-analytics.com *.pinterest.com *.robbinsbrothers.com *.sharethis.com *.vee24.com *.doubleclick.net cdn.cookielaw.org bam-cell.nr-data.net www.paypal.com *.authorize.net *.salesforce.com *.getsitectrl.com 	*.clarity.ms *.onetrust.com *.tiktok.com *.nr-data.net *.analytics.google.com *.googletagmanager.com *.google-analytics.com bcp.crwdcntrl.net *.googleapis.com *.attn.tv *.attentivemobile.com *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://data.stbuttons.click/data dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; child-src *.intercom-sheets.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors beinmatch.fit www.beinmatch.fit 1
frame-ancestors *.detik.com *.cnnindonesia.com *.cnbcindonesia.com *.haibunda.com *.insertlive.com *.beautynesia.id *.cxomedia.id *.detiknetwork.com *.transentertainment.com *.redsys.es 1
frame-ancestors *.swaven.com 1
frame-ancestors https://www.m-kankou.jp/ https://san3kan.net/; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-wIg1TmCA1R4QLlImUTFbFQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self' 'unsafe-inline'  'unsafe-eval' http://www.webhostingforfree.com www.google-analytics.com www.googletagmanager.com  https://www.google.com www.gstatic.com; object-src 'self'   1
default-src 'self' *.facil24h.com.br *.facilassist.com.br  *.fasys.com.br; style-src 'self' 'unsafe-inline' *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com; font-src 'self' fonts.gstatic.com 1
base-uri 'self'; script-src 'strict-dynamic' 'nonce-3a3039774721532f6449672a35' 'unsafe-inline' http: https: ; object-src 'self' http://fpdownload2.macromedia.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://stackpath.bootstrapcdn.com/ https://fonts.googleapis.com https://ajax.googleapis.com; img-src 'self' data: https://analytics.twitter.com/ https://t.co/ https://connect.facebook.net/ https://via.placeholder.com/ https://ct.pinterest.com/ https://px.ads.linkedin.com/ https://ajax.googleapis.com https://www.floornature.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://www.google.it https://stats.g.doubleclick.net ; media-src 'self'; child-src 'self' https://floornature.mag-news.it/ https://ct.pinterest.com/ https://www.youtube-nocookie.com/ https://www.pinterest.com/ https://open.spotify.com/ https://widget.spreaker.com/ https://www.facebook.com/ https://e.issuu.com https://www.youtube.com https://player.vimeo.com https://connect.facebook.com https://connect.facebook.net; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors self http://localhost:3000/ http://*.storyblok.com/ https://*.storyblok.com/ https://prod-www-blackline-com.s3.amazonaws.com/; img-src 'self' data: http://*.storyblok.com/ https://*.blackline.com/ https://*.storyblok.com/ https://*.bizible.com/ https://*.visualwebsiteoptimizer.com/ https://*.blob.core.windows.net/ https://*.vidyard.com/ https://*.google.com/ https://*.google.ro/ https://*.facebook.com/ https://*.clarity.ms/ https://*.google-analytics.com/ https://*.6sc.co/ https://*.rlcdn.com/ https://*.cookielaw.org/ https://*.linkedin.com/ https://*.bizibly.com/ https://*.bing.com/; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'strict-dynamic' 'nonce-JqiQNEYUtrOkFm5UdP3fqQ==' https://*.blackline.com/ https://*.company-target.com/; upgrade-insecure-requests; 1
style-src 'self' 'unsafe-inline' hello.myfonts.net https://*.clickdimensions.com https://fonts.googleapis.com https://*.google.com; script-src 'self' 'nonce-o5+3Cz/XRmzu0BvKmQhgMIammqSZrsF4W1mYsev6Q2E=' 'unsafe-inline' 'unsafe-eval' https://*.clickdimensions.com https://devsso.everence.com https://sso.everence.com https://*.simpli.fi http://fast.wistia.com src.litix.io https://code.jquery.com https://cdn.jsdelivr.net https://*.wistia.com https://*.formsite.com hello.myfonts.net https://*.googletagmanager.com *.google-analytics.com https://*.google.com fast.wistia.net https://*.hotjar.com https://connect.facebook.net/en_US/sdk.js *.zdassets.com; connect-src 'self' data: *.wistia.com embedwistia-a.akamaihd.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.everence.com https://*.liti https://*.litix.io blob: *.zdassets.com *.zendesk.com; img-src 'self' https: fast.wistia.com https://*.formsite.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com placehold.it data: blob:; child-src 'self' https://fireside.fm/ https://www.youtube.com https://www.facebook.com https://*.formsite.com fast.wistia.com vds.issgovernance.com everence.locatorsearch.com *.everence.com https://*.calvertimpactcapital.org https://calvertimpactcapital.org https://*.calvertimpact.org https://calvertimpact.org https://*.mortgagewebcenter.com https://forms.joinmycu.com https://bid.g.doubleclick.net https://td.doubleclick.net https://*.google.com https://*.clickdimensions.com https://*.hotjar.com blob:; font-src 'self' data: fast.wistia.com https://*.simpli.fi https://fonts.googleapis.com https://fonts.gstatic.com https://www.everence.com; media-src 'self' *.akamaihd.net fast.wistia.net *.wistia.com blob: data:; form-action 'self' https://*.clickdimensions.com https://devsso.everence.com https://sso.everence.com; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' crypto.com *.kryll.io *.google-analytics.com player.vimeo.com td.doubleclick.net *.googleapis.com https://cdn.jsdelivr.net https://code.jquery.com/jquery-3.4.1.slim.min.js https://dev.visualwebsiteoptimizer.com https://cdnjs.cloudflare.com/; connect-src 'self' stats.g.doubleclick.net analytics.google.com *.analytics.google.com *.kryll.io api.coingecko.com *.zdassets.com *.zendesk.com *.google-analytics.com ; img-src 'self' data: *.kryll.io *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.doubleclick.net *.gravatar.com *.wp.comi cdnjs.cloudflare.com https://animaproject.s3.amazonaws.com https://px.animaapp.com; style-src 'self' *.kryll.io cdn.jsdelivr.net https://animaproject.s3.amazonaws.com https://px.animaapp.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdnjs.cloudflare.com; font-src 'self' cdnjs.cloudflare.com cdn.jsdelivr.net *.kryll.io *.googleapis.com fonts.gstatic.com;  object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com https://www.googletagmanager.com/ www.googletagmanager.com *.kryll.io https://www.google-analytics.com *.googleapis.com https://cdn.jsdelivr.net https://code.jquery.com/jquery-3.4.1.slim.min.js https://dev.visualwebsiteoptimizer.com cdnjs.cloudflare.com crypto.com 1
script-src * 'unsafe-inline' 1
base-uri 'self'; connect-src 'self' https://consentcdn.cookiebot.com https://*.google.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.in.applicationinsights.azure.com https://*.svc.dynamics.com https://cdn.linkedin.oribi.io wss://*.hotjar.com https://content.hotjar.io https://maps.googleapis.com https://pagead2.googlesyndication.com https://vc.hotjar.io https://api.hubapi.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com; default-src 'none'; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.typekit.net; form-action 'self' https://forms.hsforms.com; frame-ancestors 'self' https://*.smithsdetection.com; frame-src 'self' https://*.cookiebot.com/ https://*.google.com https://vars.hotjar.com https://www.youtube-nocookie.com https://*.svc.dynamics.com https://player.vimeo.com https://irs.tools.investis.com https://otp.tools.investis.com https://www.youtube.com/ https://forms.hsforms.com https://view.ceros.com/; img-src 'self' data: https://bat.bing.com https://px.ads.linkedin.com https://*.google.com https://www.google.co.uk https://*.svc.dynamics.com https://*.google-analytics.com https://i.vimeocdn.com https://maps.googleapis.com https://www.googletagmanager.com https://maps.gstatic.com https://*.tile.openstreetmap.org https://*.basemaps.cartocdn.com https://*.hubspot.com https://img.youtube.com https://forms-na1.hsforms.com https://forms.hsforms.com; media-src 'self' https://player.vimeo.com http://vod-progressive.akamaized.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://snap.licdn.com https://script.hotjar.com https://static.hotjar.com https://googleads.g.doubleclick.net https://mktdplp102cdn.azureedge.net https://js.monitor.azure.com https://maps.googleapis.com https://cdn.polyfill.io https://www.youtube.com https://cdnjs.cloudflare.com https://js.hsforms.net https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://player.vimeo.com; style-src 'self' 'unsafe-inline' data: https://*.googleapis.com https://*.google.com https://*.typekit.net; 1
default-src 'self';              script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net http://ajax.googleapis.com https://maps.googleapis.com https://maps.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.twitter.com https://apis.google.com/js/plusone.js https://track.adform.net https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://cdn.printfriendly.com https://www.printfriendly.com https://cdnjs.cloudflare.com https://ds-4047.kxcdn.com/api/v3/domain_settings/a;              connect-src 'self' https://www.facebook.com/tr https://region1.google-analytics.com https://*.fundacionmdanderson.es https://*.mdanderson.es https://www.google-analytics.com https://www.googletagmanager.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://stats.g.doubleclick.net/j/collect;              style-src 'self' 'unsafe-inline' http://ajax.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdn.printfriendly.com https://cdnjs.cloudflare.com;              font-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com;              img-src * data:;              media-src 'self' https://*.fundacionmdanderson.es https://*.mdanderson.es;              object-src 'self';              frame-src 'self' https://td.doubleclick.net https://9270070.fls.doubleclick.net https://www.facebook.com https://player.vimeo.com https://www.youtube-nocookie.com https://track.adform.net; 1
default-src 'self' *.hs-mittweida.de blob: *.hs-mittweida.de tv.me.hs-mittweida.de hs.mw *.hs.mw; frame-src 'self' *.hs-mittweida.de *.hs-mittweida.de tv.me.hs-mittweida.de hs.mw *.hs.mw; img-src 'self' *.hs-mittweida.de data: *.hs-mittweida.de tv.me.hs-mittweida.de hs.mw *.hs.mw; style-src 'self' *.hs-mittweida.de 'unsafe-inline' *.hs-mittweida.de tv.me.hs-mittweida.de hs.mw *.hs.mw; script-src 'self' *.hs-mittweida.de 'unsafe-inline' 'unsafe-eval' blob: *.hs-mittweida.de tv.me.hs-mittweida.de hs.mw *.hs.mw; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; object-src 'self' blob:; 1
script-src 'self' 'unsafe-inline' https://js.hs-scripts.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://cdn.mxpnl.com https://unpkg.com https://www.googletagmanager.com https://snap.licdn.com https://code.jquery.com https://us.floatbot.ai https://js.hscollectedforms.net https://js.hs-banner.com https://js.hs-analytics.net https://cdn.datatables.net https://static.hsappstatic.net https://www.googleadservices.com https://connect.facebook.net https://js.hsforms.net https://www.facebook.com wss: blob: https://floatbot.ai;  1
frame-ancestors 'self' https://donate.shareaction.org/ https://shaact-portal.mudbank.uk/ https://shareaction.org/ https://resolutions.shareaction.org/ https://api.shareaction.org/ https://consent.cookiebot.eu/; report-to /endpoint-1 1
frame-ancestors 'self' *.myshop-solaire.com *.mycopilot.net http://yan.mycopilot.clk.dv 1
frame-ancestors https://*.mariamiddelares.be; 1
block-all-mixed-content; upgrade-insecure-requests; frame-ancestors 'self' https://vac.bhhsnv.com https://unpkg.com; 1
object-src 'self'; frame-ancestors 'self' 1
report-uri /jss/csp_report.phtml;base-uri 'self';default-src 'self' pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net maps.googleapis.com blob:;script-src 'self' 'nonce-bf351c72-282c-4c0b-8d4e-261a27599347' 'unsafe-eval' pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net www.googletagmanager.com googletagmanager.com connect.facebook.net *.google-analytics.com;style-src 'self' 'unsafe-inline' pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net;font-src 'self' data: pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net;frame-src 'self' pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net;connect-src 'self' blob: pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net maps.googleapis.com www.googletagmanager.com googletagmanager.com connect.facebook.net *.google-analytics.com www.facebook.com *.ingest.sentry.io;img-src 'self' data: blob: pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net maps.googleapis.com www.googletagmanager.com googletagmanager.com connect.facebook.net *.google-analytics.com www.facebook.com *.ingest.sentry.io ad.doubleclick.net adservice.google.com media0.giphy.com;media-src 'self' data: blob: pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net maps.googleapis.com;manifest-src 'self' pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net;object-src 'none';worker-src 'self' blob:;block-all-mixed-content;upgrade-insecure-requests;frame-ancestors 'self';form-action 'self';script-src-attr 'none' 1
default-src *.gstatic.com ir.stockpr.com www.immunocore.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; script-src *.quotemedia.com *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com www.youtube.com player.vimeo.com *.found.io *.datatables.net *.survale.com ir.stockpr.com www.immunocore.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; connect-src *.quotemedia.com *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com www.youtube.com player.vimeo.com *.found.io *.datatables.net *.survale.com ir.stockpr.com www.immunocore.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; style-src fonts.googleapis.com *.gstatic.com *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com qmod.quotemedia.com static.c1.quotemedia.com *.datatables.net *.survale.com ir.stockpr.com www.immunocore.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; font-src cdnjs.cloudflare.com/ajax/libs/font-awesome/ fonts.googleapis.com *.gstatic.com static.c1.quotemedia.com ir.stockpr.com www.immunocore.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; img-src i.ytimg.com qmod.quotemedia.com *.globenewswire.com *.survale.com ir.stockpr.com www.immunocore.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; frame-src *.google.com youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com vimeo.com player.vimeo.com *.hcaptcha.com hcaptcha.com *.survale.com ir.stockpr.com www.immunocore.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; object-src *.gstatic.com ir.stockpr.com www.immunocore.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; 1
frame-ancestors https://ccccoursemanager.concept4hosting.co.uk https://www.capitalccg.ac.uk/ 1
default-src 'self' https://www.citybankplc.com/ https://docs.google.com/ https://ibank.citybankplc.com/ https://www.google-analytics.com/ https://www.citytouch.com.bd/ https://www.google.com https://www.youtube.com/ https://stats.g.doubleclick.net/ https://lankabd.com/ https://analytics.google.com/; script-src 'self' https://www.citybankplc.com/  https://www.googletagmanager.com/  https://www.google-analytics.com/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com/ https://cdnjs.cloudflare.com 'unsafe-inline'; font-src 'self' data: https://fonts.googleapis.com/ https://cdnjs.cloudflare.com https://fonts.gstatic.com/; frame-src https://www.youtube.com/ https://lankabd.com/ https://www.citytouch.com.bd/ https://ibank.thecitybank.com/ https://docs.google.com/; img-src 'self' data: https://www.google-analytics.com/ https://img.youtube.com/ https://www.google.com.bd/ https://www.facebook.com/ https://cityalo.com/; 1
frame-ancestors 'self' grn-www.crestliner.com; 1
frame-ancestors 'self' *.mybusiness.it mybusiness.it *.gstatic.com *.tim.it *.google-analytics.com 1
object-src 'none'; frame-ancestors 'none'; frame-src https://updates.evenuplaw.com https://js.stytch.com https://app.getbeamer.com https://accounts.google.com/ 1
frame-ancestors 'none' always; object-src 'none' 1
Header always set Strict-Transport-Security max-age=63072000 1
default-src 'self'; connect-src  'self' bcp.crwdcntrl.net  cdn.cookielaw.org *.onetrust.com  *.sharethis.com  *.linkedin.com  *.facebook.com *.linkedin.oribi.io  stats.g.doubleclick.net  *.bc0a.com maps.googleapis.com *.analytics.google.com analytics.google.com google-analytics.com *.google-analytics.com; font-src 'self' * data:; script-src 'self' readymag.com cdn.b0e8.com cdn.cookielaw.org  'unsafe-inline' *.vimeo.com *.youtube.com  *.apcoworldwide.com www.gstatic.com *.doubleclick.net  *.google.com *.google-analytics.com snap.licdn.com *.ads-twitter.com facebook.net *.facebook.net googletagmanager.com *.googletagmanager.com cdnjs.cloudflare.com *.bc0a.com maps.googleapis.com code.jquery.com cdn.jsdelivr.net s7.addthis.com cdn.polyfill.io *.disqus.com *.privacymanager.io  twitter.com *.twitter.com *.sharethis.com; style-src * 'unsafe-inline'; img-src * 'self' data:; frame-src *.vimeo.com *.youtube.com www.google.com *.doubleclick.net  *.facebook.com disqus.com *.apcoworldwide.com *.google.com *.readymag.com *.slideshare.net *.sharethis.com *.youtube-nocookie.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss: data: blob: 1
frame-ancestors 'self' *.enlaradio.com.ar; 1
default-src http: https: data: 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://maps.gstatic.com https://chat.kindlycdn.com 'self' wss://sage.kindly.ai wss://ws-eu.pusher.com wss://streaming.mypurecloud.ie 1
frame-ancestors 'self'; trusted-types 'none'; base-uri 'self'; form-action 'self' https://pc.pkoleasing.pl/ https://pc.pkoleasing.pl/* https://*.pc.pkoleasing.pl https://*.pc.pkoleasing.pl/ https://*.pc.pkoleasing.pl/*; object-src 'none'; font-src 'self' https://www.cortland.pl http://www.cortland.pl https://geowidget.easypack24.net https://m9m6e2w5.stackpathcdn.com/v2/fonts_0ecbeeff/shareaholic-icons.eot https://m9m6e2w5.stackpathcdn.com/v2/fonts_0ecbeeff/shareaholic-icons.woff https://m9m6e2w5.stackpathcdn.com/v2/fonts_0ecbeeff/shareaholic-icons.ttf https://m9m6e2w5.stackpathcdn.com/v2/fonts_0ecbeeff/shareaholic-icons.svg https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.gstatic.com/s/opensans/v36/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 https://fonts.gstatic.com/s/opensans/v36/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4taVIGxA.woff2 https://pc.pkoleasing.pl/leasing/assets/fonts/pko-bank-polski/PKOBankPolski-Bold.otf https://simplylease.s3.eu-central-1.amazonaws.com/assets/fonts/SISAN03.woff https://simplylease.s3.eu-central-1.amazonaws.com/assets/fonts/SISAN06.woff https://simplylease.s3.eu-central-1.amazonaws.com/assets/fonts/SISAN06.otf https://simplylease.s3.eu-central-1.amazonaws.com/assets/fonts/SISAN03.otf https://simplylease.s3.eu-central-1.amazonaws.com/assets/fonts/SISAN03.ttf https://simplylease.s3.eu-central-1.amazonaws.com/assets/fonts/SISAN06.ttf https://pc.pkoleasing.pl/leasing/assets/fonts/pko-bank-polski/PKOBankPolski-Regular.otf data:; script-src 'self' https://pc.pkoleasing.pl/ https://pc.pkoleasing.pl/leasing/assets/widget/pkol-installment-widget-styles.css https://pc.pkoleasing.pl/leasing/assets/widget/pkol-installment-widget.js https://simplylease.s3.eu-central-1.amazonaws.com/widget_v2/widget-loader.js https://simplylease.s3.eu-central-1.amazonaws.com/widget_v2/ https://simplylease-beta.s3.eu-central-1.amazonaws.com/widget_v2/widget-loader.js https://simplylease-beta.s3.eu-central-1.amazonaws.com/widget_v2/ https://storage.googleapis.com/siecommerce-widget/ https://www.cortland.pl http://www.cortland.pl https://js.go2sdk.com/v2/tune.js https://perfo.salestube.pl https://perfo.salestube.pl/ https://track.performers.tech/aff_lsr https://track.performers.tech/aff_lsr/ https://cortland.pl http://cortland.pl https://geowidget.easypack24.net https://cdn.shareaholic.net/assets/pub/shareaholic.js https://m9m6e2w5.stackpathcdn.com/v2/dc11be8f/main.js https://m9m6e2w5.stackpathcdn.com/v2/32cc8bfb/main.js https://m9m6e2w5.stackpathcdn.com/v2/dc11be8f/buttons.js https://partner.shareaholic.com/partners.js https://tenantpluginapiserver01.conpeek.ispot.pl https://connect.facebook.net/en_US/fbevents.js https://ssl.ceneo.pl/ct/v5/script.js https://cdn.cookiehub.eu/c2/8fc17a4d.js https://wchat.freshchat.com https://widget.freshworks.com https://sgqcvfjvr.onet.pl/YnVpbGQve21pbml0MjQxfWRsQXBpL21pbml0LnsybWluaXQyNDF9bWluLmpz https://lib.onet.pl/static/pixel/1.6.7/pixel-module.js?4a8df313041190d7d5e593a924ce352f https://cortland-team.freshchat.com/js/widget.js https://d3vhsxl1pwzf0p.cloudfront.net http://d3vhsxl1pwzf0p.cloudfront.net https://api-s.edrone.me/ http://api-s.edrone.me/ https://d3bo67muzbfgtl.cloudfront.net/ http://d3bo67muzbfgtl.cloudfront.net/ http://api.edrone.me/ https://api.edrone.me/ https://www.googletagmanager.com/ https://connect.facebook.net/ http://cookiehub.net/ https://cookiehub.net/ https://tags.creativecdn.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://lib.onet.pl/s.csr/build/dlApi/minit.boot.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js http://www.google.com https://www.google.com http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net http://pagead2.googlesyndication.com https://pagead2.googlesyndication.com http://snap.licdn.com/li.lms-analytics https://snap.licdn.com/li.lms-analytics http://bat.bing.com https://bat.bing.com http://www.clarity.ms https://www.clarity.ms http://wrap.tradedoubler.com https://wrap.tradedoubler.com http://*.onet.pl https://*.onet.pl http://*.optimalpeople.fr https://*.optimalpeople.fr http://sgqcvfjvr.onet.pl/YnVpbGQve21pbml0MjQwfWRsQXBpL21pbml0LnsybWluaXQyNDB9bWluLmpz https://sgqcvfjvr.onet.pl/YnVpbGQve21pbml0MjQwfWRsQXBpL21pbml0LnsybWluaXQyNDB9bWluLmpz http://sgqcvfjvr.onet.pl/build/dlApi/dl.aureus.min.js https://sgqcvfjvr.onet.pl/build/dlApi/dl.aureus.min.js http://sgqcvfjvr.onet.pl/simetra/clickmap/5.0.5/clickmap.min.js https://sgqcvfjvr.onet.pl/simetra/clickmap/5.0.5/clickmap.min.js http://sgqcvfjvr.onet.pl/simetra/artemis/0.6.1/artemis.min.js https://sgqcvfjvr.onet.pl/simetra/artemis/0.6.1/artemis.min.js http://lib.onet.pl/static/pixel/1.6.6/pixel-module.js https://lib.onet.pl/static/pixel/1.6.6/pixel-module.js 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mail.ru vk.com *.vk.com *.google.com *.gstatic.com *.google-analytics.com www.googletagmanager.com; object-src 'self' *.gstatic.com; style-src 'self' 'unsafe-inline' *.google.com; img-src * 'self' data:; child-src 'self' vk.com *.vk.com www.youtube.com *.google.com; frame-src 'self' ok.ru vk.com *.vk.com www.youtube.com *.google.com; font-src 'self' data: *.gstatic.com; connect-src 'self' *.mail.ru *.google.com *.gstatic.com *.google-analytics.com www.googletagmanager.com wss://toptracker.ru; 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com ; img-src https: 'self' data:; base-uri https://www.codix.eu 'self'; frame-ancestors https: 'self'; form-action https: 'self'; object-src 'none' 1
default-src 'self' *.binomo2.com *.binomo.com; child-src *; frame-ancestors 'self'; connect-src 'self' *.ada.support analytics.tiktok.com my.rtmark.net *.clarity.ms *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com static.ads-twitter.com bat.bing.com sc-static.net tr.snapchat.com *.hotjar.io *.hotjar.com wss://*.hotjar.com stats.g.doubleclick.net *.zopim.com *.launchdarkly.com api.exponea.com api.api-cis.exponea.com api-cis.exponea.com ekr.zdassets.com pixel.mathtag.com analytics.google.com accounts.google.com fcm.googleapis.com www.googleapis.com www.google-analytics.com wss://*.zopim.com binomo.zendesk.com binomo2.zendesk.com app.getsentry.com *.binomo2.com *.binomo.com wss://as.binomo2.com:* wss://as.binomo.com:* wss://ws.binomo2.com:* wss://ws.binomo.com:* s.yimg.com https://mc.yandex.ru; font-src data: 'self' *.zopim.com *.gstatic.com themes.googleusercontent.com *.binomo2.com *.binomo.com; img-src * *.ttwstatic.com data:; media-src 'self' *.binomo2.com *.binomo.com; script-src 'self' *.ada.support www.tiktok.com *.ttwstatic.com static.ads-twitter.com sc-static.net tr.snapchat.com *.clarity.ms *.hotjar.io *.hotjar.com www.redditstatic.com *.doubleclick.net *.google.com assets.zendesk.com static.zdassets.com *.zopim.com wss://*.zopim.com *.zopim.io binomo.co my.rtmark.net *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com *.getsitecontrol.com *.googletagmanager.com *.google-analytics.com echo.ecortb.com connect.facebook.net vk.com *.youtube.com s.yimg.com s.ytimg.com bat.bing.com *.gstatic.com www.googleadservices.com binomo.go2affise.com api.exponea.com api.api-cis.exponea.com api-cis.exponea.com *.adnetwork.vn storage.googleapis.com sp.analytics.yahoo.com 'unsafe-eval' 'unsafe-inline' *.binomo2.com *.binomo.com https://unpkg.com/@lottiefiles/lottie-player@0.2.0/dist/lottie-player.js https://mc.yandex.ru https://yastatic.net; style-src 'self' *.ttwstatic.com *.google.com fonts.googleapis.com 'unsafe-inline' *.binomo2.com *.binomo.com 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com; base-uri 'self'; object-src 'none', frame-ancestors 'self' *.facebook.com, frame-ancestors 'self' *.facebook.com 1
default-src 'self' *.analytics.google.com www.google.com *.google-analytics.com *.doubleclick.net *.typekit.net *.addthis.com *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.google.com *.googletagmanager.com www.google-analytics.com *.gstatic.com *.typekit.net *.addthis.com *.moatads.com *.addthisedge.com cdnjs.cloudflare.com *.google.com cdn.jsdelivr.net *.newrelic.com *.nr-data.net; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net www.googletagmanager.com fonts.googleapis.com; img-src 'self' data: *.google.com www.google.co.uk www.google-analytics.com *.gstatic.com *.doubleclick.net our.umbraco.com dashboard.umbraco.com cdn.elsevier.com legacyfileshare.elsevier.com ars.els-cdn.com *.documentforce.com www.googletagmanager.com; media-src 'self'; font-src 'self' *.gstatic.com data: *.typekit.net; frame-src 'self' www.google.com www.youtube.com *.addthis.com td.doubleclick.net; form-action 'self' accounts.google.com; block-all-mixed-content; connect-src www.googletagmanager.com *.nr-data.net p.typekit.net use.typekit.net *.google-analytics.com *.analytics.google.com https://stats.g.doubleclick.net; 1
default-src 'self' https://cdn.yoshki.com; script-src 'unsafe-eval' 'unsafe-inline' https: https://www.googletagmanager.com https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com https://www.google.co.uk https://*.linkedin.com https://*.episerver.net https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com https://i.ytimg.com https://*.cloudfront.net https://*.onetrust.com; connect-src https: data: blob: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googleapis.com *.google.com https://*.gstatic.com; font-src 'self' https: data: https://fonts.gstatic.com; frame-src 'self' https: https://player.vimeo.com https://bid.g.doubleclick.net *.google.com youtube.com www.youtube.com spotify.com podbean.com www.spotify.com www.podbean.com; worker-src 'self' blob: ; 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-GLniud1AZ6/kju2WoG27CA==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
frame-ancestors 'self' *.poderjudicial.gub.uy; 1
default-src 'self'; script-src 'self' 'sha256-dK06Ziaa0EW7eznMaLyuarFhVcusz+7eBUuwXo3gWD8=' https://js.stripe.com/v3 https://js.stripe.com/v3/ https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com/gtag/js *.cloudflareinsights.com; style-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.pushshift.io https://elastic.pushshift.io https://oauth.reddit.com https://ored.reveddit.com https://cred2.reveddit.com https://api.reveddit.com https://www.reddit.com https://removeddit.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com cloudflareinsights.com; font-src 'self'; frame-src 'self' https://js.stripe.com https://www.youtube-nocookie.com/; img-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://pbs.twimg.com data: https:; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
font-src fonts.gstatic.com/ data: *.unzer.com https://static.unzer.com *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com test.frankana.tdintern.de amc.demdex.net *.vimeo.com *.heidelpay.com *.unzer.com https://payment.unzer.com/ https://payment.heidelpay.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.hsforms.net *.hsforms.com *.openstreetmap.org https://maps.googleapis.com *.googletagmanager.com *.google-analytics.com blob: *.google.com *.googleapis.com *.google.de *.gstatic.com *.googleusercontent.com *.doubleclick.net *.magentocommerce.com *.ytimg.com cdn.cookielaw.org *.unzer.com https://static.unzer.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: cdn.frankana.tdintern.de ff.cdn.bloodstream.cloud www.xtento.com cdn.xtento.com b2b.frankana.de data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.hsforms.net *.hsforms.com *.google.com maps.google.com maps.googleapis.com tagmanager.google.com www.gstatic.com cdn.cookielaw.org *.onetrust.com *.googleapis.com *.unzer.com https://static.unzer.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.google.com *.google.de *.gstatic.com cdn.cookielaw.org *.unzer.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com www.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com * 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.openstreetmap.org https://maps.googleapis.com *.google-analytics.com *.doubleclick.net payment.unzer.com api.unzer.com *.heidelpay.com *.demdex.net *.omtrdc.net cdn.cookielaw.org maps.googleapis.com *.unzer.com *.googlesyndication.com https://payment.unzer.com https://payment.heidelpay.com https://api.unzer.com https://api.heidelpay.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com geolocation.onetrust.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.unzer.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: *.dynamicyield.com *.cloudmaestro.com *.searchspring.net *.googletagmanager.com *.cookiebot.com *.helpscout.net *.google-analytics.com *.facebook.net *.fbcdn.net *.yimg.com *.bing.com *.criteo.net *.criteo.com *.bronto.com *.providentmetals.com *.yahoo.com *.googleapis.com *.shopperapproved.com *.nr-data.net *.newrelic.com *.inspectlet.com *.intellisuggest.com *.paypalobjects.com *.paypal.com *.online-metrix.net *.twimg.com *.twitter.com *.instagram.com *.youtube.com *.doubleclick.net *.cloudfront.net bitpay.com *.bitpay.com *.nfusionsolutions.biz *.cdn77.org *.plaid.com *.routingnumbers.info *.tradingview.com *.smartystreets.com wsonline.seisint.com *.googleadservices.com *.bootstrapcdn.com *.nfusionsolutions.com *.google.com *.nameapi.org *.taxjar.com raw.githubusercontent.com cdn.ampproject.org *.wompmobile.com cdnjs.cloudflare.com az690879.vo.msecnd.net api-cache.searchspring.io tpc.googlesyndication.com p11.techlab-cdn.com cdncy.providentmetals.com *.womp.me wompme.blob.core.windows.net songbird.cardinalcommerce.com static.klaviyo.com static-tracking.klaviyo.com *.fpapi.io cdn.jsdelivr.net *.fpcdn.io fpcdn.io womp.me *.fptls.com fptls.com buygoldandsilvercoinschild.azureedge.net widget.trustpilot.com www.dwin1.com cdncy.jmbullion.com js.braintreegateway.com js-agent.newrelic.com app.contentsquare.com *.contentsquare.net *.braintree-api.com; report-uri /.webscale/csp-report 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-X4al6Fh+gv3fZ01e6o2PBg==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src 'none'; connect-src 'self' data: http://ad.doubleclick.net https://*.aptrinsic.com https://*.bing.com https://*.clarity.ms https://*.cookielaw.org https://*.crsblaw.com https://*.doubleclick.net https://*.google-analytics.com https://*.google.co.uk https://*.google.com https://*.googleadservices.com https://*.gstatic.com https://*.idio.co https://*.idio.episerver.net https://*.passle.net https://*.podbean.com https://*.services.visualstudio.com https://*.stackadapt.com https://a.clarity.ms https://cdn.cookielaw.org https://js.monitor.azure.com https://maps.googleapis.com https://stats.g.doubleclick.net https://tags.srv.stackadapt.com https://vimeo.com https://www.googleadservices.com; font-src 'self' https://*.cloudfront.net/graphik/ https://*.cloudfront.net/lato/ https://*.cookielaw.org https://*.google.co.uk https://*.googleadservices.com https://*.gstatic.com; form-action 'self'; frame-src 'self' https://*.crsblaw.com https://*.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.hcaptcha.com https://*.podbean.com https://*.vimeo.com https://cdn.yoshki.com; img-src 'self' blob: data: https://*.charlesrussellspeechlys.com https://*.clarity.ms https://*.cookielaw.org https://*.google-analytics.com https://*.google.ae https://*.google.co.in https://*.google.co.uk https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.idio.co https://*.idio.episerver.net https://*.passle.net https://*.vimeocdn.com https://ad.doubleclick.net https://c.clarity.ms https://www.google.ae https://www.google.ca; manifest-src 'self'; media-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.aptrinsic.com https://*.charlesrussellspeechlys.com https://*.clarity.ms https://*.cookielaw.org https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hcaptcha.com https://*.idio.co https://*.idio.episerver.net https://*.monitor.azure.com https://*.passle.net https://*.ryke4peep.com https://*.srv.stackadapt.com https://*.stackadapt.com https://*.vimeo.com https://cdn.jsdelivr.net https://js.monitor.azure.com https://secure.ryke4peep.com https://tags.srv.stackadapt.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.aptrinsic.com https://*.charlesrussellspeechlys.com https://*.clarity.ms https://*.cookielaw.org https://*.episerver.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.idio.episerver.net https://*.passle.net https://*.srv.stackadapt.com https://*.stackadapt.com https://cdn.jsdelivr.net https://js.monitor.azure.com; report-to stott-security-endpoint;report-uri https://www.charlesrussellspeechlys.com/stott.security.optimizely/api/cspreporting/reporturiviolation/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dogcatstar.com *.vimeo.com *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com chat-plugin.easychat.co/easychat.js www.googletagmanager.com js.tappaysdk.com static.hotjar.com buttons-config.sharethis.com d.line-scdn.net omnitag.omniscientai.com static.line-scdn.net t.sharethis.com www.clarity.ms cdnjs.cloudflare.com connect.facebook.net analytics.tiktok.com stats.wp.com cdn.checkout.com script.hotjar.com googleads.g.doubleclick.net platform-api.sharethis.com; frame-src 'self' *.dogcatstar.com *.vimeo.com *.youtube.com *.facebook.com client-chat.easychat.co s-static.ak.facebook.com *.tappaysdk.com td.doubleclick.net js.checkout.com td.doubleclick.net t.sharethis.com; worker-src blob:; object-src 'self' 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-5uT95J423WMeZPxFnnwGxg==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob:; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://*.aol.com https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com https://bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/ https://interactives.ap.org; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.ads-twitter.com https://www.googletagmanager.com https://universe.staderlabs.com https://*.smartsuppchat.com https://*.smartsuppcdn.com https://cdn.rudderlabs.com https://cdn.jsdelivr.net https://*.hotjar.com https://*.hotjar.io https://www.googleadservices.com https://js.userpilot.io https://*.ingest.sentry.com https://*.newrelic.com; style-src 'self' 'unsafe-inline' https://widget-v3.smartsuppcdn.com; font-src 'self' https://*.hotjar.com; img-src 'self' https://*.amazonaws.com https://googleads.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://res.cloudinary.com https://firebasestorage.googleapis.com https://imagedelivery.net https://*.smartsuppcdn.com https://explorer-api.walletconnect.com https://*.staderlabs.com data: https://www.googletagmanager.com https://www.google-analytics.com https://imagedelivery.net https://uploads.userpilot.io; connect-src * ; frame-src 'self' https://td.doubleclick.net https://www.youtube.com https://*.hotjar.com https://verify.walletconnect.com https://dapp-browser.apps.ledger.com; 1
default-src 'self' data: https://*.azurewebsites.net https://s3.amazonaws.com https://*.cloudinary.com https://*.blob.core.windows.net https://grantsconnectui.azureedge.net https://unpkg.com https://maxcdn.bootstrapcdn.com https://*.yourcause.com https://*.yourcausegrantsuat.com https://*.yourcausegrants.com https://*.yourcausegrantsqa.com https://host.nxt.blackbaud.com;script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.azurewebsites.net https://unpkg.com https://grantsconnectui.azureedge.net https://cdnjs.cloudflare.com https://static.zdassets.com https://maps.googleapis.com https://host.nxt.blackbaud.com https://sky.blackbaudcdn.net https://static.lightning.force.com https://everfi.my.site.com https://service.force.com *.salesforce.com *.salesforceliveagent.com https://help.everfi.com https://cdn.heapanalytics.com https://heapanalytics.com https://js.monitor.azure.com;img-src 'self' data: blob: *;style-src 'self' 'unsafe-inline' https://*.azurewebsites.net https://unpkg.com https://grantsconnectui.azureedge.net https://fonts.googleapis.com https://host.nxt.blackbaud.com https://service.force.com/ https://everfi.my.site.com https://help.everfi.com https://heapanalytics.com https://cdn.jsdelivr.net;font-src 'self' data: https://fonts.gstatic.com https://grantsconnectui.azureedge.net https://unpkg.com https://host.nxt.blackbaud.com https://service.force.com *.salesforce.com https://heapanalytics.com;frame-src 'self' data: https://*.yourcausegrantsuat.com https://*.yourcausegrants.com https://*.yourcausegrantsqa.com https://host.nxt.blackbaud.com https://service.force.com;connect-src 'self' https://*.azurewebsites.net https://localhost:44392 https://*.blob.core.windows.net https://yc-prod.azurefd.net https://yc-dev-qa.azurefd.net https://dc.services.visualstudio.com https://*.yourcausegrantsqa.com https://grantsconnectui.azureedge.net https://*.yourcausegrantsuat.com https://*.yourcausegrants.com https://ekr.zdassets.com https://maps.googleapis.com https://host.nxt.blackbaud.com https://*.blackbaud.net https://*.signalr.net wss://*.signalr.net https://everfi.my.site.com *.salesforce.com *.salesforceliveagent.com *.sfdc.net https://help.everfi.com https://heapanalytics.com 1
default-src *; script-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes'; img-src * data:; font-src * 'self' data:; connect-src *; media-src *; object-src *; prefetch-src *; child-src *; frame-src *; worker-src *; frame-ancestors *; form-action *; base-uri * 1
frame-ancestors 'self' multimaps360.de; 1
worker-src 'self' blob:; 1
script-src 'self' cdnpt.com *.cdnpt.com *.priceres.com.mx *.priceres.com *.priceres.co *.googleapis.com *.googletagmanager.com *.onesignal.com onesignal.com *.google-analytics.com *.hotjar.com *.ladesk.com 'unsafe-inline' 'unsafe-eval' connect.facebook.net api.beyond-experience.com www.thehotelsnetwork.com js.hs-scripts.com services.xg4ken.com static.sojern.com snap.licdn.com svht.tradedoubler.com cdn.mouseflow.com tracker.metricool.com assets.anytrack.io cdnjs.cloudflare.com cdn.jsdelivr.net cdn.sift.com *.bing.com *.us.mouseflow.com *.googleadservices.com *.doubleclick.net tv2track.js 1
default-src 'self' *.studyteamapp.cn *.studyteamapp.com *.reifyapp.com *.onestudyteam.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubdb6d1eb0f615efd9131c3c147eb3994c&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env%3Aproduction%2Cservice%3Anginx;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.studyteamapp.cn *.studyteamapp.com *.onestudyteam.com js.hsforms.net *.google.com *.gstatic.com *.cloudflare.com *.wistia.com *.wistia.net *.cookiebot.com *.zendesk.com *.zdassets.com *.calendly.com *.pendo.io *.localizecdn.com fonts.googleapis.com unpkg.com cdn.jsdelivr.net *.storage.googleapis.com;style-src 'self' 'unsafe-inline' *.studyteamapp.cn *.studyteamapp.com *.onestudyteam.com *.typekit.net *.calendly.com unpkg.com fonts.googleapis.com *.wistia.com *.storage.googleapis.com;img-src 'self' *.studyteamapp.cn *.studyteamapp.com *.onestudyteam.com blob: data: *.hsforms.com *.wistia.net *.wistia.com *.cookiebot.com *.pendo.io *.localizecdn.com *.storage.googleapis.com s3.amazonaws.com s3.ap-southeast-2.amazonaws.com;connect-src 'self' blob: *.studyteamapp.cn *.studyteamapp.com *.onestudyteam.com wss://*.studyteamapp.com wss://*.studyteamapp.cn *.reifyapp.com *.hsforms.com *.cronofy.com *.sentry.io *.litix.io *.wistia.com *.wistia.net *.pendo.io *.cookiebot.com *.localizecdn.com *.launchdarkly.com *.zendesk.com *.zdassets.com s3.amazonaws.com s3.ap-southeast-2.amazonaws.com *.storage.googleapis.com *.browser-intake-datadoghq.com browser-intake-datadoghq.com *.logs.datadoghq.com *.datadoghq.com;font-src 'self' *.studyteamapp.cn *.studyteamapp.com *.onestudyteam.com data: fonts.gstatic.com *.typekit.net *.wistia.com *.wistia.net;frame-src 'self' *.studyteamapp.cn *.cookiebot.com *.studyteamapp.com *.onestudyteam.com *.google.com *.cookiebot.com *.pendo.io *.wistia.net zingtree.com *.zingtree.com;worker-src 'self' blob: *.studyteamapp.cn *.studyteamapp.com *.onestudyteam.com;child-src 'self' blob: *.studyteamapp.cn *.studyteamapp.com *.onestudyteam.com;media-src 'self' blob: data: *.studyteamapp.cn *.studyteamapp.com *.onestudyteam.com s3.amazonaws.com s3.ap-southeast-2.amazonaws.com *.wistia.com; 1
default-src 'none'; script-src 'self' 'unsafe-inline' cdn.minebeamitsumi-aerospace.com cdn.nhbb.com nhbb.cdn.neptuneweb.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com www.google.com www.gstatic.com *.greenhouse.io cdnjs.cloudflare.com maps.googleapis.com cdn.dxpr.com connect.facebook.net *.doubleclick.net; style-src 'self' 'unsafe-inline' cdn.minebeamitsumi-aerospace.com cdn.nhbb.com nhbb.cdn.neptuneweb.com fonts.googleapis.com cdn.dxpr.com; img-src 'self' data: cdn.minebeamitsumi-aerospace.com cdn.nhbb.com nhbb.cdn.neptuneweb.com *.google-analytics.com maps.gstatic.com maps.googleapis.com cdn.dxpr.com dxpr.com *.google.com *.facebook.com www.googletagmanager.com; form-action 'self'; media-src 'self'; connect-src 'self' www.google-analytics.com cdn.dxpr.com *.segment.io *.googlesyndication.com *.analytics.google.com analytics.google.com *.doubleclick.net maps.googleapis.com; font-src 'self' cdn.minebeamitsumi-aerospace.com cdn.nhbb.com nhbb.cdn.neptuneweb.com fonts.gstatic.com *.analytics.google.com; frame-src 'self' www.google.com maps.google.com *.greenhouse.io *.doubleclick.net https://player.vimeo.com www.youtube.com; frame-ancestors 'self'; 1
frame-ancestors 'self' https://support.mpulsesoftware.com; connect-src 'self' https://support.mpulsesoftware.com wss://; 1
default-src 'self' packages.umbraco.org our.umbraco.org cdn-ukwest.onetrust.com googletagmanager.com privacyportal-uk.onetrust.com cookiepedia.co.uk geolocation.onetrust.com *.googletagmanager.com tagmanager.google.com  google-analytics.com *.google-analytics.com  cdn.cookielaw.org cookie-cdn.cookiepro.com *.clarity.ms c.bing.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com googleads.g.doubleclick.net www.google.co.uk *.google.co.uk blob:;script-src 'self' ajax.googleapis.com  maps.googleapis.com unpkg.com ajax.aspnetcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net cookiepedia.co.uk geolocation.onetrust.com *.onetrust.com  cdn.cookielaw.org cookie-cdn.cookiepro.com  tagmanager.google.com *.google.com google-analytics.com *.google-analytics.com  ssl.google-analytics.com  cdn.cookielaw.org cookie-cdn.cookiepro.com *.clarity.ms c.bing.com geolocation.onetrust.com  privacyportal-uk.onetrust.com cdn-ukwest.onetrust.com  googletagmanager.com *.googletagmanager.com www.googletagmanager.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com googleads.g.doubleclick.net www.google.co.uk *.google.co.uk *.visualwebsiteoptimizer.com app.vwo.com 'unsafe-eval' 'unsafe-inline';style-src 'self' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.linearicons.com privacyportal-uk.onetrust.com cookiepedia.co.uk cdn-ukwest.onetrust.com geolocation.onetrust.com  tagmanager.google.com fonts.googleapis.com *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal-uk.onetrust.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com googleads.g.doubleclick.net www.google.co.uk *.google.co.uk *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com 'unsafe-inline';connect-src *;font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com cdn.linearicons.com privacyportal-uk.onetrust.com cookiepedia.co.uk cdn-ukwest.onetrust.com geolocation.onetrust.com *.onetrust.com privacyportal-uk.onetrust.com  cdn.cookielaw.org cookie-cdn.cookiepro.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com googleads.g.doubleclick.net www.google.co.uk *.google.co.uk;img-src 'self' data: via.placeholder.com privacyportal-uk.onetrust.com cookiepedia.co.uk cdn-ukwest.onetrust.com geolocation.onetrust.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com ssl.gstatic.com www.gstatic.com google-analytics.com *.google-analytics.com *.onetrust.com  cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal-uk.onetrust.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com googleads.g.doubleclick.net www.google.co.uk *.google.co.uk  *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com;media-src 'self' https://www.googletagmanager.com *.onetrust.com  cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal-uk.onetrust.com googletagmanager.com *.googletagmanager.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com googleads.g.doubleclick.net widget.trustpilot.com *.trustpilot.com js-eu1.hs-scripts.com *.hs-scripts.com api-eu1.hubspot.com *.hubspot.com player.vimeo.com *.vimeo.com www.youtube.com *.youtube.com cdn.mouseflow.com *.mouseflow.com;frame-src https://www.googletagmanager.com *.onetrust.com  cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal-uk.onetrust.com googletagmanager.com *.googletagmanager.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com googleads.g.doubleclick.net widget.trustpilot.com *.trustpilot.com js-eu1.hs-scripts.com *.hs-scripts.com api-eu1.hubspot.com *.hubspot.com player.vimeo.com *.vimeo.com www.youtube.com *.youtube.com cdn.mouseflow.com *.mouseflow.com app.vwo.com *.visualwebsiteoptimizer.com;worker-src 'self' packages.umbraco.org our.umbraco.org cdn-ukwest.onetrust.com googletagmanager.com privacyportal-uk.onetrust.com cookiepedia.co.uk geolocation.onetrust.com *.googletagmanager.com tagmanager.google.com  google-analytics.com *.google-analytics.com  cdn.cookielaw.org cookie-cdn.cookiepro.com *.clarity.ms c.bing.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com googleads.g.doubleclick.net www.google.co.uk *.google.co.uk widget.trustpilot.com *.trustpilot.com js-eu1.hs-scripts.com *.hs-scripts.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net js-eu1.usemessages.com c.clarity.ms *.clarity.ms track-eu1.hubspot.com c.bing.com api-eu1.hubspot.com *.hubspot.com player.vimeo.com *.vimeo.com www.youtube.com *.youtube.com cdn.mouseflow.com *.mouseflow.com blob: 1
default-src 'self'; frame-ancestors 'self' *.10pearls.com 10pearls.applytojob.com *.greenhouse.io; font-src 'self' data: fonts.gstatic.com *.10pearls.com; img-src * data:; child-src 'self' 10pearls.applytojob.com *.greenhouse.io player.vimeo.com *.vimeo.com bid.g.doubleclick.net *.youtube.com; connect-src *;  style-src 'self' 'unsafe-inline' tagmanager.google.com *.googleapis.com *.cookiepro.com  *.cookielaw.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.greenhouse.io ajax.cloudflare.com *.cookiepro.com  *.cookielaw.org *.jquery.com *.hs-scripts.com *.workable.com *.10pearls.com *.10pearls.workable.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net  *.hubspot.com *.onetrust.com tagmanager.google.com  www.googletagmanager.com cdn.addevent.com youtube.com *.youtube.com www.youtube.com player.vimeo.com *.vimeo.com *.vimeocdn.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net www.google.com *.mouseflow.com *.licdn.com *.leady.com *.clarity.ms *.leady.com *.inspectlet.com *.lfeeder.com *.cloudflareinsights.com https://cdnjs.cloudflare.com; 1
default-src * data: blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://tag.demandbase.com https://assets.adobedtm.com https://com-avaya.netmng.com https://cdn.avaya-learning.com https://js.zi-scripts.com https://maxcdn.bootstrapcdn.com https://*.oracleinfinity.io https://tags.clickagy.com https://s.go-mpulse.net https://*.zoominfo.com https://*.vidyard.com https://*.neverbounce.com https://*.avayacloud.com https://js.hsadspixel.net https://up.pixel.ad https://unpkg.com https://static.hotjar.com https://script.hotjar.com https://cdn.jsdelivr.net https://www.trustradius.com https://ssl.google-analytics.com https://www.storygize.net https://cdn.storygize.net https://s.yimg.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://stats.sa-as.com https://*.paymetric.com http://*.avaya.com  https://gateway.zscalertwo.net https://s0.2mdn.net https://geolocation.onetrust.com https://cdn.cookielaw.org https://prdapp02.xisecurenet.com http://wm2.wiredminds.de https://wm2.wiredminds.de https://*.avaya.com https://*.cloudfront.net https://*.en25.com https://*.googleapis.com https://www.googletagmanager.com https://*.google.com https://*.linkedin.com https://*.serving-sys.com https://79423.analytics.edgekey.net https://ad.atdmt.com https://cdn.syndication.twimg.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://cookies.onetrust.com https://ds-aksb-a.akamaihd.net https://gateway.zscaler.net https://gateway.zscloud.net https://googleads.g.doubleclick.net https://optanon.blob.core.windows.net https://*.twitter.com https://static.ads-twitter.com https://qaapp02.xisecurenet.com https://s1737033466.t.eloqua.com https://s3.amazonaws.com https://secure.adnxs.com https://service.maxymiser.net https://snap.licdn.com https://tags.tiqcdn.com https://use.fontawesome.com https://use.typekit.net https://www.bizographics.com https://*.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.viewbix.com https://*.arkoselabs.com; style-src 'self' 'unsafe-inline' https://cdn.avaya-learning.com https://*.cloudfront.net https://unpkg.com https://cdnjs.cloudflare.com https://www.trustradius.com https://*.avaya.com https://www.gstatic.com https://cdn.jsdelivr.net https://*.google.com https://*.googleapis.com https://gateway.zscaler.net https://maxcdn.bootstrapcdn.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://platform.twitter.com https://ton.twimg.com https://use.fontawesome.com; connect-src 'self' https://googleads.g.doubleclick.net https://tag-logger.demandbase.com https://www.google.com https://api.company-target.com https://px.ads.linkedin.com https://dpm.demdex.net https://avayallc.tt.omtrdc.net https://privacyportal-de.onetrust.com https://js.zi-scripts.com https://*.onetrust.com https://cdn.linkedin.oribi.io https://*.akamaihd.net https://hemsync.clickagy.com https://aorta.clickagy.com https://*.vidyard.com https://*.zoominfo.com https://*.hotjar.com wss://*.hotjar.com https://*.lottiefiles.com https://avayabot.avaya.com https://*.hotjar.io https://bat.bing.com https://*.lottiefiles.com https://forms.visistat.com wss://*.hotjar.com https://*.hotjar.com https://analytics.google.com  https://*.analytics.google.com https://s1737033466.t.eloqua.com https://www.trustradius.com https://dudodiprj2sv7.cloudfront.net https://s.yimg.com https://api.kickfire.com http://*.avaya.com wss://*.avaya.com https://*.avaya.de https://s1737033466.t.eloqua.com https://*.akstat.io https://*.viewbix.com http://production.shippingapis.com https://secure.shippingapis.com https://c.go-mpulse.net https://code.jquery.com https://ds-aksb-a.akamaihd.net https://*.googleapis.com https://ma193-r.analytics.edgekey.net https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://ru.api4load.com https://syndication.twitter.com https://www.apple.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.postescanada-canadapost.ca https://geolocation.onetrust.com; frame-ancestors 'self' https://*.avaya.com ; 1
default-src 'unsafe-inline' 'unsafe-eval' https: data: 1
frame-ancestors *.manchester.ac.uk 'self' 1
default-src 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self' 1
default-src 'self' 'unsafe-eval' *.odigo.com; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.wp.com *.odigo.com *.googleapis.com *.sociablekit.com *.bootstrapcdn.com *.azureedge.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.vimeo.com *.player.vimeo.com *.jsdelivr.net *.soundcloud.com *.licdn.com *.parsely.com *.youtube.com *.sociabble.com *.sociablekit.com *.wp.com *.matomo.cloud *.hotjar.com *.odigo.com *.licdn.com *.azureedge.net *.google.com *.google-analytics.com *.googletagmanager.com *.cloudflare.com *.gaconnector.com *.googleapis.com *.googleadservices.com www.gstatic.com *.cookiebot.com *.doubleclick.net; img-src * data:; connect-src 'self' *.ads.linkedin.com *.oribi.io *.accentapi.com *.linkedin.oribi.io *.doubleclick.net *.parsely.com *.matomo.cloud *.google.com *.googleapis.com *.google-analytics.com wss://*.wordpress.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.azureedge.net *.cookiebot.com *.dynamics.com; font-src 'self' *.jsdelivr.net *.googleapis.com *.gstatic.com *.wp.com *.odigo.com data:; frame-src 'self' calendly.com *.calendly.com *.cloudflare.com *.soundcloud.com *.google.com *.googlesyndication.com *.wp.com *.dynamics.com *.hotjar.com *.cookiebot.com *.youtube.com *.vimeo.com *.DoubleClick.net; upgrade-insecure-requests; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline' data: blob:; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';font-src * data: blob: 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com ssl.google-analytics.com translate.google.com translate.googleapis.com translate-pa.googleapis.com js-agent.newrelic.com/nr-1212.min.js *.livechatinc.com *.tawk.to analytics.ajla.net bam.nr-data.net 1
connect-src *.google-analytics.com www.bolsasymercados.es wss://www.bolsasymercados.es api.bolsasymercados.es apiweb.bolsasymercados.es wss://api.bolsasymercados.es wss://apiweb.bolsasymercados.es cdn.cookielaw.org *.onetrust.com;default-src 'self' data: *.typekit.net *.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com tagmanager.google.com *.gstatic.com *.googleapis.com bmeintranet.bme.com www.bolsasymercados.es wss://www.bolsasymercados.es api.bolsasymercados.es apiweb.bolsasymercados.es wss://api.bolsasymercados.es wss://apiweb.bolsasymercados.es cdn.cookielaw.org *.onetrust.com i1.ytimg.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com;script-src 'self' *.typekit.net *.google-analytics.com www.googletagmanager.com tagmanager.google.com cdn.cookielaw.org *.onetrust.com 'sha256-8kqcK8yXrT06YP8+2rdHYaZamV42+oNyHrxPsEp9dDw=';style-src 'self' *.typekit.net www.bolsasymercados.es api.bolsasymercados.es apiweb.bolsasymercados.es www.googletagmanager.com fonts.googleapis.com 'unsafe-inline';base-uri 'self';form-action 'self';frame-ancestors 'self'; 1
frame-ancestors 'self' *.atp-autoteile.at https://app.storyblok.com 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: mediastream: filesystem: *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com;frame-ancestors 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-MtRDAnP21bme1Hds47qeHg==' yastatic.net https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://cdn.linkedin.oribi.io https://px.ads.linkedin.com  mc.yandex.ru mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz; style-src 'self' 'unsafe-inline' 'nonce-MtRDAnP21bme1Hds47qeHg==' yastatic.net https://yandex.ru https://yandex.com; connect-src https://yandex.ru 'self' yandex.ru yandex.ru ya.ru ecoo.n.yandex-team.ru https://analytics.google.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://yastatic.net yandexmetrica.com:* mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ru mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz mc.admetrica.ru; default-src 'none'; base-uri 'none'; object-src 'none'; frame-ancestors 'self' https://yandex.ru *.yandex.ru https://yandex.com *.yandex.com webvisor.com *.webvisor.com http://webvisor.com http://*.webvisor.com; frame-src 'self' yastatic.net forms.yandex.ru forms.yandex-team.ru https://yandex.ru https://mc.yandex.com *.vh.yandex.ru https://www.youtube-nocookie.com https://www.youtube.com https://youtube.com https://frontend.vh.yandex.ru https://www.facebook.com blob: mc.yandex.ru mc.yandex.md; manifest-src 'self'; font-src 'self' yastatic.net; img-src 'self' data: yastatic.net https://i.ytimg.com https://i3.ytimg.com https://www.facebook.com https://px.ads.linkedin.com avatars.mds.yandex.net mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ru mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz mc.admetrica.ru; media-src 'self' yastatic.net; child-src forms.yandex.ru forms.yandex-team.ru blob: mc.yandex.ru; report-uri https://csp.yandex.net/csp?from=adv&project=adv&yandexuid=3711797081721958234; 1
frame-ancestors 'self' https://*.atrapalo.com.mx; report-uri /csp/report; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: 'unsafe-eval' https://validator.swagger.io; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; media-src 'self' data: 'unsafe-eval' 1
default-src 'self' blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.google-analytics.com *.googletagmanager.com *.facebook.net *.creative-serving.com *.tt.se *.cookiebot.com *.browsealoud.com *.youtube.com sibautomation.com apps.moderaterna.se;style-src 'self' 'unsafe-inline' apps.moderaterna.se;font-src 'self' data:;frame-src 'self' *.youtube.com *.vimeo.com *.twitter.com *.facebook.com *.tt.se *.cookiebot.com sibautomation.com *.spotify.com;img-src 'self' *.gravatar.com data: *.google-analytics.com *.googletagmanager.com *.cookiebot.com *.facebook.com *.doubleclick.net *.creative-serving.com *.bidswitch.net *.yieldlab.net *.kargo.com;connect-src 'self' *.membercare.se *.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.browsealoud.com *.speechstream.net in-automate.sendinblue.com https://id5-sync.com apps.moderaterna.se *.moderaterna.se *.ordningpasverige.se *.brevo.com; 1
default-src 'self' https://maps.googleapis.com https://client.crisp.chat wss://client.relay.crisp.chat https://googleads.g.doubleclick.net wss://*.tawk.to https://*.clarity.ms https://c.bing.com  https://va.tawk.to https://stats.g.doubleclick.net https://*.google.com https://*.googlesyndication.com https://*.google-analytics.com https://www.gstatic.com https://vc.hotjar.io https://in.hotjar.com https://inetchat.zoner.com https://www.facebook.com https://www.sandbox.paypal.com  https://www.paypal.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://c.seznam.cz/ https://*.crisp.chat https://*.googletagmanager.com https://*.clarity.ms https://pay.google.com https://unpkg.com https://wchat.eu.freshchat.com https://cdn.jsdelivr.net https://embed.tawk.to https://e.infogr.am/ https://c.imedia.cz https://seal.digicert.com https://script.hotjar.com  https://static.hotjar.com https://inetchat.zoner.com https://tagmanager.google.com https://www.paypal.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://livehelp.zonercloud.cz https://ssl.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.gstatic.com https://www.google.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' data: https://maps.gstatic.com  https://*.google-analytics.com https://*.crisp.chat https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.cz https://*.clarity.ms https://c.bing.com https://www.sslmarket.it/ https://www.sslmarket.cz/ https://www.sslmarket.sk/ https://www.sslmarket.hu/ https://www.sslmarket.de/ https://www.sslmarket.at/ https://www.sslmarket.ch/ https://www.sslmarket.co.uk/ https://www.sslmarket.com/ https://www.sslmarket.fr/ https://www.sslmarket.es/ https://embed.tawk.to https://c.seznam.cz https://c.imedia.cz https://seal.digicert.com  https://inetchat.zoner.com/ https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com https://www.google-analytics.com https://www.google.cz https://www.google.com https://stats.g.doubleclick.net https://livehelp.zonercloud.cz https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://*.crisp.chat https://wchat.eu.freshchat.com https://embed.tawk.to https://tagmanager.google.com https://www.gstatic.com https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://*.crisp.chat https://embed.tawk.to https://fonts.gstatic.com https://themes.googleusercontent.com; frame-src https://td.doubleclick.net/ https://*.crisp.chat https://www.google.com https://ndm.monetplus.cz https://iplatebnibrana.csob.cz https://platebnibrana.csob.cz https://pay.google.com/ https://*.freshchat.com https://pastebin.com/ https://player.vimeo.com/ https://seal.digicert.com https://e.infogram.com/ https://e.infogr.am/ https://controlcenter.sslmarket.sk https://controlcenter.sslmarket.hu https://controlcenter.sslmarket.de https://controlcenter.sslmarket.at  https://controlcenter.sslmarket.co.uk https://controlcenter.sslmarket.ru https://controlcenter.sslmarket.jp https://controlcenter.sslmarket.ch https://controlcenter.sslmarket.com https://controlcenter.sslmarket.fr https://controlcenter.sslmarket.es https://controlcenter.sslmarket.ae  https://vars.hotjar.com https://inetchat.zoner.com/ https://www.sandbox.paypal.com https://www.paypal.com https://livehelp.zonercloud.cz https://www.youtube.com https://controlcenter.sslmarket.cz https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.Dcom; object-src https://seal.digicert.com/; frame-ancestors 'self'; 1
prefetch-src 'none' 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https://image.maas-natur.de https://www.google.de https://maps.gstatic.com https://maps.googleapis.com https://api.maas-natur.de; object-src 'none'; script-src-attr 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 1
frame-ancestors 'self' https://microsites.audi.com *.audi-boerse.de https://mtt.avp.tech; 1
default-src *;style-src 'self' 'unsafe-inline' at.alicdn.com *.spzs.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' ynuf.aliapp.org  cf.aliyun.com  *.tdum.alibaba.com *.spzs.com hm.baidu.com hmcdn.baidu.com dlswbr.baidu.com  api.map.baidu.com map.baidu.com aeis.alicdn.com maponline1.bdimg.com g.alicdn.com res.wx.qq.com acodes.b2b.cn;img-src *  data: blob:;worker-src * blob:;media-src 'self' *.spzs.com blob:;font-src 'self' at.alicdn.com data:; 1
default-src 'self' ol.local olympia.hosted.positive.co.uk olympia.london;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.funnelytics.io cdn.funnelytics.io *.hotjar.com *.cookiebot.com olympia.hosted.positive.co.uk olympia.london *.sensehqchat.com *.sensehq.com  embedsocial.com *.livechatinc.com player.vimeo.com sp.analytics.yahoo.com *.tvsquared.com s.yimg.com tracker.gaconnector.com bat.bing.com cdn.mouseflow.com ict.infinity-tracking.net *.crazyegg.com api.carehome.co.uk www.cqc.org.uk cookie-cdn.cookiepro.com *.onetrust.com cdn.cookielaw.org script.infinity-tracking.com *.vimeocdn.com *.gstatic.com www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.google.com maps.googleapis.com *.twimg.com connect.facebook.net *.googleapis.com ajax.aspnetcdn.com;style-src 'self' 'unsafe-inline'  embedsocial.com *.googletagmanager.com *.livechatinc.com  www.cqc.org.uk fonts.googleapis.com olympia.hosted.positive.co.uk olympia.london;connect-src 'self' *.cloudinary.com *.googlesyndication.com *.funnelytics.io *.sensehqchat.com *.sensehq.com region1.analytics.google.com  bat.bing.com cookie-cdn.cookiepro.com cdn.cookielaw.org *.onetrust.com s.yimg.com *.crazyegg.com ict.infinity-tracking.net nas.lon.infinity-tracking.com cdn.cookielaw.org web.lon.infinity-tracking.com vimeo.com maps.googleapis.com *.google-analytics.com *.doubleclick.net www.facebook.com;font-src 'self' data: ol.local olympia.london cdn.livechatinc.com fonts.gstatic.com fonts.googleapis.com olympia.hosted.positive.co.uk;frame-ancestors 'self' olympia.hosted.positive.co.uk olympia.london;frame-src 'self' *.spotify.com *.cloudinary.com console.cloudinary.com maps.google.com maps.google.co.uk embedsocial.com *.livechatinc.com player.vimeo.com www.google.com www.facebook.com *.googletagmanager.com *.doubleclick.net;img-src 'self' *.googleapis.com *.cloudinary.com sp.analytics.yahoo.com bat.bing.com  www.cqc.org.uk *.googletagmanager.com maps.gstatic.com maps.googleapis.com *.gstatic.com *.google-analytics.com *.facebook.com *.google.com *.google.co.uk i.vimeocdn.com data:;worker-src 'self' blob: olympia.hosted.positive.co.uk ol.local olympia.london;media-src 'self' ol.local olympia.hosted.positive.co.uk olympia.london *.cloudinary.com; form-action 'self' ol.local olympia.hosted.positive.co.uk olympia.london; 1
form-action https: www.przelewy24.pl; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com *.googleadservices.com https://*.g.doubleclick.net https://*.google-analytics.com https://ssl.google-analytics.com app.usercentrics.eu web-chat.nativechat.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://dec.azureedge.net https://tagmanager.google.com/ https://fonts.googleapis.com/ web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://dec.azureedge.net https://useast2devbrandsites.blob.core.windows.net https://useast2qabrandsites.blob.core.windows.net https://useast2prodbrandsites.blob.core.windows.net https://sqlvagrdwjlmsmgrf4.blob.core.windows.net https://sqlvauegg2ud2m3rds.blob.core.windows.net https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://ssl.gstatic.com/ https://www.gstatic.com/ https://*.google-analytics.com/ https://*.g.doubleclick.net https://*.analytics.google.com https://*.google.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://fonts.gstatic.com/; frame-src 'self' self https://www.youtube.com/ web-chat.nativechat.com; connect-src 'self' accounts.google.com https://*.googletagmanager.com https://*.dec.sitefinity.com *.mktoresp.com https://*.google-analytics.com/ https://*.g.doubleclick.net https://www.googleadservices.com/ https://www.google.bg/ https://maps.googleapis.com/ https://*.analytics.google.com https://*.google.com api.usercentrics.eu; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
default-src 'self'; font-src 'self' data: https://fonts.gstatic.com; img-src data: https:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://js-eu1.hs-scripts.com https://js-eu1.hs-banner.com js-eu1.hs-analytics.net https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleanalytics.com https://optimize.google.com https://www.googleadservices.com https://mc.yandex.ru https://*.fls.doubleclick.net https://marketing.tr.netsalesmedia.pl https://googleads.g.doubleclick.net https://tagmanager.google.com https://connect.facebook.net https://js.hs-scripts.com https://js.hsadspixel.net https://forms.hsforms.com https://js.hsforms.net https://profilingua.unifiedfactory.com https://js.hs-analytics.net https://js.usemessages.com https://js.hsleadflows.net https://skk.erecruiter.pl https://analytics.tiktok.com https://a1.moviserver.com https://snap.licdn.com https://static.hotjar.com https://static.hsappstatic.net https://js.hs-banner.com https://script.hotjar.com https://cdn.inis360.com https://bat.bing.com; style-src 'unsafe-inline' 'self' https://*.googleapis.com https://connect.facebook.net https://tagmanager.google.com https://skk.erecruiter.pl https://optimize.google.com https://fonts.googleapis.com; frame-src https://www.profi-lingua.pl https://youtu.be https://player.vimeo.com https://www.youtube.com https://*.fls.doubleclick.net https://profilingua.unifiedfactory.com/ https://www.testportal.pl/ https://connect.facebook.net https://optimize.google.com https://forms.hsforms.com https://addons.livechatinc.com https://meetings.hubspot.com/ https://app.hubspot.com https://www.facebook.com https://forms.hubspot.com https://*.tiktok.com https://vars.hotjar.com; connect-src 'self' https://js-eu1.hs-banner.com https://region1.google-analytics.com https://vc.hotjar.io https://mc.yandex.ru https://strefa.profi-lingua.pl https://connect.facebook.net https://api.hsforms.com https://api.hubapi.com https://api.hubspot.com https://maps.googleapis.com https://forms.hubspot.com https://forms.hsforms.com https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net/ https://analytics.tiktok.com/ https://maps.googleapis.com https://hubspot-forms-static-embed.s3.amazonaws.com https://in.hotjar.com https://web.facebook.com https://www.facebook.com; media-src 'self' https://profilingua.unifiedfactory.com; 1
img-src * data:; media-src * blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: wss: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.24-7news.wiki https://push.24-7news.wiki https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://push.24-7news.wiki https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz https://push.24-7news.wiki ; 1
frame-ancestors https://statevitalrecords.org/ https://californiabirthcertificate.org/ https://californiabirthcertificate.wpcomstaging.com/ https://texasbirthcertificateswpcomstaging.wpcomstaging.com/ https://texasbirthcertificates.org/ 1
frame-ancestors 'self' www.roomsurf.com; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-c62a837e9463d88a46dede73e1c1cc0b'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self';        connect-src 'self' https://*.snapchat.com https://www.google-analytics.com https://stats.g.doubleclick.net https://translate.googleapis.com https://pagead2.googlesyndication.com/ https://yoast.com/ https://mx.technolutions.net/ https://forms.virtuoussoftware.com;        script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://sc-static.net https://admissions.cumberland.edu https://mx.technolutions.net https://tag.brandcdn.com https://adservices.brandcdn.com https://translate.google.com https://translate.googleapis.com https://*.snapchat.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://translate-pa.googleapis.com https://connect.facebook.net https://cdnjs.cloudflare.com/ https://www.shoppingsheet.com https://business.facebook.com https://cdn.virtuoussoftware.com https://unpkg.com https://www.google.com https://js.hcaptcha.com https://www.gstatic.com;        frame-src 'self' https://*.snapchat.com https://d1eoo1tco6rr5e.cloudfront.net https://www.youtube.com https://adservices.brandcdn.com https://www.facebook.com https://insight.adsrvr.org https://td.doubleclick.net/ https://business.facebook.com https://www.shoppingsheet.com https://www.google.com;        style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://cdnjs.cloudflare.com https://www.shoppingsheet.com https://cdn.virtuoussoftware.com;        font-src 'self' data: https://fonts.gstatic.com/ https://use.fontawesome.com/ https://cdnjs.cloudflare.com  https://stackpath.bootstrapcdn.com;        img-src 'self' data: https://insight.adsrvr.org https://www.gstatic.com https://fonts.gstatic.com https://www.google.com https://dpm.demdex.net https://match.adsrvr.org https://cm.g.doubleclick.net https://ib.adnxs.com https://pixel.tapad.com https://secure-gl.imrworldwide.com https://secure.adnxs.com https://idpix.media6degrees.com https://www.facebook.com https://su.addthis.com https://cw.addthis.com https://s.thebrighttag.com https://i.liadm.com https://x.bidswitch.net https://i6.liadm.com https://ml314.com https://match.sync.ad.cpe.dotomi.com https://tags.rd.linksynergy.com https://eb2.3lift.com https://match.sharethrough.com https://dmp.truoptik.com https://odr.mookie1.com https://io.narrative.io https://mid.rkdms.com https://simage2.pubmatic.com https://secure.gravatar.com/ https://track2.securedvisit.com/ https://uipglob.semasio.net/ https://www.googletagmanager.com/ https://usermatch.krxd.net/ https://secure.insightexpressai.com/ https://s.w.org/ https://ads.scorecardresearch.com/ https://loadm.exelator.com/;        worker-src 'self' blob:; 1
upgrade-insecure-requests;frame-ancestors 'self' https://editor.sareapps.pl/ https://editor.digiapps.pl/ https://dev-editor.sare25.com/;block-all-mixed-content;default-src 'self' data:;object-src 'none';base-uri 'self' http://n.enewsletter.pl https://n.enewsletter.pl http://n.enewsletter.pl https://n.enewsletter.pl;manifest-src 'self';font-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://cdn.sare25.com;script-src 'self' https://cdn.jsdelivr.net https://cdn.enewsletter.com.pl https://cdn.sareapps.pl https://cdn.digiapps.pl https://cdn.speakhub.live https://public.speakhub.live https://cdnjs.cloudflare.com https://cdn.heapanalytics.com https://polyfill.io https://code.jquery.com https://uicdn.toast.com https://blueimp.github.io https://cdn.sare25.com https://cdn.livechatinc.com https://api.livechatinc.com https://ajax.googleapis.com https://www.google.com https://www.gstatic.com;style-src 'self' 'report-sample' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://uicdn.toast.com https://cdn.sare25.com n.enewsletter.pl;frame-src 'self' dev-editor.sare25.com editor.sareapps.pl editor.digiapps.pl integrations.app-link.me https://secure.livechatinc.com https://www.google.com data:;img-src * data: blob:;worker-src 'self' blob:;media-src * data: blob:;connect-src 'self' *.enewsletter.pl *.sare25.com *.sareapps.pl *.digiapps.pl wss://ws-sare-wire.sareapps.pl wss://ws-sare-wire.digiapps.pl wss://ws.speakhub.live public.speakhub.live cdn.jsdelivr.net cdnjs.cloudflare.com fonts.gstatic.com fonts.googleapis.com;child-src 'self' https://cdn.sare25.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://intahnet.co.uk; img-src 'self' data: blob: https://intahnet.co.uk https://media.intahnet.co.uk; style-src 'self' https://intahnet.co.uk; media-src 'self' data: https://intahnet.co.uk https://media.intahnet.co.uk; frame-src 'self' https:; manifest-src 'self' https://intahnet.co.uk; form-action 'self'; connect-src 'self' data: blob: https://intahnet.co.uk https://media.intahnet.co.uk wss://intahnet.co.uk; script-src 'self' https://intahnet.co.uk; worker-src 'self' blob: https://intahnet.co.uk 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.icons8.com https://*.googleapis.com https://*.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cloudfront.net https://*.cloudflare.com https://*.hotjar.com https://*.facebook.net https://*.googletagmanager.com https://*.go-mpulse.net https://*.google-analytics.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleusercontent.com https://*.facebook.com https://*.google.com.br data:; connect-src 'self' https://*.go-mpulse.net https://*.akamaihd.net https://*.akastat.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.akstat.io https://*.google.com https://*.rdstation.com.br  https://*.doubleclick.net; frame-src 'self' https://*.youtube.com https://*.rdstation.com.br https://*.doubleclick.net https://*.facebook.com data: blob:; font-src 'self' https://*.icons8.com https://*.gstatic.com data: blob:; worker-src 'self' blob:; 1
connect-src https://*.calltouch.ru https://calltouch.ru https://*.mail.ru  https://www.google-analytics.com https://itclinic.ru 'self' https://*.yandex.ru https://*.itclinic.ru https://*.yandex.net https://*.google.com; child-src 'self' ; font-src https://static.lc-group.ru 'self' https://*.itclinic.ru ; form-action https://*.google.com https://*.calltouch.ru https://calltouch.ru https://itclinic.ru 'self' https://*.itclinic.ru ; frame-ancestors https://webvisor.com https://*.webvisor.com https://itclinic.ru 'self' ;  frame-src https://*.google.com https://*.calltouch.ru https://calltouch.ru https://api-maps.yandex.ru 'self' https://*.youtube.com ; img-src https://*.google.com  https://*.calltouch.ru https://calltouch.ru https://*.mail.ru https://vk.com https://static.lc-group.ru https://www.google-analytics.com https://itclinic.ru https://merlion.com  'self' https://*.yandex.ru https://*.merlion.com https://*.merlion.ru https://*.yandex.net https://*.itclinic.ru https://www.ippon.ru    https://www.jetbalance.ru https://www.google-analytics.com data: ;  media-src https://*.itclinic.ru 'self' ;     object-src https://static.lc-group.ru https://*.itclinic.ru 'self' https://*.macromedia.com ; script-src https://*.google.com     https://*.mail.ru https://static.lc-group.ru https://itclinic.ru https://*.yandex.ru  https://yastatic.net 'self' https://*.yandex.ru https://*.google-analytics.com      https://*.itclinic.ru https://*.yandex.net 'unsafe-eval'  https://*.calltouch.ru https://calltouch.ru; style-src https://*.google.com https://*.calltouch.ru https://calltouch.ru https://*.mail.ru https://static.lc-group.ru https://itclinic.ru 'self' https://*.yandex.ru 'unsafe-inline' https://*.itclinic.ru https://*.yandex.net ; default-src 'none' ; 1
frame-ancestors 'self' https://rallye-lecture.fr https://classe-numerique.fr https://monecole.fr https://motoufo.fr 195.221.81.1; 1
default-src * 'self' blob:; script-src * blob: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * blob: data:;font-src * data:; 1
frame-ancestors https://listado-ofertas.trabajando.cl https://*.trabajando.cl https://laboral.inacap.cl 1
upgrade-insecure-requests; default-src 'self' https://*.unigranrio.edu.br/ https://uploads-ssl.webflow.com/ https://*.website-files.com/ https://hubspotonwebflow.com/ https://vlibras.gov.br https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://apppravaler.apprbs.com.br/ https://tracking.apprubeus.com.br/ https://www.googletagmanager.com/ https://*.pages.ubembed.com/ https://*.events.ubembed.com/ https://analytics.tiktok.com/ https://landing-vest-unigranrio-api.azurewebsites.net https://use.typekit.net https://capture-api.reachlocalservices.com/ https://*.gannettdigital.com/ https://static.criteo.net/ https://content.hotjar.io/ wss://ws.hotjar.com/ https://forms.hscollectedforms.net https://fonts.cdnfonts.com https://www.youtube-nocookie.com https://*.rlets.com/ https://*.criteo.com/ https://www.facebook.com/tr/ https://kit.fontawesome.com https://*.googleapis.com https://*.elfsight.com/ https://gov.br/ https://js.hsforms.net/ https://*.pdcsaude.com.br https://cdn.cookielaw.org https://*.hubapi.com https://*.fontawesome.com https://*.luckyorange.net https://forms.hsforms.com/ https://*.s3.amazonaws.com/ https://*.whatsapp.com https://*.hubspot.com https://portal.iteleport.com.br/ https://www.googleservices.com https://ib.adnxs.com https://cdn.linkedin.oribi.io https://static.hsappstatic.net https://cdn.tradelab.fr https://js.hscollectedforms.net https://js.hubspotfeedback.com https://js.hscta.net https://snap.licdn.com https://*.gstatic.com https://*.youtube.com https://js.hs-banner.com https://*.hubspot.com https://www.google-analytics.com https://maxcdn.bootstrapcdn.com https://*.vlibras.gov.br https://*.onetrust.com https://*.rdstation.com.br https://*.doubleclick.net https://*.hotjar.com https://*.google.com data:; script-src 'self' https://s3.amazonaws.com/ https://*.website-files.com/ https://hubspotonwebflow.com/ https://cdn.jsdelivr.net https://unpkg.com https://apprbs.com.br https://assets.ubembed.com/ https://unpkg.com/ https://apppravaler.apprbs.com.br/ https://code.jquery.com/ https://tracking.apprubeus.com.br/ https://*.js.ubembed.com/ https://static.criteo.net https://app.shoptarget.com.br/ https://*.simpli.fi/ https://analytics.tiktok.com/ https://cdn.rlets.com/ https://www.googleadservices.com https://3960387.fs1.hubspotusercontent-na1.net https://*.unigranrio.edu.br https://unigranrio.edu.br/  https://*.pdcsaude.com.br https://*.youtube.com https://*.fontawesome.com https://*.luckyorange.net https://*.whatsapp.com https://*.hubspot.com https://cdn.jsdelivr.net/ https://igorescobar.github.io/ https://js.hsforms.net/  https://releases.jquery.com/ https://*.static.elfsight.com/ https://*.tradelab.fr https://js.hscollectedforms.net https://js.hubspotfeedback.com https://js.hscta.net https://ib.adnxs.com https://cdn.linkedin.oribi.io https://static.hsappstatic.net https://snap.licdn.com https://www.gstatic.com https://*.googleapis.com https://cdn.cookielaw.org https://*.hubapi.com https://*.hubspot.com https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.rdstation.com.br https://3603d.com.br https://google.com.br https://google.com https://rdstation.com.br https://popups.rdstation.com.br https://track.hubspot.com https://api.hubspot.com https://stats.g.doubleclick.net https://ajax.cloudflare.com https://js.hsleadflows.net https://js.usemessages.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://stats.g.doubleclick.net https://static.elfsight.com/ https://js.hs-scripts.com https://*.cloudfront.net https://*.onetrust.com https://*.cloudflareinsights.com https://connect.facebook.net https://www.google-analytics.com https://*.vlibras.gov.br/ https://vlibras.gov.br https://apps.elfsight.com/ https://unigranrio.com.br/ https://www.unigranrio.com.br https://*.criteo.com  https://www.googletagmanager.com https://js.hs-scripts.com https://www.youtube-nocookie.com https://*.webformscr.com https://login.sendpulse.com https://static.whatshelp.io blob: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data:; style-src https: 'unsafe-inline'; 1
default-src 'self'; base-uri 'self' burina.net *.burina.net; connect-src 'self' echo.burina.net:6001 wss://echo.burina.net:6001 google-analytics.com www.google-analytics.com bam.nr-data.net; font-src 'self' burinacdn.com data: fonts.gstatic.com; form-action 'self' burina.net:* *.burina.net:* www.paypal.com bib.eway2pay.com testsecurepay.intesasanpaolocard.com; frame-ancestors 'none'; frame-src 'self' data: sr.burina.net en.burina.net www.google.com; img-src 'self' burinacdn.com cid: data: sr.burina.net en.burina.net secure.gravatar.com www.google-analytics.com; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' burinacdn.com sr.burina.net en.burina.net www.google.com www.gstatic.com www.google-analytics.com ajax.googleapis.com cdn.polyfill.io js-agent.newrelic.com bam.nr-data.net; style-src 'self' 'unsafe-inline' 'report-sample' burinacdn.com sr.burina.net en.burina.net fonts.googleapis.com; worker-src 'self' burinacdn.com; upgrade-insecure-requests 1
frame-ancestors 'self';upgrade-insecure-requests; img-src 'self' data: https://www.googletagmanager.com  https://cdn.shopify.com  https://www.facebook.com  https://engagefront.theweathernetwork.com  https://ct.pinterest.com  https://www.google-analytics.com  https://app.careerbeacon.com  https://cdn.honey.io  android-webview-video-poster  https://pos.baidu.com  https://fonts.gstatic.com  blob:  https://translate.google.com  https://secure.gravatar.com https://ts.w.org https://s.w.org https://ps.w.org ; default-src 'self'; script-src 'self' 'unsafe-inline' data:  https://ajax.cloudflare.com  https://www.googletagmanager.com  https://www.google.com  https://www.google-analytics.com  https://sc-static.net  https://www.gstatic.com  https://tr.snapchat.com  https://s.pinimg.com  https://connect.facebook.net  https://dashboard.engagefront.com  https://tags.srv.stackadapt.com  https://widget.alongside.com  https://qvdt3feo.com  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://ajax.cloudflare.com  https://www.googletagmanager.com  https://www.google.com  https://www.google-analytics.com  https://sc-static.net  https://www.gstatic.com  https://tr.snapchat.com  https://s.pinimg.com  https://connect.facebook.net  https://dashboard.engagefront.com  https://tags.srv.stackadapt.com  https://widget.alongside.com  https://qvdt3feo.com ; style-src 'self' 'unsafe-inline' https://tags.srv.stackadapt.com  https://cdn.honey.io  https://www.gstatic.com  data: ; style-src-elem 'self' 'unsafe-inline' https://tags.srv.stackadapt.com  https://cdn.honey.io  https://www.gstatic.com  data: ; font-src 'self' https://www.slant.co  https://api.rabatta.app  https://sc-static.net  https://static.zip.co  https://fonts.gstatic.com  data:; frame-src 'self' https://www.google.com  https://tr.snapchat.com  https://dashboard.engagefront.com  https://ct.pinterest.com  https://www.facebook.com  https://www.googletagmanager.com  blob:; connect-src 'self' https://o187655.ingest.sentry.io  https://tr.snapchat.com  https://tags.srv.stackadapt.com  https://www.google-analytics.com  https://www.facebook.com  https://moosehead.ca  https://stats.g.doubleclick.net  https://ct.pinterest.com  https://region1.google-analytics.com  https://api.trongrid.io  data:  properties  https://mooseheadbeershop.ca;  worker-src 'self' blob:;  media-src 'self' data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://www.facebook.com/ https://www.youtube.com/ *.criteo.com/ *.criteo.net/; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://www.google-analytics.com/  https://connect.facebook.net/ https://www.facebook.com/ https://www.youtube.com/ *.criteo.com/ *.criteo.net/; 1
frame-ancestors none; connect-src 'self' ssl.google-analytics.com; form-action 'self' *.citepayusa.com *.mt.gov app.mt.gov devmtefile.courts.mt.gov mtefile.courts.mt.gov;img-src fonts.gstatic.com 'self' ssl.google-analytics.com data: translate.google.com www.gstatic.com; script-src-attr 'unsafe-inline'; script-src-elem *.gstatic.com *.google.com *.cloudflare.com 'self' 'unsafe-inline' ssl.google-analytics.com www.google-analytics.com; script-src www.google.com www.google.com www.gstatic.com 'self' 'unsafe-eval' 'unsafe-inline' ssl.google-analytics.com data:; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src 'self' 'unsafe-eval' 'unsafe-inline' translate.googleapis.com; default-src *.google.com *.cloudflare.com 'self' 'unsafe-inline' ssl.google-analytics.com 'unsafe-eval' self; font-src fonts.gstatic.com 'self' data: fonts.gstatic.com 1
default-src 'self' *.linkedin.com *.amazonaws.com *.jobpixel.com jobpixel.com unpkg.com *.visualstudio.com *.azure.com *.craftcms.com *.licdn.com *.q4cdn.com *.vimeo.com *.vimeocdn.com investors.devonenergy.com *.gstatic.com *.google.com www.googleapis.com www.google-analytics.com www.googletagmanager.com/ 'unsafe-inline' 'unsafe-eval'; font-src 'self' fonts.gstatic.com/ data:; img-src * 'self' data: https:; style-src 'self' 'unsafe-inline' unpkg.com jobpixel.com *.jobpixel.com fonts.googleapis.com/ *.google.com investors.devonenergy.com *.q4cdn.com;frame-ancestors 'self' dvnlab.com *.dvnlab.com devonenergy.com *.devonenergy.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.taittinger.com *.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net *.facebook.net *.facebook.com *.google-analytics.com *.googletagmanager.com *.google.com *.doubleclick.net www.google.com www.gstatic.com unpkg.com fonts.gstatic.com snap.licdn.com *.pinimg.com *.googleadservices.com *.google.ca *.pinterest.com *.tiktok.com *.youtube-nocookie.com *.youtube.com; img-src 'self' data: maps.gstatic.com maps.googleapis.com *.google-analytics.com *.google.com *.google.fr *.facebook.net *.facebook.com stats.g.doubleclick.net px.ads.linkedin.com *.pinimg.com sc-static.net *.google.ca *.pinterest.com *.ytimg.com googleads.g.doubleclick.net; 1
default-src 'self' https://app.powerbi.com/ http://127.0.0.1:5173/ https://www.youtube.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube-nocookie.com/ https://qa.mycommunitydirectory.com.au/ https://www.mycommunitydirectory.com.au/ https://www.google.com https://maxcdn.bootstrapcdn.com https://08ffcdcdbe5649d9a6569f62408d8e7a.ap-southeast-2.aws.found.io:9243/ https://netdna.bootstrapcdn.com https://netdna.bootstrapcdn.com https://uat.mycommunitydiary.com.au  https://qa.mycommunitydiary.com.au https://www.mycommunitydiary.com.au https://www.mcdiary.com/ https://www.facebook.com/ https://www.google-analytics.com https://maps.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com;      script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.mcd.com/ https://dev.visualwebsiteoptimizer.com/ https://cdn.jsdelivr.net/npm/ https://platform.twitter.com/ http://ajax.googleapis.com/ https://ajax.cloudflare.com https://mc.yandex.ru/ https://qa.mycommunitydirectory.com.au https://www.mycommunitydirectory.com.au https://cdn.datatables.net  https://platform-api.sharethis.com/ https://platform.twitter.com/ https://buttons-config.sharethis.com/ https://z.moatads.com https://en.wikipedia.org https://translate-pa.googleapis.com https://translate-pa.googleapis.com https://www.google.com https://translate-pa.googleapis.com https://www.gstatic.com https://ajax.aspnetcdn.com https://ajax.googleapis.com https://netdna.bootstrapcdn.com https://uat.mycommunitydiary.com.au  https://qa.mycommunitydiary.com.au https://www.mycommunitydiary.com.au https://www.mcdiary.com/ https://wchat.freshchat.com https://translate.googleapis.com/ https://go.communityinfo.org.au/ https://pi.pardot.com https://translate.google.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.googleoptimize.com https://connect.facebook.net https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com https://api.mapbox.com/ https://api.tiles.mapbox.com;      style-src 'self' 'unsafe-inline' https://cdn.datatables.net https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://ajax.googleapis.com/ https://translate.googleapis.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.gstatic.com https://api.mapbox.com/ https://api.tiles.mapbox.com;      img-src 'self' data: https://api.mapbox.com/ https://cyclingwithoutage.org.au/ https://carecallingnow.com/wp-content/ https://translate.google.com/ https://dev.visualwebsiteoptimizer.com/ https://mc.yandex.com/ https://classbento.com.au/images/ https://cdn.weatherapi.com/weather/ https://l.sharethis.com/ https://platform-cdn.sharethis.com/ https://www.linkedin.com https://ciestdynamicpagesprd.blob.core.windows.net https://ciestdynamicpagesuat.blob.core.windows.net https://ciestdynamicpagesqa.blob.core.windows.net https://mc.yandex.ru/metrika/advert.gif https://www.mycommunitydirectory.com.au https://px4.ads.linkedin.com https://px4.ads.linkedin.com https://qadirectorycdn.blob.core.windows.net https://www.google-analytics.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://ajax.googleapis.com https://dummyimage.com https://cdn.eventfinda.com.au https://assets.atdw-online.com.au https://cdnjs.cloudflare.com https://translate.googleapis.com https://www.google.com https://www.gstatic.com https://p.adsymptotic.com https://www.googletagmanager.com https://px.ads.linkedin.com https://www.facebook.com https://mcdcdn.blob.core.windows.net https://maps.gstatic.com https://maps.googleapis.com https://fonts.gstatic.com;      connect-src 'self' https://translate-pa.googleapis.com/ https://mc.yandex.com/ https://px.ads.linkedin.com/ http://api.weatherapi.com/v1/ https://ciestdynamicpagesprd.blob.core.windows.net https://ciestdynamicpagesuat.blob.core.windows.net https://ciestdynamicpagesqa.blob.core.windows.net https://cdn.linkedin.oribi.io https://api.communityinformationexchange.com.au https://mcdcdn.blob.core.windows.net https://api.mycommunitycentral.com https://mc.yandex.ru https://www.mycommunitydiary.com.au https://api-cie.azurewebsites.net https://qaapi.mycommunitycentral.com https://uatapi.mycommunitycentral.com https://www.mcdapi.com https://maps.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://p.adsymptotic.com https://translate.googleapis.com https://l.sharethis.com/ https://api.mapbox.com/ https://a.tiles.mapbox.com/ https://b.tiles.mapbox.com/ https://events.mapbox.com/; worker-src 'self' blob:; 1
default-src 'self' https:;script-src *.termly.io *.matomo.cloud *.googleapis.com *.signalintent.com *.jquery.com *.destinilocators.com *.facebook.net *.facebook.com *.doubleclick.net 'self' data: 'unsafe-inline' 'unsafe-eval' *.yoast.com *.googletagmanager.com *.google.com *.gstatic.com *.google-analytics.com *.cloudfront.net *.cloudflare.com wpsitesync.com;style-src *.google.com *.signalintent.com *.facebook.net *.facebook.com *.destinilocators.com *.doubleclick.net 'self' 'unsafe-inline' yoast.com *.googleapis.com *.cloudfront.net *.cloudflare.com wpsitesync.com;font-src 'self' data: 'unsafe-inline' *.signalintent.com yoast.com *.gstatic.com *.cloudfront.net *.cloudflare.com wpsitesync.com;img-src destinilocators.com *.googleapis.com *.gstatic.com *.facebook.net *.facebook.com 'self' s.w.org yoast.com data: *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.gravatar.com *.cloudfront.net *.cloudflare.com wpsitesync.com *.google.com i0.wp.com https:;frame-src *.intrepidfiber.com *.trinethire.com *.termly.io *.google.com *.facebook.net *.facebook.com *.doubleclick.net destinilocators.com 'self' *.vimeo.com *.youtube.com;form-action *.facebook.com *.icontact.com 'self';base-uri 'self';connect-src 'self' *.termly.io *.matomo.cloud *.herokuapp.com *.signalintent.com yoast.com *.googletagmanager.com yoast.com *.google-analytics.com;frame-ancestors 'self';object-src 'self' 1
default-src https://www.starbt.ro https://s1.adform.net https://s2.adform.net https://adform.net https://ib.adnxs.com https://connect.facebook.net https://s2.adform.net wss://prod-druid-botapi.azurewebsites.net wss://prod-druid-api.azurewebsites.net wss://directline.botframework.com https://cdn-api-weglot.com https://*.weglot.com https://urlgeni.us/ https://analytics.tiktok.com https://www.googletagmanager.com https://www.linkedin.com/ https://px.ads.linkedin.com/ https://vc.hotjar.io wss://*.hotjar.com/ https://cx.atdmt.com https://www.gravatar.com https://ve1panelsettingssa.blob.core.windows.net https://s.yimg.com/ https://*.windows.net https://ct.pinterest.com https://*.google.de https://*.adform.net https://prod-druid-api.azurewebsites.net https://life.aegon.ro/ https://cdn-assets-pi3.nxtservers.com https://a.volvelle.tech https://bsw.digitru.st wss://ws12.hotjar.com wss://ws7.hotjar.com https://api.sitesearch360.com https://www.youtube.com/ https://creativecdn.com/ https://panel-settings-cdn-e1.ve.com/ https://www.facebook.com/ https://dc.services.visualstudio.com  https://html5-player.libsyn.com/ https://hwcdn.libsyn.com/ https://traffic.libsyn.com/ https://directline.botframework.com https://maps.gstatic.com/ https://maps.googleapis.com/ https://*.bancatransilvania.ro/ https://config1.veinteractive.com/ https://*.typekit.net/ https://*.veinteractive.com/ https://sessionapi.veinteractive.com/ https://*.creativecdn.com/ https://*.google.com/ https://*.google-analytics.com/ https://*.doubleclick.net/ https://*.google.ro https://*.bidswitch.net/ https://*.hotjar.com https://*.twitter.com/ https://*.oberthur.com https://bt4.druidplatform.com/ https://hcaptcha.com https://*.hcaptcha.com blob: data:; style-src * 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; script-src * 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' *.adform.net  https://life.aegon.ro/ https://use.fontawesome.com/ https://*.veinteractive.com https://*.typekit.net/ https://*.gstatic.com https://*.bt4.druidplatform.com data:; object-src 'none' 1
frame-ancestors 'self'; form-action 'self' 1
frame-ancestors self https://www.memberbenefitlogin.com https://www.memberbenefitlogon.com https://www.benefitharborbenefits.com https://www.powerofready.com https://www.mykemperbenefits.com https://www.mypennonibenefits.com https://www.previewbenefits.com https://www.anthemflexhourplans.com https://www.bcbsgaflexhourplans.com https://www.empireblueflexhourplans.com https://www.mybenefitharbor.com https://tms.benefitharbor.com; 1
report-uri https://walldeco.ua 1
frame-ancestors 'self' *.translate.goog translate.google.com; 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com www1.rieker.co.uk; base-uri 'self'; object-src 'none' 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://c.bing.com https://js.appboycdn.com z.moatads.com *.vo.msecnd.net https://dl.episerver.net https://snap.licdn.com https://bat.bing.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com *.doubleclick.net https://player.vimeo.com https://static.ads-twitter.com https://analytics.twitter.com https://analytics.tiktok.com https://www.youtube.com https://*.typeform.com https://www.gstatic.com https://intercept.inmoment.com.au https://intercept-client.inmoment.com.au https://csc.inmoment.com; style-src 'self' 'unsafe-inline' http://cloud.typenetwork.com https://fonts.googleapis.com https://*.typeform.com; font-src 'self' http://cloud.typenetwork.com https://fonts.gstatic.com https://*.typeform.com; frame-src 'self' player.vimeo.com *.doubleclick.net https://www.youtube.com https://highlighter.dash.com.au https://archer.australianethical.com.au https://*.typeform.com https://www.google.com https://feedback.inmoment.com.au; img-src 'self' data: https://*.clarity.ms https://c.bing.com www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.google.com.au https://px.ads.linkedin.com https://bat.bing.com https://www.facebook.com *.doubleclick.net https://p.adsymptotic.com https://www.linkedin.com https://t.co https://analytics.twitter.com appboy-images.com braze-images.com cdn.braze.eu; connect-src 'self' https://*.clarity.ms https://c.bing.com https://sdk.iad-05.braze.com *.doubleclick.net https://bat.bing.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com dc.services.visualstudio.com https://www.google-analytics.com https://analytics.google.com https://www.google.com.au https://analytics.tiktok.com wss://api.transformd.com/subscriptions https://api.transformd.com https://pagead2.googlesyndication.com https://api.lever.co https://*.typeform.com https://analytics.pangle-ads.com https://intercept.inmoment.com.au https://csc.inmoment.com; 1
style-src 'self' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net 'unsafe-inline';base-uri 'none';script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com *.googletagmanager.com 'sha256-RkwZMjLMc47J+Esfi8QMj6Wod4juEsxYjNsN6XtVU1g=' 'unsafe-eval';form-action 'self';frame-src 'self' https://wsw.com/ https://www.connectidfeed.com/ https://otp.tools.investis.com/ https://irs.tools.investis.com/ https://players.brightcove.net/ https://player.vimeo.com/ https://www.youtube.com/;img-src 'self' *.google-analytics.com *.googletagmanager.com https://stats.g.doubleclick.net https://www.addevent.com;connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://stats.g.doubleclick.net;object-src 'self';upgrade-insecure-requests ;frame-ancestors 'self';default-src 'none';font-src 'self' https://fonts.gstatic.com https://use.typekit.net; 1
default-src 'self' 'unsafe-inline'; script-src 'self' https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; 1
frame-ancestors https://*.db.com https://*.deutschewealth.com https://e.video-cdn.net 1
default-src 'self' https://smartcaptcha.yandexcloud.net ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stat.sputnik.ru https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md https://mc.yandex.fr https://mc.yandex.kz https://yastatic.net https://smartcaptcha.yandexcloud.net https://*.kaspersky-labs.com https://api-maps.yandex.ru https://*.maps.yandex.net ; font-src 'self' data: https://fonts.gstatic.com https://yastatic.net ; img-src 'self' data: kirovipk.ru *.kirovipk.ru https://stat.sputnik.ru https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md https://mc.yandex.fr https://mc.yandex.kz https://yastatic.net https://secure.gravatar.com https://favicon.yandex.net https://api-maps.yandex.ru https://*.maps.yandex.net ; media-src 'self' https://code.responsivevoice.org https://rutube.ru https://*.userapi.com ; frame-src 'self' https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md https://mc.yandex.fr https://mc.yandex.kz https://forms.yandex.ru https://vk.com https://*.vk.com https://smartcaptcha.yandexcloud.net https://www.youtube.com ; connect-src 'self' https://stat.sputnik.ru https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md https://mc.yandex.fr https://mc.yandex.kz https://yastatic.net *.kaspersky-labs.com ; report-uri https://kirovipk.ru/sites/csp-report/ ; 1
default-src 'self'; child-src 'self' blob: https://client.rlpdirekt.de/ https://kb.ionas.de/; connect-src 'self' https://*.googleapis.com https://*.siegburg.eu https://api.openweathermap.org https://buergerservice.ionas.de/ https://chat-api-5ctcysg6pa-ey.a.run.app https://neurabot-ca-5ctcysg6pa-ey.a.run.app https://piwik.siegburg.eu; font-src 'self' data:; frame-ancestors 'self' https://siegburg.de; frame-src 'self' https://*.siegburg.eu https://buergerservice.ionas.de https://iam.chamaeleon.de https://iam.chamaeleon.de/ https://kb.ionas.de https://siegburg.buergerservice-digital.de https://siegburg.de https://stadtfest.siegburg.de; img-src 'self' data: https://*.googleapis.com https://*.siegburg.de https://*.siegburg.eu https://buergerservice.ionas.de/ https://client.rlpdirekt.de/ https://piwik.siegburg.eu https://siegburg.de https://tiles.chamaeleon.de; manifest-src 'self'; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://piwik.siegburg.eu; script-src-elem 'self' 'unsafe-inline' https://*.neuraflow.de https://*.siegburg.eu https://chat-app.chat-link.de https://piwik.siegburg.eu; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://chat-app.chat-link.de; style-src-elem 'self' 'unsafe-inline' https://chat-app.chat-link.de; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob:; report-to main 1
default-src 'self'; child-src 'self' blob: https://client.rlpdirekt.de/ https://kb.ionas.de/ https://www.youtube-nocookie.com/ https://www.youtube.com/; connect-src 'self' https://*.mercury.ai/ https://api.service-digitale-verwaltung.de https://buergerservice.ionas.de/ https://statistik.cms21.de http://vimeo.com https://www.kreis-bergstrasse.de/:sa2-bwc/ https://www.kreis-bergstrasse.de/:sa2-search/; font-src 'self' data: https://*.mercury.ai/; frame-ancestors 'self'; frame-src 'self' https: https://buergerservice.ionas.de https://citywerk.net https://cms21-hilfe.ionas.de https://iam.chamaeleon.de https://iam.chamaeleon.de/ https://player.vimeo.com/ https://www.facebook.com https://www.youtube-nocookie.com/ https://www.youtube.com/; img-src 'self' data: https://*.mercury.ai/ https://assets.kununu.com/ https://buergerservice.ionas.de/ https://client.rlpdirekt.de/ https://i.ytimg.com/ https://img.youtube.com/ https://s.ytimg.com/ https://statistik.cms21.de https://tiles.chamaeleon.de https://widgets.kununu.com/ https://www.kreis-bergstrasse.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mercury.ai/ https://api.service-digitale-verwaltung.de https://s.ytimg.com/ https://statistik.cms21.de https://www.facebook.com https://www.youtube-nocookie.com/ https://www.youtube.com/; script-src-elem 'self' 'unsafe-inline' https://*.mercury.ai/ https://api.service-digitale-verwaltung.de https://player.vimeo.com/ https://s.ytimg.com/ https://statistik.cms21.de https://www.youtube-nocookie.com/ https://www.youtube.com/; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.mercury.ai/; style-src-elem 'self' 'unsafe-inline' https://*.mercury.ai/ https://api.service-digitale-verwaltung.de; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob:; report-to main 1
default-src 'self' *.youtube.com *.googletagmanager.com *.facebook.com *.cookieinformation.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;script-src 'self' 'unsafe-inline' *.report360.io *.agency360.io *.clarity.ms *.google-analytics.com snap.licdn.com bat.bing.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://connect.facebook.net https://code.jquery.com http://www.googleadservices.com http://www.mail-trigger-api.com https://policy.app.cookieinformation.com;font-src 'self' https://fonts.gstatic.com;connect-src 'self' client.vestjyskmarketing.dk *.facebook.com *.analytics.google.com *.google-analytics.com stats.g.doubleclick.net bat.bing.com *.clarity.ms;img-src 'self' data: https://360service.report360.io *.bing.com www.google.com www.google.dk px.ads.linkedin.com www.google-analytics.com bat.bing.com www.linkedin.com *.clarity.ms *.googletagmanager.com *.facebook.com;script-src-elem 'self' 'unsafe-inline' https://360service.report360.io https://app.agency360.io https://360service.agency360.io https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://connect.facebook.net https://code.jquery.com http://www.googleadservices.com http://www.mail-trigger-api.com https://snap.licdn.com https://bat.bing.com www.clarity.ms https://policy.app.cookieinformation.com;object-src 'self'; 1
frame-ancestors 'self' *.1und1.de *.1und1.com profiseller.de *.profiseller.de *.1and1.com dsl.gmx.de dsl.web.de 1und1-premiumpartner.de *.1und1-premiumpartner.de 1und1-partner.de *.1und1-partner.de 1und1-mm.de *.1und1-mm.de 1und1-hostingpartner.de *.1und1-hostingpartner.de 1und1-freenet.de *.1und1-freenet.de *.mouseflow.com *.1und1.cloud; 1
default-src 'self' data: aaws-aanalytics.sogei.it www.youtube.com www.youtube-nocookie.com www.google.com www.gstatic.com ingestion.webanalytics.italia.it 'unsafe-inline' 'unsafe-eval' script-src 'self' aaws-aanalytics.sogei.it www.youtube.com www.youtube-nocookie.com www.google.com www.gstatic.com ingestion.webanalytics.italia.it 'unsafe-inline' 'unsafe-eval' style-src 'self' 'unsafe-inline'; img-src 'self' data: ingestion.webanalytics.italia.it; connect-src 'self' font-src 'self' aaws-aanalytics.sogei.it; object-src 'self' media-src 'self' aaws-aanalytics.sogei.it www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' navigate-to * 1
frame-ancestors 'self' https://www.lingbao.gov.cn https://www.hubin.gov.cn https://www.shanzhou.gov.cn https://www.lushixian.gov.cn https://www.mianchi.gov.cn https://www.smxjjkfq.gov.cn http://www.smxsfq.gov.cn https://www.yima.gov.cn 1
default-src 'self'; img-src 'self' *; script-src 'self' https://google.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; font-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://www.google.com https://google.com; object-src 'none'; frame-ancestors 'none'; 1
default-src 'self' http://localhost/national-bank-limited/ https://nblbd.com https://www.nblbd.com https://www.google.com/ https://www.youtube.com https://maps.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.datatables.net/1.13.7/js/jquery.dataTables.min.js https://cdn.datatables.net/1.13.7/js/dataTables.bootstrap5.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap-3-typeahead/4.0.1/bootstrap3-typeahead.min.js https://cdn.jsdelivr.net/npm/@fancyapps/fancybox@3.5.6/dist/jquery.fancybox.min.js https://cdnjs.cloudflare.com/ajax/libs/picturefill/3.0.3/picturefill.min.js https://player.vimeo.com/api/player.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/joHA60MeME-PNviL59xVH9zs/recaptcha__en.js https://cdn.skypack.dev https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.datatables.net/1.13.7/css/dataTables.bootstrap5.min.css https://cdn.jsdelivr.net/npm/@fancyapps/fancybox@3.5.6/dist/jquery.fancybox.min.css https://cdn.jsdelivr.net/npm/lightgallery@2.3.0-beta.4/css/lightgallery.css https://cdn.jsdelivr.net/npm/lightgallery@2.3.0-beta.4/css/lg-video.css; img-src 'self' data: https://nblbd.com https://www.nblbd.com https://maps.googleapis.com https://maps.gstatic.com/mapfiles/openhand_8_8.cur https://maps.gstatic.com/mapfiles/transparent.png https://nblbd.com/images/pin.png https://maps.gstatic.com/mapfiles/api-3/images/google_gray.svg https://nblbd.com/images/atm.png https://cdn.jsdelivr.net; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net data: application/font-woff; connect-src 'self' https://maps.googleapis.com; object-src 'none'; media-src 'self'; frame-src 'self' http://www.youtube.com https://www.google.com/; 1
default-src 'self' rainwave.cc *.rainwave.cc;object-src 'none';media-src http://allrelays.rainwave.cc https://relay.rainwave.cc https://relay.rainwave.cc:443 http://allrelays.rainwave.cc http://allrelays.rainwave.cc http://allrelays.rainwave.cc http://allrelays.rainwave.cc;font-src 'self' rainwave.cc data: https://fonts.googleapis.com https://fonts.gstatic.com/;connect-src wss://core.rainwave.cc;style-src 'self' rainwave.cc 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' rainwave.cc *.rainwave.cc https://cdn.discordapp.com 1
default-src 'self' blob: *.paypal.com *.stripe.com wss://flexcom.de:9001 *.tarotpolis.de; img-src 'self' data: *.tarotpolis.de; connect-src 'self' blob: *.stripe.com wss://flexcom.de:9001 *.tarotpolis.de; style-src 'self' 'unsafe-inline' *.tarotpolis.de *.addthis.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.tarotpolis.de *.analytics.google.com *.google-analytics.com *.pinterest.com *.googleadservices.com *.facebook.com *.facebook.net *.myfonts.net *.addthis.com *.googleapis.com; font-src 'self' data: *.tarotpolis.de; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; media-src 'self' blob: data: https://*; img-src 'self' blob: data: https://* 1
default-src 'self' 'unsafe-inline' data: *.widex.com *.wsa.com *.signia.net *.rexton.com *.audioservice.com *.coselgi.com *.signia-pro.com *.signia-hearing.com *.salesforce-sites.com *.widexpro.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.trustarc.com *.typekit.net *.azureedge.net *.youtube-nocookie.com *.bootstrapcdn.com *.w3.org *.doubleclick.net *.facebook.net *.mouseflow.com *.googlesyndication.com *.gstatic.com *.sleeknote.com *.stackadapt.com *.linkedin.com *.shoeboxonline.com *.nr-data.net *.force.com *.nakanohito.jp;img-src 'self' data: blob: *.widex.com *.wsa.com *.signia.net *.rexton.com *.audioservice.com *.coselgi.com *.signia-pro.com *.signia-hearing.com *.widexpro.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.ytimg.com *.cloudflare.com *.trustarc.com *.azureedge.net *.linkedin.com *.w3.org *.googletagmanager.com *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.facebook.com *.ggpht.com *.ytimg.com *.sleeknote.com *.shoeboxonline.com *.sivantos.com *.auditionsolidarite.org *.nakanohito.jp *.userlocal.jp;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cookieinformation.com *.rawgit.com *.salesforce-sites.com *.salesforceliveagent.com *.salesforce.com *.jsdelivr.net *.widex.com *.wsa.com *.signia.net *.signia-hearing.com *.rexton.com *.audioservice.com *.coselgi.com *.signia-pro.com *.widexpro.com *.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.trustarc.com *.youtube-nocookie.com *.azureedge.net *.facebook.net *.doubleclick.net *.googlesyndication.com https://browser-update.org *.w3.org *.youtube.com *.livechatinc.com *.newrelic.com *.nr-data.net *.stackadapt.com *.gstatic.com *.sleeknote.com *.licdn.com *.shoeboxonline.com *.piwik.pro *.google-analytics.com *.mouseflow.com *.force.com *.nakanohito.jp js.adsrvr.org;frame-src https://www.youtube.com/ https://www.youtube-nocookie.com/ https://consent.trustarc.com/ https://consent-pref.trustarc.com/ https://www.shoeboxonline.com/ https://www.google.com/ https://tracker-detail-page.trustarc.com/ https://features.signia-hearing.com/ https://service.force.com/ https://embed.acast.com/;media-src storage.userlocal.jp *.widex.com *.wsa.com *.signia.net *.rexton.com *.audioservice.com *.coselgi.com *.signia-pro.com *.signia-hearing.com *.widexpro.com 1
script-src 'self' *.pantheonsite.io *.bing.com/ www.clarity.ms client.js edge.marker.io flytech-tracking.s3.amazonaws.com *.hotjar.com trusted.com *.trusted.com browser.sentry-cdn.com/ *.surepoint.com/ *.g.doubleclick.net/ js.hsadspixel.net/ js.hscollectedforms.net/ js.hs-banner.com/ js-na1.hs-scripts.com/ pi.pardot.com/ *.googletagmanager.com/ *.google-analytics.com/ cdn.pardot.com/ *.vimeo.com/ snippet.ramblechat.com/ wec-assets.terminus.services/ munchkin.marketo.net js.hs-analytics.net/ snap.licdn.com/ *.googleapis.com  *.mktoweb.com 'unsafe-inline' 'unsafe-eval' data: blob: 1
frame-ancestors 'self' https://www.arcinfo.ch https://www.lenouvelliste.ch https://www.lacote.ch https://www.ascona-locarno.com https://www.rhne.ch https://jazzascona.ch; 1
worker-src 'self' 'unsafe-inline' 'unsafe-eval' blob:  *.photopea.com; 1
default-src 'self' *.google-analytics.com data: gap: idele.matomo.cloud 'unsafe-inline' 'unsafe-eval'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; frame-src 'self' www.google.com player.vimeo.com *.soundcloud.com *.tubedu.org tubedu.org *.slideshare.net *.youtube.com view.genial.ly view.genially.com *.dailymotion.com *.youtube-nocookie.com *.myadvent.net adventmyfriend.com *.jwplayer.com video.terre-net.fr; style-src 'self' use.typekit.net cdn.tarteaucitron.io fonts.googleapis.com p.typekit.net s3.amazonaws.com cdn.icomoon.io 'unsafe-inline'; font-src 'self' use.typekit.net s3.amazonaws.com fonts.gstatic.com cdn.icomoon.io; img-src 'self' data: *.ytimg.com tarteaucitron.io; upgrade-insecure-requests 1
default-src 'self'; connect-src 'self' https://arsdata.zendesk.com https://ekr.zdassets.com/compose/web_widget/arsdata.zendesk.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://ekr.zendesk.com https://zendesk-eu.my.sentry.io https://ekr.zdassets.com; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.zendesk.com/embeddable_framework/main.js https://static.zdassets.com https://widget-mediator.zopim.com; style-src 'self' 'unsafe-inline'; form-action *; media-src 'self' https://static.zdassets.com; object-src 'self'; base-uri 'none'; frame-ancestors *; frame-src 'self'; font-src 'self' https://fonts.gstatic.com 1
font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; frame-src 'self' https://www.google.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru https://sandbox.pay.yandex.ru/; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru https://mc.yandex.ru/metrika/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; report-uri /csp/report; worker-src blob: 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://selectra.co.uk/report-uri/enforce 1
default-src 'self' https://www.google.com  https://www.widgets.investing.com https://sslcharts.forexprostools.com https://www.googletagmanager.com *.google-analytics.com *.cxense.com *.serving-sys.com *.gemius.pl *.googletagservices.com *.doubleclick.net *.adunity.com *.adform.net *.2mdn.net *.conso.ro 'unsafe-inline';script-src 'self' https://www.google.com https://www.gstatic.com  *.googletagmanager.com *.google-analytics.com *.adunity.com *.serving-sys.com *.mookie1.com *.googletagservices.com *.adocean.pl *.gemius.pl *.adform.net https://code3.adtlgc.com z.moatads.com *.cxense.com synocdn.com *.2mdn.net 'unsafe-inline' 'unsafe-eval';style-src 'self' *.adunity.com 'unsafe-inline';img-src 'self' https://www.api.conso.ro *.cxense.com *.serving-sys.com *.adunity.com ad.doubleclick.net *.conso.ro *.mookie1.com *.synoint.com *.moatads.com *.adocean.pl *.adform.net about: data:;base-uri 'self' *.adunity.com *.adform.net 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://bildung.social; img-src 'self' https: data: blob: https://bildung.social; style-src 'self' https://bildung.social 'nonce-CMdjGRUp8bFfngh/oBTQHw=='; media-src 'self' https: data: https://bildung.social; frame-src 'self' https:; manifest-src 'self' https://bildung.social; form-action 'self'; child-src 'self' blob: https://bildung.social; worker-src 'self' blob: https://bildung.social; connect-src 'self' data: blob: https://bildung.social https://storage.gra.cloud.ovh.net wss://bildung.social; script-src 'self' https://bildung.social 'wasm-unsafe-eval' 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-YpEenE0AC1EZhAyxryK3jc5AP' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors 'self' https://tablassurfshop.com https://www.surfingfactory.com https://surfingfactory.com; 1
default-src 'self';object-src 'self';frame-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net https://ihknuernberg.matomo.cloud;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com;script-src-elem 'self' 'unsafe-inline' https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net https://cdn.matomo.cloud;style-src 'self' data: 'unsafe-inline';img-src 'self' data: https://userlike-cdn-operators.userlike.com https://i.ytimg.com https://ihknuernberg.matomo.cloud;font-src 'self' data: 'unsafe-inline' https://userlike-cdn-umm.b-cdn.net;connect-src 'self' https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://api.userlike.com wss://umd.userlike.com https://ihknuernberg.matomo.cloud https://userlike-cdn-umm.b-cdn.net;media-src 'self' https://userlike-cdn-umm.b-cdn.net;manifest-src 'self' 1
default-src 'self' 'sha256-zLSS5imOWw8S4//2UpEPdr/pdVfW2bqxxsb/4nGsKYw=' 'sha256-pS9jMdouCowcasjL2sgHooV094O5iLx4c9rDQw4cFA8=' 'sha256-YJN4OD5I28yho1FvK4s502zmaTBBYV1J8Xm5wxx2hiE=' 'sha256-vbET04fZfFQYnWNvO2utYce6kqtxFoQH07VB6s1ma30=' 'sha256-K+laD8RLXqfuaBbYEKDdiyOXfrhn0VgIkWYAE3AhyDo=' https://analytics.google.com https://www.srcc.gov.au https://www.comcare.gov.au https://app-script.monsido.com https://www.google-analytics.com https://www.google.com.au https://www.googletagmanager.com https://fonts.gstatic.com https://fonts.googleapis.com https://tracking.monsido.com https://stats.g.doubleclick.net https://heatmaps.monsido.com https://search.comcare.gov.au;  style-src 'self' 'sha256-1JxUUhMq6bK5X4ACu0nfZXt9vvTqOWD5xBHl14koBio=' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' https://www.comcare.gov.au  https://fonts.googleapis.com ;object-src 'none'; 1
frame-ancestors 'self' https://gnosis-safe.io https://app.safe.global https://wallet.ambire.com; 1
base-uri 'self'; default-src 'self' omni.eckoh.uk bat.bing.com dn.mediahawk.co.uk; script-src 'self' gstatic.com google.com google.co.uk www.google.co.uk google.recaptcha.net/* www.google.com/recaptcha/api.js cookiehub.net/c2/25caf4d9.js 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com https://www.google.com/recaptcha https://www.gstatic.com/recaptcha/ snap.licdn.com www.dynamicnumbers.mediahawk.co.uk dynamicnumbers.mediahawk.co.uk dn.mediahawk.co.uk unpkg.com/web-vitals bat.bing.com j.6sc.co omni.eckoh.uk pi.pardot.com js.zi-scripts.com px.ads.linkedin.com ipv6.6sc.co www2.eckoh.com www.youtube.com cdn.jsdelivr.net *.cookiebot.com cookiebot.com googleads.g.doubleclick.net td.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com/ajax/libs/aos/2.3.4/aos.css omni.eckoh.uk cdn.honey.io; img-src 'self' data: www.gstatic.com b.6sc.co bat.bing.com www.google.co.uk google.co.uk www.google.com google.com i.ytimg.com www.googletagmanager.com googletagmanager.com omni.eckoh.uk www.adservice.google.com adservice.google.com stats.g.doubleclick.net www.linkedin.com linkedin.com https://imgsct.cookiebot.com imgsct.cookiebot.com www.google.ie www.google.co.in px.ads.linkedin.com www.google.be www.google.com.au www.google.al www.google.com.om www.google.es fonts.gstatic.com www.google.com.bd www.google.com.ph www.google.de www.google.nl px4.ads.linkedin.com www.google.com.pk www.google.cm www.google.lu www.google.com.ni www.google.bg www.google.com.tr www.google.com.mx www.google.fr www.google.com.my www.google.pt www.google.com.pe www.google.kg www.google.com.hk www.google.co.th www.google.hr www.google.ch www.google.co.il www.google.co.ke www.google.cl www.google.com.ng www.google.com.br www.google.jo www.google.me eckoh.com www.google.co.kr www.google.com.gh www.google.com.jm www.google.hn www.google.sk translate.google.com www.google.am www.google.ca www.google.co.vi www.google.co.za www.google.com.co www.google.com.et www.google.com.qa www.google.com.sg www.google.com.vn www.google.cz www.google.gr www.google.it www.google.pl www.google.se b.6sc.co www.google.co.id www.google.co.jp www.google.com.do www.google.com.gt www.google.com.kw www.google.com.mt www.google.com.np www.google.dz www.google.je www.google.lt www.google.lv www.google.mu www.google.no www.google.tt; connect-src 'self' s.websitething.co.uk google-analytics.com file: ipv6.6sc.co dn.mediahawk.co.uk px.ads.linkedin.com bat.bing.com omni.eckoh.uk *.analytics.google.com analytics.google.com *.google-analytics.com google-analytics.com c.6sc.co js.zi-scripts.com ws.zoominfo.com www.youtube.com play.google.com doubleclick.net www.google.co.uk google.co.uk www.google.com google.com www.googletagmanager.com googletagmanager.com adservice.google.com stats.g.doubleclick.net *.cookiebot.com googleads.g.doubleclick.net consentcdn.cookiebot.com www.googleadservices.com www.google.cl www.google.com.ng www.google.ae www.google.hu www.google.co.nz www.google.com.eg www.google.com.pr www.google.com.ua translate.googleapis.com analytics.google.com pagead2.googlesyndication.com www.google.com; font-src 'self' fonts.gstatic.com data: fonts.googleapis.com omni.eckoh.uk; object-src 'self'; media-src 'self' data:; frame-src www.googletagmanager.com www.youtube.com youtube.com www.google.com omni.eckoh.uk https://consentcdn.cookiebot.com td.doubleclick.net bpb.opendns.com mozbar.moz.com; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com 'unsafe-eval' www.youtube.com player.vimeo.com fast.wistia.com static.cloudflareinsights.com www.googletagmanager.com https://*.googletagmanager.com https://*.doubleclick.net https://*.googlesyndication.com https://*.googletagservices.com https://*.googleapis.com https://*.cloudflare.com https://give.unwsp.edu https://*.cloudfront.net https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://*.google-analytics.com https://www.googleadservices.com *.journity.com *.licdn.com *.facebook.net https://www.speakpipe.com www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com https://fonts.googleapis.com https://give.unwsp.edu maps.googleapis.com *.journity.com https://www.speakpipe.com; img-src 'self' 'unsafe-inline' assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com https://www.speakpipe.com i.ytimg.com 2.gravatar.com secure.gravatar.com i.vimeocdn.com fast.wistia.com data: https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com lastfm.freetls.fastly.net https://*.googlesyndication.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com https://ssl-static.libsyn.com https://*.youtube.com https://www.google.com https://m.media-amazon.com www.google.pl https://*.myktis.com *.journity.com *.libsyn.com https://www.life965.com https://www.life979.com https://*.life1019.com https://www.life1071.com https://www.life1025.com https://www.life973.com https://www.life885.com https://www.lifeomaha.com https://www.wcicfm.org https://www.wbgl.org https://www.kslt.com https://www.spiritfm.org *.linkedin.com https://*.swncdn.com https://*.cloudfront.net https://*.omnycontent.com https://theintentionallife.com https://*.sndcdn.com https://*.feedpress.com https://*.feedpress.it https://jdgreear.com https://pastorrobert.com https://*.buzzsprout.com https://*.transistor.fm; font-src 'self' data: https://fonts.gstatic.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' vimeo.com pipedream.wistia.com fast.wistia.com distillery.wistia.com embed-cloudfront.wistia.com assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.googlesyndication.com https://*.googleapis.com https://*.gstatic.com https://www.google-analytics.com https://give.unwsp.edu *.statik.space wss://myktis.com wss://*.unwsp.edu wss://myfaithmedia.org https://www.google.com https://us-autocomplete-pro.api.smartystreets.com/ https://www.myktis.com/ *.journity.com *.linkedin.com; child-src 'self' www.youtube.com player.vimeo.com https://www.google.com https://*.googlesyndication.com https://*.doubleclick.net *.journity.com *.googleadservices.com https://www.speakpipe.com www.youtube-nocookie.com https://html5-player.libsyn.com; media-src 'self' https://*.streamguys1.com https://*.libsyn.com https://*.sslstream.com https://anchor.fm https://*.cloudfront.net https://*.feedpress.it https://traffic.omny.fm https://*.tritondigital.com https://chtbl.com https://*.sndcdn.com https://*.soundcloud.com https://*.familylife.com https://*.buzzsprout.com https://*.azureedge.net https://*.swncdn.com https://*.livingontheedge.org https://*.podtrac.com https://*.subsplash.com https://*.blubrry.com https://www.oneplace.com https://*.reviveourhearts.com https://*.jdgreear.com https://*.spreaker.com https://*.feedpress.com https://myfaithradio.com https://pastorrobert.com https://*.flc.org https://*.amazonaws.com https://chrt.fm https://*.transistor.fm 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://drive.google.com https://www.google.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/ https://www.googletagmanager.com https://analytics.google.com https://www.google.com.tr/ https://*.klyglsn.com https://*.kolaygelsin.com https://stats.g.doubleclick.net/ https://content.googleapis.com/ 1
default-src https: 'unsafe-inline'; img-src https: 'unsafe-inline' data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'             maps.gstatic.com               dashboard.umbraco.org               cdn.cookielaw.org               youtube.com               cognito-identity.eu-central-1.amazonaws.com               *.azurewebsites.net               fonts.googleapis.com               unpkg.com               cdnjs.cloudflare.com               maps.googleapis.com               cdn.jsdelivr.net               fonts.gstatic.com               static.sooqr.com               www.youtube.com               www.facebook.com               *.google-analytics.com               www.googletagmanager.com               www.google.com               www.google.nl               www.gstatic.com               google-analytics.com               cdn.gethatch.com               gethatch.com               papi.gethatch.com               dynamic.sooqr.com               static.sooqr.com               firehose.eu-central-1.amazonaws.com               privacyportal.onetrust.com               stats.g.doubleclick.net               facebook.com               connect.facebook.net               data: 1
frame-ancestors 'self'; frame-src 'self' https://npci.corover.mobi/ https://www.youtube.com https://*.mixpanel.com/; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com unpkg.com/@frontify/ *.cloudinary.com *.cookielaw.org browser-update.org *.addthis.com *.moatads.com *.addthisedge.com *.cookiepro.com *.onetrust.com static.addtoany.com *.matomo.cloud 'self' web-chat.nativechat.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.cookiepro.com *.onetrust.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.frontify.com *.cloudinary.com *.youtube.com *.cookiepro.com *.onetrust.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src https://tourismireland.microsoftcrmportals.com *.youtube-nocookie.com *.candidatemanager.net *.youtube.com/ 'self' web-chat.nativechat.com; connect-src data: accounts.google.com *.gstatic.com *.cookielaw.org *.mktoresp.com *.google-analytics.com *.frontify.com *.cloudinary.com *.addthis.com *.cookiepro.com *.onetrust.com https://stats.addtoany.com/ *.matomo.cloud 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.frontify.com *.cloudinary.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://tourismireland.microsoftcrmportals.com *.frontify.com cloudinary.com *.cloudinary.com *.addthis.com https://r-graph-gallery.com/ https://www.candidatemanager.net https://static.addtoany.com/ *.powerappsportals.com 'self' web-chat.nativechat.com 1
frame-ancestors https://www.findmyshift.co.uk 1
default-src 'self' https: data: 'unsafe-inline'; connect-src 'self' https: wss: 'unsafe-eval' 1
frame-ancestors 'self' https://*.screencloud.com https://*.screen.cloud 1
frame-ancestors 'self' http://localhost:3333 https://smart-builder.sanity.studio 1
default-src 'self' https://* wss://*.hotjar.com https://script.hotjar.com *.pusher.com *.pusherapp.com wss://*.pusher.com; script-src 'unsafe-inline' 'self' 'strict-dynamic' 'nonce-292ea4b713aa2c7146d839448257d39b482cfa6ab9e7655fa302461ac5028e3dSLszp20gKQM=' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://cardflip.twistoo.co *.twistoo.co *.twistoo.tecco.lv https://fonts.googleapis.com https://cdn.luigisbox.com https://onesignal.com; img-src 'self' data: https://*; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com https://cdn.livechatinc.com 1
frame-ancestors https://live.streamdays.com; 1
default-src *; style-src * 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com  1
frame-ancestors 'self' https://*.izvratfilm.com https://xxl.izvratfilm.com https://google.com https://google.ru https://google.com.ua http://*.googleusercontent.com https://*.googleusercontent.com https://go.mail.ru https://www.bing.com http://cc.bingj.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.youtube.com https://ajax.googleapis.com; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://region1.google-analytics.com; font-src 'self' https://fonts.gstatic.com data: application/x-font-woff https://s0.wp.com; frame-src 'self'  https://docs.google.com https://syndication.twitter.com https://www.youtube-nocookie.com; img-src 'self' data: pbs.twimg.com https://i.ytimg.com https://yt3.ggpht.com https://premiostopcreation.es https://secure.gravatar.com https://ps.w.org; manifest-src 'self'; media-src 'self' twitter.com; worker-src blob:; 1
frame-ancestors 'self' https://tfgroupllc.com/ https://taylor-equipment.com/ http://ccse.biz/ 1
frame-ancestors 'self' https://*.faucetcrypto.com; script-src 'self' 'nonce-f5db924e-5dc8-4c80-b68e-e243a7a68aae' 'strict-dynamic' 1
base-uri 'self'; default-src 'self' 'unsafe-inline' *.integrative9.com ieq9.com api.ipstack.com api.geoapify.com wss://www.integrative9.com cdn.integrative9.com *.google.co.za www.google.nl *.youtube.com bat.bing.com fonts.gstatic.com adservice.google.com www.google.com www.gstatic.com *.google.com *.clarity.ms stats.g.doubleclick.net  googleads.g.doubleclick.net *.integrative9.com unpkg.com www.youtube-nocookie.com *.doubleclick.net *.googlesyndication.com wss://localhost:44389  wss://localhost:44353 evaapi.integrative9.com *.google.*; img-src 'self' 'unsafe-inline' *.integrative9.com  cdn.integrative9.com *.bing.com c.clarity.ms *.google.co.za img.youtube.com *.google.com www.google.nl www.googletagmanager.com i.ytimg.com data: *.facebook.com *.google.*; object-src 'none'; script-src 'self' 'unsafe-inline' cdn.integrative9.com unpkg.com ieq9.com *.ieq9.com www.google.com *.googleapis.com www.gstatic.com connect.facebook.net fonts.googleapis.com cdnjs.cloudflare.com api.ipstack.com api.geoapify.com www.google.nl *.doubleclick.net *.google.* *.googletagmanager.com *.clarity.ms bat.bing.com googleads.g.doubleclick.net stats.g.doubleclick.net *.gstatic.com td.doubleclick.net pagead2.googlesyndication.com evaapi.integrative9.com; style-src 'self' 'unsafe-inline' cdn.integrative9.com cdnjs.cloudflare.com fonts.googleapis.com; font-src 'self' data: fonts.gstatic.com; upgrade-insecure-requests; 1
default-src 'self' data: wss: https://www.googletagmanager.com/ https://*.evalufy.com/ https://*.afterhire.com/ https://*.talentera.com/ https://talentera.com/ *.survicate.com/ https://*.hotjar.io/ *.google-analytics.com https://rum-collector-2.pingdom.net/ https://api.amplitude.com/ *.google.de https://yandex.com/ https://*.wootric.com *.herokuapp.com api-iam.intercom.io js.intercomcdn.com s1.bayt.com https://*.facebook.com/ https://www.google-analytics.com www.google.jo www.google.ae *.b8cdn.com https://cdn.optimizely.com *.yandex.ru fonts.googleapis.com https://www.googleapis.com https://maps.googleapis.com https://fcm.googleapis.com https://people.googleapis.com https://identitytoolkit.googleapis.com https://chart.googleapis.com js.arcgis.com www.arcgis.com geocode.arcgis.com stats.g.doubleclick.net *.google.com *.driftt.com *.gstatic.com https://mc.yandex.md https://mc.yandex.com https://translate.googleapis.com https://platform.twitter.com https://www.youtube.com https://use.fontawesome.com https://static3.avast.com *.microsoftonline.com *.live.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://translate-pa.googleapis.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ *.survicate.com/ https://*.evalufy.com/ https://*.afterhire.com/ https://*.hotjar.com/ https://translate.google.com/ https://*.clarity.ms/ https://www.googletagmanager.com/gtag/js https://rum-static.pingdom.net/ https://cdn.amplitude.com/ *.google-analytics.com https://*.wootric.com js.intercomcdn.com widget.intercom.io connect.facebook.net https://mc.yandex.ru fonts.googleapis.com https://maps.googleapis.com/maps/api/ https://fcm.googleapis.com https://people.googleapis.com https://identitytoolkit.googleapis.com js.arcgis.com cdn.addpipe.com https://cdn.optimizely.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ *.b8cdn.com https://platform.twitter.com https://www.google.com/recaptcha/ https://apis.google.com https://translate.google.com/translate_a https://translate.googleapis.com *.driftt.com https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/ amazonaws.com plugins.tinymce.com https://www.gstatic.com/firebasejs/ https://www.gstatic.com/recaptcha/releases/ https://mc.yandex.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com https://www.gstatic.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ *.survicate.com/ *.googleapis.com chatbot.souqmobi.com *.b8cdn.com cdn.addpipe.com js.arcgis.com; img-src data: blob: *; connect-src 'self' data: wss: https://www.googletagmanager.com/ *.survicate.com/ https://*.evalufy.com/ https://*.afterhire.com/ https://*.clarity.ms/ https://*.hotjar.io/ *.google-analytics.com https://rum-collector-2.pingdom.net/ https://api.amplitude.com/ *.google.de https://yandex.com/ https://*.wootric.com *.herokuapp.com api-iam.intercom.io js.intercomcdn.com s1.bayt.com https://*.facebook.com/ https://www.google-analytics.com www.google.jo www.google.ae *.b8cdn.com https://cdn.optimizely.com *.yandex.ru fonts.googleapis.com https://www.googleapis.com https://maps.googleapis.com https://fcm.googleapis.com https://people.googleapis.com https://identitytoolkit.googleapis.com https://chart.googleapis.com js.arcgis.com www.arcgis.com geocode.arcgis.com stats.g.doubleclick.net *.google.com *.driftt.com *.gstatic.com https://mc.yandex.md https://mc.yandex.com https://translate.googleapis.com https://platform.twitter.com https://www.youtube.com https://use.fontawesome.com https://static3.avast.com *.microsoftonline.com *.microsoft.com; ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/api.js https://www.gstatic.com/ https://s7.addthis.com  https://s128650407.t.eloqua.com https://www.googletagmanager.com https://bat.bing.com https://www.google-analytics.com https://snap.licdn.com https://static.hotjar.com https://cdn.livechatinc.com https://connect.facebook.net http://img06.en25.com https://img06.en25.com https://www.youtube.com https://api.livechatinc.com https://cdn-cookieyes.com https://googleads.g.doubleclick.net https://script.hotjar.com https://cdn-cookieyes.com https://googleads.g.doubleclick.net https://z.moatads.com https://v1.addthisedge.com https://m.addthis.com https://api-public.addthis.com http://s7.addthis.com 1
frame-ancestors https://*.ipcamlive.com https://*.facebook.com/ 'self' https://community.go-thassos.gr/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; frame-ancestors 'self' 1
default-src https: 'self' *.spektrix.com/ data: 'unsafe-inline' 'unsafe-eval' cdn.mouseflow.com/; 1
object-src 'none'; default-src 'self'; frame-src 'self' https://form.jotform.com; script-src 'self' https://*.mygoto.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://*.mygoto.com https://*.w3.org data:; font-src 'self' https://fonts.gstatic.com; report-uri https://mygoto.report-uri.com/r/d/csp/enforce; 1
default-src 'self' data: *.yasno.com.ua *.brights.cloud https://code.createjs.com/1.0.0/createjs.min.js https://d2pw7sa8e5q0rl.cloudfront.net s3.eu-central-1.amazonaws.com sinoptik.ua *.google-analytics.com *.analytics.google.com *.googleadservices.com *.googlesyndication.com ad.doubleclick.net adclick.g.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net td.doubleclick.net *.google.com *.google.com.ua *.googletagmanager.com google.com *.gstatic.com *.googleapis.com *.mapbox.com *.cdn-apple.com *.apple.com https://cdn.htb.solutions dtek.htb.solutions stationfinder.htb.solutions *.typekit.net *.youtube.com *.chat24.io bank.gov.ua *.dtekgroup.tek.loc:* dsl-omni.dtek.com *.facebook.com https://*.hotjar.com *.googleadservices.com *.googlesyndication.com ad.doubleclick.net adclick.g.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.yasno.com.ua *.brights.cloud nonce-1a8b2fe5-dde2-417d-b345-03d7cd9ef41a cdn.polyfill.io/v2/polyfill.js https://code.createjs.com/1.0.0/createjs.min.js *.google-analytics.com *.googleadservices.com *.googlesyndication.com ad.doubleclick.net adclick.g.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net td.doubleclick.net *.google.com *.cdn-apple.com *.apple.com *.googletagmanager.com *.googleapis.com *.gstatic.com sinoptik.ua *.youtube.com *.chat24.io dsl-omni.dtek.com https://*.hotjar.com *.facebook.net https://*.ringostat.com; style-src 'self' 'unsafe-inline' *.yasno.com.ua *.brights.cloud fonts.googleapis.com *.chat24.io dsl-omni.dtek.com *.googletagmanager.com; frame-ancestors 'self' *.yasno.com.ua *.brights.cloud https://dtek.sharepoint.com *.dtek.com:* *.dtekgroup.tek.loc:* dsl-omni.dtek.com; frame-src *.yasno.com.ua *.brights.cloud *.googleadservices.com *.googlesyndication.com ad.doubleclick.net adclick.g.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net *.payhub.com.ua *.portmone.com.ua *.googleadservices.com *.googlesyndication.com ad.doubleclick.net adclick.g.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net td.doubleclick.net *.google.com *.youtube.com *.yasno.com.ua *.brights.cloud dsl-omni.dtek.com *.facebook.com; connect-src 'self' https://*.googleapis.com https://*.gstatic.com *.yasno.com.ua *.brights.cloud wss://dsl-omni.dtek.com https://dsl-omni.dtek.com *.google-analytics.com *.analytics.google.com *.googleadservices.com *.googlesyndication.com ad.doubleclick.net adclick.g.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net td.doubleclick.net *.google.com google.com *.doubleclick.net wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io *.facebook.com https://*.ringostat.net; 1
frame-ancestors 'self' storyblok.com *.storyblok.com 1
frame-ancestors 'self' https://platform.fynd.com 1
default-src 'self' https://*.giosg.com https://*.giosgusercontent.com; script-src  'self' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com *.googleoptimize.com *.consentmanager.net 291santanderdk.boost.ai widget.emaerket.dk campaigns.santanderconsumer.dk *.mouseflow.com assets.emaerket.dk dl.episerver.net https://*.giosg.com https://*.giosgusercontent.com https://*.santanderconsumer.dk https://*.santanderconsumer.se https://*.santanderconsumer.no https://*.santanderconsumer.fi https://*.santander.dk https://*.santander.se https://*.santander.no https://*.santander.fi storage.googleapis.com https://bat.bing.com 'sha256-R3r1BBbUqajF92ZtvNhcoXaO1DyvCB5n6RlHZMJNN4Q=' 'sha256-vitIc2uymCl9f6M4oE0lM+hRLG3hY0bvKDdnFnSm/Lw=' 'sha256-qRz8vHFz9Ror3ulXnI8ucDmH61TD/MUIZdpgc1WVzNI=' 'sha256-laWjrqJThFpSbf4H+IwSnwccrjKHaVCE1bYgwmmXevg=' 'sha256-ppnuB8t/zFlSL3wef4Y4RUFh5WsVpgiRKHn0VrbbGn8=' 'sha256-aqG6RKLgwY23CqcmJ5zAlZisFs5xK+Ms4Se+yni8ic0=' 'sha256-wVccTMGgyHpF0qjzi8i6TXA+cnPJr5kxJjguXBNl8uo=' 'sha256-y6hoVbXmB19pgCqBsvSizYaH3Sz7pxb1BEoo12F+Gsc=' 'unsafe-eval' 'sha256-xuL3g8xdp2Whkb7FQO1Nw4aAUTnSvCgAWIBfsAUcpsM=' 'sha256-bw5gs5bIeTI7278wrWAEiyNu2RE5qKa/eDIjlvJzZJ0=' 'sha256-zDbK6fQChSitkNX6V98dV9iry9DTomzE9LLQkUoObhc=' 'sha256-QJ0/gTTiupilkW9DootKOpc4QTNrj/RkjuoecJrelwg=' 'sha256-R+eCfgrGG1e6QKnozw24ga+hrd3KgwSluR1UE1kLesc=' 'sha256-XZ/chm1krByQYHsGXeEuvPhhqWNv+XYV72tdweoyVoQ=' 'sha256-csxyHx67/Cz1ssRqgS9ELrBbd4ijWCEfQSXl+SLfNG4=' 'sha256-UBYOLn6lzP24Shdmu1dFgNBGI2Qnx29UKnu9zcOmJRA=' 'sha256-NGpeOZcu7u4P3rq7urYxouH/3w4WzRrfbaDaGSv+XFk=' 'sha256-ElM0Ncbg7nQo4zV991JvGCmOjkdrPSRR0dFjQjRgsvM=' 'sha256-CtSmrudI29LsFi5Qfh7PyHXcN7mp9vl79V94OgT3Jzk=' 'sha256-5vnGc70Jv+yFgNQYMoUakXQSU1epVZmWabC0vliA7/M=' 'sha256-ijXY3U3jXr4q/K922rgTx02+UqtFvor+3wiCre029e8=' 'sha256-1pMQV3Ib7VHhnZDKdsAjDvk6m/uLqTFWp6J5nSOIgSY=' 'sha256-nwwIZjzcBH+k5HFk2MhGWGd+xq/0UesHpwH1RVSBkHg=' 'sha256-nq6XhVZSU3b6Z83YnzMY0embH3vdSPIB45epdKKOV+8=' 'sha256-jY2LxzCud88y+HDk7k0uYpTIIJ8UH9qHyXbrByVLhOo=' 'sha256-RUtFZeBOuzmMI6NK3+MhwOHkzwvBX/zlARuUwXN2ZJ0=' 'sha256-IYrNdFERMSGYxvvqqQpL1SkA1Brr4r+El1UYbDT9o9E=' 'sha256-ap1pK5M6zUoC6Uw6uAhpxQlumNV2IHkRFUi1znoPFyI=' 'sha256-k5bUPj3lwW4y84A9pcMS1WI2gMxw+K4xeec3K9lfdOk=' 'sha256-4cdEh2WynpfcsAC+f4r1R/3qCXQSR6hcdndYnByEN/I=' 'sha256-1m+BODzWN+Qw4FFL8KnFDvjlsajamDC1gsOXJ0D3NnU=' 'sha256-2gq0hJxRqhCsYO7hrdOFv1jR8JQVqBdmLw45se3HQys=' 'sha256-nbXQZOBO11iHhAL75fncDilg2+EGeWvRvoCwvZQPJ/k=' 'sha256-WRPbP4mLWsmnmusAf9s5r8guWblQblXsuCoC0snBLLU=' 'sha256-3oKCdy2Pn7In8ld6nU5+TRVbgZwqIZfubjVgVfZ6Go0=' 'sha256-r/cMlh30xa65TVyhoT6qgQiSPOTtMqDRFscLOd5h+WQ=' 'sha256-pKIdxFZmp4fM3fv3aZ7FDOKi4qR5pjhnU4M+JmG0QuE=' 'sha256-nXbW4/j/e9kb672rUJkrUlyKLPcXON38af05RoUx3sM=' 'sha256-gvKEL/Zqob8zzPjy1+zKny0CYGvjsjS2lohi399pkfE=' 'sha256-ULMUuBuZ44mxC+Nb0mCweBguxk+k0KgecbB+GCzaZRk=' 'sha256-vMP16IpTSv0bFzeY0bsHCbMogAfpIbF+OBTJ3lInF3c=' 'sha256-uk4hG0YfWxfMbnYFtI3fCFP5X5O1wOBzqLsxhumqmgk=' 'sha256-jgR3vZ89QY6h8owMHwJlhYiGuN7BCNe6kWgrr+obX8c=' 'sha256-qazbGuFcsaEaNUVneEsOiqxo8+oe6YvYmxAMbaZyFdA=' 'sha256-qC/Mo32LqzzO60QrUcrhrtgo4B8vDyP/UjsQz8geYJY=' 'sha256-9WBUR8dZ0zQWQr3RkbdJS759xKUonu8SFRD2aRKAqtk=' 'sha256-Tc0q1FuvgxIsDKDNdRqLRJvAFYzE9zKe3o3h8itgsU0=' 'sha256-AsRAqg7qpys3ut9ZtdPTeOjf2muoENST1aiyxLuUCSQ=' 'sha256-+/pBpK2jVSmjijU0mRgF4scnsGP1EJWyJbqUmLqsNeA=' 'sha256-YTeeKyLwwa1I1ybkpDlM0QMbwxw9HLu3cHFjmqhBSuA=' 'sha256-4IbzcD9A2QyMcKDIUVD1AdciJh3OzTWn+zl0l7zWBh8=' 'sha256-jC7itbVmgm1Y4QDHw+Th07Xw2sglorvpqJFf/tBXgxI=' 'sha256-lf828bVDisdfPdxlot7IObK/+vb0uJyQ/qpQgtbh7xk=' 'sha256-BevxqnWgv+iBKXNpTL2PUL2iYsxPVg7mHT55YoRPpCs=' 'sha256-9gB5s2V9g8bmfvUppQ4yCD4jC1wcdDv4Sp7/zmjGNi4=' 'sha256-m7jVvq5Ohd3aQVeO1IoJEvFQNqrxa8SfeCXM4bG6+34=' 'sha256-3pyAeU2Xko5eqd079vyIQ0AaUcm2ACeQES/5zr6HhHc=' 'sha256-WMrmz7wxPHAwUC3CiiCcWBfvwTxSkMn21kMqvQ4Mmdw=' 'sha256-KWDYaKzKDoIBNIXh3tUlr4vXG4qjUNqsjVYK9NWewPM=' 'sha256-lKqYtZGZYjZN/LBwWcajCK5wwmXJMiR/babMtRzSVKI=' 'sha256-cYjMo89fKPIdRVbNdTjrhdsXmU248Z7Cexa4hVNmSyY=' 'sha256-G/GvvFWBtsnFKe4tOoHSVnl4DoYfvjFPHL6cN21zCFw=' 'sha256-Z6rI93JFePn2KwK7oUGpGeRmI7nZmoN/Z+yEsisyUkk=' 'sha256-GtsAAly5v5ceutArA8m/VORXuG4MAoRmE1f6ekOGn+0=' 'sha256-zj8oSPlL5OtSKGQh5dGYuyULMT3dTH98febKZcVRtPQ=' 'nonce-1//2Cma/2EQs+udRCWHE46Z9cK4NVH/6mLvK3L91Puc='; frame-src   'self' https://apim.scb.nu *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com www.googletagmanager.com cdn.consentmanager.net https://*.giosg.com https://*.giosgusercontent.com *.eloqua.com; child-src   'self' blob: *.hotjar.com blob:; img-src     * 'self' data: blob: *.hotjar.com google-analytics.com optimize.google.com  region1.google-analytics.com region1.analytics.google.com ; style-src   'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com dl.episerver.net https://*.giosg.com https://*.giosgusercontent.com; connect-src https://apim.scb.nu wss://*.santanderconsumer.se wss://*.santander.se *.santanderconsumer.se *.santander.se *.santanderconsumer.dk *.santander.dk *.santanderconsumer.fi *.santander.fi *.santanderconsumer.no *.santander.no https://santanderconsumer.dk https://santander.dk *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.google-analytics.com https://analytics.google.com *.doubleclick.net *.consentmanager.net 291santanderdk.boost.ai *.google.com region1.google-analytics.com region1.analytics.google.com *.mouseflow.com https://*.googlesyndication.com 'self' https://*.giosg.com https://*.giosgusercontent.com data: blob: *.tt.omtrdc.net https://ggsa--sant-dk--pro--87.ew.r.appspot.com https://bat.bing.com *.eloqua.com; font-src    'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com cdn.mouseflow.com https://*.giosg.com https://*.giosgusercontent.com; worker-src  'self' blob:; 1
script-src 'self' https: 'unsafe-inline'; style-src https: 'self' 'unsafe-inline'; img-src https: 'self' data: 'unsafe-inline'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com esskay.kiya.ai; report-uri /csp-violation 1
default-src 'self' https://*.hexa3d.io https://*.h3dstaging.com; img-src 'self' data: w3.org/svg/2000 images.ctfassets.net https://www.google-analytics.com https://www.google.com https://www.google.com.au https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/enterprise.js https://www.google.com/recaptcha/ https://maps.googleapis.com https://maps.gstatic.com https://v2assets.zopim.io https://tr.snapchat.com https://www.facebook.com https://ct.pinterest.com https://www.pinterest.com https://network-stg.bazaarvoice.com https://d.adroll.com https://services.postcodeanywhere.co.uk http://services.postcodeanywhere.co.uk https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://pixel.advertising.com https://sync.outbrain.com https://*.pubmatic.com https://*.yahoo.com https://sync.taboola.com https://eb2.3lift.com https://x.bidswitch.net https://idsync.rlcdn.com https://us-u.openx.net https://ib.adnxs.com https://cm.g.doubleclick.net https://10800822.fls.doubleclick.net https://sync.mathtag.com https://match.adsrvr.org https://rc.rlcdn.com https://edge.curalate.com https://bat.bing.com https://cdn.feedbackify.com https://tag.yieldoptimizer.com https://*.bazaarvoice.com https://production-web-michaelhill.demandware.net https://prod-sfcc-api.michaelhill.com https://www.michaelhill.com https://www.michaelhill.com.au https://www.michaelhill.co.nz https://www.michaelhill.ca https://*.zip.co https://zip.co https://*.zipmoney.com.au https://vto.jewelry https://*.inside-graph.com https://*.powerfront.com https://s.yimg.com https://*.adroll.com https://adroll.com https://*.clarity.ms https://*.analytics.google.com https://analytics.google.com https://*.barilliance.com https://barilliance.com https://*.s3.amazonaws.com https://*.amazonaws.com https://amazonaws.com https://*.hexa3d.io https://*.h3dstaging.com https://*.adyen.com https://cdn.optimizely.com https://optimizely-hrd.appspot.com https://*.contentsquare.net https://*.shophumm.com.au https://*.doubleclick.net https://*.cloudfront.net https://*.salefinder.com.au https://*.salefinder.co.nz https://*.gstatic.com; style-src 'self' https://www.googleapis.com http://fonts.googleapis.com https://fonts.googleapis.com https://www.googletagmanager.com https://services.postcodeanywhere.co.uk https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/enterprise.js https://www.recaptcha.net/recaptcha/api.js 'unsafe-inline' https://s3.amazonaws.com/static.barilliance.com/owl-carousel/owl.carousel.css https://s3.amazonaws.com/static.barilliance.com/owl-carousel/owl.theme.css https://www.michaelhill.com.au https://www.michaelhill.co.nz https://www.michaelhill.ca https://*.bazaarvoice.com https://*.zip.co https://*.zipmoney.com.au https://vto.jewelry https://*.inside-graph.com https://*.powerfront.com https://*.hexa3d.io https://*.h3dstaging.com https://*.shophumm.com.au https://*.salefinder.com.au https://*.salefinder.co.nz; font-src 'self' data: localhost https://fonts.gstatic.com https://*.inside-graph.com; media-src 'self' https://player.vimeo.com/ https://static.zdassets.com https://*.akamaized.net https://*.hexa3d.io https://*.h3dstaging.com https://*.curalate.com https://services.postcodeanywhere.co.uk; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' http://api.addressy.com https://services.postcodeanywhere.co.uk https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/enterprise.js https://www.recaptcha.net/recaptcha/api.js https://maps.googleapis.com www.googleadservices.com https://*.hotjar.com https://sc-static.net https://unpkg.com https://*.bazaarvoice.com https://analytics-static.ugc.bazaarvoice.com https://static.zdassets.com https://connect.facebook.net https://googleads.g.doubleclick.net https://s.pinimg.com https://analytics.tiktok.com https://s.adroll.com https://cdn.rudderlabs.com http://edge.curalate.com https://d.adroll.com https://cdn.feedbackify.com https://www1.feedbackify.com https://ajax.googleapis.com https://s3.amazonaws.com https://bat.bing.com https://*.barilliance.com https://www.barilliance.net https://*.google.com https://www.googleanalytics.com https://*.michaelhill.com.au https://*.michaelhill.ca https://*.michaelhill.co.nz https://*.pinterest.com https://*.zip.co https://*.zipmoney.com.au https://vto.jewelry https://*.inside-graph.com https://*.powerfront.com https://s.yimg.com https://*.adroll.com https://adroll.com https://*.clarity.ms https://*.analytics.google.com https://analytics.google.com https://d3aq2u4yw77ivo.cloudfront.net https://*.hexa3d.io https://*.h3dstaging.com https://www.paypal.com https://tr.snapchat.com https://*.optimizely.com https://optimizely-hrd.appspot.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://t.contentsquare.net https://app.contentsquare.com https://cnstrc.com https://*.adsrvr.org https://*.shophumm.com.au https://*.salefinder.com.au https://*.salefinder.co.nz https://*.youtube.com; connect-src 'self' http://api.addressy.com https://services.postcodeanywhere.co.uk https://www.google-analytics.com https://www.googleapis.com https://maps.googleapis.com https://ekr.zdassets.com https://michaelhill.zendesk.com wss://widget-mediator.zopim.com https://ct.pinterest.com https://apps.bazaarvoice.com https://api.rudderlabs.com https://michaelhill-dataplane.rudderstack.com https://analytics.tiktok.com https://stats.g.doubleclick.net https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://in.hotjar.com https://edge.curalate.com https://tr.snapchat.com https://bat.bing.com https://api.pinpiaa.com https://d.adroll.com https://*.bazaarvoice.com https://*.zip.co https://*.zipmoney.com.au https://vto.jewelry https://*.inside-graph.com wss://*.inside-graph.com https://*.powerfront.com https://s.yimg.com https://*.adroll.com https://adroll.com https://*.clarity.ms https://*.fls.doubleclick.net https://fls.doubleclick.net https://*.analytics.google.com https://analytics.google.com https://*.barilliance.com https://www.barilliance.net https://brauz-api-netlify.netlify.app https://*.michaelhill.com.au https://*.michaelhill.ca https://*.michaelhill.co.nz https://*.pinterest.com https://*.hexa3d.io https://*.h3dstaging.com https://*.adyen.com https://*.paypal.com https://gcr-albatros-eu-prod-europe-west1-mtg-j7ib225lma-ew.a.run.app http://localhost:3000 http://localhost:8181 http://localhost:8181 https://logx.optimizely.com https://*.optimizely.com https://optimizely-hrd.appspot.com https://*.contentsquare.net https://*.flexiti.fi https://*.cnstrc.com https://*.adsrvr.org https://*.shophumm.com.au https://*.snapchat.com https://google.com https://*.google.com; frame-ancestors 'self' https://*.hexa3d.io https://*.h3dstaging.com; object-src 'none'; frame-src https://*.adsrvr.org https://*.adroll.com https://*.adyen.com https://*.bazaarvoice.com https://*.doubleclick.net https://*.flexiti.fi https://*.fls.doubleclick.net https://*.h3dstaging.com https://*.hexa3d.io https://*.inside-graph.com https://*.michaelhill.ca https://*.michaelhill.co.nz https://*.michaelhill.com.au https://*.paypal.com https://*.powerfront.com https://*.zipmoney.com.au https://bid.g.doubleclick.net https://ct.pinterest.com https://vto.jewelry https://optimizely-hrd.appspot.com https://reserve-in-store-michael-hill-au.netlify.app https://reserve-in-store-michael-hill-ca.netlify.app https://reserve-in-store-michael-hill-nz.netlify.app https://static.zip.co https://tr.snapchat.com https://vars.hotjar.com https://widgets.partpay.co.nz https://widgets.shophumm.com.au https://www.barilliance.net https://www.facebook.com https://*.google.com https://www.pinterest.com.au https://www.pinterest.com https://www.recaptcha.net/ https://www.youtube.com https://a24400620820.cdn-pci.optimizely.com https://a24400620820.cdn.optimizely.com https://a24400620820.cdn.optimizely.com https://a24634220027.cdn-pci.optimizely.com https://a24633620082.cdn-pci.optimizely.com https://a24633620082.cdn.optimizely.com 1
default-src 'self' *.kinandcarta.com *.kinandcarta.local;script-src 'unsafe-inline' 'unsafe-eval' 'self' *.kinandcarta.com https://www.google-analytics.com https://www.google.com *.googleapis.com https://www.googletagmanager.com/ https://www.googleoptimize.com/ https://www.youtube.com/ https://kinandcarta.activehosted.com/ https://d3rxaij56vjege.cloudfront.net/ https://static.elfsight.com/ https://apps.elfsight.com/ https://files.elfsight.com/ https://trackcmp.net/ https://edge.fullstory.com/ https://script.hotjar.com/ https://prism.app-us1.com/ https://j.6sc.co https://snap.licdn.com https://diffuser-cdn.app-us1.com https://tracker.metricool.com *.usabilla.com https://cdn.metarouter.io https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://cookie-cdn.cookiepro.com/ https://cse.google.com/ https://geolocation.onetrust.com/  https://www.gstatic.com/recaptcha/releases/qc5B-qjP0QEimFYUxcpWJy5B/recaptcha__en.js https://www.gstatic.com https://www.clarity.ms https://cdn.optimizely.com https://*.linkedin.com https://*.doubleclick.net https://boards.greenhouse.io https://player.vimeo.com https://*.vimeocdn.com https://vimeo.com https://*.clarity.ms https://*.fullstory.com https://wp-ui.app-us1.com https://personalization-wp-service.cluster.app-us1.com https://static.oktopost.com/ https://okt.to/ data:;style-src 'unsafe-inline' 'self' *.kinandcarta.com https://fonts.googleapis.com https://www.google.com/ *.cloudfront.net;font-src 'self' *.kinandcarta.com https://fonts.gstatic.com/ data:;frame-src https://www.facebook.com/ https://www.youtube.com/ https://docs.google.com/  https://player.vimeo.com/ https://omny.fm https://www.google.com/ https://vars.hotjar.com/ *.kinandcarta.com *.cdn.optimizely.com https://boards.greenhouse.io *.doubleclick.net;img-src 'self' *.kinandcarta.com https://px.ads.linkedin.com https://b.6sc.co/ https://tracker.metricool.com https://www.googleapis.com/ https://www.facebook.com/ https://www.googletagmanager.com https://www.google.com/ https://www.google.co.uk/ https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com *.cloudfront.net https://*.linkedin.com https://*.doubleclick.net http://clients1.google.com/ *.usabilla.com https://files.elfsightcdn.com/ https://files.elfsight.com https://c.clarity.ms https://*.googleadservices.com https://c.bing.com https://*.fullstory.com https://cookie-cdn.cookiepro.com data:;connect-src 'self' https://cookie-cdn.cookiepro.com/ https://secure.adnxs.com/ https://secure.adnxs.com https://apps.elfsight.com/ https://*.6sense.com wss://*.hotjar.com https://e.metarouter.io/ https://in.hotjar.com https://*.doubleclick.net/ https://*.google-analytics.com/ https://*.google.com/ https://privacyportal.cookiepro.com/request/v1/consentreceipts https://c.6sc.co/ https://boards-api.greenhouse.io/ https://vc.hotjar.io *.hotjar.com https://player.vimeo.com/ https://logx.optimizely.com https://api.usabilla.com https://*.linkedin.com https://*.doubleclick.net https://personalization-wp-service.cluster.app-us1.com https://*.clarity.ms https://*.onetrust.com https://*.optimizely.com https://*.fullstory.com https://ipv6.6sc.co/ https://cdn.linkedin.oribi.io/ *.googlesyndication.com;worker-src 'self';media-src https://player.vimeo.com/ https://vod-progressive.akamaized.net/ https://files.elfsightcdn.com/ https://files.elfsight.com;object-src 'self';frame-ancestors 'self' https://kinandcarta.activehosted.com; 1
frame-ancestors 'self' https://www.honestdocs.id/ 1
frame-ancestors 'self' revistamedica.com 1
frame-ancestors 'self' *.vu.lt 1
frame-ancestors 'self' https://aws.amazon.com *.pathfactory.com *.lookbookhq.com *.newrelic.com 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' wss://ws.botmaker.com/ 1
default-src 'self'; connect-src 'self' wss://yellow.com/api/v1/finex/ws https://media.yellow.com https://cdn.jsdelivr.net https://www.google-analytics.com https://region1.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; img-src * 'self' https://api.qrserver.com blob: https://www.googletagmanager.com data: https://media.yellow.com https://cdn.jsdelivr.net; font-src 'self' https://fonts.gstatic.com; object-src 'none'; child-src 'self'; upgrade-insecure-requests; block-all-mixed-content 1
child-src * 1
default-src * 'unsafe-eval' 'unsafe-inline'; img-src * data: unsafe-inline 1
base-uri 'self'; upgrade-insecure-requests; default-src 'self' *.youtube-nocookie.com *.ytimg.com; 1
frame-ancestors https://*.myworldfix.com https://*.beesads.com https://*.gamebridge.games http://*.gamebridge.games 1
frame-ancestors 'self' gvh.hu *.gvh.hu 1
frame-ancestors 'self' *.qiscus.com *.midtrans.com 1
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;img-src 'self' data: https://jira.sehlat.io;frame-ancestors 'self';object-src 'none';script-src 'self' 'unsafe-eval' unsafe-inline;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' https://login.microsoftonline.com https://dc.services.visualstudio.com https://id.sehlat.io https://minio.sehlat.io https://sehlat.statuspage.io/api/v2/summary.json;form-action 'self' 1
media-src 'self' https: blob:; font-src 'self' data: https: https://fonts.gstatic.com; frame-src 'self' https: https://optimize.google.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com https: https://evs.pink-boat.fool.com; style-src 'self' data: 'unsafe-inline' https: http://fonts.googleapis.com https://fonts.googleapis.com https://optimize.google.com; connect-src 'self' https: wss://www.fool.com wss://*.33across.com wss://*.hotjar.com https://api.pink-boat.fool.com; img-src 'self' data: https: https://g.foolcdn.com https://optimize.google.com https://www.google-analytics.com; default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https:; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com tag.manager.google.com tagmanager.google.com/ https://www.youtube.com https://wpp-test.wirecard.com https://wpp.wirecard.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://*.sift.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ https://maps.googleapis.com https://widget.trustpilot.com https://hexagon-analytics.com http://bat.bing.com http://*.taboola.com https://*.taboola.com https://test.dekopay.com https://secure.dekopay.com https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.intercom.io https://*.intercomcdn.com https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com https://*.youtube.com http://*.youtube.com https://s.ytimg.com https://static.doubleclick.net https://connect.facebook.net https://www.dwin1.com http://*.scarabresearch.com https://*.scarabresearch.com https://unpkg.com/date-time-format-timezone@latest/build/browserified/date-time-format-timezone-complete-min.js https://pay.google.com https://trck.spoteffects.net https://googleads.g.doubleclick.net www.googletagmanager.com www.googleadservices.com *.ratepay.com https://zenloop-website-overlay-production.s3.amazonaws.com https://channels-api.zenloop.com https://www.google.com/pagead/ https://*.clarity.ms https://region1.google-analytics.com https://region1.analytics.google.com https://www.google.com/recaptcha https://www.gstatic.com/recaptcha https://*.creativecdn.com https://website-overlay.zenloop.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://eu.fw-cdn.com https://chronext.wchat.eu.webpush.myfreshworks.com https://chronextag.myfreshworks.com https://wchat.freshchat.com/ https://kabilanpari-593373390124817132-83eaaf5d74e543316879879.freshchat.com https://*.cdn.adyen.com; img-src 'self' data: * blob: * https://ssl.gstatic.com/ https://hexagon-analytics.com http://cdn.taboola.com https://cdn.taboola.com http://bat.bing.com https://bat.bing.com https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com https://pay.google.com https://googleads.g.doubleclick.net https://*.creativecdn.com https://website-overlay.zenloop.com https://kabilanpari-593373390124817132-83eaaf5d74e543316879879.freshchat.com https://*.cdn.adyen.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://tagmanager.google.com www.googletagmanager.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com https://pay.google.com https://*.creativecdn.com https://website-overlay.zenloop.com https://kabilanpari-593373390124817132-83eaaf5d74e543316879879.freshchat.com https://*.cdn.adyen.com; font-src 'self' https://themes.googleusercontent.com data: * https://fonts.gstatic.com http://fonts.gstatic.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com https://pay.google.com https://*.cdn.adyen.com; frame-src 'self' https: https://www.youtube.com https://wpp-test.wirecard.com https://wpp.wirecard.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ http://widget.trustpilot.com https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com https://googleads.g.doubleclick.net http://googleads.g.doubleclick.net https://connect.facebook.net https://*.sift.com https://pay.google.com https://www.google.com/recaptcha https://recaptcha.google.com/recaptcha https://*.creativecdn.com https://website-overlay.zenloop.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.cdn.adyen.com; frame-ancestors 'self' https://*.frontastic.io frontastic.io.local; object-src 'self'; connect-src 'self' ws: wss: https://www.google-analytics.com https://analytics.google.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ https://api.trustedshops.com https://hexagon-analytics.com http://bat.bing.com https://bat.bing.com http://*.taboola.com https://*.taboola.com https://ctx-nsp-sell-watches-stage.s3.eu-central-1.amazonaws.com https://ctx-nsp-sell-watches.s3.eu-central-1.amazonaws.com https://*.g.doubleclick.net https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.intercom.io https://*.hotjar.com/ https://*.hotjar.io/ https://static.zipmoney.com.au https://static.zdassets.com https://kreditrechner-long-test.creditplus.de https://kess.creditplus.de https://j4s6cgablv-dsn.algolia.net https://cdn.contentful.com https://connect.facebook.net https://*.sift.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://*.emarsys.net https://*.scarabresearch.com https://*.execute-api.eu-central-1.amazonaws.com https://pricing-engine.ful.chronext.com https://pay.google.com https://prs.stage.chronext.com https://prs.ful.chronext.com *.ratepay.com https://zenloop-website-overlay-production.s3.amazonaws.com https://channels-api.zenloop.com https://api.zenloop.com https://maps.googleapis.com https://*.clarity.ms https://region1.google-analytics.com https://region1.analytics.google.com https://workshop.stage.chronext.com https://workshop.ful.chronext.com https://support-service.stage.chronext.com https://support-service.ful.chronext.com https://google.com https://www.gstatic.com/recaptcha https://*.creativecdn.com https://website-overlay.zenloop.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.cdn.adyen.com; worker-src 'self' blob: 1
frame-ancestors 'self' https://www3.eigendev.com/ https://staging.eigendev.com/ https://www.google.com/; 1
default-src 'self' 'unsafe-inline' https: https://ikeafoundation.org; connect-src https:; font-src data: https:; img-src 'strict-dynamic' data: https: 'nonce-qy4EjI6cyst16FvwIgW4urAZpbBZM2J6RLyNuYA7klakBLLIO1cwl9aVBcsTPde5v6TanHgYDhZfYGaja2qDpRfgGUuDHqraYl1m3z6GE10b66oijD36v4xYxamN75J8'; script-src 'self' 'unsafe-inline' https: https://ikeafoundation.org; style-src 'self' 'unsafe-inline' https: https://ikeafoundation.org 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.google-analytics.com https://www.googletagmanager.com *.cloudflare.com *.youtube.com *.typekit.net; style-src 'self' 'unsafe-inline' *.typekit.net *.cloudflare.com; img-src 'self' https://thungela-cms.s3.amazonaws.com data: 1
frame-ancestors 'self' https://adult.activatelearning.ac.uk 1
default-src 'self' data: https://ajax.googleapis.com https://www.google.com https://www.google.co.nz https://www.google-analytics.com https://stats.g.doubleclick.net https://api.addressfinder.io https://www.google.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://api.addressfinder.io; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://oss.maxcdn.com https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://api.addressfinder.io https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com 1
frame-ancestors krimavtotrans.info youticket.ru autobusbilet.ru 1
default-src 'self' https://cdn.polyfill.io/ cdn.acsbapp.com stats.g.doubleclick.net www.google-analytics.com c.navu.app embed.navu.co analytics.google.com packages.umbraco.org our.umbraco.org wss://localhost:*/Contech/ app.navu.app c01.embed.navu.co forms.hsforms.com cdn.viglink.com dcn.acsbapp.com *.navu.co *.navu.app;script-src 'self' blob: *.navu.co *.navu.app *.clarity.ms *.webtraxs.com  www.google-analytics.com google-analytics.com www.googletagmanager.com ajax.googleapis.com unpkg.com ajax.aspnetcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net s7.addthis.com www-conteches-com.disqus.com js.hsforms.net acsbapp.com c.disquscdn.com use.fontawesome.com bat.bing.com *.privacymanager.io *.cloudflare.com 'unsafe-eval' 'unsafe-inline';style-src 'self' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.linearicons.com *.navu.co *.navu.app 'unsafe-inline';connect-src *;font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com cdn.linearicons.com *.googleapis.com;img-src * 'self' data:;frame-ancestors 'self' *.conteches.com www.youtube.com youtube.com youtu.be *.hsforms.com informedinfrastructure.com;frame-src 'self' *.conteches.com disqus.com players.brightcove.net www.youtube.com youtube.com *.navu.co player.flipsnack.com youtu.be informedinfrastructure.com parmonic.ai js.static.parmonic.ai app.navu.app *.hsforms.com 1
upgrade-insecure-requests;default-src 'self' data: *.dropboxusercontent.com *.amazonaws.com fcs1hotel.com *.fcs1hotel.com fcs1hotel.com:8020 *.fcs1hotel.com:8020 fcs1solutions.com *.fcs1solutions.com fcs1solutions.com:8020 *.fcs1solutions.com:8020 fcs1hotel.com *.fcs1hotel.com fcs1hotel.com:8020 *.fcs1hotel.com:8020;base-uri 'self' *.fcs1hotel.com *.fcs1solutions.com *.fcs1hotel.com;connect-src 'self' api.myip.la api.ipify.org *.amazonaws.com *.dropboxusercontent.com *.jsdelivr.net *.cdn-apple.com *.apple.com *.google.com *.googleapis.com *.microsoftonline.com *.fcs1hotel.com fcs1hotel.com:8020 *.fcs1hotel.com:8020 wss://fcs1hotel.com wss://fcs1hotel.com:8020 wss://fcs1hotel.com:8030 wss://*.fcs1hotel.com wss://*.fcs1hotel.com:8020 wss://*.fcs1hotel.com:8030 *.fcs1solutions.com fcs1solutions.com:8020 *.fcs1solutions.com:8020 *.fcs1hotel.com fcs1hotel.com:8020 *.fcs1hotel.com:8020 wss://fcs1solutions.com wss://fcs1solutions.com:8020 wss://fcs1solutions.com:8030 wss://*.fcs1solutions.com wss://*.fcs1solutions.com:8020 wss://*.fcs1solutions.com:8030 wss://fcs1hotel.com wss://fcs1hotel.com:8020 wss://fcs1hotel.com:8030 wss://*.fcs1hotel.com wss://*.fcs1hotel.com:8020 wss://*.fcs1hotel.com:8030;script-src 'self' *.dropboxusercontent.com *.cdn-apple.com *.apple.com *.google.com *.microsoftonline.com *.googleapis.com *.gstatic.com *.fcs1hotel.com *.fcs1solutions.com *.fcs1hotel.com;style-src 'self' 'unsafe-inline' *.dropboxusercontent.com *.jsdelivr.net *.googleapis.com *.gstatic.com *.fcs1hotel.com *.fcs1solutions.com *.fcs1hotel.com;font-src 'self' *.googleapis.com *.gstatic.com *.fcs1hotel.com *.fcs1solutions.com *.fcs1hotel.com;img-src *.amazonaws.com *.dropboxusercontent.com *.jsdelivr.net 'self' data: *.fcs1hotel.com *.fcs1solutions.com *.fcs1hotel.com;form-action 'self' *.fcs1hotel.com *.fcs1solutions.com *.fcs1hotel.com;object-src 'self' *.fcs1hotel.com *.fcs1solutions.com *.fcs1hotel.com;frame-src *.youtube.com 'self' *.google.com *.fcs1hotel.com *.fcs1solutions.com *.fcs1hotel.com;child-src 'self' *.fcs1hotel.com *.fcs1solutions.com *.fcs1hotel.com;frame-ancestors 'self' *.google.com *.fcs1hotel.com *.fcs1solutions.com *.fcs1hotel.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-2ElUcI1NhpSHKa0YQGph0w' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self' https://*.nakama.tv/ https://nakama.tv data: blob: wss: https://secure.gravatar.com/avatar/; frame-ancestors https://*.nakama.tv;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://nofan.xyz; img-src 'self' https: data: blob: https://nofan.xyz; style-src 'self' https://nofan.xyz 'unsafe-inline' 'unsafe-hashes'; media-src 'self' https: data: https://nofan.xyz; frame-src 'self' https:; manifest-src 'self' https://nofan.xyz; form-action 'self'; child-src 'self' blob: https://nofan.xyz; worker-src 'self' blob: https://nofan.xyz; connect-src 'self' data: blob: https://nofan.xyz https://media.nofan.xyz/nofan-box/ wss://nofan.xyz; script-src 'self' https://nofan.xyz 'unsafe-inline' 'wasm-unsafe-eval' 1
default-src 'self' https://api.rgn.one https://sentry.rgn.one https://stats.rgn.one; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://stats.rgn.one https://sentry.rgn.one; child-src 'self'; worker-src 'self' blob:; style-src 'self' https://api.rgn.one https://fonts.googleapis.com/ 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/; img-src 'self' https://rgn-public.s3.rennweg.net https://api.rgn.one https://static.rgn.one https://i.ytimg.com data:; report-uri https://sentry.rgn.one/api/3/security/?sentry_key=5229e8807bc34cfc9477d76fa2361aca; frame-ancestors 'self' 1
upgrade-insecure-requests, frame-ancestors 1
frame-ancestors 'self' https://www.tinkletelecom.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.google.co.in *.herokuapp.com *.ravepay.co ajax.cloudflare.com chimeratool.com *.chimeratool.com *.elfsight.com data.chimeratool.com *.flutterwave.com *.stripe.com *.atfawry.com *.google.com  *.facebook.net  wss://*.citruspay.com:* wss://*.google.co:* *.citruspay.com wss://*.fawrystaging.com wss://*.atfawry.com wss://*.fawry.com wss://*.youtube.com:* *.youtube.com wss://*.tawk.to:* *.tawk.to *.facebook.com *.fawrystaging.com *.mastercard.com.au *.fawry.com atfawry.fawrystaging.com *.facebook.net *.mastercard.com *.razorpay.com *.google-analytics.com *.securecode.com  *.google.com *.dhru.com *.paypal.com *.googletagmanager.com t.me *.t.me wa.me *.wa.me ; img-src * data:; font-src * data: 1
frame-ancestors 'self' https://orchid.imp.iat.oceanwidebridge.com https://orchid.imp.uat.oceanwidebridge.com https://connect.orchidinsurance.com https://orchid.imp.conf.oceanwidebridge.com 1
frame-ancestors 'self' *.cnbankpa.com *.zagclients.net 1
frame-ancestors 'self' https://community.pac.org 1
default-src 'none'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.doubleclick.net *.googletagmanager.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com; connect-src 'self'  *.doubleclick.net *.googleapis.com *.google-analytics.com; img-src data: *; style-src 'self' 'unsafe-inline' *.googleapis.com; form-action 'self'; frame-ancestors 'self' ; base-uri 'self'; frame-src 'self' *.gstatic.com *.google.com; media-src *; font-src * data:; 1
default-src data: analytics.google.com *.g.doubleclick.net www.facebook.com *.google-analytics.com *.google.com www.gstatic.com connect.facebook.net *.googletagmanager.com *.google.cl cdn.jsdelivr.net maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' *.g.doubleclick.net; script-src www.google-analytics.com www.google-analytics.co connect.facebook.net cdn.jsdelivr.net www.gstatic.com www.google.com *.googletagmanager.com data: s0.2mdn.net 'unsafe-inline' 'unsafe-eval' 'self' *.googleadservices.com googleads.g.doubleclick.net tagmanager.google.com ssl.google-analytics.com; frame-src www.google.com www.youtube.com www.facebook.com 'self' player.vimeo.com *.doubleclick.net https://bid.g.doubleclick.net https://td.doubleclick.net; 1
script-src 'self' * 'unsafe-inline' 'unsafe-eval'; worker-src blob:; 1
frame-src 'self' https://calendly.com https://cdn.affinipay.com https://*.squarecdn.com https://*.squareup.com https://*.squareupsandbox.com https://bid.g.doubleclick.net https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.facebook.com https://www.google.com https://www.youtube.com; img-src * 'self' blob: data:; 1
default-src 'none'; img-src 'self' https://*.s3.amazonaws.com https://*.a2censo.com data:; script-src 'self' https://* 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; object-src 'none'; font-src 'self' https://*; manifest-src 'self'; style-src-elem 'self' https://fonts.googleapis.com 'unsafe-inline'; connect-src 'self' https://* 'unsafe-inline'; frame-src 'self' https://vars.hotjar.com https://www.google.com https://www.youtube.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 1
default-src 'self' wss://*.hotjar.com  localhost data: *.advocadoapp.com *.advocado.app *.advo.to   *.survicate.com *.hotjar.com *.hotjar.io *.doubleclick.net www.google.com.vn  *.google.com.vn  *.fbsbx.com *.facebook.com *.line-scdn.net *.line.me *.googleapis.com *.checkout.com *.line-website.com *.googletagmanager.com *.google-analytics.com *.stripe.com *.google.com *.amazonaws.com *.gstatic.com unpkg.com  geolocation-db.com 'unsafe-inline'; img-src 'self'  *.googleusercontent.com      *.google.com.vn   *.advocado.app  *.advo.to  *.google-analytics.com *fbcdn.net *.amazonaws.com *.fbsbx.com *.google.com *.survicate.com *.facebook.com *.line-scdn.net data:; style-src 'self' *.advocado.app *.advo.to *.googleapis.com *.google.com *.advocado.app *.advo.to *.hotjar.com *.survicate.com 'unsafe-inline'; 1
base-uri 'self'; connect-src 'self' https://tablet.sigwebtablet.com:47290 wss:; default-src 'self'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' https://js.stripe.com; object-src 'none'; script-src 'self' blob: 'unsafe-inline' https://js.stripe.com https://www.gstatic.com https://cdn.jsdelivr.net https://tablet.sigwebtablet.com; img-src * blob: data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com; form-action 'self' 1
default-src 'none'; form-action 'self' 3dsecure.gpwebpay.com test.3dsecure.gpwebpay.com www.facebook.com; font-src 'self' data: fonts.gstatic.com *.optimonk.com; frame-ancestors 'self'; frame-src 'self' ehub.cz accounts.google.com *.doubleclick.net c.imedia.cz connect.facebook.net fbrpc://call staticxx.facebook.com tpc.googlesyndication.com www.facebook.com www.googletagmanager.com www.instagram.com www.youtube.com www.zbozi.cz www.paypal.com www.sandbox.paypal.com *.optimonk.com *.ceneo.pl studentenrabatt.com chat-widget.static-amio.com strava-embeds.com www.tiktok.com; manifest-src 'self'; img-src data: https: ssl.gstatic.com www.gstatic.com www.paypal.com www.sandbox.paypal.com *.google-analytics.com; media-src 'self' https:; script-src 'nonce-jf5KZw/5XoZoghfIAGjIyg==' 'unsafe-inline' 'unsafe-eval' 'self' ehub.cz browser.sentry-cdn.com js.sentry-cdn.com connect.facebook.net d70shl7vidtft.cloudfront.net googleads.g.doubleclick.net im9.cz platform.instagram.com client.smartform.cz tpc.googlesyndication.com *.google-analytics.com *.analytics.google.com www.googleadservices.com www.googletagmanager.com www.instagram.com www.zbozi.cz tagmanager.google.com www.paypal.com www.sandbox.paypal.com *.clarity.ms *.optimonk.com *.bing.com chat-widget.static-amio.com https://accounts.google.com/gsi/client; script-src-attr 'unsafe-hashes'; style-src 'unsafe-inline' 'self' client.smartform.cz tagmanager.google.com fonts.googleapis.com www.paypal.com www.sandbox.paypal.com *.optimonk.com https://accounts.google.com/gsi/style; connect-src 'self' wss: ehub.cz api.instagram.com stats.g.doubleclick.net www.facebook.com www.google.com googleads.g.doubleclick.net pagead2.googlesyndication.com *.google-analytics.com www.instagram.com *.sentry.io www.paypal.com www.sandbox.paypal.com analytics.tiktok.com *.clarity.ms *.optimonk.com *.clarity.ms *.bing.com metrics.aktin.sk https://accounts.google.com/gsi/ api.mapy.cz; object-src 'none'; base-uri 'none'; worker-src 'self' blob:; 1
block-all-mixed-content; frame-ancestors *.apotiguar.com.br 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.geniusgames.com.au *.gtgnetwork.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.wistia.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com 1
frame-ancestors https://*.concilio.com 1
frame-ancestors 'self' https://*.dineo.es; 1
default-src 'self' https://dollarsmarkets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://static.cloudflareinsights.com/; child-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://raw.githubusercontent.com https://dollarsmarkets.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com data:; frame-src 'self'; connect-src 'self' https://maps.googleapis.com https://dollarsmarkets.com https://secure.dollarsmarkets.com 1
frame-ancestors 'self' catalogues.ecomiam.com www.ecomiam.com; 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.econcordia.com https://*.knowledgeone.ca https://teachingacademy.concordia.ca 1
frame-ancestors 'self' http://*.www.eddyvegas.com.com https://*.www.eddyvegas.com.com ; 1
block-all-mixed-content; frame-ancestors *.eletrorastro.com.br 1
default-src 'self'; base-uri 'self'; script-src 'nonce-a64c3b03691d53a46477d97a5c16743a' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; connect-src 'self' www.googletagmanager.com *.facebook.com translate.googleapis.com *.instana.io wss://mpsnare.iesnare.com *.usercentrics.eu bat.bing.com/actionp/ *.liadm.com *.parship.dev www.googleadservices.com *.doubleclick.net *.google.com google.com; frame-ancestors 'self' secure1.parship.com secure1.eharmony.com secure1.elitepartner.de *.parship.dev; frame-src 'self' support.elitepartner.at tms.elitepartner.at *.greatviews.de app.usercentrics.eu www.youtube-nocookie.com accounts.google.com translate.googleapis.com *.doubleclick.net *.liadm.com; object-src 'none'; img-src 'self' data: *.instana.io *.parship.dev static.cloudflareinsights.com app.usercentrics.eu/ www.gstatic.com/images/ i.ytimg.com google.com *.google.com www.google.co.uk www.google.ca www.google.de www.google.at www.google.ch www.google.nl www.google.be www.google.fr www.google.com.au www.googleadservices.com www.googletagmanager.com googleads.g.doubleclick.net *.liadm.com sli.eharmony.com; font-src 'self' *.typekit.net; style-src 'self' 'unsafe-inline' 'report-sample' *.typekit.net accounts.google.com/gsi/style translate.googleapis.com; upgrade-insecure-requests; report-uri /ls/ 1
frame-ancestors https://catalogues.emonnaies.fr https://www.emonnaies.fr; 1
default-src 'self' *.noibu.com; worker-src 'self' blob:; child-src 'self' blob:; connect-src 'self' api.addressy.com data: bat.bing.com *.onetrust.com cookies-data.onetrust.io cdn.cookielaw.org *.browser-intake-datadoghq.eu *.mcangelus.com *.mapbox.com *.google.com *.google-analytics.com *.g.doubleclick.net *.doubleclick.net res.cloudinary.com *.contentsquare.net *.facebook.com ct.pinterest.com rd.livesupportserver.de *.uk.auth0.com *.eu.auth0.com *.abtasty.com *.feefo.com *.noibu.com wss://*.noibu.com vc-service.saleago.com *.salesmanago.pl the.sciencebehindecommerce.com *.wepowerconnections.com sgtm.eurocamp.co.uk analytics.tiktok.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mcangelus.com *.googletagmanager.com cdn.cookielaw.org media-library.cloudinary.com *.google-analytics.com *.google.com *.teads.tv bat.bing.com *.gstatic.com *.contentsquare.net *.trustpilot.com *.abtasty.com *.googleapis.com *.feefo.com dwin1.com *.awin1.com *.zenaps.com the.sciencebehindecommerce.com; script-src-elem 'self' 'unsafe-inline' wss: app.storyblok.com *.salesmanago.pl *.g.doubleclick.net *.doubleclick.net cdn.cookielaw.org *.googletagmanager.com *.google.com *.gstatic.com bat.bing.com p.teads.tv connect.facebook.net *.adalyser.com *.contentsquare.net tag.rmp.rakuten.com *.widgets.webengage.com c.webengage.com wsdk-files.webengage.com s.pinimg.com *.mcangelus.com *.google-analytics.com *.liveperson.net *.lpsnmedia.net *.googlesyndication.com rd.livesupportserver.de *.dwin1.com *.cleverpush.com inteliwise-client.s3-eu-west-1.amazonaws.com cdn.inteliwise.com *.app.inteliwi.se *.googleadservices.com *.trustpilot.com *.noibu.com *.realytics.io *.realytics.net *.teads.tv *.abtasty.com sslwidget.criteo.com *.feefo.com analytics.tiktok.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.abtasty.com *.gstatic.com; frame-src 'self' https://* *.awin1.com *.zenaps.com; media-src 'self' res.cloudinary.com *.feefo.com *.vzaar.com; img-src 'self' res.cloudinary.com *.abtasty.com *.amazonaws.com *.feefo.com *.vzaar.com *.awin1.com *.zenaps.com blob: data: https:; font-src 'self' *.abtasty.com *.gstatic.com *.googleapis.com cdn.honey.io; frame-ancestors 'self' app.storyblok.com 1
default-src *.smartsupp.com; style-src 'self' 'unsafe-inline' *.foxentry.cz *.foxentry.com *.typekit.net *.googleapis.com www.googletagmanager.com *.cloudflare.com *.luigisbox.com *.smartsuppcdn.com; img-src 'self' data: *.expedo.cz bat.bing.com cdnjs.cloudflare.com *.pinterest.com *.maxcdn.com *.heureka.cz *.gstatic.com www.google.com www.google.cz *.smartsuppcdn.com c.seznam.cz www.cis.cz maps.gstatic.com www.facebook.com *.googleapis.com *.googleadservices.com *.doubleclick.net *.typekit.net *.google-analytics.com *.googletagmanager.com im9.cz *.foxentry.cz *.foxentry.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.notifikuj.cz wss://*.notifikuj.cz:* *.notifikuj.cz:* *.pinimg.com bat.bing.com *.daktela.com *.srovname.cz *.heureka.cz *.clarity.ms *.google.com *.googlesyndication.com *.luigisbox.com partner-events.favicdn.net *.cloudflare.com *.gopay.com *.zbozi.cz im9.cz *.seznam.cz *.smartsuppchat.com *.smartsuppcdn.com login.dognet.sk *.g.doubleclick.net connect.facebook.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com www.googleadservices.com *.googleapis.com pixel.biano.cz bianopixel.com c.imedia.cz *.smartlook.com *.smartlook.cloud *.cloudflare.com *.targito.expedo.cz *.targito.com *.foxentry.cz *.foxentry.com; connect-src 'self' *.notifikuj.cz wss://*.notifikuj.cz:* *.notifikuj.cz:* *.pinterest.com *.clarity.ms *.srovname.cz *.google.com *.daktela.com *.luigisbox.com *.google-analytics.com *.googlesyndication.com www.facebook.com p.biano.cz *.bianopixel.com partner-events.favi.cz *.g.doubleclick.net wss://*.smartsupp.com *.smartsupp.com *.smartsuppchat.com *.smartsuppcdn.com *.smartlook.com *.smartlook.cloud *.targito.expedo.cz *.targito.com *.foxentry.cz *.foxentry.com *.cloudflare.com; font-src 'self' data: *.cloudflare.com *.gstatic.com *.smartsuppcdn.com *.luigisbox.com *.foxentry.cz *.foxentry.com; object-src 'self'; frame-ancestors 'self'; form-action 'self' maildemon.cis.cz gate.gopay.cz www.facebook.com/tr/ *.foxentry.cz *.foxentry.com; base-uri 'self'; frame-src 'self' *.gopay.cz *.gopay.com *.pinterest.com *.zbozi.cz *.google.com  maildemon.cis.cz *.youtube.com *.facebook.com *.heureka.cz *.targito.com *.foxentry.cz *.foxentry.com zelenaevropaexpedo.bubbleapps.io; child-src blob: *.foxentry.cz *.foxentry.com 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.fontawesome.com blog.farmaciasvivo.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.redsys.es blog.farmaciasvivo.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com blog.farmaciasvivo.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net cl.avis-verifies.com https://www.googletagmanager.com/ https://extranet.gls-spain.es/ *.multisafepay.com https://pay.google.com blog.farmaciasvivo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com farmaciasvivo.com www.farmaciasvivo.com cdn.farmaciasvivo.com blog.farmaciasvivo.com cl.avis-verifies.com *.google.es *.google.com *.facebook.com *.sharethis.com *.doofinder.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.multisafepay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net chimpstatic.com downloads.mailchimp.com *.list-manage.com *.doofinder.com connect.facebook.net *.plerdy.com *.sharethis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.multisafepay.com https://pay.google.com blog.farmaciasvivo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.doofinder.com *.googletagmanager.com *.fontawesome.com *.multisafepay.com blog.farmaciasvivo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ blog.farmaciasvivo.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.doofinder.com wss://eu1-layer.doofinder.com *.doubleclick.net *.google.es *.analytics.google.com *.google-analytics.com *.facebook.com *.sharethis.com *.plerdy.com wss://d.plerdy.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.multisafepay.com blog.farmaciasvivo.com 'self' 'unsafe-inline'; child-src blog.farmaciasvivo.com http: https: blob: 'self' 'unsafe-inline'; default-src blog.farmaciasvivo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'nonce-r01ePK1D52oMAM8o75xsiw==' 'sha256-2lWLrBMqNEeZZva7ECueFJwRLzfyWRLI38lTzWLH7yo=' 'sha256-U+9uytu1wNMDRkbPT1c4SIzmnZr8B8uJ7tscj8Ot6mg=' 'sha256-WWM1JRyw57UB5WW0keQVmrvNG3BmFRmm253yNpWLHFI=' 'sha256-Qda2uFsqXBGj9V5cAGbsO7+345iGKJU/hgWCTjY1E40=' https://*.swogo.net https://sdk.privacy-center.org https://*.svea.com https://*.tiktok.com https://*.facebook.net https://panelista.com https://*.googletagmanager.com https://*.vimeo.com https://*.hotjar.com https://*.google.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bing.com https://www.googleanalytics.com https://*.voyado.com https://*.testfreaks.com 'unsafe-eval' 'report-sample' 'strict-dynamic'; style-src 'self' https://tagmanager.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.hotjar.com https://*.redeal.se https://*.redeal.io https://*.testfreaks.com 'unsafe-inline'; connect-src 'self' *.fyndiq.se analytics.tiktok.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://rum.browser-intake-datadoghq.com https://*.apptus.cloud https://*.swogo.net https://*.privacy-center.org https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com https://*.bing.com https://*.facebook.com https://*.sentry.io https://cloudflareinsights.com https://*.googleapis.com https://*.snapchat.com https://*.microsofttranslator.com https://*.microsoft.com https://*.googlesyndication.com https://*.voyado.com https://cdn.growthbook.io https://*.redeal.se https://*.redeal.io https://*.testfreaks.com; frame-src https://*.svea.com https://*.hotjar.com https://*.isecrets.se https://panelista.com https://reclaimit-support.fyndiq.se https://*.reclaimit.com https://bid.g.doubleclick.net https://*.googletagmanager.com https://*.facebook.com https://*.googlesyndication.com https://*.vimeo.com https://*.tradedoubler.com https://*.youtube.com https://*.redeal.se https://*.redeal.io tel: https://*.testfreaks.com; font-src 'self' https://fonts.gstatic.com data: https://*.hotjar.com; frame-ancestors 'self' https://fyndiq-dev.sanity.studio https://app.datadoghq.com https://*.testfreaks.com https://fyndiq.dk https://*.fyndiq.dk https://fyndiq.fi https://*.fyndiq.fi https://fyndiq.no https://*.fyndiq.no https://fyndiq.se https://*.fyndiq.se 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://chat.snaping.net https://statique.snaping.net https://statique-ca.snaping.net https://static-fr.snaping.net https://static-ca.snaping.net https://tagmanager.google.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.google-analytics.com https://securionpay.com https://optimize.google.com https://*.dplads.com https://*.zdassets.com https://apis.google.com https://js.stripe.com https://cdn.amplitude.com; base-uri 'self'; 1
default-src 'self' http: https:; img-src 'self' data: https: blob: http:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: http: https:; script-src 'self' 'unsafe-inline' https:; connect-src 'self' https: blob: 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://use.fontawesome.com https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com *.cloudflare.com https://*.cloudfront.net https://www.gstatic.com https://api.systempay.fr/static/ *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://ogone.test.v-psp.com https://secure.ogone.com https://*.systempay.fr https://www.facebook.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net https://youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://*.google.com https://amc.demdex.net https://*.youtube.com https://www.youtube-nocookie.com https://*.ytimg.com https://youtu.be https://*.youtu.be https://*.youtube-nocookie.com https://youtube-nocookie.com https://player.vimeo.com https://*.a3web.fr https://*.flippingbook.com https://*.sendinblue.com https://in-automate.brevo.com/ https://*.facebook.com https://*.worldline-solutions.com https://*.brevo.com https://sibautomation.com https://*.fls.doubleclick.net payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/static/ *.doubleclick.net *.googletagmanager.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com https://p.typekit.net https://*.a3web.fr https://amcglobal.sc.omtrdc.net https://cm.everesttech.net https://stats.g.doubleclick.net https://www.google.com https://www.google.fr https://*.ytimg.com https://ytimg.com https://*.youtube.com https://*.youtube-nocookie.com https://youtube-nocookie.com https://*.gstatic.com https://*.googleusercontent.com https://www.megadental.fr https://www.doctorstrong.fr https://www.arcade-dentaire.com https://www.arseus-lab.fr https://*.henryschein.fr https://*.flippingbook.com https://*.cloudfront.net *.cloudflare.com https://paiement.systempay.fr https://www.facebook.com https://retailer.commerce-connector.com https://googleads.g.doubleclick.net https://img.mailinblue.com https://ade.googlesyndication.com *.bird.eu https://images.unsplash.com *.hsforms.net *.hsforms.com https://*.google.com https://*.googleapis.com https://paiement.systempay.fr/static/latest/images/type-carte/ https://api.systempay.fr/static/ https://paiement.systempay.fr/vads-payment/ 'self' data: *.doubleclick.net www.google.at www.google.bf www.google.bg www.google.bi www.google.bj www.google.ca www.google.cg www.google.ci www.google.co.id www.google.co.il www.google.co.ma www.google.co.uk www.google.com.mx www.google.com.tr www.google.com.tw www.google.com.vn www.google.dz www.google.ht www.google.lu www.google.lv www.google.mu www.google.nl www.google.ro www.google.sn www.google.tn https://*.google.mg https://*.google.be https://*.google.de https://*.google.es https://*.google.ch https://*.googlesyndication.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com https://devdocs.magento.com https://www.megadental.fr https://www.doctorstrong.fr https://www.arcade-dentaire.com https://www.arseus-lab.fr https://*.henryschein.fr https://use.typekit.net https://p.typekit.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://www.youtube-nocookie.com https://*.facebook.net https://online.flippingbook.com https://*.cloudfront.net https://static.cloudflareinsights.com https://*.cloudflare.com https://in-automate.brevo.com/ https://*.newrelic.com https://*.nr-data.net https://conversations-widget.sendinblue.com https://*.brevo.com https://tag.beyable.com/ https://front.activation.beyable.com/ https://sibautomation.com/ https://payment.direct.worldline-solutions.com *.hsforms.net *.hsforms.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com https://*.gstatic.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ *.avada.io https://cdnjs.cloudflare.com *.gstatic.com *.googletagmanager.com https://*.googlesyndication.com *.cloudflareinsights.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://use.fontawesome.com https://*.gstatic.com https://tagmanager.google.com *.cloudflare.com https://*.cloudfront.net https://www.googletagmanager.com https://hcaptcha.com https://*.hcaptcha.com https://api.systempay.fr/static/ *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://performance.typekit.net https://devdocs.magento.com https://dpm.demdex.net https://www.googleapis.com https://www.google-analytics.com https://amcglobal.sc.omtrdc.net https://stats.g.doubleclick.net https://*.flippingbook.com *.cloudflare.com https://*.nr-data.net https://in-automate.brevo.com/ https://*.cloudfront.net https://img.mailinblue.com https://*.analytics.google.com https://*.worldline-solutions.com https://www.google.fr https://googleads.g.doubleclick.net t.elasticsuite.io *.hsforms.net *.hsforms.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://get.geojs.io *.avada.io *.google-analytics.com https://*.googlesyndication.com *.doubleclick.net *.googlesyndication.com www.google.be www.google.bj www.google.ca www.google.cg www.google.ch www.google.co.il www.google.co.in www.google.co.ma www.google.co.uk www.google.com.au www.google.com.my www.google.com.pe www.google.com.vn www.google.dz www.google.es www.google.ht www.google.lu www.google.mg www.google.nl www.google.pl www.google.ro www.google.ru 'self' 'unsafe-inline'; child-src https://www.google.com http: https: blob: 'self' 'unsafe-inline'; default-src https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://02563282-c8c4-4e33-b8cd-860c1400d63a.sansec.watch/; report-to report-endpoint; 1
frame-ancestors 'self' https://*.enamad.ir 1
frame-ancestors 'self' https://ntb-centrum.mironet.cz/ https://totem.apps.mironet.cz/ 1
block-all-mixed-content; frame-ancestors *.moveisgruber.com.br 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://ct.pinterest.com https://ampcid.google.cz https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.cz; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.cz https://m.myprotein.cz https://checkout.myprotein.cz https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://c.imedia.cz https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myprotein.cz; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob: https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://d2d7do8qaecbru.cloudfront.net; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.google.dk https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.dk https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn https://fonts.smct.co https://fonts.smct.io https://fonts.gstatic.com; form-action 'self' https://www.facebook.com https://www.myprotein.dk https://m.myprotein.dk https://checkout.myprotein.dk https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myprotein.dk https://smct.co https://*.smct.co https://smct.io https://*.smct.io; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn https://fonts.smct.co https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' control.motionpoint.com/ iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ https://www.next.at 1
frame-ancestors https://*.lg.com.br/ 'self' 1
block-all-mixed-content; frame-ancestors *.normatel.com.br 1
frame-ancestors 'self' https://www.nodal-authority.nsws.gov.in https://www.nodal-authority.nsws.gov.in/investorDSC/*/*/ https://www.nodal-authority.nsws.gov.in/investorDSC/*/* https://www.nodal-authority.nsws.gov.in/investorDSC/* https://fonts.gstatic.com https://www.nsws.gov.in https://stats.g.doubleclick.net https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://fonts.googleapis.com; 1
default-src 'self' blob: data: *.nympho.dk *.nympho.fi *.nympho.eu nymphodk.ngrok.app fonts.googleapis.com maps.googleapis.com mapsresources-pa.googleapis.com fonts.gstatic.com googletagmanager.com www.googletagmanager.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net code.tidio.co widget-v4.tidiochat.com socket.tidio.co wss://socket.tidio.co metrics-collector.tidio.co cdn.tiny.cloud cdn.ckeditor.com cdn.jsdelivr.net code.jquery.com polyfill.io widget.trustpilot.com api.typeform.com embed.typeform.com form.typeform.com;script-src 'self' 'unsafe-eval' blob: 'nonce-Lvih0hUnWsRGTD/WqOVc1A==' 'nonce-3lApNdvLjd3BpVTLHaIMRQ==' 'nonce-cG3IsSZvCDknD/eXJS5JVA==' 'nonce-AIk2CgYI2caIP+PQqGB+gQ==' 'nonce-+0NDnHPoGZkI5f/bvfNOHg==' 'nonce-nDxi9eyIYBtRnfYTmdFYsQ==' 'nonce-P6ugT8M+twll1AKgyRREWg==' 'nonce-zBTBY13dku5fU7ziTrBB9A==' 'nonce-phl1J7kM+xLkDAWDlB5wlQ==' 'nonce-Rd9LSJElirFQvkfktljgsA==' 'nonce-NaONIPC1fnA7bJTYRo99Bg==' 'nonce-vXLv2SdLAzhG7/HNWcSCsw==' 'nonce-UyjvizuhR/aS/Kf+gpyEtQ==' *.nympho.dk *.nympho.fi *.nympho.eu nymphodk.ngrok.app fonts.googleapis.com maps.googleapis.com mapsresources-pa.googleapis.com fonts.gstatic.com googletagmanager.com www.googletagmanager.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net code.tidio.co widget-v4.tidiochat.com socket.tidio.co wss://socket.tidio.co metrics-collector.tidio.co cdn.tiny.cloud cdn.ckeditor.com cdn.jsdelivr.net code.jquery.com polyfill.io widget.trustpilot.com api.typeform.com embed.typeform.com form.typeform.com;style-src 'self' 'unsafe-inline' *.nympho.dk *.nympho.fi *.nympho.eu nymphodk.ngrok.app fonts.googleapis.com maps.googleapis.com mapsresources-pa.googleapis.com fonts.gstatic.com googletagmanager.com www.googletagmanager.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net code.tidio.co widget-v4.tidiochat.com socket.tidio.co wss://socket.tidio.co metrics-collector.tidio.co cdn.tiny.cloud cdn.ckeditor.com cdn.jsdelivr.net code.jquery.com polyfill.io widget.trustpilot.com api.typeform.com embed.typeform.com form.typeform.com;img-src 'self' data: *;frame-ancestors 'none'; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com dc.services.visualstudio.com az416426.vo.msecnd.net www.google-analytics.com www.google.com www.gstatic.com stackpath.bootstrapcdn.com js.monitor.azure.com;style-src 'self' 'unsafe-inline' code.jquery.com fonts.googleapis.com stackpath.bootstrapcdn.com cdn.jsdelivr.net;img-src 'self' data: www.google-analytics.com;frame-src 'self' formulary.au.auth0.com www.google.com https://www.healthy.org.nz;font-src 'self' fonts.gstatic.com;connect-src 'self' formulary.au.auth0.com dc.services.visualstudio.com www.google-analytics.com www.nzf.org.nz nzf.org.nz www.nzfchildren.org.nz nzfchildren.org.nz www.googletagmanager.com js.monitor.azure.com 1
default-src 'self' 'unsafe-inline' 'unsafe-hashes' * ; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' * ; connect-src 'self' * ; img-src 'self' data: * ; style-src 'self' *  'unsafe-inline' ; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.marker.io *.analytics.google.com *.google.de *.hotjar.com data: 'self' 'unsafe-inline'; form-action www.facebook.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.liqpay.ua 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com vars.hotjar.com *.stripe.com www.youtube.com assets.pinterest.com static.addtoany.com *.marker.io www.facebook.com td.doubleclick.net https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net validator.swagger.io *.cloudflare.com https://cdn.klarna.com www.google.com.ua *.googleusercontent.com www.facebook.com *.paypal.com https://s.ytimg.com log.pinterest.com ebizmarts-website.s3.amazonaws.com *.marker.io oiler.ua *.clarity.ms *.bing.com *.liqpay.ua *.laximo.net *.analytics.google.com *.google.de digital-assets.tecalliance.services *.hotjar.com forms.esputnik.com https://www.googletagmanager.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.avada.io *.cloudflare.com www.google.com www.gstatic.com connect.facebook.net static.addtoany.com static.hotjar.com script.hotjar.com graph.facebook.com widgets.pinterest.com *.stripe.com assets.pinterest.com chimpstatic.com *.marker.io *.esputnik.com *.binotel.com *.clarity.ms *.laximo.net *.analytics.google.com *.google.de *.hotjar.com https://www.googletagmanager.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com fonts.googleapis.com 'unsafe-inline' *.laximo.net *.analytics.google.com *.google.de *.hotjar.com 'self' 'unsafe-inline'; object-src https://www.googletagmanager.com/ http://www.googleadservices.com/ 'self' 'unsafe-inline'; media-src *.adobe.com *.marker.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://get.geojs.io *.avada.io *.cloudflare.com stats.g.doubleclick.net in.hotjar.com *.paypal.com stats.addtoany.com *.marker.io esputnik.com *.esputnik.com *.binotel.com *.clarity.ms *.analytics.google.com *.google.de *.hotjar.com *.hotjar.io wss://ws.hotjar.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * data: 'unsafe-inline' 'unsafe-eval'; script-src * data: 'unsafe-inline' 'unsafe-eval'; object-src * data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://www.ikea.com.tw https://via.com https://www.ezactive.com *.mclcinema.com https://reg.now.com https://moov.hk https://www.axa.com.hk *.accorplus.com https://flylanka.com.au https://gauratravel.com.au https://hkfa-grassroots.web.app https://iflynow.com.au *.paydollar.com *.pesopay.com *.siampay.com; 1
default-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflareinsights.com *.google.gr  *.skroutz.gr https://skroutza.skroutz.gr *.contactpigeon.com https://www.clarity.ms *.cloudflare.com *.ubembed.com *.skroutz.gr *.boxnow.gr *.citrusad.com https://skroutza.skroutz.gr *.zdassets.com/ *.hotjar.com https://apis.google.com https://www.gstatic.com https://z.moatads.com https://static.addtoany.com https://analytics.skroutz.gr https://skroutza.skroutz.gr https://360.bestprice.gr https://www.bestprice.gr https://www.glami.gr https://region1.google-analytics.com https://cdn.stat-track.com/ https://assets.citrusad.net https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://script.crazyegg.com https://go.linkwi.se https://trustmark.gr https://www.youtube.com https://script.crazyegg.com https://insurance.e-satisfaction.gr; style-src 'self' 'unsafe-inline' *.contactpigeon.com https://ping.contactpigeon.com *.typekit.net/ https://cdn.jsdelivr.net https://fonts.googleapis.com; object-src 'self'; img-src 'self' data: www.googletagmanager.com *.skroutz.gr *.doubleclick.net https://c.bing.com/c.gif https://skroutza.skroutz.gr https://dimages.contactpigeon.com https://ping.contactpigeon.com https://c.clarity.ms https://static.pharmnet.gr https://www.pharmnet.gr https://pharmnetnew.staginglh.com https://local.pharmnetnew.gr https://pharmnetnew.test.devlh.com https://pharmnet.gr *.cdninstagram.com https://www.glami.gr https://www.facebook.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.google.gr https://www.google.com.tr https://trustmark.gr; font-src 'self' data: *.typekit.net/ https://fonts.gstatic.com; connect-src 'self' googleads.g.doubleclick.net www.google.com https://gtm.pharmnet.gr/ *.facebook.com https://pagead2.googlesyndication.com *.googlesyndication.com *.analytics.google.com https://region1.analytics.google.com *.clarity.ms *.contactpigeon.com  https://ping.contactpigeon.com https://conversionapi.pharmnet.gr *.citrusad.com https://staging-integration.citrusad.com  *.zdassets.com https://www.youtube.com https://www.bestprice.gr https://s7.addthis.com https://m.addthis.com https://forms.m-pages.com https://t.stat-track.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com; frame-src *; media-src 'self'; manifest-src *.pharmnet.gr; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 1
form-action 'self' *.systempay.fr 1
object-src 'none'; upgrade-insecure-requests; 1
frame-ancestors amatic365.com www.amatic365.com slotsx.org www.slotsx.org; 1
frame-ancestors https://www.locize.app/ https://lead360.local.sonarhome.dev https://lead360.staging.sonarhome.dev https://lead360.sonarhome.pl https://lead360.sonarhome.hu https://lead360.sonarhome.ro 'self'; frame-src *; 1
frame-ancestors 'self' https://sportland.ee/ https://sportland.com/ https://en.sportland.fi/ https://ru.sportland.ee/ https://ru.sportland.lt/ https://ru.sportland.lv/ https://pl.sportland.com/ https://sportland.fi/ https://sportland.lt/ https://sportland.lv/ https://sportskim.sportland.lv/ https://outlet.sportland.lv/ https://outlet.sportland.lt/ https://outlet.sportland.ee/ https://outlet.sportland.com/ https://ru-outlet.sportland.com/ https://outlet.sportland.fi/; 1
style-src 'self' https://unpkg.com https://fonts.googleapis.com 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://localhost:8080 https://staging.suysing.com https://app-stg.suysing.com https://unpkg.com https://www.googletagmanager.com https://www.googleadservices.com http://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://cdnjs.cloudflare.com https://www.gstatic.com http://suysing-backend.test https://staging.suysing.com https://app-stg.suysing.com 1
frame-ancestors 'self' *.tennisonly.com.au *.runningwarehouse.com.au *.totalpickleball.com.au www.runningwarehouse.eu www.runningwarehouse.com www.tennis-warehouse.com www.tenniswarehouse-europe.com; 1
frame-ancestors 'self' https://*.tennislegend.fr;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.bing.com *.clarity.ms *.cloudflare.com *.cookielaw.org *.doubleclick.net *.early-birds.fr *.facebook.com *.facebook.net *.geoplugin.net *.google-analytics.com *.google.com *.google.fr *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.sendinblue.com *.trustedshops.com *.luckycart.com *.pcapredict.com sibautomation.com 1
default-src 'self' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com cloudflareinsights.com bam.nr-data.net https://pub.sentryio.gozamie.com:9000 tc-s3-b-application.s3.ap-southeast-1.amazonaws.com analytics.tiktok.com hotelimages.sunhotels.net sg-api.globaltix.com *.tribecar.com ap-south-1.linodeobjects.com *.ap-south-1.linodeobjects.com cdnjs.cloudflare.com *.freshchat.com *.googletagmanager.com *.facebook.com connect.facebook.net *.google.com tools.applemediaservices.com apple-resources.s3.amazonaws.com www.google-analytics.com connect.facebook.net www.youtube.com *.doubleclick.net redirector.googlevideo.com *.googleapis.com *.google.com.sg i.ytimg.com yt3.ggpht.com *.freshworksapi.com fc-use1-00-pics-bkt-00.s3.amazonaws.com oss.maxcdn.com maxcdn.bootstrapcdn.com *.zopim.com unpkg.com stripe.com *.stripe.com cdn.jsdelivr.net schema.org www.sitemaps.org www.w3.org *.gstatic.com *.newrelic.com i.i-sgcm.com *.googleadservices.com 'unsafe-inline' data: 1
frame-ancestors 'self' https://zab.pasanja.xyz/ 1
connect-src 'self' ws://ubitscan.io wss://ubitscan.io https://rpc.ubitscan.io/ https://testnet-rpc.cmnscan.com/ https://api.coingecko.com/api/v3/simple/price?ids=ubit&vs_currencies=usd;        default-src 'self';        script-src 'self' 'unsafe-inline' 'unsafe-eval' https://testnet-rpc.cmnscan.com/;        style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com;        img-src 'self' * data:;        media-src 'self' * data:;        font-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.gstatic.com data:;        frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://request-global.czilladx.com https://www.google.com; 1
base-uri 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' *.unilabs.pt *.cookielaw.org *.googletagmanager.com *.facebook.com *.facebook.net *.google.com *.googleapis.com *.doubleclick.net *.marker.io *.moin.ai *.googleadservices.com *.google-analytics.com *.googlesyndication.com *.youtube.com *.gstatic.com dyv6f9ner1ir9.cloudfront.net 'sha384-aft+GZL5tHszrbQIp1zlth+t5en0IIyZklsKX/9DV/pI3LbqTiKgne9fke/SkbbR' 'nonce-uORxcMic+ocXjlVNh1ktwg==' 'nonce-Yj/8Axi+rBVythRmZo9dVg==' 'strict-dynamic'; style-src 'self' 'unsafe-inline' https:; default-src 'self'; script-src-attr 'self' dyv6f9ner1ir9.cloudfront.net; connect-src 'self' https: wss:; img-src 'self' data: *; frame-src 'self' *.youtube.com *.facebook.com *.google.com *.vimeo.com *.gstatic.com *.marker.io dyv6f9ner1ir9.cloudfront.net *.outgrow.us; font-src 'self' https:; upgrade-insecure-requests 1
default-src self 'unsafe-inline' data: gap: https://ssl.gstatic.com ; media-src 'self' https://unilabs.sk data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src-elem * https://fonts.googleapis.com https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com/ https://www.google-analytics.com https://googleads.g.doubleclick.net 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://unilabs.bwcdn.net http://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://jquery.app https://www.jqueryscript.net https://stackpath.bootstrapcdn.com; img-src * 'self' 'unsafe-inline' data:; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com data:; connect-src * 'self' 'unsafe-inline' https://unilabs.sk https://maps.googleapis.com https://stats.g.doubleclick.net https://in.hotjar.com; frame-src 'self' 'unsafe-inline' https://player.vimeo.com/ https://www.youtube.com/ https://youtube.com/ https://vars.hotjar.com/ https://www.google.com/ https://maps.google.com/ https://td.doubleclick.net/;; form-action 'self'; 1
block-all-mixed-content; frame-ancestors *.valordoconhecimento.com.br 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com www.tjk-njk.com *.exoclick.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.vidz.com/csp-reports; report-to csp-endpoint 1
default-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; worker-src https: blob:; connect-src https: wss://websocket-visitors.smartsupp.com 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.hubspot.com js.hscta.net tools.luckyorange.com js.hs-scripts.com *.googletagmanager.com snap.licdn.com scout-cdn.salesloft.com *.google-analytics.com *.hotjar.com *.linkedin.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com ws.zoominfo.com api.hubapi.com js.hsadspixel.net js.hs leadflows.net www.googletagmanager.com js.hs-banner.com www.googletagmanager.com googleads.g.doubleclick.net static.hsappstatic.net *.vimeo.com *.youtube.com js.hsleadflows.net js.hsforms.net js.driftt.com widget.drift.com https://tracking.g2crowd.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data:; connect-src 'self' https: data: wss: wss://ws.hotjar.com; font-src 'self' https: data:; media-src 'self' https: data:; report-uri *; child-src * *.hubspot.com *.googletagmanager.com; form-action 'self' https:; frame-ancestors https:; object-src 'self' https: *.hubspot.com *.googletagmanager.com meetings.hubspot.com; frame-src 'self' https: *.hubspot.com *.googletagmanager.com meetings.hubspot.com *.google.com *.youtube.com js.driftt.com widget.drift.com; worker-src https:; manifest-src https:; upgrade-insecure-requests 1
default-src 'self' *.sciflow.net sciflow.net app.sciflow.net *.intercom.io;script-src 'self' *.sciflow.net sciflow.net app.sciflow.net 'unsafe-inline' *.intercom.io *.intercomcdn.com;style-src 'self' 'unsafe-inline';frame-src youtube.com www.youtube.com;connect-src 'self' *.sciflow.net sciflow.net app.sciflow.net connect.sciflow.net ws: wss: *.intercom.io;img-src 'self' *.sciflow.net https://cms.sciflow.net sciflow.net data:;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-090a7df9972e4669828620a9808ee1db' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://*.amplitude.com ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io https://*.amplitude.com;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
frame-ancestors 'self' *.lndo.site *.us-2.platformsh.site *.authorize.net multcopets.org *.multcopets.org 1
default-src 'self'; script-src 'nonce-NTE3MjVlZTQtNzBjOS00MzQyLTlhYzktOTM1YjM4MjYyMjY4' 'self' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https://cdn.iframe.ly https://google-analytics.com https://integrations.gitbook.com https://ssl.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' * analytics.google.com blob: data: files.gitbook.com ssl.google-analytics.com www.google-analytics.com www.google.com; connect-src 'self' * about: ampcid.google.com analytics.google.com api.gitbook.com app.gitbook.com integrations.gitbook.com srv.buysellads.com stats.g.doubleclick.net www.google-analytics.com; font-src 'self' data: fonts.gstatic.com; frame-src *; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors https: 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://service.maxymiser.net http://service.maxymiser.net http://*.oracleinfinity.io/ https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com http://www.googleadservices.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maxcdn.bootstrapcdn.com https://cdn.gigya.com https://cdns.gigya.com https://cdns1.gigya.com https://cdns2.gigya.com https://cdns3.gigya.com https://cdns4.gigya.com https://cdns5.gigya.com https://accounts.gigya.com https://accounts.eu1.gigya.com https://signin.qa.nationalexpress.com https://cdn.synthetix.com https://national-express.cloud-iq.com http://national-express.cloud-iq.com https://uktc.fospha.com https://tag.yieldoptimizer.com https://connect.facebook.net https://bat.bing.com http://bat.bing.com https://*.vo.msecnd.net http://az416426.vo.msecnd.net https://prod.limitlesslivemessenger.com https://sc-static.net https://tr.snapchat.com https://static.ads-twitter.com https://analytics.twitter.com https://platform.twitter.com https://widget.trustpilot.com https://cdn.syndication.twimg.com https://sn1.clicktripz.com js.hsforms.net https://eu.clicktripz.com http://uktc.fospha.com https://forms.hsforms.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-analytics.net/analytics/ https://r1.dotmailer-surveys.com http://r1.dotmailer-surveys.com https://r1.dotdigital-pages.com http://r1.dotdigital-pages.com https://d2oh4tlt9mrke9.cloudfront.net https://d2qmp7jjpd79k7.cloudfront.net https://platform-api.sharethis.com https://buttons-config.sharethis.com https://static.hotjar.com https://script.hotjar.com https://*.clarity.ms/ https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://digitalcampaignsstorage.blob.core.windows.net https://ict.infinity-tracking.net/js/ https://script.infinity-tracking.com https://widgets.moovit.com https://widgets.moovit.com/wtp/en-gb/ https://m.moovitapp.com https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://nx-busapplication-prd2-c7aggnczaxcgagdr.a01.azurefd.net https://appassets.mvtdev.com/mobile/ https://www.tiktok.com/embed.js https://lf16-tiktok-web.ttwstatic.com https://sf16-website-login.neutral.ttwstatic.com https://secure.data-insight365.com/js/265823.js https://secure.data-insight365.com/Track/Capture.aspx https://d3dh5c7rwzliwm.cloudfront.net https://d32106rlhdcogo.cloudfront.net https://dgf0rw7orw6vf.cloudfront.net https://*.quantserve.com/ https://rules.quantcount.com https://edge.quantserve.com http://www.instagram.com https://cdn.weglot.com https://s.yimg.com/wi/ytc.js https://acdn.adnxs.com/dmp/up/pixie.js https://cdn.mookie1.com/containr.js https://*.abtasty.com blob: https://service.force.com https://*.my.salesforce.com https://*.salesforceliveagent.com/;object-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.synthetix.com https://service.maxymiser.net http://service.maxymiser.net http://*.oracleinfinity.io/ https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/ https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/ https://platform.twitter.com https://ton.twimg.com https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://nx-busapplication-prd2-c7aggnczaxcgagdr.a01.azurefd.net https://use.typekit.net/hpe8ksj.css https://p.typekit.net/p.css https://lf16-tiktok-web.ttwstatic.com https://sf16-website-login.neutral.ttwstatic.com https://script.hotjar.com https://static.hotjar.com https://cdn.weglot.com https://*.abtasty.com https://service.force.com;img-src 'self' https://*.google-analytics.com https://www.google.com https://www.google.co.uk https://cm.g.doubleclick.net https://ad.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com http://www.googletagmanager.com https://www.googletagmanager.com https://national-express.cloud-iq.com http://national-express.cloud-iq.com https://uktc.fospha.com https://www.facebook.com https://bat.bing.com https://cdn.jsdelivr.net https://www.nationalexpress.com https://4ez2xrmccannwebprd1.blob.core.windows.net https://zwu74omccannwebqa1.blob.core.windows.net https://4ez2xrmccannwebprd1-secondary.blob.core.windows.net http://uktc.fospha.com data: https://forms.hubspot.com https://forms.hsforms.com https://track.hubspot.com https://t.co/i/ https://abs.twimg.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://syndication.twitter.com https://analytics.twitter.com https://cdns.gigya.com https://cdns1.gigya.com https://cdns2.gigya.com https://cdns3.gigya.com https://signin.qa.nationalexpress.com https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://graph.facebook.com https://platform-lookaside.fbsbx.com https://platform-cdn.sharethis.com https://l.sharethis.com https://service.maxymiser.net http://service.maxymiser.net http://*.oracleinfinity.io/ https://script.hotjar.com https://static.hotjar.com https://*.clarity.ms/ https://c.bing.com https://cdn-ukwest.onetrust.com https://digitalcampaignsstorage.blob.core.windows.net https://widgets.moovit.com https://m.moovitapp.com https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://nx-busapplication-prd2-c7aggnczaxcgagdr.a01.azurefd.net https://appassets.mvtdev.com/mobile/ https://a-tiles.locationiq.com https://b-tiles.locationiq.com https://c-tiles.locationiq.com https://secure.agile-company-365.com/265823.png blob: https://d1fd8aj8bhyfe9.cloudfront.net https://d3dh5c7rwzliwm.cloudfront.net https://pixel.quantserve.com https://cdn.weglot.com https://sp.analytics.yahoo.com https://*.abtasty.com;frame-src 'self' https://routemap-embed.nationalexpress.com https://faq.nationalexpress.com https://cdns.eu1.gigya.com https://signin.qa.nationalexpress.com https://www.google.com https://*.fls.doubleclick.net https://www.google.com/recaptcha/ https://forms.gle https://docs.google.com https://td.doubleclick.net https://accounts.google.com https://www.facebook.com https://www.youtube.com https://contactless.nxbus.com https://live.ekashu.com https://r1.dotmailer-surveys.com http://r1.dotmailer-surveys.com https://r1.dotdigital-pages.com http://r1.dotdigital-pages.com https://nationalexpressportal.icasework.com https://national-express--bguat.my.salesforce.com https://webto.salesforce.com https://national-express.force.com https://timetables-embed.nxbus.co.uk https://www.nationalexpress.com https://bustimetables-nx.utrackapps.com https://bustimetables-dev.utrackapps.com https://contactless.nxbus.com https://nxbusgateway.co.uk https://player.vimeo.com https://forms.hsforms.com https://tr.snapchat.com https://www.trustpilot.com https://c.sharethis.mgr.consensu.org https://widget.trustpilot.com https://platform.twitter.com https://syndication.twitter.com https://service.maxymiser.net http://service.maxymiser.net http://*.oracleinfinity.io/ https://vars.hotjar.com https://widgets.moovit.com https://moovitapp.com https://m.moovitapp.com https://appassets.mvtdev.com/mobile/ https://www.tiktok.com https://nxbusdt.b2clogin.com https://nxbus.b2clogin.com https://www.loom.com http://www.instagram.com https://*.abtasty.com https://service.force.com https://*.my.salesforce.com;font-src 'self' https://fonts.gstatic.com https://script.hotjar.com https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/ https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/ https://digitalcampaignsstorage.blob.core.windows.net https://use.typekit.net/af/ https://cdn.weglot.com https://*.abtasty.com data:;connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://docs.google.com https://*.analytics.google.com https://dc.services.visualstudio.com https://bat.bing.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://api.hubapi.com https://connect.facebook.net https://www.facebook.com/tr/ https://www.facebook.com/plugins/customer_chat/ https://eu.clicktripz.com https://www.clicktripz.com https://prod.api.belimitless-app.io https://l.sharethis.com https://service.maxymiser.net http://service.maxymiser.net http://*.oracleinfinity.io/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ https://signin.qa.nationalexpress.com https://signin.dev.nationalexpress.com https://signin.ptbook.nationalexpress.com https://signin.stable.nationalexpress.com https://signin.www.nationalexpress.com https://signin.nationalexpress.com https://holidays.nationalexpress.com https://packagesmetasearch.api.pro.logitravel.internal https://packagesmetasearch.api.external.logitravel.com https://packagesmetasearch-api-external.logitravel.com https://*.clarity.ms/ https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://privacyportal-uk.onetrust.com https://digitalcampaignsstorage.blob.core.windows.net https://oneyou-cms.nhswebsite.nhs.uk https://webto.salesforce.com https://api.hsforms.com https://login.salesforce.com https://thekingsferry.my.salesforce.com https://ict.infinity-tracking.net https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://nx-busapplication-prd2-c7aggnczaxcgagdr.a01.azurefd.net https://nxbusdt.b2clogin.com https://nxbus.b2clogin.com https://script.infinity-tracking.com https://qaapi.azure-api.net https://apinxbus.azure-api.net https://web.lon.infinity-tracking.com https://nas.lon.infinity-tracking.com https://nas.lon.infinity-tracking.net https://nexgen.ats.careers/api/ https://idx.liadm.com/idex/unknown/ https://pixel.quantcount.com https://cdn.weglot.com https://cdn-api-weglot.com https://s.yimg.com https://*.abtasty.com https://faq.nationalexpress.com;frame-ancestors 'self' https://www.facebook.com 1
default-src 'self' 'unsafe-inline' s7.addthis.com web.facebook.com www.facebook.com connect.facebook.net www.googletagmanager.com www.google-analytics.com; style-src 'self' https: 'unsafe-inline' ws.sharethis.com; connect-src 'self' https: *.sharethis.com web.facebook.com connect.facebook.net *.facebook.com www.google-analytics.com; frame-src 'self' https: www.youtube.com *.facebook.com; script-src 'self' https: 'unsafe-inline' www.youtube.com connect.facebook.net s7.addthis.com www.googletagmanager.com www.google-analytics.com w.sharethis.com ws.sharethis.com l.sharethis.com platform-api.sharethis.com t.sharethis.com; img-src 'self' https: data: blob: *.sharethis.com www.facebook.com; form-action 'self'; 1
content=default-src self 1
frame-src *; default-src * data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' blob:; frame-ancestors 'self' https://www.youtube.com; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.hotjar.com https://static.ads-twitter.com https://3ieinternational.my.salesforce-sites.com https://www.googletagmanager.com https://snap.licdn.com https://www.google-analytics.com https://static.ads-twitter.com/uwt.js https://script.hotjar.com https://s7.addthis.com https://www.google.com https://t.sharethis.com https://platform-api.sharethis.com https://e.infogram.com https://www.clarity.ms https://s3.amazonaws.com https://px.ads.linkedin.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.highcharts.com https://d1bxh8uas1mnw7.cloudfront.net https://d3js.org https://kendo.cdn.telerik.com https://static.addtoany.com https://unpkg.com https://ws.sharethis.com https://www.gstatic.com mdbootstrap.com platform.instagram.com platform.twitter.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://static.hotjar.com https://static.ads-twitter.com https://3ieinternational.my.salesforce-sites.com https://www.googletagmanager.com https://snap.licdn.com https://www.google-analytics.com https://static.ads-twitter.com/uwt.js https://script.hotjar.com https://s7.addthis.com https://www.google.com https://t.sharethis.com https://platform-api.sharethis.com https://e.infogram.com https://www.clarity.ms https://s3.amazonaws.com https://px.ads.linkedin.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.highcharts.com https://d1bxh8uas1mnw7.cloudfront.net https://d3js.org https://kendo.cdn.telerik.com https://static.addtoany.com https://unpkg.com https://ws.sharethis.com https://www.gstatic.com mdbootstrap.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://ws.sharethis.com https://cdn-images.mailchimp.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://kendo.cdn.telerik.com https://maxcdn.bootstrapcdn.com https://www.google.com mdbootstrap.com use.fontawesome.com; frame-ancestors 'self' 1
frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'unsafe-eval' 'self' 'report-sample' 'unsafe-inline' unpkg.com cdn.jsdelivr.net code.jquery.com cdnjs.cloudflare.com cdn.datatables.net kit.fontawesome.com momentjs.com www.gstatic.com;style-src 'self' code.ionicframework.com 'report-sample' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com cdn.anychart.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com;object-src 'self';frame-src 'self' pacs.parulsevashramhospital.com;child-src 'self';img-src 'self' data: aimieclouse.com cdn-icons-png.flaticon.com seeklogo.com fonts.gstatic.com tmhradio.s3.ap-south-1.amazonaws.com;font-src 'self' code.ionicframework.com data: ka-f.fontawesome.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net;connect-src 'self' fcmregistrations.googleapis.com firebaseinstallations.googleapis.com ka-f.fontawesome.com fonts.googleapis.com fonts.gstatic.com;manifest-src 'self';base-uri 'self';form-action 'self' docs.prescoipd.com pacs.parulsevashramhospital.com;media-src 'self' tmhradio.s3.ap-south-1.amazonaws.com;worker-src 'self'; 1
upgrade-insecure-requests; frame-ancestors 'self' https://www.ncca.ie https://ncca-310521-dev-ums.azurewebsites.net https://ncca-310521-stg-ums.azurewebsites.net https://ncca-310521-prd-ums-pre-prod.azurewebsites.net; 1
default-src https:; connect-src https:; font-src https: data:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 1
connect-src sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ suggest-maps.yandex.ru *.google-analytics.com *.datamind.ru *.cdn-tinkoff.ru www.google.com analytics.google.com www.google.ru www.facebook.com connect.facebook.net google-analytics.bi.owox.com vk.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr px.adhigh.net eye.targetads.io ad.adriver.ru top-fwz1.mail.ru dss.hybrid.ai tag.rutarget.ru tms.dmp.wi-fi.ru ads.adlook.me dmg.digitaltarget.ru dsum-sec.casalemedia.com id.uma.media prodmp.ru track-us.bidease.com ads.betweendigital.com a.utraff.com rtb.viadata.store reichelcormier.bid x01.aidata.io ssp.bidvol.com cs.gssprt.jp ssp.adriver.ru secure.adnxs.com exchange.buzzoola.com cs-0.moevideo.biz sync.republer.com redirect.frontend.weborama.fr sync.dmp.otm-r.com sync.mediatoday.iae.one an.yandex.ru sync.1dmp.io cm.lentainform.com mitdmp.whiteboxdigital.ru acint.net sync.viadata.store sync.adkernel.com sync.videonow.ru code.moviead55.ru api.imotech.video widget-api.uxfeedback.ru pixel.gooroo.works 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru wss://*.tinkoff.ru wss://*.tcsbank.ru wss://*.tbank.ru business.tinkoff.ru business-webinars.bot.tinkoff-business.com sendsay.ru flijh.tb.ru gmzzu.tb.ru api.amplitude.com *.tb.ru sentry.tinkoff.ru www.cdn-tinkoff.ru cobrowsing.tinkoff.ru acdn.tinkoff.ru cfg.tinkoff.ru www.tinkoff.ru origination.tinkoff.ru oplata.tinkoff.ru social.secrets.tinkoff.ru securepay.tinkoff.ru id.tinkoff.ru api.mindbox.ru fallback.cdn-tinkoff.ru; script-src sync.datamind.ru www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr yastatic.net mc.webvisor.com mc.webvisor.org 'self' 'unsafe-eval' 'unsafe-inline' *.tbank-online.com tbank.ru *.tbank.ru blob: *.youtube.com sendsay.ru; img-src *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com connect.facebook.net ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.privacysandbox.googleadservices.com *.cdn-tinkoff.ru *.tinkoff.ru p.formobil.net rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru dp.tinkoffinsurance.ru *.fls.doubleclick.net tms.dmp.wi-fi.ru cdn3.caltat.com sonar.semantiqo.com www.cdn-tinkoff.ru ad.adriver.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr eye.targetads.io tag.rutarget.ru top-fwz1.mail.ru dss.hybrid.ai track-us.bidease.com tech.rtb.mts.ru sync.gonet-ads.com ad.new-programmatic.com mssg.su rap.skcrtxr.com cdn3.uxfeedback.ru widget.uxfeedback.ru  cdn.uxfeedback.ru sm.rtb.mts.ru exchange.buzzoola.com dmp.one sync.bumlam.com wf-ru-frontend.weborama-tech.ru 'self' data: *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru business.t-static.ru *.ads.linkedin.com *.linkedin.com *.googleusercontent.com *.cloud.google.com *.googleapis.com *.adhigh.net px.adhigh.net *.adsymptotic.com; frame-src *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.cdn-tinkoff.ru *.fls.doubleclick.net www.cdn-tinkoff.ru mc.yandex.ru yastatic.net mc.webvisor.org metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com 'self' blob: data: *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru www.youtube.com rutube.ru youtu.be; font-src *.cdn-tinkoff.ru 'self' *.tbank-online.com tbank.ru *.tbank.ru *.tinkoff.ru data:; report-uri https://www.tinkoff.ru/api/front/pfpsme/log/csp-error?appName=pfpsme&sentryDsnKey=b7cae0fa7dd74b4489cd05596a20df38&sentryApiId=142; default-src 'self' *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru *.tinkoff.ru data:; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru 1
frame-ancestors 'self' https://www.golfofbf.org https://*.instapage.com http://*.instapage.com https://cloud.scorm.com https://360.articulate.com https://university.fb.org 1
default-src www.youtube.com; script-src 'self' 'unsafe-inline' *.etracker.com www.etracker.de https://*.jwpcdn.com; connect-src 'self' www.etracker.de https://*.jwpcdn.com; img-src 'self' data: i.creativecommons.org licensebuttons.net/l *.bmwi.de www.existenzgruender.de; style-src 'self' 'unsafe-inline' https://*.jwpcdn.com; font-src 'self' https://*.jwpcdn.com; frame-ancestors 'self'; form-action 'self'; media-src 'self'; 1
default-src https: 'unsafe-inline' 'unsafe-eval' https://*.feefo.com https://*.vzaar.com https://*.azureedge.net https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.co.uk https://*.google.com https://*.google.com https://*.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com https://google.com https://googleads.g.doubleclick.net https://googletagmanager.com https://ssl.google-analytics.com https://ssl.gstatic.com https://tagmanager.google.com https://tagmanager.google.com https://www.google-analytics.com https://www.google-analytics.com https://www.google.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://*.doubleclick.net/ data: 'unsafe-eval' 'unsafe-inline' blob: ; 1
default-src 'self' https://*.pileje.fr matomo.pileje.fr cdn.matomo.cloud pileje.matomo.cloud; script-src 'self' 'unsafe-inline' *.pileje.fr *.facebook.com *.facebook.net *.privacy-center.org *.aticdn.net aticdn.net tag.aticdn.net *.aticdn.net *.xiti.com xiti.com *.googletagmanager.com *.google-analytics.com www.google-analytics.com *.gstatic.com *.google.com maps.googleapis.com *.ytimg.com *.youtube.com connect.facebook.net maps.googleapis.com maps.google.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.eloquant.cloud *.linkedin.com *.oribi.io googleadservices.com googleads.g.doubleclick.net snap.licdn.com px.ads.linkedin.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com *.webspellchecker.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com paas.elsatis.fr pro.fontawesome.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com; img-src 'self' *.pileje.fr *.google.fr *.google.com data: *.google.fr *.google.com *.google-analytics.com *.privacy-center.org *.aticdn.net aticdn.net tag.aticdn.net *.aticdn.net *.xiti.com xiti.com *.facebook.com *.doubleclick.net *.gstatic.com maps.googleapis.com *.ytimg.com *.googletagmanager.com paas.elsatis.fr translate.google.com blob: *.google.fr *.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com *.eloquant.cloud *.linkedin.com *.oribi.io oogleads.g.doubleclick.net px.ads.linkedin.com; frame-src 'self' *.facebook.com *.privacy-center.org *.aticdn.net aticdn.net tag.aticdn.net *.aticdn.net *.xiti.com xiti.com *.google.com *.elsatis.fr *.youtube.com www.googletagmanager.com maps.google.com maps.googleapis.com www.youtube-nocookie.com s.elq.fr *.eloquant.cloud *.linkedin.com *.oribi.io bid.g.doubleclick.net; font-src 'self' data: fonts.gstatic.com themes.googleusercontent.com paas.elsatis.fr pro.fontawesome.com github.com; connect-src 'self' *.google-analytics.com *.doubleclick.net *.privacy-center.org *.aticdn.net aticdn.net tag.aticdn.net *.aticdn.net *.xiti.com xiti.com *.facebook.com matomo.pileje.fr cdn.matomo.cloud pileje.matomo.cloud maps.googleapis.com maps.google.com *.linkedin.com *.oribi.io cdn.linkedin.oribi.io *.webspellchecker.net; report-uri /report-csp-violation 1
: default-src 'self' 1
frame-ancestors 'self' https://www.mscbook.com https://virtual-tours.msccruises.com; 1
child-src blob:; default-src 'self' data: https://*.redsift.com https://red-sift.prismic.io/ https://hook.integromat.com/ https://sentry.io/ https://*.ingest.sentry.io/ https://consentcdn.cookiebot.com/ https://*.wistia.com https://*.wistia.net https://*.plausible.io; font-src 'self' https://*.redsift.com https://fonts.gstatic.com/ data: chrome-extension: moz-extension: safari-web-extension: https://*.hotjar.com https://*.wistia.com; img-src 'self' data: https: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://*.google.co.uk https://googleads.g.doubleclick.net https://googletagmanager.com https://www.google-analytics.com https://www.google.com https://google.com https://*.google.com https://*.hotjar.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.redsift.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.googlesyndication.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com/recaptcha/ https://static.cdn.prismic.io/ https://prismic.io https://consent.cookiebot.com https://consentcdn.cookiebot.com/ https://munchkin.marketo.net/ https://www.redditstatic.com/ads/pixel.js https://snap.licdn.com https://tag.clearbitscripts.com/v1/pk_0c2cfaf8152eb3a2b07abfd53b7e6d22/tags.js https://reveal.clearbit.com/v1/companies/reveal https://x.clearbitjs.com/v2/pk_0c2cfaf8152eb3a2b07abfd53b7e6d22/destinations.min.js https://x.clearbitjs.com/v2/pk_0c2cfaf8152eb3a2b07abfd53b7e6d22/tracking.min.js https://secure.oita4bali.com/js/151998.js https://secure.oita4bali.com/Track/Capture.aspx https://*.hotjar.com https://static.hotjar.com/c/hotjar-3150796.js https://j.6sc.co/j/80f37845-a767-46c9-9ad5-abb58133cf39.js https://j.6sc.co/6si.min.js https://*.wistia.com https://*.wistia.net https://src.litix.io https://plausible.io/js/script.js https://js.driftt.com https://widget.drift.com https://js.sentry-cdn.com; style-src 'self' blob: 'unsafe-inline' https://*.redsift.com https://googletagmanager.com https://tagmanager.google.com https://www.googletagmanager.com https://fonts.googleapis.com https://*.hotjar.com https://fast.wistia.com; frame-src 'self' https://*.googlesyndication.com https://td.doubleclick.net https://www.googletagmanager.com https://bid.g.doubleclick.net https://consentcdn.cookiebot.com https://red-sift.prismic.io/ https://www.youtube.com https://www.google.com https://*.hotjar.com https://fast.wistia.com https://fast.wistia.net https://js.driftt.com https://widget.drift.com; connect-src 'self' https://*.redsift.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://google.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google-analytics.com https://*.google.com https://*.google.de https://*.google.no https://*.google.ca https://*.google.ch https://*.google.es https://*.google.it https://*.google.co.uk https://*.google.co.nz https://*.google.co.au https://*.google.nl https://*.google.fr https://*.google.be https://*.google.se https://*.google.pt https://red-sift.cdn.prismic.io/api/v2 https://red-sift.cdn.prismic.io/api/v2/documents/search https://cdn.linkedin.oribi.io https://px.ads.linkedin.com/wa/ https://px.ads.linkedin.com https://px.ads.linkedin.com/attribution_trigger https://hook.integromat.com/ https://api-eu.customer.io/v1/webhook/40a4a49d472519b0 https://webto.salesforce.com https://api.github.com/repos/redsift/red-sift-website/dispatches https://*.mktoresp.com https://*.mktoutil.com https://*.ondmarc.com https://ondmarc.com https://ipforensics-svc.redsift.io/graphql https://*.ingest.sentry.io/ https://consentcdn.cookiebot.com/ https://app.clearbit.com/v1/p https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.6sc.co/ https://c.6sc.co/ https://ipv6.6sc.co/ https://*.6sense.com/ https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://epsilon-globalaccelerator.6sense.com https://secure.adnxs.com/getuidj https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://*.algolia.net https://plausible.io/api/event https://api.ipify.org; worker-src 'self' blob:; frame-ancestors 'self' https://*.redsift.com; report-uri https://o177043.ingest.sentry.io/api/1306227/security/?sentry_key=860eaee6b9674db6ac8d51d87a14fd84 1
script-src 'unsafe-inline' 'unsafe-eval' https: http:; 1
frame-src 'self' https://*.rightviewweb.com 1
original-policy 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' api.tradurs.com;style-src 'self' 'unsafe-inline';img-src 'self' d4.tradurs.com www.googletagmanager.com pagead2.googlesyndication.com fundingchoicesmessages.google.com data:;connect-src 'self' api.tradurs.com www.google-analytics.com pagead2.googlesyndication.com tessdata.projectnaptha.com csi.gstatic.com fundingchoicesmessages.google.com data:;script-src-elem 'self' 'unsafe-inline' www.google.com www.gstatic.com www.googletagmanager.com pagead2.googlesyndication.com adservice.google.com partner.googleadservices.com tpc.googlesyndication.com cdn.jsdelivr.net fundingchoicesmessages.google.com cdn.ampproject.org;worker-src 'self' blob:;frame-src 'self' www.google.com googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com cm.g.double-click.net googleads.g.double-click.net accounts.google.com cm.g.doubleclick.net securepubads.g.doubleclick.net; 1
default-src 'self' *.keynua.com;script-src 'self' 'nonce-v91r7ti89ig' 'strict-dynamic' 'unsafe-inline' *.google.com www.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.hubapi.co *.clientify.net *.cloudflare.com *.facebook.net *.facebook.com *.bootstrapcdn.com *.linkedin.com *.hubspot.com *.stripe.com *.hcaptcha.com hcaptcha.com *.stripecdn.com stripecdn.com googleads.g.doubleclick.net stats.g.doubleclick.net td.doubleclick.net *.keynua.com sentry.io *.hubapi.com;style-src 'self' 'unsafe-inline' *.google.com www.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.hubapi.co *.clientify.net *.cloudflare.com *.facebook.net *.facebook.com *.bootstrapcdn.com *.linkedin.com *.hubspot.com *.stripe.com *.hcaptcha.com hcaptcha.com *.stripecdn.com stripecdn.com googleads.g.doubleclick.net stats.g.doubleclick.net td.doubleclick.net *.keynua.com sentry.io *.hubapi.com;frame-src 'self' *.google.com www.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.hubapi.co *.clientify.net *.cloudflare.com *.facebook.net *.facebook.com *.bootstrapcdn.com *.linkedin.com *.hubspot.com *.stripe.com *.hcaptcha.com hcaptcha.com *.stripecdn.com stripecdn.com googleads.g.doubleclick.net stats.g.doubleclick.net td.doubleclick.net *.keynua.com sentry.io *.hubapi.com;connect-src 'self' ipapi.co *.icanhazip.com api.ipify.org *.google.com www.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.hubapi.co *.clientify.net *.cloudflare.com *.facebook.net *.facebook.com *.bootstrapcdn.com *.linkedin.com *.hubspot.com *.stripe.com *.hcaptcha.com hcaptcha.com *.stripecdn.com stripecdn.com googleads.g.doubleclick.net stats.g.doubleclick.net td.doubleclick.net *.keynua.com sentry.io *.hubapi.com;img-src data: *;media-src data: *;font-src 'self' fonts.gstatic.com *.cloudflare.com *.bootstrapcdn.com;form-action 'self' *.google.com;manifest-src 'self' *.keynua.com;frame-ancestors 'self';base-uri 'self' 1
frame-ancestors 'self' https://*.funeraltechonline.com https://*.tributecenteronline.com https://*.funeraltechweb.com https://*.funeraltechweb2.com https://*.ogdenfuneralhome.com https://hiddenvalleyfunerals.com https://www.archerandsons.com.au http://macarthurfh.com http://www.macarthurfh.com http://haugheymemorials.com http://www.haugheymemorials.com https://www.hslm.ca http://dev.fullmooncreative.com https://neshamajfs.com  http://neshamajfs.com http://howelllussi.com https://howelllussi.com http://prod-site.arbormemorial.ca/en.html https://prod-site.arbormemorial.ca/en.html http://www.arbormemorial.ca/en/ https://www.arbormemorial.ca/en/ http://www.calgarycrematorium.com https://www.calgarycrematorium.com http://calgarycrematorium.com https://calgarycrematorium.com; object-src 'none'; 1
frame-ancestors 'self' https://www.testmyspeed.com/ https://stagetmspeed.wpengine.com/ https://devtmspeed.wpengine.com/ 1
report-uri https://vcti.cloud/report/report-csp.php; upgrade-insecure-requests; default-src 'self' blob:; child-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com appsforoffice.microsoft.com script.hotjar.com static.hotjar.com www.googletagmanager.com api.purechat.com prod.purechatcdn.com app.purechat.com cdn.polyfill.io ajax.googleapis.com cdnjs.cloudflare.com www.googleadservices.com tag.structuredweb.com www.google-analytics.com; connect-src 'self' wss: unpkg.com api.purechat.com api-cdn.purechat.com widgetapi.purechat.com tag.structuredweb.com www.google-analytics.com; img-src 'self' 'unsafe-inline' www.dandb.com api.purechat.com data: ts.w.org www.google-analytics.com secure.gravatar.com ps.w.org s.w.org platform.twitter.com www.facebook.com; style-src 'self' static2.sharepointonline.com fonts.googleapis.com 'unsafe-inline'; media-src 'self' app.purechat.com; font-src 'self' data: unpkg.com static2.sharepointonline.com fonts.gstatic.com; frame-src 'self' telemetryservice.firstpartyapps.oaspapps.com vars.hotjar.com youtube.com www.youtube.com wp-themes.com; style-src-elem 'self' 'unsafe-inline' static2.sharepointonline.com fonts.googleapis.com; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ajax.googleapis.com https://www.google.com https://www.youtube.com https://www.wfb-bremen.de https://s.ytimg.com https://i.ytimg.com https://www.hanselife.de https://fpdownload3.macromedia.com https://fonts.googleapis.com https://regis.inecos.de https://wfb.inecos.de  https://client.inecos.de https://code.jquery.com https://creator.hosted-pageflow.com https://storify.com https://creator.hosted-pageflow.com https://www.terra-air.com https://maps.googleapis.com https://www.google-analytics.com https://bremen-innovativ.de https://bis-bremerhaven.de https://www.bis-bremerhaven.de https://bremen.de https://medien.bremen.de https://bab-bremen.de https://www.digitalisierung-bremen.de https://www.ueberseestadt-bremen.de https://wfb-bremen.de https://www.starthaus-bremen.de https://bremen-innovativ.de https://www.bremen-innovativ.de https://cdnjs.cloudflare.com https://maps.gstatic.com https://fonts.gstatic.com https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://www.gstatic.com https://www.youtube-nocookie.com https://track-bremen.de https://matomo.wfb-bremen.de https://vimeo.com https://player.vimeo.com https://api.deepl.com https://tiles.bremn.de https://player.podigee-cdn.net https://cdn.podigee.com https://start.video-stream-hosting.de https://tiles.stadtbremen.info https://bremen.le-an.de https://vr-easy.com https://www.startups-bremen.de ; 1
frame-ancestors 'self' *.solissecurity.com 1
default-src 'self' https://mc.yandex.com https://analytics.google.com https://avanchange.com https://avanverify.kickex.com https://www.google-analytics.com https://stats.g.doubleclick.net https://api.amplitude.com https://webvisor.com https://top-fwz1.mail.ru https://sentry.io https://api.coinmarketcap.com https://mc.yandex.ru https://*.zdassets.com https://kickico.zendesk.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com wss://notify.kickex.com wss://gate.kickex.com/ws https://gate.kickex.com https://www.facebook.com https://www.tradingview.com https://api.usedesk.ru wss://pubsubsec.usedesk.ru https://pubsubsec.usedesk.ru wss://pubsubsec2.usedesk.ru https://pubsubsec2.usedesk.ru https://secure.usedesk.ru https://api.rss2json.com/v1/ blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://yastatic.net https://tagmanager.google.com https://cdn.amplitude.com https://vk.com https://top-fwz1.mail.ru https://optimize.google.com https://connect.facebook.net https://*.google-analytics.com https://www.googletagmanager.com https://mc.yandex.ru https://cdn.jsdelivr.net https://static.zdassets.com https://widget-mediator.zopim.com https://lib.usedesk.ru blob:; img-src 'self' https://* data: blob:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com https://assets.zendesk.com https://cdn.jsdelivr.net; font-src 'self' https://fonts.gstatic.com https://themes.googleusercontent.com https://cdn.jsdelivr.net; frame-src https://optimize.google.com https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://mc.yandex.ru https://*.kickex.com https://kickex.com; object-src 'none' 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-2X1c5qKkBCTMBiOEtUgA6fazp' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn1.readspeaker.com https://www.deutsches-ausschreibungsblatt.de https://translate.googleapis.com https://www.gstatic.com 1
default-src 'self' https://www.google.com; style-src 'self' http://dibaturizm.onlineota.com https://dibaturizm.onlineota.com http://img.onlineota.com https://img.onlineota.com https://fonts.googleapis.com/ https://kvksis.com/ 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://dibaturizm.onlineota.com http://dibaturizm.onlineota.com https://www.gstatic.com http://www.google.com https://www.google.com http://www.google-analytics.com/ http://maps.google.com/ https://kvksis.com/ https://ssl.google-analytics.com/ 'unsafe-inline' 'unsafe-eval'; connect-src 'self' http://maps.googleapis.com/; img-src 'self' https://dibaturizm.onlineota.com http://www.google-analytics.com/ https://kvksis.com/ https://ssl.google-analytics.com/; font-src 'self' https://fonts.gstatic.com/ 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-426d1cd4089c5ec41f082ef49970dfdb'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors  https://*.yandex.ru https://*.yandex.com https://*.yandex.com.tr https://*.yandex.uz https://*.yandex-team.ru; report-uri https://csp.yandex.net/csp?from=iframe-yang.yandex&project=tasks; 1
default-src  'self' ; img-src      'self' 'unsafe-inline' 'unsafe-eval' data: mfa.gov.tm *.google-analytics.com;  script-src   'self' 'unsafe-inline' 'unsafe-eval' mfa.gov.tm metrics.com.tm *.google-analytics.com *.googletagmanager.com;  connect-src  'self' 'unsafe-inline' 'unsafe-eval' mfa.gov.tm *.metrics.com.tm *.google-analytics.com *.googletagmanager.com;  style-src    'self' 'unsafe-inline' mfa.gov.tm;  font-src     'self' data: mfa.gov.tm;  frame-src    'self' mfa.gov.tm;  object-src   'self' ; 1
frame-ancestors http://*.pyxll.com 1
frame-ancestors 'self' https://hyundai-motors.zp.ua/ 1
upgrade-insecure-requests; font-src data: https:; img-src data: https:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 1
frame-src * data: blob: ; img-src googletagmanager.com *.bing.com *.clarity.ms *.rddonline.com hovione.com *.hovione.com hovione.pt *.hovione.pt hovione.co.jp *.hovione.co.jp *.vimeocdn.com *.gstatic.com *.google-analytics.com *.google.pt *.google.com *.linkedin.com 'self' blob: data:; font-src *.jsdelivr.net *.googleusercontent.com *.gstatic.com *.typekit.net *.typography.com hovione.com *.hovione.com hovione.pt *.hovione.pt hovione.co.jp *.hovione.co.jp 'self' blob: data:; media-src *.rddonline.com hovione.com *.hovione.com hovione.pt *.hovione.pt hovione.co.jp *.hovione.co.jp *.typography.com blob: 'unsafe-inline' 'unsafe-eval'; default-src px.ads.linkedin.com *.googlesyndication.com *.clarity.ms *.cloudflare.com *.jsdelivr.net *.cookiefirst.com *.google.com *.rddonline.com *.watsonplatform.net *.watson.appdomain.cloud *.youtube.com *.vimeocdn.com *.vimeo.com *.typekit.net hovione.com *.hovione.com hovione.pt *.hovione.pt hovione.co.jp *.hovione.co.jp *.amplitude.com *.hotjar.io *.hotjar.com *.licdn.com *.doubleclick.net *.typography.com *.bootstrapcdn.com *.pardot.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.googleapis.com *.linkedin.oribi.io 'self' 'unsafe-inline' 'unsafe-eval' ws: 1
default-src 'self' https: ws: wss: data: blob: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://reservations.tablebooker.com https://*.doubleclick.net https://www.googleadservices.com https://static.addtoany.com https://*.tiktok.com https://embed.typeform.com https://cdn.syndication.twimg.com https://*.twitter.com https://*.getclicky.com https://*.list-manage.com https://chat.sendinblue.com https://sibautomation.com https://code.createjs.com https://use.typekit.net https://vjs.zencdn.net https://*.cookiebot.com https://cdn.jsdelivr.net https://s7.addthis.com https://*.googleapis.com https://*.list-manage.com https://unpkg.com https://code.jquery.com https://js.stripe.com https://ws.sharethis.com https://cdnjs.cloudflare.com https://connect.facebook.net https://*.google-analytics.com https://cdn.ckeditor.com https://policy.app.cookieinformation.com https://s3.amazonaws.com https://player.vimeo.com https://i.vimeocdn.com https://fast.wistia.com https://www.youtube.com https://s.ytimg.com https://*.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.numanis.net https://www.lisio-solution.com https://*.licdn.com; connect-src 'self' https://*.google.com  https://*.google-analytics.com https://*.tiktok.com https://*.getclicky.com https://*.sendinblue.com wss://chat-messaging.sendinblue.com https://consentcdn.cookiebot.com https://consent.app.cookieinformation.com https://policy.app.cookieinformation.com https://*.sharethis.com https://nominatim.openstreetmap.org https://*.doubleclick.net https://www.facebook.com https://vimeo.com https://*.google-analytics.com https://www.mobiledition.com https://*.googleapis.com https://*.linkedin.com/wa/;  frame-ancestors 'self' https://www.generationengagee.be https://www.lecouragedechanger.be *.lesengages.be *.yvan2024.eu http://*.staging03.globulebleu.com *.fairpolitique.be *.elisabethdegryse.be *.olivierdewasseige.be *.yvescoppieters.be; form-action 'self' https://syndication.twitter.com https://*.list-manage.com https://www.facebook.com; 1
default-src    'self'    'unsafe-inline';  base-uri    https://docs.helpscout.net;  child-src    https://www.youtube.com    https://player.vimeo.com    https://fast.wistia.net;  connect-src    'self'    https://*.assets-servd.host    https://*.svdcdn.com    https://*.noihsafbazaar.com    https://hcaptcha.com    https://*.hcaptcha.com    https://*.googleapis.com    https://*.google-analytics.com    https://*.google.com    https://*.cloudfront.net    https://beaconapi.helpscout.net    https://chatapi.helpscout.net    https://d3hb14vkzrxvla.cloudfront.net    wss://*.pusher.com    https://*.sumologic.com    https://*.doubleclick.net    https://*.facebook.com    https://*.postmarkapp.com    https://api.stripe.com;  font-src    'self'    data:    https://*.noihsafbazaar.com    https://beacon-v2.helpscout.net    https://fonts.gstatic.com;  frame-ancestors    'self';  frame-src    'self'    https://hcaptcha.com    https://*.hcaptcha.com    https://*.google.com    https://js.stripe.com    https://hooks.stripe.com    https://beacon-v2.helpscout.net;  img-src    'self'    data:    https://s3.eu-central-003.backblazeb2.com/cdn-assets-servd-host/tender-macaque/    https://*.noihsafbazaar.com    https://*.assets-servd.host    https://*.svdcdn.com    https://ui-avatars.com    https://*.googleapis.com    https://*.gstatic.com    https://*.googletagmanager.com    https://*.google-analytics.com    https://*.google.com    https://*.doubleclick.net    https://*.facebook.com    https://*.usefathom.com    https://beacon-v2.helpscout.net    https://*.gravatar.com    https://d33v4339jhl8k0.cloudfront.net    https://chatapi-prod.s3.amazonaws.com/;  media-src    'self'    https://*.noihsafbazaar.com    https://beacon-v2.helpscout.net;  object-src    https://beacon-v2.helpscout.net;  script-src    'self'    'unsafe-inline'    'unsafe-eval'    https://js.stripe.com    https://unpkg.com    https://hcaptcha.com    https://*.hcaptcha.com    https://*.googleapis.com    https://*.google.com    https://*.gstatic.com    https://*.googletagmanager.com    https://*.facebook.net    https://*.usefathom.com    https://*.postmarkapp.com    https://*.getdrip.com    https://*.sleeknote.com    https://beacon-v2.helpscout.net    https://d12wqas9hcki3z.cloudfront.net    https://d33v4339jhl8k0.cloudfront.net    https://*.cloudfront.net;  style-src    'self'    'unsafe-inline'    https://hcaptcha.com    https://*.hcaptcha.com    https://*.googletagmanager.com    https://*.postmarkapp.com    https://beacon-v2.helpscout.net    https://fonts.googleapis.com;  worker-src    'self' 1
form-action 'self' *.zigzag.dog links.eu.iterable.com 1
frame-ancestors 'self' imdb.com *.imdb.com *.media-imdb.com withoutabox.com *.withoutabox.com amazon.com *.amazon.com amazon.co.uk *.amazon.co.uk amazon.de *.amazon.de translate.google.com images.google.com www.google.com www.google.co.uk search.aol.com bing.com www.bing.com 1
default-src https:; script-src https: 'self' 'unsafe-eval' 'unsafe-inline'; style-src https: 'self' 'unsafe-inline'; img-src 'self' *.wp.com scontent-ort2-2.xx.fbcdn.net https://facebook.com data:; font-src 'self' *.wp.com use.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com wordpress.com data: 1
frame-ancestors *.gopennymac.com *.pennymac.com 1
frame-ancestors 'self' https://*.emr.ch https://*.emr-rme.ch https://*.rme.ch 1
default-src 'self'; script-src 'report-sample' 'self' https://assets.app.smart-tribune.com https://audience-sites.din.developpement-durable.gouv.fr https://polyfill.io https://msvcdsiqzkcom.matomo.cloud 'unsafe-eval' 'unsafe-inline'; style-src 'report-sample' 'self' https://assets.app.smart-tribune.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://static.piste.gouv.fr 'unsafe-inline'; object-src 'none'; connect-src 'self' https://api-gateway.app.smart-tribune.com https://audience-sites.din.developpement-durable.gouv.fr; font-src 'self' data: https://assets.app.smart-tribune.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src 'self' https://www.bison-fute.gouv.fr https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://audience-sites.din.developpement-durable.gouv.fr https://static.piste.gouv.fr https://stv2-uploads-prod.s3.eu-west-3.amazonaws.com https://uploads.app.smart-tribune.com; 1
frame-ancestors 'none'; sandbox allow-downloads allow-scripts allow-same-origin; default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; base-uri 'none'; form-action 'none'; media-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://localhost:* https://*.affitop.com https://apmcmwrew.cedexis.cc https://*.sbotop.com *.google.com *.google.com.tw https://www.googletagmanager.com http://blog.sbotop.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.sbotop.co.uk *.connextra.com https://dev.visualwebsiteoptimizer.com https://*.cdnrocket.net/ https://*.cloudswiftcdn.net/ https://*.speedysurfcdn.net/ https://*.rapidflarecdn.net/ https://*.lightningspeedcdn.net/ https://connect.facebook.net www.facebook.com https://*.g.doubleclick.net https://*.sbobet.com; img-src data: https://localhost:* https://*.affitop.com https://apmcmwrew.cedexis.cc https://*.sbotop.com *.google.com *.google.com.tw https://www.googletagmanager.com http://blog.sbotop.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.sbotop.co.uk *.connextra.com https://dev.visualwebsiteoptimizer.com https://*.cdnrocket.net/ https://*.cloudswiftcdn.net/ https://*.speedysurfcdn.net/ https://*.rapidflarecdn.net/ https://*.lightningspeedcdn.net/ https://connect.facebook.net www.facebook.com https://*.g.doubleclick.net; report-uri https://csp.trackittk.net/z/3693b3a4-1444-448c-93f9-abfaa546d0e0; frame-src data: https://localhost:* https://*.affitop.com https://apmcmwrew.cedexis.cc https://*.sbotop.com *.google.com *.google.com.tw https://www.googletagmanager.com http://blog.sbotop.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.sbotop.co.uk *.connextra.com https://dev.visualwebsiteoptimizer.com https://*.cdnrocket.net/ https://*.cloudswiftcdn.net/ https://*.speedysurfcdn.net/ https://*.rapidflarecdn.net/ https://*.lightningspeedcdn.net/ https://connect.facebook.net www.facebook.com https://*.g.doubleclick.net https://*.youtube.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com; worker-src data: blob: https://dev.visualwebsiteoptimizer.com; frame-ancestors 'self' data: https://*.sbotop.com; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1
object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-OWQ3MzI3ZGMwMGE3NDZiZTk5N2Q4NjFjYmM5ZjJmMjU=' https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.agroberichtenbuitenland.nl; font-src 'self' https://statistiek.rijksoverheid.nl; object-src 'none'; connect-src https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.agroberichtenbuitenland.nl; img-src 'self' data: https://d3oiud1b8fohdw.cloudfront.net https://statistiek.rijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.toegankelijkheidsverklaring.nl; media-src 'self' https://*.rovid.nl https://*.rijksoverheidsvideo.nl; form-action 'self' https://export.highcharts.com https://*.contenttoolsrijksoverheid.nl https://*.agroberichtenbuitenland.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self'; connect-src 'self' wss: maps.googleapis.com anvil.opentok.com api-enterprise.opentok.com api-standard.opentok.com config.opentok.com hlg.tokbox.com mantis005-pdx.tokbox.com mantis014-pdx.tokbox.com; font-src 'self' fonts.gstatic.com orbisv4head.blob.core.windows.net; frame-src 'self' s7.addthis.com static.addtoany.com www.google.com gateway.moneris.com gatewayt.moneris.com www.youtube.com www.youtube-nocookie.com; img-src 'self' blob: data: s3-us-west-2.amazonaws.com maps.googleapis.com maps.gstatic.com orbisv4head.blob.core.windows.net stoccprod001.blob.core.windows.net test4cc.blob.core.windows.net; object-src www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' m.addthis.com s7.addthis.com v1.addthisedge.com static.addtoany.com cdnjs.cloudflare.com maps.googleapis.com www.google.com www.gstatic.com code.highcharts.com gateway.moneris.com gatewayt.moneris.com orbisv4head.blob.core.windows.net www.youtube.com s.ytimg.com; style-src 'self' 'unsafe-inline' static.addtoany.com fonts.googleapis.com gatewayt.moneris.com orbisv4head.blob.core.windows.net; worker-src 'self' blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net googleadservices.com *.googleadservices.com googlesyndication.com aax-eu.amazon-adsystem.com sw-assets.ekomiapps.de connect.ekomi.de smart-widget-assets.ekomiapps.de smartforms.ekomi.com stats.schulte.de widget.trustpilot.com connect.facebook.net static-eu.payments-amazon.com www.paypal.com widgets.trustedshops.com s.kk-resources.com bat.bing.com g.microsoft.com https://t.adcell.com cdn.jsdelivr.net player.vimeo.com/api/ https://static.unzer.com https://maps.googleapis.com https://tracking.paqato.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net dq4irj27fs462.cloudfront.net api.userlike.com www.userlike.com d3dc1lgancj6l0.cloudfront.net ajax.googleapis.com; img-src 'self' *.ggpht.com *.googleusercontent.com data: www.facebook.com connect.facebook.net img.youtube.com i.ytimg.com sw-assets.ekomiapps.de connect.ekomi.de www.google.com www.gstatic.com www.googletagmanager.com d23yuld0pofhhw.cloudfront.net images-na.ssl-images-amazon.com m.media-amazon.com t.paypal.com widgets.trustedshops.com s.kelkoogroup.net bat.bing.com stats.schulte.de https://maps.gstatic.com https://t.adcell.com images.provenexpert.com www.userlike.com userlike-cdn-operators.userlike.com d3upe020n1uosc.cloudfront.net userlike-store-media-files.s3.amazonaws.com www.google.be www.google.fr www.google.nl www.google.de www.google.lu www.google.at; frame-ancestors 'self' https://hellweg-os4-stg-de.twt.hosting https://hellweg.de https://hellweg.at https://baywa-baumarkt.de https://www.banemo.de; default-src 'self'; frame-src 'self' www.google.com drive.google.com accounts.google.com widget.trustpilot.com aax-eu.amazon-adsystem.com www.facebook.com www.googletagmanager.com www.youtube-nocookie.com www.youtube.com player.vimeo.com static-eu.payments-amazon.com payments.amazon.de payments.amazon.fr www.paypal.com t.paypal.com www.sandbox.paypal.com smartforms.ekomi.com stats.schulte.de https://payment.heidelpay.com https://payment.unzer.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com *.doubleclick.net api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net; style-src 'self' 'unsafe-inline' data: sw-assets.ekomiapps.de widgets.trustedshops.com https://static.unzer.com googletagmanager.com https://tracking.paqato.com fonts.googleapis.com; connect-src 'self' data: smart-widget-assets.ekomiapps.de www.google-analytics.com stats.g.doubleclick.net payments-de.amazon.com payments-de-sandbox.amazon.com payments.amazon.de payments.amazon.fr www.paypal.com www.sandbox.paypal.com s.kelkoogroup.net shops-si.trustedshops.com api.trustedshops.com api.trustbadge.etrusted.com trustbadge.api.etrusted.com gw1.api.trustedshops.com www.facebook.com smartforms.ekomi.com stats.schulte.de bat.bing.com https://t.adcell.com https://maps.googleapis.com https://tracking.paqato.com www.userlike.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com wss://umd.userlike.com umd.userlike.com d3upe020n1uosc.cloudfront.net; media-src 'self' d3dc1lgancj6l0.cloudfront.net userlike-store-media-files.s3.amazonaws.com; font-src 'self' fonts.gstatic.com widgets.trustedshops.com https://static.unzer.com https://tracking.paqato.com data: userlike-cdn-umm.b-cdn.net; 1
default-src 'self' *.google-analytics.com *.gstatic.com *.googleapis.com *.ggpht.com *.gravatar.com *.yoast.com *.wpengine.com *.hsforms.com *.hs-banner.com *.hscollectedforms.net *.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.linkedin.com *.facebook.com *.googletagmanager.com *.hsforms.net *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net blob:; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src 'self' *.googleapis.com opensharecount.com *.google-analytics.com *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hscollectedforms.net cdn.jsdelivr.net; object-src 'self'; frame-src 'self' *.youtube.com *.vimeo.com *.hsforms.com 1
base-uri 'self'; connect-src 'self' https://*.hs-banner.com https://*.hsforms.com https://*.hubapi.com https://*.hubspot.com https://*.ingest.sentry.io https://*.visualwebsiteoptimizer.com https://analytics.google.com https://api.getkoala.com https://api.hubspot.com https://api.segment.io https://app.vwo.com https://cdn.segment.com https://consent.api.osano.com https://disclosure.api.osano.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://i.ytimg.com https://js.hscta.net https://px.ads.linkedin.com https://sockjs-us3.pusher.com https://stats.g.doubleclick.net https://tattle.api.osano.com https://tm01zr3t.api.sanity.io/ https://vercel.live https://ws.zoominfo.com https://www.google-analytics.com wss://api.getkoala.com wss://tm01zr3t.api.sanity.io wss://ws-us3.pusher.com; default-src 'self' blob: https://vercel.live; frame-src 'self' https://*.hs-sites.com https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.hubspot.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://drive.google.com https://td.doubleclick.net https://vercel.live https://www.youtube.com; img-src 'self' data: blob: https://*.google.com https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.hubspot.net https://cdn.sanity.io https://*.visualwebsiteoptimizer.com https://app.vwo.com https://cdn2.hubspot.net https://chart.googleapis.com https://dev.visualwebsiteoptimizer.com https://forms.hsforms.com https://forms-na1.hsforms.com https://heapanalytics.com https://i.ytimg.com https://img.youtube.com https://js.hscta.net https://lh3.googleusercontent.com https://no-cache.hubspot.com https://px.ads.linkedin.com https://vercel.com https://www.linkedin.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.hs-scripts.com https://*.hs-analytics.net https://*.hsadspixel.net https://*.hs-banner.com https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.hubspot.net https://*.usemessages.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://cdn.getkoala.com https://cdn.heapanalytics.com https://cdn.segment.com https://cmp.osano.com https://feedback.hubapi.com https://heapanalytics.com https://js.hs-banner.com https://js.hs-forms.net https://js.hscta.net https://js.usemessages.com https://snap.licdn.com https://static.hsappstatic.net https://va.vercel-scripts.com https://vercel.live https://ws.zoominfo.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.visualwebsiteoptimizer.com https://app.vwo.com https://cdn2.hubspot.net https://vercel.live; worker-src 'self' blob: 1
style-src 'self' https://*.sentry-cdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.mitel.io https://*.sentry.io https://sentry.io https://*.google.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.glimp.co.nz https://glimp.co.nz https://*.youtube.com https://youtube.com https://track.roeye.co.nz https://static.lightning.force.com/ https://service.force.com https://static.lightning.force.com 'unsafe-eval' https://nownz.my.site.com/ https://c.la2-c1-hnd.salesforceliveagent.com/ https://d.la2-c1-hnd.salesforceliveagent.com/ https://c.la2-c1-ukb.salesforceliveagent.com/ https://d.la2-c1-ukb.salesforceliveagent.com/ https://d1acq29e7jo33e.cloudfront.net 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self'; script-src 'self' https://*.sentry-cdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.mitel.io https://*.sentry.io https://sentry.io https://*.google.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.glimp.co.nz https://glimp.co.nz https://*.youtube.com https://youtube.com https://track.roeye.co.nz https://static.lightning.force.com/ https://service.force.com https://static.lightning.force.com 'unsafe-eval' https://nownz.my.site.com/ https://c.la2-c1-hnd.salesforceliveagent.com/ https://d.la2-c1-hnd.salesforceliveagent.com/ https://c.la2-c1-ukb.salesforceliveagent.com/ https://d.la2-c1-ukb.salesforceliveagent.com/ https://d1acq29e7jo33e.cloudfront.net 'unsafe-inline'; default-src 'self' https://*.sentry-cdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.mitel.io https://*.sentry.io https://sentry.io https://*.google.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.glimp.co.nz https://glimp.co.nz https://*.youtube.com https://youtube.com https://track.roeye.co.nz https://static.lightning.force.com/ https://service.force.com https://static.lightning.force.com 'unsafe-eval' https://nownz.my.site.com/ https://c.la2-c1-hnd.salesforceliveagent.com/ https://d.la2-c1-hnd.salesforceliveagent.com/ https://c.la2-c1-ukb.salesforceliveagent.com/ https://d.la2-c1-ukb.salesforceliveagent.com/ https://d1acq29e7jo33e.cloudfront.net; frame-src 'self' https://*.sentry-cdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.mitel.io https://*.sentry.io https://sentry.io https://*.google.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.glimp.co.nz https://glimp.co.nz https://*.youtube.com https://youtube.com https://track.roeye.co.nz https://static.lightning.force.com/ https://service.force.com https://static.lightning.force.com 'unsafe-eval' https://nownz.my.site.com/ https://c.la2-c1-hnd.salesforceliveagent.com/ https://d.la2-c1-hnd.salesforceliveagent.com/ https://c.la2-c1-ukb.salesforceliveagent.com/ https://d.la2-c1-ukb.salesforceliveagent.com/ https://website.prod.ap1.cloud.nownz.co.nz/ https://nownz.my.salesforce.com/ https://webto.salesforce.com/ https://salesforce.com/ https://d1acq29e7jo33e.cloudfront.net; img-src 'self' https: data:; form-action 'self' https://*.facebook.com https://*.glimp.co.nz https://track.roeye.co.nz; report-uri https://sentry.io/api/1296255/security/?sentry_key=c1a37a356e7b417a9b592b66a2ad29d2 1
upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pi.pardot.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://bpa.exelatech.com/; connect-src 'self' www.google-analytics.com https://analytics.google.com/g/collect https://stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com; img-src 'self' data: www.google.com https://secure.adnxs.com https://stats.g.doubleclick.net seal-minnesota.bbb.org www.googletagmanager.com www.google-analytics.com ssl.gstatic.com; font-src 'self' data: fonts.gstatic.com; object-src 'self'; frame-src 'self'; 1
frame-ancestors 'none'; script-src 'self' https://*.formapprovals.com https://*.stripe.com https://*.google.com https://*.gstatic.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdn.datatables.net 'nonce-_bo6Mm-m47PAViPAXoZjcfOIvdUGtld6'; object-src 'self' https://*.formapprovals.com 1
img-src 'self' data: *.usercentrics.eu maps.googleapis.com www.facebook.com www.youtube.com www.google.com google.com *.google.com www.google.de google.de *.google.de rtclauncher.luware.com rtclauncherapi.luware.com maps.gstatic.com *.ressourcenmangel.de ressourcenmangel.de *.google-analytics.com google-analytics.com maps.google.com *.googletagmanager.com googletagmanager.com googleadservices.com googleusercontent.com *.etracker.com etracker.com *.etracker.de etracker.de stats.g.doubleclick.net *.bing.com *.clarity.ms uct.service.usercentrics.eu *.usercentrics.eu; script-src 'self' *.usercentrics.eu tagmanager.google.com www.google.de www.youtube.com *.ytimg.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval' www.facebook.com connect.facebook.net www.google.com rtclauncher.luware.com maps.gstatic.com *.freegeoip.net freegeoip.net *.googletagmanager.com googletagmanager.com *.etracker.com etracker.com *.etracker.de etracker.de maps.googleapis.com maps.google.com *.google-analytics.com google-analytics.com *.googleoptimize.com *.googleadservices.com *.gstatic.com gstatic.com news.sdk.de bat.bing.com *.clarity.ms *.usercentrics.eu 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-7f4a3a85ea5b4a871a5b92da9bfd9a41'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; img-src * 'self' data: https:; frame-src https://www.youtube.com https://www.google.com; connect-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-inline' ; script-src-elem 'self' 'unsafe-inline' https://secure.want7feed.com/js/213813.js https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'strict-dynamic' 'report-sample' api.facebook.com facebook.com google.com www.google-analytics.com www.googletagmanager.com  cdnjs.cloudflare.com getbootstrap.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://static.addtoany.com https://unpkg.com; script-src-attr 'unsafe-inline' 'unsafe-hashes' 'report-sample'; script-src-elem * 'unsafe-inline' 'report-sample'; style-src * 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src-attr 'unsafe-inline' 'unsafe-hashes' 'report-sample'; style-src-elem * 'unsafe-inline' 'report-sample'; frame-ancestors *; report-uri https://hipodromodelazarzuela.es/report-uri/enforce 1
object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://info.smartm.com https://pi.pardot.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://snap.licdn.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-48983f36ab662284301edcb150f0f067'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' http://academy.editshare.com https://academy.editshare.com 1
frame-ancestors 'self' simplepractice.com *.simplepractice.com 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; upgrade-insecure-requests; 1
default-src 'self'; form-action 'none'; script-src 'self' 'unsafe-eval' 'unsafe-hashes' https://cdn-apac.onetrust.com https://www.google.com https://assets.adobedtm.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://*.callrail.com https://*.clarity.ms 'nonce-3947263940126385629'; style-src 'self' 'unsafe-inline' https://*.onetrust.com https://*.myfonts.net; frame-src 'self' https://*.olamagri.com https://*.google.com https://*.youtube.com https://*.youtube-nocookie.com https://*.euroland.com https://player.vimeo.com 'nonce-3947263940126385629'; img-src 'self' https://media.licdn.com http://pbs.twimg.com https://pbs.twimg.com https://olaminformationservices.sc.omtrdc.net https://cdn-apac.onetrust.com; connect-src 'self' *; object-src 'none'; base-uri 'self'; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://www.guj.com.br/logs/ https://www.guj.com.br/sidekiq/ https://www.guj.com.br/mini-profiler-resources/ https://www.guj.com.br/assets/ https://www.guj.com.br/brotli_asset/ https://www.guj.com.br/extra-locales/ https://www.guj.com.br/highlight-js/ https://www.guj.com.br/javascripts/ https://www.guj.com.br/plugins/ https://www.guj.com.br/theme-javascripts/ https://www.guj.com.br/svg-sprite/ https://www.google-analytics.com/analytics.js 'sha256-rwfDVOTzygQmkOwFNAeX564B66beHoel4+gRLgQUgHg='; worker-src 'self' https://www.guj.com.br/assets/ https://www.guj.com.br/brotli_asset/ https://www.guj.com.br/javascripts/ https://www.guj.com.br/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
img-src * data: *.maps.yandex.net api-maps.yandex.ru yandex.ru 'self'; child-src api-maps.yandex.ru; frame-src api-maps.yandex.ru *.livetex.ru *.livetex.me *.youtube.com *.youtu.be; script-src 'unsafe-inline' 'unsafe-eval' api-maps.yandex.ru suggest-maps.yandex.ru *.maps.yandex.net https://yandex.ru 'self' www.googletagmanager.com *.livetex.ru *.livetex.me yastatic.net www.google-analytics.com mc.yandex.ru ; connect-src 'self' api-maps.yandex.ru suggest-maps.yandex.ru *.maps.yandex.net yandex.ru *.taxi.yandex.net balancer-cloud.livetex.ru mc.yandex.ru *.livetex.ru *.livetex.me *.doubleclick.net ; style-src 'self' 'unsafe-inline' 'unsafe-eval'  blob:; 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.doctoraki.com *.survicate.com *.googletagmanager.com *.googleapis.com *.clarity.ms *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com *.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'strict-dynamic' 'nonce-0e45a11ca8ec76e29e4e9a0cc64a7cd2' https://www.datadoghq-browser-agent.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.solucionesbolivar.com *.clarity.ms *.abtasty.com *.survicate.com *.doctoraki.com *.solucionesbolivarsites.com *.solucionesbolivar.net *.visualwebsiteoptimizer.com *.googleadservices.com *.facebook.net *.tiktok.com *.crazyegg.com *.hotjar.com *.hotjar.io *.azureedge.net *.liveperson.net *.marketo.net *.sitescout.com *.infobip.com *.adnxs.com *.pixel.ad *.mktoresp.com *.cloudflare.com *.googleoptimize.com *.google.com *.google.com.co *.google.co.in *.googleapis.com *.gstatic.com https://www.gstatic.com *.jquery.com *.bootstrapcdn.com; connect-src 'self' *.doctoraki.com *.crazyegg.com https://*.browser-intake-datadoghq.com *.logs.datadoghq.com *.abtasty.com *.solucionesbolivar.com *.solucionesbolivarsites.com wss://*.solucionesbolivarsites.com *.solucionesbolivar.net *.amazonaws.com *.mktoresp.com *.google.com *.google.com.co *.google.co.in *.google-analytics.com *.marketo.com *.kapturall.com *.gstatic.com https://www.gstatic.com *.hotjar.com *.hotjar.io *.azureedge.net *.liveperson.net *.marketo.net *.sitescout.com *.adnxs.com *.pixel.ad *.cloudflare.com *.infobip.com *.survicate.com *.tiktok.com *.googleapis.com *.clarity.ms *.doubleclick.net; font-src 'self' data: *.doctoraki.com *.survicate.com *.gstatic.com https://www.gstatic.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com *.s3.amazonaws.com; img-src 'self' data: *.githubusercontent.com *.amazonaws.com *.cloudfront.net *.visualwebsiteoptimizer.com *.doctoraki.com *.google.com *.google.com.co *.google.co.in *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.survicate.com *.webflow.com https://www.gstatic.com *.gstatic.com https://www.facebook.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; manifest-src 'self' *.cloudfront.net *.doctoraki.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; form-action 'self' *.doctoraki.com *.doubleclick.net https://www.google.com *.firebaseapp.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; frame-src 'self' blob: *.doctoraki.com *.doubleclick.net https://www.google.com *.firebaseapp.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; worker-src 'self' blob:; base-uri 'self'; object-src 'none'; 1
default-src https: 'unsafe-eval' 'unsafe-inline' data:;  font-src https: data:; object-src 'none'; 1
base-uri 'none'; child-src 'self' blob: data: optifleet.net api.optifleet.net app.optifleet.net; connect-src 'self' *.api.here.com *.api.sanity.io *.apicalsolutions.com *.apicdn.sanity.io *.app.prod.shared.eu.vgtng.volvo.com *.demo.api.here.com *.execute-api.eu-north-1.amazonaws.com *.googleapis.com *.here.com *.hereapi.com *.ls.hereapi.com *.prod.shared.eu.vgtng.volvo.com *.prod.shared.us-east-1.prod.aws.vgthosting.net *.prod.shared.us.vgtng.volvo.com *.pusherplatform.io *.s3.amazonaws.com *.screencast.com *.sendbird.com *.tile.openstreetmap.org *.walkme.com *.youtube.com api.optifleet.net api.eu.vgcs.volvo.com api.gdsp.volvo.com api.na.vgcs.volvo.com api.sanity.io api.volvotrucks.com apical.uksouth.cloudapp.azure.com apicdn.sanity.io assets.volvo.com buttons.github.io cdn.cookielaw.org cdn.sanity.io cdnjs.cloudflare.com chatkit-file-service-us1.s3.amazonaws.com d3b3ehuo35wzeh.cloudfront.net dev1-publish.volvo.netcentric.biz doubleclick.net fonts.gstatic.com gateway-prod.azure-api.net gdsp-resources.azureedge.net https://iot-vgcs-dc-gw.apicalsolutions.com/api/ prod-vgcs-dc-gw.apicalsolutions.com https://qa-vgcs-dc-gw.apicalsolutions.com/api/ login.optifleet.net login.microsoftonline.com login.prod.optifleet.net login.support.na.prod.vg-cs.com natelematics.com oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net oprepo.prod.shared.eu.prod.aws.vgthosting.net prod.api.volvotrucks.com qa.natelematics.com resources.gdsp.volvo.com s3.walkmeusercontent.com sendbird.com storybook.js.org suptl.prod.shared.eu-west-1.prod.aws.vgthosting.net uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net vconnect.sems.ws vfs-customerconnect-api.azurewebsites.net vfsvolvoconnectapidev.azurewebsites.net vg-vfs-volvoconnect-api-dev.azurewebsites.net vgcs-atom.s3.eu-north-1.amazonaws.com vtrucks.prod.sems.ws wss://*.app.prod.shared.eu.vgtng.volvo.com wss://*.app.prod.shared.us.vgtng.volvo.com wss://*.prod.shared.eu.vgtng.volvo.com wss://*.prod.shared.us.vgtng.volvo.com wss://*.pusherplatform.io wss://*.sendbird.com wss://api.optifleet.net wss://oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net wss://sendbird.com www.google-analytics.com www.volvobuses.com wss://57tklffer0.execute-api.eu-north-1.amazonaws.com nln43j2hm8.execute-api.eu-west-1.amazonaws.com vfsvolvoconnectapiqa.azurewebsites.net vfsvolvoconnectapiprod.azurewebsites.net wss://logbrary.prod.shared.eu-west-1.prod.aws.vgthosting.net logbrary.prod.shared.eu-west-1.prod.aws.vgthosting.net *.vgcs-atom.com wss://ws.transport-engine.prod.vgcs-atom.com transport-pattern.prod.vgcs-atom.com wss://*.vgcs-atom.com neuronths.com logbrary.prod.shared.eu-west-1.prod.aws.vgthosting.net resources.gdsp.volvo.com qa.natelematics.com *.adobedtm.com *.assetsadobe.com s3-eu.walkmeusercontent.com ec.walkme.com maps.gstatic.com api.natelematics.com us-east-1.quicksight.aws.amazon.com api.natelematics.com privacyportal-de.onetrust.com api.na.vgcs.volvo.com api.optifleet-evol.net demdex.net volvogroup.data.adobedc.net *.demdex.net *.everesttech.net everesttech.net *.adobedc.net adobedc.net api.optifleet.net api.renault-trucks.com *.volvobuses.com s3.eu-west-1.amazonaws.com volvobuses.com api.met.no volvobuses.com de.qa.l-os.com vbap-dev-euw-func-01.azurewebsites.net asddkawasdsdasd api.ko.vgcs.volvo.com *.prod.vg-cs.com wss://api.eu.vgcs.volvo.com wss://api.na.vgcs.volvo.com *.gdsp.volvo.com stage-volvobuses-com.aws.43636.vnonprod.com vbap-prod-euw-func-01.azurewebsites.net sentry.io *.sentry.io s3.eu-central-1.amazonaws.com api.eu.vgcs.volvo.com api.positronrt.com.br positronrtauth.positronrt.com.br dev-api.positronrt.com.br *.aidenbackend.com 0psyf9f4dk.execute-api.eu-west-1.amazonaws.com kbjp4quhq6.execute-api.eu-west-1.amazonaws.com 3ijxfboc28.execute-api.eu-west-1.amazonaws.com *.openstreetmap.org *.stadiamaps.com *.positronrt.com.br dashboard.natelematics.com dashboard.dev.natelematics.com dashboard.qa.natelematics.com dashboard.test.natelematics.com aswespcdev2dw4-backend.azurewebsites.net blob: data: iw.maintenanceplan-back.renault-trucks.com iw.maintenanceplan-back-qa.renault-trucks.com https://*.execute-api.eu-west-1.amazonaws.com https://snac.vc.prod.vg-cs.net stablegw.prod.shared.eu.vgtng.volvo.com; default-src optifleet.net; font-src 'self' *.googleapis.com *.screencast.com *.sendbird.com *.walkme.com 3b3ehuo35wzeh.cloudfront.net api.eu.prod.vgcs.volvo.com api.eu.vgcs.volvo.com api.gdsp.volvo.com api.na.prod.vgcs.volvo.com api.prod.vgcs.volvo.com buttons.github.io cdnjs.cloudflare.com chatkit-file-service-us1.s3.amazonaws.com chrome-extension: data: doubleclick.net fonts.gstatic.com gdsp-resources.azureedge.net login.optifleet.net maps.gstatic.com oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net prod.api.volvotrucks.com resources.gdsp.volvo.com s3.walkmeusercontent.com sendbird.com stats.g.doubleclick.net storybook.js.org uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net vgcs-atom.s3.eu-north-1.amazonaws.com *.assetsadobe.com us-east-1.quicksight.aws.amazon.com *.gdsp.volvo.com; form-action 'self' *.app.prod.shared.eu.vgtng.volvo.com *.prod.shared.eu.vgtng.volvo.com *.prod.shared.us.vgtng.volvo.com optifleet.net api.optifleet.net login.optifleet.net api.na.vgcs.volvo.com api.eu.vgcs.volvo.com; frame-ancestors 'self'; frame-src 'self' *.app.prod.shared.eu.vgtng.volvo.com *.prod.shared.eu.vgtng.volvo.com *.prod.shared.us.vgtng.volvo.com *.sendbird.com *.walkme.com api.optifleet.net api.eu.prod.vgcs.volvo.com api.eu.vgcs.volvo.com api.na.prod.vgcs.volvo.com api.prod.vgcs.volvo.com app.optifleet.net blob: chatkit-file-service-us1.s3.amazonaws.com d3b3ehuo35wzeh.cloudfront.net data: doubleclick.net https://login.microsoftonline.com login.optifleet.net natelematics.com oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net prod.api.volvotrucks.com qa.natelematics.com s3.walkmeusercontent.com sendbird.com stats.g.doubleclick.net storybook.js.org suptl.prod.shared.eu-west-1.prod.aws.vgthosting.net uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net suptl.prod.shared.us-east-1.prod.aws.vgthosting.net s3.eu-west-1.amazonaws.com us-east-1.quicksight.aws.amazon.com s3.amazonaws.com *.demdex.net demdex.net *.gdsp.volvo.com tnc.optifleet.net tnc.support.na.iot1.vg-cs.com tnc.support.eu.iot1.vg-cs.com tnc.support.na.qa.vg-cs.com tnc.support.eu.qa.vg-cs.com *.volvotrucks.us * volvotrucks.ca *.macktrucks.com; img-src 'self' *.api.here.com *.demo.api.here.com *.googleapis.com *.here.com *.hereapi.com *.ls.hereapi.com *.s3.amazonaws.com *.screencast.com *.sendbird.com *.tile.openstreetmap.org *.walkme.com api.eu.prod.vgcs.volvo.com api.eu.vgcs.volvo.com api.gdsp.volvo.com api.na.prod.vgcs.volvo.com api.prod.vgcs.volvo.com assets.volvo.com blob: buttons.github.io cdn.sanity.io cdnjs.cloudflare.com chatkit-file-service-us1.s3.amazonaws.com d2qhvajt3imc89.cloudfront.net d3b3ehuo35wzeh.cloudfront.net data: dev1-publish.volvo.netcentric.biz doubleclick.net fonts.gstatic.com gdsp-resources.azureedge.net login.optifleet.net maps.gstatic.com oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net prod.api.volvotrucks.com resources.gdsp.volvo.com s3.walkmeusercontent.com sendbird.com ssl.gstatic.com stats.g.doubleclick.net storybook.js.org uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net vgcs-atom.s3.eu-north-1.amazonaws.com www.google-analytics.com www.volvobuses.com *.vgcs-atom.com *.adobedtm.com *.assetsadobe.com some.domain.somewhere s3-eu.walkmeusercontent.com us-east-1.quicksight.aws.amazon.com volvogroup.data.adobedc.net *.everesttech.net *.demdex.net demdex.net everesttech.net adobedc.net *.adobedc.net *.gdsp.volvo.com s3.eu-central-1.amazonaws.com asd assets.dev.aidenbackend.com *.openstreetmap.org *.stadiamaps.com  s3.eu-west-1.amazonaws.com; manifest-src 'self'; media-src assets.volvo.com *.vgcs-atom.com 'self' s3.eu-central-1.amazonaws.com; object-src 'none'; report-to csp-endpoint; report-uri https://55dafc20b00345383dabdc090f37b786.report-uri.com/r/t/csp/enforce https://api.eu.vgcs.volvo.com/sentry/api/2/security/?sentry_key=4cf46b8c92821e51de651ec6914ce9a0; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.app.prod.shared.eu.vgtng.volvo.com *.googleapis.com *.prod.shared.eu.vgtng.volvo.com *.prod.shared.us.vgtng.volvo.com *.screencast.com *.sendbird.com *.walkme.com api-qa.gdsp.volvo.com api.optifleet.net api.gdsp.volvo.com buttons.github.io cdn.cookielaw.org cdn.sanity.io cdnjs.cloudflare.com chatkit-file-service-us1.s3.amazonaws.com d3b3ehuo35wzeh.cloudfront.net d3sbxpiag177w8.cloudfront.net dev1-publish.volvo.netcentric.biz doubleclick.net fonts.googleapis.com gdsp-resources.azureedge.net login.optifleet.net login.prod.optifleet.net oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net prod.api.volvotrucks.com stats.g.doubleclick.net resources.gdsp.volvo.com s3.walkmeusercontent.com sendbird.com storybook.js.org uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net vgcs-atom.s3.eu-north-1.amazonaws.com www.google-analytics.com www.googletagmanager.com www.volvobuses.com *.vgcs-atom.com *.adobedtm.com *.assetsadobe.com us-east-1.quicksight.aws.amazon.com volvogroup.data.adobedc.net *.gdsp.volvo.com; style-src 'self' 'unsafe-inline' *.api.here.com *.demo.api.here.com *.googleapis.com *.here.com *.hereapi.com *.ls.hereapi.com *.screencast.com *.sendbird.com *.walkme.com api-qa.gdsp.volvo.com api.eu.prod.vgcs.volvo.com api.eu.vgcs.volvo.com api.gdsp.volvo.com api.na.prod.vgcs.volvo.com api.prod.vgcs.volvo.com buttons.github.io cdn.sanity.io cdnjs.cloudflare.com chatkit-file-service-us1.s3.amazonaws.com d3b3ehuo35wzeh.cloudfront.net doubleclick.net fonts.googleapis.com gdsp-resources.azureedge.net login.optifleet.net login.prod.optifleet.net oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net prod.api.volvotrucks.com resources.gdsp.volvo.com s3.walkmeusercontent.com sendbird.com stats.g.doubleclick.net storybook.js.org tagmanager.google.com uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net vgcs-atom.s3.eu-north-1.amazonaws.com *.vgcs-atom.com *.adobedtm.com *.assetsadobe.com us-east-1.quicksight.aws.amazon.com volvogroup.data.adobedc.net *.gdsp.volvo.com; upgrade-insecure-requests; worker-src 'self' blob: data: eu-cdn.walkme.com *.walkme.com walkme.com; 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' blob:; frame-src 'self' https: blob:; 1
frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://ajax.cloudflare.com https://cdnjs.cloudflare.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://maps.googleapis.com https://snap.licdn.com https://connect.facebook.net https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://acsbap.com https://cdn.acsbapp.com https://acsbapp.com; object-src 'none'; base-uri 'none'; 1
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://ajax.googleapis.com  https://www.googleadservices.com  https://www.google.com  https://www.googletagmanager.com  https://twitter.com  https://www.bbb.org  https://www.instagram.com  https://www.greenhousefabrics.com  https://www.sunbrella.com  https://cdn.jsdelivr.net  https://www.houzz.com  https://updates.expressionengine.com  https://www.youtube.com  https://www.reuters.com  https://www.ftc.gov  https://www.elevatementalhealth.com  https://earth.org  https://www.destinationunknown.life  https://www.victorianweb.org  https://www.etsy.com  https://www.theguardian.com  https://www.knobs.co  https://www.bhg.com  https://utopiamanagement.com  https://www.melissabennettheinz.com  https://kfblaw.com  https://www.barnlight.com  https://www.allseasonsresortlodging.com  https://docpro.com  https://www.orangeries-uk.co.uk  https://www.consumerreports.org  https://www.choosingtherapy.com  https://www.archute.com  https://www.enjoyillinois.com  https://google.com  https://www.restaurantji.com  https://www.arthurcheesefestival.com  https://www.thelittletheatre.org  https://bettersleep.org  https://artsandcraftshomes.com  https://us.fsc.org  https://www.cpsc.gov  https://www.hgtv.com  https://scripts.countrysideamishfurniture.com  https://_.salesforce.com  https://_.force.com  https://_.visualforce.com  https://webto.salesforce.com  https://cdn.livechatinc.com  https://www.gstatic.com  https://chimpstatic.com  https://ct.pinterest.com  https://www.facebook.com  https://www.google-analytics.com  https://connect.facebook.net  https://api.livechatinc.com  https://s.pinimg.com;  style-src 'self' 'unsafe-inline'  https://www.google.com  https://fonts.googleapis.com  https://cdn.jsdelivr.net;  img-src 'self' https: data:  https://cdn.livechat-files.com  https://www.gstatic.com  https://www.google.com;  frame-src 'self'  https://player.vimeo.com  https://www.youtube.com  https://_.force.com  https://_.visualforce.com  https://www.google.com  https://secure.livechatinc.com  https://ct.pinterest.com;  font-src 'self' data:  https://fonts.gstatic.com  https://staticw2.yotpo.com;  connect-src 'self'  wss://api.livechatinc.com  https://_.salesforce.com  https://\*.force.com  https://updates.expressionengine.com  https://webto.salesforce.com  https://cdn.livechatinc.com  https://google.com  https://chimpstatic.com  https://www.google-analytics.com  https://stats.g.doubleclick.net  https://api.livechatinc.com  https://ct.pinterest.com;  worker-src 'self' blob:;  object-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://*.google.com https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://ssl.google-analytics.com https://maps.googleapis.com/ https://fitbank.com.br/ blob: https://*.googletagmanager.com/ https://*.cloudfront.net/ https://*.cloudflare.com/ https://cdn.leadster.com.br/ https://www.youtube.com/ https://www.gstatic.com https://translate.google.com/ https://translate.googleapis.com/ https://translate-pa.googleapis.com/ https://*.rdstation.com.br https://*.rdstation.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fitbank.com.br/ https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ https://www.gstatic.com/; font-src 'self' 'unsafe-inline' https://fitbank.com.br/ data: https://fonts.gstatic.com/ https://cdn.linearicons.com/; img-src 'self' 'unsafe-inline' https://*.gstatic.com https://www.google.com/ https://www.google-analytics.com/ https://www.google.com.br/ https://elequerybuilder.com/ https://secure.gravatar.com/ https://fitbank.com.br/ data: https://cdn.neurologic.com.br/ https://*.cloudfront.net/ https://cdnjs.cloudflare.com/ www.googletagmanager.com; connect-src 'self' 'unsafe-inline' https://gyruss.rdops.systems/ https://*.googleapis.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://analytics.google.com/ https://yoast.com/ https://fitbank.com.br/ https://*.rdstation.com https://*.rdstation.com.br/ https://app.leadster.com.br/; frame-src 'self' 'unsafe-inline' https://*.doubleclick.net https://www.google.com/ https://bid.g.doubleclick.net https://fitbank.com.br/ https://www.youtube.com/; frame-ancestors 'self' https://fitbank.com.br/ 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.cdomagazine.tech;block-all-mixed-content; 1
form-action 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://cdn.datatables.net https://cdn.rawgit.com https://code.jquery.com/ https://netdna.bootstrapcdn.com https://oss.maxcdn.com https://ajax.googleapis.com https://secure.transaxgateway.com https://secure.gwintegration.com https://www.providesupport.com https://download.macromedia.com https://www.macromedia.com 1
default-src 'none'; img-src 'self' uploads-ssl.webflow.com; frame-src 'self' www.youtube.com uploads-ssl.webflow.com docs.google.com; script-src 'self' ajax.googleapis.com d3e54v103j8qbb.cloudfront.net www.googletagmanager.com flowbase.s3-ap-southeast-2.amazonaws.com 'sha256-G8Th/FgKUVHSzcYcwCsqZDp4DxbB3uuou+VpYoVXcYE=' 'sha256-RkNWH1uhgh9cCdS5RfG4e2vgJ6QLJ+c/bRgtJB3+62M=' 'sha256-5Itx2ub/C4ZEeDwiNMMOJF+d1YzBgXYWkNMkSA866Wk=' 'sha256-mjdgHR9aXy+6OwAGlNS/XgNcYG1Uhd2U4pl8vi7+XCY=' 'sha256-G3YTzLSQsz/qQ8iUj1T1dZ0cA7jwIhf0icKBh3hnB/8=' 'sha256-GMwu3tmxCNPN0EVKortGPts6rN9QyDm0WM0Ofdy/5xU=' 'sha256-3WpJZpuJTTPVdVqTf561c2H3tWs/SatVuugdsb/RD1s=' 'sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=' 'sha256-sNOE0XnP7muH3lSE3PASjatR5KCPcFIJ0FexHXUNp9o=' 'sha256-UiXlt9djFx1o7crFtCH7sUqquV6B2BX9ozY9jqs43JE=' 'sha256-l32kuTgbhZFV7YL2q1Sv/65m8dy+QzAV1CjPDUML0hE=' 'sha256-D19Ce/HGDqs8jiXuCBdo9AEPFMMYRUZdZhmsNnXz0aA=' 'sha256-ZqhM5xQOj0Og/l+8qEbc5F5YYumTdWvc5mtn7dECFuE=' 'sha256-Uhqsg0FxrkcWII28klOFxfL1TW+GWXvDxreIKQecN5s=' 'sha256-UiXlt9djFx1o7crFtCH7sUqquV6B2BX9ozY9jqs43JE=' 'sha256-+8XG1SFvZQ9KnM87nVtyBE0rMzbhJDr7KyHnEOx8k98=' 'sha256-GAOOty/x8lJWSqFhKpRnwLWmhYG6MIfKq3d0smTBDPA=' 'sha256-OBa/az5rppbgzmKABv0yaqVIXv83SJSYQj8W4zKNs3Y=' 'sha256-alQkhzRik30p4D42M4x52HUwzK1/HLrcDh9ydLkkoOI='; style-src 'self' www.googletagmanager.com fonts.googleapis.com 'sha256-YouyPT/JXg7oOaocihuM0L2FxOjeIjIfMXNCzxtVVaI=' 'sha256-InzV3AaMTxZMjdArs/PQvg7QVKh9BJGW+SpDiR05dM8=' 'sha256-MFh8Vms2/UD1bP/KYHoVP4yuqXCBKYjfy6vGuzGOyEY=' 'sha256-rXPbZr56nIG/YLWiZqXjQz2wCUSDtDrW0kI46eCdGF0=' 'sha256-LRiihaTHKOtSN5Ua72Hrqca4QNTIcbPrY5lEOljZfyg=' 'sha256-bqgVFAGoMCIH3uPI1x7WULXrgg2i8CUGiR8IDU1plKc=' 'sha256-qsp6oLur8yj8HQHcNzYMiW9JYUWaAU9E8vvN4CHrLlE=' 'sha256-XzESg1MV9xr5LI2DWRrmtnuMCW36kgLO1TH+c7mg42E=' 'sha256-rMyTktBF+XY5xZq7SXRA3vsf0aAV3B4f0EJZ4Bh/xqM=' 'sha256-dgOrRcyTPAZycoXnq4bmXJX2FN76ED0xTRrqGh+2TGc=' 'sha256-FYXEZVMnK7sZ3BEoDTMVB3gRvBU8YuRzruGARw7xJtI=' 'sha256-RkNWH1uhgh9cCdS5RfG4e2vgJ6QLJ+c/bRgtJB3+62M=' 'sha256-o8fpIbA6HCvczFEPWD4Irhums8Qw7cib0sygBDHeYSM=' 'sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=' 'sha256-sNOE0XnP7muH3lSE3PASjatR5KCPcFIJ0FexHXUNp9o=' 'sha256-UiXlt9djFx1o7crFtCH7sUqquV6B2BX9ozY9jqs43JE=' 'sha256-D19Ce/HGDqs8jiXuCBdo9AEPFMMYRUZdZhmsNnXz0aA=' 'sha256-ZqhM5xQOj0Og/l+8qEbc5F5YYumTdWvc5mtn7dECFuE=' 'sha256-Uhqsg0FxrkcWII28klOFxfL1TW+GWXvDxreIKQecN5s=' 'sha256-UiXlt9djFx1o7crFtCH7sUqquV6B2BX9ozY9jqs43JE=' 'sha256-tTgjrFAQDNcRW/9ebtwfDewCTgZMFnKpGa9tcHFyvcs=' 'sha256-+8XG1SFvZQ9KnM87nVtyBE0rMzbhJDr7KyHnEOx8k98=' 'sha256-GAOOty/x8lJWSqFhKpRnwLWmhYG6MIfKq3d0smTBDPA=' 'sha256-OBa/az5rppbgzmKABv0yaqVIXv83SJSYQj8W4zKNs3Y=' 'sha256-alQkhzRik30p4D42M4x52HUwzK1/HLrcDh9ydLkkoOI=' 'sha256-l32kuTgbhZFV7YL2q1Sv/65m8dy+QzAV1CjPDUML0hE='; object-src 'none'; font-src 'self' data: fonts.gstatic.com 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com www.tjk-njk.com *.exoclick.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.porn.sc/csp-reports; report-to csp-endpoint 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://ajax.googleapis.com https://cdn.rawgit.com https://cdn.jsdelivr.net *.intercom.io *.intercomcdn.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.jquery.com *.typekit.net https://fonts.googleapis.com https://cdn.rawgit.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com *.fontawesome.com; img-src * data: blob:; connect-src 'self' *.cytracom.net *.intercom.io wss://nexus-websocket-a.intercom.io *.vorexlogin.com *.kaseya.com *.kaseya.net https://api.vorexlogin.com; font-src 'self' data: *.typekit.net https://fonts.gstatic.com *.bootstrapcdn.com *.intercomcdn.com *.fontawesome.com; frame-src 'self' wss: liveconnect: pwy-rd: https://*.vorexlogin.com https://*.vsax.net https://fast.wistia.net https://*.customerthermometer.com https://player.vimeo.com/ https://*.adaptivecatalog.com; media-src 'self' *.intercomcdn.com 1
script-src 'report-sample' 'strict-dynamic' 'self' 'unsafe-eval' 'nonce-/0DRFTqmO2lYMQhE2j24kT1Aamh93M9hjZxX9a7zQR4=' https://consent.cookiebot.com https://consent.cookiebot.com/uc.js https://consentcdn.cookiebot.com/consentconfig/6fa13bb1-e8ba-40b0-af4e-254d9f369605/state.js https://www.youtube.com https://consentcdn.cookiebot.com/consentconfig/99acbe5d-d66a-45d0-80ca-556dbd42b977/state.js https://consentcdn.cookiebot.com/consentconfig/2f67df6e-8e96-4445-969f-6fa4bec02c91/state.js https://embed.typeform.com/next/embed.js https://js.monitor.azure.com/scripts/b/ai.2.min.js https://*.worldpay.com https://static.srcspot.com/libs/casey.js https://www.clarity.ms https://*.freshdesk.com https://*.freshchat.com https://*.freshworks.com https://www.googletagmanager.com/gtm.js https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.youtube.com/s/player/42a553e1/www-widgetapi.vflset/www-widgetapi.js;style-src 'report-sample' 'self' 'unsafe-inline' https://www.fundsmith.eu https://embed.typeform.com https://fonts.googleapis.com https://*.freshdesk.com https://*.freshchat.com https://*.freshworks.com https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://www.gstatic.com https://consent.cookiebot.com;object-src 'none';base-uri 'self';connect-src 'self' https://*.clarity.ms/collect https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://apis.google.com https://*.freshdesk.com https://*.freshchat.com https://*.freshworks.com https://analytics.google.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://dc.services.visualstudio.com https://fundsmith.cloudflareaccess.com https://region1.analytics.google.com https://region1.google-analytics.com https://translate.googleapis.com https://vimeo.com https://webservices.data-8.co.uk https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;font-src 'self' data: https://*.freshdesk.com https://*.freshchat.com https://*.freshworks.com https://cdnjs.cloudflare.com https://fonts.gstatic.com;frame-src 'self' https://support.google.com https://*.freshdesk.com https://*.freshchat.com https://*.freshworks.com https://consentcdn.cookiebot.com https://form.typeform.com https://*.worldpay.com https://player.vimeo.com https://w.soundcloud.com https://www.googletagmanager.com https://www.youtube.com https://www2.fundsmith.co.uk;img-src 'self' blob: data: https://*.clarity.ms https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://fonts.gstatic.com https://i.vimeocdn.com https://i.ytimg.com https://i3.ytimg.com https://img.youtube.com https://imgsct.cookiebot.com https://region1.google-analytics.com https://tracker.live.rns-distribution.com https://translate.google.com https://www.fundsmith.co.uk https://*.google-analytics.com https://*.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.sharesmagazine.co.uk https://*.freshdesk.com https://*.freshchat.com https://*.freshworks.com;manifest-src 'self'; media-src 'self'; worker-src 'self';report-uri https://fundsmith.report-uri.com/r/t/csp/enforce; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com js.stripe.com stats.encodecloud.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ sibautomation.com sibforms.com api.ipify.org meetings.brevo.com cdn.cookielaw.org; script-src-elem 'self' 'unsafe-inline' encode.agency stats.encodecloud.net js.stripe.com www.google.com www.googletagmanager.com www.gstatic.com downloads-global.3cx.com sibforms.com api.ipify.org sibautomation.com videopress.com meetings.brevo.com conversations-widget.brevo.com gist.github.com/nbwpuk/ challenges.cloudflare.com easydmarc.com/tools/  cdn.cookielaw.org; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' translate.googleapis.com sibforms.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com sibforms.com github.githubassets.com www.gstatic.com  meetings.brevo.com; style-src-attr 'unsafe-inline'; img-src 'self' data: encode.agency stats.encodecloud.net *.google-analytics.com lh3.googleusercontent.com translate.google.com www.gravatar.com www.gstatic.com fonts.gstatic.com i.ytimg.com *.w.org cdn.cookielaw.org; font-src 'self' fonts.gstatic.com designsystem.brevo.com assets.brevo.com; connect-src 'self' js.stripe.com stats.encodecloud.net cdn.cookielaw.org *.google-analytics.com in-automate.brevo.com translate.googleapis.com *.sibforms.com *.onetrust.com; media-src data:; child-src www.google.com www.youtube-nocookie.com; frame-src 'self' encode.agency challenges.cloudflare.com js.stripe.com m.youtube.com wpmudev.com www.google.com www.youtube-nocookie.com www.youtube.com calendar.google.com encodedothost.github.io premium.wpmudev.org videopress.com meet.brevo.com sibautomation.com conversations-widget.brevo.com wl.hetrixtools.com easydmarc.com/tools/; worker-src 'self'; form-action 'self' www.local-marketing-reports.com; upgrade-insecure-requests; manifest-src 'self';frame-ancestors 'self'; report-uri https://encodedothost.report-uri.com/r/d/csp/enforce 1
default-src * data: blob: 'self';script-src *.itewb.gov.in 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.itewb.gov.in itewb.gov.in ws://localhost:* blob:  'self';block-all-mixed-content;upgrade-insecure-requests; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ *.ownid.com*; object-src *; style-src * 'self' 'unsafe-inline' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; img-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; media-src *; frame-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; connect-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ *.ownid.com* 1
default-src 'self' 'unsafe-eval'; object-src 'none'; 1
frame-ancestors 'self' https://seekbeak.com https://th-ab.expo-ip.com https://www.profi4project.com https://kundenportal.pass-consulting.com https://mailings.pass-consulting.com https://media.pass-consulting.com; report-uri /report-csp/; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' * blob: 194.30.79.53; 1
frame-ancestors https://iaugmenthrj.azurewebsites.net https://iaugmenthrjuat.azurewebsites.net https://iaugmentfsil.azurewebsites.net https://houseofjohnson.in https://www.houseofjohnson.in https://b3live.com https://www.nobiliaindia.com https://vyr.hrjohnsonindia.com 1
default-src 'none';font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com;frame-src 'self' https://www.youtube.com/ https://consentcdn.cookiebot.com https://forms-eu1.hsforms.com/ *.hs-sites-eu1.com;img-src 'self' data: www.googletagmanager.com https://forms.hsforms.com https://forms-eu1.hsforms.com https://i.ytimg.com https://imgsct.cookiebot.com https://perf-eu1.hsforms.com https://track-eu1.hubspot.com;media-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://js-eu1.hsforms.net https://js-eu1.hs-scripts.com https://consent.cookiebot.com https://*.skyra.no https://consentcdn.cookiebot.com https://js-eu1.hs-banner.com https://js-eu1.hs-analytics.net https://js-eu1.hscollectedforms.net https://js-eu1.hubspot.com;style-src 'self' 'unsafe-inline';style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com;connect-src 'self' https://forms-eu1.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://region1.google-analytics.com https://js-eu1.hs-scripts.com https://*.skyra.no https://consentcdn.cookiebot.com https://cta-eu1.hubspot.com https://forms-eu1.hscollectedforms.net https://track-eu1.hubspot.com https://www.googletagmanager.com https://www.google-analytics.com;frame-ancestors 'self'; 1
frame-ancestors *.imu.nl *.phoenixsite.nl apprenticexm.nl  1
connect-src 'self'  wss://*.klassroom.co https://*.com https://*.co https://*.fr https://*.ly https://*.klass.ly http://*.com http://*.co http://*.fr https://*.klassroom.co  data:; 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https://www.google.it https://www.facebook.com https://cdn.roomvo.com https://res.cloudinary.com https://fastly.picsum.photos https://picsum.photos https://cms-mirage.it https://staging-cms.mirage.it https://mirage-cdn.thron.com https://googletagmanager.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'strict-dynamic' 'nonce-4qeakr9liMhm7nH20CXrlA=='; upgrade-insecure-requests; 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.google-analytics.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: *.google-analytics.com *.analytics.google.com; font-src 'self' data: https:; connect-src 'self' https: wss: *.google-analytics.com *.analytics.google.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; 1
connect-src 'self' https://planner5d.com https://*.planner5d.com https://planner5d.pro https://*.planner5d.pro https://dev.planner5d.pro:4000 wss://planner5d.pro/api/ws wss://*.planner5d.pro/api/ws wss://dev.planner5d.pro/api/ws https://*.google.com https://*.google.lt https://*.analytics.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://www.google.co.il https://www.google.es https://*.googletagmanager.com https://*.devtodev.com https://*.taboola.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://www.facebook.com https://widget.freshworks.com https://planner5d.freshdesk.com https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://*.wisepops.com https://*.stripe.com https://*.paypal.com https://*.paymentwall.com https://*.surveymonkey.com https://vimeo.com https://*.vimeo.com https://bat.bing.com https://sentry.planner5d.com wss://planner5d.com:21344/ws wss://planner5d.com:31673/ws https://respondent.survicate.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.onetrust.com https://*.adjust.com https://*.adjust.world https://app.adjust.net.in https://*.pinterest.com https://*.webgains.io; frame-src 'self' https://www.google.com https://optimize.google.com https://vars.hotjar.com https://planner5d.com https://*.planner5d.com https://*.stripe.com https://*.paypal.com https://*.paypalobjects.com https://player.vimeo.com https://*.surveymonkey.com https://*.facebook.com https://*.pinterest.com https://*.youtube.com https://intercom-sheets.com/ https://tool.planner5d.com https://td.doubleclick.net https://*.xsolla.com/ https://calendly.com/ http://localhost https://*.s-onetag.com https://*.lijit.com; style-src 'self' 'unsafe-inline' https://planner5d.com https://widget.freshworks.com https://*.googleapis.com https://optimize.google.com https://*.survicate.com https://*.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' 'unsafe-hashes' https://planner5d.com https://*.planner5d.com https://widget.freshworks.com https://*.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://connect.facebook.net https://*.hotjar.com https://www.google.com https://www.google.lt https://optimize.google.com https://www.googleadservices.com https://adservice.google.com https://*.taboola.com https://*.devtodev.com https://*.stripe.com https://*.paypal.com https://*.paypalobjects.com https://cdnjs.cloudflare.com https://*.vimeo.com https://*.surveymonkey.com https://bat.bing.com https://*.youtube.com https://*.intercom.io https://js.intercomcdn.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.survicate.com https://*.wisepops.com https://*.wisepops.net https://wisepops.net https://*.adjust.com https://s.pinimg.com https://xsolla.com https://*.xsolla.com https://webgains.io https://*.webgains.io https://*.googleoptimize.com https://assets.calendly.com/; frame-ancestors 'self' https://planner5d.com https://tool.planner5d.com https://*.staging.d5rennalp.xyz http://localhost:3003 http://localhost:80 http://localhost; 1
font-src *.klarnacdn.net *.fontawesome.com *.gstatic.com data: script.hotjar.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * big.g.doubleclick.net vars.hotjar.com optimize.google.com *.facebook.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google.com *.google.no *.google.se *.google.fi *.google.ro *.google.pl *.google.dk *.gstatic.com *.google-analytics.com *.googleadservices.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.hsforms.net *.hsforms.com 'self' data: blob: *.facebook.com *.fastly.net *.google.lt *.google.de *.google.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.klarna.com *.klarnacdn.net *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://storage.googleapis.com/ https://api.mapbox.com/ *.google.com *.gstatic.com *.google-analytics.com *.googleanalytics.com *.googleadservices.com *.googleoptimize.com *.doubleclick.net static.hotjar.com script.hotjar.io *.hsforms.net *.hsforms.com cdn.jsdelivr.net js-agent.newrelic.com *.zdassets.com *.hotjar.com *.facebook.net *.googletagmanager.com rawcdn.githack.com *.zopim.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.klarnacdn.net *.fontawesome.com unsafe-inline assets.braintreegateway.com *.gstatic.com *.googleapis.com *.google.com *.sandnes-garn.be *.sandnesgarn.no cloud.typography.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://storage.googleapis.com/ https://api.mapbox.com/ https://events.mapbox.com/ *.google-analytics.com *.doubleclick.net *.hotjar.com vc.hotjar.io surveystats.hotjar.io wss://*.hotjar.com *.googleapis.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com *.googlesyndication.com *.hotjar.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://eng.vdc.dev/csp-report; report-to report-endpoint; 1
upgrade-insecure-requests; X-Frame-Options:SAMEORIGIN; 1
img-src 'self' data: blob: https://*.yo-digital.com https://*.tv3cloud.com https://*.google-analytics.com https://*.googletagmanager.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.tv.yo-digital.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.yo-digital.com https://cdnjs.cloudflare.com; font-src 'self' data: https://*.yo-digital.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src 'self' https://*.googletagmanager.com; worker-src 'self' https://*.yo-digital.com blob: data:; media-src 'self' blob: *; connect-src 'self' *; base-uri 'self'; report-uri https://sentry.yo-digital.com/api/45/security/?sentry_key=c1c13041393d4227b418253fa7bb03fa; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.wpsandwatch.com *.wpsandwatch.net *.collect.igodigital.com *.adyen.com apps.bazaarvoice.com whirlpool-cdn.thron.com *.algolianet.com *.algolia.net *.ctfassets.net *.vtexassets.com https://vimeo.com *.vimeo.com *.vimeocdn.com *.sentry.io *.newrelic.com *.nr-data.net *.bazaarvoice.com *.onetrust.com *.cookielaw.org *.doubleclick.net *.youtube.com *.ytimg.com https://flagcdn.com s3-eu-west-1.amazonaws.com *.execute-api.eu-west-1.amazonaws.com *.facebook.com *.facebook.net *.pinimg.com *.pinterest.com *.paypal.com *.kitchenaid.ie *.airpr.com *.hotjar.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.hotjar.io *.dwin1.com *.awin1.com *.zenaps.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.upsellit.com https://the.sciencebehindecommerce.com https://*.qualtrics.com https://cdnjs.cloudflare.com https://api.sandbox.getalma.eu/v2/payments/eligibility https://api.getalma.eu/v2/payments/eligibility https://cdn.jsdelivr.net/npm/@alma/widgets@3.x.x/dist/widgets.min.css https://cdn.jsdelivr.net/npm/@alma/widgets@3.x.x/dist/widgets.umd.js https://osm.klarnaservices.com/lib.js https://x.klarnacdn.net/ui/fonts/v1.3/fonts.css *.contentsquare.net *.contentsquare.com *.criteo.com https://t.contentsquare.net app.contentsquare.com https://wepowerconnections.com https://lantern.roeyecdn.com https://lantern.roeye.com; img-src * data: ; media-src *; frame-src *; frame-ancestors 'self' 1
default-src 'self' ;    script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://bpu.com/* *.acsbapp.com *.acsbap.com acsbap.com acsbapp.com https://analytics.google.com/* http://connect.facebook.net/en_US/all.js http://platform.twitter.com/widgets.js http://script.crazyegg.com/pages/scripts/0030/8357.js https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.twitter.com https://apis.google.com/js/plusone.js https://platform.linkedin.com/in.js https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js https://static.ak.fbcdn.net https://cdn.syndication.twimg.com https://connect.facebook.net https://www.gstatic.com https://code.jquery.com https://api.kommunicate.io https://widget.kommunicate.io https://script.crazyegg.com https://cdn.kommunicate.io/ https://cdn.applozic.com https://www.youtube.com http://bpu.staging.whmi.biz http://www.bpu.staging.whmi.biz ;   connect-src 'self' *.acsbapp.com *.acsbap.com acsbap.com acsbapp.com *.wikipedia.org https://analytics.google.com/ https://pagestates-tracking.crazyegg.com/healthcheck https://assets-tracking.crazyegg.com/healthcheck https://www.facebook.com https://widget.kommunicate.io https://api.kommunicate.io/ https://www.google-analytics.com https://script.crazyegg.com https://stats.g.doubleclick.net https://cdn.kommunicate.io https://chat.kommunicate.io https://bots.kommunicate.io https://cdn.kommunicate.io/applozic/applozic.chat-6.1.1.min.js wss://socket4.kommunicate.io/ws https://secure-a.vimeocdn.com https://tracking.crazyegg.com wss://socket4.applozic.com;   style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://platform.twitter.com https://ton.twimg.com https://code.jquery.com https://widget.kommunicate.io https://api.kommunicate.io https://cdn.kommunicate.io https://stackpath.bootstrapcdn.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com ; img-src * data: ; media-src 'self' *.acsbapp.com *.acsbap.com acsbap.com acsbapp.com https://cdn.kommunicate.io ;   object-src 'self' ;    frame-src 'self' https://bpu.com https://www.youtube.com https://i.s-microsoft.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://www.google.com https://api.kommunicate.io https://web.facebook.com/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com v4.ai.ingka.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com translate-pa.googleapis.com www.youtube-nocookie.com www.youtube.com www.paypal.com blob: data: wss://web-api.ikea.com https://storage.googleapis.com/learnwithikeavideos/ unicorn-rainbow-flower.edgecompute.app ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com *.criteo.net *.criteo.com *.doubleclick.net *.facebook.com *.facebook.net www.googleadservices.com *.googlesyndication.com *.google.kr t1.daumcdn.net *.teads.tv *.cookielaw.org *.onetrust.com *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com www.googleapis.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
connect-src 'self' *.clarity.ms checkip.amazonaws.com *.mediapackage.sa-east-1.amazonaws.com *.streaming.media.azure.net cs-siteprd-001.search.windows.net *.grupoccr.com.br app-site-prd-002.azurewebsites.net maps.googleapis.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.handtalk.me https://stats.g.doubleclick.net https://*.analytics.google.com; script-src 'self' 'unsafe-eval' *.clarity.ms blob: unpkg.com connect.facebook.net www.google.com www.gstatic.com maps.googleapis.com 'unsafe-inline' https://*.googletagmanager.com https://tagmanager.google.com https://*.handtalk.me https://apis.google.com www.youtube.com cdn.jsdelivr.net/npm/hls.js@latest; frame-src 'self' *.facebook.com *.youtube.com *.google.com *.handtalk.me; media-src 'self' blob: *.grupoccr.com.br; default-src 'self'; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data: https://fonts.gstatic.com; frame-ancestors 'self'; img-src 'self' c.bing.com c.clarity.ms dev.day.com *.grupoccr.com.br img.youtube.com i.ytimg.com maps.googleapis.com *.google.com *.google.com.br maps.gstatic.com www.facebook.com data: https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com blob: https://*.handtalk.me https://fonts.gstatic.com; object-src 'none'; style-src 'self' https: 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; upgrade-insecure-requests 1
script-src 'self' https://n1ed.com https://cloud.n1ed.com code.jquery.com https://cdn.public.n1ed.com stackpath.bootstrapcdn.com cloud.n1ed.com n1ed.com https://fonts.gstatic.com cloud.flmngr.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com; script-src-elem 'self' cdn.public.n1ed.com cloud.n1ed.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com; frame-ancestors 'self' http://koens-nb.oma.be https://cloud.n1ed.com https://cdn.public.n1ed.com; report-uri https://www.sidc.be/report-uri/enforce 1
connect-src 'self' wss://*.upscope.io https://*.upscope.io https://sjmvgfnyja.execute-api.us-west-2.amazonaws.com https://mig-prod-connect-p-storg-bkt.s3.us-west-2.amazonaws.com https://d1lz30fckg5qs2.cloudfront.net https://participant.connect.us-west-2.amazonaws.com wss://*.transport.connect.us-west-2.amazonaws.com https://*.clarity.ms https://*.pendo.io https://*.bing.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com www.googletagmanager.com www.google-analytics.com wss://*.salemove.com wss://*.twilio.com https://*.twilio.com https://*.salemove.com https://*.everesttech.net https://assets.adobedtm.com https://*.omtrdc.net https://*.demdex.net https://*.powerreviews.com https://*.decibelinsight.net wss://*.decibelinsight.net *.mercuryinsurance.com https://service.maxymiser.net https://bs.serving-sys.com https://tags.bkrtx.com https://developers.google.com https://*.gomoxie.solutions https://maps.googleapis.com; frame-ancestors 'self' https://*.mercuryinsurance.com  https://*.mercuryfirst.com https://*.akstat.io https://*.go-mpulse.net https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com 1
default-src 'self' 'unsafe-inline'  http: https: data: ; style-src 'self' http://maxcdn.bootstrapcdn.com http://fonts.googleapis.com http://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; script-src 'self' http://localhost:51037 https://utility.arcgis.com 'unsafe-inline' 'unsafe-eval'; object-src 'self'; img-src 'self' https://utility.arcgis.com http://172.16.25.54:8181 'unsafe-inline' 'unsafe-eval' data:  1
default-src 'self'; font-src 'self' cdn.taxsee.com fonts.gstatic.com https://*.gstatic.com data: fonts.gstatic.com *.imgsmail.ru *.mail.ru *.mradx.net; frame-src 'self' https://*.doubleclick.net blob: https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md https://*.youtube.com www.google.com mediacdn.mediaad.org *.yektanet.com optimize.google.com *.fls.doubleclick.net www.aparat.com *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.vk.com mail.ru ok.ru vk.com challenges.cloudflare.com; img-src 'self' data: cdn.taxsee.com *.gstatic.com https://*.facebook.com https://*.facebook.net https://www.googletagmanager.com https://*.gstatic.com https://*.google-analytics.com https://*.doubleclick.net https://*.google.com https://vk.com https://*.vk.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md data: optimize.google.com www.google.com www.google.ru www.google.kz log.adtimaserver.vn analytics.pangle-ads.com *.imgsmail.ru *.mail.ru mail.ru trustseal.enamad.ir; script-src 'self' 'unsafe-inline' https://*.facebook.com https://*.facebook.net https://www.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.doubleclick.net https://top-fwz1.mail.ru https://analytics.tiktok.com https://vk.com https://*.vk.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md https://yastatic.net https://*.youtube.com 'unsafe-eval' *.yektanet.com *.mediaad.org unpkg.com www.gstatic.com www.googleoptimize.com optimize.google.com *.yandex.net *.google.ru *.google.kz *.g.doubleclick.net gstatic.com s.zzcdn.me www.aparat.com *.imgsmail.ru *.mail.ru *.mradx.net *.odnoklassniki.ru *.relap.io *.vk.com mail.ru vk.com *.ads-twitter.com challenges.cloudflare.com; media-src 'self' https://*.youtube.com *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.vk.com data: mail.ru ok.ru vk.com; child-src 'self' blob: https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md; connect-src 'self' https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://top-fwz1.mail.ru https://analytics.tiktok.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md https://*.doubleclick.net *.yektanet.com api.mediaad.org ma-cdn.pegah.tech log.adtimaserver.vn analytics.pangle-ads.com *.dzen.ru *.imgsmail.ru *.mail.ru *.mradx.net *.relap.io *.vk.com mail.ru relap.io vk.com; form-action 'self'; manifest-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.taxsee.com fonts.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com unpkg.com optimize.google.com *.imgsmail.ru *.mail.ru *.mradx.net; worker-src 'self'; frame-ancestors DENY; base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests 1
default-src * blob:; img-src * data: blob:; connect-src * wss: blob: resource:; frame-src *;script-src * 'unsafe-eval' 'unsafe-inline' blob:; style-src * 'unsafe-inline'; font-src * data:; 1
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' data:; frame-ancestors 'self' ; base-uri 'self'; 1
font-src *.fontawesome.com https://static.payzen.eu/static/ https://*.oney.io https://fonts.gstatic.com *.gstatic.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com data: www.lematelas.fr www.lematelas-hotellerie.com old.someo-literie.com www.someo-literie.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ www.facebook.com secure.payzen.eu *.facebook.com www.lematelas-hotellerie.com www.lematelas.fr old.someo-literie.com www.someo-literie.com 'self' 'unsafe-inline'; frame-ancestors www.lematelas-hotellerie.com tmp.someo-literie.com www.someo-literie.com www.lematelas.fr old.someo-literie.com 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://secure.payzen.eu/vads-payment/ https://static.payzen.eu/static/ www.facebook.com secure.payzen.eu preprod.lm.octopuce.fr www.lematelas.fr www.youtube-nocookie.com play.google.com *.meubles.fr *.trustpilot.com cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.criteo.com www.instagram.com tpc.googlesyndication.com www.googletagmanager.com td.doubleclick.net ubishaker.com hud.crazyegg.com ct.pinterest.com www.powr.io www.lematelas-hotellerie.com old.someo-literie.com www.someo-literie.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io *.facebook.com https://secure.payzen.eu/static/latest/images/type-carte/ https://static.payzen.eu/static/ https://secure.payzen.eu/vads-payment/ https://*.oney.io https://www.google.com https://www.google.fr https://serv.lematelas.fr https://maps.gstatic.com https://maps.googleapis.com https://www.lematelas.fr/ https://www.lematelas-hotellerie.com/ *.trustpilot.net/ https://c.clarity.ms/ https://c.bing.com https://bat.bing.com https://googleads.g.doubleclick.net https://axeptio.imgix.net *.kelkoogroup.net *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com *.leadsrx.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com *.googletagmanager.com amcglobal.sc.omtrdc.net cm.everesttech.net *.trustedshops.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net https://images.unsplash.com serv.lematelas-hotellerie.com www.google.ro www.google.be www.google.ch connect.facebook.net www.google.dk www.google.bg www.google.com.hk www.google.at www.google.dz www.google.de www.google.ca www.google.es www.google.mg www.google.co.ma www.google.co.uk www.google.lu www.google.tn www.google.it blob cart2quote.zendesk.com www.magentocommerce.com serv.lematelas.fr mcusercontent.com pagead2.googlesyndication.com feed.amasty.net www.cart2quote.com www.lematelas.fr v2assets.zopim.io widget.trustpilot.com ftrk.crazyegg.com hud.crazyegg.com www.mageworx.com favicons.axept.io ct.pinterest.com pos.baidu.com lematelas.zendesk.com www.1001bebes.com serv2.lematelas-hotellerie.com admin.lematelas.frc admin.lematelas.fr region1.google-analytics.com www.lematelas-hotellerie.com old.someo-literie.com www.someo-literie.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.googletagmanager.com *.facebook.net https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ https://*.oney.io *.trustpilot.com https://www.google.com *.doubleclick.net *.zdassets.com https://maps.googleapis.com data: https://bat.bing.com https://www.clarity.ms https://s.kk-resources.com https://www.youtube.com *.meubles.fr *.axept.io *.abtasty.com *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com *.leadsrx.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.paypal.com *.google.com *.gstatic.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.feedbackcompany.com *.google-analytics.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com serv3.someo-literie.com www.instagram.com tpc.googlesyndication.com bat.bing.com static.zdassets.com widget.trustpilot.com script.crazyegg.com snippet.maze.co www.lematelas-hotellerie.com inline admin.lematelas.fr pixel.nudgify.com s.pinimg.com www.powr.io ct.pinterest.com pagead2.googlesyndication.com assets.oney.io www.lematelas.fr old.someo-literie.com www.someo-literie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com https://static.payzen.eu/static/ https://fonts.googleapis.com https://www.googletagmanager.com *.trustpilot.com downloads.mailchimp.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.mailchimp.com cdn.jsdelivr.net hud.crazyegg.com www.lematelas.fr www.lematelas-hotellerie.com old.someo-literie.com www.someo-literie.com 'self' 'unsafe-inline'; object-src www.lematelas.fr www.lematelas-hotellerie.com old.someo-literie.com www.someo-literie.com 'self' 'unsafe-inline'; media-src *.zdassets.com *.zopim.com blob www.lematelas.fr www.lematelas-hotellerie.com old.someo-literie.com www.someo-literie.com 'self' 'unsafe-inline'; manifest-src www.lematelas.fr www.lematelas-hotellerie.com old.someo-literie.com www.someo-literie.com 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://*.oney.io wss://widget-mediator.zopim.com *.zdassets.com *.zendesk.com *.doubleclick.net https://serv.lematelas.fr https://serv.lematelas-hotellerie.com *.trustpilot.com https://sentry.io *.clarity.ms https://www.facebook.com *.google.fr *.google.com https://maps.googleapis.com www.google-analytics.com *.kelkoogroup.net *.axept.io *.imgix.net *.abtasty.com *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com *.leadsrx.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com dpm.demdex.net *.feedbackcompany.com amcglobal.sc.omtrdc.net *.nr-data.net *.facebook.com *.datatrics.com bat.bing.com serv.lematelas.fr serv.lematelas-hotellerie.com www.google.ch www.google.be www.google.at www.google.dz bitbucket.org script.crazyegg.com tracking.crazyegg.com pagestates-tracking.crazyegg.com assets-tracking.crazyegg.com hud.crazyegg.com app.crazyegg.com prompts.maze.co serv2.lematelas-hotellerie.com data.nudgify.com ct.pinterest.com vcdn.powr.io pagead2.googlesyndication.com www.facebook.com serv3.someo-literie.com lematelas.fr www.powr.io www.lematelas.fr www.lematelas-hotellerie.com old.someo-literie.com www.someo-literie.com 'self' 'unsafe-inline'; child-src www.lematelas.fr www.lematelas-hotellerie.com old.someo-literie.com www.someo-literie.com http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ d.digsgogo.com *.abtasty.com www.lematelas.fr www.lematelas-hotellerie.com old.someo-literie.com www.someo-literie.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.lematelas.fr www.lematelas-hotellerie.com old.someo-literie.com www.someo-literie.com 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
default-src redbarradio.net *.redbarradio.net redbarradio.com *.redbarradio.com 'self'; child-src blob: www.twitch.tv 'self'; connect-src nmxlive.akamaized.net fash1043.cloudycdn.services d2e1asnsl7br7b.cloudfront.net liveproduseast.akamaized.net www.bloomberg.com opencdn.b-cdn.net stats.bradmax.com api.redirect.li dvr.redbarradio.com stats.g.doubleclick.net wpmudev.com www.google-analytics.com *.redbarradio.com *.redbarradio.net redbarradio.com redbarradio.net 'self'; font-src fonts.bunny.net at.alicdn.com data: fonts.gstatic.com 'self'; frame-ancestors 'self'; frame-src platform.twitter.com syndication.twitter.com stats.bradmax.com wp.freemius.com www.google.com www.youtube.com www.youtube-nocookie.com vimeo.com js.stripe.com www.twitch.tv 'self'; img-src data: https://* 'self'; manifest-src 'self'; media-src blob: media.blubrry.com *.redbarradio.com redbarradio.com *.redbarradio.net redbarradio.net opencdn.b-cdn.net; object-src 'none'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; script-src-attr * 'self' 'unsafe-inline'; script-src-elem * 'self' 'unsafe-inline'; style-src * 'self' 'unsafe-inline'; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline' cdnjs.cloudflare.com fonts.bunny.net fonts.googleapis.com cdn.jsdelivr.net 'self'; worker-src 'self' blob:; 1
frame-ancestors 'self' https://manage.ratchetandwrench.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self' data: https://api.regionaalenergieloket.nl; script-src 'self' https://*.widget.trengo.eu https://polyfill.io https://*.hotjar.com https://*.google-analytics.com https://static.cloudflareinsights.com ajax.cloudflare.com https://*.storelocatorwidgets.com https://*.survicate.com https://scripts.simpleanalyticscdn.com; script-src-elem 'self' 'unsafe-hashes' data: https://*.widget.trengo.eu https://polyfill.io https://*.hotjar.com https://*.google-analytics.com/ https://www.googletagmanager.com/ https://static.cloudflareinsights.com https://*.storelocatorwidgets.com https://*.survicate.com 'sha256-9VDmhXS8/iybLLyD3tql7v7NU5hn5+qvu9RRG41mugM=' scripts.simpleanalyticscdn.com 'sha256-FDyPg8CqqIpPAfGVKx1YeKduyLs0ghNYWII21wL+7HM=' 'sha256-gPjlli1HEdLlR0AZTY971/wQVOdSkl9mEinLnxrPpJw=' 'sha256-HqcrltV/add35ktFKnghPtUZD86xFk2tNSOVuSxlxZI='; script-src-attr 'self' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://*.mapbox.com/ https://*.storelocatorwidgets.com https://*.survicate.com; style-src-elem 'self' 'unsafe-inline' data: https://*.hotjar.com https://maxcdn.bootstrapcdn.com https://*.mapbox.com/ https://*.storelocatorwidgets.com https://*.survicate.com; style-src-attr 'self' 'unsafe-hashes' data: 'sha256-0EZqoz+oBhx7gF4nvY2bSqoGyy4zLjNF+SDQXGp/ZrY=' 'sha256-0EZqoz+oBhx7gF4nvY2bSqoGyy4zLjNF+SDQXGp/ZrY=' 'sha256-MRwka0/4j4rDIhqWHKzHVgYCKfmEnNH0AT3nVR928O0=' 'sha256-TbrjG17MSiO8IKSlX/5IHYPweVR4+mHPUuUwZ7a5a2Y=' 'sha256-LZDbS/CUwn+BjQYT2qJ1p7VkcOLJrL0M6KyT1EUYfI4=' 'sha256-qVlOiWrAwuIfu8+uHKHkgg4qBA7YOoSm8A0yB4LfrNw=' 'sha256-CjCovupVqp50crTKALz3MQdYvuJiEA7xdZsV5H8r2Dw=' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-yVzULc1i4fMya6y0Rbpv/pBRLx5IX26Lj/Az2yfzdeQ=' 'sha256-MYiI8AShs5trXNUBaB5KmZItzhaHaCONYe0YqdljUiA=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; img-src 'self' data: https://res.cloudinary.com https://images.ctfassets.net https://*.google-analytics.com https://*.regionaalenergieloket.nl https://queue.simpleanalyticscdn.com https://simpleanalyticsbadges.com https://*.mux.com; font-src 'self' data: https://fonts.gstatic.com https://*.survicate.com https://script.hotjar.com; connect-src 'self' https://*.widget.trengo.eu https://sessions.bugsnag.com https://cdn.contentful.com https://notify.bugsnag.com/ https://*.regionaalenergieloket.nl https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io/ https://*.google-analytics.com https://*.mapbox.com/ https://*.storelocatorwidgets.com https://cloudflareinsights.com https://*.survicate.com https://queue.simpleanalyticscdn.com https://*.mux.com https://*.a1.typesense.net https://cdn.plyr.io; media-src 'self' https://res.cloudinary.com https://*.survicate.com https://*.mux.com https://assets.ctfassets.net blob:; object-src 'none'; child-src 'self' https://*.regionaalenergieloket.nl blob:; frame-src 'self' https://*.hotjar.com https://*.regionaalenergieloket.nl; frame-ancestors 'self' https://*.regionaalenergieloket.nl; form-action 'self' https://*.regionaalenergieloket.nl; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'; report-uri https://bleeve.report-uri.com/r/d/csp/enforce; 1
frame-ancestors 'self' *.mcallen.net 1
style-src-elem 'self' 'nonce-DM0LPHjIe1Rus17vy8xypg=='; font-src 'self' data:; media-src 'self' *.vimeo.com *.vimeocdn.com; img-src 'self' *.vimeocdn.com *.youtube.com; connect-src 'self' vimeo.com *.nautadutilh.com; script-src 'self' *.vimeo.com; style-src 'self' *.myfonts.net; default-src 'none'; frame-src 'self' *.vimeo.com *.youtube.com *.e-nautadutilh.com; form-action 'self'; script-src-elem 'self' *.vimeo.com *.youtube.com *.nautadutilh.com 'nonce-DM0LPHjIe1Rus17vy8xypg==' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.layuicdn.com *.51.la *.thundersoft.com *.googletagmanager.com cdn.jsdmirror.com *.baidu.com googleads.g.doubleclick.net *.google.com *.thundercomm.com *.googleapis.com *.bcebos.com *.bdstatic.com thundercomm.s3.ap-northeast-1.amazonaws.com *.google-analytics.com *.jsdelivr.net wss:; img-src 'self' data: *;font-src 'self' 'unsafe-inline' 'unsafe-eval' data: * 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://static.addtoany.com/ https://cdnjs.cloudflare.com/ https://www.google.com/ https://www.gstatic.com/ https://cdn.jsdelivr.net/ https://unpkg.com/; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.addtoany.com/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ ; img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com/ https://www.google.com.my/ads/ga-audiences https://i.ytimg.com/ data:;; frame-src https://players.brightcove.net/ https://www.jobstreet.com.my/ https://www.youtube.com/ https://static.addtoany.com/ https://www.google.com/; font-src 'self' https://fonts.gstatic.com/ https://themes.googleusercontent.com/; connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://analytics.google.com/; report-uri /report-csp-violation 1
default-src megadepot.com www.google.com bid.g.doubleclick.net www.gstatic.com www.google-analytics.com ajax.googleapis.com             https://*.mylivechat.com https://c.bing.com;         script-src megadepot.com https://*.mylivechat.com connect.facebook.net s.pinimg.com ct.pinterest.com             https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://www.google.com             https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net             bat.bing.com www.paypal.com www.paypalobjects.com dashboard.stripe.com js.stripe.com polyfill.io             apis.google.com https://www.clarity.ms https://*.clarity.ms static-na.payments-amazon.com mylivechat.com             www.shopperapproved.com seal-boston.bbb.org www.dwin1.com www.paypal.com www.sandbox.paypal.com https://mylivechat.com             'unsafe-eval' www.gstatic.com www.google.com             https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob:             'unsafe-inline' www.google-analytics.com *.yotpo.com             code.jquery.com maxcdn.bootstrapcdn.com https://m.stripe.network;         frame-src megadepot.com https://www.youtube.com www.facebook.com www.pinterest.com ct.pinterest.com js.stripe.com             payments.amazon.com static-na.payments-amazon.com apay-us.amazon.com www.paypal.com www.paypalobjects.com             https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://*.doubleclick.net             https://*.mylivechat.com www.sandbox.paypal.com *.google.com;         connect-src megadepot.com ct.pinterest.com https://*.clarity.ms             staticw2.yotpo.com bat.bing.com www.facebook.com payments-sandbox.amazon.com payments.amazon.com apay-us.amazon.com             www.paypal.com www.sandbox.paypal.com wss://*.mylivechat.com             https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com             *.google.com https://*.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com data: blob:;         img-src megadepot.com megadepot.com bat.bing.com bing.com ct.pinterest.com p.yotpo.com https://*.paypal.com             yotpo-editor-production.s3.amazonaws.com www.paypal.com www.paypalobjects.com www.facebook.com https://*.clarity.ms             https://c.bing.com https://i.ytimg.com https://*.cloudfront.net seal-boston.bbb.org https://shareasale.com             https://*.mylivechat.com images-na.ssl-images-amazon.com             *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao             *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be             *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br             *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg             *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr             *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm             *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi             *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi             *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht             *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it             *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg             *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls             *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk             *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx             *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no             *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg             *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py             *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se             *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr             *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn             *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk             *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws             *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat             https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.gstatic.com             https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://*.g.doubleclick.net             https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:;         style-src megadepot.com https://tagmanager.google.com             'unsafe-inline' https://fonts.googleapis.com             'unsafe-eval' https://*.mylivechat.com fonts.googleapis.com staticw2.yotpo.com maxcdn.bootstrapcdn.com;         font-src megadepot.com https://fonts.gstatic.com data: maxcdn.bootstrapcdn.com staticw2.yotpo.com;         worker-src megadepot.com blob:; 1
default-src 'none'; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; connect-src 'self' https:; media-src *.kaltura.com blob: data:; worker-src blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' epic.com *.epic.com data: blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.googleoptimize.com *.polyfill.io js.createsend1.com *.google.com *.googleapis.com *.google-analytics.com *.facebook.net *.gstatic.com *.hotjar.com *.muchloved.com cdnjs.cloudflare.com *.googletagmanager.com *.audioboom.com *.kiprotect.com *.recaptcha.net *.reciteme.com *.spotify.com *.maze.co; style-src 'self' 'unsafe-inline' *.googleapis.com *.audioboom.com *.reciteme.com *.spotify.com; font-src 'self' fonts.gstatic.com *.hotjar.com *.reciteme.com *.spotify.com; img-src 'self' data: *.gstatic.com *.imgix.net *.google-analytics.com *.google.com *.google.co.uk *.googleapis.com s3.eu-west-2.amazonaws.com *.facebook.com *.muchloved.com *.hotjar.com *.googletagmanager.com *.reciteme.com *.spotify.com; connect-src 'self' stats.g.doubleclick.net *.google-analytics.com *.googleapis.com *.getaddress.io *.hotjar.com *.hotjar.io *.facebook.com wss://*.hotjar.com *.createsend.com *.createsend1.com https://createsend.com//t/getsecuresubscribelink *.reciteme.com *.google.com *.google.co.uk *.maze.co; frame-src 'self' *.google.com *.youtube.com *.facebook.com *.hotjar.com *.muchloved.com *.audioboom.com *.recaptcha.net *.reciteme.com *.spotify.com; media-src 'self' *.reciteme.com *.spotify.com; 1
frame-ancestors 'self' undefined; 1
font-src 'self' fonts.googleapis.com fonts.gstatic.com; img-src 'self' data:  www.googletagmanager.com i.ytimg.com rarewebcdn.azureedge.net; script-src 'self' 'unsafe-eval' fonts.googleapis.com wcpstatic.microsoft.com wcpstatic-int.microsoft.com www.google-analytics.com www.googletagmanager.com www.youtube.com www.gstatic.com www.google.com rarewebcdn.azureedge.net; frame-ancestors 'self' 1
default-src 'self' *.yahoo.com *.yahoodns.net *.yimg.com sp.analytics.yahoo.com s.yimg.com ; connect-src * https://tags.srv.stackadapt.com; font-src *; frame-src 'self' https://embedsocial.com/ *.google.com *.livechatinc.com cdn.livechat-static.com *.doubleclick.net *.hotjar.com *.youtube.com *.facebook.com ; img-src * data:; media-src *; object-src 'none';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.tiktok.com/ https://embedsocial.com/js/iframe.js https://embedsocial.com/cdn/ht.js https://trackcmp.net/ https://prism.app-us1.com/ https://diffuser-cdn.app-us1.com/ *.yahoo.com *.yahoodns.net *.yimg.com sp.analytics.yahoo.com s.yimg.com *.doubleclick.net *.hotjar.com *.livechatinc.com https://cdn.livechatinc.com/ https://code.highcharts.com/ https://www.googleadservices.com/ https://connect.facebook.net https://www.facebook.com/ https://js.recurly.com/v4/recurly.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.google-analytics.com/analytics.js https://tags.srv.stackadapt.com; style-src * 'unsafe-inline' https://tags.srv.stackadapt.com; frame-ancestors 'self' https://senokoenergy.activehosted.com https://www.activecampaign.com ; 1
frame-ancestors collectaconusa.com www.collectaconusa.com 1
font-src *.googleapis.com *.gstatic.com *.klaviyo.com *.userway.org *.kjmotorsports.com *.jotform.com *.jotfor.ms *.sharethis.com submit.jotform.com *.fontawesome.com maxcdn.bootstrapcdn.com *.fonts.googleapis.com data: *.cloudflare.com www.kjmotorsports.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.google-analytics.com *.google.com *.gstatic.com *.facebook.com *.facebook.net *.googletagmanager.com *.doubleclick.net *.googleapis.com *.klaviyo.com *.asana.com *.sharethis.com submit.jotform.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.kjmotorsports.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.kjmotorsports.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google-analytics.com *.google.com *.gstatic.com *.facebook.com *.facebook.net *.googletagmanager.com www.paypalobjects.com form.jotform.com widgets.jotform.io cdn.userway.org e8b2i2g3.stackpathcdn.com *.kjmotorsports.com *.klaviyo.com *.jotform.com *.asana.com *.sharethis.com submit.jotform.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.addthis.com *.pinterest.com *.weltpixel.com www.kjmotorsports.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.com *.facebook.com *.facebook.net *.googletagmanager.com *.doubleclick.net cdn.userway.org cdn.jotfor.ms e8b2i2g3.stackpathcdn.com *.kjmotorsports.com *.klaviyo.com *.jotform.com *.sharethis.com submit.jotform.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com www.kjmotorsports.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.cloudfront.net *.google-analytics.com *.google.com *.facebook.com *.facebook.net *.googletagmanager.com *.doubleclick.net cdn.userway.org static-tracking.klaviyo.com form.jotform.com *.jotfor.ms cdn01.jotfor.ms cdn02.jotfor.ms cdn03.jotfor.ms cdnjs.cloudflare.com js.jotform.com cdn.jotfor.ms widgets.jotform.io static.klaviyo.com e8b2i2g3.stackpathcdn.com *.kjmotorsports.com *.sharethis.com submit.jotform.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net graph.facebook.com business.facebook.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.instagram.com https://www.googletagmanager.com tagmanager.google.com unpkg.com www.kjmotorsports.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.cloudflare.com *.cloudfront.net *.google-analytics.com *.google.com *.gstatic.com *.facebook.com *.facebook.net *.googletagmanager.com *.doubleclick.net *.googleapis.com *.jotfor.ms e8b2i2g3.stackpathcdn.com *.kjmotorsports.com *.klaviyo.com *.jotform.io *.sharethis.com submit.jotform.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com www.kjmotorsports.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.kjmotorsports.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.cloudflare.com *.cloudfront.net *.google-analytics.com *.gstatic.com *.facebook.com *.facebook.net *.googletagmanager.com *.doubleclick.net static-forms.klaviyo.com socialplugin.facebook.net api.userway.org *.klaviyo.com cdn.userway.org *.kjmotorsports.com *.asana.com *.sharethis.com submit.jotform.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.addthis.com *.graph.instagram.com https://www.google-analytics.com www.kjmotorsports.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.kjmotorsports.com http: https: blob: 'self' 'unsafe-inline'; default-src www.kjmotorsports.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://my.iorbex.com https://orbexmena.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' stats.wp.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com extend.vimeocdn.com kit.fontawesome.com www.realtimestatistics.net s0.wp.com *.hs-analytics.net *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com blob: *.hubspot.com device.maxmind.com; font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com s0.wp.com; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net *.hscollectedforms.net *.hubspot.com *.mmapiws.com; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com kit.fontawesome.com s0.wp.com; base-uri 'self';form-action 'self' wpengine.blogvault.net;frame-ancestors 'self'; frame-src 'self' www.google.com player.vimeo.com correlation.edgate.com widgets.wp.com 1
font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://script.hotjar.com *.olark.com *.punchout2go.com *.tradecentric.com *.travers.com.mx data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.punchout2go.com *.tradecentric.com *.travers.com.mx 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.meetanshi.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ *.meetanshi.com *.opencontrol.mx *.kaptcha.com *.openpay.pe c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.punchout2go.com *.tradecentric.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com b2b.partcommunity.com https://promociones.travers.com.mx *.olark.com *.travers.com.mx *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google.com https://translate.googleapis.com https://script.hotjar.com https://www.facebook.com *.olark.com https://beta.travers.com.mx *.travers.com.mx *.punchout2go.com *.tradecentric.com *.openpay.mx *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.meetanshi.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.punchout2go.com *.tradecentric.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://js-agent.newrelic.com https://bam.nr-data.net https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net *.olark.com *.travers.com.mx https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.punchout2go.com *.tradecentric.com *.gstatic.com *.olark.com *.travers.com.mx tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ http://static.olark.com/jsclient/sounds/olark-chimes.ogg *.punchout2go.com *.tradecentric.com *.travers.com.mx 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.meetanshi.com *.openpay.mx *.openpay.co *.openpay.pe api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://bam.nr-data.net https://translate.googleapis.com https://in.hotjar.com https://content.hotjar.io https://csmetrics.hotjar.com *.hotjar.com *.hotjar.io *.olark.com wss://ws.hotjar.com *.punchout2go.com *.tradecentric.com *.travers.com.mx https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: *.googlesyndication.com *.doubleclick.net *.gstatic.com *.google.com *.googletagservices.com; font-src 'self' https: data: *.gstatic.com; img-src 'self' https: blob: data: *.google.com *.dvauction.com; object-src 'none'; style-src 'self' https: 'unsafe-inline' blob: *.gstatic.com; frame-src 'self' https: www.googletagservices.com *.doubleclick.net localhost:* *.cattlemarketcentral.com; connect-src 'self' https: wss://www.cattlemarketcentral.com wss://www.nationalbeefwire.com; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' *.googletagservices.com 1
base-uri 'self'; child-src 'self'; connect-src 'self' adservice.google.com stats.g.doubleclick.net www.google.com https://*.clarity.ms ccr.agritrader.nl *.google-analytics.com *.analytics.google.com *.googletagmanager.com maps.googleapis.com; default-src 'self' 'unsafe-inline'; font-src 'self'; frame-src ccr.agritrader.nl www.google.com; img-src 'self' 'unsafe-eval' data: blob: * 'unsafe-inline' ssl.gstatic.com googleads.g.doubleclick.net www.google.com https://c.bing.com https://c.clarity.ms ccr.agritrader.nl *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net maps.googleapis.com s3-eu-west-1.amazonaws.com media.agritrader.nl; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'report-sample' 'unsafe-inline' tagmanager.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com https://*.clarity.ms https://ipinfo.io ccr.agritrader.nl *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net maps.googleapis.com; style-src 'self' 'unsafe-inline' 'report-sample' tagmanager.google.com www.googletagmanager.com fonts.googleapis.com; report-uri /csp-reports 1
default-src *; script-src * 'self' 'unsafe-eval' 'unsafe-inline'; style-src * 'self' 'unsafe-inline' blob:; img-src 'self' * data:; connect-src *; font-src * 'self'; frame-src *; object-src * 'self'; media-src *; child-src * 'self' 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.ladesk.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://static.zdassets.com https://widget-mediator.zopim.com https://media.twiliocdn.com https://sdk.twilio.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' data:  https://feedback-api.mendix.com https://fonts.gstatic.com https://fonts.googleapis.com https://ekr.zdassets.com https://portmaster.zendesk.com https://id.zopim.com https://sdk.twilio.com https://zendesk-eu.my.sentry.io https://eventgw.twilio.com https://media.twiliocdn.com wss://voice-js.ashburn.twilio.com https://eventgw.us1.twilio.com wss://widget-mediator.zopim.com wss://portmaster.zendesk.com wss://voice-js.roaming.twilio.com wss://localhost.qz.io:8181 wss://localhost.qz.io:8282 wss://localhost.qz.io:8383 wss://localhost.qz.io:8484 wss://localhost:8181 wss://localhost:8282 wss://localhost:8383 wss://localhost:8484; font-src 'self' data:  https://fonts.gstatic.com; frame-src 'self' https://*.ladesk.com https://www.google.com; img-src 'self' data: https://*.ladesk.com *.portmaster.net https://portmaster.zendesk.com; manifest-src 'self'; media-src 'self' mediastream https://media.twiliocdn.com https://sdk.twilio.com https://static.zdassets.com; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self' 'unsafe-inline' code.jquery.com cdn.siteimprove.net polyfill.io cdn.cookielaw.org cdn.jsdelivr.net my2.siteimprove.com maps.googleapis.com geolocation.onetrust.com id.siteimprove.com *.googletagmanager.com *.google.com *.gstatic.com stats.g.doubleclick.net region1.google-analytics.com google-analytics.com; child-src 'self' *.microsoft.com *.microsoftonline.com *.windows.net *.office.com *.bol.pt *.bol.pt/* *.vimeo.com *.cookielaw.org *.recaptcha.net *.bandcamp.com *.soundcloud.com *.google.com *.siteimprove.net *.siteimprove.com *.workplace.com *.intras.edp.com *.microsoftstream.com *.edp.pt *.edp.com *.edpr.com *.dig.corp.edp.com *.youtube.com *.youtube-nocookie.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es td.doubleclick.net 11667845.fls.doubleclick.net; connect-src 'self' maps.googleapis.com www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google-analytics.com *.google.pt stats.g.doubleclick.net cdn.cookielaw.org my2.siteimprove.com geolocation.onetrust.com id.siteimprove.com privacyportal-eu.onetrust.com; font-src 'self' https://fonts.gstatic.com cdn.jsdelivr.net data:; frame-src 'self' *.microsoft.com *.microsoftonline.com *.windows.net *.office.com *.bol.pt *.bol.pt/* *.vimeo.com *.cookielaw.org *.recaptcha.net *.bandcamp.com *.soundcloud.com *.google.com *.siteimprove.net *.siteimprove.com *.workplace.com *.intras.edp.com *.microsoftstream.com *.edp.pt *.edp.com *.edpr.com *.dig.corp.edp.com *.youtube.com *.youtube-nocookie.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es td.doubleclick.net 11667845.fls.doubleclick.net https://bid.g.doubleclick.net https://td.doubleclick.net bid.g.doubleclick.net https://11667845.fls.doubleclick.net https://www.googletagmanager.com; img-src 'self' data: maps.gstatic.com maps.googleapis.com cdn.jsdelivr.net *.google.pt *.edp.com *.edpr.com *.edp.pt www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://google.com googleads.g.doubleclick.net www.google.com google.com 11667845.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com cdn.cookielaw.org fonts.gstatic.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com www.googleadservices.com www.google.com www.googletagmanager.com https://googleads.g.doubleclick.net https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; script-src-elem 'self' 'unsafe-inline' edp.com maps.googleapis.com cdn.cookielaw.org googletagmanager.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; base-uri 'self'; form-action 'self'; frame-ancestors 'self' *.edp.com; report-uri https://www.edpr.com/en/report-uri/enforce; upgrade-insecure-requests 1
script-src 'unsafe-inline' 'unsafe-eval'  *.facebook.net *.twitter.com *.instagram.com speakerdeck.com raibledesigns.com *.twimg.com *.twitter.com *.google-analytics.com *.flickr.com *.wufoo.com wufoo.comi *.googletagmanager.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google-analytics.com *.ssl.google-analytics.com *.js-agent.newrelic.com *.cdnjs.cloudflare.com *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.googletagmanager.com cdn.cookielaw.org cdnjs.cloudflare.com cdns.us1.gigya.com js-agent.newrelic.com *.cloudfront.net *.youtube.com *.gbqofs.com *.usabilla.com *.doubleclick.net google.com recaptcha.net *.facebook.net google.com *.recaptcha.net gstatic.com *.p.teads.tv  *.recaptcha.net *.google.com *.gstatic.com *.facebook.com *.jsdelivr.net *.emnadvmenuplannersta.blob.core.windows.net *.tiktok.com *.teads.tv; style-src 'self' 'unsafe-inline' *.cloudfront.net cdnjs.cloudflare.com k *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.p.teads.tv https://unpkg.com/ionicons@4.2.2/dist/css/ionicons.min.css; img-src 'self' data: *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.analytics.google.com *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.google.co.in *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com images.aws.nestle.recipes cdn.cookielaw.org cdns.us1.gigya.com google.com:*  *.cloudfront.net *.facebook.com google.com.ua *.maggi.my *.p.teads.tv https://emnadvmenuplannersta.blob.core.windows.net *.teads.tv; frame-ancestors 'self'; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google google-analytics.com *.google-analytics.com *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com cdn.cookielaw.org:* cdn.cookielaw.org/ cdn.cookielaw.org/scripttemplates cdn.cookielaw.org/consent cdn.cookielaw.org/logos *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com cdns.us1.gigya.com bam.nr-data.net login.maggi.my *.facebook.net *.p.teads.tv *.recaptcha.net *.google.com *.gstatic.com *.facebook.com *.jsdelivr.net *.emnadvmenuplannersta.blob.core.windows.net collect.analyze.ly *.tiktok.com *.gbqofs.io *.teads.tv *.googlesyndication.com; report-uri /report-csp-violation 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://masto.bike; img-src 'self' https: data: blob: https://masto.bike; style-src 'self' https://masto.bike 'nonce-185seaq3A3QQvh91RGgPRA=='; media-src 'self' https: data: https://masto.bike; frame-src 'self' https:; manifest-src 'self' https://masto.bike; form-action 'self'; child-src 'self' blob: https://masto.bike; worker-src 'self' blob: https://masto.bike; connect-src 'self' data: blob: https://masto.bike https://masto.bike wss://masto.bike; script-src 'self' https://masto.bike 'wasm-unsafe-eval' 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-jbsNQphAnEpI/V3qUW8T9g==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://*.aol.com https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com https://bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/ https://interactives.ap.org; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https:; frame-ancestors https:; img-src https: data: blob; font-src https: data:; worker-src 'self' blob:; connect-src https: wss://nexus-websocket-a.intercom.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://yardstik.com https://cdnjs.cloudflare.com https://widget.intercom.io https://js.intercomcdn.com https://js.hsforms.net https://sdk.avoma.com https://c.clarity.ms https://www.google.com https://js.sentry-cdn.com https://www.gstatic.com https://www.googletagmanager.com https://cdn.jsdelivr.net; 1
frame-ancestors 'self' http://www.jetztspielen.ws 1
upgrade-insecure-requests;; upgrade-insecure-requests 1
frame-ancestors 'self' *.profiauto.pl *.profipower.eu *.motoflota.pl *.moto-profil.pl; 1
frame-ancestors 'self'; report-uri https://www.ninhosdobrasil.com.br/report-uri/enforce 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com data: script.hotjar.com *.zopim.com *.googleapis.com *.yotpo.com cdn.prod-b.okonomideler.vdc.dev cdn.okonomideler.no cdn.okonomi-deler.no policy.app.cookieinformation.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.klarna.com big.g.doubleclick.net vars.hotjar.com optimize.google.com policy.app.cookieinformation.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.google.no *.google.se *.google.fi *.google.ro *.google.pl *.google.dk *.google-analytics.com *.googleadservices.com *.klarna.com *.klarnaevt.com *.hotjar.com *.hotjar.io *.okonomideler.vdc.dev *.googleapis.com okodeler-oljehydraulikk.talentlms.com *.zopim.com cdn.okonomideler.no cdn.okonomi-deler.no policy.app.cookieinformation.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://*.dibspayment.eu *.googleanalytics.com *.googleadservices.com *.googleoptimize.com *.klarna.com static.hotjar.com script.hotjar.io *.okonomideler.vdc.dev *.googleapis.com *.cloudflare.com *.zopim.com *.zdassets.com cdn.okonomideler.no cdn.okonomi-deler.no policy.app.cookieinformation.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.google.com *.okonomideler.vdc.dev cdn.okonomideler.no cdn.okonomi-deler.no policy.app.cookieinformation.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.klarna.com *.klarnaevt.com *.hotjar.com vc.hotjar.io surveystats.hotjar.io wss://*.hotjar.com *.googleapis.com t.elasticsuite.io *.okonomideler.vdc.dev *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com cdn.okonomideler.no cdn.okonomi-deler.no policy.app.cookieinformation.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://eng.vdc.dev/csp-report; 1
script-src 'self' *.szexneked.hu *.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.googleadservices.com *.gstatic.com *.doubleclick.net cdn.speedcurve.com creativecdn.com *.gemius.pl *.google-analytics.com *.hotjar.com *.google.com *.cloudflare.com *.cloudflareinsights.com *.googletagmanager.com *.google.hu *.googlesyndication.com *.googletagservices.com fonts.gstatic.com cdn.ampproject.org a.medfoodnetwork.com ad.adverticum.net *.flortrandi.com *.inmobi.com 'unsafe-inline' 'unsafe-eval'; img-src * data: 1
upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://fundingchoicesmessages.google.com https://h.seznam.cz https://ssp.seznam.cz https://csi.gstatic.com https://ssp.imedia.cz https://adservice.google.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://tpc.googlesyndication.com https://www.google-analytics.com https://www.facebook.com *.iplatba.cz *.zbozi.cz https://onesignal.com; font-src 'self' data: application https://fonts.gstatic.com https://www.fontsaddict.com https://themes.googleusercontent.com; form-action 'self' https://widget.packeta.com https://3dsecure.gpwebpay.com https://www.facebook.com; frame-src  'self' https://ssp.seznam.cz https://h.seznam.cz https://platform.twitter.com https://c-ng.seznam.cz https://c-ng.seznam.cz https://c-ko.seznam.cz https://ssp.imedia.cz https://www.seznam.cz https://h.imedia.cz https://ads.pubmatic.com https://secure.adnxs.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://widget.packeta.com http://s.imedia.cz https://www.google.cz https://www.google.com https://out.sklik.cz https://sandbox.zbozi.cz https://www.zbozi.cz https://googleads.g.doubleclick.net https://c.imedia.cz https://accounts.google.com https://staticxx.facebook.com https://onesignal.com https://www.facebook.com https://www.youtube.com; img-src 'self' data: blob: https://www.gstatic.com https://via.placeholder.com https://track.adform.net https://googleads.g.doubleclick.net https://ssp.seznam.cz https://h.seznam.cz https://platform-lookaside.fbsbx.com https://graph.facebook.com https://syndication.twitter.com https://ssp.imedia.cz https://i.seznam.cz https://h.imedia.cz https://www.techarena.cz https://www.huramobil.cz https://pagead2.googlesyndication.com https://widget.packeta.com https://www.techarena.cz https://www.heureka.cz https://ssl.heureka.cz https://hit.skrz.cz https://www.srovname.cz https://www.googletagmanager.com https://app.geispoint.cz https://img.onesignal.com https://maps.gstatic.com https://maps.googleapis.com https://c.imedia.cz https://i.ytimg.com https://ssl.gstatic.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.cz; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://fundingchoicesmessages.google.com https://h.seznam.cz https://code.jquery.com https://partner.googleadservices.com https://platform.twitter.com https://s1.adform.net https://cdn.ampproject.org https://ssp.imedia.cz https://h.imedia.cz https://cdnjs.cloudflare.com https://serve.affiliate.heureka.cz https://adservice.google.cz https://adservice.google.com https://www.googletagservices.com https://connect.facebook.com https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://widget.packeta.com https://www.googletagmanager.com https://ajax.googleapis.com https://ssl.heureka.cz https://muj.skrz.cz https://out.sklik.cz https://www.srovname.cz https://c.imedia.cz https://sandbox.zbozi.cz https://www.zbozi.cz https://c.imedia.cz https://maps.googleapis.com https://www.googletagmanager.com https://apis.google.com https://c.imedia.cz https://cdn.onesignal.com https://connect.facebook.net https://googleads.g.doubleclick.net https://im9.cz https://onesignal.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google.com https://www.shoproku.cz/js/interstitial.min.js https://pagead2.googlesyndication.com/pagead/js/r20201001/r20190131/show_ads_impl_fy2019.js https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js; style-src 'self' 'unsafe-inline' https://googleads.g.doubleclick.net https://code.jquery.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://onesignal.com https://pagead2.googlesyndication.com; 1
default-src 'self'; block-all-mixed-content ; base-uri 'self'; object-src 'none'; script-src  'nonce-eec9b7d663594f2ea0890a86455855ad' 'self' 'unsafe-eval' https://www.clarity.ms https://flo.uri.sh/ https://view.ceros.com/ https://s-usc1a-nss-2018.firebaseio.com/ https://s-usc1a-nss-2024.firebaseio.com/ https://daisho.firebaseio.com/ https://static.landbot.io https://www.gstatic.com https://www.google.com https://st.getsitecontrol.com/ https://widgets.getsitecontrol.com https://region1.google-analytics.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://polyfill.io https://optimize.google.com https://www.google-analytics.com https://az416426.vo.msecnd.net https://*.googletagmanager.com https://*.onetrust.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com; img-src 'self' data: https://c.clarity.ms https://static3.avast.com/ https://translate.google.com https://ssl.google-analytics.com/ https://gjtrack.ucweb.com/ https://www.facebook.com/ https://c.bing.com/ https://www.gstatic.com/ https://c.clarity.ms/ https://mb.com.ph https://wtf2.forkcdn.com/ https://static.landbot.io https://storage.googleapis.com https://www.grantthornton.global/ https://photos.smugmug.com/ https://www.sunstar.com.ph/ https://chats.landbot.io http://s14255.pcdn.co/ http://ialaddin.genieesspv.jp/ http://bworldonline.com/ http://www.bworldonline.com/ http://mindanaotimes.net/ http://media.philstar.com/ http://www.mb.com.ph/ http://businessmirror.com.ph/ http://tribune.net.ph/ http://cdn.manilatimes.net/ http://www.malaya.com.ph/ http://cdn2-img.pressreader.com/ http://farm5.staticflickr.com/ http://business.mb.com.ph/ http://oxfordbusinessgroup.com/ http://assets.rappler.com/ http://www.gti.org/ https://ssl.gstatic.com/ https://syndication.twitter.com https://optimize.google.com https://platform.twitter.com https://pbs.twimg.com https://maps.gstatic.com https://maps.googleapis.com https://*.google-analytics.com/ https://*.analytics.google.com/ https://www.googletagmanager.com https://i.ytimg.com https://img.youtube.com https://*.googletagmanager.com https://*.onetrust.com https://www.google.com.vn https://cdn.optimizely.com; style-src 'self' 'unsafe-inline' data: https://cdn.landbot.io/ blob: https://tagmanager.google.com/ https://fonts.googleapis.com/ https://optimize.google.com https://chats.landbot.io https://platform.twitter.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; font-src 'self' data: https://cdn.landbot.io/ https://static3.avast.com/ https://fonts.gstatic.com; frame-src https://s-usc1a-nss-2018.firebaseio.com/ https://flo.uri.sh/ https://view.ceros.com/ https://www.grantthornton.com.ph/ https://s-usc1a-nss-2024.firebaseio.com/ https://www.googletagmanager.com https://chats.landbot.io https://view.ceros.com https://social-plugins.line.me/ https://www.google.com/ https://platform.twitter.com https://www.youtube.com https://optimize.google.com https://w.soundcloud.com https://player.vimeo.com https://www.gstatic.com https://cdn.optimizely.com https://td.doubleclick.net https://*.optimizely.com https://a28826650685.cdn.optimizely.com https://a28826650685.cdn-pci.optimizely.com; connect-src 'self' https://a.clarity.ms https://b.clarity.ms https://c.clarity.ms https://d.clarity.ms https://e.clarity.ms https://f.clarity.ms https://g.clarity.ms https://h.clarity.ms https://i.clarity.ms https://j.clarity.ms https://k.clarity.ms https://l.clarity.ms https://m.clarity.ms https://n.clarity.ms https://o.clarity.ms https://p.clarity.ms https://q.clarity.ms https://r.clarity.ms https://s.clarity.ms https://t.clarity.ms https://u.clarity.ms https://v.clarity.ms https://w.clarity.ms https://x.clarity.ms https://y.clarity.ms https://z.clarity.ms https://maps.googleapis.com/ wss://s-usc1a-nss-2018.firebaseio.com/ wss://daisho.firebaseio.com/ wss://s-usc1a-nss-2024.firebaseio.com/ https://www.googleapis.com/ https://analytics.google.com/ https://messages.landbot.io/ https://welcome.landbot.io/ https://storage.googleapis.com/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://static3.avast.com/ https://gjtrack.ucweb.com/ https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://stats.g.doubleclick.net/ https://extreme-ip-lookup.com/ https://chats.landbot.io https://642-sde-924.mktoresp.com https://www.clarity.ms/ https://*.googletagmanager.com https://identitytoolkit.googleapis.com/ https://firestore.googleapis.com/ https://*.onetrust.com https://pagead2.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net https://logx.optimizely.com https://*.optimizely.com; frame-ancestors https://*.optimizely.com https://*.optimizelyedit.com 'self';  report-uri /ContentSecurityPolicy/Report/; report-to csp-endpoint; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com/* https://play.libsyn.com https://www.youtube-nocookie.com https://youtu.be/ https://siteimproveanalytics.com https://siteimproveanalytics.com/js/siteanalyze_10597.js *.siteimproveanalytics.com yoshki.com https://watch.wave.video/ https://tourmkr.com/ https://online.fliphtml5.com/ https://docs.google.com doubleclick.net https://siteimproveanalytics.com *.zencdn.net players.brightcove.net fonts.gstatic.com *.googleapis.com s3.amazonaws.com www.google.com *.googletagmanager.com *.gstatic.com *.siteimproveanalytics.io *.doubleclick.net *.google-analytics.com *.siteimproveanalytics.com cwt.vuturevx.com www.youtube.com open.spotify.com vimeo.com directory.libsyn.com html5-player.libsyn.com *.yoshki.com; img-src 'self' data: https://www.google.com/ads/ga-audiences https://www.google-analytics.com/ https://online.fliphtml5.com yoshki.com https://docs.google.com *.boltdns.net *.brightcove.com https://maps.gstatic.com https://maps.googleapis.com/ https://cwt.vuturevx.com/ https://s3.amazonaws.com/ *.siteimproveanalytics.io; media-src 'self' blob: yoshki.com ; font-src 'self' data: https://fonts.gstatic.com https://docs.google.com *.yoshki.com; worker-src 'self' blob: *.yoshki.com; connect-src 'self' https://www.googletagmanager.com https://siteimproveanalytics.com/js/siteanalyze_10597.js *.siteimproveanalytics.com https://stats.g.doubleclick.net yoshki.com *.google-analytics.com *.siteimproveanalytics.com *.brightcove.com *.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://docs.google.com; frame-ancestors 'self' *.siteimproveanalytics.com yoshki.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://siteimproveanalytics.com/js/siteanalyze_10597.js *.google-analytics.com www.gstatic.com *.siteimproveanalytics.com *.google.com;style-src-elem * 'self' 'unsafe-inline' https://fonts.googleapis.com/; 1
object-src 'none'; frame-ancestors 'self' https://*.hygraph.com 1
frame-ancestors https://public.tableau.com; frame-ancestors https://createaclickablemap.com 1
style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/ https://chat.vizir.co/  https://cision-t3556.eu1app.churnzero.net/ ;font-src 'self' https://fonts.gstatic.com/ data: blob: 'unsafe-inline';script-src 'unsafe-eval' 'unsafe-inline' 'self' https://platform.twitter.com/ https://chat.vizir.co/  https://tag.aticdn.net/ https://eum.instana.io/ https://cision-t3556.eu1app.churnzero.net/ 1
sandbox allow-forms; default-src 'none'; img-src 'self' data:; form-action 'self'; style-src 'self' https://cdn.jsdelivr.net 'sha256-+vP5dNGJinplaVFkhXXAzmxdXidt953K4IKZ2wBQbIs='; frame-ancestors 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *;media-src *;style-src 'unsafe-inline' 'unsafe-eval' *;img-src 'unsafe-inline' data: *;font-src data: *;connect-src *;frame-src * blob: 1
frame-ancestors 'self' *.canva.com canva.com; report-uri https://csp.canva.com/_cspreport?app=websites; base-uri 'self'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'nonce-e13551d0-d214-4e8c-9100-664662af827f' https://www.google.com/recaptcha/api.js; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' gstatic.com www.gstatic.com snap.licdn.com *.licdn.com  www.google.com google.com cdnjs.cloudflare.com www.google-analytics.com google-analytics.com connect.facebook.net secure.adnxs.com *.adroll.com *.adnxs.com www.clarity.ms *.facebook.net *.amazonaws.com googleads.g.doubleclick.net www.googleadservices.com s.adroll.com www.googletagmanager.com app.engati.com googletagmanager.com cdn.jsdelivr.net fonts.googleapis.com www.bugherd.com *.bugherd.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com app.engati.com cdnjs.cloudflare.com *.adroll.com; 1
upgrade-insecure-requests; object-src 'none'; frame-ancestors 'self'; default-src 'self'; script-src 'self' 'nonce-36930734d3' https://www.gstatic.com/ https://www.google.com/ https://synlab.ee/ https://ssl.google-analytics.com https://cdnjs.cloudflare.com/ https://forms.plumsail.com/ https://region1.google-analytics.com https://www.google-analytics.com/ blob:; connect-src https://www.gstatic.com/ https://www.google.com/ https://synlab.ee/ https://ssl.google-analytics.com https://cdnjs.cloudflare.com/ https://forms.plumsail.com/ https://region1.google-analytics.com https://www.google-analytics.com/; style-src 'self' 'nonce-36930734d3' https://synlab.ee/ https://fonts.googleapis.com https://cdnjs.cloudflare.com; img-src 'self' https://secure.gravatar.com https://www.google-analytics.com/ data:; font-src 'self' https://synlab.ee/ https://fonts.googleapis.com https://fonts.gstatic.com data:; form-action 'self'; base-uri 'self'; frame-src https://synlab.ee/ https://www.google.com https://maps.google.com https://www.youtube.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://smartserve.ca https://www.gstatic.com https://www.googletagmanager.com https://static.zdassets.com https://www.youtube.com https://www.google.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://rgsharedweb.s3.amazonaws.com; img-src 'self' https://smartserve.ca https://ajeuwbhvhr.cloudimg.io https://ts.w.org https://wpml.org https://toolset.com https://adminmenueditor.com https://wpengine.com https://s3.amazonaws.com https://gravityforms.s3.amazonaws.com https://s38924.pcdn.co https://cdn.gravity.com https://www.google.ca https://secure.gravatar.com https://ps.w.org https://s.w.org https://i.ytimg.com https://www.google.co.in https://www.googletagmanager.com data:; font-src 'self' https://fonts.gstatic.com https://netdna.bootstrapcdn.com data:; connect-src 'self' https://analytics.google.com https://ekr.zdassets.com https://smartservehelp.zendesk.com https://stats.g.doubleclick.net https://www.google.co.in https://yoast.com wss://widget-mediator.zopim.com; media-src 'self' https://static.zdassets.com; object-src 'none'; frame-src 'self' https://td.doubleclick.net https://www.google.com https://www.youtube.com https://api.wppopupmaker.com https://www.integrityadvocateserver.com; frame-ancestors 'self'; worker-src 'self' blob:; base-uri 'self'; manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self' *;font-src * data:;media-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *;frame-src *;	frame-ancestors 'self';connect-src *;child-src *; form-action *;style-src 'unsafe-inline' 'self' *;img-src 'unsafe-inline' 'self' * data: 1
default-src 'self';img-src 'self' https: data: blob:;media-src 'self';frame-src 'self' https://player.vimeo.com/ https://po878e.axshare.com/ https://x.klarnacdn.net/ https://lenderspender.typeform.com/ https://vars.hotjar.com/ https://www.loanwise.nl/ https://acceptance.loanwise.nl/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/viewerjs/ https://code.highcharts.com/ https://downloads.mailchimp.com/ https://player.vimeo.com/api/player.js https://cdn.tiny.cloud/1/ https://x.klarnacdn.net/ https://embed.typeform.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://snap.licdn.com/ https://connect.facebook.net/ https://www.googleadservices.com/ https://f.vimeocdn.com/ https://googleads.g.doubleclick.net/ https://static.hotjar.com/ https://script.hotjar.com/ https://lenderspender.typeform.com/ https://*.ingest.sentry.io https://sentry.io https://cdn.jsdelivr.net/npm/sortablejs@1.15.2/Sortable.min.js;frame-ancestors 'self';style-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/animate.css/ https://cdnjs.cloudflare.com/ajax/libs/viewerjs/ https://fonts.googleapis.com/ https://cdn.tiny.cloud;font-src 'self' data: https://fonts.googleapis.com/ https://fonts.gstatic.com/;connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://*.ingest.sentry.io https://sentry.io https://analytics.google.com/g/ https://*.analytics.google.com/g/ https://px.ads.linkedin.com data: 1
frame-ancestors https://*.barcodefactory.com https://*.barcodefactory.com:8443 https://barcodefactory.com http://*.barcodefactory.com 'self' 1
frame-ancestors 'self' *.360.one iiflweath.in; 1
default-src 'self'; script-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self'; font-src 'self'  https://fonts.gstatic.com/; object-src 'none'; frame-src 'none'; worker-src 'none'; frame-ancestors 'self'; media-src 'self' 1
default-src https: 'self'; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://donphan.social; img-src 'self' data: blob: https://donphan.social https://pool.jortage.com/donphansocial/ https://blob.jortage.com; style-src 'self' https://donphan.social 'nonce-G0rhEuukDz6f/txn9Gq+iw=='; media-src 'self' data: https://donphan.social https://pool.jortage.com/donphansocial/ https://blob.jortage.com; frame-src 'self' https:; manifest-src 'self' https://donphan.social; form-action 'self'; child-src 'self' blob: https://donphan.social; worker-src 'self' blob: https://donphan.social; connect-src 'self' data: blob: https://donphan.social https://pool.jortage.com/donphansocial/ https://blob.jortage.com wss://donphan.social; script-src 'self' https://donphan.social 'wasm-unsafe-eval' 1
"frame-ancestors 'self' https://www.buonalavita.it;" 1
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors * data: blob: 'unsafe-inline'; 1
default-src 'self' fonts.googleapis.com fonts.gstatic.com *.google-analytics.com *.analytics.google.com www.google.com stats.g.doubleclick.net www.google.ie www.google.co.uk; script-src 'self' https://js.hubspot.com https://js.hsleadflows.net https://connect.facebook.net https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-scripts.com https://www.googletagmanager.com https://trk.hostingireland.ie https://googleads.g.doubleclick.net https://cdn.iubenda.com 'unsafe-inline' https://c.microsoft.com *.google-analytics.com *.analytics.google.com https://www.googleadservices.com https://script.crazyegg.com; style-src 'self' 'unsafe-inline' https://cdn.iubenda.com fonts.googleapis.com; img-src 'self' data: https://www.googletagmanager.com https://cdn.iubenda.com https://perf-na1.hsforms.com https://www.facebook.com https://forms.hsforms.com https://track.hubspot.com www.google.com www.google.ie *.google-analytics.com *.analytics.google.com www.gstatic.com stats.g.doubleclick.net www.google.co.uk https://trk.hostingireland.ie; font-src 'self' data: fonts.gstatic.com themes.googleusercontent.com; connect-src 'self' https://cta-service-cms2.hubspot.com https://cta-service-cms2.hubspot.com https://api.hubapi.com https://forms.hubspot.com https://www.google.com https://googleads.g.doubleclick.net *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net https://script.crazyegg.com https://tracking.crazyegg.com; child-src https://www.microsoft.com; form-action clients.hostingireland.ie; upgrade-insecure-requests; report-uri https://fwqjdq5k.uriports.com/reports/report; report-to default; frame-src https://www.iubenda.com https://td.doubleclick.net; frame-ancestors 'self' https://trk.hostingireland.ie https://trk.teamblue.services/server/trk_main https://www.google-analytics.com https://stats.g.doubleclick.net; worker-src blob: https://www.hostingireland.ie 1
connect-src 'self' https://google.com *.googleapis.com *.pinterest.com *.clarity.ms bat.bing.com stats.g.doubleclick.net *.affirm.com www.facebook.com www.google-analytics.com *.google.com web.facebook.com; font-src 'self' data: www.affirm.com fonts.gstatic.com svcs.tql.com www.clearplay.com; form-action 'self' *.paypal.com; frame-src *.doubleclick.net *.affirm.com *.katapult.com *.pinterest.com bid.g.doubleclick.net www.google.com www.youtube.com pwm-image.trendmicro.com; img-src 'self' *.clarity.ms *.katapult.com *.google.com.ua *.pinterest.com *.googleadservices.com *.doubleclick.net *.bing.com data: googleads.g.doubleclick.net www.google-analytics.com *.google.com *.nexcesscdn.net www.googletagmanager.com *.gstatic.com www.facebook.com log.pinterest.com www.shopperapproved.com cdn.honey.io i.ytimg.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.katapult.com *.pinimg.com *.pinterest.com *.clarity.ms bat.bing.com *.affirm.com connect.facebook.net googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.shopperapproved.com *.nexcesscdn.net www.google.com www.gstatic.com *.googleapis.com dv0akt2986vzh.cloudfront.net www.furniturecart.com rialto-gms.s3.amazonaws.com; script-src 'unsafe-eval' 'unsafe-inline' bat.bing.com *.clarity.ms googleads.g.doubleclick.net *.nexcesscdn.net www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com cdn1.affirm.com 'self' connect.facebook.net *.googleapis.com tpc.googlesyndication.com www.shopperapproved.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *.katapult.com *.nexcesscdn.net *.googletagmanager.com *.googleapis.com; child-src bid.g.doubleclick.net www.google.com www.youtube.com www.affirm.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' bat.bing.com data: *.nexcesscdn.net www.google-analytics.com www.googletagmanager.com *.google.com *.affirm.com *.doubleclick.net 'self' www.googleadservices.com *.facebook.net *.googleapis.com *.gstatic.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.nexcesscdn.net cdn1.affirm.com *.googleapis.com; object-src 'self' www.youtube.com 1
report-uri https://nuls.io 1
default-src 'self' www.openstreetmap.org stats.g.doubleclick.net www.youtube.com www.gravatar.com player.vimeo.com *.vimeocdn.com our.umbraco.com www.google-analytics.com *.google-analytics.com api.pro6pp.nl www.googletagmanager.com *.googletagmanager.com analytics.google.com *.analytics.google.com *.google.com *.google.nl;script-src 'self' api.pro6pp.nl ajax.aspnetcdn.com code.jquery.com ajax.googleapis.com www.googletagmanager.com *.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com www.google.com 'nonce-vdBVK4Ul4ou0OeMbXRJVdnu00BopQlK7NMd9aPXyZRI=';style-src 'self' fonts.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com 'unsafe-inline';font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com;img-src 'self' www.googletagmanager.com *.googletagmanager.com *.google-analytics.com www.google.com data: www.veb.net *.umbraco.io *.umbraco.com *.umbraco.org *.gravatar.com umbraco.tv *.googleapis.com *.staticflickr.com abmfn.com;frame-src *;base-uri 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.kohler.com.cn *.jiathis.com *.adobedtm.com *.baidu.com solution.comm100.cn survey.122.2o7.net *.scene7.com *.bdimg.com  *.bdimg.com *.jiathis.com *.kohler.com.cn *.kohler.com *.adobedtm.com *.google-analytics.com *.fugetech.com *.gridsumdissector.com *.webdissector.com *.allyes.com.cn *.aiodt.com 114.80.179.250 *.polyv.net blob:  data: *.videocc.net  ai.glor.cn *.cnzz.com cnzz.mmstat.com *.iperceptions.com *.glor.cn *.kohler.com consent.trustarc.com *.googletagmanager.com *.kohler.com *.scene7.com  *.google-analytics.com *.aiodt.com/ainsight.js *.v5kf.com *.beats-digital.com *.amap.com cdn.cookielaw.org *.alicdn.com *.cn.miaozhen.com *.vod2.myqcloud.com *.wx.qq.com kohler.cos.bitbetter.com.cn;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jiathis.com *.wx.qq.com *.cn.miaozhen.com assets.adobedtm.com *.google-analytics.com *.baidu.com solution.comm100.cn survey.122.2o7.net *.scene7.com  *.bdimg.com *.fugetech.com *.gridsumdissector.com *.webdissector.com *.allyes.com.cn *.aiodt.com ai.glor.cn *.cnzz.com *.iperceptions.com *.kohler.com consent.trustarc.com *.googletagmanager.com player.polyv.net v3.jiathis.com s7d4.scene7.com api.map.baidu.com *.v5kf.com *.beats-digital.com *.amap.com cdn.cookielaw.org shuyun-flow.kohler.com.cn *.wx.qq.com kohler.cos.bitbetter.com.cn stm-cdn.cn.miaozhen.com;img-src blob: data: *.kohler.com.cn *.kohler.com.cn solution.comm100.cn *.kohler.com *.baidu.com *.scene7.com  *.bdimg.com *.jiathis.com *.gridsumdissector.com *.webdissector.com *.aiodt.com *.cnzz.com cnzz.mmstat.com *.google-analytics.com consent.trustarc.com img.videocc.net s7d4.scene7.com *.v5kf.com *.beats-digital.com *.aliyuncs.com *.amap.com cdn.cookielaw.org kohler.cos.bitbetter.com.cn *.cn.miaozhen.com;style-src 'self' 'unsafe-inline' *.jiathis.com *.kohler.com *.kohler.com.cn *.v5kf.com *.beats-digital.com *.alicdn.com *.amap.com cdn.cookielaw.org;object-src 'self' *.kohler.com.cn *.amap.com cdn.cookielaw.org;media-src 'self' * blob: data: ;worker-src 'self' * blob: ;connect-src 'self' *  ai.glor.cn player.polyv.net static.polyv.net hls.videocc.net *.amap.com;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.iperceptions.com *.googletagmanager.com  *.adobedtm.com *.aiodt.com *.google-analytics.com assets.adobedtm.com 1.aiodt.com *.google-analytics.com cdn.jsdelivr.net/npm/vue *.kohler.com *.baidu.com *.polyv.net *.jiathis.com *.scene7.com shuyun-flow.kohler.com.cn *.trustarc.com *.v5kf.com *.beats-digital.com *.amap.com cdn.cookielaw.org geolocation.onetrust.com *.wx.qq.com kohler.cos.bitbetter.com.cn stm-cdn.cn.miaozhen.com jic.talkingdata.com;frame-src 'self' *.jiathis.com *.kohler.com *.baidu.com player.polyv.net shuyun-flow.kohler.com.cn *.v5kf.com *.beats-digital.com *.amap.com https://*.qq.com webcompt: 1
frame-ancestors chat.rockrms.com dakboard.com/ 1
default-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data: blob: 'unsafe-inline'; font-src * data:; media-src * blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self'; form-actions 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.plyr.io/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.youtube.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.plyr.io/; font-src 'self' data:;img-src 'self' data:; frame-src https://www.google.com/recaptcha/ https://www.youtube.com/ https://www.youtube-nocookie.com/; connect-src 'self' https://www.google-analytics.com; form-action 'self';frame-ancestors 'self'; 1
base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-zKVfGrRuXeGzdt3wQsu7kAdk' 'nonce-M1Z1NSpyN/9xgU3KlesxSHvG' 'nonce-XfSnEJ8C/kIFF8bpk4y+jsaL' 'nonce-LS4HjdkITVpOPgvSpmZUYXyo' 'nonce-7ComXrQ7JGXn0GrUWAfmE1RL' 'nonce-H4iYX6QW7x9fyb27jL08kGCs' 'nonce-jUsjsEzqaw51eSclNOZAO98/' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1
default-src 'self' https://go.api.servicetarget.com https://015d3708.sibforms.com https://directed.api.servicetarget.com https://cdn.servicetarget.com http://www.google-analytics.com https://analytics.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com https://sdks.shopifycdn.com  https://monorail-edge.shopifysvc.com https://shopvoxx.myshopify.com https://cdn.shopify.com https://stats.g.doubleclick.net/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.servicetarget.com https://sibforms.com/ https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com https://sdks.shopifycdn.com  https://monorail-edge.shopifysvc.com https://shopvoxx.myshopify.com https://cdn.shopify.com  http://www.googleadservices.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ http://stage.directed.com http://www.directed.com https://ajax.googleapis.com https://fonts.googleapis.com http://www.google-analytics.com https://analytics.google.com/ https://www.google-analytics.com https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://player.vimeo.com https://connect.facebook.net http://connect.facebook.net https://apis.google.com http://www.w3.org http://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com http://www.facebook.com http://staticxx.facebook.com https://stats.g.doubleclick.net https://img.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.servicetarget.com https://sibforms.com/ https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com https://sdks.shopifycdn.com  https://monorail-edge.shopifysvc.com https://shopvoxx.myshopify.com https://cdn.shopify.com https://tagmanager.google.com/ https://fonts.googleapis.com/ http://stage.directed.com http://www.directed.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://analytics.google.com/ https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://player.vimeo.com https://connect.facebook.net http://connect.facebook.net https://apis.google.com http://www.w3.org http://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com http://www.facebook.com http://staticxx.facebook.com https://stats.g.doubleclick.net https://img.youtube.com; img-src 'self' 'unsafe-inline' data: https://www.viper.com https://img.mailinblue.com https://static.brevo.com/ https://i3.ytimg.com https://cdn.servicetarget.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com https://sdks.shopifycdn.com  https://monorail-edge.shopifysvc.com https://shopvoxx.myshopify.com https://cdn.shopify.com http://stage.directed.com http://www.directed.com https://fonts.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://analytics.google.com/ https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://player.vimeo.com https://connect.facebook.net http://connect.facebook.net https://apis.google.com http://www.w3.org http://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com http://www.facebook.com http://staticxx.facebook.com https://stats.g.doubleclick.net https://img.youtube.com; font-src 'self' 'unsafe-inline' data: https://cdn.servicetarget.com https://assets.brevo.com/ https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com https://sdks.shopifycdn.com  https://monorail-edge.shopifysvc.com https://shopvoxx.myshopify.com https://cdn.shopify.com http://stage.directed.com http://www.directed.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://analytics.google.com/ https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://player.vimeo.com https://connect.facebook.net http://connect.facebook.net https://apis.google.com http://www.w3.org http://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com http://www.facebook.com http://staticxx.facebook.com https://stats.g.doubleclick.net https://img.youtube.com; frame-src 'self' 'unsafe-inline' https://015d3708.sibforms.com/ https://cdn.servicetarget.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com https://sdks.shopifycdn.com  https://monorail-edge.shopifysvc.com https://shopvoxx.myshopify.com https://cdn.shopify.com *.doubleclick.net  http://stage.directed.com http://www.directed.com https://fonts.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://analytics.google.com/ https://accounts.google.com/ https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://player.vimeo.com https://connect.facebook.net http://connect.facebook.net https://apis.google.com http://www.w3.org http://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com http://www.facebook.com http://staticxx.facebook.com https://stats.g.doubleclick.net https://img.youtube.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com unpkg.com *.cloudflare.com *.youtube.com *.gstatic.com cdn.jsdelivr.net *.zdassets.com pod-25.zendesk.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.cloudflare.com cdn.jsdelivr.net; img-src 'self' blob: data: *.gstatic.com *.googleapis.com *.google-analytics.com *.cloudflare.com *.ogilvy.com.au *.youtube.com *.googletagmanager.com *.ytimg.com cdn.jsdelivr.net cherymotoraustralia.zendesk.com p25.zdusercontent.com; media-src 'self'; frame-src 'self' youtube.com *.youtube.com *.vimeo.com *.google.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' *.gstatic.com *.amazonaws.com data:; connect-src 'self' *.google-analytics.com *.googleapis.com *.zdassets.com cherymotoraustralia.zendesk.com wss://pod-25.zendesk.com pod-25.zendesk.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' https://scorm.myecampus.com.au 1
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' data: https://*.nextleap.app https://www.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net;form-action 'self';frame-ancestors 'self' https://*.nextleap.app;img-src 'self' data: blob: https://*.nextleap.app https://www.facebook.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google.com https://www.google.co.in https://www.googleadservices.com https://sp.analytics.yahoo.com https://bat.bing.com https://bat.r.msn.com https://accounts.google.com https://c.clarity.ms https://www.facebook.com/tr;object-src 'none';script-src 'self' 'unsafe-eval' https://*.nextleap.app https://www.gstatic.com/firebasejs/ https://unpkg.com https://www.googletagmanager.com/gtag/ https://www.googletagmanager.com/gtm.js https://checkout.razorpay.com https://www.clarity.ms https://accounts.google.com https://apis.google.com https://cdn.jsdelivr.net https://www.youtube.com https://www.google.com/recaptcha/ https://ind-widget.freshworks.com https://static.codepen.io/ https://cpwebassets.codepen.io https://codepen.io/ https://connect.facebook.net https://www.facebook.com/signals/ 'nonce-3f8274969f59f6552b1f992a778f819c';script-src-attr 'none';style-src 'self' 'unsafe-inline' https://*.nextleap.app https://fonts.googleapis.com/ https://www.gstatic.com https://accounts.google.com https://apis.google.com https://cdn.jsdelivr.net https://ind-widget.freshworks.com https://cdn.jsdelivr.net/npm/katex@0.16.3/dist/katex.min.css;upgrade-insecure-requests;frame-src 'self' https://*.nextleap.app https://*.youtube.com https://youtube.com https://api.razorpay.com https://i.clarity.ms https://accounts.google.com https://apis.google.com https://player.vimeo.com/ https://videos.sproutvideo.com/ https://www.google.com/ https://codepen.io/ https://*.codesandbox.io/ https://www.googletagmanager.com/ https://1drv.ms/ https://onedrive.live.com/ https://login.live.com/ 'nonce-3f8274969f59f6552b1f992a778f819c';worker-src 'self' https://*.nextleap.app blob: https://codepen.io/;child-src 'self' https://*.nextleap.app blob: 'nonce-3f8274969f59f6552b1f992a778f819c';connect-src 'self' *;media-src 'self' data: blob: https://*.nextleap.app 1
default-src 'self' www.procreditbank.md pcbmda-websitemc-appsvc.azurewebsites.net *.google-analytics.com analytics.google.com www.google.md stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com pcbmda-websitemc-appsvc.azurewebsites.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com pcbmda-websitemc-appsvc.azurewebsites.net; font-src 'self' fonts.gstatic.com; frame-src 'self' www.google.com www.youtube.com www.facebook.com 1
frame-ancestors 'self' *.qasa.se *.arcfast.se arcfast.se *.ehcc.se ehcc.se *.amynefastigheter.se amynefastigheter.se www-amynefastigheter-se.filesusr.com *.lawa.nu lawa.nu *.re-eqt.com re-eqt.com *.stibix.se *.stibix.i-page.se stibix.se stibix.i-page.se *.hvetstrom.com hvetstrom.com 1
default-src https://www.youtube.com https://*.netcoresmartech.com https://*.doubleclick.net https://www.google.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://uatcopsapi.shriramlife.me https://securepg.paynimo.com https://www.paynimo.com https://api.shriramlife.com https://cdn.shriramlife.com https://www.shriramlife.com https://shriramlife.com https://kalam.shriramlife.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com paynimo.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://snap.licdn.com https://*.netcoresmartech.com https://connect.facebook.net https://app.yellowmessenger.com https://cdn.yellowmessenger.com https://www.paynimo.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://bat.bing.com https://*.clarity.ms https://cdpanalytics.novactech.in; style-src 'self' https://fonts.googleapis.com https://maps.googleapis.com https://www.paynimo.com 'unsafe-inline' ; font-src 'self' https://cdn.yellowmessenger.com https://cdn.shriramlife.com https://www.paynimo.com https://fonts.gstatic.com data:; worker-src 'self'; media-src 'self' https://cdn.yellowmessenger.com; connect-src 'self' https://*.googleapis.com https://*.netcoresmartech.com https://*.oribi.io https://*.google.com https://*.doubleclick.net https://www.google-analytics.com https://pagead2.googlesyndication.com wss://app.yellowmessenger.com  https://uatcopsapi.shriramlife.me  https://api.shriramlife.com https://app.yellowmessenger.com https://kalam.shriramlife.com https://www.paynimo.com https://securepg.paynimo.com https://shriramlife.com https://www.shriramlife.com https://px.ads.linkedin.com https://*.clarity.ms data:; img-src 'self' https://i.ytimg.com https://*.googleapis.com https://*.linkedin.com https://*.facebook.com https://*.doubleclick.net https://cdn.yellowmessenger.com https://www.googletagmanager.com https://www.google.com https://www.google.co.in https://maps.gstatic.com https://maps.googleapis.com https://www.paynimo.com https://www.shriramlife.com https://cdn.shriramlife.com https://shriamlife.com https://*.netcoresmartech.com https://bat.bing.com data: ; frame-ancestors 'self' https://www.googletagmanager.com; 1
default-src 'self' blob: wss: data: *.google.com *.googleapis.com *.gstatic.com *.sucalcodelco.com localhost *.amazonaws.com plausible.io *.zdassets.com *.zendesk.com *.google-analytics.com *.newrelic.com *.nr-data.net *.microsoft.com *.microsoftonline.com *.amazoncognito.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.google.com *.googleapis.com *.gstatic.com cdn.jsdelivr.net plausible.io *.zdassets.com *.zendesk.com *.googletagmanager.com *.newrelic.com;  style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data: blob: localhost *.sucalcodelco.com *.amazonaws.com *.zdassets.com *.zendesk.com *.google-analytics.com; 1
base-uri 'self'; default-src * data: blob:; img-src * data: blob:; style-src * 'unsafe-inline' data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://cdn.ampproject.org/ ajax.cloudflare.com static.cloudflareinsights.com; media-src * data: blob:; worker-src * 'unsafe-inline' 'unsafe-eval' data: blob: 1
frame-ancestors 'self'; base-uri 'self'; form-action teufelaudio.at zed.teufel.de support.teufel.de retoure.teufel.de blog.teufel.de www.terminland.de www.saferpay.com test.saferpay.com payments.amazon.de *.amazon.de row.ups.com checkout.sandbox.getalma.eu checkout.getalma.eu service.teufel.de *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.contentsquare.net *.contentsquare.com teufel.de teufel.ch teufelaudio.fr teufelaudio.nl teufelaudio.be teufelaudio.es teufelaudio.it cz.teufelaudio.com dk.teufelaudio.com ee.teufelaudio.com fi.teufelaudio.com gb.teufelaudio.com gr.teufelaudio.com hr.teufelaudio.com hu.teufelaudio.com ie.teufelaudio.com li.teufelaudio.com lt.teufelaudio.com lu.teufelaudio.com lv.teufelaudio.com no.teufelaudio.com pt.teufelaudio.com se.teufelaudio.com si.teufelaudio.com sk.teufelaudio.com teufelaudio.pl us.teufelaudio.com 'self' 1
default-src 'self'; script-src 'self'; connect-src 'self'; style-src 'self'; object-src 'none'; frame-ancestors 'none'; frame-src 'none'; form-action 'self'; manifest-src 'self'; img-src 'self' blob: data: https://derpicdn.net https://ext.derpicdn.net; media-src 'self' blob: data: https://derpicdn.net https://ext.derpicdn.net 1
frame-ancestors veronepiece.xyz 1
default-src 'none'; script-src 'self' yastatic.net mc.yandex.ru mc.yandex.com mc.yandex.by mc.yandex.kg mc.yandex.kz mc.yandex.md mc.yandex.uz 'nonce-MTU5Y2Q2YjYtMWYzNS00NTNkLThlZWYtNWRkMWY5MWVhMDdh' analytics.google.com www.google.ru www.google.com www.google.kz www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net googleads.g.doubleclick.net s.pinimg.com ct.pinterest.com abt.s3.yandex.net connect.facebook.net www.facebook.com; style-src 'self' yastatic.net 'unsafe-inline'; img-src 'self' blob: data: yastatic.net mc.yandex.ru mc.yandex.com mc.yandex.by mc.yandex.kg mc.yandex.kz mc.yandex.md mc.yandex.uz analytics.google.com www.google.ru www.google.com www.google.kz www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net googleads.g.doubleclick.net s.pinimg.com ct.pinterest.com abt.s3.yandex.net connect.facebook.net www.facebook.com; font-src 'self' data: yastatic.net; object-src 'none'; base-uri 'self' yastatic.net; media-src 'self' yastatic.net mc.yandex.ru mc.yandex.com mc.yandex.by mc.yandex.kg mc.yandex.kz mc.yandex.md mc.yandex.uz; frame-src 'self' blob: forms.yandex.ru analytics.google.com www.google.ru www.google.com www.google.kz www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net googleads.g.doubleclick.net s.pinimg.com ct.pinterest.com abt.s3.yandex.net mc.yandex.ru mc.yandex.com mc.yandex.by mc.yandex.kg mc.yandex.kz mc.yandex.md mc.yandex.uz; connect-src 'self' mc.yandex.ru mc.yandex.com mc.yandex.by mc.yandex.kg mc.yandex.kz mc.yandex.md mc.yandex.uz uaas.yandex.ru analytics.google.com www.google.ru www.google.com www.google.kz www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net googleads.g.doubleclick.net s.pinimg.com ct.pinterest.com abt.s3.yandex.net; child-src blob: mc.yandex.ru mc.yandex.com mc.yandex.by mc.yandex.kg mc.yandex.kz mc.yandex.md mc.yandex.uz; manifest-src 'self' yastatic.net; form-action 'self'; report-uri https://csp.yandex.net/csp?from=yango.delivery&project=static-yango&yandex_login=undefined&yandexuid=undefined; frame-ancestors 'self' metrika.yandex.ru metrika.yandex.by metrika.yandex.com metrika.yandex.com.tr metrica.yandex.ru metrica.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com; 1
default-src 'self' blob: data: www.youtube.com s.ytimg.com *.usercentrics.eu *.google.com *.googletagmanager.com *.google-analytics.com analyzer.amedick-sommer.de *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.youtube.com s.ytimg.com *.usercentrics.eu *.google.com *.googletagmanager.com *.google-analytics.com analyzer.amedick-sommer.de *.googleapis.com; img-src * data:; object-src 'none'; frame-ancestors 'self'; frame-src *; 1
connect-src 'self' *.nrw.de *.nrw; default-src 'self' *.nrw.de; font-src data: *; frame-ancestors 'self' *.nrw.de; frame-src 'self' *.nrw.de; img-src data: *; media-src *; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de https://cdnjs.cloudflare.com ; style-src 'self' 'unsafe-inline' *.nrw.de https://cdnjs.cloudflare.com; worker-src 'self' *.nrw.de; upgrade-insecure-requests; 1
default-src 'self' blob:; script-src 'self' blob: d2pzklc15kok91.cloudfront.net; style-src 'self' 'unsafe-inline' data: d2pzklc15kok91.cloudfront.net; font-src 'self' d2pzklc15kok91.cloudfront.net; object-src 'self' d2pzklc15kok91.cloudfront.net media.bernat.ch; img-src 'self' data: d2pzklc15kok91.cloudfront.net; frame-src d2pzklc15kok91.cloudfront.net media.bernat.ch; worker-src blob:; media-src 'self' blob: about: media.bernat.ch d2pzklc15kok91.cloudfront.net; connect-src 'self' media.bernat.ch comments.luffy.cx; base-uri 'none'; frame-ancestors 'none'; form-action duckduckgo.com; block-all-mixed-content; 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com 1231738803.rsc.cdn77.org data: 'self' 'unsafe-inline'; form-action www.facebook.com 1231738803.rsc.cdn77.org 'self' 'unsafe-inline'; frame-ancestors 1231738803.rsc.cdn77.org 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ https://widget.packeta.com https://backup.widget.packeta.com *.google.com *.addthis.com *.pinterest.com *.ladesk.com www.facebook.com view.publitas.com 1231738803.rsc.cdn77.org https://td.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.zasielkovna.sk https://files.packeta.com *.openstreetmap.org *.leafletjs.com https://img.youtube.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com www.google.cz www.facebook.com https://sevt.ladesk.com 1231738803.rsc.cdn77.org https://www.google.sk d2dpiwfhf3tz0r.cloudfront.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.leafletjs.com s7.addthis.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.ladesk.com connect.facebook.net view.publitas.com cdn.jsdelivr.net 1231738803.rsc.cdn77.org d70shl7vidtft.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com cdn.jsdelivr.net 1231738803.rsc.cdn77.org 'self' 'unsafe-inline'; object-src 1231738803.rsc.cdn77.org 'self' 'unsafe-inline'; media-src 1231738803.rsc.cdn77.org https://www.google.sk 'self' 'unsafe-inline'; manifest-src 1231738803.rsc.cdn77.org 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com https://widget.packeta.com https://backup.widget.packeta.com ekr.zdassets.com/ *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com stats.g.doubleclick.net *.google-analytics.com 1231738803.rsc.cdn77.org https://pagead2.googlesyndication.com www.facebook.com 'self' 'unsafe-inline'; child-src 1231738803.rsc.cdn77.org http: https: blob: 'self' 'unsafe-inline'; default-src 1231738803.rsc.cdn77.org 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 1231738803.rsc.cdn77.org 'self' 'unsafe-inline'; report-uri /csp_report.php; report-to report-endpoint; 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-B8253921E3E873A74A08C40155E70451' 'strict-dynamic'; style-src 'self' fonts.googleapis.com translate.googleapis.com 'nonce-B8253921E3E873A74A08C40155E70451'; connect-src 'self' https: wss://dnpush.nl; img-src 'self' https: data:; font-src 'self' fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com; base-uri 'none'; media-src 'self'; report-uri https://www.seniorengeluk.nl/API/Site/CspReport 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com ajax.cloudflare.com; style-src 'self' 'unsafe-inline' unpkg.com fonts.cdnfonts.com cdnjs.cloudflare.com fonts.googleapis.com p.typekit.net; object-src 'none'; base-uri 'self'; connect-src 'self' www.google.com stats.g.doubleclick.net analytics.google.com www.google-analytics.com acc-landing.vercel.app; font-src 'self' data: fonts.cdnfonts.com cdnjs.cloudflare.com fonts.gstatic.com use.typekit.net; frame-src 'self' *.jotform.com td.doubleclick.net; img-src 'self' data: *.3cs.website storage.googleapis.com imagedelivery.net www.bw2023.lk keells-2024.sgp1.digitaloceanspaces.com keells-2024.sgp1.cdn.digitaloceanspaces.com 206.189.36.206:11394 www.keells.com keells.com www.johnkeellsgroup.com www.google.lk keells-2024-wp-staging.3cs.website http://keells-2024-wp-staging.3cs.website; manifest-src 'self'; media-src 'self' storage.googleapis.com imagedelivery.net keells-2024.sgp1.digitaloceanspaces.com keells-2024.sgp1.cdn.digitaloceanspaces.com www.keells.com keells.com www.johnkeellsgroup.com; worker-src 'none'; 1
“block-all-mixed-content;� 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ZjlhM2U4OGI3Nzg3NDg0MTg5MTk5YjVhMWUwMWRjM2Q=' https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rekenkamer.nl; font-src 'self' https://statistiek.rijksoverheid.nl; object-src 'none'; connect-src https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.rekenkamer.nl; img-src 'self' data: https://d3oiud1b8fohdw.cloudfront.net https://statistiek.rijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.toegankelijkheidsverklaring.nl; media-src 'self' https://*.rovid.nl https://*.rijksoverheidsvideo.nl; form-action 'self' https://export.highcharts.com https://*.contenttoolsrijksoverheid.nl https://*.rekenkamer.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' *.google.com *.google-analytics.com *.doubleclick.net *.commerce-connector.com cookiehub.net *.cookiehub.net *.facebook.com *.facebook.net usercentrics.eu app.usercentrics.eu *.usercentrics.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' cookiehub.net *.cookiehub.net *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.licdn.com *.facebook.net *.doubleclick.net polyfill.io *.commerce-connector.com *.store-connector.com *.onlyfy.jobs *.facebook.com *.facebook.net usercentrics.eu app.usercentrics.eu *.usercentrics.eu; style-src 'self' 'unsafe-inline' cookiehub.net *.cookiehub.net *.commerce-connector.com *.facebook.com *.facebook.net usercentrics.eu *.usercentrics.eu; img-src * 'self' data: https:; frame-src *.youtube.com *.youtu.be *.youtube-nocookie.com *.sigel-office.com *.doubleclick.net *.commerce-connector.com *.store-connector.com *.onlyfy.jobs *.facebook.com *.facebook.net usercentrics.eu app.usercentrics.eu *.usercentrics.eu; font-src 'self' *.gstatic.com *.commerce-connector.com; connect-src 'self' *.google.com *.google-analytics.com *.doubleclick.net *.commerce-connector.com cookiehub.net *.cookiehub.net *.facebook.com *.facebook.net usercentrics.eu *.usercentrics.eu; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: blob:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https://esprechstunde.net wss://esprechstunde.net https://sentry.digineo.de 1
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' gc.zgo.at; img-src 'self' masfloss.goatcounter.com; media-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; connect-src 'self'; base-uri 'self'; upgrade-insecure-requests 1
default-src https://appdsv.omie.com.br https://vc.hotjar.io https://js.intercomcdn.com https://in.hotjar.com https://api.hubapi.com https://www.facebook.com wss://nexus-websocket-a.intercom.io https://forms.hubspot.com https://api.hubspot.com https://ws6.hotjar.com wss://ws6.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.dataunion.com.br https://api-iam.intercom.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' blob: https://api.segment.io  https://tag.goadopt.io https://api.segment.com https://track.segment.com https://cdn.segment.com https://measurement-api.criteo.com https://*.clarity.ms https://*.bing.com https://apis.google.com https://analytics.tiktok.com https://appdsv.omie.com.br https://dev.visualwebsiteoptimizer.com https://snap.licdn.com https://optimize.google.com https://www.googleanalytics.com https://www.googleoptimize.com https://cse.google.com https://www.google.com https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://js.usemessages.com https://stackpath.bootstrapcdn.com https://www.dataunion.com.br https://js.hscollectedforms.net https://www.googletagmanager.com https://*.hotjar.com https://*.tailtarget.com https://*.intercom.io https://js.hsleadflows.net https://js.hs-banner.com https://js.hs-analytics.net https://js.hsadspixel.net https://www.googleadservices.com https://js.hsforms.net https://js.hs-scripts.com https://connect.facebook.net https://forms.hsforms.com https://www.google-analytics.com https://app.omie.com.br https://cdnjs.cloudflare.com https://js.intercomcdn.com https://*.criteo.com https://static.criteo.net https://preview-new.mkt.omie.us; style-src 'self' 'unsafe-inline' 'report-sample' https://optimize.google.com https://preview-new.mkt.omie.us https://cdn.omie.com.br https://use.fontawesome.com https://cdn.jsdelivr.net https://fonts.googleapis.com; frame-src https://*.omie.com.br https://chat-convecao24.firebaseapp.com https://www.googletagmanager.com https://td.doubleclick.net https://intercom-sheets.com/ https://cdn.omie.com.br/ https://cdndsv.omie.com.br/ https://www.intercom-reporting.com/ *.google.com https://www.facebook.com/ https://player.vimeo.com/ youtube.com https://www.youtube.com https://optimize.google.com https://www.googletagmanager.com/ https://bid.g.doubleclick.net/ https://vars.hotjar.com/ https://tags.t.tailtarget.com/ https://forms.hsforms.com/ https://*.criteo.com https://static.criteo.net; img-src 'self' data: blob: https://measurement-api.criteo.com https://ads.stickyadstv.com https://*.clarity.ms https://*.bing.com https://www.googletagmanager.com https://s3-sa-east-1.amazonaws.com https://www.linkedin.com https://px.ads.linkedin.com https://www.google-analytics.com https://sync-t1.taboola.com https://*.criteo.com https://criteo-partners.tremorhub.com https://criteo-sync.teads.tv https://sync-criteo.ads.yieldmo.com https://dev.visualwebsiteoptimizer.com https://cm.g.doubleclick.net https://track.hubspot.com https://*.omie.com.br https://conpass.blob.core.windows.net https://fast.conpass.io https://static.intercomassets.com https://omie-b8c3f6a65bc3.intercom-attachments-5.com https://app.intercom.com/ https://*.intercomcdn.com/ https://omiexperience-sa.intercom-attachments-7.com/ https://omie-b8c3f6a65bc3.intercom-attachments-1.com/ https://omie-b8c3f6a65bc3.intercom-attachments-9.com/ https://*.googleapis.com https://*.gstatic.com *.google.com *.google.com.br *.googleusercontent.com *.facebook.net *.facebook.com https://*.hsforms.com; font-src 'self' data: https://use.typekit.net https://script.hotjar.com https://js.intercomcdn.com https://fonts.gstatic.com https://*.omie.com.br/omiesaga/ https://use.fontawesome.com; connect-src 'self' https://api.hsforms.com https://disclaimer-api.goadopt.io https://api.segment.io https://cdn.jsdelivr.net https://api.segment.com https://track.segment.com https://cdn.segment.com https://measurement-api.criteo.com https://*.clarity.ms https://*.bing.com https://google.com https://securetoken.googleapis.com https://identitytoolkit.googleapis.com https://firestore.googleapis.com https://analytics.tiktok.com https://px.ads.linkedin.com https://analytics.google.com https://dev.visualwebsiteoptimizer.com https://sslwidget.criteo.com https://blog.omie.com.br https://forms.hscollectedforms.net https://viacep.com.br https://appdsv.omie.com.br https://api.crm.ops.omie.us https://apidev.crm.ops.omie.us https://api.plm.ops.omie.us https://www.omie.com.br https://app.omie.com.br https://forms.hsforms.com wss://nexus-websocket-a.intercom.io/ https://api-iam.intercom.io https://hubspot-forms-static-embed.s3.amazonaws.com https://www.dataunion.com.br https://www.google-analytics.com https://*.doubleclick.net https://www.google.com https://www.facebook.com/ https://*.hubspot.com https://*.hubapi.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com; form-action https://intercom.help https://api-iam.intercom.io https://www.facebook.com https://*.omie.com.br https://omie.clickmeeting.com/ https://*.omie.com.br https://app.omie.com.br https://www.omie.com.br https://forms.hsforms.com; media-src blob: https://js.intercomcdn.com https://preview.omie.com.br https://www.omie.com.br https://omie.com.br; frame-ancestors 'none'; object-src 'none'; worker-src blob: https://*.omie.com.br; base-uri 'self';  1
default-src: 'self'; style-src: 'self' https://fonts.googleapis.com; font-src: 'self' https://fonts.gstatic.com; 1
default-src 'self' *.misskey-hub.net; style-src 'self' 'unsafe-inline' *.misskey-hub.net *.googleapis.com *.googleapis.cn; font-src 'self' *.misskey-hub.net fonts.gstatic.com fonts.gstatic.cn; script-src 'self' blob: *.misskey-hub.net challenges.cloudflare.com 'unsafe-inline' 'unsafe-eval'; img-src data: blob: https://*; connect-src 'self' https://*; frame-src 'self' *.misskey-hub.net misskey-dev.github.io challenges.cloudflare.com; 1
default-src 'self'; upgrade-insecure-requests; connect-src 'self' dc.services.visualstudio.com *.pensionpro.com *.applicationinsights.azure.com *.monitor.azure.com; style-src 'self' 'unsafe-inline' appcenter.intuit.com *.pensionpro.com fonts.googleapis.com data:; style-src-elem 'self' 'unsafe-inline' appcenter.intuit.com *.pensionpro.com fonts.googleapis.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' appcenter.intuit.com www.googletagmanager.com ajax.googleapis.com ssl.google-analytics.com cdnjs.cloudflare.com az416426.vo.msecnd.net js.braintreegateway.com *.monitor.azure.com; img-src 'self' *.pensionpro.com kendo.cdn.telerik.com data: ssl.google-analytics.com; font-src 'self' fonts.gstatic.com netdna.bootstrapcdn.com data:; frame-ancestors 'self'; frame-src 'self' player.vimeo.com; 1
default-src 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' https://js.stripe.com/ www.google-analytics.com ajax.googleapis.com www.googletagmanager.com s7.addthis.com connect.facebook.net code.jquery.com https://code.s4d.io https://*.typeform.com https://*.google.com https://www.gstatic.com https://e.issuu.com https://secure.geonames.org https://cdn.amcharts.com https://cdn.jsdelivr.net/ https://unpkg.com https://*.insuit.net https://maps.googleapis.com; connect-src 'self' https://sentry.issuu.com https://*.google-analytics.com/ ajax.googleapis.com www.googletagmanager.com s7.addthis.com connect.facebook.net localhost ws://localhost:8000 wss://*.ciscospark.com wss://*.wbx.com wss://*.wbx2.com https://*.ciscospark.com https://*.clouddrive.com/ https://code.s4d.io https://*.giphy.com https://*.wbx2.com https://*.webex.com https://*.webexcontent.com https://*.typeform.com https://geocode-api.arcgis.com https://*.insuit.net https://maps.googleapis.com; img-src * 'self' https://*.clouddrive.com https://code.s4d.io https://*.webexcontent.com blob: https://*.rackcdn.com data: https:; style-src 'unsafe-inline' 'self' www.google-analytics.com ajax.googleapis.com www.googletagmanager.com s7.addthis.com connect.facebook.net code.jquery.com fonts.googleapis.com https://code.s4d.io https://*.typeform.com https://cdn.insuit.net; base-uri 'self';form-action 'self' sis-t.redsys.es:25443 sis-t.redsys.es sis.redsys.es https://webexapis.com/ https://api.typeform.com/ https://api.videoask.com/ www.paypal.com https://www.google.com https://www.google.es;font-src 'self' fonts.gstatic.com fonts.googleapis.com https://code.s4d.io https://fonts.googleapis.com https://cdn.insuit.net data:; media-src 'self' https://player.vimeo.com https://code.s4d.io https://*.clouddrive.com https://*.giphy.com https://*.webexcontent.com data: blob:; frame-ancestors 'self'; frame-src 'self' youtube.com https://www.youtube.com https://*.typeform.com https://www.google.com https://e.issuu.com https://*.webex.com https://insuit.net/ https://www.ivoox.com/ https://js.stripe.com https://maps.google.com https://consent.google.com https://outlook.office365.com/; 1
default-src https: ws: data: 'unsafe-inline' 'unsafe-eval' 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; object-src * 1
upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/searxng/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/; connect-src 'self' https://tlzdigital.com:8443/socket.io/ wss://tlzdigital.com:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src https://radio.tlz.digital/ https://www.youtube-nocookie.com/embed/; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.google.com fast.fonts.net az416426.vo.msecnd.net uksouth-1.in.applicationinsights.azure.com *.civiccomputing.com *.hotjar.com *.hotjar.io *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.vimeo.com *.youtube.com *.eurolandir.com *.euroland.com *.umbraco.com *.cloudflare.com *.azurewebsites.net *.comprend-test.com *.licdn.com *.linkedin.oribi.io *.linkedin.com *.azure.com 1
upgrade-insecure-requests; style-src https://cromwell-intl.com https://alt.cromwell-intl.com https://*.googleapis.com 'unsafe-inline'; frame-ancestors 'self'; 1
default-src 'self' telligen.okta.com *.oktacdn.com; connect-src 'self' telligen.okta.com telligen-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com telligen.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' telligen.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' telligen.okta.com *.oktacdn.com; frame-src 'self' telligen.okta.com telligen-admin.okta.com login.okta.com com-okta-authenticator:; img-src 'self' telligen.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' telligen.okta.com data: *.oktacdn.com fonts.gstatic.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com/ https://www.googletagmanager.com https://cdn.jsdelivr.net https://oss.maxcdn.com/ https://www.google-analytics.com/; img-src 'self' data:; style-src 'self' 'unsafe-inline' 'unsafe-eval'  https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com; connect-src 'self' https://www.google-analytics.com ;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com;frame-ancestors 'self'; frame-src 'self' 1
script-src 'unsafe-inline' 'self'; default-src 'self'; 1
frame-ancestors 'self' https://*.survey.show 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-zRVYJp3sbpw+TfTNyzB7zg==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://*.aol.com https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com https://bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/ https://interactives.ap.org; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
obj-src 'none' 1
frame-ancestors 'self' tirtir.co.kr *.tirtir.co.kr 1
frame-ancestors 'self' *.adobe.com *.assets.adobedtm.com 1
default-src 'self' 'unsafe-inline' *.tn.gov.in fonts.googleapis.com;� 1
base-uri 'none'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net; form-action 'self'; frame-ancestors 'self'; img-src 'self' blob: https://www.google.fr; object-src 'none'; script-src-attr 'none'; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net 'unsafe-inline'; script-src 'self' http://localhost:28080 https://www.googletagmanager.com 'unsafe-inline' 'strict-dynamic' 'nonce-H29kolPE3wYY9uGeVkEjFQ=='; upgrade-insecure-requests; worker-src 'self' blob:; frame-src https://www.youtube-nocookie.com/; connect-src 'self' http://localhost:28080 https://region1.analytics.google.com https://*.google-analytics.com; 1
default-src 'self'; img-src * data: https://*.google-analytics.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline'; media-src *.gtflixtv.com *.pornworld.com; script-src 'self' 'nonce-OlmcDDtbrl7ig0T/4oHrYg==' tracking.sexcash.com https://*.googletagmanager.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com 1
base-uri 'none'; default-src: 'none'; block-all-mixed-content 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.acropractice.com https://www.yogawithneyu.com https://www.neyufit.com https://www.bloomyoung.com https://www.neyuyoga.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://matomo.taywa.ch https://www.youtube.com https://www.youtube-nocookie.com https://www.googletagmanager.com https://*.googleapis.com https://www.googleadservices.com https://www.google.com; style-src 'self' 'unsafe-inline' https://cdn.cookielaw.org https://www.youtube.com https://www.youtube-nocookie.com https://*.googleapis.com; img-src 'self' https: data:; connect-src 'self' https://matomo.taywa.ch https://www.googletagmanager.com https://cdn.cookielaw.org https://www.youtube.com https://www.youtube-nocookie.com https://*.google-analytics.com https://*.googleapis.com; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; default-src 'self' 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-yfiE3433yfk5vbT0GdAZAg==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://*.aol.com https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com https://bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/ https://interactives.ap.org; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; report-uri https://csp.yahoo.com/beacon/csp?src=yhs; 1
default-src 'self' https://sidebar.bugherd.com https://fonts.gstatic.com https://player.vimeo.com https://www.youtube.com https://11861631.fls.doubleclick.net https://td.doubleclick.net https://cdn.userway.org/ https://www.youtube.com http://www.youtube.com https://doublethedonation.com *.eruptr.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sidebar.bugherd.com https://www.bugherd.com https://clockwisemd.com https://s3-us-west-1.amazonaws.com https://www.clockwisemd.com https://maps.googleapis.com https://www.googletagmanager.com https://cdn.userway.org https://js.eruptr.io http://cdn.calltrk.com https://js.calltrk.com https://img04.en25.com https://www.youtube.com https://doublethedonation.com *.eruptr.io; style-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://cdn.userway.org/ https://doublethedonation.com; img-src 'self' data: blob: https://d2iiunr5ws5ch1.cloudfront.net https://maps.googleapis.com https://maps.gstatic.com http://solutionshealth.site https://slh.saltwaterstage.com/ https://www.bugherd.com https://ad.doubleclick.net https://cdn.userway.org https://www.googletagmanager.com https://doublethedonation.com; object-src 'self' https://sidebar.bugherd.com https://fonts.gstatic.com https://player.vimeo.com https://www.youtube.com https://11861631.fls.doubleclick.net https://td.doubleclick.net https://cdn.userway.org/ https://www.youtube.com http://www.youtube.com https://doublethedonation.com *.eruptr.io; connect-src 'self' https://sessions.bugsnag.com wss://ws-mt1.pusher.com https://maps.googleapis.com wss: https://api.userway.org https://analytics.google.com https://stats.g.doubleclick.net https://js.calltrk.com https://cdn.userway.org https://cdn77.api.userway.org https://s1764416.t.eloqua.com https://doublethedonation.com *.eruptr.io; font-src 'self' https://sidebar.bugherd.com https://fonts.gstatic.com https://player.vimeo.com https://www.youtube.com https://11861631.fls.doubleclick.net https://td.doubleclick.net https://cdn.userway.org/ https://www.youtube.com http://www.youtube.com https://doublethedonation.com *.eruptr.io; frame-src 'self' https://sidebar.bugherd.com https://fonts.gstatic.com https://player.vimeo.com https://www.youtube.com https://11861631.fls.doubleclick.net https://td.doubleclick.net https://cdn.userway.org/ https://www.youtube.com http://www.youtube.com https://doublethedonation.com *.eruptr.io; media-src 'self' https://sidebar.bugherd.com https://fonts.gstatic.com https://player.vimeo.com https://www.youtube.com https://11861631.fls.doubleclick.net https://td.doubleclick.net https://cdn.userway.org/ https://www.youtube.com http://www.youtube.com https://doublethedonation.com *.eruptr.io; 1
frame-src 'self' *.pinterest.com; base-uri 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org cdn.jsdelivr.net cdn.polyfill.io cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.google.com mnbar.wufoo.com mnbar.app.law https://www.minncle.org/ https://outlook.office365.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://atal.pl/ https://*.atal.pl/ https://googletagmanager.com https://*.googletagmanager.com; img-src 'self' data: https://atal.pl/ https://*.atal.pl/; object-src 'self' data: https://atal.pl/ https://*.atal.pl/ https://resimo.io/ https://*.resimo.io/; frame-src 'self' data: https://atal.pl/ https://*.atal.pl/ https://resimo.io/ https://*.resimo.io/; 1
default-src https://drive.google.com *.lfeeder.com https://web.opendrive.com https://www.e-point.pl dbcms.s3.amazonaws.com https://od.lk *.leadfeeder.com snitcher.com 'self'; font-src https://drive.google.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://sitespeak.ai https://www.e-point.pl 'self'; style-src https://drive.google.com https://tagmanager.google.com https://www.e-point.pl https://*.clarity.ms vjs.zencdn.net https://sitespeak.ai https://fonts.googleapis.com 'self' 'unsafe-inline'; img-src http://static.hotjar.com https://www.linkedin.com https://cdn.sitespeak.ai https://c.bing.com https://www.e-point.pl https://perf-eu1.hsforms.com https://www.facebook.com js-eu1.hscta.net https://maps.googleapis.com https://track.hubspot.com https://i.ytimg.com https://googleads.g.doubleclick.net no-cache.hubspot.com https://www.gstatic.com https://hubspot-no-cache-eu1-prod.s3.amazonaws.com https://*.clarity.ms *.hubspot.com https://www.google.com https://track-eu1.hubspot.com *.lfeeder.com https://region1.google-analytics.com https://csi.gstatic.com https://www.google.pl https://drive.google.com https://forms.hsforms.com https://maps.gstatic.com https://px.ads.linkedin.com https://imgsct.cookiebot.com http://www.google-analytics.com https://forms-eu1.hsforms.com js.hscta.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.gstatic.com *.leadfeeder.com https://p.adsymptotic.com https://doc-0k-4o-docs.googleusercontent.com 'self' data:; frame-src https://www.google.com https://consentcdn.cookiebot.com www.facebook.com https://player.vimeo.com https://meetings-eu1.hubspot.com https://vars.hotjar.com https://www.e-point.pl https://pagead2.googlesyndication.com https://widget.clutch.co https://www.facebook.com https://td.doubleclick.net http://staticxx.facebook.com *.hs-sites.com https://drive.google.com https://tpc.googlesyndication.com https://chatbot.sitespeak.ai https://forms-eu1.hsforms.com https://*.clarity.ms *.hs-sites-eu1.com https://sitespeak.ai *.hubspot.com https://www.youtube.com 'self'; script-src https://consent.cookiebot.com https://script.hotjar.com https://js-eu1.hsforms.net https://sjs.bizographics.com js-eu1.hscta.net https://keyword-hero.com https://js-eu1.hs-analytics.net https://tpc.googlesyndication.com https://www.gstatic.com https://js.hscollectedforms.net https://a-epoint.youlead.pl vjs.zencdn.net *.hubspot.com https://www.youtube.com https://www.google.com *.lfeeder.com http://connect.facebook.net https://snap.licdn.com https://www.clarity.ms snitcher.com js-eu1.hs-scripts.com https://cdnjs.cloudflare.com https://skk.erecruiter.pl js.hscta.net http://tagmanager.google.com https://rs.fullstory.com http://static.hotjar.com https://js.hs-analytics.net https://www.e-point.pl https://www.googleadservices.com https://www.fullstory.com https://widget.clutch.co https://www.epoint.com https://js.hs-banner.com https://maps.googleapis.com https://static.hsappstatic.net https://googleads.g.doubleclick.net https://*.clarity.ms https://js-eu1.hscollectedforms.net https://sitespeak.ai https://cdn.jsdelivr.net sc.lfeeder.com https://consentcdn.cookiebot.com https://tagmanager.google.com https://js-eu1.hs-banner.com https://js.hs-scripts.com https://m-epoint.youlead.pl https://www.google.pl https://drive.google.com https://fullstory.com lftracker.leadfeeder.com http://www.google-analytics.com https://forms-eu1.hsforms.com https://www.googletagmanager.com https://edge.fullstory.com https://www.google-analytics.com *.leadfeeder.com https://js-eu1.hscta.net 'self' 'unsafe-eval' 'unsafe-inline'; object-src https://sitespeak.ai https://www.e-point.pl https://drive.google.com 'self'; connect-src https://forms-eu1.hscollectedforms.net https://www.e-point.pl https://stats.g.doubleclick.net https://pagead2.googlesyndication.com wss://ws4.hotjar.com https://www.fullstory.com js-eu1.hscta.net http://graylog.hotjar.com:12080 https://keyword-hero.com https://forms-eu1.hubspot.com https://ws3.hotjar.com https://googleads.g.doubleclick.net https://forms.hubspot.com wss://ws3.hotjar.com https://*.clarity.ms https://cdn.linkedin.oribi.io https://sitespeak.ai *.hubspot.com www.google-analytics.com https://ws8.hotjar.com https://www.google.com https://consentcdn.cookiebot.com https://tagmanager.google.com https://vc.hotjar.io wss://ws2.hotjar.com https://js-eu1.hs-banner.com https://region1.google-analytics.com http://insights.hotjar.com https://graylog.hotjar.com:12443 https://www.google.pl https://drive.google.com https://region1.analytics.google.com wss://ws8.hotjar.com https://in.hotjar.com https://fullstory.com wss://ws1.hotjar.com https://px.ads.linkedin.com https://cdnjs.cloudflare.com wss://ws5.hotjar.com https://forms-eu1.hsforms.com js.hscta.net https://www.googletagmanager.com https://rs.fullstory.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com 'self' 1
default-src https:; script-src https: 'unsafe-inline'; img-src https: data: 1
default-src 'self';img-src * data:; 1
frame-ancestors 'self' ebike-freizeit.de 1
frame-ancestors=none; object-src=none 1
block-all-mixed-content; frame-ancestors *.laplatajoias.com.br 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.recaptcha.net https://isitetv.com https://*.translate.naver.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.shoplooks.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com https://sgtm.lookfantastic.gr; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.lookfantastic.gr https://m.lookfantastic.gr https://checkout.lookfantastic.gr https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com https://sgtm.lookfantastic.gr; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://static.thgcdn.cn https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
connect-src 'self' *.googleusercontent.com *.tus.vimeo.com api.ringgold.com dl.dropboxusercontent.com docs.google.com https://raw.githubusercontent.com/astrothesaurus/UAT/master/UAT.rdf www.googleapis.com www.pnascentral.org; default-src 'self' www.pnascentral.org; font-src 'self' fast.fonts.com fonts.gstatic.com www.pnascentral.org; form-action 'nonce-X3wF/aDGPp78t/LjOdwTbA' 'self' *.orcid.org api2.copyright.com orcid.org www.pnascentral.org; frame-ancestors 'self' www.pnascentral.org; frame-src 'self' *.google.com content.googleapis.com data: www.pnascentral.org; img-src 'self' files.msubmit.net www.pnascentral.org; script-src 'nonce' 'nonce-X3wF/aDGPp78t/LjOdwTbA' 'self' 'unsafe-eval' *.dropbox.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.orcid.org www.pnascentral.org; style-src 'self' 'unsafe-inline' fast.fonts.com fonts.googleapis.com www.pnascentral.org 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://plataforma.queroevoluir.com.br 1
base-uri 'self';connect-src 'self' https://*.google-analytics.com https://*.doubleclick.net;default-src 'self';font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com;form-action 'self';img-src 'self' https://media.reinierdegraaf.nl https://osk6eqzj7h.execute-api.eu-central-1.amazonaws.com https://d1m0vixjc1og0f.cloudfront.net data: https://i.ytimg.com https://*.google-analytics.com https://*.cloudfront.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com;media-src 'self' https://media.reinierdegraaf.nl https://osk6eqzj7h.execute-api.eu-central-1.amazonaws.com https://d1m0vixjc1og0f.cloudfront.net https://*.guidingtube.com/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://consent.23g.io https://www.google.com https://www.gstatic.com https://www.googletagmanager.com 'nonce-ce3tWU6MT531y1j7PTbt1SgeBxFn3Vnv';frame-src 'self' https://w.soundcloud.com/ https://www.youtube.com/ https://player.vimeo.com/ https://*.guidingtube.com/;style-src 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://www.googletagmanager.com https://fonts.googleapis.com 1
frame-ancestors 'self' http://customer-skicircus.loop21.net https://customer-skicircus.loop21.net http://public-location-skicircus.loop21.net https://public-location-skicircus.loop21.net 1
default-src https: data: 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.facebook.com; object-src 'self'; img-src 'unsafe-eval' 'self' data:  *.google.com *.facebook.com live.adampartridge.co.uk maps.gstatic.com maps.googleapis.com 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' wss://amicicz.helpcrunch.com wss://amici.user.com; worker-src 'self' blob: * 1
script-src http: https: https://mysleepyhead.com/ 'unsafe-inline' 'unsafe-eval' *.google.com *.salesforce.com *.force.com *.razorpay.com *.facebook.com *.instagram.com duroflexpvtltd.my.salesforce-sites.com *.snapmint.com *.popin.to *.evgnet.com *.salesforce-sites.com *.googletagmanager.com; style-src 'self' blob: https: 'unsafe-inline' https://mysleepyhead.com/ *.snapmint.com *.popin.to *.evgnet.com *.salesforce-sites.com; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com *.salesforce.com *.force.com *.snapmint.com *.popin.to *.evgnet.com; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.salesforce.com *.force.com *.juspay.in *.razorpay.com *.clickpost.ai *.googletagmanager.com public.release.juspay.in tez: phonepe: paytmmp: upi: *.snapmint.com *.popin.to *.evgnet.com *.facebook.com; 1
script-src 'self' 'unsafe-eval' https://fonts.googleapis.com/ https://maps.googleapis.com/ 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com/ https://www.googletagmanager.com/ https://cdn.treasuredata.com/ http://cdn.treasuredata.com/ https://analytics.google.com/ http://munchkin.marketo.net http://954-ccm-872.mktoresp.com http://954-ccm-872.mktoutil.com https://cdn.cookielaw.org https://*.qualtrics.com https://cdn.locallogic.co https://cdnjs.cloudflare.com/ajax/libs/Turf.js/5.1.5/turf.min.js https://unpkg.com/react@16/umd/react.production.min.js https://static.locallogic.co https://code.jquery.com https://play.vidyard.com; frame-ancestors 'self' https://www.homegenius.com https://www.homegeniusrealestate.com https://homegeniusrealestate.com/ https://www.googletagmanager.com/* https://analytics.google.com/* https://perks.homegenius.com https://*.qualtrics.com https://perks.homegenius.com/; connect-src 'self' data: https://data-svc.homegeniusrealestate.com/ https://data-svc.homegeniusrealestate.com/graphql https://dc.services.visualstudio.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://cdn.treasuredata.com/ http://cdn.treasuredata.com/ https://us01.records.in.treasuredata.com/ https://prdssohomegenius.b2clogin.com/ https://www.homegenius.com/ https://*.launchdarkly.com https://radianmarketinghpi.fivebridgesanalytics.com/ http://munchkin.marketo.net http://954-ccm-872.mktoresp.com http://954-ccm-872.mktoutil.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://analytics.google.com/ https://*.g.doubleclick.net https://*.qualtrics.com https://perks.homegenius.com https://play.vidyard.com/ wss://data-svc.homegeniusrealestate.com/graphql; font-src 'self' https://fonts.gstatic.com/; img-src 'self' blob: data: https://rbimages.blob.core.windows.net/ https://img2.redbellre.com/ https://maps.gstatic.com/ https://www.homegenius.com/ https://*.googleapis.com/ https://sthgcomimage0a7fprod.blob.core.windows.net/ https://cdn.cookielaw.org https://www.homegenius.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.qualtrics.com https://uat-adminportal.homegeniusrealestate.com https://adminportal.homegeniusrealestate.com https://*.ggpht.com/ https://csi.gstatic.com/ https://streetviewpixels-pa.googleapis.com/ https://api.locallogic.co https://*.qualtrics.com https://perks.homegenius.com https://play.vidyard.com/ https://play.vidyard.com/ http://play.vidyard.com/ https://cdn.vidyard.com; worker-src undefined; 1
default-src 'none'; base-uri 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; font-src 'self' https://fonts.gstatic.com data: https://fonts.googleapis.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' https://*.googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com https://tagmanager.google.com 'unsafe-inline' 1
frame-ancestors rextheme.com; 1
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *; style-src 'self' 'unsafe-inline' *; font-src 'self' * data:; img-src 'self' data: *; frame-ancestors 'self' 1
frame-ancestors 'self'; report-uri https://dy0cz51f3b.execute-api.ap-southeast-2.amazonaws.com/report 1
frame-ancestors 'self' https://s.brightspace.com https://*.ally.ac https://leaplti.desire2learn.com/ https://leaplti-fr.brightspace.com/ https://tryleap.brightspace.com/ https://leaplti-es.desire2learn.com/ https://leaplti-ptbr.desire2learn.com/ https://leaplti-us.brightspace.com/ https://leaplti-apac.brightspace.com/ https://leaplti-emea.brightspace.com/ https://leapqa.net https://leaplti-ap.brightspace.com https://login.microsoftonline.com/ https://login.live.com/ https://cdn.lcs.brightspace.com/ https://leaplti-in.brightspace.com; report-uri /d2l/csp/report 1
default-src *; style-src 'self' 'unsafe-hashes' 'sha256-bi4kO7E36RGgl61YkoTf4e7SSnesiZE6/sKSg4iImoM=' https://cdnjs.cloudflare.com 'sha256-SHT8iLulkjlYb0gGTmZGLfzYTS9M69o6yIZQfv12cjQ=' 'sha256-g5WUnQPf1oU2YznPExGQNSVczUw5tTWvAXKRZZEMHQA=' 'sha256-OfkFISnqmTxi/DkwStQOnQC2PoVoz03tRV2WqeQB/jY=' 'sha256-QGQjWYxjB0ELs/2Dsop9I9/cCxQYt7RQakyzKBAJIdg=' 'sha256-ctrNpbKOuWz2sd7E9oEndLn4kgm2Zlkn912/O7ox7bM=' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-W/ge/XoFa8NFHK+EFGCK+YXbWrxQWAw44K87gWw66QY='; script-src 'self' https://maps.googleapis.com https://maps.gstatic.com maps.google.com avmb.com.br; img-src 'self' data: https://maps.googleapis.com https://www.facebook.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.com.br; object-src 'self'; script-src-elem 'self' 'unsafe-hashes' https://maps.googleapis.com https://maps.gstatic.com https://maps.google.com www.google.com/recaptcha/ www.gstatic.com https://cdn.quilljs.com https://cdnjs.cloudflare.com https://www.googletagmanager.com 'sha256-WAmdNiFgdbzbETl51q7bHwS5Q8e5R+mDB5NcUbX1czc=' 'sha256-HZrCaJN7AnUyJP2+V7UC85YccL8qtPnmsof8Qw0F7R0=' 'sha256-/YsQOqZeSC2hZfXCUmDL20n27WJj4lYFq//F7VXBPy4=' 'sha256-3E6GQTWviCwEHtbSpNJ6dB0zLLMFZ6thR2gne/viizo=' 'sha256-2N2eS+4Cy0nFISF8T0QGez36fUJfaY+o6QBWxTUYiHc=' 'sha256-OfkFISnqmTxi/DkwStQOnQC2PoVoz03tRV2WqeQB/jY=' 'sha256-g5WUnQPf1oU2YznPExGQNSVczUw5tTWvAXKRZZEMHQA=' https://connect.facebook.net 'sha256-UJIspkEN2Udq+lugHyfIRzgJGqk/s9xS9TZb+CLM/FM=' 'sha256-VC15V8CPJN/bJr09XeTXM122umIm4AfQFhKEEOo6SrA=' 'sha256-UKXRPr7UvIZT4Hl+f7dSg52JNXzzay4Q41LQYBlB2w4=' 'sha256-3aWASTPMl+O0njPI6Jya+j+rUtCQajdQhWE6MxcCyn4=' 'sha256-HaRwnDeysXshpSk43sXVdgtDOJuLzYraIgQGMvj5SSc=' 'sha256-uB0HeoEye6kVdRgk0w9D5VAEwSIOi2p1CLcbswQcVUE=' 'sha256-b85HDBwnmc5D3M7GqaBjeSMogC8uGRKYeY6i/L9Y/LI=' 'sha256-BBMex5GkPgoWpVNv7N0peWHPnVw0ZOtKYK2pxCte49w=' 'sha256-F4P8FK/su86CvFFjf8n7xjInTKDh1HInCyY6Ns46ujc=' 'sha256-Vhyo17tN1hIykPO5gQuM55Yw3UTDksKxJVK9gCyqeao=' https://www.googleadservices.com; font-src 'self' data: 1
worker-src blob:; font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com *.cart-guru.io *.carts.guru *.cartsguru.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com www.google.com https://www.googletagmanager.com/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com *.bati-avenue.com *.cart-guru.io *.carts.guru *.cartsguru.io blob: 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.gstatic.com *.googleapis.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com media.bati-avenue.com media-preprod.bati-avenue.com medias.dubreuil.dev-003.internetrama.net i.calameoassets.com media.topaz.pro ressources.bati-avenue.com *.google.fr *.facebook.com bat.bing.com *.zendesk.com *.cart-guru.io *.carts.guru *.cartsguru.io *.google.es data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill.io *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com unpkg.com widget.trustpilot.com static.zdassets.com groupedubreuiln2.matomo.cloud sdk.privacy-center.org topazpro.zendesk.com cdn.cartsguru.io bat.bing.com connect.facebook.net try.abtasty.com via.batch.com *.zopim.com *.cart-guru.io *.carts.guru *.cartsguru.io *.air360tracker.net *.mastercard.com *.leadplace.fr *.batch.com *.bati-avenue.com *.jsdelivr.net *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com unsafe-inline assets.braintreegateway.com *.trustpilot.com *.cart-guru.io *.carts.guru *.cartsguru.io 'self' 'unsafe-inline'; object-src *.cart-guru.io *.carts.guru *.cartsguru.io *.bati-avenue.com 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com maps.googleapis.com ekr.zdassets.com groupedubreuiln2.matomo.cloud topazpro.zendesk.com *.googlesyndication.com googleads.g.doubleclick.net *.abtasty.com bati-avenue.zendesk.com *.zopim.com *.openfpcdn.io *.trustpilot.com *.cart-guru.io *.carts.guru *.cartsguru.io *.air360tracker.net *.batch.com *.bootstrapcdn.com *.algolia.io *.privacy-center.org *.air360.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.cart-guru.io *.carts.guru *.cartsguru.io http: https: blob: 'self' 'unsafe-inline'; default-src *.cart-guru.io *.carts.guru *.cartsguru.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors *.ekomiapps.de 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: static.oct8ne.com sw-assets.ekomiapps.de maxcdn.bootstrapcdn.com www.jabonariumshop.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com www.salesmanagoconversions.com sis.redsys.es www.jabonariumshop.com 'self' 'unsafe-inline'; frame-ancestors www.jabonariumshop.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://static.addtoany.com/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net www.facebook.com cdn.dnky.co *.youtube.com *.hotjar.com *.facebook.com *.trustpilot.com *.criteo.com connect.facebook.net graph.facebook.com business.facebook.com https://extranet.gls-spain.es/ *.trbo.com www.youtube.com 1-vbus-de.ladesk.com collect.trbo.com backoffice.oct8ne.com app.jabonariumshop.com rktapps.reskyt.com app.reskyt.com www.salesmanago.pl www.jabonariumshop.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com cdn.doofinder.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.linkedin.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net connect.facebook.net graph.facebook.com business.facebook.com *.trbo.com www.google.es jabonarium.boost.propelbon.com static.oct8ne.com sw-assets.ekomiapps.de collect.trbo.com cdn.reskyt.com app.reskyt.com static.trbo.com c.clarity.ms sis.redsys.es jabonariumshop.com www.xevitools.com www.jabonariumshop.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://static.addtoany.com/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com cdn.doofinder.com *.paypal.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.feedbackcompany.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com *.youtube.com cdn.mouseflow.com connect.facebook.net graph.facebook.com business.facebook.com *.trbo.com *.avada.io jabonarium.ladesk.com cdn.cookie-script.com static.oct8ne.com static.trbo.com api-v4.trbo.com sw-assets.ekomiapps.de smart-widget-assets.ekomiapps.de cdn.reskyt.com www.jabonariumshop.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.doofinder.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net cdn.reskyt.com sw-assets.ekomiapps.de maxcdn.bootstrapcdn.com www.jabonariumshop.com 'self' 'unsafe-inline'; object-src www.jabonariumshop.com 'self' 'unsafe-inline'; media-src *.zopim.com www.jabonariumshop.com 'self' 'unsafe-inline'; manifest-src www.jabonariumshop.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com https://stats.addtoany.com/menu *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com www.facebook.com *.facebook.net *.google.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.doofinder.com wss://*.doofinder.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms connect.facebook.net *.datatrics.com graph.facebook.com business.facebook.com wss://*.hotjar.com *.trbo.com *.jabonariumshop.com frontal-usa.oct8ne.com www.google.es consent.cookie-script.com notifications.api.reskyt.com api.ipify.org app.reskyt.com smart-widget-assets.ekomiapps.de rktstats.reskyt.com google.com backoffice.oct8ne.com www.jabonariumshop.com administrator.oct8ne.com www.google.com 'self' 'unsafe-inline'; child-src www.jabonariumshop.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com www.jabonariumshop.com *.trbo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.jabonariumshop.com 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
default-src 'self';base-uri 'self';frame-ancestors 'self' https://*.epic.com https://*.epichosted.com;frame-src 'self' epichttp: https://www.etz.nl;script-src 'nonce-c5d17fe9eb1a4f75aaa655eddf76a5d0' https://www.mijnetz.nl 'self';img-src 'self' blob: data: https://*.etz.net https://fonts.gstatic.com https://translate.google.com https://www.etz.nl https://www.mijnetz.nl;connect-src 'self' http://translate.googleapis.com;style-src https://www.mijnetz.nl 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;font-src 'self' https://fonts.gstatic.com;form-action 'self';media-src 'self' blob: https://www.etz.nl;report-uri https://mijnetznl.report-uri.com/r/t/csp/enforce; 1
connect-src 'self' rt.opcoes.net.br https://rt.opcoes.net.br wss://rt.opcoes.net.br *.instagram.com *.iugu.com *.google-analytics.com; default-src 'self' ajax.aspnetcdn.com cdnjs.cloudflare.com cdn.datatables.net d3js.org *.facebook.com *.facebook.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.instagram.com *.linkedin.com oss.maxcdn.com *.twimg.com *.twitter.com; font-src 'self' 'unsafe-inline' data: ajax.aspnetcdn.com *.avast.com cdnjs.cloudflare.com cdn.datatables.net d3js.org *.facebook.com *.facebook.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.instagram.com *.linkedin.com oss.maxcdn.com *.twimg.com *.twitter.com *.typekit.net use.fontawesome.com; frame-ancestors 'self' https://opcoes.net.br https://dev.opcoes.net.br https://preview.opcoes.net.br; frame-src 'self' opcoes.net.br *.opcoes.net.br *.facebook.com *.facebook.net *.google.com *.instagram.com twitter.com *.twitter.com *.youtube.com; img-src 'self' data: ajax.aspnetcdn.com cdnjs.cloudflare.com cdn.datatables.net d3js.org images-na.ssl-images-amazon.com *.facebook.com *.facebook.net *.fbcdn.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.instagram.com *.linkedin.com oss.maxcdn.com *.twimg.com twitter.com *.twitter.com http://* https://*; style-src 'self' 'unsafe-inline' ajax.aspnetcdn.com cdnjs.cloudflare.com cdn.datatables.net d3js.org *.facebook.com *.facebook.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.instagram.com *.linkedin.com oss.maxcdn.com *.twimg.com *.twitter.com *.typekit.net use.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.aspnetcdn.com remote.captcha.com cdnjs.cloudflare.com cdn.datatables.net d3js.org *.facebook.com *.facebook.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.instagram.com *.iugu.com *.linkedin.com oss.maxcdn.com *.twimg.com *.twitter.com unpkg.com; worker-src 'self' blob: ajax.aspnetcdn.com cdnjs.cloudflare.com cdn.datatables.net d3js.org *.facebook.com *.facebook.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.instagram.com *.linkedin.com oss.maxcdn.com *.twimg.com *.twitter.com; object-src 'none'; report-uri https://opcoes.net.br/csp-reports 1
script-src  'unsafe-inline' 'unsafe-eval' http: https:;worker-src blob: 1
frame-ancestors 'self' app.bions.id 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.kfw.de *.kfw-capital.de *.kfw-ipex-bank.de *.kfw-entwicklungsbank.de www.energie-effizienz-experten.de foerderservices.kfw.de *.deginvest.de *.youborafds01.com *.edge-cdn.net *.akamaized.net *.youboranqs01.com android-webview-video-poster *.mapbox.com *.bitmovin.com  *.wt-safetag.com  *.analytics.edgekey.net a-fds.youborafds01.com kfw-chatapp-live.x21wxzihtdv.eu-de.codeengine.appdomain.cloud fbc.wcfbc.net *.keyingress.de *.usercentrics.eu *.video-cdn.net responder.wt-safetag.com js.api.here.com *.hereapi.com *.mateti.net ajax.googleapis.com *.googleadservices.com *.googletagmanager.com *.google.com *.google.de *.analytics.yahoo.com *.doubleclick.net *.yimg.com *.adform.net data: blob:; 1
default-src 'self' blob: data: media.tenor.com *.facebook.com *.doubleclick.net *.googlesyndication.com *.youtube.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.gstatic.com *.google.com; child-src 'self' *.braintreegateway.com *.paypal.com *.facebook.com *.doubleclick.net *.youtube.com *.google.com *.cardinalcommerce.com; frame-src *; font-src 'self' fiilrcdn.com *.gstatic.com http://fonts.gstatic.com; object-src 'self' *.googlesyndication.com; manifest-src 'self' fiilrcdn.com; img-src 'self' data: blob: paratlan.hu fiilrcdn.com media.tenor.com www.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.doubleclick.net *.facebook.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.ytimg.com *.gstatic.com *.googleapis.com maps.google.com *.fbcdn.net android-webview data:; connect-src 'self' wss://paratlan.hu api.tenor.com *.facebook.com *.cardinalcommerce.com www.google-analytics.com *.googleapis.com *.gstatic.com *.googlesyndication.com *.doubleclick.net *.braintreegateway.com *.braintree-api.com *.paypal.com *.paypalobjects.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: fiilrcdn.com *.cardinalcommerce.com *.ccdc02.com *.facebook.com *.facebook.net *.googleadservices.com *.googlesyndication.com *.google-analytics.com *.googletagservices.com *.googletagmanager.com *.ampproject.org *.googlesyndication.com *.google.dz *.google.me *.google.tg *.google.sc *.google.com.sa *.google.iq *.google.dk *.google.ee *.google.com.mx *.google.es *.google.co.nz *.google.com.lb *.google.com.qa *.google.com.gh *.google.com.tr *.google.com.vn *.google.com.eg *.google.si *.google.no *.google.ru *.google.ie *.google.co.il *.google.com.ng *.google.hr *.google.bg *.google.ca *.google.hu *.google.sn *.google.pl *.google.gr *.google.nl *.google.com.au *.google.be *.google.cz *.google.fr *.google.se *.google.it *.google.de *.google.at *.google.ch *.google.rs *.google.co.uk *.google.ro *.google.sk *.google.ci *.google.com.ua *.doubleclick.net *.gstatic.com *.googleapis.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.google.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' fiilrcdn.com *.googleapis.com *.braintreegateway.com; worker-src 'self' blob: data:; report-uri https://paratlan.hu/csp_report.php; 1
default-src 'self' yastatic.net; script-src yastatic.net mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org suggest-maps.yandex.ru www.youtube.com s.ytimg.com; style-src 'unsafe-inline' yastatic.net; img-src 'self' yastatic.net *.mds.yandex.net mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org mc.admetrica.ru data:; font-src yastatic.net; connect-src 'self' yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org mc.admetrica.ru yandexmetrica.com:* suggest-maps.yandex.ru; child-src blob: mc.yandex.ru; frame-src blob: yandex.ru mc.yandex.ru mc.yandex.md www.youtube.com frontend.vh.yandex.ru; report-uri https://csp.yandex.net/csp?from=poll.production&project=pythia; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com *.googleapis.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors *.reviews.co.uk *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.reviews.co.uk *.googleapis.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.reviews.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.linkedin.com *.google.co.uk *.bing.com *.googleapis.com *.clarity.ms *.googlesyndication.com *.cookiebot.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com *.avada.io ajax.cloudflare.com *.reviews.io *.licdn.com *.clarity.ms *.bing.com *.googleapis.com *.cookiebot.com c.paypal.com js.braintreegateway.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com unsafe-inline assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io *.doubleclick.net *.oribi.io *.linkedin.com *.google-analytics.com *.google.com *.google.co.uk *.clarity.ms *.googleapis.com *.bing.com *.googlesyndication.com *.cookiebot.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * 'self'; font-src *;img-src * data:; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline'; 1
style-src 'self' http://* 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' http://* data: 'unsafe-inline' 'unsafe-eval' https://*.authorize.net/ https://*.paypal.com/ https://www.paypalobjects.com/ https://js.stripe.com/ https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://code.jquery.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://use.typekit.net https://api-fra.livechatinc.com; frame-src 'self' https://*.authorize.net/ https://forms.hsforms.com/ https://taoglas.jobs.personio.de/ https://secure-fra.livechatinc.com https://www.youtube.com/ https://www.google.com/ https://player.vimeo.com/ https://vimeo.com/ https://w.soundcloud.com/ https://www.facebook.com/ https://js.stripe.com/ https://www.paypal.com/ https://player.captivate.fm/ https://static.hsappstatic.net/ https://*.hubspot.com/ 1
frame-ancestors 'self' https://*.srmllc.net https://*.storepaperoomates.net 1
base-uri 'self'; default-src 'self'; script-src 'self' 'sha256-H40TZZ6/HWrJtCIGoiEXwB9AAWFNT53lo6O+SFTPMrs=' 'sha256-gBontS+wG1dvAVIX1GqQkYX+0+GI7UW0iIUAnAMgjkE=' 'sha256-rtOHWe1ki6nXG3KTkWSu0VygWllP/k4QuRVEfgPnbB0=' 'sha256-fyx0lUuw0J3n9NQ7vd98N/YrDWsNLggBoUjCg3Y+l+0=' 'sha256-KAKi0nlFSTs9uIXud/Wtv5LBsk9n/dc3I6t83YkYjnQ=' 'sha256-F7IdK1nDwoBCkNXeVyiW71fyaulWdGYDC9pUg+kE5J0=' 'sha256-fzk6Qgm/lmTUL0sWtFIxEQ2Lp+r6R9CJ/9nT6n047s4=' 'sha256-05jxDRKxrsJpmItP2yGd8bHBFNGQcGrtRxBAY46OHBQ=' 'sha256-egpbluqkD8NT0bY3bWy7raM9tRIMkfUWboq0Y8KqsFk=' 'sha256-b0z2S8P8HKU8z8TG7zlObxuSZF7VG/oz85dmu+cQ1lQ=' 'sha256-QK/Po5lDdLecZn8vi2vZA1Z0rkQYo7WK4Dh+DTyPELU=' 'sha256-pKxIgjKjyvFac46hJbVUcM2mZdrM4UfMRVCKlCaY+VE=' 'sha256-lQVfP+wfBTP0BtXLK+tmM9GFbSFJcLHSvWKG15sxLZM=' 'sha256-rDWNpy9BWFh7Z+HXZuzzG0vGmf+quxMC17+5x5YM32c=' 'sha256-6EswWyujUkTgiEA95Jx8nk2zBYByAJaJHDYorhI/oVI=' 'sha256-eaHd32UTCmksGW+Kqja2R1kwrpuiqI4SfApQAkTjcQk=' 'sha256-Kp52hezDHw00E68kWZw7OyiyIl6/ajpQh1d9ts/KQPg=' 'sha256-L5L6tesqNXCsNdAJJTNdDJ8W/q0WtrZL2z9DCNxFEsU='; style-src 'self' 'unsafe-inline'; font-src 'self' data:; worker-src 'self'; img-src 'self'; connect-src 'self'; media-src 'self'; manifest-src 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self'; frame-src 'self'; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://fledge.eu.criteo.com/ https://gum.criteo.com/ https://consentcdn.cookiebot.com/ https://formbuilder.online https://cdn.polyfill.io https://cdn-manager.pushtech.com https://assets-cdn.pushtech.com https://ga-dev-tools.appspot.com https://apis.google.com  https://www.google.com https://content.googleapis.com https://ajax.googleapis.com https://api.smartvel.com https://cdn.smartvel.com https://oauth-gihsa-portalaccionista.azurewebsites.net https://www.google-analytics.com  https://10906692.fls.doubleclick.net/ https://www.facebook.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net/ https://cti.ccbpo-ilunion.com  https://func-cache-prices-integration-pro-westeurope.azurewebsites.net https://11139322.fls.doubleclick.net https://stats.g.doubleclick.net https://www.gstatic.com https://bat.bing.com https://www.civitatis.com/  https://cdn2.civitatis.com/js/vendor/iframeResizer.min.js https://region1.analytics.google.com/g/collect https://customs.affilired.com/track/  https://func-cache-prices-integration-pro-westeurope.azurewebsites.net/api/HotelRoomsBestPrices https://onboard.triptease.io/ *.triptease.io triptease.io https://td.doubleclick.net/ https://rum-static.pingdom.net  https://maxcdn.bootstrapcdn.com https://capi.hesperia.com https://rum-collector-2.pingdom.net; img-src 'self' data: https:; font-src 'self' https://maxcdn.bootstrapcdn.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://formbuilder.online https://cdn.polyfill.io https://cdn-manager.pushtech.com https://assets-cdn.pushtech.com https://ga-dev-tools.appspot.com https://apis.google.com https://www.google.com https://content.googleapis.com  https://ajax.googleapis.com https://api.smartvel.com https://cdn.smartvel.com https://oauth-gihsa-portalaccionista.azurewebsites.net https://www.google-analytics.com https://10906692.fls.doubleclick.net/ https://www.facebook.com  https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net/ https://cti.ccbpo-ilunion.com  https://func-cache-prices-integration-pro-westeurope.azurewebsites.net https://11139322.fls.doubleclick.net https://stats.g.doubleclick.net https://www.gstatic.com https://bat.bing.com https://www.civitatis.com/  https://cdn2.civitatis.com/js/vendor/iframeResizer.min.js https://region1.analytics.google.com/g/collect https://customs.affilired.com/track/  https://func-cache-prices-integration-pro-westeurope.azurewebsites.net/api/HotelRoomsBestPrices https://onboard.triptease.io/ *.triptease.io triptease.io https://td.doubleclick.net/ https://rum-static.pingdom.net  https://maxcdn.bootstrapcdn.com https://capi.hesperia.com https://rum-collector-2.pingdom.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://sslwidget.criteo.com/ https://dynamic.criteo.com/ https://consentcdn.cookiebot.com/consentconfig/59bc5db8-a9c6-4f60-ba9e-5742f8fc9e13/ https://consent.cookiebot.com/59bc5db8-a9c6-4f60-ba9e-5742f8fc9e13/ https://formbuilder.online https://cdn.polyfill.io  https://cdn-manager.pushtech.com https://assets-cdn.pushtech.com https://ga-dev-tools.appspot.com https://apis.google.com https://www.google.com https://content.googleapis.com https://ajax.googleapis.com https://api.smartvel.com  https://cdn.smartvel.com https://oauth-gihsa-portalaccionista.azurewebsites.net https://www.google-analytics.com https://10906692.fls.doubleclick.net/ https://www.facebook.com https://www.googletagmanager.com  https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net/ https://cti.ccbpo-ilunion.com https://func-cache-prices-integration-pro-westeurope.azurewebsites.net  https://11139322.fls.doubleclick.net https://stats.g.doubleclick.net https://www.gstatic.com https://bat.bing.com https://www.civitatis.com/ https://cdn2.civitatis.com/js/vendor/iframeResizer.min.js  https://region1.analytics.google.com/g/collect https://customs.affilired.com/track/ https://func-cache-prices-integration-pro-westeurope.azurewebsites.net/api/HotelRoomsBestPrices https://onboard.triptease.io/ *.triptease.io  triptease.io https://td.doubleclick.net/ https://rum-static.pingdom.net https://maxcdn.bootstrapcdn.com https://capi.hesperia.com https://rum-collector-2.pingdom.net https://consent.cookiebot.com/; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://pagead2.googlesyndication.com/pagead/landing https://adservice.google.com/pagead/regclk https://measurement-api.criteo.com/ https://region1.google-analytics.com/g/ https://consentcdn.cookiebot.com/consentconfig/59bc5db8-a9c6-4f60-ba9e-5742f8fc9e13/  https://www.google.es/ads/ga-audiences https://metrics.pushtech.com/api/device_metrics https://formbuilder.online https://cdn.polyfill.io  https://cdn-manager.pushtech.com https://assets-cdn.pushtech.com https://ga-dev-tools.appspot.com https://apis.google.com https://www.google.com https://content.googleapis.com https://ajax.googleapis.com https://api.smartvel.com  https://cdn.smartvel.com https://oauth-gihsa-portalaccionista.azurewebsites.net https://www.google-analytics.com https://10906692.fls.doubleclick.net/ https://www.facebook.com https://www.googletagmanager.com  https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net/ https://cti.ccbpo-ilunion.com https://func-cache-prices-integration-pro-westeurope.azurewebsites.net  https://11139322.fls.doubleclick.net https://stats.g.doubleclick.net https://www.gstatic.com https://bat.bing.com https://www.civitatis.com/ https://cdn2.civitatis.com/js/vendor/iframeResizer.min.js  https://region1.analytics.google.com/g/collect https://customs.affilired.com/track/ https://func-cache-prices-integration-pro-westeurope.azurewebsites.net/api/HotelRoomsBestPrices https://onboard.triptease.io/ *.triptease.io  triptease.io https://td.doubleclick.net/ https://rum-static.pingdom.net https://maxcdn.bootstrapcdn.com https://capi.hesperia.com https://rum-collector-2.pingdom.net https://www.pushtech.com; 1
font-src *;img-src * data:; 1
default-src 'self' data: gap: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * 'self' data: gap: blob: 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://js.callrail.com http://js.callrail.com https://connect.facebook.net http://connect.facebook.net https://cdn.callrail.com http://cdn.callrail.com https://www.youtube.com http://www.youtube.com https://my.wpengine.com http://my.wpengine.com http://www.google.com http://google.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com http://unpkg.com https://www.googletagmanager.com http://www.googletagmanager.com https://s.btstatic.com http://s.thebrighttag.com http://thebrighttag.com http://www.google-analytics.com http://google-analytics.com http://cdnjs.cloudflare.com https://www.gstatic.com http://www.gstatic.com http://s.btstatic.com http://s.btstatic.com http://static.srcspot.com https://static.srcspot.com; script-src-elem  * 'self' 'unsafe-inline' 'unsafe-eval' data: gap: blob: http://cdnjs.cloudflare.com; connect-src * 'self' data: gap: https://cdn.jsdelivr.net https://js.callrail.com http://js.callrail.com https://my.wpengine.com http://my.wpengine.com https://stats.g.doubleclick.net http://stats.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com; img-src * 'self' data: gap: https://dify.wpengine.com http://dify.wpengine.com https://www.facebook.com http://www.facebook.com https://s.w.org http://s.w.org http://secure.gravatar.com https://secure.gravatar.com http://gravatar.com http://1.gravatar.com http://1.gravatar.com https://1.gravatar.com http://i.ytimg.com http://ytimg.com https://www.google-analytics.com http://www.google-analytics.com; frame-src * 'self' data: gap: https://js.stripe.com https://www.facebook.com http://www.facebook.com http://youtube.com http://www.youtube.com http://seekbeak.com http://s.thebrighttag.com http://thebrighttag.com https://www.google.com http://www.google.com; style-src * 'self' data: gap: 'unsafe-inline' http://unpkg.com http://code.ionicframework.com http://cdnjs.cloudflare.com https://fonts.googleapis.com http://fonts.gstatic.com https://code.ionicframework.com https://unpkg.com https://maxcdn.bootstrapcdn.com maxcdn.bootstrapcdn.com; font-src 'self' http://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com http://fonts.gstatic.com http://code.ionicframework.com data: gap: 'unsafe-inline'; frame-ancestors 'self' https://*.mdguidelines.com https://*.alight.com data: gap: blob:; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.play.ht https://rgsharedweb.s3.amazonaws.com https://code.jquery.com https://client.crisp.chat https://emailoctopus.com https://server10.clickandchat.com https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.lsa.inc https://lsa.inc https://lsa-inc.azurewebsites.net https://player.vimeo.com https://yoast.com https://www.gstatic.com https://d1553uxug7aswy.cloudfront.net https://www.google-analytics.com https://cdnjs.cloudflare.com https://js.stripe.com https://static.play.ht https://www.googletagmanager.com https://server10.clickandchat.com https://cdn.jsdelivr.net https://connect.facebook.net https://apis.google.com https://platform.twitter.com https://fast.wistia.com https://beacon-v2.helpscout.net https://client.crisp.chat https://code.highcharts.com https://firebaseio.com https://pipedream.wistia.com https://emailoctopus.com https://analytics.clickdimensions.com https://snap.licdn.com https://editor-static-bucket.elementor.com; img-src 'self' data: *; object-src 'none'; font-src 'self' data: https://s0.wp.com https://fonts.gstatic.com https://s3.amazonaws.com https://fast.wistia.com https://client.crisp.chat https://maxcdn.bootstrapcdn.com; connect-src 'self' https://vimeo.com https://play.ht https://my.yoast.com https://fast.wistia.com https://d3hb14vkzrxvla.cloudfront.net https://distillery.wistia.com https://beaconapi.helpscout.net https://a.play.ht wss://play-68705.firebaseio.com wss://s-usc1f-nss-2514.firebaseio.com https://pipedream.wistia.com wss://client.relay.crisp.chat https://yoast.com https://px.ads.linkedin.com https://www.google-analytics.com https://media.play.ht https://maxcdn.bootstrapcdn.com; frame-src 'self' https://player.vimeo.com https://play.ht https://js.stripe.com https://www.youtube-nocookie.com https://library.elementor.com https://www.youtube.com https://accounts.google.com https://www.facebook.com https://tools.akismet.com https://s-usc1f-nss-2514.firebaseio.com https://wp.freemius.com https://jobs.lever.co https://analytics.clickdimensions.com https://server10.clickandchat.com https://indd.adobe.com https://yoast.com https://my.yoast.com https://simplebooklet.com; media-src 'self' blob: https://media.play.ht; worker-src 'self' blob:; 1
upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https: wss: android-webview-video-poster: blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.googlesyndication.com  *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.go-mpulse.net *.facebook.net *.twitter.com *.youtube.com; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com; connect-src 'self' *.googlesyndication.com *.google-analytics.com *.go-mpulse.net *.akstat.io *.akamaihd.net *.google.com *.doubleclick.net; img-src 'self' *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.doubleclick.net *.google.de *.google.com *.twitter.com *.gstatic.com *.w3.org; frame-src 'self' *.doubleclick.net *.twitter.com *.facebook.com; font-src 'self' *.gstatic.com; object-src 'none' 1
default-src 'self' *.google.com *.google-analytics.com *.doubleclick.net cookiehub.net *.cookiehub.net *.facebook.com *.facebook.net polyfill.io *.newrelic.com *.linkedin.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cookiehub.net *.cookiehub.net *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.licdn.com *.facebook.net *.doubleclick.net polyfill.io *.facebook.com *.facebook.net *.plyr.io *.vimeo.com *.youtube.com *.hsforms.net *.hsforms.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net  unpkg.com  *.usercentrics.eu *.newrelic.com *.linkedin.com *.googleapis.com; style-src 'self' 'unsafe-inline' cookiehub.net *.cookiehub.net *.facebook.com *.facebook.net *.plyr.io *.vimeo.com *.youtube.com projects.codeaware.at *.linkedin.com *.googleapis.com; img-src * 'self' data: https:; frame-src 'self' *.youtube.com *.youtu.be *.youtube-nocookie.com *.vimeo.com *.doubleclick.net *.facebook.com *.facebook.net forms.hsforms.com *.usercentrics.eu *.newrelic.com *.linkedin.com; font-src 'self' data: *.gstatic.com *.googleusercontent.com projects.codeaware.at; connect-src 'self' *.google.com *.google-analytics.com *.doubleclick.net cookiehub.net *.cookiehub.net *.facebook.com *.facebook.net *.plyr.io *.vimeo.io *.youtube.com noembed.com forms.hsforms.com forms.hubspot.com polyfill.io  *.usercentrics.eu 'self' *.google.com *.google-analytics.com *.doubleclick.net cookiehub.net *.cookiehub.net *.facebook.com *.facebook.net *.plyr.io *.vimeo.io *.youtube.com noembed.com forms.hsforms.com forms.hubspot.com polyfill.io  *.usercentrics.eu *.hscollectedforms.net *.newrelic.com *.nr-data.net *.linkedin.com *.googleapis.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' cdn.amcharts.com cdn.jsdelivr.net/npm/odometer@0.4.8/odometer.min.js cdn.jsdelivr.net/npm/autonumeric@4.6.0/dist/autoNumeric.min.js cdnjs.cloudflare.com cds-sdkcfg.onlineaccess1.com/common.js googleads.g.doubleclick.net onlineaccess.coastal1.org player.vimeo.com/api/player.js translate.google.com translate.googleapis.com translate-pa.googleapis.com www.googleadservices.com www.googletagmanager.com www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/api.js fast.wistia.net pipedream.wistia.com onlineaccess.coastal1.org; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com code.ionicframework.com fonts.googleapis.com www.gstatic.com fast.wistia.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net/g/collect analytics.google.com google.com onlineaccess.coastal1.org translate.googleapis.com pipedream.wistia.com fast.wistia.net *.google-analytics.com *.vimeo.com; font-src 'self' data: code.ionicframework.com fonts.gstatic.com; frame-src 'self' www.google.com; img-src 'self' data: fonts.gstatic.com googleads.g.doubleclick.net wsrv.nl www.google.com www.gstatic.com secure.gravatar.com www.googletagmanager.com; manifest-src 'self' cdnjs.cloudflare.com; media-src 'self' vimeo.com youtube.com google.com blob:; report-uri https://www.coastal1.org/cdn-cgi/script_monitor/report?v=1; worker-src 'self' blob:; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src http: https: blob: data: ; connect-src https: wss: 1
frame-ancestors 'self' *.isportfoy.com.tr 1
default-src 'self' https://www.google.com; img-src 'self' data:  https://*.roc-nijmegen.nl  https://*.google-analytics.com  https://*.googletagmanager.com  https://*.gstatic.com  https://*.google.com  https://*.google.nl  https://*.googleapis.com  https://*.g.doubleclick.net  https://*.googlesyndication.com  https://*.bing.com   https://i.ytimg.com  https://*.facebook.com  https://static.resengo.com  https://px.ads.linkedin.com  https://c.clarity.ms  https://*.snapchat.com; font-src 'self' data: https://*.roc-nijmegen.nl https://fonts.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.hotjar.com https://*.youtube.com https://polyfill.io https://*.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.roc-nijmegen.nl https://*.pardot.com https://*.facebook.net https://cdn.jsdelivr.net https://code.jquery.com https://*.resengo.com https://*.blackthorn.io https://www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://bat.bing.com https://www.clarity.ms https://www.google.nl https://pagead2.googlesyndication.com https://sc-static.net https://tr.snapchat.com; base-uri 'self'; connect-src 'self' https://*.google-analytics.com https://*.g.doubleclick.net https://*.hotjar.io https://*.googleapis.com https://noembed.com https://cdn.plyr.io https://*.facebook.com https://*.resengo.com https://dc.services.visualstudio.com https://pagead2.googlesyndication.com https://www.google.com https://*.analytics.google.com https://cdn.linkedin.oribi.io https://*.clarity.ms https://px.ads.linkedin.com https://*.snapchat.com; style-src 'self' 'unsafe-inline' data: https://*.googletagmanager.com https://*.googleapis.com https://*.googletagmanager.com https://*.googleapis.com https://*.roc-nijmegen.nl; frame-src 'self' https://*.youtube-nocookie.com https://www.google.com https://*.facebook.com https://*.roc-nijmegen.nl https://*.blackthorn.io https://td.doubleclick.net https://tr.snapchat.com/; frame-ancestors 'self' https://rocnijmegen.perfectwebteam.nl https://*.blackthorn.io; object-src 'self' 1
default-src 'self'; script-src 'self' https://*.astonmiles.com https://code.jquery.com https://www.google-analytics.com https://*.fontawesome.com https://*.googleapis.com //*.gstatic.com; style-src 'self' https://*.astonmiles.com https://*.googleapis.com https://*.fontawesome.com; font-src 'self' https://*.gstatic.com https://*.fontawesome.com; img-src 'self' https://*.astonmiles.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googleapis.com; connect-src 'self' https://*.astonmiles.com https://*.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.fontawesome.com https://code.jquery.com //*.gstatic.com; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none';upgrade-insecure-requests 1
frame-ancestors 'self' *.windy.com:* 1
default-src 'self' https:; connect-src 'self' https://api.mapbox.com/ https://a.tiles.mapbox.com/ http://a.tiles.mapbox.com/ https://b.tiles.mapbox.com/ https://events.mapbox.com/ https://api.mazemap.com/ https://tiles.mazemap.com/ https://search.mazemap.com/ https://api.gobistories.com/ https://res.cloudinary.com/gobi-technologies-as/image/upload/ https://res.cloudinary.com/gobi-technologies-as/video/upload/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://*.googletagmanager.com/ https://*.google.com/ https://*.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://*.hotjar.io/ https://*.hotjar.com/ wss://*.hotjar.com/ https://*.snapchat.com/ https://www.facebook.com/ https://contentassistant.eu.siteimprove.com/cms/ https://id.eu.siteimprove.com/connect/authorize/ https://*.ingest.sentry.io/api/ https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com/ https://api.mapbox.com/ https://api.mazemap.com/ https://script.hotjar.com/; frame-src 'self' https://iframe.hivolda.no/ https://hivolda.instructuremedia.com/embed/ https://www.youtube.com/ http://www.youtube.com/ https://www.youtube-nocookie.com/embed/ https://studietesten.no/ https://use.mazemap.com/ https://embed.acast.com/ https://player.vimeo.com/ https://docs.google.com/presentation/ https://vars.hotjar.com/ https://*.snapchat.com/ https://www.instagram.com/ https://hivolda.cloud.panopto.eu/ https://issuu.com/sivolda/docs/ https://create.plandisc.com/ https://www.tiktok.com/embed/ https://if-cdn.com/ https://outlook.office365.com/owa/calendar/ https://contentassistant.eu.siteimprove.com/Cms/ https://e.issuu.com/; img-src 'self' https: data: blob: http://api.mapbox.com/ http://a.tiles.mapbox.com/; media-src 'self' blob:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://hivolda.devz.no/ http://api.mapbox.com/mapbox.js/v3.1.1/mapbox.js https://cdn.plyr.io/3.6.2/plyr.js http://cdn.plyr.io/3.6.2/plyr.js https://unpkg.com/%40gobistories/gobi-web-integration%40%5E6.11.1 https://www.youtube.com/iframe_api/ https://www.youtube.com/s/player/ https://*.googletagmanager.com/ https://*.google-analytics.com/ https://tagmanager.google.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://siteimproveanalytics.com/ https://track.adform.net/ https://s2.adform.net/ https://sc-static.net/ https://connect.facebook.net/ https://e.issuu.com/embed.js https://api.mapbox.com https://api.mazemap.com https://assets.pinterest.com https://cdn.jsdelivr.net https://cdn.plyr.io https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://github.com https://polyfill.io https://unpkg.com platform.instagram.com platform.twitter.com; script-src-elem 'self' 'unsafe-inline' http://api.mapbox.com/ https://cdn.plyr.io/3.6.2/plyr.js http://cdn.plyr.io/3.6.2/plyr.js https://unpkg.com/%40gobistories/gobi-web-integration%40%5E6.11.1 https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://*.googletagmanager.com/ https://*.google-analytics.com/ https://script.hotjar.com/ https://static.hotjar.com/ http://siteimproveanalytics.com/js/siteanalyze_6000491.js https://track.adform.net/serving/scripts/trackpoint/async/ https://track.adform.net/Serving/TrackPoint/ https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://sc-static.net/ https://connect.facebook.net/ https://www.instagram.com/ https://*.snapchat.com/ https://www.tiktok.com/embed.js https://lf16-tiktok-web.ttwstatic.com/ https://if-cdn.com/ https://e.issuu.com/embed.js https://api.mapbox.com https://api.mazemap.com https://assets.pinterest.com https://cdn.jsdelivr.net https://cdn.plyr.io https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://github.com https://polyfill.io https://unpkg.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' http://api.mapbox.com/mapbox.js/v3.1.1/mapbox.css https://fonts.googleapis.com/ https://tagmanager.google.com/ https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' http://api.mapbox.com/ https://lf16-tiktok-web.ttwstatic.com/ https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; worker-src 'self' blob: 1
script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/main_light_binary.js https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/feedback/js/ghelp/ https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/ChromeWebStoreConsumerFeUi/cspreport/allowlist 1
report-uri https://api.web1on1.chat/report-violation;default-src 'self';connect-src 'self' wss://*.web1on1.chat wss://*.chatshipper.com wss://*.smooch.io *.web1on1.chat *.chatshipper.com *.run.app *.cloudfunctions.net *.facebook.com *.google.com *.smooch.io *.postmarkapp.com fonts.googleapis.com fonts.gstatic.com meet.cht.onl 8X8.vc js.stripe.com stripe.com *.googleapis.com *.userguiding.com *.twilio.com wss://*.twilio.com media.twiliocdn.com sdk.twilio.com api.twilio.com wss://voice-js.roaming.twilio.com blob:;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.smooch.io *.googleapis.com meet.cht.onl 8X8.vc js.stripe.com stripe.com *.statuspage.io *.postmarkapp.com blob: connect.facebook.net apis.google.com *.cloudflare.com *.userguiding.com *.chatshipper.com *.web1on1.chat *.google.com *.gstatic.com media.twiliocdn.com sdk.twilio.com;style-src 'self' 'unsafe-inline' *.chatshipper.com *.web1on1.chat *.smooch.io fonts.googleapis.com fonts.gstatic.com meet.cht.onl 8X8.vc js.stripe.com stripe.com viabovag.nl *.userguiding.com *.viabovag.nl blob:;img-src * data: blob:;font-src 'self' data: *.googleusercontent.com *.bootstrapcdn.com *.cloudfront.net fonts.googleapis.com fonts.gstatic.com viabovag.nl *.userguiding.com *.viabovag.nl *.smooch.io;media-src 'self' data: *.smooch.io cht.onl meet.cht.onl 8X8.vc js.stripe.com *.userguiding.com stripe.com mediastream media.twiliocdn.com sdk.twilio.com *.twilio.com *.web1on1.chat blob:;object-src 'none';child-src * blob:; frame-src *; frame-ancestors *.citnow.com *.rtcauto.co.uk; 1
frame-ancestors 'self' https://*.emerson.com https://*.emerson.cn https://*.emerson.co.jp https://*.emerson.kr https://*.ariba.com https://*.tradecentric.com https://mypunchoutsite.com https://*.coupahost.com https://*.determine.com https://*.gep.com https://emerson.pathfactory.com https://*.jaggaer.com https://*.sciquest.com https://*sp24.phitr.com https://*sp15.phibred.com 1
script-src http: https: 'unsafe-inline' 'unsafe-eval' https://lacordee.com/; style-src 'self' blob: https: 'unsafe-inline' https://lacordee.com/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' data: fonts.gstatic.com; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.google.com *.gstatic.com *; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://tapbots.social; img-src 'self' https: data: blob: https://tapbots.social; style-src 'self' https://tapbots.social 'nonce-VIDFkjMZ/rH/NKM773mFAQ=='; media-src 'self' https: data: https://tapbots.social; frame-src 'self' https:; manifest-src 'self' https://tapbots.social; form-action 'self'; child-src 'self' blob: https://tapbots.social; worker-src 'self' blob: https://tapbots.social; connect-src 'self' data: blob: https://tapbots.social https://tapbots.social wss://tapbots.social; script-src 'self' https://tapbots.social 'wasm-unsafe-eval' 1
default-src 'self'; img-src 'self' threatbook.cn threatbook.com data:;    media-src 'self';    script-src 'self' 'unsafe-eval' *.threatbook.com *.threatbook.cn https://www.huodongxing.com https://cdn.huodongxing.com;    style-src 'self' 'unsafe-inline';    frame-ancestors https://www.huodongxing.com https://cdn.huodongxing.com 'self';    connect-src *.threatbook.com *.threatbook.cn https://www.huodongxing.com https://cdn.huodongxing.com 'self';    font-src 'self' data:;    frame-src https://www.huodongxing.com https://cdn.huodongxing.com; 1
frame-src 'self' https://eu-west-2-elume.s3.us-east-1.amazonaws.com/ https://forms.hsforms.com/ https://app.hubspot.com https://www.googletagmanager.com https://accounts.google.com https://sdk.companywebcast.com https://ir.asp.manamind.com https://www.youtube.com https://www.youtube-nocookie.com *.metric.gstatic.com *.dynamics.com https://webcast.seria.no https://spinzam.com/ https://player.vimeo.com https://vimeo.com https://cdn.embedly.com https://www.facebook.com https://www.google.com/ https://platform.twitter.com/ https://twitter.com/ https://ir.oms.no/ https://kongsberg.easycruit.com https://tools.eurolandir.com https://asia.tools.euroland.com https://tools.euroland.com https://gamma.euroland.com ; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline'; img-src 'self' * data: 'unsafe-inline'; object-src 'none'; base-uri 'self'; frame-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; worker-src 'none'; script-src 'self' https://www.google-analytics.com https://edge.fullstory.com https://widget.intercom.io https://ok1static.oktacdn.com https://az416426.vo.msecnd.net https://maps.google.com https://static.zdassets.com https://assets.zendesk.com https://maps.googleapis.com 'unsafe-inline' 'unsafe-eval' ; font-src 'self' https://ok1static.oktacdn.com https://fonts.gstatic.com data: 'unsafe-inline'; style-src 'report-sample' 'self' https://newtaxi-login.corcoran.com https://ok1static.oktacdn.com https://cloud.typography.com https://fonts.googleapis.com 'unsafe-inline' ; report-uri https://620eef3a8fbf6d96ac8e965b.endpoint.csper.io/?v=1 'unsafe-inline'; connect-src 'self' https://mediaapp.vestahub.com https://securityapi.vestahub.com https://api-my.citihabitats.com https://corcoranit.zendesk.com https://ekr.zdassets.com https://maps.googleapis.com https://api-act.vestahub.com https://newtaxi-dataapi.corcoran.com https://newtaxi-login.corcoran.com https://newtaxi.corcoran.com https://newtaxi-searchapi.corcoran.com https://presentationsservice.corcoranlabs.com *.visualstudio.com 'unsafe-inline'; frame-ancestors 'self' *; 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
style-src 'self' 'sha256-76exF8ydkxh4QXwMNH67O393PnBamu/fPbLRSjgHUVg=' 'sha256-7qXPdzomaPhbvIDWZVhlqXgFQAhIr+5WoM/lK817wbo=' 'sha256-COYNv/8LmOwfAiDWWzWVMkL4fEPDbLels2CBNuS7LRk=' 'sha256-Gb2fuBWYsW5HFw1y5OTjq4dhoAmvKZhv/qMl6LZj4WA=' 'sha256-OxLTwR74MoRWbcDHjwN3TdvSLx2QmLPFl02Np3QykPM=' 'sha256-PdzgE45Inu8ciZvIu5ulmrEaQENku+y5ZP7w4Z1cBWE=' 'sha256-VLueOoKVEPWXwNg8ouz4+sf0H+fSqZEsNUuvbEvMJL0=' 'sha256-W5dfgVLPsTgISyMNM5pPaxxgYjdPByO7q4SkL144A9w=' 'sha256-by355lUL2FOzwdonJVfuiRXjSq6ohg6ikMAqUNTMGn8=' 'sha256-etxzJf7w2TH3gTx1clme5gWkl52tTo6iIHkgSyLfUE8=' 'sha256-ka1NBA2MlPKbeGO6UFUjbNDOYCvGkk1VJnRjviW2Aic=' 'sha256-kcztHTNBTVStjQu5O17opeGArcRNigdkJIbYUkGQyLs=' 'sha256-qDU/dtI8CYneCHwOcIR21GvcikiH+/QmNN9QQKJ+/dE=' 'sha256-rWWwse9tPIxIwHjcVFj9sA8xLngscpED018gVlmOafo=' 'sha256-vFL2tDsclMjdGX3SZHhcg1toEUnHwK8LOZw2AYogVOU=' 'sha256-wYaoUBdkzbi3vwXaMNBxk8mKzj4oY+35HcvjBcfd2dk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com firefoxusercontent.com https://profile.accounts.firefox.com; object-src 'none'; default-src 'self'; script-src 'self' 'nonce-ace426c9facfa42f6d9fd8ab018647a0' https://www.google-analytics.com/ https://*.googletagmanager.com https://js.stripe.com/; font-src 'self' https://relay.firefox.com/; frame-src https://js.stripe.com https://hooks.stripe.com; worker-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://location.services.mozilla.com https://api.stripe.com https://basket.mozilla.org https://accounts.firefox.com 1
frame-src self * *.wallet.pt *.meowallet.pt; frame-ancestors self * *.wallet.pt *.glownet.com glownet.com 1
frame-ancestors 'self' http://bim.wienerberger.be/ https://wienerberger.staging.dev.thorbiq.com https://wienerberger.staging.preprod.thorbiq.com 1
default-src 'self' *.ods.cz www.google.com cse.google.com csp.withgoogle.com *.google-analytics.com maps.googleapis.com fonts.googleapis.com fonts.gstatic.com *.googlevideo.com *.mailchimp.com stats.g.doubleclick.net www.facebook.com www.youtube.com www.ods.local *.spotify.com open.scdn.com; script-src 'unsafe-inline' 'unsafe-eval' data: *; style-src 'unsafe-inline' data: *; connect-src 'self' *.ods.cz www.google.com cse.google.com csp.withgoogle.com *.google-analytics.com maps.googleapis.com fonts.googleapis.com fonts.gstatic.com *.googlevideo.com *.mailchimp.com stats.g.doubleclick.net www.facebook.com www.youtube.com www.ods.local *.spotify.com open.scdn.com; img-src 'self' data: * maps.gstatic.com *.mailchimp.com; base-uri 'self'; form-action 'self' *.list-manage.com www.facebook.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' plans.billetel.fr www.youtube.com *.prowebce.net *.nr-data.net *.onetrust.com *.contentsquare.net js-agent.newrelic.com cdn.cookielaw.org *.abtasty.com stats.g.doubleclick.net *.aticdn.net *.xiti.com *.google-analytics.com *.googletagmanager.com fonts.googleapis.com fonts.gstatic.com code.jquery.com *.walkme.com www5.easiware.fr/prowebce/ cdnjs.cloudflare.com/ajax/libs/bootstrap-switch/ cdnjs.cloudflare.com/ajax/libs/highlight.js/ cdnjs.cloudflare.com/ajax/libs/popper.js/ cdnjs.cloudflare.com/ajax/libs/validate.js/ cdnjs.cloudflare.com/ajax/libs/jquery-ajaxtransport-xdomainrequest/ oss.maxcdn.com/respond/1.4.2/respond.min.js oss.maxcdn.com/html5shiv/ oss.maxcdn.com/libs/html5shiv/ oss.maxcdn.com/libs/respond.js/ cdn.jsdelivr.net/npm/roboto-font@0.1.0/ edenred-faq.mayday.cx/embedded/md-selfcare.umd.js public.mayday.fr logs-service.mayday.fr ka-p.fontawesome.com/releases/ cdnjs.cloudflare.com/ajax/libs/Swiper/5.3.7/css/swiper.min.css; img-src * data:; media-src * data:; font-src 'self' fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net/npm/roboto-font@0.1.0/ ka-p.fontawesome.com/releases/ data:; worker-src 'self' blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloud.coveo.com https://cdn.jsdelivr.net https://cdn.cookielaw.org https://*.googlesyndication.com https://js-agent.newrelic.com https://storage.googleapis.com https://*.googletagmanager.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://*.printfriendly.com https://static.addtoany.com https://ds-4047.kxcdn.com https://s.ytimg.com/yts/jsbin/ https://static.addtoany.com/menu/ https://snap.licdn.com https://www.youtube-nocookie.com https://rawgit.com/NerOcrO/ntools/master/ntools.user.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://s.ytimg.com https://cdn.rawgit.com/w8tcha/ https://cdn.rawgit.com/ckeditor/ https://www.youtube.com/ https://snap.licdn.com/ https://*.google-analytics.com https://stats.g.doubleclick.net/ https://www.google.com/ads/ https://px.ads.linkedin.com/collect *.instagram.com; img-src 'self' data: https://cdn.cookielaw.org https://*.cdninstagram.com https://*.licdn.com https://assets.bwbx.io https://sprcdn-assets.sprinklr.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com https://i.ytimg.com https://www.nestle-nespresso.com https://img.youtube.com/; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/; frame-ancestors 'self'; upgrade-insecure-requests 1
frame-ancestors 'self' https://www.newpathlearning.com/; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://googleads.g.doubleclick.net https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ *.cloudfront.net/cache-js/ *.google.com/ *.gstatic.com/; style-src 'self' 'unsafe-inline' 'report-sample' *.cloudfront.net/ accounts.google.com/gsi/style; object-src 'self'; frame-src 'self' *.google.com/; child-src 'none'; img-src 'self' data: *; font-src 'self' https://*.cloudfront.net/; connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.google.com.ua/ https://www.google.com/ https://www.googletagmanager.com/ https://analytics.google.com/; manifest-src https://newpathworksheets.com/; base-uri 'self'; form-action 'self' *.paypal.com/; media-src 'self'; worker-src 'none' 1
default-src 'self' https:; font-src 'self' https:; img-src 'self' https:; object-src 'none'; script-src 'self' 'unsafe-inline' app.evita.ch https:; style-src 'self' https: 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-63f3ae291aeb40e0034587c698aec7e5'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; media-src 'self' blob:; script-src 'self' 'sha256-D9kvgd5pJSJnKAxbyhP4vsdKkDmIiFSmrSkwrfQIQCc=' 'sha256-KUcKFgI0s2zjgZcjb1A6YarPJuOpkcIZboLP3NTHGZM=' 'sha256-fuL7YGf4Xjp6fymlXugnIw4SDXNvLL9AHFGgCe6JYA8=' 'sha256-jy+bez8rPWuhicVe1B6KSlUVsBgVkpZ6cYqYjcqLJqA=' *.segment.com www.googletagmanager.com *.google-analytics.com heapanalytics.com *.heapanalytics.com *.planhat.com; style-src 'self' 'unsafe-hashes' 'sha256-kwpt3lQZ21rs4cld7/uEm9qI5yAbjYzx+9FGm/XmwNU=' 'sha256-TtSWwniauURjsw+n1XzXGM8yPOKTrl4VcINhpz7eXuo=' 'sha256-NN53gbv7D2Wfr8kayB6yvteX/vSER4S2W8eYtBY/3WI=' 'sha256-AYuZD+NP9Ejp48nJE4QvxdNcnWmcoGbtPl+fW8vXvik=' 'sha256-OHV7goBrTcT/iqUT/8ui3huUSs6+noyzoNYKqFfXZtI=' 'sha256-OHV7goBrTcT/iqUT/8ui3huUSs6+noyzoNYKqFfXZtI=' 'sha256-CO3q0pNmHmANBYSrz8unqzJr2qaUYe4PHPWIDh+8V20=' 'sha256-CO3q0pNmHmANBYSrz8unqzJr2qaUYe4PHPWIDh+8V20=' 'sha256-AakVNU4ZZCpceLQt/BM+BCYbv61t7rw3XIrZf3G5lq4=' 'sha256-swPr61gCr6skSetv4/VIWCKg2tcnEGgBpn86uLmdzYE=' 'sha256-wtTV0+qtf9KE30RsOX6bAZGfWhbzIcKiWnHO0+MNk54=' 'sha256-UmFJ3QrYehwVW29goBsHA1knUMx0B7bwRJzOSyVUP5c=' 'sha256-OHV7goBrTcT/iqUT/8ui3huUSs6+noyzoNYKqFfXZtI=' 'sha256-BFU3BnyqbhnU5P4bEBvLn1IgebSFXoYgLIS9f14EELE=' 'sha256-sxwxXl+do9H230vq34IRJ74MZHLC/P6i+aBFThjaWTg=' 'sha256-SgZQWsfLqFIbXUavZS4pxgi9Pr0JFuIh5pAp0LdrHPU=' 'sha256-5tQne+uhhNZ3jrkzLytbCfuWaSKUXfzp8vuMcJtgHC8=' 'sha256-UAcril7Fu0fhoP3OFsrEvZPXHi/if2hnrZGv/inQi0c=' 'sha256-5tQne+uhhNZ3jrkzLytbCfuWaSKUXfzp8vuMcJtgHC8=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-hHMNwsVztK9CAoiM3GREM8XBvfumpxxnpaNPbhx9Bow=' 'sha256-CzODDLll2Z5UZSQvdtzLz4PXUrAioSHlXkSFVCKutiQ=' 'sha256-vI9MCDHlDNxVsAQ43WD9Vk6qzuUDeB/AN3HsgolWkR8=' 'sha256-Y7tRyUxFoOhHRsSyMoPhMef1s/C2+7WBduMfLFv/16w=' 'sha256-KOc1h2HdLneysnKYTWiv7TKSRkDt1JdX7nqw+gRhBl4=' 'sha256-PaUIqNs7L9VT1Xe7cwIpzJxuJQkIrg0Wn1mT0IUrLHA=' 'sha256-9THYlyt/wV5ncb9wtzB6CUZcBFIEcT/Ezo7zTXkbCh4=' 'sha256-/r8yiqMkokCXmgIZUquVAk0mSKCxsXFSItclja3wA0s=' 'sha256-WLgekxXT5rR9mlfhHU+2OKstxdGy5P5JyBlWh8jBJMU=' 'sha256-XHOQ9MY4Ri35G8tmy1xY0c2ibixktuY+SPBOL4SVk00=' 'sha256-pp+5hIbAGJtrUvG4fKaITIQafk0LoWeK1cX3h5xNvrk=' 'sha256-VoYxMLrM9Se/G7q83t/7gb39acEfPk8LIEfW5ZpMnVY=' 'sha256-IOyrDpkLCW/uKAZ1ulGQkMyHPjhg/sE4h98xpHuTkVA=' www.googletagmanager.com *.googleapis.com heapanalytics.com *.typekit.net; font-src 'self' *.typekit.net *.gstatic.com data:; img-src 'self' https: data: blob: www.googletagmanager.com *.google-analytics.com *.heapanalytics.com; connect-src 'self' blob: *.hyperproof.app *.statuspage.io *.segment.com *.segmentapis.com *.segment.io sentry.io *.google-analytics.com heapanalytics.com *.planhat.com; frame-src 'self' *.hyperproof.app *.officeapps.live.com docs.google.com blob:; worker-src 'self' blob:; object-src blob:; frame-ancestors 'self' https://docs.google.com; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; 1
default-src 'self' data: gap: https://artery.blob.core.windows.net; script-src-elem * 'unsafe-eval' 'self' 'unsafe-inline' data: ; style-src 'unsafe-inline' 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src * 'self' data: https://compasspathways.com https://*.compasspathways.com; font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com; connect-src * 'self' ; frame-src 'self' https://compasspathways.gcs-web.com https://boards.eu.greenhouse.io/ https://static.addtoany.com/ https://w.soundcloud.com https://td.doubleclick.net/ https://player.vimeo.com; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.cloudflare.com *.highcharts.com *.googletagmanager.com *.datatables.net *.gstatic.com *.googleapis.com *.google.com *.cookiebot.com static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' td.doubleclick.net ajax.cloudflare.com *.cookiebot.com *.googletagmanager.com *.gstatic.com *.google.com *.googleapis.com *.datatables.net; frame-src 'self' *.youtube.com www.youtube-nocookie.com app.powerbi.com td.doubleclick.net *.google-analytics.com *.cloudflare.com *.googletagmanager.com *.gstatic.com *.google.com *.cookiebot.com; child-src 'self' app.powerbi.com td.doubleclick.net *.google-analytics.com *.cloudflare.com *.googletagmanager.com *.gstatic.com *.google.com *.cookiebot.com; img-src 'self'  data: blob: *.cloudflare.com *.google-analytics.com *.google.com *.cloudflare.com *.googletagmanager.com *.gstatic.com *.cookiebot.com *.google.es *.googleapis.com;font-src 'self' data: *.cloudflare.com *.gstatic.com; connect-src 'self' *.google.com *.cloudflare.com consentcdn.cookiebot.com stats.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googleapis.com cloudflareinsights.com; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com *.googleapis.com *.bootstrapcdn.com data: *.cloudflare.com *.fontawesome.com *.fastly.net *.hotjar.com *.orbitvu.co *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://webto.salesforce.com/ https://oberkcommunity.force.com/ *.twitter.com https://plumrocket.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.facebook.com https://tpc.googlesyndication.com *.acsbapp.com https://acsbapp.com *.accessibe.com https://recaptcha.google.com/recaptcha/ https://www.paypalobjects.com optimize.google.com *.googleoptimize.com *.trustpilot.com/ *.twitter.com https://www.google.co.in https://plumrocket.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com validator.swagger.io *.ftcdn.net *.behance.net data: https://stats.g.doubleclick.net https://cm.g.doubleclick.net *.google.com *.google.co.in *.facebook.com https://googleads.g.doubleclick.net https://www.google.com.mx https://www.google.com.hk https://www.google.ru https://www.google.com.au https://www.google.com.tw https://www.google.co.uk https://www.google.ca *.swagger.io *.googletagmanager.com *.cloudflare.com *.paypal.com *.cloudfront.net *.payments-amazon.com optimize.google.com *.googleoptimize.com *.adobedtm.com *.adroll.com *.nr-data.net/ *.fastly.net https://eb2.3lift.com https://sync.outbrain.com https://*.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com https://simage2.pubmatic.com https://image2.pubmatic.com https://dsum-sec.casalemedia.com *.bc0a.com http://a.b0e8.com https://pixel.rubiconproject.com commerce.adobedc.net http://i.imgur.com https://i.ytimg.com *.bottlestore.com *.hotjar.com blob: *.orbitvu.co *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unpkg.com commerce.adobedtm.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com assets.adobedtm.com *.magento-ds.com *.google.com *.google.co.in *.gstatic.com *.facebook.com *.googletagmanager.com *.facebook.net *.pinterest.com *.amazonaws.com *.cloudflare.com *.cloudflareinsights.com *.fontawesome.com *.google-analytics.com *.paypal.com optimize.google.com *.googleoptimize.com *.trustpilot.com/ *.adroll.com/ *.newrelic.com/ *.nr-data.net/ *.noibu.com *.hotjar.com *.hotjar.io commerce.adobedc.net *.googleadservices.com *.bottlestore.com *.twitter.com *.paypalobjects.com *.orbitvu.co *.twimg.com *.trustedshops.com *.usercentrics.eu *.googleapis.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.sharethis.com *.acsbapp.com https://acsbapp.com optimize.google.com *.googleoptimize.com *.fastly.net *.hotjar.io *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.fontawesome.com *.youtube.com *.orbitvu.co *.bottlestore.com *.typekit.net *.trustedshops.com *.usercentrics.eu unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; manifest-src plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com commerce.adobedtm.com commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.adobe.io performance.typekit.net *.authorize.net *.facebook.com *.google-analytics.com *.google.com https://stats.g.doubleclick.net https://cm.g.doubleclick.net *.cloudflare.com *.paypal.com *.clarity.ms https://clarity.ms *.googleapis.com *.adroll.com https://bam.nr-data.net/ https://oberkcommunity.force.com/ *.orbitvu.co *.twitter.com *.twimg.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.bottlestore.com/; report-to report-endpoint; 1
base-uri 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'self' *.deed.ir; img-src 'self' *.deed.ir *.deedmedia.ir *.google-analytics.com *.doubleclick.net data: *.samandehi.ir *.google.de *.google.com; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.doubleclick.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.de *.tavoos.net *.sabavision.com *.yektanet.com ma-cdn.pegah.tech *.mediaad.org; upgrade-insecure-requests; default-src 'self'; media-src 'self' *.deed.ir *.deedmedia.ir data:; worker-src 'self'; connect-src 'self' *.deed.ir *.deedmedia.ir *.tavoos.net *.sabavision.com *.yektanet.com ma-cdn.pegah.tech *.mediaad.org *.google-analytics.com *.doubleclick.net *.google.de *.google.com *.adtrace.io; frame-src 'self' *.deed.ir *.tavoos.net *.sabavision.com *.yektanet.com ma-cdn.pegah.tech *.mediaad.org; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.leet.nl *.leet.ws https://appleid.cdn-apple.com https://hcaptcha.com https://*.hcaptcha.com connect.facebook.net https://accounts.google.com/gsi/client *.google-analytics.com www.googletagmanager.com *.googleadservices.com *.doubleclick.net *.googlesyndication.com www.googletagservices.com fundingchoicesmessages.google.com www.google.com www.gstatic.com apis.google.com https://cdn.ampproject.org *.stripe.com *.cloudflare.com cse.google.com; style-src 'self' 'unsafe-inline' *.leet.nl *.leet.ws https://hcaptcha.com https://*.hcaptcha.com www.gstatic.com fonts.googleapis.com googletagmanager.com; img-src 'self' data: *.leet.nl *.leet.ws www.facebook.com *.google-analytics.com stats.g.doubleclick.net *.gstatic.com https://*.imgur.com https://cdn.discordapp.com *.googleusercontent.com *.googlesyndication.com *.doubleclick.net www.google.com www.googleadservices.com; font-src 'self' data: fonts.gstatic.com *.leet.nl *.leet.ws; connect-src 'self' *.leet.nl *.leet.ws https://hcaptcha.com https://*.hcaptcha.com www.facebook.com https://accounts.google.com/gsi/ *.google-analytics.com www.googletagmanager.com csi.gstatic.com *.doubleclick.net fundingchoicesmessages.google.com *.googlesyndication.com www.google.com; media-src https://listen.leetmusic.nl; child-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.leet.nl *.leet.ws *.facebook.com www.google.com www.youtube.com www.offertoro.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.leet.nl *.leet.ws *.facebook.com www.google.com www.youtube.com *.doubleclick.net *.googlesyndication.com *.stripe.com;upgrade-insecure-requests; report-uri /csp/report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' report-to https://ui.masterpassturkiye.com;    style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com;    img-src 'self' https: data:;    font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com;    script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://code.jquery.com https://ui.masterpassturkiye.com;    frame-ancestors 'self' https://online.mersin.bel.tr https://www.estram.com.tr https://www.balikesirulasim.com.tr https://samulas.com.tr https://www.tekulas.com.tr http://zabbix.asiselektronik.com.tr https://ui.masterpassturkiye.com;   frame-src 'self' https://online.mersin.bel.tr https://www.estram.com.tr https://www.balikesirulasim.com.tr https://samulas.com.tr https://www.tekulas.com.tr http://zabbix.asiselektronik.com.tr https://ui.masterpassturkiye.com; 1
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net translate.googleapis.com *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com api.talkdeskapp.com api.talkdeskapp.eu api.talkdeskappca.com wss://tsock.us1.twilio.com wss://tsock.ie1.twilio.com mcs.us1.twilio.com mcs.ie1.twilio.com *.dynatrace.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com d3gj43804r9iyz.cloudfront.net;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com talkdeskchatsdk.talkdeskapp.com d3gj43804r9iyz.cloudfront.net;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net td.doubleclick.net www.youtube.com consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io bambooloans.prismic.io cti-client-web.meza.talkdeskapp.eu;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ ad.doubleclick.net translate.google.com imgsct.cookiebot.com images.prismic.io bambooloans.cdn.prismic.io plata.cdn.prismic.io qa-cdn-talkdesk.talkdeskdev.com talkdeskchatsdk.talkdeskapp.com media.us1.twilio.com s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ d3gj43804r9iyz.cloudfront.net;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js talkdeskchatsdk.talkdeskapp.com d3gj43804r9iyz.cloudfront.net;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com d3gj43804r9iyz.cloudfront.net;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com d3gj43804r9iyz.cloudfront.net;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js talkdeskchatsdk.talkdeskapp.com d3gj43804r9iyz.cloudfront.net; 1
font-src maxcdn.bootstrapcdn.com fonts.gstatic.com *.gstatic.com 'self' data: https://fonts.googleapis.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com platform.twitter.com www.googletagmanager.com *.google.com https://td.doubleclick.net/ td.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com flagpedia.net 'self' data: https://www.google.co.in/ google.co.in data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://polyfill.io connect.facebook.net twitter.com platform.twitter.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.gstatic.com maps.googleapis.com *.google.com https://static.cloudflareinsights.com/* static.cloudflareinsights.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net www.gstatic.com maps.googleapis.com https://www.google.co.in/ads/* *.google.co.in 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' wss://*.tawk.to/s/ wss://ticker.berichbd.com:8088/signalr/ ticker.berichbd.com:8088 embed.tawk.to *.tawk.to/s/ va.tawk.to https://ticker.berichbd.com:8088 client.pay.bka.sh www.berichbd.com/laser www.berichbd.com/laser/chat.html stats.g.doubleclick.net www.google-analytics.com; img-src * 'self' www.berichbd.com/laser www.google.com www.google.com.bd https://img.nopcommerce.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' client.pay.bka.sh code.jquery.com scripts.pay.bka.sh https://ticker.berichbd.com:8088 cdn.jsdelivr.net embed.tawk.to www.berichbd.com/laser berichbd.com/laser googleads.g.doubleclick.net onesignal.com onesignal.com connect.facebook.net www.google-analytics.com ajax.googleapis.com www.googletagmanager.com cdn.onesignal.com https://maxcdn.bootstrapcdn.com https://www.google.com/jsapi https://www.gstatic.com/; style-src * 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com ; frame-ancestors 'self' http://119.18.148.10 http://m.berichbd.com https://m.berichbd.com http://m.01.limited https://m.01.limited; base-uri 'self'; form-action 'self' *; font-src 'self' *; worker-src 'self' blob:; 1
frame-src *.google.com *.googletagmanager.com *.doubleclick.net app.vwo.com *.visualwebsiteoptimizer.com *.criteo.com *.teads.tv static.criteo.net targeting.voxus.tv onsite.chaordicsystems.com www.standout.com.br standout.com.br survey.solucx.com.br comprafoodserv.os.tc *.talkdeskapp.com tsock.us1.twilio.com *.twilio.com *.hotjar.com *.hotjar.io *.atendimen.to infracommercebr.force.com infracommercebr.secure.force.com infracommerce.chat.blip.ai infracommercebr.my.salesforce-sites.com; 1
default-src 'none'; img-src 'self' data: https: http:; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com; font-src 'self' data: https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajaxorg.github.io https://www.google.com https://www.gstatic.com https://www.youtube.com; connect-src 'self'; worker-src 'self' blob: https://www.google.com; frame-src https://www.google.com https://www.youtube.com; media-src 'self'; 1
frame-ancestors 'self'; form-action 'self' ov.autopistas.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob: https://www.pinterest.com https://www.pinterest.co.uk https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://*.contentsquare.net https://ct.pinterest.com https://sgtm.espaskincare.co.in; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://connect.facebook.net https://checkout.espaskincare.co.in https://www.espaskincare.co.in https://m.espaskincare.co.in https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com https://s.pinimg.com https://sgtm.espaskincare.co.in; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; report-to report-endpoint 1
font-src 'self' *.tawk.to fonts.gstatic.com fonts.gstatic.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com v2.zopim.com smartsupp-widget-161959.c.cdn77.org data: 1
frame-ancestors 'self' https://*.xibo.org.uk https://*.xibosignage.com 1
default-src 'self'; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; connect-src 'self' https:; frame-src 'self' https:; media-src 'self' https:; font-src 'self' https:; frame-ancestors 'self' https://futucortex.play.futurice.com; 1
default-src   0027.apiweb.bevestor.de security.bevestor.de 'unsafe-inline' 'unsafe-eval' 'self' data: blob: *.consentmanager.net *.tt.omtrdc.net dpm.demdex.net; style-src 'self' 'unsafe-inline' *.consentmanager.net; script-src  'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com s.ytimg.com *.consentmanager.net assets.adobedtm.com bevestor.de stats.deka.de dpm.demdex.net deka.demdex.net cm.everesttech.net fast.deka.demdex.net *.facebook.net *.adobe.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net; frame-src  'self' www.youtube-nocookie.com *.youtube.com deka.demdex.net *.doubleclick.net *.adobe.com; frame-ancestors 'self' ; object-src 'none'; img-src images.ctfassets.net *.consentmanager.net dpm.demdex.net smetrics.bevestor.de *.facebook.com *.doubleclick.net cm.everesttech.net pixel.rubiconproject.com adservice.google.com adservice.google.de data: 'self' blob: https:; 1
frame-ancestors 'self'; report-uri https://ensg.eu/fr/report-uri/enforce 1
base-uri 'none'; form-action 'self' *.useagle.org useaglefcu.financialhost.org login.microsoftonline.com; frame-ancestors 'self' *.useagle.org; upgrade-insecure-requests 1
default-src 'self' https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com  https://www.google-analytics.com https://directed.zendesk.com wss://widget-mediator.zopim.com https://widget-mediator.zopim.com https://directechs.blob.core.windows.net https://files.directechs.com wss://localhost:*/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://directechs.blob.core.windows.net https://files.directechs.com http://beta.directechs.com http://new.directechs.com http://www.directechs.com https://www.directechs.com http://www.directed.com https://www.directed.com https://www.youtube.com/user/SnakePitTraining https://*.googleapis.com http://*.googleapis.com https://*.google-analytics.com https://www.facebook.com/groups/directedtechsupport https://www.youtube.com http://www.directeddealers.com http://colt.calamp-ts.com https://www.directedstore.com http://fonts.gstatic.com https://fonts.gstatic.com https://server10gateway.clickandchat.com http://server4gateway.clickandchat.com https://server10.clickandchat.com http://server10.clickandchat.com https://cdn.datatables.net https://cdn.rawgit.com https://www.googletagmanager.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://directed.zendesk.com wss://widget-mediator.zopim.com; style-src 'self' 'unsafe-inline' https://directechs.blob.core.windows.net https://files.directechs.com http://beta.directechs.com http://new.directechs.com http://www.directechs.com https://www.directechs.com http://www.directed.com https://www.directed.com https://www.youtube.com/user/SnakePitTraining https://fonts.googleapis.com http://fonts.googleapis.com https://*.google-analytics.com https://www.facebook.com/groups/directedtechsupport https://www.youtube.com http://www.directeddealers.com http://colt.calamp-ts.com https://www.directedstore.com http://fonts.gstatic.com https://fonts.gstatic.com https://server4gateway.clickandchat.com  http://server4gateway.clickandchat.com  https://server10.clickandchat.com http://server10.clickandchat.com https://cdn.datatables.net https://maxcdn.bootstrapcdn.com https://voxxintl.zendesk.com https://www.googletagmanager.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://directed.zendesk.com wss://widget-mediator.zopim.com; img-src 'self' https://directechs.blob.core.windows.net https://files.directechs.com http://beta.directechs.com http://new.directechs.com http://www.directechs.com https://www.directechs.com http://www.directed.com https://www.directed.com https://www.youtube.com/user/SnakePitTraining https://fonts.googleapis.com http://fonts.googleapis.com https://www.google-analytics.com https://www.facebook.com/groups/directedtechsupport https://www.youtube.com http://www.directeddealers.com http://colt.calamp-ts.com https://www.directedstore.com http://fonts.gstatic.com https://fonts.gstatic.com http://ssl.google-analytics.com https://ssl.google-analytics.com https://server4gateway.clickandchat.com  http://server4gateway.clickandchat.com  https://server10.clickandchat.com http://server10.clickandchat.com https://cdn.datatables.net http://placehold.it https://voxxintl.zendesk.com https://www.googletagmanager.com https://static.zdassets.com  https://ekr.zdassets.com https://ekr.zendesk.com https://directed.zendesk.com wss://widget-mediator.zopim.com; font-src 'self' https://directechs.blob.core.windows.net https://files.directechs.com http://beta.directechs.com http://new.directechs.com http://www.directechs.com https://www.directechs.com http://www.directed.com https://www.directed.com https://www.youtube.com/user/SnakePitTraining https://fonts.googleapis.com http://fonts.googleapis.com https://www.google-analytics.com https://www.facebook.com/groups/directedtechsupport https://www.youtube.com http://www.directeddealers.com http://colt.calamp-ts.com https://www.directedstore.com http://fonts.gstatic.com https://fonts.gstatic.com http://ssl.google-analytics.com https://ssl.google-analytics.com https://server4gateway.clickandchat.com  http://server4gateway.clickandchat.com  https://server10.clickandchat.com http://server10.clickandchat.com https://cdn.datatables.net https://maxcdn.bootstrapcdn.com https://voxxintl.zendesk.com https://www.googletagmanager.com https://static.zdassets.com  https://ekr.zdassets.com https://ekr.zendesk.com https://directed.zendesk.com wss://widget-mediator.zopim.com; frame-src 'self' https://www.vcp.cloud https://dev.vcp-devtest.cloud https://qa.vcp-devtest.cloud https://directechs.blob.core.windows.net https://files.directechs.com http://beta.directechs.com http://new.directechs.com http://www.directechs.com https://www.directechs.com http://www.directed.com https://www.directed.com https://www.youtube.com/user/SnakePitTraining https://fonts.googleapis.com http://fonts.googleapis.com https://www.google-analytics.com https://www.facebook.com/groups/directedtechsupport https://www.youtube.com http://www.directeddealers.com http://colt.calamp-ts.com https://colt.calamp-ts.com https://www.directedstore.com http://fonts.gstatic.com https://fonts.gstatic.com http://ssl.google-analytics.com https://ssl.google-analytics.com https://server4gateway.clickandchat.com  http://server4gateway.clickandchat.com  https://server10.clickandchat.com http://server10.clickandchat.com https://cdn.datatables.net https://voxxintl.zendesk.com https://www.googletagmanager.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://directed.zendesk.com wss://widget-mediator.zopim.com; 1
default-src  'self'  * data:  'unsafe-eval'  'unsafe-inline'  blob:  *.addtoany.com  *.agitate.ie  *.braintree-api.com  *.braintreegateway.com  *.cookielaw.org  *.double-click.com  *.doubleclick.net  *.facebook.com  *.facebook.net  *.hotjar.com  *.ihfserviceext.com  'unsafe-inline'  *.jsdelivr.net  *.smassets.net  *.googletagmanager.com  'unsafe-inline'  *.google.com  'unsafe-inline'  *.google.ie  'unsafe-inline'  *.google-analytics.com  'unsafe-inline'  *.googleapis.com  'unsafe-inline'  *.googletagmanager.com  'unsafe-inline'  *.gravatar.com  *.gstatic.com  *.paypal.com  *.stripe.com  *.stripe.network  *.surveymonkey.com  *.ytimg.com  *.youtube.com  *.youtube-nocookie.com;        script-src  'self' * 'unsafe-eval'  data:  blob:    *.addtoany.com  *.braintree-api.com  *.facebook.com  *.facebook.net  *.google.com *.monsido.com  *.google.ie  'unsafe-inline'  *.googleapis.com  *.hotjar.com  *.ihfserviceext.com  *.paypalobjects.com  *.surveymonkey.com  ajax.googleapis.com  'unsafe-inline'  cdn.cookielaw.org  'unsafe-inline'  cdn.jsdelivr.net    checkout.paypal.com  'unsafe-inline'  code.jquery.com    connect.facebook.net  'unsafe-inline'  js.braintreegateway.com  'unsafe-inline'  js.stripe.com  'unsafe-inline'  www.facebook.com  'unsafe-inline'  www.google.com  'unsafe-inline'  www.google-analytics.com  'unsafe-inline'  www.googletagmanager.com  'unsafe-inline'  www.gstatic.com  'unsafe-inline'  www.youtube.com  'unsafe-inline'  www.double-click.com  vars.hotjar.com;           font-src  'self'  data:  *.google.ie  'unsafe-inline'  *.monsido.com *.ihfserviceext.com  *.surveymonkey.com  *.fontawesome.com cdn.jsdelivr.net  'unsafe-inline'  fonts.gstatic.com  'unsafe-inline';         style-src  'self' *.fontawesome.com *.monsido.com *.addtoany.com  *.google.ie  'unsafe-inline' *.gstatic.com *.googleapis.com  *.hotjar.com  'unsafe-inline'  *.ihfserviceext.com  *.surveymonkey.com  cdn.jsdelivr.net  'unsafe-inline'  fonts.googleapis.com  'unsafe-inline'  m.stripe.network  'unsafe-inline';   frame-src  'self'  ihfserviceext.com *.ihfserviceext.com *.tryinteract.com *.addtoany.com *.monsido.com  *.agitate.ie  *.braintree-api.com  *.flexiquiz.com *.youtube.com *.braintreegateway.com  *.doubleclick.net  *.eventbrite.ie  *.facebook.com  *.facebook.net  *.google.com  *.google.ie  'unsafe-inline'  *.google-analytics.com  *.googleapis.com  *.googletagmanager.com  *.gravatar.com  *.gstatic.com  *.hotjar.com  *.ihfserviceext.com  *.paypal.com  *.paypalobjects.com  *.smassets.net  *.surveymonkey.com  *.youtube-nocookie.com  ajax.googleapis.com  'unsafe-inline'  cdn.cookielaw.org  'unsafe-inline'  cdn.jsdelivr.net    checkout.paypal.com  'unsafe-inline'  code.jquery.com    connect.facebook.net  'unsafe-inline'  gravatar.com  i.ytimg.com  *.ihfserviceext.com  'unsafe-inline'  js.braintreegateway.com  'unsafe-inline'  js.stripe.com  m.stripe.network;     frame-ancestors  'self'  ihfserviceext.com  *.ihfserviceext.com  *.addtoany.com  *.braintree-api.com  *.facebook.com  *.facebook.net  *.google.com    *.google.ie  *.googleapis.com  *.hotjar.com *.paypalobjects.com  *.surveymonkey.com  ajax.googleapis.com  cdn.cookielaw.org  cdn.jsdelivr.net    checkout.paypal.com  code.jquery.com    connect.facebook.net  js.braintreegateway.com  js.stripe.com  www.facebook.com  www.google.com  www.google-analytics.com  www.googletagmanager.com  www.gstatic.com  www.youtube.com www.youtube-nocookie.com.com www.double-click.com  vars.hotjar.com;  connect-src  'self'  *.monsido.com *.addtoany.com  *.agitate.ie  *.braintree-api.com  *.braintreegateway.com  *.doubleclick.net  *.facebook.com  *.facebook.net  *.google.com  *.google.ie  'unsafe-inline'  *.google-analytics.com  *.googleapis.com  *.googletagmanager.com  *.gravatar.com  *.gstatic.com  *.hotjar.com  *.paypal.com  *.smassets.net  *.surveymonkey.com  *.youtube-nocookie.com  cdn.cookielaw.org  cdn.jsdelivr.net  checkout.paypal.com  content.hotjar.io  events.hotjar.io  *.hotjar.com  *.onetrust.com *.gravatar.com  i.ytimg.com  'unsafe-inline' *.ihfserviceext.com 'unsafe-inline' ihfserviceext.com  'unsafe-inline'  js.braintreegateway.com  js.stripe.com  m.stripe.network  stats.g.doubleclick.net  surveystats.hotjar.io  vc.hotjar.io  wss://*.hotjar.com  'unsafe-inline'  www.double-click.com  www.google-analytics.com  www.youtube.com; 1
base-uri 'self'; default-src https://www.google.com/ 'self' 'nonce-858df921fee9f4b927bfa77e7a2f1ba0' https://cdn.shopify.com https://shopify.com; frame-ancestors https://app.storyblok.com/ https://www.google.com/ none; style-src 'self' http://localhost:* https://www.google.com/ https://cdn.shopify.com https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com http://fonts.googleapis.com 'unsafe-inline' https://cdn.jsdelivr.net/npm/intl-tel-input@19.5.3/build/css/intlTelInput.css 'self' 'unsafe-inline' https://cdn.shopify.com; connect-src 'self' http://localhost:* ws://localhost:* https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__en_gb.js https://www.google.com/ https://monorail-edge.shopifysvc.com/ https://maps.googleapis.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://ipapi.co/json https://connect.prod.bcomo.com http://*.axept.io https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://analytics.tiktok.com https://google.com https://google.com/pay https://pay.google.com out.adyen.com https://*.adyen.com https://www.facebook.com 'self' https://monorail-edge.shopifysvc.com; img-src 'self' http://localhost:* https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__en_gb.js https://www.google.com/ https://cdn.shopify.com https://www.gstatic.com https://a.storyblok.com https://scontent-nrt1-1.cdninstagram.com https://scontent-nrt1-2.cdninstagram.com https://maps.gstatic.com https://maps.googleapis.com https://*.prod.bcomo.com https://image-fit-prod.como-services.com https://*.adyen.com https://axeptio.imgix.net http://*.axept.io https://www.facebook.com data: https://developers.google.com https://*.cdninstagram.com; font-src 'self' http://localhost:* https://www.google.com/ https://fonts.gstatic.com https://cdn.shopify.com https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com; script-src 'self' http://localhost:* https://unpkg.com/ https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__en_gb.js https://cdn.shopify.com https://maps.googleapis.com https://www.gstatic.com/recaptcha/releases/MHBiAvbtvk5Wb2eTZHoP1dUd/recaptcha__en_gb.js https://cdn.jsdelivr.net https://www.googletagmanager.com http://*.axept.io https://connect.facebook.net https://www.google-analytics.com https://*.hotjar.com https://analytics.tiktok.com https://*.google.com https://static.hotjar.com out.adyen.com 'unsafe-inline'; media-src https://a.storyblok.com; frame-src https://*.adyen.com https://pay.google.com; manifest-src https://*.shopify.com https://*.myshopify.com https://*.myshopify.dev 1
frame-ancestors 'self' experience.adobe.com aldinord.experiencecloud.adobe.com aldianer.staffbase.com aldinord-custom.staffbase.com http://www.aldianer-nord.de https://www.aldianer-nord.de http://staffbase.com capacitor://aldianer-nord.de capacitor://staffbase.com cname-main-de1.staffbase.com magazine.aldi-nord.de 195.192.131.24 localhost:*; default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 1
frame-ancestors self https://lionsgateplus.com 1
font-src fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: *.gstatic.com 'self' data: cdn.honey.io use.typekit.net www.mheducation.co.uk assets.merci-app.com at.alicdn.com cdn.scite.ai cdnjs.cloudflare.com fonts.bunny.net pouch-global-font-assets.s3.eu-central-1.amazonaws.com shopping.qantas.com www.mhprofessional.com *.wistia.com player.flipsnack.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.mheducation *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.mheducation *.weltpixel.com cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com *.vidyard.com *.mheducation.com cloud.3dissue.net player.flipsnack.com *.cloudfront.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net 'self' data: www.google.de adservice.google.com analytics.twitter.com app-sj01.marketo.com asia-s3-mhe-prod.s3.amazonaws.com cdn.honey.io cdn3.iconfinder.com co1.qualtrics.com covers.mhedu.com ecommerce.payulatam.com fonts.gstatic.com i.pinimg.com info.mheducation.com learn.mheducation.com log-papago.naver.com m.media-amazon.com mheducation-mea.github.io mhp-assets.s3.amazonaws.com px4.ads.linkedin.com region1.google-analytics.com simplesharebuttons.com siteintercept.qualtrics.com spain-s3-mhe-prod.s3.amazonaws.com t.co translate.google.com www-mheducation-ca.ezpminer.urmc.rochester.edu www.accessengineeringlibrary.com www.facebook.com *.google.co.uk www.linkedin.com www.mheducation.ca www.mheducation.com www.mheducation.es asia-s3-mhe-prod.s3-eu-west-1.amazonaws.com asia-s3-mhe-prod.s3.eu-west-1.amazonaws.com canada.p.ctidigital.com cdn.vidyard.com connect.facebook.net image.flaticon.com ir-in.amazon-adsystem.com latam-s3-mhe-prod.s3.eu-west-1.amazonaws.com login.dotomi.com media.msg.dotomi.com mhp-assets.s3.eu-west-1.amazonaws.com p.typekit.net play.vidyard.com region1.analytics.google.com static.thenounproject.com ws-in.amazon-adsystem.com ad.doubleclick.net betterresearch.com canada.pre-prod.ctidigital.com ssl.google-analytics.com www.mheducation.co.in www.mhprofessional.com cdn.cookielaw.org cloud.3dissue.net fast.wistia.com player.flipsnack.com *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.google.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com https://www.googletagmanager.com tagmanager.google.com unpkg.com analytics.tiktok.com connect.facebook.net munchkin.marketo.net script.hotjar.com static.hotjar.com tools.luckyorange.com ucads-cdn.ucweb.com use.typekit.net app-sj01.marketo.com gateway.zscalerone.net info.mheducation.com learn.mheducation.com nd3n4.m70vee7.com play.vidyard.com siteintercept.qualtrics.com static.ads-twitter.com code.jquery.com sleeknotecustomerscripts.sleeknote.com wsc2e.ez05w7r.com iframely.net www.google.com 4ddons.com 7896543.s3.amazonaws.com cdnjs.cloudflare.com ssl.google-analytics.com www.ili.ir www.mhprofessional.com www.pagespeed-mod.com cdn.cookielaw.org app-sjqe.marketo.com *.siteintercept.qualtrics.com *.payulatam.com *.cloudflare.com fast.wistia.com player.flipsnack.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.gstatic.com tagmanager.google.com app-sj01.marketo.com cdn.honey.io info.mheducation.com learn.mheducation.com fonts.bunny.net www.mhprofessional.com fast.wistia.com player.flipsnack.com *.cloudfront.net 'self' 'unsafe-inline'; object-src info.mheducation.com player.flipsnack.com 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com asia-s3-mhe-prod.s3-eu-west-1.amazonaws.com content.studysync.com mhp-assets.s3.amazonaws.com spain-s3-mhe-prod.s3.amazonaws.com asia-s3-mhe-prod.s3.eu-west-1.amazonaws.com cloud.3dissue.net/14552/14572/14643/88645/index.html fast.wistia.com player.flipsnack.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.facebook.com *.datatrics.com t.elasticsuite.io *.facebook.net *.payulatam.com 128-sjw-347.mktoresp.com 128-sjw-347.mktoutil.com 303-fkf-702.mktoresp.com 303-fkf-702.mktoutil.com ad.doubleclick.net adservice.google.com api-preview.luckyorange.com centinelapi.cardinalcommerce.com csmetrics.hotjar.com geolocation.onetrust.com gjtrack.ucweb.com kg668dbov0.execute-api.us-east-1.amazonaws.com metrics.hotjar.io play.vidyard.com plugin.ucads.ucweb.com privacyportal.onetrust.com pubsub.googleapis.com region1.analytics.google.com settings.luckyorange.com siteintercept.qualtrics.com translate.googleapis.com vc.hotjar.io wedata.net ws2.hotjar.com www.facebook.com www.google.ad www.google.ae www.google.at www.google.be www.google.ca www.google.ch www.google.cl www.google.co.cr www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.co.th www.google.co.uk www.google.co.za www.google.co.zw www.google.com www.google.com.ar www.google.com.au www.google.com.bh www.google.com.co www.google.com.do www.google.com.ec www.google.com.fj www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pr www.google.com.sa www.google.com.sg www.google.com.tr www.google.cz www.google.de www.google.es www.google.gr www.google.hn www.google.hr www.google.it www.google.nl www.google.ru www.google.se analytics.tiktok.com cdn.linkedin.oribi.io content.hotjar.io realtime.luckyorange.com writer.cardinalcommerce.com ws.hotjar.com ws25.hotjar.com www.google.com.eg www.google.com.tw www.google.ie www.google.ro subwayblaze.com www.mhprofessional.com cdn.cookielaw.org wss://ws.hotjar.com *.wistia.com player.flipsnack.com *.cloudfront.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com play.vidyard.com player.flipsnack.com *.wistia.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: 'unsafe-inline' script-src: 'unsafe-eval' 1
default-src * data: 'unsafe-inline' 'unsafe-eval'; script-src * data: 'unsafe-inline' 'unsafe-eval'; object-src * data: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: https://www.facebook.com https://www.cardeasy.com https://connect.facebook.net https://*.6sc.co https://kit.fontawesome.com/1235c8a8d3.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://stats.g.doubleclick.com https://stats.g.doubleclick.net https://www.gstatic.com https://static.licdn.com https://secure.adnxs.com; style-src 'self' 'unsafe-inline' https: https://www.cardeasy.com https://www.gstatic.com https://fonts.googleapis.com https://p.typekit.net https://use.fontawesome.com https://use.typekit.net; connect-src 'self' https: https://www.facebook.com https://www.cardeasy.com https://ga-trak-170814.appspot.com https://*.6sc.co https://ka-f.fontawesome.com https://*.google-analytics.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://secure.adnxs.com; font-src 'self' data: https: https://www.cardeasy.com https://fonts.gstatic.com https://ka-f.fontawesome.com https://use.fontawesome.com https://use.typekit.net; frame-src 'self' https: data: https://www.cardeasy.com https://www.facebook.com https://www.google.com; img-src 'self' 'unsafe-inline' data: https: https://analytics.twitter.com https://t.co https://*.6sc.co https://px.ads.linkedin.com https://secure.gravatar.com https://t.co https://www.facebook.com https://www.google.com https://www.google.co.uk https://www.gstatic.com https://*.google-analytics.com https://px.ads.linkedin.com https://www.cardeasy.com; media-src 'self' data: https: https://www.cardeasy.com; report-uri https://www.cardeasy.com/wp-json/cardeasy/v1/csp; base-uri 'self'; 1
frame-ancestors 'self' *.mrsfields.com 1
'default-src' 'self' 1
default-src 'self' *.azurewebsites.net *.herokuapp.com *.gob.mx *.googleapis.com *.google-analytics.com sandbox.mifiel.com *.mifiel.co ajax.google-analytics.com *.prodarshield.com 'unsafe-inline' ; font-src *;img-src * *.prodarshield.com data:; script-src code.jquery.com * 'unsafe-inline'; style-src * 'unsafe-inline'; connect-src *.azurewebsites.net wss://ws-portal-federado.herokuapp.com *.herokuapp.com *.google-analytics.com; frame-src * blob: 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-3825f53aff3d4d519208ebe5f90daf74'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
report-to csp-report-endpoint; report-uri /logger/info/csp-report; frame-ancestors *; default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: wss: blob: 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net *.cloudinary.com *.mapbox.com *.cookieyes.com cdn-cookieyes.com *.googletagmanager.com *.google-analytics.com *.google.com *.hotjar.com *.zoominfo.com api.swiftype.com https://js.hs-banner.com https://js.hsleadflows.net https://forms.hubspot.com https://js.hscollectedforms.net 'self' js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net https://cdn.insight.sitefinity.com https://dec.azureedge.net cloudinary.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.mapbox.com *.cookieyes.com cdn-cookieyes.com *.googletagmanager.com *.google-analytics.com *.google.com *.doubleclick.net 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.cloudinary.com *.cookieyes.com cdn-cookieyes.com *.googletagmanager.com *.google-analytics.com *.google.com api.swiftype.com i.ytimg.com img.youtube.com stats.g.doubleclick.net www.google.ca https://js.hsleadflows.net https://forms.hsforms.com 'self' js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cloudinary.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.cookieyes.com cdn-cookieyes.com *.googletagmanager.com *.google-analytics.com *.google.com; frame-src https://www.youtube.com https://player.vimeo.com https://gispub.epa.gov www.google.com *.cookieyes.com cdn-cookieyes.com *.googletagmanager.com *.google-analytics.com *.google.com https://www.youtube-nocookie.com 'self' https://forms.hubspot.com forms.hsforms.com cloudinary.com *.cloudinary.com; connect-src accounts.google.com *.mktoresp.com *.visualstudio.com https://www.youtube.com/s/player/02208bb4/www-widgetapi.vflset/www-widgetapi.js *.cloudinary.com *.mapbox.com *.cookieyes.com cdn-cookieyes.com *.googletagmanager.com *.google.com *.google-analytics.com stats.g.doubleclick.net ws.zoominfo.com *.hotjar.io *.hotjar.com wss://ws.hotjar.com https://forms.hubspot.com *.hsforms.com 'self' forms.hubspot.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com cloudinary.com; media-src 'self' data: blob: *.azureedge.net *.cloudinary.com *.cookieyes.com cdn-cookieyes.com *.googletagmanager.com *.google-analytics.com *.google.com cloudinary.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.cloudinary.com *.mapbox.com blob: *.cookieyes.com cdn-cookieyes.com *.googletagmanager.com *.google-analytics.com *.google.com cloudinary.com 1
default-src  'self' 'unsafe-inline'; font-src data: 'self'; child-src  'self'; connect-src https://translate.googleapis.com https://www.google-analytics.com/ https://*.readspeaker.com/ https://*.google-analytics.com/ 'self'; frame-src https://www.youtube.com/ 'self'; frame-ancestors  'self'; img-src https://translate.googleapis.com https://www.google.com https://translate.google.com https://www.gstatic.com https://fonts.gstatic.com/ 'self' data:; media-src  'self'; object-src  'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; style-src https://www.gstatic.com https://translate.googleapis.com https://*.readspeaker.com/ 'self' 'unsafe-inline';  worker-src  'self' blob: 1
default-src 'self' 'unsafe-inline' assets.risk.net assets.insurancehound.co.uk assets.waterstechnology.com assets.risklibrary.net assets.centralbanking.com assets.postonline.co.uk assets.incinsight.com assets.insuranceage.co.uk assets.euinsurancetech.com assets.fx-markets.com assets.risktech-forum.com assets.infopro-insight.com assets.chartis-research.com content.jwplatform.com videos-cloudfront-usp.jwpsrv.com securepubads.g.doubleclick.net blob:; connect-src *; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com assets.risk.net assets.insurancehound.co.uk assets.waterstechnology.com assets.risklibrary.net assets.centralbanking.com assets.postonline.co.uk assets.incinsight.com assets.insuranceage.co.uk assets.euinsurancetech.com assets.fx-markets.com assets.risktech-forum.com assets.infopro-insight.com assets.chartis-research.com; frame-src *; img-src * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.risk.net assets.insurancehound.co.uk assets.waterstechnology.com assets.risklibrary.net assets.centralbanking.com assets.postonline.co.uk assets.incinsight.com assets.insuranceage.co.uk assets.euinsurancetech.com assets.fx-markets.com assets.risktech-forum.com assets.infopro-insight.com assets.chartis-research.com blob: cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com https://assets.infopro-insight.com https://cdn.jsdelivr.net https://cdn.mathjax.org https://cdnjs.cloudflare.com https://code.highcharts.com https://code.jquery.com https://polyfill-fastly.io https://unpkg.com https://www.google.com platform.instagram.com platform.twitter.com unpkg.com; script-src-elem * 'unsafe-inline'; style-src 'self' 'unsafe-inline' assets.risk.net assets.insurancehound.co.uk assets.waterstechnology.com assets.risklibrary.net assets.centralbanking.com assets.postonline.co.uk assets.incinsight.com assets.insuranceage.co.uk assets.euinsurancetech.com assets.fx-markets.com assets.risktech-forum.com assets.infopro-insight.com assets.chartis-research.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; form-action *; frame-ancestors 'self'; report-uri https://www.insuranceage.co.uk/report-uri/enforce 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-YmM0M2M4NWZiOTg3NGNhMzkxNTY2ZDlmM2FhM2FhMzQ=' https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.wrr.nl; font-src 'self' https://statistiek.rijksoverheid.nl; object-src 'none'; connect-src https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.wrr.nl; img-src 'self' data: https://d3oiud1b8fohdw.cloudfront.net https://statistiek.rijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.toegankelijkheidsverklaring.nl; media-src 'self' https://*.rovid.nl https://*.rijksoverheidsvideo.nl; form-action 'self' https://export.highcharts.com https://*.contenttoolsrijksoverheid.nl https://*.wrr.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' amnestymoves.at go.webmozarts.com localhost ionic: 1
default-src 'self' *.google-analytics.com https://*.wogaa.sg https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ https://snowplow-web.wogaa.sg/ https://va.ecitizen.gov.sg https://*.adobedtm.com https://*.demdex.net; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com blob: https://*.wogaa.sg https://assets.adobedtm.com/ https://assets.dcube.cloud/scripts/wogaa.js https://*.dcube.cloud https://cdnjs.cloudflare.com/ https://www.cnb.gov.sg https://va.ecitizen.gov.sg/ https://assets.wogaa.sg/ https://*.adobedtm.com https://*.demdex.net https://*.gov.sg/ https://www.googletagmanager.com/ https://*.formstack.com/ https://js.stripe.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.google-analytics.com https://assets.wogaa.sg/fonts/ https://va.ecitizen.gov.sg/ https://*.gov.sg/ 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://img.youtube.com/ https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://*.onemap.sg/ https://*.onemap.gov.sg/ *.eloqua.com https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://dpm.demdex.net/ https://va.ecitizen.gov.sg/ https://www.cnb.gov.sg/ https://maps-a.onemap.sg/ https://maps-b.onemap.sg/ https://maps-c.onemap.sg/ https://docs.onemap.sg/ https://*.vica.gov.sg https://static.formstack.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://assets.wogaa.sg/fonts/ https://va.ecitizen.gov.sg/ https://s3-us-west-2.amazonaws.com/ https://static.formstack.com; frame-src https://wogaa.demdex.net/ https://platform.twitter.com/ https://www.facebook.com/ https://syndication.twitter.com/ https://www.google.com/ https://www.youtube.com/ https://forms.cwp.gov.sg/ https://*.adobedtm.com https://*.demdex.net https://player.vimeo.com https://m.facebook.com/ https://www.onemap.gov.sg/ https://hogarth-qollb.formstack.com/ 'self' web-chat.nativechat.com; connect-src accounts.google.com *.google-analytics.com *.mktoresp.com https://dpm.demdex.net/ https://snowplow-web.wogaa.sg/ https://va.ecitizen.gov.sg https://wogadobeanalytics.sc.omtrdc.net https://*.adobedtm.com https://*.demdex.net https://*.gov.sg/ https://*.formstack.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://*.adobedtm.com https://*.demdex.net 'self' web-chat.nativechat.com 1
default-src 'self';connect-src 'self' https://* https://app.getgrasp.com:9081;img-src 'self' https://* data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* http://* http://cdn.jsdelivr.net;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://* http://* https://api.addressnow.co.uk http://cdn.jsdelivr.net;style-src 'self' 'unsafe-inline' https://* data: https://api.addressnow.co.uk;frame-src 'self' https://* http://www.youtube.com/ https://www.youtube.com/;frame-ancestors 'self' https://* http://www.youtube.com/ https://www.youtube.com/;font-src 'self' https://* data: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src 'self' https://www.google.com/ https://www.google.com/recaptcha/ 1
default-src 'self' cdnjs.cloudflare.com www.google.com  maxcdn.bootstrapcdn.com script-src 'unsafe-inline' 'unsafe-eval'; 1
upgrade-insecure-requests; default-src 'self' ziftsolutions.ccindex.cn *.eu.ziftsolutions.com *.eu.ziftone.com *.eu.zift123.com *.eu.ziftmarcom.com *.ziftsolutions.com *.staging.ziftone.com *.ziftone.com *.google-analytics.com *.wistia.com *.wistia.net blob: ; img-src 'self' http: https://*.trychameleon.com https://*.chmln-cdn.com https: ziftsolutions.ccindex.cn *.eu.ziftsolutions.com *.eu.ziftone.com *.eu.zift123.com *.eu.ziftmarcom.com  *.ziftsolutions.com s3.amazonaws.com *.google-analytics.com *.wistia.com *.wistia.net data: blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://*.trychameleon.com checkout.stripe.com *.eu.ziftsolutions.com *.eu.ziftone.com *.eu.zift123.com *.eu.ziftmarcom.com *.ziftsolutions.com *.ziftone.com *.getbee.io *.googleapis.com *.google-analytics.com *.zdassets.com *.googletagmanager.com *.google.com *.pendo.io browser-update.org static.zdassets.com s3.amazonaws.com *.zopim.com *.churnzero.net *.marketo.com *.wistia.com *.wistia.net data: ; connect-src 'self' https: wss://grid.meya.ai wss://partnerapps.eu.qlikcloud.com https://*.trychameleon.com ziftsolutions.ccindex.cn *.eu.ziftsolutions.com *.eu.ziftone.com *.eu.zift123.com *.eu.ziftmarcom.com *.ziftsolutions.com *.ziftone.com *.zift123.com *.zendesk.com *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com *.churnzero.net *.getbee.io *.google-analytics.com *.wistia.com *.wistia.net *.litix.io data: ; style-src 'self' 'unsafe-inline' blob: https: fast.wistia.com https://*.trychameleon.com; font-src 'self' https: https://*.chmln-cdn.com fast.wistia.com fast.wistia.net https://*.chmln-cdn.com data:; media-src 'self' https: ziftsolutions.ccindex.cn *.eu.ziftsolutions.com *.eu.ziftone.com *.eu.zift123.com *.eu.ziftmarcom.com *.ziftsolutions.com *.zift123.com *.ziftone.com *.looker.com *.ziftmarcom.com *.lenovo.com *.wistia.com *.wistia.net blob: data: ; object-src 'self' https: *.eu.ziftsolutions.com *.eu.ziftone.com *.eu.zift123.com *.eu.ziftmarcom.com *.ziftsolutions.com *.zift123.com *.ziftone.com *.looker.com *.ziftmarcom.com; frame-src 'self' https: https://*.trychameleon.com https://*.trychameleon.com https://*.chmln-cdn.com *.onserro.com *.onserrodemo.com ziftsolutions.ccindex.cn *.eu.ziftsolutions.com *.eu.ziftone.com *.eu.zift123.com *.eu.ziftmarcom.com *.ziftsolutions.com *.zift123.com *.staging.ziftone.com *.ziftone.com *.looker.com *.ziftmarcom.com *.getbee.io *.getbee.com; frame-ancestors 'self' https: *.onserro.com *.onserrodemo.com ziftsolutions.ccindex.cn *.eu.ziftsolutions.com *.eu.ziftone.com *.eu.zift123.com *.eu.ziftmarcom.com *.ziftsolutions.com *.zift123.com *.ziftone.com *.looker.com *.ziftmarcom.com www.sandlerportalmarketing.com http://transform.cisco.com https://transform.cisco.com https://*.lookbookhq.com https://*.pathfactory.com http://*.lookbookhq.com http://*.pathfactory.com; worker-src 'self' blob: ; 1
script-src  'nonce-zCxgPYnJwiYzZDxURYP9dw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about; base-uri 'self' 1
default-src 'self' ; worker-src 'self'  data: blob:; report-uri https://eagerly.nl/reports/report.php; img-src 'self' * data:; media-src 'self' https://longjohns.nl https://*.doubleclick.net https://*.publitas.com https://*.facebook.com https://*.formitable.com https://*.google.com https://*.youtube.com https://*.spotify.com https://*.googletagmanager.com https://*.doubleclick.net https://*.publitas.com https://*.facebook.com https://*.formitable.com https://*.google.com https://*.youtube.com https://*.spotify.com https://*.googletagmanager.com blob: data:; connect-src 'self' https://view.publitas.com https://*.googlesyndication.com https://*.run.app https://*.google.nl https://*.facebook.com https://yoast.com https://*.google.com https://*.hotjar.io https://*.doubleclick.net https://*.plyr.io https://noembed.com https://*.formitable.com https://*.googletagmanager.com https://*.google-analytics.com; frame-src 'self' https://longjohns.nl https://*.doubleclick.net https://*.publitas.com https://*.facebook.com https://*.formitable.com https://*.google.com https://*.youtube.com https://*.spotify.com https://*.googletagmanager.com https://*.doubleclick.net https://*.publitas.com https://*.facebook.com https://*.formitable.com https://*.google.com https://*.youtube.com https://*.spotify.com https://*.googletagmanager.com; child-src 'self' https://longjohns.nl https://*.doubleclick.net https://*.publitas.com https://*.facebook.com https://*.formitable.com https://*.google.com https://*.youtube.com https://*.spotify.com https://*.googletagmanager.com https://*.doubleclick.net https://*.publitas.com https://*.facebook.com https://*.formitable.com https://*.google.com https://*.youtube.com https://*.spotify.com https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://squeezely.tech https://squeezely.tech https://*.youtube.com https://*.lfeeder.com https://*.hotjar.com https://*.facebook.net https://*.formitable.com https://*.publitas.com https://*.googletagmanager.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.formitable.com https://*.googleapis.com; font-src 'self' https://*.faceworks.nl https://*.googleapis.com https://*.gstatic.com https://*.faceworks.nl https://*.googleapis.com https://*.gstatic.com data:; form-action 'self' https://*.facebook.com https://*.facebook.com; frame-ancestors 'self' ; 1
upgrade-insecure-requests ; connect-src 'self' https:; default-src 'self' https://use.typekit.net https://fonts.googleapis.com https://p.typekit.net https://www.googletagmanager.com https://fonts.gstatic.com https://www.google-analytics.com https://js.hs-scripts.com https://www.google.com https://www.youtube.com/iframe_api https://js.hs-banner.com https://js.hs-analytics.net https://www.gstatic.com https://js.usemessages.com https://js.hsadspixel.net https://js.hscollectedforms.net https://www.youtube.com https://api.hubapi.com https://forms.hubspot.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.se https://app.hubspot.com https://forms.hsforms.com https://wcs-veeamdataprotection-ucsitsolutionsab.swcontentsyndication.com/; font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://p.typekit.net https://www.googletagmanager.com https://fonts.gstatic.com https://www.google-analytics.com https://js.hs-scripts.com https://www.google.com https://www.youtube.com/iframe_api https://js.hs-banner.com https://js.hs-analytics.net https://www.gstatic.com https://js.usemessages.com https://js.hsadspixel.net https://js.hscollectedforms.net https://www.youtube.com https://api.hubapi.com https://forms.hubspot.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.se https://app.hubspot.com https://forms.hsforms.com data:; frame-src https://content.cookiebot.com https://www.google.com https://consentcdn.cookiebot.com https://consent.cookiebot.com; img-src 'self' https://use.typekit.net https://fonts.googleapis.com https://p.typekit.net https://www.googletagmanager.com https://fonts.gstatic.com https://www.google-analytics.com https://js.hs-scripts.com https://www.google.com https://www.youtube.com/iframe_api https://js.hs-banner.com https://js.hs-analytics.net https://www.gstatic.com https://js.usemessages.com https://js.hsadspixel.net https://js.hscollectedforms.net https://www.youtube.com https://api.hubapi.com https://forms.hubspot.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.se https://app.hubspot.com https://forms.hsforms.com https://track.hubspot.com data: https://imgsct.cookiebot.com; script-src 'self' unsafe-inline 'unsafe-inline' https://use.typekit.net https://fonts.googleapis.com https://p.typekit.net https://www.googletagmanager.com https://fonts.gstatic.com https://www.google-analytics.com https://js.hs-scripts.com https://www.google.com https://www.youtube.com/iframe_api https://js.hs-banner.com https://js.hs-analytics.net https://www.gstatic.com https://js.usemessages.com https://js.hsadspixel.net https://js.hscollectedforms.net https://www.youtube.com https://api.hubapi.com https://forms.hubspot.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.se https://app.hubspot.com https://forms.hsforms.com https://api.hubspot.com https://track.hubspot.com https://consentcdn.cookiebot.com https://consent.cookiebot.com; script-src-attr 'self' https://use.typekit.net https://fonts.googleapis.com https://p.typekit.net https://www.googletagmanager.com https://fonts.gstatic.com https://www.google-analytics.com https://js.hs-scripts.com https://www.google.com https://www.youtube.com/iframe_api https://js.hs-banner.com https://js.hs-analytics.net https://www.gstatic.com https://js.usemessages.com https://js.hsadspixel.net https://js.hscollectedforms.net https://www.youtube.com https://api.hubapi.com https://forms.hubspot.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.se https://app.hubspot.com https://forms.hsforms.com https://api.hubspot.com https://track.hubspot.com https://consentcdn.cookiebot.com https://consent.cookiebot.com; script-src-elem 'self' https://use.typekit.net https://fonts.googleapis.com https://p.typekit.net https://www.googletagmanager.com https://fonts.gstatic.com https://www.google-analytics.com https://js.hs-scripts.com https://www.google.com https://www.youtube.com/iframe_api https://js.hs-banner.com https://js.hs-analytics.net https://www.gstatic.com https://js.usemessages.com https://js.hsadspixel.net https://js.hscollectedforms.net https://www.youtube.com https://api.hubapi.com https://forms.hubspot.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.se https://app.hubspot.com https://forms.hsforms.com https://api.hubspot.com https://track.hubspot.com 'unsafe-inline' https://consentcdn.cookiebot.com https://consent.cookiebot.com; style-src https: 'unsafe-inline'; worker-src blob; 1
default-src 'none'; script-src 'self' https://*.typekit.net/ https://*.clarity.ms/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://*.googleapis.com/ https://*.gstatic.com/ https://seal.thawte.com/ https://secure.bluepay.com https://seal.digicert.com/ https://www.safewayxchange.com/ 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.clarity.ms/ https://stats.g.doubleclick.net; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://dev.virtualearth.net/ data: https://seal.digicert.com https://www.google.com; style-src 'self' 'unsafe-inline' https://*.typekit.net/ https://fonts.googleapis.com/ https://*.gstatic.com; font-src 'self' https://*.typekit.net/ https://fonts.gstatic.com/ https://fonts.googleapis.com/; frame-src 'self' https://secure.bluepay.com https://www.safewayxchange.com/; object-src 'self'; media-src 'self' https://www.google-analytics.com/; manifest-src 'self'; frame-ancestors 'self' 1
default-src 'self' https:;img-src blob: data: *;worker-src 'self' blob:;child-src 'self' blob:;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://*.googleapis.com https://smartsupp-widget-161959.c.cdn77.org https://*.smartsuppchat.com https://*.smartsupp.com https://fonts.googleapis.com https://*.smartform.cz https://cdn.jsdelivr.net https://*.twitter.com/ https://*.tiktok.com https://*.ttwstatic.com/;font-src 'self' data: chrome-extensio: chrome-extension-resource: https://use.fontawesome.com https://*.gstatic.com https://webfonts.zohostatic.com https://smartsupp-widget-161959.c.cdn77.org https://*.smartsuppchat.com https://*.smartsupp.com https://cdnjs.cloudflare.com;object-src 'self' https://smartsupp-widget-161959.c.cdn77.org;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://*.packeta.com https://www.seznam.cz https://*.seznam.cz https://h.seznam.cz https://c.seznam.cz https://*.zbozi.cz https://*.im9.cz https://im9.cz https://*.facebook.net https://*.facebook.com https://*.analytics.google.com https://*.googlesyndication.com https://*.google-analytics.com https://www.googletagmanager.com https://*.doubleclick.net https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.google.cz https://*.google.sk https://c.imedia.cz https://*.imedia.cz https://*.smartsupp.com https://*.smartsuppchat.com https://smartsupp-widget-161959.c.cdn77.org https://*.inspectlet.com https://*.smartlook.com https://*.pingdom.net https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs-pro@3/dist/fp.min.js https://fpnpmcdn.net https://*.smartform.cz https://beacon-v2.helpscout.net https://cdn.jsdelivr.net https://*.twitter.com/ https://*.tiktok.com https://fpjscdn.net/;script-src-elem 'self' 'unsafe-inline' https://*.packeta.com https://www.seznam.cz https://*.seznam.cz https://h.seznam.cz https://c.seznam.cz https://*.zbozi.cz https://*.im9.cz https://im9.cz https://*.facebook.net https://*.facebook.com https://*.analytics.google.com https://*.googlesyndication.com https://*.google-analytics.com https://www.googletagmanager.com https://*.doubleclick.net https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.google.cz https://*.google.sk https://c.imedia.cz https://*.imedia.cz https://*.smartsupp.com https://*.smartsuppchat.com https://smartsupp-widget-161959.c.cdn77.org https://*.inspectlet.com https://*.smartlook.com https://*.pingdom.net https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs-pro@3/dist/fp.min.js https://fpnpmcdn.net https://*.smartform.cz https://beacon-v2.helpscout.net https://cdn.jsdelivr.net https://*.twitter.com/ https://*.tiktok.com https://*.ttwstatic.com/ https://fpjscdn.net/;connect-src 'self' blob: https://*.google.com adservice.google.com https://*.googleadservices.com https://google.com https://*.google.cz https://*.packeta.com https://*.google.sk https://*.googleapis.com https://*.seznam.cz https://*.facebook.com https://*.facebook.net https://*.mmapiws.com https://*.doubleclick.net https://img.hk1.cz https://*.analytics.google.com https://*.google-analytics.com https://www.googletagmanager.com https://smartsupp-widget-161959.c.cdn77.org https://*.smartsupp.com https://*.smartlook.cloud https://s12.smartsupp.com wss://*.smartsupp.com wss://ws.inspectlet.com https://*.inspectlet.com https://*.smartlook.com https://*.pingdom.net https://media.herni-kupony.cz https://api.sjpf.io/ https://*.fptls.com https://*.fptls2.com https://*.fptls3.com https://*.fptls4.com https://*.fpjs.io https://*.api.fpjs.io https://*.fpapi.io/ https://fp.herni-kupony.cz/ https://fp.herne-kupony.sk/ https://*.smartform.cz https://www.instagram.com https://d3hb14vkzrxvla.cloudfront.net https://beaconapi.helpscout.net https://chatapi.helpscout.net https://*.googlesyndication.com wss://ws-helpscout.pusher.com https://sockjs-helpscout.pusher.com;frame-src 'self' https://*.packeta.com https://*.zbozi.cz https://*.imedia.cz https://c.imedia.cz https://www.seznam.cz https://*.seznam.cz https://h.seznam.cz https://*.csob.cz https://*.monetplus.cz https://*.google.com https://*.google.cz https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googlesyndication.com https://*.doubleclick.net https://*.googleapis.com https://www.youtube.com https://www.youtube-nocookie.com https://*.facebook.net https://*.facebook.com https://*.smartsupp.com https://*.smartsuppchat.com https://*.smartform.cz https://*.twitter.com/ https://twitter.com/ https://*.tiktok.com;form-action 'self' https://*.facebook.com https://*.facebook.net https://secure.payu.com https://www.platnosci.pl https://*.gpwebpay.com https://pay.platbamobilom.sk https://form.hk1.cz https://*.csob.cz https://server.smartsupp.com;report-uri https://egitcz.uriports.com/reports/enforce; report-to default 1
default-src 'self' fonts.googleapis.com fonts.gstatic.com  maps.googleapis.com maps.gstatic.com; font-src 'self' data: fonts.gstatic.com; form-action 'self' *.sofort.com test.vr-pay-ecommerce.de vr-pay-ecommerce.de oppwa.com; frame-ancestors 'self'; img-src 'self' data: consent.cookiefirst.com static.cookiefirst.com *.ads.linkedin.com googleads.g.doubleclick.net www.linkedin.com www.facebook.com ct.pinterest.com oppwa.com test.vr-pay-ecommerce.de vr-pay-ecommerce.de widgets.trustedshops.com *.cdninstagram.com www.google.de www.google.com stats.g.doubleclick.net *.google-analytics.com maps.gstatic.com maps.googleapis.com c-live3a.pcon.eu; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: consent.cookiefirst.com www.google.com www.google.de googleads.g.doubleclick.net www.googleadservices.com connect.facebook.net snap.licdn.com s.pinimg.com oppwa.com test.vr-pay-ecommerce.de vr-pay-ecommerce.de test.oppwa.com oppwa.com *.google-analytics.com www.googletagmanager.com consentcdn.cookiebot.com  googletagmanager.com consent.cookiebot.com maps.googleapis.com widgets.trustedshops.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' consent.cookiefirst.com oppwa.com test.vr-pay-ecommerce.de vr-pay-ecommerce.de hello.myfonts.net fonts.googleapis.com; connect-src 'self' *.analytics.google.com  googleads.g.doubleclick.net www.google.com consent.cookiefirst.com static.cookiefirst.com api.cookiefirst.com edge.cookiefirst.com consentcdn.cookiebot.com ct.pinterest.com www.facebook.com oppwa.com maps.googleapis.com *.google-analytics.com test.vr-pay-ecommerce.de vr-pay-ecommerce.de stats.g.doubleclick.net graph.instagram.com; frame-src 'self' https: oppwa.com test.ppipe.net ppipe.net test.vr-pay-ecommerce.de vr-pay-ecommerce.de *.pcon.eu c-live1b.pcon.eu consentcdn.cookiebot.com ui.pcon-solutions.com c-live3a.pcon.eu; manifest-src 'self'; media-src 'self'; 1
default-src 'self' http: https:  cdnjs.cloudflare.com use.typekit.net www.google-analytics.com fonts.googleapis.com s.w.org;; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://code.jquery.com https://cdnjs.cloudflare.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' http: https:; img-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://fonts.googleapis.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; frame-src 'self' http: https: polaris.brighterir.com sirius.brighterir.com www.youtube-nocookie.com youtube-nocookie.com youtube.com vimeo.com; 1
frame-ancestors  https://gap.tw https://oldnavy.gap.tw https://www.gap.tw https://shopkeeper-aws.baozun.com https://shopkeeper.baozun.com 1
frame-ancestors 'self' https://cdw.lookbookhq.com http://cdw.lookbookhq.com http://solutions.cdw.com https://solutions.cdw.com 1
default-src 'self';script-src 'self' 'unsafe-eval' *.gralmedical.ro https://assets.privy.com www.oncofort.ro www.gstatic.com www.google.com cdn.ckeditor.com https://cdn.cookie-script.com googleads.g.doubleclick.net maps.googleapis.com www.googleadservices.com region1.google-analytics.com td.doubleclick.net pagead2.googlesyndication.com www.googletagmanager.com connect.facebook.net www.google-analytics.com code.jquery.com cdn.jsdelivr.net cdnjs.cloudflare.com https://intl-tel-input.com/node_modules/intl-tel-input/build/js/intlTelInput.js https://intl-tel-input.com/node_modules/intl-tel-input/build/js/utils.js assets.privy.com/packs/js/* static.hotjar.com script.hotjar.com widget.privy.com/assets/widget.js data: 'unsafe-inline'; style-src 'self' *.gralmedical.ro www.oncofort.ro cdn.ckeditor.com cdnjs.cloudflare.com https://assets.privy.com fonts.googleapis.com https://intl-tel-input.com/node_modules/intl-tel-input/build/css/intlTelInput.css cdn.jsdelivr.net code.jquery.com pro.fontawesome.com data: 'unsafe-inline'; font-src 'self' *.gralmedical.ro www.oncofort.ro fonts.gstatic.com pro.fontawesome.com cdnjs.cloudflare.com data: 'unsafe-inline'; frame-src 'self' *.gralmedical.ro www.oncofort.ro td.doubleclick.net  www.google.com vars.hotjar.com www.facebook.com https://youtu.be www.youtube.com data: 'unsafe-inline'; connect-src 'self' *.gralmedical.ro www.oncofort.ro https://googleads.g.doubleclick.net https://events.privy.com https://www.google.com stats.g.doubleclick.net www.googletagmanager.com pagead2.googlesyndication.com region1.google-analytics.com https://api.privy.com region1.analytics.google.com *.hotjar.io api.privy.com/businesses/73AF5C0EF75716E12208D320/campaigns.json wss://*.hotjar.com wss://ws23.hotjar.com/api/v2/client/ws ws23.hotjar.com wss://ws28.hotjar.com *.hotjar.com maps.googleapis.com www.google-analytics.com in.hotjar.com data: 'unsafe-inline'; img-src 'self' *.gralmedical.ro https://gralmedical.ro www.oncofort.ro https://assets.privy.com https://events.privy.com cdnjs.cloudflare.com www.facebook.com www.google.com https://intl-tel-input.com/node_modules/intl-tel-input/build/img/flags.png www.google.ro cdn.ckeditor.com www.gralmedical.ro www.google-analytics.com maps.googleapis.com code.jquery.com maps.gstatic.com img.youtube.com i.ytimg.com www.googletagmanager.com googleads.g.doubleclick.net via.placeholder.com lh3.ggpht.com cbks0.googleapis.com geo0.ggpht.com khms1.googleapis.com khms0.googleapis.com *.ggpht.com stage.gral.develop.eiddew.com blob: 'self' data: 'unsafe-inline';object-src blob: ; 1
default-src 'self' *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.fonts.gstatic.com  *.google.com *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.b2clogin.com *.cookiescanportal.b2clogin.com  *.cookiescan.azureedge.net   *.azureedge.net ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.b2clogin.com *.cookiescanportal.b2clogin.com *.googleapis.com *.google.com *.googletagmanager.com *.google-analytics.com *.clickdimensions.com *.analytics-eu.clickdimensions.com *.gstatic.com *.fonts.gstatic.com *.google.com *.cookiescan.com https://cookiescan.com *.issuu.com *.vimeo.com *.youtube.com *.linkedin.com  *.cookiescan.azureedge.net  *.azureedge.net data:;style-src 'self' 'unsafe-inline' *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.clickdimensions.com *.fonts.gstatic.com *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.cookiescan.com https://cookiescan.com *.issuu.com *.vimeo.com *.youtube.com *.linkedin.com *.gravatar.com *.b2clogin.com *.cookiescanportal.b2clogin.com  *.cookiescan.azureedge.net  *.azureedge.net data:;connect-src 'self' *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.cookiescan.com https://cookiescan.com *.doubleclick.net *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.b2clogin.com *.cookiescanportal.b2clogin.com *.cookiescan.azureedge.net  *.azureedge.net data:;font-src 'self' *.gstatic.com *.fonts.gstatic.com  *.google.com *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com  data:;img-src 'self' 'unsafe-inline' https://c5alliance.com *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.cookiescan.com https://cookiescan.com *.issuu.com *.vimeo.com *.youtube.com *.linkedin.com  *.gravatar.com *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com data:;frame-src 'self' 'unsafe-inline' *.gstatic.com  *.google.com  *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.issuu.com *.vimeo.com *.youtube.com *.linkedin.com *.b2clogin.com *.cookiescanportal.b2clogin.com  ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com fast.fonts.net themes.googleusercontent.com *.youtube.com *.google.com *.gstatic.com *.googleapis.com; 1
default-src 'self' ;style-src 'self' 'unsafe-inline' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com analytics.google.com ;font-src 'self' data: ;img-src 'self' secure.gravatar.com data: www.google.ca ;worker-src blob: ;connect-src 'self' www.google-analytics.com analytics.google.com stats.g.doubleclick.net ; 1
frame-ancestors https://d399ca.myshopify.com https://admin.shopify.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.gstatic.com ajax.aspnetcdn.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net foodafactoflife.h5p.com *.youtube.com *.onetrust.com;style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com;img-src 'self' *.onetrust.com i.vimeocdn.com *.umbraco.com umbraco.tv *.googleapis.com *.google-analytics.com *.google.co.uk *.google.com googleads.g.doubleclick.net data:;font-src 'self' fonts.gstatic.com;connect-src *;frame-src 'self' *.youtube.com *.youtube-nocookie.com eatwell.foodafactoflife.org.uk foodafactoflife.h5p.com eatwell.digitalsm.co.uk *.google.com forms.office.com player.vimeo.com;manifest-src 'self'; 1
frame-src *; img-src * data:; media-src *; script-src * 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' packages.umbraco.org our.umbraco.org web-nstawebsite-prod-ukw-001.azurewebsites.net;script-src 'self' cdnjs.cloudflare.com code.jquery.com ajax.googleapis.com maps.google.com siteimproveanalytics.com www.googletagmanager.com *.gstatic.com www.google-analytics.com maps.googleapis.com www.youtube.com connect.facebook.net *.civiccomputing.com js.monitor.azure.com cdn.jsdelivr.net www.google.com uk01.z.antigena.com cc.cdn.civiccomputing.com consent.cookiebot.com consentcdn.cookiebot.com cdn.cookietractor.com app.cookietractor.com cdn-eu.cookietractor.com sc-static.net 'unsafe-eval' 'unsafe-inline';style-src 'self' fonts.googleapis.com *.googletagmanager.com 'unsafe-inline';connect-src 'self' maps.googleapis.com *.google-analytics.com *.google.com *.civiccomputing.com ukwest-0.in.applicationinsights.azure.com app.cookietractor.com;font-src 'self' cdn.jsdelivr.net fonts.gstatic.com;img-src 'self' www.google-analytics.com www.googletagmanager.com maps.gstatic.com maps.google.com img.youtube.com *.googleapis.com data: *.google.co.uk *.google.com web-nstawebsite-prod-ukw-001.azurewebsites.net;media-src 'self' www.youtube.com player.vimeo.com;frame-src 'self' app.powerbi.com datanstauthority.blob.core.windows.net experience.arcgis.com itportal.nstauthority.co.uk nstauthority.maps.arcgis.com opendata-nstauthority.hub.arcgis.com player.vimeo.com www.arcgis.com www.google.com www.google.com www.google-analytics.com www.youtube.com consentcdn.cookiebot.com forms.office.com 1
default-src 'self' *.wilshire.com *.webflow.com info.wilshire.com webflow.com www.webflow.io webflow.io player.vimeo.com cdn.embedly.com; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com cdn.jsdelivr.net cdn.finsweet.com ajax.googleapis.com www.googletagmanager.com *.cloudfront.net *.wilshire.com www.google-analytics.com googleads.g.doubleclick.net pi.pardot.com assets.website-files.com cdn.prod.website-files.com cdn.prod.website-files.com assets-global.website-files.com cdn.prod.website-files.com cdn.prod.website-files.com; connect-src 'self' *.s3.amazonaws.com api.embed.ly s3.amazonaws.com wss://realtime.webflow.com *.wilshire.com *.webflow.com webflow.com webflow.io cdn.prod.website-files.com cdn.prod.website-files.com assets-global.website-files.com cdn.prod.website-files.com cdn.prod.website-files.com *.analytics.google.com www.google-analytics.com stats.g.doubleclick.net *.bugsnag.com; img-src data: 'self' blob: data: *.webflow.com *.gravatar.com cdn.prod.website-files.com cdn.prod.website-files.com assets-global.website-files.com cdn.prod.website-files.com cdn.prod.website-files.com *.cloudfront.net i.vimeocdn.com stats.g.doubleclick.net www.google.com www.google-analytics.com stats.g.doubleclick.net; font-src data: 'self' fonts.gstatic.com cdn.prod.website-files.com cdn.prod.website-files.com assets-global.website-files.com assets.website-files.com *.cloudfront.net cdn.prod.website-files.com cdn.prod.website-files.com; style-src 'self' 'unsafe-inline' assets.website-files.com cdn.prod.website-files.com cdn.prod.website-files.com assets-global.website-files.com cdn.prod.website-files.com cdn.prod.website-files.com fonts.googleapis.com *.cloudfront.net;base-uri 'self'; frame-ancestors 'self' *.webflow.com *.webflow.io webflow.com webflow.io cdn.prod.website-files.com cdn.prod.website-files.com 1
upgrade-insecure-requests; base-uri 'self' *.idec.com; img-src 'self' https: *.idec.com https://px.ads.linkedin.com https://ssl.google-analytics.com blob: data: w3.org/svg/2000; style-src 'unsafe-inline' https:; font-src https: data:; object-src *.idec.com https://h.online-metrix.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.idec.com https://*.marketo.com https://*.marketo.net https://*.force.com https://*.salesforce.com https://*.doubleclick.net https://*.google.com https://tpc.googlesyndication.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.go-mpulse.net https://browser-update.org https://*.salesforceliveagent.com https://snap.licdn.com https://*.webtraxs.com https://api.ipify.org https://cdn.doofinder.com https://rw1.marchex.io https://h.online-metrix.net https://flex.cybersource.com https://s.yimg.jp https://yubinbango.github.io https://*.feedbackify.com https://consent.cookiebot.com https://platform-api.sharethis.com https://code.jivosite.com https://www.gstatic.com https://consentcdn.cookiebot.com https://buttons-config.sharethis.com https://t.sharethis.com https://lp.idec.com https://s3.amazonaws.com https://599-euj-018.mktoresp.com https://684d0d41.akstat.io https://orbitvu.co/ https://cdn.orbitvu.co/ https://*.orbitvu.co/ https://*.imagino.com https://hm.baidu.com/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://go.aefonline.org/pd.js https://googleads.g.doubleclick.net https://marketing.aefonline.org/cdnr/57/acton/bn/tracker/9733 https://script.hotjar.com https://static.hotjar.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com https://play.vidyard.com https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://use.fontawesome.com https://kit.fontawesome.com https://use.typekit.net https://p.typekit.net https://ka-p.fontawesome.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.google.com https://content.hotjar.io https://metrics.hotjar.io https://stats.g.doubleclick.net https://www.google-analytics.com wss://ws.hotjar.com; font-src 'self' data: https://ka-p.fontawesome.com https://use.fontawesome.com https://use.typekit.net https://fonts.gstatic.com; frame-src 'self' https://play.vidyard.com https://td.doubleclick.net https://www.paycomonline.net; img-src 'self' data: https://marketing.aefonline.org https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://vimeo.com https://player.vimeo.com https://download-video.akamaized.net; worker-src 'none'; upgrade-insecure-requests; 1
default-src 'self'; frame-ancestors 'self'; frame-src * ; media-src *; img-src * blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google-analytics.com *.analytics.google.com *.krxd.net *.typeform.com www.repsol.com device-api.indigitall.com/* indigitall-cdn.com www.dev-com.repsol.com www.google.com cdn.cookielaw.org p.teads.tv platform.twitter.com px.sunmedia.tv secure.adnxs.com s.yimg.com cdn.taboola.com pixel.mathtag.com amplify.outbrain.com bat.bing.com d1skycrvs9ubse.cloudfront.net www.gstatic.com googleads.g.doubleclick.net cdn.krxd.net *.hotjar.com www.googleadservices.com www.dev-net.repsol.com www.google-analytics.com cdns.eu1.gigya.com consent.cookiebot.com connect.facebook.net consentcdn.cookiebot.com assets.adobedtm.com www.googletagmanager.com www.youtube.com apis.google.com t.womtp.com ws.walmeric.com maps.googleapis.com unpkg.com cdn.co-buying.com; style-src * 'unsafe-inline'; font-src * blob: data:; connect-src * 1
base-uri 'none'; default-src https:; form-action 'none'; frame-ancestors 'none'; img-src 'self'; media-src 'self' www.namecoin.org; object-src 'none'; script-src 'self'; style-src 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.g.doubleclick.net https://region1.analytics.google.com https://www.google-analytics.com https://www.googletagmanager.com https://dc.services.visualstudio.com https://connect.facebook.net https://az416426.vo.msecnd.net https://trondelagfylke.boost.ai ajax.aspnetcdn.com cdnjs.cloudflare.com;style-src 'self' 'unsafe-inline' https://stats.g.doubleclick.net https://region1.analytics.google.com https://www.google-analytics.com https://www.googletagmanager.com https://dc.services.visualstudio.com https://connect.facebook.net https://az416426.vo.msecnd.net https://trondelagfylke.boost.ai ajax.aspnetcdn.com cdnjs.cloudflare.com;img-src 'self' https://stats.g.doubleclick.net https://region1.analytics.google.com https://www.google-analytics.com https://www.googletagmanager.com https://dc.services.visualstudio.com https://connect.facebook.net https://az416426.vo.msecnd.net https://trondelagfylke.boost.ai ajax.aspnetcdn.com cdnjs.cloudflare.com data: https:;font-src 'self' data: https:;connect-src 'self' https://stats.g.doubleclick.net https://region1.analytics.google.com https://www.google-analytics.com https://www.googletagmanager.com https://dc.services.visualstudio.com https://connect.facebook.net https://az416426.vo.msecnd.net https://trondelagfylke.boost.ai;form-action 'self' 1
frame-ancestors 'self' https://*.cowbell.insure; 1
child-src 'self' blob:;default-src 'self';connect-src 'self' wss:;font-src 'self' data:;img-src 'self' data: blob:;media-src 'self' blob:;object-src 'self' blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline';frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval';               img-src 'self' data: https://adfs5.metro.info https://www.google-analytics.com *.qualtrics.com 1634.global.siteimproveanalytics.io ssl.siteimprove.com *.linkedin.com *.facebook.com csi.gstatic.com maps.googleapis.com maps.gstatic.com *.twimg.com *.twitter.com www.gstatic.com app.miag.com maintenance.metroag.de mfpembedcdnweu.azureedge.net *.metroag.de *.metroag.eu *.metrogroup.de *.miag.com *.metro-cc.com *.metronom.com *.metro-wholesale.de *.metro-wholesale.com *.metro-properties.de *.metro-gruenderstudie.de *.metro-startupstudy.com *.metrosystems.ro *.metro-advertising.de *.metro-advertising.com *.metro-advertising.pl *.handel-erklaert.de *.metro-sourcing.hk *.metro-logistics.de *.metro-campus.de *.metro-services.in *.metro-services.pl *.mpulse.de *.metro-unboxed.de *.metro-unboxed.com *.metro-potentials.com *.arbeitgeber-ahd.de *.metro-competencies.com *.metro-trainingcenter.de www.openpetition.de *.wirsindgekommenumzubleiben.de *.metro-global-solution-center.in *.metro.digital *.metro-gsc.in *.metro-gsc.pl *.metro-gsc.com px.ads.linkedin.com bscmiagbot.metro.de i.ytimg.com https://www.googletagmanager.com;        style-src 'self' 'unsafe-inline' https://fonts.googleapis.com cloud.typography.com *.metroag.de *.twitter.com www.gstatic.com d1azc1qln24ryf.cloudfront.net *.twimg.com;        font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com fonts.googleapis.com d1azc1qln24ryf.cloudfront.net www.openpetition.de;        frame-src 'self' *.facebook.com www.youtube.com *.walls.io plugins.flockler.com charts3.equitystory.com *.twitter.com www.google.com dev.dieproduktion.de *.own-business-day.com forms.office.com login.microsoftonline.com t.email.metro.de feedback.metro-cc.com metro.online-report.eu bscmiagbot.metro.de;        upgrade-insecure-requests;               block-all-mixed-content;        script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com *.qualtrics.com ssl.siteimprove.com siteimproveanalytics.com connect.facebook.net ajax.googleapis.com code.jquery.com  maps.googleapis.com www.youtube.com s.ytimg.com code.highcharts.com cdn.jsdelivr.net edge-cdn.net dl.videos.metrosystems.net *.twimg.com *.twitter.com www.gstatic.com  mfpembedcdnweu.azureedge.net app.mailjet.com www.openpetition.de bscmiagbot.metro.de snap.licdn.com;        connect-src 'self' *.google-analytics.com *.qualtrics.com *.twitter.com *.ads.linkedin.com *.facebook.com bscmiagbot.metro.de 1634.global.siteimproveanalytics.io;        frame-ancestors 'self';                   worker-src blob:;        media-src 'self' data:; report-uri MagReport.csp?cspReport=true 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2bay.club 2bay.club *.mail.ru yandex.ru iwe.ktvgv.com yastatic.net *.yandex.ru *.yandex.az *.yandex.by *.yandex.co.il *.yandex.com *.yandex.com.am *.yandex.com.ge *.yandex.com.tr *.yandex.ee *.yandex.fr *.yandex.kg *.yandex.kz *.yandex.ru *.yandex.lt *.yandex.lv *.yandex.md *.yandex.tj *.yandex.tm *.yandex.ua *.yandex.uz *.mc.webvisor.com *.mc.webvisor.org *.yastatic.net mc.yandex.ru *.google-analytics.com adservice.google.com *.googlesyndication.com *.doubleclick.net *.googletagservices.com *.googleadservices.com *.ampproject.org *.google.com *.googleapis.com *.google.co.uk *.google.co.il *.google.ru *.google.at *.google.fr *.google.ch *.google.nl *.google.sc *.google.ae *.google.de *.google.ca *.google.se *.google.hu *.google.no *.google.es *.google.md *.google.fi *.google.ro *.google.sk *.google.is *.google.com.ua *.google.com.bd *.google.com.sg *.google.pl *.google.cz *.google.lv *.google.bg *.google.co.in *.google.lt *.google.dj *.google.gr *.google.co.jp *.google.rs *.google.com.tr *.google.ie *.google.pt *.google.com.pe *.google.com.mx *.google.kz *.google.dz *.google.co.th *.google.com.mx *.google.com.hk *.google.com.sa *.google.com.tj *.google.co.uz *.google.com.vn *.google.com.tw *.google.ee *.google.kg *.google.co.za *.google.hr *.google.it *.google.tn *.google.mk *.google.com.bo *.google.co.kr *.google.com.mm *.google.co.id *.google.az *.google.com.br *.google.tm *.google.ge *.google.dk *.google.com.my *.google.co.ve *.google.co.ve *.google.iq *.google.cl *.google.com.au *.google.tt *.google.com.ar *.google.be *.google.com.cy *.google.co.nz *.google.mn *.google.com.pk *.google.lu *.google.com.ng *.google.com.ph *.google.mu *.google.co.tz *.google.com.uy *.google.com.co *.google.com.eg *.google.me *.google.com.np *.google.com.pg *.google.com.mt *.google.com.sv *.google.com.pr *.google.si *.google.com.gt *.google.co.ke *.google.com.bz *.google.cd *.google.ps *.google.la *.google.com.bn *.google.gg *.google.com.py *.google.com.et *.google.com.lb *.google.com.cu *.google.com.ec *.google.co.cr *.google.co.zw *.google.co.ug *.google.com.pa *.google.ci *.google.co.ao *.google.al *.google.com.om *.google.com.ly *.google.com.gh *.google.bj *.google.lk *.google.cg *.google.jo *.google.com.bh *.google.cm *.google.com.kh *.google.sm *.google.ad *.google.co.bw *.google.ne *.google.gy *.google.mv *.google.bf *.google.com.qa *.google.com.na *.google.com.kw *.google.com.ni *.google.hn *.google.vu *.google.co.mz *.google.com.jm *.google.im *.google.com.ag *.google.sn *.google.mg *.google.com.fj *.google.bs *.google.co.zm *.google.so *.google.com.gi www.googletagmanager.com *.googletagmanager.com *.gstatic.com pagead2.googlesyndication.com www.google-analytics.com cug.sckxppzdm.com *.sckxppzdm.com; img-src * data: ; font-src * data: ; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.google.cm; frame-src *; connect-src *; media-src * data: ; object-src *; 1
child-src 'self' blob:; worker-src 'self' blob:; frame-ancestors 'self' ridestyler.com *.ridestyler.com; default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self';                    script-src 'self' https://* 'unsafe-inline' 'unsafe-eval' * ;                   style-src 'self' https://* 'unsafe-inline' ;                    img-src 'self' data: https://*;                    font-src 'self' data: https://*;                    connect-src 'self' https://*;                   frame-src 'self' https://*; 1
default-src * 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' admin.jw.local *.jameswalker.biz jw-cms-uat.hosted.positive.co.uk jw-cms-uat2.hosted.positive.co.uk jw-cms-prod.hosted.positive.co.uk;img-src 'self' data:  admin.jw.local jw.local jw-cms-prod.hosted.positive.co.uk jw-cms-uat.hosted.positive.co.uk jw-cms-uat2.hosted.positive.co.uk jw-prod.hosted.positive.co.uk *.jameswalker.biz jameswalker.biz *.comm100.io *.cookielaw.org *.google-analytics.com *.doubleclick.net embedsocial.com *.careinspectorate.com *.youtube-nocookie.com *.google.com *.facebook.com *.pinterest.com pinterest.com *.vimeo.com *.addthis.com *.youtube.com *.webspellchecker.net *.cookiebot.com *.twitter.com *.googletagmanager.com *.cqc.org.uk *.ggpht.com *.googleapis.com *.gstatic.com *.bing.com *.comm100vue.com *.comm100.com *.ytimg.com *.twimg.com *.mouseflow.com *.facebook.net *.gaconnector.com *.crazyegg.com *.responsetap.com *.onetrust.com *.interactive-img.com;worker-src 'self' blob: *.jameswalker.biz; 1
block-all-mixed-content; frame-ancestors 'self'; base-uri 'self'; default-src 'self'; font-src 'self' data:; child-src 'self' https://www.youtube.com/; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com/ https://*.google.com/ https://player.vimeo.com/; img-src 'self' data: https://*.ytimg.com/ https://*.youtube.com/ https://*.google-analytics.com/ https://*.doubleclick.net/ https://toegankelijkheidsverklaring.nl/; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'sha256-cJc93onTFGyKyVoxUKBNAwTAMCvUjSfESBJdzLrjgWw=' 'sha256-JWt1m28kNFB/rFjtbJEOx3yqSxZv6OjgwNLclp75rQ0=' 'sha256-B7X35g/IfDxD2XCLBNOI+NAYfU+A5Ebd8LTXLMAMCes=' https://*.youtube.com/ https://*.readspeaker.com/ https://*.google-analytics.com/; style-src 'self' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-ORkecA2WcB8bx8a079Dsi7E7kdb6ynqr885H8h4Wp/M=' 'sha256-7Wj4JppQPW/r0fhp+Y3lFnfwMGJjSJYaErRdXi/jGxw=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-ORkecA2WcB8bx8a079Dsi7E7kdb6ynqr885H8h4Wp/M=' https://*.readspeaker.com/; connect-src 'self' https://*.readspeaker.com/ https://*.google-analytics.com/ https://*.doubleclick.net/; worker-src 'none'; form-action 'self' https://app-eu.readspeaker.com/ https://vttts-eu.readspeaker.com/; 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: filesystem: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
base-uri 'self';connect-src 'self' https://api.segment.io https://api.segment.com https://track.segment.com https://cdn.segment.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com https://cdn.linkedin.oribi.io/ https://px.ads.linkedin.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://forms.hscollectedforms.net https://api.hubapi.com https://forms.hsforms.com https://calendly.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://conversions-config.reddit.com https://www.redditstatic.com https://accounts.google.com/gsi/ https://d.adroll.com https://ekr.zdassets.com https://dev.visualwebsiteoptimizer.com;default-src 'self';font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com;form-action 'self' https://forms.hsforms.com;img-src 'self' https: data:;media-src 'self';object-src 'none';script-src 'self' 'nonce-k15STaMparAKYLnRLC4d17PLweDiEpW2DxTysbGN' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https://player.vimeo.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://js.hsforms.net https://js.hsadspixel.net https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://calendly.com https://*.hotjar.com https://www.gstatic.com https://accounts.google.com/gsi/client https://web-marketing-cms.test;style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com https://calendly.com https://assets.calendly.com https://*.hotjar.com 'unsafe-inline' https://accounts.google.com/gsi/style;frame-src https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://www.googletagmanager.com https://www.linkedin.com https://td.doubleclick.net https://forms.hsforms.com https://calendly.com https://boards.greenhouse.io https://ats.rippling.com https://www.rippling.com https://www.google.com https://recaptcha.google.com https://accounts.google.com/gsi/ https://maps.google.com https://x.adroll.com https://capture.navattic.com 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'strict-dynamic' 'nonce-VdCXdbZ979zBkiz0I3NAaA=='; upgrade-insecure-requests; media-src 'self' data: https:; default-src 'self' data: https:; 1
default-src blob: cdn.jsdelivr.net ps.w.org *.highcharts.com wss: *.zendesk.com *.oribi.io *.zdassets.com *.opower.com *.google.com bootstrapcdn.com  googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com *.crowdfiber.io data: *.googletagmanager.com luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.smeco.coop *.facebook.net electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' elfsight.com icua.coop billing.smeco.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co *.cooperative.com *.google-analytics.com gmpg.org cloudfront.net *.ctctcdn.com *.marketingautomation.services *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com *.azgt.coop; 1
upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com https://www.google.com https://www.gstatic.com https://cdn.evgnet.com https://wexinc2.us-5.evergage.com https://cdn.evergage.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com fonts.googleapis.com https://wexinc2.us-5.evergage.com https://cdn.evergage.com https://cdn.evgnet.com; font-src 'self' https://maxcdn.bootstrapcdn.com fonts.gstatic.com; media-src *; object-src 'none'; frame-src 'self' http: fast.whc.demdex.net; connect-src 'self' dpm.demdex.net https://wexinc2.us-5.evergage.com https://cdn.evergage.com https://northamerica.directline.botframework.com wss://northamerica.directline.botframework.com blob:; img-src 'self' * data:;frame-ancestors 'self';; 1
base-uri 'self'; default-src 'none'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com 'strict-dynamic' 'nonce-f9bdalXT8ukySY1CYsPY54OvdZTN5kJJ'; style-src 'self' 'unsafe-inline' client.crisp.chat fonts.googleapis.com; img-src 'self' data: blob: a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org i.ytimg.com maps.googleapis.com maps.gstatic.com s3.eu-west-1.amazonaws.com twemoji.maxcdn.com www.googletagmanager.com www.gstatic.com score-badge.cyber-risk.upguard.com widget.kominfo.go.id; font-src 'self' data: fonts.gstatic.com widget-v4.tidiochat.com; connect-src 'self' analytics.google.com maps.googleapis.com stats.addtoany.com stats.g.doubleclick.net widget.kominfo.go.id www.google-analytics.com wss://client.relay.crisp.chat wss://socket.tidio.co; media-src 'self' widget-v4.tidiochat.com; object-src 'none'; form-action 'self'; frame-ancestors 'self'; frame-src 'self' dashboard-datastatistik.lps.go.id dashboard-sukubunga.lps.go.id docs.google.com newassets.hcaptcha.com static.addtoany.com view.officeapps.live.com www.google.com www.youtube.com; manifest-src 'self'; worker-src 'self'; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google.com/ https://noname-drink.appspot.com/stats; style-src 'self' 'unsafe-inline' https://www.google.com/ https://ajax.googleapis.com/; img-src 'self' data: https://*.tile.openstreetmap.org http://*.tile.openstreetmap.de; frame-src 'self' https://pizza.noname-ev.de 1
base-uri 'self';connect-src 'self' https: wss:;default-src 'self';form-action 'self' https:;img-src 'self' https: data: blob:;media-src 'self';object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.feedbackcompany.com cdnjs.cloudflare.com code.jquery.com cdn.datatables.net onesignal.com *.onesignal.com connect.facebook.net *.licdn.com *.clarity.ms *.doubleclick.net *.bing.com *.ads-twitter.com cdn.jsdelivr.net *.paypal.com *.paypalobjects.com *.dwin1.com *.beslist.nl *.hs-scripts.com *.hs-banner.com *.hs-analytics.net lantern.roeyecdn.net lantern.roeyecdn.com;style-src 'self' 'unsafe-inline' https:;font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com;frame-src *.youtube.com *.redintelligence.net *.google.com *.paypal.com *.doubleclick.net;frame-ancestors 'self' *.googletagmanager.com;report-uri https://www.inktweb.nl/api/csp/log 1
frame-src http://*.google.com http://*.facebook.net https://*.comviva.com:* https://*.wido.tv https://wido.tv https://paydunya.com; img-src * data:;frame-ancestors http://*.google.com http://*.facebook.net https://*.comviva.com:* https://*.wido.tv https://wido.tv https://paydunya.com; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:;frame-ancestors 'self' https://*.13go.cl 1
default-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://connect.facebook.net https://js.hs-analytics.net  https://www.googletagmanager.com https://static.hotjar.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://js-na1.hs-scripts.com https://resources.digital-cloud.medallia.eu https://js.hsleadflows.net https://js.hsadspixel.net https://js.hubspot.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.hsforms.net https://ajax.googleapis.com;  style-src 'self' 'unsafe-inline'  https://fonts.googleapis.com; frame-ancestors 'self' https://app.tuotempo.com;  font-src 'self' https://fonts.gstatic.com 1
script-src http: https: https://converse.in 'unsafe-inline' *.wigzo.com *.wigzopush.com *.zdassets.com *.myunidays.com *.payu.in *.crossdevicetracking.com *.trackier.com; style-src 'self' blob: https: 'unsafe-inline' https://converse.in; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com *.myunidays.com *.cdnfonts.com; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.googletagmanager.com *.wigzo.com *.wigzopush.com *.zdassets.com *.myunidays.com *.payu.in *.doubleclick.net *.snapchat.com *.makehook.ws *.crossdevicetracking.com *.facebook.com *.crbug.com *.gotrackier.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors https://www.multicert.dev https://*.bpn.com https://*.bancobic.net https://www.unibanco.pt https://my.universo.pt https://my.universo.com https://wallet.universo.pt https://piloto.universo.pt https://piloto-wallet.universo.pt https://localhost:8448 https://api.zoomauth.com 'self'; upgrade-insecure-requests; script-src 'self' https://static.opentok.com/ 'unsafe-inline' 'unsafe-eval'; connect-src https://api.zoomauth.com/ https://*.tokbox.com wss://*.opentok.com https://*.opentok.com wss://*.tokbox.com 'self' blob:; img-src 'self' data: blob:; font-src 'self' data:; 1
font-src fonts.gstatic.com fonts.googleapis.com *.payfort.com *.googletagmanager.com *.useinsider.com *.api.useinsider.com *.bambuser.com *.cloudfront.net *.mimecast.com *.doubleclick.net *.google.com *.facebook.net *.facebook.com *.artfut.com *.tiktok.com sc-static.net *.sc-static.net *.snapchat.com *.google.co.in *.admitad.com data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai storage.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.payfort.com *.googletagmanager.com *.useinsider.com *.api.useinsider.com *.bambuser.com *.cloudfront.net *.mimecast.com *.doubleclick.net *.google.com *.facebook.net *.facebook.com *.artfut.com *.tiktok.com sc-static.net *.sc-static.net *.snapchat.com *.google.co.in *.admitad.com *.tabby.ai *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.useinsider.com *.api.useinsider.com *.bambuser.com *.nayomi.com *.cloudfront.net *.mimecast.com *.doubleclick.net *.google.com *.facebook.net *.facebook.com *.artfut.com *.tiktok.com sc-static.net *.sc-static.net *.snapchat.com *.google.co.in *.admitad.com business.firework.com *.tabby.ai c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com checkout.tabby.ai 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.visa.com *.useinsider.com *.api.useinsider.com *.bambuser.com *.cloudfront.net *.mimecast.com *.doubleclick.net *.google.com *.facebook.net *.facebook.com *.artfut.com *.tiktok.com sc-static.net *.sc-static.net *.snapchat.com *.google.co.in *.admitad.com asset.fwcdn2.com *.asset.fwcdn2.com asset.fwcdn1.com *.asset.fwcdn1.com fireworktv.com *.fireworktv.com p2.fwpixel.com *.p2.fwpixel.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com *.youtube.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.visa.com *.mastercard.com *.zendesk.com *.zdassets.com *.zopim.com *.payfort.com *.googletagmanager.com *.useinsider.com *.api.useinsider.com *.bambuser.com *.cloudfront.net *.mimecast.com *.doubleclick.net *.google.com *.facebook.net *.facebook.com *.artfut.com *.tiktok.com sc-static.net *.sc-static.net *.snapchat.com *.google.co.in *.admitad.com asset.fwcdn1.com *.asset.fwcdn1.com asset.fwcdn3.com *.asset.fwcdn3.com asset.fwcdn2.com *.asset.fwcdn2.com *.tabby.ai assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com connect.facebook.net www.googletagmanager.com www.google.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.payfort.com *.googletagmanager.com *.useinsider.com *.api.useinsider.com *.bambuser.com *.cloudfront.net *.mimecast.com *.doubleclick.net *.google.com *.facebook.net *.facebook.com *.artfut.com *.tiktok.com sc-static.net *.sc-static.net *.snapchat.com *.google.co.in *.admitad.com *.tabby.ai unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.payfort.com *.useinsider.com *.api.useinsider.com *.bambuser.com *.cloudfront.net *.mimecast.com *.doubleclick.net *.google.com *.facebook.net *.facebook.com *.artfut.com *.tiktok.com sc-static.net *.sc-static.net *.snapchat.com *.google.co.in *.admitad.com cdn4.fireworktv.com *.cdn4.fireworktv.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org *.zendesk.com *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com *.payfort.com *.googletagmanager.com https://*.useinsider.com https://*.api.useinsider.com wss://skeleton-websocket.api.useinsider.com *.bambuser.com *.cloudfront.net *.mimecast.com *.doubleclick.net *.google.com *.facebook.net *.facebook.com *.artfut.com *.tiktok.com sc-static.net *.sc-static.net *.snapchat.com *.google.co.in *.admitad.com p2.fwpixel.com *.p2.fwpixel.com fireworkapi1.com *.fireworkapi1.com fireworkadservices1.com *.fireworkadservices1.com fireworkanalytics.com *.fireworkanalytics.com *.tabby.ai api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com 'self' 'unsafe-inline'; child-src *.payfort.com *.googletagmanager.com *.useinsider.com *.api.useinsider.com *.bambuser.com *.cloudfront.net *.mimecast.com *.doubleclick.net *.google.com *.facebook.net *.facebook.com *.artfut.com *.tiktok.com sc-static.net *.sc-static.net *.snapchat.com *.google.co.in *.admitad.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src http: https: data: 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://maps.gstatic.com https://*.mypurecloud.ie https://*.cloudfront.net 1
frame-ancestors 'self' https://www.footballhomeland.com http://*.footballhomeland.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://*.criteo.com https://static.criteo.net https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob: https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://d2d7do8qaecbru.cloudfront.net; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://ct.pinterest.com https://ampcid.google.ae https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://tr.snapchat.com https://*.contentsquare.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.ae https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://*.parcellab.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn https://fonts.smct.co https://fonts.smct.io https://fonts.gstatic.com; form-action 'self' https://www.facebook.com https://www.myprotein.ae https://m.myprotein.ae https://checkout.myprotein.ae https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myprotein.ae https://smct.co https://*.smct.co https://smct.io https://*.smct.io; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn https://fonts.smct.co https://fonts.smct.io https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
block-all-mixed-content; frame-ancestors *.princeofstreets.com.br 1
upgrade-insecure-requests; default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self' 1
frame-ancestors 'self' https://apps.bernina.com https://bernina.at https://www.bernina.at https://www.bernette.com/ https://bernette.com/ https://*.bernina-wien.at https://www.bernina-wien.at https://bernina-wien.at 1
default-src 'self' *.liadm.com *.inventiveperception365.com *.hscollectedforms.net *.hs-analytics.net *.usemessages.com *.hs-banner.com *.hubspotfeedback.com *.hubspot.com *.hs-scripts.com js-eu1.hsforms.net *.googletagmanager.com fonts.googleapis.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net *.hsforms.com *.hs-sites-eu1.com *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.hsforms.com *.googletagmanager.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net js-eu1.hsforms.net *.hs-scripts.com *.hubspot.com *.hubspotfeedback.com *.hs-banner.com *.usemessages.com *.hs-analytics.net *.hscollectedforms.net *.inventiveperception365.com *.liadm.com *.vimeo.com data:; style-src 'self' 'unsafe-inline' *.googletagmanager.com fonts.googleapis.com cdnjs.cloudflare.com unpkg.com js-eu1.hsforms.net cdn.jsdelivr.net *.hsforms.com *.hubspot.com *.hubspotfeedback.com *.hs-banner.com *.usemessages.com *.hs-analytics.net *.hscollectedforms.net *.inventiveperception365.com *.liadm.com; font-src * data:; img-src * data: blob:; connect-src 'self' 'unsafe-inline' *.hsforms.com js-eu1.hsforms.net *.googletagmanager.com *.googleapis.com *.google.co.uk *.google.com *.google-analytics.com *.hubspot.com *.hubspotfeedback.com *.hs-banner.com *.usemessages.com *.hs-analytics.net *.hscollectedforms.net *.inventiveperception365.com *.liadm.com wss:; 1
frame-ancestors 'self' https://*.ethicasigorta.com.tr; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' * 1
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * blob: api.mapbox.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'unsafe-eval' 'unsafe-inline' * blob:; img-src * data:; frame-ancestors 'self' https://www.googletagmanager.com https://www.bancounioncomunicaciones.com; 1
frame-ancestors https://www.transportonline.com https://www.trasporti.it http://www.uominietrasporti.it 1
frame-ancestors  'self' https://questionpoint.org; 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' pornototale.webcam:9080 pornototale.webcam:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://pornototale.webcam wss://pornototale.webcam *.campoints.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1721956122 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' data: staticcdn.co.nz www.youtube.com www.googletagmanager.com www.google.com www.gstatic.com www.google-analytics.com;connect-src 'self' www.google-analytics.com;img-src 'self' data: shielded.co.nz i.ytimg.com www.google-analytics.com;style-src 'self' 'unsafe-inline' fast.fonts.net;font-src 'self' data:;frame-src 'self' www.youtube.com www.google.com data.gns.cri.nz geonet.org.nz gns-science.github.io dev-app.gns.cri.nz gis.gns.cri.nz;manifest-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'; 1
default-src http: https: 'unsafe-inline' 'unsafe-eval' data:;frame-ancestors 'self' *.gov.cn 1
default-src https: blob: 'unsafe-eval' 'unsafe-inline'; font-src https: data:; connect-src https: wss://wsqs-e-barchart.aws.barchart.com; img-src https: data: blob: ; 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.cloudfront.net; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; object-src data: 'unsafe-eval' blob: ; frame-src 'self' *.brightcove.net *.facebook.com *.youtube-nocookie.com *.twitter.com ; img-src 'self' data: *.google-analytics.com t.co *.cloudfront.net *.linkedin.com *.protective.com *.yahoo.com *.vimeocdn.com *.boltdns.net *.akamaihd.net *.twitter.com *.yahoo.com *.facebook.com *.google.com  media-src 'self' *.protective.com *.akamaihd.net *.cloudfront.net; connect-src 'self' *.doubleclick.net *.google-analytics.com *.yimg.com *.protective.com *.nr-data.net *.brightcove.com *.btttag.com visitors.live; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.googleapis.com *.en25.com *.google-analytics.com *.doubleclick.net *.googleadservices.com *.yimg.com *.facebook.net *.googletagmanager.com *.ads-twitter.com *.licdn.com *.cloudfront.net *.twitter.com *.btttag.com *.zencdn.net *.youtube.com *.brightcove.net *.brightcove.com blob: ; block-all-mixed-content;  1
frame-ancestors 'self' https://gallery.jalbum.net http://gallery.jalbum.net 1
'self'; 1
default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; 1
default-src 'self' *.fontawesome.com www.google-analytics.com *.doubleclick.net *.google.com 'unsafe-inline' 'unsafe-eval'; style-src-elem 'self' cdn.jsdelivr.net 'unsafe-inline'; script-src-elem 'self' cdn.jsdelivr.net *.fontawesome.com www.googletagmanager.com www.google-analytics.com 'unsafe-inline'; img-src 'self' www.google-analytics.com *.doubleclick.net data: ; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' * 1
default-src 'self' player.vimeo.com *.vimeo.com *.slotsmate.com *.youtube.com *.firebaseio.com; font-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com/api/player.js *.vimeo.com *.googletagmanager.com *.google-analytics.com *.getsitecontrol.com *.getsitectrl.com ajax.googleapis.com;connect-src 'self' stats.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.getsitecontrol.com *.getsitectrl.com *.firebaseio.com vimeo.com *.vimeo.com;img-src 'self' i.vimeocdn.com *.vimeocdn.com *.vimeo.com *.google-analytics.com *.getsitecontrol.com *.getsitectrl.com data:;style-src 'unsafe-inline' 'self';base-uri 'self';form-action 'self'; 1
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline'; font-src * data:; frame-ancestors *.lcmchealth.org 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://www.globalhandicaps.com  https://www.globalhdcp.com  https://www.ustrc.com  https://www.wstroping.com; 1
script-src http: https: https://haldiram.com/ 'nonce-JGpe5ChuiCWd1HimqTCa2bhhYW1jLgviTOr8TH10Ynrnr' 'unsafe-inline' *.razorpay.com *.yellow.ai *.yellowmessenger.com *.pidge.in; style-src 'self' blob: https: 'unsafe-inline' https://haldiram.com/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com *.yellow.ai *.yellowmessenger.com; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.razorpay.com *.yellow.ai *.yellowmessenger.com *.pidge.in; 1
connect-src 'self' *.advisorengine.com wss://*.advisorengine.com/hub *.nr-data.net *.launchdarkly.com *.s3.amazonaws.com 3hchf66sphpq.statuspage.io app.pendo.io ka-f.fontawesome.com maps.googleapis.com notify.bugsnag.com sessions.bugsnag.com stats.g.doubleclick.net desk.zoho.com; font-src 'self' ka-f.fontawesome.com kit-free.fontawesome.com use.typekit.net fonts.gstatic.com; form-action 'self' *.advisorengine.com *.advisorengine.com *.advisorengine.net *.develop.env.advisorengine.net *.schwab.com *.schwab.tech *.dev.schwab.com *.dev.schwab.tech si2.schwabinstitutional.com veoone.tdainstitutional.com advisor.envestnet.com *.advisorchannel.com *.streetscape.com *.wealthscape.com *.precisefp.com pfp.five *.usa-financial.com *.usafinancial.com usafinancial.com *.vanare.com *.regencyinvests.com *.quikformsapp.com quikformsapp.com *.moxo.com *.grouphour.com *.vanare.loc *.owm.loc; frame-src * data: blob:; img-src 'self' data: *.advisorengine.com jx-prod-cloudfiles-use1.s3.amazonaws.com app.pendo.io cdn.pendo.io pendo-static-5697874281103360.storage.googleapis.com www.google.com 1dc018be4716da4aaa18-5d73971c6ce0cd6d739efc4134c4b48a.ssl.cf2.rackcdn.com maps.gstatic.com *.ggpht.com *.googleapis.com desk.zoho.com ae-help-center.s3.amazonaws.com s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.advisorengine.com pendo-io-static.storage.googleapis.com js-agent.newrelic.com pendo-io-static.storage.googleapis.com *.nr-data.net app.pendo.io cdn.pendo.io d2wy8f7a9ursnm.cloudfront.net kit.fontawesome.com maps.googleapis.com pendo-static-5697874281103360.storage.googleapis.com statuspage-production.s3.amazonaws.com www.googletagmanager.com appsforoffice.microsoft.com ajax.aspnetcdn.com mamba.junxurecloud.net mamba.advisorengine.net *.env.advisorengine.net *.vanare.loc *.owm.loc; style-src 'self' 'unsafe-inline' data: *.advisorengine.com cdn.pendo.io kit-free.fontawesome.com p.typekit.net pendo-static-5697874281103360.storage.googleapis.com use.typekit.net static2.sharepointonline.com fonts.googleapis.com; object-src 'none'; frame-ancestors 'self' *.advisorengine.com; 1
frame-ancestors 'self' http://www.langnese.de unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
default-src 'self' *.google-analytics.com https://www.googletagmanager.com; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com https://www.youtube.com/iframe_api https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org cdn.datatables.net recruitingbypaycor.com cdnjs.cloudflare.com youtube.com *.vimeo.com app.five9.com *.luxsci.com siteimproveanalytics.com *.siteimproveanalytics.com *.vo.msecnd.net www.youtube.com *.fullstory.com js-na1.hs-scripts.com js.hs-banner.com js.hscollectedforms.net snap.licdn.com js.hsforms.net https://js.hubspot.com web-chat.nativechat.com https://dec.azureedge.net; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.datatables.net youtube.com *.vimeo.com app.five9.com web-chat.nativechat.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com placehold.it *.global.siteimproveanalytics.io app.five9.com px.ads.linkedin.com *.hsforms.com web-chat.nativechat.com https://cdn.insight.sitefinity.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.recruitingbypaycor.com recruitingbypaycor.com *.youtube.com player.vimeo.com *.google.com *.luxsci.com apply.indeed.com app.five9.com forms.hsforms.com web-chat.nativechat.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://amwins-portal-api.azurewebsites.net https://app-amwinsportalapi-dev-uat.azurewebsites.net https://app-amwinsportalui-dev-uat.azurewebsites.net https://portal.amwins.com *.google-analytics.com nia-carrierstatesapi-app.azurewebsites.net *.services.visualstudio.com https://app-clportal-api.azurewebsites.net *.fullstory.com *.hscollectedforms.net forms.hsforms.com px.ads.linkedin.com *.hubspot.com; media-src 'self' data: blob: youtube.com player.vimeo.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com; object-src *.google-analytics.com 'self' 1
default-src 'self' 'unsafe-inline' *.rittal.com *.friedhelm-loh-group.com e.video-cdn.net; script-src 'self' ajax.googleapis.com www.google.com cdnjs.cloudflare.com *.gstatic.com 'unsafe-inline'; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: *.quantserve.com; object-src 'none' 1
default-src * data: 'unsafe-eval' 'unsafe-inline';frame-ancestors 'self' 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.bhg.com 1
default-src 'none'; script-src 'self' 'nonce-DGNnf18ncaBTfn29fn8e9h3cdfa' https://sibautomation.com https://*.googletagmanager.com https://*.freshchat.com https://unpkg.com https://js.stripe.com/v3/ https://www.google-analytics.com https://www.googletagmanager.com https://code.jquery.com https://cdnjs.cloudflare.com https://*.cloudfront.net  https://*.s3.amazonaws.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://www.google.com https://fonts.gstatic.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com  https://*.freshchat.com https://fonts.googleapis.com/css https://unpkg.com https://unpkg.com/flickity@2/dist/flickity.min.css https://unpkg.com/flickity-fade@1/flickity-fade.css https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.cloudfront.net https://*.s3.amazonaws.com https://stackpath.bootstrapcdn.com https://p.typekit.net https://use.typekit.net; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://use.typekit.net https://*.cloudfront.net; img-src 'self' data: https://*.googletagmanager.com https://qr.cinemasocietyclub.com https://tcsv2qr.homecinemasociety.com https://secure.gravatar.com https://maps.gstatic.com https://maps.googleapis.com https://*.cloudfront.net https://*.s3.amazonaws.com https://www.google-analytics.com https://mongoose-stock-v2-live-storage.s3.eu-west-2.amazonaws.com https://mongoose-stock-v2-staging-storage.s3.eu-west-2.amazonaws.com; frame-src 'self' https://sibautomation.com  https://*.googletagmanager.com https://*.freshchat.com https://www.google.com https://js.stripe.com https://www.youtube.com/ https://www.youtube-nocookie.com/; child-src 'self' https://sibautomation.com  https://*.googletagmanager.com https://*.freshchat.com https://www.google.com https://js.stripe.com https://www.youtube.com/ https://www.youtube-nocookie.com/; object-src 'nonce-DGNnf18ncaBTfn29fn8e9h3cdfa'; frame-ancestors 'self'; base-uri 'none'; form-action 'self'; connect-src 'self' https://region1.google-analytics.com https://in-automate.brevo.com https://sibautomation.com https://www.google-analytics.com https://maps.googleapis.com https://*.googletagmanager.com; 1
font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' tracking.paysera.com www.instagram.com https://optimize.google.com https://www.google.com/recaptcha/ https://www.youtube.com/embed/ http://e.issuu.com/; img-src 'self' data: *.paysera.com maps.googleapis.com *.gstatic.com https://www.google-analytics.com https://optimize.google.com; script-src 'self' maps.googleapis.com www.instagram.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://optimize.google.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com https://optimize.google.com 'unsafe-inline'; report-uri /v2/csp-violations/report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com https://www.thefinancials.com; font-src 'self' data: https://fonts.gstatic.com; script-src-elem 'self' 'unsafe-inline' https://www.youtube.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hscollectedforms.net https://www.googletagmanager.com https://ipmeta.io http://static.ads-twitter.com https://snap.licdn.com https://www.google.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.clarity.ms https://*.vimeo.com http://fonts.googleapis.com https://www.gstatic.com https://*.vantagescore.info https://s3.tradingview.com https://www.thefinancials.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; media-src 'self' https://www.youtube.com https://vimeo.com https://*.buzzsprout.com https://*.vantagescore.com https://*.vimeo.com; frame-src 'self' https://*.vimeo.com https://www.google.com https://*.vantagescore.info https://www.youtube.com https://www.tradingview-widget.com https://td.doubleclick.net https://outlook.office365.com https://html5-player.libsyn.com/; img-src 'self' http: https: data:; connect-src 'self' https://forms.hscollectedforms.net https://px.ads.linkedin.com https://analytics.google.com https://www.google-analytics.com https://*.clarity.ms https://stats.g.doubleclick.net https://ipmeta.io https://cdn.linkedin.oribi.io https://*.googlesyndication.com https://px.ads.linkedin.com/wa https://*.vantagescore.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com www.youtube.com *.cookiebot.com *.googleapis.com *.facebook.net *.facebook.com secure.payengine.de;   frame-src 'self' *.cookiebot.com www.youtube.com player.vimeo.com *.facebook.net *.facebook.com secure.payengine.de 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.convertexperiments.com https://cdn.attn.tv https://www.dropbox.com https://edge.fullstory.com https://rs.fullstory.com/rec/integrations https://www.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.clarity.ms https://*.hotjar.com https://*.hotjar.io https://www.paypal.com/sdk/js https://www.paypalobjects.com https://*.newrelic.com https://*.nr-data.net https://www.paypal.com/tagmanager/pptm.js; style-src 'self' 'unsafe-inline' https://*.typekit.net; img-src * data:; font-src 'self' https://*.typekit.net https://*.hotjar.com; connect-src 'self' https://*.drivethrurpg.com https://api.drivethrurpg.com https://*.attn.tv https://events.attentivemobile.com https://logs.convertexperiments.com/log https://*.metrics.convertexperiments.com https://api.dropboxapi.com https://edge.fullstory.com https://rs.fullstory.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://*.clarity.ms/collect https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.paypal.com/sdk/js https://*.paypal.com/xoplatform/logger/api/logger https://*.cloudfront.net https://*.nr-data.net https://*.newrelic.com; media-src *; object-src 'none'; child-src 'self' https://*.drivethrurpg.com https://*.attn.tv https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://vars.hotjar.com https://assets.braintreegateway.com https://*.paypal.com https://www.paypalobjects.com https://*.youtube.com https://*.cloudfront.net; frame-ancestors 'self' https://*.drivethrurpg.com; report-uri https://api.drivethrurpg.com/rpc/vBeta/feedback/csp_report; report-to csp-reports-endpoint 1
form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.iterable.com *.brilliantcollector.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'self'; object-src 'self' 'unsafe-inline';manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; media-src data: *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; font-src consent.trustarc.com cdn.loom.com www.honeywellpluggedin.com s3.lightboxcdn.com chrome-extension: moz-extension: fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; style-src consent.trustarc.com helenoftroy--tst3.widget.custhelp.com www.lightboxcdn.com www.honeywellpluggedin.com s3.lightboxcdn.com www.googletagmanager.com optimize.google.com www.pollenapps.com *.adobe.com *.sharethis.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; frame-src public.cobrowse.oraclecloud.com vars.hotjar.com 10164223.fls.doubleclick.net vice01.pur.com insight.adsrvr.org services.sdiapi.com vice01.honeywellpluggedin.com d1eoo1tco6rr5e.cloudfront.net bid.g.doubleclick.net vice01.vickshumidifiers.com helenoftroy.custhelp.com helenoftroy--tst3.custhelp.com share.hsforms.com www.youtube-nocookie.com tpc.googlesyndication.com optimize.google.com *.trustarc.com ct.pinterest.com www.pollenapps.com fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co webchat.dotdigital.com *.brilliantcollector.com *.paymetric.com *.weltpixel.com www.xtento.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src gethatch.com *.gethatch.com consent.trustarc.com *.trustarc.com www.rnengage.com crrecommendedmark.org www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.vickshumidifiers.com blob: www.honeywellpluggedin.com www.pur.com www.google.co.uk *.trustarc.com www.google.nl www.google.co.za www.google.co.in prod-phoenix-hh.heledigital.com www.lightboxcdn.com s3.lightboxcdn.com ct.pinterest.com www.google.com.hk www.google.com.vn actv.at cdn.jsdelivr.net t.co analytics.twitter.com www.google.ca fonts.gstatic.com www.magentocommerce.com bam.nr-data.net mageside.com www.gstatic.com www.google.de www.activate.social submitcus.lightboxcdn.com submit.lightboxcdn.com stats.g.doubleclick.net d2axdqolvqmdvx.cloudfront.net www.google.ch www.pollenapps.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.xtento.com cdn.xtento.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; connect-src gethatch.com *.gethatch.com maps.googleapis.com consent.trustarc.com rules.ee.channels.ocs.oraclecloud.com vice-prod.sdiapi.com rules.atgsvcs.com in.hotjar.com ct.pinterest.com rum-0ea7c26e-a032-4889-89d5-7e0c48a6fb85.rapidspike.com reports.sdiapi.com bam-cell.nr-data.net analytics.google.com crrecommendedmark.org stats.g.doubleclick.net bt.signifyd.com *.trustarc.com data-ejma.app.daas.us-phoenix-1.ocs.oraclecloud.com vc.hotjar.io region1.analytics.google.com www.google.co.in adservice.google.com www.google.com www.honeywellpluggedin.com bam.nr-data.net ws39.hotjar.com ws28.hotjar.com www.google.com.pk ws26.hotjar.com ws5.hotjar.com www.googletagmanager.com ws36.hotjar.com ws23.hotjar.com ws20.hotjar.com ws12.hotjar.com api.addressy.com ws11.hotjar.com ws18.hotjar.com www.google.co.uk ws3.hotjar.com ws2.hotjar.com www.google.ch ws37.hotjar.com ws10.hotjar.com ws24.hotjar.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com cdn.ampproject.org *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com webchat.dotdigital.com *.iterable.com *.brilliantcollector.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; script-src consent.trustarc.com gethatch.com *.gethatch.com maps.googleapis.com js.adsrvr.org ee.channels.ocs.oraclecloud.com rules.ee.channels.ocs.oraclecloud.com services.sdiapi.com vice-prod.sdiapi.com static.hotjar.com sc97923419us4.cobrowse.oraclecloud.com cdn-assets.rapidspike.com static.atgsvcs.com public.cobrowse.oraclecloud.com *.trustarc.com helenoftroy--tst3.custhelp.com www.googleoptimize.com script.hotjar.com www.google.com sc-static.net helenoftroy--tst3.widget.custhelp.com js-agent.newrelic.com www.rnengage.com bam-cell.nr-data.net ygscdn.azureedge.net static.ads-twitter.com s.pinimg.com rules.atgsvcs.com ajax.cloudflare.com www.youtube.com www.lightboxcdn.com lightboxapi.azurewebsites.net googleads.g.doubleclick.net connect.facebook.net www.googletagmanager.com tpc.googlesyndication.com www.honeywellpluggedin.com bam.nr-data.net optimize.google.com api.keen.io jsapi.lightboxcdn.com www.pollenapps.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.sharethis.com cdn.ampproject.org raw.githubusercontent.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com graph.facebook.com cdn.dnky.co webchat.dotdigital.com *.iterable.com *.brilliantcollector.com www.xtento.com cdn.xtento.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
script-src 'strict-dynamic' 'nonce-xwXOUwIWb5mdUoyQAlQmdQ==' 'unsafe-inline' http: https:; object-src 'none'; base-uri 'none'; require-trusted-types-for 'script'; frame-ancestors https://app.contentful.com; 1
default-src 'self' data: *; style-src 'self' 'unsafe-inline' *; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js https://cdn.syndication.twimg.com https://code.jquery.com https://kit.fontawesome.com/4f31121362.js https://cdn.jsdelivr.net/npm/algoliasearch@4.5.1/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4.8.3/dist/instantsearch.production.min.js https://platform.twitter.com https://stackpath.bootstrapcdn.com https://static.cloudflareinsights.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://challenges.cloudflare.com/turnstile/v0/api.js; 1
default-src 'self'; base-uri 'self'; img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://s.yimg.jp/ https://connect.facebook.net/ https://*.yahoo.co.jp/ https://maps.googleapis.com/ https://*.mul-pay.jp/ https://*.google.com https://global.localizecdn.com/ https://use.typekit.net/ https://cdnjs.cloudflare.com https://cdn.auth0.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net/; connect-src * data: blob: 'unsafe-inline'; frame-src https://*.google.com/ https://bid.g.doubleclick.net/ https://www.googletagmanager.com/ https://*.facebook.com/ https://www.youtube.com/; media-src * data: blob:; worker-src * data: blob: 1
default-src 'self' data: *.gt.cn  'unsafe-inline' 'unsafe-eval' mediastream: 1
script-src 'self' https: localhost:33209 *.hcaptcha.com giftcard.golfnow.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: localhost:33209 *.hcaptcha.com giftcard.golfnow.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: localhost:33209 *.hcaptcha.com; manifest-src 'self' https: localhost:33209; font-src 'self' https: localhost:33209 giftcard.golfnow.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https: localhost:33209 giftcard.golfnow.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; img-src 'self' https: localhost:33209 data: giftcard.golfnow.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https: localhost:33209; object-src 'self' https: localhost:33209; frame-ancestors 'self' https: localhost:33209; frame-src 'self' https: localhost:33209 *.hcaptcha.com; worker-src 'self' https: localhost:33209; base-uri 'self' https:;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default 1
frame-ancestors 'self' www.bibliotecanacionaldigital.gob.cl www.chileparaninos.gob.cl www.memoriachilena.gob.cl; 1
default-src 'self'  p11.techlab-cdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.zdassets.com https://*.zopim.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://www.gstatic.com https://*.gstatic.com https://*.googleadservices.com https://*.go-mpulse.net https://*.akamaihd.com https://*.akamaihd.net https://*.janraincapture.com https://rpxnow.com https://*.rpxnow.com https://*.nr-data.net https://*.newrelic.com https://*.youtube.com https://*.ytimg.com https://*.onetrust.com https://*.cookielaw.org https://*.driftt.com https://*.reevoo.com https://*.pricespider.com https://*.cloudfront.net https://*.mapbox.com https://*.hotjar.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://static.doubleclick.net https://*.linkedin.com https://*.licdn.com https://*.ads.linkedin.com https://*.facebook.net resource://pdf.js https://*.techlab-cdn.com p11.techlab-cdn.com; img-src 'self' data: blob: https://*.google.com https://*.zendesk.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.ggpht.com https://*.akamaihd.net https://*.google.by https://*.ytimg.com https://*.reevoo.com https://*.pricespider.com https://*.cloudfront.net https://stats.g.doubleclick.net https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.reevoo.com https://*.pricespider.com https://*.cloudfront.net https://*.mapbox.com https://*.typekit.net ; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://*.typekit.net ;  connect-src 'self' https://*.go-mpulse.net wss://*.zopim.com https://*.zendesk.com https://*.zdassets.com https://*.google-analytics.com https://*.googleapis.com https://*.googlevideo.com https://*.go-mpulse.net https://*.nr-data.net https://*.onetrust.com https://*.cookielaw.org wss://*.driftt.com https://*.reevoo.com https://*.mapbox.com https://googleads.g.doubleclick.net https://*.techlab-cdn.com https://optanon.blob.core.windows.net/logos/static/ot_guard_logo.svg  p11.techlab-cdn.com; worker-src 'self' data: blob: ; frame-src 'self' https://*.google.com https://*.force.com https://*.googletagmanager.com https://*.janraincapture.com https://*.youtube.com https://*.driftt.com https://*.reevoo.com https://*.pricespider.com ; frame-ancestors 'self' ; upgrade-insecure-requests ; media-src 'self' https://*.zdassets.com ; report-uri /csp.cgi ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://*.google.com/ https://*.google.ca/ https://cookie-cdn.cookiepro.com https://*.acuityplatform.com/ https://cdn.jsdelivr.net https://*.clarity.ms https://www.google-analytics.com/ https://*.doubleclick.net/ https://*.linkedin.com/ https://*.simplecast.com/ https://*.mapbox.com/ https://geolocation.onetrust.com/ https://*.googlesyndication.com https://*.jotform.com/ https://*.newrelic.com https://privacyportal.cookiepro.com/ https://cdnjs.cloudflare.com/ https://js.stripe.com/ https://www.facebook.com/ https://www.youtube.com/ https://maps.crisis24.com/ https://*.nr-data.net/ https://*.dayforcehcm.com/ https://*.bing.com/ https://*.facebook.net/ https://dev.visualwebsiteoptimizer.com/ https://*.garda.com/ https://*.pardot.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://cookie-cdn.cookiepro.com/ https://ajax.cloudflare.com/ https://www.googleadservices.com/ data: https://t.co/ https://*.twitter.com/ https://pixel.tapad.com/ https://i.ytimg.com/ https://dsum-sec.casalemedia.com/ https://match.adsrvr.org/ blob:; manifest-src 'self'; media-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; report-uri https://crisis24.garda.com/report-uri/enforce 1
script-src 'self' 'unsafe-eval' https://cryptonews.com.au https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem safe data: 'unsafe-inline' https://cryptonews.com.au https://*.cryptonews.com.au https://yoast.com https://*.wpengine.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com https://platform.twitter.com; frame-src 'self' blob: data: https://www.google.com/ https://*.youtube.com https://platform.twitter.com; font-src 'self' data: https://fonts.gstatic.com https://www.googletagmanager.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net google-analytics.com www.google-analytics.com googletagmanager.com www.googletagmanager.com static.hotjar.com script.hotjar.com googleads.g.doubleclick.net www.google.com use.fontawesome.com fonts.googleapis.com www.googleadservices.com ads.newtarget.com ajax.cloudflare.com form.jotform.com www.cognitoforms.com cognitoforms.com static.cognitoforms.com ntca.realmagnet.land realmagnet.land cdn.curator.io curator.io cdn.jsdelivr.net https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com platform.twitter.com s7.addthis.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' connect.facebook.net google-analytics.com www.google-analytics.com googletagmanager.com www.googletagmanager.com static.hotjar.com script.hotjar.com googleads.g.doubleclick.net www.google.com use.fontawesome.com fonts.googleapis.com www.googleadservices.com ntca.realmagnet.land realmagnet.land ads.newtarget.com form.jotform.com www.cognitoforms.com cdn.jotfor.ms cdn01.jotfor.ms cdn02.jotfor.ms cdn03.jotfor.ms www.gstatic.com cdnjs.cloudflare.com ajax.cloudflare.com www.magnetmail.net static.cognitoforms.com cognitoforms.com cdn.curator.io curator.io cdn.jsdelivr.net https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com platform.twitter.com s7.addthis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.fontawesome.com https://cdn.jsdelivr.net; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com use.fontawesome.com jotfor.ms www.cognitoforms.com cdn01.jotfor.ms cdn02.jotfor.ms cdn03.jotfor.ms cdn.curator.io https://cdn.jsdelivr.net; frame-ancestors 'self'; report-uri https://www.ntca.org/report-uri/enforce 1
require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/corplogin 1
default-src https: 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com;style-src 'self' 'unsafe-inline' https://fonts.bunny.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com;img-src 'self' data: https://ps.w.org https://www.googletagmanager.com https://www.google-analytics.com https://secure.gravatar.com https://wpmudev.com ;connect-src 'self' api.divigear.com https://stats.g.doubleclick.net https://www.google-analytics.com;font-src 'self' data: https://fonts.bunny.net https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com ;object-src 'self';media-src 'self';frame-src 'self' https://www.linkedin.com/ https://www.youtube.com https://jobs.localjobnetwork.com https://www.localjobnetwork.com https://www.google.com https://www.elegantthemes.com;form-action 'self' https://wpmudev.com; 1
default-src 'self'; connect-src 'self' http://ad.doubleclick.net https://*.analytics.google.com https://*.api.userway.org https://*.clarity.ms https://*.demdex.net https://*.eset.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.tt.omtrdc.net https://adservice.google.com https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.go-mpulse.net https://cc.eset.es https://cdn.acsbapp.com https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cookies-data.onetrust.io https://demos.eset.es https://ep.smct.co https://eset.tt.omtrdc.net https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://ipb.smct.co https://ipb.smct.io https://js.smct.co https://js.smct.io https://maps.googleapis.com https://privacyportal.onetrust.com https://px.ads.linkedin.com https://region1.google-analytics.com https://replay.uxtweak.com https://s.yimg.com https://script.crazyegg.com https://smct.co https://stats.g.doubleclick.net https://tracker.clickguard.com https://www.facebook.com https://www.g2.com https://www.google-analytics.com https://www.google.by https://www.google.ch https://www.google.co.uk https://www.google.co.uz https://www.google.com https://www.google.com.tj https://www.google.com.tr https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lt https://www.google.lv https://www.google.pl https://www.google.ru https://www.googletagmanager.com wss://*.hotjar.com; font-src 'self' data: https://cdn.userway.org https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com; form-action 'self' https://enjoy.eset.com https://int.forms.eset.com https://notify.eset.com https://s1069307879.t.eloqua.com https://secure.eset-la.com https://store.eset.com https://support.eset.com https://webto.salesforce.com; frame-ancestors 'self'; frame-src 'self' http://descargas.eset.es https://*.fls.doubleclick.net https://8117415.fls.doubleclick.net https://backend.eset.es https://bid.g.doubleclick.net https://demos.eset.es https://descargas.eset.es https://download.eset.com https://eset.demdex.net https://formulario.eset.es https://hemsync.clickagy.com https://int.form.eset.com https://js.smct.io https://ls.smct.co https://protectdemo.eset.com https://smct.co https://td.doubleclick.net https://tpc.googlesyndication.com https://unity.survey-solutions.cloud https://vars.hotjar.com https://widget.trustpilot.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: http://ad.doubleclick.net https://*.adform.net https://*.ads.linkedin.com https://*.gstatic.com https://*.gstatic.com https://*.yahoo.co.jp https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.at https://adservice.google.ch https://adservice.google.co.jp https://adservice.google.com https://adservice.google.de https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.bing.com https://c.clarity.ms https://captcha.eset.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.smct.co https://cdn.smct.io https://cdn1.esetstatic.com https://cm.everesttech.net https://cm.g.doubleclick.net https://connect.facebook.net https://dc.ads.linkedin.com https://demos.eset.es https://dpm.demdex.net https://events.smct.co https://googleads.g.doubleclick.net https://i.ytimg.com https://images.g2crowd.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pubads.g.doubleclick.net https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://script.hotjar.com https://sgtm.eset.com https://ssitecat.eset.com https://ssl.google-analytics.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://tribl.io https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.tt https://www.google.vg https://www.google.vu https://www.googleadservices.com https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com; manifest-src 'self'; media-src 'self'; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.la1-c2-fra.salesforceliveagent.com https://*.replay.uxtweak.com https://*.salesforceliveagent.com https://acsbap.com https://acsbapp.com https://assets.esetstatic.com https://backend.eset.es https://bat.bing.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cdnjs.cloudflare.com https://connect.facebook.net https://d.la1-c2-cdg.salesforceliveagent.com https://embed.tawk.to https://googleads.g.doubleclick.net https://img06.en25.com https://invitejs.trustpilot.com https://js.smct.co https://js.smct.io https://maps.googleapis.com https://pagead2.googlesyndication.com https://platform.twitter.com https://s786665.t.eloqua.com https://script.hotjar.com https://sgtm.eset.com https://smct.co https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.hotjar.com https://store.eset.com https://tpc.googlesyndication.com https://tribl.io https://widget.trustpilot.com https://www.clarity.ms https://www.google-analytics.com https://www.google.ae https://www.google.am https://www.google.at https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.ca https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zw https://www.google.com https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.md https://www.google.me https://www.google.mk https://www.google.nl https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.se https://www.google.si https://www.google.sk https://www.google.tn https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com https://static.hotjar.com; worker-src 'self'; report-uri https://www-eset-com.api.cspconsole.com/v1/csp/report; report-to default; 1
frame-ancestors 'self' https://www.googletagmanager.com/gtm.js https://www.google.com/cse/ https://cse.google.com/cse.js https://cse.google.com/cse/ https://cse.google.com/adsense/ https://www.google.com/recaptcha/ https://*.dcube.cloud https://*.wogaa.sg https://partner.googleadservices.com/gampad/cookie.js https://www.google-analytics.com/g/ https://www.gstatic.com/recaptcha/ https://encrypted-tbn0.gstatic.com https://encrypted-tbn1.gstatic.com https://encrypted-tbn2.gstatic.com https://encrypted-tbn3.gstatic.com; script-src 'self' blob: 'self' https://www.googletagmanager.com/gtm.js https://www.google.com/cse/ https://cse.google.com/cse.js https://cse.google.com/cse/ https://cse.google.com/adsense/ https://www.google.com/recaptcha/ https://*.dcube.cloud https://*.wogaa.sg https://partner.googleadservices.com/gampad/cookie.js https://www.google-analytics.com/g/ https://www.gstatic.com/recaptcha/ https://encrypted-tbn0.gstatic.com https://encrypted-tbn1.gstatic.com https://encrypted-tbn2.gstatic.com https://encrypted-tbn3.gstatic.com; base-uri 'none'; object-src 'none'; 1
default-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net www.facebook.com www.google-analytics.com www.youtube.com *.paytrail.com ajax.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.goodleadservices.com *.handshake.fi *.tiktok.com *.stripe.com *.getresponse360.pl *.getresponse.com *.gr-cdn.com *.gr-cdn-e.eu *.gr-wcon.com *.bing.com handshakemarketing.fi *.handshakemarketing.fi *.paypal.com *.googleadservices.com *.doubleclick.net autodude.se autodude.se www.autodude.fi autodude.fi valostore.fi www.valostore.fi valostore.se www.valostore.se valostore.no www.valostore.no autodude.se www.autodude.se autodude.no www.autodude.no metrics.autodude.se  *.freshchat.com *.freshworks.com *.klarna.com *.klarnaservices.com *.klarnacdn.net *.klarna.net *.adii.se *.adii.io static.criteo.net *.criteo.com *.getblue.io sc.lfeeder.com;connect-src 'self' *.google.fi *.google.se *.google-analytics.com *.analytics.google.com www.facebook.com *.g.doubleclick.net *.tiktok.com *.ingest.sentry.io *.getresponse360.pl *.getresponse.com *.getresponse.pl *.pangle-ads.com *.googlesyndication.com properties *.paypal.com https://proxy.handshake.fi metrics.autodude.se *.adii.io *.freshworks.com *.freshdesk.com *.klarnaevt.com *.klarna.com *.klarnaservices.com *.klarnacdn.net *.klarna.net *.adii.io *.criteo.com *.getblue.io;img-src https: data: http: blob:;style-src 'self' https: 'unsafe-inline' fonts.gstatic.com 'unsafe-inline' *.dinox.fi;font-src 'self' https: data: fonts.gstatic.com;frame-src *.facebook.com *.youtube.com *.google.com *.stripe.com *.getresponse360.pl *.getresponse.com *.doubleclick.net *.paypal.com *.vimeo.com metrics.autodude.se  wchat.eu.freshchat.com *.freshchat.com *.klarna.com *.klarna.net *.klarnaservices.com *.criteo.com *.criteo.net *.getblue.io;script-src-attr 'unsafe-inline';form-action *.facebook.com;base-uri 'self';frame-ancestors 'self';object-src 'none';upgrade-insecure-requests 1
default-src 'self' blob:; 
                                                        style-src  'unsafe-inline' 'unsafe-eval' https:; 
                                                        img-src * data: blob: filesystem:; 
                                                        media-src https:; 
                                                        connect-src https: wss:; 
                                                        font-src https: data:; 
                                                        object-src https: blob:; 
                                                        script-src 'unsafe-inline' 'unsafe-eval' https:; 1
base-uri 'self'; script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/ 'nonce-WMQPUvs9vUA7YHkPmTgI4g=='; frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io events.launchdarkly.com app.launchdarkly.com fd-config.us-east-1.prod.public.atl-paas.net fd-config-bifrost.prod-east.frontend.public.atl-paas.net micros--prod-west--bitbucketci-file-service--files.s3.us-west-1.amazonaws.com micros--prod-east--bitbucketci-file-service--files.s3.amazonaws.com micros--stg-west--bitbucketci-file-service--files.s3.us-west-1.amazonaws.com micros--stg-east--bitbucketci-file-service--files.s3.amazonaws.com micros--ddev-west--bitbucketci-file-service--files.s3.ap-southeast-2.amazonaws.com bqlf8qjztdtr.statuspage.io https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/; object-src 'none'; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' 'unsafe-inline' ; img-src * 'self' data: ; frame-src * ; 1
font-src fonts.gstatic.com use.typekit.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.gstatic.com https://*.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.raylopay.com *.raylo.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com account.fetchify.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.powerbi.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com d2d7do8qaecbru.cloudfront.net https://*.doubleclick.net https://*.google.com https://*.hotjar.com *.addthis.com eu-assets.klarnaservices.com *.trustpilot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.raylopay.com *.raylo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net validator.swagger.io https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.trackedlink.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.quantserve.com *.visualwebsiteoptimizer.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com https://*.doubleclick.net https://*.google.co.uk https://*.cloudfront.net *.klarna.com *.klarnaevt.com *.klarnacdn.net *.facebook.com *.gstatic.com *.googleapis.com *.cookiepro.com www.google.com.vn www.google.co.uk vumbnail.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com assets.adobedtm.com commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.visualwebsiteoptimizer.com *.cookiepro.com *.webgains.io *.webgains.com *.quantserve.com *.quantcount.com *.newrelic.com *.googlesyndication.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com *.klarnaservices.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.googletagmanager.com *.facebook.net *.trustpilot.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.raylopay.com *.raylo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com cc-cdn.com https://*.googleapis.com https://*.typekit.net *.klarnacdn.net *.fontawesome.com x.klarnacdn.net *.trustpilot.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.raylopay.com *.raylo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cookiepro.com *.quantcount.com *.doubleclick.net *.onetrust.com *.hotjar.io *.hotjar.com wss://ws.hotjar.com *.visualwebsiteoptimizer.com *.webgains.io *.webgains.com *.trustpilot.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net *.klarnaservices.com *.addthis.com *.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.raylopay.com *.raylo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; frame-ancestors 'self' test-areacliente.cloudapp.repsol.com pre-areacliente.repsol.es areacliente.repsol.es waylet.es; frame-src * ; media-src *; img-src * blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google-analytics.com *.analytics.google.com *.krxd.net www.repsol.com www.dev-com.repsol.com www.google.com cdn.cookielaw.org p.teads.tv platform.twitter.com px.sunmedia.tv secure.adnxs.com s.yimg.com cdn.taboola.com pixel.mathtag.com amplify.outbrain.com bat.bing.com d1skycrvs9ubse.cloudfront.net www.gstatic.com googleads.g.doubleclick.net cdn.krxd.net *.hotjar.com www.googleadservices.com www.dev-net.repsol.com www.google-analytics.com cdns.eu1.gigya.com consent.cookiebot.com connect.facebook.net consentcdn.cookiebot.com assets.adobedtm.com www.googletagmanager.com www.youtube.com apis.google.com t.womtp.com ws.walmeric.com maps.googleapis.com unpkg.com sdk.inbenta.io up.pixel.ad static.ads-twitter.com secure-ds.serving-sys.com i.clarity.ms trc.taboola.com tr.outbrain.com bs.serving-sys.com embed.typeform.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com *.tiktok.com *.presage.io *.kmtx.io *.outbrain.com  dynamic.criteo.com sslwidget.criteo.com app.smootcdn.com repsol.atbnd.com *.aklamio.com; style-src * 'unsafe-inline'; font-src * blob: data:; connect-src *; object-src 'none' 1
upgrade-insecure-requests; frame-ancestors 'self' https://nontondonghua.xyz 1
default-src 'self' 'unsafe-eval' https://*.bcec.vn https://*.baochauelec.com https://bcec.vn https://baochauelec.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: data:; img-src 'self' data: https: http: blob:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' data: https:; frame-src 'self' https://*.zalo.me https://*.bcec.vn https://googleads.g.doubleclick.net https://*.doubleclick.net https://*.baochauelec.com https://*.facebook.com https://*.google.com https://youtube.com https://*.youtube.com https://twitter.com https://*.twitter.com https://vars.hotjar.com/ https://www.clarity.ms https://api.sbz.vn https://vcdn.subiz-cdn.com https://widget.subiz.net https://*.dmca.com; media-src 'self' https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.clarity.ms https://cdn.fbsbx.com https://*.bcec.vn https://*.baochauelec.com https://api.sbz.vn https://vcdn.subiz-cdn.com https://widget.subiz.net https://*.dmca.com; connect-src 'self' https://analytics.tiktok.com https://pagead2.googlesyndication.com https://*.tiktok.com https://*.crazyegg.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://vc.hotjar.io https://in.hotjar.com https://www.facebook.com https://*.twitter.com https://*.facebook.com https://*.googleapis.com https://*.google-analytics.com connect.facebook.net *.ampproject.net cdn.ampproject.org https://*.google.com https://*.baochauelec.com wss://*.baochauelec.com https://za.zalo.me https://www.clarity.ms https://api.sbz.vn https://vcdn.subiz-cdn.com https://widget.subiz.net https://*.dmca.com; object-src 'self' 1
child-src  www.paypalobjects.com blob: data:; connect-src  brecksca.cv3admin.com *.listrakbi.com *.listrak.com www.google-analytics.com *.google-analytics.com *.powerreviews.com *.doubleclick.net *.google.com bat.bing.com www.paypal.com *.smartystreets.com analytics.google.com *.google-analytics.com *.analytics.google.com ct.pinterest.com/user/  *.googleapis.com brecks-ca.attn.tv events.attentivemobile.com s.yimg.com *.clarity.ms *.sharethis.com *.brecksbulbs.ca *.crazyegg.com www.facebook.com *.crwdcntrl.net gardensalive.force.com api.cloudinary.com www.googletagmanager.com gardensalive.my.site.com *.searchspring.io *.searchspring.net optimize.google.com *.omnichannelengagementhub.com; default-src  h2.commercev3.net/cdn.brecksbulbs.ca/ cdn.brecksbulbs.ca 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com blob: data:; font-src  brecksca.cv3admin.com h2.commercev3.net/cdn.brecksbulbs.ca/ cdn.brecksbulbs.ca fonts.gstatic.com *.bootstrapcdn.com  www.brecksbulbs.ca use.fontawesome.com data:; form-action  www.facebook.com www.paypal.com checkout.sezzle.com www.brecksbulbs.ca *.salesforce.com brecksca.cv3admin.com; frame-src  *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com *.sharethis.com t.sharethis.com service.force.com creatives.attn.tv *.googlesyndication.com *.googletagmanager.com web.facebook.com view.publitas.com gardensalive.my.salesforce.com *.crazyegg.com optimize.google.com *.azureedge.net; frame-ancestors  www.brecksbulbs.ca; img-src  h2.commercev3.net/cdn.brecksbulbs.ca/ cdn.brecksbulbs.ca *.google-analytics.com *.google.com ct.pinterest.com/v3/ s3.amazonaws.com *.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ sp.analytics.yahoo.com brecksca.cv3admin.com c.clarity.ms *.powerreviews.com *.sharethis.com *.brecksbulbs.ca www.google.ca www.brecksbulbs.ca *.gstatic.com brecks-ca.attn.tv res.cloudinary.com www.googleadservices.com connect.facebook.net www.google.co.in www.pages08.net *.crazyegg.com events.attentivemobile.com *.cloudfront.net *.searchspring.io; script-src  h2.commercev3.net/cdn.brecksbulbs.ca/ cdn.brecksbulbs.ca 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com/recaptcha/ cdn.attn.tv www.clarity.ms s.yimg.com garecommend.gardensalive.com brecksca.cv3admin.com ajax.aspnetcdn.com api.universalcookie.com www.googleoptimize.com www.google.com *.sharethis.com  service.force.com *.salesforceliveagent.com www.brecksbulbs.ca *.googlesyndication.com gardensalive.force.com static.lightning.force.com gardensalive.my.salesforce.com mpsnare.iesnare.com *.publitas.com js.maxmind.com www.sc.pages08.net *.crazyegg.com google-analytics.com gardensalive.my.site.com cdnjs.cloudflare.com *.searchspring.io *.searchspring.net optimize.google.com *.azureedge.net; script-src-elem  h2.commercev3.net/cdn.brecksbulbs.ca/ cdn.brecksbulbs.ca 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com/recaptcha/ cdn.attn.tv www.clarity.ms s.yimg.com garecommend.gardensalive.com brecksca.cv3admin.com ajax.aspnetcdn.com api.universalcookie.com www.googleoptimize.com www.google.com *.sharethis.com  service.force.com *.salesforceliveagent.com www.brecksbulbs.ca *.googlesyndication.com gardensalive.force.com static.lightning.force.com gardensalive.my.salesforce.com mpsnare.iesnare.com *.publitas.com js.maxmind.com www.sc.pages08.net *.crazyegg.com google-analytics.com gardensalive.my.site.com cdnjs.cloudflare.com *.searchspring.io *.searchspring.net optimize.google.com *.azureedge.net; style-src  h2.commercev3.net/cdn.brecksbulbs.ca/ cdn.brecksbulbs.ca 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net brecksca.cv3admin.com ajax.googleapis.com ws.sharethis.com  service.force.com gardensalive.force.com *.googleapis.com gardensalive.my.salesforce.com *.crazyegg.com gardensalive.my.site.com optimize.google.com *.azureedge.net; style-src-elem  h2.commercev3.net/cdn.brecksbulbs.ca/ cdn.brecksbulbs.ca 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net brecksca.cv3admin.com ajax.googleapis.com ws.sharethis.com  service.force.com gardensalive.force.com *.googleapis.com gardensalive.my.salesforce.com *.crazyegg.com gardensalive.my.site.com optimize.google.com *.azureedge.net; style-src-attr  'unsafe-inline'; media-src  brecksca.cv3admin.com h2.commercev3.net/cdn.brecksbulbs.ca/ cdn.brecksbulbs.ca www.bing.com www.brecksbulbs.ca; 1
block-all-mixed-content; frame-ancestors *.cabralmotor.com.br 1
frame-ancestors 'self';block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://dynatraceprd.cpfl.com.br:9999 https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://www.clarity.ms https://v.clarity.ms https://google-analytics.com https://googletagmanager.com https://ssl.google-analytics.com https://static.cloudflareinsights.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleoptimize.com https://www.google.com https://www.googletagmanager.com;style-src 'self' 'report-sample' 'unsafe-inline' *.google.com cdn.jsdelivr.net fonts.googleapis.com www.googletagmanager.com;object-src *.googlesyndication.com;child-src 'self' blob: *.google.com *.doubleclick.net *.googlesyndication.com www.googletagmanager.com;base-uri 'self';form-action 'self' *.google.com;worker-src 'self' blob: www.google.com 1
frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; default-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: fonts.gstatic.com; frame-src 'self' bid.g.doubleclick.net www.google.com; img-src * data: blob: 'unsafe-inline' 'self' www.google.com.uy/ www.google.com.pr/ deshow2.azureedge.net/ www.facebook.com www.google-analytics.com secure.gravatar.com/avatar/ www.google.com/recaptcha/; child-src 'none'; manifest-src 'self'; media-src 'self'; worker-src 'none'; base-uri 'self'; 1
upgrade-insecure-requests; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; script-src 'self' *.googleadservices.com *.cloudflare.com *.newrelic.com *.googletagmanager.com *.google.com *.translate.google.com *.googleapis.com *.tinymce.com *.twitter.com *.facebook.net *.gstatic.com *.intercom.io *.google-analytics.com *.nr-data.net *.intercomcdn.com *.tiny.cloud *.clarity.ms *.licdn.com *.googlesyndication.com *.g.doubleclick.net *.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; report-uri https://sentry.io/api/1455410/security/?sentry_key=d0d6eb54193b4525b8ff364e9d62b192&sentry_environment=production 1
frame-ancestors https://lc.faxcopy.sk https://www.faxcopy.sk https://lc.moduly-faxcopy.sk https://moduly.faxcopy.sk https://printstudio.faxcopy.sk https://www.darcekyodsrdca.sk https://www.dareckyodrdce.cz 1
default-src  'self' https://www.googleadservices.com https://*.google-analytics.com; connect-src 'self' https://*.doubleclick.net https://dyq8iclefrofd.cloudfront.net https://*.googleadservices.com https://www.googleadservices.com https://www.google-analytics.com wss://ws-eu.pusher.com https://*.pusher.com https://www.googletagmanager.com https://*.googlesyndication.com https://www.googletagservices.com https://mensatek.com https://www.mensatek.com https://smscertificado.es.com https://www.smscertificado.es https://lofirmo.com https://www.lofirmo.com https://*.google.es https://*.google.com https://consent.cookiefirst.com https://edge.cookiefirst.com https://api.cookiefirst.com/prod/consent about:; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://dyq8iclefrofd.cloudfront.net https://mensatek.com https://www.mensatek.com https://smscertificado.es.com https://www.smscertificado.es https://lofirmo.com https://www.lofirmo.com https://static3.avast.com data:; frame-ancestors 'none'; frame-src 'self' https://dyq8iclefrofd.cloudfront.net https://*.google.com https://*.youtube.com https://*.doubleclick.net https://*.googlesyndication.com https://*.googletagmanager.com https://www.mensatek.com:3333 https://mensatek.com:3333 https://smscertificado.es.com:3333 https://www.smscertificado.es:3333 https://lofirmo.com:3333 https://www.lofirmo.com:3333 https://lofirmo.es:3333 https://www.lofirmo.es:3333 https://www.facebook.com; child-src 'self' blob: https://*.google.com https://*.doubleclick.net https://*.googlesyndication.com; img-src 'self' https://dyq8iclefrofd.cloudfront.net https://*.google.es https://*.google.com https://*.google.cl https://*.google.com.pe https://*.google.com.bo https://*.google.com.do https://*.google.com.uy https://*.google.com.co https://*.google.co.uk https://*.google.pt https://*.google.co.ve https://*.google.com.ar https://*.google.com.pa https://*.google.nl https://*.google.be https://*.google.com.mx https://*.google.de https://*.google.fr https://*.google.fi https://www.google.com.ng https://www.google.com.pr https://www.google.com.ec https://www.google.co.id https://www.google.com.hk https://www.google.co.kr https://www.google.at https://www.google.se https://www.google.hn https://*.google-analytics.com https://www.google-analytics.com https://*.gstatic.com https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://cdn.jsdelivr.net https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.avast.com https://mensatek.com https://www.mensatek.com https://smscertificado.es.com https://www.smscertificado.es https://lofirmo.com https://www.lofirmo.com https://*.googleapis.com data:; script-src 'self' 'unsafe-inline' 'nonce-947349768355' https://code.jquery.com https://dyq8iclefrofd.cloudfront.net https://cdnjs.cloudflare.com https://*.g.doubleclick.net https://*.pusher.com https://www.mensatek.com https://mensatek.com https://smscertificado.es.com https://www.smscertificado.es https://lofirmo.com https://www.lofirmo.com https://cdn.jsdelivr.net https://*.doubleclick.net https://*.googleadservices.com https://*.google.com https://*.googlesyndication.com https://*.googletagservices.com https://*.googletagmanager.com https://*.google.es https://ssl.google-analytics.com https://www.google-analytics.com *.google-analytics.com https://*.googleapis.com https://www.gstatic.com https://*.google-analytics.com https://*.scr.kaspersky-labs.com https://maxcdn.bootstrapcdn.com https://*.facebook.net https://*.asetecgroup.es https://consent.cookiefirst.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://dyq8iclefrofd.cloudfront.net https://*.googleapis.com https://*.google.com https://www.gstatic.com https://mensatek.com https://www.mensatek.com https://smscertificado.es.com https://www.smscertificado.es https://lofirmo.com https://www.lofirmo.com https://*.google-analytics.com https://consent.cookiefirst.com; object-src 'self' https://*.googlesyndication.com; media-src 'self' https://dyq8iclefrofd.cloudfront.net https://mensatek.com https://www.mensatek.com https://smscertificado.es.com https://www.smscertificado.es https://lofirmo.com https://www.lofirmo.com https://dai.google.com; form-action 'self' https://*.google.com;  worker-src 'self' blob: https://www.google.com https://mensatek.com https://www.mensatek.com https://smscertificado.es.com https://www.smscertificado.es https://lofirmo.com https://www.lofirmo.com; upgrade-insecure-requests; report-to recibecsp;; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://brands.town; img-src 'self' https: data: blob: https://brands.town; style-src 'self' https://brands.town 'nonce-/L1iyGuem2G9BKUfH9Ogsw=='; media-src 'self' https: data: https://brands.town; frame-src 'self' https:; manifest-src 'self' https://brands.town; form-action 'self'; child-src 'self' blob: https://brands.town; worker-src 'self' blob: https://brands.town; connect-src 'self' data: blob: https://brands.town https://brandstown.files.fedi.monster wss://brands.town; script-src 'self' https://brands.town 'wasm-unsafe-eval' 1
font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://media.flixcar.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com https://dev-kpaymentgateway-services.kasikornbank.com/* https://kpaymentgateway.kasikornbank.com/* www.thaiepay.com *.paysolutions.asia *.ktc.co.th https://servicekrungsrigroup.com/epp/payment https://servicekrungsrigroup.com/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://www.thaiepay.com/epaylink/payment.aspx https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com https://dev-kpaymentgateway.kasikornbank.com/ https://kpaymentgateway.kasikornbank.com/ *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com https://accounts.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com * https://rt.flix360.co https://rt.flix360.com https://media.flixcar.co https://media.flixcar.com *.meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.fontawesome.com * https://media.flixfacts.com https://prod.flixgvid.flix360.io https://media.flixcar.com https://www.facebook.com https://web.facebook.com https://dev-kpaymentgateway.kasikornbank.com/* https://kpaymentgateway.kasikornbank.com/* *.meetanshi.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://accounts.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com https://media.flixcar.com https://sf16-website-login.neutral.ttwstatic.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://accounts.google.com https://www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://dji-official-fe.djicdn.com https://stag-dji-official-fe.djicdn.com https://stormsend1.djicdn.com https://us-cms-videos.dji.net https://cdn.shopify.com https://cdn.shopifycdn.net https://media.insta360.com https://zhiyun-website-shenzhen.oss-cn-shenzhen.aliyuncs.com https://media.flixcar.com https://www.facebook.com https://web.facebook.com https://static.gopro.com https://videos.ctfassets.net https://omsystem.com https://cdn.rode.com https://www.dji.com/* https://www.dji.com/global/mavic-3 https://www1.djicdn.com * 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://stats.g.doubleclick.net https://media.flixcar.com https://www.facebook.com https://web.facebook.com https://dev-kpaymentgateway.kasikornbank.com/ui/v2/index.html https://kpaymentgateway.kasikornbank.com/ui/v2/index.html *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com https://accounts.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://static.iyzipay.com https://stg.iyzipay.com https://*.personaclick.com https://cdnjs.cloudflare.com https://www.googleadservices.com https://*.hotjar.com https://analytics.tiktok.com 1
frame-ancestors 'self' https://*.visitor.chat 1
default-src 'none'; script-src 'self' 'sha256-BgYSXNAZy6MQ8z95vq18kSOG8UmtHNSZ5ZqHZSWY4oc=' 'sha256-r5516kbxsf4h2fsj9rxDwVvZlEqXCuM6OejpEhrfSmE=' https://www.google-analytics.com https://www.googletagmanager.com https://cdn.jsdelivr.net/particles.js/2.0.0/particles.min.js; style-src 'self' 'sha256-oEi2dZdFQZu4xhBp+6V63wD5eZiXZ/lxLzpKy95Hs0k=' https://fonts.googleapis.com; img-src 'self' https://www.google-analytics.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; base-uri 'none'; connect-src 'none'; media-src 'none'; object-src 'none'; worker-src 'none'; frame-ancestors 'none'; form-action 'none'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; manifest-src 'none'; referrer no-referrer-when-downgrade; 1
child-src 'self' https://*.hotjar.com https://www.gcx.com blob:; connect-src 'self' https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.hotjar.com https://*.hotjar.io https://*.mktoresp.com https://*.wistia.com https://*.youtube.com https://maps.googleapis.com https://tagmanager.google.com https://www.gcx.com https://www.googletagmanager.com wss://*.hotjar.com https://cdn-ilacpej.nitrocdn.com/ https://to.getnitropack.com/; default-src 'self' https://www.gcx.com; font-src 'self' data: https://*.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gcx.com https://cdn-ilacpej.nitrocdn.com/; frame-ancestors 'self' https://*.smartvault.com https://www.gcx.com; frame-src 'self' https://*.cookiebot.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.hotjar.com/ https://*.instagram.com https://*.marketo.com https://*.sitescout.com https://*.smartvault.com https://*.vimeo.com https://*.wistia.com/ https://*.youtube.com https://s-static.ak.facebook.com https://tagmanager.google.com https://www.gcx.com data:; img-src 'self' data: https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.hr https://*.gravatar.com https://*.gstatic.com https://*.instagram.com https://*.linkedin.com https://*.wistia.com https://*.yahoo.com https://*.youtube.com https://bat.bing.com https://googleads.g.doubleclick.net https://img.youtube.com https://maps.googleapis.com https://media.licdn.com https://storage.pardot.com https://www.gcx.com https://www.googletagmanager.com https://cdn-ilacpej.nitrocdn.com/; media-src 'self' blob: data: file: https://*.wistia.com/ https://www.gcx.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.ads-twitter.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.hotjar.com https://*.instagram.com https://*.marketo.com https://*.marketo.net https://*.pardot.com https://*.twitter.com https://*.vimeo.com https://*.wistia.com https://bat.bing.com https://cdnjs.cloudflare.com https://connect.facebook.net https://nitroscripts.com https://recruitingbypaycor.com https://tagmanager.google.com https://wistia.com https://www.gcx.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com blob: https://cdn-ilacpej.nitrocdn.com/; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.gravatar.com https://*.marketo.com https://tagmanager.google.com https://www.gcx.com blob: 'unsafe-eval' https://cdn-ilacpej.nitrocdn.com/; worker-src 'self' blob: data: file: filesystem: https://www.gcx.com unsafe-eval unsafe-inline https://cdn-ilacpej.nitrocdn.com/ 1
default-src * 'unsafe-inline' 'unsafe-eval' 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline' 'self'; frame-src *; style-src * 'unsafe-inline'; font-src * data: blob:; 1
default-src 'self' https://*.googleapis.com/ https://kudykvolbam.iprpraha.cz/ https://*.matterport.com/ https://matterport.com/ https://soundcloud.com/ https://*.soundcloud.com/ https://www.google-analytics.com/ https://*.google-analytics.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://polyfill.io/ https://*.polyfill.io/ https://*.matterport.com/ https://*.mapy.cz/ https://*.praha3.cz/ https://*.praha3.cz:8443/ https://praha3.cz/ http://*.googleapis.com/ http://www.google-analytics.com/ http://*.google.com/ http://*.youtube.com/ http://*.gstatic.com/ http://*.cloudflare.com/ http://*.bootstrapcdn.com/ http://*.klicenka.uvm.cz/ http://*.doubleclick.net/ http://*.mapy.cz/ http://polyfill.io/ http://*.polyfill.io/ http://*.matterport.com/ http://*.mapy.cz/ http://*.praha3.cz/ http://praha3.cz/ https://*.googletagmanager.com/ https://*.facebook.net/ https://*.facebook.com/ https://*.spadovostpraha.cz/ https://*.mapotic.com/ https://*.iprpraha.cz/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com/ https://kudykvolbam.iprpraha.cz/ https://*.matterport.com/ https://matterport.com/ https://soundcloud.com/ https://*.soundcloud.com/ https://www.google-analytics.com/ https://*.google-analytics.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://polyfill.io/ https://*.polyfill.io/ https://*.matterport.com/ https://*.mapy.cz/ https://*.praha3.cz/ https://*.praha3.cz:8443/ https://praha3.cz/ http://*.googleapis.com/ http://www.google-analytics.com/ http://*.google.com/ http://*.youtube.com/ http://*.gstatic.com/ http://*.cloudflare.com/ http://*.bootstrapcdn.com/ http://*.klicenka.uvm.cz/ http://*.doubleclick.net/ http://*.mapy.cz/ http://polyfill.io/ http://*.polyfill.io/ http://*.matterport.com/ http://*.mapy.cz/ http://*.praha3.cz/ http://praha3.cz/ https://*.googletagmanager.com/ https://*.facebook.net/ https://*.facebook.com/ https://*.spadovostpraha.cz/ https://*.mapotic.com/ https://*.iprpraha.cz/ ; connect-src 'self' https://*.googleapis.com/ https://kudykvolbam.iprpraha.cz/ https://*.matterport.com/ https://matterport.com/ https://soundcloud.com/ https://*.soundcloud.com/ https://www.google-analytics.com/ https://*.google-analytics.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://polyfill.io/ https://*.polyfill.io/ https://*.matterport.com/ https://*.mapy.cz/ https://*.praha3.cz/ https://*.praha3.cz:8443/ https://praha3.cz/ http://*.googleapis.com/ http://www.google-analytics.com/ http://*.google.com/ http://*.youtube.com/ http://*.gstatic.com/ http://*.cloudflare.com/ http://*.bootstrapcdn.com/ http://*.klicenka.uvm.cz/ http://*.doubleclick.net/ http://*.mapy.cz/ http://polyfill.io/ http://*.polyfill.io/ http://*.matterport.com/ http://*.mapy.cz/ http://*.praha3.cz/ http://praha3.cz/ https://*.googletagmanager.com/ https://*.facebook.net/ https://*.facebook.com/ https://*.spadovostpraha.cz/ https://*.mapotic.com/ https://*.iprpraha.cz/ ; img-src 'self' data: blob: 'unsafe-inline' https://*.googleapis.com/ https://kudykvolbam.iprpraha.cz/ https://*.matterport.com/ https://matterport.com/ https://soundcloud.com/ https://*.soundcloud.com/ https://www.google-analytics.com/ https://*.google-analytics.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://polyfill.io/ https://*.polyfill.io/ https://*.matterport.com/ https://*.mapy.cz/ https://*.praha3.cz/ https://*.praha3.cz:8443/ https://praha3.cz/ http://*.googleapis.com/ http://www.google-analytics.com/ http://*.google.com/ http://*.youtube.com/ http://*.gstatic.com/ http://*.cloudflare.com/ http://*.bootstrapcdn.com/ http://*.klicenka.uvm.cz/ http://*.doubleclick.net/ http://*.mapy.cz/ http://polyfill.io/ http://*.polyfill.io/ http://*.matterport.com/ http://*.mapy.cz/ http://*.praha3.cz/ http://praha3.cz/ https://*.googletagmanager.com/ https://*.facebook.net/ https://*.facebook.com/ https://*.spadovostpraha.cz/ https://*.mapotic.com/ https://*.iprpraha.cz/ ; font-src 'self' https://*.googleapis.com/ https://kudykvolbam.iprpraha.cz/ https://*.matterport.com/ https://matterport.com/ https://soundcloud.com/ https://*.soundcloud.com/ https://www.google-analytics.com/ https://*.google-analytics.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://polyfill.io/ https://*.polyfill.io/ https://*.matterport.com/ https://*.mapy.cz/ https://*.praha3.cz/ https://*.praha3.cz:8443/ https://praha3.cz/ http://*.googleapis.com/ http://www.google-analytics.com/ http://*.google.com/ http://*.youtube.com/ http://*.gstatic.com/ http://*.cloudflare.com/ http://*.bootstrapcdn.com/ http://*.klicenka.uvm.cz/ http://*.doubleclick.net/ http://*.mapy.cz/ http://polyfill.io/ http://*.polyfill.io/ http://*.matterport.com/ http://*.mapy.cz/ http://*.praha3.cz/ http://praha3.cz/ https://*.googletagmanager.com/ https://*.facebook.net/ https://*.facebook.com/ https://*.spadovostpraha.cz/ https://*.mapotic.com/ https://*.iprpraha.cz/ ; style-src 'self' 'unsafe-inline' https://*.googleapis.com/ https://kudykvolbam.iprpraha.cz/ https://*.matterport.com/ https://matterport.com/ https://soundcloud.com/ https://*.soundcloud.com/ https://www.google-analytics.com/ https://*.google-analytics.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://polyfill.io/ https://*.polyfill.io/ https://*.matterport.com/ https://*.mapy.cz/ https://*.praha3.cz/ https://*.praha3.cz:8443/ https://praha3.cz/ http://*.googleapis.com/ http://www.google-analytics.com/ http://*.google.com/ http://*.youtube.com/ http://*.gstatic.com/ http://*.cloudflare.com/ http://*.bootstrapcdn.com/ http://*.klicenka.uvm.cz/ http://*.doubleclick.net/ http://*.mapy.cz/ http://polyfill.io/ http://*.polyfill.io/ http://*.matterport.com/ http://*.mapy.cz/ http://*.praha3.cz/ http://praha3.cz/ https://*.googletagmanager.com/ https://*.facebook.net/ https://*.facebook.com/ https://*.spadovostpraha.cz/ https://*.mapotic.com/ https://*.iprpraha.cz/ ; frame-src 'self' https://*.googleapis.com/ https://kudykvolbam.iprpraha.cz/ https://*.matterport.com/ https://matterport.com/ https://soundcloud.com/ https://*.soundcloud.com/ https://www.google-analytics.com/ https://*.google-analytics.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://polyfill.io/ https://*.polyfill.io/ https://*.matterport.com/ https://*.mapy.cz/ https://*.praha3.cz/ https://*.praha3.cz:8443/ https://praha3.cz/ http://*.googleapis.com/ http://www.google-analytics.com/ http://*.google.com/ http://*.youtube.com/ http://*.gstatic.com/ http://*.cloudflare.com/ http://*.bootstrapcdn.com/ http://*.klicenka.uvm.cz/ http://*.doubleclick.net/ http://*.mapy.cz/ http://polyfill.io/ http://*.polyfill.io/ http://*.matterport.com/ http://*.mapy.cz/ http://*.praha3.cz/ http://praha3.cz/ https://*.googletagmanager.com/ https://*.facebook.net/ https://*.facebook.com/ https://*.spadovostpraha.cz/ https://*.mapotic.com/ https://*.iprpraha.cz/ 1
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 1
font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://www.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://fonts.gstatic.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://www.gstatic.com; 1
frame-ancestors https://treasury.pncbank.com/* https://www.treasury.pncbank.com/* https://my.fnbmt.com/* https://digital-banking.mstreetbank.com/* https://devbank.banno-production.com/* 1
frame-ancestors 'self' https://my.mpskin.com app.storyblok.com 1
default-src 'self'; font-src 'self' fonts.gstatic.com; img-src 'self' 'unsafe-inline' data: portmvuploads.s3.ap-southeast-1.amazonaws.com imagedelivery.net; script-src 'self' 'unsafe-inline' https: 'nonce-lz21910k' 'strict-dynamic'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-src 'self' 'nonce-lz21910k' https://www.google.com/; object-src 'none'; base-uri 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' blob: https://www.googletagmanager.com https://www.google-analytics.com  https://stream.getspotlyte.com https://e.acuityplatform.com https://cdn.monsido.com https://js-agent.newrelic.com https://origin.acuityplatform.com https://static.addtoany.com https://snap.licdn.com https://app-script.monsido.com https://bam.nr-data.net https://players.brightcove.net https://vjs.zencdn.net https://static.getspotlyte.com; object-src 'self'; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://www.google-analytics.com https://cdn.monsido.com https://tracking.monsido.com https://px.ads.linkedin.com https://www.google.com  https://www.google-analytics.com https://pixel.tapad.com https://px4.ads.linkedin.com https://secure.adnxs.com https://x.bidswitch.net  https://eb2.3lift.com https://tags.bluekai.com https://pixel.advertising.com https://ums.acuityplatform.com https://*.brightcove.com https://cf-images.us-east-1.prod.boltdns.net; media-src 'self' blob:  https://manifest.prod.boltdns.net *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com; frame-src 'self' https://stream.getspotlyte.com https://static.addtoany.com https://td.doubleclick.net; frame-ancestors 'self' https://p2a.co; font-src 'self' data: https://themes.googleusercontent.com; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.design; img-src 'self' https: data: blob: https://mastodon.design; style-src 'self' https://mastodon.design 'nonce-DCXRPo+oSN+dht96YyFutA=='; media-src 'self' https: data: https://mastodon.design; frame-src 'self' https:; manifest-src 'self' https://mastodon.design; form-action 'self'; child-src 'self' blob: https://mastodon.design; worker-src 'self' blob: https://mastodon.design; connect-src 'self' data: blob: https://mastodon.design https://cdn.masto.host wss://mastodon.design; script-src 'self' https://mastodon.design 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://cms.deuxhuithuit.com 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.facebook.com https://facebook.net https://*.facebook.net https://*.snapchat.com https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.com https://accounts.google.com/gsi/ https://*.mrbit.bet *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com s4vds4.ujad65dsai.com asdaerq.dapmaptuns.com *.checkout.com *.browser-intake-datadoghq.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://app.vwo.com https://*.mrbit.bet; frame-src 'self' bankid://* https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://*.zignsec.com https://*.trustly.com https://*.regily.com https://*.sumsub.com https://*.biahosted.com https://*.aitcloud.de https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.bet https://* paymentpage.ecommpay.com asdaerq.dapmaptuns.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.gstatic.com https://recaptcha.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://*.snapchat.com https://snapchat.com https://sc-static.net https://*.facebook.com https://facebook.net https://*.facebook.net https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.com https://accounts.google.com/gsi/client https://*.mrbit.bet *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com asdaerq.dapmaptuns.com *.checkout.com 'nonce-iLfPH2hXCFEVs7d+IGYyVA5EDoYgogOSJDE5dUzfHAQ=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://accounts.google.com/gsi/style https://*.mrbit.bet *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com fasd63.illongrlong.com s4vds4.ujad65dsai.com asdaerq.dapmaptuns.com; worker-src 'self' blob:; report-uri https://mrbit.bet/sentry/api/41/csp-report/?sentry_key=38bd9ad353b94f1a8143ea227d160767 1
default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; block-all-mixed-content; frame-src https://www.youtube-nocookie.com https://privacy.telethon.fr/ 1
default-src 'self'; base-uri 'self'; img-src * data:; frame-src 'self' https://kaartapi.nl https://www.kaartapi.nl https://websurveys2.govmetric.com https://app-eu.readspeaker.com https://www.youtube-nocookie.com https://www.youtube.com https://content.googleapis.com/ https://vars.hotjar.com; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob:; script-src 'self' 'nonce-ODY1OWQzODYtZDE1ZC00Y2YzLWJjN2EtMjA2OTFhY2MzMjll' https://stats.pusher.com https://www.browsealoud.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://websurveys2.govmetric.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://cdn-eu.readspeaker.com https://virtuele-gemeente-assistent.nl https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com https://nl.postex.com https://meldingen.zeelandveilig.nl; connect-src 'self' https://sockjs-eu.pusher.com wss://ws-eu.pusher.com https://vttts-eu.readspeaker.com https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://wrapi-eu.readspeaker.com https://www.browsealoud.com https://plus.browsealoud.com https://speech.speechstream.net https://speech-eu.speechstream.net https://www.google-analytics.com https://maps.googleapis.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.obi4wan.ai https://app-eu.readspeaker.com/ https://hitcounter.govmetric.com https://platform.hireserve.nl/ https://cdn1.readspeaker.com https://maps.googleapis.com https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl ws://virtuele-gemeente-assistent.nl https://in.hotjar.com https://www.facebook.com https://cdn.linkedin.oribi.io https://meldingen.zeelandveilig.nl; object-src 'self' https://kaartapi.nl https://www.kaartapi.nl; style-src 'self' data: 'nonce-ODY1OWQzODYtZDE1ZC00Y2YzLWJjN2EtMjA2OTFhY2MzMjll' https://fonts.googleapis.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://websurveys2.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://maps.googleapis.com/ https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://meldingen.zeelandveilig.nl https://berichten.postex.com; font-src 'self' data: https://fonts.gstatic.com https://cdn1.readspeaker.com https://script.hotjar.com https://meldingen.zeelandveilig.nl;  1
default-src 'none'; base-uri 'self'; form-action 'self' https://dataplane.substack.com; script-src 'self' https://dataplane.substack.com 'sha256-W105M4zyxgBCYaCnpCPTO26mi7o7mStnSulFu4rNgRc=' https://cdnjs.cloudflare.com; style-src 'unsafe-hashes' 'self' 'sha256-6tzo8E2QXk9Q1hPlgW8haLONoOBIfDUVFvsw0LvHiZM=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-OTeu7NEHDo6qutIWo0F2TmYrDhsKWCzrUgGoxxHGJ8o=' 'sha256-wS7xf+bhXBr5EM064hQkAW0vX3ks5VoxbGn+KQC/Vhk=' 'sha256-fviu5RwuBYFcCd5CDanhy6NCLufcwvCAbm061aSqhoQ=' 'sha256-cxL35Ug49Sl1zHMOdz/r0xinQ6BYGgClHdDCk2XPTzE=' 'sha256-wS7xf+bhXBr5EM064hQkAW0vX3ks5VoxbGn+KQC/Vhk='; img-src 'self'; manifest-src 'self'; frame-src https://dataplane.substack.com; frame-ancestors 'none'; font-src 'self'; 1
default-src 'self' *.getunleash.io *.list-manage.com *.hsforms.com *.hsforms.net *.hotjar.com *.gstatic.com *.plausible.io *.youtube.com hubspot-forms-static-embed.s3.amazonaws.com; script-src 'report-sample' 'self' 'unsafe-eval' *.calendly.com *.getunleash.io *.hotjar.com *.hsforms.net *.youtube.com *.google.com *.gstatic.com optimize.google.com googleads.g.doubleclick.net js.hs-analytics.net js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net snap.licdn.com static.ads-twitter.com *.analytics.google.com *.google-analytics.com *.googleadservices.com *.googleoptimize.com *.googletagmanager.com js.hs-banner.com 'unsafe-inline' plausible.io *.lfeeder.com *.clearbitscripts.com *.clearbitjs.com static.reo.dev ipapi.co; style-src 'report-sample' 'self' *.getunleash.io optimize.google.com fonts.googleapis.com 'unsafe-inline' *.calendly.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.getunleash.io *.github.com calendly.com *.google.com *.hotjar.com *.hotjar.io *.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com plausible.io api.hubapi.com forms.hubspot.com js.hs-banner.com stats.g.doubleclick.net wss://*.hotjar.com hubspot-forms-static-embed.s3.amazonaws.com *.hscollectedforms.net *.oribi.io *.clearbit.com googleads.g.doubleclick.net *.googlesyndication.com api.reo.dev ipapi.co *.linkedin.com *.algolianet.com *.algolia.net; font-src 'self' fonts.googleapis.com fonts.gstatic.com script.hotjar.com; frame-src app.hubspot.com *.hotjar.com *.youtube.com *.hsforms.com *.hsforms.net *.google.com optimize.google.com *.doubleclick.net calendly.com; img-src 'self' data: *.getunleash.io *.calendly.com *.githubusercontent.com *.linkedin.com *.google.com *.google.pl *.google.no *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.hsforms.com optimize.google.com analytics.twitter.com t.co track.hubspot.com *.hotjar.com *.hsforms.net *.lfeeder.com *.youtube.com *.ytimg.com; manifest-src 'self'; worker-src 'none' 1
frame-ancestors 'self' http://www.stives.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com d3vqdsjiuv1717.cloudfront.net 1
default-src 'self'  https://*.hotjar.com/ https://*.hotjar.io/ https://www.cookiebot.com/ https://consentcdn.cookiebot.com/ https://consent.cookiebot.com/ https://www.google-analytics.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://consent.cookiebot.com/ https://consent.cookiebot.com/ http://platform.twitter.com/ https://www.google.com/recaptcha/ https://www.google-analytics.com/ https://www.googletagmanager.com/ http://pi.pardot.com/ http://cdn.pardot.com/ https://*.hotjar.com/ https://vimeo.com/ https://player.vimeo.com/api/player.js https://platform.twitter.com  http://widget.trustpilot.com/ https://widget.trustpilot.com/ https://cdn.syndication.twimg.com/ https://www2.smartestenergy.com https://syndication.twitter.com https://www.cookiebot.com/ https://consentcdn.cookiebot.com/ https://consent.cookiebot.com/ https://www.google.com/ https://www.gstatic.com/ https://diffuser-cdn.app-us1.com/diffuser/diffuser.js https://smartestenergy.activehosted.com/ https://prism.app-us1.com/;      frame-src 'self' https://vimeo.com/ https://id.stark.co.uk/ https://vars.hotjar.io/ https://vars.hotjar.com/ *.twimg.com  https://twitter.com/ https://www.google.com https://consentcdn.cookiebot.com https://player.vimeo.com/ https://www.youtube.com/  https://www2.smartestenergy.com/ https://platform.twitter.com/ https://uk.trustpilot.com/ https://widget.trustpilot.com/ https://www.buzzsprout.com/ https://syndication.twitter.com/;      connect-src 'self' data: https://*.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://*.hotjar.io/ wss://*.hotjar.io/ wss://hotjar.io wss://hotjar.com wss://*.hotjar.com/ https://*.hotjar.com/ https://consentcdn.cookiebot.com/ https://consent.cookiebot.com/ https://vc.hotjar.io/ https://surveystats.hotjar.io;      font-src 'self' data: https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://script.hotjar.io/ https://script.hotjar.com/;       style-src 'self' 'unsafe-inline' data: https://platform.twitter.com/ https://fonts.googleapis.com/ *.twimg.com;      img-src 'self' data: https://imgsct.cookiebot.com/ https://d226aj4ao1t61q.cloudfront.net/ d226aj4ao1t61q.cloudfront.net https://d226aj4ao1t61q.cloudfront.net/gxwooby50_forms-close-light.png https://www2.smartestenergy.com/ https://www.google-analytics.com/ https://platform.twitter.com/ *.twimg.com/ https://syndication.twitter.com/ https://www.google.com/ https://accounts.google.com https://dashboard.umbraco.org/ https://i.vimeocdn.com/ https://script.hotjar.com/ https://script.hotjar.io/ https://sto0webseleu.blob.core.windows.net/ https://imgsct.cookiebot.com/ https://d226aj4ao1t61q.cloudfront.net/esfkyjh1u_forms-close-dark.png; media-src 'self' 1
frame-ancestors 'self'; base-uri 'self'; form-action threedssvc.pay1.de www.sofort.com go.test.online-ident.ch go.online-ident.ch www.aldi-suisse.ch 'self' 1
default-src 'self'; script-src 'self' 'nonce-3iWWrunmN67Ks78JNCvhmQMT_72lCWiqyYYuACD0XozFbTbe01ANpQ' 'unsafe-eval' data: https://*.openstreetmap.org 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com *.hfmt-hamburg.de https://*.openstreetmap.org; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com; style-src-elem 'self' 'nonce-3iWWrunmN67Ks78JNCvhmQMT_72lCWiqyYYuACD0XozFbTbe01ANpQ' data: 'unsafe-inline' 'report-sample'; font-src 'self' data:; script-src-elem 'self' 'nonce-3iWWrunmN67Ks78JNCvhmQMT_72lCWiqyYYuACD0XozFbTbe01ANpQ' 'strict-dynamic' https: 'unsafe-eval' 'report-sample'; connect-src 'self' *.hfmt-hamburg.de blob: data: https://*.openstreetmap.org; report-uri https://intranet.hfmt-hamburg.de/@http-reporting?csp=report&requestTime=1721957452407222 1
default-src 'self'; script-src 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.google-analytics.com/ https://www.google.com/ https://www.gstatic.com/ https://consent.cookiefirst.com/ https://cdn.jsdelivr.net/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://widget.abi.ai/ https://unpkg.com/ https://cdn-next.caducy.fr/; style-src 'self' 'unsafe-inline' https://unpkg.com/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/ https://*.cookiefirst.com/; img-src 'self' data: https://unpkg.com/ https://*.basemaps.cartocdn.com/ https://*.google-analytics.com https://*.googletagmanager.com https://www.hcp.name/ https://i.ytimg.com/ https://consent.cookiefirst.com/; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.cookiefirst.com/ https://*.amazonaws.com/ https://assets.abi.ai/ https://cdn-next.caducy.fr/ https://medi24-api.addvanto.ch/ wss://*.amazonaws.com/ wss://apimeasure-next.caducy.fr; font-src 'self' https://fonts.gstatic.com/; frame-src 'self' https://www.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/; object-src 'none'; worker-src blob:; base-uri 'self'; frame-ancestors 'self' 1
default-src 'self' 'unsafe-eval' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 1
script-src 'report-sample' 'nonce-nuyJe76bnEVLG5IHrQnJ9Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /cspreport 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: provakil.com *.provakil.com *.cloudfront.net *.razorpay.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.google.com www.googletagmanager.com www.google-analytics.com *.gstatic.com js.driftt.com widget.driftqa.com *.drift.com browser.sentry-cdn.com sibautomation.com *.pipedriveassets.com *.pipedrive.com *.clarity.ms  login.microsoftonline.com *.microsoft.com *.live.com ajax.aspnetcdn.com sentry.io *.lfeeder.com *.hotjar.com *.doubleclick.net *.google-analytics.com *.wikimedia.org *.facebook.net *.facebook.com *.brevo.com; 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.aplay.casino *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com s4vds4.ujad65dsai.com asdaerq.dapmaptuns.com *.checkout.com *.browser-intake-datadoghq.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://app.vwo.com https://*.aplay.casino; frame-src 'self' bankid://* https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://*.zignsec.com https://*.trustly.com https://*.regily.com https://*.sumsub.com https://*.visualwebsiteoptimizer.com https://*.unetsafe.com https://*.atlantgaming.com https://*.aplay.casino https://* paymentpage.ecommpay.com asdaerq.dapmaptuns.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://*.aplay.casino *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com asdaerq.dapmaptuns.com *.checkout.com 'nonce-wugdnr5NmHnyksg5aQk/JspOoW3itaWAFZ1tLc9nUTI=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://*.aplay.casino *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com fasd63.illongrlong.com s4vds4.ujad65dsai.com asdaerq.dapmaptuns.com; worker-src 'self' blob:; report-uri https://aplay.casino/sentry/api/29/csp-report/?sentry_key=9db29a98a6d9444b8cfc0495de9b857a 1
frame-ancestors 'self' https://www.lesfermesdegally.com 1
base-uri 'self'; default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' *.isi.net 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://js.hubspot.com/web-interactives-embed.js https://x.clearbitjs.com/ https://tag.clearbitscripts.com/ https://www.googletagmanager.com/ https://js.hsforms.net https://cdn.mouseflow.com https://www.clarity.ms https://j.6sc.co/6si.min.js https://bat.bing.com https://googleads.g.doubleclick.net https://consentcdn.cookiebot.com https://www.google-analytics.com/analytics.js https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.googletagmanager.com/gtag/js https://connect.facebook.net/en_US/fbevents.js https://consent.cookiebot.com https://translate-pa.googleapis.com/v1/supportedLanguages https://js.hs-analytics.net https://www.clickcease.com/monitor/stat.js https://fast.wistia.com/assets/external/channel.js https://fast.wistia.net/embed/channel/project/ijfa90r4bh.json https://js.hs-analytics.net/analytics/1670866200000/9360314.js https://js.hs-banner.com/v2/9360314/banner.js https://js.hs-scripts.com/9360314.js https://js.hsadspixel.net/fb.js https://js.hscollectedforms.net/collectedforms.js https://js.hsleadflows.net/leadflows.js https://translate.google.com/translate_a/element.js https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_GB.I_n1hHNKRQg.O/d=1/exm=el_conf/ed=1/rs=AN8SPfq1BaON9PeD_0qd-QgiiAO9yry5vg/m=el_main https://www.gartner.com/reviews/public/Widget/js/widget.js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self' 'unsafe-inline' https://ajax.googleapis.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://translate.googleapis.com https://use.fontawesome.com https://www.gartner.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://region1.analytics.google.com/ https://n2.mouseflow.com/ https://monitor.clickcease.com/ https://app.clearbit.com https://c.6sc.co/ https://api.hubapi.com/ https://forms.hscollectedforms.net/ https://monitor.clickcease.com/https://region1.analytics.google.com/ https://a.clarity.ms/ https://k.clarity.ms/collect https://www.google-analytics.com https://stats.g.doubleclick.net https://epsilon.6sense.com https://googleads.g.doubleclick.net https://ipv6.6sc.co https://secure.adnxs.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://www.google.com/pagead/landing https://consentcdn.cookiebot.com https://www.facebook.com https://cdn.linkedin.oribi.io https://region1.google-analytics.com https://api.hubapi.com/hs-script-loader-public/v1/config/pixel/json https://fast.wistia.net https://forms.hubspot.com https://my.yoast.com https://pipedream.wistia.com https://translate.googleapis.com https://yoast.com; font-src 'self' data: https://cdnjs.cloudflare.com https://fast.wistia.net https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://fast.wistia.com/ https://syniti.wistia.com/ https://www.youtube.com/ https://operations7.syniti.com/ https://syniti.ideas.aha.io/ https://forms.hsforms.com https://www.facebook.com https://consentcdn.cookiebot.com https://static.hsappstatic.net https://www.gartner.com; img-src 'self' data: https://www.google.co.uk/ads/ https://www.google.com/ads/ https://www.googletagmanager.com/ https://bat.bing.com https://www.google.com/ads https://www.google.co.uk/ads https://forms-na1.hsforms.com https://c.clarity.ms https://b.6sc.co https://www.google.com/pagead/landing https://www.google-analytics.com https://www.linkedin.com https://www.facebook.com https://px.ads.linkedin.com https://track.hubspot.com https://ajax.googleapis.com https://embed-ssl.wistia.com https://forms.hsforms.com https://reviews.static.gartner.com https://secure.gravatar.com https://www.gstatic.com https://www.solwininfotech.com; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
default-src 'self' 'unsafe-inline' *.maytech.net fonts.gstatic.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' *.maytech.net fonts.gstatic.com fonts.googleapis.com; img-src 'self' *.maytech.net; report-uri /reporting.php; form-action 'self'; object-src 'self'; frame-ancestors 'self'; 1
default-src 'self' accounts.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src *;img-src * data:; script-src * www.google-analytics.com ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' tpc.googlesyndication.com;frame-ancestors 'self';frame-src 'self' https://staticcdn.co.nz *.youtube.com www.facebook.com connect.facebook.net gsa://onpageload trademe.wufoo.com matterport.com *.matterport.com viewer.metamaker.istaging.com vtc.virtualtourscreator.com.au app.cloudpano.com youriguide.com virtualtour.laserfocus.co.nz s3virtualtour.esoft.com www.boxbrownie.com kuula.co tours.virtualpro.nz open.littlehinges.com ipropertyexpress.com virtual-tour.ipropertyexpress.com app.envisionvr.net realsee.ai realsee.jp https://api.trademe.co.nz/ https://auth.trademe.co.nz https://api.trademe.co.nz/graphql/ https://*.app.trade.me https://vimeo.com https://*.vimeo.com https://cdn.diakrit.com https://livetour.istaging.com https://vtc.virtualtourscreator.com.au https://app.cloudpano.com https://static.instavid360.com/ https://storage.googleapis.com https://www.google.com https://www.google.co.nz *.googlesyndication.com console.googletagservices.com *.doubleclick.net https://www.adsensecustomsearchads.com https://syndicatedsearch.goog *.trademepayments.co.nz:* *.pingauth.trademe.co.nz:* mfa.trademe.co.nz mfa-test.trademe.co.nz;font-src 'self' data: www.trademe.co.nz fonts.googleapis.com fonts.gstatic.com https://*.appsflyer.com;img-src 'self' data: blob: www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com *.ggpht.com i.ytimg.com i.vimeocdn.com www.facebook.com https://staticcdn.co.nz *.segment.com https://api.trademe.co.nz/ *.tmcdn.co.nz https://api.trademe.co.nz/graphql/ https://trademe-prod-cdn.global.ssl.fastly.net https://*.trademe.co.nz https://images.tmsandbox.co.nz *.google.com *.google.co.nz *.google.com.au *.google.co.uk *.google.lk *.google.co.in *.google.com.sg *.google.com.sa *.google.cn *.google.com.ph *.google.com.hk *.google.co.kr *.google.de *.google.ca *.google.co.jp *.google.com.fj *.google.co.id *.google.ae *.google.com.my *.google.co.th *.google.fr *.google.nl *.google.com.tw *.google.com.br *.google.es *.google.ie *.google.cl *.google.se *.google.ar *.google.com.vn *.googlesyndication.com *.doubleclick.net *.googleusercontent.com https://www.adsensecustomsearchads.com https://syndicatedsearch.goog https://*.appsflyer.com https://impressions.onelink.me api.myautoshop.co.nz images.myautoshop.co.nz sslphotos.jato.com via.placeholder.com https://static.instavid360.com/;media-src https://static.instavid360.com/;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com;script-src 'self' 'sha256-W81Vs+ERO4eDwXHv9HY8inhTg3PgkhPkUTnd21cqEu8=' 'sha256-ngFYgAN/oU7iQUOSoK4wCm1rsjFLczlQ4y9Q0lbAfNE=' 'report-sample' https://staticcdn.co.nz connect.facebook.net www.google-analytics.com www.googletagmanager.com *.googletagservices.com www.gstatic.com dnn506yrbagrg.cloudfront.net *.googleapis.com www.youtube.com s.ytimg.com script.crazyegg.com *.segment.com *.appboycdn.com *.google.com *.google.co.nz *.google.com.au *.google.co.uk *.google.lk *.google.co.in *.google.com.sg *.google.com.sa *.google.cn *.google.com.ph *.google.com.hk *.google.co.kr *.google.de *.google.ca *.google.co.jp *.google.com.fj *.google.co.id *.google.ae *.google.com.my *.google.co.th *.google.fr *.google.nl *.google.com.tw *.google.com.br *.google.es *.google.ie *.google.cl *.google.se *.google.ar *.google.com.vn *.googleadservices.com *.doubleclick.net *.googlesyndication.com cdn.ampproject.org https://www.adsensecustomsearchads.com https://syndicatedsearch.goog *.appsflyer.com *.afterpay.com *.app.trade.me *.newrelic.com *.nr-data.net;form-action 'self' trademe.wufoo.com www.facebook.com connect.facebook.net d3f5l8ze0o4j2m.cloudfront.net https://api.trademe.co.nz/ https://api.trademe.co.nz/graphql/ https://*.app.trade.me;connect-src 'self' https://api.trademe.co.nz/ https://auth.trademe.co.nz https://api.trademe.co.nz/graphql/ *.tmcdn.co.nz https://*.app.trade.me *.segment.io *.segmentapis.com *.segment.com *.braze.com sentry.io www.facebook.com www.google-analytics.com *.gstatic.com *.googleapis.com www.googletagmanager.com *.google.com *.google.co.nz *.google.com.au *.google.co.uk *.google.lk *.google.co.in *.google.com.sg *.google.com.sa *.google.cn *.google.com.ph *.google.com.hk *.google.co.kr *.google.de *.google.ca *.google.co.jp *.google.com.fj *.google.co.id *.google.ae *.google.com.my *.google.co.th *.google.fr *.google.nl *.google.com.tw *.google.com.br *.google.es *.google.ie *.google.cl *.google.se *.google.ar *.google.com.vn google.com *.doubleclick.net *.googlesyndication.com https://www.adsensecustomsearchads.com https://syndicatedsearch.goog https://*.appsflyer.com https://*.afterpay.com api.amplitude.com https://*.app.trade.me https://*.nr-data.net https://api.topsort.com/v2/events;child-src 'self';worker-src 'self';object-src 'none';report-uri https://www.trademe.co.nz/a/csp-report-uri 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.balluun.com *.balluun365.com www.googletagmanager.com oqs.omeda.com *.embedsocial.com embedsocial.com img07.en25.com *.en35.com *.snapchat.com sc-static.net blue-sky.capital *.elfsight.com *.keen.io *.linkedin.oribi.io *.expocad.com expocad.com cdn.jwplayer.com *.jwplayer.com app.clipr.ai *.clipr.ai *.zdassets.com acbusinessmedia478.outgrow.us *.twitter.com *.intercom.com *.outgrow.us *.outgrow.co *.typeform.com *.googletagservices.com *.googlesyndication.com *.omeda.com *.clarity.ms ironpros.com *.ironpros.com *.parsely.com *.bing.com *.adroll.com *.adroll.mgr.consensu.org *.freshdesk.com *.hotjar.com *.cloudflare.com *.gstatic.com *.google.com *.googleservices.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.facebook.com wss://* *.alicdn.com *.tastehit.com *.selligent.com oqs.omeda.com *.intercom.io *.intercomcdn.com *.recurly.com *.paypal.com *.stripe.com *.authorize.net *.licdn.com *.facebook.net *.freshworks.com *.newrelic.com *.nr-data.net embed.podcasts.apple.com *.apple.com js-cdn.music.apple.com *.buzzsprout.com *.zendesk.com *.amazonaws.com *.doubleclick.net *.g.doubleclick.net *.fls.doubleclick.net *.vimeo.com vimeo.com player.vimeo.com *.youtube.com *.youtu.be; img-src * data:; frame-src *.balluun.com *.balluun365.com *.expofp.com www.googletagmanager.com *.embedsocial.com embedsocial.com img07.en25.com *.en25.com *.snapchat.com sc-static.net blue-sky.capital *.elfsight.com *.keen.io *.linkedin.oribi.io *.expocad.com expocad.com cdn.jwplayer.com *.jwplayer.com intercom-sheets.com *.outgrow.us app.clipr.ai *.clipr.ai *.zdassets.com *.freshdesk.com *.hotjar.com *.doubleclick.net *.g.doubleclick.net *.fls.doubleclick.net *.facebook.com *.youtube.com *.youku.com *.zoom.com *.vimeo.com vimeo.com youtu.be embed.podcasts.apple.com *.apple.com js-cdn.music.apple.com *.buzzsprout.com exhibitors.informamarkets-info.com *.facebook.com wx.vzan.com players.brightcove.net www.brightcove.com www.google.com player.vimeo.com drive.google.com *.elfsight.com *.instagram.com *.allure.com allure.com *.forconstructionpros.com *.credspark.com *.s3.amazonaws.com 1
connect-src 'self' data: https: http: wss: ws:; default-src https://td.doubleclick.net/ https://js.stripe.com/; font-src 'unsafe-inline' 'self' data: https: http: *; frame-src https://td.doubleclick.net/ https://js.stripe.com/ https://*.google.com https://*.youtube.com; img-src 'self' data: https: http: https://ajax.googleapis.com https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.cloudflare.com; manifest-src 'self'; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://ajax.googleapis.com https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://cdn.datatables.net https://cdn.jsdelivr.net/ https://browser.sentry-cdn.com; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 1
default-src 'self' https://www.youtube.com https://vercel.live https://*.doubleclick.net https://adservice.google.com.au https://adservice.google.com https://graphql.datocms.com/ https://*.google-analytics.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com/ cdn.vercel-insights.com https://wave.outbrain.com https://jsd-widget.atlassian.com https://vercel.live/_next-live/feedback/feedback.js https://connect.facebook.net https://*.googletagmanager.com https://*.google-analytics.com https://unpkg.com https://*.doubleclick.net amplify.outbrain.com tr.outbrain.com https://*.ingest.sentry.io https://ssl.google-analytics.com; img-src 'self' data: https://bat.bing.com/ https://www.datocms-assets.com https://assets.vercel.com https://*.google.com https://*.google.com.au https://adservice.google.com.au https://adservice.google.com https://*.doubleclick.net https://www.facebook.com https://connect.facebook.net https://*.google-analytics.com https://*.googletagmanager.com tr.outbrain.com; connect-src 'self' https://adservice.google.com.au https://adservice.google.com https://api.addressfinder.io https://vitals.vercel-insights.com https://vitals.vercel-insights.com/v1/vitals https://submit-form.com https://jsd-widget.atlassian.com https://api-private.atlassian.com https://site-api.datocms.com https://graphql.datocms.com https://www.datocms-assets.com https://pagead2.googlesyndication.com/ https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.sentry.io https://*.doubleclick.net https://graphql.datocms.com https://www.facebook.com https://www.google.com.au https://www.google.com http://tr.outbrain.com wave.outbrain.com https://amplify.outbrain.com https://www.googletagmanager.com; font-src 'self'; frame-ancestors 'none'; report-uri https://o261167.ingest.sentry.io/api/5878859/security/?sentry_key=283a9a8e709a42caa90553e13bddd86d; worker-src 'self' blob:; child-src 'self' blob:; frame-src 'self' www.youtube.com https://jsd-widget.atlassian.com https://www.facebook.com https://www.google.com.au https://www.google.com tr.outbrain.com https://*.doubleclick.net; 1
frame-ancestors 'self' https://*.memberadvantagemortgage.com https://www.cofcu.org https://cofcu-dev.zagclients.net https://honestly.co https://client.augustodigital.com; 1
default-src https: data: self: 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.googleapis.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.smartlook.cloud *.googleapis.com *.googletagmanager.com *.google-analytics.com *.smartlook.com rec.smartlook.com *.googleapis.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com; connect-src 'self' 'unsafe-inline' *.doubleclick.net *.smartlook.cloud *.smartlook.com *.youtube.com *.facebook.com connect.facebook.net; worker-src blob:; frame-src 'self' *.youtube.com *.facebook.com connect.facebook.net; child-src *.youtube.com *.facebook.com connect.facebook.net *.smartlook.cloud *.smartlook.com; 1
script-src https://test04.enquirya.com/ 'unsafe-inline'; font-src https://test04.enquirya.com/ https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' blob: data: https://test04.enquirya.com/ https://enquirya02-webapp-test.s3.eu-west-1.amazonaws.com; style-src 'unsafe-inline' https://test04.enquirya.com/ https://fonts.googleapis.com; 1
default-src 'self'; style-src https: 'unsafe-inline'; script-src 'self' 'unsafe-eval' https://abs.firstdedic.ru/ https://yastatic.net/ https://cdn.ckeditor.com/ https://vk.com/ https://www.youtube.com/ https://cse.google.com/ https://*.chathost.ru/ https://*.carrotquest.app/ https://www.googletagmanager.com/ https://www.google.com/ https://my.1dedic.ru/ https://www.google-analytics.com/ https://mc.yandex.ru/ https://www.gstatic.com/ 'unsafe-inline'; img-src * data:; connect-src 'self' https://api.carrottrack.app/ https://www.google-analytics.com/ https://*.carrottrack.io/ https://*.carrotquest.app/ wss://*.carrotquest.app/ https://stats.g.doubleclick.net/ https://mc.yandex.ru/ https://*.chathost.ru/; frame-src 'self' https://abs.firstdedic.ru/ https://morp.firstvds.ru/ https://www.youtube.com/ https://www.google.com/; font-src 'self' https://fonts.gstatic.com/ https://*.carrotquest.app/; media-src 'self' https://*.carrotquest.app/; object-src 'none'; frame-ancestors https://metrika.yandex.ru http://webvisor.com/; 1
upgrade-insecure-requests; report-uri https://rswebsols.report-uri.com/r/d/csp/reportOnly 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://wikis.world; img-src 'self' https: data: blob: https://wikis.world; style-src 'self' https://wikis.world 'nonce-ZntxeTiX6wAcPu29ke2vEA=='; media-src 'self' https: data: https://wikis.world; frame-src 'self' https:; manifest-src 'self' https://wikis.world; form-action 'self'; child-src 'self' blob: https://wikis.world; worker-src 'self' blob: https://wikis.world; connect-src 'self' data: blob: https://wikis.world https://cdn.masto.host wss://wikis.world; script-src 'self' https://wikis.world 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://appflow-dev.pepper.com.au https://appflow-sit.pepper.com.au https://appflow-uat.pepper.com.au 1
frame-ancestors 'self' https://www.figurechoice.com http://*.figurechoice.com; 1
frame-ancestors 'self' alis-enc.iii.com alis-encore.iii.com encore.alisweb.org; 1
style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https: http://61.57.41.102/;frame-src 'self' https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;script-src-elem 'self' 'unsafe-inline' https:;frame-ancestors 'none' 1
default-src 'self' *.mobi.com.br *.sigasuaencomenda.com.br; media-src 'self' *; connect-src 'self' * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mobi.com.br *.sigasuaencomenda.com.br blob: https://connect.facebook.net/ https://cdn.jsdelivr.net https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net https://www.googleadservices.com https://maxcdn.bootstrapcdn.com https://unpkg.com https://www.google.com https://cdnjs.cloudflare.com https://www.gstatic.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.google-analytics.com https://microsoft.github.io https://maps.googleapis.com code.jquery.com https://ssl.google-analytics.com; img-src 'self' blob: *.mobi.com.br *.sigasuaencomenda.com.br https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/pixel/register/trigger/ https://secure.gravatar.com/avatar/ *.wp.com/ https://avatar-management--avatars.us-west-2.prod.public.atl-paas.net https://streetviewpixels-pa.googleapis.com data: https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://mobi.com.br https://sigasuaencomenda.com.br https://127.0.0.1:18619 https://www.google.com.br https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com; style-src 'self' 'unsafe-inline' *.mobi.com.br *.sigasuaencomenda.com.br https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://fonts.googleapis.com; font-src 'self' https://maps.gstatic.com data: *.mobi.com.br *.sigasuaencomenda.com.br https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com/; frame-src 'self' https://www.googletagmanager.com/ https://td.doubleclick.net/ https://sigasuaencomenda.com.br/ https://sftp.mobilogistica.com.br:5000 https://sftp.mobilogistica.com.br https://app.powerbi.com blob: *.mobi.com.br *.sigasuaencomenda.com.br https://www.google.com https://maps.google.com https://bid.g.doubleclick.net/; object-src 'self' *.mobi.com.br *.sigasuaencomenda.com.br 1
default-src 'self'; script-src 'self' https://ii8yzf.raiffeisendigital.com https://d1mxyhmor38cww.cloudfront.net/latest/groupcms.js https://d1mxyhmor38cww.cloudfront.net/dev/groupcms.js https://cdn.adjust.com https://cdn.cookielaw.org  https://livechat.infobip.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://hcaptcha.com https://*.hcaptcha.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com https://*.googleusercontent.com blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com https://*.hcaptcha.com https://fonts.googleapis.com; connect-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-de.onetrust.com https://app.adjust.com https://*.googleapis.com https://*.google.com https://*.gstatic.com data: blob: https://px.ads.linkedin.com https://api-eu1.infobip.com https://ii8yzf.raiffeisendigital.com 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://livechat.infobip.com https://14355771.fls.doubleclick.net https://www.youtube.com https://td.doubleclick.net https://*.google.com 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' https://googleads.g.doubleclick.net https://www.google.com https://google.com https://www.googletagmanager.com https://cdn.cookielaw.org https://www.facebook.com https://px.ads.linkedin.com https://www.facebook.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleusercontent.com https://14355771.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com data:; worker-src 'self' blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' ; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://payments.worldpay.com; script-src-elem https://www.gstatic.com https://ajax.googleapis.com/ https://static.opentok.com https://vbrowse.vscreen.me https://payments.worldpay.com https://uk.vbrowse.org/ 'self' 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * data:; frame-src * 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com/pagead/ maps.googleapis.com ajax.googleapis.com https://www.googletagmanager.com/gtm.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js https://embed.tawk.to/ *.google-analytics.com connect.facebook.net https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js https://kendo.cdn.telerik.com/; connect-src *; img-src 'self' https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ web.facebook.com www.facebook.com maps.googleapis.com *.google-analytics.com https://maps.gstatic.com/mapfiles/ https://core.subwaycostarica.com/ecommerce/Images/Upload/ https://www.subwaycostarica.com/ResourcePackages/ https://azcore.subwaycostarica.com/ecommerce/Images/Upload/ https://www.googletagmanager.com/ data: blob:; font-src 'self' fonts.gstatic.com https://embed.tawk.to/; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://embed.tawk.to/ www.google.com; frame-src 'self' https://www.google.com/; base-uri 'self'; form-action 'self' https://credomatic.compassmerchantsolutions.com/ https://www.facebook.com/tr/; media-src 'self' data: blob:; child-src 'self'; https://www.google.com/ https://maps.google.com/ https://www.facebook.com/; object-src 'self'; 1
child-src 'self' www.googletagmanager.com https:; connect-src 'self' *.hsforms.com www.googletagmanager.com *.ctfassets.net www.google-analytics.com https: play.google.com www.youtube-nocookie.com *.vimeocdn.com whatmatters.us12.list-manage.com *.googleapis.com; default-src 'self' https:; font-src data: 'self' https: *.typekit.com fonts.gstatic.com *.vimeocdn.com; frame-src 'self' www.googletagmanager.com https:; img-src data: 'self' https: *.ctfassets.net i.ytimg.com yt3.ggpht.com www.youtube-nocookie.com t.co analytics.twitter.com c.clarity.ms px.ads.linkedin.com www.facebook.com tags.srv.stackadapt.com c.bing.com *.vimeocdn.com *.akamaized.net; media-src data: 'self' https: *.ctfassets.net *.vimeocdn.com *.akamaized.net; object-src 'none'; script-src data: 'unsafe-inline' 'unsafe-eval' 'self' https: www.googletagmanager.com www.google.com www.youtube.com www.youtube-nocookie.com consent.cookiebot.com consentcdn.cookiebot.com snap.licdn.com www.clarity.ms static.ads-twitter.com connect.facebook.net tags.srv.stackadapt.com px.ads.linkedin.com qvdt3feo.com vimeo.com *.vimeocdn.com player.vimeo.com; style-src data: 'unsafe-inline' 'self' https: *.typekit.com www.youtube-nocookie.com tags.srv.stackadapt.com *.vimeocdn.com; worker-src 'none'; form-action 'self' *.hsforms.com https: whatmatters.us12.list-manage.com; frame-ancestors 'self' app.contentful.com https:; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com https://www.googletagmanager.com embed.tawk.to https://cdn.jsdelivr.net/emojione/ https://www.google-analytics.com https://ssl.google-analytics.com;img-src data: 'self' 'unsafe-inline' maps.gstatic.com *.googleapis.com *.ggpht.com 3i.ua embed.tawk.to tawk.link cdn.jsdelivr.net/emojione www.googletagmanager.com https://www.google-analytics.com;font-src data: 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.tawk.to;style-src 'self' 'unsafe-inline' fonts.googleapis.com embed.tawk.to;connect-src 'self' maps.googleapis.com *.tawk.to wss://*.tawk.to https://www.google-analytics.com;frame-src 'self' va.tawk.to https://www.googletagmanager.com youtube.com www.youtube.com; 1
font-src * 'self' 'unsafe-eval' 'unsafe-inline' https://*.adobedtm.com/ https://*.aos.tv/ https://bmwag.d3.sc.omtrdc.net/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://dpm.demdex.net/ https://maxcdn.bootstrapcdn.com/ https://plugins.codeweavers.net/ https://storage.googleapis.com/ https://tracy.localformtracking.com/ https://unpkg.com/ https://*.citnow.com/ https://www.google.com/ https://www.gstatic.com/ https://www.googletagmanager.com/ https://www.w3schools.com/ data:; frame-src https://*.aos.tv/ https://plugins.codeweavers.net/ https://tracy.localformtracking.com/ https://*.citnow.com/ https://www.google.com/ https://www.youtube.com/ approvedusedminis.co.uk; script-src * 'self' 'unsafe-eval' 'unsafe-inline' https://*.adobedtm.com/ https://*.aos.tv/ https://bmwag.d3.sc.omtrdc.net/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://dpm.demdex.net/ https://maxcdn.bootstrapcdn.com/ https://plugins.codeweavers.net/ https://storage.googleapis.com/ https://tracy.localformtracking.com/ https://unpkg.com/ https://*.citnow.com/ https://www.google.com/ https://www.gstatic.com/ https://www.googletagmanager.com/ https://www.w3schools.com/; img-src * 'self' 'unsafe-eval' 'unsafe-inline' https://*.adobedtm.com/ https://*.aos.tv/ https://bmwag.d3.sc.omtrdc.net/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://dpm.demdex.net/ https://maxcdn.bootstrapcdn.com/ https://plugins.codeweavers.net/ https://storage.googleapis.com/ https://tracy.localformtracking.com/ https://unpkg.com/ https://*.citnow.com/ https://www.google.com/ https://www.gstatic.com/ https://www.googletagmanager.com/ https://www.w3schools.com/ blob: data:; default-src * 'self' 'unsafe-eval' 'unsafe-inline' https://*.adobedtm.com/ https://*.aos.tv/ https://bmwag.d3.sc.omtrdc.net/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://dpm.demdex.net/ https://maxcdn.bootstrapcdn.com/ https://plugins.codeweavers.net/ https://storage.googleapis.com/ https://tracy.localformtracking.com/ https://unpkg.com/ https://*.citnow.com/ https://www.google.com/ https://www.gstatic.com/ https://www.googletagmanager.com/ https://www.w3schools.com/ 1
block-all-mixed-content; frame-ancestors *.esportelegal.com.br 1
default-src 'self' http://igree.co https://igree.co http://www.igree.co https://www.igree.co *.igree.co *.googleapis.com *.gstatic.com *.doubleclick.net *.analytics.com *.google.com *.google.com.br *.googletagmanager.com *.youtube.com *.ytimg.com *.ggpht.com *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://igree.co https://igree.co http://www.igree.co https://www.igree.co *.igree.co *.googleapis.com *.gstatic.com *.doubleclick.net *.analytics.com *.google.com *.google.com.br *.googletagmanager.com *.youtube.com *.ytimg.com *.ggpht.com *.google-analytics.com; style-src 'self' 'unsafe-inline' http://igree.co https://igree.co http://www.igree.co https://www.igree.co *.igree.co *.googleapis.com *.gstatic.com *.doubleclick.net *.google-analytics.com *.google.com *.google.com.br *.googletagmanager.com *.youtube.com *.ytimg.com *.ggpht.com *.google-analytic.com; img-src 'self' http://igree.co https://igree.co http://www.igree.co https://www.igree.co  *.googleapis.com *.gstatic.com *.doubleclick.net *.analytics.com *.google.com *.google.com.br *.googletagmanager.com *.youtube.com *.ytimg.com *.ggpht.com *.google-analytics.com; 1
default-src 'self'; script-src 'self'; style-src 'self'; object-src 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://ajax.aspnetcdn.com/ajax/jquery.validate/1.9/jquery.validate.js s.go-mpulse.net https://tags.crwdcntrl.net/c/12323/cc_af.js www.google-analytics.com static.hotjar.com dev.visualwebsiteoptimizer.com https://sc-static.net/scevent.min.js https://connect.facebook.net/en_US/fbevents.js https://collector-1854.tvsquared.com/tv2track.js https://tags.bkrtx.com/js/bk-coretag.js https://s.yimg.com/wi/ytc.js a.tribalfusion.com *.mastercard.com; img-src data: 'self' uip.semasio.net *.visualwebsiteoptimizer.com sp.analytics.yahoo.com www.google-analytics.com www.google.com; connect-src https://s.yimg.com https://tr.snapchat.com https://c.go-mpulse.net https://stats.g.doubleclick.net *.akstat.io 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css https://cdn.rtlcss.com/bootstrap/v4.0.0/css/bootstrap.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css; font-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com; frame-src wvjbscheme: 'self' maps-aws.mcdelivery.co.id mcdelivery.co.id  *.doubleclick.net web.nicepay.co.kr data: blob:; 1
default-src 'self' ;															script-src 'self' 'unsafe-inline' 'unsafe-eval'			https://cdn.cookielaw.org			https://druidapi.druidplatform.com; 		script-src-elem 'self' 'unsafe-inline'			https://www.gstatic.com			https://cdn.cookielaw.org			https://www.googletagmanager.com			https://www.youtube.com			https://ssl.google-analytics.com/ga.js			https://www.google-analytics.com/analytics.js			https://www.google.com/recaptcha/api.js			https://tag.aticdn.net/piano-analytics.js			https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js			https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js			https://prod-druid-apc.azureedge.net; 		font-src 'self' data:  			https://use.fontawesome.com			https://fonts.gstatic.com; 		style-src 'self' 'unsafe-inline'; 						style-src-elem 'self' 'unsafe-inline'  			https://use.fontawesome.com			https://fonts.googleapis.com/css			https://prod-druid-apc.azureedge.net;		object-src 'self'  			https://activex.microsoft.com/activex/controls/mplayer			https://apple.com/qtactivex			https://download.macromedia.com/pub/shockwave/cabs			https://java.sun.com/products/plugin/autodl			https://video.google.com/googleplayer;		frame-src 'self'  			https://www.youtube-nocookie.com			https://www.google.com			https://www.youtube.com; 		connect-src 'self'  			https://www.google-analytics.com			https://*.analytics.google.com			https://*.pa-cd.com			https://stats.g.doubleclick.net			https://cdn.cookielaw.org			https://druidapi.druidplatform.com			https://directline.botframework.com;					img-src 'self' data: 			https://my.edenred.ro			https://i.ytimg.com			https://ssl.google-analytics.com			https://www.google-analytics.com			https://stats.g.doubleclick.net			https://www.edenred.ro			https://www.google.ro			https://www.google.com			https://cdn.cookielaw.org;	 1
object-src 'none'; script-src * 'report-sample' 'unsafe-inline'; style-src * 'report-sample' 'unsafe-inline'; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
default-src 'none'; script-src 'report-sample' 'self' http: https: wss: blob: https://zefzhat.appspot.com https://api.kirjastot.fi 'nonce-HwkhlN1gH7x23AIYjBR+ZiXSerhi/A2LyMv5iw3jhEw='; connect-src blob: data: 'self' https://analytics.finna.fi https://zefzhat.appspot.com https://stats.livezhat.com https://api.kirjastot.fi; style-src * 'unsafe-inline' https://commondatastorage.googleapis.com/livezhat/helmetkirjasto/; img-src * data: blob:; media-src * blob:; font-src * data:; base-uri 'self'; manifest-src 'self'; child-src blob:; frame-src https://*.kirjastot.fi https://experience.arcgis.com; 1
script-src 'self' 'unsafe-inline' https://kariera.pregis.cz https://cdn.jsdelivr.net https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://t.leady.com https://connect.facebook.net https://www.linkedin.com https://sjs.bizographics.com https://px.ads.linkedin.com https://www.clarity.ms; object-src 'none'; font-src * data:; frame-ancestors 'none'; 1
font-src * data: *.gdw.mx *.banorte.com *.criteo.com *.fontawesome.com *.tradedoubler.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.gdw.mx *.banorte.com *.criteo.com https://seo.mageplaza.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.tradedoubler.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.gdw.mx *.banorte.com *.criteo.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.tradedoubler.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://static.zdassets.com * *.gdw.mx *.banorte.com *.criteo.com *.paynet.com.mx *.openpay.mx *.openpay.co *.openpay.pe *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.tradedoubler.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.opencontrol.mx *.kaptcha.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * *.gdw.mx *.banorte.com *.criteo.com *.postimg.cc *.openpay.mx *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.tradedoubler.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.conekta.io conektaapi.s3.amazonaws.com https://static.zdassets.com * *.gdw.mx *.banorte.com *.criteo.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.tradedoubler.com *.dwin1.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com * *.gdw.mx *.banorte.com *.criteo.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.tradedoubler.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com * videos-inova-com.mx.s3.amazonaws.com *.gdw.mx *.banorte.com *.criteo.com *.tradedoubler.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.conekta.io https://static.zdassets.com * *.gdw.mx *.banorte.com *.criteo.com *.openpay.mx *.openpay.co *.openpay.pe *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.tradedoubler.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src * *.disqus.com *.disquscdn.com *.videos-inova-com.mx.s3.amazonaws.com *.gdw.mx *.banorte.com *.criteo.com *.tradedoubler.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; default-src 'self' 'unsafe-inline' https://*.clarity.ms https://app.obi4wan.ai https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://fonts.googleapis.com https://fonts.gstatic.com https://ilost.co https://img.youtube.com https://ka-p.fontawesome.com https://kit.fontawesome.com https://maps.googleapis.com https://maps.gstatic.com https://obipubvideo.s3.eu-central-1.amazonaws.com https://platform.twitter.com https://region1.analytics.google.com https://region1.google-analytics.com https://secure.gravatar.com https://stats.pusher.com https://translate-pa.googleapis.com https://translate.google.com https://translate.googleapis.com https://www.arcgis.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube-nocookie.com https://es.elk01.yard.nl https://openpdc.hollandskroon.nl https://openpub.hollandskroon.nl wss://ws-eu.pusher.com; font-src 'self' data: https://fonts.gstatic.com https://maps.gstatic.com https://ka-p.fontawesome.com https://kit.fontawesome.com https://www.gstatic.com https://www.youtube-nocookie.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://app.powerbi.com https://channel.royalcast.com https://contact.email-provider.nl https://hollandskroon.maps.arcgis.com https://ilost.co https://indiveo.services https://waarismijnstemlokaal.nl https://www.arcgis.com https://www.google.com https://sdk.companywebcast.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.bing.com https://*.clarity.ms https://cloudstatic.obi4wan.com https://fonts.gstatic.com https://ilost.co https://maps.googleapis.com https://maps.gstatic.com https://obipubvideo.s3.eu-central-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://secure.gravatar.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube-nocookie.com https://openpdc.hollandskroon.nl https://openpub.hollandskroon.nl; upgrade-insecure-requests; report-to https://o214495.ingest.us.sentry.io/api/5679793/security/?sentry_key=1d32b534fb1541e793b85dc9c64d85ce; report-uri https://o214495.ingest.us.sentry.io/api/5679793/security/?sentry_key=1d32b534fb1541e793b85dc9c64d85ce 1
frame-ancestors https://www.recticelinsulation.com https://www.bouwpunt.be https://www.botha.be https://www.bouwpuntdeckers.be https://www.ovb.be https://www.droogmansbouw.be https://www.stals.be http://www.vandenberghe.be https://www.ottevaere.be https://www.kwanten.com http://www.deketelaere-bouw.be https://www.vandergucht.be https://www.bouwpuntjorissen.be https://www.bouwpuntwetteren.be https://www.defrancq.be https://www.youbuild-mpro.be https://www.gedimat-bouwmaterialen.be; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-OWEzZTIzNDZmMjZhNDQ5NWFjNmQ3NDVmYThjOWE1OTI=' https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rijksoverheid.nl; font-src 'self' https://statistiek.rijksoverheid.nl; object-src 'none'; connect-src https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl; img-src 'self' data: https://d3oiud1b8fohdw.cloudfront.net https://statistiek.rijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.toegankelijkheidsverklaring.nl; media-src 'self' https://*.rovid.nl https://*.rijksoverheidsvideo.nl; form-action 'self' https://export.highcharts.com https://*.contenttoolsrijksoverheid.nl https://*.rijksoverheid.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
script-src 'none'; object-src 'none'; base-uri 'none'; frame-ancestors 'none';upgrade-insecure-requests;require-trusted-types-for 'script' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://embed-cdn.gettyimages.com https://maps.googleapis.com https://maps.gstatic.com https://www.gstatic.com https://www.google.com https://cdnjs.cloudflare.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://www.gstatic.com; img-src 'self' data: https:; media-src 'self'; frame-src 'self' https://www.google.com https://maps.google.com https://ipcamlive.com https://embed.gettyimages.com https://player.vimeo.com https://www.youtube-nocookie.com https://www.youtube.com; font-src 'self' data: https:; connect-src 'self' https://maps.googleapis.com; worker-src 'self' blob:; 1
frame-ancestors 'self' https://self http://self; 1
default-src 'none'; font-src https://put.as https://www.put.as; img-src https://put.as https://www.put.as; object-src 'none'; script-src https://put.as https://www.put.as; style-src https://put.as https://www.put.as 'unsafe-inline'; 1
block-all-mixed-content; frame-src 'self' https://www.paypalobjects.com https://storage.googleapis.com https://payl8r.com https://cdn.salesfire.co.uk; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'nonce-2uFN-l11vXruYI1ssxEnpcR4I0zuHZTevTVN7f9ZzsY-QNTodJOJcw' 'unsafe-inline' 'unsafe-eval' data: https://*.google-analytics.com https://*.googletagmanager.com https://ssl.google-analytics.com https://www.googleadservices.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://*.youtube.com https://*.ytimg.com cdnjs.cloudflare.com code.jquery.com libs.personalwerk.de binder.homepagerecruiter.de maps.googleapis.com https://*.cookiebot.com https://*.crazyegg.com www.facebook.com connect.facebook.net https://*.hubspot.com https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://*.usemessages.com https://js.hsleadflows.net https://static.hotjar.com https://script.hotjar.com https://*.baidu.com https://bcebos.com https://*.bcebos.com https://*.bdstatic.com https://lxp-api.binder-world.com https://lxp-matomo.binder-world.com https://*.cloudflareinsights.com https://js.hubspotfeedback.com 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.hsforms.com https://*.hubspot.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.youtube.com https://*.ytimg.com binder.homepagerecruiter.de *.googleusercontent.com maps.gstatic.com https://*.googleapis.com https://*.gstatic.com *.ggpht.com *.googletagmanager.com https://www.binder-world.com https://www.binder-world.cn https://stage.binder-world.cn https://stage.binder-world.com https://*.facebook.com *.crazyegg.com https://*.youku.com https://*.wistia.com https://*.baidu.com https://bcebos.com https://*.bcebos.com https://*.bdstatic.com https://lxp-api.binder-world.com https://lxp-matomo.binder-world.com https://*.googleadservices.com https://*.cookiebot.com https://www.google.com https://www.google.de; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com data: https://*.hubspot.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.youtube.com binder.homepagerecruiter.de *.google.com https://*.cookiebot.com www.facebook.com https://consentcdn.cookiebot.com https://*.youku.com https://*.wistia.com https://*.baidu.com https://bcebos.com https://*.bcebos.com https://*.bdstatic.com https://*.doubleclick.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.google-analytics.com https://*.googletagmanager.com https://ssl.google-analytics.com https://www.googleadservices.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://*.youtube.com https://*.ytimg.com cdnjs.cloudflare.com code.jquery.com libs.personalwerk.de binder.homepagerecruiter.de maps.googleapis.com https://*.cookiebot.com https://*.crazyegg.com www.facebook.com connect.facebook.net https://*.hubspot.com https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://*.usemessages.com https://js.hsleadflows.net https://static.hotjar.com https://script.hotjar.com https://*.baidu.com https://bcebos.com https://*.bcebos.com https://*.bdstatic.com https://lxp-api.binder-world.com https://lxp-matomo.binder-world.com https://*.cloudflareinsights.com https://js.hubspotfeedback.com 'report-sample'; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com https://binder.homepagerecruiter.de https://*.baidu.com https://bcebos.com https://*.bcebos.com https://*.bdstatic.com https://lxp-api.binder-world.com https://lxp-matomo.binder-world.com 'report-sample'; style-src-elem 'self' 'unsafe-inline' data: fonts.googleapis.com https://binder.homepagerecruiter.de https://*.baidu.com https://bcebos.com https://*.bcebos.com https://*.bdstatic.com https://lxp-api.binder-world.com https://lxp-matomo.binder-world.com binder.homepagerecruiter.de 'report-sample'; connect-src 'self' data: https://*.hubspot.com https://*.hubapi.com https://*.googleapis.com *.google.com https://google.com https://*.gstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://*.g.doubleclick.net https://*.cookiebot.com https://consentcdn.cookiebot.com https://*.crazyegg.com https://js.hs-banner.com https://*.hscollectedforms.net https://*.hotjar.io *.hotjar.com https://*.baidu.com https://bcebos.com https://*.bcebos.com https://*.bdstatic.com https://lxp-api.binder-world.com https://lxp-matomo.binder-world.com https://sgtm.binder-world.com https://*.googlesyndication.com wss: wsp12.hotjar.com blob:; font-src 'self' data: fonts.googleapis.com https://fonts.gstatic.com apis.google.com binder.homepagerecruiter.de; media-src 'self' data: https://*.baidu.com https://bcebos.com https://*.bcebos.com https://*.bdstatic.com https://lxp-api.binder-world.com https://lxp-matomo.binder-world.com; manifest-src blob:; child-src blob:; object-src 'none'; report-to https://sentry.711media.de/api/15/security/?sentry_key=dc79941bfda884d4ccbd02d347b626ce; report-uri https://www.binder-world.com/us-en/@http-reporting?csp=report&requestTime=1721955958174878 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://*.googlesyndication.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com https://s1.thcdn.com https://www.awin1.com https://d2d7do8qaecbru.cloudfront.net https://www.pinterest.com https://www.pinterest.co.uk https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://ipb.smct.co https://smct.co wss://*.liveperson.net https://*.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://*.klaviyo.com https://analytics.tiktok.com https://ct.pinterest.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://use.typekit.net https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; form-action 'self' https://www.facebook.com https://checkout.byterry.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googlesyndication.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://s.pinimg.com https://*.klaviyo.com https://analytics.tiktok.com https://*.ibytedtos.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://use.typekit.net https://p.typekit.net https://*.typekit.net https://cdn.parcellab.com https://stackpath.bootstrapcdn.com https://fonts.smct.co https://maxcdn.bootstrapcdn.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src https: http: data: wss: blob: 'unsafe-inline'; object-src 'none'; script-src 'self' https: http: 'unsafe-eval' 'unsafe-inline'; worker-src 'self' https: http: data: blob: 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://js.stripe.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://img06.en25.com https://www.youtube.com https://cdn.cookielaw.org https://code.jquery.com https://image2.comms.cigna.com https://app.tuotempo.com https://ajax.googleapis.com https://maps.googleapis.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://img06.en25.com https://ajax.googleapis.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' https://clientes.cigna.es https://directorio-medico.cigna.es https://r-directorio-medico.cigna.es https://projects-live.phemium.com https://cigna-projects.phemium.com; report-uri https://www.cignasalud.es/report-uri/enforce 1
default-src 'self' *.googletagmanager.com;script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' ct.pinterest.com bat.bing.com cdn.cookielaw.org snap.licdn.com *.googleadservices.com googleads.g.doubleclick.net *.stobag.com app.friendlyanalytics.ch plausible.io www.youtube.com *.google-analytics.com *.googletagmanager.com connect.facebook.net *.googleapis.com *.pinimg.com *.adform.net;style-src 'unsafe-inline' 'report-sample' 'self' *.stobag.com *.googleapis.com;object-src 'none';base-uri 'self' *.stobag.com;connect-src 'self' ct.pinterest.com px.ads.linkedin.com cdn.linkedin.oribi.io pagead2.googlesyndication.com cdn.cookielaw.org googleadservices.com google.ca *.google-analytics.com plausible.io app.friendlyanalytics.ch *.onetrust.com *.google.com *.g.doubleclick.net api-eu-central-1.graphcms.com/v2/ *.execute-api.eu-central-1.amazonaws.com maps.googleapis.com *.stobag.com;font-src 'self' insights.stobag.com data: fonts.gstatic.com;frame-src 'self' td.doubleclick.net track.adform.net www.youtube.com ct.pinterest.com *.office365.com;frame-ancestors 'self' www.stobag.com;img-src 'self' *.linkedin.com bat.bing.com www.google-analytics.com cdn.cookielaw.org *.stobag.com googleads.g.doubleclick.net *.google.com *.google.pl *.google.de *.google.ch *.google.at *.google.ca www.googletagmanager.com www.facebook.com img.youtube.com i.ytimg.com data: ct.pinterest.com google-analytics.com maps.gstatic.com media.graphassets.com media.graphcms.com maps.googleapis.com media.stobag.com;manifest-src 'self';media-src 'self' media.graphassets.com;report-uri https://6231c7455ed9d70485bf199c.endpoint.csper.io/?v=0;worker-src 'self' 1
base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com https://acsbapp.com https://netlify-cdp-loader.netlify.app; object-src 'none'; block-all-mixed-content 1
default-src 'none';img-src https://*.google.com https://*.google.co.uk https://*.google.ie https://*.google.nl https://*.boltdns.net https://*.brightcove.com https://*.google-analytics.com https://*.googletagmanager.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.linkedin.com https://t.co https://*.twitter.com https://*.facebook.com https://*.kampyle.com https://*.cookielaw.org https://*.112.2o7.net https://*.redditstatic.com https://*.reddit.com 'unsafe-inline' 'self' data:;script-src https://*.brightcove.net https://*.zencdn.net https://*.gstatic.com https://*.googletagmanager.com https://*.decibelinsight.net https://*.ads-twitter.com https://*.facebook.net https://*.licdn.com https://*.tiktok.com https://*.medallia.com https://*.google.com http://*.google-analytics.com https://*.kampyle.com https://*.cookielaw.org https://*.adobedtm.com https://*.redditstatic.com blob: 'unsafe-eval' 'unsafe-inline' 'self';style-src https://*.kampyle.com 'unsafe-inline' 'self';font-src data: 'self';media-src https://*.brightcovecdn.com https://*.boltdns.net https://*.akamaihd.net blob: 'self';frame-src https://*.medallia.com https://*.google.com https://*.doubleclick.net 'self';child-src blob: 'self';connect-src https://*.akamaihd.net https://*.boltdns.net https://*.brightcovecdn.com https://*.brightcove.com https://*.kampyle.com https://*.omtrdc.net https://*.tiktok.com https://*.decibelinsight.net wss://*.decibelinsight.net https://*.medallia.com https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.linkedin.oribi.io https://*.ads.linkedin.com https://*.facebook.com https://*.pangle-ads.com https://*.cookielaw.org https://*.onetrust.com https://*.112.2o7.net https://*.redditstatic.com https://*.reddit.com https://api.hntsam.com 'self';worker-src blob: 'self';object-src 'none' 1
frame-ancestors 'self'; connect-src 'self' www.google-analytics.com https://sessions.bugsnag.com wss://ws-mt1.pusher.com https://sockjs.pusher.com1 https://sidebar.bugherd.com *.google-analytics.com *.analytics.google.com *.amazonaws.com https://analytics.google.com https://stats.g.doubleclick.net https://analytics.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com; object-src 'none'; img-src 'self' blob: red2023dev.wpengine.com red.org p.typekit.net www.googletagmanager.com www.google-analytics.com secure.gravatar.com data: *.gravatar.com *.cloudfront.net https://sidebar.bugherd.com https://bugherd-attachments.s3.amazonaws.com *.google-analytics.com *.analytics.google.com is1-ssl.mzstatic.com https://www.google.com https://www.google.ca https://tr.snapchat.com view.ceros.com https://www.google.com.ar; script-src 'self' 'unsafe-inline' https://use.typekit.net https://www.bugherd.com devserver.red.localhost https://sidebar.bugherd.com *.google-analytics.com *.analytics.google.com *.amazonaws.com *.greenhouse.io red.us20.list-manage.com/ *.googletagmanager.com https://sc-static.net/scevent.min.js https://analytics.tiktok.com https://tr.snapchat.com https://www.youtube.com https://view.ceros.com/scroll-proxy.min.js https://www.tiktok.com https://lf16-tiktok-web.tiktokcdn-us.com https://www.instagram.com/embed.js https://googleads.g.doubleclick.net https://widget.thegivingblock.com/ https://js.dev.shift4.com; style-src 'unsafe-inline' 'self' *.typekit.net cdn-images.mailchimp.com https://lf16-tiktok-web.tiktokcdn-us.com; font-src 'self' data: *.typekit.net; frame-src 'self' *.youtube.com https://sidebar.bugherd.com *.greenhouse.io embed.podcasts.apple.com/ embed.music.apple.com/ https://tr.snapchat.com https://view.ceros.com https://www.tiktok.com https://www.instagram.com https://td.doubleclick.net https://widget.thegivingblock.com/; default-src 'self' 1
frame-ancestors https://*.ionos.com https://*.ionos.at https://*.ionos.co.uk https://*.ionos.de https://*.ionos.es https://*.ionos.fr https://*.ionos.it https://*.ionos.ca https://*.ionos.mx https://*.ionos.us https://*.website-editor.net https://*.mywebsite-editor.com www.hempine.co.uk 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com v4.ai.ingka.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com translate-pa.googleapis.com www.youtube-nocookie.com www.youtube.com www.paypal.com blob: data: wss://web-api.ikea.com https://storage.googleapis.com/learnwithikeavideos/ unicorn-rainbow-flower.edgecompute.app ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com maps.googleapis.com cookies-data.onetrust.io *.ikea.ru www.googleadservices.com *.yandex.ru mc.yandex.com mc.yandex.kz mc.yandex.by mc.yandex.md mc.yandex.ua yastatic.net code.jquery.com *.g.doubleclick.net *.cookielaw.org *.onetrust.com *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.optimizely.com sentry.io *.sentry.io *.avo.app; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
default-src 'self' 'unsafe-inline' https://googleads.g.doubleclick.net/ https://www.google.com/ https://www.youtube.com/;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googleadservices.com https://ajax.googleapis.com https://cdn.ampproject.org/ https://static.doubleclick.net/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://bat.bing.com/ https://www.googletagmanager.com/ https://maps.googleapis.com/ https://code.jquery.com/ https://www.google.com/ https://www.gstatic.com/ https://www.youtube.com/ https://laserappraiser.com/;connect-src 'self' https://sandbox.api.intuit.com https://pagead2.googlesyndication.com/ https://cdn.ampproject.org/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://www.google.com/ https://analytics.google.com/ https://www.googleadservices.com/ https://www.google-analytics.com https://maps.googleapis.com https://prd.laserappraiserservices.com/;frame-src 'self' data: https://td.doubleclick.net/ https://www.youtube.com https://www.google.com/ https://laserappraiser-com.recaptcha.ampproject.net/;font-src 'self' data: https://use.fontawesome.com/ https://fonts.gstatic.com/;img-src 'self' data: blob: https://www.laserappraiser.com https://googleads.g.doubleclick.net https://i.ytimg.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com https://www.google.com/ https://www.google.mk/ https://bat.bing.com https://maps.gstatic.com/ https://maps.googleapis.com/ https://laserappraiser.com/;style-src 'self' 'unsafe-inline' https://use.fontawesome.com/ https://fonts.googleapis.com/; 1
default-src 'self' www.southerncompany.com ua.southerncompany.com author.southerncompany.com author-stage.southerncompany.com; object-src 'none'; form-action 'self' www.southerncompany.com ua.southerncompany.com author.southerncompany.com author-stage.southerncompany.com; frame-ancestors 'self' www.southerncompany.com ua.southerncompany.com author.southerncompany.com author-stage.southerncompany.com 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com https://*.cslotv.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://app.vwo.com https://*.cslotv.com; frame-src 'self' bankid://* https://livechat24.tech https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://*.zignsec.com https://www.facebook.com https://*.trustly.com https://tpc.googlesyndication.com https://*.regily.com https://*.sumsub.com https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com https://*.cslotv.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://analytics.twitter.com https://platform.twitter.com https://quantcount.com https://rules.quantcount.com https://quantserve.com https://secure.quantserve.com https://edge.quantserve.com https://*.creative-serving.com https://*.snapchat.com https://snapchat.com https://sc-static.net https://*.cslotv.com 'nonce-lEq9ALuXeSMQ3uV8sET+i6VIIDWyuooLi1BtYWKtcxk=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://tagmanager.google.com https://*.cslotv.com; worker-src 'self' blob:; report-uri https://cslotv.com/sentry/api/45/csp-report/?sentry_key=e5368be6f1e24bce9ce26ca332a1f973 1
script-src *.pinterest.com ssl.gstatic.com *.hotjar.com *.google-analytics.com *.googletagmanager.com www.instagram.com js.stripe.com code.jquery.com *.qrplanet.com *.qrd.by *.qr1.at maps.googleapis.com maps.google.com maps.gstatic.com *.facebook.net *.twitter.com *.tawk.to cdnjs.cloudflare.com cdn.datatables.net ajax.cloudflare.com data: blob: 'unsafe-inline' 'unsafe-eval' 'self';                              connect-src *.google-analytics.com *.qrplanet.com *.qr1.at *.qrd.by jungidee.at *.googleapis.com *.facebook.com *.tawk.to wss://*.tawk.to 'self';                                     img-src *.pinterest.com i.pinimg.com *.google.at *.google.com *.google-analytics.com app.statuscake.com *.qrplanet.com *.qrd.by *.qr1.at s3.amazonaws.com maps.gstatic.com maps.googleapis.com maps.google.com secure.gravatar.com s.w.org tawk.link *.tawk.to cdn.jsdelivr.net media.licdn.com *.fbcdn.net *.fbsbx.com *.twitter.com *.facebook.com *.google.com blob: data: 'self';                                         style-src *.qrplanet.com *.qrd.by *.qr1.at *.tawk.to cdn.jsdelivr.net fonts.googleapis.com cdnjs.cloudflare.com cdn.datatables.net 'unsafe-inline' 'self';                                            font-src *.tawk.to fonts.gstatic.com fonts.googleapis.com data: * 'self';                                   default-src * data: blob:; 1
frame-ancestors *; report-uri /report-csp-violation 1
frame-ancestors 'self' *.qidian.com *.hongxiu.com *.yuewen.com *.qq.com *.qdmm.com *.readnovel.com *.xs8.cn *.xxsy.net *.tingbook.com *.lrts.me *.ywurl.cn *.qdwenxue.com *.if.qidian.com www.gameloop.com *.xs.cn *.rongshuxia.com 1
object-src 'none'; script-src 'self' https://consent.cookiebot.com https://www.google.com https://www.gstatic.com https://consentcdn.cookiebot.com https://ssl.google-analytics.com https://player.vimeo.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://consent.cookiebot.com https://www.google.com https://www.gstatic.com https://consentcdn.cookiebot.com https://ssl.google-analytics.com https://player.vimeo.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://fast.fonts.net https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.londis.co.uk/report-uri/enforce 1
frame-ancestors 'self' https://rbi.experiencecloud.adobe.com https://fullstory.com https://edge.fullstory.com rs.fullstory.com https://test.salesforce.com https://login.salesforce.com https://unity--trinitydev.my.salesforce.com https://unity--trinitydev.sandbox.my.salesforce.com *.lookbookhq.com *.pathfactory.com *.adobedtm.com https://rbi.demdex.net *.brightmine.com 1
default-src 'self' https://*.deathbycaptcha.com https://*.deathbycaptcha.me https://*.deathbycaptcha.com.br https://widget.driftqa.com/ https://*.driftt.com;       img-src 'self' https://googleads.g.doubleclick.net https://www.google.com https://*.deathbycaptcha.com https://*.deathbycaptcha.me https://*.deathbycaptcha.com.br https://cdn.datatables.net https://localtimes.info https://ajax.googleapis.com https://www.googletagmanager.com https://deathbycaptcha.groovehq.com https://www.gstatic.com https://ssl.gstatic.com https://fonts.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://bat.bing.com https://www.redditstatic.com https://alb.reddit.com https://*.googleusercontent.com data:;       script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://kit.fontawesome.com https://js.driftt.com https://bat.bing.com https://widget.drift.com https://widget.driftqa.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.deathbycaptcha.com https://*.deathbycaptcha.me https://*.deathbycaptcha.com.br https://localtimes.info https://cdn.datatables.net https://code.jquery.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.google.com https://tagmanager.google.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://deathbycaptcha.groovehq.com https://js.driftt.com https://www.redditstatic.com data:;       style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://*.deathbycaptcha.com https://*.deathbycaptcha.me https://*.deathbycaptcha.com.br https://cdn.datatables.net https://ajax.googleapis.com https://stackpath.bootstrapcdn.com https://www.google.com https://www.googletagmanager.com https://deathbycaptcha.groovehq.com https://code.jquery.com;       frame-src https://www.google.com https://js.driftt.com https://widget.drift.com https://bid.g.doubleclick.net https://deathbycaptcha.groovehq.com/ https://widget.driftqa.com https://*.driftt.com https://announcement-tracer.widget.drift.com;       frame-ancestors 'none';       font-src https://static.deathbycaptcha.com https://ka-f.fontawesome.com https://fonts.gstatic.com https://cdn.jsdelivr.net data:;       connect-src https://ka-f.fontawesome.com https://www.google-analytics.com https://*.deathbycaptcha.com       https://deathbycaptcha.com https://*.deathbycaptcha.me https://*.deathbycaptcha.com.br https://bat.bing.com;       object-src 'none';       media-src 'self' https://*.deathbycaptcha.com data:; 1
default-src 'self'; connect-src 'self' https://*.ada.support https://*.analytics.google.com https://*.clarity.ms https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.io https://*.linkedin.co https://*.linkedin.com https://*.mypurecloud.com wss://*.mypurecloud.com https://ads-api.twitter.com https://cdn.linkedin.oribi.io https://connect.facebook.net https://gtm-mr26nnc-ztexm.uc.r.appspot.com https://maps.googleapis.com https://static.ads-twitter.com https://webto.salesforce.com https://www.facebook.com https://*.curator.io/ https://*.eskimi.com; script-src 'unsafe-eval' https://*.googletagmanager.com https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com 'nonce-4c27bc97-0f74-4e86-8201505270deb876'; script-src-elem 'self' https://*.ada.support https://*.ads-twitter.com https://*.clarity.ms https://*.google-analytics.com https://*.licdn.com https://*.tarteaucitron.io https://connect.facebook.net https://maps.googleapis.com https://static.ads-twitter.com https://tarteaucitron.io https://www.googleadservices.com 'strict-dynamic' 'nonce-4c27bc97-0f74-4e86-8201505270deb876'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mypurecloud.com https://*.tarteaucitron.io https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://cdn.curator.io; object-src 'none'; img-src 'self' data: https://*.bing.com https://*.clarity.ms https://*.facebook.com https://*.linkedin.com https://*.mypurecloud.com https://analytics.twitter.com https://t.co https://tarteaucitron.io https://curator-assets.b-cdn.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://*.g.doubleclick.net https://*.googleapis.com https://maps.gstatic.com https://www.gstatic.com https://ssl.gstatic.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat; font-src 'self' https://fonts.gstatic.com data:;; base-uri 'none'; media-src 'self'; frame-src 'self' https://*.ada.support https://*.digicelgroup.com https://*.doubleclick.net https://*.mypurecloud.com https://bid.g.doubleclick.net https://digicel.bigidprivacy.cloud https://service.digiceltt.com https://www.facebook.com; form-action https://www.facebook.com; frame-ancestors 'none' 1
base-uri 'self';child-src 'self' *.pipedream.com www.youtube.com player.vimeo.com fast.wistia.net blob:;connect-src 'self' *.pipedream.com *.m.pipedream.net wss://*.pipedream.com *.fullstory.com api.cloudinary.com o210198.ingest.sentry.io https://browser-intake-datadoghq.com www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://api.s.pipedream.net https://backend.getbeamer.com https://cdn.s.pipedream.net https://tally.so https://*.algolia.net *.google.com https://stats.g.doubleclick.net pagead2.googlesyndication.com *.intercom.io wss://*.intercom.io https://api.getrewardful.com https://pipedream-production-workflow-attachments.s3.amazonaws.com https://pipedream-files-production.s3.amazonaws.com https://pipedream-files-makedev.s3.amazonaws.com;default-src 'none';font-src 'self' *.pipedream.com data: fonts.gstatic.com https://fonts.intercomcdn.com;frame-src 'self' *.pipedream.com https://www.youtube.com/ www.googletagmanager.com https://app.getbeamer.com https://js.stripe.com https://tally.so accounts.google.com *.doubleclick.net;img-src * data: blob:;media-src 'self' *.pipedream.com res.cloudinary.com https://js.intercomcdn.com;object-src 'self' data:;script-src 'self' *.pipedream.com 'nonce-3003599754695898' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' tagmanager.google.com googletagmanager.com www.googletagmanager.com stats.g.doubleclick.net google-analytics.com https://ssl.google-analytics.com www.google-analytics.com https://app.getbeamer.com https://cdn.s.pipedream.net https://js.stripe.com https://tally.so accounts.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com;style-src 'self' *.pipedream.com 'unsafe-inline' tagmanager.google.com fonts.googleapis.com https://app.getbeamer.com accounts.google.com;worker-src 'self' *.pipedream.com data: blob:;form-action 'none';frame-ancestors 'none';report-uri https://o210198.ingest.sentry.io/api/5660875/security/?sentry_key=97aa41261e6e462d93e454687a0d01f2&sentry_environment=production 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__de.js https://*.stripe.com/v3/ https://*.fundraisingbox.com https://*.spendino.de https://*.etracker.com https://*.etracker.de https://widgets.regiondo.net https://js.stripe.com/v3 https://www.google.com/recaptcha/; style-src 'self' 'unsafe-inline' https://*.fundraisingbox.com https://*.spendino.de https://shared-frontend-resources.prod.regiondo.net; img-src 'self' https: data:; font-src 'self' https:; worker-src 'self'; connect-src 'self' https://*.spendino.de https://*.etracker.com https://*.etracker.de https://partner-widgets-editor-backend.prod.regiondo.net https://shopping-experience-api.prod.regiondo.net https://kloster-eberbach.regiondo.de; frame-src 'self' https://www.google.com/ https://*.stripe.com/v3/ https://*.fundraisingbox.com https://*.spendino.de https://*.sibforms.com; object-src 'self' 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.drift.casino *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com s4vds4.ujad65dsai.com asdaerq.dapmaptuns.com *.checkout.com *.browser-intake-datadoghq.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://app.vwo.com https://*.drift.casino; frame-src 'self' bankid://* https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://*.zignsec.com https://*.trustly.com https://*.regily.com https://*.sumsub.com https://*.visualwebsiteoptimizer.com https://*.unetsafe.com https://*.atlantgaming.com https://*.drift.casino https://* paymentpage.ecommpay.com asdaerq.dapmaptuns.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://*.drift.casino *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com asdaerq.dapmaptuns.com *.checkout.com 'nonce-8/nKU6tcLPPAXO5dHzUe1RNrFqnLufd4fo7PvBZ3uT4=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://*.drift.casino *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com fasd63.illongrlong.com s4vds4.ujad65dsai.com asdaerq.dapmaptuns.com; worker-src 'self' blob:; report-uri https://drift.casino/sentry/api/47/csp-report/?sentry_key=a7dcff6da4704fcf9dbecd647d997b1b 1
base-uri 'self';child-src 'self' https://login.yahoo.net https://s.yimg.com https://s1.yimg.com;connect-src 'self' https://geo.yahoo.com https://pr.comet.yahoo.com https://server-dev.comet.yahoo.com https://server.comet.yahoo.com https://ws.progrss.yahoo.com https://udc.yahoo.com https://jsapi.login.yahoo.com https://www.yahoo.com https://guce.yahoo.com/ https://ups.analytics.yahoo.com https://api.taboola.com/1.2/json/taboola-usersync/user.sync;default-src 'self' https://s.yimg.com https://s1.yimg.com https://login.yahoo.net;font-src https://s.yimg.com https://s1.yimg.com;frame-src 'self' https://login.yahoo.net https://s.yimg.com https://s1.yimg.com https://gpt.mail.yahoo.net/sandbox https://guce.oath.com/ https://opus.analytics.yahoo.com https://tsdtocl.com/ https://pfs.yahoo.com;img-src 'self' data: https://yahoo.com https://ct.yimg.com https://s.yimg.com https://s1.yimg.com https://tw.yimg.com https://geo.yahoo.com https://socialprofiles.zenfs.com https://*.wc.yahoodns.net https://beap-bc.yahoo.com https://ws.progrss.yahoo.com https://log.fc.yahoo.com https://backyard.yahoo.com https://*.ah.yahoo.com https://pr-bh.ybp.yahoo.com https://fbcdn.net https://scontent.xx.fbcdn.net https://z-m-scontent.xx.fbcdn.net https://graph.facebook.com https://data.mail.yahoo.com https://platform-lookaside.fbsbx.com https://www.yahoo.com;media-src https://*.ah.yahoo.com https://s.yimg.com;object-src 'none';report-uri https://csp.yahoo.com/beacon/csp?src=mbr_account;script-src 'unsafe-inline' 'self' https://s.yimg.com https://s1.yimg.com https://query.yahoo.com https://*.query.yahoo.com https://y.analytics.yahoo.com https://jsapi.login.yahoo.com https://fc.yahoo.com https://e2e.fc.yahoo.com https://pr.comet.yahoo.com https://server-dev.comet.yahoo.com https://server.comet.yahoo.com https://opus.analytics.yahoo.com/tag/opus.js https://consent.cmp.oath.com/cmp.js https://search.yahoo.com https://*.search.yahoo.com 'nonce-h6z2UUvfdlpJpLJqljq2sWrB7QdTN2m3LHFh0z8fqFSWpOXC' ;style-src * 'unsafe-inline' 1
default-src 'self' codesandbox.io *.ingest.sentry.io www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com *.tibiablackjack.com *.tibiablackjack1.com *.tibiapoker.com *.veno.bet wss://*.tibiablackjack.com wss://*.tibiablackjack1.com wss://*.tibiapoker.com wss://*.veno.bet;img-src 'self' data: tibiablackjack.com res.cloudinary.com;script-src 'self' www.google.com www.gstatic.com www.googletagmanager.com *.cloudflareinsights.com codesandbox.io 'unsafe-inline';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
base-uri 'none'; font-src 'self' blob: data: https://assets.vercel.com https://vercel.live/ *.abtasty.com *.gstatic.com *.googleapis.com; form-action 'self'; frame-ancestors 'self' localhost:* https://mkt-website-studio.tgtg.ninja/; img-src 'self' data: blob: https://vercel.com https://vercel.live/ https://sockjs-mt1.pusher.com/ https://cdn.sanity.io https://images.tgtg.ninja https://i.vimeocdn.com https://apptoogoodtogo.com https://dashboard.feedbucket.app https://www.googletagmanager.com https://*.ytimg.com https://*.googletagmanager.com https://*.abtasty.com https://*.hotjar.com https://*.bing.com https://bat.bing.com https://*.doubleclick.net https://*.linkedin.com https://*.facebook.com https://*.google.com https://*.amazonaws.com https://*.google.es; object-src 'none'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; script-src 'strict-dynamic' 'nonce-pA2y3ytddN7bjQAuQDkcDA==' 'self' https: 'unsafe-inline'; upgrade-insecure-requests; frame-src 'self' https://vercel.com https://vercel.live/ https://player.vimeo.com www.youtube.com policy.app.cookieinformation.com *.hotjar.com https://*.doubleclick.net; 1
default-src 'self';     frame-ancestors 'self';     form-action 'self';     script-src 'self' 'unsafe-inline' 'unsafe-eval';     style-src 'self' 'unsafe-inline'      https://p.typekit.net/;     object-src 'none';     frame-src 'self'      https://www.google.com/;     media-src 'self'      https://cdn.shopify.com/;     img-src 'self'      https://www.googletagmanager.com/      https://koni.group.thebrinkagency.com/      https://www.facebook.com/      data:;     script-src-elem 'self' 'unsafe-inline'      https://www.googletagmanager.com/      https://www.google.com/      https://www.gstatic.com/      https://connect.facebook.net/      https://cdnjs.cloudflare.com/;     connect-src 'self'      https://region1.google-analytics.com/      https://www.facebook.com/;     font-src 'self'      https://use.typekit.net/;     1
frame-ancestors https://*.shortlyst.com https://*.shopalyst.com https://shop-id-walls.com https://shop-id-walls.com/; 1
manifest-src 'self' https://set-icap.com https://dolar.set-icap.com; default-src 'self' data: set-icap.com; script-src 'self' 'unsafe-eval'; connect-src 'self' https://proxy.set-icap.com https://back.set-icap.com https://hooks.zapier.com https://secure.epayco.co https://apify-private.epayco.co https://checkout.epayco.co https://www.google-analytics.com https://www.gstatic.com https://td.doubleclick.net https://lw.cliengo.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google.com.co https://www.googletagmanager.com https://s.cliengo.com https://maxcdn.bootstrapcdn.com https://www.google.com https://maps.google.com https://maps.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://secure.epayco.co https://maps.google.com https://platform.twitter.com https://s3.tradingview.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://checkout.epayco.co https://www.googletagmanager.com https://www.google-analytics.com https://s.cliengo.com https://lw.cliengo.com https://www.google.com https://cdnjs.cloudflare.com https://maps.google.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' httpd://dolar.set-icap.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://maps.google.com https://maps.googleapis.com; img-src 'self' https://secure.gravatar.com https://syndication.twitter.com https://www.google-analytics.com https://www.google.com https://www.google.com.co https://set-icap.com https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com data:; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://lw.cliengo.com https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com; frame-src 'self' https://maps.gstatic.com https://maps.google.com https://www.youtube.com https://syndication.twitter.com https://s.tradingview.com https://platform.twitter.com https://secure.epayco.co https://api.stockdio.com https://td.doubleclick.net https://lw.cliengo.com https://www.google.com; frame-ancestors 'self' http://190.144.195.70 http://webmail.set-icap.com https://webmail.set-icap.com; object-src 'none' 1
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: img-src: 1
connect-src 'self' https://*.googleapis.com https://*.google-analytics.com https://*.onetrust.com https://*.contentsquare.net https://cdn.cookielaw.org https://*.edenred.fr https://*.g.doubleclick.net https://*.analytics.google.com https://*.googletagmanager.com https://*.google.fr https://*.google.com https://*.googlesyndication.com https://*.criteo.com https://kcgfnxb.pa-cd.com https://cdn.linkedin.oribi.io https://*.ignitionone.com https://*.lightboxcdn.com https://*.zetaglobal.net https://*.boomtrain.com https://*.linkedin.com https://*.abtasty.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://maps.googleapis.com https://*.googletagmanager.com https://cdn.cookielaw.org https://www.youtube.com https://*.google-analytics.com https://*.doubleclick.net https://*.onetrust.com https://t.contentsquare.net https://contentsquare.com https://*.criteo.com https://*.googleoptimize.com https://static.ads-twitter.com https://*.effiliation.com https://*.edenred.fr https://*.rezync.com https://tag.aticdn.net https://emea-edenred.netmng.com https://*.ignitionone.com https://*.lightboxcdn.com https://snap.licdn.com https://connect.facebook.net https://*.boomtrain.com https://lightboxapi.azurewebsites.net https://*.zetaglobal.net https://*.linkedin.com https://*.abtasty.com; frame-src https://www.youtube.com https://gum.criteo.com https://*.criteo.com; frame-ancestors https://*.ticketrestaurant.fr; img-src 'self' data: https://*.edenred.fr https://maps.gstatic.com https://maps.googleapis.com https://cdn.cookielaw.org https://*.google-analytics.com https://*.google.fr https://*.google.com https://*.g.doubleclick.net https://*.analytics.google.com https://*.googletagmanager.com https://*.linkedin.com https://analytics.twitter.com https://t.co https://*.taboola.com https://*.criteo.com https://*.ignitionone.com https://secure.adnxs.com https://x.bidswitch.net https://ib.adnxs.com https://contextual.media.net https://pixel.rubiconproject.com https://match.sharethrough.com https://rtb-csync.smartadserver.com https://criteo-sync.teads.tv https://eb2.3lift.com https://ups.analytics.yahoo.com https://cm.adform.net https://visitor.omnitagjs.com https://r.casalemedia.com https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://exchange.mediavine.com https://jadserve.postrelease.com https://sync.outbrain.com https://simage2.pubmatic.com https://criteo-partners.tremorhub.com https://ad.yieldlab.net https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://dpm.demdex.net https://beacon.krxd.net https://s.thebrighttag.com https://*.facebook.com https://*.lightboxcdn.com https://*.zetaglobal.net https://*.rezync.com https://*.cloudfront.net https://*.netmng.com https://*.abtasty.com 1
default-src 'self' https://track.uslugi.io; script-src 'self' 'nonce-B7bWSRcjiPinfx3g4rP088sWKf6KI22Q' https://www.youtube.com https://track.uslugi.io; style-src 'self' 'nonce-B7bWSRcjiPinfx3g4rP088sWKf6KI22Q'; img-src 'self' data: blob: https://img.youtube.com https://*.openstreetmap.org https://*.cartocdn.com https://track.uslugi.io; font-src 'self' data:; frame-src 'self' https://www.youtube.com https://status.uptrends.com; style-src-elem 'self' 'nonce-B7bWSRcjiPinfx3g4rP088sWKf6KI22Q'; style-src-attr 'unsafe-inline'; 1
frame-src 'self' https://promericagt.custhelp.com https://promericaopa.custhelp.com https://wstasacambio.bancopromerica.com.gt https://stags.bluekai.com https://tags.bkrtx.com https://vars.hotjar.com/ https://promericagt--tst1.custhelp.com https://enlz-prod1-apps6.builder.ocp.oraclecloud.com https://ventus.enalog.se https://channels.onemarketer.cl https://www.gstatic.com/ https://www.google.com/recaptcha/ https://optimize.google.com https://www.youtube.com 1
worker-src 'self' blob:; font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.gstatic.com *.typekit.net *.twimg.com *.googleapis.com *.livechatinc.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.twitter.com *.facebook.com *.livechatinc.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.paypal.com https://experiences.wyng.com *.facebook.com *.braintreegateway.com *.doubleclick.net *.adsrvr.org *.serenapro.com *.serenapro.ca *.serenashades.com *.serenashades.ca *.livechatinc.com https://clickmeter.com https://conversions.clickmeter.com *.google.com *.google.co.in *.hotjar.com *.hotjar.io wss://*.hotjar.com https://magento2.avada.io https://tst.kaptcha.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.bird.eu *.facebook.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com photos-us.bazaarvoice.com img.youtube.com c1.ugc.bazaarvoice.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twimg.com *.ytimg.com *.youtube-nocookie.com https://optanon.blob.core.windows.net *.google.com *.google.co.in https://filestorage.lutron.com *.xtento.com http://black.bird.eu *.doubleclick.net *.livechatinc.com https://amasty.com *.serenapro.com *.serenapro.ca *.serenashades.com *.serenashades.ca *.qaserenaspro.lutron.com *.qaserenaspro.lutron.ca *.qaserenashades.lutron.com *.qaserenashades.lutron.ca *.uatserenaspro.lutron.com *.uatserenaspro.lutron.ca *.uatserenashades.lutron.com *.uatserenashades.lutron.ca *.magentocommerce.com *.googletagmanager.com https://cdn.cookielaw.org *.analytics.yahoo.com https://cdn.livechat-files.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com *.googletagmanager.com *.facebook.net *.avada.io apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.fontawesome.com *.doubleclick.net https://optanon.blob.core.windows.net *.googleadservices.com *.adsrvr.org *.livechatinc.com *.yimg.com *.analytics.yahoo.com *.amazonaws.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google.co.in https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.cookielaw.org *.youtube-nocookie.com https://www.xtento.com https://home-c29.incontact.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com display.ugc.bazaarvoice.com *.googleapis.com *.twimg.com *.gstatic.com *.typekit.net https://optanon.blob.core.windows.net https://www.googletagmanager.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' blob: *.livechatinc.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io *.google-analytics.com https://get.geojs.io *.avada.io api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.paypal.com *.twimg.com https://optanon.blob.core.windows.net *.braintree-api.com *.braintreegateway.com *.livechatinc.com *.yimg.com *.doubleclick.net *.facebook.com *.hotjar.com *.hotjar.io wss://*.hotjar.com https://bam.nr-data.net https://cdn.cookielaw.org https://cookies-data.onetrust.io https://geolocation.onetrust.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.nike.com *.nikecloud.com *.nikedev.com 1
default-src 'self'; script-src 'self' 'nonce-HEgSJ_IgdMtBscZpmbmhRgd2DJG7W8zLOO2ANC5A2t_WYatGwGoY_g' https://cdn-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://player.vimeo.com/api/player.js https://include.timeblockr.com https://shared.api.timeblockr.com https://shared.signalr.timeblockr.com wss://shared.signalr.timeblockr.com 'unsafe-eval' https://nieuwegein.piwik.pro https://nieuwegein.containers.piwik.pro 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://cdn-eu.readspeaker.com https://www.toegankelijkheidsverklaring.nl https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com https://include.timeblockr.com https://nieuwegein.piwik.pro; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://vttts-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://geoserver.nieuwegein.nl https://nieuwegein.containers.piwik.pro; style-src-elem 'self' https://cdn-eu.readspeaker.com https://youtube.com https://www.youtube.com https://include.timeblockr.com 'nonce-HEgSJ_IgdMtBscZpmbmhRgd2DJG7W8zLOO2ANC5A2t_WYatGwGoY_g' 'report-sample'; connect-src 'self' https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://media-eu.readspeaker.com https://vttts-eu.readspeaker.com https://wrapi-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://include.timeblockr.com https://*.api.timeblockr.com https://shared.signalr.timeblockr.com wss://shared.signalr.timeblockr.com https://nieuwegein.piwik.pro; form-action https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://surveys.enalyzer.com https://id.opengemeenten.nl https://users.opengemeenten.nl https://login.microsoftonline.com 'self'; media-src 'self' https://cdn-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://vimeo.com; style-src 'self' https://cdn-eu.readspeaker.com https://youtube.com https://www.youtube.com https://include.timeblockr.com 'report-sample'; object-src 'self' https://youtube.com https://www.youtube.com; font-src 'self' https://include.timeblockr.com data:; report-to csp; child-src 'self' blob:; frame-ancestors 'self'; report-uri https://monitoring.opengemeenten.nl/api/5/security/?sentry_key=8ecd0d6b2ab6432782fe7a6a5c01c534 1
base-uri 'self'; default-src 'self' https://*.globalpsa.com https://www.globalpsa.com https://*.vimeo.com vimeo.com cdn.plot.ly https://*.linkedin.com https://fonts.googleapis.com https://*.gooogle.com https://wp-themes.com https://*.snap.licdn.com https://*.facebook.com https://connect.facebook.net https://*.googleadservices.com https://js.hs-analytics.net  *.bootstrapcdn.com https://*.jsdelivr.net https://*.cloudflare.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.gravatar.com https://*.w.org data:; style-src 'self' 'unsafe-inline' https://www.globalpsa.com https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://*.google-analytics.com https://*.googleapis.com https://fonts.googleapis.com https://*.googletagmanager.com https://*.google.com https://snap.licdn.com https://www.google.com 'nonce-ed6c300fc8'; script-src 'self' 'strict-dynamic' 'nonce-ed6c300fc8'; img-src * blob: data:; frame-src  'self' *.vimeo.com https://vimeo.com *.google.com https://www.youtube-nocookie.com *.youtube.com *.facebook.com s-static.ak.facebook.com; object-src 'none'; frame-ancestors 'none' ; child-src 'self' https://www.youtube-nocookie.com https://wp-themes.com *.youtube.com *.facebook.com s-static.ak.facebook.com;form-action 'self'; 1
default-src 'self' https://*.dccv.de https://hcaptcha.com https://*.hcaptcha.com; font-src 'self'; img-src 'self' data: https://*.dccv.de https://panzi.github.io; media-src 'self' data: https://*.dccv.de; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://panzi.github.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://hcaptcha.com https://*.hcaptcha.com https://statistik.dccv.de https://panzi.github.io; object-src 'none'; connect-src https://hcaptcha.com https://*.hcaptcha.com https://statistik.dccv.de; frame-src https: https://hcaptcha.com https://*.hcaptcha.com https://statistik.dccv.de; frame-ancestors: 'none'; form-action 'self'; base-uri 'self' 1
default-src 'self';img-src 'self' https: data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.google.com *.gstatic.com; frame-src 'self' *.google.com *.gstatic.com; 1
frame-ancestors 'self' https://test.authorize.net https://accept.authorize.net 1
default-src 'self' *.decimalchain.com http: https: wss: ws: data:; connect-src *.decimalchain.com 'self' http: https: wss: ws:; script-src *.decimalchain.com 'unsafe-inline' 'unsafe-eval' http: https: wss: ws:; img-src *.decimalchain.com 'self' http: https: wss: data: ws:; style-src *.decimalchain.com *.googleapis.com 'unsafe-inline' http: https: wss: ws:; 1
form-action *.a1.hr *.tomato.com.hr *.corvus.hr *.paypal.com *.corvuspay.com; 1
default-src 'self' *.msgfocus.com *.fontawesome.com https://placeimg.com https://digital.autocare.org https://autocarevip.com https://api.mapbox.com https://unpkg.com/ *.autocareadvocacy.org *apps.autocare.org *.hotjar.com *.addevent.com *.acsbapp.com https://cdn.acsbapp.com https://acsbapp.com https://static.elfsight.com* https://www.buzzsprout.com; script-src 'self' *.msgfocus.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.linkedin.com *.feathr.co apis.google.com https://snap.licdn.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://kit.fontawesome.com *.fontawesome.com https://placeimg.com *.youtube.com https://www.youtube-nocookie.com https://ka-p.fontawesome.com https://www.openstreetmap.org https://api.mapbox.com https://unpkg.com https://creativecommons.org https://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js *.apps.autocare.org https://public.flourish.studio *.hotjar.com https://acsbapp.com https://extend.vimeocdn.com https://apps.autocare.org/iFrameResizer/iframeResizer.min.js https://apps.autocare.org/iFrameResizer/main.js *.autocareadvocacy.org *.addevent.com *acsbapp.com https://api.sessionboard.com https://2317e561535c460184fdf91c93698493.elf.site static.elfsight.com* https://events.rdmobile.com/Sessions/Remote/16207?speakerclickoption=None&version=2&token=kCEYmRGhEHZqBEUptu9QZHEHVjej4QpEdNGM1HQ5eCQ%3d https://www.buzzsprout.com/ https://open.spotify.com/; style-src 'self' *.msgfocus.com 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.fontawesome.com https://kit.fontawesome.com https://ka-p.fontawesome.com https://placeimg.com https://www.autocare.org https://api.mapbox.com https://creativecommons.org https://unpkg.com https://apps.autocare.org/iFrameResizer/style.css https://kit.fontawesome.com/4c9f09c5bb.js *.autocareadvocacy.org *.hotjar.com *.acsbapp.com https://cdn.acsbapp.com https://acsbapp.com; font-src 'self' *.msgfocus.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com https://kit.fontawesome.com https://ka-p.fontawesome.com https://placeimg.com *.hotjar.com https://acsbapp.com https://cdn.acsbapp.com; img-src 'self' *.msgfocus.com *.gstatic.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.linkedin.com *.feathr.co *.adsrvr.org *.adsymptotic.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.fontawesome.com https://kit.fontawesome.com https://ka-p.fontawesome.com *.eloqua.com track.hubspot.com https://api.mapbox.com https://public.flourish.studio/resources/made_with_flourish.svg *.hotjar.com *.acsbapp.com https://acsbapp.com https://cdn.acsbapp.com picsum.photos *.picsum.photos; media-src 'self' *.msgfocus.com data: blob: *.fontawesome.com *.youtube.com https://kit.fontawesome.com/4c9f09c5bb.js; frame-src 'self' *.msgfocus.com *.vimeo.com *.youtube.com https://www.youtube-nocookie.com https://autocare.guerrillaeconomics.net https://autocare-test.guerrillaeconomics.net https://www.autocare.org https://www.google.com https://www.openstreetmap.org https://api.mapbox.com https://creativecommons.org https://unpkg.com https://www.autocare.org/externalapps/map/autocarecountries.js https://cdn.knightlab.com/libs/timeline3/latest/embed/index.html https://apps.autocare.org/DataTables/dataTable.html *apps.autocare.org *.autocareadvocacy.org https://sit.autocarevip.com/RepMatch https://kuula.co https://www.autocarevip.com/RepMatch https://flo.uri.sh https://survey.alchemer.com https://public.flourish.studio/resources/embed.js https://apps.autocare.org/DataTables/dataDictionary.html *.hotjar.com *.rdmobile.com https://apps.autocare.org/DataTables/persona.html *.hotjar.com *.addevent.com https://acsbapp.com https://13bae2c7b7ce4384818a2c0b74e79696.elf.site https://b784d8c6c9d04975b69af935906341fd.elf.site https://b784d8c6c9d04975b69af935906341fd.elf.site https://559000824b98482e97fae8f9e9caeba4.elf.site https://8267ded260854c8fbe7f4a29531d08f1.elf.site https://b77d2ad65b9b41a6b725b5f20db03ba1.elf.site https://6a4bebc2f9bb4eb2913883e440c0dce2.elf.site https://api.sessionboard.com https://*static.elfsight.com https://2317e561535c460184fdf91c93698493.elf.site https://events.rdmobile.com/Sessions/Remote/16207?speakerclickoption=None&version=2&token=kCEYmRGhEHZqBEUptu9QZHEHVjej4QpEdNGM1HQ5eCQ%3d  https://www.buzzsprout.com/; child-src 'self' *.msgfocus.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.fontawesome.com https://placeimg.com *.youtube.com https://www.youtube-nocookie.com https://ka-p.fontawesome.com https://www.openstreetmap.org https://api.mapbox.com https://creativecommons.org https://unpkg.com *.autocareadvocacy.org *.addevent.com https://acsbapp.com https://www.buzzsprout.com/ https://open.spotify.com/; connect-src 'self' *.msgfocus.com accounts.google.com *.feathr.co *.doubleclick.net https://*.insight.sitefinity.com https://www.youtube-nocookie.com https://*.dec.sitefinity.com *.mktoresp.com *.fontawesome.com https://www.openstreetmap.org https://api.mapbox.com https://creativecommons.org https://unpkg.com *.autocareadvocacy.org https://autocarevip.com https://cdn.acsbapp.com *.hotjar.com *.addevent.com *.acsbapp.com https://acsbapp.com; 1
frame-ancestors 'self' http://www.lovebeautyandplanet.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://app.cartwire.co/CW_API 1
default-src 'unsafe-inline' 'unsafe-eval' data: blob: wss://*.happymoney.com wss://*.usw2.pure.cloud *.happymoney.com https://happymoney.com https://*.cloudflare.com https://cdn.siftscience.com https://*.digify.com https://*.readme.io https://cdn.plaid.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.doubleclick.net https://*.googleadservices.com https://fonts.gstatic.com https://cdn.segment.com https://*.segment.io https://*.livechatinc.com https://*.fullstory.com https://*.payoff.com https://stats.g.doubleclick.net https://unpkg.com https://*.ingest.sentry.io https://js.live.net https://use.typekit.net https://sjrtp2-cdn.marketo.com https://munchkin.marketo.net https://script.crazyegg.com https://bat.bing.com https://api.instagram.com https://connect.facebook.net https://*.launchdarkly.com https://*.oktapreview.com https://*.okta.com https://static.cdn.prismic.io https://happymoney-marketing.prismic.io https://www.youtube.com https://*.amazonaws.com https://*.iovation.com https://*.datadoghq.com https://*.browser-intake-datadoghq.com https://point-break.cdn.prismic.io https://images.prismic.io https://cdn.livechat-static.com https://cdn.livechat-files.com https://hexagon-analytics.com https://i.imgur.com https://www.facebook.com https://p.typekit.net https://secure.gravatar.com https://*.usw2.pure.cloud https://snap.licdn.com https://analytics.tiktok.com https://data.adxcel-ec2.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.oktacdn.com https://*.lever.co https://*.ipify.org https://*.twitter.com https://*.ads-twitter.com https://*.pangle-ads.com https://t.co https://*.citadelid.com https://*.truv.com https://happymoney.gw-dv.vip https://happymoney.gw-dv.io https://happymoney.gw-dv.xyz https://happymoney.cdn-gw-dv.vip https://52.42.183.115 https://happymoney.ck123.io; frame-ancestors 'self' 1
default-src 'self'; connect-src 'self' https://www.facebook.com/tr/ https://events.framer.com/anonymous https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://stats.g.doubleclick.net/j/collect https://www.google.com/pagead/1p-conversion/ https://adservice.google.com/pagead/regclk https://analytics.google.com/g/collect https://www.google-analytics.com/g/collect https://stats.g.doubleclick.net/g/collect https://www.google.co.id/ads/ga-audiences https://maps.googleapis.com/ https://cdn.growthbook.io/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.ingest.sentry.io/api/ https://analytics.tiktok.com/ https://ai.pashouses.id https://api-js.mixpanel.com/track/ https://api-js.mixpanel.com/engage/; font-src 'self' https://app.framerstatic.com/ https://fonts.gstatic.com/s/ https://fonts.gstatic.com/l/ https://script.hotjar.com; frame-src 'self' https://vars.hotjar.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://www.google.com/ https://*.jotform.com/ https://ai.pashouses.id; img-src 'self' data: https://www.facebook.com/ https://framerusercontent.com/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/maps/ https://www.google-analytics.com/collect https://www.google.co.id/ads/ga-audiences https://ik.imagekit.io/pashouses/ https://i.ytimg.com/ https://img.youtube.com/; media-src 'self' https://framerusercontent.com/modules/assets/ https://ik.imagekit.io/pashouses/; script-src 'self' https://connect.facebook.net/ https://events.framer.com/script https://framer.com/m/ https://framerusercontent.com/sites/ 'unsafe-inline' https://script.hotjar.com/ https://static.hotjar.com/ https://maps.googleapis.com/maps/ https://maps.googleapis.com/maps-api-v3/api/js/ https://www.googletagmanager.com/gtag/ 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com; worker-src 'self' blob:; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * 'self' data: blob:; font-src *; connect-src *; media-src *; object-src * 'self'; prefetch-src * 'self'; child-src * 'self'; frame-src *; worker-src * 'self'; frame-ancestors * 'self'; form-action * 'self'; base-uri * 'self' 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ODU2MjQ4MTA3NDE2NDgyNWFhNGE4NTFjNTlmYmZhZDk=' https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.kabinetsformatie2023.nl; font-src 'self' https://statistiek.rijksoverheid.nl; object-src 'none'; connect-src https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.kabinetsformatie2023.nl; img-src 'self' data: https://d3oiud1b8fohdw.cloudfront.net https://statistiek.rijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.toegankelijkheidsverklaring.nl; media-src 'self' https://*.rovid.nl https://*.rijksoverheidsvideo.nl; form-action 'self' https://export.highcharts.com https://*.contenttoolsrijksoverheid.nl https://*.kabinetsformatie2023.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' *.atlantiscasino.com *.curator.io curator-assets.b-cdn.net *.doubleclick.net *.fontawesome.com *.google.com *.googleapis.com *.google-analytics.com *.jotform.com *.jotfor.ms *.monarchblackhawk.com *.monarchrewards.com *.opentable.com *.otstatic.com *.triptease.io atlantiscasino.com insiderdata360online.com monarchblackhawk.com monarchrewards.com in.hotjar.com reservations.travelclick.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.accuweather.com *.curator.io curator-assets.b-cdn.net *.doubleclick.net *.eloqua.com *.en25.com *.facebook.com *.fontawesome.com *.google.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jotform.com *.jotfor.ms *.jscache.com *.jsdelivr.net *.linkedin.com *.opentable.com *.otstatic.com *.sojern.com *.tacdn.com *.tripadvisor.com *.twimg.com *.twitter.com *.wufoo.com *.youtube.com *.triptease.io *.hotjar.com *.adsrvr.org ajax.aspnetcdn.com cdn.ampproject.org cdnjs.cloudflare.com cdn.digitrust.mgr.consensu.org connect.facebook.net dec.azureedge.net googleapis.com insiderdata360online.com js.hs-analytics.net js.hs-scripts.com munchkin.marketo.net platform.stumbleupon.com reservations.travelclick.com s.ytimg.com wwws-usa2.givex.com www.tcgms.net; style-src 'self' 'unsafe-inline' *.accuweather.com *.curator.io curator-assets.b-cdn.net *.google.com *.googleapis.com *.gstatic.com *.jotfor.ms *.opentable.com *.otstatic.com *.tacdn.com *.twimg.com *.twitter.com dec.azureedge.net kendo.cdn.telerik.com netdna.bootstrapcdn.com; font-src 'self' *.gstatic.com *.jotfor.ms *.opentable.com *.otstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.tacdn.com; img-src 'self' *.adsrvr.org *.atlantiscasino.com *.curator.io curator-assets.b-cdn.net *.dec.sitefinity.com *.facebook.com *.google-analytics.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.jotfor.ms *.jotform.com *.linkedin.com *.monarchblackhawk.com *.monarchrewards.com *.noaa.gov *.sojern.com *.twimg.com *.twitter.com *.youtube.com atlantiscasino.com collector-6672.tvsquared.com dec.azureedge.net delicious.com monarchblackhawk.com monarchrewards.com platform.tumblr.com static.licdn.com static.tacdn.com www.redditstatic.com data: blob: *.accuweather.com *.atlantiscasino.com *.doubleclick.net *.eloqua.com *.google.com *.googletagmanager.com *.monarchblackhawk.com *.monarchrewards.com *.tripadvisor.com atlantiscasino.com i.ytimg.com insiderdata360online.com monarchblackhawk.com monarchrewards.com oxblue.com track.hubspot.com *.logtrackback.com placedog.net placekitten.com; media-src 'self' data: blob: *.atlantiscasino.com *.curator.io curator-assets.b-cdn.net *.monarchblackhawk.com *.monarchrewards.com atlantiscasino.com monarchblackhawk.com monarchrewards.com; frame-src 'self' *.atlantiscasino.com *.chargerback.com *.doubleclick.net *.facebook.com *.freedompay.com *.google.com *.googletagmanager.com *.jotform.com *.monarchblackhawk.com *.monarchrewards.com *.opentable.com *.speedrfp.com *.travelsmarter.net *.tripadvisor.com *.triptease.io *.videopoker.com *.wufoo.com *.youtube.com atlantiscasino.com cdn.digitrust.mgr.consensu.org hpc.freedompay.com monarchblackhawk.com monarchrewards.com tcgms.net insight.adsrvr.org vars.hotjar.com widget-seat.rguest.com www.kenousa.com www.tcgms.net wwws-usa2.givex.com s.tradingview.com tpc.googlesyndication.com reservemodernwidget.onagilysys.com *.flipsnack.com; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-LXDF8YV2t1mt5XLrL5om1QDax' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self' https://www.google-analytics.com; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.buzzsprout.com https://www.googletagmanager.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src https://www.google.com/recaptcha/ https://www.buzzsprout.com https://www.youtube.com https://player.vimeo.com https://docs.google.com https://cdn.forms-content.sg-form.com; media-src 'self' https://www.youtube.com; default-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.buzzsprout.com; style-src 'self' https://fonts.googleapis.com ; object-src 'none'; 1
default-src 'self' https://*.njindiaonline.com https://*.njindiaonline.in https://*.njinsure.in http://localhost:8080 https://*.razorpay.com ; img-src http://localhost:8080 https://*.njinsure.in https://*.njindiaonline.com https://*.njindiaonline.in https://*.facebook.com https://*.googleadservices.com https://*.google.co.in https://*.google.com https://googleads.g.doubleclick.net blob: data: https://*.razorpay.com;child-src http://localhost:8080 https://*.njinsure.in https://*.njindiaonline.com https://*.njindiaonline.in https://*.googletagmanager.com http://*.digicert.com https://*.razorpay.com; script-src 'unsafe-eval' 'unsafe-inline' http://localhost:8080 https://*.njinsure.in https://*.njindiaonline.com https://*.njindiaonline.in https://*.googletagmanager.com http://*.digicert.com https://*.razorpay.com ;style-src 'unsafe-inline' http://localhost:8080 https://*.njinsure.in https://*.njindiaonline.com https://*.njindiaonline.in https://*.googleapis.com https://*.njindiaonline.in https://*.razorpay.com;worker-src https://*.njindiaonline.com https://*.njinsure.in http://localhost:8080 ; connect-src http://localhost:8080 https://*.njindiaonline.com https://*.njindiaonline.in https://*.google-analytics.com https://*.njtechdesk.com https://*.njinsure.in ;font-src http://localhost:8080 https://*.njinsure.in https://*.gstatic.com https://*.njindiaonline.com https://*.njindiaonline.in;object-src https://*.digicert.com https://*.njinsure.in https://*.njindiaonline.com 1
base-uri 'self'; frame-ancestors 'none'; default-src https: ws: wss: gap: data: 'unsafe-eval' 'unsafe-inline'; object-src https://*.cloudflareinsights.com https://*.cloudflare.com https://*.googlevideo.com https://*.ytimg.com https://*.youtube.com https://*.youtube-nocookie.com https://*.google.com https://*.doofinder.com wss://*.doofinder.com; media-src https://*.cloudflareinsights.com https://*.cloudflare.com https://*.youtube.com https://*.youtube-nocookie.com https://*.google.com https://*.doofinder.com wss://*.doofinder.com; 1
default-src 'none';  script-src 'self' https://www.googleoptimize.com 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://script.hotjar.com https://s.adroll.com https://d.adroll.com https://connect.facebook.net https://assets.sitescdn.net https://mh.zoho.com https://cdn.oribi.io https://consent.cookiebot.com https://consentcdn.cookiebot.com https://ma.zoho.com https://maillist-manage.com https://static.hotjar.com https://fe.sitedataprocessing.com;  style-src 'self' 'unsafe-inline' https://zuumapp.com https://fonts.googleapis.com;  font-src 'self' https://zuumapp.com https://fonts.gstatic.com data:;  img-src 'self' https://dev-marketing-static.zuumapp.com https://www.google-analytics.com https://www.google.ro https://www.facebook.com https://s.adroll.com https://imgsct.cookiebot.com;  connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://d.adroll.com https://region1.analytics.google.com;  frame-src 'self' https://consentcdn.cookiebot.com;  worker-src 'self' blob:; 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src https://civi.digitalcourage.de https://digitalcourage.video https://streaming.media.ccc.de; frame-ancestors https://*.rc3.world https://*.rc3.cccv.de https://party.tabascoeye.de; 1
report-uri /sentry/api/61/csp-report/?sentry_key=8505cd7669a24ba78131bbe9f6e8db09; worker-src blob: 'self'; child-src blob:; object-src 'none'; default-src https: data: 'self' *.1gamepay.com; img-src 'self' https: data: blob: *.google.com *.google.ro *.google.se *.google.nl *.google.de *.google.fi *.google.ch *.google.ee *.google.sk *.google.dk *.visualwebsiteoptimizer.com app.vwo.com https://ssl.gstatic.com https://www.gstatic.com *.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com; frame-src * bankid: https://bid.g.doubleclick.net wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; connect-src 'self' ws: wss: livechat24.tech *.livechat24.tech https://stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net *.unetsafe.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.bing.com app.vwo.com facebook.com www.facebook.com *.google.com *.google.ru *.google.ro *.google.se *.google.de *.google.fr *.google.nl *.google.by *.google.pt *.google.kz *.google.bg *.google.kg *.google.md *.google.gr *.google.fi https://*.googlesyndication.com *.snapchat.com snapchat.com sc-static.net https://static.ads-twitter.com https://analytics.twitter.com https://*.atlantgaming.com https://cdn-sp.kertn.net https://*.pusher.com https://cdn-sp.gbshgbsh.com *.regily.com https://*.fasttrack-solutions.com https://*.ft-crm.com https://verification.okwork.io https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com *.frankcasino.com *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com s4vds4.ujad65dsai.com asdaerq.dapmaptuns.com *.checkout.com *.browser-intake-datadoghq.com https://*.frank.casino wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com *.google.com *.cloudflare.com *.cloudflareinsights.com *.unetsafe.com livechat24.tech *.livechat24.tech *.visualwebsiteoptimizer.com app.vwo.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://cdn-sp.kertn.net https://cdn-sp.gbshgbsh.com https://*.fasttrack-solutions.com https://*.gstatic.com https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com https://tagmanager.google.com https://fonts.googleapis.com https://s3.amazonaws.com *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com fasd63.illongrlong.com s4vds4.ujad65dsai.com asdaerq.dapmaptuns.com https://*.frank.casino wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; font-src 'self' https://fonts.gstatic.com data: *.cloudflare.com *.cloudflareinsights.com livechat24.tech *.livechat24.tech *.visualwebsiteoptimizer.com app.vwo.com *.frankcasino.com https://cdn-sp.kertn.net https://*.frank.casino wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; script-src 'self' 'unsafe-eval' 'nonce-vVYY277ZmoLyjGYTeGb6Ng==' blob: *.google.com *.google.ro *.google.se *.google.nl *.google.de *.google.fi *.google.ch *.google.ee *.google.sk *.google.dk recaptcha.net www.gstatic.com *.googleadservices.com https://www.googleadservices.com https://*.googlesyndication.com *.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://*.googletagmanager.com *.google-analytics.com *.analytics.google.com platform.twitter.com connect.facebook.net *.curacao-egaming.com stats.g.doubleclick.net https://stats.g.doubleclick.net livechat24.tech *.livechat24.tech *.livestatisc.com *.jsdelivr.net *.ptstaging.eu track.adform.net *.unetsafe.com *.cloudflare.com *.cloudflareinsights.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.snapchat.com *.bing.com snapchat.com sc-static.net app.vwo.com facebook.com www.facebook.com https://static.ads-twitter.com https://analytics.twitter.com *.regily.com https://*.fasttrack-solutions.com https://cdn-sp.kertn.net https://*.pusher.com https://cdn-sp.gbshgbsh.com https://*.gstatic.com https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com *.frankcasino.com *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com asdaerq.dapmaptuns.com *.checkout.com https://*.frank.casino wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com 1
upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://paste.yunohost.org wss://ww7.be; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'; object-src 'none'; img-src 'self' data:; 1
frame-ancestors 'self' http://localhost:3000 https://app-dev-edb.decision-science.agency https://*.singaporeglobalnetwork.gov.sg https://app-dev-edb.local:3000 1
default-src 'none'; script-src 'self' 'nonce-skldfhjlskhdfklasdfhdhflsdkhfklasfdhksaflsadkf'; connect-src 'self'; img-src 'self'; style-src 'self' 'nonce-skldfhjlskhdfklasdfhdhflsdkhfklasfdhksaflsadkf';base-uri 'self';form-action 'self' elmex-brasil.com.br colgatebrasil.com.br;font-src 'self' data:; frame-src 'self'; 1
default-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; object-src 'self'; upgrade-insecure-requests;         img-src 'self' data: *.amazonaws.com *.beam.style *.hkengage.gov.hk *.google.com *.google.com.hk *.linkedin.com;         connect-src 'self' *.amazonaws.com *.sentry.io analytics.google.com *.googlesyndication.com *.doubleclick.net *.linkedin.com;         font-src 'self' data: *.beam.style *.hkengage.gov.hk fonts.gstatic.com fonts.gstatic.googlefonts.cn;         frame-src 'self' *.doubleclick.net player.vimeo.com;         style-src 'self' 'unsafe-inline' *.beam.style *.hkengage.gov.hk fonts.googleapis.com fonts.gstatic.com fonts.googlefonts.cn fonts.gstatic.googlefonts.cn;         script-src 'self' 'unsafe-eval' 'unsafe-inline' *.beam.style *.hkengage.gov.hk www.googletagmanager.com *.licdn.com *.doubleclick.net cdnjs.cloudflare.com player.vimeo.com 1
default-src 'self'  https://* wss://*  data:;  img-src * 'self' data: https:; style-src 'self' http://* https://* 'unsafe-inline'; script-src 'self' http://* https://* 'unsafe-inline' 'unsafe-eval';connect-src 'self' http://* https://* wss://live-be.si-applications.com; 1
base-uri 'self';           default-src http: https: 'self' www.google.com www.google.ie www.gstatic.com www.googletagmanager.com www.google-analytics.com analytics.google.com stats.g.doubleclick.net *.usercentrics.eu;           img-src data: http: https:;           object-src 'none';           script-src http: https: 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com analytics.google.com *.usercentrics.eu;           style-src http: https: 'self' 'unsafe-eval' 'unsafe-inline' *.usercentrics.eu;           block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; 1
font-src 'self' https://script.hotjar.com; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: *.paypal.com fonts.gstatic.com *.amazonaws.com *.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com www.facebook.com/tr *.cardlink.gr *.eurocommerce.gr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.contactpigeon.com *.google.com *.facebook.com *.googleusercontent.com *.cardlink.gr *.eurocommerce.gr *.skroutz.gr 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io blueskytechmage.com mageblueskytech.com placehold.jp *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.contactpigeon.com www.google.gr *.googleusercontent.com *.r-shop.gr *.skroutz.gr *.amazonaws.com *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.avada.io connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.contactpigeon.com *.google.com maps.google.gr *.jsdelivr.net cdnjs.cloudflare.com kit.fontawesome.com *.skroutz.gr *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com assets.braintreegateway.com *.contactpigeon.com static.r-shop.gr *.cloudfront.net *.paypal.com fonts.googleapis.com *.amazonaws.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: *.r-shop.gr *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.contactpigeon.com www.facebook.com www.google.gr *.googleadservices.com *.doubleclick.net *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.contactpigeon.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.contactpigeon.com 'self' 'unsafe-inline';, upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://assets.fairandsmart.com https://cdn.jsdelivr.net https://core.fairandsmart.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://code.jquery.com/ https://cdnjs.cloudflare.com https://maps.googleapis.com https://carsatse.containers.piwik.pro https://chat.vizir.co https://europassistancefr.containers.piwik.pro; style-src 'self' 'unsafe-inline' https://assets.fairandsmart.com https://cdn.jsdelivr.net https://core.fairandsmart.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://fonts.googleapis.com; img-src 'self' 'unsafe-inline' https://eafrpfil001app.blob.core.windows.net https://eafrpfil002app.blob.core.windows.net https://maps.gstatic.com https://www.googletagmanager.com https://upload-image-vizir.s3.amazonaws.com; font-src 'self' https://eafrpfil001app.blob.core.windows.net https://fonts.gstatic.com; frame-src 'self' data: https://www.google.com https://maps.googleapis.com https://chat.vizir.co; connect-src *; 1
font-src https://cdn.checkout.com *.zohocdn.com *.gstatic.com ssl.widgets.webengage.com *.fontawesome.com maxcdn.bootstrapcdn.com data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com desk.zoho.com *.adform.net *.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://js.checkout.com *.klarna.com imgs.cdn-btsg.com *.demdex.net app.viralsweep.com services.listrak.com *.credova.com imasdk.googleapis.com rumble.com maps.google.com issuu.com *.zendesk.com *.hotjar.com *.webengage.com *.addtoany.com *.google.com google.com *.googletagmanager.com *.checkout.com *.plumrocket.com *.webengage.co *.snapchat.com *.doubleclick.net *.creativecdn.com zhsyboxy.eug.stape.io *.google.com.sa *.facebook.com tsdtocl.com *.meetanshi.com https://plumrocket.com https://accounts.google.com checkout.tabby.ai 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io seal.digicert.com *.listrakbi.com mediacdn.espssl.com imgs.cdn-btsg.com s3.amazonaws.com seal-easternnc.bbb.org *.magebees.com *.cloudfront.net *.zoho.com *.google.com *.google-analytics.com *.googletagmanager.com tracking.avantlink.com *.google.co.in *.googleapis.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.mediacdn.espssl.com *.tamara.co *.gstatic.com *.zendesk.com *.hotjar.com *.webengage.com *.facebook.com *.googleadservices.com *.meetanshi.com *.linkedin.com *.snapchat.com *.twitter.com *.clarity.ms *.bing.com t.co zhsyboxy.eug.stape.io dsum-sec.casalemedia.com *.adform.net *.google.com.sa cm.g.doubleclick.net pixel.rubiconproject.com rt.udmserve.net sync.teads.tv sync.taboola.com *.quora.com https://meetanshi.com/media/logo.png www.google.com.ua checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.checkout.com *.klarnacdn.net seal.digicert.com *.listrakbi.com app.viralsweep.com services.listrak.com imgs.cdn-btsg.com *.clarity.ms *.cloudfront.net cdnjs.cloudflare.com rumble.com s0.2mdn.net *.google.com tracking.avantlink.com *.credova.com cdn-apps.drimify.com *.zohopublic.com *.zohocdn.com *.zohostatic.com *.googleapis.com google.com *.googleadservices.com *.analytics.google.com *.googletagmanager.com *.google.co.in *.zendesk.com *.hotjar.com *.webengage.com *.addtoany.com *.vimeo.com *.gstatic.com *.checkout.com *.creativecdn.com *.ads-twitter.com *.licdn.com *.taboola.com *.tiktok.com sc-static.net *.snapchat.com *.zdassets.com *.tamara.co zhsyboxy.eug.stape.io *.googleads.g.doubleclick.net *.google.com.sa dsum-sec.casalemedia.com static.criteo.net *.meetanshi.com connect.facebook.net *.google-analytics.com https://accounts.google.com https://www.gstatic.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com www.google.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://cdn.checkout.com *.listrakbi.com *.zohocdn.com *.zohostatic.com *.googleapis.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com tracking.avantlink.com *.google.co.in *.fontawesome.com maxcdn.bootstrapcdn.com https://accounts.google.com https://www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.bolt.com https://js.checkout.com *.klarnaevt.com *.listrakbi.com onsite-api.listrak.com *.doubleclick.net imgs.cdn-btsg.com maps.googleapis.com desk.zoho.com *.credova.com rumble.com *.clarity.ms *.zohopublic.com *.googleapis.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com tracking.avantlink.com *.google.co.in *.zendesk.com *.hotjar.com wss://ws.hotjar.com *.webengage.com *.hotjar.io *.checkout.com *.creativecdn.com *.linkedin.com *.taboola.com *.tiktok.com *.snapchat.com google.com *.pangle-ads.com *.zdassets.com *.facebook.com *.tamara.co zhsyboxy.eug.stape.io *.google.com.sa *.meetanshi.com *.analytics.google.com stats.g.doubleclick.net https://accounts.google.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' bat.bing.com ma.velomarket.pl web.snrbox.com connect.facebook.net analytics.tiktok.com displayvideo.google.com doubleclick.net marketing.tr.netsalesmedia.pl clarity.microsoft.com www.googleadservices.com *.doubleclick.net www.clarity.ms geowidget-app.inpost.pl www.gstatic.com www.google.com maps.google.com *.youtube.com *.googleapis.com *.google-analytics.com *.googletagmanager.com cards.bm.pl *.hotjar.com web.snrbox.com; frame-src 'self' bat.bing.com ma.velomarket.pl web.snrbox.com www.google.com maps.google.com *.youtube.com geowidget-app.inpost.pl *.doubleclick.net; object-src 'self' 1
script-src 'nonce-335379f3a0875e0e66c2ab130b6a2d77' 'report-sample' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'; frame-ancestors 'self' ; object-src 'none'; base-uri 'self'; report-uri https://www.sportx.ch/jsapi/v1/de/log/csp 1
https: 'unsafe-inline'; frame-ancestors *.boqueria.barcelona; base-uri https://www.boqueria.barcelona; form-action https://www.boqueria.barcelona 1
script-src 'self' 'unsafe-inline' *.stripe.com api.mixpanel.com mc.yandex.ru *.intercom.io *.intercomcdn.com *.hotjar.com icm.aexp-static.com stripensrq.global.ssl.fastly.net *.googleadservices.com accounts.google.com *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net yastatic.net mcheckout-qa.americanexpress.com cdn.jsdelivr.net *.youtube.com *.ytimg.com *.licdn.com *.wdfl.co *.upscope.io connect.facebook.net *.pinimg.com *.clarity.ms ct.pinterest.com; object-src 'self'; font-src 'self' data: blob: 'unsafe-inline' js.intercomcdn.com fonts.intercomcdn.com fonts.gstatic.com *.hotjar.com 1
object-src 'self' https://staging-www.dornbirn.at https://app.city-monitor.com https://live.dornbirn.at https://dornbirn.pwa.city-monitor.com https://dornbirn.pwa-staging.city-monitor.com; frame-ancestors 'self' https://app.city-monitor.com https://live.dornbirn.at https://dornbirn.pwa.city-monitor.com https://dornbirn.pwa-staging.city-monitor.com; 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-9mELb1MHJdOZuAvPmirapQ==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
connect-src 'self' hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.pinterest.com *.google-analytics.com api.hubapi.com us-central1-adaptive-growth.cloudfunctions.net *.hsforms.com *.facebook.com api.pinpiaa.com adservice.google.com www.google.com  secure.adnxs.com/getuidj c.6sc.co *.mktoresp.com *.z1.dca0.com *.adroll.com stats.g.doubleclick.net clarity.ms *.clarity.ms *.mutinycdn.com *.mutinyhq.io platformapi.metadata.io maps.googleapis.com *.crazyegg.com ipv6.6sc.co *.resonaterecordings.com *.cloudfunctions.net https://*.qualified.com wss://*.qualified.com *.linkedin.oribi.io *.userway.org *.google.com *.googlesyndication.com *.linkedin.com *.mktoutil.com *.cookiebot.com googleads.g.doubleclick.net; default-src 'self' code.jquery.com cdnjs.cloudflare.com fonts.googleapis.com pro.fontawesome.com *.consensu.org js.driftt.com *.crazyegg.com *.resonaterecordings.com *.googleapis.com *.qualified.com *.cloudfront.net dmjv4kyi8h35m.cloudfront.net; font-src data: https: https://pro.fontawesome.com; frame-src synd.io www.facebook.com js.driftt.com boards.greenhouse.io player.vimeo.com *.pinterest.com public.tableau.com go.pardot.com *.hsforms.com *.hubspot.com *.doubleclick.net synd.io *.google.com vimeo.com www.googletagmanager.com maps.googleapis.com *.adsrvr.org  *.syndio.com	*.crazyegg.com https://*.qualified.com *.spotify.com  *.resonaterecordings.com *.cnbc.com *.userway.org https://www.youtube.com *.navattic.com *.cookiebot.com; img-src 'self' https: data: public.tableau.com images.mutinycdn.com *.crazyegg.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com js.hs-scripts.com js.hsforms.net boards.greenhouse.io *.adroll.com snap.licdn.com forms.hsforms.com cdnjs.cloudflare.com js.hs-banner.com js.hsleadflows.net js.hsadpixel.net js.hs-analytics.net js.driftt.com www.google-analytics.com s.pinimg.com *.digitaloceanspaces.com www.googleadservices.com connect.facebook.net js.hsadspixel.net cdn.pdst.fm d.adroll.mgr.consensu.org *.doubleclick.net *.jquery.com public.tableau.com *.google.com *.gstatic.com maps.googleapis.com j.6sc.co *.bing.com cdn.bizible.com *.marketo.net stats.g.doubleclick.net s.dca0.com *.clarity.ms client-registry.mutinycdn.com *.mutinycdn.com *.mutinyhq.io client-registry.mutinycdn.com *.ads-twitter.com static.ads-twitter.com/uwt.js unpkg.com js.adsrvr.org *.twitter.com *.syndio.com go.syndio.com *.crazyegg.com blob: *.qualified.com *.resonaterecordings.com *.listenlayer.com accessibilityserver.org *.userway.org *.omappapi.com www.youtube.com *.pinterest.com *.cookiebot.com; style-src 'self' 'unsafe-inline' https: *.crazyegg.com https://*.qualified.com; report-uri https://syndio.report-uri.com/r/d/csp/wizard; 1
frame-ancestors 'self' http://hag-sappoh1.aoc.eu http://hag-sappop1.aoc.eu 1
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self' https://repapi.inn-flow.net/; object-src 'none'; 1
upgrade-insecure-requests; worker-src 'self' blob:; manifest-src 'self'; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://evershedssutherland.containers.piwik.pro/ https://siteimproveanalytics.com/ https://snap.licdn.com/ https://policy.cookiereports.com/ https://api.mapbox.com/ https://code.jquery.com/ https://cdn.yoshki.com/; style-src 'self' 'unsafe-inline'; img-src 'self' https://cdn.yoshki.com/ https://yoshki.com/ https://eversheds-sutherland.vuture.net/ https://es.vuturevx.com/ https://px.ads.linkedin.com/ https://px4.ads.linkedin.com/ https://10542.global.siteimproveanalytics.io/ https://api.mapbox.com/ data:; connect-src 'self' https://api.mapbox.com/ https://events.mapbox.com/ https://px.ads.linkedin.com/ https://evershedssutherland.piwik.pro/; font-src 'self'; media-src 'self' https://cdn.yoshki.com/ https://yoshki.com/ https://listen.eversheds-sutherland.com/; frame-src https://yoshki.com/ https://cdn.yoshki.com/ https://listen.eversheds-sutherland.com/ https://html5-player.libsyn.com/ https://scnem.com/ https://sites-eversheds-sutherland.vuture.net/ https://es-notifications.com/ https://email.es-notifications.com/ https://watch.eversheds-sutherland.com/ https://video.twentythree.com/; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://cdn.yoshki.com/ https://secure.data-creativecompany.com/ https://evershedssutherland.containers.piwik.pro/ https://siteimproveanalytics.com/ https://snap.licdn.com/ https://policy.cookiereports.com/ https://api.mapbox.com/; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://d6tizftlrpuof.cloudfront.net *.usabilla.com *.willistowerswatson.com https://dpm.demdex.net https://sp.analytics.yahoo.com https://insight.adsrvr.org https://www.linkedin.com https://qsuper.qld.gov.au https://www.googletagmanager.com https://googleads.g.doubleclick.net https://p.typekit.net https://bat.bing.com https://px.ads.linkedin.com https://www.facebook.com *.cloudfront.net https://www.google.com https://www.google-analytics.com https://www.google.com.au https://ad.doubleclick.net data:; style-src 'self' 'unsafe-inline' https://d6tizftlrpuof.cloudfront.net *.usabilla.com *.cloudfront.net *.willistowerswatson.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://unpkg.com https://ajax.googleapis.com https://stackpath.bootstrapcdn.com; font-src 'self' 'unsafe-inline' *.usabilla.com https://fonts.googleapis.com *.cloudfront.net *.willistowerswatson.com https://use.typekit.com https://fonts.gstatic.com; frame-src 'self' www.google.com *.usabilla.com *.megaphone.fm *.cloudfront.net https://tpc.googlesyndication.com https://match.adsrvr.org *.amazonaws.com https://www.facebook.com *.widgetworks.com.au https://insight.adsrvr.org *.deloitte.com.au https://www.youtube.com *.fls.doubleclick.net td.doubleclick.net; script-src-elem 'self' 'unsafe-inline' https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://code.jquery.com https://cdn.jsdelivr.net https://hcbtas-p-calc-qsuper.azurewebsites.net *.willistowerswatson.com https://tpc.googlesyndication.com https://api.swiftype.com https://use.typekit.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://apps.mypurecloud.com https://connect.facebook.net https://bat.bing.com https://snap.licdn.com https://www.google-analytics.com https://w.usabilla.com *.widgetworks.com.au https://googleads.g.doubleclick.net https://js.adsrvr.org *.amazonaws.com https://www.googleadservices.com https://ajax.googleapis.com https://stackpath.bootstrapcdn.com https://td.doubleclick.net; connect-src 'self' https://d6tizftlrpuof.cloudfront.net *.usabilla.com *.towerswatson.com *.willistowerswatson.com https://bat.bing.com https://di-app-api-gw-np.qsuper.com.au https://di-app-api-gw.qsuper.com.au https://api.edq.com www.google.com.au/ads/ https://stats.g.doubleclick.net www.google-analytics.com analytics.australianretirementtrust.com.au analytics.qsuper.qld.gov.au *.widgetworks.com.au https://cdn.linkedin.oribi.io https://www.facebook.com https://px.ads.linkedin.com; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' https://admarket.no https://admarket.schibsted.se https://frontpage-wayback-machine.sls.schibsted.tech/ https://front-video-tool.aftenposten.no/; upgrade-insecure-requests 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://webchat-widget-cdn.tatodesk.com/cdn/webchat.js https://webchat.tatodesk.com/webchat-inject.js https://cdn.jsdelivr.net https://rasawebchatcdnstaticapi.gsan.com.br/cdn/rasa-webchat.js https://botoinject.gsan.com.br/5209390111079/channel-inject.js https://botoinject.gsan.com.br/3349976796317/channel-inject.js https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.ima.sp.gov.br ima.sp.gov.br https://*.campinas.sp.gov.br https://campinas.sp.gov.br https://*.youtube.com https://hosted.muses.org https://*.addthis.com https://*.addthisedge.com https://app.powerbi.com https://cdn.userway.org https://api.userway.org https://vlibras.gov.br https://*.vlibras.gov.br https://cdp.cloud.unity3d.com https://*.hotjar.com webpack: blob:; img-src 'self' https://chatbotavatar.s3.sa-east-1.amazonaws.com https://cdn.jsdelivr.net https://*.vlibras.gov.br https://vlibras.gov.br https://script.hotjar.com http://*.ima.sp.gov.br https://campinas.sp.gov.br https://*.campinas.sp.gov.br https://*.ytimg.com https://www.google.com https://www.googLeapis.com https://clients1.googLe.com https://*.gstatic.com data:; style-src 'self' 'unsafe-inline' https: ; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://vlibras.gov.br https://*.vlibras.gov.br https://script.hotjar.com; connect-src 'self' wss://webchat-webhook.tatodesk.com https://cdn.jsdelivr.net https://botobucketrestapi.gsan.com.br wss://webchatsocketapi.gsan.com.br/socket.io/?EIO=4&transport=websocket https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://config.uca.cloud.unity3d.com https://cdp.cloud.unity3d.com https://vlibras.gov.br https://*.vlibras.gov.br https://in.hotjar.com https://*.ima.sp.gov.br https://campinas.sp.gov.br https://*.campinas.sp.gov.br https://streaming.ima.sp.gov.br/educativa.mp3; frame-src https://*.monday.com https://www.youtube.com https://app.powerbi.com https://vars.hotjar.com https://cse.googLe.com https://*.ima.sp.gov.br https://campinas.sp.gov.br https://*.campinas.sp.gov.br https://docs.google.com; frame-ancestors 'self' https://*.ima.sp.gov.br https://campinas.sp.gov.br https://*.campinas.sp.gov.br https://docs.google.com; media-src 'self' https://streaming.ima.sp.gov.br/educativa.mp3 1
frame-ancestors 'self' cmwlab.com metrika.yandex.ru metrika.yandex.by metrika.yandex.com metrika.yandex.com.tr *.webvisor.com; 1
default-src fonts.gstatic.com https://www.youtube.com 'self'; style-src *.googleapis.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' 'unsafe-inline'; connect-src wss://localhost:* *.googleapis.com https://sessions.bugsnag.com/ *.pusher.com *.bugherd.com wss://ws-mt1.pusher.com *.google.com www.googleadservices.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com 'self'; img-src https://i.ytimg.com/  *.gstatic.com  *.googleapis.com  https://bugherd-attachments.s3.amazonaws.com/ *.google.com *.siteimproveanalytics.io https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' data:; frame-src https://player.vimeo.com/ https://www.youtube.com/ sidebar.bugherd.com https://quickquote-consumer.optimalblue.com/ https://www.dinkytown.net/ *.nice-incontact.com; script-src  *.googleapis.com  https://www.bugherd.com/ sidebar.bugherd.com 'unsafe-inline' *.googletagmanager.com googleads.g.doubleclick.net siteimproveanalytics.com *.nice-incontact.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'self' 1
default-src 'self' *.disquscdn.com *.disqus.com disqus.com https://static.klaviyo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hattons.co.uk data: google.com cdn.jsdelivr.net polyfill.io seal.globalsign.com ssif1.globalsign.com www.googletagmanager.com az416426.vo.msecnd.net www.google-analytics.com *.reamaze.com *.datatables.net js.pusher.com *.cloudfront.net ajax.aspnetcdn.com tagmanager.google.com www.bugherd.com hattonsmodelrailways.3cx.co.uk www.gstatic.com cdn.subscribers.com *.klaviyo.com *.facebook.net cdnjs.cloudflare.com hattonsmodelrailways.disqus.com *.sharethis.com *.disquscdn.com *.cloudinary.com *.postcodeanywhere.co.uk js.hs-scripts.com js.usemessages.com js.hs-analytics.net *.announcekit.app *.marketplan.io www.googlecommerce.com *.googleadservices.com js.stripe.com *.googleapis.com *.bootstrapcdn.com *.hotjar.com www.google.com/_/scs/ *.google.com *.hiverhq.com *.googlesyndication.com cdn.giftup.app *.google.co.uk https://player.vimeo.com analytics.tiktok.com; style-src 'self' 'unsafe-inline' 'unsafe-hashes' *.hattons.co.uk cdn.jsdelivr.net *.cloudfront.net fonts.googleapis.com tagmanager.google.com cdn.reamaze.com directoryproductimages.blob.core.windows.net hattonsmodelrailways.3cx.co.uk *.sharethis.com *.disquscdn.com *.datatables.net cdn.subscribers.com *.postcodeanywhere.co.uk hattonsauctionworx.blob.core.windows.net hattonsimages.blob.core.windows.net static.klaviyo.com *.bootstrapcdn.com js.stripe.com cdn.giftup.app www.bugherd.com www.googletagmanager.com; img-src 'self' *.hattons.co.uk directoryproductimages.blob.core.windows.net hattonsimage.hattons.co.uk cdn.shopify.com ssif1.globalsign.com seal.globalsign.com www.paypalobjects.com img.youtube.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.co.uk *.cloudfront.net bugherd-attachments.s3.amazonaws.com www.bugherd.com tagmanager.google.com *.gstatic.com data: cdn.reamaze.com reamaze-prod.s3.amazonaws.com hattonsmodelrailways.3cx.co.uk mathtag.com hi.subscribers.com *.facebook.com *.klaviyo.com www.googletagmanager.com *.sharethis.com *.disqus.com *.postcodeanywhere.co.uk *.datatables.net *.abmr.net *.disquscdn.com subscribers-prod.s3.amazonaws.com *.hubspot.com hattonsimages.blob.core.windows.net *.googleusercontent.com secure.gravatar.com hattons-model-railways.reamaze.com *.wp.com connect.facebook.net *.google-analytics.com *.analytics.google.com googleads.g.doubleclick.net *.analytics.google.com i.ytimg.com www.google.ie hattonsauctionworx.blob.core.windows.net cdn.giftup.app blob: retail.googleapis.com *.googlesyndication.com railsofsheffield.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com d17jp22xfcc13q.cloudfront.net fonts.googleapis.com www.bugherd.com *.cloudfront.net data: use.fontawesome.com hattonsmodelrailways.3cx.co.uk cdn.subscribers.com *.bootstrapcdn.com cdn.giftup.app static.klaviyo.com; media-src 'self' cdn.reamaze.com bugherd-attachments.s3.amazonaws.com hattonsimages.blob.core.windows.net hattonsimage.hattons.co.uk cdn.giftup.app; connect-src 'self' dc.services.visualstudio.com wss://ws.reamaze.com https://hattons-model-railways.reamaze.io sessions.bugsnag.com wss://ws.pusherapp.com www.bugherd.com sockjs.pusher.com bugherd-attachments.s3.amazonaws.com notify.bugsnag.com polyfill.io www.google-analytics.com hattonsmodelrailways.3cx.co.uk cdn.subscribers.com pro.ip-api.com fcm.googleapis.com hi.subscribers.com hattons-model-railways.reamaze.io connect.facebook.net *.facebook.com *.klaviyo.com *.globalsign.com hattonscoukapidev.azurewebsites.net auth.hattons.co.uk *.postcodeanywhere.co.uk *.sharethis.com *.hubspot.com cdn.reamaze.com stats.g.doubleclick.net app.marketplan.io *.pusher.com hattons-model-railways.reamaze.com analytics.google.com ws-mt1.pusher.com www.google.co.uk www.google.ie *.hotjar.com *.hotjar.io wss://*.hotjar.com *.analytics.google.com *.google-analytics.com *.analytics.google.com checkout.stripe.com js.stripe.com inbound.giftup.app www.google.com google.com *.googlesyndication.com analytics.tiktok.com railsofsheffield.com; frame-src 'self' 'unsafe-inline' hattons-model-railways.reamaze.com www.youtube.com *.sharethis.mgr.consensu.org *.sharethis.com *.disqus.com disqus.com announcekit.app www.facebook.com *.google.com *.hotjar.com js.stripe.com hattons-stripe-web.azurewebsites.net hooks.stripe.com *.hiverhq.com directoryproductimages.blob.core.windows.net hattonsimage.hattons.co.uk cdn.giftup.app https://player.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net;  1
default-src 'self'  https://*.evenementenhal.nl  ; connect-src 'self'  https://*.evenementenhal.nl https://*.elementor.com https://*.easyfairs.com https://*.google-analytics.com https://stats.g.doubleclick.net https://www.wpo365.com https://*.sentry.io https://hits-i.iubenda.com https://consent.iubenda.com https://cdn.iubenda.com https://*.google.com https://*.analytics.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://*.evenementenhal.nl https://www.googleoptimize.com https://beacon-v2.helpscout.net https://easyfairsassets.com https://*.easyfairs.cloud https://*.youtu.be https://s.ytimg.com https://*.youtube.com https://*.vimeo.com https://vimeo.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.sentry.io https://cdn.iubenda.com https://www.iubenda.com https://cdn.iubenda.com/cs/gpp/stub.js https://cdn.iubenda.com/cs/iubenda_cs.js https://cs.iubenda.com ; img-src 'self' data:  https://*.evenementenhal.nl  https://*.google.com https://*.google.at https://*.google.be https://*.google.bg https://*.google.ca https://*.google.cat https://*.google.ch https://*.google.de https://*.google.dk https://*.google.es https://*.google.fi https://*.google.fr https://*.google.com.hk https://*.google.it https://*.google.lt https://*.google.lu https://*.google.nl https://*.google.pl https://*.google.pt https://*.google.ro https://*.google.ru https://*.google.se https://*.google.com.tr https://*.google.co.uk https://*.google.com http://1.gravatar.com https://easyfairsassets.com https://*.ggpht.com https://library.elementor.com https://*.gravatar.com https://i.ytimg.com https://*.vimeocdn.com https://*.googleusercontent.com https://*.googleapis.com https://*.google-analytics.com https://*.g.doubleclick.net https://www.googletagmanager.com https://*.gstatic.com https://cdn.iubenda.com ; style-src 'self' 'unsafe-inline' data:  https://*.evenementenhal.nl https://easyfairsassets.com https://*.googleapis.com https://*.typekit.net https://ps.w.org https://cdn.jsdelivr.net https://www.googletagmanager.com https://*.google.com https://cdn.iubenda.com ; font-src 'self' data:  https://*.evenementenhal.nl https://spoprod-a.akamaihd.net https://easyfairsassets.com https://*.typekit.net https://fonts.gstatic.com https://*.sharepointonline.com  ; child-src 'self'  https://*.evenementenhal.nl https://easyfairsassets.com https://docs.wpo365.com https://library.elementor.com https://*.youtube.com https://*.vimeo.com https://*.youtu.be https://www.youtube-nocookie.com https://www.googletagmanager.com https://*.google.com https://www.iubenda.com https://cdn.iubenda.com ; media-src 'self'  https://*.evenementenhal.nl https://*.vimeo.com https://vimeo.com https://*.youtu.be https://*.youtube.com https://api.dmcdn.net https://*.twitch.tv  ; object-src 'self'  https://*.evenementenhal.nl  ; frame-ancestors 'self'  https://*.evenementenhal.nl  ; base-uri 'none'  ; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.ecitizen.gov.sg *.wogaa.sg *.googletagmanager.com *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.insight.sitefinity.com cdn.jsdelivr.net *.dcube.cloud assets.dcube.cloud *.hotjar.com https://script.hotjar.com https://googleads.g.doubleclick.net *.googleadservices.com https://snowplow-web.wogaa.sg https://console-flex-api.ap.sabio.cloud https://script.wiz.gov.sg https://rum.browser-intake-datadoghq.com https://ask.gov.sg 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://va.ecitizen.gov.sg *.dcube.cloud https://assets.dcube.cloud/fonts/ *.wogaa.sg *.sg.va.sabio.cloud *.ecitizen.gov.sg *.googleadservices.com https://console-flex-api.ap.sabio.cloud https://script.wiz.gov.sg 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://www.google.com https://www.googletagmanager.com *.wogaa.sg *.ecitizen.gov.sg *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://www-wsg-upgrade-gov-sg-admin.cwp.sg https://www-wsg-upgrade-gov-sg.cwp.sg *.doubleclick.net *.hotjar.com *.eloqua.com track.hubspot.com https://www.google.com.sg www.google.com https://console-flex-api.ap.sabio.cloud *.googleadservices.com https://ask.gov.sg https://logos.ask.gov.sg https://service-portal.skillsfuture.gov.sg 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.hotjar.com https://console-flex-api.ap.sabio.cloud *.wogaa.sg *.ecitizen.gov.sg; frame-src https://www.onemap.gov.sg https://www.youtube.com https://www.youtube-nocookie.com/ https://td.doubleclick.net/ 'self' web-chat.nativechat.com; connect-src data: accounts.google.com *.gstatic.com *.ecitizen.gov.sg *.wogaa.sg *.mktoresp.com *.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://stats.g.doubleclick.net/ *.hotjar.io *.hotjar.com wss://ws.hotjar.com/api/v2/client/ws https://pagead2.googlesyndication.com *.googleadservices.com https://snowplow-web.wogaa.sg https://console-flex-api.ap.sabio.cloud *.doubleclick.net https://script.wiz.gov.sg https://rum.browser-intake-datadoghq.com https://ask.gov.sg 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.onemap.gov.sg *.ecitizen.gov.sg *.wogaa.sg *.googleadservices.com http://snowplow-web.wogaa.sg https://console-flex-api.ap.sabio.cloud https://web-chat.nativechat.com https://script.wiz.gov.sg 'self' web-chat.nativechat.com; frame-ancestors 'self' https://www.youtube.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kakao.com *.kakaocdn.net  www.google-analytics.com fonts.googleapis.com ajax.googleapis.com www.google.com www.googletagmanager.com view.copyright.or.kr voc.copyright.or.kr piwik.copyright.or.kr www.juso.go.kr www.eprivacy.or.kr:40018 connect.facebook.net static.nid.naver.com t1.daumcdn.net t1.kakaocdn.net developers.kakao.com jsgetip.appspot.com cr.acecounter.com;style-src 'self' 'unsafe-inline';frame-ancestors 'self' *.kakao.com *.kakaocdn.net www.google-analytics.com fonts.googleapis.com ajax.googleapis.com www.google.com view.copyright.or.kr voc.copyright.or.kr piwik.copyright.or.kr www.juso.go.kr www.eprivacy.or.kr:40018 connect.facebook.net static.nid.naver.com developers.kakao.com jsgetip.appspot.com cr.acecounter.com;object-src 'self' *.kakao.com *.kakaocdn.net  www.google-analytics.com fonts.googleapis.com ajax.googleapis.com www.google.com view.copyright.or.kr voc.copyright.or.kr piwik.copyright.or.kr www.juso.go.kr www.eprivacy.or.kr:40018 connect.facebook.net static.nid.naver.com developers.kakao.com jsgetip.appspot.com cr.acecounter.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src * blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.aspnetcdn.com *.ajax.googleapis.com maps.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.youtube.com *.cookie-script.com *.addthis.com *.addthisedge.com *.ytimg.com *.twitter.com *.msecnd.net *.facebook.net; style-src 'self' 'unsafe-inline' *.fonts.net; 1
frame-ancestors 'self' https://*.a8silo.com https://a8silo.com 1
default-src 'none'; style-src 'self'; script-src 'self'; img-src 'self'; font-src 'self'; 1
frame-ancestors http://sass.clumio.com/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com unpkg.com *.cloudflare.com *.youtube.com *.gstatic.com cdn.jsdelivr.net *.pageuppeople.com *.recaptcha.net snap.licdn.com *.facebook.net *.newrelic.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.cloudflare.com; img-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.cloudflare.com *.ogilvy.com.au *.youtube.com *.googletagmanager.com *.vimeocdn.com *.ytimg.com www.facebook.com px.ads.linkedin.com www.linkedin.com; media-src 'self'; frame-src 'self' youtube.com *.youtube.com *.vimeo.com *.google.com *.recaptcha.net; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' *.gstatic.com *.amazonaws.com data: *.typekit.net; connect-src 'self' *.google-analytics.com *.googleapis.com px.ads.linkedin.com *.nr-data.net *.newrelic.com *.linkedin.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://flimpie.net 'wasm-unsafe-eval'; font-src 'self' https://flimpie.net; img-src 'self' data: blob: https://flimpie.net; style-src 'self' https://flimpie.net 'nonce-DlBhETuUsXJfvmuwHexRAg=='; media-src 'self' data: https://flimpie.net; frame-src 'self' https:; child-src 'self' blob: https://flimpie.net; worker-src 'self' blob: https://flimpie.net; connect-src 'self' blob: data: wss://flimpie.net https://flimpie.net; manifest-src 'self' https://flimpie.net; form-action 'self' 1
connect-src 'unsafe-inline' https://*.googlesyndication.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://sihot.com 1
font-src 'self' *.littleforest.co.uk fonts.gstatic.com cdn.jsdelivr.net fonts.googleapis.com amp.azure.net data: 1
base-uri 'self'; connect-src 'self'  sso.universia.net *.hotjar.io www.linkedin.com non-productive-alfred-s3.s3.eu-west-1.amazonaws.com script.hotjar.com *.hotjar.com img.youtube.com px4.ads.linkedin.com pro-myaccount-avatar.s3.eu-west-1.amazonaws.com t.co surveystats.hotjar.io analytics.twitter.com www.google.es  mboxedge37.tt.omtrdc.net santanderuniversidad.tt.omtrdc.net www.googletagservices.com assets.universia.net assets.dispatcher.universia.net www.google.ie dispatcher.universia.net www.facebook.com api-manager.universia.net cdn.cookielaw.org googleads.g.doubleclick.net stats.g.doubleclick.net www.google.com pagead2.googlesyndication.com region1.analytics.google.com region1.google-analytics.com vc.hotjar.io metrics.hotjar.io wss://ws.hotjar.com ws.hotjar.com content.hotjar.io www.google-analytics.com px.ads.linkedin.com analytics.tiktok.com; default-src 'self'; font-src 'self' script.hotjar.com fonts.gstatic.com data:; frame-src 'self' www.youtube.com www.google.com td.doubleclick.net track.adform.net www.facebook.com sso.universia.net; img-src 'self' imagenes.universia.net i.ytimg.com non-productive-alfred-s3.s3.eu-west-1.amazonaws.com www.universia.net api-manager.universia.net img.youtube.com assets.universia.net assets.dispatcher.universia.net pro-myaccount-avatar.s3.eu-west-1.amazonaws.com cdn.cookielaw.org www.facebook.com fonts.gstatic.com www.google.ie www.google.com www.google.es www.googletagmanager.com www.google-analytics.com px.ads.linkedin.com px4.ads.linkedin.com t.co analytics.twitter.com data:; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'wasm-unsafe-eval' 'nonce-dubi13asf985gfGDlmsnIot' 'sha256-1ajZ1llmQrgjKEWXHJbFYnovHYip7eaj3p2ThYdlrjY=' www.universia.net www.google.com *.hotjar.io *.hotjar.com track.adform.net s2.adform.net www.googletagservices.com cdn.cookielaw.org googleads.g.doubleclick.net connect.facebook.net static.hotjar.com metrics.hotjar.io script.hotjar.com www.googletagmanager.com www.google-analytics.com snap.licdn.com static.ads-twitter.com analytics.tiktok.com; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com; worker-src www.universia.net dispatcher.universia.net; 1
frame-ancestors 'self' *.manchester.ac.uk 1
default-src 'self'; script-src 'self' 'unsafe-eval' content.pendo.portal-digitalshadows.com data.pendo.portal-digitalshadows.com; style-src 'self' 'unsafe-inline' content.pendo.portal-digitalshadows.com data.pendo.portal-digitalshadows.com; img-src 'self' data: content.pendo.portal-digitalshadows.com data.pendo.portal-digitalshadows.com; connect-src 'self' https://*.searchlight.app content.pendo.portal-digitalshadows.com data.pendo.portal-digitalshadows.com; child-src 'self' data.pendo.portal-digitalshadows.com; frame-ancestors 'self' data.pendo.portal-digitalshadows.com; frame-src 'self' data.pendo.portal-digitalshadows.com; report-uri https://portal-digitalshadows.com/api/csp-reports 1
default-src 'self'; connect-src 'self' matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src *.readspeaker.com *.google.com *.gstatic.com *.hosted-pageflow.com *.youtube.com *.vimeo.com vimeo.com *.unesco.de *.readspeaker.com datawrapper.dwcdn.net *.unitylivestream.com gemeinschaftswerk-nachhaltigkeit.de my.walls.io klimacampus.org *.klimacampus.org; img-src 'self' data: matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.openstreetmap.de *.bmbfcluster.de *.wmflabs.org; font-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self'; 1
default-src 'self' blob: *.tricentis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com *.adsrvr.org *.bing.com *.bizible.com *.cookielaw.org *.demandbase.com *.doubleclick.net *.facebook.net *.googleoptimize.com *.googletagmanager.com *.licdn.com *.marketo.net *.mountain.com https://dx.mountain.com https://px.mountain.com https://gs.mountain.com *.tricentis.com *.trustradius.com *.vimeo.com *.wistia.com *.youtube.com *.zoominfo.com https://js.adsrvr.org https://bat.bing.com https://cdn.bizible.com https://cdnjs.cloudflare.com/ajax/libs/aos/2.3.4/aos.js https://api.company-target.com https://cdn.cookielaw.org https://tag.demandbase.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.google.com https://*.google-analytics.com https://www.googleadservices.com https://ajax.googleapis.com https://fonts.googleapis.com https://www.googleoptimize.com https://*.googlesyndication.com https://www.googletagmanager.com https://www.gstatic.com https://cdn.jsdelivr.net/npm/countup@1.8.2/dist/countUp.min.js https://snap.licdn.com https://munchkin.marketo.net https://cdn.mouseflow.com https://eu.mouseflow.com https://netlify-cdp-loader.netlify.app https://*.tricentis.com https://affiliates.tricentis.com https://fast.wistia.com https://fast.wistia.net https://ws.zoominfo.com https://www.youtube.com/iframe_api https://www.trustradius.com https://d30ia583fbtg8i.cloudfront.net/trustquotes https://b.6sc.co https://j.6sc.co https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.onetrust.com https://js.sentry-cdn.com; style-src 'self' 'unsafe-inline' 'report-sample' *.marketo.net *.tricentis.com https://www.tricentis.com https://api.company-target.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.googletagmanager.com https://www.gstatic.com https://pages.tricentis.com https://lps.tricentis.com https://www.trustradius.com https://*.typekit.net https://d30ia583fbtg8i.cloudfront.net https://*.onetrust.com; object-src 'none'; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com *.doubleclick.net http://ad.doubleclick.net *.mktoresp.com *.mktoutil.com *.google.com https://analytics.google.com https://adservice.google.com https://www.googleadservices.com https://region1.analytics.google.com https://cdn.cookielaw.org https://cdn.linkedin.oribi.io *.company-target.com https://ws.zoominfo.com bat.bing.com *.google-analytics.com *.demandbase.com *.wistia.com *.onetrust.com *.facebook.com pages.tricentis.com lps.tricentis.com be.tricentis.com *.googlesyndication.com *.googletagmanager.com *.mouseflow.com https://eu.mouseflow.com https://o2.mouseflow.com https://www.trustradius.com https://dudodiprj2sv7.cloudfront.net dx.mountain.com px.mountain.com gs.mountain.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 *.litix.io https://px.ads.linkedin.com https://ipv6.6sc.co https://c.6sc.co https://logx.optimizely.com https://*.optimizely.com https://*.6sense.com https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bt https://www.google.by https://www.google.ca https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.com https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.co https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.ng https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gl https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.im https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.sk https://www.google.sn https://www.google.sr https://www.google.tg https://www.google.tn https://www.google.tt; font-src 'self' https://js.intercomcdn.com https://fonts.intercomcdn.com data: https://cdn.mouseflow.com https://fast.wistia.com https://fonts.gstatic.com https://use.typekit.net https://dudodiprj2sv7.cloudfront.net/font/glyphicons/ https://*.onetrust.com; frame-ancestors 'self' https://www.tricentis.com https://be-develop.tricentis.com https://be-test.tricentis.com https://be.tricentis.com; frame-src *.adsrvr.org *.facebook.com *.tricentis.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://bid.g.doubleclick.net https://datainsights-cdn.dm.aws.gartner.com https://td.doubleclick.net https://tpc.googlesyndication.com https://www.buzzsprout.com https://www.google.com https://player.vimeo.com https://fast.wistia.net *.wistia.com https://www.youtube.com https://app.netlify.com https://s.company-target.com https://capture.navattic.com https://tricentis.navattic.com https://a26508490611.cdn.optimizely.com https://a26508490611.cdn-pci.optimizely.com; img-src 'self' blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com *.doubleclick.net http://ad.doubleclick.net https://pubads.g.doubleclick.net https://*.google-analytics.com https://analytics.google.com https://region1.analytics.google.com https://adservice.google.com https://*.googletagmanager.com https://fonts.gstatic.com *.tricentis.com https://www.tricentis.com https://cdn.bizible.com https://cdn.bizibly.com *.capterra.com *.wistia.com *.linkedin.com https://px.ads.linkedin.com *.cookielaw.org *.googlesyndication.com https://www.google.com www.googletagmanager.com https://bat.bing.com https://id.rlcdn.com https://www.facebook.com https://segments.company-target.com https://capterra.s3.amazonaws.com https://eu.mouseflow.com chart.googleapis.com wingify-assets.s3.amazonaws.com https://media.trustradius.com https://d30ia583fbtg8i.cloudfront.net https://px.ads.linkedin.com https://b.6sc.co https://cdn.optimizely.com https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bt https://www.google.by https://www.google.ca https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.com https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.co https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.ng https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gl https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.im https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.sk https://www.google.sn https://www.google.sr https://www.google.tg https://www.google.tn https://www.google.tt; media-src 'self' https://js.intercomcdn.com blob: https://*.wistia.com https://embedwistia-a.akamaihd.net; report-uri https://65eb3282bc57ae1120bf66ab.endpoint.csper.io?v=25; worker-src 'self' blob:; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/backupdr 1
default-src 'self'; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://client.crisp.chat; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://client.crisp.chat; script-src 'self' 'nonce-64d8e4b59d88ea58a81e316733bddf91' https://www.google.com/recaptcha/api.js https://www.gstatic.com https://client.crisp.chat https://www.freeprivacypolicy.com wss://client.relay.crisp.chat https://www.googletagmanager.com https://cdn.tailwindcss.com https://www.google-analytics.com https://central.servernet.net/; img-src 'self' 'unsafe-inline' wss://client.relay.crisp.chat https://client.crisp.chat https://image.crisp.chat data:; frame-src 'self' 'unsafe-inline' https://www.google.com; connect-src 'self' 'unsafe-inline' wss://client.relay.crisp.chat https://client.crisp.chat/ https://www.google-analytics.com/ https://central.servernet.net/ 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-oLe/MsAJvNzTUuqZbkNSy3t0Brt/booqxWnph3FogNioBEpX' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src           'self'           https://checkoutshopper-live.adyen.com           https://www.paypalobjects.com           https://www.paypal.com           https://maps.googleapis.com           http://maps.googleapis.com           https://www.googletagmanager.com           http://www.googletagmanager.com           https://www.google-analytics.com           http://www.google-analytics.com           https://tagmanager.google.com           https://www.googleadservices.com           https://optimize.google.com           https://tm.tradetracker.net           https://www.youtube.com           http://www.youtube.com           https://wiqhit.com           http://wiqhit.com           *.wiqhit.com           https://s.ytimg.com           http://s.ytimg.com           https://googleads.g.doubleclick.net           https://bat.bing.com           http://bat.bing.com           https://connect.facebook.net           http://connect.facebook.net           https://connect.facebook.net/en_US/fbevents.js           https://dbq5t2jl0vcpj.cloudfront.net           https://dev.visualwebsiteoptimizer.com           https://*.cloudfront.net           blob:           'unsafe-inline';           style-src           'self'           https://checkoutshopper-live.adyen.com           https://fonts.googleapis.com           http://fonts.googleapis.com           https://tagmanager.google.com           https://optimize.google.com           https://wiqhit.com           http://wiqhit.com           https://www.googletagmanager.com           http://www.googletagmanager.com           *.wiqhit.com           'unsafe-inline';           font-src           'self'           https://fonts.gstatic.com           http://fonts.gstatic.com           https://app-v2.wiqhit.com; 1
default-src 'self' https: http: ws: wss: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https: data: blob:; img-src 'self' https: http: data: blob:; font-src 'self' https: http: data: blob:; 1
default-src 'self' * 'unsafe-inline' 'unsafe-eval' data: https: blob:; report-uri /csp-violation-report/ 1
block-all-mixed-content;default-src 'unsafe-inline' 'self' 1
frame-ancestors 'self' https://geelongweb.com.au; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.syndication.twimg.com twitter.com platform.twitter.com  maps.google.com twittercommunity.com www.google-analytics.com google-analytics.com www.googleadservices.com use.typekit.net www.googletagmanager.com ssl.google-analytics.com ajax.googleapis.com googleads.g.doubleclick.net use.edgefonts.net www.tripadvisor.com www.tripadvisor.com.au static.tacdn.com maps.googleapis.com; style-src 'unsafe-inline' 'self' use.typekit.net p.typekit.net platform.twitter.com ton.twimg.com use.edgefonts.net static.tacdn.com fonts.googleapis.com 1
default-src * data:; script-src data: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.dtvp.de *.cookiebot.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.xing-share.com *.facebook.com *.facebook.net *.instagram.com *.twitter.com *.linkedin.com *.podigee.com *.podigee-cdn.net *.podlove.org *.cleverpush.com *.outbrain.com *.flockler.com *.seobility.net maps.google.com track.ewe.de chat.ato.botario.com chat.ewe.botario.com; media-src 'self' blob: data:; base-uri 'self' track.ewe.de; object-src 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' track.ewe.de; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com plugins.flockler.com www.youtube-nocookie.com www.facebook.com b2b.ewe.de 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-inline' 'unsafe-eval' *.vimeo.com *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://tags.clickagy.com/ cdn.jsdelivr.net pages.e2open.com pages.e2open.com/js/forms2/css/forms2.css blob: *.ep-mimecast.ads-twitter.com *.doubleclick.net *.google.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.marketo.com *.nr-data.net https://analytics.twitter.com https://bat.bing.com https://bam.nr-data.net https://cdn.abrankings.com https://connect.facebook.net https://content.linkedin.com https://cdn.syndication.twimg.com https://en.twitter.com https://f.vimeocdn.com https://googleads.g.doubleclick.net https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://j.6sc.co https://js.adsrvr.org https://js.facebook.com https://js-agent.newrelic.com https://munchkin.marketo.net https://okt.to https://platform.linkedin.com https://platform.twitter.com https://play.vidyard.com https://player.vimeo.com https://r.bing.com https://static.ads-twitter.com https://script.crazyegg.com https://ssl.google-analytics.com https://script.hotjar.com https://static.hotjar.com https://snap.licdn.com https://static-exp1.licdn.com https://static.oktopost.com https://tagmanager.google.com https://t.co https://visitor.reactful.com https://www.clarity.ms https://www.google-analytics.com https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.vimeo.com https://ws.zoominfo.com https://app-sj31.marketo.com/index.php/form/getForm https://bam.nr-data.net/1/NRJS-861f3eedf716c4eaf11 https://bat.bing.com/bat.js https://cdn.abrankings.com/js/client.js https://cdn.syndication.twimg.com/timeline/profile https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/722106568/ https://j.6sc.co/6si.min.js https://js-agent.newrelic.com/nr-1216.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://munchkin.marketo.net/munchkin.js https://okt.to/ping https://pages.e2open.com/js/forms2/js/forms2.min.js https://platform.twitter.com/js/moment~timeline.d73eae5387f08ab9f8b71dcf9d12d391.js https://play.vidyard.com/embed/v4.js https://player.vimeo.com/api/player.js https://script.crazyegg.com/pages/scripts/0104/0422.js https://script.hotjar.com/modules.86ab03b5bc9b930d4f53.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://static.hotjar.com/c/hotjar-2184122.js https://static.oktopost.com/oktrk.js https://visitor.reactful.com/dist/main.rtfl.js https://ws.zoominfo.com/pixel/61eeeb0bcd134a001e3eda0d https://www.clarity.ms/tag/uet/17464652 https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com/gtm.js *.vimeo.com *.vimeocdn.com *.newrelic.com www.googletagservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' 'unsafe-inline' 'report-sample' 'unsafe-inline' cdn.jsdelivr.net *.marketo.net *.marketo.com *.licdn.com *.google.com *.bing.com fonts.googleapis.com platform.twitter.com ton.twimg.com www.googletagmanager.com fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com *.vimeocdn.com maps.googleapis.com maps.google.com translate.googleapis.com tagmanager.google.com *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' 'unsafe-inline' data: https://abs.twimg.com https://p.adsymptotic.com https://id.rlcdn.com https://px.ads.linkedin.com px.ads.linkedin.com https://aorta.clickagy.com https://analytics.twitter.com https://b.6sc.co https://bat.bing.com https://pbs.twimg.com https://platform.twitter.com https://px.ads.linkedin.com https://secure.gravatar.com https://syndication.twitter.com https://t.co https://ton.twimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com *.vidyard.com *.twimg.com *.twitter.com *.clarity.ms *.linkedin.com *.t.co *.bing.com t.co facebook.com zoominfo.com *.google.com *.6sc.co privacy-policy.truste.com px.ads.linkedin.com www.google.com.au *.google.co https://px.ads.linkedin.com/collect s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://809-eog-429.mktoresp.com https://hemsync.clickagy.com https://aorta.clickagy.com/ cdn.linkedin.oribi.io https://ad.doubleclick.net https://api.redirect.li/v1/ https://bam.nr-data.net https://bat.bing.com https://cdn.abrankings.com https://d.clarity.ms https://epsilon.6sense.com https://in.hotjar.com https://ipv6.6sc.co https://script.crazyegg.com https://sheets.googleapis.com https://stats.g.doubleclick.net https://tracking.reactful.com https://visitor.reactful.com https://ws.zoominfo.com https://ws31.hotjar.com https://www.google-analytics.com wss://ws31.hotjar.com *.6sc.co *.facebook.com *.hotjar.com *.clarity.ms secure.adnxs.com *.google-analytics.com vc.hotjar.io assets-tracking.crazyegg.com pages.e2open.com tracking.crazyegg.com pagestates-tracking.crazyegg.com 809-eog-429.mktoutil.com ws32.hotjar.com f.clarity.ms wss://ws30.hotjar.com wss://ws41.hotjar.com *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com data: fonts.gstatic.com fonts.googleapis.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' *.googlesyndication.com; media-src 'self' https://prod2.expedientsoftware.com.au; frame-src 'self' 'unsafe-inline' play.vidyard.com td.doubleclick.net pages.e2open.com https://11817530.fls.doubleclick.net https://match.adsrvr.org https://app-sj31.marketo.com https://bid.g.doubleclick.net https://insight.adsrvr.org https://player.vimeo.com https://vars.hotjar.com https://www.facebook.com *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' blob: *.vimeo.com *.googlesyndication.com *.google.com *.facebook.com *.doubleclick.net connect.facebook.net platform.twitter.com vimeo.com www.googletagmanager.com *.vimeocdn.com www.youtube.com *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; worker-src 'self' blob: www.google.com; base-uri 'self' ; form-action 'self' *.twitter.com *.google.com *.facebook.com connect.facebook.net pages.e2open.com; frame-ancestors 'self' t.co twitter.com; upgrade-insecure-requests; report-uri https://expedientsoftware.com.au?gdsih-csp-report; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://qaf.men; img-src 'self' https: data: blob: https://qaf.men; style-src 'self' https://qaf.men 'nonce-VVwU+mwV4BpQxwF0NJi84Q=='; media-src 'self' https: data: https://qaf.men; frame-src 'self' https:; manifest-src 'self' https://qaf.men; form-action 'self'; child-src 'self' blob: https://qaf.men; worker-src 'self' blob: https://qaf.men; connect-src 'self' data: blob: https://qaf.men https://qaf.men wss://qaf.men; script-src 'self' https://qaf.men 'wasm-unsafe-eval' 1
default-src 'none'; script-src 'self' www.googletagmanager.com platform.twitter.com syndication.twitter.com static.ads-twitter.com 'sha256-ewTm8QMx/IkmbIFAIapvCHoCrGgIIHhn8qKC7/5Y2Ro=' 'unsafe-hashes' 'sha256-mplq9U9bn5xLaFQjbIOde0Eu7cXsI2xaTPex2jLztp0='; style-src 'self' cdnjs.cloudflare.com fonts.googleapis.com 'sha256-akbuxUDobAg86+TiT5p8TENoFqlhtGWtEqHedhVNujw='; font-src fonts.gstatic.com cdnjs.cloudflare.com; img-src 'self' syndication.twitter.com t.co analytics.twitter.com; frame-src platform.twitter.com; connect-src *.google-analytics.com 1
frame-ancestors *; upgrade-insecure-requests; default-src *; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' *; style-src 'report-sample' 'unsafe-inline' *; object-src *; frame-src *; child-src blob: *; img-src data: blob: *; font-src data: *; connect-src * about:; manifest-src *; base-uri *; form-action *; media-src *; prefetch-src *; worker-src blob: *; 1
base-uri 'self'; child-src 'self' https://micromain.global https://*.micromain.global https://*.firebaseio.com https://*.request.services/ data: gap:; frame-src 'self' https://micromain.global https://*.micromain.global https://*.firebaseio.com https://*.request.services/ data: gap:; connect-src 'self' wss://micromain-global.firebaseio.com wss://*.firebaseio.com https://*.micromain.global https://micromain.global https://translate.googleapis.com https://api.awesomeblocker.com wss://127.0.0.1 https://fonts.googleapis.com https://translate.google.com https://cdnmd.global-cache.online/ wss://127.0.0.1:*/; default-src 'self' data: 'unsafe-inline' unsafe-hashes 'unsafe-eval' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: fonts.gstatic.com *; img-src 'self' data: micromain.global * blob:; media-src 'self' https://*.micromain.global; script-src 'self' data: 'unsafe-inline' unsafe-hashes 'unsafe-eval' https://micromain.atlassian.net https://cdnjs.cloudflare.com https://s3-us-west-2.amazonaws.com https://micromain-global.firebaseio.com https://*.firebaseio.com * 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' unsafe-hashes fonts.googleapis.com * 'unsafe-inline'; frame-ancestors 'self' https://*.firebaseio.com https://micromain.global https://*.micromain.global https://*.request.services/ gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=%2FOueZhfBRHjKr6QZ6K74qj55VvzVCJopRMg7%2FAb2jqvE202nnC3v1xmli%2Fd66WGca6E1Xj74CNmQxlUR0i6Y7w%3D%3D; 1
default-src 'none'; img-src *; media-src *; style-src 'unsafe-inline'; script-src 'sha256-5LHjQRW/545MJZfQlsky0iG7knEJINRxFfkDaEbvTpc=' 1
default-src 'self'; connect-src *; frame-src *; font-src *;img-src about: * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fluidigm.com *.standardbio.com https://assets.calendly.com *.clarity.ms *.ewebinar.com *.hsforms.com https://calendly.com *.hsforms.net snap.licdn.com *.cookielaw.org acsbapp.com apis.google.com *.pimcore.org *.jsdelivr.net *.nr-data.net js-agent.newrelic.com *.go-mpulse.net *.icims.com www.google-analytics.com assets.calendly.com *.wistia.com *.hsforms.net *.hsforms.com pi.pardot.com bat.bing.com *.bioz.com code.jquery.com cookie-cdn.cookiepro.com *.cookiepro.com js.qualified.com *.vidyard.com www.googletagmanager.com www.gstatic.com *.pardot.com *.google.com; style-src 'self' 'unsafe-inline' *.fluidigm.com *.standardbio.com assets.calendly.com *.calendly.com *.wistia.com *.hsforms.net *.hsforms.com *.icims.com *.vidyard.com *.bioz.com fonts.googleapis.com; object-src 'self' *.bioz.com; base-uri 'self'; connect-src 'self' *.fluidigm.com *.standardbio.com assets.calendly.com *.calendly.com *.clarity.ms *.wistia.com *.hsforms.net *.litix.io *.hsforms.com *.ewebinar.com *.onetrust.com *.cookielaw.org *.acsbapp.com *.googleapis.com *.pimcore.org *.nr-data.net *.go-mpulse.net *.vidyard.com *.bioz.com *.google.com *.pardot.com *.google.com.ar app.qualified.com bat.bing.com *.cookiepro.com cookie-cdn.cookiepro.com stats.g.doubleclick.net www.google-analytics.com www.googleadservices.com wss://ws.qualified.com; font-src 'self' *.fluidigm.com *.standardbio.com assets.calendly.com *.calendly.com *.wistia.com *.hsforms.net *.hsforms.com acsbapp.com *.bioz.com fonts.gstatic.com; frame-src 'self' *.linkedin.com *.pardot.com *.google.com *.fluidigm.com *.standardbio.com https://assets.calendly.com https://calendly.com *.wistia.com *.hsforms.net *.hsforms.com *.ewebinar.com hdmz-internal.firebaseapp.com *.icims.com app.qualified.com go.fluidigm.com play.vidyard.com *.ceros.com *.bioz.com; img-src 'self' * data: ; manifest-src 'self' *.standardbio.com assets.calendly.com *.calendly.com *.hsforms.net *.hsforms.com *.fluidigm.com; media-src 'self' *.standardbio.com assets.calendly.com *.calendly.com *.wistia.com *.hsforms.net *.hsforms.com *.fluidigm.com *.vidyard.com *.qualified.com blob: ; worker-src 'none'; 1
default-src 'self' https://cdn.finnair.com https://pay.finnair.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.finnair.com *.googletagmanager.com https://tagmanager.google.com *.google-analytics.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://www.google.com https://www.googleadservices.com https://bat.bing.com https://*.akamaihd.net https://*.go-mpulse.net https://*.quantummetric.com https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://connect.facebook.net https://www.dwin1.com https://cdn.smartvel.com https://finnair.3dseatmapvr.com https://*.travelaudience.com https://*.reactandshare.com https://snap.licdn.com https://finnair.my.salesforce-sites.com https://*.hotjar.com https://*.ads-twitter.com; style-src 'self' 'unsafe-inline' *.finnair.com https://*.force.com https://*.salesforce.com https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://cdn.smartvel.com https://finnair.3dseatmapvr.com https://*.reactandshare.com https://finnair.my.salesforce-sites.com; img-src 'self' data: *.finnair.com *.google-analytics.com https://*.ytimg.com https://*.akamaihd.net https://*.akstat.io https://www.googletagmanager.com https://maps.googleapis.com https://*.gstatic.com https://*.google.com https://www.google.fi https://www.google.se https://www.google.co.uk https://www.google.de https://www.google.es https://www.google.it *.doubleclick.net https://www.googleadservices.com https://*.analytics.google.com https://www.facebook.com https://www.awin1.com https://www.dwin1.com https://cdn.smartvel.com https://bat.bing.com https://finnair.3dseatmapvr.com https://*.travelaudience.com https://*.reactandshare.com https://px.ads.linkedin.com https://*.ads-twitter.com https://*.ads-api.twitter.com https://analytics.twitter.com https://t.co https://script.hotjar.com https://play-lh.googleusercontent.com https://ade.googlesyndication.com https://cms-scdn.airtime.geemedia.com; manifest-src 'self' https://cdn.finnair.com; font-src 'self' data: https://cdn.finnair.com https://maps.googleapis.com https://*.gstatic.com https://cdn.smartvel.com https://cdn-qa.smartvel.com https://*.reactandshare.com https://script.hotjar.com; connect-src 'self' *.finnair.com https://sentry.io https://*.akamaihd.net https://*.akstat.io https://c.go-mpulse.net https://*.force.com https://search-api.swiftype.com https://finnair-app.quantummetric.com *.google-analytics.com *.doubleclick.net https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://www.google.fi https://www.google.se https://www.google.co.uk https://www.google.de https://www.google.es https://www.google.it https://www.facebook.com https://green.am.apps.avarko.com https://*.aurinkomatkat.fi https://api.smartvel.com https://cdn.smartvel.com https://finnair.3dseatmapvr.com https://finnair-app-search.ent.eu-central-1.aws.cloud.es.io https://*.reactandshare.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://*.ads-twitter.com https://*.ads-api.twitter.com https://*.analytics.twitter.com https://finnair.my.salesforce-sites.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com; child-src 'self' https://paygw.finnair.com https://auth.finnair.com https://www.youtube.com https://api.finnair.com https://www.facebook.com https://staticxx.facebook.com blob:; frame-src 'self' https://*.force.com https://*.salesforce.com https://paygw.finnair.com https://auth.finnair.com https://www.youtube.com https://api.finnair.com https://api-dev.finnair.com https://api-test.finnair.com https://api-preprod.finnair.com https://3530909.fls.doubleclick.net https://www.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://finnair.eu.qualtrics.com https://www.facebook.com https://*.points.com https://13389050.fls.doubleclick.net https://vars.hotjar.com; worker-src 'self' https://finnair.3dseatmapvr.com blob:; sandbox allow-popups allow-forms allow-scripts allow-same-origin allow-modals allow-popups-to-escape-sandbox allow-top-navigation allow-downloads; frame-ancestors 'self'; object-src 'none'; media-src https://finnair.3dseatmapvr.com; 1
frame-ancestors 'self' https://manage.bulktransporter.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-src *.pff.com www.facebook.com www.youtube.com 1
default-src 'self'; img-src * https://*.hsforms.net https://*.hsforms.com data:; font-src https://*; frame-src https://console.us.amfg.ai   https://*.exone.com https://player.vimeo.com/ https://*.cookiebot.com https://*.sharethis.com youtube.com https://www.google.com https://www.youtube.com https://*.hsforms.net https://*.hsforms.com 'self'; script-src https://console.us.amfg.ai https://*.exone.com https://*.cloudflare.com https://*.hsadspixel.net https://*.hscollectedforms.net https://*.hs-banner.com https://*.hs-analytics.net https://*.hs-scripts.com https://*.hsforms.net https://*.hsforms.com https://*.google-analytics.com https://*.sharethis.com https://*.cookiebot.com https://use.fontawesome.com https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://googleads.g.doubleclick.net *.googleapis.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src https://*.cloudflare.com https://*.sharethis.com https://*.cookiebot.com *.googleapis.com https://use.fontawesome.com 'self' 'unsafe-inline';connect-src *.googleapis.com https://*.google.com https://googleads.g.doubleclick.net https://*.cookiebot.com https://*.crwdcntrl.net https://*.sharethis.com https://*.exone.com https://*.google-analytics.com https://*.doubleclick.net https://*.hscollectedforms.net https://*.hubapi.com https://*.hsforms.com 'self'; frame-ancestors 'self'; child-src https://*.hsforms.com 'self'; 1
default-src blob: 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://accounts.paytm.com/ https://sig.paytm.com/  insurance-blog-cms.s3.ap-south-1.amazonaws.com/ insurance-blog-cms.paytminsurance.co.in/ ; img-src * 'unsafe-inline' data:; frame-src data: mailto: tel: 'unsafe-inline' *;font-src * data: 'unsafe-inline' https://fonts.googleapis.com/; style-src-elem * 'unsafe-inline'; connect-src * data: 'unsafe-inline'; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.paytm.com/ https://sig.paytm.com/ https://fonts.googleapis.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://www.googletagmanager.com/ https://www.googleadservices.com/ fonts.gstatic.com/ insurance-blog-cms.s3.ap-south-1.amazonaws.com/ insurance-blog-cms.paytminsurance.co.in/  https://static.addtoany.com/ https://cdn.ampproject.org/ https://webappsstatic.paytm.com/ 1
frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.cloudflare.com *.wp.com *.vimeo.com *.wpcomstaging.com *.polyfill.io polyfill.io *.piwik.pro *.akamai.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.gstatic.com *.googletagmanager.com *.vercel.app *.vercel.live; font-src 'self' fonts.googleapis.com fonts.gstatic.com; 1
default-src 'self' 'unsafe-inline' www.google-analytics.com *.google.com *.azureedge.net *.dynamics.com cdn.cookielaw.org *.onetrust.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google.com *.googleadservices.com *.doubleclick.net cdnjs.cloudflare.com s7.addthis.com *.azureedge.net *.dynamics.com cdn.cookielaw.org; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' 'unsafe-inline' *.google.com *.google.tn *.google.co.jp *.google.ch *.doubleclick.net *.googleadservices.com *.azureedge.net *.dynamics.com cdn.cookielaw.org *.onetrust.com data: ; frame-src www.youtube-nocookie.com www.youtube.com *.doubleclick.net; frame-ancestors 'none'; connect-src 'self' 'unsafe-inline' www.google-analytics.com *.google.com *.azureedge.net *.dynamics.com cdn.cookielaw.org *.onetrust.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; upgrade-insecure-requests; connect-src 'self' https://wp-static.assets.sh https://notify.bugsnag.com https://sessions.bugsnag.com https://api.pirsch.io https://ensembles.org https://createsend.com; font-src 'self' data: https://wp-static.assets.sh; frame-src 'self' https://player.vimeo.com https://www.youtube-nocookie.com https://www.youtube.com https://www.formpl.us/ https://form.jotform.com/ https://eu-submit.jotform.com/ https://tally.so/ https://meeting.teamleader.eu/ https://www.vectera.com/ https://docs.google.com/; img-src 'self' data: https://wp.assets.sh https://wp-assets-sh.imgix.net https://wp-static.assets.sh https://i.vimeocdn.com https://i.ytimg.com https://muhka-ensembles.imgix.net; manifest-src 'self' https://wp-static.assets.sh; media-src 'self' https://wp.assets.sh https://wp-assets-sh.imgix.net https://wp-static.assets.sh https://download-video.akamaized.net https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://player.vimeo.com https://vimeo.com https://vod-progressive.akamaized.net; object-src 'self'; script-src 'self' 'unsafe-inline' https://wp-static.assets.sh https://d2wy8f7a9ursnm.cloudfront.net/v6/bugsnag.min.js https://api.pirsch.io https://player.vimeo.com https://*.g.doubleclick.net https://js.createsend1.com; style-src 'self' 'unsafe-inline' https://wp-static.assets.sh; worker-src 'self' https://wp-static.assets.sh; frame-ancestors 'none'; form-action 'self' https://www.createsend.com; report-uri https://mrhenry.report-uri.com/r/d/csp/enforce 1
default-src 'self'; script-src 'self' 'sha256-i0BLaSuCwbzttKzuV2anXso3xxU3hCVrQy8bl9pLOzQ=' 'sha256-uzdGG2xsIVTl4468n3cKjno28482P83cNupB2mJP4UI='; font-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; child-src 'self'; 1
default-src 'self'; img-src 'self' blob: data: http: https: *.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http https: *.google.com; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; frame-src 'self' data: http: https: *.maphub.net; connect-src 'self' http: https: maps.googleapis.com 1
frame-src https://*.google.com https://*.kudoscasino.com https://*.redcherry.casino https://*.youtube.com https://*.vimeo.com https://lobby.kudoscasino.com:3072 https://cdk.redcherry.casino:2072 https://plugins.tawk.to https://embed.tawk.to 1
default-src 'self'; img-src 'self' data: https://consent.trustarc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.gstatic.com https://consent.trustarc.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://fonts.googleapis.com/icon https://fonts.gstatic.com/s; frame-src 'self' https://iframe.videodelivery.net/  https://consent-pref.trustarc.com/ https://www.google.com https://*.vancopayments.com; font-src 'self' https://consent.trustarc.com/get https://fonts.gstatic.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://www.youtube.com blob: https://www.pinterest.com https://www.pinterest.co.uk https://ct.pinterest.com https://gum.criteo.com https://fledge.eu.criteo.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.contentsquare.net https://analytics.tiktok.com https://ct.pinterest.com https://*.criteo.com https://*.criteo.net https://sgtm.myvegan.ie; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.myvegan.ie https://checkout.myvegan.ie https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://cdn.trackjs.com https://*.contentsquare.net https://app.contentsquare.com https://analytics.tiktok.com https://*.ibytedtos.com https://s.pinimg.com https://static.criteo.net https://*.criteo.com https://lantern.roeyecdn.com https://sgtm.myvegan.ie; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self'; script-src 'self' *.bostonsoftware.com *.singlepointrating.com https://js.stripe.com/v3/fingerprinted/js/trusted-types-checker-239db17d86d6320632b024ca9e43ba9c.js https://js.stripe.com/v3/fingerprinted/js/phone-numbers-lib-12ff6fba58e6c35240f70bcada1d1c6d.js https://js.stripe.com/v3 https://ajax.googleapis.com https://www.googletagmanager.com/gtag/js https://www.socialintents.com https://www.google-analytics.com http://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js; img-src 'self' data:; connect-src 'self' https://www.google-analytics.com;; frame-src 'self' *.bostonsoftware.com https://js.stripe.com https://www.socialintents.com; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://www.socialintents.com/assets/css/si-include-chat.min.css https://fonts.googleapis.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; worker-src 'self'; 1
style-src 'self'  'unsafe-inline' 'unsafe-eval' *.social9.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.com.co *.ckeditor.com  *.twitter.com *.gstatic.com *.cloudfront.net  *.cloudflare.com *.guarumo.com *.amazonaws.com eye.rd.services *.smartdataautomation.com *.bancoldex.com *.googleapis.com; style-src-elem 'self'  'unsafe-inline' 'unsafe-eval' *.social9.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.com.co *.ckeditor.com  *.twitter.com *.gstatic.com *.cloudfront.net  *.cloudflare.com *.guarumo.com *.amazonaws.com eye.rd.services *.smartdataautomation.com *.bancoldex.com *.googleapis.com; script-src 'self'  'unsafe-inline' 'unsafe-eval' https://www.googleoptimize.com *.social9.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.com.co *.ckeditor.com  *.twitter.com *.gstatic.com *.cloudfront.net  *.cloudflare.com *.guarumo.com *.amazonaws.com eye.rd.services *.smartdataautomation.com *.bancoldex.com *.googleapis.com; script-src-elem 'self'  'unsafe-inline' 'unsafe-eval' *.social9.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.com.co *.ckeditor.com  *.twitter.com *.gstatic.com *.cloudfront.net  *.cloudflare.com *.guarumo.com *.amazonaws.com eye.rd.services *.smartdataautomation.com *.bancoldex.com *.googleapis.com *.googleoptimize.com *.tweetnacl.js.org *.bundle.run cdn.jsdelivr.net *.facebook.net https://tweetnacl.js.org https://bundle.run https://botai.smartdataautomation.com; 1
default-src 'self' https://cdn.freshbots.ai/;                    script-src 'unsafe-inline' 'unsafe-eval' 'self' https://kit.fontawesome.com/ https://as-dev-ktt-webresources.azureedge.net/  https://ktt-webresources.azureedge.net/ http://stats.pusher.com/ https://www.freshbots.ai/ https://cdn.freshbots.ai https://www.googleadservices.com  https://www.googletagmanager.com https://www.1account.net https://www.google.com https://www.gstatic.com https://js.stripe.com https://checkout.stripe.com http://cdn.mailerlite.com https://radiate.azureedge.net http://static.mailerlite.com https://platform.twitter.com https://cdn.syndication.twimg.com/ https://www.google.com http://www.google-analytics.com https://analytics.twitter.com https://cdn.freshbots.ai/ https://s3.amazonaws.com https://d36mpcpuzc4ztk.cloudfront.net https://lateralpayments.com/;                    frame-src 'self' https://www.youtube.com/ https://cdn.freshbots.ai https://www.googleadservices.com  https://www.googletagmanager.com https://www.1account.net https://www.google.com https://klubfunder.freshdesk.com https://www.facebook.com/ https://platform.twitter.com https://syndication.twitter.com/ https://js.stripe.com/ https://m.facebook.com/ https://www.youtube.com/ https://lateralpayments.com/;                    style-src 'self' 'unsafe-inline' https://psni-webresources.azureedge.net/ https://as-dev-ktt-webresources.azureedge.net/ https://ktt-webresources.azureedge.net/  https://maxcdn.bootstrapcdn.com.min.css https://cdn.freshbots.ai https://www.googleadservices.com  https://www.googletagmanager.com https://www.1account.net https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://platform.twitter.com https://radiate.azureedge.net https://s3.amazonaws.com https://assets1.chat.freshdesk.com https://ton.twimg.com https://fonts.googleapis.com https://d36mpcpuzc4ztk.cloudfront.net https://lateralpayments.com/;                                                                        img-src 'self' data: https://s3.amazonaws.com/ https://cdn.freshbots.ai https://klubfunderstoragesys.blob.core.windows.net https://killerz.blob.core.windows.net https://as-sys-klubfunder.azurewebsites.net/ https://kttdevqueuestorage.blob.core.windows.net https://kttppdqueuestorage.blob.core.windows.net https://kttpublicprodstorage.blob.core.windows.net https://kttprodstorage.blob.core.windows.net https://static.mailerlite.com http://t.co https://track.mailerlite.com http://www.google-analytics.com https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://abs.twimg.com https://stats.g.doubleclick.net https://ton.twimg.com https://as-dev-klubfunder.azurewebsites.net/ https://placehold.it https://www.klubfunder.com/images/passporttemplate.jpg https://www.klubfunder.com/images/phototemplate.jpg https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif https://www.paypalobjects.com/en_US/i/btn/btn_donate_SM.gif https://www.paypalobjects.com/en_US/i/scr/pixel.gif https://lateralpayments.com/;                    media-src 'self' data: https://s3.amazonaws.com/ https://cdn.freshbots.ai https://klubfunderstoragesys.blob.core.windows.net https://killerz.blob.core.windows.net https://as-sys-klubfunder.azurewebsites.net/ https://static.mailerlite.com http://t.co https://track.mailerlite.com http://www.google-analytics.com https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://abs.twimg.com https://stats.g.doubleclick.net https://ton.twimg.com https://as-dev-klubfunder.azurewebsites.net https://placehold.it https://www.klubfunder.com/images/passporttemplate.jpg https://www.klubfunder.com/images/phototemplate.jpg https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif https://www.paypalobjects.com/en_US/i/btn/btn_donate_SM.gif https://www.paypalobjects.com/en_US/i/scr/pixel.gif https://lateralpayments.com/;                    font-src 'self' https://ka-f.fontawesome.com/ https://as-dev-ktt-webresources.azureedge.net/ https://cdn.freshbots.ai https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://lateralpayments.com/;                    connect-src 'self' https://ka-f.fontawesome.com/ wss://rts-us.freshworksapi.com ws://ws-mt1.pusher.com https://rts-us.freshworksapi.com/ https://www.freshbots.ai/ https://cdn.freshbots.ai https://region1.google-analytics.com https://ipgeolocation.abstractapi.com https://www.google-analytics.com https://as-dev-klubfunder.azurewebsites.net https://klubfunderstoragesys.blob.core.windows.net https://killerz.blob.core.windows.net https://as-sys-klubfunder.azurewebsites.net/ https://lateralpayments.com/; 1
default-src 'self' www.recaptcha.net maps.google.com www.google.com wav-digital-6.saas.amadeus.com book.aircalin.com static.addtoany.com *.destygo.com *.mindsay.com *.laiye.com wss://*.mindsay.com wss://*.laiye.com fonts.googleapis.com fonts.gstatic.com player.vimeo.com www.booking.com www.youtube-nocookie.com fo-syd.ttinteractive.com; connect-src 'self' app.termly.io www.googletagmanager.com connect.facebook.net book.aircalin.com digital-analytics.amadeus.com *.mindsay.com bom.destygo.com destygo.com widget.destygo.com widget.chatbot.laiye.com widget.chatbot.eu-central-1.laiye.com widget-socket.chatbot.eu-central-1.laiye.com widget-events.chatbot.eu-central-1.laiye.com fluentd.chatbot.eu-central-1.laiye.com widget.chatbot.eu-west-3.laiye.com widget-socket.chatbot.eu-west-3.laiye.com widget-events.chatbot.eu-west-3.laiye.com fluentd.chatbot.eu-west-3.laiye.com www.recaptcha.net www.gstatic.com www.google-analytics.com app-script.monsido.com beacon.sojern.com aff.bstatic.com cf.bstatic.com fonts.googleapis.com wss://widget-socket.mindsay.com *.lottiefiles.com stats.g.doubleclick.net *.hotjar.com *.hotjar.io wss://wsp17.hotjar.com stats.addtoany.com region1.google-analytics.com wss://ws.hotjar.com analytics.google.com region1.analytics.google.com pixel.quantcount.com ct.pinterest.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com data:; frame-src *; img-src 'self' www.google.com www.google.com.ua adservice.google.com adservice.google.com.ua pixel.sojern.com tracking.monsido.com cm.g.doubleclick.net cdn.jsdelivr.net ib.adnxs.com match.adsrvr.org ad.doubleclick.net images.mindsay.com data: ssl.gstatic.com www.gstatic.com static.hotjar.com script.hotjar.com fcmatch.google.com www.google.fr fcmatch.youtube.com www.facebook.com www.googletagmanager.com www.google-analytics.com pixel.quantserve.com ct.pinterest.com c1.adform.net https://www.google-analytics.com https://www.googletagmanager.com; script-src 'self' 'unsafe-eval' app.termly.io www.googletagmanager.com connect.facebook.net book.aircalin.com digital-analytics.amadeus.com *.mindsay.com destygo.com widget.destygo.com widget.chatbot.laiye.com widget.chatbot.eu-central-1.laiye.com widget-socket.chatbot.eu-central-1.laiye.com widget-events.chatbot.eu-central-1.laiye.com fluentd.chatbot.eu-central-1.laiye.com widget.chatbot.eu-west-3.laiye.com widget-socket.chatbot.eu-west-3.laiye.com widget-events.chatbot.eu-west-3.laiye.com fluentd.chatbot.eu-west-3.laiye.com www.recaptcha.net www.gstatic.com www.google-analytics.com app-script.monsido.com beacon.sojern.com aff.bstatic.com cf.bstatic.com wav-digital-6.saas.amadeus.com static.hotjar.com script.hotjar.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com mdbootstrap.com unpkg.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' app.termly.io www.googletagmanager.com connect.facebook.net book.aircalin.com digital-analytics.amadeus.com *.mindsay.com destygo.com widget.destygo.com widget.chatbot.laiye.com widget.chatbot.eu-central-1.laiye.com widget-socket.chatbot.eu-central-1.laiye.com widget-events.chatbot.eu-central-1.laiye.com fluentd.chatbot.eu-central-1.laiye.com widget.chatbot.eu-west-3.laiye.com widget-socket.chatbot.eu-west-3.laiye.com widget-events.chatbot.eu-west-3.laiye.com fluentd.chatbot.eu-west-3.laiye.com www.recaptcha.net www.gstatic.com www.google-analytics.com app-script.monsido.com beacon.sojern.com static.hotjar.com script.hotjar.com aff.bstatic.com cf.bstatic.com wav-digital-6.saas.amadeus.com s.pinimg.com secure.quantserve.com rules.quantcount.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com mdbootstrap.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' app.termly.io www.googletagmanager.com connect.facebook.net book.aircalin.com digital-analytics.amadeus.com *.mindsay.com destygo.com widget.destygo.com widget.chatbot.laiye.com widget.chatbot.eu-central-1.laiye.com widget-socket.chatbot.eu-central-1.laiye.com widget-events.chatbot.eu-central-1.laiye.com fluentd.chatbot.eu-central-1.laiye.com widget.chatbot.eu-west-3.laiye.com widget-socket.chatbot.eu-west-3.laiye.com widget-events.chatbot.eu-west-3.laiye.com fluentd.chatbot.eu-west-3.laiye.com www.recaptcha.net www.gstatic.com www.google-analytics.com app-script.monsido.com beacon.sojern.com aff.bstatic.com cf.bstatic.com wav-digital-6.saas.amadeus.com static.hotjar.com script.hotjar.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' app.termly.io www.googletagmanager.com connect.facebook.net book.aircalin.com digital-analytics.amadeus.com *.mindsay.com destygo.com widget.destygo.com widget.chatbot.laiye.com widget.chatbot.eu-central-1.laiye.com widget-socket.chatbot.eu-central-1.laiye.com widget-events.chatbot.eu-central-1.laiye.com fluentd.chatbot.eu-central-1.laiye.com widget.chatbot.eu-west-3.laiye.com widget-socket.chatbot.eu-west-3.laiye.com widget-events.chatbot.eu-west-3.laiye.com fluentd.chatbot.eu-west-3.laiye.com www.recaptcha.net www.gstatic.com www.google-analytics.com app-script.monsido.com beacon.sojern.com static.hotjar.com script.hotjar.com aff.bstatic.com cf.bstatic.com wav-digital-6.saas.amadeus.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com use.fontawesome.com; worker-src 'self' blob:; frame-ancestors 'self' 1
default-src * blob: data: 'unsafe-eval' 'unsafe-inline' 1
frame-ancestors 'self'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; font-src https://magemin.drinklink.bg/static/version1717999410/adminhtml/Magento/backend/bg_BG/ *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; style-src https://magemin.drinklink.bg/static/version1717999410/adminhtml/Magento/backend/bg_BG/ *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com releva.ai *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; form-action pay.google.com/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-src epg.dskbank.bg/ pay.google.com/ fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.weltpixel.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src www.googleadservices.com app.customerthermometer.com/ www.google.bg/ www.google.com/ https://drinklink.bg/media/catalog/product/cache/a986362bf9f3a81b168f5d83a1eab49f/image/ https://drinklink.bg/media/catalog/product/cache/1b53ac77024bc8e5a803edf0d8332db7/y/e/yeni-raki-ala_sq.png www.google.com www.google.bg www.google-analytics.com www.googletagmanager.com www.paypalobjects.com images.unsplash.com www.apptrian.com www.facebook.com www.sandbox.paypal.com https://app.customerthermometer.com/images/powered_by_ct@2x.png www.drinklink.bg/media/ https://drinklink.bg/media/favicon/websites/1/favicon.png https://drinklink.bg/media/catalog/product/ https://drinklink.bg/media/catalog/product/placeholder/ https://magemin.drinklink.bg/static/version1717999410/adminhtml/Magento/backend/bg_BG/images/magento-logo.svg https://zoolink.bg/media/favicon/stores/6/ https://zoolink.bg/media/catalog/product/ https://chicco.bg/media/favicon/websites/2/favicon.png https://chicco.bg/media/catalog/product/ https://magemin.drinklink.bg/ https://drinklink.bg/media/tmp/ https://horizonlives3.diageohorizon.com/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net bid.g.doubleclick.net analytics.google.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com facebook.com connect.facebook.net graph.facebook.com *.klarna.com *.klarnaevt.com *.klarnacdn.net b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; connect-src assets.adobedtm.com adobe.com googleads.g.doubleclick.net analytics.google.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com t.paypal.com s.ytimg.com vimeo.com vimeocdn.com youtube.com facebook.com connect.facebook.net graph.facebook.com avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com paypal.com releva.ai google.com gstatic.com tagmanager.google.com https://v2.zopim.com/?5jrbNgL7Q4MFVkTN5xFdeRBR3iV8JmSM www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com www.googleapis.com www.vimeo.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com www.facebook.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.google.com *.gstatic.com https://www.googletagmanager.com https://static.zdassets.com/ekr/asset_composer.js https://*.ingest.sentry.io https://get.geojs.io ekr.zdassets.com https://zdassets.com/ zdassets.com https://stats.g.doubleclick.net/j/collect stats.g.doubleclick.net/j/collect stats.g.doubleclick.net widget-mediator.zopim.com zopim.com wss://widget-mediator.zopim.com/s/W/ws/87-HdRIbU4fJSDw4/c/1716804674758 www.widget-mediator.zopim.com/ wss://widget-mediator.zopim.com/ https://magemin.drinklink.bg/static/version1717999410/adminhtml/Magento/backend/bg_BG/ dpm.demdex.net amcglobal.sc.omtrdc.net geo.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.klarnaevt.com *.avada.io *.braintree-api.com *.paypal.com *.cardinalcommerce.com localhost t.elasticsuite.io *.google-analytics.com *.facebook.net https://www.google-analytics.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com adobe.com googleads.g.doubleclick.net analytics.google.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com t.paypal.com s.ytimg.com vimeo.com vimeocdn.com youtube.com facebook.com connect.facebook.net graph.facebook.com avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com paypal.com releva.ai google.com gstatic.com tagmanager.google.com https://v2.zopim.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com www.googleapis.com www.vimeo.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com www.facebook.com https://cdn.polyfill.io https://browser.sentry-cdn.com .avada.io *.google.com *.gstatic.com https://www.googletagmanager.com https://ekr.zdassets.com/compose/zopim_chat/5jrbNgL7Q4MFVkTN5xFdeRBR3iV8JmSM https://static.zdassets.com/ekr/asset_composer.js https://*.ingest.sentry.io https://get.geojs.io ekr.zdassets.com/compose/zopim_chat/5jrbNgL7Q4MFVkTN5xFdeRBR3iV8JmSM ekr.zdassets.com *ekr.zdassets.com* https://zdassets.com/ zdassets.com wss://widget-mediator.zopim.com https://magemin.drinklink.bg/static/version1717999410/_cache/merged/e5bef323ff0594b4c0d48f4e2c812092.js https://magemin.drinklink.bg/static/version1717999410/adminhtml/Magento/backend/bg_BG/ https://drinklink.bg/mst_feed/export/execute?callback=jQuery3600024211919561433204_1719918422111&id=22&mode=new&rand=0.8089062990274962&_=1719918422112&isAjax=true *.adobe.com *.vimeocdn.com *.youtube.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.klarna.com *.klarnacdn.net *.avada.io *.paypal.com songbirdstag.cardinalcommerce.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
script-src 'self' 'unsafe-inline' *.eagenda.com.br *.minhaagendavirtual.com.br https://dwnwuns92srjq.cloudfront.net https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://code.jquery.com https://cdnjs.cloudflare.com *.googletagmanager.com https://www.google-analytics.com https://use.fontawesome.com https://nyc3.digitaloceanspaces.com https://connect.facebook.net https://cdn.ckeditor.com https://platform.linkedin.com https://platform.twitter.com https://cdn.kiprotect.com https://maps.googleapis.com https://ajax.googleapis.com https://cdn.syndication.twimg.com https://google-analytics.com https://unpkg.com *.gstatic.com *.google.com  *.googleadservices.com https://googleads.g.doubleclick.net https://d335luupugsy2.cloudfront.net https://hcaptcha.com https://*.hcaptcha.com *.paypal.com https://kit.fontawesome.com https://sdk.mercadopago.com https://suporte.mupisystems.com.br https://accounts.google.com/gsi/; manifest-src *.eagenda.com.br *.minhaagendavirtual.com.br; base-uri 'self'; form-action 'self' *.twitter.com https://accounts.google.com *.facebook.com/; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net *.googleapis.com *.rdstation.com.br https://hcaptcha.com https://*.hcaptcha.com *.paypal.com https://ka-f.fontawesome.com https://api.mercadopago.com https://pagead2.googlesyndication.com/ *.mupisystems.com.br ws://suporte.mupisystems.com.br https://accounts.google.com/gsi/; frame-src *.google.com https://www.youtube.com/ https://platform.twitter.com *.twitter.com https://hcaptcha.com https://*.hcaptcha.com *.paypal.com https://td.doubleclick.net/ https://accounts.google.com/gsi/; default-src 'none' 'nonce-jhqSW/JWtqLBUserLy5NNg=='; style-src 'self' 'unsafe-inline' *.minhaagendavirtual.com.br *.eagenda.com.br https://maxcdn.bootstrapcdn.com https://dwnwuns92srjq.cloudfront.net https://stackpath.bootstrapcdn.com https://nyc3.digitaloceanspaces.com https://fonts.googleapis.com https://pro.fontawesome.com https://cdnjs.cloudflare.com https://platform.twitter.com https://cdn.jsdelivr.net/npm https://ton.twimg.com https://hcaptcha.com https://*.hcaptcha.com cdn.jsdelivr.net https://suporte.mupisystems.com.br https://accounts.google.com/gsi/; img-src 'self' data: *.minhaagendavirtual.com.br *.eagenda.com.br https://dwnwuns92srjq.cloudfront.net https://www.facebook.com https://www.googletagmanager.com https://www.google-analytics.com https://nyc3.digitaloceanspaces.com https://cdn.awsli.com.br https://pbs.twimg.com https://abs.twimg.com https://www.google.com https://platform.twitter.com https://ton.twimg.com *.google.com *.google.com.br *.paypal.com https://googleads.g.doubleclick.net https://syndication.twitter.com https://suporte.mupisystems.com.br; frame-ancestors *; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com https://pro.fontawesome.com *.eagenda.com.br *.minhaagendavirtual.com.br https://ka-f.fontawesome.com https://suporte.mupisystems.com.br 1
frame-ancestors 'self' everlineshop.com *.everlineshop.com 1
upgrade-insecure-requests; base-uri 'self' md-scp.kampyle.com; default-src 'self'; worker-src 'self' blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com coverage.ddc.teliasonera.net cdn.decibelinsight.net collection.decibelinsight.net resources.digital-cloud.medallia.eu *.qelpcare.com wds.ace.teliacompany.com static.customersaas.com fello.humany.net cdn.cookielaw.org *.zopim.com *.zendesk.com md-scp.kampyle.com *.trustpilot.com *.google-analytics.com *.googletagmanager.com tagmanager.google.com *.googleadservices.com *.doubleclick.net collect.fello.se *.facebook.net valuesportal.com cdn.adt357.net gtm.adt313.net cnv.adt644.net *.adtr.io adtr.io *.adform.net *.adt357.net *.adii.io *.adii.se optimizely.teliacompany.com cdn.cookielaw.org/scripttemplates cdf6519016.cdn.adyen.com *.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.optimizely.teliacompany.com; style-src 'self' 'unsafe-inline' wds.ace.teliacompany.com fello.humany.net static.customersaas.com md-scp.kampyle.com resources.digital-cloud.medallia.eu tagmanager.google.com *.gstatic.com chat.ace.teliacompany.net; object-src 'self' data: ; font-src 'self' data: static.customersaas.com ace-knowledge-cdn.teliacompany.net fonts.gstatic.com fello.humany.net resources.digital-cloud.medallia.eu; connect-src 'self' 'unsafe-inline' ws: wss: websocket.domain collect.fello.se optimizely.teliacompany.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com fello.humany.net *.zopim.com *.zendesk.com *.qelpcare.com static.customersaas.com collection.decibelinsight.net se.trustpilot.com widget.trustpilot.com geolocation.onetrust.com privacyportal-de.onetrust.com cdn.cookielaw.org resources.digital-cloud.medallia.eu chat.ace.teliacompany.net chat2.ace.teliacompany.net api.ace.teliacompany.net udc-neb.kampyle.com md-scp.kampyle.com stats.g.doubleclick.net *.google-analytics.com pagead2.googlesyndication.com rum.browser-intake-datadoghq.eu session-replay.browser-intake-datadoghq.eu www.facebook.com connect.facebook.net api.adtraction.net cnv.adt644.net log.adtraction.fail https://logx.optimizely.teliacompany.com *.optimizely.teliacompany.com *.adt644.net *.adtr.io adtr.io *.adform.net *.adt357.net *.adii.io *.adii.se; img-src 'self' data: blob: 'unsafe-inline' *.fello.se esim.teliacompany.com fello.humany.net geolocation.onetrust.com cdn.cookielaw.org checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com cdf6519016.cdn.adyen.com i.ytimg.com s.ytimg.com udc-neb.kampyle.com md-scp.kampyle.com d35v9wsdymy32b.cloudfront.net resources.digital-cloud.medallia.eu *.googletagmanager.com www.google.com www.google.se translate.google.com www.gstatic.com maps.gstatic.com *.google-analytics.com *.doubleclick.net www.facebook.com log.adtraction.fail cdn.valuesportal.com horizon-cms.s3.eu-central-1.amazonaws.com adservice.google.com https://cdn.optimizely.teliacompany.com; frame-src 'self' *.youtube.com *.youtube-nocookie.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com coverage.ddc.teliasonera.net wds.ace.teliacompany.com resources.digital-cloud.medallia.eu se.trustpilot.com widget.trustpilot.com www.google.com *.googletagmanager.com tagmanager.google.com *.google-analytics.com www.facebook.com *.doubleclick.net optimizely.teliacompany.com https://a28416990214.cdn.optimizely.teliacompany.com https://a28416990214.cdn-pci.optimizely.teliacompany.com; media-src 'self' wds.ace.teliacompany.com data: ; child-src blob: ; report-uri /csp-report/v1/report?teamId=97fa7202-c461a51c-805d1e24 1
connect-src 'self' https://rpc1.bahamut.io https://api-js.mixpanel.com https://api2.amplitude.com/2/httpapi ws://ftnscan.com wss://ftnscan.com https://request-global.czilladx.com https://raw.githubusercontent.com/trustwallet/assets/ wss://*.bridge.walletconnect.org https://registry.walletconnect.org/data/wallets.json;        default-src 'self';        script-src 'self' 'unsafe-inline' 'unsafe-eval' https://coinzillatag.com https://www.google.com https://www.gstatic.com;        style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com;        img-src 'self' * data:;        media-src 'self' * data:;        font-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.gstatic.com data:;        frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://request-global.czilladx.com https://www.google.com; 1
frame-ancestors 'self' https://app.sync2fashion.com 1
script-src http: https: www.ilpasso.ro 'unsafe-inline' https://www.googletagmanager.com https://www.google.com/ https://event.2performant.com; style-src 'self' blob: https: 'unsafe-inline' www.ilpasso.ro; img-src data: http: https: www.googletagmanager.com https://event.2performant.com; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com *.fontawesome.com; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.googletagmanager.com *.hotjar.com *.google.com *.2performant.com lockerplugin.sameday.ro consentcdn.cookiebot.com; 1
default-src https: 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; font-src 'self' https: data:; img-src 'self' https: data:; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de osm.louis.de https://*.googleapis.com https://*.gstatic.com https://*.googleadservices.com https://www.googletagmanager.com https://tagmanager.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://td.doubleclick.net https://tpc.googlesyndication.com https://bat.r.msn.com https://bat.bing.com https://content.cptrack.de https://sale.cptrack.de https://widgets.trustedshops.com https://s.kk-resources.com https://s.kelkoogroup.net https://containertags.belboon.de https://j01l4h3n.com https://s2.adform.net https://track.adform.net https://*.google.com *.paypal.com *.quantummetric.com https://*.sentry.io x9t5he7.r.louis-moto.fr;style-src 'self' 'unsafe-inline' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googletagmanager.com https://fonts.googleapis.com https://tagmanager.google.com;font-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://fonts.gstatic.com;img-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://bat.r.msn.com https://bat.bing.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.ytimg.com https://*.google.com https://*.google.com.vn https://widgets.trustedshops.com https://www.trustedshops.com https://widgets.trustedshops.fr https://www.trustedshops.fr https://widgets.trustedshops.co.uk https://www.trustedshops.co.uk https://widgets.trustedshops.de https://www.trustedshops.de https://t.paypal.com https://www.google.de https://www.google.at https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.cz https://www.google.com.tr https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.it https://www.google.lu https://www.google.nl https://www.google.pl https://www.google.ro https://www.google.rs https://www.google.se https://www.google.si https://www.google.sk https://www.paypalobjects.com;frame-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googleadservices.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.vimeo.com/ *.paypal.com https://*.google.com https://*.quantummetric.com https://td.doubleclick.net x9t5he7.r.louis-moto.fr;frame-ancestors 'self';worker-src blob:;child-src blob:;report-uri /csp-violation-report; 1
frame-ancestors https://*.supermaxi.com 1
default-src 'self';font-src 'self' data: fonts.gstatic.com;img-src 'self' data: www.google-analytics.com *.g.doubleclick.net maps.gstatic.com maps.googleapis.com *.youtube.com cdn.cookielaw.org www.securitasmedia.com securitasmedia.com  www.googletagmanager.com  i.ytimg.com www.google.co.in https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;script-src www.youtube.com  az416426.vo.msecnd.net  'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org www.google-analytics.com maps.googleapis.com www.googletagmanager.com  dl.episerver.net www.youtube.com www.google.com www.gstatic.com https://*.googletagmanager.com;style-src 'self'  'unsafe-inline' fonts.googleapis.com dl.episerver.net;frame-src  www.youtube.com;media-src 'self';connect-src 'self'  cdn.cookielaw.org dc.services.visualstudio.com www.google-analytics.com stats.g.doubleclick.net maps.googleapis.comanalytics.google.com region1.analytics.google.com analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat maps.googleapis.com;frame-ancestors 'none' 'self'; 1
object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; form-action 3dsgate.borica.bg secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-src https://td.doubleclick.net/ fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com/ https://plumrocket.com *.weltpixel.com 'self' 'unsafe-inline'; connect-src www.google-analytics.com stats.g.doubleclick.net/j/ region1.analytics.google.com region1.google-analytics.com/g stats.g.doubleclick.net/g/ dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.ingest.sentry.io http://dpm.demdex.net https://www.google.com https://www.gstatic.com www.gstatic.com maps.googleapis.com https://www.google-analytics.com 'self' 'unsafe-inline'; img-src data: www.google.bg/pagead/ www.google.com/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.bg/ads/ga-audiences www.google.com/ads/ga-audiences smart-pixels.org googleads.g.doubleclick.net/ bat.bing.com/ ping.contactpigeon.com/ www.google.bg/ www.google.com/ www.googletagmanager.com/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com flagpedia.net *.gstatic.com 'self' 'unsafe-inline'; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com googleapis.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.fontawesome.com 'self' 'unsafe-inline'; style-src maxcdn.bootstrapcdn.com fonts.googleapis.com getfirebug.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com https://fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; script-src connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com ajax.cloudflare.com/cdn-cgi/scripts/ ssets.adobedtm.com secure.authorize.net test.authorize.net js.braintreegateway.com assets.adobedtm.com www.googleadservices.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com www.apptrian.com www.facebook.com graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.google.com/ https://www.googletagmanager.com tagmanager.google.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors sid-shop.com unsafe-inline 'self' 'unsafe-inline'; 1
default-src 'self';script-src 'unsafe-eval' 'unsafe-inline' 'self' consentcdn.cookiebot.com consent.cookiebot.com www.gstatic.com www.google.com bank.paysera.com cdnjs.cloudflare.com connect.facebook.net forms.soundestlink.com googleads.g.doubleclick.net omnisnippet1.com omnisrc.com soundest.net www.google-analytics.com www.googletagmanager.com www.paysera.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com cdnjs.cloudflare.com;object-src 'self';base-uri 'self';connect-src 'self' consentcdn.cookiebot.com stats.g.doubleclick.net forms.soundestlink.com pagead2.googlesyndication.com region1.analytics.google.com www.google-analytics.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;frame-src 'self' consentcdn.cookiebot.com www.google.com www.facebook.com td.doubleclick.net;img-src 'self' imgsct.cookiebot.com bank.paysera.com www.facebook.com www.google-analytics.com wt.soundestlink.com www.google.com www.google.lt www.paysera.com data:;manifest-src 'self';media-src 'self';worker-src 'self';frame-ancestors 'self' 1
block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests; 1
default-src * 'self' ellibertador.co *.ellibertador.co ; font-src 'self' data: *.googleapis.com *.ellibertador.co *.gstatic.com ;  script-src 'unsafe-inline' 'unsafe-eval' 'self' data: *.ellibertador.co *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.ellibertador.co; img-src data: 'self' googletagmanager.com *.googletagmanager.com *.cloudfront.net ;  object-src data: 'self' ;  frame-src data: *.google.com *.googletagmanager.com *.ellibertador.co ellibertador.co ; base-uri 'self'; 1
default-src 'self' 'unsafe-eval' http: https:  wss: data: blob: 'unsafe-inline' 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.goodjobkorean.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://media.growappy.com https://growappy.s3.amazonaws.com https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googletagmanager.com https://connect.facebook.net https://maps.googleapis.com https://pagead2.googlesyndication.com https://developers.google.com https://partner.googleadservices.com https://adservice.google.pt https://adservice.google.com https://tpc.googlesyndication.com https://appleid.cdn-apple.com; style-src 'self' 'unsafe-inline' https://growappy.s3.amazonaws.com https://media.growappy.com https://fonts.googleapis.com; img-src 'self' https://media.growappy.com https://growappy.s3.amazonaws.com https://www.facebook.com https://www.google.com https://www.google.pt https://www.googletagmanager.com https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://pagead2.googlesyndication.com data: blob:; connect-src 'self' https://region1.google-analytics.com https://region1.analytics.google.com https://www.growappy.com wss://www.growappy.com https://s3.eu-west-1.amazonaws.com https://growappy.s3-accelerate.amazonaws.com  https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://l.sharethis.com; font-src 'self' https://growappy-test.s3.amazonaws.com https://media.growappy.com https://fonts.gstatic.com data:; object-src 'self' https://media.growappy.com https://growappy.s3.amazonaws.com; media-src 'self' https://growappy.s3.amazonaws.com https://media.growappy.com; worker-src 'self' blob:; child-src 'self' blob:; form-action 'self' https://www.facebook.com; base-uri 'self'; manifest-src 'self'; frame-src 'self' https://media.growappy.com https://growappy.s3.amazonaws.com https://www.youtube.com https://www.facebook.com  https://www.google.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://appleid.cdn-apple.com; frame-ancestors 'self' https://www.growappy.com; 1
frame-ancestors 'self' https://sgo.indors.it; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.com.pt https://www.myheritage.com.pt  'nonce-371c2b072d37fbfd15da5b6f0163a257' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.com.pt;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
default-src 'self' *.doubleclick.net *.vimeo.com *.googlesyndication.com *.facebook.com *.monetate.net www.google.com *.worldpay.com *.criteo.com *.qualaroo.com www.youtube.com *.issuu.com www.instagram.com *.google.com *.emarsys.net *.onetrust.com *.criteo.net;  script-src 'self' *.cookielaw.org *.googlesyndication.com www.googleadservices.com *.googletagmanager.com *.cquotient.com *.monetate.net *.cloudflare.com unpkg.com *.zdassets.com *.bing.com www.google-analytics.com/analytics.js www.google-analytics.com/plugins/ua/ecommerce.js www.google-analytics.com/plugins/ua/ec.js maps.googleapis.com *.mondialrelay.com *.feefo.com *.worldpay.com *.px-cloud.net *.scarabresearch.com www.google.com www.gstatic.com *.criteo.net *.criteo.com *.crazyegg.com *.amazonaws.com *.facebook.net *.trustedshops.com *.qualaroo.com *.webgains.com *.webgains.io *.emarsys.net www.staging.pro-duo.be www.pro-duo.be www.instagram.com *.onetrust.com *.google.com *.clarity.ms *.cdn-apple.com 'unsafe-inline' 'unsafe-eval' blob:;  img-src 'self' *.salesforce.com www.paypalobjects.com *.monetate.net *.demandware.net *.bing.com www.google.com www.google.com.ua www.google-analytics.com maps.gstatic.com maps.googleapis.com *.salon-services.com *.feefo.com *.cloudfront.net *.trustedshops.com *.mondialrelay.com *.tapad.com *.criteo.com *.smaato.net *.yieldmo.com *.rubiconproject.com *.advertising.com *.mgid.com *.liadm.com *.yahoo.com *.openx.net *.addthis.com *.doubleclick.net *.outbrain.com *.yieldlab.net *.bidswitch.net *.smartadserver.com *.3lift.com *.taboola.com *.360yield.com *.teads.tv *.pubmatic.com *.casalemedia.com *.mgid.com *.media.net *.omnitagjs.com *.adform.net *.twiago.com *.adnxs.com *.adscale.de *.socdm.com *.sharethrough.com *.stickyadstv.com *.rlcdn.com *.ivitrack.com *.e-planning.net *.smartclip.net *.ad-stir.com *.clmbtech.com *.tremorhub.com *.demdex.net *.postrelease.com *.facebook.com *.google.com *.openstreetmap.org *.emarsys.net *.crazyegg.com *.bluekai.com www.staging.pro-duo.be www.pro-duo.be *.gstatic.com *.clarity.ms id5-sync.com *.dmxleo.com *.thebrighttag.com *.crwdcntrl.net data:;  font-src 'self' *.googleapis.com *.monetate.net *.gstatic.com *.cdn-apple.com data:;  style-src 'self' 'unsafe-inline' *.googleapis.com unpkg.com *.monetate.net *.mondialrelay.com *.worldpay.com;  connect-src 'self' *.criteo.com *.cookielaw.org *.googlesyndication.com *.google.com *.monetate.net *.zendesk.com *.crazyegg.com *.zdassets.com *.google-analytics.com *.feefo.com *.doubleclick.net *.crazyegg.com *.mondialrelay.com *.scarabresearch.com *.emarsys.net *.px-cdn.net *.px-cloud.net *.edq.com *.bing.com *.onetrust.com *.clarity.ms *.googleapis.com;  media-src 'self' 1
frame-ancestors 'self' https://*.countrylife.ie https://*.tirlanfarmlife.com 1
frame-ancestors 'self' https://*.salesforce.com https://*.force.com 1
frame-ancestors 'self' powerapps.com *.powerapps.com *.azureedge.net *.windows.net 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-3zJIW3lP6wc9qk_SAg2Xow' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-src 'self' mailto: tel: consent-pref.trustarc.com kinectrics.com *.kinectrics.com *.craftcms.com sketchfab.com fast.wistia.com fast.wistia.net js.driftt.com newassets.hcaptcha.com www.youtube.com www.youtube-nocookie.com www.google.com td.doubleclick.net bid.g.doubleclick.net; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com kinectrics.com *.kinectrics.com *.motumdev.com *.wistia.com *.wistia.net js.driftt.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com maps.google.com unpkg.com *.clarity.ms *.actonsoftware.com pi.pardot.com js.hcaptcha.com tags.tiqcdn.com tag.aticdn.net cdn.cookielaw.org snap.licdn.com code.jquery.com www.google.com www.youtube.com static.sketchfab.com googleads.g.doubleclick.net cdn.jsdelivr.net www.gstatic.com widget.intercom.io bat.bing.com connect.js.intercomcdn.com cdnjs.cloudflare.com www.googleadservices.com *.trustarc.com https://static.hotjar.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' blob: kinectrics.com *.kinectrics.com *.wistia.com *.wistia.net fonts.googleapis.com cloud.typography.com cdn.jsdelivr.net https://static.hotjar.com https://script.hotjar.com; object-src 'self'; base-uri 'self'; media-src 'self' blob: data: 'unsafe-inline' kinectrics.com *.kinectrics.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net; font-src 'self' data: kinectrics.com *.kinectrics.com *.wistia.com fonts.gstatic.com fonts.intercomcdn.com *.trustarc.com https://script.hotjar.com; connect-src data: 'self' kinectrics.com *.kinectrics.com cdn.cookielaw.org *.tealiumiq.com *.onetrust.com *.motumdev.com www.google-analytics.com maps.googleapis.com maps.google.com *.wistia.com *.akamaihd.net stats.g.doubleclick.net *.clarity.ms *.craftcms.com cdn.linkedin.oribi.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; 1
frame-ancestors  'self' https://www.eduleverse.com/  https://eduleverse.com/ https://www.eduleresource.com/ https://www.learning.moe.edu.sg/  https://vle.sandbox.sls.moe.edu.sg/ 1
frame-ancestors 'self'  https://*.house.gov; form-action 'self' https://*.house.gov https://congress.gov https://www.congress.gov https://www.google.com https://vekeo.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net https://js.arcgis.com https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://use.fontawesome.com https://www.google.com https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://maps.google.com https://cse.google.com https://ajax.googleapis.com https://maps.googleapis.com https://video.teleforumonline.com https://platform.twitter.com https://widgets.twimg.com https://cdn.syndication.twimg.com https://static.sk.facebook.com https://connect.facebook.net https://www.instagram.com/embed.js https://js.arcgis.com https://video.foxbusiness.com https://rumble.com https://code.jquery.com https://platform-api.sharethis.com https://ws.sharethis.com https://s7.addthis.com; object-src 'none';; upgrade-insecure-requests 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://openbiblio.social; img-src 'self' https: data: blob: https://openbiblio.social; style-src 'self' https://openbiblio.social 'nonce-l88P9to0yGDb7jDMLOp34A=='; media-src 'self' https: data: https://openbiblio.social; frame-src 'self' https:; manifest-src 'self' https://openbiblio.social; form-action 'self'; child-src 'self' blob: https://openbiblio.social; worker-src 'self' blob: https://openbiblio.social; connect-src 'self' data: blob: https://openbiblio.social https://openbiblio.social wss://openbiblio.social; script-src 'self' https://openbiblio.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://*.linnovate.net https://*.elementor.cloud https://haretzion.org 1
default-src 'none';  object-src 'none';  img-src 'self' *.asap-utilities.com *.trustpilot.com *.cookiebot.com *.linkedin.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat ;  style-src 'self' https://*.asap-utilities.com https://*.trustpilot.com https://*.cookiebot.com https://fonts.googleapis.com https://*.google.com 'unsafe-inline';  script-src 'self' 'nonce-4fd19ebb92cfa1cf86c40c8200f164d327352bd25ed312bf3d75142c80ed65ec' 'strict-dynamic' 'unsafe-inline' *.asap-utilities.com *.trustpilot.com *.cookiebot.com  https://*.googletagmanager.com connect.facebook.net  snap.licdn.com cse.google.com/cse/cse.js www.google.com/cse/cse.js www.google.com/cse/static/ cse.google.com/adsense/search/  ;  base-uri 'self' *.asap-utilities.com *.trustpilot.com *.cookiebot.com;  font-src 'self' fonts.googleapis.com fonts.gstatic.com;  form-action 'self' shop.asap-utilities.com order.mycommerce.com widget.trustpilot.com;  frame-src 'self' widget.trustpilot.com consentcdn.cookiebot.com td.doubleclick.net https://www.facebook.com;  frame-ancestors 'none';  connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com consentcdn.cookiebot.com *.ads.linkedin.com *.googlesyndication.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://kde.social; img-src 'self' https: data: blob: https://kde.social; style-src 'self' https://kde.social 'nonce-PHdiySk13gzWtUVPzU6oNg=='; media-src 'self' https: data: https://kde.social; frame-src 'self' https:; manifest-src 'self' https://kde.social; form-action 'self'; child-src 'self' blob: https://kde.social; worker-src 'self' blob: https://kde.social; connect-src 'self' data: blob: https://kde.social https://cdn.masto.host wss://kde.social; script-src 'self' https://kde.social 'wasm-unsafe-eval' 1
default-src 'self' https://www.mbk-center.co.th; script-src 'self' 'unsafe-eval' https://www.mbk-center.co.th https://cookiecdn.com https://maxcdn.bootstrapcdn.com https://analytics.google.com https://kendo.cdn.telerik.com https://code.jquery.com https://buttons-config.sharethis.com https://www.googleadservices.com https://cdnjs.cloudflare.com https://www.w3schools.com https://ajax.googleapis.com https://mreq.github.io https://www.recaptcha.net https://www.googletagmanager.com https://www.youtube.com https://www.gstatic.com https://www.google-analytics.com https://maps.googleapis.com https://platform-api.sharethis.com https://cdn.datatables.net https://unpkg.com/html5-qrcode 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.mbk-center.co.th https://code.jquery.com https://use.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://mreq.github.io https://cdn.datatables.net; style-src 'self' 'unsafe-inline' https://mbk-center.co.th https://www.mbk-center.co.th https://code.jquery.com https://use.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://mreq.github.io https://cdn.datatables.net; img-src 'self' data: https: https://mbk-center.co.th https://www.mbk-center.co.th https://www.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com https://code.jquery.com https://platform-cdn.sharethis.com https://static-ugd.forvizdev.com https://www.google.com https://www.google.co.th https://*.paradisepark.co.th https://mreq.github.io https://www.google-analytics.com; connect-src 'unsafe-inline' https://l.sharethis.com https://api.cookiewow.com https://paradisepark.co.th https://mbk-center.co.th https://www.mbk-center.co.th https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.mbk-center.co.th https://*.paradisepark.co.th https://stats.g.doubleclick.net https://maps.googleapis.com; font-src 'self' https://mbk-center.co.th https://www.mbk-center.co.th https://fonts.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://mreq.github.io https://use.fontawesome.com https://use.fontawesome.com; frame-src https://www.recaptcha.net https://www.youtube.com https://td.doubleclick.net; 1
default-src 'self' https:; base-uri 'self'; object-src 'none'; report-uri /umbraco/api/cspreport/cspreport; manifest-src 'self'; script-src 'strict-dynamic' 'nonce-8UZ8FpNyKpxpMwEwdYMZ/oYRiF9J0CjXY+/iTjpbsf8=' 'unsafe-inline' *.lmiforall.org.uk *.flickr.com *.spotify.com *.facebook.net *.discoveruni.gov.uk discoveruni.gov.uk *.twimg.com *.twitter.com *.jsdelivr.net *.tawk.to *.googletagmanager.com *.google-analytics.com; script-src-elem 'self' 'strict-dynamic' 'nonce-8UZ8FpNyKpxpMwEwdYMZ/oYRiF9J0CjXY+/iTjpbsf8=' 'unsafe-inline' *.lmiforall.org.uk *.flickr.com *.discoveruni.gov.uk discoveruni.gov.uk *.twitter.com *.tawk.to *.googletagmanager.com *.google-analytics.com *.twimg.com *.jsdelivr.net *.googleapis.com *.spotify.com *.facebook.net; media-src 'self' *.lmiforall.org.uk *.tawk.to *.vimeo.com *.akamaized.net; connect-src 'self' apikeys.civiccomputing.com maps.googleapis.com embedr.flickr.com prod-discoveruni.azure-api.net *.google-analytics.com *.tawk.to wss://*.tawk.to *.doubleclick.net; img-src 'self' data: *.lmiforall.org.uk *.staticflickr.com *.spotify.com *.facebook.com *.twimg.com *.google.com *.google.co.uk *.tawk.to *.twitter.com *.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com; frame-src 'self' *.tiktok.com *.lmiforall.org.uk avlive.apprenticeships.org.uk *.google.com *.youtube.com *.youtube-nocookie.com *.twitter.com *.tawk.to *.spotify.com *.facebook.com *.vimeo.com horsemonkey.com; style-src 'self' 'unsafe-inline' *.lmiforall.org.uk *.googleapis.com *.tawk.to *.twimg.com; style-src-elem 'self' 'unsafe-inline' *.ttwstatic.com *.lmiforall.org.uk *.googleapis.com *.tawk.to *.twitter.com *.twimg.com; font-src 'self' *.lmiforall.org.uk *.tawk.to *.gstatic.com; frame-ancestors 'self'; form-action 'self' *.lmiforall.org.uk *.twitter.com; 1
default-src 'self' googleads.g.doubleclick.net polantis-com-data-dev.s3-eu-west-1.amazonaws.com polantis-com-data.s3-eu-west-1.amazonaws.com polantis-com-data.s3.eu-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com c.statcounter.com secure.statcounter.com www.google-analytics.com code.highcharts.com pagead2.googlesyndication.com cdn.datatables.net use.fontawesome.com cdn.rawgit.com maps.googleapis.com connect.facebook.net www.polantis.info new.polantis.com www.google.com www.google.fr www.gstatic.com https://rawgithub.com/phpepe/highcharts-regression/master/highcharts-regression.js https://rawgit.com/phpepe/highcharts-regression/master/highcharts-regression.js www.googletagmanager.com cdn.jsdelivr.net cdn.mouseflow.com; object-src 'self' s.ytimg.com i.ytimg.com s.youtube.com www.youtube.com *.googlevideo.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com fonts.googleapis.com cdn.datatables.net https://cdn.rawgit.com/morteza/bootstrap-rtl/v3.4.0/dist/css/bootstrap-rtl.min.css www.polantis.info use.fontawesome.com www.gstatic.com; img-src 'self' data: images.polantis.com data.polantis.com s3-eu-west-1.amazonaws.com www.google-analytics.com c.statcounter.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com csi.gstatic.com www.facebook.com www.polantis.info www.google.com www.google.fr randomuser.me/api/ cdnjs.cloudflare.com polantiscomimages.s3-eu-west-1.amazonaws.com polantis-com-data.s3-eu-west-1.amazonaws.com polantis-com-data-dev.s3.eu-west-1.amazonaws.com data2.polantis.com http://bimobject-dev.ad.bimobject.com http://bimobject-staging.ad.bimobject.com www.bimobject.com bimobject.com https://classic.bimobject.com https://admincontent.bimobject.com https://accounts.bimobject.com https://accounts-dev.ad.bimobject.com https://accounts-staging.ad.bimobject.com www.mollie.com; frame-src 'self' googleads.g.doubleclick.net www.youtube.com www.google.com www.google.fr www.facebook.com staticxx.facebook.com polantis-com-data.s3-eu-west-1.amazonaws.com polantis-com-data-dev.s3-eu-west-1.amazonaws.com polantis-com-data.s3.eu-west-1.amazonaws.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com use.fontawesome.com; connect-src 'self' www.polantis.info new.polantis.com maps.googleapis.com cdn.datatables.net www.facebook.com vicopo.selfbuild.fr analytics.google.com stats.g.doubleclick.net cdn.jsdelivr.net; report-uri /nelmio/csp/report 1
default-src 'self'; object-src 'none'; font-src 'self' data: static.criteo.net; style-src 'self' 'unsafe-inline' *.bing.com https://*.lidl-reisen.de https://*.lidl-reisen.at https://*.lidl-reisen.ch https://*.lidl-voyages.ch https://*.mvp2prd.sit.sys.odj.cloud www.googletagmanager.com tagmanager.google.com; child-src *.criteo.com *.criteo.net www.googletagmanager.com *.facebook.com connect.facebook.net; media-src static.criteo.net; img-src * data: https://www.bing.com https://*.virtualearth.net https://*.gstatic.com www.googletagmanager.com https://cdn.cookielaw.org; frame-src 'self' consentcdn.cookiebot.com *.criteo.com *.criteo.net https://*.lidl-reisen.de https://*.lidl-reisen.at https://www.googletagmanager.com https://211554000000.ferienwohnung-be.de https://lidlreisen.animod.de https://partner.singlereisen.de https://form.lidl.com https://wlv.kreuzfahrt-be.de https://lidl.snowtrex.de https://lidl.snowtrex.at https://*.traffics-ibe.com *.facebook.com connect.facebook.net https://review-service.holidaycheck.com https://review.holidaycheck.com https://www.intersportrent.com *.doubleclick.net; form-action *.facebook.com connect.facebook.net; connect-src 'self' https://storage.googleapis.com https://www.google.com https://*.lidl-reisen.de https://*.lidl-reisen.at https://*.lidl-reisen.ch https://*.lidl-voyages.ch https://*.mvp2prd.sit.sys.odj.cloud *.bing.com https://*.virtualearth.net https://www.googletagmanager.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://*.kameleoon.eu https://*.kameleoon.com *.facebook.com connect.facebook.net cdn.cookielaw.org *.onetrust.com consentcdn.cookiebot.com *.criteo.com *.criteo.net *.googlesyndication.com https://clouderrorreporting.googleapis.com https://endpoints.lidl-flyer.com https://eum-blue-saas.instana.io https://*.analytics.google.com https://stats.g.doubleclick.net https://*.google.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.bing.com https://r.bing.com https://*.virtualearth.net https://cdn.cookielaw.org https://*.onetrust.com https://*.cookiebot.com https://*.lidl-reisen.de https://*.lidl-reisen.at https://*.lidl-reisen.ch https://*.lidl-voyages.ch https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.kameleoon.eu https://*.kameleoon.com https://lidlreisen.animod.de https://211554000000.ferienwohnung-be.de https://www.snowtrex.de https://*.criteo.com https://static.criteo.net https://googleads.g.doubleclick.net https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://www.dwin1.com https://clouderrorreporting.googleapis.com https://*.bd4travel.com https://eum.instana.io https://survey.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.doubleclick.net *.google.de *.instana.io *.googleadservices.com 1
frame-ancestors www.slpl.org *.www.slpl.org slpl.org *.slpl.org slpl.bibliocms.com *.slpl.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src www.slpl.org *.www.slpl.org slpl.org *.slpl.org slpl.bibliocms.com *.slpl.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com cdn.gtranslate.net 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
frame-ancestors 'self'; form-action 'self'; base-uri 'self'; object-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.posthog.com https://*.intercom.io https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com https://*.facebook.net https://*.facebook.com https://telegram.org https://*.telegram.org https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://*.steamstatic.com https://*.akamaihd.net https://t.me https://*.telegram-cdn.org https://*.cdn-telegram.org https://*.userapi.com https://*.googleusercontent.com https://*.fbcdn.net https://*.fbsbx.com https://*.yandex.net https://*.giphy.com https://flagcdn.com https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com https://*.intercomassets.eu https://*.intercomassets.com https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://*.facebook.net https://*.facebook.com; style-src 'self' 'unsafe-inline' https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com; frame-src https://*.youtube.com https://intercom-sheets.com https://intercom.help https://codepen.io https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors 'self' https://telegram.org https://*.telegram.org; connect-src 'self' data: https://*.steamstatic.com https://*.akamaihd.net https://t.me https://*.telegram-cdn.org https://*.cdn-telegram.org https://*.userapi.com https://*.googleusercontent.com https://*.fbcdn.net https://*.fbsbx.com https://*.yandex.net https://*.sentry.io https://*.posthog.com https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com https://*.facebook.net https://*.facebook.com https://telegram.org https://*.telegram.org https://hcaptcha.com https://*.hcaptcha.com; object-src 'none'; 1
default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src * data: https:; object-src 'none'; connect-src https: wss:; script-src 'unsafe-inline' https: 'unsafe-eval'; worker-src 'self' blob:; upgrade-insecure-requests; block-all-mixed-content; media-src 'self' blob: data: https:; font-src 'self' data: https://use.typekit.net https://cdnjs.cloudflare.com https://fonts.gstatic.com; base-uri 'none'; 1
default-src 'self' ajax.cloudflare.com teams.microsoft.com  app.sli.do www.youtube.com www.google.fr www.google.at www.google-analytics.com www.google.com region1.analytics.google.com www.unjspf.org www.googletagmanager.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com 'unsafe-inline'; font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com 'unsafe-inline'; img-src 'self' data: www.unjspf.org www.google.fr www.google-analytics.com stats.g.doubleclick.net via.placeholder.com elements.oxy.host www.google.co.in www.google.com www.google-analytics.com www.google.ch 'unsafe-inline' ; media-src 'self' www.unjspf.org 'unsafe-inline' ; script-src 'self' www.google.com www.unjspf.org www.googletagmanager.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com www.gstatic.com cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; script-src-attr 'self' www.google.com www.unjspf.org www.googletagmanager.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com www.gstatic.com 'unsafe-inline'; script-src-elem 'self' www.google.com www.unjspf.org ajax.cloudflare.com www.googletagmanager.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com www.gstatic.com cdnjs.cloudflare.com ajax.googleapis.com 'unsafe-inline'; style-src 'self' www.unjspf.org fonts.googleapis.com www.gstatic.com cdnjs.cloudflare.com 'unsafe-inline' ; style-src-attr 'self' www.unjspf.org fonts.googleapis.com www.gstatic.com 'unsafe-inline' ; style-src-elem 'self' www.unjspf.org maxcdn.bootstrapcdn.com fonts.googleapis.com www.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com 'unsafe-inline'; frame-ancestors 'self'; 1
script-src http: https: 'unsafe-eval' 'unsafe-inline' https://prodnew.marcs.com.au/ foursixty.com *.googletagmanager.com *.zendesk.com wss://*.zendesk.com *.zopim.com wss://*.zopim.com *.cfjump.com; style-src 'self' blob: https: 'unsafe-inline' https://prodnew.marcs.com.au/ foursixty.com *.zendesk.com; img-src data: http: https: *.zopim.io *.googletagmanager.com; object-src 'none'; base-uri 'none'; child-src 'self'; connect-src 'self' http: https: *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com; font-src 'self' data: fonts.gstatic.com foursixty.com *.zendesk.com; frame-src assets.braintreegateway.com *.google.com *.googletagmanager.com *.youtube.com *.youtu.be *.vimeo.com foursixty.com *.zendesk.com *.paypal.com; 1
frame-ancestors 'self' blob: data: ; 1
default-src 'self' 'unsafe-inline' https: data: blob: intent: fb-messenger:; frame-ancestors self; report-to https://seguranca.ancar.com.br/csp-violation-report-endpoint/; form-action 'self' https://www.facebook.com/; 1
frame-ancestors 'self' http://www.sunsilk.co.id unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self' *.zywave;script-src 'self' *.zywave.com *.zywave.co.uk www.google.com 'nonce-4HWI9hi0P2Hr4YUc1EErnU7no1924o091nYUIBOOckw=';style-src 'self' 'nonce-4HWI9hi0P2Hr4YUc1EErnU7no1924o091nYUIBOOckw=';frame-src 'self' www.google.com;connect-src 'self';img-src 'self' data: *.zywave.com *.zywave.co.uk;manifest-src *.zywave.com *.zywave.co.uk 1
frame-ancestors 'self' pardot.flagstoneim.com 1
frame-ancestors 'self' shop.eriks.com *.shop.eriks.com; upgrade-insecure-requests; script-src eriks.com *.eriks.com *.shop.eriks.com *.vimeo.com *.cookiebot.com unpkg.com blueconic.net *.blueconic.net *.marketo.net pages.eriks.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com apeagle.io *.youtube.com *.adobedtm.com *.azure.com *.azureedge.net *.googleapis.com *.googletagmanager.com *.adservice.google.com *.googleadservices.com googleads.g.doubleclick.net *.google-analytics.com dqm.crownpeak.com *.twimg.com *.twitter.com twitter.com *.facebook.net *.cobrowser.com *.google.com *.gstatic.com *.hsforms.net *.hsforms.com *.elfsight.com snap.licdn.com static.hotjar.com script.hotjar.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com ubembed.com *.ubembed.com js.ubembed.com *.js.ubembed.com c.leadlab.click 'self' 'unsafe-eval' 'unsafe-inline'; 1
child-src 'self' https://app.powerbi.com https://www.youtube.com https://www.facebook.com https://www.google.com https://stacc.ee https://public.tableau.com https://tableauapp.tehik.ee; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.reactandshare.com https://maxcdn.bootstrapcdn.com https://embed.tawk.to; object-src 'none'; script-src 'self' 'unsafe-inline' 'report-sample' https://connect.facebook.net https://www.google-analytics.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://embed.tawk.to https://siteimproveanalytics.com https://www.gstatic.com https://cdn.reactandshare.com https://data.reactandshare.com https://unpkg.com https://static-v.tawk.to https://public.tableau.com https://tableauapp.tehik.ee https://s3.eu-north-1.amazonaws.com https://ajax.googleapis.com https://www.google.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io npmcdn.com; style-src 'self' 'unsafe-inline' 'report-sample' https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://cdn.reactandshare.com https://unpkg.com https://embed.tawk.to https://s3.eu-north-1.amazonaws.com https://translate.googleapis.com https://fonts.googleapis.com cdn.jsdelivr.net https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com npmcdn.com; worker-src 'self'; base-uri 'self'; form-action 'self' https://www.digilugu.ee/login https://www.facebook.com; frame-ancestors 'self'; report-uri https://tervisekassa.ee/report-uri/enforce; block-all-mixed-content 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-4fTQmRF5qhUJjvquOh8Pj0fsB' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
report-uri https://efdbd22ae1d509e5db28ead4e313c073.report-uri.com/r/d/csp/reportOnly; report-to {"group":"default","max_age":31536000,"endpoints":[{"url":"https://efdbd22ae1d509e5db28ead4e313c073.report-uri.com/a/d/g"}],"include_subdomains":true} 1
frame-src 'self' *.tebis-consulting.com *.tebis.com info.tebis.com *.doubleclick.net consentcdn.cookiebot.eu player.vimeo.com www.youtube-nocookie.com www.dailymotion.com data:; 1
connect-src https: wss: blob:; default-src https:; img-src https: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: blob: 'unsafe-inline'; 1
default-src 'self'; connect-src 'self' https://*.force.com https://*.googleadservices.com https://*.google-analytics.com https://*.google.co.uk https://*.liadm.com https://*.linkedin.com https://*.hotjar.io https://*.salesforceliveagent.com https://*.salesforce-sites.com wss://*.hotjar.com; frame-src 'self' https://*.force.com https://*.google.com/recaptcha/ https://*.salesforceliveagent.com https://*.youtube.com; img-src 'self' blob data: https://*.amazonaws.com https://*.csl-group.com https://*.google-analytics.com https://*.google.co.uk https://*.google.com https://*.linkedin.com https://*.twitter.com https://*.typekit.net https://t.co; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.ads-twitter.com https://*.cloudflare.com https://*.csl-group.com https://*.doubleclick.net https://*.force.com https://*.google-analytics.com https://*.google.com/recaptcha/ https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.leadforensics.com https://*.liadm.com https://*.licdn.com https://*.pardot.com https://*.remarketstats.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.salesforce-sites.com/ https://*.typekit.net https://*.usbrowserspeed.com; style-src 'self' 'unsafe-inline' https://*.jquery.com https://*.typekit.net https://*.force.com https://*.salesforce-sites.com; font-src 'self' https://*.typekit.net data:; 1
max-age=31536000; includeSubDomains; frame-ancestors 'none'; 1
default-src 'self'; connect-src 'self' *.wowhead.com wowhead.com https://*.gstatic.com/ https://*.googlesyndication.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.sentry.io https://cdn.altertime.es/; frame-src 'self' https: *.youtube.com *.youtube-nocookie.com youtube.com youtube-nocookie.com ; frame-ancestors 'self' https:; img-src 'self' https: http: data:; media-src 'self' blob: https:; object-src 'none'; script-src 'self' 'unsafe-inline' wow.zamimg.com cdn.cookie-script.com https://*.googlesyndication.com https://*.googletagmanager.com ; style-src 'unsafe-inline' https: http: 'self'; worker-src blob: 'self'; child-src 'self' blob:; base-uri 'none'; block-all-mixed-content; upgrade-insecure-requests; 1
font-src *.fontawesome.com applepay.cdn-apple.com https://*.m2.p82.dbm-local.com https://*.m2.p82.dbm-dev.com https://*.animal-valley.com https://*.poulailler-direct.fr https://*.chemin-des-poulaillers.com https://*.pro-valley.eu https://*.niche-a-chien.com https://fonts.gstatic.com https://use.typekit.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ api.payplug.com secure.payplug.com https://sketchfab.com https://static.criteo.net https://*.criteo.com https://player.vidjet.io https://bat.bing.com https://*.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com *.bird.eu a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org cdn.doofinder.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com https://*.m2.p82.dbm-local.com https://*.m2.p82.dbm-dev.com https://*.m2.p74.dbm-dev.com https://*.animal-valley.com https://*.poulailler-direct.fr https://*.chemin-des-poulaillers.com https://*.pro-valley.eu https://*.niche-a-chien.com https://*.weeride.fr https://cl.avis-verifies.com https://axeptio.imgix.net https://favicons.axept.io https://www.facebook.com https://www.google.fr https://*.googlesyndication.com https://google.com https://*.doubleclick.net https://x.bidswitch.net https://ib.adnxs.com https://contextual.media.net https://pixel.rubiconproject.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://criteo-sync.teads.tv https://eb2.3lift.com https://hb.yahoo.net https://ups.analytics.yahoo.com https://cm.adform.net https://visitor.omnitagjs.com https://r.casalemedia.com https://public-prod-dspcookiematching.dmxleo.com https://gum.criteo.com https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://exchange.mediavine.com https://jadserve.postrelease.com https://sync.outbrain.com https://simage2.pubmatic.com https://match.sharethrough.com https://criteo-partners.tremorhub.com https://ad.yieldlab.net https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://dis.criteo.com https://widget.eu.criteo.com https://dpm.demdex.net https://beacon.krxd.net https://c1.adform.net https://*.gstatic.com https://bat.bing.com https://*.clarity.ms https://eu1-doofinderuser.s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com https://static.axept.io https://www.googletagmanager.com https://www.google-analytics.com cdn.doofinder.com s7.addthis.com maps.googleapis.com www.gstatic.com www.google.com api.payplug.com applepay.cdn-apple.com https://cdn.payplug.com/js/integrated-payment/ https://*.m2.p82.dbm-local.com https://*.m2.p82.dbm-dev.com https://*.animal-valley.com https://*.poulailler-direct.fr https://*.chemin-des-poulaillers.com https://*.pro-valley.eu https://*.niche-a-chien.com https://api.easiconnect.io https://weeride.easiwebforms.net https://cdn.cartsguru.io https://connect.facebook.net https://app-api.vidjet.io https://www.clarity.ms https://bat.bing.com https://www.google.fr https://static.criteo.net https://sslwidget.criteo.com https://widget.eu.criteo.com acc-weeride.h1d3n0tsoo-staging-easiwebforms.net https://widgets.rr.skeepers.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.doofinder.com *.fontawesome.com https://*.m2.p82.dbm-local.com https://*.m2.p82.dbm-dev.com https://*.animal-valley.com https://*.poulailler-direct.fr https://*.chemin-des-poulaillers.com https://*.pro-valley.eu https://*.niche-a-chien.com https://p.typekit.net https://fonts.googleapis.com https://*.googletagmanager.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com 'self' 'unsafe-inline'; manifest-src https://*.m2.p82.dbm-local.com https://*.m2.p82.dbm-dev.com https://*.animal-valley.com https://*.poulailler-direct.fr https://*.chemin-des-poulaillers.com https://*.pro-valley.eu https://*.niche-a-chien.com 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com https://client.axept.io https://api.axept.io https://www.google-analytics.com *.doofinder.com wss://*.doofinder.com ekr.zdassets.com/ maps.googleapis.com https://*.m2.p82.dbm-local.com https://*.m2.p82.dbm-dev.com https://*.animal-valley.com https://*.poulailler-direct.fr https://*.chemin-des-poulaillers.com https://*.pro-valley.eu https://*.niche-a-chien.com https://integration.carts.guru https://openfpcdn.io https://app-api.vidjet.io https://*.clarity.ms https://*.analytics.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.googlesyndication.com https://*.google.com https://google.com https://www.google.fr https://www.facebook.com https://measurement-api.criteo.com https://bat.bing.com https://api.easiconnect.io https://*.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://*.m2.p82.dbm-local.com https://*.m2.p82.dbm-dev.com https://*.animal-valley.com https://*.poulailler-direct.fr https://*.chemin-des-poulaillers.com https://*.pro-valley.eu https://*.niche-a-chien.com 'self' 'unsafe-inline';, upgrade-insecure-requests; 1
frame-ancestors 'self' www.batteriesexpert.com 1
frame-ancestors 'self' https://formulapesca.com 1
default-src https: 'unsafe-inline' 'unsafe-eval';media-src blob: 'self' 1
block-all-mixed-content; frame-ancestors *.backwash.com.br 1
font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; 1
upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://api.luigisbox.com https://pagead2.googlesyndication.com https://www.google.com/pagead/ https://region1.google-analytics.com https://www.huramobil.cz https://widget.packeta.com https://www.google-analytics.com *.doubleclick.net *.twitter.com https://google-analytics.com https://www.facebook.com *.iplatba.cz *.zbozi.cz https://onesignal.com; font-src 'self' data: https://fonts.gstatic.com https://www.fontsaddict.com https://themes.googleusercontent.com; form-action 'self' https://gw1.iplatba.cz https://huramobil.cz https://www.huramobil.cz https://widget.packeta.com https://3dsecure.gpwebpay.com https://www.facebook.com; frame-src  'self' https://www.startupjobs.cz https://www.instagram.com https://widget.packeta.com http://s.imedia.cz https://www.google.cz https://www.google.com https://out.sklik.cz https://sandbox.zbozi.cz https://www.zbozi.cz *.doubleclick.net *.twitter.com https://c.imedia.cz https://accounts.google.com https://staticxx.facebook.com https://onesignal.com https://www.facebook.com https://www.youtube.com; img-src 'self' blob: data: https://via.placeholder.com https://picsum.photos https://i.picsum.photos https://c.seznam.cz https://widget.packeta.com https://www.techarena.cz https://www.heureka.cz https://ssl.heureka.cz https://hit.skrz.cz https://www.srovname.cz https://www.googletagmanager.com https://app.geispoint.cz https://img.onesignal.com https://maps.gstatic.com https://maps.googleapis.com https://c.imedia.cz https://i.ytimg.com https://ssl.gstatic.com *.doubleclick.net *.twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.cz; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://scripts.luigisbox.com https://cdn.luigisbox.com https://www.startupjobs.cz https://www.instagram.com https://c.seznam.cz https://pagead2.googlesyndication.com https://www.seznam.cz https://widget.packeta.com https://www.googletagmanager.com https://ajax.googleapis.com https://ssl.heureka.cz https://muj.skrz.cz https://out.sklik.cz https://www.srovname.cz https://c.imedia.cz https://sandbox.zbozi.cz https://www.zbozi.cz https://c.imedia.cz https://maps.googleapis.com https://www.googletagmanager.com https://apis.google.com https://c.imedia.cz https://cdn.onesignal.com https://connect.facebook.net *.doubleclick.net *.twitter.com https://im9.cz https://onesignal.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google.com https://www.shoproku.cz/js/interstitial.min.js; style-src 'self' 'unsafe-inline' https://code.jquery.com https://fonts.googleapis.com https://onesignal.com; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.facebook.com https://facebook.net https://*.facebook.net https://*.snapchat.com https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.com https://accounts.google.com/gsi/ https://*.mrbit.bg *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com s4vds4.ujad65dsai.com asdaerq.dapmaptuns.com *.checkout.com *.browser-intake-datadoghq.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://app.vwo.com https://*.mrbit.bg; frame-src 'self' bankid://* https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://*.zignsec.com https://*.trustly.com https://*.regily.com https://*.sumsub.com https://*.biahosted.com https://*.aitcloud.de https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.bg https://* paymentpage.ecommpay.com asdaerq.dapmaptuns.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.gstatic.com https://recaptcha.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://*.snapchat.com https://snapchat.com https://sc-static.net https://*.facebook.com https://facebook.net https://*.facebook.net https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.com https://accounts.google.com/gsi/client https://*.mrbit.bg *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com asdaerq.dapmaptuns.com *.checkout.com 'nonce-KSXpdYIGb0a0NYYjP5dFSPUbb92ivshkpKAonpoCasI=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://accounts.google.com/gsi/style https://*.mrbit.bg *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com fasd63.illongrlong.com s4vds4.ujad65dsai.com asdaerq.dapmaptuns.com; worker-src 'self' blob:; report-uri https://mrbit.bg/sentry/api/41/csp-report/?sentry_key=38bd9ad353b94f1a8143ea227d160767 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.focusarte.com https://www.musihacks.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com unpkg.com cdnjs.cloudflare.com use.fontawesome.com fonts.googleapis.com maps.googleapis.com connect.facebook.net fonts.gstatic.com www.google-analytics.com static.hotjar.com script.hotjar.com cdn.jsdelivr.net cdn.ckeditor.com www.googletagmanager.com; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.co.il https://www.myheritage.co.il  'nonce-9d8b06985175dfa8f2c362ac038e51c2' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.co.il;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
frame-ancestors 'self' tallyeducation.com *.tallyeducation.com 1
upgrade-insecure-requests; default-src 'self' *; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; img-src 'self' * data:; font-src 'self' * data: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.fwc.pl *.victoriassecret.pl *.trustmate.io trustmate.io *.cookiebot.com *.cookiebot.eu *.webgains.io *.packeta.com *.youtube.com *.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net *.googletagmanager.com *.ingest.sentry.io *.google.com data: *.salesmanago.pl *.criteo.com *.hotjar.com; frame-src 'self' * *.packeta.com *.gstatic.com *.google.com *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com *.adyen.com *.dhl.pl *.criteo.com *.hotjar.com *.salesmanago.pl; object-src 'self'; default-src 'self' *.victoriassecret.pl *.victoriassecret.ro *.victoriassecret.cz *.fwc.pl; img-src 'self' data: *.trustmate.io trustmate.io *.google-analytics.com *.adyen.com *.google.com *.gstatic.com *.googleapis.com *.doubleclick.net *.salesmanago.pl *.facebook.com *.criteo.com *.victoriassecret.pl *.victoriassecret.ro *.victoriassecret.cz *.fwc.pl; style-src 'unsafe-inline' 'self' *.trustmate.io trustmate.io *.googletagmanager.com *.googleapis.com; connect-src 'self' *.victoriassecret.pl *.trustmate.io trustmate.io *.cookiebot.com *.cookiebot.eu *.webgains.io *.packeta.com *.googlesyndication.com *.googletagmanager.com *.google.com *.ingest.sentry.io *.google-analytics.com *.adyen.com *.googleapis.com *.doubleclick.net *.facebook.com *.criteo.com *.hotjar.com *.salesmanago.pl; font-src 'self' *.googleapis.com *.gstatic.com; media-src 'self' *.victoriassecret.pl *.victoriassecret.ro *.victoriassecret.cz *.fwc.pl; 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors 'self' https://*.vizmo.in https://pagesense.zoho.com; 1
default-src * data: blob:  about: ws: wss: 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' https://ssol.co https://*.inchcapedigital.com https://*.subaru.cl/; 1
script-src 'self' *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.facebook.com *.facebook.net *.twitter.com *.zalo.me *.zaloapp.com 'unsafe-inline' 'unsafe-eval' *.addthis.com *.moatads.com *.addthisedge.com;style-src 'self' *.google.com 'unsafe-inline' *.googleapis.com;frame-src 'self' *.google.com *.youtube.com *.facebook.com *.facebook.net *.twitter.com *.zalo.me *.addthis.com *.live.com;base-uri 'self'; 1
default-src 'self'; script-src * 'self' cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline'; img-src data: blob: * 'self'; font-src data: * 'self'; frame-src * 'self'; connect-src * 'self'; media-src * 'self'; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com 1
default-src 'self'; img-src * data:; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com fonts.googleapis.com data:; frame-src * blob:; connect-src *.mycare.com api.rollbar.com; script-src-elem 'self' www.google.com www.gstatic.com 'unsafe-inline' 1
upgrade-insecure-requests;script-src 'self' 'wasm-unsafe-eval';connect-src 'self' blob: https://stereophonic.space wss://stereophonic.space https://stereophonic.space;media-src 'self' https://stereophonic.space;img-src 'self' data: blob: https://stereophonic.space;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self'; 1
default-src 'self'; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.cludo.com ic11.esolg.ca js.esolutionsgroup.ca assets.calendly.com bbox.blackbaudhosting.com payments.blackbaud.com js.hsforms.net forms.hsforms.com search-api.swiftype.com lakelandcollege.news.esolg.ca platform.twitter.com *.doubleclick.net *.google.com *.facebook.net *.swiftypecdn.com *.googletagmanager.com *.google-analytics.com code.jquery.com fonts.gstatic.com cdnjs.cloudflare.com api.hubapi.com js.hs-scripts.com js.hs-banner.com js.hsadspixel.net js.hs-analytics.net siteimproveanalytics.com *.googleapis.com *.gstatic.com *.hscollectedforms.net *.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cludo.com ic11.esolg.ca assets.calendly.com bbox.blackbaudhosting.com payments.blackbaud.com js.hsforms.net forms.hsforms.com search-api.swiftype.com lakelandcollege.news.esolg.ca platform.twitter.com js.esolutionsgroup.ca *.doubleclick.net *.google.com *.facebook.net *.swiftypecdn.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com fonts.gstatic.com code.jquery.com cdnjs.cloudflare.com api.hubapi.com js.hs-scripts.com js.hs-banner.com js.hsadspixel.net js.hs-analytics.net siteimproveanalytics.com *.hscollectedforms.net *.bootstrapcdn.com; style-src 'self' 'unsafe-inline' *.cludo.com *.googleapis.com assets.calendly.com bbox.blackbaudhosting.com payments.blackbaud.com js.hsforms.net forms.hsforms.com search-api.swiftype.com lakelandcollege.news.esolg.ca platform.twitter.com *.gstatic.com fonts.gstatic.com code.jquery.com cdnjs.cloudflare.com api.hubapi.com *.hscollectedforms.net js.hs-scripts.com js.hs-banner.com js.hsadspixel.net js.hs-analytics.net siteimproveanalytics.com *.esolutionsgroup.ca *.facebook.net *.swiftypecdn.com *.google.com; img-src *; media-src *; frame-src *; font-src 'self' data: https://fonts.gstatic.com  1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://docsapi.tendsign.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://cdn.tinymce.com https://www.google.com https://www.gstatic.com https://cdn.wootric.com/wootric-sdk.js https://www.googletagmanager.com https://cdn.amplitude.com https://api.eu.amplitude.com https://t.myvisitors.se;style-src 'self' 'unsafe-inline' https://docsapi.tendsign.com https://fonts.googleapis.com https://cdnjs.cloudflare.com;img-src 'self' https://docsapi.tendsign.com https://docsapireports.tendsign.com data: https://*.triggerbee.com;media-src https://f.hubspotusercontent00.net https://info.mercell.com;frame-src 'self' https://adforms.opic.com https://www.google.com https://online.csign.se https://api.gii.cloud https://ui.csign.se https://www.quicksearch.se https://dm.quicksearch.se https://www.ibinder.com https://docsapi.tendsign.com https://files.opic.com https://w2.brreg.no https://suppliers.opic.com bankid:;font-src 'self' https://docsapi.tendsign.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com;connect-src 'self' https://docsapi.tendsign.com https://production.wootric.com https://wootric-eligibility.herokuapp.com https://eligibility.wootric.com https://api.eu.amplitude.com https://*.triggerbee.com;report-uri /WebResource.axd?cspReport=true 1
frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.reduniq.pt *.paypal.com *.klarna.com *.microsoft.com *.microsoftonline.com *.windows.net *.office.com *.bol.pt *.bol.pt/* *.vimeo.com *.cookielaw.org *.recaptcha.net bandcamp.com *.soundcloud.com *.google.com *.sites.edp.com *.siteimprove.net *.siteimprove.com *.workplace.com *.intras.edp.com *.microsoftstream.com *.edp.pt *.edp.com *.edpr.com *.dig.corp.edp.com *.youtube.com *.youtube-nocookie.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com ir.tools.investis.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es; script-src 'self' 'unsafe-eval' 'unsafe-inline' analytics.tiktok.com snap.licdn.com *.googleadservices.com *.reduniq.pt *.paypal.com *.klarna.com *.bol.pt/* maat.pt/* *.gstatic.com *.google.com *.google.pt *.googletagmanager.com *.google-analytics.com *.googleusercontent.com *.googleapis.com *.newrelic.com *.jquery.com *.doubleclick.net *.siteimprove.net *.siteimprove.com *.youtube.com *.youtube-nocookie.com *.cookielaw.org *.facebook.net *.smrk.io unpkg.com *.jsdelivr.net *.cloudflare.com *.newrelic.com *.bol.pt *.rawgit.com *.onetrust.com *.nr-data.net *.highcharts.com *.recaptcha.net *.edp.com *.edpr.com *.e-redes.pt opendata.online.e-redes.pt *.appspot.com *.dig.corp.edp.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es; frame-ancestors 'self' *.reduniq.pt *.paypal.com *.klarna.com *.microsoft.com *.microsoftonline.com *.windows.net *.office.com *.bol.pt *.bol.pt/* *.vimeo.com *.cookielaw.org *.recaptcha.net bandcamp.com *.soundcloud.com *.google.com *.sites.edp.com *.siteimprove.net *.siteimprove.com *.workplace.com *.intras.edp.com *.microsoftstream.com *.edp.pt *.edp.com *.edpr.com *.dig.corp.edp.com *.youtube.com *.youtube-nocookie.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com ir.tools.investis.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es; child-src 'self' 'unsafe-eval' 'unsafe-inline' *.reduniq.pt *.paypal.com *.klarna.com *.microsoft.com *.microsoftonline.com *.windows.net *.office.com *.bol.pt *.bol.pt/* *.vimeo.com *.cookielaw.org *.recaptcha.net bandcamp.com *.soundcloud.com *.google.com *.sites.edp.com *.siteimprove.net *.siteimprove.com *.workplace.com *.intras.edp.com *.microsoftstream.com *.edp.pt *.edp.com *.edpr.com *.dig.corp.edp.com *.youtube.com *.youtube-nocookie.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com ir.tools.investis.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es; upgrade-insecure-requests; 1
frame-ancestors 'none'; report-uri https://612d04a5404dc57901db4f2e.endpoint.csper.io 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://translate.googleapis.com https://translate-pa.googleapis.com https://translate.google.com https://*.webatlas.no https://unpkg.com https://dl.episerver.net https://www.google-analytics.com https://e.infogram.com https://public.tableau.com https://webchat.stavanger.kommune.no https://script.hotjar.com https://static.hotjar.com https://www.browsealoud.com https://plus.browsealoud.com https://www.googletagmanager.com https://prokomresources.prokomcdn.no https://*.twitter.com https://*.twimg.com https://007prokom.boost.ai/ https://toolbar.speechstream.net https://webchat.stavanger.kommune.no https://*.config.skype.com https://*.cdn.skype.com https://sfbweb1.stavanger.kommune.no https://lyncdiscover.stavanger.kommune.no https://www.tiktok.com https://*.tiktokcdn.com https://*.ibytedtos.com/goofy/tiktok https://www.instagram.com https://app-script.monsido.com https://heatmaps.monsido.com https://pagecorrect.monsido.com https://*.ttwstatic.com/ https://sortere.no; 1
base-uri 'self'; object-src 'self'; child-src 'self' https://*.youtube.com; connect-src wss://stemedhub.org https://stemedhub.org/api/members/tools/diskusage https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com 'self' https://api.scite.ai wss://vncproxy.stemedhub.org https://z-p3-graph.facebook.com/me https://graph.facebook.com/me https://www.dropbox.com wss://proxy.stemedhub.org https://analytics.google.com https://www.facebook.com/x/oauth/; default-src 'self' https://*.stemedhub.org; font-src about: chrome-extension: data: https://fonts.gstatic.com safari-extension: 'self' https://use.typekit.net https://storage.googleapis.com/speechify-website-assets/fonts/ https://cdn.scite.ai/assets/fonts/scite-icons/; form-action 'self' https://www.purdue.edu/; frame-ancestors 'self' https://stemedhub.org/; frame-src https://cdnapisec.kaltura.com https://*.stemedhub.org https://youtube.com https://docs.google.com https://calendar.google.com https://purdue.ca1.qualtrics.com https://syndication.twitter.com https://player.vimeo.com https://content.googleapis.com 'self' https://www.google.com/recaptcha/ https://platform.twitter.com https://www.gstatic.com/recaptcha/ https://vimeo.com https://www.youtube.com; img-src * data: image: file: blob:; script-src https://connect.facebook.net/en_US/iab.autofill.enhanced.js https://platform.twitter.com/js/ https://cdnjs.cloudflare.com/ajax/libs/gsap/ https://platform.twitter.com/widgets.js https://cdn.jsdelivr.net/npm/publicalbum@latest/embed-ui.min.js https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js https://www.google.com/jsapi https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/gtag/js https://connect.facebook.net/en_US/all.js https://maps.googleapis.com/maps-api-v3/api/js/ https://abs.twimg.com/responsive-web/client-web/ https://maps.googleapis.com/maps/api/js/ https://www.gstatic.com/charts/ https://www.google-analytics.com/analytics.js https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/ https://cdn.syndication.twimg.com/timeline/ 'self' https://www.google.com/recaptcha/ 'unsafe-eval' https://ssl-webplayer.unity3d.com 'unsafe-inline'; style-src https://www.google.com https://use.typekit.net https://*.googleapis.com https://www.gstatic.com https://code.jquery.com 'self' https://cdnjs.cloudflare.com https://p.typekit.net 'unsafe-inline' data:; worker-src blob:; media-src 'self' data:; upgrade-insecure-requests; report-uri https://csp.hubzero.org/csp-cms.php 1
default-src: 'none' 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://netgamers.it/logs/ https://netgamers.it/sidekiq/ https://netgamers.it/mini-profiler-resources/ https://netgamers.it/assets/ https://netgamers.it/extra-locales/ https://netgamers.it/highlight-js/ https://netgamers.it/javascripts/ https://netgamers.it/plugins/ https://netgamers.it/theme-javascripts/ https://netgamers.it/svg-sprite/ 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' 'sha256-QFlnYO2Ll+rgFRKkUmtyRublBc7KFNsbzF7BzoCqjgA=' https://analytics.netgamers.it:2053 https://platform.twitter.com/; worker-src 'self' https://netgamers.it/assets/ https://netgamers.it/javascripts/ https://netgamers.it/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
connect-src 'self' *.googleapis.com bat.bing.com stats.g.doubleclick.net google.com *.clarity.ms tracker.affirm.com www.affirm.com www.facebook.com *.google.com www.google-analytics.com api-cf.affirm.com smhttp-ssl-18667.nexcesscdn.net; font-src 'self' data: fonts.gstatic.com www.affirm.com smhttp-ssl-18667.nexcesscdn.net assets.quadpay.com cdn.honey.io moz-extension use.typekit.net www.clearplay.com; form-action 'self' www.facebook.com *.paypal.com; frame-src widget.trustpilot.com *.katapult.com *.doubleclick.net *.youtube.com www.facebook.com www.affirm.com www.google.com; img-src 'self' *.bing.com *.katapult.com data: www.facebook.com *.googletagmanager.com *.google.com c.clarity.ms www.shopperapproved.com maps.gstatic.com smhttp-ssl-18667.nexcesscdn.net www.google-analytics.com log.pinterest.com *.googleapis.com translate.google.com www.furniturepick.com www.gstatic.com cdn.honey.io cdn.ivaws.com images.wikibuy.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.katapult.com *.doubleclick.net bat.bing.com *.clarity.ms cdn1.affirm.com connect.facebook.net widget.trustpilot.com www.google-analytics.com www.shopperapproved.com smhttp-ssl-18667.nexcesscdn.net www.google.com www.gstatic.com *.googleapis.com; script-src 'unsafe-eval' 'unsafe-inline' bat.bing.com cdn1.affirm.com *.clarity.ms connect.facebook.net *.googleapis.com smhttp-ssl-18667.nexcesscdn.net widget.trustpilot.com www.google-analytics.com www.google.com www.gstatic.com data: www.shopperapproved.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.katapult.com cdn1.affirm.com smhttp-ssl-18667.nexcesscdn.net; child-src widget.trustpilot.com www.affirm.com www.google.com www.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' bat.bing.com cdn1.affirm.com connect.facebook.net data: smhttp-ssl-18667.nexcesscdn.net stats.g.doubleclick.net tracker.affirm.com www.affirm.com www.facebook.com www.google-analytics.com www.google.com api-cf.affirm.com *.googleapis.com fonts.gstatic.com  maps.gstatic.com 'self' widget.trustpilot.com www.gstatic.com www.shopperapproved.com cdn.ivaws.com; style-src 'unsafe-eval' 'unsafe-inline' *.furniturepick.com smhttp-ssl-18667.nexcesscdn.net cdn1.affirm.com *.googleapis.com; frame-ancestors 'self'; object-src 'self' 1
frame-ancestors https://liveshopping.taifun.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com client.crisp.chat connect.facebook.net; frame-src 'self' *.youtube.com *.facebook.com s-static.ak.facebook.com; object-src 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src 'self' www.openstreetmap.org; 1
default-src 'self' wss: *.wp.com; connect-src 'self' *.jobs.essers.com *.essers.com *.hubspot.com *.hsforms.com *.hotjar.io *.clarity.ms *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.cookiehub.net *.google.com maps.googleapis.com *.facebook.com *.linkedin.com wss:; frame-src 'self' *.essers.com *.facebook.com *.google.com player.hihaho.com forms.hsforms.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' *.jobs.essers.com *.essers.com cookiehub.net *.googleapis.com *.wp.com *.bootstrapcdn.com; font-src 'self' data: script.hotjar.com fonts.gstatic.com *.wp.com wordpress.com *.bootstrapcdn.com; media-src 'self'; object-src 'none'; img-src 'self' data: *.jobs.essers.com *.facebook.com *.facebook.net *.googletagmanager.com *.linkedin.com *.w.org *.wp.com *.wordpress.com *.gravatar.com *.google.com *.google.be *.googlesyndication.com *.hsforms.com track.hubspot.com *.hubspotusercontent00.net *.clarity.ms *.bing.com maps.gstatic.com maps.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.hotjar.com *.hs-scripts.com *.hsforms.net *.hs-banner.com *.hs-analytics.net *.hsleadflows.net *.hubspot.com *.clarity.ms *.wp.com unpkg.com *.licdn.com cdn.cookielaw.org cookiehub.net geolocation.onetrust.com privacyportal-eu.onetrust.com/request/v1/consentreceipts; 1
default-src 'self' data: http://podrozeshell-prod-app-v000353358 https://www.podrozeshell.pl http://www.podrozeshell.pl https://l.evidon.com https://optoutapi.evidon.com https://google-analytics.com https://region1.google-analytics.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com http://c.evidon.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' 'unsafe-inline' data: https://www.podrozeshell.pl http://www.podrozeshell.pl https://*.ideo.pl https://c.evidon.com https://l.evidon.com; font-src 'self' https://www.podrozeshell.pl http://www.podrozeshell.pl https://fonts.gstatic.com; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://www.facebook.com http://l3.evidon.com 1
default-src 'self' *.vercel.app *.totallyworkwear.com.au *.myshopify.com *.prismic.io *.sentry.io *.algolia.net *.algolianet.com *.algolia.io https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://vimeo.com 'unsafe-inline' https://maps.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://vitals.vercel-insights.com https://analytics.google.com https://totallyworkwear-au.attn.tv https://events.attentivemobile.com https://vercel.live https://*.pusher.com wss://*.pusher.com https://api.reviews.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.hotjar.com https://maps.googleapis.com https://www.googletagmanager.com https://vercel.live https://www.google-analytics.com https://stats.g.doubleclick.net https://vitals.vercel-insights.com https://cdn.attn.tv https://connect.facebook.net https://player.vimeo.com https://r.turn.com https://widget.reviews.io; child-src 'self' https://vercel.live *.vimeo.com https://www.facebook.com https://totallyworkwear.formstack.com https://www.google.com; frame-src 'self' https://vercel.live *.vimeo.com https://www.facebook.com https://totallyworkwear.formstack.com https://www.google.com; style-src 'self' 'unsafe-inline' data: https://assets.reviews.io; font-src 'self' https://script.hotjar.com https://fonts.gstatic.com https://assets.reviews.io; img-src 'self' data: *.prismic.io *.shopify.com https://www.google.com https://www.google.com.au https://www.google-analytics.com/ https://vercel.com https://*.vercel.com https://www.facebook.com https://script.hotjar.com *.adswizz.com *.tapad.com https://assets.reviews.io; 1
default-src 'self' data: https://enedis.fr  https://www.enedis.fr http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://nominatim.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://asset.raccordement-entreprise-enedis.fr https://js-agent.newrelic.com https://www.google-analytics.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'none' 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.bairdmaritime.com;block-all-mixed-content; 1
default-src 'self' data: *.rhc.ac.ir http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org https://cdn77.api.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://conf.isc.ac https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://sapiba.ir/rajaie-pamfelets https://sapiba.ir/rhc https://sapiba.ir/* https://sapiba.ir https://sapiba.ir/rajaie140/ https://edu.sapiba.ir/* https://isid.research.ac.ir/* https://edu.sapiba.ir/ https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com https://widget-react.raychat.io; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org https://widget-react.raychat.io; img-src 'self' blob: data: https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://ws5.goftino.com wss://cdn.goftino.com https://api.userway.org https://cdn.userway.org https://cdn77.api.userway.org https://widget-service.raychat.io wss://ws10.goftino.com; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org https://edu.sapiba.ir https://sapiba.ir/rajaie-pamfelets https://sapiba.ir/rhc https://sapiba.ir/* https://sapiba.ir https://sapiba.ir/rajaie140/ https://edu.sapiba.ir/* https://isid.research.ac.ir/* https://edu.sapiba.ir/; frame-ancestors 'self' https://trustseal.enamad.ir; 1
frame-ancestors 'self' https://firstflight.today; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://0x00sec.org/logs/ https://0x00sec.org/sidekiq/ https://0x00sec.org/mini-profiler-resources/ https://0x00sec.org/assets/ https://0x00sec.org/brotli_asset/ https://0x00sec.org/extra-locales/ https://0x00sec.org/highlight-js/ https://0x00sec.org/javascripts/ https://0x00sec.org/plugins/ https://0x00sec.org/theme-javascripts/ https://0x00sec.org/svg-sprite/ 'sha256-Gty3/aPWFfSvz7pdT39HY97/+2opLup9V0L19ZF0IwY=' https://s3.amazonaws.com/0x00sec/highlight.pack.js instant.page/3.0.0; worker-src 'self' https://0x00sec.org/assets/ https://0x00sec.org/brotli_asset/ https://0x00sec.org/javascripts/ https://0x00sec.org/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors https://*.shortlyst.com https://*.shopalyst.com https://shop-id-glowandlovely.com; 1
base-uri 'self'; default-src https:; object-src 'none'; frame-src 'self' *.acronis.com *.salesforceliveagent.com *.driftt.com *.visualize-roi.com *.doubleclick.net optimize.google.com platform.twitter.com syndication.twitter.com vars.hotjar.com widget.trustpilot.com www.facebook.com www.google.com www.youtube.com www.recaptcha.net *.visualwebsiteoptimizer.com app.vwo.com; frame-ancestors 'none'; font-src 'self' *.acronis.com fonts.googleapis.com fonts.gstatic.com script.hotjar.com; style-src 'unsafe-inline' 'self' *.acronis.com cdn.cookielaw.org fonts.googleapis.com optimize.google.com platform.twitter.com tagmanager.google.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; img-src 'self' data: *.acronis.com *.analytics.google.com *.clarity.ms *.facebook.com *.g.cn *.g.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.linkedin.com *.twimg.com *.ytimg.com acronis.events b.6sc.co bat.bing.com c.bing.com c212.net cdn.cookielaw.org maps.gstatic.com media.slapfive.com optimize.google.com p.adsymptotic.com pixel.mathtag.com script.hotjar.com ssl.gstatic.com syndication.twitter.com trkn.us www.gstatic.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com www.mczbf.com alb.reddit.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleapis.com *.gstatic.com; connect-src 'self' ws: *.6sc.co *.6sense.com *.workday.com *.herokuapp.com *.acronis.com *.adnxs.com *.analytics.google.com *.bing.com *.clarity.ms *.fullcircleinsights.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.mutinycdn.com *.onetrust.com *.s3.amazonaws.com *.scarabresearch.com *.schemaapp.com *.sentry.io *.visualize-roi.com *.influ2.com *.linkedin.com 929-hvv-335.mktoresp.com api.greenhouse.io cdn.cookielaw.org maps.googleapis.com cdn.linkedin.oribi.io www.mczbf.com *.visualwebsiteoptimizer.com app.vwo.com www.redditstatic.com 6sense.deian.eu *.mplat-ppcprotect.com *.reddit.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleapis.com *.gstatic.com; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-ee18c89bda33adcaa1f580833350fe08' *.acronis.com *.googletagmanager.com tagmanager.google.com *.visualize-roi.com optimize.google.com www.google-analytics.com www.googleadservices.com www.googleanalytics.com www.googleoptimize.com *.visualwebsiteoptimizer.com app.vwo.com 1
default-src 'none'; style-src 'self'; media-src 'self'; img-src 'self'; font-src 'self';frame-ancestors 'none';base-uri 'none';form-action 'none'; 1
default-src 'self' data: *.isc.ac http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org https://cdn77.api.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://conf.isc.ac https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com https://widget-react.raychat.io; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org https://widget-react.raychat.io; img-src 'self' blob: data: https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://ws5.goftino.com wss://cdn.goftino.com https://api.userway.org https://cdn.userway.org https://cdn77.api.userway.org https://widget-service.raychat.io; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org https://edu.sapiba.ir; frame-ancestors 'self' https://trustseal.enamad.ir; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: edge.curalate.com *.google.com *.pricespider.com *.hotjar.com; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; img-src 'self' data: https: *.hotjar.com; frame-src 'self' https:; font-src 'self' data: https: *.hotjar.com; connect-src 'self' https: ampcid.google.com.br *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com server-side-tagging-b4b35m77ha-uc.a.run.app; media-src 'self' *.curalate.com blob:; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https: *.hotjar.com cdn.pricespider.com; 1
font-src fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com test.saferpay.com www.saferpay.com saferpay.com https://seo.mageplaza.com https://plumrocket.com *.facebook.com www.googletagmanager.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com test.saferpay.com www.saferpay.com saferpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://plumrocket.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com *.doubleclick.net happyfoxchat.com *.happyfoxchat.com *.facebook.com www.googletagmanager.com https://www.youtube.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://redchamps.com *.yotpo.com test.saferpay.com www.saferpay.com saferpay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com www.xtento.com cdn.xtento.com blob: cbadev.vollmilch.ch cbastaging.vollmilch.ch confiserie.ch *.confiserie.ch *.googleapis.com *.amazonaws.com happyfoxchat.com *.facebook.net *.facebook.com *.google.com *.google.ch *.profity.ch *.google-analytics.com www.googletagmanager.com https://i.ytimg.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com test.saferpay.com www.saferpay.com saferpay.com s7.addthis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com *.doubleclick.net *.scoutsss.com *.google.com *.facebook.net *.facebook.com *.googleapis.com *.amazonaws.com happyfoxchat.com *.happyfoxchat.com *.google-analytics.com www.googletagmanager.com https://www.googleapis.com/ https://api.sovendus.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com cdn.ampproject.org *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.yotpo.com test.saferpay.com www.saferpay.com saferpay.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com *.googleapis.com happyfoxchat.com *.happyfoxchat.com *.facebook.com *.google.com *.google-analytics.com www.googletagmanager.com https://api.sovendus.com/ https://identification-api.sovendus.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src test.saferpay.com www.saferpay.com saferpay.com www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.aoe.com *.elfsight.com *.cookiepro.com www.google-analytics.com hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com forms.hsforms.com api.hubapi.com js.hs-banner.com stats.g.doubleclick.net www.facebook.com elfsightmail.com maps.googleapis.com svc.webspellchecker.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aoe.com cookie-cdn.cookiepro.com www.googletagmanager.com www.google-analytics.com www.googleoptimize.com www.google.com www.gstatic.com maps.googleapis.com connect.facebook.net snap.licdn.com js.hs-scripts.com js.hsforms.net forms.hsforms.com static.hsappstatic.net *.elfsight.com js.usemessages.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.hsadspixel.net *.doubleclick.net www.googleadservices.com secure.kota3chat.com www.eventbrite.de svc.webspellchecker.net www.veranstaltungsticket-bahn.de; img-src 'self' data: *.aoe.com cookie-cdn.cookiepro.com cookiepro.blob.core.windows.net *.hsforms.com *.hubspot.com www.google.de www.google.com www.googletagmanager.com www.google-analytics.com maps.gstatic.com maps.googleapis.com img.evbuc.com *.linkedin.com www.facebook.com www.youtube.com cdn.adsdefender.com bat.bing.com www.veranstaltungsticket-bahn.de; style-src 'self' 'unsafe-inline' *.aoe.com cdnjs.cloudflare.com use.fontawesome.com svc.webspellchecker.net; font-src 'self' *.aoe.com cdnjs.cloudflare.com use.fontawesome.com svc.webspellchecker.net; frame-src *.aoe.com www.google.com forms.hsforms.com explorer.land www.youtube.com www.youtube-nocookie.com www.facebook.com www.slideshare.net www.eventbrite.de td.doubleclick.net; frame-ancestors *.aoe.com; object-src 'none'; connect-src * data: 'unsafe-inline'; script-src-elem * data: 'unsafe-inline'; 1
frame-ancestors 'self' https://www.itmagazine.ch 1
default-src 'self'; connect-src 'self' https://*.googletagmanager.com https://content.hotjar.io/ https://cdn.linkedin.oribi.io/ https://px.ads.linkedin.com/ wss://api.smooch.io/ https://api.smooch.io/ https://i.covery.ai/ https://api.covery.ai/ https://ekr.zdassets.com/ wss://widget-mediator.zopim.com/ https://mygenome.zendesk.com/ https://widget-mediator.zopim.com/ https://maps.gstatic.com/ https://*.google-analytics.com https://*.google.com https://*.analytics.google.com https://*.g.doubleclick.net https://maps.googleapis.com/ https://www.gstatic.com/recaptcha/ https://www.facebook.com/ https://connect.facebook.net/ https://snap.licdn.com/li.lms-analytics/ https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://api.genome.eu/ https://ekr.zendesk.com/ https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://assets.calendly.com; script-src 'self' 'unsafe-inline' https://bat.bing.com/ https://api.smooch.io/ https://api.covery.ai/ https://static.zdassets.com/ https://www.google-analytics.com/ https://google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.googletagmanager.com https://connect.facebook.net/ https://static.hotjar.com https://script.hotjar.com https://snap.licdn.com/li.lms-analytics/ https://widget-mediator.zopim.com https://genome.us1.list-manage.com https://cookie-cdn.cookiepro.com https://assets.calendly.com; img-src 'self' https://*.googletagmanager.com https://cookie-cdn.cookiepro.com https://bat.bing.com/ https://strapi-store-ew-infra.s3.eu-central-1.amazonaws.com/ https://strapi-store-infra.s3.eu-central-1.amazonaws.com/ https://static.zdassets.com/ https://accounts.zendesk.com/ https://media.smooch.io/ https://support.genome.eu/ https://i.covery.ai/ https://maps.gstatic.com/ https://maps.googleapis.com/maps/ https://*.google-analytics.com https://*.analytics.google.com https://google.com/ https://*.google.com https://*.g.doubleclick.net https://www.facebook.com https://px.ads.linkedin.com/ https://t.co/ https://script.hotjar.com https://p.adsymptotic.com data: blob:; frame-src 'self' https://bid.g.doubleclick.net/ https://td.doubleclick.net/ https://www.googletagmanager.com/ https://vars.hotjar.com https://google.com/recaptcha/ https://recaptcha.net/ https://calendly.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; media-src 'self' blob: https://static.zdassets.com/; font-src 'self' https://fonts.gstatic.com/ https://script.hotjar.com; object-src 'self' blob: 1
frame-ancestors 'self' https://www.grandpatio.com http://*.grandpatio.com; 1
frame-ancestors schoolofawakening.elizabethapril.com elizabethapril.com dev.elizabethapril.com design.elizabethapril.com shop.elizabethapril.com media.elizabethapril.com new.elizabethapril.com orders.elizabethapril.com; default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src * blob:; worker-src * blob:; object-src *; script-src * data: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; 1
default-src 'self' https://tn.fromoldbooks.org https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://fundingchoicesmessages.google.com https://www.google-analytics.com https://tpc.googlesyndication.com https://stats.g.doubleclick.net https://csi.gstatic.com ; img-src 'self' data: https://tn.fromoldbooks.org https://www.google-analytics.com https://pagead2.googlesyndication.com https://csi.gstatic.com https://www.paypalobjects.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://cdnjs.buymeacoffee.com https://www.google.com https://pagead2.googlesyndication.com https://fundingchoicesmessages.google.com https://www.google-analytics.com *.doubleclick.net https://www.googletagervices.com https://ssl.google-analytics.com https://cdn.ampproject.org https://cdn.taboola.com https://adservice.google.com https://adservice.google.ca https://partner.googleadservices.com  https://www.googletagservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com; base-uri 'self'; frame-src 'self' https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net; 1
default-src 'self'; script-src 'nonce-o1aGwLdu0Qlif5Yb2SwjhA==' 'self' https://cc.cdn.civiccomputing.com/ https://api.swiftype.com https://api.reciteme.com/ https://www.buzzsprout.com/ https://maps.googleapis.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com https://unpkg.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://sealserver.trustwave.com https://cdn.yoshki.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://connect.facebook.net https://snap.licdn.com https://script.advertiserreports.com; style-src 'self' 'unsafe-inline' https://unpkg.com https://api.reciteme.com/ https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https://maps.gstatic.com/ https://sealserver.trustwave.com/ https://maps.googleapis.com/ https://api.reciteme.com https://api.thegreenwebfoundation.org/ https://res.cloudinary.com https://i.ytimg.com https://www.gravatar.com https://www.google.co.uk https://www.google.com https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com https://assets.modmore.com https://pubads.g.doubleclick.net https://px.ads.linkedin.com; font-src 'self' data: https://api.reciteme.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://www.google.co.uk; frame-src 'self' https://www.buzzsprout.com https://www.youtube.com https://www.google.com https://www.youtube-nocookie.com https://cdn.yoshki.com https://docs.modx.com; connect-src 'self' https://stats.reciteme.com/ https://maps.googleapis.com/ https://api.reciteme.com/ https://search-api.swiftype.com https://noembed.com https://cdn.plyr.io https://cc.cdn.civiccomputing.com https://apikeys.civiccomputing.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com https://px.ads.linkedin.com https://script.advertiserreports.com https://events.reciteme.com; media-src 'self' https://api.reciteme.com https://res.cloudinary.com; report-uri /csp-report-endpoint/ 1
default-src 'none' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.vercel.app/ https://*.pointb.com/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com/ https://*.ceros.com/ https://vercel.live/ https://player.vimeo.com/ https://d35vb5cccm4xzp.cloudfront.net/ https://api-engage-us.sitecorecloud.io/ https://static.addtoany.com/ https://insights.pointb.com/ https://pi.pardot.com/ https://www.google.com/ https://www.gstatic.com/ https://googleads.g.doubleclick.net/; style-src 'self' 'unsafe-inline' https://*.netlify.app/ https://fonts.googleapis.com/ https://*.vercel.app/ https://*.pointb.com/ ; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.vercel.app/ https://discover.sitecorecloud.io/ https://noembed.com/ https://cdn.cookielaw.org/ https://api-engage-us.sitecorecloud.io/ https://vimeo.com/ https://www.google-analytics.com/ https://geolocation.onetrust.com/; font-src 'self' data: https://fonts.gstatic.com/ https://*.vercel.app/; frame-src 'self' http://*.pointb.com/ http://pointb.com/ https://*.pointb.com/ https://pointb.com/ https://www.youtube.com/ https://www.google.com/ https://bcove.video/ https://player.vimeo.com/ https://view.ceros.com/ https://static.addtoany.com/; img-src 'self' data: https://edge.sitecorecloud.io/ https://*.vercel.app/ https://*.pointb.com/ https://www.googletagmanager.com/ https://i.ytimg.com/ https://cdn.cookielaw.org/ https://i.vimeocdn.com; manifest-src 'self' data:; worker-src 'none'; frame-ancestors 'self' https://*.vercel.app/ https://*.pointb.com/ https://cdn.cookielaw.org/; form-action 'self'; media-src https://*.vercel.app/ https://*.pointb.com/ https://player.vimeo.com/ https://vimeo.com/ https://download-video.akamaized.net/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' * blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' * data:; img-src 'self' * data:; connect-src 'self' *; font-src 'self' * data:; upgrade-insecure-requests; block-all-mixed-content 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: *.gstatic.com https://cdn-custom.optimonk.com https://use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * test.saferpay.com www.saferpay.com saferpay.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ consentcdn.cookiebot.com consentcdn.cookiebot.eu www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * test.saferpay.com www.saferpay.com saferpay.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com https://*.hotjar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com test.saferpay.com www.saferpay.com saferpay.com 'self' data: *.openstreetmap.org *.cookiebot.com https://img.sct.eu1.usercentrics.eu https://editor-upload-cdn.optimonk.com *.gstatic.com *.facebook.com www.xtento.com cdn.xtento.com https://www.glami.hu https://www.glami.cz https://maps.googleapis.com https://www.google.hu https://admin.fogyasztobarat.hu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ consent.cookiebot.com consent.cookiebot.eu jquery.sellxed.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com test.saferpay.com www.saferpay.com saferpay.com *.google.com *.gstatic.com https://map.gls-hungary.com https://consentcdn.cookiebot.com/consentconfig/ https://consentcdn.cookiebot.eu/consentconfig/ *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com www.xtento.com cdn.xtento.com https://*.optimonk.com https://*.hotjar.com https://*.hotjar.io https://www.glami.cz https://analytics.tiktok.com https://maps.googleapis.com https://rum.uptime.com https://ajax.googleapis.com https://admin.fogyasztobarat.hu https://*.mailerlite.com https://vjs.zencdn.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.gstatic.com https://cdn-asset.optimonk.com tagmanager.google.com https://p.typekit.net https://vjs.zencdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com consentcdn.cookiebot.com consentcdn.cookiebot.eu https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com test.saferpay.com www.saferpay.com saferpay.com t.elasticsuite.io *.google-analytics.com https://map.gls-hungary.com https://www.googleapis.com/ https://consent.cookiebot.com/ https://consent.cookiebot.eu/ *.facebook.net https://*.optimonk.com https://analytics.tiktok.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://maps.googleapis.com https://rum.uptime.com https://analytics.google.com https://*.analytics.google.com https://*.google.com https://admin.fogyasztobarat.hu 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; font-src 'self'; frame-src 'self'; img-src * data:; manifest-src 'self'; media-src 'self'; worker-src 'none'; script-src 'self' https://js.monitor.azure.com 'unsafe-inline'; connect-src 'self' https://westeurope-2.in.applicationinsights.azure.com/; 1
font-src fonts.gstatic.com *.gstatic.com *.bootstrapcdn.com *.googleapis.com data: *.typekit.net *.klaviyo.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.google-analytics.com *.klaviyo.com *.facebook.com *.facebook.net *.googletagmanager.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google-analytics.com *.klaviyo.com *.facebook.com *.facebook.net *.googletagmanager.com *.microsoft.com www.xtento.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.klaviyo.com *.google.com *.gstatic.com *.facebook.com *.facebook.net *.amazon.com *.payments-amazon.com *.bootstrapcdn.com *.googletagmanager.com *.googleapis.com *.bing.com *.golfbase.co.uk *.cloudfront.net www.xtento.com cdn.xtento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.searchspring.net *.searchspring.io maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google-analytics.com *.klaviyo.com *.google.com *.gstatic.com *.facebook.com *.facebook.net *.amazon.com *.bootstrapcdn.com *.googletagmanager.com *.doubleclick.net *.googleapis.com *.bing.com *.clarity.ms www.xtento.com cdn.xtento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.searchspring.net *.searchspring.io https://cdn.searchspring.net/intellisuggest/is.min.js maps.googleapis.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klaviyo.com *.google.com *.gstatic.com *.amazon.com *.payments-amazon.com *.bootstrapcdn.com *.googleapis.com *.bing.com *.googletagmanager.com *.typekit.net https://static.klaviyo.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.searchspring.net *.searchspring.io *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.youtube.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.klaviyo.com *.google.com *.hotjar.com *.googletagmanager.com *.doubleclick.net *.bing.com wss://*.bing.com *.clarity.ms https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.searchspring.net *.searchspring.io https://beacon.searchspring.io/beacon *.facebook.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.klaviyo.com/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
img-src 'self' data: https://global.localizecdn.com https://www.googletagmanager.com http://www.googletagmanager.com https://www.google.com/ads/ga-audiences https://vortex.accuweather.com https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com http://chart.apis.google.com https://chart.apis.google.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.accuweather.com http://www.accuweather.com https://oap.accuweather.com https://vortex.accuweather.com/adc2010/oap/javascript/jquery-1.9.1.min.js https://vortex.accuweather.com/adc2010/oap/stylesheets/widgets-20170109.css https://www.google.com https://global.localizecdn.com https://fonts.gstatic.com https://www.gstatic.com https://www.googletagmanager.com http://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://fonts.googleapis.com https://maps.gstatic.com/ http://chart.apis.google.com https://chart.apis.google.com 'self' https://api-1f91c8e6.duosecurity.com 1
default-src 'self';      script-src 'self' 'unsafe-inline' ;                                                   style-src 'self' ;                                                   style-src-elem 'unsafe-inline' 'self' ;                                                   img-src data: https: ; 1
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * blob: data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' *.arztnoe.at https://maps.googleapis.com/ https://www.youtube.com/; frame-ancestors 'self' *.dr-preissl.at; frame-src 'self' https://www.google.com/ https://www.youtube.com/; img-src 'self' data: https://maps.gstatic.com/ https://maps.googleapis.com/ *.arztnoe.at/; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' 'self' https://maps.googleapis.com/ https://stats.arztnoe.at/; style-src 'unsafe-inline' 'self'; worker-src blob:; child-src blob:; 1
default-src 'self'; connect-src 'self' https://api.stripe.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://api.maptiler.com *.sentry.io; frame-src https://js.stripe.com https://hooks.stripe.com https://www.google.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://*.openstreetmap.org *.google-analytics.com *.googletagmanager.com https://api.maptiler.com https://*.tiles.virtualearth.net ; script-src 'self' https://cdnjs.cloudflare.com/polyfill/v3/polyfill.min.js https://*.virtualearth.net https://js.stripe.com *.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; report-uri https://o130063.ingest.sentry.io/api/5212905/security/?sentry_key=026cfa5e26e24b0abb114f70a0d30e64 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cegos.fr *.cegos.com https://www.gstatic.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://www.googleadservices.com/pagead/conversion/ https://www.google.fr/pagead/attribution/ https://www.gstatic.com/wcm/ https://www.gstatic.com/recaptcha/api2/ https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ec.js https://www.linkedin.com/px/ https://px.ads.linkedin.com/collect/ https://platform.linkedin.com/ https://static.ads-twitter.com/uwt.js https://analytics.twitter.com/ https://platform.twitter.com/ https://cdn.syndication.twimg.com/timeline/ https://www.googleadservices.com/pagead/conversion_async.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://connect.facebook.net/ https://www.youtube.com/iframe_api https://s.ytimg.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://bat.bing.com/bat.js https://cdn.matomo.cloud/ https://cegos.matomo.cloud/; object-src 'self'; base-uri 'none'; 1
default-src 'self'; style-src https://fonts.googleapis.com 'self' 'unsafe-inline'; script-src 'self' https://plausible.io https://player.vimeo.com https://js.stripe.com https://beacon-v2.helpscout.net https://harp.elevenways.eu https://*.instagram.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://plausible.io https://vimeo.com https://*.craftcms.com https://beaconapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://api.instagram.com; object-src 'self'; font-src 'self' https://s3.eu-west-1.amazonaws.com https://fonts.gstatic.com data:; img-src 'self' https://s3.eu-west-1.amazonaws.com https://d4r8ypmqnkoz0.cloudfront.net https://momu.imgix.net https://*.craft-cdn.com https://g.stripe.com https://beacon-v2.helpscout.net https://d33v4339jhl8k0.cloudfront.net data:; media-src 'self' https://d4r8ypmqnkoz0.cloudfront.net https://momu.imgix.net; frame-src 'self' https://player.vimeo.com https://js.stripe.com https://momuantwerp.typeform.com https://puzzel.org https://tours.momu.be https://*.instagram.com; frame-ancestors 'self' https://www.momu.be https://tours.momu.be; form-action 'self' https://momu.us17.list-manage.com https://library.momu.be; 1
img-src * 'self' data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.polartec.com *.assets-servd.host *.avantlink.com *.facebook.com *.trustarc.com *.doubleclick.net instant.page *.typekit.net *.linkedin.com *.hotjar.com *.licdn.com *.google-analytics.com *.google.com *.googleoptimize.com *.googletagmanager.com *.facebook.net *.linkedin.oribi.io *.ads.linkedin.com https://snap.licdn.com/* https://*.linkedin.com/* https://player.vimeo.com/ https://classic.avantlink.com wss://ws.hotjar.com *.hotjar.io *.cloudinary.com *.craftcms.com *.gstatic.com/ https://servd-polartec-polartec.b-cdn.net https://view.ceros.com/ *.googlesyndication.com/ *.youtube.com/ polartec.us1.list-manage.com/ *.googleadservices.com/ blob:;media-src 'self' data: blob: *; 1
script-src 'self' 'unsafe-inline' http://js.hs-scripts.com http://js.hsforms.net https://cdn.cookielaw.org https://forms.hsforms.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://snap.licdn.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com; script-src-attr 'self'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.hearst.co.uk/report-uri/enforce 1
default-src 'self'; child-src 'self' blob: https://client.rlpdirekt.de/ https://kb.ionas.de/; connect-src 'self' https://*.readspeaker.com https://api.service-digitale-verwaltung.de https://buergerservice.ionas.de/ https://nominatim.openstreetmap.org/ https://tracking-nc.chamaeleon.de; font-src 'self' data: http://www.minden.de; frame-ancestors 'self'; frame-src 'self' https://*.readspeaker.com https://buergerservice.ionas.de https://iam.chamaeleon.de https://iam.chamaeleon.de/ https://kb.ionas.de https://www.google.com; img-src 'self' blob: data: https://buergerservice.ionas.de/ https://client.rlpdirekt.de/ https://tiles.chamaeleon.de https://tracking-nc.chamaeleon.de https://www.dwd.de https://www.minden.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.readspeaker.com https://tracking-nc.chamaeleon.de; script-src-elem 'self' 'unsafe-inline' https://*.readspeaker.com https://api.service-digitale-verwaltung.de https://tracking-nc.chamaeleon.de; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.readspeaker.com; style-src-elem 'self' 'unsafe-inline' https://*.readspeaker.com https://api.service-digitale-verwaltung.de; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob:; report-to main 1
base-uri 'none'; object-src 'none'; form-action 'self'; script-src 'nonce-3071fba73fef57a18e20cbed862b1044' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:; frame-ancestors 'none'; 1
block-all-mixed-content; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; default-src 'none'; img-src 'self' data: https:; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline'; connect-src 'self' https:; font-src 'self' data:; media-src data: about:; frame-src 'self' about: https:; object-src 'self' about: 1
default-src 'self';img-src * 'self' data: https:;font-src 'self' data: https://fonts.googleapis.com;style-src 'self' 'unsafe-inline' https://unpkg.com/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://vk.com https://connect.facebook.net https://mc.yandex.ru https://code.jquery.com/ https://google.com/ https://www.google.com/ https://www.gstatic.com/;object-src 'none';connect-src 'self' https://mc.yandex.ru https://www.facebook.com https://vk.com https://www.google-analytics.com https://google.com/ https://www.googletagmanager.com https://www.gstatic.com/;frame-src 'self' https://www.youtube.com https://youtube.com https://www.google.com/ 1
default-src 'self' data: http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io http://www.aparat.com https://www.aparat.com http://shenoto.com/ https://youtube.com/ https://telewebion.com https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; img-src 'self' blob: data: https://map.ir https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://cdn.goftino.com https://api.userway.org; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org http://www.aparat.com https://www.aparat.com http://shenoto.com/ https://youtube.com/ https://telewebion.com; frame-ancestors 'self' https://trustseal.enamad.ir; 1
script-src 'self' matomo2.jart.at 'unsafe-inline' 'unsafe-eval' 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-v+0fCHmE3cxhP23E4hI3nMUJFfxNEW' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
frame-ancestors 'self' https://*.gameup.ir http://*.gameup.ir 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; img-src * data: blob:; report-uri https://www.mfgsoft.de/report.php; 1
default-src 'self' images.salzburg-ag.at *.salzburg-ag.tech; object-src 'self' app.usercentrics.eu/latest/ www.googletagmanager.com cognigy-endpoint.salzburg-ag.at maps.googleapis.com; script-src 'self' *.salzburg-ag.at snap.licdn.com *.mouseflow.com *.pinimg.com maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ assets.adobedtm.com sc-static.net app.usercentrics.eu/latest/ images.salzburg-ag.at js.monitor.azure.com/scripts/ www.googletagmanager.com cognigy-endpoint.salzburg-ag.at www.googleadservices.com *.g.doubleclick.net ad.doubleclick.net tr.snapchat.com www.google-analytics.com *.usercentrics.eu www.youtube.com snap.licdn.com/li.lms-analytics/insight.min.js connect.facebook.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.salzburg-ag.tech cdn.linkedin.oribi.io *.mouseflow.com *.google-analytics.com *.analytics.google.com *.salzburg-ag.at ct.pinterest.com tr.snapchat.com *.g.doubleclick.net ad.doubleclick.net sc-static.net maps.googleapis.com *.usercentrics.eu dc.services.visualstudio.com/v2/track  *.omtrdc.net *.demdex.neti data: wss:; img-src 'self' *.salzburg-ag.at *.pinimg.com ct.pinterest.com www.google-analytics.com www.google.com www.google.at p.adsymptotic.com *.fls.doubleclick.net *.linkedin.com *.facebook.com *.youtube.com *.g.doubleclick.net ad.doubleclick.net adservice.google.com tr.snapchat.com maps.gstatic.com maps.googleapis.com www.googletagmanager.com app.usercentrics.eu *.usercentrics.eu www.familieundberuf.at *.everesttech.net *.demdex.net *.omtrdc.net data:; style-src 'self' 'unsafe-inline' *.salzburg-ag.at app.usercentrics.eu/latest/ www.googletagmanager.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com maps.googleapis.com data:; frame-src 'self' reglist24.com *.reglist24.com  my.matterport.com *.svc.dynamics.com *.cablelink.at sag.viewer.cit-fusion.com ct.pinterest.com www.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://at.eturnity.eu/ ocilion.com p.artworx.at form.typeform.com *.microsoftonline.com login.microsoftonline.com cablelink.preview.speedtestcustom.com cablelink.speedtestcustom.com energie-effizienz-iframe.smartricity.de outlook.office365.com *.fls.doubleclick.net ad.doubleclick.net www.youtube.com maps.googleapis.com tr.snapchat.com *.facebook.com *.demdex.net;media-src 'self' maps.googleapis.com data:; frame-ancestors 'self' app.usercentrics.eu; form-action 'self' tr.snapchat.com www.facebook.com app.usercentrics.eu; 1
default-src 'self'; base-uri 'self'; child-src https://policy.app.cookieinformation.com blob:; connect-src 'self' *.cookieinformation.com https://app-cctadop-cms-1cd-prod-a.azurewebsites.net/ https://app-cctadop-api-prod-a.azurewebsites.net/ dpm.demdex.net *.sc.omtrdc.net https://udviklingsogforenk.tt.omtrdc.net *.kaltura.com *.readspeaker.com https://api.cludo.com https://supchat.skat.supwizapp.com wss://supchat.skat.supwizapp.com https://info.skat.dk/; font-src 'self' data:; frame-ancestors 'self' https://sktst.dk https://info.skat.dk; frame-src 'self' https://policy.app.cookieinformation.com *.kaltura.com https://skat.dk https://app-eu.readspeaker.com https://info.skat.dk/; img-src 'self' https://app-cctadop-cms-1cd-prod-a.azurewebsites.net/ data: *.kaltura.com *.cludo.com https://skat.dk *.sc.omtrdc.net https://supchat.skat.supwizapp.com https://info.skat.dk https://meeting.skat.dk; media-src 'self' *.kaltura.com data: blob: https://supchat.skat.supwizapp.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://policy.app.cookieinformation.com https://policy.cookieinformation.com *.kaltura.com *.readspeaker.com https://supchat.skat.supwizapp.com; style-src 'self' 'unsafe-inline' *.readspeaker.com *.supwizapp.com; 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-D87GgJgojRUTebdPNNXe5+bYH/KLpN' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
base-uri 'self'; connect-src 'self' https://netitwork.de https://d3hb14vkzrxvla.cloudfront.net https://beaconapi.helpscout.net https://fast.wistia.com https://distillery.wistia.com https://pipedream.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io; default-src data: ; font-src * 'self' data:; frame-src 'self' data: https://netitwork.de https://wp-rocket.me; img-src 'self' data: https://s.w.org https://ps.w.org https://netitwork.de https://wp-rocket.me https://fast.wistia.com https://distillery.wistia.com https://embed-ssl.wistia.com https://yoa.st https://yoast.com; manifest-src 'self'; media-src 'self' blob:; object-src 'none'; script-src 'self' https://netitwork.de https://yoast.com https://beacon-v2.helpscout.net https://fast.wistia.com https://distillery.wistia.com https://embed-ssl.wistia.com https://js.sentry-cdn.com/a3591ba5e949a37083cc6f5a4191e903.min.js 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.gstatic.com/s/ https://fonts.googleapis.com; worker-src 'self' blob: data:; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: *.tealiumiq.com connect.facebook.net www.dwin1.com snap.licdn.com api.eu.kaltura.com beursinfo.abnamro.nl tags.tiqcdn.com w.usabilla.com api.usabilla.com google-analytics.com googletagmanager.com nieuwsbrieven.abnamro.nl *.optimizely.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io; connect-src https: *.tealiumiq.com api.usabilla.com abnamro.sc.omtrdc.net dpm.demdex.net www.google-analytics.com stats.g.doubleclick.net region1.google-analytics.com nieuwsbrieven.abnamro.nl *.optimizely.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io; style-src 'unsafe-inline' https: blob: fonts.googleapis.com; img-src data: https: abnamro.sc.omtrdc.net cfvod.eu.kaltura.com d6tizftlrpuof.cloudfront.net images.ctfassets.net google-analytics.com *.tealiumiq.com w.usabilla.com abnamro.sc.omtrdc.net www.facebook.com www.awin1.com cm.g.doubleclick.net px.ads.linkedin.com region1.google-analytics.com; font-src https: fonts.gstatic.com; media-src 'self' https: blob:; frame-src abnamrobank.qualtrics.com beursinfo.abnamro.nl d6tizftlrpuof.cloudfront.net *.fls.doubleclick.net www.awin1.com localfocuswidgets.net assets.abnamro.com www.youtube.com www.google.com nieuwsbrieven.abnamro.nl *.optimizely.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io https: omny.fm; worker-src 'self' https: blob:; frame-ancestors https: beursinfo.abnamro.nl nieuwsbrieven.abnamro.nl *.optimizely.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' https://apis.google.com https://cdn.elliemae.io https://www.datadoghq-browser-agent.com https://www.gstatic.com/firebasejs/; style-src 'self' 'unsafe-inline' 'report-sample'; style-src-elem 'self' 'unsafe-inline' *.pointservices.com https://cdn.auth0.com/; object-src 'none'; base-uri 'self'; connect-src 'self' https://logs.browser-intake-datadoghq.com *.pointservices.com https://rum.browser-intake-datadoghq.com *.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; child-src 'self' https://pps-core-prod.firebaseapp.com *.pointservices.com; img-src 'self' data: blob: *.pointservices.com; manifest-src 'self'; media-src 'self'; worker-src 'self' *.pointservices.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub603de6612a12ec69df646e955dc0daed&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:pps-core-prod 1
upgrade-insecure-requests;script-src 'self' 'wasm-unsafe-eval';connect-src 'self' blob: https://seal.cafe wss://seal.cafe https://s3.us-east-1.wasabisys.com https://proxy.seal.cafe;media-src 'self' https://s3.us-east-1.wasabisys.com https://proxy.seal.cafe;img-src 'self' data: blob: https://s3.us-east-1.wasabisys.com https://proxy.seal.cafe;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self';frame-src 'self' https:; 1
font-src *.googleapis.com *.gstatic.com data: *.braintreegateway.com *.googletagmanager.com *.amazonaws.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.paypal.com *.google-analytics.com *.authorize.net *.cardinalcommerce.com *.yotpo.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.gstatic.com *.googleapis.com *.braintreegateway.com *.googletagmanager.com *.amazonaws.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.google-analytics.com *.authorize.net *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.gstatic.com *.googleapis.com *.braintreegateway.com *.googletagmanager.com *.amazonaws.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.google-analytics.com *.authorize.net *.yotpo.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.braintreegateway.com *.googletagmanager.com *.amazonaws.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.google-analytics.com *.authorize.net *.cardinalcommerce.com *.yotpo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.gstatic.com *.googleapis.com *.braintreegateway.com *.googletagmanager.com *.amazonaws.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.paypal.com *.google-analytics.com *.authorize.net *.cardinalcommerce.com *.yotpo.com https://static.klaviyo.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.gstatic.com *.braintreegateway.com *.googletagmanager.com *.amazonaws.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.google-analytics.com *.authorize.net *.yotpo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.gstatic.com *.googleapis.com *.braintreegateway.com *.googletagmanager.com *.amazonaws.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.paypal.com *.google-analytics.com *.authorize.net *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * 'unsafe-inline'; img-src * data: ; script-src * 'unsafe-eval' 'unsafe-inline'; worker-src * blob:; font-src * data: 1
default-src 'self';  object-src *; img-src data: *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; frame-src https://*; connect-src *; font-src 'self' data: *; form-action 'self' * 1
frame-ancestors 'self' http://manage.hawksearch.com https://manage.hawksearch.com http://dev.hawksearch.net https://dev.hawksearch.net 1
default-src 'self'; connect-src 'self' *.joinville.sc.gov.br ssl.gstatic.com *.google-analytics.com; font-src 'self' *.bootstrapcdn.com data: ; frame-src * 'self' blob: *.google.com *.youtube.com *.vimeo.com *.facebook.com; img-src * 'self' blob: *.google-analytics.com data: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.joinville.sc.gov.br *.googletagmanager.com *.google.com *.gstatic.com blob: *.google-analytics.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.joinville.sc.gov.br *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.jquery.com; 1
frame-ancestors https://app.zoominfo.com 1
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://syke.maps.arcgis.com; base-uri 'self'; object-src 'self'; connect-src wss: https: 1
worker-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.youtube.com *.zencdn.net *.photoninfotech.com *.googletagmanager.com *.google.com *.facebook.net *.gstatic.com *.test.semantico.net *.recaptcha.net *.cloudinary.com *.onetrust.com *.brightcove.net *.cloudflare.com *.googleapis.com *.star.saas.semcs.net *.3playmedia.com *.zscloud.net *.players.brightcove.net; frame-src 'self'   *.youtube.com  *.brightcove.net *.recaptcha.net *.photoninfotech.com *.sspbloomsbury.com *.worldbank.org *.googletagmanager.com *.vjs.zencdn.net *.spotify.com *.vimeo.com ; object-src 'self'; 1
default-src https://www.googletagmanager.com/ https://connect.facebook.net/ https://snap.licdn.com/ https://p.teads.tv/ https://www.googleadservices.com/ https://www.google-analytics.com/; img-src 'self' https: img.youtube.com i.ytimg.com  data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://connect.facebook.net/ https://snap.licdn.com/ https://p.teads.tv/ https://www.googleadservices.com/ https://www.google-analytics.com/;script-src-elem 'self' 'unsafe-inline'  https://www.googletagmanager.com/ https://connect.facebook.net/ https://snap.licdn.com/ https://p.teads.tv/ https://www.googleadservices.com/ https://www.google-analytics.com/;style-src 'self' 'unsafe-inline' fonts.googleapis.com ; font-src 'self' fonts.gstatic.com fonts.googleapis.com ; connect-src 'self' https: lottie.host ;worker-src 'self' https: ;form-action 'self';frame-ancestors 'none';frame-src https: youtube.com www.youtube.com  1
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none';  worker-src 'none'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net;script-src-elem 'self' 'unsafe-inline' https://connect.facebook.net https://7003465.collect.igodigital.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://remote.captcha.com/include.js 1
default-src 'unsafe-eval' http: https: data: blob: ws: wss: 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss://* https://*; 1
frame-ancestors 'self' *.vystarcu.org; 1
default-src 'self';img-src 'self' theticketingco.imgix.net https://chat.frontapp.com https://chat-assets.frontusercontent.com https://user-assets.out.sh https://js.gleam.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca assets.theticketing.co theticketingco.imgix.net https://app.termly.io https://cdn.userway.org data: *;media-src assets.theticketing.co;script-src 'self' https://*.smartlook.com https://*.smartlook.cloud https://js.stripe.com https://api.userway.org https://cdn.userway.org https://chat-assets.frontapp.com https://assets.calendly.com https://connect.facebook.net/ https://widget.gleamjs.io https://*.googletagmanager.com https://accounts.google.com/gsi/client https://sc-static.net/scevent.min.js https://*.snapchat.com https://app.termly.io https://analytics.tiktok.com/i18n/pixel/ https://www.redditstatic.com/ads/pixel.js https://sc-static.net/sc-pixel-helper.min.js 'unsafe-eval';style-src 'self' assets.theticketing.co https://cdn.userway.org blob: 'unsafe-inline';font-src 'self' assets.theticketing.co fonts.gstatic.com theticketingco.imgix.net https://cdn.userway.org;frame-src *.youtube.com *.vimeo.com *.vevo.com https://js.stripe.com https://calendly.com https://gleam.io https://e.issuu.com https://forms.monday.com https://*.snapchat.com https://app.termly.io https://cdn.userway.org;frame-ancestors https://promoter.theticketing.co https://covellitepresents.org https://stonecircletheatre.org https://www.moonpeakproductions.com https://www.montanabooking.com https://touchmotherearth.org https://touchmotherearth.com https://www.abcbrew.com https://soundzorganic.com https://www.wublifent.com https://laculturapresents.com;object-src 'none';connect-src 'self' api.theticketing.co o353949.ingest.sentry.io https://www.facebook.com https://graph.facebook.com/ https://chat-assets.frontapp.com https://chat.frontapp.com https://us-west-1-chat-server.frontapp.com https://us-west-2-chat-server.frontapp.com wss://front-us-realtime.ably.io https://chat-webhook.frontapp.com https://*.bugsnag.com https://*.browser-intake-datadoghq.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.smartlook.com https://*.smartlook.cloud https://api.stripe.com https://api.userway.org https://cdn.userway.org https://*.api.userway.org https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com theticketingco.imgix.net https://*.snapchat.com https://app.termly.io https://analytics.tiktok.com/api/v2/;report-uri https://theticketingco.report-uri.com/r/d/csp/enforce; 1
default-src 'self' https://www.youtube-nocookie.com https://api.usercentrics.eu https://app.usercentrics.eu https://dev.boge-kompressoren.de https://row.boge-kompressoren.de https://row.boge.com https://www.boge.com https://boge.com https://uct.service.usercentrics.eu https://unpkg.com https://www.googletagmanager.com https://graphql.usercentrics.eu https://privacy-proxy.usercentrics.eu https://www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://ajax.googleapis.com https://www.google-analytics.com https://app.usercentrics.eu https://privacy-proxy.usercentrics.eu https://www.googletagmanager.com blob:; style-src 'self' 'unsafe-inline' https://translate.googleapis.com https://unpkg.com; img-src 'self' https://www.google.de https://www.google.com https://googleads.g.doubleclick.net https://*.google-analytics.com https://fonts.gstatic.com https://www.googletagmanager.com https://www.gstatic.com https://privacy-proxy-server.usercentrics.eu https://support.boge.com https://www.google-analytics.com https://app.usercentrics.eu https://uct.service.usercentrics.eu https://www.boge.com https://row.boge-kompressoren.de https://www.google.pl https://www.google.com https://row.boge.com data:; connect-src 'self' https://www.google.com https://googleads.g.doubleclick.net https://*.google-analytics.com https://region1.google-analytics.com https://aggregator.service.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://privacy-proxy.usercentrics.eu https://stats.g.doubleclick.net https://www.google-analytics.com https://api.usercentrics.eu https://row.boge-kompressoren.de https://graphql.usercentrics.eu https://privacy-proxy.usercentrics.eu https://aggregator.service.usercentrics.eu https://row.boge.com; style-src-elem 'self' 'unsafe-inline' https://unpkg.com https://www.googletagmanager.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'none'; media-src 'self' https://api.usercentrics.eu; form-action 'self' https://api.usercentrics.eu https://seu2.cleverreach.com; frame-ancestors 'self' https://row.boge-kompressoren.de; 1
default-src 'self' https: data: gap:; font-src 'self' https: data:; img-src https: content: data:; script-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; style-src 'self' 'unsafe-inline' https:;media-src * blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.lpsnmedia.net unpkg.com *.tealiumiq.com *.tiqcdn.com *.gstatic.com *.google.com *.braze.eu *.appboycdn.com *.adform.net *.fbcdn.net oc-cdn-public-eur.azureedge.net *.addthis.com *.twitter.com *.presspage.com *.timify.com *.brocacef.nl *.jquery.com *.facebook.net *.cookiebot.com *.mopinion.com developers.google.com *.liveperson.net *.lpsnmedia.net *.liveperson.net *.googleapis.com *.hotjar.com *.google-analytics.com *.hotjar.com *.googleoptimize.com *.googletagmanager.com brocacef-acc-cdn.azureedge.net brocacef-test-cdn.azureedge.net snap.licdn.com www.youtube.com; style-src 'self' 'unsafe-inline' *.mopinion.com oc-cdn-public-eur.azureedge.net *.presspage.com *.brocacef.nl *.googleapis.com brocacef-acc-cdn.azureedge.net brocacef-test-cdn.azureedge.net hello.myfonts.net; object-src 'none'; base-uri 'self'; connect-src 'self' *.cookiebot.com ws: *.tealiumiq.com *.googlesyndication.com *.tiqcdn.com *.braze.eu *.appboycdn.com *.google.com *.gstatic.com *.hotjar.com ws.hotjar.com *.benu.nl *.omnichannelengagementhub.com *.timify.com *.addthis.com *.presspage.com *.brocacef.nl *.mopinion.com *.hotjar.com *.hotjar.io *.googleapis.com *.google-analytics.com *.doubleclick.net *.google-analytics.com *.liveperson.net; font-src 'self' *.mopinion.com *.presspage.com *.azureedge.net data: *.brocacef.nl https://fonts.gstatic.com; frame-src 'self' *.cookiebot.com *.doubleclick.net 13130251.fls.doubleclick.net oc-cdn-public-eur.azureedge.net *.liveperson.net *.twitter.com *.addthis.com *.lpsnmedia.net *.hotjar.com https://www.facebook.com https://www.youtube-nocookie.com https://www.youtube.com *.presspage.com *.timify.com; img-src 'self' data: brocacef-acc-cdn.azureedge.net *.cookiebot.com *.benushop.nl *.doubleclick.net www.benu-test-b.web44.shoptrader.com *.ytimg.com *.presspage.com *.mopinion.com brocacef-test-cdn.azureedge.net *.brocacef.nl *.lpsnmedia.net *.googleapis.com *.gstatic.com *.facebook.com *.google-analytics.com brocacef.emply.net content.presspage.com presspage-production-content.s3.amazonaws.com px.ads.linkedin.com; manifest-src 'self'; media-src 'self' *.lpsnmedia.net brocacef-acc-cdn.azureedge.net brocacef-test-cdn.azureedge.net *.brocacef.nl https://www.youtube.com *.presspage.com; worker-src 'none'; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'none' 1
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw  flightbookings.airnewzealand.com.cn flightbookings.grabaseat.co.nz  flightbookings.airnewzealand.co.jp identity.airnewzealand.com au-connect.authsignal.com auth.identity.airnewzealand.com auth.identity.qual.airnewzealand.com auth.airnewzealand.co.nz auth.airnewzealand.co.uk; script-src 'self' p-airnz.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com flightbookings.airnewzealand.co.nz player.vimeo.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com www.googletagservices.com pagead2.googlesyndication.com tpc.googlesyndication.com www.google.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com s.swiftypecdn.com upgrade.plusgrade.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com static.hotjar.com script.hotjar.com yourir.info analytics.twitter.com static.ads-twitter.com secure.quantserve.com rules.quantcount.com auth.airnewzealand.co.nz auth.airnewzealand.co.uk ssl.google-analytics.com cdnjs.cloudflare.com res.levexis.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js oc-cdn-public-oce.azureedge.net; style-src 'unsafe-inline' p-airnz.com fonts.googleapis.com tagmanager.google.com s.swiftypecdn.com upgrade-cdn-prd.plusgrade.com static.hotjar.com script.hotjar.com yourir.info 'self' oc-cdn-public-oce.azureedge.net; img-src https: data: static.hotjar.com script.hotjar.com; font-src p-airnz.com fonts.googleapis.com fonts.gstatic.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com 'self' data:; media-src 'self' p-airnz.com ; frame-src 'self' *.google.com auth.identity.airnewzealand.com identity.airnewzealand.com au-connect.authsignal.com nz.fltmaps.com player.vimeo.com www.youtube.com airnz.wufoo.com xd.wayin.com display.engagesciences.com *.demdex.net *.doubleclick.net www.googletagmanager.com tpc.googlesyndication.com *.cdn-pci.optimizely.com nebula-cdn.kampyle.com vars.hotjar.com sec.windcave.com uat.windcave.com forms.cd.airnewzealand.co.nz www.airnewzealand.co.nz/airpoints-account/payments/scripts/done.html www.airnewzealand.co.nz/payment/scripts/done.html oc-cdn-public-oce.azureedge.net blob: airnz-cargo.chooose.today airnz-corporate.chooose.today; connect-src 'self' api.airnz.io api.airnz.ai *.googleapis.com *.google.com *.gstatic.com auth.airnewzealand.co.nz auth.airnewzealand.co.uk identity.airnewzealand.com *.demdex.net *.tt.omtrdc.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net adservice.google.com pagead2.googlesyndication.com *.doubleclick.net *.optimizely.com s.swiftypecdn.com search-api.swiftype.com *.kampyle.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.sentry.io yourir.info ssl.google-analytics.com https://widget.timatic.iata.org/api/ sec.windcave.com uat.windcave.com; object-src 'none'; frame-ancestors 'self'; report-uri /csp-report 1
script-src blob: http: https: https://gosselinphoto.ca/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' blob: https: 'unsafe-inline' https://gosselinphoto.ca/; img-src data: http: https: ssl.gstatic.com; object-src 'none'; base-uri 'none'; child-src 'self'; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.doubleclick.net *.criteo.com *.pinterest.com *.facebook.com https://infolettre.gosselinphoto.ca/ https://onlineapi-training.flexiti.fi/flexiti/online-api/oauth/token *.paypal.com *.flexiti.fi; 1
default-src 'self'; script-src 'self' https://ystweb.cantarusdev.co.uk/ https://ajax.cloudflare.com/ blob: https://tools.luckyorange.com/ https://platform.twitter.com/ https://www.googletagmanager.com/ https://connect.facebook.net/ https://cc.cdn.civiccomputing.com/ 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://tools.luckyorange.com/ 'unsafe-inline'; img-src * data:; frame-src 'self' https://player.vimeo.com/ https://www.youtube.com/ https://syndication.twitter.com/ https://platform.twitter.com/ https://anchor.fm/ https://podcasters.spotify.com/; font-src 'self' https://storage.googleapis.com/ https://fonts.gstatic.com/ data: ;connect-src 'self' https://tools.luckyorange.com/  https://settings.luckyorange.com/ https://apikeys.civiccomputing.com/ https://region1.google-analytics.com/ https://pubsub.googleapis.com/ wss://in.visitors.live/ wss://realtime.luckyorange.com/ https://api-preview.luckyorange.com/ https://in.visitors.live/ https://our.umbraco.com/ 1
default-src 'self'; object-src 'self' youtube.com player.vimeo.com vimeo.com;   frame-src 'self' app.powerbi.com youtube.com player.vimeo.com vimeo.com www.google.com ldir.statistikkdata.no https://docs.google.com/;   base-uri 'self';   form-action 'self' https://www.anpdm.com/ https://nyhetsbrev.landbruksdirektoratet.no/;    script-src 'unsafe-inline'  youtube.com player.vimeo.com;   script-src-elem 'unsafe-inline' www.googletagmanager.com https://plausible.io/js/script.js www.google-analytics.com www.google.com www.gstatic.com *.landbruksdirektoratet.no; connect-src 'self' www.google-analytics.com https://plausible.io/api/event;   img-src * data:;   style-src * 'unsafe-inline';   font-src * data: 1
default-src 'self'; media-src *; frame-src *.hsforms.com *.chilipiper.com optimize.google.com *.trustpilot.com vars.hotjar.com; script-src * 'self' 'unsafe-inline'; connect-src *; font-src *; img-src * data:; style-src * 'unsafe-inline'; object-src 'none'; script-src-elem *.chilipiper.com *.hsforms.com *.hsforms.net *.jquery.com *.segment.com *.axept.io *.trustpilot.com *.google-analytics.com *.googleadservices.com *.licdn.com *.facebook.net *.getdrip.com *.bing.com *.googletagmanager.com *.cloudfront.net *.doubleclick.net *.hs-scripts.com *.clarity.ms *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net *.hsadspixel.net 'self' 'unsafe-inline'; 1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'self' data: https:; 1
frame-ancestors 'self' *.mainemorsels.com *.freshiesdeli.com *.rhfoster.com *.tricitypizza.com *.tricitypizzabangor.com *.minitstop.com minitstop.com http://*.gowesco.com http://gowesco.com kelleysmarket.com *.kelleysmarket.com http://kelleysmarket.com http://*.kelleysmarket.com *.valleyliquorsky.com valleyliquorsky.com *.vaultliquorsky.com vaultliquorsky.com *.lucillesroadhouse.com lucillesroadhouse.com *.command-center.com command-center.com rebelorder.wpengine.com neonmkts.com *.neonmkts.com orderrebel.store *.rebelstores.com rebelstores.com *.gasngostores.com gasngostores.com *.tootntotum.com tootntotum.com tootntotum.preview.octanesites.com *.hucks.com hucks.com millbrook.squarespace.com d2drali5pfunp5.amplifyapp.com *.d2drali5pfunp5.amplifyapp.com *.holidayoil.com holidayoil.com; 1
frame-ancestors 'self' https://api.helloproteger.com/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.fnordserver.eu; style-src 'self' 'unsafe-inline'; img-src 'self' https://strapi.fnordserver.net https://stats.fnordserver.eu; connect-src 'self' https://strapi.fnordserver.net https://stats.fnordserver.eu; frame-ancestors 'none'; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.monitor.azure.com policy.app.cookieinformation.com www.googletagmanager.com connect.facebook.net www.youtube.com sc-static.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com www.gstatic.com; img-src 'self' blob: data: ad.doubleclick.net www.godfisk.no www.googletagmanager.com www.google.com.ua www.google.be www.google.co.ke www.google.co.uk www.google.com www.google.com.br www.google.com.cy www.google.com.np www.google.com.vn www.google.de www.google.dk www.google.ee www.google.es www.google.fr www.google.gl www.google.gr www.google.hr www.google.is www.google.it www.google.nl www.google.no www.google.pl www.google.pt www.google.se www.google.si adservice.google.com fonts.gstatic.com stats.g.doubleclick.net translate.google.com www.facebook.com i.ytimg.com www.google.ae www.google.com.sg www.google.ro www.fromnorway.com connect.facebook.net www.google.al www.google.co.kr www.google.co.th www.google.com.ar www.google.com.tr www.google.com.uy www.google.fi www.google.ru www.google.at www.google.bg www.google.ca www.google.ch www.google.co.za www.google.com.ng www.google.com.ph www.google.ie www.google.iq www.google.co.in www.google.co.jp www.google.co.ma www.google.com.gt www.google.com.mx www.google.cz www.google.lt www.google.lv www.google.me www.google.mn www.google.co.il www.google.com.ni www.google.jo www.google.cm www.google.com.au www.google.rs www.google.lu www.google.co.id www.google.com.hk www.google.com.mt www.google.mk www.google.hu www.google.co.mz www.google.com.et www.google.ba www.google.ge; font-src 'self' fonts.gstatic.com; connect-src 'self' dc.services.visualstudio.com analytics.google.com policy.app.cookieinformation.com www.google.com www.google.com.ua adservice.google.com consent.app.cookieinformation.com googleads.g.doubleclick.net stats.g.doubleclick.net translate.googleapis.com www.facebook.com www.google.co.ke www.google.co.uk www.google.dk www.google.es www.google.nl www.google.no www.google.se www.googleadservices.com *.analytics.google.com *.google-analytics.com www.google.pt www.google.ro www.google.com.tr www.google.fr www.google.pl pagead2.googlesyndication.com www.google.bg www.google.de www.google.it www.google.co.th www.google.com.br www.google.fi www.google.gl www.google.gr www.google.lt www.google.hr www.google.co.jp www.googletagmanager.com www.google.ae www.google.ch www.google.ba www.google.com.mx; frame-src 8227382.fls.doubleclick.net policy.app.cookieinformation.com td.doubleclick.net www.googletagmanager.com www.youtube.com; report-uri https://ad899b29378397c2c9ab53c03bd6e3ec.report-uri.com/r/d/csp/enforce; 1
default-src 'self';script-src-attr 'unsafe-inline';script-src 'self' 'unsafe-inline' blob: https://snap.licdn.com https://*.googletagmanager.com https://tagmanager.google.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://unpkg.com https://*.freshworksapi.com https://static.cdn.prismic.io https://prismic.io https://widgets.tree-nation.com https://tree-nation.com https://html2canvas.hertzen.com https://eu.posthog.com https://*.hs-analytics.net https://js.hscta.net https://js-u1.hscta.net https://*.hubspot.com https://*.hs-sites-eu1.com https://static.hsappstatic.net https://*.usemessages.com https://*.hs-banner.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://*.hubspot.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hubspotfeedback.com https://feedback-eu1.hubapi.com;object-src 'none';style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://cdn2.hubspot.net;img-src 'self' data: https: https://ssl.gstatic.com https://www.gstatic.com https://*.doubleclick.net https://*.google.com https://js-eu1.hscta.net https://no-cache.hubspot.com https://*.hubspot.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://*.hubspot.net https://cdn2.hubspot.net https://*.hsforms.net https://*.hsforms.com;media-src 'none';frame-src https://*.doubleclick.net https://js-eu1.hs-scripts.com https://*.prismic.io https://widgets.tree-nation.com https://www.youtube.com https://app.moreapp.com https://js-eu1.hs-analytics.net https://js-eu1.usemessages.com https://api-eu1.hubspot.com https://*.hubspot.com https://*.hs-sites-eu1.com https://*.hubspot.net https://play-eu1.hubspotvideo.com https://*.hsforms.net https://*.hsforms.com;connect-src 'self' https://*.doubleclick.net https://unpkg.com https://tree-nation.com https://eu.posthog.com https://eu.i.posthog.com https://js-eu1.hs-scripts.com https://js-eu1.hs-analytics.net https://js-eu1.usemessages.com https://api-eu1.hubspot.com https://*.hubapi.com https://js-eu1.hscta.net https://*.hubspot.com https://*.hs-banner.com https://*.hscollectedforms.net https://*.hsforms.com;font-src 'self' data: https://fonts.gstatic.com;upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self' 1
default-src *; img-src data: *; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.facebook.com https://www.google.com https://www.gstatic.com https://fonts.gstatic.com https://ig.instant-tokens.com https://maps.googleapis.com https://maps.gstatic.com https://cdn.userway.org https://p.typekit.net https://use.typekit.net https://code.jquery.com https://schema.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.facebook.com https://www.google.com https://www.gstatic.com https://fonts.gstatic.com https://ig.instant-tokens.com https://maps.googleapis.com https://maps.gstatic.com https://cdn.userway.org https://p.typekit.net https://use.typekit.net https://code.jquery.com https://schema.org 1
default-src 'self' ; media-src 'self' data: *.victorinox.com *.swissarmy.com *.wenger.ch static.zdassets.com ; frame-src 'self' https://m.lndg.page dash-staging.bounceexchange.com assets.bounceexchange.com *.fls.doubleclick.net bid.g.doubleclick.net https://player.vimeo.com/ *.photorank.me *.hotjar.com *.facebook.com *.google.com *.instagram.com *.youtube.com *.pinterest.com https://www.sandbox.paypal.com *.clarity.ms www.pinterest.co.uk *.openpay.mx  https://www.pinterest.ch https://www.pinterest.cl https://www.pinterest.es https://www.pinterest.de https://www.pinterest.fr https://www.pinterest.it https://www.pinterest.at https://www.pinterest.se https://www.pinterest.ru https://www.pinterest.ie tsdtocl.com *.tangiblee.com www.paypal.com www.paypalobjects.com www.googletagmanager.com emersya.com cdn.emersya.com *.opencontrol.mx https://www.recaptcha.net https://outlook.office365.com https://dem.mysingleromance.com https://us-device-pro1.csftr.com www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com csxd.victorinox.com csxd.swissarmy.com https://forms.office.com *.dash-staging.bounceexchange.com *.dash.bounceexchange.com https://victorinox.my-june.com https://checkoutshopper-test.adyen.com https://live.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://contest.victorinox.com https://view.juneapp.com ; report-to csp-endpoint ; frame-ancestors 'self' https://develop--b2cstore-victorinox.netlify.app https://development--b2cstore-victorinox.netlify.app https://staging--b2cstore-victorinox.netlify.app https://b2cstore-victorinox.frontend.site https://prod-b2cstore-victorinox.netlify.app https://prdnew-www.victorinox.com https://stgnew-www.victorinox.com https://prod-b2cstore-victorinox.netlify.app/ https://prdnew-www.victorinox.com/ https://*.victorinox.com ; worker-src 'self' blob: ; child-src 'self' blob: *.victorinox.com *.swissarmy.com *.wenger.ch *.tangiblee.com *.photorank.me *.pinterest.com https://web.facebook.com https://fbsbx.com https://*.google.com https://www.youtube.com https://www.facebook.com https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://emersya.com/ https://www.pinterest.com https://www.pinterest.co.uk https://www.pinterest.ch https://www.pinterest.de https://www.pinterest.fr https://www.pinterest.it https://www.pinterest.at https://www.pinterest.se https://www.pinterest.ru https://www.pinterest.ie https://secure.img-cdn.mediaplex.com *.fls.doubleclick.net *.doubleclick.net vars.hotjar.com victorinox-fr-affiliate-programme.sjv.io player.vimeo.com assets.bounceexchange.com ; img-src 'self' data: https: https://api.qrserver.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.victorinox.com *.swissarmy.com *.wenger.ch *.paypalobjects.com *.cloudfront.net *.cdn4.forter.com *.baidu.com *.onetrust.com *.getback.ch *.taboola.com *.yahoo.co.jp *.bazaarvoice.com *.cdn77.org *.zoovu.com *.tangiblee.com *.contentsquare.com *.zopim.com *.bdimg.com maps.google.com load.sumome.com load.sumo.com https://*.googletagmanager.com https://*.google-analytics.com www.googleadservices.com www.sc.pages03.net static.hotjar.com tag.wknd.ai assets.bounceexchange.com api.bounceexchange.com dev.bounceexchange.com tag.bounceexchange.com dash-staging.bounceexchange.com bat.bing.com snap.licdn.com t.contentsquare.net contentsquare.com static.ads-twitter.com analytics.tiktok.com analytics.twitter.com platform.twitter.com script.hotjar.com googleads.g.doubleclick.net s.yimg.jp px.adhigh.net assets.zendesk.com intljs.rmtag.com static.zdassets.com ut.rd.linksynergy.com br-victorinox.netmng.com tags.srv.stackadapt.com d.impactradius-event.com s.pinimg.com cdn.tangiblee.com cscoreproweustor.blob.core.windows.net js.monitor.azure.com api.channelsight.com cdn.channelsight.com *.klaviyo.com emersya.com cdn.emersya.com cdn.brcdn.com f.monetate.net se.monetate.net cdn.cookielaw.org cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com photorankstatics-a.akamaihd.net https://*.google.com www.paypal.com www.gstatic.com www.gstatic.cn www.dwin1.com connect.facebook.net openpay.s3.amazonaws.com swissarmy.cardconnect.com:* vx.local:* *.clarity.ms *.openpay.mx *.googlesyndication.com https://www.recaptcha.net https://services.postcodeanywhere.co.uk *.sprinklr.com https://rum-static.pingdom.net https://rum-collector-2.pingdom.net *.teads.tv www.googleoptimize.com https://eubroken.mysingleromance.com https://dem.mysingleromance.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.nxtck.com *.leadsrx.com *.dash-staging.bounceexchange.com *.dash.bounceexchange.com https://checkoutshopper-test.adyen.com https://live.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://contest.victorinox.com https://view.juneapp.com https://unpkg.com ; font-src 'self' data: *.victorinox.com *.swissarmy.com *.wenger.ch *.hotjar.com *.cdn77.org *.cloudfront.net *.tangiblee.com olapic-data.s3.amazonaws.com photorankstatics-a.akamaihd.net fonts.gstatic.com emersya.com cdn.emersya.com fast.fonts.net cdnjs.cloudflare.com cdn.megabonus.com static3.avast.com cdn.honey.io netdna.bootstrapcdn.com assets.bounceexchange.com *.sprinklr.com ; form-action 'self' https: ; connect-src 'self' ws: wss: *.victorinox.com *.swissarmy.com *.wenger.ch *.forter.com *.klaviyo.com *.amazonaws.com *.onetrust.com *.paypal.com *.paypalobjects.com *.openpay.mx *.taboola.com *.victorinox.com *.tangiblee.com *.contentsquare.net *.bazaarvoice.com *.getback.ch *.hotjar.com *.zoovu.com *.facebook.com https://*.google.com *.instagram.com sumo.com api.openweathermap.org  https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com emersya.com cdn.emersya.com ws.emersya.com cdn.cookielaw.org d2o5idwacg3gyw.cloudfront.net photorankstatics-a.akamaihd.net photorankapi-a.akamaihd.net https://*.g.doubleclick.net analytics.tiktok.com ekr.zdassets.com swissarmy.zendesk.com widget-mediator.zopim.com bat.bing.com px.adhigh.net hm.baidu.com tags.srv.stackadapt.com ct.pinterest.com api.channelsight.com dc.services.visualstudio.com vc.hotjar.io victorinox-fr-affiliate-programme.sjv.io events.bouncex.net coupons.bounceexchange.com *.cdnwidget.com *.cdnbasket.net maps.googleapis.com *.clarity.ms https://services.postcodeanywhere.co.uk https://api.addressy.com *.sprinklr.com https://rum-static.pingdom.net https://rum-collector-2.pingdom.net *.teads.tv https://dem.mysingleromance.com cdn.linkedin.oribi.io https://*.csftr.com *.googlesyndication.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.nxtck.com *.leadsrx.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://live.adyen.com ; style-src 'self' 'unsafe-inline' *.victorinox.com *.swissarmy.com *.wenger.ch *.cdn77.org *.tangiblee.com assets-static.victorinox.com *.klaviyo.com photorankstatics-a.akamaihd.net fonts.googleapis.com emersya.com cdn.emersya.com api.map.baidu.com fast.fonts.net static.getback.ch cdnjs.cloudflare.com tags.srv.stackadapt.com cdn.channelsight.com tiger-cdn.zoovu.com translate.googleapis.com assets.bounceexchange.com https://services.postcodeanywhere.co.uk *.sprinklr.com  https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://live.adyen.com 1
frame-ancestors 'self' https://*.norton.com https://*.nortonlifelock.com; 1
default-src 'self' blob:; form-action 'self' https://largemp3.speechstream.net https://eigenhaard.betaalmachtiging.nl https://www.facebook.com/tr/; connect-src 'self' 'unsafe-eval' https://*.texthelp.com https://largemp3.speechstream.net https://speech.speechstream.net https://*.browsealoud.com https://*.ingest.sentry.io wss://*.hotjar.com https://*.cookiebot.com api.pro6pp.nl https://*.google-analytics.com https://*.hotjar.com cdnjs.cloudflare.com https://*.googleapis.com https://*.hotjar.io https://*.doubleclick.net https://*.mixpanel.com https://api.parley.nu https://api.segment.io https://noembed.com https://cdn.plyr.io; frame-src 'self' https://marketplace.umbraco.com https://content.googleapis.com https://apis.google.com my.matterport.com https://*.youtube.com https://www.youtube-nocookie.com eigenhaard.bbvms.com https://eigenhaard.mwm2.nl https://*.hotjar.com https://consent.azureedge.net https://*.cookiebot.com https://*.facebook.com https://www.onl.st https://onl.st; font-src 'self' data: https://*.gstatic.com maxcdn.bootstrapcdn.com; img-src 'self' data: blob: https://www.gravatar.com https://*.umbraco.com https://*.browsealoud.com https://*.googletagmanager.com https://*.gstatic.com https://*.ggpht.com https://*.googleapis.com https://*.google.com https://*.google.nl https://*.google-analytics.com www.facebook.com https://*.akamaihd.net https://*.doubleclick.net https://*.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://umbrellabase-acc.eigenhaard.nl/chatkcc/api/v1/public/scripts/chat.js https://umbrellabase.eigenhaard.nl/chatkcc/api/v1/public/scripts/chat.js https://*.browsealoud.com https://browser.sentry-cdn.com https://bam.nr-data.net https://*.gstatic.com *.google.com *.google.nl https://*.googleapis.com https://*.google-analytics.com api.pro6pp.nl script.crazyegg.com https://*.hotjar.com https://*.googletagmanager.com https://*.cookiebot.com https://*.cookieinfo.net https://consent.azureedge.net https://*.mxpnl.com https://*.segment.com https://*.youtube.com https://connect.facebook.net https://cdn.plyr.io; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://*.gstatic.com https://*.googleapis.com https://*.google.com; frame-ancestors 'self'; base-uri 'self' 1
frame-ancestors 'self'; base-uri 'self'; form-action 'self'; font-src 'self' data:; object-src 'none'; 1
child-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net www.gstatic.com www.google.com https://fachpack-a.chat.rapyd.ai/chatbot-iframe/S5xsyj4cIGo4SOUcDROX5 ;connect-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net *.google-analytics.com noembed.com www.noembed.com cdn.plyr.io cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.doubleclick.net storage.googleapis.com event.talque.com lh3.googleusercontent.com *.googleadservices.com *.google.com *.itsa365.de *.mybeviale.com *.chillventa.de *.hubana.events *.embedded-world.de *.medteclive.com *.euroguss.de *.enforcetac.com *.fachpack.de *.frontale.de *.holz-handwerk.de *.nuernberg-convention.de *.perimeter-protection.de *.biofach.de *.vivaness.de *.interzoo.com *.biofach-japan.com *.galabau-messe.com *.consozial.de *.powtech-technopharm.com *.kommunale.de *.hydrogendialogue.com *.partec.info *.biofach-saudiarabia.com *.biofach-southeastasia.com *.iwa.info *.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io *.googlesyndication.com https://fachpack-a.chat.rapyd.ai/chatbot-iframe/S5xsyj4cIGo4SOUcDROX5 ;default-src 'self' *.azureedge.net ;font-src 'self' fonts.gstatic.com *.azureedge.net 'unsafe-inline' storage.googleapis.com event.talque.com lh3.googleusercontent.com map.fachpack.de *.inforomap.de data: na11.de ;img-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net *.google.com *.google.de *.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io snap.licdn.com static.ads-twitter.com analytics.twitter.com t.co www.googletagmanager.com analytics-udg.netdna-ssl.com code.s4d.io *.giphy.com *.clouddrive.com *.webexcontent.com data: blob: *.rackcdn.com data: blob: *.doubleclick.net connect.facebook.net www.facebook.com storage.googleapis.com event.talque.com lh3.googleusercontent.com map.fachpack.de *.inforomap.de data: na11.de ;media-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net storage.googleapis.com event.talque.com lh3.googleusercontent.com data: ;script-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.doubleclick.net cdn.plyr.io noembed.com www.noembed.com *.google.com *.google.de *.vimeocdn.com *.vimeo.com *.akamaized.net www.googletagmanager.com analytics-udg.netdna-ssl.com *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net 'unsafe-eval' *.googleadservices.com *.google.com static.ads-twitter.com analytics.twitter.com t.co snap.licdn.com 'unsafe-inline' www.gstatic.com www.google.com connect.facebook.net www.facebook.com storage.googleapis.com event.talque.com lh3.googleusercontent.com map.fachpack.de *.inforomap.de data: na11.de ;style-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net 'unsafe-inline' storage.googleapis.com event.talque.com lh3.googleusercontent.com ; 1
default-src  'self' *.google-analytics.com *.google.com *.gstatic.com *.youtube.com *.webosaurus.co.uk *.webolytics.com *.webonet.co.uk *.facebook.net *.googletagmanager.com *.facebook.com *.doubleclick.net *.google.co.uk *.googleadservices.com *.googleapis.com *.typekit.net *.zapier.com *.clarity.ms *.bing.com  ; object-src  'self' *.google-analytics.com *.google.com *.gstatic.com *.youtube.com *.webosaurus.co.uk *.webolytics.com *.webonet.co.uk *.facebook.net *.googletagmanager.com *.facebook.com *.doubleclick.net *.google.co.uk *.googleadservices.com *.googleapis.com *.typekit.net *.zapier.com *.clarity.ms *.bing.com  ; frame-src  'self' *.google-analytics.com *.google.com *.gstatic.com *.youtube.com *.webosaurus.co.uk *.webolytics.com *.webonet.co.uk *.facebook.net *.googletagmanager.com *.facebook.com *.doubleclick.net *.google.co.uk *.googleadservices.com *.googleapis.com *.typekit.net *.zapier.com *.clarity.ms *.bing.com  ; font-src  'self' *.google-analytics.com *.google.com *.gstatic.com *.youtube.com *.webosaurus.co.uk *.webolytics.com *.webonet.co.uk *.facebook.net *.googletagmanager.com *.facebook.com *.doubleclick.net *.google.co.uk *.googleadservices.com *.googleapis.com *.typekit.net *.zapier.com *.clarity.ms *.bing.com  ; media-src  'self' *.google-analytics.com *.google.com *.gstatic.com *.youtube.com *.webosaurus.co.uk *.webolytics.com *.webonet.co.uk *.facebook.net *.googletagmanager.com *.facebook.com *.doubleclick.net *.google.co.uk *.googleadservices.com *.googleapis.com *.typekit.net *.zapier.com *.clarity.ms *.bing.com  ; manifest-src  'self' *.google-analytics.com *.google.com *.gstatic.com *.youtube.com *.webosaurus.co.uk *.webolytics.com *.webonet.co.uk *.facebook.net *.googletagmanager.com *.facebook.com *.doubleclick.net *.google.co.uk *.googleadservices.com *.googleapis.com *.typekit.net *.zapier.com *.clarity.ms *.bing.com  ; connect-src  'self' *.google-analytics.com *.google.com *.gstatic.com *.youtube.com *.webosaurus.co.uk *.webolytics.com *.webonet.co.uk *.facebook.net *.googletagmanager.com *.facebook.com *.doubleclick.net *.google.co.uk *.googleadservices.com *.googleapis.com *.typekit.net *.zapier.com *.clarity.ms *.bing.com ; script-src  'unsafe-inline' 'unsafe-eval' 'self' *.google-analytics.com *.google.com *.gstatic.com *.youtube.com *.webosaurus.co.uk *.webolytics.com *.webonet.co.uk *.facebook.net *.googletagmanager.com *.facebook.com *.doubleclick.net *.google.co.uk *.googleadservices.com *.googleapis.com *.typekit.net *.zapier.com *.clarity.ms *.bing.com  ; style-src   'unsafe-inline' 'self' *.google-analytics.com *.google.com *.gstatic.com *.youtube.com *.webosaurus.co.uk *.webolytics.com *.webonet.co.uk *.facebook.net *.googletagmanager.com *.facebook.com *.doubleclick.net *.google.co.uk *.googleadservices.com *.googleapis.com *.typekit.net *.zapier.com *.clarity.ms *.bing.com  ; img-src   'self' data: *.google-analytics.com *.google.com *.gstatic.com *.youtube.com *.webosaurus.co.uk *.webolytics.com *.webonet.co.uk *.facebook.net *.googletagmanager.com *.facebook.com *.doubleclick.net *.google.co.uk *.googleadservices.com *.googleapis.com *.typekit.net *.zapier.com *.clarity.ms *.bing.com  ; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' ; img-src *;  report-uri https://auth.vps.gov.lv/csp/report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; style-src 'self' 'unsafe-inline'; 1
default-src blob: 'unsafe-eval' 'unsafe-inline' https: wss://lo2.msg.liveperson.net; img-src data: https:; font-src data: https: 1
default-src 'self' data: 'unsafe-inline' blob: https://*.lpsnmedia.net; child-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' data: https://*.lpsnmedia.net https://*.liveperson.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ad.doubleclick.net https://*.google.com https://*.curator.io wss://*.liveperson.net https://*.visualwebsiteoptimizer.com https://solutions.tealium.net https://tealium-tools.s3.amazonaws.com https://deploytealium.com https://*.tealiumiq.com https://tags.tiqcdn.com https://visitor-service-ap-northeast-1.tealiumiq.com https://www.facebook.com https://connect.facebook.net https://maps.googleapis.com https://www.gstatic.com https://gstatic.com https://u.heatmap.it https://static.lexusasia.com https://webservice.lexusasia.com https://ws.lexusasia.com https://www.youtube.com https://*.livechatinc.com https://*.salesforceliveagent.com wss://api.livechatinc.com https://bs.serving-sys.com https://pixel.mathtag.com https://insight.adsrvr.org https://convertiumitp.lexus.com.my https://visitor-service-convertium.lexus.com.my https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; font-src 'self' data: https://static.lexusasia.com; frame-src 'self' https://*.fls.doubleclick.net https://*.google.com https://*.liveperson.net https://*.lpsnmedia.net https://tags.tiqcdn.com https://vk.com https://www.dailymotion.com https://player.vimeo.com https://www.youtube.com https://www.facebook.com https://my.matterport.com https://*.livechatinc.com app.vwo.com *.visualwebsiteoptimizer.com ; frame-ancestors https://www.messenger.com https://www.facebook.com; img-src 'self' data: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ad.doubleclick.net https://*.google.com https://liveperson-assets.lexusasia.com https://*.lpsnmedia.net https://curator-assets.b-cdn.net https://dam.lexusasia.com https://static.lexusasia.com https://www.facebook.com https://connect.facebook.net https://*.tealiumiq.com https://tags.tiqcdn.com https://visitor-service-ap-northeast-1.tealiumiq.com https://convertiumitp.lexus.com.vn https://cdn.livechat-files.com https://cdn.chatbot.com https://*.livechatinc.com *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; media-src 'self' https://dam.lexusasia.com https://*.lpsnmedia.net https://curator-assets.b-cdn.net; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.googleadservices.com https://*.liveperson.net https://*.lpsnmedia.net https://*.curator.io https://solutions.tealium.net https://tealium-tools.s3.amazonaws.com https://deploytealium.com https://*.tealiumiq.com https://tags.tiqcdn.com https://visitor-service-ap-northeast-1.tealiumiq.com https://www.facebook.com https://connect.facebook.net https://maps.googleapis.com https://www.gstatic.com https://gstatic.com https://u.heatmap.it https://static.lexusasia.com https://webservice.lexusasia.com https://ws.lexusasia.com https://www.youtube.com https://*.livechatinc.com https://*.salesforceliveagent.com wss://api.livechatinc.com https://bs.serving-sys.com https://pixel.mathtag.com https://insight.adsrvr.org https://convertiumitp.lexus.com.my https://visitor-service-convertium.lexus.com.my *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com; style-src 'self' data: 'unsafe-inline' https://*.liveperson.net https://*.lpsnmedia.net https://*.curator.io https://static.lexusasia.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com; worker-src 'self' blob:; 1
base-uri 'none'; default-src 'self' data: blob: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com https://maps.googleapis.com https://www.recaptcha.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/ https://www.dealer-fp-usa.com/ https://play.webvideocore.net/ *.hotjar.com/ https://www.googletagmanager.com; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com 1
default-src 'self' human-ist.ch *.human-ist.ch data:; font-src fonts.googleapis.com fonts.gstatic.com; img-src 'self' human-ist.ch *.human-ist.ch data: raw.githubusercontent.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com raw.githubusercontent.com human-ist.ch *.human-ist.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' human-ist.ch *.human-ist.ch; connect-src 'self' human-ist.ch *.human-ist.ch *.orcid.org; frame-src 'self' raw.githubusercontent.com open-web-calendar.hosted.quelltext.eu 1
default-src 'self' data: ws: https://p.typekit.net https://88399.global.siteimproveanalytics.io/ https://stats.g.doubleclick.net/ https://ka-p.fontawesome.com https://kit.fontawesome.com https://info.truitycu.org https://vms.boldchat.com https://visitor-services.boldchat.com https://www.truitycu.org/tether.html https://nr1.s3.amazonaws.com https://s3.amazonaws.com https://urldefense.proofpoint.com/v2/ https://www.youtube.com/embed/8Yl8c84UD9M https://www.youtube.com/embed/vEAdfWiKAVY https://www.youtube.com/embed/Zsk5_AuqmkU https://truity.nanorep.co https://visitor-services.nanorep.com/visitor-token-service/ https://truity.nanorep.co/web/ https://livechat.boldchat.com/aid/ https://ui-avatars.com/api/ https://reviewsonmywebsite.com/images/source-logos/ https://reviewsonmywebsite.com/embed/3r2hxlDCJYNZejQXMBYdJL0kQT5JHcB9yGcmav4jP8ZKW8eSps https://romw-cdn.s3.amazonaws.com/media/ https://cdn-forpci52.actonsoftware.com/acton/attachment/8477/ https://embed.calculoid.com/views/calc-general.html https://embed.calculoid.com/views/fields/html.html https://embed.calculoid.com/views/fields/text.html https://embed.calculoid.com/views/fields/formula.html https://api.calculoid.com/calculator/75572/ https://embed.calculoid.com/views/calc-detail.html https://api.calculoid.com/v2/ping/5acf99d95716f/75572/aHR0cHM6Ly93d3cudHJ1aXR5Y3Uub3Jn https://api.calculoid.com/v2/calculator/5acf99d95716f/75572/aHR0cHM6Ly93d3cudHJ1aXR5Y3Uub3Jn https://api.calculoid.com/geoIP/ https://api.calculoid.com/countries/ http://info.truitycu.org/cdnr/52/acton/attachment/8477/ https://truitycu.org/Media/Images/MortgagesSitesImages/ https://www.google-analytics.com/  https://analytics.google.com/ https://my2.siteimprove.com/overlay/cms/ https://embed.calculoid.com/views/fields/ https://api.calculoid.com/calculator/57104/ https://api.calculoid.com/v2/ping/ https://api.calculoid.com/v2/calculator/ https://api.calculoid.com/calculator/49449/ https://www.googletagmanager.com/ https://www.truitycu.org/Media/Images/Chat/ https://www.truitycu.org/App_Themes/66SiteCSS/ http://cdn.sanmar.com/imglib/catl/ https://marketing.sanmar.com/imglib/catl/ https://amplify.review-alerts.com/ https://rtx-source-icons.s3.amazonaws.com/logos/ http://images.printable.com/imagelibrary/Seller/22953/p1_39875232-4af4-4661-97a8-a38c13d4b91d/images/6206311/src/ https://images.printable.com/imagelibrary/Seller/3374/EarlyWarningHTMLImages_12062017133825_333/images/ https://files.marcomcentral.app.pti.com/earlywarning/marcom/p7/videos/ https://www.bartlesvillechecking.com https://lawrencechecking.com https://www.lawrencechecking.com https://bartlesvillechecking.com https://houstonchecking.com https://www.houstonchecking.com http://truityeducationfoundation.org http://www.truityeducationfoundation.org https://www.bartlesvillemortgages.com https://bartlesvillemortgages.com https://www.lawrencemortgages.org https://lawrencemortgages.org https://secure.truitycu.org https://hub2.truitycu.org/ https://api-cdn.usw2.pure.cloud/webdeployments/v1/deployments/7b7a70d9-de0a-48fb-86f4-a03ccd4e6cb7/ https://api.usw2.pure.cloud/api/v2/knowledge/guest/sessions/ https://api.usw2.pure.cloud/api/v2/knowledge/guest/sessions https://www.truitycu.org https://api-cdn.usw2.pure.cloud/webdeployments/v1/deployments/ https://fileupload.usw2.pure.cloud/webmessaging/ https://api.usw2.pure.cloud/api/v2/webmessaging/ https://api.usw2.pure.cloud/api/v2/webdeployments/ https://api.usw2.pure.cloud/api/v2/webdeployments/deployments/d41bb4aa-6917-453a-b10d-a2e2412c53e8/cobrowse/ https://app.usw2.pure.cloud/cobrowse-next/ https://maps.googleapis.com/maps/api/mapsjs/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/$rpc/google.internal.maps.mapsjs.v1.MapsJsInternalService/GetViewportInfo https://maps.googleapis.com/maps/ https://api-cdn.usw2.pure.cloud/response-assets/ https://www.google.com/pagead/1p-user-list/978251278/ http://www.google-analytics.com/ https://www.facebook.com/tr/ https://www.surveycarrot.com/index2.jspx; font-src 'self' data: 'unsafe-inline' https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/ https://kit.fontawesome.com https://use.typekit.net https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/fonts/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.0.3/fonts/ https://embed.calculoid.com/font-awesome/ https://pro.fontawesome.com/releases/v5.8.0/webfonts/ https://pro.fontawesome.com/releases/v5.2.0/webfonts/ https://pro.fontawesome.com/releases/v5.1.0/webfonts/ https://ka-p.fontawesome.com/releases/v6.3.0/webfonts/ https://ka-p.fontawesome.com/releases/v6.2.1/ https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/fonts/ https://pro.fontawesome.com/releases/v5.0.13/webfonts/ http://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/ https://ka-p.fontawesome.com/releases/v6.4.0/ https://ka-p.fontawesome.com/releases/v6.4.2/webfonts/ https://ka-p.fontawesome.com/releases/ https://files.marcomcentral.app.pti.com/earlywarning/marcom/fonts/ https://www.truitycu.org/App_Themes/Default/Fonts/ https://www.bartlesvillechecking.com https://lawrencechecking.com https://www.lawrencechecking.com https://bartlesvillechecking.com https://houstonchecking.com https://www.houstonchecking.com http://truityeducationfoundation.org http://www.truityeducationfoundation.org https://www.bartlesvillemortgages.com https://bartlesvillemortgages.com https://www.lawrencemortgages.org https://lawrencemortgages.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net/pagead/ https://truity.nanorep.co/web/ https://livechat.boldchat.com/aid/ https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/pagead/ https://info.truitycu.org https://use.typekit.net https://kit.fontawesome.com https://code.jquery.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/ https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/ https://browser-update.org https://vmss.boldchat.com https://vmp.boldchat.com https://vms.boldchat.com https://unpkg.com https://siteimproveanalytics.com/js/ https://www.youtube.com/s/player/a7eb1f5d/www-widgetapi.vflset/www-widgetapi.js https://reviewsonmywebsite.com/js/ https://cdnjs.cloudflare.com/ajax/libs/Swiper/3.4.2/js/ https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/ https://reviewsonmywebsite.com/js/ https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/ https://truity.cudlautosmart.com/ https://embed.calculoid.com/scripts/ https://www.youtube.com/s/player/f96f6702/www-widgetapi.vflset/www-widgetapi.js https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/ https://use.fortawesome.com/c44ae589.js https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/ https://cdnjs.cloudflare.com/ajax/libs/ http://use.typekit.net/one5sdk.js https://cdn.siteimprove.net/cms/overlay.js https://www.youtube.com/s/player/92f199c8/ https://amplify.review-alerts.com/ https://apps.usw2.pure.cloud/genesys-bootstrap/genesys.min.js https://apps.usw2.pure.cloud/genesys-bootstrap/plugins/genesysvendors.min.js https://apps.usw2.pure.cloud/journey/messenger-plugins/offersHelper.min.js https://apps.usw2.pure.cloud/support-center/support-center-plugins/main.min.js http://ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js https://app.leadsrx.com/visitor.js https://apps.mypurecloud.com/webchat/ https://apps.usw2.pure.cloud/cobrowse-next/ https://api.usw2.pure.cloud/api/v2/webmessaging/ https://maps.googleapis.com/maps/api/ https://maps.googleapis.com/maps-api-v3/api/ https://maps.googleapis.com/maps/ http://www.googletagmanager.com/gtm.js http://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/ http://www.googletagmanager.com/gtag/ http://www.google-analytics.com/ https://www.surveycarrot.com/js/image_view.js https://www.bartlesvillechecking.com https://lawrencechecking.com https://www.lawrencechecking.com https://bartlesvillechecking.com https://houstonchecking.com https://www.houstonchecking.com http://truityeducationfoundation.org http://www.truityeducationfoundation.org https://www.bartlesvillemortgages.com https://bartlesvillemortgages.com https://www.lawrencemortgages.org https://lawrencemortgages.org; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/ https://p.typekit.net https://use.typekit.net https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.2.5/ https://reviewsonmywebsite.com/css/ https://cdnjs.cloudflare.com/ajax/libs/Swiper/3.4.2/css/ https://cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.0.3/css/ https://embed.calculoid.com/styles/ https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/ https://pro.fontawesome.com/releases/v5.8.0/css/ https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ https://pro.fontawesome.com/releases/v5.2.0/css/ https://pro.fontawesome.com/releases/v5.1.0/css/ https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ http://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ https://pro.fontawesome.com/releases/v5.0.13/css/ https://www.truitycu.org/CMSPages/ https://apps.usw2.pure.cloud/support-center/support-center-plugins/main.css https://www.bartlesvillechecking.com https://lawrencechecking.com https://www.lawrencechecking.com https://bartlesvillechecking.com https://houstonchecking.com https://www.houstonchecking.com http://truityeducationfoundation.org http://www.truityeducationfoundation.org https://www.bartlesvillemortgages.com https://bartlesvillemortgages.com https://www.lawrencemortgages.org https://lawrencemortgages.org https://info.truitycu.org/acton/content/; object-src 'self'; frame-src 'self' https://www.youtube.com/embed/AyvVjpRlBUA https://www.youtube.com/embed/OHqGg87jCQI https://www.youtube.com/embed/vEAdfWiKAVY https://www.youtube.com/embed/Zsk5_AuqmkU https://player.vimeo.com/video/348427394 https://info.truitycu.org/acton/media/8477/ https://www.youtube.com/embed/8Yl8c84UD9M https://www.youtube.com/embed/r5rnSrZEi7g https://info.truitycu.org/acton/fs/blocks/ https://bit.ly/3hhRmLN https://bit.ly/3DW2zvj https://www.truitycu.org/mallorybenne https://internal.truitycu.org/ https://truity.banno-preflight.com/ https://api.boldchat.com/aid/471094464640186361/ext/api/ https://secure.truitycu.org/ https://apps.usw2.pure.cloud/messenger/messenger.html https://info.truitycu.org/ https://apps.usw2.pure.cloud/messenger/ https://my2.siteimprove.com https://www.youtube.com/embed/DitVTeDWz5Q?si=1rIW2tKjmW0vLZN5; frame-ancestors 'self' https://www.truitycu.org/ https://info.truitycu.org/ https://internal.truitycu.org/ https://truity.banno-preflight.com/ https://secure.truitycu.org; report-uri https://www.truitycu.org/psc; 1
connect-src 'self' www.google-analytics.com *.gstatic.com; script-src 'self' 'unsafe-inline' *.googleanalytics.com *.google-analytics.com *.google.com *.gstatic.com; img-src 'self' data: https://storage.googleapis.com https://creators.google *.ytimg.com *.googleusercontent.com; style-src 'self' 'unsafe-inline' *.google.com *.gstatic.com; media-src 'self' https://storage.googleapis.com; frame-src 'self' www.youtube.com; default-src 'self' *.gstatic.com 1
default-src 'none'; script-src 'self' https://silverorange.applytojobs.ca; font-src https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com https://silverorange.applytojobs.ca; connect-src https://silverorange.applytojobs.ca; img-src 'self' 1
default-src 'self';  style-src 'self' https://client.crisp.chat 'unsafe-inline'; script-src 'self' https://connect.facebook.net  https://www.google-analytics.com    ajax.googleapis.com https://www.googletagmanager.com https://client.crisp.chat/l.js https://client.crisp.chat/static/javascripts/client.js https://client.crisp.chat 'unsafe-inline' 'unsafe-eval';  media-src *; img-src *  'self' data: https:;  font-src 'self' https://client.crisp.chat;connect-src 'self' wss://client.relay.crisp.chat  https://client.crisp.chat https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com ;frame-src 'self' https://www.facebook.com/ https://www.youtube.com/ https://drive.google.com/ https://www.google.com/; 1
frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'; 1
default-src 'none'; img-src 'self'; font-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; form-action 'none'; frame-ancestors 'none'; connect-src https://vrmapi.victronenergy.com/; 1
script-src 'self' 'nonce-249443ddcac8' https://browser.sentry-cdn.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://maps.googleapis.com;connect-src 'self' ws: *.sentry.io maps.googleapis.com *.google-analytics.com;font-src https://fonts.gstatic.com/;img-src 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com goodgym-uploads.s3.eu-west-1.amazonaws.com d2tfd645274ffx.cloudfront.net;style-src 'self' https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/cookieconsent@3/ 'unsafe-inline';style-src-elem self https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/cookieconsent@3/ 'unsafe-inline';default-src 'self';base-uri 'self';block-all-mixed-content;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self' blob: data: *.apple.com; connect-src 'self' *.apple.com *.apple.com.cn; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.apple.com; img-src 'self' data: *.apple.com; child-src 'self' support.apple.com apple.com km.support.apple.com; style-src 'self' 'unsafe-inline' *.apple.com; font-src 'self' data: *.apple.com 1
frame-ancestors 'self' https://home.wizcloud.co.il https://news.h-erp.co.il; 1
frame-ancestors 'self' cdn.unibuddy.co unibuddy.co popcard.unibuddy.co; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.etracker.de *.consentmanager.net *.etracker.com cdn.consentmanager.net/delivery/ *.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org etracker.de tagmanager.google.com www.googletagmanager.com www.google-analytics.com *.openstreetmap.org pixelpark.elaine-asp.de www.bmbf.de www.youtube.com maps.googleapis.com *.mgr.consensu.org; font-src 'self'; style-src 'self' 'unsafe-inline' *.mgr.consensu.org; img-src 'unsafe-inline' 'self' *.consentmanager.net *.ytimg.com data: www.google-analytics.com *.mgr.consensu.org *.openstreetmap.org cdn.consentmanager.net fonts.googleapis.com; frame-ancestors www.bmbf.de ; media-src 'self' 'unsafe-inline' 'unsafe-eval' pixelpark.elaine-asp.de www.youtube.com www.bmbf.de www.vimeo.com play.google.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' streaming-out.bmbfcluster.de streaming.sendewerk.berlin pixelpark.elaine-asp.de www.youtube.com www.bmbf.de www.vimeo.com play.google.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.etracker.de *.etracker.com *.mgr.consensu.org www.google-analytics.com maps.googleapis.com pixelpark.elaine-asp.de; object-src 'none'; manifest-src 'self' 1
default-src 'self'; font-src *;img-src * data:; script-src 'unsafe-inline' *; style-src 'unsafe-inline' *; 1
default-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com https://maxcdn.bootstrapcdn.com/bootstrap/ *.everviz.com/resources/css/ *.everviz.com/static/fonts/;script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com/api/player.js static.ws.apsis.one dev.virtualearth.net siteimproveanalytics.com *.highcharts.com *.everviz.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ cdn.jsdelivr.net/npm/mathjax@3/es5/ online4.superoffice.com;img-src 'self' data: http://mt1.google.com wms.geonorge.no opencache.statkart.no/gatekeeper/gk/gk.open_wmts *.google.com *.openstreetmap.org *.virtualearth.net *.siteimproveanalytics.io https://www.navlab.net/images/ https://avas.aventia.no/;font-src 'self' fonts.gstatic.com https://maxcdn.bootstrapcdn.com/bootstrap/ cdn.jsdelivr.net/npm/mathjax@3/es5/output/chtml/fonts/ *.everviz.com/static/fonts/;frame-src 'self' *.vimeo.com https://vimeo.com *.youtube.com *.facebook.com *.soundcloud.com *.everviz.com ffi.easycruit.com https://www.google.com/recaptcha/ https://avas.aventia.no/ form.apsis.one online4.superoffice.com;base-uri 'self';form-action 'self' forsvaretsforskningsinstitutt.mailmojo.no;object-src 'none';connect-src 'self' opencache.statkart.no ogc.ffi.no *.highcharts.com *.everviz.com https://audience.ws.apsis.one/; 1
default-src 'self' 'unsafe-eval' https://*; script-src 'unsafe-inline' 'unsafe-eval' https://*;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval https://*; style-src 'unsafe-inline' 'unsafe-eval' https://*;style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*;img-src 'self' data: https://*; 1
default-src 'self' 'unsafe-eval' blob: data: https://*.jsdelivr.net https://*.tawk.to wss://*.tawk.to https://messe360.online https://sumome.com https://*.sumome.com https://*.youtube.com https://cdn-cookieyes.com https://*.cookieyes.com  https://*.cdn-cookieyes.com https://*.toast.com  https://*.github.io https://*.filekitcdn.com https://*.netfleet.bg https://*.neterra.cloud https://videotour.sdc.bg https://*.sdc.bg https://sdc.bg https://neterra.net https://*.googleoptimize.com https://*.convertkit.com https://messe360.online https://*.googleapis.com https://*.linkedin.com https://*.bing.com https://*.hscollectedforms.net https://*.lfeeder.com https://*.clarity.ms https://*.trustpilot.com https://*.g.doubleclick.net   wss://*.hotjar.com https://api.hubspot.com https://*.hubspot.com https://*.google.com https://sumo.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io; font-src 'self' data:    https://*.jsdelivr.net https://*.tawk.to wss://*.tawk.to https://messe360.online https://sumome.com https://*.sumome.com https://*.youtube.com https://cdn-cookieyes.com https://*.cookieyes.com  https://*.cdn-cookieyes.com https://*.toast.com  https://*.github.io https://*.filekitcdn.com https://*.netfleet.bg https://*.neterra.cloud https://videotour.sdc.bg https://*.sdc.bg https://sdc.bg https://neterra.net https://*.googleoptimize.com https://*.convertkit.com https://messe360.online https://*.googleapis.com https://*.linkedin.com https://*.bing.com https://*.hscollectedforms.net https://*.lfeeder.com https://*.clarity.ms https://*.trustpilot.com    https://www.tiny.cloud https://*.hotjar.com https://netdna.bootstrapcdn.com https://*.google-analytics.com https://fonts.gstatic.com https://themes.googleusercontent.com https://*.wp.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://*.thewebhostingdir.com https://*.jsdelivr.net https://*.tawk.to wss://*.tawk.to https://messe360.online https://sumome.com https://*.sumome.com https://*.youtube.com https://cdn-cookieyes.com https://*.cookieyes.com  https://*.cdn-cookieyes.com https://*.toast.com  https://*.github.io https://*.filekitcdn.com https://*.netfleet.bg https://*.neterra.cloud https://videotour.sdc.bg https://*.sdc.bg https://sdc.bg https://neterra.net https://*.googleoptimize.com https://*.convertkit.com https://messe360.online https://*.googleapis.com https://*.linkedin.com https://*.bing.com https://*.hscollectedforms.net https://*.lfeeder.com https://*.clarity.ms https://*.trustpilot.com https://*.google.com https://*.gstatic.com    https://js.hs-scripts.com https://*.hsleadflows.net https://www.gstatic.com https://js.hs-banner.com https://js.hs-analytics.net https://js.usemessages.com https://js.hscollectedforms.net https://www.reddit.com https://*.facebook.com https://*.pinterest.com https://reddit.com https://api.bufferapp.com https://graph.facebook.com https://www.google.bg https://snap.licdn.com https://load.sumo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://tagmanager.google.com https://code.jquery.com https://*.cloudfront.net https://connect.facebook.net https://www.googletagmanager.com https://*.hotjar.com   https://*.jsdelivr.net https://*.tawk.to wss://*.tawk.to https://messe360.online https://sumome.com https://*.sumome.com https://*.youtube.com https://cdn-cookieyes.com https://*.cookieyes.com  https://*.cdn-cookieyes.com https://*.toast.com  https://*.github.io https://*.filekitcdn.com https://*.netfleet.bg https://*.neterra.cloud https://videotour.sdc.bg https://*.sdc.bg https://sdc.bg https://neterra.net https://*.googleoptimize.com https://*.convertkit.com https://messe360.online https://*.googleapis.com https://*.google-analytics.com https://*.wp.com https://cdnjs.cloudflare.com https://public-api.wordpress.com https://*.gravatar.com; style-src 'self' data:    https://*.jsdelivr.net https://*.tawk.to wss://*.tawk.to https://messe360.online https://sumome.com https://*.sumome.com https://*.youtube.com https://cdn-cookieyes.com https://*.cookieyes.com  https://*.cdn-cookieyes.com https://*.toast.com  https://*.github.io https://*.filekitcdn.com https://*.netfleet.bg https://*.neterra.cloud https://videotour.sdc.bg https://*.sdc.bg https://sdc.bg https://neterra.net https://*.googleoptimize.com https://*.convertkit.com https://messe360.online https://*.googleapis.com https://*.linkedin.com https://*.bing.com https://*.hscollectedforms.net https://*.lfeeder.com https://*.clarity.ms https://*.trustpilot.com  https://netdna.bootstrapcdn.com https://tagmanager.google.com https://www.tiny.cloud https://www.tinymce.com https://*.cloudfront.net https://secure.gravatar.com https://cdnjs.cloudflare.com https://*.gravatar.com 'unsafe-inline' https://*.google-analytics.com https://fonts.googleapis.com; img-src 'self' data: blob:   https://*.thewebhostingdir.com https://*.jsdelivr.net https://*.tawk.to wss://*.tawk.to https://messe360.online https://sumome.com https://*.sumome.com https://*.youtube.com https://cdn-cookieyes.com https://*.cookieyes.com  https://*.cdn-cookieyes.com https://*.toast.com  https://*.github.io https://*.filekitcdn.com https://*.netfleet.bg https://*.neterra.cloud https://videotour.sdc.bg https://*.sdc.bg https://sdc.bg https://neterra.net https://*.googleoptimize.com https://*.convertkit.com https://messe360.online https://*.googleapis.com https://*.linkedin.com https://*.bing.com https://*.hscollectedforms.net https://*.lfeeder.com https://*.clarity.ms https://*.trustpilot.com https://*.cloudflare.com https://*.hubspotusercontent00.net https://*.hsforms.com https://*.hubspot.com https://*.sumo.com     wss://*.tawk.to https://messe360.online https://sumome.com https://*.sumome.com https://*.youtube.com https://cdn-cookieyes.com https://*.cookieyes.com  https://*.cdn-cookieyes.com https://*.toast.com  https://*.github.io https://*.filekitcdn.com https://*.netfleet.bg https://*.neterra.cloud https://videotour.sdc.bg https://*.sdc.bg https://sdc.bg https://neterra.net https://*.googleoptimize.com https://*.convertkit.com https://messe360.online https://*.googleapis.com https://*.linkedin.com https://www.google.com https://lh3.googleusercontent.com https://www.googletagmanager.com https://www.google.bg https://www.facebook.com https://www.facebook.com https://*.cloudflare.com https://source.unsplash.com https://secure.gravatar.com https://images.unsplash.com https://*.doubleclick.net https://*.hotjar.com   https://*.jsdelivr.net  wss://*.tawk.to https://messe360.online https://sumome.com https://*.sumome.com https://*.youtube.com https://cdn-cookieyes.com https://*.cookieyes.com  https://*.cdn-cookieyes.com https://*.toast.com  https://*.github.io https://*.filekitcdn.com https://*.netfleet.bg https://*.neterra.cloud https://videotour.sdc.bg https://*.sdc.bg https://sdc.bg https://neterra.net https://*.googleoptimize.com https://*.convertkit.com https://messe360.online https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com; frame-src 'self' data: blob:    https://*.jsdelivr.net https://*.tawk.to wss://*.tawk.to https://messe360.online https://sumome.com https://*.sumome.com https://*.youtube.com https://cdn-cookieyes.com https://*.cookieyes.com  https://*.cdn-cookieyes.com https://*.toast.com  https://*.github.io https://*.filekitcdn.com https://*.netfleet.bg https://*.neterra.cloud https://videotour.sdc.bg https://*.sdc.bg https://sdc.bg https://neterra.net https://*.googleoptimize.com https://*.convertkit.com https://messe360.online https://*.googleapis.com https://*.linkedin.com https://*.bing.com https://*.hscollectedforms.net https://*.lfeeder.com https://*.clarity.ms https://*.trustpilot.com https://*.gstatic.com https://*.google.com    https://*.hotjar.com https://www.youtube.com https://*.hubspot.com https://secure.gravatar.com https://*.google-analytics.com; object-src 'self'; media-src 'self' data: blob: https://*.tawk.to https://*.soundcloud.com; 1
frame-ancestors 'self' https://creativetacos.com; 1
default-src 'self' https://*.keeping.nl; script-src 'unsafe-inline' 'self' https://*.keeping.nl https://www.googletagmanager.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://js.stripe.com 'report-sample'; img-src 'self' https://*.keeping.nl https://* data:; style-src 'unsafe-inline' 'self' https://*.keeping.nl data:; style-src-attr 'unsafe-inline' 'self' https://*.keeping.nl data: 'report-sample'; style-src-elem 'unsafe-inline' 'self' https://*.keeping.nl data: 'report-sample'; connect-src 'self' https://*.keeping.nl wss://*.keeping.nl  https://*.bugsnag.com https://www.googletagmanager.com https://*.google-analytics.com https://*.stripe.com; frame-src 'self' https://*.stripe.com 1
worker-src * blob:; frame-ancestors 'self' https://m.facebook.com/ https://m.me/ https://static.xx.fbcdn.net/; child-src 'self' https://www.facebook.com/ https://www.youtube.com/ https://www.instagram.com/ https://www.google.com/ https://www.googleanalytics.com/ https://www.google-analytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://fonts.googleapis.com/ 1
default-src 'self' https://btcpay.openprivacy.ca; font-src 'self'; img-src 'self' https://btcpay.openprivacy.ca; object-src 'none'; script-src https://btcpay.openprivacy.ca/ 'self' 'unsafe-inline'; style-src 'self' https://btcpay.openprivacy.ca 'unsafe-inline'  ; media-src 'self' 1
frame-ancestors https://liveshopping.samoon.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://feuerwehr.social; img-src 'self' https: data: blob: https://feuerwehr.social; style-src 'self' https://feuerwehr.social 'nonce-/O5U0te8f678m/bBCXbbtA=='; media-src 'self' https: data: https://feuerwehr.social; frame-src 'self' https:; manifest-src 'self' https://feuerwehr.social; form-action 'self'; child-src 'self' blob: https://feuerwehr.social; worker-src 'self' blob: https://feuerwehr.social; connect-src 'self' data: blob: https://feuerwehr.social https://feuerwehr.social wss://feuerwehr.social; script-src 'self' https://feuerwehr.social 'wasm-unsafe-eval' 1
script-src 'self' localhost:* https://localhost:44366/ https://www.google.com/recaptcha/api.js https://aa.agkn.com/ https://www.google-analytics.com/analytics.js https://www.gstatic.com/ https://www.gstatic.com/recaptcha/releases https://www.gstatic.com/recaptcha/releases/x5WWoE57Fv0d6ATKsLDIAKnt/recaptcha__en.js https://bam.nr-data.net https://bat.bing.com/bat.js https://bat.bing.com/p/action/5996936.js https://bat.bing.com/p/action/15210524.js https://cdn.datatables.net https://cdnjs.cloudflare.com/ connect.facebook.net https://www.facebook.com/* https://apis.google.com https://www.googletagmanager.com/ https://www.google-analytics.com/g/ https://kit.fontawesome.com/39d5e9f5b3.js https://home-c29.incontact.com https://api.ipify.org https://js-agent.newrelic.com https://matomo.landers.teamdms.dev https://trustpilot.com https://uxwizz.pgl.teamdms.dev/ *.visualwebsiteoptimizer.com app.vwo.com https://widget.trustpilot.com https://widget.trustpilot.com/ https://vwo.com 'unsafe-eval' 'unsafe-inline';style-src 'self' data: https://cdnjs.cloudflare.com/ https://cdn.datatables.net https://www.facebook.com https://www.facebook.com/* https://fonts.googleapis.com https://fonts.gstatic.com https://home-c29.incontact.com/inContact/ChatClient/js/embed.min.js https://*.fontawesome.com/* https://modernizr.com/ https://matomo.landers.teamdms.dev *.visualwebsiteoptimizer.com/ app.vwo.com/ 'unsafe-inline';img-src 'self' data: blob: https://bat.bing.com https://www.facebook.com https://www.facebook.com/* https://www.google.com https://www.google-analytics.com/ https://www.google-analytics.com/g/ https://www.googletagmanager.com/ https://www.gstatic.com *.visualwebsiteoptimizer.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://uxwizz.pgl.teamdms.dev/server/ https://tags.w55c.net/ app.vwo.com;object-src 'none';frame-src 'self' data: https://home-c29.incontact.com https://widget.trustpilot.com https://www.google.com https://www.youtube.com https://www.googletagmanager.com https://www.facebook.com https://www.facebook.com/* *.visualwebsiteoptimizer.com app.vwo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;worker-src 'self' data:;base-uri 'self' 1
object-src 'none'; frame-ancestors 'self'; report-uri http://www.dbsa.org/report-uri/enforce 1
object-src 'none'; frame-ancestors 'none'; form-action 'self'; report-to csp-endpoint; 1
default-src 'self' https://* wss://*.hotjar.com https://script.hotjar.com *.pusher.com *.pusherapp.com wss://*.pusher.com; script-src 'self' 'strict-dynamic' 'nonce-a119be4fef1f804ac16851a94fb5eed1ec62f009c3f5b6fa3f99b37bf6dcd371fKmVTzvkcI0=' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://cardflip.twistoo.co *.twistoo.co https://fonts.googleapis.com https://cdn.luigisbox.com https://onesignal.com; img-src 'self' data: https://*; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com https://cdn.livechatinc.com 1
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ampproject.org:* https://cdnjs.cloudflare.com:*; worker-src 'self' blob:; script-src-elem 'self' http: https: 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cloudflare.com https://github.com https://static.cloudflareinsights.com https://cdn.jsdelivr.net https://cosmetics.lk https://www.googletagmanager.com https://stats.wp.com https://www.paypalobjects.com https://s3.amazonaws.com https://*.stripe.com https://*.list-manage.com https://*.ggpht.com https://yt3.ggpht.com/ https://pixel.wp.com/ https://www.google.lk/ https://secure.gravatar.com/ https://www.google.com/ https://test-seylan.mtf.gateway.mastercard.com/ https://seylan.gateway.mastercard.com/ https://www.youtube.com/ https://*.ytimg.com/ https://cosmetics.lk/ https://omnisnippet1.com/ https://*.soundestlink.com/ https://fedpg-onus.pc.enstage-sas.com/ https://www.paystage.com/; img-src 'self' data: https://sw-themes.com https://www.paypalobjects.com https://cosmetics.lk https://yt3.ggpht.com/ https://pixel.wp.com/ https://www.google.lk/ https://secure.gravatar.com/ https://www.google.com/ https://test-seylan.mtf.gateway.mastercard.com/ https://seylan.gateway.mastercard.com/ https://www.youtube.com/ https://*.ytimg.com/ https://cosmetics.lk/ https://omnisnippet1.com/ https://*.soundestlink.com/ https://fedpg-onus.pc.enstage-sas.com/ https://www.paystage.com/; object-src 'self' data: https://*.paypal.com/ https://*.stripe.com/ https://www.google.com/ https://test-seylan.mtf.gateway.mastercard.com/ https://seylan.gateway.mastercard.com/ https://www.youtube.com/ https://*.ytimg.com/ https://cosmetics.lk/ https://omnisnippet1.com/ https://*.soundestlink.com/ https://fedpg-onus.pc.enstage-sas.com/ https://www.paystage.com/; frame-src 'self' data: https://*.paypal.com/ https://*.stripe.com/ https://www.google.com/ https://test-seylan.mtf.gateway.mastercard.com/ https://seylan.gateway.mastercard.com/ https://www.youtube.com/ https://*.ytimg.com/ https://cosmetics.lk/ https://omnisnippet1.com/ https://*.soundestlink.com/ https://fedpg-onus.pc.enstage-sas.com/ https://www.paystage.com/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.fyrebox.com *.youtube.com gothere.sg *.enets.sg *.apaylater.com *.cerebry.co *.superstarteacher.com.sg *.superstarteacher.cn *.googleadservices.com googleads.g.doubleclick.net *.zopim.com static.zdassets.com *.googletagmanager.com *.googleapis.com *.google-analytics.com connect.facebook.net *.hotjar.com seal.digicert.com speedof.me *.addtoany.com *.google.com *.gstatic.com;frame-src 'self' *.cimb.com.sg *.rhbgroup.com *.maybank.com.sg *.bankofchina.com *.maribank.com.sg *.citibank.com *.arcot.com *.ocbc.com *.americanexpress.com *.cardinalcommerce.com *.uobgroup.com *.grab.com *.2c2p.com *.shopee.sg *.addtoany.com *.youtube.com *.facebook.com *.enets.sg *.apaylater.com *.superstarteacher.com.sg *.superstarteacher.cn bid.g.doubleclick.net *.zopim.com *.hotjar.com speedof.me *.cerebry.co *.google.com td.doubleclick.net; worker-src 'self' blob: *.superstarteacher.com.sg *.superstarteacher.cn *.enets.sg *.apaylater.com *.zopim.com;object-src 'self'; 1
"block-all-mixed-content" 1
report-to 'self' ; child-src 'self' ; connect-src 'self'  'unsafe-inline'  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.mouseflow.com *.linkedin.com *.hsforms.com *.hubspot.com *.hubapi.com *.hs-analytics.net *.hscollectedforms.net *.calconic.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' ; font-src 'self'  'unsafe-inline'  data: fonts.gstatic.com cdn.jsdelivr.net *.gstatic.com *.bootstrapcdn.com *.gstatic.com *.bootstrapcdn.com ; form-action 'self' ; frame-src 'self'  'unsafe-inline' *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com *.vimeo.com td.doubleclick.net *.stripe.com *.hs-sites.com *.gartner.com *.termly.io facebook.com https://datainsights-cdn.dm.aws.gartner.com  *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self'  'unsafe-inline' *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: ts.w.org s.w.org ps.w.org *.irssolutions.com irssolutions.com *.linkedin.com www.facebook.com *.reddit.com *.hsforms.com *.hubspot.com *.hsappstatic.net *.doubleclick.net  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self'  s.w.org; object-src 'self' ; script-src 'self'  'unsafe-inline'  'unsafe-eval' *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net https://cdn.mouseflow.com https://ipinfo.io  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline' cdn.jsdelivr.net cdn.mouseflow.com *.licdn.com *.hs-scripts.com *.facebook.net *.redditstatic.com *.hsforms.net *.hscollectedforms.net *.hubspot.com *.hs-analytics.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.stripe.com https://cdnjs.cloudflare.com *.calconic.com *.googleadservices.com *.vimeo.com *.termly.io https://ipinfo.io  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self' ; style-src 'self'  'unsafe-inline' *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net  *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net  *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline' ; worker-src 'self'  blob:; 1
script-src https://www.gstatic.com/ https://translate.google.com/ https://translate.googleapis.com/ https://translate-pa.googleapis.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://www.gstatic.com/ https://translate.googleapis.com/ https://fonts.googleapis.com/ 'self' 'unsafe-inline'; default-src 'self'; frame-src https://docs.e-iepdata.com 'self'; font-src https://www.gstatic.com/ https://fonts.gstatic.com/ 'self'; img-src data: https: 'self'; connect-src https://*.e-iepdata.com https://www.gstatic.com/ https://csp.withgoogle.com https://translate.googleapis.com/ https://translate-pa.googleapis.com 'self'; 1
default-src 'self' cscmarketing-cscglobal-test.azurewebsites.net cscmarketing-cscglobal-prod-container.azurewebsites.net *.cscglobal.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.swiftypecdn.com *.swiftype.com geoip-js.com *.geoip-js.com *.crazyegg.com *.zoominfo.com *.pingdom.net *.doubleclick.net *.maxmind.com pangea-marketing-bot-web-app.azurewebsites.net wss://directline.botframework.com directline.botframework.com *.botframework.com *.oribi.io *.hubspot.com *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.cookielaw.org *.onetrust.com *.zscalertwo.net px.ads.linkedin.com *.optimizely.com cscglobal-marketing-website-chatbot-app-service.azurewebsites.net; script-src 'self' cscmarketing-cscglobal-test.azurewebsites.net cscmarketing-cscglobal-prod-container.azurewebsites.net *.cscglobal.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.maxmind.com *.crazyegg.com *.gstatic.com *.zoominfo.com *.pingdom.net *.googleadservices.com *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.botframework.com webchat.botframework.com; worker-src mydev.cscglobal.com blob:; script-src-elem 'self' cscmarketing-cscglobal-test.azurewebsites.net cscmarketing-cscglobal-prod-container.azurewebsites.net *.cscglobal.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.maxmind.com *.crazyegg.com *.gstatic.com *.zoominfo.com *.pingdom.net *.googleadservices.com *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.botframework.com webchat.botframework.com *.licdn.com *.facebook.net *.youtube.com *.googlesyndication.com *.cookielaw.org *.zscalertwo.net *.googleoptimize.com *.marketo.com go.corptax.com corptax.cld.bz *.adroll.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hubspot.com *.optimizely.com 'unsafe-inline'; style-src 'self' cscmarketing-cscglobal-test.azurewebsites.net cscmarketing-cscglobal-prod-container.azurewebsites.net *.cscglobal.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.googleapis.com *.marketo.com go.corptax.com corptax.cld.bz 'unsafe-inline'; img-src 'self' cscmarketing-cscglobal-test.azurewebsites.net cscmarketing-cscglobal-prod-container.azurewebsites.net *.cscglobal.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com data: seal-delaware.bbb.org *.hsforms.com *.linkedin.com *.facebook.com *.doubleclick.net *.cookielaw.org *.crazyegg.com *.marketo.com go.corptax.com corptax.cld.bz *.adroll.com d.adroll.mgr.consensu.org x.bidswitch.net dsum-sec.casalemedia.com idsync.rlcdn.com sync.outbrain.com pixel.rubiconproject.com *.pubmatic.com *.taboola.com eb2.3lift.com ib.adnxs.com *.yahoo.com us-u.openx.net segments.company-target.com *.hubspot.com; font-src 'self' cscmarketing-cscglobal-test.azurewebsites.net cscmarketing-cscglobal-prod-container.azurewebsites.net *.cscglobal.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.gstatic.com data:; frame-src 'self' *.google.com *.youtube.com *.swiftypecdn.com *.swiftype.com *.facebook.com *.verse.com *.hsforms.com *.doubleclick.net *.googlesyndication.com *.wistia.net *.wistia.com *.marketo.com go.corptax.com corptax.cld.bz *.adroll.com *.optimizely.com; object-src 'none' 1
frame-ancestors 'none'; object-src 'self' 1
frame-ancestors 'self' *.purevpn.com purevpn.com *.purevpn.fr purevpn.fr *.purevpn.com.tw purevpn.com.tw *.purevpn.de purevpn.de 1
default "self" 1
default-src 'self';            script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.browsealoud.com https://*.google-analytics.com https://siteimproveanalytics.com https://*.googletagmanager.com https://*.google.com https://*.googleadservices.com https://*.gstatic.com https://*.facebook.net https://*.twitter.com https://cdn.syndication.twimg.com;            script-src-elem 'self' 'unsafe-inline' https://*.browsealoud.com https://*.google-analytics.com https://siteimproveanalytics.com https://www.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://connect.facebook.net https://www.gstatic.com https://*.twitter.com https://cdn.syndication.twimg.com;            style-src 'self' 'unsafe-inline' https://*.myfonts.net https://*.bootstrapcdn.com;            style-src-elem 'self' 'unsafe-inline' https://*.browsealoud.com https://*.googleapis.com https://*.myfonts.net https://*.bootstrapcdn.com https://*.twitter.com https://*.twimg.com;            img-src * data:;            font-src * data:;            connect-src 'self' https://*.google-analytics.com https://*.googleapis.com https://*.google.com https://*.browsealoud.com https://stats.g.doubleclick.net https://*.speechstream.net;            media-src * blob: data:;            frame-src 'self' https://*.iprox.nl https://*.waterschaplimburg.nl https://www.youtube.com https://*.google.com https://waterschap-limburg.vergunningen.info https://*.maps.arcgis.com https://*.arcgis.com https://*.twitter.com https://*.vimeo.com https://www.waterstandlimburg.nl https://*.doubleclick.net https://*.googletagmanager.com;            frame-ancestors 'self' https://*.iprox.nl https://*.waterschaplimburg.nl https://www.geleenbeekdal.nl https://www.waterleeftinbeek.nl https://www.wbl.nl https://www.zuidelijkmaasdal.nl https://wblnl.sharepoint.com;            report-uri https://infoprojects.report-uri.com/r/d/csp/enforce 1
default-src 'self' https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://region1.google-analytics.com; frame-src 'self' https://player.vimeo.com/ https://www.youtube.com/; script-src 'self' https://www.googletagmanager.com https://www.vimeo.com https://vimeo.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src *; 1
default-src 'self' data: 'unsafe-inline' https://static.cloudflareinsights.com https://cloudflareinsights.com 1
frame-ancestors 'self' https://resideo.ziftone.com/ https://proportal.resideo.com/ https://pro.resideo.com/ https://resideostaging.staging.ziftone.com/ https://resideo.netdimensions.com/ https://deploy-preview-437--resideo-pro.netlify.com/ https://fxm/ https://resideo-pro-perks.my-rewardsonline/ 1
script-src 'self' assets.adobedtm.com 'unsafe-inline' 'unsafe-eval' blob: ajax.googleapis.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com w.sharethis.com *.sharethis.com optanon.blob.core.windows.net cdn.cookielaw.org code.jquery.com geolocation.onetrust.com munchkin.marketo.net www.youtube.com s.ytimg.com assets.adobedtm.com 1
"default-src 'self';", "img-src *.ctfassets.net;" 1
frame-ancestors 'self' https://*.facebook.com/; frame-src 'self' googlevideo.com *.doubleclick.net *.hcaptcha.com www.youtube-nocookie.com www.youtube.com; default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.doubleclick.net *.google.com *.articulate.com *.b-ite.com *.cookiehub.net *.cookiehub.eu *.kaessbohrerag.com *.pistenbully.com *.beach-tech.com *.powerbully.com *.snowsat.com *.proacademy.info *.kcomposites.com fonts.googleapis.com fonts.gstatic.com *.googletagmanager.com *.google-analytics.com www.google.com connect.facebook.net www.facebook.com www.google.de www.googleadservices.com i.vimeocdn.com player.vimeo.com img.youtube.com i.ytimg.com www.youtube.com www.gstatic.com cx.atdmt.com www.google.ie cookiehub.net s.ytimg.com www.youtube-nocookie.com noembed.com googlevideo.com cdn.plyr.io jobs.b-ite.com salesviewer.org salesviewer.com https://api.friendlycaptcha.com *.hcaptcha.com blob: 1
frame-ancestors https://*.builder.io https://builder.io http://localhost:3000 http://localhost:9009 https://*.brunnerworks.com https://*.vercel.app 1
default-src 'self' https://sentry.io/ https://plausible.io/; base-uri 'self'; frame-ancestors 'self'; form-action 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' cdn.tiny.cloud https://*.googletagmanager.com api.reciteme.com *.hotjar.com www.google-analytics.com; style-src 'self' fonts.googleapis.com 'unsafe-inline' cdn.tiny.cloud api.reciteme.com https://*.hotjar.com 'unsafe-inline'; object-src 'none'; base-uri 'self';connect-src 'self' *.applicationinsights.azure.com *.monitor.azure.com cdn.tiny.cloud https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.reciteme.com www.google.co.uk stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; font-src fonts.gstatic.com 'self' api.reciteme.com data: https://*.hotjar.com; frame-src 'self'; child-src 'self'; img-src *; manifest-src 'self';media-src 'self' api.reciteme.com; 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.xn--d1aqf.xn--p1ai 1
default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.googletagmanager.com https://ajax.googleapis.com  https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleapis.com; img-src 'self' https://access.equalweb.com https://www.google-analytics.com https://fonts.googleapis.com https://ssl.google-analytics.com https://code.jquery.com https://s-static.ak.facebook.com https://assets.zendesk.com https://maps.gstatic.com https://*.googleapis.com data: ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com  https://themes.googleusercontent.com; frame-src 'self' https://www.youtube.com https://www.google.com https://player.vimeo.com https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://weatherwidget.io; connect-src 'self' https://*.googleapis.com https://*.googleapis.com https://access.equalweb.com https://www.google-analytics.com https://va.tawk.to https://cdn.equalweb.com; object-src 'none' 1
frame-ancestors 'self' storymaps.arcgis.com 1
frame-ancestors 'self' http://www.kwalitywalls.in unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
frame-ancestors 'self' https://www-buickgmcanzures-com-mx.wpsegment15.proj.wpx.gm.com https://www.buickgmcanzures.com.mx https://www.chevroletjilotepec.com.mx https://www.chevroletamericasmotors.com.mx https://www.chevroletsanjuandelrio.com.mx https://www.chevroletcalidadsanjeronimo.com.mx https://www-chevroletamericasmotors-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletsanjuandelrio-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletcalidadsanjeronimo-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletconstituyentes-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletamericasmotors-com-mx.wpsegment15.prd1.wpx.gm.com https://www-chevroletsanjuandelrio-com-mx.wpsegment15.prd1.wpx.gm.com https://www-chevroletcalidadsanjeronimo-com-mx.wpsegment15.prd1.wpx.gm.com https://www-chevroletconstituyentes-com-mx.wpsegment15.prd1.wpx.gm.com https://z1.le.liveperson.net https://www-chevroletherrerazac-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletherrerazac-com-mx.wpsegment15.prd2.wpx.gm.com https://www.chevroletherrerazac.com.mx https://www-chevroletcentrohistorico-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletcentrohistorico-com-mx.wpsegment15.prd2.wpx.gm.com https://www.chevroletcentrohistorico.com.mx https://www-chevroletconstituyentes-com-mx.wpsegment15.prd1.wpx.gm.com https://www-chevroletconstituyentes-com-mx.wpsegment15.proj.wpx.gm.com https://www.chevroletconstituyentes.com.mx http://www.chevroletcentrohistorico.com https://www.chevrolet.com.co https://www.chevroletsf.com.co  https://www-chevrolet-com-co.prd1a.wpx.gm.com/plan-siempre-chevrolet https://www-buickgmccadillacloscabos-com-mx.proj.wpx.gm.com/ https://www-buickgmccadillacloscabos-com-mx.prd1.wpx.gm.com/ https://www.buickgmccadillacloscabos.com.mx/ https://www-chevroleteltreboluniversidad-com-mx.proj.wpx.gm.com/ https://www-chevroleteltreboluniversidad-com-mx.prd1.wpx.gm.com/ https://www.chevroleteltreboluniversidad.com.mx/ https://www-buickgmccuautla-com-mx.proj.wpx.gm.com/ https://www-buickgmccuautla-com-mx.prd1.wpx.gm.com/ https://www.buickgmccuautla.com.mx/ 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-1c088fb5c2a2fa4ae72e65e1006c0c6f'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-5767be2e3ebfa70ede0c51f1c2ad6490'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io *.contentful.com bid.g.doubleclick.net *.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net https://*.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net *.contentful.com 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com images.ctfassets.net https://cdn.jsdelivr.net https://unpkg.com/@rive-app/canvas@2.10.1/rive.wasm *.litix.io https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com https://*.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' 'sha256-cc60iDuEUKTNkKYpz2vlEgGOssRRzDfo9rv0YBux2ak=' https://app.getreprise.com *.litix.io *.contentful.com https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com 'strict-dynamic' 'nonce-M2I5NDZmNDItNDU4NC00ODIxLWIzMGUtMWVmZDlhNzcxODYx'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
default-src 'self'; connect-src *; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' blob: data: https://*.hostserver.de/ https://www.w3.org/ https://www.hosttest.de/images/ https://s.w.org/ https://ps.w.org/ https://www.gstatic.com/images/branding/product/2x/translate_24dp.png; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://cdn.jsdelivr.net/npm/ https://platform.twitter.com/widgets/widgets.js https://www9.hostserver.de/piwik/piwik.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://ajax.googleapis.com/ajax/libs/webfont/; style-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com/; object-src 'self'; base-uri 'self'; frame-src 'self' https://www9.hostserver.de/ https://www.google.com/recaptcha/; worker-src https://www.google.com/recaptcha/; report-uri /csp/report.php 1
object-src 'none'; connect-src 'self' *.zappar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com api.hubapi.com stats.g.doubleclick.net forms.hubspot.com apikeys.civiccomputing.com googleads.g.doubleclick.net cdn.linkedin.oribi.io pagead2.googlesyndication.com https://forms.hscollectedforms.net https://cta-service-cms2.hubspot.com https://api.getrewardful.com/referrals/track analytics.tiktok.com https://*.clarity.ms https://px.ads.linkedin.com https://bat.bing.com/actionp/ *.hubspot.com js.hscta.net https://*.litix.io https://*.algolia.net https://pipedream.wistia.com/mput https://*.wistia.net ads-twitter.com ads-api.twitter.com analytics.twitter.com; script-src 'self' *.zappar.com player.vimeo.com vod-progressive.akamaized.net netdna.bootstrapcdn.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.wistia.net https://*.wistia.net https://www.googleadservices.com/pagead/ use.typekit.net snap.licdn.com blob: connect.facebook.net js.hubspotfeedback.com cc.cdn.civiccomputing.com js.hubspotfeedback.com https://*.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com js.hsleadflows.net js.hsforms.net *.hsforms.net *.hsforms.com js.hubspotfeedback.com https://src.litix.io https://player.vimeo.com https://js.hubspot.com bat.bing.com analytics.tiktok.com www.clarity.ms *.hubspot.com js.hscta.net https://static.ads-twitter.com/uwt.js 'nonce-WuBT8rqEH+alTlg3vGms5A=='; default-src 'self' *.zappar.com player.vimeo.com vod-progressive.akamaized.net netdna.bootstrapcdn.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.wistia.net; media-src 'self' *.zappar.com player.vimeo.com vod-progressive.akamaized.net netdna.bootstrapcdn.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.wistia.net download-video.akamaized.net 200vod-adaptive.akamaized.net https://embed.wistia.com/tiny.mp4 http://embed.wistia.com/tiny.mp4; style-src 'self' *.zappar.com player.vimeo.com vod-progressive.akamaized.net netdna.bootstrapcdn.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.wistia.net 'unsafe-inline' fonts.googleapis.com netdna.bootstrapcdn.com https://fast.wistia.com; font-src 'self' fonts.gstatic.com data: netdna.bootstrapcdn.com https://*.wistia.com; frame-src 'self' *.zappar.com www.youtube.com platform.twitter.com player.vimeo.com app.hubspot.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.doubleclick.net https://*.g.doubleclick.net *.hs-sites.com *.hubspot.com bytedance: sslocal: https://fast.wistia.com https://fast.wistia.net; base-uri 'none'; img-src https://*.wistia.net ads-twitter.com ads-api.twitter.com analytics.twitter.com 'self' data: https: *.hubspot.com no-cache.hubspot.com js.hscta.net analytics.tiktok.com 1
default-src 'self' https://us-west-2.quicksight.aws.amazon.com/ *.pendo.io data:;  media-src 'self' *.pendo.io  *.responsivevoice.org; frame-ancestors 'self' https://*.quicksight.aws.amazon.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval';  script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://kit-free.fontawesome.com/releases/latest/css/ https://www.gstatic.com/firebasejs/5.5.8/ https://www.gstatic.com/firebasejs/5.5.8/ https://unpkg.com/amazon-quicksight-embedding-sdk@1.0.15/dist/quicksight-embedding-js-sdk.min.js *.pendo.io; style-src 'self' 'unsafe-inline' *.fontawesome.com https://kit-free.fontawesome.com/releases/latest/css/ *.pendo.io https://cdn.pendo.io;   style-src-elem 'self' 'unsafe-inline' *.fontawesome.com https://kit-free.fontawesome.com/releases/latest/css/ *.pendo.io;  font-src 'self' *.fontawesome.com https://fonts.gstatic.com https://use.typekit.net;  connect-src 'self' https://*.quicksight.aws.amazon.com/ *.fontawesome.com https://*.vstalert.com https://*.vst-one.com https://kit-free.fontawesome.com/releases/latest/css/ https://fcm.googleapis.com/fcm/connect/subscribe https://test.vstalert.com/Newui/Scripts/* https://www.gstatic.com/firebasejs/5.5.8/;             img-src 'self' https://via.placeholder.com/ https://placehold.co/ https://assets.vstalert.com https://test-assets.vstalert.com https://i.imgur.com/ https://imgur.com/ *.pendo.io/ data:; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-ZTrqm0SYqWKULo8eSEUmmA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; worker-src blob: 'self'; frame-ancestors https://*.lenovo.com 1
default-src * data: blob: 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sodonsolution.org *.sodonsolution.com www.google-analytics.com www.googletagmanager.com www.gstatic.com maps.gstatic.com maps.googleapis.com cse.google.com www.google.com www.youtube.com connect.facebook.net staticxx.facebook.com graph.facebook.com platform.twitter.com  s.ytimg.com static.whatshelp.io certify-js.alexametrics.com cdnjs.cloudflare.com static.getbutton.io js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.usemessages.com js.hscollectedforms.net geo.erxes.io;style-src 'self' 'unsafe-inline' *.sodonsolution.org  *.sodonsolution.com www.gstatic.com cse.google.com www.google.com static.whatshelp.io geo.erxes.io;connect-src 'self' *.sodonsolution.org *.sodonsolution.com www.google-analytics.com www.googletagmanager.com analytics.google.com stats.g.doubleclick.net connect.facebook.net staticxx.facebook.com graph.facebook.com api.hubspot.com forms.hubspot.com whatshelp.io geo.erxes.io www.membership.mn:8080 *.trademongolia.mn; 1
default-src     'self' ; img-src         'self' data: https://*.pxia.de https://www.apcoa.pl https://vm-apcoa-typo3-04 https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.google.de *.facebook.com *.solvemate.com https://*.zohocdn.com https://*.zohopublic.eu https://*.newsletter2go.com https://*.linkedin.com https://www.apcoa.se https://*.zohostatic.eu https://*.zoho.eu https://*.wikimedia.org https://www.googletagmanager.com https://*.click4assistance.co.uk https://*.cookiebot.com https://*.tiktok.com https://*.apcoa.de https://*.usercentrics.eu;  script-src      'self' 'unsafe-inline' 'unsafe-eval' https://*.bootstrapcdn.com https://fonts.googleapis.com/css/ https://*.bootstrapcdn.com https://*.pxia.de https://vm-apcoa-typo3-04 https://consent.cookiebot.com https://www.googletagmanager.com https://consentcdn.cookiebot.com https://*.google.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.mana-hr.net https://*.facebook.net https://www.google-analytics.com/ https://*.doubleclick.net https://*.zoho.eu https://*.zohocdn.com https://*.newsletter2go.com;  script-src-elem 'self' 'unsafe-inline' https://*.park-control.de/ https://www.google-analytics.com/analytics.js https://*.bootstrapcdn.com https://fonts.googleapis.com/css/ https://*.google.com https://consent.cookiebot.com https://www.googletagmanager.com https://consentcdn.cookiebot.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.gstatic.com *.solvemate.com www.googleadservices.com *.facebook.net *.doubleclick.net *.mana-hr.net https://*.zoho.eu https://*.zohostatic.eu *.zohocdn.com https://*.newsletter2go.com https://www.google-analytics.com https://sc-static.net stats.docu.info https://leie.apcoa.no https://services.apcoa.no https://tr.snapchat.com *.livechatinc.com https://*.licdn.com https://*.hotjar.com https://*.click4assistance.co.uk https://*.zendesk.com https://*.zdassets.com https://*.tiktok.com https://*.usercentrics.eu;  style-src       'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com *.solvemate.com https://*.zohocdn.com *.bootstrapcdn.com https://*.zohostatic.eu;  font-src        'self' data: https://*.googleapis.com https://fonts.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com *.solvemate.com *.zohocdn.com https://*.zohostatic.eu;  frame-src       'self' https://consentcdn.cookiebot.com https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com *.apcoa.de *.mana-hr.net *.mana-jobs.de https://maps.google.com http://europark.easycruit.com https://tr.snapchat.com https://*.zohopublic.eu https://*.zoho.eu *.apcoa.no https://*.facebook.com https://*.livechatinc.com https://apcoa-rec.trustit.org http://prelive02.apcoa.com https://docs.google.com https://*.click4assistance.co.uk https://*.q2c.eu https://*.apcoa.se https://*.doubleclick.net https://*.googletagmanager.com https://*.usercentrics.eu;  worker-src       data: blob: 'unsafe-eval' 'unsafe-inline';  object-src      'self' ;  connect-src     'self' https://*.park-control.de https://*.google-analytics.com https://*.googleapis.com https://*.cookiebot.com *.google.com *.doubleclick.net *.solvemate.com *.facebook.com https://*.zoho.eu *.zohopublic.eu wss://vts.zohopublic.eu https://*.newsletter2go.com https://tr.snapchat.com https://*.linkedin.oribi.io https://pagead2.googlesyndication.com https://*.zdassets.com https://*.zendesk.com https://www.apcoa.pl https://*.apcoa.de https://*.pangle-ads.com https://*.tiktok.com https://*.usercentrics.eu;  media-src       'self' data: https://*.googleapis.com https://fonts.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com *.solvemate.com *.zohocdn.com; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-AVtwgzE3gPxkpidmmfHs8A' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src https: ws:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1
default-src *; style-src 'self' https://* 'unsafe-inline'; font-src 'self' data: https://* 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://* data:; 1
default-src 'self' * *.doubleclick.net/ *.google-analytics.com/ *.googletagmanager.com/ *.google.com/ *.onetrust.com/ *.jsdelivr.net/ *.googleapis.com/ 'unsafe-inline' ;  font-src 'self' fonts.gstatic.com/  fonts.googleapis.com/ *.google.com/  *.google.com/ *.onetrust.com/ *.jsdelivr.net/ *.googleapis.com/  'unsafe-inline' ;style-src 'self' *.jsdelivr.net fonts.googleapis.com/ *.onetrust.com/ 'unsafe-inline';script-src 'self' https://analytics.tiktok.com *.doubleclick.net/ *.googleadservices.com/ *.facebook.net/ *.google-analytics.com/ *.googletagmanager.com/ *.google.com/ *.google.com.br/  *.cookielaw.org/ *.onetrust.com/ *.jsdelivr.net/ *.googleapis.com/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' https://analytics.tiktok.com *.doubleclick.net/ *.facebook.net/ *.facebook.com/ *.googleadservices.com/ *.googletagmanager.com/ *.google-analytics.com/ *.google.com/ *.gstatic.com/ *.cookielaw.org/ *.onetrust.com/ *.jsdelivr.net/ *.googleapis.com/ 'unsafe-inline';img-src 'self' data: https://analytics.tiktok.com *.facebook.com *.cookielaw.org *.youtube.com *.google.com *.google.com.br *.google-analytics.com *.onetrust.com *.maternidadebrasilia.com.br *.jsdelivr.net *.googleapis.com/ 1
default-src https: 'unsafe-inline'; img-src https: data: icon-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; 1
connect-src 'self' https://*.cookiehub.net https://*.luigisbox.com https://*.medirex.sk https://*.mdx.sk https://*.google-analytics.com https://*.googletagmanager.com https://pagead2.googlesyndication.com https://*.google.com https://*.quarticon.it https://googleads.g.doubleclick.net https://*.hotjar.io wss://ws.hotjar.com https://*.googleapis.com https://*.vimeo.com *.foxentry.com *.foxentry.cz; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.medirex.sk https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://apiv2.popupsmart.com https://notify.mdx.sk https://www.recaptcha.net *.quarticon.it *.quarticon.com *.quartic.pl *.luigisbox.com https://conversations.app-us1.com https://prism.app-us1.com https://trackcmp.net https://wp-ui.app-us1.com https://diffuser-cdn.app-us1.com https://qjs.557342f73ecb8f4b.medirex.sk medirexgroup.ladesk.com web-sdk.smartlook.com https://www.googleoptimize.com/optimize.js optimize.google.com https://cookiehub.net https://cdn.cookiehub.eu https://scripts.luigisbox.com https://cdn.luigisbox.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://*.googletagmanager.com *.foxentry.com *.foxentry.cz; frame-ancestors https://lekarskazona.medirex.sk; upgrade-insecure-requests; 1
default-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com * https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * *.google.com/ https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://www.googletagmanager.com/ js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com * https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.magezon.com https://www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com * https://polyfill-fastly.io https://browser.sentry-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com/ https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.mollie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com * https://static.klaviyo.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com * http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com * https://*.ingest.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; object-src 'self'; frame-ancestors 'self' https://www.monespaceconso.com 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://ct.pinterest.com https://ampcid.google.hr https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.hr; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.hr https://m.myprotein.hr https://checkout.myprotein.hr https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myprotein.hr; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.zenaps.com https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.akamaihd.net https://www.awin1.com https://*.hotjar.com https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://ct.pinterest.com https://ampcid.google.ro https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.ro; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.ro https://m.myprotein.ro https://checkout.myprotein.ro https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myprotein.ro; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https:; font-src *; connect-src https: ws:; frame-src https: 1
default-src 'self'; base-uri 'self'; child-src 'self'; connect-src wss: ws: vimeo.com rebound.postmarkapp.com *.ofri.ch ofri.matomo.cloud gist-queue-consumer-api.cloud.gist.build *.posthog.com *.sentry.io; font-src 'self' data: *.ofri.ch fonts.gstatic.com fonts.googleapis.com; form-action 'self' ofri.us1.list-manage.com; frame-ancestors 'none'; frame-src 'self' player.vimeo.com ofri.payrexx.com *.widget.cluster.groovehq.com renderer.gist.build code.gist.build dispatcher.payrexx.com *.postfinance.ch www.youtube.com; img-src 'self' blob: data: *.vimeocdn.com *.cloudinary.com *.openstreetmap.org *.ofri.ch ofri.matomo.cloud track-eu.customer.io ofri-files-production.s3.eu-central-1.amazonaws.com s3-eu-central-1.amazonaws.com/ofri-files-production/ s3-eu-west-1.amazonaws.com/file-bucket-prod/; manifest-src 'self' ofri.cloudflareaccess.com *.ofri.ch; media-src 'self' data: *.widget.cluster.groovehq.com; object-src 'self'; script-src 'self' 'unsafe-eval' ajax.cloudflare.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' blob: *.ofri.ch ofri.cloudflareaccess.com code.gist.build *.cloudflare.com *.cluster.groovehq.com *.customer.io *.matomo.cloud *.posthog.com *.postmarkapp.com www.youtube.com; style-src 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *.ofri.ch fonts.googleapis.com; worker-src 'self'; report-uri /csp/violation 1
connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://accounts.google.com; img-src * 'self' data: blob: https://*.google-analytics.com https://*.googletagmanager.com https://secure.gravatar.com; script-src 'self' https://www.google.com https://accounts.google.com https://www.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com 'sha256-cueLIjf7+saT+qlPuHeFx6d9eEbuC4uiq1aRQOb3VGU='; frame-src 'self' https://www.facebook.com https://web.facebook.com https://www.youtube.com https://platform.twitter.com https://www.google.com https://accounts.google.com https://docs.google.com https://staticxx.facebook.com https://syndication.twitter.com blob:; report-uri /cspreport.php 1
connect-src *.facebook.com *.facebook.net *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bam.eu01.nr-data.net oswald-info.com consentcdn.cookiebot.com test.saferpay.com www.saferpay.com saferpay.com oswald-ch.betaroiup.com *.betaroiup.com www.oswald.ch www.oswald-shop.com tablet.oswald.ch *.oswald-shop.com *.oswald.ch *.adt603.net ads.microsoft.com google.ch *.sovendus.com *.google.ch *.google.at *.google.de clarity.ms *.clarity.ms bat.bing.com www-pre-oswald-ch.oswald-info.com pre-tablet.oswald-info.com pagead2.googlesyndication.com *.moengage.com; default-src test.saferpay.com www.saferpay.com saferpay.com 'self'; font-src data: *.gstatic.com *.doubleclick.net *.facebook.com *.fontawesome.com 'self' *.betaroiup.com; frame-src *.google.com *.doubleclick.net *.facebook.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com test.saferpay.com www.saferpay.com saferpay.com *.youtube.com *.vimeo.com *.cookiebot.com *.betaroiup.com 'unsafe-inline' e.issuu.com oswald.jobbase.io 'self' *.sovendus.com oswald.onlyfy.jobs bat.bing.com *.moengage.com; form-action *.redsys.es *.sermepa.es secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com test.saferpay.com www.saferpay.com saferpay.com 'self' *.betaroiup.com www.facebook.com *.facebook.net; img-src data: 'self' amasty.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googleapis.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net i.ytimg.com www.paypalobjects.com t.paypal.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com *.betaroiup.com *.oswald-info.com ade.googlesyndication.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com test.saferpay.com www.saferpay.com saferpay.com s.ytimg.com widgets.magentocommerce.com www.google.co.in *.google.co.zm *.google.co.za *.google.rs *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.profity.ch ads.microsoft.com *.sovendus.com oswald-info.com ad.doubleclick.net j.clarity.ms c.clarity.ms c.bing.com bat.bing.com *.moengage.com moe-email-campaigns.s3.amazonaws.com imgsct.cookiebot.com; script-src *.google.bg *.facebook.com *.facebook.net *.doubleclick.net polyfill.io *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net js.braintreegateway.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com bam.eu01.nr-data.net js-agent.newrelic.com oswald-info.com cdn.freshmarketer.com www.googletagservices.com pagead2.googlesyndication.com static.trbo.com api-v4.trbo.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com jquery.sellxed.com test.saferpay.com www.saferpay.com saferpay.com cdn-scripts.signifyd.com www.youtube.com video.google.com oswald-ch.betaroiup.com 'self' 'unsafe-hashes' 'unsafe-eval' *.betaroiup.com 'unsafe-inline' tablet.oswald.ch *.oswald.ch *.oswald-shop.com oswald.jobbase.io gtm.adt313.net *.profity.ch ads.microsoft.com api.gutscheinconnection.de www.gutscheinconnection.de connect.facebook.net *.sovendus.com *.clarity.ms oswald.onlyfy.jobs bat.bing.com js.fraugster.com *.moengage.com embed.typeform.com bootstrapcdn.com stackpath.bootstrapcdn.com; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.googleapis.com *.fontawesome.com 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.betaroiup.com www.oswald-shop.com *.moengage.com fonts.bunny.net fontawesome.com stackpath.bootstrapcdn.com cdn.jsdelivr.net; report-uri /.webscale/csp-report 1
form-action 'self' direct.smbc.co.jp login.paypay-bank.co.jp www.personal.billingjapan.co.jp;script-src 'self' *.gstatic.com *.google.com www.googletagmanager.com www.google-analytics.com assets.tumblr.com sp.zalo.me za.zdn.vn 'unsafe-inline' 'unsafe-eval';style-src 'self' fonts.googleapis.com fonts.gstatic.com 'unsafe-inline'; 1
frame-ancestors 'self' http://www.philips.si *.philips.com *.philips.si https://philipsigtdpv.com 1
default-src 'self' https: *.piscineco.fr *.avis-verifies.com *.google-analytics.com *.criteo.net *.criteo.com *.avis-verifies.com *.skeepers.io *.youtube.com *.doubleclick.net *.googleapis.com *.gstatic.com *.youtu.be *.googleusercontent.com *.google.com *.doofinder.com *.consentframework.com; font-src https: 'self' data:; img-src 'self' https: *.piscineco.fr data:; media-src 'self' https: *.piscineco.fr; frame-src 'self' https: *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.googletagmanager.com; style-src 'self' 'unsafe-inline' https: *.piscineco.fr *.googleapis.com *.cloudflare.com *.jsdelivr.net; 1
default-src 'self' 'nonce-66a3069c9cbad' https://fonts.gstatic.com 1
default-src 'self' wss://pod-29.zendesk.com/sc/faye wss://widget-mediator.zopim.com maps.googleapis.com api.tumblr.com code.jquery.com *.google-analytics.com https://www.googletagmanager.com ajax.googleapis.com fonts.gstatic.com https://*.fontawesome.com/ http://*.trustpilot.com/ https://*.cookiebot.com/ https://*.zendesk.com/ https://*.zdassets.com/ https://*.doubleclick.net/ https://*.mailchimp.com/; script-src 'self' wss://pod-29.zendesk.com/sc/faye wss://widget-mediator.zopim.com maps.googleapis.com api.tumblr.com code.jquery.com assets.calendly.com calendly.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.google-analytics.com https://www.googletagmanager.com ajax.googleapis.com 'unsafe-inline' https://*.fontawesome.com/ http://*.trustpilot.com/ https://*.cookiebot.com/ https://*.zendesk.com/ https://*.zdassets.com/ https://*.doubleclick.net https://*.agilecrm.com https://*.cloudflare.com/ https://*.mailchimp.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.fontawesome.com/; frame-src 'self' assets.calendly.com calendly.com https://*.cookiebot.com/ https://*.youtube.com/ http://*.trustpilot.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'self' imgsct.cookiebot.com https://static.zdassets.com/ 64.media.tumblr.com maps.gstatic.com maps.googleapis.com data: *.google-analytics.com https://www.googletagmanager.com; frame-ancestors 'self' 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.typekit.net *.trustedshops.com *.googleapis.com *.shoplongino.it *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com *.mgfproject.com 'self' connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google.com *.hotjar.com www.facebook.com *.shoplongino.it *.salesmanago.pl *.salesmanago.com *.doubleclick.net *.doofinder.com https://www.googletagmanager.com/ int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.google.com *.google.it *.googletagmanager.com www.facebook.com mcusercontent.com *.shoplongino.com *.shoplongino.it *.google.de https://px.ads.linkedin.com *.linkedin.com/ *.trustpilot.com *.google-analytics.com *.longino.it *.shoplongino.hk *.shoplongino.ae *.amazonaws.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ maps.gstatic.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com cdn.klarna.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.safemage.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.gstatic.com *.clerk.io *.cookielaw.org *.onetrust.com *.googletagmanager.com *.magentosite.cloud *.eu-3.magentosite.cloud *.google-analytics.com *.doubleclick.net/ *.google.com *.quantserve.com rules.quantcount.com *.adform.net snap.licdn.com *.nr-data.net *.newrelic.com chimpstatic.com data: *.mailchimp.com www.facebook.com *.facebook.net *.list-manage.com *.hotjar.com *.popupsmart.com https://cdn.jsdelivr.net *.tiktok.com *.tradedoubler.com *.shoplongino.it *.iubenda.com *.doofinder.com *.chatbase.co *.wordlift.io http://www.googletagmanager.com/ https://www.googletagmanager.com/ maps.googleapis.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com downloads.mailchimp.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com www.google.com www.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.scalapay.com b2c-cdn.scalapay.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.mailchimp.com *.popupsmart.com *.googleapis.com *.gstatic.com *.shoplongino.it *.doofinder.com *.chatbase.co downloads.mailchimp.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cookielaw.org *.google-analytics.com *.doubleclick.net *.nr-data.net *.hotjar.com https://api.ipgeolocation.io *.tiktok.com *.zdassets.com *.zendesk.com *.shoplongino.it *.googleapis.com ajax.googleapis.com *.google.com *.google.de *.hotjar.io *.iubenda.com *.saleago.com *.linkedin.oribi.io *.googlesyndication.com *.popupsmart.com wss://*.hotjar.com *.doofinder.com wss://*.doofinder.com *.chatbase.co *.wordlift.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https://* data: blob: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' *.narvar.com narvar.com *.integrations-narvar.com; base-uri 'self'; 1
frame-ancestors 'self'; default-src 'self' data: https: wss:; frame-src 'self' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https://fonts.gstatic.com https://app.conversation24.com; script-src 'nonce-epUQG0apwoGWAK1K6urFyNZiWSK3hNjT' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'self' https: http:; report-uri /.netlify/functions/__csp-violations 1
report-uri /csp_report_parser 1
default-src https: 'unsafe-inline' data: 1
frame-ancestors 'self' www.bibliotecanacionaldigital.gob.cl www.chileparaninos.gob.cl www.memoriachilena.gob.cl www.bibliotecanacionaldigital.cl www.chileparaninos.cl www.memoriachilena.cl; 1
font-src fonts.gstatic.com use.typekit.net *.bglobale.com *.global-e.com *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.r1.ddlnk.net/signup.ashx *.emails.buissonniere.com/signup.ashx *.facebook.com *.global-e.com *.bglobale.com *.google.com *.belgium-3ds-bxl.wlp-acs.com *.wlp-acs.com *.zdassets.com *.zendesk.com *.smooch.io *.buissonniere.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.bglobale.com *.global-e.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.vimeo.com *.ytimg.com *.addthis.com *.facebook.com *.google.com *.belgium-3ds-bxl.wlp-acs.com *.wlp-acs.com *.zdassets.com *.zendesk.com *.smooch.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com maps.gstatic.com maps.googleapis.com *.trackedlink.net *.bglobale.com *.global-e.com *.alothemes.com *.magepow.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.postcodeanywhere.co.uk *.gstatic.com *.googleapis.com *.ytimg.com *.buissonniere.com *.amazonaws.com *.facebook.com *.google.com *.belgium-3ds-bxl.wlp-acs.com *.wlp-acs.com *.zdassets.com *.zendesk.com *.smooch.io *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.adyen.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.bglobale.com *.global-e.com *.alothemes.com *.magepow.com connect.facebook.net graph.facebook.com business.facebook.com *.pcapredict.com *.postcodeanywhere.co.uk *.googleapis.com *.ytimg.com *.addthis.com *.moatads.com *.addthisedge.com *.google.com *.facebook.com *.adobe.net *.adobetm.com *.belgium-3ds-bxl.wlp-acs.com *.wlp-acs.com *.zdassets.com *.zendesk.com *.smooch.io *.bpost.be *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.bglobale.com *.global-e.com *.alothemes.com *.magepow.com *.postcodeanywhere.co.uk *.belgium-3ds-bxl.wlp-acs.com *.wlp-acs.com *.zdassets.com *.zendesk.com *.smooch.io tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.magento-datasolutions.com *.magento-ds.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.alothemes.com *.magepow.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.postcodeanywhere.co.uk *.googleapis.com *.ytimg.com *.addthis.com *.global-e.com *.doubleclick.net mcstaging.buissonniere.com *.analytics.google.com *.google.com *.belgium-3ds-bxl.wlp-acs.com *.wlp-acs.com *.zdassets.com *.zendesk.com *.smooch.io *.api.eu-1.smooch.io *.bpost.be *.google-analytics.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' vimeo.com *.vimeo.com td.doubleclick.net medpage.co.il api.poloriz.com widgets.poloriz.com widget.poloriz.com wss://*.hotjar.com https://open.spotify.com https://embed.podcasts.apple.com https://attestation.android.com w.soundcloud.com *.camoni.co.il *.gstatic.com *.g.doubleclick.net *.onesignal.com onesignal.com *.outbrainimg.com *.outbrain.com youtube.com *.youtube.com *.googlesyndication.com *.google.com *.zoomanalytics.co  *.zoomengage.com       *.google.co.il *.googleadservices.com console.googletagservices.com www.googletagservices.com *.google-analytics.com *.facebook.com *.hotjar.com *.hotjar.io *.addthis.com *.crwdcntrl.net *.vimeo.com *.ted.com *.transistor.fm;;    frame-ancestors 'self' vimeo.com *.vimeo.com *.vimeocdn.com www-ms-israel-co-il.filesusr.com editor.wix.com www-israeli-heart-org.filesusr.com *.israeli-heart.org israeli-heart.org hospitals.clalit.co.il *.clalit.co.il clalit.co.il *.ms-israel.co.il *.camoni.co.il     *.neeman.org.il neeman.org.il *.onesignal.com onesignal.com *.transistor.fm;    script-src 'self' 'unsafe-inline' 'unsafe-eval' *.camoni.co.il     *.vimeo.com widgets.poloriz.com widget.poloriz.com d2xerlamkztbb1.cloudfront.net d221oziut8gs4d.cloudfront.net d2z0twhaibasxg.cloudfront.net d2ichgn6omvugs.cloudfront.net d153e9at4fnie6.cloudfront.net d1wu4soocuytwy.cloudfront.net drwfflduv8b86.cloudfront.net d31h7krfuoootc.cloudfront.net d39xfemx07z9k2.cloudfront.net *.defybrick.com *.zoomengage.com     youtube.com *.youtube.com z.moatads.com *.cloudfront.net console.googletagservices.com www.googletagservices.com *.outbrain.com cheqzone.b-cdn.net *.cheqzone.com *.zoomanalytics.co       cdn.onesignal.com onesignal.com *.gstatic.com *.googlesyndication.com *.safeframe.googlesyndication.com *.g.doubleclick.net www.googletagmanager.com www.google-analytics.com ajax.googleapis.com       *.crwdcntrl.net *.sekindo.com googleadservices.com *.googleadservices.com *.google.com *.google.co.il *.hotjar.com *.zoomanalytics.co connect.facebook.net cdn.onesignal.com *.addthis.com v1.addthisedge.com;    font-src 'self' *.camoni.co.il fonts.gstatic.com ;    style-src 'self' 'unsafe-inline' *.camoni.co.il widgets.poloriz.com widget.poloriz.com onesignal.com fonts.googleapis.com *.gstatic.com;base-uri 'self' *.camoni.co.il;    form-action 'self' *.camoni.co.il www.facebook.com;    img-src 'self' data: *.camoni.co.il *.vimeo.com *.vimeocdn.com *.onesignal.com widget.poloriz.com media.poloriz.com     d2xerlamkztbb1.cloudfront.net d221oziut8gs4d.cloudfront.net d2z0twhaibasxg.cloudfront.net d2ichgn6omvugs.cloudfront.net d153e9at4fnie6.cloudfront.net d1wu4soocuytwy.cloudfront.net drwfflduv8b86.cloudfront.net d31h7krfuoootc.cloudfront.net d39xfemx07z9k2.cloudfront.net *.zoomengage.com     *.outbrainimg.com *.outbrain.com *.cheqzone.com *.facebook.net *.facebook.com     *.google.com *.google.co.il *.g.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.safeframe.googlesyndication.com     *.sekindo.com *.safeframe.googlesyndication.com *.google-analytics.com *.cloudfront.net *.ytimg.com *.vimeocdn.com *.tedcdn.com; 1
frame-ancestors 'self' consorcio.cl ccbolsa.cl emma.cl bolsadesantiago.com compliance-tracker.cl salesforce.com 1
default-src 'self' https://googleads.g.doubleclick.net/ https://www.google.com/ads/user-lists/ https://www.google.hu/ads/user-lists/ https://tpc.googlesyndication.com/safeframe/ https://www.youtube.com/embed/ https://server.infinety.hu/ https://*.safeframe.googlesyndication.com/safeframe/ ;                                     img-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://www.google.com/ads/ https://www.google.hu/ads/ https://csi.gstatic.com/ https://maps.googleapis.com/maps/ https://googleapis.com/ https://csi.gstatic.com/ https://maps.gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/ blob: 'self' https://ad.adverticum.net/banners/ https://ssl.google-analytics.com/ https://www.facebook.com/tr/ https://ap.lijit.com/ https://u.btserve.com/ https://ad-delivery.net/ https://www.facebook.com/ data: https://www.w3.org/2000/svg/ https://dmp.adform.net/dmp/profile/ https://x.bidswitch.net/ https://ad-delivery.net/px.gif https://tpc.googlesyndication.com/ https://securepubads.g.doubleclick.net/ https://googleads.g.doubleclick.net/pagead/ https://pagead2.googlesyndication.com/ blob: 'self' https://cm.g.doubleclick.net/ https://d5p.de17a.com/ https://sync.clickonometrics.pl/ https://ib.adnxs.com/ https://mq.wp.pl/ https://s1.adform.net/ https://adx.adform.net/ https://u.btserve.com/ data: https://www.w3.org/2000/svg/ https://script.hotjar.com/ https://static.hotjar.com/ https://w35.hotjar.com/ https://www.google.com/pagead/ https://optimize.google.com/ https://nemzeticegtar.hu/files/ https://www.nemzeticegtar.hu/files/  https://www.google.co.uk/ https://nctteszt.opten.hu/ https://admin.nemzeticegtar.hu/ https://i.imgur.com/ https://widget.molin.ai/ ;                                     style-src 'self' https: 'unsafe-inline' https://maxcdn.bootstrapcdn.com/font-awesome/ https://fonts.googleapis.com/ https://ad.adverticum.net/banners/ https://static.hotjar.com/ https://optimize.google.com/ ;                                     font-src 'self' https://fonts.gstatic.com/stats/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://themes.googleusercontent.com/static/fonts/lato/ https://script.hotjar.com/ https://static.hotjar.com/ https://w35.hotjar.com/ https://optimize.google.com/ https://cdnjs.cloudflare.com/ajax/libs/ ;                                     script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion.js https://www.google.com/recaptcha/api.js https://maps.google.com/maps/api/ https://maps.google.com/ https://maps.googleapis.com/ https://googleapis.com/ https://ad.adverticum.net/g3.js https://ls.hit.gemius.pl/ https://hu.hit.gemius.pl/xgemius.js https://www.googletagmanager.com https://ad.adverticum.net/g3.js https://www.googletagmanager.com/ https://static.hotjar.com/ https://optimize.google.com/ https://connect.facebook.net/en_US/fbevents.js https://unpkg.com/@dotlottie/player-component@latest/dist/dotlottie-player.mjs blob: 'self';                                     connect-src 'self' https://settings.luckyorange.net/ https://track.adform.net/ wss://in.visitors.live/socket.io/ wss://visitors.live/socket.io/ https://ad.adverticum.net/ https://fastlane.rubiconproject.com/a/api/fastlane.json https://adx.adform.net/adx/ https://securepubads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://csi.gstatic.com/ https://*.hotjar.com/ wss://*.hotjar.com/ https://vc.hotjar.io/ https://pagead2.googlesyndication.com/ https://script.4dex.io/adagio.js https://ice.360yield.com/ https://prg.smartadserver.com/ https://*.criteo.com/ https://www.facebook.com/tr/ https://www.google-analytics.com/ https://static.hotjar.com/ https://content.hotjar.io/ https://region1.google-analytics.com/ https://*.doubleverify.com/ https://region1.analytics.google.com/ https://maps.googleapis.com/ wss://molin.ai/ https://eu.posthog.com/ https://assets5.lottiefiles.com/ https://pheu.molin.ai/ https://lottie.host/18ceabf4-51c0-410e-8bce-1e1ee2924c57/gb9fKyPMO2.json https://widget.molin.ai/ ;                                     frame-src 'self' https://www.google.com/recaptcha/ https://googleads.g.doubleclick.net/pagead/ https://www.google.hu/ads/user-lists/ https://maps.googleapis.com/ https://googleapis.com/ https://tpc.googlesyndication.com/ https://ls.hit.gemius.pl/ https://www.youtube.com/embed/ https://occsz.e-cegjegyzek.hu/ https://server.infinety.hu/ https://vars.hotjar.com/ https://static.hotjar.com/ https://w35.hotjar.com/ https://*.safeframe.googlesyndication.com/ https://*.doubleverify.com/ https://*.rubiconproject.com/ https://*.criteo.com/ https://www.google.com/maps/ https://optimize.google.com/ ;                                     worker-src 'self' https://www.google.com/recaptcha/ https://googleads.g.doubleclick.net/pagead/ https://bid.g.doubleclick.net/ https://www.google.hu/ads/user-lists/ https://ls.hit.gemius.pl/ https://ad.adverticum.net/external/ https://ad.adverticum.net/banners/ https://occsz.e-cegjegyzek.hu/ https://www.youtube.com/embed/ https://www.facebook.com/tr/ https://static.hotjar.com/ https://sparbanner.kolrus.cloud/ ;                                     media-src https://sparbanner.kolrus.cloud/ https://static.hotjar.com/ https://server.infinety.hu/ https://molin.ai/ ; 1
default-src * gap:; script-src blob: 'self' http://* https://* * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * data: blob: android-webview-video-poster:; style-src * 'unsafe-inline'; 1
script-src www.googletagmanager.com *.googlesyndication.com https://googletagmanager.com https://tagmanager.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.googleapis.com https://*.gstatic.com https://*.ggpht.com *.googleusercontent.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval' static.lipscore.com cdn.jsdelivr.net js.monitor.azure.com *.spark-vision.com *.klarnacdn.net js.klarna.com *.klarnaservices.com cdn.cookielaw.org connect.facebook.net static.zdassets.com ekr.zdassets.com *.zendesk.com *.zopim.com zendesk-eu.my.sentry.io s.pinimg.com ct.pinterest.com bat.bing.com static.hotjar.com script.hotjar.com sc-static.net tr-shadow.snapchat.com tr.snapchat.com tr6.snapchat.com *.cloudfront.net sleeknotecustomerscripts.sleeknote.com snap.licdn.com; style-src www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com fonts.googleapis.com 'self' 'unsafe-inline' static.lipscore.com unpkg.com *.klarnacdn.net cdn.cookielaw.org; img-src www.googletagmanager.com www.google.com www.google.no https://europe-west1-flisekompaniet-no.cloudfunctions.net https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.googleapis.com *.gstatic.com *.googleusercontent.com https://13420313.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://googleads.g.doubleclick.net https://www.google.com 'self' data: static.lipscore.com media.test.bluestonepim.com media.bluestonepim.com cdn.cookielaw.org www.facebook.com v2assets.zopim.io static.zdassets.com ct.pinterest.com bat.bing.com; connect-src *.googlesyndication.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.googleapis.com *.google.com *.gstatic.com 'self' wapi.lipscore.com dc.services.visualstudio.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com cdn.cookielaw.org *.onetrust.com ekr.zdassets.com *.zendesk.com *.zopim.com zendesk-eu.my.sentry.io wss://*.zendesk.com wss://*.zopim.com ct.pinterest.com bat.bing.com in.hotjar.com *.hotjar.com wss://*.hotjar.com *.hotjar.io tr-shadow.snapchat.com tr.snapchat.com tr6.snapchat.com; font-src https://fonts.gstatic.com data: fonts.gstatic.com 'self' data: static.lipscore.com *.klarnacdn.net cdn.cookielaw.org unpkg.com; frame-src *.google.com youtube.com *.youtube.com youtu.be *.youtu.be https://13420313.fls.doubleclick.net https://td.doubleclick.net https://bid.g.doubleclick.net vimeo.com *.vimeo.com ds.spark-vision.com *.leadsrespons.no *.klarna.com *.klarnaservices.com pci-norge.no *.pci-norge.no katalog.flisekompaniet.no www.facebook.com ct.pinterest.com vars.hotjar.com tr-shadow.snapchat.com tr.snapchat.com tr6.snapchat.com; default-src 'self'; frame-ancestors 'self'; media-src static.zdassets.com; 1
frame-ancestors 'self' https://sites.google.com https://gotujpohiszpansku.pl https://*.ibericam.com/ fundacjaproaktywni.pl sites.google.com https://sites.google.com/llanosdelhospital.com https://sites.google.com/llanosdelhospital.com/test *.googleusercontent.com www.gstatic.com https://www.llanosdelhospital.com https://hospital-de-benasque-2000-sl.odoo.com/; 1
;default-src 'self'; script-src https://*.krungsricapital.com https://*.krungsrisecurities.com https://queue.cookieplus.com https://www.gstatic.com https://gateway.zscaler.net https://apis.google.com https://ajax.googleapis.com https://*.googletagmanager.com https://www.google-analytics.com https://cdn.cookieplus.com https://connect.facebook.net 'unsafe-inline' 'unsafe-eval' 'self'; connect-src https://*.google-analytics.com https://*.cookieplus.com https://*.googletagmanager.com https://*.analytics.google.com https://www.facebook.com https://connect.facebook.net https://stats.g.doubleclick.net https://analytics.google.com https://*.krungsrisecurities.com https://*.krungsricapital.com https://*.settrade.com  'self';style-src https://*.krungsricapital.com https://*.krungsrisecurities.com https://gateway.zscaler.net https://www.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com 'unsafe-inline' 'self' ;font-src  https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.gstatic.com 'self';object-src 'none' ; frame-src https://*.settrade.com https://chart.googleapis.com https://gateway.zscaler.net https://www.facebook.com https://accounts.google.com https://www.youtube.com https://td.doubleclick.net https://www.cqtraderonline.com https://quickchart.io https://www2.cqtraderonline.com https://streamyard.com https://*.krungsricapital.com https://*.krungsrisecurities.com ;img-src   https://*.krungsricapital.com https://*.krungsrisecurities.com https://*.google-analytics.com https://www.google.com https://www.google.co.th https://*.googletagmanager.com https://ssl.gstatic.com https://quickchart.io https://www.gstatic.com https://*.settrade.com 'self' data: 1
default-src 'self' data: 'unsafe-inline' blob:; 		child-src 'self' 'unsafe-inline' 'unsafe-eval'; 		connect-src 'self' data: blob: https://*.ingest.sentry.io https://convertiumindia.lexusindia.co.in https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ad.doubleclick.net https://*.google.com https://*.curator.io *.visualwebsiteoptimizer.com app.vwo.com https://api-js.mixpanel.com https://solutions.tealium.net https://tealium-tools.s3.amazonaws.com https://deploytealium.com https://*.tealiumiq.com https://tags.tiqcdn.com https://visitor-service-ap-northeast-1.tealiumiq.com https://www.facebook.com https://connect.facebook.net https://maps.googleapis.com https://www.googleadservices.com https://www.gstatic.com https://gstatic.com https://u.heatmap.it https://static.lexusasia.com https://webservice.lexusasia.com https://ws.lexusasia.com https://www.youtube.com https://*.livechatinc.com https://*.salesforceliveagent.com wss://api.livechatinc.com https://convertiumitp.lexusindia.co.in https://visitor-service-convertium.lexusindia.co.in https://*.metadome.ai https://preview.babylonjs.com/ https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; 		font-src 'self' data: https://static.lexusasia.com https://font.googleapis.com https://*.metadome.ai https://preview.babylonjs.com/; 		frame-src 'self' https://*.fls.doubleclick.net https://www.lexusfinance.co.in/ https://tags.tiqcdn.com https://www.google.com https://vk.com https://www.dailymotion.com https://player.vimeo.com https://www.youtube.com https://www.facebook.com https://my.matterport.com https://bs.serving-sys.com https://*.livechatinc.com app.vwo.com *.visualwebsiteoptimizer.com https://products.metadome.ai; 		img-src 'self' data: blob: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ad.doubleclick.net https://*.google.com https://curator-assets.b-cdn.net *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://tracking.lexusindia.co.in https://dam.lexusasia.com https://static.lexusasia.com https://www.facebook.com https://connect.facebook.net https://*.tealiumiq.com https://tags.tiqcdn.com https://visitor-service-ap-northeast-1.tealiumiq.com https://convertiumitp.lexus.com.vn https://www.googleadservices.com https://cdn.livechat-files.com https://cdn.chatbot.com https://*.livechatinc.com https://*.metadome.ai https://preview.babylonjs.com/ https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; 		media-src 'self' https://dam.lexusasia.com https://*.metadome.ai https://preview.babylonjs.com https://curator-assets.b-cdn.net; 		script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.curator.io *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com https://img.en25.com https://solutions.tealium.net https://tealium-tools.s3.amazonaws.com https://deploytealium.com https://*.tealiumiq.com https://tags.tiqcdn.com https://visitor-service-ap-northeast-1.tealiumiq.com https://www.facebook.com https://connect.facebook.net https://maps.googleapis.com https://www.googleadservices.com https://www.gstatic.com https://gstatic.com https://u.heatmap.it https://static.lexusasia.com https://webservice.lexusasia.com https://ws.lexusasia.com https://www.youtube.com https://*.livechatinc.com https://*.salesforceliveagent.com wss://api.livechatinc.com https://convertiumitp.lexusindia.co.in https://visitor-service-convertium.lexusindia.co.in https://*.metadome.ai https://preview.babylonjs.com/; 		style-src 'self' data: 'unsafe-inline' https://*.curator.io https://static.lexusasia.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com; 		worker-src 'self' blob:; 1
upgrade-insecure-requests; script-src 'nonce-mSc4s21sr4a6f709' 'strict-dynamic' 'nonce-d47e5f1d2f41799f3a5e2324d753fbafd59c62eaca3576d572298d20bf311ffa' 'unsafe-hashes'; img-src 'self' data: https: *.nutricaodesafras.com.br *.googletagmanager.com *.hotjar.com *.cloudflare.com; font-src 'self' data: https: *.nutricaodesafras.com.br; connect-src 'self' data: https: wss: *.hotjar.com *.blip.ai; media-src 'self' data: https:; object-src 'none'; base-uri 'self'; frame-ancestors 'self' data: https:; 1
frame-ancestors 'self' https://*.papajohns.com.sv ; object-src 'self' *.papajohns.com.sv ; img-src 'self' *.papajohns.com.sv  data: *.twimg.com *.twitter.com *.facebook.com *.gstatic.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.sv  *.statcounter.com *.facebook.net *.doubleclick.net *.google.com sailplays3.cdnvideo.ru res.cloudinary.com *.digitaloceanspaces.com *.bitworks.com.sv; script-src 'self' *.papajohns.com.sv 'unsafe-inline' 'unsafe-eval' data: *.twimg.com *.googletagmanager.com *.facebook.com *.google.com *.google.com.sv *.google-analytics.com maps.googleapis.com ajax.googleapis.com *.gstatic.com *.twitter.com *.statcounter.com *.facebook.net *.hotjar.io *.hotjar.com static.hotjar.com *.googleadservices.com cdnjs.cloudflare.com sailplay.ru sailplay.net *.sailplay.net sailplays3.cdnvideo.ru cdn.jsdelivr.net cdn.pushalert.co code.jquery.com *.bitworks.com.sv l.getsitecontrol.com static.cloudflareinsights.com ; 1
default-src * 'unsafe-eval' 'unsafe-inline' 'unsafe-dynamic' data: ws: wss: 1
upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; manifest-src 'none'; 1
frame-ancestors prepaidfiber.s2s.ph 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src * data:; object-src 'none'; report-uri /security/csp-report 1
frame-ancestors https://passport.tutorjr.com https://www.tutorjr.com https://omsorder.tutorabc.com https://consultant.tutorabc.com https://homework.tutorjr.com 1
default-src 'self' vercel.live;  frame-src 'self' https://*.youtube.com https://td.doubleclick.net/ https://docs.google.com/ https://assets.ctfassets.net/ https://www.comeet.co/;  script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.vercel-insights.com vercel.live https://www.googletagmanager.com https://www.googleoptimize.com https://*.hotjar.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://snap.licdn.com https://connect.facebook.net https://websdk.appsflyer.com https://www.comeet.co/careers-api/api.js https://www.comeet.co/ https://analytics.tiktok.com;  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;  img-src * blob: data:;  media-src 'self' https://videos.ctfassets.net;  connect-src *;  font-src 'self' https://fonts.gstatic.com https://cdn.appsflyer.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://maps.googleapis.com https://*.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://walls.io https://*.walls.io https://api.swiftype.com https://*.google.com https://*.youtube.com https://*.onetrust.com https://static.cloudflareinsights.com https://*.walter-leasing.com https://*.lkw-walter.com https://www.gstatic.com https://*.bing.com https://*.hotjar.com https://*.smartsuppchat.com https://*.smartsuppcdn.com https://unpkg.com https://*.cloudflare.com https://*.momento360.com https://momento360.com; style-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.smartsuppcdn.com https://*.googleapis.com ; frame-src 'self' https://*.youtube.com https://*.google.com https://walls.io https://*.walls.io https://*.youtube-nocookie.com https://*.cloudflare.com https://*.momento360.com https://momento360.com; font-src 'self' data: https://*.gstatic.com https://*.hotjar.com ; form-action 'self'  ; connect-src 'self' https://cdn.cookielaw.org https://maps.googleapis.com https://*.onetrust.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.walter-leasing.com https://*.lkw-walter.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.bing.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.smartsuppchat.com https://*.smartsuppcdn.com wss://*.smartsupp.com https://ipmeta.io https://*.cloudflare.com https://*.momento360.com https://momento360.com; img-src 'self' https: data: https://*.hotjar.com ; object-src 'none'; upgrade-insecure-requests 1
form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.klarna.com *.playground.klarna.com cdn.klarna.com js.klarna.com youtube.com www.youtube.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://plumrocket.com *.issuu.com *.cookiebot.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com *.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com *.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.google.com *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.klarna.com *.clerk.io *.algolia.net *.algolianet.com cdn.klarna.com x.klarnacdn.net *.playground.klarna.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.google.com www.gstatic.com *.googleapis.com vjs.zencdn.net player.vimeo.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://widget.postenlabs.no/ use.typekit.net cdn.clerk.io api.clerk.io js.playground.klarna maps.googleapis.com *.hotjar.com *.emailplatform.com *.sleeknote.com *.cookiebot.com *.klarnaservices.com s.zavanna.no bat.bing.com *.googleadservices.com *.paypal.com 1eafapi.cardinalcommerce.com.com widget.postenlabs.no cdn.clerk api.clerk *.gstatic.com *.paypalobjects.com *.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.google-analytics.com *.facebook.com *.facebook.net *.klarnaevt.com *.algolianet.com *.playground.klarnaevt.com www.googletagmanager.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://widget.postenlabs.no/ https://widget.bring.services/api/ *.klarnauserservices.com *.klarnaservices.com *.google.com *.cookiebot.com *.klarna.com s.zavanna.no stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; font-src https://pim.zavanna.no/ *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com x.klarnacdn.net fonts.gstatic.com data: maxcdn.bootstrapcdn.com s.zavanna.no use.typekit.net data: 'self' 'unsafe-inline'; style-src https://pim.zavanna.no/ *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com tagmanager.google.com fonts.googleapis.com vjs.zencdn.net maxcdn.bootstrapcdn.com unsafe-inline https://widget.postenlabs.no/assets/ x.klarnacdn.net s.zavanna.no 'self' 'unsafe-inline'; img-src https://pim.zavanna.no/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com 'self' data: *.google.nl *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.klarna.com *.klarnaevt.com *.clerk.io cdn.klarna.com *.playground.klarnaevt.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com googleads.g.doubleclick.net www.google.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com p.typekit.net eu.playground.klarnaevt.com maps.gstatic.com maps.googleapis.com *.klarnaservices.com s.zavanna.no bat.bing.com *.google.com *.google.pl data: 'self' 'unsafe-inline'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com apis.google.com ajax.googleapis.com www.googletagmanager.com platform.twitter.com https://get.mycounter.ua; object-src 'self'; style-src 'self' 'unsafe-inline' hello.myfonts.net; img-src 'self' data: www.pdaa.edu.ua gallery.pdaa.edu.ua i.ytimg.com https://stats.g.doubleclick.net https://www.google-analytics.com https://syndication.twitter.com https://csi.gstatic.com https://wwwimages.adobe.com; media-src 'self'; frame-src 'self' www.facebook.com apis.google.com platform.twitter.com https://accounts.google.com https://docs.google.com https://www.youtube.com https://www.google.com syndication.twitter.com; font-src 'self'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://syndication.twitter.com; report-uri /report-csp-violation 1
default-src 'self' cdn.speedcurve.com lux.speedcurve.com; script-src 'self' 'unsafe-inline' cpqa.catchpoint.com unpkg.com; style-src 'unsafe-inline'; img-src 'self' data: res.cloudinary.com; connect-src 'self' rqa.3genlabs.net unpkg.com api.github.com cpqa.catchpoint.com; upgrade-insecure-requests; report-uri https://600e2d5b.intrepid.pages.dev/api/report 1
img-src 'self' data: *.google-analytics.com *.googletagmanager.com bdjogos.com.br *.bdjogos.com.br *.clarity.ms *.bing.com *.ytimg.com ytimg.com *.googlesyndication.com *.google.com *.google.com.br *.googleapis.com *.gstatic.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.googleapis.com; default-src 'unsafe-inline' 'self' *.bdjogos.com.br bdjogos.com.br *.clarity.ms *.steampowered.com *.youtube.com *.google-analytics.com *.googletagmanager.com *.google.com *.googlesyndication.com *.googletagmanager.com *.g.doubleclick.net *.gstatic.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' docs.google.com *.clarity.ms cdnjs.cloudflare.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.google.com.br *.google.com *.googlesyndication.com *.googletagmanager.com *.googleapis.com; 1
default-src 'self' blob: wss: data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; style-src 'self' 'unsafe-inline' data: https:; 1
default-src 'self'; object-src 'none' 1
upgrade-insecure-requests; default-src 'self' *.openbank.com *.openbank.es; script-src *.openbank.pt *.openbank.com 'unsafe-inline' 'unsafe-eval' snap.licdn.com https://js.hcaptcha.com/ https://maps.googleapis.com https://browseranalytic.com https://www.google.com *.gstatic.com tags.tiqcdn.com *.google-analytics.com https://*.g.doubleclick.net *.youtube.com *.googleadservices.com *.facebook.net *.ytimg.com api-ob.nd.nudatasecurity.com https://cdnjs.cloudflare.com *.googletagmanager.com *.we-stats.com static.browseranalytic.com bat.bing.com blob: unpkg.com; connect-src 'self' *.openbank.pt *.openbank.es *.openbank.com *.google-analytics.com *.we-stats.com *.biocatch.com lib-eu-1.brilliantcollector.com op.browseranalytic.com *.google.com *.googleapis.com *.googlesyndication.com https://*.g.doubleclick.net bat.bing.com cdn.linkedin.oribi.io https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.openbank.com https://maxcdn.bootstrapcdn.com; img-src 'self' *.openbank.pt px.ads.linkedin.com www.financeads.net data: 'unsafe-inline' *.googletagmanager.com https://maps.googleapis.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.openbank.com *.google.ie *.google.com https://aax-eu.amazon-adsystem.com bat.bing.com www.linkedin.com tbl.tradedoubler.com *.googlesyndication.com www.facebook.com; media-src 'self' *.openbank.com *.youtube.com; child-src 'self' https://www.google.com *.gstatic.com *.youtube.com blob: https://newassets.hcaptcha.com  *.doubleclick.net ;frame-ancestors 'self' https://openbank.campaign.adobe.com; 1
frame-src 'none' 1
script-src blob: 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.google.com https://maps.googleapis.com https://www.gstatic.com https://ajax.googleapis.com https://*.hotjar.com https://*.klaviyo.com https://applepay.cdn-apple.com https://www.sandbox.paypal.com https://www.paypal.com https://www.paypalobjects.com https://c.paypal.com https://static.axept.io https://t.novius.net https://cdn.novius.net; object-src 'self' 1
default-src  'self' data: ;font-src  'self' data: fonts.gstatic.com *.zbozi.cz *.smartsuppcdn.com ;connect-src  'self' data: application/octet-stream blob: *.google.com *.google.cz *.googleapis.com *.google-analytics.com www.googletagmanager.com *.zbozi.cz *.pingdom.net *.doubleclick.net *.facebook.com *.biano.cz *.gstatic.com *.googlesyndication.com *.clarity.ms wss://*.smartsupp.com *.smartsupp.com *.smartsuppchat.com *.smartsuppcdn.com *.foxentry.cz *.leady.com *.leady.com;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.seznam.cz *.googleapis.com www.googletagmanager.com *.google-analytics.com *.imedia.cz *.googleadservices.com *.doubleclick.net *.adform.net *.facebook.net https://im9.cz *.zbozi.cz *.pingdom.net *.biano.cz *.gstatic.com www.youtube.com www.youtube-nocookie.com *.clarity.ms https://unpkg.com *.smartsuppchat.com *.smartsuppcdn.com *.foxentry.cz *.leady.com *.leady.com;script-src-elem  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.seznam.cz *.googleapis.com www.googletagmanager.com *.google-analytics.com *.imedia.cz *.googleadservices.com *.doubleclick.net *.adform.net *.facebook.net https://im9.cz *.zbozi.cz *.pingdom.net *.biano.cz *.gstatic.com www.youtube.com www.youtube-nocookie.com *.clarity.ms https://unpkg.com *.smartsuppchat.com *.smartsuppcdn.com *.foxentry.cz *.leady.com *.leady.com;form-action  'self' *.facebook.com *.facebook.net ;frame-src  'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz *.imedia.cz *.facebook.com *.facebook.net *.zbozi.cz *.google.com *.doubleclick.net *.seznam.cz *.foxentry.cz ;worker-src  'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz *.imedia.cz *.facebook.com *.facebook.net *.zbozi.cz *.google.com *.doubleclick.net *.seznam.cz *.foxentry.cz ;frame-ancestors  'self' ;img-src  'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com *.google-analytics.com *.senesi.cz *.doubleclick.net *.googlesyndication.com *.google.com *.google.co.uk *.google.cz *.google.sk *.google.de *.google.at *.google.fr *.google.it *.google.sk *.google.pl *.google.nl *.google.ie iplatba.cz *.imedia.cz *.heureka.cz *.facebook.com *.facebook.net *.zbozi.cz *.seznam.cz *.biano.cz *.clarity.ms c.bing.com *.instagram.com *.smartsuppcdn.com https://files.packeta.com *.foxentry.cz *.leady.com ;style-src  'self' 'unsafe-inline' *.googleapis.com *.google.com *.zbozi.cz *.gstatic.com *.smartsuppcdn.com *.foxentry.cz www.googletagmanager.com ;object-src  'self' blob: 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: * 1
frame-ancestors 'self' *.kurs.software *.gemnova.at *.vielfalt.at 1
frame-ancestors 'self' http://www.philips.bg *.philips.com *.philips.bg https://philipsigtdpv.com 1
frame-ancestors meteam.org 'self'; 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.hitmanpro.com/en-us/report-uri/enforce 1
base-uri 'self'; font-src 'self' data:; form-action 'self'; frame-ancestors 'self' https://metrika.yandex.kz https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://webvisor.com; img-src 'self' https://static.apltech.kz data: https://www.google-analytics.com https://www.googletagmanager.com https://www.google.kz https://www.google.ru https://www.google.com https://stats.g.doubleclick.net https://yandex.kz https://yandex.ru https://yandex.com https://mc.yandex.ru https://mc.yandex.kz https://mc.yandex.com https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net; object-src 'self' https://api.apltech.kz blob:; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://api-maps.yandex.ru https://mc.yandex.ru https://mc.yandex.kz https://mc.yandex.com https://yastatic.net https://core-renderer-tiles.maps.yandex.net; frame-src 'self' https://api.apltech.kz https://www.youtube.com/ https://yandex.ru/ https://mc.yandex.ru blob:; connect-src 'self' https://api.apltech.kz https://ws.apltech.kz wss://ws.apltech.kz wss://ws.apltech.ru https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://mc.yandex.ru https://mc.yandex.kz https://mc.yandex.com 1
connect-src 'self' *.icordis.be *.lcp.be burgerprofiel.vlaanderen.be wss://authenticatie.vlaanderen.be wss://prod.widgets.burgerprofiel.vlaanderen.be https://prod.widgets.burgerprofiel.vlaanderen.be wss://prod.contactapi.uat-vlaanderen.be https://prod.contactapi.uat-vlaanderen.be https://contactapi.vlaanderen.be *.burgerprofiel.be geoserver.gis.cloud.mow.vlaanderen.be  api.gipod.vlaanderen.be geo.api.vlaanderen.be *.vrijwilligerswerk.be *.algolianet.com *.algolia.net vrijwilligerswerk.be *.facebook.com *.facebook.net *.enviso.io *.adyen.com *.timeblockr.com *.api.timeblockr.cloud *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.analytics.google.com *.readspeaker.com *.giveaday.be https://apps.ticketmatic.com toegankelijk.vlaanderen.be *.googleapis.com *.topdesk.net *.hcaptcha.com *.matomo.cloud https://geoserver.gis.cloud.mow.vlaanderen.be *.hotjar.com; font-src 'self' *.icordis.be *.lcp.be https://ui.vlaanderen.be https://dij151upo6vad.cloudfront.net *.gstatic.com *.curator.io *.vrijwilligerswerk.be vrijwilligerswerk.be *.widget.enviso.io *.enviso.io *.timeblockr.com *.api.timeblockr.cloud *.readspeaker.com data: https://fonts.googleapis.com https://fonts.gstatic.com https://kit-pro.fontawesome.com https://apps.ticketmatic.com *.typekit.net  https://fonts.gstatic.com *.googleapis.com *.topdesk.net *.hotjar.com; frame-src 'self' *.icordis.be *.lcp.be notfound-static.fwebservices.be stratenplan.gemeentemol.be *.iamfas.belgium.be https://prod.widgets.burgerprofiel.vlaanderen.be https://prod.frontend.burgerprofiel.vlaanderen.be https://authenticatie.vlaanderen.be https://idp.iamfas.belgium.be https://www.openstreetmap.org https://umap.openstreetmap.fr *.youtube.com youtu.be  www.youtube.com *.soundcloud.com *.curator.io *.vimeo.com *.vrijwilligerswerk.be *.algolianet.com vrijwilligerswerk.be *.algolia.net *.facebook.com *.facebook.net *.gift2give.be *.issuu.com maps.geopunt.be *.maps.geopunt.be *.api.vlaanderen.be *.vlaanderen.be *.geopunt.be *.bizlocator.be *.spotify.com *.jobsolutions.be *.3p.eu *.widget.enviso.io *.enviso.io *.adyen.com *.timeblockr.com *.api.timeblockr.cloud *.arcg.is arcg.is *.maps.arcgis.com *.arcgis.com *.rtv.be app.eaglebe.com *.google.com https://calendar.google.com plugin.routeyou.com www3.sport.vlaanderen https://www.recycleapp.be *.tableau.com *.topdesk.net *.instagram.com *.hcaptcha.com *.waze.com https://indd.adobe.com *.hotjar.com; img-src 'self' *.icordis.be *.lcp.be data: *.amazonaws.com https://prod.widgets.burgerprofiel.vlaanderen.be https://prod.widgetconfigservice.burgerprofiel.vlaanderen.be data: *.osm.be *.informatievlaanderen.be *.geopunt.be *.tile.openstreetmap.org https://geo.api.vlaanderen.be geoserver.gis.cloud.mow.vlaanderen.be  api.gipod.vlaanderen.be *.tile.openstreetmap.fr *.gstatic.com *.ytimg.com *.google.com *.soundcloud.com *.curator.io *.vimeo.com *.vimeocdn.com *.vrijwilligerswerk.be vrijwilligerswerk.be *.algolia.net https://scontent-iad3-1.xx.fbcdn.net  *.fbsbx.com *.facebook.com *.facebook.net *.gift2give.be *.issuu.com cdn.syndication.twimg.com *.jobsolutions.be *.3p.eu *.widget.enviso.io *.enviso.io *.adyen.com *.timeblockr.com *.api.timeblockr.cloud *.google-analytics.com *.googletagmanager.com *.google.be *.uitdatabank.be  udb-media.imgix.net udb2-media.imgix.net  images-prod-uitdatabank.imgix.net *.westtoer.be *.west-vlaanderen.be *.tile.openstreetmap.fr *.cloudfront.net *.giveaday.be openfed.github.io https://apps.ticketmatic.com toegankelijk.vlaanderen.be https://openfed.github.io *.tableau.com *.googleapis.com *.topdesk.net *.instagram.com *.cdninstagram.com https://squizlabs.github.io *.smassets.net *.waze.com *.matomo.cloud https://geoserver.gis.cloud.mow.vlaanderen.be *.hotjar.com; script-src 'self' 'unsafe-inline' *.icordis.be *.lcp.be 'unsafe-eval' https://prod.widgets.burgerprofiel.vlaanderen.be *.vlaanderen.be *.geopunt.be *.youtube.com *.curator.io *.vrijwilligerswerk.be *.algolianet.com vrijwilligerswerk.be *.algolia.net *.facebook.com *.facebook.net *.twitter.com *.twimg.com *.vlaanderen.be *.jobsolutions.be *.3p.eu *.widget.enviso.io *.enviso.io *.adyen.com *.timeblockr.com *.api.timeblockr.cloud *.google-analytics.com *.googletagmanager.com *.arcg.is arcg.is *.maps.arcgis.com *.arcgis.com *.readspeaker.com https://geo.api.vlaanderen.be app.eaglebe.com maps.googleapis.com *.giveaday.be openfed.github.io https://apps.ticketmatic.com toegankelijk.vlaanderen.be   https://openfed.github.io *.tableau.com *.googleapis.com *.topdesk.net *.instagram.com *.hcaptcha.com https://squizlabs.github.io *.surveymonkey.com *.googleapis.com *.waze.com cdn.matomo.cloud *.vlaanderen.be *.hotjar.com; worker-src 'self' www.gemeentemol.be *.icordis.be *.lcp.be https://prod.widgets.burgerprofiel.vlaanderen.be *.soundcloud.com *.curator.io *.enviso.io *.adyen.com *.api.timeblockr.cloud https://apps.ticketmatic.com *.topdesk.net *.hotjar.com; frame-ancestors 'self' https://stats.lcp.be *.enviso.io *.adyen.com https://stats.lcp.be *.topdesk.net; style-src 'self' 'unsafe-inline' *.icordis.be *.lcp.be www.gemeentemol.be fonts.googleapis.com *.vrijwilligerswerk.be vrijwilligerswerk.be *.algolia.net cdn.syndication.twimg.com *.twitter.com *.widget.enviso.io *.enviso.io *.timeblockr.com *.api.timeblockr.cloud *.readspeaker.com app.eaglebe.com *.giveaday.be *.googleapis.com https://kit-pro.fontawesome.com fonts.googleapis.com openfed.github.io toegankelijk.vlaanderen.be *.typekit.net https://openfed.github.io *.googleapis.com *.topdesk.net https://squizlabs.github.io *.hotjar.com; object-src  *.api.timeblockr.cloud *.hotjar.com; report-uri /report-csp-violation 1
frame-ancestors 'self' lavavitae.com 1
img-src 'self' psssf.go.tz  *.psssf.go.tz ;  form-action 'self'; object-src 'none'; frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline'  psssf.go.tz  *.psssf.go.tz; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-BHU30pT4fHcI2Z8fYOqyZQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors *.imu.nl *.phoenixsite.nl www.thehuddle.nl 1
default-src 'none'; base-uri 'none'; object-src 'none'; script-src 'nonce-20977bd9d9773c8756d30f1a443b976a' 'strict-dynamic' plausible.io www.googletagmanager.com *.google-analytics.com https: 'self' 'report-sample' 'unsafe-inline'; style-src 'self' tagmanager.google.com *.googleapis.com; block-all-mixed-content; connect-src 'self' *.google-analytics.com www.googletagmanager.com plausible.io; img-src 'self' *.google-analytics.com www.googletagmanager.com *.gstatic.com data:; media-src 'self'; font-src 'self' fonts.gstatic.com data:; frame-ancestors 'none'; manifest-src 'self'; frame-src 'none'; form-action 'self' ibuildings.nl api.ibuildings.nl ibuildings.com; report-to default 1
default-src 'self' data: blob:;style-src 'self' data: 'unsafe-inline' fonts.googleapis.com;script-src 'self' 'nonce-GCk6ZmmmUtYCLVrdGgGosqAXKgoSwuCO' 'strict-dynamic' blob: *.reinhartlaw.com sentry.io www.google-analytics.com *.ggpht.com *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.googleusercontent.com *.vimeo.com *.youtube.com *.hsforms.com *.hsforms.net *.hrmdirect.com youtu.be unpkg.com *.craftcms.com *.craft-cdn.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net track.hubspot.com forms.hubspot.com *.addtoany.com static.addtoany.com cdn2.hubspot.net stackpath.bootstrapcdn.com recruiting.paylocity.com;img-src 'self' data: *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com *.hsforms.com *.hsforms.net track.hubspot.com;font-src 'self' data: *.gstatic.com;object-src 'self' blob:;frame-src *.google.com *.hrmdirect.com *.hsforms.com *.hsforms.net *.vimeo.com *.youtube.com static.addtoany.com recruiting.paylocity.com;connect-src 'self' data: blob: www.google-analytics.com https://*.googleapis.com *.google.com https://*.gstatic.com *.algolianet.com *.algolia.net *.hsforms.com *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com forms.hubspot.com stats.addtoany.com recruiting.paylocity.com;base-uri 'self';report-uri https://o4506156919488512.ingest.sentry.io/api/4506156930695168/security/?sentry_key=a4bc7c21bed74ad2fcceeb44afb4110d; 1
base-uri 'none'; form-action 'self'; frame-ancestors 'self' https://www.tuev-hessen.de/ https://staging.tuev-hessen.de/ https://www.sustainability-blog.de/ https://staging.sustainability-blog.de/ https://www.tueh.de/ https://staging.tueh.de/ https://www.tuev-kids.de/ https://staging.tuev-kids.de/ https://www.tuev-club.de/ https://staging.tuev-club.de/ https://www.proficert.de/ https://staging.proficert.de/; frame-src 'self' https://accounts.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/ https://newapp.etracker.com/ https://www.google.com/ https://www.tuev-hessen.de/ https://staging.tuev-hessen.de/ https://www.sustainability-blog.de/ https://staging.sustainability-blog.de/ https://www.tueh.de/ https://staging.tueh.de/ https://www.tuev-kids.de/ https://staging.tuev-kids.de/ https://www.tuev-club.de/ https://staging.tuev-club.de/ https://www.proficert.de/ https://staging.proficert.de/; object-src 'none'; 1
default-src 'self' *.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' img.equinenow.com *.2mdn.net *.acexedge.com *.adbutter.net *.adrta.com *.adsafeprotected.com *.adnxs.com *.adnxtr.com *.adroll.com *.adsrvr.org *.adtechus.com *.atdmt.com ajax.googleapis.com *.amazonaws.com *.amazon-adsystem.com *.ampproject.org *.basis.net *.betrad.com *.bidsumulator.com *.bidswitch.net *.bluekai.com *.bidr.io *.contextweb.com *.clarium.io *.demdex.net *.dotomi.com *.doubleclick.net *.doubleverify.com *.dowlextff.com *.dvtps.com connect.facebook.net confiant-integrations.global.ssl.fastly.net *.confiant-integrations.net *.esm1.net *.exponential.com *.everesttech.net *.evidon.com *.fastclick.net *.flashtalking.com maps.googleapis.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.jivox.com *.krxd.net *.mathtag.com *.mediamathtag.com *.minkatu.com *.moatads.com *.myvisualiq.net *.olark.com *.opendns.com *.revjet.com *.pinterest.com *.quantcount.com *.quantserve.com *.scorecardresearch.com *.serving-sys.com *.sharethis.com *.sitescount.com *.steelhousemedia.com *.stripe.com *.tubemogul.com *.trustarc.com *.truste.com *.turn.com *.voicefive.com *.ybp.yahoo.com *.yimg.com img.dogsnow.com; style-src img.equinenow.com 'self' 'unsafe-inline' *.googleapis.com *.cmptch.com *.evidon.com *.fastclick.net maxcdn.bootstrapcdn.com *.quantcount.com *.sharethis.com img.dogsnow.com; style-src-elem img.equinenow.com 'self' 'unsafe-inline' *.evidon.com fonts.googleapis.com maxcdn.bootstrapcdn.com content.quantcount.com secure.cdn.fastclick.net static.olark.com *.sharethis.com img.dogsnow.com; img-src * 'self' data: *.equinenow.com img.dogsnow.com; font-src 'self' data: img.equinenow.com maxcdn.bootstrapcdn.com fonts.googleapis.com tpc.googlesyndication.com cdnjs.cloudflare.com fonts.gstatic.com cdn.revjet.com c.steelhousemedia.com img.dogsnow.com; connect-src 'self' www.facebook.com *.acexedge.com *.adnxs.com *.adsrvr.org *.amazon-adsystem.com *.ampproject.org adserver-us.adtech.advertising.com *.bttrack.com *.contextweb.com *.casalemedia.com *.clearrtb.com *.clarium.io *.doubleclick.net *.doubleverify.com *.dotomi.com *.districtm.io *.flashtalking.com fundingchoicesmessages.google.com *.googleadservices.com *.googlesyndication.com *.google-analytics.com *.gstatic.com metrics.nt.vc *.opendns.com *.serving-sys.com *.sharethis.com *.steelhousemedia.com *.yahoo.com; frame-ancestors 'self' *.safeframe.googlesyndication.com *.allbreedpedigree.com *.pedigreequery.com; frame-src 'self' *.2mdn.net *.adform.net *.admission.net *.adnxs.com *.amazon-adsystem.com advertising.aol.com bttrack.com *.casalemedia.com *.cargurus.com connect.facebook.net *.consensu.org *.contobox.com *.criteo.com *.doubleclick.net *.doubleverify.com *.dvtps.com *.facebook.com *.flashtalking.com *.google.com *.googlesyndication.com *.linksynergy.com *.mathtag.com match.prod.bidr.io *.opendns.com *.placelocal.com *.serving-sys.com *.sharethis.com *.simpli.fi *.sitescout.com *.stripe.com *.turn.com *.vimeo.com *.w55c.net *.youtube.com; object-src 'none'; media-src *; form-action 'self' edge.sharethis.com m.facebook.com facebook.com www.google.com www.paypal.com www.uship.com; base-uri 'none'; report-to csp-services; report-uri https://equinenow.report-uri.com/r/d/csp/reportOnly; 1
base-uri 'self';default-src 'self';media-src 'self' https://ai.bonvedi.com;object-src 'none';form-action 'self' https://www.facebook.com;connect-src 'self' https://*.google-analytics.com https://www.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.tr https://www.facebook.com https://connect.facebook.net https://cloudflareinsights.com https://capig.dugunbuketi.com https://pagead2.googlesyndication.com https://mtrcs.dugunbuketi.com https://wsai.bonvedi.com wss://wsai.bonvedi.com https://ai.bonvedi.com;img-src 'self' https://*.dugunbuketi.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com https://*.google.com https://*.google.nl https://*.google.com.tr https://*.google.be https://bonvedi.com;frame-src 'self' https://www.google.com https://www.google.com.tr https://www.youtube.com https://www.googletagmanager.com https://sanal360.dugunbuketi.com https://www.facebook.com https://td.doubleclick.net;script-src 'self' 'unsafe-inline' https://www.google.com https://www.google.com.tr https://www.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net https://script.hotjar.com https://static.cloudflareinsights.com https://ajax.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://cdn.segmentify.com https://mtrcs.dugunbuketi.com https://ai.bonvedi.com 'nonce-99UDD0fyKY0SliOxaUbdeLcwGrQeu6L9';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 1
default-src https: blob: data: 'unsafe-eval' 'unsafe-inline'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' 1
default-src 'self';  connect-src 'self' https://graph.instagram.com www.google-analytics.com https://googleads.g.doubleclick.net  https://www.facebook.com www.theestas.com *.feefo.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://moneypennychat.appspot.com https://app.responseiq.com https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob:; script-src 'self' https://firestore.googleapis.com https://firebaselogging-pa.googleapis.com https://identitytoolkit.googleapis.com https://firebaseremoteconfig.googleapis.com https://googleads.g.doubleclick.net https://www.googleadservices.com  https://*.googleapis.com https://cdnjs.cloudflare.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com www.theestas.com https://consent.cookiebot.com https://consentcdn.cookiebot.com  https://optimize.google.com https://storage.googleapis.com https://*.responseiq.com https://moneypennychat.appspot.com connect.facebook.net *.feefo.com platform.twitter.com www.locrating.com www.twitter.com www.facebook.com www.feefo.com s3.amazonaws.com cdn.chatbot.com api.instagram.com api.twitter.com api.facebook.com modernizr.com www.gstatic.com www.google.com tagmanager.google.com www.google-analytics.com ajax.googleapis.com maps.google.com maps.googleapis.com www.googletagmanager.com developers.google.com bugherd.com gmail.google.com cloud.google.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://*.responseiq.com  https://optimize.google.com www.theestas.com https://moneypennychat.appspot.com https://www.google-analytics.com https://www.facebook.com https://*.googleapis.com https://*.feefo.com https://cloud.google.com https://www.feefo.com https://gmail.google.com https://maps.google.com https://www.google.co.in https://www.googletagmanager.com https://scontent.cdninstagram.com/ https://twitter.com https://pbs.twimg.com https://graph.facebook.com https://*.rackcdn.com http://*.cdn.starberry.com  www.google.com https://*.gstatic.com  www.google-analytics.com stats.g.doubleclick.net *.google.com  *.googleusercontent.com data:; style-src 'self' 'unsafe-inline' https://optimize.google.com hello.myfonts.net maxcdn.bootstrapcdn.com fonts.googleapis.com d2iiunr5ws5ch1.cloudfront.net tagmanager.google.com https://cdn-images.mailchimp.com stats.g.doubleclick.net static.responseiq.com; font-src 'self' https://optimize.google.com  https://storage.googleapis.com https://*.responseiq.com maxcdn.bootstrapcdn.com cdn.chatbot.com hello.myfonts.net fonts.gstatic.com www.bugherd.com data: tagmanager.google.com; frame-src 'self' *.google.com https://i-packs.co.uk https://www.theestas.com https://www.youtube.com https://app.hiveeas.com/ https://platform.twitter.com https://www.facebook.com https://player.vimeo.com https://cdn.chatbot.com https://schools.locrating.com/ https://www.google.com/ http://locationinformation.hiveeas.com/ https://optimize.google.com https://my.matterport.com/ https://consentcdn.cookiebot.com/ 1
frame-ancestors 'self'; worker-src 'self' blob:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; img-src * 'self' blob: data:;default-src  https: http: data: wss: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors  https://*.klim.co.nz; 1
default-src https:; connect-src https: wss: http; font-src https: data:; img-src https: data: blob:; frame-src https: blob:; frame-ancestors 'self'; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 1
frame-ancestors 'self' https://habitat.ca https://*.habitat.ca 1
default-src https: data: 'image/jpeg'; connect-src https: wss:; script-src https: blob: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline' blob:; img-src https: data: blob:; font-src https: data:; 1
frame-ancestors https://www.urbaninsight.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-5dbb28420cb2f6d767f3bd22cdaa0ace'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' 'unsafe-inline' data: blob: https://app.storyblok.com/ https://a.storyblok.com/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://cdn.cookielaw.org/ https://widget.msgp.pl/ https://geolocation.onetrust.com/ https://*.sentry.io/ https://ldgnrtn.com/ https://trenkwalder-digital-assets.s3.eu-central-1.amazonaws.com/ 1
connect-src 'self' https://hankintailmoitukset.piwik.pro https://js.monitor.azure.com https://cdnjs.cloudflare.com https://cloudflareinsights.com https://*.hankintailmoitukset.fi/ https://hankintailmoitukset.cdn.prismic.io/ https://dc.services.visualstudio.com/;font-src * data:;img-src * data:;style-src * 'unsafe-inline';manifest-src 'self'; frame-ancestors 'self' https://tunnistautuminen.suomi.fi; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-sWBgGT-swvNjtsXpGRke2w' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' https://www.velez.com.co https://cuerosvelezco.myvtex.com; 1
default-src 'self' *.valspar.com  *.youtube.com *.google-analytics.com *.doubleclick.net hosted.meetsoci.com                 nexus.ensighten.com *.google.com cdn.hypemarks.com *.mktoresp.com;         script-src 'unsafe-inline' 'unsafe-eval' *.houseofkolor.com *.google.com www.gstatic.com *.cloudflare.com *.cloudfront.net *.bootstrapcdn.com                 nexus.ensighten.com code.jquery.com *.googleapis.com *.google-analytics.com *.adobedtm.com *.doubleclick.net *.fontawesome.com                 www.tintup.com cdn.hypemarks.com *.marketo.net *.googletagmanager.com filesystem:;         img-src * data:;         font-src 'self' *.typekit.net *.bootstrapcdn.com *.fontawesome.com ;         style-src 'self' 'unsafe-inline' *.typekit.net *.bootstrapcdn.com *.fontawesome.com *.googleapis.com ;  1
default-src 'self' stats.g.doubleclick.net www.youtube-nocookie.com youtube.com m.youtube.com www.youtube.com newassets.hcaptcha.com hcaptcha.com fonts.gstatic.com www.google-analytics.com ajax.googleapis.com fonts.googleapis.com www.google.com google.com gstatic.com www.gstatic.com www.youtube.com youtube.com connect.facebook.net facebook.com googleads.g.doubleclick.net; img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' *; font-src 'self' https://rsms.me data:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: wss: 1
img-src 'self' data: blob: https://www.facebook.com https://syndication.twitter.com https://s3.amazonaws.com https://captchas.net https://image.backup.captchas.net https://image.captchas.net; base-uri 'self';connect-src https://www.parliament.gh 1
default-src 'self'; script-src data: blob: 'unsafe-inline' 'self' 'unsafe-eval' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net snap.licdn.com *.k-analytix.com *.wp.com *.igodigital.com *.privacytools.com.br *.fullstory.com *.facebook.net *.k-analytix.com *.online-metrix.net *.gstatic.com *.handtalk.me plugin.handtalk.me; style-src data: blob: 'self' 'unsafe-inline' *.wp.com *.privacytools.com.br *.googleapis.com *.handtalk.me; img-src 'self' data: blob: *.bvsnet.com.br *.wp.com boavistaservicos.com.br *.boavistaservicos.com.br *.ytimg.com *.gravatar.com *.igodigital.com *.privacytools.com.br *.doubleclick.net *.googletagmanager.com *.google.com *.google.com.br *.facebook.com.br *.facebook.com *.linkedin.com *.google-analytics.com *.handtalk.me plugin.handtalk.me; font-src 'self' data: blob: *.wp.com 'unsafe-inline' *.gstatic.com; connect-src 'self' data: blob: ws: wss: *.konduto.com *.fullstory.com *.oribi.io *.privacytools.com.br *.google.com *.google-analytics.com *.doubleclick.net *.handtalk.me; frame-src 'self' data: blob: *.wp.com *.boavistaservicos.com.br *.youtube.com *.facebook.com *.doubleclick.net *.google.com *.google-analytics.com *.handtalk.me 1
default-src 'self' https://static.dataminer.io;font-src 'self' https://fonts.gstatic.com https://static.dataminer.io;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 'unsafe-inline' https://www.gstatic.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://static.dataminer.io;img-src 'self' data: https://via.placeholder.com https://*.stripe.com https://*.google.com https://www.google-analytics.com https://analytics.google.com https://googletagmanager.com https://www.googletagmanager.com https://static.dataminer.io;connect-src https://checkout.stripe.com https://api.stripe.com https://q.stripe.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://stage5.dataminer.io https://dataminer.io https://stage.run.dataminer.io https://run.dataminer.io https://dev.dataminer.io:5443 https://static.dataminer.io wss://dev.dataminer.io:5443 wss://stage.run.dataminer.io wss://run.dataminer.io;frame-src https://ausi.github.io https://stage5.dataminer.io https://dev.dataminer.io:6443 https://checkout.stripe.com https://js.stripe.com https://hooks.stripe.com https://www.emailmeform.com https://www.youtube.com https://docs.google.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ausi.github.io https://js.stripe.com https://checkout.stripe.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://analytics.google.com https://googletagmanager.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.gstatic.com https://cdn.datatables.net https://static.dataminer.io;frame-ancestors chrome-extension://nndknepjnldbdbepjfgmncbggmopgden chrome-extension://llokfbfbhdgcigbmplogjkbmanlobofd chrome-extension://nikadbgbkmnkfdpbemongigjifmfmpll chrome-extension://adkblnlgljbfodiofibbjflfdmpbhnlo chrome-extension://kedjhkoicnbnfamjmccofgkknoofhglf ;object-src 'none';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self' https:; object-src 'none'; frame-ancestors 'self' https://*.dev.varklin.com https://*.uat.varklin.com https://*.pay.com.au; frame-src 'self' https://www.google.com https://*.appcues.com https://www.facebook.com https://*.force.com https://recaptcha.net https://fast.wistia.com https://fast.wistia.net insight.adsrvr.org match.adsrvr.org https://*.uat.varklin.com https://*.pay.com.au https://calendly.com https://*.trustpilot.com https://*.livechatinc.com https://www.youtube.com https://pay.com.au; style-src 'self' 'unsafe-inline' https://*.livechatinc.com https://*.force.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com https://*.calendly.com https://pay.com.au https://*.pay.com.au https://content.varklin.com https://*.content.varklin.com https://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://pay.com.au https://*.pay.com.au https://content.varklin.com https://*.content.varklin.com https://*.livechatinc.com https://*.force.com https://*.salesforce.com https://*.salesforceliveagent.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://*.appcues.com https://*.appcues.net https://*.calendly.com https://*.pardot.com https://*.facebook.net https://*.licdn.com https://recaptcha.net https://*.wistia.com https://*.wistia.net https://src.litix.io https://js.adsrvr.org https://edge.fullstory.com https://rs.fullstory.com https://ct.pinterest.com https://s.pinimg.com https://*.uat.varklin.com https://*.fastcdn.co https://*.instapage.com https://*.instapagemetrics.com https://*.trustpilot.com https://*.bing.com https://*.youtube.com https://*.tiktok.com https://*.hotjar.com; connect-src https://*.content.varklin.com https://*.appcues.com https://*.appcues.net https://*.livechatinc.com https://px.ads.linkedin.com https://www.google-analytics.com https://*.g.doubleclick.net https://*.google.com wss://*.appcues.net wss://*.appcues.com https://www.abr.business.gov.au/json/AbnDetails.aspx https://in-otel.hyperdx.io https://*.wistia.com https://*.litix.io https://edge.fullstory.com https://rs.fullstory.com https://ct.pinterest.com https://*.uat.varklin.com https://*.pay.com.au https://*.instapage.com https://*.instapagemetrics.com https://*.fastcdn.co https://analytics.tiktok.com https://bat.bing.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; child-src 'self' https://*.livechatinc.com; img-src 'self' data: https:; worker-src 'self' blob:; media-src 'self' blob: https:; report-uri https://6u3ehpdmfirwnn3uqgzpbbrrxq0zrkty.lambda-url.ap-southeast-2.on.aws/; report-to pay-csp 1
default-src 'self' https://*.crazyegg.com; connect-src https://www.facturadorelectronico.com/js/banners.json https://www.facturadorelectronico.com/js/planes.json https://www.facturadorelectronico.com/js/coments.json https://www.facturadorelectronico.com/landing/assets/js/coments.json https://admin-api.facturador.com https://asociados-api.facturador.com https://oc-cdn-ocprod.azureedge.net https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com *.google-analytics.com *.analytics.google.com https://ekr.zdassets.com wss://widget-mediator.zopim.com https://widget-mediator.zopim.com/ https://enviarcorreosventacontabilidad.azurewebsites.net https://*.crazyegg.com https://*.google.com https://google.com https://*.google.com.mx; font-src 'self' data: https://fonts.gstatic.com https://v2.zopim.com; frame-src 'self' https://oc-cdn-ocprod.azureedge.net https://www.google.com https://www.youtube.com https://www.facebook.com https://*.doubleclick.net; img-src 'self' https://analytics.google.com *.google-analytics.com *.analytics.google.com https://v2.zopim.com https://*.crazyegg.com data: *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://oc-cdn-ocprod.azureedge.net https://analytics.google.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org https://connect.facebook.net https://v2.zopim.com https://static.zdassets.com https://*.crazyegg.com blob: https://*.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://oc-cdn-ocprod.azureedge.net https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://*.crazyegg.com; frame-ancestors 'self'; 1
default-src https: http: wss: 'self' data: 'unsafe-inline' blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.google-analytics.com maps.google.com maps.googleapis.com ssl.google-analytics.com www.gstatic.com; 1
report-uri /-/csp_report?report_only=false; script-src 'self' 'unsafe-inline' https://ssl.gstatic.com https://apis.google.com https://accounts.google.com/gsi/client https://d3ki9tyy5l5ruj.cloudfront.net https://d1gwm4cf8hecp4.cloudfront.net https://d1a3usp4brejtz.cloudfront.net https://d3u0af8znnrzzj.cloudfront.net https://d2y3xhxlqzgfzh.cloudfront.net https://oauth.googleusercontent.com https://app.box.com https://platform.twitter.com https://connect.facebook.net https://platform.harvestapp.com https://www.google.com https://docs.google.com https://www.gstatic.com https://www.dropbox.com https://www.paypal.com/sdk/js https://recordwidget.vimeocdn.com https://api.stripe.com https://hooks.stripe.com https://js.stripe.com https://m.stripe.com https://m.stripe.network https://q.stripe.com https://prod-eu1.app.asana.com https://prod-au1.app.asana.com https://prod-jp1.app.asana.com https://cdn.cookielaw.org https://861-iiv-735.mktoweb.com https://resources.asana.com https://ccwizard.vertexsmb.com; frame-src 'self' blob: https://www.figma.com https://*.invisionapp.com https://invis.io https://miro.com https://whimsical.com https://www.loom.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.com https://www.canva.com https://xd.adobe.com https://*.looker.com https://lucid.app https://*.okta.com https://*.sharepoint.com https://*.dovetail.com https://accounts.google.com https://accounts.google.com/gsi/ https://content.googleapis.com https://www.google.com https://docs.google.com https://fast.wistia.net https://www.dropbox.com https://platform.harvestapp.com https://forms.asana.plus https://forms-server.asana.plus https://local.asana.com https://asana.com https://apisandbox.zuora.com https://test.zuora.com https://www.zuora.com https://www.sandbox.paypal.com https://www.paypal.com https://recordwidget.vimeocdn.com https://api.stripe.com https://hooks.stripe.com https://js.stripe.com https://m.stripe.com https://m.stripe.network https://q.stripe.com https://pixel.asana.com https://d3ki9tyy5l5ruj.cloudfront.net https://prod-eu1.app.asana.com https://prod-au1.app.asana.com https://prod-jp1.app.asana.com https://cdn.cookielaw.org https://form.asana.com https://form-beta.asana.com https://form-stag.luna-s.org https://localhost.asana.com:3000 https://861-iiv-735.mktoweb.com https://resources.asana.com https://ccwizard.vertexsmb.com; worker-src 'self' blob: https://d3ki9tyy5l5ruj.cloudfront.net; child-src 'self' blob: https://d3ki9tyy5l5ruj.cloudfront.net; object-src 'self'; plugin-types application/pdf; base-uri 'none', report-uri /-/csp_report?report_only=false; script-src https: 'unsafe-inline' 'strict-dynamic' 'report-sample' 'nonce-4zae2brvg7eljlne0tcvju31i' 1
default-src * blob:; img-src * data: blob: resource: *.xmcdn.com *.ximalaya.com; connect-src * wss: blob: resource:; frame-src 'self' *.ximalaya.com pos.baidu.com dup.baidustatic.com openapi.baidu.com wappass.baidu.com passport.baidu.com s.union.360.cn 360fenxi.mediav.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.xmcdn.com *.ximalaya.co hm.baidu.com s.union.360.cn cpro.baidustatic.com pos.baidu.com dup.baidustatic.com zz.bdstatic.com b.bdstatic.com jspassport.ssl.qhimg.com webcert.cnmstl.net *.geetest.com *.geevisit.com *.gsensebot.com; style-src 'self' 'unsafe-inline' *.xmcdn.com *.ximalaya.com *.geetest.com *.geevisit.com *.gsensebot.com resource:; frame-ancestors *.ximalaya.com; 1
script-src http: https: https://zhik.com/ 'unsafe-inline' *.flowpaper.com flowpaper.com *.yotpo.com *.weglot.com *.adyen.com *.instant.one *.googletagmanager.com; style-src 'self' blob: https: 'unsafe-inline' https://zhik.com/ *.weglot.com *.ubembed.com *.unbounce.com; img-src data: http: https: *.adyen.com *.ubembed.com; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com *.gozayaan.com *.yotpo.com *.paypal.com *.instant.one *.ubembed.com; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.googletagmanager.com *.flowpaper.com flowpaper.com *.facebook.com *.adyen.com *.paypal.com *.instant.one mail.zhik.com *.ubembed.com; 1
default-src * data: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 1
default-src 'self' *.horus-it.com *.horus-it.de; child-src 'self' https://www.google.com/; script-src 'self' https://www.google.com/ https://www.gstatic.com/recaptcha/; form-action 'self'; frame-ancestors 'self' 1
img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src blob:; 1
report-uri *; child-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'report-sample' http: https: data: mediastream: blob: filesystem:; frame-ancestors *; object-src *; frame-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'report-sample' http: https: data: mediastream: blob: filesystem:; worker-src *; manifest-src *; upgrade-insecure-requests 1
default-src 'self' cdn.upstract.com; font-src 'self' cdn.upstract.com; style-src 'self' 'unsafe-inline' cdn.upstract.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.upstract.com https://hcaptcha.com/ https://cdn.jsdelivr.net/; img-src 'self' data: cdn.upstract.com; frame-src https://www.youtube.com/ https://player.vimeo.com/ https://rumble.com/ https://embed.ted.com/ https://*.hcaptcha.com 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://www.google.com/recaptcha/api.js https://www.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com code.jquery.com analytics.clickdimensions.com use.typekit.net *.clarity.ms d1l6p2sc9645hc.cloudfront.net https://www.clarity.ms/tag/55etgeiru6 data2.gosquared.com chat.gosquared.com data.gosquared.com maps.googleapis.com https://www.googletagmanager.com/gtm.js https://ws.zoominfo.com/pixel/626321488a50a40012f52f07 http://web.valin.com https://secure.east2pony.com/js/263140.js https://secure.east2pony.com/Track/Capture.aspx https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: *; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com/recaptcha/; script-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/ https://googleads.g.doubleclick.net/ https://stackpath.bootstrapcdn.com/bootstrap/ https://cdnjs.cloudflare.com/ajax/ https://unpkg.com/swiper/ https://code.jquery.com/ https://consent.cookiebot.com/ https://connect.facebook.net/ https://consentcdn.cookiebot.com/consentconfig/ https://cdn.cookielaw.org/ https://www.gstatic.com/ https://www.googletagmanager.com/ https://www.google.com/ data: ; style-src 'self' 'unsafe-inline' https://unpkg.com/swiper/ https://stackpath.bootstrapcdn.com/bootstrap/ https://fonts.googleapis.com/; font-src 'self' data: https://fonts.gstatic.com/; img-src 'self' data: https://wpemaillog.com/ https://www.google.fr/pagead/ https://www.google.com/pagead/ https://toolset.com/ https://wpml.org/ https://helloauto.com/promociones/ https://s.w.org/ https://www.googletagmanager.com/ https://ps.w.org https://imgsct.cookiebot.com/ https://www.facebook.com/ https://imgsct.cookiebot.com/https://www.facebook.com/ https://cdn.cookielaw.org/ https://www.google-analytics.com https://secure.gravatar.com https://www.google.es/; connect-src 'self' https://www.googleadservices.com/pagead/ https://adservice.google.com/pagead/ https://api.redirect.li/v2/ https://consentcdn.cookiebot.com/ https://consentcdn.cookiebot.com/consentconfig/ https://region1.analytics.google.com/g/ https://azapp-web-oauth-server-ha.azurewebsites.net/api/ https://pagead2.googlesyndication.com/ https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://region1.google-analytics.com/ https://www.google.com/ https://cdn.cookielaw.org/ https://www.google-analytics.com https://yoast.com/; frame-src 'self' https://api.paycomet.com/ https://consentcdn.cookiebot.com/ https://td.doubleclick.net/ https://player.vimeo.com/ https://www.youtube.com https://www.google.com/; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; worker-src 'self' blob: https://helloauto.com/ 1
default-src 'self' https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.google.be https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.facebook.com https://*.facebook.net https://*.youtube.be https://*.youtube.com https://*.vimeo.com https://*.snapchat.com https://*.spotify.com https://*.instagram.com; block-all-mixed-content; font-src data: 'self' https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; img-src data: 'self' https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.google.be https://placeholder.inventis.be https://*.ytimg.com https://img.youtube.com/ https://i.vimeocdn.com/ https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://i.scdn.co https://*.youtube.com https://*.snapchat.com; manifest-src 'self'; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.ytimg.com https://*.googletagmanager.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.facebook.net https://*.vimeo.com 'nonce-qN/0qjSAApD0FiXMdQqI5Q=='; style-src 'self' 'unsafe-inline' https://*.typekit.net https://*.googletagmanager.com https://fonts.googleapis.com; upgrade-insecure-requests 1
default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; object-src 'none' 1
default-src 'self'; base-uri 'none'; form-action 'self'; img-src 'self' data:; object-src 'none' 1
script-src http: https: https://www.various-brands.ro 'unsafe-inline' https://www.googletagmanager.com https://www.google.com/ https://lockerplugin.sameday.ro https://event.2performant.com https://consentcdn.cookiebot.com https://attr-2p.com; style-src 'self' blob: https: 'unsafe-inline' https://www.various-brands.ro; img-src data: http: https: www.googletagmanager.com https://event.2performant.com https://attr-2p.com https: consentcdn.cookiebot.com https: lockerplugin.sameday.ro; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com *.fontawesome.com; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.googletagmanager.com *.hotjar.com *.google.com *.2performant.com lockerplugin.sameday.ro consentcdn.cookiebot.com; 1
frame-ancestors 'self' http://sentinelone.lookbookhq.com https://sentinelone.lookbookhq.com http://sentinelone.pathfactory.com https://sentinelone.pathfactory.com http://assets.sentinelone.com https://assets.sentinelone.com https://app.scalyr.com https://app.eu.scalyr.com localhost https://www.dataset.com; 1
default-src https://www.swissmadesoftware.org; font-src 'self' data: fonts.gstatic.com; frame-ancestors 'self'; child-src platform.twitter.com www.xing-share.com *.swissmadesoftware.org *.google.com *.youtube.com *.soundcloud.com *.issuu.com *.mx3.ch *.bandcamp.com https://mx3.ch https://bandcamp.com https://issuu.com https://youtube.com https://open.spotify.com https://www.mixcloud.com https://embed.spotify.com https://www.facebook.com https://player.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://swissmadesoftware.opsone-analytics.ch snap.licdn.com connect.facebook.net platform.twitter.com platform.linkedin.com www.xing-share.com www.google-analytics.com maps.googleapis.com www.googletagmanager.com; img-src 'self' data: www.linkedin.com *.ads.linkedin.com syndication.twitter.com www.google-analytics.com stats.g.doubleclick.net maps.gstatic.com *.googleapis.com csi.gstatic.com img.youtube.com; style-src 'self' 'unsafe-inline'  fonts.googleapis.com www.xing-share.com; connect-src 'self' https://swissmadesoftware.opsone-analytics.ch https://region1.google-analytics.com https://maps.googleapis.com https://cdn.linkedin.oribi.io https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; media-src 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.muuttomaailma.fi https://*.muuttomaailma.com *.kilpailutamuuttopalvelu.fi https://*.facebook.com https://*.facebook.net https://*.zopim.com wss://*.zopim.com https://*.gravatar.com https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.optimonk.com https://*.g.doubleclick.net https://www.google.com https://www.google.fi https://*.bing.com https://*.adnxs.com https://www.googletagmanager.com https://www.googleadservices.com https://*.googlesyndication.com https://adservice.google.fi https://adservice.google.com https://*.krxd.net https://s3.amazonaws.com https://www.youtube-nocookie.com https://*.adform.net https://c.bannerflow.net https://servedby.revive-adserver.net https://maxcdn.bootstrapcdn.com https://*.ensighten.com https://tagmanager.google.com https://*.gravito.net https://*.almamedia.fi https://*.almamedia.tech https://*.userreport.com https://*.dnt-userreport.com https://d1gw63jeifbb1b.cloudfront.net https://dacvuskohga7w.cloudfront.net https://almacrcommoncontent.net https://*.rubiconproject.com https://*.adnxs-simple.com https://cdn.jsdelivr.net https://ad.doubleclick.net https://*.criteo.com https://*.criteo.net https://*.zdassets.com https://muuttomaailma-almamedia.zendesk.com https://*.permutive.app https://*.permutive.com https://*.prmutv.co; worker-src blob:; frame-src https: 1
script-src kit.fontawesome.com/3c00800568.js assets.rishum.app ajax.cloudflare.com 'nonce-sGAe3N97pwrq45Ew' 'self'; default-src   rishum-app.s3.eu-west-1.amazonaws.com  assets.rishum.app 'self'; style-src kit-pro.fontawesome.com kit-free.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline' assets.rishum.app use.fontawesome.com; img-src get.anydesk.com  rishum-app.s3.eu-west-1.amazonaws.com  blob: 'self' *.rishum.app data:; media-src  rishum-app.s3.eu-west-1.amazonaws.com   assets.rishum.app 'self' archive.org *.youtube.com *.youtube-nocookie.com dailymotion.com; object-src  rishum-app.s3.eu-west-1.amazonaws.com   'self' archive.org *.googlevideo.com *.ytimg.com *.youtube.com *.youtube-nocookie.com dailymotion.com; worker-src 'self' blob: archive.org *.youtube.com *.youtube-nocookie.com *.dailymotion.com; font-src 'self' assets.rishum.app use.fontawesome.com kit-pro.fontawesome.com fonts.googleapis.com kit-free.fontawesome.com data: fonts.gstatic.com maxcdn.bootstrapcdn.com; frame-src blob: accounts.google.com drive.google.com assets.rishum.app www.rishumon.co.il cgmpiuat.creditguard.co.il  rishum-app.s3.eu-west-1.amazonaws.com   'self' archive.org *.youtube.com *.youtube-nocookie.com *.dailymotion.com data: ; frame-ancestors accounts.google.com drive.google.com assets.rishum.app www.rishumon.co.il cgmpiuat.creditguard.co.il  rishum-app.s3.eu-west-1.amazonaws.com   'self' archive.org *.youtube.com *.youtube-nocookie.com *.dailymotion.com data: ; connect-src data: 'self' assets.rishum.app blob:  rishum-app.s3.eu-west-1.amazonaws.com     ; 1
default-src https: data: 'unsafe-inline'; script-src https: data: 'unsafe-inline'; style-src 'unsafe-inline' https:; img-src https: data:; font-src https: data:; connect-src https:; media-src https:; object-src https:; child-src https:; frame-src https:; worker-src https:; manifest-src https:; prefetch-src https:; frame-ancestors https://triotech.co.in https://*.triotech.co.in; base-uri https://triotech.co.in https://*.triotech.co.in; form-action https://triotech.co.in https://*.triotech.co.in; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self' http: https: ws: wss: data: gap: blob: 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com; media-src *; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://js.hsforms.net https://fonts.googleapis.com https://connect.facebook.net https://*.canalmeio.com.br https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleoptimize.com  https://*.g.doubleclick.net https://www.youtube.com https://*.googletagservices.com https://*.googlesyndication.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://static.ads-twitter.com https://viacep.com.br https://*.hotjar.com https://js.hsforms.net https://fonts.googleapis.com https://connect.facebook.net https://*.canalmeio.com.br https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleoptimize.com  https://*.g.doubleclick.net https://www.youtube.com https://*.googletagservices.com https://*.googlesyndication.com https://*.gstatic.com; 1
frame-ancestors http://www.atlasroofing-stg.com/ https://www.atlasroofing.com/ 1
frame-ancestors 'self' admin.farmbureau.bank admin-staging.farmbureau.bank *.zagclients.net 1
style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com;connect-src 'self' www.google.com stats.g.doubleclick.net uploads.intercomcdn.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io auth.zonda.exchange www.google-analytics.com wss://api.zondacrypto.exchange api.zondacrypto.exchange https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.facebook.com/ *.google-analytics.com *.analytics.google.com auth.zondacrypto.exchange;script-src 'self' 'unsafe-inline' 'unsafe-eval' js.intercomcdn.com widget.intercom.io *.adform.net *.youtube.com www.google-analytics.com www.googletagmanager.com *.google.com google.com ssl.google-analytics.com *.gstatic.com connect.facebook.net https://googleads.g.doubleclick.net;frame-src *.adform.net *.fls.doubleclick.net 'self' *.zondaglobal.com  *.zondacrypto.com *.google.com *.youtube.com;frame-ancestors 'self';font-src 'self' 'unsafe-inline' 'unsafe-eval' js.intercomcdn.com fonts.gstatic.com fonts.gstatic.com https://fonts.intercomcdn.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.youtube-nocookie.com *.usefathom.com plausible.io *.pingdom.net *.slideshare.net *.onetrust.com  *.libsyn.com  *.crazyegg.com *.polyfill.io *.matomo.cloud *.doubleclick.net *.adtran *.adva.com *.advaoptical.com *.pardot.com *.akamaized.net  *.cookielaw.org  cdn.matomo.cloud  *.vimeo.com  *.jquery.com cdn.jsdelivr.net cdn.sheetjs.com *.google.com widget.trustpilot.com *.cloudflare.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.hotjar.com *.googleadservices.com *.googleoptimize.com googleads.g.doubleclick.net *.cloudfront.net js-agent.newrelic.com  *.linkedin.com www.clarity.ms www.tiktok.com lf16-tiktok-web.ttwstatic.com www.googleadservices.com googleads.g.doubleclick.net *.sendinblue.com *.twitter.com *.facebook.net *.twimg.com designbysoap.b-cdn.net blob:; img-src * 'self' data: blob:;frame-ancestors 'self'; 1
form-action self; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' gethatch.com *.gstatic.com *.googleapis.com *.facebook.com *.google-analytics.com *.analytics.google.com *.google.com *.google.co.uk *.static.zdassets.com *.ekr.zdassets.com *.ekr.zendesk.com *.zendesk.com *.zopim.com *.zendesk-eu.my.sentry.io *.nosto.com;img-src 'self' *.zopim.io *.static.zdassets.com *.nosto.com *.zopim.io *.google-analytics.com *.analytics.google.com *.google.com *.google.co.uk *.facebook.com gethatch.com *.zopim.com *.gstatic.com *.googleapis.com *.postcodeanywhere.co.uk *.bing.com *.pinterest.com *.googletagmanager.com *.cdninstagram.com *.rackcdn.com *.linkedin.com data:; 1
default-src 'self' cdn.biztoc.com; font-src 'self' cdn.biztoc.com; style-src 'self' 'unsafe-inline' cdn.biztoc.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.biztoc.com https://hcaptcha.com/ https://cdn.jsdelivr.net/; img-src 'self' data: cdn.biztoc.com; frame-src https://www.youtube.com/ https://player.vimeo.com/ https://rumble.com/ https://embed.ted.com/ https://*.hcaptcha.com 1
default-src 'self' https://qanty.com data: *.googleapis.com *.gstatic.com *.google.com  *.youtube.com *.web.app *.firebaseapp.com https://vc.qanty.com filesystem:; style-src * 'unsafe-inline' filesystem: blob:; img-src * data: 'unsafe-inline'; connect-src 'self' http://localhost:7999 ws://localhost:7998 https://extreme-ip-lookup.com *.googleapis.com filesystem: https://www.google-analytics.com; script-src 'self' data: blob: 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com  *.youtube.com https://vc.qanty.com https://meet.jit.si *.web.app *.firebaseapp.com https://www.googletagmanager.com; frame-ancestors 'self' https://vc.qanty.com/ https://nube.celsia.com:4443 https://pruebas.comfenalcovalle.com.co https://www.segurossura.com.co *.comfenalcovalle.com.co https://delagentevirtual.com 1
connect-src 'self' https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com https://*.klarnaevt.com  https://*.analytics.google.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://js.stripe.com https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com;default-src 'self' https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.analytics.google.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://js.stripe.com https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com https://*.klarnaevt.com;frame-ancestors 'self'  ;frame-src https://www.google.com https://js.stripe.com https://staticxx.facebook.com https://www.facebook.com/ https://www.youtube.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com https://*.klarnaevt.com ;img-src 'self' data: blob: https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com https://*.klarnaevt.com https://*.analytics.google.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://js.stripe.com https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com ;media-src 'none';object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com https://*.klarnaevt.com https://*.analytics.google.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://js.stripe.com https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com;font-src data: 'self' https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.analytics.google.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://js.stripe.com https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com https://*.klarnaevt.com;style-src 'self' 'unsafe-inline' https://*.analytics.google.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://js.stripe.com https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com v4.ai.ingka.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com translate-pa.googleapis.com www.youtube-nocookie.com www.youtube.com www.paypal.com blob: data: wss://web-api.ikea.com https://storage.googleapis.com/learnwithikeavideos/ unicorn-rainbow-flower.edgecompute.app ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com www.recaptcha.net maps.googleapis.com id5-sync.com cdn.id5-sync.com bcp.crwdcntrl.net tags.crwdcntrl.net *.adform.net *.appier.net *.doubleclick.net staticcdn.enzymic.co static.enzymic.co *.facebook.com *.facebook.net www.googleadservices.com *.googlesyndication.com *.google.com.my *.salecycle.com d16fk4ms6rqz1v.cloudfront.net *.yimg.com analytics-au.clickdimensions.com *.2c2p.com *.userzoom.com *.cookielaw.org *.onetrust.com *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com dc.services.visualstudio.com rt.services.visualstudio.com *.in.applicationinsights.azure.com *.livediagnostics.monitor.azure.com www.surveygizmo.eu widgixeu-beacon.s3.amazonaws.com *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com widgets-ssr.photorank.me data.photorank.me *.olapic-cdn.com photorankstatics-a.akamaihd.net photorankapi-a.akamaihd.net *.yieldify.com *.yieldify-production.com wss://stranger.yieldify-production.com fonts.googleapis.com fonts.gstatic.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
frame-ancestors 'self'  https://*.gaultmillau.at 1
default-src 'self' *.malvernpanalytical.com *.malvernpanalytical.com.cn; connect-src 'self' https://*.clarity.ms/ https://*.hotjar.com wss://*.hotjar.com https://bat.bing.com https://segments.company-target.com https://cdn.cookielaw.org https://www.google-analytics.com *.g.doubleclick.net https://api.company-target.com https://surveystats.hotjar.io https://analytics.google.com https://*.pingdom.net http://*.pingdom.net *.visualwebsiteoptimizer.com app.vwo.com https://privacyportal-de.onetrust.com v2.clickguardian.app *.google-analytics.com *.analytics.google.com geolocation.onetrust.com api.bizzabo.com *.google.com malvernpanalytical.matomo.cloud unpkg.com cdn.jsdelivr.net cdn.linkedin.oribi.io gateway.zscalertwo.net mp-production.ent.eu-west-1.aws.found.io mp-uat.ent.eu-west-1.aws.found.io mp-development.ent.eu-west-1.aws.found.io mpfinder.azurewebsites.net www.googleapis.com prompts.maze.co pagead2.googlesyndication.com tag-logger.demandbase.com px.ads.linkedin.com cdn.horizons.confirmit.eu https://www.materials-talks.com https://www.materials-talks.jp https://www.materials-talks.kr https://api.demandbase.com; font-src 'self' unpkg.com cdn.jsdelivr.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.hotjar.com gateway.zscalertwo.net; frame-src 'self' https://virtualshowroom.tech/ *.google.com *.google.co.uk *.google.ie https://sites-cm-malvernpl-production.tridion.sdlproducts.com https://sites-cm-malvernpl-test.tridion.sdlproducts.com https://sites-cm-malvernpl-development.tridion.sdlproducts.com https://sites-cm-malvern-production.tridion.sdlproducts.com https://sites-cm-malvern-test.tridion.sdlproducts.com https://sites-cm-malvern-development.tridion.sdlproducts.com *.recaptcha.net https://www.youtube-nocookie.com https://www.youtub.com *.youtube.com https://player.youku.com https://www.googletagmanager.com https://googleads.g.doubleclick.net/ *.visualwebsiteoptimizer.com app.vwo.com gateway.zscalertwo.net td.doubleclick.net s.company-target.com feedback.malvernpanalytical.com; frame-ancestors 'self' https://sites-cm-malvernpl-production.tridion.sdlproducts.com https://sites-cm-malvernpl-test.tridion.sdlproducts.com https://sites-cm-malvernpl-development.tridion.sdlproducts.com https://sites-cm-malvern-production.tridion.sdlproducts.com https://sites-cm-malvern-test.tridion.sdlproducts.com https://sites-cm-malvern-development.tridion.sdlproducts.com; img-src 'self' http://*.malvernpanalytical.com http://*.malvernpanalytical.com.cn *.malvernpanalytical.com *.malvernpanalytical.com.cn data:  https://dam.malvernpanalytical.com https://c.bing.com/ https://c.clarity.ms/ https://linkedin.com/px/ https://malvern.dist.sdlmedia.com https://p3.aprimocdn.net https://sites-cm-malvernpl-production.tridion.sdlproducts.com https://sites-cm-malvernpl-test.tridion.sdlproducts.com https://sites-cm-malvernpl-development.tridion.sdlproducts.com https://sites-cm-malvern-production.tridion.sdlproducts.com https://sites-cm-malvern-test.tridion.sdlproducts.com https://sites-cm-malvern-development.tridion.sdlproducts.com https://www.materials-talks.com https://www.materials-talks.kr https://www.materials-talks.jp unpkg.com cdn.jsdelivr.net https://px.ads.linkedin.com https://px4.ads.linkedin.com https://match.prod.bidr.io https://bat.bing.com https://www.google.com https://www.google.ac https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.com.kh https://www.google.cc https://www.google.cd https://www.google.cf https://www.google.cat https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.g.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gf https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.iq https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.io https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.com.lc https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.ne https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pk https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.com.pg https://www.google.pn https://www.google.co.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.sm https://www.google.so https://www.google.st https://www.google.sr https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.to https://www.google.tn https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://segments.company-target.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://id.rlcdn.com https://googleads.g.doubleclick.net https://hm.baidu.com http://api.share.baidu.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com https://*.hotjar.com https://*.linkedin.com https://cdn.cookielaw.org https://p.adsymtotic.com *.google-analytics.com *.analytics.google.com *.baidu.com gateway.zscalertwo.net res.cloudinary.com sites-cm-c4f1aa-eu-west-1-malvernr12.tridion.sdlproducts.com https://latex.codecogs.com; media-src 'self' https://dam.malvernpanalytical.com https://p3.aprimocdn.net gateway.zscalertwo.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://*.malvernpanalytical.com http://*.malvernpanalytical.com.cn *.malvernpanalytical.com *.malvernpanalytical.com.cn https://*.clarity.ms/ https://www.google.com/pagead https://sites-cm-malvernpl-production.tridion.sdlproducts.com https://sites-cm-malvernpl-test.tridion.sdlproducts.com https://sites-cm-malvernpl-development.tridion.sdlproducts.com https://sites-cm-malvern-production.tridion.sdlproducts.com https://sites-cm-malvern-test.tridion.sdlproducts.com https://sites-cm-malvern-development.tridion.sdlproducts.com https://www2.malvernpanalytical.com https://polyfill.io https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://zz.bdstatic.com/ https://www.gstatic.com/recaptcha/ https://apis.google.com https://www.recaptcha.net https://www.youtube.com https://www.googletagmanager.com unpkg.com cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.cookielaw.org https://www.google-analytics.com http://www.googleadservices.com https://www.googleadservices.com https://snap.licdn.com https://static.hotjar.com https://bat.bing.com http://bat.bing.com https://tag.demandbase.com http://*.pardot.com https://script.hotjar.com https://googleads.g.doubleclick.net http://www.googletagmanager.com https://*.baidu.com http://push.zhanzhang.baidu.com http://ada.baidu.com https://fe-resource.cdn.bcebos.com https://*.pingdom.net http://*.pingdom.net *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com v2.clickguardian.app *.googlesyndication.com https://cdn.heeet.io *.matomo.cloud gateway.zscalertwo.net sites-cm-c4f1aa-eu-west-1-malvernr12.tridion.sdlproducts.com snippet.maze.co cdn.horizons.confirmit.eu; style-src 'self' 'unsafe-inline' http://*.malvernpanalytical.com http://*.malvernpanalytical.com.cn *.malvernpanalytical.com *.malvernpanalytical.com.cn unpkg.com cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://sites-cm-malvernpl-production.tridion.sdlproducts.com https://sites-cm-malvernpl-test.tridion.sdlproducts.com https://sites-cm-malvernpl-development.tridion.sdlproducts.com https://sites-cm-malvern-production.tridion.sdlproducts.com https://sites-cm-malvern-test.tridion.sdlproducts.com https://sites-cm-malvern-development.tridion.sdlproducts.com gateway.zscalertwo.net *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com translate.googleapis.com; worker-src blob: blob: *.malvernpanalytical.com data:; base-uri 'self'; report-to csp-endpoint; 1
"script-src 'self' 'unsafe-inline' 'unsafe-eval' *.herten.de *.hertener-stadtwerke.de *.copacabackum.de *.hertener-sommerkino.de *.sgalinski.de *.gstatic.com *.google.com *.googletagmanager.com *.openstreetmap.com *.googleapis.com *.deutsches-ausschreibungsblatt.de *.amazonaws.com *.gipsprojekt.de *.digiaccess.org 'nonce-ASd4r'"; child-src * 1
default-src 'self'; script-src 'strict-dynamic'; script-src-elem 'self' 'nonce-KtzZn8/F4VAZYx6neZFYo4eoR0o/r/f2SJudi6pwAug=' https://www.googleoptimize.com/ https://plugin.handtalk.me/ https://static.elfsight.com/ https://static-stage.elfsight.com/ https://ipinfo.io/ https://appscdn.joomla.org/webapps/ https://geolocation.onetrust.com/ https://cdn.cookielaw.org/ https://ajax.googleapis.com/ajax/libs/jquery/ https://cdn.datatables.net/ https://onesignal.com/ https://cdn.onesignal.com/ https://maps.googleapis.com/ https://s3.amazonaws.com/downloads.mailchimp.com https://www.google-analytics.com/ https://code.jquery.com/ https://connect.facebook.net https://www.googletagmanager.com/ https://pi.pardot.com/ https://cdn.pardot.com/ https://go.machadomeyer.com.br/ https://www.google.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/recaptcha/ https://netdna.bootstrapcdn.com/ https://s3-sa-east-1.amazonaws.com/; style-src 'self' 'unsafe-inline' https://cdn.datatables.net/ https://onesignal.com/ https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ https://hello.myfonts.net/ https://netdna.bootstrapcdn.com/font-awesome/4.2.0/css/; img-src * 'self' data: blob: https://www.machadomeyer.com.br/; font-src 'self' data: https://fonts.gstatic.com/ https://intranetmmso.intercode.com.br/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://netdna.bootstrapcdn.com/ https://open.scdn.co/cdn/fonts/ https://use.typekit.net/; connect-src 'self' https://geolocation.onetrust.com/ https://checkip.amazonaws.com/ https://translation-v3.handtalk.me/ https://plugin.handtalk.me/ https://privacyportal-br.onetrust.com/ https://cdn.cookielaw.org/ https://maps.googleapis.com/ https://core.service.elfsight.com/ https://static.elfsight.com/ https://storage.elfsight.com/ https://pi.pardot.com/ https://cdn.pardot.com/ https://go.machadomeyer.com.br/ https://machadomeyer.my.salesforce.com/ https://login.salesforce.com/ https://onesignal.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://s3-sa-east-1.amazonaws.com/; media-src 'self'; frame-src 'self' https://www.google.com/recaptcha/ https://plugin.handtalk.me/ https://go.machadomeyer.com.br/ https://www.youtube.com/ https://anchor.fm/ https://open.spotify.com https://s3-sa-east-1.amazonaws.com/; worker-src 'self'; frame-ancestors 'self'; form-action 'self' https://go.machadomeyer.com.br/ https://login.microsoftonline.com/; object-src 'none'; base-uri 'self' 1
default-src 'self'  'unsafe-inline'  cdn.iubenda.com fonts.gstatic.com secure.gravatar.com https://cdn.iubenda.com maps.googleapis.com www.google-analytics.com hits-i.iubenda.com  region1.analytics.google.com www.digicatapult.org.uk analytics.google.com stats.g.doubleclick.net *.google.com region1.google-analytics.com *.youtube.com *.hotjar.io  *.hotjar.com wss://ws.hotjar.com www.google.co.uk digitalcatapult.my.salesforce-sites.com *.doubleclick.net *.linkedin.com idb.iubenda.com; font-src data: fonts.gstatic.com www.digicatapult.org.uk; img-src 'self' data: secure.gravatar.com  dev-digital-catapult.pantheonsite.io maps.gstatic.com maps.googleapis.com www.google.co.uk  i.ytimg.com *.linkedin.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' secure.gravatar.com cdn.iubenda.com www.googletagmanager.com maps.googleapis.com www.digicatapult.org.uk maps.googleapis.com static.hotjar.com *.hotjar.com *.google-analytics.com  *.googleapis.com cs.iubenda.com *.google.com *.gstatic.com s3.amazonaws.com digicatapult.us18.list-manage.com www.workable.com *.workable.com *.cloudfront.net *.cloudflare.com cdn.iubenda.com; script-src-elem 'unsafe-inline' secure.gravatar.com cdn.iubenda.com www.googletagmanager.com maps.googleapis.com www.digicatapult.org.uk maps.googleapis.com static.hotjar.com *.hotjar.com *.google-analytics.com  *.googleapis.com cs.iubenda.com *.google.com *.gstatic.com s3.amazonaws.com digicatapult.us18.list-manage.com www.workable.com *.workable.com *.cloudfront.net *.cloudflare.com cdn.iubenda.com snap.licdn.com; style-src 'self' 'unsafe-inline' *.googleapis.com; style-src-elem 'unsafe-inline' static.hotjar.com www.googletagmanager.com www.digicatapult.org.uk fonts.googleapis.com cdn-images.mailchimp.com; 1
frame-ancestors https://www.chemtube3d.com 1
object-src 'none'; base-uri 'self'; frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://www.google.com https://www.google-analytics.com/gtm/js https://www.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net/ https://www.gstatic.com https://ajax.googleapis.com https://*.sharethis.com https://*.cloudfront.net https://www.googletagmanager.com https://cdn-cookieyes.com https://*.linkedin.com https://tagmanager.google.com https://*.freshworks.com https://www.clarity.ms https://js.hs-scripts.com https://snap.licdn.com https://www.linkedin.com/pages-extensions/FollowCompany/ https://www.google-analytics.com/analytics.js https://s3.amazonaws.com/files.freshteam.com/ https://*.freshteam.com https://*.cookieyes.com/api/ https://js.hscollectedforms.net/ https://js.hs-banner.com/ https://js.hsadspixel.net/ https://js.hsleadflows.net/ https://js.hs-analytics.net/ https://googleads.g.doubleclick.net/ https://app.factors.ai/ https://img1.wsimg.com/; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-vdhEcL0eIcqTnZwnwChEuw=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self' *.kvhh.net kvhh.net; connect-src 'self' *.kvhh.net kvhh.net https://kvhh.matomo.cloud/ *.googleapis.com; font-src 'self' *.kvhh.net kvhh.net; frame-src https://te4d20ff4.emailsys1a.net https://app1.edoobox.com https://www.youtube-nocookie.com/; img-src 'self' data: *.kvhh.net kvhh.net https://kvhh.matomo.cloud/ *.googleapis.com; media-src 'self';script-src 'self' 'sha256-akDN1WUCwEizwXBzlROn8PCav50zeSdx/xBQJkylVUc=' 'sha256-xMOBuoCpPB1Ax3XmTbUO1p+mDL7sKZ0FSjVKwIYlVC4=' https://cdn1.edoobox.com https://kvhh.matomo.cloud/ https://cdn.matomo.cloud/kvhh.matomo.cloud/ *.kvhh.net kvhh.net; style-src 'self' 'unsafe-inline' *.kvhh.net kvhh.net https://kvhh.matomo.cloud/ *.googleapis.com; 1
default-src 'self' https://*.readspeaker.com ; connect-src 'self' https://*.readspeaker.com ; font-src 'self' data: ; script-src 'self' https://*.readspeaker.com http://siteimproveanalytics.com  http://docs.netpublicator.com  'unsafe-inline' 'unsafe-eval' ; style-src 'self' data: https://*.readspeaker.com  'unsafe-inline'; frame-src 'self' https://*.readspeaker.com  http://www.youtube.com  regionkalmar.imagevault.app sts.regionkalmar.se 'unsafe-inline'; img-src 'self' data: https://*.readspeaker.com regionkalmar.imagevault.app 7535.global.siteimproveanalytics.io cdn.varbi.com data:; 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: data: gap: content; 1
upgrade-insecure-requests;default-src 'self' 'unsafe-inline' https://www.google-analytics.com https://our.umbraco.com;font-src 'self' https://*.telerik.com data:;frame-ancestors 'self' https://www.google.com;frame-src 'self' https://marketplace.umbraco.com https://www.google.com;img-src 'self' https://code.jquery.com https://www.gravatar.com https://*.umbraco.com https://www.google-analytics.com data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://code.jquery.com https://ajax.aspnetcdn.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://*.seaportglobal.com https://www.googletagmanager.com https://www.google-analytics.com;style-src 'self' 'unsafe-inline' https://*.telerik.com 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; worker-src * blob:; font-src * data:; 1
frame-ancestors 'self' *.tohapi.fr *.homair.com *.marvilla-parks.com 1
base-uri 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.postcodeanywhere.co.uk https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com *.mmapiws.com 'self' 'unsafe-inline' cdn.cookielaw.org analytics.google.com *.google.com https://analytics.google.com https://static-forms.klaviyo.com bam.nr-data.net api.addressy.com esp.aptrinsic.com https://bam.nr-data.net web-sdk.aptrinsic.com *.googleapis.com *.onetrust.com https://stats.g.doubleclick.net region1.google-analytics.com *.fullstory.com *.visualwebsiteoptimizer.com prod.log.shortbread.aws.dev prod.tools.shortbread.aws.dev vs.aws.amazon.com amazonwebservices.d2.sc.omtrdc.net https://a0.awsstatic.com/ https://d2c.aws.amazon.com/ https://aws.amazon.com/ https://vs.aws.amazon.com https://amazonwebservices.d2.sc.omtrdc.net https://aws.demdex.net https://dpm.demdex.net https://cm.everesttech.net *.attn.tv *.attentivemobile.com *.salesforce-sites.com bdainc.my.salesforce.com www.googletagmanager.com; default-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline' resources.webscale.com static.klaviyo.com *.cloudfront.net; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline' *.google.com https://privacyportal.onetrust.com/ https://app.smartsheet.com *.punchout2go.com home-c19.incontact.com *.incontact.com privacyportal.onetrust.com *.discoverpacifico.com *.modelousa.com *.coronausa.com wesupplylabs.com *.googleapis.com labs.wesupply.xyz pennycake.labs.wesupply.xyz wesupply.xyz order.pennycake.com myorder.cummins.bdashops.com *.labs.wesupply.xyz *.bdashops.com 9174427.fls.doubleclick.net auth.pingone.com login.microsoftonline.com bda.bdashops.com *.facebook.com orders.cbrandsgear.com *.unleashedgear.com aws.demdex.net https://aws.demdex.net https://dpm.demdex.net *.force.com https://td.doubleclick.net; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline' auth.pingone.com connect.tradecentric.com *.pingone.com *.onetrust.com *.facebook.com; frame-ancestors 'self' https://portal.tradecentric.com *.attn.tv; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.postcodeanywhere.co.uk https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com 'self' 'unsafe-inline' cdn.cookielaw.org analytics.google.com ssl.gstatic.com *.google.com connect.punchout2go.com https://www.googletagmanager.com resources.webscale.com *.googleapis.com *.facebook.com google.co.uk d3k81ch9hvuctc.cloudfront.net *.visualwebsiteoptimizer.com amazonwebservices.d2.sc.omtrdc.net https://a0.awsstatic.com/ https://d2c.aws.amazon.com/ https://amazonwebservices.d2.sc.omtrdc.net https://aws.demdex.net https://dpm.demdex.net https://cm.everesttech.net *.attentivemobile.com *.salesforce.com https://trusted.cdn.com https://www.google.co.in; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.pcapredict.com *.postcodeanywhere.co.uk https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com *.maxmind.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org js-agent.newrelic.com bam.nr-data.net stats.g.doubleclick.net analytics.google.com ssl.google-analytics.com *.google.com *.newrelic.com connect.punchout2go.com web-sdk.aptrinsic.com *.googleapis.com https://connect.facebook.net/ ajax.cloudflare.com *.fullstory.com *.visualwebsiteoptimizer.com prod.assets.shortbread.aws.dev prod.tools.shortbread.aws.dev a0.awsstatic.com/s_code/ https://a0.awsstatic.com/ https://d2c.aws.amazon.com/ *.attn.tv *.salesforce-sites.com *.salesforce.com *.salesforceliveagent.com *.force.com https://trusted.cdn.com; style-src *.adobe.com *.postcodeanywhere.co.uk *.fontawesome.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline' *.google.com connect.punchout2go.com https://static.klaviyo.com https://connect.punchout2go.com/ web-sdk.aptrinsic.com resources.webscale.com *.gstatic.com static-tracking.klaviyo.com service.force.com prod.assets.shortbread.aws.dev prod.log.shortbread.aws.dev prod.tools.shortbread.aws.dev *.salesforce-sites.com use.typekit.net; report-uri /.webscale/csp-report 1
object-src 'none'; img-src 'self' cdn.cookielaw.org images.freeimages.com media.istockphoto.com www.google-analytics.com www.google.com www.google.com.uy www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com http://script.hotjar.com www.google-analytics.com www.googletagmanager.com optimize.google.com www.gstatic.com *.google-analytics.com *.analytics.google.com fonts.gstatic.com *.freeimages.com data: blob: 'self' images.freeimages.com media.istockphoto.com www.google-analytics.com www.google.com www.google.com.uy cdn.cookielaw.org data: www.gstatic.com static.freeimages.com; script-src 'self' www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org https://*.onetrust.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com 'unsafe-inline' static.freeimages.com; default-src 'none'; frame-src www.google.com vars.hotjar.com optimize.google.com converter.freeimages.com; style-src 'self' optimize.google.com https://static.hotjar.com https://script.hotjar.com fonts.googleapis.com 'unsafe-inline' www.googletagmanager.com static.freeimages.com; form-action 'self'; manifest-src 'self' static.freeimages.com; connect-src 'self' geoapi.freeimages.com https://*.freeimages.com https://geoapi.freeimages.com cookies-data.onetrust.io getty.datta.store www.google-analytics.com stats.g.doubleclick.net cdn.cookielaw.org freeimages-production.s3.amazonaws.com picspree.s3.amazonaws.com vectorhq-files.s3.amazonaws.com clipartlogo-getty.s3.amazonaws.com 365psd-getty.s3.amazonaws.com clipartme-getty.s3.amazonaws.com vectorme-getty.s3.amazonaws.com findicons-getty.s3.amazonaws.com https://*.hotjar.com https://*.hotjar.io http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com *.google-analytics.com *.analytics.google.com analytics.google.com 'self' getty.datta.store www.google-analytics.com stats.g.doubleclick.net cdn.cookielaw.org freeimages-production.s3.amazonaws.com geoapi.freeimages.com cookies-data.onetrust.io geolocation.onetrust.com in.hotjar.com stats.g.doubleclick.net wss://*.hotjar.com static.freeimages.com; font-src 'self' fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com static.freeimages.com; script-src-elem 'self' www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org https://*.onetrust.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com https://www.google.com https://www.gstatic.com ajax.googleapis.com 'unsafe-inline' static.freeimages.com; base-uri 'none'; frame-ancestors 'self' 1
frame-ancestors *.umu.com 1
default-src 'self' blob: ;font-src 'self' data: https://js.arcgis.com https://*.typekit.net https://*.bugherd.com https://*.jsdelivr.net https://*.hormelstaging.com https://*.cloudfront.net https://use.fontawesome.com https://*.bootstrapcdn.com https://fonts.gstatic.com ;img-src 'self' data: blob: https://cdn.arcgis.com https://lets.shop https://cdn.destinilocators.com https://res.cloudinary.com https://ps.w.org https://s.w.org https://*.hormel.com https://aep.mxptint.net https://secure.gravatar.com https://*.salsify.com https://*.justins.com https://justins.com https://*.gstatic.com https://*.googleapis.com https://dpm.demdex.net https://*.doubleclick.net https://aa.agkn.com https://ups.analytics.yahoo.com https://*.bugherd.com https://beacon.krxd.net https://www.googletagmanager.com https://*.powerreviews.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com wss://*.pricespider.com https://cdnjs.cloudflare.com https://*.pricespider.com https://*.cloudfront.net https://r.turn.com https://mpp.mxptint.net https://www.google-analytics.com https://*.hormel.com https://bugherd-attachments.s3.amazonaws.com https://*.google.com https://*.bing.com https://www.facebook.com https://*.pinterest.com https://*.iriworldwide.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://js.arcgis.com https://lets.shop https://mpsnare.iesnare.com https://s0.wp.com https://ws.sharethis.com https://script.hotjar.com https://hormel.my.salesforce-sites.com https://hormel.my.salesforce.com https://code.jquery.com https://*.bugherd.com https://*.googletagmanager.com https://*.force.com https://*.salesforceliveagent.com https://*.cloudfront.net https://*.powerreviews.com https://static.hotjar.com https://*.facebook.net https://*.amazonaws.com https://s.pinimg.com https://*.crazyegg.com https://www.google-analytics.com wss://*.pricespider.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.doubleclick.net https://*.bing.com https://www.googleadservices.com https://*.pricespider.com https://*.googleapis.com https://*.google.com https://*.hormel.com https://*.hormelfoods.com https://www.googletagmanager.com https://*.youtube.com https://*.pinterest.com ;style-src 'self' 'unsafe-inline' https://js.arcgis.com https://*.myfonts.net https://*.bootstrapcdn.com https://s0.wp.com https://www.justins.com https://*.jsdelivr.net https://cloud.typography.com https://*.salesforce-sites.com https://*.force.com https://hormel.my.salesforce-sites.com https://*.typekit.net https://hormelchat.secure.force.com https://*.bugherd.com https://*.googletagmanager.com https://*.hormel.com https://*.hormelfoods.com https://*.cloudfront.net https://use.fontawesome.com https://*.powerreviews.com https://*.googleapis.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://*.salesforce.com https://*.salesforceliveagent.com https://cdnjs.cloudflare.com https://*.pricespider.com ;connect-src 'self' https://geocode.arcgis.com https://static.arcgis.com https://basemaps.arcgis.com https://cdn.arcgis.com https://js.arcgis.com https://maxmind.destinilocators.com https://lets.shop https://justinsbrand.zendesk.com wss://ws-mt1.pusher.com https://analytics.google.com https://*.hotjar.io https://l.sharethis.com https://sockjs.pusher.com https://yoast.com https://*.googleapis.com https://hormel.my.salesforce-sites.com https://*.bugherd.com https://hormelchat.secure.force.com https://*.salesforce-sites.com https://*.force.com https://*.pusher.com wss://*.pusherapp.com https://*.bugsnag.com https://*.amazonaws.com https://cdnjs.cloudflare.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://*.pricespider.com wss://*.pricespider.com https://productlocator.iriworldwide.com https://*.powerreviews.com https://www.facebook.com https://*.doubleclick.net https://*.crazyegg.com https://www.google-analytics.com https://*.pinterest.com https://www.googletagmanager.com ;frame-src 'self' https://widgets.wp.com https://*.vimeo.com https://*.google.com https://*.bugherd.com https://www.youtube.com https://*.pinterest.com https://www.facebook.com https://*.doubleclick.net https://*.force.com 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-ZNc0g1ra4Qlo5nCScMFFmQqzWrg='; style-src 'nonce-ZNc0g1ra4Qlo5nCScMFFmQqzWrg=' 1
script-src 'self' https://www.tiktok.com/ https://code.jquery.com/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://www.google.com/ https://s7.addthis.com/ https://embedr.flickr.com/ https://www.googletagmanager.com/ https://embedded.ryftpay.com/ https://pay.google.com 'nonce-9ba0c5ae-bdf4-4146-9543-3538b62d1bb5' 1
frame-ancestors 'self' https://www.grainger.com; 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: blob:; object-src https 'self'; media-src 'self' https:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob: resource:; frame-ancestors https: 'self' *.facebook.net; base-uri 'self' https: 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'strict-dynamic' 'nonce-lfmmreK655/gsP2JIl0g5A=='; upgrade-insecure-requests; 1
base-uri 'self'; child-src 'self'; connect-src 'self' https://*.meo.pt https://*.uzo.pt https://api.botschool.ai wss://api.botschool.ai https://*.engagement.coremedia.cloud wss://*.engagement.coremedia.cloud https://*.byside.com wss://*.byside.com https://cdn-api-weglot.com https://api.conveythis.com https://www.facebook.com https://*.google-analytics.com https://adservice.google.com https://www.google.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://*.inmobi.com https://cmp.quantcast.com https://*.cmp.quantcast.com https://pixel.quantcount.com https://*.weglot.com https://*.clarity.ms https://*.doubleclick.net https://gateway.zscaler.net https://quantcast.mgr.consensu.org https://services.sapo.pt https://signet-spot.telecom.pt; default-src 'self'; font-src 'self' data: https://*.meo.pt https://*.uzo.pt https://fonts.gstatic.com https://gateway.zscaler.net; form-action 'self' https://*.meo.pt https://*.uzo.pt https://*.engagement.coremedia.cloud https://*.byside.com https://www.facebook.com https://gateway.zscaler.net; frame-ancestors 'self' https://en.uzo.pt; frame-src 'self' https://*.meo.pt https://*.uzo.pt https://*.engagement.coremedia.cloud https://*.byside.com https://www.facebook.com https://www.google.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://*.doubleclick.net https://gateway.zscaler.net https://signet-spot.telecom.pt; img-src 'self' data: https:; media-src 'self' data: https://*.uzo.pt https://gateway.zscaler.net; report-to cspenforce; report-uri https://cspreport.apps.meo.pt/Services/Rest.svc/CSP/1kqJ23iNdD/Enforce; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.meo.pt https://*.uzo.pt https://img.botschool.ai https://*.engagement.coremedia.cloud https://*.byside.com https://cdn.conveythis.com https://www.datadoghq-browser-agent.com https://*.google-analytics.com https://www.google.com https://www.googleadservices.com https://*.googlesyndication.com https://www.googletagmanager.com https://www.gstatic.com https://*.inmobi.com https://cmp.quantcast.com https://rules.quantcount.com https://secure.quantserve.com https://*.serving-sys.com https://*.weglot.com https://www.clarity.ms https://mstat.acestream.net https://*.doubleclick.net https://connect.facebook.net https://gateway.zscaler.net https://quantcast.mgr.consensu.org; style-src 'self' 'unsafe-inline' https://*.meo.pt https://*.uzo.pt https://img.botschool.ai https://*.engagement.coremedia.cloud https://*.byside.com https://fonts.googleapis.com https://www.gstatic.com https://cdn.weglot.com https://gateway.zscaler.net; worker-src 'self'; object-src 'none' 1
base-uri 'self' https://*.exponea.com; font-src 'self' data: https://babywalz.omq.de https://*.paypalobjects.com; form-action 'self' https://*.adyen.com https://*.bazaarvoice.com; frame-ancestors 'self' https://app.storyblok.com; img-src 'self' data: https://*; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https://*.aboutyou.cloud https://*.adyen.com https://*.omq.de https://*.googletagmanager.com https://fonts.googleapis.com https://*.bazaarvoice.com https://*.abtasty.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.walzvital.de https://*.scayle.cloud https://*.aboutyou.cloud https://*.adyen.com https://*.paypal.com https://babywalz.omq.de https://api.exponea.com https://*.googletagmanager.com https://www.dwin1.com https://api.bounce-commerce.de https://www.awin1.com https://the.sciencebehindecommerce.com https://*.googleadservices.com https://*.sovendus.com https://*.abtasty.com; upgrade-insecure-requests; default-src 'none'; frame-src 'self' https://*.adyen.com https://www.sandbox.paypal.com https://*.paypal.com https://*.walzvital.de https://*.scayle.cloud https://www.awin1.com https://td.doubleclick.net https://*.criteo.com https://www.sovendus-benefits.com https://www.sovendus-connect.com https://*.bazaarvoice.com https://*.trustpilot.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.walzvital.de https://*.scayle.cloud https://*.aboutyou.cloud https://*.adyen.com https://*.paypal.com https://*.paypalobjects.com https://babywalz.omq.de https://api.exponea.com https://*.googletagmanager.com https://www.dwin1.com https://api.bounce-commerce.de https://www.awin1.com https://the.sciencebehindecommerce.com https://*.googleadservices.com https://connect.facebook.net https://*.criteo.com https://*.sovendus.com https://*.abtasty.com https://*.bazaarvoice.com https://mpsnare.iesnare.com https://*.trustpilot.com https://insitez.blob.core.windows.net; connect-src 'self' https://*.walzvital.de https://*.scayle.cloud https://*.aboutyou.cloud/ https://*.adyen.com https://www.sandbox.paypal.com https://*.paypal.com https://*.paypalobjects.com https://x.klarnacdn.net https://*.vhwmcs.net https://babywalz.omq.de https://sockjs-us3.pusher.com https://*.exponea.com https://*.googletagmanager.com https://www.econda-monitor.de https://region1.google-analytics.com https://api.bounce-commerce.de https://www.wepowerconnections.com https://the.sciencebehindecommerce.com https://*.google.com https://googleads.g.doubleclick.net https://*.criteo.com https://*.sovendus.com https://*.abtasty.com https://*.walz.de https://*.mixpanel.com https://*.informizely.com https://*.bazaarvoice.com; media-src https://a.storyblok.com https://*.walz.de; report-uri https://sentry.vhwmcs.net/api/2/security/?sentry_key=1a6c3da18b7a464cbfcf596e111c1def; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NTYxYWQxMmQ5ZWE3NGY1NjgwYmM1YWYxMjVmZjQwM2I=' https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.p-direkt.nl; font-src 'self' https://statistiek.rijksoverheid.nl; object-src 'none'; connect-src https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.p-direkt.nl; img-src 'self' data: https://d3oiud1b8fohdw.cloudfront.net https://statistiek.rijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.toegankelijkheidsverklaring.nl; media-src 'self' https://*.rovid.nl https://*.rijksoverheidsvideo.nl; form-action 'self' https://export.highcharts.com https://*.contenttoolsrijksoverheid.nl https://*.p-direkt.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 1
default-src 'self' data: https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' cloud.tinymce.com cdn.tiny.cloud cdn.jsdelivr.net js.nicedit.com www.google.com cse.google.com cdn.syndication.twimg.com platform.twitter.com apis.google.com www.google-analytics.com www.googletagservices.com adservice.google.com securepubads.g.doubleclick.net ajax.aspnetcdn.com ssl.google-analytics.com;style-src 'self' 'unsafe-inline' cloud.tinymce.com cdn.tiny.cloud cdn.jsdelivr.net js.nicedit.com www.google.com platform.twitter.com cdn.syndication.twimg.com fonts.googleapis.com maxcdn.bootstrapcdn.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://rcsocial.net; img-src 'self' https: data: blob: https://rcsocial.net; style-src 'self' https://rcsocial.net 'nonce-jyCaJP8f9LphA9rYIBEZNQ=='; media-src 'self' https: data: https://rcsocial.net; frame-src 'self' https:; manifest-src 'self' https://rcsocial.net; form-action 'self'; connect-src 'self' data: blob: https://rcsocial.net https://media.rcsocial.net wss://rcsocial.net; script-src 'self' https://rcsocial.net 'wasm-unsafe-eval'; child-src 'self' blob: https://rcsocial.net; worker-src 'self' blob: https://rcsocial.net 1
default-src https: 'unsafe-inline' 1
font-src *.gstatic.com data: maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.klarnacdn.net *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.zenaps.com *.fls.doubleclick.net *.klarna.com https://*.criteo.com https://*.mainadv.com https://*.hotjar.com https://sandbox.gestpay.net https://ecomm.sella.it https://www.googletagmanager.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.awin1.com *.zenaps.com https://maps.googleapis.com https://maps.gstatic.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://*.cdninstagram.com https://*.google.com https://*.google.it https://*.criteo.com https://*.yahoo.com https://*.bidswitch.net https://*.doubleclick.net https://*.adnxs.com https://*.adscale.de https://*.omnitagjs.com https://*.casalemedia.com https://*.360yield.com https://*.media.net https://*.mediavine.com https://*.outbrain.com https://*.pubmatic.com https://*.rubiconproject.com https://*.sharethrough.com https://*.smartadserver.com https://*.taboola.com https://*.teads.tv https://*.3lift.com https://*.yieldlab.net https://*.yieldmo.com https://*.smartclip.net https://*.tremorhub.com https://*.rlcdn.com https://*.elfsightcdn.com https://*.adform.net https://*.krxd.net https://*.bing.com https://id-5-sync.com https://*.ivitrack.com https://www.drezzy.it ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com https://maps.googleapis.com https://maps.gstatic.com *.klarna.com *.klarnacdn.net https://*.criteo.com https://*.smartlook.com https://*.elfsight.com https://*.hotjar.com https://*.tiktok.com https://*.clarity.ms https://sandbox.gestpay.net https://ecomm.sella.it chimpstatic.com downloads.mailchimp.com *.list-manage.com *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com *.gstatic.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com downloads.mailchimp.com *.klarnacdn.net *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.claytonitalia.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://the.sciencebehindecommerce.com https://maps.googleapis.com *.klarnaevt.com https://*.g.doubleclick.net https://region1.google-analytics.com https://*.criteo.com https://*.smartlook.cloud https://*.elfsight.com https://*.hotjar.com https://*.hotjar.io https://*.tiktok.com https://*.google.com https://www.wepowerconnections.com https://*.clarity.ms https://*.googlesyndication.com *.klarnacdn.net *.klarna.com *.klarnaservices.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp.dnafactory.it/reportOnly/index; report-to report-endpoint; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://disensa.com.ec/ https://*.disensa.com.ec; img-src 'self' data: blob: ; object-src 'self' data: blob: https://disensa.com.ec https://*.disensa.com.ec https://azurewebsites.net/ https://*.azurewebsites.net/; frame-src 'self' data: blob: https://disensa.com.ec https://*.disensa.com.ec https://azurewebsites.net/ https://*.azurewebsites.net/; 1
default-src 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://www.gstatic.com/charts/ https://cdn.jsdelivr.net/npm/@mdi/; img-src 'self' data: https://s3.amazonaws.com/exclaim-product-images/ https://m.media-amazon.com/images/ https://www.googletagmanager.com/ https://api.qrserver.com/v1/create-qr-code/ https://www.gravatar.com/avatar/; font-src 'self' data: https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/npm/@mdi/; connect-src 'self' https://www.googletagmanager.com/ https://www.google-analytics.com/; form-action 'self' https://login.microsoftonline.com/b880eeca-f1fb-4c91-bff6-82e84350a6e6/saml2 https://accounts.google.com/o/saml2/idp https://login.microsoftonline.com/e2bb4a13-8920-4d29-9598-b798dc4a972f/saml2 https://login.microsoftonline.com/28c89f95-b4ea-454b-aeac-d99d90d789b9/saml2 https://login.microsoftonline.com/40330b46-2607-48d4-9883-532bde40368d/saml2 https://fed.ras.tdbank.ca/idp/SSO.saml2 https://login.microsoftonline.com/d92985c5-3085-4d34-b39c-612d8234262d/saml2; media-src 'self'; child-src 'self'; frame-src https://www.google.com/; object-src 'none'; script-src https://www.gstatic.com/charts/ 'nonce-8127675181f29d17169b26347a204c37774bc3bd'; 1
default-src data: 'unsafe-inline' 'unsafe-eval' 'self' *.prestastore.com https://dpm.demdex.net/ https://s.thebrighttag.com/ https://beacon.krxd.net/usermatch.gif https://criteo-partners.tremorhub.com/ https://exchange.mediavine.com/ https://matching.ivitrack.com/ https://connect.facebook.net/en_US/fbevents.js *.easycloture.com *.paypal.com *.clarity.ms *.getalma.eu https://crb.kargo.com https://eb2.3lift.com https://an.yandex.ru *.jsdelivr.net https://contextual.media.net https://r.casalemedia.com https://sync.outbrain.com https://pixel.rubiconproject.com https://ads.yahoo.com https://pixel.tapad.com https://rtb-csync.smartadserver.com https://secure.adnxs.com https://ib.adnxs.com https://simage2.pubmatic.com https://criteo-sync.teads.tv https://ups.analytics.yahoo.com https://sync-t1.taboola.com https://ad.360yield.com https://match.sharethrough.com https://i.liadm.com https://sp.analytics.yahoo.com https://jadserve.postrelease.com https://s.ad.smaato.net https://secure.adnxs.com https://simage2.pubmatic.com https://secure.adnxs.com https://cm.adform.net https://profile.ssp.rambler.ru https://profile.ssp.rambler.ru https://id5-sync.com https://x.bidswitch.net https://ad.mail.ru https://d.turn.com https://idsync.rlcdn.com https://ad.yieldlab.net https://ih.adscale.de https://pixel.advertising.com https://visitor.omnitagjs.com https://cotads.adscale.de https://ads.stickyadstv.com https://a.twiago.com https://sync-criteo.ads.yieldmo.com https://cdn.stickyadstv.com https://i6.liadm.com *.doubleclick.net *.colissimo.fr *.paypalobjects.com www.googletagmanager.com *.youtube.com *.avis-verifies.com *.bootstrapcdn.com *.gstatic.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://app-spm.com https://static-spm.com *.shopimind.io *.shopimind.com *.static.axept.io *.google.com *.google-analytics.com *.bat.bing.com *.axept.io *.criteo.net *.almapay.com *.emxdgt.com *.criteo.com *.facebook.com *.imgix.net *.iadvize.com https://lc.iadvize.com wss://xmpp-sd-alb.iadvize.com/websocket wss://cobrowsing.iadvize.com *.bing.com *.cloudfront.net *.googleapis.com *.google.fr *.facebook.net *.hotjar.com *.hotjar.io *.prestashop.com https://assets.prestashop3.com blob: wss: *.gid *.outbrain https://diffuser-cdn.app-us1.com https://content.hotjar.io https://prism.app-us1.com https://trackcmp.net https://c1.adform.net https://sync.1rx.io https://sync.targeting.unrulymedia.com; 1
default-src 'self'; font-src 'self' *.googletagmanager.com *.youtube.com *.googleapis.com *.cookiebot.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.google.com *.ytimg.com *.ggpht.com; img-src 'self' *.googletagmanager.com *.youtube.com *.googleapis.com *.cookiebot.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.google.com *.ytimg.com *.ggpht.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.googletagmanager.com *.youtube.com *.googleapis.com *.cookiebot.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.google.com *.ytimg.com *.ggpht.com; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.youtube.com *.googleapis.com *.cookiebot.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.google.com *.ytimg.com *.ggpht.com; connect-src 'self' *.googletagmanager.com *.youtube.com *.googleapis.com *.cookiebot.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.google.com *.ytimg.com *.ggpht.com; frame-src 'self' *.googletagmanager.com *.youtube.com *.googleapis.com *.cookiebot.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.google.com *.ytimg.com *.ggpht.com; 1
default-src 'self' * *.doubleclick.net/ *.google-analytics.com/ *.googletagmanager.com/ *.google.com/ *.onetrust.com/ *.facebook.net/ *.facebook.com/  'unsafe-inline' ;  font-src 'self' fonts.gstatic.com/ fonts.googleapis.com/ *.google.com/  *.google.com/ *.facebook.net/ *.facebook.com/  'unsafe-inline' ;  style-src 'self' fonts.googleapis.com/ *.facebook.net/ *.facebook.com/ 'unsafe-inline'; script-src 'self' *.google-analytics.com/ *.googletagmanager.com/ *.google.com/  *.cookielaw.org/ *.cookielaw.org/ *.onetrust.com/ *.facebook.net/ *.facebook.com/ 'unsafe-inline'  'unsafe-eval' ; script-src-elem 'self' *.googleadservices.com/ *.yimg.com/ *.yahoo.com/ *.googletagmanager.com/ *.google-analytics.com/ *.google.com/  *.gstatic.com/  *.cookielaw.org/ *.onetrust.com/ *.facebook.net/ *.facebook.com/ *.addthis.com/ 'unsafe-inline'; img-src 'self'  data: *.yahoo.com/   *.youtube.com/ *.google.com *.google.com.br *.google-analytics.com *.hospitalbrasilia.com.br *.onetrust.com *.facebook.net  *.facebook.com *.hospitalbrasilia.com.br/ 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' http: https: blob:; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes'; frame-ancestors 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.litomon.com *.vimeo.com *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com chat-plugin.easychat.co/easychat.js www.googletagmanager.com js.tappaysdk.com static.hotjar.com buttons-config.sharethis.com d.line-scdn.net omnitag.omniscientai.com static.line-scdn.net t.sharethis.com www.clarity.ms cdnjs.cloudflare.com connect.facebook.net analytics.tiktok.com stats.wp.com cdn.checkout.com script.hotjar.com googleads.g.doubleclick.net platform-api.sharethis.com; frame-src 'self' *.litomon.com *.vimeo.com *.youtube.com *.facebook.com client-chat.easychat.co s-static.ak.facebook.com *.tappaysdk.com td.doubleclick.net js.checkout.com td.doubleclick.net t.sharethis.com; worker-src blob:; object-src 'self' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.recaptcha.net https://isitetv.com https://*.translate.naver.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.shoplooks.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com https://sgtm.lookfantastic.co.in; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.lookfantastic.co.in https://m.lookfantastic.co.in https://checkout.lookfantastic.co.in https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://*.recaptcha.net https://*.microsofttranslator.com https://*.hotjar.com https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com https://sgtm.lookfantastic.co.in; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' https://*.contentful.com https://*.greenislandpreview.be https://madisoncasino.be; 1
img-src 'self'; style-src 'self' fonts.googleapis.com cdnjs.cloudflare.com 'unsafe-inline' cdn.jsdelivr.net fonts.cdnfonts.com; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com fonts.googleapis.com fonts.cdnfonts.com; connect-src 'self' api.cdnjs.com www.google-analytics.com; default-src cdnjs.cloudflare.com www.google.com; script-src 'self' cdnjs.cloudflare.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com pagead2.googlesyndication.com www.googletagmanager.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.bkrtx.com *.bluekai.com *.clarity.ms *.doubleclick.net *.efilli.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.com.tr *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.maxcdn.com *.migros.com.tr *.money.com.tr *.moneypay.com.tr moneyclubkart.azureedge.net wss://ws.hotjar.com blob: *.migrosone.com *.tiktok.com 1
frame-src https://www.adhdfoundation.org.uk https://adhdfoundation.org.uk/ https://*.google.com https://*.youtube.com https://*.vimeo.com https://*.stripe.com https://outlook.office365.com/ 1
default-src 'self' data: blob: https: wss://ws.hotjar.com; script-src 'self' data: blob: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: blob: https: 'unsafe-inline' 'unsafe-eval'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodonczech.cz; img-src 'self' https: data: blob: https://mastodonczech.cz; style-src 'self' https://mastodonczech.cz 'nonce-3X3Y8SiOxcry9RTb6seyAA=='; media-src 'self' https: data: https://mastodonczech.cz; frame-src 'self' https:; manifest-src 'self' https://mastodonczech.cz; form-action 'self'; child-src 'self' blob: https://mastodonczech.cz; worker-src 'self' blob: https://mastodonczech.cz; connect-src 'self' data: blob: https://mastodonczech.cz https://mastodonczech.cz wss://mastodonczech.cz; script-src 'self' https://mastodonczech.cz 'wasm-unsafe-eval' 1
frame-ancestors 'self' cc-genuity.gplex.net rndqc.gplex.com gtalkcc.gplex.com genuity.gplex.com csm.gplex.com; 1
font-src *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.shift4api.net *.ups.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://www.google.com *.shift4api.net *.shift4test.com *.i4go.com *.youtube.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.avada.io maps.googleapis.com *.google.com *.gstatic.com *.shift4api.net *.shift4test.com *.i4go.com *.googleapis.com *.google-analytics.com *.constantcontact.com *.ctctcdn.com *.cloudflare.com *.fontawesome.com *.trustedshops.com 'self' 'unsafe-eval' 'sha256-x5wlRmW2PL9g045UWcf7gZYQYBYaADAnikFaiqP4DoI=' 'sha256-T5Kdtl5kPgWYxvCkxwfxsTW84yCV4rbQ5tQ51IGegDk=' 'sha256-/PMCWZKtqJzk3S1+HedAlW8N4KXnW6qHfP0aa7/c6SI=' 'sha256-u8V1rVHy62MPW7Ieda8CBzjmy+Zau53BNJxtjKweO2g=' 'sha256-EYHFoYhOX2arMRAk05cE/RWOCcHDrygB3oSoGfkOQCY=' 'sha256-rwMOiOeVICH7/Cjy5SkreID3OOi5HTrit357k22hUDQ=' 'sha256-VU3qMY/n6k6QtAvAUUFXij37SvZoFtLCc4tE5wM4F44=' 'sha256-TcUB1mzXiQO4GxpTRZ0EMpOXKMU3u+n/q1WrgVIcs1I=' 'sha256-H/EDUbiWGpVMFtDAQdBDYssdkmCd9lXeRfTlSBb6ivs=' 'sha256-5R3L6HPNzkygXtGT2c02E/ZnH2Bhs/fTkRVRrfN79IU=' 'sha256-awxQffQ+p1m1Tchc3qeqEs69nwMBbrK82EDY+BBaJz4=' 'sha256-x1qki0aBh12oPJ8SVwgYGt0R8O4r3w9lo1EZqiHmaOA=' 'sha256-PU004fzvlK18E13DpFKPBcTM6CG2ZEXfrWArwv/37L4=' 'sha256-M2Qsjkwv/5Nm3EON+m3T8aAomYjPYoXTgkpnzHJPO+E=' 'sha256-TJCCqJ1QU65tUv4WsRFt5Ux9inC0cN36cq9dlFxr5nw=' 'sha256-wn/KnAgJFNrBLPiw46GiAPQLyLX/noVfQIXTlyIgH9I=' 'sha256-8fj5J6Pbg6qvtob4F/PNJvqZlaQpUJzo0y/JqeH5NFI=' 'sha256-25dlPZLjAXJYgjFTliSfU4Hu8e7GdxW4nJ1HDwUZuW4=' 'sha256-9vpql/NLyCCe3HPEb2b/lcLKPbkRi48w2Lfn0AbTxsQ=' 'sha256-1tzicjcARzqJJcXSuNP5qZ7Joj1L26T/nagCi/xG3aU=' 'sha256-48sb4Je7XoTlJimO7pm/+fwXo5BBI6oU4Vci+QqK2/I=' 'sha256-kUdIWiatURyAea1bhLxzW5JgJLFcbPA+HewOl2LIM4I=' 'sha256-pctLFcfSaMlv/d7PO3+XSW5DTwweZ+CSNoI9Vpi/SBA=' 'sha256-0ufUhB72naA8bTI/3xzKzfPelr4s+Mmv3/RzioFRoo0=' 'sha256-n8pnJTEfGYgfoiHd5qKgeOKugJXl/g89j411ycbuCAw=' 'nonce-ZqL24myQu3DbbDbQsTy12QAAJQI'; style-src unsafe-inline *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.constantcontact.com *.google-analytics.com *.cloudflare.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.vanengelen.com/fl32csp/report/; 1
default-src http https 'self' *.google.com https://cse.google.com 'unsafe-inline'; script-src 'self' *.google.com *.youtube.com *.cse.google.com https://www.gstatic.com https://platform.twitter.com https://connect.facebook.net https://cdn.syndication.twimg.com 'unsafe-eval' 'unsafe-inline'; style-src http https 'self' fonts.googleapis.com *.google.com https://cse.google.com https://platform.twitter.com https://ton.twimg.com 'unsafe-inline';img-src * 'self' data: https:;object-src 'none';font-src http https 'self' fonts.gstatic.com;frame-src http https https://www.google.com https://www.youtube.com https://platform.twitter.com https://www.facebook.com https://syndication.twitter.com; 1
frame-ancestors 'self' venturexfranchise.com; 1
default-src 'self' sso.rolex.com *.sso.rolex.com; script-src 'self' sso.rolex.com *.sso.rolex.com 'unsafe-inline'; style-src 'self' sso.rolex.com *.sso.rolex.com 'unsafe-inline' 'unsafe-hashes'; font-src 'self' data: sso.rolex.com *.sso.rolex.com; img-src 'self' data: sso.rolex.com *.sso.rolex.com; frame-src 'self' sso.rolex.com *.sso.rolex.com; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://googletagmanager.com https://static.addtoany.com https://tagmanager.google.com https://use.fontawesome.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cmp.inmobi.com; style-src 'self' 'unsafe-inline' 'report-sample' *.core.windows.net *.fontawesome.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com cdnjs.cloudflare.com; img-src 'self' data: https://*.portalemp.com https://sernutecdatosprueba.blob.core.windows.net/ https://portalemp.blob.core.windows.net/ https://www.botlibre.com https://www.w3.org/ www.googletagmanager.com https://static.xx.fbcdn.net https://static.whatsapp.net; font-src fonts.gstatic.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' *.fontawesome.com *.google-analytics.com https://cmp.inmobi.com https://api.cmp.inmobi.com www.googletagmanager.com; media-src 'none'; object-src 'none'; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ www.googletagmanager.com static.addtoany.com maps.google.es https://www.youtube.com https://www.google.com; worker-src 'self'; frame-ancestors 'self'; form-action 'self' se-pasarela.clave.gob.es pasarela.clave.gob.es tramitesweb.alcobendas.org *.portalemp.com *.portaldelcomerciante.com; block-all-mixed-content ; base-uri 'self'; manifest-src 'self'; 1
default-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; img-src 'self' https://cdn.onderwijsportalen.nl https://api.onderwijsportalen.nl https://messenger.onderwijsportalen.nl https://content.jwplatform.com https://assets-jpcust.jwpsrv.com https://prd.jwpltx.com https://i.ytimg.com https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.onderwijsportalen.nl https://forms.onderwijsportalen.nl  https://api.onderwijsportalen.nl https://bulkpdf.onderwijsportalen.nl https://messenger.onderwijsportalen.nl https://cdn.jwplayer.com https://content.jwplatform.com https://ssl.p.jwpcdn.com; media-src 'self' https://videos-cloudfront.jwpsrv.com https://content.jwplatform.com blob:; worker-src  'self'  blob:; 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://service.mtcaptcha.com https://www.google.com/recaptcha/ https://cdn.jsdelivr.net fonts.googleapis.com https://sf1-eu.readspeaker.com https://www.gstatic.com https://betawerk.innocraft.cloud https://www.youtube.com https://w.soundcloud.com https://static.userback.io https://cdnjs.cloudflare.com https://cdn.innocraft.cloud; object-src *; style-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://service.mtcaptcha.com https://cdn.jsdelivr.net fonts.googleapis.com  https://www.gstatic.com https://static.userback.io https://sf1-eu.readspeaker.com https://cdnjs.cloudflare.com; img-src * 'self' 'unsafe-inline' data: https: https://service.mtcaptcha.com https://www.gstatic.com https://cdnjs.cloudflare.com; media-src *; frame-src *; frame-ancestors *; child-src *; font-src 'self' data: https://service.mtcaptcha.com https://cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com https://www.google.com/recaptcha/; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' https://www.swcp.com 1
default-src 'self' blob: https://www.consoleconnect.com  https://player.vimeo.com https://play.vidyard.com/ https://*.nitrocdn.com/ https://nitropack.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com/  https://play.vidyard.com/ https://js.hscollectedforms.net/ https://js.hs-banner.com/ https://js.hs-analytics.net/ https://trk.techtarget.com/ https://snap.licdn.com/ https://d2oh4tlt9mrke9.cloudfront.net/ https://cdn.jsdelivr.net/ https://*.outbrain.com/ https://js.usemessages.com/ https://*.hs-scripts.com/ https://js.hsforms.net/ https://forms.hsforms.com/ https://www.google.co.in/  https://www.googletagmanager.com/ https://www.google-analytics.com/ https://*.googleapis.com/ https://connect.facebook.net/ https://platform.twitter.com/ https://www.googleadservices.com/ https://*.google.com/ https://fast.wistia.com/ https://cdn.mxpnl.com/ https://*.helpscout.net/ https://js.hsleadflows.net/ https://www.clickcease.com/ https://cse.expertrec.com/  https://www.gstatic.com/ https://unpkg.com/ https://static.zdassets.com/ https://nitropack.io/ https://*.nitrocdn.com/ https://unpkg.com/ https://assets.freshsales.io/ https://webform.freshsales.io/ https://www.clarity.ms/ https://secure.venture365office.com/ https://ams.wpml.org/ https://www.google.co.uk/ https://nitroscripts.com/ https://js.hubspot.com/ https://cdnjs.cloudflare.com/ https://*.visualwebsiteoptimizer.com/ https://app.vwo.com/ https://js.navattic.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://fonts.bunny.net/ https://use.fontawesome.com/ https://cdn-images.mailchimp.com/ https://*.nitrocdn.com/ https://webnus.net/ https://code.ionicframework.com/ https://*.cloudfront.net/ https://ams.wpml.org/ https://*.visualwebsiteoptimizer.com/ https://app.vwo.com/; img-src 'self' data: https://www.consoleconnect.com/ https://play.vidyard.com/ https://cdn.vidyard.com/ https://consoleconnect.com/ https://forms.hsforms.com/ https://tr.outbrain.com/ https://secure.gravatar.com/ https://apt.techtarget.com/ https://px.ads.linkedin.com/ https://googleads.g.doubleclick.net https://www.google.co.in/ https://www.google.com/ https://www.google-analytics.com/ https://forms.hubspot.com/ https://track.hubspot.com/ https://www.googletagmanager.com/ http://themenectar.com/ https://syndication.twitter.com/ https://www.linkedin.com/ https://*.linkedin.com/ https://p.adsymptotic.com/ https://i.vimeocdn.com/ https://*.w.org/ https://www.webdesi9.com/ http://*.hubspot.net/ https://wp-rocket.me/ https://s3.envato.com/ https://resources.spacexchimp.com/ https://embedwistia-a.akamaihd.net/ https://embed-fastly.wistia.com/ https://fast.wistia.com/ https://www.spacexchimp.com/ https://ws.sessioncam.com/ https://3076203.fs1.hubspotusercontent-na1.net/ https://www.wpmart.org/ https://wpmart.org/ https://blog.depositphotos.com/ https://wpmudev.com/ https://premium.wpmudev.org/ https://1025290.smushcdn.com/ https://*.smushcdn.com/ blob: https://www.consoleconnect.com/ https://*.cloudfront.net/ https://*.consoleconnect.com/ https://forms-na1.hsforms.com/ https://embed-ssl.wistia.com/ https://maps.gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/ http://img.flippercode.com/ https://*.googleapis.com/ https://*.ggpht.com/ https://*.nitrocdn.com/ https://webnus.net/ https://c.clarity.ms/ https://c.bing.com/ https://*.google-analytics.com/ https://*.hsforms.com/ https://cta-service-cms2.hubspot.com/ https://static.hubspot.com/ https://static.hsappstatic.net/ https://*.visualwebsiteoptimizer.com/ https://app.vwo.com/ https://chart.googleapis.com/; font-src 'self'  https://cdn.rawgit.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ data: https://cdn.jsdelivr.net/ https://gcs.raspi0124.dev/ https://wp-rocket.me/ https://cdnjs.cloudflare.com/ https://fonts.bunny.net/ https://use.fontawesome.com/ https://fast.wistia.com/ https://*.nitrocdn.com/ https://code.ionicframework.com/ https://*.cloudfront.net/ https://assets.freshsales.io/; connect-src 'self' https://maps.googleapis.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://api.hubspot.com/ https://ws.sessioncam.com/ https://forms.hubspot.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://forms.hsforms.com/ https://yoast.com/ https://resources.spacexchimp.com/ https://distillery.wistia.com/ https://pipedream.wistia.com/ https://fg8vvsvnieiv3ej16jby.litix.io/ https://*.cloudfront.net/ https://*.helpscout.net/ https://embed-fastly.wistia.com/ https://exceptions.hubspot.com/ https://demo.tcsesoft.com/ https://wpmudev.com/ https://cdn.linkedin.oribi.io/ https://ibc-flow.techtarget.com/ https://*.expertrec.com/ https://*.lottiefiles.com/ https://fast.wistia.com/ https://ekr.zdassets.com/ https://*.nitrocdn.com/ https://nitropack.zendesk.com/ https://nitropack.io/ https://to.getnitropack.com/ https://js.hsforms.net/ https://webnus.freshsales.io/ https://ams.wpml.org/ https://tr.outbrain.com/ https://w.clarity.ms/ https://idx.liadm.com/ https://*.clarity.ms/ https://*.google-analytics.com/ https://px.ads.linkedin.com/ https://*.hubspot.com/ https://analytics.google.com/ https://*.visualwebsiteoptimizer.com/ https://api.redirect.li/ https://app.vwo.com/ https://lottie.host/; media-src 'self' https://fast.wistia.net/ https://*.helpscout.net/; frame-src 'self' data: *.vidyard.com https://forms.hsforms.com/ https://app.hubspot.com/ https://platform.twitter.com/ https://www.facebook.com/ https://player.vimeo.com/ https://www.useloom.com/ https://wp-rocket.me/ https://www.loom.com/ https://www.google.com/ https://static.hsappstatic.net/ https://www.consoleconnect.com/ https://www.youtube.com/ https://forms.hubspot.com/ https://wp.freemius.com/ https://*.nitrocdn.com/ https://*.hs-sites.com/ https://capture.navattic.com/; frame-ancestors 'self' https://info.consoleconnect.com/ https://stgpccwglobal.zinfi.net/ https://partnerconnect.app.consoleconnect.com/ https://td.doubleclick.net/ https://*.visualwebsiteoptimizer.com/ https://app.vwo.com/; worker-src 'self' blob:; 1
frame-ancestors https://r1132100004725-eu1-ifwe.3dexperience.3ds.com https://r1132100257819-eu1-ifwe.3dexperience.3ds.com https://dsext001-eu1-215dsi0708-ifwe.3dexperience.3ds.com https://r1132100381839-eu1-academia-ifwe.3dexperience.3ds.com https://dspart004-eu1-partners-ifwe.3dexperience.3ds.com https://dspart011-eu1-partners-ifwe.3dexperience.3ds.com https://my.3dexperience.3ds.com; base-uri 'self' 1
frame-ancestors www.nma.art buy.nma.art crits.nma.art; 1
default-src 'self' www-tmp-cms.thepalaces.com portal3-cms.thepalaces.com www.thepalaces.com ps.thepalaces.com www-cms.thepalaces.com fonts.gstatic.com google.com google.ca www.google-analytics.com *.worldpay.com *.ladesk.com services.postcodeanywhere.co.uk player.vimeo.com vod-progressive.akamaized.net stats.g.doubleclick.net www.google.com www.google.ca googleads.g.doubleclick.net; img-src 'self' * www-cms-tmp.bingoeireann.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' palac11115.pcapredict.com payments.worldpay.com cdnjs.cloudflare.com www.google-analytics.com *.ladesk.com services.postcodeanywhere.co.uk www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com payments.worldpay.com services.postcodeanywhere.co.uk; 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com https://plumrocket.com *.addthis.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com *.affirm.com *.affirm.ca https://helloextend-static-assets.s3.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googleusercontent.com *.klarnaevt.com *.google.com *.google.com.ua *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net https://www.facebook.com *.facebook.net *.clarity.ms *.bing.com *.gorgias.chat *.bolt.com *.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.facebook.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com widget.freshworks.com m2epro.freshdesk.com https://*.helloextend.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net data: vimeo.com *.klaviyo.com *.authorize.net *.bing.com *.facebook.net *.doubleclick.net *.trustpilot.com *.zendesk.com *.zdassets.com *.hotjar.com *.attn.tv *.gorgias.chat *.amplitude.com *.convertexperiments.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com https://fonts.googleapis.com https://static.klaviyo.com https://cdn.jsdelivr.net data: *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleusercontent.com *.klaviyo.com *.doubleclick.net *.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com widget.freshworks.com m2epro.freshdesk.com https://*.helloextend.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ data: *.klaviyo.com *.google-analytics.com *.doubleclick.net *.facebook.com *.bing.com *.attn.tv *.sentry.io *.attentivemobile.com *.gorgias.chat wss://us-east1-898b.gorgias.chat *.amplitude.com *.hotjar.com *.s3.amazonaws.com *.hotjar.io wss://ws.hotjar.com *.convertexperiments.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://*.canva.com https://*.canva.cn https://app.flourish.studio; 1
frame-ancestors 'self' *.holidayemotions.com *.tawk.to/* *.3cx.gr/*; 1
upgrade-insecure-requests; default-src 'self'; script-src 'self'; style-src 'self'; form-action 'self' https://search.nerdvpn.de/searxng/search; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self'; frame-src 'self' https://updown.io 1
default-src 'self' https: data: ws: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-_QpUNad2DTCJwH5hroyOdg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
content-src 'self'; 1
frame-ancestors 'self' superapp-courier.vercel.app 1
default-src 'self'; img-src 'self' data: https://*.yandex.ru https://*.yandex.net https://yastatic.net https://yandex.ru; script-src 'self' 'unsafe-inline' https://*.yandex.net https://*.yandex.ru https://yastatic.net https://yandex.ru; style-src 'self' 'unsafe-inline'; frame-src *.ivideon.com; connect-src https://mc.yandex.ru https://ymetrica1.com https://ymetrica2.com 'self' 1
upgrade-insecure-requests; object-src 'none'; frame-ancestors 'none'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://i.checkmybus.com https://cdn.priv.center https://prod-origin.truendo.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://*.bstatic.com https://*.services.visualstudio.com https://script.crazyegg.com https://*.msecnd.net https://cdn.jsdelivr.net https://*.doubleclick.net https://securepubads.g.doubleclick.net https://adservice.google.de https://script.crazyegg.com https://tpc.googlesyndication.com https://*.google.com https://*.googleusercontent.com https://*.gstatic.com https://www.googleadservices.com https://cdn.ampproject.org https://*.facebook.net https://*.facebook.com https://*.fontawesome.com https://monitor.azure.com https://*.monitor.azure.com https://e-js.zonka.co https://www.clarity.ms https://unpkg.com https://bat.bing.com http://www.atmrum.net; style-src 'self' 'unsafe-inline' https://i.checkmybus.com https://fonts.googleapis.com https://*.fontawesome.com https://accounts.google.com https://*.googletagmanager.com; frame-src 'self' https://*.googletagmanager.com https://*.doubleclick.net https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://www.booking.com https://*.bstatic.com https://cdnjs.cloudflare.com https://*.gstatic.com https://*.google.com https://*.youtube.com/ https://*.facebook.com https://*.msecnd.net https://*.services.visualstudio.com https://e.zonka.co; worker-src 'self' blob: 'unsafe-eval' 'unsafe-inline' www.checkmybus.com; form-action 'self' www.checkmybus.com.ar www.checkmybus.com.br https://blog.checkmybus.com.br www.checkmybus.cz www.checkmybus.cl www.checkmybus.co www.checkmybus.de https://blog.checkmybus.de www.checkmybus.co.uk https://blog.checkmybus.co.uk www.checkmybus.com https://blog.checkmybus.com www.checkmybus.es https://blog.checkmybus.es www.checkmybus.fr https://blog.checkmybus.fr www.checkmybus.hr www.checkmybus.it https://blog.checkmybus.it www.checkmybus.my www.checkmybus.com.mx www.checkmybus.nl www.checkmybus.at www.checkmybus.pe www.checkmybus.pl https://blog.checkmybus.pl www.checkmybus.pt www.checkmybus.ch www.checkmybus.com.tr partner-bahn.de reiseauskunft.bahn.de; base-uri 'self' i.checkmybus.com 1
default-src 'self' https://tpc.googlesyndication.com;                script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://www.brighttalk.com https://cdn.wisepops.com https://cdn.inspectlet.com https://platform.twitter.com https://s.ytimg.com https://www.youtube.com https://secure.cave9tape.com https://cdnjs.cloudflare.com https://connect.facebook.net https://d.adroll.mgr.consensu.org https://*.adroll.com https://munchkin.marketo.net https://www.google.com https://optimize.google.com https://cdn.ampproject.org https://www.googletagmanager.com https://tagmanager.google.com https://securepubads.g.doubleclick.net  https://js.revsci.net https://www.gstatic.com https://adservice.google.com https://adservice.google.rs https://www.google-analytics.com https://loader.wisepops.com https://sjs.bizographics.com https://cdn.subscribers.com https://www.googletagservices.com https://cdn.mouseflow.com https://*.ubembed.com https://z.moatads.com https://tpc.googlesyndication.com https://*.serving-sys.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.syndication.twimg.com;                font-src 'self' data: https://www.google.com https://fonts.googleapis.com https://fonts.gstatic.com;                style-src 'self' 'unsafe-inline' https://ton.twimg.com https://code.jquery.com https://optimize.google.com https://fonts.googleapis.com  https://tagmanager.google.com https://platform.twitter.com;                style-src-elem 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://*.twimg.com https://*.jquery.com https://*.twitter.com https://tagmanager.google.com https://fonts.googleapis.com ;               connect-src 'self' https://cdn.cookielaw.org https://*.inspectlet.com https://*.doubleclick.net https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://www.google-analytics.com https://popup.wisepops.com https://cdn.subscribers.com https://googleads4.g.doubleclick.net https://csi.gstatic.com/ https://*.mktoresp.com https://*.serving-sys.com;                img-src * data: https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net;                frame-src 'self' 'unsafe-inline' https://*.net https://*.com https://*.twitter.com https://*.googlesyndication.com;               object-src 'self';                prefetch-src 'self' https://*.googlesyndication.com 1
connect-src 'self' https://*.facebook.net https://*.facebook.com https://*.mos.ru *.yandex.ru *.google-analytics.com https://*.yandex.ru  https://*.merlion.com ; child-src 'self' ; font-src https://static.lc-group.ru 'self' *.merlion.com ; form-action https://*.merlion.com  https://*.merlion.ru 'self' *.merlion.com https://mc.yandex.ru ;frame-ancestors 'self' webvisor.com *.webvisor.com ; frame-src 'self' https://*.yandex.ru https://yandex.ru static.tegrus.ru https://*.youtube.com https://*.youtu.be https://youtube.com https://youtu.be;img-src https://*.youtube.com https://*.youtu.be https://youtube.com https://youtu.be https://*.facebook.net https://*.facebook.com https://*.mos.ru static.lc-group.ru https://*.merlion.ru  https://*.merlion.com 'self' data: *.yandex.ru *.yandex.net *.merlion.com *.merlion.ru *.google-analytics.com *.tegrus.ru merlion.com https://*.yandex.net  https://*.yandex.ru https://*.webvisor.org http://static.tegrus.ru ;media-src  http://static.tegrus.ru https://*.merlion.ru 'self' ; object-src static.lc-group.ru http://static.tegrus.ru  https://*.merlion.ru 'self' ;script-src https://*.youtube.com https://*.youtu.be https://youtube.com https://youtu.be https://*.facebook.net https://*.facebook.com https://*.mos.ru https://static.lc-group.ru https://*.merlion.ru https://*.merlion.com 'unsafe-eval' 'self' *.yandex.ru *.yandex.net *.google-analytics.com *.merlion.com https://*.yandex.ru  https://yastatic.net ;style-src static.lc-group.ru  https://*.merlion.ru https://*.merlion.com 'unsafe-inline' 'self' *.yandex.ru *.yandex.net *.merlion.com https://*.facebook.net https://*.facebook.com https://*.mos.ru; default-src 'none' ; 1
default-src 'self' https://disqus.com/ https://*.disquscdn.com 'unsafe-eval';img-src * data: 'unsafe-eval';style-src 'unsafe-inline'  *.typekit.net;font-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.driftt.com https://*.disqus.com https://*.disquscdn.com https://*.twitter.com *.pardot.com https://*.onetrust.com *.jeffersonfrank.com *.nelsonfrank.com *.andersonfrank.com *.frankgroup.com *.masonfrank.com *.washingtonfrank.com *.nigelfrank.com *.frgconsulting.com https://*.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com https://*.hotjar.com https://*.hotjar.io http://www.googleadservices.com https://connect.facebook.net http://static.ads-twitter.com https://googleads.g.doubleclick.net *.google.com *.hotjar.com http://*.6sc.co https://jscloud.net/x/11306/inlinks.js https://jscloud.net/x/11310/inlinks.js https://jscloud.net/lze/11308/inlinks.js https://jscloud.net/x/11309/inlinks.js https://jscloud.net/x/11289/inlinks.js https://jscloud.net/lze/11311/inlinks.js https://jscloud.net/x/11307/inlinks.js *.reactful.com http://widget.trustpilot.com blob:;frame-src https://*.driftt.com https://disqus.com https://*.twitter.com https://*.youtube.com  https://*.youtube-nocookie.com/ https://*.vimeo.com https://*.instagram.com https://*.googleapis.com https://*.gstatic.com https://*.pardot.com https://*.onetrust.com *.jeffersonfrank.com *.nelsonfrank.com *.andersonfrank.com *.frankgroup.com *.masonfrank.com *.nigelfrank.com *.washingtonfrank.com *.frgconsulting.com https://www.facebook.com https://vars.hotjar.com *.reactful.com https://widget.trustpilot.com;connect-src 'self' https://*.amazonaws.com https://*.amazoncognito.com *.pardot.com https://*.onetrust.com *.jeffersonfrank.com *.nelsonfrank.com *.andersonfrank.com *.frankgroup.com *.masonfrank.com *.nigelfrank.com *.washingtonfrank.com *.frgconsulting.com https://*.disqus.com *.facebook.com http://*.6sc.co http://ib.adnxs.com/getuidj https://epsilon.6sense.com http://secure.adnxs.com/getuidj http://visitor.reactful.com https://visitor.reactful.com https://jscloud.net/x/11306/ https://jscloud.net/x/11310/ https://jscloud.net/x/11309/ https://jscloud.net/x/11289/ https://jscloud.net/x/11307/ https://*.doubleclick.net *.hotjar.com *.hotjar.io *.hotjar.is *.reactful.com *.google-analytics.com *.analytics.google.com https://px.ads.linkedin.com/wa/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookiebot.com *.leadinfo.net *.google-analytics.com https://career.suss.com https://plausible.io https://snap.licdn.com https://static.dvinci-easy.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.typekit.net https://www.suss.com https://static.dvinci-easy.com 1
frame-ancestors 'self' https://developer-payments.qa.roku.com https://developer-payments.staging.roku.com https://developer.roku.com  https://dev.qa.roku.com https://iframetest.certa.dev 1
frame-ancestors 'self' https://*.salesforce.com https://*.force.com; 1
frame-ancestors 'self' https://delmonte.com.mx https://www.delmonte.com.mx; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ministry.et; 1
base-uri 'none'; font-src 'self' blob: data: https://assets.vercel.com https://vercel.live/ *.abtasty.com *.gstatic.com *.googleapis.com; form-action 'self'; frame-ancestors 'self' localhost:* https://mkt-website-studio.tgtg.ninja/; img-src 'self' data: blob: https://vercel.com https://vercel.live/ https://sockjs-mt1.pusher.com/ https://cdn.sanity.io https://images.tgtg.ninja https://i.vimeocdn.com https://apptoogoodtogo.com https://dashboard.feedbucket.app https://www.googletagmanager.com https://*.ytimg.com https://*.googletagmanager.com https://*.abtasty.com https://*.hotjar.com https://*.bing.com https://bat.bing.com https://*.doubleclick.net https://*.linkedin.com https://*.facebook.com https://*.google.com https://*.amazonaws.com https://*.google.es; object-src 'none'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; script-src 'strict-dynamic' 'nonce-09XUSvG6PENxqisdooArAA==' 'self' https: 'unsafe-inline'; upgrade-insecure-requests; frame-src 'self' https://vercel.com https://vercel.live/ https://player.vimeo.com www.youtube.com policy.app.cookieinformation.com *.hotjar.com https://*.doubleclick.net; 1
default-src 'self'; img-src 'self' data:; form-action 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; 1
frame-ancestors https://cors-test.codehappy.dev http://cms.y12fcu.org https://staging-cms.y12fcu.org https://psa.digitalinsight.com https://digital.y12fcu.org https://staging.y12fcu.org https://www.cusgcms.com http://y12fcu.org https://uat-internetloanapplication.cudl.com https://internetloanapplication.cudl.com http://y12cms.inetsolution.dev http://inetsolution.dev 1
base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' 'unsafe-eval' https://beta-api.scrivito.com https://assets.scrivito.com https://c.leadlab.click https://cdn.popt.in/pixel.js https://cdn.segment.com https://cdnjs.cloudflare.com https://cdn.iubenda.com https://cs.iubenda.com https://www.iubenda.com https://js.intercomcdn.com https://rum-static.pingdom.net https://snap.licdn.com https://tagmanager.google.com https://widget.intercom.io https://www.eventbrite.com/static/widgets/eb_widgets.js https://www.google-analytics.com https://www.googletagmanager.com https://www.woorank.com/de/widget/script https://www.woorank.com/en/widget/script; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com 1
worker-src blob:; script-src 'self' connect.facebook.net my.visme.co check.pricespider.com platform.houzz.com api.tiles.mapbox.com locate.pricespider.com wtbevents.pricespider.com cdn.pricespider.com assets.adobedtm.com code.metalocator.com cdn.cookielaw.org www.gstatic.com siteintercept.qualtrics.com zn2tmulvuqmsuqa7s-allegion.siteintercept.qualtrics.com s.ytimg.com www.google.com d260t32eck1eak.cloudfront.net/templates/ml_admin2/scripts analytics.metalocator.com maps.googleapis.com d260t32eck1eak.cloudfront.net www.googletagmanager.com www.google-analytics.com sdk.inbenta.io html5.dcatalog.com dcl1am4bpfv3n.cloudfront.net cdn.knightlab.com privacyportal-cdn.onetrust.com pricespider.com mapbox.com cdnjs.cloudflare.com use.fontawesome.com www.allegion.com static.hotjar.com snap.licdn.com maxcdn.bootstrapcdn.com ajax.googleapis.com cdn.storelocatorwidgets.com 'unsafe-eval' 'unsafe-inline' 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-xUzrGvoLDZQLGZdCIMpPzGNBW' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors accounts.shopbase.com:443 legacy-templates.shopbase.com:443 templates.shopbase.com:443 test-templates.shopbase.com:443 templates-test.shopbase.com:443 new-templates.shopbase.com:443 themes.shopbase.com:443 *.onshopbase.com:443 *.shopbase.net.cn:443 1
default-src 'none'; base-uri 'self'; connect-src 'self' *.google-analytics.com googletagmanager.com maps.googleapis.com stats.g.doubleclick.net; font-src 'self'; form-action 'self'; frame-ancestors 'self'; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.google.com *.googletagmanager.com; img-src 'self' *.google-analytics.com maps.gstatic.com *.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com tagmanager.google.com *.google.com *.gstatic.com *.youtube.com *.youtube-no-cookie.com *.ytimg.com *.googleapis.com; 1
frame-ancestors 'self' https://*.keine-bange.de https://*.staatsexamenpharmazie.de/ https://*.labxpert.de/; 1
default-src 'self' https: ; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-eval' ; script-src-attr * 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; img-src * data: ; font-src * data: ; connect-src *; media-src *; object-src *; prefetch-src *; child-src *; frame-src *; worker-src *; frame-ancestors *; form-action 'self'; upgrade-insecure-requests; base-uri *; manifest-src * 1
default-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://maps.googleapis.com https://adservice.google.com https://disclosure.api.osano.com https://region1.analytics.google.com https://collect.feefo.com https://consent-pref.trustarc.com https://www.bishopskinner.com https://fonts.googleapis.com https://analytics.google.com https://www.google-analytics.com https://cmp.osano.com https://web.lon.infinity-tracking.com https://tattle.api.osano.com https://nas.lon.infinity-tracking.com https://ict.infinity-tracking.net https://stats.g.doubleclick.net https://td.doubleclick.net https://consent.api.osano.com https://vimeo.com https://player.vimeo.com https://register.feefo.com https://api.feefo.com https://go.marshcommercial.co.uk 'unsafe-inline'; script-src 'self' https://www.youtube.com https://disclosure.api.osano.com https://consent.trustarc.com https://player.vimeo.com https://cdn.polyfill.io https://www.googletagmanager.com https://pi.pardot.com https://www.bishopskinner.com https://cmp.osano.com https://api.feefo.com https://script.infinity-tracking.com https://register.feefo.com https://go.marshcommercial.co.uk https://maps.googleapis.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: * https://www.google.co.in https://consent.trustarc.com  https://consent-pref.trustarc.com 'unsafe-inline'; font-src 'self' https://consent.trustarc.com https://fonts.gstatic.com 'unsafe-inline' data:; worker-src blob: 1
upgrade-insecure-requests default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' *.unitedtraders.com *.unitedtraders.ru *.uttoken.io *.unitedtraders.team *.utchallenge.com *.auroraplatform.com *.finderby.net *.utex.io *.whattobuy.today *.utex.work ; 1
default-src 'self'; script-src 'self' 'nonce-90a53cd5245f589e550f' hubspot-forms-static-embed.s3.amazonaws.com *.vimeo.com api.usercentrics.eu *.youtube.com *.hsforms.net *.hsforms.com *.hubspot.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.hsleadflows.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com www.google.com www.gstatic.com www2.123insight.com pages.123insight.com 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; style-src 'self' 'unsafe-inline' hubspot-forms-static-embed.s3.amazonaws.com *.vimeo.com api.usercentrics.eu *.youtube.com *.hsforms.net *.hsforms.com *.hubspot.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.hsleadflows.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com www.google.com www.gstatic.com www2.123insight.com pages.123insight.com; img-src * blob: data:; font-src 'self' fonts.gstatic.com fonts.googleapis.com data:; connect-src *; frame-src *; object-src 'none'; base-uri 'self'; frame-ancestors cms.forterro.com; block-all-mixed-content; upgrade-insecure-requests; media-src https://cms.forterro.com; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 1
image-src 'self' data:; 1
frame-ancestors 'self' *.mncsekuritas.id *.okezone.com 1
frame-ancestors africarxiv.pubpub.org 1
frame-ancestors 'self' *.sprintecommerce.com *.venditan.com *.venditan.io 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src data: 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src https:; object-src 'none'; frame-src https:; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' 1
script-src 'unsafe-eval' sf16-website-login.neutral.ttwstatic.com s20.tiktokcdn.com *.tiktokcdn-us.com www.google.com recaptcha.google.com js.hcaptcha.com client-api.arkoselabs.com www.gstatic.com connect.facebook.net; frame-src *.tiktok.com accounts.google.com www.google.com recaptcha.google.com www.facebook.com *.kakao.com lf16-web.tiktokcdn.com assets.braintreegateway.com appleid.apple.com access.line.me api.twitter.com h.online-metrix.net bytedance: newassets.hcaptcha.com client-api.arkoselabs.com; worker-src https: blob:; frame-ancestors tea-va.bytedance.net www.tiktok.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: wss://*.tiktok.com wss://*.tiktokv.com wss://*.tiktokv.eu wss://tiktok.com wss://tiktokv.com *.adsintegrity.net *.akamaized.net *.amazonaws.com *.bing.com *.bitssec.com *.braintree-api.com *.braintreegateway.com *.bytedapm.com *.bytedgame.com *.bytehwm-row.com *.byteicdn.com *.byteintl.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.bytelemon.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.cloudflare.com *.ctfassets.net *.doubleclick.net *.evbuc.com *.eventim.de *.facebook.com *.facebook.net *.fbsbx.com *.fcdnstatic-intl.com *.fdmstatic.com *.g-p-static.com *.gauthmath.com *.giphy.com *.goofy-cdn.com *.goofy.app *.google-analytics.com *.google.ae *.google.ca *.google.ci *.google.co.bw *.google.co.id *.google.co.il *.google.co.jp *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.uk *.google.co.ve *.google.com *.google.com.br *.google.com.co *.google.com.eg *.google.com.kh *.google.com.mt *.google.com.ng *.google.com.pe *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.sa *.google.com.tr *.google.com.vn *.google.de *.google.dz *.google.fr *.google.ge *.google.ht *.google.it *.google.me *.google.nl *.google.pl *.google.pt *.google.ru *.google.se *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.net *.ibytedtos.com *.ibyteimg.com *.isnssdk.com *.jumio.ai *.kakao.com *.lemon8-app.com *.lemon8cdn.com *.licdn.com *.linkedin.com *.midtrans.com *.muscdn.com *.musical.ly *.oecstatic.com *.omise.co *.pangle-ads.com *.paypal.com *.pipopay.com *.pipopayment.us *.redditstatic.com *.resso.me *.sgsnssdk.com *.soundon.global *.tableau.com *.tenor.com *.tiktok-row.net *.tiktok.com *.tiktok.ru *.tiktok.vn *.tiktokapis.com *.tiktokcdn-eu.com *.tiktokcdn-in.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokcreativeone.com *.tiktokforbusinessoutbound.com *.tiktokglobalshop.com *.tiktokmusic.me *.tiktokshop.com *.tiktokstaticb.com *.tiktokus.info *.tiktokv.com *.tiktokv.eu *.tiktokv.us *.tiktokw.eu *.tiktokw.us *.topbuzzcdn.com *.ttlivecdn.com *.ttlstatic.com *.ttwstatic.com *.vimeo.com *.vodupload.com *.yahoo.co.jp *.yhgfb-static.com *.youtube-nocookie.com *.zhiliaoapp.com code.jquery.com facebook.com google.com i.ticketweb.com images.universe.com media.ticketmaster.eu res.cloudinary.com s1.ticketm.net static-label.frontgatetickets.com t.co tikitoks.com tiktok.com tiktok.ua tiktok.vn tiktokfollowersfree.com tiktokv.com unpkg.com vimeo.com; upgrade-insecure-requests ; report-to csp-endpoint; report-uri https://mon.us.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&revision=52c5e353-14be-4487-9f40-543777a8b973 1
base-uri 'none'; style-src 'self' *.cassiecloud.com *.googleapis.com 'unsafe-inline' https://cscript-cdn-use.lilly.com/templates/2/template.min.css *.lillytempo.com *.kisunla.com https://d1ltrl2zzo6l3e.cloudfront.net/public/syrenis-cookie-management.css https://d3gnk5748ud580.cloudfront.net/public/syrenis-cookie-management.css https://dscrutpyu4zff.cloudfront.net/public/syrenis-cookie-management.css; script-src 'nonce-/K1fiyVJhiaYzOaeMoEDvg=='  'sha256-BOdrGgsaUdYRwVdD4Fik9V0fNb0dAVa8rMoOp7Sy63o='  'self' 'strict-dynamic' 'unsafe-eval' *.kaltura.com/ *.cassiecloud.com *.googletagmanager.com https://google-analytics.com *.google-analytics.com *.bing.com https://connect.facebook.net https://lilly-customerconnect.secure.force.com https://customerconnect.my.salesforce-sites.com https://ispot.tv *.turn.com *.myadvocado.com *.doubleclick.net *.analytics.yahoo.com *.google.com https://facebook.com *.salesforceliveagent.com *.youtube.com *.ytimg.com *.gstatic.com *.googlevideo.com blob: http://d22xmn10vbouk4.cloudfront.net *.googleapis.com assets.adobedtm.com assets.ctfassets.net *.kisunla.com 'nonce-Q+3SsP/nT1Qb9DtwRm8EbA==' *.soundcloud.com *.recaptcha.net 'sha256-uMkuBZ4FQVVBqzs6NHOoGr/1vOLA1h9acPURz3E39HA=' 'sha256-9VDmhXS8/iybLLyD3tql7v7NU5hn5+qvu9RRG41mugM=' 'sha256-tempUn1btibnrWwQxEk37lMGV1Nf8FO/GXxNhLEsPdg=' 'sha256-YvYJ5WVzt8kOVVuSB9YcyVJLN4a6HcbOgQpzrg0BLUI=' https://clientapi.gcs-web.com https://d22xmn10vbouk4.cloudfront.net https://servicesplatform.partneringplace.com https://forms.office.com bugcrowd.com *.lilly.com tags.tiqcdn.com pc-lilly-visitor-service-us-west-2.tealiumiq.com https://d1ltrl2zzo6l3e.cloudfront.net/public/syrenis-cookie-management.js https://d3gnk5748ud580.cloudfront.net/public/syrenis-cookie-management.js https://dscrutpyu4zff.cloudfront.net/public/syrenis-cookie-management.js; object-src 'none'; frame-src *.doubleclick.net/ *.myadvocado.com/ *.lillytempo.com *.lillycares.com *.lillyoncologysupport.com *.lillyloxooncologypipeline.com *.lillydirect.com *.lrlscience.com *.syrenis.com *.taltz.com *.olumiant.com *.verzenio.com *.omvoh.com *.true.lilly *.tap.lilly *.together.lilly *.certuitad.com *.lilly.com *.enrollment.taltz.com *.enrollment.olumiant.com *.enrollment.verzenio.com *.enrollment.omvoh.com *.kisunla.com *.rlcdn.com *.youtube.com *.soundcloud.com *.google.com *.facebook.com *.spotify.com *.simplecast.com *.recaptcha.net https://servicesplatform.partneringplace.com https://forms.office.com *.kaltura.com/ bugcrowd.com di.rlcdn.com 1
frame-ancestors 'self' https://bpst.ee.co.uk https://propositionpro.com 1
frame-ancestors http://idsplinfo.in/ http://www.idsplinfo.in/ http://idslinfo.in/ http://www.idslinfo.in/ 'self'; 1
frame-ancestors 'self' apps112.com *.apps112.com 1
frame-ancestors 'self' *.giornaledellalibreria.it ; 1
upgrade-insecure-requests; default-src self; connect-src *; font-src *; frame-ancestors *; frame-src *; media-src *; img-src * data:; object-src 'none'; script-src 'self' https://*.mobildev.in https://*.facebook.net https://*.doubleclick.net https://*.addthis.com https://*.clarity.ms https://*.google.com https://*.googletagmanager.com https://*.googleadservices.com https://*.gstatic.com https://*.googleapis.com https://cdn-parfois.mncdn.com https://*.yandex.ru 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-eval' 'unsafe-inline' 1
default-src 'self' fonts.googleapis.com fonts.gstatic.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com cdnjs.cloudflare.com d1aqhv4sn5kxtx.cloudfront.net https://profile.ngpvan.com *.ngpvan.com https://az416426.vo.msecnd.net/scripts/a/ai.0.js; style-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: *; font-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://dc.services.visualstudio.com/v2/track https://www.google-analytics.com https://profile.ngpvan.com https://profile.ngpvan.com; 1
frame-ancestors 'self'; object-src 'self'; upgrade-insecure-requests 1
style-src 'self' fonts.googleapis.com https: blob: 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com static.hotjar.com https:; object-src https:; media-src 'self' https: blob:; frame-ancestors 'none'; img-src 'self' blob: https: data: *; default-src 'self' https: wss:; font-src 'self' https: data:; report-uri https://belisha.dealerauction.co.uk/csp-report; report-to csp-report 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn-eu.readspeaker.com/; font-src 'self' data: https://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' https://www.gstatic.com/recaptcha/releases/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://static.cloudflareinsights.com/beacon.min.js/ https://cdn-eu.readspeaker.com/; connect-src 'self' https://region1.google-analytics.com/ https://cdn-eu.readspeaker.com/ https://app-eu.readspeaker.com/ https://vttts-eu.readspeaker.com/ https://media-eu.readspeaker.com/ https://wrapi-eu.readspeaker.com/; img-src 'self' data: https://www.google-analytics.com/ https://i.ytimg.com/ https://cdn-eu.readspeaker.com/; frame-src 'self' data: https://www.google.com/ https://www.youtube-nocookie.com/; frame-ancestors 'self'; base-uri 'self'; form-action 'self' https://login.microsoftonline.com/; 1
frame-ancestors 'self' https://lxx.bd6.myftpupload.com https://cnsfta.com https://dogshow.ca https://staging.dogshow.ca https://test.dogshow.ca localhost.dogshow-ca:5001 1
upgrade-insecure-requests; object-src 'self' 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src 'self' *.oraclecloud.com maps.googleapis.com maps.gstatic.com raw.githubusercontent.com shukah.com  ajax.googleapis.com data:; font-src: 'self' data:; frame-ancestors 'none'; base-uri 'self'; 1
default-src 'self' maps.googleapis.com api.tumblr.com code.jquery.com www.google.com www.gstatic.com *.google-analytics.com https://www.googletagmanager.com *.googleapis.com ajax.googleapis.com fonts.gstatic.com https://*.fontawesome.com/ http://*.trustpilot.com/ https://*.cookiebot.com/ https://*.zendesk.com/ https://*.zdassets.com/ https://*.doubleclick.net/ https://*.mailchimp.com/; script-src 'self' maps.googleapis.com api.tumblr.com code.jquery.com www.google.com www.gstatic.com *.google-analytics.com https://www.googletagmanager.com *.googleapis.com ajax.googleapis.com 'unsafe-inline' https://*.fontawesome.com/ http://*.trustpilot.com/ https://*.cookiebot.com/ https://*.zendesk.com/ https://*.zdassets.com/ https://*.doubleclick.net https://*.agilecrm.com https://*.cloudflare.com/ https://*.mailchimp.com/ https://cdn.jsdelivr.net/npm/js-cookie@rc/dist/js.cookie.min.js; style-src 'self' 'unsafe-inline' *.googleapis.com fonts.googleapis.com https://*.fontawesome.com/; frame-src 'self' www.google.com www.gstatic.com https://www.safemedicate.com https://*.cookiebot.com/ https://*.youtube.com/ http://*.trustpilot.com/; img-src 'self' imgsct.cookiebot.com 64.media.tumblr.com maps.gstatic.com maps.googleapis.com data: *.google-analytics.com  maps.gstatic.com *.googleapis.com *.ggpht; frame-ancestors 'self' https://www.safemedicate.com 1
media-src *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.google.com https://www.gstatic.com; connect-src 'self' https://maps.googleapis.com; img-src data: 'self' https://d1be5sn7lppxuh.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.google.com; media-src 'self' https://d1be5sn7lppxuh.cloudfront.net; form-action 'self'; manifest-src 'self' 1
default-src 'self' https://releases.wagtail.io https://www.google.com https://*.googletagmanager.com https://*.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://www.google.com https://www.gstatic.com; img-src 'self' data: blob: https://*.google-analytics.com https://*.googletagmanager.com https://www.gravatar.com https://www.gstatic.com https://i.ytimg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://cdnjs.cloudflare.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com; frame-src 'self' https://www.google.com https://www.youtube.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; object-src 'self' 1
default-src 'self'; connect-src 'self' dc.services.visualstudio.com; script-src 'self' az416426.vo.msecnd.net npmcdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src 'self' app.powerbi.com; frame-ancestors 'none'; img-src 'self' data: 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-l993YiAtqYUEztLEiS3Kiq3dI' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors 'self' https://www.lovexxo.com http://*.lovexxo.com; 1
default-src 'self' data: blob: *.conac.cn  *.gov.cn *.jiathis.com *.gstatic.com *.baidu.com *.bshare.cn *.eol.cn *.qq.com *.kaipuyun.cn *.bdimg.com *.wx.qq.com *.people.com.cn *.weibo.com *.m1905.cn 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
default-src 'self' *.tusass.gl; img-src 'self' *.tusass.gl data: mkjobtelepost.azurewebsites.net; form-action 'self' *.tusass.gl; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tusass.gl challenges.cloudflare.com; style-src 'self' 'unsafe-inline' *.tusass.gl; connect-src 'self' *.tusass.gl *.algolia.net; frame-src 'self' *.tusass.gl player.vimeo.com www.youtube-nocookie.com mkjobtelepost.azurewebsites.net tusass.speedtestcustom.com telepost.speedtestcustom.com challenges.cloudflare.com; frame-ancestors *.tusassmusic.gl; upgrade-insecure-requests 1
default-src 'self' *.wildentity.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.google-analytics.com *.wildentity.com; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src * 'self' 1
frame-ancestors 'self' careergrit.sg *.careergrit.sg careersgrit.sg *.careersgrit.sg careergrit.com.sg *.careergrit.com.sg careersgrit.com.sg *.careersgrit.com.sg careergrit.org *.careergrit.org mycareersfuture.sg mycareersfuture.gov.sg *.mycareersfuture.sg *.mycareersfuture.gov.sg 1
base-uri 'self' *.global-aero.com *.aeroinsure.com *.aero.insure *.flywheelstaging.com *.adobe.com *.adobe.io *.wp.com *.cloudflare.com *.vimeocdn.com *.vimeo.com *.youtube.com *.facebook.com *.twitter.com *.twimg.com *.t.co *.google.com *.gstatic.com *.googleapis.com *.cloudflare.com *.fontawesome.com *.googletagmanager.com *.adroll.com *.osano.com *.doubleclick.net *.googleadservices.com *.amcharts.com; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.global-aero.com *.aeroinsure.com *.aero.insure *.flywheelstaging.com *.google.com *.gstatic.com *.facebook.net *.facebook.com *.linkedin.com *.googleapis.com *.cloudflare.com *.fontawesome.com *.google.com *.google-analytics.com *.ads-twitter.com *.youtube.com *.vimeo.com *.vimeocdn.com *.adobe.com *.adobe.io *.wp.com *.cloudflare.com *.fontawesome.com *.twitter.com *.twimg.com *.t.co t.co *.addsearch.com addsearch.com *.cloudfront.net *.searchcdn.com cdn.jsdelivr.net *.jsdelivr.net *.googletagmanager.com *.googleapis.com *.cloudflare.com *.fontawesome.com *.gstatic.com *.adroll.com *.osano.com *.doubleclick.net *.googleadservices.com *.amcharts.com; style-src 'self' 'unsafe-inline' *.global-aero.com *.aeroinsure.com *.aero.insure *.flywheelstaging.com *.twitter.com *.twimg.com *.addsearch.com addsearch.com *.cloudfront.net *.searchcdn.com *.google.com *.gstatic.com *.googleapis.com *.cloudflare.com *.fontawesome.com *.fonts.net *.osano.com *.amcharts.com; default-src blob: 'self' 'unsafe-inline' *.global-aero.com *.aeroinsure.com *.aero.insure *.flywheelstaging.com *.adobe.com *.adobe.io *.wp.com *.youtube.com *.vimeo.com *.vimeocdn.com *.cloudflare.com *.fontawesome.com *.facebook.com *.twitter.com *.twimg.com *.t.co t.co *.linkedin.com linkedin.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.google.com google.com *.gstatic.com *.googleapis.com *.cloudflare.com *.fontawesome.com *.gravatar.com *.doubleclick.net *.addsearch.com addsearch.com *.cloudfront.net *.w.org *.searchcdn.com *.adroll.com *.osano.com *.doubleclick.net *.googleadservices.com *.amcharts.com data: 1
frame-ancestors 'self' http://5gplus.or.kr https://5gplus.or.kr; script-src https: 'unsafe-inline' 'unsafe-eval'; object-src https: 'self' 1
default-src 'self'; connect-src 'self' https://api.ready.mobi; font-src 'self'; frame-src https://api.ready.mobi; img-src 'self'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 1
default-src 'none'; img-src 'self'; media-src 'self'; style-src 'sha512-vfJFG5yB2DVB56ULT3zpZZ8Wwmzbs8J3barfK+9ei/ZAfkBVYJUDoIKl2rnKUmqGda3GnEyzVPA26ydY5gU/ww==' 'sha512-aRtpEsxGTdl2+RKiH1LftcaaPuU6m+9rjmmq8fzls/HMJiyOo4rxlf6SWOTKaPqZv5e3unBD1RnwBKXrYxizrA==' 'sha512-aYj4t7HNkoBFPJxpM01tiupVjPNi9EXji9EtfAA0SukEGWPPqOvb/SuORtlFffSuIHC2EN8urahTViQ+VrYG1A=='; 1
default-src 'self'; script-src 'self' * 'unsafe-inline'; style-src 'self' * 'unsafe-inline'; connect-src 'self' *; img-src 'self' * data:; font-src 'self' *; media-src 'self' *; frame-src 'self' https://www.google.com https://www.youtube.com https://player.vimeo.com/; frame-ancestors 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acsbapp.com/ https://acsbapp.com/ https://*.analytics.google.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://fonts.googleapis.com/ https://stats.g.doubleclick.net/ https://www.google.com/recaptcha/ https://cdn.linkedin.oribi.io/ https://gw.linkedin.oribi.io https://sjs.bizographics.com/ https://aorta.clickagy.com/ https://hemsync.clickagy.com/ https://*.hubspot.net/ https://*.hubspot.com/ https://*.hubspotusercontent00.net/ https://*.hubspotusercontent01.net/ https://*.hubspotusercontent02.net/ https://*.hubspotusercontent03.net/ https://*.hubspotusercontent04.net/ https://*.hscollectedforms.net/ https://*.hsleadflows.net/ https://*.hs-scripts.com/ https://*.hsadspixel.net/ https://*.hs-analytics.net/ https://*.hs-banner.com/ https://*.hs-banner.net/ https://*.hsforms.net/ https://*.hsforms.com/ https://*.hsappstatic.net/ https://*.hubspotfeedback.com/ https://*.hubapi.com/ https://*.usemessages.com/ https://*.vidyard.com/ https://wpengine.com/ https://my.wpengine.com/ https://dify.wpengine.com/ https://yoast.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acsbapp.com/ https://acsbapp.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://ajax.googleapis.com/ https://googleads.g.doubleclick.net/ https://www.google.com/recaptcha/ https://www.googleadservices.com/ https://www.gstatic.com/recaptcha/ https://secure.leadforensics.com/ https://snap.licdn.com/ https://tags.clickagy.com/ https://ws.zoominfo.com/ https://*.hubspot.net/ https://*.hubspot.com/ https://*.hubspotusercontent00.net/ https://*.hubspotusercontent01.net/ https://*.hubspotusercontent02.net/ https://*.hubspotusercontent03.net/ https://*.hubspotusercontent04.net/ https://*.hscollectedforms.net/ https://*.hsleadflows.net/ https://*.hs-scripts.com/ https://*.hsadspixel.net/ https://*.hs-analytics.net/ https://*.hs-banner.com/ https://*.hs-banner.net/ https://*.hsforms.net/ https://*.hsforms.com/ https://*.hsappstatic.net/ https://*.hubspotfeedback.com/ https://*.hubapi.com/ https://*.usemessages.com/ https://*.vidyard.com/ https://wpengine.com/ https://my.wpengine.com/ https://dify.wpengine.com/ ; img-src 'self' data: https://makonetworks.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://www.google.com/ads/ https://*.ads.linkedin.com/ https://cdn.linkedin.oribi.io/ https://gw.linkedin.oribi.io https://p.adsymptotic.com/ https://www.linkedin.com/px/ https://secure.gravatar.com/ https://aorta.clickagy.com/ https://*.hubspot.net/ https://*.hubspot.com/ https://*.hubspotusercontent00.net/ https://*.hubspotusercontent01.net/ https://*.hubspotusercontent02.net/ https://*.hubspotusercontent03.net/ https://*.hubspotusercontent04.net/ https://*.hscollectedforms.net/ https://*.hsleadflows.net/ https://*.hs-scripts.com/ https://*.hsadspixel.net/ https://*.hs-analytics.net/ https://*.hs-banner.com/ https://*.hs-banner.net/ https://*.hsforms.net/ https://*.hsforms.com/ https://*.hsappstatic.net/ https://*.hubspotfeedback.com/ https://*.hubapi.com/ https://*.usemessages.com/ https://*.vidyard.com/ https://wpengine.com/ https://my.wpengine.com/ https://dify.wpengine.com/ ; font-src 'self' data: https://fonts.gstatic.com/ ; frame-src 'self' https://bid.g.doubleclick.net/ https://www.google.com/ https://www.youtube.com/ https://hemsync.clickagy.com/ https://*.hubspot.net/ https://*.hubspot.com/ https://*.hubspotusercontent00.net/ https://*.hubspotusercontent01.net/ https://*.hubspotusercontent02.net/ https://*.hubspotusercontent03.net/ https://*.hubspotusercontent04.net/ https://*.hscollectedforms.net/ https://*.hsleadflows.net/ https://*.hs-scripts.com/ https://*.hsadspixel.net/ https://*.hs-analytics.net/ https://*.hs-banner.com/ https://*.hs-banner.net/ https://*.hsforms.net/ https://*.hsforms.com/ https://*.hsappstatic.net/ https://*.hubspotfeedback.com/ https://*.hubapi.com/ https://*.usemessages.com/ https://*.vidyard.com/ ; 1
frame-ancestors 'self'; object-src 'none'; script-src 'self' https://analytics.cherchons.com/ 'nonce-1324f58538536a3c5aa5ee92322b7582';, frame-ancestors 'self' 1
default-src 'self' https://anglicanhistory.org ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' https://anglicanhistory.org/ao.css; frame-src 'self'; 1
upgrade-insecure-requests; default-src 'self' https://*.screeb.app; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.googletagmanager.com/ disqus.com *.disqus.com *.disquscdn.com https://js.hs-scripts.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com https://gist.github.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.hsforms.net https://forms.hsforms.com/ https://js.hs-analytics.net https://app.getbeamer.com/js/ https://realtime.getbeamer.com/ https://apis.google.com https://*.screeb.app nominatim.openstreetmap.org http://cdn.matomo.cloud/opendatasoft.matomo.cloud/matomo.js http://cdn.mxpnl.com/ ; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://github.githubassets.com/ *.disquscdn.com https://fonts.googleapis.com https://app.getbeamer.com/styles/ ; img-src * data: blob:; font-src * data:; media-src 'self' https://eu.ftp.opendatasoft.com/odsacademy/; connect-src 'self' *.opendatasoft.com *.disqus.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.algolia.net api.jawg.io tile.jawg.io https://graph.microsoft.com/ https://backend.getbeamer.com/ wss://realtime.getbeamer.com https://static.getbeamer.com/favico.js https://stats.g.doubleclick.net https://t.hs-growth-metrics.com https://*.screeb.app wss://*.screeb.app https://opendatasoft.matomo.cloud/matomo.php https://api-js.mixpanel.com/ ; frame-src 'self' https://platform.twitter.com https://syndication.twitter.com https://www.google.com/recaptcha/ https://accounts.google.com https://docs.google.com https://*.screeb.app *.opendatasoft.com disqus.com https://app.hubspot.com https://forms.hsforms.com https://app.getbeamer.com https://opendatasoft-trial.com data.opendatasoft.com/ www.youtube.com/embed/ www.youtube-nocookie.com/embed/ www.dailymotion.com/embed/video/ player.vimeo.com/video/ app.powerbi.com/ app.powerbigov.us/ app.high.powerbigov.us/ app.mil.powerbigov.us/ public.tableau.com/views/ arcgis.com/apps/View/ docs.google.com/forms/ forms.office.com/ www.google.com/maps/d/embed www.google.com/maps/embed www.arcgis.com/home/webscene/viewer.html www.arcgis.com/home/webmap/viewer.html app.streamfizz.live/embed/ player.streamfizz.live/embed/ www.facebook.com/plugins/page.php; 1
default-src 'self' 'unsafe-inline' myricoh.com my.ricoh-usa.com www.googletagmanager.com *.googleapis.com *.liveperson.net *.hotjar.com img.en25.com fonts.gstatic.com *.lpsnmedia.net *.qualtrics.com *.eloqua.com www.google.com www.gstatic.com www.google-analytics.com reveal.clearbit.com munchkin.marketo.net app.five9.com helpcenter.myricoh.com *.paymetric.com *.clarity.ms 'unsafe-eval' quickresp.widget.custhelp.com stats.g.doubleclick.net quickresp.custhelp.com gtm.js; 1
default-src 'none'; script-src https://cdn.matomo.cloud https://*.usercentrics.eu 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://netlify-cdp-loader.netlify.app; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*.ctfassets.net https://res.cloudinary.com https://*.usercentrics.eu; font-src 'self'; connect-src 'self' https://*.usercentrics.eu https://jvm.matomo.cloud https://jvm.matomo.cloudmatomo.php; media-src 'self' https://*.ctfassets.net https://res.cloudinary.com; object-src 'none'; frame-src 'self' https://app.netlify.com; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self' 1
frame-ancestors 'self'; style-src 'self' 'unsafe-inline' 1
base-uri 'self'; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ s3.tradingview.com; connect-src 'self' wss: xexchange.com *.xexchange.com *.multiversx.com *.elrond.com *.maiar.com *.maiar.exchange *.google-analytics.com s3.amazonaws.com/xexchange.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: *.xexchange.com *.multiversx.com *.elrond.com *.maiar.com raw.githubusercontent.com s3.amazonaws.com *.google-analytics.com i.ytimg.com; frame-src *.xexchange.com *.multiversx.com *.elrond.com *.maiar.com verify.walletconnect.com buy.moonpay.io www.google.com/recaptcha/ widget-instant.ramp.network www.youtube.com s.tradingview.com; manifest-src 'self'; frame-ancestors 'self' xexchange.com *.xexchange.com multiversx.com *.multiversx.com elrond.com *.elrond.com maiar.com *.maiar.com 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.fontawesome.com https://fonts.gstatic.com/ https://fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.azul.com.do https://authentication.cardinalcommerce.com/ https://songbird.cardinalcommerce.com/ 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.onesignal.com https://aliss.os.tc/  https://aliss-test.os.tc/ https://*.cardinalcommerce.com/ *.userway.org 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.cdninstagram.com *.fbcdn.net *.onesignal.com https://img.onesignal.com/ https://h.online-metrix.net/ *.online-metrix.net https://*.cardinalcommerce.com/ https://cdn.jsdelivr.net https://purecatamphetamine.github.io *.userway.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com s7.addthis.com *.js-agent.newrelic.com *.bam.nr-data.net https://bam.nr-data.net *.onesignal.com https://onesignal.com/ https://h.online-metrix.net/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://*.cardinalcommerce.com/ https://www.google-analytics.com/ https://cdn.jsdelivr.net accounts.google.com connect.facebook.net *.userway.org https://assets-cdn.woowup.com https://js.pusher.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.fontawesome.com https://onesignal.com/ https://h.online-metrix.net/ https://js-agent.newrelic.com/ https://*.cardinalcommerce.com/ https://fonts.googleapis.com https://cdn.jsdelivr.net *.userway.org 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.snplow.net commerce.adobedc.net *.adobe.io performance.typekit.net *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com thm.visa.com ekr.zdassets.com/ *.bam.nr-data.net https://bam.nr-data.net *.onesignal.com https://onesignal.com/ https://cdn.onesignal.com/ https://h.online-metrix.net/ *.online-metrix.net https://js-agent.newrelic.com/ https://maps.googleapis.com/ https://*.cardinalcommerce.com/ https://*.amazonaws.com/ *.facebook.com *.userway.org 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.onesignal.com https://cdn.onesignal.com/ https://h.online-metrix.net/ https://js-agent.newrelic.com/ https://*.cardinalcommerce.com/ *.userway.org http: https: blob: 'self' 'unsafe-inline'; default-src https://fonts.gstatic.com/ https://fonts.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.integration2-hohc4oi-c2g6g5sgc4xo6.us-5.magentosite.cloud https://*.cardinalcommerce.com/ 'self' 'unsafe-inline'; 1
default-src 'self' *.distrosea.com *.google.com *.googlesyndication.com *.google-analytics.com cloudflareinsights.com data: wss:; frame-src *.cloudflare.com *.google.com *.doubleclick.net *.googlesyndication.com; style-src 'self' 'unsafe-inline' data: *.google.com; img-src 'self' 'unsafe-inline' data: *.googleusercontent.com *.googlesyndication.com *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googlesyndication.com *.googletagmanager.com *.cloudflareinsights.com *.cloudflare.com data:; object-src 'none'; 1
frame-ancestors 'self' https://mgfa.healthstorylines.com http://scctesting.healthstorylines.com https://my.healthstorylines.com https://healthstorylines.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ws: wss: sonicwall.com *.sonicwall.com; 1
upgrade-insecure-requests; default-src 'self' https://kerned.com *.kerned.com; connect-src 'self' https://kerned.com *.kerned.com maps.googleapis.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.addthis.com; font-src 'self' https://kerned.com *.kerned.com https://*.typekit.net https://fonts.gstatic.com data:; media-src 'self' https://kerned.com *.kerned.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://kerned.com *.kerned.com https://cdn.addevent.com https://connect.facebook.net https://cdn.cookielaw.org https://maps.googleapis.com https://code.jquery.com https://instagram.com https://cdn.syndication.twimg.com https://s.ytimg.com https://platform.twitter.com https://www.linkedin.com https://px.ads.linkedin.com https://snap.licdn.com  https://www.youtube.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.addthisedge.com https://graph.facebook.com; style-src 'self' 'unsafe-inline' https://kerned.com *.kerned.com https://cloud.typography.com https://*.typekit.net https://fonts.googleapis.com https://tagmanager.google.com https://cdn.cookielaw.org https://platform.twitter.com; img-src 'self' data: https://cdn.addevent.com https://kerned.com *.kerned.com https://www.addevent.com https://www.facebook.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://maps.googleapis.com https://maps.gstatic.com https://*.cdninstagram.com https://*.twimg.com https://*.twitter.com https://*.fbcdn.net https://storify.com https://www.google.com https://www.google.co.uk https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com; child-src 'self' https://kerned.com *.kerned.com https://www.google.com https://*.addthis.com; frame-src 'self' https://kerned.com *.kerned.com https://gamma.euroland.com *.media-server.com https://webcast.treetop.tv *.investis.com *.eurolandir.com *.connectidfeed.com https://staticxx.facebook.com https://www.facebook.com https://syndication.twitter.com https://platform.twitter.com https://player.vimeo.com https://www.google.com https://www.youtube.com 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; frame-ancestors 'self'; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 1
base-uri 'none'; style-src 'self' *.cassiecloud.com *.googleapis.com 'unsafe-inline' https://cscript-cdn-use.lilly.com/templates/2/template.min.css *.lillytempo.com *.kisunla.com; script-src 'nonce-IDDnjlou9CZ/gfTweywzTg=='  'sha256-kAVGvMFWDkuqkyA4xnLi3h5jk8dWz0XiySrLWG+6PjU='  'sha256-Z8tznIo/ThVjx0PDG4uVYOvNf/68gRrDPqd4YwU616s='  'self' 'strict-dynamic' 'unsafe-eval' *.kaltura.com/ *.cassiecloud.com *.googletagmanager.com https://google-analytics.com *.google-analytics.com *.bing.com https://connect.facebook.net https://lilly-customerconnect.secure.force.com https://customerconnect.my.salesforce-sites.com https://ispot.tv *.turn.com *.myadvocado.com *.doubleclick.net *.analytics.yahoo.com *.google.com https://facebook.com *.salesforceliveagent.com *.youtube.com *.ytimg.com *.gstatic.com *.googlevideo.com blob: http://d22xmn10vbouk4.cloudfront.net *.googleapis.com assets.adobedtm.com assets.ctfassets.net *.kisunla.com https://s.yimg.jp/images/listing/tool/cv/ytag.js; object-src 'none'; frame-src *.doubleclick.net/ *.myadvocado.com/ *.lillytempo.com *.lillycares.com *.lillyoncologysupport.com *.lillyloxooncologypipeline.com *.lillydirect.com *.lrlscience.com *.syrenis.com *.taltz.com *.olumiant.com *.verzenio.com *.omvoh.com *.true.lilly *.tap.lilly *.together.lilly *.certuitad.com *.lilly.com *.enrollment.taltz.com *.enrollment.olumiant.com *.enrollment.verzenio.com *.enrollment.omvoh.com *.kisunla.com 1
frame-ancestors 'self' https://lp.bridgerpay.com 1
default-src 'self' *.sessioncam.com *.cloudfront.net; script-src *.cloudfront.net *.sessioncam.com *.hypemarks.com *.krxd.net 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk *.newrelic.com *.betrad.com bam.nr-data.net static.addtoany.com *.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com *.cloudfront.net *.serving-sys.com 7225833.collect.igodigital.com connect.facebook.net stats.g.doubleclick.net https://www.gstatic.com *.cloudfront.net ws://*.sessioncam.com wss://*.sessioncam.com *.gigya.com https://bv.js  *.bazaarvoice.com *.amazonaws.com *.adimo.co *.iesnare.com *.polyfill.io *.cdns.eu1.gigya.com https://cdns.eu1.gigya.com *.gigya.com *.nescafe.com *.sitepreview.ws *.nestle.co.uk *.nestle.com *.pinimg.com *.salesforceliveagent.com *.force.com *.salesforce.com *.cookielaw.org *.onetrust.com *.cookiepro.com *.amazon-adsystem.com *.yimg.com *.salesforce-sites.com *.pinterest.com *.windows.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.cloudflare.com *.fusepump.com *.youtube.com cloud.typography.com *.google.com *.use.fontawesome.com *.bazaarvoice.com *.fontawesome.com *.adimo.co *.nestle.co.uk *.nestle.com *.fonts.net *.amazonaws.com *.force.com *.salesforce.com *.cookielaw.org *.onetrust.com *.cookiepro.com *.salesforce-sites.com; img-src *.cloudfront.net *.sessioncam.com *.google.co.in *.nestle.co.uk 'self' data: *.googleapis.com *.gstatic.com *.cloudflare.com *.google-analytics.com https://stats.g.doubleclick.net www.google.com www.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to brand-ecommerce-assets.fusepump.com *.evidon.com https://nova.collect.igodigital.com https://www.facebook.com *.krxd.net *.nestlebeverages.acsitefactory.com be.factory.nescafe.com belgium.nestlebeverages.acsitefactory.com www.nescafe.com *.ytimg.com *.bazaarvoice.com *.gigya.com *.stage4.factory.nescafe.com *.nescafe.com *.adimo.co *.pinterest.com *.force.com *.smababy.co.uk *.cookielaw.org *.onetrust.com *.cookiepro.com *.googletagmanager.com *.rlcdn.com *.yahoo.com *.google.es *.tiktok.com *.windows.net; media-src 'self' *.amazonaws.com; frame-src *.cloudfront.net *.sessioncam.com *.doubleclick.net 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net  http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com https://brand-ecommerce-assets.fusepump.com www.google.com *.krxd.net www.facebook.com https://l3.evidon.com/ *.gigya.com *.adimo.co *.bazaarvoice.com *.nestle-brands.co.uk https://login-eu.nescafe.com/ *.force.com *.baby2body.com *.salesforce.com *.amazon-adsystem.com *.pinterest.com; frame-ancestors 'self'; child-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com ; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com *.cloudflare.com *.fontawesome.com *.fonts.net *.sfdcstatic.com *.nestle.co.uk *.windows.net; connect-src 'self' brand-ecommerce-api.fusepump.com *.sessioncam.com *.cloudfront.net *.google-analytics.com https://collect.analyze.ly https://secure-ds.serving-sys.com *.amazonaws.com *.bazaarvoice.com *.evidon.com *.g.doubleclick.net *.nestle-brands.co.uk *.nr-data.net https://api.experianmarketingservices.com/sync/queryresult/EmailValidate/1.0/10773728-4c4d-43e6-959a-dd3889366f85  https://login-eu.nescafe.com/ *.edq.com *.pinterest.com *.cs88.force.com *.secure.force.com *.cookielaw.org *.onetrust.com *.cookiepro.com *.google.com *.yimg.com *.facebook.com *.amazon-adsystem.com *.googlesyndication.com analytics.tiktok.com *.adimo.co *.paa-reporting-advertising.amazon *.nestle.co.uk; report-uri /report-csp-violation 1
frame-ancestors https://app.dr-bill.ca 1
default-src 'self' https://analytics.tiktok.com wss://socket.tidio.co widget-v4.tidiochat.com *.google.com *.googleapis.com https://www.google-analytics.com https://cdn.lightwidget.com/ https://stats.g.doubleclick.net https://www.facebook.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: twemoji.maxcdn.com https://www.facebook.com *.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com ajax.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.tiktok.com widget-v4.tidiochat.com code.tidio.co code.jquery.com *.google.com *.googleapis.com https://connect.facebook.net https://www.googletagmanager.com *.google-analytics.com https://cdn.lightwidget.com/ http://ajax.microsoft.com; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com https://ajax.googleapis.com; media-src 'self' widget-v4.tidiochat.com; 1
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: data: blob: wss://visitors.live wss://*.visitors.live 1
frame-ancestors notactivelylooking.com *.notactivelylooking.com ezekia.com *.ezekia.com *.live.com *.office.com *.office365.com; frame-src 'self' https://zapier.com notactivelylooking.com *.notactivelylooking.com cloud.notactivelylooking.com ezekia.com *.ezekia.com https://ezekia.com https://*.stripe.com https://hooks.stripe.com https://checkout.stripe.com https://*.vimeo.com https://*.recaptcha.net/ https://recaptcha.net/ https://*.facebook.com https://*.youtube.com https://googleapis.com https://*.googleapis.com https://*.google.com https://app.hubspot.com/ https://*.officeapps.live.com/ https://*.amazonaws.com/ 1
script-src 'self' 'unsafe-inline' altanacomcdn.azureedge.net altanadecdn.azureedge.net *.azureedge.net *.choice.faktor.io cmp.faktor.mgr.consensu.org *.privacymanager.io maps.googleapis.com *.recruitmentplatform.com *.etracker.com *.etracker.de *.googletagmanager.com api.signalize.com *.consentmanager.net *.googleapis.com *.easy-feedback.com *.vimeo.com vimeo.com *.stripe.com *.paypal.com; default-src 'self' 'unsafe-inline' maps.googleapis.com maps.gstatic.com *.etracker.com *.etracker.de *.googletagmanager.com api.signalize.com *.consentmanager.net *.googleapis.com *.easy-feedback.com *.google-analytics.com *.azureedge.net *.juicer.io *.vimeo.com vimeo.com *.stripe.com *.paypal.com; img-src 'self' data: maps.googleapis.com maps.gstatic.com *.consentmanager.net *.azureedge.net *.vimeo.com; form-action 'self' *.paypal.com; 1
font-src fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.adyen.com tv.eqology.com https://www.googletagmanager.com/ *.google.com/ *.meetanshi.com meetanshi.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io *.adyen.com *.gstatic.com https://www.magezon.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.facebook.com *.google.com *.meetanshi.com meetanshi.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adyen.com *.plugins.emarsys.net *.scarabresearch.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googletagmanager.com *.facebook.net *.google.com/ *.gstatic.com *.meetanshi.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.fontawesome.com *.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.scarabresearch.com *.eservice.emarsys.net google.com *.google.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.google-analytics.com *.meetanshi.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' data:; worker-src * blob:; frame-ancestors 'self'; upgrade-insecure-requests; base-uri 'self' 1
frame-ancestors 'self' d2n7f4cdbqb93g.cloudfront.net 1
frame-src 'self' *.spotify.com videotorium.hu *.videotorium.hu *.vimeo.com *.youtube.com *.google.com; child-src 'self' *.spotify.com videotorium.hu *.videotorium.hu *.vimeo.com *.youtube.com *.google.com; report-uri /report-csp-violation 1
frame-ancestors 'self' toyotarp.com www.toyotarp.com; 1
default-src 'none';
                script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://maps.gstatic.com/ https://csi.gstatic.com/;
                style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://csi.gstatic.com/;
                object-src 'none';
                frame-ancestors 'self';
                base-uri 'self';
                form-action 'self';
                img-src 'self' https://s3.amazonaws.com/ https://maps.gstatic.com/ https://khms0.googleapis.com/ https://maps.googleapis.com/ https://khms1.googleapis.com/;
                frame-src 'self' https://www.youtube.com/;
                font-src 'self' https://fonts.gstatic.com/;
         1
base-uri 'self';connect-src 'self' stats.g.doubleclick.net www.google-analytics.com hcaptcha.com *.hcaptcha.com *.analytics.google.com vimeo.com;default-src 'self';form-action 'self';img-src 'self' data: ik.imagekit.io www.google-analytics.com www.google.com www.google.fr www.googletagmanager.com *.vimeocdn.com *.vimeo.com;media-src 'self' *.vimeo.com vimeo.com;object-src 'none';script-src 'self' *.youtube.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com https://player.vimeo.com https://www.vimeo.com https://f.vimeocdn.com https://unpkg.com/youtube-background/jquery.youtube-background.min.js;style-src 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com;font-src 'self';frame-src *.youtube.com hcaptcha.com *.hcaptcha.com *.vimeo.com vimeo.com *.youtube-nocookie.com;child-src *.vimeo.com vimeo.com 1
default-src *.google.com bootstrapcdn.com  googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.hoodriver.coop *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com *.crowdfiber.io data: *.googletagmanager.com luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv billing.hoodriver.coop adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.facebook.net *.smeco.coop electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' elfsight.com icua.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co *.cooperative.com *.google-analytics.com gmpg.org cloudfront.net *.ctctcdn.com *.marketingautomation.services *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com *.azgt.coop; 1
*://www.f1-consult.com:* 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com dap.digitalgov.gov https://public.govdelivery.com; style-src 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net; img-src 'self' data: *.googletagmanager.com *.google-analytics.com; font-src 'self' data: https://use.typekit.net; connect-src 'self' *.googletagmanager.com *.google-analytics.com *.analytics.google.com https://public.govdelivery.com; media-src 'self'; object-src 'none'; frame-src 'self' https://public.govdelivery.com; worker-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://home.flipwithrick.com 1
frame-ancestors https://*.facebook.com http://*.facebook.com 1
frame-ancestors https://api.alnafi.com https://portal.alnafi.com 1
default-src 'self' https:  'unsafe-inline' data: 'unsafe-eval' wss: blob:; 1
script-src https://js.monitor.azure.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com 'self' https://*.trondheim.kommune.no/ https://cdn.jsdelivr.net/syntaxhighlighter/3.0.83/scripts/shBrushJScript.js https://cdn.jsdelivr.net/syntaxhighlighter/3.0.83/scripts/shCore.js https://polyfill-fastly.io/v3/polyfill.min.js https://cdn.tiny.cloud/1/no-origin/tinymce/6.4.2-17/tinymce.min.js https://code.jquery.com/jquery-1.10.2.min.js https://code.jquery.com/jquery-1.12.4.min.js https://code.jquery.com/ui/1.12.0/jquery-ui.min.js https://hsk-widget.web.app/embed/hsk.js https://maps.googleapis.com/ https://netdna.bootstrapcdn.com/bootstrap/3.0.2/js/bootstrap.min.js https://player.vimeo.com/ https://siteimproveanalytics.com/js/siteanalyze_6002236.js https://translate.google.com/ https://translate.googleapis.com/ https://translate-pa.googleapis.com/ https://trondheim.bib.no/ https://unpkg.com/@tmcw/togeojson@4.1.0/dist/togeojson.umd.js https://unpkg.com/jszip@3.5.0/dist/jszip.min.js https://unpkg.com/leaflet.gridlayer.googlemutant@0.10.2/Leaflet.GoogleMutant.js https://unpkg.com/leaflet@1.3.1/dist/leaflet.js https://unpkg.com/leaflet@1.6.0/dist/leaflet.js https://unpkg.com/leaflet-kmz@latest/dist/leaflet-kmz.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-2d7d9d0e-bbf5-40d8-8f04-7c95f747d635'; frame-src 'self' https://*.trondheim.kommune.no/ https://app.powerbi.com/ https://calendar.google.com/ https://docs.google.com/ https://e.infogram.com/ https://fast.wistia.net/ https://geoinnsyn.nois.no/ https://maps.google.no/ https://player.vimeo.com/ https://trondheim.kommunetv.no/ https://trondheim-kommune-byplankontor.github.io https://trondheim-kommune-byplan-statistikk.github.io/ https://viewer.diagrams.net/ https://w.soundcloud.com/ https://www.google.com/maps/ https://www.google.com/recaptcha/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://*.cdn.optimizely.com https://*.cdn-pci.optimizely.com; connect-src https://dc.services.visualstudio.com https://js.monitor.azure.com https://*.optimizely.com 'self' https://*.trondheim.kommune.no/ https://bibliofil.trondheim.kommune.no/ https://maps.googleapis.com/ https://tkevents.no/graphQL https://translate.googleapis.com/ https://trondheim.bib.no/ https://trondheim-elements.digdem.no/ https://us-central1-tk-events.cloudfunctions.net/graphQL https://ws.geonorge.no/; font-src 'self' data: https://fonts.gstatic.com/; img-src https://app.optimizely.com https://cdn.optimizely.com 'self' data: https://*.trondheim.kommune.no/ https://*.siteimproveanalytics.io/ https://firebasestorage.googleapis.com/ https://fonts.gstatic.com/ https://hsk-widget.web.app/assets/ https://i.vimeocdn.com https://i.ytimg.com/ https://krydder.bib.no/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://opencache.statkart.no/ https://translate.google.com/ https://translate.googleapis.com/ https://unpkg.com/leaflet@1.3.1/dist/images/ https://unpkg.com/leaflet@1.6.0/dist/images/ https://www.google.com/images/ https://www.gstatic.com/; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/leaflet.markercluster/1.5.3/MarkerCluster.Default.min.css https://code.jquery.com/ui/1.10.4/themes/smoothness/jquery-ui.min.css https://fonts.googleapis.com/ https://unpkg.com/leaflet@1.3.1/dist/leaflet.css https://unpkg.com/leaflet@1.6.0/dist/leaflet.css https://www.gstatic.com/; object-src 'self'; media-src 'self'; manifest-src 'self'; frame-ancestors 'self'; form-action 'self'; default-src 'self'; base-uri 'self'; 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 1
font-src maxcdn.bootstrapcdn.com *.gstatic.com staticfiles.cuestix.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.gstatic.com *.paypal.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ vars.hotjar.com *.google.com *.twitter.com *.addthis.com *.gstatic.com *.paypal.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io validate.fishpig.co.uk *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.gstatic.com mediafiles.cuestix.com staticfiles.cuestix.com *.cloudflare.com *.klarna.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.hotjar.com *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com staticfiles.cuestix.com mediafiles.cuestix.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.paypal.com s7.addthis.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com *.google.com *.googleapis.com *.gstatic.com mediafiles.cuestix.com staticfiles.cuestix.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.paypal.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.gstatic.com mediafiles.cuestix.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google.com staticfiles.cuestix.com in.hotjar.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.authorize.net *.gstatic.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' data: *.cuestix.com *.gstatic.com 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.elplanteo.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.youtube.com *.youtube-nocookie.com *.itzbund.de *.bundesbots.de ; object-src 'self' multimedia.gsb.bund.de; connect-src 'self' *.itzbund.de ; media-src 'self' blob: multimedia.gsb.bund.de social.bund.de *.youtube.com *.youtube-nocookie.com medien.bkm.bund.de ; frame-src *.youtube.com *.youtube-nocookie.com *.bundesbots.de ; img-src 'self' blob: social.bund.de *.youtube.com *.youtube-nocookie.com ; frame-ancestors 'self'; upgrade-insecure-requests; 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://internetencasa.mx/report-uri/enforce 1
default-src 'self' https: ws: wss: data: blob: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.tarteaucitron.io https://tarteaucitron.io https://reservations.tablebooker.com https://*.doubleclick.net https://www.googleadservices.com https://static.addtoany.com https://*.tiktok.com https://embed.typeform.com https://cdn.syndication.twimg.com https://*.twitter.com https://*.getclicky.com https://*.list-manage.com https://chat.sendinblue.com https://sibautomation.com https://code.createjs.com https://use.typekit.net https://vjs.zencdn.net https://*.cookiebot.com https://cdn.jsdelivr.net https://s7.addthis.com https://*.googleapis.com https://*.list-manage.com https://unpkg.com https://code.jquery.com https://js.stripe.com https://ws.sharethis.com https://cdnjs.cloudflare.com https://connect.facebook.net https://*.google-analytics.com https://cdn.ckeditor.com https://policy.app.cookieinformation.com https://s3.amazonaws.com https://player.vimeo.com https://i.vimeocdn.com https://fast.wistia.com https://www.youtube.com https://s.ytimg.com https://*.google.com https://www.gstatic.com https://www.googletagmanager.com; connect-src 'self' https://*.analytics.google.com https://*.google-analytics.com https://*.tiktok.com https://*.getclicky.com https://*.sendinblue.com wss://chat-messaging.sendinblue.com https://consentcdn.cookiebot.com https://consent.app.cookieinformation.com https://policy.app.cookieinformation.com https://*.sharethis.com https://nominatim.openstreetmap.org https://stats.g.doubleclick.net https://www.facebook.com https://vimeo.com https://*.google-analytics.com;  frame-ancestors 'self'; form-action 'self' https://extranet.segec.be https://checkout.stripe.com https://syndication.twitter.com https://*.list-manage.com https://www.facebook.com; 1
default-src 'self' *.nhs.uk; frame-ancestors 'none'; style-src 'self' 'unsafe-inline' 1
default-src 'self' bngprm.com *.bngprm.com ymetrica1.com mc.yandex.ru cam.vg *.cam.vg cdn.fluidplayer.com movcpm.com *.movcpm.com greedseed.world xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com http://178.32.155.95 http://62.210.201.98 http://195.154.187.103 http://195.154.187.179 http://195.154.173.242 http://195.154.173.197 http://195.154.225.146 *.2k0.ru; style-src cdn.fluidplayer.com fonts.googleapis.com 'self' 'unsafe-inline'; script-src bngprm.com *.bngprm.com cdn.jsdelivr.net cdn.fluidplayer.com 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com data:; img-src 'self' bngprm.com *.bngprm.com counter.yadro.ru mc.yandex.ru ymetrica1.com mc.webvisor.org cdn.fluidplayer.com movcpm.com *.movcpm.com xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com data:; 1
default-src 'self'; img-src https://* data:image/*; font-src 'self' https://* data:; style-src https://* 'self'  'unsafe-inline'; connect-src 'self' https://www.facebook.com https://cloud8-cc-geo.8x8.com https://www.google.com https://api.getaddress.io https://azflg-func-bewebsite.azurewebsites.net https://region1.google-analytics.com https://stats.g.doubleclick.net https://bepublicwebne.azurewebsites.net https://www.google-analytics.com https://azflg-func-data8-ne.azurewebsites.net https://azflg-func-smart-ext-ne.azurewebsites.net; frame-src *.realexpayments.com https://www.google.com https://10.100.1.6:9443 https://analytics-eu.8x8.com https://vcc-eu7-cf.8x8.com https://www.facebook.com https://vcc-eu7.8x8.com; script-src-elem 'self' https://*  https://www.gstatic.com https://www.google.com https://cdnjs.cloudflare.com *.jquery.com https://connect.facebook.net https://www.googletagmanager.com https://webservices.data-8.co.uk https://unpkg.com https://vcc-eu7.8x8.com https://www.google-analytics.com 1
default-src https: data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https://cdn.cookielaw.org https://privacyportalde-cdn.onetrust.com https://*.youtube.com https://api-engage-eu.sitecorecloud.io https://edge.sitecorecloud.io https://ka-p.fontawesome.com https://kit.fontawesome.com https://xmc-bdrthermea1-platform-production.sitecorecloud.io/ https://xmf.remeha.co.uk https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://maps.googleapis.com/ https://www.broetje.de https://cdnjs.cloudflare.com https://cdn.jsdelivr.net bdr-prd-platform-broetje-9qc4tk7mr-bdr-thermea-group.vercel.app; script-src 'self' 'unsafe-inline' 'unsafe-eval' bdr-prd-platform-broetje-9qc4tk7mr-bdr-thermea-group.vercel.app https://cdn.cookielaw.org https://privacyportalde-cdn.onetrust.com https://api-engage-eu.sitecorecloud.io https://*.googletagmanager.com https://*.google-analytics.com https://kit.fontawesome.com https://*.youtube.com https://vitals.vercel-insights.com https://maps.googleapis.com https://*.googleapis.com https://*.gstatic.com https://www.google.com https://bdr-prd-platform-broetje.vercel.app https://www.broetje.de https://cdnjs.cloudflare.com https://cdn.jsdelivr.net blob:; child-src https://maps.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://edge-platform.sitecorecloud.io bdr-prd-platform-broetje-9qc4tk7mr-bdr-thermea-group.vercel.app; style-src 'self' 'unsafe-inline' https://edge.sitecorecloud.io https://*.fontawesome.com https://www.broetje.de bdr-prd-platform-broetje-9qc4tk7mr-bdr-thermea-group.vercel.app; img-src 'self' * data:; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://api-engage-eu.sitecorecloud.io https://*.fontawesome.com https://*.doubleclick.net https://cdn.cookielaw.org/ https://*.onetrust.com https://*.youtube.com/ https://vitals.vercel-insights.com https://edge-platform.sitecorecloud.io https://*.googleapis.com https://*.gstatic.com https://www.broetje.de https://cdnjs.cloudflare.com https://cdn.jsdelivr.net bdr-prd-platform-broetje-9qc4tk7mr-bdr-thermea-group.vercel.app data: blob:; font-src 'self' https://fonts.gstatic.com https://ka-p.fontawesome.com https://kit.fontawesome.com https://bdr-prd-platform-broetje.vercel.app https://www.broetje.de bdr-prd-platform-broetje-9qc4tk7mr-bdr-thermea-group.vercel.app; report-uri https://bdrthermea.report-uri.com/r/d/csp/reportOnly; frame-src 'self' https://erp.bdrthermea.com https://advisor.co2online.de https://ratgeber.co2online.de https://broetje-website.foerderdata.de https://broetje.questionizer.eu https://www.youtube-nocookie.com https://www.youtube.com https://de-broetje.bdrwebtest.com https://maps.googleapis.com https://edge-platform.sitecorecloud.io https://www.google.com; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src http: https: data:; font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com https://rsms.me https://maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1
default-src 'self' https://dollarsmarkets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://static.cloudflareinsights.com/; child-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://raw.githubusercontent.com https://dollarsmarkets.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com data:; frame-src 'self'; connect-src 'self' https://maps.googleapis.com https://dollarsmarkets.com https://secure.dollarsmarketsmy.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://apis.google.com https://maps.gstatic.com https://*.ggpht.com data: https://connect.facebook.net https://www.facebook.com http://staticxx.facebook.com https://staticxx.facebook.com https://platform.twitter.com https://cdnjs.cloudflare.com https://unpkg.com https://netdna.bootstrapcdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://geolocation-db.com; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data:; 1
upgrade-insecure-requests; report-to https://biletkartina.tv/; frame-ancestors 'self' https://kassir.kartina.tv 1
default-src 'self';connect-src 'self' www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect;font-src 'self' data:;frame-src 'self' https://static.addtoany.com/ www.googletagmanager.com;img-src 'self' www.google-analytics.com https://www.google.fr/ads/ga-audiences https://www.google.com/ads/ga-audiences www.googletagmanager.com ssl.gstatic.com www.gstatic.com stats.g.doubleclick.net/r/ https://stats.g.doubleclick.net/r/collect data: https://*.tile.openstreetmap.fr/osmfr/;script-src 'self' 'unsafe-inline' https://static.addtoany.com/ google-analytics.com https://ssl.google-analytics.com www.google-analytics.com tagmanager.google.com googletagmanager.com www.googletagmanager.com stats.g.doubleclick.net;style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com; 1
default-src blob: data: 'self' 'unsafe-inline' 'unsafe-eval' 'inline' https://googleoptimize.com https://*.googleoptimize.com https://doubleclick.net https://*.doubleclick.net https://shortpixel.ai https://*.shortpixel.ai https://klarna.com https://*.klarna.com https://klarnaevt.com https://*.klarnaevt.com https://klarnacdn.net https://*.klarnacdn.net https://openstreetmap.org https://*.openstreetmap.org https://googleapis.com https://*.googleapis.com https://gstatic.com https://*.gstatic.com https://googletagmanager.com https://*.googletagmanager.com data: blob: https://przelewy24.pl https://*.przelewy24.pl https://google-analytics.com https://*.google-analytics.com https://jsdelivr.net https://*.jsdelivr.net https://google.com https://*.google.com https://google.pl https://*.google.pl https://fbcdn.net https://*.fbcdn.net https://fbsbx.com https://*.fbsbx.com https://facebook.com https://*.facebook.com https://maps.googleapis.com https://*.maps.googleapis.com https://static.hotjar.com https://*.static.hotjar.com https://hotjar.com https://*.hotjar.com https://trustedshops.com https://*.trustedshops.com https://etrusted.com https://*.etrusted.com https://trustbadge.com https://*.trustbadge.com https://cloudflare.com https://*.cloudflare.com https://youtube.com https://*.youtube.com https://dpd.com.pl https://*.dpd.com.pl https://windows.net https://*.windows.net https://microsoft.com https://*.microsoft.com https://azureedge.net https://*.azureedge.net https://easypack24.net https://*.easypack24.net https://easyklima.com https://*.easyklima.com https://easyklima.pl https://*.easyklima.pl https://easyklima.at https://*.easyklima.at https://easyklima.ae https://*.easyklima.ae https://easyklima.es https://*.easyklima.es https://easyklima.pt https://*.easyklima.pt https://easyklima.fr https://*.easyklima.fr https://easyklima.be https://*.easyklima.be https://easyklima.nl https://*.easyklima.nl https://easyklima.se https://*.easyklima.se https://easyklima.hr https://*.easyklima.hr https://easyklima.cz https://*.easyklima.cz https://easyklima.dk https://*.easyklima.dk https://easyklima.ee https://*.easyklima.ee https://easyklima.fi https://*.easyklima.fi https://easyklima.lv https://*.easyklima.lv https://easyklima.lt https://*.easyklima.lt https://easyklima.ro https://*.easyklima.ro https://easyklima.no https://*.easyklima.no https://easyklima.si https://*.easyklima.si https://payson.se https://*.payson.se https://stripe.com https://*.stripe.com https://bing.com https://*.bing.com https://facebook.net https://*.facebook.net https://clarity.ms https://*.clarity.ms https://paypal.com https://*.paypal.com https://paypalobjects.com https://*.paypalobjects.com https://trustpilot.com https://*.trustpilot.com https://trustedshops.com https://*.trustedshops.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'inline' 'blob' https://googleoptimize.com https://*.googleoptimize.com https://doubleclick.net https://*.doubleclick.net https://shortpixel.ai https://*.shortpixel.ai https://klarna.com https://*.klarna.com https://klarnaevt.com https://*.klarnaevt.com https://klarnacdn.net https://*.klarnacdn.net https://openstreetmap.org https://*.openstreetmap.org https://googleapis.com https://*.googleapis.com https://gstatic.com https://*.gstatic.com https://googletagmanager.com https://*.googletagmanager.com https://przelewy24.pl https://*.przelewy24.pl https://google-analytics.com https://*.google-analytics.com https://jsdelivr.net https://*.jsdelivr.net https://google.com https://*.google.com https://google.pl https://*.google.pl https://fbcdn.net https://*.fbcdn.net https://fbsbx.com https://*.fbsbx.com https://facebook.com https://*.facebook.com https://maps.googleapis.com https://*.maps.googleapis.com https://static.hotjar.com https://*.static.hotjar.com https://hotjar.com https://*.hotjar.com https://trustedshops.com https://*.trustedshops.com https://etrusted.com https://*.etrusted.com https://trustbadge.com https://*.trustbadge.com https://cloudflare.com https://*.cloudflare.com https://dpd.com.pl https://*.dpd.com.pl https://windows.net https://*.windows.net https://microsoft.com https://*.microsoft.com https://azureedge.net https://*.azureedge.net https://easypack24.net https://*.easypack24.net https://easyklima.com https://*.easyklima.com https://easyklima.pl https://*.easyklima.pl https://easyklima.at https://*.easyklima.at https://easyklima.ae https://*.easyklima.ae https://easyklima.es https://*.easyklima.es https://easyklima.pt https://*.easyklima.pt https://easyklima.fr https://*.easyklima.fr https://easyklima.be https://*.easyklima.be https://easyklima.nl https://*.easyklima.nl https://easyklima.se https://*.easyklima.se https://easyklima.hr https://*.easyklima.hr https://easyklima.cz https://*.easyklima.cz https://easyklima.dk https://*.easyklima.dk https://easyklima.ee https://*.easyklima.ee https://easyklima.fi https://*.easyklima.fi https://easyklima.lv https://*.easyklima.lv https://easyklima.lt https://*.easyklima.lt https://easyklima.ro https://*.easyklima.ro https://easyklima.no https://*.easyklima.no https://easyklima.si https://*.easyklima.si https://payson.se https://*.payson.se https://stripe.com https://*.stripe.com https://bing.com https://*.bing.com https://facebook.net https://*.facebook.net https://clarity.ms https://*.clarity.ms https://paypal.com https://*.paypal.com https://paypalobjects.com https://*.paypalobjects.com https://trustpilot.com https://*.trustpilot.com https://trustedshops.com https://*.trustedshops.com; frame-src *; style-src 'self' 'unsafe-inline' 'inline' 'blob' *; 1
frame-ancestors 'self' http://www.lynxformen.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-VTCWqt4JuwXDZ3k7lT0q16frKs0='; style-src 'nonce-VTCWqt4JuwXDZ3k7lT0q16frKs0=' 1
frame-ancestors 'self' https://*.iprox.nl https://www.theimagineers.com 1
frame-ancestors 'self' https://www.popy-yokohama.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com downloads.mailchimp.com fonts.googleapis.com *.p1.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' app.usercentrics.eu www.googletagmanager.com downloads.mailchimp.com cdnjs.cloudflare.com *.list-manage.com www.google-analytics.com www.googleadservices.com connect.facebook.net bat.bing.com rec.smartlook.com *.doubleclick.net maps.googleapis.com www.google.com www.gstatic.com *.cupo.nl *.hotjar.com *.p1.nl; img-src 'self' data: app.usercentrics.eu www.google-analytics.com *.doubleclick.net www.facebook.com bat.bing.com www.google.com www.google.nl gallery.mailchimp.com maps.gstatic.com maps.googleapis.com *.ytimg.com *.p1.nl *.ggpht.com *.tradetracker.net; font-src 'self' fonts.gstatic.com; frame-src 'self' app.usercentrics.eu *.youtube.com www.facebook.com www.google.com *.hotjar.com www.tangram-tis.nl *.p1.nl; connect-src 'self' *.usercentrics.eu *.googleapis.com pagead2.googlesyndication.com *.google.com *.doubleclick.net bat.bing.com *.smartlook.cloud *.cupo.nl *.hotjar.com *.hotjar.io *.p1.nl www.google-analytics.com api.usercentrics.eu 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com http://www.google-analytics.com https://www.googleadservices.com/ https://maps.googleapis.com https://fonts.googleapis.com https://www.gstatic.com/ https://www.googletagmanager.com/ https://code.jquery.com/jquery-3.6.0.min.js https://googleads.g.doubleclick.net https://connect.facebook.net/ https://www.googleadservices.com/pagead/ https://www.clarity.ms/ https://stats.g.doubleclick.net/ https://cdnjs.cloudflare.com https://cdn.jsdelivr.net/ https://www.sutas.com.tr/ https://www.sutas.com/ https://cdn.userway.org/ https://www.sutas.com.tr/services/GetCountryNameByIpAddress https://www.sutas.com/services/GetCountryNameByIpAddress 1
frame-ancestors 'self' http://app.storyblok.com https://app.storyblok.com; 1
script-src 'self' 'unsafe-inline' https://kit.fontawesome.com/ https://*.ifvox.com/ https://d2rnkf2kqy5m6h.cloudfront.net/ https://cdn.mxpnl.com/ https://player.vimeo.com https://www.gstatic.com https://az416426.vo.msecnd.net/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn.datatables.net https://www.google.com https://maxcdn.bootstrapcdn.com/;form-action 'self'; style-src 'self' 'unsafe-inline' https://maps.googleapis.com/  https://fonts.googleapis.com  https://cdn.datatables.net https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com/;font-src 'self' https://ka-p.fontawesome.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com/; frame-ancestors 'self'; img-src 'self' https://*.googletagmanager.com/ https://cms.chathamcountyga.gov/ https://i.vimeocdn.com https://cccdn.blob.core.windows.net/ https://www.google-analytics.com/ https://i.ytimg.com https://ytimg.com 1
default-src 'self' https: data:; style-src 'self' https: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; 1
frame-src static.hotjar.com	vimeo.com	player.vimeo.com cdn.iubenda.com www.outsmartemr.com wchat.freshchat.com vars.hotjar.com outsmart.webpush.freshchat.com 'self' www.facebook.com www.googletagmanager.com; img-src cdn.css-tricks.com ps.w.org www.google.co.uk www.google.com.hk www.google.com.ph www.google.com.pk www.google.com.ua www.google.de www.google.fr www.google.it www.google.se chrome gjtrack.ucweb.com www.google.co.in www.google.co.th guide.outsmartemr.com help.outsmartemr.com s.w.org www.google.co.kr www.googletagmanager.com 'self' www.googletagmanager.com www.outsmartemr.com data: i.vimeocdn.com www.facebook.com secure.gravatar.com www.google.com www.google.com.jm ps.w.org s.w.org www.google-analytics.com minisrclink.cool translate.google.com www.google.ca www.gstatic.com; media-src 'self'; object-src www.outsmartemr.com 'self' player.vimeo.com; script-src-attr 'unsafe-inline'; script-src-elem use.typekit.net code.jquery.com	gateway.zscalerone.net gateway.zscalertwo.net kafiro.kuwinesume.com www.googletagmanager.com www.pagespeed-mod.com 'self' 'unsafe-inline' cdn.iubenda.com wchat.freshchat.com www.googletagmanager.com connect.facebook.net static.hotjar.com www.google-analytics.com script.hotjar.com outsmartemr.freshsales.io assets.freshsales.io webform.freshsales.io clients1.google.com gc.kis.v2.scr.kaspersky-labs.com minisrclink.cool www.iubenda.com; style-src-attr 'unsafe-inline'; style-src-elem adblockers.opera-mini.net gateway.zscalerone.net gateway.zscalertwo.net gc.kis.v2.scr.kaspersky-labs.com 'self' 'unsafe-inline' fonts.googleapis.com use.typekit.net p.typekit.net wchat.freshchat.com code.ionicframework.com d952cmcgwqsjf.cloudfront.net www.iubenda.com; connect-src 'self' subwayblaze.com gjtrack.ucweb.com plugin.ucads.ucweb.com stats.g.doubleclick.net www.facebook.com www.google.com  hits-i.iubenda.com ww.facebook.com www.google-analytics.com stats.g.doubleclick.net 'self' outsmartemr.freshsales.io in.hotjar.com vc.hotjar.io; font-src chrome-extension cdn.getspeechify.com github.com  data: fonts.gstatic.com use.typekit.net 'self' code.ionicframework.com d952cmcgwqsjf.cloudfront.net; script-src outsmartemr.freshsales.io	asset clients1.google.com script.hotjar.com static.hotjar.com www.google-analytics.com www.iubenda.com 'unsafe-eval' 'self' 'unsafe-inline' ajax.googleapis.com cdn.iubenda.com code.jquery.com connect.facebook.net wchat.freshchat.com www.googletagmanager.com static.hotjar.com www.google-analytics.com; default-src data: 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com cdnjs.cloudflare.com clients1.google.com code.jquery.com fonts.googleapis.com 'self' use.fontawesome.com use.typekit.net; style-src wchat.freshchat.com www.iubenda.com 'self' 'unsafe-eval' 'unsafe-inline' wchat.freshchat.com cdnjs.cloudflare.com code.jquery.com fonts.googleapis.com translate.googleapis.com use.fontawesome.com use.typekit.net p.typekit.net; report-uri https://rdtest.report-uri.com/r/d/csp/wizard; 1
default-src 'self' *.pcdn.co *.dgepress.com cdn.rawgit.com code.jquery.com platform.twitter.com api-6fce660a.duosecurity.com cdn.datatables.net;script-src 'self' *.pcdn.co *.dgepress.com *.cloudfront.net *.bitmovin.com cdn.rawgit.com code.jquery.com platform.twitter.com cdnjs.cloudflare.com api-6fce660a.duosecurity.com ajax.googleapis.com cdn.datatables.net *.streamhub.tv *.streamhub.io link.theplatform.com js-agent.newrelic.com bam.nr-data.net 'unsafe-inline' 'unsafe-eval';style-src 'self' *.pcdn.co *.dgepress.com *.bitmovin.com cdn.rawgit.com code.jquery.com cdnjs.cloudflare.com platform.twitter.com ajax.googleapis.com maxcdn.bootstrapcdn.com cdn.datatables.net 'unsafe-inline';img-src * data:;font-src * data:;frame-src 'self' *.dgepress.com *.pcdn.co *.cloudfront.net player.vimeo.com duo.com *.duosecurity.com duomobile.s3-us-west-1.amazonaws.com platform.twitter.com *.youtube.com *.vimeo.com;connect-src 'self' *.pcdn.co *.dgepress.com *.bitmovin.com cdn.rawgit.com dge.akamaized.net code.jquery.com platform.twitter.com api-6fce660a.duosecurity.com cdn.datatables.net link.theplatform.com stats.streamhub.io disabcpress-vh.akamaihd.net bam.nr-data.net;media-src 'self' *.pcdn.co *.dgepress.com disabcpress-vh.akamaihd.net dge.akamaized.net cdn.rawgit.com code.jquery.com platform.twitter.com api-6fce660a.duosecurity.com cdn.datatables.net link.theplatform.com blob:;worker-src 'self' *.pcdn.co *.dgepress.com blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://smartcaptcha.yandexcloud.net https://www.google.com https://www.gstatic.com  www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net mc.yandex.ru mc.yandex.com api-maps.yandex.ru core-renderer-tiles.maps.yandex.net yastatic.net *.roistat.com tech.rtb.mts.ru qoopler.ru use.fontawesome.com app.diagrams.net viewer.diagrams.net nonce-OyGAnHWb_T3KqdSo1s6Xhg;    frame-src 'self' ipeye.ru docs.google.com https://www.youtube.com https://www.youtube-nocookie.com/ mc.yandex.ru mc.yandex.com https://www.google.com https://smartcaptcha.yandexcloud.net; img-src 'self' data: i.ytimg.com api-maps.yandex.ru core-renderer-tiles.maps.yandex.net  yandex.ru mc.yandex.ru mc.yandex.com; 1
frame-ancestors 'self' *.slipcase.com *.marketplace.marsh.com https://www.slipcase.com https://marketplace.marsh.com; 1
base-uri 'self' languages.oup.com prododcorp.wpengine.com stats.wp.com www.youtube.com www.google-analytics.com connect.facebook.net www.googletagmanager.com v0.wordpress.com plus.google.com connect.facebook.net global.oup.com w.soundcloud.com region1.google-analytics.com ssl.google-analytics.com qzzr.com cloudfront.net *.cloudfront.net *.secure.gravatar.com secure.gravatar.com fonts.googleapis.com code.jquery.com cdn.jsdelivr.net fonts.gstatic.com www.google.com www.gstatic.com *.www.gstatic.com; form-action 'self' languages.oup.com prododcorp.wpengine.com stats.wp.com www.youtube.com www.google-analytics.com connect.facebook.net www.googletagmanager.com v0.wordpress.com plus.google.com connect.facebook.net global.oup.com w.soundcloud.com region1.google-analytics.com ssl.google-analytics.com qzzr.com cloudfront.net *.cloudfront.net *.secure.gravatar.com secure.gravatar.com fonts.googleapis.com code.jquery.com cdn.jsdelivr.net fonts.gstatic.com www.google.com www.gstatic.com *.www.gstatic.com; frame-ancestors 'self' languages.oup.com prododcorp.wpengine.com stats.wp.com www.youtube.com www.google-analytics.com connect.facebook.net www.googletagmanager.com v0.wordpress.com plus.google.com connect.facebook.net global.oup.com w.soundcloud.com region1.google-analytics.com ssl.google-analytics.com qzzr.com cloudfront.net *.cloudfront.net *.secure.gravatar.com secure.gravatar.com fonts.googleapis.com code.jquery.com cdn.jsdelivr.net fonts.gstatic.com www.google.com www.gstatic.com *.www.gstatic.com; connect-src languages.oup.com prododcorp.wpengine.com stats.wp.com www.youtube.com www.google-analytics.com connect.facebook.net www.googletagmanager.com v0.wordpress.com plus.google.com connect.facebook.net global.oup.com w.soundcloud.com region1.google-analytics.com ssl.google-analytics.com qzzr.com cloudfront.net *.cloudfront.net *.secure.gravatar.com secure.gravatar.com fonts.googleapis.com code.jquery.com cdn.jsdelivr.net fonts.gstatic.com www.google.com www.gstatic.com *.www.gstatic.com 'unsafe-inline'; default-src 'none'; font-src 'self' languages.oup.com prododcorp.wpengine.com stats.wp.com www.youtube.com www.google-analytics.com connect.facebook.net www.googletagmanager.com v0.wordpress.com plus.google.com connect.facebook.net global.oup.com w.soundcloud.com region1.google-analytics.com ssl.google-analytics.com qzzr.com cloudfront.net *.cloudfront.net *.secure.gravatar.com secure.gravatar.com fonts.googleapis.com code.jquery.com cdn.jsdelivr.net fonts.gstatic.com www.google.com www.gstatic.com *.www.gstatic.com 'unsafe-inline'; frame-src 'self' languages.oup.com prododcorp.wpengine.com stats.wp.com www.youtube.com www.google-analytics.com connect.facebook.net www.googletagmanager.com v0.wordpress.com plus.google.com connect.facebook.net global.oup.com w.soundcloud.com region1.google-analytics.com ssl.google-analytics.com qzzr.com cloudfront.net *.cloudfront.net *.secure.gravatar.com secure.gravatar.com fonts.googleapis.com code.jquery.com cdn.jsdelivr.net fonts.gstatic.com www.google.com www.gstatic.com *.www.gstatic.com 'unsafe-inline'; img-src 'self' languages.oup.com prododcorp.wpengine.com stats.wp.com www.youtube.com www.google-analytics.com connect.facebook.net www.googletagmanager.com v0.wordpress.com plus.google.com connect.facebook.net global.oup.com w.soundcloud.com region1.google-analytics.com ssl.google-analytics.com qzzr.com cloudfront.net *.cloudfront.net *.secure.gravatar.com secure.gravatar.com fonts.googleapis.com code.jquery.com cdn.jsdelivr.net fonts.gstatic.com www.google.com www.gstatic.com *.www.gstatic.com 'unsafe-inline'; script-src 'default' languages.oup.com prododcorp.wpengine.com stats.wp.com www.youtube.com www.google-analytics.com connect.facebook.net www.googletagmanager.com v0.wordpress.com plus.google.com connect.facebook.net global.oup.com w.soundcloud.com region1.google-analytics.com ssl.google-analytics.com qzzr.com cloudfront.net *.cloudfront.net *.secure.gravatar.com secure.gravatar.com fonts.googleapis.com code.jquery.com cdn.jsdelivr.net fonts.gstatic.com www.google.com www.gstatic.com *.www.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' languages.oup.com prododcorp.wpengine.com stats.wp.com www.youtube.com www.google-analytics.com connect.facebook.net www.googletagmanager.com v0.wordpress.com plus.google.com connect.facebook.net global.oup.com w.soundcloud.com region1.google-analytics.com ssl.google-analytics.com qzzr.com cloudfront.net *.cloudfront.net *.secure.gravatar.com secure.gravatar.com fonts.googleapis.com code.jquery.com cdn.jsdelivr.net fonts.gstatic.com www.google.com www.gstatic.com *.www.gstatic.com 'unsafe-inline'; 1
frame-ancestors 'self' https://editorialjurua.com; 1
default-src 'self' https://cdn.etrias.nl ; base-uri 'none'; connect-src 'self' https://cdn.etrias.nl  https://www.googletagmanager.com https://maps.googleapis.com https://*.google-analytics.com https://www.googleadservices.com https://*.googlesyndication.com https://*.google.com https://*.google.nl https://*.google.be https://*.google.fr https://*.google.de https://*.google.at https://*.google.ch https://*.google.it https://*.google.ie https://*.google.com.sa https://*.google.co.uk https://*.bing.com https://*.doubleclick.net https://bam.nr-data.net https://squeezely.tech https://ct.beslist.nl https://consent.cookie-script.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; font-src 'self' https://cdn.etrias.nl  https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://cdn.etrias.nl  https://www.youtube-nocookie.com https://www.facebook.com https://tpc.googlesyndication.com https://bid.g.doubleclick.net https://td.doubleclick.net https://optimize.google.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; img-src https: data:; script-src 'self' https://cdn.etrias.nl  'unsafe-eval' https://*.google.com https://www.googletagmanager.com https://maps.googleapis.com https://*.google-analytics.com https://www.googleadservices.com https://www.youtube.com https://bat.bing.com https://connect.facebook.net https://js-agent.newrelic.com https://bam.nr-data.net https://squeezely.tech https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.sneakerdistrict.nl 'nonce-oGjVzieqDSWnoThUAVYxj7Xlh9X8YiHv'; style-src 'self' https://cdn.etrias.nl  'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com https://optimize.google.com https://www.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; report-uri /_csp/report 1
default-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sharethis.com https://*.printfriendly.com https://static.multiposting.fr https://connect.facebook.net https://platform.twitter.com https://*.adroll.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.ckeditor.com https://www.gstatic.com https://*.google.com https://www.googletagmanager.com https://cdn.cookielaw.org https://connect.facebook.net https://bat.bing.com https://*.woopra.com https://s.yimg.com https://js.adsrvr.org https://pagead2.googlesyndication.com; style-src 'self' 'unsafe-inline' 'unsafe-hashes' https://www.gstatic.com https://www.opoint.no https://fonts.googleapis.com https://cdn.ckeditor.com https://www.googletagmanager.com https://ws.sharethis.com; img-src 'self' data: blob: https:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.adroll.com https://www.googletagmanager.com https://www.facebook.com https://*.google.com https://www.vaincrelamuco.org https://www.google-analytics.com https://bat.bing.com https://www.woopra.com https://www.google.fr https://*.doubleclick.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://pagead2.googlesyndication.com https://region1.google-analytics.com https://s.yimg.com https://*.googleapis.com https://www.googleadservices.com https://fonts.gstatic.com https://l.sharethis.com; frame-src 'self' https://www.googletagmanager.com https://*.google.com https://*.adsrvr.org https://*.doubleclick.net https://*.adroll.com https://*.facebook.com https://*.twitter.com https://*.printfriendly.com https://www.youtube.com https://ws.sharethis.com; frame-ancestors 'self'; form-action 'self' https://www.facebook.com https://p.monetico-services.com; base-uri 'self'; upgrade-insecure-requests; report-uri https://sentry.ecedi.net/api/123/security/?sentry_key=d0eab8ab66c54deaaac7f2dca51719c0; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' 'unsafe-inline' * data:; style-src 'self' 'unsafe-inline' *; font-src 'self' 'unsafe-inline' *; object-src 'self' blob:; 1
default-src 'self' *.conac.cn *.jiathis.com *.gmu.cn *.eol.cn *.baidu.com *.bshare.cn *.qq.com *.kaipuyun.cn 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com https://www.youtube.com;  style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self' https://www.youtube.com https://www.google.com https://recaptcha.net; img-src 'self' https://img.youtube.com/ https://pricing.ittcannon.com https://i.ytimg.com/ https://picsum.photos/ https://ittcannon.canto.com https://d3opzdukpbxlns.cloudfront.net https://www.google-analytics.com https://px.ads.linkedin.com https://www.ittcannon.com https://www.googletagmanager.com data:; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com https://snap.licdn.com https://www.youtube.com https://recaptcha.net https://www.google.com https://www.gstatic.com/ https://www.googletagmanager.com; connect-src 'self' https://dev-eprism-lite1.itt.com https://apsis.ittindustrialproducts.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://www.google-analytics.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com/; font-src 'self'; 1
default-src 'self' cdn.eu.zetaglobal.net onsiterecs.api.eu.zetaglobal.net people.api.eu.zetaglobal.net api.eu.zetaglobal.net events.api.eu.zetaglobal.net euhosted.live.rezync.com eu.live.rezync.com d30o4d63vvluug.cloudfront.net *.lightboxcdn.com cdn.cookielaw.org optanon.blob.core.windows.net *.google.com hooks.zapier.com www.google.es www.google.ad global-trust.eu data: www.facebook.com *.google-analytics.com *.hotjar.com *.hotjar.io cf.ignitionone.com track.adform.net px.ads.linkedin.com www.linkedin.com p.adsymptotic.com *.googletagmanager.com snap.licdn.com *.onetrust.com emea-leaseplan.netmng.com emea-leaseplan.qa.netmng.com *.bing.com *.doubleclick.net *.clarity.ms; script-src 'self' 'unsafe-inline' 'unsafe-eval' onsiterecs.api.eu.zetaglobal.net people.api.eu.zetaglobal.net events.api.eu.zetaglobal.net api.eu.zetaglobal.net euhosted.live.rezync.com *.googletagmanager.com cdn.eu.zetaglobal.net code.jquery.com cdn.cookielaw.org *.hotjar.com connect.facebook.net *.google-analytics.com pi.pardot.com www.googleadservices.com *.doubleclick.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.bing.com cf.ignitionone.com s2.adform.net track.adform.net emea-leaseplan.netmng.com emea-leaseplan.qa.netmng.com *.clarity.ms; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com data:; 1
default-src 'self' ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://ssl.google-analytics.com/ga.js https://ajax.cloudflare.com https://amp.cloudflare.com https://static.cloudflareinsights.com https://www.google.com https://www.gstatic.com https://www.instagram.com https://platform.instagram.com https://www.redditstatic.com https://stats.g.doubleclick.net https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.syndication.twimg.com https://connect.facebook.net https://platform.twitter.com https://syndication.twitter.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://www.google.com https://ajax.googleapis.com https://amp.cloudflare.com https://ton.twimg.com https://platform.twitter.com; img-src * data: ; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' cloudflareinsights.com *.amp.cloudflare.com https://platform.twitter.com https://syndication.twitter.com https://stats.g.doubleclick.net https://bam.nr-data.net; frame-src 'self' data: blob: https://open.spotify.com https://www.google.com https://twitter.com https://platform.twitter.com https://syndication.twitter.com https://mobile.twitter.com https://t.co https://www.facebook.com https://web.facebook.com https://staticxx.facebook.com https://m.facebook.com https://static.xx.fbcdn.net https://www.instagram.com https://www.redditmedia.com https://w.soundcloud.com https://youtube.com https://www.youtube.com https://youtube-nocookie.com https://www.youtube-nocookie.com https://player.vimeo.com https://dailymotion.com https://www.dailymotion.com *.amp.cloudflare.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://ukff.report-uri.com/r/d/csp/enforce; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data:; 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.freifunk-3laendereck.net; script-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self' *.freifunk-3laendereck.net data:; object-src 'self' 1
base-uri 'none'; script-src 'self' 'nonce-a8c3f44c6b974f61bccf896837db3775' https://www.google-analytics.com/ https://maps.googleapis.com/ https://static.getclicky.com/ https://in.getclicky.com/ https://cdn.carbonads.com/ http://srv.carbonads.net/ https://adn.fusionads.net/ https://m.servedby-buysellads.com/ https://srv.buysellads.com/ https://platform.twitter.com/ https://static.ads-twitter.com/ https://analytics.twitter.com/ https://codepen.io/ https://assets.codepen.io/ https://cdn.syndication.twimg.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://platform.twitter.com/ https://ton.twimg.com/; font-src 'self' https://fonts.gstatic.com/; child-src 'self' https://www.youtube.com/ https://speakerdeck.com/ https://player.vimeo.com/ https://syndication.twitter.com/ https://platform.twitter.com/ https://codepen.io/ https://glitch.com/embed/; connect-src 'self' https://www.gravatar.com/ https://i.imgur.com/ https://api.github.com/ https://maps.googleapis.com/ https://www.google-analytics.com/; img-src 'self' http://assets.servedby-buysellads.com/ http://abs.twimg.com/ http://platform.twitter.com/ http://t.co/i/ https: data:; upgrade-insecure-requests; report-uri /api/csp/report; report-to /api/csp/report 1
child-src 'self' *.whatchado.com *.youtube.com *.youtube-nocookie.com *.w24.at *.google.com; default-src 'self' *.youtube.com *.youtube-nocookie.com *.google.com; img-src 'self' *.ytimg.com blob: data: ; media-src 'self' *.lfrz.gv.at; script-src 'self' 'unsafe-inline' *.youtube.com *.youtube-nocookie.com; style-src 'self' 'unsafe-inline' *.youtube.com *.youtube-nocookie.com *.google.com; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://forms.sbc35.com forms.sbc35.com https://tarteaucitron.io tarteaucitron.io https://vtm-test.cutm.nfrance.com/libraries/jstree/dist/jstree.min.js https://tmcsi.widgets.secutix.com/stx-widgets/Newsletter/v1/Newsletter.js https://tmcsi.pp-widgets.secutix.com/stx-widgets/Newsletter/v1/Newsletter.js https://www.google.com/recaptcha/api.js https://public.message-business.com/Javascript/form/MB_Form_JsApp.js https://stx-gravity-p1-widgets.quantum.secutix.com https://stx-gravity-p1-widgets.quantum.secutix.com/stx-widgets/v2/Widgets.js cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://forms.sbc35.com forms.sbc35.com https://tarteaucitron.io tarteaucitron.io https://cdn.tarteaucitron.io cdn.tarteaucitron.io https://matomo-pp.cutm.nfrance.net matomo-pp.cutm.nfrance.net connect.facebook.net cdn.onesignal.com platform.twitter.com www.youtube.com www.recaptcha.net www.gstatic.com onesignal.com https://stx-gravity-p1-widgets.quantum.secutix.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://stx-gravity-p1-widgets.quantum.secutix.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://cdn.jsdelivr.net cdn.jsdelivr.net https://stx-gravity-p1-widgets.quantum.secutix.com; report-uri https://metropole.toulouse.fr/report-uri/enforce; report-to default 1
default-src 'self' https://stats.g.doubleclick.net https://analytics.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com blob:; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data: https://www.farolsantander.com.br https://farolsantander.com.br https://www.facebook.com https://www.google.com https://www.google.com.br https://www.googletagmanager.com; font-src 'self' data:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://www.google.com https://www.google-analytics.com https://td.doubleclick.net; block-all-mixed-content; upgrade-insecure-requests; connect-src 'self' https://o471229.ingest.sentry.io https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.google.com.br https://www.facebook.com https://connect.facebook.net https://analytics.google.com https://stats.g.doubleclick.net; 1
default-src 'self' data: 'unsafe-inline' paritaetnrwdev.matomo.cloud; frame-src 'self' www.youtube-nocookie.com player.vimeo.com www.manual.paritaet-nrw.dev; font-src 'self'; img-src 'self' data: 'unsafe-inline' paritaetnrwdev.matomo.cloud; object-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' cdn.matomo.cloud; style-src 'self' data: 'unsafe-inline'; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://api-oa.com https://publiact.fr https://www.rdv360.com https://www.tameteo.com https://cart.guidap.net https://apiguidap.com/public/account https://snapwidget.com/js/snapwidget.js https://statistiques.alpi40.fr/matomo.js tarteaucitron.js tarteaucitroninit.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ tracking.js https://statistiques.alpi40.fr https://maps.google.com/maps-api-v3/api/js/47/2/intl/fr_ALL/common.js https://maps.google.com/maps-api-v3/api/js/47/2/intl/fr_ALL/util.js https://chatbot.alpi40.fr/assets/modules/channel-web/inject.js https://use.fontawesome.com/010db549e2.js https://apis.google.com/js/plusone.js https://connect.facebook.net/fr_FR/sdk.js https://*.readspeaker.com https://maps.google.com/maps/api/js https://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo https://platform.twitter.com/widgets.js https://www.google.com/recaptcha/api.js https://*.publidata.io https://statistiques.alpi40.fr https://api-oa.com https://www.pigma.org; style-src 'report-sample' 'self' 'unsafe-inline' https://api-oa.com https://publiact.fr https://www.rdv360.com https://www.tameteo.com  https://cart.guidap.net https://apiguidap.com/public/account https://chatbot.alpi40.fr  https://use.fontawesome.com http://fonts.googleapis.com https://*.readspeaker.com https://fonts.googleapis.com https://www.pigma.org; object-src 'none'; base-uri 'self'; connect-src 'self' https://api-oa.com https://publiact.fr https://www.rdv360.com https://www.tameteo.com https://cart.guidap.net https://apiguidap.com/public/account https://maps.googleapis.com https://statistiques.alpi40.fr https://www.pigma.org https://*.readspeaker.com; font-src 'self' data: https://api-oa.com https://publiact.fr https://www.rdv360.com https://www.tameteo.com https://cart.guidap.net https://apiguidap.com/public/account https://use.fontawesome.com https://fonts.gstatic.com; frame-src 'self' https://api-oa.com https://publiact.fr https://www.rdv360.com https://www.tameteo.com https://www.tf1.fr https://www.igecom40.fr https://snapwidget.com/embed/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/  https://www.helloasso.com/ https://view.genial.ly https://www.ina.fr https://www.openstreetmap.org https://umap.openstreetmap.fr https://foad.alpi40.fr  https://chatbot.alpi40.fr https://*.medialandes.fr  https://portailfamille.coeurhautelande.fr https://www.dailymotion.com https://calendar.google.com https://www.youtube.com https://www.youtube-nocookie.com https://accounts.google.com https://apis.google.com https://flickrembed.com https://maps.google.fr https://v.calameo.com https://platform.twitter.com https://www.facebook.com https://www.google.com https://app.panneaupocket.com https://carto-einclusion.alpi40.fr/ https://*.publidata.io https://airesuradour.medialandes.fr https://www.pigma.org https://syndication.alpi40.fr https://wcf.tourinsoft.com https://docs.google.com/spreadsheets/ https://*.readspeaker.com https://carte.seignanx.com; img-src 'self' data: https://api-oa.com https://publiact.fr https://www.rdv360.com https://www.tameteo.com https://www.xn--mto-bmab.fr https://cdt40.tourinsoft.com https://www.alpi40.fr https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com https://syndication.twitter.com https://statistiques.alpi40.fr https://www.sydec40.fr https://extranet.sydec40.fr https://intranet.sydec40.fr https://www.herm.fr https://www.sietomdechalosse.fr https://www.mairie-ychoux.com https://www.roquefort40.fr https://www.pigma.org; manifest-src 'self'; frame-ancestors 'self'; media-src 'self' https://api-oa.com https://publiact.fr https://www.rdv360.com https://www.tameteo.com https://api-oa.com https://www.alpi40.fr; worker-src 'none'; 1
default-src * 'unsafe-inline'; 1
default-src 'self' data: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://analytics.google.com https://ssl.google-analytics.com https://www.googletagmanager.com; script-src-attr 'self' 'unsafe-inline'; style-src * 'inline' 'unsafe-inline'; style-src-elem * 'inline' 'unsafe-inline'; style-src-attr * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net; media-src *; prefetch-src 'self'; child-src 'self' blob:; frame-src * data:; worker-src 'self' blob:; frame-ancestors 'self' ; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self'; report-uri '' 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com; img-src 'self' data: blob: www.google-analytics.com ssl.google-analytics.com www.google.com analytics.google.com; connect-src 'self' blob: wss://digistorage.es www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about:; form-action 'self'; frame-src 'self'; child-src 'self' blob:; frame-ancestors 'self' http://localhost:* http://127.0.0.1:*; font-src 'self' data: 1
frame-ancestors 'self' https://dimorder.com; 1
default-src 'self' google.com *.hotjar.io cdn.jsdelivr.net *.googlesyndication.com googleads.g.doubleclick.net gyruss.rdops.systems *.gstatic.com *.hotjar.com viacep.com.br *.doubleclick.net maps.googleapis.com *.google.com www.googleadservices.com googleadservices.com *.googletagmanager.com *.licdn.com *.linkedin.com *.linkedin.oribi.io *.facebook.com connect.facebook.net *.google-analytics.com d335luupugsy2.cloudfront.net *.rdstation.com.br eye.rd.services 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googletagmanager.com *.googleadservices.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' data: fonts.gstatic.com 'unsafe-inline'; img-src 'self' *.cloudfront.net *.ytimg.com *.googletagmanager.com *.googleadservices.com *.gstatic.com *.facebook.com *.google-analytics.com *.google.com *.google.com.br *.doubleclick.net d335luupugsy2.cloudfront.net *.rdstation.com.br eye.rd.services *.licdn.com *.linkedin.com *.linkedin.oribi.io *.adsymptotic.com *.googleapis.com data: content:; frame-src 'self' td.doubleclick.net *.youtube.com youtu.be *.google.com *.google.com.br *.hotjar.com *.g.doubleclick.net *.facebook.com; worker-src 'self' blob:; connect-src 'self' *.rdstation.com *.rdstation.com.br *.linkedin.com *.facebook.com google.com *.google.com *.g.doubleclick.net *.google-analytics.com *.googleapis.com goo.gl *.googletagmanager.com *.hotjar.com *.hotjar.io;media-src * 1
frame-ancestors https://www.sonichealthplus.com.au https://bookings.sonicvaccinations.com.au https://sonicvaccinations.com.au https://www.sonicvaccinations.com.au https://www.ausskinclinics.com.au https://easyvisitweb.uat.sonichealthcare.com https://web.easyvisit.com.au https://easyvisit.uat.sonichealthcare.com https://www.easyvisit.com.au 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com ajax.googleapis.com cdn.jsdelivr.net code.jquery.com js-agent.newrelic.com bam.nr-data.net connect.facebook.net googleads.g.doubleclick.net google.com www.googleadservices.com maps.googleapis.com www.google.com www.gstatic.com; 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https://web-cms.espago.com http://127.0.0.1:1337 http://localhost:1337 https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.google.pl https://*.linkedin.com https://*.licdn.com https://imgsct.cookiebot.com https://fonts.gstatic.com/; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.facebook.com https://connect.facebook.net https://www.google.com https://www.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.licdn.com https://www.clarity.ms https://*.cookiebot.com 1
default-src 'self' *.genflix.co.id *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://accounts.google.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.gstatic.com https://storage.googleapis.com https://wzrkt.com https://sg1.wzrkt.com https://d2r1yp2w7bby2u.cloudfront.net https://ajax.googleapis.com https://imasdk.googleapis.com https://static.dable.io https://api.dable.io http://sp-api.dable.io https://websdk.appsflyer.com https://static.airbridge.io https://www.datadoghq-browser-agent.com https://analytics.tiktok.com https://pagead2.googlesyndication.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src * data: android-webview-video-poster: 'self' blob: data:; font-src 'self' data: https://fonts.gstatic.com; media-src * blob: ; frame-src *; connect-src *; worker-src * data: blob: ; object-src 'none'; 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' https://gestav.com https://connect.facebook.net https://api.systempay.fr https://api.payzen.eu https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.googleadservices.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net; img-src 'self' https://api.systempay.fr https://api.payzen.eu https://stats.g.doubleclick.net https://www.google-analytics.com data:; style-src 'self' 'unsafe-inline' https://gestav.com https://api.systempay.fr https://api.payzen.eu https://fonts.googleapis.com https://fonts.bunny.net https://cdn.materialdesignicons.com; child-src www.youtube.com; frame-src 'self' https://gestav.com https://api.systempay.fr https://api.payzen.eu https://www.facebook.com https://www.youtube.com; font-src 'self' https://fonts.gstatic.com/ https://fonts.bunny.net https://cdn.materialdesignicons.com; 1
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.gopeople.com.au; 1
frame-ancestors 'self' https://reg18.smp.ne.jp; 1
default-src 'self';  script-src 'unsafe-inline' 'unsafe-eval' 'self' js.hs-scripts.com js.hs-analytics.net js.hsleadflows.net js.hs-banner.com js.hsadspixel.net js.usemessages.com *.zscloud.net *.usercentrics.eu *.adroll.com *.adroll.mgr.consensu.org *.kampyle.com *.go-mpulse.net munchkin.marketo.net *.serving-sys.com *.googleadservices.com googleads.g.doubleclick.net *.akamaihd.net secure.comodo.com www.trustlogo.com seal.verisign.com seal.websecurity.norton.com *.digicert.com www.googletagmanager.com optimize.google.com *.google-analytics.com *.richrelevance.com js.hsforms.net forms.hsforms.com *.hubspot.com services.cognitoforms.com www.google.com www.google:* www.gstatic.com *.googleapis.com cloud.github.com code.jquery.com connect.facebook.net static.ak.fbcdn.net *.hscollectedforms.net widgets.twimg.com www.dentapure.com www.google.com tagmanager.google.com volusionchat.appspot.com cloud.github.com vp.dentrek.com *.henryschein.fr *.henryschein.com *.facebook.com *.bing.com *.youtube.com *.licdn.com bing.com facebook.net hs-scripts.com hs-banner.com hsadspixel.net hs-analytics.net linkedin.com cdn.linkedin.oribi.io adservice.google.com clarity.ms *.clarity.ms js-eu1.hs-scripts.com js-eu1.hs-banner.com js-eu1.hsadspixel.net js-eu1.hs-analytics.net *.brevo.com blob: data:;  connect-src 'self' *.hubapi.com *.hubspot.com *.usercentrics.eu *.akstat.io *.go-mpulse.net *.kampyle.com *.mktoresp.com *.akamaihd.net *.richrelevance.com services.cognitoforms.com optimize.google.com *.google-analytics.com ssl.google-analytics.com *.clarity.ms js.hsforms.net volusionchat.appspot.com *.henryschein.fr *.henryschein.com *.facebook.com *.bing.com stats.g.doubleclick.net cdn.linkedin.oribi.io adservice.google.com *.hscollectedforms.net *.google.com *.googletagmanager.com;  img-src 'self' *.youtube.com *.hubspot.com *.usercentrics.eu *.henryschein.com *.adroll.com *.adroll.mgr.consensu.org *.kampyle.com googleads.g.doubleclick.net *.akamaihd.net placeholder.com via.placeholder.com secure.comodo.com www.trustlogo.com seal.websecurity.norton.com *.digicert.com www.google:* www55.caligor.com optimize.google.com *.google-analytics.com *.henryschein.fr placehold.it www.servertastic.com *.clarity.ms localhost www.gstatic.com media.corporate-ir.net volusionchat.appspot.com *.googleapis.com ssl.gstatic.com www.google.com media.istockphoto.com js.hsforms.net *.facebook.com *.bing.com www.googletagmanager.com stats.g.doubleclick.net *.ads.linkedin.com *.adsymptotic.com *.atdmt.com *.commerce-connector.com linkedin.com *.hscollectedforms.net *.google.it *.hsforms.com *.linkedin.com forms.hsforms.com data:;  style-src *.zscloud.net *.kampyle.com *.google-analytics.com optimize.google.com 'unsafe-inline' 'self' *.googleapis.com services.cognitoforms.com tagmanager.google.com js.hsforms.net volusionchat.appspot.com *.henryschein.fr *.henryschein.com *.facebook.com *.bing.com fonts.gstatic.com;  font-src 'self' *.kampyle.com sxt.cdn.skype.com *.googleapis.com fonts.gstatic.com themes.googleusercontent.com services.cognitoforms.com js.hsforms.net volusionchat.appspot.com *.henryschein.fr *.henryschein.com *.facebook.com *.bing.com data:;  frame-src 'self' *.youtube-nocookie.com *.hs-ecom.com *.hubspot.com *.kampyle.com bid.g.doubleclick.net *.google-analytics.com optimize.google.com cdn.pendo.io app.pendo.io www.trustlogo.com secure.comodo.com www.googletagmanager.com cdn.livechatinc.com secure.livechatinc.com app.usercentrics.eu www.youtube.com player.vimeo.com media.corporate-ir.net vimeo.com *.facebook.com www.google.com volusionchat.appspot.com js.hsforms.net *.henryschein.fr *.henryschein.com *.bing.com connect.facebook.net forms.hsforms.com *.brevo.com *.doubleclick.net data:;  media-src 'self' *.kampyle.com media.istockphoto.com js.hsforms.net volusionchat.appspot.com *.henryschein.fr *.henryschein.com *.facebook.com *.bing.com www.dentapure.com;  report-uri /webservices/JSONRequestHandler.ashx?from=csp;   1
script-src 'self' https://*.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://login.microsoftonline.com/ https://*.cdninstagram.com/ https://pbs.twimg.com/ https://www.youtube.com/ https://i.ytimg.com/ https://*.myefrei.fr/ https://*.myefrei.dev/ https://www.efrei.fr https://www.recaptcha.net/recaptcha/ https://recaptcha.net/recaptcha/ https://*.gstatic.cn/recaptcha/ https://*.tile.openstreetmap.org/ 'unsafe-inline' 'unsafe-eval' blob:;connect-src 'self' https://*.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://login.microsoftonline.com/ https://*.cdninstagram.com/ https://pbs.twimg.com/ https://www.youtube.com/ https://i.ytimg.com/ https://*.myefrei.fr/ https://*.myefrei.dev/ https://www.efrei.fr https://www.recaptcha.net/recaptcha/ https://recaptcha.net/recaptcha/ https://*.gstatic.cn/recaptcha/ https://*.tile.openstreetmap.org/;frame-src 'self' https://*.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://login.microsoftonline.com/ https://*.cdninstagram.com/ https://pbs.twimg.com/ https://www.youtube.com/ https://i.ytimg.com/ https://*.myefrei.fr/ https://*.myefrei.dev/ https://www.efrei.fr https://www.recaptcha.net/recaptcha/ https://recaptcha.net/recaptcha/ https://*.gstatic.cn/recaptcha/ https://*.tile.openstreetmap.org/ mailto:;frame-ancestors https://mytest.efrei.fr https://www.efrei.fr https://*.myefrei.fr/ https://*.myefrei.dev/ 'self';worker-src https://*.myefrei.fr/ blob: 'self';img-src 'self' https://*.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://login.microsoftonline.com/ https://*.cdninstagram.com/ https://pbs.twimg.com/ https://www.youtube.com/ https://i.ytimg.com/ https://*.myefrei.fr/ https://*.myefrei.dev/ https://www.efrei.fr https://www.recaptcha.net/recaptcha/ https://recaptcha.net/recaptcha/ https://*.gstatic.cn/recaptcha/ https://*.tile.openstreetmap.org/ data: blob:;object-src 'self';default-src 'self';base-uri 'self';font-src 'self' https: data:;style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: *; style-src 'self' 'unsafe-inline' * 1
img-src *; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *.googleusercontent.com trackcmp.net *.app-us1.com unpkg.com *.ipaustralia.gov.au *.vimeocdn.com *.qrl.com.au *.exct.net *.fuelcdn.com *.exacttarget.com *.onesignal.com *.hotjar.io *.zip.co *.zendesk.com *.dc-storm.com *.linksynergy.com *.rakuten.com *.consensu.org *.cfjump.com *.mktoresp.com *.marketo.net *.cloudfront.net *.zipmoney.com.au *.collect.igodigital.com *.igodigital.com *.list-manage.com *.mailchimp.com *.chimpstatic.com chimpstatic.com *.typekit.net *.amazonaws.com *.taboola.com *.zopim.io wss://*.zopim.com *.zdassets.com *.trustpilot.com *.zopim.com wss://*.hotjar.com *.hotjar.com *.licdn.com *.bizographics.com *.linkedin.com *.typeform.com *.googlesyndication.com *.linkangood.com *.doubleclick.net *.afterpay.com *.secure-afterpay.com.au *.afterpay.com.au *.stripe.com *.cdninstagram.com *.vimeo.com *.doubleclick.net *.googleapis.com *.googleadservices.com *.google.com *.google.com.au *.maps.google.com *.youtube-nocookie.com *.gstatic.com *.cloudflare.com *.googletagmanager.com *.facebook.com *.facebook.net *.fbcdn.net *.google-analytics.com *.pinterest.com *.twitter.com *.youtube.com *.cowboysteamshop.com.au *.cowboys.com.au *.traderstore.com.au *.t20worldcupshop.com *.roarstore.com.au *.officialmemorabilia.com *.shop.olympics.com.au *.maroonsshop.com *.raidersshop.com.au *.fanplus.com https://zip.co/ *.googleapis.com *.gstatic.com https://logwork.com/ *.logwork.com *.livechatinc.com *.b-cdn.net *.adroll.com *.yotpo.com *.officialmemorabilia.com.au; 1
frame-ancestors 'self'; script-src 'nonce-7b72af6138939fa003b4a8928f0d09ef' 'strict-dynamic' 'unsafe-eval'; base-uri 'self'; object-src 'self'; 1
frame-src 'self' https://t.sharethis.com https://8865438.fls.doubleclick.net https://td.doubleclick.net https://www.youtube.com https://www.google.com;     object-src 'self' https://www.youtube.com https://www.google.com;     script-src 'self' https://www.youtube.com 'unsafe-inline' 'unsafe-eval';     script-src-elem 'self' https://t.sharethis.com https://connect.facebook.net/en_US/fbevents.js https://buttons-config.sharethis.com https://platform-api.sharethis.com https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://googleads.g.doubleclick.net/ https://cdnjs.cloudflare.com/ https://maps.googleapis.com/ https://www.youtube.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com 'unsafe-inline';     frame-ancestors 'self' ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.googletagmanager.com *.google.com *.gstatic.com *.googleapis.com *.ytimg.com *.youtube.com *.gravatar.com *.yoast.com yoast.com cdnjs.cloudflare.com github.com brainstormforce.github.io googleads.g.doubleclick.net google-analytics.com *.google-analytics.com *.google.com.br *.twillio.com *.cloudfront.net *.rdstation.com.br 1
default-src 'self' 'unsafe-inline' blob: data: www.googletagmanager.com www.google-analytics.com www.google.com www.google.nl analytics.google.com ajax.googleapis.com *.google-analytics.com *.g.doubleclick.net www.youtube.com *.prismic.io www.gravatar.com dpdk.com form.typeform.com *.cookiebot.com *.googlesyndication.com api.mapbox.com js.hs-scripts.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hs-analytics.net *.hscollectedforms.net *.hs-banner.com *.hubspot.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://code.jquery.com https://cdnjs.cloudflare.com https://www.youtube.com https://ajax.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://code.jquery.com; img-src 'self' data: https://www.google.co.in https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.google.com.sg  https://www.google.co.in/ads/ https://ssl.google-analytics.com; font-src 'self' https://css.zohocdn.com https://fonts.gstatic.com data:; frame-ancestors 'self' ; frame-src 'self' https://www.youtube.com https://www.google.com; object-src 'self' ; connect-src https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net 1
frame-ancestors 'self' ;script-src 'strict-dynamic' 'nonce-rAnd0m123'; object-src 'none'; base-uri 'none'; require-trusted-types-for 'script'; 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' blob: cdn.jsdelivr.net www.gstatic.com fonts.googleapis.com cdn.bitmovin.com; block-all-mixed-content; upgrade-insecure-requests 1
base-uri 'none'; font-src 'self' https: data:; frame-ancestors 'self'; object-src 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' *.googleadservices.com webcdn.quicktalk.com; img-src 'self' data: *.linkedin.com *.licdn.com *.linkedin.com *.adsymptotic.com *.oribi.io *.bizographics.com *.facebook.com *.googletagmanager.com *.tiktok.com webcdn.quicktalk.com google-analytics.com *.google-analytics.com *.facebook.com *.imgur.com *.ytimg.com ytimg.com; script-src 'unsafe-inline' 'self' *.googleadservices.com *.licdn.com *.algolianet.com *.algolia.net *.googlesyndication.com quicktalk.postaffiliatepro.com *.g.doubleclick.net facebook.com storage.googleapis.com ct.capterra.com google.com google.fr  youtube.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com gstatic.com *.g.doubleclick.net *.gstatic.com *.facebook.net *.google.com *.tiktok.com; style-src 'self' *.quicktalk.com https://fonts.googleapis.com fonts.gstatic.com 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.googletagmanager.com *.tiktok.com; connect-src 'self' *.googleusercontent.com *.algolia.net *.algolianet.com *.oribi.io *.googlesyndication.com *.quicktalk.com *.googleadservices.com *.google.com *.google-analytics.com *.google.fr *.g.doubleclick.net *.googletagmanager.com *.tiktok.com; font-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com; media-src 'self' *.quicktalk.com; frame-src 'self' *.quicktalk.com *.youtube-nocookie.com *.google.com *.youtube.com youtube-nocookie.com *.facebook.com *.doubleclick.net *.tiktok.com; child-src 'self' *.quicktalk.com; form-action 'self' *.facebook.com; frame-ancestors 'self' *.quicktalk.com; object-src 'none'; base-uri 'self'; worker-src 'self' *.quicktalk.com; manifest-src 'self'; navigate-to 'self' *.quicktalk.com; upgrade-insecure-requests 1
base-uri 'self'; child-src 'self' gap: assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au dev.visualwebsiteoptimizer.com www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au; frame-src 'self' gap: assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au dev.visualwebsiteoptimizer.com www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au; connect-src 'self' assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au dev.visualwebsiteoptimizer.com www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com gms-c1.gsn.cloud edge.adobedc.net adobedc.demdex.net apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au analytics.google.com; default-src 'self' gap: assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au dev.visualwebsiteoptimizer.com www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *; img-src 'self' data: * blob:; script-src 'self' assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au www.googletagmanager.com dev.visualwebsiteoptimizer.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com gms-c1.gsn.cloud edge.adobedc.net adobedc.demdex.net apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; frame-ancestors 'self' gap: assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=qj3njl62Br5bHgNe%2BVta3c8iKAYpKw0nP2RVre3xGITsf2Z6IHUEWrR%2FrNwjRRtBhbzZWfK5nZpwQZJTqx3P%2Fw%3D%3D; 1
default-src 'self' 'unsafe-inline'; font-src *; img-src *; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline'; object-src 'none'; child-src 'self' 'unsafe-inline' 1
default-src 'self' data: *.exness.com *.exness.asia *.exness.net *.webvisor.com *.google.com storage.googleapis.com google-analytics.com *.zopim.com; script-src 'self' fonts.googleapis.com optimize.google.com 'unsafe-inline' https:; style-src 'self' fonts.googleapis.com optimize.google.com exness--miaw.sandbox.my.site.com myexness.force.com exness.my.site.com 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' *.test.env *.prod.env *.webvisor.com *.zopim.com https: wss:; frame-src 'self' exness--miaw.sandbox.my.site.com myexness.force.com exness.my.site.com; 1
script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net www.googleadservices.com tags.bkrtx.com js.adara.com www.googletagmanager.com *.hotjar.com www.casafari.com *.google-analytics.com maps.googleapis.com maps.google.com code.listtrac.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com www.casafari.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: fonts.gstatic.com yoast.com *; frame-ancestors 'self' google.com www.google.com mozbar.moz.com www.youtube.com youtube.com spbsas.sharepoint.com; script-src 'self' 'unsafe-inline' data: blob: ajax.googleapis.com google.com www.google.com google.com www.google.com www.gstatic.com recaptcha.fr * 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *; frame-src 'self' recaptcha.fr google.com www.google.com mozbar.moz.com www.youtube.com youtube.com spbsas.sharepoint.com maps.google.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: ps.w.org *.w.org secure.gravatar.com * 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.medicover.pl *.medistore.com.pl requirejs.org cdn.jsdelivr.net js-agent.newrelic.com https://bam.eu01.nr-data.net app3.salesmanago.pl app3.salesmanago.com maps.gstatic.com www.gstatic.com www.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net https://app3.emlgrid.com *.hotjar.com https://my.hellobar.com https://connect.facebook.net https://cdn.chatbot.com https://code.jquery.com https://cdnjs.cloudflare.com https://cdn-widget.callpage.io https://www.clarity.ms; frame-src 'self' images.medicover.pl *.gdziepolek.pl covid19.infermedica.com platform.twitter.com *.google.com *.youtube.com *.hotjar.com cdn.chatbot.com; object-src 'self'; 1
script-src 'self' https://*.clarity.ms https://bat.bing.com https://r.bing.com https://js.stripe.com https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js https://ajax.aspnetcdn.com/ajax/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.youtube.com/iframe_api https://www.google.com https://www.gstatic.com https://assets.calendly.com/ https://tags.srv.stackadapt.com/ https://tracker.clickguard.com https://js.partnerstack.com https://www.youtube.com/ https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://*.hsadspixel.net https://*.hubspot.com 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com https://tags.srv.stackadapt.com/ 'unsafe-inline'; frame-ancestors https://taxfolder.com https://www.taxcycle.com 1
frame-ancestors *.telmate.com *.telmate.cc *.intelmate.com *.intelmate.net intelmate.net *.telmate.ca secure-synergybc.ca *.ericom-command.com.au *.gtlcommand.com 1
frame-src 'self' consentcdn.cookiebot.com www.facebook.com gvb.demdex.net www.youtube.com www.google.com newassets.hcaptcha.com form.typeform.com typeform.com www.typeform.com bid.g.doubleclick.net activitymap.adobe.com vars.hotjar.com optimize.google.com gvb.ch gvb-privatversicherungen.ch hausinfo.ch wetteralarm.ch alarmemeteo.ch allarmemeteo.ch *.doubleclick.net *.demdex.net outlook.office365.com moneypark.ch embed.eventfrog.ch;   child-src blob:;   object-src 'self';   script-src 'self' 'unsafe-inline' 'unsafe-eval' gvbtest.b-cdn.net gvb.b-cdn.net gvba.b-cdn.net consent.cookiebot.com consentcdn.cookiebot.com hcaptcha.com newassets.hcaptcha.com dpm.demdex.net www.googletagmanager.com www.facebook.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com embed.typeform.com activitymap.adobe.com www.youtube.com www.googleoptimize.com static.hotjar.com script.hotjar.com optimize.google.com snap.licdn.com *.fusedeck.net *.demdex.net cm.everesttech.net assets.adobedtm.com moneypark.ch static.elfsight.com embed.eventfrog.ch 'unsafe-inline';  frame-ancestors 'self' wetterhuette.ch ; 1
default-src 'self' cdn.wcc.witt-weiden.ch https://cdn.wcc.witt-weiden.ch/graphql;    base-uri 'self' widget.solvemate.com;    font-src 'self' cdn.wcc.witt-weiden.ch https://fonts.gstatic.com data: widget.solvemate.com *.dixa.io https://*.userwerk.com;    img-src * data: https://*.userwerk.com;    connect-src 'self' https://cdn.wcc.witt-weiden.ch/graphql cdn.wcc.witt-weiden.ch cdn.witt.info/ https://images.ctfassets.net te.witt-weiden.ch tp.witt-weiden.ch wasp.witt-weiden.ch wst.witt-weiden.ch https://*.analytics.google.com https://*.facebook.com https://*.contentsquare.net https://*.my.onetrust.eu https://*.google-analytics.com https://bat.bing.com eu-witt-gruppe-prod1.mini.snplow.net https://www.google-analytics.com https://www.jsctool.com https://adservice.google.com/pagead/ https://graphql.contentful.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://geolocation.onetrust.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ https://*.creativecdn.com https://*.googlesyndication.com https://*.optimizely.com ct.pinterest.com https://jsctool.com checkout-cdn.aboutyou.cloud checkout-v3.wcc.witt-weiden.ch https://*.ingest.sentry.io api.solvemate.com widget.solvemate.com relay.solvemate.com *.dixa.io wss://sockets.dixa.io https://*.userwerk.com https://maps.googleapis.com;    object-src 'none';    child-src blob: ;    script-src * 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.paypal.com blob: *.dixa.io https://*.userwerk.com;    style-src 'self' cdn.wcc.witt-weiden.ch https://www.googletagmanager.com https://fonts.googleapis.com 'unsafe-inline' d.witt-weiden.ch checkout-cdn.aboutyou.cloud https://*.adyen.com https://*.paypal.com blob: widget.solvemate.com *.dixa.io;    frame-src 'self' checkout-v3.wcc.witt-weiden.ch https://*.awin1.com https://*.criteo.net https://*.criteo.com https://*.adrtx.net https://*.contentsquare.net https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://dmp.theadex.com https://5127363.fls.doubleclick.net https://12769738.fls.doubleclick.net https://www.jsctool.com https://creativecdn.com/ https://fledge-eu.creativecdn.com/ https://tbs.tradedoubler.com/ https://survey2.quantilope.com/ https://*.adyen.com https://*.paypal.com https://*.computop-paygate.com blob: *.dixa.io https://*.userwerk.com;    media-src 'self' cdn.wcc.witt-weiden.ch cdn.witt.info/ https://images.ctfassets.net https://videos.ctfassets.net https://www.youtube.com https://witt-gruppe-res.cloudinary.com *.dixa.io;    manifest-src 'self' cdn.wcc.witt-weiden.ch *.dixa.io;    worker-src 'self' cdn.wcc.witt-weiden.ch blob:;    form-action 'self' www.facebook.com https://*.userwerk.com;    block-all-mixed-content;    frame-ancestors 'self' https://app.contentful.com;    sandbox allow-scripts allow-forms allow-same-origin allow-top-navigation allow-popups allow-popups-to-escape-sandbox allow-modals; 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.xstory.cam:9080 www.xstory.cam:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.xstory.cam wss://www.xstory.cam *.campoints.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1721960929 1
frame-ancestors  'self' *.qidian.com  *.hongxiu.com  *.yuewen.com  *.qq.com  *.qdmm.com  *.readnovel.com  *.xs8.cn  *.xxsy.net  *.tingbook.com  *.lrts.me  *.ywurl.cn  *.qdwenxue.com  *.if.qidian.com  www.gameloop.com *.xxsypro.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://service.force.com/embeddedservice/ https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/ https://payments.salesforce.com/ https://js.stripe.com/ https://www.paypal.com/sdk/js https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://pal-test.adyen.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com import: blob: https://uip.canary.lwc.dev https://www.google.com https://www.gstatic.com https://www.googletagmanager.com; object-src 'self' www.google.com; style-src 'self' 'unsafe-inline' https://service.force.com/embeddedservice/ https://fonts.googleapis.com/css2 https://fonts.googleapis.com/css https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ blob: https://api.cquotient.com; img-src 'self' data: blob: https://safilo.my.salesforce.com https://safilo.file.force.com https://img.youtube.com https://i.ytimg.com https://i.vimeocdn.com https://login.salesforce.com/icons/ https://payments.salesforce.com/icons/ https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/icons/ https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/icons/ https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://www.sandbox.paypal.com https://www.paypal.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://deu70.sfdc-yzvdd4.salesforce.com/icons/ *.force.com *.sfdcstatic.com *.salesforce.com *.salesforce.com:* *.my-salesforce.com *.my-salesforce-cms.com *.cloudinary.com *.salesforce-experience.com https://api.cquotient.com https://safilo--uat.sandbox.file.force.com https://safilo-spa-ql360.azureedge.net https://safilo-spa-pd-cde002.azureedge.net https://*.my.site.com https://*.lightning.force.com https://safilo-spa-pd360.azureedge.net https://www.googletagmanager.com https://region1.google-analytics.com; media-src 'self' blob: https://api.cquotient.com; frame-ancestors 'self'; frame-src 'self' https://service.force.com/embeddedservice/ https://deu70.sfdc-yzvdd4.salesforce.com https://sfdc-link-preview-staging.sfdc.sh https://sfdc-link-preview.hk.salesforce.com https://cdn.embedly.com https://www.youtube.com https://player.vimeo.com https://play.vidyard.com https://player.cloudinary.com https://fast.wistia.net https://players.brightcove.net https://s1.adis.ws https://scormanywhere.secure.force.com https://appiniummastertrial.secure.force.com https://js.stripe.com/ https://www.paypal.com https://www.sandbox.paypal.com https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://pal-test.adyen.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com https://*.a.forceusercontent.com/lightningmaps/ https://*.a.forceusercontent.com https://location.force.com https://safilo.file.force.com *.force.com *.youtube-nocookie.com *.youtube.co.uk *.cybersource.com *.youtube.com.br *.youtube.es *.fast.wistia.net *.salesforce-experience.com *.salesforceliveagent.com *.i1.adis.ws *.sfdcfc.net *.youtube.ca *.players.brightcove.net *.youtube.ie *.bcove.video *.vidyard.com *.youtube.jp *.player.vimeo.com *.youtube.fr *.player.cloudinary.com *.forceusercontent.com *.youtube.com *.salesforce.com *.s1.adis.ws *.youtube.nl *.youtube.pl safilo.my.salesforce.com https://api.cquotient.com https://www.google.com https://safilo-spa-ql360.azureedge.net https://safilo-spa-pd360.azureedge.net; font-src 'self' data: https://fonts.gstatic.com/ *.force.com *.salesforce.com blob: https://api.cquotient.com; connect-src 'self' https://www.paypal.com https://www.sandbox.paypal.com https://safilo.my.salesforce-scrt.com https://fonts.googleapis.com/css2 https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://o11y.sfproxy-core1.sfdc-yzvdd4.svc.sfdcfc.net/ui-telemetry https://api.cquotient.com https://region1.google-analytics.com; 1
frame-ancestors 'self' https://*.zeydoo.com https://*.rtty.in http://*.zeydoo.com http://*.rtty.in http://127.0.0.1/ http://*.cpanetwork; 1
frame-ancestors "self" www.zinspilot.de *.zendesk.com 1
default-src 'self' https://download-video.akamaized.net https://player.vimeo.com *.ramat-gan.muni.il *.ramatgan-prod.com https://webchat.eladsoftware.com; connect-src 'self' https://www.google-analytics.com https://usersync.tiqcdn.net https://depart.trinitymedia.ai *.ramatgan-prod.com *.ramat-gan.muni.il wss://webchat.eladsoftware.com wss://api-m.ramat-gan.muni.il/file-status-ws; img-src data: blob: *.ramatgan-prod.com *.ramat-gan.muni.il 'self' https://webchat.eladsoftware.com www.googletagmanager.com; script-src 'self' 'unsafe-inline' www.googletagmanager.com 'unsafe-eval' https://webchat.eladsoftware.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://webchat.eladsoftware.com https://trinitymedia.ai https://vd.trinitymedia.ai; font-src https://fonts.googleapis.com https://fonts.gstatic.com 'self' https://webchat.eladsoftware.com; style-src 'self' https://webchat.eladsoftware.com 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://trinitymedia.ai *.ramat-gan.muni.il; object-src 'none'; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-E8-van6HqF095Sr7TxxeHw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' https://www.visitdenmark.nl https://*.www.visitdenmark.nl https://api.www.www.visitdenmark.nl 1
disown-opener; frame-ancestors 'none'; child-src 'none'; font-src 'none'; frame-src 'none'; manifest-src 'none'; media-src 'none'; object-src 'none'; prefetch-src 'none'; worker-src 'none'; report-uri root@fresco.co.jp; img-src 'self'; upgrade-insecure-requests; 1
object-src 'self' blob; 1
default-src 'self' img-src * 'unsafe-inline' 'unsafe-eval' 'frame-src' 'font-src' 'self' https://merchantsafeunipay.com https://cdn.jsdelivr.net https://*.googleapis.com https://*.gstatic.com https://fonts.gstatic.com https://*.google.com https://*.polisoft.com.tr https://*.netmera-web.com https://*.googletagmanager.com https://*.revotas.com https://*.google-analytics.com https://connect.facebook.ne https://analytics.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.tawk.to https://tawk.link https://cdn.bootcss.com https://vsb98.tawk.to https://cdnjs.cloudflare.com https://code.jquery.com https://googleadservices.com https://esycdn.b-cdn.net https://*.icons8.com https://unpkg.com https://blogger.googleusercontent.com https://vsb41.tawk.to; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com *.jquery.com *.google-analytics.com *.googletagmanager.com *.twitter.com; object-src 'none'; style-src 'self' 'unsafe-inline'  *.cloudflare.com *.googleapis.com; img-src 'self' 'unsafe-inline' *.ensa.com.pa data: *.google-analytics.com *.google.com.pa *.google.com.mx *.googletagmanager.com; media-src 'self'; frame-src 'self' *.google.com *.doubleclick.net *.twitter.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com *.ensa.com.pa *.cloudflare.com *.googleusercontent.com *.googleapis.com; connect-src 'self' adservice.google.com collect.tealiumiq.com mbpasxv7.staticmon.com notify.bugsnag.com opensheet.elk.sh sessions.bugsnag.com  www.google-analytics.com stats.g.doubleclick.net *.google.com.pa *.analytics.google.com *.google.com; report-uri /report-csp-violation 1
default-src https:; object-src https:; media-src https:; img-src https: data:; frame-ancestors https:; frame-src https:; font-src https: data:; connect-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src 'self' epichttp:;script-src 'nonce-ff5d5215112e40a5a714135cee5fe07a' https://mijnolvg.nl 'self';img-src 'self' blob: data: https://www.mijnolvg.nl https://www.olvg.nl;style-src https://mijnolvg.nl 'self' 'unsafe-inline';form-action 'self'; 1
default-src 'none';  script-src 'none'; style-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; 1
connect-src 'self' wss: ws: *.doubleclick.net *.googlesyndication.com *.klaviyo.com *.klarnacdn.net *.cookiebot.com *.termly.io cloudflareinsights.com *.facebook.com *.dojo.tech *.salesfire.co.uk *.onlinesizing.bike *.tawk.to cdn-cookieyes.com *.cookieyes.com *.klaviyo.com *.appspot-preview.com *.bing.com *.clarity.ms *.fontawesome.com *.google-analytics.com *.google.com *.google.co.uk *.googleapis.com *.googletagmanager.com *.hotjar.com *.iubenda.com *.klarna.com *.klarnaservices.com *.luckyorange.com *.luckyorange.net *.nr-data.net *.paymentsense.cloud *.pushsales.app *.salesfire.co.uk *.sharethis.com *.smartlook.cloud *.visitors.live api.getaddress.io bat.bing.com content.hotjar.io eu.klarnaevt.com js.klarna.com live.smartmetrics.co.uk manager.eu.smartlook.cloud maps.googleapis.com metrics.hotjar.io na.klarnaevt.com stats.g.doubleclick.net vc.hotjar.io www.google.se centinelapi.cardinalcommerce.com *.outfindo.com outfindo.com *.promofeatures.com js.stripe.com; default-src 'self' *.klaviyo.com  *.dojo.tech *.salesfire.co.uk *.googleapis.com *.trustpilot.com; font-src 'self' *.klaviyo.com *.dojo.tech  *.pushsales.app *.tawk.to *.salesfire.co.uk *.klaviyo.com fonts.gstatic.com *.cloudflare.com *.fontawesome.com *.typekit.net x.klarnacdn.net js.stripe.com; form-action 'self' *.list-manage.com translate.googleapis.com pay.realexpayments.com *.klaviyo.com *.dojo.tech *.facebook.com *.paypal.com *.sagepay.com *.worldpay.com eu-library.klarnaservices.com gateway.cardstream.com live.opayo.eu.elavon.com mdepayments.epdq.co.uk test.opayo.eu.elavon.com js.stripe.com; frame-ancestors 'self'; frame-src youtu.be *.klaviyo.com hubtiger.com  app.bikerentalmanager.com connect.garmin.com widgets.sociablekit.com *.paypalobjects.com www.googletagmanager.com bikesizing.cube.eu www.paypal.com bookings.hubtiger.com challenges.cloudflare.com *.onlinesizing.bike consentcdn.cookiebot.com *.termly.io *.doubleclick.net *.facebook.com *.google.com *.google.co.uk *.greencommuteinitiative.uk *.instagram.com *.paymentsense.cloud *.sharethis.com *.strava.com *.trustpilot.com *.vimeo.com *.youtube-nocookie.com *.youtube.com www.komoot.com cdn.salesfire.co.uk jejames.checkfront.co.uk js.klarna.com td.doubleclick.net www.cyclescheme.co.uk osm.klarnaservices.com *.webmaps.co.uk centinelapi.cardinalcommerce.com js.stripe.com forms.office.com ridewithgps.com platform.twitter.com *.webgains.com *.recaptcha.net; img-src 'self' 'unsafe-inline' data: https: *.klaviyo.com *.dojo.tech *.google-analytics.com *.googletagmanager.com *.gravatar.com 0.gravatar.com l.sharethis.com www.gravatar.com www.specialized.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com platform.twitter.com *.consentprotect.com www.googletagmanager.com www.youtube.com *.livechatinc.com *.kaspersky-labs.com *.googlesyndication.com analytics.tiktok.com *.googleadservices.com *.paypal.com widget.privy.com *.list-manage.com *.amazonaws.com *.mailchimp.com *.klaviyo.com *.checkfront.co.uk *.klarnacdn.net *.pushsales.co.uk challenges.cloudflare.com static.cloudflareinsights.com ajax.cloudflare.com *.dojo.tech *.cube.eu *.klarnaservices.com *.clarity.ms *.hotjar.com *.bing.com *.salesfire.co.uk js.klarna.com *.onlinesizing.bike *.clarity.ms *.tawk.to *.avln.me *.bing.com *.webgains.io *.klaviyo.com cdn-cookieyes.com *.chimpstatic.com chimpstatic.com *.googleapis.com *.getaddress.io *.iubenda.com *.addthis.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.instagram.com *.klarna.com *.klarnaservices.com *.luckyorange.com *.newrelic.com *.nr-data.net *.paymentsense.cloud *.pushsales.app *.salesfire.co.uk *.sharethis.com *.trustpilot.com *.typekit.net *.vimeo.com cdn.jsdelivr.net cdn.salesfire.co.uk cdnjs.cloudflare.com code.jquery.com *.cookiebot.com *.termly.io hit.salesfire.co.uk js.klarna.com kit.fontawesome.com maps.googleapis.com polyfill-fastly.io script.hotjar.com *.elfsight.com static.hotjar.com unpkg.com web-sdk.smartlook.com www.google.com www.gstatic.com x.klarnacdn.net osm.klarnaservices.com *.webmaps.co.uk centinelapi.cardinalcommerce.com *.outfindo.com outfindo.com *.promofeatures.com js.stripe.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com platform.twitter.com *.consentprotect.com www.googletagmanager.com www.youtube.com *.livechatinc.com *.kaspersky-labs.com *.googlesyndication.com analytics.tiktok.com *.googleadservices.com *.paypal.com widget.privy.com *.list-manage.com *.amazonaws.com *.mailchimp.com *.klaviyo.com *.checkfront.co.uk *.klarnacdn.net *.pushsales.co.uk challenges.cloudflare.com static.cloudflareinsights.com ajax.cloudflare.com *.dojo.tech *.cube.eu *.klarnaservices.com *.clarity.ms *.hotjar.com *.bing.com *.salesfire.co.uk js.klarna.com *.onlinesizing.bike *.clarity.ms *.tawk.to *.avln.me *.bing.com *.webgains.io *.klaviyo.com cdn-cookieyes.com *.chimpstatic.com chimpstatic.com *.googleapis.com *.getaddress.io *.iubenda.com *.addthis.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.instagram.com *.klarna.com *.klarnaservices.com *.luckyorange.com *.newrelic.com *.nr-data.net *.paymentsense.cloud *.pushsales.app *.salesfire.co.uk *.sharethis.com *.trustpilot.com *.typekit.net *.vimeo.com cdn.jsdelivr.net cdn.salesfire.co.uk cdnjs.cloudflare.com code.jquery.com *.cookiebot.com *.termly.io hit.salesfire.co.uk js.klarna.com kit.fontawesome.com maps.googleapis.com polyfill-fastly.io script.hotjar.com *.elfsight.com static.hotjar.com unpkg.com web-sdk.smartlook.com www.google.com www.gstatic.com x.klarnacdn.net osm.klarnaservices.com *.webmaps.co.uk centinelapi.cardinalcommerce.com *.outfindo.com outfindo.com *.promofeatures.com js.stripe.com; style-src 'self' 'unsafe-inline' *.mailchimp.com *.klaviyo.com *.dojo.tech *.paymentsense.cloud *.tawk.to *.salesfire.co.uk *.klaviyo.com *.getaddress.io  *.googleapis.com *.pushsales.app *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com npkg.com x.klarnacdn.net js.stripe.com; style-src-elem 'self' 'unsafe-inline' *.mailchimp.com *.klaviyo.com *.dojo.tech *.paymentsense.cloud *.tawk.to *.salesfire.co.uk *.klaviyo.com *.getaddress.io  *.googleapis.com *.pushsales.app *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com npkg.com x.klarnacdn.net js.stripe.com; report-to csp-endpoint; 1
frame-ancestors www.viajeseroski.es www.facebook.com raw2.statichtmlapp.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-46ePW1oAZSWN1tDb6WhvEg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' https://www.ecoolbuy.com http://*.ecoolbuy.com; 1
font-src * data: blob: 'unsafe-inline' js.stripe.com fonts.gstatic.com;script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 1
frame-ancestors 'self' https://*.migros.com.tr https://localhost:7116 http://localhost:7116 1
default-src 'self' https://7463.global.siteimproveanalytics.io *.kammarkollegiet.se web103.reachmee.com kammarkollegiet.se *.rek.ai *.sitevision-cloud.se *.sitevision.se https://partiinsynt.kk.local:8443 *.drive.google.com https://docs.google.com *.google-analytics.com *.tagmanager.google.com *.fonts.googleapis.com *.ssl.gstatic.com *.fonts.gstatic.com data: *.gstatic.com *.hotjar.com *.hotjar.io wss://*.hotjar.com https://www.google.com *.googleusercontent.com https://www.anpdm.com *.youtube.com *.youtube-nocookie.com https://svanalytics.containers.piwik.pro https://svanalytics.piwik.pro; script-src *.sitevision.se *.sitevision-cloud.se *.kammarkollegiet.se *.rek.ai *.rekai.se *.hotjar.com https://esmaker.net https://siteimproveanalytics.com tagmanager.google.com *.googletagmanager.com *.google-analytics.com web103.reachmee.com https://svanalytics.containers.piwik.pro https://svanalytics.piwik.pro 'unsafe-eval' 'unsafe-inline'; style-src 'unsafe-inline' *.kammarkollegiet.se *.sitevision.se *.hotjar.com *.cloudflare.com https://tagmanager.google.com/debug/css.css *.googleapis.com; font-src *.cloudflare.com *.sitevision.se data: *.gstatic.com *.hotjar.com *.kammarkollegiet.se; frame-ancestors *.kammarkollegiet.se web103.reachmee.com; 1
default-src 'self'; font-src 'self' fonts.gstatic.com data:; img-src 'self' *.gravatar.com data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; 1
default-src 'self'; script-src 'self' 'nonce-5b2cae209a92d1f71074eb8522538007' https://*.outbrain.com blob: https://*.visualvest.de https://*.usercentrics.eu https://www.youtube.com https://www.googletagmanager.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net; img-src 'self' data: https://*.visualvest.de https://images.ctfassets.net https://*.usercentrics.eu https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://www.facebook.com https://i.ytimg.com; frame-src 'self' https://bid.g.doubleclick.net https://www.youtube.com https://*.usercentrics.eu; connect-src 'self' https://*.outbrain.com https://*.visualvest.de https://images.ctfassets.net  https://*.usercentrics.eu https://www.google.com https://googleads.g.doubleclick.net visualvest.secure.force.com uat-visualvest.cs101.force.com wss://*.visualvest.de/; style-src 'self' 'unsafe-inline' *.visualvest.de 1
connect-src api.hubapi.com api.hubspot.com cta-service-cms2.hubspot.com forms.hscollectedforms.net px.ads.linkedin.com snid.snitcher.com w.clarity.ms www.google-analytics.com bat.bing.com content.hotjar.io forms.hsforms.com js.hs-banner.com region1.google-analytics.com v.clarity.ms ws.zoominfo.com wss://ws.hotjar.com 'self' adservice.google.com data: www.facebook.com x.clarity.ms yoast.com metrics.hotjar.io j.clarity.ms q.clarity.ms r.clarity.ms vc.hotjar.io y.clarity.ms z.clarity.ms 1531320666.rsc.cdn77.org a.clarity.ms b.clarity.ms d.clarity.ms e.clarity.ms f.clarity.ms h.clarity.ms hubspot-forms-static-embed.s3.amazonaws.com i.clarity.ms k.clarity.ms l.clarity.ms m.clarity.ms my.yoast.com n.clarity.ms o.clarity.ms p.clarity.ms s.clarity.ms t.clarity.ms u.clarity.ms google.com cookie-cdn.cookiepro.com geolocation.onetrust.com beaconapi.helpscout.net cdn.linkedin.oribi.io d3hb14vkzrxvla.cloudfront.net distillery.wistia.com exceptions.hubspot.com fast.wistia.com g.clarity.ms in.hotjar.com infragrid.v.network maps.googleapis.com static.hsappstatic.net translate-pa.googleapis.com translate.googleapis.com www.clarity.ms analytics.google.com analytics.propensity.com scout.salesloft.com stats.g.doubleclick.net www.google.com.hk www.googletagmanager.com cdn.cookielaw.org www.google.com js.zi-scripts.com; font-src 'self' data: fonts.gstatic.com chrome-extension cyberint.com fast.wistia.com; img-src 'self' bat.bing.com data: forms-na1.hsforms.com forms.hsforms.com perf-na1.hsforms.com px.ads.linkedin.com track.hubspot.com www.facebook.com www.google.co.il www.google.com analytics.twitter.com t.co tr-rc.lfeeder.com www.google.co.uk adservice.google.com www.google-analytics.com ps.w.org s.w.org secure.gravatar.com c.clarity.ms cyberintdev.wpengine.com i.ytimg.com no-cache.hubspot.com blob: c.bing.com cdn.honey.io fonts.gstatic.com region1.google-analytics.com translate.google.com www.google.az www.google.bg www.google.ca www.google.cl www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.th www.google.com.au www.google.com.ec www.google.com.eg www.google.com.hk www.google.com.my www.google.com.ph www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.de www.google.dz www.google.es www.google.fi www.google.fr www.google.hu www.google.it www.google.mk www.google.mu www.google.no www.google.pl www.google.ro www.google.se www.google.tm www.googletagmanager.com perf.hsforms.com www.google.ae www.google.at www.google.com.bh www.google.com.pk www.google.dk www.google.lk www.google.nl www.google.ru www.google.ch www.google.com.bd www.google.com.gh www.google.com.kw www.google.com.mt www.google.cz www.google.hr cookie-cdn.cookiepro.com www.google.ie www.google.com.br www.linkedin.com 2034462.fs1.hubspotusercontent-na1.net [fdbd:dc05:ff:ff:88c6:e7e0:1f15:b25b]:9271 cta-service-cms2.hubspot.com e.cyberint.com embed-ssl.wistia.com exceptions.hs-embed-reporting.com fast.wistia.com i.vimeocdn.com maps.gstatic.com pd.w.org plugin.wpforms.com px4.ads.linkedin.com stats.sa-as.com translate.googleapis.com www.comeet.co www.google.com.co www.google.com.mx www.google.com.pe www.google.com.sv www.google.rs www.gstatic.com yastatic.net scout.us2.salesloft.com; script-src-elem 'self' 'unsafe-inline' bat.bing.com connect.facebook.net googleads.g.doubleclick.net js-na1.hs-scripts.com js.hsforms.net sc.lfeeder.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.clarity.ms www.googletagmanager.com cdn.jsdelivr.net js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hscollectedforms.net js.hubspot.com js.usemessages.com script.hotjar.com snid.snitcher.com ws.zoominfo.com www.google-analytics.com cdnjs.cloudflare.com js.hs-scripts.com www.google.com www.gstatic.com www.comeet.co www.youtube.com app.hubspot.com yoast.com cta-service-cms2.hubspot.com js.hscta.net cookie-cdn.cookiepro.com apis.google.com beacon-v2.helpscout.net cdn.mxpnl.com conoret.com cyberint.com fast.wistia.com localhost:49506 maps.googleapis.com stats.sa-as.com translate-pa.googleapis.com translate.google.com translate.googleapis.com static.ads-twitter.com cdn.propensity.com js.hsleadflows.net okt.to scout-cdn.salesloft.com script.crazyegg.com static.oktopost.com www.googleoptimize.com cdn.cookielaw.org blob: js.zi-scripts.com ws-assets.zoominfo.com; script-src 'unsafe-eval' 'self' js.hsforms.net 'unsafe-inline' bat.bing.com cdn.jsdelivr.net connect.facebook.net googleads.g.doubleclick.net js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hscollectedforms.net js.hubspot.com js.usemessages.com sc.lfeeder.com script.hotjar.com snap.licdn.com snid.snitcher.com static.ads-twitter.com static.hotjar.com wasm-eval ws.zoominfo.com www.clarity.ms www.comeet.co www.google-analytics.com www.googletagmanager.com www.youtube.com cdnjs.cloudflare.com cookie-cdn.cookiepro.com cta-service-cms2.hubspot.com js.hs-scripts.com stats.sa-as.com www.google.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com wowjs.uk cdn.honey.io cyberint.com www.comeet.com www.gstatic.com www.googletagmanager.com; frame-src app.hubspot.com td.doubleclick.net forms.hsforms.com static.hsappstatic.net player.vimeo.com www.google.com www.comeet.co www.youtube-nocookie.com www.youtube.com maxblockpage.service.anz www.googletagmanager.com 'self' 2034462.hs-sites.com blob: feedback-pa.clients6.google.com gateway.zscloud.net hysafeweb.skhynix.com l.cyberint.com mozbar.moz.com ransomania.cyberint.com vars.hotjar.com wp-rocket.me www.facebook.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com wowjs.uk; form-action forms.hsforms.com 'self' webto.salesforce.com www.facebook.com; worker-src blob: 'self'; script-src-attr 'unsafe-inline'; child-src app.hubspot.com www.comeet.co www.youtube.com; default-src 'self' 'unsafe-inline' adservice.google.com analytics.twitter.com api.hubspot.com app.hubspot.com b.clarity.ms bat.bing.com c.clarity.ms cdn.jsdelivr.net connect.facebook.net content.hotjar.io cta-service-cms2.hubspot.com data: fonts.googleapis.com fonts.gstatic.com forms-na1.hsforms.com forms.hscollectedforms.net forms.hsforms.com googleads.g.doubleclick.net hubspot-forms-static-embed.s3.amazonaws.com js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hscollectedforms.net js.hsforms.net js.hubspot.com js.usemessages.com no-cache.hubspot.com perf-na1.hsforms.com px.ads.linkedin.com region1.google-analytics.com sc.lfeeder.com script.hotjar.com secure.gravatar.com snap.licdn.com snid.snitcher.com static.ads-twitter.com static.hotjar.com t.clarity.ms t.co tr-rc.lfeeder.com track.hubspot.com vc.hotjar.io ws.zoominfo.com wss://ws.hotjar.com www.clarity.ms www.facebook.com www.google-analytics.com www.google.com www.google.ie www.google.tm www.googletagmanager.com z.clarity.ms 2034462.fs1.hubspotusercontent-na1.net api.hubapi.com cyberintdev.wpengine.com perf.hsforms.com self stats.sa-as.com www.linkedin.com www.youtube.com; media-src data: blob:; prefetch-src 'self'; frame-ancestors 'self' 1
frame-ancestors https://staging.eternl.io/ https://beta.eternl.io/ https://eternl.io/ https://*.muesliswap.com https://muesliswap.com ionic: capacitor: chrome-extension: http://localhost:*/ https://localhost:*/ 1
default-src https: 'unsafe-eval' 'unsafe-inline'; font-src https: data:; img-src https: data:; object-src 'self' *.youtube.com; frame-ancestors 'self' *.touslesprix.com js.stripe.com hooks.stripe.com 1
default-src  'self' ; img-src      'self' 'unsafe-inline' 'unsafe-eval' data: tmembassy.gov.tm *.tmembassy.gov.tm mfa.gov.tm *.google-analytics.com *.googletagmanager.com yandex.com api-maps.yandex.ru *.yandex.net;  script-src   'self' 'unsafe-inline' 'unsafe-eval' tmembassy.gov.tm *.tmembassy.gov.tm metrics.com.tm *.google-analytics.com *.googletagmanager.com api-maps.yandex.ru yastatic.net *.yandex.net;  connect-src  'self' 'unsafe-inline' 'unsafe-eval' tmembassy.gov.tm mfa.gov.tm *.metrics.com.tm *.tmembassy.gov.tm *.google-analytics.com *.googletagmanager.com *.doubleclick.net;  style-src    'self' 'unsafe-inline' tmembassy.gov.tm *.tmembassy.gov.tm;  font-src     'self' data: tmembassy.gov.tm *.tmembassy.gov.tm *.gstatic.com;  frame-src    'self' tmembassy.gov.tm *.tmembassy.gov.tm;  object-src   'self' ; 1
default-src 'self' *.wirth-horn.de https://sibautomation.com https://connect.facebook.net https://www.facebook.com https://www.youtube-nocookie.com https://cdn.privacy-mgmt.com https://assets.adobedtm.com 'unsafe-eval' 'unsafe-inline'; img-src data: *; media-src data: *; style-src 'self' data: 'unsafe-inline' *.wirth-horn.de  https://fonts.googleapis.com; font-src data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com; 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src https://www.netcup.com https://mautic.netcup.news https://px.ads.linkedin.com 'self' blob: data: https:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src https://www.netcup.com 'self' 'wasm-unsafe-eval' 'nonce-tkkWoscm8RGCDY9/T2sbBw=='; upgrade-insecure-requests; connect-src https://www.netcup.com https://www.google.com https://px.ads.linkedin.com https://u.clarity.ms/ https://x.clarity.ms/ 'self' https://region1.analytics.google.com https://stats.g.doubleclick.net https://eu-api.friendlycaptcha.eu https://widget.usersnap.com https://googleads.g.doubleclick.net; worker-src blob:; child-src blob: td.doubleclick.net; script-src-elem https://www.netcup.com 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.usersnap.com https://static.ads-twitter.com https://snap.licdn.com https://bat.bing.com https://connect.facebook.net https://www.clarity.ms https://x.clarity.ms https://u.clarity.ms https://googleads.g.doubleclick.net; 1
script-src 'nonce-c4125b66bd3ac961163ed70ab51c5e48' 'unsafe-inline' 'self' *.alz.org *.googletagmanager.com https://developers.panopto.com https://embed-cdn.gettyimages.com https://s.imgur.com https://platform.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com/embed.js https://www.google.com; frame-ancestors 'self' 1
default-src 'self' data: http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org https://cdn77.api.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://conf.isc.ac https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io http://tel.sutech.ac.ir http://amintest.sutech.ac.ir/ http://sutech.ac.ir https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com https://widget-react.raychat.io; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org https://widget-react.raychat.io; img-src 'self' blob: data: https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://ws5.goftino.com wss://cdn.goftino.com https://api.userway.org https://cdn.userway.org https://cdn77.api.userway.org https://widget-service.raychat.io wss://ws10.goftino.com; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org https://edu.sapiba.ir http://tel.sutech.ac.ir http://amintest.sutech.ac.ir/ http://sutech.ac.ir; frame-ancestors 'self' https://trustseal.enamad.ir; 1
default-src 'none'; img-src 'self' 1
frame-ancestors 'self' 'https://sites.google.com/acerinox.com/acerinorm/' 'https://www.gstatic.com/'; 1
base-uri 'self'; child-src 'self' https://test2-beroesite.beroeinc.com https://www.beroeinc.com https://www.google.com https://sniff.visistat.com https://js.chargebee.com/ https://ipinfo.io/ https://beroeinccorporatewebsite.chargebee.com/ https://js.stripe.com/ https://www.youtube.com/ https://i.ytimg.com/ https://www.googleadservices.com/ https://stats.g.doubleclick.net https://drive.google.com/ https://calendly.com https://www.buzzsprout.com https://optimize.google.com https://www.googletagmanager.com/gtm.js https://platform.twitter.com/ https://abi.beroelive.ai/ https://abi-dev.beroelive.ai/ https://staging.beroelive.ai/ https://cdn.linkedin.oribi.io/ https://local.beroeinc.com/; connect-src 'self' https://test2-beroesite.beroeinc.com https://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js https://sniff.visistat.com https://www.facebook.com https://www.linkedin.com https://forms.hubspot.com/ https://api.hubapi.com https://www.beroeinc.com https://api.omappapi.com/ https://www.google.com https://www.googletagmanager.com https://analytics.google.com/ https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://log.cookieyes.com/ https://stats.g.doubleclick.net https://connect.facebook.net https://static.hotjar.com/ https://www.hotjar.com/ https://vars.hotjar.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://api.omappapi.com/ https://pi.pardot.com/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/ https://www.google.com/recaptcha/ https://js.chargebee.com/ https://ipinfo.io/ https://beroeinccorporatewebsite.chargebee.com/ https://js.stripe.com/ https://www.youtube.com/ https://i.ytimg.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://assets.sitespeaker.link/ https://ws.sitespeaker.link/ https://www.googleapis.com/ https://api.customfit.ai https://sdk.customfit.ai https://drive.google.com/ https://calendly.com https://www.beroeinc.com https://optimize.google.com https://www.buzzsprout.com https://platform.twitter.com/ https://consentlog.cookieyes.com/api/v1/log https://cdn.linkedin.oribi.io/ https://local.beroeinc.com/ https://api-js.mixpanel.com/ https://s.clarity.ms/ https://beroeinc.piwik.pro/ https://ipv6.6sc.co/ https://cta-service-cms2.hubspot.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://forms.hsforms.com/ https://p.clarity.ms/; default-src 'self' https://test2-beroesite.beroeinc.com https://fonts.gstatic.com https://support2.lsdsoftware.com/ https://platform.twitter.com/ https://www.buzzsprout.com https://local.beroeinc.com/; frame-ancestors 'self' https://*.beroelive.ai/; frame-src 'self' https://www.google.com https://cdnjs.cloudflare.com https://www.facebook.com https://www.linkedin.com https://www.gstatic.com https://i.ytimg.com/ https://www.buzzsprout.com https://www.youtube.com/ https://vars.hotjar.com https://*.hotjar.com https://calendly.com https://www.beroeinc.com https://drive.google.com https://js.chargebee.com https://beroeinccorporatewebsite.chargebee.com/ https://abi.beroelive.ai/ https://abi-dev.beroelive.ai/ https://staging.beroelive.ai/ https://www.loom.com/ https://local.beroeinc.com/ https://accounts.google.com/ https://forms.hsforms.com/; img-src 'self' https://test2-beroesite.beroeinc.com https://px.ads.linkedin.com/ https://sniff.visistat.com https://track.hubspot.com https://api.hubapi.com https://forms.hsforms.com https://www.beroeinc.com https://www.google.com https://ws-na.amazon-adsystem.com https://ir-na.amazon-adsystem.com https://images-na.ssl-images-amazon.com https://www.google-analytics.com https://analytics.google.com/ https://stats.g.doubleclick.net https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://log.cookieyes.com/ https://www.googletagmanager.com https://connect.facebook.net https://static.hotjar.com/ https://www.hotjar.com/ https://vars.hotjar.com https://*.hotjar.com https://api.omappapi.com/ https://pi.pardot.com/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/ https://www.google.com/recaptcha/ https://i.ytimg.com https://www.facebook.com/ https://js.chargebee.com/ https://www.google.co.in/ https://ipinfo.io/ https://js.stripe.com/ https://assets.sitespeaker.link/ https://optimize.google.com https://www.beroeinc.com data: https://local.beroeinc.com/ https://b.6sc.co/ https://perf-na1.hsforms.com/ https://forms-na1.hsforms.com/; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://js.hs-scripts.com https://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js https://js.hscollectedforms.net/ https://js.hs-analytics.net/ https://js.hsadspixel.net/ https://sniff.visistat.com https://js.hs-banner.com https://test2-beroesite.beroeinc.com https://stats.g.doubleclick.net https://www.beroeinc.com https://stackpath.bootstrapcdn.com https://unpkg.com https://cdn.rawgit.com https://static.woopra.com https://code.jquery.com https://s.adroll.com https://d.adroll.com/ https://a.opmnstr.com/ https://connect.facebook.net https://static.hotjar.com/ https://www.hotjar.com/ https://vars.hotjar.com https://*.hotjar.com https://analytics.google.com/ https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://log.cookieyes.com/ https://api.omappapi.com/ https://pi.pardot.com/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/ https://www.google.com/recaptcha/ https://js.chargebee.com/ https://ipinfo.io/ https://beroeinccorporatewebsite.chargebee.com/ https://js.stripe.com/ https://i.ytimg.com/ https://assets.sitespeaker.link/ https://api.customfit.ai https://sdk.customfit.ai https://drive.google.com/ https://calendly.com https://www.woopra.com/ https://optimize.google.com https://www.buzzsprout.com https://platform.twitter.com/ https://snap.licdn.com/ https://px.ads.linkedin.com/ https://local.beroeinc.com/ https://cdn.mxpnl.com/ 'nonce-4c0b3fe72c5ae4963ec0460d'; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://js.hs-scripts.com https://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js https://js.hscollectedforms.net/ https://js.hs-analytics.net/ https://js.hsadspixel.net/ https://sniff.visistat.com https://js.hs-banner.com https://test2-beroesite.beroeinc.com https://stats.g.doubleclick.net https://www.google.com https://www.beroeinc.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://unpkg.com https://cdn.rawgit.com https://www.google.com https://www.google.co.in/ https://static.woopra.com https://code.jquery.com https://s.adroll.com https://www.gstatic.com https://d.adroll.com/ https://a.opmnstr.com/ https://www.googletagmanager.com https://connect.facebook.net https://static.hotjar.com/ https://www.hotjar.com/ https://vars.hotjar.com https://*.hotjar.com https://www.google-analytics.com https://analytics.google.com/ https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://log.cookieyes.com/ https://api.omappapi.com/ https://pi.pardot.com/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/ https://www.google.com/recaptcha/ https://js.chargebee.com/ https://ipinfo.io/ https://beroeinccorporatewebsite.chargebee.com/ https://js.stripe.com/ https://www.youtube.com/ https://i.ytimg.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://assets.sitespeaker.link/ https://api.customfit.ai https://sdk.customfit.ai https://drive.google.com/ https://calendly.com https://www.woopra.com/ https://optimize.google.com https://www.buzzsprout.com https://platform.twitter.com/ https://snap.licdn.com/ https://px.ads.linkedin.com/ https://local.beroeinc.com/ https://cdn.mxpnl.com/ https://www.clarity.ms/ https://beroeinc.containers.piwik.pro/ https://j.6sc.co/ https://js.hubspot.com/ https://js.hsforms.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://js.hs-scripts.com https://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js https://js.hscollectedforms.net/ https://js.hs-analytics.net/ https://js.hsadspixel.net/ https://sniff.visistat.com https://js.hs-banner.com https://test2-beroesite.beroeinc.com https://stats.g.doubleclick.net https://www.google.com https://www.beroeinc.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://unpkg.com https://cdn.rawgit.com https://www.google.com https://www.google.co.in/ https://static.woopra.com https://code.jquery.com https://s.adroll.com https://www.gstatic.com https://d.adroll.com/ https://a.opmnstr.com/ https://www.googletagmanager.com https://connect.facebook.net https://static.hotjar.com/ https://www.hotjar.com/ https://vars.hotjar.com https://*.hotjar.com https://www.google-analytics.com https://analytics.google.com/ https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://log.cookieyes.com/ https://api.omappapi.com/ https://pi.pardot.com/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/ https://www.google.com/recaptcha/ https://js.chargebee.com/ https://ipinfo.io/ https://beroeinccorporatewebsite.chargebee.com/ https://js.stripe.com/ https://www.youtube.com/ https://i.ytimg.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://assets.sitespeaker.link/ https://api.customfit.ai https://sdk.customfit.ai https://drive.google.com/ https://calendly.com https://www.woopra.com/ https://optimize.google.com https://www.buzzsprout.com https://platform.twitter.com/ https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js https://cdn.jsdelivr.net/npm/bootstrap-select@1.13.14/dist/js/bootstrap-select.min.js https://snap.licdn.com/ https://px.ads.linkedin.com/ https://local.beroeinc.com/ https://cdn.mxpnl.com/ https://www.clarity.ms/ https://beroeinc.containers.piwik.pro/ https://j.6sc.co/ https://js.hubspot.com/ https://js.hsforms.net; style-src 'self' https://test2-beroesite.beroeinc.com https://www.beroeinc.com/ https://i.ytimg.com/ https://sniff.visistat.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://connect.facebook.net https://static.hotjar.com/ https://www.hotjar.com/ https://vars.hotjar.com https://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com/ https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://log.cookieyes.com/ https://api.omappapi.com/ https://pi.pardot.com/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/ https://www.google.com https://www.google.com/recaptcha/ https://www.google.co.in/ https://js.chargebee.com/ https://js.stripe.com/ https://ipinfo.io/ https://assets.sitespeaker.link/ https://api.customfit.ai https://sdk.customfit.ai https://drive.google.com/ https://calendly.com https://www.buzzsprout.com https://optimize.google.com https://fonts.googleapis.com https://unpkg.com https://local.beroeinc.com/ 'nonce-67c14e2c064a3f3c3c2699ce'; style-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://test2-beroesite.beroeinc.com https://www.beroeinc.com/ https://i.ytimg.com/ https://sniff.visistat.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://connect.facebook.net https://static.hotjar.com/ https://www.hotjar.com/ https://vars.hotjar.com https://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com/ https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://log.cookieyes.com/ https://api.omappapi.com/ https://pi.pardot.com/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/ https://www.google.com https://www.google.com/recaptcha/ https://www.google.co.in/ https://js.chargebee.com/ https://js.stripe.com/ https://ipinfo.io/ https://assets.sitespeaker.link/ https://api.customfit.ai https://sdk.customfit.ai https://drive.google.com/ https://calendly.com https://www.buzzsprout.com https://optimize.google.com https://fonts.googleapis.com https://unpkg.com https://local.beroeinc.com/; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://test2-beroesite.beroeinc.com https://www.beroeinc.com/ https://i.ytimg.com/ https://sniff.visistat.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://connect.facebook.net https://static.hotjar.com/ https://www.hotjar.com/ https://vars.hotjar.com https://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com/ https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://log.cookieyes.com/ https://api.omappapi.com/ https://pi.pardot.com/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/ https://www.google.com https://www.google.com/recaptcha/ https://www.google.co.in/ https://js.chargebee.com/ https://js.stripe.com/ https://ipinfo.io/ https://assets.sitespeaker.link/ https://api.customfit.ai https://sdk.customfit.ai https://drive.google.com/ https://calendly.com https://www.buzzsprout.com https://optimize.google.com https://fonts.googleapis.com https://unpkg.com https://cdn.jsdelivr.net/npm/bootstrap-select@1.13.14/dist/css/bootstrap-select.min.css https://local.beroeinc.com/; 1
default-src 'self'; script-src 'self' 'sha256-ETWJMGu3Enj4jG4CFECxfP2c3Do3HPOoIGX3RuqSk4E=' 'sha256-UNSjrBN573Gq5WKBQX8pe6R5RxDXbRjK1TIF7JnDtRI=' 'sha256-jsM15EgcnljVkAqUSwvhK2zpKO95FVxVXa/KCLMxHP0=' https://www.gstatic.com https://www.google.com https://ph.cake.io https://use.typekit.net ; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'self' *; base-uri 'self'; connect-src 'self'; font-src 'self' https://use.typekit.net; frame-ancestors *; frame-src 'self' https://www.google.com; img-src * ; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ludosphere.fr; img-src 'self' https: data: blob: https://ludosphere.fr; style-src 'self' https://ludosphere.fr 'nonce-Lmk9MLP/ZF9o6mOGry4c3g=='; media-src 'self' https: data: https://ludosphere.fr; frame-src 'self' https:; manifest-src 'self' https://ludosphere.fr; form-action 'self'; child-src 'self' blob: https://ludosphere.fr; worker-src 'self' blob: https://ludosphere.fr; connect-src 'self' data: blob: https://ludosphere.fr https://cdn.masto.host wss://ludosphere.fr; script-src 'self' https://ludosphere.fr 'wasm-unsafe-eval' 1
default-src 'self' blob: https://maxcdn.bootstrapcdn.com; font-src 'self' data: https://*.datawonen.nl https://*.databank.nl https://*.incijfers.nl https://*.incijfers.be https://*.inzahlen.be https://*.inzahlen.de https://*.buurtmonitor.nl https://*.buurtmonitor.be https://*.abf.nl https://*.abfresearch.nl https://*.cijfersoverwonen.nl https://*.swing.eu https://*.infigures.com https://*.analysesysteem.nl https://*.woononderzoek.nl https://*.waterbenchmark.org https://*.wmo-monitor.nl https://*.linkincare.nl https://*.woningmarktmonitor.nl https://*.fontawesome.com https://*.quevi.nl https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://use.typekit.net https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://static3.avast.com https://themes.googleusercontent.com https://stackpath.bootstrapcdn.com https://github.com https://s3-eu-west-1.amazonaws.com https://s3-ap-southeast-1.amazonaws.com https://s3-ap-northeast-1.amazonaws.com https://s3.amazonaws.com https://cdn.faceworks.nl https://abfcdn.azureedge.net https://fast.fonts.net https://cdn.ckeditor.com ; connect-src * data:; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.datawonen.nl https://*.databank.nl https://*.incijfers.nl https://*.incijfers.be https://*.inzahlen.be https://*.inzahlen.de https://*.buurtmonitor.nl https://*.buurtmonitor.be https://*.abf.nl https://*.abfresearch.nl https://*.cijfersoverwonen.nl https://*.swing.eu https://*.infigures.com https://*.analysesysteem.nl https://*.woononderzoek.nl https://*.waterbenchmark.org https://*.wmo-monitor.nl https://*.linkincare.nl https://*.woningmarktmonitor.nl https://*.fontawesome.com https://*.quevi.nl https://cdnjs.cloudflare.com https://ajax.googleapis.com https://cdn.polyfill.io https://www.google-analytics.com https://code.jquery.com https://cdn.jsdelivr.net  https://www.google.com https://ssl.google-analytics.com https://www.google.nl https://stackpath.bootstrapcdn.com https://d3js.org https://www.google.com/jsapi https://ajax.microsoft.com  https://maps.googleapis.com https://www.ergo-webreporting.com https://www.googletagmanager.com https://ajax.aspnetcdn.com https://maxcdn.bootstrapcdn.com https://www.gstatic.com https://siteimproveanalytics.com https://www.google-analytics.com/analytics.js https://s3-us-west-2.amazonaws.com/s.cdpn.io/81395/CustomEase.min.js https://cdn.datatables.net https://www.googletagmanager.com/gtm.js https://abfcdn.azureedge.net https://*.matomo.cloud https://cdn.ckeditor.com ; script-src-elem 'self' 'unsafe-inline' data: https://*.datawonen.nl https://*.databank.nl https://*.incijfers.nl https://*.incijfers.be https://*.inzahlen.be https://*.inzahlen.de https://*.buurtmonitor.nl https://*.buurtmonitor.be https://*.abf.nl https://*.abfresearch.nl https://*.cijfersoverwonen.nl https://*.swing.eu https://*.infigures.com https://*.analysesysteem.nl https://*.woononderzoek.nl https://*.waterbenchmark.org https://*.wmo-monitor.nl https://*.linkincare.nl https://*.woningmarktmonitor.nl https://*.fontawesome.com https://*.quevi.nl https://ajax.googleapis.com/ https://cdnjs.cloudflare.com/ https://cdn.polyfill.io https://www.google-analytics.com https://maxcdn.bootstrapcdn.com https://d3js.org/  https://code.jquery.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://www.google.nl https://www.google.com https://ssl.google-analytics.com https://ajax.microsoft.com https://diyini.junasonuku.com https://data1.khorel.com https://platform.twitter.com https://cdn.syndication.twimg.com https://data1.fedjuh.com https://www.gstatic.com https://nextextlink.com https://d3js.org https://www.google.com/jsapi https://*.quevi.nl https://maps.googleapis.com https://www.ergo-webreporting.com https://ajax.aspnetcdn.com https://siteimproveanalytics.com https://s3-us-west-2.amazonaws.com/s.cdpn.io/81395/CustomEase.min.js https://www.google-analytics.com/analytics.js https://cdn.datatables.net https://www.googletagmanager.com/gtm.js https://abfcdn.azureedge.net https://*.matomo.cloud https://cdn.ckeditor.com https://matomoabf.westeurope.cloudapp.azure.com ; style-src 'self' 'unsafe-inline' https://*.datawonen.nl https://*.databank.nl https://*.incijfers.nl https://*.incijfers.be https://*.inzahlen.be https://*.inzahlen.de https://*.buurtmonitor.nl https://*.buurtmonitor.be https://*.abf.nl https://*.abfresearch.nl https://*.cijfersoverwonen.nl https://*.swing.eu https://*.infigures.com https://*.analysesysteem.nl https://*.woononderzoek.nl https://*.waterbenchmark.org https://*.wmo-monitor.nl https://*.linkincare.nl https://*.woningmarktmonitor.nl https://*.fontawesome.com https://*.quevi.nl https://maxcdn.bootstrapcdn.com  https://cdn.jsdelivr.net https://fonts.googleapis.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://fonts.google.com https://www.google.com https://www.google.nl https://use.typekit.net https://p.typekit.net https://netdna.bootstrapcdn.com  https://hello.myfonts.net https://fonts.typotheque.com https://abfcdn.azureedge.net https://cdn-images.mailchimp.com https://cdn.ckeditor.com https://cdn.datatables.net https://code.jquery.com ;  style-src-elem 'self' 'unsafe-inline' https://*.datawonen.nl https://*.databank.nl https://*.incijfers.nl https://*.incijfers.be https://*.inzahlen.be https://*.inzahlen.de https://*.buurtmonitor.nl https://*.buurtmonitor.be https://*.abf.nl https://*.abfresearch.nl https://*.cijfersoverwonen.nl https://*.swing.eu https://*.infigures.com https://*.analysesysteem.nl https://*.woononderzoek.nl https://*.waterbenchmark.org https://*.wmo-monitor.nl https://*.linkincare.nl https://*.woningmarktmonitor.nl https://*.fontawesome.com https://*.quevi.nl https://ajax.googleapis.com https://fonts.googleapis.com https://fonts.google.com https://www.google.com/ https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://use.typekit.net https://p.typekit.net https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://platform.twitter.com https://ton.twimg.com https://hello.myfonts.net https://fonts.typotheque.com https://abfcdn.azureedge.net https://cdn-images.mailchimp.com https://cdn.ckeditor.com https://cdn.datatables.net https://code.jquery.com ; img-src * data: blob:; frame-src * data:; object-src * data:; report-uri https://api.abf.nl/api/cspreport 1
script-src 'self' 'nonce-bHvqT2o5NBtuWIRUaOC1Qcly' 'nonce-atx-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com https://tagmanager.google.com/ https://www.googletagmanager.com/gtm.js https://www.google-analytics.com https://ssl.google-analytics.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://sfapi.formstack.io https://translate.google.com https://translate.googleapis.com https://www.google.com https://www.gstatic.com https://cdn.mxpnl.com/libs/ https://www.opinionstage.com https://static.ctctcdn.com http://embed.typeform.com/ https://embed.typeform.com/ *.artifex.com *.ghostscript.com *.mupdf.com; report-uri /csp-report/standard-report.php; 1
frame-ancestors 'self' *.allwaysvip.com *.plazapremiumlounge.com *.myaerotel.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: player.vimeo.com *.vimeocdn.com gstatic.com www.google.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' https: data: fonts.googleapis.com *.vimeocdn.com gstatic.com; img-src 'self' https: data: *.vimeocdn.com gstatic.com; connect-src 'self' https:; font-src 'self' https: data: fonts.googleapis.com gstatic.com; frame-src 'self' public.tableau.com www.buzzsprout.com player.vimeo.com www.google.com; frame-ancestors 'self' *.tableau.com; object-src 'none'; base-uri 'self'; form-action 'self'; 1
font-src https://fonts.gstatic.com 'self' data: fonts.gstatic.com *.edilians.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com app.kameleoon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com sibautomation.com youtu.be 'self' data: widget.clic2buy.com td.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com lumao.eu api.axept.io axeptio.imgix.net favicons.axept.io *.google.fr *.google.com *.gstatic.com *.googleapis.com *.edilians.com *.kameleoon.com *.kameleoon.eu *.facebook.com *.linkedin.com *.licdn.com *.clic2buy.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.gstatic.com *.googletagmanager.com *.doubleclick.net maps.googleapis.com *.axept.io *.smartlook.com *.click2buy.com *.clic2buy.com sibautomation.com *.newrelic.com *.nr-data.net *.kameleoon.eu connect.facebook.net *.licdn.com *.linkedin.com *.edilians.com cdn.matomo.cloud *.avada.io *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com fonts.googleapis.com *.edilians.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' data: 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io  *.google-analytics.com *.doubleclick.net maps.googleapis.com *.googlesyndication.com *.google.com *.axept.io *.sendinblue.com *.smartlook.cloud *.newrelic.com *.nr-data.net *.kameleoon.eu *.kameleoon.io *.clic2buy.com *.click2buy.com *.edilians.com cdn.linkedin.oribi.io *.linkedin.com in-automate.brevo.com edilians.matomo.cloud api.insee.fr t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
block-all-mixed-content; base-uri 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* *.google.com *.gstatic.com www.google-analytics.com *.addtoany.com use.fontawesome.com *.youtube.com *.ytimg.com *.googleapis.com googleapis.com *.googletagmanager.com *.cloudflare.com *.vimeo.com *.resengo.com *.facebook.net *.webhare.com *.cookiecode.nl static.schouwburgconcertzaaltilburg.nl; style-src 'self' 'unsafe-inline' *.googleapis.com googleapis.com *.google.com *.addtoany.com cloud.typography.com *.myfonts.net *.typekit.net *.cloudflare.com *.gstatic.com  static.schouwburgconcertzaaltilburg.nl; font-src 'self' *.gstatic.com data: *.typekit.net *.cloudflare.com  static.schouwburgconcertzaaltilburg.nl; img-src 'self' data: *.google-analytics.com *.analytics-google.com *.gstatic.com *.googleapis.com googleapis.com *.google.com *.cloudflare.com *.facebook.com static.schouwburgconcertzaaltilburg.nl; child-src 'self' *.google.com *.addtoany.com *.youtube.com *.vimeo.com vimeo.com *.activetickets.com *.issuu.com *.recruitee.com *.linkedin.com *.spotify.com *.resengo.com  static.schouwburgconcertzaaltilburg.nl; frame-src 'self' *.google.com *.addtoany.com *.youtube.com *.vimeo.com vimeo.com *.activetickets.com *.issuu.com *.recruitee.com *.linkedin.com *.spotify.com *.resengo.com  static.schouwburgconcertzaaltilburg.nl; media-src 'self' *.youtube.com *.vimeo.com vimeo.com *.vimeocdn.com *.akamaized.net  static.schouwburgconcertzaaltilburg.nl; connect-src 'self' localhost:* wss://localhost:* *.projectguide.nl *.google-analytics.com *.analytics-google.com *.googleapis.com googleapis.com *.googleusercontent.com vimeo.com *.resengo.com *.doubleclick.net *.webhare.com *.cookiecode.nl static.schouwburgconcertzaaltilburg.nl; object-src 'self' *.youtube.com *.vimeo.com vimeo.com *.resengo.com static.schouwburgconcertzaaltilburg.nl; form-action 'self' ; worker-src 'self' static.schouwburgconcertzaaltilburg.nl; manifest-src 'self' static.schouwburgconcertzaaltilburg.nl; frame-ancestors 'none';  1
base-uri 'self' ;connect-src 'self' https://*.moerdijk.nl https://*.googleapis.com https://*.obi4wan.com/ https://sockjs-eu.pusher.com wss://ws-eu.pusher.com/app/ https://cdn-eu.readspeaker.com/ https://app-eu.readspeaker.com/ https://vttts-eu.readspeaker.com/ https://siteimproveanalytics.com ;default-src 'self' ;font-src 'self' data: https://fonts.gstatic.com/s/ ;form-action 'self' ;frame-ancestors 'none' ;frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://m.youtube.com/ https://youtu.be/ https://cdn-eu.readspeaker.com/ ;img-src 'self' data: https://*.moerdijk.nl https://*.ytimg.com https://s3-eu-west-1.amazonaws.com https://cdn-eu.readspeaker.com/ https://cb.vrmwb.nl//assets/images/ https://www.vrmwb.nl https://www.vrmwb.nl/sluiten.png https://*.siteimproveanalytics.io ;media-src 'self' https://cdn-eu.readspeaker.com/ ;object-src 'self' ;report-uri https://www.moerdijk.nl/cspreport ;script-src 'self' 'nonce-7be6f48b-9290-4331-85ab-285094d7e345' https://cloudstatic.obi4wan.com https://stats.pusher.com https://cdn-eu.readspeaker.com/ https://*.vrmwb.nl https://siteimproveanalytics.com ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-eu.readspeaker.com/ https://*.vrmwb.nl/*.css https://cb.vrmwb.nl//assets/css/; 1
default-src 'self' https: ultimatestaffing.com *.ultimatestaffing.com rothstaffing.com *.rothstaffing.com; connect-src 'self' https: ultimatestaffing.com *.ultimatestaffing.com www.youtube.com cookie-cdn.cookiepro.com ka-p.fontawesome.com googleads.g.doubleclick.net jnn-pa.googleapis.com;script-src 'self' https: ultimatestaffing.com *.ultimatestaffing.com rothstaffing.com *.rothstaffing.com www.youtube.com static.doubleclick.net www.google.com www.gstatic.com cookie-cdn.cookiepro.com kit.fontawesome.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: ultimatestaffing.com *.ultimatestaffing.com www.youtube.com cdn.jsdelivr.net fonts.googleapis.com 'unsafe-inline' 'unsafe-eval';  img-src 'self' https: ultimatestaffing.com *.ultimatestaffing.com rothstaffing.com *.rothstaffing.com staging-rothstaffingcom.kinsta.cloud yt3.ggpht.com cookie-cdn.cookiepro.com www.youtube.com i.ytimg.com data: ; object-src 'self' https: ultimatestaffing.com *.ultimatestaffing.com rothstaffing.com *.rothstaffing.com www.youtube.com; font-src 'self' https: fonts.gstatic.com ka-p.fontawesome.com data: ; frame-ancestors 'self' ultimatestaffing.com *.ultimatestaffing.com rothstaffing.com *.rothstaffing.com; frame-src *.youtube.com *.flipsnack.com; 1
default-src 'self' *; script-src 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-ancestors 'self'; img-src 'self' data: *; frame-src 'self' flo.uri.sh the-rhodes-trust.carto.com widget.artland.com e.issuu.com youtube.com *.youtube.com www.youtube-nocookie.com td.doubleclick.net vimeo.com *.vimeo.com www.facebook.com www.google.com www.speedybooker.com; font-src 'self' data: 1
default-src 'self' wss://vts.zohopublic.com wss://widget-mediator.zopim.com *.zendesk.com *.zopim.com *.zohocdn.com *.zohopublic.com *.zdassets.com *.google-analytics.com *.cookielaw.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' wss://vts.zohopublic.com wss://widget-mediator.zopim.com *.zendesk.com *.zopim.com *.zohocdn.com *.zohopublic.com *.zdassets.com *.google-analytics.com *.cookielaw.org; style-src 'self' *.zohocdn.com *.zohostatic.com 'unsafe-inline'; img-src data: *; object-src 'none' 1
frame-ancestors 'self' *.canva.com canva.com; report-uri https://csp.canva.com/_cspreport?app=websites; base-uri 'self'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'nonce-0bbf8d4c-6a4d-4a1f-974b-ae99f415539c' https://www.google.com/recaptcha/api.js; 1
frame-src https://www.google.com/ 'self'; frame-ancestors 'self' localhost *.sa.gov.au 1
default-src 'none'; script-src 'self' *.acev.fi ssl.google-analytics.com 'unsafe-inline'; connect-src 'self'; img-src 'self' *.acev.fi data: ssl.google-analytics.com *.openstreetmap.org; style-src 'self' *.acev.fi 'unsafe-inline'; frame-src 'self' *.acev.fi; child-src 'self' *.acev.fi; frame-ancestors 'self' *.acev.fi; object-src 'self' *.acev.fi; manifest-src 'self' *.acev.fi; font-src 'self' *.acev.fi; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js cdnjs.cloudflare.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com *.googletagmanager.com *.doubleclick.net https://stats.g.doubleclick.net stats.g.doubleclick.net https://consent.cookiebot.eu/uc.js https://consent.cookiebot.com/9d99c50a-3ebd-41d6-a79d-257703f242e7/cc.js https://consent.cookiebot.eu https://consent.cookiebot.com https://consentcdn.cookiebot.eu https://schedule.acibademcityclinic.bg http://maps.googleapis.com 'self' cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://schedule.acibademcityclinic.bg 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://img.youtube.com https://www.google.bg https://www.google.com https://schedule.acibademcityclinic.bg http://maps.googleapis.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://schedule.acibademcityclinic.bg; frame-src https://consentcdn.cookiebot.eu https://www.youtube.com https://www.facebook.com/ https://td.doubleclick.net 'self' web-chat.nativechat.com; connect-src accounts.google.com *.google-analytics.com *.gstatic.com *.mktoresp.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu https://schedule.acibademcityclinic.bg http://maps.googleapis.com https://region1.analytics.google.com https://adservice.google.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://consentcdn.cookiebot.com/ www.google.com https://consentcdn.cookiebot.eu https://www.vbox7.com http://maps.googleapis.com 'self' web-chat.nativechat.com 1
child-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 1
default-src 'self' *.facebook.com sibautomation.com connect.facebook.net *.google.com *.youtube-nocookie.com *.woowup.com *.youtube.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com connect.facebook.net onesignal.com cdnjs.cloudflare.com uicdn.toast.com *.googleapis.com *.gstatic.com data:; script-src 'self' 'unsafe-eval' *.woowup.com connect.facebook.net googleads.g.doubleclick.net *.googleadservices.com cdn.onesignal.com onesignal.com sibautomation.com connect.facebook.net code.jquery.com uicdn.toast.com blueimp.github.io *.gstatic.com *.googleapis.com *.google-analytics.com *.fontawesome.com *.googletagmanager.com *.google.com cdnjs.cloudflare.com 'unsafe-inline' data:; connect-src 'self' tracking.woowup.com in-automate.brevo.com connect.facebook.net onesignal.com stats.g.doubleclick.net in-automate.sendinblue.com *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com cdnjs.cloudflare.com data:; font-src 'self' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.gstatic.com data:; frame-ancestors 'self'; img-src 'self' * data: blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://mc.prontoavenue.biz/ https://code.jquery.com https://www.vision6.com.au https://s7.addthis.com https://v1.addthisedge.com https://ajax.googleapis.com https://api-public.addthis.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://ssl.google-analytics.com http://code.jquery.com https://m.addthis.com http://maxcdn.bootstrapcdn.com https://z.moatads.com https://test.payment.securepay.com.au https://advancetraders.cloud https://www.youtube.com https://advancetradershelp.zendesk.com https://static.zdassets.com https://vimeo.com https://erk.zdassets.com https://app-sandbox.paydock.com https://www.bugherd.com https://documentation.prontoavenue.biz https://secure.ewaypayments.com https://secure-au.sandbox.ewaypayments.com https://www.gstatic.com https://www.google.com https://encrypted-tbn0.gstatic.com https://fonts.gstatic.com https://t.labs.au.edge.zip.co https://maps.google.com https://maps.googleapis.com https://assets.pinterest.com https://wpp-test.wirecard.com https://api.sandbox.zipmoney.com.au https://js.datadome.co https://zip-indigo-api.prod.au.edge.zip.co https://static.zipmoney.com.au https://my.sandbox.zipmoney.com.au https://account.sandbox.zipmoney.com.au https://api.zipmoney.com.au https://payment.securepay.com.au https://www.googletagmanager.com https://analytics.google.com https://ekr.zdassets.com https://connect.facebook.net https://www.google-analytics.com; img-src * data:; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' *.google.com *.jquery.com *.googleapis.com *.gstatic.com *.youtube.com *.youtube-nocookie.com; style-src 'self' 'unsafe-inline' 1
upgrade-insecure-requests; frame-ancestors https://iclinic.com.br *.iclinic.com.br 1
default-src https: 'none' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; base-uri 'none';form-action 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.agidra.com kx1.co *.google.fr *.google.com *.googletagmanager.com *.jquery.com *.jsdelivr.net *.cloudflare.com *.youtube.com *.googleapis.com *.gstatic.com *.google-analytics.com *.facebook.com *.fbcdn.net *.googleadservices.com *.bootstrapcdn.com *.ytimg.com *.youtube-nocookie.com *.github.com *.sendinblue.com *.doofinder.com *.linkedin.com *.fontawesome.com *.crazyegg.com *.doubleclick.net *.datatables.net unpkg.com ajax.googleapis.com *.licdn.com cdn.linkedin.oribi.io *.facebook.net  tarteaucitron.io *.tarteaucitron.io *.privacy-center.org browser-update.org pagead2.googlesyndication.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com http://bat.bing.com http://js-tag.zemanta.com https://js-tag.zemanta.com https://www.clarity.ms https://c.clarity.ms https://connect.facebook.net https://www.facebook.com https://securegw.paytm.in https://staticpg.paytm.in https://www.paynimo.com https://cdnjs.cloudflare.com https://unpkg.com https://cdn.polyfill.io https://www.googletagmanager.com https://maps.googleapis.com https://apis.google.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.youtube.com https://www.google-analytics.com; object-src https://myreports.agilus.in https://newapi.srlworld.com https://api.agilusdiagnostics.com https://newcmsapi.srlworld.com https://cmsapi.agilusdiagnostics.com https://www.mysrl.in https://srlcare.srl.in:86; img-src 'self' blob: data: https://bat.bing.com https://p1.zemanta.com http://p1.zemanta.com https://c.clarity.ms http://c.clarity.ms https://c.bing.com  http://c.bing.com https://srlworld.com https://www.srlworld.com https://srlcare.srl.in:92 https://newapi.srlworld.com https://api.agilusdiagnostics.com https://newcmsapi.srlworld.com https://cmsapi.agilusdiagnostics.com https://srlworldstorage.blob.core.windows.net https://staticgw1.paytm.in https://staticgw2.paytm.in https://staticgw3.paytm.in https://staticgw4.paytm.in https://staticpg.paytm.in https://staticgw5.paytm.in https://staticpg.paytm.in https://www.paynimo.com https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com/ https://maps.gstatic.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com googleads.g.doubleclick.net https://www.google.co.in https://srlclientsit.ochumanoid.ai; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://staticpg.paytm.in https://www.paynimo.com https://www.googletagmanager.com; worker-src blob: https://srlworld.com  https://agilusdiagnostics.com  http://20.204.170.182 https://www.srlworld.com https://www.agilusdiagnostics.com/; 1
default-src  'unsafe-inline' 'self' data: *.agoraspro.cl *.sicapnet.cl *.coneduca.cl *.vimeo.com *.googleapis.com  *.datatables.net  *.youtube.com *.centroclic.cl;       script-src 'unsafe-eval' 'unsafe-inline' data: https://cdnjs.cloudflare.com *.agoraspro.cl *.vimeo.com *.googleapis.com  *.datatables.net  *.youtube.com *.jsdelivr.net;       script-src-elem 'unsafe-inline' 'self' data: https://jquery.com *.cloudflare.com *.jsdelivr.net *.agoraspro.cl *.sicapnet.cl *.vimeo.com *.googleapis.com  *.datatables.net  *.youtube.com;       style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com  *.agoraspro.cl *.vimeo.com *.googleapis.com  *.datatables.net  *.youtube.com *.fontawesome.com;        style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com *.fontawesome.com *.agoraspro.cl;       font-src 'self' https://fonts.gstatic.com https://c.s-microsoft.com *.fontawesome.com data: ;img-src * 'self' blob: data: https: *.agoraspro.cl *.coneduca.cl *.vimeo.com *.googleapis.com  *.datatables.net  *.youtube.com *.centroclic.cl; 1
img-src blob: https://sp.tinymce.com https://agrolavka.by https://api.mapbox.com https://www.google.com https://www.google.by https://www.google-analytics.com data:; script-src 'self' 'unsafe-inline' https://*.com https://cdn.jsdelivr.net https://cdn.tiny.cloud; object-src 'self'; 1
default-src * 'unsafe-inline' data: 'unsafe-eval'; style-src 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://www.googletagmanager.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.googleadservices.com; img-src 'self' blob: data: 'unsafe-inline' https://d1ep5t2hazizj.cloudfront.net https://adservice.google.com https://www.google.co.in https://www.facebook.com https://ad.doubleclick.net; font-src 'self' 'unsafe-eval' data: 'unsafe-inline' https://fonts.gstatic.com; object-src 'self' blob 'unsafe-eval' 1
img-src https://* 'self' data: 1
frame-src 'self' * 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.aliansinews.id *.aliansiindonesia.id *.ampproject.org *.sharethis.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.g.doubleclick.net *.googleadservices.com *.googletagservices.com *.google.com *.twitter.com *.instagram.com ; frame-ancestors 'self'; img-src * 'self' data: https:; connect-src l.sharethis.com pagead2.googlesyndication.com *.google.com *.twitter.com *.instagram.com; frame-src googleads.g.doubleclick.net tpc.googlesyndication.com *.google.com *.twitter.com *.instagram.com; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com https://cdnjs.cloudflare.com *.fonts.googleapis.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.payplace.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.avada.io https://cdnjs.cloudflare.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://get.geojs.io *.avada.io *.cloudflare.com *.paypal.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:  cdn.jsdelivr.net cdnjs.cloudflare.com maps.google.com mdbootstrap.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https:  cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com mdbootstrap.com use.fontawesome.com; report-uri https://www.alleatiperlasalute.it/report-uri/enforce 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-185B077143DA92033CC47B22CF4184A2' 'strict-dynamic'; style-src 'self' fonts.googleapis.com translate.googleapis.com 'nonce-185B077143DA92033CC47B22CF4184A2'; connect-src 'self' https: wss://dnpush.nl; img-src 'self' https: data:; font-src 'self' fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com; base-uri 'none'; media-src 'self'; report-uri https://www.alleenstaande-mamas.nl/API/Site/CspReport 1
frame-ancestors 'self' https://www.allpaintbynumber.com http://*.allpaintbynumber.com; 1
default-src 'self' data: *;style-src 'self' 'unsafe-inline' fonts.googleapis.com code.ionicframework.com blueimp.github.io cdnjs.cloudflare.com maxcdn.bootstrapcdn.com ajax.googleapis.com cdn.jsdelivr.net embed.tawk.to tagmanager.google.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.google.com www.gstatic.com www.googletagmanager.com maps.googleapis.com ssl.google-analytics.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net ajax.googleapis.com snap.licdn.com *.linkedin.com cdnjs.cloudflare.com cdn.ckeditor.com static.doubleclick.net maxcdn.bootstrapcdn.com storage.trafic.ro secure.trafic.ro cdn.jsdelivr.net embed.tawk.to static.hotjar.com script.hotjar.com *.googlesyndication.com *.google.ro *.google.com *.googleadservices.com *.twitter.com *.linkedin.com tagmanager.google.com *.googletagmanager.com consent.cookiebot.com consentcdn.cookiebot.com *.matomo.cloud *.mouseflow.com *.pinimg.com *.trackify.info www.youtube.com *.pinterest.com;font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com maxcdn.bootstrapcdn.com code.ionicframework.com embed.tawk.to;img-src 'self' blob: data: http: https: www.google-analytics.com stats.g.doubleclick.net www.google.com maps.googleapis.com maps.gstatic.com www.google.ro *.facebook.com img.youtube.com i.ytimg.com cdn.ckeditor.com ajax.googleapis.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com googleads.g.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.alphega-farmacie.ro;frame-src 'self' www.google.com www.youtube.com www.youtube-nocookie.com youtube.com youtu.be *.facebook.com *.facebook.net cdnjs.cloudflare.com cdn.ckeditor.com vars.hotjar.com googleads.g.doubleclick.net tpc.googlesyndication.com *.twitter.com bid.g.doubleclick.net club.alphega-farmacie.ro consentcdn.cookiebot.com *.pinterest.com *.issuu.com *.doubleclick.net;connect-src 'self' www.google.com *.google.com google.com www.google.ro *.google.ro www.google-analytics.com *.google-analytics.com stats.g.doubleclick.net www.facebook.com *.facebook.com *.facebook.net www.youtube.com *.youtube.com *.cloudflare.com *.tawk.to hotjar.com *.hotjar.com wss://*.hotjar.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net myaccount.xptsuite.com maps.googleapis.com consentcdn.cookiebot.com *.pinterest.com *.matomo.cloud *.googleapis.com; 1
frame-ancestors *.df-automotive.de *.felgenshop.de 1
default-src 'self' https://maxcdn.bootstrapcdn.com/ https://www.youtube.com/ 'unsafe-inline'; form-action 'self'; script-src 'self' https://maxcdn.bootstrapcdn.com/ https://code.jquery.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/ 'unsafe-inline'; img-src 'self' https://csi.gstatic.com/ 'unsafe-inline'; font-src 'self' https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ 'unsafe-inline'; object-src 'self'; frame-src 'self' https://rajadvt.rajasthan.gov.in/ https://www.youtube.com/ 'unsafe-inline'; media-src 'self'; style-src 'self' https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ 'unsafe-inline';  connect-src 'self' https://www.google-analytics.com/ 'unsafe-inline'; upgrade-insecure-requests; 1
font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com v2.zopim.com *.gstatic.com *.typekit.net *.bootstrapcdn.com *.cloudfront.net *.googleapis.com *.google.ro *.hotjar.com data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.sendsms.ro *.recaptcha.net *.googletagmanager.com *.gstatic.com *.facebook.com *.google.ro 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com *.retargeting.app *.retargeting.biz *.googlesyndication.com *.googletagmanager.com *.demdex.net *.gstatic.com *.google.com *.google.ro *.facebook.com *.hotjar.com *.doubleclick.net data: 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.facebook.com facebook.com google.com *.google.com *.google.ro google.ro *.retargeting.app maps.gstatic.com *.veinteractive.com *.ambra-bijuterii.ro v2.zopim.com *.mobilpay.ro *.klarna.com *.retargeting.biz meetanshi.com *.recaptcha.net *.algolia.com *.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.facebook.net cdn.jsdelivr.net *.cloudflare.com *.googleadservices.com *.google-analytics.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com *.youtube.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://cdnjs.cloudflare.com tracking.retargeting.biz tracking.retargeting.app *.retargeting.biz *.retargeting.app googleads.g.doubleclick.net *.doubleclick.net maps.googleapis.com *.ambra-bijuterii.ro *.zdassets.com v2.zopim.com *.zopim.com widget-mediator.zopim.com *.mobilpay.ro ambra-bijuterii.zendesk.com *.smartlook.com *.smartlook.cloud *.getsmartlook.com *.kissmetrics.com *.arukereso.hu *.arukereso.com *.googlesyndication.com *.recaptcha.net *.googletagmanager.com *.cloudflareinsights.com *.cloudflare.com *.cloudfront.net *.google-analytics.com *.gstatic.com data: *.google.com *.google.ro *.googleapis.com *.googleadservices.com *.mailchimp.com *.fontawesome.com *.facebook.com *.facebook.net cdn.jsdelivr.net *.googleoptimize.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com tracking.retargeting.biz tracking.retargeting.app *.retargeting.biz *.retargeting.app checkout.buckaroo.nl *.mailchimp.com cdn.jsdelivr.net *.gstatic.com *.yotpo.com *.googleapis.com *.getfirebug.com *.google.com *.google.ro *.cloudflare.com *.cloudfront.net *.bootstrapcdn.com data: 'self' 'unsafe-inline'; object-src *.gstatic.com *.facebook.com data: *.google.ro 'self' 'unsafe-inline'; media-src *.adobe.com *.sendsms.ro *.ambra-bijuterii.ro *.retargeting.app *.retargeting.biz ambra-bijuterii.zendesk.com static.zdassets.com *.recaptcha.net *.demdex.net *.google.ro *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com tracking.retargeting.biz tracking.retargeting.app *.retargeting.biz *.retargeting.app *.ambra-bijuterii.ro *.zdassets.com wss://widget-mediator.zopim.com v2.zopim.com *.zopim.com *.mobilpay.ro ambra-bijuterii.zendesk.com assets.adobedtm.com *.adobe.com *.smartlook.com *.smartlook.cloud *.getsmartlook.com *.kissmetrics.com *.cloudfront.net *.recaptcha.net *.googletagmanager.com *.cloudflareinsights.com *.magento.com *.sendinblue.com *.gstatic.com *.cloudflare.com *.google-analytics.com *.doubleclick.net *.google.com *.google.ro https://google.com *.googlesyndication.com *.googleapis.com *.facebook.com data: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com *.geocom.com.uy:9443 *.geocom.com.uy 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.google.com *.addthis.com *.pinterest.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.wikimedia.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://devdocs.magento.com https://magento.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com https://www.googletagmanager.com tagmanager.google.com *.adobedtm.com *.growecommerce.uy https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com unsafe-inline *.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://devdocs.magento.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cloudflare.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
block-all-mixed-content; frame-ancestors *.andaraki.com.br 1
frame-ancestors 'self' animate-onlineshop.co.kr *.animate-onlineshop.co.kr 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' youtube.com *.paysera.com paysera.com *.doubleclick.net doubleclick.net *.googleadservices.com googleadservices.com *.bing.com *.tawk.to *.youtube.com *.ytimg.com *.jsdelivr.net t.ssl.ak.dynamic.tiles.virtualearth.net dev.virtualearth.net placeimg.com data: www.googletagmanager.com maps.googleapis.com www.youtube-nocookie.com www.youtube.com t0-flt.ssl.ak.dynamic.tiles.virtualearth.net fonts.gstatic.com connect.facebook.net www.facebook.com www.google-analytics.com cdnjs.cloudflare.com www.googleapis.com www.gstatic.com maps.gstatic.com www.google.com www.google.lt stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' data: *.jsdelivr.net maps.gstatic.com www.googleapis.com fonts.googleapis.com *.bing.com dev.virtualearth.net; frame-ancestors 'self'; connect-src 'self' *.bing.com virtualearth.net *.virtualearth.net facebook.com *.facebook.com google-analytics.com *.google-analytics.com wss://*.tawk.to *.tawk.to; form-action 'self' bank.paysera.com facebook.com *.facebook.com epaslaugos.lt *.epaslaugos.lt 1
frame-ancestors https://aovivohd.net/ https://detran-br.com/ https://onlinetvhd.net/ https://fotodicas.com/ https://tvdicas.com/ https://search.google.com/ https://apis.google.com 1
geolocation 'self'; iframe-src 'self' 'unsafe-inline' https://maps.google.com/* 1
report-uri https://gate.rapidsec.net/g/r/csp/305c30b0-70f9-4d81-b14c-736bb9b1e1c6/-1/-1/3?sct=182ca942-07ab-48b1-a4cb-9c0083716304&dpos=report;base-uri 'self';block-all-mixed-content;connect-src 'self' https://www.google-analytics.com https://sentry.io https://www.facebook.com https://o112325.ingest.sentry.io https://*.algolianet.com https://*.algolia.net https://stats.g.doubleclick.net *.doubleclick.net *.google.com www.googletagmanager.com translate.googleapis.com translate.google.com www.gstatic.com *.googlesyndication.com www.googletagservices.com about:;default-src 'self';font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://use.fontawesome.com;form-action 'self' https://www.facebook.com *.google.com *.monri.com;frame-src 'self' *.google.com https://www.facebook.com https://saltcdn2.googleapis.com https://www.googletagmanager.com *.doubleclick.net *.googlesyndication.com;img-src 'self' https://cdn.apotekaviva24.ba data: https://www.google.com https://www.google.de https://www.google.co.in https://www.google.rs/ https://www.google.ba https://www.google.hr https://viva-prod.s3.eu-central-1.amazonaws.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://maps.googleapis.com https://www.facebook.com https://www.googletagmanager.com https://static.xx.fbcdn.net https://connect.facebook.net https://googleads.g.doubleclick.net;manifest-src 'self';media-src 'self' dai.google.com;object-src 'self' *.googlesyndication.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google.com https://www.google-analytics.com http://tagmanager.google.com https://use.fontawesome.com https://connect.facebook.net https://saltcdn2.googleapis.com https://*.doubleclick.net https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.googletagmanager.com https://translate.googleapis.com https://translate.google.com www.googletagmanager.com;style-src 'self' 'unsafe-inline' *.google.com https://fonts.googleapis.com https://use.fontawesome.com https://*.googletagmanager.com translate.googleapis.com 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles accanada.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com cdn.weglot.com cdn-api-weglot.com  adservice.google.com manage.kmail-lists.com www.google.com stats.g.doubleclick.net www.googletagmanager.com www.aprilcornell.ca; default-src 'self' s3.amazonaws.com/cdn.aprilcornell.ca/ cdn.commercev3.net/cdn.aprilcornell.ca/ cdn.aprilcornell.ca 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' accanada.commercev3.com s3.amazonaws.com/cdn.aprilcornell.ca/ cdn.commercev3.net/cdn.aprilcornell.ca/ cdn.aprilcornell.ca fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com static3.avast.com data:; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com *.pinterest.com www.google.com platform.twitter.com  view.publitas.com web.facebook.com www.youtube.com *.googlesyndication.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn.aprilcornell.ca/ cdn.commercev3.net/cdn.aprilcornell.ca/ cdn.aprilcornell.ca ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ s3.amazonaws.com stats.g.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com ct.pinterest.com syndication.twitter.com log.pinterest.com  www.google.ca www.google.at res.cloudinary.com googleads.g.doubleclick.net adservice.google.com www.google.com www.google.ca www.gstatic.com; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.aprilcornell.ca/ cdn.commercev3.net/cdn.aprilcornell.ca/ cdn.aprilcornell.ca 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com platform.twitter.com weglot.com www.datadoghq-browser-agent.com assets.pinterest.com  secure.comodo.com weglot.com view.publitas.com weglot.com *.weglot.com tpc.googlesyndication.com; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.aprilcornell.ca/ cdn.commercev3.net/cdn.aprilcornell.ca/ cdn.aprilcornell.ca 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com platform.twitter.com weglot.com www.datadoghq-browser-agent.com assets.pinterest.com  secure.comodo.com weglot.com view.publitas.com weglot.com *.weglot.com tpc.googlesyndication.com; style-src 'self' s3.amazonaws.com/cdn.aprilcornell.ca/ cdn.commercev3.net/cdn.aprilcornell.ca/ cdn.aprilcornell.ca 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn.weglot.com; style-src-elem 'self' s3.amazonaws.com/cdn.aprilcornell.ca/ cdn.commercev3.net/cdn.aprilcornell.ca/ cdn.aprilcornell.ca 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn.weglot.com; style-src-attr  'unsafe-inline'; media-src 'self' accanada.commercev3.com s3.amazonaws.com/cdn.aprilcornell.ca/ cdn.commercev3.net/cdn.aprilcornell.ca/ cdn.aprilcornell.ca www.bing.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'                 https://resource.minwise.co.kr                 https://svc4cdn.minwise.co.kr                 https://svc4cdn.hectoinnovation.co.kr                 https://www.google.com                 https://ajax.googleapis.com                 https://www.google-analytics.com                 https://www.googletagmanager.com                 https://www.googleadservices.com                 https://use.fontawesome.com/                 https://cdnjs.cloudflare.com/                 https://googleads.g.doubleclick.net                 https://maxcdn.bootstrapcdn.com                 https://fonts.googleapis.com                 https://dapi.kakao.com                 https://t1.daumcdn.net                 https://portal.r114.co.kr                 https://deveimage.r114.co.kr                 https://api3.tnkfactory.com                 https://webapi.adpopcorn.com 		https://rum.beusable.net 		https://script.beusable.net 		https://public-common-sdk.s3.ap-northeast-2.amazonaws.com 		https://api.beusably.net ;             frame-ancestors 'self' 1
connect-src     'self'     *.net-technology.net     *.hcaptcha.com     *.youtube.com     *.google.com     *.google.fr     *.gstatic.com     *.googleapis.com     *.google-analytics.com     *.doofinder.com     wss://eu1-layer.doofinder.com     *.googlesyndication.com     https://google.com     https://googleads.g.doubleclick.net     https://stats.g.doubleclick.net     *.payline.com;   default-src     'self'     *.aquapiscine.com     *.hcaptcha.com     *.payline.com     *.net-technology.net     *.youtube.com     *.google.com     *.kelkoogroup.net     *.social-media-system.com     *.facebook.com     *.facebook.net     *.metaffiliation.com     *.gstatic.com     *.googleapis.com     *.google-analytics.com     *.doofinder.com     wss://eu1-layer.doofinder.com     *.googlesyndication.com     *.sentry.io     *.avis-verifies.com     *.doubleclick.net     blob:;   script-src     'self'     'unsafe-inline'     *.aquapiscine.com     *.cdnwidget.com     *.clic2buy.com     *.avis-verifies.com     *.googlesyndication.com     *.youtube.com     *.kk-resources.com     *.kelkoogroup.net     *.social-media-system.com     *.facebook.com     *.facebook.net     *.metaffiliation.com     *.google.com     *.googleapis.com     *.gstatic.com     *.doubleclick.net     *.lgw.io     *.googletagmanager.com     *.google-analytics.com     *.googleadservices.com     *.doofinder.com     *.sentry.io     *.payline.com     *.net-technology.net     *.hcaptcha.com     blob:;   worker-src     blob:;   style-src     'self'     *.googleapis.com     *.doofinder.com     *.net-technology.net     *.hcaptcha.com     *.payline.com     'unsafe-inline';   font-src     'self'     *.googleapis.com     *.bootstrapcdn.com     *.payline.com     *.gstatic.com     media.aquapiscine.com     data:;   img-src     *     data:;   base-uri     'self';   form-action * ;   frame-ancestors     'self' 1
default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*.paypalobjects.com; object-src 'none'; connect-src 'self' https://*.paypalobjects.com; font-src 'self'; frame-src 'self'; base-uri 'self'; frame-ancestors 'self'; manifest-src 'self'; form-action https://www.aranycsillag.net https://www.paypal.com; 1
frame-src 'self' 'unsafe-inline' https://my.matterport.com https://player.vimeo.com https://app.retino.com *.mapy.cz *.dhl.com *.ppl.cz *.dpd.cz *.cpost.cz *.zasilkovna.cz *.cloudflare.com *.dratene-kosiky.cz *.heureka.sk *.youtube.com *.youtu.be *.foxentry.cz *.packeta.com *.geoapify.net *.heureka.cz *.facebook.com *.imedia.cz *.zbozi.cz *.google.com *.n1ed.com *.doubleclick.net *.googlesyndication.com 1
font-src *.fontawesome.com fonts.gstatic.com *.gstatic.com *.googlesyndication.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline';frame-ancestors 'self';frame-src *.cookiebot.com *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com  https://www.google.com/recaptcha/ *.google.fr *.google.com *.googlesyndication.com *.avada.io *.getalma.eu *.doubleclick.net 'self' 'unsafe-inline';img-src * 'self' data: *.googlesyndication.com *.googleadservices.com *.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com maps.googleapis.com maps.gstatic.com *.google.com https://www.google.fr https://fonts.gstatic.com https://www.facebook.com *.bing.com  *.gstatic.com *.doubleclick.net data: 'self' 'unsafe-inline';script-src *.cookiebot.com *.googlesyndication.com *.googleadservices.com *.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com www.googleapis.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com www.gstatic.com www.google.com *.google.com *.gstatic.com *.facebook.com *.bing.com *.axept.io *.facebook.net *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleadservices.com *.fontawesome.com fonts.googleapis.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.google.com *.gstatic.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src maps.googleapis.com https://www.facebook.com *.cookiebot.com *.axept.io *.facebook.com *.google-analytics.com *.googlesyndication.com *.google.com *.doubleclick.net https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';, font-src *.fontawesome.com fonts.gstatic.com *.gstatic.com *.googlesyndication.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline';frame-ancestors 'self';frame-src *.cookiebot.com *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com  https://www.google.com/recaptcha/ *.google.fr *.google.com *.googlesyndication.com *.avada.io *.getalma.eu *.doubleclick.net 'self' 'unsafe-inline';img-src * 'self' data: *.googlesyndication.com *.googleadservices.com *.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com maps.googleapis.com maps.gstatic.com *.google.com https://www.google.fr https://fonts.gstatic.com https://www.facebook.com *.bing.com  *.gstatic.com *.doubleclick.net data: 'self' 'unsafe-inline';script-src *.cookiebot.com *.googlesyndication.com *.googleadservices.com *.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com www.googleapis.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com www.gstatic.com www.google.com *.google.com *.gstatic.com *.facebook.com *.bing.com *.axept.io *.facebook.net *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleadservices.com *.fontawesome.com fonts.googleapis.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.google.com *.gstatic.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src maps.googleapis.com https://www.facebook.com *.cookiebot.com *.axept.io *.facebook.com *.google-analytics.com *.googlesyndication.com *.google.com *.doubleclick.net https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';, font-src *.fontawesome.com fonts.gstatic.com *.gstatic.com *.googlesyndication.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline';frame-ancestors 'self';frame-src *.cookiebot.com *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com  https://www.google.com/recaptcha/ *.google.fr *.google.com *.googlesyndication.com *.avada.io *.getalma.eu *.doubleclick.net 'self' 'unsafe-inline';img-src * 'self' data: *.googlesyndication.com *.googleadservices.com *.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com maps.googleapis.com maps.gstatic.com *.google.com https://www.google.fr https://fonts.gstatic.com https://www.facebook.com *.bing.com  *.gstatic.com *.doubleclick.net data: 'self' 'unsafe-inline';script-src *.cookiebot.com *.googlesyndication.com *.googleadservices.com *.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com www.googleapis.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com www.gstatic.com www.google.com *.google.com *.gstatic.com *.facebook.com *.bing.com *.axept.io *.facebook.net *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleadservices.com *.fontawesome.com fonts.googleapis.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.google.com *.gstatic.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src maps.googleapis.com https://www.facebook.com *.cookiebot.com *.axept.io *.facebook.com *.google-analytics.com *.googlesyndication.com *.google.com *.doubleclick.net https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; frame-src unsafe-inline fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; connect-src www.google-analytics.com stats.g.doubleclick.net/j/ https://googleads.g.doubleclick.net/ https://pagead2.googlesyndication.com/ https://stats.g.doubleclick.net/g/ dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.facebook.net 'self' 'unsafe-inline'; img-src data: www.google.bg/pagead/ www.google.com/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.bg/ads/ga-audiences www.google.com/ads/ga-audiences assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: https://plumrocket.com https://cache.addthiscdn.com/ *.hsforms.net *.hsforms.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; style-src maxcdn.bootstrapcdn.com fonts.googleapis.com *.adobe.com https://static.klaviyo.com *.fontawesome.com *.gstatic.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com *.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com googleapis.com *.fontawesome.com https://fonts.gstatic.com *.gstatic.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; script-src connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com ajax.cloudflare.com/cdn-cgi/scripts/ ssets.adobedtm.com secure.authorize.net test.authorize.net js.braintreegateway.com assets.adobedtm.com *.adobe.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com www.facebook.com graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.google.com *.gstatic.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'none'; form-action 'self'; frame-ancestors 'self'; style-src 'self' 'nonce-hX4mwrQX4MNHpJKw8VKZmiVST69pFzSAkrQyPI/nSfXFwweZMzQ87WEt6gf2xFNTflt9zzo6F/qznCBcAUplEQ==' https://dms5yp4uuu488.cloudfront.net/; script-src 'self' 'nonce-hX4mwrQX4MNHpJKw8VKZmiVST69pFzSAkrQyPI/nSfXFwweZMzQ87WEt6gf2xFNTflt9zzo6F/qznCBcAUplEQ==' https://www.google-analytics.com https://www.googletagmanager.com https://static.line-scdn.net https://dms5yp4uuu488.cloudfront.net/; frame-src 'self' https://dms5yp4uuu488.cloudfront.net/ https://td.doubleclick.net/; img-src 'self' data: https://www.google-analytics.com https://dms5yp4uuu488.cloudfront.net/ https://www.google.co.jp/; worker-src 'self' blob:; font-src 'self' https://dms5yp4uuu488.cloudfront.net/; connect-src 'self' https://www.google-analytics.com https://dms5yp4uuu488.cloudfront.net/ https://stats.g.doubleclick.net/ https://analytics.google.com/; media-src 'self' https://dms5yp4uuu488.cloudfront.net/; block-all-mixed-content; 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://gratis.astroterapeutica.org https://www.astroterapeutica.com 1
object-s    rc 'none'; base-uri 'none'; frame-ancestors 'self'; 1
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; child-src *; 1
default-src 'self' *.img-bcg.eu *.auto24.ee *.auto24.lv *.auto24.lt *.auto24.fi *.mototehnika.ee *.rasketehnika.ee *.veetehnika.ee *.kuldnebors.ee *.vininfo.ee   *.adform.net *.gstatic.com fonts.googleapis.com;             style-src 'self' *.img-bcg.eu *.auto24.ee *.auto24.lv *.auto24.lt *.auto24.fi *.mototehnika.ee *.rasketehnika.ee *.veetehnika.ee *.kuldnebors.ee *.vininfo.ee   *.createjs.com *.adform.net *.adform.com *.seadform.net *.adcanvas.com *.city24.ee *.city24.lv *.kv.ee *.osta.ee *.gstatic.com fonts.googleapis.com 'unsafe-inline';             script-src 'self' *.img-bcg.eu *.auto24.ee *.auto24.lv *.auto24.lt *.auto24.fi *.mototehnika.ee *.rasketehnika.ee *.veetehnika.ee *.kuldnebors.ee *.vininfo.ee   *.cookielaw.org *.onetrust.com *.doubleclick.net *.youtube.com *.ytimg.com *.google.ee *.google.com *.google-analytics.com *.googletagmanager.com *.googletagservices.com *.gstatic.com fonts.googleapis.com *.facebook.com *.facebook.net *.createjs.com *.adform.net *.adform.com *.seadform.net *.adcanvas.com *.city24.ee *.city24.lv *.kv.ee *.osta.ee *.gemius.pl 'unsafe-inline' 'unsafe-eval';             img-src 'self' *.img-bcg.eu *.auto24.ee *.auto24.lv *.auto24.lt *.auto24.fi *.mototehnika.ee *.rasketehnika.ee *.veetehnika.ee *.kuldnebors.ee *.vininfo.ee   *.cookielaw.org *.onetrust.com *.doubleclick.net *.youtube.com *.ytimg.com *.google.ee *.google.com *.google-analytics.com *.googletagmanager.com *.googletagservices.com *.gstatic.com fonts.googleapis.com *.facebook.com *.facebook.net *.createjs.com *.adform.net *.adform.com *.seadform.net *.adcanvas.com *.city24.ee *.city24.lv *.kv.ee *.osta.ee vimeo.com *.vimeo.com *.vimeocdn.com *.every-pay.com *.every-pay.eu data: filesystem: blob:;             connect-src 'self' *.img-bcg.eu *.auto24.ee *.auto24.lv *.auto24.lt *.auto24.fi *.mototehnika.ee *.rasketehnika.ee *.veetehnika.ee *.kuldnebors.ee *.vininfo.ee   *.cookielaw.org *.onetrust.com *.doubleclick.net *.youtube.com *.ytimg.com *.google.ee *.google.com *.google-analytics.com *.googletagmanager.com *.googletagservices.com *.gstatic.com fonts.googleapis.com *.createjs.com *.adform.net *.adform.com *.seadform.net *.adcanvas.com *.city24.ee *.city24.lv *.kv.ee *.osta.ee;             frame-src 'self' *.img-bcg.eu *.auto24.ee *.auto24.lv *.auto24.lt *.auto24.fi *.mototehnika.ee *.rasketehnika.ee *.veetehnika.ee *.kuldnebors.ee *.vininfo.ee   *.doubleclick.net *.youtube.com *.ytimg.com *.google.ee *.google.com *.google-analytics.com *.googletagmanager.com *.googletagservices.com *.gstatic.com fonts.googleapis.com *.facebook.com *.facebook.net vimeo.com *.vimeo.com *.vimeocdn.com *.createjs.com *.adform.net *.adform.com *.seadform.net *.adcanvas.com *.city24.ee *.city24.lv *.kv.ee *.osta.ee *.gemius.pl data:;             frame-ancestors 'self' *.img-bcg.eu *.auto24.ee *.auto24.lv *.auto24.lt *.auto24.fi *.mototehnika.ee *.rasketehnika.ee *.veetehnika.ee *.kuldnebors.ee *.vininfo.ee  ;             object-src 'none';             sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-popups-to-escape-sandbox allow-downloads; 1
default-src 'self' 'unsafe-inline' *.google.com *.ecwid.com *.company.site *.fpapi.io *.fpjs.io *.ipapi.co *.cloudfront.net;                       font-src *  'unsafe-inline';                       style-src * 'self' 'unsafe-inline' *.cloudfront.net ;                       img-src * data: ;                       script-src 'unsafe-inline' 'unsafe-eval' * 'self' *.datatables.net *.cloudflare.com *.google.com *.googleapis.com *.ipapi.co *.cloudfront.net;                        frame-src  *.ezeepayments.com *.google.com  *.ecwid.com  *.ptranz.com *.azurewebsites.net; 1
default-src 'self' *.autofactpro.com *.autofact.cl *.autofact.mx *.autofact.pe *.autofact.com.co;script-src 'self' 'unsafe-inline' 'unsafe-eval' d3js.org d2yyd1h5u9mauk.cloudfront.net http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com bat.bing.com https://www.googleoptimize.com optimize.google.com analytics.google.com user-event-tracker.crazyegg.com https://s3.amazonaws.com/trk.cetrk.com/* browser.sentry-cdn.com *.mkt.autofact.cl mkt.autofact.qa *.mkt.autofact.qa mautic.autofact.qa mautic.autofact.cl optimize.google.com analytics.google.com apis.google.com script.crazyegg.com cdn.ampproject.org *.pagoefectivo.pe pagoefectivo.pe *.sii.cl tagmanager.google.com *.autofactpro.com *.autofact.cl www.google.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net ajax.googleapis.com www.gstatic.com www.youtube.com www.youtube-nocookie.com s.ytimg.com connect.facebook.net *.bootstrapcdn.com *.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net cdn.optimizely.com cdn.carbonads.com dnn506yrbagrg.cloudfront.net static.zdassets.com *.culqi.com blob: embed.typeform.com *.sibautomation.com sibautomation.com analytics.tiktok.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' d3js.org optimize.google.com analytics.google.com tagmanager.google.com *.autofactpro.com fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net cdn.optimizely.com cdn.carbonads.com;img-src 'self' script.hotjar.com bat.bing.com cdnjs.cloudflare.com img.youtube.com csi.gstatic.com *.gstatic.com *.autofactpro.com *.autofactpro.cl *.autofact.cl *.autofact.qa www.google.com www.google.cl www.googleadservices.com www.googletagmanager.com img.youtube.com i.ytimg.com stats.g.doubleclick.net www.facebook.com disqus.com *.disquscdn.com *.g.doubleclick.net *.match.autofact.qa *.match.autofact.cl data: www.google-analytics.com web.facebook.com;font-src 'self' *.autofactpro.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com:* *.bootstrapcdn.com *.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net data: ;frame-ancestors 'self' *.autofactpro.com facebook.com;frame-src 'self' docs.google.com stage-autopress-buckets.s3.us-west-1.amazonaws.com https://vars.hotjar.com *.autofact.cl form.typeform.com accounts.google.com optimize.google.com analytics.google.com  *.ampproject.net pagoefectivo.pe *.pagoefectivo.pe *.sii.cl *.autofactpro.com *.match.autofact.qa *.match.autofact.cl www.google.com www.youtube.com www.youtube-nocookie.com www.facebook.com web.facebook.com staticxx.facebook.com bid.g.doubleclick.net *.culqi.com sibautomation.com *.sibautomation.com *.doubleclick.net;object-src 'self' *.autofactpro.com *.autofact.cl;prefetch-src 'self' *.autofactpro.com *.autofact.cl *.autofact.mx *.autofact.pe *.autofact.com.co *.googleapis.com;connect-src 'self' *.delighted.com *.hotjar.com:* *.hotjar.io:* wss://*.hotjar.com sentry.io *.google.cl 54.242.242.218 *.ampproject.org *.ampproject.net *.autofactpro.com *.autofact.com *.autofact.cl *.autofact.com.co *.autofact.com.mx *.autofact.pe *.autofact.cr *.autofact.com.ar *.g.doubleclick.net cdn.ampproject.org www.googletagmanager.com stats.g.doubleclick.net connect.facebook.net ekr.zdassets.com autofact.zendesk.com plugin.autentia.mb:7777 *.googleapis.com *.ytimg.com *.google.com *.bootstrapcdn.com thrk5e664g.execute-api.us-east-1.amazonaws.com wpoxlbs3w6.execute-api.us-east-1.amazonaws.com *.google-analytics.com ofbern64r9.execute-api.us-east-1.amazonaws.com *.api.retail.autofact.com dnn506yrbagrg.cloudfront.net m21ndjph2i.execute-api.us-east-1.amazonaws.com q6x8glddsl.execute-api.us-east-1.amazonaws.com www.googleadservices.com *.bing.com *.fontawesome.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.facebook.net *.doubleclick.net *.sendinblue.com 7ep5bxwwl6.execute-api.us-east-1.amazonaws.com analytics.tiktok.com *.brevo.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://app.bookitit.com https://unpkg.com https://code.jquery.com https://platform.twitter.com https://translate-pa.googleapis.com https://translate.googleapis.com https://translate.google.com https://www.google.com/ https://www.gstatic.com https://cdn.jsdelivr.net https://www.youtube.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://auvasa.es https://stats.wp.com ; worker-src blob: 'self'; style-src 'self' 'unsafe-inline' https://app.bookitit.com https://unpkg.com https://cdnjs.cloudflare.com https://www.gstatic.com/ https://cdn.jsdelivr.net https://code.jquery.com https://fonts.googleapis.com; font-src 'self' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.gstatic.com https://fonts.gstatic.com data: ; img-src 'self' https://code.jquery.com https://app.bookitit.com https://i.ytimg.com https://happyaddons.com https://ps.w.org https://s.w.org https://secure.gravatar.com https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://syndication.twitter.com https://translate.google.com https://cdn.jsdelivr.net https://translate.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://fonts.gstatic.com https://www.googletagmanager.com https://pixel.wp.com data: ; connect-src 'self' https://yoast.com https://api.telegram.org https://translate.googleapis.com https://region1.google-analytics.com ; frame-src 'self' https://biki.auvasa.es/ https://syndication.twitter.com/ https://platform.twitter.com https://www.youtube.com https://www.google.com/; frame-ancestors 'self' https://biki.auvasa.es/ 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src https: data:; media-src https: data:; 1
default-src 'self' *.google-analytics.com *.google.com *.facebook.com *.facebook.net *.googleapis.com *.addthis.com *.gstatic.com *.verifika.com *.alignetsac.com; img-src 'self' *.google-analytics.com 'unsafe-inline' data: *.genial.ly *.verifika.com *.alignetsac.com; script-src 'self' *.google-analytics.com *.googletagmanager.com *.addthis.com *.addthisedge.com *.facebook.net 'unsafe-inline' 'unsafe-eval' *.verifika.com *.alignetsac.com *.google.com *.gstatic.com z.moatads.com *.youtube.com; style-src 'self' *.googleapis.com 'unsafe-inline' *.verifika.com *.alignetsac.com; frame-src 'self' *.youtube.com *.genial.ly *.verifika.com *.alignetsac.com *.google.com *.google.co.cr *.addthis.com *.soundcloud.com; frame-ancestors 'self' *.verifika.com *.alignetsac.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 	        https://www.google.com 	        https://ajax.googleapis.com 	        https://www.google-analytics.com 	        https://www.googletagmanager.com 		https://www.googleadservices.com 	        https://use.fontawesome.com/ 	        https://cdnjs.cloudflare.com/                 https://googleads.g.doubleclick.net 	        https://maxcdn.bootstrapcdn.com 		https://browser.sentry-cdn.com 		https://4user.yeskey.or.kr 		https://svc2cdn.minwise.co.kr 		https://svc2cdn.hectoinnovation.co.kr 		https://public-common-sdk.s3.ap-northeast-2.amazonaws.com 		https://rum.beusable.net 		https://cdn.flarelane.com 		https://tenping.kr 		https://cdn.mxpnl.com 		https://cdn.treasuredata.com                 https://net-durumi.cyber.go.kr                 https://cdnet.nasmob.com                 https://pagead2.googlesyndication.com                 https://ap02.in.treasuredata.com 		https://script.beusable.net                 https://t1.daumcdn.net; 	    frame-ancestors 'self' 1
frame-ancestors 'self';  report-uri /log/csp-violation 1
default-src cdn.tiny.cloud www.instagram.com td.doubleclick.net cdn.privacytools.com.br www.googletagmanager.com connect.facebook.net www.google-analytics.com www.beirarioconforto.com.br stats.g.doubleclick.net analytics.google.com www.youtube.com; script-src cdn.tiny.cloud cdn.privacytools.com.br www.googletagmanager.com connect.facebook.net www.google-analytics.com www.beirarioconforto.com.br stats.g.doubleclick.net analytics.google.com 'sha256-2L8VnWVUwDSFtyfxIbV4I83gBdUQUizipncjEmhWwcc=' 'sha256-eSV2egO9D1IFOX5zFm5r1GvY99Pnb86pY5sk1U9bWDY=' 'sha256-u5lBV4/FKe7f7EiRO25E1OhErz5rV3BrInMAK8Qa9J4=' 'sha256-aA/p7sA76o2QBaVyUKGQqeTxnpeuQJXxU1EQA4Hkqdo=' 'sha256-7mcymJdXH7keAzZar7V7yQet2bL0WsRtEq+AVJCR8Qs=' 'sha256-3iK1f5HwM9wzldXUyQYp91BVoZ9yJvQ7n5jDeUewCpQ='; style-src  cdn.tiny.cloud pro.fontawesome.com fonts.googleapis.com fonts.gstatic.com cdn.privacytools.com.br www.beirarioconforto.com.br 'unsafe-inline'; img-src * data:; object-src 'none'; font-src fonts.gstatic.com pro.fontawesome.com www.beirarioconforto.com.br data: 1
font-src portal.bulkgate.com *.gstatic.com *.fontawesome.com https://www.beo-car.rs https://beo-car.rs data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com portal.bulkgate.com https://www.facebook.com https://www.beo-car.rs https://beo-car.rs https://bib.eway2pay.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com portal.bulkgate.com https://www.facebook.com https://www.beo-car.rs https://beo-car.rs *.yandex.ru *.yandex.com *.doubleclick.net *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io portal.bulkgate.com *.googleapis.com *.gstatic.com https://stats.g.doubleclick.net https://www.google.com https://www.google.rs https://www.facebook.com https://www.googletagmanager.com *.b-cdn.net https://beocar.b-cdn.net https://www.beo-car.rs https://beo-car.rs *.yandex.ru *.yandex.com *.iconfinder.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ portal.bulkgate.com *.gstatic.com *.avada.io *.googleapis.com *.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.beo-car.rs https://beo-car.rs *.hotjar.com *.yandex.ru *.yandex.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com portal.bulkgate.com *.gstatic.com *.fontawesome.com *.googleapis.com https://www.beo-car.rs https://beo-car.rs *.yandex.ru *.yandex.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.b-cdn.net https://beocar.b-cdn.net https://www.beo-car.rs https://beo-car.rs 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com portal.bulkgate.com *.gstatic.com https://get.geojs.io *.avada.io *.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.beo-car.rs https://beo-car.rs *.hotjar.io *.yandex.ru *.yandex.com *.hotjar.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com fonts.gstatic.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://*.bookerjim.ro/ https://*.berariah.ro/ https://trilete.ro https://cdnjs.cloudflare.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://facebook.com https://www.facebook.com https://google.com https://www.google.com https://google.ro https://www.google.ro data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://*.bookerjim.ro/ https://*.berariah.ro/ https://trilete.ro https://cdnjs.cloudflare.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://facebook.com https://www.facebook.com https://google.com https://www.google.com https://google.ro https://www.google.ro data:;img-src 'self' fonts.googleapis.com fonts.gstatic.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://*.bookerjim.ro/ https://*.berariah.ro/ https://trilete.ro https://cdnjs.cloudflare.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://facebook.com https://www.facebook.com https://google.com https://www.google.com https://google.ro https://www.google.ro data:;font-src 'self' fonts.googleapis.com fonts.gstatic.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://*.bookerjim.ro/ https://*.berariah.ro/ https://trilete.ro https://cdnjs.cloudflare.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://facebook.com https://www.facebook.com https://google.com https://www.google.com https://google.ro https://www.google.ro data:;form-action 'self' https://*.bookerjim.ro/ https://*.berariah.ro/ https://trilete.ro;frame-ancestors 'self' https://*.bookerjim.ro/ https://*.berariah.ro/ https://trilete.ro https://facebook.com https://www.facebook.com https://google.com https://www.google.com https://google.ro https://www.google.ro 1
default-src 'self' 'unsafe-inline' api.berdedd.com  www.google.co.th googleads.g.doubleclick.net tr.line.me www.google.com  stats.g.doubleclick.net  ajax.googleapis.com  www.trustmarkthai.com gateway.autodigi.net d.line-scdn.net www.googleadservices.com fonts.gstatic.com cdn.jsdelivr.net berhoro.com  www.berhoro.com fonts.googleapis.com fonts.static.com www.googletagmanager.com www.google-analytics.com www.gstatic.com; 1
frame-src self * 1
default-src 'self' *.besteloverzicht.nl; script-src 'self' 'nonce-Z9+Sw0XUfBCAxK8Hg8Yebrq63dJu4rXZxxy4QiufJls=' 'unsafe-eval' https://*.googletagmanager.com https://www.clarity.ms https://*.clarity.ms; style-src 'self' 'unsafe-inline'; frame-src 'self' *.besteloverzicht.nl *.elektramat.nl *.elektramat.dev *.groepenkastbestellen.nl; img-src 'self' *.besteloverzicht.nl *.elektramat.nl *.elektramat.dev *.groepenkastbestellen.nl data: blob: https://*.googletagmanager.com https://*.google-analytics.com https://www.clarity.ms https://*.clarity.ms https://c.bing.com; frame-ancestors 'self'; connect-src 'self' *.besteloverzicht.nl *.besteloverzicht.dv https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clarity.ms https://*.clarity.ms 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu *.livechatinc.com https://googleads.g.doubleclick.net https://www.googleadservices.com *.googlesyndication.com https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com data:; form-action 'self'  https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu *.livechatinc.com https://googleads.g.doubleclick.net https://www.googleadservices.com *.googlesyndication.com https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com; frame-ancestors 'self' 1
default-src 'self' *; frame-ancestors 'self'; script-src 'self' data: https://translate.googleapis.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://cdn.webpushr.com/ https://server14.findabilityplatform.com/ https://connect.facebook.net/ https://www.googleadservices.com/ https://translate-pa.googleapis.com/ https://tdns8.gtranslate.net/ https://mc.yandex.ru/ https://cdnjs.cloudflare.com/ https://cdn.conveythis.com/ https://cdn.conveythis.com/ https://www.google-analytics.com/ https://translate.google.com/ https://www.googletagmanager.com/ https://www.bestmigrationconsultant.com/ https://d2ujtwc5c3q8gl.cloudfront.net/ https://gistlangserver.in/ https://www.google.com/ https://www.freevisitorcounters.com/ https://code.jquery.com/ https://www.google.com/recaptcha/api.js https://fonts.googleapis.com/ https://www.gstatic.com/ 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' data: https://www.clarity.ms/ https://cdn.onesignal.com/ https://translate.googleapis.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://cdn.webpushr.com/ https://server14.findabilityplatform.com/ https://connect.facebook.net/ https://www.googleadservices.com/ https://translate-pa.googleapis.com/ https://tdns8.gtranslate.net/ https://mc.yandex.ru/ https://cdnjs.cloudflare.com/ https://cdn.conveythis.com/ https://cdn.conveythis.com/ https://www.google-analytics.com/ https://translate.google.com/ https://www.googletagmanager.com/ https://www.bestmigrationconsultant.com/ https://d2ujtwc5c3q8gl.cloudfront.net/ https://gistlangserver.in/ https://www.google.com/ https://www.freevisitorcounters.com/ https://code.jquery.com/ https://www.google.com/recaptcha/api.js https://fonts.googleapis.com/ https://www.gstatic.com/ 'unsafe-inline'; style-src 'self' https://maxcdn.bootstrapcdn.com/ https://translate.googleapis.com/ https://use.fontawesome.com/ https://server14.findabilityplatform.com/ https://stackpath.bootstrapcdn.com/ https://www.bestmigrationconsultant.com/ https://d2ujtwc5c3q8gl.cloudfront.net https://gistlangserver.in https://fonts.googleapis.com/ https://www.gstatic.com/ 'unsafe-inline';img-src 'self' data: https:;font-src 'self' data: https: 1
default-src * 'self';     style-src * 'self' 'unsafe-inline' 'unsafe-hashes';     img-src * 'self' *.sec-xm41d.com *.w3.org data:;     script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'     *.gstatic.com     *.bootstrapcdn.com     *.googleapis.com     *.cloudflare.com     *.jsdelivr.net     *.jquery.com     *.googletagmanager.com     *.google-analytics.com     *.hotjar.com     *.sec-xm41d.com;     frame-ancestors 'self' X-Frame-Options: DENY 1
frame-ancestors 'self' https://bibliometro.cl; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.adimo.co nexus.ensighten.com tdn.r42tag.com 4dvq37jqcg.execute-api.eu-west-1.amazonaws.com stats.g.doubleclick.net ampcid.google.com analytics.google.com t.svtrd.com *.googletagmanager.com *.google-analytics.com www.youtube.com google-analytics.com www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: data.privacy.ensighten.com t.svtrd.com cm.g.doubleclick.net dmp.adform.net sync-tm.everesttech.net s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' 4dvq37jqcg.execute-api.eu-west-1.amazonaws.com *.google.com *.google-analytics.com nexus.ensighten.com *.adimo.co www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com; font-src 'self' data: data: fonts.gstatic.com fonts.googleapis.com; frame-src 'self' t.svtrd.com www.youtube.com *.adimo.co www.googletagmanager.com; child-src 'self' nexus.ensighten.com www.youtube.com www.googletagmanager.com; worker-src 'self' nexus.ensighten.com www.youtube.com www.googletagmanager.com; report-uri https://www.birramessina.it?gdsih-csp-report; 1
default-src * data: blob: 'self'; font-src * data: ;img-src * data: blob: 'self'; connect-src * data: blob: ws.pusher.com ws-ap1.pusher.com *.pusher.com *.pusherapp.com; script-src * *.pusher.com *.pusherapp.com 'unsafe-eval' 'unsafe-inline'; style-src * 'self' 'unsafe-inline'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com https://js.klarna.com https://www.clarity.ms https://analytics.tiktok.com/i18n/pixel/events.js https://analytics.tiktok.com/i18n/pixel/static/  https://analytics.tiktok.com/api/v2/pixel/act  *.analytics.tiktok.com https://www.appocalypsis.com *.appocalypsis.com  https://metrics.find.gr *.metrics.find.gr *.bestprice.gr *.skroutza.skroutz.gr https://skroutza.skroutz.gr https://test.cleverpoint.gr https://cleverpoint.gr https://apis.google.com https://www.gstatic.com https://z.moatads.com https://static.addtoany.com *.pinterest.com https://analytics.skroutz.gr https://360.bestprice.gr https://www.bestprice.gr https://www.glami.gr https://region1.google-analytics.com https://cdn.stat-track.com/ https://assets.citrusad.net https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://script.crazyegg.com https://go.linkwi.se https://trustmark.gr https://www.youtube.com https://script.crazyegg.com https://insurance.e-satisfaction.gr https://widget-cdn.boxnow.gr https://tracking.retargeting.biz https://api.retargeting.app https://www.googleoptimize.com https://ibanke-commerce.nbg.gr *.cloudflare.com *.nbg.gr *.e-satisfaction.com *.amazonaws.com *.godaddy.com *.adman.gr *.livehelperchat.com *.zopim.com *.ubembed.com *.skroutz.gr https://skroutza.skroutz.gr https://ajax.cloudflare.com *.zdassets.com/ *.hotjar.com; style-src 'self' 'unsafe-inline' https://x.klarnacdn.net https://fonts.googleapis.com *.e-satisfaction.com *.livehelperchat.com https://cdn.jsdelivr.net https://www.googletagmanager.com ; object-src 'self'; img-src 'self' data: https://www.appocalypsis.com www.w3.org https://metrics.find.gr https://c.clarity.ms/c.gif https://local.blablatoys.gr https://www.blablatoys.gr https://analytics.tiktok.com/ *.analytics.tiktok.com region1.google-analytics.com  *.google-analytics.com *.cdninstagram.com https://blablatoysnew.staginglh.com  https://local.blablatoysnew.gr https://www.blablatoys.gr https://static.blablatoys.gr https://www.glami.gr https://www.facebook.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.google.gr https://www.google.com.tr *.pinterest.com https://trustmark.gr *.skroutz.gr *.google.co.uk *.facebook.net *.youtube.com *.e-satisfaction.com  *.doubleclick.net *.godaddy.com *.cdninstagram.com.com https://fonts.gstatic.com/ https://www.googletagmanager https://eu-assets.playground.klarnaservices.com https://eu-assets.klarnaservices.com; font-src 'self' data: https://x.klarnacdn.net https://fonts.gstatic.com https://taxshop.livehelperchat.com; connect-src 'self' https://y.clarity.ms https://metrics.find.gr *.metrics.find.gr https://u.clarity.ms/collect https://b.clarity.ms/collect *.b.clarity.ms https://gt.blablatoys.gr/  https://analytics.tiktok.com/api/v2/pixel/act *.analytics.tiktok.com https://analytics.tiktok.com/api/v2/pixel  https://pagead2.googlesyndication.com *.pagead2.googlesyndication.com https://js.klarna.com https://js.playground.klarna.com https://eu.playground.klarnaevt.com *.eu.playground.klarnaevt.com https://na.playground.klarnaevt.com https://na.klarnaevt.com https://www.youtube.com https://www.bestprice.gr https://static.addtoany.com https://forms.m-pages.com https://t.stat-track.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://tracking.retargeting.app *.facebook.com *.e-satisfaction.com https://googleads.g.doubleclick.net https://adservice.google.com https://www.google.com https://region1.analytics.google.com https://conversionsapi.blablatoys.gr https://taxshop.livehelperchat.com wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com wss://ws8.hotjar.com wss://ws9.hotjar.com wss://ws10.hotjar.com wss://ws11.hotjar.com wss://ws12.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com wss://ws15.hotjar.com wss://ws16.hotjar.com wss://ws17.hotjar.com wss://ws18.hotjar.com wss://ws19.hotjar.com wss://ws20.hotjar.com wss://ws21.hotjar.com wss://ws22.hotjar.com wss://ws23.hotjar.com wss://ws24.hotjar.com wss://ws25.hotjar.com wss://ws26.hotjar.com wss://ws27.hotjar.com wss://ws28.hotjar.com wss://ws29.hotjar.com wss://ws30.hotjar.com wss://ws31.hotjar.com wss://ws32.hotjar.com wss://ws33.hotjar.com wss://ws34.hotjar.com wss://ws35.hotjar.com wss://ws36.hotjar.com wss://ws37.hotjar.com wss://ws38.hotjar.com wss://ws39.hotjar.com wss://ws40.hotjar.com wss://ws41.hotjar.com wss://ws42.hotjar.com wss://ws43.hotjar.com wss://ws44.hotjar.com wss://ws45.hotjar.com wss://ws46.hotjar.com wss://ws47.hotjar.com wss://ws48.hotjar.com wss://ws49.hotjar.com wss://ws50.hotjar.com wss://ws51.hotjar.com wss://ws52.hotjar.com wss://ws53.hotjar.com wss://ws54.hotjar.com wss://ws55.hotjar.com wss://ws56.hotjar.com wss://ws57.hotjar.com wss://ws58.hotjar.com wss://ws59.hotjar.com wss://ws60.hotjar.com wss://ws61.hotjar.com wss://ws62.hotjar.com wss://ws63.hotjar.com wss://ws64.hotjar.com wss://ws65.hotjar.com wss://ws66.hotjar.com wss://ws67.hotjar.com wss://ws68.hotjar.com wss://ws69.hotjar.com wss://ws70.hotjar.com wss://ws71.hotjar.com wss://ws72.hotjar.com wss://ws73.hotjar.com wss://ws74.hotjar.com wss://ws75.hotjar.com wss://ws76.hotjar.com wss://ws77.hotjar.com wss://ws78.hotjar.com wss://ws79.hotjar.com wss://ws80.hotjar.com wss://ws81.hotjar.com wss://ws82.hotjar.com wss://ws83.hotjar.com wss://ws84.hotjar.com wss://ws85.hotjar.com wss://ws86.hotjar.com wss://ws87.hotjar.com wss://ws88.hotjar.com wss://ws89.hotjar.com wss://ws90.hotjar.com wss://ws91.hotjar.com wss://ws92.hotjar.com wss://ws93.hotjar.com wss://ws94.hotjar.com wss://ws95.hotjar.com wss://ws96.hotjar.com wss://ws97.hotjar.com wss://ws98.hotjar.com wss://ws99.hotjar.com *.hotjar.io  *.hotjar.com *.zdassets.com; frame-src *; media-src 'self' 1
default-src 'self' data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; img-src 'self' * data: blob:; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.newrelic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.youtube.com; frame-src 'self' https://www.google.com https://www.facebook.com https://www.youtube.com https://blackmores.chakrarewards.com https://*.a.run.app; connect-src 'self' https://analytics.google.com https://www.google-analytics.com https://*.nr-data.net https://stats.g.doubleclick.net; block-all-mixed-content; upgrade-insecure-requests 1
frame-ancestors https://anyatalk.blitz.ro 1
default-src 'self'; script-src 'self' siteimproveanalytics.com 'unsafe-inline'; img-src data: 'self' *.siteimproveanalytics.io; connect-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' www.youtube-nocookie.com www.youtube.com cdn.laola1.tv player.cloud.wowza.com live.virtual-events.at vimeo.com player.vimeo.com app.lapentor.com playout.3qsdn.com; form-action 'self'; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://www.youtube.com; 1
font-src maxcdn.bootstrapcdn.com https://widgets.trustedshops.com *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sis.redsys.es https://sis-t.redsys.es:25443/sis/realizarPago/utf-8 www.mrw.es/seguimiento_envios/ mygls.gls-spain.es 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com tpc.googlesyndication.com/ td.doubleclick.net/ https://extranet.gls-spain.es/ 'self' 'unsafe-inline'; img-src data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://www.magezon.com *.analytics.google.com bat.bing.com googleads.g.doubleclick.net/ www.facebook.com fonts.gstatic.com *.google-analytics.com www.google.es/ www.google.nl/ www.google.com/ widgets.trustedshops.com blob: *.googletagmanager.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.avada.io cdn.jsdelivr.net bat.bing.com *.cloudflare.com connect.facebook.net widgets.trustedshops.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.fontawesome.com cdn.jsdelivr.net fonts.googleapis.com www.googletagmanager.com widgets.trustedshops.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://get.geojs.io *.avada.io googleads.g.doubleclick.net connect.facebook.net *.google-analytics.com stats.g.doubleclick.net *.googlesyndication.com/ www.google.com/ *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com https://maps.googleapis.com https://mts0.googleapis.com https://mts1.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://connect.facebook.net https://apis.google.com https://www.gstatic.com http://192.168.1.25:35729 https://cdn.ampproject.org https://cdn.agenceici.com/ https://tarteaucitron.io https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://www.googletagmanager.com https://cdn.tarteaucitron.io https://js-eu1.hs-scripts.com https://js-eu1.hscollectedforms.net https://js-eu1.hs-banner.com https://js-eu1.hs-analytics.net https://js-eu1.hsadspixel.net https://js-eu1.hubspot.com 1
default-src 'self' www.google-analytics.com region1.google-analytics.com               ;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com www.googletagmanager.com www.google.com code.jquery.com cdn.jsdelivr.net stackpath.bootstrapcdn.com  www.google-analytics.com Index.js          ;style-src 'self' 'unsafe-inline'     ;img-src 'self' 'unsafe-inline' www.google-analytics.com data:    ;frame-src 'self' www.google.com 1
default-src 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline' https://www.youtube.com https://hai.kemenkeu.go.id https://docs.google.com https://maps.google.com https://www.google.com https://survey.zohopublic.com https://survey.zoho.com;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.googleapis.com data:;font-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.gstatic.com data:;img-src 'self' 'unsafe-inline' https://www.bpdp.or.id https://i0.wp.com https://radarsemarang.jawapos.com https://www.infosawit.com data:; connect-src 'self' 'unsafe-inline' https://analytics.google.com;script-src 'self' 'unsafe-inline' https://hai.kemenkeu.go.id https://cdnjs.cloudflare.com https://cdn.datatables.net https://cdn.jsdelivr.net https://code.jquery.com https://www.googletagmanager.com https://survey.zohopublic.com; 1
frame-ancestors 'self' https://platform.jioretailer.com 1
default-src 'self';                     script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.cloudfront.net *.googletagmanager.com *.google-analytics.com  googleads.g.doubleclick.net https://u.heatmap.it https://code.jquery.com/ https://brconsorcios.com.br https://connect.facebook.net https://ajax.googleapis.com https://seal.godaddy.com;                                                 style-src 'self' 'unsafe-inline' *.googleapis.com https://maxcdn.bootstrapcdn.com  https://cdnjs.cloudflare.com;                                                  img-src 'self'  https://www.googletagmanager.com https://www.google.com https://www.google.com.br https://www.facebook.com https://drive.google.com https://lh3.googleusercontent.com data: https://seal.godaddy.com;                                                  connect-src 'self' *.brconsorcios.com.br popups.rdstation.com.br pageview-notify.rdstation.com.br https://www.google-analytics.com  https://analytics.google.com/  https://stats.g.doubleclick.net/ https://ipinfo.io/json;                                                  font-src 'self'  https://fonts.gstatic.com data: https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com;                                                  media-src 'self' ;                                                  object-src 'none';                                                  frame-src https://www.youtube.com  googleads.g.doubleclick.net https://td.doubleclick.net/ https://brconsorcios.com.br https://app.brconsorcios.lecom.com.br/;                                                  manifest-src 'self';                                                  worker-src 'self' blob:;                                                  base-uri 'self';                                                  form-action 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data:; font-src 'self' use.typekit.net 'unsafe-inline' data:; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 1
script-src 'self' https://js.brickowl.com/ https://platform.twitter.com/ https://js.stripe.com/v3/ https://forum.brickowl.com/plugins/embedvanilla/remote.js https://maps.googleapis.com/maps/api/ https://www.gstatic.com/charts/ https://static.cloudflareinsights.com/ https://cloudflareinsights.com https://widget.packeta.com/ https://widget.trustpilot.com/ https://www.paypalobjects.com/ https://www.paypal.com/ ; style-src 'self' https://css.brickowl.com/ https://js.brickowl.com/ https://www.gstatic.com/charts/ https://fonts.googleapis.com 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; 1
default-src * 'unsafe-inline' 'unsafe-eval' blob: data: ;frame-ancestors 'self' 1
frame-ancestors http://www.briochepasquier-pro.com http://preprod.symphoniepasquier.com https://www.symphoniepasquier.com briochepasquier-pro.com.pasquier-2.test.oceanet.eu 1
default-src: *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://broomees.org https://www.googleadservices.com https://www.googletagmanager.com https://www.facebook.com https://code.jquery.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://www.youtube.com https://checkout.razorpay.com https://unpkg.com https://www.facebook.net https://www.connect.facebook.net https://connect.facebook.net https://facebook.net https://static.hotjar.com https://script.hotjar.com https://googleads.g.doubleclick.net https://clarity.ms https://www.clarity.ms/ https://doubleclick.net https://pdfmake.js https://formbuilder.online https://cdn.socket.io https://cdn.getsimpl.com https://maps.googleapis.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdn.socket.io https://use.fontawesome.com https://fontawesome.com https://cdn.datatables.net https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.datatables.net https://fonts.googleapis.com https://use.fontawesome.com https://code.jquery.com https://fontawesome.com; img-src * data: https://www.facebook.com https://cdn.imgbin.com; font-src 'self' https://fontawesome.com https://use.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://www.youtube.com https://txn.getsimpl.com https://razorpay.com  https://api.razorpay.com https://td.doubleclick.net; connect-src 'self' https://www.google-analytics.com https://broomees.org wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://z.clarity.ms https://analytics.google.com https://stats.g.doubleclick.net https://maps.googleapis.com https://googleapis.com https://translation.googleapis.com; 1
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self'; report-uri http://busuupromo-iq.com/il_reporturi.php?from=csp; report-to csp_endpoint 1
default-src 'unsafe-inline' 'self' data: cakalnedobe.si www.cakalnedobe.si cdn.cakalnedobe.si ads.cakalnedobe.si narocanje.cakalnedobe.si widget.cakalnedobe.si www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net ma.medifit.si data.medifit.si cdn.jsdelivr.net static.hotjar.com fonts.googleapis.com booking.eambulanta.si twemoji.maxcdn.com widget-v4.tidiochat.com code.tidio.co widget-v4.tidiochat.com s3.eu-west-1.amazonaws.com static.mailerlite.com cdn.medifit.si track.mailerlite.com tidio-images-messenger.s3.amazonaws.com cdn-cookieyes.com; font-src 'self' fonts.googleapis.com cdn.cakalnedobe.si fonts.gstatic.com widget-v4.tidiochat.com; connect-src sentry-new.tidio.co socket.tidio.co api-v2.tidio.co https: wss:; frame-src ads.cakalnedobe.si narocanje.cakalnedobe.si enarocanje.cakalnedobe.si booking.eambulanta.si booking.medifit.si ma.medifit.si www.google.com www.youtube.com; 1
script-src 'self' 'unsafe-eval' *.wlresources.com *.acwebconnecting.com 'sha256-e4pYjXQH6ajx5POUxz2FrYEpL/WroFiVF5clf0FNS5g=' https://api.lovense-api.com/api/cam/tipper/v2/tipper.js www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.wlresources.com; connect-src 'self' *.wlresources.com *.acwebconnecting.com wss://*.wlresources.com *.campoints.net https://display.lovense-api.com/api/customer/ *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; report-uri /err0r/js?ts=1721957482; worker-src 'self' blob:; frame-ancestors 'none'; object-src 'self' 1
frame-ancestors 'self'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; font-src fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action www.epay.bg/ 3dsgate.borica.bg/ online.ucfin.bg/ secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.yotpo.com *.facebook.com 'self' 'unsafe-inline'; img-src www.google.com/ www.google.bg/pagead/ www.google.bg/ads/ www.campingrocks.bg https://www.google.bg/ https://campingrocks.bg/* https://campingrocks.bg/uploads/categories/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com https://redchamps.com *.gstatic.com *.yotpo.com *.facebook.com 'self' 'unsafe-inline'; connect-src stats.g.doubleclick.net/ region1.analytics.google.com https://region1.google-analytics.com/ www.google.com/ region1.google-analytics.com https://pagead2.googlesyndication.com/ https://googleads.g.doubleclick.net/ dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://*.ingest.sentry.io https://www.google-analytics.com *.yotpo.com *.google-analytics.com analytics.google.com *.facebook.net 'self' 'unsafe-inline'; frame-src td.doubleclick.net/ www.googletagmanager.com/ www.youtube.com/ www.google.com/ fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://plumrocket.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net/ ajax.cloudflare.com/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.google.com/ www.gstatic.com/ assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.chimpstatic.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io https://www.googletagmanager.com tagmanager.google.com *.yotpo.com analytics.google.com *.facebook.net unpkg.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
upgrade-insecure-requests; report-uri https://canal-tv.com/il_reporturi.php?from=csp; report-to csp_endpoint 1
default-src 'self' https://canariteslearning.com https://cdn.jsdelivr.net https://fonts.googleapis.com/ *.tawk.to wss://*.tawk.to 'unsafe-inline';font-src * data:;script-src 'self' https://cdn.jsdelivr.net https://google.com https://embed.tawk.to 'unsafe-inline' 'unsafe-eval';frame-src * 'unsafe-inline';img-src * data: blob:;media-src * data:;connect-src * 1
default-src 'self'; script-src 'report-sample' 'self'; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
frame-ancestors http://*.campogrande.ms.gov.br 1
default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.google.com.sg/ads/ https://tr.line.me/ https://www.facebook.com/tr/ https://www.google-analytics.com https://www.google.com/ads/ https://stats.g.doubleclick.net https://cm.g.doubleclick.net https://www.google.co.th/ https://ssl.google-analytics.com https://*.onetrust.com/ https://www.google.com/ https://www.google.com.sg/; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.<TLD> https://api.amplitude.com/ https://browser-http-intake.logs.datadoghq.com https://*.onetrust.com https://www.facebook.com/ wss://*.hotjar.com https://*.hotjar.com:* https://sentry.hotjar.com https://content.hotjar.io https://*.hotjar.io https://*.hotjar.io/*; font-src 'self' data: https://script.hotjar.com; worker-src 'self' 'unsafe-inline'; frame-src https://www.facebook.com/ https://connect.facebook.net/ https://www.google.com/recaptcha/ https://www.youtube.com https://vars.hotjar.com/ https://insight.adsrvr.org/ https://bid.g.doubleclick.net/; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' js.adsrvr.org tr.line.me d.line-scdn.net d.line-cdn.net connect.facebook.net *.google-analytics.com/analytics.js *.datadoghq-browser-agent.com *.hotjar.com *.onetrust.com *.googleadservices.com/pagead/conversion_async.js *.googletagmanager.com/gtag/js *.doubleclick.net:* *.google.com:* *.gstatic.com:* https://www.googletagmanager.com; object-src 'none'; report-uri /report-csp-violations 1
script-src: none 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://*.googlesyndication.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com wss://*.liveperson.net; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://checkout.celio.in/checkout/ https://connect.facebook.net https://tr.snapchat.com https://www.celio.in/; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googlesyndication.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://*.liveperson.net https://*.lpsnmedia.net https://*.liveperson.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://stackpath.bootstrapcdn.com; report-to report-endpoint 1
default-src 'self' 'unsafe-inline' https://*; img-src https: data: *; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; style-src 'self' 'unsafe-inline' https:; 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.fontawesome.com *.fonts.googleapis.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com assets.braintreegateway.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.cloudflare.com *.googleapis.com *.addthis.com *.graph.instagram.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://kit.fontawesome.com/ https://www.google-analytics.com/ https://platform.twitter.com/ https://translate.google.com/ https://translate.googleapis.com/ https://connect.facebook.net/ https://translate-pa.googleapis.com/; connect-src 'self' 'unsafe-inline' https://ka-f.fontawesome.com/ https://www.google-analytics.com/ https://translate.googleapis.com/; …aka.gov.in/images/logodddddd.png https://www.google-analytics.com/; frame-src 'self' https://syndication.twitter.com/ https://www.facebook.com/ https://fieo.globallinker.com/ https://maps.google.com/ https://platform.twitter.com/ https://www.google.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://www.hcidhaka.gov.in/ https://www.gstatic.com/; font-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.gstatic.com/ https://www.hcidhaka.gov.in/ https://ka-f.fontawesome.com/; 1
default-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: https: http:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;frame-src 'self' 'unsafe-inline' https:; connect-src 'self' 'unsafe-inline' https:; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-t_KP-yMdNchlInSSzoxxKw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
img-src 'self' data: ; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com www.google-analytics.com 'unsafe-eval' https://*.site24x7rum.com/; 1
font-src *.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com *.gstatic.com data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src *.packeta.com www.google.com *.chantallonline.com 'self' 'unsafe-inline'; img-src *.mailchimp.com *.facebook.com *.google-analytics.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com *.google.com data: 'self' 'unsafe-inline'; script-src chimpstatic.com *.packeta.com *.facebook.net *.list-manage.com *.mailchimp.com www.googleapis.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.mailchimp.com *.bootstrapcdn.com fonts.googleapis.com *.fontawesome.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.packeta.com *.facebook.com *.doubleclick.net *.google-analytics.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';; report-uri https://chantall.report-uri.com/r/d/csp/enforce 1
default-src * 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; font-src * data:; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors *; 1
default-src 'self' code.jquery.com unpkg.com www.mobiledition.com www.lisio-solution.com www.google.com *.addthis.com www.youtube.com player.ausha.co www.marches-publics.info *.habiteo.com *.rhinov.pro *.calameo.com envisite.net *.envisite.net www.youtube-nocookie.com; font-src *;img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.addthis.com unpkg.com www.numanis.net code.jquery.com www.mobiledition.com mobiledition.com www.lisio-solution.com cdnjs.cloudflare.com *.addthis.com www.google.com www.gstatic.com z.moatads.com v1.addthisedge.com *.google.com *.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' unpkg.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.mobiledition.com www.lisio-solution.com *.gstatic.com *.googleapis.com;connect-src 'self' *.googleapis.com *.mobiledition.com www.lisio-solution.com *.addthis.com; frame-src www.achatpublic.com www.google.com www.youtube.com www.lisio-solution.com book.rhinov.pro; 1
font-src data: *.gstatic.com oct8necdneu.azureedge.net *.zopim.com *.retargeted.co *.eficads.net *.adensemble.com *.paypal.com *.vimeocdn.com *.ytimg.com *.adyen.com *.googleapis.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.doubleclick.com *.azureedge.com *.xtento.com *.eficads.com *.demoup.com *.cookiebot.com sw-assets.ekomiapps.de *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es *.cetelem.es *.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.youtube.com *.vimeo.com *.oct8ne.com *.demoup.com youtube.com *.cookiebot.com https://sandbox.sequracdn.com https://live.sequracdn.com live.sequrapi.com *.sequrapi.com *.google.com *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net *.clickelectrodomesticos.com *.zopim.com *.eficads.net *.adensemble.com *.demoup.com youtube.com *.cookiebot.com https://sandbox.sequracdn.com https://live.sequracdn.com *.rawgit.com *.jsdelivr.net smart-widget-assets.ekomiapps.de sw-assets.ekomiapps.de connect.ekomi.de *.retailrocket.net google.nl s.kelkoogroup.net *.facebook.com cdn.doofinder.com https://images.unsplash.com *.ggpht www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.adyen.com chimpstatic.com *.zopim.com *.doofinder.com *.zdassets.com *.aplazame.com *.tradedoubler.com *.retargeted.co *.eficads.net *.adensemble.com *.paypal.com *.ytimg.com *.doubleclick.com *.azureedge.com *.xtento.com *.eficads.com *.cetelem.es *.demoup.com youtube.com https://sandbox.sequracdn.com https://live.sequracdn.com live.sequrapi.com *.sequrapi.com sw-assets.ekomiapps.de connect.ekomi.de smart-widget-assets.ekomiapps.de connect.facebook.net s.kk-resources.com *.newrelic.com bam.eu01.nr-data.net cdn.doofinder.com *.retailrocket.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com sw-assets.ekomiapps.de *.retailrocket.net smart-widget-assets.ekomiapps.de *.doofinder.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.demoup.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.oct8ne.com *.adyen.com *.googleapis.com wss://widget-mediator.zopim.com *.doofinder.com *.zdassets.com *.adensemble.com *.demoup.com youtube.com *.cookiebot.com https://sandbox.sequracdn.com https://live.sequracdn.com smart-widget-assets.ekomiapps.de s.kelkoogroup.net google.com bam.eu01.nr-data.net wss://*.doofinder.com *.retailrocket.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src * data: blob:; font-src * 'unsafe-inline' data: blob:; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com 'unsafe-inline' 'unsafe-eval' app.tuotempo.com https://unpkg.com https://tpc.googlesyndication.com *.clinicaalemana.cl *.omnitok.com https://esencial.omnitok.com esencial.omnitok.com edz87dzoqc.execute-api.us-east-1.amazonaws.com *.googleoptimize.com *.salesforceliveagent.com *.salesforce.com service.force.com *.force.com *.googletagmanager.com https://js.captcha-display.com https://js.datadome.co w.usabilla.com *.usabilla.com *.auth0.com alemana-poc.auth0.com cdn.auth0.com *.cloudfront.net static.zdassets.com v2.zopim.com *.fontawesome.com *.doubleclick.net *.adnxs.com *.mathtag.com *.googleadservices.com *.hotjar.com www.alemana.cl *.alemana.cl *.lfi.cl *.jquery.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com https://www.youtube.com/iframe_api *.google.com https://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.contactshub.cl:* https://contactshub.cl:* contactshub.cl/sdk.js.php https://sdk.examedi.com:* cdnjs.cloudflare.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' *.clinicaalemana.cl edz87dzoqc.execute-api.us-east-1.amazonaws.com *.salesforceliveagent.com *.salesforce.com *.force.com *.aspnetcdn.com *.fontawesome.com *.google.com *.alemana.cl *.lfi.cl *.jquery.com use.fontawesome.com *.cloudfront.net *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com https://dec.azureedge.net tagmanager.google.com web-chat.nativechat.com https://cdn.insight.sitefinity.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.clinicaalemana.cl edz87dzoqc.execute-api.us-east-1.amazonaws.com *.salesforceliveagent.com *.salesforce.com *.force.com *.fontawesome.com * googleads.g.doubleclick.net *.google.cl *.alemana.cl stats.g.doubleclick.net *.google.com *.youtube.com www.google.com s3alemana.s3.amazonaws.com *.s3.amazonaws.com lfi.lfi.cl *.lfi.cl alemana.cl www.alemana.cl i.stack.imgur.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com *.google-analytics.com https://dec.azureedge.net https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.cloudfront.net web-chat.nativechat.com https://cdn.insight.sitefinity.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: c1.sfdcstatic.com d6tizftlrpuof.cloudfront.net *.hotjar.com v2.zopim.com *.fontawesome.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com; frame-src 'self' portal.alemana.cl * *.clinicaalemana.cl *.lfi.cl *.alemana.cl https://optimize.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io web-chat.nativechat.com; connect-src 'self' accounts.google.com *.google-analytics.com app.tuotempo.com www.google.com adservice.google.com solicat.calemanatemuco.cl *.clinicaalemana.cl portal-backend-dev.clinicaalemana.cl *.amazonaws.com c9a41d223g.execute-api.us-east-1.amazonaws.com somosesencial.cl www.somosesencial.cl edz87dzoqc.execute-api.us-east-1.amazonaws.com *.force.com uat-chatservicepoc.cs214.force.com *.alemana.io gtw-prod.alemana.io gtw-dev.alemana.io https://analytics.google.com https://www.facebook.com https://www.googletagmanager.com https://cdn.ampproject.org wss://*.hotjar.com https://accounts.spotify.com https://api.spotify.com https://api-js.datadome.co api.usabilla.com *.cloudfunctions.net *.fontawesome.com *.auth0.com *.cloudfront.net *.alemana.cl wss://widget-mediator.zopim.com ekr.zdassets.com ws1.hotjar.com *.hotjar.com *.hotjar.io stats.g.doubleclick.net www.alemana.cl *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com https://*.dec.sitefinity.com *.mktoresp.com https://api.sbif.cl:* *.contactshub.cl:* wss://sofix6xmbk.execute-api.us-east-1.amazonaws.com https://*.insight.sitefinity.com; media-src 'self' data: blob: *.cloudfront.net; child-src 'self' blob: www.clinicaalemanatemuco.cl *.clinicaalemana.cl *.mathtag.com *.hotjar.com *.alemana.cl *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com web-chat.nativechat.com; frame-ancestors 'self' *.clinicaalemana.cl edz87dzoqc.execute-api.us-east-1.amazonaws.com alemana.cl *.alemana.cl portal.alemana.cl somosesencial.cl www.somosesencial.cl https://www.somosesencial.cl/ 1
default-src *;script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src *; img-src *; frame-ancestors 'none'; 1
default-src *; object-src 'none' 1
default-src 'self' 'unsafe-inline' blob: https://www.google-analytics.com https://*.sharethis.com data:; worker-src 'self' 'unsafe-inline' * blob: https:; media-src https://coneypark.pe/ https://stg-happycityperu.smdigitalstage.com/ https://www.google.com.co/ https://www.google.com/ https: blob:; img-src * data:; font-src 'self' https://fonts.gstatic.com/ https://coneypark.pe/ data:; script-src 'self' https: blob: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com data:; style-src https: 'unsafe-inline' https://coneypark.pe/ https://stg-happycityperu.smdigitalstage.com/ https://www.google-analytics.com data:; frame-src https://www.google.com/ https://static-content-qas.vnforapps.com/:1 https://www.youtube.com https://coneypark.pe/ https://stg-happycityperu.smdigitalstage.com/ https://mc.yandex.ru/ data:; connect-src https: https://coneypark.pe/ https://stg-happycityperu.smdigitalstage.com/ data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.gstatic.com https://track.innovatedm.com https://services.postcodeanywhere.co.uk https://sc-static.net https://tr.snapchat.com https://tr-shadow.snapchat.com https://pixel.tapad.com https://fonts.googleapis.com/css2 https://sc-static.net/scevent.min.js https://ajax.googleapis.com https://cdnjs.cloudflare.com https://kwlwg11111.pcapredict.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://region1.google-analytics.com https://fonts.cdnfonts.com; img-src https: data:; object-src 'self' 1
frame-ancestors 'self' https://contadores.cnt.br https://www.contadores.cnt.br https://icnex.com.br https://www.icnex.com.br 1
script-src 'unsafe-inline' 'unsafe-eval' www.contatinhovip.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://nominatim.openstreetmap.org 1
frame-ancestors 'self' canvas-test.conversa.com.mx; 1
frame-ancestors 'self' https://coolcard.se https://coolcard.starwebserver.se 1
base-uri 'self' ; default-src 'self' ; script-src 'nonce-6c825afc6d4c58586a19930706573a32979e2f6b9a3e79638130e725593e078f584154349bb0911d671bdaac3bd422b8fa25aa98d36cc672b0f0e3bf07aa240d' 'strict-dynamic' https://*.googletagmanager.com https://*.googlesyndication.com https://connect.facebook.net https://*.hotjar.com ; font-src 'self' https://corissia.com/hotels/ https://*.hotjar.com https://*.tawk.to/ ; img-src 'self' https://corissia.com/hotels/ https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com https://www.google.gr https://www.google.de https://www.google.at https://www.google.ch https://www.google.co.uk https://googleads.g.doubleclick.net https://bat.bing.com/ https://quickchart.io https://www.facebook.com/ https://*.hotjar.com https://*.tawk.to/ https://cdn.jsdelivr.net/ ; media-src 'self' https://corissia.com/hotels/ ; style-src 'self' 'unsafe-inline' https://corissia.com/hotels/ https://*.tawk.to/ ; connect-src https://*.googlesyndication.com/ https://www.google.com/ https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.facebook.com/ https://geoip-api.cleverpush.com/ https://api.cleverpush.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.tawk.to wss://*.tawk.to https://widgets.skyscanner.net/; frame-src https://*.doubleclick.net/ https://*.googlesyndication.com/ https://www.facebook.com/ https://www.youtube-nocookie.com https://www.youtube.com https://corissia.mycleverpush.com/ https://*.livechatai.com https://*.hotjar.com https://widgets.kiwi.com/ https://www.viator.com/ https://widgets.skyscanner.net/ ; worker-src https://corissia.com/cleverpush-worker.js ; object-src 'none' ; 1
default-src 'self' maps.google.com www.google.com  js.stripe.com www.facebook.com syndication.twitter.com www.youtube.com platform.twitter.com;        script-src 'self'   js.stripe.com code.jquery.com s7.addthis.com cdn.jsdelivr.net cdn.rawgit.com connect.facebook.net platform.twitter.com maps.googleapis.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com 'unsafe-inline' 'unsafe-eval';        style-src 'self' cdn.jsdelivr.net ajax.googleapis.com cdn.rawgit.com code.jquery.com 'unsafe-inline' ;        connect-src 'self' soccerleagues.comortais.com/MobileService.asmx/getOrgPage www.google-analytics.com maps.googleapis.com;        img-src 'self' lsl.ie cdn3.livescore.com maps.googleapis.com www.carlowsoccer.ie bodibro.ie scontent-dub4-1.xx.fbcdn.net media.info www.wexfordschoolboys.ie kdul.ie www.kdul.ie i.imgur.com code.jquery.com comortais.com fbcdn-profile-a.akamaihd.net ajax.googleapis.com soccerleagues.comortais.com www.comortais.com dev.comortais.com test.comortais.com www.googletagmanager.com syndication.twitter.com data:;        font-src 'self'; 1
worker-src blob:; font-src *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com *.hotjar.com *.icons8.com *.fontawesome.com www.searchanise.com *.searchserverapi.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.searchanise.com *.searchserverapi.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com/ *.meetanshi.com js.mollie.com *.google.com *.hotjar.com *.kiyoh.com chat.chatra.io td.doubleclick.net embed.pakketdienstqls.nl *.googletagmanager.com www.searchanise.com *.searchserverapi.com *.twitter.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.alothemes.com *.magepow.com https://www.magezon.com *.meetanshi.com https://www.mollie.com *.google.com *.google.nl stats.g.doubleclick.net *.googleadservices.com *.google-analytics.com *.gstatic.com https://www.crcouture.nl/media/wysiwyg/logo_phildar.png https://www.crcouture.nl/media/wysiwyg/logo_zweigart.jpg https://www.crcouture.nl/media/wysiwyg/logos/logo-thea.jpg bat.bing.com phosphor.utils.elfsightcdn.com *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com *.facebook.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.alothemes.com *.magepow.com *.google.com *.meetanshi.com js.mollie.com *.facebook.net *.fontawesome.com *.giropay.de *.googleapis.com *.gstatic.com *.hotjar.com *.googletagmanager.com *.doubleclick.net *.searchserverapi.com searchserverapi.com static.elfsight.com *.ecookie.nl chat.chatra.io call.chatra.io bat.bing.com ads.creative-serving.com static.zdassets.com *.addthis.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com https://www.googletagmanager.com tagmanager.google.com unpkg.com www.xtento.com cdn.xtento.com embed.pakketdienstqls.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com *.fontawesome.com *.giropay.de *.googleapis.com *.icons8.com https://www.ecookie.nl/build/inject/styles.a2f1759d.css www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.alothemes.com *.magepow.com *.meetanshi.com *.bootstrapcdn.com *.gstatic.com *.googleadservices.com *.analytics.google.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.doubleclick.net core.service.elfsight.com storage.elfsight.com bat.bing.com ekr.zdassets.com crcouture.zendesk.com zendesk-eu.my.sentry.io api.amplitude.com stats.g.doubleclick.net *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * data: mediastream: blob: filesystem: ws: wss: 'unsafe-inline' 'unsafe-eval'; font-src * data: blob: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src * data: blob:; frame-ancestors * data: blob: 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.crocs.com.hk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com https://accounts.google.com *.google.com *.addthis.com *.pinterest.com *.scarabresearch.com *.emarsys.net *.crocs.com.hk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.crocs.com.hk *.srlhk.com *.omguk.com *.chinesean.com *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googletagmanager.com *.facebook.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://accounts.google.com https://www.gstatic.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com *.scarabresearch.com *.crocs.com.hk *.omguk.com userjournies.com *.trendmicro.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com https://accounts.google.com https://www.gstatic.com *.googleapis.com *.crocs.com.hk *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://accounts.google.com *.cloudflare.com *.googleapis.com *.addthis.com *.graph.instagram.com *.scarabresearch.com *.emarsys.net *.crocs.com.hk userjournies.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src 'self' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'self' 'unsafe-eval' currysbeamazing.co.uk www.google.com/jsapi code.jquery.com www.google-analytics.com ajax.googleapis.com code.createjs.com www.googletagmanager.com www.gstatic.com kit-pro.fontawesome.com kit.fontawesome.com player.vimeo.com cdnjs.cloudflare.com unpkg.com cdn.skypack.dev cdn.jsdelivr.net;img-src https: 'self' blob: data:; 1
default-src 'unsafe-inline' 'unsafe-eval' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' 'unsafe-eval' https: data:; img-src 'unsafe-inline' 'unsafe-eval' https: data:; connect-src 'unsafe-inline' 'unsafe-eval' https: data:; font-src 'unsafe-inline' 'unsafe-eval' https: data: https://*.googleapis.com; media-src 'unsafe-inline' 'unsafe-eval' https: data:; report-uri 'unsafe-inline' 'unsafe-eval' https: data:; child-src 'unsafe-inline' 'unsafe-eval' https: data:; frame-ancestors 'self' https:; object-src 'self' https:; frame-src 'self' https:; worker-src 'self' https:; manifest-src 'self' https: https://*.cloudflare.com; base-uri 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content 1
frame-ancestors 'self' https://curucuru.jp https://www.curucuru.jp https://prod-apnortheast-a.online.tableau.com; form-action 'self' https://www.facebook.com https://pt01.mul-pay.jp https://p01.mul-pay.jp https://sentry.io; 1
base-uri 'self';connect-src 'self' https://cvmpawnshops.maxxconsole.com;default-src 'self';form-action 'self';img-src 'self' https://cvmpawnshops.maxxconsole.com data: blob:;font-src 'self' data: https://fonts.gstatic.com;media-src 'self';object-src 'none';script-src 'self' 'nonce-1bbs5eZdabyc7rHySUrgk6MQRG3tQWtN';style-src-elem 'self' 'unsafe-inline' 'report-sample';style-src 'self' 'unsafe-inline' 'report-sample' 1
default-src https://payment-gateway.tosspayments.com https://developers.kakao.com https://t1.kakaocdn.net https://www.1365.go.kr https://checkout.tosspayments.com https://www.google-analytics.com blob: 10.50.3.172:80 10.1.7.118:389 152.99.88.156:50201 152.99.57.127:389 ap.onepass.go.kr:53010 211.218.53.205:53010 https://xpayvvipclient.tosspayments.com https://xpayclient.lgdacom.net http://xpayclient.lgdacom.net:7080 xpayclient.lgdacom.net:7443 http://www.cwg.go.kr http://council.cwg.go.kr https://council.cwg.go.kr   xpay.lgdacom.net:7443 ws://www.cwg.go.kr:8080 wss://www.cwg.go.kr:8443 ws://www.cwg.go.kr wss://www.cwg.go.kr:443 wss://152.99.172.11 wss://www.cwg.go.kr https://t1.daumcdn.net https://s1.daumcdn.net https://www.hanshinit.co.kr https://www.cwg.go.kr https://www.epeople.go.kr https://www.data.go.kr https://8oi9s0nnth.apigw.ntruss.com https://www.youtube.com http://service.hanshinit.co.kr https://xpay.lgdacom.net https://xpay.uplus.co.kr https://xpay.uplus.co.kr:9443 https://pretest.uplus.co.kr:9443 http://pgweb.tosspayments.com:9090 *.daum.net *.kakao.com; style-src 'self' 'unsafe-inline' https://payment-gateway.tosspayments.com https://developers.kakao.com https://t1.kakaocdn.net https://www.1365.go.kr https://checkout.tosspayments.com https://www.google-analytics.com blob: 10.50.3.172:80 10.1.7.118:389 152.99.88.156:50201 152.99.57.127:389 ap.onepass.go.kr:53010 211.218.53.205:53010 https://xpayvvipclient.tosspayments.com https://xpayclient.lgdacom.net http://xpayclient.lgdacom.net:7080 xpayclient.lgdacom.net:7443 http://www.cwg.go.kr http://council.cwg.go.kr https://council.cwg.go.kr   xpay.lgdacom.net:7443 ws://www.cwg.go.kr:8080 wss://www.cwg.go.kr:8443 ws://www.cwg.go.kr wss://www.cwg.go.kr:443 wss://www.cwg.go.kr https://www.cwg.go.kr https://t1.daumcdn.net https://s1.daumcdn.net http://pgweb.tosspayments.com:9090 https://xpay.lgdacom.net https://xpay.uplus.co.kr https://xpay.uplus.co.kr:9443 *.daum.net *.daumcdn.net; img-src 'self' https://developers.kakao.com https://t1.kakaocdn.net https://www.1365.go.kr https://checkout.tosspayments.com https://www.google-analytics.com blob: 10.50.3.172:80 10.1.7.118:389 152.99.88.156:50201 152.99.57.127:389 ap.onepass.go.kr:53010 211.218.53.205:53010 https://xpayvvipclient.tosspayments.com https://xpayclient.lgdacom.net http://xpayclient.lgdacom.net:7080 xpayclient.lgdacom.net:7443 http://www.cwg.go.kr http://council.cwg.go.kr https://council.cwg.go.kr   xpay.lgdacom.net:7443 ws://www.cwg.go.kr:8080 wss://www.cwg.go.kr:8443 ws://www.cwg.go.kr wss://www.cwg.go.kr:443 wss://www.cwg.go.kr https://www.cwg.go.kr https://t1.daumcdn.net https://s1.daumcdn.net http://pgweb.tosspayments.com:9090 https://xpay.lgdacom.net https://xpay.uplus.co.kr https://xpay.uplus.co.kr:9443 *.daum.net *.daumcdn.net *.naver.net data: *; script-src 'self' https://developers.kakao.com https://t1.kakaocdn.net https://www.1365.go.kr https://checkout.tosspayments.com https://www.google-analytics.com blob: 10.50.3.172:80 10.1.7.118:389 152.99.88.156:50201 152.99.57.127:389 ap.onepass.go.kr:53010 211.218.53.205:53010 https://xpayvvipclient.tosspayments.com https://xpayclient.lgdacom.net http://xpayclient.lgdacom.net:7080 xpayclient.lgdacom.net:7443 http://www.cwg.go.kr http://council.cwg.go.kr https://council.cwg.go.kr   xpay.lgdacom.net:7443 ws://www.cwg.go.kr:8080 wss://www.cwg.go.kr:8443 ws://www.cwg.go.kr wss://www.cwg.go.kr:443 wss://www.cwg.go.kr https://www.cwg.go.kr https://t1.daumcdn.net https://s1.daumcdn.net http://pgweb.tosspayments.com:9090 *.kakao.com *.daumcdn.net *.daum.net dapi.kakao.com wcs.naver.net https://xpay.lgdacom.net https://xpay.uplus.co.kr https://xpay.uplus.co.kr:9443 https://www.open.go.kr 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://www.1365.go.kr https://checkout.tosspayments.com https://www.google-analytics.com blob: 10.50.3.172:80 10.1.7.118:389 152.99.88.156:50201 152.99.57.127:389 ap.onepass.go.kr:53010 211.218.53.205:53010 https://xpayvvipclient.tosspayments.com https://xpayclient.lgdacom.net http://xpayclient.lgdacom.net:7080 xpayclient.lgdacom.net:7443 http://www.cwg.go.kr http://council.cwg.go.kr https://council.cwg.go.kr   xpay.lgdacom.net:7443 ws://www.cwg.go.kr:8080 wss://www.cwg.go.kr:8443 ws://www.cwg.go.kr wss://www.cwg.go.kr:443 wss://www.cwg.go.kr https://www.cwg.go.kr https://t1.daumcdn.net https://s1.daumcdn.net http://pgweb.tosspayments.com:9090 https://xpay.lgdacom.net https://xpay.uplus.co.kr https://xpay.uplus.co.kr:9443 https://www.cwg.go.kr https://www.epeople.go.kr *.daum.net; object-src 'self' 1
base-uri 'self';default-src 'self';block-all-mixed-content;frame-ancestors 'self';form-action 'self' ;connect-src 'self' https://resources.chainbox.io https://*.google-analytics.com https://*.analytics.google.com cdn.cookielaw.org *.onetrust.com;font-src 'self' https://cdnjs.cloudflare.com;img-src 'self' data: https://resources.chainbox.io https://images.unsplash.com https://*.google-analytics.com https://*.analytics.google.com cdn.cookielaw.org;media-src https://webservice.cycleservicenordic.com;object-src 'none' ;script-src 'self' 'unsafe-eval' 'strict-dynamic' 'nonce-cmHjn57Fqh11sx0nCVaMbFV8+sN6A/6j0C6gmR+QccY=' https://www.googletagmanager.com https://*.google-analytics.com cdn.cookielaw.org;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com;frame-src 'self' *.cycleservicenordic.com; 1
default-src 'self' 'unsafe-inline' data: blob: *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.facebook.net *.facebook.com *.fbcdn.net *.atdmt.com *.top.ge *.youtube.com *.ytimg.com 1
default-src https://www.googletagmanager.com 'self' ka-f.fontawesome.com dakotacargo.co.id 'unsafe-inline';script-src https://www.googletagmanager.com 'self' www.dakotacargo.co.id https://ajax.googleapis.com https://ssl.google-analytics.com https://www.gstatic.com kit.fontawesome.com cdn.syncfusion.com cdnjs.cloudflare.com pagead2.googlesyndication.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com 'unsafe-inline'; style-src 'self' dakotacargo.co.id www.gstatic.com cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com www.w3schools.com cdn.syncfusion.com cdn.jsdelivr.net pagead2.googlesyndication.com https://use.fontawesome.com 'unsafe-inline'; object-src 'self' https://dakotacargo.co.id pagead2.googlesyndication.com 'unsafe-inline';img-src www.googletagmanager.com https://www.google.com 'self' www.w3.org pagead2.googlesyndication.com 'unsafe-inline';base-uri 'self' pagead2.googlesyndication.com;form-action 'self'; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com use.fontawesome.com 'unsafe-inline'; frame-src 'self' maps.google.com www.google.com www.youtube.com pagead2.googlesyndication.com https://bid.g.doubleclick.net 'unsafe-inline'; connect-src 'self' dakotacargo.co.id https://www.google-analytics.com 'unsafe-inline'; 1
font-src *.googleapis.com https://www.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors view.publitas.com publish.folders.eu www.defrancq.be 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.google.com/ *.doubleclick.net https://www.facebook.com/ https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.list-manage.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com https://*.gstatic.com 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net https://stats.g.doubleclick.net/ *.googletagmanager.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com blob: http://www.defrancq.be/ http://media.defrancq.be/ https://www.defrancq.be/ https://media.defrancq.be/ http://*.studioemma.com/ https://*.studioemma.com/ http://www.defrancq.docker/ https://www.defrancq.docker/ http://next.www.defrancq.be.cs242.studioemma.com/ https://next.www.defrancq.be.cs242.studioemma.com/ https://www.google.be/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com https://www.gstatic.com/ https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.addthis.com https://unpkg.com/ http://www.defrancq.be/ http://media.defrancq.be/ https://www.defrancq.be/ https://media.defrancq.be/ https://*.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com https://pagead2.googlesyndication.com/ http://dpm.demdex.net/ https://*.g.doubleclick.net/ https://maps.googleapis.com/ *.google.com *.google.be https://api.spott.ai/ https://lottie.host/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri http://www.defrancq.be/ http://media.defrancq.be/ https://www.defrancq.be/ https://media.defrancq.be/ 'self' 'unsafe-inline'; 1
default-src 'self' https://metrics.hotjar.io/ https://cdn-prod.securiti.ai/consent/ https://api-js.mixpanel.com/track/ https://analytics.google.com/ https://td.doubleclick.net/ https://www.googletagmanager.com https://www.google.com/;base-uri 'self';font-src 'self' https://*.hotjar.com https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data: https://storage.googleapis.com/ https://www.facebook.com/ https://googleads.g.doubleclick.net https://*.hotjar.io/ https://*.hotjar.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.br/;connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com/ https://cdn-prod.securiti.ai/ https://api-js.mixpanel.com/ https://analytics.google.com/ https://www.google.com.br/ads/ https://engineering.alliar.com/ https://tech.alliar.com/ https://app.securiti.ai/ https://stats.g.doubleclick.net/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.br https://tech-digital.allianca.com/;script-src 'self' https://cdn-prod.securiti.ai/consent/ https://*.hotjar.com/ https://googleads.g.doubleclick.net/ https://analytics.google.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://api-js.mixpanel.com/track/ https://connect.facebook.net/ https://www.googleadservices.com/ https://*.googletagmanager.com https://www.gstatic.com/ 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com/ https://assets.allianca.com/ https://snap.licdn.com/;script-src-attr 'none';style-src 'self' https://*.hotjar.com https: 'unsafe-inline';upgrade-insecure-requests 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; worker-src 'self' blob: 1
frame-ancestors https://app.reskyt.com https://app.deporvillage.nl 1
connect-src 'self' *.google-analytics.com *.vimeo.com *.cookielaw.org *.onetrust.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com api.openweathermap.org;default-src 'self';frame-ancestors 'self' data: mediastream: blob: https://s3.eu-west-1.amazonaws.com;frame-src 'self' *.dermaclub.com.ua *.cloudfront.net *.eu-west-1.amazonaws.com *.cookielaw.org *.powerbi.com *.youtube.com *.bootstrapcdn.com code.jquery.com https://ssl.google-analytics.com *.google-analytics.com *.gstatic.com *.vimeo.com *.cloudflare.com *.google.com *.googletagmanager.com *.lorealcontent.com.ua;media-src 'self'  *.cloudfront.net  blob: data: *.powerbi.com *.dermaclub.com.ua *.vimeo.com *.amazonaws.com  *.lorealcontent.com.ua;object-src 'self' *.eu-west-1.amazonaws.com; script-src 'self' 'unsafe-eval' 'unsafe-inline'  *.cloudfront.net *.cookielaw.org *.vimeo.com *.dermaclub.com.ua code.jquery.com https://ssl.google-analytics.com *.google-analytics.com *.gstatic.com *.cloudflare.com *.google.com *.googletagmanager.com *.tagmanager.google.com *.hotjar.com *.openweathermap.org;style-src 'self' 'unsafe-inline'  *.cookielaw.org *.vimeo.com *.bootstrapcdn.com *.googleapis.com *.google-analytics.com  *.googletagmanager.com *.tagmanager.google.com;font-src 'self' data:  *.cookielaw.org *.bootstrapcdn.com *.dermaclub.com.ua https://ssl.google-analytics.com *.google-analytics.com *.gstatic.com *.cloudflare.com *.google.com *.googletagmanager.com *.tagmanager.google.com;img-src * 'self' 'unsafe-inline' data:  *.cookielaw.org *.dermaclub.com.ua *.vimeo.com *.amazonaws.com code.jquery.com https://ssl.google-analytics.com *.google-analytics.com *.gstatic.com *.cloudflare.com *.google.com  *.googletagmanager.com *.tagmanager.google.com  *.lorealcontent.com.ua 1
default-src *.google-analytics.com *.snapengage.com *.licdn.com *.bing.com *.linkedin.com *.oribi.io *.clarity.ms *.googletagmanager.com t.adcell.com; font-src  'self' data: *.linkedin.com *.oribi.io *.clarity.ms cdn.builder.io cdnjs.cloudflare.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com sandbox.paypal.com *.snapengage.com *.licdn.com *.bing.com *.linkedin.com *.oribi.io *.clarity.ms *.googletagmanager.com; img-src 'self' data: *.googleapis.com t.adcell.com *.gravatar.com *.google.de *.facebook.com *.google.com *.google-analytics.com *.snapengage.com *.vimeocdn.com fonts.gstatic.com  www.designenlassen.de www.designonclick.com www.designonclick.nl www.designonclick.fr www.designenlassen.at www.designen-lassen.ch www.designonclick.be www.testdl.de *.amazonaws.com *.licdn.com *.bing.com *.linkedin.com *.oribi.io *.clarity.ms *.googletagmanager.com *.superclix.de *.googleadservices.com *.doubleclick.net cdn.builder.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.etracker.de *.etracker.com *.licdn.com *.bing.com t.adcell.com  *.linkedin.com *.oribi.io *.clarity.ms *.googletagmanager.com *.google.com *.gstatic.com *.paypalobjects.com *.paypal.com *.adroll.com *.ampproject.org *.jquerytools.org *.google-analytics.com *.snapengage.com *.facebook.net *.mouseflow.com *.doubleclick.net *.googleadservices.com cdn.builder.io; frame-src 'self' *.doubleclick.net *.paypal.com *.facebook.com *.google.com *.vimeo.com t.adcell.com *.trustpilot.com/ *.builder.io; report-uri https://designenlassen.report-uri.com/r/d/csp/enforce; connect-src 'self' *.linkedin.com *.oribi.io *.clarity.ms *.doubleclick.net *.mouseflow.com t.adcell.com *.snapengage.com *.analytics.google.com *.google-analytics.com *.googlesyndication.com cdn.builder.io; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mouseflow.com *.googleapis.com *.tiny.cloud 1
default-src * data: blob:  about: ws: wss: 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' https://ssol.co https://*.inchcapedigital.com; 1
object-src 'none'; frame-ancestors 'self'; report-uri http://dges.edu.uy/report-uri/enforce 1
default-src 'self';         script-src 'self' 'Unsafe-Eval' 'Unsafe-Inline' https://cdnjs.cloudflare.com https://apis.google.com https://connect.facebook.net https://platform.twitter.com https://player.vimeo.com/api/player.js https://www.googletagmanager.com https://www.youtube.com;         style-src 'unsafe-inline' 'self' https://code.jquery.com https://fonts.googleapis.com;         object-src 'none';         base-uri 'self';         connect-src 'self' https://www.google-analytics.com;         font-src 'self' data: https://fonts.gstatic.com;         frame-src 'self' https://maps.google.com https://accounts.google.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://www.youtube.com;         img-src 'self' data: https://assets.elementor.com https://s.w.org https://ps.w.org https://secure.gravatar.com https://ssl.gstatic.com https://syndication.twitter.com;         manifest-src 'self';         media-src 'self';         frame-ancestors 'self';        worker-src blob:; 1
frame-ancestors https://*.randstad.es; 1
frame-ancestors 'self' https://www.diyhomever.com http://*.diyhomever.com; 1
frame-ancestors 'self' *.doppelherz.de *.dppim.gfeserver.de *.doppelherz.ae *.doppelherz.at *.doppelherz.bg *.doppelherz.com *.doppelherz.co.ao *.doppelherz.co.id *.doppelherz.co.kr *.doppelherz-algeria.com *.doppelherz.com.kw *.doppelherz-iraq.com *.doppelherz.dj *.doppelherz.eg *.doppelherz.es *.doppelherz.fr *.doppelherz.hr *.doppelherz.hu *.doppelherz.it *.doppelherz.me *.doppelherz.mk *.doppelherz.ng *.doppelherz.pl *.doppelherz.pt *.doppelherz.ro *.doppelherz.rs *.doppelherz.sg *.doppelherz.tn *.doppelherz.ug *.doppelherz.ru *.doppelherz.com.tr *.doppelherz.com.gh *.doppelherz.cm *.doppelherz.ge *.doppelherz.qa *.doppelherz.cz *.doppelherz.si *.doppelherz-southkorea.com *.doppelherz.ua *.doppelherz.ch *.doppelherz.tw *.queisser.de *.queisser.com *.queisser.pl *.doppelherz.ma *.doppelherz.ba 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' blob: https://cdnjs.cloudflare.com/ https://www.google.com/ https://www.gstatic.com/ https://code.jquery.com/ https://www.googletagmanager.com/ https://interpreter.getbw.me/ https://*.google-analytics.com/ https://ajax.googleapis.com/ https://static.opentok.com/;connect-src blob: 'self' https://*.google-analytics.com/ https://api.tdl.com.ua/ ;img-src 'self' https://*.google-analytics.com/ https://*.ytimg.com/ data: 'self' https://api.tdl.com.ua/ ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://api.tdl.com.ua/ https://cdnjs.cloudflare.com/ ;frame-src 'self' https://www.google.com/ https://www.youtube.com/;font-src 'self' data: https://fonts.gstatic.com/;media-src 'self' https://api.tdl.com.ua/  1
report-uri https://sentry.io/api/129282/csp-report/?sentry_key=d1aeb0f640b248d69f085b3642f8df57; base-uri 'none'; frame-ancestors 'none'; default-src 'none'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self'; img-src 'self' data: www.google-analytics.com; script-src 'self' www.google-analytics.com cdnjs.cloudflare.com code.jquery.com 'sha256-a7OBOH99lajyXC8bxICvAh2aksl6SgFLD506dTcfQFQ=' 'sha256-VRBARAVNUSvuIdFZpDBr56kc0oKLVfrFhA1aXkCN71U=' 'sha256-2iCxeHHASQ+VFLcMuQrkSqqdAeAbCitvzevZyzm+7DE='; connect-src www.google-analytics.com 1
script-src 'self' *.parom.hu *.ducitars.hu *.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.googleadservices.com *.gstatic.com *.doubleclick.net cdn.speedcurve.com creativecdn.com *.gemius.pl *.google-analytics.com *.hotjar.com *.google.com *.cloudflare.com *.cloudflareinsights.com *.googletagmanager.com *.google.hu *.googlesyndication.com *.googletagservices.com fonts.gstatic.com cdn.ampproject.org *.clarity.ms connect.facebook.net *.quantcount.com *.quantserve.com *.inmobi.com 'unsafe-inline' 'unsafe-eval'; img-src * data: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://*.googlesyndication.com https://static.criteo.net https://connect.facebook.net https://creativecdn.com https://*.hotjar.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://sslwidget.criteo.com https://api.useinsider.com https://sc-static.net https://tags.creativecdn.com https://www.google.com https://www.gstatic.com https://onesignal.com https://*.onesignal.com; frame-src 'self' https://www.youtube.com https://youtube.com https://td.doubleclick.net; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: pay.google.com merchant.revolut.com sandbox-merchant.revolut.com cdn.jsdelivr.net www.paypalobjects.com www.paypal.com hcaptcha.com *.hcaptcha.com cdn.sift.com ajax.googleapis.com maps.google.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net hcaptcha.com *.hcaptcha.com fonts.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' data: www.gstatic.com d3lc5axmv1xq7g.cloudfront.net www.paypalobjects.com t.paypal.com hexagon-analytics.com ps.w.org s.w.org secure.gravatar.com; connect-src * api.stripe.com; font-src 'self' data: assets.revolut.com fonts.gstatic.com use.fontawesome.com maxcdn.bootstrapcdn.com; form-action 'self'; frame-ancestors 'self'; object-src 'none'; frame-src 'self' pay.google.com merchant.revolut.com sandbox-merchant.revolut.com www.sandbox.paypal.com www.paypal.com hcaptcha.com *.hcaptcha.com www.youtube-nocookie.com; base-uri 'self' 1
frame-ancestors 'self' http://www.transparencia.am.gov.br http://sistemas.sefaz.am.gov.br https://val-siconv.estaleiro.serpro.gov.br; default-src https: data: 'unsafe-inline' 'unsafe-eval'; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; connect-src 'self' *.google-analytics.com https://www.tilastopaja.com wss:; img-src * data:; object-src 'none'; base-uri 'self'; 1
default-src 'self' 'nonce-EpnMLrQ37L';font-src 'self' 'nonce-EpnMLrQ37L' http://fonts.googleapis.com https://fonts.googleapis.com https://font.gstatic.com https://fonts.gstatic.com http://fonts.gstatic.com;style-src-elem 'self' 'nonce-EpnMLrQ37L' http://fonts.googleapis.com https://fonts.googleapis.com https://font.gstatic.com https://fonts.gstatic.com;style-src 'self' 'nonce-EpnMLrQ37L' http://fonts.googleapis.com https://fonts.googleapis.com https://font.gstatic.com https://fonts.gstatic.com;object-src 'self' data:;img-src 'self' data: blob: localhost https://ecms.ph https://www.ecms.ph;frame-src 'self' https://www.google.com; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src https://www.google.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://portal.counciladvertising.net https://ads.counciladvertising.net https://intads.counciladvertising.net https://ibar.counciladvertising.net https://assets.counciladvertising.net https://securepubads.g.doubleclick.net https://adclick.g.doubleclick.net https://pubads.g.doubleclick.net https://ad-emea.doubleclick.net https://pagead2.googlesyndication.com https://ads.doubleclick.net https://ad.doubleclick.net https://googleads.g.doubleclick.net https://partner.googleadservices.com https://googletagservices.com https://cm.g.doubleclick.net https://static.quantcast.mgr.consensu.org; frame-ancestors 'none' ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
frame-src 'self'; img-src 'self' https://matomo.koumbit.net; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.rollbar.com https://matomo.koumbit.net https://matomo.koumbit.net/; style-src 'self' 'unsafe-inline' fonts.googleapis.com; worker-src 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://elportalmigrante.org/en/report-uri/enforce 1
frame-ancestors 'self' https://www.embroideryday.com http://*.embroideryday.com; 1
default-src * 'unsafe-inline' blob:; img-src * 'self' data: ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jwplayer.com *.jwplatform.com *.google-analytics.com *.jwpcdn.com *.googletagmanager.com *.gstatic.com *.google.com blob: * 'self'; 1
default-src 'self'; font-src 'self' 'unsafe-inline' *;img-src 'self' 'unsafe-inline' * data:; script-src 'self' 'unsafe-inline' https://cdn.datatables.net https://maxcdn.bootstrapcdn.com https://connect.facebook.net https://platform.twitter.com/ https://cdn.jsdelivr.net https://www.googleadservices.com https://www.emeds.pk https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://code.jquery.com https://ajax.googleapis.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' *;connect-src 'self' 'unsafe-inline' https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com;frame-src 'self' https://platform.twitter.com https://td.doubleclick.net https://www.facebook.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: ; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: ; style-src data: 'unsafe-inline' https: ;  img-src data: https: blob: ; font-src data: https: ; connect-src https: wss: ;media-src https: blob: ; object-src https: ; child-src https: data: blob: ; form-action https: ; block-all-mixed-content 1
base-uri 'self';connect-src 'self' *;default-src 'self';form-action 'self' *;img-src 'self' * data:;media-src 'self';object-src 'none';frame-src 'self' *;frame-ancestors 'self' https://wavetest.co.uk/ https://dev-wavesystem.co.uk/ https://wavesystem.co.uk/;font-src 'self' * data:;script-src 'self' * 'unsafe-inline' 'unsafe-eval';style-src 'self' * 'unsafe-inline' 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.emprendedores100k.com 1
default-src https:; script-src https: data: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src 'self' data: blob: filesystem: https: http: 'unsafe-inline'; worker-src 'self' blob: 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' https://googleads.g.doubleclick.net https://www.googleadservices.com https://asistenciawebv2.grupokonecta.co:8443 https://asistenciawebv2-dev.grupokonecta.co:5005 https://cdnjs.cloudflare.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://www.youtube.com https://ajax.googleapis.com https://fast.appcues.com https://code.jquery.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.datagran.io https://static.hotjar.com https://script.hotjar.com https://api.ipify.org; style-src 'unsafe-hashes' 'unsafe-inline' 'report-sample' 'self' https://asistenciawebv2.grupokonecta.co:8443 https://cdnjs.cloudflare.com https://fonts.googleapis.com https://use.fontawesome.com https://asistenciawebv2-dev.grupokonecta.co:5005; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://in.hotjar.com https://csmetrics.hotjar.com wss://wsp17.hotjar.com https://content.hotjar.io https://asistenciawebv2-dev.grupokonecta.co:5005 https://asistenciawebv2.grupokonecta.co:8443 https://widget.grupokonecta.co wss://ws.hotjar.com/api/v2/client/ws https://analytics.google.com; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com; frame-src data: 'self' https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://9865914.fls.doubleclick.net https://9919689.fls.doubleclick.net https://98659149865914.fls.doubleclick.net https://td.doubleclick.net; img-src 'self' https://googleads.g.doubleclick.net https://ad.doubleclick.net https://asistenciawebv2.grupokonecta.co:8443 https://i.ytimg.com https://conecta.fidely.net https://tools.fidelitymkt.com https://bidagent.xad.com https://www.facebook.com https://cdn.datagran.io https://www.google.com https://www.google.com.mx https://www.google-analytics.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; worker-src 'none';frame-ancestors 'self' 1
"default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always; 1
frame-ancestors https://estado.sc.gov.br 1
frame-ancestors 'self' esthermall.co.kr *.esthermall.co.kr 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: *.fontawesome.com 'self' data: assets.adobedtm.com www.golasouth.com gola-cloud.localhost mcstaging.golasouth.com etiquetanegra.us mcstaging.etiquetanegra.us etiquetanegra-cloud.localhost data:; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * td.doubleclick.net; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.paypal.com *.typekit.net *.gstatic.com maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: www.mercadolibre.com www.mercadolivre.com www.mercadopago.com.ar *.google.com www.google.com.ar storage.googleapis.com www.google.com.mx www.golasouth.com gola-cloud.localhost mcstaging.golasouth.com etiquetanegra.us mcstaging.etiquetanegra.us etiquetanegra-cloud.localhost content.ib2c.com.ar player.vimeo.com pos.baidu.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.magento-datasolutions.com *.magento-ds.com *.typekit.net google.com *.google.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com *.gstatic.com https://maps.googleapis.com geolocation.onetrust.com *.google-analytics.com secure.mlstatic.com web-sdk.aptrinsic.com esp-m.aptrinsic.com *.fontawesome.com static.hotjar.com script.hotjar.com *.behamics.com www.facebook.com www.golasouth.com gola-cloud.localhost mcstaging.golasouth.com etiquetanegra.us mcstaging.etiquetanegra.us etiquetanegra-cloud.localhost 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com cdn.dnky.co *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com assets.braintreegateway.com *.googleapis.com *.gstatic.com footer.mars.com web-sdk.aptrinsic.com esp-m.aptrinsic.com assets.adobedtm.com *.behamics.com www.golasouth.com gola-cloud.localhost mcstaging.golasouth.com etiquetanegra.us mcstaging.etiquetanegra.us etiquetanegra-cloud.localhost 'self' 'unsafe-inline'; object-src esp-m.aptrinsic.com bam.nr-data.net js-agent.newrelic.com dpm.demdex.net assets.adobedtm.com www.golasouth.com gola-cloud.localhost mcstaging.golasouth.com etiquetanegra.us mcstaging.etiquetanegra.us etiquetanegra-cloud.localhost 'self' 'unsafe-inline'; media-src *.adobe.com player.vimeo.com download-video.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.paypal.com google.com *.google.com maps.googleapis.com api.comapi.com bam.nr-data.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com rcdfcdn.mars.com geolocation.onetrust.com dev.gtm.southwatts.com secure.mlstatic.com www.mercadolibre.com www.mercadolivre.com www.mercadopago.com.ar stats.g.doubleclick.net www.google.com.ar accounts.google.com web-sdk.aptrinsic.com esp-m.aptrinsic.com js-agent.newrelic.com assets.adobedtm.com pagead2.googlesyndication.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://ettansmopeder.se https://shop.ettansmopeder.se https://ettansmopeder.nu https://mopedersaljes.se https://xn--mopedersljes-ncb.se https://ettansmopeder.starwebserver.se 1
default-src 'none'; script-src 'self' 'unsafe-inline' ajax.googleapis.com cdn.cookie-script.com *.livechatinc.com *.livechat-static.com *.googletagmanager.com *.hotjar.com *.google-analytics.com *.google.com connect.facebook.net *.hotjar.io system3secure.pl *.googleadservices.com *.doubleclick.net *.adform.net; connect-src 'self' wss: *.eultimo.pl *.hotjar.com *.hotjar.io *.doubleclick.net *.cookie-script.com *.google-analytics.com *.analytics.google.com *.google.com *.googletagmanager.com *.gstatic.com *.livechatinc.com *.livechat-static.com *.googleapis.com *.googleadservices.com *.facebook.net *.revhunter.tech *.inistrack.net *.google.pl *.googlesyndication.com *.facebook.com *.adform.net system3secure.pl *.onaudience.com *.bm.pl https://google.com/pay blik.com *.autopay.eu; img-src 'self' blob: data: app.revhunter.tech system360.inistrack.net *.facebook.com ade.googlesyndication.com pixel.onaudience.com platnosci.bm.pl blik.com *.doubleclick.net *.google.com *.google.pl *.gstatic.com *.google-analytics.com *.analytics.google.com *.adform.net *.autopay.eu *.livechat-static.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com app.revhunter.tech system360.inistrack.net fonts.gstatic.com; base-uri 'self'; form-action 'self' *.mojeid.pl; font-src 'self' *.eultimo.pl fonts.gstatic.com *.livechatinc.com *.livechat-static.com; frame-src 'self' vars.hotjar.com *.doubleclick.net *.livechatinc.com *.livechat-static.com *.google.com system3secure.pl *.adform.net; manifest-src 'self'; 1
default-src 'self' *.via-mobilis.com api.via-mobilis.com http://media.viamobilis.export.doorlinkenvoorraad.nl accounts.google.com www.google.com *.googlesyndication.com *.trustpilot.com *.googleadservices.com *.googletagservices.com *.static-viamobilis.com static-viamobilis.com https://acdn.adnxs.com *.ampproject.net *.doubleclick.net *.criteo.com *.youtube.com youtube.com *.komoot.de photon.kamoot.de *.komoot.io photon.komoot.io *.hotjar.com *.usersnap.com criteo.net *.criteo.net *.tawk.to cloud.panono.com poulalion.eu *.vimeo.com www.recaptcha.net *.facebook.com https://platform.twitter.com ; img-src * data: blob: 'self'; script-src * https://photon.komoot.de/ https://my.via-mobilis.com/ 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'self' 'unsafe-inline' https://static-viamobilis.com; font-src * data:; connect-src * data: 'self'; base-uri 'self' ; worker-src * data: blob: 1
frame-ancestors 'self' https://www.marcaentradas.com https://metropolientradas.es https://www.metropolientradas.es https://www.eventsentradas.com https://eventsentradas.com 1
default-src 'self' * data: blob: https: *.finmag.fr finmag.fr ; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org embed.typeform.com *.peacebanana.com *.tctm.co *.tctm.xyz *.ostrichesica.com *.joshuarms.com *.cloudflareinsights.com *.cheqzone.com *.zenimpact.io *.pages.dev *.awin1.com *.awinhosting.com *.cloudfront.net *.datadoghq-browser-agent.com *.ampproject.org *.gstatic.com *.google.com *.alooma.com *.tiktok.com *.doubleclick.net  *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.hhtpp.com *.facebook.net *.dropbox.com *.bing.com *.yandex.ru *.quora.com *.yimg.com sp.analytics.yahoo.com *.hotjar.com *.ipify.org *.thefinancials.com blob: data:; style-src 'self' data: blob: 'unsafe-inline' *;connect-src 'self' data: blob: https: finmag.fr *.finmag.fr *.ampproject.org *.google-analytics.com *.doubleclick.net *.google.com *.hhtpp.com *.yandex.ru *.gravatar.com wss://*.hotjar.com *.wp.com;font-src 'self' data: blob: *.ampproject.org *.googletagmanager.com *.googleapis.com *.gstatic.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; img-src 'self' https: data:; connect-src 'self' https:; frame-src 'self' https:; object-src 'none'; media-src 'self' https: blob:; child-src 'self' https: blob:; form-action 'self' https:; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self'; connect-src 'self' https://cmp-api-staging.hyvesdp.com https://cmp-api.hyvesdp.com pagead2.googlesyndication.com https://i.ytimg.com https://www.youtube.com https://hyve-fantasy5.s3.eu-west-1.amazonaws.com https://www.googletagmanager.com https://fonts.gstatic.com http://fantasy5-api-micro-svc.fantasy5-staging.svc.cluster.local/ https://fantasy6-api-staging.hyvesdp.com/ http://fantasy5-api-micro-svc.portals-production.svc.cluster.local/ https://noembed.com https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://www.youtube.com https://www.googletagmanager.com https://cmp-api-staging.hyvesdp.com https://cmp-api.hyvesdp.com; style-src 'self' 'unsafe-inline' https://cmp-api-staging.hyvesdp.com https://cmp-api.hyvesdp.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' data: https://hyve-fantasy5.s3.eu-west-1.amazonaws.com https://i.ytimg.com; manifest-src 'self'; frame-src https://www.youtube.com; 1
worker-src blob:; font-src *.gstatic.com *.embed.tawk.to *.fontawesome.com *.agora.io *.edge.agora.io maxcdn.bootstrapcdn.com https://www.forevernew.co.in/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com https://www.googletagmanager.com/ 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ sandbox.cashfree.com https://td.doubleclick.net *.aax-eu.amazon-adsystem.com *.cloudfront.net *.meetanshi.com *.weltpixel.com  https://cdn.truefitcorp.com https://www.googletagmanager.com/ https://api.cashfree.com/ https://www.youtube.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io cashfreelogo.cashfree.com asset.fwcdn2.com *.asset.fwcdn2.com asset.fwcdn1.com *.asset.fwcdn1.com fireworktv.com *.fireworktv.com p2.fwpixel.com *.p2.fwpixel.com *.va.tawk.to *.tawk.to *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.vimeo.com *.paypal.com *.sandbox.paypal.com *.googletagmanager.com *.ade.clmbtech.com https://cdn4.fireworktv.com https://cdn1.fireworkn.com *.agora.io *.edge.agora.io * *.meetanshi.com https://cdn.getsimpl.com *.gstatic.com https://asset.fwcdn3.com https://www.forevernew.co.in data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ sdk.cashfree.com asset.fwcdn1.com *.asset.fwcdn1.com asset.fwcdn3.com *.asset.fwcdn3.com asset.fwcdn2.com *.asset.fwcdn2.com *.facebook.com *.ajax.cloudflare.com *.cloudflare.com *.embed.tawk.to *.tawk.to *.google.com *.connect.facebook.net *.bing.com *.amplify.outbrain.com *.cdn.jsdelivr.net *.jsdelivr.net https://www.googletagmanager.com/ *.facebook.net *.googleads.g.doubleclick.net *.tr.outbrain.com *.googleadservices.com *.google-analytics.com *.vimeo.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com https://connect.facebook.net/ https://fireworkadservices1.com/ https://asset.fwcdn3.com https://asset.fireworktv.com https://asset.fwcdn1.com https://asset.fwcdn2.com https://asset.fwadcdn1.com *.agora.io *.edge.agora.io s7.addthis.com *.avada.io * *.meetanshi.com https://www.googletagmanager.com tagmanager.google.com https://sdk.cashfree.com https://maps.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.gstatic.com *.embed.tawk.to *.fontawesome.com *.getfirebug.com *.agora.io *.edge.agora.io maxcdn.bootstrapcdn.com tagmanager.google.com https://www.forevernew.co.in 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cdn4.fireworktv.com *.cdn4.fireworktv.com https://www.forevernew.co.in *.edge.sd-rtn.com blob: *.fireworkanalytics.com  *.embed.tawk.to  https://fireworkanalytics.com https://cdn4.fireworktv.com https://cdn1.fireworkn.com https://*.global-contribute.live-video.net https://*.us-east-1.playback.live-video.net https://*.us-west-2.playback.live-video.net *.agora.io *.edge.agora.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com p2.fwpixel.com *.p2.fwpixel.com fireworkapi1.com *.fireworkapi1.com fireworkadservices1.com *.fireworkadservices1.com fireworkanalytics.com *.fireworkanalytics.com https://www.google.co.in *.va.tawk.to *.tawk.to https://www.google-analytics.com *.facebook.com *.vsb46.tawk.to https://c.clarity.ms/ https://asset.fwcdn3.com https://cdn4.fireworktv.co https://api.firework.com https://fireworkapi1.com https://image-resizing-cdn-prod.fireworktv.com https://fireworkadservices1.com https://fireworkanalytics.com https://p2.fwpixel.com wss://fireworkapi1.com https://*.agora.io *.agora.io *.edge.agora.io *.sd-rtn.com https://*.edge.sd-rtn.com *.global-contribute.live-video.net *.us-east-1.playback.live-video.net *.us-west-2.playback.live-video.net https://cdn4.fireworktv.com https://web-2.statscollector.sd-rtn.com wss://*.edge.sd-rtn.com:* wss://*.edge.agora.io:* wss://*.agora.io:* ekr.zdassets.com/ https://get.geojs.io *.avada.io *.meetanshi.com *.wizzy.ai wss://sockets.wizzy.ai *.wizsearch.in wss://sockets.wizsearch.in *.google-analytics.com https://analytics.google.com/ https://maps.googleapis.com https://s.clarity.ms https://stats.g.doubleclick.net https://i.clarity.ms/collect https://use.typekit.net https://o330525.ingest.sentry.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://www.forumfeminarum.nl/logs/ https://www.forumfeminarum.nl/sidekiq/ https://www.forumfeminarum.nl/mini-profiler-resources/ https://www.forumfeminarum.nl/assets/ https://www.forumfeminarum.nl/brotli_asset/ https://www.forumfeminarum.nl/extra-locales/ https://www.forumfeminarum.nl/highlight-js/ https://www.forumfeminarum.nl/javascripts/ https://www.forumfeminarum.nl/plugins/ https://www.forumfeminarum.nl/theme-javascripts/ https://www.forumfeminarum.nl/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js; worker-src 'self' https://www.forumfeminarum.nl/assets/ https://www.forumfeminarum.nl/brotli_asset/ https://www.forumfeminarum.nl/javascripts/ https://www.forumfeminarum.nl/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self'  blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'none'; connect-src 'self' ; style-src 'self' 'unsafe-inline' ; frame-ancestors 'self'; base-uri 'self'; font-src 'self' 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com *.kleecks-cdn.com *.kleecks-stats.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.fonts.googleapis.com data: *.cloudflare.com data: *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; frame-ancestors *.kleecks-cdn.com *.kleecks-stats.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.addthis.com *.pinterest.com *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.kleecks-cdn.com *.kleecks-stats.com 'self' data: *.google.it *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.addthis.com *.pinterest.com *.cdninstagram.com data: *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; script-src https://assets.adobedtm.com/ *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.it *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.iubenda.com *.newrelic.com *.googlesyndication.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.instagram.com https://unpkg.com/ http://unpkg.com/ *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; object-src https://assets.adobedtm.com/ *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; media-src *.adobe.com *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; manifest-src *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net https://google.com/ https://*.iubenda.com/ https://*.doubleclick.net/ ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://*.cloudflare.com/ https://*.paypal.com/ https://*.googleapis.com/ https://*.addthis.com/ https://*.cardinalcommerce.com/ *.graph.instagram.com https://*.google-analytics.com/ https://assets.adobedtm.com/ https://dpm.demdex.net/ https://amcglobal.sc.omtrdc.net/ https://geostag.cardinalcommerce.com/ https://geo.cardinalcommerce.com/ https://1eafstag.cardinalcommerce.com/ https://1eaf.cardinalcommerce.com/ https://centinelapistag.cardinalcommerce.com/ https://centinelapi.cardinalcommerce.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://analytics.google.com/ https://www.googletagmanager.com/ https://*.snplow.net/ https://commerce.adobedc.net/ https://vimeo.com/ https://api.magento.com/ https://*.adobe.io/ https://performance.typekit.net/ https://www.sandbox.paypal.com/ https://www.paypalobjects.com/ https://www.paypal.com/ https://pilot-payflowlink.paypal.com/ https://commerce.adobe.io/ https://commerce.adobe.net/ https://qa-api.magedevteam.com/ https://*.sentry.io/ https://*.amazon.com/ https://*.amazon.co.uk/ https://*.amazon.co.jp/ https://*.amazon.jp/ https://*.amazon.it/ https://*.amazon.fr/ https://*.amazon.es/ https://*.amazon.de/ https://*.amazonpay.com/ https://*.amazonpay.co.uk/ https://*.amazonpay.co.jp/ https://*.amazonpay.jp/ https://*.amazonpay.it/ https://*.amazonpay.fr/ https://*.amazonpay.es/ https://*.amazonpay.de/ https://mws.amazonservices.com/ https://mws.amazonservices.co.uk/ https://mws.amazonservices.co.jp/ https://mws.amazonservices.jp/ https://mws.amazonservices.it/ https://mws.amazonservices.fr/ https://mws.amazonservices.es/ https://mws.amazonservices.de/ https://*.facebook.com/ https://*.facebook.net/ https://*.google.com/ https://ekr.zdassets.com/ https://api.braintreegateway.com/ https://api.sandbox.braintreegateway.com/ https://client-analytics.braintreegateway.com/ https://client-analytics.sandbox.braintreegateway.com/ https://*.braintree-api.com/ https://*.graph.instagram.com/ https://*.kleecks-cdn.com/ https://*.kleecks-stats.com/ https://akoctmvv.euh.stape.net/ https://unpkg.com/ https://ss.gabel1957.com/ https://ss.somma1867.com/ https://bam.nr-data.net/ *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; default-src https://assets.adobedtm.com/ *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://akoctmvv.euh.stape.net/ http://akoctmvv.euh.stape.net/ *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; 1
default-src 'self'  games-mgh.com apis.google.com accounts.google.com bid.g.doubleclick.net  play.gamepix.com games.gamepix.com; connect-src * ;img-src * data:; media-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com www.googletagmanager.com dev.visualwebsiteoptimizer.com www.googleadservices.com bid.g.doubleclick.net googleads.g.doubleclick.net apis.google.com accounts.google.com track.opticks.io *.doubleclick.net fonts.googleapis.com fonts.gstatic.com api1.moitribe.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com api1.moitribe.com cdnjs.cloudflare.com; frame-ancestors 'self'; form-action 'self' https: *.games-mgh.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.tidio.co https://widget-v4.tidiochat.com https://ajax.googleapis.com https://buttons.github.io https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://kit.fontawesome.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://pro.fontawesome.com http://fonts.googleapis.com http://code.tidio.co https://www.googletagmanager.com https://source.unsplash.com http://localhost https://web.archive.org; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https:; img-src 'self' cdnjs.cloudflare.com data: https:; font-src 'self' https://fonts.gstatic.com https:; media-src 'self' https://widget-v4.tidiochat.com; connect-src 'self' https://sentry-new.tidio.co https://socket.tidio.co https://api-v2.tidio.co https: wss:; 1
default-src 'self';         style-src 'self' 'unsafe-inline';         font-src 'self' https://fonts.googleapis.com;         frame-src 'self' https://www.google.com/;         script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ajax.googleapis.com/;         connect-src 'self';         img-src 'self' data: ;         object-src 'self';         frame-ancestors 'self'; 1
default-src 'self' https://cdn-ops.verloop.io https://cdn-assets-eu.frontify.com; font-src 'self' https://fonts.gstatic.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://static.hotjar.com https://unpkg.com https://script.hotjar.com https://ihhgleneagles.verloop.io https://cdn-ops.verloop.io https://code.jquery.com https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://www.googletagmanager.com https://www.facebook.com https://www.google.co.in https://www.google.com https://cdn-assets-eu.frontify.com; connect-src 'self' https://analytics.google.com https://metrics.hotjar.io https://analytics.google.com https://stats.g.doubleclick.net https://brandportal.ihhhealthcare.com wss://ws.hotjar.com https://content.hotjar.io https://ihhgleneagles.verloop.io https://www.google-analytics.com; frame-src 'self' https://portal.ticketroot.com https://www.youtube-nocookie.com/ https://www.google.com https://appointmentsandlabreports.gleneagleshospitals.in https://www.youtube.com https://appointmentsandlabreports.gleneaglesglobalhealthcitychennai.com https://brandportal.ihhhealthcare.com https://ihhgleneagles.verloop.io; object-src 'self'; child-src 'self' blob; frame-ancestors 'self' https://d3s6ri9k13o1mz.cloudfront.net https://uat.gleneagleshospitals.com ; base-uri 'self'; 1
frame-ancestors *.goodnews.vic.edu.au 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookielaw.org *.google-analytics.com  *.facebook.net *.doubleclick.net *.googleapis.com *.googleadservices.com *.google.com *.gstatic.com; frame-ancestors 'self'; connect-src 'self' *.cookielaw.org *.google-analytics.com *.doubleclick.net *.google.com *.googleapis.com; frame-src *.youtube.com *.doubleclick.net *.google.com; img-src 'self' *.google.com *.doubleclick.net *.cookielaw.org *.facebook.com *.google.com.ph *.gstatic.com *.googleapis.com data:; font-src 'self' data:; media-src *.blob.core.windows.net 1
default-src 'self' dc.crsorgi.gov.in www.google.com csi.gstatic.com fonts.gstatic.com api.crsorgi.gov.in;
                script-src 'self' 'unsafe-inline' 'unsafe-eval' dc.crsorgi.gov.in csi.gstatic.com www.google.com fonts.gstatic.com www.googletagmanager.com www.google-analytics.com;
                style-src 'self' 'unsafe-inline' dc.crsorgi.gov.in fonts.gstatic.com;
                connect-src 'self' data: dc.crsorgi.gov.in www.google.com csi.gstatic.com fonts.gstatic.com www.googletagmanager.com www.google-analytics.com api.crsorgi.gov.in;
                child-src 'self' 'unsafe-inline' dc.crsorgi.gov.in www.google.com;
                object-src 'self' 'unsafe-inline' dc.crsorgi.gov.in www.google.com;
                frame-src 'self' 'unsafe-inline' dc.crsorgi.gov.in www.google.com;
                frame-ancestors 'self' dc.crsorgi.gov.in www.google.com;
                img-src 'self' 'unsafe-inline'  data: dc.crsorgi.gov.in www.google.com csi.gstatic.com 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.google.com *.youtube.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.twitter.com *.google.com *.youtube.com *.liqpay.ua 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.google.com.ua *.liqpay.ua data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.youtube.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.cloudflare.com *.twitter.com *.twimg.com *.google.com *.youtube.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'nonce-rMukBymWBQdmp3uE'; style-src 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com *.cloudflare.com *.typekit.net *.trustedshops.com fonts.gstatic.com https://fonts.gstatic.com/ https://widgets.trustedshops.com maxcdn.bootstrapcdn.com data: *.hotjar.com fonts.bunny.net cdn.jsdelivr.net *.zopim.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com secure.ogone.com ogone.test.v-psp.com sis.redsys.es https://sis-t.redsys.es:25443/sis/realizarPago/utf-8 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.youtube-nocookie.com landofcoder.com maps.googleapis.com chart.googleapis.com *.addthis.com www.google.com youtu.be *.vimeo.com js.mollie.com td.doubleclick.net/ vars.hotjar.com tpc.googlesyndication.com/ *.shortstack.com/ *.pinterest.com/ *.facebook.com/ content.widget.thuiswinkel.org/ www.youtube.com 'self' 'unsafe-inline'; img-src data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.sooqr.com *.cloudflare.com https://cdn.klarna.com *.paypal.com img.youtube.com *.usercentrics.eu blob: https://www.mollie.com https://img.youtube.com https://maps.gstatic.com/ https://*.googleapis.com/ https://widgets.trustedshops.com https://widgets-qa.trustedshops.com bat.bing.com googleads.g.doubleclick.net/ fonts.gstatic.com *.analytics.google.com *.facebook.com/ *.google-analytics.com www.google.be/ www.google.de/ www.google.nl/ www.google.es/ www.google.com/ *.ggpht.com *.hotjar.com x.klarnacdn.net *.maxcdn.com *.pinterest.com *.smartsuppcdn.com static.sooqr.com pixel.sooqr.com *.trustedshops.com integrations.etrusted.com static.widget.trengo.eu/assets/ s3.eu-central-1.amazonaws.com/trengo/media/ widget.thuiswinkel-cdn.org/ v2assets.zopim.io v2.zopim.com data: 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com landofcoder.com *.googleapis.com chart.googleapis.com s7.addthis.com *.fontawesome.com *.gstatic.com *.avada.io *.sooqr.com *.addthis.com *.moatads.com *.addthisedge.com https://cdn.jsdelivr.net *.cloudflare.com *.google-analytics.com *.google.com *.googleadservices.com *.trustedshops.com *.usercentrics.eu js.mollie.com https://maps.googleapis.com/ https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com www.googletagmanager.com bat.bing.com ajax.cloudflare.com/cdn-cgi/ *.cloudfront.net *.analytics.google.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net tpc.googlesyndication.com *.hotjar.com *.pinimg.com *.smartsuppchat.com *.smartsuppcdn.com widget.thuiswinkel.org/ widget.thuiswinkel-cdn.org/ static.widget.trengo.eu/ widgets.trustedshops.com/ www.googleapis.com/youtube/ www.youtube.com *.zendesk.com *.zopim.com static.zdassets.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com *.sooqr.com https://cdn.jsdelivr.net *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu fonts.googleapis.com https://fonts.googleapis.com/css https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com maxcdn.bootstrapcdn.com static.sooqr.com integrations.etrusted.com widget.thuiswinkel-cdn.org/ fonts.bunny.net widgets.trustedshops.com/ 'self' 'unsafe-inline'; object-src landofcoder.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src static.widget.trengo.eu/assets/ v2.zopim.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com landofcoder.com maps.googleapis.com chart.googleapis.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.cloudflare.com *.paypal.com *.googleapis.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.bing.com/ analytics.google.com *.analytics.google.com googleads.g.doubleclick.net connect.facebook.net www.facebook.com/tr/ *.google-analytics.com stats.g.doubleclick.net *.googlesyndication.com/ www.google.com/ *.hotjar.com *.hotjar.io wss://*.hotjar.com *.amazonaws.com *.pinterest.com sockjs-eu.pusher.com/pusher/ wss://*.smartsupp.com *.smartsuppchat.com *.smartsuppcdn.com collect.sooqr.com widgetcontent.thuiswinkel-cdn.org api.widget.trengo.eu/web-widget-api/ ekr.zendesk.com ekr.zdassets.com wss://widget-mediator.zopim.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; frame-ancestors https:; img-src https: data: blob:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; child-src blob: https:; 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com *.bootstrapcdn.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.moneytigo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.twitter.com *.vimeo.com *.moneytigo.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.googleapis.com *.gstatic.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com www.apptrian.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.magentocommerce.com *.ytimg.com *.vimeo.com *.paypal.com *.paypalobjects.com *.twitter.com *.twimg.com *.cardinalcommerce.com *.ccdc02.com *.klarna.com *.lightemporium.com *.usercentrics.eu *.google.it google.it *.google.be *.google.nl *.cookie-script.com *.maps.googleapis.com *.maps.gstatic.com *.grow-shop-italia.com *.growshopitalia.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com www.apptrian.com widget.freshworks.com m2epro.freshdesk.com s7.addthis.com *.cloudflare.com *.googleadservices.com *.paypal.com *.paypalobjects.com *.twimg.com *.cardinalcommerce.com *.ccdc02.com *.ytimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.moneytigo.com *.cookie-script.com *.grow-shop-italia.com *.growshopitalia.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com widget.freshworks.com m2epro.freshdesk.com *.cloudflare.com *.twitter.com *.twimg.com *.bootstrapcdn.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.moneytigo.com *.cookie-script.com *.fontawesome.com *.grow-shop-italia.com *.growshopitalia.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com widget.freshworks.com m2epro.freshdesk.com ekr.zdassets.com/ *.cloudflare.com *.paypal.com *.moneytigo.com *.twitter.com *.twimg.com *.cookie-script.com *.doubleclick.net *.gstatic.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
default-src 'self' *.gula.com.uy https://*.google.com https://*.mlstatic.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.mercadopago.com https://*.mercadolibre.com https://*.ondigitalocean.app https://*.amazonaws.com https://www.google-analytics.com https://fonts.gstatic.com https://*.sentry.io https://*.gula-media.com data:; img-src * 'self' 'unsafe-inline' data: blob: https: gula.com.uy *.gula-media.com https://*.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.gstatic.com https://unpkg.com https://www.googletagmanager.com https://*.mercadopago.com https://*.mlstatic.com https://www.google-analytics.com https://secure.mlstatic.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none' 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://cursos.vedanta.academy https://cursos.practicoyoga.com https://www.vedanta.life https://www.capitanesintrepidos.org https://www.gurukulam.org.br 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.ccavenue.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com *.ccavenue.com *.meetanshi.com www.facebook.com platform.twitter.com detgen.in www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com *.ccavenue.com *.meetanshi.com https://meetanshi.com/media/logo.png www.facebook.com www.freepnglogos.com pinterest.com assets.pinterest.com syndication.twitter.com amcglobal.sc.omtrdc.net maps.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn.side-guard.com cdn-scripts.signifyd.com www.youtube.com www.apptrian.com *.ccavenue.com *.avada.io *.meetanshi.com connect.facebook.net twitter.com platform.twitter.com maps.googleapis.com www.googletagmanager.com maps.gstatic.com www.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com side-guard.com www.apptrian.com *.ccavenue.com *.meetanshi.com maps.googleapis.com www.googletagmanager.com z.clarity.ms 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com *.fonts.googleapis.com data: *.cloudflare.com forms.syncrony.com www.halsteds.co.zw data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com *.addthis.com *.pinterest.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com www.halsteds.co.zw www.google.co.za data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.fontawesome.com *.googleapis.com *.gstatic.com *.meetanshi.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com forms.syncrony.com www.halsteds.co.zw https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.googleapis.com forms.syncrony.com www.halsteds.co.zw tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.cloudflare.com *.googleapis.com *.addthis.com *.graph.instagram.com *.google-analytics.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';, upgrade-insecure-requests; 1
default-src 'self' https://* ; script-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https://*  http://www.googleadservices.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.googleapis.com https://use.typekit.net https://*; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net  https://*; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src *; media-src * 1
script-src 'self' https://www.googletagmanager.com https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' https://hthm-canada-cms-production.azurewebsites.net 1
default-src 'self' *.google.com *.twitter.com *.youtube.com *.vimeo.com *.facebook.com badge.stumbleupon.com w.soundcloud.com apis.google.com https://clarios--uat.my.salesforce.com; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com https://*.g.doubleclick.net https://*.google-analytics.com https://ssl.google-analytics.com https://gum.criteo.com https://dynamic.criteo.com/ *.criteo.com *.criteo.net https://s3.amazonaws.com/ *.google-analytics.com cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://dec.azureedge.net https://tagmanager.google.com/ https://fonts.googleapis.com/ https://s3.amazonaws.com/ web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://dec.azureedge.net https://useast2prodbrandsites.blob.core.windows.net https://sqlva2dfty3dw7lm6w.blob.core.windows.net https://sqlvaaelzkwtae7o3c.blob.core.windows.net https://useast2devbrandsites.blob.core.windows.net https://useast2qabrandsites.blob.core.windows.net https://sqlva6tlsee7wiytg6.blob.core.windows.net https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://ssl.gstatic.com/ https://www.gstatic.com/ https://*.google-analytics.com/ https://*.g.doubleclick.net https://*.analytics.google.com https://*.google.com https://s3.amazonaws.com/ *.google-analytics.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://fonts.gstatic.com/; frame-src 'self' *.google.com *.twitter.com *.youtube.com *.vimeo.com *.facebook.com badge.stumbleupon.com w.soundcloud.com apis.google.com https://clarios--uat.my.salesforce.com https://gum.criteo.com *.criteo.com *.criteo.net web-chat.nativechat.com; connect-src 'self' accounts.google.com https://*.googletagmanager.com https://clarios--uat.my.salesforce.com https://*.dec.sitefinity.com *.mktoresp.com https://*.google-analytics.com/ https://*.g.doubleclick.net/ https://*.analytics.google.com https://*.google.com https://sslwidget.criteo.com https://iosite.reclameaqui.com.br/ *.google-analytics.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
font-src 'self' data: https://ka-f.fontawesome.com/ https://fonts.gstatic.com/ ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://hello.myfonts.net/ https://portal.hipp.ua/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ssl.google-analytics.com/  http://www.google-analytics.com/ https://cdn.jsdelivr.net/ http://cdn.jsdelivr.net/ https://static.etracker.com https://code.etracker.com https://www.googleadservices.com https://www.etracker.de https://googleads.g.doubleclick.net https://inv-dmp.admixer.net https://cdn.admixer.net/ https://www.google.com/ https://www.google.com.ua https://maps.googleapis.com https://portal.hipp.ua/ https://telegram.org/js/telegram-widget.js; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://kit.fontawesome.com/ http://code.jquery.com http://static.etracker.com/code/e.js https://unpkg.com/share-api-polyfill/dist/ https://connect.facebook.net/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ssl.google-analytics.com/  http://www.google-analytics.com/ https://cdn.jsdelivr.net/ http://cdn.jsdelivr.net/ https://static.etracker.com https://code.etracker.com http://code.etracker.com https://www.googleadservices.com https://www.etracker.de https://googleads.g.doubleclick.net https://inv-dmp.admixer.net/ http://inv-dmp.admixer.net/ https://cdn.admixer.net/ https://analytics.tiktok.com https://www.clarity.ms/ https://www.google.com/ https://www.google.com.ua https://maps.googleapis.com https://tagmanager.google.com/ https://portal.hipp.ua/ https://telegram.org/js/telegram-widget.js ; img-src 'self' data: https://www.facebook.com/ https://ssl.google-analytics.com/ http://www.google-analytics.com/ www.youtube-nocookie.com www.youtube.com https://i.ytimg.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://www.google.com.ua https://maps.gstatic.com https://portal.hipp.ua/ https://static.addtoany.com/buttons/; connect-src 'self' https://proxy.my-dev.org/ https://ka-f.fontawesome.com/ https://kit.fontawesome.com https://www.facebook.com/tr/ https://www.etracker.de https://www.google-analytics.com/ https://analytics.google.com/ https://region1.analytics.google.com/ https://stats.g.doubleclick.net https://portal.hipp.ua/ https://inv-nets-eu.admixer.net/ https://analytics.tiktok.com/ https://b.clarity.ms/ wss://portal.hipp.ua/ wss://rtc-cloud-eu1.bitrix.info; form-action 'self' https://connect.facebook.net https://www.facebook.com/tr/ ;  frame-src 'self' https://portal.hipp.ua/ https://www.google.com/recaptcha/ www.youtube.com www.youtube-nocookie.com https://www.facebook.com/ https://bid.g.doubleclick.net/ https://t.me/ https://web.facebook.com/; child-src 'self' https://www.facebook.com/ https://staticxx.facebook.com/ ; object-src 'none' ; 1
default-src http: https: 'unsafe-inline' 'unsafe-eval' data: ws: 1
default-src 'self';script-src * https: 'unsafe-inline' 'unsafe-eval';frame-src *;style-src https: 'unsafe-inline';font-src *;img-src * data: blob:;connect-src *; 1
script-src 'unsafe-inline' 'unsafe-eval' https://homage.pk; style-src 'self' 'unsafe-inline' 1
default-src 'self' https://www.homebazaar.com/ maps.googleapis.com o1049747.ingest.sentry.io www.google-analytics.com analytics.google.com; media-src 'self' d1uczv4l7tlcpy.cloudfront.net blob:; object-src 'self' d1uczv4l7tlcpy.cloudfront.net; style-src 'self' 'unsafe-inline' www.gstatic.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com maps.googleapis.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com analytics.google.com; img-src 'self' d1uczv4l7tlcpy.cloudfront.net ik.imagekit.io www.google.com www.gstatic.com * data:; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; frame-src 'self' d1uczv4l7tlcpy.cloudfront.net www.google.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://f1-eu.readspeaker.com https://maps.googleapis.com https://platform.twitter.com https://polyfill-fastly.io https://polyfill.io https://static.addtoany.com https://unpkg.com https://webchat.wheatleygroupservices.com https://www.google.com; script-src-elem 'self' 'unsafe-inline' https://translate.google.com/translate_a/element.js https://translate.googleapis.com/ https://translate-pa.googleapis.com/ https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com/ https://cdn.gtranslate.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://f1-eu.readspeaker.com https://maps.googleapis.com https://platform.twitter.com https://polyfill-fastly.io https://polyfill.io https://static.addtoany.com https://unpkg.com https://webchat.wheatleygroupservices.com https://www.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://unpkg.com https://use.fontawesome.com; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com/ https://maxcdn.bootstrapcdn.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://unpkg.com https://use.fontawesome.com; frame-ancestors 'self' 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' cdn.kustomerapp.com ;                     script-src               'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.azurewebsites.net:* https://connect.facebook.net:* https://cdn.userway.org:* https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob:              https://connect.facebook.net/en_US/fbevents.js               https://script.hotjar.com:*               https://static.hotjar.com:*               https://www.googletagmanager.com/gtag/js               https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js               https://rawgit.com/RobinHerbots/Inputmask/4.x/dist/jquery.inputmask.bundle.js               https://wchat.freshchat.com/js/widget.js               https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js https://code.jquery.com/ui/1.11.0/jquery-ui.js               https://rawgit.com/RobinHerbots/Inputmask/4.x/dist/inputmask/phone-codes/phone.js               *.google.com *.gstatic.com               https://code.jquery.com/jquery-1.8.3.js               https://ajax.googleapis.com/ajax/libs/jqueryui/1.9.0/jquery-ui.min.js               https://www.google-analytics.com/analytics.js               *.googletagmanager.com cdn.kustomerapp.com ;                  style-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' blob: https://fonts.googleapis.com *.bootstrapcdn.com:* *.fonts.googleapis.com:* https://kit-free.fontawesome.com https://netdna.bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://rawgit.com https://code.jquery.com/ui/1.11.0/themes/smoothness/jquery-ui.css https://code.jquery.com/ui/1.11.0/themes/smoothness/jquery-ui.css https://www.gstatic.com/charts/51/css/core/tooltip.css https://www.gstatic.com/charts/51/css/util/util.css cdn.kustomerapp.com https://*.gstatic.com:* https://cdn.userway.org:*;              object-src 'self' cdn.kustomerapp.com ;                  base-uri 'self' cdn.kustomerapp.com ;                  connect-src * 'self' data:  cdn.kustomerapp.com https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob:;                  font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com https://kit-free.fontawesome.com https://netdna.bootstrapcdn.com https://maxcdn.bootstrapcdn.com cdn.kustomerapp.com https://cdn.userway.org:*;                  frame-src * 'self' https://vars.hotjar.com https://maps.google.com/ https://app.powerbi.com/ https://www.youtube.com/ cdn.kustomerapp.com *.google.com;                  img-src 'self' https://cdn.userway.org:* cdn.kustomerhostedcontent.com https://www.google-analytics.com:* https://www.facebook.com:* https://connect.facebook.net:* https://script.hotjar.com:* data: cdn.kustomerapp.com https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com data:;                  manifest-src 'self' cdn.kustomerapp.com https://cdn.userway.org:*;                 media-src * 'self' 1
frame-ancestors 'self' https://imprumut-acum.ro/ https://creditfort.eu/ https://fast-cash.ro/ https://bani-urgent.info/ https://oferbaniimprumut.info/ https://credite-imprumut.ro/ https://test.credit-rapid.org/ https://test.imprumut-acum.net/ http://imprumut.net/ http://imprumut-online.com/ http://kreditta.net/ https://credit-rapid.org/ https://online-credit.ro https://online-imprumut.ro/ https://rapide-imprumuturi.ro/ https://credite-instant.ro https://credite-acum.ro https://credit-rapid.net/ https://hora-credit.ro/ https://imprumut-acum.net/ https://rapid-nebancar.ro/ https://credit-market.ro/ https://credite-nebancare.net/ https://credit-acum.ro/ https://imprumutes.net/ https://imprumutro.net/ https://imprumut-online.ro/ https://onlineimprumut.ro/ https://onlineimprumut.net/ https://onlineimprumut.com/ https://crediteacum.ro/ https://crediteacum.net/ https://informatiidecredit.ro/ https://credite-instant.com/ https://informatii-de-credit.ro/ https://onlineimprumuturi.ro/ https://onlineimprumuturi.net/ https://credit-pusculita.ro/ https://pusculita.net/ https://imprumuttuturor.ro/ https://imprumut-tuturor.ro/ https://online-tuturor.ro/ https://informatii-financiare.ro/ https://pujckavsem.org/ 1
default-src  'self' 'nonce-ZSszNddKc2Q16mRs351gKsU8Y8eaZ3gwV6GpSUuq'; connect-src 'self' https://www.googletagmanager.com https://www.google-analytics.com *.tawk.to wss://*.tawk.to https://www.facebook.com https://maps.googleapis.com https://region1.analytics.google.com/ https://consentcdn.cookiebot.com https://region1.google-analytics.com/ https://consent.cookiebot.com https://stats.g.doubleclick.net/ https://www.google.com/ https://googleads.g.doubleclick.net/; img-src  'self' https://www.googletagmanager.com https://www.google-analytics.com https://i.ytimg.com https://www.facebook.com *.tawk.to cdn.jsdelivr.net tawk.link  https://maps.gstatic.com https://maps.googleapis.com/  https://www.google.pl/ads/ https://imgsct.cookiebot.com/ data:; font-src 'self' https://fonts.gstatic.com/ https://fonts.googleapis.com/  https://geowidget.easypack24.net/fonts/ *.tawk.to fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' https://fonts.gstatic.com/ https://fonts.googleapis.com/ *.tawk.to fonts.googleapis.com cdn.jsdelivr.net  ; script-src 'self' 'nonce-ZSszNddKc2Q16mRs351gKsU8Y8eaZ3gwV6GpSUuq' https://connect.facebook.net https://www.googletagmanager.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/   https://maps.googleapis.com 'sha256-D1AawMZwZeaQFApuWmT011x0dn9EVqJF53nzd7CpvhQ='  https://consent.cookiebot.com https://consentcdn.cookiebot.com *.tawk.to cdn.jsdelivr.net 'sha256-cX6RgFRw3LQhd0B3Czr+49Oj0zVR3nQGfzRXY44USu4=' 'sha256-tyuCQH67eb2dvtUPNjoUbV0bn5MJ9dWCreVkjXrcBzM=' 'sha256-H8/LvcojaOA9XT1FI+iWwtLwFK9Iz7zMTYW+dYnFMFY=' 'sha256-VAYmf4R0WFpStmcXXR4hS2N4ffHoEAdASsuIfOF1ocg=' 'sha256-31hVDowCoR1opv30ouj4JGXMJfepeRrcVJ1tF16OgaE=' 'sha256-B01U0b49ksUS8L8z0j3V5cqJjF1iG0ao8pAqEPESrSY=' 'sha256-ncFHC0g/YfGkgPrB2XiEPg//HrDgUtBIkZfcl1u1Xc8=' ; frame-src 'self' 'nonce-ZSszNddKc2Q16mRs351gKsU8Y8eaZ3gwV6GpSUuq' https://www.google.com https://www.youtube.com https://www.facebook.com/ https://td.doubleclick.net/ *.tawk.to https://web.facebook.com/ https://consentcdn.cookiebot.com ; block-all-mixed-content; object-src 'none'; base-uri 'self'; form-action 'self' https://www.facebook.com/tr/ *.tawk.to ; 1
frame-ancestors 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googletagmanager.com *.silveregg.net ajax.googleapis.com cdnjs.cloudflare.com www.google-analytics.com storage.googleapis.com api.flipdesk.jp tr.webantenna.info connect.facebook.net www.googleoptimize.com config-code.webantenna.info d.line-scdn.net www.clarity.ms b92.yahoo.co.jp s.yimg.jp googleads.g.doubleclick.net static.ads-twitter.com am.yahoo.co.jp b99.yahoo.co.jp www.googleadservices.com tm.r-ad.ne.jp statics.a8.net t.afi-b.com cdn.jsdelivr.net unpkg.com yubinbango.github.io app-webparts-hrbc.porterscloud.com optimize.google.com cdn.kaizenplatform.net js.sentry-cdn.com browser.sentry-cdn.com af.tosho-trading.co.jp polyfill.io modules.promolayer.io;style-src 'self' 'unsafe-inline' ajax.googleapis.com cdnjs.cloudflare.com api.flipdesk.jp cdn.jsdelivr.net app-webparts-hrbc.porterscloud.com optimize.google.com fonts.googleapis.com use.typekit.net p.typekit.net; 1
default-src 'self' localhost:* *.iding.tw:* boss.mypos.com.tw istore.weibyapps.com:*;connect-src 'self' localhost:* *.iding.tw:* istore.weibyapps.com:* google-analytics.com google.com spay.samsung.com https://www.facebook.com/pay https://www.google-analytics.com https://google.com/pay https://www.google.com/pay https://pay.google.com;frame-src 'self' localhost:* https://pay.google.com https://js.tappaysdk.com;img-src boss.mypos.com.tw data: iding.tw:* *.iding.tw:* istore.laya.com.tw localhost:* weiby-breakfast-store.s3.amazonaws.com weiby-breakfast-store.s3-us-west-2.amazonaws.com https://www.google-analytics.com https://www.gstatic.com/instantbuy/svg/light_square_gpay.svg www.googletagmanager.com;script-src 'self' 'unsafe-inline' localhost:* *.iding.tw:* pay.google.com https://www.clarity.ms/ https://www.clarity.ms/tag https://www.google-analytics.com https://pay.google.com/gp/p/js/pay.js https://js.tappaysdk.com/tpdirect/v5.12.3 https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self';         connect-src 'self' https://*.readspeaker.com https://*.klarnaservices.com https://evt-eu.klarnaservices.com https://*.klarna.com https://*.klarnaevt.com https://google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;         script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.termsfeed.com https://cdn.jsdelivr.net https://ajax.googleapis.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://www.gstatic.com https://unpkg.com https://vjs.zencdn.net https://*.livechatinc.com https://*.reco.se https://*.readspeaker.com https://*.klarnaservices.com https://*.klarna.com https://www.googleadservices.com https://www.google.com;         frame-src 'self' https://*.readspeaker.com https://*.livechatinc.com https://*.reco.se https://*.klarna.com https://*.klarnaservices.com https://evt-eu.klarnaservices.com https://*.klarna.com https://*.klarnaevt.com;         style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.termsfeed.com https://cdn.jsdelivr.net https://www.gstatic.com https://unpkg.com https://vjs.zencdn.net https://use.fontawesome.com https://*.readspeaker.com https://*.klarnacdn.net;         img-src 'self' data: https://*.readspeaker.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com;         font-src 'self' data: https://*.readspeaker.com https://fonts.gstatic.com https://*.livechatinc.com https://use.fontawesome.com https://*.klarnaservices.com https://*.klarnacdn.net https://*.google.com www.googletagmanager.com; 1
frame-ancestors 'self';form-action 'self' 1
default-src 'self' ;child-src 'self';connect-src 'self' cdn.cookielaw.org privacyportal-eu.onetrust.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://delapreprod.slgnt.eu https://dela.emsecure.net https://*.google.<TLD> ;font-src 'self' https://fonts.gstatic.com data:;frame-src 'self' https://delapreprod.slgnt.eu https://dela.emsecure.net;img-src 'self' data: blob: https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://delapreprod.slgnt.eu https://dela.emsecure.net https://*.google.<TLD>;media-src 'self';object-src 'self' https://delapreprod.slgnt.eu;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://delapreprod.slgnt.eu https://dela.emsecure.net;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://delapreprod.slgnt.eu https://dela.emsecure.net 1
base-uri 'self'; default-src 'self'; img-src 'self' data: https://api.ingmarkets.com https://cdn.ingmarkets.pl www.ingwb.com www.googletagmanager.com *.visualwebsiteoptimizer.com ingsprinters01.wt-eu02.net fbc.wcfbc.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.visualwebsiteoptimizer.com responder.wt-safetag.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self' ws: https://api.ingmarkets.com http://cms-service:5001/graphql https://ingfm-quoteproxy.v-i.nl https://www.ingturbo.pl *.visualwebsiteoptimizer.com; frame-ancestors 'self'; frame-src 'self' www.youtube.com *.visualwebsiteoptimizer.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; report-to https://vicompany.report-uri.com/r/d/csp/enforce; report-uri https://vicompany.report-uri.com/r/d/csp/enforce; report-uri https://vicompany.report-uri.com/r/d/csp/enforce; 1
default-src 'self' *.inolya.fr *.openstreetmap.org *.dwcdn.net *.bootstrapcdn.com *.facebook.com *.monecowatt.fr *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.jquery.com *.vimeo.com vimeo.com *.vimeocdn.com *.netconception.fr *.youtube.com *.youtu.be ; font-src 'self' *.inolya.fr *.openstreetmap.org *.dwcdn.net *.bootstrapcdn.com *.facebook.com *.monecowatt.fr *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.jquery.com *.vimeo.com vimeo.com *.vimeocdn.com *.netconception.fr *.googleapis.com *.gstatic.com  www.numanis.net *.lisio-solution.com *.googleapis.com www.mobiledition.com  *.google.com *.previsite.com 'unsafe-inline' ; style-src 'self' *.inolya.fr *.openstreetmap.org *.dwcdn.net *.bootstrapcdn.com *.facebook.com *.monecowatt.fr  *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.jquery.com *.vimeo.com vimeo.com *.vimeocdn.com *.netconception.fr *.googleapis.com *.gstatic.com cdnjs.cloudflare.com *.botnation.ai unpkg.com   www.numanis.net *.lisio-solution.com *.googleapis.com www.mobiledition.com  *.google.com *.previsite.com  *.previsite.com 'unsafe-inline'; script-src  'self' 'unsafe-eval'  *.inolya.fr *.openstreetmap.org *.dwcdn.net *.bootstrapcdn.com *.facebook.com *.monecowatt.fr *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.jquery.com *.vimeo.com vimeo.com *.vimeocdn.com *.netconception.fr *.googleapis.com *.gstatic.com unpkg.com cdnjs.cloudflare.com ssl.google-analytics.com *.doubleclick.net cbassets.botnation.ai chatbox.botnation.ai www.numanis.net *.lisio-solution.com *.googleapis.com www.mobiledition.com  *.google.com *.previsite.com 'unsafe-inline' ; connect-src 'self' *.inolya.fr *.openstreetmap.org *.dwcdn.net *.bootstrapcdn.com *.facebook.com *.monecowatt.fr *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.jquery.com *.vimeo.com vimeo.com *.vimeocdn.com *.netconception.fr chatbox.botnation.ai  www.numanis.net *.lisio-solution.com *.googleapis.com www.mobiledition.com  *.google.com *.previsite.com  'unsafe-inline' ; frame-src 'self' *.inolya.fr *.openstreetmap.org *.dwcdn.net *.bootstrapcdn.com *.facebook.com *.monecowatt.fr  *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.jquery.com *.vimeo.com vimeo.com *.vimeocdn.com *.netconception.fr chatbox.botnation.ai  *.youtube.com *.youtu.be *.google.com www.numanis.net *.lisio-solution.com *.googleapis.com www.mobiledition.com  *.google.com *.previsite.com  'unsafe-inline' ; img-src 'self' * data: 'unsafe-inline' 1
default-src 'self' *.consentmanager.net *.google-analytics.com https://app.cux.io; font-src 'self' *.consentmanager.net data:; style-src 'self' 'unsafe-inline' *.consentmanager.net; img-src 'self' data: *.googletagmanager.com *.googlesyndication.com *.facebook.com *.facebook.net *.google.pl *.doubleclick.net *.googletagservices.com *.consentmanager.net *.google-analytics.com *.google.com https://www.pzu.pl *.google.at; frame-src 'self' https://forms.pzu.pl *.googlesyndication.com *.consentmanager.net https://www.pzu.pl *.youtube.com *.fls.doubleclick.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com https://dc.cux.io *.googletagservices.com *.consentmanager.net *.google-analytics.com *.googlesyndication.com *.facebook.com *.googleoptimize.com *.facebook.net *.youtube.com *.doubleclick.net *.google.com *.google.at; object-src 'self' *.facebook.com *.doubleclick.net *.googletagservices.com *.consentmanager.net *.google-analytics.com *.google.com *.google.at; connect-src 'self' *.doubleclick.net *.consentmanager.net *.google-analytics.com *.google.com wss://*.track.cux.io; frame-ancestors 'self' *.consentmanager.net https://www.pzu.pl *.youtube.com *.fls.doubleclick.net https://app.cux.io;  1
default-src * data: 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors 'self' https://goflo.nl; img-src * data: blob: 1
default-src 'self' *; script-src 'self' https://www.google-analytics.com/analytics.js https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/core.min.js https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/crypto-js.min.js https://cdnjs.cloudflare.com/ajax/libs/uikit/3.0.0-beta.35/js/uikit.min.js 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://dd-captcha.herokuapp.com/getCaptcha ; img-src 'self' 'unsafe-inline' data:; style-src 'self' https://fonts.googleapis.com https://d1azc1qln24ryf.cloudfront.net https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' data: https://www.youtube.com https://haryanaindustries.gov.in; object-src 'self' data: 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com *.olark.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com https://www.facebook.com https://ipg.monri.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.google.com https://www.facebook.com *.olark.com *.google.com https://goldbroker.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com https://www.magezon.com https://stats.g.doubleclick.net https://www.google.com https://www.google.rs https://www.facebook.com https://www.googletagmanager.com *.olark.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com *.gstatic.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io *.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://stats.g.doubleclick.net *.olark.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline fonts.googleapis.com *.fontawesome.com *.googleapis.com *.olark.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.olark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.googleapis.com https://get.geojs.io *.avada.io https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net *.olark.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline';font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *;; report-uri https://www.ioaffitto.it/csp.report; 1
default-src 'self' ;script-src 'unsafe-inline' https://www.youtube.com https://cdn.matomo.cloud/ https://www.ipeca.fr/ https://*.go-mpulse.net https://unpkg.com https://cdnjs.cloudflare.com;style-src 'unsafe-inline' https://www.ipeca.fr/;font-src 'self' ;img-src 'self' data: https://*.akstat.io;frame-src 'unsafe-inline' https://www.youtube.com;connect-src 'self' wss://localhost:* https://ipeca.matomo.cloud/ https://*.akstat.io https://*.go-mpulse.net https://*.akamaihd.net; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval';img-src 'self' data:;font-src 'self';connect-src 'self';style-src 'self' 'unsafe-inline';frame-ancestors 'none'; frame-src 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://iqfarma.easycruit.com https://ajax.googleapis.com https://app.powerbi.com https://region1.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.gstatic.com https://fonts.gstatic.com https://maps.googleapis.com https://www.google.com http://www.google-analytics.com https://fonts.googleapis.com http://fonts.googleapis.com http://cdn.polyfill.io; img-src 'self' https://www.googletagmanager.com data: blob: https://maps.googleapis.com https://maps.gstatic.com; worker-src blob:; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' http://connect.facebook.net https://apis.google.com/ https://www.google-analytics.com/ http://www.google-analytics.com/ http://mc.yandex.ru/metrika/ https://mc.yandex.ru/metrika/ https://mc.yandex.ru/watch/ http://mc.yandex.ru/watch/ http://www.googleadservices.com/ https://www.googleadservices.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ http://ajax.googleapis.com/ https://ajax.googleapis.com/ https://www.googletagmanager.com/ https://multisearch.io/ https://api2.multisearch.io/ https://api.multisearch.io/ https://app.blinger.io/uploads/widgets2/ https://app.blinger.io/js/ https://tagmanager.google.com/debug https://tagmanager.google.com/debug/ https://optimize.google.com https://*.clarity.ms ;style-src 'self' 'unsafe-inline' https://my.novaposhta.ua/public/css/ https://multisearch.io/ https://tagmanager.google.com/debug/ https://fonts.googleapis.com/ https://optimize.google.com https://fonts.googleapis.com ;frame-src 'self' viber: https://www.facebook.com https://vk.com *.youtube.com https://apis.google.com https://googleads.g.doubleclick.net https://login.vk.com https://web.facebook.com https://www.google.com http://www.googletagmanager.com https://m.facebook.com http://staticxx.facebook.com/ https://staticxx.facebook.com/ https://accounts.google.com/o/oauth2/ https://player.vimeo.com/ https://app.blinger.io/js/ https://optimize.google.com ;img-src 'self' 'unsafe-inline' data: * https://www.google-analytics.com http://www.google-analytics.com *.youtube.com https://www.fleshlightdistribution.com/ http://www.fleshlightdistribution.com/ https://vk.com/ http://www.isex.com.ua/ https://www.isex.com.ua/ https://www.facebook.com/ https://stats.g.doubleclick.net/ https://www.google.com/ https://www.google.com.ua/ads/ https://mc.yandex.ru/clmap/ https://mc.yandex.ru/webvisor/ http://csi.gstatic.com/ https://csi.gstatic.com/ https://www.w3.org/ http://www.w3.org/ https://optimize.google.com ;media-src 'self' www.google-analytics.com *.youtube.com/ https://blinger.io/sounds/tap.wav;font-src 'self' https://my.novaposhta.ua/public/css/ https://fonts.googleapis.com/ https://fonts.gstatic.com/s/ https://fonts.gstatic.com ;connect-src 'self' https://stats.g.doubleclick.net/ http://mc.yandex.ru/metrika/ https://mc.yandex.ru/metrika/ https://mc.yandex.ru/watch/ http://mc.yandex.ru/watch/ https://mc.yandex.ru/webvisor/ http://mc.yandex.ru/webvisor/ https://mc.yandex.ru/clmap/ https://mc.yandex.ru/sync_cookie_get https://multisearch.io/ https://api2.multisearch.io/ https://api.multisearch.io/ https://www.google-analytics.com https://analytics.google.com wss://app.blinger.io/livechat/ https://*.clarity.ms https://region1.analytics.google.com/g/collect https://region1.google-analytics.com/privacy-sandbox/register-conversion;object-src 'self' http://www.youtube.com/ https://www.youtube.com/ ; 1
frame-ancestors https://*.confiva.com https://confiva.com 1
default-src 'self' data: *.jahromu.ac.ir http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org https://cdn77.api.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://conf.isc.ac https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com https://widget-react.raychat.io; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org https://widget-react.raychat.io; img-src 'self' blob: data: https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://ws5.goftino.com wss://cdn.goftino.com https://api.userway.org https://cdn.userway.org https://cdn77.api.userway.org https://widget-service.raychat.io wss://ws10.goftino.com; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org https://edu.sapiba.ir; frame-ancestors 'self' https://trustseal.enamad.ir; 1
frame-ancestors 'self' jakomo.co.kr *.jakomo.co.kr 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-1E_tXwfZHWu5IdDwAdl0kA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
font-src *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com https://geowidget.easypack24.net https://fonts.bunny.net/ *.thulium.com/ script.hotjar.com/ *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com *.doubleclick.net *.facebook.com https://geowidget-app.inpost.pl/ secure.payu.com merch-prod.snd.payu.com *.gr-cdn.com/ *.getresponse.com/ *.diablochairs.com/ *.thulium.com/ *.hotjar.com/ *.hotjar.io/ *.payu.com/ *.youtube.com/ *.go2cloud.org/ *.clarity.ms *.consentmanager.net https://c.seznam.cz/ https://app.cux.io https://pudofinder.dpd.com.pl *.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org static.payu.com *.gr-cdn.com/ *.getresponse.com/ *.diablochairs.com/ *.google.pl *.google.de *.paynow.pl https://jannowak.com/ https://diablochairs.com/ https://sofandi.store/ https://domator24.com/ *.trackjs.com *.bing.com *.clarity.ms *.thulium.com/ https://integrations.etrusted.com/ *.consentmanager.net https://c.seznam.cz/ *.klarna.com *.klarnaevt.com *.klarnacdn.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org secure.payu.com secure.snd.payu.com *.gr-cdn.com/ *.getresponse.com/ *.diablochairs.com/ *.hotjar.com/ *.hotjar.io/ *.thulium.com/ https://orbitvu.co/ *.orbitvu.co/ *.gopay.com/ *.payu.com/ https://geowidget.easypack24.net/ https://jannowak.com https://jannowak.pre.aur.ac https://diablochairs.com https://diablo.pre.aur.ac https://domator24.com https://domator-com.pre.aur.ac https://sofandi.store https://sofandi.pre.aur.ac https://pixel.biano.hu/ https://hu.bianopixel.com/ https://analytics.tiktok.com/ https://cdn.trackjs.com/ *.go2cloud.org/ *.trackjs.com https://bat.bing.com/ *.clarity.ms *.consentmanager.net https://c.seznam.cz/ https://dc.cux.io https://my.diablochairs.com https://an.gr-wcon.com/ *.klarna.com *.klarnacdn.net *.klarnaservices.com *.avada.io https://cdnjs.cloudflare.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://geowidget.easypack24.net https://geowidget.inpost.pl https://fonts.bunny.net/ https://integrations.etrusted.com/ *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net *.thulium.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.com *.facebook.net *.easypack24.net *.inpost.pl *.openstreetmap.org secure.payu.com merch-prod.snd.payu.com *.gr-cdn.com/ https://ts.getresponse.pl/ https://ga2.getresponse.com/ https://popups1-show.getresponse.com/ https://popups1-s.getresponse.com/ *.diablochairs.com/ wss://*.thulium.com/ *.thulium.com/ *.hotjar.com/ *.hotjar.io/ *.doubleclick.net/ *.orbitvu.cloud/ *.gopay.com/ wss://*.hotjar.com/ *.payu.com/ *.googlesyndication.com/ https://p.biano.hu/ https://hu.bianopixel.com/ https://analytics.tiktok.com/ https://cdn.trackjs.com/ *.go2cloud.org/ https://www.googletagmanager.com/ *.google.com/ https://google.com/ccm/ https://google.com/pagead/ *.google.pl *.google.de *.trackjs.com *.clarity.ms https://bat.bing.com/ https://integrations.etrusted.com/ *.consentmanager.net https://c.seznam.cz/ wss://n-40918785-0-40392500-1708081317-65cf40a5629dd.track.cux.io wss://o-40918785-0-40392500-1708081317-65cf40a5629dd.track.cux.io *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://get.geojs.io *.avada.io t.elasticsuite.io *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://*.hotjar.com 1
default-src 'self'; frame-src 'self' https://calendly.com https://booking-jcdm.zohobookings.eu https://www.youtube.com https://connect.facebook.net https://www.facebook.com https://ct.sddan.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.calendly.com https://je-change-de-metier.com:8108 https://analytics.groupe-kea.fr https://connect.facebook.net https://js.sddan.com https://www.googletagmanager.com https://cache.consentframework.com https://choices.consentframework.com https://cdn.tiny.cloud https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://ct.sddan.com; style-src 'self' 'unsafe-inline' https://assets.calendly.com https://www.googletagmanager.com https://fontawesome.com https://cdnjs.cloudflare.com https://cdn.tiny.cloud https://cdn.jsdelivr.net https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://cdn.sirdata.io; img-src http: https: data: 'self'; connect-src http: https: blob:; 1
default-src 'self' 'unsafe-inline'                https://www.youtube.com                 https://*.theta360.biz                 https://*.theta360.com                 https://*.amazonaws.com                 https://www.googletagmanager.com                 https://fonts.googleapis.com                 https://*.cdninstagram.com                 https://maps.googleapis.com                 https://maps.gstatic.com;     style-src   'self' 'unsafe-inline'                 www.googletagmanager.com                 https://fonts.googleapis.com;     font-src    'self' 'unsafe-inline'                 https://fonts.gstatic.com;     script-src  'self' 'unsafe-inline'                 https://*.theta360.biz                 https://www.google-analytics.com                 https://ssl.google-analytics.com                 https://*.googleapis.com                 https://*.gstatic.com                 *.google.com                 https://*.ggpht.com                 https://www.googletagmanager.com                 *.googleusercontent.com;     connect-src 'self' 'unsafe-inline'                 https://www.google-analytics.com                 https://*.googleapis.com                 *.google.com                 https://*.gstatic.com                 https://stats.g.doubleclick.net                 data:                 https://graph.facebook.com                 blob:;     img-src    'self' 'unsafe-inline'                 https://*.cdninstagram.com                 https://www.google-analytics.com                 https://*.googleapis.com                 https://*.gstatic.com                 *.google.com                 *.googleusercontent.com                 *.google.co.jp                 https://cnt.parkingweb.jp                 data:;     frame-src   'self' 'unsafe-inline'                 https://*.theta360.biz                 www.googletagmanager.com                 https://www.youtube.com                 *.google.com;    1
child-src 'self' www.youtube.com youtu.be *.google.com drive.google.com www.google.com; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: *.videoly.co *.youtube-nocookie.com *.youtube.com *.ytimg.com *.wistia.com *.wistia.net *.videoly.net; connect-src 'self' *.googletagmanager.com *.igodigital.com *.maxcdn.com *.polyfill.io *.facebook.net *.facebook.com *.searchnode.io *.omnisrc.com *.bitrec.io *.google.com *.google.ee *.google.fi *.google.lv *.google.lt *.google-analytics.com *.doubleclick.net *.soundestlink.com *.nr-data.net *.esto.ee *.hotjar.io *.cookieinformation.com *.searchnode.net *.bing.com *.googleapis.com *.googleadservices.com *.issuu.com *.cookiebot.com capig.stape.host; font-src 'self' *.gstatic.com data: *.123formbuilder.com *.issuu.com *.bootstrapcdn.com; frame-src 'self' *.123formbuilder.com *.facebook.com *.cookieinformation.com *.youtube.com *.youtube-nocookie.com *.issuu.com *.videoly.net *.cookiebot.com *.doubleclick.net; img-src 'self' data: kotrynagroup.lt *.kotrynagroup.lt *.babycity.lt *.babycity.lv *.babycity.ee *.kidzone.lt *.kidzone.lv *.kidzone.ee *.kidzone.fi *.toycity.lt *.toycity.lv *.zaisluplaneta.lt *.jukukeskus.ee *.toysplanet.lv *.igodigital.com *.bing.com *.facebook.com *.google-analytics.com *.google.com *.google.lt *.google.lv *.google.ee *.google.fi *.ytimg.com *.videoly.co *.adnxs.com *.reddit.com *.googleapis.com *.gstatic.com *.youtube.com *.ckeditor.com *.doubleclick.net *.kotrynagroup.com *.googleadservices.com *.googletagmanager.com *.issuu.com *.wistia.com *.wistia.net *.cookiebot.com; media-src data:; script-src 'self' 'unsafe-hashes' 'unsafe-eval' 'unsafe-inline' *.nr-data.net *.google.com *.google.lt *.google.lv *.google.fi *.google.ee *.igodigital.com polyfill.io *.bitrec.com *.googletagmanager.com *.facebook.net *.searchnode.io *.google-analytics.com *.doubleclick.net *.hotjar.com *.bing.com *.youtube.com omnisrc.com *.sentry-cdn.com *.soundestlink.com omnisnippet1.com *.doubleclick.net *.newrelic.com *.videoly.co *.123formbuilder.com *.esto.ee *.redditstatic.com *.cookieinformation.com *.adnxs.com *.googleapis.com *.ckeditor.com *.jsdelivr.net *.googleadservices.com *.issuu.com *.youtube-nocookie.com *.ytimg.com *.videoly.net *.cookiebot.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.123formbuilder.com *.ckeditor.com *.jsdelivr.net *.issuu.com *.bootstrapcdn.com 1
frame-ancestors https://zep.us https://www.zep.us https://www.k-startup.go.kr https://k-startup.go.kr https://www.k-startup.go.kr:8443 https://k-startup.go.kr:8443 1
font-src *.googleapis.com *.gstatic.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: maxcdn.bootstrapcdn.com https://geowidget.easypack24.net https://widgets.trustedshops.com themes.googleusercontent.com at.alicdn.com kadax.pl *.cloudflare.com *.thulium.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com https://plumrocket.com kadax.pl 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com kadax.pl 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.fls.doubleclick.net cdn.dnky.co *.hotjar.com *.google.com/ *.facebook.com *.trustpilot.com *.criteo.com *.meetanshi.com www.googletagmanager.com secure.payu.com merch-prod.snd.payu.com https://plumrocket.com https://geowidget-app.inpost.pl/ *.weltpixel.com js-agent.newrelic.com swg-2-rog.gkpge.pl kadax.pl *.addthis.com plumrocket.com *.google.com *.paypo.pl *.payu.com *.mainadv.com *.creativecdn.com https://td.doubleclick.net/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com https://ssl.ceneo.pl *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net https://img.youtube.com https://www.magezon.com https://meetanshi.com/media/logo.png *.meetanshi.com *.googleadservices.com *.google-analytics.com quickchart.io img.youtube.com static.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://widgets.trustedshops.com https://widgets-qa.trustedshops.com www.google.pl blob www.google.de www.google.at bam.eu01.nr-data.net www.google.com.ua www.google.sk www.google.ca www.google.se www.google.ch www.google.no www.google.com.pe www.google.cz www.google.co.uk www.google.fr files.mirasvit.com www.google.co.kr www.google.bg www.google.ie www.google.co.in log.pinterest.com www.google.is www.google.be www.google.com.au www.google.dk www.google.com.my consent.cookiefirst.com kadax.pl *.rzetelnyregulamin.pl static.paynow.pl *.cloudfront.net *.etrusted.com *.bing.com *.clarity.ms https://lantern.roeye.com *.yieldmo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com https://ssl.ceneo.pl *.paypal.com *.google.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com s7.addthis.com *.avada.io *.google.com/ *.meetanshi.com secure.payu.com secure.snd.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com js-agent.newrelic.com consent.cookiefirst.com kadax.pl *.gdpsystem.eu *.rzetelnyregulamin.pl *.furgonetka.pl https://z.moatads.com *.addthisedge.com *.addthis.com *.cloudfront.net *.bing.com *.payu.com *.tiktok.com *.thulium.com *.roeyecdn.com *.creativecdn.com *.prefixbox.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com fonts.gstatic.com https://geowidget.easypack24.net https://geowidget.inpost.pl https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com consent.cookiefirst.com kadax.pl *.rzetelnyregulamin.pl *.cloudflare.com *.gdpsystem.eu *.cloudfront.net *.etrusted.com 'self' 'unsafe-inline'; object-src kadax.pl *.rzetelnyregulamin.pl 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.zopim.com https://geowidget.easypack24.net kadax.pl *.rzetelnyregulamin.pl *.thulium.com 'self' 'unsafe-inline'; manifest-src kadax.pl 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://the.sciencebehindecommerce.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.clarity.ms *.facebook.com *.datatrics.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.meetanshi.com *.analytics.google.com *.googletagmanager.com secure.payu.com merch-prod.snd.payu.com *.easypack24.net *.inpost.pl *.openstreetmap.org *.trustedshops.com *.etrusted.com https://integrations.etrusted.site www.google.pl www.google.sk www.google.com.pe properties www.google.nl www.google.com.ua www.google.de www.google.ie www.google.co.in www.google.ro www.google.by www.google.hu www.google.be ws.hotjar.com api.edrone.me content.hotjar.io kadax.pl *.gdpsystem.eu *.addthis.com *.google.com *.edrone.me *.cloudfront.net *.ipify.org *.payu.com *.tiktok.com *.thulium.com wss://chat-proxy-service.thulium.com/netfox/panel.io/ wss://ws.hotjar.com/api/v2/client/ * data: 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com kadax.pl http: https: blob: 'self' 'unsafe-inline'; default-src kadax.pl *.rzetelnyregulamin.pl 'self' 'unsafe-inline' 'unsafe-eval'; base-uri kadax.pl 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' inaadress.maaamet.ee 1
upgrade-insecure requests 1
object-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:  cdn.jsdelivr.net cdnjs.cloudflare.com maps.google.com mdbootstrap.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https:  cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com mdbootstrap.com use.fontawesome.com; report-uri https://www.ketonal.pl/report-uri/enforce 1
base-uri 'self'; default-src 'none'; media-src https://*.smartsuppcdn.com https://steamcdn-a.akamaihd.net https://cdn.akamai.steamstatic.com https://cdn.cloudflare.steamstatic.com; img-src 'self' data: 'unsafe-inline' https://optimize.google.com https://*.googleadservices.com *.googletagmanager.com https://cdn.aktivcommunication.cz https://www.facebook.com https://www.google-analytics.com https://img.youtube.com https://i.ytimg.com https://www.heureka.cz https://www.heureka.sk https://*.smartsuppcdn.com https://googleads.g.doubleclick.net https://*.googleadservices.com https://*.seznam.cz https://*.google.com https://*.google.cz https://*.bing.com https://*.hotjar.com https://ssl.gstatic.com https://gstatic.com https://*.google-analytics.com https://im9.cz https://seznam.cz https://*.seznam.cz https://zbozi.cz https://*.zbozi.cz; manifest-src www.key4you.cz; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://c.seznam.cz/js/retargeting.js https://optimize.google.com https://www.googleoptimize.com https://*.hotjar.com https://vc.hotjar.io https://www.reddit.com https://connect.facebook.net https://www.google-analytics.com https://cdn.aktivcommunication.cz https://*.googletagmanager.com https://tagmanager.google.com https://z.moatads.com https://widgets.pinterest.com https://www.google.com https://www.gstatic.com/recaptcha/ https://ssl.heureka.cz/ https://im9.cz https://*.smartsuppchat.com https://*.smartsuppcdn.com https://www.googleadservices.com https://c.imedia.cz https://googleads.g.doubleclick.net https://seznam.cz https://*.seznam.cz https://zbozi.cz https://*.zbozi.cz https://www.google.cz https://*.luigisbox.com https://www.youtube.com https://*.bing.com https://*.googlesyndication.com https://*.im9.cz; frame-src https://*.youtube.com https://*.facebook.com https://*.google.com https://*.hotjar.com https://*.hotjar.io https://zbozi.cz https://www.seznam.cz https://*.zbozi.cz https://optimize.google.com https://*.googlesyndication.com https://*.doubleclick.net/ https://login.szn.cz/ https://*.im9.cz; connect-src https://*.analytics.google.com https://www.key4you.cz https://*.google-analytics.com https://www.google.cz https://*.google.cz https://www.facebook.com/tr/ https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io https://*.doubleclick.net https://widget-tracker.smartsupp.com https://*.luigisbox.com wss://*.smartsupp.com https://*.smartsupp.com https://*.smartsuppchat.com https://*.smartsuppcdn.com https://*.googletagmanager.com https://*.google.com https://*.googlesyndication.com https://*.bing.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://*.smartsuppcdn.com https://tagmanager.google.com; font-src 'self' https://fonts.gstatic.com https://*.smartsuppcdn.com https://*.hotjar.com; 1
default-src 'self' 'unsafe-inline' https://www.google.com https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js https://unpkg.com/leaflet@1.9.4/dist/leaflet.js https://unpkg.com/leaflet@1.9.4/dist/leaflet.css https://www.google-analytics.com https://fonts.gstatic.com https://fonts.googleapis.com http://a.tile.openstreetmap.org http://b.tile.openstreetmap.org http://c.tile.openstreetmap.org https://cms.kftd.co.id https://unpkg.com https://www.googletagmanager.com; 1
default-src 'self' ; script-src 'self' 'unsafe-eval' *.jsdelivr.net www.google-analytics.com www.googletagmanager.com 'unsafe-inline';style-src 'self' https://fonts.bunny.net https://fonts.googleapis.com *.jsdelivr.net 'unsafe-inline';font-src 'self' https://fonts.bunny.net https://fonts.gstatic.com;base-uri  'self';connect-src 'self'  l.dv *.khatm.site *.google-analytics.com *.google.com;img-src 'self' *.google-analytics.com *.google.com data: l.dv *.khatm.site; 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com maxcdn.bootstrapcdn.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.facebook.net *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google.com/recaptcha/ facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com *.facebook.com *.facebook.net *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.fbcdn.net *.facebook.com *.facebook.net *.meetanshi.com quickchart.io img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com *.facebook.com *.facebook.net *.meetanshi.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com ekr.zdassets.com/ *.facebook.com *.facebook.net *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' data:;font-src 'self';form-action 'self';frame-ancestors 'self';block-all-mixed-content 1
default-src 'self' blob:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu *.luigisbox.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.google.de cdn.jsdelivr.net *.online-metrix.net *.trbo.com cdnjs.cloudflare.com paypalobjects.com *.magnolia-platform.com bat.bing.com googleads.g.doubleclick.net *.mouseflow.com *.trustedshops.com dc.cux.io blob: d2bgdldl6xit7z.cloudfront.net *.smarketer.de google.com google.de google.at google.pl *.google.com *.google.at *.google.pl dashboard.trustprofile.com *.visualwebsiteoptimizer.com app.vwo.com app.varify.io editor.varify.io view.publitas.com *.unzer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu *.luigisbox.com *.google-analytics.com *.googletagmanager.com cdn.jsdelivr.net *.trbo.com cdnjs.cloudflare.com paypalobjects.com *.mouseflow.com dc.cux.io *.trustedshops.com blob: *.googleadservices.com googleads.g.doubleclick.net google.com google.de google.at google.pl *.google.com *.google.de *.google.at *.google.pl kik.app.baqend.com 'self' *.visualwebsiteoptimizer.com app.vwo.com app.varify.io editor.varify.io view.publitas.com *.unzer.com; object-src 'self' blob:; style-src 'self' *.luigisbox.com 'unsafe-inline' *.magnolia-platform.com d2bgdldl6xit7z.cloudfront.net *.googletagmanager.com tagmanager.google.com fonts.googleapis.com trck.linkster.co *.visualwebsiteoptimizer.com app.vwo.com *.unzer.com; base-uri 'self'; connect-src 'self' *.luigisbox.com *.usercentrics.eu *.google-analytics.com *.googletagmanager.com *.doubleclick.net api.phrase.com d2bgdldl6xit7z.cloudfront.net blob: *.magnolia-platform.com *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt *.trbo.com *.mouseflow.com wss://n-77265177-0-20953900-1700486303-655b5c9f332a0.track.cux.io wss://o-77265177-0-20953900-1700486303-655b5c9f332a0.track.cux.io *.trustedshops.com *.etrusted.com *.trustbadge.com *.analytics.google.com bat.bing.com trck.linkster.co *.smarketer.de google.com google.de google.at google.pl *.google.com *.google.de *.google.at *.google.pl kik.app.baqend.com *.visualwebsiteoptimizer.com app.vwo.com app.varify.io editor.varify.io view.publitas.com *.heidelpay.com *.unzer.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.magnolia-platform.com *.mouseflow.com dashboard.trustprofile.com *.unzer.com; child-src *.mouseflow.com *.trustedshops.com; frame-src 'self' *.usercentrics.eu *.trbo.com *.mouseflow.com dashboard.trustprofile.com *.doubleclick.net parcelshop.dhl.pl *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt *.visualwebsiteoptimizer.com app.vwo.com view.publitas.com *.heidelpay.com *.unzer.com; frame-ancestors 'self' *.magnolia-platform.com app.cux.io *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt view.publitas.com; img-src 'self' data: *.usercentrics.eu *.luigisbox.com *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt *.trbo.com *.heidelpay.com *.unzer.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.magnolia-platform.com *.wt-eu02.net bat.bing.com *.google.com *.google.de *.google.at *.google.pl google.com google.de google.at google.pl static.phrase.com *.mouseflow.com *.trustedshops.com *.gstatic.com *.myracloud.com dashboard.trustprofile.com commission.europa.eu *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com; manifest-src 'self'; media-src 'self' *.magnolia-platform.com; worker-src 'self' blob: 1
frame-ancestors 'self' https://kullagergrossisten.se https://kullagergrossisten-marcus.starwebserver.se 1
frame-ancestors 'self'; object-src 'none'; plugin-types 'none'; 1
default-src 'self' assets.adobedtm.com *.google.com *.gstatic.com *.googleapis.com *.iovation.com *.typekit.net cdn.cookielaw.org *.onetrust.com *.krxd.net *.demdex.net *.visualwebsiteoptimizer.com js-agent.newrelic.com bam.nr-data.net mpsnare.iesnare.com philipmorrisintmanagementsa.d3.sc.omtrdc.net data: blob: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 1
frame-ancestors 'self' https://testbaba.virtualcms.it/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data: blob:; font-src 'self' fonts.gstatic.com; frame-src 'self' https:; connect-src 'self' https:; media-src 'self' https:; object-src 'none'; 1
script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.google.com https://*.google.com.tw https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com https://*.googletagmanager.com https://*.doubleclick.net https://certify-js.alexametrics.com https://*.holmesmind.com; style-src 'self' 'unsafe-inline' data:; 1
object-src 'none'; script-src 'self' 'unsafe-inline' *.google.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.gstatic.com *.facebook.net *.googlecommerce.com *.moatads.com *.paypal.com *.postcodeanywhere.co.uk *.stripe.com *.ampproject.org *.afterpay.com *.sagepay.com *.vimeo.com *.jsdelivr.net *.intercom.io *.intercomcdn.com *.feefo.com *.hotjar.com *.g.doubleclick.net *.clarity.ms *.onetrust.com 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com *.fonts.googleapis.com *.cloudflare.com *.findologic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com ludwig.us19.list-manage.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.addthis.com *.pinterest.com *.ludwig.eu *.issuu.com *.chimpstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.bird.eu *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com *.findologic.com *.google-analytics.com *.facebook.net *.facebook.com *.google.com *.google.si *.google.de *.google.at www.ludwig.eu *.service-inspektor.de *.cookiebot.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com *.findologic.com *.google-analytics.com *.facebook.net *.google.si *.google.de *.google.at chimpstatic.com *.cookiebot.com *.ludwig.eu localhost.ludwig.eu wss://localhost.ludwig.eu:35729 ws://localhost.ludwig.eu:35729 https://localhost.ludwig.eu:35729/livereload.js http://localhost.ludwig.eu:35729/livereload.js downloads.mailchimp.com *.list-manage.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.fontawesome.com *.findologic.com downloads.mailchimp.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.cloudflare.com *.paypal.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com *.findologic.com *.facebook.net *.facebook.com *.doubleclick.net pagead2.googlesyndication.com *.cookiebot.com *.ludwig.eu wss://localhost.ludwig.eu:35729 ws://localhost.ludwig.eu:35729 https://localhost.ludwig.eu:35729/livereload.js http://localhost.ludwig.eu:35729/livereload.js api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.dpd.com.pl https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu *.dpd.com.pl https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com data:; form-action 'self' https://*.dpd.com.pl https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu *.dpd.com.pl https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com; frame-ancestors 'self' 1
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.luvn.fi *.wdr.io; base-uri 'self'; object-src 'self'; connect-src wss: https:; worker-src blob:; child-src blob:; frame-src https: 1
object-src 'none'; form-action 'self' https://www.facebook.com/tr/; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.w4.no; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.w4.no js.stripe.com *.paddle.com *.googletagmanager.com www.googleadservices.com www.google.com googleads.g.doubleclick.net *.facebook.net challenges.cloudflare.com; img-src 'self' i.imgur.com *.paddle.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.no i.ytimg.com *.gravatar.com data:; style-src 'self' 'unsafe-inline' *.paddle.com fonts.googleapis.com; child-src 'self'; connect-src 'self' *.w4.no api.stripe.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.no; font-src 'self' fonts.gstatic.com data:; frame-src 'self' js.stripe.com hooks.stripe.com www.youtube-nocookie.com *.paddle.com bid.g.doubleclick.net *.facebook.com challenges.cloudflare.com; 1
script-src https:  'unsafe-eval' 'nonce-EnXKbfddgzv2/Ri1h/CUhrnCk2taEf1gXB3tWPxsSd0=' 'sha256-YpBM7xPJQJfSSthwTVGpeXpUbzvd1XmAqvdlDUvm/QM=' 'unsafe-hashes' 'sha256-CHeyxkbcsDKUzxZy31PlMBX/9yJzqTulsO86EmrxnGw=' 'sha256-WDsUC73nn4VgkPx1YwOLUVRJqzhwfeWvFC3zRWnqz/I=' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.33across.com *.abt.s3.yandex.net *.ad-generation.jp *.adform.com *.adform.net *.adhouse.pro *.admanmedia.com *.admatic.com.tr *.admixer.com *.admost.com *.adnxs.com *.adpush.com.tr *.adtarget.com.tr *.adtech.com *.adtelligent.com *.adtopia.com *.advangelists.com *.advenuemedia.co.uk *.advertising.com *.adwmg.com *.air.tech *.aistekso.net *.alexametrics.com *.amazon-adsystem.com *.amazon.com *.ampproject.org *.appnexus.com *.aralego.com *.axonix.com *.baithoph.net *.beachfront.com *.bidtellect.com *.bik.gov.tr *.bildirt.com *.bizzclick.com *.clarity.ms *.cloudflare.com *.cloudflareinsights.com *.cmcm.com *.colossusssp.com *.connectad.io *.contextweb.com *.coxmt.com *.criteo.com *.criteo.net *.cubepile.com *.dailymotion.com *.devotrans.com *.districtm.io *.doubleclick.net *.e-planning.net *.emxdgt.com *.engagebdr.com *.exponential.com *.facebook.com *.facebook.net *.flashtalking.com *.freewheel.tv *.gamoshi.io *.gemius.pl *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.gumgum.com *.ibillboard.com *.idealmedia.io *.ijit.com *.improvedigital.com *.indexexchange.com *.inmobi.com *.instagram.com *.jquery.com *.jsdelivr.net *.jwpcdn.com *.lijit.com *.linkedin.com *.linkwi.se *.lkqd.com *.lkqd.net *.makroo.com *.maple-team.com *.mars.media *.mediabong.com *.meta.com *.mgid.com *.moatads.com *.newborntown.com *.omnijay.com *.onesignal.com *.onnetwork.tv *.openweathermap.com *.openx.com *.optad360.io *.outbrain.com *.peak226.com *.pinterest.com *.pixad.com.tr *.player.im *.programattik.com *.pubmatic.com *.radyotelekom.com.tr *.reklamstore.com *.resultsmedia.com *.rhythmone.com *.rubiconproject.com *.sabio.us *.serving-sys.com *.sharethis.com *.sharethrough.com *.smaato.com *.smartadserver.com *.smartyads.com *.smrtb.com *.sonobi.com *.sovrn.com *.spotx.tv *.spotxchange.com *.static.hotjar.com *.stroeer.com *.synacor.com *.taboola.com *.tagon.co *.tebilisim.com *.teimg.com *.tevideo.org *.thebrave.io *.themediagrid.com *.thubanoa.com *.tiktok.com *.tradingview.com *.tribalfusion.com *.ttwstatic.com *.twitter.com *.ucfunnel.com *.unrulymedia.com *.us.com *.videoomy.com *.vidoomy.com *.vidyome.com *.vimeo.com *.virgul.com *.weatherwidget.io *.webeyemob.com *.wordego.com *.x.com *.yahoo.com *.yandex.com *.yandex.ru *.yastatic.net *.yayin.com.tr *.yieldmo.com *.youtu.be *.youtube.com *.ytimg.com ads.vidoomy.com api-maps.yandex.ru c1.imgiz.com cdn.ampproject.org cdn.doubleverify.com cdn.id5-sync.com cdn.jsdelivr.net cdn.ravenjs.com gdetr.hit.gemius.pl google.com googlesyndication.com invstatic101.creativecdn.com lidertv.radyotelekom.com.tr oa.openxcdn.net onesignal.com pagead2.googlesyndication.com pcode.yads.tech pghub.io platform-api.sharethis.com player.im pool-eu.creative-serving.com script.4dex.io static-maps.yandex.ru tags.crwdcntrl.net trgde.adocean.pl yastatic.net; 1
base-uri 'self'; connect-src 'self' 1
frame-ancestors 'self' https://cdn.jsdelivr.net/* https://marcelbd.com/* 1
default-src 'self' mardelplata.gob.ar *.mardelplata.gob.ar *.cloudflareinsights.com *.jsdelivr.net *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' mardelplata.gob.ar *.mardelplata.gob.ar *.cloudflareinsights.com *.jsdelivr.net *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com; connect-src 'self' mardelplata.gob.ar *.mardelplata.gob.ar *.cloudflareinsights.com *.jsdelivr.net *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com; img-src 'self' data: mardelplata.gob.ar *.mardelplata.gob.ar *.cloudflareinsights.com *.jsdelivr.net *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' mardelplata.gob.ar *.mardelplata.gob.ar *.cloudflareinsights.com *.jsdelivr.net *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com; base-uri 'self' mardelplata.gob.ar *.mardelplata.gob.ar *.cloudflareinsights.com *.jsdelivr.net *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com; form-action 'self' mardelplata.gob.ar *.mardelplata.gob.ar *.cloudflareinsights.com *.jsdelivr.net *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com; object-src 'self' mardelplata.gob.ar *.mardelplata.gob.ar *.cloudflareinsights.com *.jsdelivr.net *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com; 1
default-src 'self'; connect-src *; font-src * 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' https://*.matrasdirect.nl http://*.matrasdirect.nl 1
default-src 'self' data: *.googleapis.com *.google-analytics.com *.facebook.net *.googletagmanager.com  *.maw2wheelers.com *.gstatic.com *.google.com *.youtube.com *.facebook.com *.facebook.net analytics.google.com td.doubleclick.net; object-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.maw2wheelers.com *.googleapis.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.google.com.np *.google.com *.google-analytics.com *.maw2wheelers.com *.yamaha.com.np yamaha.com.np *.facebook.com *.storeimaging.com *.youtube.com *.ytimg.com c.clarity.ms c.bing.com; connect-src 'self' *.googleapis.com *.google-analytics.com *.doubleclick.net *.facebook.com https://analytics.google.com https://s.clarity.ms https://pagead2.googlesyndication.com; script-src 'unsafe-eval' 'unsafe-inline' *.google-analytics.com *.maw2wheelers.com *.googletagmanager.com *.facebook.net *.cloudflare.com *.googleapis.com *.jsdelivr.net googleads.g.doubleclick.net www.clarity.ms; form-action 'self' *.facebook.com; frame-ancestors 'self' 1
script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.googleapis.com https://*.google.com https://*.facebook.net https://*.facebook.com https://*.youtube.com https://www.gstatic.com; child-src 'self' https://*.facebook.net https://*.facebook.com https://*.google.com https://*.youtube.com https://*.googleapis.com 1
default-src 'self' mcv.vic.gov.au; style-src 'self' 'unsafe-inline' data: mcv.vic.gov.au web-messenger-v5.ingenious.ai www.browsealoud.com plus.browsealoud.com s.swiftypecdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: player.vimeo.com web-messenger-v5.ingenious.ai api.smooch.io code.jquery.com cdn.jsdelivr.net stackpath.bootstrapcdn.com plus.browsealoud.com www.browsealoud.com *.speechstream.net www.googletagmanager.com www.google-analytics.com apis.google.com maps.googleapis.com wikisum.texthelp.com s.swiftypecdn.com; img-src 'self' data: mcv.vic.gov.au api.iconify.design web-messenger-v5.ingenious.ai media.au.ingenious.ai media.smooch.io cc.swiftype.com speechstreamv3-webservices-8.texthelp.com www.browsealoud.com plus.browsealoud.com upload.wikimedia.org www.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com maps.googleapis.com maps.gstatic.com *.googleapis.com *.ggpht; child-src 'self' content.googleapis.com www.googletagmanager.comns.html player.vimeo.com mcv-forms.powerappsportals.com mediaform.powerappsportals.com mcvmediaportal.powerappsportals.com; connect-src 'self' blob: ws: web-messenger-v5.ingenious.ai widget-config.au.ingenious.ai api.smooch.io 62c77b5286e3f800efc43a72.config.smooch.io search-api.swiftype.com s.swiftypecdn.com plus.browsealoud.com plusqa.browsealoud.com www.browsealoud.com en.wikipedia.org wikisum.texthelp.com speechstreamv3-webservices-8.texthelp.com babm.texthelp.com *.speechstream.net stats.g.doubleclick.net www.google-analytics.com; media-src 'self' blob: *.speechstream.net; font-src 'self' mcv.vic.gov.au fonts.gstatic.com web-messenger-v5.ingenious.ai data:; frame-ancestors 'self' mcv.vic.gov.au courtguide.mcv.vic.gov.au mcv-forms.mcv.vic.gov.au mcvmediaportal.powerappsportals.com; object-src data: 'unsafe-eval'; frame-src *.mcv.vic.gov.au mcv-forms.mcv.vic.gov.au forms.office.com mcvmediaportal.powerappsportals.com player.vimeo.com; 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline'; 1
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data: 'self'; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' https://www.immoneuf.com; 1
block-all-mixed-content; child-src 'self' blob: https://*.google.com https://*.doubleclick.net https://*.googlesyndication.com https://app.hubspot.com https://*.hsforms.com https://*.hsadspixel.net https://*.hscollectedforms.net https://*.usemessages.com; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com; frame-ancestors 'self' https://www.google.com https://www.topgenetics.pl https://*.medipoint.pl https://*.invicta.pl https://*.dev-invicta.pl; frame-src 'self' auth.invicta.pl ankieta.invicta.pl https://*.medipoint.pl https://*.google.com https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com https://*.doubleclick.net https://*.googlesyndication.com https://www.gstatic.com https://vars.hotjar.com https://*.hubspot.com https://*.hsforms.com https://*.hsadspixel.net https://*.hscollectedforms.net https://*.usemessages.com https://*.linkedin.com; img-src 'self' data: https://*.google.com https://www.google.pl https://www.google-analytics.com https://www.googletagmanager.com https://*.doubleclick.net https://*.googlesyndication.com https://*.googleadservices.com https://ssl.gstatic.com https://www.gstatic.com https://script.hotjar.com https://www.facebook.com https://track.adform.net https://bank.invicta.pl https://*.hubspot.com https://*.hubspot.net https://*.hsforms.com https://*.licdn.com https://*.linkedin.com https://*.clarity.ms https://c.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' auth.invicta.pl https://*.google.com https://www.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.googlesyndication.com https://*.googletagservices.com https://static.hotjar.com https://script.hotjar.com https://www.googleoptimize.com https://connect.facebook.net https://track.adform.net https://s2.adform.net https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-banner.com https://*.hsadspixel.net https://*.hubspotfeedback.com https://*.usemessages.com https://*.hs-analytics.net https://*.hscollectedforms.net https://*.hsforms.net https://*.hsforms.com https://*.hubspot.com https://*.licdn.com https://*.linkedin.com https://*.clarity.ms; style-src 'self' 'unsafe-inline' https://*.google.com https://*.licdn.com https://www.google-analytics.com https://www.googletagmanager.com https://fonts.googleapis.com; report-uri /en/csp/report 1
object-src 'self' *.googlesyndication.com https://*.googlesyndication.com; connect-src 'self' wss://prodoctorov.ru wss://medotvet.me *.yandex.ru *.google-analytics.com https://*.yandex.ru https://yandex.ru https://mc.yandex.com https://mc.yandex.md ajax.googleapis.com https://analytics.google.com https://region1.analytics.google.com https://www.google.ru https://translate.googleapis.com yandex.st https://yandex.st yastatic.net https://fcm.googleapis.com https://stats.g.doubleclick.net https://sentry.medrating.org https://sentry.prodoctorov.com https://*.facebook.com https://prodoctorov.ru https://rate.prodoctorov.ru https://rate-metrics.prodoctorov.ru https://app.medtochka.ru wss://app.medtochka.ru https://r.prodoctorov.ru https://ymetrica1.com/; default-src 'self'; font-src 'self' https://*.gstatic.com *.gstatic.com data: https://yastatic.net chrome-extension; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://prodoctorov.ru *.google.com https://www.google.com https://*.google-analytics.com *.google-analytics.com *.googlesyndication.com https://*.googlesyndication.com *.googleapis.com https://*.googleapis.com www.google.com https://*.gstatic.com https://*.yandex.net https://yandex.ru https://*.yandex.ru *.yandex.ru *.gstatic.com https://clck.yandex.ru *.twitter.com https://*.twitter.com yandex.st https://yandex.st https://connect.ok.ru vk.com https://www.youtube.com https://s.ytimg.com https://www.googletagmanager.com https://googletagmanager.com https://yastatic.net yastatic.net https://connect.facebook.net seal.websecurity.norton.com dunsregistered.dnb.com https://yookassa.ru https://*.yoomoney.ru; img-src 'self' data: 'unsafe-inline' https://prodoctorov.ru https://protabletky.ru https://medotvet.me https://*.google-analytics.com *.google-analytics.com yastatic.net https://yastatic.net *.yandex.ru https://*.yandex.ru https://yandex.ru *.yandex.net https://*.yandex.net yandex.st https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz *.google.com  https://*.google.com  *.googleapis.com https://*.googleapis.com *.googlesyndication.com https://*.gstatic.com *.gstatic.com vk.com https://*.vk.com *.youtube.com *.twitter.com https://*.twitter.com *.googlezip.net https://*.ggpht.com https://www.googletagmanager.com https://*.facebook.com https://*.google.ru https://*.mail.ru seal.websecurity.norton.com www.honcode.ch https://prodoctorov.ru blob:; frame-src *; style-src 'self' 'unsafe-inline' https://prodoctorov.ru https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com yastatic.net yandex.st https://tagmanager.google.com https://app.medlock.ru; media-src 'self' *.yandex.net yandex.st yastatic.net *.yandex.ru blob:; report-uri https://prodoctorov.ru/cspreport/ 1
default-src 'self' *.megamedia.cl *.meganoticias.cl *.googleapis.com *.fonts.gstatic.com *.mega.cl mdstrm.com *.gstatic.com *.googlesyndication.com https://securepubads.g.doubleclick.net https://www.google.com; img-src * data:; media-src 'self' blob: *.megamedia.cl *.uat-megamedia.cl *.dev-megamedia.cl *.cdn.s-mdstrm.com mdstrm.com *.cdn.mdstrm.com; script-src 'self' cdn.jsdelivr.net 'unsafe-inline' *.s-mdstrm.com *.mdstrm.com *.mega.cl  *.uat-megamedia.cl *.dev-megamedia.cl *.megamedia.cl *.googletagmanager.com https://apis.google.com https://cdn.ampproject.org/ https://securepubads.g.doubleclick.net *.googlesyndication.com https://ad.doubleclick.net https://www.gstatic.com https://www.googletagservices.com https://ad.doubleclick.net https://s0.2mdn.net; font-src fonts.gstatic.com; style-src 'self' fonts.googleapis.com 'unsafe-inline'  *.uat-megamedia.cl *.dev-megamedia.cl; connect-src 'self' mdstrm.com *.cdn.mdstrm.com https://www.google-analytics.com *.googleapis.com https://sso.mega.cl *.megamedia.cl  *.local-megamedia.cl *.uat-megamedia.cl *.dev-megamedia.cl *.meganoticias.cl *.dps.live *.rudo.video *.cloudfront.net https://securepubads.g.doubleclick.net *.googlesyndication.com https://ad.doubleclick.net; base-uri 'self'; form-action 'self'; worker-src 'self' blob: *.megamedia.cl *.uat-megamedia.cl *.dev-megamedia.cl *.local-megamedia.cl; frame-src 'self' *.mega.cl *.megago.cl *.megamedia.cl *.uat-megamedia.cl *.dev-megamedia.cl *.local-megamedia.cl https://megago-751e1.firebaseapp.com https://megago-dev.firebaseapp.com/ https://mdstrm.com https://securepubads.g.doubleclick.net *.googlesyndication.com https://www.google.com/ https://s0.2mdn.net; child-src 'self' blob: *.megamedia.cl *.uat-megamedia.cl *.dev-megamedia.cl https://megago-751e1.firebaseapp.com https://megago-dev.firebaseapp.com/ https://mdstrm.com 1
frame-ancestors https://metrika.yandex.ru https://webvisor.com http://webvisor.com 1
default-src 'none' ; connect-src 'self' data: https://ajax.googleapis.com https://de.api4load.biz https://pfrest.pboss.de https://pfrest.petafuel.net https://pfrest.wozutesten.de https://pfrest.mobile.wozutesten.de https://translate.googleapis.com https://www.facebook.com/tr/ https://www.fndsda.net https://www.paypal.com ; font-src 'self' data: * ; frame-src 'self' data: https://ad.ad-srv.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://cdn.mobile.wozutesten.de https://client.comprigo.com https://hal9000.redintelligence.net https://matomo.petafuel.net https://optimize.google.com https://pixel.bsmartdata.com/ https://r.adc-srv.net https://staticxx.facebook.com https://tools.petafuel.de https://www.facebook.com https://www.fndsda.net https://www.googletagmanager.com https://www.paypal.com https://www.sandbox.paypal.com ; img-src 'self' data: * ; manifest-src 'self' data: * ; media-src 'self' data: * ; object-src 'self' data: * ; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://ad4mat.de https://bid.g.doubleclick.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://cdn.mobile.wozutesten.de https://connect.facebook.net https://containertags.belboon.de https://data1.eurosty.com https://data1.mein-bmi.com https://data1.routenplaner-karten.com https://data1.ubersetzung-app.com https://eu5.heatmap.it https://googleads.g.doubleclick.net https://imgsrv.io https://matomo.petafuel.net https://maytrics.marvellousmachine.net https://online.adservicemedia.dk https://optimize.google.com https://orangebuddies.go2cloud.org https://pstatic.davebestdeals.com https://s3.eu-central-1.amazonaws.com https://ssl.google-analytics.com https://static.donation-tools.org https://tagmanager.google.com https://tpc.googlesyndication.com https://translate.googleapis.com https://www.financeads.net https://www.fndsda.net https://www.google-analytics.com https://www.google.com/ads/user-list https://www.googleadservices.com https://www.googletagmanager.com https://www.paypal.com https://www.paypalobjects.com https://www.performancehero.de ; style-src 'self' data: 'unsafe-inline' https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://cdn.mobile.wozutesten.de https://fonts.googleapis.com https://optimize.google.com https://translate.googleapis.com https://u.heatmap.it https://www.fndsda.net ; worker-src 'self' data: * ; 1
default-src 'none';frame-src 'self' *.trustyou.com *.youtube.com *.google.com review.holidaycheck.com review-service.holidaycheck.com *.a3mobile.com gm-destination-manager.com;media-src 'self' static.gebeco.de *.studiosus.com;font-src 'self' https://fonts.gstatic.com *.smartberatung.com;img-src * 'self' data:;object-src 'none';script-src 'strict-dynamic' 'nonce-iaQZuO/Is231wIOr25k3yMivBPA=' ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.core.windows.net cdn.smartberatung.com;frame-ancestors *;base-uri 'self';form-action 'self';connect-src *; 1
frame-src 'self' chilicloud.menucards.be chilicloud.menucards.cc www.google.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' unpkg.com *.googleapis.com www.google.com *.gstatic.com plausible.io;img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com chilicloud.menucards.be chilicloud.menucards.cc *.googleusercontent.com https://p.typekit.net data: blob: data: ;default-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://plausible.io/ https://js-agent.newrelic.com/ https://maps.googleapis.com/maps/api/ https://maps.googleapis.com/maps-api-v3/api/ https://maps.googleapis.com/maps/ https://maps.gstatic.com/mapfiles/api-3/images/spotlight-poi3.png 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net; font-src 'self' https://fonts.gstatic.com https://use.typekit.net data: 1
upgrade-insecure-requests; report-uri https://mersinodak.com 1
default-src 'self'; block-all-mixed-content; connect-src 'self' checkout.stripe.com maps.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; frame-src 'self' www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com checkout.stripe.com sandbox-merchant.revolut.com/; img-src 'self' meterix.com *.meterix.com meterpay.net *.meterpay.net *.stripe.com cdn.datatables.net ajax.googleapis.com/ajax/libs/jqueryui/ meterpayenv-uploaded-files.s3.eu-west-2.amazonaws.com meterpaydeenv-uploaded-files.s3.eu-central-1.amazonaws.com data: maps.google.com maps.gstatic.com *.googleapis.com; script-src 'self' 'unsafe-inline' www.google.com/recaptcha/ www.gstatic.com/recaptcha/ checkout.stripe.com/checkout.js js.stripe.com ajax.googleapis.com/ajax/libs/jquery/ code.jquery.com code.highcharts.com cdn.datatables.net ajax.googleapis.com/ajax/libs/jqueryui/ maps.google.com maps.gstatic.com maps.googleapis.com sandbox-merchant.revolut.com/embed.js; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdn.datatables.net ajax.googleapis.com/ajax/libs/jqueryui/ maps.google.com maps.gstatic.com maps.googleapis.com; upgrade-insecure-requests 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-942C3AB580FAD3244D2BB3C066A1307B' 'strict-dynamic'; style-src 'self' fonts.googleapis.com translate.googleapis.com 'nonce-942C3AB580FAD3244D2BB3C066A1307B'; connect-src 'self' https: wss://dnpush.nl; img-src 'self' https: data:; font-src 'self' fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com; base-uri 'none'; media-src 'self'; report-uri https://www.metjou.nl/API/Site/CspReport 1
script-src 'self' 'unsafe-inline' https://eu.fw-cdn.com https://*.freshchat.com https://*.qualif-kalido.com https://impactco2.fr https://run-kalido.com https://cdn.qlikcloud.com https://*.eu.qlikcloud.com https://cdnjs.cloudflare.com https://cdn.polyfill.io http://targetemsecure.blob.core.windows.net https://targetemsecure.blob.core.windows.net https://*.gstatic.com https://axeptio.imgix.net https://*.axeptio.eu https://*.axept.io https://static.byyoukado.com/space/webcomponent/user/user-web-components.js https://script.hotjar.com https://static.byyoukado.com/space/webcomponent/admin/admin-web-components.js https://api.systempay.fr http://code.jquery.com https://connect.facebook.net https://snap.licdn.com https://maps.googleapis.com https://cdn.builder.io https://cdn.jsdelivr.net http://www.page.fr.weber https://player.vimeo.com http://static.axept.io https://www.gstatic.com/ https://www.googletagmanager.com/ https://www.google.com https://www.google-analytics.com https://static.hotjar.com; object-src 'none'; 1
default-src 'self' data: www.eura7.com e24files.com c.tile.openstreetmap.org b.tile.openstreetmap.org a.tile.openstreetmap.org maps.gstatic.com maps.googleapis.com www.gstatic.com fonts.googleapis.com fonts.gstatic.com i.ytimg.com www.youtube.com www.youtube-nocookie.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.google.pl https://pagead2.googlesyndication.com https://consentcdn.cookiebot.com https://imgsct.cookiebot.com; style-src 'self' developers.google.com maps.googleapis.com 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' developers.google.com maps.googleapis.com maps.gstatic.com www.gstatic.com www.google.com www.youtube.com https://*.googletagmanager.com c.tile.openstreetmap.org a.tile.openstreetmap.org b.tile.openstreetmap.org https://consent.cookiebot.com https://consentcdn.cookiebot.com; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.boxnow.hr *.fontawesome.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.sandbox.paypal.com *.youtube.com *.paypal.com *.googleadservices.com *.google-analytics.com *.google.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.placeholder.com *.wspay.biz *.corvuspay.com *.zopim.com *.klevu.com data: mi.hr *.pushpushgo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.boxnow.hr https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.twitter.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.googleapis.com *.placeholder.com *.wspay.biz *.corvuspay.com mi.hr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.boxnow.hr c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.wspay.biz *.corvuspay.com mi.hr *.pushpushgo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.boxnow.hr venkon.hr www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.wspay.biz maps.gstatic.com blob: *.corvuspay.com *.google.hr mi.hr *.pushpushgo.com *.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://sibautomation.com *.boxnow.hr js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.cloudflareinsights.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.instagram.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.wspay.biz *.pushpushgo.com *.adobedtm.com *.corvuspay.com *.doubleclick.com *.demdex.net *.amcglobal.sc.omtrdc.net *.klevu.com *.zopim.com *.zdassets.com mi.hr *.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.boxnow.hr *.fontawesome.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.youtube.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.wspay.biz *.corvuspay.com *.klevu.com mi.hr *.pushpushgo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://in-automate.brevo.com *.boxnow.hr api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.cloudflare.com *.twitter.com *.twimg.com *.youtube.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.wspay.biz *.corvuspay.com *.googletagmanager.com *.doubleclick.com *.doubleclick.net *.demdex.net *.amcglobal.sc.omtrdc.net *.klevu.com *.zopim.com *.zdassets.com *.pagead2.googlesyndication.com *.googlesyndication.com mi.hr *.pushpushgo.com *.google.hr *.bing.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.canva.com canva.com; report-uri https://csp.canva.com/_cspreport?app=websites; base-uri 'self'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'nonce-d1f98109-4b3f-49bc-8a0c-58c5d2216136' https://www.google.com/recaptcha/api.js; 1
default-src 'none' ;font-src 'self' ;img-src 'self' data: 'unsafe-inline';style-src 'self' 'unsafe-inline' ;script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://code.jquery.com ;connect-src 'self' ;media-src 'self' https://assets.ampgroep.nl ;child-src 'self' https://player.vimeo.com  https://www.youtube.com ;object-src 'none' ; 1
frame-src 'self' *.youtube.com *.vimeo.com https://www.google.com *.livechatinc.com *.cookiebot.com *.readspeaker.com https://www.readspeaker.com; form-action 'self' https://*.readspeaker.com https://www.readspeaker.com https://*.abnamro.nl https://www.abnamro.nl https://*.asnbank.nl https://asnbank.nl https://*.bunq.com https://bunq.com https://*.ing.nl https://ing.nl https://*.knab.nl https://knab.nl https://*.n26.com https://n26.com https://*.nn.nl https://www.nn.nl https://*.rabobank.nl https://rabobank.nl https://*.regiobank.nl https://regiobank.nl https://*.revolut.com https://revolut.com https://*.snsbank.nl https://snsbank.nl https://*.triodos.nl https://triodos.nl https://*.vanlanschotkempen.com https://vanlanschotkempen.com https://*.bitsafe.com https://bitsafe.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.speakdemo.nl *.kredietbanknederland.nl *.mijnbankgemak.nl *.zakelijkbankgemak.nl *.ping.nl *.sharethis.com *.youtube.com *.vimeo.com *.vimeocdn.com *.amazonaws.com *.futy.io *.easycruit.com *.readspeaker.com *.googleapis.com quickchart.io *.google.com *.google.nl https://stats.g.doubleclick.net *.doubleclick.net wss://api.qooqie.com *.bing.com *.leadinfo.com packages.umbraco.org our.umbraco.org *.cloudflare.com *.googletagmanager.com *.google-analytics.com *.qooqie.com *.leadinfo.net *.clarity.ms *.bind.com *.cookiebot.com *.rawgit.com *.jsdelivr.net use.fontawesome.com *.livechatinc.com *.placeholder.com *.gstatic.com *.postcodeapi.nu; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.speakdemo.nl *.kredietbanknederland.nl *.mijnbankgemak.nl *.zakelijkbankgemak.nl *.ping.nl *.googleapis.com quickchart.io *.sharethis.com *.amazonaws.com *.easycruit.com *.futy.io *.readspeaker.com *.rawgit.com https://www.gstatic.com https://www.google.com https://www.googleadservices.com https://extreme-ip-lookup.com https://stats.g.doubleclick.net *.doubleclick.net wss://api.qooqie.com *.bing.com *.leadinfo.com player.vimeo.com *.vimeocdn.com packages.umbraco.org our.umbraco.org *.cloudflare.com *.googletagmanager.com *.google - analytics.com *.qooqie.com *.leadinfo.net *.clarity.ms *.cookiebot.com *.bind.com *.livechatinc.com; object-src 'self' *.speakdemo.nl *.kredietbanknederland.nl *.mijnbankgemak.nl *.zakelijkbankgemak.nl *.ping.nl wss://api.qooqie.com *.bing.com *.leadinfo.com player.vimeo.com *.vimeocdn.com *.cookiebot.com packages.umbraco.org our.umbraco.org *.cloudflare.com *.googletagmanager.com *.google - analytics.com *.qooqie.com *.leadinfo.net *.clarity.ms *.bind.com; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com use.fontawesome.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com maps.googleapis.com www.google-analytics.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src 'self' data: https://static.anwb.nl https://google-analytics.com https://maps.gstatic.com https://maps.googleapis.com *.google-analytics.com *.googletagmanager.com https://script.hotjar.com http://script.hotjar.com; connect-src 'self' https://api.anwb.nl/v1/case-status-updates/ sst.online-pub-prd.aws-public.anwb.cloud *.anwb.nl analytics.anwb.nl maps.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com dataplane.rum.eu-central-1.amazonaws.com/appmonitors/273842f9-10ea-4da1-b3f8-d85b37598650 sts.eu-central-1.amazonaws.com cognito-identity.eu-central-1.amazonaws.com; object-src 'none'; frame-src https://vars.hotjar.com; font-src 'self' https://static.anwb.nl https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com; 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 'unsafe-hashes' ; img-src * blob: data: ; font-src * data: ; connect-src *; style-src-elem * 'unsafe-inline'; script-src-elem * 'unsafe-inline'; frame-src 'self' youtube.com https://www.youtube.com https://www.google.com https://www.googletagmanager.com/ https://www.facebook.com/ https://maps.google.com/; 1
connect-src 'self' *.google-analytics.com appscdn.joomla.org www.acyba.com www.google-analytics.com browser.sentry-cdn.com stats.pusher.com ajax.googleapis.com www.mollie.com paypalobjects.com fonts.googleapis.com www.gstatic.com mailtester.acyba.com; object-src 'none'; 1
font-src *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.worldpay.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com meetanshi.com docs.google.com *.google-analytics.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com *.meetanshi.com meetanshi.com docs.google.com *.google-analytics.com accounts.google.com https://www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.meetanshi.com meetanshi.com *.google-analytics.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io *.meetanshi.com meetanshi.com docs.google.com *.google-analytics.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com https://get.geojs.io *.avada.io *.meetanshi.com meetanshi.com docs.google.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https://*.mitid.dk https://mitid.dk https://*.danid.dk 'self' about: data:; frame-ancestors 'none'; style-src 'self' 'unsafe-inline'; script-src https://*.mitid.dk https://mitid.dk 'self' 'nonce-E8Og96yh/324ELjMzICNqOEcZwkZHiQUzwnvXepIQgo=' ; 1
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' www.facebook.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: data: wss: *.bing.com www.mirjan24.pl *.mirjan24.pl mirjan24.pl googleapis.com *.googleapis.com googletagmanager.com *.googletagmanager.com biano.sk *.biano.sk biano.cz *.biano.cz biano.hu *.biano.hu biano.ro *.biano.ro biano.hr *.biano.hr prefixbox.com *.prefixbox.com gstatic.com *.gstatic.com novynabytok.sk *.novynabytok.sk hezkynabytek.cz *.hezkynabytek.cz zondo.hu *.zondo.hu zondo.ro *.zondo.ro zondo.hr *.zondo.hr *.zdassets.com *.zopim.com prefixbox.com *.prefixbox.com google-analytics.com *.google-analytics.com clarity.ms *.clarity.ms *.doubleclick.net chimpstatic.com google.com *.google.com google.sk *.google.sk google.cz *.google.cz google.hu *.google.hu google.ro *.google.ro google.hr *.google.hr googleadservices.com *.googleadservices.com *.zopim.io *.imedia.cz *.seznam.cz chimpstatic.com facebook.net *.facebook.net nabytok-mirjan24.sk *.nabytok-mirjan24.sk mirjan24.cz *.mirjan24.cz facebook.com *.facebook.com meblemirjan.pl *.meblemirjan.pl youtube.com *.youtube.com creativecdn.com *.creativecdn.com https://*.bootstrapcdn.com https://chimpstatic.com *.zendesk.com *.googlesyndication.com *.google.fr; 1
frame-ancestors 'self' misope.co.kr *.misope.co.kr 1
default-src 'self' * script-src 'self' * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' dpm.demdex.net *.telus.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: telus.122.2o7.net 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src https: 'self' data:; connect-src wss: https:; img-src https: 'self' data:; 1
frame-ancestors 'self' https://impakt-360.com https://my.impakt-360.com https://*.impakt-360.com https://www.treedis.com https://my.treedis.com https://*.treedis.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-MjQ3LDE5NiwxMjgsMjMwLDMxLDEyMSwxOTMsMTk1' blob: https://cdn.discordapp.com/animations/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://checkout.paypal.com https://c.paypal.com https://kit.cash.app https://static.discord.com https://static-edge.discord.com; style-src 'self' 'unsafe-inline' https://cdn.discordapp.com https://*.hcaptcha.com https://hcaptcha.com https://kit.cash.app https://static.discord.com https://static-edge.discord.com; img-src 'self' blob: data: https://*.discordapp.net https://*.discordapp.com https://*.discord.com https://i.scdn.co https://i.ytimg.com https://i.imgur.com https://media.tenor.co https://media.tenor.com https://c.tenor.com https://*.youtube.com https://*.giphy.com https://static-cdn.jtvnw.net https://pbs.twimg.com https://assets.braintreegateway.com https://checkout.paypal.com https://c.paypal.com https://b.stats.paypal.com https://slc.stats.paypal.com https://hnd.stats.paypal.com https://api.cash.app; font-src 'self' https://fonts.gstatic.com https://cash-f.squarecdn.com https://static.discord.com https://static-edge.discord.com; connect-src 'self' https://status.discordapp.com https://status.discord.com https://support.discordapp.com https://support.discord.com https://discordapp.com https://discord.com https://discord-attachments-uploads-prd.storage.googleapis.com https://cdn.discordapp.com https://media.discordapp.net https://images-ext-1.discordapp.net https://images-ext-2.discordapp.net https://router.discordapp.net wss://*.discord.gg https://best.discord.media https://latency.discord.media wss://*.discord.media wss://dealer.spotify.com https://api.spotify.com https://music.amazon.com/embed/oembed https://*.sentry.io https://api.twitch.tv https://api.stripe.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.braintree-api.com https://www.googleapis.com https://*.algolianet.com https://*.hcaptcha.com https://hcaptcha.com https://*.algolia.net ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' blob: disclip: https://*.discordapp.net https://*.discord.com https://*.discordapp.com https://*.youtube.com https://streamable.com https://vid.me https://twitter.com https://oddshot.akamaized.net https://*.giphy.com https://i.imgur.com https://media.tenor.co https://media.tenor.com https://c.tenor.com; frame-src https://discordapp.com/domain-migration discord: https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://hooks.stripe.com https://checkout.paypal.com https://c.paypal.com https://assets.braintreegateway.com https://checkoutshopper-live.adyen.com https://kit.cash.app https://player.twitch.tv https://clips.twitch.tv/embed https://player.vimeo.com https://www.youtube.com/embed/ https://www.tiktok.com/embed/ https://music.amazon.com/embed/ https://music.amazon.co.uk/embed/ https://music.amazon.de/embed/ https://music.amazon.co.jp/embed/ https://music.amazon.es/embed/ https://music.amazon.fr/embed/ https://music.amazon.it/embed/ https://music.amazon.com.au/embed/ https://music.amazon.in/embed/ https://music.amazon.ca/embed/ https://music.amazon.com.mx/embed/ https://music.amazon.com.br/embed/ https://www.youtube.com/s/player/ https://twitter.com/i/videos/ https://www.funimation.com/player/ https://www.redditmedia.com/mediaembed/ https://open.spotify.com/embed/ https://w.soundcloud.com/player/ https://audius.co/embed/ https://*.watchanimeattheoffice.com https://sessionshare.sp-int.playstation.com/ https://session-share.playstation.com/ https://localhost:* https://*.discordsays.com https://discordappcom.cloudflareaccess.com/; child-src 'self' blob: https://assets.braintreegateway.com https://checkout.paypal.com https://c.paypal.com; prefetch-src 'self' https://cdn.discordapp.com/assets/; 1
frame-ancestors 'self' https://*.bni.co.id 1
frame-ancestors 'self';img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://pagead2.googlesyndication.com https://i0.wp.com https://pixel.wp.com;object-src 'none';report-uri /; 1
default-src 'self' https://static.zohocdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://css.zohocdn.com https://css.zohostatic.com https://files.zohopublic.com https://maxcdn.bootstrapcdn.com; font-src 'self' https://css.zohocdn.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com ; img-src 'self' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.gstatic.com https://js.rfp.fout.jp https://*.googletagmanager.com https://www.google.com https://unpkg.com https://salesiq.zoho.com https://salesiq.zohopublic.com/widget https://www.google-analytics.com https://connect.facebook.net https://cdn.adbro.me https://googleads.g.doubleclick.net https://td.doubleclick.net https://js.zohocdn.com https://js.zohostatic.com https://tag.adbro.me https://code.jquery.com https://www.clarity.ms https://static.zohocdn.com; connect-src 'self' https://api.parenthings.co.id https://bam.eu01.nr-data.net https://*.clarity.ms https://stats.g.doubleclick.net https://salesiq.zohopublic.com wss://vts.zohopublic.com https://pagead2.googlesyndication.com wss://apis.adbro.me https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.id; frame-src 'self' https://parenthings.morinaga.id  https://www.facebook.com https://td.doubleclick.net https://www.google.com https://www.youtube.com https://*.morinaga.id https://*.usetada.com https://salesiq.zohopublic.com https://download.zohopublic.com https://vts.zohopublic.com https://salesiq.zohopublic.com https://js.zohostatic.com https://wms.zohopublic.com https://media.zohostatic.com https://dyjgaef5vuq51.cloudfront.net https://dtzpfzv31buvf.cloudfront.net https://js.zohocdn.com https://css.zohocdn.com https://img.zohostatic.com https://media.zohostatic.com https://fonts.zohostatic.com; 1
frame-src *.1psa.net *.jyic.net *.facebook.com *.youtube.com *.tkdbooks.com docs.google.com etlady.tw view.officeapps.live.com dl.mosme.net onecompiler.com widgets.judge0.com tkd.e4sp.tw bao.ipoe.cc *.mosme.net; 1
default-src 'self'; font-src * data:; img-src * data:; media-src *; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'unsafe-inline'; connect-src * https://web.whatsapp.com https://code.highcharts.com https://www.facebook.com; frame-src 'self' https://challenges.cloudflare.com https://cdn.aplazame.com https://checkout.aplazame.com https://api.aplazame.com https://mc.yandex.ru https://wchat.eu.myfreshworks.com https://httpsmosquiteras24hcom.wchat.eu.webpush.myfreshworks.com https://www.youtube.com https://www.google.com https://td.doubleclick.net https://www.facebook.com https://web.whatsapp.com; 1
base-uri 'self'; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com https://maps.googleapis.com https://mts0.googleapis.com https://mts1.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://connect.facebook.net https://apis.google.com https://www.gstatic.com http://192.168.1.25:35729 https://cdn.ampproject.org https://cdn.agenceici.com/ https://tarteaucitron.io https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://www.googletagmanager.com https://cdn.tarteaucitron.io 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.twitter.com *.consensu.org *.sharethis.com *.google.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.apptrian.com www.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.sharethis.com *.facebook.com blob: chow-s3-media.s3.ap-southeast-1.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.trackedlink.net *.google.com *.sharethis.com *.googletagmanager.com *.facebook.net *.avada.io ipinfo.io *.elfsight.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.apptrian.com connect.facebook.net graph.facebook.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.nr-data.net *.newrelic.com *.ampproject.org *.sharethis.com *.elfsight.com ajaqa6kih4.execute-api.ap-southeast-1.amazonaws.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self'; script-src 'self' *.cloudflare.com *.google.com cdn.datatables.net maps.googleapis.com www.gstatic.com cdn.jsdelivr.net www.youtube.com *.aichat.site www.googletagmanager.com connect.facebook.net static.cloudflareinsights.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' cdn.datatables.net *.cloudflare.com fonts.googleapis.com unpkg.com *.aichat.site 'unsafe-inline'; img-src 'self' * data:; font-src 'self' data: fonts.gstatic.com *.aichat.site; connect-src 'self' maps.googleapis.com *.facebook.com socialplugin.facebook.net; media-src 'self'; frame-src 'self' *.facebook.com *.google.com plugins.flockler.com mrdiy.listedcompany.com *.youtube.com *.vimeo.com; object-src 'none'; base-uri 'self'; 1
default-src https: *.crazyegg.com wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; worker-src data: 1
frame-ancestors 'self' https://www.municipalidadantofagasta.cl/ https://www.municipalidaddeantofagasta.cl/ https://municipalidadantofagasta.cl/ https://municipalidaddeantofagasta.cl/ 1
frame-ancestors 'self' musicianmarket.co.kr *.musicianmarket.co.kr 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.app.smart-tribune.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' https://*.viasante.fr https://matomojs.trackify.info https://*.app.smart-tribune.com  https://www.google.com https://*.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://*.facebook.com https://*.facebook.net  https://polyfill.io https://www.youtube.com https://bat.bing.com https://*.g.doubleclick.net https://*.tagcommander.com https://*.trustcommander.net; connect-src 'self' https://*.viasante.fr https://*.google.com https://api.mapbox.com https://api-gateway.app.smart-tribune.com https://*.google-analytics.com https://www.googletagmanager.com https://*.g.doubleclick.net https://www.facebook.com https://polyfill.io https://11683785.fls.doubleclick.net https://bat.bing.com https://*.trustcommander.net https://*.commander1.com; font-src https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src https://viasante.fr https://*.viasante.fr https://www.google.com https://www.youtube.com https://*.calameo.com https://*.trustcommander.net; img-src 'self' https://*.viasante.fr data: https://www.googletagmanager.com http://pbs.twimg.com https://api.mapbox.com https://googleads.g.doubleclick.net https://*.app.smart-tribune.com https://bat.bing.com https://bo.viasante.fr https://stv2-uploads-prod.s3.eu-west-3.amazonaws.com https://tiles.stadiamaps.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.fr https://www.jevisbienetre.fr; object-src 'none'; 1
default-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;object-src 'self' *;style-src 'self' 'unsafe-inline' *;img-src 'self' * data:;media-src 'self' *;frame-src 'self' *;font-src 'self' *;block-all-mixed-content;report-uri * 1
default-src 'self'; ; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdn.lr-ingest.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://code.jquery.com https://js-na1.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsleadflows.net https://js.hubspot.com https://js.monitor.azure.com https://js.usemessages.com https://browser.sentry-cdn.com https://static.zdassets.com https://pod-25.zendesk.com https://apis.google.com; style-src 'report-sample' 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src 'self' blob:; base-uri 'self'; connect-src 'self' wss: blob: https://*.in.applicationinsights.azure.com https://*.hubspot.com https://r.lr-ingest.com https://*.ingest.sentry.io https://localhost:5209 https://ekr.zdassets.com https://*.zendesk.com https://identitytoolkit.googleapis.com https://api.hubapi.com https://*.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' blob: https://app.hubspot.com https://www.google.com https://*.hs-sites.com https://myalii.firebaseapp.com; img-src 'self' data: blob: https://*.hsforms.com https://*.hubspot.com https://*.hsappstatic.net https://*.zendesk.com https://www.gravatar.com; manifest-src 'self'; media-src 'self'; report-uri https://*.endpoint.csper.io; worker-src blob: 1
default-src 'self' https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js cdn.jsdelivr.net; script-src cdn.jsdelivr.net 'self'  ajax.googleapis.com cdnjs.cloudflare.com cdn.polyfill.io fonts.gstatic.com use.fontawesome.com 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com use.fontawesome.com cdn.quilljs.com cdnjs.cloudflare.com;frame-ancestors 'self';  font-src 'self' fonts.gstatic.com use.fontawesome.com cdnjs.cloudflare.com netdna.bootstrapcdn.com 'unsafe-inline'; img-src 'self' blob: data:;object-src 'self' data:;connect-src * data:;worker-src 'self' blob:;frame-src * 1
frame-ancestors 'self' mycampus.pt universidadeeuropeia.instructure.com universidadeeuropeia.staging.instructure.com universidadeeuropeia.beta.instructure.com universidadeeuropeia.test.instructure.com; 1
default-src 'self'; img-src 'self' data: https://dtf-drupal-dev.s3.eu-central-1.amazonaws.com https://coa-coa-t01.s3.eu-central-1.amazonaws.com https://coa-coa-a01.s3.eu-central-1.amazonaws.com https://coa-coa-p01.s3.eu-central-1.amazonaws.com https://statistiek.rijksoverheid.nl https://i.ytimg.com https://i.vimeocdn.com; font-src 'self' https://fonts.googleapis.com https://use.typekit.net https://fonts.gstatic.com; object-src 'none'; script-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl https://www.youtube.com https://player.vimeo.com; script-src-attr 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://p.typekit.net; style-src-attr 'self' 'unsafe-inline' https://p.typekit.net; frame-ancestors 'self'; connect-src 'self' cdn.plyr.io https://noembed.com https://player-telemetry.vimeo.com https://fresnel.vimeocdn.com; media-src cdn.plyr.io https://www.rovid.nl; frame-src https://form.jotform.com https://www.youtube-nocookie.com https://player.vimeo.com 1
img-src * 'self' data:;  default-src 'self' 'unsafe-inline' 'unsafe-eval' https:; 1
default-src 'self';font-src 'self' fonts.googleapis.com maps.googleapis.com fonts.gstatic.com data: blob:;style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com;style-src 'self' 'unsafe-inline' https://tagmanager.google.com fonts.googleapis.com fonts.gstatic.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' script-src: https://tagmanager.google.com www.googletagmanager.com polyfill.io maps.googleapis.com www.google-analytics.com *.google-analytics.com  www.analytics.google.com *.analytics.google.com https://*.zdassets.com https://*.zendesk.com;img-src 'self' 'unsafe-inline' *.google-analytics.com *.analytics.google.com maps.gstatic.com *.googleapis.com *.ggpht https://maps.gstatic.com https://maps.googleapis.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com www.googletagmanager.com https://*.zendesk.com data: blob:;connect-src 'self' https://cdn.plyr.io https://www.google-analytics.com https://stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com https://maps.googleapis.com https://*.zdassets.com https://*.zendesk.com wss://*.zendesk.com;frame-src 'self' https://www.googletagmanager.com https://glogarancia.hu 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.at https://www.myheritage.de  'nonce-db8fc4716bf3f2e46b71bcaec199f506' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.at;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.ch https://www.myheritage.de  'nonce-9f3021aea91c792305014866acc23edb' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.ch;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.hu https://www.myheritage.hu  'nonce-1b403c5333eef01c42604b817d0e0b40' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.hu;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.sk https://www.myheritage.sk  'nonce-6c8c4c43b0df4908903a40ecd65b8a00' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.sk;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com myheritagelibraryedition.com  'unsafe-inline' blob: data: 'self' https://*.myheritage.com https://*.mhcache.com https://tpc.googlesyndication.com https://*.doubleclick.net https://*.google.com https://*.googletagmanager.com https://connect.facebook.net https://bat.bing.com https://www.googleadservices.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://www.gstatic.com https://*.googleapis.com https://*.mk-sense.com https://code.jquery.com https://www.dwin1.com https://ad.zanox.com https://portal.allyable.com https://static.allyable.com;style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com myheritagelibraryedition.com;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com 1
frame-ancestors 'self' *.myhotelschool.nl ; 1
frame-src 'self' https://player.vimeo.com/ https://static.addtoany.com/ https://cdn.walkme.com/ http://www.nextbuses.mobi/ https://www.google.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://f1-eu.readspeaker.com https://maps.googleapis.com https://platform.twitter.com https://polyfill-fastly.io https://polyfill.io https://static.addtoany.com https://unpkg.com https://webchat.wheatleygroupservices.com https://www.google.com; script-src-elem 'self' 'unsafe-inline' https://translate.google.com/translate_a/element.js https://translate.googleapis.com/ https://translate-pa.googleapis.com/ https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com/ https://cdn.gtranslate.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn.walkme.com/ https://webchat.wheatleygroupservices.com/ https://playerserver.walkme.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://f1-eu.readspeaker.com https://maps.googleapis.com https://platform.twitter.com https://polyfill-fastly.io https://polyfill.io https://static.addtoany.com https://unpkg.com https://webchat.wheatleygroupservices.com https://www.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://unpkg.com https://use.fontawesome.com; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com/ https://maxcdn.bootstrapcdn.com/ https://cdn.walkme.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://unpkg.com https://use.fontawesome.com; frame-ancestors 'self' 1
frame-ancestors https://beamish-yeot-0af3c3.netlify.app 1
script-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com 'nonce-0Xtt0PXXaVIa5dsndUzM0Sl82NIts9rePCurWhi/TaE=';frame-src 'self' https://hcaptcha.com https://www.google.com/ https://*.hcaptcha.com https://www.youtube.com 1
frame-src 'self' https://www.youtube.com; frame-ancestors 'self'  https://*.defend.net; 1
default-src 'self' https://pwck.hr.nl; script-src 'self' 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com 1
frame-src 'self' *.youtube.com *.baluarte.com *.twitter.com *.youtube-nocookie.com navarra360.com www.google.com;  1
default-src 'unsafe-inline' 'unsafe-eval' *; img-src * data:; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; object-src *; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src *; font-src * 'self' data: https:;; connect-src * *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; report-uri /report-csp-violation 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.mikmak.ai *.swaven.com; object-src *; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.mikmak.ai *.swaven.com; img-src * 'self' *.mikmak.ai *.swaven.com *.static-swaven.com data: https:; ; media-src *; frame-src * *.mikmak.ai *.swaven.com; frame-ancestors 'self'; child-src *; font-src * 'self' *.mikmak.ai *.swaven.com *.static-swaven.com data: https:;; connect-src * *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.mikmak.ai *.swaven.com; report-uri /report-csp-violation 1
frame-ancestors 'self' control.motionpoint.com/ iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ https://www.next.si 1
default-src 'self' www.google.com wss://*.tawk.to *.tawk.to *.google-analytics.com *.googlesyndication.com *.doubleclick.net fonts.gstatic.com www.clarity.ms *.mouseflow.com *.facebook.net *.facebook.com *.soundestlink.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com app.toyboxsystems.com toybox-public.s3.amazonaws.com app.certainly.io *.dixa.io wss://sockets.dixa.io; frame-src 'self' automations.multishop.lt *.facebook.com *.hotjar.com *.youtube.com *.youtube-nocookie.com *.google.com app.certainly.io td.doubleclick.net; font-src 'self' embed.tawk.to fonts.gstatic.com; style-src 'unsafe-inline' 'self' www.googletagmanager.com embed.tawk.to cdnjs.cloudflare.com fonts.googleapis.com *.gstatic.com; img-src * data:; child-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' 'self' wt.omnisendlink.com cdn.jsdelivr.net embed.tawk.to cdnjs.cloudflare.com cdn.mouseflow.com omnisrc.com *.facebook.net *.google-analytics.com *.soundestlink.com *.googletagmanager.com *.googleadservices.com *.clarity.ms *.hotjar.com *.youtube.com *.youtube-nocookie.com googleads.g.doubleclick.net *.omnisend.com *.google.com *.manychat.com *.gstatic.com *.omnisnippet1.com omnisnippet1.com *.cloudfront.net app.toyboxsystems.com *.certainly.io widget.dixa.io cdn.polyfill.io;worker-src 'self'; 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-B0914A938F4C17D20C132D96DD508DE3' 'strict-dynamic'; style-src 'self' fonts.googleapis.com translate.googleapis.com 'nonce-B0914A938F4C17D20C132D96DD508DE3'; connect-src 'self' https: wss://dnpush.nl; img-src 'self' https: data:; font-src 'self' fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com; base-uri 'none'; media-src 'self'; report-uri https://www.novamora.be/API/Site/CspReport 1
report-uri https://thebeginningaftertheend.online 1
default-src 'none'; style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com https://*.googletagmanager.com 'unsafe-inline'; script-src 'self' 'nonce-3e21bff8c9b4a87f53c2a1dee64ff6ad' 'strict-dynamic' https://tagmanager.google.com https://*.googletagmanager.com blob:; frame-src 'self' https://consentcdn.cookiebot.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://www.facebook.com https://td.doubleclick.net; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; connect-src 'self' https://maps.googleapis.com https://consentcdn.cookiebot.com https://www.youtube.com https://www.facebook.com https://connect.facebook.net https://*.google-analytics.com https://*.analytics.google.com https://*.google.com https://*.googlesyndication.com https://px.ads.linkedin.com https://*.g.doubleclick.net https://analytics.google.com https://*.rdstation.com.br https://*.googletagmanager.com blob:; img-src 'self' https: data: blob:; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; form-action 'self' https://www.facebook.com 1
default-src 'none'; script-src 'self' seal.digicert.com ajax.googleapis.com googletagmanager.com static.hotjar.com; object-src 'self'; img-src 'self' data: seal.digicert.com *.dvtel.cl; style-src 'self' 'unsafe-inline'; font-src 'self' data:; base-uri 'self';  frame-ancestors 'none'; form-action 'self' *.dvtel.cl *.devetel.net; connect-src 'self'; frame-src 'self' https://www.recargaenlinea.cl 1
default-src blob: https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' https://www.cv.ee https://cv.ee; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'          kit.fontawesome.com www.googletagmanager.com placehold.it maps.googleapis.com cdn.jsdelivr.net          analytics.silktide.com www.google-analytics.com www.ouac.on.ca; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ *.meetanshi.com https://lpsolar.ourolux.com.br http://lpsolar.ourolux.com.br https://controled.ourolux.com.br https://meufinanciamentosolar.com.br http://cdn.mcauto-images-production.sendgrid.net https://app.powerbi.com https://homolog.meiosdepagamentobradesco.com.br/ https://meiosdepagamentobradesco.com.br/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com *.google.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.klarna.com *.paypal.com *.ytimg.com *.usercentrics.eu https://*.g.doubleclick.net https://*.google.com https://*.google.com.br http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.meetanshi.com https://*.gstatic.com https://*.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.lightemporium.com *.google.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.googletagmanager.com https://cdn.dnky.co http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.meetanshi.com https://unpkg.com/html5-qrcode https://go.botmaker.com https://storage.googleapis.com https://polyfill.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://d335luupugsy2.cloudfront.net/js/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.soundjay.com/buttons/beep-01a.mp3 https://storage.googleapis.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.comapi.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.paypal.com *.meetanshi.com https://go.botmaker.com wss://ws.botmaker.com https://stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://pageview-notify.rdstation.com.br/ https://popups.rdstation.com.br/ https://event-api.rdstation.com.br/v2/form_integrations *.cloudflare.com *.twitter.com *.twimg.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.trustisto.com  18.198.29.236 https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu *.livechatinc.com https://googleads.g.doubleclick.net https://www.googleadservices.com *.googlesyndication.com https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com data:; form-action 'self' https://*.trustisto.com  18.198.29.236 https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu *.livechatinc.com https://googleads.g.doubleclick.net https://www.googleadservices.com *.googlesyndication.com https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com; frame-ancestors 'self' 1
frame-ancestors 'self' outlet-tapet.pl www.outlet-tapet.pl fototapety.outlet-tapet.pl 1
default-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.daum.net *.daumcdn.net *.google-analytics.com https://*.akamaihd.net http://*.akamaihd.net http://*.facebook.net https://*.facebook.net http://*.facebook.com https://*.facebook.com http://*.goorm.io https://*.goorm.io;object-src 'self';img-src * data:;media-src 'self';frame-src 'self' http://*.facebook.net https://*.facebook.net http://*.facebook.com https://*.facebook.com;connect-src 'self' https://*.daum.net http://*.daum.net http://www.googleapis.com https://www.googleapis.com http://*.facebook.net https://*.facebook.net http://*.facebook.com https://*.facebook.com;style-src 'self' 'unsafe-inline' 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.transbank.cl *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.newrelic.com *.google.com *.doubleclick.net *.googleapis.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.retailrocket.net *.google.com *.google.com.ar *.facebook.com *.newrelic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net https://formfacade.com https://*.oxfordstore.cl *.zdassets.com *.zendesk.com https://maps.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.net *.facebook.com *.newrelic.com *.zdassets.com *.googletagmanager.com https://formfacade.com *.doubleclick.net *.cloudfront.net https://formfacade.firebaseio.com *.googleapis.com *.zendesk.com *.retailrocket.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.avada.io *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.retailrocket.net *.newrelic.com https://formfacade.com *.googleapis.com unsafe-inline *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.net *.facebook.com *.newrelic.com *.zendesk.com *.zdassets.com wss://widget-mediator.zopim.com https://zendesk-eu.my.sentry.io *.google.com *.doubleclick.net *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net https://formfacade.firebaseio.com wss://pod-19.zendesk.com *.googleapis.com *.retailrocket.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' www.oxworks.com.au 1
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' www.oportunidades.com.co pagoalafija.com; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; base-uri 'none'; frame-ancestors 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net cdn.sucuri.net maxcdn.bootstrapcdn.com; frame-src 'self' *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com; object-src 'self' 1
base-uri 'self' https://passeport-voyance.com https://*.google.com https://*.google.com http://e.tlmq.fr https://*.tlmq.fr https://*.news-voyance.com https://*.addtoany.com; child-src 'self' https://passeport-voyance.com https://*.google.com http://e.tlmq.fr https://*.tlmq.fr https://*.voyance.fr https://*.news-voyance.com http://*.addthis.com https://*.addthisedge.com https://www.google-analytics.com https://lesfameusesvideos.com https://*.amazon-adsystem.com https://*.amazon.com https://*.goracash.com https://*.addtoany.com; object-src 'self' https://passeport-voyance.com https://*.google.com http://e.tlmq.fr https://*.tlmq.fr https://*.voyance.fr https://*.news-voyance.com http://*.addthis.com https://*.addthisedge.com https://www.google-analytics.com https://lesfameusesvideos.com https://*.amazon-adsystem.com https://*.amazon.com https://*.goracash.com https://*.addtoany.com; form-action https://passeport-voyance.com https://*.google.com https://*.news-voyance.com https://*.addtoany.com; style-src 'self' 'unsafe-inline'; font-src 'self'; 1
default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io  https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'  https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com  http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self';  manifest-src 'self' 1
default-src 'self'; style-src 'self' fonts.googleapis.com;connect-src 'self' *.google-analytics.com *.analytics.google.com; font-src 'self' fonts.gstatic.com;script-src www.googletagmanager.com 'self' 'unsafe-hashes' 'sha256-CVnWUJnIQer8+8rvXe/A06wfINuig8T1rU+YL2O3yXE=' 'sha256-nNExX8dGhf3ce7nlLMW210YbT1+ATSaoMpg5lf/l+Ng=' 'sha256-2NFxeQtuY6aHqwG89JOCTZxsk+Ot4hJfyz76XUuVp4A=' 'sha256-ys3k0lFIaNOl48X5ACWobmbJyY9se3jhKcFx6hBc60I=' 'sha256-1jAmyYXcRq6zFldLe/GCgIDJBiOONdXjTLgEFMDnDSM=' 'sha256-duEuDgO6dofRmdKFscJEDOUc5CQs7gp/g3RqAdaW0A8=';frame-ancestors 'self'; img-src 'self' *.google-analytics.com *.analytics.google.com; 1
default-src 'self'; frame-ancestors 'none'; frame-src 'self' td.doubleclick.net www.google.com cdn.embedly.com forms.hsforms.com *.youtube.com; img-src 'self' https: data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: ams.wpml.org fast.wistia.com beacon-v2.helpscout.net yoast.com d3e54v103j8qbb.cloudfront.net www.googleadservices.com *.googletagmanager.com platform.twitter.com analytics.tiktok.com www.google.com ajax.googleapis.com *.google-analytics.com www.gstatic.com googleads.g.doubleclick.net connect.facebook.net calendly.com *.calendly.com widget.intercom.io js.hscollectedforms.net js.hsforms.net js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com js.hs-banner.com js.intercomcdn.com static.ads-twitter.com; connect-src 'self' d3hb14vkzrxvla.cloudfront.net ams.wpml.org *.wistia.com yoast.com *.yoast.com analytics.pangle-ads.com ads-api.twitter.com analytics.tiktok.com www.facebook.com analytics.google.com *.google-analytics.com adservice.google.com region1.analytics.google.com google.com www.google.com www.google.co.in www.google.com.hk www.google.com.my www.google.com.ph www.google.com.sg stats.g.doubleclick.net wss://nexus-websocket-a.intercom.io api.hubapi.com *.hscollectedforms.net forms.hsforms.com api-iam.intercom.io; font-src 'self' data: fonts.gstatic.com fonts.intercomcdn.com; style-src 'self' 'unsafe-inline' ams.wpml.org fast.wistia.com fonts.googleapis.com calendly.com *.calendly.com; report-uri https://13117d842de556e9350369ee5e8b77cb.report-uri.com/r/t/csp/enforce; report-to default 1
base-uri https://*.pchome.co.th; 1
frame-ancestors 'self'; default-src 'unsafe-inline' 'self';script-src 'unsafe-inline' 'unsafe-eval' https:;connect-src https: wss:;img-src https: data:;frame-src https:;style-src 'unsafe-inline' https:;object-src https:;media-src https:; 1
upgrade-insecure-requests; report-uri https://peak-workout.com/il_reporturi.php?from=csp; report-to csp_endpoint 1
font-src *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.typekit.net *.twimg.com *.trustedshops.com *.bootstrapcdn.com https://connect.podium.com https://sync.taboola.com https://image2.pubmatic.com *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.twitter.com *.facebook.com *.payu.in 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com https://www.affirm.com api.razorpay.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com *.meetanshi.com https://meetanshi.com/media/logo.png https://api.mapbox.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com https://assets.podium.com http://www.shopperapproved.com https://event.webcollage.net https://event.syndigo.cloud https://content.syndigo.com https://sync.taboola.com https://image2.pubmatic.com *.tawk.to cdn.razorpay.com *.z1.web.core.windows.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.googleapis.com *.meetanshi.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.adobed.com *.tawk.to *.jsdelivr.net *.cloudflare.com *.payu.in *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net http://connect.facebook.net *.paypalobjects.com https://chimpstatic.com *.googletagmanager.com https://s.adroll.com http://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com http://a.mailmunch.co *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://connect.podium.com https://stats.g.doubleclick.net http://www.shopperapproved.com https://ajax.googleapis.com https://seal.geotrust.com https://scontent.webcollage.net https://syndi.webcollage.net https://content.syndigo.com https://cdn1.affirm.com https://sync.taboola.com https://image2.pubmatic.com checkout.razorpay.com https://www.googletagmanager.com tagmanager.google.com *.chimpstatic.com *.adobedtm.com *.doubleclick.net *.cardinalcommerce.com *.ccdc02.com *.ytimg.com *.vimeo.com *.addthis.co *.braintreegateway.com *.haptikapi.com *.interakt.ai 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.gstatic.com unsafe-inline *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.tawk.to *.cardinalcommerce.com *.podium.com *.mailmunch.co *.taboola.com *.pubmatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ *.googleapis.com *.gstatic.com *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com wss://*.tawk.to *.cloudflare.com *.twitter.com *.twimg.com *.google.com *.google.co.in *.facebook.com http://forms.mailmunch.co https://mind-flayer.podium.com http://a.mailmunch.co https://stats.g.doubleclick.net https://d.adroll.com https://www.affirm.com https://tracker.affirm.com https://content.syndigo.com *.tawk.to *.demdex.net *.omtrdc.net *.google-analytics.com *.googleadservices.com https://sync.taboola.com https://image2.pubmatic.com autocomplete2.postdirekt.de lumberjack.razorpay.com lumberjack-metrics.razorpay.com https://www.google-analytics.com *.payu.in *.cardinalcommerce.com *.googletagmanager.com *.braintreegateway.com *.youtube.com *.vimeocdn.com *.vimeo.com *.ytimg.com *.paypalobjects.com *.ccdc02.com *.doubleclick.net *.adobe.com *.chimpstatic.com *.adobedtm.com *.interakt.ai 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';, upgrade-insecure-requests; 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' https://tel.search.ch app.pepsimmo.ch https://*.google-analytics.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' app.pepsimmo.ch; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data: app.pepsimmo.ch; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://www.googletagmanager.com https://code.jquery.com https://connect.facebook.net https://www.google-analytics.com https://unpkg.com https://cdn.datatables.net https://cdn.jsdelivr.net https://ajax.googleapis.com https://www.google.com kit.fontawesome.com https://vee-crm.com/js/ https://cdn.glassix.com/clients/widget.1.2.min.js googleads.g.doubleclick.net; 1
base-uri 'self';child-src 'self' * data:;connect-src 'self' * data:;default-src 'self';font-src * data:;form-action 'self' https://credit.j-payment.co.jp https://access.line.me;frame-src * data:;frame-ancestors 'self' https://pictsquare.net;media-src * data:;img-src * data: blob:;object-src 'none';script-src 'self' 'strict-dynamic' https://pagead2.googlesyndication.com https://www.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://www.gstatic.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://token.ccps.jp https://widget.univapay.com https://securepubads.g.doubleclick.net https://kit.fontawesome.com https://tpc.googlesyndication.com https://platform.twitter.com https://browser.sentry-cdn.com https://ajaxzip3.github.io 'nonce-0vDYP5jU5Dw8LiG1Eeymzw==';script-src-elem 'self' 'strict-dynamic' https://pagead2.googlesyndication.com https://www.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://www.gstatic.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://token.ccps.jp https://widget.univapay.com https://securepubads.g.doubleclick.net https://kit.fontawesome.com https://tpc.googlesyndication.com https://platform.twitter.com https://browser.sentry-cdn.com https://ajaxzip3.github.io 'nonce-0vDYP5jU5Dw8LiG1Eeymzw==';script-src-attr 'unsafe-inline';style-src 'self' * data: 'unsafe-inline';worker-src blob:;report-uri /csp_reports/report; 1
frame-ancestors 'none', upgrade-insecure-requests 1
connect-src 'self' https://testrio.pinaronline.com https://mp-test-sdk.masterpassturkiye.com https://*.useinsider.com https://*.api.useinsider.com wss://*.useinsider.com *; font-src 'self' 'unsafe-eval' 'unsafe-inline' *.hotjar.com https://testrio.pinaronline.com *.useinsider.com *.api.useinsider.com https://fonts.gstatic.com font.static.useinsider.com data:; frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://testrio.pinaronline.com https://mp-test-sdk.masterpassturkiye.com *.useinsider.com *.api.useinsider.com *; img-src 'self' 'unsafe-eval' 'unsafe-inline' *.yahoo.net https://e1.emxdgt.com https://api.b2b.retter.io https://testrio.pinaronline.com https://mp-test-sdk.masterpassturkiye.com *.useinsider.com *.api.useinsider.com https://api.pinar.retter.io https://*.cloudfront.net *.mircate.com *.api.mircate.com https://api.b2btest.retter.io https://matching.ivitrack.com https://optimize.google.com https://us-u.openx.net https://beacon.krxd.net https://s.thebrighttag.com https://*.smartclip.net https://*.yieldmo.com https://dpm.demdex.net public-prod-dspcookiematching.dmxleo.com exchange.mediavine.com rtb.mfadsrvr.com https://grand-eye-340909.ue.r.appspot.com log.api.useinsider.com pixel-sync.sitescout.com assets.api.useinsider.com eitri.api.useinsider.com pinar.inone.useinsider.com www.facebook.com https://www.googleadservices.com https://googleads.g.doubleclick.net www.googletagmanager.com www.google.com www.google.com.tr https://www.google-analytics.com *.doubleclick.net doubleclick.net https://www.googletagmanager.com https://core-internal.rtbs.io https://core.rtbs.io https://sync.outbrain.com https://pixel.rubiconproject.com https://cw.addthis.com https://pixel.tapad.com https://trends.revcontent.com https://criteo-sync.teads.tv https://sync-t1.taboola.com https://ads.yahoo.com https://ups.analytics.yahoo.com https://simage2.pubmatic.com https://s.ad.smaato.net https://gum.criteo.com https://adx.dable.io https://x.bidswitch.net https://cm.meba.kr https://secure.adnxs.com https://ib.adnxs.com https://rtb-csync.smartadserver.com https://sp.analytics.yahoo.com https://ad.tpmn.co.kr https://tg.socdm.com https://adgen.socdm.com https://cs.adingo.jp https://eb2.3lift.com https://contextual.media.net https://sync.ad-stir.com https://secure.adnxs.com https://secure.adnxs.com https://r.casalemedia.com https://ad.as.amanad.adtdp.com https://ad.360yield.com https://ih.adscale.de https://match.sharethrough.com https://match.sharethrough.com https://idsync.rlcdn.com https://dis.criteo.com https://dis.criteo.com https://d.turn.com https://partner.mediawallahscript.com https://i.liadm.com https://pixel.advertising.com https://i6.liadm.com https://jadserve.postrelease.com https://sbm.nate.com https://cotads.adscale.de https://sync.taboola.com https://idsync.admixer.co.kr https://cm.adform.net https://t.adx.opera.com https://aax-eu.amazon-adsystem.com https://sync.1rx.io https://ums.acuityplatform.com https://cm-exchange.toast.com https://id5-sync.com https://sync.srv.stackadapt.com https://smaatocm.digitaleast.mobi https://sync.crwdcntrl.net https://token.rubiconproject.com https://sync.aralego.com https://pr-bh.ybp.yahoo.com https://match.adsrvr.org https://criteo-partners.tremorhub.com https://visitor.omnitagjs.com https://fksnk.com https://gu.dyntrk.com https://s.c.appier.net https://ad.yieldlab.net https://ad.yieldlab.net https://image8.pubmatic.com https://c1.adform.net https://www.google.nl region1.google-analytics.com region1.analytics.google.com https://sync.targeting.unrulymedia.com https://uipglob.semasio.net https://se.semasio.net data: blob:; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://testrio.pinaronline.com https://mp-test-sdk.masterpassturkiye.com *.useinsider.com *.api.useinsider.com *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://testrio.pinaronline.com https://mp-test-sdk.masterpassturkiye.com *.useinsider.com *.api.useinsider.com https://*.masterpassturkiye.com https://test.masterpassturkiye.com/MasterpassJsonServerHandler/v2 https://js.go2sdk.com *.enhencer.com https://optimize.google.com https://www.googleanalytics.com https://www.googleoptimize.com https://grand-eye-340909.ue.r.appspot.com www.gstatic.com *.cloudflare.com http://www.googleadservices.com facebook.net *.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com *.jquery.com https://unpkg.com *.doubleclick.net doubleclick.net useinsider.com assets.api.useinsider.com eitri.api.useinsider.com pinar.inone.useinsider.com api.pinar.retter.io https://facebook.com www.googletagmanager.com *.criteo.net *.criteo.com *.hotjar.com 'nonce-MzYyM2E2ZmMtNGIzYS00YWExLTkxYzgtZjM4MTllNWQxOWEw'; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.enhencer.com *.criteo.com *.criteo.net https://vercel.live https://apis.google.com https://testrio.pinaronline.com https://mp-test-sdk.masterpassturkiye.com *.useinsider.com *.api.useinsider.com www.gstatic.com www.google.com fonts.gstatic.com cdnjs.cloudflare.com www.googleoptimize.com www.googletagmanager.com www.google-analytics.com js.go2sdk.com static.hotjar.com connect.facebook.net googleads.g.doubleclick.net unpkg.com script.hotjar.com https://www.googleadservices.com https://cdn.segmentify.com; worker-src 'self' 'unsafe-eval' 'unsafe-inline' https://testrio.pinaronline.com *.useinsider.com *.api.useinsider.com * blob:; object-src 'self' 'unsafe-eval' 'unsafe-inline' https://testrio.pinaronline.com *.useinsider.com *.api.useinsider.com; default-src 'unsafe-eval' https://mp-test-sdk.masterpassturkiye.com https://testrio.pinaronline.com https://web-pinar-online.vercel.app https://*.googleapis.com *.cloudflare.com *.cloudfront.net *.criteo.net *.criteo.com *.hotjar.com http://www.googleadservices.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com *.doubleclick.net doubleclick.net https://facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net 'self' https://*.api.useinsider.com https://*.useinsider.com assets.api.useinsider.com eitri.api.useinsider.com pinar.inone.useinsider.com api.pinar.retter.io https://core-internal.rtbs.io https://core.rtbs.io https://*.masterpassturkiye.com 'nonce-MzYyM2E2ZmMtNGIzYS00YWExLTkxYzgtZjM4MTllNWQxOWEw' https://www.googletagmanager.com; base-uri 'self'; form-action 'self' https://sanalposprovtest.garantibbva.com.tr https://sanalposprov.garanti.com.tr; block-all-mixed-content; upgrade-insecure-requests; 1
base-uri 'self';connect-src 'self';default-src 'self';form-action 'self';img-src 'self' https://www.facebook.com https://fbcdn.net;media-src 'self';object-src 'none';script-src 'self' 'nonce-t9y1wAfSOI8DWg6Kt2nNOilpCixKfYp4' https://connect.facebook.net;style-src 'self' 'nonce-t9y1wAfSOI8DWg6Kt2nNOilpCixKfYp4';frame-src 'self' https://www.facebook.com https://web.facebook.com/;font-src 'self' https://fonts.gstatic.com 1
object-src data: 'unsafe-eval' 1
default-src 'self'; img-src 'self' 'unsafe-inline' data: *.fbcdn.net https://*.cdninstagram.com https://*.chitika.net https://www.google.com.ua https://www.googletagmanager.com https://mc.yandex.ru https://cdn.jsdelivr.net https://www.google.com https://*.wlmediahub.com https://*.imlmediahub.com https://cdn.wdrimg.com https://*.twitter.com https://*.facebook.com https://*.imgur.com https://pixel.wp.com  https://*.sharethis.com https://*.giphy.com https://*.gravatar.com https://*.google-analytics.com https://*.doubleclick.net https://s.w.org https://wordpress.org https://ps.w.org data:; font-src data: 'self' https://s0.wp.com https://cdn.wdrimg.com https://*.bootstrapcdn.com wordpress.com https://*.gstatic.com; object-src 'none'; script-src 'self' https://*.chitika.net https://cdn.taboola.com https://mc.yandex.ru https://cdn.ampproject.org https://cdn.jsdelivr.net https://*.pinterest.com https://*.googletagmanager.com https://*.cloudflare.com https://cdn.wdrimg.com https://*.facebook.com https://*.addthis.com  https://*.addthisedge.com https://*.wp.com https://*.gravatar.com https://*.googleapis.com https://*.facebook.net https://*.pinterest.com https://*.twitter.com https://www.google-analytics.com https://*.google.com https://*.sharethis.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'  https://s0.wp.com https://cdn.jsdelivr.net https://cdn.wdrimg.com https://*.gravatar.com https://*.bootstrapcdn.com https://cdn-images.mailchimp.com https://fonts.googleapis.com https://ws.sharethis.com; connect-src 'self'  https://www.instagram.com/ https://*.addthisedge.com https://*.addthis.com https://*.facebook.com https://l.sharethis.com wss://kittpress.com https://mc.yandex.ru; child-src 'self'; frame-src https: gstatic.com 1
default-src blob: data: 'self' tvpuls.pl *.tvpuls.pl puls2.pl *.puls2.pl *.streamlock.net npmcdn.com vjs.zencdn.net cdn.jsdelivr.net fonts.gstatic.com googleapis.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.google.com *.google.pl *.ckeditor.com *.jquery.com cdn-cookieyes.com *.googletagmanager.com *.s73cloud.com 'unsafe-inline' 'unsafe-eval' 1
connect-src 'self' *.google.com *.google-analytics.com *.disqus.com disqus.com *.disquscdn.com *.addthis.com *.gstatic.com *.googlesyndication.com *.doubleclick.net *.rlcdn.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.addtoany.com https://www.googletagmanager.com https://cdn.cookielaw.org https://www.google-analytics.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googleadservices.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com; img-src 'self' data: *.cdninstagram.com secure.gravatar.com https://cdn.cookielaw.org https://www.google.com https://www.google.pl https://www.facebook.com https://www.googletagmanager.com; frame-src https://static.addtoany.com https://www.youtube.com https://td.doubleclick.net https://open.spotify.com; worker-src 'self' blob:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://cdn.cookielaw.org https://www.google.com https://region1.google-analytics.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net; 1
default-src 'self' 'unsafe-inline' https://www.google.com/ https://www.google.com/recaptcha/ https://www.google.com/recaptcha/api.js https://maps.gstatic.com https://maps.googleapis.com https://www.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com http://fonts.gstatic.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com  http://fonts.googleapis.com http://fonts.gstatic.com; script-src-elem 'self' 'nonce-2726c7f26c' https://www.google.com; img-src 'self' data: https://maps.googleapis.com https://maps.gstatic.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.google.com *.twitter.com *.instagram.com *.pinterest.com *.addthis.com *.iyzipay.com *.youtube-nocookie.com *.youtube.com *.googletagmanager.com *.doubleclick.net *.robo90.com *.gstatic.com *.paytr.com *.bkm.com.tr *.helorobo.com *.hotjar.com *.googleadservices.com *.yandex.com *.bing.com ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.google.com *.twitter.com *.instagram.com *.pinterest.com *.addthis.com *.iyzipay.com *.youtube-nocookie.com *.youtube.com *.googletagmanager.com *.doubleclick.net *.robo90.com *.gstatic.com *.paytr.com *.bkm.com.tr *.helorobo.com *.hotjar.com *.googleadservices.com *.yandex.com *.bing.com ; frame-ancestors *; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'nonce-Qs8/GWKzny5BHMfrhMD+Cw=='; img-src 'self' https://espmstorage.blob.core.windows.net/espm/; object-src 'none'; base-uri 'self' 1
frame-ancestors 'none'; default-src 'none'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self' data:; media-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; 1
base-uri 'self' 'unsafe-inline' 1
default-src 'self'; font-src *;img-src * data:; script-src * 'unsafe-inline'; style-src * 'unsafe-inline' 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' sarthac.gov.in 10.3.0.45 127.0.0.1 localhost www.google.com www.youtube.com 10.244.91.80 172.25.142.93 ; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src *; 1
frame-ancestors 'self' *.groupcall.com *.teachers2parents.co.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval'  js.stripe.com accounts.google.com *.google-analytics.com *.gstatic.com az416426.vo.msecnd.net www.google.com secure.aadcdn.microsoftonline-p.com dc.services.visualstudio.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.gstatic.com fonts.googleapis.com; worker-src 'self' blob:; 1
script-src ‘self’; style-src ‘self’; https://segomega.com https://connect.facebook.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://googletagmanager.com https://analytics.gekoestudio.net https://google-analytics.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://segomega.com https://api.colaboradores.segomega.com; 1
font-src * 'unsafe-inline'; style-src * 'unsafe-inline'; 1
frame-src data: https://*.nibw.es/ https://api.paycomet.com https://js.stripe.com https://www.google.com https://www.youtube.com https://www.facebook.com https://consentcdn.cookiebot.com/ https://*.hotjar.com https://app.mailjet.com https://pwebnibw.avant2.es/ https://pwebsegurosdvida.avant2.es/ https://llamamegratis.es/ https://*.paypal.com/ https://app.signaturit.com https://sign-app.signaturit.com/ https://form.typeform.com/ https://forms.office.com/ https://share-eu1.hsforms.com/ https://docs.google.com/ https://spg.qly.site1.sibs.pt https://td.doubleclick.net/ 1
default-src 'self' segurosargos.com *.segurosargos.com; script-src https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://www.amcharts.com/  https://www.paypal.com/ https://http2.mlstatic.com/ https://sdk.mercadopago.com/ https://api.mercadopago.com/  https://www.gstatic.com https://www.google.com https://code.highcharts.com/ segurosargos.com *.segurosargos.com https://code.jquery.com/ https://maps.googleapis.com/ https://www.youtube.com https://ajax.googleapis.com  'unsafe-inline' https://cdn.ckeditor.com 'unsafe-eval' saludargos.com *.saludargos.com http://maps.google.com https://sealserver.trustwave.com/; style-src https://cdnjs.cloudflare.com/ segurosargos.com *.segurosargos.com https://fonts.googleapis.com 'unsafe-inline' saludargos.com *.saludargos.com *.argoscapacita.com; style-src-elem https://cdnjs.cloudflare.com/  https://fonts.googleapis.com 'unsafe-inline' segurosargos.com *.segurosargos.com saludargos.com *.saludargos.com http://www.saludargos.com *.argoscapacita.com ;font-src https://cdnjs.cloudflare.com/  segurosargos.com *.segurosargos.com https://fonts.gstatic.com/ saludargos.com *.saludargos.com; connect-src https://analytics.google.com/  https://www.sandbox.paypal.com/ https://maps.googleapis.com/ segurosargos.com *.segurosargos.com http://www.segurosargos.com https://api.mercadopago.com/ https://www.mercadolibre.com/ https://events.mercadopago.com/ https://api.mercadolibre.com; img-src * data:; frame-src https://www.youtube.com segurosargos.com *.segurosargos.com saludargos.com *.saludargos.com https://www.google.com/ https://www.mercadopago.com/ https://mercadopago.com.mx/ https://www.mercadolibre.com/ https://www.mercadopago.com.mx/ https://www.sandbox.paypal.com https://www.vidago.mx/ https://www.argoscapacita.com ; frame-ancestors 'self' https://www.vidago.mx/ https://www.argoscapacita.com;  media-src https://www.argoscapacita.com 1
object-src 'none';frame-ancestors 'self' *; 1
default-src 'self' 'unsafe-inline' *.google-analytics.com *.apis.google.com *.googletagmanager.com *.analytics.google.com *.opencartgpt.com *.td.doubleclick.net data:; connect-src 'self' 'unsafe-inline' https://analytics.google.com https://opencartgpt.com *.doubleclick.net; frame-src 'self' 'unsafe-inline' *.youtube.com; img-src 'self' 'unsafe-inline' https://static.sergetkach.com https://www.google.com.ua https://img.youtube.com/ data:; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com *.cloudflare.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com *.cloudflare.com; script-src-elem 'self' 'unsafe-inline' https://ajax.googleapis.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://ucarecdn.com 1
default-src 'self' www.sherwin.com.ar www.sherwin.com.mx www.google.com www.youtube.com 10153588.fls.doubleclick.net td.doubleclick.net; script-src 'self' www.youtube.com www.google.com www.gstatic.com cdnjs.cloudflare.com maps.googleapis.com code.jquery.com cdn.jsdelivr.net fonts.googleapis.com prism.sherwin-williams.com www.googletagmanager.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval' blob:; font-src 'self' fonts.googleapis.com fonts.gstatic.com use.fontawesome.com res.cdn.office.net data:; connect-src 'self' blob: eu2.device-api.indigitall.com maps.googleapis.com prism.sherwin-williams.com sherwin.scene7.com api.sherwin-williams.com analytics.google.com www.google-analytics.com stats.g.doubleclick.net; img-src 'self' blob: maps.googleapis.com ad.doubleclick.net i.ytimg.com maps.gstatic.com www.google.com.co prism.sherwin-williams.com cdnjs.cloudflare.com sherwin.scene7.com www.sherwin.com.mx www.googletagmanager.com www.google-analytics.com secure.gravatar.com www.sherwin.com.ar a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org data:; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com prism.sherwin-williams.com fonts.googleapis.com use.fontawesome.com 'unsafe-inline'; base-uri 'self';form-action 'self'; 1
default-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://www.gstatic.com/recaptcha https://www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/  ; script-src  'self' 'unsafe-inline' 'unsafe-eval' https://kit.fontawesome.com/ https://unpkg.com/ https://translate.google.com/ https://translate.googleapis.com/ https://www.google-analytics.com https://www.googletagmanager.com https://*.facebook.net *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/  https://www.googletagmanager.com https://platform.twitter.com https://connect.facebook.net https://bat.bing.com https://www.google-analytics.com  https://fonts.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com https://fonts.googleapis.com; img-src 'self' https://www.gstatic.com/ https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://www.google.co.in www.facebook.com www.google.com *.google.com https://www.google.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; media-src 'self' data: blob:; frame-src https://www.google.com ; font-src 'self' https://fonts.gstatic.com; object-src 'none' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' * tag.wknd.ai assets.bounceexchange.com api.bounceexchange.com dev.bounceexchange.com dash-staging.bounceexchange.com https://cdn.gbqofs.com/ https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com;  style-src * 'self' 'unsafe-inline' assets.bounceexchange.com;  img-src * 'self' blob: data: assets.bounceexchange.com events.bouncex.net;  font-src * 'self' data: assets.bounceexchange.com;   child-src assets.bounceexchange.com;   worker-src * 'self' blob: assets.bounceexchange.com;   frame-src * 'self' assets.bounceexchange.com dash-staging.bounceexchange.com;  form-action * 'self' api.bounceexchange.com dev.bounceexchange.com;  connect-src * 'self' events.bouncex.net coupons.bounceexchange.com *.cdnwidget.com *.cdnbasket.net; 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.doubleclick.net *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.com.vn *.google-analytics.com *.googletagmanager.com *.facebook.com *.shondo.vn data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.facebook.com *.facebook.net *.crazyegg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io *.crazyegg.com *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://shondo.vn/; report-to report-endpoint; 1
frame-ancestors https://*.shortlyst.com https://*.shopalyst.com https://shop-id-molto.com https://shop-id-molto.com/; 1
frame-ancestors https://*.shortlyst.com https://*.shopalyst.com https://www.maggi.in https://shop-in-maggi.com/; 1
upgrade-insecure-requests; block-all-mixed-content; object-src 'none' 1
default-src 'self' data: gap: http://www.youtube.com/ https://shopping-guararapes.chat.blip.ai https://www.google.com https://www.google-analytics.com https://www.youtube.com https://www.youtube-nocookie.com https://youtu.be ingresso-a.akamaihd.net cdn.privacytools.com.br https://www.gstatic.com/ ajax.googleapis.com https://www.googletagmanager.com cdn.privacytools.com.br https://tagmanager.google.com 'unsafe-eval' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://js-cdn.dynatrace.com https://shopping-guararapes.chat.blip.ai https://www.google.com https://www.gstatic.com/ ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com cdn.privacytools.com.br https://tagmanager.google.com https://cdn.privacytools.com.br https://unpkg.com https://www.youtube.com https://youtu.be https://www.youtube-nocookie.com 'unsafe-eval'; img-src 'self' https://www.google-analytics.com ingresso-a.akamaihd.net https://unpkg.com https://www.youtube.com https://youtu.be https://i.ytimg.com https://cdn.privacytools.com.br; font-src 'self' fonts.gstatic.com 1
default-src 'self'; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; form-action 'self'; frame-ancestors 'none'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; style-src 'self' https://db.onlinewebfonts.com https://fonts.googleapis.com https://use.fontawesome.com https://tagmanager.google.com; script-src 'self' https://db.onlinewebfonts.com https://fonts.googleapis.com https://fonts.gstatic.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://cdn.jsdelivr.net https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://*.googletagmanager.com; font-src 'self' https://fonts.gstatic.com https://db.onlinewebfonts.com https://use.fontawesome.com; img-src 'self' https://www.gravatar.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com 1
default-src 'self' 'unsafe-inline'; script-src 'report-sample' 'self' 'unsafe-inline'  https://a09.in/chatbot/web-bot/assets/js/widget.js https://cdn.jsdelivr.net/npm/bootstrap@5.1.1/dist/js/bootstrap.bundle.min.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10966530536/ https://script.google.com https://s3.tradingview.com/external-embedding/embed-widget-single-quote.js https://www.google-analytics.com/analytics.js https://www.googleadservices.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.gstatic.com http://www.siyaram.com ; style-src 'report-sample' 'self' 'unsafe-inline' http://www.siyaram.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com; script-src-elem 'self' 'unsafe-inline' https://connect.facebook.net/en_US/fbevents.js https://script.google.com https://a09.in/chatbot/web-bot/assets/js/widget.js https://cdn.jsdelivr.net/npm/bootstrap@5.1.1/dist/js/bootstrap.bundle.min.js https://cdn.jsdelivr.net/npm/@fancyapps/fancybox@3.5.6/dist/jquery.fancybox.min.js https://s3.tradingview.com/external-embedding/embed-widget-single-quote.js https://www.googletagmanager.com/gtm.js https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com/gtag/js https://googleads.g.doubleclick.net https://www.googleadservices.com/pagead/conversion/10966530536/ http://www.siyaram.com https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.4/jquery.min.js https://connect.facebook.net https://www.youtube.com https://www.clarity.ms; frame-src 'self' 'unsafe-inline' https://www.youtube.com https://www.google.com/ https://s.tradingview.com https://a09.in/ https://www.tradingview-widget.com https://www.tradingview.com https://www.youtube-nocookie.com; img-src 'self' 'unsafe-inline' https://www.siyaram.com/ https://a09.in https://googleads.g.doubleclick.net https://siyaram-images.s3.ap-south-1.amazonaws.com https://www.google.co.in https://www.google.com http://www.siyaram.com https://www.google-analytics.com https://www.facebook.com https://www.googletagmanager.com https://img.youtube.com http://img.youtube.com https://q.clarity.ms https://c.clarity.ms https://c.bing.com; connect-src 'self' https://www.google-analytics.com https://script.google.com https://stats.g.doubleclick.net https://www.facebook.com https://q.clarity.ms; manifest-src 'self'; media-src 'self' 'unsafe-inline'; worker-src 'none'; 1
frame-ancestors 'self' https://www.sky137.com http://*.sky137.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' skytechsolutions.com.br *.skytechsolutions.com.br skytechsolutions.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com gstatic.com youtube.com skytechsolutions.checkout.fbits.store cdn.octadesk.com *.octadesk.com googleads.g.doubleclick.net *.g.doubleclick.net clarity.ms *.clarity.ms *.youtube.com *.braintree-api.com *.*.braintree-api.com *.braintreegateway.com *.*.braintreegateway.com td.doubleclick.net *.doubleclick.net connect.facebook.net *.facebook.net adservice.google.com *.google.com *.pagseguro.com.br *.*.pagseguro.com.br googleadservices.com *.googleadservices.com google.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.skytechsolutions.com.br skytechsolutions.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
default-src 'self'; script-src 'strict-dynamic' 'nonce-9N9xHNtMbnpcW1WdEbv5qeu72UnITcIENtoiT/EgyYo=' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.skywareinventory.com; font-src 'self' https:; img-src 'self' http: https: blob: data:; media-src 'self' https://cdn.skywareinventory.com; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; frame-src 'self' https://www.google.com https://js.stripe.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com; connect-src 'self' https://pagead2.googlesyndication.com https://fundingchoicesmessages.google.com https://www.google-analytics.com ws: wss:; 1
report-uri https://csp.uel.wildapricot.com/report; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.appointlet.com *.appointletcdn.com *.aptrinsic.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.ecomm.events *.ecwid.com *.elev.io *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.mcjobboard.net *.mybillsystem.com *.newrelic.com *.nr-data.net *.pagespeed-mod.com *.paypal.com *.termly.io *.twitter.com *.typekit.net *.uservoice.com *.wildapricot.com *.youtube.com *.zdassets.com *.zendesk.com *.zopim.com caas-sf.wildapricot.org live-sf.wildapricot.org maps.googleapis.com onlinestore-prod-digital-products.s3.amazonaws.com sf.wildapricot.org vimeo.com widget-mediator.zopim.com wss://widget-mediator.zopim.com/ connect.facebook.net facebook.com google.com maralo.ru platform.twitter.com syndication.twitter.com;   img-src * data: blob:;   media-src * blob:;   font-src * https://*.aptrinsic.com data:;  1
default-src 'self' localhost calendar.linux.greekgeeks.com smileacadimos.blob.core.windows.net cdn.syncfusion.com *.google-analytics.com *.google.com *.google.gr *.googletagmanager.com *.smileacadimos.gr smileacadimos.azurewebsites.net https://cdn.webhotelier.net *.filostravel.gr *.zeustravel.gr http://wl.filostravel.gr http://www.beleonb2b.com *.beleonb2b.com http://www.beleonb2b.com:82 *.onetourismo.com *.moosend.com; script-src www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js localhost maps.googleapis.com ajax.googleapis.com www.gstatic.com *.googleadservices.com *.doubleclick.net https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com calendar.linux.greekgeeks.com cdn.syncfusion.com kit.fontawesome.com kit-free.fontawesome.com *.googletagmanager.com *.smileacadimos.gr smileacadimos.azurewebsites.net data: *.hotjar.com https://cdn.livechatinc.com https://api.livechatinc.com *.moosend.com https://*.analytics.google.com https://*.hotjar.io https://*.livechatinc.com cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api cdn.ampproject.org; style-src netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com fonts.googleapis.com stackpath.bootstrapcdn.com cdn.syncfusion.com kit.fontawesome.com kit-free.fontawesome.com *.smileacadimos.gr smileacadimos.azurewebsites.net *.moosend.com 'self' 'unsafe-inline' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; img-src platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: smileacadimos.blob.core.windows.net maps.gstatic.com maps.googleapis.com *.google-analytics.com *.doubleclick.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com *.google.com *.google.gr *.smileacadimos.gr smileacadimos.azurewebsites.net https://cdn.webhotelier.net *.filostravel.gr *.zeustravel.gr *.onetourismo.com http://wl.filostravel.gr http://www.beleonb2b.com *.beleonb2b.com http://www.beleonb2b.com:82 *.worldota.net 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: kit.fontawesome.com kit-free.fontawesome.com *.smileacadimos.gr smileacadimos.azurewebsites.net *.livechatinc.com; connect-src accounts.google.com *.google-analytics.com *.mktoresp.com localhost calendar.linux.greekgeeks.com smileacadimos.blob.core.windows.net *.smileacadimos.gr smileacadimos.azurewebsites.net *.facebook.com https://stats.g.doubleclick.net https://autocomplete-v3.onetourismo.com https://maps.googleapis.com *.hotjar.com *.onetourismo.com *.moosend.com https://*.analytics.google.com https://*.hotjar.io https://*.livechatinc.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: smileacadimos.blob.core.windows.net *.smileacadimos.gr smileacadimos.azurewebsites.net; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com www.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com localhost calendar.linux.greekgeeks.com smileacadimos.blob.core.windows.net *.doubleclick.net *.smileacadimos.gr smileacadimos.azurewebsites.net *.hotjar.com https://secure.livechatinc.com *.moosend.com 'self' web-chat.nativechat.com 1
frame-ancestors 'self' https://dv-ones.com 1
default-src 'self' https://api.vspagy.com https://vspagy.com https://dashboard.vspagy.com https://vmediadatav2.s3.ap-south-1.amazonaws.com https://www.google-analytics.com file: data: blob: filesystem:;media-src 'self' * file: data: blob: filesystem:;object-src 'self' 'unsafe-inline' file: data: blob: filesystem:; img-src * blob: data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';font-src * https://pro.fontawesome.com;https://balife.page.link; 1
script-src 'self' filesystem: 'unsafe-eval' 'unsafe-inline' *.spaggiari.eu https://ajax.googleapis.com/ https://apis.google.com/js/platform.js https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://code.highcharts.com/ https://code.jquery.com/ https://connect.facebook.net/it_IT/sdk.js https://d31qbv1cthcecs.cloudfront.net/atrk.js https://fonts.googleapis.com/ https://f.vimeocdn.com/js/ https://ianlunn.co.uk/plugins/jquery-parallax/scripts/ https://livestream.com/assets/plugins/ https://maps.googleapis.com/ https://maxcdn.bootstrapcdn.com/bootstrap/ https://player.vimeo.com/api/ https://rawgit.com/tyrasd/osmtogeojson/ https://stackpath.bootstrapcdn.com/bootstrap/ https://s.ytimg.com/yts/jsbin/ https://unpkg.com/ https://use.fontawesome.com/ https://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/charts/ https://www.gstatic.com/recaptcha/;frame-ancestors 'self' file: *.spaggiari.eu; 1
default-src 'none'; style-src 'self';img-src 'self' ;script-src 'self'; font-src 'self' data: ;frame-ancestors 'none'; form-action 'self'; base-uri 'self'; 1
script-src  'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.sagepay.com *.paypal.com *.paypalobjects.com *.googleadservices.com *.doubleclick.net static.zdassets.com *.google.com *.gstatic.com 1
worker-src 'self' data: blob:; default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
form-action 'self'; base-uri 'none'; default-src 'self' googleads.g.doubleclick.net googleads.g.do pagead2.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com www.dailymotion.com www.vimeo.com player.vimeo.com www.youtube.com www.google.com maps.google.fr analytics.crealinks.net; style-src 'self' fonts.googleapis.com 'unsafe-inline'; font-src fonts.gstatic.com; script-src 'self' code.jquery.com www.google.com www.gstatic.com analytics.crealinks.net pagead2.googlesyndication.com pagead2.googlesyndication.com fundingchoicesmessages.google.com tpc.googlesyndication.com partner.googleadservices.com; img-src 'self' www.morinfrance.com pagead2.googlesyndication.com; frame-ancestors 'self' www.chienplus.com chienplus.com 1
default-src 'self' https://www.googleapis.com https://firebasestorage.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://unpkg.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' data: https://unpkg.com https://www.gstatic.com; style-src-elem 'self' 'unsafe-inline' data: https://fonts.googleapis.com 1
frame-ancestors 'self' https://www.stunahome.com http://*.stunahome.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://subangjayamedicalcentre.com https://livechat.infobip.com/widget.js https://www.ramsaysimedarby.com https://unpkg.com https://www.google.com https://streetview.my https://cdn.ampproject.org https://ajax.googleapis.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://connect.facebook.net https://cdnjs.cloudflare.com https://www.gstatic.com https://unpkg.com https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://partner.googleadservices.com https://adservice.google.com https://tpc.googlesyndication.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://www.google-analytics.com https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/dark-bottom.css https://ajax.googleapis.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://saintlouissucre.matomo.cloud https://*.google-analytics.com https://cdn.tarteaucitron.io https://stats.g.doubleclick.net https://yoast.com https://www.google.com https://*.click2buy.com https://*.clic2buy.com https://www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://saintlouissucre.matomo.cloud https://www.googletagmanager.com https://tarteaucitron.io https://code.jquery.com https://*.clic2buy.com https://*.google-analytics.com https://*.clic2buy.com https://cdn.tarteaucitron.io https://www.google.com https://www.gstatic.com https://www.google.com/recaptcha/ https://www.youtube.com https://cdn.matomo.cloud; img-src 'self' data:  blob: https://saintlouissucre.matomo.cloud https://secure.gravatar.com https://*.google-analytics.com https://tarteaucitron.io https://ps.w.org; font-src 'self' data: https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.tarteaucitron.io https://fonts.googleapis.com; 1
frame-ancestors *.sudameapteek.ee 1
frame-ancestors 'self' *.console.aws.amazon.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' filesystem: https://static.zdassets.com/ekr/snippet.js https://static.ads-twitter.com/uwt.js https://static.zdassets.com/ekr/sentry-browser.min.js https://script.hotjar.com/ https://static.hotjar.com/ https://static.zdassets.com/ https://widget-mediator.zopim.com/ https://documentcloud.adobe.com/view-sdk/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net https://www.google.com/pagead/ ; style-src 'self' 'unsafe-inline' 'unsafe-eval' filesystem: ; img-src * data: ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' filesystem: https://ekr.zdassets.com/compose/ https://synetiq.zendesk.com/ wss://widget-mediator.zopim.com/ https://s3.eu-west-2.amazonaws.com/assets.synetiq-auctions.co.uk/ https://viewlicense.adobe.io/viewsdklicense/jwt https://vc.hotjar.io/sessions/ https://content.hotjar.io/ wss://ws.hotjar.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google.ca/ads/ga-audiences ; font-src 'self' data: filesystem: ; frame-ancestors 'self'; frame-src *; media-src 'self' filesystem: https://static.zdassets.com/ ; 1
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;style-src 'self' 'unsafe-hashes' 'unsafe-inline' https://unpkg.com/leaflet@1.7.1/ https://unpkg.com/leaflet-gesture-handling/dist/; img-src https://* data:; child-src 'none'; frame-src https://www.youtube.com/ https://www.flightradar24.com/ https://*; 1
font-src maxcdn.bootstrapcdn.com data: *.cloudflare.com *.twitter.com *.gstatic.com *.googleapis.com *.typekit.net *.twimg.com *.trustedshops.com 'self' data: *.tawk.to v2.zopim.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.twitter.com *.ads-twitter.com *.pinterest.com *.facebook.com *.vendavalida.com.br shopline.itau.com.br 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.twitter.com *.ads-twitter.com *.facebook.com *.pinterest.com *.hotjar.com *.hotjar.io *.sunset.systems *.doubleclick.net *.google.com *.vendavalida.com.br api.sunset.system *.zenaps.com *.jivosite.com *.lightwidget.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ct.pinterest.com cdn.mundipagg.com api.pagar.me *.cloudflare.com *.ads-twitter.com t.co *.klarna.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.google.com *.google.com.br *.googletagmanager.com *.ebit.com.br *.yourviews.com.br *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.yviews.com.br *.s3.amazonaws.com *.akamaihd.net *.facebook.com s3-sa-east-1.amazonaws.com conectiva.io *.getresponse360.pl s3.amazonaws.com *.pinterest.com *.mercadolibre.com *.clearsale.com.br *.tawk.to api.amedigital.com api.hml.amedigital.com *.awin1.com *.zenaps.com *.openpix.com.br *.jivosite.com d335luupugsy2.cloudfront.net *.widde.io *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.pinterest.com s.pinimg.com *.openpix.com.br *.openpix.dev *.sentry.io *.ingest.sentry.io https://plugin.openpix.dev/v1/openpix-dev.js https://api.openpix.dev https://graphql.openpix.dev/openpix/graphql https://graphql.openpix.dev/shopper/graphql https://plugin.openpix.com.br/v1/openpix.js https://api.openpix.com.br/openpix/graphql https://api.openpix.com.br/shopper/graphql 3ds2.pagar.me 3ds2-sdx.pagar.me *.cloudflare.com *.twitter.com *.ads-twitter.com *.twimg.com *.yourviews.com.br *.yviews.com.br *.ebit.com.br *.google-analytics.com *.gstatic.com *.google.com *.youtube.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.facebook.com *.cartstack.com.br *.hotjar.com *.hotjar.io *.newrelic.com conectiva.io *.nr-data.net *.gr-cdn-e.eu *.getresponse360.pl *.cloudflareinsights.com s3.amazonaws.com *.vendavalida.com.br *.avada.io api.mundipagg.com *.tawk.to *.jsdelivr.net *.dwin1.com *.mailclick.me *.jivosite.com *.clearsale.com.br *.zenaps.com *.tiktok.com d335luupugsy2.cloudfront.net *.lightwidget.com cdn.widde.io ct.pinterest.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com *.cloudflare.com *.ads-twitter.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.yourviews.com.br *.yviews.com.br s3.amazonaws.com *.tawk.to *.jivosite.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ct.pinterest.com *.jivosite.com videos.widde.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ct.pinterest.com api.mundipagg.com api.pagar.me *.googletagmanager.com *.cloudflare.com *.twitter.com *.ads-twitter.com *.twimg.com *.paypal.com *.google-analytics.com analytics.google.com *.facebook.com *.yourviews.com.br *.hotjar.com wss://*.hotjar.com/ *.hotjar.io *.yviews.com.br conectiva.io *.doubleclick.net *.performa.ai *.nr-data.net *.getresponse360.pl *.cloudflareinsights.com *.reclameaqui.com.br *.pinterest.com *.cartstack.com.br *.cartstack.com *.mercadolibre.com *.mercadolivre.com *.vendavalida.com.br *.avada.io *.datafrete.com.br *.tawk.to wss://*.tawk.to *.jivosite.com wss://*.jivosite.com *.mailclick.me *.tiktok.com *.rdstation.com.br api-admin.widde.io https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' *.yandex.ru https://*  *.jivosite.com  wss://*;  script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.google-analytics.com  *.googleapis.com  *.yandex.ru googletagmanager.com yastatic.net  *.jivosite.com https://* wss://* ; object-src 'self' *.jivosite.com; style-src 'self' 'unsafe-inline'  https://*; img-src *  data:; frame-src 'self'  1
frame-ancestors https://rebako.io/ 1
frame-ancestors 'self' qltc.com.br *.aliancaadm.com.br *.qualicorp.net *.qualicorp.com.br *.clubedesaudeonline.com.br *.uniconsultsaude.com.br *.parceriasquali.com.br tamojuntocorretor.com.br; 1
frame-ancestors 'self';  default-src 'self' tcmg.com.tw  ;  script-src 'self' 'unsafe-eval' 'unsafe-inline' tcmg.com.tw  ;  connect-src 'self' tcmg.com.tw  ;  frame-src tcmg.com.tw  ;  font-src * data:;  img-src * data:;  style-src * 'unsafe-inline'; 1
object-src * data:;default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://seal.godaddy.com/*; font-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://telerad.biz/RemotEye/neologica.utils.js https://seal.godaddy.com/getSeal; frame-src * data: 'self' https://telerad.biz https://telerad.biz:4006; connect-src 'self' https://api.ipify.org https://telerad.biz/TeleRadService/ServiceTWP.svc https://telerad.biz/DeleteFolderService/DeleteFolderService.svc https://telerad.biz:401/MailService.svc/SendMail https://telerad.biz:400/SMSService.svc/SendSms https://ka-f.fontawesome.com https://127.0.0.1:*  ws://localhost:8181/ 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.tendernama.com;block-all-mixed-content; 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com releva.ai tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; frame-ancestors JIHr9jRMytcOT5wF/Pq1enlERNMzGi+3iCia4gvmxSM= 'self'; connect-src https://measurement-api.criteo.com/ https://region1.analytics.google.com/ dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.ingest.sentry.io http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io releva.ai localhost https://www.google-analytics.com 'self' 'unsafe-inline'; frame-src https://gum.criteo.com/ fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com/ https://plumrocket.com *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src https://www.glami.bg/ https://www.google.bg/ https://www.google.com/ https://criteo-partners.tremorhub.com/ https://cm.g.doubleclick.net/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src https://www.glami.bg/ https://www.google.com/ https://static.criteo.net/js/ld/ld.js assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.google.com/ releva.ai https://www.googletagmanager.com tagmanager.google.com *.cloudflare.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self';                      script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://ssl.google-analytics.com http://maps.googleapis.com https://www.googletagmanager.com https://widget.trustpilot.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.jsdelivr.net https://*.pennyelectra.com https://*.cookiebot.com;                      object-src *;                      style-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://pennyelectra.com;                      media-src * blob:;                      frame-src 'self' https://player.vimeo.com https://www.youtube-nocookie.com https://widget.trustpilot.com https://*.cookiebot.com;                      font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net;                      connect-src 'self' data: https://www.google-analytics.com https://analytics.google.com https://region1.google-analytics.com https://*.pennyelectra.com https://*.cookiebot.com; worker-src blob:; 1
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval' http://localhost:3000 ws://localhost:3000  http://localhost:1337 ws://localhost:1337 https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors *.cafe24.com *.togle.io *.togle.shop togle.io togle.shop 1
default-src 'self' 'unsafe-inline' data: *.toyota.com.mk *.bootstrapcdn.com *.googletagmanager.com googleads.g.doubleclick.net *.google.mk *.google.com *.googleapis.com *.google-analytics.com *.gstatic.com *.fbcdn.net *.facebook.com *.facebook.net *.pinterest.com *.youtube.com 1
default-src 'self' ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' https://fearby.com:* https://fearby-com.exactdn.com:* https://*.google-analytics.com https://*.google.com https://www.googletagmanager.com:* https://www.google-analytics.com:* https://pagead2.googlesyndication.com:* https://www.youtube.com:* https://adservice.google.com.au:* https://s.ytimg.com:* about; style-src 'self' https://cdn.rawgit.com/michalsnik/aos/2.1.1/dist/aos.cs https://tickets.4talent.cl:* data: 'unsafe-inline' https://fearby.com:* https://fearby-com.exactdn.com:* https://fonts.googleapis.com:* https://www.googletagmanager.com:* https://www.google-analytics.com:*; img-src 'self' data: https://fearby.com:* https://fearby-com.exactdn.com:* https://*.google-analytics.com https://*.google.com https://www.googletagmanager.com:* https://secure.gravatar.com:* https://maps.gstatic.com:* https://maps.googleapis.com:* https://www.google-analytics.com:* https://a.impactradius-go.com:* https://www.paypalobjects.com:* https://namecheap.pxf.io:* https://www.paypalobjects.com:* https://stats.g.doubleclick.net:* https://*.doubleclick.net:* https://stats.g.doubleclick.net:* https://www.ojrq.net:* https://ak1s.abmr.net:* https://*.abmr.net:*; font-src 'self' data: https://ka-f.fontawesome.com:* https://fearby.com:* https://fearby-com.exactdn.com:* https://fonts.googleapis.com:* https://fonts.gstatic.com:* https://cdn.joinhoney.com:* https://www.googletagmanager.com:* https://www.google-analytics.com:* https://googleads.g.doubleclick.net:*; connect-src 'self' https://tickets.4talent.cl:* https://ka-f.fontawesome.com/ https://video.4talent.cl/ https://fearby.com:* https://fearby-com.exactdn.com:* https://*.google-analytics.com https://*.google.com https://www.googletagmanager.com:* https://www.google-analytics.com:*; media-src 'self' blob: https://*.google-analytics.com https://*.google.com https://www.googletagmanager.com:* https://secure.gravatar.com:* https://www.google-analytics.com:*; object-src 'self' ; child-src 'self' https://player.vimeo.com https://fearby-com.exactdn.com:* https://www.youtube.com https://www.googletagmanager.com:* https://www.google-analytics.com:*; frame-src 'self' https://www.youtube.com:* https://googleads.g.doubleclick.net:* ; worker-src 'self' https://sqm.hiringup.com/* https://video.4talent.cl/* blob: mediastream: ; frame-ancestors 'self' ; form-action 'self' https://fearby.com:* https://fearby-com.exactdn.com:* https://fearby-com.exactdn.com:* https://www.googletagmanager.com:* https://www.google-analytics.com:* https://www.google-analytics.com:*; upgrade-insecure-requests; block-all-mixed-content; base-uri https://fearby.com:*; manifest-src 'self' 'self' 'self'; report-uri https://fearby.report-uri.com/r/d/csp/enforce; 1
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com; img-src 'self' https://media.licdn.com www.trabajito.com.bo data: blob: 1
frame-ancestors https://www.trackandtrail.in https://tii.in/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://player.vimeo.com/ http://www.njuskalo.hr/ https://www.njuskalo.hr/; 1
default-src 'none'; img-src 'self' https: data:; style-src 'self' 'unsafe-inline' *.paypal.com *.openpay.mx *.googleapis.com *.google.com *.gstatic.com *.googleapis.com *.botlers.io; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.hotjar.com *.google.com *.gstatic.com *.paypal.com *.rappi.com *.facebook.com *.facebook.net *.optad360.io *.googletagmanager.com *.googleapis.com *.googlesyndication.com *.googleadservices.com *.doubleclick.net *.cloudfront.net *.botlers.io *.coppelay.com *.gigya.com *.coppelpay.com *.emarsys.net *.newrelic.com cdn.jsdelivr.net *.scarabresearch.com *.nr-data.net *.4dex.io *.paypalobjects.com *.transportesfrontera.com.mx *.openxcdn.net *.criteo.com *.id5-sync.com cdn.ampproject.org *.mercadopago.com *.ipify.org *.openpay.mx *.tiktok.com; connect-src 'self' *.amazoncognito.com *.amazonlightsail.com *.amazonaws.com *.optad360.io *.doubleclick.net *.hotjar.com *.paypal.com *.google.com.mx *.google.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.facebook.com *.facebook.net *.botlers.io *.coppelpay.com *.doubleclick.net *.gigya.com *.emarsys.net *.newrelic.com cdn.jsdelivr.net *.scarabresearch.com *.adsrvr.org *.criteo.com *.nr-data.net *.4dex.io *.paypalobjects.com *.transportesfrontera.com.mx *.openxcdn.net *.mercadopago.com *.ipify.org ipapi.co *.openpay.mx *.tiktok.com; base-uri 'self'; form-action 'self' *.facebook.com; frame-src 'self' *.kaptcha.com *.paypal.com *.optad360.io *.doubleclick.net *.coppelpay.com *.googletagmanager.com *.facebook.com *.facebook.net *.google.com *.emarsys.net *.gigya.com *.googlesyndication.com *.botlers.io *.paypalobjects.com; frame-ancestors *.optad360.io *.botlers.io *.paypal.com *.doubleclick.net 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.myticketstoindia.com use.fontawesome.com code.jquery.com https://cdn.jsdelivr.net https://pro.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googleadservices.com *.stripe.com https://widget.trustpilot.com https://cdn.mouseflow.com *.hotjar.com assets.shipratravel.com *.googlesyndication.com code.jquery.com *.myticketstoindia.com *.google.com https://www.google-analytics.com *.zemanta.com googleads.g.doubleclick.net maxcdn.bootstrapcdn.com use.fontawesome.com https://cdn.jsdelivr.net https://www.simplify.com https://kit.fontawesome.com https://www.googletagmanager.com https://connect.facebook.net *.googleadservices.com ; img-src 'self' https://ik.imagekit.io *.travanya.com https://whatsapp-media-incoming.s3.ap-south-1.amazonaws.com *.myticketstoindia.com.au assets.superfares.com img.freepik.com assets.faremaze.com assets.neofares.com assets.shipratravel.com code.jquery.com *.zementa.com *.zemanta.com *.googleusercontent.com googleads.g.doubleclick.net *.googlesyndication.com https://www.superfares.com https://s.w.org cdn.weatherapi.com https://www.myticketstoindia.com https://www.googletagmanager.com https://res.cloudinary.com https://secure.gravatar.com https://www.gravatar.com https://www.facebook.com *.google.com https://www.google-analytics.com https://www.google.co.in data: ; connect-src 'self' *.google.com *.googlesyndication.com *.mixpanel.com *.myticketstoindia.com.au https://o2.mouseflow.com *.hotjar.io wss://ws.hotjar.com *.superfares.com geolocation-db.com  https://www.facebook.com *.cloudfront.net *.gstatic.com *.shipratravel.com https://api.ipinfodb.com https://timeapi.io https://ka-f.fontawesome.com https://www.google-analytics.com https://stats.g.doubleclick.net ; font-src 'self' https://ka-f.fontawesome.com cdn.jsdelivr.net use.fontawesome.com maxcdn.bootstrapcdn.com https://pro.fontawesome.com fonts.gstatic.com data: ; frame-src 'self' https://www.facebook.com *.stripe.com *.googlesyndication.com *.doubleclick.net https://www.simplify.com https://www.youtube.com https://www.google.com googleads.g.doubleclick.net ; media-src 'self' https://assets.neofares.com https://whatsapp-media-incoming.s3.ap-south-1.amazonaws.com 1
base-uri 'none';connect-src 'self' https://adservice.google.com https://www.google.com https://*.doubleclick.net https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;default-src 'none';form-action 'self';img-src 'self' *.ytimg.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com data: https: https://*.google-analytics.com https://*.googletagmanager.com;media-src 'none';object-src 'none';font-src 'self' https://fonts.gstatic.com data:;upgrade-insecure-requests;script-src *.youtube.com s.ytimg.com *.youtube-no-cookie.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://www.googletagmanager.com 'unsafe-eval' https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com 'self' 'unsafe-inline' https://www.gstatic.com;frame-src *.youtube.com *.youtube-no-cookie.com *.ytimg.com www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ https://*.doubleclick.net https://stats.g.doubleclick.net https://www.googletagmanager.com https://bid.g.doubleclick.net 'self' https://www.google.com;style-src https://tagmanager.google.com https://fonts.googleapis.com 'self' 'unsafe-inline';frame-ancestors 'self';manifest-src 'self' 1
worker-src 'self' https: blob:; font-src 'self' https://fonts.gstatic.com data:; 1
base-uri 'self'; default-src 'self' 'nonce-2484e8ebe6ab395677f317237954b80c' https://cdn.shopify.com https://shopify.com; frame-ancestors 'self' https://tconlinecms.ddev.site https://tconlinecms.staging.therefinery.co.nz https://cms.trelisecooperonline.com 'none'; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://cdn.shopify.com 'self' 'unsafe-inline' https://cdn.shopify.com; connect-src wss://internal-snail-ace.ngrok-free.app:8002 https://internal-snail-ace.ngrok-free.app:8002 https://vimeo.com https://createsend.com 'self' https://monorail-edge.shopifysvc.com; script-src 'self' https://use.typekit.net https://cdn.shopify.com https://staticcdn.co.nz https://js.createsend1.com http://localhost:3100 https://player.vimeo.com https://*.livechatinc.com 'nonce-2484e8ebe6ab395677f317237954b80c'; img-src 'self' https://cdn.shopify.com https://p.typekit.net http://localhost:3100 https://tconlinecms.ddev.site https://tconlinecms.staging.therefinery.co.nz https://cms.trelisecooperonline.com data: https://*.vimeocdn.com; media-src 'self' https://*.myshopify.com https://cdn.shopify.com https://*.trelisecooperonline.com; font-src 'self' https://cdn.shopify.com https://use.typekit.net data: http://localhost:3100; frame-src 'self' https://staticcdn.co.nz https://player.vimeo.com http://e.issuu.com https://e.issuu.com https://*.livechatinc.com 1
frame-ancestors 'self' *.googletagmanager.com *.youtube.com;, base-uri 'self'; connect-src *;, font-src data: *;, form-action 'self' *.truyol.com *.redsys.es *.redsys.es:25443 *.paypal.com;, default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *;, style-src 'self' 'unsafe-inline' *.truyol.com *.tawk.to *.getprintbox.com *.googleapis.com *.ckeditor.com *.cloudflare.com *.gstatic.com;, script-src 'self' 'unsafe-inline' 'unsafe-eval' *.truyol.com *.salesmanago.pl *.googletagmanager.com *.googleapis.com *.hotjar.com *.tawk.to *.getprintbox.com *.facebook.net *.google.com *.trustedshops.com *.paypalobject.com *.ckeditor.com *.metricool.com *.gstatic.com *.cloudflare.com *.clarity.ms *.doubleclick.net *.google-analytics.com *.jsdelivr.net *.youtube.com *.cookiepro.com *.cookielaw.org *.taboola.com;, img-src 'self' data: blob: *.truyol.com *.salesmanago.pl *.google-analytics.com *.getprintbox.com *.googleapis.com *.google.com *.google.es *.googletagmanager.com *.trustedshops.com *.linkedin.com *.facebook.com *.ckeditor.com *.metricool.com *.clarity.ms *.bing.com *.doubleclick.net *.tawk.to *.googlesyndication.com *.fbsbx.com *.cookiepro.com *.googleusercontent.com; 1
default-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https: 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.tyson4d.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.daumcdn.net cdn.jsdelivr.net; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com *.google-analytics.com www.googletagmanager.com *.daumcdn.net *.google.com *.gstatic.com ajax.googleapis.com cdn.jsdelivr.net; frame-src 'self' www.youtube.com www.facebook.com *.google.com; 1
"default-src 'self' 'unsafe-inline' *.fontawesome.com  *.googleapis.com  uala.com.co *.google-analytics.com ;" 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net www.googletagmanager.com maps.googleapis.com www.google-analytics.com gstatic.com; object-src 'self' 1
frame-ancestors 'self' *.uetds.net 1
default-src 'self'; 		 frame-src 'self' https://www.google.com/ https://recaptcha.google.com/ https://www.youtube.com/ https://share.hsforms.com/ https://*.doubleclick.net/; 		 style-src 'self' 'unsafe-inline' https://*.fontawesome.com/; 		 font-src 'self' https://*.fontawesome.com/; 		 img-src 'self' data: https://upagostatic.global.ssl.fastly.net/ https://*.fontawesome.com/ https://www.google.cl/ https://www.googletagmanager.com/ https://i.ytimg.com https://www.google.com/ https://*.clarity.ms/ http://*.6sc.co/; 		 connect-src 'self' https://*.fontawesome.com/ https://www.google-analytics.com/ https://analytics.google.com/ https://stats.g.doubleclick.net/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://*.clarity.ms/ https://*.go-mpulse.net/ https://*.akstat.io/ http://*.6sc.co/ https://*.6sc.co/ https://*.6sense.com/ https://*.akamaihd.net/; 		 object-src 'none'; 		 base-uri 'none'; 		 frame-ancestors 'none'; 		 script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.google.com/ https://*.googleapis.com/ https://www.gstatic.com/ https://www.clarity.ms/ https://*.fontawesome.com/ https://player.vimeo.com/ https://*.go-mpulse.net/ https://*.6sc.co/ https://www.youtube.com/; 'nonce-YmM3NTgyNGUtZDU5OS00MDM3LThhMTQtYzczMTA4OGQ4MTgy'; 1
default-src 'self';script-src https://yubinbango.github.io https://maps.google.com https://use.fontawesome.com https://www.gstatic.com https://www.google.com https://ajaxzip3.github.io https://jpostal-1006.appspot.com https://js.stripe.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://ajax.googleapis.com  https://www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval';style-src 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://use.fontawesome.com https://ajax.googleapis.com 'self';img-src data: https://www.google.co.jp https://www.google.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://ajax.googleapis.com https://www.google-analytics.com 'self';font-src https://cdnjs.cloudflare.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://use.fontawesome.com https://ajax.googleapis.com https://fonts.gstatic.com 'self';frame-ancestors 'self';form-action 'self';connect-src https://www.google-analytics.com https://stats.g.doubleclick.net 'self';frame-src https://maps.google.com https://www.google.com https://js.stripe.com https://www.youtube.com 'self' 1
frame-ancestors 'self' https://apps.swisslifeselect.cz https://apps.lifenet.swisslifeselect.cz https://nove.e-srovnani.cz 1
script-src 'self' 'unsafe-eval' *.googleapis.com analytics.skroutz.gr vivapayments.com www.google-analytics.com www.googletagmanager.com connect.facebook.net analytics.tiktok.com 'nonce-wjYq3iIe7qT2qDScoO8FX7wCgjVFnRzP' 1
frame-ancestors 'self'; object-src 'none';img-src self data: https: ; script-src 'self' https://static.userguiding.com https://public.produktly.com https://matomo.fabrique.social.gouv.fr 'unsafe-inline' 1
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self' *.qbrick.com; media-src * blob:; worker-src * blob:; object-src 'self'; connect-src wss: https: 1
default-src 'self' *.vapeshed.co.nz *; script-src 'self' 'unsafe-inline' 'unsafe-eval' secure.tillpayments.com gateway.tillpayments.com *.cloudfront.net *.trustedsite.com cdn.ywxi.net *.inspectlet.com zip.co *.paymark.co.nz cdn-vapeshed.co.nz *.vapeshed.co.nz *.googleapis.com *.facebook.net *.gstatic.com *.google.com *.jsdelivr.net *.tawk.to *.googletagmanager.com *.google-analytics.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.vapeshed.co.nz *.googleapis.com *.facebook.net *.jsdelivr.net; img-src * 'self' data: https:; media-src 'self'; frame-src 'self' secure.tillpayments.com *.youtube.com *.trustedsite.com *.paymark.co.nz *.google.com *.vapeshed.co.nz *.facebook.net *.facebook.com; font-src 'self' data: *.tawk.to *.gstatic.com; connect-src 'self' ws: gateway.tillpayments.com *.bugsnag.com *.amazonaws.com *.inspectlet.com *.paymark.co.nz *.vapeshed.co.nz *.paypal.com *.paywithpoli.com *.tawk.to *.google-analytics.com *.doubleclick.net 1
default-src 'self' blob: *.paypal.com *.stripe.com wss://flexcom.de:9001 *.viamandis.de; img-src 'self' data: *.viamandis.de; connect-src 'self' blob: *.stripe.com wss://flexcom.de:9001 *.viamandis.de; style-src 'self' 'unsafe-inline' *.viamandis.de *.addthis.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.viamandis.de *.analytics.google.com *.google-analytics.com *.pinterest.com *.googleadservices.com *.facebook.com *.facebook.net *.myfonts.net *.addthis.com *.googleapis.com *.bing.com *.googletagmanager.com; font-src 'self' data: *.viamandis.de; 1
default-src 'self' unpkg.com chimpstatic.com *.cloudflare.com *.unsplash.com *.us5.list-manage.com mcusercontent.com *.ytimg.com *.youtube.com *.vimeo.com *.mailchimp.com *.jsdelivr.net *.googleusercontent.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.google.de *.google.ch empathy-portal.de *.doubleclick.net *.m-pathy.com fast.fonts.net *.facebook.net *.facebook.com *.adform.net bat.bing.com 'unsafe-eval'  'unsafe-inline' data:; 1
font-src *.fontawesome.com *.alothemes.com *.magepow.com *.googleapis.com *.gstatic.com *.azureedge.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.redsys.es *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cookiebot.com *.oct8ne.com *.hotjar.com *.google.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.alothemes.com *.magepow.com *.cdninstagram.com *.oct8ne.com *.azureedge.net grwapi.net *.google.com *.google.es *.doubleclick.net *.twitter.com *.pinterest.com t.co *.linkedin.com *.cookiebot.com *.metricool.com *.clarity.ms data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io *.alothemes.com *.magepow.com *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com *.google.com *.gstatic.com *.cookiebot.com *.oct8ne.com grwapi.net *.jquery.com *.doubleclick.net *.ads-twitter.com *.pinimg.com *.hotjar.com *.licdn.com *.clarity.ms *.tiktok.com *.pinterest.com *.metricool.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.alothemes.com *.magepow.com *.googleapis.com grwapi.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.google-analytics.com https://www.google-analytics.com *.oct8ne.com grwapi.net *.cookiebot.com *.doubleclick.net *.pinterest.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn.linkedin.oribi.io *.clarity.ms *.tiktok.com *.google.com *.linkedin.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'  videos-mgh.com apis.google.com accounts.google.com bid.g.doubleclick.net; connect-src * ;img-src *; media-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com www.googletagmanager.com dev.visualwebsiteoptimizer.com www.googleadservices.com bid.g.doubleclick.net googleads.g.doubleclick.net apis.google.com accounts.google.com track.opticks.io *.doubleclick.net ; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' https: *.videos-mgh.com; 1
block-all-mixed-content; frame-ancestors 'self' vincishoes.activehosted.com; upgrade-insecure-requests 1
font-src *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ secure-gateway.hipay-tpp.com *.hipay.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.bing.com *.google.com *.google.fr *.googleapis.com maps.gstatic.com *.visseriefixations.fr blob: data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://sibautomation.com secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.bing.com *.axept.io *.doofinder.com *.googleapis.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hipay.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://in-automate.brevo.com *.hipay.com wss://mpsnare.iesnare.com *.bing.com *.axept.io *.doofinder.com *.googleapis.com *.google.com *.doubleclick.net *.google-analytics.com *.hipay-tpp.com *.googlesyndication.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.googleapis.com *.vdo.ai *.vlitag.com *.adnxs.com *.avantisvideo.com *.addthis.com http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 1
default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  1
img-src * data:; default-src * 'unsafe-inline' 'unsafe-eval'; object-src 'none'; frame-ancestors 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.typeform.com fonts.bunny.net *.tiktok.com ct.pinterest.com *.pinimg.com *.algolianet.com *.algolia.net *.wd40.info *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.google.co.uk *.doubleclick.net *.ampproject.org *.gravatar.com https://youtube.com/ https://youtu.be/ *.youtube.com *.youtube-nocookie.com *.ytimg.com *.instagram.com *.vimeo.com yoast.com *.wd40.co.uk *.wd40.fr *.wd40company.eu unpkg.com *.jquery.com *.jsdelivr.net *.amazon-adsystem.com *.media-amazon.com *.amazonaws.com *.wd40.com *.wtbidev.uk *.wd40.ro *.wd40.pl *.e2ma.net *.cloudfront.net *.wd40.no *.wd40.sk *.wd40.lat *.wd40.se *.wd40.cz *.cloudflare.com *.wd40.gr *.wd40.se *.wd40.es *.tiktok.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: fonts.bunny.net *.algolianet.com *.algolia.net *.wd40.info *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.com *.facebook.net *.google.com *.google.co.uk *.doubleclick.net *.ampproject.org *.gravatar.com https://youtube.com/ https://youtu.be/ *.youtube.com *.youtube-nocookie.com *.ytimg.com *.instagram.com *.vimeo.com yoast.com *.wd40.co.uk *.wd40.fr *.wd40company.eu unpkg.com *.jquery.com *.jsdelivr.net *.amazon-adsystem.com *.media-amazon.com *.amazonaws.com *.wd40.com *.wtbidev.uk *.wd40.ro *.wd40.pl *.e2ma.net *.cloudfront.net *.wd40.no *.wd40.sk *.wd40.lat *.wd40.se *.wd40.cz *.cloudflare.com *.wd40.gr *.wd40.se 1
script-src 'unsafe-eval' 'unsafe-inline' https: 1
frame-ancestors 'self' https://cdn.jsdelivr.net/* https://whilcloud.com/* 1
object-src 'self'; connect-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: mailto: tel: https://*.helpscout.net https://*.specialprograms.powerschool.com https://*.auroraedtech.com https://support.powerschool.com https://cdn.rawgit.com http://fonts.googleapis.com https://*.googleusercontent.com/ https://*.cloudfront.net/ https://*.brightarrow.com https://auroraedtech.com http://yui.yahooapis.com https://maxcdn.bootstrapcdn.com https://assets.powerschool.com https://*.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://*.gstatic.com/ https://*.accelaschool.com https://web-sdk-us2.aptrinsic.com https://gp.powerschool.com/ https://www.youtube-nocookie.com https://*.specialeducation.powerschool.com https://www.youtube.com 1
frame-ancestors 'self'; default-src 'self' https://*.apiwivai.com https://*.wivai.es https://*.wivai.com https://*.wivai.cat https://www.youtube.com https://www.youtube-nocookie.com/ https://*.wivaidev.com; img-src 'self' https://fotos.estaticosmf.com/ https://*.demandware.net https://i.ytimg.com https://img.youtube.com https://*.salesforce.net https://*.salesforce.com https://*.apiwivai.com https://metrics.caixabank.es/ data: ; style-src 'self' 'unsafe-inline' https://*.apiwivai.com https://*.wivai.es https://*.wivai.com https://*.wivai.cat https://*.wivaidev.com; font-src 'self' data: ; script-src 'self' 'unsafe-inline' https://*.apiwivai.com https://*.wivai.es https://*.wivai.com https://*.wivai.cat https://*.wivaidev.com https://*.demandware.net https://*.cquotient.com https://tags.tiqcdn.com/; connect-src 'self' https://*.apiwivai.com https://*.wivai.es https://*.wivai.com https://*.wivai.cat https://*.wivaidev.com https://dpm.demdex.net/; form-action 'self' *.redsys.es 1
default-src 'self' https://matomo.wojak-studio.com https://wojakparadise.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.coffee-france.fr https://matomo.wojak-studio.com;img-src 'self' 'self' data: 'self' blob: https://matomo.wojak-studio.com https://www.coffee-france.fr;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self' *.tiktok.com *.wonderbra.ca; img-src 'self' *.wonderbra.ca data: https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' *.facebook.com *.doubleclick.net *.google.com player.vimeo.com www.youtube.com vod-progressive.akamaized.net *.bazaarvoice.com *.cybersource.com *.cyberimpact.com *.pinterest.com; connect-src 'self' https: wss:; font-src 'self' data: https:; frame-ancestors 'self' https://*.wonderbra.ca; 1
frame-ancestors 'self' *.wonderz.at *.wonderz.be *.wonderz.ca *.wonderz.ch *.wonderz.cn *.wonderz.co.uk *.wonderz.com *.wonderz.com.au *.wonderz.de *.wonderz.dk *.wonderz.es *.wonderz.fi *.wonderz.fr *.wonderz.gr *.wonderz.it *.wonderz.lu *.wonderz.pt *.wonderz.ru *.wonderz.se support.wonderz.com 1
default-src *; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://wtkora.com;block-all-mixed-content; 1
frame-ancestors 'self' https://*.bytom.pl https://issuu.com;form-action 'self';base-uri 'self'; 1
default-src 'self' 'unsafe-inline' https://code.jquery.com/jquery-3.7.1.min.js *.xcustomer360app.com *.placehold.it *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.xcustomer360.com 'unsafe-eval' *.xcustomer360app.com *.google.com *.googleapis.com *.gstatic.com *.xcustomer360app.com *.xcustomer360.com www.googletagmanager.com; img-src 'self' data: https://storage.cloud.google.com/xc360-content-reg/ https://storage.googleapis.com/xc360-content-reg-p/ *.googleusercontent.com/download/storage/v1/b/xc360-content-reg/; connect-src 'self' https://api.xcustomer360app.com/api/checklistsync/sendissue https://api.xcustomer360app.com/api/checklistsync/logapi *.xcustomer360.com https://ia.xcustomer360app.com/categorize https://export.xcustomer360app.com https://apireport.xcustomer360app.com/api/reports https://apireport.xcustomer360app.com/api/statisticssurvey https://apireport.xcustomer360app.com/api/reportsdetail https://apireport.xcustomer360app.com/api/jobinformes https://apisurvey.xcustomer360app.com/api/surveyclick https://apifile.xcustomer360app.com/api/file/ *.google-analytics.com; frame-ancestors 'self' xcustomer360.com *.xcustomer360.com *.experiencialacardio.org experiencialacardio.org serviciositaucompra.alwayson.cl seguros.itau.co *.sxkm.co *.construyendo.ec construyendo.ec audifarma.com.co *.audifarma.com.co transac.globalseguroscolombia.com paprspruebas.audifarma.com.co:8080 pruebasgl3.audifarma.com.co:9091 somosbelleza.com cda1d7.myshopify.com https://dacg.app www.cpo.com.co cpo.com.co http://wssensores.audifarma.com.co *.xcustomer360.com 1
upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; object-src 'none'; base-uri 'none'; prefetch-src 'self' 1
script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js google.com *.google-analytics.com *.doubleclick.net https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.jsdelivr.net code.jquery.com cdnjs.cloudflare.com kit.fontawesome.com ka-p.fontawesome.com www.googletagmanager.com bat.bing.com snap.licdn.com www.clarity.ms *.clarity.ms cdn-cookieyes.com *.hotjar.com js.hsadspixel.net js.hs-banner.com analytics.tiktok.com js.hscollectedforms.net *.sharethis.com *.hsforms.net *.usemessages.com *.sc-static.net sc-static.net *.snapchat.com *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.hs-banner.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com https://www.ssa.gov 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com cdn.jsdelivr.net cdnjs.cloudflare.com www.googletagmanager.com www.googleadservices.com ka-p.fontawesome.com cdn2.hubspot.net https://www.ssa.gov tours.transactcampus.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com devsitefinitystorage.blob.core.windows.net bat.bing.com www.google.com google.com px.ads.linkedin.com dev.transactcampus.com cdn-cookieyes.com *.clarity.ms *.hsforms.net *.hsforms.com *.google.com *.sharethis.com *.googleusercontent.com *.hotjar.com *.snapchat.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspot.net cdn2.hubspot.net dummyimage.com transactcampus.com https://www.ssa.gov/accessibility/andi/icons/reload.png https://www.ssa.gov *.transactcampus.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: kit.fontawesome.com ka-p.fontawesome.com *.hotjar.com cdn.jsdelivr.net; frame-src *.transactcampus.com 0ecf577fddb14f62ad2eaa098f4a5f08.svc.dynamics.com https://www.youtube.com https://player.vimeo.com https://devsitefinitystorage.blob.core.windows.net https://dev.transactcampus.com google.com *.hotjar.com *.hsforms.net *.hsforms.com *.google.com *.sharethis.com *.snapchat.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.monday.com 'self' web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com ka-p.fontawesome.com kit.fontawesome.com stats.g.doubleclick.net log.cookieyes.com cdn-cookieyes.com google.com *.google.com *.clarity.ms *.cookieyes.com *.hubapi.com *.tiktok.com *.hubspot.com *.hsforms.com *.hsforms.net forms.hubspot.com *.hotjar.io *.hotjar.com *.sharethis.com *.hscollectedforms.net *.oribi.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com js.hscta.net *.hs-banner.com *.bitsighttech.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://devsitefinitystorage.blob.core.windows.net; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com google.com www.clarity.ms 'self' web-chat.nativechat.com 1
script-src 'self' https: https://* s7.addthis.com tk3d.tk3dapi.com js.braintreegateway.com *.google.com google.com *.google-analytics.com googletagmanager.com platform.twitter.com connect.facebook.net 'unsafe-inline' 'unsafe-eval'; object-src 'self'; 1
frame-ancestors 'self' http://ergo.slv.vic.gov.au http://alumni.slv.vic.gov.au http://burkeandwills.slv.vic.gov.au insideadog.com.au doubleclick.net; 1
frame-ancestors 'self' https://app.withpersona.com https://app.withpersona-staging.com http://localhost:3000 https://*.persona.site.sandboxes.run; 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.tmwlive.com:9080 www.tmwlive.com:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.tmwlive.com wss://www.tmwlive.com *.campoints.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1721958233 1
default-src 'self' fonts.gstatic.com *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net *.facebook.com https://www.youtube.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; img-src * 'self' data: https:; font-src * 'self' data: https:; script-src 'self' 'unsafe-inline' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.cloudflare.com https://*.hotjar.com https://code.jquery.com/jquery-3.4.1.min.js http://nette.github.io/resources/js/netteForms.min.js https://connect.facebook.net/cs_CZ/sdk.js; style-src 'self' *.googleapis.com 'unsafe-inline' *.cloudflare.com; 1
frame-ancestors 'self' https://www.facebook.com/ 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' https://web.serviciosmin.gob.es/ https://chatbot.serviciosmin.gob.es https://stats.g.doubleclick.net https://unpkg.com https://www.mintur.gob.es http://www.mintur.gob.es https://use.fontawesome.com https://comercio.gob.es/ https://comercio.gob.es.aplicaciones https://comercio.serviciosmin.gob.es https://apis.google.com https://collect.sdgacceptance.eu https://collect.youreurope.europa.eu https://noembed.com https://ton.twimg.com https://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com http://ajax.googleapis.com https://ajax.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://region1.google-analytics.com https://plus.google.com http://www.facebook.com http://twitter.com https://www.youtube.com https://ssl.google-analytics.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://code.jquery.com https://cdn.plyr.io https://cdn.selz.com https://s.ytimg.com https://player.vimeo.com https://vimeo.com http://i.ytimg.com https://s.ytimg.com https://www.google.com https://www.gstatic.com https://cdn.syndication.twimg.com/ https://www.googletagmanager.com/ https://stats.g.doubleclick.net/ https://cdn1.readspeaker.com http://cdn1.readspeaker.com https://app-eu.readspeaker.com https://rstts-eu.readspeaker.com https://*.readspeaker.com; img-src 'unsafe-inline' 'self' https://www.mintur.gob.es http://www.mintur.gob.es https://* http://* data:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://*; style-src-elem 'unsafe-inline' 'self' https://web.serviciosmin.gob.es/ https://www.mintur.gob.es http://www.mintur.gob.es https://fonts.googleapis.com http://fonts.googleapis.com https://www.gstatic.com/ https://platform.twitter.com https://ton.twimg.com https://*.readspeaker.com http://*.readspeaker.com https://cdnjs.cloudflare.com https://chatbot.serviciosmin.gob.es; style-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.mintur.gob.es http://www.mintur.gob.es https://platform.twitter.com https://*.readspeaker.com http://cdn1.readspeaker.com https://fonts.googleapis.com; media-src 'unsafe-inline' 'unsafe-eval' 'self' https://* http://*; font-src 'self' data: https://* http://* https://fonts.gstatic.com/ 1
object-src 'self' https://player-pwa.paranormalium.pl; 1
default-src 'self';    script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *;    img-src 'self' data: *;    style-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *;    font-src 'self' data: *;    worker-src 'self' blob: *;    connect-src 'self' *;    frame-src 'self' * ;    frame-ancestors 'self' *;    report-uri https://www.ajas.fi/csp-errors/ajas-csp-errors.php; 1
default-src 'self'; form-action 'none'; frame-ancestors 'none'; font-src 'self'; img-src 'self' goeast.imgix.net; manifest-src 'self'; script-src-elem 'self'; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-attr 'unsafe-inline'; report-uri https://goeast.report-uri.com/r/d/csp/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net fonts.googleapis.com ajax.googleapis.com code.jquery.com fonts.gstatic.com  *.githubusercontent.com api.github.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com cdnjs.cloudflare.com data: buttons.github.io www.youtube.com video.ibm.com https://start.openliberty.io/ gitlab.com starter-staging.rh9j6zz75er.us-east.codeengine.appdomain.cloud https://docs.oracle.com/javase/8/docs/api/ https://docs.oracle.com/en/java/javase/17/docs/api/ 1
frame-ancestors 'self' my.agentero.com dev.agentero.com outdooradvinsure.com www.fordinsurance.com fordinsurance.com newenglandsaves.com 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-N2U4MzljY2JkYjgyNGRhZmFlMTkxODE0ZTgwN2U5OWE=' https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.nix18.nl; font-src 'self' https://statistiek.rijksoverheid.nl; object-src 'none'; connect-src https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.nix18.nl; img-src 'self' data: https://d3oiud1b8fohdw.cloudfront.net https://statistiek.rijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.toegankelijkheidsverklaring.nl; media-src 'self' https://*.rovid.nl https://*.rijksoverheidsvideo.nl; form-action 'self' https://export.highcharts.com https://*.contenttoolsrijksoverheid.nl https://*.nix18.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' *.hubspot.com *.wistia.com *.googleapis.com *.gstatic.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com *.twimg.com platform.linkedin.com *.google-analytics.com munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://youtube.com/ *.hsforms.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com *.hubspot.com *.wistia.com https://js.hs-banner.com https://js.hsleadflows.net https://forms.hubspot.com https://js.hscollectedforms.net http://platform.stumbleupon.com https://a.omappapi.com https://cdn.cookie-script.com https://cdn.userway.org https://cookie-script.com https://dec.azureedge.net https://googleads.g.doubleclick.net https://js.hsadspixel.net https://js.hsforms.net https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://syndication.twitter.com https://www.googletagmanager.com https://www.youtube.com https://js.hscta.net https://www.clarity.ms/* https://www.clarity.ms/tag/k8jb2n9xui https://px.ads.linkedin.com/wa/ https://www.clarity.ms/s/0.7.26/clarity.js https://js.sentry-cdn.com/ https://browser.sentry-cdn.com/ 'self' cdn.ampproject.org web-chat.nativechat.com https://cdn.insight.sitefinity.com https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.hubspot.com *.wistia.com https://a.omappapi.com/app/js/api.min.css https://cdn.userway.org 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.hubspot.com *.wistia.com https://js.hsleadflows.net https://forms.hsforms.com https://forms-na1.hsforms.com/embed/v3/counters.gif https://www.google.com *.linkedin.com https://a.omappapi.com https://cdn.userway.org *.hotjar.com https://perf.hsforms.com https://2877331.fs1.hubspotusercontent-na1.net https://www.lakeshorecryotronics.com/ https://perf-na1.hsforms.com https://static.hsappstatic.net/ https://www.googletagmanager.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://use.typekit.net/ https://fast.wistia.com/ https://cdn.userway.org *.hubspot.com *.wistia.com; form-action *.hubspot.com login.microsoftonline.com https://forms.hsforms.com 'self'; connect-src accounts.google.com *.mktoresp.com https://px.ads.linkedin.com/ https://forms.hubspot.com *.hsforms.com https://forms.hscollectedforms.net https://api.hubapi.com https://api.omappapi.com https://analytics.google.com https://api.userway.org https://www.google-analytics.com https://in.hotjar.com https://cdn.userway.org https://cdn.linkedin.oribi.io https://cookie-script.com https://cdn.cookie-script.com/ https://a.omappapi.com https://stats.g.doubleclick.net https://content.hotjar.io *.wistia.net *.wistia.com *.hotjar.com wss://ws.hotjar.com/api/v2/client/ws https://cta-service-cms2.hubspot.com https://z.omappapi.com/ https://youtube.com/ https://k.clarity.ms/collect https://www.google.com/ https://cdn77.api.userway.org/ https://googleads.g.doubleclick.net/ 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.hubspot.com *.wistia.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://cdn.jsdelivr.net https://cdn.knightlab.com/ *.hubspot.com *.lakeshore.com https://forms.hsforms.com 'self' web-chat.nativechat.com; frame-src *.hubspot.com *.googleapis.com *.gstatic.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com *.twimg.com platform.linkedin.com *.google-analytics.com munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com *.wistia.com 'self' cdn.ampproject.org https://forms.hubspot.com https://forms.hsforms.com https://cdn.userway.org https://fast.wistia.net/ https://cdn.knightlab.com/ *.youtube.com https://youtube.com/ *.hs-sites.com/ https://createaclickablemap.com/ web-chat.nativechat.com; frame-ancestors *.hubspot.com 'self' 1
default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com app.vwo.com; form-action 'self'; frame-ancestors 'none'; img-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com; report-to default; 1
img-src * data:; media-src *; script-src 'self' 'unsafe-inline' *.google.com www.gstatic.com *.googletagmanager.com *.cloudflareinsights.com www.clarity.ms *.matomo.cloud www.google-analytics.com www.youtube.com players.brightcove.net vjs.zencdn.net; frame-src *.google.com asia.tools.euroland.com players.brightcove.net bcove.video www.youtube.com; worker-src 'self' blob:; 1
default-src 'self' https://www.aet.ch https://api.iohire.com https://fonts.gstatic.com https://www.google-analytics.com  https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google.com; script-src 'self' https://www.aet.ch https://iohire-assets.s3.eu-west-3.amazonaws.com https://ajax.googleapis.com https://www.googletagmanager.com  https://www.gstatic.com https://www.google.com https://www.google-analytics.com 'unsafe-inline'; img-src 'self' https://www.aet.ch  https://www.google-analytics.com  https://www.googletagmanager.com; style-src 'self' https://www.aet.ch  https://fonts.googleapis.com https://iohire-assets.s3.eu-west-3.amazonaws.com 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com googleadservices.com cdn-cookieyes.com *.cookieyes.com cookieyes.com *.hackerone.com hackerone.com *.gstatic.com *.google.com maps.googleapis.com *.adroll.com *.consensu.org *.hscollectedforms.net *.hsleadflows.net *.hs-banner.com *.licdn.com *.bing.com *.doubleclick.net www.googleoptimize.com www.linkedin.com connect.facebook.net s.adroll.com ml314.com js.hs-scripts.com script.hotjar.com static.hotjar.com js.hs-analytics.net player.vimeo.com www.googletagmanager.com dev.visualwebsiteoptimizer.com sjs.bizographics.com www.google-analytics.com px.ads.linkedin.com djtflbt20bdde.cloudfront.net ajax.googleapis.com *.hsforms.com *.hsforms.net ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https: djtflbt20bdde.cloudfront.net fonts.googleapis.com js.hsforms.net; img-src 'self' data: https: media.nominet.uk maps.googleapis.com track.hubspot.com stats.g.doubleclick.net www.gravatar.com dev.visualwebsiteoptimizer.com www.google-analytics.com www.googletagmanager.com js.hsforms.net; font-src 'self' data: https: fonts.gstatic.com; connect-src 'self' https: wss: www.gov.uk yoast.com *.hotjar.com js.hsforms.net; media-src 'self' https: media.nominet.uk; object-src 'self' *.cloudfront.net js.hsforms.net; frame-src 'self' data: https: www.youtube.com player.vimeo.com djtflbt20bdde.cloudfront.net vars.hotjar.com *.hackerone.com hackerone.com js.hsforms.net; frame-ancestors 'self' *.hackerone.com hackerone.com js.hsforms.net; form-action 'self' *.theukdomain.uk theukdomain.uk forms.hsforms.com *.facebook.com js.hsforms.net; base-uri 'self' *.helpscout.net js.hsforms.net 1
default-src 'self'; child-src 'self' https://*.facebook.com https://*.green-connector.com https://*.tellja.de https://*.tellja.eu https://*.trustcommander.net *.kameleoon.com https://*.kameleoon.eu/ https://cdn.tagcommander.com https://evm.viewer.cit-fusion.com https://kb.ionas.de/ https://privacy.commander1.com https://wb.messengerpeople.com/ https://widget.msgp.pl https://www.evm.de; connect-src 'self' blob: https://*.amazonaws.com https://*.analytics.google.com https://*.azurewebsites.net https://*.bing.com https://*.clarity.ms https://*.doubleclick.net https://*.evm.de https://*.facebook.com https://*.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://*.gstatic.com https://*.licdn.com https://*.linkedin.com https://*.outbrain.com https://*.plusportal.de https://*.purpleview.de https://*.trustcommander.net https://*.vlink.com https://*.webinargeek.com https://*.zenloop.com *.kameleoon.com https://*.kameleoon.eu/ https://directline.botframework.com wss://directline.botframework.com https://maps.googleapis.com https://o445690.ingest.sentry.io https://plausible.io https://privacy.commander1.com https://wb.messengerpeople.com/ https://www.google.com https://www.google.de; font-src 'self' data: https://*.amazonaws.com https://*.analytics.google.com https://*.bing.com https://*.clarity.ms https://*.doubleclick.net https://*.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://*.gstatic.com https://*.plusportal.de https://*.vlink.com https://directline.botframework.com https://privacy.commander1.com; frame-ancestors 'self' https://*.evm.de https://8pia.evm.de https://messecom-sued.expo-ip.com https://pia.evm.de https://www.bdew.de; frame-src 'self' https://*.amazonaws.com https://*.azurewebsites.net https://*.doubleclick.net https://*.epilot.io https://*.evm.de https://*.facebook.com https://*.green-connector.com https://*.purpleview.de https://*.surveymonkey.com https://*.tellja.de https://*.tellja.eu https://*.trio-service.de https://*.trustcommander.net https://*.vlink.com https://cdn.tagcommander.com https://energieausweis.de https://evm-dia.innoloft.com https://evm-gruppe.softgarden.io https://evm.viewer.cit-fusion.com https://gebaeudeenergiegesetz.bm1.de https://iam.chamaeleon.de https://iam.chamaeleon.de/ https://infoportal.smartmacher.com https://kb.ionas.de https://lademap.ladenetz.de https://survey.lamapoll.de https://widget.msgp.pl https://www.energieausweis-online-erstellen.de https://www.evm.de https://www.google.com https://www.google.de https://www.youtube-nocookie.com https://www.youtube.com mailto:; img-src 'self' blob: data: https://*.adition.com https://*.analytics.google.com https://*.bing.com https://*.clarity.ms https://*.doubleclick.net https://*.evm.de https://*.facebook.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://*.linkedin.com https://*.surveymonkey.com https://*.t-systems.com https://*.tellja.de https://*.tellja.eu https://*.trustcommander.net https://*.vlink.com https://*.webinargeek.com https://*.ytimg.com https://*.zenloop.com https://evm.247grad.de https://privacy.commander1.com https://tagmanager.google.com https://www.evm.de https://www.google.com https://www.google.de https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.adition.com https://*.amazonaws.com https://*.analytics.google.com https://*.bing.com https://*.clarity.ms https://*.doubleclick.net https://*.epilot.io https://*.evm.de https://*.facebook.net https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.green-connector.com https://*.gstatic.com https://*.outbrain.com https://*.purpleview.de https://*.surveymonkey.com https://*.tellja.de https://*.tellja.eu https://*.trustcommander.net https://*.vlink.com https://*.webinargeek.com https://*.ytimg.com https://cdn.tagcommander.com https://energieausweis.de https://plausible.io https://privacy.commander1.com https://tagmanager.google.com https://www.energieausweis-online-erstellen.de https://www.google.com https://www.google.de https://www.googletagmanager.com https://www.youtube.com; script-src-elem 'self' 'unsafe-inline' https://*.adition.com https://*.amazonaws.com https://*.analytics.google.com https://*.bing.com https://*.clarity.ms https://*.doubleclick.net https://*.epilot.io https://*.evm.de https://*.facebook.net https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.green-connector.com https://*.gstatic.com https://*.licdn.com https://*.outbrain.com https://*.plusportal.de https://*.purpleview.de https://*.surveymonkey.com https://*.tellja.de https://*.tellja.eu https://*.trustcommander.net https://*.vlink.com https://*.webinargeek.com https://*.ytimg.com https://cdn.tagcommander.com https://energieausweis.de https://gebaeudeenergiegesetz.bm1.de https://plausible.io https://privacy.commander1.com https://survey.lamapoll.de https://tagmanager.google.com https://www.energieausweis-online-erstellen.de https://www.google.com https://www.google.de https://www.googletagmanager.com https://www.youtube.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://evm.247grad.de https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com; style-src-elem 'self' 'unsafe-inline' https://*.googleapis.com https://*.green-connector.com https://*.plusportal.de https://evm.247grad.de https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob:; report-to main 1
default-src 'self'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'unsafe-inline' 'self' www.google-analytics.com maps.googleapis.com maxcdn.bootstrapcdn.com www.googletagmanager.com ajax.googleapis.com; connect-src 'self' www.google-analytics.com; img-src 'self' csi.gstatic.com maps.googleapis.com maps.gstatic.com www.google-analytics.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; 1
default-src https:; connect-src https:; font-src https: data:; frame-src https: twitter:; frame-ancestors https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/api.js https://static.cloudflareinsights.com; frame-ancestors 'none'; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.recaptcha.net; font-src 'self' data: https://api.ultra.cc https://ultra.cc; form-action 'self' https://api.ultra.cc https://ultra.cc; img-src 'self' data: https://api.ultra.cc https://ultra.cc https://ultraseedbox.com https://docs.usbx.me; media-src 'none'; object-src 'none'; connect-src 'self' data: https://ultra.cc https://*.ultra.cc wss://*.ultra.cc https://networktools.midas.usbx.me wss://networktools.midas.usbx.me https://ultraseedbox.com; style-src 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://*.faucetcrypto.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: https://cdn.onesignal.com https://onesignal.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://hcaptcha.com/ https://newassets.hcaptcha.com/ https://*.doubleclick.net https://connect.facebook.net https://cdn.seon.io https://mc.yandex.ru/metrika/ http://bat.bing.com/bat.js https://bat.bing.com/p/ https://mc.yandex.ru/metrika/ https://apis.google.com https://*.adform.net/ https://t.bangobet.com https://js-agent.newrelic.com https://*.newrelic.com https://*.nr-assets.net https://*.nr-ext.net https://*.nr-data.net https://static-stg.hacksawgaming.com https://static-live.hacksawgaming.com https://widget.intercom.io https://js.intercomcdn.com https://static.cloudflareinsights.com/ https://static.hotjar.com https://script.hotjar.com https://widget.flowxo.com https://*.sentry.io/* 1
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' https://netlify-cdp-loader.netlify.app 'sha256-vA9I4Z78x0EssVwjK01meHcPuZ+FqT7w+7mwK/+zTgc='; img-src 'self' data:; frame-src 'self' https://outreach.abetterinternet.org; font-src 'self' data:; media-src 'self'; object-src 'self'; 1
default-src 'self' *.usesmileid.com; child-src 'self' *.usesmileid.com https://boards.greenhouse.io/embed/job_board; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://wellfound.com https://api2.amplitude.com https://px.ads.linkedin.com https://api.zerobounce.net https://www.kl-wt1.com https://plugin.klenty.com https://tag-logger.demandbase.com https://api.company-target.com https://s.company-target.com https://pagead2.googlesyndication.com https://analytics.google.com *.analytics.google.com *.usesmileid.com *.segment.com *.segment.io https://api-iam.intercom.io https://api-ping.intercom.io *.greenhouse.io https://cdn.linkedin.oribi.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexums-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io/ *.google-analytics.com stats.g.doubleclick.net https://portal.usesmileid.com/leads/ https://unpkg.com/@segment/consent-manager@5.3.0/standalone/consent-manager.js https://calendly.com; font-src 'self' https://*.hotjar.com fonts.gstatic.com https://fonts.intercomcdn.com js.intercomcdn.com *.pipedriveassets.com data:; form-action 'self' https://portal.usesmileid.com/leads/ usesmileid.us17.list-manage.com/subscribe/post; frame-src 'self' *.usesmileid.com *.jotform.com https://form.jotform.com https://s.company-target.com https://tpc.googlesyndication.com https://td.doubleclick.net/ https://pipedrivewebforms.com/ https://optimize.google.com youtube.com www.youtube.com https://calendly.com https://webforms.pipedrive.com https://www.google.com/recaptcha/; img-src 'self' https://tr-rc.lfeeder.com https://www.linkedin.com https://a.slack-edge.com https://fonts.gstatic.com https://id.rlcdn.com https://segments.company-target.com https://tr.lfeeder.com/ https://googleads.g.doubleclick.net/ ads-twitter.com ads-api.twitter.com analytics.twitter.com https://t.co syndication.twitter.com *.strapiapp.com https://www.google.com https://www.google.ad https://www.google.co.za https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://messenger-apps.intercom.io https://optimize.google.com https://www.google-analytics.com https://www.googletagmanager.com *.googleusercontent.com *.medium.com https://cdn.jsdelivr.net px.ads.linkedin.com www.google.com www.google.com.ng www.google-analytics.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://calendly.com data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://wellfound.com https://cdn.amplitude.com https://cdn.jsdelivr.net https://pagead2.googlesyndication.com https://s3-us-west-2.amazonaws.com https://www.youtube.com https://tag.demandbase.com https://tpc.googlesyndication.com https://sc.lfeeder.com https://static.ads-twitter.com/uwt.js https://cdn.embedly.com/widgets/platform.js https://googleads.g.doubleclick.net *.usesmileid.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com *.segment.com *.segment.io *.pipedrive.com *.pipedriveassets.com https://widget.intercom.io https://js.intercomcdn.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.licdn.com https://cdnjs.cloudflare.com/ajax/libs/validate.js/0.13.1/validate.min.js https://boards.greenhouse.io/embed/job_board/js https://unpkg.com/@segment/consent-manager@5.3.0/standalone/consent-manager.js https://assets.calendly.com https://www.google.com/recaptcha/; style-src 'self' 'unsafe-inline' https://*.hotjar.com https://www.googletagmanager.com https://optimize.google.com fonts.googleapis.com assets.calendly.com; media-src 'self' https://js.intercomcdn.com 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src https: ; child-src https: platform.twitter.com; img-src https: data:; font-src 'self' data: https:; 1
default-src 'self' live-stcharlesil-gov.pantheonsite.io stcharlesil.info stcharlesil-gov.lndo.site *.govdelivery.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stcharlesil.gov stcharlesil.info live-stcharlesil-gov.pantheonsite.io stcharlesil-gov.lndo.site js-agent.newrelic.com bam.nr-data.net *.youtube.com *.google-analytics.com *.googletagmanager.com agency.governmentjobs.com static.addtoany.com *.google.com *.gstatic.com s3.amazonaws.com linkprotect.cudasvc.com *.cloudfront.net https://tools.luckyorange.com *.govdelivery.com; object-src 'self' *.stcharlesil.gov stcharlesil.info live-stcharlesil-gov.pantheonsite.io stcharlesil-gov.lndo.site *.govdelivery.com; style-src 'self' 'unsafe-inline' *.stcharlesil.gov stcharlesil.info live-stcharlesil-gov.pantheonsite.io stcharlesil-gov.lndo.site *.fontawesome.com *.mailchimp.com *.cloudfront.net *.govdelivery.com; img-src 'self' 'unsafe-inline' data: *.stcharlesil.gov stcharlesil.info live-stcharlesil-gov.pantheonsite.io stcharlesil-gov.lndo.site default *.google-analytics.com *.googletagmanager.com www.adobe.com static.addtoany.com *.cludo.com bam.nr-data.net *.cloudfront.net *.govdelivery.com; media-src 'self' *.stcharlesil-gov stcharlesil.info live-stcharlesil-gov.pantheonsite.io stcharlesil-gov.lndo.site *.cloudfront.net *.govdelivery.com; frame-src 'self' *.stcharlesil.gov stcharlesil.info live-stcharlesil-gov.pantheonsite.io stcharlesil-gov.lndo.site *.youtube.com agency.governmentjobs.com static.addtoany.com *.duosecurity.com stcharlesil.maps.arcgis.com *.google.com *.govdelivery.com; child-src 'self' *.stcharlesil.gov stcharlesil.info live-stcharlesil-gov.pantheonsite.io stcharlesil-gov.lndo.site *.youtube.com agency.governmentjobs.com static.addtoany.com *.duosecurity.com stcharlesil.maps.arcgis.com *.govdelivery.com blob:; font-src 'self' data: *.stcharlesil.gov stcharlesil.info live-stcharlesil-gov.pantheonsite.io stcharlesil-gov.lndo.site fonts.gstatic.com *.fontawesome.com *.govdelivery.com; connect-src 'self' *.stcharlesil.gov stcharlesil.info live-stcharlesil-gov.pantheonsite.io stcharlesil-gov.lndo.site *.google-analytics.com bam.nr-data.net *.cludo.com stats.addtoany.com *.cloudfront.net https://*.luckyorange.com https://*.luckyorange.net/ https://pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.govdelivery.com; report-uri /report-csp-violation 1
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net; script-src 'self' 'unsafe-inline' affimvip.baidu.com static.lightning.force.com creaform.my.salesforce.com c.la1-core1.sfdc-58ktaz.salesforceliveagent.com creaform.my.site.com d.la1-core1.sfdc-58ktaz.salesforceliveagent.com chatai-cdn.ametek.com ametekpds.us17.list-manage.com mc.us17.list-manage.com static.addtoany.com fast.wistia.net wappass.baidu.com hmcdn.baidu.com fast.wistia.com static.zdassets.com affim.baidu.com safe.cdn.bcebos.com aifanfan.baidu.com a.omappapi.com go.zygo.com aff-im.cdn.bcebos.com cdnjs.cloudflare.com goutong.baidu.com player.youku.com hm.baidu.com js.hscollectedforms.net dmpstatic.cdn.bcebos.com sofire.bdstatic.com aiff.cdn.bcebos.com cdn.syndication.twimg.com api.twitter.com platform.twitter.com cdn.jsdelivr.net embed.tawk.to shopapi.dunkermotoren.de dwebshoptest.plan-software.de aff-im.cdn.bcebos.com ametekcdn2.azureedge.net ametekcdn.azureedge.net cdn.cookielaw.org go.phantomcamera.es go.phantomcameras.cn go.phantomcamera.fr wistia.com wistia.net go.ametekesp.com go.powervar.com go.precitech.com go.precitech.com.de *.creaform-engineering.com *.zygo.tw *.introtek.com *.alphasense.com *.egsautomation.de *.rtds.com *.skybitz.com *.ametek.com *.ametekweb.com go.sunpowerinc.com go.ameteksi.com go.ortec-online.com ajax.cloudflare.com static.cloudflareinsights.com facebook.com facebook.net connect.facebook.net googleads.g.doubleclick.net google-analytics.com www.google-analytics.com ssl.google-analytics.com google.com www.google.com support.google.com www.googleadservices.com fonts.googleapis.com ajax.googleapis.com maps.googleapis.com fonts.gstatic.com www.gstatic.com *.hsforms.com *.hsforms.net *.hs-analytics.net *.hs-scripts.com *.hsadspixel.net *.hubspot.com js.hscollectedforms.net t.sharethis.com code.jquery.com ws.sharethis.com info.ametek-land.com go.spectro.com twitter.com player.vimeo.com/api/ webtraxs.com youku.com youtube.com www.youtube.com go.techmfg.com go.techmfg.cn go.techmfg.de go.techmfg.jp go.techmfg.es chimpstatic.com cookie-cdn.cookiepro.com emip.ametek.com emipi.ametek.com geolocation.onetrust.com go.ametekaerospaceanddefense.com go.ametek-airtechnology.com go.ametekcalibration.cn go.ametekcalibration.com go.ametek-coining.com go.ametekfactoryautomation.com *.ametek-measurement.com go.ameteksfms.com go.ametekstc.com go.ametektest.cn go.ametektest.com go.ametektest.fr go.ametekusg.com go.brookfieldengineering.cn go.brookfieldengineering.com go.brookfieldengineering.de go.brookfieldengineering.in go.brookfieldengineering.uk go.drexelbrook.com go.emip.ametek.com go.fmhaerospace.com go.hughes-treitler.com go.hunterspringandreel.com go.pd-tech.com go.phantomcamera.de go.phantomhighspeed.com go.phantomcamera.fr go.phantomcameras.cn go.precitech.cn go.precitech.co.kr go.precitech.com.de go.precitech.jp go.precitech.tw go.rauland.com go.rauland.com go.spectro.de go.spectro.jp go.store.csiheat.com go.zygo.cn go.zygo.com.cn go.zygo.de go.zygo.jp *.zygo.kr go.zygo.sg go.zygo.th info.ametekland.com info.ametek-land.com info.ameteksurfacevision.com listadmin.ametek.com pardot1022173.ametek.com privacyportal.onetrust.com www.linkedin.com players.brightcove.net brightcvove.com brightinfo.com vjs.zencdn.net *.amazonaws.com js.hscta.net js.hs-banner.com js.hsleadflows.net analytics-eu.clickdimensions.com widgets.wp.com snap.licdn.com *.salesforceliveagent.com service.force.com bat.bing.com *.salesforce.com www.googletagmanager.com static.doubleclick.net fwww.surveymonkey.com fr.surveymonkey.com es.surveymonkey.com nl.surveymonkey.com de.surveymonkey.com jp.surveymonkey.com help.surveymonkey.com it.surveymonkey.com apply.surveymonkey.com pt.surveymonkey.com ru.surveymonkey.com sv.surveymonkey.com fi.surveymonkey.com da.surveymonkey.com zh.surveymonkey.com ko.surveymonkey.com no.surveymonkey.com tr.surveymonkey.com secure.surveymonkey.com contribute.surveymonkey.com fdeveloper.surveymonkey.com godaddy.surveymonkey.com linuxfoundation.surveymonkey.com eu.surveymonkey.com cx.surveymonkey.com investor.surveymonkey.com widget.surveymonkey.com engage.surveymonkey.com smenterprise.surveymonkey.com smaudience.surveymonkey.com blog.electiontracking.surveymonkey.com seattle.surveymonkey.com de.eu.surveymonkey.com uber.surveymonkey.com jpmc.surveymonkey.com en.surveymonkey.com ourstory.surveymonkey.com carerstrust.surveymonkey.com lp.surveymonkey.com demo.cx.surveymonkey.com cx-help.surveymonkey.com engage-help.surveymonkey.com images.surveymonkey.com kab.surveymonkey.com sgs.surveymonkey.com mobile.surveymonkey.com att.surveymonkey.com thearcus.surveymonkey.com winnipeg.surveymonkey.com petersburgmedicalcenter.surveymonkey.com cs.surveymonkey.com cy.surveymonkey.com el.surveymonkey.com ro.surveymonkey.com asm.surveymonkey.com cfchildren.surveymonkey.com ga.surveymonkey.com kooziegroup.surveymonkey.com mcafee.surveymonkey.com audience.surveymonkey.com fit.eu.surveymonkey.com click.outbound.surveymonkey.com secure.eu.surveymonkey.com anpost.eu.surveymonkey.com oesb.surveymonkey.com kla.surveymonkey.com nycdohmh.surveymonkey.com csl.surveymonkey.com wwww.surveymonkey.com blumenthalarts.surveymonkey.com api.surveymonkey.com labelmaster.surveymonkey.com thelynxgroup.surveymonkey.com try.surveymonkey.com assets01.surveymonkey.com lcoa.surveymonkey.com bnymellon.surveymonkey.com placer.surveymonkey.com ayuda.surveymonkey.com avon.surveymonkey.com auth0.surveymonkey.com maximus.surveymonkey.com sasb.surveymonkey.com nmhs.surveymonkey.com csp.surveymonkey.com strong365northwell.surveymonkey.com be.surveymonkey.com augustatech.surveymonkey.com woodplc.surveymonkey.com go.surveymonkey.com fr.eu.surveymonkey.com nychealthandhospitals.surveymonkey.com hca.surveymonkey.com nhl.surveymonkey.com slsnz.surveymonkey.com ds.surveymonkey.com ww.surveymonkey.com symplr.surveymonkey.com ca.surveymonkey.com aktionen.surveymonkey.com pncpa.surveymonkey.com seiu1021.surveymonkey.com kornferry.surveymonkey.com streetwisepartners.surveymonkey.com gamechange.surveymonkey.com jp.blog.surveymonkey.com google.surveymonkey.com styles.surveymonkey.com 222.surveymonkey.com pg.surveymonkey.com engineering.surveymonkey.com scitechinstitute.orgwww.surveymonkey.com surveymonkeysv.surveymonkey.com aide.surveymonkey.com levelaccess.surveymonkey.com roamrobotics.surveymonkey.com smonkey.surveymonkey.com resources.surveymonkey.com ar.surveymonkey.com bg.surveymonkey.com bs.surveymonkey.com et.surveymonkey.com hr.surveymonkey.com hu.surveymonkey.com id.surveymonkey.com is.surveymonkey.com lv.surveymonkey.com ms.surveymonkey.com pl.surveymonkey.com sk.surveymonkey.com sl.surveymonkey.com sr.surveymonkey.com th.surveymonkey.com tl.surveymonkey.com uk.surveymonkey.com vi.surveymonkey.com scfirststeps.surveymonkey.com www.qlzn6i1l.com secure.neck6bake.com go.universalanalyzers.com go.store.universalanalyzers.com cdn-images.mailchimp.com gallery.mailchimp.com downloads.mailchimp.com login.mailchimp.com kb.mailchimp.com blog.mailchimp.com us1.admin.mailchimp.com admin.mailchimp.com styleguide.mailchimp.com polyfill.mailchimp.com developer.mailchimp.com templates.mailchimp.com ux.mailchimp.com api.mailchimp.com connect.mailchimp.com us16.admin.mailchimp.com us19.admin.mailchimp.com us7.admin.mailchimp.com us17.admin.mailchimp.com us3.admin.mailchimp.com us10.admin.mailchimp.com us2.admin.mailchimp.com us11.admin.mailchimp.com us20.admin.mailchimp.com us4.admin.mailchimp.com us12.admin.mailchimp.com us18.admin.mailchimp.com us14.admin.mailchimp.com us8.admin.mailchimp.com apidocs.mailchimp.com us13.admin.mailchimp.com experts.mailchimp.com us1.api.mailchimp.com img.mailchimp.com us15.admin.mailchimp.com status.mailchimp.com us5.admin.mailchimp.com us6.admin.mailchimp.com us9.admin.mailchimp.com us1.mailchimp.com ls.mailchimp.com devs.mailchimp.com shopware.mailchimp.com postcards.mailchimp.com delivery.mailchimp.com plums.mailchimp.com linkedin.mailchimp.com mixpanel.mailchimp.com partner-assets.mailchimp.com patreon.mailchimp.com inspiration.mailchimp.com us11.mailchimp.com us9.mailchimp.com us16.mailchimp.com us19.mailchimp.com us20.mailchimp.com us15.mailchimp.com creative.mailchimp.com posthaste.mailchimp.com us3.mailchimp.com us6.mailchimp.com us4.mailchimp.com us12.mailchimp.com us14.mailchimp.com us2.mailchimp.com us12.api.mailchimp.com us10.mailchimp.com sopresto.mailchimp.com us17.mailchimp.com us7.mailchimp.com us18.mailchimp.com us13.mailchimp.com us8.mailchimp.com us20.api.mailchimp.com meowmart.mailchimp.com fastfives.mailchimp.com us2.api.mailchimp.com us5.mailchimp.com designlab.mailchimp.com us7.api.mailchimp.com img2.mailchimp.com us11.api.mailchimp.com us5.api.mailchimp.com us16.api.mailchimp.com sawa-usercontent.mailchimp.com us9.api.mailchimp.com docmakers.mailchimp.com us6.api.mailchimp.com help.mailchimp.com resources.mailchimp.com us15.api.mailchimp.com nonprofits.mailchimp.com m.mailchimp.com us4.api.mailchimp.com us19.api.mailchimp.com lurvin.mailchimp.com jungle.mailchimp.com us17.api.mailchimp.com us10.api.mailchimp.com us18.api.mailchimp.com us3.api.mailchimp.com privacyportal-cdn.onetrust.com privacyportal-eu-cdn.onetrust.com privacyportal-eu.onetrust.com www.onetrust.com privacyportal.onetrust.com cdn-ukwest.onetrust.com app.onetrust.com privacyportalde-cdn.onetrust.com geolocation.onetrust.com app-de.onetrust.com privacyportal-de.onetrust.com cdn-apac.onetrust.com app-eu.onetrust.com privacyportal-hulu-cdn.onetrust.com privacyportal-uk-cdn.onetrust.com cdn.onetrust.com privacyportal-uk.onetrust.com privacyportal-br-cdn.onetrust.com my.onetrust.com privacyportal-br.onetrust.com cruise-requests.my.onetrust.com privacyportal-na01-cdn.onetrust.com privacyportal-fr.onetrust.com iapp.onetrust.com sncf-portail.my.onetrust.com dpd-paris2.my.onetrust.com app.elq.onetrust.com tastemade-privacy.my.onetrust.com cdn-au.onetrust.com privacyportal-au.onetrust.com images.elq.onetrust.com allegion-privacy.my.onetrust.com privacyportal-ch.onetrust.com tcf.onetrust.com ggoutfitters-requests.my.onetrust.com privacyportal-apac.onetrust.com portal-verint.my.onetrust.com app-au.onetrust.com developer.onetrust.com uat-de.onetrust.com movado-privacy.my.onetrust.com privacyportal-allstate-cdn.onetrust.com proximospirits-privacy.my.onetrust.com free.onetrust.com privacy-portal-manpowergroup.my.onetrust.com privacyportal-discover-cdn.onetrust.com web.onetrust.com privacyportal-uat-cdn.onetrust.com privacyportal-uatde-cdn.onetrust.com info.onetrust.com support.onetrust.com chownow-requests.my.onetrust.com privacyportal-cisco-cdn.onetrust.com tv.onetrust.com data-protection-man-privacy.my.onetrust.com privacyportal-free-cdn.onetrust.com privacyportaluat.onetrust.com privacyportal-apac-cdn.onetrust.com privacyportal-free.onetrust.com smartfit-dsar.my.onetrust.com privacyportal-ch-cdn.onetrust.com privacyportaltrial-cdn.onetrust.com app-uk.onetrust.com app-apac.onetrust.com app-br.onetrust.com app-ca.onetrust.com app-ch.onetrust.com privacyportal-na01.onetrust.com lunagrill-requests.my.onetrust.com cbcfcu-requests.my.onetrust.com dropps-privacy.my.onetrust.com otcc-training.onetrust.com tdic-privacy.my.onetrust.com caire-requests.my.onetrust.com goodworldwide-requests.my.onetrust.com telteclgpd-privacy.my.onetrust.com privacyportaluatde.onetrust.com certain-requests.my.onetrust.com engieimpact-privacy.my.onetrust.com agriness-privacy.my.onetrust.com trial.onetrust.com ideas.onetrust.com lendico-privacy.my.onetrust.com go.pardot.com pi.pardot.com go.obcorp.com go.csiheat.com go.cardinaluhp.com go.barbenanalytical.com optinmonster.com cdn.datatables.net s7.addthis.com v1.addthisedge.com 'unsafe-eval'; style-src * 'unsafe-inline' creaform.my.site.com service.force.com ton.twimg.com platform.twitter.com ametekcdn2.azureedge.net ametekcdn.azureedge.net tagmanager.google.com fonts.googleapis.com; font-src * 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net fonts.gstatic.com data:; img-src * 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net img.mailchimp.com img2.mailchimp.com images.surveymonkey.com images.elq.onetrust.com ssl.gstatic.com www.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com data: abs.twimg.com pbs.twimg.com ton.twimg.com platform.twitter.com syndication.twitter.com; frame-src * 'unsafe-inline' service.force.com twitter.com platform.twitter.com syndication.twitter.com player.vimeo.com/video/ ametekcdn2.azureedge.net ametekcdn.azureedge.net; connect-src * 'unsafe-inline' creaform.my.site.com ametekcdn2.azureedge.net ametekcdn.azureedge.net www.google-analytics.com cloudflareinsights.com; worker-src 'self' ametekcdn2.azureedge.net ametekcdn.azureedge.net blob:; media-src 'self' *.wistia.com aifanfan.baidu.com ametekcdn2.azureedge.net ametekcdn.azureedge.net blob:; object-src 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net manifest.prod.boltdns.net aifanfan.baidu.com 'self' 1
default-src 'self' https://*.visitors.live wss://realtime.luckyorange.com wss://in.visitors.live https://*.googleapis.com https://*.luckyorange.com https://*.google-analytics.com https://*.paypal.com https://*.ashtangayoga.info https://*.facebook.com https://*.google.de https://*.google.com https://*.ampproject.org https://*.doubleclick.net wss://localhost:3000 https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.ashtangayoga.info https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tools.luckyorange.com https://*.privacypolicies.com https://*.paypal.com https://*.ashtangayoga.info https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.google-analytics.com https://*.googleapis.com https://connect.facebook.net https://*.twitter.com https://static.ads-twitter.com https://*.ampproject.org; font-src 'self' https://cdn.jsdelivr.net https://*.ashtangayoga.info https://*.bootstrapcdn.com https://fonts.gstatic.com data:; object-src 'self'; img-src 'self' 'unsafe-inline' data: blob: https://webapps.ashtangayoga.info https://*.paypal.com https://*.ashtangayoga.info/ https://*.doubleclick.net https://*.vimeocdn.com https://i.ytimg.com https://www.google-analytics.com https://www.google.com https://www.google.de https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com https://*.googleusercontent.com https://www.facebook.com https://t.co https://*.twimg.com https://www.gravatar.com https://shop.ashtangayoga.info; frame-src 'self' https://*.ashtangayoga.info https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://*.facebook.com https://*.vimeo.com https://*.vimeocdn.com https://*.paypal.com https://w.soundcloud.com/ https://yogaeasy.de https://www.yogaeasy.de/ https://ashtanga.yogaeasy.de/; worker-src 'self' blob:; 1
default-src 'self' https: data: blob:; style-src 'self' 'unsafe-inline' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: 1
upgrade-insecure-requests; default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; media-src https: data: blob: 'unsafe-inline'; img-src https: data: blob: 'unsafe-inline' android-webview-video-poster: ; report-uri https://csp.ansa.it/report/ 1
script-src https://cdnjs.cloudflare.com https://cdn.botframework.com https://code.jquery.com https://cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com cdn.checkout.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com; style-src 'self' 'unsafe-inline' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com; img-src 'self' https://*.amazonaws.com/site-cms-strapi.wheely.com/ https://*.amazonaws.com/site-cms-strapi.stg.wheely-dev.com/ https://*.amazonaws.com/site-cms-strapi.dev.wheely-dev.com/ https://*.amazonaws.com/static.wheely.com/ https://*.amazonaws.com/photos.wheely.com/ https://*.amazonaws.com/user-uploads-test.wheely.com/ https://*.amazonaws.com/user-uploads.wheely.com/ https://*.amazonaws.com/photos-test.wheely.com/ *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://www.facebook.com https://connect.facebook.net; media-src 'self' https://*.amazonaws.com/site-cms-strapi.wheely.com/ https://*.amazonaws.com/site-cms-strapi.stg.wheely-dev.com/ https://*.amazonaws.com/site-cms-strapi.dev.wheely-dev.com/ https://*.amazonaws.com/static.wheely.com/ https://*.amazonaws.com/photos.wheely.com/ https://*.amazonaws.com/user-uploads-test.wheely.com/ https://*.amazonaws.com/user-uploads.wheely.com/ https://*.amazonaws.com/photos-test.wheely.com/ *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip https://js.intercomcdn.com; frame-src 'self' *.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net *.google.com https://hcaptcha.com https://*.hcaptcha.com https://js.checkout.com; connect-src 'self' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip https://o18635.ingest.sentry.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com https://*.googleapis.com https://*.gstatic.com data: blob: https://hcaptcha.com https://*.hcaptcha.com https://js.checkout.com https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://stats.g.doubleclick.net https://www.facebook.com; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; form-action 'self' https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://www.facebook.com https://payment-3ds.com; report-uri https://o18635.ingest.sentry.io/api/1453113/security/?sentry_key=17e7a309684a4cc5a82504db707f1e7a 1
frame-ancestors 'self' https://manage.iands.design  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors https: 1
default-src 'self' data: 'unsafe-inline'; script-src 'self'; style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self'  https://*.mytio.ch https://tio.ch https://*.tio.ch https://*.20minuti.ch https://*.tuttojob.ch https://*.inagenda.ch https://*.biglietteria.ch https://*.piazzaticino.ch https://*.adbreak.ch 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.youtube.com *.vimeo.com *.google-analytics.com ajax.googleapis.com maps.gstatic.com consentcdn.cookiebot.com secure.gravatar.com www.googletagmanager.com maps.googleapis.com fonts.googleapis.com maxcdn.bootstrapcdn.com fonts.gstatic.com consent.cookiebot.com stats.docu.info; 1
frame-ancestors 'self' fkg.bitrix24.ru; 1
script-src 'unsafe-eval' 'unsafe-inline' 'self'  www.google-analytics.com www.googletagmanager.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com 1
default-src 'self' *.sysnet.ie *.sysnetgs.com player.vimeo.com data:; script-src  'self' 'unsafe-inline' 'unsafe-eval' www.google-analyti.com *.mypurecloud.com *.nr-data.net *.newrelic.com  *.euw1.pure.cloud; connect-src 'self' ws: data: assurance.sysnetgs.com *.mypurecloud.com *.nr-data.net www.shyrka-prod-euw1.s3.eu-west-1.amazonaws.com  *.newrelic.com *.euw1.pure.cloud *.mypurecloud.com *.euw1.pure.cloud www.google-analytics.com  *.demdex.net; img-src 'self' data: us01-prod-sair-static-assets.s3.amazonaws.com eu01-prod-sair-static-assets.s3-eu-west-1.amazonaws.com adservice.google.com *.sysnet.ie www.google-analytics.com *.demdex.net ad.doubleclick.net stats.g.doubleclick.net *.mypurecloud.com *.euw1.pure.cloud; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.fonts.net; font-src 'self' data: fonts.gstatic.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' iscan: data: *.sysnetgs.com *.vimeo.com *.mypurecloud.com; 1
frame-ancestors 'self' https://www.deauvillepoloclub.com/ https://nl.indeauville.fr https://en.indeauville.fr https://de.indeauville.fr https://es.indeauville.fr https://www.domainedevillers.fr https://www.thalasso-deauville.com https://benerville.fr http://www.lacloseriedeauville.com http://www.augeval.com http://www.congres-deauville.com https://www.hotel-saint-james.fr https://www.bellevue-hotel.fr https://www.mairie-benerville.neopse-site.fr https://www.benerville.fr https://www.acapars.com/ https://www.central-trouville.com/ https://www.pole-international-cheval.com/ 1
default-src 'self'; font-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-b60c84445f1de63dcad7e3c2cefc1acf'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src 'self' data:; img-src https: data:; 1
frame-ancestors https://cms.spsglobal.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://*.linkedin.com https://www.google-analytics.com https://secure.statcounter.com https://pi.pardot.com https://www.googleadservices.com https://sjs.bizographics.com https://connect.facebook.net https://solutions.insurancetechnologies.com https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com https://snap.licdn.com https://player.vimeo.com https://ws.zoominfo.com 1
base-uri 'self';child-src 'self' *.pipedream.com www.youtube.com player.vimeo.com fast.wistia.net blob:;connect-src 'self' *.pipedream.com *.m.pipedream.net wss://*.pipedream.com *.fullstory.com api.cloudinary.com o210198.ingest.sentry.io https://browser-intake-datadoghq.com www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://api.s.pipedream.net https://backend.getbeamer.com https://cdn.s.pipedream.net https://tally.so https://*.algolia.net *.google.com https://stats.g.doubleclick.net pagead2.googlesyndication.com *.intercom.io wss://*.intercom.io https://api.getrewardful.com https://pipedream-production-workflow-attachments.s3.amazonaws.com https://pipedream-files-production.s3.amazonaws.com https://pipedream-files-makedev.s3.amazonaws.com;default-src 'none';font-src 'self' *.pipedream.com data: fonts.gstatic.com https://fonts.intercomcdn.com;frame-src 'self' *.pipedream.com https://www.youtube.com/ www.googletagmanager.com https://app.getbeamer.com https://js.stripe.com https://tally.so accounts.google.com *.doubleclick.net;img-src * data: blob:;media-src 'self' *.pipedream.com res.cloudinary.com https://js.intercomcdn.com;object-src 'self' data:;script-src 'self' *.pipedream.com 'nonce-004046183670669556' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' tagmanager.google.com googletagmanager.com www.googletagmanager.com stats.g.doubleclick.net google-analytics.com https://ssl.google-analytics.com www.google-analytics.com https://app.getbeamer.com https://cdn.s.pipedream.net https://js.stripe.com https://tally.so accounts.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com;style-src 'self' *.pipedream.com 'unsafe-inline' tagmanager.google.com fonts.googleapis.com https://app.getbeamer.com accounts.google.com;worker-src 'self' *.pipedream.com data: blob:;form-action 'none';frame-ancestors 'none';report-uri https://o210198.ingest.sentry.io/api/5660875/security/?sentry_key=97aa41261e6e462d93e454687a0d01f2&sentry_environment=production 1
frame-ancestors https://www.ludialudom.sk 1
default-src 'self' https://mw-ar-recom-prod.pgapi.io/ feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' * ; img-src https://* 'self' data: https: blob: feed.pghub.io pandg.tapad.com ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; frame-ancestors * 'self' data: https: blob: ; 1
frame-ancestors 'self' multimaps360.de *.multimaps360.de savoyhotel-bad-mergentheim.de *.savoyhotel-bad-mergentheim.de 1
frame-ancestors *;  report-uri /log/csp-violation 1
base-uri 'none';         default-src 'self';         connect-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net;         child-src https://www.facebook.com/ https://staticxx.facebook.com/;         font-src 'self';         form-action 'self' https://connect.facebook.net;         frame-src 'self' https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://embed.ted.com https://freestompboxes.api.oneall.com https://w.soundcloud.com https://s9e.github.io https://player.twitch.tv;         img-src 'self' https: data:;         media-src 'self' https:;         object-src 'none';         script-src 'self' 'unsafe-inline' https://connect.facebook.net/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://freestompboxes.api.oneall.com/;         style-src 'self' 'unsafe-inline' https:;         worker-src 'self';         upgrade-insecure-requests; 1
upgrade-insecure-requests; script-src 'strict-dynamic' 'nonce-3eYlk+pgVOBm2SM9XMBRcQ=='; 1
default-src'self' 1
default-src blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; object-src 'none' 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' via.placeholder.com *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.msecnd.net *.youtube.com *.vimeo.com *.vimeocdn.com *.facebook.net *.facebook.com *.googletagmanager.com *.episerver.net route-finder.now.sh routefinderapp.azureedge.net routefinderapp.azurewebsites.net routefinderapptest.azurewebsites.net *.pardot.com *.reachmee.com *.extellio.com *.google.se *.pingdom.net *.cookiebot.eu *.cookiebot.com *.adform.net *.doubleclick.net *.videomarketingplatform.co *.ytimg.com *.licdn.com *.linkedin.com *.envirotainer.com *.usercentrics.eu *.cloudfront.net *.aptrinsic.com *.jsdelivr.net *.bootstrapcdn.com *.jquery.com *.cloudflare.com *.azure.com *.microsoftonline.com about:; connect-src 'self' ws://*.com ws://*.se *.visualstudio.com *.pingdom.net *.google-analytics.com *.doubleclick.net *.cookiebot.eu *.cookiebot.com *.adform.net *.aptrinsic.com *.linkedin.com m.extellio.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://ssl.google-analytics.com https://itagroup.hs.llnwd.net/ https://www.googletagmanager.com/ https://player.vimeo.com/ https://www.livehelpnow.net/ https://script.crazyegg.com https://www.google-analytics.com https://survey.survicate.com https://surveys-static.survicate.com 1
default-src 'self' www.zxsecurity.co.nz; script-src 'self' 'unsafe-inline' www.zxsecurity.co.nz www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com; style-src 'self' 'unsafe-inline' www.zxsecurity.co.nz fonts.googleapis.com; font-src 'self' data: www.zxsecurity.co.nz fonts.googleapis.com fonts.gstatic.com; frame-src www.youtube.com www.youtube-nocookie.com; object-src 'self'; img-src 'self' www.googletagmanager.com www.google-analytics.com; connect-src 'self' www.google-analytics.com; 1
report-uri https://luisterrijk.report-uri.com/r/d/csp/enforce;base-uri 'self';script-src 'nonce-swA3Z0GR3Zo3YUyhJ2UqXSkppVFEQDsQvDi3pMxq' 'self' 'unsafe-eval' luisterrijk.nl luisterrijk.be www.luisterrijk.nl www.luisterrijk.be www.googletagmanager.com *.google-analytics.com *.googletagmanager.com www.google.com www.google-analytics.com fonts.googleapis.com ion.luisterrijk.nl tagmanager.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/;style-src 'nonce-swA3Z0GR3Zo3YUyhJ2UqXSkppVFEQDsQvDi3pMxq' 'self' 'unsafe-eval' luisterrijk.nl luisterrijk.be www.luisterrijk.nl www.luisterrijk.be fonts.googleapis.com www.googletagmanager.com tagmanager.google.com 'sha256-NycL7c9Ybm7R/4hKg4lvLXtc7QaS8Xn/RLzw666ZCN0=';form-action luisterrijk.nl luisterrijk.be www.luisterrijk.nl www.luisterrijk.be staging.luisterrijk.nl cms.audiyence.com *.multisafepay.com;img-src 'unsafe-inline' * www.googletagmanager.com sss.gstatic.com www.gstatic.com *.google-analytics.com data:;object-src 'none';font-src fonts.gstatic.com;frame-src www.google.com www.klantenvertellen.nl www.kiyoh.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/;connect-src 'self' luisterrijk.nl luisterrijk.be www.luisterrijk.nl www.luisterrijk.be *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.doubleclick.net www.google.nl/ads/ga-audiences www.google.be/ads/ga-audiences 1
default-src 'self' www.google-analytics.com www.youtube.com; child-src 'self' www.youtube.com www.youtube-nocookie.com player.vimeo.com www.google.com; frame-src 'self' www.youtube.com forms.zohopublic.eu zfrmz.eu www.google.com https://recaptcha.google.com/recaptcha/ player.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.perplex.nl s.ytimg.com *.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com www.youtube.com player.vimeo.com www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: rating.pegi.info *.google-analytics.com *.analytics.google.com www.perplex.nl i.ytimg.com www.gravatar.com img.youtube.com i.vimeocdn.com vumbnail.com; font-src 'self' data:; connect-src 'self' *.google-analytics.com *.analytics.google.com; form-action 'self' forms.zohopublic.eu; report-uri https://perplex.report-uri.com/r/default/csp/enforce; upgrade-insecure-requests; block-all-mixed-content; 1
default-src * https:  data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.greateasternlife.com *.lifeisgreat.net *.adobedtm.com *.facebook.net *.googletagmanager.com *.addthisedge.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.juicer.io *.addthis.com *.twitter.com *.demdex.net *.omtrdc.net *.youtube.com *.ytimg.com *.qualtrics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com; font-src 'self' fonts.gstatic.com data:; img-src * data: *.qualtrics.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.google.com *.google.com.sg *.google.com.my *.google.co.id *.google.com.bn *.google.com.mm ade.googlesyndication.com; media-src 'self' *.scene7.com; frame-src 'self' *.google.com *.gstatic.com *.doubleclick.net *.juicer.io *.twitter.com *.addthis.com *.financialexpress.net *.youtube.com *.facebook.net *.facebook.com *.qualtrics.com safe.menlosecurity.com; object-src 'self' *.qualtrics.com; connect-src 'self' *.greateasterngeneral.com *.greateasternlife.com *.addthis.com *.demdex.net *.google-analytics.com *.omtrdc.net *.doubleclick.net *.facebook.net *.facebook.com *.qualtrics.com *.googletagmanager.com *.google.com *.google.com.sg *.google.com.my *.google.co.id *.google.com.bn *.google.com.mm; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.b-ite.com https://cs-assets.b-ite.com https://code.jquery.com https://beteiligung.nrw.de/portal/widgets/widgets-api.js https://api.service-digitale-verwaltung.de/ cdn.jsdelivr.net code.etracker.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://rebilly.github.io platform.instagram.com platform.twitter.com sf1-eu.readspeaker.com www.etracker.de; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://api.service-digitale-verwaltung.de/ https://use.typekit.net/ https://p.typekit.net/ https://cdnjs.cloudflare.com sf1-eu.readspeaker.com 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src * 'self' data: https:; object-src 'none'; style-src 'self' data: https://assets.braintreegateway.com https://widget.reviews.co.uk https://svc.webspellchecker.net https://*.klaviyo.com *.crazyegg.com https://api-js.datadome.co https://fonts.googleapis.com https://assets.reviews.io 'unsafe-inline' 1
frame-ancestors 'self'; base-uri 'self' matomo.active-elements.de; default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' active-elements.de matomo.active-elements.de; connect-src 'self' http://www.active-elements.de matomo.active-elements.de; style-src-elem 'self' 'unsafe-inline' active-elements.de matomo.active-elements.de; font-src 'self' 'unsafe-inline' active-elements.de matomo.active-elements.de; img-src 'self' 'unsafe-inline' data: active-elements.de matomo.active-elements.de 1
script-src 'self' 'unsafe-eval'  ; report-uri /api/csp; base-uri 'self'; object-src 'none' 1
frame-ancestors 'self'; upgrade-insecure-requests; frame-src 'self' insight.adsrvr.org *.demdex.net consent.cookiebot.com consentcdn.cookiebot.com *.youtube.com *.infrontfinance.com *.doubleclick.net; connect-src 'self' *.doubleclick.net *.google.com *.googlesyndication.com cdn.linkedin.oribi.io 633-ybp-923.mktoresp.com analytics.funnelfuel.io *.linkedin.com static1.r66net.com *.demdex.net cm.everesttech.net assets.adobedtm.com consent.cookiebot.com consentcdn.cookiebot.com *.2o7.net *.salesloft.com *.clarity.ms; img-src 'self' *.doubleclick.net *.linkedin.com *.b26net.com *.clarity.ms bat.bing.com *.google.com  s.videostep.com dev.day.com secure.adnxs.com *.invibes.com *.demdex.net cm.everesttech.net assets.adobedtm.com *.cookiebot.com *.2o7.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat data:; script-src *.infrontfinance.com *.googleadservices.com *.infront.co munchkin.marketo.net static.r66net.com *.doubleclick.net k.r66net.com u.videostep.com *.licdn.com analytics.funnelfuel.io bat.bing.com js.adsrvr.org *.adobeaemcloud.com documentcloud.adobe.com *.youtube.com *.adobedtm.com *.azure.com *.azureedge.net *.googleapis.com *.googletagmanager.com *.adservice.google.com *.google-analytics.com dqm.crownpeak.com consent.cookiebot.com consentcdn.cookiebot.com *.2o7.net *.omtrdc.net *.tt.omtrdc.net assets.adobedtm.com *.demdex.net cm.everesttech.net *.salesloft.com *.clarity.ms 'self' 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self' *.ayvens.com *.leaseplan.com *.leaseplandigital.com *.leaseplan.io; script-src 'unsafe-inline' https: 'nonce-H/HZImGwMqmBUW7uJDsuVg==' 'strict-dynamic'; connect-src 'self' *.ayvens.com cdn.cookielaw.org geolocation.onetrust.com browser-intake-datadoghq.eu *.browser-intake-datadoghq.eu *.leaseplan.com t-log.sgmarkets.com cdn.imagin.studio px.ads.linkedin.com *.google-analytics.com bat.bing.com *.clarity.ms *.hotjar.com *.hotjar.io consent-api.onetrust.com *.doubleclick.net privacyportal-de.onetrust.com www.facebook.com www.google.com/pagead/; worker-src 'self'; style-src 'self' 'unsafe-inline' *.leaseplancdn.com cdn.cookielaw.org; img-src 'self' data: *.ayvens.com *.leaseplan.com *.leaseplandigital.com www.leaseplanbrand.com cdn.cookielaw.org cdn.imagin.studio idt9rpjm7d.execute-api.eu-west-1.amazonaws.com www.googletagmanager.com *.ads.linkedin.com www.facebook.com www.googleadservices.com adservice.google.com www.google.com/pagead/ *.doubleclick.net bat.bing.com *.clarity.ms *.bing.com *.google.nl; media-src 'self' *.ayvens.com www.ayvensbrand.com *.leaseplan.com *.leaseplandigital.com www.leaseplanbrand.com; font-src 'self' *.leaseplancdn.com script.hotjar.com; frame-src 'self' *.ayvens.com *.leaseplan.com www.ayvensbrand.com player.vimeo.com www.youtube.com www.youtube-nocookie.com map.openchargemap.io *.doubleclick.net www.facebook.com; object-src 'none'; base-uri 'none'; 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' *.pricespider.com *.mapbox.com *.lytics.io feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googletagmanager.com www.google-analytics.com connect.facebook.net *.cookielaw.org *.pricespider.com pghub.io *.mapbox.com *.segment.com *.lytics.io feed.pghub.io pandg.tapad.com ; media-src 'self' data: videos.ctfassets.net feed.pghub.io pandg.tapad.com ; object-src 'none' feed.pghub.io pandg.tapad.com ; img-src 'self' data: images.ctfassets.net *.cookielaw.org *.pricespider.com pghub.io www.facebook.com pixel.tapad.com www.facebook.com *.lytics.io www.googletagmanager.com www.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.doubleclick.net feed.pghub.io pandg.tapad.com ; frame-src 'self' pandg.tapad.com consumersupport.pg.com feed.pghub.io *.doubleclick.net ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; form-action 'self' feed.pghub.io pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; connect-src 'self' *.tapad.com *.cookielaw.org *.google-analytics.com *.doubleclick.net *.contentful.com *.mapbox.com *.segment.com *.segment.io *.adsrvr.org ws: *.pricespider.com *.analytics.google.com feed.pghub.io ; default-src 'none' feed.pghub.io pandg.tapad.com ; base-uri 'self' feed.pghub.io pandg.tapad.com ; 1
frame-ancestors 'self' https://www.loscivolo.com/ https://www.ilvinaccio.com/ https://leportgallier.it/ https://www.fratellimoraca.it/ https://morettinocoffeelab.it/ https://www.kanpaimilano.it/ https://www.pizzeriadagennaro.it/ https://www.vasame.com/ https://www.floralevante.it/ https://www.ristorantelevoltelivorno.com/ https://menu.menumal.it/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.thenmusa.org https://www.googletagmanager.com https://ssl.google-analytics.com https://connect.facebook.net https://www.google-analytics.com https://rtd-tm.everesttech.net https://*.everestjs.net https://*.googleadservices.com https://code.jquery.com; img-src 'self' data: https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://*.everesttech.net https://www.facebook.com https://secure.gravatar.com *.doubleclick.net https://*.pubmatic.com https://arttrk.com https://ps.w.org https://s.w.org; style-src 'self' 'unsafe-inline' https://*.thenmusa.org https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://www.google.com https://*.fls.doubleclick.net https://pixel.everesttech.net https://www.everestjs.net https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://artsandculture.google.com https://*.knightlab.com https://matterport.com https://prezi.com https://omeka.org https://vimeo.com https://player.vimeo.com/ https://prezi.com/https://my.matterport.com/ https://video.thenmusa.org https://videocenter.nmusa-blue.net; object-src 'none'; connect-src 'self' https://*.thenmusa.org https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com; media-src 'self' https://*.thenmusa.org blob:; worker-src blob: 1
frame-src 'self' *.ggd.nl *.ghor.nl *.ggdghor.nl *.cookiebot.com *.hotjar.com *.youtube.com *.soundcloud.com 1
frame-ancestors 'self' https://pub49.bravenet.com https://bravenet.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 1
default-src 'self';object-src 'self';frame-src 'self' *.youtube.com *.youtube-nocookie.com *.twitter.com https://player.vimeo.com https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://matomo.z-u-g.org/matomo.js https://platform.twitter.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://consentcdn.cookiebot.eu https://consent.cookiebot.eu ;style-src 'self' data: 'unsafe-inline' ;img-src 'self' data: https://img.sct.eu1.usercentrics.eu https://syndication.twitter.com *.tile.openstreetmap.org ;font-src 'self' data: 'unsafe-inline' ;connect-src 'self' https://matomo.z-u-g.org https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu;manifest-src 'self';media-src 'self' *.akamaihd.net 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ZWMwM2NkNDU5ZmYzNDNkODg0NDAxOWViYjE0N2IxNTg=' https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rijksoverheid.nl; font-src 'self' https://statistiek.rijksoverheid.nl; object-src 'none'; connect-src https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl; img-src 'self' data: https://d3oiud1b8fohdw.cloudfront.net https://statistiek.rijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.toegankelijkheidsverklaring.nl; media-src 'self' https://*.rovid.nl https://*.rijksoverheidsvideo.nl; form-action 'self' https://export.highcharts.com https://*.contenttoolsrijksoverheid.nl https://*.rijksoverheid.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors www.anythinklibraries.org anythinklibraries.org www.odyssey.stream app.odyssey.stream 1
frame-ancestors 'self' https://*.storyblok.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* *.google.com *.jsdelivr.net *.guestplan.com *.gstatic.com www.google-analytics.com www.googletagmanager.com *.cloudflare.com *.addtoany.com use.fontawesome.com *.mailchimp.com *.mcusercontent.com *.youtube.com *.ytimg.com *.googleapis.com *.medialoc.eu *.firebasedatabase.app *.ticketengine.nl *.cookiecode.nl; style-src 'self' 'unsafe-inline' *.googleapis.com *.mcusercontent.com *.guestplan.com  *.google.com *.jsdelivr.net *.cloudflare.com *.addtoany.com cloud.typography.com *.myfonts.net *.medialoc.eu *.ticketengine.nl *.medialoc.eu; font-src 'self' *.mcusercontent.com *.gstatic.com data:; img-src 'self' data: www.google-analytics.com  *.gstatic.com *.media-imdb.com *.mailchimp.com *.mcusercontent.com mcusercontent.com *.mcusercontent.com stats.g.doubleclick.net *.medialoc.eu; frame-src 'self' *.google.com *.addtoany.com *.guestplan.com *.mcusercontent.com *.youtube.com *.vimeo.com *.activetickets.com *.issuu.com *.recruitee.com *.linkedin.com localhost:* *.firebasedatabase.app *.b-cdn.net *.run.app; media-src 'self' *.youtube.com *.vimeo.com *.guestplan.com *.mcusercontent.com *.vimeocdn.com *.akamaized.net blob: 'self' *.b-cdn.net; connect-src 'self' localhost:* wss://localhost:* *.projectguide.nl etender-connect.com www.google-analytics.com *.googleapis.com *.googleusercontent.com *.medialoc.eu *.run.app wss://*.europe-west1.firebasedatabase.app *.b-cdn.net *.bitmovin.com blob: data: *.pallycon.com *.google-analytics.com *.doubleclick.net *.cookiecode.nl www.googletagmanager.com; frame-ancestors ;  1
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.etracker.com https://*.etracker.de https://unpkg.com/friendly-challenge@0.9.7/widget.module.min.js; worker-src blob:; style-src 'self' 'unsafe-inline' https://*.typekit.net/; font-src 'self' https://*.typekit.net/; img-src 'self' https://i.ytimg.com data:; form-action 'self' https://*.adva-beta.de; object-src 'none'; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.youtube-nocookie.com https://*.etracker.com https://*.etracker.de; frame-ancestors 'self' https://www.youtube-nocookie.com https://*.etracker.com; connect-src 'self' https://*.etracker.de https://eu-api.friendlycaptcha.eu/api/; upgrade-insecure-requests 1
script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' *.playmeow.com *.playmeow.org *.playmeow.dev *.eldergods.work *.acgcreator.com *.paypal.com *.gstatic.com *.paypalobjects.com apis.google.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.googleapis.com *.googletagmanager.com *.hotjar.com *.mixpanel.com *.mxpnl.com *.bananaking.org *.playmeow.cc *.jkmm.cc 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' via.placeholder.com *.linkedin.com *.licdn.com *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.msecnd.net *.youtube.com *.vimeo.com *.vimeocdn.com *.cdn.net *.facebook.net *.facebook.com *.umbraco.org *.umbraco.com *.googletagmanager.com *.pardot.com *.reachmee.com *.e-space.se jumoo.co.uk *.clarity.ms *.google.se *.b-cdn.net *.ibinder.com *.akamaihd.net *.wistia.com *.hotjar.com *.pingdom.net *.doubleclick.net *.ytimg.com *.mynewsdesk.com *.leadoo.com *.bing.com *.segment.com *.github.com *.teamwalnut.com *.cognitoforms.com *.cookiebot.com about: blob:; connect-src 'self' ws://*.com ws://*.se *.akamaihd.net *.wistia.com *.litix.io *.google-analytics.com *.visualstudio.com *.pingdom.net *.umbraco.org *.umbraco.com *.doubleclick.net *.leadoo.com *.oribi.io *.bing.com *.google.com *.clarity.ms *.hotjar.io *.hotjar.com *.googlesyndication.com *.cognitoforms.com *.linkedin.com *.cookiebot.com;media-src 'self' blob: *.ibinder.com *.akamaihd.net *.wistia.com *.b-cdn.net *.leadoo.com;worker-src https: blob:; 1
frame-ancestors 'self';upgrade-insecure-requests; img-src 'self' data: https://log.pinterest.com  https://www.google-analytics.com  https://dailyyonder.com  https://www.googletagmanager.com  https://dify.wpengine.com  https://www.themainemonitor.org  https://www.census.gov  https://public.flourish.studio  https://wpengine.com  https://i.creativecommons.org  https://assets.msn.com  https://cdn.honey.io  https://i.ytimg.com  https://region1.google-analytics.com  https://www.facebook.com  https://pixel.propublica.org  https://awropeik.files.wordpress.com  https://really-simple-ssl.com  https://translate.google.com  https://fonts.gstatic.com  https://ssl.google-analytics.com  https://www.gstatic.com  https://www.google.com  https://translate.googleapis.com  https://licensebuttons.net  https://counter.theconversation.com  https://lh3.googleusercontent.com  https://bzw5s16w5761b70rja1vwaws-absy16yrju75is4fuwvj.mentionusercontent.net  https://bzw5s16w5761b70rj70yiufau0fj.mentionusercontent.net  https://yoa.st  https://claritystatic.blob.core.windows.net  https://c.clarity.ms  https://c.bing.com  https://cdn-lbpkl.nitrocdn.com  https://img.youtube.com  https://app.allaccessible.org  https://secure.gravatar.com https://ts.w.org https://s.w.org https://ps.w.org ; default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.datatables.net  https://connect.facebook.net  https://assets.pinterest.com  https://www.google-analytics.com  https://www.googletagmanager.com  https://yoast.com  https://www.gstatic.com  https://www.buzzsprout.com  https://public.flourish.studio  https://static.ctctcdn.com  https://e.infogram.com  https://cdnjs.cloudflare.com  https://datawrapper.dwcdn.net  https://assets.msn.com  https://platform.twitter.com  https://me.kis.v2.scr.kaspersky-labs.com  https://www.pagespeed-mod.com  https://pixel.propublica.org  https://gc.kis.v2.scr.kaspersky-labs.com  https://translate.google.com  https://translate-pa.googleapis.com  data:  https://assets.documentcloud.org  https://translate.googleapis.com  https://conoret.com  https://www.clarity.ms  https://www.google.com  https://nitroscripts.com  https://cdn-lbpkl.nitrocdn.com  blob:  https://interactives.ap.org  https://app.allaccessible.org  https://themainemonitor.activehosted.com  https://donorbox.org  https://trackcmp.net  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://cdn.datatables.net  https://connect.facebook.net  https://assets.pinterest.com  https://www.google-analytics.com  https://www.googletagmanager.com  https://yoast.com  https://www.gstatic.com  https://www.buzzsprout.com  https://public.flourish.studio  https://static.ctctcdn.com  https://e.infogram.com  https://cdnjs.cloudflare.com  https://datawrapper.dwcdn.net  https://assets.msn.com  https://platform.twitter.com  https://me.kis.v2.scr.kaspersky-labs.com  https://www.pagespeed-mod.com  https://pixel.propublica.org  https://gc.kis.v2.scr.kaspersky-labs.com  https://translate.google.com  https://translate-pa.googleapis.com  data:  https://assets.documentcloud.org  https://translate.googleapis.com  https://conoret.com  https://www.clarity.ms  https://www.google.com  https://nitroscripts.com  https://cdn-lbpkl.nitrocdn.com  blob:  https://interactives.ap.org  https://app.allaccessible.org  https://themainemonitor.activehosted.com  https://donorbox.org  https://trackcmp.net ; style-src 'self' 'unsafe-inline' https://cdn.datatables.net  https://maxcdn.bootstrapcdn.com  https://fonts.googleapis.com  https://www.opoint.no  https://use.fontawesome.com  https://www.gstatic.com  https://ajax.googleapis.com  https://static.dwcdn.net  https://cdn.honey.io  https://datawrapper.dwcdn.net  https://projects.propublica.org  https://gc.kis.v2.scr.kaspersky-labs.com  https://fonts.bunny.net  data:  https://bzw5s16w5761b70rj70yiufau0fk.mentionusercontent.net  https://cdn-lbpkl.nitrocdn.com  https://app.allaccessible.org ; style-src-elem 'self' 'unsafe-inline' https://cdn.datatables.net  https://maxcdn.bootstrapcdn.com  https://fonts.googleapis.com  https://www.opoint.no  https://use.fontawesome.com  https://www.gstatic.com  https://ajax.googleapis.com  https://static.dwcdn.net  https://cdn.honey.io  https://datawrapper.dwcdn.net  https://projects.propublica.org  https://gc.kis.v2.scr.kaspersky-labs.com  https://fonts.bunny.net  data:  https://bzw5s16w5761b70rj70yiufau0fk.mentionusercontent.net  https://cdn-lbpkl.nitrocdn.com  https://app.allaccessible.org ; font-src 'self' https://maxcdn.bootstrapcdn.com  https://fonts.gstatic.com  https://use.fontawesome.com  https://static.dwcdn.net  https://www.slant.co  https://assets.propublica.org  https://cdn.jotfor.ms  https://fonts.bunny.net  https://bzw5s16w5761b70rj70yiufau0fj.mentionusercontent.net  https://5sfuv6rjt77bab0s8uv6rju75r53cqhfj.mentionusercontent.net  https://bzw5s16w5761b70rj70yiufau0f1.mentionusercontent.net  chrome-extension  https://cdn-lbpkl.nitrocdn.com  https://allaccessible.s3.us-west-2.amazonaws.com  data:; frame-src 'self' https://public.tableau.com  https://public.tableausoftware.com  https://www.youtube.com  https://e.infogram.com  https://www.buzzsprout.com  https://www.google.com  https://flo.uri.sh  https://docs.google.com  kapow  https://www.msn.com  https://datawrapper.dwcdn.net  https://platform.twitter.com  https://cdn.knightlab.com  https://www.googletagmanager.com  https://www.podbean.com  https://www.facebook.com  https://w.soundcloud.com  https://player.vimeo.com  https://m.facebook.com  https://player.wbur.org  https://player.captivate.fm  https://themainemonitor.giv.sh  https://ourworldindata.org  https://accounts.google.com  https://static.contextall.com  https://backhome.news21.com  https://clarity.microsoft.com  https://infogram.com  https://www.canva.com  https://interactives.ap.org  https://online.fliphtml5.com  https://donorbox.org  https://www.billtrack50.com  https://george-mainemonitor.github.io  blob:; connect-src 'self' https://www.google-analytics.com  https://stats.g.doubleclick.net  https://region1.google-analytics.com  https://my.yoast.com  https://yoast.com  https://my.wpengine.com  https://datawrapper.dwcdn.net  https://cdn.datatables.net  https://maxcdn.bootstrapcdn.com  https://analytics.google.com  https://secure.gravatar.com  https://www.facebook.com  https://api-js.mixpanel.com  https://translate.googleapis.com  data:  https://y.clarity.ms  https://u.clarity.ms  https://t.clarity.ms  https://v.clarity.ms  https://q.clarity.ms  https://r.clarity.ms  https://w.clarity.ms  https://s.clarity.ms  https://p.clarity.ms  https://x.clarity.ms  https://k.clarity.ms  https://n.clarity.ms  https://z.clarity.ms  https://e.clarity.ms  https://j.clarity.ms  https://o.clarity.ms  https://i.clarity.ms  https://b.clarity.ms  https://h.clarity.ms  https://l.clarity.ms  https://www.clarity.ms  https://f.clarity.ms  https://a.clarity.ms  https://m.clarity.ms  https://g.clarity.ms  https://d.clarity.ms  https://api.mkmediaworks.com  https://to.getnitropack.com  https://nitropack.io  https://cdn-lbpkl.nitrocdn.com  https://www.googletagmanager.com  https://connect.facebook.net  https://www.google.com  https://app.allaccessible.org  https://api-iam.intercom.io  https://allaccessible.s3.us-west-2.amazonaws.com  https://fonts.googleapis.com  https://translate-pa.googleapis.com  https://www.gstatic.com  https://fonts.bunny.net;  media-src 'self' data:;  worker-src 'self' blob:; 1
default-src 'self'; style-src 'self' *.google.com *.googleapis.com *.cyber-duck.co.uk *.fasttiger.io fasttiger.io webeo-web-content.s3-eu-west-1.amazonaws.com cdn.jsdelivr.net 'unsafe-inline'; img-src 'self' data: *; frame-src 'self' *.youtube.com *.google.com *.googletagmanager.com *.slideshare.net jira.cyberduck.net giphy.com *.facebook.com *.fasttiger.io fasttiger.io *.hotjar.com https://platform.twitter.com/ *.youtube-nocookie.com td.doubleclick.net; frame-ancestors 'self'; connect-src 'self' *.doubleclick.net *.google-analytics.com *.fullstory.com *.fasttiger.io fasttiger.io *.googleadservices.com googleadservices.com *.google.co.uk google.co.uk iptrack.io *.iptrack.io *.hotjar.io *.hotjar.com wss://*.hotjar.com  *.6sc.co *.oribi.io secure.adnxs.com *.autopilotapp.com 0abbe5c7j1.execute-api.eu-west-1.amazonaws.com *.leadforensics.com *.google.com *.facebook.com *.googlesyndication.com *.liadm.com *.linkedin.com jscloud.net https://gloin-eu-west-1.searchly.com; font-src 'self' data: *.gstatic.com cdn.jsdelivr.net; form-action 'self' *.linkedin.com *.facebook.com *.fasttiger.io fasttiger.io; script-src 'self' *.youtube.com *.doubleclick.net *.google-analytics.com *.google.co.uk *.google.com *.googleapis.com *.googlecode.com *.googlesyndication.com *.googleadservices.com *.twitter.com *.googletagmanager.com *.gstatic.com *.addthis.com *.jquery.com *.leadforensics.com *.fasttiger.com *.cyberduck.net *.licdn.com *.fullstory.com *.ads-twitter.com *.ytimg.com *.fasttiger.io fasttiger.io fullstory.com googleadservices.com iptrack.io *.iptrack.io connect.facebook.net *.responsetap.com *.hotjar.com *.6sc.co *.speedcurve.com cdneu.net *.autopilotapp.com *.whizeo.com openfpcdn.io webeo-web-content.s3-eu-west-1.amazonaws.com cdn.jsdelivr.net *.webeo.com secure.intelligententerpriseacumen.com jscloud.net *.jscloud.net 'unsafe-inline' 'unsafe-eval'; report-uri https://o15468.ingest.sentry.io/api/46020/security/?sentry_key=982aaa0f7aff4401a68795a23619484f 1
frame-ancestors 'self' http://www.philips.ie *.philips.com *.philips.ie https://philipsigtdpv.com 1
default-src 'none'; connect-src https://miedge.net https://www.google-analytics.com https://stats.g.doubleclick.net; img-src * data:; style-src 'unsafe-inline' https://miedge.net https://maxcdn.bootstrapcdn.com; script-src 'unsafe-inline' 'unsafe-eval' https://miedge.net https://maxcdn.bootstrapcdn.com https://www.google-analytics.com; font-src https://miedge.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src https://miedge.net ; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none' 1
default-src 'self' https://secure.gravatar.com https://static.addtoany.com http://platform.twitter.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com http://www.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com http://connect.facebook.net https://connect.facebook.net https://www.google.com https://staticxx.facebook.com/ https://www.facebook.com/ https://stats.g.doubleclick.net http://netdna.bootstrapcdn.com https://netdna.bootstrapcdn.com https://difl3vniyrx1b.cloudfront.net https://www.gstatic.com https://www.youtube.com https://learntolivecom.mpeasylink.com https://es.learntolive.com https://estest.learntolive.com https://www.learntolive.com http://www.learntolive.com https://analytics.convertlanguage.com https://fonts.googleapis.com https://fonts.gstatic.com https://resources.learntolive.com https://pi.pardot.com 'unsafe-inline' 'unsafe-eval' data: 1
frame-ancestors 'self' cms.cellpointdigital.com 1
frame-ancestors 'self' https://omnidoctor.ru/ 1
img-src 'self' *.windows.net  data: blob: *.google-analytics.com *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.googletagmanager.com; style-src 'unsafe-inline' 'self' *.myfonts.net *.mapbox.com optanon.blob.core.windows.net *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com; script-src 'nonce-cf5cc022-d10e-430b-8f64-8018c186ccff' blob: 'strict-dynamic' https: *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com; object-src 'none'; base-uri 'self'; media-src *.vimeo.com *.akamaized.net; default-src 'self' data: *.hcaptcha.com *.mapbox.com blob: *.google-analytics.com *.azure.com *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com; report-uri https://medlog.report-uri.com/r/d/csp/wizard; report-to default; 1
frame-ancestors 'self'  https://yukoncollege.sharepoint.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: 1
frame-ancestors https://*.kennesaw.edu; 1
connect-src 'self' www.facebook.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com pagead2.googlesyndication.com www.google.com googleads.g.doubleclick.net analytics.google.com www.google-analytics.com stats.g.doubleclick.net login.microsoftonline.com data: forms-eu1.hscollectedforms.net api-eu1.hubapi.com https://tlkfrontprod.azureedge.net o4504211537854464.ingest.sentry.io toloka.dev sandbox.toloka.dev;script-src 'self' connect.facebook.net www.google-analytics.com www.googletagmanager.com www.google.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com googleads.g.doubleclick.net js-eu1.hs-scripts.com js-eu1.hsadspixel.net js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net https://tlkfrontprod.azureedge.net o4504211537854464.ingest.sentry.io 'nonce-2638cd8f2ce54e88af1591cf24623575';style-src 'self' googletagmanager.com fonts.googleapis.com tagmanager.google.com https://tlkfrontprod.azureedge.net 'unsafe-inline';img-src https: 'self' googletagmanager.com *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com ssl.gstatic.com www.gstatic.com https://tlkfrontprod.azureedge.net;frame-src td.doubleclick.net bid.g.doubleclick.net www.facebook.com sdx.microsoft.com www.youtube.com youtube.com https://tlkfrontprod.azureedge.net blob:;manifest-src 'self' https://tlkfrontprod.azureedge.net;frame-ancestors 'self' *.toloka.ai toloka.ai *.toloka-test.ai;report-to default-group;font-src 'self' fonts.gstatic.com https://tlkfrontprod.azureedge.net data:;media-src 'self' https://tlkfrontprod.azureedge.net;base-uri 'none';default-src 'none';child-src blob:;style-src-attr 'unsafe-inline';report-uri https://o4504211537854464.ingest.us.sentry.io/api/4505081156730880/security/?sentry_key=073b9b6744944a979dca08ea0b0f27f7 1
default-src *.gstatic.com ir.stockpr.com www.travelandleisureco.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; script-src *.quotemedia.com *.google.com *.google-analytics.com *.gstatic.com browser-update.org *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com *.googletagmanager.com website-search.ent.us-east-1.aws.found.io *.g.doubleclick.net geolocation.onetrust.com edge.fullstory.com rs.fullstory.com cdn.cookielaw.org *.imirwin.com ir.stockpr.com www.travelandleisureco.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; connect-src *.quotemedia.com *.google.com *.google-analytics.com *.gstatic.com browser-update.org *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com *.googletagmanager.com website-search.ent.us-east-1.aws.found.io *.g.doubleclick.net geolocation.onetrust.com edge.fullstory.com rs.fullstory.com cdn.cookielaw.org *.imirwin.com ir.stockpr.com www.travelandleisureco.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; style-src fonts.googleapis.com *.gstatic.com *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com cdn.jsdelivr.net ir.stockpr.com www.travelandleisureco.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; font-src cdnjs.cloudflare.com/ajax/libs/font-awesome/ fonts.googleapis.com *.gstatic.com ir.stockpr.com www.travelandleisureco.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; img-src mms.businesswire.com cdn.cookielaw.org *.googletagmanager.com *.google-analytics.com *.google.com ir.stockpr.com www.travelandleisureco.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; frame-src *.google.com youtube.com youtube-nocookie.com vimeo.com *.vimeo.com *.hcaptcha.com hcaptcha.com ir.stockpr.com www.travelandleisureco.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; object-src *.gstatic.com ir.stockpr.com www.travelandleisureco.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-DdyjSLT9toJTstPQPA0QEA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
worker-src blob: www.google.com *.pusher.com *.hsforms.com *.hsforms.net *.hubspot.com *.hubspot.net; font-src https://fonts.gstatic.com *.gstatic.com data: fonts.gstatic.com *.kxcdn.com *.fontawesome.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.ariba.com ariba.com disdono.com *.eprohub.net eprohub.net nelsonjameson.us2.list-manage.com *.hsforms.com *.hsforms.net *.hubspot.com *.hubspot.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.ariba.com ariba.com disdono.com *.eprohub.net eprohub.net *.hsforms.com *.hsforms.net *.hubspot.com *.hubspot.net 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com www.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com *.fls.doubleclick.net simpli.fi *.simpli.fi www.trustedsite.com certtransaction.hostedpayments.com transaction.hostedpayments.com certservices.elementexpress.com services.elementexpress.com certtransaction.elementexpress.com transaction.elementexpress.com ariba.com *.ariba.com *.goudanough.com goudanough.com *.nelsonjameson.com nelsonjameson.com cheesepedia.com *.cheesepedia.com *.eprohub.net eprohub.net googletagmanager.com td.doubleclick.net *.bugherd.com *.hsforms.com *.hsforms.net *.hubspot.com *.hubspot.net *.hs-sites.com play.hubspotvideo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.vimeocdn.com i.ytimg.com *.gstatic.com *.googleapis.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.google.com *.fbcdn.net https://img.youtube.com https://www.magezon.com code.jquery.com maxcdn.bootstrapcdn.com image-charts.com cdn.ywxi.net cdn.jsdelivr.net www.rumiview.com twin-iq.kickfire.com simpli.fi *.simpli.fi www.google-analytics.com google.com www.google.com googletagmanager.com www.googletagmanager.com www.googleadservices.com cm.g.doubleclick.net eb2.3lift.com simplifi.partners.tremorhub.com pixel.tapad.com aa.agkn.com image2.pubmatic.com sync.intentiq.com ads.stickyadstv.com loadm.exelator.com ups.analytics.yahoo.com sync.bfmio.com stags.bluekai.com bcp.crwdcntrl.net ce.lijit.com idsync.rlcdn.com sync.search.spotxchange.com ib.adnxs.com pixel.rubiconproject.com us-u.openx.net fei.pro-market.net googleads.g.doubleclick.net d.agkn.com pippio.com sync1.intentiq.com *.algolia.net foodsafetykits.com sync.1rx.io ad.doubleclick.net placehold.co *.cloudfront.net *.bugherd.com bugherd-attachments.s3.amazonaws.com digitalasset.intuit.com track.hubspot.com s.ad.smaato.net rtb-csync.smartadserver.com sync.targeting.unrulymedia.com cms.analytics.yahoo.com segments.company-target.com px.ads.linkedin.com *.hsforms.com *.hsforms.net *.hubspot.com *.hubspot.net js.hscta.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com polyfill.io *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.youtube.com https://devdocs.magento.com https://magento.com s7.addthis.com *.avada.io www.google.com www.gstatic.com cdn.jsdelivr.net code.jquery.com maxcdn.bootstrapcdn.com cdn.ywxi.net www.trustedsite.com www.google-analytics.com www.rumiview.com twin-iq.kickfire.com *.simpli.fi bam.nr-data.net js-agent.newrelic.com tags.srv.stackadapt.com googleads.g.doubleclick.net s3-us-west-2.amazonaws.com www.googleadservices.com sync.1rx.io pippio.com sync.search.spotxchange.com *.algolia.net *.algolia.io *.cloudflare.com *.bugherd.com *.chimpstatic.com chimpstatic.com *.mailchimp.com mc.us2.list-manage.com s3.amazonaws.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.hsadspixel.net *.hs-scripts.com *.hsforms.com *.hsforms.net *.hubspot.com *.hubspot.net js.hscta.net static.hsappstatic.net *.usemessages.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspotfeedback.com feedback.hubapi.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.fontawesome.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net tags.srv.stackadapt.com *.mailchimp.com *.hsforms.com *.hsforms.net *.hubspot.com *.hubspot.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.googleapis.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com https://devdocs.magento.com ekr.zdassets.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io www.gstatic.com s3-us-west-2.amazonaws.com www.trustedsite.com www.google-analytics.com bam.nr-data.net stats.g.doubleclick.net analytics.google.com tags.srv.stackadapt.com googleads.g.doubleclick.net assets.adobedtm.com sync.1rx.io pippio.com sync.search.spotxchange.com www.googleadservices.com *.algolia.io pagead2.googlesyndication.com sessions.bugsnag.com *.pusher.com api.hubapi.com *.hscollectedforms.net simpli.fi *.simpli.fi *.hsforms.com *.hsforms.net *.hubspot.com *.hubspot.net *.google.com google.com *.hubapi.com js.hscta.net *.hs-banner.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://nelsonjameson.com/csp/endpoint/index; report-to report-endpoint;, upgrade-insecure-requests; 1
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; script-src-elem * 'unsafe-inline' 'unsafe-eval' 1
upgrade-insecure-requests; default-src 'self' https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; object-src https:; form-action https:; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=newspaper&d=2024-07-26 1
default-src 'self' https://content-eu-1.content-cms.com https://cdn.plyr.io https://consent.trustarc.com http://consent-pref.trustarc.com https://onetag-sys.com https://www.youronlinechoices.com https://insight.adsrvr.org https://eb2.3lift.com https://analytic.underarmour.com https://dpm.demdex.net https://www.facebook.com https://cm.everesttech.net https://tr-shadow.snapchat.com https://tr.snapchat.com 'unsafe-inline'; script-src 'self' https://content-eu-1.content-cms.com https://consent.trustarc.com http://consent.trustarc.com https://cdn.plyr.io http://assets.adobedtm.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr-shadow.snapchat.com https://tr.snapchat.com 'unsafe-inline' 'unsafe-eval'; font-src 'self'; frame-ancestors 'self'; frame-src 'self' https://underarmourinc.demdex.net https://consent-pref.trustarc.com https://tr-shadow.snapchat.com https://tr.snapchat.com https://www.facebook.com/ https://hsmllswkf4p.typeform.com/to/WAmkiudD; img-src 'self' data: https://content-eu-1.content-cms.com https://consent.trustarc.com http://consent.trustarc.com https://cdn.plyr.io https://www.facebook.com http://analytic.underarmour.com https://cm.everesttech.net https://analytics.underarmour.com https://dpm.demdex.net; connect-src 'self' https://analytics.pangle-ads.com/api/v2/pangle_pixel https://content-eu-1.content-cms.com https://localhost:3030 https://consent.trustarc.com http://consent.trustarc.com https://cdn.plyr.io/ https://x91o30go6a.execute-api.eu-west-1.amazonaws.com https://s2dl86f4p2.execute-api.eu-west-1.amazonaws.com https://dpm.demdex.net https://analytic.underarmour.com https://analytics.tiktok.com https://tr-shadow.snapchat.com https://tr.snapchat.com https://tr6.snapchat.com; 1
frame-ancestors 'self' https://discovery.wip.rockpapercoin.com https://demo.rockpapercoin.com https://staging.rockpapercoin.com https://app.rockpapercoin.com https://www.cwpsociety.com/ https://www.certifiedweddingplannersociety.com/ https://www.thebridalsociety.com/ https://learn.weddingtimelinecertification.com/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://plausible.satsback.com/js/ https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/ https://cdn.datatables.net/ https://platform.twitter.com/ https://pagead2.googlesyndication.com/pagead/js/ https://cdn.jsdelivr.net/gh/davidshimjs/qrcodejs@gh-pages/ ; style-src 'self' 'unsafe-inline' https://cdn.datatables.net/ https://fonts.googleapis.com; img-src 'self' * data:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://plausible.satsback.com/ https://pagead2.googlesyndication.com/pagead/js/ *.pusher.com/; media-src 'self'; frame-src 'self' https://platform.twitter.com/ https://*.youtube.com/; base-uri 'self'; 1
default-src 'self';style-src 'self' 'nonce-QOlYr5k1Ls3VoNjVQLK5DWFc';script-src 'nonce-QOlYr5k1Ls3VoNjVQLK5DWFc';font-src 'none';object-src 'none';base-uri 'none';form-action 'self' https://www.google.com/search;require-trusted-types-for 'script';upgrade-insecure-requests;worker-src 'none';frame-ancestors 'self';report-to csp; report-uri https://b955d87f46a8787af6cdaec8f56047d8.report-uri.com/r/d/csp/enforce; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://sciencemastodon.com; img-src 'self' https: data: blob: https://sciencemastodon.com; style-src 'self' https://sciencemastodon.com 'nonce-7Zv4QJphQeH1B3DWMdYgRg=='; media-src 'self' https: data: https://sciencemastodon.com; frame-src 'self' https:; manifest-src 'self' https://sciencemastodon.com; form-action 'self'; child-src 'self' blob: https://sciencemastodon.com; worker-src 'self' blob: https://sciencemastodon.com; connect-src 'self' data: blob: https://sciencemastodon.com https://cdn.masto.host wss://sciencemastodon.com; script-src 'self' https://sciencemastodon.com 'wasm-unsafe-eval' 1
frame-ancestors 'self' gather.town; 1
object-src 'none';         script-src * 'unsafe-inline' 'unsafe-eval';         base-uri 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.xx.fbcdn.net pagecdn.io data:; font-src 'self' fonts.gstatic.com data:; frame-src 'self' heyzine.com pagecdn.io google.com maps.googleapis.com https://www.youtube.com http://www.muzeulgazelor.ro https://www.google.com/ data:; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https://www.romgaz.ro cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill-fastly.io https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com cdnjs.cloudflare.com https://polyfill-fastly.io https://unpkg.com https://www.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://www.google-analytics.com https://www.googletagmanager.com https://img1.wsimg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' http: https:; img-src 'self' data: https://secure.gravatar.com https://cdn-cookieyes.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://www.google-analytics.com https://www.googletagmanager.com https://csp.secureserver.net https://events.api.secureserver.net; font-src 'self' 'unsafe-inline' https:; media-src https:; child-src 'self' 'unsafe-inline' 'unsafe-eval' https:; form-action 'self'; frame-ancestors https:; object-src 'none'; frame-src https: https://maps.google.com https://www.google.com; base-uri 'self'; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-modals 1
upgrade-insecure-requests; default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 1
script-src 'self' apis.google.com www.googletagmanager.com maps.googleapis.com 'nonce-MjMzNzQ3OTIzNyw0ODg4MDk4NzU=' 'strict-dynamic'; worker-src 'self'; object-src 'self'; style-src 'unsafe-inline' 'self'; upgrade-insecure-requests; frame-ancestors 'self'; base-uri self; form-action 'self' 1
script-src 'self' https://js.stripe.com https://www.google.com https://www.gstatic.com https://js.hs-scripts.com https://*.hscollectedforms.net https://*.hs-analytics.net https://*.hs-banner.com https://*.usemessages.com; connect-src 'self' https://js.stripe.com https://*.amazonaws.com https://api.hubapi.com https://forms.hscollectedforms.net https://track.hubspot.com https://api.hubspot.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com; default-src 'self'; object-src 'none'; frame-src 'self' https://js.stripe.com https://www.youtube.com https://www.google.com https://app.hubspot.com; img-src 'self' data: https://*.amazonaws.com https://api.qrserver.com https://d1tjhalb21ij3m.cloudfront.net https://track.hubspot.com https://forms.hsforms.com; base-uri https://*.metronomesoftware.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://d1tjhalb21ij3m.cloudfront.net 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google.com https://ajax.googleapis.com https://www.gstatic.com https://www.youtube.com https://cdnjs.cloudflare.com https://static.axept.io https://axeptio.imgix.net https://t.novius.net https://cdn.novius.net; object-src 'self'; frame-src 'self' https://www.youtube.com 1
frame-ancestors https://*.teampenske.com 1
default-src https: data: blob: 'unsafe-inline'; frame-ancestors *; report-uri https://quyntess.report-uri.com/r/d/csp/reportOnly; upgrade-insecure-requests 1
default-src 'self'; frame-ancestors https://*.greenwheels.com ; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src 'self' blob: 1
default-src 'self' *.google.com *.squareup.com  *.plaid.com  *.squareupsandbox.com  *.facebook.com analytics.tiktok.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.pingdom.net *.cardinalcommerce.com *.amazonaws.com *.hotjar.com blob:; script-src 'self' *.fw-cdn.com *.google-analytics.com *.run-static.pingdom.net 'unsafe-inline' 'unsafe-eval' data: https: blob:; img-src 'self' data:  https: blob: http://i.ytimg.com; font-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' *.freshchat.com *.ccavenue.com *.cardconnect.com *.snapchat.com *.squareup.com *.squarecdn.com *.stripe.com *.plaid.com *.squareupsandbox.com *.googleapis.com *.facebook.net *.facebook.com *.analytics.tiktok.com *.pingdom.net *.cardinalcommerce.com https://*.hytix.com https://*.santaticket.com https://*.fearticket.com https://fearticket.freshdesk.com/ https://*.google.com https://static.hauntworld.com https://*.cloudfront.net https://*.youtube.com; object-src 'none'; media-src 'self' *.pingdom.net https://*.hauntworld.com https://*.cloudfront.net; frame-ancestors 'self' *.facebook.net *.facebook.com https://*.hytix.com https://*.santaticket.com https://*.fearticket.com https://admin.fearticket.com:7070 http://admin.ticketsystem.local:7070 1
default-src 'none' 'report-sample'; manifest-src 'self' 'report-sample'; script-src 'self' 'unsafe-inline' https://*.licdn.com https://*.linkedin.com https://*.clarity.ms https://c.bing.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://js-eu1.hsforms.net https://js-eu1.hsadspixel.net https://t.leadlab.click https://www.google.com https://www.gstatic.com https://matomo.bartec.com https://*.googletagmanager.com https://c.leadlab.click https://www.youtube.com 'report-sample'; connect-src 'self' https://errors.dkd.de https://api-eu1.hubapi.com https://*.linkedin.com https://*.clarity.ms https://*.hsforms.com https://*.hscollectedforms.net https://*.hs-banner.com https://matomo.bartec.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://t.leadlab.click/ 'report-sample'; img-src 'self' https://*.linkedin.com https://*.hubspot.com https://c.bing.com https://*.clarity.ms https://*.hsforms.com https://*.google-analytics.com https://*.googletagmanager.com data: 'report-sample'; style-src 'self' 'unsafe-inline' 'report-sample'; base-uri 'self' 'report-sample'; form-action 'self' https://*.hsforms.com 'report-sample'; frame-src 'self' https://www.google.com https://*.hsforms.com https://www.youtube-nocookie.com *.bartec.de *.bartec.com https://support.pixavi.com https://pixavi.freshworks.com 'report-sample'; font-src 'self' data: 'report-sample'; media-src blob: 'self'; report-uri https://errors.dkd.de/api/29/security/?sentry_key=9ddcb18ea96e1dd2298a6e801a15ae7c&sentry_environment=Production-Production 1
default-src 'self' blob:; font-src 'self' * data:  ; connect-src 'self' *.visualwebsiteoptimizer.com app.vwo.com *; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com app.vwo.com * blob:; script-src-elem 'unsafe-inline' 'self' *.visualwebsiteoptimizer.com app.vwo.com * blob:; img-src 'self' *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com * data:; worker-src 'self' blob:; frame-src 'self' app.vwo.com *.visualwebsiteoptimizer.com *; 1
base-uri 'self'; default-src 'self'; object-src 'none'; connect-src 'self' *.juicer.io graph.facebook.com; font-src 'self' *.gstatic.com *.juicer.io; script-src 'self' 'strict-dynamic' 'report-sample' 'nonce-3c20cc2dc2a6a1200554c4a88e9a2acb'; script-src-attr 'none'; script-src-elem 'self' 'strict-dynamic' 'report-sample' 'nonce-3c20cc2dc2a6a1200554c4a88e9a2acb'; style-src 'self' 'unsafe-inline' *.googleapis.com *.juicer.io *.podigee.io *.podigee-cdn.net; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.juicer.io *.podigee.io *.podigee-cdn.net; img-src 'self' *.googleapis.com *.gstatic.com *.juicer.io *.twimg.com *.imgur.com *.fbcdn.net *.instagram.com *.cdninstagram.com *.podigee-cdn.net data:; child-src 'none'; frame-src 'self' *.podigee.io *.podigee-cdn.net; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; report-uri /csp-violations 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://get.mycounter.ua https://*.googletagmanager.com https://*.google-analytics.com https://*.speedtestcustom.com; img-src * data: ; style-src 'self' 'unsafe-inline' https://*.speedtestcustom.com; frame-src 'self' https://maps.google.com https://www.google.com https://*.speedtestcustom.com; connect-src 'self' https://www.google-analytics.com https://*.speedtestcustom.com; 1
script-src http: https: 'self' 'unsafe-inline' 'unsafe-eval' https://hendi.com/ *.hotjar.com; style-src 'self' blob: https: 'unsafe-inline' https://hendi.com/ *.hotjar.com; connect-src http: https: 'self' *.hotjar.com *.hotjar.io wss://*.hotjar.com; img-src data: http: https: *.hotjar.com; object-src 'none'; base-uri 'none'; child-src 'self'; font-src http: https: 'self' geowidget.easypack24.net fonts.gstatic.com *.hotjar.com *.cdnjs.cloudflare.com; frame-src http: https: *.google.com *.youtube.com *.youtu.be *.vimeo.com *.hotjar.com *.criteo.com *.criteo.net consentcdn.cookiebot.com *.facebook.com js.stripe.com; 1
frame-ancestors 'self' https://borne-leclerc.opentlv.com 1
script-src https://*.google-analytics.com https://*.googletagmanager.com https://gdd.aks.santanderbr.dev.corp https://gdd.aks.santanderbr.pre.corp https://gdd.aks.santanderbr.corp 'self' 'unsafe-inline' 'unsafe-eval' blob:; img-src https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.br https://stats.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ; style-src 'self' 'unsafe-inline'; child-src 'self'; frame-src 'self'; connect-src 'self' https://*.azure.paas.santanderbr.dev.corp https://*.azure.paas.santanderbr.pre.corp https://*.santanderbr.dev.corp https://*.santanderbr.pre.corp https://*.santander.com.br https://*.api.santanderbr.dev.corp https://*.api.santanderbr.pre.corp https://*.api.santanderbr.corp https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.br data:;object-src 'self' blob: data:; media-src 'self' blob:; worker-src 'self'; frame-ancestors 'none'; 1
script-src 'self';connect-src 'self' blob: https://ryona.agency wss://ryona.agency;media-src 'self' https: http:;img-src 'self' data: blob: https: http:;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self' 1
script-src 'self' https://www.gstatic.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com https://secure.gravatar.com https://www.google.com/ https://hcaptcha.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://secure.gravatar.com https://tagmanager.google.com/ https://fonts.googleapis.com/ https://ssl.google-analytics.com https://hello.myfonts.net; img-src 'self' 'unsafe-inline' https://ssl.google-analytics.com https://secure.gravatar.com https://ssl.gstatic.com/ data: ; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; frame-src https://www.google.com/; object-src 'none'; frame-ancestors 'self'; default-src 'none';base-uri 'self'; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-YjZjNjA5ZTA1YmIxNDMxZmIzODUyN2IzMjk5YzMwNmY=' https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rijksvastgoedbedrijf.nl; font-src 'self' https://statistiek.rijksoverheid.nl; object-src 'none'; connect-src https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.rijksvastgoedbedrijf.nl; img-src 'self' data: https://d3oiud1b8fohdw.cloudfront.net https://statistiek.rijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.toegankelijkheidsverklaring.nl; media-src 'self' https://*.rovid.nl https://*.rijksoverheidsvideo.nl; form-action 'self' https://export.highcharts.com https://*.contenttoolsrijksoverheid.nl https://*.rijksvastgoedbedrijf.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' https://app.storyblok.com https://app.storyblok.org http://app.storyblok.com http://app.storyblok.org 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://fonts.gstatic.com https://fonts.googleapis.com https://maps.gstatic.com https://themes.googleusercontent.com; style-src 'self' 'unsafe-inline' https://themes.googleusercontent.com https://fonts.googleapis.com; 1
frame-ancestors 'self' https://*.storyblok.com/ 1
script-src 'self' 'unsafe-inline' https://www.pluscard.de/; frame-ancestors 'self' https://www.s-id-check.de/ https://www.mein-transakt.de/ https://www.mein-fido.de/ https://www.online-zahlen-mit-fido.de/ https://www.pluscard.de/ 1
script-src 'self' https://www.google.com https://www.gstatic.com https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com/ https://connect.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://fonts.googleapis.com https://maps.googleapis.com/ https://appleid.cdn-apple.com 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; 1
frame-ancestors 'none'; default-src https://smedpatient.eterminservice.de https://*.116117-termine.de https://*.116117termine.de https://116117-termine.de https://116117termine.de https://*.116117.app https://116117.app https://www.eterminservice.de https://eterminservice.de https://*.googleapis.com https://*.gstatic.com https://photon.komoot.de 'unsafe-inline' 'unsafe-eval' data:; 1
default-src 'self' https://www.google.fr; script-src 'self' 'unsafe-inline' https://www.google.com https://snap.licdn.com https://js-eu1.hsforms.net https://cdnjs.cloudflare.com https://www.gstatic.com https://www.google.fr https://www.googletagmanager.com https://js-eu1.hs-scripts.com https://static.ctctcdn.com https://www.google-analytics.com https://static.hotjar.com https://f.vimeocdn.com https://js-eu1.hsleadflows.net https://js-eu1.hscollectedforms.net https://js-eu1.hs-banner.com https://js-eu1.hs-analytics.net https://js-eu1.hsadspixel.net https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://static.ctctcdn.com https://fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; frame-src 'self' https://www.google.com https://player.vimeo.com; img-src 'self' https://www.google.fr e https://secure.gravatar.com https://www.googletagmanager.com https://forms-eu1.hsforms.com https://track-eu1.hubspot.com https://px.ads.linkedin.com https://px4.ads.linkedin.com data:; connect-src 'self'  https://forms-eu1.hsforms.com https://forms-eu1.hscollectedforms.net https://forms-eu1.hubspot.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://listgrowth.ctctcdn.com https://px.ads.linkedin.com https://region1.analytics.google.com https://www.google.fr https://stats.g.doubleclick.net https://api-eu1.hubapi.com https://www.google-analytics.com; 1
default-src * ; img-src * 'self' data: blob: mediastream: https: 'unsafe-inline' 'unsafe-eval'; font-src * 'unsafe-inline' 'unsafe-eval' 'self' data: ; script-src * 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' https://manage.perioimplantadvisory.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self'; img-src *; font-src *; script-src 'self' *.googletagmanager.com *.google-analytics.com *.jquery.com *.cloudflare.com *.adroll.com *.optimizely.com *.sumome.com *.intercom.io *.intercomcdn.com *.cloudfront.net *.kissmetrics.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' ws: https: *.sumome.com *.intercom.io *.google-analytics.com *.doubleclick.net 1
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval' ; 1
frame-ancestors 'self' *.genesazrak.com *.888casinoarabic.net *.arabiccasino888.com *.casinoarabic888.com *.casinoarabic-888.com *.888-casinoarabic.com *.888casino-arabic.com http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ http://localhost:* https://localhost:* *.bingosys.net *.secured-igaming-usa.com *.888.pt *.sisportsbook.com *.888poker.de *.888slots.de *.safe-iplay.com http://*.safe-iplay.com http://*.888sport.com http://*.sisportsbook.com http://*.secured-igaming-usa.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888ladies.com *.888.pt cmsp *.harrahscasino.com *.wsop.com *.delawarepark.com *.doverdowns.com *.harringtongamingonline.com *.secured-igaming-services.com *.secured-igaming-usa.com *.igaming-services.com *.888.ca *.888casino.ca *.888poker.ca *.888sport.ca *.888.nl *.888casino.nl *.888poker.nl *.888sport.nl *.ar-888-casino.com *.888casino-ar.com *.ar888-casino.com *.arab888-casino.com *.casinoelarab-888.com *.alarab-888casino.com *.casinoalarab-888.com *.888casino-alarab.com *.888casino-arabian.com *.arabian-888casino.com *.888-casino-arabian.com *.888-casino-alarab.com *.ballysdover.com *.888casino-uae.com *.playat888-games.com *.888casino-game.com *.online-arabic-casino.net *.tripleeight.live *.playat888online.com *.888games-uae.com *.triple-eight-games.com *.play-casino-now.com *.888slots-uae.com *.888-uae.com *.mrgreen.de *.mrgreen.se *.mrgreen.com *.mrgreen.dk *.williamhill.com *.williamhill.local *.williamhill-pp2.com 1
frame-ancestors 'self'; frame-src bij12.nl *.bij12.nl *.facebook.com *.google.com *.cookiebot.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.fontawesome.com *.youtube-nocookie.com *.wolvesmap.zoogdiervereniging.nl *.localfocuswidgets.net *.omny.fm omny.fm wolvesmap.zoogdiervereniging.nl localfocuswidgets.net *.topdesk.net *.arcgis.com *.cloudflare.com 1
default-src 'self' cycognito.com *.cycognito.com data: blob:; img-src data: * blob:; media-src 'self' cycognito.com *.cycognito.com youtube.com *.youtube.com vidyard.com *.vidyard.com       qualified.com *.qualified.com *.comeet.co mitre-attack.github.io app.getreprise.com *.brighttalk.com; style-src 'self' 'unsafe-inline' cycognito.com *.cycognito.com mktoweb.com *.mktoweb.com vidyard.com *.vidyard.com *.comeet.co       mitre-attack.github.io app.getreprise.com *.brighttalk.com use.typekit.net p.typekit.net *.gartner.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' cycognito.com *.cycognito.com *.bizible.com js.zi-scripts.com ws-assets.zoominfo.com       schedule.zoominfo.com clearbitjs.com *.clearbitjs.com clearbitscripts.com *.clearbitscripts.com clearbit.com *.clearbit.com       marketo.com *.marketo.com marketo.net *.marketo.net mktoweb.com *.mktoweb.com 6sc.co *.6sc.co googletagmanager.com       *.googletagmanager.com google-analytics.com *.google-analytics.com qualified.com *.qualified.com sentry.io *.sentry.io       vidyard.com *.vidyard.com *.comeet.co mitre-attack.github.io app.getreprise.com *.brighttalk.com assets.calendly.com       *.doubleclick.net *.clarity.ms *.gartner.com *.youtube.com cdnjs.cloudflare.com; connect-src 'self' ws: cycognito.com *.cycognito.com js.zi-scripts.com ws.zoominfo.com api.schedule.zoominfo.com *.algolia.net       *.algolianet.com *.algolia.io adnxs.com *.adnxs.com 6sc.co *.6sc.co mktoresp.com *.mktoresp.com qualified.com *.qualified.com       sentry.io *.sentry.io *.qualified.com clearbit.com *.clearbit.com *.algolia.net *.algolianet.com *.algolia.io       vidyard.com *.vidyard.com *.comeet.co mitre-attack.github.io app.getreprise.com *.brighttalk.com google-analytics.com       *.google-analytics.com *.doubleclick.net *.google.com *.clarity.ms; frame-src 'self' blob: cycognito.com *.cycognito.com qualified.com *.qualified.com mktoweb.com *.mktoweb.com *.youtube.com vidyard.com       *.vidyard.com *.comeet.co mitre-attack.github.io app.getreprise.com *.brighttalk.com calendly.com *.doubleclick.net       *.gartner.com; font-src 'self' data: cycognito.com *.cycognito.com use.typekit.net p.typekit.net *.gartner.com; frame-ancestors cycognito.com *.cycognito.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: blob: ws:; frame-ancestors 'self'; upgrade-insecure-requests; base-uri 'self'; 1
frame-ancestors 'self' voortman.net *.voortman.net voortman.net.local voortman.net.test voortman.showpad.biz voortman.showpad.com 1
img-src 'self' https://f50ce8b91dd1f94c5ec2-3e285bfa4e7ff77b7136a6d2aeecab08.ssl.cf5.rackcdn.com https://www.google-analytics.com https://photos.edwardsgarment.com https://clickserv.sitescout.com https://vds.sage.net https://pixel.sitescout.com; 1
frame-ancestors luxinnovation.lu app-lxi-pu.azurewebsites.net admin-lxi.luxinnovation.lu app-lxi-pu-admin.azurewebsites.net 1
frame-ancestors 'self' https://monitor.ngblunetworks.nl; 1
frame-ancestors 'self' https://device.mobilitysignage.com http://device.mobilitysignage.com 1
default-src *  'unsafe-inline' ;  img-src * 'self' data:  ; font-src * 'self' data:; script-src *  'unsafe-inline' 'unsafe-eval' 1
block-all-mixed-content; default-src https: 'self'; font-src 'self' https: data:; img-src 'self' https: data:; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com/ https://webto.salesforce.com https://maps.googleapis.com/* https://maps.google.com/* https://www.googletagmanager.com https://submit.jotform.com http://www.youtube.com https://www.google.com https://www.google.com/recaptcha https://www.gstatic.com https://www.google-analytics.com https://region1.analytics.google.com https://www.youtube.com https://www.youtube.com/api https://login.microsoftonline.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://stats.g.doubleclick.net/j/collect https://privacyportal-eu.onetrust.com https://www.youtube-nocookie.com; style-src 'report-sample' 'unsafe-inline' 'self'; connect-src 'self' data: https://webto.salesforce.com https://webto.salesforce.com/servlet/servlet.WebToLead https://ws-sharepoint-acteon.azurewebsites.net https://cdn.cookielaw.org https://graphql.contentful.com https://www.google-analytics.com https://region1.analytics.google.com https://geolocation.onetrust.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://maps.googleapis.com; frame-src 'self' https://form.jotform.com https://submit.jotform.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com *.googleapis.com/ https://maps.googleapis.com/* https://maps.google.com/* ; worker-src 'none'; object-src 'none'; manifest-src 'self'; media-src 'self' https://www2.cs.uic.edu https://assets.ctfassets.net ; 1
script-src https://www.vdlgroep.com 'unsafe-inline' https://*.googleapis.com https://*.lfeeder.com https://www.google-analytics.com https://www.googletagmanager.com  https://googletagmanager.com https://*.hotjar.com https://*.gstatic.com https://*.leadinfo.com https://*.leadinfo.net https://www.youtube.com https://www.youtube-nocookie.com https://*.cubilis.eu https://*.dealfront.com https://*.vdlgroep.com https://*.vixyvideo.com  https://*.vimeo.com https://vimeo.com https://*.videocdn.com https://maps.googleapis.com https://*.translate.google.com https://www.googletagmanager.com;img-src https://www.vdlgroep.com data: https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.googleapis.com https://*.lfeeder.com https://*.google-analytics.com https://*.vixyvideo.com https://*.vimeo.com https://vimeo.com https://*.videocdn.com;child-src https://www.vdlgroep.com https://www.youtube.com https://www.youtube-nocookie.com https://*.hotjar.com https://www.google.com https://google.nl https://www.google.nl https://schaeffler.gomexlive.com https://*.vdlgroep.com https://*.google.com https://*.vixyvideo.com https://*.vimeo.com https://vimeo.com https://*.videocdn.com ;connect-src https://www.vdlgroep.com https://*.google-analytics.com https://www.youtube.com https://www.youtube-nocookie.com https://*.leadinfo.com https://*.leadinfo.net https://*.hotjar.com https://*.cubilis.eu https://*.gomexlive.com https://*.google.com https://i.ytimg.com https://*.vdlgroep.com https://*.google.com https://*.vixyvideo.com https://*.vimeo.com https://vimeo.com https://*.videocdn.com https://maps.googleapis.com https://*.translate.google.com https://*.lfeeder.com;default-src https://www.vdlgroep.com 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com 1
frame-ancestors 'self' simplicate.nl; 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.starbucks.nl/nl/report-uri/enforce 1
default-src 'self' *.qa-vynetrellis.com qa-vynetrellis.com *.qa-rpractice.com qa-rpractice.com; child-src 'self' blob: *.pendo.io qa-vynetrellis.com *.qa-vynetrellis.com; worker-src 'self' blob:; connect-src 'self' blob: wss://*.qa-vynetrellis.com wss://qa-vynetrellis.com *.google-analytics.com *.g.doubleclick.net *.google.com *.gstatic.com *.googletagmanager.com *.amazonaws.com *.typekit.net *.transnox.com *.cloudflare.com *.nsit-pass.com *.transit-pass.com *.nea-fast.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com *.qa-vynetrellis.com qa-vynetrellis.com *.hellopearl.com *.mouseflow.com; font-src 'self' data: *.gstatic.com *.typekit.net; form-action 'self'; frame-ancestors 'self' *.qa-vynetrellis.com qa-vynetrellis.com *.qa-rpractice.com qa-rpractice.com *.pendo.io; frame-src 'self' *.qa-vynetrellis.com qa-vynetrellis.com *.pendo.io *.youtube.com; img-src 'self' *.vynetrellis.com blob: data: *.qa-vynetrellis.com qa-vynetrellis.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com *.youtube.com *.ytimg.com; object-src 'none'; script-src 'self' 'unsafe-inline' *.google-analytics.com *.g.doubleclick.net *.google.com *.gstatic.com *.googletagmanager.com *.amazonaws.com *.typekit.net *.transnox.com *.cloudflare.com *.nsit-pass.com *.transit-pass.com *.nea-fast.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com pendo-io-static.storage.googleapis.com *.hellopearl.com *.mouseflow.com; style-src 'self' 'unsafe-inline' *.qa-vynetrellis.com qa-vynetrellis.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com fonts.googleapis.com *.typekit.net; 1
default-src 'self'; form-action 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://*.pinimg.com https://*.pinterest.com https://*.snapchat.com https://*.bing.com/ https://cdn.callrail.com/companies/363299321/ https://cdn.cookielaw.org/ https://cdn.inspectlet.com/inspectlet.js https://cdn.ywxi.net/js/ https://connect.facebook.net/ https://*.doubleclick.net/pagead/ https://js-agent.newrelic.com/ https://*.sleeknote.com/ https://tag.perfectaudience.com/ https://tags.srv.stackadapt.com/ https://*.clarity.ms/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.trustedsite.com/rpc/ https://gateway.moneris.com/chkt/js/chkt_v1.00.js https://sc-static.net/scevent.min.js https://qvdt3feo.com/events.js https://*.amazon-adsystem.com/ https://www.google.com/ https://*.sharethis.com/ https://gatewayt.moneris.com/ https://cdn.jsdelivr.net https://pvdpix.com/ https://sc-static.net/ https://pvdpix.com/ https://*.pinterest.com/ https://www.google.ca/; object-src 'none'; style-src 'report-sample' 'self' 'unsafe-inline' data: https://fonts.googleapis.com/ https://tags.srv.stackadapt.com/ https://cdn.cookielaw.org/ https://*.sharethis.com/ https://cdn.jsdelivr.net; img-src 'self' data: https://*.sleeknote.com/ https://*.bing.com/ https://*.clarity.ms/ https://cdn.cookielaw.org/ https://cdn.ywxi.net/ https://*.doubleclick.net/ https://tags.srv.stackadapt.com/ https://www.facebook.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/ https://www.google.co.in/ blob: https://*.snapchat.com/ https://*.pinterest.com/ https://*.sharethis.com/ https://fonts.gstatic.com/ https://www.google.ca/; media-src 'self'; frame-src 'self' https://*.doubleclick.net https://www.facebook.com https://gateway.moneris.com/chkt/display/index.php https://tr.snapchat.com/ https://*.sharethis.com/ https://*.amazon-adsystem.com/ https://gatewayt.moneris.com/ https://ct.pinterest.com/ https://pvdpix.com/ https://*.pinterest.com/; font-src 'self' https://fonts.gstatic.com; base-uri 'self'; connect-src 'self' https://analytics-fb.ama.ab.ca/ https://analytics.google.com/ https://bam.nr-data.net/ https://*.bing.com/ https://*.clarity.ms/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://www.google.com/ https://google.com/ https://hn.inspectlet.com/ https://s3-us-west-2.amazonaws.com/ https://*.doubleclick.net/ https://tags.srv.stackadapt.com/ https://www.google-analytics.com/ https://*.sleeknote.com/ https://*.snapchat.com/ https://*.facebook.com/ https://*.googleapis.com/ https://*.pinterest.com/ https://*.sharethis.com/ https://*.amazon-adsystem.com/ https://pvdpix.com/ https://*.pinterest.com/ https://pagead2.googlesyndication.com/ https://www.google.ca/ https://privacyportal.onetrust.com/; manifest-src 'self'; report-uri https://653046ecb6167cf8f68c68a0.endpoint.csper.io/?v=0; worker-src 'none' 1
default-src 'none'; frame-ancestors 'none'; script-src 'unsafe-eval' 'nonce-ydXHseCWvRMJ'; object-src 'none'; img-src 'self' data: https: 'unsafe-inline'; style-src-elem 'self' https: 'unsafe-inline'; font-src 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; frame-src 'self' https: 'unsafe-inline'; connect-src https: wss: 'unsafe-inline'; script-src-elem 'self' https: 'unsafe-hashes' 'unsafe-inline'; base-uri 'self' ; script-src-attr 'self' https: 'unsafe-inline'; form-action 'self' http: https: 'unsafe-inline'; media-src 'self' https: 'unsafe-inline'; 1
frame-ancestors www.farmanimalhealth.co.uk devfarmanimalhealth-uk.azurewebsites.net staging.coastalcottages.co.uk www.nadis.org.uk alerts.nadis.org.uk bdaze1efrmpwa01-gwp15nadiswidget.azurewebsites.net farm-portal-qa.elancoapps.com farmanimal.elanco.com *.farm.changeset.elancoapps.com localhost:3000 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://fivem.impulse99.com/logs/ https://fivem.impulse99.com/sidekiq/ https://fivem.impulse99.com/mini-profiler-resources/ https://fivem.impulse99.com/assets/ https://fivem.impulse99.com/brotli_asset/ https://fivem.impulse99.com/extra-locales/ https://fivem.impulse99.com/highlight-js/ https://fivem.impulse99.com/javascripts/ https://fivem.impulse99.com/plugins/ https://fivem.impulse99.com/theme-javascripts/ https://fivem.impulse99.com/svg-sprite/ https://www.google-analytics.com/analytics.js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0='; worker-src 'self' https://fivem.impulse99.com/assets/ https://fivem.impulse99.com/brotli_asset/ https://fivem.impulse99.com/javascripts/ https://fivem.impulse99.com/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com *.salesfire.co.uk *.smartmetrics.co *.smartmetrics.com *.smartmetrics.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.pinterest.com *.pinterdev.com commerce-app.pintergration.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com https://static.afterpay.com https://site-assets.afterpay.com/ cdn.doofinder.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google.co.uk *.bing.com *.pinterest.com *.clarity.ms *.mailchimp.com *.mcusercontent.com *.salesfire.co.uk *.smartmetrics.co *.smartmetrics.com *.smartmetrics.co.uk wss://ws.hotjar.com *.hotjar.com *.hotjar.io *.cloudflareinsights.com *.beanbagbazaar.ie *.mallohome.fr *.mallohome.de *.beanbagbazaar.co.uk *.pinterdev.com *.pinimg.com commerce-app.pintergration.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com cdn.doofinder.com chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.speedcurve.com *.bing.com *.pinimg.com *.pcapredict.com *.clarity.ms *.pinterest.com *.postcodeanywhere.co.uk *.salesfire.co.uk *.smartmetrics.co *.smartmetrics.com *.smartmetrics.co.uk wss://ws.hotjar.com *.hotjar.com *.hotjar.io *.cloudflareinsights.com *.beanbagbazaar.ie *.mallohome.fr *.mallohome.de *.beanbagbazaar.co.uk *.pinterdev.com commerce-app.pintergration.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.doofinder.com downloads.mailchimp.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.postcodeanywhere.co.uk *.beanbagbazaar.ie *.mallohome.fr *.mallohome.de *.beanbagbazaar.co.uk *.salesfire.co.uk wss://ws.hotjar.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.doofinder.com wss://*.doofinder.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com stats.g.doubleclick.net *.pinterest.com *.clarity.ms *.postcodeanywhere.co.uk *.salesfire.co.uk *.smartmetrics.co *.smartmetrics.com *.smartmetrics.co.uk wss://ws.hotjar.com *.hotjar.com *.hotjar.io *.cloudflareinsights.com *.beanbagbazaar.ie *.mallohome.fr *.mallohome.de *.beanbagbazaar.co.uk *.pinterdev.com commerce-app.pintergration.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://dair-community.social; img-src 'self' https: data: blob: https://dair-community.social; style-src 'self' https://dair-community.social 'nonce-RiwSCj89s3odYhsXy5U1nQ=='; media-src 'self' https: data: https://dair-community.social; frame-src 'self' https:; manifest-src 'self' https://dair-community.social; form-action 'self'; child-src 'self' blob: https://dair-community.social; worker-src 'self' blob: https://dair-community.social; connect-src 'self' data: blob: https://dair-community.social https://cdn.masto.host wss://dair-community.social; script-src 'self' https://dair-community.social 'wasm-unsafe-eval' 1
default-src 'self' gateway.zscloud.net blob:; frame-src 'self' gateway.zscloud.net www.google.com app.eu.pendo.io; child-src 'self' gateway.zscloud.net app.eu.pendo.io; frame-ancestors 'self' gateway.zscloud.net app.eu.pendo.io *.datadoghq.com; font-src 'self' data: https://*; media-src 'self' blob: https://* data:; style-src 'self' gateway.zscloud.net *.googleapis.com landingpad.me *.landingpad.me 'unsafe-inline' app.eu.pendo.io cdn.eu.pendo.io pendo-eu-static-5878461311811584.storage.googleapis.com; script-src 'self' landingpad.me *.landingpad.me gateway.zscloud.net 'unsafe-inline' 'wasm-unsafe-eval' app.eu.pendo.io pendo-eu-static.storage.googleapis.com cdn.eu.pendo.io pendo-eu-static-5878461311811584.storage.googleapis.com data.eu.pendo.io *.amazonaws.com snap.licdn.com static.zdassets.com *.zendesk.com cdn2l.ink www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com pi.pardot.com x.clearbitjs.com tag.clearbitscripts.com blob: resource:; connect-src 'self' https://* blob: wss: ws: app.eu.pendo.io data.eu.pendo.io pendo-eu-static-5878461311811584.storage.googleapis.com; img-src 'self' blob: https://* data: landingpad.me *.landingpad.me cdn.eu.pendo.io app.eu.pendo.io pendo-eu-static-5878461311811584.storage.googleapis.com data.eu.pendo.io; object-src 'none' 1
default-src 'self';  script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' https://*.youtube.com https://www.youtube.com/* https://dilogr.com https://js.center.io https://www.gstatic.com https://www.google.com https://cdn.jsdelivr.net https://connect.facebook.net/ https://script.crazyegg.com https://script.crazyegg.com/pages/scripts/0120/1318.js https://*.googletagmanager.com https://unpkg.com;  style-src 'report-sample' 'unsafe-inline' 'self' https://dilogr.com https://static.leadpages.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://p.typekit.net https://use.fontawesome.com https://use.typekit.net https://unpkg.com;  object-src 'none';  base-uri 'self';  connect-src 'self' https://assets-tracking.crazyegg.com https://api.leadpages.io https://pagestates-tracking.crazyegg.com https://script.crazyegg.com https://tracking.crazyegg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com;  font-src 'self' data: https://fonts.gstatic.com https://js.center.io https://static.leadpages.net https://use.fontawesome.com https://use.typekit.net;  frame-src 'self' https://dilogr.com https://www.google.com https://*.youtube.com https://www.youtube.com/* https://js.center.io https://play.libsyn.com https://www.youtube-nocookie.com https://player.vimeo.com https://www.youtube.com https://www.wfaa.com/ https://player.vimeo.com/*;  img-src 'self' data: https://secure.gravatar.com https://dilogr.com https://lh3.googleusercontent.com https://api.leadpages.io https://static.leadpages.net https://wpengine.com https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.openstreetmap.org;  manifest-src 'self';  media-src 'self' https://traffic.libsyn.com https://content.libsyn.com;  report-uri https://6583681a73671fbf59c88f1a.endpoint.csper.io/?v=2;  worker-src blob:; 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self' https://payv2.multisafepay.com https://payv2-02.multisafepay.com https://testpayv2.multisafepay.com; frame-ancestors 'self'; img-src 'self' data: https://*.logerenbijdeboswachter.nl https://d24he3uwskno1q.cloudfront.net https://www.google.com https://www.google.nl https://www.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com https://dev.visualwebsiteoptimizer.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://vt.social; img-src 'self' data: blob: https://vt.social https://vt.social/media/; style-src 'self' 'unsafe-inline' https://vt.social 'nonce-bxS+o2q/UM2SiA2iChZcXQ=='; media-src 'self' data: https://vt.social https://vt.social/media/; frame-src 'self' https:; manifest-src 'self' https://vt.social; form-action 'self'; child-src 'self' blob: https://vt.social; worker-src 'self' blob: https://vt.social; connect-src 'self' data: blob: https://vt.social https://vt.social/media/ wss://vt.social; script-src 'self' https://vt.social 'wasm-unsafe-eval' 'unsafe-eval' 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-M2MxYzk5M2MxZjRmNGRlZDk5YWZmZGEwMDU4MzM5MDM=' https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.autoriteitnvs.nl; font-src 'self' https://statistiek.rijksoverheid.nl; object-src 'none'; connect-src https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.autoriteitnvs.nl; img-src 'self' data: https://d3oiud1b8fohdw.cloudfront.net https://statistiek.rijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.toegankelijkheidsverklaring.nl; media-src 'self' https://*.rovid.nl https://*.rijksoverheidsvideo.nl; form-action 'self' https://export.highcharts.com https://*.contenttoolsrijksoverheid.nl https://*.autoriteitnvs.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors 'self'; object-src http://quick.andestech.com/; 1
default-src 'self'; media-src 'self' blob:; img-src 'self' blob:; object-src 'self' blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube-nocookie.com/embed/ https://www.bitchute.com/embed/; connect-src 'self' wss://zzzchan.xyz/ wss://www.zzzchan.xyz/ wss://www.bo6e3yuy36vc6k7ymecio4snuwpwanwzqjtexkd3fyr6he2flhjggeid.onion/ wss://bo6e3yuy36vc6k7ymecio4snuwpwanwzqjtexkd3fyr6he2flhjggeid.onion/ wss://www.zzzchan.loki/ wss://zzzchan.loki/ 1
script-src 'nonce-ctXjJMj3dYwfEQwXhhJJ8A==' 'self' mc.webvisor.com mc.webvisor.org an.yandex.ru yastatic.net storage.mds.yandex.net 'unsafe-eval' 'unsafe-inline' *.analytics.google.com analytics.google.com *.google-analytics.com *.googletagmanager.com googletagmanager.com www.googletagmanager.com *.doubleclick.net fundingchoicesmessages.google.com *.hippoobox.com sdk.crazygames.com *.yandex.com *.yandex.net http://*.yandex.net *.yandex.ru ya.ru yandex.com yandex.ru yandex.st yastat.net *.yandex.ru yandex.ru; style-src 'unsafe-inline' yastatic.net 'self' 'unsafe-eval' yandex.st yastat.net *.yandex.net; img-src data: *.games.s3.yandex.net blob: 'self' mc.webvisor.com mc.webvisor.org mc.admetrica.ru android-webview-video-poster: avatars-fast.yandex.net favicon.yandex.net banners.adfox.ru content.adfox.ru ads6.adfox.ru yastat.net avatars.mds.yandex.net mc.yandex.ru *.tns-counter.ru *.verify.yandex.ru verify.yandex.ru ads.adfox.ru bs.serving-sys.com bs.serving-sys.ru ad.adriver.ru wcm.solution.weborama.fr wcm-ru.frontend.weborama.fr wcm.weborama-tech.ru ad.doubleclick.net rgi.io track.rutarget.ru ssl.hurra.com amc.yandex.ru gdeby.hit.gemius.pl tps.doubleverify.com pixel.adsafeprotected.com impression.appsflyer.com pixel.adlooxtracking.com pixel.adlooxtracking.ru *.cpmstar.com cookie.lmgssp.com *.analytics.google.com analytics.google.com *.google-analytics.com *.googletagmanager.com googletagmanager.com www.googletagmanager.com *.doubleclick.net fundingchoicesmessages.google.com *.ya.ru *.yandex.com *.yandex.net *.yandex.ru yandex.com yandex.ru yandex.st yastatic.net *.yandex.ru yandex.ru; connect-src 'self' blob: yandexmetrica.com:* mc.webvisor.com mc.webvisor.org mc.admetrica.ru http://127.0.0.1:29009 http://127.0.0.1:30102 yandexmetrica.com:29010 yandexmetrica.com:30103 mc.yandex.md an.yandex.ru strm.yandex.ru *.strm.yandex.ru *.strm.yandex.net verify.yandex.ru *.verify.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru tps.doubleverify.com pixel.adsafeprotected.com amc.yandex.ru ad.360yield.com balancer.lmgssp.com cpm.programattik.com server.cpmstar.com prebid.smilewanted.com *.analytics.google.com analytics.google.com *.google-analytics.com *.googletagmanager.com googletagmanager.com www.googletagmanager.com *.doubleclick.net fundingchoicesmessages.google.com *.ya.ru *.yandex.com *.yandex.net *.yandex.ru ya.ru yandex.com http://*.yandex.net *.yandex.ru yandex.ru api.passport.yandex.ru yandexgames:; worker-src 'self' blob:; child-src 'self' blob: mc.yandex.ru; frame-src 'self' blob: mc.yandex.md data: yastatic.net *.lmgssp.com *.doubleclick.net https://secure.xsolla.com *.ya.ru *.yandex.com *.yandex.net *.yandex.ru *.yandexadexchange.net ya.ru yandex.ru yandexadexchange.net yastat.net *.yandex.ru yandex.ru; report-to default-group; manifest-src 'self' yandex.com; frame-ancestors webvisor.com *.webvisor.com http://webvisor.com http://*.webvisor.com 'self' yastatic.net zenadservices.net *.ya.ru *.yandex.ru ya.ru yandex.ru; font-src yastatic.net 'self' data: cdn.megabonus.com an.yandex.ru yastat.net; media-src *.yandex.net strm.yandex.ru *.strm.yandex.ru yastat.net data: blob: *.yandex.ru ya.ru yandex.ru yandex.st yastatic.net yandex.ru; default-src 'none'; report-uri https://csp.yandex.net/csp?yandexuid=9290700861721956746&from=games-catalog&project=games&slots=914391%2C0%2C-1%3B930288%2C0%2C-1%3B985371%2C0%2C-1%3B1014530%2C0%2C-1%3B1033875%2C0%2C-1%3B697939%2C0%2C35%3B485537%2C0%2C6%3B805197%2C0%2C74%3B986444%2C0%2C6; 1
frame-ancestors 'self' https://*.renta4.cl 1
frame-ancestors 'self' sanslisaray999.com sansli-saray.com sanslisaray134.com sanslisaray634.com sanslisaray756.com sanslisaray782.com sanslisaray124.com sanslisaray169.com sanslisaray123.com sanslisaray378.com sanslisaray367.com sanslisaray.com sanslisaray487.com sanslisaray234.com sanslisaray856.com sanslisaray675.com sanslisaray777.com sanslisaray578.com sanslisaray674.com sanslisaray934.com sanslisaray389.com sanslisaray-dev.sanslisaray.work sanslisaray945.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com/ https://maps.googleapis.com https://www.youtube.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com; child-src zitadel.com; style-src 'self' 'unsafe-inline' zitadel.com; font-src 'self'; object-src 'none'; connect-src 'self' https://trust.zitadel.com/ https://api.stripe.com https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://pagead2.googlesyndication.com/pagead/landing https://*.google.com https://raw.githubusercontent.com/zitadel/ https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://www.youtube.com; frame-src https://www.youtube.com/ https://hooks.stripe.com https://js.stripe.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; worker-src 'self'; form-action 'self'; img-src * 'self' https://raw.githubusercontent.com/devicons/devicon/master/icons/ data: 1
default-src https: 'unsafe-inline' 'unsafe-eval'; font-src https://richer.ca https://www.richer.ca https://fonts.gstatic.com data:; img-src https://richer.ca https://www.richer.ca data: 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' * 1
base-uri 'self'; default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://js.stripe.com; connect-src 'self' https://api.stripe.com; frame-src 'self' https://js.stripe.com https://hooks.stripe.com https://player.vimeo.com 1
default-src 'self' data: blob: *.conac.cn *.bdimg.com *.360eol.com  *.gov.cn *.jiathis.com *.baidu.com *.map.baidu.com *.bshare.cn *.eol.cn *.qq.com *.kaipuyun.cn 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
default-src https: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com *.hotjar.com data:;img-src * data: blob:; connect-src 'self' wss://*.hotjar.com *.hotjar.com *.hotjar.io *.addthis.com  lydia-app.com *.lydia-app.com *.openstreetmap.org maps.googleapis.com *.analytics.google.com *.google-analytics.com *.gstatic.com *.hcaptcha.com *.facebook.com *.raygun.io wss://*.crisp.chat *.cometchat.io *.api-eu.cometchat.io *.widget-eu.cometchat.io wss://*.websocket-eu.cometchat.io https://app  https://www.centraliens-lyon.net/  https://www.technica-magazine.fr/   ; object-src 'self' https://www.youtube.com https://www.dailymotion.com; frame-ancestors 'self' ; base-uri https://www.centraliens-lyon.net/; form-action 'self' https://login.microsoftonline.com/ https://netanswer.rpxnow.com https://preprod-tpeweb.e-transactions.fr/ https://tpeweb.e-transactions.fr/ https://paiement.creditmutuel.fr https://systempay.cyberpluspaiement.com https://payment-webinit-mercanet.test.sips-atos.com/paymentInit https://payment-webinit-mercanet.test.sips-services.com/paymentInit https://payment-webinit.mercanet.bnpparibas.net/paymentInit https://old.pta.netanswer.fr https://www.paristech-alumni.org https://www.whats4u.org https://whats4u.org https://wats4u.com.alumnforce.org http://manageurs.mjb.lan https://manageurs.mjr1108.com https://www.xmp-consult.org https://tpeweb.paybox.com 1
script-src blob: https://*.virginplus.ca https://*.vpc.ca https://*.bell.ca https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://www.googletagmanager.com https://assets.adobedtm.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://solutions.invocacdn.com https://*.google-analytics.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.licdn.com https://sc-static.net https://virgin.know-where.com https://maps.googleapis.com https://bellmaps.korem.com https://*.ss-omtrdc.net https://*.invoca.net https://*.tiktok.com https://*.bing.com https://*.googleadservices.com https://*.clarity.ms https://*.schemaapp.com https://*.medallia.ca https://*.kampyle.com https://*.googlesyndication.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.acuityplatform.com https://*.stackadapt.com https://*.outbrain.com https://*.adnxs.com https://*.cluep.com https://*.snapchat.com 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src * 'self' data: https:; frame-ancestors *.bell.ca *.virginplus.ca *.vpc.ca; object-src https://*.virginplus.ca; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://salterra.matomo.cloud/ https://www.google.com/ https://pt.wisernotify.com/pixel.css https://fonts.googleapis.com/css https://ns.wisermapp.com/api/getData https://wnreports.azurewebsites.net/api/log; script-src * 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: https://cdn.trustindex.io/ https://lh3.googleusercontent.com/ https://salterra.matomo.cloud/ secure.gravatar.com www.gravatar.com; font-src * data: ; report-uri https://wizclean.com?gdsih-csp-report; 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.craigalexanderacademy.com https://www.jimmeskimencourse.com https://www.sergepresets.com https://www.mobilephototraining.com https://archive.kelvindesigns.com https://www.creator-secrets.com https://library.theweddingcourse.com https://www.photoserge.fr https://www.photoserge.com https://www.charlysimontraining.com 1
default-src 'unsafe-inline' 'unsafe-eval' https: data: blob: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 1
default-src 'self' localhost https: 'unsafe-eval' 'unsafe-inline'; 1
frame-ancestors news-724.com www.news-724.com 1
frame-ancestors www.graef.de 'self' *.etracker.com http://192.168.0.3; 1
default-src 'self';     script-src 'self' https://unpkg.com https://www.googletagmanager.com 'sha256-Uh0jMnIe2atSKwY5LX3uGhHCnx8vCGQRXy6Hc9jvpJI=' *.hs-scripts.com *.hs-analytics.net *.hscollectedforms.net *.hs-banner.com;     frame-src 'self' https://widget.real-time-reserves.ledgerlens.io;     base-uri 'self';     font-src 'self' data:;     img-src * blog.archblock.com www.googletagmanager.com *.google-analytics.com *.analytics.google.com 'self' data:;     object-src 'none';     script-src-attr 'none';     style-src 'self' https: 'unsafe-inline';     upgrade-insecure-requests;     connect-src 'self' blog.archblock.com ipapi.co api.lever.co *.google-analytics.com *.analytics.google.com *.ledgerlens.io api.github.com *.hscollectedforms.net mainnet.infura.io; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.hu-manity.co/ https://lltrck.com/scripts/lt-v3.js https://maps.googleapis.com/maps-api-v3/api/js/57/3a/util.js https://reports.hrmdirect.com/employment/default/sm/settings/dynamic-embed/dynamic-iframe-embed-js.php https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/  https://www.gstatic.com/; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com https://unpkg.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://ai.elegantthemes.com https://analytics.google.com https://designer-api.hu-manity.co https://maps.googleapis.com https://stats.g.doubleclick.net https://transactional-api.hu-manity.co https://yoast.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://td.doubleclick.net https://www.google.com; img-src 'self' data: https://flatirons2022.wpengine.com https://lltrck.com https://secure.gravatar.com; manifest-src 'self'; media-src 'self'; report-uri https://66688e76d528e3ceb6b0c8c8.endpoint.csper.io/?v=0; worker-src 'self' blob:; 1
default-src 'self' scylla.wtf *.scylla.wtf; script-src 'self' 'unsafe-inline' 'unsafe-eval' scylla.wtf *.scylla.wtf 'unsafe-inline'; style-src 'self' 'unsafe-inline' 'unsafe-eval' scylla.wtf *.scylla.wtf; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.westernstandard.news;block-all-mixed-content; 1
default-src 'self' data: script-src: 'unsafe-inline' *.servicemycar.com servicemycar.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com googletagmanager.com fonts.googleapis.com analytics.tiktok.com fonts.gstatic.com kit.fontawesome.com *.google.com *.googletagmanager.com diffuser-cdn.app-us1.com *.gstatic.com www.google-analytics.com *.googleadservices.com prism.app-us1.com googleads.g.doubleclick.net *.google.ae stats.g.doubleclick.net servicemycar.com *.freshchat.com ka-p.fontawesome.com maps.googleapis.com maps.gstatic.com *.ideal-postcodes.co.uk *.firebaseio.com *.youtube.com *.facebook.net *.facebook.com secure.telr.com *.stripe.com polyfill.io api.ipbase.com; 1
default-src 'self' https://www.facebook.com https://connect.facebook.net https://zakupkikz.bitrix24.kz https://zakupki-banners.object.pscloud.io https://mc.yandex.ru https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com https://www.googletagmanager.com wss://rtc-v2-ru2.bitrix24.com;
              worker-src 'self' blob:;
              child-src blob:;
              base-uri 'self';
              script-src 'self' https://connect.facebook.net https://www.google-analytics.com https://zakupki-banners.object.pscloud.io https://mc.yandex.ru https://stats.g.doubleclick.net https://analytics.google.com https://www.googletagmanager.com https://cdn-1.forte.kz https://cdn-ru.bitrix24.ru https://zakupkikz.bitrix24.kz https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://yandex.ru https://yastatic.net https://googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval' blob:;
              img-src * 'self' data: blob: https:;
              style-src 'self' 'unsafe-inline' data: https:;
              frame-src 'self' data: https: blob:;
              font-src 'self' https://fonts.gstatic.com https://fonts.bitrix24.kz;
              object-src 'self' blob:;
               1
script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/main_light_binary.js https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/feedback/js/ghelp/ https://maps.googleapis.com https://payments.google.com https://payments.sandbox.google.com https://clients2.google.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/ShoppingUi/cspreport/allowlist 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://appdot.net; img-src 'self' https: data: blob: https://appdot.net; style-src 'self' https://appdot.net 'nonce-9VeUSoAM0I7gWCgiknFpKw=='; media-src 'self' https: data: https://appdot.net; frame-src 'self' https:; manifest-src 'self' https://appdot.net; form-action 'self'; child-src 'self' blob: https://appdot.net; worker-src 'self' blob: https://appdot.net; connect-src 'self' data: blob: https://appdot.net https://cdn.masto.host wss://appdot.net; script-src 'self' https://appdot.net 'wasm-unsafe-eval' 1
default-src https://www.amsive.com 'self' blob: data: https://*.amsive.com https://*.amsivedev.com https://*.leadfeeder.com https://*.lfeeder.com https://amsive.com https://videos.treepodia.com  ;  frame-src https://www.amsive.com https://*.amsive.com https://*.amsivedev.com https://*.google.com/ https://amsive.com https://challenges.cloudflare.com https://cmp.osano.com/ https://embed.reddit.com/ https://googleads.g.doubleclick.net/ https://hemsync.clickagy.com/ https://mozbar.moz.com/ https://platform.twitter.com/ https://player.vimeo.com/ https://td.doubleclick.net/ https://tpc.googlesyndication.com/ https://vars.hotjar.com/ https://www.facebook.com/ https://www.googletagmanager.com/ https://www.slideshare.net/ https://www.youtube.com/  ; child-src https://www.amsive.com https://*.amsive.com https://*.amsivedev.com https://*.google.com/ https://amsive.com https://challenges.cloudflare.com https://cmp.osano.com/ https://embed.reddit.com/ https://googleads.g.doubleclick.net/ https://hemsync.clickagy.com/ https://mozbar.moz.com/ https://platform.twitter.com/ https://player.vimeo.com/ https://td.doubleclick.net/ https://tpc.googlesyndication.com/ https://vars.hotjar.com/ https://www.facebook.com/ https://www.googletagmanager.com/ https://www.slideshare.net/ https://www.youtube.com/  ; font-src https://www.amsive.com https://*.amsive.com https://*.amsivedev.com https://*.hotjar.com/ https://amsive.com https://fonts.gstatic.com/ https://use.typekit.net/  data: ; style-src 'unsafe-inline' https://*.amsive.com https://*.amsivedev.com https://*.hotjar.com/ https://amsive.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/select2/ https://yoast.com/shared-assets/  https://www.amsive.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.adroll.com/ https://*.amsive.com https://*.amsivedev.com https://*.google.com/ https://*.hotjar.com/ https://*.leadfeeder.com https://*.lfeeder.com https://*.vimeo.com/ https://*.wistia.com/ https://amsive.com https://b-code.liadm.com/lc2.js https://bat.bing.com/ https://cdn.bizible.com/ https://cdn.jsdelivr.net/ https://cdn.segment.com/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://challenges.cloudflare.com https://cmp.osano.com/ https://connect.facebook.net/ https://go.amsivedigital.com/ https://googleads.g.doubleclick.net/ https://js.zi-scripts.com/ https://maps.googleapis.com/ https://munchkin.marketo.net/ https://nitroscripts.com/ https://platform.twitter.com/ https://s3-us-west-2.amazonaws.com/b2bjsstore/b/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tags.clickagy.com/ https://unpkg.com/alpinejs https://ws.zoominfo.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://yoast.com/shared-assets/  https://www.amsive.com ; script-src-elem https://www.amsive.com 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://*.amsive.com https://*.amsivedev.com https://*.clarity.ms/ https://*.google-analytics.com/ https://*.google.com/ https://*.hotjar.com/ https://*.klaviyo.com/ https://*.leadfeeder.com https://*.lfeeder.com https://*.osano.com/ https://*.wistia.com/ https://amsive.com https://b-code.liadm.com/lc2.js https://cdn.bizible.com/ https://cdn.jsdelivr.net/ https://cdn.segment.com/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://challenges.cloudflare.com/ https://connect.facebook.net/ https://embed.reddit.com/ https://go.amsivedigital.com/ https://googleads.g.doubleclick.net/ https://js.zi-scripts.com/ https://munchkin.marketo.net/ https://nitroscripts.com/ https://platform.twitter.com/ https://s3-us-west-2.amazonaws.com/b2bjsstore/b/8XOE9GHL0YOM/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://static.zemanta.com/ https://tpc.googlesyndication.com/ https://translate.googleapis.com/ https://unpkg.com/alpinejs https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.youtube.com/ https://yoast.com/shared-assets/  'unsafe-inline' ; style-src-elem https://www.amsive.com https://*.amsive.com https://*.amsivedev.com https://amsive.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/select2/ https://fonts.googleapis.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://yoast.com/shared-assets/  'unsafe-inline' ; img-src https://www.amsive.com https://*  data: ; connect-src https://www.amsive.com 'self' *.osano.com/ http://ad.doubleclick.net/ https://*.amsive.com https://*.amsivedev.com https://*.bing.com/ https://*.execute-api.us-west-2.amazonaws.com/b2b https://*.execute-api.us-west-2.amazonaws.com/b2bjsstore https://*.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://*.hotjar.com/ https://*.hotjar.io/ https://*.liadm.com/ https://*.mktoresp.com/ https://*.mktoutil.com/ https://*.wistia.com/ https://*.zoominfo.com/ https://adservice.google.com/ https://alocdn.com/c/vn3d8u2u/a/xtarget/p.json https://amsive.com https://analytics.twitter.com/ https://aorta.clickagy.com/ https://api.segment.io/ https://capig2.amsivedigital.com/ https://cdn.linkedin.oribi.io/ https://cdn.segment.com/ https://d.adroll.com/ https://hemsync.clickagy.com/ https://js.zi-scripts.com/ https://pagead2.googlesyndication.com/ https://pro.ip-api.com https://px.ads.linkedin.com/ https://stats.g.doubleclick.net/ https://to.getnitropack.com/ https://www.facebook.com/ https://www.google.com.bd/ https://www.googletagmanager.com/ wss://*.hotjar.com/  ; object-src https://www.youtube.com/ https://embed-fastly.wistia.com/ 'unsafe-inline' ; worker-src blob: 'self'  ; base-uri https://search.google.com/ https://platform.twitter.com/ https://platform.x.com/ 'self' ; frame-ancestors 'self' ; form-action 'self' https://www.facebook.com/  ; report-uri https://www.amsive.com/wp-json/amsivecsp/v1/policy-report 1
default-src 'self' 'unsafe-inline' https://*;img-src 'self' data: 'unsafe-inline' https://*;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*;style-src 'self' 'unsafe-inline' https://*;font-src 'self';object-src 'none'; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://www.macscripter.net/logs/ https://www.macscripter.net/sidekiq/ https://www.macscripter.net/mini-profiler-resources/ https://www.macscripter.net/assets/ https://www.macscripter.net/brotli_asset/ https://www.macscripter.net/extra-locales/ https://www.macscripter.net/highlight-js/ https://www.macscripter.net/javascripts/ https://www.macscripter.net/plugins/ https://www.macscripter.net/theme-javascripts/ https://www.macscripter.net/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'sha256-HZxBMVZe6P3MvHDZlFai9cUmLH+qwX6BNT3qTwNPATg='; worker-src 'self' https://www.macscripter.net/assets/ https://www.macscripter.net/brotli_asset/ https://www.macscripter.net/javascripts/ https://www.macscripter.net/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
report-uri https://o531082.ingest.sentry.io/api/5659019/security/?sentry_key=6e8a8a6993ca42c998cb6f0ac41bf0fc 1
default-src 'self';style-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://api.mapbox.com https://tagmanager.google.com https://fonts.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com https://assets.adoberesources.net https://documentcloud.adobe.com https://*;connect-src 'self' *.adobe.io wss://*.adobe.io https://*;img-src 'self' https://assets.adoberesources.net https://lh3.googleusercontent.com data: blob: https://*;frame-ancestors 'self' https://*.i-goddard.com;frame-src 'self' https://documentcloud.adobe.com https://*;font-src 'self' data: https://fonts.gstatic.com https://*.typekit.net;worker-src blob:;child-src blob:;media-src 'self' https://*.fbcdn.net https://*.cdninstagram.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.knocksense.com;block-all-mixed-content; 1
frame-ancestors 'self'; frame-src  *.savviihq.com *.facebook.com *.google.com *.cookiebot.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.cookiebot.com *.fontawesome.com www.domtoren.nl *.checkoutshopper-test.adyen.com https://checkoutshopper-test.adyen.com *.adyen.com https://checkoutshopper-live.adyen.com 1
script-src 'self' www.google.com www.gstatic.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com www.recaptcha.net maps.googleapis.com maps.gstatic.com ajax.googleapis.com code.jquery.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com use.typekit.net locator.uberall.com blob: api.mapbox.com stats.contargo.net 'sha256-4xDctmleOQBbWDrPOyeLGhG+yC0bhPlPSsYsN6C9KkI='; default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com use.typekit.net; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com use.typekit.net fonts.typekit.net; object-src 'self'; img-src 'self' data: https://*.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com i.ytimg.com p.typekit.net jobs.de.rhenus.com locator.uberall.com stats.contargo.net; connect-src 'self' https://*.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com performance.typekit.net locator.uberall.com api.mapbox.com events.mapbox.com stats.contargo.net; frame-src www.google.com www.google.com www.gstatic.com fonts.gstatic.com ajax.googleapis.com *.youtube.com www.youtube-nocookie.com www.recaptcha.net *.vimeo.com *.vimeocdn.com www.jobsaround.tv jobsaround.tv connections.routescanner.com; 1
img-src * data: blob:; frame-ancestors 'self'; 1
base-uri 'self'; default-src 'none'; img-src 'self' data: *.google-analytics.com *.googletagmanager.com *.ytimg.com *.paypal.com *.paypalobjects.com; script-src 'strict-dynamic' 'nonce-KxIy/JCz9FxeuDhwNNp9szL+L9gx4V6YxKzhnwyX+O8='; font-src 'self'; style-src 'self' 'nonce-KxIy/JCz9FxeuDhwNNp9szL+L9gx4V6YxKzhnwyX+O8='; frame-ancestors 'none' ; frame-src 'self' *.youtube.com *.google.com *.surveymonkey.com *.vimeo.com vimeo.com *.paypal.com *.paypalobjects.com; object-src 'self'; form-action 'self' *.paypal.com; connect-src 'self' *.google-analytics.com analytics.google.com *.analytics.google.com *.paypal.com; media-src 'self'; report-uri /_system/csp_logger.php; 1
default-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' 1
frame-ancestors 'self' https://pro.campus.sanofi; 1
default-src 'self' data: https://matomo.teits.pro; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' https://matomo.teits.pro/matomo.js 1
frame-ancestors 'self' http://local.account.flexihub.com 1
default-src 'none'; connect-src 'self' matomo.mydesk.run google-analytics.com www.google-analytics.com; script-src 'self' *.mydesk.run *.chronotech.fr www.google-analytics.com www.googletagmanager.com *.facebook.net consultation.avocat.fr ajax.googleapis.com *.ign.fr; style-src 'self' 'unsafe-inline' *.mydesk.run fonts.googleapis.com fonts.gstatic.com consultation.avocat.fr; font-src 'self' *.mydesk.run fonts.gstatic.com consultation.avocat.fr; frame-src 'self' *.mydesk.run *.chronotech.fr www.google.com www.youtube-nocookie.com player.vimeo.com *.matterport.com *.facebook.com annonce.viager-diffusion.com calc.viager-diffusion.com; img-src 'self' blob: data: *.mydesk.run *.chronotech.fr www.google-analytics.com consultation.avocat.fr *.ign.fr; media-src 'self' *.mydesk.run; frame-ancestors 'self' *.mydesk.run *.facebook.com; form-action 'self' *.monetico-services.com *.axepta.bnpparibas; base-uri 'none'; 1
frame-ancestors https://www.belgradewaterfront.com https://belgradewaterfront.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-65432ea6cf34ad2065bf43467828ad70'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors https://www.suitable.de https://www.suitableshop.nl 1
frame-ancestors peakdefi.com 1
default-src https: https://*.clarity.ms https://c.bing.com data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; object-src 'none'; img-src https: data:; connect-src https: wss:; frame-src  https: blob:; frame-ancestors https: https://*.studentbeans.com 1
default-src https: data: http://localhost:* ws://localhost:* http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; object-src 'none'; img-src 'self' blob:; media-src 'self' 1
default-src 'self';	style-src 'self' 'unsafe-inline';	img-src 'self' 'unsafe-inline' data: *.active-city.net *.active-city.de;	script-src 'self' 'unsafe-inline' 'unsafe-eval' *.active-city.net *.active-city.de		https://script.ioam.de;	media-src 'self' data: blob:        *.active-city.net *.active-city.de;	frame-src 'self' *.active-city.net *.active-city.de		wahlen.regioit.de		stadtradeln.de		amadee-cloud.de		bewerberweb-lai02.krz.de		https://www.youtube-nocookie.com/		www.langenfeld.de;    frame-ancestors 'self';    font-src 'self';    connect-src 'self'		https://piwik.active-city.net;    report-uri https://sentry.zmart-ivent.de/api/25/security/?sentry_key=423799354ea44b2999c8fa073f59950f 1
default-src * data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://surgeonnation.com https://surgeonnationsandbox.skipta.com 1
default-src 'self'; script-src 'self' 'nonce-akhVYmRxaHBlM2dOMHBuU0JyejNWOGpRZUtWOUZReHByeS8rWXZia1Y1Zz06eXlWVFFjWU1TRWxHaXRTK05JV0dHcUhpTXU5U1UyNDYzSGFzRzVDS0IrOD0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self'; 1
frame-ancestors 'self'; frame-src 'self' https://awin1.com https://td.doubleclick.net *.criteo.com ; font-src 'self' *.rackcdn.com; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.lanaudiere.ca https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.facebook.net https://*.kommunicate.io https://*.applozic.com https://*.viaexplora.com https://*.fcmqapi.ca https://mis.mtl.org https://*.youtube.com https://*.instagram.com https://snap.licdn.com https://embedsocial.com https://s3.amazonaws.com/downloads.mailchimp.com/ https://*.list-manage.com https://*.cookiebot.com https://*.byspotify.com;object-src 'none';style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.kommunicate.io https://*.google.com https://*.mailchimp.com;img-src 'self' data: https://lanaudieresa.blob.core.windows.net https://tlca.azureedge.net https://mto.media.tourinsoft.eu https://*.cdninstagram.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.google.ca https://*.doubleclick.net https://developer-tripadvisor.s3.amazonaws.com https://*.tripadvisor.com https://*.tripadvisor.fr https://s3.amazonaws.com/kommunicate.s3/ https://*.kommunicate.io https://match.adsrvr.org https://eu.euleriancdn.net https://*.lanaudiere.ca https://*.cookiebot.com https://*.linkedin.com;media-src 'self' https://lanaudieresa.blob.core.windows.net https://*.kommunicate.io;frame-src 'self' http://*.iquadfqcq.ca https://*.iquadfqcq.ca https://*.fqcq.qc.ca https://*.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.viaexplora.com https://*.fcmqapi.ca https://*.facebook.com https://*.youtube.com https://*.instagram.com https://*.zohopublic.com https://player.vimeo.com https://embedsocial.com https://*.cookiebot.com https://*.cyberimpact.com;font-src 'self' https://*.gstatic.com https://*.googleapis.com;connect-src 'self' https://*.googleapis.com https://*.kommunicate.io wss://*.kommunicate.io https://*.doubleclick.net https://*.google-analytics.com https://*.google.com wss://*.applozic.com https://*.cookiebot.com https://*.linkedin.com https://*.byspotify.com 1
base-uri 'self'; form-action 'self' https://high5.nl; frame-ancestors 'none'; default-src 'self'; script-src 'self'; frame-src 'self'; img-src 'self' https://*.eurobsdcon.org; style-src 'self' https://*.eurobsdcon.org; connect-src 'self'; object-src 'none'; 1
default-src 'self' *.brightcovecdn.com *.analytics.google.com *.google.com *.google-analytics.com media.idigitalcontents.com; img-src 'self' 'unsafe-inline' * data: www.w3.org; frame-src 'self' clients.kokodigital.co.uk *.youtube.com *.investis.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net www.google.com ; style-src 'self' 'unsafe-inline' 'unsafe-eval' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.googleapis.com *.investis.com ; font-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.googleapis.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com *.googleapis.com www.googletagmanager.com www.google-analytics.com *.analytics.google.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.google.com *.google-analytics.com staticcontents.investisdigital.com *.investis.com *.lfeeder.com *.google.com *.gstatic.com ; connect-src 'self' stats.g.doubleclick.net *.investis.com *.googleapis.com  www.google-analytics.com *.amazonaws.com *.analytics.google.com *.google.com *.google-analytics.com edge.api.brightcove.com ; base-uri 'none'; form-action 'self' ; 1
default-src 'self' 'report-sample' fonts.googleapis.com *.gstatic.com *.google-analytics.com *.cloudflare.com fonts.gstatic.com *.w3.org *.jsdelivr.net *.bootstrapcdn.com *.jquery.com *.google.com; img-src 'self' data: w3.org/svg/2000 www.googletagmanager.com *.google.com *.cloudflare.com *.google-analytics.com; child-src *.gstatic.com www.google.com; script-src 'self' *.jsdelivr.net www.google.com *.gstatic.com *.googletagmanager.com *.bootstrapcdn.com *.cloudflare.com *.w3.org *.google-analytics.com; object-src 'none'; style-src 'self' *.cloudflare.com *.jsdelivr.net fonts.googleapis.com; 1
form-action 'self' https://*.morganhunt.com https://*.indeed.com https://*.jotform.com https://*.jobadder.com https://*.bullhornstaffing.com; 1
frame-ancestors 'self' *.institutparisregion.fr *.iau-idf.fr iauidf.sharepoint.com; 1
default-src 'self' data:; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://vercel.live https://f.vimeocdn.com https://www.googletagmanager.com https://www.google.com https://d1mj578wat5n4o.cloudfront.net https://www.gstatic.com https://cdn.jsdelivr.net https://snap.licdn.com/; style-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://vercel.live https://fonts.googleapis.com https://cdn.jsdelivr.net ; object-src 'self' data:; base-uri 'self'; connect-src 'self' https://sockjs-us3.pusher.com wss://ws-us3.pusher.com https://vercel.live https://discover-euc1.sitecorecloud.io https://vimeo.com https://edge-platform.sitecorecloud.io https://api-engage-eu.sitecorecloud.io https://region1.google-analytics.com https://px.ads.linkedin.com; font-src 'self' https://vercel.live https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net; frame-src 'self' https://share.transistor.fm https://vercel.live https://player.vimeo.com https://www.google.com; img-src 'self' https://vercel.com https://edge.sitecorecloud.io https://px.ads.linkedin.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
frame-ancestors 'none'; base-uri 'none'; object-src https://*.pbo-dpb.ca https://pbo-dpb.gc.ca https://*.pbo-dpb.gc.ca https://pbo-dpb.s3.ca-central-1.amazonaws.com; form-action 'self' https://challenges.cloudflare.com; img-src 'self' https://www.google-analytics.com https://*.pbo-dpb.ca https://pbo-dpb.gc.ca https://*.pbo-dpb.gc.ca https://pbo-dpb.s3.ca-central-1.amazonaws.com; script-src 'unsafe-eval' 'self' https://www.googletagmanager.com https://www.google-analytics.com/ https://challenges.cloudflare.com https://vizi.pbo-dpb.ca https://notifications.pbo-dpb.ca https://cdn.tailwindcss.com/ https://pboml.opbo-bdpb.ca 1
report-uri https://www.publicservicedegrees.org 1
frame-ancestors 'self' http://www.philips.co.za *.philips.com *.philips.co.za https://philipsigtdpv.com 1
default-src 'self' 'unsafe-inline' *.tabling.co.kr https://01f721d964064cda8f9ce47d7a485aea.apm.ap-northeast-2.aws.elastic-cloud.com *.clarity.ms *.bing.com;frame-ancestors 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' polyfill.io https://www.googletagmanager.com https://www.google-analytics.com *.clarity.ms *.bing.com;connect-src 'self' *.tabling.co.kr https://01f721d964064cda8f9ce47d7a485aea.apm.ap-northeast-2.aws.elastic-cloud.com https://www.googletagmanager.com https://www.google-analytics.com *.clarity.ms *.bing.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https: dev.hagel.at.167-235-61-31.dev.functn.com *.hagel.at https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googletagmanager.com https://*.noembed.com https://cdn.plyr.io https://*.g.doubleclick.net https://*.usercentrics.eu https://*.simplecast.com https://*.simplecastcdn.com https://*.gstatic.com https://*.ytimg.com https://*.youtube.com https://ik.imagekit.io/hagel/* 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.netvixx.cam:9080 www.netvixx.cam:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.netvixx.cam wss://www.netvixx.cam *.campoints.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1721959516 1
frame-ancestors https://esb.stqry.app 1
frame-src * 'self' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vercel.live https://player.vimeo.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com https://www.vimeo.com https://www.radionz.co.nz https://www.jobs.tepapa.govt.nz https://www.tepapa.govt.nz https://www.tepapafoundation.secure.force.com https://www.sec.paymentexpress.com https://www.book2look.com https://www.boombox.com https://www.myfonts.net https://www.knightlab.com https://www.qzzr.com https://www.twitter.com https://www.instagram.com https://www.facebook.com https://www.soundcloud.com https://www.nzonscreen.com https://www.juicer.io https://www.media567.com https://www.hotjar.com https://www.riddle.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://*.raisely.com blob:; style-src 'self' 'unsafe-inline' https://www.riddle.com https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com; img-src 'self' data: blob: i.ytimg.com i.vimeocdn.com https://www.datocms-assets.com https://vercel.com https://www.riddle.com https://*.google-analytics.com https://*.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com; font-src 'self' data: base64 https://script.hotjar.com; frame-src 'self' https://www.google.com https://docs.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://vercel.live/ https://www.youtube.com https://www.vimeo.com https://player.vimeo.com https://w.soundcloud.com https://www.riddle.com https://www.facebook.com https://*.tepapa.govt.nz https://*.knightlab.com https://*.raisely.com; connect-src 'self' wss://*.pusher.com https://graphql-listen.datocms.com https://vimeo.com https://vercel.live https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://api.mapbox.com https://events.mapbox.com https://www.rezdy.com https://www.cloudfront.net https://www.bookitsecure.com https://www.google.com https://www.riddle.com https://www.spotify.com https://www.tepapa.infospecs.co.nz https://*.raisely.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://te-papa-file-uploads.s3.ap-southeast-2.amazonaws.com; manifest-src 'self'; media-src 'self' https://www.datocms-assets.com; frame-ancestors 'self' https://*.datocms.com; form-action 'self' 1
frame-ancestors https://www.facebook.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.kfw.de *.kfw-capital.de *.kfw-ipex-bank.de *.kfw-entwicklungsbank.de www.energie-effizienz-experten.de foerderservices.kfw.de *.deginvest.de *.youborafds01.com *.edge-cdn.net *.akamaized.net *.youboranqs01.com android-webview-video-poster *.mapbox.com *.bitmovin.com  *.wt-safetag.com  *.analytics.edgekey.net a-fds.youborafds01.com kfw-chatapp-live.x21wxzihtdv.eu-de.codeengine.appdomain.cloud fbc.wcfbc.net *.keyingress.de *.usercentrics.eu *.video-cdn.net responder.wt-safetag.com js.api.here.com *.hereapi.com *.mateti.net *.googleadservices.com ajax.googleapis.com *.googletagmanager.com *.google.com *.google.de *.analytics.yahoo.com *.doubleclick.net *.yimg.com *.adform.net data: blob:; 1
frame-ancestors https://*.innovatrics.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com/v3 blob: https://*.intercom.io https://*.intercomcdn.com https://cdn.polyfill.io/v2/polyfill.min.js https://fullstory.com https://*.fullstory.com https://static.cloudflareinsights.com https://secure.quantserve.com https://snap.licdn.com https://js.hs-scripts.com https://connect.facebook.net https://js.hscollectedforms.net https://js.hs-banner.com https://js.hs-analytics.net https://*.quantcount.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src 'self' data: https://*.intercomcdn.com https://static.intercomassets.com https://uploads.intercomusercontent.com https://www.google-analytics.com https://q.quora.com https://pixel.quantserve.com https://www.facebook.com https://*.linkedin.com https://www.google.com https://forms.hsforms.com https://track.hubspot.com https://www.linkedin.com https://p.adsymptotic.com; font-src https://js.intercomcdn.com https://cdn.virgilsecurity.com https://fonts.gstatic.com; connect-src 'self' https://virgilsecurity.com https://*.virgilsecurity.com https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.intercomusercontent.com https://app.getsentry.com https://rs.fullstory.com https://static.cloudflareinsights.com https://www.google-analytics.com https://forms.hubspot.com https://stats.g.doubleclick.net; media-src data: https://js.intercomcdn.com; child-src https://www.googletagmanager.com https://share.intercom.io https://intercom-sheets.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.stripe.com/ blob:; worker-src 'self' blob: 'unsafe-eval'; frame-src https://bid.g.doubleclick.net;object-src 'none'; frame-ancestors 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.vimeocdn.com *.youtube.com; connect-src 'self' *.craftcms.com *.presscloud.com *.google-analytics.com *.doubleclick.net; media-src 'self' *.vimeo.com *.akamaized.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.typekit.net; img-src 'self' *.imgix.net *.google-analytics.com *.googletagmanager.com *.ytimg.com *.craft-cdn.com data:; frame-src 'self' *.vimeo.com *.youtube.com *.youtube-nocookie.com; font-src 'self' *.googleapis.com *.gstatic.com *.typekit.net data:; 1
base-uri 'self'; form-action 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://bat.bing.com; worker-src 'self' blob:; 1
frame-ancestors 'self'; script-src 'self' lyricstudio.net *.googleapis.com *.firebaseio.com js.chargebee.com assets.anytrack.io analytics.tiktok.com cdn.amplitude.com www.paypal.com www.paypalobjects.com googleads.g.doubleclick.net bid.g.doubleclick.net js.stripe.com r.wdfl.co www.google-analytics.com www.google.com www.google.co.uk www.google.ca pay.google.com pay.google.ca pay.google.co.uk www.gstatic.com www.gstatic.co.uk www.gstatic.ca www.googleadservices.com www.googletagmanager.com connect.facebook.net www.facebook.com apis.google.com apis.google.co.uk apis.google.ca *.firstpromoter.com 'sha256-lYstnJrgEC5eU0GO7EnJTdp6IY5snl7U2PXA2NuZipY=' 'sha256-BzmYDm4TlQPlV7rGYLtUsGTMJsxautBY6ZzYlOxzsyY=' 'sha256-nuzr0EzDAsGjaYg6xatejQ4vni62s/mlp3NeJtQa4vo=' 'sha256-JBjH9fMSlHtR2u+3z/YZ6vwPKQr3jTO0s/Nl2JP4+EQ=' 'sha256-JkbAqQeAw567I7kSjRZf8hHlZyYqFH7flJ7GtdBXKac=' 'sha256-F7TFUm5lQFkTErjkI7fxs+1RMsn+nbvXwYCb2pWJ9fg=' 'sha256-mwcrhpneNovHlRlSIsskqIJasIuFujqvJfLYu1ssDvQ=' 'sha256-YPQEktmczDdInuprG6bexCvqCMOlpn8BfJrMgjZRNLY=' 'sha256-7DxIajNFtlAGqHeAEZwhOmcsmzgK9y1k1QYDHE/b7ms=' 'sha256-g1w6DP6YLF9f5m9U9ch7kdccQZjFpKqRzYzuRCxXdxk=' 'sha256-JC5n74AZY4ZLqk1yzaUXZLoiFGUV63Hr10cfUJ/MAJA=' 'sha256-UntNOkeSw0xkCnWqXHS1X6xZqX5yyWhIE/rpzz62CgA=' 'sha256-MLkz26cMN/3qYvWVHS5gAF47NwSp2/e8zRttcl9FIAc=' 'sha256-GrBBJKu+naBqbqP0Kby0kLdT1IW6F1tOTK0rz9COMws=' https://app.getterms.io/cookie-consent/embed/67b79785-7ad9-420a-b320-653944f0eb73 'sha256-kcsbhPXTcPTEkjx1xLQ5xt5ppnpaziZyb0h7f872dIM=' 1
frame-src https: filesystem: route.eu.shellrecharge.com/ 1
default-src 'self'; style-src * 'unsafe-inline'; media-src *; connect-src *; img-src * data:; font-src *; script-src https://cookie-cdn.cookiepro.com https://www.googletagmanager.com https://www.google-analytics.com https://mc.yandex.ru https://mc.yandex.com https://hm.baidu.com https://maps.googleapis.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://player.vimeo.com https://snap.licdn.com https://fresnel.vimeocdn.com https://f.vimeocdn.com 'self' 'unsafe-inline' 'unsafe-eval'; frame-src https://*.google.com https://player.vimeo.com https://careers.sacmigroup.com https://d29adx25r2x8c0.cloudfront.net https://*.facebook.com https://www.youtube.com https://e.issuu.com https://mc.yandex.com 'self'; 1
frame-ancestors  'self' https://testdk.game.daum.net https://dk.game.daum.net https://game.daum.net http://fishinghero.game.picaon.com http://nativex.game.picaon.com http://pristontale.hangame.com https://ace.game.naver.com 1
default-src * data:; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://api.mapbox.com/ blob:; style-src https: 'unsafe-inline'; frame-ancestors 'self' https://masshiway.net; object-src 'none'; 1
frame-ancestors 'self' sdiapi.com; 1
form-action https:; upgrade-insecure-requests 1
connect-src 'self' blob: https://*.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.stripe.com https://*.aultman.com https://*.aultman.org https://*.fontawesome.com; default-src 'self'; form-action 'self' http://*.aultman.com https://*.aultman.com https://*.aultman.org; font-src 'self' data: https://*.aultman.com *.typekit.net  https://*.aultman.org https://fonts.gstatic.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; frame-src 'self' https://js.stripe.com https://hooks.stripe.com *.youtube.com *.aulthealth.com *.careerarc.com *.adsrvr.org *.facebook.com *.twitter.com https://*.aultman.com https://*.aultman.org https://player.vimeo.com/; frame-ancestors 'self' https://*.aultman.org https://*.aultman.com; img-src 'self' blob: data: www.googletagmanager.com *.doubleclick.net *.typekit.net *.google-analytics.com *.facebook.com  https://*.aultman.com https://*.aultman.org https://*.vimeocdn.com; manifest-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.stripe.com *.adsrvr.org *.edgefonts.net *.googletagmanager.com *.linkedin.com *.google-analytics.com *.google.com *.facebook.net https://*.aultman.com https://*.aultman.org https://stackpath.bootstrapcdn.com https://code.jquery.com https://*.fontawesome.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' *.typekit.net *.edgefonts.net https://*.aultman.com https://*.aultman.org https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 1
default-src 'self' *.relay42.com *.doubleclick.net googletagmanager.com *.googlesyndication.com *.googleadservices.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.achmea.nl *.facebook.net *.google.com *.googlesyndication.com *.linkedin.com *.r42tag.com *.relay42.com cdn.harvest.graindata.com https://www.googleoptimize.com https://www.googletagmanager.com maps.googleapis.com www.google-analytics.com  www.youtube.com ssl.synovite-scripts.com www.gstatic.com snap.licdn.com *.doubleclick.net *.googleadservices.com rekentools.webbridge.nl googletagmanager.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com optimize.google.com gstatic.com;img-src data: 'self' *.achmea.nl *.contentsquare.net *.googlesyndication.com *.r42tag.com *.relay42.com https://www.googletagmanager.com maps.googleapis.com maps.gstatic.com optimize.google.com region1.analytics.google.com region1.google-analytics.com www.advieskeuze.nl www.facebook.com www.google-analytics.com www.google.com www.google.nl www.googleapis.com www.googletagmanager.com https://i.ytimg.com *.w3.org *.vimeocdn.com px.ads.linkedin.com px4.ads.linkedin.com google.be translate.google.com fonts.gstatic.com googleads.g.doubleclick.net rekentools.webbridge.nl zilverenkruis.nl;font-src data: 'self' fonts.gstatic.com;connect-src 'self' analytics.cloud.coveo.com *.achmea.nl *.facebook.net *.googlesyndication.com api.advieskeuze.nl controle.achmea.consentmonitor.nl https://*.in.applicationinsights.azure.com maps.googleapis.com r.contentsquare.net region1.analytics.google.com region1.google-analytics.com  www.google-analytics.com *.google.com *.doubleclick.net translate.googleapis.com;media-src 'self' *.youtube-nocookie.com player.vimeo.com www.youtube.com;object-src 'self' https://td.doubleclick.net/;child-src 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com optimize.google.com www.google.com player.vimeo.com t.svtrd.com td.doubleclick.net rekentools.webbridge.nl www.youtube.com https://td.doubleclick.net/ https://tpc.googlesyndication.com/;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com player.quadia.net td.doubleclick.net rekentools.webbridge.nl https://www.youtube.com/ *.googlesyndication.com;form-action * 'self' t.svtrd.com *.achmea.nl;block-all-mixed-content;report-uri https://achmea.ams.report-uri.com/r/t/csp/enforce; 1
frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.santiago2023.org www.googletagmanager.com www.youtube.com www.facebook.com connect.facebook.net analytics.google.com play.google.com www.google.com www.google.cl static.ads-twitter.com analytics.twitter.com static.doubleclick.net googleads.g.doubleclick.net monorail-edge.shopifysvc.com shoppanamericanos2023.myshopify.com cdn.jsdelivr.net sdks.shopifycdn.com cdn.shopify.com cdnjs.cloudflare.com fonts.googleapis.com jnn-pa.googleapis.com buttons-config.sharethis.com platform-api.sharethis.com l.sharethis.com fonts.gstatic.com www.instagram.com stats.g.doubleclick.net platform-cdn.sharethis.com buscadorturistico.mindep.cl www.youtube-nocookie.com cdn.perfdrive.com widgets.results-santiago2023.org img.youtube.com cas.avalon.perfdrive.com back.widgets.results-santiago2023.org back.results-santiago2023.org para.widgets.results-santiago2023.org www.google-analytics.com img.youtube.com widgets.para.results-santiago2023.org; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' *.salesforce-sites.com *.iesnare.com *.typekit.net https://www.youtube.com/iframe_api https://cdn.jsdelivr.net/npm/ https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net *.pricespider.com *.mapbox.com *.force.com *.salesforceliveagent.com *.bazaarvoice.com *.salesforce.com *.googletagmanager.com *.cookielaw.org *.doubleclick.net *.crazyegg.com *.trackjs.com *.yimg.com *.bing.com *.amazon-adsystem.com *.adsrvr.org unpkg.com *.youtube.com *.googleoptimize.com *.google.co.in *.pinimg.com *.juicer.io *.cloudflare.com *.commerce-connector.com api.fouanalytics.com *.outbrain.com *.paa-reporting-advertising.amazon *.pinterest.com dnsl4xr6unrmf.cloudfront.net s3.amazonaws.com api.b2c.com https://dec.azureedge.net https://player.vimeo.com/api/player.js; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' *.salesforce-sites.com *.typekit.net https://cdn.insight.sitefinity.com https://dec.azureedge.net *.pricespider.com *.mapbox.com *.force.com *.bazaarvoice.com *.salesforce.com *.googletagmanager.com *.typography.com *.cloudfront.net *.myfonts.net *.juicer.io; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: d3f8e2yx8gxglk.cloudfront.net *.azureedge.net *.typekit.net *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.gpdigital.biz *.pricespider.com *.bazaarvoice.com https://d3f8e2yx8gxglk.cloudfront.net www.google.com *.yahoo.com *.bing.com *.trackjs.com *.ytimg.com *.googletagmanager.com *.cookielaw.org *.google.co.in *.pinterest.com *.juicer.io juicer.io *.commerce-connector.com https://ad.doubleclick.net fa.aidemsrv.com s3.amazonaws.com https://cdn.insight.sitefinity.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: use.typekit.net *.cloudfront.net *.juicer.io *.pricespider.com; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.qpleshq.com *.vimeo.com *.youtube.com *.force.com *.mapbox.com *.bazaarvoice.com *.salesforce.com *.pricespider.com *.google-analytics.com *.amazon-adsystem.com *.adsrvr.org *.facebook.com *.doubleclick.net *.pinterest.com; connect-src 'self' *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.visualstudio.com *.bazaarvoice.com *.force.com *.pricespider.com *.mapbox.com wss: *.yimg.com *.crazyegg.com *.sitefinity.com *.trackjs.com *.doubleclick.net *.facebook.com *.cookielaw.org *.onetrust.com *.googletagmanager.com *.salesforce-sites.com *.bing.com *.googleoptimize.com *.google.co.in *.pinterest.com *.juicer.io *.google.com *.commerce-connector.com *.cpg.gp.com api.fouanalytics.com/api/x *.outbrain.com *.amazon-adsystem.com ara.paa-reporting-advertising.amazon *.wyng.com; media-src 'self' data: blob: *.azureedge.net; child-src 'self' blob:; frame-ancestors 'self' *.salesforce.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' libeskind.com *.libeskind.com googleads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com ajax.googleapis.com snap.licdn.com www.google-analytics.com www.googleadservices.com connect.facebook.net; frame-src 'self' libeskind.com *.libeskind.com www.facebook.com www.youtube.com player.vimeo.com; object-src 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://norcal.social; img-src 'self' https: data: blob: https://norcal.social; style-src 'self' https://norcal.social 'nonce-8BPXxdFZQjkz0XcKgR8VLQ=='; media-src 'self' https: data: https://norcal.social; frame-src 'self' https:; manifest-src 'self' https://norcal.social; form-action 'self'; child-src 'self' blob: https://norcal.social; worker-src 'self' blob: https://norcal.social; connect-src 'self' data: blob: https://norcal.social https://files.mastodon.norcal.social wss://norcal.social; script-src 'self' https://norcal.social 'wasm-unsafe-eval' 1
default-src 'self' *.stage-vynetrellis.com stage-vynetrellis.com *.stage-rpractice.com stage-rpractice.com; child-src 'self' blob: *.pendo.io stage-vynetrellis.com *.stage-vynetrellis.com; worker-src 'self' blob:; connect-src 'self' blob: wss://*.stage-vynetrellis.com wss://stage-vynetrellis.com *.google-analytics.com *.g.doubleclick.net *.google.com *.gstatic.com *.googletagmanager.com *.amazonaws.com *.typekit.net *.transnox.com *.cloudflare.com *.nsit-pass.com *.transit-pass.com *.nea-fast.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com *.stage-vynetrellis.com stage-vynetrellis.com *.hellopearl.com *.mouseflow.com; font-src 'self' data: *.gstatic.com *.typekit.net; form-action 'self'; frame-ancestors 'self' *.stage-vynetrellis.com stage-vynetrellis.com *.stage-rpractice.com stage-rpractice.com *.pendo.io; frame-src 'self' *.stage-vynetrellis.com stage-vynetrellis.com *.pendo.io *.youtube.com; img-src 'self' *.vynetrellis.com blob: data: *.stage-vynetrellis.com stage-vynetrellis.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com *.youtube.com *.ytimg.com; object-src 'none'; script-src 'self' 'unsafe-inline' *.google-analytics.com *.g.doubleclick.net *.google.com *.gstatic.com *.googletagmanager.com *.amazonaws.com *.typekit.net *.transnox.com *.cloudflare.com *.nsit-pass.com *.transit-pass.com *.nea-fast.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com pendo-io-static.storage.googleapis.com *.hellopearl.com *.mouseflow.com; style-src 'self' 'unsafe-inline' *.stage-vynetrellis.com stage-vynetrellis.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com fonts.googleapis.com *.typekit.net; 1
default-src 'self'; font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com; connect-src 'self' *.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; img-src 'self' data: www.google-analytics.com; report-uri https://wmt34ash.uriports.com/reports/report 1
frame-ancestors 'self' *.qfc.cn *.tnc.com.cn *.aliyuncs.com *.aliyun.com *.ctcn.com.cn *.globaltextiles.com *.qfcgroup.com 1
script-src http: https: 'unsafe-inline' 'unsafe-eval' https://www.magasinet.no/ *.googletagmanager.com *.google-analytics.com data: https://*.clarity.ms https://*.klaviyo.com; style-src 'self' https: 'unsafe-inline' blob: https://www.magasinet.no/; img-src data: http: https: blob: https://c.bing.com https://*.clarity.ms; object-src 'none'; base-uri 'none'; default-src blob: 'self' https://*.clarity.ms https://katalog.magasinet.no https://commerce.adobedc.net https://commerce.adobe.io https://*.tiktok.com/ https://*.photoslurp.com https://*.doubleclick.net https://webstats.twoday.no/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.lt https://*.google.no https://*.google.com https://*.googleapis.com https://*.lipscore.com https://*.bing.com https://*.cookieinformation.com https://*.klarna.com https://*.klarnaevt.com https://*.klarnaservices.com https://*.kelkoogroup.net https://*.zdassets.com https://*.zendesk.com wss://*.zopim.com https://*.nr-data.net https://*.klaviyo.com; font-src data: 'self' fonts.gstatic.com static.lipscore.com v2.zopim.com x.klarnacdn.net *.cloudfront.net *.photoslurp.com; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.klarna.com *.sleeknote.com *.googlesyndication.com *.klarnaservices.com *.photoslurp.com *.facebook.com https://*.cookieinformation.com/; frame-ancestors 'self' https://katalog.magasinet.no/; report-uri https://925015dff672673dc181e65d1429ee9c.report-uri.com/r/d/csp/enforce; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com https://creativecdn.com https://www.pinterest.com https://www.pinterest.co.uk; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.pndsn.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://privacyportal-de.onetrust.com https://ct.pinterest.com https://storyboard.storystream.ai https://content.storystream.ai https://analytics.tiktok.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://checkout.vitalproteins.fr https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-media.akamaized.net https://download-video.akamaized.net https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googlesyndication.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://apps.storystream.ai https://platform.twitter.com https://cdn.pubnub.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://s.pinimg.com https://analytics.tiktok.com https://*.ibytedtos.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://s1.thcdn.com/ https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
upgrade-insecure-requests;  frame-ancestors 'self' x-bees.com *.x-bees.com ; 1
upgrade-insecure-requests; report-uri https://achtzig20.report-uri.com/r/d/csp/enforce; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amazon.com *.payments-amazon.com *.paypal.com *.paypalobjects.com cdn.webstollen.de *.doofinder.com *.jquery.com *.google.com *.youtube.com *.youtube-nocookie.com maps.gstatic.com *.googleapis.com *.gstatic.com/recaptcha/ *.google.com/recaptcha/ *.google-analytics.com cdnjs.cloudflare.com; child-src 'self' *.paypal.com *.paypalobjects.com *.google.com *.youtube.com *.youtube-nocookie.com *.trustpilot.com; object-src 'self' 1
frame-ancestors 'self' https://manage.smartindustry.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://voskcointalk.com/logs/ https://voskcointalk.com/sidekiq/ https://voskcointalk.com/mini-profiler-resources/ https://voskcointalk.com/assets/ https://voskcointalk.com/brotli_asset/ https://voskcointalk.com/extra-locales/ https://voskcointalk.com/highlight-js/ https://voskcointalk.com/javascripts/ https://voskcointalk.com/plugins/ https://voskcointalk.com/theme-javascripts/ https://voskcointalk.com/svg-sprite/ https://www.google-analytics.com/analytics.js 'sha256-HZxBMVZe6P3MvHDZlFai9cUmLH+qwX6BNT3qTwNPATg='; worker-src 'self' https://voskcointalk.com/assets/ https://voskcointalk.com/brotli_asset/ https://voskcointalk.com/javascripts/ https://voskcointalk.com/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'unsafe-inline' 'unsafe-hashes' data:; style-src-attr * 'unsafe-inline' 'unsafe-hashes'; img-src * data:; font-src * 'self' data:; connect-src *; media-src *; child-src *; frame-src *; worker-src *; frame-ancestors *; form-action *; base-uri *; manifest-src *; 1
default-src 'self' *.criticalstart.com data: 'unsafe-inline'; script-src * 'self' data: 'unsafe-inline'; script-src-elem * 'self' data: 'unsafe-inline'; script-src-attr * 'self' data: 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; frame-src * 'self' 1
base-uri 'self'; frame-ancestors 'self' https://*.life.church https://*.lifechurch.io; upgrade-insecure-requests; 1
base-uri 'self'; form-action 'self' https://*.facebook.com https://*.createsend.com; frame-ancestors 'self'; upgrade-insecure-requests ; connect-src 'self' https://px.ads.linkedin.com https://*.popt.in https://*.doubleclick.net https://*.googlesyndication.com  https://cdn.linkedin.oribi.io  https://*.google-analytics.com blob: 'self' 'unsafe-eval' 'unsafe-inline'  https://*.tangible.net.nz https://*.wp.com https://www.facebook.com https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://*.googletagservices.com https://*.facebook.net https://*.googletagmanager.com https://googleads.g.doubleclick.net https://*.pingdom.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.youtube-nocookie.com https://*.createsend.com https://createsend.com; default-src 'self'; font-src data: 'self' https://*.googleapis.com https://*.gstatic.com https://*.wp.com; frame-src 'self'  https://disqus.com *.safeframe.googlesyndication.com https://*.googlesyndication.com https://*.tangible.net.nz blob: 'self' 'unsafe-eval' 'unsafe-inline'  https://*.tangible.net.nz https://*.wp.com  https://player.vimeo.com https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://*.googletagservices.com https://*.facebook.net https://*.googletagmanager.com https://googleads.g.doubleclick.net https://*.pingdom.net https://*.facebook.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat  https://*.youtube-nocookie.com https://*.vimeo.com; img-src blob: data: 'self' 'unsafe-eval' 'unsafe-inline'  https://jobs.stoppress.co.nz https://*.disquscdn.com https://*.disqus.com https://*.google-analytics.com https://*.tangible.net.nz https://*.gravatar.com https://*.cloudinary.com https://*.wp.com https://*.googlesyndication.com https://*.google.com https://googleads.g.doubleclick.net   https://*.linkedin.com https://t.co https://*.twitter.com https://*.facebook.com https://cdn.linkedin.oribi.io https://*.tangible.net.nz https://*.wp.com https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://*.googletagservices.com https://*.facebook.net https://*.googletagmanager.com https://googleads.g.doubleclick.net https://*.pingdom.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat ; media-src 'self' https://*.cloudinary.com; object-src 'self' https://*.cloudinary.com; script-src blob: data: 'self' 'unsafe-eval' 'unsafe-inline'  https://stoppress2015.disqus.com https://*.cloudflare.com https://*.popt.in https://*.jquery.com https://*.tangible.net.nz https://*.wp.com https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://*.googletagservices.com https://*.facebook.net https://*.googletagmanager.com https://googleads.g.doubleclick.net https://*.pingdom.net https://*.licdn.com https://static.ads-twitter.com https://*.google-analytics.com https://js.createsend1.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat ; style-src 'self' 'unsafe-inline' https://*.wp.com https://*.googleapis.com https://*.disquscdn.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' demdex.net dpm.demdex.net *.lisa-cdn.net *.turnto.eu *.turnto.com *.edgecastcdn.net *.lisa-api.net api.hello-lisa.com *.amazonaws.com *.attn.tv audioeye.com *.audioeye.com *.bing.com *.btttag.com btttag.com certona.net cloudflare.com cdnjs.cloudflare.com *.cloudfront.net cloudfront.net *.coach.com coach.com criteo.com criteo.net *.criteo.net *.criteo.com *.facebook.com *.facebook.net *.forter.com forter.com *.google.com *.google.co.uk www.google.ee www.google.ch www.google.cz www.google.ge www.google.by www.google.lv www.google.ca *.google.ie www.google.hr *.google.pl www.google.pt www.google.lu *.google.nl *.google.de *.google.fr www.google.hu *.google.be www.google.es www.google.ru www.google.is www.google.bg www.google.lt www.google.ro www.google.it www.google.jo www.google.no www.google.si www.google.gr www.google.sk *.gstatic.com www.googleadservices.com googleapis.com *.googleapis.com *.cloudfunctions.net www.googletagmanager.com *.google-analytics.com klarna.com *.klarna.com klarnacdn.net *.klarnacdn.net klarnaevt.com *.klarnaevt.com klarnaservices.com *.klarnaservices.com *.optimizely.com *.paypal.com *.qualtrics.com *.force.com my.salesforce.com *.my.salesforce.com *.salesforceliveagent.com *.salesforce-site.com twitter.com *.twitter.com ads-twitter.com static.ads-twitter.com t.co techlab-cdn.com p11.techlab-cdn.com cquotient.com *.cquotient.com jsdelivr.net *.katespade.com katespade.eu *.katespade.eu www.katespade.de cookielaw.org cdn.cookielaw.org onetrust.com *.cdnwidget.com *.cdnbasket.net *.onetrust.com *.drivecommerce.com quantummetric.com *.quantummetric.com tag.wknd.ai goqubit.com static.goqubit.com *.qubit.com *.qubitproducts.com trustedshops.com *.trustedshops.com *.linksynergy.com smct.io *.smct.io pippio.com api.addressy.com *.doubleclick.net tapes11111.pcapredict.com services.postcodeanywhere.co.uk *.tangiblee.com *.bounceexchange.com events.bouncex.net *.rakuten.com smct.co *.smct.co api.soreto.com prod-cdn.us.yextapis.com realtimeanalytics.yext.com *.a.bigcontent.io *.adyen.com *.mktgcdn.com *.bluecore.com www.yext-pixel.com snap.licdn.com main-de-coach-com-pagescdn-com.preview.pagescdn.com ct.pinterest.com analytics.tiktok.com s.pinimg.com creativecdn.com *.creativecdn.com www.linkedin.com *.kampyle.com *.medallia.com *.stylitics.com code.jquery.com *.scene7.com tapestry.my.salesforce-sites.com cdn.attn.tv *.upsellit.com *.gocertify.me *.bluecore.app bluecore.com bluecore.app *.tapestry.com *.turnto.com *.edgecastcdn.net *.pixlee.co *.yext.com *.yextapis.com *.yextevents.com *.yext-pixel.com *.mktgcdn.com *.pixlee.com *.pixleeteam.com *.pxlecdn.com data: blob:; 1
default-src 'none'; script-src 'self' 'unsafe-inline' *.vo.msecnd.net js.braintreegateway.com js.braintreegateway.com www.paypalobjects.com www.paypal.com; connect-src 'self' dc.services.visualstudio.com api.braintreegateway.com *.braintree-api.com www.paypal.com client-analytics.braintreegateway.com; img-src 'self' d3hxfo6smli63x.cloudfront.net cdn.camplonghorn.com *.paypal.com *.paypalobjects.com assets.braintreegateway.com data:; style-src 'self' 'unsafe-inline' assets.braintreegateway.com;media-src cdn.camplonghorn.com;base-uri 'self';font-src cdn.camplonghorn.com;form-action 'self' https://*.paypal.com;frame-ancestors 'self';frame-src 'self' assets.braintreegateway.com checkout.paypal.com www.paypal.com; child-src assets.braintreegateway.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' https://unitronics.io/** https://*.unitronics.io/** https://unicloud-private-prod-eu-west-1.s3.amazonaws.com https://unitronics-language-exports-prod-eu-west-1.s3.amazonaws.com https://unicloud-events-prod-eu-west-1.s3.amazonaws.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://*.whatfix.com blob:; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com https://unicloud-public-prod-eu-west-1.s3.amazonaws.com https://unicloud-private-prod-eu-west-1.s3.amazonaws.com https://unicloud-public-prod-eu-west-1.s3.amazonaws.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; connect-src 'self' https://unicloud-private-prod-eu-west-1.s3.amazonaws.com https://unitronics-prod-opswat-uploaded-files.s3.amazonaws.com https://*.whatfix.com https://*.googleapis.com *.google.com https://*.gstatic.com data: blob; worker-src blob:; frame-src *.google.com https://*.unitronics.io/ https://unicloud-public-prod-eu-west-1.s3.amazonaws.com https://*.whatfix.com; 1
default-src 'nonce-df83419468fad789fe6484844e26bc5b' 'self' blob: *.yieldify.com *.yieldify-production.com; style-src 'self' 'unsafe-inline' *.foresee.com netdna.bootstrapcdn.com fonts.googleapis.com *.iadvize.com *.rs-online.com *.euro.confirmit.com *.rsgroup.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.criteo.com *.criteo.net *.rs-online.com core.conversant.mgr.consensu.org *.dotomi.com *.optimizely.com *.go-mpulse.net cdn.appdynamics.com cdns.brsrvr.com bat.bing.com www.google.com www.google-analytics.com static.ads-twitter.com www.googletagmanager.com www.googleadservices.com www.datadoghq-browser-agent.com *.liveperson.net *.v.liveperson.net *.lpsnmedia.net analytics.twitter.com snap.licdn.com www.youtube.com *.foresee.com device.4seeresults.com survey.answerscloud.com survey.foreseeresults.com aiops.electrocomponents.com aiops-pilot.electrocomponents.com *.yahoo.co.jp *.yimg.jp *.doubleclick.net *.g.doubleclick.net manage.ensighten.com *.mimecast.com *.mcangelus.com *.facebook.net *.iadvize.com *.kingpinkton.com *.contentsquare.net *.contentsquare.com *.hs-scripts.com img.youtube.com js.hsforms.net js.hs-banner.com js.hs-analytics.net js.hsleadflows.net cdn.speedcurve.com *.groupbycloud.com *.prod.mplat-ppcprotect.com *.lunio.ai activitymap.adobe.com ucm-eu.verint-cdn.com survey.efmfeedback.com app.ppe-analytics.com *.treasuredata.com *.euro.confirmit.com *.mczbf.com *.sjwoe.com hm.baidu.com fxgate.baidu.com *.taboola.com *.rsgroup.com secure.intelligence52.com *.yieldify.com *.creativecdn.com *.salecycle.com; font-src 'self' *.foresee.com netdna.bootstrapcdn.com fonts.gstatic.com *.iadvize.com *.rs-online.com *.yieldify-production.com; img-src 'self' data: *.criteo.com res.cloudinary.com *.rs-online.com lpcdn.lpsnmedia.net *.foresee.com rsonline.cn st1rsonline.cn *.rsonline.cn *.st1rsonline.cn *.yahoo.co.jp *.yimg.jp dpm.demdex.net *.facebook.com www.google.com www.google-analytics.com www.googletagmanager.com *.ensighten.com cm.everesttech.net analytics.twitter.com bat.bing.com *.linkedin.com *.dotomi.com *.brsrvr.com *.doubleclick.net *.g.doubleclick.net *.amazonaws.com *.google.co.uk *.mcangelus.com *.twitter.com *.facebook.net *.rubiconproject.com *.akstat.io *.3lift.com *.iadvize.com t.co *.kingpinkton.com *.contentsquare.net *.contentsquare.com img.youtube.com forms.hubspot.com lux.speedcurve.com ucm-eu.verint-cdn.com survey.efmfeedback.com app.ppe-analytics.com *.euro.confirmit.com *.mczbf.com *.sjwoe.com *.emjcd.com *.kdukvh.com *.pkracv.com hm.baidu.com fxgate.baidu.com *.taboola.com *.rsgroup.com secure.intelligence52.com *.yieldify.com *.yieldify-production.com *.creativecdn.com; frame-src 'self' 'unsafe-inline' m.news.rs-online.com cdn.appdynamics.com *.liveperson.net *.idp.liveperson.net *.msg.liveperson.net *.msghist.liveperson.net *.tokenizer.liveperson.net *.lpsnmedia.net *.doubleclick.net *.g.doubleclick.net *.demdex.net www.youtube.com *.cdn.optimizely.com *.criteo.com *.criteo.net *.facebook.com cloud.publisher-tools.com login.dotomi.com *.iadvize.com res.cloudinary.com *.rs-online.com *.rs-webspace.com forms.hsforms.com octagon-dev.co.uk www.jotform.com share.hsforms.com www.google.com my.matterport.com player.youku.com rs-components-uk.carlogavazzi-pss.com/widget *.euro.confirmit.com electro-mkt-stage1-m.adobe-campaign.com *.rsgroup.com *.yieldify.com; connect-src 'self' wss: ws: *.rs-online.com *.rscomp.systems localhost:4000 api.rs-data.tech bat.bing.com *.optimizely.com *.go-mpulse.net col.eum-appdynamics.com *.foresee.com device.4seeresults.com survey.answerscloud.com survey.foreseeresults.com wss://hoover.foresee.com dpm.demdex.net *.tt.omtrdc.net *.akstat.io aiops.electrocomponents.com aiops-pilot.electrocomponents.com *.datadoghq.com www.google-analytics.com *.mcangelus.com *.akamaihd.net *.iadvize.com *.kingpinkton.com *.contentsquare.net *.contentsquare.com hubspot-forms-static-embed.s3.amazonaws.com forms.hsforms.com *.msg.liveperson.net lux.speedcurve.com *.prod.mplat-ppcprotect.com *.lunio.ai *.groupbycloud.com *.google.com ucm-eu.verint-cdn.com survey.efmfeedback.com app.ppe-analytics.com *.treasuredata.com *.euro.confirmit.com *.mczbf.com *.sjwoe.com dotomi.com *.dotomi.com hm.baidu.com fxgate.baidu.com *.taboola.com *.rsgroup.com *.yieldify.com *.yieldify-production.com yieldify.connectorengine.com *.creativecdn.com *.salecycle.com; frame-ancestors 'self' https://app.contentful.com *.ariba.com; media-src lpcdn.lpsnmedia.net; object-src 'none'; child-src blob: *.yieldify.com; worker-src blob: localhost:3000 uk.localhost:3000; form-action 'self' forms.hsforms.com st1rsonline.cn *.st1rsonline.cn rsonline.cn *.rsonline.cn *.rs-online.com; 1
default-src uniroyaltires.prod-ncus-dcadcx.michelin.fr 'self' *.windows.net maps.googleapis.com https://api.privacy-center.org/ https://sdk.privacy-center.org/ *.google-analytics.com www.google-analytics.com api.bazaarvoice.com; style-src 'unsafe-inline' uniroyaltires.prod-ncus-dcadcx.michelin.fr *.salesforce.com *.salesforceliveagent.com *.force.com *.michelin.fr *.windows.net cxf-prod.azureedge.net fonts.googleapis.com *.salesforce-sites.com www.googletagmanager.com ; script-src 'unsafe-inline' 'unsafe-eval' uniroyaltires.prod-ncus-dcadcx.michelin.fr *.salesforce.com *.salesforceliveagent.com *.force.com *.michelin.fr *.windows.net cxf-prod.azureedge.net https://www.google.com/ *.googleapis.com https://www.gstatic.com/ https://sdk.privacy-center.org/ https://www.youtube.com *.google-analytics.com *.googletagmanager.com https://developers.google.com/ *.hotjar.com *.clic2buy.com 'self' *.salesforce-sites.com apps.bazaarvoice.com mpsnare.iesnare.com *.mouseflow.com apis.google.com; font-src uniroyaltires.prod-ncus-dcadcx.michelin.fr 'self' cxf-prod.azureedge.net *.windows.net fonts.gstatic.com apps.bazaarvoice.com data: *.mouseflow.com; frame-src 'self' *.salesforce.com *.salesforceliveagent.com *.force.com *.youtube.com https://vars.hotjar.com https://www.google.com *.clic2buy.com https://util.michelintruck.com *.util.michelintruck.com intent: data: *.mouseflow.com; connect-src 'self' *; img-src 'self' *.windows.net *.youtube.com *.google-analytics.com *.gstatic.com https://i.ytimg.com *.googleapis.com *.azureedge.net *.force.com network-stg-a.bazaarvoice.com network-a.bazaarvoice.com photos-us.bazaarvoice.com data: *.mouseflow.com www.googletagmanager.com ; worker-src 'self' https://service.force.com/ data: 1
default-src 'self';         script-src 'self' www.eway.com.au maps.googleapis.com;         img-src 'self' www.eway.com.au data: maps.gstatic.com *.googleapis.com *.ggpht;         style-src 'self' 'unsafe-inline' *.googleapis.com;         font-src 'self' *.gstatic.com;          1
script-src http: https: 'unsafe-inline' 'unsafe-eval' https://www.lightsonline.com; style-src 'self' blob: https: 'unsafe-inline' https://www.lightsonline.com; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self' blob: https:; worker-src 'self' blob: https:; font-src 'self' data: fonts.gstatic.com *.livechatinc.com members.cj.com use.typekit.net cdnjs.cloudflare.com *.affirm.com; frame-src *.instagram.com *.paypal.com *.paypalobjects.com td.doubleclick.net assets.braintreegateway.com *.google.com *.livechatinc.com members.cj.com *.youtube.com *.youtu.be *.vimeo.com lightsonline.ladesk.com *.affirm.com 1-vbus-us-tx.ladesk.com secure.safewebservices.com *.facebook.com *.facebook.net www.emjcd.com cj.dotomi.com *.pinterest.com 1
default-src 'self' *.clarity.ms *.bing.com *.licdn.com *.fibr.shop cdnjs.cloudflare.com *.rupeek.co rupeek.com *.rupeek.com youtube.com www.googletagmanager.com fonts.gstatic.com www.google-analytics.com vs.rupeek.com:446 *.google.com *.gstatic.com s3.amazonaws.com *.freshteam.com *.nr-data.net *.hotjar.com *.hotjar.io wss://*.hotjar.com api.factors.ai stats.g.doubleclick.net apis.sharechat.com *.taboola.com bcp.crwdcntrl.net maps.googleapis.com  api2.branch.io; img-src 'self' *.clarity.ms *.bing.com *.licdn.com *.fibr.shop *.rupeek.com *.amazonaws.com *.facebook.com www.google-analytics.com www.google.co.in ssl.gstatic.com *.google.com d2r1yp2w7bby2u.cloudfront.net www.googletagmanager.com *.facebook.net *.gstatic.com data: googleads.g.doubleclick.net *.taboola.com maps.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.bing.com *.licdn.com *.fibr.shop cdnjs.cloudflare.com rupeek.com *.rupeek.co *.rupeek.com  code.jquery.com www.googletagmanager.com unpkg.com *.facebook.net www.google-analytics.com static.clevertap.com clevertap-prod.com *.clevertap-prod.com stats.g.doubleclick.net wzrkt.com *.google.com *.gstatic.com s3.amazonaws.com *.freshteam.com d2r1yp2w7bby2u.cloudfront.net *.nr-data.net *.hotjar.com *.hotjar.io wss://*.hotjar.com googleoptimize.com app.factors.ai sc-events-sdk.sharechat.com www.googleadservices.com *.taboola.com tags.crwdcntrl.net maps.googleapis.com app.link; style-src 'self' 'unsafe-inline' *.clarity.ms *.bing.com *.licdn.com *.fibr.shop cdnjs.cloudflare.com  rupeek.com *.rupeek.co *.rupeek.com  code.jquery.com www.googletagmanager.com unpkg.com *.googleapis.com *.google.com *.freshteam.com; frame-src www.youtube.com *.clarity.ms *.bing.com *.licdn.com *.fibr.shop *.google.com *.hotjar.com *.hotjar.io tsdtocl.com; object-src 'none'; font-src 'self' *.clarity.ms *.bing.com *.licdn.com *.fibr.shop cdnjs.cloudflare.com *.rupeek.co rupeek.com *.rupeek.com youtube.com www.googletagmanager.com fonts.gstatic.com www.google-analytics.com *.google.com *.gstatic.com s3.amazonaws.com *.freshteam.com *.hotjar.com *.hotjar.io wss://*.hotjar.com api.factors.ai apis.sharechat.com *.taboola.com bcp.crwdcntrl.net data: maps.googleapis.com 1
default-src 'self' data: *.zdassets.com; img-src 'self' data: blob: www.google-analytics.com stats.g.doubleclick.net www.google.com www.facebook.com www.google.ca www.google.com.sg https://*.twitter.com https://*.singpass.gov.sg https://*.zopim.io; style-src 'self' 'unsafe-inline' *.googleapis.com https://*.singpass.gov.sg; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.googleadservices.com *.doubleclick.net ajax.cloudflare.com *.twitter.com *.facebook.net facebook.net *.facebook.com facebook.com *.google.com *.googleapis.com *.singpass.gov.sg *.zdassets.com *.coinut.com; frame-src 'self' *.twitter.com *.youtube.com *.google.com *.facebook.com *.linkedin.com; font-src 'self' https://*.gstatic.com; connect-src 'self' data: https://*.g.doubleclick.net www.google-analytics.com https://*.google.com https://api.zoomauth.com https://*.facebook.com https://www.tradingview.com https://*.coinut.com https://*.coinut.br.com https://*.coinut.ca https://*.coinut.sg wss://coinut.com wss://*.coinut.br.com wss://*.coinut.com *.singpass.gov.sg *.zendesk.com *.zdassets.com *.zopim.com wss://*.zopim.com 1
default-src data: https: 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes'; report-uri /_csp; report-to default 1
default-src 'self'; worker-src blob:; child-src blob:; font-src * data: https:; img-src * data:; media-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' https:; style-src * 'unsafe-inline' https:; connect-src * https:; frame-src * https:; 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles secretsinlace.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com pro.ip-api.com forms.soundestlink.com; default-src 'self' s3.amazonaws.com/cdn.secretsinlace.com/ cdn.commercev3.net/cdn.secretsinlace.com/ cdn.secretsinlace.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' secretsinlace.commercev3.com s3.amazonaws.com/cdn.secretsinlace.com/ cdn.commercev3.net/cdn.secretsinlace.com/ cdn.secretsinlace.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data: fonts.soundestlink.com; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com ct.pinterest.com player.vimeo.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn.secretsinlace.com/ cdn.commercev3.net/cdn.secretsinlace.com/ cdn.secretsinlace.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ stats.g.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com secure.trust-provider.com *.soundestlink.com omnisnippet1.com i.vimeocdn.com/video/; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.secretsinlace.com/ cdn.commercev3.net/cdn.secretsinlace.com/ cdn.secretsinlace.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com cdn.jsdelivr.net omnisnippet1.com forms.soundestlink.com; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.secretsinlace.com/ cdn.commercev3.net/cdn.secretsinlace.com/ cdn.secretsinlace.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com cdn.jsdelivr.net omnisnippet1.com forms.soundestlink.com; style-src 'self' s3.amazonaws.com/cdn.secretsinlace.com/ cdn.commercev3.net/cdn.secretsinlace.com/ cdn.secretsinlace.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net; style-src-elem 'self' s3.amazonaws.com/cdn.secretsinlace.com/ cdn.commercev3.net/cdn.secretsinlace.com/ cdn.secretsinlace.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net; style-src-attr  'unsafe-inline'; media-src 'self' secretsinlace.commercev3.com s3.amazonaws.com/cdn.secretsinlace.com/ cdn.commercev3.net/cdn.secretsinlace.com/ cdn.secretsinlace.com www.bing.com; 1
frame-ancestors 'self' *.crowdfavorite.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-MNMND1I24crpqHD7uvQHkw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
worker-src blob:; script-src 'self' *.intercom-sheets.com https://unpkg.com/ *.unpkg.com *.salesforce-sites.com *.calendly.com *.episerver.com *.cloudfront.net *.episerver.net *.mapbox.com *.cookiebot.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.google.com *.google.nl *.intercom.io *.intercomcdn.com *.licdn.com *.hotjar.com *.ipify.org *.doubleclick.net *.linkedin.com *.azure.com *.vimeo.com *.youtube.com *.acast.com *.spotify.com *.msecnd.net *.facebook.com *.facebook.net *.visualstudio.com *.gstatic.com *.jquery.com *.jsdelivr.net *.criteo.com *.criteo.net 'unsafe-eval' 'unsafe-inline'; img-src 'self' *.google.com *.google-analytics.com *.google.nl *.linkedin.com *.mediabank-collection.com *.facebook.com *.criteo.com googleads.g.doubleclick.net blob: https: data:; frame-ancestors 'self' https://royalahrend--dev202303.sandbox.my.salesforce-sites.com royalahrend--dev202303.sandbox.my.salesforce-sites.com *.salesforce-sites.com *.tno.nl *.prd.corp *.vimeo.com *.youtube.com *.acast.com *.spotify.com *.tblox.com *.2dela.nl *.ariba.com *.pcon-solutions.com *.intercom-sheets.com; frame-src 'self' *.intercom-sheets.com https://intercom-sheets.com/ https://royalahrend--dev202303.sandbox.my.salesforce-sites.com/ *.salesforce-sites.com *.prd.corp *.calendly.com https://calendly.com/ *.cookiebot.com *.tno.nl *.episerver.net *.criteo.com *.criteo.net *.google.com *.hotjar.com *.pcon-solutions.com 'unsafe-inline'; font-src 'self' *.episerver.net *.hotjar.com *.myfonts.net *.typekit.net *.bootstrapcdn.com *.intercomcdn.com data:; style-src-elem 'self' *.episerver.net *.googleapis.com *.jsdelivr.net *.bootstrapcdn.com *.myfonts.net *.typekit.net 'unsafe-inline'; style-src 'self' *.typekit.net *.myfonts.net *.bootstrapcdn.com 'unsafe-inline' data:; media-src 'self' *.mediabank-collection.com *.cloudfront.net; 1
upgrade-insecure-requests; frame-ancestors 'self' *.pcc-cic.org.uk; default-src https: 'self'; font-src https: data:; img-src https: data:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; worker-src https: blob:; style-src https: 'unsafe-inline'; report-uri https://pcc.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' https://*.site.com https://*.force.com https://*.salesforce.com 1
connect-src 'self' *.icordis.be *.lcp.be burgerprofiel.vlaanderen.be wss://authenticatie.vlaanderen.be wss://prod.widgets.burgerprofiel.vlaanderen.be https://prod.widgets.burgerprofiel.vlaanderen.be wss://prod.contactapi.uat-vlaanderen.be https://prod.contactapi.uat-vlaanderen.be https://contactapi.vlaanderen.be *.burgerprofiel.be geoserver.gis.cloud.mow.vlaanderen.be  api.gipod.vlaanderen.be geo.api.vlaanderen.be *.facebook.com *.facebook.net *.timeblockr.com *.api.timeblockr.cloud *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.analytics.google.com *.giveaday.be toegankelijk.vlaanderen.be *.googleapis.com *.topdesk.net *.hcaptcha.com *.matomo.cloud https://geoserver.gis.cloud.mow.vlaanderen.be *.hotjar.com; font-src 'self' *.icordis.be *.lcp.be https://ui.vlaanderen.be https://dij151upo6vad.cloudfront.net *.gstatic.com *.timeblockr.com *.api.timeblockr.cloud https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com https://kit-pro.fontawesome.com *.typekit.net  https://fonts.gstatic.com *.googleapis.com *.topdesk.net *.hotjar.com; frame-src 'self' *.icordis.be *.lcp.be notfound-static.fwebservices.be stratenplan.eeklo.be *.iamfas.belgium.be https://prod.widgets.burgerprofiel.vlaanderen.be https://prod.frontend.burgerprofiel.vlaanderen.be https://authenticatie.vlaanderen.be https://idp.iamfas.belgium.be https://www.openstreetmap.org https://umap.openstreetmap.fr *.youtube.com youtu.be  www.youtube.com *.soundcloud.com *.facebook.com *.facebook.net *.gift2give.be *.issuu.com maps.geopunt.be *.maps.geopunt.be *.api.vlaanderen.be *.vlaanderen.be *.geopunt.be *.bizlocator.be *.spotify.com *.jobsolutions.be *.3p.eu *.timeblockr.com *.api.timeblockr.cloud *.arcg.is arcg.is *.maps.arcgis.com *.arcgis.com app.eaglebe.com *.google.com https://calendar.google.com www3.sport.vlaanderen https://www.recycleapp.be *.tableau.com *.topdesk.net *.instagram.com https://player.clevercast.com *.hcaptcha.com https://docs.google.com *.hotjar.com https://www.fietsrouteplanner.org; img-src 'self' *.icordis.be *.lcp.be data: *.amazonaws.com https://prod.widgets.burgerprofiel.vlaanderen.be https://prod.widgetconfigservice.burgerprofiel.vlaanderen.be data: *.osm.be *.informatievlaanderen.be *.geopunt.be *.tile.openstreetmap.org https://geo.api.vlaanderen.be geoserver.gis.cloud.mow.vlaanderen.be  api.gipod.vlaanderen.be *.tile.openstreetmap.fr *.gstatic.com *.ytimg.com *.google.com *.soundcloud.com https://scontent-iad3-1.xx.fbcdn.net  *.fbsbx.com *.facebook.com *.facebook.net *.gift2give.be *.issuu.com cdn.syndication.twimg.com *.jobsolutions.be *.3p.eu *.timeblockr.com *.api.timeblockr.cloud *.google-analytics.com *.googletagmanager.com *.google.be *.uitdatabank.be  udb-media.imgix.net udb2-media.imgix.net  images-prod-uitdatabank.imgix.net *.westtoer.be *.west-vlaanderen.be *.tile.openstreetmap.fr *.cloudfront.net *.giveaday.be openfed.github.io toegankelijk.vlaanderen.be https://openfed.github.io *.tableau.com *.googleapis.com *.topdesk.net *.instagram.com *.cdninstagram.com https://squizlabs.github.io *.smassets.net *.matomo.cloud https://geoserver.gis.cloud.mow.vlaanderen.be *.hotjar.com; script-src 'self' 'unsafe-inline' *.icordis.be *.lcp.be 'unsafe-eval' https://prod.widgets.burgerprofiel.vlaanderen.be *.vlaanderen.be *.geopunt.be *.youtube.com *.facebook.com *.facebook.net *.twitter.com *.twimg.com *.vlaanderen.be *.jobsolutions.be *.3p.eu *.timeblockr.com *.api.timeblockr.cloud *.google-analytics.com *.googletagmanager.com *.arcg.is arcg.is *.maps.arcgis.com *.arcgis.com https://geo.api.vlaanderen.be app.eaglebe.com maps.googleapis.com *.giveaday.be openfed.github.io toegankelijk.vlaanderen.be   https://openfed.github.io *.tableau.com *.googleapis.com *.topdesk.net *.instagram.com *.hcaptcha.com https://squizlabs.github.io *.surveymonkey.com *.googleapis.com cdn.matomo.cloud *.vlaanderen.be *.hotjar.com; worker-src 'self' www.eeklo.be *.icordis.be *.lcp.be https://prod.widgets.burgerprofiel.vlaanderen.be *.soundcloud.com *.api.timeblockr.cloud *.topdesk.net *.hotjar.com; frame-ancestors 'self' https://stats.lcp.be https://stats.lcp.be *.topdesk.net; style-src 'self' 'unsafe-inline' *.icordis.be *.lcp.be www.eeklo.be fonts.googleapis.com cdn.syndication.twimg.com *.twitter.com *.timeblockr.com *.api.timeblockr.cloud app.eaglebe.com https://use.typekit.net https://p.typekit.net *.giveaday.be *.googleapis.com https://kit-pro.fontawesome.com fonts.googleapis.com openfed.github.io toegankelijk.vlaanderen.be *.typekit.net https://openfed.github.io *.googleapis.com *.topdesk.net https://squizlabs.github.io *.hotjar.com; object-src  *.api.timeblockr.cloud *.hotjar.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.cookielaw.org https://info.dentsu.com https://pi.pardot.com http://pi.pardot.com https://cdn.pardot.com http://cdn.pardot.com https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com https://pagead2.googlesyndication.com/ http://info.dentsu.com/ https://info.dentsu.com/ https://vercel.live https://app.storyblok.com wasm-eval; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://px.ads.linkedin.com https://vimeo.com https://cdn.cookielaw.org https://pagead2.googlesyndication.com https://region1.google-analytics.com https://www.gstatic.com https://ipwhois.pro https://geolocation.onetrust.com https://vercel.live https://px.ads.linkedin https://api.storyblok.com https://api.emailjs.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://player.vimeo.com; frame-ancestors https://app.storyblok.com storyblok.com; img-src 'self' data: https://www.googletagmanager.com https://px.ads.linkedin.com https://www.google-analytics.com https://a.storyblok.com https://cdn.cookielaw.org https://i.vimeocdn.com/; manifest-src 'self'; media-src 'self' https://a.storyblok.com; report-uri https://6551f73079107a8bf3ffdb54.endpoint.csper.io; worker-src blob:; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com.hk *.googleusercontent.com www.google.com.qa www.google.lv cylanceconsumershop.sjv.io www.advantage.nz *.doubleclick.net www.google.at www.google.co.uk advantage.nz www.google.com.my *.cloudfront.net www.google.co.in *.x.clearbitjs.com apis.google.com *.googleapis.com googleapi.com img.youtube.com www.avanan.com app.formbricks.com cdn.scite.ai cdn.jsdelivr.net gjtrack.ucweb.com consentlog.cookieyes.com www.google.se www.google.bg grow.clearbitjs.com www.google.hu static.olark.com www.google.com yoa.st *.linkedin.com account.crocoblock.com www.google.com.kh *.licdn.com www.google.com.br www.google.by events.mapbox.com www.google.ro maps.google.com img.scoop.co.nz x.clearbitjs.com yoast.com region1.google-analytics.com www.google.com.mx www.google.fr www.google.com.vn *.pipedream.wistia.com www.google.es *.googleapi.com *.cookieyes.com use.fontawesome.com clearbit.com www.google.com.pe cookieyes.com www.google.pl www.google-analytics.com api.mapbox.com *.ampproject.org www.google.ge secure.gravatar.com nrpc.olark.com www.google.co.th www.google.co.ke www.google.co.kr www.google.az www.google.com.bz www.google.com.ua www.google.com.sg www.google.com.eg www.google.com.et *.gstatic.com code.jquery.com www.google.com.tw www.google.ae www.google.im *.googleadservices.com www.google.com.om log.cookieyes.com www.google.com.fj www.google.co.zw www.google.co.il www.google.com.ph www.google.com.bh www.google.lk *.alicdn.com s.w.org www.google.co.uz *.cdn-cookieyes.com adservice.google.com www.google.co.nz translate.google.com www.google.co.za static3.avast.com region1.analytics.google.com www.google.hn www.google.com.do fast.wistia.com cdnjs.cloudflare.com www.google.no fonts.gstatic.com google.com *.embedwistia-a.akamaihd.net www.google.be static2.sharepointonline.com *.clearbitjs.com www.google.co.tz www.google.ie *.fast.wistia.com *.googlesyndication.com s2-prod.manchestereveningnews.co.uk cdn-cookieyes.com tag.clearbitscripts.com test.advantage.nz gstatic.com *.akamaihd.net *.google.com analytics.google.com beacon-v2.helpscout.net www.google.com.au cdn.honey.io static.hsappstatic.net www.google.dz ml4zwwsoydfd.i.optimole.com my.yoast.com www.google.ca feedback-pa.clients6.google.com static.zohocdn.com www.google.co.id *.azureedge.net ps.w.org cdn.mxpnl.com maxcdn.bootstrapcdn.com *.facebook.net www.google.de www.googletagmanager.com app.clearbit.com www.google.com.pk www.google.co.jp api.crocoblock.com clearbitjs.com *.wistia.com; frame-ancestors 'self' socmonitor.advantage.co.nz *.amazon.com www.confiant-qa.com www.amazon.co.jp ;  1
upgrade-insecure-requests; frame-ancestors https://app.americanbuildings.com https://app.cbcsteelbuildings.com https://app.kirbybuildingsystems.com https://app.nucorbuildingsystems.com https://www.americanbuildings.com https://www.cbcsteelbuildings.com https://www.kirbybuildingsystems.com https://www.nucorbuildingsystems.com https://www.nucorbuildingsgroup.com https://kbstoolbox.revhub.io https://toolbox.kirbybuildingsystems.com https://toolbox.cbcsteelbuildings.com https://toolbox.americanbuildings.com https://toolbox.nucorbuildingsystems.com; 1
default-src 'self' https://cdn.wolterskluwer.io https://www.niedersachsen.de; connect-src 'self' https:; frame-src 'self' https:; img-src 'self' data: https://cdn.wolterskluwer.io https://*.wolterskluwer-online.de https://*.wk-onega.com https://www.niedersachsen.de; object-src 'none'; script-src 'self' https:; style-src 'self' 'unsafe-inline' https://cdn.wolterskluwer.io; form-action 'self' https://*.wolterskluwer.eu; report-uri https://wkd0.report-uri.com/r/d/csp/enforce 1
object-src 'self' https://informatiemodel.istandaarden.nl https://public.tableau.com;default-src 'self' 'unsafe-inline' 'unsafe-eval';img-src 'self' * data:;worker-src 'self' * data: blob:;media-src 'self' * data:;script-src 'self' 'nonce-QTZEOTJGM0JCNTVFQjRDNUEwRERFODA0NTY2OUVDNjM' https://www.google-analytics.com https://siteimproveanalytics.com https:;style-src 'self' 'unsafe-inline';frame-ancestors 'self' https://informatiemodel.istandaarden.nl https://public.tableau.com http://cms.dev.kiesbeter https://cms-o.kiesbeter.nl https://cms-ts.kiesbeter.nl https://cms-ac.kiesbeter.nl https://cms.kiesbeter.nl;connect-src 'self' https://www.youtube.com https://informatiemodel.istandaarden.nl https://public.tableau.com;child-src 'self' https://www.youtube.com https://informatiemodel.istandaarden.nl https://public.tableau.com;font-src 'self' 1
script-src 'self' 'unsafe-inline' ajax.cloudflare.com www.google-analytics.com www.googletagmanager.com; 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.digiensacademy.com 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com cdn.segment.com cdn.ampproject.org ajax.cloudflare.com static.cloudflareinsights.com boards.greenhouse.io *.algolia.net *.algolianet.com buttons.github.io yastatic.net www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net bam.nr-data.net js-agent.newrelic.com discover.clickhouse.com munchkin.marketo.net player.vimeo.com connect.facebook.net cdn-prod.securiti.ai cookie-cdn.cookiepro.com www.youtube.com https://js.driftt.com https://widget.drift.com https://snap.licdn.com https://tag.clearbitscripts.com https://x.clearbitjs.com https://app.clearbit.io https://cdn-prod.securiti.ai marketo.clearbit.com;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com discover.clickhouse.com https://cdn-prod.securiti.ai;img-src * 'self' data: https:;object-src 'self' blog-images.clickhouse.com;connect-src 'self' https://boards-api.greenhouse.io/ https://apim.workato.com/ https://api.segment.io/v1/ https://api.segment.io/ https://cdn.segment.com/v1/projects/dZuEnmCPmWqDuSEzCvLUSBBRt8Xrh2el/settings https://cdn.segment.com/v1/projects/pYKX60InlEzX6aI1NeyVhSF3pAIRj4Xo/settings https://cdn.segment.com/analytics-next/bundles/* https://cdn.segment.com/next-integrations/integrations/* http://clickhouse.com *.google-analytics.com api.github.com cdn.ampproject.org *.algolia.net *.algolianet.com *.ingest.sentry.io hn.algolia.com www.reddit.com bam.nr-data.net *.mktoresp.com yoast.com cdn.segment.com api.vimeo.com cdn-prod.securiti.ai app.securiti.ai cookie-cdn.cookiepro.com geolocation.onetrust.com privacyportal.cookiepro.com *.clickhouse.com https://cdn.plyr.io https://noembed.com https://cdn.linkedin.oribi.io https://app.clearbit.io https://app.clearbit.com https://clickhouse.cloud/api/galaxy https://cdn.growthbook.io/ https://ipinfo.io;frame-src 'self' blob: https://www.youtube-nocookie.com www.youtube.com player.vimeo.com blog-images.clickhouse.com boards.greenhouse.io discover.clickhouse.com webto.salesforce.com bid.g.doubleclick.net app.hex.tech *.clickhouse.com https://js.driftt.com https://widget.drift.com;font-src 'self' fonts.gstatic.com data:;form-action 'self' webto.salesforce.com;frame-ancestors 'self' https://*.clickhouse.com;prefetch-src 'self'; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: 1
default-src 'unsafe-eval' data: https: 'unsafe-inline' 'self'; worker-src 'self' 'strict-dynamic'; report-uri https://sqro.net/report/csp 1
default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; object-src 'none'; font-src https: data: 'self' https: fonts.googleapis.com themes.googleusercontent.com; connect-src https: wss: 'self'; img-src https: data: 'self' http: *.gravatar.com; worker-src blob: https: 'self' 'unsafe-inline' 'unsafe-eval'; media-src https: blob: 'self'; style-src https: 'unsafe-eval' 'unsafe-inline' 'self' https: fonts.googleapis.com ;script-src 'self' https://www.google.com https://egnatia.eu https://egnatia-demo.eu https://www.googletagmanager.com https://consent.cookiebot.com https://cookiebot.com https://ssl.google-analytics.com https://fonts.googleapis.com https://consentcdn.cookiebot.com  https://fonts.gstatic.com https://wordpress.org egnatia.gr 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; connect-src 'self' *.siteimprove.com https://tim.buerokratt.edu.ee https://buerokratt.edu.ee https://ruuter.buerokratt.edu.ee https://buerokratt.edu.ee/ https://buerokratt.hm.ee https://tim.buerokratt.hm.ee https://buerokratt.edu.ee/widget_bundle.js buerokratt.hm.ee https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://www.google-analytics.com https://www.googletagmanager.com https://buerokratt.hm.ee/widget_bundle.js https://search.service.vportal.ee/v1/search/hm https://search.service.vportal.ee/v1/globalsearch/total https://form.service.vportal.ee/v1/ https://search.service.vportal.ee/v1/events/hm https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com https://tim.buerokratt.edu.ee https://buerokratt.edu.ee https://ruuter.buerokratt.edu.ee https://buerokratt.edu.ee/ https://buerokratt.hm.ee https://tim.buerokratt.hm.ee https://buerokratt.edu.ee/widget_bundle.js buerokratt.hm.ee; frame-src 'self' https://*.rocket.chat https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://*.hm.ee/ https://vana.hm.ee/ https://koolikaart.hm.ee/ https://vana.hm.ee/et/tasuta-kursused-0 https://tim.buerokratt.edu.ee https://buerokratt.edu.ee https://ruuter.buerokratt.edu.ee https://buerokratt.edu.ee/ https://buerokratt.hm.ee https://tim.buerokratt.hm.ee https://buerokratt.edu.ee/widget_bundle.js buerokratt.hm.ee podcasters.spotify.com https://*.google.com https://dok.hm.ee/et/ https://www.google.com/maps/d/embed https://koolikaart.hm.ee/index.php https://docs.google.com/spreadsheets/d/e/2PACX-1vSOu7tLeQdP7sL3tulhQfXHYr8zQjWPZ3Y2TVFXsWWP2zfQd2dQo1RPikxpdCi_74-UUDLkVfXhRmcv/pubchart https://www.google.com/maps/embed https://docs.google.com/forms/d/e/1FAIpQLSdoON1cvPw1hb7LPQrQEzHq0sYtCwTq1DIjFI8vYlkSy94LhQ/viewform https://anchor.fm/iiris-saluri/embed/episodes/Kuhu-liigub-hariduse-tulevik-e200a2t https://podcasters.spotify.com/pod/show/haridusetulevik/embed/episodes/Riiklik-ppekava-suunab-tulevikku-e20db9e https://xgis.maaamet.ee; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com https://tim.buerokratt.edu.ee https://buerokratt.edu.ee https://ruuter.buerokratt.edu.ee https://buerokratt.edu.ee/ https://buerokratt.hm.ee https://tim.buerokratt.hm.ee https://buerokratt.edu.ee/widget_bundle.js buerokratt.hm.ee https://www.googletagmanager.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://tim.buerokratt.edu.ee https://buerokratt.edu.ee https://ruuter.buerokratt.edu.ee https://buerokratt.edu.ee/ https://ajax.cloudflare.com https://static.cloudflareinsights.com https://buerokratt.hm.ee https://tim.buerokratt.hm.ee buerokratt.edu.ee https://*.cloudflareinsights.com https://cdnjs.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://tim.buerokratt.edu.ee https://buerokratt.edu.ee https://ruuter.buerokratt.edu.ee https://buerokratt.edu.ee/ https://buerokratt.hm.ee https://tim.buerokratt.hm.ee https://buerokratt.edu.ee/widget_bundle.js buerokratt.hm.ee https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com https://buerokratt.hm.ee/widget_bundle.js; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://tim.buerokratt.edu.ee https://buerokratt.edu.ee https://ruuter.buerokratt.edu.ee https://buerokratt.edu.ee/ https://buerokratt.hm.ee https://tim.buerokratt.hm.ee https://buerokratt.edu.ee/widget_bundle.js buerokratt.hm.ee https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://tim.buerokratt.edu.ee https://buerokratt.edu.ee https://ruuter.buerokratt.edu.ee https://buerokratt.edu.ee/ https://buerokratt.hm.ee https://tim.buerokratt.hm.ee https://buerokratt.edu.ee/widget_bundle.js buerokratt.hm.ee https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors 'self' https://ruuter.buerokratt.edu.ee https://buerokratt.hm.ee https://tim.buerokratt.hm.ee https://buerokratt.edu.ee/widget_bundle.js buerokratt.hm.ee; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src data: *; frame-ancestors https://www.happymeeple.com 'self'; report-uri /report-csp-violation 1
base-uri 'self'; block-all-mixed-content; child-src 'self' https://*.youtube.com https://*.vimeo.com; connect-src 'self' https://*.plyr.io https://noembed.com https://*.zahnaerzte-wl.de; font-src 'self' https://use.fontawesome.com; default-src 'self'; form-action 'self'; frame-ancestors 'self' https://*.youtube.com https://*.vimeo.com; frame-src *; img-src 'self' data: https://*.ytimg.com; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.fontawesome.com https://*.youtube.com https://*.vimeo.com https://*.zahnaerzte-wl.de; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.fontawesome.com https://*.youtube.com https://*.vimeo.com 1
base-uri 'self'; default-src 'self' blob: 'unsafe-inline' 'strict-dynamic' https://www.google.com https://*.mux.com https://www.youtube.com https://vimeo.com http://www.gstatic.com https://static.cdn.prismic.io https://*.litix.io 'nonce-1e7a6028e28a6ff3a11d7e6072e093b6' https://cdn.shopify.com https://shopify.com; frame-ancestors 'none'; style-src 'self' https://cdn.shopify.com https://images.prismic.io http://localhost:3100 'self' 'unsafe-inline' https://cdn.shopify.com; connect-src 'self' https://*.litix.io https://*.mux.com https://*.litix.io https://*.mux.com http://localhost:3100 'self' https://monorail-edge.shopifysvc.com; script-src 'self' https://static.cdn.prismic.io https://www.google.com https://www.youtube.com https://www.gstatic.com https://cdn.shopify.com https://prismic.io https://*.prismic.io http://localhost:3100 'nonce-1e7a6028e28a6ff3a11d7e6072e093b6'; img-src 'self' http://localhost:3100 https://cdn.shopify.com https://*.prismic.io https://*.mux.com https://*.litix.io data:; frame-src https://www.youtube.com https://www.google.com https://mollusk.prismic.io http://localhost:3100; media-src 'self' https://*.prismic.io https://*.mux.com https://cdn.shopify.com http://localhost:3100 blob:; font-src 'self' https://cdn.shopify.com http://localhost:3100 1
default-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https: blob: data: ; 1
default-src https: blob: wss: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' data: 'unsafe-inline' https://piwik.westfaelische-hochschule.org https://jobs.b-ite.com https://www.youtube-nocookie.com https://cdn.eye-able.com; font-src 'self' data:; img-src https: data: https://piwik.westfaelische-hochschule.org; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://piwik.westfaelische-hochschule.org https://static.b-ite.com https://cs-assets.b-ite.com https://jobs.b-ite.com https://cdn.eye-able.com; form-action 'self'; frame-ancestors 'self'; base-uri 'self' 1
default-src https: 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:;  frame-ancestors 'self' https://*.insurancecouncilofbc.com 1
default-src 'unsafe-eval' 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' unpkg.com cdnjs.cloudflare.com tag.aticdn.net actorssl-5637.kxcdn.com cdn.dial-once.com googleads.g.doubleclick.net use.fontawesome.com *.google-analytics.com *.googletagmanager.com *.google.fr *.google.com *.gstatic.com; style-src 'unsafe-inline' 'self' use.fontawesome.com *.googleapis.com *.typekit.net; object-src 'none'; base-uri 'self'; connect-src 'self' *.dial-once.com *.google-analytics.com *.googlesyndication.com directline.botframework.com wss:; font-src 'self' data: use.fontawesome.com *.gstatic.com *.typekit.net; frame-src 'self' *.universign.com *.roederer.fr *.simax-sante.fr *.simax-gestion.fr *.youtube.com *.youtube-nocookie.com *.google.com *.google.fr *.dial-once.com *.doubleclick.net *.acast.com blob:; img-src 'self' data: *.googletagmanager.com *.xiti.com *.google.com *.google.fr *.google-analytics.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src 'none'; script-src 'self'; img-src data: 'self'; style-src 'self' 'unsafe-inline'; font-src data: 'self'; object-src data:; base-uri 'none'; form-action 'none'; worker-src 'self'; connect-src 'self'; manifest-src 'self' 1
default-src 'self' https://racecenter.letour.fr https://emeaclientportal.datacenter.hello.global.ntt https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://s1329636.t.eloqua.com https://www.google.com.br https://www.google.com.hk https://www.google.com.sg https://www.google.co.in https://www.google.co.nz https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.com.pa https://www.google.nl https://www.google.co.jp https://*.fls.doubleclick.net  https://prodau-cdn.azureedge.net https://prodeu-cdn.azureedge.net https://www.google.com https://resources.digital-cloud.medallia.eu https://*.licdn.com https://s7.addthis.com https://vars.hotjar.com/ https://connect.facebook.net/ https://www.facebook.com/ *.crazyegg.com https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com/vi_webp/PfZzvGGRaOM/mqdefault.webp; img-src 'self' blob: data: https://*.emtana.com:* https://emeaclientportal.datacenter.hello.global.ntt/servlet/servlet.ImageServer?id=0151i000000vC0y&oid=00D58000000H2jR https://portal.webolytics.com/ https://admin.bound360.com/images/logos/bound-logo-full.png https://cdn.bizible.com https://cdn.bizibly.com https://px4.ads.linkedin.com https://ad.doubleclick.net https://www.google.be https://pbs.twimg.com https://*.analytics.google.com https://*.google.com https://*.brightfunnel.com https://q.quora.com https://alb.reddit.com https://www.marketing-town.com https://assets.getsmartcontent.com https://www.google.co.in https://www.google.com.hk https://www.google.com.sg https://www.google.co.nz https://www.google.co.jp https://www.google.com.br https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.nl https://di3c8wks3odob.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com https://www.google.de https://www.google.it https://pixel.tapad.com https://decibel-49-adswizz.attribution.adswizz.com https://www.google.co.uk https://attribution.decibelads.com https://reverseads.matomo.cloud https://tracking.connect.services.global.ntt https://fonts.gstatic.com https://cdn.cookielaw.org https://analytics.twitter.com https://analytics.google.com https://*.terminus.services https://match.adsrvr.org https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://resources.digital-cloud.medallia.eu https://j.mrpdata.net https://857338121.privacysandbox.googleadservices.com https://720787047.privacysandbox.googleadservices.com https://apt.techtarget.com https://620993155.privacysandbox.googleadservices.com https://p.adsymptotic.com/ *.crazyegg.com https://tracking.hello.global.ntt/ https://www.google.co.za https://*.kampyle.com https://vars.hotjar.com https://pubads.g.doubleclick.net https://script.hotjar.com http://script.hotjar.com www.googletagmanager.com https://www.google.com https://www.google.com.pa https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://prodeu-cdn.azureedge.net https://prodau-cdn.azureedge.net https://t.co/ https://px.ads.linkedin.com/ https://connect.facebook.net/ https://www.facebook.com/ https://www.linkedin.com/ https://s2190102.t.eloqua.com/ https://storage.googleapis.com/ https://*.akstat.io; style-src 'unsafe-inline' 'unsafe-eval' 'self' *.crazyegg.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/tiny-slider.css https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com; font-src 'self' https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://fonts.gstatic.com data: http://script.hotjar.com https://script.hotjar.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors https://cm.euprod.services.global.ntt https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://vars.hotjar.com https://bid.g.doubleclick.net https://*.crazyegg.com; script-src 'nonce-ODk3OTk3ODhub25jZS1yYW5kb20='  'unsafe-inline' 'unsafe-eval' 'self' blob: https://*.emtana.com:* https://emeaclientportal.datacenter.hello.global.ntt https://*.adobe.io https://*.go-mpulse.net https://portal.webolytics.com https://cdn.bizible.com https://secure.intelligentdata52.com https://a.quora.com https://unpkg.com/web-vitals@3.0.0/dist/web-vitals.attribution.iife.js https://*.brightfunnel.com https://*.analytics.google.com https://*.google.com https://www.redditstatic.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.js https://maps.googleapis.com https://www.google.co.in https://www.google.co.nz https://www.google.com.pa https://www.google.de https://www.google.it https://cdn.matomo.cloud https://s.getsmartcontent.com https://cdn.getsmartcontent.com https://attribution.decibelads.com https://tracking.connect.services.global.ntt https://snippet.ramblechat.com https://munchkin.brightfunnel.com https://*.terminus.services https://analytics.google.com https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://www.gstatic.com https://trk.techtarget.com https://visitor.reactful.com https://*.crazyegg.com https://script.crazyegg.com https://connect.facebook.net/ https://cdn.cookielaw.org/ https://secure.east2pony.com/ https://protect-eu.mimecast.com/ https://www.google.co.za/ https://*.addthisedge.com https://z.moatads.com https://*.addthis.com https://script.hotjar.com http://script.hotjar.com http://static.hotjar.com https://static.hotjar.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://analytics.twitter.com https://static.ads-twitter.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com https://img03.en25.com https://script.crazyegg.com https://www.youtube.com www.googleadservices.com https://pubads.g.doubleclick.net https://snap.licdn.com https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/min/tiny-slider.js https://geolocation.onetrust.com https://vidassets.terminus.services  https://acrobatservices.adobe.com; connect-src 'self' https://*.t.eloqua.com https://*.adobe.io https://*.go-mpulse.net https://portal.webolytics.com https://px.ads.linkedin.com https://*.brightfunnel.com https://*.analytics.google.com https://*.google.com https://ibc-flow.techtarget.com https://cdn.linkedin.oribi.io https://udc-neb.kampyle.com https://www.google.com.pa https://s.getsmartcontent.com https://chat-messaging.terminus.services https://www.gstatic.com https://maps.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/mapConfigs https://reverseads.matomo.cloud wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com https://chat-visitor-info.terminus.services https://iotas.terminus.services https://chat-team-management.terminus.services https://di3c8wks3odob.cloudfront.net https://realtime.ramblechat.com https://idx.liadm.com/ https://geolocation.onetrust.com/ https://api.brightfunnel.com https://analytics.google.com https://*.leady.com/ https://tracking.reactful.com https://resources.digital-cloud.medallia.eu https://visitor.reactful.com *.crazyegg.com https://www.facebook.com/ https://connect.facebook.net/ https://cdn.cookielaw.org/ https://stats.g.doubleclick.net/ https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://script.crazyegg.com/* https://api-public.addthis.com https://*.addthis.com https://privacyportal-de.onetrust.com/ https://*.akstat.io https://*.akamaihd.net https://acrobatservices.adobe.com; object-src blob: ; frame-src https://racecenter.letour.fr https://block.opendns.com https://td.doubleclick.net https://ssp2.gin.ntt.net https://www.google.com.pa https://10155546.fls.doubleclick.net https://resources.digital-cloud.medallia.eu https://extraordinary-platypus-f5e0bb.netlify.app https://nttbdttour.netlify.app/ https://cm.euprod.services.global.ntt https://www.youtube.com https://www.google.com https://youtu.be https://acrobatservices.adobe.com 1
default-src 'self' *.typekit.net *.doubleclick.net *.google.com.tr *.google.com google.com *.googletagmanager.com blob: data: tacirlerprotfoy.com.tr fxtcr.com 'unsafe-inline' 'unsafe-eval' *.tacirlermenkul.com.tr tacirlermenkul.com.tr tacirlermenkul.com.tr:8080 1
default-src 'self'; connect-src 'self' *.obos.no *.snapchat.com *.apicdn.sanity.io *.api.sanity.io *.doubleclick.net *.hotjar.com *.hotjar.io *.google-analytics.com *.youtube.com *.google.com cdn.sanity.io cdn.cookielaw.org wss://*.hotjar.com https://*.googlesyndication.com https://*.clarity.ms https://*.sentry.io https://*.google.no https://*.bing.com https://youtube.com https://*.adnxs.com https://cdn.linkedin.oribi.io https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-eu.onetrust.com https://surveystats.hotjar.io https://cookies-data.onetrust.io/bannersdk https://www.facebook.com/tr dc.services.visualstudio.com obos.se *.obos.se *.linkedin.com https://ct.pinterest.com *.triggerbee.com; frame-src 'self' www.youtube.com https://vars.hotjar.com https://*.snapchat.com *.doubleclick.net https://ct.pinterest.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; frame-ancestors 'self' https://*.obos.no ; font-src 'self' script.hotjar.com https://fonts.gstatic.com *.obos.no https://*.triggerbee.com; img-src 'self' 'unsafe-inline' data: blob: *.obos.no *.doubleclick.net *.google-analytics.com *.hotjar.com *.youtube.com *.google.com cdn.sanity.io cdn.cookielaw.org res.cloudinary.com www.googletagmanager.com https://*.clarity.ms https://*.siteimproveanalytics.io https://*.adnxs.com https://*.mookie1.com https://*.facebook.com https://*.linkedin.com https://*.snapchat.com https://*.episerver.net https://*.bing.com https://www.google.no https://optanon.blob.core.windows.net *.obos.se https://*.casalemedia.com https://*.t.eloqua.com https://*.bing.com https://ct.pinterest.com https://ads.stickyadstv.com https://rtb-csync.smartadserver.com https://synchroscript.deliveryengine.adswizz.com https://pr-bh.ybp.yahoo.com https://ad.sxp.smartclip.net https://cm.adform.net https://simage2.pubmatic.com https://pixel.rubiconproject.com https://ad.360yield.com https://sync.search.spotxchange.com https://match.adsby.bidtheatre.com https://match.adsrvr.org https://match.prod.bidr.io https://*.triggerbee.com https://*.facebook.net https://*.facebook.com; media-src 'self' blob: res.cloudinary.com *.gobistories.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.obos.no *.doubleclick.net *.youtube.com *.googletagmanager.com *.gstatic.com static.hotjar.com *.analytics.google.com https://*.google-analytics.com https://*.clarity.ms https://*.episerver.net https://*.adnxs.com https://*.snapchat.com https://*.googlesyndication.com https://www.googleadservices.com https://adservice.google.com https://cdn.cookielaw.org https://script.hotjar.com https://cdn.mookie1.com https://connect.facebook.net https://siteimproveanalytics.com https://snap.licdn.com https://sc-static.net https://bat.bing.com obos.se *.obos.se t.myvisitors.se adsby.bidtheatre.com https://s.pinimg.com https://img06.en25.com https://assets.strossle.com https://*.t.eloqua.com https://pixels.lemonpi.io https://*.facebook.net https://*.facebook.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; worker-src 'self' blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: googleapis.com *.googleapis.com gstatic.com *.gstatic.com gravatar.com *.gravatar.com bing.com *.bing.com jsdelivr.net *.jsdelivr.net facebook.net *.facebook.net facebook.com *.facebook.com fastbase.com doubleclick.net *.doubleclick.net clarity.ms *.clarity.ms dlshield.com *.dlshield.com google-analytics.com *.google-analytics.com google.com *.google.com googleadservices.com *.googleadservices.com googletagmanager.com *.googletagmanager.com webminds.com *.webminds.com; 1
frame-ancestors 'self'; base-uri 'self'; form-action 'self' https://syndication.twitter.com/ https://platform.twitter.com/ https://connect.facebook.net/; object-src 'none'; default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri https://6fd0808b3c82be7fae4b5dba95198421.report-uri.com/r/d/csp/enforce 1
object-src 'none'; script-src 'self' 'strict-dynamic' https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/hotjar-2877749.js https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://ws.zoominfo.com/pixel/615b474d39247c001cc2f2f2 https://www.googletagmanager.com/gtag/js https://code.jquery.com/ https://clients3.weblink.com.au/ https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/cxbus.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/widgets-core.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/webchat.min.js https://d2uinmo2bcbdsn.cloudfront.net/ https://snap.licdn.com/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js http://cdn.jsdelivr.net/npm/jquery-validation@1.17.0/dist/jquery.validate.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/ScrollTrigger.min.js https://cdnjs.cloudflare.com/ajax/libs/jarallax/2.1.3/jarallax.min.js https://pym.nprapps.org/pym.v1.min.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d3js.org https://platform.twitter.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com/gtm.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/hotjar-2877749.js https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://ws.zoominfo.com/pixel/615b474d39247c001cc2f2f2 https://www.googletagmanager.com/gtag/js https://script.hotjar.com/modules.5dca1694a4338dade13b.js https://connect.facebook.net/signals/config/1761455807365259 https://connect.facebook.net/signals/config/685668156287079 https://pi.pardot.com/pd.js https://pi.pardot.com/analytics https://marketing.aes.com/analytics https://cdn.cookielaw.org/scripttemplates/202211.1.0/otBannerSdk.js https://js-agent.newrelic.com/async-api.6bb277af-1225.min.js https://js-agent.newrelic.com/lazy-loader.48127245-1225.min.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://cdn.cookielaw.org/consent/27cd7b43-53f3-46bb-9267-e0af03db8d70/OtAutoBlock.js https://siteintercept.qualtrics.com https://googleads.g.doubleclick.net https://zn9sohtzqeoni8wpq-aescorp.siteintercept.qualtrics.com https://cdn.cookielaw.org/scripttemplates/202209.1.0/otBannerSdk.js https://zncwhklt9qhc4tztc-aescorp.siteintercept.qualtrics.com https://www.google.co.in/pagead https://www.gstatic.com/recaptcha/releases https://script.hotjar.com https://js-agent.newrelic.com https://bam.nr-data.net https://connect.facebook.net https://apps.mypurecloud.com https://dhqbrvplips7x.cloudfront.net https://www.googleadservices.com/ https://www.gstatic.com/ https://cdn.cookielaw.org/ https://eb2.3lift.com/ https://www.google.co.in/ https://pippio.com/ https://widgets.hive.genesys.com/ https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/cxbus.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/widgets-core.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/webchat.min.js https://d2uinmo2bcbdsn.cloudfront.net/ https://snap.licdn.com/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js http://cdn.jsdelivr.net/npm/jquery-validation@1.17.0/dist/jquery.validate.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/ScrollTrigger.min.js https://cdnjs.cloudflare.com/ajax/libs/jarallax/2.1.3/jarallax.min.js https://pym.nprapps.org/pym.v1.min.js http://cdn.jsdelivr.net http://d3js.org/d3.v4.min.js http://cdnjs.cloudflare.com http://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.7.0/Chart.min.js http://cdnjs.cloudflare.com/ajax/libs/chartjs-plugin-doughnutlabel/2.0.3/chartjs-plugin-doughnutlabel.js https://static.hotjar.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d3js.org https://platform.twitter.com https://unpkg.com https://www.google.com; frame-ancestors 'self'; report-uri https://www1.aesargentina.com.ar/es/report-uri/enforce 1
default-src ‘self’; object-src ‘none'; form-action 'none’; report-to csp-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com cdn.jsdelivr.net maps.googleapis.com cdn.datatables.net cdnjs.cloudflare.com *.googlesyndication.com *.googleadservices.com *.gstatic.com *.google.com *.licdn.com *.metricool.com *.facebook.net *.doubleclick.net *.googletagmanager.com unpkg.com *.cloudfront.net; font-src 'self' *.gstatic.com data: application/*; style-src 'self' cdn.datatables.net cdnjs.cloudflare.com 'unsafe-inline' *.jsdelivr.net *.googleapis.com; connect-src 'self' https://stats.g.doubleclick.net https://px.ads.linkedin.com *.atlas.com.co https://chat.atlas.com.co:5000 gyruss.rdops.systems www.google.com.co maps.googleapis.com cdn.linkedin.oribi.io *.google.com *.google-analytics.com *.rdstation.com.br; img-src 'self' https://s.w.org www.googletagmanager.com www.google-analytics.com maps.gstatic.com *.google.com *.doubleclick.net *.google.com.co *.cloudfront.net *.linkedin.com tracker.metricool.com *.facebook.com *.atlas.com.co data: image/*; frame-src 'self' https://www.facebook.com https://td.doubleclick.net https://clarity.microsoft.com https://maps.gstatic.com *.youtube.com https://www.google.com; media-src 'self' 'unsafe-inline' *.atlas.com.co; frame-ancestors 'self' 1
default-src 'self' *.sumsmanagement.com *.cloudfront.net eu.snapengage.com drive.google.com api.reciteme.com *.sums.su *.b-cdn.net yusu.org yorksu.org 2d53b4ae7710437ef402-16882fd0dd682351953626dbea9fe405.ssl.cf3.rackcdn.com wss://*.hotjar.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' data: ajax.googleapis.com *.cloudflare.com *.jsdelivr.net cdn.quilljs.com *.google.com *.googletagmanager.com c.ststat.net lincolnsu.com *.lincolnsu.com rawgithub.com *.rawgithub.com *.rawgit.com rawgit.com *.hotjar.com *.facebook.com *.facebook.net ussu-web.s3.eu-west-2.amazonaws.com bgsumsassets.s3.eu-west-2.amazonaws.com *.googleapis.com *.sumsmanagement.com *.sums.su *.rackcdn.com pi-live.sagepay.com *.google-analytics.com emailmeform.com *.emailmeform.com *.gstatic.com *.tawk.to *.bootstrapcdn.com web-cdn.fixr.co use.fontawesome.com unpkg.com diffuser-cdn.app-us1.com *.reciteme.com cdn.curator.io *.twitter.com *.fontawesome.com mentimeter.com *.lightwidget.com *.datatables.net api.mapbox.com openstreetmap.org *.thunderforest.com box.com boxcdn.net justgiving.com *.justgiving.com rss2json.com hullstudent.co.uk *.atlassian.com *.addthis.com vuejs.org *.moatads.com *.popupsmart.com *.addthisedge.com code.jquery.com *.live.com prism.app-us1.com eu.snapengage.com js-agent.newrelic.com trackcmp.net bam.nr-data.net uksu.activehosted.com *.placeholder.com *.surveymonkey.com d3rxaij56vjege.cloudfront.net cdn.ckeditor.com *.designmynight.com *.typeform.com actionnetwork.org *.browsealoud.com ysjsu.com *.juicer.io reclaimhub.com *.appzi.io manchesterstudenthomes.com embedsocial.com *.clarity.ms woxo.tech snapwidget.com s3.amazonaws.com *.civiccomputing.com *.freshworks.com *.us1.list-manage.com plausible.io calendar.zoho.eu opinionstage.com *.browsealoud.com *.googleadservices.com *.fatsoma.com *.mapbox.com documentservices.adobe.com gen.sendtric.com public.flourish.studio *.eusa.ed.ac.uk *.youtube.com freddyfeedback.com *.termsfeed.com ucarecdn.com uploadcare.com *.uploadcare.com native.fm *.native.fm *.moneyadviceservice.org.uk *.moneyhelper.org.uk facebook.com *.facebook.com *.dotdigital-pages.com lottie.host *.lottie.host *.instagram.com eocampaign1.com *.botframework.com *.yorksu.org *.openwidget.com acrobatservices.adobe.com *.cookiebot.com *.imperialcollegeunion.org;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.jsdelivr.net cdn.quilljs.com *.cloudflare.com lincolnsu.com *.lincolnsu.com ussu-web.s3.eu-west-2.amazonaws.com bgsumsassets.s3.eu-west-2.amazonaws.com *.sumsmanagement.com *.sums.su *.rackcdn.com *.cloudfront.net *.bootstrapcdn.com *.google.com hello.myfonts.net *.fontawesome.com *.typekit.net *.popupsmart.com *.tawk.to *.gstatic.com unpkg.com *.reciteme.com cdn.ckeditor.com *.designmynight.com actionnetwork.org ysjsu.com *.curator.io *.juicer.io *.jquery.com danny-husu.github.io embedsocial.com cdn-images.mailchimp.com *.typeform.com *.freshworks.com *.mapbox.com *.fatsoma.com su.imgix.net native.fm *.native.fm *.rawgithub.com facebook.com *.facebook.com *.yorksu.org *.imperialcollegeunion.org *.fontshare.com;img-src 'self' data: *.facebook.com nusdigital.s3-eu-west-1.amazonaws.com ussu-web.s3.eu-west-2.amazonaws.com bgsumsassets.s3.eu-west-2.amazonaws.com nusdigital.s3.amazonaws.com su.imgix.net lincolnsu.com *.lincolnsu.com *.sumsmanagement.com *.sums.su *.rackcdn.com *.cloudflare.com *.cloudfront.net *.google-analytics.com *.google.com *.googleapis.com *.googleusercontent.com *.google.co.uk *.justgiving.com *.googletagmanager.com *.tawk.to *.tile.thunderforest.com maps.gstatic.com *.ytimg.com *.reciteme.com cdn.ckeditor.com *.glassdoor.co.uk *.designmynight.com *.gstatic.com actionnetwork.org ysjsu.com *.netlify.app *.b-cdn.net *.curator.io *.browsealoud.com *.texthelp.com *.ibb.co *.lincolnsu.com *.airtable.com minisite.ticketline.co.uk *.juicer.io *.cdninstagram.com *.appzi.io *.clarity.ms *.freshworks.com fixr-cdn.fixr.co *.mapbox.com dummyimage.com *.sendtric.com *.airtableusercontent.com public.flourish.studio *.youtube.com *.fatsoma.com native.fm *.native.fm *.hotjar.com *.moneyhelper.org.uk facebook.com *.facebook.com *.unsplash.com *.yorksu.org *.cookiebot.com *.imperialcollegeunion.org;font-src 'self' data: lincolnsu.com *.lincolnsu.com font.googleapis.com *.sumsmanagement.com *.sums.su *.rackcdn.com *.gstatic.com *.jsdelivr.net *.cloudfront.net *.bootstrapcdn.com *.fontawesome.com *.hotjar.com *.cloudflare.com fonts.googleapis.com *.tawk.to ussu-web.s3.eu-west-2.amazonaws.com *.reciteme.com ysjsu.com *.netlify.app *.juicer.io dev-ysjsu.netlify.app *.appzi.io *.freshworks.com use.typekit.net su.imgix.net native.fm *.native.fm facebook.com *.facebook.com *.yorksu.org *.imperialcollegeunion.org *.fontshare.com;connect-src 'self' 'unsafe-inline' lincolnsu.com *.lincolnsu.com *.airtable.com *.hotjar.com *.google-analytics.com *.facebook.com *.sums.su *.hotjar.io wss://*.tawk.to *.tawk.to *.atlassian.com *.doubleclick.net *.fontawesome.com *.googleapis.com bam.nr-data.net *.addthis.com *.rss2json.com *.reciteme.com submit-form.com *.designmynight.com *.typeform.com *.botpoison.com *.browsealoud.com eu.snapengage.com ysjsu.com *.curator.io *.speechstream.net *.texthelp.com wss://*.hotjar.com *.sums.dev *.juicer.io *.appzi.io *.clarity.ms *.civiccomputing.com *.freshworks.com *.freshdesk.com plausible.io *.withgoogle.com *.eusa.ed.ac.uk freddyfeedback.com native.fm *.native.fm uploadcare.com *.uploadcare.com *.google.com facebook.com *.facebook.com *.powerplatform.com wss://*.botframework.com *.botframework.com viewlicense.adobe.io consentcdn.cookie.com api.fixr.co;frame-src 'self' data: lincolnsu.com *.lincolnsu.com *.hotjar.com *.google.com *.youtube.com *.openstreetmap.org *.rackcdn.com *.addthis.com *.box.com *.kaltura.com *.lightwidget.com *.opinionstage.com prezi.com *.youtube-nocookie.com *.surveymonkey.com *.emailmeform.com *.reciteme.com *.live.com *.office.com *.nottingham.ac.uk *.facebook.com snapwidget.com *.typeform.com ussu-web.s3.eu-west-2.amazonaws.com *.sumsmanagement.com www.mentimeter.com *.vimeo.com ysjsu.com *.jotform.com *.jotformeu.com *.googleapis.com *.sums.su *.issuu.com *.airtable.com *.york.ac.uk *.ystv.co.uk *.ury.org.uk *.twitter.com login.microsoftonline.com login.windows.net manchesterstudenthomes.com *.sharepoint.com reclaimhub.com open.spotify.com w.soundcloud.com embedsocial.com *.sheffield.us1.list-manage.com *.instagram.com *.freshworks.com fixr.co calendar.zoho.eu *.google.co.uk *.yumpu.com *.fatsoma.com kuintranet.co.uk *.kuintranet.co.uk wix.com *.wix.com wixapps.net *.wixapps.net public.flourish.studio flo.uri.sh v5.airtableusercontent.com forms.microsoft.com *.eusa.ed.ac.uk *.sums.digital *.canva.com freddyfeedback.com hullstudent.co.uk native.fm *.native.fm *.moneyadviceservice.org.uk lincolnsu.com *.lincolnsu.com facebook.com *.facebook.com *.cloud.microsoft *.dotdigital-pages.com lottie.host *.lottie.host *.cloudflare.com *.manchester.ac.uk copilotstudio.microsoft.com *.powerbi.com *.openwidget.com acrobatservices.adobe.com *.cookiebot.com *.northampton.ac.uk *.imperialcollegeunion.org uonsuperks.uni-street.com;child-src 'self' ;media-src 'self' blob: assets-cdn.sums.su *.sumsmanagement.com api.reciteme.com livemanchesterac.sharepoint.com *.tawk.to native.fm *.native.fm;worker-src 'self' thevenuekent.co.uk; 1
frame-ancestors ilford.com; 1
worker-src 'none';frame-src https://www.youtube.com https://player.vimeo.com https://vimeo.com;frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-1NsuD0iBSy99v9B3gbJS1A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp 1
default-src * 'self' 'unsafe-eval' 'unsafe-inline' https://*.unsplash.com https://a.omappapi.com/ https://d.adroll.com/ https://td.doubleclick.net/ https://trk.softwaresuggest.com/ https://softwaresuggest-cdn.s3.ap-southeast-1.amazonaws.com https://s.adroll.com https://www.google.com/analytics/ https://*.omappapi.com https://widget.manychat.com/ https://www.google.com https://www.google.com/recaptcha/api.js https://my.yoast.com https://a.omappapi.com https://clients.allincall.in https://www.youtube.com https://yoastcdn.com https://yoast.com https://beacon-v2.helpscout.net d3hb14vkzrxvla.cloudfront.net https:;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d.adroll.com/ https://td.doubleclick.net/ https://trk.softwaresuggest.com/ https://softwaresuggest-cdn.s3.ap-southeast-1.amazonaws.com https://www.googletagmanager.com/gtag/js?id=G-VGJ56BFYBZ&l=dataLayer&cx=c https://omappapi.com https://www.google-analytics.com https://www.googleanalytics.com https://connect.facebook.net https://snap.licdn.com https://lfeeder.com https://sc.lfeeder.com https://www.clarity.ms https://s.adroll.com https://analytics.google.com https://my.yoast.com https://a.omappapi.com https://clients.allincall.in https://www.youtube.com https://cdn.ckeditor.com https://ckeditor.com https://yoast.com https://use.typekit.net https://yoastcdn.com https://optinmonster.com https://beacon-v2.helpscout.net d3hb14vkzrxvla.cloudfront.net https://w.recruiterbox.com https://www.google.com/analytics/ blob:;script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.unsplash.com https://a.omappapi.com/ https://td.doubleclick.net/ https://trk.softwaresuggest.com/ https://assets.flostack.io/js/flo.js https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/owl.carousel.min.js https://code.jquery.com/jquery-3.6.0.min.js https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/js/all.min.js https://omappapi.com https://www.googletagmanager.com https://my.yoast.com https://go.exotel.com https://adroll.com https://www.clarity.ms https://lfeeder.com https://sc.lfeeder.com https://snap.licdn.com https://connect.facebook.net https://www.googleanalytics.com https://www.google-analytics.com https://a.omappapi.com https://clients.allincall.in https://www.youtube.com https://cdn.ckeditor.com https://ckeditor.com https://yoast.com https://yoastcdn.com https://optinmonster.com https://beacon-v2.helpscout.net d3hb14vkzrxvla.cloudfront.net https://w.recruiterbox.com https://stg-exotel-staging.kinsta.cloud https://softwaresuggest-cdn.s3.ap-southeast-1.amazonaws.com https://softwaresuggest-cdn.s3.ap-southeast-1.amazonaws.com/static-frontend/cm-js/cm.tracking.v.0.5.js https://cdn.clickmagick.com/misc/js/cmtools.js https://s.adroll.com https://www.google.com/analytics/connect-src 'self' https://*.unsplash.com https://*.omappapi.com https://a.omappapi.com/ https://d.adroll.com/ https://td.doubleclick.net/ https://trk.softwaresuggest.com/ https://softwaresuggest-cdn.s3.ap-southeast-1.amazonaws.com https://s.adroll.com https://www.google.com/analytics/ https://api.flostack.io https://www.googleanalytics.com/analytics.js https://www.googletagmanager.com/gtag/js?id=G-VGJ56BFYBZ&l=dataLayer&cx=c https://pi.pardot.com https://omappapi.com https://pardot.com https://www.google-analytics.com https://www.googleanalytics.com https://connect.facebook.net https://snap.licdn.com https://sc.lfeeder.com https://www.clarity.ms https://adroll.com https://analytics.google.com https://www.googletagmanager.com https://go.exotel.com https://my.yoast.com https://ps.w.org https://pro.ip-api.com https://a.omappapi.com https://clients.allincall.in https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.omappapi.com https://api.ipgeolocation.io https://cdn.ckeditor.com https://ckeditor.com https://yoast.com https://use.typekit.net https://yoastcdn.com https://optinmonster.com https://beacon-v2.helpscout.net d3hb14vkzrxvla.cloudfront.net https://w.recruiterbox.com;img-src 'self' 'unsafe-inline' https://*.omappapi.com https://*.unsplash.com https://x.adroll.com/ https://www.google.com/ads/ https://www.google-analytics.com/ https://env-exotel-oldexotel.kinsta.cloud/ https://px.ads.linkedin.com/ https://a.omappapi.com/ https://www.facebook.com/ https://ipv4.d.adroll.com/ https://img.youtube.com/vi/eHWQpISlJoM/maxresdefault.jpg https://stg-exotel-staging.kinsta.cloud https://img.youtube.com/vi/xxlrgNmGAs4/maxresdefault.jpg https://img.youtube.com/vi/sGfVfKl3ZbA/maxresdefault.jpg https://my.yoast.com https://s.w.org https://ps.w.org https://www.google.co.in https://clients.allincall.in https://secure.gravatar.com https://www.youtube.com https://cdn.ckeditor.com https://yoastcdn.com https://yoast.com https://optinmonster.com https://beacon-v2.helpscout.net d3hb14vkzrxvla.cloudfront.net https://w.recruiterbox.com data:; style-src 'self' 'unsafe-inline' https://my.yoast.com https://clients.allincall.in https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://api.omappapi.com https://a.omappapi.com https://cdn.ckeditor.com https://ckeditor.com https://yoast.com https://yoastcdn.com https://optinmonster.com https://beacon-v2.helpscout.net d3hb14vkzrxvla.cloudfront.net https://w.recruiterbox.com; style-src-elem 'self' 'unsafe-inline' https://my.yoast.com https://clients.allincall.in https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://api.omappapi.com https://a.omappapi.com https://cdn.ckeditor.com https://ckeditor.com https://yoast.com https://yoastcdn.com https://optinmonster.com https://beacon-v2.helpscout.net d3hb14vkzrxvla.cloudfront.net https://w.recruiterbox.com; base-uri 'self'; style-src-attr 'self' 'unsafe-inline' https://w.recruiterbox.com; font-src 'self' data: https://my.yoast.com https://apis.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://yoast.com https://yoastcdn.com https://optinmonster.com https://beacon-v2.helpscout.net https://use.typekit.net; worker-src 'self' blob: https://my.yoast.com https://yoast.com; form-action 'self' https://app.recruiterbox.com; frame-src 'self' https://x.adroll.com/ https://td.doubleclick.net/ https://trk.softwaresuggest.com/ https://web.flostack.io https://go.exotel.com https://go.exotel.com https://my.yoast.com https://www.youtube.com https://app.recruiterbox.com clients.allincall.in; object-src 'self'; child-src none; 1
script-src 'report-sample' 'nonce-ZabBZ96UefNENtzSmv_lFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist,require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport 1
upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * 1
default-src 'self' cloudfront.globalmcs.net *.stripe.com *.elegantthemes.com ai.elegantthemes.com cloud.elegantthemes.com fonts.bunny.net fonts.gstatic.com data:; frame-src 'self' data: www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cloudfront.globalmcs.net *.stripe.com www.google.com maps.googleapis.com developers.google.com www.gstatic.com cdnjs.cloudflare.com; img-src https: data:; style-src 'self' 'unsafe-inline' cloudfront.globalmcs.net fonts.bunny.net fonts.googleapis.com; 1
default-src 'self' blob: data:; script-src 'self' https://vimeo.com https://www.googleadservices.com https://googleads.g.doubleclick.net up.pixel.ad *.googleapis.com *.google-analytics.com http://static.cdn.prismic.io https://boards-api.greenhouse.io https://boards.greenhouse.io https://px.ads.linkedin.com https://wroom.io https://prismic.io https://snap.licdn.com https://www.googletagmanager.com https://connect.facebook.net https://html2canvas.hertzen.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com blob: ; font-src 'self' data:; img-src 'self' i.vimeocdn.com googleads.g.doubleclick.net pixel.sitescout.com *.prismic.io *.gstatic.com *.googleapis.com *.google.com *.googleusercontent.com *.facebook.com www.diversityjobs.com *.google-analytics.com https://stats.g.doubleclick.net data: blob:; connect-src 'self' https://vimeo.com ws: player.vimeo.com *.akamaized.net *.googleapis.com stats.g.doubleclick.net pixel.sitescout.com https://cityblock.cdn.prismic.io https://cityblock.prismic.io https://images.prismic.io https://boards-api.greenhouse.io https://www.google-analytics.com https://vod-adaptive-ak.vimeocdn.com; frame-ancestors 'self'; frame-src www.cdc.gov https://td.doubleclick.net https://bid.g.doubleclick.net pixel.sitescout.com cityblockhealth.qualtrics.com https://boards.greenhouse.io https://player.vimeo.com https://cityblock.prismic.io https://accounts.google.com/ https://secureform.luxsci.com/; media-src 'self' blob: player.vimeo.com *.akamaized.net https://vod-adaptive-ak.vimeocdn.com; 1
frame-ancestors *.ivy.com  sym.com.mx *.sym.com.mx sym.com.mx:* *.sym.com.mx:* builder.io *.builder.io 1
default-src 'self' 'unsafe-inline' https://localhost:44379 https://stage-valgdir-api.cloudlab.no https://lpapi.valg.no https://stats.g.doubleclick.net https://dl.episerver.net https://fonts.googleapis.com https://www.youtube.com https://player.vimeo.com https://www.google-analytics.com; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://www.google-analytics.com https://*.google-analytics.com https://analytics.valg.no; img-src * 'self' data: https: https://analytics.valg.no; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://dl.episerver.net http://www.google-analytics.com https://www.google-analytics.com https://maps.googleapis.com https://browser-update.org https://www.googletagmanager.com https://analytics.valg.no https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: 1
frame-ancestors 'self' https://wasm.vendidero.de; 1
default-src 'none'; block-all-mixed-content; script-src 'self' vimeo.com www.googletagmanager.com 'sha256-dnrBbfBeAHejZKU3WHnJyTCKO/sHwHFJXAogExZmFkE='; script-src-elem 'self' 'sha256-VVprJ7SpNifcwga2AZwyS5cTEwNF0xfuAU2O+SZVeZQ=' 'sha256-ka3xBp9kPEdafj6sE97HFhpJY8ZN+Aj6Fv/z1KyWvBQ=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' www.googletagmanager.com cdn.cookielaw.org www.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src 'self' i.vimeocdn.com cdn.cookielaw.org; font-src 'self' fonts.gstatic.com; manifest-src 'self'; connect-src 'self' immunity-twitter.herokuapp.com cdn.cookielaw.org geolocation.onetrust.com www.google-analytics.com 1
default-src 'self' https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.vo.msecnd.net https://ajax.googleapis.com https://bat.bing.com https://cdn.cookielaw.org https://connect.facebook.net https://content.linkedin.com https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://js.facebook.com https://platform.linkedin.com https://r.bing.com https://static.cloudflareinsights.com https://ssl.google-analytics.com https://snap.licdn.com https://static-exp1.licdn.com https://s.pinimg.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.civiccomputing.com https://www.youtube.com https://script.crazyegg.com https://cdn.jsdelivr.net https://code.jquery.com https://maps.googleapis.com *.sharethis.com dl.episerver.net https://connect.getflowbox.com; connect-src 'self' *; style-src 'self' 'unsafe-inline' *.licdn.com *.google.com *.bing.com ajax.googleapis.com www.googletagmanager.com https://maps.googleapis.com https://fonts.googleapis.com; object-src *.googlesyndication.com; child-src 'self' blob: *.googlesyndication.com *.google.com *.facebook.com *.doubleclick.net connect.facebook.net www.googletagmanager.com; img-src 'self' data: https://cdn.cookielaw.org https://ssl.google-analytics.com https://www.google-analytics.com https://*.linkedin.com https://bat.bing.com https://*.google.com https://www.google.pl https://ct.pinterest.com https://shoplogos.commerce-connector.de https://*.doubleclick.net https://*.googletagmanager.com https://i.ytimg.com https://*.gstatic.com https://*.googleapis.com https://platform-cdn.sharethis.com *.facebook.com *.spotify.com *.twitter.com *tiktok.com *instagram.com https://d2rfa446ja7yzb.cloudfront.net; frame-src 'self' https://td.doubleclick.net https://ct.pinterest.com https://www.google.com https://www.youtube.com; frame-ancestors 'self'; worker-src 'self' blob: www.google.com; media-src 'self' https://cdn.flbx.io 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; style-src 'self' 'unsafe-inline' data:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; connect-src 'self'; frame-src *; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' ; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://fandom.ink; img-src 'self' https: data: blob: https://fandom.ink; style-src 'self' https://fandom.ink 'nonce-WCEusZ3o1jTJq+jTmwsj5w=='; media-src 'self' https: data: https://fandom.ink; frame-src 'self' https:; manifest-src 'self' https://fandom.ink; form-action 'self'; child-src 'self' blob: https://fandom.ink; worker-src 'self' blob: https://fandom.ink; connect-src 'self' data: blob: https://fandom.ink https://cdn.masto.host wss://fandom.ink; script-src 'self' https://fandom.ink 'wasm-unsafe-eval' 1
style-src 'self' https://www.salaryswish.com 'unsafe-inline' https://salaryswishsite.b-cdn.net https://cdn.salaryswish.com https://ajax.googleapis.com https://fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com https://a.pub.network; style-src-attr 'self' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-ancestors 'self' *.salaryswish.com; 1
frame-ancestors 'self'; object-src 'none'; base-uri 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' secure.doll8tune.com cc.cdn.civiccomputing.com www.gstatic.com www.google.com unpkg.com www.googletagmanager.com www.google-analytics.com *.mopinion.com;object-src 'none';style-src 'self' 'unsafe-inline' cc.cdn.civiccomputing.com unpkg.com fast.fonts.net fonts.googleapis.com *.mopinion.com;img-src 'self' blob: *.mopinion.com www.googletagmanager.com data: tile.openstreetmap.org www.google.com api.os.uk;media-src 'none';frame-src 'self' *.google.com;font-src 'self' fast.fonts.net data: fonts.googleapis.com fonts.gstatic.com *.mopinion.com;connect-src 'self' *.google-analytics.com apikeys.civiccomputing.com www.google.com api.os.uk www.google-analytics.com *.mopinion.com;base-uri 'self';frame-ancestors 'self';upgrade-insecure-requests 1
default-src 'none'; frame-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' https: 'self' https://secure.gravatar.com; object-src 'self'; connect-src 'self'; img-src 'self' https://secure.gravatar.com data:; font-src 'self' https://fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self'  1
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https: wss:; 1
default-src 'self'; connect-src 'self' api.globalwaterintel.com cdn.segment.com api.segment.io *.auth0.com www.googletagmanager.com *.google-analytics.com api-iam.intercom.io wss://*.intercom.io; img-src 'self' gwi-live-strapi-media-library.s3.eu-west-2.amazonaws.com secure.gravatar.com s.gravatar.com i0.wp.com i1.wp.com i2.wp.com cdn.auth0.com www.googletagmanager.com d26zrrb868k3tz.cloudfront.net www.globalwaterintel.com www.test-globalwaterintel.com js.intercomcdn.com static.intercomassets.com data: blob:; script-src 'self' 'unsafe-inline' https://cdn.segment.com https://www.googletagmanager.com https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' fonts.googleapis.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com fonts.intercomcdn.com; object-src 'self' blob:; frame-src 'self' *.auth0.com www.youtube.com intercom-sheets.com blob:; media-src 'self' js.intercomcdn.com; 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-mQpZsWnbpzzTUvNUv/UCMA==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://blorbo.social; img-src 'self' https: data: blob: https://blorbo.social; style-src 'self' https://blorbo.social 'nonce-ahPMoxC4Lynzvx6rjhw5kg=='; media-src 'self' https: data: https://blorbo.social; frame-src 'self' https:; manifest-src 'self' https://blorbo.social; form-action 'self'; child-src 'self' blob: https://blorbo.social; worker-src 'self' blob: https://blorbo.social; connect-src 'self' data: blob: https://blorbo.social https://blorbo.social wss://blorbo.social; script-src 'self' https://blorbo.social 'wasm-unsafe-eval' 1
default-src ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.paddle.com *.profitwell.com cdnjs.cloudflare.com js.sentry-cdn.com sentry.webtoapp.design browser.sentry-cdn.com plausible.webtoapp.design js.appetize.io app.diagrams.net data:; media-src 'self'; child-src ; connect-src 'self' plausible.webtoapp.design sentry.webtoapp.design *.ingest.sentry.webtoapp.design *.profitwell.com *.paddle.com ipinfo.io api.ipregistry.co; font-src 'self' fonts.gstatic.com; frame-src 'self' *.paddle.com www.youtube-nocookie.com api.apiembed.com appetize.io; frame-ancestors 'self'; manifest-src ; object-src ; worker-src blob: 'self'; style-src 'self' 'unsafe-inline' *.paddle.com fonts.googleapis.com; img-src 'self' data: blob: play.google.com i.ytimg.com *.paddle.com *.cloudfront.net; report-uri https://sentry.webtoapp.design/api/3/security/?sentry_key=94047279283f481d8a278b13ccb4a0c6 1
default-src 'self'; script-src 'self' 'nonce-0b41827acae490d07a7d' hubspot-forms-static-embed.s3.amazonaws.com *.vimeo.com api.usercentrics.eu *.youtube.com *.hsforms.net *.hsforms.com *.hubspot.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.hsleadflows.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com www.google.com www.gstatic.com www2.123insight.com pages.123insight.com 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; style-src 'self' 'unsafe-inline' hubspot-forms-static-embed.s3.amazonaws.com *.vimeo.com api.usercentrics.eu *.youtube.com *.hsforms.net *.hsforms.com *.hubspot.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.hsleadflows.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com www.google.com www.gstatic.com www2.123insight.com pages.123insight.com; img-src * blob: data:; font-src 'self' fonts.gstatic.com fonts.googleapis.com data:; connect-src *; frame-src *; object-src 'none'; base-uri 'self'; frame-ancestors cms.forterro.com; block-all-mixed-content; upgrade-insecure-requests; media-src https://cms.forterro.com; 1
default-src 'none'; script-src 'self'; img-src 'self' https://*.lukas1818.de; style-src 'unsafe-inline'; form-action 'none'; base-uri 'none'; frame-ancestors 'none'; connect-src 'self'; 1
default-src 'self' blob:;script-src 'self' 'unsafe-inline' 'nonce-qTgsKVLu0IXeFXWck55B' 'unsafe-eval' https://*.blob.core.windows.net https://*.azurewebsites.net https://*.mepcontent.eu https://*.mepcontent.com https://*.google-analytics.com https://go.trimble.com https://*.gstatic.com https://*.googleapis.com https://*.wistia.com https://*.google.com https://*.addthis.com https://*.addthisedge.com https://*.googletagmanager.com https://*.litix.io https://*.kxcdn.com https://*.hotjar.com https://cdn.jsdelivr.net https://*.pardot.com https://*.visualwebsiteoptimizer.com wss: https://optanon.blob.core.windows.net https://*.onetrust.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com https://go.stabiplan.com https://fast.wistia.com https://*.jquery.com https://*.aptrinsic.com https://edge.fullstory.com https://cdn.segment.com https://*.cloudfront.net https://*.omappapi.com https://*.6sc.co;object-src 'self' https://*.blob.core.windows.net https://*.azurewebsites.net https://*.mepcontent.eu https://*.mepcontent.com https://*.akamaihd.net blob: https://*.jquery.com https://*.aptrinsic.com http://127.0.0.1:* https://*.omappapi.com https://*.6sc.co;style-src 'self' 'unsafe-inline' https://*.blob.core.windows.net https://*.azurewebsites.net https://*.mepcontent.eu https://go.trimble.com https://*.mepcontent.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.kxcdn.com https://pushcrew.com https://optanon.blob.core.windows.net https://*.onetrust.com https://*.jquery.com https://*.aptrinsic.com https://*.omappapi.com https://*.6sc.co;img-src 'self' https://*.blob.core.windows.net https://*.azurewebsites.net https://*.mepcontent.eu https://*.mepcontent.com https://*.visualwebsiteoptimizer.com https://*.litix.io https://*.google-analytics.com https://*.googleadservices.com https://*.googletagmanager.com https://*.google.com https://*.google.com.bn https://*.google.com.mx https://*.google.com.vn https://*.google.co.kr https://*.google.co.nz https://*.google.co.uk https://*.google.az https://*.google.by https://*.google.cl https://*.google.de https://*.google.es https://*.google.fr https://*.google.it https://*.google.nl https://*.google.pl https://*.google.pt https://*.google.ro https://*.google.se https://*.google.sk https://*.google.tn https://*.google.tr https://*.gstatic.com https://*.doubleclick.net https://*.googleapis.com https://*.akamaihd.net https://*.wistia.com https://*.ggpht.com https://*.pushcrew.com https://pushcrew.com https://static.hotjar.com https://*.addthis.com https://*.bing.com https://*.pingdom.net https://*.adnxs.com https://*.linkedin.com https://*.tradeservice.com data: blob: https://localhost:* http://127.0.0.1:* https://content2:* https://optanon.blob.core.windows.net https://*.onetrust.com https://www.facebook.com https://*.jquery.com https://*.aptrinsic.com https://*.omappapi.com https://*.6sc.co;media-src 'self' https://*.blob.core.windows.net https://*.azurewebsites.net https://*.mepcontent.eu https://*.mepcontent.com https://*.akamaihd.net https://*.wistia.net https://*.wistia.com blob: https://*.jquery.com https://js.intercomcdn.com https://*.aptrinsic.com http://127.0.0.1:* https://*.omappapi.com https://*.6sc.co;frame-src 'self' https://*.blob.core.windows.net https://*.azurewebsites.net https://*.mepcontent.eu https://*.mepcontent.com https://go.trimble.com https://*.wistia.com https://*.addthis.com https://*.google.com https://*.youtube.com https://*.twitter.com https://*.facebook.com https://*.hotjar.com https://*.doubleclick.net https://*.cloudfront.net https://*.jquery.com https://*.aptrinsic.com https://*.omappapi.com https://*.6sc.co;font-src 'self' https://*.blob.core.windows.net https://*.azurewebsites.net https://*.mepcontent.eu https://*.mepcontent.com https://*.gstatic.com https://*.wistia.com cdnjs.cloudflare.com data: https://*.jquery.com https://*.aptrinsic.com https://*.hotjar.com https://*.omappapi.com https://*.6sc.co;connect-src 'self' https://localhost:* https://*.blob.core.windows.net https://*.azurewebsites.net https://*.mepcontent.eu https://*.mepcontent.com https://*.google.com https://*.google-analytics.com https://*.akamaihd.net https://*.wistia.com https://*.addthis.com/ https://sumome.com https://*.hotjar.com https://*.hotjar.io https://sumo.com https://*.litix.io/ https://*.pingdom.net https://*.herokuapp.com https://*.mixpanel.com wss: https://*.jquery.com https://app.getsentry.com https://*.aptrinsic.com http://127.0.0.1:* https://stats.g.doubleclick.net https://api.segment.io https://*.fullstory.com data: https://*.omappapi.com https://*.6sc.co;child-src 'self' https://*.blob.core.windows.net https://*.azurewebsites.net https://*.mepcontent.eu https://*.mepcontent.com https://*.wistia.com https://*.addthis.com https://*.google.com https://*.youtube.com https://*.twitter.com https://*.facebook.com https://*.hotjar.com blob: https://*.jquery.com https://player.vimeo.com https://*.aptrinsic.com https://*.omappapi.com https://*.6sc.co;upgrade-insecure-requests;report-uri /WebResource.axd?cspReport=true 1
default-src 'self' *.crazyegg.com; connect-src *; font-src * data:; frame-src *; img-src * data: blob: https:; worker-src blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* localtest:* ajax.googleapis.com ajax.aspnetcdn.com fonts.googleapis.com fonts.gstatic.com www.youtube.com s.ytimg.com www.googletagmanager.com vortex.data.microsoft.com *.hubspot.com *.hscta.net *.google-analytics.com iowa.gov *.jquery.com *.addthis.com *.googleapis.com *.addthisedge.com *.google.com *.gstatic.com *.fontawesome.com *.crowdriff.com *.sa-as.com *.licdn.com *.facebook.net *.googleadservices.com siteimproveanalytics.com *.doubleclick.net *.adnxs.com *.facebook.com *.amp.travel;object-src *.spindustry.com;style-src 'self' 'unsafe-inline' iowa.gov *.jquery.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.typekit.net *.fontawesome.com *.crowdriff.com *.amp.travel;img-src 'self' data: localhost:* localtest.com:* *.jquery.com *.google-analytics.com *.hubspot.com iowa.gov *.goodblogscdn.com *.gstatic.com *.crowdriff.com *.cloudfront.net *.doubleclick.net *.arrivalist.com *.google.com *.sa-as.com *.adnxs.com *.siteimproveanalytics.io *.linkedin.com *.facebook.com *.adsymptotic.com *.ytimg.com *.google.ca *.googletagmanager.com amptravel.imgix.net *.googleapis.com storage.googleapis.com;media-src *.spindustry.com;frame-src *.spindustry.com *.google.com *.youtube.com *.facebook.com *.doubleclick.net *.moz.com;font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com *.typekit.net *.fontawesome.com *.googleapis.com;connect-src 'self' *.spindustry.com *.crowdriff.com *.fontawesome.com *.doubleclick.net *.google-analytics.com *.facebook.com *.linkedin.oribi.io *.licdn.com analytics.google.com *.amp.travel *.googlesyndication.com *.linkedin.com;child-src *.youtube.com *.hubspot.com *.addthis.com *.google.com;form-action 'self' *.spindustry.com *.facebook.net *.facebook.com;frame-ancestors *.spindustry.com;manifest-src 'self';report-uri /WebResource.axd?cspReport=true 1
default-src 'unsafe-eval' 'self' https: https://www.google.com https://www.youtube.com 'unsafe-inline'; img-src 'self' data: https://www.mc-informatik.de https://konferenz.wupp.it  https://www.wupp.it https://wupp.it https://www.google.com/recaptcha https://maps.google.com https://www.magicobjects.de; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
frame-ancestors https://metrika.yandex.ru http://webvisor.com https://www.uplab.ru https://uplab.ru http://awards.ratingruneta.ru https://awards.ratingruneta.ru 1
default-src  'self' 'unsafe-inline'; font-src https://*.mouseflow.com https://static.chatclient.autochat.ai/ https://autochat.s3.eu-west-2.amazonaws.com/ https://*.sirv.com https://fonts.gstatic.com/ data: 'self'; child-src https://*.mouseflow.com 'self'; connect-src https://bat.bing.com/ https://analytics.tiktok.com/ https://px.ads.linkedin.com/ https://www.google.com/ https://*.mouseflow.com https://static.chatclient.autochat.ai/ https://*.ingest.sentry.io/ https://*.hotjar.com https://*.hotjar.io https://console.autochat.ai/ wss://*.hotjar.com https://cdn.linkedin.oribi.io/ https://region1.google-analytics.com https://ct.pinterest.com/ https://region1.google-analytics.com/  https://*.sirv.com https://c200.a-point.nl https://maps.googleapis.com/ https://api.salesfeed.com https://a-point.blueconic.net https://in.hotjar.com/ https://stats.g.doubleclick.net/ https://www.a-point.nl https://api.salesfeed.com/ https://www.google-analytics.com https://*.analytics.google.com https://a-point.gxcloud.net/ https://www.a-point.com https://a-point.blueconic.net/ 'self'; frame-src https://*.mouseflow.com https://ct.pinterest.com/ https://c200.a-point.nl https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://t.svtrd.com/ https://vars.hotjar.com/ https://consentcdn.cookiebot.com/ https://www.plan-it-online.nl/ https://www.youtube.com/ 'self'; frame-ancestors  'self'; img-src https://bat.bing.com/ https://*.mouseflow.com https://autochat.s3.eu-west-2.amazonaws.com/ https://www.googletagmanager.com/ https://ct.pinterest.com/ https://region1.google-analytics.com/ https://*.sirv.com https://c200.a-point.nl https://www.linkedin.com/ https://www.facebook.com/ https://www.google.com https://www.google.nl https://px.ads.linkedin.com/ https://www.google-analytics.com https://maps.gstatic.com/ https://maps.googleapis.com/ blob: 'self' data:; media-src https://download-video.akamaized.net/ https://player.vimeo.com 'self'; object-src  'self'; script-src https://*.mouseflow.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; style-src https://*.mouseflow.com https://static.chatclient.autochat.ai/ https://autochat.s3.eu-west-2.amazonaws.com/ https://c200.a-point.nl/ https://*.sirv.com https://fonts.googleapis.com/ https://plugins.blueconic.net/ 'self' 'unsafe-inline';  worker-src  'self' blob: 1
default-src 'self' *.fbcdn.net *.facebook.com *.google.com *.gravatar.com *.vimeo.com *.vimeocdn.com *.umbraco.org *.google-analytics.com *.googletagmanager.com ssl.google-analytics.com *.doubleclick.net *.addthis.com *.youtube.com  *.juicer.io *.addthis.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.google-analytics.com smartagpro.com static.hotjar.com *.livehelpnow.net *.facebook.net siteimproveanalytics.com googletagmanager.com *.gstatic.com *.yimg.com *.yahoo.com *.addthis.com *.addthisedge.com *.googleadservices.com *.juicer.io *.moatads.com *.addthis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.myfonts.net *.google.com *.googleapis.com  *.juicer.io data: blob:; img-src 'self' *.fbcdn.net *.gstatic.com *.googleapis.com *.umbraco.org *.g.doubleclick.net data: *.gravatar.com umbraco.tv *.google-analytics.com *.googletagmanager.com *.ytimg.com *.youtube.com *.google.com *.google.com.au *.facebook.com *.siteimprove.com  *.juicer.io *.cdninstagram.com *.instagram.com *.twitter.com *.addthis.com; font-src 'self' *.gstatic.com *.googleapis.com *.myfonts.net *.juicer.io; 1
base-uri 'none'; style-src 'self' *.cassiecloud.com *.googleapis.com 'unsafe-inline' https://cscript-cdn-use.lilly.com/templates/2/template.min.css *.lillytempo.com *.kisunla.com https://d1ltrl2zzo6l3e.cloudfront.net/public/syrenis-cookie-management.css https://d3gnk5748ud580.cloudfront.net/public/syrenis-cookie-management.css https://dscrutpyu4zff.cloudfront.net/public/syrenis-cookie-management.css; script-src 'nonce-UawdPrbV4P04V+YpUmncmA=='  'sha256-BOdrGgsaUdYRwVdD4Fik9V0fNb0dAVa8rMoOp7Sy63o='  'self' 'strict-dynamic' 'unsafe-eval' *.kaltura.com/ *.cassiecloud.com *.googletagmanager.com https://google-analytics.com *.google-analytics.com *.bing.com https://connect.facebook.net https://lilly-customerconnect.secure.force.com https://customerconnect.my.salesforce-sites.com https://ispot.tv *.turn.com *.myadvocado.com *.doubleclick.net *.analytics.yahoo.com *.google.com https://facebook.com *.salesforceliveagent.com *.youtube.com *.ytimg.com *.gstatic.com *.googlevideo.com blob: http://d22xmn10vbouk4.cloudfront.net *.googleapis.com assets.adobedtm.com assets.ctfassets.net *.kisunla.com 'nonce-Q+3SsP/nT1Qb9DtwRm8EbA==' *.soundcloud.com *.recaptcha.net 'sha256-uMkuBZ4FQVVBqzs6NHOoGr/1vOLA1h9acPURz3E39HA=' 'sha256-9VDmhXS8/iybLLyD3tql7v7NU5hn5+qvu9RRG41mugM=' 'sha256-tempUn1btibnrWwQxEk37lMGV1Nf8FO/GXxNhLEsPdg=' 'sha256-YvYJ5WVzt8kOVVuSB9YcyVJLN4a6HcbOgQpzrg0BLUI=' https://clientapi.gcs-web.com https://d22xmn10vbouk4.cloudfront.net https://servicesplatform.partneringplace.com https://forms.office.com bugcrowd.com *.lilly.com tags.tiqcdn.com pc-lilly-visitor-service-us-west-2.tealiumiq.com https://d1ltrl2zzo6l3e.cloudfront.net/public/syrenis-cookie-management.js https://d3gnk5748ud580.cloudfront.net/public/syrenis-cookie-management.js https://dscrutpyu4zff.cloudfront.net/public/syrenis-cookie-management.js; object-src 'none'; frame-src *.doubleclick.net/ *.myadvocado.com/ *.lillytempo.com *.lillycares.com *.lillyoncologysupport.com *.lillyloxooncologypipeline.com *.lillydirect.com *.lrlscience.com *.syrenis.com *.taltz.com *.olumiant.com *.verzenio.com *.omvoh.com *.true.lilly *.tap.lilly *.together.lilly *.certuitad.com *.lilly.com *.enrollment.taltz.com *.enrollment.olumiant.com *.enrollment.verzenio.com *.enrollment.omvoh.com *.kisunla.com *.rlcdn.com *.youtube.com *.soundcloud.com *.google.com *.facebook.com *.spotify.com *.simplecast.com *.recaptcha.net https://servicesplatform.partneringplace.com https://forms.office.com *.kaltura.com/ bugcrowd.com di.rlcdn.com 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com *.typekit.net 'self' data: data: 'self'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://*.msignia.com https://*.cardinalcommerce.com https://www.facebook.com 'self'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ esqa.moneris.com www3.moneris.com pay.google.com www.google.com https://*.msignia.com https://*.cardinalcommerce.com *.duboisag.com *.facebook.com *.moneris.com www.xtento.com 'self'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com ws1.postescanada-canadapost.ca https://*.privacy-center.org t.ofsys.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.duboisag.com duboisag.com *.google.com *.google.ca *.facebook.com *.linkedin.com *.cloudfront.net *.hsforms.net *.hsforms.com 'self' data: www.xtento.com cdn.xtento.com data: 'self'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ esqa.moneris.com www3.moneris.com applepay.cdn-apple.com pay.google.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ws1.postescanada-canadapost.ca ajax.cloudflare.com https://*.privacy-center.org t.ofsys.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io connect.facebook.net *.moneris.com *.licdn.com *.hsforms.net *.hsforms.com *.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com ws1.postescanada-canadapost.ca https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.typekit.net *.gstatic.com 'self' 'unsafe-inline'; object-src 'self'; media-src *.adobe.com 'self'; manifest-src 'self'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com ws1.postescanada-canadapost.ca https://*.privacy-center.org t.ofsys.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.duboisag.com *.facebook.com/* *.doubleclick.net *.google.ca *.google.com google.com *.linkedin.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self'; child-src http: https: blob: 'self'; default-src *.googleapis.com 'self'; base-uri 'self'; 1
frame-ancestors 'self' https://flschat.eastus.cloudapp.azure.com;block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://plausible.io https://*.usbrowserspeed.com https://*.scriptintel.io https://*.clarity.ms https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.cloudapp.azure.com https://*.google.com https://ajax.googleapis.com https://content.linkedin.com https://connect.facebook.net https://code.jquery.com https://cdn.jsdelivr.net https://f.vimeocdn.com https://forms.hsforms.com https://graph.facebook.com https://googletagmanager.com https://js.facebook.com https://js.hsforms.net https://js.hscollectedforms.net https://js.hs-analytics.net https://js.usemessages.com https://js.hubspotfeedback.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://js-na1.hs-scripts.com https://js.hs-scripts.com https://ml314.com https://platform.linkedin.com https://player.vimeo.com https://static-exp1.licdn.com https://snap.licdn.com https://script.hotjar.com https://static.hotjar.com https://tagmanager.google.com https://www.vimeo.com https://www.googleoptimize.com https://www.googletagmanager.com;style-src 'self' 'report-sample' 'unsafe-inline' *.google.com *.licdn.com ajax.googleapis.com code.jquery.com cdn.jsdelivr.net fonts.googleapis.com www.googletagmanager.com;object-src *.googlesyndication.com;child-src 'self' blob: *.vimeo.com *.google.com *.doubleclick.net *.googlesyndication.com www.youtube.com *.facebook.com flschat.eastus.cloudapp.azure.com app.hubspot.com connect.facebook.net forms.hsforms.com js.usemessages.com js.hscollectedforms.net js.hsadspixel.net vimeo.com www.googletagmanager.com;base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net forms.hubspot.com forms.hsforms.com;worker-src 'self' blob: www.google.com 1
default-src 'none'; object-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; frame-ancestors 'none'; form-action 'self'; style-src-elem 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' blob:; 1
font-src data: *; img-src data: * blob:; default-src https: 'unsafe-inline' 'unsafe-eval' blob:; frame-src 'self' blob: mailto: https://instawidget.net/ *.twitter.com/ *.facebook.com/ https://static.addtoany.com/ https://customer-g49kpte2lt5550qs.cloudflarestream.com/ *.ncpc.gov/ http://arcgis.com *.arcgis.com/ *.googleapis.com *.google.com https://google.com *.youtube.com/ api.ncpc.gov; media-src blob: *; 1
default-src 'self'; base-uri 'self'; img-src * data:; frame-src 'self' https://kaartapi.nl https://www.kaartapi.nl https://websurveys2.govmetric.com https://app-eu.readspeaker.com https://www.youtube-nocookie.com https://www.youtube.com https://content.googleapis.com/ https://vars.hotjar.com https://infoopkaart.steenwijkerland.nl; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob:; script-src 'self' 'nonce-OTAyNzBhYjMtYWZkYi00MWQ4LWJiZDQtNThkZGZmMzk1Mjdm' https://stats.pusher.com https://www.browsealoud.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://websurveys2.govmetric.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://cdn-eu.readspeaker.com https://virtuele-gemeente-assistent.nl https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com https://button.kcmsurvey.com; connect-src 'self' https://sockjs-eu.pusher.com wss://ws-eu.pusher.com https://vttts-eu.readspeaker.com https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://wrapi-eu.readspeaker.com https://www.browsealoud.com https://plus.browsealoud.com https://speech.speechstream.net https://speech-eu.speechstream.net https://www.google-analytics.com https://maps.googleapis.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.obi4wan.ai https://app-eu.readspeaker.com/ https://hitcounter.govmetric.com https://platform.hireserve.nl/ https://cdn1.readspeaker.com https://maps.googleapis.com https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl ws://virtuele-gemeente-assistent.nl https://in.hotjar.com https://www.facebook.com https://cdn.linkedin.oribi.io; object-src 'self' https://kaartapi.nl https://www.kaartapi.nl https://infoopkaart.steenwijkerland.nl; style-src 'self' data: 'nonce-OTAyNzBhYjMtYWZkYi00MWQ4LWJiZDQtNThkZGZmMzk1Mjdm' https://fonts.googleapis.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://websurveys2.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://maps.googleapis.com/ https://siteimproveanalytics.com https://cloudstatic.obi4wan.com; font-src 'self' data: https://fonts.gstatic.com https://cdn1.readspeaker.com https://script.hotjar.com;  1
default-src 'self' player.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com piwik.dtnr.nl; connect-src 'self' piwik.dtnr.nl; img-src 'self' data: https: s.w.org ps.w.org secure.gravatar.com; style-src 'self' 'unsafe-inline'; font-src 'self' data:; 1
block-all-mixed-content; default-src 'self'; base-uri 'self'; frame-src 'self' https: *.reviews.io *.optmnstr.com blob: *.360training.com hemsync.clickagy.com; frame-ancestors 'self' *.reviews.co.uk *.reviews.io; img-src 'self' data: https://cdn.assets.rapidlms.com cdn.files.rapidlms.com *.google.com *.google.ca *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net *.stripe.com *.gravatar.com *.newrelic.com *.nr-data.net s3.amazonaws.com *.embed.ly *.bing.com *.twimg.com *.facebook.net *.facebook.com *.fbcdn.net *.imgur.com *.livechatinc.com *.juicer.io *.rumiview.com *.hotjar.com *.tawk.to *.hellobar.com *.optmnstr.com optin-monster.s3.amazonaws.com i.ytimg.com yt3.ggpht.com *.indeed.com *.opmnstr.com files.rapidlms.com i.embed.ly *.omappapi.com *.pushcrew.com pushcrew.com *.linkedin.com *.hubspot.com *.hsforms.com *.adsymptotic.com *.visualwebsiteoptimizer.com cdn.jsdelivr.net *.learnerverified.com d16aqe2hb8mnsq.cloudfront.net d33v4339jhl8k0.cloudfront.net dfv1sywpgf540.cloudfront.net i.vimeocdn.com curator-assets.b-cdn.net *.clarity.ms https://blog.guardtraining.ca *.olark.com *.rapidlms.com; script-src 'self' 'unsafe-inline' blob: https://cdn.assets.rapidlms.com api.learnerverified.com app.learnerverified.com use.fontawesome.com *.google.com *.google.ca *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net *.stripe.com *.ably.io *.ably-realtime.com *.newrelic.com *.nr-data.net *.amplitude.com *.reviews.co.uk *.reviews.io *.hotjar.com *.facebook.net *.facebook.com 'unsafe-eval' *.bing.com *.hellobar.com *.juicer.io *.reviews.io *.livechatinc.com *.hellomedian.com *.visitor-track.com *.rumiview.com *.adobedtm.com blob: www.bugherd.com *.tawk.to *.jsdelivr.com *.leadquizzes.com *.learnerverified.com *.googleapis.com *.googletagservices.com *.googletagmanager.com *.helpscout.net *.indeed.com components.rapidlms.com www.canadahelps.org https://cdn.pushcrew.com js.hs-scripts.com ca.indeed.com snap.licdn.com js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com cdnjs.cloudflare.com *.visualwebsiteoptimizer.com *.optmnstr.com *.omappapi.com secure.leadforensics.com cdn.jsdelivr.net js.usemessages.com *.amazonaws.com *.list-manage.com sp-js.apps.gov.bc.ca  www2.gov.bc.ca *.googleoptimize.com *.fontawesome.com *.curator.io *.wufoo.com *.hsforms.com *.hsforms.net *.clarity.ms *.freshworks.com *.freshchat.com *.redditstatic.com *.olark.com *.myfreshworks.com *.freshsales.io js.zi-scripts.com tags.clickagy.com; style-src 'self' 'unsafe-inline' https://cdn.assets.rapidlms.com use.fontawesome.com *.reviews.co.uk *.reviews.io fonts.googleapis.com *.juicer.io tagmanager.google.com https://d19ayerf5ehaab.cloudfront.net/css/product-widget/style.css *.pushcrew.com cdnjs.cloudflare.com cdn.jsdelivr.net *.mailchimp.com optimize.google.com *.omappapi.com *.fontawesome.com *.curator.io *.freshworks.com *.freshchat.com *.olark.com https://assets.freshsales.io; media-src https://cdn.assets.rapidlms.com cdn.files.rapidlms.com curator-assets.b-cdn.net *.olark.com; object-src 'self' cdn.files.rapidlms.com; font-src https: data: *.fontawesome.com; connect-src wss: 'self' files.rapidlms.com api.learnerverified.com app.learnerverified.com *.newrelic.com *.nr-data.net *.google.com *.google.ca *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net *.stripe.com *.ably.io *.ably-realtime.com *.statushub.io *.amplitude.com *.reviews.co.uk *.reviews.io use.learnerverified.com *.hellomedian.com *.facebook.com *.juicer.io *.reviews.io *.tawk.to *.hubspot.com *.learnerverified.com https://d3hb14vkzrxvla.cloudfront.net *.helpscout.net *.mstrlytcs.com *.optmnstr.com *.opmnstr.com spm.gov.bc.ca spt.apps.gov.bc.ca files.rapidlms.com *.pusher.com *.omappapi.com *.hotjar.com *.hotjar.io *.bing.com dfv1sywpgf540.cloudfront.net cdn.files.rapidlms.com *.360training.com *.fontawesome.com *.curator.io *.hsforms.com *.hsforms.net *.clarity.ms https://blog.guardtraining.ca *.freshworks.com *.freshdesk.com *.teamup.com *.olark.com https://capig.relo.ca https://capig.danatec.com https://capig.guardtraining.ca *.myfreshworks.com aorta.clickagy.com hemsync.clickagy.com https://js.zi-scripts.com https://ws.zoominfo.com; report-uri /csp 1
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 1
frame-ancestors 'self' https://secure.xsolla.com 1
default-src *; script-src 'self' cdn.apple-mapkit.com www.google-analytics.com ajax.googleapis.com use.fontawesome.com maps.google.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval' blob:; img-src 'unsafe-inline' * data:; style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com data:; font-src 'unsafe-inline' data: *; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://openbiblio.social https://www.youtube.com https://api.digitale-sammlungen.de 1
img-src 'self' 'unsafe-inline'  https://*.cmhc-schl.gc.ca/ https://*.azureedge.net/ https://www.google.com https://*.linkedin.com https://*.facebook.com https://*.reddit.com https://*.twitter.com https://*.google-analytics.com https://www.google.ca https://*.blob.core.windows.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cmhc-schl.gc.ca/ https://*.youtube.com https://*.facebook.net https://*.msecnd.net https://*.google-analytics.com https://googleads.g.doubleclick.net https://*.azureedge.net/ https://*.cloud.coveo.com/ https://siteimproveanalytics.com/ https://*.redditstatic.com https://*.ads-twitter.com https://*.licdn.com https://*.hotjar.com/ https://*.googleapis.com https://*.cloudflare.com https://cdn.jsdelivr.net https://*.b2clogin.com https://www.googletagmanager.com/ https://*.linkedin.com/ https://*.twitter.com/ https://www.google.com https://ajax.googleapis.com/ https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://*.cmhc-schl.gc.ca/ https://*.azureedge.net/ https://*.typekit.net https://*.cloud.coveo.com/ https://*.googleapis.com https://*.jquery.com https://use.typekit.net https://*.blob.core.windows.net/; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://*.cmhc-schl.gc.ca/ https://*.typekit.net https://*.azureedge.net/ https://*.cloud.coveo.com/ https://*.blob.core.windows.net/; upgrade-insecure-requests; block-all-mixed-content; object-src 'none'; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://providers.ccbh.com https://members.ccbh.com https://www.ccbh.com https://fast.fonts.net https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://maps.googleapis.com https://stats.g.doubleclick.net/ https://www.gstatic.com https://www.ccbh.com/ https://maps.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.fusionbot.com/ https://cdn.jsdelivr.net https://www.youtube.com https://www.vimeo.com https://player.vimeo.com https://i.ytimg.com https://feed-proxy.craftcms.com https://api.craftcms.com https://fast.wistia.net https://upmc.piwik.pro https://upmc.containers.piwik.pro 1
frame-ancestors 'self';block-all-mixed-content;script-src 'self'  'report-sample' 'unsafe-inline' 'unsafe-eval'  https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://graph.facebook.com https://google-analytics.com https://googleads.g.doubleclick.net https://googletagmanager.com https://js.facebook.com https://kit.fontawesome.com https://ssl.google-analytics.com https://track.nopaperforms.com https://tagmanager.google.com https://use.fontawesome.com https://widgets.nopaperforms.com https://www.google-analytics.com https://www.googletagmanager.com;style-src 'self' 'report-sample'  'unsafe-inline' *.fontawesome.com *.google.com ajax.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com www.googletagmanager.com;object-src *.googlesyndication.com;child-src 'self' blob: *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net www.googletagmanager.com;base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;worker-src 'self' blob: www.google.com; 1
default-src cdnrtbsape.ru https://yandex.ru *.acint.net  https://yastatic.net/ https://an.yandex.ru  https://*.googlesyndication.com  https://pagead2.googlesyndication.com/ http://smolensk-auto.ru/ http://www.smolensk-auto.ru https://googleads.g.doubleclick.net https://www.google-analytics.com https://fonts.gstatic.com https://yandex.st/share/share.js  https://api-maps.yandex.ru/ https://mc.yandex.ru https://www.youtube.com/ https://www.googletagmanager.com https://www.google.com/  'self'; script-src self  *.acint.net *.adfox.ru *.sape.ru https://yandex.ru  https://*.googlesyndication.com  https://partner.googleadservices.com/   https://*.google.ru https://www.googletagservices.com https://code.createjs.com/ http://tools.spylog.ru http://site.yandex.net http://smolensk-auto.ru/ http://www.smolensk-auto.ru/  https://adservice.google.com/ http://an.yandex.ru http://pagead2.googlesyndication.com https://www.gstatic.com https://www.google.com https://cdnjs.cloudflare.com  https://www.googleadservices.com https://googleads.g.doubleclick.net  https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com  https://www.google-analytics.com https://code.jquery.com/ https://api-maps.yandex.ru https://ajax.googleapis.com https://mc.yandex.ru http://yandex.st  ipt http://mc.yandex.ru  http://yastatic.net ipt  'self' 'unsafe-inline' 'unsafe-eval'; style-src *.smolensk-auto.ru https://yastatic.net https://fonts.googleapis.com https://cdnjs.cloudflare.com http://code.jquery.com https://yandex.st  'self' 'unsafe-inline' 'unsafe-eval'; img-src * self https://www.google-analytics.com https://api-maps.yandex.ru    https://mc.yandex.ru http://yastatic.net 'self' 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-SNGPCHFYM/4GjFEbtz0R+g==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com blob: data:; connect-src 'self' https://*.google-analytics.com blob: wss://*.homecase.de https://*.homecase.de ; object-src 'self' blob: https://*.homecase.de ; media-src 'self' blob: https://*.homecase.de ; frame-src 'self' blob: https://*.homecase.de ; img-src 'self' www.googletagmanager.com data: blob: wss://*.homecase.de https://*.homecase.de ; wss: 1
default-src *  'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src *  'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem *  'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr *  'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src *  'unsafe-inline' 'unsafe-hashes'; style-src-elem *  'unsafe-inline' 'unsafe-hashes'; style-src-attr *  'unsafe-inline' 'unsafe-hashes'; img-src * ; font-src * data:; connect-src *; media-src *; object-src *;child-src *; frame-src * 1
default-src 'self' blob: www.google-analytics.com https://services.postcodeanywhere.co.uk stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' https://universe-static.elfsightcdn.com/ https://js.hs-scripts.com/ https://js.hs-analytics.net https://js.hs-banner.com https://*.clarity.ms  https://api.livechatinc.com https://www.freeprivacypolicy.com https://vimeo.com https://cht-srvc.net https://cdn.livechatinc.com https://inform.dataloft.co.uk https://apis.google.com https://i.ytimg.com https://www.youtube.com https://optimize.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com www.locrating.com https://www.googleoptimize.com https://*.elfsight.com vimeo.com metrics.responsetap.com  https://www.vimeo.com https://*.olark.com https://code.jquery.com  https://e.issuu.com https://www.googleadservices.com https://static.olark.com https://extend.vimeocdn.com static-ssl.responsetap.com api.instagram.com *.facebook.net https://s1536.t.eloqua.com play.vidyard.com https://img.en25.com https://play.vidyard.com tagmanager.google.com www.google.com www.google-analytics.com ajax.googleapis.com maps.googleapis.com maps.google.com www.gstatic.com www.googletagmanager.com developers.google.com www.bugherd.com d2iiunr5ws5ch1.cloudfront.net https://indiv25765.pcapredict.com https://static.olark.com https://knrpc.olark.com https://googleads.g.doubleclick.net https://services.postcodeanywhere.co.uk 'unsafe-inline' 'unsafe-eval'; img-src 'self' blob: data: https://optimize.google.com https://track.hubspot.com https://*.clarity.ms https://*.bing.com https://assets.reapit.net https://video.cdninstagram.com https://*.google-analytics.com https://*.analytics.google.com https://i.ytimg.com https://inform.dataloft.co.uk https://www.google-analytics.com https://www.googletagmanager.com  *.amazonaws.com https://lh3.googleusercontent.com https://www.googletagmanager.com https://www.vimeo.com https://*.olark.com *.facebook.com https://services.postcodeanywhere.co.uk https://*.ggpht.com https://s1536.t.eloqua.com https://play.vidyard.com https://cdn.vidyard.com https://public.flourish.studio https://maps.google.com https://*.googleapis.com https://scontent.cdninstagram.com/ https://www.google.co.in https://*.xx.fbcdn.net https://pbs.twimg.com media.licdn.com image-store.slidesharecdn.com http://graph.facebook.com https://*.rackcdn.com http://*.cdn.starberry.com www.google.com https://*.gstatic.com maps.gstatic.com maps.googleapis.com www.google-analytics.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://inform.dataloft.co.uk https://*.googletagmanager.com https://optimize.google.com https://fonts.googleapis.com  https://www.vimeo.com https://*.olark.com https://*.bambooauctions.com maxcdn.bootstrapcdn.com https://services.postcodeanywhere.co.uk fonts.googleapis.com d2iiunr5ws5ch1.cloudfront.net tagmanager.google.com; font-src 'self' https://optimize.google.com  https://cdn.livechatinc.com maxcdn.bootstrapcdn.com  https://*.olark.com fonts.gstatic.com www.bugherd.com data: tagmanager.google.com; frame-src 'self' https://td.doubleclick.net https://schools.locrating.com https://secure.livechatinc.com  https://optimize.google.com bid.g.doubleclick.net https://*.youtube.com https://www.vimeo.com https://*.olark.com www.facebook.com *.amazonaws.com https://e.issuu.com https://play.vidyard.com https://www.google.com  https://flo.uri.sh https://my.matterport.com https://player.vimeo.com; object-src 'self' blob: https://flo.uri.sh *.amazonaws.com https://services.postcodeanywhere.co.uk; connect-src 'self' stats.g.doubleclick.net https://*.clarity.ms https://pagead2.googlesyndication.com https://www.facebook.com  https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://www.googletagmanager.com https://maps.googleapis.com https://graph.instagram.com  https://*.elfsight.com www.google-analytics.com https://*.olark.com https://services.postcodeanywhere.co.uk; media-src  'self' https://*.olark.com https://my.matterport.com https://bit.ly *.amazonaws.com https://*.clarity.ms 1
script-src 'self' maps.google.com; img-src 'self' data: maps.gstatic.com *.google.com *.ggpht.com default-src 'self' 1
default-src 'self' 'unsafe-inline' *.google.com *.google.ca *.openstreetmap.org *.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.ggpht.com *.livechatinc.com *.facebook.com *.twitter.com *.forsalebyowner.ca *.easylist.realestate *.easylistrealty.ca *.strattengatesrealestate.ca data:; media-src 'self' *.cloudfront.net *.forsalebyowner.ca blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.forsalebyowner.ca *.googletagmanager.com *.google.com *.google.ca *.google-analytics.com *.googleapis.com unpkg.com *.gstatic.com *.openstreetmap.org *.livechatinc.com *.jsdelivr.net *.twitter.com *.facebook.com *.facebook.net *.cloudflare.com blob:; frame-src *; object-src 'none'; base-uri 'none'; 1
default-src 'none'; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://assets-ctb.pernod-ricard.io https://api.pernod-ricard.io https://cdn.jsdelivr.net/npm/algoliasearch https://zfm2j5365u-3.algolianet.com https://zfm2j5365u-dsn.algolia.net https://d8ejoa1fys2rk.cloudfront.net https://brandcloud.pernod-ricard.com https://optoutapi.evidon.com *.evidon.com *.betrad.com https://us-central1-pantheon-psapps.cloudfunctions.net https://insight.pravp.com/analytics *.pernod-ricard.io https://live-pernod-ricard-global-cms.pantheonsite.io https://cdn.linkedin.oribi.io https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css https://www.googletagmanager.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://app-avp.pravp.com https://assets-ctb.pernod-ricard.io https://cdnjs.cloudflare.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://static.addtoany.com https://emperia.gallery https://my.matterport.com; img-src 'self' https: data:; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://avp.pravp.com https://www.google-analytics.com https://c.evidon.com https://assets-ctb.pernod-ricard.io https://cdn.jsdelivr.net/npm/algoliasearch https://zfm2j5365u-3.algolianet.com https://www.youtube.com https://player.vimeo.com *.facebook.net https://js-agent.newrelic.com https://bam.nr-data.net *.pernod-ricard.io https://live-pernod-ricard-global-cms.pantheonsite.io https://snap.licdn.com https://www.google.com https://www.gstatic.com agegate.pr-globalcms.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://vuejs.org; style-src 'self' 'unsafe-inline' https://assets-ctb.pernod-ricard.io data: https://live-pernod-ricard-global-cms.pantheonsite.io cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; base-uri 'self'; form-action 'self' https://login.microsoftonline.com https://device.login.microsoftonline.com; frame-ancestors 'self' 1
default-src https:; object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-4AEemGb0xJptoIGFP3Nd' piwik.mozfr.org; frame-ancestors 'none' 1
frame-ancestors 'self' https://*.smarthub.coop; upgrade-insecure-requests 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-+xNoJ4QAP4BywnHvT6sHaA==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src *.cymitquimica.com wss://api.signalzen.com/cable blob: https: data: 'unsafe-inline' 'unsafe-eval'; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-rTDYf6lyRUVOS7YNON7qaveUO' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
upgrade-insecure-requests;script-src 'unsafe-inline' 'unsafe-eval' https://www.arkpes.com https://fonts.googleapis.com https://fonts.gstatic.com https://secure.gravatar.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://developers.google.com https://www.googletagmanager.com https://secure.365smartenterprising.com https://oneloop-website-script.s3.amazonaws.com/oneloop-main.js 1
frame-ancestors 'self' www.versar.com 1
default-src 'self' scribit-pro-hosting.storage.googleapis.com; child-src 'self' *.youtube.com blob: *.youtube-nocookie.com *.vimeo.com; connect-src 'self' scribit-pro-hosting.storage.googleapis.com api.scribit.pro *.siteimprove.com; font-src 'self' data: *.googleusercontent.com; frame-src 'self' *.youtube.com https://tubbergen-centrumplan-kaart.bijnaonline.nl/ https://*.issuu.com/ *.youtube-nocookie.com *.vimeo.com *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io page.report; img-src 'self' data: https://www.toegankelijkheidsverklaring.nl i.ytimg.com *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io; object-src 'none'; script-src 'self' scribit-pro-hosting.storage.googleapis.com *.scribit.pro www.youtube.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com https://cdn.siteimprove.net/cms/overlay-latest.js 'sha256-jczr05qQDKHh+FsiTFpd0XWd5TvbE7dauaLcxtws1eE='; style-src 'self' 'unsafe-hashes' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-2ipsMCEEsAbnsH2T1Fg2pv63AdMLzQW/NYec3X6XzWw=' 'sha256-ENQDKKPlZLkQM8/QteFtwei90Uh7p8rOFd8+49hFMUA=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' 'sha256-YrHix3ezzS6KW4EYeZkmjwMEN45vCd//qQTfUxXh3Us='; base-uri 'self'; frame-ancestors 'self' 1
script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist 1
default-src https: data: blob:;script-src https: blob: 'unsafe-eval' 'unsafe-inline';style-src https: 'unsafe-eval' 'unsafe-inline'; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-2uYAZAVHvqPr4ccgNM3S3IIh5' 'strict-dynamic' 'report-sample'; report-uri https://forums.mediaspy.org/csp_reports; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; 1
default-src 'self';	style-src 'self' 'unsafe-inline';	img-src 'self' 'unsafe-inline' data: *.active-city.net *.active-city.de *.ytimg.com c.emailsys1a.net c.emailsys1c.net;	script-src 'self' 'unsafe-inline' 'unsafe-eval' *.active-city.net *.active-city.de t02288427.emailsys1c.net;	media-src 'self' *.active-city.net *.active-city.de;	frame-src 'self' *.active-city.net *.active-city.de t02288427.emailsys1c.net www.youtube.com www.youtube-nocookie.com api.termin.net-com.de;	frame-ancestors 'self';	connect-src 'self' https://piwik.active-city.net t02288427.emailsys1c.net;	report-uri https://sentry.zmart-ivent.de/api/16/security/?sentry_key=838ea0068abc448f96ec524eab0a6507 1
default-src 'self' *.vanheusenindia.com *.yellowmessenger.com *.trendin.com *.abfrl.net *.abfrl.in *.paytm *.louisphilippe.com *.reebok.in *.aeo.in *.forever21.in *.simoncarter.in *.peterengland.com *.allensolly.com *.gstatic.com data:; img-src * 'self' https://*.akstat.io vanhuesenindia.imgix.net blob: data:;script-src 'self' assets.abfrlcdn.com *.google.com pantaloons.imgix.net tr.snapchat.com tags.creativecdn.com asia.creativecdn.com *.artfut.com zailaf.org *.yellowmessenger.com tsm.s3g6.com retag.crossdevicetracking.com static-cdn.trackier.com wd-ret.io in1.clevertap-prod.com https://*.go-mpulse.net trc.taboola.com targetinng.com rtb-global.com webtrafficsource.com i.l-dsp.inmobicdn.net cdn.taboola.com go-mpulse.net sc-static.net sdk.rsut.io router.paytm.in stage-router.paytm.in securegw-stage.paytm.in *.paytm.com *.paytm.in *.amazonaws.com *.wizrocket.com *.criteo.com *.criteo.net *.googleapis.com *.resu.io sdk.resu.io cdnjs.cloudflare.com *.adobedtm.com *.gstatic.com *.primeai1.org *.primeai.co.uk *.primeai3.in *.jquery.com *.facebook.net *.google.com *.googleapis.com *.cloudfront.net *.hotjar.com *.contentsquare.net *.google-analytics.com *.bing.com *.streamoid.com *.googleadservices.com *.abfrl.in *.abfrl.net *.trendin.com *.vanheusenindia.com *.louisphilippe.com *.peterengland.com *.allensolly.com google.com *.googletagmanager.com *.usersnap.com *.clevertap.com *.adobedtm.com *.wzrkt.com 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.crazyegg.com; connect-src 'self' *.tryndbuy.com widget.usersnap.com wd-ret.io targetinng.com asia.creativecdn.com tr.snapchat.com wss://cloud.yellow.ai *.forever21.in *.simoncarter.in *.reebok.in *.aeo.in *.yellow.ai *.paytm.in *.akamaihd.net wss://stage-router.paytm.in wss://router.paytm.in wss://securegw-stage.paytm.in wss://securegw.paytm.in *.taboola.com wss://websoc.resu.io http://abfrl.com/ *.google.com *.google.co.in *.criteo.com rtb-global.com webtrafficsource.com https://*.akstat.io https://*.go-mpulse.net cdn.taboola.com *.adobedc.net in1.wzrkt.com apis.google.com *.googletagmanager.com *.abfrl.in *.abfrl.net *.trendin.com assets.trendin.com assets.abfrlcdn.com use.typekit.net *.gstatic.com *.facebook.com pantaloons.imgix.net bat.bing.com *.hotjar.io geolocation-db.com *.hotjar.com *.googleapis.com *.primeai.co.uk *.primeai1.org *.primeai3.in http://integration.richrelevance.com/* http://integration.richrelevance.com http://recs.richrelevance.com/* http://recs.richrelevance.com *.richrelevance.com *.amazonaws.com *.wizrocket.com adityabirlafashion.sc.omtrdc.net *.google-analytics.com *.forever21.in *.simoncarter.in *.reebok.in *.aeo.in *.vanheusenindia.com *.louisphilippe.com *.peterengland.com *.allensolly.com *.doubleclick.net *.demdex.net *.adobeaemcloud.com nodeserver.sdk.streamoid.com *.elastic-cloud.com *.crazyegg.com sdk.resu.io cdnjs.cloudflare.com *.clickpost.in; style-src 'self' 'unsafe-inline' *.google.com accounts.google.com *.abfrl.in *.abfrl.net *.yellowmessenger.com *.paytm.in *.trendin.com *.primeai.co.uk *.primeai1.org *.primeai3.in *.crazyegg.com *.streamoid.com *.googleapis.com nodeserver.sdk.streamoid.com *.typekit.net; media-src 'self' 'unsafe-eval' 'unsafe-inline' *.adobeaemcloud.com *.typekit.net *.abfrl.in *.abfrl.net *.trendin.com  *.elastic-cloud.com *.scene7.com assets.abfrlcdn.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' zailaf.org tr.snapchat.com *.paytm.in afftracer.g2afse.com tsm.s3g6.com tracking.icubeswire.co static.criteo.net *.amazon-adsystem.com *.criteo.com *.amazonaws.com *.wizrocket.com *.facebook.com accounts.google.com *.doubleclick.net *.demdex.net *.hotjar.com *.abfrl.in *.abfrl.net *.trendin.com *.youtube.com; child-src pantaloons.imgix.net *.googleapis.com; worker-src localhost:3000 blob: *.vanheusenindia.com *.abfrl.in *.abfrl.net *.louisphilippe.com *.peterengland.com *.allensolly.com; prefetch-src  *.googleapis.com *.abfrl.in assets.abfrlcdn.com imagescdn.abfrl.in connect.facebook.net cdn.yellowmessenger.com script.crazyegg.com 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com 'self' data: data: *.zopim.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com cms.lovebrewing.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.facebook.com *.reviews.io *.reviews.co.uk *.yotpo.com cms.lovebrewing.co.uk 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com *.stripe.com stripe.com cms.lovebrewing.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.meetanshi.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com *.zopim.com *.kiyoh.com *.cookiebot.com *.reviews.io *.reviews.co.uk *.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com cms.lovebrewing.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com validate.fishpig.co.uk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://meetanshi.com/media/logo.png *.meetanshi.com *.cloudflare.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.pay.nl *.cloudfront.net *.zopim.com *.zopim.io *.googletagmanager.com *.linkedin.com *.adsymptotic.com *.google.nl *.bing.com *.amazonaws.com *.unsplash.com *.getsitecontrol.com *.cookiebot.com www.lovebrewing.co.uk forms-eu1.hsforms.com *.reviews.io *.reviews.co.uk maps.gstatic.com *.facebook.com *.yotpo.com cms.lovebrewing.co.uk data: 'self' 'unsafe-inline'; script-src *.assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.meetanshi.com *.cloudflare.com *.twitter.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com https://chimpstatic.com *.googletagmanager.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.cloudfront.net *.zopim.com *.zdassets.com *.getsitecontrol.com *.licdn.com *.doubleclick.net data: *.widget.trengo.eu *.bing.com *.cookiebot.com *.googlesyndication.com   https://js-eu1.hsforms.net/forms/v2.js *.luckyorange.com *.reviews.io *.reviews.co.uk *.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com *.yotpo.com cms.lovebrewing.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com *.bootstrapcdn.com *.cloudfront.net *.zopim.com data: *.reviews.io *.reviews.co.uk tagmanager.google.com *.yotpo.com cms.lovebrewing.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.widget.trengo.eu *.zdassets.com cms.lovebrewing.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.meetanshi.com *.cloudflare.com *.twitter.com *.twimg.com *.google.co.in *.facebook.com *.google-analytics.com *.postcode-checkout.nl *.doubleclick.net *.visitors.live *.luckyorange.net *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com wss://in.visitors.live wss://visitors.live *.getsitecontrol.com *.demdex.net *.omtrdc.net *.analytics.google.com *.getsitectrl.com *.braintreegateway.com *.widget.trengo.eu *.zendesk.com *.cookiebot.com *.bing.com *.googlesyndication.com *.luckyorange.com *.googleapis.com *.linkedin.com forms-eu1.hsforms.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.facebook.net https://www.google-analytics.com *.yotpo.com cms.lovebrewing.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com cms.lovebrewing.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src cms.lovebrewing.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';script-src 'self' https: 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-IUzPjwJpq1iChest3GckWa5a14NhBSK/QrzncurGK1g=' 'sha256-/c5zdzZ8WHyNUzd3+Dy9m1snTXFZH1h4rU5QAH9oY7Y=';style-src 'self' data: 'unsafe-inline';img-src 'self' data: https://*;connect-src 'self' api.maptiler.com;worker-src 'self' blob:;base-uri 'self';object-src 'none';font-src 'self' 'nonce-IUzPjwJpq1iChest3GckWa5a14NhBSK/QrzncurGK1g=';frame-src 'self' ; 1
default-src 'self' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; form-action 'self'; report-uri /example-reporting-endpoint 1
frame-ancestors *.pulseportal.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://econtwitter.net; img-src 'self' https: data: blob: https://econtwitter.net; style-src 'self' https://econtwitter.net 'nonce-zZsTPSxfybJ9UrV7u3EGDg=='; media-src 'self' https: data: https://econtwitter.net; frame-src 'self' https:; manifest-src 'self' https://econtwitter.net; form-action 'self'; child-src 'self' blob: https://econtwitter.net; worker-src 'self' blob: https://econtwitter.net; connect-src 'self' data: blob: https://econtwitter.net https://econtwitter-media.mwt.me wss://econtwitter.net; script-src 'self' https://econtwitter.net 'wasm-unsafe-eval' 1
upgrade-insecure-requests;script-src 'self' 'wasm-unsafe-eval';connect-src 'self' blob: https://spinster.xyz wss://spinster.xyz https://media.spinster.xyz https://proxy.spinster.xyz;media-src 'self' https://media.spinster.xyz https://proxy.spinster.xyz;img-src 'self' data: blob: https://media.spinster.xyz https://proxy.spinster.xyz;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self';frame-src 'self' https:; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * data: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 1
report-uri https://reports.werft22.net/default; report-to default; default-src 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; frame-src nanoo.tv www.nanoo.tv widgets.sociablekit.com; script-src 'self' 'unsafe-inline' code.jquery.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self' www.nanoo.tv mailings.nanoo.tv; img-src 'self' data:  1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-f9e586499e33781b72d613bd2c2776cc'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' https://www.defaqto.com https://engageadviser.defaqto.com https://engageadviser.internalstaging.co.uk ; 1
child-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net blob:; connect-src 'self' *.crazyegg.com *.userlike.com userlike-cdn-web.b-cdn.net blob: https://bat.bing.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.canto.de https://stats.julabo.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net wss://umd.userlike.com https://userlike-cdn-umm.b-cdn.net *.google.com google.com *.google.ad google.ad *.google.ae google.ae *.google.com.af google.com.af *.google.com.ag google.com.ag *.google.al google.al *.google.am google.am *.google.co.ao google.co.ao *.google.com.ar google.com.ar *.google.as google.as *.google.at google.at *.google.com.au google.com.au *.google.az google.az *.google.ba google.ba *.google.com.bd google.com.bd *.google.be google.be *.google.bf google.bf *.google.bg google.bg *.google.com.bh google.com.bh *.google.bi google.bi *.google.bj google.bj *.google.com.bn google.com.bn *.google.com.bo google.com.bo *.google.com.br google.com.br *.google.bs google.bs *.google.bt google.bt *.google.co.bw google.co.bw *.google.by google.by *.google.com.bz google.com.bz *.google.ca google.ca *.google.cd google.cd *.google.cf google.cf *.google.cg google.cg *.google.ch google.ch *.google.ci google.ci *.google.co.ck google.co.ck *.google.cl google.cl *.google.cm google.cm *.google.cn google.cn *.google.com.co google.com.co *.google.co.cr google.co.cr *.google.com.cu google.com.cu *.google.cv google.cv *.google.com.cy google.com.cy *.google.cz google.cz *.google.de google.de *.google.dj google.dj *.google.dk google.dk *.google.dm google.dm *.google.com.do google.com.do *.google.dz google.dz *.google.com.ec google.com.ec *.google.ee google.ee *.google.com.eg google.com.eg *.google.es google.es *.google.com.et google.com.et *.google.fi google.fi *.google.com.fj google.com.fj *.google.fm google.fm *.google.fr google.fr *.google.ga google.ga *.google.ge google.ge *.google.gg google.gg *.google.com.gh google.com.gh *.google.com.gi google.com.gi *.google.gl google.gl *.google.gm google.gm *.google.gr google.gr *.google.com.gt google.com.gt *.google.gy google.gy *.google.com.hk google.com.hk *.google.hn google.hn *.google.hr google.hr *.google.ht google.ht *.google.hu google.hu *.google.co.id google.co.id *.google.ie google.ie *.google.co.il google.co.il *.google.im google.im *.google.co.in google.co.in *.google.iq google.iq *.google.is google.is *.google.it google.it *.google.je google.je *.google.com.jm google.com.jm *.google.jo google.jo *.google.co.jp google.co.jp *.google.co.ke google.co.ke *.google.com.kh google.com.kh *.google.ki google.ki *.google.kg google.kg *.google.co.kr google.co.kr *.google.com.kw google.com.kw *.google.kz google.kz *.google.la google.la *.google.com.lb google.com.lb *.google.li google.li *.google.lk google.lk *.google.co.ls google.co.ls *.google.lt google.lt *.google.lu google.lu *.google.lv google.lv *.google.com.ly google.com.ly *.google.co.ma google.co.ma *.google.md google.md *.google.me google.me *.google.mg google.mg *.google.mk google.mk *.google.ml google.ml *.google.com.mm google.com.mm *.google.mn google.mn *.google.com.mt google.com.mt *.google.mu google.mu *.google.mv google.mv *.google.mw google.mw *.google.com.mx google.com.mx *.google.com.my google.com.my *.google.co.mz google.co.mz *.google.com.na google.com.na *.google.com.ng google.com.ng *.google.com.ni google.com.ni *.google.ne google.ne *.google.nl google.nl *.google.no google.no *.google.com.np google.com.np *.google.nr google.nr *.google.nu google.nu *.google.co.nz google.co.nz *.google.com.om google.com.om *.google.com.pa google.com.pa *.google.com.pe google.com.pe *.google.com.pg google.com.pg *.google.com.ph google.com.ph *.google.com.pk google.com.pk *.google.pl google.pl *.google.pn google.pn *.google.com.pr google.com.pr *.google.ps google.ps *.google.pt google.pt *.google.com.py google.com.py *.google.com.qa google.com.qa *.google.ro google.ro *.google.ru google.ru *.google.rw google.rw *.google.com.sa google.com.sa *.google.com.sb google.com.sb *.google.sc google.sc *.google.se google.se *.google.com.sg google.com.sg *.google.sh google.sh *.google.si google.si *.google.sk google.sk *.google.com.sl google.com.sl *.google.sn google.sn *.google.so google.so *.google.sm google.sm *.google.sr google.sr *.google.st google.st *.google.com.sv google.com.sv *.google.td google.td *.google.tg google.tg *.google.co.th google.co.th *.google.com.tj google.com.tj *.google.tl google.tl *.google.tm google.tm *.google.tn google.tn *.google.to google.to *.google.com.tr google.com.tr *.google.tt google.tt *.google.com.tw google.com.tw *.google.co.tz google.co.tz *.google.com.ua google.com.ua *.google.co.ug google.co.ug *.google.co.uk google.co.uk *.google.com.uy google.com.uy *.google.co.uz google.co.uz *.google.com.vc google.com.vc *.google.co.ve google.co.ve *.google.co.vi google.co.vi *.google.com.vn google.com.vn *.google.vu google.vu *.google.ws google.ws *.google.rs google.rs *.google.co.za google.co.za *.google.co.zm google.co.zm *.google.co.zw google.co.zw *.google.cat google.cat https://www.google-analytics.com https://www.googletagmanager.com https://stats.julabo.com/; font-src 'self' data: userlike-cdn-umm.b-cdn.net fonts.gstatic.com; frame-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net www.youtube.com player.vimeo.com *.softgarden.io services.julabo.com www.youtube-nocookie.com www.google.com https://app.alfright.eu/ext/dps/einfach-dsgvo-scan/455532721a67406985f4ecf0f4f25a22; img-src 'self' data: ssl.gstatic.com *.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net userlike-store-media-files.s3.amazonaws.com i.ytimg.com *.crazyegg.com *.google-analytics.com *.googletagmanager.com https:; media-src 'self' userlike-cdn-umm.b-cdn.net userlike-store-media-files.s3.amazonaws.com www.userlike.com blob:; object-src 'self' *.softgarden.io services.julabo.com https://app.alfright.eu/ext/dps/einfach-dsgvo-scan/455532721a67406985f4ecf0f4f25a22; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://script.crazyegg.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net *.crazyegg.com https://stats.julabo.com https://*.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://stats.julabo.com/ www.userlike.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://script.crazyegg.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net *.crazyegg.com https://stats.julabo.com https://*.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://stats.julabo.com/ www.userlike.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; frame-ancestors 'self' *.julabo.com https://julabo.world *.visionsbox.de; report-uri https://julabo.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1
default-src 'self'  https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' http://webvisor.com http://*.webvisor.com https://*.yandex.ru https://*.yandex.com; 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; 1
frame-ancestors 'self' t4.scu.edu cms.scu.edu cms01.scu.edu thetrustproject.org media.scu.edu ecampus.scu.edu hrdev.scu.edu hrusr.scu.edu t4dev.scu.edu 166.78.46.137 campaign.scu.edu vanillasoft.net 129.210.247.132 1
default-src 'self' www.luminategroup.com ; object-src 'none'; connect-src 'self' www.luminategroup.com luminategroup.matomo.cloud use.fontawesome.com; img-src 'self' data: www.luminategroup.com *.vimeocdn.com; font-src 'self' www.luminategroup.com *.fontawesome.com; style-src 'self' www.luminategroup.com *.fontawesome.com 'unsafe-inline'; manifest-src 'self' www.luminategroup.com; frame-ancestors 'none'; form-action 'self'; script-src 'self' www.luminategroup.com luminategroup.matomo.cloud https://cdn.matomo.cloud/luminategroup.matomo.cloud/matomo.js https://cdn.jsdelivr.net/npm/mobile-detect@1.4.3/mobile-detect.min.js 'unsafe-inline' 'unsafe-eval'; frame-src https://player.vimeo.com https://www.youtube.com 1
default-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com www.googletagmanager.com snap.licdn.com cookie-cdn.cookiepro.com cdn.cookielaw.org googletagmanager.com *.googleapis.com cdnjs.cloudflare.com www.google.com www.gstatic.com www.buzzsprout.com/ cdn.jsdelivr.net/gh/ckeditor/ static.pathmotion.io pathmotion.com equans.career-inspiration.com/ *.doubleclick.net *.googleadservices.com connect.facebook.net fbcdn.net cdn.jsdelivr.net consent.cookiebot.com siteimproveanalytics.com cdn.matomo.cloud cdn.siteimprove.net www.youtube.com unpkg.com odyssiant.azureedge.net *.bootstrapcdn.com js-agent.newrelic.com *.linkedin.com snippet.capybara.lmc.cz s.go-mpulse.net tags.data-driven.fr *.byspotify.com *.tiktok.com cdn.cookielaw.org eu.textrecruit.com *.hotjar.com; object-src 'none' ; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net snippet.capybara.lmc.cz; img-src 'self' data: https:;; media-src 'self'; frame-src 'self' *.youtube.com/ *.vimeo.com/ apply.refline.ch https://engie.taleo.net/ www.google.com/ www.buzzsprout.com/ equans.career-inspiration.com/ facebook.com *.doubleclick.net/ cdn.linkedin.oribi.io www.facebook.com www.equans.co.uk json3d.tftlabs.com www.yousty.ch; frame-ancestors 'self' https://n3g.4projects.com  n3g.4projects.com; child-src 'self' https://*.youtube.com/ https://*.vimeo.com/ https://engie.taleo.net/; font-src 'self' fonts.gstatic.com snippet.capybara.lmc.cz data:; connect-src 'self' *.google-analytics.com *.googleapis.com *.google.com *.doubleclick.net snap.licdn.com *.cookiepro.com cdn.cookielaw.org geolocation.onetrust.com/ static.pathmotion.io pathmotion.com equans.career-inspiration.com api.mixpanel.com *.algolia.net equans.matomo.cloud privacyportal-fr.onetrust.com cdn.linkedin.oribi.io my2.siteimprove.com id.siteimprove.com contentassistant.eu.siteimprove.com id.eu.siteimprove.com *.algolianet.com *.odyssiant.com *.googlesyndication.com bam.nr-data.net *.linkedin.com *.algolianet.com api.capybara.lmc.cz *.ingest.sentry.io c.go-mpulse.net *.akstat.io *.tiktok.com *.byspotify.com *.textrecruit.tools *.akamaihd.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.data-driven.fr; upgrade-insecure-requests 1
default-src 'none'; form-action 'self' https://rdir.de; frame-ancestors 'self'; base-uri 'self'; script-src 'self' osb-alliance.de *.cloudflare.com *.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.cloudflare.com; font-src 'self' * data:; frame-src 'self'; img-src 'self' * data:; connect-src 'self'; worker-src 'self' 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jobylon.com ajax.aspnetcdn.com connect.facebook.net *.hotjar.com *.g.doubleclick.net s.yimg.com bat.bing.com snap.licdn.com www.youtube.com www.gstatic.com cdn.cookielaw.org dl.episerver.net hello.myfonts.net www.google.com www.google.se *.google-analytics.com ajax.googleapis.com *.googletagmanager.com *.outlook.com adtr.io cdn.feedbackify.com *.webserviceaward.com *.matomo.cloud  *.rekai.se s3.amazonaws.com code.jquery.com netdna.bootstrapcdn.com ledsf.my.site.com podbean.com *.feedbackify.com; connect-src 'self' *.facebook.com cnv.adt659.com *.onetrust.com bat.bing.com *.hotjar.io *.hotjar.com cdn.linkedin.oribi.io s.yimg.com cdn.cookielaw.org *.google-analytics.com googleads.g.doubleclick.net stats.g.doubleclick.net ledarnas.matomo.cloud  view.rekai.se predict.rekai.se ledsf.my.salesforce-scrt.com podbean.com px.ads.linkedin.com www.google.com;img-src 'self' www.ledarna.se *.ledarnaweb.kundtest.se ledarna.se *.facebook.com *.cloudfront.net *.ytimg.com *.vimeocdn.com bat.bing.com px.ads.linkedin.com sp.analytics.yahoo.com cdn.cookielaw.org *.google-analytics.com www.google.com www.google.se resources.mynewsdesk.com cdn.feedbackify.com www.w3.org/2000/svg data: podbean.com;style-src 'self' 'unsafe-inline' custom-joblist.s3.amazonaws.com netdna.bootstrapcdn.com ledsf.my.site.com;base-uri 'self';form-action 'self' ledarna.se *.facebook.com *.ledarna.se login.grandid.com; frame-ancestors 'self'; frame-src 'self' dreambroker.com *.soundcloud.com *.facebook.com embed.acast.com www.google.com www.youtube.com vars.hotjar.com vimeo.com player.vimeo.com ledsf.my.site.com podbean.com www.podbean.com 1
script-src 'self' *.clio-online.de *.paypal.com *.paypalobjects.com *.europa.clio-online.de *.clio-online.de *.geschichte.hu-berlin.de 'unsafe-inline' fonts.gstatic.com *.clio-online.net cdn.jsdelivr.net localhost *.hsozkult.de 'unsafe-eval' 1
default-src 'none'; script-src 'self' 'unsafe-inline' blob: https://js.sentry-cdn.com https://testimonial.to https://js.hs-scripts.com https://magic.lemon.io/widgets/available-devs-widget.latest.js https://a.quora.com https://browser.sentry-cdn.com https://www.google-analytics.com https://cdn.mxpnl.com https://snap.licdn.com https://www.redditstatic.com https://www.googletagmanager.com https://www.googleoptimize.com https://static.hotjar.com https://googleads.g.doubleclick.net https://script.hotjar.com https://sc.lfeeder.com https://tr-rc.lfeeder.com https://api.ipify.org https://connect.facebook.net https://static.ads-twitter.com https://bat.bing.com https://ipinfo.io https://static.hsappstatic.net https://js.hs-banner.com https://js.hs-analytics.net https://js.hsadspixel.net https://js.hscollectedforms.net https://content.hotjar.io https://js.usemessages.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://q.quora.com https://tr.lfeeder.com https://flagcdn.com https://magic.lemon.io https://storage.googleapis.com https://s.w.org https://lemon.io https://secure.gravatar.com https://www.google.com.ua https://www.google-analytics.com https://www.google.com https://alb.reddit.com https://px.ads.linkedin.com https://www.linkedin.com/ https://analytics.twitter.com https://t.co https://tr-rc.lfeeder.com https://bat.bing.com https://www.facebook.com https://analytics.twitter.com https://www.googletagmanager.com https://track.hubspot.com https://forms.hsforms.com https://jam.dev https://www.google.pl blob: i.imgur.com; font-src 'self' data: https://db.onlinewebfonts.com https://fonts.gstatic.com; connect-src 'self' https://px.ads.linkedin.com https://pixel-config.reddit.com https://metrics.hotjar.io https://conversions-config.reddit.com https://www.redditstatic.com https://o455155.ingest.sentry.io https://s-origin.wordpress.org https://s.w.org https://vc.hotjar.io https://pagead2.googlesyndication.com https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://api-js.mixpanel.com https://cdn.linkedin.oribi.io https://ipinfo.io https://region1.google-analytics.com https://api.hubapi.com https://forms.hscollectedforms.net wss://ws.hotjar.com https://content.hotjar.io https://api.hubspot.com https://region1.analytics.google.com; media-src 'self'; frame-src 'self' https://www.facebook.com https://www.youtube.com https://td.doubleclick.net https://static.hsappstatic.net https://meetings.hubspot.com https://jam.dev blob: i.imgur.com data: https://app.hubspot.com https://embed-v2.testimonial.to; object-src 'self'; form-action 'self' https://www.facebook.com; base-uri 'self'; frame-ancestors 'self' https://www.youtube.com; 1
default-src https:; worker-src blob:; img-src data: https://www.google-analytics.com/analytics.js http://www.google-analytics.com/ga.js https://ssl.google-analytics.com 'self'; script-src https://www.googletagmanager.com https://region1.google-analytics.com https://www.google-analytics.com/analytics.js https://ssl.google-analytics.com https://mailworx.marketingsuite.info 'self' 'unsafe-inline' https://cdnjs.cloudflare.com 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://mailworx.marketingsuite.info; font-src 'self'; connect-src https://www.googletagmanager.com https://region1.google-analytics.com https://www.google-analytics.com https://eu-api.friendlycaptcha.eu 'self'; frame-src 'self' https://www.youtube.com/ 1
frame-ancestors 'self' azure.divalsafety.cloud:* *.azure.divalsafety.cloud:* *.azure.divalsafety.cloud *.divalsafety.com *.convertexperiments.com *.fontawesone.com *.google.com *.digicert.com *.bazaarvoice.com *.bing.com *.hotjar.com *.taboola.com *.acsbap.com *.livehelpnow.net *.galeton.com *.g.doubleclick.net *.jquery.com *.cenpos.com *.cenpos.net *.fontawesome.com acsbap.com *.gstatic.com *.clarity.ms *.doubleclick.net wss://*.livehelpnow.net acsbapp.com *.delivra.com *.acsbapp.com *.googleadservices.com *.jumpfly.com;         frame-src 'self' azure.divalsafety.cloud:* *.azure.divalsafety.cloud:* *.azure.divalsafety.cloud *.divalsafety.com *.convertexperiments.com *.fontawesone.com *.google.com *.digicert.com *.bazaarvoice.com *.bing.com *.hotjar.com *.taboola.com *.acsbap.com *.livehelpnow.net *.galeton.com *.g.doubleclick.net *.jquery.com *.cenpos.com *.cenpos.net *.fontawesome.com acsbap.com *.gstatic.com *.clarity.ms *.doubleclick.net wss://*.livehelpnow.net acsbapp.com *.delivra.com *.acsbapp.com *.googleadservices.com *.jumpfly.com;         default-src 'self' azure.divalsafety.cloud:* *.azure.divalsafety.cloud:* *.azure.divalsafety.cloud *.divalsafety.com *.convertexperiments.com *.fontawesone.com *.google.com *.digicert.com *.bazaarvoice.com *.bing.com *.hotjar.com *.taboola.com *.acsbap.com *.livehelpnow.net *.galeton.com *.g.doubleclick.net *.jquery.com *.cenpos.com *.cenpos.net *.fontawesome.com acsbap.com *.gstatic.com *.clarity.ms *.doubleclick.net wss://*.livehelpnow.net acsbapp.com *.delivra.com *.acsbapp.com *.googleadservices.com *.jumpfly.com;         child-src 'self' azure.divalsafety.cloud:* *.azure.divalsafety.cloud:* *.azure.divalsafety.cloud *.divalsafety.com *.convertexperiments.com *.fontawesone.com *.google.com *.digicert.com *.bazaarvoice.com *.bing.com *.hotjar.com *.taboola.com *.acsbap.com *.livehelpnow.net *.galeton.com *.g.doubleclick.net *.jquery.com *.cenpos.com *.cenpos.net *.fontawesome.com acsbap.com *.gstatic.com *.clarity.ms *.doubleclick.net wss://*.livehelpnow.net acsbapp.com *.delivra.com *.acsbapp.com *.googleadservices.com *.jumpfly.com;         script-src 'self' azure.divalsafety.cloud:* *.azure.divalsafety.cloud:* *.googleapis.com *.googletagmanager.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.azure.divalsafety.cloud *.divalsafety.com *.convertexperiments.com *.fontawesone.com *.google.com *.digicert.com *.bazaarvoice.com *.bing.com *.hotjar.com *.taboola.com *.acsbap.com *.livehelpnow.net *.galeton.com *.g.doubleclick.net *.jquery.com *.cenpos.com *.cenpos.net *.fontawesome.com acsbap.com *.gstatic.com *.clarity.ms *.doubleclick.net wss://*.livehelpnow.net acsbapp.com *.delivra.com *.acsbapp.com *.googleadservices.com *.jumpfly.com;         connect-src 'self' azure.divalsafety.cloud:* *.azure.divalsafety.cloud:* *.googleapis.com *.googletagmanager.com *.google-analytics.com *.azure.divalsafety.cloud *.divalsafety.com *.convertexperiments.com *.fontawesone.com *.google.com *.digicert.com *.bazaarvoice.com *.bing.com *.hotjar.com *.taboola.com *.acsbap.com *.livehelpnow.net *.galeton.com *.g.doubleclick.net *.jquery.com *.cenpos.com *.cenpos.net *.fontawesome.com acsbap.com *.gstatic.com *.clarity.ms *.doubleclick.net wss://*.livehelpnow.net acsbapp.com *.delivra.com *.acsbapp.com *.googleadservices.com *.jumpfly.com;         style-src 'self' azure.divalsafety.cloud:* *.azure.divalsafety.cloud:* *.googleapis.com *.googletagmanager.com 'unsafe-inline' *.azure.divalsafety.cloud *.divalsafety.com *.convertexperiments.com *.fontawesone.com *.google.com *.digicert.com *.bazaarvoice.com *.bing.com *.hotjar.com *.taboola.com *.acsbap.com *.livehelpnow.net *.galeton.com *.g.doubleclick.net *.jquery.com *.cenpos.com *.cenpos.net *.fontawesome.com acsbap.com *.gstatic.com *.clarity.ms *.doubleclick.net wss://*.livehelpnow.net acsbapp.com *.delivra.com *.acsbapp.com *.googleadservices.com *.jumpfly.com;         font-src 'self' azure.divalsafety.cloud:* *.azure.divalsafety.cloud:* *.gstatic.com *.azure.divalsafety.cloud *.divalsafety.com *.convertexperiments.com *.fontawesone.com *.google.com *.digicert.com *.bazaarvoice.com *.bing.com *.hotjar.com *.taboola.com *.acsbap.com *.livehelpnow.net *.galeton.com *.g.doubleclick.net *.jquery.com *.cenpos.com *.cenpos.net *.fontawesome.com acsbap.com *.gstatic.com *.clarity.ms *.doubleclick.net wss://*.livehelpnow.net acsbapp.com *.delivra.com *.acsbapp.com *.googleadservices.com *.jumpfly.com;         img-src 'self' azure.divalsafety.cloud:* *.azure.divalsafety.cloud:* *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com data: *.azure.divalsafety.cloud *.divalsafety.com *.convertexperiments.com *.fontawesone.com *.google.com *.digicert.com *.bazaarvoice.com *.bing.com *.hotjar.com *.taboola.com *.acsbap.com *.livehelpnow.net *.galeton.com *.g.doubleclick.net *.jquery.com *.cenpos.com *.cenpos.net *.fontawesome.com acsbap.com *.gstatic.com *.clarity.ms *.doubleclick.net wss://*.livehelpnow.net acsbapp.com *.delivra.com *.acsbapp.com *.googleadservices.com *.jumpfly.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://imastodon.net; img-src 'self' https: data: blob: https://imastodon.net; style-src 'self' https://imastodon.net 'nonce-Xfki2K3hUwOkkDl++eFugg=='; media-src 'self' https: data: https://imastodon.net; frame-src 'self' https:; manifest-src 'self' https://imastodon.net; form-action 'self'; connect-src 'self' data: blob: https://imastodon.net https://cdn.imastodon.net wss://imastodon.net; script-src 'self' https://imastodon.net 'wasm-unsafe-eval'; child-src 'self' blob: https://imastodon.net; worker-src 'self' blob: https://imastodon.net 1
frame-ancestors 'self' http://punchoutcommerce.com https://punchoutcommerce.com punchoutcommerce.com http://localselect.schoolspecialty.com:8080 http://aisqa.gcps.k12:9300 http://aisweb.gcps.k12:9082 http://drs-psdv3-srv.nps.k12.nj.us:8300 http://fin.kernhigh.org http://hcm.kernhigh.org http://kdfd92.hosted.cherryroad.com:443 http://kdft92.hosted.cherryroad.com:443 http://kdhd92.hosted.cherryroad.com:443 http://kdht92.hosted.cherryroad.com:443 http://nps-psdev03-srv.nps.k12.nj.us:8300 http://nps-psdv6-srv.nps.k12.nj.us:8300 http://npsbusinessportal.nps.k12.nj.us:9000 http://npsbusinessportal_dev.nps.k12.nj.us:8300 http://peoplesoft-fms.leeschools.net:443 http://ps.cityofchesapeake.net:8200 http://psbiapp1.cityofchesapeake.net:8204 http://psprodweb1.cityofchesapeake.net:8200 http://psprodweb2.cityofchesapeake.net:8200 http://psqaa.cityofchesapeake.net:8204 http://sap-sbsrm-9.business.mpls.k12.mn.us:8000 http://sap-sdtmppo-1.mpls.k12.mn.us:5000 http://sap-sdtmppo-1.mpls.k12.mn.us:50000 http://uatfin.kernhigh.org http://uathcm.kernhigh.org https://aacbuyer-stage.herokuapp.com https://adoptaclassroom-shop.herokuapp.com https://app19.sandi.net:443 https://apps.gwinnett.k12.ga.us https://ccol-stage.aquiire.net https://ccol.aquiire.net https://cityofhenderson.com https://www.ad.cityofhenderson.com:7800 https://cohwww003.ad.cityofhenderson.com:7850/psc/fintst/EMPLOYEE/ERP/c/NUI_FRAMEWORK.PT_LANDINGPAGE.GBL? https://cohwww003.ad.cityofhenderson.com:7900 https://cohwww003.ad.cityofhenderson.com:7900/psc/finqa/EMPLOYEE/ERP/c/NUI_FRAMEWORK.PT_LANDINGPAGE.GBL? https://cohwww005.ad.cityofhenderson.com:7100 https://cohwww005.finprd.ad.cityofhenderson.com:7100 https://drs-psdv3-srv.nps.k12.nj.us:8300 https://dwa.sandi.net:443 https://fin.detroitk12.org:443 https://finance.rcsdk12.org:2001 https://fintest.rcsdk12.org:2127 https://fmsdev.horrycountyschools.net:9420 https://fmsi.horrycountryschools.net:9480 https://fscprd.fortbendisd.com:9843 https://fscprod.fortbendisd.com:9843 https://fsctest.fortbendisd.com:9243 https://fsctest.fortbendisd.com:9543 https://fsctest.fortbendisd.com:9743 https://fsctst.fortbendisd.com:9243/ https://fsctst.fortbendisd.com:9543/ https://fsctst.fortbendisd.com:9643/ https://kppsfinweb.ksbe.edu https://nam12.safelinks.protection.outlook.com https://nps-psdv6-srv.nps.k12.nj.us:8300 https://npsbusinessportal.nps.k12.nj.us:9000 https://npsbusinessportal_dev.nps.k12.nj.us:8300 https://onesource.houstonisd.org https://onesource.houstonisd.org:447 https://peoplesoft-fms.leeschools.net:443 https://peoplesoft.rcsdk12.org:443 https://portal.mpls.k12.mn.us https://ps.cityofchesapeake.net:8201 https://ps.spps.org:9143 https://psdev1.spps.org:2343 https://psdpsw01.cityofchesapeake.net:8079 https://psppsa01.cityofchesapeake.net:8205 https://psppsw01.cityofchesapeake.net:8201 https://psppsw02.cityofchesapeake.net:8201 https://psqaa.cityofchesapeake.net:8205 https://pstpsw01.cityofchesapeake.net:8077 https://pstpsw02.cityofchesapeake.net:8077 https://psweb3.spps.org:9143 https://psweb4.spps.org:9143 https://ptltest.rcsdk12.org:5101 https://qaportal.mpls.k12.mn.us https://rq1portal.houstonisd.org https://rq1portal.houstonisd.org:447 https://sap-spsrm-1.business.mpls.k12.mn.us:1443 https://sap-sqsrm-1.business.mpls.k12.mn.us:1443 https://sitfin.detroitk12.org:443 https://solutions.sciquest.com https://tstfinweb.ksdevx.net https://tstfinweb.ksdevx.net:8101 https://tstfinweb2.ksdevx.net:8101 https://tstpsweb.ksdevx.net https://www.chasepaymentechhostedpay-var.com https://www.chasepaymentechhostedpay.com 1
default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; object-src 'self'; font-src https: data: 'self' http: fonts.googleapis.com themes.googleusercontent.com; connect-src https: wss: 'self'; img-src https: data: 'self' http: *.gravatar.com; worker-src blob: https: 'self' 'unsafe-inline' 'unsafe-eval'; media-src https: blob: 'self'; style-src https: 'unsafe-eval' 'unsafe-inline' 'self' http: fonts.googleapis.com 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-yKI726yaabnkHx9pYAyVaw==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-ORUW-puTZC8ZJv34--FpJQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
base-uri 'self'; object-src 'none'; script-src https://aid-frontend.prod.atl-paas.net/ https://id-frontend.prod-east.frontend.public.atl-paas.net/ https://metal.prod.atl-paas.net/ https://common-admin-cdn.atlassian.com/ https://recaptcha.net/ https://www.recaptcha.net/ https://js.sentry-cdn.com/ https://browser.sentry-cdn.com/ 'nonce-gHP2FlWiR/PlgP8KJS78nJqnVWA=' 'self'; report-uri https://web-security-reports.services.atlassian.com/csp-report/sign-in-service 1
default-src 'self';	style-src 'self' 'unsafe-inline'         https://*.googleapis.com https://*.browsealoud.com        https://static.abfallplus.de https://api.abfall.io        https://www.biwapp.de         https://*.b-ite.com        https://api.service-digitale-verwaltung.de;	img-src 'self' 'unsafe-inline' data: *.active-city.net *.active-city.de         media.lk-goerlitz.active-city.net        *.ytimg.com         https://maps.gstatic.com https://*.ggpht.com         https://*.browsealoud.com https://www.google-analytics.com        https://www.google.com https://csi.gstatic.com https://www.gstatic.com https://translate.googleapis.com https://translate.google.com https://www.googletagmanager.com        https://static.abfallplus.de        https://*.b-ite.com        https://www.biwapp.de;	script-src 'self' 'unsafe-inline' *.active-city.net *.active-city.de         https://piwik.lk-goerlitz.active-city.net         media.lk-goerlitz.active-city.net        https://*.browsealoud.com https://www.google-analytics.com         https://maps.googleapis.com https://www.googletagmanager.com https://apis.google.com         https://*.b-ite.com        https://api.abfall.io https://static.abfallplus.de        https://www.biwapp.de        https://api.service-digitale-verwaltung.de;	media-src 'self' data: blob:        *.active-city.net *.active-city.de;	frame-src 'self' *.active-city.net *.active-city.de         www.youtube.com www.youtube-nocookie.com         player.vimeo.com        katstab.blogspot.de         https://conference.melive.de/player/e1693853651501.html        firmen.standort-sachsen.de immobilien.standort-sachsen.de        publikationen.strategie-planung.landkreis.gr publikationen.kreis-goerlitz.de         publikationen.tourismus-marketing.landkreis.gr         lk-goerlitz.active-city.net media.lk-goerlitz.active-city.net        www.yumpu.com        https://dk2wss784le25.cloudfront.net/player/e1686127920500/default/embed        https://content.googleapis.com;     frame-ancestors 'self'         www.kreis-goerlitz.de         intranet        http://*.landkreis.gr https://*.landkreis.gr        http://xn--kreis-grlitz-bjb.de https://xn--kreis-grlitz-bjb.de http://www.xn--kreis-grlitz-bjb.de https://www.xn--kreis-grlitz-bjb.de        https://*.landkreis.tips;    font-src 'self'         https://fonts.gstatic.com;    connect-src 'self'         https://piwik.lk-goerlitz.active-city.net         https://*.browsealoud.com https://speech.speechstream.net https://*.texthelp.com        https://www.google-analytics.com https://stats.g.doubleclick.net         https://*.b-ite.com        https://api.abfall.io        https://www.biwapp.de        https://media.lk-goerlitz.active-city.net        https://api.service-digitale-verwaltung.de;    report-uri https://sentry.zmart-ivent.de/api/25/security/?sentry_key=423799354ea44b2999c8fa073f59950f 1
default-src https://*.hubapi.com https://*.hubspot.com https://*.rollbar.com https://*.bulkreefsupply.com https://*.nr-data.net https://*.bing.com https://*.pinterest.com https://*.zdassets.com https://*.hsforms.com https://*.braintree-api.com https://*.affirm.com https://*.kaptcha.com https://*.google-analytics.com https://*.gstatic.com wss://*.zopim.com https://*.doubleclick.net https://*.braintreegateway.com https://*.paypal.com https://*.facebook.com https://*.google.com https://*.bootstrapcdn.com https://*.paypalobjects.com https://*.googletagmanager.com https://s.pinimg.com https://*.hsforms.net https://*.facebook.net https://*.newrelic.com https://*.googleapis.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsadspixel.net https://*.hsleadflows.net https://*.algolia.com https://*.algolia.net https://*.algolia.io https://*.algolianet.com https://cdn.jsdelivr.net/ https://*.convertize.io https://*.youtube.com https://*.amazonaws.com https://*.sjv.io https://*.loggly.com https://*.ojrq.net https://google.com/ https://*.attentivemobile.com/ https://*.attn.tv/ https://*.googleadservices.com https://*.impactcdn.com/ https://media2.cdn.apetlife.com/ https://bulkreefsupply.zendesk.com/ https://ecotechmarine.zendesk.com/ https://widget-mediator.zopim.com/ https://*.zdusercontent.com/ https://brsredir.com/ 'unsafe-eval' 'unsafe-inline'; report-uri https://brsredir.com/url/csp 1
frame-ancestors 'self' *.logo.pt *.force.com *.tranquilidade.cst *.tranquilidade.pt *.generalitranquilidade.pt *.t-vida.pt *.tranquilidade.co.ao *.tranquilidadeseguros.co.mz *.facebook.net *.facebook.com *.advancecare.pt *.vitorinos.pt 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com organizer.bizzabo.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-22sGIJk2KdX5SOAnp6tvFw=='; report-uri https://send.hsbrowserreports.com/csp/report; upgrade-insecure-requests; 1
default-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors app.contentstack.com rest-preview.contentstack.com; block-all-mixed-content; upgrade-insecure-requests; manifest-src 'self'; frame-src https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com https://www.youtube-nocookie.com; worker-src 'self' blob:; media-src 'self' https://video.twimg.com; img-src 'self' blob: data: https://pbs.twimg.com https://*.googleusercontent.com https://images.contentstack.io https://images.footballfanatics.com https://fanatics.frgimages.com https://feeds.frgimages.com https://cdn.cookielaw.org https://s.zkcdn.net https://i.ytimg.com https://dxln3ux406vra.cloudfront.net e-11343.adzerk.net; connect-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://www.google-analytics.com https://vitals.vercel-insights.com https://api-js.mixpanel.com https://undefined https://o1397824.ingest.us.sentry.io wss://b1gws.boostsport.ai d2tz6azzl4ygnn.cloudfront.net app.contentstack.com api.contentstack.io rest-preview.contentstack.com https://socon-dev.us.auth0.com https://soconbedev.boostsport.ai/ https://engage-api.boostsport.ai; script-src 'self' 'nonce-8dp2t6c3un8' 'sha256-ka3xBp9kPEdafj6sE97HFhpJY8ZN+Aj6Fv/z1KyWvBQ=' 'sha256-fZrjJ52FgBHBPUlYQn06YoX8aFqGNsVYh7CFyPannGg=' https://www.google-analytics.com https://www.googletagmanager.com https://cdn.mxpnl.com https://undefined https://js.appboycdn.com https://o1397824.ingest.us.sentry.io https://cdn.cookielaw.org https://www.youtube.com; font-src 'self' https://fonts.googleapis.com; style-src 'self' 'unsafe-inline' 1
script-src * data: https://www.bcdme.com/* 'unsafe-inline' 'unsafe-eval'; worker-src blob:;  object-src 'none' ; upgrade-insecure-requests 1
frame-ancestors 'self' *.ariscloud.com ariscloud.com http://*.softwareag.com https://*.softwareag.com 1
frame-ancestors 'self' http://localhost:3000 http://localhost:56940 https://poslocal.naretail.na.bestbuy.com https://localhost:44360 https://localhost:44360 https://dtw01sucwb01c.na.bestbuy.com:9443 https://dtw01khuwb01c.na.bestbuy.com:6443 https://dtw01sucwb01c.na.bestbuy.com:3000 https://dtw01sucwb02c.na.bestbuy.com:9443 https://dtw01khuwb02c.na.bestbuy.com:6443 https://dtw01sucwb02c.na.bestbuy.com:6443 https://ptw01sucwb01c.na.bestbuy.com:7450 https://ptw01sucwb02c.na.bestbuy.com:7450 https://ptw02sucwb01d.na.bestbuy.com:7450 https://ptw02sucwb02d.na.bestbuy.com:7450 https://ptw01khuwb01c.na.bestbuy.com:6443 https://ptw01khuwb02c.na.bestbuy.com:6443 https://eappwebv2-pt-bdc.na.bestbuy.com https://eappwebv2-pt-hdc.na.bestbuy.com https://eappwebv1-ws-pt-bdc.na.bestbuy.com https://eappwebv1-ws-pt-hdc.na.bestbuy.com https://eappwebv2-pt.na.bestbuy.com https://ptw01sucwb01c.na.bestbuy.com:6443 https://ptw01sucwb02c.na.bestbuy.com:6443 https://ptw02sucwb01d.na.bestbuy.com:6443 https://ptw02sucwb02d.na.bestbuy.com:6443 https://eappwebv1-pt-bdc.na.bestbuy.com https://eappwebv1-pt-hdc.na.bestbuy.com https://eappwebv1-pt.na.bestbuy.com https://pos.na.bestbuy.com https://pos-pd.na.bestbuy.com https://poslocal.naretail.na.bestbuy.com https://pos-pt.na.bestbuy.com https://pos-pt2.na.bestbuy.com https://dtw01khuwb01c.na.bestbuy.com:9443 https://dtw01khuwb02c.na.bestbuy.com:9443 https://ptw01khuwb01c.na.bestbuy.com:9443 https://ptw01khuwb02c.na.bestbuy.com:9443 https://ecc-pt.na.bestbuy.com https://eapplicationvs-pt.na.bestbuy.com https://eapplicationvs-pt-bdc.na.bestbuy.com; 1
frame-ancestors 'self' crc.elanfinancialservices.com crcadmin.elanfinancialservices.com mediaserver-elan.qa.clockfour.net *.getmetrical.com c4twilio.clockfour.net cardcentral.usbank.com auth.cardcentral.usbank.com www.myaccountbenefits.com admin-lr7crc.efspro.net lr7crc.efspro.net; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.addthis.com *.addthisedge.com *.comodo.com *.doubleclick.net *.facebook.net *.google.co.nz *.google.com *.google-analytics.com *.googleadservices.com googleapis.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.patreon.com *.polyfill.io *.twitter.com *.webspellchecker.net; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.polyfill.io *.webspellchecker.net; connect-src 'self' *.addthis.com *.doubleclick.net *.googlesyndication.com *.gstatic.com *.webspellchecker.net 1
font-src *.cloudflare.com/ *.bootstrapcdn.com/ *.instantsearchplus.com/ *.akamaized.net/ 'unsafe-inline' data: cdn.marmishoes.com/ *.fastsimon.com/ *.rewardstyle.com *.userway.org maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com/ *.foursixty.com/ api.fastsimon.com/ cdn.marmishoes.com/ *.fastsimon.com/ *.rewardstyle.com *.userway.org 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.duosecurity.com/ *.echosign.com/ *.paycomonline.net/ *.instantsearchplus.com/ *.foursixty.com/ api.fastsimon.com/ cdn.marmishoes.com/ *.fastsimon.com/ *.rewardstyle.com *.userway.org www.xtento.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.linkedin.com/ *.adsymptotic.com/ *.klaviyo.com/ *.cloudfront.net/ *.facebook.com/ *.akamaized.net/ *.instantsearchplus.com/ *.foursixty.com/ cdn.marmishoes.com/ shareasale.com *.fastsimon.com/ *.rewardstyle.com *.cdninstagram.com *.google.com *.googleapis.com *.gstatic.com *.userway.org store.paradoxlabs.com https://images.unsplash.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.acp-magento.appspot.com *.akamaized.net *.instantsearchplus.com/ api.fastsimon.com/ fastsimon-grid.akamaized.net *.bootstrapcdn.com *.facebook.net/ *.klaviyo.com/ *.searchspring.net/ *.linkedin.com/ *.adsymptotic.com/ *.cloudflare.com/ *.cloudflareinsights.com/ *.licdn.com/ *.googletagmanager.com/ *.gstatic.com/ *.google-analytics.com/ *.doubleclick.net/ *.googleadservices.com/ *.akamaized.net/ *.marmishoes.com/ foursixty.com/ *.foursixty.com/ cdn.marmishoes.com/ www.dwin1.com *.run.app *.fastsimon.com/ *.rewardstyle.com *.google.com *.googleapis.com *.gstatic.com *.appspot.com *.userway.org www.xtento.com cdn.xtento.com *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.bootstrapcdn.com/ *.facebook.net/ *.klaviyo.com/ *.searchspring.net/ *.linkedin.com/ *.adsymptotic.com/ *.akamaized.net/ *.instantsearchplus.com/ foursixty.com/ *.foursixty.com/ cdn.marmishoes.com/ *.fastsimon.com/ *.rewardstyle.com *.userway.org maxcdn.bootstrapcdn.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bootstrapcdn.com *.facebook.net/ *.facebook.com/ *.klaviyo.com/ *.searchspring.io/ *.linkedin.com/ *.adsymptotic.com/ *.cloudflare.com *.google.com *.doubleclick.net/ *.google-analytics.com/ *.googleadservices.com/ *.akamaized.net/ *.instantsearchplus.com/ foursixty.com/ *.paypal.com/ *.foursixty.com/ api.fastsimon.com/ cdn.marmishoes.com/ *.fastsimon.com/ *.rewardstyle.com *.googleapis.com *.gstatic.com image-complainer.foursixty.com/ *.userway.org *.authorize.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.klaviyo.com/ *.foursixty.com/ api.fastsimon.com/ cdn.marmishoes.com/ *.fastsimon.com/ *.rewardstyle.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src 'self' 'unsafe-inline' *.league.org.uk leagueagainstcruelsports.info *.w3.org *.google.com *.google.co.uk *.googleapis.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.facebook.net *.facebook.com cookiehub.net *.cookiehub.net *.giantdigital.co.uk *.youtube.com *.office.com *.apple.com *.spotify.com *.amazon.com *.buzzsprout.com *.flipsnack.com flo.uri.sh *.flourish.studio *.lcsmap.com data:; style-src 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' *.league.org.uk leagueagainstcruelsports.info *.w3.org *.google.com *.google.co.uk *.googleapis.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.facebook.net *.facebook.com cookiehub.net *.cookiehub.net *.giantdigital.co.uk *.youtube.com *.office.com *.apple.com *.spotify.com *.amazon.com *.buzzsprout.com *.flipsnack.com flo.uri.sh *.flourish.studio *.lcsmap.com 'unsafe-eval'; default-src 'self' 'unsafe-inline' *.league.org.uk leagueagainstcruelsports.info *.w3.org *.google.com *.google.co.uk *.googleapis.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.facebook.net *.facebook.com cookiehub.net *.cookiehub.net *.giantdigital.co.uk *.youtube.com *.office.com *.apple.com *.spotify.com *.amazon.com *.buzzsprout.com *.flipsnack.com flo.uri.sh *.flourish.studio *.lcsmap.com 1
default-src 'none'; base-uri 'self'; child-src https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://www.blitzvideoserver.de https://em.altruja.de; connect-src 'self' https://altruja.de https://em.altruja.de https://dataservices.spd.de; font-src 'self'; form-action 'self' https://www.paypal.com/donate; frame-src https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://www.blitzvideoserver.de https://em.altruja.de; img-src 'self' data: https://em.altruja.de https://www.paypal.com https://www.paypalobjects.com; media-src 'self' https://spd-webomat.s3.eu-central-1.amazonaws.com https://spd-webomat-media.s3.eu-central-1.amazonaws.com; object-src 'self'; script-src 'self' https://altruja.de https://em.altruja.de https://dataservices.spd.de; style-src 'self'; frame-ancestors 'self' 1
font-src 'self' https:; base-uri 'self'; 1
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data: https:;connect-src 'self' https: wss:;frame-src 'self' https:;object-src 'none';script-src 'self' https: 'unsafe-inline';style-src 'self' https: 'unsafe-inline' 1
base-uri 'none'; default-src 'self'; style-src 'self' 'nonce-c84543339fafed9b9a1227ed348c818c' p.typekit.net static.sooqr.com use.typekit.net; font-src 'self' use.typekit.net data:; img-src 'self' data: static.sooqr.com 6282966.global.siteimproveanalytics.io; script-src 'self' 'nonce-c84543339fafed9b9a1227ed348c818c' dynamic.sooqr.com static.sooqr.com; connect-src 'self' cognito-identity.eu-central-1.amazonaws.com firehose.eu-central-1.amazonaws.com; frame-src 'self' www.google.com www.youtube.com; frame-ancestors 'self'; 1
object-src 'none'; script-src 'self' 'unsafe-eval' https://consent.cookiebot.com https://www.google.com https://www.gstatic.com https://consentcdn.cookiebot.com https://ssl.google-analytics.com https://player.vimeo.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://consent.cookiebot.com https://www.google.com https://www.gstatic.com https://consentcdn.cookiebot.com https://ssl.google-analytics.com https://player.vimeo.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://fast.fonts.net https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.budgens.co.uk/report-uri/enforce 1
default-src 'none'; style-src 'self' https: data: 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; script-src 'self' https: blob: data 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.clarity.ms https://mc.yandex.ru https://yastatic.net www.facebook.com connect.facebook.net ajax.cloudflare.com maxcdn.bootstrapcdn.com use.fontawesome.com code.jquery.com cdnjs.cloudflare.com; font-src 'self' https: data: blob: https://fonts.gstatic.com; child-src blob: https://mc.yandex.ru; connect-src 'self' data https: https://consentcdn.cookiebot.com *.belitsoft.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.clarity.ms https://mc.yandex.ru https://stats.g.doubleclick.net ad.doubleclick.net https://www.facebook.com/tr/; img-src 'self' https: data: blob: https://c.bing.com https://*.clarity.ms www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://googleads.g.doubleclick.net https://www.google.com https://mc.yandex.ru https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com; object-src 'none'; media-src 'self' https: data: blob:; base-uri 'self'; form-action 'self' www.facebook.com/tr/ *.belitsoft.com; frame-ancestors 'self'; frame-src 'self' blob: data https: https://consentcdn.cookiebot.com https://bid.g.doubleclick.net https://mc.yandex.ru www.facebook.com https://*.fls.doubleclick.net; 1
default-src 'self'; 		connect-src 'self' https://*.cookiebot.com/ https://*.doubleclick.net https://*.google-analytics.com/ https://*.hcaptcha.com/ https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ https://api.userlike.com/ wss://umd.userlike.com/umd/; 		font-src 'self' https://fonts.gstatic.com/ https://userlike-cdn-umm.b-cdn.net/; 		frame-src 'self' https://*.cookiebot.com/ https://*.hcaptcha.com/ https://saparena.de/ https://*.youtube.com/; 		img-src 'self' data: https://*.google.com/ https://*.google.de/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://saparena.de/ https://i.ytimg.com/ https://userlike-cdn-operators.userlike.com/; 		script-src 'self' 'unsafe-eval' 'unsafe-inline' https://s3.amazonaws.com/downloads.mailchimp.com/ https://*.cookiebot.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://*.hcaptcha.com/ https://*.list-manage.com/ https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ https://userlike-cdn-umm.b-cdn.net/; 		style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; 1
default-src 'none'; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self'; base-uri 'self'; form-action 'none'; frame-ancestors 'none' 1
default-src 'self' data: *.google-analytics.com *.googletagmanager.com *.analytics.google.com https://*.g.doubleclick.net https://*.google.com *.hotjar.io *.hotjar.com *.youtube-nocookie.com *.cookiebot.com *.youtube.com *.issuu.com *.office.com analytics.tiktok.com *.snapchat.com www.facebook.com app.springcast.fm *.cloud.microsoft https://*.formconnector.com *.has.nl;script-src 'nonce-IhAz8u9O8o9k23lc/06MOfN5p8FKEVmEFkB0QStz1xc=' 'strict-dynamic';style-src 'self' 'unsafe-inline'; 1
frame-src 'self' constructionmonkey.com *.constructionmonkey.com platform.twitter.com www.youtube.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; 1
img-src https://www.abuseipdb.com 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com organizer.bizzabo.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-N/IhT0EAONZZC1Lo/LaOlw=='; report-uri https://send.hsbrowserreports.com/csp/report; upgrade-insecure-requests; 1
upgrade-insecure-requests; frame-ancestors 'none'; report-to csp; report-uri https://log.steamcore.se/csp; 1
connect-src 'self' https:;img-src 'self' data: blob: https://dl.airtable.com;media-src 'self' data: blob:;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
worker-src blob 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.boundaries.me 1
style-src 'self' https://accounts.google.com/gsi/style 'unsafe-inline' fonts.googleapis.com platform.twitter.com *.twitter.com *.twimg.com *.google.com cdn.jsdelivr.net accounts.google.com; default-src 'self'; img-src 'self' storage.googleapis.com swiperjs.com www.googleadservices.com *.ggpht.com *.googleusercontent.com *.gstatic.com www.googletagmanager.com *.googleapis.com *.google.com data: *.twitter.com *.twimg.com *.paypal.com *.paypalobjects.com *.ytimg.com accounts.google.com beethoven-viur3.appspot.com *.beethoven.de; script-src 'self' https://accounts.google.com/gsi/client data: da.beethoven.de ajax.googleapis.com www.google.com www.gstatic.com www.google-analytics.com *.google.com www.googletagmanager.com *.twitter.com cdn.syndication.twimg.com cdn.jsdelivr.net accounts.google.com; frame-src 'self' www.google.com drive.google.com accounts.google.com maps.google.de www.youtube.com www.youtube-nocookie.com da.beethoven.de *.appspot.com katalog.beethoven.de *.twitter.com panorama.beethoven.de data: *.google.com walls.io my.walls.io; form-action 'self'; connect-src 'self' accounts.google.com beethoven-viur3.appspot.com localhost www.beethoven.de cdn.jsdelivr.net https://storage.googleapis.com; upgrade-insecure-requests; object-src 'none'; font-src 'self'; media-src 'self' internet.beethoven.de beethoven-viur3.appspot.com storage.googleapis.com data:; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.bakeryinfo.co.uk; 1
default-src https://www.asurequality.co.nz https://www.asurequality.com https://aq1.cwp.govt.nz http://aq1.cwp.govt.nz https://aq1-uat.cwp.govt.nz http://aq1-uat.cwp.govt.nz https://www.asurequality.com/ www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval' data:; base-uri https://www.asurequality.co.nz https://www.asurequality.com https://aq1.cwp.govt.nz http://aq1.cwp.govt.nz https://aq1-uat.cwp.govt.nz http://aq1-uat.cwp.govt.nz https://www.asurequality.com/; frame-ancestors https://www.asurequality.co.nz https://www.asurequality.com https://aq1.cwp.govt.nz http://aq1.cwp.govt.nz https://aq1-uat.cwp.govt.nz http://aq1-uat.cwp.govt.nz https://www.asurequality.com/; style-src 'unsafe-inline' https://www.asurequality.co.nz https://www.asurequality.com https://aq1.cwp.govt.nz http://aq1.cwp.govt.nz https://aq1-uat.cwp.govt.nz http://aq1-uat.cwp.govt.nz https://www.asurequality.com/ https://maxcdn.bootstrapcdn.com https://*.fontawesome.com https://fonts.googleapis.com https://*.gstatic.com https://api.addressfinder.io https://tagmanager.google.com https://optimize.google.com; script-src 'unsafe-inline' https://www.asurequality.co.nz https://www.asurequality.com https://aq1.cwp.govt.nz http://aq1.cwp.govt.nz https://aq1-uat.cwp.govt.nz http://aq1-uat.cwp.govt.nz https://www.asurequality.com/ http://analytics-au.clickdimensions.com https://analytics-au.clickdimensions.com http://www.googletagmanager.com/ http://www.google.com https://script.crazyegg.com https://code.jquery.com https://staticcdn.co.nz https://snap.licdn.com https://www.google.com https://*.doubleclick.net https://www.googleadservices.com https://*.fontawesome.com https://connect.facebook.net http://script.crazyegg.com https://*.crazyegg.com https://*.gstatic.com https://api.addressfinder.io https://www.googletagmanager.com https://fonts.googleapis.com https://*.google-analytics.com http://*.google-analytics.com http://tagmanager.google.com https://optimize.google.com http://*.hotjar.com https://*.hotjar.com https://code.jquery.com 'unsafe-eval'; img-src https://www.asurequality.co.nz https://www.asurequality.com https://aq1.cwp.govt.nz http://aq1.cwp.govt.nz https://aq1-uat.cwp.govt.nz http://aq1-uat.cwp.govt.nz https://www.asurequality.com/ http://www.asurequality.com 'self' https://*.linkedin.com data: https://connect.facebook.net https://fonts.gstatic.com http://www.googletagmanager.com/ https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.co.nz https://p.adsymptotic.com https://www.google.com https://px.ads.linkedin.com https://*.facebook.com https://*.google-analytics.com http://*.google-analytics.com https://*.swagger.io https://optimize.google.com https://*.hotjar.com; font-src https://www.asurequality.co.nz https://www.asurequality.com https://aq1.cwp.govt.nz http://aq1.cwp.govt.nz https://aq1-uat.cwp.govt.nz http://aq1-uat.cwp.govt.nz https://www.asurequality.com/ data: https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com; object-src https://www.asurequality.co.nz https://www.asurequality.com https://aq1.cwp.govt.nz http://aq1.cwp.govt.nz https://aq1-uat.cwp.govt.nz http://aq1-uat.cwp.govt.nz https://www.asurequality.com/ 'self'; frame-src https://www.asurequality.co.nz https://www.asurequality.com https://aq1.cwp.govt.nz http://aq1.cwp.govt.nz https://aq1-uat.cwp.govt.nz http://aq1-uat.cwp.govt.nz https://www.asurequality.com/ http://www.asurequality.com 'self' https://www.facebook.com https://bid.g.doubleclick.net https://www.google.com data: https://*.youtube-nocookie.com https://player.vimeo.com https://*.youtube.com https://optimize.google.com https://www.googletagmanager.com/ns.html https://*.hotjar.com; child-src https://www.asurequality.co.nz https://www.asurequality.com https://aq1.cwp.govt.nz http://aq1.cwp.govt.nz https://aq1-uat.cwp.govt.nz http://aq1-uat.cwp.govt.nz https://www.asurequality.com/ https://*.youtube-nocookie.com https://player.vimeo.com http://player.vimeo.com https://*.youtube.com  https://optimize.google.com https://www.googletagmanager.com/ns.html https://*.hotjar.com; connect-src https://www.asurequality.co.nz https://www.asurequality.com https://aq1.cwp.govt.nz http://aq1.cwp.govt.nz https://aq1-uat.cwp.govt.nz http://aq1-uat.cwp.govt.nz https://www.asurequality.com/ https://surveystats.hotjar.io https://stats.g.doubleclick.net https://api.addressfinder.io https://www.google-analytics.com/ http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com; form-action https://www.asurequality.co.nz https://www.asurequality.com https://aq1.cwp.govt.nz http://aq1.cwp.govt.nz https://aq1-uat.cwp.govt.nz http://aq1-uat.cwp.govt.nz https://www.asurequality.com/ http://www.asurequality.com https://sec.windcave.com https://www.facebook.com 'self'; media-src https://www.asurequality.co.nz https://www.asurequality.com https://aq1.cwp.govt.nz http://aq1.cwp.govt.nz https://aq1-uat.cwp.govt.nz http://aq1-uat.cwp.govt.nz https://www.asurequality.com/ https://www.fullscreen.io 'self'; 1
frame-src 'self' app.netlify.com *.demo.questdb.io *.questdb.io www.youtube.com www.slideshare.net forms.hsforms.com; 1
frame-src 'self' blob: https://*.vissim.no https://*.offshoreenergymanager.com https://www.google.com/recaptcha/ ; frame-ancestors 'self' blob: https://*.vissim.no https://*.offshoreenergymanager.com ; 1
default-src 'self'; frame-src 'self' forms.hsforms.com *.youtube.com static.hsappstatic.net app.hubspot.com https://td.doubleclick.net https://4276723.hs-sites.com; object-src 'none'; img-src * data:; connect-src *; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; style-src * 'self' 'unsafe-inline'; style-src-elem  * 'unsafe-inline'; font-src * data:; 1
default-src 'self' https://api.thestreetlink.org.uk https://mapit.mysociety.org https://www.home-connection.co.uk https://www.facebook.com https://googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.mysociety.com https://*.gov.uk.com https://nextjs.org https://homeless.org.uk https://*.abilitynet.org.uk https://*.equalityadvisoryservice.com https://thestreetlink.org.uk https://www.google.co.in https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://www.*.google-analytics.com https://*.google-analytics.com https://region1.google-analytics.com;    script-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob: https://mapit.mysociety.org https://www.home-connection.co.uk https://www.facebook.com https://googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.mysociety.com https://*.gov.uk.com https://nextjs.org https://homeless.org.uk https://*.abilitynet.org.uk https://*.equalityadvisoryservice.com https://thestreetlink.org.uk https://www.google.co.in https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://www.*.google-analytics.com https://*.google-analytics.com https://region1.google-analytics.com;    style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://mapit.mysociety.org https://www.home-connection.co.uk https://www.facebook.com https://googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.mysociety.com https://*.gov.uk.com https://nextjs.org https://homeless.org.uk https://*.abilitynet.org.uk https://*.equalityadvisoryservice.com https://thestreetlink.org.uk https://www.google.co.in https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://www.*.google-analytics.com https://*.google-analytics.com https://region1.google-analytics.com;    img-src 'self' blob: https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: https://mapit.mysociety.org https://www.home-connection.co.uk https://www.facebook.com https://googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.mysociety.com https://*.gov.uk.com https://nextjs.org https://homeless.org.uk https://*.abilitynet.org.uk https://*.equalityadvisoryservice.com https://thestreetlink.org.uk https://www.google.co.in https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://www.*.google-analytics.com https://*.google-analytics.com https://region1.google-analytics.com;    font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net https://mapit.mysociety.org https://www.home-connection.co.uk https://www.facebook.com https://googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.mysociety.com https://*.gov.uk.com https://nextjs.org https://homeless.org.uk https://*.abilitynet.org.uk https://*.equalityadvisoryservice.com https://thestreetlink.org.uk https://www.google.co.in https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://www.*.google-analytics.com https://*.google-analytics.com https://region1.google-analytics.com data:;    frame-src *.google.com https://*.doubleclick.net/;    connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://api.thestreetlink.org.uk https://mapit.mysociety.org https://www.home-connection.co.uk https://www.facebook.com https://googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.mysociety.com https://*.gov.uk.com https://nextjs.org https://homeless.org.uk https://*.abilitynet.org.uk https://*.equalityadvisoryservice.com https://thestreetlink.org.uk https://www.google.co.in https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://www.*.google-analytics.com https://*.google-analytics.com https://region1.google-analytics.com;    object-src 'none';    base-uri 'self';    form-action 'self';    frame-ancestors 'none';    block-all-mixed-content;    upgrade-insecure-requests; 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.leanonlinebusiness.com https://www.realestateskills.com 1
connect-src null 'self' https:;script-src 'self' 'unsafe-inline' ajax.cloudflare.com https://www.googletagmanager.com static.cloudflareinsights.com cdn.productreview.com.au bat.bing.com s.pinimg.com www.clarity.ms connect.facebook.net ct.pinterest.com www.redditstatic.com pulse.clickguard.com *.posthog.com *.taboola.com *.cimet.io *.cimet.com.au null;script-src-attr 'self' 'unsafe-inline';object-src 'self';font-src 'self' https://fonts.gstatic.com cdn.productreview.com.au;frame-src *;media-src 'self' assets.cimet.com.au;img-src 'self' data: https:;frame-ancestors 'self' https://www.energymatters.com.au;default-src 'self';base-uri 'self';form-action 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self'; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https://*.cookiebot.com https://*.clarity.ms https://cdn.mxpnl.com https://*.bing.com https://connect.facebook.net https://*.googleapis.com https://googleapis.com https://script.hotjar.com https://*.google-analytics.com https://static.hotjar.com  https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://*.wistia.com https://beacon-v2.helpscout.net https://kit.fontawesome.com https://ka-p.fontawesome.com; script-src-elem 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https://*.cookiebot.com https://*.clarity.ms https://cdn.mxpnl.com https://*.bing.com https://connect.facebook.net https://*.googleapis.com https://googleapis.com https://script.hotjar.com https://*.google-analytics.com https://static.hotjar.com  https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://*.wistia.com https://beacon-v2.helpscout.net https://kit.fontawesome.com https://ka-p.fontawesome.com https://yoast.com; style-src 'report-sample' 'unsafe-inline' 'self' https://fast.fonts.net https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.cookiebot.com https://*.clarity.ms https://yoast.com https://*.yoast.com https://*.bing.com https://*.doubleclick.net https://*.google-analytics.com https://*.hotjar.com https://*.googleapis.com https://googleapis.com https://*.wistia.com https://d3hb14vkzrxvla.cloudfront.net https://beaconapi.helpscout.net https://kit.fontawesome.com https://ka-p.fontawesome.com https://vc.hotjar.io; font-src 'self' data: https://fonts.gstatic.com https://*.wistia.com; frame-src 'self' https://*.cookiebot.com https://*.podbean.com/ https://www.youtube.com https://cdn.yoshki.com https://vars.hotjar.com https://www.facebook.com https://www.google.com https://wp-rocket.me; img-src 'self' data: https://*.bing.com https://*.clarity.ms https://*.podbean.com https://maps.gstatic.com https://maps.googleapis.com https://*.googleapis.com https://googleapis.com https://ps.w.org https://*.bing.com https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://www.facebook.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://www.googletagmanager.com https://secure.gravatar.com https://i.ytimg.com https://*.wistia.com https://*.cookiebot.com; manifest-src 'self'; media-src 'self' blob: https://*.podbean.com; report-uri https://61603ac394ca04a844e904c9.endpoint.csper.io/; worker-src 'self'; 1
default-src 'self' packages.umbraco.org our.umbraco.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.aspnetcdn.com https://cdn.iubenda.com https://player.vimeo.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.gstatic.com https://maps.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://ajax.aspnetcdn.com https://cdn.iubenda.com https://www.iubenda.com https://player.vimeo.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.gstatic.com https://maps.googleapis.com https://snap.licdn.com/li.lms-analytics/ https://www.googleadservices.com https://googleads.g.doubleclick.net; script-src-attr 'unsafe-hashes' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.iubenda.com; object-src 'none'; connect-src 'self' https://www.google-analytics.com https://maps.googleapis.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://px.ads.linkedin.com/wa/; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://www.slideshare.net https://www.google.com/recaptcha/ https://www.google.com/maps/ https://www.gstatic.com/recaptcha/ https://www.iubenda.com https://td.doubleclick.net; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/ads/ https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://dashboard.umbraco.org data: www.gravatar.com umbraco.tv umbraco.org https://www.google.com/pagead/1p-user-list/ https://www.linkedin.com/px/li_sync; media-src 'self' https://player.vimeo.com; worker-src 'none'; 1
default-src 'self' *.gov.cn;img-src 'self' * data:;media-src 'self' *;font-src 'self' *.gov.cn data:;style-src 'self' 'unsafe-inline' *.gov.cn data:;script-src 'self' 'unsafe-inline' *.baidu.com *.gov.cn  'unsafe-eval';upgrade-insecure-requests; 1
default-src * data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; object-src 'none' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.yandex.ru st.top100.ru counter.rambler.ru openstat.net yandex.st yastatic.net top-fwz1.mail.ru *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.recaptcha.net; 1
frame-ancestors 'self' *.lovecrafts.com 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.workable.com localhost:* localtest:* *.google.com *.googleapis.com ajax.aspnetcdn.com fonts.gstatic.com www.youtube.com s.ytimg.com www.googletagmanager.com vortex.data.microsoft.com *.hubspot.com *.hscta.net *.google-analytics.com iowa.gov *.jquery.com *.addthis.com *.addthisedge.com *.gstatic.com *.doubleclick.net *.fontawesome.com *.simpli.fi;object-src *.spindustry.com;style-src 'self' 'unsafe-inline' iowa.gov *.jquery.com maxcdn.bootstrapcdn.com *.googleapis.com tagmanager.google.com *.fontawesome.com;img-src 'self' data: *.workable.com localhost:* localtest:* *.spintest.com *.google.com *.google-analytics.com *.hubspot.com iowa.gov *.goodblogscdn.com *.gstatic.com *.doubleclick.net *.googleapis.com *.youtube.com *.zendesk.com *.zdusercontent.com *.simpli.fi *.googleadservices.com *.pro-market.net;media-src *.spindustry.com;frame-src 'self' *.spindustry.com *.youtube.com *.google.com *.doubleclick.net *.spintest.com;font-src 'self' maxcdn.bootstrapcdn.com *.googleapis.com fonts.gstatic.com *.fontawesome.com;connect-src 'self' *.spindustry.com *.g.doubleclick.net *.fontawesome.com *.googleapis.com *.google-analytics.com;child-src *.youtube.com *.hubspot.com *.addthis.com *.google.com *.doubleclick.net;form-action 'self' *.spindustry.com;frame-ancestors *.spindustry.com;manifest-src 'self';report-uri /WebResource.axd?cspReport=true 1
default-src 'self' packages.umbraco.org our.umbraco.org;script-src 'self' cdnjs.cloudflare.com code.jquery.com ajax.googleapis.com maps.google.com www.google.com siteimproveanalytics.com www.googletagmanager.com *.gstatic.com www.google-analytics.com maps.googleapis.com www.youtube.com connect.facebook.net *.cqc.org.uk use.typekit.net *.browsealoud.com *.civiccomputing.com *.sharethis.com *.speechstream.net apis.google.com sha256-aEDmoObzmjNv962J42VzD3ELW5yetlhKLnYGA32/4aU= plus.browsealoud.com www.browsealoud.com *.facebook.com *.twitter.com *.x.com *.fontawesome.com api.reciteme.com *.instagram.com 'unsafe-eval' 'unsafe-inline';style-src 'self' fonts.googleapis.com *.cqc.org.uk www.browsealoud.com plus.browsealoud.com *.fontawesome.com api.reciteme.com 'unsafe-inline';connect-src 'self' maps.googleapis.com *.google-analytics.com *.google.com *.browsealoud.com *.civiccomputing.com *.sharethis.com stats.g.doubleclick.net wiki-summarizer-eu.texthelp.com browsealoud-webservices-8.texthelp.com browsealoud-webservices-eu.texthelp.com speechstreamv3-webservices-8.texthelp.com speechstreamv3-webservices-eu.texthelp.com *.speechstream.net en.wikipedia.org blob: stats.g.doubleclick.net www.google-analytics.com plus.browsealoud.com www.browsealoud.com wikisum.texthelp.com simplify-us.texthelp.com babm.texthelp.com *.fontawesome.com api.reciteme.com stats.reciteme.com;font-src 'self' cdn.jsdelivr.net fonts.gstatic.com use.typekit.net *.fontawesome.com api.reciteme.com;img-src 'self' www.google-analytics.com maps.gstatic.com maps.google.com img.youtube.com *.googleapis.com data: *.google.co.uk *.google.com *.cqc.org.uk p.typekit.net *.sharethis.com browsealoud-webservices-8.texthelp.com browsealoud-webservices-eu.texthelp.com speechstreamv3-webservices-8.texthelp.com speechstreamv3-webservices-eu.texthelp.com *.speechstream.net stats.g.doubleclick.net www.browsealoud.com plus.browsealoud.com upload.wikimedia.org stats.g.doubleclick.net api.reciteme.com;media-src 'self' www.youtube.com player.vimeo.com *.speechstream.net blob:;frame-src 'self' www.youtube.com www.google.com player.vimeo.com www.google-analytics.com content.googleapis.com www.googletagmanager.com/ns.html *.facebook.com *.twitter.com *.x.com *.instagram.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ard.social; img-src 'self' https: data: blob: https://ard.social; style-src 'self' https://ard.social 'nonce-G4hggIHaWo1/cqV5358ysg=='; media-src 'self' https: data: https://ard.social; frame-src 'self' https:; manifest-src 'self' https://ard.social; form-action 'self'; connect-src 'self' data: blob: https://ard.social https://storage.googleapis.com wss://ard.social; script-src 'self' https://ard.social 'wasm-unsafe-eval'; child-src 'self' blob: https://ard.social; worker-src 'self' blob: https://ard.social 1
frame-ancestors 'self' https://*.vancouverconventioncentre.com https://vancouverconventioncentre.com https://visitingmedia.com https://*.visitingmedia.com http://lot185.com http://*.lot185.com; base-uri 'self'; form-action 'self'; object-src 'self'; 1
default-src 'self' geolocation.onetrust.com cdn.cookielaw.org matomo.vtg.com charts3.equitystory.com www.google-analytics.com maps.gstatic.com maps.googleapis.com maps.google.com www.google.com www.gstatic.com fonts.gstatic.com api.stream24.net hmmh.scnem.com www.w3.org cdn.linkedin.oribi.io 128.30.52.100 px.ads.linkedin.com assets-eur.mkt.dynamics.com cxppusa1formui01cdnsa01-endpoint.azureedge.net public-eur.mkt.dynamics.com; script-src 'self' cdn.cookielaw.org matomo.vtg.com matomo.vtg.de charts3.equitystory.com www.googletagmanager.com ajax.googleapis.com maps.googleapis.com www.google-analytics.com maps.google.com www.google.com www.gstatic.com snap.licdn.com cxppusa1formui01cdnsa01-endpoint.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' charts3.equitystory.com fonts.googleapis.com 'unsafe-inline'; frame-src 'self' consentcdn.cookiebot.com vtg.com www.vtg.com vtg.de www.vtg.de charts3.equitystory.com www.google-analytics.com maps.gstatic.com maps.googleapis.com maps.google.com fonts.gstatic.com www.google.com www.gstatic.com api.stream24.net www.youtube.com www.youtube-nocookie.com hmmh.scnem.com; img-src 'self' cdn.cookielaw.org optanon.blob.core.windows.net matomo.vtg.com charts3.equitystory.com maps.gstatic.com maps.googleapis.com maps.google.com khms0.googleapis.com khms1.googleapis.com px.ads.linkedin.com px4.ads.linkedin.com data: www.w3.org; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline'; font-src 'self' fonts.gstatic.com; script-src 'self' 'unsafe-inline' ajax.googleapis.com; style-src-elem 'self' fonts.googleapis.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob: https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://d2d7do8qaecbru.cloudfront.net; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://ct.pinterest.com https://ampcid.google.at https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.at https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://*.parcellab.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn https://fonts.smct.co https://fonts.smct.io https://fonts.gstatic.com; form-action 'self' https://www.facebook.com https://www.myprotein.at https://m.myprotein.at https://checkout.myprotein.at https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://*.google-analytics.com https://google.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myprotein.at https://smct.co https://*.smct.co https://smct.io https://*.smct.io; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn https://fonts.smct.co https://fonts.smct.io https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://assets.ubembed.com/ https://js.hsadspixel.net/ https://js.zi-scripts.com/ https://js.hs-banner.com/ https://www.youtube.com/ https://js.hsforms.net/ https://js.hs-analytics.net/ https://snap.licdn.com/ https://js.hs-scripts.com/ https://connect.facebook.net/ https://dyv6f9ner1ir9.cloudfront.net/ https://translate-pa.googleapis.com/ https://www.googletagmanager.com/gtag/js https://www.google.com/recaptcha/api.js https://www.google-analytics.com/ https://www.gstatic.com/ https://translate.google.com/ https://googleads.g.doubleclick.net/ https://translate.googleapis.com/ https://ajax.googleapis.com/  https://ssl.google-analytics.com https://tagmanager.google.com https://stackpath.bootstrapcdn.com/;  style-src 'self' 'unsafe-inline' https://meduitrcm.com/ https://www.stackpath.bootstrapcdn.com https://tagmanager.google.com https://www.gstatic.com/ https://fonts.googleapis.com/ *.s.w.org; object-src 'none'; base-uri 'self'; connect-src 'self' https://pagead2.googlesyndication.com/ https://forms.hsforms.com/ https://js.zi-scripts.com/ https://ws.zoominfo.com/ https://translate.googleapis.com/ https://www.google-analytics.com https://stats.g.doubleclick.net https://api.hubapi.com/; font-src 'self' https://fonts.gstatic.com data: https://use.fontawesome.com *.cloudfront.net;  frame-src 'self' https://forms.hsforms.com/ https://api-9f0ebaf8.duosecurity.com/ https://td.doubleclick.net/ https://app.outgrow.co/ https://www.facebook.com/ https://www.google.com https://www.vimeo.com https://www.youtube.com https://meduit.outgrow.us; img-src 'self' https://meduitrcm.com/ https://www.meduitrcm.com/ https://forms-na1.hsforms.com/ https://px4.ads.linkedin.com/ https://forms.hsforms.com/ https://www.google.com/pagead/ https://px.ads.linkedin.com/ https://fonts.gstatic.com/ https://track.hubspot.com/ https://www.google-analytics.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com/tr/ https://secure.gravatar.com https://www.google.com/ads/ga-audiences data: https://www.google-analytics.com *.cloudfront.net; manifest-src 'self';  media-src 'self'; worker-src 'none' 1
default-src 'self' data:; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://*.etracker.com; frame-src 'self' https://open.spotify.com https://mafo1.myaudience.de/ https://www.youtube-nocookie.com/; script-src 'self' 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://static.newsletter2go.com https://mafo1.myaudience.de https://static.etracker.com https://code.etracker.com https://www.etracker.de https://www.evergabe.nrw.de; style-src 'self' https://static.hotjar.com https://script.hotjar.com 'unsafe-inline'; object-src 'none'; worker-src 'none'; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://api.newsletter2go.com https://www.etracker.de; img-src 'self' data: https://static.hotjar.com https://script.hotjar.com https://files.newsletter2go.com https://images.fdbserver.de https://mafo1.myaudience.de; font-src 'self' https://script.hotjar.com; upgrade-insecure-requests 1
media-src 'self' https://*.tidiochat.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://code.tidio.co https://js.stripe.com https://www.gstatic.com https://www.gstatic.com/recaptcha/ https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.com/recaptcha/ https://*.tidiochat.com https://*.mygivingcircle.org http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.openreplay.com https://*.paypal.com https://*.posthog.com;script-src-attr 'unsafe-inline';style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://tagmanager.google.com https://fonts.googleapis.com;img-src 'self' 'unsafe-inline' data: blob: https://mgc-app.s3.amazonaws.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://*.googletagmanager.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.facebook.com *.facebook.net *.fbcdn.net https://*.paypalobjects.com https://*.paypal.com https://cdnjs.cloudflare.com;frame-src 'self' https://js.stripe.com https://hooks.stripe.com https://bid.g.doubleclick.net https://www.google.com *.facebook.com https://connect.facebook.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io fbrpc://call https://*.paypal.com;connect-src 'self' https://mygivingcircle.org https://*.mygivingcircle.org https://mgc-app.s3.amazonaws.com ws: wss: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://fonts.googleapis.com *.facebook.com https://connect.facebook.net https://api.stripe.com https://*.sentry.io https://*.mygivingcircle.org http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.openreplay.com https://*.paypal.com https://sentry-new.tidio.co https://socket.tidio.co https://api-v2.tidio.co https://*.posthog.com;font-src 'self' https://fonts.gstatic.com data: https://mgc-app.s3.amazonaws.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://widget-v4.tidiochat.com;child-src blob: *.facebook.com https://connect.facebook.net;worker-src 'self' blob: https://*.mygivingcircle.org https://*.openreplay.com;form-action 'self' https://*.facebook.com;default-src 'self';base-uri 'self';block-all-mixed-content;frame-ancestors 'self';object-src 'none';upgrade-insecure-requests 1
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://www.googletagmanager.com/gtag/js https://*.google-analytics.com https://translate.google.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://stats.g.doubleclick.net;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com https://*.google-analytics.com https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net *.doubleclick.net *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ dc.ads.linkedin.com analytics.twitter.com t.co;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://assemblag.es; img-src 'self' https: data: blob: https://assemblag.es; style-src 'self' https://assemblag.es 'nonce-HBU+wfuNxyVc0GJF8OOXlA=='; media-src 'self' https: data: https://assemblag.es; frame-src 'self' https:; manifest-src 'self' https://assemblag.es; form-action 'self'; child-src 'self' blob: https://assemblag.es; worker-src 'self' blob: https://assemblag.es; connect-src 'self' data: blob: https://assemblag.es https://sb-assemblagees.b-cdn.net wss://assemblag.es; script-src 'self' https://assemblag.es 'wasm-unsafe-eval' 1
frame-ancestors 'self' http://www.missionsignal.fr unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' foroalfa.org *.webspellchecker.net *.paypal.com *.paypalobjects.com *.google.com *.google.com.ar *.google-analytics.com *.gstatic.com *.googlesyndication.com *.googleapis.com *.googletagmanager.com *.googletagservices.com *.googleadservices.com *.doubleclick.net cdnjs.cloudflare.com *.cloudflareinsights.com *.jquery.com *.twitter.com *.youtube.com *.ytimg.com  *.youtube-nocookie.com *.vimeo.com *.facebook.net *.facebook.com connect.facebook.net *.fromdoppler.com momentjs.com *.veredictas.com unpkg.com *.decidir.com *.payway.com.ar *.online-metrix.net *.mercadopago.com *.mercadolibre.com http2.mlstatic.com wp-themes.com; img-src * 'self' data: https:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastorol.es; img-src 'self' https: data: blob: https://mastorol.es; style-src 'self' https://mastorol.es 'nonce-xuTY1nBknlaVSgFtyINFrw=='; media-src 'self' https: data: https://mastorol.es; frame-src 'self' https:; manifest-src 'self' https://mastorol.es; form-action 'self'; child-src 'self' blob: https://mastorol.es; worker-src 'self' blob: https://mastorol.es; connect-src 'self' data: blob: https://mastorol.es https://media.mastorol.es/mastorol/ wss://mastorol.es; script-src 'self' https://mastorol.es 'wasm-unsafe-eval' 1
default-src 'self' https://media.kulturbanause.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com data:; img-src 'self' https://secure.gravatar.com https://ssl-vg03.met.vgwort.de https://www.google-analytics.com https://www.googletagmanager.com https://s.w.org https://wordpress.org https://ps.w.org https://stats.g.doubleclick.net https://maps.googleapis.com https://media.kulturbanause.de https://kulturbanause.de https://caniuse.bitsofco.de https://res.cloudinary.com https://vg06.met.vgwort.de/ https://vg02.met.vgwort.de https://vg07.met.vgwort.de data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; object-src 'none'; frame-src 'self' https://media.kulturbanause.de https://player.vimeo.com/ https://amazon.com https://animoto.com https://blip.tv https://cloudup.com https://collegehumor.com https://crowdsignal.com https://www.dailymotion.com https://www.facebook.com https://www.flickr.com https://www.funnyordie.com https://giphy.com https://www.hulu.com https://imgur.com https://instagram.com https://issuu.com https://www.kickstarter.com https://meetup.com https://mixcloud.com https://photobucket.com https://reddit.com https://reverbnation.com https://www.scribd.com https://www.slideshare.net https://www.smugmug.com https://soundcloud.com https://speakerdeck.com https://www.spotify.com https://www.ted.com https://www.tumblr.com https://twitter.com https://videopress.com https://vimeo.com https://vine.co https://wordpress.org/plugins-wp https://wordpress.tv https://www.youtube.com https://www.youtube-nocookie.com https://caniuse.bitsofco.de; worker-src 'self'; connect-src 'self' https://www.google-analytics.com; report-uri https://kulturbanause.de/wp-content/themes/kulturbanause/security-report.php 1
default-src 'self'; img-src 'self' nfts.vechainstats.com data: 'unsafe-inline'; frame-src www.google.com/recaptcha/; script-src 'self' ajax.cloudflare.com www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline'; connect-src 'self' wss://socket.vechainstats.com; style-src 'self' 'unsafe-inline'; object-src 'none'; form-action 'self'; block-all-mixed-content 1
frame-ancestors 'self' *.mylsb.com *.zagclients.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com; 1
script-src 'nonce-SADAeX90BidvfM2otEIS9w==' 'self' mc.webvisor.com mc.webvisor.org an.yandex.ru yastatic.net storage.mds.yandex.net 'unsafe-eval' 'unsafe-inline' *.analytics.google.com analytics.google.com *.google-analytics.com *.googletagmanager.com googletagmanager.com www.googletagmanager.com *.doubleclick.net fundingchoicesmessages.google.com *.hippoobox.com sdk.crazygames.com *.yandex.com *.yandex.net http://*.yandex.net *.yandex.ru ya.ru yandex.com yandex.ru yandex.st yastat.net *.yandex.ru yandex.ru; style-src 'unsafe-inline' yastatic.net 'self' 'unsafe-eval' yandex.st yastat.net *.yandex.net; img-src data: *.games.s3.yandex.net blob: 'self' mc.webvisor.com mc.webvisor.org mc.admetrica.ru android-webview-video-poster: avatars-fast.yandex.net favicon.yandex.net banners.adfox.ru content.adfox.ru ads6.adfox.ru yastat.net avatars.mds.yandex.net mc.yandex.ru *.tns-counter.ru *.verify.yandex.ru verify.yandex.ru ads.adfox.ru bs.serving-sys.com bs.serving-sys.ru ad.adriver.ru wcm.solution.weborama.fr wcm-ru.frontend.weborama.fr wcm.weborama-tech.ru ad.doubleclick.net rgi.io track.rutarget.ru ssl.hurra.com amc.yandex.ru gdeby.hit.gemius.pl tps.doubleverify.com pixel.adsafeprotected.com impression.appsflyer.com pixel.adlooxtracking.com pixel.adlooxtracking.ru *.cpmstar.com cookie.lmgssp.com *.analytics.google.com analytics.google.com *.google-analytics.com *.googletagmanager.com googletagmanager.com www.googletagmanager.com *.doubleclick.net fundingchoicesmessages.google.com *.ya.ru *.yandex.com *.yandex.net *.yandex.ru yandex.com yandex.ru yandex.st yastatic.net *.yandex.ru yandex.ru; connect-src 'self' blob: yandexmetrica.com:* mc.webvisor.com mc.webvisor.org mc.admetrica.ru http://127.0.0.1:29009 http://127.0.0.1:30102 yandexmetrica.com:29010 yandexmetrica.com:30103 mc.yandex.md an.yandex.ru strm.yandex.ru *.strm.yandex.ru *.strm.yandex.net verify.yandex.ru *.verify.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru tps.doubleverify.com pixel.adsafeprotected.com amc.yandex.ru ad.360yield.com balancer.lmgssp.com cpm.programattik.com server.cpmstar.com prebid.smilewanted.com *.analytics.google.com analytics.google.com *.google-analytics.com *.googletagmanager.com googletagmanager.com www.googletagmanager.com *.doubleclick.net fundingchoicesmessages.google.com *.ya.ru *.yandex.com *.yandex.net *.yandex.ru ya.ru yandex.com http://*.yandex.net *.yandex.ru yandex.ru api.passport.yandex.ru yandexgames:; worker-src 'self' blob:; child-src 'self' blob: mc.yandex.ru; frame-src 'self' blob: mc.yandex.md data: yastatic.net *.lmgssp.com *.doubleclick.net https://secure.xsolla.com *.ya.ru *.yandex.com *.yandex.net *.yandex.ru *.yandexadexchange.net ya.ru yandex.ru yandexadexchange.net yastat.net *.yandex.ru yandex.ru; report-to default-group; manifest-src 'self' yandex.com; frame-ancestors webvisor.com *.webvisor.com http://webvisor.com http://*.webvisor.com 'self' yastatic.net zenadservices.net *.ya.ru *.yandex.ru ya.ru yandex.ru; font-src yastatic.net 'self' data: cdn.megabonus.com an.yandex.ru yastat.net; media-src *.yandex.net strm.yandex.ru *.strm.yandex.ru yastat.net data: blob: *.yandex.ru ya.ru yandex.ru yandex.st yastatic.net yandex.ru; default-src 'none'; report-uri https://csp.yandex.net/csp?yandexuid=4448832061721959508&from=games-catalog&project=games&slots=914391%2C0%2C-1%3B930288%2C0%2C-1%3B985371%2C0%2C-1%3B1014530%2C0%2C-1%3B1033875%2C0%2C-1%3B697939%2C0%2C11%3B485537%2C0%2C57%3B805198%2C0%2C31%3B986444%2C0%2C13%3B994410%2C0%2C58; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net ssl.google-analytics.com js-agent.newrelic.com js.bkmexpress.com.tr; 1
frame-src https://*.google.com https://*.kudoscasino.com https://*.tripleseven.casino https://*.youtube.com https://*.vimeo.com https://lobby.kudoscasino.com:3072 https://cdk.tripleseven.casino:2072 https://plugins.tawk.to https://embed.tawk.to https://cdk.tripleseven.casino:2072 1
font-src 'self' *.gstatic.com *.unblu.com *.unblu-env.com *.unblu.com *.opentok.com *.tokbox.com *.celeroxpress.ca *.cornerstonecu.com data:; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.unblu.com *.unblu-env.com *.unblu.com *.opentok.com *.tokbox.com *.celeroxpress.ca *.cornerstonecu.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdic.ca *.gstatic.com *.google.com googleads.g.doubleclick.net www.googleadservices.com connect.facebook.net www.googletagmanager.com www.google-analytics.com *.googleapis.com *.youtube.com s.ytimg.com tagmanager.google.com *.bing.com *.unblu.com *.unblu-env.com *.unblu.com *.opentok.com *.tokbox.com *.celeroxpress.ca *.cornerstonecu.com *.mycontactcenter.net *.serverdata.net; img-src * data:; worker-src 'self' blob:; ; 1
frame-ancestors 'self' https://asp7.vccondemand.com https://vocalcom.cloud-contact-center.de 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.schrack-seconet.com *.fonts.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.facebook.net *.google.com *.gstatic.com *.jquery.com *.addtoany.com *.myfonts.net *.sagedpw.at *.licdn.com *.hiro.ki; 1
frame-ancestors https://ladunedupilat.com https://bassin-arcachon.com; 1
frame-ancestors https://ekoop.tarimkredi.org.tr https://narline.bereket.com.tr/ https://rcnarline.bereket.com.tr/ 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src * data: 1
default-src 'self' https://fonts.gstatic.com/ https://bmtmarketing.azureedge.net https://bmtmarketingdevelopment.azureedge.net https://bmtblobdevelopment.blob.core.windows.net https://bmtblobstaging.blob.core.windows.net https://bmtblobproduction.blob.core.windows.net https://bmtblobdraft.blob.core.windows.net https://script.hotjar.com https://cdn.videvo.net/videvo_files/video/premium/getty_138/large_watermarked/istock-913511504_preview.mp4; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.sharethis.com https://www.google.com https://az416426.vo.msecnd.net https://maps.googleapis.com https://www.googletagmanager.com http://tagmanager.google.com https://www.google-analytics.com https://code.jquery.com https://use.fontawesome.com https://via.bmt.org http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.gstatic.com https://snap.licdn.com https://*.hs-scripts.com https://js.hsadspixel.net http://js.hsforms.net https://js.hsforms.net https://forms.hsforms.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hscollectedforms.net https://js.hscta.net/cta/current.js https://www.googleadservices.com https://googleads.g.doubleclick.net https://unpkg.com/@popperjs/core@2 https://unpkg.com/tippy.js@6 http://cta-service-cms2.hubspot.com https://*.hsadspixel.net https://static.hsappstatic.net https://*.usemessages.com https://*.hsleadflows.net https://*.hubspotfeedback.com https://feedback.hubapi.com https://*.hubspot.com https://*.hsforms.net https://*.hsforms.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://code.jquery.com https://tagmanager.google.com https://cdn.jsdelivr.net/npm/slick-carousel@1.6.0/slick/slick.css https://cdn2.hubspot.net; img-src https://www.google.com https://www.google.co.uk https://img.youtube.com https://bmtmarketing.azureedge.net https://bmtmarketingdevelopment.azureedge.net https://bmtblobdevelopment.blob.core.windows.net https://bmtblobstaging.blob.core.windows.net https://bmtblobproduction.blob.core.windows.net https://bmtblobdraft.blob.core.windows.net 'self' data: https://stats.g.doubleclick.net https://mt.google.com/ https://dashboard.umbraco.org https://*.sharethis.com https://maps.googleapis.com https://maps.gstatic.com https://projects.bmtcontent.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/ads https://www.google.co.uk/ads https://ssl.gstatic.com https://www.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://px.ads.linkedin.com https://p.adsymptotic.com https://forms.hsforms.com https://*.hubspot.com https://www.bmt.org https://demo-au.arlo.co https://picsum.photos https://i.picsum.photos https://i.ibb.co https://wc1.prod3.arlocdn.net https://px4.ads.linkedin.com https://bmteventsproduction.blob.core.windows.net https://no-cache.hubspot.com https://perf.hsforms.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.hubspot.net https://js.hscta.net https://*.hsforms.net https://*.hsforms.com https://i.ytimg.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; frame-src 'self' https://www.youtube.com https://youtu.be https://*.sharethis.com https://c.sharethis.mgr.consensu.org https://www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://bmtblobdevelopment.blob.core.windows.net https://bmtblobproduction.blob.core.windows.net https://bmtblobdraft.blob.core.windows.net https://bmtmarketingcorporatesitedevelopment.azurewebsites.net https://cdn.knightlab.com https://forms.hsforms.com https://www.bmtcontent.com https://duncankitts.github.io/Docs/ https://*.hs-sites.com https://*.hubspot.com https://*.hsforms.net https://*.hsforms.com *.google.com; frame-ancestors 'self' my.sharpcloud.com; connect-src 'self' https://stats.g.doubleclick.net https://dc.services.visualstudio.com https://*.sharethis.com https://www.bmtintra.net https://link.socxo.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://dmtrk.net/signup.ashx https://www.google-analytics.com https://*.hubapi.com https://*.hs-banner.com https://forms.hsforms.com https://www.bmt.org https://*.hubspot.com https://hubspot-forms-static-embed.s3.amazonaws.com https://www.google.com/pagead/ https://cta-service-cms2.hubspot.com https://googleads.g.doubleclick.net/pagead/ https://region1.google-analytics.com https://region1.analytics.google.com https://*.hscollectedforms.net https://js.hscta.net https://*.hubspot.com https://*.hsforms.com https://cdn.linkedin.oribi.io https://*.googleapis.com *.google.com https://*.gstatic.com https://px.ads.linkedin.com; child-src https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.hsforms.com;  1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleoptimize.com https://static.cloudflareinsights.com https://*.legalcdn.org https://*.legalcdn.com https://static.legalcdn.org https://yastatic.net https://*.yandex.ru https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.google.com https://*.yandex.net https://*.newrelic.com;frame-src 'self' https://player.vimeo.com https://www.youtube-nocookie.com/ https://*.soundcloud.com https://*.yandex.ru https://*.youtube.com https://*.facebook.com https://*.twitter.com https://*.gstatic.com https://*.google.com https://*.yandex.net;object-src 'self' https://*.legalcdn.com https://*.legalcdn.org https://*.youtube.com https://*.gstatic.com https://*.google.com https://*.yandex.net;child-src 'self' blob: https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com;worker-src 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.google.com https://*.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://www.youtube.com https://cdn.outfunnel.com https://reports.hrmdirect.com https://googleads.g.doubleclick.net https://www.googleadservices.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://fonts.googleapis.com https://reports.hrmdirect.com; connect-src 'self' https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; child-src 'self' https://www.google.com https://www.youtube.com https://eganco.hrmdirect.com https://www.surveymonkey.com/; frame-ancestors 'self'; object-src 'none'; manifest-src 'self' 1
img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.boschcarservice.com *.dxtservice.com *.bosch.com *.snap.licdn.com *.licdn.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net *.bosch.tech *.mobility-media.cloud *.newrelic.com *.nr-data.net *.youtube.com *.google.com; object-src 1
frame-ancestors 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net tarteaucitron.io *.tarteaucitron.io *.google-analytics.com *.addthis.com *.googletagmanager.com *.matomo.cloud *.addtoany.com *.infisecure.com *.flippingbook.com *.cloudfront.net;report-uri https://prod.ap.batic.cudasvc.com/xenios/api/v1/violation/report?paid=16904&v=v2.0&payload=_FoJkOqEbfW1XXuKby3am-o___4lDeRV53d9UhTwNOBNllXzv3b9LXc7IQSU4Y-Vd5Je05CRcJm_xcuPsvSrpLgyXuMr1Gb2hTgYU_ZgMiGBVVbqMfhJQ-SgmZWaSS3vb7r635JPvOVuk9Im46TyAuBuSfBRO7zaXO0kYMwkzdlDLAHwZwmH9-762LEeJ2HN;worker-src 'self' *.flippingbook.com *.cloudfront.net blob:; 1
default-src 'unsafe-inline' 'unsafe-eval' https://www.communardo.de/ https://www.communardo.com/ https://cloud.ccm19.de/; script-src 'unsafe-inline' 'unsafe-eval' https://www.communardo.de/ https://www.communardo.com/ https://www.googletagmanager.com https://www.google-analytics.com https://cloud.ccm19.de/ https://mktdplp102cdn.azureedge.net/ https://bat.bing.com/ https://snap.licdn.com/ https://*.clarity.ms/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://www.google.com/pagead/ https://www.google.de/pagead/ https://www.googleadservices.com/ https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/ blob:; font-src 'self' data:; style-src 'unsafe-inline' https://www.communardo.de/ https://www.communardo.com/ https://cloud.ccm19.de/ https://www.googletagmanager.com/; img-src 'self' https://www.google.com/ads/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://region1.google-analytics.com/ https://cloud.ccm19.de/ https://3031fe3dd6bb44a6a741f6d59fbe3b49.svc.dynamics.com/ https://region1.analytics.google.com/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://www.google.de/ads/ https://www.google.com/pagead/ https://www.google.de/pagead/ https://*.ads.linkedin.com/ https://www.linkedin.com/px/ https://bat.bing.com/ https://*.clarity.ms/ https://c.bing.com/ https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/ data:; frame-src 'self' https://www.youtube-nocookie.com/ https://cloud.ccm19.de/ https://3031fe3dd6bb44a6a741f6d59fbe3b49.svc.dynamics.com/ https://www.facebook.com/ https://my.matterport.com/ https://td.doubleclick.net/; connect-src https://www.communardo.de/ https://www.communardo.com/ https://cloud.ccm19.de/ https://3031fe3dd6bb44a6a741f6d59fbe3b49.svc.dynamics.com/ https://region1.google-analytics.com/ https://region1.analytics.google.com/ https://stats.g.doubleclick.net/ https://cdn.linkedin.oribi.io/ https://*.clarity.ms/ https://www.google-analytics.com/ https://www.facebook.com/tr/ https://bat.bing.com/ https://assets-eur.mkt.dynamics.com/bf501745-d7d2-4138-ad71-bdd2d5cb87ed/ https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/ https://public-eur.mkt.dynamics.com/api/v1.0/orgs/bf501745-d7d2-4138-ad71-bdd2d5cb87ed/ https://px.ads.linkedin.com/ https://www.google.com/pagead/ https://www.google.com/ccm/ https://googleads.g.doubleclick.net/; object-src 'none' 1
default-src 'self' *; font-src *;img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' fonts.googleapis.com; 1
base-uri 'self'; upgrade-insecure-requests; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' accountingsuite.com *.accountingsuite.com ajax.googleapis.com assets-global.website-files.com cdnjs.cloudflare.com connect.facebook.net d3e54v103j8qbb.cloudfront.net googleads.g.doubleclick.net js.zohocdn.com pi.pardot.com rum-static.pingdom.net salesiq.zoho.com script.hotjar.com static.hotjar.com unpkg.com www.google.com www.googletagmanager.com www.gstatic.com td.doubleclick.net static.zohocdn.com assets.calendly.com player.vimeo.com maps.googleapis.com *.website-files.com; 1
script-src 'self' https: 'unsafe-inline' 'unsafe-eval' 1
script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube-nocookie.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google.com/pagead/conversion_async.js https://connect.facebook.net/en_US/fbevents.js https://www.googletagmanager.com/  https://googleads.g.doubleclick.net https://www.googleadservices.com https://static.newsletter2go.com/utils.js https://www.hfbk-dresden.de/piwik/piwik.js https://static.b-ite.com/jobs-api/loader-v1/api-loader-v1.min.js https://cs-assets.b-ite.com/hochschule-bildende-kunste-dresden/jobs-api/main-listing.min.js  https://static.b-ite.com/jobs-api/v5/api-v5.min.js https://www.youtube.com/s/player/248ded94/www-widgetapi.vflset/www-widgetapi.js; frame-ancestors 'self' https://www.hfbk-dresden.de 1
frame-ancestors 'self' *.myzoleo.com :*; 1
upgrade-insecure-requests; frame-ancestors 'self' https://www.googletagmanager.com https://flex.msn.com https://player.vimeo.com; 1
script-src http: https: https://www.curtarra.com/ 'self' https://www.googletagmanager.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' blob: https: 'unsafe-inline' https://www.curtarra.com/; img-src data: http: https: blob: https://qhmodel-viewer-oss.coohom.com https://www.coohom.com; object-src 'none'; base-uri 'none'; child-src 'self' blob: https://www.curtarra.com/; font-src 'self' fonts.gstatic.com blob: filesystem: data: https: https://www.curtarra.com/ https://cdn.livechatinc.com; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.trustpilot.com *.imagekit.io *.stripe.com *.afterpay.com *.rewardStyle.com 'self' https://secure.livechatinc.com/ https://td.doubleclick.net/ https://ct.pinterest.com/ https://www.facebook.com/ https://widget-engine.fbot.me/ https://extcall.17track.net/  https://utt.impactcdn.com https://gum.criteo.com/ https://static.criteo.net/ https://static.klaviyo.com https://fledge.us.criteo.com/  https://www.track123.com/ https://y.clarity.ms/ https://qhmodel-viewer-oss.coohom.com https://www.coohom.com; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com 'self' data: data: *.stamped.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net *.livechatinc.com *.braintreegateway.com *.kaptcha.com www.paypalobjects.com *.affirm.com *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io camo.githubusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com *.googleapis.com www.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com maps.gstatic.com 'self' data: maps.googleapis.com *.cloudfront.net www.google.pl *.stamped.io *.amazonaws.com *.userway.org verify.authorize.net scontent.cdninstagram.com *.affirm.com *.routeapp.io *.ruskniga.com *.stpgoods.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com f.vimeocdn.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com www.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.authorize.net sandbox-assets.secure.checkout.visa.com maps.googleapis.com www.google.com *.gstatic.com maps.gstatic.com http://translate.google.com translate.googleapis.com includes.ccdc02.com static.zdassets.com cdn.inspectlet.com *.stamped.io *.livechatinc.com *.userway.org www.klarnapayments.com *.affirm.com *.routeapp.io https://bam.nr-data.net https://js-agent.newrelic.com  https://maps.googleapis.com https://www.stpgoods.com *.ruskniga.com https://www.facebook.com *.adscale.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com downloads.mailchimp.com *.gstatic.com *.stamped.io www.klarnapayments.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com *.googleapis.com *.authorize.net t.elasticsuite.io *.google-analytics.com ekr.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com hn.inspectlet.com stamped.io *.braintreegateway.com *.livechatinc.com *.userway.org graph.instagram.com *.affirm.com *.route.com https://bam.nr-data.net https://maps.googleapis.com https://www.facebook.com *.googlesyndication.com https://google.com/pay stats.g.doubleclick.net *.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://z1.le.liveperson.net; 1
frame-src 'self' https://cflscoreboard.cfl.ca/ http://cflscoreboard.cfl.ca/ https://*.googlesyndication.com https://www.facebook.com/ https://www.google.com/ https://players.brightcove.net/ https://*.doubleclick.net https://player.simplecast.com/ https://*.oseg.ca https://www.youtube.com/ https://*.fevo.com/ https://forums.cfl.ca/ https://*.argonauts.ca/ https://player.vimeo.com/ https://w.soundcloud.com/ https://*.f2p.media.geniussports.com/ https://cdn.flipsnack.com/ https://mlse.formstack.com/ https://issuu.com/ https://gsm-widgets.betstream.betgenius.com/ https://chat.satis.fi/ https://tradablebits.com/ https://embed.waze.com/ https://gamezone.cfl.ca/ https://platform.twitter.com/ https://www.instagram.com/ https://www.tiktok.com/ https://interland3.donorperfect.net/ https://chartbeat.com/ https://static2.chartbeat.com/ https://*.acuityscheduling.com/ https://*.tagboard.com/ https://caimgs.s3-ca-central-1.amazonaws.com/ https://cdn.userway.org/ https://www.surveymonkey.com/ https://player.streamguys.com/ https://www.buzzsprout.com https://www.googleadservices.com/ https://console.googletagservices.com/ https://play.ottawaredblacks.com/ https://www.googletagservices.com/ https://www.tdplace.ca/ https://www.placetd.ca/ https://fevo-enterprise.com/; 1
font-src www.searchanise.com *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.searchserverapi.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.searchanise.com *.searchserverapi.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.searchanise.com *.google.com *.addthis.com *.pinterest.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.searchserverapi.com *.twitter.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io searchserverapi.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net kit.fontawesome.com searchserverapi.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com searchserverapi.com *.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com searchserverapi.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com *.ideal-postcodes.co.uk ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google.com google.com api.amplitude.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.aenova-group.com; img-src 'self' data: *.aenova-group.com *.craft-cdn.com https://chart.googleapis.com *.smmd.dev *.onlyfy.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.aenova-group.com *.stripe.com cdn.amcharts.com cdn.jsdelivr.net unpkg.com cdnjs.cloudflare.com *.smmd.dev static.srcspot.com; style-src 'self' 'unsafe-inline' *.aenova-group.com unpkg.com; font-src data: 'self' 'unsafe-inline' *.aenova-group.com; connect-src 'self' *.aenova-group.com *.craftcms.com *.smmd.dev static.srcspot.com; frame-src 'self' *.aenova-group.com *.stripe.com *.smmd.dev; frame-ancestors 'self' https://*.jobdatingdays.de *.smmd.dev *.smmd.team; 1
frame-ancestors 'self' *.mhplus-app.de analytics.mhplus.de; 1
default-src 'self' https://www.mpsv.cz https://data.mpsv.cz https://*.google-analytics.com https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ https://stats.g.doubleclick.net/ https://mapserver.mapy.cz https://api.mapy.cz https://test-chatbot.mpsv.cz:9000  https://test-chatbot.uradprace.cz:9000 https://chatbot.mpsv.cz:9000 https://chatbot.uradprace.cz:9000 https://stjprpsvchatbot001.blob.core.windows.net https://ca-da-mpsv-chat.braveriver-2ed65161.westeurope.azurecontainerapps.io https://da-test.mpsv.cz https://da.mpsv.cz https://pomoc.mluvii.com wss://pomoc.mluvii.com wss://test-chatbot.mpsv.cz:9001 wss://test-chatbot.uradprace.cz:9001 wss://chatbot.mpsv.cz:9001 wss://chatbot.uradprace.cz:9001 wss://*.predu.sk; img-src 'self' data: https://*.gstatic.com https://www.google-analytics.com https://c.seznam.cz/retargeting https://www.google.com/ads/ https://www.google.cz/ads/ https://www.google.com/pagead/ https://www.google.cz/pagead/ https://api.mapy.cz https://mapserver.mapy.cz https://test-chatbot.mpsv.cz:9000/ https://test-chatbot.uradprace.cz:9000/ https://chatbot.mpsv.cz:9000/ https://chatbot.uradprace.cz:9000/ https://stjprpsvchatbot001.blob.core.windows.net https://ca-da-mpsv-chat.braveriver-2ed65161.westeurope.azurecontainerapps.io https://*.predu.sk ; frame-src 'self' formapps: https://www.google.com https://www.googletagmanager.com/ https://vars.hotjar.com/ https://www.youtube.com https://player.rss.com/ https://www.youtube-nocookie.com https://chatbot.mpsv.cz:9000 https://chatbot.uradprace.cz:9000 https://ca-da-mpsv-chat.braveriver-2ed65161.westeurope.azurecontainerapps.io https://pomoc.mluvii.com https://test-chatbot.mpsv.cz:9000/ https://test-chatbot.uradprace.cz:9000/ https://stjprpsvchatbot001.blob.core.windows.net https://*.predu.sk data:; child-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.mpsv.cz https://*.gstatic.com https://www.googletagmanager.com/ https://www.googleadservices.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://c.seznam.cz/ https://googleads.g.doubleclick.net/ https://api.mapy.cz https://www.google.com https://www.google-analytics.com https://chatbot.mpsv.cz:9000 https://chatbot.uradprace.cz:9000 https://ca-da-mpsv-chat.braveriver-2ed65161.westeurope.azurecontainerapps.io https://pomoc.mluvii.com https://test-chatbot.mpsv.cz:9000/ https://test-chatbot.uradprace.cz:9000/ https://stjprpsvchatbot001.blob.core.windows.net https://czmpsvstorage.blob.core.windows.net https://portal.gov.cz https://*.predu.sk; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://fonts.googleapis.com https://api.mapy.cz https://ca-da-mpsv-chat.braveriver-2ed65161.westeurope.azurecontainerapps.io https://pomoc.mluvii.com https://test-chatbot.mpsv.cz:9000/ https://test-chatbot.uradprace.cz:9000/ https://chatbot.mpsv.cz:9000/ https://chatbot.uradprace.cz:9000/ https://stjprpsvchatbot001.blob.core.windows.net https://*.predu.sk; font-src 'self' data:  https://api.mapy.cz; frame-ancestors 'self' https://mpsv-ivp-lb.assecosk.local https://mpsv-up-ivp-lb.assecosk.local https://www.mpsv.cz https://www.uradprace.cz http://localhost:3000 1
default-src 'none'; img-src 'self' orchestration-privateid-bucket.s3.us-east-1.amazonaws.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; manifest-src 'self'; font-src 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; connect-src 'self' api.devel.cryptonets.ai api.develv2.cryptonets.ai api.orchestration.private.id api.cryptonets.ai api.prodv2.cryptonets.ai api.develv3.cryptonets.ai; form-action 'self'; frame-ancestors 'none'; child-src 'self'; 1
default-src 'self' cookie-cdn.cookiepro.com www.google-analytics.com img.youtube.com www.youtube.com www.vimeo.com player.vimeo.com pr.globenewswire.com ml-eu.globenewswire.com sentry.io cdn.plyr.io www.applytracking.com onetrust.com geolocation.onetrust.com data: *.amazonaws.com www.facebook.com *.google-analytics.com;script-src 'self' cdn.ravenjs.com js.hsforms.net cdn.jsdelivr.net www.googletagmanager.com cookie-cdn.cookiepro.com www.google-analytics.com www.youtube.com geolocation.onetrust.com www.vimeo.com player.vimeo.com connect.facebook.net 'unsafe-eval' 'unsafe-inline';style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.gstatic.com static2.sharepointonline.com;frame-ancestors 'self' www.googletagmanager.com www.youtube.com 1
default-src 'self' *.speechstream.net *.doubleclick.net *.google.com *.browsealoud.com *.google-analytics.com *.trac.jobs;   script-src 'self' map.footways.london *.google.com *.trac.jobs *.speechstream.net *.google-analytics.com *.syndication.twimg.com *.twitter.com *.browsealoud.com *.cqc.org.uk *.googletagmanager.com www.google.com www.gstatic.com *.ytimg.com translate.google.com translate.googleapis.com 'unsafe-inline';   style-src 'self' *.trac.jobs *.twitter.com *.browsealoud.com *.cqc.org.uk *.googletagmanager.com fonts.googleapis.com platform.twitter.com translate.googleapis.com 'unsafe-inline';   img-src * data:;   media-src 'self' *.twitter.com *.browsealoud.com *.cqc.org.uk *.googletagmanager.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com *.ci.vimeows.com blob:;   object-src 'self' *.twitter.com *.browsealoud.com *.cqc.org.uk *.googletagmanager.com *.googlevideo.com *.ytimg.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com *.ci.vimeows.com;   frame-src 'self' map.footways.london *.google.com *.twitter.com *.browsealoud.com *.cqc.org.uk *.googletagmanager.com *.youtube.com *.youtube-nocookie.com *.twitter.com player.vimeo.com 'unsafe-inline';   form-action 'self';   frame-ancestors 'none';   base-uri 'self';   font-src 'self' *.twitter.com *.browsealoud.com *.cqc.org.uk *.googletagmanager.com fonts.gstatic.com;   worker-src 'none'; 1
frame-ancestors 'self' *.bdrsuite.com *.connexxanetworks.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.google-analytics.com *.youtube.com *.google.co.jp *.cloudfront.net *.jquery.com *.twitter.com *.facebook.com *.facebook.net *.cdninstagram.com *.cloudflare.com *.typekit.net *.bootstrapcdn.com *.doubleclick.net tabiiro.jp coubic.com *.ytimg.com *.plyr.io *.formzu.net *.chatplus.jp *.ppp05.smpee.com testserv99.but.jp ; 1
frame-ancestors 'self' *.alamode.com *.titanappraisal.com titanappraisal.com; connect-src 'self' *.alamode.com *.googleapis.com https://storage.googleapis.com *.titanappraisal.com titanappraisal.com; 1
frame-ancestors 'self'       *.interactivebrokers.com       *.interactivebrokers.ca       *.interactivebrokers.com.hk       *.interactivebrokers.hk       *.interactivebrokers.ch       *.interactivebrokers.eu       *.interactivebrokers.com.sg       *.ibkr.com.sg       *.interactivebrokers.ch       *.interactivebrokers.co.uk       *.interactivebrokers.com.au       *.interactivebrokers.co.jp       *.interactivebrokers.co.in       *.ibkram.com       *.interactiveadvisors.com       *.clientam.com       *.ibkr.info       *.interactivebrokers.info       *.youtube.com       *.ibkr.com       *.ibkr.com.cn       *.clientam.com       *.clientam.ch       *.clientam.com.hk       *.covestor.com       *.go-mpulse.net       *.akstat.io       IBKR.docebosaas.com       *.doubleclick.net; 1
frame-ancestors *.inboyu.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-H5eX68yuh3Kufc-10qy-zQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
base-uri 'self';connect-src 'self' consent.app.cookieinformation.com policy.app.cookieinformation.com static.infra.entryscape.com region1.google-analytics.com www.google-analytics.com *.kundo.se *.pusher.com wss://ws-eu.pusher.com catalog.upphandlingsmyndigheten.se dc.services.visualstudio.com;default-src 'self';frame-src form.apsis.one policy.app.cookieinformation.com www.google.com www.googletagmanager.com *.kundo.se web103.reachmee.com *.youtube-nocookie.com *.youtube.com;font-src 'self' static.cdn.entryscape.com use.fontawesome.com use.typekit.net;img-src 'self' data: 'unsafe-inline' www.googletagmanager.com *.google-analytics.com ssl.gstatic.com kundo.se *.kundo.se kundo-web-uploaded-files-prod.s3.amazonaws.com kundo-uploads-prod.s3.amazonaws.com p.typekit.net kriteriedatabas.upphandlingsmyndigheten.se test-kriteriedatabas.upphandlingsmyndigheten.se www.upphandlingsmyndigheten.se;media-src *.kundo.se;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' policy.app.cookieinformation.com static.cdn.entryscape.com dl.episerver.net use.fontawesome.com tagmanager.google.com www.googletagmanager.com *.google-analytics.com chat.kundo.se static-chat.kundo.se *.vo.msecnd.net web103.reachmee.com use.typekit.net catalog.upphandlingsmyndigheten.se www.youtube.com;style-src 'self' 'unsafe-inline' use.fontawesome.com tagmanager.google.com www.googletagmanager.com fonts.googleapis.com chat.kundo.se static-chat.kundo.se p.typekit.net use.typekit.net;report-uri https://www.upphandlingsmyndigheten.se/csp-report-submission/report-uri;report-to default; 1
default-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' https://helpdesk.vodafonekabelforum.de; base-uri 'self'; form-action 'self'; frame-ancestors 'none' 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src *; frame-ancestors 'self' ; object-src 'none'; base-uri 'self' ; 1
default-src 'self' 'unsafe-inline' https:; script-src 'self' https: data: blob:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; style-src-elem 'self' 'unsafe-inline' https:; object-src 'none'; media-src 'self' https:; connect-src 'self' https: data: blob: wss:; img-src 'self' https: data: blob:; font-src 'self' https: data:; worker-src blob:; frame-src 'self' https:; frame-ancestors 'self'; 1
frame-ancestors 'self' https://app.storyblok.com https://myworld360ag.germany-2.evergage.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://imaginair.es; img-src 'self' data: blob: https://imaginair.es; style-src 'self' https://imaginair.es 'nonce-zFe9hwwdEAOlGodOLRl7jQ=='; media-src 'self' data: https://imaginair.es; frame-src 'self' https:; manifest-src 'self' https://imaginair.es; form-action 'self'; child-src 'self' blob: https://imaginair.es; worker-src 'self' blob: https://imaginair.es; connect-src 'self' data: blob: https://imaginair.es wss://imaginair.es; script-src 'self' https://imaginair.es 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://images.101datacenter.net https://*.101domain.com https://chat.livecustomer.com https://my.101domain.com https://*.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://www.youtube.com https://secure.campaigner.com https://connect.facebook.net https://*.kissmetrics.com https://*.googleapis.com https://*.facebook.com https://*.llnwd.net https://*.doubleclick.net https://*.infusionsoft.com https://*.google.bg https://d3pkntwtp2ukl5.cloudfront.net https://*.livechatinc.com https://*.googleusercontent.com https://*.gstatic.com https://*.linkedin.com https://*.bing.com https://*.infusionsoft.app https://*.adsymptotic.com https://*.truste.com https://*.comodo.com https://*.trust-provider.com https://*.101d.dev https://*.101s.dev https://*.ytimg.com https://*.clarity.ms https://*.videodelivery.net https://*.devicevalidation.io https://cdn.livechat-files.com https://cdn.linkedin.oribi.io https://*.licdn.com https://*.cloudflareinsights.com https://code.createjs.com data: 1
default-src https: 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com; img-src * data:; frame-ancestors 'self' 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri https://www.efp.org/?eID=error 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' global.oktacdn.com secure.loginpreview.spglobal.com secure.login.spglobal.com ajax.googleapis.com www.google-analytics.com *.vidyard.com optanon.blob.core.windows.net code.jquery.com geolocation.onetrust.com www.googletagmanager.com assets.adobedtm.com cdn.cookielaw.org assets.adobedtm.com s.yimg.com snap.licdn.com munchkin.marketo.net static.ads-twitter.com 1
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; base-uri 'self'; 1
default-src 'self' bezwaar.cvdm.nl cvdm.nl https://*.fontawesome.com https://google.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com intrekkingeigenverzoek.cvdm.nl melding-cmoa.cvdm.nl nevenactiviteiten.cvdm.nl publieksvragen-en-signalen.cvdm.nl registratiewebradiokanaal.cvdm.nl toestemming-commercieel.cvdm.nl toestemming-evenement.cvdm.nl video-uploaders.cvdm.nl werkenbijcvdm.nl wob-verzoeken.cvdm.nl woo-verzoeken.cvdm.nl www.cvdm.nl www.werkenbijcvdm.nl; img-src * blob: data:; media-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' bezwaar.cvdm.nl cvdm.nl https://*.googleapis.com https://apis.google.com https://f.vimeocdn.com https://googleads.g.doubleclick.net https://kit-pro.fontawesome.com https://kit.fontawesome.com https://maps.google.com https://player.vimeo.com https://ssl.google-analytics.com https://tagmanager.google.com https://use.typekit.com https://use.typekit.net https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com intrekkingeigenverzoek.cvdm.nl melding-cmoa.cvdm.nl nevenactiviteiten.cvdm.nl publieksvragen-en-signalen.cvdm.nl registratiewebradiokanaal.cvdm.nl toestemming-commercieel.cvdm.nl toestemming-evenement.cvdm.nl video-uploaders.cvdm.nl werkenbijcvdm.nl wob-verzoeken.cvdm.nl woo-verzoeken.cvdm.nl www.cvdm.nl www.werkenbijcvdm.nl; font-src 'self' bezwaar.cvdm.nl cvdm.nl data: https://fonts.gstatic.com https://use.fontawesome.com https://use.typekit.com https://use.typekit.net intrekkingeigenverzoek.cvdm.nl melding-cmoa.cvdm.nl nevenactiviteiten.cvdm.nl publieksvragen-en-signalen.cvdm.nl registratiewebradiokanaal.cvdm.nl toestemming-commercieel.cvdm.nl toestemming-evenement.cvdm.nl video-uploaders.cvdm.nl werkenbijcvdm.nl wob-verzoeken.cvdm.nl woo-verzoeken.cvdm.nl www.cvdm.nl www.werkenbijcvdm.nl; style-src 'self' 'unsafe-inline' bezwaar.cvdm.nl cvdm.nl https://fonts.googleapis.com https://p.typekit.net https://use.fontawesome.com https://use.typekit.net intrekkingeigenverzoek.cvdm.nl melding-cmoa.cvdm.nl nevenactiviteiten.cvdm.nl publieksvragen-en-signalen.cvdm.nl registratiewebradiokanaal.cvdm.nl toestemming-commercieel.cvdm.nl toestemming-evenement.cvdm.nl video-uploaders.cvdm.nl werkenbijcvdm.nl wob-verzoeken.cvdm.nl woo-verzoeken.cvdm.nl www.cvdm.nl www.werkenbijcvdm.nl; frame-src 'self' bezwaar.cvdm.nl cvdm.nl https://player.vimeo.com https://www.google.com https://www.youtube.com intrekkingeigenverzoek.cvdm.nl melding-cmoa.cvdm.nl nevenactiviteiten.cvdm.nl publieksvragen-en-signalen.cvdm.nl registratiewebradiokanaal.cvdm.nl toestemming-commercieel.cvdm.nl toestemming-evenement.cvdm.nl video-uploaders.cvdm.nl werkenbijcvdm.nl wob-verzoeken.cvdm.nl woo-verzoeken.cvdm.nl www.cvdm.nl www.werkenbijcvdm.nl 1
frame-ancestors 'self' http://www.sirkensingtons.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com 1
default-src *;script-src * 'unsafe-inline' 'unsafe-eval';font-src *;style-src * 'unsafe-inline';img-src * data:;media-src * blob:;connect-src * blob: 1
data: 1
base-uri 'self'; object-src 'self'; child-src 'self' https://*.youtube.com; connect-src 'self' wss://proxy.qubeshub.org wss://vncproxy.qubeshub.org wss://qubeshub.org https://qubeshub.org/api/members/tools/diskusage https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.dropbox.com https://api.scite.ai https://maps.googleapis.com https://docs.google.com https://monorail-edge.shopifysvc.com/v1/ https://simiode.myshopify.com/api/2021-07/ https://region1.google-analytics.com/g/ https://sagecell.sagemath.org wss://sagecell.sagemath.org/sockjs/; default-src 'self' https://*.qubeshub.org; font-src about: chrome-extension: data: https://fonts.gstatic.com safari-extension: 'self' https://use.typekit.net https://storage.googleapis.com/speechify-website-assets/fonts/ https://cdn.scite.ai/assets/fonts/scite-icons/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cdn.scite.ai/assets/fonts/scite-icons/ https://use.fontawesome.com/releases/v4.7.0/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.11.2/webfonts/ https://at.alicdn.com/t/ https://fonts.cdnfonts.com/css/dejavu-serif https://sagecell.sagemath.org/static/ https://cdn.jsdelivr.net/npm/mathjax@3/es5/ https://fonts.cdnfonts.com/s/109/; form-action 'self' https://platform.twitter.com https://syndication.twitter.com https://www.paypal.com/donate https://www.paypal.com/cgi-bin/webscr; frame-ancestors 'self' https://qubeshub.org/; frame-src 'self' https://*.qubeshub.org https://content.googleapis.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://youtube.com https://player.vimeo.com https://calendar.google.com https://www.youtube.com https://vimeo.com https://docs.google.com https://accounts.google.com https://recaptcha.net https://admin.google.com https://syndication.twitter.com https://platform.twitter.com https://app.genial.ly/ https://app.involve.me/qubes/ https://cdnapisec.kaltura.com https://community.gep.wustl.edu https://creativecommons.org https://docs.google.com https://etherpad.opendev.org https://etherpad.openstack.org https://fortress.maptive.com https://giphy.com https://gvsu.hosted.panopto.com https://open.spotify.com https://padlet.com/ https://rpubs.com https://shorts.flipgrid.com https://w.soundcloud.com/ https://www.educreations.com https://www.geogebra.org https://www.google.com/ https://www.mentimeter.com https://www.rpubs.com https://www.youtube.com; img-src * data: image: file: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com/maps-api-v3/api/js/ https://maps.googleapis.com/maps/api/js/ https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps/vt https://www.googletagmanager.com/gtag/js https://www.google.com/jsapi https://www.gstatic.com/charts/ https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/ https://cdnjs.cloudflare.com/ajax/libs/gsap/ https://apis.google.com/js/client:plusone.js https://apis.google.com/_/scs/apps-static/_/js/ https://cdn.syndication.twimg.com/timeline/ https://platform.twitter.com/widgets.js https://abs.twimg.com/responsive-web/client-web/ https://platform.twitter.com/js/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js https://cdn.mathjax.org/mathjax/contrib/a11y/ https://code.jquery.com https://embedr.flickr.com/assets/ https://releases.flowplayer.org/ https://sdks.shopifycdn.com/ https://secure.givelively.org https://use.fontawesome.com/88cd5351e6.js https://widgets.flickr.com/embedr/ https://www.geogebra.org https://sagecell.sagemath.org/static/embedded_sagecell.js https://cdn.jsdelivr.net/npm/mathjax@3/es5/ https://pretextbook.org/js/ https://cdnjs.cloudflare.com/ajax/libs/lunr.js/ https://ssl.google-analytics.com/ga.js; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://www.google.com https://code.jquery.com https://cdnjs.cloudflare.com https://www.gstatic.com https://p.typekit.net https://use.typekit.net https://platform.twitter.com/css/ https://ton.twimg.com/tfw/css/ https://use.fontawesome.com/88cd5351e6.css https://use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css https://releases.flowplayer.org/ https://pretextbook.org/css/ https://fonts.cdnfonts.com/css/dejavu-serif.css https://fonts.cdnfonts.com/css/dejavu-serif; worker-src blob:; media-src 'self' data:; upgrade-insecure-requests; report-uri https://csp.hubzero.org/csp-cms.php 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *; font-src 'self' data: * 1
default-src 'self' *.doubleclick.net *.facebook.com *.youtube-nocookie.com *.protective.com *.concoursefinancial.com *.protectiveassetprotection.com experience.adobe.com; style-src 'self' 'unsafe-inline' *.morningstar.com *.googleapis.com *.cloudfront.net *.protective.com blob: *.protectiveassetprotection.com *.concoursefinancial.com *.google.com google.com *.gstatic.com gstatic.com *.myprotective.com *.niceincontact.com content.securedvisit.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.morningstar.com *.protective.com *.concoursefinancial.com *.protectiveassetprotection.com *.google.com google.com *.gstatic.com gstatic.com *.myprotective.com *.niceincontact.com; object-src data: 'unsafe-eval' blob: ; frame-src 'self' *.vimeo.com *.brightcove.net *.facebook.com *.youtube-nocookie.com *.sitecore.net *.twitter.com *.doubleclick.net *.google.com google.com *.gstatic.com gstatic.com *.protective.com *.concoursefinancial.com *.adsrvr.org api.securedvisit.com *.adobe.com *.adobelogin.com *.adobeaemcloud.com;img-src 'self' data: *.brightcove.net *.google-analytics.com t.co *.cloudfront.net *.linkedin.com *.protective.com *.yahoo.com *.vimeocdn.com *.boltdns.net *.akamaihd.net *.twitter.com *.yahoo.com *.facebook.com *.google.com *.adsymptotic.com *.brightcove.com *.protectiveassetprotection.com *.concoursefinancial.com *.google.com google.com *.gstatic.com gstatic.com *.eloqua.com *.doubleclick.net *.adsrvr.org *.scene7.com images.securedvisit.com track.securedvisit.com track.sv.rkdms.com *.adobe.com *.adobelogin.com *.adobeaemcloud.com; media-src 'self' data: *.protective.com *.akamaihd.net *.cloudfront.net *.google.com google.com *.gstatic.com gstatic.com *.boltdns.net; connect-src 'self' *.adobe.com *.adobelogin.com *.brightcove.net *.microsoftonline.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.yimg.com *.protective.com  *.nr-data.net *.morningstar.com *.brightcove.com *.btttag.com wss://*.visitors.live wss://visitors.live wss://niceincontact.com wss://*.niceincontact.com *.myprotective.com *.akamaihd.net *.boltdns.net *.google.com google.com *.gstatic.com gstatic.com *.myprotective.com *.b2clogin.com *.niceincontact.com data: http://test.userprofile.secure.protective.com *.azure.com *.fullstory.com *.linkedin.oribi.io *.concoursefinancial.com track.sv.rkdms.com *.adobeaemcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' experience.adobe.com *.cloudflare.com *.googleapis.com *.morningstar.com *.en25.com *.google-analytics.com *.doubleclick.net *.googleadservices.com *.yimg.com *.facebook.net *.linkedin.com *.googletagmanager.com *.ads-twitter.com *.licdn.com *.cloudfront.net *.twitter.com *.btttag.com *.zencdn.net *.youtube.com *.brightcove.net blob: *.protective.com *.newrelic.com *.protectiveassetprotection.com *.concoursefinancial.com *.google.com google.com *.gstatic.com gstatic.com *.myprotective.com *.msftauth.net *.msauth.net *.niceincontact.com *.google.com *.azure.com *.fullstory.com *.adsrvr.org *.eloqua.com *.nr-data.net api.securedvisit.com track.securedvisit.com content.securedvisit.com track.sv.rkdms.com; block-all-mixed-content; frame-ancestors 'self' *.b2clogin; 1
frame-ancestors 'self' https://*.facc.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://ssl.google-analytics.com https://www.google-analytics.com https://cdn-cookieyes.com/ https://www.googletagmanager.com/ https://static.cloudflareinsights.com https://cdn.ampproject.org https://download.instelikes.com https://storage.instelikes.com https://app.instelikes.com wss://app.instelikes.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://blog.instelikes.com https://cdn.ampproject.org https://download.instelikes.com  https://storage.instelikes.com https://static.cloudflareinsights.com; connect-src 'self' https://www.google-analytics.com https://*.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://cloudflareinsights.com https://download.instelikes.com https://cdn.ampproject.org https://blog.instelikes.com https://blog.instelikes.com.br https://storage.instelikes.com https://app.instelikes.com wss://app.instelikes.com https://cdn-cookieyes.com/ https://cookieyes.com/; img-src 'self' https://* data: blob:; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; disown-opener 1
default-src https: wss://*.hotjar.io wss://*.hotjar.com; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com cdn-cookieyes.com *.facebook.com *.facebook.net; frame-src 'self' *.youtube.com; object-src 'self'; style-src 'self' 'unsafe-inline' 1
script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; base-uri 'none'; frame-ancestors *; form-action *;media-src *; default-src 'self' www.optimizecdn.com; img-src * data: blob:; font-src * data:; style-src * 'unsafe-inline'; frame-src *; connect-src *; 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-xIktBiIRhjWT2qoH98jXOw==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src 'self' blob: ; media-src 'self' data: https://*.amazonaws.com https://*.vimeocdn.com https://*.cloudfront.net https://*.vimeo.com https://*.akamaized.net; connect-src 'self' https://*.eclkc.info https://*.amazonaws.com https://*.cloudfront.net https://*.googleapis.com https://*.google.com https://*.google-analytics.com https://*.siteimprove.com https://*.doubleclick.net; img-src 'self' https://*.eclkc.info https://*.vzaar.com https://*.amazonaws.com https://*.vimeocdn.com https://*.cloudfront.net https://*.dacast.com https://*.google-analytics.com https://*.googleapis.com https://*.siteimproveanalytics.io https://*.gstatic.com https://*.google.com https://*.doubleclick.net data: about: ; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.dacast.com https://whatfix.com https://*.eclkc.info https://use.fortawesome.com https://www.cdc.gov https://cdn.siteimprove.net https://*.printfriendly.com https://tagmanager.google.com https://use.typekit.net https://s.ytimg.com https://www.youtube.com https://alleninteractions.atlassian.net https://player.vzaar.com https://dap.digitalgov.gov https://code.jquery.com https://*.kxcdn.com https://siteimproveanalytics.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com; script-src-elem 'self' blob: 'unsafe-inline' https://*.googleapis.com https://translate.google.com https://*.dacast.com https://whatfix.com https://*.eclkc.info https://*.cdc.gov https://tagmanager.google.com https://use.typekit.net https://s.ytimg.com https://www.youtube.com https://cdn.siteimprove.net https://*.printfriendly.com https://dap.digitalgov.gov https://player.vzaar.com https://cdnjs.cloudflare.com https://code.jquery.com https://use.fortawesome.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://siteimproveanalytics.com https://*.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com https://*.kxcdn.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://use.fortawesome.com https://cdn.printfriendly.com https://tagmanager.google.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://translate.googleapis.com https://stackpath.bootstrapcdn.com https://tagmanager.google.com https://cdn.printfriendly.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://use.fortawesome.com https://fonts.googleapis.com; font-src 'self' data: https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://use.typekit.net https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; frame-src 'self' https://*.dacast.com https://whatfix.com https://*.eclkc.info https://*.cdc.gov https://*.siteimprove.com https://headstart.maps.arcgis.com https://www.youtube.com https://docs.google.com https://drive.google.com https://ncecdtl.wufoo.com  https://*.printfriendly.com https://cdn.embedly.com https://data.hrsa.gov https://player.vimeo.com https://vimeo.com https://maps.google.com https://view.vzaar.com https://app.smartsheet.com https://www.google.com https://umassamherst.co1.qualtrics.com; frame-ancestors 'self' https://*.lingotek.com https://umassamherst.co1.qualtrics.com 1
default-src 'self'; script-src 'self' 'nonce-LlLd66IP6fY1326SkckahA=='; style-src 'self' 'nonce-9k6wEVEuAzLFk+83BORWOA=='; img-src 'self'; font-src 'self'; 1
base-uri self 1
default-src 'self'; font-src 'none'; frame-ancestors 'self'; img-src 'self' data: www.gravatar.com *.wp.com tile.openstreetmap.org gps.tile.openstreetmap.org *.tile.thunderforest.com tile.tracestrack.com *.openstreetmap.fr matomo.openstreetmap.org https://openstreetmap-user-avatars.s3.dualstack.eu-west-1.amazonaws.com https://openstreetmap-gps-images.s3.dualstack.eu-west-1.amazonaws.com; manifest-src 'self'; media-src 'none'; object-src 'self'; script-src 'self' matomo.openstreetmap.org; worker-src 'none'; child-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; frame-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; connect-src 'self' matomo.openstreetmap.org https://nominatim.openstreetmap.org/ https://query.openstreetmap.org/query-features https://routing.openstreetmap.de/ https://graphhopper.com/api/1/route https://valhalla1.openstreetmap.de/route; form-action 'self' render.openstreetmap.org; style-src 'self' 'unsafe-inline' 'nonce-ShoPTfPwOWmGTyr3N1CUd9qCVYuIQ1rB' 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: assets.corporatespending.com wss://127.0.0.1:2022 wss://127.0.0.1:2044 bam.nr-data.net wss://127.0.0.1:2023 wss://127.0.0.1:2045 fonts.gstatic.com static2.sharepointonline.com wss://127.0.0.1:2038 at.alicdn.com wss://127.0.0.1:2043 wss://127.0.0.1:2021 wss://127.0.0.1:2039 wss://127.0.0.1:2041 www.gstatic.com wss://127.0.0.1:2037 www.csipaysystems.com assets.csiglobalvcard.com wss://127.0.0.1:2042 *.googleapis.com wss://127.0.0.1:2020 wss://127.0.0.1:2035 js-agent.newrelic.com wss://127.0.0.1:2040 wss://127.0.0.1:2036 rum-collector-2.pingdom.net wss://127.0.0.1:2033 wss://127.0.0.1:2029 cdnjs.cloudflare.com wss://127.0.0.1:2034 www.corporatespending.com wss://127.0.0.1:2027 wss://127.0.0.1:2032 gjtrack.ucweb.com rum-static.pingdom.net wss://127.0.0.1:2028 wss://127.0.0.1:2030 wss://127.0.0.1:2026 wss://127.0.0.1:2031 wss://127.0.0.1:2024 wss://127.0.0.1:2046 www.youtube.com www.google.com wss://127.0.0.1:2025 wss://127.0.0.1:2047; frame-ancestors 'self' www.google.com corporatespending--c.documentforce.com  1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-R5HwcMNqoq2IDjms4GhjrkwkSuQhPm4SFufPKP0j6MUZ5Sfm' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' https://www.nomuraconnects.com; default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' https://snap.licdn.com/li.lms-analytics/insight.min.js https://g10300385420.co https://www.googletagmanager.com 'sha256-KSIApGzm6DYQRCzNzkFaP32nXnkMy07agsKycPqyDnc=' 'sha256-EqfYkgIzDGSX9GTQAUAfA801CTIyUFujcPs+rLJ5k5U=' 'sha256-bYpJmIZg5uU9HMyKx9oEXCP/ZLzFZM/ki5imOytrBIo=' 'sha256-Dqot8fwFISgIoC01rNDqDgF3KiIvyO5tpQairVw9mkI=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-Bbc5oRiwCU748cdlYFyZPQdZNJIvs3FyBM9l9sGlyRw=' 'sha256-0I/baUeh0Qv83KWPBRh4U0bdC97rkgKiCfX8VpGcZg0='; img-src 'self' d1qfwzw6aggd4h.cloudfront.net *.ads.linkedin.com *.doubleclick.net *.vod-progressive.akamaized.net; media-src 'self' *.vimeo.com *.youtube.com  *.vod-progressive.akamaized.net; connect-src 'self' *.google-analytics.com px.ads.linkedin.com *.nomuraconnects.com; frame-src 'self' *.vimeo.com *.youtube.com *.doubleclick.net; style-src 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: data:; base-uri 'self'; 1
frame-ancestors 'self' www.ttecdigital.com ttecdigital.com; 1
default-src http://127.0.0.1:45127 https://graph.microsoft.com https://cdnjs.cloudflare.com https://matomo.bluefiles.fr https://www.cybermalveillance.gouv.fr https://bluefilescom.oos.cloudgouv-eu-west-1.outscale.com https://helpdesk.bluefiles.com 'self' 'unsafe-inline' 'unsafe-eval' blob:; connect-src  http://127.0.0.1:45127 https://graph.microsoft.com https://cdnjs.cloudflare.com https://matomo.bluefiles.fr https://www.cybermalveillance.gouv.fr https://bluefilescom.oos.cloudgouv-eu-west-1.outscale.com https://helpdesk.bluefiles.com 'self' data:; worker-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self'  https://assets.capterra.com data: blob: 1
frame-ancestors 'self' https://buttercms.com; 1
default-src 'self' *.samsung.com *.samsungosp.com *.samsung.net *.tizenstore.com *.tosspayments.com *.uplus.co.kr paynow.co.kr *.midtrans.com i.k-analytix.com *.samsungcareplus.com *.api.kt.com eips.olleh.com eips.olleh.com:19443 'unsafe-inline' 'unsafe-eval'; 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com www1.beautybase.com; base-uri 'self'; object-src 'none' 1
default-src 'self'; frame-src 'self' *.youtube.com youtu.be *.smartertools.com;script-src * 'unsafe-inline';font-src * 'unsafe-inline' data:;img-src * 'unsafe-inline' data: blob:;style-src * 'unsafe-inline';media-src *;frame-ancestors 'self';connect-src *; 1
style-src-elem 'unsafe-inline' 'self' maxcdn.bootstrapcdn.com kendo.cdn.telerik.com cdn.jsdelivr.net/npm/intl-tel-input@18.1.1/build/css/intlTelInput.css;font-src 'self' kendo.cdn.telerik.com nrcm.s3.amazonaws.com;frame-ancestors 'self';default-src 'self' nrcm.s3.amazonaws.com fonts.gstatic.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' nrcm.s3.amazonaws.com data.newsroom.co *.schema.org *.weblication.de iway.ch *.google-analytics.com *.googletagmanager.com maps.googleapis.com *.google.com *.google.ch *.newsroom.com *.move.ch *.ewb.ch *.issuu.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net api.userlike.com *.runmyprocess.com *.facebook.com *.facebook.net;img-src data: 'self' *.fbcdn.net *.xx.fbcdn.net cdn.jsdelivr.net pbs.twimg.com nrcm.amazonaws.com nrcm.s3.amazonaws.com swisspower.ch *.google.com *.google.ch googleads.g.doubleclick.net px.ads.linkedin.com *.linkedin.com *.facebook.com *.weblication.de *.iway.ch maps.gstatic.com *.googleapis.com *.ggpht.com *.google-analytics.com *.googletagmanager.com;frame-src 'self' https://ewb.newsletter360.ch *.move.ch *.runmyprocess.com *.iway.ch *.weblication.de *.ewb.ch *.issuu.com *.google.com *.google.ch *.vimeo.com *.youtube-nocookie.com *.youtube.com *.facebook.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net/npm/intl-tel-input@18.1.1/build/css/intlTelInput.css *.weblication.de fonts.googleapis.com e.issu.com;script-src-elem 'self' kendo.cdn.telerik.com cdn.polyfill.io cdnjs.cloudflare.com www.gstatic.com cdn.jsdelivr.net/npm/intl-tel-input@18.1.1/build/js/intlTelInput.min.js cdn.jsdelivr.net/npm/intl-tel-input@18.1.1/build/js/utils.js *.hotjar.com snap.licdn.com *.b-cdn.net *.cloudfront.net data.newsroom.co *.amazonaws.com *.google.com *.google.ch *.googletagmanager.com *.google-analytics.com *.googleadservices.com maps.googleapis.com *.facebook.net 'unsafe-inline' iway.ch *.weblication.de; connect-src 'self' *.hotjar.com *.hotjar.io wss://ws.hotjar.com/api/v2/client/ws *.userlike.com *.userlike-cdn-umm.b-cdn.net *.amazonaws.com api.newsroom.co cdn.linkedin.oribi.io *.facebook.com iway.ch ewb-integra.ch *.weblication.de *.google.com https://googleads.g.doubleclick.net *.analytics.google.com *.analytics.com *.google-analytics.com maps.googleapis.com stats.g.doubleclick.net 1
default-src 'self' https://www.osmo.com; style-src 'self' 'unsafe-inline' https://www.osmo.com  https://*.googleapis.com; script-src 'self' 'unsafe-inline' https://www.osmo.com https://*.cookiebot.com https://*.googletagmanager.com https://*.google-analytics.com https://*.youtube.com https://*.google.com https://*.gstatic.com https://*.googleapis.com; frame-src 'self' https://www.osmo.com https://*.cookiebot.com https://*.youtube.com; connect-src 'self' https://www.osmo.com https://*.cookiebot.com https://*.google-analytics.com https://*.doubleclick.net https://*.googleapis.com https://*.youtube.com https://*.googlevideo.com; img-src 'self' data: https://tze982.saas.contentserv.com https://www.osmo.com https://*.google-analytics.com https://*.googletagmanager.com https://*.youtube.com https://*.gstatic.com https://*.ggpht.com https://*.googleapis.com; font-src 'self' https://www.osmo.com https://*.gstatic.com https://*.googleapis.com 1
frame-ancestors 'self' http://www.sedal.com.ar unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ayom.media; img-src 'self' https: data: blob: https://ayom.media; style-src 'self' https://ayom.media 'nonce-IuPnIj1VcONhtwpduQCseQ=='; media-src 'self' https: data: https://ayom.media; frame-src 'self' https:; manifest-src 'self' https://ayom.media; form-action 'self'; child-src 'self' blob: https://ayom.media; worker-src 'self' blob: https://ayom.media; connect-src 'self' data: blob: https://ayom.media https://ayom.media wss://ayom.media; script-src 'self' https://ayom.media 'wasm-unsafe-eval' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  d2g43ubxtnccwi.cloudfront.net *.site24x7rum.eu apps.euw2.pure.cloud *.apps.euw2.pure.cloud api.mypurecloud.ie *.api.mypurecloud.ie *.curzon.com *.movio.co *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.gstatic.com *.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.ccdc02.com *.kaptcha.com *.vista.co *.vistamanaged.services *.paypalobjects.com *.site24x7rum.com platform-api.sharethis.com buttons-config.sharethis.com count-server.sharethis.com *.onetrust.com cdn.cookielaw.org code.jquery.com connect.facebook.net *.ads-twitter.com *.twitter.com t.co td.yieldify.com analytics.tiktok.com googleads.g.doubleclick.net custom.yieldify.com *.citrustelecom.net; style-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com *.googleapis.com *.vistamanaged.services fonts.gstatic.com *.curzon.com cdn.cookielaw.org; font-src 'self' *.curzon.com *.googleapis.com fonts.gstatic.com *.yieldify-production.com data:;  img-src * data: 'unsafe-eval' blob:; connect-src blob: *; frame-src * td.yieldify.com; frame-ancestors 'self'; media-src blob: *.cloudfront.net *.vistamanaged.services film-cdn.moviexchange.com; worker-src 'self' 1
default-src 'self' https:; frame-src 'self' jprime.com *.duosecurity.com *.xsp.com *.xsprisa.com blob: data:; font-src 'self' https: data:; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; 1
default-src https:; media-src https: data: ; img-src https: data: ; frame-ancestors 'self'; connect-src https: 'self' wss://kdawscom.3cx.uk:5001; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; font-src https: data: 'unsafe-inline'; report-uri https://protexia.report-uri.com/r/d/csp/enforce 1
worker-src 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 1
frame-ancestors 'self' *.arosuite.com;       default-src 'unsafe-inline' 'unsafe-eval' 'self' mailto: wss: data:        *.arosuite.com scdn.aro.ie static.arocdn.com *.cloudflare.com *.cookiebot.com *.cookiebot.eu *.clarity.ms squizlabs.github.io *.typekit.net *.akamaized.net *.engage-ui.com        *.googleapis.com *.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.googlesyndication.com *.facebook.com *.bing.com        *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat        *.youtube.com *.vimeo.com i.ytimg.com i.vimeocdn.com         my.matterport.com *.opentable.co.uk e.issuu.com *.otstatic.com contact-api.inguest.com;       object-src 'none'; 1
font-src 'self' https://*.freenet.de https://fonts.gstatic.com; img-src * data:; frame-ancestors 'self' https://*.freenet.de; object-src 'self'; base-uri 'self'; 1
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data: ; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' ; frame-ancestors 'self' *.indsci.com;; upgrade-insecure-requests 1
default-src https 'self'; child-src * data: blob:; connect-src 'self' blob: www.dropbox.com api.dropboxapi.com s3.amazonaws.com/gumroad s3.amazonaws.com/gumroad/ gumroad-public-storage.s3.amazonaws.com gumroad-public-storage.s3.amazonaws.com/ s3.amazonaws.com/gumroad-public-storage s3.amazonaws.com/gumroad-public-storage/ www.google.com www.gstatic.com *.facebook.com *.facebook.net *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com analytics.google.com *.analytics.google.com files.gumroad.com/ d1bdh6c3ceakz5.cloudfront.net/ *.braintreegateway.com www.paypalobjects.com *.paypal.com *.braintree-api.com iframe.ly app.gumroad.com; font-src * data: blob:; frame-src * data: blob:; img-src * data: blob:; media-src * data: blob:; object-src * data: blob:; script-src 'self' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com js.stripe.com api.stripe.com *.braintreegateway.com *.braintree-api.com www.paypalobjects.com *.paypal.com *.google-analytics.com *.googletagmanager.com optimize.google.com www.googleadservices.com www.google.com www.gstatic.com *.facebook.net *.facebook.com www.dropbox.com s.ytimg.com cdn.iframe.ly platform.twitter.com cdn.jwplayer.com *.jwpcdn.com gumroad.us3.list-manage.com analytics.twitter.com app.gumroad.com assets.gumroad.com 'nonce-qcqUmvRFAk4fU5v0wUnEVFcsbOSqA+BMt4s8/8NapYg=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' s.ytimg.com optimize.google.com assets.gumroad.com; worker-src * data: blob: 1
object-src 'self' *; frame-ancestors 'self'; frame-src 'self' 'unsafe-inline' *.google.com *.facebook.com platform.twitter.com syndication.twitter.com www.youtube.com www.youtu.be player.vimeo.com flo.uri.sh insight.adsrvr.org *.ibs-b.hu ibs-b.hu match.adsrvr.org www.pinterest.com hu.pinterest.com ct.pinterest.com; child-src 'self' *.google.com *.facebook.com platform.twitter.com syndication.twitter.com www.youtube.com www.youtu.be player.vimeo.com flo.uri.sh insight.adsrvr.org *.ibs-b.hu ibs-b.hu; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com apis.google.com www.googletagmanager.com www.google-analytics.com platform.twitter.com facebook.com www.facebook.com platform.twitter.com connect.facebook.net cookiescriptcdn.pro megfoglak.ujnemzedek.hu *.crisp.chat cdnjs.cloudflare.com public.flourish.studio  www.googleadservices.com googleads.g.doubleclick.net static.ads-twitter.com s.pinimg.com js.adsrvr.org snap.licdn.com *.youtube.com  maps.googleapis.com googleapis.com analytics.twitter.com analytics.tiktok.com; font-src 'self' fonts.gstatic.com *.crisp.chat; img-src 'self' * data: www.facebook.com www.google-analytics.com www.google.com www.gstatic.com *.ibs-b.hu ibs-b.hu; default-src 'self' *; form-action 'self' syndication.twitter.com platform.twitter.com www.facebook.com; style-src 'self' fonts.googleapis.com googleapis.com 'unsafe-inline' cookiescriptcdn.pro *.crisp.chat cdnjs.cloudflare.com googleads.g.doubleclick.net ibs-b.hu; connect-src 'self' www.google-analytics.com client.crisp.chat wss://client.relay.crisp.chat www.facebook.com old.ibs.esolr.me stats.g.doubleclick.net ct.pinterest.com *.ibs-b.hu ibs-b.hu cdn.linkedin.oribi.io analytics.tiktok.com region1.google-analytics.com  maps.googleapis.com region1.analytics.google.com 1
default-src 'self'; script-src 'self' 'nonce-SRC31jlVqTvslOgCnlHWbIKdaNADQsdQ' 'strict-dynamic' https://www.googletagmanager.com https: http: 'unsafe-inline' ; connect-src 'self' https://6c82ya5gbl.execute-api.ap-east-1.amazonaws.com https://dfcorpdev.prod.acquia-sites.com https://dfcorp.prod.acquia-sites.com https://dfcorpstg.prod.acquia-sites.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; script-src-elem 'self' https://*.googletagmanager.com https://*.google-analytics.com 'sha256-FLy/XwC4dpmBAvNgIK/7H0utf6GANtX/vR8Osqmi5tY='; style-src 'self' https: http: 'unsafe-inline'; img-src 'self' blob: data: https://dfcorpdev.prod.acquia-sites.com https://dfcorp.prod.acquia-sites.com https://dfcorpstg.prod.acquia-sites.com https://*.google-analytics.com https://*.googletagmanager.com; font-src 'self' https://fonts.gstatic.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://analytics.google.com https://www.google.com https://www.google.ru https://www.google.de https://www.google.com.ua https://www.google.am https://www.google.bg https://www.google.com.br https://www.google.kg https://www.google.kz https://www.google.md https://www.google.pl https://www.google.pt https://www.google.co.uz https://connect.facebook.net https://*.hotjar.com https://*.hotjar.io https://*.intercom.io https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com; img-src 'self' data: https://api.cs.fail https://cs.fail https://api.csfail.net https://csfail.net https://api.csfail.pro https://csfail.pro https://api.csfail.org https://csfail.org https://csfail.live https://api.2cs.fail  https://2cs.fail https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://analytics.google.com https://www.google.com https://www.google.ru https://www.google.de https://www.google.com.ua https://www.google.am https://www.google.bg https://www.google.com.br https://www.google.kg https://www.google.kz https://www.google.md https://www.google.pl https://www.google.pt https://www.google.co.uz https://www.facebook.com https://s-static.ak.facebook.com https://avatars.steamstatic.com https://steamcdn-a.akamaihd.net https://steamcommunity-a.akamaihd.net https://cdn.cloudflare.steamstatic.com https://cdn.akamai.steamstatic.com https://*.giphy.com https://t.me https://*.telegram-cdn.org https://*.cdn-telegram.org https://*.userapi.com https://*.googleusercontent.com https://*.fbcdn.net https://*.fbsbx.com https://avatars.mds.yandex.net https://flagcdn.com https://*.hotjar.com https://*.hotjar.io https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com https://*.intercomassets.eu https://*.intercomassets.com https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://tra.cker.club; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com; frame-src https://widget.onramper.com https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://analytics.google.com https://www.google.com https://www.google.ru https://www.google.de https://www.google.com.ua https://www.google.am https://www.google.bg https://www.google.com.br https://www.google.kg https://www.google.kz https://www.google.md https://www.google.pl https://www.google.pt https://www.google.co.uz https://maps.googleapis.com https://www.facebook.com https://s-static.ak.facebook.com https://www.youtube.com https://intercom-sheets.com https://intercom.help; frame-ancestors 'self' https://app.utorg.pro; connect-src 'self' data: wss://cs.fail/api/ws wss://csfail.net/api/ws wss://csfail.pro/api/ws wss://csfail.org/api/ws wss://csfail.live/api/ws https://api.cs.fail https://api.csfail.net https://api.csfail.pro https://api.csfail.org https://csfail.live https://*.giphy.com https://*.ingest.sentry.io wss://2cs.fail/api/ws https://api.2cs.fail https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://analytics.google.com https://www.google.com https://www.google.ru https://www.google.de https://www.google.com.ua https://www.google.am https://www.google.bg https://www.google.com.br https://www.google.kg https://www.google.kz https://www.google.md https://www.google.pl https://www.google.pt https://www.google.co.uz https://fonts.googleapis.com https://fonts.gstatic.com https://connect.facebook.net https://avatars.steamstatic.com https://steamcdn-a.akamaihd.net https://steamcommunity-a.akamaihd.net https://cdn.cloudflare.steamstatic.com https://cdn.akamai.steamstatic.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.intercom.io wss://*.intercom.io wss://*.hotjar.com https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com https://tra.cker.club; object-src 'none'; 1
script-src about: 'self' 'unsafe-inline' 'unsafe-eval' newarkmuseum.wpengine.com newarkmuseum.org snap.licdn.com *.google.com *.googleapis.com translate-pa.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.ensighten.com *.blackbaudhosting.com payments.blackbaud.com; style-src 'self' 'unsafe-inline' newarkmuseum.wpengine.com newarkmuseum.org *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.blackbaudhosting.com payments.blackbaud.com; object-src data: 'unsafe-eval' newarkmuseum.wpengine.com newarkmuseum.org; img-src data: 'self' newarkmuseum.wpengine.com newarkmuseum.org *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.blackbaudhosting.com *.ytimg.com px.ads.linkedin.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.acquia.com *.radnet.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googleadservices.com *.googleusercontent.com *.callrail.com *.globenewswire.com *.tctm.co *.gstatic.com *.doubleclick.net *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeo.com *.audioeye.com *.amazonaws.com *.fbcdn.net *.facebook.com *.facebook.net *.twitter.com *.sec.gov *.podium.com *.analyticspodium.com *.amplitude.com *.knightlab.com *.addtoany.com *.hotjar.com *.typekit.net; report-uri /report-csp-violation 1
default-src ‘self’ 1
frame-ancestors 'self' azd.marketing.adobe.com 1
script-src 'strict-dynamic' *.hubspotusercontent-na1.net *.cortex-intelligence.com cdn2.hubspot.net *.hubspot.com *.hubspotusercontentxx.net js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hs-banner.net *.hsforms.net *.hsforms.com static.hsappstatic.net js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com *.vidyard.com *.omappapi.com *.googleapis.com https://cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.css 'unsafe-inline' http: https: 'nonce-3vnlpBWNcB5UMc82OsVhRg=='; style-src https://cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.css *.hubspot.net *.onesignal.com *.omappapi.com *.cortex-intelligence.com *.googleapis.com *.googletagmanager.com *.hsappstatic.net 'unsafe-inline'; img-src 21650114.fs1.hubspotusercontent-na1.net *.clarity.ms googleads.g.doubleclick.net 8917234.fs1.hubspotusercontent-na1.net *.hubspotusercontent-na1.net *.cortex-intelligence.com *.hsforms.com *.hubspot.com *.hubspot.net *.hsappstatic.net *.omappapi.com *.google.com *.ads.linkedin.com *.google-analytics.com *.bing.com *.google.com *.facebook.com *.google.com.br *.googletagmanager.com fonts.gstatic.com data:; base-uri 'self'; font-src *.googleapis.com 8917234.fs1.hubspotusercontent-na1.net *.cortex-intelligence.com *.gstatic.com data:; object-src 'none'; frame-ancestors; ; upgrade-insecure-requests; 1
font-src 'self' https://fonts.gstatic.com/; img-src 'self' https://images.ctfassets.net/ https://downloads.ctfassets.net/ https://www.google.com/ https://www.google.de/ https://www.google.es/ https://googleads.g.doubleclick.net/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://cdn.cookielaw.org/ https://www.google-analytics.com/ https://bat.bing.com/ https://www.facebook.com/ https://i.ytimg.com/ https://www.kununu.com/ *.linkedin.com/ *.lfeeder.com *.leadfeeder.com data:; frame-src 'self' https://www.youtube-nocookie.com/ https://my.matterport.com/ https://www.facebook.com/ https://*.typeform.com/ https://heyflow.id/ https://*.areabutler.de/ https://*.ogulo.com/ https://*.maklaro.com/ https://td.doubleclick.net/ https://boards.eu.greenhouse.io https://open.spotify.com/; manifest-src 'self' https://*.evernest.com/; media-src 'self' https://videos.ctfassets.net/; object-src 'none'; script-src 'self' https://*.evernest.com https://maps.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://bat.bing.com/ https://cdn.cookielaw.org/ https://diffuser-cdn.app-us1.com/ https://prism.app-us1.com/ https://trackcmp.net/ https://snap.licdn.com/ https://static.klaviyo.com/ https://static-tracking.klaviyo.com/ https://boards.eu.greenhouse.io *.lfeeder.com *.leadfeeder.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; worker-src 'none' 1
frame-ancestors 'self'; img-src data: *; script-src 'unsafe-inline' 'unsafe-eval' https://* ; object-src * 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://octane.co https://*.octane.co https://ride-static.octane.co https://ride-api.octane.co https://octane.co https://*.octane.co https://octanelending.com https://*.octanelending.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.google.com *.vwo.com *.visualwebsiteoptimizer.com *.intercom.io *.intercomcdn.com *.onetrust.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://octane.co https://*.octane.co https://ride-static.octane.co https://ride-api.octane.co https://octane.co https://*.octane.co https://octanelending.com https://*.octanelending.com fonts.googleapis.com www.gstatic.com app.vwo.com www.googletagmanager.com translate.googleapis.com; frame-ancestors 'self' https://polarisxchange.com https://slingshot.polarisxchange.com https://indianmotorcycle.polarisxchange.com https://www.rvs.com https://rvs.com https://www.atvrider.com https://www.cyclevolta.com https://www.cycleworld.com https://www.dirtrider.com https://www.motorcyclecruiser.com https://www.motorcyclistonline.com https://www.utvdriver.com https://octane.co https://*.octane.co https://ride-static.octane.co https://ride-api.octane.co https://octanelending.com https://*.octanelending.com; worker-src 'self' blob:; upgrade-insecure-requests; report-uri https://o93495.ingest.sentry.io/api/1772648/security/?sentry_key=4ffb66d59a0344a186016dae83fcc148&sentry_environment=production 1
frame-ancestors 'self' https://*.prod.web.raqn.io https://*.ref.web.raqn.io https://*.test.web.raqn.io https://author-p30502-e100265.adobeaemcloud.com https://www.pattex.fr https://www.pattex.se https://www.pattex.nl https://www.pattex.it https://www.pattex.es https://www.pattex.de https://www.pattex.be https://www.pattex.at https://www.pattexarabia.com https://www-pattex-se.prod.web.raqn.io https://www-loctite-se.prod.web.raqn.io https://www-sista-de.prod.web.raqn.io 1
default-src 'self';         font-src *.googleapis.com fonts.gstatic.com 'self';         script-src * 'unsafe-inline' 'unsafe-eval';         style-src * 'unsafe-inline';        img-src data: *;         frame-src *;        connect-src *.linkedin.com clientsdk.passle.net *.onetrust.com *.google-analytics.com *.oribi.io *.doubleclick.net vimeo.com *.googleapis.com 'self';        report-uri csp-endpoint;        report-to csp-endpoint 1
default-src 'self'; img-src * blob: data:; child-src www.google.com blob:; connect-src 'self' m.addthis.com stats.g.doubleclick.net *.google-analytics.com analytics.google.com *.wistia.com *.litix.io *.akamaihd.net; base-uri 'self'; form-action 'self'; object-src 'self'; media-src 'self' *.wistia.com *.akamaihd.net data: blob:; style-src 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; font-src 'self' data: www.potteranderson.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' *.google-analytics.com www.googletagmanager.com *.wistia.com; script-src-elem 'self' 'unsafe-inline' *.google-analytics.com www.googletagmanager.com *.wistia.com; report-uri https://csp-reports.firmseek.com/potter; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://dev.innosoftfusiongo.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://ssl.google-analytics.com/; style-src 'self' 'unsafe-inline' https://dev.innosoftfusiongo.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/; img-src 'self' data: https://dev.innosoftfusiongo.com/ https://ssl.google-analytics.com/ https://www.lclc.ca/ https://www.facebook.com/ https://twitter.com/ https://www.instagram.com/; font-src 'self' https://dev.innosoftfusiongo.com https://cdnjs.cloudflare.com; object-src 'none'; frame-src 'self' https://calendar.google.com/; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * data:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://toot.bike; img-src 'self' https: data: blob: https://toot.bike; style-src 'self' https://toot.bike 'nonce-KqOm6Kx6XTwAtVq0RZ2hkg=='; media-src 'self' https: data: https://toot.bike; frame-src 'self' https:; manifest-src 'self' https://toot.bike; form-action 'self'; connect-src 'self' data: blob: https://toot.bike https://toot.bike wss://toot.bike; script-src 'self' https://toot.bike 'wasm-unsafe-eval'; child-src 'self' blob: https://toot.bike; worker-src 'self' blob: https://toot.bike 1
default-src 'self'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com data:; connect-src 'self' https://www.google-analytics.com; img-src 'self' https://www.google-analytics.com data:; report-uri https://hpbn.report-uri.io/r/default/csp/enforce 1
default-src 'self' data: 'unsafe-inline' cdn.seasidefl.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.cdninstagram.com unpkg.com *.google-analytics.com *.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.google.com cdnjs.cloudflare.com unpkg.com wasm-eval *.googletagmanager.com connect.facebook.net; script-src-elem 'self' 'unsafe-inline' www.pagespeed-mod.com sc-static.net *.google-analytics.com *.google.com cdnjs.cloudflare.com connect.facebook.net unpkg.com *.googletagmanager.com cdn.jsdelivr.net *.gstatic.com; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com maxcdn.bootstrapcdn.com unpkg.com cdn.honey.io; style-src-elem 'self' 'unsafe-inline' cdn.honey.io cdnjs.cloudflare.com *.googleapis.com maxcdn.bootstrapcdn.com unpkg.com *.gstatic.com; style-src-attr 'unsafe-inline'; img-src 'self' data: *.sparkplatform.com *.google.es *.doubleclick.net cdn.honey.io cdn.seasidefl.com cdnjs.cloudflare.com *.cdninstagram.com secure.gravatar.com *.googletagmanager.com blob: *.gstatic.com *.w.org theeventscalendar.com *.google.com *.google-analytics.com; font-src 'self' data: sc-static.net static.zip.co cdnjs.cloudflare.com *.gstatic.com maxcdn.bootstrapcdn.com ray.st assets.tailwindapp.com www.slant.co; connect-src 'self' *.googletagmanager.com cdnjs.cloudflare.com data: *.google-analytics.com *.google.com clientstream.launchdarkly.com *.doubleclick.net *.googleapis.com; media-src 'self' data: cdn.seasidefl.com; frame-src 'self' *.youtube.com *.flexmls.com *.doubleclick.net *.google.com *.googletagmanager.com; worker-src blob:; form-action 'self'; report-uri https://sphrcl.report-uri.com/r/d/csp/enforce 1
default-src 'self' *.helpscout.net fonts.gstatic.com fonts.googleapis.com *.cloudfront.net *.blob.core.windows.net recognition.asdastars.com asdastars.com www.asdastars.com recognitionapi.asdastars.com; img-src 'self' *.helpscout.net fonts.gstatic.com fonts.googleapis.com *.cloudfront.net *.blob.core.windows.net recognition.asdastars.com asdastars.com www.asdastars.com recognitionapi.asdastars.com data:; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.yandex.ru *.youtube.com; report-uri https://kniga.plus/csp-report.php 1
img-src 'self' https://linka.ir https://*.linka.ir https://*.companyar.ir https://*.neshan.org https://*.enamad.ir https://*.clarity.ms https://www.google-analytics.com https://*.googletagmanager.com https://*.goftino.com https://*.openstreetmap.org blob: data:; default-src * data: 'unsafe-eval' 'unsafe-inline'; upgrade-insecure-requests 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/; connect-src 'self' https://plusteca.com:8443/socket.io/ wss://plusteca.com:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com cdn-cookieyes.com connect.facebook.net googleads.g.doubleclick.net snap.licdn.com; frame-src 'self' *.youtube.com cloud.mkt.voke.tech facebook.com; object-src 'self'; style-src 'self' 'unsafe-inline' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://w3c.social; img-src 'self' https: data: blob: https://w3c.social; style-src 'self' https://w3c.social 'nonce-lgXPz9kRVJo2qDYDmA0itA=='; media-src 'self' https: data: https://w3c.social; frame-src 'self' https:; manifest-src 'self' https://w3c.social; form-action 'self'; child-src 'self' blob: https://w3c.social; worker-src 'self' blob: https://w3c.social; connect-src 'self' data: blob: https://w3c.social https://w3csocial.files.fedi.monster wss://w3c.social; script-src 'self' https://w3c.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://*.sprizzy.com https://sprizzy.com; 1
frame-ancestors 'self' *.appcard.com 1
frame-ancestors 'self' https://www.mediaservices.com 1
default-src 'none'; base-uri 'self'; frame-ancestors 'none'; form-action 'self'; style-src 'self' *.senfcall.de; style-src-elem 'self' *.senfcall.de; media-src 'self' *.senfcall.de; img-src 'self' data: *.senfcall.de;  script-src 'self' *.senfcall.de; 1
default-src * data: https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests 1
upgrade-insecure-requests; block-all-mixed-content; default-src 'self' https://*.omappapi.com https://*.crazyegg.com; script-src 'self' 'unsafe-inline' https://www.youtube.com https://*.vimeo.com https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://go.wilmingtonplc.com https://www.googletagmanager.com https://tagmanager.google.com https://snap.licdn.com https://munchkin.marketo.net https://a.omappapi.com/app/ https://api.livechatinc.com https://cdn.livechatinc.com https://app.termly.io https://cdn.shareaholic.net https://m9m6e2w5.stackpathcdn.com https://partner.shareaholic.com https://app.termly.io https://z.omappapi.com/ https://widget.manychat.com https://www.google.com https://script.crazyegg.com/ https://www.shareaholic.com https://www.gstatic.com/recaptcha/releases/3kTz7WGoZLQTivI-amNftGZO/recaptcha__en_gb.js https://www.gstatic.com https://www.coursecheck.com/ https://www.google-analytics.com/ https://cdn.openshareweb.com https://cdn.cookie-script.com https://fra.piwik.pro https://*.adroll.com https://*.hotjar.com https://bat.bing.com https://ws.zoominfo.com www.googletagmanager.com; worker-src 'self' blob:; object-src 'none'; font-src 'self' https://use.typekit.net https://fonts.gstatic.com https://cdn.livechatinc.com https://m9m6e2w5.stackpathcdn.com https://cdn.openshareweb.com data:; connect-src 'self' https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://936-frz-719.mktoresp.com https://cdn.linkedin.oribi.io/partner/1212497 https://api.omappapi.com https://app.termly.io https://cdn.linkedin.oribi.io/partner/1212497/domain/int-comp.org/token https://a.omappapi.com https://analytics.shareaholic.com https://www.shareaholic.net https://www.shareaholic.com https://www.google.co.uk https://vimeo.com https://fra.piwik.pro https://www.google.com https://consent.cookie-script.com https://googleads.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://*.googlesyndication.com/ https://*.linkedin.com www.googletagmanager.com wss://ws.hotjar.com https://*.hotjar.io https://*.crazyegg.com wss://localhost:50906/ wss://localhost:63710/ wss://localhost:59561/ wss://localhost:57193/; img-src https: data: https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; style-src https://use.typekit.net https://p.typekit.net https://www.youtube.com https://go.wilmingtonplc.com https://tagmanager.google.com https://fonts.googleapis.com https://a.omappapi.com/app/ 'unsafe-inline' 'self'; media-src https:; frame-ancestors 'self'; base-uri 'self'; frame-src https://www.youtube.com https://*.vimeo.com https://widget.trustpilot.com https://www.google.com https://go.wilmingtonplc.com https://secure.livechatinc.com https://cdnapisec.kaltura.com https://www.buzzsprout.com 1
frame-ancestors 'self' https://chiemgauevent.expo-ip.com https://ikom.expo-ip.com https://virtuelle.ikom-tum.de 1
default-src 'self'; img-src 'self' data: http: https: *.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: *.google-analytics.com cdn.polyfill.io; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: *.yoast.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: *.pifworld.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://assets.ohnepunktundkomma.org; img-src 'self' https: data: blob: https://assets.ohnepunktundkomma.org; style-src 'self' https://assets.ohnepunktundkomma.org 'nonce-YtiPks1l7QQy8jPTWOYjIA=='; media-src 'self' https: data: https://assets.ohnepunktundkomma.org; frame-src 'self' https:; manifest-src 'self' https://assets.ohnepunktundkomma.org; form-action 'self'; child-src 'self' blob: https://assets.ohnepunktundkomma.org; worker-src 'self' blob: https://assets.ohnepunktundkomma.org; connect-src 'self' data: blob: https://assets.ohnepunktundkomma.org https://files.ohnepunktundkomma.org wss://ohnepunktundkomma.org; script-src 'self' https://assets.ohnepunktundkomma.org 'wasm-unsafe-eval' 1
default-src blob: data: 'self' https://browser.sentry-cdn.com *.devops.kci.rocks *.unzer.com *.heidelpay.com https://www.linkedin.com https://forms.office.com https://login.windows.net https://login.microsoftonline.com https://www.youtube.com *.hsforms.com *.hsforms.net *.kloeckner.fr *.kdi.fr *.kloeckner.de *.kloeckner.at *.kloeckner.nl *.odsbv.nl *.kloeckner.co.uk *.kloeckner.be *.buysmetal.be *.asd.ltd *.google-analytics.com *.googletagmanager.com *.google.com *.google.de *.gstatic.com *.googleapis.com *.googleadservices.com *.bing.com *.optimizely.com *.angularjs.org *.adition.com heidelpay.hpcgw.net *.doubleclick.net *.abtasty.com online.swagger.io *.dwin1.com *.awin1.com *.wbtrk.net *.wt-eu02.net *.wcfbc.net *.cookiebot.com *.kwseu.kci.rocks *.trbo.com https://px.ads.linkedin.com *.zendesk.com *.zdassets.com *.zopim.com *.zopim.io *.cookiebot.eu 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://browser.sentry-cdn.com *.devops.kci.rocks *.trbo.com *.heidelpay.com wss://*.kwseu.kci.rocks *.abtasty.com *.wbtrk.net *.google-analytics.com *.googletagmanager.com https://consentcdn.cookiebot.com https://stats.g.doubleclick.net *.zdassets.com *.zendesk.com wss://*.zopim.com https://consentcdn.cookiebot.eu; frame-ancestors 'self' https://*.ariba.com *.hsforms.com *.hsforms.net https://*.suedzucker.net https://shop.ervin.eu *.kwseu.kci.rocks; script-src 'self' https://browser.sentry-cdn.com *.devops.kci.rocks *.unzer.com https://sjs.bizographics.com https://gw.linkedin.oribi.io https://cdn.linkedin.oribi.io https://p.adsymptotic.com https://snap.licdn.com https://dc.ads.linkedin.com https://px4.ads.linkedin.com https://px.ads.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://static.trbo.com *.trbo.com https://forms.office.com https://login.windows.net https://login.microsoftonline.com https://www.youtube.com *.hsforms.com *.hsforms.net *.kdi.fr *.kloeckner.fr *.kloeckner.de *.kloeckner.at *.kloeckner.nl *.odsbv.nl *.kloeckner.co.uk *.kloeckner.be *.buysmetal.be *.asd.ltd *.google-analytics.com *.googletagmanager.com *.google.com *.google.de *.gstatic.com *.googleapis.com *.googleadservices.com *.bing.com *.optimizely.com *.angularjs.org *.adition.com heidelpay.hpcgw.net *.doubleclick.net *.abtasty.com online.swagger.io *.dwin1.com *.awin1.com *.wbtrk.net *.wt-eu02.net *.wcfbc.net *.cookiebot.com *.kwseu.kci.rocks https://px.ads.linkedin.com *.zendesk.com *.zdassets.com *.zopim.com *.cookiebot.eu 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; script-src 'self' 1
default-src 'self'; object-src 'none'; form-action 'none'; report-to csp-endpoint; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://cutie.city 'wasm-unsafe-eval'; font-src 'self' https://cutie.city; img-src 'self' data: blob: https://cutie.city https://media.cutie.city; style-src 'self' https://cutie.city 'nonce-YGw8Quvg4cni9+E+8mXKoA=='; media-src 'self' data: https://cutie.city https://media.cutie.city; frame-src 'self' https:; child-src 'self' blob: https://cutie.city; worker-src 'self' blob: https://cutie.city; connect-src 'self' blob: data: wss://cutie.city https://cutie.city https://media.cutie.city; manifest-src 'self' https://cutie.city; form-action 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdnjs.cloudflare.com https://acsbapp.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://polyfill.io https://unpkg.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://js-agent.newrelic.com https://www.google.com https://www.gstatic.com https://player.vimeo.com https://*.vimeocdn.com https://connect.facebook.net https://platform.twitter.com https://www.youtube.com https://*.upgrade.guide https://translate.google.com https://*.googleapis.com https://svc.webspellchecker.net https://touchstoneenergy.com https://cdn.questline.com https://weatherwidget.io https://cdn.gtranslate.net https://www.powr.io https://c03.apogee.net https://filerequestpro.com/embedv2.js; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://code.cdn.mozilla.net https://code.ionicframework.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.googleapis.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://use.typekit.net https://p.typekit.net https://www.gstatic.com https://svc.webspellchecker.net https://cdn.questline.com; img-src 'self' data: https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://syndication.twitter.com https://cdn.app.cfigroup.com/ https://images.applicant-tracking.com https://*.gstatic.com https://cdn.questline.com https://www.touchstoneenergy.com https://translate.googleapis.com https://translate.google.com https://cdn.gtranslate.net https://www.cooperative.com https://i.vimeocdn.com https://i.ytimg.com https://cdn.jsdelivr.net; media-src 'self' data:; frame-src 'self' https://*.smarthub.coop https://player.vimeo.com https://www.youtube.com https://outlook.office365.com https://ws-na.amazon-adsystem.com https://www.google.com https://express.adobe.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://www.youtube-nocookie.com https://hosted.where2getit.com https://*.upgrade.guide https://docs.google.com https://www.touchstoneenergy.com https://weatherwidget.io https://www.powr.io https://online.fliphtml5.com https://c03.apogee.net https://e.issuu.com https://issuu.com https://filerequestpro.com; frame-ancestors 'self' https://*.smarthub.coop; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://use.typekit.net https://acsbapp.com https://cdn.jsdelivr.net https://svc.webspellchecker.net https://cdnjs.cloudflare.com; connect-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://use.typekit.net https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bam.nr-data.net https://*.acsbapp.com https://acsbapp.com https://*.googleapis.com https://svc.webspellchecker.net https://www.powr.io; upgrade-insecure-requests 1
default-src 'self' https://tpc.googlesyndication.com https://*.safeframe.googlesyndication.com; style-src 'self' 'unsafe-inline' https://cdn.flowplayer.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.flowplayer.com https://unpkg.com https://www.googletagmanager.com https://www.google-analytics.com https://gapl.hit.gemius.pl https://www.googletagservices.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://securepubads.g.doubleclick.net https://ssl.google-analytics.com https://adservice.google.com https://adservice.google.pl https://pagead2.googlesyndication.com https://cdn.ampproject.org https://tpc.googlesyndication.com https://connect.facebook.net; img-src 'self' data: https://akademiakomunikacji.pap.pl https://pap-mediaroom.pl https://www.google.com https://www.google.pl https://*.google-analytics.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://maps.gstatic.com https://unpkg.com https://tpc.googlesyndication.com https://securepubads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.facebook.com; font-src 'self' data: https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src 'self' https://embed.flowplayer.com https://iframe.dacast.com https://*.dcs.redcdn.pl https://*.vimeo.com https://multimedia.europarl.europa.eu https://ljsp.lwcdn.com https://images.dacast.com https://ls.hit.gemius.pl https://www.youtube.com https://www.google.com https://tpc.googlesyndication.com https://*.safeframe.googlesyndication.com; frame-ancestors 'self'; connect-src 'self' https://*.analytics.google.com https://play.lwcdn.com https://*.g.doubleclick.net https://www.google-analytics.com https://adservice.google.com https://pagead2.googlesyndication.com; child-src 'none'; object-src 'none'; base-uri 'self'; 1
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';; upgrade-insecure-requests 1
default-src 'unsafe-inline' https: wss: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; font-src data: https:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.google-analytics.com https://cdn.productreview.com.au cdn.ampproject.org ajax.aspnetcdn.com kendo.cdn.telerik.com www.youtube.com s.ytimg.com maps.googleapis.com https://cdnjs.cloudflare.com releases.transloadit.com api2.transloadit.com connect.facebook.net www.google.com www.gstatic.com wchat.freshchat.com js.adsrvr.org api.addressfinder.io kit.fontawesome.com cdn.jsdelivr.net players.brightcove.net vjs.zencdn.net share.9cdn.net assets.adobedtm.com ads.adaptv.advertising.com au-script.dotmetrics.net brandedcontent.nine.com.au unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com kendo.cdn.telerik.com releases.transloadit.com www.gstatic.com wchat.freshchat.com api.addressfinder.io brandedcontent.nine.com.au share.9cdn.net; font-src 'self' cdn.productreview.com.au fonts.gstatic.com data: kendo.cdn.telerik.com ka-f.fontawesome.com brandedcontent.nine.com.au; img-src 'self' data: blob: i.ytimg.com maps.gstatic.com maps.googleapis.com www.google.com www.google.com.au www.google.co.nz www.googletagmanager.com www.facebook.com fujitsucdn.azureedge.net www.google-analytics.com connect.facebook.net 9235443.fls.doubleclick.net fujitsucdn.azureedge.net brandedcontent.nine.com.au metrics.brightcove.com cf-images.ap-southeast-2.prod.boltdns.net files.helpdocs.io; media-src 'self' data: blob:; frame-src 'self' https://captur3d.io https://www.google.com *.doubleclick.net https://www.youtube.com www.facebook.com www.googletagmanager.com wchat.freshchat.com wwwfujitsugeneralcomau.webpush.freshchat.com insight.adsrvr.org match.adsrvr.org app.tango.us nd.demdex.net; child-src 'self' www.youtube.com blob:; connect-src 'self' https://api.productreview.com.au *.transloadit.com wss://*.transloadit.com www.google-analytics.com *.google.com stats.g.doubleclick.net www.facebook.com maps.googleapis.com api.addressfinder.io fga2021.blob.core.windows.net ka-f.fontawesome.com fujitsucdn.azureedge.net edge.api.brightcove.com manifest.prod.boltdns.net nine-commercial-vod.ffx.io dpm.demdex.net somni.nine.com.au; 1
media-src 'self' 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.filestackapi.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.filestackapi.com https://fonts.googleapis.com; img-src 'self' blob: data: https://*.jubiplatform2.com https://jubiplatform2.com https://*.s3.us-east-1.amazonaws.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.filestackcontent.com https://*.ytimg.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://static.filestackapi.com; font-src 'self' https://fonts.gstatic.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://*.ralichange.com https://app.powerbi.com https://app.csvbox.io https://youtube.com https://*.youtube.com https://*.ytimg.com https://vimeo.com https://*.vimeo.com; upgrade-insecure-requests; connect-src 'self' blob: https://*.ralichange.com https://www.googletagmanager.com https://www.google-analytics.com https://*.s3.amazonaws.com https://*.s3.us-east-1.amazonaws.com https://*.filestackapi.com; 1
default-src form.gov.sg api-cdp.eu01.treasuredata.com *.treasuredata.com *.recaptcha.net *.bellustartokyo.jp *.net-fs.com *.matterport.com *.smartviewmedia.com.au *.sprinklr.com *.zencdn.net *.googleapis.com *.cloudflare.com 'self' 'unsafe-inline'; script-src 'self' *.panpacific.com  *.opentable.com.au *.affilired.com *.denomatic.com *.doubleclick.net *.panomatics.com *.googlesyndication.com messenger.myma.ai *.cookieyes.com cdn-cookieyes.com *.adobedtm.com form.gov.sg *.addtoany.com api-cdp.eu01.treasuredata.com *.treasuredata.com *.gstatic.cn *.cloudfront.net *.usabilla.com *.recaptcha.net *.sojern.com *.gstatic.com *.yimg.jp *.sevenrooms.com *.twitter.com *.sprinklr.com *.fontawesome.com *.amazonaws.com *.imenupro.com imenupro.com *.tablecheck.com *.instagram.com *.thefork.com.au thefork.com.au *.dimmi.com.au *.nowbookit.com *.mynewsdesk.com *.opentable.co.uk *.jscache.com *.tripadvisor.com *.tripadvisor.com.au *.tacdn.com *.abtasty.com *.digicert.com *.titiqcdn.com *.tiqcdn.com *.google.com *.facebook.com *.facebook.net *.youtube.com *.googleapis.com  *.tealiumiq.com  *.usabilla.com *.googletagmanager.com *.enzymic.co *.baidu.com *.bing.com *.google-analytics.com *.licdn.com *.tiktok.com *.everestjs.net *.matomo.cloud *.adform.com *.adform.net *.googleadservices.com *.google.com.sg *.zencdn.net *.doubleclick.net *.clarity.ms *.addthisedge.com *.moatads.com 'unsafe-inline' 'unsafe-eval' ; style-src-elem 'self' *.panpacific.com *.panomatics.com *.cloudfront.net *.usabilla.com *.sprinklr.com *.sevenrooms.com *.sprinklr.com *.abtasty.com *.amazonaws.com *.thefork.com.au thefork.com.au *.dimmi.com.au *.bootstrapcdn.com *.tacdn.com *.googleapis.com *.cloudfront.net *.cloudflare.com *.zencdn.net 'unsafe-inline'; font-src 'self' *.cloudfront.net *.usabilla.com *.sevenrooms.com *.abtasty.com *.sprinklr.com *.fontawesome.com *.amazonaws.com *.gstatic.com *.panpacific.com *.bootstrapcdn.com *.cloudflare.com *.cloudfront.net 'unsafe-inline' data: ; img-src 'self' blob: data: *.panpacific.com  *.bookmebob.com *.affilired.com *.denomatic.com *.doubleclick.net *.panomatics.com https://d6tizftlrpuof.cloudfront.net https://*.usabilla.com  *.googlesyndication.com *.cookieyes.com cdn-cookieyes.com bmbuiassetsprod.blob.core.windows.net *.googletagmanager.com *.google.ca *.cloudfront.net *.usabilla.com *.tripadvisor.com *.travelmyth.com *.sojern.com *.sevenrooms.com *.sprinklr.com *.fbcdn.net *.twimg.com *.pphg.com *.google.co.id *.google.com.my *.abtasty.com http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org *.osm.org *.tile.osm.org *.googleadservices.com *.ghadiscovery.com *.nor1upgrades.com *.amazonaws.com *.adsymptotic.com *.demdex.net *.tealiumiq.com *.everesttech.net *.maxcdn.com *.tacdn.com *.tripadvisor.com.au *.facebook.com *.doubleclick.net *.linkedin.com *.bing.com *.google-analytics.com *.google.com *.google.com.sg *.gstatic.com *.googleapis.com *.digicert.com *.maxcdn.com *.baidu.com *.cloudfront.net *.usabilla.com *.clarity.ms *.derbysoftca.com 'unsafe-inline' ; frame-src 'self' *.affilired.com *.denomatic.com *.doubleclick.net *.sojern.com panomatics.com *.panomatics.com *.opentable.com.au *.thefork.com messenger.myma.ai *.net-fs.com *.addtoany.com *.cloudfront.net *.usabilla.com *.recaptcha.net *.hotelgroove.jp *.bellustartokyo.jp *.google.com *.dailymotion.com *.vimeo.com *.sevenrooms.com *.matterport.com *.adform.net tablecheck.com *.tablecheck.com *.smartviewmedia.com.au *.demdex.net *.instagram.com *.thefork.com.au thefork.com.au *.dimmi.com.au *.nowbookit.com *.facebook.com *.mynewsdesk.com *.opentable.co.uk *.doubleclick.net *.trustyou.com *.trustyou.co *.youtube.com *.lafourchette.com *.abtasty.com 'unsafe-inline' ; connect-src https: http: *.cloudfront.net *.usabilla.com *.abtasty.com ; 1
default-src *.cloudinary.com js.driftt.com d10lpsik1i8c69.cloudfront.net *.meetbreeze.com 'self'; script-src analytics.google.com *.salesloft.com js.alocdn.com *.stripe.com *.vimeo.com *.youtube.com up.pixel.ad js.driftt.com widget.drift.com *.customer.io *.bing.com assets.calendly.com calendly.com *.calendly.com az416426.vo.msecnd.net *.luckyorange.com *.meetbreeze.com d10lpsik1i8c69.cloudfront.net 'self' 'unsafe-inline' *.typekit.net *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.licdn.com *.facebook.net *.doubleclick.net *.sharefile.com *.forestry.io; style-src *.meetbreeze.com 'self' 'unsafe-inline' *.typekit.net *.googleapis.com *.forestry.io; img-src 'self' data: brzprodpublic.blob.core.windows.net brzqapublic.blob.core.windows.net *.cloudinary.com res.cloudinary.com *.alocdn.com img.youtube.com i.ytimg.com pixel.sitescout.com d10lpsik1i8c69.cloudfront.net *.customer.io *.bing.com pixel.locker2.com *.meetbreeze.com *.doubleclick.net *.go2cloud.org p.typekit.net *.facebook.com *.linkedin.com *.google-analytics.com *.adsymptotic.com *.google.com *.googletagmanager.com *.forestry.io; font-src *.meetbreeze.com *.typekit.net *.gstatic.com data:; frame-src *.youcanbook.me *.stripe.com *.vimeo.com *.youtube.com pixel.sitescout.com widget.drift.com js.driftt.com *.infogram.com e.infogram.com *.google.com az416426.vo.msecnd.net 'self' *.meetbreeze.com *.luckyorange.net calendly.com *.calendly.com leveragerx.go2cloud.org *.docusign.com *.docusign.net brz-web-client-app-qa-v2.azurewebsites.net brz-web-client-app-qa.azurewebsites.net *.ftnirdc.com *.facebook.com *.doubleclick.net *.sharefile.com; connect-src api.cloudinary.com *.salesloft.com analytics.google.com brz-web-tina-funcs-qa.azurewebsites.net *.tinajs.io brz-web-cms-funcs-qa.azurewebsites.net *.meetbreeze.com wss://*.luckyorange.com vimeo.com *.googleapis.com visitors.live in.visitors.live wss://visitors.live wss://*.visitors.live az416426.vo.msecnd.net *.luckyorange.net *.luckyorange.com 'self' *.typekit.net *.google-analytics.com *.doubleclick.net *.facebook.com *.forestry.io; worker-src blob: *.meetbreeze.com 'self'; 1
base-uri 'self'; object-src 'none';   script-src 'self' 'unsafe-eval'        'sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q'        'sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl'        'sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN'        'sha384-HTq9bAnQeRQMZWaz4oh4hzQ7uLhEPBDMd6NizGeUQEDJ09mI0WU9lRcdix2okyzP'       connect.facebook.net            code.jquery.com        *.livechatinc.com        'sha256-C7B4D5F32C615D35601869D184EEC986F45443810B72EED3EA590CA5575624AA'        'sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4='             'sha512-yHknP1/AwR+yx26cB1y0cjvQUMvEa2PFzt1c9LlS4pRQ5NOTZFWbhBig+X9G9eYW/8m0/4OXNx8pxJ6z57x0dw=='        unpkg.com;     script-src-elem 'self' 'unsafe-eval'        'sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q'        'sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl'        'sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN'        'sha384-HTq9bAnQeRQMZWaz4oh4hzQ7uLhEPBDMd6NizGeUQEDJ09mI0WU9lRcdix2okyzP'       connect.facebook.net       www.google.com       www.google-analytics.com         www.googletagmanager.com       www.gstatic.com       code.jquery.com        *.livechatinc.com        'sha256-C7B4D5F32C615D35601869D184EEC986F45443810B72EED3EA590CA5575624AA'        'sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4='             'sha512-yHknP1/AwR+yx26cB1y0cjvQUMvEa2PFzt1c9LlS4pRQ5NOTZFWbhBig+X9G9eYW/8m0/4OXNx8pxJ6z57x0dw=='        unpkg.com; 1
default-src 'self' https://gridradar.net/; font-src *; img-src * data:; script-src 'unsafe-inline' https://gridradar.net/ https://notstromdiesel.com/; style-src 'unsafe-inline' https://gridradar.net/ https://notstromdiesel.com/; frame-ancestors 'self' https://notstromdiesel.com https://www.netzfrequenzmessung.de https://netzfrequenzmessung.de; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-1psiTwWFTLN62zvXPXvuTjivTlc0If32vy+fuuQ3Wi9NLGos' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://code.jquery.com/jquery-3.4.1.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/urchin.js https://www.google-analytics.com/  p11.techlab-cdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com/jquery-3.4.1.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/urchin.js https://www.google-analytics.com/  p11.techlab-cdn.com; object-src 'self' https://code.jquery.com/jquery-3.4.1.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/urchin.js https://www.google-analytics.com/ ; script-src-elem 'self' 'unsafe-inline' https://code.jquery.com/jquery-3.4.1.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/urchin.js https://www.google-analytics.com/ https://www.google.com/jsapi https://maps.googleapis.com/ https://www.gstatic.com/charts/  p11.techlab-cdn.com; frame-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/charts/ ; style-src 'self' 'unsafe-inline' ; style-src-elem 'self' 'unsafe-inline'  https://www.gstatic.com/charts/ ; img-src 'self' https://www.google-analytics.com/ data: ; connect-src 'self' https://maps.googleapis.com/ https://www.gstatic.com/charts/  p11.techlab-cdn.com; 1
default-src 'none';img-src 'self';style-src 'self' 'unsafe-inline' 'sha256-MP68GN2dbfqmG/DR9zI48LyvLfFnpMPz+Un/zv90Hu4=';connect-src 'self';form-action 'self';frame-ancestors 'none';base-uri 'none';report-uri https://blueimp.report-uri.com/r/d/csp/enforce 1
default-src 'self' 'unsafe-inline'; font-src * data:;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';frame-src *;connect-src *;media-src * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.lcp.be *.deinze.be *.enviso.io *.icordis.be *.ayden.com *.google-analytics.com *.tile.openstreetmap.org *.googleapis.com *.gstatic.com *.uitdatabank.be *.imgix.net *.youtube.com *.ytimg.com *.vimeo.com *.vimeocdn.com *.twitter.com *.facebook.com *.fwebservices.be *.tile.openstreetmap.be *.widgets.burgerprofiel.vlaanderen.be *.vlaanderen.be *.frontend.burgerprofiel.vlaanderen.be *.tni.frontend.burgerprofiel.dev-vlaanderen.be *.widgetconfigservice.burgerprofiel.vlaanderen.be tni.widgets.burgerprofiel.dev-vlaanderen.be *.tni.widgets.burgerprofiel.dev-vlaanderen.be *.tni.contactapi.uat-vlaanderen.be tni.frontend.burgerprofiel.dev-vlaanderen.be *.contactapi.vlaanderen.be wss://authenticatie-ti.vlaanderen.be wss://authenticatie.vlaanderen.be *.cloudfront.net authenticatie.vlaanderen.be authenticatie-ti.vlaanderen.be *.googletagmanager.com https://region1.analytics.google.com *.osm.be *.readspeaker.com *.e.issuu.com *.issuu.com data: googleads.g.doubleclick.net *.strava.com *.cipalschaubroeck.be *.tableau.com *.dewarmsteweek.be *.vrijwilligerswerk.be *.algolianet.com  *.iamfas.belgium.be roundme.com *.pingping.be *.komoot.nl bam-cell.nr-data.net *.adyen.com *.widget.enviso.io *.enviso.io; frame-src 'self' *.icordis.be *.vimeo.com *.bizlocator.be http://www.bizlocator.be *.deinze.be *.iamfas.belgium.be *.google.com *.googleadservices.com *.youtube.com *.spotify.com *.vlaanderen.be   prod.widgets.burgerprofiel.vlaanderen.be *.fietsrouteplanner.org *.laatjevaccineren.be *.burgerprofiel.be *.widget.enviso.io *.enviso.io *.ayden.com  checkoutshopper-live.adyen.com *.arcgis.com 1
default-src 'self' data: ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: api.plezi.co  www.google.com www.google.fr www.facebook.com ; frame-src 'self' https://www.youtube.com/  data: td.doubleclick.net; script-src 'self' 'sha256-0AhL2ODBi4A09x9iMvEuxM6E+p+66MYSua+uWI6TUU0='   'sha256-dSZ8+B5/7V/VdJgJHDeN/IQ1Pmh8/2rslfJqZSVTmOY='  www.googletagmanager.com googleads.g.doubleclick.net snap.licdn.com www.google.com connect.facebook.net matomo.experts-comptables.org https://*.plezi.co 'sha256-C34p1hzZPpoypdPXxKu+FU4eDWs4c78xuGNL0X0n3g0=' 'sha256-zavyfWr5kqvWdeTTIrlTxzH9/VPo9T7442u9l+zK48k=' 'sha256-sjwHEvEEd6LOECfafoaXLp4pSwGYpxKixkV7uzUd1mI=' 'sha256-HSqKTM0wkk/rIt4hOtZ1eTBNJ3HioqPaoz2iEmFvcZc=' 'sha256-sufKSTGkz0crOcA6GzdK9zzKywVSzl7yu57XJAnPC4E=' 'sha256-Yv/nXAj9ithogZZQnzyrhNoCW+ZyHlQs1rc95cr1OU4=' 'sha256-Qxs5k6wrUMyfEKhh0V3EEcpVPM5ZAfNOof1ecYIy7SU=' 'sha256-WiMTLiUL/XzLm2uMIJbXiDqELEYanrW8dE837WW199I=' 'sha256-o1t7/+fdHIXqwtTQGXxKlKOzzR1tgVQjCk9IQF0kn/8=' 'sha256-OBh43QisG5XcpCgTAZvF/s1S8IRa6Q7g4E6Hd2zlzUo=' 'sha256-uvn1zCrAjzY9hg4Sof8j5ekKdcuI78rmwxFBEYWMrbM=' 'sha256-HzEsIcpe2XaDHJPrqUrhJLtGNRHyOr6sqpaOaQpJXnM='    'sha256-hm6Hx3/Jq3/CZfd7fWYwpkLp0do5vEHeehKa7tCcB28='  ; connect-src 'self' matomo.experts-comptables.org *.plezi.co ; frame-ancestors 'self' https://admin.ecma-solutions.com; 1
connect-src 'self' ws://egonscan.com wss://egonscan.com wss://*.bridge.walletconnect.org/ https://request-global.czilladx.com/ https://raw.githubusercontent.com/trustwallet/assets/ https://registry.walletconnect.org/data/wallets.json https://*.poa.network;        default-src 'self';        script-src 'self' 'unsafe-inline' 'unsafe-eval' https://coinzillatag.com https://www.google.com https://www.gstatic.com;        style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com;        img-src 'self' * data:;        media-src 'self' * data:;        font-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.gstatic.com data:;        frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://request-global.czilladx.com/ https://www.google.com; 1
default-src 'self'; 	style-src 'self' *.rss.com/ *.proprofschat.com/ *.ketocafe.be/ *.salesforce.com/  https://danone--uat.my.salesforce.com/embeddedservice/5.0/esw.min.js/ https://rss.com/* https://player.rss.com/cekani-na-cisarovnu/967407/ *.adyen.com/ *.scene7.com/ https://where-to-buy.co/ *.dotdigital.com/ https://digitaalpubliceren.com https://open.spotify.com https://danone-benelux.campaign.playable.com/ *.leadfamly.com/ *.scene7.com/ *.salesforce-sites.com/ *.gstatic.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.adobeaemcloud.com/ *.trustcommander.net/ *.tagcommander.com/ *.facebook.net/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.digital4danone.com/ *.addthisedge.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.dotdigital.com/ *.leadfamly.com/ *.asksid.ai/ *.danone-dtc.net/ *.hotjar.com/ *.youtube.com/ *.vimeo.com/ *.clarity.ms/ *.trackedweb.net/ *.getflowbox.com/ https://where-to-buy.co/ https://nutricianl.usermd.net https://be.nutricianl.usermd.net https://static.trackedweb.net/js/_dmptv4.js https://cdn.trustcommander.net/privacy/7259/privacy_v2_9.js https://cdn.trustcommander.net/privacy/7259/privacy_v2_8.js *.salesforce-sites.com/ *.gstatic.com/ *.vimeo.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.adobeaemcloud.com/ *.digital4danone.com/ *.live2support.com/ *.bootstrapcdn.com/ *.zencdn.net/ *.sharethis.com/ *.googleapis.com/ *.google.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.asksid.ai/ *.danone-dtc.net/ *.sentry.io/ 'unsafe-inline'; 	script-src 'self' *.rss.com/ *.proprofschat.com/ *.ketocafe.be/ *.salesforce.com/ https://danone--uat.my.salesforce.com/embeddedservice/5.0/esw.min.js/ https://rss.com/* https://player.rss.com/cekani-na-cisarovnu/967407/ https://js-agent.newrelic.com/ *.adyen.com/ *.scene7.com/ https://where-to-buy.co/ *.dotdigital.com/ https://digitaalpubliceren.com https://open.spotify.com https://danone-benelux.campaign.playable.com/ *.scene7.com/ *.salesforce-sites.com/ *.gstatic.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.adobeaemcloud.com/ *.trustcommander.net/ *.tagcommander.com/ *.facebook.net/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.digital4danone.com/ *.addthisedge.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.dotdigital.com/ *.leadfamly.com/ *.asksid.ai/ *.danone-dtc.net/ *.hotjar.com/ *.youtube.com/ *.vimeo.com/ *.clarity.ms/ *.trackedweb.net/ *.getflowbox.com/ https://where-to-buy.co/ https://nutricianl.usermd.net https://be.nutricianl.usermd.net https://static.trackedweb.net/js/_dmptv4.js https://cdn.trustcommander.net/privacy/7259/privacy_v2_8.js *.leadfamly.com/ *.salesforce-sites.com/ *.gstatic.com/ *.vimeo.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ https://live2support.com/ *.adobeaemcloud.com/ *.trustcommander.net/ *.tagcommander.com/ *.facebook.net/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.digital4danone.com/ *.addthisedge.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.asksid.ai/ *.danone-dtc.net/ blob: 'unsafe-inline' 'unsafe-eval'; 	img-src 'self' data: *.rss.com/ *.proprofschat.com/ *.ketocafe.be/ *.salesforce.com/ https://danone--uat.my.salesforce.com/embeddedservice/5.0/esw.min.js/ https://rss.com/* https://player.rss.com/cekani-na-cisarovnu/967407/ *.estorecontent.com/ *.adyen.com/ *.scene7.com/ https://where-to-buy.co/ *.dotdigital.com/ https://digitaalpubliceren.com https://open.spotify.com https://danone-benelux.campaign.playable.com/ *.scene7.com/ *.salesforce-sites.com/ *.gstatic.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.adobeaemcloud.com/ *.trustcommander.net/ *.tagcommander.com/ *.facebook.net/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.digital4danone.com/ *.addthisedge.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.dotdigital.com/ *.leadfamly.com/ *.asksid.ai/ *.danone-dtc.net/ *.hotjar.com/ *.youtube.com/ *.vimeo.com/ *.clarity.ms/ *.trackedweb.net/ *.getflowbox.com/ https://where-to-buy.co/ https://nutricianl.usermd.net https://be.nutricianl.usermd.net https://static.trackedweb.net/js/_dmptv4.js https://cdn.trustcommander.net/privacy/7259/privacy_v2_8.js *.leadfamly.com/ *.salesforce-sites.com/ *.gstatic.com/ *.vimeo.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.digital4danone.com/ *.adobeaemcloud.com/ *.assetsadobe.com/ *.live2support.com/ *.doubleclick.net/ *.google-analytics.com/ *.danone.com/ *.google.com.ph/ *.google.com/ *.sharethis.com/ *.gstatic.com/ *.googleapis.com/ *.w3.org/ *.facebook.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.youtube.com/ *.asksid.ai/ *.danone-dtc.net/; 	frame-src 'self' *.rss.com/ *.proprofschat.com/ *.ketocafe.be/ *.salesforce.com/ https://danone--uat.my.salesforce.com/embeddedservice/5.0/esw.min.js/ https://rss.com/* https://player.rss.com/cekani-na-cisarovnu/967407/ *.adyen.com/ *.tohklom.com/ https://where-to-buy.co/ *.dotdigital.com/ https://digitaalpubliceren.com https://open.spotify.com https://danone-benelux.campaign.playable.com/ *.scene7.com/ *.salesforce-sites.com/ *.gstatic.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.adobeaemcloud.com/ *.trustcommander.net/ *.tagcommander.com/ *.facebook.net/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.digital4danone.com/ *.addthisedge.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.dotdigital.com/ *.leadfamly.com/ *.asksid.ai/ *.danone-dtc.net/ *.hotjar.com/ *.youtube.com/ *.vimeo.com/ *.clarity.ms/ *.trackedweb.net/ *.getflowbox.com/ https://where-to-buy.co/ https://nutricianl.usermd.net https://be.nutricianl.usermd.net https://static.trackedweb.net/js/_dmptv4.js https://cdn.trustcommander.net/privacy/7259/privacy_v2_8.js *.leadfamly.com/ *.salesforce-sites.com/ *.gstatic.com/ *.vimeo.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.live2support.com/ *.proprofs.com/ *.facebook.com/ *.doubleclick.net/ *.sharethis.com/ *.addthis.com *.youtube.com *.adsrvr.org/ *.google-analytics.com/ *.analytics.google.com/ *.google.com/ *.googletagmanager.com/ *.cloudfront.net/ *.asksid.ai/ *.danone-dtc.net/; 	connect-src 'self' *.rss.com/ *.proprofschat.com/ *.ketocafe.be/ *.salesforce.com/ https://danone--uat.my.salesforce.com/embeddedservice/5.0/esw.min.js/ https://rss.com/* https://player.rss.com/cekani-na-cisarovnu/967407/ https://bam.eu01.nr-data.net/ *.adyen.com/ *.scene7.com/ https://where-to-buy.co/ *.dotdigital.com/ https://digitaalpubliceren.com https://open.spotify.com https://danone-benelux.campaign.playable.com/ *.scene7.com/ *.salesforce-sites.com/ *.gstatic.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.adobeaemcloud.com/ *.trustcommander.net/ *.tagcommander.com/ *.facebook.net/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.digital4danone.com/ *.addthisedge.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.dotdigital.com/ *.leadfamly.com/ *.asksid.ai/ *.danone-dtc.net/ *.hotjar.com/ *.youtube.com/ *.vimeo.com/ *.clarity.ms/ *.trackedweb.net/ *.getflowbox.com/ https://where-to-buy.co/ https://nutricianl.usermd.net https://be.nutricianl.usermd.net https://static.trackedweb.net/js/_dmptv4.js https://cdn.trustcommander.net/privacy/7259/privacy_v2_8.js *.leadfamly.com/ *.salesforce-sites.com/ *.gstatic.com/ *.vimeo.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.digital4danone.com/ *.commander1.com/ *.trustcommander.net/ *.live2support.com/ *.addthis.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.sharethis.com/ *.doubleclick.net/ *.asksid.ai/ *.danone-dtc.net/ *.commercetools.com/ *.botframework.com/ wss://*.botframework.com *.sentry.io/; 	font-src 'self' data: *.rss.com/ *.proprofschat.com/ *.ketocafe.be/ *.salesforce.com/ https://danone--uat.my.salesforce.com/embeddedservice/5.0/esw.min.js/ https://rss.com/* https://player.rss.com/cekani-na-cisarovnu/967407/ *.adyen.com/ *.scene7.com/ https://where-to-buy.co/ *.dotdigital.com/ https://digitaalpubliceren.com https://open.spotify.com https://danone-benelux.campaign.playable.com/ *.scene7.com/ *.salesforce-sites.com/ *.gstatic.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.adobeaemcloud.com/ *.trustcommander.net/ *.tagcommander.com/ *.facebook.net/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.digital4danone.com/ *.addthisedge.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.dotdigital.com/ *.leadfamly.com/ *.asksid.ai/ *.danone-dtc.net/ *.hotjar.com/ *.youtube.com/ *.vimeo.com/ *.clarity.ms/ *.trackedweb.net/ *.getflowbox.com/ https://where-to-buy.co/ https://nutricianl.usermd.net https://be.nutricianl.usermd.net https://static.trackedweb.net/js/_dmptv4.js https://cdn.trustcommander.net/privacy/7259/privacy_v2_8.js *.leadfamly.com/ *.salesforce-sites.com/ *.gstatic.com/ *.vimeo.com/ *.azure.com/ *.trustcommander.net/  *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.adobeaemcloud.com/ *.live2support.com/ *.gstatic.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ https://vjs.zencdn.net/ *.danone-dtc.net/; 	media-src 'self' *.rss.com/ *.proprofschat.com/ *.ketocafe.be/ *.salesforce.com/ https://danone--uat.my.salesforce.com/embeddedservice/5.0/esw.min.js/ https://rss.com/* https://player.rss.com/cekani-na-cisarovnu/967407/ *.adyen.com/ *.scene7.com/ https://where-to-buy.co/ *.dotdigital.com/ https://digitaalpubliceren.com https://open.spotify.com https://danone-benelux.campaign.playable.com/ *.scene7.com/ *.salesforce-sites.com/ *.gstatic.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.adobeaemcloud.com/ *.trustcommander.net/ *.tagcommander.com/ *.facebook.net/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.digital4danone.com/ *.addthisedge.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.dotdigital.com/ *.leadfamly.com/ *.asksid.ai/ *.danone-dtc.net/ *.hotjar.com/ *.youtube.com/ *.vimeo.com/ *.clarity.ms/ *.trackedweb.net/ *.getflowbox.com/ https://where-to-buy.co/ https://nutricianl.usermd.net https://be.nutricianl.usermd.net https://static.trackedweb.net/js/_dmptv4.js https://cdn.trustcommander.net/privacy/7259/privacy_v2_8.js *.leadfamly.com/ *.salesforce-sites.com/ *.gstatic.com/ *.vimeo.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.danone.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.digital4danone.com/ blob: 1
frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 1
frame-ancestors 'self' *.k9ti.net https://k9ti.net; 1
script-src 'unsafe-inline' 'unsafe-eval' *.hubspot.com js.hubspot.com forms.hubspot.com analytics.google.com *.hs-scripts.com ws.zoominfo.com bat.bing.com *.alithya.com *.googletagmanager.com snap.licdn.com *.newrelic.com *.doubleclick.net tags.clickagy.com px.ads.linkedin.com *.miza-alithya.com js.hs-banner.com js.hsleadflows.net js.hs-analytics.net *.adsrvr.org js.zi-scripts.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com script.crazyegg.com ws.zoominfo.com *.azureedge.net public-usa.mkt.dynamics.com; object-src 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com pinterest-yamagata.s3.amazonaws.com pinterest-yamagata.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.sofort.com *.tink.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.youtube-nocookie.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-97a4ea172d5c88e8a54d7ef1125ca516' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=1548073872344930; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=1548073872344930 1
default-src 'self' wss://*.isaaccomputerscience.org https://*.isaaccomputerscience.org https://*google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com https://www.google.com https://www.gstatic.com; object-src 'none'; frame-src 'self' https://*.isaaccomputerscience.org  https://www.youtube-nocookie.com https://www.google.com https://www.gstatic.com; img-src 'self' data: https://*.isaaccomputerscience.org https://*.google-analytics.com https://*.googletagmanager.com https://*.tile.openstreetmap.org https://developers.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://*.isaaccomputerscience.org https://fonts.gstatic.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; 1
frame-ancestors 'self' pjnhk.go.id www.pjnhk.go.id fonts.googleapis.com; 1
frame-ancestors 'self'; frame-src 'self' https://*.draw.io https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://embed.diagrams.net; script-src http: https: 'nonce-pg42vYFc56DG23AavLbXNsWC' 'strict-dynamic'; object-src 'self'; base-uri 'self' 1
default-src 'self' betteroffcalculator.co.uk *.betteroffcalculator.co.uk *.staging-betteroffcalculator.co.uk *.olark.com *.google.com *.google.co.uk *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.olark.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com *.olark.com *.betteroffcalculator.co.uk betteroffcalculator.co.uk *.staging-betteroffcalculator.co.uk; connect-src 'self' *.staging-betteroffcalculator.co.uk *.betteroffcalculator.co.uk *.sentry.io *.olark.com *.google-analytics.com *.google.com *.google.co.uk *.doubleclick.net; img-src * data:; frame-src advicelocal.uk *.doubleclick.net *.olark.com *.google.com 1
frame-ancestors 'self' primexbt.com primexbt.ch primexbt-promo.com primexbt-start.com sign-up.primexbt.com prod-express.primexbt.com; 1
default-src 'self'  https://stats.vetinst.no https://connect.facebook.net https://www.facebook.com https://maps.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com ; frame-src * 'self'  *.vimeo.com *.youtube.com *.youtube.com/ data: blob: ; frame-ancestors 'self' blob: *.matomo.cloud; ; base-uri 'self'  *.matomo.cloud; ; form-action 'self'  ; script-src * 'unsafe-eval' 'unsafe-inline'  https://tagmanager.google.com/ https://www.googletagmanager.com/ ; object-src * 'self' data: blob: ; img-src * 'unsafe-inline'  https://ssl.gstatic.com/ data: ; style-src * 'unsafe-inline'  https://tagmanager.google.com/ https://fonts.googleapis.com/ ; font-src * data: 1
default-src 'self' 'unsafe-inline' embed.podcasts.apple.com connect.facebook.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.hscollectedforms.net *.usemessages.com *.hubapi.com *.amazonaws.com *.pcapredict.com *.postcodeanywhere.co.uk *.homeviews.com *.peoplehr.com *.googleapis.com *.reciteme.com *.vimeo.com vimeo.com *.instagram.com *.matterport.com *.eventbrite.co.uk *.zdassets.com *.zendesk.com *.zopim.com wss://*.zopim.com www.google-analytics.com *.facebook.net region1.analytics.google.com www.google.com *.google-analytics.com fonts.googleapis.com *.civiccomputing.com *.cdn.civiccomputing.com *.akamaized.net *.vimeocdn.com *.gstatic.com googleads.g.doubleclick.net *.ytimg.com *.doubleclick.net *.youtube.com *.recaptcha.net *.googletagmanager.com *.googleadservices.com *.vimeo.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.hubspot.com *.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' embed.podcasts.apple.com connect.facebook.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.hscollectedforms.net *.usemessages.com *.hubapi.com *.amazonaws.com *.pcapredict.com *.postcodeanywhere.co.uk *.homeviews.com *.peoplehr.com *.googleapis.com *.reciteme.com *.vimeo.com www.google-analytics.com region1.analytics.google.com www.google.com fonts.googleapis.com *.civiccomputing.com *.cdn.civiccomputing.com *.akamaized.net *.vimeocdn.com *.gstatic.com googleads.g.doubleclick.net *.ytimg.com *.doubleclick.net *.youtube.com *.recaptcha.net  *.googletagmanager.com *.hotjar.com *.googleadservices.com *.vimeo.com vimeo.com *.instagram.com *.matterport.com *.eventbrite.co.uk *.zdassets.com *.zendesk.com *.zopim.com wss://*.zopim.com *.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.hubspot.com *.fontawesome.com; upgrade-insecure-requests; font-src * data:; img-src * data: blob:; object-src 'none'; 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.sequentra.net *.mapbox.cn *.mapbox.com maps.googleapis.com resource: mailto:; img-src data: * blob: *; worker-src blob: 1
default-src 'self' https:; img-src 'self' https: data:; media-src 'self' https: data:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; connect-src 'self' https:; script-src-elem 'self' https: 'unsafe-inline'; frame-ancestors https://cupra-admin.porsche-holding.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.google-analytics.com https://*.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://*.juicer.io; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.icons8.com https://*.cloudflare.com  http://fonts.googleapis.com https://cdn.jsdelivr.net https://*.juicer.io; img-src 'self' data: https://*.ytimg.com https://*.cloudflare.com https://*.vimeocdn.com https://*.google-analytics.com https://cdn.jsdelivr.net https://*.juicer.io; media-src 'self'; frame-src 'self' https://*.youtube.com https://*.google.com https://*.vimeo.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' https://*.icons8.com https://fonts.gstatic.com https://*.juicer.io; connect-src 'self' https://*.google-analytics.com https://*.juicer.io; report-uri /report-csp-violation 1
default-src 'self'; connect-src 'self' *.nr-data.net https://*.go-mpulse.net www.googletagmanager.com *.google-analytics.com https://*.akstat.io https://csp.withgoogle.com https://maps.googleapis.com *.nanorep.co *.nanorep.com *.monsido.com https://*.nr-data.net https://shyrka-prod-usw2.s3.us-west-2.amazonaws.com https://*.newrelic.com https://*.usw2.pure.cloud wss://*.usw2.pure.cloud *.weglot.com cdn-api-weglot.com *.qualtrics.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com; frame-src 'self' https://cse.google.com https://www.googletagmanager.com https://calendar.google.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.com *.tableau.com *.arcgis.com https://app.powerbi.us https://app.powerbigov.us https://*.usw2.pure.cloud *.qualtrics.com https://public.tableau.com https://iwddata.iwd.iowa.gov https://data.iowa.gov; img-src 'self' data: https: *.nr-data.net *.google.com www.googletagmanager.com *.qualtrics.com; object-src 'self' https://*.usw2.pure.cloud; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.nr-data.net https://*.go-mpulse.net https://cse.google.com https://googletagmanager.com https://js-agent.newrelic.com https://tagmanager.google.com https://www.google.com https://www.googletagmanager.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.com *.nanorep.co https://*.google.com https://*.newrelic.com https://*.usw2.pure.cloud *.weglot.com cdn-api-weglot.com *.qualtrics.com https://cdnjs.cloudflare.com https://unpkg.com public.tableau.com nonce-3VuKfaE-9Jm6d9xZE-okRw; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com *.google.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.co *.nanorep.com https://partner.googleadservices.com https://maps.googleapis.com https://*.usw2.pure.cloud *.weglot.com cdn-api-weglot.com https://js-agent.newrelic.com https://s.go-mpulse.net *.qualtrics.com https://cdnjs.cloudflare.com https://cse.google.com https://unpkg.com public.tableau.com; style-src 'self' 'unsafe-inline' *.google.com www.googletagmanager.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.co *.nanorep.com https://fonts.googleapis.com *.weglot.com cdn-api-weglot.com *.qualtrics.com cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
default-src 'self' https://digitalchaos.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://js.hs-scripts.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://js.hs-banner.com https://js.hs-analytics.ne https://js.hscollectedforms.net https://connect.facebook.net https://googleads.g.doubleclick.net https://js.hs-analytics.net https://js-na1.hs-scripts.com https://cdnjs.cloudflare.com; img-src * 'self' data: https:; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net/ https://use.fontawesome.com; connect-src 'self' data: https://forms.hubspot.com https://forms.hubspot.com https://www.google-analytics.com https://stats.g.doubleclick.net https://forms.hscollectedforms.net; font-src 'self' data: https://fonts.gstatic.com  https://themes.googleusercontent.com https://fonts.gstatic.com  https://use.typekit.net https://use.fontawesome.com; frame-src https://player.vimeo.com https://www.youtube.com https://www.google.com/recaptcha/api2/ https://digitalchaos.ca; object-src 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: mediastream: blob: https://dynamics365.wordpress.com/ *.dm.files.1drv.com pointerpro.com *.pointerpro.com www.facebook.com connect.facebook.net *.velosio.com unpkg.com *.linkedin.com *.licdn.com assets.calendly.com calendly.com google.com *.google.com google.ca *.google.ca  *.googleapis.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.doubleclick.net  stats.g.doubleclick.net *.googleadservices.com youtube.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.ggpht.com *.typekit.net cdn.jsdelivr.net unpkg.com *.cloudflare.com *.clickdimensions.com secure.gravatar.com *.socialintents.com *.clarity.ms *.wp.com *.omappapi.com c35a98.velosio.com https://sandeepchaudhury.files.wordpress.com https://sandeepchaudhuryd365.com https://sbsgroupusa.files.wordpress.com docs.microsoft.com app.powerbi.com *.azureedge.net muse.ai *.muse.ai *.akamaized.net cdn-uicons.flaticon.com https://dynamics365.files.wordpress.com  https://sbsgroupusa.wordpress.com https://629f7d7168bd63-11639392.castos.com https://my.visme.co https://campfire365.castos.com ; report-to main-endpoint 1
frame-ancestors 'self' https://*.mybigcommerce.com 1
form-action 'self'; object-src 'none'; media-src 'self'; font-src 'self'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 1
frame-ancestors 'self' https://bauking.de/ https://pv.wienerberger.de/ 1
frame-ancestors https://www.seacoastbrokers.com https://legacy.seacoastbrokers.com https://www.simply-easier-payments.com https://simply-easier-payments.com 1
default-src https:; font-src https: data:; img-src https: data: 'self' about:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; 1
default-src 'self' *.nrw.de;    script-src  'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net;    style-src   'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net;    font-src data: *;    img-src  data: *;    frame-ancestors 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com;    worker-src  'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de;    frame-src   'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de;    object-src 'self';    connect-src 'self' *.nrw.de svc.webspellchecker.net;    media-src *; upgrade-insecure-requests; 1
frame-ancestors 'none'; object-src 'none' 1
frame-ancestors 'self' https://www.bsi.si; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdnjs.cloudflare.com https://acsbapp.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://polyfill.io https://unpkg.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://js-agent.newrelic.com https://www.google.com https://www.gstatic.com https://player.vimeo.com https://*.vimeocdn.com https://connect.facebook.net https://platform.twitter.com https://www.youtube.com https://*.upgrade.guide https://translate.google.com https://*.googleapis.com https://svc.webspellchecker.net https://touchstoneenergy.com https://cdn.questline.com https://weatherwidget.io https://cdn.gtranslate.net https://www.powr.io https://c03.apogee.net https://*.hotjar.com https://siteimproveanalytics.com https://cdn.app.cfigroup.com https://js.adsrvr.org https://static.addtoany.com https://webchat.mitel.io; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://code.cdn.mozilla.net https://code.ionicframework.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.googleapis.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://use.typekit.net https://p.typekit.net https://www.gstatic.com https://svc.webspellchecker.net https://cdn.questline.com https://unpkg.com; img-src 'self' data: https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://syndication.twitter.com https://cdn.app.cfigroup.com/ https://images.applicant-tracking.com https://*.gstatic.com https://cdn.questline.com https://www.touchstoneenergy.com https://translate.googleapis.com https://translate.google.com https://cdn.gtranslate.net https://www.cooperative.com https://i.vimeocdn.com https://i.ytimg.com https://cdn.jsdelivr.net; media-src 'self' data:; frame-src 'self' https://*.smarthub.coop https://player.vimeo.com https://www.youtube.com https://outlook.office365.com https://ws-na.amazon-adsystem.com https://www.google.com https://express.adobe.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://www.youtube-nocookie.com https://hosted.where2getit.com https://*.upgrade.guide https://docs.google.com https://www.touchstoneenergy.com https://weatherwidget.io https://www.powr.io https://online.fliphtml5.com https://c03.apogee.net https://e.issuu.com https://issuu.com https://static.addtoany.com https://insight.adsrvr.org https://webchat.mitel.io https://www.arcgis.com https://reportoutage.cobbemc.com https://app.calconic.com https://match.adsrvr.org; frame-ancestors 'self' https://*.smarthub.coop; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://use.typekit.net https://acsbapp.com https://cdn.jsdelivr.net https://svc.webspellchecker.net https://cdnjs.cloudflare.com; connect-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://use.typekit.net https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bam.nr-data.net https://*.acsbapp.com https://acsbapp.com https://*.googleapis.com https://svc.webspellchecker.net https://www.powr.io https://director.api.mitel.io https://gcp-gateway.us.api.mitel.io wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io; upgrade-insecure-requests 1
connect-src 'self' *.tawk.to wss://*.tawk.to 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'sha256-mzf3UtXbwYfnnKP3VEgtye3nTk0xcGXJLGjLmC4y7v4=' 'sha256-ZC4Ihfl+1sv3E25DQh090ITQKwffxiocyA9C1vaePKU=' 'sha256-L2Slc+hjgfPR0Q7PEHLXalHE5sLRtxFNIWREBDLnqVU=' 'sha256-HfnQNmJVmBeLeNyjla2aZlXUlQYKZqWl81TdBj5YxcM=' 'sha256-DC/xa4clqDG2m8xUL+0jWRNUk1Py6w2/90aDcF5n220=' 'sha256-2AfYz0WARuNiypO7Ti/gOzUUynrazrHlZWDm75zKnwA=' 'sha256-eDM06SboA/7JhtwlPW0fahLttVxSbkkCvx3cWVDwWOw=' 'sha256-RsfuaCLZoFFkVypUbGHicG8F4ZjyF3UjE/fDGhQkmA4=' 'sha256-Rbbp/+mQGdIJGIHEMRlHm3pa72/5+Okh/+N4saS4FUw=' https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://cdn.cookielaw.org blob: *; style-src 'unsafe-inline' *;frame-src blob: *; img-src 'self' data: *; connect-src *; font-src data: *; media-src *; frame-ancestors https://author.bursonglobal.com https://www.bursonglobal.com; 1
frame-ancestors 'self' https:; default-src 'self' https: wss:; script-src 'report-sample' 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' https: 'unsafe-inline'; font-src 'self' https: 'unsafe-inline' data:; img-src 'self' blob: https: data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://dns-shop.kg https://*.dns-shop.kg  https://dns-shop.ru https://*.dns-shop.ru https://a.stdns.ru/  https://webvisor.com https://bs.yandex.ru https://yandex.ru https://mc.yandex.ru  https://metrika.yandex.ru https://yastatic.net https://*.yandex.st https://yandex.st https://awaps.yandex.ru https://reviewthree.com/  https://*.maps.yandex.net https://maps.googleapis.com https://google-analytics.com https://*.google-analytics.com https://googleadservices.com https://*.googleadservices.com  https://*.google.ru https://google.ru https://*.google.com https://google.com https://google.ie https://*.google.ie https://gstatic.com  https://*.gstatic.com https://www.googletagmanager.com/ https://www.youtube.com/ https://youtube.com/ https://content.24ttl.stream  https://doubleclick.net https://*.doubleclick.net https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://maps.yandex.net https://fonts.googleapis.com https://www.youtube.ru/ https://youtube.ru/ https://s.ytimg.com/  https://cdn.jsdelivr.net https://www.pagespeed-mod.com/ https://stats.g.doubleclick.net/  blob: https://dns-shop.kg/ https://*.dns-shop.kg/ ; img-src * data:; font-src 'self' data: https:; connect-src 'self' https://dns-shop.kg https://*.dns-shop.kg  https://*.dns-shop.ru https://ohio8.vchecks.me  https://mc.yandex.ru/ https://www.google-analytics.com/ https://*.mtproxy.yandex.net/  https://api-maps.yandex.ru/ https://stats.g.doubleclick.net/ https://suggest-maps.yandex.ru  https://www.google.com/ads/ https://www.google.ru/ads/ https://analytics.google.com/ https://maps.googleapis.com https://fonts.googleapis.com https://www.googletagmanager.com/ https://www.pagespeed-mod.com/ https://stats.g.doubleclick.net/ ; frame-src 'self'  https://gstatic.com https://www.google.com https://optimize.google.com intent://arvr.google.com  https://ftp.dns-shop.ru/ https://drv.dns-shop.ru/ https://www.youtube.com https://api-maps.yandex.ru/ https://mc.yandex.ru/  https://td.doubleclick.net/  bytedance: sslocal: ; worker-src blob: https://dns-shop.kg https://*.dns-shop.kg ; child-src blob: https://dns-shop.kg https://*.dns-shop.kg 1
frame-ancestors 'self' https://kiosk.kaskaskia.edu 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.bing.com *.virtualearth.net *.twitter.com *.twimg.com *.vimeocdn.com *.google.com *.gstatic.com *.google-analytics.com; connect-src 'self' *.twitter.com; img-src 'self' data: blob: *.virtualearth.net *.twitter.com  *.twimg.com *.glassdoor.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.bing.com fonts.googleapis.com *.twitter.com *.twimg.com; font-src 'self' data: fonts.gstatic.com; child-src 'self' blob: www.bing.com www.youtube.com *.vimeo.com *.google.com *.twitter.com; object-src 'self'; frame-src 'self' *.twitter.com *.youtube.com *.vimeo.com *.google.com; manifest-src 'self';media-src 'self'; 1
default-src 'self';  script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.doubleclick.net *.clerk.accounts.dev *.vercel.live *.paypal.com *.paypalobjects.com *.tiny.cloud *.theninja-rpg.com *.opendns.com *.highlight.io *.cookiebot.com *.termly.io connect.facebook.net;  child-src 'self' *.doubleclick.net *.paypal.com ghbtns.com *.youtube.com *.widgetbot.io *.cookiebot.com *.termly.io https://fastsvr.com;  style-src 'self' 'unsafe-inline' *.googleapis.com *.tiny.cloud;  img-src * blob: data:;  media-src 'none';  connect-src *;  font-src 'self';  worker-src 'self' blob:; 1
default-src 'self' https://*.nhs.uk; frame-src 'self' https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feeds.trac.jobs https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.webspellchecker.net 1
frame-ancestors 'self'; frame-src 'self' *.criteo.com *.criteo.net *.pinterest.com *.pinterest.de *.google.com *.stripe.com *.klarna.com *.facebook.com *.3d-designer.shop *.cloudfront.net *.ad-srv.net *.doubleclick.net *.revcontent.com *.preciso.net *.2trk.info 1
default-src 'self' 'unsafe-inline' 'unsafe-hashes' *.brasilseg.com.br content.hotjar.io *.hotjar.io wsp30.hotjar.com *.hotjar.com stats.g.doubleclick.net doubleclick.net *.doubleclick.net *.s3.amazonaws.com *.amazonaws.com brasilseg-prd-bbseg-portal-assets.s3.sa-east-1.amazonaws.com *.googleusercontent.com *.espressolw.com *.googletagmanager.com googletagmanager.com *.google.com.br google.com.br *.google.com google.com *.google-analytics.com google-analytics.com unpkg.com *.unpkg.com *.facebook.net connect.facebook.net facebook.com *.facebook.com *.cdn.plyr.io *.open.spotify.com *.googleoptimize.com noembed.com *.noembed.com youtube.com *.youtube.com cdn.plyr.io *.plyr.io *.open.spotifycdn.com *.spotifycdn.com *.spotify.com *.bbseg-hml.router4me.com *.bbseg.router4me.com *.bbseguros.com.br data: wss:; font-src *; frame-ancestors 'none'; 1
frame-ancestors 'self' *.scot.nhs.uk *.nhsgrampian.org *.nhslothian.scot *.nhsggc.scot hcaptcha.com *.hcaptcha.com; upgrade-insecure-requests; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report 1
frame-ancestors *.austinisd.org 1
frame-ancestors https://* file://* 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://plugins.flockler.com https://media-api.flockler.com https://maps.googleapis.com https://maps.google.com 1
default-src 'self' https://*.diakonie-michaelshoven.de https://*.twingle.de https://*.youtube-nocookie.com https://maps.googleapis.com https://maps.gstatic.com; base-uri 'self'; font-src 'self' https://fonts.gstatic.com https://userlike-cdn-umm.b-cdn.net; form-action 'self' https://*.successfactors.eu; prefetch-src 'self'; frame-ancestors 'self' https://*.etracker.com https://*.twingle.de; img-src 'self' https://*.ytimg.com https://*.youtube.com https://maps.googleapis.com https://maps.gstatic.com data:; style-src 'self' https://*.twingle.de https://maps.googleapis.com https://fonts.googleapis.com 'unsafe-inline'; script-src 'self' https://*.etracker.com https://*.etracker.de https://api.signalize.com https://*.twingle.de https://maps.googleapis.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net https://api.userlike.com 'unsafe-inline' 'unsafe-eval'; worker-src blob:; connect-src 'self' https://*.etracker.de https://maps.googleapis.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net https://api.userlike.com https://api.friendlycaptcha.com 1
default-src 'self' *.google.com *.google-analytics.com googleads.g.doubleclick.net *.googlesyndication.com; connect-src * 'self' blob: data:; font-src * data:; frame-src *; img-src * 'self' blob: data:; media-src * 'self' blob: data:; object-src *; script-src * 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.google.com *.googletagmanager.com:* *.google-analytics.com:* *.googlesyndication.com:* *.youtube.com:* *.ytimg.com:* about; style-src 'self' data: 'unsafe-inline' *; worker-src * blob: 1
default-src 'none'; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.cloudflare.com https://*.jquery.com https://*.bootstrapcdn.com https://*.pagescdn.com https://*.optimizely.com https://*.amazonaws.com https://*.adobedtm.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.facebook.net https://*.googleadservices.com https://*.sitescdn.net https://*.livechatinc.com https://*.demdex.net https://*.addthis.com https://*.addthisedge.com https://*.pinterest.com https://*.en25.com https://*.datadoghq-browser-agent.com https://optimize.google.com https://*.rlets.com https://*.reachlocallivechat.com https://reachlocallivechat.com about://*.reachlocallivechat.com https://*.cloudfront.net https://*.cloudflareinsights.com https://*.broadly.com https://web-2-tel.com https://*.hotjar.com https://*.btttag.com https://*.bing.com https://*.doubleclick.net https://*.thinkingchat.com https://*.here.com blob: https://*.stackadapt.com https://*.simpli.fi https://*.pinimg.com https://*.yimg.com https://*.adroll.com https://*.adsrvr.org https://*.scorpion.co https://*.stripe.com https://*.twilio.com wss://*.twilio.com https://*.gstatic.com https://*.liadm.com https://*.brandcdn.com https://*.cloudfunctions.net https://*.callrail.com https://*.nblyprod.com https://*.web-2-tel.com https://*.licdn.com https://*.convertexperiments.com https://*.outlook.com https://*.hibu.com https://*.jsdelivr.net https://*.kickfire.com https://*.shelfgenie.com https://*.smtrk.net https://*.app-us1.com https://trackcmp.net https://browser-intake-datadoghq.com; style-src 'self' 'unsafe-inline' auth.iws-hybrid.trendmicro.com 'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.typekit.net https://*.jquery.com https://*.sitescdn.net https://optimize.google.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.stackadapt.com https://*.scorpion.co https://*.twilio.com blob: https://*.jsdelivr.net https://*.shelfgenie.com; object-src 'none'; connect-src auth.iws-hybrid.trendmicro.com https://*.google.com https://*.liadm.com https://*.googleadservices.com https://*.nblyprod.com https://*.googleapis.com https://*.pagescdn.com https://*.demdex.net https://*.livechatinc.com https://*.neighborly.com https://*.crownpeak.net https://*.addthis.com https://*.yext.com https://*.b2clogin.com https://*.dwyergroup.com https://*.broadly.com https://*.amazonaws.com https://*.google-analytics.com https://*.facebook.net https://*.gannettdigital.com https://*.browser-intake-datadoghq.com https://optimize.google.com https://*.reachlocalservices.com https://*.rlets.com https://reachlocallivechat.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.hotjar.io/ wss://reachlocallivechat.com https://*.web-2-tel.com wss://*.hotjar.com https://*.simpli.fi https://*.adroll.com https://*.oribi.io https://*.here.com https://*.hereapi.com https://*.stackadapt.com https://*.yimg.com https://*.pinterest.com https://*.scorpion.co https://*.btttag.com https://*.twilio.com wss://*.twilio.com https://*.doubleclick.net https://*.bing.com blob: https://*.cloudfunctions.net https://*.callrail.com https://*.convertexperiments.com https://*.googlesyndication.com https://*.google.co.in https://*.linkedin.com https://browser-intake-datadoghq.com https://*.shelfgenie.com https://*.luckyorange.net https://*.localiq.com; font-src auth.iws-hybrid.trendmicro.com https://*.nblyprod.com https://*.typekit.net https://*.gstatic.com https://*.googleapis.com https://optimize.google.com https://reachlocallivechat.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.scorpion.co https://*.twilio.com blob: https://*.shelfgenie.com; frame-src https://*.soundcloud.com auth.iws-hybrid.trendmicro.com https://www.facebook.com https://*.rlets.com https://*.youtube.com https://*.livechatinc.com https://*.demdex.net/ https://*.addthis.com https://*.pagescdn.com https://*.amazonaws.com https://*.b2clogin.com https://optimize.google.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.doubleclick.net https://*.adsrvr.org https://*.pinterest.com https://*.stripe.com https://*.twilio.com https://*.broadly.com https://*.cloudfront.net blob: https://*.shelfgenie.com; manifest-src https://*.shelfgenie.com 1
upgrade-insecure-requests; script-src 'strict-dynamic' 'nonce-xiapkrj6rlnxhxvgwmsrpa==' 'nonce-lD+RlJuo2Kx176pqGwMxnA=='; object-src 'none'; base-uri 'self'; ; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com unpkg.com *.sleeknote.com *.deskpro.com *.cloudflare.com *.fontawesome.com https://fonts.gstatic.com 'self' data: *.api.inttest-b2b.wasakredit.se *.inttest-b2b.wasakredit.se *.b2b.services.wasakredit.se *.services.wasakredit.se *.wasakredit.se data: 'self' 'unsafe-inline'; form-action *.rule.io 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.issuu.com *.sleeknote.com *.nysagat.se nysagat.se https://player.vimeo.com https://www.youtube-nocookie.com *.api.inttest-b2b.wasakredit.se *.inttest-b2b.wasakredit.se *.b2b.services.wasakredit.se *.services.wasakredit.se *.wasakredit.se 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.sleeknote.com *.googleapis.com *.gtranslate.net translate.google.com *.imgeng.in *.google.se *.logosol.com *.amazonaws.com https://www.magezon.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com *.api.inttest-b2b.wasakredit.se *.inttest-b2b.wasakredit.se *.b2b.services.wasakredit.se *.services.wasakredit.se *.wasakredit.se data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com https://*.dibspayment.eu *.google-analytics.com *.google.com *.gstatic.com *.instagram.com *.sleeknote.com *.googleapis.com *.issuu.com *.gtranslate.net *.imgeng.in *.nysagat.se *.logosol.com *.deskpro.com https://player.vimeo.com https://www.youtube.com *.api.inttest-b2b.wasakredit.se *.inttest-b2b.wasakredit.se *.b2b.services.wasakredit.se *.services.wasakredit.se *.wasakredit.se 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.gstatic.com *.mailchimp.com *.sleeknote.com blob: data: unpkg.com *.imgeng.in *.deskpro.com *.cloudflare.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com *.api.inttest-b2b.wasakredit.se *.inttest-b2b.wasakredit.se *.b2b.services.wasakredit.se *.services.wasakredit.se *.wasakredit.se 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.imgeng.in *.deskpro.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com https://www.google-analytics.com *.youtube.com *.google-analytics.com *.google.com *.gstatic.com *.instagram.com *.sleeknote.com *.googleapis.com *.doubleclick.net *.nysagat.se *.logosol.com *.deskpro.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io *.api.inttest-b2b.wasakredit.se *.inttest-b2b.wasakredit.se *.b2b.services.wasakredit.se *.services.wasakredit.se *.wasakredit.se 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com *.google.com *.instagram.com *.sleeknote.com *.issuu.com *.nysagat.se *.logosol.com *.api.inttest-b2b.wasakredit.se *.inttest-b2b.wasakredit.se *.b2b.services.wasakredit.se *.services.wasakredit.se *.wasakredit.se 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://magento2ccdev.logosol.com/; report-to report-endpoint; 1
frame-ancestors https://www.sofa.de 'self' http://images.google.de http://images.google.com https://images.google.de https://images.google.com https://ogone.test.v-psp.com https://secure.ogone.com 1
default-src 'none'; manifest-src *.rejail.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.googleapis.com translate.google.com static.cloudflareinsights.com static.rejail.ru; connect-src rejail.ru translate.googleapis.com; img-src 'self' data: translate.googleapis.com *.gstatic.com *.google.com static.rejail.ru discordapp.com; style-src 'self' 'unsafe-inline' *.googleapis.com static.rejail.ru; font-src 'self' fonts.gstatic.com static.rejail.ru; child-src *.youtube.com ads.rejail.ru 1
default-src intent: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' * intent:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.aoncology.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.cvent.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hsforms.com https://*.hsforms.net https://*.jquery.com https://*.jsdelivr.net https://*.licdn.com https://*.mapbox.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.gannettdigital.com https://*.googleservices.com https://*.reachlocalservices.com https://bat.bing.com/bat.js https://*.rlcdn.com https://*.rlets.com https://*.simpli.fi https://unpkg.com; style-src 'self' 'unsafe-inline' https://*.aoncology.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.fontawesome.com https://*.fontawesome.com https://*.googleapis.com https://*.jsdelivr.net https://*.mapbox.com https://*.typekit.net https://*.typekit.net https://unpkg.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.googleapis.com https://*.mapbox.com https://*.aoncology.com https://*.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.gannettdigital.com https://*.googleservices.com https://*.reachlocalservices.com https://px.ads.linkedin.com https://*.rlcdn.com https://*.rlets.com https://*.simpli.fi; font-src 'self' data: https://*.fontawesome.com https://*.aoncology.com https://*.gstatic.com https://*.bootstrapcdn.com https://use.typekit.net https://capture-api.reachlocalservices.com/; frame-src 'self' blob: https://*.cvent.com https://*.hsforms.net https://*.hsforms.com https://*.issuu.com https://*.youtube.com https://*.google.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.gannettdigital.com https://*.googleservices.com https://*.reachlocalservices.com https://*.rlcdn.com https://*.rlets.com https://*.simpli.fi https://*.vimeo.com https://*.nbc4i.com; img-src 'self' data: https://*.elementor.com https://*.aoncology.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google.com/pagead/ https://*.google-analytics.com https://maps.google.com https://*.googleapis.com https://*.hsforms.com https://*.gstatic.com https://*.linkedin.com https://*.gravatar.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.gannettdigital.com https://*.googleservices.com  https://*.w.org https://*.reachlocalservices.com https://bat.bing.com https://*.rlcdn.com https://*.rlets.com https://fei.pro-market.net https://*.simpli.fi https://*.ytimg.com https://*.youtube.com; manifest-src 'self'; media-src 'self'; report-uri 'none'; worker-src 'self' blob:; 1
default-src 'self';  base-uri https://www.hif.com.au;  frame-ancestors 'none';  form-action 'self';  script-src 'self' 'nonce-19fe220efbbaf324675256288bc07fb35c708e44' 'sha256-7Apno3h3SPUWVgyTOLDgP+PxZgB7M+3O9oDp0c9VlbE=' 'unsafe-hashes' 'sha256-QJAlivcg95CWmLb80MxGBkUS4Zv7DAVNOOcY1YVnSiQ=' 'sha256-vmu7vZACysMNaWUJh+VOVOrUOQITD+zTF/5Y1TsxyeA=' 'sha256-HXXrRRTFLS1+Xzami3YARax66YvF3P85E6+xERAjSkI=' 'sha256-TJqE+E16KTQoS/zdB7XCwXJKs20gNP6J9Imvd9n4fbA=' 'sha256-/LvG6bYdj24t/NkXWrSUpZwqlMoDB65Qp56iX4nj9pY=' 'sha256-1e5RR2OpHhuX2h0Bat19DsNTmqbo4M3T1pqfeTXCHaA=' 'sha256-renVIQkx7iNKECd0ljuwyFsOSCvJsus7FZkiaUTLZuo=' 'sha256-YKg6IezlbqH2UnSB2FT6WYio5ygNuGIz9TGACiE3EkE=' https://*.hif.com.au https://cdn.mintox.com.au https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://*.google.com https://optimize.google.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://*.hotjar.com https://*.facebook.net https://*.facebook.com https://*.zopim.com https://pixel.roymorgan.com https://d10lpsik1i8c69.cloudfront.net https://*.typekit.net https://*.fortawesome.com https://*.zdassets.com https://*.doubleclick.net https://*.moatads.com https://*.addthis.com https://*.addthisedge.com https://cdn.equalweb.com https://access.equalweb.com https://ocr.equalweb.com https://bat.bing.com https://js.adsrvr.org https://*.googletagmanager.com;  style-src 'self' 'nonce-19fe220efbbaf324675256288bc07fb35c708e44' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-0EZqoz+oBhx7gF4nvY2bSqoGyy4zLjNF+SDQXGp/ZrY=' 'sha256-3dEri+Sog8kvQBpS2mF750a6aBDbOcj4VYmm/r1bL3A=' 'sha256-dovafdmRD7y5TNjxhO6ij/p5PU9plMpKIPJlRnsA07I=' 'sha256-2gu4SmQ2TLvfZr29Bfv8jJ4i93wEC4Ek0PQGbP0Eby4=' 'sha256-aEoEZAmIkRXlGHAkMH8kgFmbKPdhQLuLFuuuEI880gg=' 'sha256-kFIottUtGPAq2cagsv7YwqslSibYYh70fS9rLc0Tn0E=' 'sha256-+17AcPK/e5AtiK52Z2vnx3uG3BMzyzRr4Qv5UQsEbDU=' 'sha256-kFAIUwypIt04FgLyVU63Lcmp2AQimPh/TdYjy04Flxs=' 'sha256-Uyhv7oxA6arSXzTAuNX0U4ctVDUYRDBwUOoCqO3NmeM=' 'sha256-4ViErYSxZDXs1B0Ao2C2H6wPcTWbTiEEqTlQHIL9k18=' 'sha256-fLRHkjbre2lQBgq/hr+ZaTvQToKi9/QD9yFqMQtvoGI=' 'sha256-Wi3+8jbn12vus9Oq4FOqEUCOpuRG3clBaVvLZZ2b9Fs=' 'sha256-0Ktg0gENbPJ80bhmiudWDGjKJ0b+NQ6nhWS/p/QxGjQ=' 'sha256-vje8atUdX/F7qdsDqIiTIQZECIVC6dbRi1coRNZwKOM=' 'sha256-Rjcf/VKV8SmhoAuZz76SwsUNHyVunfDNXorZChcn/KY=' 'sha256-g5o98LHn0LFM9w5ZGQQ4Ip/c+6cirTmh+xKXgwrj9CM=' 'sha256-kwtVztbOya+J5RQpUvp4mz+uZN+P45wYiYlEDJY2lU4=' 'sha256-IsbGbGEGp0c8BSRXbGtSlQj5TssljPNZdfbKgN2PD1M=' 'sha256-jC2cW/kmYHa283emiYGpmhOjoIGoHL5HUFz3SBvA1cE=' 'sha256-smP86XSbBuRIN/vxp4XQySkm1bQzMtDBLFkkI267rLw=' 'sha256-Rbhhh/EaxAYdmaQVU2itkTC+qD4rlaZWcmCRZrjV8vw=' 'sha256-f1gTnj667tZyw36hLT3Mixn+rLCP6JPqYQRsJpKKmEA=' 'sha256-Y2kgnhy3EeezRF1+aMzCsJvbwFBXoD0w+bBsGBfVzk4=' 'sha256-lkYor+nJsT4zVNRVwh/+MC4e+1BzfWdwTwBcTwOWyig=' 'sha256-qXapKsp2wEgQxVzvYES9u7dWrWqPGMX6xzxAIP+9j7Y=' 'unsafe-hashes' 'sha256-XyWdorjjG7PV/C1qMStgkyz6U9OMPCvOiMJneepjceA=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-yQVB91atMotQXwCSgv2YGzKGSHL1bjZZjRPCpaqIxWQ=' 'sha256-+fiU/No9d295cj5hr2AKtaXcr0YNIQ6x41PCefCmbpQ=' 'sha256-VAgz00d9vdi7HS3IflV4gQb3ejsHYTn65K+nkuE4NZI=' 'sha256-7evCFdvclziUdn8eTXopMA7YlJWCK3XogG+xmUSk8LU=' 'sha256-x5UshX43aogR8aueA09AUPniwZAjCsDhMtnIzOT/dgM=' 'sha256-kv7ux+qTBJYOtwk+qBdX6sWAieID7Lre9OhhuI7nTO8=' 'sha256-DpOoqibK/BsYhobWHnU38Pyzt5SjDZuR/mFsAiVN7kk=' 'sha256-extxkN5kHZ29TV+lIKl+JvInproysJBdcD9LtENWQiM=' 'sha256-UPa4HQ6E9ka6Br+wyGBdNV/dXpTtXtNX+u2rncG5jxA=' 'sha256-ZFgeYVCmGBj4uR3TSwupm7eBR9AR7zevC+yTDbpNi3k=' 'sha256-3rZrKm7hK16DbxncbKa1E+TVWVPDysu5R575WmvqnvM=' 'sha256-BBOGexNnujshehIQ4WlkijzyT1OZDSFMwde8dE1r6DE=' 'sha256-0EZqoz+oBhx7gF4nvY2bSqoGyy4zLjNF+SDQXGp/ZrY=' 'sha256-03nRAulPtkDaEMompJYcFshwO+OdWmeEPFythCkkzjo=' 'sha256-y3Ld6+aTg/RyR0EtfcmiAHBn9MYyWhysLX9WeZIZQ4g=' 'sha256-337v5eaEkUcn88R0OHQRUPF4XBfxTJv+LsmLiIB0JfQ=' 'sha256-LnKs1keCqxctv78a9FO7W61BCqpiiqpg2vyBGsOCMcI=' 'sha256-LnKs1keCqxctv78a9FO7W61BCqpiiqpg2vyBGsOCMcI=' 'sha256-64N9R8ufXQVvI8Ix19aiF97C5YyP9E2dqv1wdkZCSEk=' 'sha256-GRTAa+/bNepoLsykGuqEAycoqRlKadGH8Kf7VghU8UQ=' 'sha256-ZwNg7cA1NqhjyBeNe/DEcNpUCtsan3jC6eF7tdi0Kx8=' 'sha256-CL7LrLKfmUkOXW4BQA7ZhPPm2XcRkch1dCsHdP8gRro=' 'sha256-nM0TuVvvbxcsa3/o/MzNB8MYH7cM8CvwNJgxftzfPyg=' 'sha256-+ePDGQq9fnxkG2EGoXSEeqZAjI97EomR7M+8Sp3AIqs=' 'sha256-K5nWehPOK6+W/k7P1CmiMWXoIrnTF/5rUeEIE3jIEGo=' https://*.hif.com.au https://use.fortawesome.com https://cdn.mintox.com.au https://access.equalweb.com https://optimize.google.com https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com wasm-eval ;  img-src 'self' 'nonce-19fe220efbbaf324675256288bc07fb35c708e44' https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://*.facebook.net https://*.facebook.com https: data: about:;  font-src 'self' 'nonce-19fe220efbbaf324675256288bc07fb35c708e44' https://*.hif.com.au https://cdn.mintox.com.au https://*.typekit.net https://*.zopim.com https://fonts.gstatic.com data:;  connect-src 'self' https://*.hif.com.au https://cdn.mintox.com.au https://*.luckyorange.net https://*.zdassets.com https://*.doubleclick.net wss://*.zopim.com https://*.addthis.com https://www.google-analytics.com https://*.google.com https://www.google.com.au https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://cdn.equalweb.com https://access.equalweb.com https://ocr.equalweb.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://bat.bing.com https://*.facebook.net https://*.facebook.com;  child-src 'self' https://*.hif.com.au https://transact.nab.com.au https://cdn.mintox.com.au https://*.doubleclick.net https://*.hotjar.com https://*.facebook.com https://*.facebook.net https://*.addthis.com https://www.google.com https://*.google.com https://www.ahsa.com.au https://youtube.com https://*.youtube.com;  object-src 'none';  frame-src 'self' https://*.hif.com.au https://transact.nab.com.au https://cdn.mintox.com.au https://*.doubleclick.net https://*.hotjar.com https://*.facebook.com https://*.facebook.net https://*.addthis.com https://www.google.com https://*.google.com https://www.ahsa.com.au https://youtube.com https://*.youtube.com https://insight.adsrvr.org https://match.adsrvr.org; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: https: *.potsdam-mittelmark.de *.youtube.com 1
object-src 'none'; frame-ancestors 'self'; report-uri https://gpseo.fr/report-uri/enforce 1
img-src https: data: ; object-src 'self' https:; script-src 'unsafe-inline' 'self' 'unsafe-eval' https://analytics.tiktok.com https://*.ads-twitter.com https://www.google-analytics.com https://sensoriumgalaxy.com https://connect.facebook.net https://*.facebook.net https://facebook.net https://www.googletagmanager.com https://api.amplitude.com https://*.googleapis.com https://*.sensoriumgalaxy.com https://*.youtube.com https://fonts.gstatic.com https://i.ytimg.com https://*.ggpht.com https://static.doubleclick.net; style-src 'unsafe-inline' https://fonts.googleapis.com https://*.googleapis.com;  default-src 'self' https:; base-uri 'self' https://sensoriumgalaxy.com https://dev.sensoriumgalaxy.com; connect-src https:; font-src https: data: 1
connect-src *.google-analytics.com www.google-analytics.com *.analytics.google.com *.worldwish.org *.cloudflare.com *.doubleclick.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com fndrsp.net activity.wisepops.com worldwish.org wisepops.net px.ads.linkedin.com tracking.wisepops.com analytics.google.com conversions-config.reddit.com facebook.com *.facebook.com *.google.co.uk *.redditstatic.com  fndrsp.net fndrsp-checkout.net *.fundraiseup.com *.stripe.com *.paypal.com *.paypalobjects.com  *.plaid.com *.mastercard.com *.checkout.visa.com pay.google.com  https://google.com/pay  api.addressy.com  fundraiseupobjects.com translate.googleapis.com px4.ads.linkedin.com translate-pa.googleapis.com pagead2.googlesyndication.com https://www.google.com; default-src 'self' 'unsafe-inline' www.googletagmanager.com; font-src 'self' data: *.worldwish.org fonts.gstatic.com static.fundraiseup.com *.fundraiseup.com *.stripe.com wishstage.wpengine.com; frame-src 'self' data: www.google.com platform.twitter.com www.googletagmanager.com player.vimeo.com vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com *.twitter.com *.cloudflare.com *.doubleclick.net donorbox.org tgbwidget.com  *.fundraiseup.com *.stripe.com *.src.mastercard.com *.checkout.visa.com *.plaid.com  *.paypal.com pay.google.com fundraiseupobjects.com www.paypalobjects.com; img-src data: t.co *.twitter.com wishstage.wpengine.com alb.reddit.com px.ads.linkedin.com www.facebook.com *.google.com *.google.co.uk *.google-analytics.com i.ytimg.com *.googletagmanager.com *.google.com *.google.fr *.google.nl *.google.pl  worldwish.org  *.google.com *.google.ac *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.com.kh *.google.cc *.google.cd *.google.cf *.google.cat *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn g.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gf *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.iq *.google.ie *.google.co.il *.google.im *.google.co.in *.google.io *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.com.lc *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.ne *.google.com.nf *.google.com.ng *.google.com.ni *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pk *.google.com.pa *.google.com.pe *.google.com.ph *.google.pl *.google.com.pg *.google.pn *.google.co.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.rs *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.sm *.google.so *.google.st *.google.sr *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.to *.google.tn *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.co.za *.google.co.zm *.google.co.zw cdn.wisepops.com linkedin.com  *.fundraiseup.com ucarecdn.com pay.google.com *.paypalobjects.com *.fundraiseupobjects.com fonts.gstatic.com  www.gstatic.com translate.googleapis.com  *.ads.linkedin.com *.paypal.com ; media-src 'self' blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' connect.facebook.net    *.fundraiseup.com   *.stripe.com m.stripe.network *.plaid.com *.src.mastercard.com *.checkout.visa.com pay.google.com *.paypal.com *.paypalobjects.com fundraiseupobjects.com; script-src-elem 'self' 'unsafe-inline' player.vimeo.com vimeo.com apis.google.com www.youtube.com www.youtube-nocookie.com platform.twitter.com googletagmanager.com www.googletagmanager.com www.google.com google.com www.gstatic.com gstatic.com www.google-analytics.com connect.facebook.net *.cloudflare.com cdn.fundraiseup.com static.cloudflareinsights.com donorbox.org static.fundraiseup.com static.ads-twitter.com www.redditstatic.com snap.licdn.com wisepops.net *.wisepops.com js.stripe.com www.paypal.com pay.google.com fundraiseupobjects.com translate.google.com  translate.googleapis.com translate-pa.googleapis.com translate-pa.googleapis.com *.fundraiseup.com data: googleads.g.doubleclick.net *.paypalobjects.com; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com fonts.googleapis.com www.gstatic.com; worker-src 'self' blob:; 1
upgrade-insecure-requests, frame-ancestors 'self' https://brennan.seismic.com https://liveshareaus1.seismic.com https://hhs-prod-az-australiasoutheast-tetra.smchost.io; 1
frame-ancestors 'self' *.apmp.org aida.dev.rohirrim.ai members.apmp.org/Shared_Content/rohirrim-SSO/production.aspx; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: 'self' 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-YzYxYTZmZWE4ZDE4NDdjNmE2OThkZGI2NmQ5OGRiZWY=' https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.raadrvs.nl; font-src 'self' https://statistiek.rijksoverheid.nl; object-src 'none'; connect-src https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.raadrvs.nl; img-src 'self' data: https://d3oiud1b8fohdw.cloudfront.net https://statistiek.rijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.toegankelijkheidsverklaring.nl; media-src 'self' https://*.rovid.nl https://*.rijksoverheidsvideo.nl; form-action 'self' https://export.highcharts.com https://*.contenttoolsrijksoverheid.nl https://*.raadrvs.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://maps.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com https://www.google-analytics.com; img-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com; object-src 'self'; frame-src https://player.vimeo.com https://www.youtube.com https://www.google.com/recaptcha/; report-uri https://munisense.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'self'; report-uri /__csp-report 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-EHHbZJfVAEXnYzzrbtInBQ==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
frame-ancestors 'self' grn-www.harrisboats.com; 1
; script-src 'self' 'unsafe-inline' 'unsafe-eval' cxppusa1formui01cdnsa01-endpoint.azureedge.net public-eur.mkt.dynamics.com www.googletagmanager.com www.google.com www.google.ie www.gstatic.com www.tagassistant.google.com apis.google.com www.google-analytics.com *.hotjar.com	*.hotjar.io	unpkg.com sem-o.com *.analytics.google.com unpkg.com; img-src cxppusa1formui01cdnsa01-endpoint.azureedge.net public-eur.mkt.dynamics.com 'self' www.eirgridgroup.com *.siteimproveanalytics.io *.ytimg.com www.google.ie www.google-analytics.com data: maps.gstatic.com *.googleapis.com; frame-src www.youtube-nocookie.com www.candidatemanager.net www.google.com; font-src 'self' use.typekit.net; worker-src blob:; style-src 'self' 'unsafe-inline' *.typekit.net; 1
default-src 'self'; frame-src *; font-src * data:; connect-src 'self' *; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src *  'unsafe-inline'; child-src 'self' * 1
default-src 'self';  style-src 'self' *.arcgis.co  *.typeform.com *.bootstrapcdn.com *.doublethedonation.com doublethedonation.com *.chatbot.com 'unsafe-inline' *.google.com *.google.ca *.googleapis.com; script-src 'self' *.issuu.com *.fontawesome.com *.arcgis.co *.createjs.com *.typeform.com *.chatbot.co *.facebook.net *.bing.com youtube.com *.youtube.com *.pardot.com *.cookieinformation.com *.classy.org *.googletagmanager.com *.google-analytics.com *.doublethedonation.com doublethedonation.com *.newrelic.com *.sharethis.com *.googleoptimize.com *.rainforest-alliance.org *.google.com *.google.ca *.gstatic.co *.chatbot.com 'unsafe-inline' *.googleadservices.com *.doubleclick.net 'unsafe-eval';  img-src 'self' *.rainforest-alliance.org rainforest-alliance.org *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.bing.com *.facebook.com *.doublethedonation.com doublethedonation.com *.gravatar.com *.chatbot.com data: *.google.com *.google.ca *.gstatic.com; font-src 'self' *.rainforest-alliance.org *.fontawesome.com *.doublethedonation.com doublethedonation.com data: *.googletagmanager.com *.google.com *.google.ca *.gravatar.com *.bootstrapcdn.com *.gstatic.com data:; connect-src 'self' *.google.com *.google.ca *.fontawesome.com *.hirehive.com *.cookieinformation.com *.google-analytics.com *.appspot.com *.doubleclick.net *.bing.com *.nr-data.net *.doublethedonation.com doublethedonation.com *.chatbot.com *.sharethis.com;  frame-src 'self' *.issuu.com *.linkedin.com *.arcgis.com *.facebook.com *.typeform.com *.juicer.io *.vimeo.com *.cookieinformation.com *.rainforest-alliance.org *.classy.org *.powerbi.com *.google.com *.google.ca youtube.com *.youtube.com *.chatbot.co *.chatbot.com  *.doubleclick.net; frame-ancestors 'none'; 1
child-src www.youtube.com; connect-src 'self' staclar.matomo.cloud; default-src 'self' 'unsafe-inline' cdn.matomo.cloud essentials.pixfort.com fonts.googleapis.com fonts.gstatic.com img.youtube.com staclar.matomo.cloud www.youtube.com; font-src 'self' data: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' www.youtube.com; img-src 'self' data: essentials.pixfort.com img.youtube.com secure.gravatar.com staclar.matomo.cloud www.gstatic.com; script-src-elem 'self' 'unsafe-inline' ajax.googleapis.com cdn.matomo.cloud staclar.matomo.cloud www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.matomo.cloud staclar.matomo.cloud www.youtube.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com; report-uri https://staclar.report-uri.com/r/t/csp/enforce 1
frame-ancestors https://talos.evalink.io *.evalink.io *.nxgen.cloud 1
default-src 'self' www.google.com www.google-analytics.com fast.fonts.net; script-src 'self' code.jquery.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net cdn.rawgit.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' cdn.jsdelivr.net fast.fonts.net 'unsafe-inline'; object-src 'self'; img-src 'self' www.google-analytics.com data:; frame-src 'self' recruiting.paylocity.com player.vimeo.com www.google.com 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.porndig.chat:9080 www.porndig.chat:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.porndig.chat wss://www.porndig.chat *.campoints.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1721957777 1
font-src 'self' data:; script-src 'self' www.googletagmanager.com www.google.com *.clarity.ms *.flickr.com  'nonce-jkK5SoME6KQdiYi29rBpuQ=='; frame-src 'self' www.youtube.com www.google.com; style-src 'self'  'nonce-jkK5SoME6KQdiYi29rBpuQ=='; connect-src 'self' analytics.google.com stats.g.doubleclick.net www.google-analytics.com *.clarity.ms cloudflareinsights.com *.flickr.com; default-src 'self'; img-src 'self' www.google.com.br www.googletagmanager.com via.placeholder.com *.clarity.ms c.bing.com live.staticflickr.com 1
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-o7NIXn0r8_c5Gw' 'unsafe-hashes' 'sha256-xPFQMZneoRxFljeMIHQ4vPKPyDPgoABR+GFcO5aEhCg=' 'sha256-vJtl2RfhRVeaVjHri3h9zh+irblwCgC8O+2KO5SwjUE=' 'sha256-0YvrqKbbMt2EskJYz2VCrMp2hLAw5SnvKXcZiZNADEs=' 'sha256-ZzU+qOmZERkwCUIxTe7nDzk1ThNaLGel+/J1iWx+nSU=' 'sha256-7PR+0/+ZmUwb4JADPqIYhsBV5VPhfdB2IYp2W4Nc8Xo=' https://repositorio.lemlaboratorios.cl https://sofire.baidu.com https://affim.baidu.com https://safe.cdn.bcebos.com https://sofire.bdstatic.com https://aifanfan.baidu.com https://dmpstatic.cdn.bcebos.com https://aiff.cdn.bcebos.com https://goutong.baidu.com https://hm.baidu.com https://aff-im.cdn.bcebos.com *.azureedge.net *.calltrk.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js tagmanager.google.com *.bdimg.com *.bookeo.com applus.media data cdn.usefathom.com  code.jquery.com  docs.google.com https://v.qq.com m.youtube.com *.baidu.com; img-src 'self' blob: data: https://ssl.google-analytics.com https://aff-im.cdn.bcebos.com https://aff-im.bj.bcebos.com https://tracker.metricool.com *.ytimg.com www.google.es *.svc.dynamics.com https://tracker.metricool.com *.ytimg.com *.youtube.com  www.google-analytics.com secure.papelaweb.com aidback.applus.solutions www.applus.com https://api.map.baidu.com  *.bdimg.com *.baidu.com  *.googleusercontent.com cdn.usefathom.com code.jquery.com  maps.gstatic.com *.googleapis.com *.ggpht.com https://v.qq.com  ssl.gstatic.com www.gstatic.com https://www.googletagmanager.com stats.g.doubleclick.net adservice.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; frame-src 'self' https://repositorio2.lemlaboratorios.cl/ https://jobs.applus.com https://portal.r2docuo.com/ https://*.bookeo.com https://applus.media/ *.svc.dynamics.com www.googletagmanager.com *.doubleclick.net www.youtube-nocookie.com  player.vimeo.com  *.youtube.com  www.youtube-nocookie.com  docs.google.com https://v.qq.com accounts.google.com; child-src 'self' *.doubleclick.net www.youtube.com docs.google.com  https://v.qq.com *.bookeo.com; style-src 'unsafe-inline' 'self' https://aff-im.cdn.bcebos.com code.jquery.com tagmanager.google.com fonts.googleapis.com https://wappass.baidu.com; font-src 'self' data:  fonts.gstatic.com; manifest-src 'self'; frame-ancestors 'self' https://docs.google.com; connect-src 'self' https://aifanfan.baidu.com https://sofire.baidu.com https://sfp.safe.baidu.com https://fclog.baidu.com https://hm.baidu.com *.svc.dynamics.com https://www.google-analytics.com https://apps-cal.applus.com https://region1.google-analytics.com region1.analytics.google.com pagead2.googlesyndication.com httpbin.org maps.googleapis.com googleads.g.doubleclick.net stats.g.doubleclick.net aidback-test.applus.solutions aidback.applus.solutions aid-public.applus.solutions apps.applus.com apps.applus.solutions api.ipify.org applus-test.applus.solutions analytics.google.com adservice.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.baidu.com; form-action 'self' https://apps.applus.com; report-to default; media-src 'self'  https://applus.media https://aifanfan.baidu.com 1
default-src 'self' api.newsletter2go.com *.google-analytics.com *.googletagmanager.com tech-banker.com api.friendlycaptcha.com; font-src 'self' data: player.podigee-cdn.net; style-src 'self' 'unsafe-inline' cdn.podigee.com player.podigee-cdn.net; img-src 'self' data: secure.gravatar.com files.newsletter2go.com ps.w.org www.joomunited.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.podigee.com player.podigee-cdn.net static.newsletter2go.com *.google.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.googleapis.com *.youtube.com blob:; frame-src player.podigee-cdn.net player.vimeo.com vimeo.com *.youtube-nocookie.com *.youtube.com 1
frame-ancestors 'self' https://*.lexuskz.com https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'self'; font-src 'self' https://fonts.gstatic.com/ https://cdn.icomoon.io/81457/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://d1azc1qln24ryf.cloudfront.net/81457/ https://cdn.icomoon.io/81457/ https://project.nedbase.nl/content/css/; script-src 'self' 'unsafe-inline' https://project.nedbase.nl/content/js/ https://ajax.googleapis.com/ajax/libs/webfont/ https://www.googletagmanager.com *.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; connect-src 'self' *.google-analytics.com https://stats.g.doubleclick.net/j/collect; frame-src 'self' https://www.werkenbijdnwg.nl/ https://www.google.com; worker-src 'self' https://www.werkenbijdnwg.nl/; 1
default-src 'self'; frame-ancestors 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src 'self' blob: data:; 1
default-src 'self';           script-src             'sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4='             'sha256-ZMsR6ypSN8vh4FzPJazv7tV48y0aaSPVjeNcigFF6M0='             'self' 'nonce-bWlSRURRL0V3N2lrZDBCQUhnWkliQT09' 'strict-dynamic' 'unsafe-eval' https://ajax.cloudflare.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://optimizely.lebeau.ca https://optimizely.speedyglass.ca;            style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://*.googletagmanager.com https://tagmanager.google.com https://ajax.cloudflare.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com;            base-uri 'self';           font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:;           img-src 'self' data: https: https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://cdn.optimizely.com;            frame-src https://www.youtube.com https://www.google.com https://*.doubleclick.net https://a24401730579.cdn.optimizely.com https://a24401730579.cdn-pci.optimizely.com https://api.byscuit.com/data/client/A985CB9B-A6D2-4155-A2BA-570E6F916530/script/script.js https://optimizely.lebeau.ca https://optimizely.speedyglass.ca;            connect-src 'self'             https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com             https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com             https://*.googlesyndication.com https://*.clarity.ms https://cdn.cookielaw.org https://api.byscuit.com https://connect.facebook.net https://c.az.contentsquare.net/ https://*.google.ca https://k-us1.az.contentsquare.net https://logx.optimizely.com https://*.optimizely.com;            object-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.serc.ac.uk *.cloudflare.com *.cloudfront.net surveyjs.azureedge.net *.licdn.com newsapi.org *.doubleclick.net *.youtube.com *.microsoft.com *.clarity.ms *.bing.com *.microsoftonline.com *.google-analytics.com *.googleadservices.com *.google.com *.google.co.uk *.googletagmanager.com themes.googleusercontent.com *.linkedin.com *.facebook.com *.facebook.net *.aspnetcdn.com *.jquery.com *.fontawesome.com *.bootstrapcdn.com *.jsdelivr.net *.googleapis.com *.gstatic.com *.telerik.com *.typekit.net *.typekit.com *.visualstudio.com *.msecnd.net vjs.zencdn.net unpkg.com *.ally.ac *.gravatar.com *.linkedin.oribi.io *.stackadapt.com *.cdn.office.net *.dotdigital-pages.com *.proquest.com *.turnitinuk.com *.clickview.com; 1
default-src 'self'; frame-src 'none'; object-src 'none'; style-src 'self' 'nonce-0oE3ud4kVIvzIY6CrktN1jSqxoC7REbY'; frame-ancestors 'none'; base-uri 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.goodays.co *.visenze.com *.syteapi.com *.criteo.com *.maytap.me *.thequin.ai *.useinsider.com https://*.useinsider.com https://*.nr-data.net https://*.creativecdn.com/ https://*.hotjar.com https://*.newrelic.com https://*.yandex.ru https://*.criteo.com https://thequin.ai https://*.thequin.ai https://quinengine.com https://*.quinengine.com https://*.demdex.net https://*.api.ditto.com https://*.doubleclick.net https://*.everesttech.net https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.googleapis.com https://assets.adobedtm.com https://atasunoptik.sortext.com https://analytics.tiktok.com https://cdn.480app.com https://commerce.adobedtm.com https://cdnjs.cloudflare.com https://critizr.com https://cdn.efilli.com https://connect.facebook.net https://cdn.nmgassets.com https://cdn.syteapi.com https://cdn.visenze.com https://dynamic.criteo.com https://googleads.g.doubleclick.net https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://js.bkmexpress.com.tr https://js.facebook.com https://live.maytap.me https://signals.atasunoptik.com.tr https://sslwidget.criteo.com https://static.criteo.net https://static.critizr.com https://ssl.google-analytics.com https://stn-atasun.mncdn.com https://tags.bkrtx.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://cdn.yapaytech.com  https://bundles.efilli.com/atasunoptik.com.tr.prod.js;       worker-src 'self' blob:;        child-src blob: gap: *.youtube.com;       object-src 'self' *.youtube.com;       style-src 'self' 'unsafe-inline' https://*.goodays.co *.critizr.com *.cloudflare.com https://*.hotjar.com *.segmentify.com *.useinsider.com *.googletagmanager.com https://*.creativecdn.com/ *.google.com https://fonts.googleapis.com https://stn-atasun.mncdn.com https://tagmanager.google.com;       frame-src *;       font-src data: *;       connect-src 'self' *;       base-uri 'self';       frame-ancestors 'self' *.youtube.com;       block-all-mixed-content;       report-uri /WebResource.axd?cspReport=true 1
frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.everesttech.net https://*.demdex.net https://assets.adobedtm.com https://commerce.adobedtm.com https://cdn-ukwest.onetrust.com https://cdn-fsly.yottaa.net https://cdn.cookielaw.org https://f.vimeocdn.com https://geolocation.onetrust.com https://kit.fontawesome.com https://player.vimeo.com https://use.fontawesome.com https://www.vimeo.com;style-src 'self'  'unsafe-inline' *.fontawesome.com cdn-fsly.yottaa.net fonts.googleapis.com privacyportal-cdn.onetrust.com;object-src 'none';frame-src 'self' *.vimeo.com *.everesttech.net *.demdex.net mma.prnewswire.com;child-src 'self' *.vimeo.com *.everesttech.net *.demdex.net vimeo.com;img-src 'self' data: *.globenewswire.com *.vimeocdn.com *.vimeo.com *.demdex.net *.everesttech.net *.adobedtm.com aa.bathandbodyworks.com c212.net cdn-fsly.yottaa.net cdn.cookielaw.org d27yqnus3zuzeu.cloudfront.net fonts.gstatic.com mma.prnewswire.com www.3blmedia.com;font-src 'self' data: *.fontawesome.com fonts.googleapis.com fonts.gstatic.com privacyportal-cdn.onetrust.com;connect-src 'self' *.fontawesome.com *.onetrust.com *.demdex.net *.everesttech.net *.adobedtm.com collector-px6rvci3zs.px-cloud.net cdn.cookielaw.org edge.adobedc.net fonts.gstatic.com fonts.googleapis.com qoe-1.yottaa.net vimeo.com;manifest-src 'self';base-uri 'self';form-action 'self';media-src 'self' *.vimeo.com vimeo.com; worker-src 'self'; 1
upgrade-insecure-requests;style-src 'self' 'nonce-_8Vp0GbFuT8jjOM';font-src 'self';script-src 'self' 'nonce-_8Vp0GbFuT8jjOM' ;connect-src 'self' https://seafoam.space wss://seafoam.space  https://media.seafoam.space https://media.seafoam.space;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self'; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://app.upserve.com *.google-analytics.com *.googletagmanager.com https://code.jquery.com vimeo.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.youtube.com https://oss.maxcdn.com https://cdn.jsdelivr.net https://acsbapp.com https://static.addtoany.com; connect-src 'self' https://cdn.acsbapp.com https://www.google-analytics.com https://acsbapp.com https://en.wikipedia.org https://accesswidget-log-receiver.acsbapp.com https://web1.acsbapp.com; img-src 'self' data: https://app.upserve.com https://acsbapp.com https://web1.acsbapp.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://i.ytimg.com https://i.ytimg.com/vi/CcPS_9CR7Fk/mqdefault.jpg; style-src 'unsafe-inline' 'self' https://app.upserve.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://acsbapp.com; frame-src 'self' https://app.upserve.com https://www.youtube.com https://static.addtoany.com https://player.vimeo.com https://www.google.com; base-uri 'self'; object-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://privacyportalde-cdn.onetrust.com https://www.googletagmanager.com https://s0.wp.com https://app-sj04.marketo.com/index.php https://pages.videojet.com/js/forms2/js/forms2.min.js http://app-sj04.marketo.com http://pages.videojet.com https://www.google-analytics.com/analytics.js http://stats.wp.com http://www.google-analytics.com https://www.google-analytics.com https://cdn.cookielaw.org https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://cdn.mouseflow.com/projects/91c4ddb6-49ff-40dc-ba2b-125c44c82444.js http://cdn.mouseflow.com/projects/91c4ddb6-49ff-40dc-ba2b-125c44c82444.js https://pages.videojet.com/js/forms2/js/forms2.min.js https://pages.videojet.com/index.php/form/getForm https://stats.wp.com/e-202251.js http://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com/gtm.js; style-src 'self' 'unsafe-inline' https://privacyportalde-cdn.onetrust.com https://s0.wp.com http://app-sj04.marketo.com http://pages.videojet.com/js/forms2/css/forms2-theme-simple.css http://pages.videojet.com/js/forms2/css/forms2.css http://pages.videojet.com https://pages.videojet.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://privacyportalde-cdn.onetrust.com https://analytics.google.com https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://cdn.cookielaw.org https://geolocation.onetrust.com https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data: https://privacyportalde-cdn.onetrust.com https://s0.wp.com; frame-src 'self' https://td.doubleclick.net https://widgets.wp.com https://www.google.com http://app-sj04.marketo.com https://www.youtube.com http://pages.videojet.com https://pages.videojet.com; img-src 'self' data: https://laetus-com-develop.go-vip.net https://global.videojet.com https://secure.gravatar.com https://www.google.com http://app-sj04.marketo.com https://www.youtube.com https://www.googletagmanager.com http://www.google-analytics.com http://pixel.wp.com https://cdn.cookielaw.org https://global.laetus.com https://pixel.wp.com https://www.google.co.in https://www.google.com; manifest-src 'self'; media-src 'self'; 1
default-src 'self' 'unsafe-inline' data: *.gstatic.com  *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.clarity.ms *.bing.com unpkg.com *.cloudflare.com *.vimeo.com *.youtube.com *.myfonts.net *.drv.tw cloud.scorm.com; 1
default-src             'self' aj-mm.de *.aj-mm.de *.analytik-jena.com *.analytik-jena.de *.mm-rh3.net *.google-analytics.com *.analytics.google.com             www.facebook.com https://stats.g.doubleclick.net https://pi.pardot.com https://a.visitorqueue.com;         style-src             'self' 'unsafe-inline' aj-mm.de *.aj-mm.de aj-matomo-int1.mm-df1.net *.mm-rh3.net *.googleapis.com *.google.com             https://analytik-jena.ladesk.com             *.ytimg.com *.analytik-jena.com *.analytik-jena.de;         img-src             'self' data: *.ytimg.com *.google-analytics.com *.gstatic.com yt3.ggpht.com *.googletagmanager.com             www.facebook.com *.mm-df1.net *.mm-rh3.net *.analytik-jena.com *.analytik-jena.de *.aj.local aj.local             aj-mm.de *.aj-mm.de https://a.visitorqueue.com https://px.ads.linkedin.com https://www.linkedin.com https://www.bizgeniusapp.com             https://analytik-jena.ladesk.com https://www.google.com https://www.google.de https://googleads.g.doubleclick.net             userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-operators.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com;         script-src             'self' 'unsafe-inline' 'unsafe-eval' aj-mm.de *.aj-mm.de *.youtube.com *.ytimg.com *.google.com             *.google-analytics.com *.googletagmanager.com connect.facebook.net *.mm-df1.net *.mm-rh3.net             *.analytik-jena.com *.analytik-jena.de *.aj.local aj.local aj-upgrade.local https://pi.pardot.com             https://tracker.analytik-jena.com https://analytik-jena.ladesk.com https://www.kicktipp.de https://www.kicktipp.com             api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net             https://t.visitorqueue.com https://snap.licdn.com https://www.googleadservices.com https://www.bizgeniusapp.com;         font-src             'self' aj-matomo-int1.mm-df1.net *.gstatic.com *.mm-rh3.net *.analytik-jena.com *.analytik-jena.de             https://analytik-jena.ladesk.com userlike-cdn-umm.b-cdn.net fonts.gstatic.com;         frame-src             'self' *.analytik-jena.com *.analytik-jena.de *.mm-rh3.net www.youtube-nocookie.com player.vimeo.com www.facebook.com www.youtube.com player.vimeo.com             api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net https://www.kicktipp.de https://www.kicktipp.com;         connect-src             'self' data: blob: *.analytik-jena.com *.analytik-jena.de *.mm-rh3.net             https://www.facebook.com *.google-analytics.com *.analytics.google.com https://cdn.linkedin.oribi.io             https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net https://api.userlike.com             https://www.userlike.com https://userlike-cdn-operators.s3-eu-west-1.amazonaws.com wss://umd.userlike.com             umd.userlike.com api.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com             https://tracker.analytik-jena.com https://analytik-jena.ladesk.com https://www.bizgeniusapp.com             https://stats.g.doubleclick.net https://pi.pardot.com https://a.visitorqueue.com;         worker-src             blob: 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-7IejSCQoXnYBGplfVhwYNg=='; style-src 'self' www.gstatic.com; font-src 'self'; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app 1
connect-src https://*.cookiecode.nl/ https://*.doubleclick.net/ https://*.google-analytics.com https://*.hscollectedforms.net https://*.myshopify.com https://*.openstreetmap.org https://*.readspeaker.com https://*.shopifysvc.com https://api.hubspot.com https://api.searchine.net https://cdn.cookiecode.nl https://forms.hubspot.com https://stats.g.doubleclick.net https://www.google.com/ 'self';default-src 'self';font-src data: 'self';frame-src https://*.cookiecode.nl/ https://*.doubleclick.net/ https://*.readspeaker.com https://*.twitter.com https://*.vimeo.com https://app.hubspot.com/ https://e.issuu.com/ https://kprs.idea-x.nl/ https://kprs-ep.idea-x.nl/ https://vimeo.com https://www.google.com/ https://www.googletagmanager.com/ https://www.youtube.com 'self';img-src data: https://*.cdninstagram.com https://*.doubleclick.net/ https://*.openstreetmap.org https://*.vimeocdn.com https://cdn.shopify.com https://dashboard.umbraco.com https://forms.hsforms.com https://i.ytimg.com https://sdks.shopifycdn.com https://track.hubspot.com https://www.estafetterecyclewinkels.nl/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.gravatar.com https://www.omrin.nl https://www.omrinbedrijfsafval.nl 'self' www.luiewereldverbeteraar.nl;media-src https://*.akamaized.net https://player.vimeo.com 'self';script-src https://*.cookiecode.nl/ https://*.readspeaker.com https://*.vimeo.com https://cdn.searchine.net/ https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-scripts.com/ https://js.usemessages.com https://www.estafetterecyclewinkels.nl/ https://www.google.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.gstatic.com https://www.omrin.nl https://www.omrinbedrijfsafval.nl 'unsafe-eval' 'unsafe-inline' www.luiewereldverbeteraar.nl;style-src https://*.readspeaker.com https://unpkg.com 'self' 'unsafe-inline' 1
default-src 'self'; frame-src * ; media-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.smooch.io *.zdassets.com *.testrentik.test *.tctm.co *.cookiepro.com *.otovo.com *.nemon2ib.com *.iconnode.com *.tradedoubler.com api.brainsins.com mw.brainsins.com d2xkqxdy6ewr93.cloudfront.net *.cloudfront.net cdn.pushassist.com trc.taboola.com *.collect.igodigital.com resources.convious-app.com client.convious-app.com  cdn.taboola.com 510001631.collect.igodigital.com script.hotjar.com 510001630.collect.igodigital.com  static.hotjar.com launch-9151dc1e0eb6-development  mstat.acestream.net www.gstatic.com  www.googleoptimize.com optimize.google.com www.google-analytics.com www.google.com connect.facebook.net googleads.g.doubleclick.net eu5.bookingkit.de www.googleadservices.com ajax.aspnetcdn.com www.googletagmanager.com  www.google-analytics.com *.parquesreunidos.es assets.adobedtm.com amplify.review-alerts.com static-eu.payments-amazon.com maps.googleapis.com cdn.cookielaw.org geolocation.onetrust.com grpr.tt.omtrdc.net launch-9151dc1e0eb6-development js.mollie.com www.paypal.com  cd.livechatin.com mstat.acestream.net pilaff-up.ru statusklic.info cdn.notifyon.com cdn.livechatinc.com track.adform.net api-pre.adminos.parquesreunidos.com analytics.tiktok.com ts.tradetracker.net sleeknotecustomerscripts.sleeknote.com d2cmqkwo8rxlr9.cloudfront.net static.criteo.net ssl.google-analytics.com tagmanager.google.com ad.doubleclick.net www.youtube.com syndication.twitter.com platform.linkedin.com twimg.com s.ytimg.com publish.twitter.com platform.twitter.com apis.google.com api.livechatinc.com; style-src * 'unsafe-inline'; font-src * data:; connect-src * 1
frame-ancestors 'self' *.wallet.airpay.co.id *.shopee.kr *.airpay.co.id *.shopeemobile.com *.shopee.co.id *.shopee.cn *.shopee.io *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
script-src 'self' 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' https://join.criticaltechworks.com https://www.googletagmanager.com https://consent.cookiebot.com https://api.mapbox.com https://cdn.jsdelivr.net https://code.jquery.com https://connect.facebook.net https://www.facebook.com https://platform.twitter.com https://www.instagram.com https://cdnjs.cloudflare.com https://challenges.cloudflare.com https://platform.linkedin.com https://js.monitor.azure.com https://consentcdn.cookiebot.com 'report-sample' 'nonce-HidZw5X4qjKlH0TOpScDk4Wesde2Vuh5s1V96va3Qkg='; upgrade-insecure-requests; block-all-mixed-content; default-src 'self' https://join.criticaltechworks.com; font-src 'self' data: https:; img-src 'self' data: blob: https://www.linkedin.com https://www.facebook.com https://twitter.com dashboard.umbraco.com our.umbraco.com https:; style-src 'self' 'strict-dynamic' 'unsafe-inline' https://api.mapbox.com https://cdn.jsdelivr.net; frame-src 'self' https://www.googletagmanager.com https://www.facebook.com https://platform.twitter.com https://www.instagram.com https://consentcdn.cookiebot.com https://challenges.cloudflare.com https://api.mapbox.com; connect-src 'self' https://join.criticaltechworks.com https://api.twitter.com https://graph.facebook.com https://www.facebook.com https://graph.instagram.com https://www.instagram.com https://platform.instagram.com https://challenges.cloudflare.com https://westeurope-5.in.applicationinsights.azure.com https://api.mapbox.com https://events.mapbox.com https://*.tiles.mapbox.com https://consentcdn.cookiebot.com our.umbraco.com https://region1.google-analytics.com https://px.ads.linkedin.com; worker-src 'self' blob:; base-uri 'self'; object-src 'none' 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.promoteyourscience.com https://www.bestenneagramtest.com 1
default-src 'self' https://*.azureedge.net/; img-src 'self' data: https://s3.eu-west-2.amazonaws.com/tapestry-content*/ https://s3-eu-west-2.amazonaws.com/tapestry-content*/ 'unsafe-inline' https://ssl.gstatic.com/ https://*.google-analytics.com https://*.analytics.google.com www.google-analytics.com https://mktdplp102cdn.azureedge.net/*; media-src 'self' https://s3.eu-west-2.amazonaws.com/tapestry-content*/ https://s3-eu-west-2.amazonaws.com/tapestry-content*/ https://mktdplp102cdn.azureedge.net/*; script-src 'self' https://mktdplp102cdn.azureedge.net/ https://*.azureedge.net/ https://*.ncscdev.co.uk  'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://storage.googleapis.com/ https://www.googleoptimize.com/* https://www.googleoptimize.com/ https://mktdplp102cdn.azureedge.net/*; script-src-elem https://*.ncscdev.co.uk/ https://*.ncsc.gov.uk/ https://*.gchq.gov.uk/ https://mktdplp102cdn.azureedge.net/ 'unsafe-eval' 'unsafe-inline' https://mktdplp102cdn.azureedge.net/ https://optimize.google.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://storage.googleapis.com/ https://www.googleoptimize.com/; style-src 'self' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com/* https://fonts.googleapis.com/ https://mktdplp102cdn.azureedge.net/; font-src 'self' data:  https://fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' https://forms.office.com/ https://*.svc.dynamics.com/ https://*.google-analytics.com https://*.analytics.google.com www.google-analytics.com https://www.googletagmanager.com https://*.ncscdev.co.uk https://db.cyberessentials.ncsc.gov.uk https://db.iasme.co.uk/certSummarySearch.php https://mktdplp102cdn.azureedge.net/; manifest-src 'self' https://s3.eu-west-2.amazonaws.com/tapestry-content*/ https://s3-eu-west-2.amazonaws.com/tapestry-content*/; worker-src 'self'; frame-src 'self' https://forms.office.com/ https://*.svc.dynamics.com/ https://optimize.google.com https://www.youtube.com/ https://www.youtube-nocookie.com https://open.spotify.com/; object-src https://www.youtube-nocookie.com 'self' 1
base-uri 'self'; object-src 'none'; script-src https://community.robotshop.com/forum/logs/ https://community.robotshop.com/forum/sidekiq/ https://community.robotshop.com/forum/mini-profiler-resources/ https://community.robotshop.com/forum/assets/ https://community.robotshop.com/forum/brotli_asset/ https://community.robotshop.com/forum/extra-locales/ https://community.robotshop.com/forum/highlight-js/ https://community.robotshop.com/forum/javascripts/ https://community.robotshop.com/forum/plugins/ https://community.robotshop.com/forum/theme-javascripts/ https://community.robotshop.com/forum/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'sha256-Gty3/aPWFfSvz7pdT39HY97/+2opLup9V0L19ZF0IwY=' https://static.klaviyo.com/onsite/js/klaviyo.js community.robotshop.com/web/discourse.js https://community.robotshop.com/web/ https://www.robotshop.com/cdn-cgi/ https://static.hotjar.com/ https://www.google-analytics.com/ https://script.hotjar.com/ https://static.cloudflareinsights.com/ https://community.robotshop.com/forum/ https://ajax.cloudflare.com/cdn-cg/ https://ajax.cloudflare.com/cdn-cgi/scripts/ https://www.googletagmanager.com/ https://tagmanager.google.com https://fonts.googleapis.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net/ 'self' 'unsafe-inline' https://static-tracking.klaviyo.com/ https://static.klaviyo.com/; worker-src 'self' https://community.robotshop.com/forum/assets/ https://community.robotshop.com/forum/brotli_asset/ https://community.robotshop.com/forum/javascripts/ https://community.robotshop.com/forum/plugins/; frame-ancestors 'self' https://community.robotshop.com https://community.robotshop.com https://community.robotshop.com; manifest-src 'self' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.gerflor.com https://googleads.g.doubleclick.net https://snap.licdn.com https://static https://maps.googleapis.comhotjar.com https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://cdnjs.cloudflare.com https://*.nationalbimlibrary.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hscollectedforms.net https://js.hsleadflows.net https://js.hs-analytics.net https://assets.pinterest.com https://*.gerflor.com https://cdn.novius.net; object-src 'self'; worker-src blob:; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'nonce-6hr-gdJjfkqh57PR9hPhqn9PVEv8Lzg_iBxupSInWiRncTGICmGMow' https://*.email-provider.nl https://cdn-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://player.vimeo.com/api/player.js https://include.timeblockr.com https://shared.api.timeblockr.com https://shared.signalr.timeblockr.com wss://shared.signalr.timeblockr.com 'unsafe-eval' https://cdn.matomo.cloud https://houten.analytics.opengemeenten.nl 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://cdn-eu.readspeaker.com https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com https://include.timeblockr.com https://*.matomo.cloud https://houten.analytics.opengemeenten.nl; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://vttts-eu.readspeaker.com https://*.webgispublisher.nl https://youtu.be https://youtube.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com; style-src-elem 'self' https://cdn-eu.readspeaker.com https://youtube.com https://www.youtube.com https://include.timeblockr.com 'nonce-6hr-gdJjfkqh57PR9hPhqn9PVEv8Lzg_iBxupSInWiRncTGICmGMow' 'report-sample'; connect-src 'self' https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://media-eu.readspeaker.com https://vttts-eu.readspeaker.com https://wrapi-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://include.timeblockr.com https://*.api.timeblockr.com https://shared.signalr.timeblockr.com wss://shared.signalr.timeblockr.com https://*.matomo.cloud https://houten.analytics.opengemeenten.nl https://maxcdn.bootstrapcdn.com; form-action https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://id.opengemeenten.nl https://users.opengemeenten.nl https://login.microsoftonline.com 'self'; media-src 'self' https://cdn-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://vimeo.com; style-src 'self' https://cdn-eu.readspeaker.com https://youtube.com https://www.youtube.com https://include.timeblockr.com https://maxcdn.bootstrapcdn.com 'report-sample'; object-src 'self' https://youtube.com https://www.youtube.com; font-src 'self' https://include.timeblockr.com data: https://maxcdn.bootstrapcdn.com; report-to csp; child-src 'self' blob:; frame-ancestors 'self'; report-uri https://monitoring.opengemeenten.nl/api/5/security/?sentry_key=8ecd0d6b2ab6432782fe7a6a5c01c534 1
block-all-mixed-content; frame-ancestors 'none'; base-uri 'self'; form-action 'self' https:; default-src 'none'; child-src 'self' www.google.com/recaptcha/ www.youtube-nocookie.com/embed/ player.vimeo.com/video/; connect-src 'self' *.google-analytics.com *.analytics.google.com *.g.doubleclick.net ambulance-wens.test-4.programic.dev; img-src 'self' data: https:; font-src 'self'; frame-src 'self' www.google.com/recaptcha/ www.youtube-nocookie.com/embed/ player.vimeo.com/video/ www.facebook.com; script-src 'self' 'unsafe-inline' www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.googleadservices.com www.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.facebook.com connect.facebook.net ambulance-wens.test-4.programic.dev; style-src 'self' 'unsafe-inline' 1
default-src 'self'; connect-src 'self'  https://d1cs1sx7k4kk4i.cloudfront.net/Prod/ api.swiftype.com search-api.swiftype.com cdn.plyr.io noembed.com *.nr-data.net *.google-analytics.com cdn.weglot.com cdn-api-weglot.com stats.g.doubleclick.net *.analytics.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' media-library.cloudinary.com cdn.plyr.io www.youtube.com d10n3zzxo2ni2p.cloudfront.net d3ur9hunnb0w20.cloudfront.net js-agent.newrelic.com *.nr-data.net www.googletagmanager.com fast.wistia.net fast.wistia.com googleads.g.doubleclick.net www.googleadservices.com connect.facebook.net extend.vimeocdn.com bs.serving-sys.com secure-ds.serving-sys.com cdn.weglot.com diffuser-cdn.app-us1.com; img-src data: res.cloudinary.com i.ytimg.com 'self' d10n3zzxo2ni2p.cloudfront.net d3ur9hunnb0w20.cloudfront.net googleads.g.doubleclick.net www.google.com www.google.ie www.facebook.com; frame-src players.brightcove.net w.soundcloud.com open.spotify.com cloudinary.com console.cloudinary.com www.youtube.com www.youtube-nocookie.com embed.podcasts.apple.com fast.wistia.net td.doubleclick.net; media-src res.cloudinary.com; style-src 'unsafe-inline' 'self' 'unsafe-inline' use.typekit.net cdn.plyr.io p.typekit.net d10n3zzxo2ni2p.cloudfront.net d3ur9hunnb0w20.cloudfront.net cdn.weglot.com; font-src use.typekit.net data: 'self'; 1
default-src 'self'; script-src 'self' 'nonce-3MQrA+SXivv/5KcOAyJQrQ==' 'unsafe-hashes' 'unsafe-eval' https://maps.gstatic.com https://*.gstatic.com https://*.ggpht.com *.googleusercontent.com https://ssl.google-analytics.com https://*.googleapis.com https://maps-api-ssl.google.com blob: https://connect.facebook.net/en_US/all.js https://www.google-analytics.com https://www.googletagmanager.com https://d10ukqbetc2okm.cloudfront.net https://*.mogl.com https://cdn.cookielaw.org;style-src 'self' 'unsafe-inline' https://code.jquery.com  https://d10ukqbetc2okm.cloudfront.net https://cdnjs.cloudflare.com https://*.googleapis.com https://connect.facebook.net https://fonts.googleapis.com; object-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://*; connect-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.facebook.com https://stats.g.doubleclick.net https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://www.google-analytics.com; font-src 'self' https://d10ukqbetc2okm.cloudfront.net https://cdnjs.cloudflare.com https://fonts.gstatic.com https://*.googleapis.com; frame-src 'self' https://www.facebook.com https://*.google.com; img-src 'self' https://cdn.cookielaw.org https://d10ukqbetc2okm.cloudfront.net https://stats.g.doubleclick.net/ https://ssl.google-analytics.com https://*.mogl.com https://*.gofigg.net https://idsync.rlcdn.com http://lorempixel.com https://www.googletagmanager.com https://t.mogl.com https://test-static.mogl.com https://www.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleusercontent.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:; 1
frame-ancestors *.umay.club *.mycollege.kz *.codo.kz *.hrplus.kz *.nis.edu.kz *.edu.kz 1
frame-src 'self' https://www.baluarte.com https://visita.baluarte.com https://fundacion.baluarte.com https://www.youtube.com https://www.recaptcha.net https://td.doubleclick.net; frame-ancestors 'self' https://www.baluarte.com https://fundacion.baluarte.com https://visita.baluarte.com; 1
default-src 'self'; worker-src blob:; connect-src wss: *.pusher.com https: *.codicadev.net *.ipinfo.io *.sentry.io *.w3.org *.pipedrive.com px.ads.linkedin.com www.google.com.ua *.google.com *.googletagmanager.com savjee.report-uri.com *.facebook.com snap.licdn.com stats.g.doubleclick.net; script-src https: *.codicadev.net 'unsafe-eval' *.pipedrive.com *.googletagmanager.com connect.facebook.com snap.licdn.com *.ipinfo.io 'unsafe-inline'; style-src 'self' *.googletagmanager.com *.codica.com *.googleapis.com *.codicadev.net 'unsafe-inline'; font-src https: data: *.codicadev.net *.pipedrive.com font.gstatic.com 'unsafe-inline'; img-src https: data: *.codicadev.net *.pipedrive.com *.google.com *.facebook.com px.ads.linkedin.com images.dmca.com 'unsafe-inline'; frame-src https: *.codicadev.net *.google.com *.facebook.com www.googletagmanager.com; object-src https: ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.16.0/jquery.validate.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery-validation-unobtrusive/3.2.12/jquery.validate.unobtrusive.min.js https://cdnjs.cloudflare.com/ajax/libs/js-cookie/2.2.1/js.cookie.min.js https://connect.facebook.net https://services.postcodeanywhere.co.uk/js/address-3.91.min.js https://www.google.com/recaptcha/api.js https://www.google-analytics.com https://*.googletagmanager.com https://www.gstatic.com https://player.vimeo.com https://r1.dotdigital-pages.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://services.postcodeanywhere.co.uk/css/address-3.91.css https://*.hotjar.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://our.umbraco.com https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://services.postcodeanywhere.co.uk https://www.googleadservices.com https://www.google.co.uk https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.hotjar.com; frame-src 'self' https://player.vimeo.com https://www.google.com https://r1.dotdigital-pages.com https://r1.ddlnk.net https://apps.powerapps.com; img-src 'self' data: https://ccpas-prod.azurewebsites.net https://dashboard.umbraco.com https://github.com/favicon.ico https://our.umbraco.com https://services.postcodeanywhere.co.uk https://www.bing.com/favicon.ico https://www.facebook.com https://www.github.com/favicon.ico https://www.google.com/favicon.ico https://*.google-analytics.com https://www.google.com https://www.google.co.uk https://*.hotjar.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:; 1
default-src 'self' https://cdn.plaid.com https://js.recurly.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.plaid.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com https://ssl.google-analytics.com https://level20.us10.list-manage.com https://connect.facebook.net/ https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.redditstatic.com https://analytics.tiktok.com https://js.recurly.com https://analytics-sm.com youtube.com www.youtube.com https://*.methodfi.com https://chat-assets.frontapp.com https://chat.frontapp.com https://us-west-1-chat-server.frontapp.com https://us-west-2-chat-server.frontapp.com wss://front-us-realtime.ably.io https://chat-webhook.frontapp.com; style-src 'self' 'unsafe-inline' https://cdn.plaid.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://fonts.googleapis.com/ https://js.recurly.com https://*.hotjar.com blob:; font-src 'self' cdn.plaid.com fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' https://cdn.plaid.com https://bid.g.doubleclick.net https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://api.recurly.com *.lotusprototype.com *.hellostretch.com youtube.com www.youtube.com https://*.methodfi.com; img-src 'self' data: *; media-src 'self' data: *.lotusprototype.com *.hellostretch.com; connect-src 'self' https://api.sendgrid.com https://www.google-analytics.com *.lotusprototype.com *.hellostretch.com *.amazonaws.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://api.recurly.com https://*.frontapp.com https://*.frontapplication.com; object-src 'none' 1
default-src 'self' *.wartsila.com *.wistia.com https://t.wartsila.tiedosto.com https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com twitter.com https://waertsilae.leadfamly.com https://go.pardot.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://cdn.flipsnack.com tools.eurolandir.com asia.tools.euroland.com www.facebook.com https://innovatics.fi https://*.innovatics.fi cdn.cookielaw.org *.leadoo.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://s.ytimg.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.curator.io *.google-analytics.com https://www.youtube.com/iframe_api https://www.youtube.com/s/ *.twitter.com twitter.com https://static.ads-twitter.com https://dec.azureedge.net/ www.googletagmanager.com https://snap.licdn.com www.googleadservices.com https://code.jquery.com https://ajax.microsoft.com cdn.pardot.com https://track.gaconnector.com https://tag.demandbase.com https://serve.nrich.ai pi.pardot.com https://cdnjs.cloudflare.com https://tag.nrich.ai https://audience.nrich.ai pages.wartsila.digital *.doubleclick.net doubleclick.net https://app.interactiveads.ai *.wistia.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input kendo.cdn.telerik.com https://unpkg.com s7.addthis.com m.addthis.com https://z.moatads.com/addthismoatframe568911941483/moatframe.js https://v1.addthisedge.com docs.google.com tools.euroland.com https://t.wartsila.tiedosto.com fast.wistia.net meltwater.fi https://api-public.addthis.com wartsila-reports.studio.crasman.fi https://ipmeta.io t.co https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com https://safety-day-bingo-prod.s3.eu-west-1.amazonaws.com https://waertsilae.leadfamly.com https://go.pardot.com *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://stackpath.bootstrapcdn.com https://sentiment.inderes.fi https://*.hotjar.com wss://*.hotjar.com tools.eurolandir.com asia.tools.euroland.com *.pingdom.net *.imp.stackadapt.com *.srv.stackadapt.com srv.stackadapt.com cdn.cookielaw.org *.leadoo.com https://code.createjs.com/1.0.0/createjs.min.js https://hm.baidu.com/hm.js https://*.linkedin.com https://*.baidu.com https://*.cdn.bcebos.com 'self' js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com *.twimg.com *.curator.io *.twitter.com twitter.com https://d35islomi5rx1v.cloudfront.net https://d20rdry57v9fzf.cloudfront.net wartsila-flexicycle.s3.amazonaws.com docs.google.com *.wistia.com wartsila-reports.studio.crasman.fi https://cdnjs.cloudflare.com t.co https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com https://safety-day-bingo-prod.s3.eu-west-1.amazonaws.com https://waertsilae.leadfamly.com https://go.pardot.com m.addthis.com pages.wartsila.digital fast.fonts.net *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://stackpath.bootstrapcdn.com https://sentiment.inderes.fi tools.eurolandir.com asia.tools.euroland.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input https://code.jquery.com https://res.leadoo.com *.srv.stackadapt.com srv.stackadapt.com cdn.cookielaw.org *.leadoo.com https://*.baidu.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src www.linkedin.com data: blob: * android-webview-video-poster: https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input fast.wistia.net *.wistia.com *.stackadapt.com sitefinity-videos-stage.s3.eu-west-1.amazonaws.com *.google-analytics.com google-analytics.com *.analytics.google.com analytics.google.com https://*.linkedin.com 'self' track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: themes.googleusercontent.com/static/fonts/inconsolata/v5/BjAYBlHtW3CJxDcjzrnZCIbN6UDyHWBl620a-IRfuBk.woff https://cdnjs.cloudflare.com https://app.powerbi.com https://curatorio.s3.amazonaws.com https://github.com login.microsoftonline.com https://safety-day-bingo-prod.s3.eu-west-1.amazonaws.com https://waertsilae.leadfamly.com https://go.pardot.com fast.fonts.net *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com *.curator.io https://*.hotjar.com wss://*.hotjar.com tools.eurolandir.com asia.tools.euroland.com *.wistia.com https://res.leadoo.com *.stackadapt.com; frame-src 'self' *.wartsila.com https://go.pardot.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com tools.euroland.com tools.eurolandir.com asia.tools.euroland.com https://innovatics.fi https://*.innovatics.fi https://www.youtube.com https://www.google.com www.facebook.com https://w.soundcloud.com/ https://snapwidget.com/ pages.wartsila.digital meltwater.fi https://s.company-target.com/ https://app.powerbi.com *.leadoo.com *.doubleclick.net doubleclick.net forms.hsforms.com web-chat.nativechat.com; connect-src data: accounts.google.com *.curator.io *.mktoresp.com https://track.gaconnector.com https://serve.nrich.ai https://api.company-target.com *.google-analytics.com google-analytics.com *.analytics.google.com analytics.google.com *.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://api-public.addthis.com https://s7.addthis.com https://embedwistia-a.akamaihd.net fast.wistia.net https://d20rdry57v9fzf.cloudfront.net wartsila-flexicycle.s3.amazonaws.com https://ipmeta.io https://t.wartsila.tiedosto.com t.co https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com https://tag.nrich.ai https://match.prod.bidr.io *.twitter.com https://waertsilae.leadfamly.com https://go.pardot.com m.addthis.com pages.wartsila.digital https://*.hotjar.io *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://crmsrv.azurewebsites.net https://sentiment.inderes.fi https://*.hotjar.com wss://*.hotjar.com https://cdn.flipsnack.com tools.eurolandir.com asia.tools.euroland.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input www.facebook.com https://www.quandl.com *.pingdom.net wartsila.avaus.fi https://maps.googleapis.com https://sitefunc1.azurewebsites.net https://bot.leadoo.com https://iapi.leadoo.com https://anl.leadoo.com *.stackadapt.com https://innovatics.fi https://*.innovatics.fi risk.ipmeta.io segments.company-target.com cdn.cookielaw.org *.onetrust.com cdn.linkedin.oribi.io *.leadoo.com application/wasm blob: https://tag-logger.demandbase.com/ googlesyndication.com *.googlesyndication.com *.doubleclick.net doubleclick.net https://*.google.com https://*.linkedin.com https://*.baidu.com https://*.safe.baidu.com 'self' forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://video-frt3-2.cdninstagram.com https://www.youtube.com https://embedwistia-a.akamaihd.net https://*.hotjar.com wss://*.hotjar.com tools.eurolandir.com asia.tools.euroland.com *.wistia.com fast.wistia.net sitefinity-videos-stage.s3.eu-west-1.amazonaws.com https://*.baidu.com; child-src https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: *.twitter.com twitter.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://s7.addthis.com www.slideshare.net https://www.google.com pages.wartsila.digital https://snapwidget.com https://innovatics.fi https://*.innovatics.fi tools.euroland.com *.doubleclick.net doubleclick.net https://app.interactiveads.ai meltwater.fi www.linkedin.com *.wistia.com https://d20rdry57v9fzf.cloudfront.net wartsila-flexicycle.s3.amazonaws.com wartsila-reports.studio.crasman.fi https://t.wartsila.tiedosto.com t.co https://api.curator.io https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com https://waertsilae.leadfamly.com https://go.pardot.com *.wartsila.com https://*.hotjar.com wss://*.hotjar.com https://cdn.flipsnack.com tools.eurolandir.com asia.tools.euroland.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input https://www.quandl.com https://bot.leadoo.com cdn.linkedin.oribi.io cdn.cookielaw.org *.leadoo.com 'self' web-chat.nativechat.com 1
default-src 'self' *.google-analytics.com *.hotjar.com *.knightlab.com *.stats.g.doubleclick.net https://stats.g.doubleclick.net *.akamai.net *.disqus.com https://disqus.com/ *.disquscdn.com *.techstars.com; script-src 'unsafe-inline' 'unsafe-eval' http:; style-src 'unsafe-inline' http:; img-src http: data:; font-src http: data:; frame-src 'self' *.hotjar.com *.knightlab.com *.disqus.com *.disquscdn.com https://disqus.com/ *.techstars.com; 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.facebook.com https://facebook.net https://*.facebook.net https://*.snapchat.com https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.com https://accounts.google.com/gsi/ https://*.mrbit.casino *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com s4vds4.ujad65dsai.com asdaerq.dapmaptuns.com *.checkout.com *.browser-intake-datadoghq.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://app.vwo.com https://*.mrbit.casino; frame-src 'self' bankid://* https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://*.zignsec.com https://*.trustly.com https://*.regily.com https://*.sumsub.com https://*.biahosted.com https://*.aitcloud.de https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.casino https://* paymentpage.ecommpay.com asdaerq.dapmaptuns.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.gstatic.com https://recaptcha.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://*.snapchat.com https://snapchat.com https://sc-static.net https://*.facebook.com https://facebook.net https://*.facebook.net https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.com https://accounts.google.com/gsi/client https://*.mrbit.casino *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com asdaerq.dapmaptuns.com *.checkout.com 'nonce-dn6LyzBOJ7uFWQHNIV2OhSmuCRTrVoj1X0XUrJwf0vE=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://accounts.google.com/gsi/style https://*.mrbit.casino *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com fasd63.illongrlong.com s4vds4.ujad65dsai.com asdaerq.dapmaptuns.com; worker-src 'self' blob:; report-uri https://mrbit.casino/sentry/api/41/csp-report/?sentry_key=38bd9ad353b94f1a8143ea227d160767 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://pone.social; img-src 'self' https: data: blob: https://pone.social; style-src 'self' https://pone.social 'nonce-VZLvu+y6DVb1aF0voXH/Ew=='; media-src 'self' https: data: https://pone.social; frame-src 'self' https:; manifest-src 'self' https://pone.social; form-action 'self'; child-src 'self' blob: https://pone.social; worker-src 'self' blob: https://pone.social; connect-src 'self' data: blob: https://pone.social https://treebrary.pone.social wss://pone.social; script-src 'self' https://pone.social 'wasm-unsafe-eval' 1
default-src 'self' https: data: 'unsafe-inline' blob: 'unsafe-eval'; 1
frame-ancestors *.firsthorizon.com 1
frame-ancestors 'self'; form-action 'self'; 1
default-src 'self' blob: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://fonts.googleapis.com https://cdn-us.beasensors.com https://bea-sensors-us.s3.nl-ams.scw.cloud https://website-us.s3.nl-ams.scw.cloud; script-src 'unsafe-inline' 'unsafe-eval' *; connect-src *; img-src 'self' data: *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; base-uri 'self';form-action 'self' https://www.createsend.com https://www.bea-sensors.com https://eu.beasensors.com https://asia.beasensors.com https://www.facebook.com; frame-src * 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-241a0dcb7430b3ded18b5e4c12e323c3'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' https://www.gravatar.com https://player.vimeo.com *.vimeocdn.com https://packages.umbraco.org https://our.umbraco.org ws:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stglinterprodneu01.blob.core.windows.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://fonts.googleapis.com https://apis.google.com https://use.typekit.net https://www.youtube.com https://www.youtube-nocookie.com https://*.vo.msecnd.net https://atlas.microsoft.com https://www.instagram.com https://ajax.googleapis.com https://connect.facebook.net https://fast.fonts.net https://code.jquery.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://az416426.vo.msecnd.net https://ajax.aspnetcdn.com https://plus.browsealoud.com https://www.browsealoud.com https://*.speechstream.net https://s3.amazonaws.com https://www.doubleclick.net https://*.list-manage.com;style-src 'self' 'unsafe-inline' https://stglinterprodneu01.blob.core.windows.net https://fonts.googleapis.com https://fast.fonts.net https://tagmanager.google.com https://plus.browsealoud.com https://www.browsealoud.com https://use.typekit.net https://p.typekit.net https://atlas.microsoft.com;img-src 'self' https://stglinterprodneu01.blob.core.windows.net https://www.google-analytics.com https://p.typekit.net https://atlas.microsoft.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://tagmanager.google.com https://ssl.gstatic.com https://www.gstatic.com data: https://i.vimeocdn.com https://www.gravatar.com https://umbraco.tv https://dashboard.umbraco.com *.umbraco.tv i.ytimg.com *.umbraco.org https://our.umbraco.com https://www.google.com https://www.google.co.uk https://www.facebook.com https://browsealoud-webservices-8.texthelp.com https://plus.browsealoud.com https://www.browsealoud.com;media-src 'self' https://stglinterprodneu01.blob.core.windows.net blob: https://plus.browsealoud.com https://www.browsealoud.com https://*.speechstream.net;frame-src 'self' https://www.google.com http://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://datastudio.google.com https://plus.browsealoud.com https://www.browsealoud.com https://www.facebook.com https://content.googleapis.com https://www.googletagmanager.com https://www.instagram.com https://www.doubleclick.net https://anchor.fm https://d3ctxlq1ktw2nl.cloudfront.net;font-src 'self' https://stglinterprodneu01.blob.core.windows.net https://use.typekit.net https://fonts.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://plus.browsealoud.com https://www.browsealoud.com data: https://atlas.microsoft.com https://fast.fonts.net;connect-src 'self' https://dc.services.visualstudio.com https://www.google-analytics.com https://region1.google-analytics.com https://our.umbraco.com/webapi/packages/v1 https://stats.g.doubleclick.net https://atlas.microsoft.com https://siteintercept.qualtrics.com ws: https://plus.browsealoud.com https://www.browsealoud.com https://browsealoud-webservices-8.texthelp.com https://babm.texthelp.com https://*.speechstream.net https://vimeo.com https://player.vimeo.com https://i.vimeocdn.com;base-uri 'self';child-src 'self' https://www.google.com http://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://datastudio.google.com https://plus.browsealoud.com https://www.browsealoud.com https://www.facebook.com https://content.googleapis.com https://www.googletagmanager.com https://www.instagram.com https://www.doubleclick.net https://anchor.fm https://d3ctxlq1ktw2nl.cloudfront.net;worker-src 'self' blob:;upgrade-insecure-requests;block-all-mixed-content;report-uri https://stormid.report-uri.com/r/d/csp/enforce 1
script-src  'self' 'unsafe-inline' 'unsafe-eval' https://mc.yandex.ru https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://chat.vtb.ru https://chat3.vtb.ru  https://ad.adriver.ru https://vk.com https://top-fwz1.mail.ru https://content.adriver.ru https://dmp.dmpkit.1dmp.io https://yastatic.net  https://stream.datago.ru https://xn--3-7sb8cs.xn--90ab2c.xn--p1ai https://onlinesales.vtb.ru https://manalyticshub.com https://video.dion.vc; style-src 'self' 'unsafe-inline' https://chat.vtb.ru https://chat3.vtb.ru https://xn--3-7sb8cs.xn--90ab2c.xn--p1ai https://onlinesales.vtb.ru https://video.dion.vc; img-src * data:; font-src 'self' data: https://chat.vtb.ru https://chat3.vtb.ru https://xn--3-7sb8cs.xn--90ab2c.xn--p1ai https://onlinesales.vtb.ru https://video.dion.vc; media-src https://chat3.vtb.ru https://vtbcareer.com https://xn--3-7sb8cs.xn--90ab2c.xn--p1ai https://onlinesales.vtb.ru https://video.dion.vc; frame-src 'self' 'unsafe-inline' blob: https://*.roseltorg.ru:* https://api-maps.yandex.ru:* https://chat.vtb.ru https://chat3.vtb.ru  https://auto.vtb.ru https://ipoteka.vtb.ru https://cl.vtb.ru https://cc.vtb.ru https://online.vtb.ru https://dmp.dmpkit.1dmp.io https://sync.1dmp.io/ https://onlinesales.vtb.ru https://manalyticshub.com https://video.dion.vc ; connect-src 'self' blob:  https://mc.yandex.ru https://suggestions.dadata.ru https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://geocode-maps.yandex.ru/ https://chat.vtb.ru https://chat3.vtb.ru https://ad.adriver.ru https://vk.com https://top-fwz1.mail.ru https://siteapi.vtb.ru http://siteapi.vtb.ru https://siteapi.vtb.com https://siteapi.vtb.com https://marketplace.vtb.ru https://auto.vtb.ru https://ipoteka.vtb.ru https://cl.vtb.ru https://cc.vtb.ru https://online.vtb.ru https://dmp.dmpkit.1dmp.io wss://chat.vtb.ru wss://chat3.vtb.ru https://cert.vtb.ru/ https://*.tech.rtb.mts.ru https://*.match.mts.ru https://www.vtb.ru https://stream.datago.ru https://tech.rtb.mts.ru https://xn--3-7sb8cs.xn--90ab2c.xn--p1ai wss://xn--3-7sb8cs.xn--90ab2c.xn--p1ai https://onlinesales.vtb.ru https://manalyticshub.com https://video.dion.vc; frame-ancestors 'self' https://*.vtb.ru:* https://www.rbc.ru https://metrika.yandex.ru https://onlinesales.vtb.ru https://video.dion.vc; 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-iJ1qK7ZqwqI758BudQrCMw==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://*.aol.com https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com https://bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/ https://interactives.ap.org; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.americanconfidenceinstitute.com https://www.ergleadershipalliance.com 1
base-uri 'none';frame-ancestors 'self'; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' https://trusted.cdn.com 'unsafe-inline' 'unsafe-eval' blob: https://cdn.syndication.twimg.com https://platform.twitter.com https://e.dtscout.com https://s4.histats.com https://s10.histats.com https://www.freevisitorcounters.com https://ajax.googleapis.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://translate.googleapis.com https://translate.google.com https://buttons-config.sharethis.com https://platform-api.sharethis.com github.com https://maxcdn.bootstrapcdn.com http://code.highcharts.com http://ajaxorg.github.io https://unpkg.com http://widget.supercounters.com https://widget.supercounters.com http://www.supercounters.com https://www.supercounters.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com http://code.jquery.com https://code.jquery.com https://rawgit.com https://use.fontawesome.com https://www.gstatic.com https://yoast.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net; img-src 'self' data: https://syndication.twitter.com https://pbs.twimg.com https://platform.twitter.com https://abs.twimg.com https://s4i.histats.com https://stats.symptoma.com https://www.freevisitorcounters.com https://translate.googleapis.com https://translate.googleapis.com https://www.google.com https://platform-cdn.sharethis.com https://chart.googleapis.com https://www.gstatic.com http://placekitten.com https://maps.googleapis.com https://khms1.googleapis.com https://khms0.googleapis.com https://maps.gstatic.com http://widget.supercounters.com https://widget.supercounters.com https://s.w.org https://stats.g.doubleclick.net https://www.google-analytics.com https://s-static.ak.facebook.com  https://media.licdn.com https://secure.gravatar.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://translate.googleapis.com http://ajax.googleapis.com https://cdn.linearicons.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://rawgit.com https://www.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://l.sharethis.com http://themes.potenzaglobalsolutions.com https://yoast.com; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://cdn.linearicons.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://fonts.gstatic.com  https://themes.googleusercontent.com https://fonts.gstatic.com https://themes.googleusercontent.com; frame-src 'self'  https://syndication.twitter.com https://platform.twitter.com https://www.freevisitorcounters.com https://kpwkm.spab.gov.my https://www.google.com https://c.sharethis.mgr.consensu.org https://player.vimeo.com https://www.youtube.com https://www.facebook.com https://s-static.ak.facebook.com https://media.licdn.com; object-src 'none'; media-src 'self' http://www.noiseaddicts.com http://www.w3schools.com 1
object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests; 1
default-src 'self' https://*.googleapis.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://piwik.uvm.cz https://*.hotjar.com https://*.twimg.com https://*.facebook.net https://*.facebook.com https://*.eurofencing.info https://eurofencing.info https://*.gstatic.com http://*.gstatic.com https://efc-prod.s3.amazonaws.com https://fburl.com/ https://*.mapbox.com/ https://*.googletagmanager.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://piwik.uvm.cz https://*.hotjar.com https://*.twimg.com https://*.facebook.net https://*.facebook.com https://*.eurofencing.info https://eurofencing.info https://*.gstatic.com http://*.gstatic.com https://efc-prod.s3.amazonaws.com https://fburl.com/ https://*.mapbox.com/ https://*.googletagmanager.com/ data: blob: 'unsafe-inline' https://*.googleapis.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://piwik.uvm.cz https://*.hotjar.com https://*.twimg.com https://*.facebook.net https://*.facebook.com https://*.eurofencing.info https://eurofencing.info https://*.gstatic.com http://*.gstatic.com https://efc-prod.s3.amazonaws.com https://fburl.com/ https://*.mapbox.com/ https://*.googletagmanager.com/; connect-src 'self' https://*.googleapis.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://piwik.uvm.cz https://*.hotjar.com https://*.twimg.com https://*.facebook.net https://*.facebook.com https://*.eurofencing.info https://eurofencing.info https://*.gstatic.com http://*.gstatic.com https://efc-prod.s3.amazonaws.com https://fburl.com/ https://*.mapbox.com/ https://*.googletagmanager.com/; img-src 'self' https://*.googleapis.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://piwik.uvm.cz https://*.hotjar.com https://*.twimg.com https://*.facebook.net https://*.facebook.com https://*.eurofencing.info https://eurofencing.info https://*.gstatic.com http://*.gstatic.com https://efc-prod.s3.amazonaws.com https://fburl.com/ https://*.mapbox.com/ https://*.googletagmanager.com/ data: blob: 'unsafe-inline' https://*.googleapis.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://piwik.uvm.cz https://*.hotjar.com https://*.twimg.com https://*.facebook.net https://*.facebook.com https://*.eurofencing.info https://eurofencing.info https://*.gstatic.com http://*.gstatic.com https://efc-prod.s3.amazonaws.com https://fburl.com/ https://*.mapbox.com/ https://*.googletagmanager.com/; font-src 'self' https://*.googleapis.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://piwik.uvm.cz https://*.hotjar.com https://*.twimg.com https://*.facebook.net https://*.facebook.com https://*.eurofencing.info https://eurofencing.info https://*.gstatic.com http://*.gstatic.com https://efc-prod.s3.amazonaws.com https://fburl.com/ https://*.mapbox.com/ https://*.googletagmanager.com/; style-src 'self' 'unsafe-inline' https://*.googleapis.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://piwik.uvm.cz https://*.hotjar.com https://*.twimg.com https://*.facebook.net https://*.facebook.com https://*.eurofencing.info https://eurofencing.info https://*.gstatic.com http://*.gstatic.com https://efc-prod.s3.amazonaws.com https://fburl.com/ https://*.mapbox.com/ https://*.googletagmanager.com/; frame-src 'self' https://*.googleapis.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://piwik.uvm.cz https://*.hotjar.com https://*.twimg.com https://*.facebook.net https://*.facebook.com https://*.eurofencing.info https://eurofencing.info https://*.gstatic.com http://*.gstatic.com https://efc-prod.s3.amazonaws.com https://fburl.com/ https://*.mapbox.com/ https://*.googletagmanager.com/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://matomo.pasdecalais.fr https://cdnjs.cloudflare.com https://unpkg.com https://cdn.plyr.io http://html5shiv.googlecode.com http://www.google-analytics.com https://ssl.google-analytics.com http://maps.google.com https://maps.googleapis.com https://ajax.googleapis.com https://www.googletagmanager.com; object-src 'self'; 1
frame-ancestors 'self' https://onerail.io https://*.onerail.io https://onerail.zendesk.com; 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://berliner-stadtmission.onlyfy.jobs https://stats.berliner-stadtmission.de https://api.spendino.de https://piwik.berliner-stadtmission.org https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob:;img-src 'self' https://*.berliner-stadtmission.de https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com data:; frame-src https://embed.acast.com https://sm-britz.church.tools https://berliner-stadtmission.onlyfy.jobs https://*.vimeo.com https://www.youtube-nocookie.com/ https://api.spendino.de https://sm-friedrichshagen.church.tools https://sm-karow.church.tools *.google.com; connect-src 'self' https://*.berliner-stadtmission.de https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob:; font-src data: https://www.berliner-stadtmission.de https://fonts.gstatic.com youtube.com www.youtube.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; worker-src blob:; 1
frame-ancestors 'self' *.mobileum.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.com *.hsappstatic.net *.hubspot.com *.newrelic.com *.nr-data.net *.googleapis.com *.hsforms.com *.hsforms.net *.blob.core.windows.net *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.hs-scripts.com *.hsleadflows.net *.usemessages.com *.hsadspixel.net *.google-analytics.com *.hs-analytics.net *.googleadservices.com *.g.doubleclick.net *.google.com *.google.pt *.hubapi.com *.facebook.net *.linkedin.com *.hubspot.net *.wistia.com *.bootstrapcdn.com *.ads-twitter.com *.raid.cloud t.co *.licdn.com *.twitter.com *.cookielaw.org *.jquery.com *.hs-banner.com *.salesloft.com *.demandbase.com 1
frame-ancestors 'self' http://localhost:3000 http://localhost:4005 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.hermobenito.com 1
frame-ancestors 'self' https://www.mibaby.de/ https://jupiter.kk.lan/ 1
frame-ancestors 'self' https://*.mdi-editions.com; 1
connect-src 'self' www.facebook.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com pagead2.googlesyndication.com www.google.com googleads.g.doubleclick.net analytics.google.com www.google-analytics.com www.redditstatic.com px.ads.linkedin.com js.zi-scripts.com stats.g.doubleclick.net login.microsoftonline.com forms-eu1.hscollectedforms.net forms-eu1.hsforms.com api-eu1.hubapi.com hubspot-forms-static-embed-eu1.s3.amazonaws.com https://tlkfrontprod.azureedge.net o4504211537854464.ingest.sentry.io toloka.dev sandbox.toloka.dev https://events.framer.com https://framerusercontent.com https://c.bing.com https://*.clarity.ms;script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net www.google-analytics.com www.googletagmanager.com www.google.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com bat.bing.com snap.licdn.com www.redditstatic.com js.zi-scripts.com googleads.g.doubleclick.net js-eu1.hs-scripts.com js-eu1.hsadspixel.net js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net js-eu1.hsforms.net https://tlkfrontprod.azureedge.net o4504211537854464.ingest.sentry.io https://framer.com https://framerusercontent.com https://events.framer.com/script https://c.bing.com https://*.clarity.ms https://ga.jspm.io https://app.framerstatic.com https://*.framer-components.toloka-test.ai https://framer-components.toloka.cloud https://*.workable.com https://dcvxs6ggqztsa.cloudfront.net;style-src 'self' googletagmanager.com fonts.googleapis.com tagmanager.google.com https://tlkfrontprod.azureedge.net 'unsafe-inline';img-src https: 'self' data: googletagmanager.com *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com ssl.gstatic.com www.gstatic.com https://tlkfrontprod.azureedge.net;frame-src 'self' td.doubleclick.net bid.g.doubleclick.net www.facebook.com sdx.microsoft.com www.youtube.com youtube.com forms-eu1.hsforms.com https://tlkfrontprod.azureedge.net blob: https://apply.workable.com;manifest-src 'self' https://tlkfrontprod.azureedge.net;frame-ancestors *.toloka.ai toloka.ai *.toloka-test.ai;report-to default-group;font-src 'self' fonts.gstatic.com https://tlkfrontprod.azureedge.net https://framerusercontent.com https://app.framerstatic.com;media-src 'self' https://tlkfrontprod.azureedge.net;base-uri 'self';default-src 'none';child-src blob:;style-src-attr 'unsafe-inline';report-uri https://o4504211537854464.ingest.us.sentry.io/api/4505081156730880/security/?sentry_key=073b9b6744944a979dca08ea0b0f27f7 1
default-src 'self'; connect-src *; font-src *; frame-src *; frame-ancestors 'self'; img-src * data: blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://consentcdn.cookiebot.com https://consent.cookiebot.com https://*.googletagmanager.com https://tagmanager.google.com https://static.hotjar.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; img-src 'self' data: https://imgsct.cookiebot.com https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com; form-action 'self'; frame-src 'self' https://consentcdn.cookiebot.com https://www.youtube.com; frame-ancestors 'self'; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com; connect-src 'self' https://consentcdn.cookiebot.com https://consent.cookiebot.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; base-uri 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' *.shengpay.com 'unsafe-inline' *.globalsign.com *.globalsign.net 1
block-all-mixed-content; base-uri 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* *.google.com *.gstatic.com www.google-analytics.com *.addtoany.com use.fontawesome.com *.youtube.com *.ytimg.com *.googleapis.com googleapis.com *.googletagmanager.com *.cloudflare.com *.vimeo.com *.formitable.com *.googleadservices.com connect.facebook.net *.doubleclick.net static.cacaofabriek.nl; style-src 'self' 'unsafe-inline' *.googleapis.com googleapis.com *.google.com *.addtoany.com cloud.typography.com *.myfonts.net *.typekit.net *.cloudflare.com *.formitable.com *.gstatic.com static.cacaofabriek.nl; font-src 'self' *.gstatic.com data: *.typekit.net *.cloudflare.com  static.cacaofabriek.nl; img-src 'self' data: *.google-analytics.com *.analytics-google.com *.gstatic.com *.googleapis.com googleapis.com *.google.com *.cloudflare.com *.cacaofabriek.nl *.facebook.com cacaofabriek.nl *.ytimg.com *.googletagmanager.com *.google.nl *.doubleclick.net static.cacaofabriek.nl; child-src 'self' *.google.com *.addtoany.com *.youtube.com *.vimeo.com vimeo.com *.activetickets.com *.issuu.com *.recruitee.com *.linkedin.com *.abbi-insights.com *.spotify.com *.formitable.com *.artland.com *.cacaofabriek.nl *.thefork.com *.doubleclick.net static.cacaofabriek.nl; frame-src 'self' *.google.com *.addtoany.com *.youtube.com *.vimeo.com vimeo.com *.activetickets.com *.issuu.com *.recruitee.com *.linkedin.com *.abbi-insights.com *.spotify.com *.formitable.com *.artland.com *.cacaofabriek.nl *.thefork.com *.doubleclick.net static.cacaofabriek.nl; media-src 'self' *.youtube.com *.vimeo.com vimeo.com *.vimeocdn.com *.akamaized.net  static.cacaofabriek.nl; connect-src 'self' localhost:* wss://localhost:* *.projectguide.nl *.google-analytics.com *.analytics-google.com *.googleapis.com googleapis.com *.googleusercontent.com vimeo.com *.formitable.com *.withgoogle.com stats.g.doubleclick.net *.cacaofabriek.nl *.google.com *.doubleclick.net static.cacaofabriek.nl; object-src 'self' *.youtube.com *.vimeo.com vimeo.com  static.cacaofabriek.nl; form-action 'self' ; worker-src 'self' static.cacaofabriek.nl; manifest-src 'self' static.cacaofabriek.nl; prefetch-src 'self' static.cacaofabriek.nl; frame-ancestors 'none';  1
frame-ancestors 'self' https://*.mr63.ca; 1
default-src 'self'; font-src 'self' data: https://use.typekit.net https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/*  https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://embed.tawk.to https://salesiq.zoho.com https://css.zohostatic.com https://css.zohocdn.com/* https://css.zohocdn.com/salesiq/styles/fonts/cw/puvi/* https://css.zohocdn.com/salesiq/styles/fonts/cw/* https://css.zohocdn.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://fonts.googleapis.com https://optimize.google.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://www.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net/* https://css.zohocdn.com https://css.zohostatic.com https://css.zohocdn.com/salesiq/styles https://css.zohocdn.com/salesiq/styles/* https://cdn.jsdelivr.net/*  https://css.zohocdn.com/salesiq/styles/* https://css.zohocdn.com/salesiq/styles/floatbutton11_f2633c317a38e36bbe0e23bfa4a3e9fa_.css https://css.zohocdn.com; img-src 'self' data: https://p.typekit.net https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://t.co https://www.google.co.za https://www.google.com https://www.gstatic.com https://ssl.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://eu-images.contentstack.com https://images.contentstack.io https://i.ytimg.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://lh3.googleusercontent.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://ws.sessioncam.com https://services.ominsure.co.za https://*.fls.doubleclick.net https://sp.analytics.yahoo.com https://embed.tawk.to https://embed.tawk.to https://salesiq.zoho.com https://salesiq.zoho https://salesiq.zohopublic.com https://css.zohostatic.com https://css.zohostatic.com/* https://css.zohocdn.com https://analytics.twitter.com/i/adsct?bci=5&eci=2&event_id=da16c8f3-30f6-48f9-9160-a6da3d36fdec&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=gtm-base&p_id=Twitter&p_user_id=0&pl_id=cf066c4b-b266-4ecc-b372-dafa083499be&tw_document_href=https%3A%2F%2Fwww.oldmutualalternatives.com%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4kz7&type=javascript&version=2.3.29 https://geo-tracker.trinadsp.co.za/hyperad/pixel-tracking?order=113373&action=subscription https://geo-tracker.trinadsp.co.za/hyperad/pixel-tracking?order=113373&action=registration https://geo-tracker.trinadsp.co.za/hyperad/pixel-tracking?order=113373&action=landing; frame-src 'self' https://www.oldmutual.co.za/ https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://www.oldmutualinvest.com/ https://www.youtube.com https://*.fls.doubleclick.net https://platform.twitter.com/ https://www.google.com/ https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://www.buzzsprout.com https://secure.rewards.sit.oldmutual.co.za https://secure.dcc.oldmutual.co.za https://e.issuu.com/ https://services.ominsure.co.za https://registration-oldmutual-oemwebapp-liveness.kyc.business https://alphaweb.iidentifii.com https://dms.oldmutual.com.gh https://secure.myshopper.oldmutual.co.za/ https://checkout.flutterwave.com https://checkout.paystack.com https://online.fliphtml5.com https://manage.ipaygh.com https://app.livestorm.co https://analytics.twitter.com/1/i/adsct?bci=5&eci=3&event=%7B%7D&event_id=67ea32aa-c34c-4715-8d52-c5d49aa88428&integration=gtm-base&p_id=Twitter&p_user_id=0&pl_id=cf066c4b-b266-4ecc-b372-dafa083499be&tw_document_href=https%3A%2F%2Fwww.oldmutualalternatives.com%2F&tw_iframe_status=0&txn_id=o2n0b&type=javascript&version=2.3.29; connect-src 'self' https://nba-webchat-server-prod.my.oldmutual.co.za https://cdn.gbqofs.com  https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://nba-webchat-server-preprod.my.oldmutual.co.za https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.sessioncam.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://b.ws.sessioncam.com https://services.ominsure.co.za https://analytics.google.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://analytics.tiktok.com https://va.tawk.to wss://*.tawk.to  wss://vts.zohopublic.com https://salesiq.zoho.com https://salesiq.zohopu https://goals-api.my.oldmutual.co.za https://salesiq.zohopublic.com wss://mpsnare.iesnare.com https://cdn.linkedin.oribi.io/partner/1874697/domain/oldmutualalternatives.com/token; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.twitter.com https://cdn.gbqofs.com  https://s2s.oldmutual.co.za https://s2s.oldmutual.co.za/static/DhPixel.js https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://use.typekit.net https://static.ads-twitter.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://platform.linkedin.com https://assets-qa.nonprod.my.oldmutual.co.za https://assets-preprod.my.oldmutual.co.za https://assets.my.oldmutual.co.za https://www.google.com https://www.gstatic.com https://nba-webchat-server-prod.my.oldmutual.co.za https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://d2oh4tlt9mrke9.cloudfront.net https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://snap.licdn.com https://www.buzzsprout.com https://www.googleadservices.com https://services.ominsure.co.za https://www.youtube.com https://analytics.tiktok.com https://js.paystack.co https://sp.analytics.yahoo.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://embed.tawk.to https://dsp-media.eskimi.com https://dsp-media.eskimi.com/assets/js/e/gtr.min.js?_=0.0.0.3  https://js.zohocdn.com https://js.zohostatic.com https://s2s.oldmutual.co.za/static/DhPixel.js https://salesiq.zoho.com/widget https://checkout.flutterwave.com *.iovation.com *.iesnare.com https://geo-tracker.trinadsp.co.za/hyperad/pixel-tracking?order=113373&action=subscription https://mitsweb.iitech.dk https://mitsweb.iitech.dk/*; frame-ancestors https://secure.rewards.oldmutual.co.za/ https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://customer-site-preprod.eks.my.oldmutual.co.za https://my.oldmutual.co.za; media-src 'self' data: https://mpsnare.iesnare.com https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* 1
font-src *.squarecdn.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ *.disqus.com https://img.youtube.com *.meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net widget.freshworks.com m2epro.freshdesk.com *.disqus.com *.meetanshi.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ *.squarecdn.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://api.addressfinder.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com widget.freshworks.com m2epro.freshdesk.com *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.ioburo.fr *.alkor-groupe.com *.majuscule.fr *.burolike.com *.officedepot.fr; 1
default-src 'self' data: trinity.edu.np www.trinity.edu.np https://www.facebook.com *.fbsbx.com https://www.trinity.edu.np  https://kit-free.fontawesome.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.cloudflare.com *.jquery.com https//www.googletagmanager.com https://code.jquery.com https://cdnjs.cloudflare.com https://gitcdn.github.io *.google-analytics.com https://connect.facebook.net/ https://web.facebook.com *.facebook.com https://img.youtube.com *.youtube.com https://www.google.com https://*.hotjar.io wss://ws.hotjar.com 'unsafe-eval' 'unsafe-inline'; script-src 'self' data: https://www.trinity.edu.np www.trinity.edu.np *.facebook.com https://img.youtube.com https://*.youtube.com https://www.google-analytics.com *.googletagmanager.com https://code.jquery.com https://cdnjs.cloudflare.com https://gitcdn.github.io https://maps.googleapis.com https://www.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://www.google.com https://*.hotjar.com https://www.gstatic.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' data: * ;  1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com www1.tapsuk.com; base-uri 'self'; object-src 'none' 1
default-src 'self' data: blob: https://*.nbaind.org/ *.nbaind.org https://fonts.googleapis.com/ https://fonts.gstatic.com/  https://translate.googleapis.com  ; script-src 'unsafe-inline' '6a94d33290b420c14574946114cd31ff' http: https:; style-src 'self' 'unsafe-inline' http: https: https://fonts.googleapis.com/ https://nbaind.org/ *.node.js *.page-style.js ; img-src http: https: data: blob: ; object-src 'none'; frame-src 'self'; base-uri 'none'; manifest-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; upgrade-insecure-requests; 1
default-src 'self' https://js.web-2-tel.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.jquery.com/ https://js.web-2-tel.com https://*.salemove.com https://*.glia.com https://*.financialhost.org https://*.fonts.net https://*.googletagmanager.com https://*.bugherd.com https://*.calendly.com https://*.youreallycount.com https://*.opmnstr.com https://*.brandcdn.com https://*.google-analytics.com https://*.googleadservices.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io https://*.hotjar.com https://*.licdn.com https://*.g.doubleclick.net https://*.hs-scripts.com https://*.facebook.net https://*.pixel.ad https://*.g.doubleclick.net https://*.adsrvr.org https://*.hsadspixel.net https://*.hs-analytics.net https://*.hs-banner.com https://*.cloudfront.net https://*.bugherd.com https://*.oribi.io https://delivery.datatrac.net; connect-src 'self' https://td.doubleclick.net/ https://js.web-2-tel.com wss://*.salemove.com https://*.salemove.com wss://*.glia.com https://*.glia.com https://*.financialhost.org https://*.twilio.com wss://*.twilio.com wss://ws.pusherapp.com https://*.omappapi.com https://*.google.com https://*.g.doubleclick.net https://*.youreallycount.com https://*.linkedin.oribi.io https://*.google-analytics.com https://*.cloudfront.net https://*.bugsnag.com https://*.bugherd.com https://*.hubapi.com https://*.hotjar.com https://*.hotjar.io https://api.datatrac.net; media-src 'self' https://*.salemove.com https://*.glia.com; style-src 'self' https://*.bootstrapcdn.com/ 'unsafe-inline' https://*.salemove.com https://*.glia.com https://*.calendly.com https://*.fonts.net https://*.googleapis.com https://*.gstatic.com https://*.cloudfront.net https://*.cloudflare.com https://*.bugherd.com https://*.omappapi.com; font-src 'self' https://*.bootstrapcdn.com/ https://cdnjs.cloudflare.com https://files.marcomcentral.app.pti.com https://*.fonts.net https://*.googleapis.com https://*.gstatic.com https://*.cloudfront.net https://*.bugherd.com data:; img-src 'self' https://*.financialhost.org/ https://lciapi.ninthdecimal.com/ https://tapestry.tapad.com/ https://www.facebook.com https://images.printable.com blob: data: https://*.salemove.com https://*.adsrvr.org https://trkn.us https://*.glia.com https://*.demdex.net https://*.ads.linkedin.com https://*.krxd.net https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io https://*.cloudfront.net https://*.hubspot.com https://*.sitescout.com https://*.bugherd.com https://*.calendly.com https://googleads.g.doubleclick.net; frame-src 'self' https://adservices.brandcdn.com https://*.adsrvr.org https://*.smartsheet.com/ https://*.youtube.com https://*.cloudfront.net https://*.hotjar.com https://*.sitescout.com https://calendly.com https://glcu.locatorsearch.net/ https://www.google.com/ https://sidebar.bugherd.com https://delivery.datatrac.net 1
default-src 'self' *.yandexadexchange.net *.yandex.ru *.yandex.net *.admitad.com ad.admitad.com http://*.youtube.com https://*.youtube.com youtu.be http://*.rutube.ru https://*.rutube.ru http://*.mail.ru https://yastatic.net http://www.google.com; style-src 'unsafe-inline' yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net *.admitad.com *; connect-src 'self' an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru; frame-src 'self' awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net yastatic.net https://an.yandex.ru http://ulogin.ru http://yandexadexchange.net http://an.yandex.ru https://ulogin.ru http://*.ulogix.ru https://api-maps.yandex.ru *.vk.com vk.com *.yandex.ru yandex.ru *.yandexadexchange.net ad.admitad.com http://*.youtube.com https://*.youtube.com youtu.be http://*.rutube.ru  https://www.google.com https://*.rutube.ru;img-src 'self' data: avatars-fast.yandex.net favicon.yandex.net an.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net *.yandex.ru *.yandex.net https://yastatic.net http://www.google.com yandex.st *.yandexadexchange.net *.admitad.com *; media-src *.yandex.net strm.yandex.ru *.strm.yandex.ru yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net data; font-src 'self' data: an.yandex.ru yastatic.net yastat.net; script-src 'self' 'unsafe-inline' 'unsafe-eval'  an.yandex.ru yandex.st yastatic.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru https://an.yandex.ru http://an.yandex.ru https://mc.yandex.ru http://ulogin.ru https://ulogin.ru http://www.acint.net http://ajax.googleapis.com vk.com *.vk.com *.yandex.ru yandex.st *.yandex.net *.admitad.com ad.admitad.com *.yandexadexchange.net https://yastatic.net http://www.google.com https://www.gstatic.com https://www.google.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.crazyegg.com *.hotjar.com *.hotjar.io *.google-analytics.com *.google.com *.google.lk *.addthis.com *.youtube.com/iframe_api *.googletagmanager.com *.googleadservices.com *.facebook.net *.facebook.com *.doubleclick.net *.amazonaws.com  *.youtube-nocookie.com *.youtube.com *.createsend1.com *.createsend.com createsend.com *.cloudflare.com *.addtoany.com data: cmsres.ebeyondsonline.com images1-focus-opensocial.googleusercontent.com scontent-iad3-1.xx.fbcdn.net scontent-atl3-1.xx.fbcdn.net external-atl3-1.xx.fbcdn.net www.bw2020.lk www.clarity.ms *.fbcdn.net *.clarity.ms *.bing.com www.bw2024.lk; frame-ancestors 'self' https://devicetester.smart360web.com; 1
frame-ancestors 'self'; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bam.nr-data.net https://js-agent.newrelic.com https://static.b4healthonline.com https://static2.b4healthonline.com https://b4-wus2-powerbi-funcapp-p01.azurewebsites.net https://app.powerbi.com  1
default-src     'none' ;  script-src      'self' 'nonce-ZqL-2JhjTREuwBGOcQ56DwAAJRc' ;  style-src       'self' 'unsafe-inline' fonts.googleapis.com ;  font-src        'self' fonts.gstatic.com ;  img-src         'self' maps.google.com maps.gstatic.com *.googleapis.com data: ;  connect-src     'self' maps.googleapis.com api.airmap.com secure.geonames.org ;  object-src      'none' ;  frame-src       'self' ;  frame-ancestors 'self' ;  media-src       'self' ;  manifest-src    'self' ;  form-action     'self' ;  base-uri        'none' ; 1
default-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.largo.com  https://*.revize.com https://cdnjs.cloudflare.com https://www.gstatic.com https://cdn.userway.org https://*.google.com https://siteimproveanalytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://api.recollect.net/ https://assets.us.recollect.net https://static.ctctcdn.com https://cdn.jsdelivr.net;  style-src * 'unsafe-inline'; font-src https://*.largo.com https://*.revize.com data: 1
frame-src 'self' https://*.google.com https://*.googlesyndication.com https://*.share.transistor.fm https://*.soundcloud.com https://*.svc.dynamics.com https://js.monitor.azure.com https://manager.emea01.idio.episerver.net https://omny.fm/ https://share.transistor.fm https://soundcloud.com https://td.doubleclick.net https://www.baringa.com https://www.canva.com/ https://www.youtube-nocookie.com https://www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.aptrinsic.com https://*.canva.com/ https://*.google-analytics.com https://*.google.com https://*.googlesyndication.com https://*.idio.episerver.net https://*.onetrust.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://js.monitor.azure.com https://maxcdn.bootstrapcdn.com https://mktdplp102cdn.azureedge.net https://siteimproveanalytics.com https://snap.licdn.com https://thirdparty-public-apps.canva-apps-dev.com https://www.baringa.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com; connect-src 'self' https://*.aptrinsic.com https://*.canva.com/ https://*.global.siteimproveanalytics.io https://*.google-analytics.com https://*.google.com https://*.googlesyndication.com https://*.linkedin.com https://*.onetrust.com https://*.svc.dynamics.com https://cdn.linkedin.oribi.io https://dc.services.visualstudio.com https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://mktdplp102cdn.azureedge.net https://o13855.ingest.sentry.io https://siteimproveanalytics.com https://stats.g.doubleclick.net https://www.baringa.com https://www.googletagmanager.com; img-src 'self' data: https://*.canva.com/ https://*.global.siteimproveanalytics.io https://*.google-analytics.com https://*.google.com https://*.googlesyndication.com https://*.idio.episerver.net https://*.linkedin.com https://*.omnycontent.com https://*.onetrust.com https://*.svc.dynamics.com https://fonts.gstatic.com https://googleads.g.doubleclick.net https://i.ytimg.com https://www.baringa.com https://www.google.co.uk https://www.google.com.np https://www.google.de https://www.googletagmanager.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://*.aptrinsic.com https://*.canva.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://www.baringa.com https://www.googletagmanager.com; font-src 'self' data: https://*.canva.com/ https://*.cloudfront.net https://fonts.gstatic.com https://www.baringa.com; child-src 'self' https://*.canva.com/; default-src 'self' https://*.share.transistor.fm https://*.soundcloud.com https://o13855.ingest.sentry.io https://share.transistor.fm https://soundcloud.com https://thirdparty-public-apps.canva-apps-dev.com https://www.canva.com/; frame-ancestors 'self' https://*.canva.com/; base-uri https://www.baringa.com; object-src 'none'; media-src https://*.canva.com/; 1
default-src 'self'; img-src 'self' data: https://img.youtube.com https://produksconverseassets.blob.core.windows.net https://produkwconverseassets.blob.core.windows.net https://produkswebassistassets.blob.core.windows.net https://*.onconnect.app https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://maps.gstatic.com https://geo0.ggpht.com https://*.googleapis.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://*.hotjar.com https://*.hotjar.io https://cdn.cookielaw.org https://www.linkedin.com https://px.ads.linkedin.com https://secure.gravatar.com https://*.w.org https://webassistant.onconverse.app https://cdn-lhgml.nitrocdn.com/; style-src 'self' 'unsafe-inline' blob: https://webassistant.onconverse.app https://*.onconnect.app https://564-SJK-496.mktoweb.com https://rtp-static.marketo.com https://engage.netcall.com https://tagmanager.google.com https://fonts.googleapis.com https://www.gstatic.com https://fast.wistia.com https://pro.fontawesome.com https://use.typekit.net https://p.typekit.net https://cdn-labob.nitrocdn.com 'unsafe-eval' https://cdn-lhgml.nitrocdn.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://webassistant.onconverse.app https://*.onconnect.app https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.google.com https://maps.googleapis.com https://www.gstatic.com https://engage.netcall.com https://564-SJK-496.mktoweb.com https://lonrtp1-cdn.marketo.com https://rtp-static.marketo.com https://lonrtp1.marketo.com https://app-lon09.marketo.com https://munchkin.marketo.net https://www.research-tree.com https://youtube.com https://www.youtube.com https://player.vimeo.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://*.hotjar.com https://*.hotjar.io https://cdn.cookielaw.org https://snap.licdn.com https://geolocation.onetrust.com https://yoast.com/shared-assets/ https://unpkg.com/@dotlottie/ https://js-agent.newrelic.com https://nitropack.io https://nitroscripts.com https://kit.fontawesome.com blob: https://cdn-lhgml.nitrocdn.com/; font-src 'self' data: https://*.onconnect.app https://fonts.gstatic.com https://fonts.googleapis.com https://*.wistia.com https://*.hotjar.com https://*.hotjar.io https://pro.fontawesome.com https://use.typekit.net https://kit.fontawesome.com https://ka-p.fontawesome.com https://cdn-lhgml.nitrocdn.com/; connect-src 'self' https://webassistant.onconverse.app https://webassist.onconverse.app https://*.onconnect.app https://*.service.signalr.net wss://webassist.onconverse.app wss://*.service.signalr.net https://*.analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://cdn.linkedin.oribi.io https://geolocation.onetrust.com https://px.ads.linkedin.com https://api.nelioabtesting.com https://rtp-static.marketo.com https://lonrtp1.marketo.com https://www.google-analytics.com https://*.mktoresp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net https://fast.wistia.net https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://yoast.com https://my.yoast.com https://bam.nr-data.net https://nitropack.io https://to.getnitropack.com https://cdn-labob.nitrocdn.com https://kit.fontawesome.com https://ka-p.fontawesome.com https://cdn-lhgml.nitrocdn.com/; frame-src 'self' blob: https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://td.doubleclick.net https://www.research-tree.com https://564-SJK-496.mktoweb.com https://engage.netcall.com https://app-lon09.marketo.com https://youtube.com https://www.youtube.com https://player.vimeo.com https://w.soundcloud.com https://fast.wistia.com https://fast.wistia.net https://*.hotjar.com https://*.hotjar.io https://polaris.brighterir.com https://player.rss.com/thetruthaboutlocalgovernment/ https://matssoft-operations-community-build.onmats.com https://matssoft-operations-community.onmats.com data:; media-src 'self' data: blob: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; worker-src 'self' blob: https://cdn-lhgml.nitrocdn.com/; object-src 'none'; frame-ancestors 'self' https://nc2-webify-build.oncreate.app https://nc2-webify-test.oncreate.app https://nc2-webify.oncreate.app https://netcall.showpad.biz https://netcall.showpad.com https://*.netcall.com; child-src 'self' blob: 1
script-src 'report-sample' 'nonce-zlHoMDz0KUaJ8Wfo3VWMUQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist,require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.kerio.com; img-src 'self' data:; 1
default-src *; img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' *; font-src * 'self' data:; worker-src blob: 1
script-src 'self' https://service.preamp.co:443 https://service.preamp.co ws://service.preamp.co:443 wss://service.preamp.co:443 http://localhost:443 http://localhost:8086 http://localhost:3001 https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://api.dropboxapi.com data: blob: 'unsafe-inline' 'unsafe-eval'; child-src blob: *.auth0.com https://login.preamp.co https://login.test.preamp.co; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com https://www.gstatic.com https://service.preamp.co:443 https://service.preamp.co ws://service.preamp.co:443 wss://service.preamp.co:443 http://localhost:443 http://localhost:8086 http://localhost:3001; font-src 'self' data: https://fonts.gstatic.com https://api.dropboxapi.com https://service.preamp.co:443 https://service.preamp.co ws://service.preamp.co:443 wss://service.preamp.co:443 http://localhost:443 http://localhost:8086 http://localhost:3001; img-src 'self' data: https:; media-src 'self' https://service.preamp.co:443 https://service.preamp.co ws://service.preamp.co:443 wss://service.preamp.co:443 http://localhost:443 http://localhost:8086 http://localhost:3001 https://content.preamp.co https://s3.amazonaws.com blob:; connect-src 'self' https://service.preamp.co:443 https://service.preamp.co ws://service.preamp.co:443 wss://service.preamp.co:443 http://localhost:443 http://localhost:8086 http://localhost:3001 https://content.preamp.co https://s3.amazonaws.com https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://api.dropboxapi.com *.auth0.com https://login.preamp.co https://login.test.preamp.co; report-uri /report-violation; object-src 'none' 1
default-src 'self'; frame-src 'self' https://syndication.twitter.com/ https://platform.twitter.com/ https://widgets.ebscohost.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://toolbar.speechstream.net/ *.cloudfront.net/ https://www.googletagmanager.com/ https://www.browsealoud.com/ https://plus.browsealoud.com/ http://cdnjs.cloudflare.com/ https://cdn.syndication.twimg.com https://platform.twitter.com/ https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk ; font-src 'self' 'unsafe-inline' https://plus.browsealoud.com/ https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.cloudfront.net/ http://cdnjs.cloudflare.com/ https://platform.twitter.com/ https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' *.google-analytics.com/ https://speech.speechstream.net/ https://pronunciation.speechstream.net/  *.doubleclick.net/ https://www.google-analytics.com/ https://www.browsealoud.com/ https://plus.browsealoud.com/ https://translate.googleapis.com https://feeds.trac.jobs/ 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'wasm-unsafe-eval' 'nonce-2i7yvpnynv' 'nonce-pJLd4vIzbH' 'nonce-1J3SW3lPu' kotus.matomo.cloud cdn.matomo.cloud; connect-src 'self' https://www.google-analytics.com kotus.matomo.cloud cdn.matomo.cloud *.friendlycaptcha.eu *.friendlycaptcha.com sanakirja.fi; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' blob: data:; font-src 'self' data: fonts.gstatic.com; manifest-src 'self' blob:; child-src blob:; report-uri /csp_error 1
connect-src 'self' matomo.com; default-src 'none'; font-src 'self'; frame-src 'self'; img-src 'self' data: secure.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline'; connect-src 'self' s3.amazonaws.com www.youtube.com www.google-analytics.com m.addthis.com; script-src 'self' assets.adobedtm.com content.jwplatform.com ssl.p.jwpcdn.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com www.youtube.com connect.facebook.net *.addthisedge.com *.moatads.com *.addthis.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' ssl.p.jwpcdn.com; font-src 'self' ssl.p.jwpcdn.com data:; img-src 'self' s3.amazonaws.com www.google-analytics.com prd.jwpltx.com jwpltx.com www.youtube.com data: blob:; media-src 'self' s3.amazonaws.com www.youtube.com; frame-src 'self' s3.amazonaws.com s7.addthis.com www.youtube.com; 1
default-src 'self' ws: wss: archivos.febos.io;base-uri 'self' *.febos.cl *.febos.io *.febos.co *.form.io *.execute-api.us-east-1.amazonaws.com narvi.cl www.narvi.cl www.v-tec.cl www.google-analytics.com www.googletagmanager.com www.google.com cdn.jsdelivr.net docs.google.com cdnjs.cloudflare.com www.papaparse.com unpkg.com maxcdn.bootstrapcdn.com *.amazonaws.com *.googleapis.com *.gstatic.com *.chatlio.com *.fontawesome.com *.pusher.com mindicador.cl *.mindicador.cl;connect-src 'self' ws: wss: data: *.febos.cl *.febos.io *.febos.co *.form.io *.execute-api.us-east-1.amazonaws.com narvi.cl www.narvi.cl www.v-tec.cl www.google-analytics.com www.googletagmanager.com www.google.com cdn.jsdelivr.net docs.google.com cdnjs.cloudflare.com www.papaparse.com unpkg.com maxcdn.bootstrapcdn.com *.amazonaws.com *.googleapis.com *.gstatic.com *.chatlio.com *.fontawesome.com *.pusher.com mindicador.cl *.mindicador.cl;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.febos.cl *.febos.io *.febos.co *.form.io *.execute-api.us-east-1.amazonaws.com narvi.cl www.narvi.cl www.v-tec.cl www.google-analytics.com www.googletagmanager.com www.google.com cdn.jsdelivr.net docs.google.com cdnjs.cloudflare.com www.papaparse.com unpkg.com maxcdn.bootstrapcdn.com *.amazonaws.com *.googleapis.com *.gstatic.com *.chatlio.com *.fontawesome.com *.pusher.com mindicador.cl *.mindicador.cl;script-src-elem 'self' 'unsafe-inline' archivos.febos.io *.form.io *.execute-api.us-east-1.amazonaws.com narvi.cl www.narvi.cl www.v-tec.cl www.google-analytics.com www.googletagmanager.com www.google.com cdn.jsdelivr.net docs.google.com cdnjs.cloudflare.com www.papaparse.com unpkg.com maxcdn.bootstrapcdn.com *.amazonaws.com *.googleapis.com *.gstatic.com *.chatlio.com *.fontawesome.com *.pusher.com mindicador.cl *.mindicador.cl;script-src-attr 'self' 'unsafe-inline' archivos.febos.io *.form.io *.execute-api.us-east-1.amazonaws.com narvi.cl www.narvi.cl www.v-tec.cl www.google-analytics.com www.googletagmanager.com www.google.com cdn.jsdelivr.net docs.google.com cdnjs.cloudflare.com www.papaparse.com unpkg.com maxcdn.bootstrapcdn.com *.amazonaws.com *.googleapis.com *.gstatic.com *.chatlio.com *.fontawesome.com *.pusher.com mindicador.cl *.mindicador.cl;style-src 'self' 'unsafe-inline' archivos.febos.io *.form.io *.execute-api.us-east-1.amazonaws.com narvi.cl www.narvi.cl www.v-tec.cl www.google-analytics.com www.googletagmanager.com www.google.com cdn.jsdelivr.net docs.google.com cdnjs.cloudflare.com www.papaparse.com unpkg.com maxcdn.bootstrapcdn.com *.amazonaws.com *.googleapis.com *.gstatic.com *.chatlio.com *.fontawesome.com *.pusher.com mindicador.cl *.mindicador.cl;style-src-elem 'self' 'unsafe-inline' *.febos.cl *.febos.io *.febos.co *.form.io *.execute-api.us-east-1.amazonaws.com narvi.cl www.narvi.cl www.v-tec.cl www.google-analytics.com www.googletagmanager.com www.google.com cdn.jsdelivr.net docs.google.com cdnjs.cloudflare.com www.papaparse.com unpkg.com maxcdn.bootstrapcdn.com *.amazonaws.com *.googleapis.com *.gstatic.com *.chatlio.com *.fontawesome.com *.pusher.com mindicador.cl *.mindicador.cl;style-src-attr 'self' 'unsafe-inline';form-action 'self' archivos.febos.io;img-src 'self' data: blob: *.febos.cl *.febos.io *.febos.co *.form.io *.execute-api.us-east-1.amazonaws.com narvi.cl www.narvi.cl www.v-tec.cl www.google-analytics.com www.googletagmanager.com www.google.com cdn.jsdelivr.net docs.google.com cdnjs.cloudflare.com www.papaparse.com unpkg.com maxcdn.bootstrapcdn.com *.amazonaws.com *.googleapis.com *.gstatic.com *.chatlio.com *.fontawesome.com *.pusher.com mindicador.cl *.mindicador.cl;font-src 'self' data: archivos.febos.io *.form.io *.execute-api.us-east-1.amazonaws.com narvi.cl www.narvi.cl www.v-tec.cl www.google-analytics.com www.googletagmanager.com www.google.com cdn.jsdelivr.net docs.google.com cdnjs.cloudflare.com www.papaparse.com unpkg.com maxcdn.bootstrapcdn.com *.amazonaws.com *.googleapis.com *.gstatic.com *.chatlio.com *.fontawesome.com *.pusher.com mindicador.cl *.mindicador.cl;media-src 'self' *.febos.cl *.febos.io *.febos.co *.form.io *.execute-api.us-east-1.amazonaws.com narvi.cl www.narvi.cl www.v-tec.cl www.google-analytics.com www.googletagmanager.com www.google.com cdn.jsdelivr.net docs.google.com cdnjs.cloudflare.com www.papaparse.com unpkg.com maxcdn.bootstrapcdn.com *.amazonaws.com *.googleapis.com *.gstatic.com *.chatlio.com *.fontawesome.com *.pusher.com mindicador.cl *.mindicador.cl;object-src 'self' *.febos.cl *.febos.io *.febos.co *.form.io *.execute-api.us-east-1.amazonaws.com narvi.cl www.narvi.cl www.v-tec.cl www.google-analytics.com www.googletagmanager.com www.google.com cdn.jsdelivr.net docs.google.com cdnjs.cloudflare.com www.papaparse.com unpkg.com maxcdn.bootstrapcdn.com *.amazonaws.com *.googleapis.com *.gstatic.com *.chatlio.com *.fontawesome.com *.pusher.com mindicador.cl *.mindicador.cl;prefetch-src 'self' *.febos.cl *.febos.io *.febos.co *.form.io *.execute-api.us-east-1.amazonaws.com narvi.cl www.narvi.cl www.v-tec.cl www.google-analytics.com www.googletagmanager.com www.google.com cdn.jsdelivr.net docs.google.com cdnjs.cloudflare.com www.papaparse.com unpkg.com maxcdn.bootstrapcdn.com *.amazonaws.com *.googleapis.com *.gstatic.com *.chatlio.com *.fontawesome.com *.pusher.com mindicador.cl *.mindicador.cl;child-src 'self' *.febos.cl *.febos.io *.febos.co *.form.io *.execute-api.us-east-1.amazonaws.com narvi.cl www.narvi.cl www.v-tec.cl www.google-analytics.com www.googletagmanager.com www.google.com cdn.jsdelivr.net docs.google.com cdnjs.cloudflare.com www.papaparse.com unpkg.com maxcdn.bootstrapcdn.com *.amazonaws.com *.googleapis.com *.gstatic.com *.chatlio.com *.fontawesome.com *.pusher.com mindicador.cl *.mindicador.cl;frame-src 'self' data: *.febos.cl *.febos.io *.febos.co *.form.io *.execute-api.us-east-1.amazonaws.com narvi.cl www.narvi.cl www.v-tec.cl www.google-analytics.com www.googletagmanager.com www.google.com cdn.jsdelivr.net docs.google.com cdnjs.cloudflare.com www.papaparse.com unpkg.com maxcdn.bootstrapcdn.com *.amazonaws.com *.googleapis.com *.gstatic.com *.chatlio.com *.fontawesome.com *.pusher.com mindicador.cl *.mindicador.cl;worker-src 'self' *.febos.cl *.febos.io *.febos.co *.form.io *.execute-api.us-east-1.amazonaws.com narvi.cl www.narvi.cl www.v-tec.cl www.google-analytics.com www.googletagmanager.com www.google.com cdn.jsdelivr.net docs.google.com cdnjs.cloudflare.com www.papaparse.com unpkg.com maxcdn.bootstrapcdn.com *.amazonaws.com *.googleapis.com *.gstatic.com *.chatlio.com *.fontawesome.com *.pusher.com mindicador.cl *.mindicador.cl;frame-ancestors 'self' *.febos.cl *.febos.io *.febos.co *.form.io *.execute-api.us-east-1.amazonaws.com narvi.cl www.narvi.cl www.v-tec.cl www.google-analytics.com www.googletagmanager.com www.google.com cdn.jsdelivr.net docs.google.com cdnjs.cloudflare.com www.papaparse.com unpkg.com maxcdn.bootstrapcdn.com *.amazonaws.com *.googleapis.com *.gstatic.com *.chatlio.com *.fontawesome.com *.pusher.com mindicador.cl *.mindicador.cl; 1
frame-ancestors https://www.proagria.fi https://www.maajakotitalousnaiset.fi; 1
default-src 'self' data: https://directed.api.servicetarget.com https://cdn.servicetarget.com https://w.sharethis.com/ https://i3.ytimg.com http://www.google-analytics.com https://maps.googleapis.com https://cdn.acsbapp.com https://web1.acsbapp.com http://stage.directed.com ws://stage.directed.com http://www.directed.com ws://www.directed.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.servicetarget.com https://w.sharethis.com/ http://stage.directed.com http://www.directed.com https://fonts.googleapis.com http://www.google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://cdn.syndication.twimg.com/ https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com  https://player.vimeo.com https://maps.google.com; style-src 'self' 'unsafe-inline' http://stage.directed.com http://www.directed.com https://fonts.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com  https://player.vimeo.com https://maps.google.com; img-src 'self' 'unsafe-inline' data: https://www.alarms.com https://directed.api.servicetarget.com https://i3.ytimg.com https://stats.g.doubleclick.net https://cdn.servicetarget.com http://stage.directed.com ws://stage.directed.com http://www.directed.com ws://www.directed.com https://ssl.google-analytics.com http://stage.directed.com http://www.directed.com https://fonts.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com  https://player.vimeo.com https://maps.google.com; font-src 'self' 'unsafe-inline' data: https://directed.api.servicetarget.com http://stage.directed.com http://www.directed.com https://fonts.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com  https://player.vimeo.com https://maps.google.com; frame-src 'self' 'unsafe-inline' http://core.directed.com http://core.directed.com/Pages/Default.aspx http://stage.directed.com http://www.directed.com https://fonts.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com  https://player.vimeo.com https://maps.google.com ; object-src 'self' https://www.youtube.com/ 1
default-src 'self'; base-uri 'self'; img-src * data:; frame-src 'self' https://kaartapi.nl https://www.kaartapi.nl https://websurveys2.govmetric.com https://app-eu.readspeaker.com https://www.youtube-nocookie.com https://www.youtube.com https://content.googleapis.com/ https://vars.hotjar.com https://smallingerland.maps.arcgis.com https://embed.e-mailprovider.eu https://embed.e-mailprovider.nl https://vimeo.com https://player.vimeo.com; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob:; script-src 'self' 'nonce-MWYxYjkyNjAtM2Q2MS00YjEwLWE0MTctNTI4MGU0OTU4MGU4' https://stats.pusher.com https://www.browsealoud.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://websurveys2.govmetric.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://cdn-eu.readspeaker.com https://virtuele-gemeente-assistent.nl https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com https://*.timeblockr.com https://www.youtube.com https://embed.e-mailprovider.eu https://embed.e-mailprovider.nl https://vimeo.com https://player.vimeo.com; connect-src 'self' https://sockjs-eu.pusher.com wss://ws-eu.pusher.com https://vttts-eu.readspeaker.com https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://wrapi-eu.readspeaker.com https://www.browsealoud.com https://plus.browsealoud.com https://speech.speechstream.net https://speech-eu.speechstream.net https://www.google-analytics.com https://maps.googleapis.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.obi4wan.ai https://app-eu.readspeaker.com/ https://hitcounter.govmetric.com https://platform.hireserve.nl/ https://cdn1.readspeaker.com https://maps.googleapis.com https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl ws://virtuele-gemeente-assistent.nl https://in.hotjar.com https://www.facebook.com https://cdn.linkedin.oribi.io https://*.timeblockr.com https://www.youtube.com https://embed.e-mailprovider.eu https://embed.e-mailprovider.nl https://vimeo.com https://player.vimeo.com; object-src 'self' https://kaartapi.nl https://www.kaartapi.nl; style-src 'self' data: 'nonce-MWYxYjkyNjAtM2Q2MS00YjEwLWE0MTctNTI4MGU0OTU4MGU4' https://fonts.googleapis.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://websurveys2.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://maps.googleapis.com/ https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://*.timeblockr.com https://embed.e-mailprovider.eu https://embed.e-mailprovider.nl https://vimeo.com https://player.vimeo.com; font-src 'self' data: https://fonts.gstatic.com https://cdn1.readspeaker.com https://script.hotjar.com https://*.timeblockr.com https://embed.e-mailprovider.eu https://embed.e-mailprovider.nl https://vimeo.com https://player.vimeo.com;  1
default-src 'self' www.bestpractices.dev.global.ssl.fastly.net bestpractices.coreinfrastructure.org.global.ssl.fastly.net bestpractices.coreinfrastructure.org www.bestpractices.dev; base-uri 'self'; block-all-mixed-content; form-action 'self' www.bestpractices.dev.global.ssl.fastly.net bestpractices.coreinfrastructure.org.global.ssl.fastly.net bestpractices.coreinfrastructure.org www.bestpractices.dev; frame-ancestors 'none'; img-src 'self' www.bestpractices.dev.global.ssl.fastly.net bestpractices.coreinfrastructure.org.global.ssl.fastly.net bestpractices.coreinfrastructure.org www.bestpractices.dev secure.gravatar.com avatars.githubusercontent.com; object-src 'none'; script-src 'self' www.bestpractices.dev.global.ssl.fastly.net bestpractices.coreinfrastructure.org.global.ssl.fastly.net bestpractices.coreinfrastructure.org www.bestpractices.dev; style-src 'self' www.bestpractices.dev.global.ssl.fastly.net bestpractices.coreinfrastructure.org.global.ssl.fastly.net bestpractices.coreinfrastructure.org www.bestpractices.dev 1
frame-src 'self' https://yandex.ru https://mc.yandex.ru 1
default-src 'self' 'unsafe-eval' *.clarity.ms *.googleapis.com *.facebook.net *.facebook.com *.sentry.io *.zopim.com *.zendesk.com *.useresponse.com wss://*.zendesk.com wss://*.zopim.com *.consentmanager.net *.giftmio.com *.posthog.com *.mitgo.tech *.gstatic.com *.google-analytics.com https://stats.g.doubleclick.net *.googletagmanager.com *.mindbox.cloud *.maestra.io *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat data: gap: ws: wss: 'unsafe-inline'; child-src blob:; worker-src blob:; frame-src *.consentmanager.net *.google.com *.giftmio.com; img-src * data: blob: 'unsafe-inline'; 1
frame-ancestors *.screenhubb.com 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' ;                                                      script-src * data: blob: 'unsafe-inline' 'unsafe-eval';                                                      connect-src * data: blob: 'unsafe-inline';                                                      img-src * data: blob: 'unsafe-inline';                                                      frame-src * data: blob: ;                                                      style-src * data: blob: 'unsafe-inline';                                                     font-src * data: blob: 'unsafe-inline';                                                     frame-ancestors * data: blob:; 1
frame-ancestors 'self' wphost.me my.wphost.me; 1
frame-ancestors 'self' http://www.poggiolevante.net; report-uri https://disf.org/report-uri/enforce 1
default-src 'none'; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.calltrk.com https://*.callrail.com https://*.cloudflare.com https://*.jquery.com https://*.bootstrapcdn.com https://*.pagescdn.com https://*.optimizely.com https://*.amazonaws.com https://*.adobedtm.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.facebook.net https://*.googleadservices.com https://*.sitescdn.net https://*.livechatinc.com https://*.demdex.net https://*.addthis.com https://*.addthisedge.com https://*.pinterest.com https://*.en25.com https://*.datadoghq-browser-agent.com https://optimize.google.com https://*.rlets.com https://*.reachlocallivechat.com https://reachlocallivechat.com about://*.reachlocallivechat.com https://*.cloudfront.net https://*.cloudflareinsights.com https://*.broadly.com https://web-2-tel.com https://*.hotjar.com https://*.btttag.com https://*.bing.com https://*.doubleclick.net https://*.thinkingchat.com https://*.here.com https://*.twilio.com wss://*.twilio.com https://*.simpli.fi https://*.mrrooter.ca https://*.gstatic.com https://*.liadm.com https://*.yimg.com https://*.adsrvr.org https://*.convertexperiments.com https://*.cloudfunctions.net blob: https://*.mountain.com https://*.brandcdn.com https://*.validate.audio https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai https://*.web-2-tel.com https://*.graph.facebook.com https://*.facebook.com https://*.pattisonmedia.com https://brandfolder.com https://www.reviewtube.com https://*.stackadapt.com https://adservice.google.com https://*.contractorcommerce.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.typekit.net https://*.jquery.com https://*.sitescdn.net https://optimize.google.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.twilio.com https://*.mrrooter.ca blob: https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai https://www.reviewtube.com; object-src 'none'; connect-src https://*.calltrk.com https://*.callrail.com https://*.cloudflare.com https://*.nblyprod.com https://*.googleapis.com https://*.pagescdn.com https://*.demdex.net https://*.livechatinc.com https://*.neighborly.com https://*.crownpeak.net https://*.addthis.com https://*.yext.com https://*.b2clogin.com https://*.dwyergroup.com https://*.broadly.com https://*.amazonaws.com https://*.google-analytics.com https://*.facebook.net  https://*.gannettdigital.com https://*.browser-intake-datadoghq.com https://optimize.google.com https://*.reachlocalservices.com https://*.rlets.com https://reachlocallivechat.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.hotjar.io/ wss://reachlocallivechat.com https://*.web-2-tel.com wss://*.hotjar.com https://*.simpli.fi https://*.here.com https://*.twilio.com wss://*.twilio.com https://*.hereapi.com https://*.doubleclick.net https://*.mrrooter.ca https://*.bing.com https://*.yimg.com https://*.convertexperiments.com https://*.cloudfunctions.net blob: https://44.238.122.172 https://100.20.58.101 https://35.85.84.151 https://44.228.85.26 https://34.215.155.61 https://35.160.46.251 https://52.71.121.170 https://18.210.229.244 https://44.212.189.233 https://3.212.39.155 https://52.22.50.55 https://54.156.2.105 https://*.googlesyndication.com https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai https://*.validate.audio https://*.localiq.com https://brandfolder.com https://adservice.google.com https://browser-intake-datadoghq.com https://*.facebook.com https://*.contractorcommerce.com; font-src https://*.cloudflare.com https://*.nblyprod.com https://*.typekit.net https://*.gstatic.com https://*.googleapis.com https://optimize.google.com https://reachlocallivechat.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.twilio.com https://*.mrrooter.ca blob: https://*.cloudfront.net https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai; frame-src https://*.cloudflare.com https://*.youtube.com https://*.livechatinc.com https://*.demdex.net/ https://*.addthis.com https://*.pagescdn.com https://*.amazonaws.com https://*.b2clogin.com https://optimize.google.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.twilio.com https://*.rlets.com  https://*.mrrooter.ca https://*.doubleclick.net https://*.broadly.com https://*.adsrvr.org blob: https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai https://*.web-2-tel.com https://brandfolder.com https://www.reviewtube.com; media-src https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai https://reachlocallivechat.com; worker-src https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai blob: 1
frame-ancestors 'self' webvisor.com *.webvisor.com yandex.ru *.yandex.ru 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles fieldandforest.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com  www.google.com adservice.google.com; default-src 'self' s3.amazonaws.com/cdn.fieldforest.net/ cdn.commercev3.net/cdn.fieldforest.net/ cdn.fieldforest.net 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' fieldandforest.commercev3.com s3.amazonaws.com/cdn.fieldforest.net/ cdn.commercev3.net/cdn.fieldforest.net/ cdn.fieldforest.net fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com cdn.livechatinc.com data:; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com fieldforest.us10.list-manage.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com www.youtube.com secure.livechatinc.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn.fieldforest.net/ cdn.commercev3.net/cdn.fieldforest.net/ cdn.fieldforest.net ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ stats.g.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com secure.trust-provider.com analytics.google.com www.google.com adservice.google.com; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.fieldforest.net/ cdn.commercev3.net/cdn.fieldforest.net/ cdn.fieldforest.net 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.fieldforest.net/ cdn.commercev3.net/cdn.fieldforest.net/ cdn.fieldforest.net 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com; style-src 'self' s3.amazonaws.com/cdn.fieldforest.net/ cdn.commercev3.net/cdn.fieldforest.net/ cdn.fieldforest.net 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn-images.mailchimp.com; style-src-elem 'self' s3.amazonaws.com/cdn.fieldforest.net/ cdn.commercev3.net/cdn.fieldforest.net/ cdn.fieldforest.net 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn-images.mailchimp.com; style-src-attr  'unsafe-inline'; media-src 'self' fieldandforest.commercev3.com s3.amazonaws.com/cdn.fieldforest.net/ cdn.commercev3.net/cdn.fieldforest.net/ cdn.fieldforest.net www.bing.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://howdengroupholdings.hyperion.acsitefactory.com eu-central-1-decisionapi.lift.acquia.com bam.nr-data.net www.google-analytics.com https://stats.g.doubleclick.net hubspot-forms-static-embed.s3.amazonaws.com forms.hsforms.com; connect-src 'self' eu-central-1-decisionapi.lift.acquia.com https://bam.nr-data.net www.google-analytics.com https://stats.g.doubleclick.net http://hits-i.iubenda.com https://rs.fullstory.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.co.uk svc.webspellchecker.net consent.iubenda.com https://edge.fullstory.com *.analytics.tiktok.com https://analytics.tiktok.com/api/v2/pixel https://analytics.tiktok.com/api/v2/pixel/act https://px.ads.linkedin.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' https://howdengroupholdings.hyperion.acsitefactory.com fast.fonts.net https://fonts.gstatic.com svc.webspellchecker.net; frame-src 'self' www.youtube.com player.vimeo.com www.google.com https://howdengroupholdings.hyperion.acsitefactory.com forms.hsforms.com https://cdn.iubenda.com http://cdn.iubenda.com https://td.doubleclick.net/; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' lift3assets.lift.acquia.com production-cdn.lift.acquia.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com https://howdengroupholdings.hyperion.acsitefactory.com stats.g.doubleclick.net js-agent.newrelic.com bam.nr-data.net https://secure.perk0mean.com https://ajax.cloudflare.com https://static.cloudflareinsights.com js.hsforms.net forms.hsforms.com http://cdn.iubenda.com http://www.iubenda.com https://www.googleoptimize.com https://snap.licdn.com player.vimeo.com https://edge.fullstory.com/s/fs.js https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://unpkg.com/web-vitals@2.1.4/dist/web-vitals.iife.js *.analytics.tiktok.com https://analytics.tiktok.com cdn.jsdelivr.net https://assets.pinterest.com https://cdn.iubenda.com https://cdnjs.cloudflare.com https://code.highcharts.com https://polyfill-fastly.io https://polyfill.io https://secure.ewaypayments.com https://unpkg.com https://www.google.com platform.instagram.com platform.twitter.com; script-src-elem 'self' 'unsafe-inline' lift3assets.lift.acquia.com production-cdn.lift.acquia.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com https://howdengroupholdings.hyperion.acsitefactory.com stats.g.doubleclick.net js-agent.newrelic.com bam.nr-data.net https://secure.perk0mean.com https://ajax.cloudflare.com https://static.cloudflareinsights.com player.vimeo.com js.hsforms.net forms.hsforms.com http://cdn.iubenda.com http://www.iubenda.com https://snap.licdn.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://unpkg.com/web-vitals@2.1.0/dist/web-vitals.iife.js https://edge.fullstory.com/s/fs.js https://edge.fullstory.com https://rs.fullstory.com https://survey.survicate.com http://cdnjs.cloudflare.com svc.webspellchecker.net https://edge.fullstory.com/datalayer/v3/latest.js https://cs.iubenda.com https://analytics.tiktok.com/i18n/pixel/events.js https://analytics.tiktok.com/i18n/pixel/static/main.MWNkMWZjOGNjMA.js https://analytics.tiktok.com/i18n/pixel/sdk.js https://analytics.tiktok.com/i18n/pixel/static/identify_93546.js *.analytics.tiktok.com https://analytics.tiktok.com/i18n/pixel/static/main.MWY1ZWZmZjM0NQ.js https://analytics.tiktok.com cdn.jsdelivr.net https://assets.pinterest.com https://cdn.iubenda.com https://cdnjs.cloudflare.com https://code.highcharts.com https://polyfill-fastly.io https://polyfill.io https://secure.ewaypayments.com https://unpkg.com https://www.google.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fast.fonts.net tagmanager.google.com fonts.googleapis.com https://howdengroupholdings.hyperion.acsitefactory.com https://www.googletagmanager.com/debug/badge.css https://cdnjs.cloudflare.com; style-src-elem 'self' 'unsafe-inline' fast.fonts.net tagmanager.google.com fonts.googleapis.com https://howdengroupholdings.hyperion.acsitefactory.com https://www.googletagmanager.com/debug/badge.css svc.webspellchecker.net https://cdnjs.cloudflare.com; base-uri 'self' https://howdengroupholdings.hyperion.acsitefactory.com 1
frame-ancestors 'self' *.northcountry.org *.zagclients.net 1
frame-ancestors 'self' porkbun.weeblycloud.com; default-src 'none'; object-src 'self' porkbun-media.s3.us-west-2.amazonaws.com porkbun-media.s3-us-west-2.amazonaws.com; media-src 'self' beacon-v2.helpscout.net; frame-src td.doubleclick.net service.mtcaptcha.com service2.mtcaptcha.com widget.trustpilot.com porkbun-media.s3.us-west-2.amazonaws.com porkbun-media.s3-us-west-2.amazonaws.com www.recaptcha.net *.paypal.com assets.braintreegateway.com www.facebook.com hooks.stripe.com stripe.com www.youtube.com bid.g.doubleclick.net 'self' www.google.com www.googletagmanager.com *.fls.doubleclick.net js.stripe.com nonce-39107f5d2732041c96fcd24c1f8fa32fa3aecec3e41bf7d5319004ec471aa259; script-src data: 'self' 'unsafe-eval' www.clarity.ms bat.bing.com code.jquery.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js snap.licdn.com service.mtcaptcha.com service2.mtcaptcha.com cdn.veriff.me analytics.tiktok.com www.redditstatic.com analytics.twitter.com static.ads-twitter.com *.crazyegg.com chimpstatic.com widget.trustpilot.com www.recaptcha.net www.paypalobjects.com *.paypal.com js.braintreegateway.com tpc.googlesyndication.com beacon-v2.helpscout.net translate.google.com translate.googleapis.com www.gstatic.com www.gstatic.cn js.stripe.com use.fontawesome.com googleads.g.doubleclick.net www.googletagmanager.com *.analytics.google.com *.google-analytics.com www.googleadservices.com connect.facebook.net www.google.com js.stripe.com 'unsafe-inline'; connect-src 'self' nonce-39107f5d2732041c96fcd24c1f8fa32fa3aecec3e41bf7d5319004ec471aa259 bat.bing.com *.clarity.ms analytics.google.com www.facebook.com cdn.linkedin.oribi.io api.veriff.me stationapi.veriff.com analytics.tiktok.com q.stripe.com wss://ws-helpscout.pusher.com *.crazyegg.com *.paypal.com core33-helpscout.pusher.com *.braintree-api.com *.braintreegateway.com sentry.io sockjs-helpscout.pusher.com d3hb14vkzrxvla.cloudfront.net beaconapi.helpscout.net chatapi.helpscout.net translate.googleapis.com translate.google.com stats.g.doubleclick.net *.analytics.google.com *.google-analytics.com; img-src 'self' blob: data: *.clarity.ms *.bing.com analytics.twitter.com px.ads.linkedin.com alb.reddit.com easy-links.s3.us-west-2.amazonaws.com pubads.g.doubleclick.net chatapi-prod.s3.amazonaws.com t.co porkbun-media.s3.us-west-2.amazonaws.com porkbun-media.s3.us-west-2.amazonaws.com porkbun-media.s3-us-west-2.amazonaws.com *.crazyegg.com *.paypal.com beacon-v2.helpscout.net porkbun.com q.quora.com d33v4339jhl8k0.cloudfront.net porkbunblog.files.wordpress.com www.googletagmanager.com www.gstatic.com www.gstatic.cn translate.google.com translate.googleapis.com stats.g.doubleclick.net www.google.com googleads.g.doubleclick.net *.analytics.google.com *.google-analytics.com www.facebook.com q.stripe.com nonce-39107f5d2732041c96fcd24c1f8fa32fa3aecec3e41bf7d5319004ec471aa259; style-src 'self' assets.braintreegateway.com translate.googleapis.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' www.paypalobjects.com fonts.gstatic.com nonce-39107f5d2732041c96fcd24c1f8fa32fa3aecec3e41bf7d5319004ec471aa259; 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de *.readspeaker.com; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bsgweb-editor-kkn2.prod.gsb.zd.in.bund.de piwik.itzbund.de *.facebook.com 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NTZlODQ0YzJlODdhNDUxODljZGZhMjYyNGQxNjMxNWI=' https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rijksoverheid.nl; font-src 'self' https://statistiek.rijksoverheid.nl; object-src 'none'; connect-src https://*.platformrijksoverheid.nl https://*.rijksoverheid.nl https://*.contenttoolsrijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl; img-src 'self' data: https://d3oiud1b8fohdw.cloudfront.net https://statistiek.rijksoverheid.nl https://*.rovid.nl https://*.rijksoverheidsvideo.nl https://*.toegankelijkheidsverklaring.nl; media-src 'self' https://*.rovid.nl https://*.rijksoverheidsvideo.nl; form-action 'self' https://export.highcharts.com https://*.contenttoolsrijksoverheid.nl https://*.rijksoverheid.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' https://www.interacoustics.com https://*.cloud.scorm.com https://app.cloud.scorm.com *.zenlocator.com *.interacoustics.com interacoustics.com https://info.interacoustics.com http://info.interacoustics.com https://www.interacoustics.com;; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' https://cdnapisec.kaltura.com cdnapisec.kaltura.com https://www.googleadservices.com  *.doubleclick.net https://8879016.fls.doubleclick.net https://www.google.com doubleclick.net cdn.callrail.com *.callrail.com kickfire.com *.kickfire.com assets.adobedtm.com adobedtm.com *.adobedtm.com https://*.kaltura.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https: *.interacoustics.com *.zenlocator.com https://policy.app.cookieinformation.com/uc.js google-analytics.com https://www.googletagmanager.com/gtm.js https://www.interacoustics.com googletagmanager.com https://policy.app.cookieinformation.com/e71ed9/interacoustics.com/en.js *.cookieinformation.com *.cloud.scorm.com https://app.cloud.scorm.com *.hotjar.com *.zenlocator.com *.interacoustics.com interacoustics.com zenlocator.com js.zenlocator.com https://js.zenlocator.com/ https://info.interacoustics.com/pd.js https://js.zenlocator.com/wq93cjba.min.js https://pi.pardot.com/analytics https://policy.app.cookieinformation.com/uc.js https://script.hotjar.com/modules.f0cd1ed70b545da08b60.js https://static.hotjar.com/c/hotjar-1579623.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://*.hotjar.com;; style-src 'unsafe-inline' http: 'report-sample' 'self' https://tagmanager.google.com https://fonts.googleapis.com https://app.cloud.scorm.com/sc/scripts/bootstrap.min.css.map https://www.interacoustics.com *.cloud.scorm.com https://app.cloud.scorm.com *.zenlocator.com *.interacoustics.com interacoustics.com https://*.hotjar.com;; img-src http: data: 'self' blob: data: https://ad.doubleclick.net https://*.g.doubleclick.net https://8879016.fls.doubleclick.net doubleclick.net googleads.g.doubleclick.net www.google.com https://*.google.com https://www.google.com https://cdnapisec.kaltura.com cdnapisec.kaltura.com https://*.kaltura.com https://ssl.gstatic.com https://www.gstatic.com https://*.analytics.google.com https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://www.interacoustics.com *.interacoustics.com interacoustics.com https://zenlocator-prod-assets.s3.amazonaws.com https://script.hotjar.com https://*.hotjar.com https://www.interacoustics.com;;; font-src http: data: 'self' *.interacoustics.com interacoustics.com https://*.hotjar.com https://fonts.gstatic.com data:;; frame-src 'self' https://info.interacoustics.com https://info.interacoustics.com/l/937123/2022-02-18/xgkjm *.interacoustics.com go.pardot.com *.pardot.com https://policy.app.cookieinformation.com https://8879016.fls.doubleclick.net doubleclick.net *.doubleclick.net  callrail.com kickfire.com adobedtm.com kaltura-player.js https://cdnapisec.kaltura.com cdnapisec.kaltura.com bid.g.doubleclick.net https://bid.g.doubleclick.net https://*.kaltura.com https://vars.hotjar.com https://cloud.scorm.com https://www.interacoustics.com *.cloud.scorm.com https://app.cloud.scorm.com *.zenlocator.com *.interacoustics.com interacoustics.com https://app.cloud.scorm.com https://cloud.scorm.com https://info.interacoustics.com https://js.zenlocator.com https://policy.app.cookieinformation.com https://vars.hotjar.com https://www.youtube.com youtube.com https://*.hotjar.com https://*.brightcove.net;; media-src 'self' data: blob: https://www.interacoustics.com *.interacoustics.com interacoustics.com https://*.interacoustics.com kaltura-player.js https://cdnapisec.kaltura.com cdnapisec.kaltura.com https://*.kaltura.com;; connect-src 'self' https://www.google-analytics.com https://*.googletagmanager.com doubleclick.net  https://8879016.fls.doubleclick.net *.doubleclick.net callrail.com kickfire.com adobedtm.com kaltura-player.js https://cdnapisec.kaltura.com cdnapisec.kaltura.com https://*.kaltura.com https://*.g.doubleclick.net https://*.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://api.maptiler.com https://api.zenlocator.com https://in.hotjar.com https://policy.app.cookieinformation.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://ws41.hotjar.com https://www.google-analytics.com wss://ws41.hotjar.com *.hotjar.io *.hotjar.com wss://ws25.hotjar.com/api/v2/client/ws https://consent.app.cookieinformation.com/api/consent *.cloud.scorm.com https://app.cloud.scorm.com wss://ws1.hotjar.com/api/v2/client/ws *.interacoustics.com interacoustics.com https://surveystats.hotjar.io https://ws41.hotjar.com wss://ws41.hotjar.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://info.interacoustics.com http://info.interacoustics.com;; base-uri 'self';; worker-src blob: 'self' interacoustics.com *.interacoustics.com;; sandbox allow-forms allow-scripts allow-same-origin allow-presentation allow-top-navigation allow-downloads allow-popups allow-modals allow-popups-to-escape-sandbox; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-gJOphPmrRPA7ukGi5ZEYhA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
font-src 'self' *.shinywhitebox.com stripe.com *.stripe.com cdn.paddle.com *.paddle.com code.jquery.com www.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com connect.facebook.net *.facebook.com youtube.com *.youtube.com *.ytimg.com *.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.shinywhitebox.com stripe.com *.stripe.com cdn.paddle.com *.paddle.com code.jquery.com www.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com connect.facebook.net *.facebook.com youtube.com *.youtube.com *.ytimg.com *.fontawesome.com; frame-ancestors 'self'; style-src-elem 'self' 'unsafe-inline' *.shinywhitebox.com stripe.com *.stripe.com cdn.paddle.com *.paddle.com code.jquery.com www.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com connect.facebook.net *.facebook.com youtube.com *.youtube.com *.ytimg.com *.fontawesome.com; img-src 'self' *.shinywhitebox.com stripe.com *.stripe.com cdn.paddle.com *.paddle.com code.jquery.com www.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com connect.facebook.net *.facebook.com youtube.com *.youtube.com *.ytimg.com *.fontawesome.com; style-src 'self' 'unsafe-inline' *.shinywhitebox.com stripe.com *.stripe.com cdn.paddle.com *.paddle.com code.jquery.com www.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com connect.facebook.net *.facebook.com youtube.com *.youtube.com *.ytimg.com *.fontawesome.com; connect-src 'self' www.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com connect.facebook.net *.facebook.com; frame-src 'self' *.shinywhitebox.com stripe.com *.stripe.com cdn.paddle.com *.paddle.com code.jquery.com www.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com connect.facebook.net *.facebook.com youtube.com *.youtube.com *.ytimg.com *.fontawesome.com; object-src 'self' *.shinywhitebox.com stripe.com *.stripe.com cdn.paddle.com *.paddle.com code.jquery.com www.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com connect.facebook.net *.facebook.com youtube.com *.youtube.com *.ytimg.com *.fontawesome.com; default-src 'self' *.shinywhitebox.com 'nonce-LU2zbrEGPBv3+CKt7bzzig==' 1
script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' *.google-analytics.com www.googletagmanager.com cdn.datatables.net browser-update.org; 1
script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://billing-ads-qa-devel.corp.google.com https://payments.google.com/ https://www.youtube.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://ajax.googleapis.com https://mannequin.storage.googleapis.com https://static.corp.google.com https://storage.googleapis.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://payments.sandbox.google.com https://www.googleadservices.com https://maps.googleapis.com https://www.google.com/js/bg/ https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/main_light_binary.js https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/feedback/js/ghelp/;report-uri /_/Gstore/cspreport/allowlist;worker-src blob: 1
default-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' 	*.cloudfront.net 	*.googleapis.com 	https://www.googletagmanager.com 	https://quoting-one.comm.homesitebusinessinsurance.com; object-src 'self' 	*.cloudfront.net  	*.googleapis.com 	https://www.googletagmanager.com 	https://cdn.optimizely.com 	https://cdn.optimizely.com/js/8429781765.js 	https://quoting-one-gateway.comm.homesitebusinessinsurance.com    .awsapps.com: 	*.awsapps.com/connect/ccp-v2 	*.awsapps.com/connect/api 	*.telemetry.connect.us-east-1.amazonaws.com 	participant.connect.us-east-1.amazonaws.com  	*.transport.connect.us-east-1.amazonaws.com 	*.s3.us-east-1.amazonaws.com    TurnNlb-*.elb.us-east-1.amazonaws.com 	wss://*.transport.connect.us-east-1.amazonaws.com 	wss://signal.m1.ue1.app.chime.aws/control 	wss://ay0ny7osne.execute-api.us-east-1.amazonaws.com 	wss://*.chime.aws https://*.chime.aws 	https://ay0ny7osne.execute-api.us-east-1.amazonaws.com/*; img-src 'self' 	https: data: 	https://miocdn.amfam.com 	https://www.google-analytics.com 	*.cloudfront.net 	*.googleapis.com 	https://www.googletagmanager.com 	https://cdn.optimizely.com 	https://stats.g.doubleclick.net 	https://quoting-one.comm.homesitebusinessinsurance.com 	http://*.hotjar.com 	https://*.hotjar.com 	http://*.hotjar.io 	https://*.hotjar.io 	https://boldpenguin-auth.boldpenguin.com 	https://bold-penguin-prod-services-v1-authentica-s3bucket-1aqmealj10mel.s3.amazonaws.com 	https://quoting-one.comm.homesitebusinessinsurance.com 	https://stats.g.doubleclick.net 	https://cdn.optimizely.com 	http://*.hotjar.com 	https://*.hotjar.com 	http://*.hotjar.io 	https://*.hotjar.io 	wss://signal.m1.ue1.app.chime.aws/control 	wss://*.chime.aws 	https://*.chime.aws 	wss://ay0ny7osne.execute-api.us-east-1.amazonaws.com 	https://ay0ny7osne.execute-api.us-east-1.amazonaws.com/*; media-src 'self' 	*.cloudfront.net 	*.googleapis.com 	https://www.googletagmanager.com 	https://cdn.optimizely.com 	https://cdn.optimizely.com/js/8429781765.js; connect-src 'self' 	https://browser-http-intake.logs.datadoghq.com 	*.authorize.net 	https://logx.optimizely.com 	https://*.optimizely.com 	*.cloudfront.net 	https://www.google-analytics.com 	*.googleapis.com 	https://www.googletagmanager.com 	https://stats.g.doubleclick.net 	https://quoting-one-gateway.comm.homesitebusinessinsurance.com 	wss://partner-engine.boldpenguin.com/ 	https://partner-engine.boldpenguin.com 	https://boldpenguin-auth.boldpenguin.com 	*.facebook.com 	http://*.hotjar.io 	http://*.hotjar.com 	http://*.hotjar.com:* 	https://*.hotjar.io 	https://*.hotjar.com 	https://*.hotjar.com:* 	wss://*.hotjar.com 	wss://partner-engine.boldpenguin.com/    https://partner-engine.boldpenguin.com 	https://boldpenguin-auth.boldpenguin.com    .awsapps.com: 	*.awsapps.com/connect/ccp-v2 	*.awsapps.com/connect/api 	*.telemetry.connect.us-east-1.amazonaws.com 	participant.connect.us-east-1.amazonaws.com 	*.transport.connect.us-east-1.amazonaws.com 	*.s3.us-east-1.amazonaws.com    TurnNlb-*.elb.us-east-1.amazonaws.com 	wss://*.transport.connect.us-east-1.amazonaws.com 	wss://signal.m1.ue1.app.chime.aws/control 	wss://ay0ny7osne.execute-api.us-east-1.amazonaws.com 	wss://*.chime.aws 	https://*.chime.aws 	https://ay0ny7osne.execute-api.us-east-1.amazonaws.com/*; frame-src 'self' 	*.cloudfront.net 	*.googleapis.com 	https://www.googletagmanager.com 	https://a8253175392.cdn.optimizely.com/ 	https://a8253175392.cdn-pci.optimizely.com 	*.facebook.com 	https://*.hotjar.com 	http://*.hotjar.io 	https://*.hotjar.io 	https://boldpenguin-auth.boldpenguin.com; script-src 'self' 'unsafe-eval' 	https: 'unsafe-inline' 	https://www.google-analytics.com 	https://ssl.google-analytics.com 	*.cloudfront.net 	*.googleapis.com 	https://www.googletagmanager.com  	https://*.optimizely.com 	https://optimizely.s3.amazonaws.com 	https://cdn-assets-prod.s3.amazonaws.com 	cdnjs.cloudflare.com 	https://rawgit.com/kimmobrunfeldt/progressbar.js/1.0.0/dist/progressbar.js; report-uri /developer/csp-report/; frame-ancestors 	https://*.dovetailforagents.com 	https://dovetailforagents.com; font-src 'self' 	https: https://fonts.gstatic.com 	http://*.hotjar.com 	https://*.hotjar.com 	http://*.hotjar.io 	https://*.hotjar.io; 1
upgrade-insecure-request 1
default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://git.poast.org/etsi/etsi.me/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src 'self' https://www.youtube-nocookie.com https://nitter.poast.org https://invidious.poast.org https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com https://open.spotify.com/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'none'; object-src 'none'; frame-src 'none'; worker-src 'none'; frame-ancestors 'none'; form-action 'none'; upgrade-insecure-requests; block-all-mixed-content; disown-opener; reflected-xss block; referrer no-referrer; 1
default-src 'none'; frame-src 'self' *.vidext.app *.activecall.pe *.onlineassist.me *.google.com *.gstatic.com vcom5web03.ibermaticacloud.com; script-src *.onlineassist.me 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' *.nuvetoapps.com *.nuvetoapps.com.br *.hotjar.com *.facebook.net *.jquery.com *.google.com *.gstatic.com *.fontawesome.com *.googleapis.com cdnjs.cloudflare.com/ajax/libs/popper.js/ *.bootstrapcdn.com *.ckeditor.com www.googletagmanager.com www.google-analytics.com vcom5web03.ibermaticacloud.com; media-src blob: *.vidext.app; style-src 'self' 'unsafe-inline' 'report-sample' *.bootstrapcdn.com *.nuvetoapps.com *.nuvetoapps.com.br *.googleapis.com *.onlineassist.me cdn.ckeditor.com vcom5web03.ibermaticacloud.com; font-src 'self' data: *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.onlineassist.me vcom5web03.ibermaticacloud.com; img-src 'self' data: www.google-analytics.com cdn.ckeditor.com dummyimage.com *.nuvetoapps.com *.nuvetoapps.com.br *.facebook.com blob: *.onlineassist.me vcom5web03.ibermaticacloud.com; manifest-src blob: *.onlineassist.me; connect-src 'self' https: wss: *.twilio.com *.onlineassist.me www.google-analytics.com vcom5web03.ibermaticacloud.com; frame-ancestors 'self' vcom5web03.ibermaticacloud.com; upgrade-insecure-requests; form-action 'self' vcom5web03.ibermaticacloud.com; base-uri 'self'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://piipitin.fi; img-src 'self' https: data: blob: https://piipitin.fi; style-src 'self' https://piipitin.fi 'nonce-4DieAm62rD9vjGaBGvQSuA=='; media-src 'self' https: data: https://piipitin.fi; frame-src 'self' https:; manifest-src 'self' https://piipitin.fi; form-action 'self'; child-src 'self' blob: https://piipitin.fi; worker-src 'self' blob: https://piipitin.fi; connect-src 'self' data: blob: https://piipitin.fi https://media.piipitin.fi wss://piipitin.fi; script-src 'self' https://piipitin.fi 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.apizee.com https://update.malta-informatique.fr https://*.pandalab.fr https://*.fontawesome.com https://*.jquery.com https://*.cloudflare.com https://*.jsdelivr.net ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.cloudflare.com https://*.jsdelivr.net;img-src 'self'  data: ;font-src 'self' data: https://*.gstatic.com https://*.fontawesome.com;connect-src 'self' https://update.malta-informatique.fr https://*.apizee.com wss://*.apizee.com wss://*.titanlink.eu https://*.fontawesome.com wss://127.0.0.1:* ws://127.0.0.1:* ws://localhost:*;frame-src 'self' https://auth.titanweb.eu https://auth.titanlink.eu https://www.bcbdexther.fr *; 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://mc.yandex.ru; style-src 'self' 'unsafe-inline'; img-src 'self' https://*.unsplash.com https://mc.yandex.ru https://chart.googleapis.com; connect-src https://mc.yandex.ru; object-src 'none'; frame-src blob: https://mc.yandex.ru; worker-src blob: https://mc.yandex.ru 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri https://www.itopf.org/?eID=error 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://rockosbasilisk.com; img-src 'self' https: data: blob: https://rockosbasilisk.com; style-src 'self' https://rockosbasilisk.com 'nonce-sIGVnK5dHe1yYX9JdJBTyQ=='; media-src 'self' https: data: https://rockosbasilisk.com; frame-src 'self' https:; manifest-src 'self' https://rockosbasilisk.com; form-action 'self'; child-src 'self' blob: https://rockosbasilisk.com; worker-src 'self' blob: https://rockosbasilisk.com; connect-src 'self' data: blob: https://rockosbasilisk.com https://rockosbasilisk.com wss://rockosbasilisk.com; script-src 'self' https://rockosbasilisk.com 'wasm-unsafe-eval' 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.intercom.io https://app.brand24.com http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com https://mc.yandex.ru https://sumo.com https://clients6.google.com https://app.userengage.com wss://app.userengage.com http://cdn.heapanalytics.com http://heapanalytics.com https://cdn.heapanalytics.com https://heapanalytics.com https://proxy.synerise.com https://tck.synerise.com wss://messenger.synerise.com https://api.ipgeolocation.io https://cdn.cookielaw.org https://grsm.io https://www.google-analytics.com https://sw-assets.ekomiapps.de https://smart-widget-assets.ekomiapps.de https://stats.g.doubleclick.net https://*.clarity.ms https://geolocation.onetrust.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://privacyportal.cookiepro.com https://www.google.com https://googleads.g.doubleclick.net https://*.google-analytics.com https://pagead2.googlesyndication.com https://partnerlinks.io https://cdn.jsdelivr.net https://*.analytics.google.com https://analytics.google.com https://evnt.byspotify.com; img-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' http://app.storyblok.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com/ http://www.youtube.com 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' https://res.cloudinary.com https://www.google.com https://www.google.de https://www.google.lt https://www.google-analytics.com https://px.ads.linkedin.com https://pubads.g.doubleclick.net data:;media-src https://res.cloudinary.com;font-src 'self' data:;worker-src blob: 1
default-src http: data: 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google.nl www.google-analytics.com use.typekit.net p.typekit.net *.doubleclick.net snap.licdn.com region1.analytics.google.com *.linkedin.com imgsct.cookiebot.com consentcdn.cookiebot.com consent.cookiebot.com 1
default-src 'self';script-src 'self' https://tags.srv.stackadapt.com/ https://*.cookiebot.com/ https://js.monitor.azure.com/ https://www.googletagmanager.com/ https://*.click4assistance.co.uk/ https://maps.googleapis.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-eval' 'unsafe-inline';style-src 'self' https://tags.srv.stackadapt.com/ https://*.typekit.net/ https://fonts.googleapis.com/ 'unsafe-inline';connect-src 'self' https://tags.srv.stackadapt.com/ https://*.cookiebot.com/ https://maps.googleapis.com/ https://*.google-analytics.com/ https://*.applicationinsights.azure.com/ https://*.azurewebsites.net/;manifest-src 'self';font-src 'self' data: https://*.typekit.net/ https://fonts.gstatic.com/ https://fonts.googleapis.com/;img-src 'self' data: https://*.cookiebot.com/ https://*.click4assistance.co.uk/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/;object-src 'none';frame-ancestors 'self';frame-src 'self' https://*.click4assistance.co.uk/ https://*.cookiebot.com/ https://www.youtube.com/ https://www.google.com/ https://*.azurewebsites.net/ https://www.link.co.uk;base-uri 'self' 1
upgrade-insecure-requests;default-src 'self';font-src 'self' data: https://fonts.gstatic.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;frame-src 'self' data: https://*.gstatic.com https://*.googleapis.com https://*.doubleclick.net https://*.cookiebot.com https://www.google.com;connect-src 'self' https://www.google.com https://*.thgeyer.com https://pagead2.googlesyndication.com https://adservice.google.com https://*.cookiebot.com https://maps.googleapis.com https://*.google-analytics.com;img-src * data:;script-src 'self' data: 'unsafe-inline' eval: https://tpc.googlesyndication.com https://*.gstatic.com https://*.googleapis.com https://*.doubleclick.net https://*.cookiebot.com https://*.thgeyer-t.com https://*.thgeyer.com https://*.googletagmanager.com https://www.google.com https://*.googleadservices.com;report-uri https://sentry.andersundsehr.com/api/56/security/?sentry_key=38495a29af8647c6a96aab478f77206d; 1
default-src 'none';
                base-uri 'self';
                script-src 'self' 'unsafe-inline' 'unsafe-eval' *.berlinale-talents.de *.newsletter2go.com *.kbb.eu *.jsdelivr.net cdnjs.cloudflare.com *.zencdn.net maps.googleapis.com *.vimeo.com *.podigee-cdn.net media.pay-link.eu;
                worker-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.berlinale-talents.de *.berlinale-talents.de *.newsletter2go.com *.kbb.eu *.jsdelivr.net cdnjs.cloudflare.com *.zencdn.net maps.googleapis.com *.vimeo.com *.podigee-cdn.net media.pay-link.eu;
                style-src 'self' 'unsafe-inline' *.jsdelivr.net *.zencdn.net;
                img-src 'self' *.berlinale-talents.de *.kbb.eu data: *.newsletter2go.com maps.gstatic.com *.googleapis.com *.ggphti media.pay-link.eu *.flickr.com *.staticflickr.com;
                connect-src 'self' *.vimeo.com vimeo.com *.podigee.io *.kbb.eu *.top-ix.org *.newsletter2go.com *.flickr.com *.staticflickr.com;
                font-src 'self' *.gstatic.com data:;
                object-src 'none';
                manifest-src 'self';
                media-src 'self' blop: *.top-ix.org *.kbb.eu;
                form-action 'self' staging.berlinale-talents.de www.berlinale-talents.de;
                frame-src 'self' *.vimeo.com *.kbb.eu *.youtube.com *.serve-u.de *.podigee-cdn.net *.top-ix.org berlinale-talents.pay-link.eu;
                frame-ancestors 'self' *.vimeo.com *.top-ix.org; 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.google.com/ https://www.gstatic.com/ 1
frame-ancestors 'self' http://tonernews.com/ https://tonernews.com/ 1
frame-ancestors 'self', upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' *.google-analytics.com *.gruposinternet.com.br *.gstatic.com fonts.googleapis.com *.google.com *.googletagmanager.com api.dataprot.com.br; 1
default-src 'self' https://disqus.com https://c.disquscdn.com; base-uri 'self'; script-src 'report-sample' 'self' 'nonce-GhqZrvYuAjumEMUQFEVtyg84P5iLt3dDnFZFgXlPx34=' 'unsafe-eval' blob: https://*.tech.io https://coderunner.codingame.com https://www.gstatic.com https://connect.facebook.net https://apis.google.com https://maps.googleapis.com https://www.google.com/recaptcha/api.js https://query.yahooapis.com/v1/public/yql https://www.slideshare.net https://vimeo.com https://techiotest.disqus.com https://techio.disqus.com https://disqus.com https://c.disquscdn.com https://*.privacymanager.io; child-src blob:; worker-src blob:; style-src 'self' 'unsafe-inline' https://*.tech.io https://fonts.googleapis.com https://c.disquscdn.com; img-src blob: data: https:; font-src https: data:; connect-src 'self' https://*.tech.io https://*.codingame.com wss://*.codingame.com https://push-community.codingame.com https://maps.googleapis.com https://www.facebook.com https://*.clearbit.com https://disqus.com https://geo.privacymanager.io; frame-src blob: https://*.codingame-app.com https://coderunner.codingame.com https://disqus.com https://www.google.com https://www.youtube.com https://player.vimeo.com; frame-ancestors 'self'; media-src https: data: blob:; object-src 'none'; form-action 'none'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub1990d17bff20213f8c92c64ac7b34136&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service:community-learning%2Cenv:production 1
default-src 'self' https://www.youtube.com https://www.bandomovil.com https://www.reservadeportes.com https://player.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:; 1
default-src 'none'; script-src 'self' 'sha256-CC38pRZKNQ/7uTF/orNX4hyiFg6ng/B8juXkUmRHGCA=' https://matomo.fancy.org.uk; style-src 'self' https://maxcdn.bootstrapcdn.com; img-src 'self' https://matomo.fancy.org.uk; font-src https://maxcdn.bootstrapcdn.com 1
default-src 'self' 'unsafe-inline'; img-src * data: blob:; font-src 'self' https://fonts.gstatic.com;               script-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://maps.googleapis.com https://az416426.vo.msecnd.net https://www.googletagmanager.com;               style-src 'self' 'unsafe-inline' https://*.googleapis.com;               connect-src 'self' https://dc.services.visualstudio.com https://fixitextclassificationdev1.azurewebsites.net https://graph.facebook.com https://www.facebook.com https://*.google-analytics.com https://maps.googleapis.com                https://fixidev.blob.core.windows.net https://fixiteuwstg.blob.core.windows.net https://fixibeta.blob.core.windows.net https://fixi2.blob.core.windows.net;               frame-ancestors 'self' https://prodkcs.nederweert.local https://testkcs.nederweert.local https://klantcontact.joinsuite.nl http://jkctest.ggorinchem.nl http://frontoffice-test.waddinxveen.local                http://frontoffice.waddinxveen.local http://jkct.ad.wijdemeren.nl http://jkcp.ad.wijdemeren.nl http://klantcontact.1stroom.domain.local                https://klantcontact-test.1stroom.domain.local http://klantcontact.zevenaar.domain.local http://klantcontact-test.zevenaar.domain.local http://jkc.ggorinchem.nl https://kcstest.intranet.lan                https://jkc.joinsuite.nl https://buch-jkc.decosasp.com https://buch-jkc-test.decosasp.com                https://bljkctest.decosasp.com https://dfm-jkc.decosasp.com https://kapellejkc-acc.decosasp.com https://nbjkc-acc.decosasp.com https://reimerswaaljkc-acc.decosasp.com                https://reimerswaaljkc.decosasp.com https://nbjkc.decosasp.com https://kapellejkc.decosasp.com https://bljkcp.decosasp.com https://dfm-jkc-acc.decosasp.com                https://jkc-qa.decosasp.com https://gemhw-jkc.decosasp.com https://gemhw-jkc-acc.decosasp.com https://jkct.meervoort.nl https://jkc.meervoort.nl https://jkcc.meervoort.nl               https://jkca.meervoort.nl https://meervoort-jkc-qa.decosasp.com https://meervoort-jkc-dev.decosasp.com https://joincft-jkc-qa.decosasp.com               https://jkc-amstelveen.decosasp.com https://jkc-acc-amstelveen.decosasp.com http://jkc.echt-susteren.nl https://jkcp.office.local https://kcs.intranet.lan                https://beekdaelenjkc-test.decosasp.com https://beekdaelenjkc.decosasp.com http://jkc.dalfsen.local https://gemheervjkc-acc.decosasp.com https://gemheervjkc.decosasp.com               https://buha-jkc-acc.decosasp.com https://buha-jkc.decosasp.com https://jkc-test.roerdalen.nl https://jkc.roerdalen.nl               https://jkc-test.gemeentemaasgouw.nl https://jkc.gemeentemaasgouw.nl https://jkc-test.echt-susteren.nl https://jkc.echt-susteren.nl; 1
frame-ancestors https://*.storyblok.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://player.vimeo.com https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com; style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; media-src 'self' https: https://d4j0oemdjsbb4.cloudfront.net; img-src 'self' https: https://d4j0oemdjsbb4.cloudfront.net data:; font-src 'self' https: data: https://fonts.gstatic.com; frame-src 'self' https: https://www.youtube.com; connect-src 'self' https: https://forms-eu1.hscollectedforms.net wss://ws.hotjar.com; 1
report-uri https://archiipedia.com 1
default-src 'self' https://play.libsyn.com/ https://dl.episerver.net https://play.mediaflowpro.com https://use.typekit.net https://kkv.local https://integration.konkurrensverket.se https://preprod.konkurrensverket.se https://konkurrensverket.se https://www.konkurrensverket.se https://policy.app.cookieinformation.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://i16.inviewer.se/integration/ https://dl.episerver.net https://az416426.vo.msecnd.net https://use.typekit.net https://www.googletagmanager.com https://policy.app.cookieinformation.com https://insipio.com/ https://static.mediaflowpro.com/ https://mfstatic.com/;style-src 'self' 'unsafe-inline' 'unsafe-eval' https://dl.episerver.net https://use.typekit.net https://p.typekit.net https://insipio.com/ https://static.mediaflowpro.com/ https://mfstatic.com/;font-src 'self' data://* https://use.typekit.net https://static.mediaflowpro.com/;img-src 'self' data://* https://p.typekit.net https://assets.mediaflowpro.com https://static.mediaflowpro.com/ https://im16.inviewer.se/ https://mfstatic.com/ https://m.mediaflow.com/;connect-src 'self' https://dl.episerver.net https://dc.services.visualstudio.com/v2/track https://*.cookieinformation.com/ https://*.google-analytics.com/ https://api.mediaflow.com/ https://im16.inviewer.se/;object-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.rva.nl *.googletagmanager.com  *.google-analytics.com *.google.com *.gstatic.com *.cookiebot.com; style-src 'self' 'unsafe-inline' data: *.rva.nl; img-src 'self' data: *.rva.nl *.google.com *.google-analytics.com *.gstatic.com *.gravatar.com *.cookiebot.com *.vimeocdn.com; connect-src 'self' data: *.google.com *.cookiebot.com; font-src 'self' data: *.rva.nl; media-src 'self' data: *.rva.nl; frame-ancestors 'self'; frame-src 'self' data: *.rva.nl *.youtube.com *.google.com *.issuu.com *.cookiebot.com *.vimeo.com; base-uri 'self' 1
frame-ancestors 'self' *.calbar.ca.gov 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fundsxpress.com *.apiture.com https://*.jsdelivr.net *.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://seal.websecurity.norton.com https://*.salemove.com https://*.glia.com https://*.quilocloud.com https://cdn.mxpnl.com; frame-src https: https://*.quilocloud.com; connect-src 'self' wss://*.salemove.com https://*.salemove.com wss://*.glia.com https://*.glia.com https://*.twilio.com wss://*.twilio.com https://*.quilocloud.com https://*.google.com; media-src 'self' https://*.salemove.com https://*.glia.com https://*.quilocloud.com; style-src 'self' 'unsafe-inline' *.fundsxpress.com *.apiture.com https://maxcdn.bootstrapcdn.com https://*.jsdelivr.net https://*.cloudflare.com https://fonts.googleapis.com https://*.salemove.com https://*.glia.com https://*.quilocloud.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://*.quilocloud.com https://fonts.gstatic.com; img-src 'self' blob: data: *.google-analytics.com https://*.salemove.com https://*.glia.com https://maps.gstatic.com *.googleapis.com https://*.quilocloud.com https://*.innovationrefunds.com https://*.printable.com; object-src 'none'; 1
default-src 'self' *.doubleclick.net *.google-analytics.com; base-uri 'self'; font-src 'self' data:; form-action 'self' *.paypal.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://pipsc.ca https://ipfpc.ca *.paypalobjects.com *.rumiview.com https://stats.g.doubleclick.net *.google-analytics.com *.googleusercontent.com; frame-src 'self' *.google.com *.doubleclick.net *.soundcloud.com *.123formbuilder.com *.paypalobjects.com *.youtube.com https://engage.newmode.net *.engage.newmode.net; script-src 'self' 'unsafe-inline' *.123formbuilder.com *.doubleclick.net *.kickfire.com *.dialogtech.com assets.adobedtm.com *.rumiview.com *.simpli.fi *.googletagmanager.com *.google-analytics.com *.engage.newmode.net https://engage.newmode.net https://blog.apps.npr.org/pym.js/dist/pym.v1.min.js; object-src 'self' 1
default-src 'self' https://sites.brevardcounty.us/ https://sites.brevardfl.gov/ https://insight.sitefinity.com/n; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://*analytics.google.com/ https://bclsfl.patronpoint.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://sites.brevardcounty.us/ https://sites.brevardfl.gov/ 'self' *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://sites.brevardcounty.us/ https://sites.brevardfl.gov/ 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://www.nhc.noaa.gov/ 'self' *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src https://www.youtube.com/ https://www.google.com/ https://floridadisaster.maps.arcgis.com/ https://bclsfl.patronpoint.com/ https://www.googletagmanager.com/ 'self' web-chat.nativechat.com; connect-src data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://sites.brevardcounty.us/ https://sites.brevardfl.gov/ https://insight.sitefinity.com/ 'self' *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com 'self' web-chat.nativechat.com; frame-ancestors https://www.youtube.com/ https://www.google.com/ https://floridadisaster.maps.arcgis.com/ https://bclsfl.patronpoint.com/ https://www.googletagmanager.com/ 'self' 1
default-src 'self' https://rich-plum-chiton-belt.cyclic.cloud/ https://docs.google.com/ https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com https://www.google.com/ https://www.gstatic.com/ https://www.youtube.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline' 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-XYCEJSLEKqugoEJENLOg5g' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.chatsexyonline.com:9080 www.chatsexyonline.com:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.chatsexyonline.com wss://www.chatsexyonline.com *.campoints.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1721956621 1
frame-ancestors 'self' rv.local-lb.com responsivevoice.org *.responsivevoice.org; 1
frame-ancestors 'self' https://task.renderbus.com https://account.renderbus.com https://ecloud.10086.cn:31015 https://ecloud.10086.cn https://tongji.baidu.com 1
default-src http: https: 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'self' http://www.podcastics.com; img-src data: http: https: 'self' ; media-src blob: data: http: https: 'self'; 1
default-src https: wss://ws.botmaker.com/stable16/ws/wendpoint/ wss://widget-mediator.zopim.com *.staging.kinto-mobility.com.ar *.kinto-mobility.com.ar *.crazyegg.com go.botmaker.com *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com *.giphy.com www.google-analytics.com m-infra.firebaseapp.com code.jquery.com maxcdn.bootstrapcdn.com us-central1-m-infra.cloudfunctions.net cdn.firebase.com unpkg.com twemoji.maxcdn.com connect.facebook.net scontent.xx.fbcdn.net www.accountchooser.com 'unsafe-inline'; img-src http: data: 'unsafe-inline' blob: https://www.toyota.com.ar *.crazyegg.com go.botmaker.com *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com *.giphy.com www.google-analytics.com m-infra.firebaseapp.com code.jquery.com maxcdn.bootstrapcdn.com us-central1-m-infra.cloudfunctions.net cdn.firebase.com unpkg.com twemoji.maxcdn.com connect.facebook.net scontent.xx.fbcdn.net www.accountchooser.com ; script-src https://www.toyota.com.ar https://www.kinto-mobility.com.ar *.kinto-mobility.com.ar https://www.kinto-mobility.com.ar *.kinto-mobility.com.ar https://www.google.com https://www.googleadservices.com https://tagmanager.google.com https://api.retargetly.com https://urldefense.proofpoint.com https://connect.facebook.net https://www.googletagmanager.com https://googleads.g.doubleclick.net https://p.teads.tv/ https://www.google-analytics.com https://www.google.com/pagead/1p-conversion/ https://ssl.google-analytics.com https://maps.googleapis.com https://static.zdassets.com https://widget-mediator.zopim.com https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js https://go.botmaker.com/rest/webchat/p/0D3OM1WMLG/init.js https://polyfill.io/v3/polyfill.min.js?features=fetch%2Cdefault 'self' 'unsafe-inline' 'unsafe-eval' blob: *.crazyegg.com go.botmaker.com *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com *.giphy.com www.google-analytics.com m-infra.firebaseapp.com code.jquery.com maxcdn.bootstrapcdn.com us-central1-m-infra.cloudfunctions.net cdn.firebase.com unpkg.com twemoji.maxcdn.com connect.facebook.net scontent.xx.fbcdn.net www.accountchooser.com; worker-src blob: ; style-src https: 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' http://cloud.toyotadobrasil.com.br/ https://cloud.toyotadobrasil.com.br/ 1
default-src 'self' *.shortstackapp.com blob: d1m2uzvk8r2fcn.cloudfront.net m.cmpgn.page *.osano.com *.wyng.com bam.nr-data.net *.doubleclick.net *.jsdelivr.net *.iesnare.com *.bazaarvoice.com *.amazonaws.com di.rlcdn.com destinilocators.com *.destinilocators.com code.jquery.com cdn.jsdelivr.net unpkg.com *.google.com *.google-analytics.com www.googletagmanager.com *.vimeo.com 'nonce-60f26b3021' *.fontawesome.com *.typekit.net *.jsdelivr.net ; style-src 'unsafe-inline' *; style-src-elem 'unsafe-inline' *; script-src 'unsafe-inline' * ; font-src * data: ; img-src * data: 1
default-src https: 'unsafe-inline' 'unsafe-eval' ; img-src self data: *.uhcmemberhub.com *.uhc.com *.uhone.com *.optum.com cdn5.userzoom.com www.google-analytics.com maps.gstatic.com *.googleapis.com *.ggpht *.qualtrics.com cdn.gbqofs.com 1
frame-ancestors 'self' https://app.kontent.ai https://*.azrielimalls.co.il https://azrielimalls.co.il https://azrieli.inmanage.com https://*.azrieli.xyz http://localhost:* http://127.0.0.1:* 1
frame-ancestors 'self' '*.gravatar.com' 'app.mluvii.com' 'fonts.googleapis.com' 'themes.googleusercontent.com' 'www.google-analytics.com' 'ajax.googleapis.com' 'www.googletagmanager.com' 'cdn.harvest.graindata.com' ; 1
default-src 'none'; connect-src 'self' https://cookies-data.onetrust.io http://*.bonarea-agrupa.com https://*.onetrust.com https://*.cookielaw.org https://*.windows.net https://*.google.com https://*.doubleclick.net https://*.facebook.com http://*.google-analytics.com https://*.googleapis.com; font-src 'self' *; frame-src http://*.bonarea-agrupa.com https://www.google.com https://*.youtube.com; img-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.bookitit.com http://*.bonarea-agrupa.com http://*.booking.com https://*.tacdn.com http://*.jscache.com https://*.tripadvisor.es https://*.tripadvisor.com http://*.google-analytics.com https://*.googleapis.com https://*.cookielaw.org https://*.cloudflare.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.gstatic.com; style-src 'self' 'unsafe-inline' * 1
default-src 'self'; script-src 'self' 'unsafe-eval' d1f0wicopk9vc5.cloudfront.net d20j9xtxuc1as2.cloudfront.net fast.fonts.net; style-src 'unsafe-inline' *; img-src 'self' admin.aisreporting.com; font-src fast.fonts.net; 1
default-src 'self'; connect-src 'self' wss:; script-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; child-src 'self'; object-src 'none'; 1
frame-ancestors 'self' *.unav.es *.unav.edu 1
default-src 'self' blob:; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookie-script.com https://www.gstatic.com https://bat.bing.com https://www.google.co.uk https://www.google.com https://www.googleadservices.com https://cdn.heapanalytics.com https://heapanalytics.com https://googleads.g.doubleclick.net *.visualwebsiteoptimizer.com app.vwo.com *.heapanalytics.com https://yoast.com https://cla.co.uk https://www.clarity.ms https://www.google-analytics.com https://cdn.heapanalytics.com https://connect.facebook.net https://dev.visualwebsiteoptimizer.com https://m.addthis.com https://pi.pardot.com https://s7.addthis.com https://snap.licdn.com https://v1.addthisedge.com https://w.likebtn.com https://www.googletagmanager.com https://z.moatads.com; style-src 'report-sample' 'self' 'unsafe-inline' https://www.googletagmanager.com https://heapanalytics.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://cla.co.uk https://fonts.googleapis.com https://w.likebtn.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://consent.cookie-script.com https://h.clarity.ms/collect https://www.facebook.com https://bat.bing.com *.dl.delivery.mp.microsoft.com https://*.do.dsp.mp.microsoft.com:7680 https://edge.microsoft.com https://api.aadrm.com https://api.aadrm.de https://api.aadrm.cn https://edge.microsoft.com https://clients.config.office.net https://*.smartscreen.microsoft.com https://*.smartscreen-prod.microsoft.com https://*.urs.microsoft.com https://px.ads.linkedin.com https://www.google.co.uk https://google.com https://pagead2.googlesyndication.com https://heapanalytics.com *.visualwebsiteoptimizer.com app.vwo.com https://cla.co.uk https://yoast.com https://my.yoast.com https://m.addthis.com https://region1.analytics.google.com https://region1.google-analytics.com https://w.clarity.ms *.auryc.com https://cdn.linkedin.oribi.io https://www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' data: https://heapanalytics.com *.auryc.com https://cla.co.uk https://fonts.gstatic.com; frame-src 'self' https://open.spotify.com https://www.google.com https://www.canva.com https://config.edge.skype.com app.vwo.com *.visualwebsiteoptimizer.com https://td.doubleclick.net https://cla.co.uk https://s7.addthis.com https://www.facebook.com https://www.youtube.com; img-src 'self' data: https://bat.bing.com https://www.googleadservices.com https://www.googletagmanager.com https://c.bing.com https://c.clarity.ms https://www.google-analytics.com https://googleads.g.doubleclick.net https://heapanalytics.com https://www.google.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://cla.co.uk https://secure.gravatar.com https://assets.cla-preprod.hostings.co.uk https://assets.cla.co.uk https://dev.visualwebsiteoptimizer.com https://heapanalytics.com https://px.ads.linkedin.com https://www.facebook.com https://www.google.co.uk https://td.doubleclick.net https://w.clarity.ms/collect https://www.linkedin.com https://platform.linkedin.com https://px.ads.linkedin.com https://www.clarity.ms https://snap.licdn.com https://www.linkedin.com/mob/tracking https://clarity.microsoft.com https://cdn.clarity.ms https://*.clarity.ms https://www.clarity.ms https://c.clarity.ms https://ssl.google-analytics.com https://www.gstatic.com https://s.adroll.com https://d.adroll.com https://dis.criteo.com https://static.criteo.net https://www.alcs.co.uk/alcs-api/sap/user https://cdn-ukwest.onetrust.com/consent//.json https://assets.cla.co.uk/favicon.ico https://pi.pardot.com https://app.pardot.com https://go.pardot.com https://pi-ue1.pardot.com https://pi.demo.pardot.com https://fonts.googleapis.com https://fonts.gstatic.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob: https://cla.co.uk; 1
connect-src 'self' *.source.thenbs.com https://login.thenbs.com asset.source.thenbs.com stats-collection.source.thenbs.com www.google-analytics.com stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com cdn.cookielaw.org cdn-ukwest.onetrust.com geolocation.onetrust.com *.hotjar.com *.hotjar.io wss: heapanalytics.com bat.bing.com c.bing.com *.clarity.ms comms.thenbs.cloud comms.thenbs.com *.pardot.com; default-src 'self'; font-src 'self' use.typekit.net *.hotjar.com *.hotjar.io heapanalytics.com; frame-src 'self' https://login.thenbs.com asset.source.thenbs.com *.hotjar.com *.hotjar.io *.youtube.com *.vimeo.com; img-src 'self' asset.source.thenbs.com p.typekit.net *.google-analytics.com *.googletagmanager.com cdn.cookielaw.org cdn-ukwest.onetrust.com *.hotjar.com *.hotjar.io heapanalytics.com bat.bing.com c.bing.com *.clarity.ms secure.gravatar.com *.youtube.com i.ytimg.com *.vimeocdn.com; manifest-src 'none'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-DegQwzbkzAUVQIaAtGCBog==' 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-3/mNUpqF9X/gMYE+bOG6g8d6I32wdYdWwWuAk90mPCM=' www.google-analytics.com ajax.googleapis.com *.googletagmanager.com cdn.cookielaw.org cdn-ukwest.onetrust.com cookie-cdn.cookiepro.com privacyportal.onetrust.com geolocation.onetrust.com *.hotjar.com *.hotjar.io cdn.heapanalytics.com heapanalytics.com 'unsafe-eval' bat.bing.com c.bing.com *.clarity.ms comms.thenbs.cloud comms.thenbs.com pi.pardot.com; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net heapanalytics.com; worker-src 'none'; base-uri 'self'; 1
default-src 'self' https://insights.hotjar.com https://hotjar.com www.insights.hotjar.com www.hotjar.com *.hotjar.com *.sitefinity.com *.googletagmanager.com *.google.de static.ex.co *.google.com https://www.googletagmanager.com/; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com *.googletagmanager.com https://dec.azureedge.net/ munchkin.marketo.net unpkg.com/@frontify/ *.cloudinary.com *.vev.design *.vev.site *.vev.page *.cloudflare.com *.spotify.com *.hotjar.com qqm8bf7z.cdn.imgeng.in *.bamboohr.com *.formstack.com *.spotifycdn.com *.playbuzz.com *.ex.co snap.licdn.com *.fundraisingbox.com *.doubleclick.net *.stripe.com *.sitefinity.com 'self' js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.typekit.net *.vev.design *.vev.site qqm8bf7z.cdn.imgeng.in *.bamboohr.com *.formstack.com static.ex.co *.spotifycdn.com *.googletagmanager.com *.sitefinity.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.frontify.com *.cloudinary.com *.youtube.com *.vimeo.com *.commonpurpose.org *.vev.design *.vev.site qqm8bf7z.cdn.imgeng.in *.playbuzz.com *.linkedin.com *.google.co.uk *.fundraisingbox.com *.googletagmanager.com *.google.com 'self' track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net *.vev.design *.vev.site qqm8bf7z.cdn.imgeng.in *.googleusercontent.com *.formstack.com static.ex.co *.googletagmanager.com; frame-src *.uri.sh *.youtube.com *.vimeo.com *.spotify.com *.bamboohr.com *.google.com *.spotifycdn.com *.ex.co *.canva.com *.fundraisingbox.com *.stripe.com *.dev.sitefinity.com 'self' forms.hsforms.com web-chat.nativechat.com; connect-src data: accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com *.frontify.com *.cloudinary.com *.youtube.com *.vimeo.com *.typekit.net *.vev.design *.vev.site *.bamboohr.com *.spotifycdn.com *.playbuzz.com *.ex.co *.linkedin.oribi.io *.doubleclick.net *.google.com *.hotjar.io *.hotjar.com *.facebook.com *.linkedin.com *.formstack.com *.googletagmanager.com *.dec.sitefinity.com https://*.insight.sitefinity.com www.google.com https://www.googletagmanager.com/ https://google.com/ google.com 'self' forms.hubspot.com *.hsforms.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.frontify.com *.cloudinary.com *.youtube.com *.vimeo.com *.vev.design *.vev.site qqm8bf7z.cdn.imgeng.in; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com a-cp.vev.site https://js.vev.design *.frontify.com cloudinary.com *.cloudinary.com *.youtube.com *.vimeo.com *.typekit.net *.vev.design *.vev.site *.spotifycdn.com *.google.com *.googletagmanager.com *.sitefinity.com https://www.googletagmanager.com/ 'self' www.google.com web-chat.nativechat.com 1
default-src 'self' blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://*.typekit.net https://*.bugherd.com https://*.cloudfront.net https://fonts.gstatic.com ;img-src 'self' data: blob: https://res.cloudinary.com https://l.sharethis.com https://www.salsas.com https://ps.w.org https://s.w.org https://*.hormel.com https://secure.gravatar.com https://*.salsify.com https://bugherd-attachments.s3.amazonaws.com https://*.bugherd.com https://www.googletagmanager.com https://*.cloudfront.net https://*.powerreviews.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.pricespider.com https://www.google-analytics.com https://*.google.com https://*.bing.com https://www.facebook.com https://*.pinterest.com https://*.iriworldwide.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.pinterest.com https://mpsnare.iesnare.com https://s0.wp.com https://*.salesforceliveagent.com https://ws.sharethis.com https://script.hotjar.com https://*.force.com https://hormel.my.salesforce-sites.com https://hormel.my.salesforce.com https://code.jquery.com https://*.bugherd.com https://*.cloudfront.net https://*.powerreviews.com https://static.hotjar.com https://*.facebook.net https://*.amazonaws.com https://www.google-analytics.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.pricespider.com https://*.googleapis.com https://*.google.com https://*.hormel.com https://*.hormelfoods.com https://www.googletagmanager.com ;style-src 'self' 'unsafe-inline' https://*.myfonts.net https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://s0.wp.com https://*.force.com https://hormel.my.salesforce-sites.com https://*.typekit.net https://*.bugherd.com https://*.hormel.com https://*.hormelfoods.com https://*.cloudfront.net https://*.powerreviews.com https://*.googleapis.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.pricespider.com ;connect-src 'self' wss://ws-mt1.pusher.com wss://www.salsas.com https://*.hotjar.io https://l.sharethis.com wss://ws.pusherapp.com https://sockjs.pusher.com https://yoast.com https://hormel.my.salesforce-sites.com https://*.bugherd.com https://*.bugsnag.com https://*.amazonaws.com https://cdnjs.cloudflare.com https://*.pricespider.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com wss://*.pricespider.com https://productlocator.iriworldwide.com https://*.powerreviews.com https://www.facebook.com https://*.doubleclick.net https://www.google-analytics.com https://*.pinterest.com https://www.googletagmanager.com ;frame-src 'self' https://service.force.com https://widgets.wp.com https://*.google.com https://*.bugherd.com https://www.youtube.com https://*.pinterest.com https://www.facebook.com https://*.doubleclick.net 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; media-src * data: blob:; 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.transcribeanywhere.com 1
default-src 'none'; img-src *; script-src 'self' https://www.google.com *.cloudflare.com anmeldung.bdc.de *.bdc.de bdc-shop.de *.googletagmanager.com *.google-analytics.com bdc.formes-service.de d131ze1koq6dhf.cloudfront.net www.youtube.com bdc.rahmenvereinbarungen.de *.gstatic.com gstatic.com *.google.com dkpx7dlhqmuah.cloudfront.net 'unsafe-inline'; style-src 'self' *.cloudflare.com anmeldung.bdc.de *.bdc.de bdc-shop.de *.googletagmanager.com *.google-analytics.com bdc.formes-service.de d131ze1koq6dhf.cloudfront.net www.youtube.com bdc.rahmenvereinbarungen.de *.gstatic.com gstatic.com *.google.com dkpx7dlhqmuah.cloudfront.net 'unsafe-inline'; font-src 'self' *.cloudflare.com anmeldung.bdc.de *.bdc.de bdc-shop.de *.googletagmanager.com *.google-analytics.com bdc.formes-service.de d131ze1koq6dhf.cloudfront.net www.youtube.com bdc.rahmenvereinbarungen.de *.gstatic.com gstatic.com *.google.com dkpx7dlhqmuah.cloudfront.net data:; object-src 'none'; frame-src 'self' *.cloudflare.com anmeldung.bdc.de *.bdc.de bdc-shop.de *.googletagmanager.com *.google-analytics.com bdc.formes-service.de d131ze1koq6dhf.cloudfront.net www.youtube.com bdc.rahmenvereinbarungen.de *.gstatic.com gstatic.com *.google.com dkpx7dlhqmuah.cloudfront.net; connect-src 'self' *.cloudflare.com anmeldung.bdc.de *.bdc.de bdc-shop.de *.googletagmanager.com *.google-analytics.com bdc.formes-service.de d131ze1koq6dhf.cloudfront.net www.youtube.com bdc.rahmenvereinbarungen.de *.gstatic.com gstatic.com *.google.com dkpx7dlhqmuah.cloudfront.net; media-src 'self' *.cloudflare.com anmeldung.bdc.de *.bdc.de bdc-shop.de *.googletagmanager.com *.google-analytics.com bdc.formes-service.de d131ze1koq6dhf.cloudfront.net www.youtube.com bdc.rahmenvereinbarungen.de *.gstatic.com gstatic.com *.google.com dkpx7dlhqmuah.cloudfront.net; base-uri 'self'; form-action 'self', frame-ancestors 'self' 1
default-src 'self' blob: *.crazyegg.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.facebook.com https://s.adroll.com/ https://d.adroll.com/ connect.facebook.net *.crazyegg.com;style-src 'self' 'unsafe-inline' *.grupomutual.fi.cr *.crazyegg.com;style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com;object-src 'self';connect-src 'self' graphql.contentful.com https://www.facebook.com connect.facebook.net *.execute-api.us-east-1.amazonaws.com *.gmapi.fi.cr *.crazyegg.com https://assets.ctfassets.net https://downloads.ctfassets.net/ https://analytics.google.com/ https://stats.g.doubleclick.net https://www.google-analytics.com;font-src 'self' https://fonts.gstatic.com;form-action 'self' *.facebook.com;child-src blob:;worker-src 'self' blob: *.grupomutual.fi.cr;img-src 'self' https://www.grupomutual.fi.cr/ https://www.grupomutual.fi.cr https://images.ctfassets.net/ https://www.googletagmanager.com https://www.google.com *.facebook.com; frame-src 'self' https://www.grupomutual.fi.cr https://www.grupomutual.fi.cr/ https://www.grupomutual.fi.cr https://gmapp.fi.cr/ https://forms.gle https://docs.google.com/ https://gmapp.fi.cr https://www.googletagmanager.com https://app.powerbi.com/ https://waze.com/ul https://www.facebook.com https://td.doubleclick.net/ https://web.facebook.com/ https://connect.facebook.net https://creditogrupomutual.fi.cr/ https://outlook.office.com/ https://forms.office.com/ https://www.google.com.co/ https://d.adroll.com/ https://www.google.com https://www.grupomutual.com *.crazyegg.com *.grupomutual.fi.cr mailto: tel: waze:; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-tdVfgd3Gm1b9J+V6008xZMYs+vqpBP7n2AUvrXciIziTHE5u' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' data: blob: https:; script-src 'self' data: blob: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: blob: https: 'unsafe-inline' 'unsafe-eval'; 1
object-src 'none'; form-action https:; frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com:* https://fonts.googleapis.com:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net:* https://www.googletagmanager.com:* https://www.google-analytics.com:* https://bat.bing.com:* https://googleads.g.doubleclick.net:* https://s.pinimg.com:* https://static.hotjar.com:* https://script.hotjar.com:* https://test-www2.bouwgarant.nl:* https://www.google.nl:* https://www.google.com:* https://ct.pinterest.com:* https://region1.analytics.google.com:* https://stats.g.doubleclick.net:* https://www.youtube.com:* https://static.mailplus.nl:* https://m8.mailplus.nl:* https://ssl.google-analytics.com:* https://www.pagespeed-mod.com:* https://www.gstatic.com:* 1
frame-ancestors 'self' *.dealersync.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'self' https://play.libsyn.com; base-uri 'none'; form-action 'self' https://duckduckgo.com; frame-ancestors 'none'; 1
'nonce-Xfd05iqtDh4LnFqwbxUeLreviMFyWfPx69TOpi5B57M=' 1
default-src 'self' *.quantexa.local *.quantexa.com *.quantexa.dev *.netlify.app *.netlify.com *.storyblok.com *.matomo.cloud *.google.com *.hsforms.net *.bing.com *.zoominfo.com *.influ2.com *.oktopost.com *.gstatic.com *.hs-analytics.net *.licdn.com okt.to *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.usemessages.com *.hscollectedforms.net *.hsadspixel.net *.hubspot.com *.hubapi.com *.googletagmanager.com *.doubleclick.net *.hsforms.com *.youtube.com *.blockmarktech.com *.oribi.io *.zscaler.net ingesteer.services-prod.nsvcs.net s3.amazonaws.com js.zi-scripts.com *.visualwebsiteoptimizer.com app.vwo.com www.googleadservices.com pagead2.googlesyndication.com google.com *.google-analytics.com *.clickcease.com *.linkedin.com dta8euw1l8gvs.cloudfront.net *.cookiebot.com *.googleapis.com sc.lfeeder.com opps-widget.getwarmly.com opps-api.getwarmly.com capture.navattic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.quantexa.local *.quantexa.com *.quantexa.dev *.netlify.app *.netlify.com *.storyblok.com *.matomo.cloud *.google.com *.hsforms.net *.bing.com *.zoominfo.com *.influ2.com *.oktopost.com *.gstatic.com *.hs-analytics.net *.licdn.com okt.to *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.usemessages.com *.hscollectedforms.net *.hsadspixel.net *.hubspot.com *.hubapi.com *.googletagmanager.com *.doubleclick.net *.hsforms.com *.youtube.com *.blockmarktech.com *.oribi.io *.zscaler.net ingesteer.services-prod.nsvcs.net s3.amazonaws.com js.zi-scripts.com *.visualwebsiteoptimizer.com app.vwo.com www.googleadservices.com pagead2.googlesyndication.com google.com *.google-analytics.com *.clickcease.com *.linkedin.com dta8euw1l8gvs.cloudfront.net *.cookiebot.com *.googleapis.com sc.lfeeder.com opps-widget.getwarmly.com opps-api.getwarmly.com capture.navattic.com; img-src data: * blob:;  font-src 'self' data:;  media-src 'self' blob: *.storyblok.com; style-src 'self' 'unsafe-inline'  *.quantexa.local *.quantexa.com *.quantexa.dev *.netlify.app *.netlify.com *.storyblok.com *.matomo.cloud *.google.com *.hsforms.net *.bing.com *.zoominfo.com *.influ2.com *.oktopost.com *.gstatic.com *.hs-analytics.net *.licdn.com okt.to *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.usemessages.com *.hscollectedforms.net *.hsadspixel.net *.hubspot.com *.hubapi.com *.googletagmanager.com *.doubleclick.net *.hsforms.com *.youtube.com *.blockmarktech.com *.oribi.io *.zscaler.net ingesteer.services-prod.nsvcs.net s3.amazonaws.com js.zi-scripts.com *.visualwebsiteoptimizer.com app.vwo.com www.googleadservices.com pagead2.googlesyndication.com google.com *.google-analytics.com *.clickcease.com *.linkedin.com dta8euw1l8gvs.cloudfront.net *.cookiebot.com *.googleapis.com sc.lfeeder.com opps-widget.getwarmly.com opps-api.getwarmly.com capture.navattic.com; frame-ancestors 'self' https://app.storyblok.com/ https://app.markup.io/; 1
frame-ancestors 'none'; object-src 'none'; base-uri 'http://*.snitcr.go.cr'; 1
frame-ancestors 'self' http://panhost.pl http://www.panhost.pl https://panhost.pl https://www.panhost.pl 1
default-src 'self' data: blob: *.conac.cn *.jiathis.com *.baidu.com *.bshare.cn *.qq.com *.kaipuyun.cn 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' https://neocon.com 1
frame-ancestors "self" 1
default-src 'self' https://google.com https://youtube.com https://facebook.com https://fonts.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://call.chatra.io https://themes.googleusercontent.com https://techmagic-website.s3.eu-central-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https: data:; style-src 'self' 'unsafe-inline' 'unsafe-eval'  https:; img-src 'self' http://*.hotjar.com https://*.hotjar.com data: https:; connect-src 'self' https: https://techmagic.us11.list-manage.com http://*.hotjar.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; font-src 'self' https://use.fontawesome.com/ https://fonts.gstatic.com/ http://*.hotjar.com https://*.hotjar.com ; object-src 'none'; media-src 'self'; form-action 'self' https://www.facebook.com; frame-src https: https://*.hotjar.com; frame-ancestors 'self' https://connect.facebook.net https://call.chatra.io; 1
font-src instantcredit.net test.instantcredit.net https://oct8necdneu.azureedge.net https://static-eu.oct8ne.com https://cl.avis-verifies.com https://media.flixfacts.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cetelem.es *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.paycomet.com api.paycomet.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net https://sandbox.sequracdn.com https://live.sequracdn.com https://consentcdn.cookiebot.com https://www.salesmanago.pl https://app3.salesmanago.pl https://www.salesmanago.com https://backoffice-eu.oct8ne.com https://cl.avis-verifies.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cetelem.es ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com instantcredit.net test.instantcredit.net https://sandbox.sequracdn.com https://live.sequracdn.com https://www.google.com https://www.google.es https://oct8necdneu.azureedge.net https://static-eu.oct8ne.com https://integrations.etrusted.com https://imgsct.cookiebot.com https://cl.avis-verifies.com https://media.flixcar.com https://media.flixfacts.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cetelem.es chimpstatic.com downloads.mailchimp.com *.list-manage.com https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com https://sandbox.sequracdn.com https://live.sequracdn.com https://cdn.doofinder.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.google.com https://js-agent.newrelic.com https://bam.nr-data.net http://media.flixfacts.com https://prod.flixgvid.flix360.io http://media.flixcar.com https://cdn.loadbee.com http://widgets.trustedshops.com https://static-eu.oct8ne.com https://sandbox.sequrapi.com https://live.sequrapi.com https://cl.avis-verifies.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cetelem.es downloads.mailchimp.com unsafe-inline assets.braintreegateway.com instantcredit.net test.instantcredit.net https://integrations.etrusted.com https://cl.avis-verifies.com https://media.flixcar.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cetelem.es https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com instantcredit.net *.instantcredit.net https://sandbox.sequracdn.com https://live.sequracdn.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.youtube.com https://youtu.be https://js-agent.newrelic.com https://bam.nr-data.net https://availability.loadbee.com https://frontal-eu.oct8ne.com https://media.flixcar.com https://vc-service.saleago.com https://cl.avis-verifies.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://substrate-website.netlify.app https://wwww.substrate.io 1
frame-ancestors 'self' https://*.acdagents.com/ https://vpm.org/ https://www.wgbh.org/ https://www.wqed.org/ https://pledgecart.org/ https://*.kqed.org/ https://www.kqed.org/ https://www.acddirect.com/ https://*.callswithoutwalls.com/ https://reports.callswithoutwalls.com/ https://www.rmpbs.org/ https://www.district5united.org/ https://teamup.com/ https://*.whut.org/ https://*.pbs.org https://*.vpr.org https://primerica-sandbox.atlassian.net https://primerica-acd.atlassian.net 1
block-all-mixed-content; base-uri 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* *.google.com *.gstatic.com www.google-analytics.com *.addtoany.com use.fontawesome.com *.youtube.com *.ytimg.com *.googleapis.com googleapis.com *.googletagmanager.com *.cloudflare.com *.vimeo.com *.facebook.net *.facebook.com *.googleadservices.com *.doubleclick.net static.theaterspeelhuis.nl; style-src 'self' 'unsafe-inline' *.googleapis.com googleapis.com *.google.com *.addtoany.com cloud.typography.com *.myfonts.net *.typekit.net *.cloudflare.com *.googletagmanager.com *.google.nl *.google.com *.facebook.net *.facebook.com *.gstatic.com static.theaterspeelhuis.nl; font-src 'self' *.gstatic.com data: *.typekit.net *.cloudflare.com  static.theaterspeelhuis.nl; img-src 'self' data: *.google-analytics.com *.analytics-google.com *.gstatic.com *.googleapis.com googleapis.com *.google.com *.cloudflare.com *.googletagmanager.com *.facebook.net *.facebook.com *.google.nl *.google.com *.doubleclick.net static.theaterspeelhuis.nl static.theaterspeelhuis.nl; child-src 'self' *.google.com *.addtoany.com *.youtube.com *.vimeo.com vimeo.com *.activetickets.com *.issuu.com *.recruitee.com *.linkedin.com *.facebook.net *.facebook.com *.doubleclick.net static.theaterspeelhuis.nl; frame-src 'self' *.google.com *.addtoany.com *.youtube.com *.vimeo.com vimeo.com *.activetickets.com *.issuu.com *.recruitee.com *.linkedin.com *.facebook.net *.facebook.com *.doubleclick.net static.theaterspeelhuis.nl; media-src 'self' *.youtube.com *.vimeo.com vimeo.com *.vimeocdn.com *.akamaized.net *.facebook.net *.facebook.com static.theaterspeelhuis.nl; connect-src 'self' localhost:* wss://localhost:* *.projectguide.nl *.google-analytics.com *.analytics-google.com *.googleapis.com googleapis.com *.googleusercontent.com *.vimeo.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.analytics.google.com *.google.nl *.google.com *.facebook.net *.facebook.com static.theaterspeelhuis.nl; object-src 'self' *.youtube.com *.vimeo.com vimeo.com  static.theaterspeelhuis.nl; form-action 'self' *.facebook.net *.facebook.com; worker-src 'self' static.theaterspeelhuis.nl; manifest-src 'self' static.theaterspeelhuis.nl; prefetch-src 'self' static.theaterspeelhuis.nl; frame-ancestors 'none';  1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: *.hotjar.com *.wistia.com  *.wpengine.com *.hotjar.com 1
frame-ancestors 'self' https://app.storyblok.com https://www.ekomenu.nl https://api.ekomenu.nl 1
base-uri 'self'; default-src https: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; img-src http: https: data:; object-src 'none'; font-src 'self' data:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.nserc-crsng.gc.ca *.sshrc-crsh.gc.ca implicit.harvard.edu app.powerbi.com www.gstatic.com fonts.googleapis.com ajax.googleapis.com ssl.google-analytics.com www.google-analytics.com apis.google.com www.googletagmanager.com www.google.com platform.twitter.com syndication.twitter.com www.youtube.com www.nserc-impact.ca data:; style-src 'self' https://use.fontawesome.com https://cloud.typenetwork.com https://netdna.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline'; font-src 'self' https://use.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://netdna.bootstrapcdn.com 'unsafe-inline'; img-src 'self' stats.g.doubleclick.net thumbs.gfycat.com *.nserc-crsng.gc.ca *.sshrc-crsh.gc.ca fonts.googleapis.com ssl.google-analytics.com  data: 1